From 7a1935795da3bd878a1bcd101329e8e058fdf479 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Fri, 19 Dec 2025 12:43:47 +0100
Subject: [PATCH 001/854] chore: 13.0 is now stable (#10482)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10482
---
 release-notes-published/14.0.0.md | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 release-notes-published/14.0.0.md

diff --git a/release-notes-published/14.0.0.md b/release-notes-published/14.0.0.md
new file mode 100644
index 0000000000..e69de29bb2

From 5b73467d024dcc8d489709a6ee99d5fdf54136a6 Mon Sep 17 00:00:00 2001
From: Baptiste Daroussin <bapt@FreeBSD.org>
Date: Fri, 19 Dec 2025 15:20:52 +0100
Subject: [PATCH 002/854] feat: allow to add pam source from command line
 (#10388)

The forgejo admin command line allows to deal with all the propose auth mecanism but pam, this PR adds full support for adding and updating pam auth mecanism via the command line without limitation.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10388
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Baptiste Daroussin <bapt@FreeBSD.org>
Co-committed-by: Baptiste Daroussin <bapt@FreeBSD.org>
---
 cmd/admin.go               |   2 +
 cmd/admin_auth_pam.go      | 145 ++++++++++++++++++
 cmd/admin_auth_pam_test.go | 293 +++++++++++++++++++++++++++++++++++++
 3 files changed, 440 insertions(+)
 create mode 100644 cmd/admin_auth_pam.go
 create mode 100644 cmd/admin_auth_pam_test.go

diff --git a/cmd/admin.go b/cmd/admin.go
index 90157e2d5a..60b25eb971 100644
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -64,6 +64,8 @@ func subcmdAuth() *cli.Command {
 			microcmdAuthUpdateLdapBindDn(),
 			microcmdAuthAddLdapSimpleAuth(),
 			microcmdAuthUpdateLdapSimpleAuth(),
+			microcmdAuthAddPAM(),
+			microcmdAuthUpdatePAM(),
 			microcmdAuthAddSMTP(),
 			microcmdAuthUpdateSMTP(),
 			microcmdAuthList(),
diff --git a/cmd/admin_auth_pam.go b/cmd/admin_auth_pam.go
new file mode 100644
index 0000000000..25e32503e0
--- /dev/null
+++ b/cmd/admin_auth_pam.go
@@ -0,0 +1,145 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"context"
+	"errors"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/services/auth/source/pam"
+
+	"github.com/urfave/cli/v3"
+)
+
+func pamCLIFlags() []cli.Flag {
+	return []cli.Flag{
+		&cli.StringFlag{
+			Name:  "name",
+			Value: "",
+			Usage: "Application Name",
+		},
+		&cli.StringFlag{
+			Name:  "service-name",
+			Value: "PLAIN",
+			Usage: "PAM service name",
+		},
+		&cli.StringFlag{
+			Name:  "email-domain",
+			Value: "",
+			Usage: "PAM email domain",
+		},
+		&cli.BoolFlag{
+			Name:  "skip-local-2fa",
+			Usage: "Skip 2FA to log on.",
+			Value: true,
+		},
+		&cli.BoolFlag{
+			Name:  "active",
+			Usage: "This Authentication Source is Activated.",
+			Value: true,
+		},
+	}
+}
+
+func microcmdAuthAddPAM() *cli.Command {
+	return &cli.Command{
+		Name:   "add-pam",
+		Usage:  "Add new PAM authentication source",
+		Before: noDanglingArgs,
+		Action: newAuthService().addPAM,
+		Flags:  pamCLIFlags(),
+	}
+}
+
+func microcmdAuthUpdatePAM() *cli.Command {
+	return &cli.Command{
+		Name:   "update-pam",
+		Usage:  "Update existing PAM authentication source",
+		Before: noDanglingArgs,
+		Action: newAuthService().updatePAM,
+		Flags:  append(pamCLIFlags()[:1], append([]cli.Flag{idFlag()}, pamCLIFlags()[1:]...)...),
+	}
+}
+
+func parsePAMConfig(_ context.Context, c *cli.Command) *pam.Source {
+	return &pam.Source{
+		ServiceName:    c.String("service-name"),
+		EmailDomain:    c.String("email-domain"),
+		SkipLocalTwoFA: c.Bool("skip-local-2fa"),
+	}
+}
+
+func (a *authService) addPAM(ctx context.Context, c *cli.Command) error {
+	ctx, cancel := installSignals(ctx)
+	defer cancel()
+
+	if err := a.initDB(ctx); err != nil {
+		return err
+	}
+
+	if !c.IsSet("name") || len(c.String("name")) == 0 {
+		return errors.New("name must be set")
+	}
+	if !c.IsSet("service-name") || len(c.String("service-name")) == 0 {
+		return errors.New("service-name must be set")
+	}
+	active := true
+	if c.IsSet("active") {
+		active = c.Bool("active")
+	}
+
+	config := parsePAMConfig(ctx, c)
+
+	return a.createAuthSource(ctx, &auth_model.Source{
+		Type:     auth_model.PAM,
+		Name:     c.String("name"),
+		IsActive: active,
+		Cfg:      config,
+	})
+}
+
+func (a *authService) updatePAM(ctx context.Context, c *cli.Command) error {
+	if !c.IsSet("id") {
+		return errors.New("--id flag is missing")
+	}
+
+	ctx, cancel := installSignals(ctx)
+	defer cancel()
+
+	if err := a.initDB(ctx); err != nil {
+		return err
+	}
+
+	source, err := a.getAuthSource(ctx, c, auth_model.PAM)
+	if err != nil {
+		return err
+	}
+
+	pamConfig := source.Cfg.(*pam.Source)
+
+	if c.IsSet("name") {
+		source.Name = c.String("name")
+	}
+
+	if c.IsSet("service-name") {
+		pamConfig.ServiceName = c.String("service-name")
+	}
+
+	if c.IsSet("email-domain") {
+		pamConfig.EmailDomain = c.String("email-domain")
+	}
+
+	if c.IsSet("skip-local-2fa") {
+		pamConfig.SkipLocalTwoFA = c.Bool("skip-local-2fa")
+	}
+
+	if c.IsSet("active") {
+		source.IsActive = c.Bool("active")
+	}
+
+	source.Cfg = pamConfig
+
+	return a.updateAuthSource(ctx, source)
+}
diff --git a/cmd/admin_auth_pam_test.go b/cmd/admin_auth_pam_test.go
new file mode 100644
index 0000000000..d14dfe790b
--- /dev/null
+++ b/cmd/admin_auth_pam_test.go
@@ -0,0 +1,293 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"context"
+	"testing"
+
+	"forgejo.org/models/auth"
+	"forgejo.org/modules/test"
+	"forgejo.org/services/auth/source/pam"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"github.com/urfave/cli/v3"
+)
+
+func TestPamService(t *testing.T) {
+	// Mock cli functions to do not exit on error
+	defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
+
+	// Test cases
+	cases := []struct {
+		args   []string
+		source *auth.Source
+		errMsg string
+	}{
+		// case 0
+		{
+			args: []string{
+				"pam-test",
+				"--name", "Pam Service",
+				"--service-name", "myservice",
+			},
+			source: &auth.Source{
+				Type:     auth.PAM,
+				Name:     "Pam Service",
+				IsActive: true,
+				Cfg: &pam.Source{
+					ServiceName:    "myservice",
+					EmailDomain:    "",
+					SkipLocalTwoFA: true,
+				},
+			},
+		},
+		// case 1
+		{
+			args: []string{
+				"pam-test",
+				"--name", "Pam Service",
+				"--service-name", "myservice",
+				"--email-domain", "testdomain.org",
+				"--skip-local-2fa",
+			},
+			source: &auth.Source{
+				Type:     auth.PAM,
+				Name:     "Pam Service",
+				IsActive: true,
+				Cfg: &pam.Source{
+					ServiceName:    "myservice",
+					EmailDomain:    "testdomain.org",
+					SkipLocalTwoFA: true,
+				},
+			},
+		},
+		// case 2
+		{
+			args: []string{
+				"pam-test",
+				"--service-name", "myservice",
+				"--email-domain", "testdomain.org",
+				"--skip-local-2fa", "false",
+				"--active", "true",
+			},
+			errMsg: "name must be set",
+		},
+		// case 3
+		{
+			args: []string{
+				"pam-test",
+				"--name", "Pam Service",
+				"--email-domain", "testdomain.org",
+				"--skip-local-2fa", "false",
+				"--active", "true",
+			},
+			errMsg: "service-name must be set",
+		},
+	}
+
+	for n, c := range cases {
+		// Mock functions.
+		var createdAuthSource *auth.Source
+		service := &authService{
+			initDB: func(context.Context) error {
+				return nil
+			},
+			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
+				createdAuthSource = authSource
+				return nil
+			},
+			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
+				assert.FailNow(t, "should not call updateAuthSource", "case: %d", n)
+				return nil
+			},
+			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
+				assert.FailNow(t, "should not call getAuthSourceByID", "case: %d", n)
+				return nil, nil
+			},
+		}
+
+		// Create a copy of command to test
+		app := cli.Command{}
+		app.Flags = microcmdAuthAddPAM().Flags
+		app.Action = service.addPAM
+
+		// Run it
+		err := app.Run(t.Context(), c.args)
+		if c.errMsg != "" {
+			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)
+		} else {
+			require.NoError(t, err, "case %d: should have no errors", n)
+			assert.Equal(t, c.source, createdAuthSource, "case %d: wrong authSource", n)
+		}
+	}
+}
+
+func TestUpdatePAM(t *testing.T) {
+	// Mock cli functions to do not exit on error
+	defer test.MockVariableValue(&cli.OsExiter, func(code int) {})()
+
+	// Test cases
+	cases := []struct {
+		args               []string
+		id                 int64
+		existingAuthSource *auth.Source
+		authSource         *auth.Source
+		errMsg             string
+	}{
+		// case 0
+		{
+			args: []string{
+				"pam-test",
+				"--id", "23",
+				"--name", "PAM Service",
+				"--service-name", "myservice",
+			},
+			id: 23,
+			existingAuthSource: &auth.Source{
+				Type:     auth.PAM,
+				IsActive: true,
+				Cfg:      &pam.Source{},
+			},
+			authSource: &auth.Source{
+				Type:     auth.PAM,
+				Name:     "PAM Service",
+				IsActive: true,
+				Cfg: &pam.Source{
+					ServiceName: "myservice",
+				},
+			},
+		},
+		// case 1
+		{
+			args: []string{
+				"pam-test",
+				"--id", "1",
+			},
+			authSource: &auth.Source{
+				Type: auth.PAM,
+				Cfg:  &pam.Source{},
+			},
+		},
+		// case 2
+		{
+			args: []string{
+				"pam-test",
+				"--id", "1",
+				"--name", "pam service",
+			},
+			authSource: &auth.Source{
+				Type: auth.PAM,
+				Name: "pam service",
+				Cfg:  &pam.Source{},
+			},
+		},
+		// case 3
+		{
+			args: []string{
+				"pam-test",
+				"--id", "1",
+				"--active=false",
+			},
+			existingAuthSource: &auth.Source{
+				Type:     auth.PAM,
+				IsActive: true,
+				Cfg:      &pam.Source{},
+			},
+			authSource: &auth.Source{
+				Type:     auth.PAM,
+				IsActive: false,
+				Cfg:      &pam.Source{},
+			},
+		},
+		// case 4
+		{
+			args: []string{
+				"pam-test",
+				"--id", "1",
+				"--service-name", "myservice",
+			},
+			authSource: &auth.Source{
+				Type: auth.PAM,
+				Cfg: &pam.Source{
+					ServiceName: "myservice",
+				},
+			},
+		},
+		// case 5
+		{
+			args: []string{
+				"pam-test",
+				"--id", "1",
+				"--skip-local-2fa=false",
+			},
+			authSource: &auth.Source{
+				Type: auth.PAM,
+				Cfg: &pam.Source{
+					SkipLocalTwoFA: false,
+				},
+			},
+		},
+		// case 6
+		{
+			args: []string{
+				"pam-test",
+				"--id", "1",
+				"--email-domain", "testdomain.org",
+			},
+			authSource: &auth.Source{
+				Type: auth.PAM,
+				Cfg: &pam.Source{
+					EmailDomain: "testdomain.org",
+				},
+			},
+		},
+	}
+
+	for n, c := range cases {
+		// Mock functions.
+		var updatedAuthSource *auth.Source
+		service := &authService{
+			initDB: func(context.Context) error {
+				return nil
+			},
+			createAuthSource: func(ctx context.Context, authSource *auth.Source) error {
+				assert.FailNow(t, "should not call createAuthSource", "case: %d", n)
+				return nil
+			},
+			updateAuthSource: func(ctx context.Context, authSource *auth.Source) error {
+				updatedAuthSource = authSource
+				return nil
+			},
+			getAuthSourceByID: func(ctx context.Context, id int64) (*auth.Source, error) {
+				if c.id != 0 {
+					assert.Equal(t, c.id, id, "case %d: wrong id", n)
+				}
+				if c.existingAuthSource != nil {
+					return c.existingAuthSource, nil
+				}
+				return &auth.Source{
+					Type: auth.PAM,
+					Cfg:  &pam.Source{},
+				}, nil
+			},
+		}
+
+		// Create a copy of command to test
+		app := cli.Command{}
+		app.Flags = microcmdAuthUpdatePAM().Flags
+		app.Action = service.updatePAM
+
+		// Run it
+		err := app.Run(t.Context(), c.args)
+		if c.errMsg != "" {
+			assert.EqualError(t, err, c.errMsg, "case %d: error should match", n)
+		} else {
+			require.NoError(t, err, "case %d: should have no errors", n)
+			assert.Equal(t, c.authSource, updatedAuthSource, "case %d: wrong authSource", n)
+		}
+	}
+}

From 23e10b2e4250de3e3563d7ee6abed77e90263f75 Mon Sep 17 00:00:00 2001
From: Bram Hagens <bram@bramh.me>
Date: Sat, 20 Dec 2025 05:15:17 +0100
Subject: [PATCH 003/854] fix(ui): align due date icon in issue list (#10489)

Flattened nested `<span>` tags for the calender icon in the issue list, to fix the vertical alignment

Before:
![image](/attachments/f5049acb-41dc-438e-9256-ef30542e168d)

After:
![image](/attachments/c4d8bc64-0474-4a3e-9061-9e2bca6abff9)
![image](/attachments/0b2c4d9c-7d34-4627-be55-2099ed32dd19)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10489
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Bram Hagens <bram@bramh.me>
Co-committed-by: Bram Hagens <bram@bramh.me>
---
 templates/shared/issuelist.tmpl | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/templates/shared/issuelist.tmpl b/templates/shared/issuelist.tmpl
index 256b5e3e07..ff7aa9c0a4 100644
--- a/templates/shared/issuelist.tmpl
+++ b/templates/shared/issuelist.tmpl
@@ -108,11 +108,9 @@
 						</span>
 					{{end}}
 					{{if ne .DeadlineUnix 0}}
-						<span class="due-date flex-text-inline" data-tooltip-content="{{ctx.Locale.Tr "repo.issues.due_date"}}">
-							<span{{if .IsOverdue}} class="text red"{{end}}>
-								{{svg "octicon-calendar" 14}}
-								{{DateUtils.AbsoluteShort .DeadlineUnix}}
-							</span>
+						<span class="due-date flex-text-inline{{if .IsOverdue}} text red{{end}}" data-tooltip-content="{{ctx.Locale.Tr "repo.issues.due_date"}}">
+							{{svg "octicon-calendar" 14}}
+							{{DateUtils.AbsoluteShort .DeadlineUnix}}
 						</span>
 					{{end}}
 					{{if .IsPull}}

From 6041598369a49a14268edede6d7d1a96d848fab7 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 20 Dec 2025 05:31:20 +0100
Subject: [PATCH 004/854] chore: update dependency asciinema-player to v3.13.5
 (forgejo) (#10491)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [asciinema-player](https://github.com/asciinema/asciinema-player) | [`3.13.4` -> `3.13.5`](https://renovatebot.com/diffs/npm/asciinema-player/3.13.4/3.13.5) | ![age](https://developer.mend.io/api/mc/badges/age/npm/asciinema-player/3.13.5?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/asciinema-player/3.13.4/3.13.5?slim=true) |

---

### Release Notes

<details>
<summary>asciinema/asciinema-player (asciinema-player)</summary>

### [`v3.13.5`](https://github.com/asciinema/asciinema-player/releases/tag/v3.13.5): 3.13.5

[Compare Source](https://github.com/asciinema/asciinema-player/compare/v3.13.4...v3.13.5)

- Fixed rendering of shaded blocks (u2591, u2592, u2593) and quadrants (u2596, u2597, u2598) ([#&#8203;302](https://github.com/asciinema/asciinema-player/issues/302))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4zOS4yIiwidXBkYXRlZEluVmVyIjoiNDIuMzkuMiIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10491
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 357528d355..de73a23fc1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16,7 +16,7 @@
         "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
         "@primer/octicons": "19.14.0",
         "ansi_up": "6.0.5",
-        "asciinema-player": "3.13.4",
+        "asciinema-player": "3.13.5",
         "chart.js": "4.5.1",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
@@ -5082,9 +5082,9 @@
       }
     },
     "node_modules/asciinema-player": {
-      "version": "3.13.4",
-      "resolved": "https://registry.npmjs.org/asciinema-player/-/asciinema-player-3.13.4.tgz",
-      "integrity": "sha512-qCBqeTTCkF21XrmB5aSomviGDrEMpHGON4/5l9ZzhBCWLSxMiT5Yd0njK0e5qibNRe2pFaHWb326xsRTYmWMBQ==",
+      "version": "3.13.5",
+      "resolved": "https://registry.npmjs.org/asciinema-player/-/asciinema-player-3.13.5.tgz",
+      "integrity": "sha512-mgpJc9g6I+k4Tz5qVUNd0H+GoYlhiUwvlay6vD6IXiuiWOWhBOjxbvqQ1bcI/HPTrOYxhTyxZuzHIXM36Tw60Q==",
       "license": "Apache-2.0",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
diff --git a/package.json b/package.json
index cee576d1ba..5f486327d9 100644
--- a/package.json
+++ b/package.json
@@ -15,7 +15,7 @@
     "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
     "@primer/octicons": "19.14.0",
     "ansi_up": "6.0.5",
-    "asciinema-player": "3.13.4",
+    "asciinema-player": "3.13.5",
     "chart.js": "4.5.1",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",

From 8ef34a56d19fe365b4481356795b30898b7636a9 Mon Sep 17 00:00:00 2001
From: Bram Hagens <bram@bramh.me>
Date: Sat, 20 Dec 2025 06:08:49 +0100
Subject: [PATCH 005/854] fix: ignore private .profile repo on user profile
 page (#10486)

Fixes #4202

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10486
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Bram Hagens <bram@bramh.me>
Co-committed-by: Bram Hagens <bram@bramh.me>
---
 routers/web/shared/user/header.go      |  4 ++--
 tests/integration/user_profile_test.go | 32 ++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/routers/web/shared/user/header.go b/routers/web/shared/user/header.go
index 745b3c1dca..e37e3cea64 100644
--- a/routers/web/shared/user/header.go
+++ b/routers/web/shared/user/header.go
@@ -97,8 +97,8 @@ func PrepareContextForProfileBigAvatar(ctx *context.Context) {
 func FindUserProfileReadme(ctx *context.Context, doer *user_model.User) (profileDbRepo *repo_model.Repository, profileGitRepo *git.Repository, profileReadmeBlob *git.Blob, profileClose func()) {
 	profileDbRepo, err := repo_model.GetRepositoryByName(ctx, ctx.ContextUser.ID, ".profile")
 	if err == nil {
-		// Don't show profile content if .profile repository is a fork
-		if profileDbRepo.IsFork {
+		// Don't show profile content if .profile repository is a fork or private
+		if profileDbRepo.IsFork || profileDbRepo.IsPrivate {
 			return nil, nil, nil, func() {}
 		}
 		perm, err := access_model.GetUserRepoPermission(ctx, profileDbRepo, doer)
diff --git a/tests/integration/user_profile_test.go b/tests/integration/user_profile_test.go
index 654ff0c094..10f3ce6be6 100644
--- a/tests/integration/user_profile_test.go
+++ b/tests/integration/user_profile_test.go
@@ -170,5 +170,37 @@ quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequa
 			assert.True(t, forkedRepo.IsFork, "Repository should be marked as a fork")
 			assert.Equal(t, originalRepo.ID, forkedRepo.ForkID, "Fork should reference original repository")
 		})
+
+		t.Run("private-profile-repo", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+			// Create a private .profile repository
+			profileRepo, _, f := tests.CreateDeclarativeRepo(t, user2, ".profile", nil, nil, []*files_service.ChangeRepoFile{
+				{
+					Operation:     "update",
+					TreePath:      "README.md",
+					ContentReader: strings.NewReader("# Private Profile Content\nThis should NOT show up on user profile."),
+				},
+			})
+			defer f()
+
+			// Make the repository private
+			profileRepo.IsPrivate = true
+			err := repo_service.UpdateRepository(git.DefaultContext, profileRepo, true)
+			require.NoError(t, err)
+
+			// Verify that user2's profile does NOT show the private content
+			req := NewRequest(t, "GET", "/user2")
+			resp := MakeRequest(t, req, http.StatusOK)
+			bodyStr := resp.Body.String()
+
+			assert.NotContains(t, bodyStr, "Private Profile Content", "Private .profile repo should NOT render profile content")
+			assert.NotContains(t, bodyStr, "This should NOT show up on user profile", "Private .profile repo should NOT render profile content")
+
+			// Verify the repository is actually private
+			assert.True(t, profileRepo.IsPrivate, "Repository should be marked as private")
+		})
 	})
 }

From 0e6f9439ee2232fbdbfa59609b840a46ea20650b Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sat, 20 Dec 2025 15:29:40 +0100
Subject: [PATCH 006/854] chore: increase test coverage of runner management
 (#10490)

Ensures that admins, users, etc. see the runners they are allowed to see.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10490
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 models/actions/runner_test.go                 | 95 +++++++++++++++++++
 .../TestRunnerVisibility/action_runner.yml    | 54 +++++++++++
 tests/integration/runner_test.go              | 70 ++++++++++++++
 3 files changed, 219 insertions(+)
 create mode 100644 tests/integration/fixtures/TestRunnerVisibility/action_runner.yml

diff --git a/models/actions/runner_test.go b/models/actions/runner_test.go
index 1916c35a76..f6d6bd5d23 100644
--- a/models/actions/runner_test.go
+++ b/models/actions/runner_test.go
@@ -140,3 +140,98 @@ func TestDeleteOfflineRunnersErrorOnInvalidOlderThanValue(t *testing.T) {
 	defer timeutil.MockUnset()
 	require.Error(t, DeleteOfflineRunners(db.DefaultContext, timeutil.TimeStampNow(), false))
 }
+
+func TestRunnerEditable(t *testing.T) {
+	testCases := []struct {
+		name     string
+		runner   *ActionRunner
+		ownerID  int64
+		repoID   int64
+		editable bool
+	}{
+		{
+			name:     "admin-can-edit-global-runner",
+			runner:   &ActionRunner{Name: "global-runner", OwnerID: 0, RepoID: 0},
+			ownerID:  0,
+			repoID:   0,
+			editable: true,
+		},
+		{
+			name:     "admin-can-edit-user-runner",
+			runner:   &ActionRunner{Name: "user-runner", OwnerID: 36, RepoID: 0},
+			ownerID:  0,
+			repoID:   0,
+			editable: true,
+		},
+		{
+			name:     "admin-can-edit-repository-runner",
+			runner:   &ActionRunner{Name: "user-runner", OwnerID: 0, RepoID: 110},
+			ownerID:  0,
+			repoID:   0,
+			editable: true,
+		},
+		{
+			name:     "user-can-edit-its-runner",
+			runner:   &ActionRunner{Name: "user-runner", OwnerID: 469, RepoID: 0},
+			ownerID:  469,
+			repoID:   0,
+			editable: true,
+		},
+		{
+			name:     "user-cannot-edit-global-runner",
+			runner:   &ActionRunner{Name: "global-runner", OwnerID: 0, RepoID: 0},
+			ownerID:  469,
+			repoID:   0,
+			editable: false,
+		},
+		{
+			name:     "user-cannot-edit-other-users-runner",
+			runner:   &ActionRunner{Name: "user-runner", OwnerID: 892, RepoID: 0},
+			ownerID:  469,
+			repoID:   0,
+			editable: false,
+		},
+		{
+			name:     "user-cannot-edit-repo-runner",
+			runner:   &ActionRunner{Name: "repo-runner", OwnerID: 0, RepoID: 151},
+			ownerID:  469,
+			repoID:   0,
+			editable: false,
+		},
+		{
+			name:     "repo-can-edit-its-runner",
+			runner:   &ActionRunner{Name: "repo-runner", OwnerID: 0, RepoID: 693},
+			ownerID:  0,
+			repoID:   693,
+			editable: true,
+		},
+		{
+			name:     "repo-cannot-edit-other-repo-runner",
+			runner:   &ActionRunner{Name: "repo-runner", OwnerID: 0, RepoID: 519},
+			ownerID:  0,
+			repoID:   693,
+			editable: false,
+		},
+		{
+			name:     "repo-cannot-edit-global-runner",
+			runner:   &ActionRunner{Name: "global-runner", OwnerID: 0, RepoID: 0},
+			ownerID:  0,
+			repoID:   693,
+			editable: false,
+		},
+		{
+			name:     "repo-cannot-edit-user-runner",
+			runner:   &ActionRunner{Name: "user-runner", OwnerID: 6, RepoID: 0},
+			ownerID:  0,
+			repoID:   693,
+			editable: false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			result := testCase.runner.Editable(testCase.ownerID, testCase.repoID)
+			assert.Equal(t, testCase.editable, result)
+		})
+	}
+}
diff --git a/tests/integration/fixtures/TestRunnerVisibility/action_runner.yml b/tests/integration/fixtures/TestRunnerVisibility/action_runner.yml
new file mode 100644
index 0000000000..a20840396a
--- /dev/null
+++ b/tests/integration/fixtures/TestRunnerVisibility/action_runner.yml
@@ -0,0 +1,54 @@
+- id: 719931
+  uuid: "8f940b0b-32a2-479a-9d48-06ab8d8a0b90"
+  name: "runner-1"
+  version: "dev"
+  owner_id: 3
+  repo_id: 0
+  description: "A superb runner"
+  agent_labels: ["debian", "gpu"]
+  deleted: 0
+- id: 719932
+  uuid: "3a20ad8d-d5d6-4b7b-ba55-841ac8264c17"
+  name: "runner-2"
+  version: "11.3.1"
+  owner_id: 2
+  repo_id: 0
+  description: "An exclusive runner"
+  agent_labels: ["docker"]
+  deleted: 0
+- id: 719933
+  uuid: "11c9a6da-0a92-46ea-a4f1-b6c98f8c781c"
+  name: "runner-3"
+  version: "11.3.1"
+  owner_id: 17
+  repo_id: 0
+  description: "Another fine runner"
+  agent_labels: ["fedora"]
+  deleted: 0
+- id: 719934
+  uuid: "1ef59b64-93b7-4ad4-ade4-21ca13db49c0"
+  name: "runner-4"
+  version: "12.2.0"
+  owner_id: 0
+  repo_id: 0
+  description: "A runner for everyone"
+  agent_labels: ["docker"]
+  deleted: 0
+- id: 719935
+  uuid: "69d29449-1de5-4d17-845d-e3ae11a04a1b"
+  name: "runner-5"
+  version: "12.0.0"
+  owner_id: 1
+  repo_id: 0
+  description: ""
+  agent_labels: ["debian"]
+  deleted: 0
+- id: 719936
+  uuid: "9da25fbb-89a5-4520-a35a-d55fc94e4b76"
+  name: "runner-6"
+  version: "12.1.0"
+  owner_id: 0
+  repo_id: 62
+  description: ""
+  agent_labels: ["debian"]
+  deleted: 0
diff --git a/tests/integration/runner_test.go b/tests/integration/runner_test.go
index 6ca5a818d4..3379331e84 100644
--- a/tests/integration/runner_test.go
+++ b/tests/integration/runner_test.go
@@ -121,3 +121,73 @@ func TestRunnerModification(t *testing.T) {
 		})
 	})
 }
+
+func TestRunnerVisibility(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestRunnerVisibility")()
+	defer tests.PrepareTestEnv(t)()
+
+	admin := unittest.AssertExistsAndLoadBean(t, &user_model.User{IsAdmin: true})
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+	runnerOne := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 719931})
+	runnerTwo := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 719932})
+	runnerThree := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 719933})
+	runnerFour := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 719934})
+	runnerFive := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 719935})
+	runnerSix := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 719936})
+
+	testCases := []struct {
+		name              string
+		user              *user_model.User
+		url               string
+		expectedRunners   []*actions_model.ActionRunner
+		unexpectedRunners []*actions_model.ActionRunner
+	}{
+		{
+			name:              "admin-sees-all",
+			user:              admin,
+			url:               "/admin/actions/runners",
+			expectedRunners:   []*actions_model.ActionRunner{runnerOne, runnerTwo, runnerThree, runnerFour, runnerFive, runnerSix},
+			unexpectedRunners: []*actions_model.ActionRunner{},
+		},
+		{
+			name:              "user-sees-own-and-global",
+			user:              user2,
+			url:               "user/settings/actions/runners",
+			expectedRunners:   []*actions_model.ActionRunner{runnerTwo, runnerFour},
+			unexpectedRunners: []*actions_model.ActionRunner{runnerOne, runnerThree, runnerFive, runnerSix},
+		},
+		{
+			name:              "org-sees-own-and-global",
+			user:              user2,
+			url:               "/org/org3/settings/actions/runners",
+			expectedRunners:   []*actions_model.ActionRunner{runnerOne, runnerFour},
+			unexpectedRunners: []*actions_model.ActionRunner{runnerTwo, runnerThree, runnerFive, runnerSix},
+		},
+		{
+			name:              "user-repo-sees-own-and-users-and-global",
+			user:              user2,
+			url:               "/user2/test_workflows/settings/actions/runners",
+			expectedRunners:   []*actions_model.ActionRunner{runnerTwo, runnerFour, runnerSix},
+			unexpectedRunners: []*actions_model.ActionRunner{runnerOne, runnerThree, runnerFive},
+		},
+	}
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			session := loginUser(t, testCase.user.Name)
+
+			request := NewRequest(t, "GET", testCase.url)
+			response := session.MakeRequest(t, request, http.StatusOK)
+
+			htmlDoc := NewHTMLParser(t, response.Body)
+			for _, expectedRunner := range testCase.expectedRunners {
+				selector := fmt.Sprintf("td:contains('%s')", expectedRunner.Name)
+				assert.Equal(t, 1, htmlDoc.Find(selector).Length(), "runner '%s' could not be found", expectedRunner.Name)
+			}
+			for _, unexpectedRunner := range testCase.unexpectedRunners {
+				selector := fmt.Sprintf("td:contains('%s')", unexpectedRunner.Name)
+				assert.Zero(t, htmlDoc.Find(selector).Length(), "runner '%s' is unexpectedly present", unexpectedRunner.Name)
+			}
+		})
+	}
+}

From 9d824142e4fd2703432550044aebeea25f88d3a8 Mon Sep 17 00:00:00 2001
From: Bram Hagens <bram@bramh.me>
Date: Sat, 20 Dec 2025 15:37:27 +0100
Subject: [PATCH 007/854] feat: show update time when sorting by recently
 updated (#10488)

Fixes #4712
Fixes #7783

When filtering issues or PRs by "Recently updated" or "Least recently updated", the last updated time is shown.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10488
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Bram Hagens <bram@bramh.me>
Co-committed-by: Bram Hagens <bram@bramh.me>
---
 options/locale_next/locale_en-US.json |  1 +
 templates/shared/issuelist.tmpl       |  6 ++++++
 tests/integration/issue_test.go       | 30 +++++++++++++++++++++++++++
 3 files changed, 37 insertions(+)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index d9d23653cd..38d7d18e7e 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -62,6 +62,7 @@
     "repo.issues.filter_mention.hint": "Filter by mentioned user",
     "repo.issues.filter_modified.hint": "Filter by last modified date",
     "repo.issues.filter_sort.hint": "Sort by: created/comments/updated/deadline",
+    "issues.updated": "updated %s",
     "repo.pulls.poster_manage_approval": "Manage approval",
     "repo.pulls.poster_requires_approval": "Some workflows are <a href=\"%[1]s\">waiting to be reviewed.</a>",
     "repo.pulls.poster_requires_approval.tooltip": "The author of this pull request is not trusted to run workflows triggered by a pull request created from a forked repository or with AGit. The workflows triggered by a `pull_request` event will not run until they are approved.",
diff --git a/templates/shared/issuelist.tmpl b/templates/shared/issuelist.tmpl
index ff7aa9c0a4..3e20cc5080 100644
--- a/templates/shared/issuelist.tmpl
+++ b/templates/shared/issuelist.tmpl
@@ -142,6 +142,12 @@
 							</span>
 						{{end}}
 					{{end}}
+					{{if or (eq $.SortType "recentupdate") (eq $.SortType "leastupdate")}}
+					<span class="flex-text-inline">
+						{{svg "octicon-history" 14}}
+						{{ctx.Locale.Tr "issues.updated" (DateUtils.TimeSince .UpdatedUnix)}}
+					</span>
+					{{end}}
 				</div>
 			</div>
 		</div>
diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go
index 2e7428a1ac..b47f3fd534 100644
--- a/tests/integration/issue_test.go
+++ b/tests/integration/issue_test.go
@@ -131,6 +131,36 @@ func TestViewIssuesSortByType(t *testing.T) {
 	}
 }
 
+func TestViewIssuesSortByUpdatedTime(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+	// When sorting by update time, the "updated" text and icon should appear
+	for _, sort := range []string{"recentupdate", "leastupdate"} {
+		req := NewRequest(t, "GET", repo.Link()+"/issues?sort="+sort)
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		issueList := htmlDoc.doc.Find("#issue-list")
+		updatedText := issueList.Find(".flex-item-body").First().Text()
+		assert.Contains(t, updatedText, "updated")
+
+		historyIcon := issueList.Find(".octicon-history")
+		assert.Positive(t, historyIcon.Length())
+	}
+
+	// When sorting by something else, the "updated" text and icon should NOT appear
+	req := NewRequest(t, "GET", repo.Link()+"/issues?sort=latest")
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	htmlDoc := NewHTMLParser(t, resp.Body)
+	issueList := htmlDoc.doc.Find("#issue-list")
+	historyIcon := issueList.Find(".octicon-history")
+	assert.Empty(t, historyIcon.Length())
+}
+
 func TestViewIssuesKeyword(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From 42c8470d07409dc6ab3565d4f0c8550f3a841c49 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 20 Dec 2025 15:44:47 +0100
Subject: [PATCH 008/854] Update dependency webpack to v5.104.0 (forgejo)
 (#10492)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10492
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 29 ++++++++++++++++++-----------
 package.json      |  2 +-
 2 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index de73a23fc1..88b452f509 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -56,7 +56,7 @@
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
-        "webpack": "5.103.0",
+        "webpack": "5.104.0",
         "webpack-cli": "6.0.1",
         "wrap-ansi": "9.0.2"
       },
@@ -7218,6 +7218,7 @@
       "version": "1.7.0",
       "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.7.0.tgz",
       "integrity": "sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==",
+      "dev": true,
       "license": "MIT"
     },
     "node_modules/es-object-atoms": {
@@ -14253,9 +14254,9 @@
       }
     },
     "node_modules/terser-webpack-plugin": {
-      "version": "5.3.15",
-      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.15.tgz",
-      "integrity": "sha512-PGkOdpRFK+rb1TzVz+msVhw4YMRT9txLF4kRqvJhGhCM324xuR3REBSHALN+l+sAhKUmz0aotnjp5D+P83mLhQ==",
+      "version": "5.3.16",
+      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.16.tgz",
+      "integrity": "sha512-h9oBFCWrq78NyWWVcSwZarJkZ01c2AyGrzs1crmHZO3QUg9D61Wu4NPjBy69n7JqylFF5y+CsUZYmYEIZ3mR+Q==",
       "license": "MIT",
       "dependencies": {
         "@jridgewell/trace-mapping": "^0.3.25",
@@ -15312,9 +15313,9 @@
       "license": "BSD-2-Clause"
     },
     "node_modules/webpack": {
-      "version": "5.103.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.103.0.tgz",
-      "integrity": "sha512-HU1JOuV1OavsZ+mfigY0j8d1TgQgbZ6M+J75zDkpEAwYeXjWSqrGJtgnPblJjd/mAyTNQ7ygw0MiKOn6etz8yw==",
+      "version": "5.104.0",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.104.0.tgz",
+      "integrity": "sha512-5DeICTX8BVgNp6afSPYXAFjskIgWGlygQH58bcozPOXgo2r/6xx39Y1+cULZ3gTxUYQP88jmwLj2anu4Xaq84g==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -15326,10 +15327,10 @@
         "@webassemblyjs/wasm-parser": "^1.14.1",
         "acorn": "^8.15.0",
         "acorn-import-phases": "^1.0.3",
-        "browserslist": "^4.26.3",
+        "browserslist": "^4.28.1",
         "chrome-trace-event": "^1.0.2",
-        "enhanced-resolve": "^5.17.3",
-        "es-module-lexer": "^1.2.1",
+        "enhanced-resolve": "^5.17.4",
+        "es-module-lexer": "^2.0.0",
         "eslint-scope": "5.1.1",
         "events": "^3.2.0",
         "glob-to-regexp": "^0.4.1",
@@ -15340,7 +15341,7 @@
         "neo-async": "^2.6.2",
         "schema-utils": "^4.3.3",
         "tapable": "^2.3.0",
-        "terser-webpack-plugin": "^5.3.11",
+        "terser-webpack-plugin": "^5.3.16",
         "watchpack": "^2.4.4",
         "webpack-sources": "^3.3.3"
       },
@@ -15442,6 +15443,12 @@
       "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
       "license": "MIT"
     },
+    "node_modules/webpack/node_modules/es-module-lexer": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-2.0.0.tgz",
+      "integrity": "sha512-5POEcUuZybH7IdmGsD8wlf0AI55wMecM9rVBTI/qEAy2c1kTOm3DjFYjrBdI2K3BaJjJYfYFeRtM0t9ssnRuxw==",
+      "license": "MIT"
+    },
     "node_modules/webpack/node_modules/eslint-scope": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
diff --git a/package.json b/package.json
index 5f486327d9..7c55fc5884 100644
--- a/package.json
+++ b/package.json
@@ -55,7 +55,7 @@
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",
-    "webpack": "5.103.0",
+    "webpack": "5.104.0",
     "webpack-cli": "6.0.1",
     "wrap-ansi": "9.0.2"
   },

From 39189baa170cf7692b3533f288874e7edac71282 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 20 Dec 2025 17:13:12 +0100
Subject: [PATCH 009/854] Update module github.com/alecthomas/chroma/v2 to
 v2.21.1 (forgejo) (#10479)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10479
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod                                 |  2 +-
 go.sum                                 |  8 ++++----
 modules/indexer/code/search_test.go    |  8 ++++----
 modules/markup/html_test.go            | 26 +++++++++++++-------------
 modules/markup/orgmode/orgmode_test.go |  4 ++--
 5 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/go.mod b/go.mod
index 9e1615f9d2..c0605b8fb2 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/ProtonMail/go-crypto v1.3.0
 	github.com/PuerkitoBio/goquery v1.10.3
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2
-	github.com/alecthomas/chroma/v2 v2.20.0
+	github.com/alecthomas/chroma/v2 v2.21.1
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
 	github.com/blevesearch/bleve/v2 v2.5.6
 	github.com/buildkite/terminal-to-html/v3 v3.16.8
diff --git a/go.sum b/go.sum
index 17be63a395..39a33681c3 100644
--- a/go.sum
+++ b/go.sum
@@ -89,11 +89,11 @@ github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2/go.mod h1:JitQWJ8JuV4Y
 github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
 github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
 github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
-github.com/alecthomas/chroma/v2 v2.20.0 h1:sfIHpxPyR07/Oylvmcai3X/exDlE8+FA820NTz+9sGw=
-github.com/alecthomas/chroma/v2 v2.20.0/go.mod h1:e7tViK0xh/Nf4BYHl00ycY6rV7b8iXBksI9E359yNmA=
+github.com/alecthomas/chroma/v2 v2.21.1 h1:FaSDrp6N+3pphkNKU6HPCiYLgm8dbe5UXIXcoBhZSWA=
+github.com/alecthomas/chroma/v2 v2.21.1/go.mod h1:NqVhfBR0lte5Ouh3DcthuUCTUpDC9cxBOfyMbMQPs3o=
 github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
-github.com/alecthomas/repr v0.5.1 h1:E3G4t2QbHTSNpPKBgMTln5KLkZHLOcU7r37J4pXBuIg=
-github.com/alecthomas/repr v0.5.1/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
+github.com/alecthomas/repr v0.5.2 h1:SU73FTI9D1P5UNtvseffFSGmdNci/O6RsqzeXJtP0Qs=
+github.com/alecthomas/repr v0.5.2/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
 github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e h1:4dAU9FXIyQktpoUAgOJK3OTFc/xug0PCXYCqU0FgDKI=
 github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/andybalholm/brotli v1.2.0 h1:ukwgCxwYrmACq68yiUqwIWnGY0cTPox/M94sVwToPjQ=
diff --git a/modules/indexer/code/search_test.go b/modules/indexer/code/search_test.go
index 2413ddec0b..b8fe852bb8 100644
--- a/modules/indexer/code/search_test.go
+++ b/modules/indexer/code/search_test.go
@@ -87,8 +87,8 @@ func TestHighlightSearchResultCode(t *testing.T) {
 			Code:  "func main() {\n\tfmt.Println(\"mark this\")\n}",
 			Result: []template.HTML{
 				"<span class=\"kd\">func</span><span class=\"w\"> </span><span class=\"nf\">main</span><span class=\"p\">(</span><span class=\"p\">)</span><span class=\"w\"> </span><span class=\"p\">{</span><span class=\"w\">",
-				"</span><span class=\"w\"></span><span class=\"w\">\t</span><span class=\"nx\">fmt</span><span class=\"p\">.</span><span class=\"nf\">Println</span><span class=\"p\">(</span><span class=\"s\">&#34;<span class=\"search-highlight\">mark this</span>&#34;</span><span class=\"p\">)</span><span class=\"w\">",
-				"</span><span class=\"w\"></span><span class=\"p\">}</span>",
+				"</span><span class=\"w\">\t</span><span class=\"nx\">fmt</span><span class=\"p\">.</span><span class=\"nf\">Println</span><span class=\"p\">(</span><span class=\"s\">&#34;<span class=\"search-highlight\">mark this</span>&#34;</span><span class=\"p\">)</span><span class=\"w\">",
+				"</span><span class=\"p\">}</span>",
 			},
 		},
 		{
@@ -98,8 +98,8 @@ func TestHighlightSearchResultCode(t *testing.T) {
 			Code:  "func main() {\n\tfmt.Println(\"mark this 😊\")\n}",
 			Result: []template.HTML{
 				"<span class=\"kd\">func</span><span class=\"w\"> </span><span class=\"nf\">main</span><span class=\"p\">(</span><span class=\"p\">)</span><span class=\"w\"> </span><span class=\"p\">{</span><span class=\"w\">",
-				"</span><span class=\"w\"></span><span class=\"w\">\t</span><span class=\"nx\">fmt</span><span class=\"p\">.</span><span class=\"nf\">Println</span><span class=\"p\">(</span><span class=\"s\">&#34;<span class=\"search-highlight\">mark this 😊</span>&#34;</span><span class=\"p\">)</span><span class=\"w\">",
-				"</span><span class=\"w\"></span><span class=\"p\">}</span>",
+				"</span><span class=\"w\">\t</span><span class=\"nx\">fmt</span><span class=\"p\">.</span><span class=\"nf\">Println</span><span class=\"p\">(</span><span class=\"s\">&#34;<span class=\"search-highlight\">mark this 😊</span>&#34;</span><span class=\"p\">)</span><span class=\"w\">",
+				"</span><span class=\"p\">}</span>",
 			},
 		},
 	}
diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go
index c7c53e2678..512a7aa02a 100644
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -795,7 +795,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="3"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="w"></span><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner"><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -829,7 +829,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="3"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="w"></span><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner"><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -908,7 +908,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="3"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="w"></span><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner"><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -939,7 +939,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="3"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="w"></span><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner"><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -972,7 +972,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="3"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="w"></span><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner"><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -997,7 +997,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="3"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="w"></span><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner"><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -1028,7 +1028,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="3"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="w"></span><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner"><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -1053,7 +1053,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="3"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="w"></span><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner"><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -1078,7 +1078,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="3"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="w"></span><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner"><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -1113,7 +1113,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="2"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="gh"></span>B`+"\n"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner">B`+"\n"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -1146,7 +1146,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="2"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="gh"></span>B`+"\n"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner">B`+"\n"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -1179,7 +1179,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="2"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="gh"></span>B`+"\n"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner">B`+"\n"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
@@ -1214,7 +1214,7 @@ func TestRender_FilePreview(t *testing.T) {
 				`</tr>`+
 				`<tr>`+
 				`<td class="lines-num"><span data-line-number="3"></span></td>`+
-				`<td class="lines-code chroma"><code class="code-inner"><span class="w"></span><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
+				`<td class="lines-code chroma"><code class="code-inner"><span class="nx">C</span>`+"<span class=\"w\">\n</span>"+`</code></td>`+
 				`</tr>`+
 				`</tbody>`+
 				`</table>`+
diff --git a/modules/markup/orgmode/orgmode_test.go b/modules/markup/orgmode/orgmode_test.go
index 71157dc7c7..723d78e745 100644
--- a/modules/markup/orgmode/orgmode_test.go
+++ b/modules/markup/orgmode/orgmode_test.go
@@ -153,8 +153,8 @@ func HelloWorld() {
 #+end_src
 `, `<div class="src src-go">
 <pre><code class="chroma language-go"><span class="c1">// HelloWorld prints &#34;Hello World&#34;</span><span class="w">
-</span><span class="w"></span><span class="kd">func</span><span class="w"> </span><span class="nf">HelloWorld</span><span class="p">()</span><span class="w"> </span><span class="p">{</span><span class="w">
+</span><span class="kd">func</span><span class="w"> </span><span class="nf">HelloWorld</span><span class="p">()</span><span class="w"> </span><span class="p">{</span><span class="w">
 </span><span class="w">	</span><span class="nx">fmt</span><span class="p">.</span><span class="nf">Println</span><span class="p">(</span><span class="s">&#34;Hello World&#34;</span><span class="p">)</span><span class="w">
-</span><span class="w"></span><span class="p">}</span></code></pre>
+</span><span class="p">}</span></code></pre>
 </div>`)
 }

From d0686f4a12fd6ffe48312cb9c973c8efb3ef6576 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 20 Dec 2025 19:56:09 +0100
Subject: [PATCH 010/854] Update dependency @vitejs/plugin-vue to v6.0.3
 (forgejo) (#10503)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 18 +++++++++---------
 package.json      |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 88b452f509..fd872c58d4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -67,7 +67,7 @@
         "@stoplight/spectral-cli": "6.15.0",
         "@stylistic/eslint-plugin": "5.6.1",
         "@stylistic/stylelint-plugin": "4.0.0",
-        "@vitejs/plugin-vue": "6.0.2",
+        "@vitejs/plugin-vue": "6.0.3",
         "@vitest/coverage-v8": "4.0.14",
         "@vitest/eslint-plugin": "1.3.16",
         "@vue/test-utils": "2.4.6",
@@ -2333,9 +2333,9 @@
       }
     },
     "node_modules/@rolldown/pluginutils": {
-      "version": "1.0.0-beta.50",
-      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.50.tgz",
-      "integrity": "sha512-5e76wQiQVeL1ICOZVUg4LSOVYg9jyhGCin+icYozhsUzM+fHE7kddi1bdiE0jwVqTfkjba3jUFbEkoC9WkdvyA==",
+      "version": "1.0.0-beta.53",
+      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.53.tgz",
+      "integrity": "sha512-vENRlFU4YbrwVqNDZ7fLvy+JR1CRkyr01jhSiDpE1u6py3OMzQfztQU2jxykW3ALNxO4kSlqIDeYyD0Y9RcQeQ==",
       "dev": true,
       "license": "MIT"
     },
@@ -4276,19 +4276,19 @@
       ]
     },
     "node_modules/@vitejs/plugin-vue": {
-      "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-6.0.2.tgz",
-      "integrity": "sha512-iHmwV3QcVGGvSC1BG5bZ4z6iwa1SOpAPWmnjOErd4Ske+lZua5K9TtAVdx0gMBClJ28DViCbSmZitjWZsWO3LA==",
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-6.0.3.tgz",
+      "integrity": "sha512-TlGPkLFLVOY3T7fZrwdvKpjprR3s4fxRln0ORDo1VQ7HHyxJwTlrjKU3kpVWTlaAjIEuCTokmjkZnr8Tpc925w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@rolldown/pluginutils": "1.0.0-beta.50"
+        "@rolldown/pluginutils": "1.0.0-beta.53"
       },
       "engines": {
         "node": "^20.19.0 || >=22.12.0"
       },
       "peerDependencies": {
-        "vite": "^5.0.0 || ^6.0.0 || ^7.0.0",
+        "vite": "^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0",
         "vue": "^3.2.25"
       }
     },
diff --git a/package.json b/package.json
index 7c55fc5884..923bf08cea 100644
--- a/package.json
+++ b/package.json
@@ -66,7 +66,7 @@
     "@stoplight/spectral-cli": "6.15.0",
     "@stylistic/eslint-plugin": "5.6.1",
     "@stylistic/stylelint-plugin": "4.0.0",
-    "@vitejs/plugin-vue": "6.0.2",
+    "@vitejs/plugin-vue": "6.0.3",
     "@vitest/coverage-v8": "4.0.14",
     "@vitest/eslint-plugin": "1.3.16",
     "@vue/test-utils": "2.4.6",

From 3744b2866d0606b8d5deb0f154feb89aaac9f8cf Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 20 Dec 2025 19:57:19 +0100
Subject: [PATCH 011/854] Update linters (forgejo) (#10506)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 148 ++++++++++++++++++++++------------------------
 package.json      |   4 +-
 2 files changed, 72 insertions(+), 80 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index fd872c58d4..ae0af220f3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -71,7 +71,7 @@
         "@vitest/coverage-v8": "4.0.14",
         "@vitest/eslint-plugin": "1.3.16",
         "@vue/test-utils": "2.4.6",
-        "eslint": "9.39.1",
+        "eslint": "9.39.2",
         "eslint-import-resolver-typescript": "4.4.4",
         "eslint-plugin-array-func": "5.1.0",
         "eslint-plugin-import-x": "4.16.1",
@@ -98,7 +98,7 @@
         "stylelint-value-no-unknown-custom-properties": "6.0.1",
         "svgo": "4.0.0",
         "typescript": "5.9.3",
-        "typescript-eslint": "8.48.0",
+        "typescript-eslint": "8.50.0",
         "vite-string-plugin": "1.4.9",
         "vitest": "4.0.14"
       },
@@ -1271,9 +1271,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.39.1",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.1.tgz",
-      "integrity": "sha512-S26Stp4zCy88tH94QbBv3XCuzRQiZ9yXofEILmglYTh/Ug/a9/umqvgFtYBAo3Lp0nsI/5/qH1CCrbdK3AP1Tw==",
+      "version": "9.39.2",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.2.tgz",
+      "integrity": "sha512-q1mjIoW1VX4IvSocvM/vbTiveKC4k9eLrajNEuSsmjymSDEbpGddtpfOoN7YGAqBK3NG+uqo8ia4PDTt8buCYA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3742,18 +3742,17 @@
       "license": "MIT"
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.48.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.48.0.tgz",
-      "integrity": "sha512-XxXP5tL1txl13YFtrECECQYeZjBZad4fyd3cFV4a19LkAY/bIp9fev3US4S5fDVV2JaYFiKAZ/GRTOLer+mbyQ==",
+      "version": "8.50.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.50.0.tgz",
+      "integrity": "sha512-O7QnmOXYKVtPrfYzMolrCTfkezCJS9+ljLdKW/+DCvRsc3UAz+sbH6Xcsv7p30+0OwUbeWfUDAQE0vpabZ3QLg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.10.0",
-        "@typescript-eslint/scope-manager": "8.48.0",
-        "@typescript-eslint/type-utils": "8.48.0",
-        "@typescript-eslint/utils": "8.48.0",
-        "@typescript-eslint/visitor-keys": "8.48.0",
-        "graphemer": "^1.4.0",
+        "@typescript-eslint/scope-manager": "8.50.0",
+        "@typescript-eslint/type-utils": "8.50.0",
+        "@typescript-eslint/utils": "8.50.0",
+        "@typescript-eslint/visitor-keys": "8.50.0",
         "ignore": "^7.0.0",
         "natural-compare": "^1.4.0",
         "ts-api-utils": "^2.1.0"
@@ -3766,7 +3765,7 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.48.0",
+        "@typescript-eslint/parser": "^8.50.0",
         "eslint": "^8.57.0 || ^9.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
@@ -3782,17 +3781,17 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.48.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.48.0.tgz",
-      "integrity": "sha512-jCzKdm/QK0Kg4V4IK/oMlRZlY+QOcdjv89U2NgKHZk1CYTj82/RVSx1mV/0gqCVMJ/DA+Zf/S4NBWNF8GQ+eqQ==",
+      "version": "8.50.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.50.0.tgz",
+      "integrity": "sha512-6/cmF2piao+f6wSxUsJLZjck7OQsYyRtcOZS02k7XINSNlz93v6emM8WutDQSXnroG2xwYlEVHJI+cPA7CPM3Q==",
       "dev": true,
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.48.0",
-        "@typescript-eslint/types": "8.48.0",
-        "@typescript-eslint/typescript-estree": "8.48.0",
-        "@typescript-eslint/visitor-keys": "8.48.0",
+        "@typescript-eslint/scope-manager": "8.50.0",
+        "@typescript-eslint/types": "8.50.0",
+        "@typescript-eslint/typescript-estree": "8.50.0",
+        "@typescript-eslint/visitor-keys": "8.50.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -3808,14 +3807,14 @@
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.48.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.48.0.tgz",
-      "integrity": "sha512-Ne4CTZyRh1BecBf84siv42wv5vQvVmgtk8AuiEffKTUo3DrBaGYZueJSxxBZ8fjk/N3DrgChH4TOdIOwOwiqqw==",
+      "version": "8.50.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.50.0.tgz",
+      "integrity": "sha512-Cg/nQcL1BcoTijEWyx4mkVC56r8dj44bFDvBdygifuS20f3OZCHmFbjF34DPSi07kwlFvqfv/xOLnJ5DquxSGQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.48.0",
-        "@typescript-eslint/types": "^8.48.0",
+        "@typescript-eslint/tsconfig-utils": "^8.50.0",
+        "@typescript-eslint/types": "^8.50.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -3830,14 +3829,14 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.48.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.48.0.tgz",
-      "integrity": "sha512-uGSSsbrtJrLduti0Q1Q9+BF1/iFKaxGoQwjWOIVNJv0o6omrdyR8ct37m4xIl5Zzpkp69Kkmvom7QFTtue89YQ==",
+      "version": "8.50.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.50.0.tgz",
+      "integrity": "sha512-xCwfuCZjhIqy7+HKxBLrDVT5q/iq7XBVBXLn57RTIIpelLtEIZHXAF/Upa3+gaCpeV1NNS5Z9A+ID6jn50VD4A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.48.0",
-        "@typescript-eslint/visitor-keys": "8.48.0"
+        "@typescript-eslint/types": "8.50.0",
+        "@typescript-eslint/visitor-keys": "8.50.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3848,9 +3847,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.48.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.48.0.tgz",
-      "integrity": "sha512-WNebjBdFdyu10sR1M4OXTt2OkMd5KWIL+LLfeH9KhgP+jzfDV/LI3eXzwJ1s9+Yc0Kzo2fQCdY/OpdusCMmh6w==",
+      "version": "8.50.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.50.0.tgz",
+      "integrity": "sha512-vxd3G/ybKTSlm31MOA96gqvrRGv9RJ7LGtZCn2Vrc5htA0zCDvcMqUkifcjrWNNKXHUU3WCkYOzzVSFBd0wa2w==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3865,15 +3864,15 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.48.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.48.0.tgz",
-      "integrity": "sha512-zbeVaVqeXhhab6QNEKfK96Xyc7UQuoFWERhEnj3mLVnUWrQnv15cJNseUni7f3g557gm0e46LZ6IJ4NJVOgOpw==",
+      "version": "8.50.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.50.0.tgz",
+      "integrity": "sha512-7OciHT2lKCewR0mFoBrvZJ4AXTMe/sYOe87289WAViOocEmDjjv8MvIOT2XESuKj9jp8u3SZYUSh89QA4S1kQw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.48.0",
-        "@typescript-eslint/typescript-estree": "8.48.0",
-        "@typescript-eslint/utils": "8.48.0",
+        "@typescript-eslint/types": "8.50.0",
+        "@typescript-eslint/typescript-estree": "8.50.0",
+        "@typescript-eslint/utils": "8.50.0",
         "debug": "^4.3.4",
         "ts-api-utils": "^2.1.0"
       },
@@ -3890,9 +3889,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.48.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.48.0.tgz",
-      "integrity": "sha512-cQMcGQQH7kwKoVswD1xdOytxQR60MWKM1di26xSUtxehaDs/32Zpqsu5WJlXTtTTqyAVK8R7hvsUnIXRS+bjvA==",
+      "version": "8.50.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.50.0.tgz",
+      "integrity": "sha512-iX1mgmGrXdANhhITbpp2QQM2fGehBse9LbTf0sidWK6yg/NE+uhV5dfU1g6EYPlcReYmkE9QLPq/2irKAmtS9w==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3904,16 +3903,16 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.48.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.48.0.tgz",
-      "integrity": "sha512-ljHab1CSO4rGrQIAyizUS6UGHHCiAYhbfcIZ1zVJr5nMryxlXMVWS3duFPSKvSUbFPwkXMFk1k0EMIjub4sRRQ==",
+      "version": "8.50.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.50.0.tgz",
+      "integrity": "sha512-W7SVAGBR/IX7zm1t70Yujpbk+zdPq/u4soeFSknWFdXIFuWsBGBOUu/Tn/I6KHSKvSh91OiMuaSnYp3mtPt5IQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.48.0",
-        "@typescript-eslint/tsconfig-utils": "8.48.0",
-        "@typescript-eslint/types": "8.48.0",
-        "@typescript-eslint/visitor-keys": "8.48.0",
+        "@typescript-eslint/project-service": "8.50.0",
+        "@typescript-eslint/tsconfig-utils": "8.50.0",
+        "@typescript-eslint/types": "8.50.0",
+        "@typescript-eslint/visitor-keys": "8.50.0",
         "debug": "^4.3.4",
         "minimatch": "^9.0.4",
         "semver": "^7.6.0",
@@ -3965,16 +3964,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.48.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.48.0.tgz",
-      "integrity": "sha512-yTJO1XuGxCsSfIVt1+1UrLHtue8xz16V8apzPYI06W0HbEbEWHxHXgZaAgavIkoh+GeV6hKKd5jm0sS6OYxWXQ==",
+      "version": "8.50.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.50.0.tgz",
+      "integrity": "sha512-87KgUXET09CRjGCi2Ejxy3PULXna63/bMYv72tCAlDJC3Yqwln0HiFJ3VJMst2+mEtNtZu5oFvX4qJGjKsnAgg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.7.0",
-        "@typescript-eslint/scope-manager": "8.48.0",
-        "@typescript-eslint/types": "8.48.0",
-        "@typescript-eslint/typescript-estree": "8.48.0"
+        "@typescript-eslint/scope-manager": "8.50.0",
+        "@typescript-eslint/types": "8.50.0",
+        "@typescript-eslint/typescript-estree": "8.50.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3989,13 +3988,13 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.48.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.48.0.tgz",
-      "integrity": "sha512-T0XJMaRPOH3+LBbAfzR2jalckP1MSG/L9eUtY0DEzUyVaXJ/t6zN0nR7co5kz0Jko/nkSYCBRkz1djvjajVTTg==",
+      "version": "8.50.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.50.0.tgz",
+      "integrity": "sha512-Xzmnb58+Db78gT/CCj/PVCvK+zxbnsw6F+O1oheYszJbBSdEjVhQi3C/Xttzxgi/GLmpvOggRs1RFpiJ8+c34Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.48.0",
+        "@typescript-eslint/types": "8.50.0",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -7362,9 +7361,9 @@
       }
     },
     "node_modules/eslint": {
-      "version": "9.39.1",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.1.tgz",
-      "integrity": "sha512-BhHmn2yNOFA9H9JmmIVKJmd288g9hrVRDkdoIgRCRuSySRUHH7r/DI6aAXW9T1WwUuY3DFgrcaqB+deURBLR5g==",
+      "version": "9.39.2",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.2.tgz",
+      "integrity": "sha512-LEyamqS7W5HB3ujJyvi0HQK/dtVINZvd5mAAp9eT5S/ujByGjiZLCzPcHVzuXbpJDJF/cxwHlfceVUDZ2lnSTw==",
       "dev": true,
       "license": "MIT",
       "peer": true,
@@ -7375,7 +7374,7 @@
         "@eslint/config-helpers": "^0.4.2",
         "@eslint/core": "^0.17.0",
         "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.39.1",
+        "@eslint/js": "9.39.2",
         "@eslint/plugin-kit": "^0.4.1",
         "@humanfs/node": "^0.16.6",
         "@humanwhocodes/module-importer": "^1.0.1",
@@ -8612,13 +8611,6 @@
       "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
       "license": "ISC"
     },
-    "node_modules/graphemer": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz",
-      "integrity": "sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/hachure-fill": {
       "version": "0.5.2",
       "resolved": "https://registry.npmjs.org/hachure-fill/-/hachure-fill-0.5.2.tgz",
@@ -14636,16 +14628,16 @@
       }
     },
     "node_modules/typescript-eslint": {
-      "version": "8.48.0",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.48.0.tgz",
-      "integrity": "sha512-fcKOvQD9GUn3Xw63EgiDqhvWJ5jsyZUaekl3KVpGsDJnN46WJTe3jWxtQP9lMZm1LJNkFLlTaWAxK2vUQR+cqw==",
+      "version": "8.50.0",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.50.0.tgz",
+      "integrity": "sha512-Q1/6yNUmCpH94fbgMUMg2/BSAr/6U7GBk61kZTv1/asghQOWOjTlp9K8mixS5NcJmm2creY+UFfGeW/+OcA64A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.48.0",
-        "@typescript-eslint/parser": "8.48.0",
-        "@typescript-eslint/typescript-estree": "8.48.0",
-        "@typescript-eslint/utils": "8.48.0"
+        "@typescript-eslint/eslint-plugin": "8.50.0",
+        "@typescript-eslint/parser": "8.50.0",
+        "@typescript-eslint/typescript-estree": "8.50.0",
+        "@typescript-eslint/utils": "8.50.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
diff --git a/package.json b/package.json
index 923bf08cea..c9e0e6bea9 100644
--- a/package.json
+++ b/package.json
@@ -70,7 +70,7 @@
     "@vitest/coverage-v8": "4.0.14",
     "@vitest/eslint-plugin": "1.3.16",
     "@vue/test-utils": "2.4.6",
-    "eslint": "9.39.1",
+    "eslint": "9.39.2",
     "eslint-import-resolver-typescript": "4.4.4",
     "eslint-plugin-array-func": "5.1.0",
     "eslint-plugin-import-x": "4.16.1",
@@ -97,7 +97,7 @@
     "stylelint-value-no-unknown-custom-properties": "6.0.1",
     "svgo": "4.0.0",
     "typescript": "5.9.3",
-    "typescript-eslint": "8.48.0",
+    "typescript-eslint": "8.50.0",
     "vite-string-plugin": "1.4.9",
     "vitest": "4.0.14"
   },

From 22d4103cd0b9382f86284584072fbc3cac269a38 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 20 Dec 2025 19:57:53 +0100
Subject: [PATCH 012/854] Update go-openapi packages (forgejo) (#10505)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10505
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 20 ++++++++++----------
 go.sum | 44 ++++++++++++++++++++++----------------------
 2 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/go.mod b/go.mod
index c0605b8fb2..a93c63b73d 100644
--- a/go.mod
+++ b/go.mod
@@ -50,7 +50,7 @@ require (
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-enry/go-enry/v2 v2.9.2
 	github.com/go-ldap/ldap/v3 v3.4.12
-	github.com/go-openapi/spec v0.22.1
+	github.com/go-openapi/spec v0.22.2
 	github.com/go-sql-driver/mysql v1.9.3
 	github.com/go-webauthn/webauthn v0.14.0
 	github.com/gobwas/glob v0.2.3
@@ -181,15 +181,15 @@ require (
 	github.com/go-git/go-billy/v5 v5.6.2 // indirect
 	github.com/go-git/go-git/v5 v5.16.3 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-openapi/jsonpointer v0.22.3 // indirect
-	github.com/go-openapi/jsonreference v0.21.3 // indirect
-	github.com/go-openapi/swag/conv v0.25.3 // indirect
-	github.com/go-openapi/swag/jsonname v0.25.3 // indirect
-	github.com/go-openapi/swag/jsonutils v0.25.3 // indirect
-	github.com/go-openapi/swag/loading v0.25.3 // indirect
-	github.com/go-openapi/swag/stringutils v0.25.3 // indirect
-	github.com/go-openapi/swag/typeutils v0.25.3 // indirect
-	github.com/go-openapi/swag/yamlutils v0.25.3 // indirect
+	github.com/go-openapi/jsonpointer v0.22.4 // indirect
+	github.com/go-openapi/jsonreference v0.21.4 // indirect
+	github.com/go-openapi/swag/conv v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonname v0.25.4 // indirect
+	github.com/go-openapi/swag/jsonutils v0.25.4 // indirect
+	github.com/go-openapi/swag/loading v0.25.4 // indirect
+	github.com/go-openapi/swag/stringutils v0.25.4 // indirect
+	github.com/go-openapi/swag/typeutils v0.25.4 // indirect
+	github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
 	github.com/go-webauthn/x v0.1.25 // indirect
 	github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
diff --git a/go.sum b/go.sum
index 39a33681c3..e33c2388a5 100644
--- a/go.sum
+++ b/go.sum
@@ -307,28 +307,28 @@ github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
 github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
 github.com/go-ldap/ldap/v3 v3.4.12/go.mod h1:+SPAGcTtOfmGsCb3h1RFiq4xpp4N636G75OEace8lNo=
-github.com/go-openapi/jsonpointer v0.22.3 h1:dKMwfV4fmt6Ah90zloTbUKWMD+0he+12XYAsPotrkn8=
-github.com/go-openapi/jsonpointer v0.22.3/go.mod h1:0lBbqeRsQ5lIanv3LHZBrmRGHLHcQoOXQnf88fHlGWo=
-github.com/go-openapi/jsonreference v0.21.3 h1:96Dn+MRPa0nYAR8DR1E03SblB5FJvh7W6krPI0Z7qMc=
-github.com/go-openapi/jsonreference v0.21.3/go.mod h1:RqkUP0MrLf37HqxZxrIAtTWW4ZJIK1VzduhXYBEeGc4=
-github.com/go-openapi/spec v0.22.1 h1:beZMa5AVQzRspNjvhe5aG1/XyBSMeX1eEOs7dMoXh/k=
-github.com/go-openapi/spec v0.22.1/go.mod h1:c7aeIQT175dVowfp7FeCvXXnjN/MrpaONStibD2WtDA=
-github.com/go-openapi/swag/conv v0.25.3 h1:PcB18wwfba7MN5BVlBIV+VxvUUeC2kEuCEyJ2/t2X7E=
-github.com/go-openapi/swag/conv v0.25.3/go.mod h1:n4Ibfwhn8NJnPXNRhBO5Cqb9ez7alBR40JS4rbASUPU=
-github.com/go-openapi/swag/jsonname v0.25.3 h1:U20VKDS74HiPaLV7UZkztpyVOw3JNVsit+w+gTXRj0A=
-github.com/go-openapi/swag/jsonname v0.25.3/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
-github.com/go-openapi/swag/jsonutils v0.25.3 h1:kV7wer79KXUM4Ea4tBdAVTU842Rg6tWstX3QbM4fGdw=
-github.com/go-openapi/swag/jsonutils v0.25.3/go.mod h1:ILcKqe4HC1VEZmJx51cVuZQ6MF8QvdfXsQfiaCs0z9o=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.3 h1:/i3E9hBujtXfHy91rjtwJ7Fgv5TuDHgnSrYjhFxwxOw=
-github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.3/go.mod h1:8kYfCR2rHyOj25HVvxL5Nm8wkfzggddgjZm6RgjT8Ao=
-github.com/go-openapi/swag/loading v0.25.3 h1:Nn65Zlzf4854MY6Ft0JdNrtnHh2bdcS/tXckpSnOb2Y=
-github.com/go-openapi/swag/loading v0.25.3/go.mod h1:xajJ5P4Ang+cwM5gKFrHBgkEDWfLcsAKepIuzTmOb/c=
-github.com/go-openapi/swag/stringutils v0.25.3 h1:nAmWq1fUTWl/XiaEPwALjp/8BPZJun70iDHRNq/sH6w=
-github.com/go-openapi/swag/stringutils v0.25.3/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
-github.com/go-openapi/swag/typeutils v0.25.3 h1:2w4mEEo7DQt3V4veWMZw0yTPQibiL3ri2fdDV4t2TQc=
-github.com/go-openapi/swag/typeutils v0.25.3/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
-github.com/go-openapi/swag/yamlutils v0.25.3 h1:LKTJjCn/W1ZfMec0XDL4Vxh8kyAnv1orH5F2OREDUrg=
-github.com/go-openapi/swag/yamlutils v0.25.3/go.mod h1:Y7QN6Wc5DOBXK14/xeo1cQlq0EA0wvLoSv13gDQoCao=
+github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4=
+github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80=
+github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8=
+github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4=
+github.com/go-openapi/spec v0.22.2 h1:KEU4Fb+Lp1qg0V4MxrSCPv403ZjBl8Lx1a83gIPU8Qc=
+github.com/go-openapi/spec v0.22.2/go.mod h1:iIImLODL2loCh3Vnox8TY2YWYJZjMAKYyLH2Mu8lOZs=
+github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4=
+github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU=
+github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=
+github.com/go-openapi/swag/jsonname v0.25.4/go.mod h1:GPVEk9CWVhNvWhZgrnvRA6utbAltopbKwDu8mXNUMag=
+github.com/go-openapi/swag/jsonutils v0.25.4 h1:VSchfbGhD4UTf4vCdR2F4TLBdLwHyUDTd1/q4i+jGZA=
+github.com/go-openapi/swag/jsonutils v0.25.4/go.mod h1:7OYGXpvVFPn4PpaSdPHJBtF0iGnbEaTk8AvBkoWnaAY=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4 h1:IACsSvBhiNJwlDix7wq39SS2Fh7lUOCJRmx/4SN4sVo=
+github.com/go-openapi/swag/jsonutils/fixtures_test v0.25.4/go.mod h1:Mt0Ost9l3cUzVv4OEZG+WSeoHwjWLnarzMePNDAOBiM=
+github.com/go-openapi/swag/loading v0.25.4 h1:jN4MvLj0X6yhCDduRsxDDw1aHe+ZWoLjW+9ZQWIKn2s=
+github.com/go-openapi/swag/loading v0.25.4/go.mod h1:rpUM1ZiyEP9+mNLIQUdMiD7dCETXvkkC30z53i+ftTE=
+github.com/go-openapi/swag/stringutils v0.25.4 h1:O6dU1Rd8bej4HPA3/CLPciNBBDwZj9HiEpdVsb8B5A8=
+github.com/go-openapi/swag/stringutils v0.25.4/go.mod h1:GTsRvhJW5xM5gkgiFe0fV3PUlFm0dr8vki6/VSRaZK0=
+github.com/go-openapi/swag/typeutils v0.25.4 h1:1/fbZOUN472NTc39zpa+YGHn3jzHWhv42wAJSN91wRw=
+github.com/go-openapi/swag/typeutils v0.25.4/go.mod h1:Ou7g//Wx8tTLS9vG0UmzfCsjZjKhpjxayRKTHXf2pTE=
+github.com/go-openapi/swag/yamlutils v0.25.4 h1:6jdaeSItEUb7ioS9lFoCZ65Cne1/RZtPBZ9A56h92Sw=
+github.com/go-openapi/swag/yamlutils v0.25.4/go.mod h1:MNzq1ulQu+yd8Kl7wPOut/YHAAU/H6hL91fF+E2RFwc=
 github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxEodtNSI1WG1c/m5Akw4=
 github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
 github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=

From 8650f05f316acf3edfdbd329eb0515f562d16056 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 20 Dec 2025 19:58:25 +0100
Subject: [PATCH 013/854] Update dependency markdownlint-cli to v0.47.0
 (forgejo) (#10508)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 147 ++++++++++++++++++----------------------------
 package.json      |   2 +-
 2 files changed, 57 insertions(+), 92 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ae0af220f3..c32246ee81 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -89,7 +89,7 @@
         "globals": "16.5.0",
         "happy-dom": "20.0.11",
         "license-checker-rseidelsohn": "4.4.2",
-        "markdownlint-cli": "0.45.0",
+        "markdownlint-cli": "0.47.0",
         "postcss-html": "1.8.0",
         "sharp": "0.34.5",
         "stylelint": "16.26.1",
@@ -10394,9 +10394,9 @@
       }
     },
     "node_modules/markdownlint": {
-      "version": "0.38.0",
-      "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.38.0.tgz",
-      "integrity": "sha512-xaSxkaU7wY/0852zGApM8LdlIfGCW8ETZ0Rr62IQtAnUMlMuifsg09vWJcNYeL4f0anvr8Vo4ZQar8jGpV0btQ==",
+      "version": "0.40.0",
+      "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.40.0.tgz",
+      "integrity": "sha512-UKybllYNheWac61Ia7T6fzuQNDZimFIpCg2w6hHjgV1Qu0w1TV0LlSgryUGzM0bkKQCBhy2FDhEELB73Kb0kAg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -10407,7 +10407,8 @@
         "micromark-extension-gfm-footnote": "2.1.0",
         "micromark-extension-gfm-table": "2.1.1",
         "micromark-extension-math": "3.1.0",
-        "micromark-util-types": "2.0.2"
+        "micromark-util-types": "2.0.2",
+        "string-width": "8.1.0"
       },
       "engines": {
         "node": ">=20"
@@ -10417,23 +10418,24 @@
       }
     },
     "node_modules/markdownlint-cli": {
-      "version": "0.45.0",
-      "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.45.0.tgz",
-      "integrity": "sha512-GiWr7GfJLVfcopL3t3pLumXCYs8sgWppjIA1F/Cc3zIMgD3tmkpyZ1xkm1Tej8mw53B93JsDjgA3KOftuYcfOw==",
+      "version": "0.47.0",
+      "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.47.0.tgz",
+      "integrity": "sha512-HOcxeKFAdDoldvoYDofd85vI8LgNWy8vmYpCwnlLV46PJcodmGzD7COSSBlhHwsfT4o9KrAStGodImVBus31Bg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "commander": "~13.1.0",
-        "glob": "~11.0.2",
-        "ignore": "~7.0.4",
-        "js-yaml": "~4.1.0",
+        "commander": "~14.0.2",
+        "deep-extend": "~0.6.0",
+        "ignore": "~7.0.5",
+        "js-yaml": "~4.1.1",
         "jsonc-parser": "~3.3.1",
         "jsonpointer": "~5.0.1",
         "markdown-it": "~14.1.0",
-        "markdownlint": "~0.38.0",
-        "minimatch": "~10.0.1",
+        "markdownlint": "~0.40.0",
+        "minimatch": "~10.1.1",
         "run-con": "~1.3.2",
-        "smol-toml": "~1.3.4"
+        "smol-toml": "~1.5.2",
+        "tinyglobby": "~0.2.15"
       },
       "bin": {
         "markdownlint": "markdownlint.js"
@@ -10443,37 +10445,13 @@
       }
     },
     "node_modules/markdownlint-cli/node_modules/commander": {
-      "version": "13.1.0",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-13.1.0.tgz",
-      "integrity": "sha512-/rFeCpNJQbhSZjGVwO9RFV3xPqbnERS8MmIQzCtD/zl6gpJuV/bMLuN92oG3F7d8oDEHHRrujSXNUr8fpjntKw==",
+      "version": "14.0.2",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.2.tgz",
+      "integrity": "sha512-TywoWNNRbhoD0BXs1P3ZEScW8W5iKrnbithIl0YH+uCmBd0QpPOA8yc82DS3BIE5Ma6FnBVUsJ7wVUDz4dvOWQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/markdownlint-cli/node_modules/glob": {
-      "version": "11.0.3",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-11.0.3.tgz",
-      "integrity": "sha512-2Nim7dha1KVkaiF4q6Dj+ngPPMdfvLJEOpZk/jKiUAkqKebpGAWQXAq9z1xu9HKu5lWfqw/FASuccEjyznjPaA==",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "foreground-child": "^3.3.1",
-        "jackspeak": "^4.1.1",
-        "minimatch": "^10.0.3",
-        "minipass": "^7.1.2",
-        "package-json-from-dist": "^1.0.0",
-        "path-scurry": "^2.0.0"
-      },
-      "bin": {
-        "glob": "dist/esm/bin.mjs"
-      },
-      "engines": {
-        "node": "20 || >=22"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
+        "node": ">=20"
       }
     },
     "node_modules/markdownlint-cli/node_modules/ignore": {
@@ -10486,22 +10464,6 @@
         "node": ">= 4"
       }
     },
-    "node_modules/markdownlint-cli/node_modules/jackspeak": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-4.1.1.tgz",
-      "integrity": "sha512-zptv57P3GpL+O0I7VdMJNBZCu+BPHVQUk55Ft8/QCJjTVxrnJHuVuX/0Bl2A6/+2oyR/ZMEuFKwmzqqZ/U5nPQ==",
-      "dev": true,
-      "license": "BlueOak-1.0.0",
-      "dependencies": {
-        "@isaacs/cliui": "^8.0.2"
-      },
-      "engines": {
-        "node": "20 || >=22"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/markdownlint-cli/node_modules/jsonc-parser": {
       "version": "3.3.1",
       "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.3.1.tgz",
@@ -10509,47 +10471,50 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/markdownlint-cli/node_modules/lru-cache": {
-      "version": "11.2.4",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.2.4.tgz",
-      "integrity": "sha512-B5Y16Jr9LB9dHVkh6ZevG+vAbOsNOYCX+sXvFWFu7B3Iz5mijW3zdbMyhsh8ANd2mSWBYdJgnqi+mL7/LrOPYg==",
+    "node_modules/markdownlint/node_modules/ansi-regex": {
+      "version": "6.2.2",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
+      "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==",
       "dev": true,
-      "license": "BlueOak-1.0.0",
+      "license": "MIT",
       "engines": {
-        "node": "20 || >=22"
-      }
-    },
-    "node_modules/markdownlint-cli/node_modules/minimatch": {
-      "version": "10.0.3",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.0.3.tgz",
-      "integrity": "sha512-IPZ167aShDZZUMdRk66cyQAW3qr0WzbHkPdMYa8bzZhlHhO3jALbKdxcaak7W9FfT2rZNpQuUu4Od7ILEpXSaw==",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "@isaacs/brace-expansion": "^5.0.0"
-      },
-      "engines": {
-        "node": "20 || >=22"
+        "node": ">=12"
       },
       "funding": {
-        "url": "https://github.com/sponsors/isaacs"
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
       }
     },
-    "node_modules/markdownlint-cli/node_modules/path-scurry": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.1.tgz",
-      "integrity": "sha512-oWyT4gICAu+kaA7QWk/jvCHWarMKNs6pXOGWKDTr7cw4IGcUbW+PeTfbaQiLGheFRpjo6O9J0PmyMfQPjH71oA==",
+    "node_modules/markdownlint/node_modules/string-width": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-8.1.0.tgz",
+      "integrity": "sha512-Kxl3KJGb/gxkaUMOjRsQ8IrXiGW75O4E3RPjFIINOVH8AMl2SQ/yWdTzWwF3FevIX9LcMAjJW+GRwAlAbTSXdg==",
       "dev": true,
-      "license": "BlueOak-1.0.0",
+      "license": "MIT",
       "dependencies": {
-        "lru-cache": "^11.0.0",
-        "minipass": "^7.1.2"
+        "get-east-asian-width": "^1.3.0",
+        "strip-ansi": "^7.1.0"
       },
       "engines": {
-        "node": "20 || >=22"
+        "node": ">=20"
       },
       "funding": {
-        "url": "https://github.com/sponsors/isaacs"
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/markdownlint/node_modules/strip-ansi": {
+      "version": "7.1.2",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz",
+      "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^6.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
       }
     },
     "node_modules/marked": {
@@ -13414,9 +13379,9 @@
       }
     },
     "node_modules/smol-toml": {
-      "version": "1.3.4",
-      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.3.4.tgz",
-      "integrity": "sha512-UOPtVuYkzYGee0Bd2Szz8d2G3RfMfJ2t3qVdZUAozZyAk+a0Sxa+QKix0YCwjL/A1RR0ar44nCxaoN9FxdJGwA==",
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.5.2.tgz",
+      "integrity": "sha512-QlaZEqcAH3/RtNyet1IPIYPsEWAaYyXXv1Krsi+1L/QHppjX4Ifm8MQsBISz9vE8cHicIq3clogsheili5vhaQ==",
       "dev": true,
       "license": "BSD-3-Clause",
       "engines": {
diff --git a/package.json b/package.json
index c9e0e6bea9..0e4e0cad5c 100644
--- a/package.json
+++ b/package.json
@@ -88,7 +88,7 @@
     "globals": "16.5.0",
     "happy-dom": "20.0.11",
     "license-checker-rseidelsohn": "4.4.2",
-    "markdownlint-cli": "0.45.0",
+    "markdownlint-cli": "0.47.0",
     "postcss-html": "1.8.0",
     "sharp": "0.34.5",
     "stylelint": "16.26.1",

From deafea3612300f91732205ee0c2f506dc0607b1e Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 20 Dec 2025 19:58:28 +0100
Subject: [PATCH 014/854] Update module
 github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.7.2 (forgejo)
 (#10509)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index db363d216b..37c04a31f6 100644
--- a/Makefile
+++ b/Makefile
@@ -39,7 +39,7 @@ XGO_VERSION := go-1.21.x
 AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.6.0 # renovate: datasource=go
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.9.2 # renovate: datasource=go
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.6.2 # renovate: datasource=go
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.7.2 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.15 # renovate: datasource=go
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.1 # renovate: datasource=go
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest

From 1ef8f33683d9f9a125f1b94a9c843141290c8d40 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 20 Dec 2025 19:58:31 +0100
Subject: [PATCH 015/854] Update module github.com/PuerkitoBio/goquery to
 v1.11.0 (forgejo) (#10510)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index a93c63b73d..690955237b 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/42wim/sshsig v0.0.0-20250502153856-5100632e8920
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/ProtonMail/go-crypto v1.3.0
-	github.com/PuerkitoBio/goquery v1.10.3
+	github.com/PuerkitoBio/goquery v1.11.0
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2
 	github.com/alecthomas/chroma/v2 v2.21.1
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
diff --git a/go.sum b/go.sum
index e33c2388a5..3c526a8cf0 100644
--- a/go.sum
+++ b/go.sum
@@ -78,8 +78,8 @@ github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERo
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw=
 github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
-github.com/PuerkitoBio/goquery v1.10.3 h1:pFYcNSqHxBD06Fpj/KsbStFRsgRATgnf3LeXiUkhzPo=
-github.com/PuerkitoBio/goquery v1.10.3/go.mod h1:tMUX0zDMHXYlAQk6p35XxQMqMweEKB7iK7iLNd4RH4Y=
+github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
+github.com/PuerkitoBio/goquery v1.11.0/go.mod h1:wQHgxUOU3JGuj3oD/QFfxUdlzW6xPHfqyHre6VMY4DQ=
 github.com/RoaringBitmap/roaring/v2 v2.4.5 h1:uGrrMreGjvAtTBobc0g5IrW1D5ldxDQYe2JW2gggRdg=
 github.com/RoaringBitmap/roaring/v2 v2.4.5/go.mod h1:FiJcsfkGje/nZBZgCu0ZxCPOKD/hVXDS2dXi7/eUFE0=
 github.com/STARRY-S/zip v0.2.3 h1:luE4dMvRPDOWQdeDdUxUoZkzUIpTccdKdhHHsQJ1fm4=

From 925549d521e268105a79aa0bc8bc479c3faac7e4 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 20 Dec 2025 19:58:51 +0100
Subject: [PATCH 016/854] Update x/tools to v0.40.0 (forgejo) (#10511)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 Makefile | 2 +-
 go.mod   | 4 ++--
 go.sum   | 8 ++++----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index 37c04a31f6..ae66a3e471 100644
--- a/Makefile
+++ b/Makefile
@@ -45,7 +45,7 @@ SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.1 # renova
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.39.0 # renovate: datasource=go
+DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.40.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
 RENOVATE_NPM_PACKAGE ?= renovate@42.39.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
diff --git a/go.mod b/go.mod
index 690955237b..7516b5a680 100644
--- a/go.mod
+++ b/go.mod
@@ -104,7 +104,7 @@ require (
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.46.0
 	golang.org/x/image v0.33.0
-	golang.org/x/net v0.47.0
+	golang.org/x/net v0.48.0
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.19.0
 	golang.org/x/sys v0.39.0
@@ -267,7 +267,7 @@ require (
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
 	golang.org/x/mod v0.31.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
-	golang.org/x/tools v0.39.0 // indirect
+	golang.org/x/tools v0.40.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index 3c526a8cf0..6792d6d404 100644
--- a/go.sum
+++ b/go.sum
@@ -820,8 +820,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -943,8 +943,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
-golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
+golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
+golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From b90eda6ed70ceff415b4d3b856b0eddd8089d721 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 20 Dec 2025 21:36:37 +0100
Subject: [PATCH 017/854] Update vitest monorepo to v4.0.16 (forgejo) (#10507)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 107 ++++++++++++++++++++++------------------------
 package.json      |   4 +-
 2 files changed, 52 insertions(+), 59 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c32246ee81..3652561b3c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -68,7 +68,7 @@
         "@stylistic/eslint-plugin": "5.6.1",
         "@stylistic/stylelint-plugin": "4.0.0",
         "@vitejs/plugin-vue": "6.0.3",
-        "@vitest/coverage-v8": "4.0.14",
+        "@vitest/coverage-v8": "4.0.16",
         "@vitest/eslint-plugin": "1.3.16",
         "@vue/test-utils": "2.4.6",
         "eslint": "9.39.2",
@@ -100,7 +100,7 @@
         "typescript": "5.9.3",
         "typescript-eslint": "8.50.0",
         "vite-string-plugin": "1.4.9",
-        "vitest": "4.0.14"
+        "vitest": "4.0.16"
       },
       "engines": {
         "node": ">= 20.0.0"
@@ -4292,14 +4292,14 @@
       }
     },
     "node_modules/@vitest/coverage-v8": {
-      "version": "4.0.14",
-      "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-4.0.14.tgz",
-      "integrity": "sha512-EYHLqN/BY6b47qHH7gtMxAg++saoGmsjWmAq9MlXxAz4M0NcHh9iOyKhBZyU4yxZqOd8Xnqp80/5saeitz4Cng==",
+      "version": "4.0.16",
+      "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-4.0.16.tgz",
+      "integrity": "sha512-2rNdjEIsPRzsdu6/9Eq0AYAzYdpP6Bx9cje9tL3FE5XzXRQF1fNU9pe/1yE8fCrS0HD+fBtt6gLPh6LI57tX7A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@bcoe/v8-coverage": "^1.0.2",
-        "@vitest/utils": "4.0.14",
+        "@vitest/utils": "4.0.16",
         "ast-v8-to-istanbul": "^0.3.8",
         "istanbul-lib-coverage": "^3.2.2",
         "istanbul-lib-report": "^3.0.1",
@@ -4314,8 +4314,8 @@
         "url": "https://opencollective.com/vitest"
       },
       "peerDependencies": {
-        "@vitest/browser": "4.0.14",
-        "vitest": "4.0.14"
+        "@vitest/browser": "4.0.16",
+        "vitest": "4.0.16"
       },
       "peerDependenciesMeta": {
         "@vitest/browser": {
@@ -4348,16 +4348,16 @@
       }
     },
     "node_modules/@vitest/expect": {
-      "version": "4.0.14",
-      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.14.tgz",
-      "integrity": "sha512-RHk63V3zvRiYOWAV0rGEBRO820ce17hz7cI2kDmEdfQsBjT2luEKB5tCOc91u1oSQoUOZkSv3ZyzkdkSLD7lKw==",
+      "version": "4.0.16",
+      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.16.tgz",
+      "integrity": "sha512-eshqULT2It7McaJkQGLkPjPjNph+uevROGuIMJdG3V+0BSR2w9u6J9Lwu+E8cK5TETlfou8GRijhafIMhXsimA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@standard-schema/spec": "^1.0.0",
         "@types/chai": "^5.2.2",
-        "@vitest/spy": "4.0.14",
-        "@vitest/utils": "4.0.14",
+        "@vitest/spy": "4.0.16",
+        "@vitest/utils": "4.0.16",
         "chai": "^6.2.1",
         "tinyrainbow": "^3.0.3"
       },
@@ -4366,13 +4366,13 @@
       }
     },
     "node_modules/@vitest/mocker": {
-      "version": "4.0.14",
-      "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.0.14.tgz",
-      "integrity": "sha512-RzS5NujlCzeRPF1MK7MXLiEFpkIXeMdQ+rN3Kk3tDI9j0mtbr7Nmuq67tpkOJQpgyClbOltCXMjLZicJHsH5Cg==",
+      "version": "4.0.16",
+      "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.0.16.tgz",
+      "integrity": "sha512-yb6k4AZxJTB+q9ycAvsoxGn+j/po0UaPgajllBgt1PzoMAAmJGYFdDk0uCcRcxb3BrME34I6u8gHZTQlkqSZpg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/spy": "4.0.14",
+        "@vitest/spy": "4.0.16",
         "estree-walker": "^3.0.3",
         "magic-string": "^0.30.21"
       },
@@ -4420,9 +4420,9 @@
       }
     },
     "node_modules/@vitest/pretty-format": {
-      "version": "4.0.14",
-      "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.0.14.tgz",
-      "integrity": "sha512-SOYPgujB6TITcJxgd3wmsLl+wZv+fy3av2PpiPpsWPZ6J1ySUYfScfpIt2Yv56ShJXR2MOA6q2KjKHN4EpdyRQ==",
+      "version": "4.0.16",
+      "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.0.16.tgz",
+      "integrity": "sha512-eNCYNsSty9xJKi/UdVD8Ou16alu7AYiS2fCPRs0b1OdhJiV89buAXQLpTbe+X8V9L6qrs9CqyvU7OaAopJYPsA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4433,13 +4433,13 @@
       }
     },
     "node_modules/@vitest/runner": {
-      "version": "4.0.14",
-      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.0.14.tgz",
-      "integrity": "sha512-BsAIk3FAqxICqREbX8SetIteT8PiaUL/tgJjmhxJhCsigmzzH8xeadtp7LRnTpCVzvf0ib9BgAfKJHuhNllKLw==",
+      "version": "4.0.16",
+      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.0.16.tgz",
+      "integrity": "sha512-VWEDm5Wv9xEo80ctjORcTQRJ539EGPB3Pb9ApvVRAY1U/WkHXmmYISqU5E79uCwcW7xYUV38gwZD+RV755fu3Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/utils": "4.0.14",
+        "@vitest/utils": "4.0.16",
         "pathe": "^2.0.3"
       },
       "funding": {
@@ -4447,13 +4447,13 @@
       }
     },
     "node_modules/@vitest/snapshot": {
-      "version": "4.0.14",
-      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.0.14.tgz",
-      "integrity": "sha512-aQVBfT1PMzDSA16Y3Fp45a0q8nKexx6N5Amw3MX55BeTeZpoC08fGqEZqVmPcqN0ueZsuUQ9rriPMhZ3Mu19Ag==",
+      "version": "4.0.16",
+      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.0.16.tgz",
+      "integrity": "sha512-sf6NcrYhYBsSYefxnry+DR8n3UV4xWZwWxYbCJUt2YdvtqzSPR7VfGrY0zsv090DAbjFZsi7ZaMi1KnSRyK1XA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/pretty-format": "4.0.14",
+        "@vitest/pretty-format": "4.0.16",
         "magic-string": "^0.30.21",
         "pathe": "^2.0.3"
       },
@@ -4472,9 +4472,9 @@
       }
     },
     "node_modules/@vitest/spy": {
-      "version": "4.0.14",
-      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.0.14.tgz",
-      "integrity": "sha512-JmAZT1UtZooO0tpY3GRyiC/8W7dCs05UOq9rfsUUgEZEdq+DuHLmWhPsrTt0TiW7WYeL/hXpaE07AZ2RCk44hg==",
+      "version": "4.0.16",
+      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.0.16.tgz",
+      "integrity": "sha512-4jIOWjKP0ZUaEmJm00E0cOBLU+5WE0BpeNr3XN6TEF05ltro6NJqHWxXD0kA8/Zc8Nh23AT8WQxwNG+WeROupw==",
       "dev": true,
       "license": "MIT",
       "funding": {
@@ -4482,13 +4482,13 @@
       }
     },
     "node_modules/@vitest/utils": {
-      "version": "4.0.14",
-      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.0.14.tgz",
-      "integrity": "sha512-hLqXZKAWNg8pI+SQXyXxWCTOpA3MvsqcbVeNgSi8x/CSN2wi26dSzn1wrOhmCmFjEvN9p8/kLFRHa6PI8jHazw==",
+      "version": "4.0.16",
+      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.0.16.tgz",
+      "integrity": "sha512-h8z9yYhV3e1LEfaQ3zdypIrnAg/9hguReGZoS7Gl0aBG5xgA410zBqECqmaF/+RkTggRsfnzc1XaAHA6bmUufA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/pretty-format": "4.0.14",
+        "@vitest/pretty-format": "4.0.16",
         "tinyrainbow": "^3.0.3"
       },
       "funding": {
@@ -14994,20 +14994,20 @@
       }
     },
     "node_modules/vitest": {
-      "version": "4.0.14",
-      "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.0.14.tgz",
-      "integrity": "sha512-d9B2J9Cm9dN9+6nxMnnNJKJCtcyKfnHj15N6YNJfaFHRLua/d3sRKU9RuKmO9mB0XdFtUizlxfz/VPbd3OxGhw==",
+      "version": "4.0.16",
+      "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.0.16.tgz",
+      "integrity": "sha512-E4t7DJ9pESL6E3I8nFjPa4xGUd3PmiWDLsDztS2qXSJWfHtbQnwAWylaBvSNY48I3vr8PTqIZlyK8TE3V3CA4Q==",
       "dev": true,
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@vitest/expect": "4.0.14",
-        "@vitest/mocker": "4.0.14",
-        "@vitest/pretty-format": "4.0.14",
-        "@vitest/runner": "4.0.14",
-        "@vitest/snapshot": "4.0.14",
-        "@vitest/spy": "4.0.14",
-        "@vitest/utils": "4.0.14",
+        "@vitest/expect": "4.0.16",
+        "@vitest/mocker": "4.0.16",
+        "@vitest/pretty-format": "4.0.16",
+        "@vitest/runner": "4.0.16",
+        "@vitest/snapshot": "4.0.16",
+        "@vitest/spy": "4.0.16",
+        "@vitest/utils": "4.0.16",
         "es-module-lexer": "^1.7.0",
         "expect-type": "^1.2.2",
         "magic-string": "^0.30.21",
@@ -15016,7 +15016,7 @@
         "picomatch": "^4.0.3",
         "std-env": "^3.10.0",
         "tinybench": "^2.9.0",
-        "tinyexec": "^0.3.2",
+        "tinyexec": "^1.0.2",
         "tinyglobby": "^0.2.15",
         "tinyrainbow": "^3.0.3",
         "vite": "^6.0.0 || ^7.0.0",
@@ -15035,10 +15035,10 @@
         "@edge-runtime/vm": "*",
         "@opentelemetry/api": "^1.9.0",
         "@types/node": "^20.0.0 || ^22.0.0 || >=24.0.0",
-        "@vitest/browser-playwright": "4.0.14",
-        "@vitest/browser-preview": "4.0.14",
-        "@vitest/browser-webdriverio": "4.0.14",
-        "@vitest/ui": "4.0.14",
+        "@vitest/browser-playwright": "4.0.16",
+        "@vitest/browser-preview": "4.0.16",
+        "@vitest/browser-webdriverio": "4.0.16",
+        "@vitest/ui": "4.0.16",
         "happy-dom": "*",
         "jsdom": "*"
       },
@@ -15095,13 +15095,6 @@
         "url": "https://github.com/sponsors/jonschlinkert"
       }
     },
-    "node_modules/vitest/node_modules/tinyexec": {
-      "version": "0.3.2",
-      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-0.3.2.tgz",
-      "integrity": "sha512-KQQR9yN7R5+OSwaK0XQoj22pwHoTlgYqmUscPYoknOoWCWfj/5/ABTMRi69FrKU5ffPVh5QcFikpWJI/P1ocHA==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/vscode-jsonrpc": {
       "version": "8.2.0",
       "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.2.0.tgz",
diff --git a/package.json b/package.json
index 0e4e0cad5c..5509ca1466 100644
--- a/package.json
+++ b/package.json
@@ -67,7 +67,7 @@
     "@stylistic/eslint-plugin": "5.6.1",
     "@stylistic/stylelint-plugin": "4.0.0",
     "@vitejs/plugin-vue": "6.0.3",
-    "@vitest/coverage-v8": "4.0.14",
+    "@vitest/coverage-v8": "4.0.16",
     "@vitest/eslint-plugin": "1.3.16",
     "@vue/test-utils": "2.4.6",
     "eslint": "9.39.2",
@@ -99,7 +99,7 @@
     "typescript": "5.9.3",
     "typescript-eslint": "8.50.0",
     "vite-string-plugin": "1.4.9",
-    "vitest": "4.0.14"
+    "vitest": "4.0.16"
   },
   "browserslist": [
     "defaults"

From ea71a9aa642105986b9ce3e274e1920b39f74e75 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 21 Dec 2025 02:54:23 +0100
Subject: [PATCH 018/854] Update renovate to v42.64.1 (forgejo) (#10514)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index cc4801d811..0dcde71310 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:42.39.2
+      image: data.forgejo.org/renovate/renovate:42.64.1
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index ae66a3e471..6baec198c1 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.40.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@42.39.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@42.64.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From 1619038085dccaead1fd67e7d1ab811f0d4658dd Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 21 Dec 2025 02:58:37 +0100
Subject: [PATCH 019/854] Lock file maintenance (forgejo) (#10519)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10519
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json                  | 764 +++++++++++++++++++++++------
 web_src/fomantic/package-lock.json |  30 +-
 2 files changed, 639 insertions(+), 155 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3652561b3c..834a012482 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -502,9 +502,9 @@
       }
     },
     "node_modules/@csstools/css-syntax-patches-for-csstree": {
-      "version": "1.0.20",
-      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.0.20.tgz",
-      "integrity": "sha512-8BHsjXfSciZxjmHQOuVdW2b8WLUPts9a+mfL13/PzEviufUEW2xnvQuOlKs9dRBHgRqJ53SF/DUoK9+MZk72oQ==",
+      "version": "1.0.22",
+      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.0.22.tgz",
+      "integrity": "sha512-qBcx6zYlhleiFfdtzkRgwNC7VVoAwfK76Vmsw5t+PbvtdknO9StgRk7ROvq9so1iqbdW4uLIDAsXRsTfUrIoOw==",
       "dev": true,
       "funding": [
         {
@@ -2387,9 +2387,9 @@
       "license": "MIT"
     },
     "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.53.3.tgz",
-      "integrity": "sha512-mRSi+4cBjrRLoaal2PnqH82Wqyb+d3HsPUN/W+WslCXsZsyHa9ZeQQX/pQsZaVIWDkPcpV6jJ+3KLbTbgnwv8w==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.54.0.tgz",
+      "integrity": "sha512-OywsdRHrFvCdvsewAInDKCNyR3laPA2mc9bRYJ6LBp5IyvF3fvXbbNR0bSzHlZVFtn6E0xw2oZlyjg4rKCVcng==",
       "cpu": [
         "arm"
       ],
@@ -2401,9 +2401,9 @@
       ]
     },
     "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.53.3.tgz",
-      "integrity": "sha512-CbDGaMpdE9sh7sCmTrTUyllhrg65t6SwhjlMJsLr+J8YjFuPmCEjbBSx4Z/e4SmDyH3aB5hGaJUP2ltV/vcs4w==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.54.0.tgz",
+      "integrity": "sha512-Skx39Uv+u7H224Af+bDgNinitlmHyQX1K/atIA32JP3JQw6hVODX5tkbi2zof/E69M1qH2UoN3Xdxgs90mmNYw==",
       "cpu": [
         "arm64"
       ],
@@ -2415,9 +2415,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.53.3.tgz",
-      "integrity": "sha512-Nr7SlQeqIBpOV6BHHGZgYBuSdanCXuw09hon14MGOLGmXAFYjx1wNvquVPmpZnl0tLjg25dEdr4IQ6GgyToCUA==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.54.0.tgz",
+      "integrity": "sha512-k43D4qta/+6Fq+nCDhhv9yP2HdeKeP56QrUUTW7E6PhZP1US6NDqpJj4MY0jBHlJivVJD5P8NxrjuobZBJTCRw==",
       "cpu": [
         "arm64"
       ],
@@ -2429,9 +2429,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.53.3.tgz",
-      "integrity": "sha512-DZ8N4CSNfl965CmPktJ8oBnfYr3F8dTTNBQkRlffnUarJ2ohudQD17sZBa097J8xhQ26AwhHJ5mvUyQW8ddTsQ==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.54.0.tgz",
+      "integrity": "sha512-cOo7biqwkpawslEfox5Vs8/qj83M/aZCSSNIWpVzfU2CYHa2G3P1UN5WF01RdTHSgCkri7XOlTdtk17BezlV3A==",
       "cpu": [
         "x64"
       ],
@@ -2443,9 +2443,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-arm64": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.53.3.tgz",
-      "integrity": "sha512-yMTrCrK92aGyi7GuDNtGn2sNW+Gdb4vErx4t3Gv/Tr+1zRb8ax4z8GWVRfr3Jw8zJWvpGHNpss3vVlbF58DZ4w==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.54.0.tgz",
+      "integrity": "sha512-miSvuFkmvFbgJ1BevMa4CPCFt5MPGw094knM64W9I0giUIMMmRYcGW/JWZDriaw/k1kOBtsWh1z6nIFV1vPNtA==",
       "cpu": [
         "arm64"
       ],
@@ -2457,9 +2457,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-x64": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.53.3.tgz",
-      "integrity": "sha512-lMfF8X7QhdQzseM6XaX0vbno2m3hlyZFhwcndRMw8fbAGUGL3WFMBdK0hbUBIUYcEcMhVLr1SIamDeuLBnXS+Q==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.54.0.tgz",
+      "integrity": "sha512-KGXIs55+b/ZfZsq9aR026tmr/+7tq6VG6MsnrvF4H8VhwflTIuYh+LFUlIsRdQSgrgmtM3fVATzEAj4hBQlaqQ==",
       "cpu": [
         "x64"
       ],
@@ -2471,9 +2471,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.53.3.tgz",
-      "integrity": "sha512-k9oD15soC/Ln6d2Wv/JOFPzZXIAIFLp6B+i14KhxAfnq76ajt0EhYc5YPeX6W1xJkAdItcVT+JhKl1QZh44/qw==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.54.0.tgz",
+      "integrity": "sha512-EHMUcDwhtdRGlXZsGSIuXSYwD5kOT9NVnx9sqzYiwAc91wfYOE1g1djOEDseZJKKqtHAHGwnGPQu3kytmfaXLQ==",
       "cpu": [
         "arm"
       ],
@@ -2485,9 +2485,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.53.3.tgz",
-      "integrity": "sha512-vTNlKq+N6CK/8UktsrFuc+/7NlEYVxgaEgRXVUVK258Z5ymho29skzW1sutgYjqNnquGwVUObAaxae8rZ6YMhg==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.54.0.tgz",
+      "integrity": "sha512-+pBrqEjaakN2ySv5RVrj/qLytYhPKEUwk+e3SFU5jTLHIcAtqh2rLrd/OkbNuHJpsBgxsD8ccJt5ga/SeG0JmA==",
       "cpu": [
         "arm"
       ],
@@ -2499,9 +2499,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.53.3.tgz",
-      "integrity": "sha512-RGrFLWgMhSxRs/EWJMIFM1O5Mzuz3Xy3/mnxJp/5cVhZ2XoCAxJnmNsEyeMJtpK+wu0FJFWz+QF4mjCA7AUQ3w==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.54.0.tgz",
+      "integrity": "sha512-NSqc7rE9wuUaRBsBp5ckQ5CVz5aIRKCwsoa6WMF7G01sX3/qHUw/z4pv+D+ahL1EIKy6Enpcnz1RY8pf7bjwng==",
       "cpu": [
         "arm64"
       ],
@@ -2513,9 +2513,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.53.3.tgz",
-      "integrity": "sha512-kASyvfBEWYPEwe0Qv4nfu6pNkITLTb32p4yTgzFCocHnJLAHs+9LjUu9ONIhvfT/5lv4YS5muBHyuV84epBo/A==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.54.0.tgz",
+      "integrity": "sha512-gr5vDbg3Bakga5kbdpqx81m2n9IX8M6gIMlQQIXiLTNeQW6CucvuInJ91EuCJ/JYvc+rcLLsDFcfAD1K7fMofg==",
       "cpu": [
         "arm64"
       ],
@@ -2527,9 +2527,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-loong64-gnu": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.53.3.tgz",
-      "integrity": "sha512-JiuKcp2teLJwQ7vkJ95EwESWkNRFJD7TQgYmCnrPtlu50b4XvT5MOmurWNrCj3IFdyjBQ5p9vnrX4JM6I8OE7g==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.54.0.tgz",
+      "integrity": "sha512-gsrtB1NA3ZYj2vq0Rzkylo9ylCtW/PhpLEivlgWe0bpgtX5+9j9EZa0wtZiCjgu6zmSeZWyI/e2YRX1URozpIw==",
       "cpu": [
         "loong64"
       ],
@@ -2541,9 +2541,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-ppc64-gnu": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.53.3.tgz",
-      "integrity": "sha512-EoGSa8nd6d3T7zLuqdojxC20oBfNT8nexBbB/rkxgKj5T5vhpAQKKnD+h3UkoMuTyXkP5jTjK/ccNRmQrPNDuw==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.54.0.tgz",
+      "integrity": "sha512-y3qNOfTBStmFNq+t4s7Tmc9hW2ENtPg8FeUD/VShI7rKxNW7O4fFeaYbMsd3tpFlIg1Q8IapFgy7Q9i2BqeBvA==",
       "cpu": [
         "ppc64"
       ],
@@ -2555,9 +2555,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.53.3.tgz",
-      "integrity": "sha512-4s+Wped2IHXHPnAEbIB0YWBv7SDohqxobiiPA1FIWZpX+w9o2i4LezzH/NkFUl8LRci/8udci6cLq+jJQlh+0g==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.54.0.tgz",
+      "integrity": "sha512-89sepv7h2lIVPsFma8iwmccN7Yjjtgz0Rj/Ou6fEqg3HDhpCa+Et+YSufy27i6b0Wav69Qv4WBNl3Rs6pwhebQ==",
       "cpu": [
         "riscv64"
       ],
@@ -2569,9 +2569,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-musl": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.53.3.tgz",
-      "integrity": "sha512-68k2g7+0vs2u9CxDt5ktXTngsxOQkSEV/xBbwlqYcUrAVh6P9EgMZvFsnHy4SEiUl46Xf0IObWVbMvPrr2gw8A==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.54.0.tgz",
+      "integrity": "sha512-ZcU77ieh0M2Q8Ur7D5X7KvK+UxbXeDHwiOt/CPSBTI1fBmeDMivW0dPkdqkT4rOgDjrDDBUed9x4EgraIKoR2A==",
       "cpu": [
         "riscv64"
       ],
@@ -2583,9 +2583,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.53.3.tgz",
-      "integrity": "sha512-VYsFMpULAz87ZW6BVYw3I6sWesGpsP9OPcyKe8ofdg9LHxSbRMd7zrVrr5xi/3kMZtpWL/wC+UIJWJYVX5uTKg==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.54.0.tgz",
+      "integrity": "sha512-2AdWy5RdDF5+4YfG/YesGDDtbyJlC9LHmL6rZw6FurBJ5n4vFGupsOBGfwMRjBYH7qRQowT8D/U4LoSvVwOhSQ==",
       "cpu": [
         "s390x"
       ],
@@ -2597,9 +2597,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.53.3.tgz",
-      "integrity": "sha512-3EhFi1FU6YL8HTUJZ51imGJWEX//ajQPfqWLI3BQq4TlvHy4X0MOr5q3D2Zof/ka0d5FNdPwZXm3Yyib/UEd+w==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.54.0.tgz",
+      "integrity": "sha512-WGt5J8Ij/rvyqpFexxk3ffKqqbLf9AqrTBbWDk7ApGUzaIs6V+s2s84kAxklFwmMF/vBNGrVdYgbblCOFFezMQ==",
       "cpu": [
         "x64"
       ],
@@ -2611,9 +2611,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.53.3.tgz",
-      "integrity": "sha512-eoROhjcc6HbZCJr+tvVT8X4fW3/5g/WkGvvmwz/88sDtSJzO7r/blvoBDgISDiCjDRZmHpwud7h+6Q9JxFwq1Q==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.54.0.tgz",
+      "integrity": "sha512-JzQmb38ATzHjxlPHuTH6tE7ojnMKM2kYNzt44LO/jJi8BpceEC8QuXYA908n8r3CNuG/B3BV8VR3Hi1rYtmPiw==",
       "cpu": [
         "x64"
       ],
@@ -2625,9 +2625,9 @@
       ]
     },
     "node_modules/@rollup/rollup-openharmony-arm64": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.53.3.tgz",
-      "integrity": "sha512-OueLAWgrNSPGAdUdIjSWXw+u/02BRTcnfw9PN41D2vq/JSEPnJnVuBgw18VkN8wcd4fjUs+jFHVM4t9+kBSNLw==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.54.0.tgz",
+      "integrity": "sha512-huT3fd0iC7jigGh7n3q/+lfPcXxBi+om/Rs3yiFxjvSxbSB6aohDFXbWvlspaqjeOh+hx7DDHS+5Es5qRkWkZg==",
       "cpu": [
         "arm64"
       ],
@@ -2639,9 +2639,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.53.3.tgz",
-      "integrity": "sha512-GOFuKpsxR/whszbF/bzydebLiXIHSgsEUp6M0JI8dWvi+fFa1TD6YQa4aSZHtpmh2/uAlj/Dy+nmby3TJ3pkTw==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.54.0.tgz",
+      "integrity": "sha512-c2V0W1bsKIKfbLMBu/WGBz6Yci8nJ/ZJdheE0EwB73N3MvHYKiKGs3mVilX4Gs70eGeDaMqEob25Tw2Gb9Nqyw==",
       "cpu": [
         "arm64"
       ],
@@ -2653,9 +2653,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.53.3.tgz",
-      "integrity": "sha512-iah+THLcBJdpfZ1TstDFbKNznlzoxa8fmnFYK4V67HvmuNYkVdAywJSoteUszvBQ9/HqN2+9AZghbajMsFT+oA==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.54.0.tgz",
+      "integrity": "sha512-woEHgqQqDCkAzrDhvDipnSirm5vxUXtSKDYTVpZG3nUdW/VVB5VdCYA2iReSj/u3yCZzXID4kuKG7OynPnB3WQ==",
       "cpu": [
         "ia32"
       ],
@@ -2667,9 +2667,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-gnu": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.53.3.tgz",
-      "integrity": "sha512-J9QDiOIZlZLdcot5NXEepDkstocktoVjkaKUtqzgzpt2yWjGlbYiKyp05rWwk4nypbYUNoFAztEgixoLaSETkg==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.54.0.tgz",
+      "integrity": "sha512-dzAc53LOuFvHwbCEOS0rPbXp6SIhAf2txMP5p6mGyOXXw5mWY8NGGbPMPrs4P1WItkfApDathBj/NzMLUZ9rtQ==",
       "cpu": [
         "x64"
       ],
@@ -2681,9 +2681,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.53.3.tgz",
-      "integrity": "sha512-UhTd8u31dXadv0MopwGgNOBpUVROFKWVQgAg5N1ESyCz8AuBcMqm4AuTjrwgQKGDfoFuz02EuMRHQIw/frmYKQ==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.54.0.tgz",
+      "integrity": "sha512-hYT5d3YNdSh3mbCU1gwQyPgQd3T2ne0A3KG8KSBdav5TiBg6eInVmV+TeR5uHufiIgSFg0XsOWGW5/RhNcSvPg==",
       "cpu": [
         "x64"
       ],
@@ -2732,9 +2732,9 @@
       }
     },
     "node_modules/@standard-schema/spec": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.0.0.tgz",
-      "integrity": "sha512-m2bOd0f2RT9k8QJx1JN85cZYyH1RqFBdlwtkSlf4tBDYLCiiZnv1fIIwacK6cqwXavOydf0NPToMQgpKq+dVlA==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.1.0.tgz",
+      "integrity": "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w==",
       "dev": true,
       "license": "MIT"
     },
@@ -3690,9 +3690,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "20.19.25",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.25.tgz",
-      "integrity": "sha512-ZsJzA5thDQMSQO788d7IocwwQbI8B5OPzmqNvpf3NY/+MHDAS759Wo0gd2WQeXYt5AAAQjzcrTVC6SKCuYgoCQ==",
+      "version": "20.19.27",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.27.tgz",
+      "integrity": "sha512-N2clP5pJhB2YnZJ3PIHFk5RkygRX5WO/5f0WC08tp0wd+sv0rsJk3MqWn3CbNmT2J505a5336jaQj4ph1AdMug==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~6.21.0"
@@ -5115,9 +5115,9 @@
       }
     },
     "node_modules/ast-v8-to-istanbul": {
-      "version": "0.3.8",
-      "resolved": "https://registry.npmjs.org/ast-v8-to-istanbul/-/ast-v8-to-istanbul-0.3.8.tgz",
-      "integrity": "sha512-szgSZqUxI5T8mLKvS7WTjF9is+MVbOeLADU73IseOcrqhxr/VAvy6wfoVE39KnKzA7JRhjF5eUagNlHwvZPlKQ==",
+      "version": "0.3.9",
+      "resolved": "https://registry.npmjs.org/ast-v8-to-istanbul/-/ast-v8-to-istanbul-0.3.9.tgz",
+      "integrity": "sha512-dSC6tJeOJxbZrPzPbv5mMd6CMiQ1ugaVXXPRad2fXUSsy1kstFn9XQWemV9VW7Y7kpxgQ/4WMoZfwdH8XSU48w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5240,9 +5240,9 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.9.4",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.4.tgz",
-      "integrity": "sha512-ZCQ9GEWl73BVm8bu5Fts8nt7MHdbt5vY9bP6WGnUh+r3l8M7CgfyTlwsgCbMC66BNxPr6Xoce3j66Ms5YUQTNA==",
+      "version": "2.9.11",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.11.tgz",
+      "integrity": "sha512-Sg0xJUNDU1sJNGdfGWhVHX0kkZ+HWcvmVymJbj6NSgZZmW/8S9Y2HQ5euytnIgakgxN6papOAWiwDo1ctFDcoQ==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.js"
@@ -5401,17 +5401,17 @@
       }
     },
     "node_modules/cacheable": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-2.3.0.tgz",
-      "integrity": "sha512-HHiAvOBmlcR2f3SQ7kdlYD8+AUJG+wlFZ/Ze8tl1Vzvz0MdOh8IYA/EFU4ve8t1/sZ0j4MGi7ST5MoTwHessQA==",
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-2.3.1.tgz",
+      "integrity": "sha512-yr+FSHWn1ZUou5LkULX/S+jhfgfnLbuKQjE40tyEd4fxGZVMbBL5ifno0J0OauykS8UiCSgHi+DV/YD+rjFxFg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@cacheable/memory": "^2.0.6",
         "@cacheable/utils": "^2.3.2",
-        "hookified": "^1.13.0",
-        "keyv": "^5.5.4",
-        "qified": "^0.5.2"
+        "hookified": "^1.14.0",
+        "keyv": "^5.5.5",
+        "qified": "^0.5.3"
       }
     },
     "node_modules/cacheable/node_modules/keyv": {
@@ -5493,9 +5493,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001759",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001759.tgz",
-      "integrity": "sha512-Pzfx9fOKoKvevQf8oCXoyNRQ5QyxJj+3O0Rqx2V5oxT61KGx8+n6hV/IUyJeifUci2clnmmKVpvtiqRzgiWjSw==",
+      "version": "1.0.30001761",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001761.tgz",
+      "integrity": "sha512-JF9ptu1vP2coz98+5051jZ4PwQgd2ni8A+gYSN7EA7dPKIMf0pDlSUxhdmVOaV3/fYK5uWBkgSXJaRLr4+3A6g==",
       "funding": [
         {
           "type": "opencollective",
@@ -6904,9 +6904,9 @@
       }
     },
     "node_modules/dompurify": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.0.tgz",
-      "integrity": "sha512-r+f6MYR1gGN1eJv0TVQbhA7if/U7P87cdPl3HN5rikqaBSBxLiCb/b9O+2eG0cxz0ghyU+mU1QkbsOwERMYlWQ==",
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.1.tgz",
+      "integrity": "sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q==",
       "license": "(MPL-2.0 OR Apache-2.0)",
       "optionalDependencies": {
         "@types/trusted-types": "^2.0.7"
@@ -7025,9 +7025,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.266",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.266.tgz",
-      "integrity": "sha512-kgWEglXvkEfMH7rxP5OSZZwnaDWT7J9EoZCujhnpLbfi0bbNtRkgdX2E3gt0Uer11c61qCYktB3hwkAS325sJg==",
+      "version": "1.5.267",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.267.tgz",
+      "integrity": "sha512-0Drusm6MVRXSOJpGbaSVgcQsuB4hEkMpHXaVstcPmhu5LIedxs1xNK/nIxmQIU/RPC0+1/o0AVZfBTkTNJOdUw==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -7047,9 +7047,9 @@
       }
     },
     "node_modules/enhanced-resolve": {
-      "version": "5.18.3",
-      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.18.3.tgz",
-      "integrity": "sha512-d4lC8xfavMeBjzGr2vECC3fsGXziXZQyJxD868h2M/mBI3PwAuODxAkLkq5HYuvrPYcUtiLzsTo8U3PgX3Ocww==",
+      "version": "5.18.4",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.18.4.tgz",
+      "integrity": "sha512-LgQMM4WXU3QI+SYgEc2liRgznaD5ojbmY3sb8LxyguVkIg5FxdpTkvk72te2R38/TGKxH634oLxXRGY6d7AP+Q==",
       "license": "MIT",
       "dependencies": {
         "graceful-fs": "^4.2.4",
@@ -7102,9 +7102,9 @@
       }
     },
     "node_modules/es-abstract": {
-      "version": "1.24.0",
-      "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.24.0.tgz",
-      "integrity": "sha512-WSzPgsdLtTcQwm4CROfS5ju2Wa1QQcVeT37jFjYzdFz1r9ahadC8B8/a4qxJxM+09F18iumCdRmlr96ZYkQvEg==",
+      "version": "1.24.1",
+      "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.24.1.tgz",
+      "integrity": "sha512-zHXBLhP+QehSSbsS9Pt23Gg964240DPd6QCf8WpkqEXxQ7fhdZzYsocOr5u7apWonsS5EjZDmTF+/slGMyasvw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7983,9 +7983,9 @@
       }
     },
     "node_modules/expect-type": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.2.2.tgz",
-      "integrity": "sha512-JhFGDVJ7tmDJItKhYgJCGLOWjuK9vPxiXoUFLwLDc99NlmklilbiQJwoctZtt13+xMw91MCk/REan6MWHqDjyA==",
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz",
+      "integrity": "sha512-knvyeauYhqjOYvQ66MznSMs83wmHrCycNEN6Ao+2AeYEfxUIkuiVxdEa1qlGEPK+We3n0THiDciYSsCcgW/DoA==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
@@ -8754,9 +8754,9 @@
       }
     },
     "node_modules/hookified": {
-      "version": "1.13.0",
-      "resolved": "https://registry.npmjs.org/hookified/-/hookified-1.13.0.tgz",
-      "integrity": "sha512-6sPYUY8olshgM/1LDNW4QZQN0IqgKhtl/1C8koNZBJrKLBk3AZl6chQtNwpNztvfiApHMEwMHek5rv993PRbWw==",
+      "version": "1.14.0",
+      "resolved": "https://registry.npmjs.org/hookified/-/hookified-1.14.0.tgz",
+      "integrity": "sha512-pi1ynXIMFx/uIIwpWJ/5CEtOHLGtnUB0WhGeeYT+fKcQ+WCQbm3/rrkAXnpfph++PgepNqPdTC2WTj8A6k6zoQ==",
       "dev": true,
       "license": "MIT"
     },
@@ -14712,9 +14712,9 @@
       }
     },
     "node_modules/update-browserslist-db": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.2.tgz",
-      "integrity": "sha512-E85pfNzMQ9jpKkA7+TJAi4TJN+tBCuWh5rUcS/sv6cFi+1q9LYDwDI5dpUL0u/73EElyQ8d3TEaeW4sPedBqYA==",
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz",
+      "integrity": "sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==",
       "funding": [
         {
           "type": "opencollective",
@@ -14815,14 +14815,14 @@
       "license": "MIT"
     },
     "node_modules/vite": {
-      "version": "7.2.6",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-7.2.6.tgz",
-      "integrity": "sha512-tI2l/nFHC5rLh7+5+o7QjKjSR04ivXDF4jcgV0f/bTQ+OJiITy5S6gaynVsEM+7RqzufMnVbIon6Sr5x1SDYaQ==",
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.0.tgz",
+      "integrity": "sha512-dZwN5L1VlUBewiP6H9s2+B3e3Jg96D0vzN+Ry73sOefebhYr9f94wwkMNN/9ouoU8pV1BqA1d1zGk8928cx0rg==",
       "dev": true,
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "esbuild": "^0.25.0",
+        "esbuild": "^0.27.0",
         "fdir": "^6.5.0",
         "picomatch": "^4.0.3",
         "postcss": "^8.5.6",
@@ -14897,6 +14897,448 @@
       "dev": true,
       "license": "BSD-2-Clause"
     },
+    "node_modules/vite/node_modules/@esbuild/aix-ppc64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.2.tgz",
+      "integrity": "sha512-GZMB+a0mOMZs4MpDbj8RJp4cw+w1WV5NYD6xzgvzUJ5Ek2jerwfO2eADyI6ExDSUED+1X8aMbegahsJi+8mgpw==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "aix"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/android-arm": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.2.tgz",
+      "integrity": "sha512-DVNI8jlPa7Ujbr1yjU2PfUSRtAUZPG9I1RwW4F4xFB1Imiu2on0ADiI/c3td+KmDtVKNbi+nffGDQMfcIMkwIA==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/android-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.2.tgz",
+      "integrity": "sha512-pvz8ZZ7ot/RBphf8fv60ljmaoydPU12VuXHImtAs0XhLLw+EXBi2BLe3OYSBslR4rryHvweW5gmkKFwTiFy6KA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/android-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.2.tgz",
+      "integrity": "sha512-z8Ank4Byh4TJJOh4wpz8g2vDy75zFL0TlZlkUkEwYXuPSgX8yzep596n6mT7905kA9uHZsf/o2OJZubl2l3M7A==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/darwin-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.2.tgz",
+      "integrity": "sha512-davCD2Zc80nzDVRwXTcQP/28fiJbcOwvdolL0sOiOsbwBa72kegmVU0Wrh1MYrbuCL98Omp5dVhQFWRKR2ZAlg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/darwin-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.2.tgz",
+      "integrity": "sha512-ZxtijOmlQCBWGwbVmwOF/UCzuGIbUkqB1faQRf5akQmxRJ1ujusWsb3CVfk/9iZKr2L5SMU5wPBi1UWbvL+VQA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/freebsd-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.2.tgz",
+      "integrity": "sha512-lS/9CN+rgqQ9czogxlMcBMGd+l8Q3Nj1MFQwBZJyoEKI50XGxwuzznYdwcav6lpOGv5BqaZXqvBSiB/kJ5op+g==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/freebsd-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.2.tgz",
+      "integrity": "sha512-tAfqtNYb4YgPnJlEFu4c212HYjQWSO/w/h/lQaBK7RbwGIkBOuNKQI9tqWzx7Wtp7bTPaGC6MJvWI608P3wXYA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-arm": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.2.tgz",
+      "integrity": "sha512-vWfq4GaIMP9AIe4yj1ZUW18RDhx6EPQKjwe7n8BbIecFtCQG4CfHGaHuh7fdfq+y3LIA2vGS/o9ZBGVxIDi9hw==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.2.tgz",
+      "integrity": "sha512-hYxN8pr66NsCCiRFkHUAsxylNOcAQaxSSkHMMjcpx0si13t1LHFphxJZUiGwojB1a/Hd5OiPIqDdXONia6bhTw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-ia32": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.2.tgz",
+      "integrity": "sha512-MJt5BRRSScPDwG2hLelYhAAKh9imjHK5+NE/tvnRLbIqUWa+0E9N4WNMjmp/kXXPHZGqPLxggwVhz7QP8CTR8w==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-loong64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.2.tgz",
+      "integrity": "sha512-lugyF1atnAT463aO6KPshVCJK5NgRnU4yb3FUumyVz+cGvZbontBgzeGFO1nF+dPueHD367a2ZXe1NtUkAjOtg==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-mips64el": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.2.tgz",
+      "integrity": "sha512-nlP2I6ArEBewvJ2gjrrkESEZkB5mIoaTswuqNFRv/WYd+ATtUpe9Y09RnJvgvdag7he0OWgEZWhviS1OTOKixw==",
+      "cpu": [
+        "mips64el"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-ppc64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.2.tgz",
+      "integrity": "sha512-C92gnpey7tUQONqg1n6dKVbx3vphKtTHJaNG2Ok9lGwbZil6DrfyecMsp9CrmXGQJmZ7iiVXvvZH6Ml5hL6XdQ==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-riscv64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.2.tgz",
+      "integrity": "sha512-B5BOmojNtUyN8AXlK0QJyvjEZkWwy/FKvakkTDCziX95AowLZKR6aCDhG7LeF7uMCXEJqwa8Bejz5LTPYm8AvA==",
+      "cpu": [
+        "riscv64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-s390x": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.2.tgz",
+      "integrity": "sha512-p4bm9+wsPwup5Z8f4EpfN63qNagQ47Ua2znaqGH6bqLlmJ4bx97Y9JdqxgGZ6Y8xVTixUnEkoKSHcpRlDnNr5w==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/linux-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.2.tgz",
+      "integrity": "sha512-uwp2Tip5aPmH+NRUwTcfLb+W32WXjpFejTIOWZFw/v7/KnpCDKG66u4DLcurQpiYTiYwQ9B7KOeMJvLCu/OvbA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/netbsd-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.2.tgz",
+      "integrity": "sha512-Kj6DiBlwXrPsCRDeRvGAUb/LNrBASrfqAIok+xB0LxK8CHqxZ037viF13ugfsIpePH93mX7xfJp97cyDuTZ3cw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/netbsd-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.2.tgz",
+      "integrity": "sha512-HwGDZ0VLVBY3Y+Nw0JexZy9o/nUAWq9MlV7cahpaXKW6TOzfVno3y3/M8Ga8u8Yr7GldLOov27xiCnqRZf0tCA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "netbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/openbsd-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.2.tgz",
+      "integrity": "sha512-DNIHH2BPQ5551A7oSHD0CKbwIA/Ox7+78/AWkbS5QoRzaqlev2uFayfSxq68EkonB+IKjiuxBFoV8ESJy8bOHA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/openbsd-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.2.tgz",
+      "integrity": "sha512-/it7w9Nb7+0KFIzjalNJVR5bOzA9Vay+yIPLVHfIQYG/j+j9VTH84aNB8ExGKPU4AzfaEvN9/V4HV+F+vo8OEg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/openharmony-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.2.tgz",
+      "integrity": "sha512-LRBbCmiU51IXfeXk59csuX/aSaToeG7w48nMwA6049Y4J4+VbWALAuXcs+qcD04rHDuSCSRKdmY63sruDS5qag==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/sunos-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.2.tgz",
+      "integrity": "sha512-kMtx1yqJHTmqaqHPAzKCAkDaKsffmXkPHThSfRwZGyuqyIeBvf08KSsYXl+abf5HDAPMJIPnbBfXvP2ZC2TfHg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "sunos"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/win32-arm64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.2.tgz",
+      "integrity": "sha512-Yaf78O/B3Kkh+nKABUF++bvJv5Ijoy9AN1ww904rOXZFLWVc5OLOfL56W+C8F9xn5JQZa3UX6m+IktJnIb1Jjg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/win32-ia32": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.2.tgz",
+      "integrity": "sha512-Iuws0kxo4yusk7sw70Xa2E2imZU5HoixzxfGCdxwBdhiDgt9vX9VUCBhqcwY7/uh//78A1hMkkROMJq9l27oLQ==",
+      "cpu": [
+        "ia32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
+    "node_modules/vite/node_modules/@esbuild/win32-x64": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.2.tgz",
+      "integrity": "sha512-sRdU18mcKf7F+YgheI/zGf5alZatMUTKj/jNS6l744f9u3WFu4v7twcUI9vu4mknF4Y9aDlblIie0IM+5xxaqQ==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/vite/node_modules/@types/estree": {
       "version": "1.0.8",
       "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
@@ -14904,6 +15346,48 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/vite/node_modules/esbuild": {
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.2.tgz",
+      "integrity": "sha512-HyNQImnsOC7X9PMNaCIeAm4ISCQXs5a5YasTXVliKv4uuBo1dKrG0A+uQS8M5eXjVMnLg3WgXaKvprHlFJQffw==",
+      "dev": true,
+      "hasInstallScript": true,
+      "license": "MIT",
+      "bin": {
+        "esbuild": "bin/esbuild"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "optionalDependencies": {
+        "@esbuild/aix-ppc64": "0.27.2",
+        "@esbuild/android-arm": "0.27.2",
+        "@esbuild/android-arm64": "0.27.2",
+        "@esbuild/android-x64": "0.27.2",
+        "@esbuild/darwin-arm64": "0.27.2",
+        "@esbuild/darwin-x64": "0.27.2",
+        "@esbuild/freebsd-arm64": "0.27.2",
+        "@esbuild/freebsd-x64": "0.27.2",
+        "@esbuild/linux-arm": "0.27.2",
+        "@esbuild/linux-arm64": "0.27.2",
+        "@esbuild/linux-ia32": "0.27.2",
+        "@esbuild/linux-loong64": "0.27.2",
+        "@esbuild/linux-mips64el": "0.27.2",
+        "@esbuild/linux-ppc64": "0.27.2",
+        "@esbuild/linux-riscv64": "0.27.2",
+        "@esbuild/linux-s390x": "0.27.2",
+        "@esbuild/linux-x64": "0.27.2",
+        "@esbuild/netbsd-arm64": "0.27.2",
+        "@esbuild/netbsd-x64": "0.27.2",
+        "@esbuild/openbsd-arm64": "0.27.2",
+        "@esbuild/openbsd-x64": "0.27.2",
+        "@esbuild/openharmony-arm64": "0.27.2",
+        "@esbuild/sunos-x64": "0.27.2",
+        "@esbuild/win32-arm64": "0.27.2",
+        "@esbuild/win32-ia32": "0.27.2",
+        "@esbuild/win32-x64": "0.27.2"
+      }
+    },
     "node_modules/vite/node_modules/fdir": {
       "version": "6.5.0",
       "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
@@ -14952,9 +15436,9 @@
       }
     },
     "node_modules/vite/node_modules/rollup": {
-      "version": "4.53.3",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.53.3.tgz",
-      "integrity": "sha512-w8GmOxZfBmKknvdXU1sdM9NHcoQejwF/4mNgj2JuEEdRaHwwF12K7e9eXn1nLZ07ad+du76mkVsyeb2rKGllsA==",
+      "version": "4.54.0",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.54.0.tgz",
+      "integrity": "sha512-3nk8Y3a9Ea8szgKhinMlGMhGMw89mqule3KWczxhIzqudyHdCIOHw8WJlj/r329fACjKLEh13ZSk7oE22kyeIw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -14968,28 +15452,28 @@
         "npm": ">=8.0.0"
       },
       "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.53.3",
-        "@rollup/rollup-android-arm64": "4.53.3",
-        "@rollup/rollup-darwin-arm64": "4.53.3",
-        "@rollup/rollup-darwin-x64": "4.53.3",
-        "@rollup/rollup-freebsd-arm64": "4.53.3",
-        "@rollup/rollup-freebsd-x64": "4.53.3",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.53.3",
-        "@rollup/rollup-linux-arm-musleabihf": "4.53.3",
-        "@rollup/rollup-linux-arm64-gnu": "4.53.3",
-        "@rollup/rollup-linux-arm64-musl": "4.53.3",
-        "@rollup/rollup-linux-loong64-gnu": "4.53.3",
-        "@rollup/rollup-linux-ppc64-gnu": "4.53.3",
-        "@rollup/rollup-linux-riscv64-gnu": "4.53.3",
-        "@rollup/rollup-linux-riscv64-musl": "4.53.3",
-        "@rollup/rollup-linux-s390x-gnu": "4.53.3",
-        "@rollup/rollup-linux-x64-gnu": "4.53.3",
-        "@rollup/rollup-linux-x64-musl": "4.53.3",
-        "@rollup/rollup-openharmony-arm64": "4.53.3",
-        "@rollup/rollup-win32-arm64-msvc": "4.53.3",
-        "@rollup/rollup-win32-ia32-msvc": "4.53.3",
-        "@rollup/rollup-win32-x64-gnu": "4.53.3",
-        "@rollup/rollup-win32-x64-msvc": "4.53.3",
+        "@rollup/rollup-android-arm-eabi": "4.54.0",
+        "@rollup/rollup-android-arm64": "4.54.0",
+        "@rollup/rollup-darwin-arm64": "4.54.0",
+        "@rollup/rollup-darwin-x64": "4.54.0",
+        "@rollup/rollup-freebsd-arm64": "4.54.0",
+        "@rollup/rollup-freebsd-x64": "4.54.0",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.54.0",
+        "@rollup/rollup-linux-arm-musleabihf": "4.54.0",
+        "@rollup/rollup-linux-arm64-gnu": "4.54.0",
+        "@rollup/rollup-linux-arm64-musl": "4.54.0",
+        "@rollup/rollup-linux-loong64-gnu": "4.54.0",
+        "@rollup/rollup-linux-ppc64-gnu": "4.54.0",
+        "@rollup/rollup-linux-riscv64-gnu": "4.54.0",
+        "@rollup/rollup-linux-riscv64-musl": "4.54.0",
+        "@rollup/rollup-linux-s390x-gnu": "4.54.0",
+        "@rollup/rollup-linux-x64-gnu": "4.54.0",
+        "@rollup/rollup-linux-x64-musl": "4.54.0",
+        "@rollup/rollup-openharmony-arm64": "4.54.0",
+        "@rollup/rollup-win32-arm64-msvc": "4.54.0",
+        "@rollup/rollup-win32-ia32-msvc": "4.54.0",
+        "@rollup/rollup-win32-x64-gnu": "4.54.0",
+        "@rollup/rollup-win32-x64-msvc": "4.54.0",
         "fsevents": "~2.3.2"
       }
     },
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index db82076265..529437b44f 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -478,9 +478,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "24.10.1",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.10.1.tgz",
-      "integrity": "sha512-GNWcUTRBgIRJD5zj+Tq0fKOJ5XZajIiBroOF0yvj2bSU1WvNdYS/dn9UxwsujGW4JX06dnHyjV2y9rRaybH0iQ==",
+      "version": "25.0.3",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.0.3.tgz",
+      "integrity": "sha512-W609buLVRVmeW693xKfzHeIV6nJGGz98uCPfeXI1ELMLXVeKYZ9m15fAMSaUPBHYLGFsVRcMmSCksQOrZV9BYA==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~7.16.0"
@@ -1014,9 +1014,9 @@
       }
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.9.4",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.4.tgz",
-      "integrity": "sha512-ZCQ9GEWl73BVm8bu5Fts8nt7MHdbt5vY9bP6WGnUh+r3l8M7CgfyTlwsgCbMC66BNxPr6Xoce3j66Ms5YUQTNA==",
+      "version": "2.9.11",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.11.tgz",
+      "integrity": "sha512-Sg0xJUNDU1sJNGdfGWhVHX0kkZ+HWcvmVymJbj6NSgZZmW/8S9Y2HQ5euytnIgakgxN6papOAWiwDo1ctFDcoQ==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.js"
@@ -1244,9 +1244,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001759",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001759.tgz",
-      "integrity": "sha512-Pzfx9fOKoKvevQf8oCXoyNRQ5QyxJj+3O0Rqx2V5oxT61KGx8+n6hV/IUyJeifUci2clnmmKVpvtiqRzgiWjSw==",
+      "version": "1.0.30001761",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001761.tgz",
+      "integrity": "sha512-JF9ptu1vP2coz98+5051jZ4PwQgd2ni8A+gYSN7EA7dPKIMf0pDlSUxhdmVOaV3/fYK5uWBkgSXJaRLr4+3A6g==",
       "funding": [
         {
           "type": "opencollective",
@@ -2000,9 +2000,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.266",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.266.tgz",
-      "integrity": "sha512-kgWEglXvkEfMH7rxP5OSZZwnaDWT7J9EoZCujhnpLbfi0bbNtRkgdX2E3gt0Uer11c61qCYktB3hwkAS325sJg==",
+      "version": "1.5.267",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.267.tgz",
+      "integrity": "sha512-0Drusm6MVRXSOJpGbaSVgcQsuB4hEkMpHXaVstcPmhu5LIedxs1xNK/nIxmQIU/RPC0+1/o0AVZfBTkTNJOdUw==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -8319,9 +8319,9 @@
       }
     },
     "node_modules/update-browserslist-db": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.2.tgz",
-      "integrity": "sha512-E85pfNzMQ9jpKkA7+TJAi4TJN+tBCuWh5rUcS/sv6cFi+1q9LYDwDI5dpUL0u/73EElyQ8d3TEaeW4sPedBqYA==",
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.2.3.tgz",
+      "integrity": "sha512-Js0m9cx+qOgDxo0eMiFGEueWztz+d4+M3rGlmKPT+T4IS/jP4ylw3Nwpu6cpTTP8R1MAC1kF4VbdLt3ARf209w==",
       "funding": [
         {
           "type": "opencollective",

From e04ae29d0d7893beac29ad4472f0b54a78a59a17 Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Sun, 21 Dec 2025 04:44:40 +0100
Subject: [PATCH 020/854] fix: add missing space before 'Commit' back (#10521)

Regression from 8039240c26a40525da364a5a1308726d6cd973f8

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10521
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
---
 templates/repo/actions/runs_list.tmpl       |  2 +-
 tests/integration/actions_runs_list_test.go | 26 +++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 tests/integration/actions_runs_list_test.go

diff --git a/templates/repo/actions/runs_list.tmpl b/templates/repo/actions/runs_list.tmpl
index 060fc1b66a..3858ae0849 100644
--- a/templates/repo/actions/runs_list.tmpl
+++ b/templates/repo/actions/runs_list.tmpl
@@ -16,7 +16,7 @@
 				</a>
 				<div class="flex-item-body">
 					<b>{{if not $.CurWorkflow}}{{.WorkflowID}} {{end}}#{{.Index}}</b> -
-					{{- if .ScheduleID -}}
+					{{if .ScheduleID -}}
 						{{ctx.Locale.Tr "actions.runs.scheduled"}}
 					{{- else -}}
 						{{ctx.Locale.Tr "actions.runs.commit"}}
diff --git a/tests/integration/actions_runs_list_test.go b/tests/integration/actions_runs_list_test.go
new file mode 100644
index 0000000000..790e19d71a
--- /dev/null
+++ b/tests/integration/actions_runs_list_test.go
@@ -0,0 +1,26 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestActionRunsList(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequest(t, "GET", "/user5/repo4/actions")
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	runSubLine := htmlDoc.Find(".run-list .flex-item-body").Text()
+	assert.Contains(t, runSubLine, "Commit")
+	assert.NotContains(t, runSubLine, "-Commit")
+}

From d436de90b1f6398a9174997c95046c0307a1f5fb Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Sun, 21 Dec 2025 05:21:27 +0100
Subject: [PATCH 021/854] Add to html button in markdown `type="button"`
 (#10520)

This is for preventing that a markdown button is recognized as button for submission in a html form.

Buttons can't be stripped from the markdown due to: https://codeberg.org/forgejo/forgejo/pulls/7670#issuecomment-4086608

There is no issue with buttons if they always have `type="button"`, so this should be fine.

This is a "follow-up" to !7670.

Fixes #7656

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10520
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
---
 modules/markup/markdown/goldmark.go           |  3 ++
 modules/markup/markdown/markdown_test.go      | 27 +++++++++++++++
 modules/markup/markdown/transform_html.go     | 28 +++++++++++++++
 modules/markup/sanitizer.go                   |  6 +++-
 .../issue-comment-file-preview.test.e2e.ts    | 34 +++++++++++++++++++
 5 files changed, 97 insertions(+), 1 deletion(-)
 create mode 100644 modules/markup/markdown/transform_html.go
 create mode 100644 tests/e2e/issue-comment-file-preview.test.e2e.ts

diff --git a/modules/markup/markdown/goldmark.go b/modules/markup/markdown/goldmark.go
index 8a3da3b08f..1ea3375ab5 100644
--- a/modules/markup/markdown/goldmark.go
+++ b/modules/markup/markdown/goldmark.go
@@ -1,4 +1,5 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package markdown
@@ -87,6 +88,8 @@ func (g *ASTTransformer) Transform(node *ast.Document, reader text.Reader, pc pa
 			if scope, found := ctx.Metas["scope"]; found {
 				v.Name = fmt.Appendf(v.Name, "-%s", scope)
 			}
+		case *ast.RawHTML:
+			g.transformRawHTML(ctx, v, reader)
 		}
 		return ast.WalkContinue, nil
 	})
diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go
index 7c13494a67..82c2c7fe8c 100644
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@@ -1,4 +1,5 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package markdown_test
@@ -125,6 +126,32 @@ func TestRender_Images(t *testing.T) {
 		`<p><a href="`+href+`" rel="nofollow"><img src="`+result+`" alt="`+title+`"/></a></p>`)
 }
 
+func TestRender_Buttons(t *testing.T) {
+	setting.AppURL = AppURL
+
+	test := func(input, expected string) {
+		buffer, err := markdown.RenderString(&markup.RenderContext{
+			Ctx: git.DefaultContext,
+			Links: markup.Links{
+				Base: FullURL,
+			},
+		}, input)
+		require.NoError(t, err)
+		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(string(buffer)))
+	}
+
+	test(
+		"<button>Test</button>",
+		`<p><button type="button">Test</button></p>`)
+
+	test(
+		`<button class="toggle-escape-button btn interact-bg">Test</button>`,
+		`<p><button type="button" class="toggle-escape-button btn interact-bg">Test</button></p>`)
+	test(
+		`<button type="submit" class="toggle-escape-button btn interact-bg">Test</button>`,
+		`<p><button type="button" class="toggle-escape-button btn interact-bg">Test</button></p>`)
+}
+
 func testAnswers(baseURLContent, baseURLImages string) []string {
 	return []string{
 		`<p>Wiki! Enjoy :)</p>
diff --git a/modules/markup/markdown/transform_html.go b/modules/markup/markdown/transform_html.go
new file mode 100644
index 0000000000..9bebb45554
--- /dev/null
+++ b/modules/markup/markdown/transform_html.go
@@ -0,0 +1,28 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package markdown
+
+import (
+	"strings"
+
+	"forgejo.org/modules/markup"
+
+	"github.com/yuin/goldmark/ast"
+	"github.com/yuin/goldmark/text"
+)
+
+func (g *ASTTransformer) addTypeToButton(v *ast.RawHTML, segment string) {
+	segment = strings.TrimPrefix(segment, "<button")
+	newTag := ast.NewString([]byte(`<button type="button"` + segment))
+	newTag.SetCode(true)
+	v.Parent().ReplaceChild(v.Parent(), v, newTag)
+}
+
+func (g *ASTTransformer) transformRawHTML(_ *markup.RenderContext, v *ast.RawHTML, reader text.Reader) {
+	segment := string(v.Segments.Value(reader.Source()))
+
+	if strings.HasPrefix(segment, "<button") {
+		g.addTypeToButton(v, segment)
+	}
+}
diff --git a/modules/markup/sanitizer.go b/modules/markup/sanitizer.go
index aacc2536bf..9f2b92f3cb 100644
--- a/modules/markup/sanitizer.go
+++ b/modules/markup/sanitizer.go
@@ -1,5 +1,6 @@
-// Copyright 2017 The Gitea Authors. All rights reserved.
 // Copyright 2017 The Gogs Authors. All rights reserved.
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package markup
@@ -78,6 +79,9 @@ func createDefaultPolicy() *bluemonday.Policy {
 	policy.AllowAttrs("type").Matching(regexp.MustCompile(`^checkbox$`)).OnElements("input")
 	policy.AllowAttrs("checked", "disabled", "data-source-position").OnElements("input")
 
+	// Buttons
+	policy.AllowAttrs("type").Matching(regexp.MustCompile(`^button$`)).OnElements("button")
+
 	// Custom URL-Schemes
 	if len(setting.Markdown.CustomURLSchemes) > 0 {
 		policy.AllowURLSchemes(setting.Markdown.CustomURLSchemes...)
diff --git a/tests/e2e/issue-comment-file-preview.test.e2e.ts b/tests/e2e/issue-comment-file-preview.test.e2e.ts
new file mode 100644
index 0000000000..03f7557dc0
--- /dev/null
+++ b/tests/e2e/issue-comment-file-preview.test.e2e.ts
@@ -0,0 +1,34 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// @watch start
+// modules/markup/**
+// web_src/js/features/repo-unicode-escape.js
+// @watch end
+
+import {expect} from '@playwright/test';
+import {dynamic_id, test} from './utils_e2e.ts';
+
+test.use({user: 'user2'});
+
+test('Escape button in file preview', async ({page}) => {
+  await page.goto('/user2/unicode-escaping/src/branch/main/a-file');
+
+  const url = await page.getByRole('link', {name: 'Permalink'}).getAttribute('href');
+
+  const response = await page.goto('/user2/repo1/issues/new');
+  expect(response?.status()).toBe(200);
+
+  // Create a new issue
+  await page.getByPlaceholder('Title').fill(dynamic_id());
+  await page.getByPlaceholder('Leave a comment').fill(`http://localhost:3003${url}#L1`);
+  await page.getByRole('button', {name: 'Create issue'}).click();
+
+  await expect(page).toHaveURL(/\/user2\/repo1\/issues\/\d+$/);
+
+  await expect(page.locator('table.file-preview.unicode-escaped')).toHaveCount(0);
+  await expect(async () => {
+    await page.locator('button.toggle-escape-button').click();
+    await expect(page.locator('table.file-preview.unicode-escaped')).toHaveCount(1);
+  }).toPass();
+});

From b0d6786522101443771eba44ec4bf5872cb91248 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 21 Dec 2025 05:38:37 +0100
Subject: [PATCH 022/854] Update https://data.forgejo.org/actions/checkout
 action to v6 (forgejo) (#10518)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10518
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .../workflows/build-release-integration.yml    |  2 +-
 .forgejo/workflows/build-release.yml           |  2 +-
 .../workflows/cascade-setup-end-to-end.yml     |  2 +-
 .forgejo/workflows/coverage.yml                |  2 +-
 .forgejo/workflows/publish-release.yml         |  2 +-
 .../release-notes-assistant-milestones.yml     |  2 +-
 .forgejo/workflows/release-notes-assistant.yml |  2 +-
 .forgejo/workflows/testing-integration.yml     |  6 +++---
 .forgejo/workflows/testing.yml                 | 18 +++++++++---------
 9 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index aa5e69f64d..e3cbd3b331 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -26,7 +26,7 @@ jobs:
     if: vars.ROLE == 'forgejo-coding'
     runs-on: lxc-bookworm
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
         uses: https://data.forgejo.org/actions/setup-forgejo@v3.0.6
diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 042a981881..a3674b3a64 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -33,7 +33,7 @@ jobs:
     # root is used for testing, allow it
     if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
         with:
           fetch-depth: 0
 
diff --git a/.forgejo/workflows/cascade-setup-end-to-end.yml b/.forgejo/workflows/cascade-setup-end-to-end.yml
index 747e41075f..36b464d9f3 100644
--- a/.forgejo/workflows/cascade-setup-end-to-end.yml
+++ b/.forgejo/workflows/cascade-setup-end-to-end.yml
@@ -37,7 +37,7 @@ jobs:
     container:
       image: data.forgejo.org/oci/node:24-bookworm
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
         with:
           fetch-depth: '0'
           show-progress: 'false'
diff --git a/.forgejo/workflows/coverage.yml b/.forgejo/workflows/coverage.yml
index f0a27889a1..539527533f 100644
--- a/.forgejo/workflows/coverage.yml
+++ b/.forgejo/workflows/coverage.yml
@@ -61,7 +61,7 @@ jobs:
         image: registry.redict.io/redict:7.3.6-scratch
         options: --tmpfs /data:noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
         with:
           repository: ${{ inputs.repository }}
           ref: ${{ inputs.ref }}
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index a583756656..853a730a1a 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -41,7 +41,7 @@ jobs:
     runs-on: lxc-bookworm
     if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != ''
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
 
       - name: copy & sign
         uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.4.1
diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index 76799b06dc..f63b2cd5d0 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -15,7 +15,7 @@ jobs:
     container:
       image: 'data.forgejo.org/oci/ci:1'
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
 
       - uses: https://data.forgejo.org/actions/cache@v4
         with:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index 4640eb37df..4b5ddf15d0 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -17,7 +17,7 @@ jobs:
     container:
       image: 'data.forgejo.org/oci/node:24-bookworm'
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
 
       - name: event
         run: |
diff --git a/.forgejo/workflows/testing-integration.yml b/.forgejo/workflows/testing-integration.yml
index 7c74239f1f..85351af08c 100644
--- a/.forgejo/workflows/testing-integration.yml
+++ b/.forgejo/workflows/testing-integration.yml
@@ -34,7 +34,7 @@ jobs:
       image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install git 2.34.1 and git-lfs 3.0.2
         uses: ./.forgejo/workflows-composite/install-minimum-git-version
@@ -53,7 +53,7 @@ jobs:
       image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install git 2.34.1 and git-lfs 3.0.2
         uses: ./.forgejo/workflows-composite/install-minimum-git-version
@@ -85,7 +85,7 @@ jobs:
           MARIADB_DATABASE: testgitea
         options: --tmpfs /var/lib/mysql:noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install dependencies & git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index 199e616daa..28714c8c1c 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -22,7 +22,7 @@ jobs:
           cat <<'EOF'
           ${{ toJSON(github) }}
           EOF
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
       - run: su forgejo -c 'make deps-backend deps-tools'
       - run: su forgejo -c 'make --always-make -j$(nproc) lint-backend tidy-check swagger-check lint-swagger fmt-check swagger-validate' # ensure the "go-licenses" make target runs
@@ -34,7 +34,7 @@ jobs:
       image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
       - run: make deps-frontend
       - run: make lint-frontend
       - run: make checks-frontend
@@ -78,7 +78,7 @@ jobs:
           MINIO_ROOT_USER: 123456
           MINIO_ROOT_PASSWORD: 12345678
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
@@ -105,7 +105,7 @@ jobs:
       image: 'data.forgejo.org/oci/playwright:latest'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
         with:
           fetch-depth: 20
       - uses: ./.forgejo/workflows-composite/setup-env
@@ -175,7 +175,7 @@ jobs:
         env:
           ALLOW_EMPTY_PASSWORD: "yes" # redis & valkey will immediately shutdown with no defined password unless overridden
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
@@ -208,7 +208,7 @@ jobs:
           MYSQL_EXTRA_FLAGS: --innodb-adaptive-flushing=OFF --innodb-buffer-pool-size=4G --innodb-log-buffer-size=128M --innodb-flush-log-at-trx-commit=0 --innodb-flush-log-at-timeout=30 --innodb-flush-method=nosync --innodb-fsync-threshold=1000000000 --disable-log-bin
         options: --tmpfs /bitnami/mysql/data:noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install dependencies & git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
@@ -246,7 +246,7 @@ jobs:
           POSTGRESQL_EXTRA_FLAGS: -c full_page_writes=off
         options: --tmpfs /bitnami/postgresql
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install dependencies & git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
@@ -268,7 +268,7 @@ jobs:
       image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: install dependencies & git >= 2.42
         uses: ./.forgejo/workflows-composite/apt-install-from
@@ -296,7 +296,7 @@ jobs:
       image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
-      - uses: https://data.forgejo.org/actions/checkout@v5
+      - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
       - run: su forgejo -c 'make deps-backend deps-tools'
       - run: su forgejo -c 'make security-check'

From 252b7756bca9cb06fc1c7a371521ab02ca5ce3bd Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 21 Dec 2025 07:22:40 +0100
Subject: [PATCH 023/854] Update https://data.forgejo.org/actions/cache action
 to v5 (forgejo) (#10517)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10517
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows-composite/build-backend/action.yaml    | 2 +-
 .forgejo/workflows-composite/setup-cache-go/action.yaml   | 2 +-
 .forgejo/workflows/build-release.yml                      | 2 +-
 .forgejo/workflows/release-notes-assistant-milestones.yml | 2 +-
 .forgejo/workflows/renovate.yml                           | 4 ++--
 .forgejo/workflows/testing.yml                            | 4 ++--
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.forgejo/workflows-composite/build-backend/action.yaml b/.forgejo/workflows-composite/build-backend/action.yaml
index 68a99ffaf9..8c6fdb024b 100644
--- a/.forgejo/workflows-composite/build-backend/action.yaml
+++ b/.forgejo/workflows-composite/build-backend/action.yaml
@@ -3,7 +3,7 @@ runs:
   steps:
     - run: |
         su forgejo -c 'make deps-backend'
-    - uses: https://data.forgejo.org/actions/cache@v4
+    - uses: https://data.forgejo.org/actions/cache@v5
       id: cache-backend
       with:
         path: ${{github.workspace}}/gitea
diff --git a/.forgejo/workflows-composite/setup-cache-go/action.yaml b/.forgejo/workflows-composite/setup-cache-go/action.yaml
index fec166fc35..7543155699 100644
--- a/.forgejo/workflows-composite/setup-cache-go/action.yaml
+++ b/.forgejo/workflows-composite/setup-cache-go/action.yaml
@@ -50,7 +50,7 @@ runs:
 
     - name: "Restore Go dependencies from cache or mark for later caching"
       id: cache-deps
-      uses: https://data.forgejo.org/actions/cache@v4
+      uses: https://data.forgejo.org/actions/cache@v5
       with:
         key: setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}-${{ steps.go-version.outputs.go_version }}-${{ hashFiles('go.sum', 'go.mod') }}
         restore-keys: |
diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index a3674b3a64..25d93eb6bc 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -93,7 +93,7 @@ jobs:
 
       - name: cache node_modules
         id: node
-        uses: https://data.forgejo.org/actions/cache@v4
+        uses: https://data.forgejo.org/actions/cache@v5
         with:
           path: |
             node_modules
diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index f63b2cd5d0..06de029d88 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -17,7 +17,7 @@ jobs:
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
-      - uses: https://data.forgejo.org/actions/cache@v4
+      - uses: https://data.forgejo.org/actions/cache@v5
         with:
           key: rna-${{ env.RNA_VERSION }}
           path: ${{ env.RNA_WORKDIR }}
diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 0dcde71310..5179c4acf4 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Load renovate repo cache
-        uses: https://data.forgejo.org/actions/cache/restore@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: https://data.forgejo.org/actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: |
             .tmp/cache/renovate/repository
@@ -70,7 +70,7 @@ jobs:
 
       - name: Save renovate repo cache
         if: always() && env.RENOVATE_DRY_RUN != 'full'
-        uses: https://data.forgejo.org/actions/cache/save@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1
+        uses: https://data.forgejo.org/actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
         with:
           path: |
             .tmp/cache/renovate/repository
diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index 28714c8c1c..1d5c8dad2f 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -51,7 +51,7 @@ jobs:
           apt-get update -qq
           apt-get -q install -qq -y zstd
       - name: "Cache frontend build for playwright testing"
-        uses: https://data.forgejo.org/actions/cache/save@v4
+        uses: https://data.forgejo.org/actions/cache/save@v5
         with:
           path: ${{github.workspace}}/public/assets
           key: frontend-build-${{ github.sha }}
@@ -110,7 +110,7 @@ jobs:
           fetch-depth: 20
       - uses: ./.forgejo/workflows-composite/setup-env
       - name: "Restore frontend build"
-        uses: https://data.forgejo.org/actions/cache/restore@v4
+        uses: https://data.forgejo.org/actions/cache/restore@v5
         id: cache-frontend
         with:
           path: ${{github.workspace}}/public/assets

From 81baf756369dad9166f43683925f910b76858fdb Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Sun, 21 Dec 2025 17:09:22 +0100
Subject: [PATCH 024/854] feat(ui): show cancel button until all jobs are
 finished (#9261)

Change that the Cancel button is shown until all jobs are finished and do not hide it, when the first job failed.
Additionally the wrapping of the header was changed.

| Before | After |
| :--: | :----: |
| ![grafik](/attachments/26ee51ab-9a46-4c91-a866-e01cb0e97b28) | ![grafik](/attachments/eda3769b-e555-4964-9644-06f772046247) |

Fixes #8922

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9261
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
---
 models/fixtures/action_run.yml              | 40 +++++++++++
 models/fixtures/action_run_job.yml          | 60 ++++++++++++++++
 models/fixtures/action_task.yml             | 80 +++++++++++++++++++++
 routers/web/repo/actions/view.go            |  2 +-
 routers/web/repo/actions/view_test.go       | 49 +++++++++++++
 tests/integration/api_admin_actions_test.go |  6 +-
 web_src/js/components/RepoActionView.vue    | 28 ++++++--
 7 files changed, 255 insertions(+), 10 deletions(-)

diff --git a/models/fixtures/action_run.yml b/models/fixtures/action_run.yml
index 8fa04b0066..41559ef788 100644
--- a/models/fixtures/action_run.yml
+++ b/models/fixtures/action_run.yml
@@ -533,3 +533,43 @@
   updated: 1683636626
   need_approval: false
   approved_by: 0
+
+-
+  id: 895
+  title: "job output"
+  repo_id: 4
+  owner_id: 1
+  workflow_id: "test.yaml"
+  index: 191
+  trigger_user_id: 1
+  ref: "refs/heads/master"
+  commit_sha: "c2d72f548424103f01ee1dc02889c1e2bff816b0"
+  event: "push"
+  is_fork_pull_request: false
+  status: 2
+  started: 1683636528
+  stopped: 1683636626
+  created: 1683636108
+  updated: 1683636626
+  need_approval: false
+  approved_by: 0
+
+-
+  id: 896
+  title: "job output"
+  repo_id: 4
+  owner_id: 1
+  workflow_id: "test.yaml"
+  index: 192
+  trigger_user_id: 1
+  ref: "refs/heads/master"
+  commit_sha: "c2d72f548424103f01ee1dc02889c1e2bff816b0"
+  event: "push"
+  is_fork_pull_request: false
+  status: 2
+  started: 1683636528
+  stopped: 1683636626
+  created: 1683636108
+  updated: 1683636626
+  need_approval: false
+  approved_by: 0
diff --git a/models/fixtures/action_run_job.yml b/models/fixtures/action_run_job.yml
index bb812c1570..2d8ea9ff6f 100644
--- a/models/fixtures/action_run_job.yml
+++ b/models/fixtures/action_run_job.yml
@@ -69,6 +69,66 @@
   status: 5
   started: 1683636528
   stopped: 1683636626
+-
+  id: 197
+  run_id: 895
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: false
+  name: job1 (1)
+  attempt: 0
+  job_id: job1
+  task_id: 54
+  status: 2 # failure
+  runs_on: '["postmarketOS"]'
+  started: 1683636528
+  stopped: 1683636626
+-
+  id: 198
+  run_id: 895
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: false
+  name: job1 (2)
+  attempt: 0
+  job_id: job1
+  task_id: 55
+  status: 6 # running
+  runs_on: '["postmarketOS"]'
+  started: 1683636528
+  stopped: 1683636626
+-
+  id: 199
+  run_id: 896
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: false
+  name: job1 (1)
+  attempt: 0
+  job_id: job1
+  task_id: 56
+  status: 2 # failure
+  runs_on: '["postmarketOS"]'
+  started: 1683636528
+  stopped: 1683636626
+-
+  id: 200
+  run_id: 896
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: false
+  name: job1 (2)
+  attempt: 0
+  job_id: job1
+  task_id: 57
+  status: 1 # success
+  runs_on: '["postmarketOS"]'
+  started: 1683636528
+  stopped: 1683636626
 -
   id: 292
   run_id: 891
diff --git a/models/fixtures/action_task.yml b/models/fixtures/action_task.yml
index 956bc736f9..b931ca0aa8 100644
--- a/models/fixtures/action_task.yml
+++ b/models/fixtures/action_task.yml
@@ -157,3 +157,83 @@
   log_length: 707
   log_size: 90179
   log_expired: false
+-
+  id: 54
+  job_id: 197
+  attempt: 0
+  runner_id: 1
+  status: 2 # failure
+  started: 1683636528
+  stopped: 1683636626
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: false
+  token_hash: b8d3962425466b6709b9ac51446f93260c54afe8e7b6d3686e34f991fb8a8953822b0deed86fe41a103f34bc48dbc4784225
+  token_salt: ffffffffff
+  token_last_eight: ffffffff
+  log_filename: artifact-test2/2f/47.log
+  log_in_storage: true
+  log_length: 707
+  log_size: 90179
+  log_expired: false
+-
+  id: 55
+  job_id: 198
+  attempt: 0
+  runner_id: 1
+  status: 6 # running
+  started: 1683636528
+  stopped: 1683636626
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: false
+  token_hash: b8d3962425466b6709b9ac51446f93260c54afe8e7b6d3686e34f991fb8a8953822b0deed86fe41a103f34bc48dbc4784226
+  token_salt: ffffffffff
+  token_last_eight: ffffffff
+  log_filename: artifact-test2/2f/47.log
+  log_in_storage: true
+  log_length: 707
+  log_size: 90179
+  log_expired: false
+-
+  id: 56
+  job_id: 199
+  attempt: 0
+  runner_id: 1
+  status: 2 # failure
+  started: 1683636528
+  stopped: 1683636626
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: false
+  token_hash: b8d3962425466b6709b9ac51446f93260c54afe8e7b6d3686e34f991fb8a8953822b0deed86fe41a103f34bc48dbc4784227
+  token_salt: ffffffffff
+  token_last_eight: ffffffff
+  log_filename: artifact-test2/2f/47.log
+  log_in_storage: true
+  log_length: 707
+  log_size: 90179
+  log_expired: false
+-
+  id: 57
+  job_id: 200
+  attempt: 0
+  runner_id: 1
+  status: 1 # success
+  started: 1683636528
+  stopped: 1683636626
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: false
+  token_hash: b8d3962425466b6709b9ac51446f93260c54afe8e7b6d3686e34f991fb8a8953822b0deed86fe41a103f34bc48dbc4784228
+  token_salt: ffffffffff
+  token_last_eight: ffffffff
+  log_filename: artifact-test2/2f/47.log
+  log_in_storage: true
+  log_length: 707
+  log_size: 90179
+  log_expired: false
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index 9b36f7b8cb..68466ee848 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -282,7 +282,6 @@ func getViewResponse(ctx *app_context.Context, req *ViewRequest, runIndex, jobIn
 	resp.State.Run.Title = run.Title
 	resp.State.Run.TitleHTML = templates.RenderCommitMessage(ctx, run.Title, metas)
 	resp.State.Run.Link = run.Link()
-	resp.State.Run.CanCancel = !run.Status.IsDone() && ctx.Repo.CanWrite(unit.TypeActions)
 	resp.State.Run.CanApprove = run.NeedApproval && ctx.Repo.CanWrite(unit.TypeActions)
 	resp.State.Run.CanRerun = run.Status.IsDone() && ctx.Repo.CanWrite(unit.TypeActions)
 	resp.State.Run.CanDeleteArtifact = run.Status.IsDone() && ctx.Repo.CanWrite(unit.TypeActions)
@@ -310,6 +309,7 @@ func getViewResponse(ctx *app_context.Context, req *ViewRequest, runIndex, jobIn
 		})
 	}
 	resp.State.Run.Done = done
+	resp.State.Run.CanCancel = !done && ctx.Repo.CanWrite(unit.TypeActions)
 
 	pusher := ViewUser{
 		DisplayName: run.TriggerUser.GetDisplayName(),
diff --git a/routers/web/repo/actions/view_test.go b/routers/web/repo/actions/view_test.go
index 61579b3208..48ebdf4cdc 100644
--- a/routers/web/repo/actions/view_test.go
+++ b/routers/web/repo/actions/view_test.go
@@ -382,6 +382,55 @@ func TestActionsViewViewPost(t *testing.T) {
 	}
 }
 
+func TestActionsViewCancelableUntilAllJobsFinished(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	tests := []struct {
+		name     string
+		runIndex int64
+		assert   func(*testing.T, *ViewResponse)
+	}{
+		{
+			name:     "failed and running",
+			runIndex: 191,
+			assert: func(t *testing.T, actual *ViewResponse) {
+				assert.Equal(t, "failure", actual.State.Run.Jobs[0].Status)
+				assert.Equal(t, "running", actual.State.Run.Jobs[1].Status)
+				assert.True(t, actual.State.Run.CanCancel)
+			},
+		},
+		{
+			name:     "failed and success",
+			runIndex: 192,
+			assert: func(t *testing.T, actual *ViewResponse) {
+				assert.Equal(t, "failure", actual.State.Run.Jobs[0].Status)
+				assert.Equal(t, "success", actual.State.Run.Jobs[1].Status)
+				assert.False(t, actual.State.Run.CanCancel)
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			ctx, resp := contexttest.MockContext(t, "user2/repo1/actions/runs/0")
+			contexttest.LoadUser(t, ctx, 1)
+			contexttest.LoadRepo(t, ctx, 4)
+			ctx.SetParams(":run", fmt.Sprintf("%d", tt.runIndex))
+			ctx.SetParams(":attempt", fmt.Sprintf("%d", 0))
+			web.SetForm(ctx, &ViewRequest{})
+
+			ViewPost(ctx)
+			require.Equal(t, http.StatusOK, resp.Result().StatusCode, "failure in ViewPost(): %q", resp.Body.String())
+
+			var actual ViewResponse
+			err := json.Unmarshal(resp.Body.Bytes(), &actual)
+			require.NoError(t, err)
+
+			tt.assert(t, &actual)
+		})
+	}
+}
+
 func TestActionsViewRedirectToLatestAttempt(t *testing.T) {
 	unittest.PrepareTestEnv(t)
 
diff --git a/tests/integration/api_admin_actions_test.go b/tests/integration/api_admin_actions_test.go
index 702e68b1b7..52c68098a4 100644
--- a/tests/integration/api_admin_actions_test.go
+++ b/tests/integration/api_admin_actions_test.go
@@ -62,6 +62,7 @@ func TestActionsAPISearchActionJobs_GlobalRunnerAllPendingJobs(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	job196 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 196})
+	job198 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 198})
 	job393 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 393})
 	job394 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 394})
 	job395 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 395})
@@ -81,11 +82,12 @@ func TestActionsAPISearchActionJobs_GlobalRunnerAllPendingJobs(t *testing.T) {
 	var jobs []*api.ActionRunJob
 	DecodeJSON(t, res, &jobs)
 
-	assert.Len(t, jobs, 6)
+	assert.Len(t, jobs, 7)
 	assert.Equal(t, job397.ID, jobs[0].ID)
 	assert.Equal(t, job396.ID, jobs[1].ID)
 	assert.Equal(t, job395.ID, jobs[2].ID)
 	assert.Equal(t, job394.ID, jobs[3].ID)
 	assert.Equal(t, job393.ID, jobs[4].ID)
-	assert.Equal(t, job196.ID, jobs[5].ID)
+	assert.Equal(t, job198.ID, jobs[5].ID)
+	assert.Equal(t, job196.ID, jobs[6].ID)
 }
diff --git a/web_src/js/components/RepoActionView.vue b/web_src/js/components/RepoActionView.vue
index e80b6475c9..0bdce36995 100644
--- a/web_src/js/components/RepoActionView.vue
+++ b/web_src/js/components/RepoActionView.vue
@@ -472,12 +472,14 @@ export default {
         <button class="ui basic small compact button primary" @click="approveRun()" v-if="canApprove">
           {{ locale.approve }}
         </button>
-        <button class="ui basic small compact button red" @click="cancelRun()" v-else-if="canCancel">
-          {{ locale.cancel }}
-        </button>
-        <button class="ui basic small compact button tw-mr-0 tw-whitespace-nowrap link-action" :data-url="`${run.link}/rerun`" v-else-if="canRerun">
-          {{ locale.rerun_all }}
-        </button>
+        <div class="action-info-summary-actions" v-else>
+          <button class="ui basic small compact button red" @click="cancelRun()" v-if="canCancel">
+            {{ locale.cancel }}
+          </button>
+          <button class="ui basic small compact button tw-mr-0 tw-whitespace-nowrap link-action" :data-url="`${run.link}/rerun`" v-if="canRerun">
+            {{ locale.rerun_all }}
+          </button>
+        </div>
       </div>
       <div class="action-summary">
         {{ run.commit.localeCommit }}
@@ -629,9 +631,10 @@ export default {
 
 .action-info-summary {
   display: flex;
+  flex-wrap: wrap;
   align-items: center;
-  justify-content: space-between;
   gap: 8px;
+  margin-bottom: 8px;
 }
 
 .action-info-summary-title {
@@ -640,6 +643,17 @@ export default {
   gap: 0.5em;
 }
 
+.action-info-summary-actions {
+  display: flex;
+  align-items: center;
+  gap: var(--button-spacing);
+  margin-left: auto;
+}
+
+.action-info-summary-actions > button {
+  margin: 0;
+}
+
 .action-info-summary-title-text {
   font-size: 20px;
   margin: 0;

From ddd4cf0d28d9b770eff3da2083f88382c244bd98 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sun, 21 Dec 2025 17:21:02 +0100
Subject: [PATCH 025/854] chore: revise runner REST API endpoints (#10450)

In https://codeberg.org/forgejo/forgejo/pulls/9409, REST API endpoints were added to manage runners. The REST API endpoints were modelled after GitHub's REST API. That comes at the cost of introducing methods and fields that Forgejo does not and is unlikely to support in the future, like label IDs or label types. But Forgejo would have to maintain them for a very long time.

The introduced endpoints have been revised and aligned with existing Forgejo REST API endpoints:

* POST for `/registration-token` has been removed because it was only an alias of GET.
* `/runners` returns a list of `ActionRunner` instead of a wrapper object. `total_count` was replaced with the header `x-total-count` that is used throughout Forgejo.
* `status` in `ActionRunner` was converted to an enum that is documented.
* `busy` in `ActionRunner` was combined with `status`. A single enum is easier to extend and consume.
* `labels` in `ActionRunner` was converted to a list of strings to match existing Forgejo REST API endpoints.
* `ephemeral` has been removed from `ActionRunner` because ephemeral runners have not been merged, yet.
*  `ActionRunner` received a number of new fields: `uuid`, `version`, `description`, `owner_id`, and `repo_id`.

In addition to those structural changes, the test coverage was enhanced and the API documentation polished.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10450
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 modules/structs/repo_actions.go               |  61 +++--
 routers/api/v1/admin/runners.go               |  41 +--
 routers/api/v1/api.go                         |   4 +-
 routers/api/v1/org/action.go                  |  46 +---
 routers/api/v1/repo/action.go                 |  49 +---
 routers/api/v1/shared/runners.go              |  23 +-
 routers/api/v1/swagger/action.go              |  12 +-
 routers/api/v1/user/runners.go                |  43 +---
 services/actions/interface.go                 |   2 -
 services/convert/convert.go                   |  46 ++--
 services/convert/convert_test.go              |  76 ++++++
 templates/swagger/v1_json.tmpl                | 243 ++++++------------
 tests/integration/actions_job_test.go         |  30 ---
 tests/integration/actions_runner_test.go      |  56 ----
 tests/integration/api_admin_actions_test.go   | 164 ++++++++++++
 tests/integration/api_org_actions_test.go     | 110 ++++++++
 tests/integration/api_repo_actions_test.go    | 108 ++++++++
 tests/integration/api_user_actions_test.go    | 110 ++++++++
 .../action_runner.yml                         |  36 +++
 .../action_runner_token.yml                   |  12 +
 .../action_runner.yml                         |  36 +++
 .../action_runner_token.yml                   |  12 +
 .../action_runner.yml                         |  36 +++
 .../action_runner_token.yml                   |  12 +
 .../action_runner.yml                         |  36 +++
 .../action_runner_token.yml                   |  12 +
 26 files changed, 971 insertions(+), 445 deletions(-)
 create mode 100644 tests/integration/fixtures/TestAPIGlobalActionsRunnerOperations/action_runner.yml
 create mode 100644 tests/integration/fixtures/TestAPIGlobalActionsRunnerRegistrationTokenOperations/action_runner_token.yml
 create mode 100644 tests/integration/fixtures/TestAPIOrgActionsRunnerOperations/action_runner.yml
 create mode 100644 tests/integration/fixtures/TestAPIOrgActionsRunnerRegistrationTokenOperations/action_runner_token.yml
 create mode 100644 tests/integration/fixtures/TestAPIRepoActionsRunnerOperations/action_runner.yml
 create mode 100644 tests/integration/fixtures/TestAPIRepoActionsRunnerRegistrationTokenOperations/action_runner_token.yml
 create mode 100644 tests/integration/fixtures/TestAPIUserActionsRunnerOperations/action_runner.yml
 create mode 100644 tests/integration/fixtures/TestAPIUserActionsRunnerRegistrationTokenOperations/action_runner_token.yml

diff --git a/modules/structs/repo_actions.go b/modules/structs/repo_actions.go
index eada2db09f..69e616eed9 100644
--- a/modules/structs/repo_actions.go
+++ b/modules/structs/repo_actions.go
@@ -33,26 +33,51 @@ type ActionTaskResponse struct {
 	TotalCount int64         `json:"total_count"`
 }
 
-// ActionRunnerLabel represents a Runner Label
-type ActionRunnerLabel struct {
-	ID   int64  `json:"id"`
-	Name string `json:"name"`
-	Type string `json:"type"`
+type RunnerStatus int
+
+const (
+	// RunnerStatusOffline signals that the runner is not connected to Forgejo.
+	RunnerStatusOffline RunnerStatus = iota
+
+	// RunnerStatusIdle means that the runner is connected to Forgejo and waiting for jobs to run.
+	RunnerStatusIdle
+
+	// RunnerStatusActive signifies that the runner is connected to Forgejo and running a job.
+	RunnerStatusActive
+)
+
+var statusName = map[RunnerStatus]string{
+	RunnerStatusOffline: "offline",
+	RunnerStatusIdle:    "idle",
+	RunnerStatusActive:  "active",
 }
 
-// ActionRunner represents a Runner
+func (status RunnerStatus) String() string {
+	return statusName[status]
+}
+
+// ActionRunner represents a runner
+// swagger:model
 type ActionRunner struct {
-	ID     int64  `json:"id"`
-	Name   string `json:"name"`
+	// ID uniquely identifies this runner.
+	ID int64 `json:"id"`
+	// UUID uniquely identifies this runner.
+	UUID string `json:"uuid"`
+	// OwnerID is the identifier of the user or organization this runner belongs to. O if the runner is owned by a
+	// repository.
+	OwnerID int64 `json:"owner_id"`
+	// RepoID is the identifier of the repository this runner belongs to. 0 if the runner belongs to a user or
+	// organization.
+	RepoID int64 `json:"repo_id"`
+	// Name of the runner; not unique.
+	Name string `json:"name"`
+	// Status indicates whether this runner is offline, or active, for example.
+	// enum: ["offline", "idle", "active"]
 	Status string `json:"status"`
-	Busy   bool   `json:"busy"`
-	// currently unused as forgejo does not support ephemeral runners, but they are defined in gh api spec
-	Ephemeral bool                 `json:"ephemeral"`
-	Labels    []*ActionRunnerLabel `json:"labels"`
-}
-
-// ActionRunnersResponse returns Runners
-type ActionRunnersResponse struct {
-	Entries    []*ActionRunner `json:"runners"`
-	TotalCount int64           `json:"total_count"`
+	// Version is the self-reported version string of Forgejo Runner.
+	Version string `json:"version"`
+	// Labels is a list of labels attached to this runner.
+	Labels []string `json:"labels"`
+	// Description provides optional details about this runner.
+	Description string `json:"description"`
 }
diff --git a/routers/api/v1/admin/runners.go b/routers/api/v1/admin/runners.go
index 7c53a717a9..1a7abe2b12 100644
--- a/routers/api/v1/admin/runners.go
+++ b/routers/api/v1/admin/runners.go
@@ -8,13 +8,11 @@ import (
 	"forgejo.org/services/context"
 )
 
-// https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-a-registration-token-for-an-organization
-
 // GetRegistrationToken returns the token to register global runners
 func GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /admin/runners/registration-token admin adminGetRunnerRegistrationToken
 	// ---
-	// summary: Get a global actions runner registration token
+	// summary: Get a runner registration token for registering global runners
 	// produces:
 	// - application/json
 	// parameters:
@@ -29,7 +27,7 @@ func GetRegistrationToken(ctx *context.APIContext) {
 func SearchActionRunJobs(ctx *context.APIContext) {
 	// swagger:operation GET /admin/runners/jobs admin adminSearchRunJobs
 	// ---
-	// summary: Search action jobs according filter conditions
+	// summary: Search action jobs according to filter conditions
 	// produces:
 	// - application/json
 	// parameters:
@@ -45,31 +43,16 @@ func SearchActionRunJobs(ctx *context.APIContext) {
 	shared.GetActionRunJobs(ctx, 0, 0)
 }
 
-// CreateRegistrationToken returns the token to register global runners
-func CreateRegistrationToken(ctx *context.APIContext) {
-	// swagger:operation POST /admin/actions/runners/registration-token admin adminCreateRunnerRegistrationToken
-	// ---
-	// summary: Get a global actions runner registration token
-	// produces:
-	// - application/json
-	// parameters:
-	// responses:
-	//   "200":
-	//     "$ref": "#/responses/RegistrationToken"
-
-	shared.GetRegistrationToken(ctx, 0, 0)
-}
-
-// ListRunners get all runners
+// ListRunners returns all runners, no matter whether they are global runners or scoped to an organization, user, or repository
 func ListRunners(ctx *context.APIContext) {
 	// swagger:operation GET /admin/actions/runners admin getAdminRunners
 	// ---
-	// summary: Get all runners
+	// summary: Get all runners, no matter whether they are global runners or scoped to an organization, user, or repository
 	// produces:
 	// - application/json
 	// responses:
 	//   "200":
-	//     "$ref": "#/definitions/ActionRunnersResponse"
+	//     "$ref": "#/responses/ActionRunnerList"
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "404":
@@ -77,22 +60,22 @@ func ListRunners(ctx *context.APIContext) {
 	shared.ListRunners(ctx, 0, 0)
 }
 
-// GetRunner get a global runner
+// GetRunner returns a particular runner, no matter whether it is a global runner or scoped to an organization, user, or repository
 func GetRunner(ctx *context.APIContext) {
 	// swagger:operation GET /admin/actions/runners/{runner_id} admin getAdminRunner
 	// ---
-	// summary: Get a global runner
+	// summary: Get a particular runner, no matter whether it is a global runner or scoped to an organization, user, or repository
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: runner_id
 	//   in: path
-	//   description: id of the runner
+	//   description: ID of the runner
 	//   type: string
 	//   required: true
 	// responses:
 	//   "200":
-	//     "$ref": "#/definitions/ActionRunner"
+	//     "$ref": "#/responses/ActionRunner"
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "404":
@@ -100,17 +83,17 @@ func GetRunner(ctx *context.APIContext) {
 	shared.GetRunner(ctx, 0, 0, ctx.ParamsInt64("runner_id"))
 }
 
-// DeleteRunner delete a global runner
+// DeleteRunner removes a particular runner, no matter whether it is a global runner or scoped to an organization, user, or repository
 func DeleteRunner(ctx *context.APIContext) {
 	// swagger:operation DELETE /admin/actions/runners/{runner_id} admin deleteAdminRunner
 	// ---
-	// summary: Delete a global runner
+	// summary: Delete a particular runner, no matter whether it is a global runner or scoped to an organization, user, or repository
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: runner_id
 	//   in: path
-	//   description: id of the runner
+	//   description: ID of the runner
 	//   type: string
 	//   required: true
 	// responses:
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 1206d653c1..f3589094b2 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -858,7 +858,6 @@ func Routes() *web.Route {
 			m.Group("/runners", func() {
 				m.Get("", reqToken(), reqChecker, act.ListRunners)
 				m.Get("/registration-token", reqToken(), reqChecker, act.GetRegistrationToken)
-				m.Post("/registration-token", reqToken(), reqChecker, act.CreateRegistrationToken)
 				m.Get("/{runner_id}", reqToken(), reqChecker, act.GetRunner)
 				m.Delete("/{runner_id}", reqToken(), reqChecker, act.DeleteRunner)
 				m.Get("/jobs", reqToken(), reqChecker, act.SearchActionRunJobs)
@@ -1022,7 +1021,6 @@ func Routes() *web.Route {
 				m.Group("/runners", func() {
 					m.Get("", reqToken(), user.ListRunners)
 					m.Get("/registration-token", reqToken(), user.GetRegistrationToken)
-					m.Post("/registration-token", reqToken(), user.CreateRegistrationToken)
 					m.Get("/{runner_id}", reqToken(), user.GetRunner)
 					m.Delete("/{runner_id}", reqToken(), user.DeleteRunner)
 					m.Get("/jobs", reqToken(), user.SearchActionRunJobs)
@@ -1704,7 +1702,7 @@ func Routes() *web.Route {
 			})
 			m.Group("/actions/runners", func() {
 				m.Get("", admin.ListRunners)
-				m.Post("/registration-token", admin.CreateRegistrationToken)
+				m.Get("/registration-token", admin.GetRegistrationToken)
 				m.Get("/{runner_id}", admin.GetRunner)
 				m.Delete("/{runner_id}", admin.DeleteRunner)
 			})
diff --git a/routers/api/v1/org/action.go b/routers/api/v1/org/action.go
index b3fcbca6b1..92921a3328 100644
--- a/routers/api/v1/org/action.go
+++ b/routers/api/v1/org/action.go
@@ -168,12 +168,11 @@ func (Action) DeleteSecret(ctx *context.APIContext) {
 	ctx.Status(http.StatusNoContent)
 }
 
-// https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-a-registration-token-for-an-organization
-// GetRegistrationToken returns the token to register org runners
+// GetRegistrationToken returns the organization's runner registration token
 func (Action) GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/runners/registration-token organization orgGetRunnerRegistrationToken
 	// ---
-	// summary: Get an organization's actions runner registration token
+	// summary: Get the organization's runner registration token
 	// produces:
 	// - application/json
 	// parameters:
@@ -214,27 +213,6 @@ func (Action) SearchActionRunJobs(ctx *context.APIContext) {
 	shared.GetActionRunJobs(ctx, ctx.Org.Organization.ID, 0)
 }
 
-// https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-a-registration-token-for-an-organization
-// CreateRegistrationToken returns the token to register org runners
-func (Action) CreateRegistrationToken(ctx *context.APIContext) {
-	// swagger:operation POST /orgs/{org}/actions/runners/registration-token organization orgCreateRunnerRegistrationToken
-	// ---
-	// summary: Get an organization's actions runner registration token
-	// produces:
-	// - application/json
-	// parameters:
-	// - name: org
-	//   in: path
-	//   description: name of the organization
-	//   type: string
-	//   required: true
-	// responses:
-	//   "200":
-	//     "$ref": "#/responses/RegistrationToken"
-
-	shared.GetRegistrationToken(ctx, ctx.Org.Organization.ID, 0)
-}
-
 // ListVariables list org-level variables
 func (Action) ListVariables(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/variables organization getOrgVariablesList
@@ -287,11 +265,11 @@ func (Action) ListVariables(ctx *context.APIContext) {
 	ctx.JSON(http.StatusOK, variables)
 }
 
-// ListRunners get org-level runners
+// ListRunners returns the organization's runners
 func (Action) ListRunners(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/runners organization getOrgRunners
 	// ---
-	// summary: Get org-level runners
+	// summary: Get the organization's runners
 	// produces:
 	// - application/json
 	// parameters:
@@ -302,7 +280,7 @@ func (Action) ListRunners(ctx *context.APIContext) {
 	//   required: true
 	// responses:
 	//   "200":
-	//     "$ref": "#/definitions/ActionRunnersResponse"
+	//     "$ref": "#/responses/ActionRunnerList"
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "404":
@@ -310,11 +288,11 @@ func (Action) ListRunners(ctx *context.APIContext) {
 	shared.ListRunners(ctx, ctx.Org.Organization.ID, 0)
 }
 
-// GetRunner get an org-level runner
+// GetRunner gets a particular runner that belongs to the organization
 func (Action) GetRunner(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/runners/{runner_id} organization getOrgRunner
 	// ---
-	// summary: Get an org-level runner
+	// summary: Get a particular runner that belongs to the organization
 	// produces:
 	// - application/json
 	// parameters:
@@ -325,12 +303,12 @@ func (Action) GetRunner(ctx *context.APIContext) {
 	//   required: true
 	// - name: runner_id
 	//   in: path
-	//   description: id of the runner
+	//   description: ID of the runner
 	//   type: string
 	//   required: true
 	// responses:
 	//   "200":
-	//     "$ref": "#/definitions/ActionRunner"
+	//     "$ref": "#/responses/ActionRunner"
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "404":
@@ -338,11 +316,11 @@ func (Action) GetRunner(ctx *context.APIContext) {
 	shared.GetRunner(ctx, ctx.Org.Organization.ID, 0, ctx.ParamsInt64("runner_id"))
 }
 
-// DeleteRunner delete an org-level runner
+// DeleteRunner removes a particular runner that belongs to the organization
 func (Action) DeleteRunner(ctx *context.APIContext) {
 	// swagger:operation DELETE /orgs/{org}/actions/runners/{runner_id} organization deleteOrgRunner
 	// ---
-	// summary: Delete an org-level runner
+	// summary: Delete a particular runner that belongs to the organization
 	// produces:
 	// - application/json
 	// parameters:
@@ -353,7 +331,7 @@ func (Action) DeleteRunner(ctx *context.APIContext) {
 	//   required: true
 	// - name: runner_id
 	//   in: path
-	//   description: id of the runner
+	//   description: ID of the runner
 	//   type: string
 	//   required: true
 	// responses:
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index 9085ee8e70..f413dc4925 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -480,11 +480,11 @@ func (Action) ListVariables(ctx *context.APIContext) {
 	ctx.JSON(http.StatusOK, variables)
 }
 
-// GetRegistrationToken returns the token to register repo runners
+// GetRegistrationToken returns the runner registration token to register runners for the repository
 func (Action) GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/actions/runners/registration-token repository repoGetRunnerRegistrationToken
 	// ---
-	// summary: Get a repository's actions runner registration token
+	// summary: Get a repository's runner registration token
 	// produces:
 	// - application/json
 	// parameters:
@@ -505,36 +505,11 @@ func (Action) GetRegistrationToken(ctx *context.APIContext) {
 	shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
 }
 
-// CreateRegistrationToken returns the token to register repo runners
-func (Action) CreateRegistrationToken(ctx *context.APIContext) {
-	// swagger:operation POST /repos/{owner}/{repo}/actions/runners/registration-token repository repoCreateRunnerRegistrationToken
-	// ---
-	// summary: Get a repository's actions runner registration token
-	// produces:
-	// - application/json
-	// parameters:
-	// - name: owner
-	//   in: path
-	//   description: owner of the repo
-	//   type: string
-	//   required: true
-	// - name: repo
-	//   in: path
-	//   description: name of the repo
-	//   type: string
-	//   required: true
-	// responses:
-	//   "200":
-	//     "$ref": "#/responses/RegistrationToken"
-
-	shared.GetRegistrationToken(ctx, 0, ctx.Repo.Repository.ID)
-}
-
-// ListRunners get repo-level runners
+// ListRunners returns runners that belong to the repository
 func (Action) ListRunners(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/actions/runners repository getRepoRunners
 	// ---
-	// summary: Get repo-level runners
+	// summary: Get runners belonging to the repository
 	// produces:
 	// - application/json
 	// parameters:
@@ -550,7 +525,7 @@ func (Action) ListRunners(ctx *context.APIContext) {
 	//   required: true
 	// responses:
 	//   "200":
-	//     "$ref": "#/definitions/ActionRunnersResponse"
+	//     "$ref": "#/responses/ActionRunnerList"
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "404":
@@ -558,11 +533,11 @@ func (Action) ListRunners(ctx *context.APIContext) {
 	shared.ListRunners(ctx, 0, ctx.Repo.Repository.ID)
 }
 
-// GetRunner get a repo-level runner
+// GetRunner returns a particular runner that belongs to the repository
 func (Action) GetRunner(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/actions/runners/{runner_id} repository getRepoRunner
 	// ---
-	// summary: Get a repo-level runner
+	// summary: Get a particular runner that belongs to the repository
 	// produces:
 	// - application/json
 	// parameters:
@@ -578,12 +553,12 @@ func (Action) GetRunner(ctx *context.APIContext) {
 	//   required: true
 	// - name: runner_id
 	//   in: path
-	//   description: id of the runner
+	//   description: ID of the runner
 	//   type: string
 	//   required: true
 	// responses:
 	//   "200":
-	//     "$ref": "#/definitions/ActionRunner"
+	//     "$ref": "#/responses/ActionRunner"
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "404":
@@ -591,11 +566,11 @@ func (Action) GetRunner(ctx *context.APIContext) {
 	shared.GetRunner(ctx, 0, ctx.Repo.Repository.ID, ctx.ParamsInt64("runner_id"))
 }
 
-// DeleteRunner delete a repo-level runner
+// DeleteRunner removes a particular runner that belongs to a repository
 func (Action) DeleteRunner(ctx *context.APIContext) {
 	// swagger:operation DELETE /repos/{owner}/{repo}/actions/runners/{runner_id} repository deleteRepoRunner
 	// ---
-	// summary: Delete a repo-level runner
+	// summary: Delete a particular runner that belongs to a repository
 	// produces:
 	// - application/json
 	// parameters:
@@ -611,7 +586,7 @@ func (Action) DeleteRunner(ctx *context.APIContext) {
 	//   required: true
 	// - name: runner_id
 	//   in: path
-	//   description: id of the runner
+	//   description: ID of the runner
 	//   type: string
 	//   required: true
 	// responses:
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index feb47dacaa..4c4f1de00e 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -97,15 +97,17 @@ func ListRunners(ctx *context.APIContext, ownerID, repoID int64) {
 		return
 	}
 
-	res := new(structs.ActionRunnersResponse)
-	res.TotalCount = total
-
-	res.Entries = make([]*structs.ActionRunner, len(runners))
+	runnerList := make([]structs.ActionRunner, len(runners))
 	for i, runner := range runners {
-		res.Entries[i] = convert.ToActionRunner(ctx, runner)
+		actionRunner, err := convert.ToActionRunner(runner)
+		if err != nil {
+			ctx.Error(http.StatusInternalServerError, "ToActionRunner", err)
+			return
+		}
+		runnerList[i] = actionRunner
 	}
-
-	ctx.JSON(http.StatusOK, &res)
+	ctx.SetTotalCountHeader(total)
+	ctx.JSON(http.StatusOK, &runnerList)
 }
 
 // GetRunner get the runner for api route validated ownerID and repoID
@@ -132,7 +134,12 @@ func GetRunner(ctx *context.APIContext, ownerID, repoID, runnerID int64) {
 		ctx.Error(http.StatusNotFound, "RunnerEdit", "No permission to get this runner")
 		return
 	}
-	ctx.JSON(http.StatusOK, convert.ToActionRunner(ctx, runner))
+
+	actionRunner, err := convert.ToActionRunner(runner)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "ToActionRunner", err)
+	}
+	ctx.JSON(http.StatusOK, actionRunner)
 }
 
 // DeleteRunner deletes the runner for api route validated ownerID and repoID
diff --git a/routers/api/v1/swagger/action.go b/routers/api/v1/swagger/action.go
index cf853c986f..17181be250 100644
--- a/routers/api/v1/swagger/action.go
+++ b/routers/api/v1/swagger/action.go
@@ -57,16 +57,16 @@ type swaggerRegistrationToken struct {
 	Body shared.RegistrationToken `json:"body"`
 }
 
-// ActionRunner represents a Runner
+// ActionRunner represents a runner
 // swagger:response ActionRunner
 type swaggerActionRunner struct {
 	// in: body
 	Body api.ActionRunner `json:"body"`
 }
 
-// ActionRunnersResponse returns Runners
-// swagger:response ActionRunnersResponse
-type swaggerActionRunnerResponse struct {
-	// in: body
-	Body api.ActionRunnersResponse `json:"body"`
+// ActionRunnerList is a list of Forgejo Action runners
+// swagger:response ActionRunnerList
+type swaggerActionRunnerListResponse struct {
+	// in:body
+	Body []api.ActionRunner `json:"body"`
 }
diff --git a/routers/api/v1/user/runners.go b/routers/api/v1/user/runners.go
index 2cfdd8a03a..dfeb49dcb6 100644
--- a/routers/api/v1/user/runners.go
+++ b/routers/api/v1/user/runners.go
@@ -8,13 +8,11 @@ import (
 	"forgejo.org/services/context"
 )
 
-// https://docs.github.com/en/rest/actions/self-hosted-runners?apiVersion=2022-11-28#create-a-registration-token-for-an-organization
-
-// GetRegistrationToken returns the token to register user runners
+// GetRegistrationToken returns a token to register user-level runners
 func GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /user/actions/runners/registration-token user userGetRunnerRegistrationToken
 	// ---
-	// summary: Get an user's actions runner registration token
+	// summary: Get the user's runner registration token
 	// produces:
 	// - application/json
 	// parameters:
@@ -29,7 +27,7 @@ func GetRegistrationToken(ctx *context.APIContext) {
 	shared.GetRegistrationToken(ctx, ctx.Doer.ID, 0)
 }
 
-// SearchActionRunJobs return a list of actions jobs filtered by the provided parameters
+// SearchActionRunJobs returns a list of actions jobs filtered by the provided parameters
 func SearchActionRunJobs(ctx *context.APIContext) {
 	// swagger:operation GET /user/actions/runners/jobs user userSearchRunJobs
 	// ---
@@ -51,33 +49,16 @@ func SearchActionRunJobs(ctx *context.APIContext) {
 	shared.GetActionRunJobs(ctx, ctx.Doer.ID, 0)
 }
 
-// CreateRegistrationToken returns the token to register user runners
-func CreateRegistrationToken(ctx *context.APIContext) {
-	// swagger:operation POST /user/actions/runners/registration-token user userCreateRunnerRegistrationToken
-	// ---
-	// summary: Get an user's actions runner registration token
-	// produces:
-	// - application/json
-	// parameters:
-	// responses:
-	//   "200":
-	//     "$ref": "#/responses/RegistrationToken"
-	//   "401":
-	//     "$ref": "#/responses/unauthorized"
-
-	shared.GetRegistrationToken(ctx, ctx.Doer.ID, 0)
-}
-
-// ListRunners get user-level runners
+// ListRunners returns the user's runners
 func ListRunners(ctx *context.APIContext) {
 	// swagger:operation GET /user/actions/runners user getUserRunners
 	// ---
-	// summary: Get user-level runners
+	// summary: Get the user's runners
 	// produces:
 	// - application/json
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/ActionRunnersResponse"
+	//     "$ref": "#/responses/ActionRunnerList"
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "401":
@@ -87,17 +68,17 @@ func ListRunners(ctx *context.APIContext) {
 	shared.ListRunners(ctx, ctx.Doer.ID, 0)
 }
 
-// GetRunner get an user-level runner
+// GetRunner gets a particular runner that belongs to the user
 func GetRunner(ctx *context.APIContext) {
 	// swagger:operation GET /user/actions/runners/{runner_id} user getUserRunner
 	// ---
-	// summary: Get an user-level runner
+	// summary: Get a particular runner that belongs to the user
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: runner_id
 	//   in: path
-	//   description: id of the runner
+	//   description: ID of the runner
 	//   type: string
 	//   required: true
 	// responses:
@@ -112,17 +93,17 @@ func GetRunner(ctx *context.APIContext) {
 	shared.GetRunner(ctx, ctx.Doer.ID, 0, ctx.ParamsInt64("runner_id"))
 }
 
-// DeleteRunner delete an user-level runner
+// DeleteRunner deletes a particular user-level runner
 func DeleteRunner(ctx *context.APIContext) {
 	// swagger:operation DELETE /user/actions/runners/{runner_id} user deleteUserRunner
 	// ---
-	// summary: Delete an user-level runner
+	// summary: Delete a particular user-level runner
 	// produces:
 	// - application/json
 	// parameters:
 	// - name: runner_id
 	//   in: path
-	//   description: id of the runner
+	//   description: ID of the runner
 	//   type: string
 	//   required: true
 	// responses:
diff --git a/services/actions/interface.go b/services/actions/interface.go
index a5e0543594..466f8ef857 100644
--- a/services/actions/interface.go
+++ b/services/actions/interface.go
@@ -27,8 +27,6 @@ type API interface {
 	GetRegistrationToken(*context.APIContext)
 	// SearchActionRunJobs get pending Action run jobs
 	SearchActionRunJobs(*context.APIContext)
-	// CreateRegistrationToken get registration token
-	CreateRegistrationToken(*context.APIContext)
 	// ListRunners list runners
 	ListRunners(*context.APIContext)
 	// GetRunner get a runner
diff --git a/services/convert/convert.go b/services/convert/convert.go
index eaf6459cfd..00e1742178 100644
--- a/services/convert/convert.go
+++ b/services/convert/convert.go
@@ -522,26 +522,32 @@ func ToChangedFile(f *gitdiff.DiffFile, repo *repo_model.Repository, commit stri
 	return file
 }
 
-func ToActionRunner(ctx context.Context, runner *actions_model.ActionRunner) *api.ActionRunner {
-	status := runner.Status()
-	apiStatus := "offline"
-	if runner.IsOnline() {
-		apiStatus = "online"
+func ToActionRunner(runner *actions_model.ActionRunner) (api.ActionRunner, error) {
+	runnerStatus := runner.Status()
+
+	var status api.RunnerStatus
+	switch runnerStatus {
+	case runnerv1.RunnerStatus_RUNNER_STATUS_OFFLINE:
+		status = api.RunnerStatusOffline
+	case runnerv1.RunnerStatus_RUNNER_STATUS_IDLE:
+		status = api.RunnerStatusIdle
+	case runnerv1.RunnerStatus_RUNNER_STATUS_ACTIVE:
+		status = api.RunnerStatusActive
+	default:
+		return api.ActionRunner{}, fmt.Errorf("unexpected runner status: %s", runnerStatus)
 	}
-	labels := make([]*api.ActionRunnerLabel, len(runner.AgentLabels))
-	for i, label := range runner.AgentLabels {
-		labels[i] = &api.ActionRunnerLabel{
-			ID:   int64(i),
-			Name: label,
-			Type: "custom",
-		}
-	}
-	return &api.ActionRunner{
-		ID:     runner.ID,
-		Name:   runner.Name,
-		Status: apiStatus,
-		Busy:   status == runnerv1.RunnerStatus_RUNNER_STATUS_ACTIVE,
-		// Ephemeral: runner.Ephemeral,
-		Labels: labels,
+
+	actionRunner := api.ActionRunner{
+		ID:          runner.ID,
+		Name:        runner.Name,
+		UUID:        runner.UUID,
+		OwnerID:     runner.OwnerID,
+		RepoID:      runner.RepoID,
+		Description: runner.Description,
+		Version:     runner.Version,
+		Status:      status.String(),
+		Labels:      runner.AgentLabels,
 	}
+
+	return actionRunner, nil
 }
diff --git a/services/convert/convert_test.go b/services/convert/convert_test.go
index 04425bf9c3..6b870e0540 100644
--- a/services/convert/convert_test.go
+++ b/services/convert/convert_test.go
@@ -6,11 +6,13 @@ package convert
 import (
 	"testing"
 
+	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
 	api "forgejo.org/modules/structs"
+	"forgejo.org/modules/timeutil"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -103,3 +105,77 @@ uf51WIBywxztet6vi+jYJK1jFoY4iA==
 		}, commitVerification)
 	})
 }
+
+func TestToActionRunner(t *testing.T) {
+	testCases := []struct {
+		name           string
+		runner         actions_model.ActionRunner
+		expectedStatus api.RunnerStatus
+	}{
+		{
+			name: "active-runner",
+			runner: actions_model.ActionRunner{
+				ID:          846,
+				UUID:        "0bf6d33b-9be8-4bb3-a210-351ae7f3d48e",
+				OwnerID:     204958,
+				RepoID:      0,
+				Name:        "active-example",
+				Version:     "12.1.2",
+				Description: "A very busy runner",
+				AgentLabels: []string{"debian", "gpu"},
+				LastOnline:  timeutil.TimeStampNow(),
+				LastActive:  timeutil.TimeStampNow(),
+			},
+			expectedStatus: api.RunnerStatusActive,
+		},
+		{
+			name: "offline-runner",
+			runner: actions_model.ActionRunner{
+				ID:          731,
+				UUID:        "29b075f8-cd54-4dc2-b1e2-db303b32b0ce",
+				OwnerID:     0,
+				RepoID:      255289,
+				Name:        "offline-example",
+				Version:     "dev",
+				Description: "",
+				AgentLabels: []string{},
+				LastOnline:  0,
+				LastActive:  0,
+			},
+			expectedStatus: api.RunnerStatusOffline,
+		},
+		{
+			name: "idle-runner",
+			runner: actions_model.ActionRunner{
+				ID:          117,
+				UUID:        "865ca613-f258-49bc-a986-1037ace1ca35",
+				OwnerID:     39115,
+				RepoID:      0,
+				Name:        "idle-example",
+				Version:     "11.3.1",
+				Description: "A runner twiddling its thumbs",
+				AgentLabels: []string{"docker"},
+				LastOnline:  timeutil.TimeStampNow(),
+				LastActive:  timeutil.TimeStampNow().AddDuration(-actions_model.RunnerIdleTime),
+			},
+			expectedStatus: api.RunnerStatusIdle,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			actionRunner, err := ToActionRunner(&testCase.runner)
+
+			require.NoError(t, err)
+			assert.Equal(t, testCase.runner.ID, actionRunner.ID)
+			assert.Equal(t, testCase.runner.Name, actionRunner.Name)
+			assert.Equal(t, testCase.runner.UUID, actionRunner.UUID)
+			assert.Equal(t, testCase.runner.OwnerID, actionRunner.OwnerID)
+			assert.Equal(t, testCase.runner.RepoID, actionRunner.RepoID)
+			assert.Equal(t, testCase.runner.Version, actionRunner.Version)
+			assert.Equal(t, testCase.runner.Description, actionRunner.Description)
+			assert.Equal(t, testCase.expectedStatus.String(), actionRunner.Status)
+			assert.Equal(t, testCase.runner.AgentLabels, actionRunner.Labels)
+		})
+	}
+}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 3a75d53ba1..1e81d03469 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -319,11 +319,11 @@
         "tags": [
           "admin"
         ],
-        "summary": "Get all runners",
+        "summary": "Get all runners, no matter whether they are global runners or scoped to an organization, user, or repository",
         "operationId": "getAdminRunners",
         "responses": {
           "200": {
-            "$ref": "#/definitions/ActionRunnersResponse"
+            "$ref": "#/responses/ActionRunnerList"
           },
           "400": {
             "$ref": "#/responses/error"
@@ -334,23 +334,6 @@
         }
       }
     },
-    "/admin/actions/runners/registration-token": {
-      "post": {
-        "produces": [
-          "application/json"
-        ],
-        "tags": [
-          "admin"
-        ],
-        "summary": "Get a global actions runner registration token",
-        "operationId": "adminCreateRunnerRegistrationToken",
-        "responses": {
-          "200": {
-            "$ref": "#/responses/RegistrationToken"
-          }
-        }
-      }
-    },
     "/admin/actions/runners/{runner_id}": {
       "get": {
         "produces": [
@@ -359,12 +342,12 @@
         "tags": [
           "admin"
         ],
-        "summary": "Get a global runner",
+        "summary": "Get a particular runner, no matter whether it is a global runner or scoped to an organization, user, or repository",
         "operationId": "getAdminRunner",
         "parameters": [
           {
             "type": "string",
-            "description": "id of the runner",
+            "description": "ID of the runner",
             "name": "runner_id",
             "in": "path",
             "required": true
@@ -372,7 +355,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/definitions/ActionRunner"
+            "$ref": "#/responses/ActionRunner"
           },
           "400": {
             "$ref": "#/responses/error"
@@ -389,12 +372,12 @@
         "tags": [
           "admin"
         ],
-        "summary": "Delete a global runner",
+        "summary": "Delete a particular runner, no matter whether it is a global runner or scoped to an organization, user, or repository",
         "operationId": "deleteAdminRunner",
         "parameters": [
           {
             "type": "string",
-            "description": "id of the runner",
+            "description": "ID of the runner",
             "name": "runner_id",
             "in": "path",
             "required": true
@@ -1245,7 +1228,7 @@
         "tags": [
           "admin"
         ],
-        "summary": "Search action jobs according filter conditions",
+        "summary": "Search action jobs according to filter conditions",
         "operationId": "adminSearchRunJobs",
         "parameters": [
           {
@@ -1273,7 +1256,7 @@
         "tags": [
           "admin"
         ],
-        "summary": "Get a global actions runner registration token",
+        "summary": "Get a runner registration token for registering global runners",
         "operationId": "adminGetRunnerRegistrationToken",
         "responses": {
           "200": {
@@ -2635,7 +2618,7 @@
         "tags": [
           "organization"
         ],
-        "summary": "Get org-level runners",
+        "summary": "Get the organization's runners",
         "operationId": "getOrgRunners",
         "parameters": [
           {
@@ -2648,7 +2631,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/definitions/ActionRunnersResponse"
+            "$ref": "#/responses/ActionRunnerList"
           },
           "400": {
             "$ref": "#/responses/error"
@@ -2702,7 +2685,7 @@
         "tags": [
           "organization"
         ],
-        "summary": "Get an organization's actions runner registration token",
+        "summary": "Get the organization's runner registration token",
         "operationId": "orgGetRunnerRegistrationToken",
         "parameters": [
           {
@@ -2718,30 +2701,6 @@
             "$ref": "#/responses/RegistrationToken"
           }
         }
-      },
-      "post": {
-        "produces": [
-          "application/json"
-        ],
-        "tags": [
-          "organization"
-        ],
-        "summary": "Get an organization's actions runner registration token",
-        "operationId": "orgCreateRunnerRegistrationToken",
-        "parameters": [
-          {
-            "type": "string",
-            "description": "name of the organization",
-            "name": "org",
-            "in": "path",
-            "required": true
-          }
-        ],
-        "responses": {
-          "200": {
-            "$ref": "#/responses/RegistrationToken"
-          }
-        }
       }
     },
     "/orgs/{org}/actions/runners/{runner_id}": {
@@ -2752,7 +2711,7 @@
         "tags": [
           "organization"
         ],
-        "summary": "Get an org-level runner",
+        "summary": "Get a particular runner that belongs to the organization",
         "operationId": "getOrgRunner",
         "parameters": [
           {
@@ -2764,7 +2723,7 @@
           },
           {
             "type": "string",
-            "description": "id of the runner",
+            "description": "ID of the runner",
             "name": "runner_id",
             "in": "path",
             "required": true
@@ -2772,7 +2731,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/definitions/ActionRunner"
+            "$ref": "#/responses/ActionRunner"
           },
           "400": {
             "$ref": "#/responses/error"
@@ -2789,7 +2748,7 @@
         "tags": [
           "organization"
         ],
-        "summary": "Delete an org-level runner",
+        "summary": "Delete a particular runner that belongs to the organization",
         "operationId": "deleteOrgRunner",
         "parameters": [
           {
@@ -2801,7 +2760,7 @@
           },
           {
             "type": "string",
-            "description": "id of the runner",
+            "description": "ID of the runner",
             "name": "runner_id",
             "in": "path",
             "required": true
@@ -5333,7 +5292,7 @@
         "tags": [
           "repository"
         ],
-        "summary": "Get repo-level runners",
+        "summary": "Get runners belonging to the repository",
         "operationId": "getRepoRunners",
         "parameters": [
           {
@@ -5353,7 +5312,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/definitions/ActionRunnersResponse"
+            "$ref": "#/responses/ActionRunnerList"
           },
           "400": {
             "$ref": "#/responses/error"
@@ -5414,7 +5373,7 @@
         "tags": [
           "repository"
         ],
-        "summary": "Get a repository's actions runner registration token",
+        "summary": "Get a repository's runner registration token",
         "operationId": "repoGetRunnerRegistrationToken",
         "parameters": [
           {
@@ -5437,37 +5396,6 @@
             "$ref": "#/responses/RegistrationToken"
           }
         }
-      },
-      "post": {
-        "produces": [
-          "application/json"
-        ],
-        "tags": [
-          "repository"
-        ],
-        "summary": "Get a repository's actions runner registration token",
-        "operationId": "repoCreateRunnerRegistrationToken",
-        "parameters": [
-          {
-            "type": "string",
-            "description": "owner of the repo",
-            "name": "owner",
-            "in": "path",
-            "required": true
-          },
-          {
-            "type": "string",
-            "description": "name of the repo",
-            "name": "repo",
-            "in": "path",
-            "required": true
-          }
-        ],
-        "responses": {
-          "200": {
-            "$ref": "#/responses/RegistrationToken"
-          }
-        }
       }
     },
     "/repos/{owner}/{repo}/actions/runners/{runner_id}": {
@@ -5478,7 +5406,7 @@
         "tags": [
           "repository"
         ],
-        "summary": "Get a repo-level runner",
+        "summary": "Get a particular runner that belongs to the repository",
         "operationId": "getRepoRunner",
         "parameters": [
           {
@@ -5497,7 +5425,7 @@
           },
           {
             "type": "string",
-            "description": "id of the runner",
+            "description": "ID of the runner",
             "name": "runner_id",
             "in": "path",
             "required": true
@@ -5505,7 +5433,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/definitions/ActionRunner"
+            "$ref": "#/responses/ActionRunner"
           },
           "400": {
             "$ref": "#/responses/error"
@@ -5522,7 +5450,7 @@
         "tags": [
           "repository"
         ],
-        "summary": "Delete a repo-level runner",
+        "summary": "Delete a particular runner that belongs to a repository",
         "operationId": "deleteRepoRunner",
         "parameters": [
           {
@@ -5541,7 +5469,7 @@
           },
           {
             "type": "string",
-            "description": "id of the runner",
+            "description": "ID of the runner",
             "name": "runner_id",
             "in": "path",
             "required": true
@@ -18807,11 +18735,11 @@
         "tags": [
           "user"
         ],
-        "summary": "Get user-level runners",
+        "summary": "Get the user's runners",
         "operationId": "getUserRunners",
         "responses": {
           "200": {
-            "$ref": "#/responses/ActionRunnersResponse"
+            "$ref": "#/responses/ActionRunnerList"
           },
           "400": {
             "$ref": "#/responses/error"
@@ -18864,7 +18792,7 @@
         "tags": [
           "user"
         ],
-        "summary": "Get an user's actions runner registration token",
+        "summary": "Get the user's runner registration token",
         "operationId": "userGetRunnerRegistrationToken",
         "responses": {
           "200": {
@@ -18877,24 +18805,6 @@
             "$ref": "#/responses/forbidden"
           }
         }
-      },
-      "post": {
-        "produces": [
-          "application/json"
-        ],
-        "tags": [
-          "user"
-        ],
-        "summary": "Get an user's actions runner registration token",
-        "operationId": "userCreateRunnerRegistrationToken",
-        "responses": {
-          "200": {
-            "$ref": "#/responses/RegistrationToken"
-          },
-          "401": {
-            "$ref": "#/responses/unauthorized"
-          }
-        }
       }
     },
     "/user/actions/runners/{runner_id}": {
@@ -18905,12 +18815,12 @@
         "tags": [
           "user"
         ],
-        "summary": "Get an user-level runner",
+        "summary": "Get a particular runner that belongs to the user",
         "operationId": "getUserRunner",
         "parameters": [
           {
             "type": "string",
-            "description": "id of the runner",
+            "description": "ID of the runner",
             "name": "runner_id",
             "in": "path",
             "required": true
@@ -18938,12 +18848,12 @@
         "tags": [
           "user"
         ],
-        "summary": "Delete an user-level runner",
+        "summary": "Delete a particular user-level runner",
         "operationId": "deleteUserRunner",
         "parameters": [
           {
             "type": "string",
-            "description": "id of the runner",
+            "description": "ID of the runner",
             "name": "runner_id",
             "in": "path",
             "required": true
@@ -22181,76 +22091,64 @@
       "x-go-package": "forgejo.org/modules/structs"
     },
     "ActionRunner": {
-      "description": "ActionRunner represents a Runner",
+      "description": "ActionRunner represents a runner",
       "type": "object",
       "properties": {
-        "busy": {
-          "type": "boolean",
-          "x-go-name": "Busy"
-        },
-        "ephemeral": {
-          "description": "currently unused as forgejo does not support ephemeral runners, but they are defined in gh api spec",
-          "type": "boolean",
-          "x-go-name": "Ephemeral"
+        "description": {
+          "description": "Description provides optional details about this runner.",
+          "type": "string",
+          "x-go-name": "Description"
         },
         "id": {
+          "description": "ID uniquely identifies this runner.",
           "type": "integer",
           "format": "int64",
           "x-go-name": "ID"
         },
         "labels": {
+          "description": "Labels is a list of labels attached to this runner.",
           "type": "array",
           "items": {
-            "$ref": "#/definitions/ActionRunnerLabel"
+            "type": "string"
           },
           "x-go-name": "Labels"
         },
         "name": {
+          "description": "Name of the runner; not unique.",
           "type": "string",
           "x-go-name": "Name"
         },
+        "owner_id": {
+          "description": "OwnerID is the identifier of the user or organization this runner belongs to. O if the runner is owned by a\nrepository.",
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "OwnerID"
+        },
+        "repo_id": {
+          "description": "RepoID is the identifier of the repository this runner belongs to. 0 if the runner belongs to a user or\norganization.",
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "RepoID"
+        },
         "status": {
+          "description": "Status indicates whether this runner is offline, or active, for example.",
           "type": "string",
+          "enum": [
+            "offline",
+            "idle",
+            "active"
+          ],
           "x-go-name": "Status"
-        }
-      },
-      "x-go-package": "forgejo.org/modules/structs"
-    },
-    "ActionRunnerLabel": {
-      "description": "ActionRunnerLabel represents a Runner Label",
-      "type": "object",
-      "properties": {
-        "id": {
-          "type": "integer",
-          "format": "int64",
-          "x-go-name": "ID"
         },
-        "name": {
+        "uuid": {
+          "description": "UUID uniquely identifies this runner.",
           "type": "string",
-          "x-go-name": "Name"
+          "x-go-name": "UUID"
         },
-        "type": {
+        "version": {
+          "description": "Version is the self-reported version string of Forgejo Runner.",
           "type": "string",
-          "x-go-name": "Type"
-        }
-      },
-      "x-go-package": "forgejo.org/modules/structs"
-    },
-    "ActionRunnersResponse": {
-      "description": "ActionRunnersResponse returns Runners",
-      "type": "object",
-      "properties": {
-        "runners": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/ActionRunner"
-          },
-          "x-go-name": "Entries"
-        },
-        "total_count": {
-          "type": "integer",
-          "format": "int64",
-          "x-go-name": "TotalCount"
+          "x-go-name": "Version"
         }
       },
       "x-go-package": "forgejo.org/modules/structs"
@@ -29939,15 +29837,18 @@
       }
     },
     "ActionRunner": {
-      "description": "ActionRunner represents a Runner",
+      "description": "ActionRunner represents a runner",
       "schema": {
         "$ref": "#/definitions/ActionRunner"
       }
     },
-    "ActionRunnersResponse": {
-      "description": "ActionRunnersResponse returns Runners",
+    "ActionRunnerList": {
+      "description": "ActionRunnerList is a list of Forgejo Action runners",
       "schema": {
-        "$ref": "#/definitions/ActionRunnersResponse"
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/ActionRunner"
+        }
       }
     },
     "ActionVariable": {
diff --git a/tests/integration/actions_job_test.go b/tests/integration/actions_job_test.go
index 262358ab9f..baa1420bdd 100644
--- a/tests/integration/actions_job_test.go
+++ b/tests/integration/actions_job_test.go
@@ -175,36 +175,6 @@ jobs:
 	})
 }
 
-func TestRunnerLifecycleGithubEndpoints(t *testing.T) {
-	if !setting.Database.Type.IsSQLite3() {
-		// registering a mock runner when using a database other than SQLite leaves leftovers
-		t.Skip()
-	}
-	onApplicationRun(t, func(t *testing.T, u *url.URL) {
-		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-		session := loginUser(t, user2.Name)
-		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
-
-		apiRepo := createActionsTestRepo(t, token, "actions-runner-registration-with-get", false)
-		runner := newMockRunner()
-		runner.registerAsRepoRunnerWithPost(t, user2.Name, apiRepo.Name, "mock-runner", []string{"ubuntu-latest"})
-		runnersList := runner.listRunners(t, user2.Name, apiRepo.Name)
-
-		assert.NotNil(t, runnersList)
-		assert.Len(t, runnersList.Entries, 1)
-		assert.Equal(t, "mock-runner", runnersList.Entries[0].Name)
-
-		runnerDetails := runner.getRunner(t, user2.Name, apiRepo.Name, runnersList.Entries[0].ID)
-		assert.Equal(t, "mock-runner", runnerDetails.Name)
-		assert.Equal(t, runnersList.Entries[0].ID, runnerDetails.ID)
-
-		runner.deleteRunner(t, user2.Name, apiRepo.Name, runnersList.Entries[0].ID)
-
-		httpContext := NewAPITestContext(t, user2.Name, apiRepo.Name, auth_model.AccessTokenScopeWriteRepository)
-		doAPIDeleteRepository(httpContext)(t)
-	})
-}
-
 func TestActionsJobNeedsMatrix(t *testing.T) {
 	if !setting.Database.Type.IsSQLite3() {
 		t.Skip()
diff --git a/tests/integration/actions_runner_test.go b/tests/integration/actions_runner_test.go
index 0eb2117325..6cedaf6def 100644
--- a/tests/integration/actions_runner_test.go
+++ b/tests/integration/actions_runner_test.go
@@ -12,7 +12,6 @@ import (
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/modules/setting"
-	"forgejo.org/modules/structs"
 
 	pingv1 "code.forgejo.org/forgejo/actions-proto/ping/v1"
 	"code.forgejo.org/forgejo/actions-proto/ping/v1/pingv1connect"
@@ -97,61 +96,6 @@ func (r *mockRunner) registerAsRepoRunner(t *testing.T, ownerName, repoName, run
 	r.doRegister(t, runnerName, registrationToken.Token, labels)
 }
 
-func (r *mockRunner) registerAsRepoRunnerWithPost(t *testing.T, ownerName, repoName, runnerName string, labels []string) {
-	if !setting.Database.Type.IsSQLite3() {
-		// registering a mock runner when using a database other than SQLite leaves leftovers
-		t.FailNow()
-	}
-	session := loginUser(t, ownerName)
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
-	req := NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners/registration-token", ownerName, repoName)).AddTokenAuth(token)
-	resp := MakeRequest(t, req, http.StatusOK)
-	var registrationToken struct {
-		Token string `json:"token"`
-	}
-	DecodeJSON(t, resp, &registrationToken)
-	r.doRegister(t, runnerName, registrationToken.Token, labels)
-}
-
-func (r *mockRunner) listRunners(t *testing.T, ownerName, repoName string) structs.ActionRunnersResponse {
-	if !setting.Database.Type.IsSQLite3() {
-		// registering a mock runner when using a database other than SQLite leaves leftovers
-		t.FailNow()
-	}
-	session := loginUser(t, ownerName)
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
-	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners", ownerName, repoName)).AddTokenAuth(token)
-	resp := MakeRequest(t, req, http.StatusOK)
-	var runnersList structs.ActionRunnersResponse
-	DecodeJSON(t, resp, &runnersList)
-	return runnersList
-}
-
-func (r *mockRunner) getRunner(t *testing.T, ownerName, repoName string, runnerID int64) structs.ActionRunner {
-	if !setting.Database.Type.IsSQLite3() {
-		// registering a mock runner when using a database other than SQLite leaves leftovers
-		t.FailNow()
-	}
-	session := loginUser(t, ownerName)
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
-	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners/%d", ownerName, repoName, runnerID)).AddTokenAuth(token)
-	resp := MakeRequest(t, req, http.StatusOK)
-	var runner structs.ActionRunner
-	DecodeJSON(t, resp, &runner)
-	return runner
-}
-
-func (r *mockRunner) deleteRunner(t *testing.T, ownerName, repoName string, runnerID int64) {
-	if !setting.Database.Type.IsSQLite3() {
-		// registering a mock runner when using a database other than SQLite leaves leftovers
-		t.FailNow()
-	}
-	session := loginUser(t, ownerName)
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
-	req := NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners/%d", ownerName, repoName, runnerID)).AddTokenAuth(token)
-	MakeRequest(t, req, http.StatusNoContent)
-}
-
 func (r *mockRunner) maybeFetchTask(t *testing.T) *runnerv1.Task {
 	resp, err := r.client.runnerServiceClient.FetchTask(t.Context(), connect.NewRequest(&runnerv1.FetchTaskRequest{
 		TasksVersion: r.lastTasksVersion,
diff --git a/tests/integration/api_admin_actions_test.go b/tests/integration/api_admin_actions_test.go
index 52c68098a4..1c03d66b7a 100644
--- a/tests/integration/api_admin_actions_test.go
+++ b/tests/integration/api_admin_actions_test.go
@@ -11,10 +11,13 @@ import (
 	actions_model "forgejo.org/models/actions"
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
 	api "forgejo.org/modules/structs"
+	"forgejo.org/routers/api/v1/shared"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestActionsAPISearchActionJobs_GlobalRunner(t *testing.T) {
@@ -91,3 +94,164 @@ func TestActionsAPISearchActionJobs_GlobalRunnerAllPendingJobs(t *testing.T) {
 	assert.Equal(t, job198.ID, jobs[5].ID)
 	assert.Equal(t, job196.ID, jobs[6].ID)
 }
+
+func TestAPIGlobalActionsRunnerRegistrationTokenOperations(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIGlobalActionsRunnerRegistrationTokenOperations")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	session := loginUser(t, user1.Name)
+	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadAdmin)
+
+	t.Run("GetRegistrationToken", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners/registration-token")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var registrationToken shared.RegistrationToken
+		DecodeJSON(t, response, &registrationToken)
+
+		expected := shared.RegistrationToken{Token: "BzcgyhjWhLeKGA4ihJIigeRDrcxrFESd0yizEpb7xZJ"}
+
+		assert.Equal(t, expected, registrationToken)
+	})
+}
+
+func TestAPIGlobalActionsRunnerOperations(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIGlobalActionsRunnerOperations")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	session := loginUser(t, user1.Name)
+	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadAdmin)
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin)
+
+	t.Run("GetRunners", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		assert.NotEmpty(t, response.Header().Get("X-Total-Count"))
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		runnerOne := &api.ActionRunner{
+			ID:          130791,
+			UUID:        "8b0f6b98-fef8-430e-bfdc-dcbeeb58f3c8",
+			Name:        "runner-1-global",
+			Version:     "dev",
+			OwnerID:     0,
+			RepoID:      0,
+			Description: "A superb runner",
+			Labels:      []string{"debian", "gpu"},
+			Status:      "offline",
+		}
+		runnerTwo := &api.ActionRunner{
+			ID:          130792,
+			UUID:        "61c48447-6e7d-42da-9dbe-d659ade77a56",
+			Name:        "runner-2-user",
+			Version:     "11.3.1",
+			OwnerID:     1,
+			RepoID:      0,
+			Description: "A splendid runner",
+			Labels:      []string{"docker"},
+			Status:      "offline",
+		}
+		runnerThree := &api.ActionRunner{
+			ID:          130793,
+			UUID:        "9b92be13-b002-4fc0-b182-5e7cdbef0b8d",
+			Name:        "runner-3-global",
+			Version:     "11.3.1",
+			OwnerID:     0,
+			RepoID:      0,
+			Description: "Another fine runner",
+			Labels:      []string{"fedora"},
+			Status:      "offline",
+		}
+
+		// There are more runners in the result that originate from the global fixtures. The test ignores them to limit
+		// the impact of unrelated changes.
+		assert.Contains(t, runners, runnerOne)
+		assert.Contains(t, runners, runnerTwo)
+		assert.Contains(t, runners, runnerThree)
+	})
+
+	t.Run("GetGlobalRunner", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners/130793")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runner *api.ActionRunner
+		DecodeJSON(t, response, &runner)
+
+		runnerOne := &api.ActionRunner{
+			ID:          130793,
+			UUID:        "9b92be13-b002-4fc0-b182-5e7cdbef0b8d",
+			Name:        "runner-3-global",
+			Version:     "11.3.1",
+			OwnerID:     0,
+			RepoID:      0,
+			Description: "Another fine runner",
+			Labels:      []string{"fedora"},
+			Status:      "offline",
+		}
+
+		assert.Equal(t, runnerOne, runner)
+	})
+
+	t.Run("GetRepositoryScopedRunner", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners/130794")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runner *api.ActionRunner
+		DecodeJSON(t, response, &runner)
+
+		runnerFour := &api.ActionRunner{
+			ID:          130794,
+			UUID:        "44d595e9-b47d-42ef-b1b9-5869f8b8d501",
+			Name:        "runner-4-repository",
+			Version:     "12.2.0",
+			OwnerID:     0,
+			RepoID:      62,
+			Description: "",
+			Labels:      []string{"nixos"},
+			Status:      "offline",
+		}
+
+		assert.Equal(t, runnerFour, runner)
+	})
+
+	t.Run("DeleteGlobalRunner", func(t *testing.T) {
+		url := "/api/v1/admin/actions/runners/130791"
+
+		request := NewRequest(t, "GET", url)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusOK)
+
+		deleteRequest := NewRequest(t, "DELETE", url)
+		deleteRequest.AddTokenAuth(writeToken)
+		MakeRequest(t, deleteRequest, http.StatusNoContent)
+
+		request = NewRequest(t, "GET", url)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusNotFound)
+	})
+
+	t.Run("DeleteRepositoryScopedRunner", func(t *testing.T) {
+		url := "/api/v1/admin/actions/runners/130794"
+
+		request := NewRequest(t, "GET", url)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusOK)
+
+		deleteRequest := NewRequest(t, "DELETE", url)
+		deleteRequest.AddTokenAuth(writeToken)
+		MakeRequest(t, deleteRequest, http.StatusNoContent)
+
+		request = NewRequest(t, "GET", url)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusNotFound)
+	})
+}
diff --git a/tests/integration/api_org_actions_test.go b/tests/integration/api_org_actions_test.go
index 9a5eabc81a..3d5fb3e50c 100644
--- a/tests/integration/api_org_actions_test.go
+++ b/tests/integration/api_org_actions_test.go
@@ -11,10 +11,13 @@ import (
 	actions_model "forgejo.org/models/actions"
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
 	api "forgejo.org/modules/structs"
+	"forgejo.org/routers/api/v1/shared"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestActionsAPISearchActionJobs_OrgRunner(t *testing.T) {
@@ -76,3 +79,110 @@ func TestActionsAPISearchActionJobs_OrgRunnerAllPendingJobs(t *testing.T) {
 	assert.Equal(t, job397.ID, jobs[0].ID)
 	assert.Equal(t, job395.ID, jobs[1].ID)
 }
+
+func TestAPIOrgActionsRunnerRegistrationTokenOperations(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIOrgActionsRunnerRegistrationTokenOperations")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	session := loginUser(t, user2.Name)
+	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
+
+	t.Run("GetRegistrationToken", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners/registration-token")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var registrationToken shared.RegistrationToken
+		DecodeJSON(t, response, &registrationToken)
+
+		expected := shared.RegistrationToken{Token: "Sk9wHjBHelH4n1ckQy-mo3KVYRdoaPZ_aaH1ATfgI05"}
+
+		assert.Equal(t, expected, registrationToken)
+	})
+}
+
+func TestAPIOrgActionsRunnerOperations(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIOrgActionsRunnerOperations")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	session := loginUser(t, user2.Name)
+	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
+
+	t.Run("GetRunners", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		assert.Equal(t, "2", response.Header().Get("X-Total-Count"))
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		runnerOne := &api.ActionRunner{
+			ID:          655691,
+			UUID:        "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec",
+			Name:        "runner-1-organization",
+			Version:     "dev",
+			OwnerID:     3,
+			RepoID:      0,
+			Description: "A superb runner",
+			Labels:      []string{"debian", "gpu"},
+			Status:      "offline",
+		}
+		runnerThree := &api.ActionRunner{
+			ID:          655693,
+			UUID:        "0a7e5e05-2da4-44d5-a72a-615da120cef6",
+			Name:        "runner-3-organization",
+			Version:     "11.3.1",
+			OwnerID:     3,
+			RepoID:      0,
+			Description: "Another fine runner",
+			Labels:      []string{"fedora"},
+			Status:      "offline",
+		}
+
+		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
+	})
+
+	t.Run("GetRunner", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners/655691")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runner *api.ActionRunner
+		DecodeJSON(t, response, &runner)
+
+		runnerOne := &api.ActionRunner{
+			ID:          655691,
+			UUID:        "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec",
+			Name:        "runner-1-organization",
+			Version:     "dev",
+			OwnerID:     3,
+			RepoID:      0,
+			Description: "A superb runner",
+			Labels:      []string{"debian", "gpu"},
+			Status:      "offline",
+		}
+
+		assert.Equal(t, runnerOne, runner)
+	})
+
+	t.Run("DeleteRunner", func(t *testing.T) {
+		url := "/api/v1/orgs/org3/actions/runners/655691"
+
+		request := NewRequest(t, "GET", url)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusOK)
+
+		deleteRequest := NewRequest(t, "DELETE", url)
+		deleteRequest.AddTokenAuth(writeToken)
+		MakeRequest(t, deleteRequest, http.StatusNoContent)
+
+		request = NewRequest(t, "GET", url)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusNotFound)
+	})
+}
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index ae2591c0a8..9c8be4156a 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -19,6 +19,7 @@ import (
 	user_model "forgejo.org/models/user"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/webhook"
+	"forgejo.org/routers/api/v1/shared"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
@@ -351,3 +352,110 @@ func TestActionsAPIGetActionRun(t *testing.T) {
 		})
 	}
 }
+
+func TestAPIRepoActionsRunnerRegistrationTokenOperations(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIRepoActionsRunnerRegistrationTokenOperations")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	session := loginUser(t, user2.Name)
+	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+
+	t.Run("GetRegistrationToken", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners/registration-token")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var registrationToken shared.RegistrationToken
+		DecodeJSON(t, response, &registrationToken)
+
+		expected := shared.RegistrationToken{Token: "BzcgyhjWhLeKGA4ihJIigeRDrcxrFESd0yizEpb7xZJ"}
+
+		assert.Equal(t, expected, registrationToken)
+	})
+}
+
+func TestAPIRepoActionsRunnerOperations(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIRepoActionsRunnerOperations")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	session := loginUser(t, user2.Name)
+	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+	t.Run("GetRunners", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		assert.Equal(t, "2", response.Header().Get("X-Total-Count"))
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		runnerOne := &api.ActionRunner{
+			ID:          899251,
+			UUID:        "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec",
+			Name:        "runner-1-repository",
+			Version:     "dev",
+			OwnerID:     0,
+			RepoID:      62,
+			Description: "A superb runner",
+			Labels:      []string{"debian", "gpu"},
+			Status:      "offline",
+		}
+		runnerThree := &api.ActionRunner{
+			ID:          899253,
+			UUID:        "0a7e5e05-2da4-44d5-a72a-615da120cef6",
+			Name:        "runner-3-repository",
+			Version:     "11.3.1",
+			OwnerID:     0,
+			RepoID:      62,
+			Description: "Another fine runner",
+			Labels:      []string{"fedora"},
+			Status:      "offline",
+		}
+
+		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
+	})
+
+	t.Run("GetRunner", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners/899251")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runner *api.ActionRunner
+		DecodeJSON(t, response, &runner)
+
+		runnerOne := &api.ActionRunner{
+			ID:          899251,
+			UUID:        "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec",
+			Name:        "runner-1-repository",
+			Version:     "dev",
+			OwnerID:     0,
+			RepoID:      62,
+			Description: "A superb runner",
+			Labels:      []string{"debian", "gpu"},
+			Status:      "offline",
+		}
+
+		assert.Equal(t, runnerOne, runner)
+	})
+
+	t.Run("DeleteRunner", func(t *testing.T) {
+		url := "/api/v1/repos/user2/test_workflows/actions/runners/899253"
+
+		request := NewRequest(t, "GET", url)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusOK)
+
+		deleteRequest := NewRequest(t, "DELETE", url)
+		deleteRequest.AddTokenAuth(writeToken)
+		MakeRequest(t, deleteRequest, http.StatusNoContent)
+
+		request = NewRequest(t, "GET", url)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusNotFound)
+	})
+}
diff --git a/tests/integration/api_user_actions_test.go b/tests/integration/api_user_actions_test.go
index 40cf39b2d7..876fd14bbf 100644
--- a/tests/integration/api_user_actions_test.go
+++ b/tests/integration/api_user_actions_test.go
@@ -11,10 +11,13 @@ import (
 	actions_model "forgejo.org/models/actions"
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
 	api "forgejo.org/modules/structs"
+	"forgejo.org/routers/api/v1/shared"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestActionsAPISearchActionJobs_UserRunner(t *testing.T) {
@@ -74,3 +77,110 @@ func TestActionsAPISearchActionJobs_UserRunnerAllPendingJobs(t *testing.T) {
 	assert.Len(t, jobs, 1)
 	assert.Equal(t, job.ID, jobs[0].ID)
 }
+
+func TestAPIUserActionsRunnerRegistrationTokenOperations(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIUserActionsRunnerRegistrationTokenOperations")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	session := loginUser(t, user2.Name)
+	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
+
+	t.Run("GetRegistrationToken", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/user/actions/runners/registration-token")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var registrationToken shared.RegistrationToken
+		DecodeJSON(t, response, &registrationToken)
+
+		expected := shared.RegistrationToken{Token: "Xb3WmQBum2S0-WwFY399A0DhnPkgRdXzpEOJaMmL5UT"}
+
+		assert.Equal(t, expected, registrationToken)
+	})
+}
+
+func TestAPIUserActionsRunnerOperations(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIUserActionsRunnerOperations")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	session := loginUser(t, user2.Name)
+	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
+
+	t.Run("GetRunners", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/user/actions/runners")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		assert.Equal(t, "2", response.Header().Get("X-Total-Count"))
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		runnerOne := &api.ActionRunner{
+			ID:          71301,
+			UUID:        "99fc4a58-a25e-4dbe-b6ea-3d55dddcd216",
+			Name:        "runner-1-user",
+			Version:     "dev",
+			OwnerID:     2,
+			RepoID:      0,
+			Description: "A superb runner",
+			Labels:      []string{"debian", "gpu"},
+			Status:      "offline",
+		}
+		runnerThree := &api.ActionRunner{
+			ID:          71303,
+			UUID:        "70bc0da3-35b2-4129-bbc9-4679dfdda4d0",
+			Name:        "runner-3-user",
+			Version:     "11.3.1",
+			OwnerID:     2,
+			RepoID:      0,
+			Description: "Another fine runner",
+			Labels:      []string{"fedora"},
+			Status:      "offline",
+		}
+
+		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
+	})
+
+	t.Run("GetRunner", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/user/actions/runners/71303")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runner *api.ActionRunner
+		DecodeJSON(t, response, &runner)
+
+		runnerThree := &api.ActionRunner{
+			ID:          71303,
+			UUID:        "70bc0da3-35b2-4129-bbc9-4679dfdda4d0",
+			Name:        "runner-3-user",
+			Version:     "11.3.1",
+			OwnerID:     2,
+			RepoID:      0,
+			Description: "Another fine runner",
+			Labels:      []string{"fedora"},
+			Status:      "offline",
+		}
+
+		assert.Equal(t, runnerThree, runner)
+	})
+
+	t.Run("DeleteRunner", func(t *testing.T) {
+		url := "/api/v1/user/actions/runners/71303"
+
+		request := NewRequest(t, "GET", url)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusOK)
+
+		deleteRequest := NewRequest(t, "DELETE", url)
+		deleteRequest.AddTokenAuth(writeToken)
+		MakeRequest(t, deleteRequest, http.StatusNoContent)
+
+		request = NewRequest(t, "GET", url)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusNotFound)
+	})
+}
diff --git a/tests/integration/fixtures/TestAPIGlobalActionsRunnerOperations/action_runner.yml b/tests/integration/fixtures/TestAPIGlobalActionsRunnerOperations/action_runner.yml
new file mode 100644
index 0000000000..ef16984be0
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIGlobalActionsRunnerOperations/action_runner.yml
@@ -0,0 +1,36 @@
+- id: 130791
+  uuid: "8b0f6b98-fef8-430e-bfdc-dcbeeb58f3c8"
+  name: "runner-1-global"
+  version: "dev"
+  owner_id: 0
+  repo_id: 0
+  description: "A superb runner"
+  agent_labels: ["debian", "gpu"]
+  deleted: 0
+- id: 130792
+  uuid: "61c48447-6e7d-42da-9dbe-d659ade77a56"
+  name: "runner-2-user"
+  version: "11.3.1"
+  owner_id: 1
+  repo_id: 0
+  description: "A splendid runner"
+  agent_labels: ["docker"]
+  deleted: 0
+- id: 130793
+  uuid: "9b92be13-b002-4fc0-b182-5e7cdbef0b8d"
+  name: "runner-3-global"
+  version: "11.3.1"
+  owner_id: 0
+  repo_id: 0
+  description: "Another fine runner"
+  agent_labels: ["fedora"]
+  deleted: 0
+- id: 130794
+  uuid: "44d595e9-b47d-42ef-b1b9-5869f8b8d501"
+  name: "runner-4-repository"
+  version: "12.2.0"
+  owner_id: 0
+  repo_id: 62
+  description: ""
+  agent_labels: ["nixos"]
+  deleted: 0
\ No newline at end of file
diff --git a/tests/integration/fixtures/TestAPIGlobalActionsRunnerRegistrationTokenOperations/action_runner_token.yml b/tests/integration/fixtures/TestAPIGlobalActionsRunnerRegistrationTokenOperations/action_runner_token.yml
new file mode 100644
index 0000000000..c0b5007417
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIGlobalActionsRunnerRegistrationTokenOperations/action_runner_token.yml
@@ -0,0 +1,12 @@
+- id: 4691
+  token: "BzcgyhjWhLeKGA4ihJIigeRDrcxrFESd0yizEpb7xZJ"
+  owner_id: 0
+  repo_id: 0
+  is_active: true
+  deleted: 0
+- id: 4692
+  token: "Sk9wHjBHelH4n1ckQy-mo3KVYRdoaPZ_aaH1ATfgI05"
+  owner_id: 1
+  repo_id: 0
+  is_active: true
+  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIOrgActionsRunnerOperations/action_runner.yml b/tests/integration/fixtures/TestAPIOrgActionsRunnerOperations/action_runner.yml
new file mode 100644
index 0000000000..f39cac24be
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIOrgActionsRunnerOperations/action_runner.yml
@@ -0,0 +1,36 @@
+- id: 655691
+  uuid: "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec"
+  name: "runner-1-organization"
+  version: "dev"
+  owner_id: 3
+  repo_id: 0
+  description: "A superb runner"
+  agent_labels: ["debian", "gpu"]
+  deleted: 0
+- id: 655692
+  uuid: "6d2d13ef-b19f-47a8-85ad-e82e51f606c5"
+  name: "runner-2-user"
+  version: "11.3.1"
+  owner_id: 1
+  repo_id: 0
+  description: "A splendid runner"
+  agent_labels: ["docker"]
+  deleted: 0
+- id: 655693
+  uuid: "0a7e5e05-2da4-44d5-a72a-615da120cef6"
+  name: "runner-3-organization"
+  version: "11.3.1"
+  owner_id: 3
+  repo_id: 0
+  description: "Another fine runner"
+  agent_labels: ["fedora"]
+  deleted: 0
+- id: 655694
+  uuid: "166c596c-5016-488d-bd55-b84e5a0460ea"
+  name: "runner-4-global"
+  version: "11.3.1"
+  owner_id: 0
+  repo_id: 0
+  description: ""
+  agent_labels: []
+  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIOrgActionsRunnerRegistrationTokenOperations/action_runner_token.yml b/tests/integration/fixtures/TestAPIOrgActionsRunnerRegistrationTokenOperations/action_runner_token.yml
new file mode 100644
index 0000000000..2bd52feb31
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIOrgActionsRunnerRegistrationTokenOperations/action_runner_token.yml
@@ -0,0 +1,12 @@
+- id: 3621
+  token: "BzcgyhjWhLeKGA4ihJIigeRDrcxrFESd0yizEpb7xZJ"
+  owner_id: 1
+  repo_id: 0
+  is_active: true
+  deleted: 0
+- id: 3622
+  token: "Sk9wHjBHelH4n1ckQy-mo3KVYRdoaPZ_aaH1ATfgI05"
+  owner_id: 3
+  repo_id: 0
+  is_active: true
+  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIRepoActionsRunnerOperations/action_runner.yml b/tests/integration/fixtures/TestAPIRepoActionsRunnerOperations/action_runner.yml
new file mode 100644
index 0000000000..1f1edb919e
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIRepoActionsRunnerOperations/action_runner.yml
@@ -0,0 +1,36 @@
+- id: 899251
+  uuid: "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec"
+  name: "runner-1-repository"
+  version: "dev"
+  owner_id: 0
+  repo_id: 62
+  description: "A superb runner"
+  agent_labels: ["debian", "gpu"]
+  deleted: 0
+- id: 899252
+  uuid: "6d2d13ef-b19f-47a8-85ad-e82e51f606c5"
+  name: "runner-2-user"
+  version: "11.3.1"
+  owner_id: 1
+  repo_id: 0
+  description: "A splendid runner"
+  agent_labels: ["docker"]
+  deleted: 0
+- id: 899253
+  uuid: "0a7e5e05-2da4-44d5-a72a-615da120cef6"
+  name: "runner-3-repository"
+  version: "11.3.1"
+  owner_id: 0
+  repo_id: 62
+  description: "Another fine runner"
+  agent_labels: ["fedora"]
+  deleted: 0
+- id: 899254
+  uuid: "6456ac1f-70ec-4e8f-9ab7-bf117ee23d47"
+  name: "runner-4-global"
+  version: "11.3.1"
+  owner_id: 0
+  repo_id: 0
+  description: ""
+  agent_labels: []
+  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIRepoActionsRunnerRegistrationTokenOperations/action_runner_token.yml b/tests/integration/fixtures/TestAPIRepoActionsRunnerRegistrationTokenOperations/action_runner_token.yml
new file mode 100644
index 0000000000..ec32b16bc6
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIRepoActionsRunnerRegistrationTokenOperations/action_runner_token.yml
@@ -0,0 +1,12 @@
+- id: 3621
+  token: "BzcgyhjWhLeKGA4ihJIigeRDrcxrFESd0yizEpb7xZJ"
+  owner_id: 0
+  repo_id: 62
+  is_active: true
+  deleted: 0
+- id: 3622
+  token: "Sk9wHjBHelH4n1ckQy-mo3KVYRdoaPZ_aaH1ATfgI05"
+  owner_id: 0
+  repo_id: 1
+  is_active: true
+  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIUserActionsRunnerOperations/action_runner.yml b/tests/integration/fixtures/TestAPIUserActionsRunnerOperations/action_runner.yml
new file mode 100644
index 0000000000..be6ace174f
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIUserActionsRunnerOperations/action_runner.yml
@@ -0,0 +1,36 @@
+- id: 71301
+  uuid: "99fc4a58-a25e-4dbe-b6ea-3d55dddcd216"
+  name: "runner-1-user"
+  version: "dev"
+  owner_id: 2
+  repo_id: 0
+  description: "A superb runner"
+  agent_labels: ["debian", "gpu"]
+  deleted: 0
+- id: 71302
+  uuid: "9d32fe29-be59-4cd6-a97b-b6abb6937d47"
+  name: "runner-2-user"
+  version: "11.3.1"
+  owner_id: 1
+  repo_id: 0
+  description: "A splendid runner"
+  agent_labels: ["docker"]
+  deleted: 0
+- id: 71303
+  uuid: "70bc0da3-35b2-4129-bbc9-4679dfdda4d0"
+  name: "runner-3-user"
+  version: "11.3.1"
+  owner_id: 2
+  repo_id: 0
+  description: "Another fine runner"
+  agent_labels: ["fedora"]
+  deleted: 0
+- id: 71304
+  uuid: "3873c473-47b8-4559-9fa5-843277419780"
+  name: "runner-4-global"
+  version: "11.3.1"
+  owner_id: 0
+  repo_id: 0
+  description: ""
+  agent_labels: []
+  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIUserActionsRunnerRegistrationTokenOperations/action_runner_token.yml b/tests/integration/fixtures/TestAPIUserActionsRunnerRegistrationTokenOperations/action_runner_token.yml
new file mode 100644
index 0000000000..dc0167cb77
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIUserActionsRunnerRegistrationTokenOperations/action_runner_token.yml
@@ -0,0 +1,12 @@
+- id: 383951
+  token: "xVkXTYaIFUdkTxgqnLaO4X4c-Mg2OKBBcaEo6S1hkZo"
+  owner_id: 1
+  repo_id: 0
+  is_active: true
+  deleted: 0
+- id: 383952
+  token: "Xb3WmQBum2S0-WwFY399A0DhnPkgRdXzpEOJaMmL5UT"
+  owner_id: 2
+  repo_id: 0
+  is_active: true
+  deleted: 0

From a34275dd844205aa91b74beb302429306fe133d3 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 21 Dec 2025 19:21:27 +0100
Subject: [PATCH 026/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.3.0 (forgejo) (#10535)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.2.0` -> `v12.3.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.3.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.2.0/v12.3.0?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.3.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.3.0)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.2.0...v12.3.0)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1234): <!--number 1234 --><!--line 0 --><!--description ZmVhdChqb2JwYXJzZXIpOiBleHBvc2UgSm9iIHRvIHJldXNhYmxlIHdvcmtmbG93IGZldGNoZXJz-->feat(jobparser): expose Job to reusable workflow fetchers<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1227): <!--number 1227 --><!--line 0 --><!--description ZmVhdChqb2JwYXJzZXIpOiBhZGQgdHJhY2tpbmcgSURzIGZvciBvdXRlci9pbm5lciBqb2JzIGluIHJldXNhYmxlIHdvcmtmbG93cw==-->feat(jobparser): add tracking IDs for outer/inner jobs in reusable workflows<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1228): <!--number 1228 --><!--line 0 --><!--description ZmVhdChqb2JwYXJzZXIpOiBpZ25vcmUgYF9fbWV0YWRhdGFgIGluIHdvcmtmbG93IHNjaGVtYSB2YWxpZGF0aW9u-->feat(jobparser): ignore `__metadata` in workflow schema validation<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1229): <!--number 1229 --><!--line 0 --><!--description ZmVhdChqb2JwYXJzZXIpOiBleHBvc2UgQVBJIGZvciBgRXZhbHVhdGVXb3JrZmxvd0NhbGxTZWNyZXRzYA==-->feat(jobparser): expose API for `EvaluateWorkflowCallSecrets`<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1210): <!--number 1210 --><!--line 0 --><!--description ZmVhdChydW5uZXIpOiBza2lwIHNlcnZpY2UgY29udGFpbmVycyB3aXRoIGVtcHR5IGltYWdlIGFmdGVyIGludGVycG9sYXRpb24=-->feat(runner): skip service containers with empty image after interpolation<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1235): <!--number 1235 --><!--line 0 --><!--description Zml4KGpvYnBhcnNlcik6IHByZXNlcnZlIHdvcmtmbG93X3BhcmVudF9pZCBvbiByZXBhcnNpbmcgaW5jb21wbGV0ZSB3b3JrZmxvd3M=-->fix(jobparser): preserve workflow\_parent\_id on reparsing incomplete workflows<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1230): <!--number 1230 --><!--line 0 --><!--description Zml4OiBhY2NlcHQgZW52IHJlZmVyZW5jZXMgaW4gc2VydmljZSBkZWZpbml0aW9ucw==-->fix: accept env references in service definitions<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10535
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7516b5a680..252b8eaeaf 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.2.0
+	code.forgejo.org/forgejo/runner/v12 v12.3.0
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index 6792d6d404..df61d469f4 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.2.0 h1:CNRdZqXD32xZOdlQe154c+rIY6VcQ3avEyBqKcAy9SU=
-code.forgejo.org/forgejo/runner/v12 v12.2.0/go.mod h1:m6i/RnHQObdagTZUUPR+Nb2Th3VBLOHzjZ6tVw7F0qs=
+code.forgejo.org/forgejo/runner/v12 v12.3.0 h1:1I171DOnzibl/zuzARLdslp71mVbnFnjsdVCEWD+Mdg=
+code.forgejo.org/forgejo/runner/v12 v12.3.0/go.mod h1:m6i/RnHQObdagTZUUPR+Nb2Th3VBLOHzjZ6tVw7F0qs=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=

From a0d54c8366a058b47fb86091ba83230cf8572170 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 22 Dec 2025 00:26:52 +0100
Subject: [PATCH 027/854] Update dependency vue to v3.5.26 (forgejo) (#10504)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 125 +++++++++++++++++++++++++---------------------
 package.json      |   2 +-
 2 files changed, 70 insertions(+), 57 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 834a012482..83b7d8f06e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -52,7 +52,7 @@
         "tributejs": "5.1.3",
         "uint8-to-base64": "0.2.0",
         "vanilla-colorful": "0.7.2",
-        "vue": "3.5.25",
+        "vue": "3.5.26",
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
@@ -4496,39 +4496,51 @@
       }
     },
     "node_modules/@vue/compiler-core": {
-      "version": "3.5.25",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.25.tgz",
-      "integrity": "sha512-vay5/oQJdsNHmliWoZfHPoVZZRmnSWhug0BYT34njkYTPqClh3DNWLkZNJBVSjsNMrg0CCrBfoKkjZQPM/QVUw==",
+      "version": "3.5.26",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.26.tgz",
+      "integrity": "sha512-vXyI5GMfuoBCnv5ucIT7jhHKl55Y477yxP6fc4eUswjP8FG3FFVFd41eNDArR+Uk3QKn2Z85NavjaxLxOC19/w==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.28.5",
-        "@vue/shared": "3.5.25",
-        "entities": "^4.5.0",
+        "@vue/shared": "3.5.26",
+        "entities": "^7.0.0",
         "estree-walker": "^2.0.2",
         "source-map-js": "^1.2.1"
       }
     },
+    "node_modules/@vue/compiler-core/node_modules/entities": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.0.tgz",
+      "integrity": "sha512-FDWG5cmEYf2Z00IkYRhbFrwIwvdFKH07uV8dvNy0omp/Qb1xcyCWp2UDtcwJF4QZZvk0sLudP6/hAu42TaqVhQ==",
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
     "node_modules/@vue/compiler-dom": {
-      "version": "3.5.25",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.25.tgz",
-      "integrity": "sha512-4We0OAcMZsKgYoGlMjzYvaoErltdFI2/25wqanuTu+S4gismOTRTBPi4IASOjxWdzIwrYSjnqONfKvuqkXzE2Q==",
+      "version": "3.5.26",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.26.tgz",
+      "integrity": "sha512-y1Tcd3eXs834QjswshSilCBnKGeQjQXB6PqFn/1nxcQw4pmG42G8lwz+FZPAZAby6gZeHSt/8LMPfZ4Rb+Bd/A==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-core": "3.5.25",
-        "@vue/shared": "3.5.25"
+        "@vue/compiler-core": "3.5.26",
+        "@vue/shared": "3.5.26"
       }
     },
     "node_modules/@vue/compiler-sfc": {
-      "version": "3.5.25",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.25.tgz",
-      "integrity": "sha512-PUgKp2rn8fFsI++lF2sO7gwO2d9Yj57Utr5yEsDf3GNaQcowCLKL7sf+LvVFvtJDXUp/03+dC6f2+LCv5aK1ag==",
+      "version": "3.5.26",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.26.tgz",
+      "integrity": "sha512-egp69qDTSEZcf4bGOSsprUr4xI73wfrY5oRs6GSgXFTiHrWj4Y3X5Ydtip9QMqiCMCPVwLglB9GBxXtTadJ3mA==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.28.5",
-        "@vue/compiler-core": "3.5.25",
-        "@vue/compiler-dom": "3.5.25",
-        "@vue/compiler-ssr": "3.5.25",
-        "@vue/shared": "3.5.25",
+        "@vue/compiler-core": "3.5.26",
+        "@vue/compiler-dom": "3.5.26",
+        "@vue/compiler-ssr": "3.5.26",
+        "@vue/shared": "3.5.26",
         "estree-walker": "^2.0.2",
         "magic-string": "^0.30.21",
         "postcss": "^8.5.6",
@@ -4545,63 +4557,63 @@
       }
     },
     "node_modules/@vue/compiler-ssr": {
-      "version": "3.5.25",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.25.tgz",
-      "integrity": "sha512-ritPSKLBcParnsKYi+GNtbdbrIE1mtuFEJ4U1sWeuOMlIziK5GtOL85t5RhsNy4uWIXPgk+OUdpnXiTdzn8o3A==",
+      "version": "3.5.26",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.26.tgz",
+      "integrity": "sha512-lZT9/Y0nSIRUPVvapFJEVDbEXruZh2IYHMk2zTtEgJSlP5gVOqeWXH54xDKAaFS4rTnDeDBQUYDtxKyoW9FwDw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.25",
-        "@vue/shared": "3.5.25"
+        "@vue/compiler-dom": "3.5.26",
+        "@vue/shared": "3.5.26"
       }
     },
     "node_modules/@vue/reactivity": {
-      "version": "3.5.25",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.25.tgz",
-      "integrity": "sha512-5xfAypCQepv4Jog1U4zn8cZIcbKKFka3AgWHEFQeK65OW+Ys4XybP6z2kKgws4YB43KGpqp5D/K3go2UPPunLA==",
+      "version": "3.5.26",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.26.tgz",
+      "integrity": "sha512-9EnYB1/DIiUYYnzlnUBgwU32NNvLp/nhxLXeWRhHUEeWNTn1ECxX8aGO7RTXeX6PPcxe3LLuNBFoJbV4QZ+CFQ==",
       "license": "MIT",
       "dependencies": {
-        "@vue/shared": "3.5.25"
+        "@vue/shared": "3.5.26"
       }
     },
     "node_modules/@vue/runtime-core": {
-      "version": "3.5.25",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.25.tgz",
-      "integrity": "sha512-Z751v203YWwYzy460bzsYQISDfPjHTl+6Zzwo/a3CsAf+0ccEjQ8c+0CdX1WsumRTHeywvyUFtW6KvNukT/smA==",
+      "version": "3.5.26",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.26.tgz",
+      "integrity": "sha512-xJWM9KH1kd201w5DvMDOwDHYhrdPTrAatn56oB/LRG4plEQeZRQLw0Bpwih9KYoqmzaxF0OKSn6swzYi84e1/Q==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.25",
-        "@vue/shared": "3.5.25"
+        "@vue/reactivity": "3.5.26",
+        "@vue/shared": "3.5.26"
       }
     },
     "node_modules/@vue/runtime-dom": {
-      "version": "3.5.25",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.25.tgz",
-      "integrity": "sha512-a4WrkYFbb19i9pjkz38zJBg8wa/rboNERq3+hRRb0dHiJh13c+6kAbgqCPfMaJ2gg4weWD3APZswASOfmKwamA==",
+      "version": "3.5.26",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.26.tgz",
+      "integrity": "sha512-XLLd/+4sPC2ZkN/6+V4O4gjJu6kSDbHAChvsyWgm1oGbdSO3efvGYnm25yCjtFm/K7rrSDvSfPDgN1pHgS4VNQ==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.25",
-        "@vue/runtime-core": "3.5.25",
-        "@vue/shared": "3.5.25",
-        "csstype": "^3.1.3"
+        "@vue/reactivity": "3.5.26",
+        "@vue/runtime-core": "3.5.26",
+        "@vue/shared": "3.5.26",
+        "csstype": "^3.2.3"
       }
     },
     "node_modules/@vue/server-renderer": {
-      "version": "3.5.25",
-      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.25.tgz",
-      "integrity": "sha512-UJaXR54vMG61i8XNIzTSf2Q7MOqZHpp8+x3XLGtE3+fL+nQd+k7O5+X3D/uWrnQXOdMw5VPih+Uremcw+u1woQ==",
+      "version": "3.5.26",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.26.tgz",
+      "integrity": "sha512-TYKLXmrwWKSodyVuO1WAubucd+1XlLg4set0YoV+Hu8Lo79mp/YMwWV5mC5FgtsDxX3qo1ONrxFaTP1OQgy1uA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-ssr": "3.5.25",
-        "@vue/shared": "3.5.25"
+        "@vue/compiler-ssr": "3.5.26",
+        "@vue/shared": "3.5.26"
       },
       "peerDependencies": {
-        "vue": "3.5.25"
+        "vue": "3.5.26"
       }
     },
     "node_modules/@vue/shared": {
-      "version": "3.5.25",
-      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.25.tgz",
-      "integrity": "sha512-AbOPdQQnAnzs58H2FrrDxYj/TJfmeS2jdfEEhgiKINy+bnOANmVizIEgq1r+C5zsbs6l1CCQxtcj71rwNQ4jWg==",
+      "version": "3.5.26",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.26.tgz",
+      "integrity": "sha512-7Z6/y3uFI5PRoKeorTOSXKcDj0MSasfNNltcslbFrPpcw6aXRUALq4IfJlaTRspiWIUOEZbrpM+iQGmCOiWe4A==",
       "license": "MIT"
     },
     "node_modules/@vue/test-utils": {
@@ -7063,6 +7075,7 @@
       "version": "4.5.0",
       "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
       "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
+      "dev": true,
       "license": "BSD-2-Clause",
       "engines": {
         "node": ">=0.12"
@@ -15629,17 +15642,17 @@
       "license": "MIT"
     },
     "node_modules/vue": {
-      "version": "3.5.25",
-      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.25.tgz",
-      "integrity": "sha512-YLVdgv2K13WJ6n+kD5owehKtEXwdwXuj2TTyJMsO7pSeKw2bfRNZGjhB7YzrpbMYj5b5QsUebHpOqR3R3ziy/g==",
+      "version": "3.5.26",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.26.tgz",
+      "integrity": "sha512-SJ/NTccVyAoNUJmkM9KUqPcYlY+u8OVL1X5EW9RIs3ch5H2uERxyyIUI4MRxVCSOiEcupX9xNGde1tL9ZKpimA==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@vue/compiler-dom": "3.5.25",
-        "@vue/compiler-sfc": "3.5.25",
-        "@vue/runtime-dom": "3.5.25",
-        "@vue/server-renderer": "3.5.25",
-        "@vue/shared": "3.5.25"
+        "@vue/compiler-dom": "3.5.26",
+        "@vue/compiler-sfc": "3.5.26",
+        "@vue/runtime-dom": "3.5.26",
+        "@vue/server-renderer": "3.5.26",
+        "@vue/shared": "3.5.26"
       },
       "peerDependencies": {
         "typescript": "*"
diff --git a/package.json b/package.json
index 5509ca1466..bb3af6cb11 100644
--- a/package.json
+++ b/package.json
@@ -51,7 +51,7 @@
     "tributejs": "5.1.3",
     "uint8-to-base64": "0.2.0",
     "vanilla-colorful": "0.7.2",
-    "vue": "3.5.25",
+    "vue": "3.5.26",
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",

From 5244253fb98beb0544a73c8d33e06d05c57058a0 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 22 Dec 2025 02:14:23 +0100
Subject: [PATCH 028/854] Update dependency webpack to v5.104.1 (forgejo)
 (#10538)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10538
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 83b7d8f06e..7b7e72226e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -56,7 +56,7 @@
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
-        "webpack": "5.104.0",
+        "webpack": "5.104.1",
         "webpack-cli": "6.0.1",
         "wrap-ansi": "9.0.2"
       },
@@ -15760,9 +15760,9 @@
       "license": "BSD-2-Clause"
     },
     "node_modules/webpack": {
-      "version": "5.104.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.104.0.tgz",
-      "integrity": "sha512-5DeICTX8BVgNp6afSPYXAFjskIgWGlygQH58bcozPOXgo2r/6xx39Y1+cULZ3gTxUYQP88jmwLj2anu4Xaq84g==",
+      "version": "5.104.1",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.104.1.tgz",
+      "integrity": "sha512-Qphch25abbMNtekmEGJmeRUhLDbe+QfiWTiqpKYkpCOWY64v9eyl+KRRLmqOFA2AvKPpc9DC6+u2n76tQLBoaA==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
diff --git a/package.json b/package.json
index bb3af6cb11..4a1e32cd45 100644
--- a/package.json
+++ b/package.json
@@ -55,7 +55,7 @@
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",
-    "webpack": "5.104.0",
+    "webpack": "5.104.1",
     "webpack-cli": "6.0.1",
     "wrap-ansi": "9.0.2"
   },

From 50b007526609a391186709b874c0b8fe76b08b3b Mon Sep 17 00:00:00 2001
From: James Anderson <james@jamesa.me>
Date: Mon, 22 Dec 2025 02:32:40 +0100
Subject: [PATCH 029/854] fix: linking commit hashes with leading or trailing
 punctuation (#8643)

Recognize commit hashes if they have leading or trailing punctuation, `ccc33dd2dfcd8e9d81c7e91f74acf92114a61ea0...` will not be recognized properly. The restriction of two punctuation characters on either side has been lifted.

Resolves #8602

Co-Authored-By: Beowulf <beowulf@beocode.eu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8643
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: James Anderson <james@jamesa.me>
Co-committed-by: James Anderson <james@jamesa.me>
---
 modules/markup/html.go               | 2 +-
 modules/markup/html_internal_test.go | 4 ++++
 modules/markup/html_test.go          | 4 ++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/markup/html.go b/modules/markup/html.go
index 2fe0caa5b6..0ac0463493 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -49,7 +49,7 @@ var (
 	// hashCurrentPattern matches string that represents a commit SHA, e.g. d8a994ef243349f321568f9e36d5c3f444b99cae
 	// Although SHA1 hashes are 40 chars long, SHA256 are 64, the regex matches the hash from 7 to 64 chars in length
 	// so that abbreviated hash links can be used as well. This matches git and GitHub usability.
-	hashCurrentPattern = regexp.MustCompile(`(?:^|\s)[^\w\d]{0,2}([0-9a-f]{7,64})[^\w\d]{0,2}(?:\s|$)`)
+	hashCurrentPattern = regexp.MustCompile(`(?:^|\s)[^\w\d]*([0-9a-f]{7,64})[^\w\d]*(?:\s|$)`)
 
 	// shortLinkPattern matches short but difficult to parse [[name|link|arg=test]] syntax
 	shortLinkPattern = regexp.MustCompile(`\[\[(.*?)\]\](\w*)`)
diff --git a/modules/markup/html_internal_test.go b/modules/markup/html_internal_test.go
index 1f717a78ed..21572bdda3 100644
--- a/modules/markup/html_internal_test.go
+++ b/modules/markup/html_internal_test.go
@@ -475,6 +475,9 @@ func TestRegExp_hashCurrentPattern(t *testing.T) {
 		":abcd3ef",
 		".abcd3ef",
 		" (abcd3ef). ",
+		"abcd3ef...",
+		"...abcd3ef",
+		"(!...abcd3ef",
 	}
 	falseTestCases := []string{
 		"test",
@@ -484,6 +487,7 @@ func TestRegExp_hashCurrentPattern(t *testing.T) {
 		"abcdefghijklmnopqrstuvwxyzabcdefghijklmO",
 		"commit/abcdefd",
 		"abcd3ef...defabcd",
+		"f..defabcd",
 	}
 
 	for _, testCase := range trueTestCases {
diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go
index 512a7aa02a..6c6658748a 100644
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -57,8 +57,10 @@ func TestRender_Commits(t *testing.T) {
 	}
 
 	sha := "65f1bf27bc3bf70f64657658635e66094edbcb4d"
+	shaWithExtra := "65f1bf27bc3bf70f64657658635e66094edbcb4d..."
 	repo := markup.TestRepoURL
 	commit := util.URLJoin(repo, "commit", sha)
+	commitWithExtra := util.URLJoin(repo, "commit", shaWithExtra)
 	tree := util.URLJoin(repo, "tree", sha, "src")
 
 	file := util.URLJoin(repo, "commit", sha, "example.txt")
@@ -69,9 +71,11 @@ func TestRender_Commits(t *testing.T) {
 	commitCompareWithHash := commitCompare + "#L2"
 
 	test(sha, `<p><a href="`+commit+`" rel="nofollow"><code>65f1bf27bc</code></a></p>`)
+	test(shaWithExtra, `<p><a href="`+commit+`" rel="nofollow"><code>65f1bf27bc</code></a>...</p>`)
 	test(sha[:7], `<p><a href="`+commit[:len(commit)-(40-7)]+`" rel="nofollow"><code>65f1bf2</code></a></p>`)
 	test(sha[:39], `<p><a href="`+commit[:len(commit)-(40-39)]+`" rel="nofollow"><code>65f1bf27bc</code></a></p>`)
 	test(commit, `<p><a href="`+commit+`" rel="nofollow"><code>65f1bf27bc</code></a></p>`)
+	test(commitWithExtra, `<p><a href="`+commit+`" rel="nofollow"><code>65f1bf27bc</code></a>...</p>`)
 	test(tree, `<p><a href="`+tree+`" rel="nofollow"><code>65f1bf27bc/src</code></a></p>`)
 
 	test(file, `<p><a href="`+file+`" rel="nofollow"><code>65f1bf27bc/example.txt</code></a></p>`)

From 34af1330c22172cf0cda2003903da4526e1436b6 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Mon, 22 Dec 2025 04:14:11 +0100
Subject: [PATCH 030/854] refactor: split `ActionJobStepList` out of
 `RepoActionView` (#10537)

Continuing refactor work to split functionality out of `RepoActionView` and into more testable, more manageable sub-components.  #9768 will eventually result in some updates to this view for new functionality, and before more complexity is added I'd like to clean it up to a more maintainable state.

Previous refactor step: #10366

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [x] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10537
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 web_src/js/components/ActionJobStep.test.js   |  21 +++
 web_src/js/components/ActionJobStep.vue       |  66 +++++++
 .../js/components/ActionJobStepList.test.js   | 175 ++++++++++++++++++
 web_src/js/components/ActionJobStepList.vue   | 108 +++++++++++
 web_src/js/components/RepoActionView.vue      | 106 ++---------
 5 files changed, 385 insertions(+), 91 deletions(-)
 create mode 100644 web_src/js/components/ActionJobStepList.test.js
 create mode 100644 web_src/js/components/ActionJobStepList.vue

diff --git a/web_src/js/components/ActionJobStep.test.js b/web_src/js/components/ActionJobStep.test.js
index ae52fd7bcc..5ecb0005a5 100644
--- a/web_src/js/components/ActionJobStep.test.js
+++ b/web_src/js/components/ActionJobStep.test.js
@@ -1,3 +1,6 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 import {describe, expect, test, vi} from 'vitest';
 import {mount} from '@vue/test-utils';
 import ActionJobStep from './ActionJobStep.vue';
@@ -262,4 +265,22 @@ describe('ActionJobStep', () => {
     // Check if after the log list exists another log line
     expect(wrapper.get('.job-log-list + .job-log-line > .log-msg').text()).toEqual('A line outside the group');
   });
+
+  test('scrollIntoView focuses on a line from the log', () => {
+    const wrapper = createWrapper();
+    const logLines = [
+      {index: 1, timestamp: 1765163618, message: 'Starting build'},
+      {index: 2, timestamp: 1765163619, message: 'Running tests'},
+      {index: 3, timestamp: 1765163620, message: 'Build complete'},
+    ];
+    wrapper.vm.appendLogs(logLines, 1765163618);
+
+    const scrollIntoViewMock = vi.fn();
+    const targetElement = wrapper.find('#jobstep-12321-1 .line-num').element;
+    targetElement.scrollIntoView = scrollIntoViewMock;
+
+    wrapper.vm.scrollIntoView('#jobstep-12321-1');
+
+    expect(scrollIntoViewMock).toHaveBeenCalled();
+  });
 });
diff --git a/web_src/js/components/ActionJobStep.vue b/web_src/js/components/ActionJobStep.vue
index 5d9dd64ea4..600f1ce344 100644
--- a/web_src/js/components/ActionJobStep.vue
+++ b/web_src/js/components/ActionJobStep.vue
@@ -1,3 +1,8 @@
+<!--
+Copyright 2025 The Forgejo Authors. All rights reserved.
+SPDX-License-Identifier: GPL-3.0-or-later
+-->
+
 <script>
 import {SvgIcon} from '../svg.js';
 import ActionRunStatus from './ActionRunStatus.vue';
@@ -164,6 +169,14 @@ export default {
       const list = line.nextSibling;
       list.classList.toggle('hidden', event.newState !== 'open');
     },
+
+    scrollIntoView(lineID) {
+      const logLine = this.$refs.logsContainer.querySelector(lineID);
+      if (!logLine) {
+        return;
+      }
+      logLine.querySelector('.line-num').scrollIntoView();
+    },
   },
 };
 </script>
@@ -231,8 +244,61 @@ export default {
   position: sticky;
   top: 60px;
 }
+
+.job-step-logs {
+  font-family: var(--fonts-monospace);
+  margin: 8px 0;
+  font-size: 12px;
+}
+
 </style>
 <style>
 /* some elements are not managed by vue, so we need to use global style */
 
+.job-step-logs .job-log-line {
+  display: flex;
+}
+
+.job-step-logs .job-log-line .log-msg {
+  flex: 1;
+  word-break: break-all;
+  white-space: break-spaces;
+  margin-left: 10px;
+  overflow-wrap: anywhere;
+  color: var(--color-console-fg);
+}
+
+.job-log-line:hover,
+.job-log-line:target {
+  background-color: var(--color-console-hover-bg);
+}
+
+.job-log-line:target {
+  scroll-margin-top: 95px;
+}
+
+/* class names 'log-time-seconds' and 'log-time-stamp' are used in the method toggleTimeDisplay */
+.job-log-line .line-num, .log-time-seconds {
+  width: 48px;
+  color: var(--color-text-light-3);
+  text-align: right;
+  user-select: none;
+}
+
+.job-log-line:target > .line-num {
+  color: var(--color-primary);
+  text-decoration: underline;
+}
+
+.log-time-seconds {
+  padding-right: 2px;
+}
+
+.job-log-line .log-time,
+.log-time-stamp {
+  color: var(--color-text-light-3);
+  margin-left: 10px;
+  white-space: nowrap;
+}
+
 </style>
diff --git a/web_src/js/components/ActionJobStepList.test.js b/web_src/js/components/ActionJobStepList.test.js
new file mode 100644
index 0000000000..617529f852
--- /dev/null
+++ b/web_src/js/components/ActionJobStepList.test.js
@@ -0,0 +1,175 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+import {describe, expect, test, vi} from 'vitest';
+import {mount} from '@vue/test-utils';
+import ActionJobStepList from './ActionJobStepList.vue';
+import ActionJobStep from './ActionJobStep.vue';
+
+vi.mock('../utils/time.js', () => ({
+  formatDatetime: vi.fn((date) => date.toISOString()),
+}));
+
+describe('ActionJobStepList', () => {
+  const mockIsExpandable = vi.fn(() => true);
+  const mockIsDone = vi.fn(() => true);
+
+  const defaultProps = {
+    steps: [
+      {status: 'success', summary: 'step 1 - go grocery shopping', duration: '3601s'},
+      {status: 'running', summary: 'step 2 - cook food', duration: '301s'},
+      {status: 'waiting', summary: 'step 3 - eat food', duration: ''},
+    ],
+    stepStates: [
+      {cursor: null, expanded: false},
+      {cursor: null, expanded: false},
+      {cursor: null, expanded: false},
+    ],
+    runStatus: 'running',
+    isExpandable: mockIsExpandable,
+    isDone: mockIsDone,
+    timeVisibleTimestamp: false,
+    timeVisibleSeconds: false,
+  };
+
+  function createWrapper(props = {}) {
+    return mount(ActionJobStepList, {
+      props: {
+        ...defaultProps,
+        ...props,
+      },
+    });
+  }
+
+  test('pass-through to ActionJobStep', () => {
+    // ActionJobStepList's tests don't need to validate the functionality of ActionJobStep -- that is the responsibility
+    // of its own tests.  But we should validate that ActionJobStepList invokes the child element and passes in relevant
+    // data.
+    const wrapper = createWrapper();
+    const jobSteps = wrapper.findAllComponents(ActionJobStep);
+    expect(jobSteps).toHaveLength(3);
+    expect(jobSteps[0].props()).toEqual({
+      runStatus: 'running',
+      isExpandable: mockIsExpandable,
+      isDone: mockIsDone,
+      stepId: 0,
+      status: 'success',
+      summary: 'step 1 - go grocery shopping',
+      duration: '3601s',
+      expanded: false,
+      cursor: null,
+      timeVisibleTimestamp: false,
+      timeVisibleSeconds: false,
+    });
+  });
+
+  test('render list elements', () => {
+    const wrapper = createWrapper();
+    expect(wrapper.findAll('.job-step-container')).toHaveLength(1);
+    expect(wrapper.findAll('.job-step-section')).toHaveLength(3);
+  });
+
+  test('render empty', () => {
+    const wrapper = createWrapper({steps: []});
+    expect(wrapper.findAll('.job-step-container')).toHaveLength(0);
+    expect(wrapper.findAll('.job-step-section')).toHaveLength(0);
+  });
+
+  test('pass-through appendLogs', () => {
+    const wrapper = createWrapper({
+      stepStates: [
+        {cursor: 0, expanded: true},
+        {cursor: null, expanded: false},
+        {cursor: null, expanded: false},
+      ],
+    });
+
+    expect(wrapper.findAll('.job-log-line').length).toEqual(0);
+
+    const logLines = [
+      {index: 1, timestamp: 1765163618, message: 'Starting build'},
+      {index: 2, timestamp: 1765163619, message: 'Running tests'},
+      {index: 3, timestamp: 1765163620, message: 'Build complete'},
+    ];
+    wrapper.vm.appendLogs(0, logLines, 1765163618);
+
+    expect(wrapper.findAll('.job-log-line').length).toEqual(3);
+  });
+
+  test('toggle visibility of timestamp', async () => {
+    const wrapper = createWrapper({
+      stepStates: [
+        {cursor: 0, expanded: true},
+        {cursor: null, expanded: false},
+        {cursor: null, expanded: false},
+      ],
+    });
+    const logLines = [
+      {index: 1, timestamp: 1765163618, message: 'Starting build'},
+    ];
+    wrapper.vm.appendLogs(0, logLines, 1765163618);
+
+    // pre-condition - expect log timestamps are hidden
+    expect(wrapper.find('.log-time-stamp').exists()).toBe(true);
+    expect(wrapper.find('.log-time-stamp').classes()).toContain('tw-hidden');
+
+    await wrapper.setProps({timeVisibleTimestamp: true});
+
+    expect(wrapper.find('.log-time-stamp').exists()).toBe(true);
+    expect(wrapper.find('.log-time-stamp').classes()).not.toContain('tw-hidden');
+  });
+
+  test('toggle visibility of duration seconds', async () => {
+    const wrapper = createWrapper({
+      stepStates: [
+        {cursor: 0, expanded: true},
+        {cursor: null, expanded: false},
+        {cursor: null, expanded: false},
+      ],
+    });
+    const logLines = [
+      {index: 1, timestamp: 1765163618, message: 'Starting build'},
+    ];
+    wrapper.vm.appendLogs(0, logLines, 1765163618);
+
+    // pre-condition - expect log time seconds are hidden
+    expect(wrapper.find('.log-time-seconds').exists()).toBe(true);
+    expect(wrapper.find('.log-time-seconds').classes()).toContain('tw-hidden');
+
+    await wrapper.setProps({timeVisibleSeconds: true});
+
+    expect(wrapper.find('.log-time-seconds').exists()).toBe(true);
+    expect(wrapper.find('.log-time-seconds').classes()).not.toContain('tw-hidden');
+  });
+
+  test('emits toggle event on click when expandable', async () => {
+    const wrapper = createWrapper();
+    await wrapper.find('.job-step-summary').trigger('click');
+    expect(wrapper.emitted('toggleStepLogs')).toBeTruthy();
+    expect(wrapper.emitted('toggleStepLogs')).toHaveLength(1);
+    expect(wrapper.emitted('toggleStepLogs')).toStrictEqual([[0]]); // step index that was toggled
+  });
+
+  test('scrollIntoView focuses on a line from the log', () => {
+    const wrapper = createWrapper({
+      stepStates: [
+        {cursor: 0, expanded: true},
+        {cursor: null, expanded: false},
+        {cursor: null, expanded: false},
+      ],
+    });
+    const logLines = [];
+    for (let i = 0; i < 1000; i++) {
+      logLines.push({index: 1 + i, timestamp: 1765163618 + i, message: `Line ${i}`});
+    }
+    wrapper.vm.appendLogs(0, logLines, 1765163618);
+
+    const scrollIntoViewMock = vi.fn();
+    const targetElement = wrapper.find('#jobstep-0-999 .line-num').element;
+    targetElement.scrollIntoView = scrollIntoViewMock;
+
+    wrapper.vm.scrollIntoView(0, '#jobstep-0-999');
+
+    expect(scrollIntoViewMock).toHaveBeenCalled();
+  });
+});
diff --git a/web_src/js/components/ActionJobStepList.vue b/web_src/js/components/ActionJobStepList.vue
new file mode 100644
index 0000000000..8cb052b02c
--- /dev/null
+++ b/web_src/js/components/ActionJobStepList.vue
@@ -0,0 +1,108 @@
+<!--
+Copyright 2025 The Forgejo Authors. All rights reserved.
+SPDX-License-Identifier: GPL-3.0-or-later
+-->
+
+<script>
+import ActionJobStep from './ActionJobStep.vue';
+import {toggleElem} from '../utils/dom.js';
+
+export default {
+  name: 'ActionJobStepList',
+  components: {
+    // SvgIcon,
+    ActionJobStep,
+  },
+  props: {
+    steps: {
+      // Array of { status: string, summary: string, duration: string }
+      type: Array,
+      required: true,
+    },
+    stepStates: {
+      // Array of { cursor: Number | null, expanded: boolean }.  Array length must match `steps`.
+      type: Array,
+      required: true,
+    },
+    runStatus: {
+      type: String,
+      required: true,
+    },
+    isExpandable: {
+      type: Function,
+      required: true,
+    },
+    isDone: {
+      type: Function,
+      required: true,
+    },
+    timeVisibleTimestamp: {
+      type: Boolean,
+      required: true,
+    },
+    timeVisibleSeconds: {
+      type: Boolean,
+      required: true,
+    },
+  },
+
+  emits: ['toggleStepLogs'],
+
+  watch: {
+    timeVisibleTimestamp(_oldVisible, _newVisible) {
+      for (const el of this.$refs.steps.querySelectorAll(`.log-time-stamp`)) {
+        toggleElem(el, this.timeVisibleTimestamp);
+      }
+    },
+    timeVisibleSeconds(_oldVisible, _newVisible) {
+      for (const el of this.$refs.steps.querySelectorAll(`.log-time-seconds`)) {
+        toggleElem(el, this.timeVisibleSeconds);
+      }
+    },
+  },
+
+  methods: {
+    appendLogs(stepIndex, logLines, startTime) {
+      this.$refs.jobSteps[stepIndex].appendLogs(logLines, startTime);
+    },
+    scrollIntoView(stepIndex, lineID) {
+      this.$refs.jobSteps[stepIndex].scrollIntoView(lineID);
+    },
+  },
+};
+</script>
+<template>
+  <div class="job-step-container" ref="steps" v-if="steps.length">
+    <div class="job-step-section" v-for="(jobStep, i) in steps" :key="i">
+      <ActionJobStep
+        ref="jobSteps"
+        :run-status="runStatus"
+        :is-expandable="isExpandable"
+        :is-done="isDone"
+        :step-id="i"
+        :status="jobStep.status"
+        :summary="jobStep.summary"
+        :duration="jobStep.duration"
+        :expanded="stepStates[i].expanded"
+        :cursor="stepStates[i].cursor"
+        :time-visible-timestamp="timeVisibleTimestamp"
+        :time-visible-seconds="timeVisibleSeconds"
+        @toggle="() => $emit('toggleStepLogs', i)"
+      />
+    </div>
+  </div>
+</template>
+<style scoped>
+
+.job-step-container {
+  max-height: 100%;
+  border-radius: 0 0 var(--border-radius) var(--border-radius);
+  border-top: 1px solid var(--color-console-border);
+  z-index: 0;
+}
+
+.job-step-section {
+  margin: 10px;
+}
+
+</style>
diff --git a/web_src/js/components/RepoActionView.vue b/web_src/js/components/RepoActionView.vue
index 0bdce36995..aa2c4f6d2a 100644
--- a/web_src/js/components/RepoActionView.vue
+++ b/web_src/js/components/RepoActionView.vue
@@ -1,7 +1,7 @@
 <script>
 import {SvgIcon} from '../svg.js';
 import ActionRunStatus from './ActionRunStatus.vue';
-import ActionJobStep from './ActionJobStep.vue';
+import ActionJobStepList from './ActionJobStepList.vue';
 import {toggleElem} from '../utils/dom.js';
 import {GET, POST, DELETE} from '../modules/fetch.js';
 
@@ -10,7 +10,7 @@ export default {
   components: {
     SvgIcon,
     ActionRunStatus,
-    ActionJobStep,
+    ActionJobStepList,
   },
   props: {
     initialJobData: {
@@ -243,7 +243,7 @@ export default {
     },
 
     appendLogs(stepIndex, logLines, startTime) {
-      this.$refs.jobSteps[stepIndex].appendLogs(logLines, startTime);
+      this.$refs.stepList.appendLogs(stepIndex, logLines, startTime);
     },
 
     async fetchArtifacts() {
@@ -401,9 +401,6 @@ export default {
 
     toggleTimeDisplay(type) {
       this.timeVisible[`log-time-${type}`] = !this.timeVisible[`log-time-${type}`];
-      for (const el of this.$refs.steps.querySelectorAll(`.log-time-${type}`)) {
-        toggleElem(el, this.timeVisible[`log-time-${type}`]);
-      }
     },
 
     toggleFullScreen() {
@@ -435,9 +432,7 @@ export default {
         // so logline can be selected by querySelector
         await this.loadJob();
       }
-      const logLine = this.$refs.steps.querySelector(selectedLogStep);
-      if (!logLine) return;
-      logLine.querySelector('.line-num').click();
+      this.$refs.stepList.scrollIntoView(step, selectedLogStep);
     },
 
     runAttemptLabel(attempt) {
@@ -591,25 +586,17 @@ export default {
             </div>
           </div>
         </div>
-        <div class="job-step-container" ref="steps" v-if="currentJob.steps.length">
-          <div class="job-step-section" v-for="(jobStep, i) in currentJob.steps" :key="i">
-            <ActionJobStep
-              ref="jobSteps"
-              :run-status="run.status"
-              :is-expandable="isExpandable"
-              :is-done="isDone"
-              :step-id="i"
-              :status="jobStep.status"
-              :summary="jobStep.summary"
-              :duration="jobStep.duration"
-              :expanded="currentJobStepsStates[i].expanded"
-              :cursor="currentJobStepsStates[i].cursor"
-              :time-visible-timestamp="timeVisible['log-time-stamp']"
-              :time-visible-seconds="timeVisible['log-time-seconds']"
-              @toggle="() => toggleStepLogs(i)"
-            />
-          </div>
-        </div>
+        <ActionJobStepList
+          ref="stepList"
+          :steps="currentJob.steps"
+          :step-states="currentJobStepsStates"
+          :run-status="run.status"
+          :is-expandable="isExpandable"
+          :is-done="isDone"
+          :time-visible-timestamp="timeVisible['log-time-stamp']"
+          :time-visible-seconds="timeVisible['log-time-seconds']"
+          @toggle-step-logs="toggleStepLogs"
+        />
       </div>
     </div>
   </div>
@@ -881,13 +868,6 @@ export default {
   flex: 1;
 }
 
-.job-step-container {
-  max-height: 100%;
-  border-radius: 0 0 var(--border-radius) var(--border-radius);
-  border-top: 1px solid var(--color-console-border);
-  z-index: 0;
-}
-
 @media (max-width: 767.98px) {
   .action-view-body {
     flex-direction: column;
@@ -913,62 +893,6 @@ export default {
   }
 }
 
-.job-step-section {
-  margin: 10px;
-}
-
-.job-step-section .job-step-logs {
-  font-family: var(--fonts-monospace);
-  margin: 8px 0;
-  font-size: 12px;
-}
-
-.job-step-section .job-step-logs .job-log-line {
-  display: flex;
-}
-
-.job-log-line:hover,
-.job-log-line:target {
-  background-color: var(--color-console-hover-bg);
-}
-
-.job-log-line:target {
-  scroll-margin-top: 95px;
-}
-
-/* class names 'log-time-seconds' and 'log-time-stamp' are used in the method toggleTimeDisplay */
-.job-log-line .line-num, .log-time-seconds {
-  width: 48px;
-  color: var(--color-text-light-3);
-  text-align: right;
-  user-select: none;
-}
-
-.job-log-line:target > .line-num {
-  color: var(--color-primary);
-  text-decoration: underline;
-}
-
-.log-time-seconds {
-  padding-right: 2px;
-}
-
-.job-log-line .log-time,
-.log-time-stamp {
-  color: var(--color-text-light-3);
-  margin-left: 10px;
-  white-space: nowrap;
-}
-
-.job-step-section .job-step-logs .job-log-line .log-msg {
-  flex: 1;
-  word-break: break-all;
-  white-space: break-spaces;
-  margin-left: 10px;
-  overflow-wrap: anywhere;
-  color: var(--color-console-fg);
-}
-
 /* selectors here are intentionally exact to only match fullscreen */
 
 .full.height > .action-view-right {

From 21f1bd21b6a9b4b9b163ed20843ca4e297cc680b Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Mon, 22 Dec 2025 09:06:30 +0100
Subject: [PATCH 031/854] fix(ui): avatar for dismissed review is stretched if
 not square (#10524)

The timeline event for a dismissed review didn't used the `AvatarUtils` until now. The `AvatarUtils` also adds classes to the img tag, which makes sure the avatar is correctly styled and not stretched.
This PR replaces the img tag with the expected call to the `AvatarUtils`.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10524
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 templates/repo/issue/view_content/comments.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/repo/issue/view_content/comments.tmpl b/templates/repo/issue/view_content/comments.tmpl
index dc0ec01df2..c3cc94dfb3 100644
--- a/templates/repo/issue/view_content/comments.tmpl
+++ b/templates/repo/issue/view_content/comments.tmpl
@@ -635,7 +635,7 @@
 			<div class="timeline-item-group">
 				<div class="timeline-item event" id="{{.HashTag}}">
 					<a class="timeline-avatar"{{if gt .Poster.ID 0}} href="{{.Poster.HomeLink}}"{{end}}>
-						<img src="{{.Poster.AvatarLink $.Context}}" alt="" width="40" height="40" loading="lazy">
+						{{ctx.AvatarUtils.Avatar .Poster 40}}
 					</a>
 					<span class="badge grey">{{svg "octicon-x" 16}}</span>
 					<span class="text grey muted-links">

From fa230a19647e2564e16a8e446d24e8a906bb6156 Mon Sep 17 00:00:00 2001
From: BtbN <btbn@btbn.de>
Date: Mon, 22 Dec 2025 12:59:37 +0100
Subject: [PATCH 032/854] fix: always search for issue posters by user and full
 name (#10394)

Previously searching for posters would use full name or username depending on the `[ui].DEFAULT_SHOW_FULL_NAME` setting, now it searches for both of them regardless of the setting.

This also a fixes a bug when `[ui].DEFAULT_SHOW_FULL_NAME=true` that users without a full name where not able to searched for.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10394
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: BtbN <btbn@btbn.de>
Co-committed-by: BtbN <btbn@btbn.de>
---
 models/repo/user_repo.go        | 12 +++++------
 routers/web/repo/issue.go       |  2 +-
 tests/integration/issue_test.go | 37 +++++++++++++++++++--------------
 3 files changed, 27 insertions(+), 24 deletions(-)

diff --git a/models/repo/user_repo.go b/models/repo/user_repo.go
index 309bfee18f..ca02c1e3f0 100644
--- a/models/repo/user_repo.go
+++ b/models/repo/user_repo.go
@@ -162,14 +162,12 @@ func GetReviewers(ctx context.Context, repo *Repository, doerID, posterID int64)
 	return users, db.GetEngine(ctx).Where(cond).OrderBy(user_model.GetOrderByName()).Find(&users)
 }
 
-// GetIssuePostersWithSearch returns users with limit of 30 whose username started with prefix that have authored an issue/pull request for the given repository
-// If isShowFullName is set to true, also include full name prefix search
-func GetIssuePostersWithSearch(ctx context.Context, repo *Repository, isPull bool, search string, isShowFullName bool) ([]*user_model.User, error) {
+// GetIssuePostersWithSearch returns up to 30 users whose username starts with or full_name contains the given search string for the given repository.
+func GetIssuePostersWithSearch(ctx context.Context, repo *Repository, isPull bool, search string) ([]*user_model.User, error) {
 	users := make([]*user_model.User, 0, 30)
-	prefixCond := db.BuildCaseInsensitiveLike("name", search+"%")
-	if isShowFullName {
-		prefixCond = db.BuildCaseInsensitiveLike("full_name", "%"+search+"%")
-	}
+	prefixCond := builder.Or(
+		db.BuildCaseInsensitiveLike("name", search+"%"),
+		db.BuildCaseInsensitiveLike("full_name", "%"+search+"%"))
 
 	cond := builder.In("`user`.id",
 		builder.Select("poster_id").From("issue").Where(
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index df61ef0daf..d46ea7f133 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -3767,7 +3767,7 @@ func PullPosters(ctx *context.Context) {
 func issuePosters(ctx *context.Context, isPullList bool) {
 	repo := ctx.Repo.Repository
 	search := strings.TrimSpace(ctx.FormString("q"))
-	posters, err := repo_model.GetIssuePostersWithSearch(ctx, repo, isPullList, search, setting.UI.DefaultShowFullName)
+	posters, err := repo_model.GetIssuePostersWithSearch(ctx, repo, isPullList, search)
 	if err != nil {
 		ctx.JSON(http.StatusInternalServerError, err)
 		return
diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go
index b47f3fd534..19fe59a10a 100644
--- a/tests/integration/issue_test.go
+++ b/tests/integration/issue_test.go
@@ -1547,34 +1547,39 @@ func TestIssuePostersSearch(t *testing.T) {
 		Results []*userSearchInfo `json:"results"`
 	}
 
-	t.Run("Name search", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-		defer test.MockVariableValue(&setting.UI.DefaultShowFullName, false)()
+	testCase := func(t *testing.T, showFullName bool, url, wantUserName string, wantUserID int64) {
+		t.Helper()
+		defer test.MockVariableValue(&setting.UI.DefaultShowFullName, showFullName)()
 
-		req := NewRequest(t, "GET", "/user2/repo1/issues/posters?q=USer2")
+		req := NewRequest(t, "GET", url)
 		resp := MakeRequest(t, req, http.StatusOK)
 
 		var data userSearchResponse
 		DecodeJSON(t, resp, &data)
 
 		assert.Len(t, data.Results, 1)
-		assert.Equal(t, "user2", data.Results[0].UserName)
-		assert.EqualValues(t, 2, data.Results[0].UserID)
+		assert.Equal(t, wantUserName, data.Results[0].UserName)
+		assert.Equal(t, wantUserID, data.Results[0].UserID)
+	}
+
+	t.Run("Name search", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		testCase(t, false, "/user2/repo1/issues/posters?q=USer2", "user2", 2)
+	})
+
+	t.Run("Name search (default full_name)", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		testCase(t, true, "/user2/repo1/issues/posters?q=USer2", "user2", 2)
 	})
 
 	t.Run("Full name search", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
-		defer test.MockVariableValue(&setting.UI.DefaultShowFullName, true)()
+		testCase(t, true, "/user2/repo1/issues/posters?q=OnE", "user1", 1)
+	})
 
-		req := NewRequest(t, "GET", "/user2/repo1/issues/posters?q=OnE")
-		resp := MakeRequest(t, req, http.StatusOK)
-
-		var data userSearchResponse
-		DecodeJSON(t, resp, &data)
-
-		assert.Len(t, data.Results, 1)
-		assert.Equal(t, "user1", data.Results[0].UserName)
-		assert.EqualValues(t, 1, data.Results[0].UserID)
+	t.Run("Full name search (no default full_name)", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		testCase(t, false, "/user2/repo1/issues/posters?q=OnE", "user1", 1)
 	})
 }
 

From aa4a597b21c5260109e1ae5d4177877076d67b9d Mon Sep 17 00:00:00 2001
From: JohnnyJayJay <johnny@leftfold.tech>
Date: Mon, 22 Dec 2025 13:59:50 +0100
Subject: [PATCH 033/854] fix(ui): add dynamic aria-label to monospace button
 in markdown editor (#8244)

The aria-label now changes dynamically depending on whether
the monospace font is enabled or disabled.

Greetings from GPN :)

Fixes #7669.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8244
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: JohnnyJayJay <johnny@leftfold.tech>
Co-committed-by: JohnnyJayJay <johnny@leftfold.tech>
---
 tests/e2e/markdown-editor.test.e2e.ts         | 26 +++++++++++++++++++
 .../js/features/comp/ComboMarkdownEditor.js   |  2 ++
 2 files changed, 28 insertions(+)

diff --git a/tests/e2e/markdown-editor.test.e2e.ts b/tests/e2e/markdown-editor.test.e2e.ts
index 3f6e1608b6..e2c2f36ed1 100644
--- a/tests/e2e/markdown-editor.test.e2e.ts
+++ b/tests/e2e/markdown-editor.test.e2e.ts
@@ -560,3 +560,29 @@ test('Markdown bold/italic toolbar and shortcut', async ({page}) => {
   await textarea.press('ControlOrMeta+KeyI');
   await expect(textarea).toHaveValue(`line 1\nline 2\nline 3\nline 4`);
 });
+
+test('Monospace button aria-label', async ({page}) => {
+  // Load page with editor
+  const response = await page.goto('/user2/repo1/issues/new');
+  expect(response?.status()).toBe(200);
+
+  const monospaceButton = page.locator('.markdown-switch-monospace');
+  const enableText = await monospaceButton.getAttribute('data-enable-text');
+  const disableText = await monospaceButton.getAttribute('data-disable-text');
+
+  async function assertAriaLabel(enabled: boolean) {
+    const expected = enabled ? disableText : enableText;
+
+    await expect(monospaceButton).toHaveAttribute('aria-label', expected);
+  }
+
+  const enabled = await monospaceButton.getAttribute('aria-checked') === 'true';
+
+  await assertAriaLabel(enabled);
+
+  await monospaceButton.click();
+  await assertAriaLabel(!enabled);
+
+  await monospaceButton.click();
+  await assertAriaLabel(enabled);
+});
diff --git a/web_src/js/features/comp/ComboMarkdownEditor.js b/web_src/js/features/comp/ComboMarkdownEditor.js
index 8c010ae386..b4bc443c0e 100644
--- a/web_src/js/features/comp/ComboMarkdownEditor.js
+++ b/web_src/js/features/comp/ComboMarkdownEditor.js
@@ -176,6 +176,7 @@ class ComboMarkdownEditor {
     const monospaceEnabled = localStorage?.getItem('markdown-editor-monospace') === 'true';
     const monospaceText = monospaceButton.getAttribute(monospaceEnabled ? 'data-disable-text' : 'data-enable-text');
     monospaceButton.setAttribute('data-tooltip-content', monospaceText);
+    monospaceButton.setAttribute('aria-label', monospaceText);
     monospaceButton.setAttribute('aria-checked', String(monospaceEnabled));
 
     monospaceButton?.addEventListener('click', (e) => {
@@ -185,6 +186,7 @@ class ComboMarkdownEditor {
       this.textarea.classList.toggle('tw-font-mono', enabled);
       const text = monospaceButton.getAttribute(enabled ? 'data-disable-text' : 'data-enable-text');
       monospaceButton.setAttribute('data-tooltip-content', text);
+      monospaceButton.setAttribute('aria-label', text);
       monospaceButton.setAttribute('aria-checked', String(enabled));
     });
 

From 4e83f85b7511135b7c54bc1ba1873fc17c8ecf0a Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Mon, 22 Dec 2025 15:51:37 +0100
Subject: [PATCH 034/854] feat: use `keying` for webhook secrets (#10059)

- Follow up of forgejo/forgejo!5041, forgejo/forgejo!6074, forgejo/forgejo!8692, forgejo/forgejo!9923
- The `webhook` table contains a encrypted header authorization.
- Use `keying` to safely store this secret and bound them to the table, column and row id
- The migration isn't spectacular but does closely follow what we learned in the previous three migrations: use a transaction and delete records when you can't decrypt them.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10059
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 .../v14a_migrate_webhook_authorization.go     | 91 +++++++++++++++++
 ...v14a_migrate_webhook_authorization_test.go | 97 +++++++++++++++++++
 .../Test_MigrateWebhookSecrets/webhook.yml    | 17 ++++
 models/webhook/webhook.go                     | 44 ++++++---
 models/webhook/webhook_system.go              |  2 +-
 models/webhook/webhook_test.go                |  6 +-
 modules/keying/keying.go                      |  2 +
 routers/api/v1/utils/hook.go                  | 15 +--
 routers/web/repo/setting/webhook.go           | 23 ++---
 services/issue/comments_test.go               |  8 +-
 services/webhook/deliver_test.go              | 10 +-
 11 files changed, 258 insertions(+), 57 deletions(-)
 create mode 100644 models/forgejo_migrations/v14a_migrate_webhook_authorization.go
 create mode 100644 models/forgejo_migrations/v14a_migrate_webhook_authorization_test.go
 create mode 100644 models/gitea_migrations/fixtures/Test_MigrateWebhookSecrets/webhook.yml

diff --git a/models/forgejo_migrations/v14a_migrate_webhook_authorization.go b/models/forgejo_migrations/v14a_migrate_webhook_authorization.go
new file mode 100644
index 0000000000..738841eb2b
--- /dev/null
+++ b/models/forgejo_migrations/v14a_migrate_webhook_authorization.go
@@ -0,0 +1,91 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"context"
+	"fmt"
+
+	"forgejo.org/models/db"
+	webhook_model "forgejo.org/models/webhook"
+	"forgejo.org/modules/keying"
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/secret"
+	"forgejo.org/modules/setting"
+
+	"xorm.io/xorm"
+	"xorm.io/xorm/schemas"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "migrate `header_authorization_encrypted` of `webhook` table to store keying material",
+		Upgrade:     migrateWebhookSecrets,
+	})
+}
+
+func migrateWebhookSecrets(x *xorm.Engine) error {
+	return db.WithTx(db.DefaultContext, func(ctx context.Context) error {
+		sess := db.GetEngine(ctx)
+
+		switch x.Dialect().URI().DBType {
+		case schemas.MYSQL:
+			if _, err := sess.Exec("ALTER TABLE `webhook` MODIFY `header_authorization_encrypted` BLOB"); err != nil {
+				return err
+			}
+		case schemas.SQLITE:
+			if _, err := sess.Exec("ALTER TABLE `webhook` RENAME COLUMN `header_authorization_encrypted` TO `header_authorization_encrypted_backup`"); err != nil {
+				return err
+			}
+			if _, err := sess.Exec("ALTER TABLE `webhook` ADD COLUMN `header_authorization_encrypted` BLOB"); err != nil {
+				return err
+			}
+			if _, err := sess.Exec("UPDATE `webhook` SET `header_authorization_encrypted` = `header_authorization_encrypted_backup`"); err != nil {
+				return err
+			}
+			if _, err := sess.Exec("ALTER TABLE `webhook` DROP COLUMN `header_authorization_encrypted_backup`"); err != nil {
+				return err
+			}
+		case schemas.POSTGRES:
+			if _, err := sess.Exec("ALTER TABLE `webhook` ALTER COLUMN `header_authorization_encrypted` SET DATA TYPE bytea USING header_authorization_encrypted::text::bytea"); err != nil {
+				return err
+			}
+		}
+
+		key := keying.Webhook
+
+		oldEncryptionKey := setting.SecretKey
+		messages := make([]string, 0, 100)
+		ids := make([]int64, 0, 100)
+
+		err := db.Iterate(ctx, nil, func(ctx context.Context, bean *webhook_model.Webhook) error {
+			if len(bean.HeaderAuthorizationEncrypted) == 0 {
+				return nil
+			}
+
+			secretBytes, err := secret.DecryptSecret(oldEncryptionKey, string(bean.HeaderAuthorizationEncrypted))
+			if err != nil {
+				messages = append(messages, fmt.Sprintf("webhook.id=%d, webhook.repo_id=%d, webhook.owner_id=%d: secret.DecryptSecret(): %v", bean.ID, bean.RepoID, bean.OwnerID, err))
+				ids = append(ids, bean.ID)
+				return nil
+			}
+
+			bean.HeaderAuthorizationEncrypted = key.Encrypt([]byte(secretBytes), keying.ColumnAndID("header_authorization_encrypted", bean.ID))
+			_, err = sess.Cols("header_authorization_encrypted").ID(bean.ID).Update(bean)
+			return err
+		})
+
+		if err == nil {
+			if len(ids) > 0 {
+				log.Error("migration[v14a_migrate_webhook_authorization]: The following webhook were found to be corrupted and removed from the database.")
+				for _, message := range messages {
+					log.Error("migration[v14a_migrate_webhook_authorization]: %s", message)
+				}
+
+				_, err = sess.In("id", ids).NoAutoCondition().NoAutoTime().Delete(&webhook_model.Webhook{})
+			}
+		}
+		return err
+	})
+}
diff --git a/models/forgejo_migrations/v14a_migrate_webhook_authorization_test.go b/models/forgejo_migrations/v14a_migrate_webhook_authorization_test.go
new file mode 100644
index 0000000000..0b5701c88c
--- /dev/null
+++ b/models/forgejo_migrations/v14a_migrate_webhook_authorization_test.go
@@ -0,0 +1,97 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"testing"
+
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+	webhook_model "forgejo.org/models/webhook"
+	"forgejo.org/modules/keying"
+	"forgejo.org/modules/timeutil"
+	webhook_module "forgejo.org/modules/webhook"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_MigrateWebhookSecrets(t *testing.T) {
+	type Webhook struct {
+		ID              int64 `xorm:"pk autoincr"`
+		RepoID          int64 `xorm:"INDEX"`
+		OwnerID         int64 `xorm:"INDEX"`
+		IsSystemWebhook bool
+		URL             string `xorm:"url TEXT"`
+		HTTPMethod      string `xorm:"http_method"`
+		ContentType     webhook_model.HookContentType
+		Secret          string                  `xorm:"TEXT"`
+		Events          string                  `xorm:"TEXT"`
+		IsActive        bool                    `xorm:"INDEX"`
+		Type            webhook_module.HookType `xorm:"VARCHAR(16) 'type'"`
+		Meta            string                  `xorm:"TEXT"`
+		LastStatus      webhook_module.HookStatus
+
+		HeaderAuthorizationEncrypted string `xorm:"TEXT"`
+
+		CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
+		UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
+	}
+
+	type NewWebhook struct {
+		ID              int64 `xorm:"pk autoincr"`
+		RepoID          int64 `xorm:"INDEX"`
+		OwnerID         int64 `xorm:"INDEX"`
+		IsSystemWebhook bool
+		URL             string `xorm:"url TEXT"`
+		HTTPMethod      string `xorm:"http_method"`
+		ContentType     webhook_model.HookContentType
+		Secret          string                  `xorm:"TEXT"`
+		Events          string                  `xorm:"TEXT"`
+		IsActive        bool                    `xorm:"INDEX"`
+		Type            webhook_module.HookType `xorm:"VARCHAR(16) 'type'"`
+		Meta            string                  `xorm:"TEXT"`
+		LastStatus      webhook_module.HookStatus
+
+		HeaderAuthorizationEncrypted []byte `xorm:"BLOB"`
+
+		CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
+		UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
+	}
+
+	// Prepare and load the testing database
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(Webhook))
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	cnt, err := x.Table("webhook").Count()
+	require.NoError(t, err)
+	assert.EqualValues(t, 3, cnt)
+
+	require.NoError(t, migrateWebhookSecrets(x))
+
+	cnt, err = x.Table("webhook").Count()
+	require.NoError(t, err)
+	assert.EqualValues(t, 2, cnt)
+
+	key := keying.Webhook
+
+	t.Run("webhook 1", func(t *testing.T) {
+		var webhook NewWebhook
+		_, err = x.Table("webhook").ID(1).Get(&webhook)
+		require.NoError(t, err)
+
+		secret, err := key.Decrypt(webhook.HeaderAuthorizationEncrypted, keying.ColumnAndID("header_authorization_encrypted", webhook.ID))
+		require.NoError(t, err)
+		assert.EqualValues(t, "Bearer s3cr3t", secret)
+	})
+
+	t.Run("webhook 3", func(t *testing.T) {
+		var webhook NewWebhook
+		_, err = x.Table("webhook").ID(3).Get(&webhook)
+		require.NoError(t, err)
+		assert.Empty(t, webhook.HeaderAuthorizationEncrypted)
+	})
+}
diff --git a/models/gitea_migrations/fixtures/Test_MigrateWebhookSecrets/webhook.yml b/models/gitea_migrations/fixtures/Test_MigrateWebhookSecrets/webhook.yml
new file mode 100644
index 0000000000..338bf4468e
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_MigrateWebhookSecrets/webhook.yml
@@ -0,0 +1,17 @@
+-
+  id: 1
+  owner_id: 3
+  repo_id: 3
+  header_authorization_encrypted: '54586e944822336738b940c2560b7ef38bea3a91dcfe43c9c32e55b2a57050f75c63456b'
+
+-
+  id: 2
+  owner_id: 1
+  repo_id: 2
+  header_authorization_encrypted: 'badbadbad'
+
+-
+  id: 3
+  owner_id: 2
+  repo_id: 1
+  header_authorization_encrypted: ''
diff --git a/models/webhook/webhook.go b/models/webhook/webhook.go
index 1f81caf424..5147f52506 100644
--- a/models/webhook/webhook.go
+++ b/models/webhook/webhook.go
@@ -11,10 +11,9 @@ import (
 
 	"forgejo.org/models/db"
 	"forgejo.org/modules/json"
+	"forgejo.org/modules/keying"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/optional"
-	"forgejo.org/modules/secret"
-	"forgejo.org/modules/setting"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 	webhook_module "forgejo.org/modules/webhook"
@@ -137,7 +136,7 @@ type Webhook struct {
 	LastStatus                webhook_module.HookStatus // Last delivery status
 
 	// HeaderAuthorizationEncrypted should be accessed using HeaderAuthorization() and SetHeaderAuthorization()
-	HeaderAuthorizationEncrypted string `xorm:"TEXT"`
+	HeaderAuthorizationEncrypted []byte `xorm:"BLOB"`
 
 	CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
 	UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
@@ -376,10 +375,15 @@ func (w *Webhook) EventsArray() []string {
 // HeaderAuthorization returns the decrypted Authorization header.
 // Not on the reference (*w), to be accessible on WebhooksNew.
 func (w Webhook) HeaderAuthorization() (string, error) {
-	if w.HeaderAuthorizationEncrypted == "" {
+	if len(w.HeaderAuthorizationEncrypted) == 0 {
 		return "", nil
 	}
-	return secret.DecryptSecret(setting.SecretKey, w.HeaderAuthorizationEncrypted)
+
+	headerAuthorization, err := keying.Webhook.Decrypt(w.HeaderAuthorizationEncrypted, keying.ColumnAndID("header_authorization_encrypted", w.ID))
+	if err != nil {
+		return "", err
+	}
+	return string(headerAuthorization), nil
 }
 
 // HeaderAuthorizationTrimPrefix returns the decrypted Authorization with a specified prefix trimmed.
@@ -392,23 +396,31 @@ func (w Webhook) HeaderAuthorizationTrimPrefix(prefix string) (string, error) {
 }
 
 // SetHeaderAuthorization encrypts and sets the Authorization header.
-func (w *Webhook) SetHeaderAuthorization(cleartext string) error {
+func (w *Webhook) SetHeaderAuthorization(cleartext string) {
 	if cleartext == "" {
-		w.HeaderAuthorizationEncrypted = ""
-		return nil
+		w.HeaderAuthorizationEncrypted = nil
+		return
 	}
-	ciphertext, err := secret.EncryptSecret(setting.SecretKey, cleartext)
-	if err != nil {
-		return err
-	}
-	w.HeaderAuthorizationEncrypted = ciphertext
-	return nil
+
+	w.HeaderAuthorizationEncrypted = keying.Webhook.Encrypt([]byte(cleartext), keying.ColumnAndID("header_authorization_encrypted", w.ID))
 }
 
 // CreateWebhook creates a new web hook.
-func CreateWebhook(ctx context.Context, w *Webhook) error {
+func CreateWebhook(ctx context.Context, w *Webhook, authorizationHeader string) error {
 	w.Type = strings.TrimSpace(w.Type)
-	return db.Insert(ctx, w)
+
+	if len(authorizationHeader) == 0 {
+		return db.Insert(ctx, w)
+	}
+	return db.WithTx(ctx, func(ctx context.Context) error {
+		if err := db.Insert(ctx, w); err != nil {
+			return err
+		}
+
+		w.SetHeaderAuthorization(authorizationHeader)
+		_, err := db.GetEngine(ctx).Cols("header_authorization_encrypted").ID(w.ID).Update(w)
+		return err
+	})
 }
 
 // CreateWebhooks creates multiple web hooks
diff --git a/models/webhook/webhook_system.go b/models/webhook/webhook_system.go
index 2e53f639dc..9cdd323235 100644
--- a/models/webhook/webhook_system.go
+++ b/models/webhook/webhook_system.go
@@ -77,7 +77,7 @@ func CopyDefaultWebhooksToRepo(ctx context.Context, repoID int64) error {
 	for _, w := range ws {
 		w.ID = 0
 		w.RepoID = repoID
-		if err := CreateWebhook(ctx, w); err != nil {
+		if err := CreateWebhook(ctx, w, ""); err != nil {
 			return fmt.Errorf("CreateWebhook: %v", err)
 		}
 	}
diff --git a/models/webhook/webhook_test.go b/models/webhook/webhook_test.go
index 60cd2b333b..1dabc0ff38 100644
--- a/models/webhook/webhook_test.go
+++ b/models/webhook/webhook_test.go
@@ -98,7 +98,7 @@ func TestCreateWebhook(t *testing.T) {
 			Events:      `{"push_only":false,"send_everything":false,"choose_events":true,"events":{"create":false,"push":true,"pull_request":true}}`,
 		}
 		unittest.AssertNotExistsBean(t, hook)
-		require.NoError(t, CreateWebhook(db.DefaultContext, hook))
+		require.NoError(t, CreateWebhook(db.DefaultContext, hook, ""))
 		hookFromDb := unittest.AssertExistsAndLoadBean(t, hook)
 		assert.Equal(t, []string{
 			string(webhook_module.HookEventPush),
@@ -114,7 +114,7 @@ func TestCreateWebhook(t *testing.T) {
 			Events:      `{"push_only":false,"send_everything":false,"choose_events":true,"events":{"action_run_recover":false,"action_run_success":true}}`,
 		}
 		unittest.AssertNotExistsBean(t, hook)
-		require.NoError(t, CreateWebhook(db.DefaultContext, hook))
+		require.NoError(t, CreateWebhook(db.DefaultContext, hook, ""))
 		hookFromDb := unittest.AssertExistsAndLoadBean(t, hook)
 		assert.Equal(t, []string{string(webhook_module.HookEventActionRunSuccess)}, hookFromDb.EventsArray())
 	})
@@ -127,7 +127,7 @@ func TestCreateWebhook(t *testing.T) {
 			Events:      `{"push_only":false,"send_everything":false,"choose_events":true,"events":{"create":true,"delete":true,"fork":true,"issues":true,"issue_assign":true,"issue_label":true,"issue_milestone":true,"issue_comment":true,"push":true,"pull_request":true,"pull_request_assign":true,"pull_request_label":true,"pull_request_milestone":true,"pull_request_comment":true,"pull_request_review":true,"pull_request_sync":true,"pull_request_review_request":true,"wiki":true,"repository":true,"release":true,"package":true,"action_run_failure":true,"action_run_recover":true,"action_run_success":true}}`,
 		}
 		unittest.AssertNotExistsBean(t, hook)
-		require.NoError(t, CreateWebhook(db.DefaultContext, hook))
+		require.NoError(t, CreateWebhook(db.DefaultContext, hook, ""))
 		hookFromDb := unittest.AssertExistsAndLoadBean(t, hook)
 		assert.Equal(t, []string{
 			string(webhook_module.HookEventCreate),
diff --git a/modules/keying/keying.go b/modules/keying/keying.go
index 0d7eecb904..a1a93419b1 100644
--- a/modules/keying/keying.go
+++ b/modules/keying/keying.go
@@ -39,6 +39,8 @@ var (
 	ActionSecret = deriveKey("action_secret")
 	// Used for the `task` table where type == TaskTypeMigrateRepo.
 	MigrateTask = deriveKey("migrate_repo_task")
+	// Used for the `webhook` table.
+	Webhook = deriveKey("webhook")
 )
 
 var (
diff --git a/routers/api/v1/utils/hook.go b/routers/api/v1/utils/hook.go
index 9a935f0cce..a18bea260f 100644
--- a/routers/api/v1/utils/hook.go
+++ b/routers/api/v1/utils/hook.go
@@ -220,11 +220,6 @@ func addHook(ctx *context.APIContext, form *api.CreateHookOption, ownerID, repoI
 		IsActive: form.Active,
 		Type:     form.Type,
 	}
-	err := w.SetHeaderAuthorization(form.AuthorizationHeader)
-	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "SetHeaderAuthorization", err)
-		return nil, false
-	}
 	if w.Type == webhook_module.SLACK {
 		channel, ok := form.Config["channel"]
 		if !ok {
@@ -254,7 +249,9 @@ func addHook(ctx *context.APIContext, form *api.CreateHookOption, ownerID, repoI
 	if err := w.UpdateEvent(); err != nil {
 		ctx.Error(http.StatusInternalServerError, "UpdateEvent", err)
 		return nil, false
-	} else if err := webhook.CreateWebhook(ctx, w); err != nil {
+	}
+
+	if err := webhook.CreateWebhook(ctx, w, form.AuthorizationHeader); err != nil {
 		ctx.Error(http.StatusInternalServerError, "CreateWebhook", err)
 		return nil, false
 	}
@@ -379,11 +376,7 @@ func editHook(ctx *context.APIContext, form *api.EditHookOption, w *webhook.Webh
 	w.Release = util.SliceContainsString(form.Events, string(webhook_module.HookEventRelease), true)
 	w.BranchFilter = form.BranchFilter
 
-	err := w.SetHeaderAuthorization(form.AuthorizationHeader)
-	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "SetHeaderAuthorization", err)
-		return false
-	}
+	w.SetHeaderAuthorization(form.AuthorizationHeader)
 
 	// Issues
 	w.Issues = issuesHook(form.Events, "issues_only")
diff --git a/routers/web/repo/setting/webhook.go b/routers/web/repo/setting/webhook.go
index 0caa196e25..b2c0691d04 100644
--- a/routers/web/repo/setting/webhook.go
+++ b/routers/web/repo/setting/webhook.go
@@ -215,17 +215,14 @@ func WebhookCreate(ctx *context.Context) {
 	if ctx.HasError() {
 		// pre-fill the form with the submitted data
 		var w webhook.Webhook
+		w.ID = -1 // We are going to encrypt it using this ID, bind the encrypted value to a ID that will never exist in the database. Safety precaution.
 		w.URL = fields.URL
 		w.ContentType = fields.ContentType
 		w.Secret = fields.Secret
 		w.HookEvent = ParseHookEvent(fields.WebhookCoreForm)
 		w.IsActive = fields.Active
 		w.HTTPMethod = fields.HTTPMethod
-		err := w.SetHeaderAuthorization(fields.AuthorizationHeader)
-		if err != nil {
-			ctx.ServerError("SetHeaderAuthorization", err)
-			return
-		}
+		w.SetHeaderAuthorization(fields.AuthorizationHeader)
 		ctx.Data["Webhook"] = w
 		ctx.Data["HookMetadata"] = fields.Metadata
 
@@ -255,15 +252,12 @@ func WebhookCreate(ctx *context.Context) {
 		OwnerID:         orCtx.OwnerID,
 		IsSystemWebhook: orCtx.IsSystemWebhook,
 	}
-	err = w.SetHeaderAuthorization(fields.AuthorizationHeader)
-	if err != nil {
-		ctx.ServerError("SetHeaderAuthorization", err)
-		return
-	}
 	if err := w.UpdateEvent(); err != nil {
 		ctx.ServerError("UpdateEvent", err)
 		return
-	} else if err := webhook.CreateWebhook(ctx, w); err != nil {
+	}
+
+	if err := webhook.CreateWebhook(ctx, w, fields.AuthorizationHeader); err != nil {
 		ctx.ServerError("CreateWebhook", err)
 		return
 	}
@@ -302,11 +296,7 @@ func WebhookUpdate(ctx *context.Context) {
 	w.IsActive = fields.Active
 	w.HTTPMethod = fields.HTTPMethod
 
-	err := w.SetHeaderAuthorization(fields.AuthorizationHeader)
-	if err != nil {
-		ctx.ServerError("SetHeaderAuthorization", err)
-		return
-	}
+	w.SetHeaderAuthorization(fields.AuthorizationHeader)
 
 	if ctx.HasError() {
 		ctx.Data["HookMetadata"] = fields.Metadata
@@ -314,6 +304,7 @@ func WebhookUpdate(ctx *context.Context) {
 		return
 	}
 
+	var err error
 	var meta []byte
 	if fields.Metadata != nil {
 		meta, err = json.Marshal(fields.Metadata)
diff --git a/services/issue/comments_test.go b/services/issue/comments_test.go
index fcf06d9ec8..0bf6d6db3e 100644
--- a/services/issue/comments_test.go
+++ b/services/issue/comments_test.go
@@ -40,7 +40,7 @@ func TestDeleteComment(t *testing.T) {
 			RepoID:   issue.RepoID,
 			IsActive: true,
 			Events:   `{"choose_events":true,"events":{"issue_comment": true}}`,
-		}))
+		}, ""))
 		hookTaskCount := unittest.GetCount(t, &webhook_model.HookTask{})
 
 		require.NoError(t, issue_service.DeleteComment(db.DefaultContext, nil, comment))
@@ -68,7 +68,7 @@ func TestDeleteComment(t *testing.T) {
 			RepoID:   issue.RepoID,
 			IsActive: true,
 			Events:   `{"choose_events":true,"events":{"issue_comment": true}}`,
-		}))
+		}, ""))
 		hookTaskCount := unittest.GetCount(t, &webhook_model.HookTask{})
 
 		require.NoError(t, comment.LoadReview(t.Context()))
@@ -101,7 +101,7 @@ func TestUpdateComment(t *testing.T) {
 			RepoID:   issue.RepoID,
 			IsActive: true,
 			Events:   `{"choose_events":true,"events":{"issue_comment": true}}`,
-		}))
+		}, ""))
 		hookTaskCount := unittest.GetCount(t, &webhook_model.HookTask{})
 		oldContent := comment.Content
 		comment.Content = "Hello!"
@@ -132,7 +132,7 @@ func TestUpdateComment(t *testing.T) {
 			RepoID:   issue.RepoID,
 			IsActive: true,
 			Events:   `{"choose_events":true,"events":{"issue_comment": true}}`,
-		}))
+		}, ""))
 		hookTaskCount := unittest.GetCount(t, &webhook_model.HookTask{})
 		oldContent := comment.Content
 		comment.Content = "Hello!"
diff --git a/services/webhook/deliver_test.go b/services/webhook/deliver_test.go
index 1a9ce05de4..13890621c6 100644
--- a/services/webhook/deliver_test.go
+++ b/services/webhook/deliver_test.go
@@ -102,9 +102,7 @@ func TestWebhookDeliverAuthorizationHeader(t *testing.T) {
 		IsActive:    true,
 		Type:        webhook_module.GITEA,
 	}
-	err := hook.SetHeaderAuthorization("Bearer s3cr3t-t0ken")
-	require.NoError(t, err)
-	require.NoError(t, webhook_model.CreateWebhook(db.DefaultContext, hook))
+	require.NoError(t, webhook_model.CreateWebhook(t.Context(), hook, "Bearer s3cr3t-t0ken"))
 
 	hookTask := &webhook_model.HookTask{
 		HookID:         hook.ID,
@@ -112,7 +110,7 @@ func TestWebhookDeliverAuthorizationHeader(t *testing.T) {
 		PayloadVersion: 2,
 	}
 
-	hookTask, err = webhook_model.CreateHookTask(db.DefaultContext, hookTask)
+	hookTask, err := webhook_model.CreateHookTask(db.DefaultContext, hookTask)
 	require.NoError(t, err)
 	assert.NotNil(t, hookTask)
 
@@ -168,7 +166,7 @@ func TestWebhookDeliverHookTask(t *testing.T) {
 		ContentType: webhook_model.ContentTypeJSON,
 		Meta:        `{"message_type":0}`, // text
 	}
-	require.NoError(t, webhook_model.CreateWebhook(db.DefaultContext, hook))
+	require.NoError(t, webhook_model.CreateWebhook(db.DefaultContext, hook, ""))
 
 	t.Run("Version 1", func(t *testing.T) {
 		hookTask := &webhook_model.HookTask{
@@ -296,7 +294,7 @@ func TestWebhookDeliverSpecificTypes(t *testing.T) {
 				ContentType: 0,  // set to 0 so that falling back to default request fails with "invalid content type"
 				Meta:        "{}",
 			}
-			require.NoError(t, webhook_model.CreateWebhook(db.DefaultContext, hook))
+			require.NoError(t, webhook_model.CreateWebhook(db.DefaultContext, hook, ""))
 
 			hookTask := &webhook_model.HookTask{
 				HookID:         hook.ID,

From 1afd5f56f1bbf09e370518fb1e5a64ee0338a36e Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 22 Dec 2025 17:54:12 +0100
Subject: [PATCH 035/854] Update dependency esbuild-loader to v4.4.1 (forgejo)
 (#10545)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10545
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 708 ++++++++--------------------------------------
 package.json      |   2 +-
 2 files changed, 113 insertions(+), 597 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 7b7e72226e..dd1b226693 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -25,7 +25,7 @@
         "dayjs": "1.11.18",
         "dropzone": "6.0.0-beta.2",
         "easymde": "2.18.0",
-        "esbuild-loader": "4.4.0",
+        "esbuild-loader": "4.4.1",
         "escape-goat": "4.0.0",
         "fast-glob": "3.3.3",
         "htmx.org": "2.0.8",
@@ -665,9 +665,9 @@
       }
     },
     "node_modules/@esbuild/aix-ppc64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.12.tgz",
-      "integrity": "sha512-Hhmwd6CInZ3dwpuGTF8fJG6yoWmsToE+vYgD4nytZVxcu1ulHpUQRAB1UJ8+N1Am3Mz4+xOByoQoSZf4D+CpkA==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.2.tgz",
+      "integrity": "sha512-GZMB+a0mOMZs4MpDbj8RJp4cw+w1WV5NYD6xzgvzUJ5Ek2jerwfO2eADyI6ExDSUED+1X8aMbegahsJi+8mgpw==",
       "cpu": [
         "ppc64"
       ],
@@ -681,9 +681,9 @@
       }
     },
     "node_modules/@esbuild/android-arm": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.12.tgz",
-      "integrity": "sha512-VJ+sKvNA/GE7Ccacc9Cha7bpS8nyzVv0jdVgwNDaR4gDMC/2TTRc33Ip8qrNYUcpkOHUT5OZ0bUcNNVZQ9RLlg==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.2.tgz",
+      "integrity": "sha512-DVNI8jlPa7Ujbr1yjU2PfUSRtAUZPG9I1RwW4F4xFB1Imiu2on0ADiI/c3td+KmDtVKNbi+nffGDQMfcIMkwIA==",
       "cpu": [
         "arm"
       ],
@@ -697,9 +697,9 @@
       }
     },
     "node_modules/@esbuild/android-arm64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.12.tgz",
-      "integrity": "sha512-6AAmLG7zwD1Z159jCKPvAxZd4y/VTO0VkprYy+3N2FtJ8+BQWFXU+OxARIwA46c5tdD9SsKGZ/1ocqBS/gAKHg==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.2.tgz",
+      "integrity": "sha512-pvz8ZZ7ot/RBphf8fv60ljmaoydPU12VuXHImtAs0XhLLw+EXBi2BLe3OYSBslR4rryHvweW5gmkKFwTiFy6KA==",
       "cpu": [
         "arm64"
       ],
@@ -713,9 +713,9 @@
       }
     },
     "node_modules/@esbuild/android-x64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.12.tgz",
-      "integrity": "sha512-5jbb+2hhDHx5phYR2By8GTWEzn6I9UqR11Kwf22iKbNpYrsmRB18aX/9ivc5cabcUiAT/wM+YIZ6SG9QO6a8kg==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.2.tgz",
+      "integrity": "sha512-z8Ank4Byh4TJJOh4wpz8g2vDy75zFL0TlZlkUkEwYXuPSgX8yzep596n6mT7905kA9uHZsf/o2OJZubl2l3M7A==",
       "cpu": [
         "x64"
       ],
@@ -729,9 +729,9 @@
       }
     },
     "node_modules/@esbuild/darwin-arm64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.12.tgz",
-      "integrity": "sha512-N3zl+lxHCifgIlcMUP5016ESkeQjLj/959RxxNYIthIg+CQHInujFuXeWbWMgnTo4cp5XVHqFPmpyu9J65C1Yg==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.2.tgz",
+      "integrity": "sha512-davCD2Zc80nzDVRwXTcQP/28fiJbcOwvdolL0sOiOsbwBa72kegmVU0Wrh1MYrbuCL98Omp5dVhQFWRKR2ZAlg==",
       "cpu": [
         "arm64"
       ],
@@ -745,9 +745,9 @@
       }
     },
     "node_modules/@esbuild/darwin-x64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.12.tgz",
-      "integrity": "sha512-HQ9ka4Kx21qHXwtlTUVbKJOAnmG1ipXhdWTmNXiPzPfWKpXqASVcWdnf2bnL73wgjNrFXAa3yYvBSd9pzfEIpA==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.2.tgz",
+      "integrity": "sha512-ZxtijOmlQCBWGwbVmwOF/UCzuGIbUkqB1faQRf5akQmxRJ1ujusWsb3CVfk/9iZKr2L5SMU5wPBi1UWbvL+VQA==",
       "cpu": [
         "x64"
       ],
@@ -761,9 +761,9 @@
       }
     },
     "node_modules/@esbuild/freebsd-arm64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.12.tgz",
-      "integrity": "sha512-gA0Bx759+7Jve03K1S0vkOu5Lg/85dou3EseOGUes8flVOGxbhDDh/iZaoek11Y8mtyKPGF3vP8XhnkDEAmzeg==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.2.tgz",
+      "integrity": "sha512-lS/9CN+rgqQ9czogxlMcBMGd+l8Q3Nj1MFQwBZJyoEKI50XGxwuzznYdwcav6lpOGv5BqaZXqvBSiB/kJ5op+g==",
       "cpu": [
         "arm64"
       ],
@@ -777,9 +777,9 @@
       }
     },
     "node_modules/@esbuild/freebsd-x64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.12.tgz",
-      "integrity": "sha512-TGbO26Yw2xsHzxtbVFGEXBFH0FRAP7gtcPE7P5yP7wGy7cXK2oO7RyOhL5NLiqTlBh47XhmIUXuGciXEqYFfBQ==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.2.tgz",
+      "integrity": "sha512-tAfqtNYb4YgPnJlEFu4c212HYjQWSO/w/h/lQaBK7RbwGIkBOuNKQI9tqWzx7Wtp7bTPaGC6MJvWI608P3wXYA==",
       "cpu": [
         "x64"
       ],
@@ -793,9 +793,9 @@
       }
     },
     "node_modules/@esbuild/linux-arm": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.12.tgz",
-      "integrity": "sha512-lPDGyC1JPDou8kGcywY0YILzWlhhnRjdof3UlcoqYmS9El818LLfJJc3PXXgZHrHCAKs/Z2SeZtDJr5MrkxtOw==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.2.tgz",
+      "integrity": "sha512-vWfq4GaIMP9AIe4yj1ZUW18RDhx6EPQKjwe7n8BbIecFtCQG4CfHGaHuh7fdfq+y3LIA2vGS/o9ZBGVxIDi9hw==",
       "cpu": [
         "arm"
       ],
@@ -809,9 +809,9 @@
       }
     },
     "node_modules/@esbuild/linux-arm64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.12.tgz",
-      "integrity": "sha512-8bwX7a8FghIgrupcxb4aUmYDLp8pX06rGh5HqDT7bB+8Rdells6mHvrFHHW2JAOPZUbnjUpKTLg6ECyzvas2AQ==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.2.tgz",
+      "integrity": "sha512-hYxN8pr66NsCCiRFkHUAsxylNOcAQaxSSkHMMjcpx0si13t1LHFphxJZUiGwojB1a/Hd5OiPIqDdXONia6bhTw==",
       "cpu": [
         "arm64"
       ],
@@ -825,9 +825,9 @@
       }
     },
     "node_modules/@esbuild/linux-ia32": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.12.tgz",
-      "integrity": "sha512-0y9KrdVnbMM2/vG8KfU0byhUN+EFCny9+8g202gYqSSVMonbsCfLjUO+rCci7pM0WBEtz+oK/PIwHkzxkyharA==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.2.tgz",
+      "integrity": "sha512-MJt5BRRSScPDwG2hLelYhAAKh9imjHK5+NE/tvnRLbIqUWa+0E9N4WNMjmp/kXXPHZGqPLxggwVhz7QP8CTR8w==",
       "cpu": [
         "ia32"
       ],
@@ -841,9 +841,9 @@
       }
     },
     "node_modules/@esbuild/linux-loong64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.12.tgz",
-      "integrity": "sha512-h///Lr5a9rib/v1GGqXVGzjL4TMvVTv+s1DPoxQdz7l/AYv6LDSxdIwzxkrPW438oUXiDtwM10o9PmwS/6Z0Ng==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.2.tgz",
+      "integrity": "sha512-lugyF1atnAT463aO6KPshVCJK5NgRnU4yb3FUumyVz+cGvZbontBgzeGFO1nF+dPueHD367a2ZXe1NtUkAjOtg==",
       "cpu": [
         "loong64"
       ],
@@ -857,9 +857,9 @@
       }
     },
     "node_modules/@esbuild/linux-mips64el": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.12.tgz",
-      "integrity": "sha512-iyRrM1Pzy9GFMDLsXn1iHUm18nhKnNMWscjmp4+hpafcZjrr2WbT//d20xaGljXDBYHqRcl8HnxbX6uaA/eGVw==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.2.tgz",
+      "integrity": "sha512-nlP2I6ArEBewvJ2gjrrkESEZkB5mIoaTswuqNFRv/WYd+ATtUpe9Y09RnJvgvdag7he0OWgEZWhviS1OTOKixw==",
       "cpu": [
         "mips64el"
       ],
@@ -873,9 +873,9 @@
       }
     },
     "node_modules/@esbuild/linux-ppc64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.12.tgz",
-      "integrity": "sha512-9meM/lRXxMi5PSUqEXRCtVjEZBGwB7P/D4yT8UG/mwIdze2aV4Vo6U5gD3+RsoHXKkHCfSxZKzmDssVlRj1QQA==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.2.tgz",
+      "integrity": "sha512-C92gnpey7tUQONqg1n6dKVbx3vphKtTHJaNG2Ok9lGwbZil6DrfyecMsp9CrmXGQJmZ7iiVXvvZH6Ml5hL6XdQ==",
       "cpu": [
         "ppc64"
       ],
@@ -889,9 +889,9 @@
       }
     },
     "node_modules/@esbuild/linux-riscv64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.12.tgz",
-      "integrity": "sha512-Zr7KR4hgKUpWAwb1f3o5ygT04MzqVrGEGXGLnj15YQDJErYu/BGg+wmFlIDOdJp0PmB0lLvxFIOXZgFRrdjR0w==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.2.tgz",
+      "integrity": "sha512-B5BOmojNtUyN8AXlK0QJyvjEZkWwy/FKvakkTDCziX95AowLZKR6aCDhG7LeF7uMCXEJqwa8Bejz5LTPYm8AvA==",
       "cpu": [
         "riscv64"
       ],
@@ -905,9 +905,9 @@
       }
     },
     "node_modules/@esbuild/linux-s390x": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.12.tgz",
-      "integrity": "sha512-MsKncOcgTNvdtiISc/jZs/Zf8d0cl/t3gYWX8J9ubBnVOwlk65UIEEvgBORTiljloIWnBzLs4qhzPkJcitIzIg==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.2.tgz",
+      "integrity": "sha512-p4bm9+wsPwup5Z8f4EpfN63qNagQ47Ua2znaqGH6bqLlmJ4bx97Y9JdqxgGZ6Y8xVTixUnEkoKSHcpRlDnNr5w==",
       "cpu": [
         "s390x"
       ],
@@ -921,9 +921,9 @@
       }
     },
     "node_modules/@esbuild/linux-x64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.12.tgz",
-      "integrity": "sha512-uqZMTLr/zR/ed4jIGnwSLkaHmPjOjJvnm6TVVitAa08SLS9Z0VM8wIRx7gWbJB5/J54YuIMInDquWyYvQLZkgw==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.2.tgz",
+      "integrity": "sha512-uwp2Tip5aPmH+NRUwTcfLb+W32WXjpFejTIOWZFw/v7/KnpCDKG66u4DLcurQpiYTiYwQ9B7KOeMJvLCu/OvbA==",
       "cpu": [
         "x64"
       ],
@@ -937,9 +937,9 @@
       }
     },
     "node_modules/@esbuild/netbsd-arm64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.12.tgz",
-      "integrity": "sha512-xXwcTq4GhRM7J9A8Gv5boanHhRa/Q9KLVmcyXHCTaM4wKfIpWkdXiMog/KsnxzJ0A1+nD+zoecuzqPmCRyBGjg==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.2.tgz",
+      "integrity": "sha512-Kj6DiBlwXrPsCRDeRvGAUb/LNrBASrfqAIok+xB0LxK8CHqxZ037viF13ugfsIpePH93mX7xfJp97cyDuTZ3cw==",
       "cpu": [
         "arm64"
       ],
@@ -953,9 +953,9 @@
       }
     },
     "node_modules/@esbuild/netbsd-x64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.12.tgz",
-      "integrity": "sha512-Ld5pTlzPy3YwGec4OuHh1aCVCRvOXdH8DgRjfDy/oumVovmuSzWfnSJg+VtakB9Cm0gxNO9BzWkj6mtO1FMXkQ==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.2.tgz",
+      "integrity": "sha512-HwGDZ0VLVBY3Y+Nw0JexZy9o/nUAWq9MlV7cahpaXKW6TOzfVno3y3/M8Ga8u8Yr7GldLOov27xiCnqRZf0tCA==",
       "cpu": [
         "x64"
       ],
@@ -969,9 +969,9 @@
       }
     },
     "node_modules/@esbuild/openbsd-arm64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.12.tgz",
-      "integrity": "sha512-fF96T6KsBo/pkQI950FARU9apGNTSlZGsv1jZBAlcLL1MLjLNIWPBkj5NlSz8aAzYKg+eNqknrUJ24QBybeR5A==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.2.tgz",
+      "integrity": "sha512-DNIHH2BPQ5551A7oSHD0CKbwIA/Ox7+78/AWkbS5QoRzaqlev2uFayfSxq68EkonB+IKjiuxBFoV8ESJy8bOHA==",
       "cpu": [
         "arm64"
       ],
@@ -985,9 +985,9 @@
       }
     },
     "node_modules/@esbuild/openbsd-x64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.12.tgz",
-      "integrity": "sha512-MZyXUkZHjQxUvzK7rN8DJ3SRmrVrke8ZyRusHlP+kuwqTcfWLyqMOE3sScPPyeIXN/mDJIfGXvcMqCgYKekoQw==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.2.tgz",
+      "integrity": "sha512-/it7w9Nb7+0KFIzjalNJVR5bOzA9Vay+yIPLVHfIQYG/j+j9VTH84aNB8ExGKPU4AzfaEvN9/V4HV+F+vo8OEg==",
       "cpu": [
         "x64"
       ],
@@ -1001,9 +1001,9 @@
       }
     },
     "node_modules/@esbuild/openharmony-arm64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.12.tgz",
-      "integrity": "sha512-rm0YWsqUSRrjncSXGA7Zv78Nbnw4XL6/dzr20cyrQf7ZmRcsovpcRBdhD43Nuk3y7XIoW2OxMVvwuRvk9XdASg==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.2.tgz",
+      "integrity": "sha512-LRBbCmiU51IXfeXk59csuX/aSaToeG7w48nMwA6049Y4J4+VbWALAuXcs+qcD04rHDuSCSRKdmY63sruDS5qag==",
       "cpu": [
         "arm64"
       ],
@@ -1017,9 +1017,9 @@
       }
     },
     "node_modules/@esbuild/sunos-x64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.12.tgz",
-      "integrity": "sha512-3wGSCDyuTHQUzt0nV7bocDy72r2lI33QL3gkDNGkod22EsYl04sMf0qLb8luNKTOmgF/eDEDP5BFNwoBKH441w==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.2.tgz",
+      "integrity": "sha512-kMtx1yqJHTmqaqHPAzKCAkDaKsffmXkPHThSfRwZGyuqyIeBvf08KSsYXl+abf5HDAPMJIPnbBfXvP2ZC2TfHg==",
       "cpu": [
         "x64"
       ],
@@ -1033,9 +1033,9 @@
       }
     },
     "node_modules/@esbuild/win32-arm64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.12.tgz",
-      "integrity": "sha512-rMmLrur64A7+DKlnSuwqUdRKyd3UE7oPJZmnljqEptesKM8wx9J8gx5u0+9Pq0fQQW8vqeKebwNXdfOyP+8Bsg==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.2.tgz",
+      "integrity": "sha512-Yaf78O/B3Kkh+nKABUF++bvJv5Ijoy9AN1ww904rOXZFLWVc5OLOfL56W+C8F9xn5JQZa3UX6m+IktJnIb1Jjg==",
       "cpu": [
         "arm64"
       ],
@@ -1049,9 +1049,9 @@
       }
     },
     "node_modules/@esbuild/win32-ia32": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.12.tgz",
-      "integrity": "sha512-HkqnmmBoCbCwxUKKNPBixiWDGCpQGVsrQfJoVGYLPT41XWF8lHuE5N6WhVia2n4o5QK5M4tYr21827fNhi4byQ==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.2.tgz",
+      "integrity": "sha512-Iuws0kxo4yusk7sw70Xa2E2imZU5HoixzxfGCdxwBdhiDgt9vX9VUCBhqcwY7/uh//78A1hMkkROMJq9l27oLQ==",
       "cpu": [
         "ia32"
       ],
@@ -1065,9 +1065,9 @@
       }
     },
     "node_modules/@esbuild/win32-x64": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.12.tgz",
-      "integrity": "sha512-alJC0uCZpTFrSL0CCDjcgleBXPnCrEAhTBILpeAp7M/OFgoqtAetfBzX0xM00MUsVVPpVjlPuMbREqnZCXaTnA==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.2.tgz",
+      "integrity": "sha512-sRdU18mcKf7F+YgheI/zGf5alZatMUTKj/jNS6l744f9u3WFu4v7twcUI9vu4mknF4Y9aDlblIie0IM+5xxaqQ==",
       "cpu": [
         "x64"
       ],
@@ -7281,9 +7281,9 @@
       }
     },
     "node_modules/esbuild": {
-      "version": "0.25.12",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.12.tgz",
-      "integrity": "sha512-bbPBYYrtZbkt6Os6FiTLCTFxvq4tt3JKall1vRwshA3fdVztsLAatFaZobhkBC8/BrPetoa0oksYoKXoG4ryJg==",
+      "version": "0.27.2",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.2.tgz",
+      "integrity": "sha512-HyNQImnsOC7X9PMNaCIeAm4ISCQXs5a5YasTXVliKv4uuBo1dKrG0A+uQS8M5eXjVMnLg3WgXaKvprHlFJQffw==",
       "hasInstallScript": true,
       "license": "MIT",
       "bin": {
@@ -7293,41 +7293,41 @@
         "node": ">=18"
       },
       "optionalDependencies": {
-        "@esbuild/aix-ppc64": "0.25.12",
-        "@esbuild/android-arm": "0.25.12",
-        "@esbuild/android-arm64": "0.25.12",
-        "@esbuild/android-x64": "0.25.12",
-        "@esbuild/darwin-arm64": "0.25.12",
-        "@esbuild/darwin-x64": "0.25.12",
-        "@esbuild/freebsd-arm64": "0.25.12",
-        "@esbuild/freebsd-x64": "0.25.12",
-        "@esbuild/linux-arm": "0.25.12",
-        "@esbuild/linux-arm64": "0.25.12",
-        "@esbuild/linux-ia32": "0.25.12",
-        "@esbuild/linux-loong64": "0.25.12",
-        "@esbuild/linux-mips64el": "0.25.12",
-        "@esbuild/linux-ppc64": "0.25.12",
-        "@esbuild/linux-riscv64": "0.25.12",
-        "@esbuild/linux-s390x": "0.25.12",
-        "@esbuild/linux-x64": "0.25.12",
-        "@esbuild/netbsd-arm64": "0.25.12",
-        "@esbuild/netbsd-x64": "0.25.12",
-        "@esbuild/openbsd-arm64": "0.25.12",
-        "@esbuild/openbsd-x64": "0.25.12",
-        "@esbuild/openharmony-arm64": "0.25.12",
-        "@esbuild/sunos-x64": "0.25.12",
-        "@esbuild/win32-arm64": "0.25.12",
-        "@esbuild/win32-ia32": "0.25.12",
-        "@esbuild/win32-x64": "0.25.12"
+        "@esbuild/aix-ppc64": "0.27.2",
+        "@esbuild/android-arm": "0.27.2",
+        "@esbuild/android-arm64": "0.27.2",
+        "@esbuild/android-x64": "0.27.2",
+        "@esbuild/darwin-arm64": "0.27.2",
+        "@esbuild/darwin-x64": "0.27.2",
+        "@esbuild/freebsd-arm64": "0.27.2",
+        "@esbuild/freebsd-x64": "0.27.2",
+        "@esbuild/linux-arm": "0.27.2",
+        "@esbuild/linux-arm64": "0.27.2",
+        "@esbuild/linux-ia32": "0.27.2",
+        "@esbuild/linux-loong64": "0.27.2",
+        "@esbuild/linux-mips64el": "0.27.2",
+        "@esbuild/linux-ppc64": "0.27.2",
+        "@esbuild/linux-riscv64": "0.27.2",
+        "@esbuild/linux-s390x": "0.27.2",
+        "@esbuild/linux-x64": "0.27.2",
+        "@esbuild/netbsd-arm64": "0.27.2",
+        "@esbuild/netbsd-x64": "0.27.2",
+        "@esbuild/openbsd-arm64": "0.27.2",
+        "@esbuild/openbsd-x64": "0.27.2",
+        "@esbuild/openharmony-arm64": "0.27.2",
+        "@esbuild/sunos-x64": "0.27.2",
+        "@esbuild/win32-arm64": "0.27.2",
+        "@esbuild/win32-ia32": "0.27.2",
+        "@esbuild/win32-x64": "0.27.2"
       }
     },
     "node_modules/esbuild-loader": {
-      "version": "4.4.0",
-      "resolved": "https://registry.npmjs.org/esbuild-loader/-/esbuild-loader-4.4.0.tgz",
-      "integrity": "sha512-4J+hXTpTtEdzUNLoY8ReqDNJx2NoldfiljRCiKbeYUuZmVaiJeDqFgyAzz8uOopaekwRoCcqBFyEroGQLFVZ1g==",
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/esbuild-loader/-/esbuild-loader-4.4.1.tgz",
+      "integrity": "sha512-aXMJpkrSKy/x4fvpB0uA7svGOBQFAkWvWdOtKuyWOXtUwruG3Rfr6jqjI/UKf4QDvcHjKQI6pnpKiOejpfE1jg==",
       "license": "MIT",
       "dependencies": {
-        "esbuild": "^0.25.0",
+        "esbuild": "^0.27.1",
         "get-tsconfig": "^4.10.1",
         "loader-utils": "^2.0.4",
         "webpack-sources": "^1.4.3"
@@ -14910,448 +14910,6 @@
       "dev": true,
       "license": "BSD-2-Clause"
     },
-    "node_modules/vite/node_modules/@esbuild/aix-ppc64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.2.tgz",
-      "integrity": "sha512-GZMB+a0mOMZs4MpDbj8RJp4cw+w1WV5NYD6xzgvzUJ5Ek2jerwfO2eADyI6ExDSUED+1X8aMbegahsJi+8mgpw==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "aix"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/android-arm": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.2.tgz",
-      "integrity": "sha512-DVNI8jlPa7Ujbr1yjU2PfUSRtAUZPG9I1RwW4F4xFB1Imiu2on0ADiI/c3td+KmDtVKNbi+nffGDQMfcIMkwIA==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/android-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.2.tgz",
-      "integrity": "sha512-pvz8ZZ7ot/RBphf8fv60ljmaoydPU12VuXHImtAs0XhLLw+EXBi2BLe3OYSBslR4rryHvweW5gmkKFwTiFy6KA==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/android-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.2.tgz",
-      "integrity": "sha512-z8Ank4Byh4TJJOh4wpz8g2vDy75zFL0TlZlkUkEwYXuPSgX8yzep596n6mT7905kA9uHZsf/o2OJZubl2l3M7A==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/darwin-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.2.tgz",
-      "integrity": "sha512-davCD2Zc80nzDVRwXTcQP/28fiJbcOwvdolL0sOiOsbwBa72kegmVU0Wrh1MYrbuCL98Omp5dVhQFWRKR2ZAlg==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/darwin-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.2.tgz",
-      "integrity": "sha512-ZxtijOmlQCBWGwbVmwOF/UCzuGIbUkqB1faQRf5akQmxRJ1ujusWsb3CVfk/9iZKr2L5SMU5wPBi1UWbvL+VQA==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/freebsd-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.2.tgz",
-      "integrity": "sha512-lS/9CN+rgqQ9czogxlMcBMGd+l8Q3Nj1MFQwBZJyoEKI50XGxwuzznYdwcav6lpOGv5BqaZXqvBSiB/kJ5op+g==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/freebsd-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.2.tgz",
-      "integrity": "sha512-tAfqtNYb4YgPnJlEFu4c212HYjQWSO/w/h/lQaBK7RbwGIkBOuNKQI9tqWzx7Wtp7bTPaGC6MJvWI608P3wXYA==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/linux-arm": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.2.tgz",
-      "integrity": "sha512-vWfq4GaIMP9AIe4yj1ZUW18RDhx6EPQKjwe7n8BbIecFtCQG4CfHGaHuh7fdfq+y3LIA2vGS/o9ZBGVxIDi9hw==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/linux-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.2.tgz",
-      "integrity": "sha512-hYxN8pr66NsCCiRFkHUAsxylNOcAQaxSSkHMMjcpx0si13t1LHFphxJZUiGwojB1a/Hd5OiPIqDdXONia6bhTw==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/linux-ia32": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.2.tgz",
-      "integrity": "sha512-MJt5BRRSScPDwG2hLelYhAAKh9imjHK5+NE/tvnRLbIqUWa+0E9N4WNMjmp/kXXPHZGqPLxggwVhz7QP8CTR8w==",
-      "cpu": [
-        "ia32"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/linux-loong64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.2.tgz",
-      "integrity": "sha512-lugyF1atnAT463aO6KPshVCJK5NgRnU4yb3FUumyVz+cGvZbontBgzeGFO1nF+dPueHD367a2ZXe1NtUkAjOtg==",
-      "cpu": [
-        "loong64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/linux-mips64el": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.2.tgz",
-      "integrity": "sha512-nlP2I6ArEBewvJ2gjrrkESEZkB5mIoaTswuqNFRv/WYd+ATtUpe9Y09RnJvgvdag7he0OWgEZWhviS1OTOKixw==",
-      "cpu": [
-        "mips64el"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/linux-ppc64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.2.tgz",
-      "integrity": "sha512-C92gnpey7tUQONqg1n6dKVbx3vphKtTHJaNG2Ok9lGwbZil6DrfyecMsp9CrmXGQJmZ7iiVXvvZH6Ml5hL6XdQ==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/linux-riscv64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.2.tgz",
-      "integrity": "sha512-B5BOmojNtUyN8AXlK0QJyvjEZkWwy/FKvakkTDCziX95AowLZKR6aCDhG7LeF7uMCXEJqwa8Bejz5LTPYm8AvA==",
-      "cpu": [
-        "riscv64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/linux-s390x": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.2.tgz",
-      "integrity": "sha512-p4bm9+wsPwup5Z8f4EpfN63qNagQ47Ua2znaqGH6bqLlmJ4bx97Y9JdqxgGZ6Y8xVTixUnEkoKSHcpRlDnNr5w==",
-      "cpu": [
-        "s390x"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/linux-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.2.tgz",
-      "integrity": "sha512-uwp2Tip5aPmH+NRUwTcfLb+W32WXjpFejTIOWZFw/v7/KnpCDKG66u4DLcurQpiYTiYwQ9B7KOeMJvLCu/OvbA==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/netbsd-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.2.tgz",
-      "integrity": "sha512-Kj6DiBlwXrPsCRDeRvGAUb/LNrBASrfqAIok+xB0LxK8CHqxZ037viF13ugfsIpePH93mX7xfJp97cyDuTZ3cw==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "netbsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/netbsd-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.2.tgz",
-      "integrity": "sha512-HwGDZ0VLVBY3Y+Nw0JexZy9o/nUAWq9MlV7cahpaXKW6TOzfVno3y3/M8Ga8u8Yr7GldLOov27xiCnqRZf0tCA==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "netbsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/openbsd-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.2.tgz",
-      "integrity": "sha512-DNIHH2BPQ5551A7oSHD0CKbwIA/Ox7+78/AWkbS5QoRzaqlev2uFayfSxq68EkonB+IKjiuxBFoV8ESJy8bOHA==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openbsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/openbsd-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.2.tgz",
-      "integrity": "sha512-/it7w9Nb7+0KFIzjalNJVR5bOzA9Vay+yIPLVHfIQYG/j+j9VTH84aNB8ExGKPU4AzfaEvN9/V4HV+F+vo8OEg==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openbsd"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/openharmony-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.2.tgz",
-      "integrity": "sha512-LRBbCmiU51IXfeXk59csuX/aSaToeG7w48nMwA6049Y4J4+VbWALAuXcs+qcD04rHDuSCSRKdmY63sruDS5qag==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openharmony"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/sunos-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.2.tgz",
-      "integrity": "sha512-kMtx1yqJHTmqaqHPAzKCAkDaKsffmXkPHThSfRwZGyuqyIeBvf08KSsYXl+abf5HDAPMJIPnbBfXvP2ZC2TfHg==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "sunos"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/win32-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.2.tgz",
-      "integrity": "sha512-Yaf78O/B3Kkh+nKABUF++bvJv5Ijoy9AN1ww904rOXZFLWVc5OLOfL56W+C8F9xn5JQZa3UX6m+IktJnIb1Jjg==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/win32-ia32": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.2.tgz",
-      "integrity": "sha512-Iuws0kxo4yusk7sw70Xa2E2imZU5HoixzxfGCdxwBdhiDgt9vX9VUCBhqcwY7/uh//78A1hMkkROMJq9l27oLQ==",
-      "cpu": [
-        "ia32"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/vite/node_modules/@esbuild/win32-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.2.tgz",
-      "integrity": "sha512-sRdU18mcKf7F+YgheI/zGf5alZatMUTKj/jNS6l744f9u3WFu4v7twcUI9vu4mknF4Y9aDlblIie0IM+5xxaqQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ],
-      "engines": {
-        "node": ">=18"
-      }
-    },
     "node_modules/vite/node_modules/@types/estree": {
       "version": "1.0.8",
       "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
@@ -15359,48 +14917,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/vite/node_modules/esbuild": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.2.tgz",
-      "integrity": "sha512-HyNQImnsOC7X9PMNaCIeAm4ISCQXs5a5YasTXVliKv4uuBo1dKrG0A+uQS8M5eXjVMnLg3WgXaKvprHlFJQffw==",
-      "dev": true,
-      "hasInstallScript": true,
-      "license": "MIT",
-      "bin": {
-        "esbuild": "bin/esbuild"
-      },
-      "engines": {
-        "node": ">=18"
-      },
-      "optionalDependencies": {
-        "@esbuild/aix-ppc64": "0.27.2",
-        "@esbuild/android-arm": "0.27.2",
-        "@esbuild/android-arm64": "0.27.2",
-        "@esbuild/android-x64": "0.27.2",
-        "@esbuild/darwin-arm64": "0.27.2",
-        "@esbuild/darwin-x64": "0.27.2",
-        "@esbuild/freebsd-arm64": "0.27.2",
-        "@esbuild/freebsd-x64": "0.27.2",
-        "@esbuild/linux-arm": "0.27.2",
-        "@esbuild/linux-arm64": "0.27.2",
-        "@esbuild/linux-ia32": "0.27.2",
-        "@esbuild/linux-loong64": "0.27.2",
-        "@esbuild/linux-mips64el": "0.27.2",
-        "@esbuild/linux-ppc64": "0.27.2",
-        "@esbuild/linux-riscv64": "0.27.2",
-        "@esbuild/linux-s390x": "0.27.2",
-        "@esbuild/linux-x64": "0.27.2",
-        "@esbuild/netbsd-arm64": "0.27.2",
-        "@esbuild/netbsd-x64": "0.27.2",
-        "@esbuild/openbsd-arm64": "0.27.2",
-        "@esbuild/openbsd-x64": "0.27.2",
-        "@esbuild/openharmony-arm64": "0.27.2",
-        "@esbuild/sunos-x64": "0.27.2",
-        "@esbuild/win32-arm64": "0.27.2",
-        "@esbuild/win32-ia32": "0.27.2",
-        "@esbuild/win32-x64": "0.27.2"
-      }
-    },
     "node_modules/vite/node_modules/fdir": {
       "version": "6.5.0",
       "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
diff --git a/package.json b/package.json
index 4a1e32cd45..3a9c1ba516 100644
--- a/package.json
+++ b/package.json
@@ -24,7 +24,7 @@
     "dayjs": "1.11.18",
     "dropzone": "6.0.0-beta.2",
     "easymde": "2.18.0",
-    "esbuild-loader": "4.4.0",
+    "esbuild-loader": "4.4.1",
     "escape-goat": "4.0.0",
     "fast-glob": "3.3.3",
     "htmx.org": "2.0.8",

From b2f16a53bd4be1cc35a584ce5b05c070baa70a5b Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 22 Dec 2025 17:56:02 +0100
Subject: [PATCH 036/854] Update dependency @vitest/eslint-plugin to v1.5.4
 (forgejo) (#10546)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 19 +++++++++++--------
 package.json      |  2 +-
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index dd1b226693..c877298e32 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -69,7 +69,7 @@
         "@stylistic/stylelint-plugin": "4.0.0",
         "@vitejs/plugin-vue": "6.0.3",
         "@vitest/coverage-v8": "4.0.16",
-        "@vitest/eslint-plugin": "1.3.16",
+        "@vitest/eslint-plugin": "1.5.4",
         "@vue/test-utils": "2.4.6",
         "eslint": "9.39.2",
         "eslint-import-resolver-typescript": "4.4.4",
@@ -4324,18 +4324,21 @@
       }
     },
     "node_modules/@vitest/eslint-plugin": {
-      "version": "1.3.16",
-      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.3.16.tgz",
-      "integrity": "sha512-EvXGiZpz3L1G/pmebcmMe61UzqgR8LFwmm+QGgQEHcrTCFkMgl+c0mj2jneo38/CkHhofbK3zc3xafV6/SpzNw==",
+      "version": "1.5.4",
+      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.5.4.tgz",
+      "integrity": "sha512-usuVvl6zdqIkUgQlodxvvFBR7HIZIjWQqQemnc7ysqEP4jubLsDaaOhiJAwVz8PlrkBJRuHkC6PCux+OcEF6hg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "^8.41.0",
-        "@typescript-eslint/utils": "^8.24.1"
+        "@typescript-eslint/scope-manager": "^8.46.1",
+        "@typescript-eslint/utils": "^8.46.1"
+      },
+      "engines": {
+        "node": ">=18"
       },
       "peerDependencies": {
-        "eslint": ">= 8.57.0",
-        "typescript": ">= 5.0.0",
+        "eslint": ">=8.57.0",
+        "typescript": ">=5.0.0",
         "vitest": "*"
       },
       "peerDependenciesMeta": {
diff --git a/package.json b/package.json
index 3a9c1ba516..c3e077928a 100644
--- a/package.json
+++ b/package.json
@@ -68,7 +68,7 @@
     "@stylistic/stylelint-plugin": "4.0.0",
     "@vitejs/plugin-vue": "6.0.3",
     "@vitest/coverage-v8": "4.0.16",
-    "@vitest/eslint-plugin": "1.3.16",
+    "@vitest/eslint-plugin": "1.5.4",
     "@vue/test-utils": "2.4.6",
     "eslint": "9.39.2",
     "eslint-import-resolver-typescript": "4.4.4",

From dc8ae4253fdd968df49b147a00315001e33888ac Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 22 Dec 2025 18:14:20 +0100
Subject: [PATCH 037/854] Update dependency
 stylelint-value-no-unknown-custom-properties to v6.1.0 (forgejo) (#10547)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c877298e32..c1910f07d3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -95,7 +95,7 @@
         "stylelint": "16.26.1",
         "stylelint-declaration-block-no-ignored-properties": "2.8.0",
         "stylelint-declaration-strict-value": "1.10.11",
-        "stylelint-value-no-unknown-custom-properties": "6.0.1",
+        "stylelint-value-no-unknown-custom-properties": "6.1.0",
         "svgo": "4.0.0",
         "typescript": "5.9.3",
         "typescript-eslint": "8.50.0",
@@ -13854,9 +13854,9 @@
       }
     },
     "node_modules/stylelint-value-no-unknown-custom-properties": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/stylelint-value-no-unknown-custom-properties/-/stylelint-value-no-unknown-custom-properties-6.0.1.tgz",
-      "integrity": "sha512-N60PTdaTknB35j6D4FhW0GL2LlBRV++bRpXMMldWMQZ240yFQaoltzlLY4lXXs7Z0J5mNUYZQ/gjyVtU2DhCMA==",
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/stylelint-value-no-unknown-custom-properties/-/stylelint-value-no-unknown-custom-properties-6.1.0.tgz",
+      "integrity": "sha512-fzc1ckeQZAlksMRzmWuyLywSRfaF9ys04qNg8+kTstUnZT0z8ajdMLjiPKtlcm4Nc5oDZE8tPVAcfFJB6E/1/A==",
       "dev": true,
       "license": "CC0-1.0",
       "dependencies": {
diff --git a/package.json b/package.json
index c3e077928a..3fde2aa8c4 100644
--- a/package.json
+++ b/package.json
@@ -94,7 +94,7 @@
     "stylelint": "16.26.1",
     "stylelint-declaration-block-no-ignored-properties": "2.8.0",
     "stylelint-declaration-strict-value": "1.10.11",
-    "stylelint-value-no-unknown-custom-properties": "6.0.1",
+    "stylelint-value-no-unknown-custom-properties": "6.1.0",
     "svgo": "4.0.0",
     "typescript": "5.9.3",
     "typescript-eslint": "8.50.0",

From 2db37153fb9f9880b82ead859059c3a5688402ff Mon Sep 17 00:00:00 2001
From: Shiny Nematoda <snematoda.751k2@aleeas.com>
Date: Mon, 22 Dec 2025 22:53:17 +0100
Subject: [PATCH 038/854] port(gitea): Fix password leak in log messages
 (go-gitea/gitea!35584) (#10550)

Link to original PR: https://github.com/go-gitea/gitea/pull/35584
Original Author: https://github.com/shashank-netapp

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10550
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
---
 modules/indexer/code/indexer.go   | 7 ++++---
 modules/indexer/issues/indexer.go | 5 +++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/modules/indexer/code/indexer.go b/modules/indexer/code/indexer.go
index f3ed091a30..a3e20e1d5a 100644
--- a/modules/indexer/code/indexer.go
+++ b/modules/indexer/code/indexer.go
@@ -21,6 +21,7 @@ import (
 	"forgejo.org/modules/process"
 	"forgejo.org/modules/queue"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/util"
 )
 
 var (
@@ -182,12 +183,12 @@ func Init() {
 				log.Fatal("PID: %d Unable to initialize the bleve Repository Indexer at path: %s Error: %v", os.Getpid(), setting.Indexer.RepoPath, err)
 			}
 		case "elasticsearch":
-			log.Info("PID: %d Initializing Repository Indexer at: %s", os.Getpid(), setting.Indexer.RepoConnStr)
+			log.Info("PID: %d Initializing Repository Indexer at: %s", os.Getpid(), util.SanitizeCredentialURLs(setting.Indexer.RepoConnStr))
 			defer func() {
 				if err := recover(); err != nil {
 					log.Error("PANIC whilst initializing repository indexer: %v\nStacktrace: %s", err, log.Stack(2))
 					log.Error("The indexer files are likely corrupted and may need to be deleted")
-					log.Error("You can completely remove the \"%s\" index to make Forgejo recreate the indexes", setting.Indexer.RepoConnStr)
+					log.Error("You can completely remove the \"%s\" index to make Forgejo recreate the indexes", util.SanitizeCredentialURLs(setting.Indexer.RepoConnStr))
 				}
 			}()
 
@@ -197,7 +198,7 @@ func Init() {
 				cancel()
 				(*globalIndexer.Load()).Close()
 				close(waitChannel)
-				log.Fatal("PID: %d Unable to initialize the elasticsearch Repository Indexer connstr: %s Error: %v", os.Getpid(), setting.Indexer.RepoConnStr, err)
+				log.Fatal("PID: %d Unable to initialize the elasticsearch Repository Indexer connstr: %s Error: %v", os.Getpid(), util.SanitizeCredentialURLs(setting.Indexer.RepoConnStr), err)
 			}
 
 		default:
diff --git a/modules/indexer/issues/indexer.go b/modules/indexer/issues/indexer.go
index d472067cd8..eebcc9a509 100644
--- a/modules/indexer/issues/indexer.go
+++ b/modules/indexer/issues/indexer.go
@@ -25,6 +25,7 @@ import (
 	"forgejo.org/modules/process"
 	"forgejo.org/modules/queue"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/util"
 )
 
 // IndexerMetadata is used to send data to the queue, so it contains only the ids.
@@ -100,7 +101,7 @@ func InitIssueIndexer(syncReindex bool) {
 			issueIndexer = elasticsearch.NewIndexer(setting.Indexer.IssueConnStr, setting.Indexer.IssueIndexerName)
 			existed, err = issueIndexer.Init(ctx)
 			if err != nil {
-				log.Fatal("Unable to issueIndexer.Init with connection %s Error: %v", setting.Indexer.IssueConnStr, err)
+				log.Fatal("Unable to issueIndexer.Init with connection %s Error: %v", util.SanitizeCredentialURLs(setting.Indexer.IssueConnStr), err)
 			}
 		case "db":
 			issueIndexer = db_index.NewIndexer()
@@ -108,7 +109,7 @@ func InitIssueIndexer(syncReindex bool) {
 			issueIndexer = meilisearch.NewIndexer(setting.Indexer.IssueConnStr, setting.Indexer.IssueConnAuth, setting.Indexer.IssueIndexerName)
 			existed, err = issueIndexer.Init(ctx)
 			if err != nil {
-				log.Fatal("Unable to issueIndexer.Init with connection %s Error: %v", setting.Indexer.IssueConnStr, err)
+				log.Fatal("Unable to issueIndexer.Init with connection %s Error: %v", util.SanitizeCredentialURLs(setting.Indexer.IssueConnStr), err)
 			}
 		default:
 			log.Fatal("Unknown issue indexer type: %s", setting.Indexer.IssueType)

From 537a802125d2294f9e22bc7d4b94e6f52a6511a4 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Mon, 22 Dec 2025 23:15:55 +0100
Subject: [PATCH 039/854] chore: document and test pagination of `/runners` API
 endpoint (#10551)

Document the pagination of all the `/runners` API endpoints and add tests for them. Follow-up of https://codeberg.org/forgejo/forgejo/pulls/10450.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10551
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 routers/api/v1/admin/runners.go             |  9 +++
 routers/api/v1/org/action.go                |  8 +++
 routers/api/v1/repo/action.go               |  8 +++
 routers/api/v1/shared/runners.go            |  6 +-
 routers/api/v1/swagger/action.go            |  6 ++
 routers/api/v1/user/runners.go              |  9 +++
 templates/swagger/v1_json.tmpl              | 63 +++++++++++++++++++++
 tests/integration/api_admin_actions_test.go | 13 +++++
 tests/integration/api_org_actions_test.go   | 13 +++++
 tests/integration/api_repo_actions_test.go  | 13 +++++
 tests/integration/api_user_actions_test.go  | 13 +++++
 11 files changed, 160 insertions(+), 1 deletion(-)

diff --git a/routers/api/v1/admin/runners.go b/routers/api/v1/admin/runners.go
index 1a7abe2b12..d978c86eea 100644
--- a/routers/api/v1/admin/runners.go
+++ b/routers/api/v1/admin/runners.go
@@ -50,6 +50,15 @@ func ListRunners(ctx *context.APIContext) {
 	// summary: Get all runners, no matter whether they are global runners or scoped to an organization, user, or repository
 	// produces:
 	// - application/json
+	// parameters:
+	// - name: page
+	//   in: query
+	//   description: page number of results to return (1-based)
+	//   type: integer
+	// - name: limit
+	//   in: query
+	//   description: page size of results
+	//   type: integer
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/ActionRunnerList"
diff --git a/routers/api/v1/org/action.go b/routers/api/v1/org/action.go
index 92921a3328..f30d30f17e 100644
--- a/routers/api/v1/org/action.go
+++ b/routers/api/v1/org/action.go
@@ -278,6 +278,14 @@ func (Action) ListRunners(ctx *context.APIContext) {
 	//   description: name of the organization
 	//   type: string
 	//   required: true
+	// - name: page
+	//   in: query
+	//   description: page number of results to return (1-based)
+	//   type: integer
+	// - name: limit
+	//   in: query
+	//   description: page size of results
+	//   type: integer
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/ActionRunnerList"
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index f413dc4925..61c2b6e3fe 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -523,6 +523,14 @@ func (Action) ListRunners(ctx *context.APIContext) {
 	//   description: name of the repo
 	//   type: string
 	//   required: true
+	// - name: page
+	//   in: query
+	//   description: page number of results to return (1-based)
+	//   type: integer
+	// - name: limit
+	//   in: query
+	//   description: page size of results
+	//   type: integer
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/ActionRunnerList"
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index 4c4f1de00e..2e77cff1d0 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -87,10 +87,12 @@ func ListRunners(ctx *context.APIContext, ownerID, repoID int64) {
 		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("ownerID and repoID should not be both set: %d and %d", ownerID, repoID))
 		return
 	}
+
+	listOptions := utils.GetListOptions(ctx)
 	runners, total, err := db.FindAndCount[actions_model.ActionRunner](ctx, &actions_model.FindRunnerOptions{
 		OwnerID:     ownerID,
 		RepoID:      repoID,
-		ListOptions: utils.GetListOptions(ctx),
+		ListOptions: listOptions,
 	})
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "FindCountRunners", map[string]string{})
@@ -106,6 +108,8 @@ func ListRunners(ctx *context.APIContext, ownerID, repoID int64) {
 		}
 		runnerList[i] = actionRunner
 	}
+
+	ctx.SetLinkHeader(int(total), listOptions.PageSize)
 	ctx.SetTotalCountHeader(total)
 	ctx.JSON(http.StatusOK, &runnerList)
 }
diff --git a/routers/api/v1/swagger/action.go b/routers/api/v1/swagger/action.go
index 17181be250..bd55f59614 100644
--- a/routers/api/v1/swagger/action.go
+++ b/routers/api/v1/swagger/action.go
@@ -69,4 +69,10 @@ type swaggerActionRunner struct {
 type swaggerActionRunnerListResponse struct {
 	// in:body
 	Body []api.ActionRunner `json:"body"`
+
+	// Total number of runners matching the search criteria (excluding page and limit)
+	TotalCount int64 `json:"X-Total-Count"`
+
+	// Links to other pages, if any
+	Link string `json:"Link"`
 }
diff --git a/routers/api/v1/user/runners.go b/routers/api/v1/user/runners.go
index dfeb49dcb6..15b138083c 100644
--- a/routers/api/v1/user/runners.go
+++ b/routers/api/v1/user/runners.go
@@ -56,6 +56,15 @@ func ListRunners(ctx *context.APIContext) {
 	// summary: Get the user's runners
 	// produces:
 	// - application/json
+	// parameters:
+	// - name: page
+	//   in: query
+	//   description: page number of results to return (1-based)
+	//   type: integer
+	// - name: limit
+	//   in: query
+	//   description: page size of results
+	//   type: integer
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/ActionRunnerList"
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 1e81d03469..d4015cd675 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -321,6 +321,20 @@
         ],
         "summary": "Get all runners, no matter whether they are global runners or scoped to an organization, user, or repository",
         "operationId": "getAdminRunners",
+        "parameters": [
+          {
+            "type": "integer",
+            "description": "page number of results to return (1-based)",
+            "name": "page",
+            "in": "query"
+          },
+          {
+            "type": "integer",
+            "description": "page size of results",
+            "name": "limit",
+            "in": "query"
+          }
+        ],
         "responses": {
           "200": {
             "$ref": "#/responses/ActionRunnerList"
@@ -2627,6 +2641,18 @@
             "name": "org",
             "in": "path",
             "required": true
+          },
+          {
+            "type": "integer",
+            "description": "page number of results to return (1-based)",
+            "name": "page",
+            "in": "query"
+          },
+          {
+            "type": "integer",
+            "description": "page size of results",
+            "name": "limit",
+            "in": "query"
           }
         ],
         "responses": {
@@ -5308,6 +5334,18 @@
             "name": "repo",
             "in": "path",
             "required": true
+          },
+          {
+            "type": "integer",
+            "description": "page number of results to return (1-based)",
+            "name": "page",
+            "in": "query"
+          },
+          {
+            "type": "integer",
+            "description": "page size of results",
+            "name": "limit",
+            "in": "query"
           }
         ],
         "responses": {
@@ -18737,6 +18775,20 @@
         ],
         "summary": "Get the user's runners",
         "operationId": "getUserRunners",
+        "parameters": [
+          {
+            "type": "integer",
+            "description": "page number of results to return (1-based)",
+            "name": "page",
+            "in": "query"
+          },
+          {
+            "type": "integer",
+            "description": "page size of results",
+            "name": "limit",
+            "in": "query"
+          }
+        ],
         "responses": {
           "200": {
             "$ref": "#/responses/ActionRunnerList"
@@ -29849,6 +29901,17 @@
         "items": {
           "$ref": "#/definitions/ActionRunner"
         }
+      },
+      "headers": {
+        "Link": {
+          "type": "string",
+          "description": "Links to other pages, if any"
+        },
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "Total number of runners matching the search criteria (excluding page and limit)"
+        }
       }
     },
     "ActionVariable": {
diff --git a/tests/integration/api_admin_actions_test.go b/tests/integration/api_admin_actions_test.go
index 1c03d66b7a..90db9c4836 100644
--- a/tests/integration/api_admin_actions_test.go
+++ b/tests/integration/api_admin_actions_test.go
@@ -177,6 +177,19 @@ func TestAPIGlobalActionsRunnerOperations(t *testing.T) {
 		assert.Contains(t, runners, runnerThree)
 	})
 
+	t.Run("GetRunnersPaginated", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners?page=1&limit=5")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		assert.NotEmpty(t, response.Header().Get("Link"))
+		assert.NotEmpty(t, response.Header().Get("X-Total-Count"))
+		assert.Len(t, runners, 5)
+	})
+
 	t.Run("GetGlobalRunner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners/130793")
 		request.AddTokenAuth(readToken)
diff --git a/tests/integration/api_org_actions_test.go b/tests/integration/api_org_actions_test.go
index 3d5fb3e50c..46f08f4624 100644
--- a/tests/integration/api_org_actions_test.go
+++ b/tests/integration/api_org_actions_test.go
@@ -147,6 +147,19 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
 	})
 
+	t.Run("GetRunnersPaginated", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners?page=1&limit=1")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		assert.NotEmpty(t, response.Header().Get("Link"))
+		assert.NotEmpty(t, response.Header().Get("X-Total-Count"))
+		assert.Len(t, runners, 1)
+	})
+
 	t.Run("GetRunner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners/655691")
 		request.AddTokenAuth(readToken)
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index 9c8be4156a..6692ddaa63 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -420,6 +420,19 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
 	})
 
+	t.Run("GetRunnersPaginated", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners?page=1&limit=1")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		assert.NotEmpty(t, response.Header().Get("Link"))
+		assert.NotEmpty(t, response.Header().Get("X-Total-Count"))
+		assert.Len(t, runners, 1)
+	})
+
 	t.Run("GetRunner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners/899251")
 		request.AddTokenAuth(readToken)
diff --git a/tests/integration/api_user_actions_test.go b/tests/integration/api_user_actions_test.go
index 876fd14bbf..106c99bdbe 100644
--- a/tests/integration/api_user_actions_test.go
+++ b/tests/integration/api_user_actions_test.go
@@ -145,6 +145,19 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
 	})
 
+	t.Run("GetRunnersPaginated", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/user/actions/runners?page=1&limit=1")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		assert.NotEmpty(t, response.Header().Get("Link"))
+		assert.NotEmpty(t, response.Header().Get("X-Total-Count"))
+		assert.Len(t, runners, 1)
+	})
+
 	t.Run("GetRunner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/user/actions/runners/71303")
 		request.AddTokenAuth(readToken)

From b1adc7d931c24854bb42287c63ab2a2edbce8d7b Mon Sep 17 00:00:00 2001
From: Shiny Nematoda <snematoda.751k2@aleeas.com>
Date: Tue, 23 Dec 2025 00:38:51 +0100
Subject: [PATCH 040/854] chore: minor code cleanup in search (#10549)

Minor code cleanup for code/issue search.

Mostly breaking up the common functionality into separate functions :)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10549
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
---
 modules/indexer/code/search.go                | 16 +++++-
 .../indexer/issues/meilisearch/meilisearch.go | 26 ++++-----
 routers/common/search.go                      | 55 +++++++++++++++++++
 routers/web/explore/code.go                   | 50 ++++-------------
 routers/web/repo/search.go                    | 22 +++-----
 routers/web/user/code.go                      | 50 ++++-------------
 6 files changed, 113 insertions(+), 106 deletions(-)
 create mode 100644 routers/common/search.go

diff --git a/modules/indexer/code/search.go b/modules/indexer/code/search.go
index 2085251f1c..a17e7192ac 100644
--- a/modules/indexer/code/search.go
+++ b/modules/indexer/code/search.go
@@ -7,6 +7,7 @@ import (
 	"bytes"
 	"context"
 	"html/template"
+	"slices"
 	"strings"
 
 	"forgejo.org/modules/highlight"
@@ -46,6 +47,19 @@ const (
 	SearchModeFuzzy = internal.CodeSearchModeFuzzy
 )
 
+type Results []*Result
+
+// Get the set of repo IDs from a list of search results
+func (res Results) RepoIDs() []int64 {
+	ids := make([]int64, len(res))
+	for _, r := range res {
+		if !slices.Contains(ids, r.RepoID) {
+			ids = append(ids, r.RepoID)
+		}
+	}
+	return ids
+}
+
 func indices(content string, selectionStartIndex, selectionEndIndex int) (int, int) {
 	startIndex := selectionStartIndex
 	numLinesBefore := 0
@@ -218,7 +232,7 @@ func searchResult(result *internal.SearchResult, startIndex, endIndex int) (*Res
 }
 
 // PerformSearch perform a search on a repository
-func PerformSearch(ctx context.Context, opts *SearchOptions) (int, []*Result, []*SearchResultLanguages, error) {
+func PerformSearch(ctx context.Context, opts *SearchOptions) (int, Results, []*SearchResultLanguages, error) {
 	if opts == nil || len(opts.Keyword) == 0 {
 		return 0, nil, nil, nil
 	}
diff --git a/modules/indexer/issues/meilisearch/meilisearch.go b/modules/indexer/issues/meilisearch/meilisearch.go
index 82b889f875..95602d0dd0 100644
--- a/modules/indexer/issues/meilisearch/meilisearch.go
+++ b/modules/indexer/issues/meilisearch/meilisearch.go
@@ -233,21 +233,19 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 	}
 
 	var keywords []string
-	if len(options.Tokens) != 0 {
-		for _, token := range options.Tokens {
-			if !token.Fuzzy {
-				// to make it a phrase search, we have to quote the keyword(s)
-				// https://www.meilisearch.com/docs/reference/api/search#phrase-search
-				token.Term = doubleQuoteKeyword(token.Term)
-			}
-
-			// internal.BoolOptShould (Default, requires no modifications)
-			// internal.BoolOptMust (Not supported by meilisearch)
-			if token.Kind == internal.BoolOptNot {
-				token.Term = "-" + token.Term
-			}
-			keywords = append(keywords, token.Term)
+	for _, token := range options.Tokens {
+		if !token.Fuzzy {
+			// to make it a phrase search, we have to quote the keyword(s)
+			// https://www.meilisearch.com/docs/reference/api/search#phrase-search
+			token.Term = doubleQuoteKeyword(token.Term)
 		}
+
+		// internal.BoolOptShould (Default, requires no modifications)
+		// internal.BoolOptMust (Not supported by meilisearch)
+		if token.Kind == internal.BoolOptNot {
+			token.Term = "-" + token.Term
+		}
+		keywords = append(keywords, token.Term)
 	}
 
 	searchRes, err := b.inner.Client.Index(b.inner.VersionedIndexName()).
diff --git a/routers/common/search.go b/routers/common/search.go
new file mode 100644
index 0000000000..40189baee1
--- /dev/null
+++ b/routers/common/search.go
@@ -0,0 +1,55 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package common
+
+import (
+	code_indexer "forgejo.org/modules/indexer/code"
+	"forgejo.org/modules/setting"
+	"forgejo.org/services/context"
+)
+
+type CodeSearchOptions struct {
+	Language, Keyword, Path string
+}
+
+// Parses the common code search options from the context
+// This functions takes care of the following ctx.Data fields
+// - Keyword
+// - Language
+// - CodeSearchPath
+func InitCodeSearchOptions(ctx *context.Context) (opts CodeSearchOptions) {
+	opts.Language = ctx.FormTrim("l")
+	opts.Keyword = ctx.FormTrim("q")
+	opts.Path = ctx.FormTrim("path")
+
+	ctx.Data["Keyword"] = opts.Keyword
+	ctx.Data["Language"] = opts.Language
+	ctx.Data["CodeSearchPath"] = opts.Path
+
+	return opts
+}
+
+// Returns the indexer mode to be used by the code indexer
+// Also sets the ctx.Data fields "CodeSearchMode" and "CodeSearchOptions"
+//
+// NOTE:
+// This is seperate from `InitCodeSearchOptions`
+// since this is specific the indexer and only used
+// where git-grep is not available.
+func CodeSearchIndexerMode(ctx *context.Context) (mode code_indexer.SearchMode) {
+	mode = code_indexer.SearchModeExact
+	if m := ctx.FormTrim("mode"); m == "union" {
+		mode = code_indexer.SearchModeUnion
+	} else if m == "fuzzy" || ctx.FormBool("fuzzy") {
+		if setting.Indexer.RepoIndexerEnableFuzzy {
+			mode = code_indexer.SearchModeFuzzy
+		} else {
+			mode = code_indexer.SearchModeUnion
+		}
+	}
+	ctx.Data["CodeSearchOptions"] = code_indexer.CodeSearchOptions
+	ctx.Data["CodeSearchMode"] = mode.String()
+
+	return mode
+}
diff --git a/routers/web/explore/code.go b/routers/web/explore/code.go
index 2e11f70585..d9ff05cfce 100644
--- a/routers/web/explore/code.go
+++ b/routers/web/explore/code.go
@@ -1,4 +1,5 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package explore
@@ -11,6 +12,7 @@ import (
 	"forgejo.org/modules/base"
 	code_indexer "forgejo.org/modules/indexer/code"
 	"forgejo.org/modules/setting"
+	"forgejo.org/routers/common"
 	"forgejo.org/services/context"
 )
 
@@ -32,29 +34,12 @@ func Code(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("explore")
 	ctx.Data["PageIsExplore"] = true
 	ctx.Data["PageIsExploreCode"] = true
-
-	language := ctx.FormTrim("l")
-	keyword := ctx.FormTrim("q")
-	path := ctx.FormTrim("path")
-
-	mode := code_indexer.SearchModeExact
-	if m := ctx.FormTrim("mode"); m == "union" {
-		mode = code_indexer.SearchModeUnion
-	} else if m == "fuzzy" || ctx.FormBool("fuzzy") {
-		if setting.Indexer.RepoIndexerEnableFuzzy {
-			mode = code_indexer.SearchModeFuzzy
-		} else {
-			mode = code_indexer.SearchModeUnion
-		}
-	}
-
-	ctx.Data["Keyword"] = keyword
-	ctx.Data["Language"] = language
-	ctx.Data["CodeSearchOptions"] = code_indexer.CodeSearchOptions
-	ctx.Data["CodeSearchMode"] = mode.String()
 	ctx.Data["PageIsViewCode"] = true
 
-	if keyword == "" {
+	opts := common.InitCodeSearchOptions(ctx)
+	mode := common.CodeSearchIndexerMode(ctx)
+
+	if opts.Keyword == "" {
 		ctx.HTML(http.StatusOK, tplExploreCode)
 		return
 	}
@@ -84,17 +69,17 @@ func Code(ctx *context.Context) {
 
 	var (
 		total                 int
-		searchResults         []*code_indexer.Result
+		searchResults         code_indexer.Results
 		searchResultLanguages []*code_indexer.SearchResultLanguages
 	)
 
 	if (len(repoIDs) > 0) || isAdmin {
 		total, searchResults, searchResultLanguages, err = code_indexer.PerformSearch(ctx, &code_indexer.SearchOptions{
 			RepoIDs:  repoIDs,
-			Keyword:  keyword,
+			Keyword:  opts.Keyword,
 			Mode:     mode,
-			Language: language,
-			Filename: path,
+			Language: opts.Language,
+			Filename: opts.Path,
 			Paginator: &db.ListOptions{
 				Page:     page,
 				PageSize: setting.UI.RepoSearchPagingNum,
@@ -110,20 +95,7 @@ func Code(ctx *context.Context) {
 			ctx.Data["CodeIndexerUnavailable"] = !code_indexer.IsAvailable(ctx)
 		}
 
-		loadRepoIDs := make([]int64, 0, len(searchResults))
-		for _, result := range searchResults {
-			var find bool
-			for _, id := range loadRepoIDs {
-				if id == result.RepoID {
-					find = true
-					break
-				}
-			}
-			if !find {
-				loadRepoIDs = append(loadRepoIDs, result.RepoID)
-			}
-		}
-
+		loadRepoIDs := searchResults.RepoIDs()
 		repoMaps, err := repo_model.GetRepositoriesMapByIDs(ctx, loadRepoIDs)
 		if err != nil {
 			ctx.ServerError("GetRepositoriesMapByIDs", err)
diff --git a/routers/web/repo/search.go b/routers/web/repo/search.go
index c3b4d07fa0..03da55a9ec 100644
--- a/routers/web/repo/search.go
+++ b/routers/web/repo/search.go
@@ -1,4 +1,5 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package repo
@@ -12,6 +13,7 @@ import (
 	"forgejo.org/modules/git"
 	code_indexer "forgejo.org/modules/indexer/code"
 	"forgejo.org/modules/setting"
+	"forgejo.org/routers/common"
 	"forgejo.org/services/context"
 )
 
@@ -62,10 +64,7 @@ func (m searchMode) ToGitGrep() git.GrepMode {
 
 // Search render repository search page
 func Search(ctx *context.Context) {
-	language := ctx.FormTrim("l")
-	keyword := ctx.FormTrim("q")
-
-	path := ctx.FormTrim("path")
+	opts := common.InitCodeSearchOptions(ctx)
 	mode := ExactSearchMode
 	if modeStr := ctx.FormString("mode"); len(modeStr) > 0 {
 		mode = searchModeFromString(modeStr)
@@ -73,9 +72,6 @@ func Search(ctx *context.Context) {
 		mode = UnionSearchMode
 	}
 
-	ctx.Data["Keyword"] = keyword
-	ctx.Data["Language"] = language
-	ctx.Data["CodeSearchPath"] = path
 	ctx.Data["PageIsViewCode"] = true
 	ctx.Data["CodeIndexerDisabled"] = !setting.Indexer.RepoIndexerEnabled
 	if setting.Indexer.RepoIndexerEnabled {
@@ -84,7 +80,7 @@ func Search(ctx *context.Context) {
 		ctx.Data["CodeSearchOptions"] = git.GrepSearchOptions
 	}
 
-	if keyword == "" {
+	if opts.Keyword == "" {
 		ctx.HTML(http.StatusOK, tplSearch)
 		return
 	}
@@ -104,10 +100,10 @@ func Search(ctx *context.Context) {
 		var err error
 		total, searchResults, searchResultLanguages, err = code_indexer.PerformSearch(ctx, &code_indexer.SearchOptions{
 			RepoIDs:  []int64{ctx.Repo.Repository.ID},
-			Keyword:  keyword,
+			Keyword:  opts.Keyword,
 			Mode:     m,
-			Language: language,
-			Filename: path,
+			Language: opts.Language,
+			Filename: opts.Path,
 			Paginator: &db.ListOptions{
 				Page:     page,
 				PageSize: setting.UI.RepoSearchPagingNum,
@@ -126,10 +122,10 @@ func Search(ctx *context.Context) {
 		m := mode.ToGitGrep()
 		ctx.Data["CodeSearchMode"] = m.String()
 
-		res, err := git.GrepSearch(ctx, ctx.Repo.GitRepo, keyword, git.GrepOptions{
+		res, err := git.GrepSearch(ctx, ctx.Repo.GitRepo, opts.Keyword, git.GrepOptions{
 			ContextLineNumber: 1,
 			RefName:           ctx.Repo.RefName,
-			Filename:          path,
+			Filename:          opts.Path,
 			Mode:              m,
 		})
 		if err != nil {
diff --git a/routers/web/user/code.go b/routers/web/user/code.go
index 5c69d72d51..a76ac62d03 100644
--- a/routers/web/user/code.go
+++ b/routers/web/user/code.go
@@ -1,4 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package user
@@ -11,6 +12,7 @@ import (
 	"forgejo.org/modules/base"
 	code_indexer "forgejo.org/modules/indexer/code"
 	"forgejo.org/modules/setting"
+	"forgejo.org/routers/common"
 	shared_user "forgejo.org/routers/web/shared/user"
 	"forgejo.org/services/context"
 )
@@ -35,30 +37,13 @@ func CodeSearch(ctx *context.Context) {
 
 	ctx.Data["IsPackageEnabled"] = setting.Packages.Enabled
 	ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled
+	ctx.Data["IsCodePage"] = true
 	ctx.Data["Title"] = ctx.Tr("explore.code")
 
-	language := ctx.FormTrim("l")
-	keyword := ctx.FormTrim("q")
-	path := ctx.FormTrim("path")
+	opts := common.InitCodeSearchOptions(ctx)
+	mode := common.CodeSearchIndexerMode(ctx)
 
-	mode := code_indexer.SearchModeExact
-	if m := ctx.FormTrim("mode"); m == "union" {
-		mode = code_indexer.SearchModeUnion
-	} else if m == "fuzzy" || ctx.FormBool("fuzzy") {
-		if setting.Indexer.RepoIndexerEnableFuzzy {
-			mode = code_indexer.SearchModeFuzzy
-		} else {
-			mode = code_indexer.SearchModeUnion
-		}
-	}
-
-	ctx.Data["Keyword"] = keyword
-	ctx.Data["Language"] = language
-	ctx.Data["CodeSearchOptions"] = code_indexer.CodeSearchOptions
-	ctx.Data["CodeSearchMode"] = mode.String()
-	ctx.Data["IsCodePage"] = true
-
-	if keyword == "" {
+	if opts.Keyword == "" {
 		ctx.HTML(http.StatusOK, tplUserCode)
 		return
 	}
@@ -81,17 +66,17 @@ func CodeSearch(ctx *context.Context) {
 
 	var (
 		total                 int
-		searchResults         []*code_indexer.Result
+		searchResults         code_indexer.Results
 		searchResultLanguages []*code_indexer.SearchResultLanguages
 	)
 
 	if len(repoIDs) > 0 {
 		total, searchResults, searchResultLanguages, err = code_indexer.PerformSearch(ctx, &code_indexer.SearchOptions{
 			RepoIDs:  repoIDs,
-			Keyword:  keyword,
+			Keyword:  opts.Keyword,
 			Mode:     mode,
-			Language: language,
-			Filename: path,
+			Language: opts.Language,
+			Filename: opts.Path,
 			Paginator: &db.ListOptions{
 				Page:     page,
 				PageSize: setting.UI.RepoSearchPagingNum,
@@ -107,20 +92,7 @@ func CodeSearch(ctx *context.Context) {
 			ctx.Data["CodeIndexerUnavailable"] = !code_indexer.IsAvailable(ctx)
 		}
 
-		loadRepoIDs := make([]int64, 0, len(searchResults))
-		for _, result := range searchResults {
-			var find bool
-			for _, id := range loadRepoIDs {
-				if id == result.RepoID {
-					find = true
-					break
-				}
-			}
-			if !find {
-				loadRepoIDs = append(loadRepoIDs, result.RepoID)
-			}
-		}
-
+		loadRepoIDs := searchResults.RepoIDs()
 		repoMaps, err := repo_model.GetRepositoriesMapByIDs(ctx, loadRepoIDs)
 		if err != nil {
 			ctx.ServerError("GetRepositoriesMapByIDs", err)

From 973ff28f44e6df8cc943308ca2d3e24d4e858ecc Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Tue, 23 Dec 2025 04:39:26 +0100
Subject: [PATCH 041/854] chore(test): separate and move around i18n testing
 (#10539)

Closes #10534

The primary code change is that `TestMissingTranslationHandling` was converted to a unit test.

However translation unit tests were a mix of mostly unrelated old (INI) and new (JSON) code with unclear licensing. It was cleaned up with help of Git history.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10539
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 .../bin/lint-locale-usage.go                  |   2 +-
 modules/translation/i18n/i18n_ini_test.go     | 206 ++++++++++++++++
 modules/translation/i18n/i18n_test.go         | 232 +++---------------
 modules/translation/plural_rules_test.go      | 120 +++++++++
 modules/translation/translation.go            |   1 +
 modules/translation/translation_test.go       | 111 +--------
 tests/integration/translations_test.go        |  23 --
 7 files changed, 365 insertions(+), 330 deletions(-)
 create mode 100644 modules/translation/i18n/i18n_ini_test.go
 create mode 100644 modules/translation/plural_rules_test.go

diff --git a/build/lint-locale-usage/bin/lint-locale-usage.go b/build/lint-locale-usage/bin/lint-locale-usage.go
index d9cdf9f321..311e632461 100644
--- a/build/lint-locale-usage/bin/lint-locale-usage.go
+++ b/build/lint-locale-usage/bin/lint-locale-usage.go
@@ -302,7 +302,7 @@ func main() {
 			if name == "docker" || name == ".git" || name == "node_modules" {
 				return fs.SkipDir
 			}
-		} else if name == "bindata.go" || fpath == "modules/translation/i18n/i18n_test.go" {
+		} else if name == "bindata.go" || fpath == "modules/translation/i18n/i18n_test.go" || fpath == "modules/translation/i18n/i18n_ini_test.go" {
 			// skip false positives
 		} else if strings.HasSuffix(name, ".go") {
 			onError(HandleGoFile(handler, fpath, nil))
diff --git a/modules/translation/i18n/i18n_ini_test.go b/modules/translation/i18n/i18n_ini_test.go
new file mode 100644
index 0000000000..64c5d167c0
--- /dev/null
+++ b/modules/translation/i18n/i18n_ini_test.go
@@ -0,0 +1,206 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package i18n
+
+import (
+	"html/template"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestLocaleStoreINI(t *testing.T) {
+	testData1 := []byte(`
+.dot.name = Dot Name
+fmt = %[1]s %[2]s
+
+[section]
+sub = Sub String
+mixed = test value; <span style="color: red\; background: none;">%s</span>
+`)
+
+	testData2 := []byte(`
+fmt = %[2]s %[1]s
+
+[section]
+sub = Changed Sub String
+`)
+
+	ls := NewLocaleStore()
+	require.NoError(t, ls.AddLocaleByIni("lang1", "Lang1", MockPluralRuleEnglish, UsedPluralFormsEnglish, testData1, nil))
+	require.NoError(t, ls.AddLocaleByIni("lang2", "Lang2", MockPluralRule, UsedPluralFormsMock, testData2, nil))
+	ls.SetDefaultLang("lang1")
+
+	lang1, _ := ls.Locale("lang1")
+	lang2, _ := ls.Locale("lang2")
+
+	result := lang1.TrString("fmt", "a", "b")
+	assert.Equal(t, "a b", result)
+
+	result = lang2.TrString("fmt", "a", "b")
+	assert.Equal(t, "b a", result)
+
+	result = lang1.TrString("section.sub")
+	assert.Equal(t, "Sub String", result)
+
+	result = lang2.TrString("section.sub")
+	assert.Equal(t, "Changed Sub String", result)
+
+	langNone, _ := ls.Locale("none")
+	result = langNone.TrString(".dot.name")
+	assert.Equal(t, "Dot Name", result)
+
+	result2 := lang2.TrHTML("section.mixed", "a&b")
+	assert.EqualValues(t, `test value; <span style="color: red; background: none;">a&amp;b</span>`, result2)
+
+	langs, descs := ls.ListLangNameDesc()
+	assert.ElementsMatch(t, []string{"lang1", "lang2"}, langs)
+	assert.ElementsMatch(t, []string{"Lang1", "Lang2"}, descs)
+
+	found := lang1.HasKey("no-such")
+	assert.False(t, found)
+	assert.Equal(t, "no-such", lang1.TrString("no-such"))
+	require.NoError(t, ls.Close())
+}
+
+func TestLocaleStoreMoreSource(t *testing.T) {
+	testData1 := []byte(`
+a=11
+b=12
+`)
+
+	testData2 := []byte(`
+b=21
+c=22
+`)
+
+	ls := NewLocaleStore()
+	require.NoError(t, ls.AddLocaleByIni("lang1", "Lang1", MockPluralRule, UsedPluralFormsMock, testData1, testData2))
+	lang1, _ := ls.Locale("lang1")
+	assert.Equal(t, "11", lang1.TrString("a"))
+	assert.Equal(t, "21", lang1.TrString("b"))
+	assert.Equal(t, "22", lang1.TrString("c"))
+}
+
+type stringerPointerReceiver struct {
+	s string
+}
+
+func (s *stringerPointerReceiver) String() string {
+	return s.s
+}
+
+type stringerStructReceiver struct {
+	s string
+}
+
+func (s stringerStructReceiver) String() string {
+	return s.s
+}
+
+type errorStructReceiver struct {
+	s string
+}
+
+func (e errorStructReceiver) Error() string {
+	return e.s
+}
+
+type errorPointerReceiver struct {
+	s string
+}
+
+func (e *errorPointerReceiver) Error() string {
+	return e.s
+}
+
+func TestLocaleWithTemplate(t *testing.T) {
+	ls := NewLocaleStore()
+	require.NoError(t, ls.AddLocaleByIni("lang1", "Lang1", MockPluralRule, UsedPluralFormsMock, []byte(`key=<a>%s</a>`), nil))
+	lang1, _ := ls.Locale("lang1")
+
+	tmpl := template.New("test").Funcs(template.FuncMap{"tr": lang1.TrHTML})
+	tmpl = template.Must(tmpl.Parse(`{{tr "key" .var}}`))
+
+	cases := []struct {
+		in   any
+		want string
+	}{
+		{"<str>", "<a>&lt;str&gt;</a>"},
+		{[]byte("<bytes>"), "<a>[60 98 121 116 101 115 62]</a>"},
+		{template.HTML("<html>"), "<a><html></a>"},
+		{stringerPointerReceiver{"<stringerPointerReceiver>"}, "<a>{&lt;stringerPointerReceiver&gt;}</a>"},
+		{&stringerPointerReceiver{"<stringerPointerReceiver ptr>"}, "<a>&lt;stringerPointerReceiver ptr&gt;</a>"},
+		{stringerStructReceiver{"<stringerStructReceiver>"}, "<a>&lt;stringerStructReceiver&gt;</a>"},
+		{&stringerStructReceiver{"<stringerStructReceiver ptr>"}, "<a>&lt;stringerStructReceiver ptr&gt;</a>"},
+		{errorStructReceiver{"<errorStructReceiver>"}, "<a>&lt;errorStructReceiver&gt;</a>"},
+		{&errorStructReceiver{"<errorStructReceiver ptr>"}, "<a>&lt;errorStructReceiver ptr&gt;</a>"},
+		{errorPointerReceiver{"<errorPointerReceiver>"}, "<a>{&lt;errorPointerReceiver&gt;}</a>"},
+		{&errorPointerReceiver{"<errorPointerReceiver ptr>"}, "<a>&lt;errorPointerReceiver ptr&gt;</a>"},
+	}
+
+	buf := &strings.Builder{}
+	for _, c := range cases {
+		buf.Reset()
+		require.NoError(t, tmpl.Execute(buf, map[string]any{"var": c.in}))
+		assert.Equal(t, c.want, buf.String())
+	}
+}
+
+func TestLocaleStoreQuirks(t *testing.T) {
+	const nl = "\n"
+	q := func(q1, s string, q2 ...string) string {
+		return q1 + s + strings.Join(q2, "")
+	}
+	testDataList := []struct {
+		in   string
+		out  string
+		hint string
+	}{
+		{` xx`, `xx`, "simple, no quote"},
+		{`" xx"`, ` xx`, "simple, double-quote"},
+		{`' xx'`, ` xx`, "simple, single-quote"},
+		{"` xx`", ` xx`, "simple, back-quote"},
+
+		{`x\"y`, `x\"y`, "no unescape, simple"},
+		{q(`"`, `x\"y`, `"`), `"x\"y"`, "unescape, double-quote"},
+		{q(`'`, `x\"y`, `'`), `x\"y`, "no unescape, single-quote"},
+		{q("`", `x\"y`, "`"), `x\"y`, "no unescape, back-quote"},
+
+		{q(`"`, `x\"y`) + nl + "b=", `"x\"y`, "half open, double-quote"},
+		{q(`'`, `x\"y`) + nl + "b=", `'x\"y`, "half open, single-quote"},
+		{q("`", `x\"y`) + nl + "b=`", `x\"y` + nl + "b=", "half open, back-quote, multi-line"},
+
+		{`x ; y`, `x ; y`, "inline comment (;)"},
+		{`x # y`, `x # y`, "inline comment (#)"},
+		{`x \; y`, `x ; y`, `inline comment (\;)`},
+		{`x \# y`, `x # y`, `inline comment (\#)`},
+	}
+
+	for _, testData := range testDataList {
+		ls := NewLocaleStore()
+		err := ls.AddLocaleByIni("lang1", "Lang1", nil, nil, []byte("a="+testData.in), nil)
+		lang1, _ := ls.Locale("lang1")
+		require.NoError(t, err, testData.hint)
+		assert.Equal(t, testData.out, lang1.TrString("a"), testData.hint)
+		require.NoError(t, ls.Close())
+	}
+
+	// TODO: Crowdin needs the strings to be quoted correctly and doesn't like incomplete quotes
+	//       and Crowdin always outputs quoted strings if there are quotes in the strings.
+	//       So, Gitea's `key="quoted" unquoted` content shouldn't be used on Crowdin directly,
+	//       it should be converted to `key="\"quoted\" unquoted"` first.
+	// TODO: We can not use UnescapeValueDoubleQuotes=true, because there are a lot of back-quotes in en-US.ini,
+	//       then Crowdin will output:
+	//       > key = "`x \" y`"
+	//       Then Gitea will read a string with back-quotes, which is incorrect.
+	// TODO: Crowdin might generate multi-line strings, quoted by double-quote, it's not supported by LocaleStore
+	//       LocaleStore uses back-quote for multi-line strings, it's not supported by Crowdin.
+	// TODO: Crowdin doesn't support back-quote as string quoter, it mainly uses double-quote
+	//       so, the following line will be parsed as: value="`first", comment="second`" on Crowdin
+	//       > a = `first; second`
+}
diff --git a/modules/translation/i18n/i18n_test.go b/modules/translation/i18n/i18n_test.go
index ac086d75d9..8dfdb36127 100644
--- a/modules/translation/i18n/i18n_test.go
+++ b/modules/translation/i18n/i18n_test.go
@@ -1,10 +1,9 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Copyright 2024-2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
 
 package i18n
 
 import (
-	"html/template"
 	"strings"
 	"testing"
 
@@ -37,24 +36,7 @@ var (
 	UsedPluralFormsMock    = []PluralFormIndex{PluralFormZero, PluralFormOne, PluralFormFew, PluralFormOther}
 )
 
-func TestLocaleStore(t *testing.T) {
-	testData1 := []byte(`
-.dot.name = Dot Name
-fmt = %[1]s %[2]s
-
-[section]
-sub = Sub String
-mixed = test value; <span style="color: red\; background: none;">%s</span>
-`)
-
-	testData2 := []byte(`
-fmt = %[2]s %[1]s
-
-[section]
-sub = Changed Sub String
-commits = fallback value for commits
-`)
-
+func TestLocaleStoreJSON(t *testing.T) {
 	testDataJSON2 := []byte(`
 {
 	"section.json": "the JSON is %s",
@@ -90,35 +72,18 @@ commits = fallback value for commits
 `)
 
 	ls := NewLocaleStore()
-	require.NoError(t, ls.AddLocaleByIni("lang1", "Lang1", MockPluralRuleEnglish, UsedPluralFormsEnglish, testData1, nil))
-	require.NoError(t, ls.AddLocaleByIni("lang2", "Lang2", MockPluralRule, UsedPluralFormsMock, testData2, nil))
+
+	// Currently LocaleStore has to be first populated with langcodes via AddLocaleByIni
+	require.NoError(t, ls.AddLocaleByIni("lang1", "Lang1", MockPluralRuleEnglish, UsedPluralFormsEnglish, []byte(""), nil))
+	require.NoError(t, ls.AddLocaleByIni("lang2", "Lang2", MockPluralRule, UsedPluralFormsMock, []byte(""), nil))
+
 	require.NoError(t, ls.AddToLocaleFromJSON("lang1", testDataJSON1))
 	require.NoError(t, ls.AddToLocaleFromJSON("lang2", testDataJSON2))
-	ls.SetDefaultLang("lang1")
 
-	lang1, _ := ls.Locale("lang1")
+	ls.SetDefaultLang("lang1")
 	lang2, _ := ls.Locale("lang2")
 
-	result := lang1.TrString("fmt", "a", "b")
-	assert.Equal(t, "a b", result)
-
-	result = lang2.TrString("fmt", "a", "b")
-	assert.Equal(t, "b a", result)
-
-	result = lang1.TrString("section.sub")
-	assert.Equal(t, "Sub String", result)
-
-	result = lang2.TrString("section.sub")
-	assert.Equal(t, "Changed Sub String", result)
-
-	langNone, _ := ls.Locale("none")
-	result = langNone.TrString(".dot.name")
-	assert.Equal(t, "Dot Name", result)
-
-	result2 := lang2.TrHTML("section.mixed", "a&b")
-	assert.EqualValues(t, `test value; <span style="color: red; background: none;">a&amp;b</span>`, result2)
-
-	result = lang2.TrString("section.json", "valid")
+	result := lang2.TrString("section.json", "valid")
 	assert.Equal(t, "the JSON is valid", result)
 
 	result = lang2.TrString("nested.outer.inner.json")
@@ -127,7 +92,7 @@ commits = fallback value for commits
 	result = lang2.TrString("section.commits")
 	assert.Equal(t, "lots of %d commits", result)
 
-	result2 = lang2.TrPluralString(1, "section.commits", 1)
+	result2 := lang2.TrPluralString(1, "section.commits", 1)
 	assert.EqualValues(t, "one 1 commit", result2)
 
 	result2 = lang2.TrPluralString(3, "section.commits", 3)
@@ -156,159 +121,34 @@ commits = fallback value for commits
 
 	result2 = lang2.TrPluralString(7, "section.incomplete", 7)
 	assert.EqualValues(t, "[untranslated] some 7 objects", result2)
+}
 
-	langs, descs := ls.ListLangNameDesc()
-	assert.ElementsMatch(t, []string{"lang1", "lang2"}, langs)
-	assert.ElementsMatch(t, []string{"Lang1", "Lang2"}, descs)
+func TestMissingTranslationHandling(t *testing.T) {
+	ls := NewLocaleStore()
 
-	// Test HasKey for JSON
-	found := lang2.HasKey("section.json")
+	// Currently LocaleStore has to be first populated with langcodes via AddLocaleByIni
+	require.NoError(t, ls.AddLocaleByIni("en-US", "English", MockPluralRuleEnglish, UsedPluralFormsEnglish, []byte(""), nil))
+	require.NoError(t, ls.AddLocaleByIni("fun", "Funlang", MockPluralRule, UsedPluralFormsMock, []byte(""), nil))
+
+	require.NoError(t, ls.AddToLocaleFromJSON("en-US", []byte(`
+{
+	"incorrect_root_url": "This Forgejo instance...",
+	"meta.last_line": "Hi there!"
+}`)))
+	require.NoError(t, ls.AddToLocaleFromJSON("fun", []byte(`
+{
+	"meta.last_line": "This language only has one line that is never used by the UI. It will never have a translation for incorrect_root_url"
+}`)))
+
+	ls.SetDefaultLang("en-US")
+
+	// Get "fun" locale, make sure it's available
+	funLocale, found := ls.Locale("fun")
 	assert.True(t, found)
 
-	// Test HasKey for INI
-	found = lang2.HasKey("section.sub")
-	assert.True(t, found)
+	// Get translation for a string that this locale doesn't have
+	s := funLocale.TrString("incorrect_root_url")
 
-	found = lang1.HasKey("no-such")
-	assert.False(t, found)
-	assert.Equal(t, "no-such", lang1.TrString("no-such"))
-	require.NoError(t, ls.Close())
-}
-
-func TestLocaleStoreMoreSource(t *testing.T) {
-	testData1 := []byte(`
-a=11
-b=12
-`)
-
-	testData2 := []byte(`
-b=21
-c=22
-`)
-
-	ls := NewLocaleStore()
-	require.NoError(t, ls.AddLocaleByIni("lang1", "Lang1", MockPluralRule, UsedPluralFormsMock, testData1, testData2))
-	lang1, _ := ls.Locale("lang1")
-	assert.Equal(t, "11", lang1.TrString("a"))
-	assert.Equal(t, "21", lang1.TrString("b"))
-	assert.Equal(t, "22", lang1.TrString("c"))
-}
-
-type stringerPointerReceiver struct {
-	s string
-}
-
-func (s *stringerPointerReceiver) String() string {
-	return s.s
-}
-
-type stringerStructReceiver struct {
-	s string
-}
-
-func (s stringerStructReceiver) String() string {
-	return s.s
-}
-
-type errorStructReceiver struct {
-	s string
-}
-
-func (e errorStructReceiver) Error() string {
-	return e.s
-}
-
-type errorPointerReceiver struct {
-	s string
-}
-
-func (e *errorPointerReceiver) Error() string {
-	return e.s
-}
-
-func TestLocaleWithTemplate(t *testing.T) {
-	ls := NewLocaleStore()
-	require.NoError(t, ls.AddLocaleByIni("lang1", "Lang1", MockPluralRule, UsedPluralFormsMock, []byte(`key=<a>%s</a>`), nil))
-	lang1, _ := ls.Locale("lang1")
-
-	tmpl := template.New("test").Funcs(template.FuncMap{"tr": lang1.TrHTML})
-	tmpl = template.Must(tmpl.Parse(`{{tr "key" .var}}`))
-
-	cases := []struct {
-		in   any
-		want string
-	}{
-		{"<str>", "<a>&lt;str&gt;</a>"},
-		{[]byte("<bytes>"), "<a>[60 98 121 116 101 115 62]</a>"},
-		{template.HTML("<html>"), "<a><html></a>"},
-		{stringerPointerReceiver{"<stringerPointerReceiver>"}, "<a>{&lt;stringerPointerReceiver&gt;}</a>"},
-		{&stringerPointerReceiver{"<stringerPointerReceiver ptr>"}, "<a>&lt;stringerPointerReceiver ptr&gt;</a>"},
-		{stringerStructReceiver{"<stringerStructReceiver>"}, "<a>&lt;stringerStructReceiver&gt;</a>"},
-		{&stringerStructReceiver{"<stringerStructReceiver ptr>"}, "<a>&lt;stringerStructReceiver ptr&gt;</a>"},
-		{errorStructReceiver{"<errorStructReceiver>"}, "<a>&lt;errorStructReceiver&gt;</a>"},
-		{&errorStructReceiver{"<errorStructReceiver ptr>"}, "<a>&lt;errorStructReceiver ptr&gt;</a>"},
-		{errorPointerReceiver{"<errorPointerReceiver>"}, "<a>{&lt;errorPointerReceiver&gt;}</a>"},
-		{&errorPointerReceiver{"<errorPointerReceiver ptr>"}, "<a>&lt;errorPointerReceiver ptr&gt;</a>"},
-	}
-
-	buf := &strings.Builder{}
-	for _, c := range cases {
-		buf.Reset()
-		require.NoError(t, tmpl.Execute(buf, map[string]any{"var": c.in}))
-		assert.Equal(t, c.want, buf.String())
-	}
-}
-
-func TestLocaleStoreQuirks(t *testing.T) {
-	const nl = "\n"
-	q := func(q1, s string, q2 ...string) string {
-		return q1 + s + strings.Join(q2, "")
-	}
-	testDataList := []struct {
-		in   string
-		out  string
-		hint string
-	}{
-		{` xx`, `xx`, "simple, no quote"},
-		{`" xx"`, ` xx`, "simple, double-quote"},
-		{`' xx'`, ` xx`, "simple, single-quote"},
-		{"` xx`", ` xx`, "simple, back-quote"},
-
-		{`x\"y`, `x\"y`, "no unescape, simple"},
-		{q(`"`, `x\"y`, `"`), `"x\"y"`, "unescape, double-quote"},
-		{q(`'`, `x\"y`, `'`), `x\"y`, "no unescape, single-quote"},
-		{q("`", `x\"y`, "`"), `x\"y`, "no unescape, back-quote"},
-
-		{q(`"`, `x\"y`) + nl + "b=", `"x\"y`, "half open, double-quote"},
-		{q(`'`, `x\"y`) + nl + "b=", `'x\"y`, "half open, single-quote"},
-		{q("`", `x\"y`) + nl + "b=`", `x\"y` + nl + "b=", "half open, back-quote, multi-line"},
-
-		{`x ; y`, `x ; y`, "inline comment (;)"},
-		{`x # y`, `x # y`, "inline comment (#)"},
-		{`x \; y`, `x ; y`, `inline comment (\;)`},
-		{`x \# y`, `x # y`, `inline comment (\#)`},
-	}
-
-	for _, testData := range testDataList {
-		ls := NewLocaleStore()
-		err := ls.AddLocaleByIni("lang1", "Lang1", nil, nil, []byte("a="+testData.in), nil)
-		lang1, _ := ls.Locale("lang1")
-		require.NoError(t, err, testData.hint)
-		assert.Equal(t, testData.out, lang1.TrString("a"), testData.hint)
-		require.NoError(t, ls.Close())
-	}
-
-	// TODO: Crowdin needs the strings to be quoted correctly and doesn't like incomplete quotes
-	//       and Crowdin always outputs quoted strings if there are quotes in the strings.
-	//       So, Gitea's `key="quoted" unquoted` content shouldn't be used on Crowdin directly,
-	//       it should be converted to `key="\"quoted\" unquoted"` first.
-	// TODO: We can not use UnescapeValueDoubleQuotes=true, because there are a lot of back-quotes in en-US.ini,
-	//       then Crowdin will output:
-	//       > key = "`x \" y`"
-	//       Then Gitea will read a string with back-quotes, which is incorrect.
-	// TODO: Crowdin might generate multi-line strings, quoted by double-quote, it's not supported by LocaleStore
-	//       LocaleStore uses back-quote for multi-line strings, it's not supported by Crowdin.
-	// TODO: Crowdin doesn't support back-quote as string quoter, it mainly uses double-quote
-	//       so, the following line will be parsed as: value="`first", comment="second`" on Crowdin
-	//       > a = `first; second`
+	// Verify fallback to English
+	assert.True(t, strings.HasPrefix(s, "This Forgejo instance..."))
 }
diff --git a/modules/translation/plural_rules_test.go b/modules/translation/plural_rules_test.go
new file mode 100644
index 0000000000..d3a9a15905
--- /dev/null
+++ b/modules/translation/plural_rules_test.go
@@ -0,0 +1,120 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package translation
+
+import (
+	"testing"
+
+	"forgejo.org/modules/translation/i18n"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetPluralRule(t *testing.T) {
+	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("en"))
+	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("en-US"))
+	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("en_UK"))
+	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("nds"))
+	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("de-DE"))
+
+	assert.Equal(t, PluralRuleOneForm, GetPluralRuleImpl("zh"))
+	assert.Equal(t, PluralRuleOneForm, GetPluralRuleImpl("ja"))
+
+	assert.Equal(t, PluralRuleBengali, GetPluralRuleImpl("bn"))
+
+	assert.Equal(t, PluralRuleIcelandic, GetPluralRuleImpl("is"))
+
+	assert.Equal(t, PluralRuleFilipino, GetPluralRuleImpl("fil"))
+
+	assert.Equal(t, PluralRuleCzech, GetPluralRuleImpl("cs"))
+
+	assert.Equal(t, PluralRuleRussian, GetPluralRuleImpl("ru"))
+
+	assert.Equal(t, PluralRulePolish, GetPluralRuleImpl("pl"))
+
+	assert.Equal(t, PluralRuleLatvian, GetPluralRuleImpl("lv"))
+
+	assert.Equal(t, PluralRuleLithuanian, GetPluralRuleImpl("lt"))
+
+	assert.Equal(t, PluralRuleFrench, GetPluralRuleImpl("fr"))
+
+	assert.Equal(t, PluralRuleCatalan, GetPluralRuleImpl("ca"))
+
+	assert.Equal(t, PluralRuleSlovenian, GetPluralRuleImpl("sl"))
+
+	assert.Equal(t, PluralRuleArabic, GetPluralRuleImpl("ar"))
+
+	assert.Equal(t, PluralRuleCatalan, GetPluralRuleImpl("pt-PT"))
+	assert.Equal(t, PluralRuleFrench, GetPluralRuleImpl("pt-BR"))
+
+	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("invalid"))
+}
+
+func TestApplyPluralRule(t *testing.T) {
+	testCases := []struct {
+		expect     i18n.PluralFormIndex
+		pluralRule int
+		values     []int64
+	}{
+		{i18n.PluralFormOne, PluralRuleDefault, []int64{1}},
+		{i18n.PluralFormOther, PluralRuleDefault, []int64{0, 2, 10, 256}},
+
+		{i18n.PluralFormOther, PluralRuleOneForm, []int64{0, 1, 2}},
+
+		{i18n.PluralFormOne, PluralRuleBengali, []int64{0, 1}},
+		{i18n.PluralFormOther, PluralRuleBengali, []int64{2, 10, 256}},
+
+		{i18n.PluralFormOne, PluralRuleIcelandic, []int64{1, 21, 31}},
+		{i18n.PluralFormOther, PluralRuleIcelandic, []int64{0, 2, 11, 15, 256}},
+
+		{i18n.PluralFormOne, PluralRuleFilipino, []int64{0, 1, 2, 3, 5, 7, 8, 10, 11, 12, 257}},
+		{i18n.PluralFormOther, PluralRuleFilipino, []int64{4, 6, 9, 14, 16, 19, 256}},
+
+		{i18n.PluralFormOne, PluralRuleCzech, []int64{1}},
+		{i18n.PluralFormFew, PluralRuleCzech, []int64{2, 3, 4}},
+		{i18n.PluralFormOther, PluralRuleCzech, []int64{5, 0, 12, 78, 254}},
+
+		{i18n.PluralFormOne, PluralRuleRussian, []int64{1, 21, 31}},
+		{i18n.PluralFormFew, PluralRuleRussian, []int64{2, 23, 34}},
+		{i18n.PluralFormMany, PluralRuleRussian, []int64{0, 5, 11, 37, 111, 256}},
+
+		{i18n.PluralFormOne, PluralRulePolish, []int64{1}},
+		{i18n.PluralFormFew, PluralRulePolish, []int64{2, 23, 34}},
+		{i18n.PluralFormMany, PluralRulePolish, []int64{0, 5, 11, 21, 37, 256}},
+
+		{i18n.PluralFormZero, PluralRuleLatvian, []int64{0, 10, 11, 17}},
+		{i18n.PluralFormOne, PluralRuleLatvian, []int64{1, 21, 71}},
+		{i18n.PluralFormOther, PluralRuleLatvian, []int64{2, 7, 22, 23, 256}},
+
+		{i18n.PluralFormOne, PluralRuleLithuanian, []int64{1, 21, 31}},
+		{i18n.PluralFormFew, PluralRuleLithuanian, []int64{2, 5, 9, 23, 34, 256}},
+		{i18n.PluralFormMany, PluralRuleLithuanian, []int64{0, 10, 11, 18}},
+
+		{i18n.PluralFormOne, PluralRuleFrench, []int64{0, 1}},
+		{i18n.PluralFormMany, PluralRuleFrench, []int64{1000000, 2000000}},
+		{i18n.PluralFormOther, PluralRuleFrench, []int64{2, 4, 10, 256}},
+
+		{i18n.PluralFormOne, PluralRuleCatalan, []int64{1}},
+		{i18n.PluralFormMany, PluralRuleCatalan, []int64{1000000, 2000000}},
+		{i18n.PluralFormOther, PluralRuleCatalan, []int64{0, 2, 4, 10, 256}},
+
+		{i18n.PluralFormOne, PluralRuleSlovenian, []int64{1, 101, 201, 501}},
+		{i18n.PluralFormTwo, PluralRuleSlovenian, []int64{2, 102, 202, 502}},
+		{i18n.PluralFormFew, PluralRuleSlovenian, []int64{3, 103, 203, 503, 4, 104, 204, 504}},
+		{i18n.PluralFormOther, PluralRuleSlovenian, []int64{0, 5, 11, 12, 20, 256}},
+
+		{i18n.PluralFormZero, PluralRuleArabic, []int64{0}},
+		{i18n.PluralFormOne, PluralRuleArabic, []int64{1}},
+		{i18n.PluralFormTwo, PluralRuleArabic, []int64{2}},
+		{i18n.PluralFormFew, PluralRuleArabic, []int64{3, 4, 9, 10, 103, 104}},
+		{i18n.PluralFormMany, PluralRuleArabic, []int64{11, 12, 13, 14, 17, 111, 256}},
+		{i18n.PluralFormOther, PluralRuleArabic, []int64{100, 101, 102}},
+	}
+
+	for _, tc := range testCases {
+		for _, n := range tc.values {
+			assert.Equal(t, tc.expect, PluralRules[tc.pluralRule](n), "Testcase for plural rule %d, value %d", tc.pluralRule, n)
+		}
+	}
+}
diff --git a/modules/translation/translation.go b/modules/translation/translation.go
index 42441115af..fdd71fe608 100644
--- a/modules/translation/translation.go
+++ b/modules/translation/translation.go
@@ -1,4 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
+// Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package translation
diff --git a/modules/translation/translation_test.go b/modules/translation/translation_test.go
index 7584490941..34b1ebf91f 100644
--- a/modules/translation/translation_test.go
+++ b/modules/translation/translation_test.go
@@ -1,10 +1,9 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package translation
 
-// TODO: make this package friendly to testing
-
 import (
 	"testing"
 
@@ -48,111 +47,3 @@ func TestPrettyNumber(t *testing.T) {
 	assert.Equal(t, "1,000,000", l.PrettyNumber(1000000))
 	assert.Equal(t, "1,000,000.1", l.PrettyNumber(1000000.1))
 }
-
-func TestGetPluralRule(t *testing.T) {
-	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("en"))
-	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("en-US"))
-	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("en_UK"))
-	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("nds"))
-	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("de-DE"))
-
-	assert.Equal(t, PluralRuleOneForm, GetPluralRuleImpl("zh"))
-	assert.Equal(t, PluralRuleOneForm, GetPluralRuleImpl("ja"))
-
-	assert.Equal(t, PluralRuleBengali, GetPluralRuleImpl("bn"))
-
-	assert.Equal(t, PluralRuleIcelandic, GetPluralRuleImpl("is"))
-
-	assert.Equal(t, PluralRuleFilipino, GetPluralRuleImpl("fil"))
-
-	assert.Equal(t, PluralRuleCzech, GetPluralRuleImpl("cs"))
-
-	assert.Equal(t, PluralRuleRussian, GetPluralRuleImpl("ru"))
-
-	assert.Equal(t, PluralRulePolish, GetPluralRuleImpl("pl"))
-
-	assert.Equal(t, PluralRuleLatvian, GetPluralRuleImpl("lv"))
-
-	assert.Equal(t, PluralRuleLithuanian, GetPluralRuleImpl("lt"))
-
-	assert.Equal(t, PluralRuleFrench, GetPluralRuleImpl("fr"))
-
-	assert.Equal(t, PluralRuleCatalan, GetPluralRuleImpl("ca"))
-
-	assert.Equal(t, PluralRuleSlovenian, GetPluralRuleImpl("sl"))
-
-	assert.Equal(t, PluralRuleArabic, GetPluralRuleImpl("ar"))
-
-	assert.Equal(t, PluralRuleCatalan, GetPluralRuleImpl("pt-PT"))
-	assert.Equal(t, PluralRuleFrench, GetPluralRuleImpl("pt-BR"))
-
-	assert.Equal(t, PluralRuleDefault, GetPluralRuleImpl("invalid"))
-}
-
-func TestApplyPluralRule(t *testing.T) {
-	testCases := []struct {
-		expect     i18n.PluralFormIndex
-		pluralRule int
-		values     []int64
-	}{
-		{i18n.PluralFormOne, PluralRuleDefault, []int64{1}},
-		{i18n.PluralFormOther, PluralRuleDefault, []int64{0, 2, 10, 256}},
-
-		{i18n.PluralFormOther, PluralRuleOneForm, []int64{0, 1, 2}},
-
-		{i18n.PluralFormOne, PluralRuleBengali, []int64{0, 1}},
-		{i18n.PluralFormOther, PluralRuleBengali, []int64{2, 10, 256}},
-
-		{i18n.PluralFormOne, PluralRuleIcelandic, []int64{1, 21, 31}},
-		{i18n.PluralFormOther, PluralRuleIcelandic, []int64{0, 2, 11, 15, 256}},
-
-		{i18n.PluralFormOne, PluralRuleFilipino, []int64{0, 1, 2, 3, 5, 7, 8, 10, 11, 12, 257}},
-		{i18n.PluralFormOther, PluralRuleFilipino, []int64{4, 6, 9, 14, 16, 19, 256}},
-
-		{i18n.PluralFormOne, PluralRuleCzech, []int64{1}},
-		{i18n.PluralFormFew, PluralRuleCzech, []int64{2, 3, 4}},
-		{i18n.PluralFormOther, PluralRuleCzech, []int64{5, 0, 12, 78, 254}},
-
-		{i18n.PluralFormOne, PluralRuleRussian, []int64{1, 21, 31}},
-		{i18n.PluralFormFew, PluralRuleRussian, []int64{2, 23, 34}},
-		{i18n.PluralFormMany, PluralRuleRussian, []int64{0, 5, 11, 37, 111, 256}},
-
-		{i18n.PluralFormOne, PluralRulePolish, []int64{1}},
-		{i18n.PluralFormFew, PluralRulePolish, []int64{2, 23, 34}},
-		{i18n.PluralFormMany, PluralRulePolish, []int64{0, 5, 11, 21, 37, 256}},
-
-		{i18n.PluralFormZero, PluralRuleLatvian, []int64{0, 10, 11, 17}},
-		{i18n.PluralFormOne, PluralRuleLatvian, []int64{1, 21, 71}},
-		{i18n.PluralFormOther, PluralRuleLatvian, []int64{2, 7, 22, 23, 256}},
-
-		{i18n.PluralFormOne, PluralRuleLithuanian, []int64{1, 21, 31}},
-		{i18n.PluralFormFew, PluralRuleLithuanian, []int64{2, 5, 9, 23, 34, 256}},
-		{i18n.PluralFormMany, PluralRuleLithuanian, []int64{0, 10, 11, 18}},
-
-		{i18n.PluralFormOne, PluralRuleFrench, []int64{0, 1}},
-		{i18n.PluralFormMany, PluralRuleFrench, []int64{1000000, 2000000}},
-		{i18n.PluralFormOther, PluralRuleFrench, []int64{2, 4, 10, 256}},
-
-		{i18n.PluralFormOne, PluralRuleCatalan, []int64{1}},
-		{i18n.PluralFormMany, PluralRuleCatalan, []int64{1000000, 2000000}},
-		{i18n.PluralFormOther, PluralRuleCatalan, []int64{0, 2, 4, 10, 256}},
-
-		{i18n.PluralFormOne, PluralRuleSlovenian, []int64{1, 101, 201, 501}},
-		{i18n.PluralFormTwo, PluralRuleSlovenian, []int64{2, 102, 202, 502}},
-		{i18n.PluralFormFew, PluralRuleSlovenian, []int64{3, 103, 203, 503, 4, 104, 204, 504}},
-		{i18n.PluralFormOther, PluralRuleSlovenian, []int64{0, 5, 11, 12, 20, 256}},
-
-		{i18n.PluralFormZero, PluralRuleArabic, []int64{0}},
-		{i18n.PluralFormOne, PluralRuleArabic, []int64{1}},
-		{i18n.PluralFormTwo, PluralRuleArabic, []int64{2}},
-		{i18n.PluralFormFew, PluralRuleArabic, []int64{3, 4, 9, 10, 103, 104}},
-		{i18n.PluralFormMany, PluralRuleArabic, []int64{11, 12, 13, 14, 17, 111, 256}},
-		{i18n.PluralFormOther, PluralRuleArabic, []int64{100, 101, 102}},
-	}
-
-	for _, tc := range testCases {
-		for _, n := range tc.values {
-			assert.Equal(t, tc.expect, PluralRules[tc.pluralRule](n), "Testcase for plural rule %d, value %d", tc.pluralRule, n)
-		}
-	}
-}
diff --git a/tests/integration/translations_test.go b/tests/integration/translations_test.go
index d20355aca2..b65c9c2a67 100644
--- a/tests/integration/translations_test.go
+++ b/tests/integration/translations_test.go
@@ -12,7 +12,6 @@ import (
 
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
-	"forgejo.org/modules/translation/i18n"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
@@ -20,28 +19,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func TestMissingTranslationHandling(t *testing.T) {
-	// Currently new languages can only be added to localestore via AddLocaleByIni
-	// so this line is here to make the other one work. When INI locales are removed,
-	// it will not be needed by this test.
-	i18n.DefaultLocales.AddLocaleByIni("fun", "Funlang", nil, nil, []byte(""), nil)
-
-	// Add a testing locale to the store
-	i18n.DefaultLocales.AddToLocaleFromJSON("fun", []byte(`{
-		"meta.last_line": "This language only has one line that is never used by the UI. It will never have a translation for incorrect_root_url"
-	}`))
-
-	// Get "fun" locale, make sure it's available
-	funLocale, found := i18n.DefaultLocales.Locale("fun")
-	assert.True(t, found)
-
-	// Get translation for a string that this locale doesn't have
-	s := funLocale.TrString("incorrect_root_url")
-
-	// Verify fallback to English
-	assert.True(t, strings.HasPrefix(s, "This Forgejo instance"))
-}
-
 // TestDataSizeTranslation is a test for usage of TrSize in file size display
 func TestDataSizeTranslation(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {

From 57a40f4bcd89150837b3032ccf3bfd42b8298fe8 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Tue, 23 Dec 2025 17:49:47 +0100
Subject: [PATCH 042/854] feat: increase default limit of dispatch inputs to
 100 (#10563)

Raise the default value for LimitDispatchInputs from 10 to 100.

100 should be plenty while offering some protection against excessively large inputs. Note that the limit only applies to the number of submitted inputs, not the total number of inputs defined in a workflow.

See https://codeberg.org/forgejo/forgejo/pulls/10368 for background and motivation.

The change also prevents the dispatch menu in the UI from becoming too large.

Before:

![dispatch-before](/attachments/b335c5b8-ad1a-44fc-bbd2-99c975c2a5e5)

Afterwards (scrollbars are invisible, unfortunately):

![dispatch-after](/attachments/9934e92c-ce0d-41e5-8e57-fb453cb2736e)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10563
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 custom/conf/app.example.ini               |  4 +-
 modules/setting/actions.go                |  2 +-
 services/actions/workflows.go             |  2 +-
 tests/integration/actions_trigger_test.go | 82 +++++++++++++++++++++++
 web_src/css/actions.css                   |  4 ++
 5 files changed, 90 insertions(+), 4 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index a432a142c3..4ae02bb4c2 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -2776,8 +2776,8 @@ LEVEL = Info
 ;ABANDONED_JOB_TIMEOUT = 24h
 ;; Strings committers can place inside a commit message or PR title to skip executing the corresponding actions workflow
 ;SKIP_WORKFLOW_STRINGS = [skip ci],[ci skip],[no ci],[skip actions],[actions skip]
-;; Limit on inputs for manual / workflow_dispatch triggers, default is 10
-;LIMIT_DISPATCH_INPUTS = 10
+;; Limit on inputs for manual / workflow_dispatch triggers, default is 100
+;LIMIT_DISPATCH_INPUTS = 100
 ;; Support queuing workflow jobs, by setting `concurrency.group` & `concurrency.cancel-in-progress: false`, can increase
 ;; server and database workload due to more complex database queries and more frequent server task querying; this
 ;; feature can be disabled to reduce performance impact
diff --git a/modules/setting/actions.go b/modules/setting/actions.go
index 5cdb2cbab4..a0c8f977fa 100644
--- a/modules/setting/actions.go
+++ b/modules/setting/actions.go
@@ -29,7 +29,7 @@ var (
 		Enabled:                      true,
 		DefaultActionsURL:            defaultActionsURLForgejo,
 		SkipWorkflowStrings:          []string{"[skip ci]", "[ci skip]", "[no ci]", "[skip actions]", "[actions skip]"},
-		LimitDispatchInputs:          10,
+		LimitDispatchInputs:          100,
 		ConcurrencyGroupQueueEnabled: true,
 	}
 )
diff --git a/services/actions/workflows.go b/services/actions/workflows.go
index 1affce3379..fd5446a837 100644
--- a/services/actions/workflows.go
+++ b/services/actions/workflows.go
@@ -113,7 +113,7 @@ func (entry *Workflow) Dispatch(ctx context.Context, inputGetter InputValueGette
 	}
 
 	if int64(len(inputs)) > setting.Actions.LimitDispatchInputs {
-		return nil, nil, errors.New("to many inputs")
+		return nil, nil, errors.New("too many inputs")
 	}
 
 	jobNames := util.KeysOfMap(wf.Jobs)
diff --git a/tests/integration/actions_trigger_test.go b/tests/integration/actions_trigger_test.go
index 8c05367770..f42ced987a 100644
--- a/tests/integration/actions_trigger_test.go
+++ b/tests/integration/actions_trigger_test.go
@@ -875,6 +875,88 @@ func TestActionsWorkflowDispatch(t *testing.T) {
 	})
 }
 
+func TestActionsWorkflowDispatchRejectsInputsThatExceedLimit(t *testing.T) {
+	workflow := `
+name: test
+on:
+  workflow_dispatch:
+    inputs:
+      boolean:
+        description: 'Boolean'
+        type: boolean
+      number:
+        description: 'Number'
+        default: '100'
+        type: number
+      string:
+        description: 'String'
+        type: string
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "OK"
+`
+
+	defer test.MockVariableValue(&setting.Actions.LimitDispatchInputs, 2)()
+
+	testCases := []struct {
+		name          string
+		inputs        map[string]string
+		expectedError string
+	}{
+		{
+			name:   "below-limit",
+			inputs: map[string]string{"boolean": "true", "number": "10"},
+		},
+		{
+			name:          "beyond-limit",
+			inputs:        map[string]string{"boolean": "true", "number": "10", "string": "my input"},
+			expectedError: "too many inputs",
+		},
+	}
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		repo, sha, f := tests.CreateDeclarativeRepo(t, user2, "repo-workflow-dispatch",
+			[]unit_model.Type{unit_model.TypeActions}, nil,
+			[]*files_service.ChangeRepoFile{
+				{
+					Operation:     "create",
+					TreePath:      ".forgejo/workflows/dispatch.yaml",
+					ContentReader: strings.NewReader(workflow),
+				},
+			},
+		)
+		defer f()
+
+		gitRepo, err := gitrepo.OpenRepository(db.DefaultContext, repo)
+		require.NoError(t, err)
+		defer gitRepo.Close()
+
+		workflow, err := actions_service.GetWorkflowFromCommit(gitRepo, "main", "dispatch.yaml")
+		require.NoError(t, err)
+		assert.Equal(t, "refs/heads/main", workflow.Ref)
+		assert.Equal(t, sha, workflow.Commit.ID.String())
+
+		for _, testCase := range testCases {
+			t.Run(testCase.name, func(t *testing.T) {
+				inputGetter := func(key string) string {
+					return testCase.inputs[key]
+				}
+
+				_, _, err = workflow.Dispatch(db.DefaultContext, inputGetter, repo, user2)
+				if testCase.expectedError == "" {
+					require.NoError(t, err)
+				} else {
+					assert.EqualError(t, err, testCase.expectedError)
+				}
+			})
+		}
+	})
+}
+
 func TestActionsWorkflowDispatchDynamicMatrix(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
diff --git a/web_src/css/actions.css b/web_src/css/actions.css
index c89a70ec04..f7d1340db4 100644
--- a/web_src/css/actions.css
+++ b/web_src/css/actions.css
@@ -88,6 +88,10 @@
 #workflow_dispatch_dropdown > button {
   white-space: nowrap;
 }
+#workflow_dispatch_dropdown .menu {
+  max-height: 500px;
+  overflow-x: auto;
+}
 @media (max-width: 640px) or (767.98px < width < 854px) {
   #workflow_dispatch_dropdown .menu {
     left: auto;

From a946887af615fda1b33d85c560e610bd8ba4bc4d Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 24 Dec 2025 18:38:36 +0100
Subject: [PATCH 043/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.3.1 (forgejo) (#10575)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.3.0` -> `v12.3.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.3.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.3.0/v12.3.1?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.3.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.3.1)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.3.0...v12.3.1)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1239): <!--number 1239 --><!--line 0 --><!--description ZmVhdChqb2JwYXJzZXIpOiBzZXBhcmF0ZSB0aGUgY29uY2VwdCBvZiBhbiBpbnN0YW5jZSAmIGV4dGVybmFsIHJldXNhYmxlIHdvcmtmbG93-->feat(jobparser): separate the concept of an instance & external reusable workflow<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1237): <!--number 1237 --><!--line 0 --><!--description Zml4OiBzZWNvbmQtbGF5ZXIgcmV1c2FibGUgd29ya2Zsb3dzIGxvc2luZyB0aGVpciBpbnB1dHMgd2hlbiBleHBhbmRlZA==-->fix: second-layer reusable workflows losing their inputs when expanded<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10575
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 252b8eaeaf..0ba8e2b3ab 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.3.0
+	code.forgejo.org/forgejo/runner/v12 v12.3.1
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index df61d469f4..2f6c44c8ef 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.3.0 h1:1I171DOnzibl/zuzARLdslp71mVbnFnjsdVCEWD+Mdg=
-code.forgejo.org/forgejo/runner/v12 v12.3.0/go.mod h1:m6i/RnHQObdagTZUUPR+Nb2Th3VBLOHzjZ6tVw7F0qs=
+code.forgejo.org/forgejo/runner/v12 v12.3.1 h1:85W9+OyCZbNLo4PnTnSopg95gkUYL3FTBNxW5tWxlkI=
+code.forgejo.org/forgejo/runner/v12 v12.3.1/go.mod h1:m6i/RnHQObdagTZUUPR+Nb2Th3VBLOHzjZ6tVw7F0qs=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=

From 71623b1ab1e0e8d5720c3f5a81e50148fb8bfd33 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 24 Dec 2025 20:47:21 +0100
Subject: [PATCH 044/854] feat: expand reusable workflow calls into their inner
 jobs (#10525)

Previously, Forgejo's behaviour for an Actions reusable workflow was to send the entire job to one specific Forgejo Runner based upon its required `runs-on` label, and that single Runner would then read the workflow file and perform all the jobs inside simultaneously, merging their log output into one output (#9768).

This PR begins an implementation of expanding reusable workflows into their internal jobs.

In this PR, the most basic support is implemented for expanding reusable workflows:
- If a `runs-on` field is provided on the workflow, then the legacy behaviour of sending the reusable workflow to a runner is maintained.
- If the `runs-on` field is omitted, then the job may be expanded, if:
    - If the `uses:` is a local path within the repo -- expanded
    - If the `uses:` is a path to another repo that is on the same Forgejo server -- expanded
    - If the `uses:` is a fully-qualified URL -- not expanded

Because this is an "opt-in" implementation by omitting `runs-on`, and all existing capability is retained, I've **omitted some features** from this PR to make the scope small and manageable for review and testing.  These features will be implemented after the initial support is landed:
- Workflow input variables
- Workflow secrets
- Workflow output variables
- "Incomplete" workflows which require multiple passes to evaluate -- any job within a reusable workflow where the `with`, `runs-on`, or `strategy.matrix` fields contain an output from another job with  `${{ needs... }}`

Although this implementation has restrictions with missing features, it is intended to fix #9768.

Replaces PR #10448.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
- end-to-end testing: https://code.forgejo.org/forgejo/end-to-end/pulls/1316

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - https://codeberg.org/forgejo/docs/pulls/1648
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10525
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/run_job.go                     |  10 +
 models/actions/run_job_test.go                |  37 ++++
 models/actions/task.go                        |  38 ++++
 models/actions/task_test.go                   |  30 +++
 .../TestExpandLocalReusableWorkflows/HEAD     |   1 +
 .../TestExpandLocalReusableWorkflows/config   |   4 +
 .../description                               |   1 +
 .../info/exclude                              |   6 +
 .../38/96edb578e758154443b81c47333839651eee38 | Bin 0 -> 52 bytes
 .../7a/5539a17ce49e714463576d89b5d2c7c7d50d8f | Bin 0 -> 53 bytes
 .../a2/8b504c5e53e3448d311b4d487dc15e2b565867 | Bin 0 -> 211 bytes
 .../b8/9db1fb90367bad85b2f2c70395ab0f2e828f95 | Bin 0 -> 58 bytes
 .../e3/868ecb4f8b483fc0bdd422561bf0062a7df907 | Bin 0 -> 141 bytes
 .../refs/heads/main                           |   1 +
 .../action_run.yml                            |  19 ++
 .../action_run_job.yml                        |  50 +++++
 services/actions/job_emitter.go               |  76 +++++--
 services/actions/job_emitter_test.go          |  88 ++++++++
 services/actions/notifier_helper.go           |   2 +
 services/actions/notifier_helper_test.go      |  58 +++++
 services/actions/reusable_workflows.go        | 154 +++++++++++++
 services/actions/reusable_workflows_test.go   | 203 ++++++++++++++++++
 services/actions/schedule_tasks.go            |   7 +
 services/actions/schedule_tasks_test.go       |  95 ++++++++
 services/actions/workflows.go                 |   2 +
 tests/integration/actions_trigger_test.go     |  71 ++++++
 26 files changed, 938 insertions(+), 15 deletions(-)
 create mode 100644 services/actions/TestExpandLocalReusableWorkflows/HEAD
 create mode 100644 services/actions/TestExpandLocalReusableWorkflows/config
 create mode 100644 services/actions/TestExpandLocalReusableWorkflows/description
 create mode 100644 services/actions/TestExpandLocalReusableWorkflows/info/exclude
 create mode 100644 services/actions/TestExpandLocalReusableWorkflows/objects/38/96edb578e758154443b81c47333839651eee38
 create mode 100644 services/actions/TestExpandLocalReusableWorkflows/objects/7a/5539a17ce49e714463576d89b5d2c7c7d50d8f
 create mode 100644 services/actions/TestExpandLocalReusableWorkflows/objects/a2/8b504c5e53e3448d311b4d487dc15e2b565867
 create mode 100644 services/actions/TestExpandLocalReusableWorkflows/objects/b8/9db1fb90367bad85b2f2c70395ab0f2e828f95
 create mode 100644 services/actions/TestExpandLocalReusableWorkflows/objects/e3/868ecb4f8b483fc0bdd422561bf0062a7df907
 create mode 100644 services/actions/TestExpandLocalReusableWorkflows/refs/heads/main
 create mode 100644 services/actions/Test_tryHandleWorkflowCallOuterJob/action_run.yml
 create mode 100644 services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml
 create mode 100644 services/actions/reusable_workflows.go
 create mode 100644 services/actions/reusable_workflows_test.go

diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index 8096bfb6b5..94a9f11ed6 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -275,3 +275,13 @@ func (job *ActionRunJob) IsIncompleteRunsOn() (bool, *jobparser.IncompleteNeeds,
 	}
 	return jobWorkflow.IncompleteRunsOn, jobWorkflow.IncompleteRunsOnNeeds, jobWorkflow.IncompleteRunsOnMatrix, nil
 }
+
+// Check whether this job is a caller of a reusable workflow -- in other words, the real work done in this job is in
+// spawned child jobs, not this job.
+func (job *ActionRunJob) IsWorkflowCallOuterJob() (bool, error) {
+	jobWorkflow, err := job.decodeWorkflowPayload()
+	if err != nil {
+		return false, fmt.Errorf("failure decoding workflow payload: %w", err)
+	}
+	return jobWorkflow.Metadata.WorkflowCallID != "", nil
+}
diff --git a/models/actions/run_job_test.go b/models/actions/run_job_test.go
index 9cba48705b..82b055d3fa 100644
--- a/models/actions/run_job_test.go
+++ b/models/actions/run_job_test.go
@@ -159,3 +159,40 @@ func TestActionRunJob_IsIncompleteRunsOn(t *testing.T) {
 		})
 	}
 }
+
+func TestActionRunJob_IsWorkflowCallOuterJob(t *testing.T) {
+	tests := []struct {
+		name                   string
+		job                    ActionRunJob
+		isWorkflowCallOuterJob bool
+		errContains            string
+	}{
+		{
+			name:                   "normal workflow",
+			job:                    ActionRunJob{WorkflowPayload: []byte("name: workflow")},
+			isWorkflowCallOuterJob: false,
+		},
+		{
+			name:                   "workflow_call outer job",
+			job:                    ActionRunJob{WorkflowPayload: []byte("name: test\njobs:\n  job:\n    if: false\n__metadata:\n  workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed\n")},
+			isWorkflowCallOuterJob: true,
+		},
+		{
+			name:        "unparseable workflow",
+			job:         ActionRunJob{WorkflowPayload: []byte("name: []\nincomplete_runs_on: true")},
+			errContains: "failure unmarshaling WorkflowPayload to SingleWorkflow: yaml: unmarshal errors",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			isWorkflowCallOuterJob, err := tt.job.IsWorkflowCallOuterJob()
+			if tt.errContains != "" {
+				assert.ErrorContains(t, err, tt.errContains)
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, tt.isWorkflowCallOuterJob, isWorkflowCallOuterJob)
+			}
+		})
+	}
+}
diff --git a/models/actions/task.go b/models/actions/task.go
index 1924c816bc..517beee999 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -421,6 +421,44 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask
 	return task, true, nil
 }
 
+// Placeholder tasks are created when the status/content of an `ActionRunJob` is resolved by Forgejo without dispatch to
+// a runner, specifically in the case of a workflow call's outer job.
+func CreatePlaceholderTask(ctx context.Context, job *ActionRunJob, outputs map[string]string) (*ActionTask, error) {
+	actionTask := &ActionTask{
+		JobID:             job.ID,
+		Attempt:           1,
+		Started:           timeutil.TimeStampNow(),
+		Stopped:           timeutil.TimeStampNow(),
+		Status:            job.Status,
+		RepoID:            job.RepoID,
+		OwnerID:           job.OwnerID,
+		CommitSHA:         job.CommitSHA,
+		IsForkPullRequest: job.IsForkPullRequest,
+	}
+	// token isn't used on a placeholder task, but generation is needed due to the unique constraint on field TokenHash
+	actionTask.GenerateToken()
+
+	err := db.WithTx(ctx, func(ctx context.Context) error {
+		_, err := db.GetEngine(ctx).Insert(actionTask)
+		if err != nil {
+			return fmt.Errorf("failure inserting action_task: %w", err)
+		}
+
+		for key, value := range outputs {
+			err := InsertTaskOutputIfNotExist(ctx, actionTask.ID, key, value)
+			if err != nil {
+				return fmt.Errorf("failure inserting action_task_output %q: %w", key, err)
+			}
+		}
+
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return actionTask, nil
+}
+
 func UpdateTask(ctx context.Context, task *ActionTask, cols ...string) error {
 	sess := db.GetEngine(ctx).ID(task.ID)
 	if len(cols) > 0 {
diff --git a/models/actions/task_test.go b/models/actions/task_test.go
index 73aff17a85..831a8bc3dc 100644
--- a/models/actions/task_test.go
+++ b/models/actions/task_test.go
@@ -46,3 +46,33 @@ func TestActionTask_GetTaskByJobAttempt(t *testing.T) {
 	_, err = GetTaskByJobAttempt(t.Context(), 192, 100)
 	assert.ErrorContains(t, err, "task with job_id 192 and attempt 100: resource does not exist")
 }
+
+func TestActionTask_CreatePlaceholderTask(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	job := unittest.AssertExistsAndLoadBean(t, &ActionRunJob{ID: 396})
+	assert.EqualValues(t, 0, job.TaskID)
+
+	task, err := CreatePlaceholderTask(t.Context(), job, map[string]string{"output1": "value1", "output2": "value2"})
+	require.NoError(t, err)
+
+	assert.NotEqualValues(t, 0, task.ID)
+	assert.Equal(t, job.ID, task.JobID)
+	assert.EqualValues(t, 1, task.Attempt)
+	assert.NotEqualValues(t, 0, task.Started)
+	assert.NotEqualValues(t, 0, task.Stopped)
+	assert.Equal(t, job.Status, task.Status)
+	assert.Equal(t, job.RepoID, task.RepoID)
+	assert.Equal(t, job.OwnerID, task.OwnerID)
+	assert.Equal(t, job.CommitSHA, task.CommitSHA)
+	assert.Equal(t, job.IsForkPullRequest, task.IsForkPullRequest)
+
+	taskOutputs, err := FindTaskOutputByTaskID(t.Context(), task.ID)
+	require.NoError(t, err)
+	require.Len(t, taskOutputs, 2)
+	finalOutputs := map[string]string{}
+	for _, to := range taskOutputs {
+		finalOutputs[to.OutputKey] = to.OutputValue
+	}
+	assert.Equal(t, map[string]string{"output1": "value1", "output2": "value2"}, finalOutputs)
+}
diff --git a/services/actions/TestExpandLocalReusableWorkflows/HEAD b/services/actions/TestExpandLocalReusableWorkflows/HEAD
new file mode 100644
index 0000000000..b870d82622
--- /dev/null
+++ b/services/actions/TestExpandLocalReusableWorkflows/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/main
diff --git a/services/actions/TestExpandLocalReusableWorkflows/config b/services/actions/TestExpandLocalReusableWorkflows/config
new file mode 100644
index 0000000000..07d359d07c
--- /dev/null
+++ b/services/actions/TestExpandLocalReusableWorkflows/config
@@ -0,0 +1,4 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
diff --git a/services/actions/TestExpandLocalReusableWorkflows/description b/services/actions/TestExpandLocalReusableWorkflows/description
new file mode 100644
index 0000000000..498b267a8c
--- /dev/null
+++ b/services/actions/TestExpandLocalReusableWorkflows/description
@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.
diff --git a/services/actions/TestExpandLocalReusableWorkflows/info/exclude b/services/actions/TestExpandLocalReusableWorkflows/info/exclude
new file mode 100644
index 0000000000..a5196d1be8
--- /dev/null
+++ b/services/actions/TestExpandLocalReusableWorkflows/info/exclude
@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~
diff --git a/services/actions/TestExpandLocalReusableWorkflows/objects/38/96edb578e758154443b81c47333839651eee38 b/services/actions/TestExpandLocalReusableWorkflows/objects/38/96edb578e758154443b81c47333839651eee38
new file mode 100644
index 0000000000000000000000000000000000000000..8d466d16360bc66a99c22a54b10260ff8600d86e
GIT binary patch
literal 52
zcmV-40L%Y)0V^p=O;s>9WiT-?FfdTiOUo}xPtD3_s0y`QSo36Fp-XajZs*oZ$B$p-
K?FRrf^$_{|_!dq8

literal 0
HcmV?d00001

diff --git a/services/actions/TestExpandLocalReusableWorkflows/objects/7a/5539a17ce49e714463576d89b5d2c7c7d50d8f b/services/actions/TestExpandLocalReusableWorkflows/objects/7a/5539a17ce49e714463576d89b5d2c7c7d50d8f
new file mode 100644
index 0000000000000000000000000000000000000000..0862515191a66117192ab2c8b0715f14eaed482a
GIT binary patch
literal 53
zcmb<m)YkO!4K*-JHZU|WFbL2%uYbz#^htgFv>S%ykKc2qUCoX*ueCa7Q);?DF8F^4
JL&`%TM*#b=6te&T

literal 0
HcmV?d00001

diff --git a/services/actions/TestExpandLocalReusableWorkflows/objects/a2/8b504c5e53e3448d311b4d487dc15e2b565867 b/services/actions/TestExpandLocalReusableWorkflows/objects/a2/8b504c5e53e3448d311b4d487dc15e2b565867
new file mode 100644
index 0000000000000000000000000000000000000000..3d33afbd6485f361344c413f177733623ad3d1b9
GIT binary patch
literal 211
zcmV;^04)D_0ZYosPf{>8G-Jrmv*J=vD9<m-PRq$Jk55j_$pHx{C}idpl$I1j*a`}%
z6^Xe8IjOqEB}JKe>AFR!g{7HAsVOjN1qHZ>LP=3+DwhHjlvEa^S}8zuadG7(=B8RH
zl%y7yaAoBufep{fPcnp<0+Cb#2`Fgf<R>TQXexotDJsn?*3HkeQYcL-%_}L@EzZfz
z1xpl{q!xe;0a>Q205QNdIU^tHc(5XnTv2JBl|l`itDukyQiQ`#wn{41)ld`kaHvtJ
NtySXU0sxdKVy;5FTD|}P

literal 0
HcmV?d00001

diff --git a/services/actions/TestExpandLocalReusableWorkflows/objects/b8/9db1fb90367bad85b2f2c70395ab0f2e828f95 b/services/actions/TestExpandLocalReusableWorkflows/objects/b8/9db1fb90367bad85b2f2c70395ab0f2e828f95
new file mode 100644
index 0000000000000000000000000000000000000000..c176aef9f261a6ee056cc813ec689606e74cbb66
GIT binary patch
literal 58
zcmV-A0LA}!0V^p=O;s>4VlXr?Ff%bxC`v6YPE5*4)iu<s%*|m~)E(dx7yQ_z*HGHm
QqxN8&c34C@0Ez+-qGui#wEzGB

literal 0
HcmV?d00001

diff --git a/services/actions/TestExpandLocalReusableWorkflows/objects/e3/868ecb4f8b483fc0bdd422561bf0062a7df907 b/services/actions/TestExpandLocalReusableWorkflows/objects/e3/868ecb4f8b483fc0bdd422561bf0062a7df907
new file mode 100644
index 0000000000000000000000000000000000000000..129fc6585565d122b17869df89701e1de61ffc7a
GIT binary patch
literal 141
zcmV;80CN9$0ZY!$&CM)PFto5_C@D%!RWP=&G)qlMGBvkIH8-^|G&M0XF;22DOg1q$
zHa4~}wlp&}OifKSw%|%EEy>6)Qt(YI$;eDCRd7qq%gap6R<Oy12sorc1oZM!OY9U3
v&CN_Lj0`P|3>9<@%nb~<Al8<ol5GH2VoHiaqC$CoQFdBRemNHa$r?Q=X;?Qr

literal 0
HcmV?d00001

diff --git a/services/actions/TestExpandLocalReusableWorkflows/refs/heads/main b/services/actions/TestExpandLocalReusableWorkflows/refs/heads/main
new file mode 100644
index 0000000000..e753c68818
--- /dev/null
+++ b/services/actions/TestExpandLocalReusableWorkflows/refs/heads/main
@@ -0,0 +1 @@
+e3868ecb4f8b483fc0bdd422561bf0062a7df907
diff --git a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run.yml b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run.yml
new file mode 100644
index 0000000000..0cb546b3aa
--- /dev/null
+++ b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run.yml
@@ -0,0 +1,19 @@
+# Case w/ action_run_job.id = 601
+-
+  id: 900
+  title: "running workflow_dispatch run"
+  owner_id: 2
+  repo_id: 63
+  workflow_id: "running.yaml"
+  index: 4
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
diff --git a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml
new file mode 100644
index 0000000000..c0e55fd1a4
--- /dev/null
+++ b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml
@@ -0,0 +1,50 @@
+# Case 600 -- workflow that is not a workflow call outer job
+-
+  id: 600
+  status: 1 # success
+  started: 1683636528
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      produce-artifacts:
+        name: produce-artifacts
+        runs-on: docker
+        steps:
+          - run: echo "OK!"
+
+# Case w/ action_run_job.id = 601 -- workflow call outer job exercising every available context in the `outputs`.  Note
+# that jobparser translates `on.workflow_call.outputs` into the outer job's `job.<job_id>.outputs`, so the available
+# contexts should be considered as those in `on.workflow_call.outputs`.
+-
+  id: 601
+  run_id: 900
+  status: 1 # success
+  started: 1683636528
+  needs: ["outer-job.inner-job"]
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      outer-job:
+        name: outer-job
+        if: false
+        uses: ./.forgjeo/workflows/reusable.yml
+        outputs:
+          from_inner_job: ${{ needs['outer-job.inner-job'].outputs.my_output }}
+          from_inner_job_result: ${{ needs['outer-job.inner-job'].result }}
+          from_forgejo_ctx: ${{ forgejo.ref }}
+          from_input_ctx: ${{ inputs.wc_input }}!
+          from_vars_repo: ${{ vars.repo_var }}
+          from_vars_org: ${{ vars.org_var }}
+          from_vars_global: ${{ vars.global_var }}
+    __metadata:
+      workflow_call_inputs:
+        wc_input: 'hello, world'
+      workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+- # inner job of run 601
+  id: 602
+  run_id: 900
+  status: 1 # success
+  job_id: outer-job.inner-job
+  task_id: 100
diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index 9484f7aed7..55e05aa712 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -67,6 +67,7 @@ func checkJobsOfRun(ctx context.Context, runID int64) error {
 		for _, job := range jobs {
 			if status, ok := updates[job.ID]; ok {
 				job.Status = status
+				updateColumns := []string{"status"}
 
 				if status == actions_model.StatusWaiting {
 					ignore, err := tryHandleIncompleteMatrix(ctx, job, jobs)
@@ -75,9 +76,16 @@ func checkJobsOfRun(ctx context.Context, runID int64) error {
 					} else if ignore {
 						continue
 					}
+				} else if status == actions_model.StatusSuccess || status == actions_model.StatusFailure {
+					// Transition to these states can be triggered by workflow call outer jobs
+					additionalColumns, err := tryHandleWorkflowCallOuterJob(ctx, job)
+					if err != nil {
+						return fmt.Errorf("error in tryHandleWorkflowCallOuterJob: %w", err)
+					}
+					updateColumns = append(updateColumns, additionalColumns...)
 				}
 
-				if n, err := UpdateRunJob(ctx, job, builder.Eq{"status": actions_model.StatusBlocked}, "status"); err != nil {
+				if n, err := UpdateRunJob(ctx, job, builder.Eq{"status": actions_model.StatusBlocked}, updateColumns...); err != nil {
 					return err
 				} else if n != 1 {
 					return fmt.Errorf("no affected for updating blocked job %v", job.ID)
@@ -155,23 +163,34 @@ func (r *jobStatusResolver) resolve() map[int64]actions_model.Status {
 			}
 		}
 		if allDone {
-			if allSucceed {
-				ret[id] = actions_model.StatusWaiting
-			} else {
-				// Check if the job has an "if" condition
-				hasIf := false
-				if wfJobs, _ := jobparser.Parse(r.jobMap[id].WorkflowPayload, false); len(wfJobs) == 1 {
-					_, wfJob := wfJobs[0].Job()
-					hasIf = len(wfJob.If.Value) > 0
+			if isWorkflowCallOuterJob, _ := r.jobMap[id].IsWorkflowCallOuterJob(); isWorkflowCallOuterJob {
+				// If the dependent job was a workflow call outer job, then options aren't waiting/skipped, but rather
+				// success/failure.  checkJobsOfRun will do additional work in these cases to "finish" the workflow call
+				// job as well.
+				if allSucceed {
+					ret[id] = actions_model.StatusSuccess
+				} else {
+					ret[id] = actions_model.StatusFailure
 				}
-
-				if hasIf {
-					// act_runner will check the "if" condition
+			} else {
+				if allSucceed {
 					ret[id] = actions_model.StatusWaiting
 				} else {
-					// If the "if" condition is empty and not all dependent jobs completed successfully,
-					// the job should be skipped.
-					ret[id] = actions_model.StatusSkipped
+					// Check if the job has an "if" condition
+					hasIf := false
+					if wfJobs, _ := jobparser.Parse(r.jobMap[id].WorkflowPayload, false); len(wfJobs) == 1 {
+						_, wfJob := wfJobs[0].Job()
+						hasIf = len(wfJob.If.Value) > 0
+					}
+
+					if hasIf {
+						// act_runner will check the "if" condition
+						ret[id] = actions_model.StatusWaiting
+					} else {
+						// If the "if" condition is empty and not all dependent jobs completed successfully,
+						// the job should be skipped.
+						ret[id] = actions_model.StatusSkipped
+					}
 				}
 			}
 		}
@@ -355,3 +374,30 @@ func persistentIncompleteRunsOnError(job *actions_model.ActionRunJob, incomplete
 	errorDetails = []any{job.JobID}
 	return errorCode, errorDetails
 }
+
+// When a workflow call outer job's dependencies are completed, `tryHandleWorkflowCallOuterJob` will complete the job
+// without actually executing it. It will not be dispatched it to a runner. There's no job execution logic, but we need
+// to update state of a few things -- particularly workflow outputs.
+//
+// A slice of additional columns for the caller to update on the passed-in `ActionRunJob` is returned, in addition to an
+// error.
+func tryHandleWorkflowCallOuterJob(ctx context.Context, job *actions_model.ActionRunJob) ([]string, error) {
+	isWorkflowCallOuterJob, err := job.IsWorkflowCallOuterJob()
+	if err != nil {
+		return nil, fmt.Errorf("failure to identify workflow call outer job: %w", err)
+	} else if !isWorkflowCallOuterJob {
+		// Not an expected code path today, but if job status resolution changes in the future we might "try" to handle
+		// a workflow call outer job while it's not really in that state.  No work required.
+		return nil, nil
+	}
+
+	// Insert a placeholder task; this will be used in the future to store computed outputs
+	actionTask, err := actions_model.CreatePlaceholderTask(ctx, job, map[string]string{})
+	if err != nil {
+		return nil, fmt.Errorf("failure to insert placeholder task: %w", err)
+	}
+
+	// Populate task_id and ask caller to update it in DB:
+	job.TaskID = actionTask.ID
+	return []string{"task_id"}, nil
+}
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index 0125e924d1..5e1885c709 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -133,6 +133,48 @@ jobs:
 			},
 			want: map[int64]actions_model.Status{2: actions_model.StatusSkipped},
 		},
+		{
+			name: "unblocked workflow call outer job with success",
+			jobs: actions_model.ActionJobList{
+				{ID: 1, JobID: "job1.innerjob1", Status: actions_model.StatusSuccess, Needs: []string{}},
+				{ID: 2, JobID: "job1.innerjob2", Status: actions_model.StatusSuccess, Needs: []string{}},
+				{ID: 3, JobID: "job1", Status: actions_model.StatusBlocked, Needs: []string{"job1.innerjob1", "job1.innerjob2"}, WorkflowPayload: []byte(
+					`
+name: test
+on: push
+jobs:
+  job2:
+    if: false
+    uses: ./.forgejo/workflows/reusable.yml
+__metadata:
+  workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+`)},
+			},
+			want: map[int64]actions_model.Status{
+				3: actions_model.StatusSuccess,
+			},
+		},
+		{
+			name: "unblocked workflow call outer job with internal failure",
+			jobs: actions_model.ActionJobList{
+				{ID: 1, JobID: "job1.innerjob1", Status: actions_model.StatusSuccess, Needs: []string{}},
+				{ID: 2, JobID: "job1.innerjob2", Status: actions_model.StatusFailure, Needs: []string{}},
+				{ID: 3, JobID: "job1", Status: actions_model.StatusBlocked, Needs: []string{"job1.innerjob1", "job1.innerjob2"}, WorkflowPayload: []byte(
+					`
+name: test
+on: push
+jobs:
+  job2:
+    if: false
+    uses: ./.forgejo/workflows/reusable.yml
+__metadata:
+  workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+`)},
+			},
+			want: map[int64]actions_model.Status{
+				3: actions_model.StatusFailure,
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -382,3 +424,49 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 		})
 	}
 }
+
+func Test_tryHandleWorkflowCallOuterJob(t *testing.T) {
+	tests := []struct {
+		name         string
+		runJobID     int64
+		updateFields []string
+		outputs      map[string]string
+	}{
+		{
+			name:     "not workflow call outer job",
+			runJobID: 600,
+		},
+		{
+			name:         "outputs for every context",
+			runJobID:     601,
+			updateFields: []string{"task_id"},
+			outputs:      map[string]string{},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			defer unittest.OverrideFixtures("services/actions/Test_tryHandleWorkflowCallOuterJob")()
+			require.NoError(t, unittest.PrepareTestDatabase())
+
+			outerJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: tt.runJobID})
+			require.EqualValues(t, 0, outerJob.TaskID)
+
+			updateFields, err := tryHandleWorkflowCallOuterJob(t.Context(), outerJob)
+			require.NoError(t, err)
+			assert.Equal(t, tt.updateFields, updateFields)
+
+			if tt.updateFields != nil {
+				// TaskID expected to be set by tryHandleWorkflowCallOuterJob
+				require.NotEqualValues(t, 0, outerJob.TaskID)
+
+				taskOutputs, err := actions_model.FindTaskOutputByTaskID(t.Context(), outerJob.TaskID)
+				require.NoError(t, err)
+				outputMap := map[string]string{}
+				for _, to := range taskOutputs {
+					outputMap[to.OutputKey] = to.OutputValue
+				}
+				assert.Equal(t, tt.outputs, outputMap)
+			}
+		})
+	}
+}
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index cb27914ae0..3e7c1f609c 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -420,6 +420,8 @@ func handleWorkflows(
 				// `IncompleteMatrix` tagging for any jobs that require the inputs of other jobs.
 				jobparser.WithJobOutputs(map[string]map[string]string{}),
 				jobparser.SupportIncompleteRunsOn(),
+				jobparser.ExpandLocalReusableWorkflows(expandLocalReusableWorkflows(commit)),
+				jobparser.ExpandInstanceReusableWorkflows(expandInstanceReusableWorkflows(ctx)),
 			)
 			if err != nil {
 				log.Info("jobparser.Parse: invalid workflow, setting job status to failed: %v", err)
diff --git a/services/actions/notifier_helper_test.go b/services/actions/notifier_helper_test.go
index 343106454d..1b2d26671d 100644
--- a/services/actions/notifier_helper_test.go
+++ b/services/actions/notifier_helper_test.go
@@ -4,6 +4,7 @@
 package actions
 
 import (
+	"context"
 	"errors"
 	"slices"
 	"testing"
@@ -17,9 +18,11 @@ import (
 	actions_module "forgejo.org/modules/actions"
 	"forgejo.org/modules/git"
 	api "forgejo.org/modules/structs"
+	"forgejo.org/modules/test"
 	webhook_module "forgejo.org/modules/webhook"
 
 	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
+	"code.forgejo.org/forgejo/runner/v12/act/model"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -353,3 +356,58 @@ func TestActionsNotifier_WorkflowDetection(t *testing.T) {
 	assert.Equal(t, ".forgejo/workflows", runs[0].WorkflowDirectory)
 	assert.Equal(t, "test.yml", runs[0].WorkflowID)
 }
+
+// Verifies that the notifier_helper's `handleWorkflows` provides the local & remote reusable workflow expansion
+// routines to the jobparser, and that data flows into them accurately.
+func TestActionsNotifier_ExpandReusableWorkflow(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	var localReusableCalled []string
+	var localReusableCalledGitCommit []*git.Commit
+	defer test.MockVariableValue(&expandLocalReusableWorkflows,
+		func(commit *git.Commit) jobparser.LocalWorkflowFetcher {
+			return func(job *jobparser.Job, path string) ([]byte, error) {
+				localReusableCalledGitCommit = append(localReusableCalledGitCommit, commit)
+				localReusableCalled = append(localReusableCalled, path)
+				return []byte("{ on: pull_request, jobs: { j1: { runs-on: debian-latest } } }"), nil
+			}
+		})()
+	remoteReusableCalled := []*model.NonLocalReusableWorkflowReference{}
+	defer test.MockVariableValue(&expandInstanceReusableWorkflows,
+		func(ctx context.Context) jobparser.InstanceWorkflowFetcher {
+			return func(job *jobparser.Job, ref *model.NonLocalReusableWorkflowReference) ([]byte, error) {
+				remoteReusableCalled = append(remoteReusableCalled, ref)
+				return []byte("{ on: pull_request, jobs: { j1: { runs-on: debian-latest } } }"), nil
+			}
+		})()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 10})
+	pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 3})
+
+	dw := &actions_module.DetectedWorkflow{
+		Content: []byte("{ on: pull_request, jobs: { j1: { uses: \"./.forgejo/workflows/reusable-path.yml\" }, j2: { uses: \"some-org/some-repo/.forgejo/workflows/reusable-path.yml@main\" }} }"),
+	}
+	testActionsNotifierPullRequest(t, repo, pr, dw, webhook_module.HookEventPullRequestSync)
+
+	runs, err := db.Find[actions_model.ActionRun](db.DefaultContext, actions_model.FindRunOptions{
+		RepoID: repo.ID,
+	})
+	require.NoError(t, err)
+	require.Len(t, runs, 1)
+	run := runs[0]
+	assert.EqualValues(t, 0, run.PreExecutionErrorCode, "pre execution error details: %#v", run.PreExecutionErrorDetails)
+
+	require.Len(t, localReusableCalled, 1, "localReusableCalled")
+	require.Len(t, localReusableCalledGitCommit, 1, "localReusableCalledGitCommit")
+	require.Len(t, remoteReusableCalled, 1, "remoteReusableCalled")
+
+	assert.Equal(t, "./.forgejo/workflows/reusable-path.yml", localReusableCalled[0])
+	assert.Equal(t, "test", localReusableCalledGitCommit[0].CommitMessage)
+	assert.Equal(t, &model.NonLocalReusableWorkflowReference{
+		Org:         "some-org",
+		Repo:        "some-repo",
+		Filename:    "reusable-path.yml",
+		Ref:         "main",
+		GitPlatform: "forgejo",
+	}, remoteReusableCalled[0])
+}
diff --git a/services/actions/reusable_workflows.go b/services/actions/reusable_workflows.go
new file mode 100644
index 0000000000..c3fd0b08c1
--- /dev/null
+++ b/services/actions/reusable_workflows.go
@@ -0,0 +1,154 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	repo_model "forgejo.org/models/repo"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
+	"forgejo.org/modules/gitrepo"
+
+	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
+	"code.forgejo.org/forgejo/runner/v12/act/model"
+)
+
+type CleanupFunc func()
+
+// Evaluate whether we want to expand reusable workflows to their internal workflows. If the job has defined `runs-on`
+// labels, then we will not expand them -- this maintains the legacy behaviour from before reusable workflow expansion.
+// If `runs-on` is absent then we will attempt to expand the job.
+func expandForJob(job *jobparser.Job) bool {
+	return len(job.RunsOn()) == 0
+}
+
+// Provide a closure for `jobparser.ExpandLocalReusableWorkflows` which resolves reusable workflow references local to
+// the given commit.  A reusable workflow reference is a job with a `uses: ./.forgejo/workflows/some-path.yaml`, and
+// resolving it involves reading the target file in the target commit and returning the file contents.
+//
+// See `expandForJob` for information about jobs that are exempt from expansion.
+var expandLocalReusableWorkflows = func(commit *git.Commit) jobparser.LocalWorkflowFetcher {
+	return func(job *jobparser.Job, path string) ([]byte, error) {
+		if !expandForJob(job) {
+			return nil, jobparser.ErrUnsupportedReusableWorkflowFetch
+		}
+
+		blob, err := commit.GetBlobByPath(path)
+		if err != nil {
+			return nil, fmt.Errorf("expanding reusable workflow failed to access path %s: %w", path, err)
+		}
+
+		reader, err := blob.DataAsync()
+		if err != nil {
+			return nil, fmt.Errorf("expanding reusable workflow failed to read path %s: %w", path, err)
+		}
+
+		content, err := io.ReadAll(reader)
+		if err != nil {
+			return nil, fmt.Errorf("expanding reusable workflow failed to read path %s: %w", path, err)
+		}
+
+		return content, nil
+	}
+}
+
+// Provide a closure for `jobparser.ExpandLocalReusableWorkflows` which resolves reusable workflow references local to
+// the given repo & commit SHA.  This variation lazily opens the target git repo and reads the commit only when a local
+// reusable workflow is needed, and then caches the commit if multiple workflows need to be read.  A cleanup function is
+// also returned that will close the open git repo, and should be `defer` executed.
+//
+// See `expandForJob` for information about jobs that are exempt from expansion.
+var lazyRepoExpandLocalReusableWorkflow = func(ctx context.Context, repoID int64, commitSHA string) (jobparser.LocalWorkflowFetcher, CleanupFunc) {
+	// In the event that local reusable workflows (eg. `uses: ./.forgejo/workflows/reusable.yml`) are present, we'll
+	// need to read the commit of the repo to resolve that reference. But most workflows don't do this, so save the
+	// effort of opening the git repo and fetching the schedule's `CommitSHA` commit if it's not necessary by wrapping
+	// that logic in a caching closure, `getGitCommit`.
+	var innerFetcher jobparser.LocalWorkflowFetcher
+	var gitRepo *git.Repository
+	cleanupFunc := func() {
+		if gitRepo != nil {
+			gitRepo.Close()
+		}
+	}
+	fetcher := func(job *jobparser.Job, path string) ([]byte, error) {
+		if !expandForJob(job) {
+			return nil, jobparser.ErrUnsupportedReusableWorkflowFetch
+		}
+		if innerFetcher != nil {
+			content, err := innerFetcher(job, path)
+			return content, err
+		}
+		repo, err := repo_model.GetRepositoryByID(ctx, repoID)
+		if err != nil {
+			return nil, fmt.Errorf("expanding reusable workflow failed to get repo: %w", err)
+		}
+		gitRepo, err = gitrepo.OpenRepository(ctx, repo) // ensure this keeps reference to the outer closure's `gitRepo`, not a local definition
+		if err != nil {
+			return nil, fmt.Errorf("expanding reusable workflow failed to open repo: %w", err)
+		}
+		commit, err := gitRepo.GetCommit(commitSHA)
+		if err != nil {
+			return nil, fmt.Errorf("expanding reusable workflow failed to open commit %q on repo %s: %w", commitSHA, repo.FullName(), err)
+		}
+		innerFetcher = expandLocalReusableWorkflows(commit)
+		content, err := innerFetcher(job, path)
+		return content, err
+	}
+	return fetcher, cleanupFunc
+}
+
+// Standard function for `jobparser.ExpandInstanceReusableWorkflows` which resolves reusable workflow references on the
+// same Forgejo instance, but in a specific repo. For example, `uses:
+// some-org/some-repo/.forgejo/workflows/some-path.yaml@ref`. Resolving it involves reading the target file in the
+// target repo & commit and returning the file contents.
+//
+// See `expandForJob` for information about jobs that are exempt from expansion.
+var expandInstanceReusableWorkflows = func(ctx context.Context) jobparser.InstanceWorkflowFetcher {
+	return func(job *jobparser.Job, ref *model.NonLocalReusableWorkflowReference) ([]byte, error) {
+		if !expandForJob(job) {
+			return nil, jobparser.ErrUnsupportedReusableWorkflowFetch
+		}
+
+		owner, err := user_model.GetUserByName(ctx, ref.Org)
+		// Reusable workflows don't currently support access to any private repos -- that's implemented here as well,
+		// although in the future it might be possible to use context information about the executing workflow to
+		// broaden access (eg. repos within an org could access other repos within the same org, perhaps).
+		if (err != nil && user_model.IsErrUserNotExist(err)) || !owner.Visibility.IsPublic() {
+			// Same error message is returned for non-existing & non-visible to avoid information leak
+			return nil, fmt.Errorf("expanding reusable workflow failed to access user %s: user does not exist", ref.Org)
+		} else if err != nil {
+			return nil, fmt.Errorf("expanding reusable workflow failed to access user %s: %w", ref.Org, err)
+		}
+
+		repo, err := repo_model.GetRepositoryByName(ctx, owner.ID, ref.Repo)
+		if (err != nil && repo_model.IsErrRepoNotExist(err)) || repo.IsPrivate {
+			// Same error message is returned for non-existing & non-visible to avoid information leak
+			return nil, fmt.Errorf("expanding reusable workflow failed to access repo %s: repo does not exist", ref.Repo)
+		} else if err != nil {
+			return nil, fmt.Errorf("expanding reusable workflow failed to access repo %s: %w", ref.Repo, err)
+		}
+
+		gitRepo, err := gitrepo.OpenRepository(ctx, repo)
+		if err != nil {
+			return nil, fmt.Errorf("expanding reusable workflow failed to open repo %s: %w", repo.FullName(), err)
+		}
+		defer gitRepo.Close()
+
+		commitID, err := gitRepo.GetRefCommitID(ref.Ref)
+		if err != nil {
+			return nil, fmt.Errorf("expanding reusable workflow failed to resolve reference %q on repo %s: %w", ref.Ref, repo.FullName(), err)
+		}
+
+		commit, err := gitRepo.GetCommit(commitID)
+		if err != nil {
+			return nil, fmt.Errorf("expanding reusable workflow failed to open commit %q on repo %s: %w", commitID, repo.FullName(), err)
+		}
+
+		data, err := expandLocalReusableWorkflows(commit)(job, ref.FilePath())
+		return data, err
+	}
+}
diff --git a/services/actions/reusable_workflows_test.go b/services/actions/reusable_workflows_test.go
new file mode 100644
index 0000000000..082aad1d12
--- /dev/null
+++ b/services/actions/reusable_workflows_test.go
@@ -0,0 +1,203 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/git"
+	"forgejo.org/modules/setting"
+
+	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
+	"code.forgejo.org/forgejo/runner/v12/act/model"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"go.yaml.in/yaml/v3"
+)
+
+const testWorkflow string = `on:
+  workflow_call:
+    inputs:
+      example-string-required:
+        required: true
+        type: string
+
+name: test
+jobs:
+  job1:
+    name: "job1 (local)"
+    runs-on: ubuntu-slim
+    steps:
+      - name: Echo inputs
+        run: |
+          echo example-string-required="${{ inputs.example-string-required }}"
+
+`
+
+func TestExpandForJob(t *testing.T) {
+	job := jobparser.Job{}
+
+	err := yaml.Unmarshal([]byte("{ name: job1 }"), &job)
+	require.NoError(t, err)
+	assert.True(t, expandForJob(&job))
+
+	err = yaml.Unmarshal([]byte("{ name: job1, runs-on: ubuntu-latest }"), &job)
+	require.NoError(t, err)
+	assert.False(t, expandForJob(&job))
+
+	err = yaml.Unmarshal([]byte("{ name: job1, runs-on: [x64, ubuntu-latest] }"), &job)
+	require.NoError(t, err)
+	assert.False(t, expandForJob(&job))
+}
+
+func TestExpandLocalReusableWorkflows(t *testing.T) {
+	gitRepo, err := git.OpenRepository(git.DefaultContext, "./TestExpandLocalReusableWorkflows")
+	require.NoError(t, err)
+	defer gitRepo.Close()
+
+	commit, err := gitRepo.GetCommit("e3868ecb4f8b483fc0bdd422561bf0062a7df907")
+	require.NoError(t, err)
+
+	fetcher := expandLocalReusableWorkflows(commit)
+	require.NotNil(t, fetcher)
+
+	t.Run("successful fetch", func(t *testing.T) {
+		content, err := fetcher(&jobparser.Job{}, "./.forgejo/workflows/reusable-1.yml")
+		require.NoError(t, err)
+		assert.Equal(t, testWorkflow, string(content))
+	})
+
+	t.Run("file not exist", func(t *testing.T) {
+		_, err = fetcher(&jobparser.Job{}, "./forgejo/workflows/reusable-2.yml")
+		require.ErrorContains(t, err, "expanding reusable workflow failed to access path ./forgejo/workflows/reusable-2.yml: object does not exist")
+	})
+
+	t.Run("do not expand due to runs-on", func(t *testing.T) {
+		jobWithRunsOn := jobparser.Job{}
+		err = yaml.Unmarshal([]byte("{ name: job1, runs-on: ubuntu-latest }"), &jobWithRunsOn)
+		require.NoError(t, err)
+		assert.False(t, expandForJob(&jobWithRunsOn))
+		_, err = fetcher(&jobWithRunsOn, "./.forgejo/workflows/reusable-1.yml")
+		require.ErrorIs(t, jobparser.ErrUnsupportedReusableWorkflowFetch, err)
+	})
+}
+
+func replaceTestRepo(t *testing.T, owner, repo, replacement string) {
+	t.Helper()
+
+	// Copy the repository into the target path that `gitrepo.OpenRepository` will look for it.
+	repoPath := filepath.Join(setting.RepoRootPath, strings.ToLower(owner), strings.ToLower(repo)+".git")
+	err := os.RemoveAll(repoPath) // there's a default repo copied here by the fixture setup that we want to replace
+	require.NoError(t, err)
+	err = os.CopyFS(repoPath, os.DirFS(replacement))
+	require.NoError(t, err)
+}
+
+func TestLazyRepoExpandLocalReusableWorkflows(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	// Shouldn't need valid content if we never call the lazy evaluator
+	lazy1, cleanup := lazyRepoExpandLocalReusableWorkflow(t.Context(), -123456, "this is not a valid commit SHA")
+	assert.NotNil(t, lazy1)
+	assert.NotNil(t, cleanup)
+	cleanup()
+
+	replaceTestRepo(t, "user2", "repo1", "./TestExpandLocalReusableWorkflows")
+
+	lazy2, cleanup := lazyRepoExpandLocalReusableWorkflow(t.Context(), 1, "e3868ecb4f8b483fc0bdd422561bf0062a7df907")
+	assert.NotNil(t, lazy2)
+	assert.NotNil(t, cleanup)
+	content, err := lazy2(&jobparser.Job{}, "./.forgejo/workflows/reusable-1.yml")
+	require.NoError(t, err)
+	assert.Equal(t, testWorkflow, string(content))
+	cleanup()
+}
+
+func TestExpandInstanceReusableWorkflows(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	tests := []struct {
+		name          string
+		ref           *model.NonLocalReusableWorkflowReference
+		errIs         error
+		errorContains string
+		repo          string
+		hasRunsOn     bool
+	}{
+		{
+			name:      "hasRunsOn",
+			hasRunsOn: true,
+			ref:       &model.NonLocalReusableWorkflowReference{},
+			errIs:     jobparser.ErrUnsupportedReusableWorkflowFetch,
+		},
+		{
+			name: "non-existent owner",
+			ref: &model.NonLocalReusableWorkflowReference{
+				Org: "owner-does-not-exist",
+			},
+			errorContains: "owner-does-not-exist: user does not exist",
+		},
+		{
+			name: "non-public owner",
+			ref: &model.NonLocalReusableWorkflowReference{
+				Org: "user33",
+			},
+			errorContains: "user33: user does not exist",
+		},
+		{
+			name: "non-existent repo",
+			ref: &model.NonLocalReusableWorkflowReference{
+				Org:  "user2",
+				Repo: "repo10000",
+			},
+			errorContains: "repo10000: repo does not exist",
+		},
+		{
+			name: "non-public repo",
+			ref: &model.NonLocalReusableWorkflowReference{
+				Org:  "user2",
+				Repo: "repo2",
+			},
+			errorContains: "repo2: repo does not exist",
+		},
+		{
+			name: "public repo",
+			ref: &model.NonLocalReusableWorkflowReference{
+				Org:         "user2",
+				Repo:        "repo1",
+				GitPlatform: "forgejo",
+				Filename:    "reusable-1.yml",
+				Ref:         "main",
+			},
+			repo: "./TestExpandLocalReusableWorkflows",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.repo != "" {
+				replaceTestRepo(t, tt.ref.Org, tt.ref.Repo, tt.repo)
+			}
+
+			job := jobparser.Job{}
+			if tt.hasRunsOn {
+				err := yaml.Unmarshal([]byte("{ name: job1, runs-on: ubuntu-latest }"), &job)
+				require.NoError(t, err)
+			}
+			fetcher := expandInstanceReusableWorkflows(t.Context())
+			content, err := fetcher(&job, tt.ref)
+			if tt.errIs != nil {
+				require.ErrorIs(t, err, tt.errIs)
+			} else if tt.errorContains != "" {
+				require.ErrorContains(t, err, tt.errorContains)
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, testWorkflow, string(content))
+			}
+		})
+	}
+}
diff --git a/services/actions/schedule_tasks.go b/services/actions/schedule_tasks.go
index 17a5484551..7c2f85ba94 100644
--- a/services/actions/schedule_tasks.go
+++ b/services/actions/schedule_tasks.go
@@ -169,6 +169,11 @@ func CreateScheduleTask(ctx context.Context, cron *actions_model.ActionSchedule)
 		}
 	}
 
+	// In the event that local reusable workflows (eg. `uses: ./.forgejo/workflows/reusable.yml`) are present, we'll
+	// need to read the commit of the schedule to resolve that reference:
+	expandLocalReusableWorkflow, expandCleanup := lazyRepoExpandLocalReusableWorkflow(ctx, cron.RepoID, cron.CommitSHA)
+	defer expandCleanup()
+
 	// Parse the workflow specification from the cron schedule
 	workflows, err := actions_module.JobParser(cron.Content,
 		jobparser.WithVars(vars),
@@ -176,6 +181,8 @@ func CreateScheduleTask(ctx context.Context, cron *actions_model.ActionSchedule)
 		// `IncompleteMatrix` tagging for any jobs that require the inputs of other jobs.
 		jobparser.WithJobOutputs(map[string]map[string]string{}),
 		jobparser.SupportIncompleteRunsOn(),
+		jobparser.ExpandLocalReusableWorkflows(expandLocalReusableWorkflow),
+		jobparser.ExpandInstanceReusableWorkflows(expandInstanceReusableWorkflows(ctx)),
 	)
 	if err != nil {
 		return err
diff --git a/services/actions/schedule_tasks_test.go b/services/actions/schedule_tasks_test.go
index 4e70708a5d..850288159c 100644
--- a/services/actions/schedule_tasks_test.go
+++ b/services/actions/schedule_tasks_test.go
@@ -4,6 +4,7 @@
 package actions
 
 import (
+	"context"
 	"testing"
 
 	actions_model "forgejo.org/models/actions"
@@ -11,9 +12,12 @@ import (
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/test"
 	"forgejo.org/modules/timeutil"
 	webhook_module "forgejo.org/modules/webhook"
 
+	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
+	"code.forgejo.org/forgejo/runner/v12/act/model"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -390,3 +394,94 @@ jobs:
 	// first inserted it is tagged w/ incomplete_runs_on
 	assert.Contains(t, string(job.WorkflowPayload), "incomplete_runs_on: true")
 }
+
+func TestServiceActions_ExpandReusableWorkflow(t *testing.T) {
+	defer unittest.OverrideFixtures("services/actions/TestServiceActions_startTask")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	type callArgs struct {
+		repoID    int64
+		commitSHA string
+		path      string
+	}
+	var localReusableCalled []*callArgs
+	var cleanupCallCount int
+	defer test.MockVariableValue(&lazyRepoExpandLocalReusableWorkflow,
+		func(ctx context.Context, repoID int64, commitSHA string) (jobparser.LocalWorkflowFetcher, CleanupFunc) {
+			fetcher := func(job *jobparser.Job, path string) ([]byte, error) {
+				localReusableCalled = append(localReusableCalled, &callArgs{repoID, commitSHA, path})
+				return []byte("{ on: pull_request, jobs: { j1: { runs-on: debian-latest } } }"), nil
+			}
+			cleanup := func() {
+				cleanupCallCount++
+			}
+			return fetcher, cleanup
+		})()
+	remoteReusableCalled := []*model.NonLocalReusableWorkflowReference{}
+	defer test.MockVariableValue(&expandInstanceReusableWorkflows,
+		func(ctx context.Context) jobparser.InstanceWorkflowFetcher {
+			return func(job *jobparser.Job, ref *model.NonLocalReusableWorkflowReference) ([]byte, error) {
+				remoteReusableCalled = append(remoteReusableCalled, ref)
+				return []byte("{ on: pull_request, jobs: { j1: { runs-on: debian-latest } } }"), nil
+			}
+		})()
+
+	// Load fixtures that are corrupted and create one valid scheduled workflow
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+
+	workflowID := "some.yml"
+	schedules := []*actions_model.ActionSchedule{
+		{
+			Title:         "scheduletitle1",
+			RepoID:        repo.ID,
+			OwnerID:       repo.OwnerID,
+			WorkflowID:    workflowID,
+			TriggerUserID: repo.OwnerID,
+			Ref:           "branch",
+			CommitSHA:     "fakeSHA",
+			Event:         webhook_module.HookEventSchedule,
+			EventPayload:  "fakepayload",
+			Specs:         []string{"* * * * *"},
+			Content: []byte(
+				`
+jobs:
+  job2:
+    uses: ./.forgejo/workflows/reusable.yml
+  job3:
+    uses: some-org/some-repo/.forgejo/workflows/reusable-path.yml@main
+`),
+		},
+	}
+
+	require.Equal(t, 2, unittest.GetCount(t, actions_model.ActionScheduleSpec{}))
+	require.NoError(t, actions_model.CreateScheduleTask(t.Context(), schedules))
+	require.Equal(t, 3, unittest.GetCount(t, actions_model.ActionScheduleSpec{}))
+	_, err := db.GetEngine(db.DefaultContext).Exec("UPDATE `action_schedule_spec` SET next = 1")
+	require.NoError(t, err)
+
+	// After running startTasks an ActionRun row is created for the valid scheduled workflow
+	require.Empty(t, unittest.GetCount(t, actions_model.ActionRun{WorkflowID: workflowID}))
+	require.NoError(t, startTasks(t.Context()))
+	require.NotEmpty(t, unittest.GetCount(t, actions_model.ActionRun{WorkflowID: workflowID}))
+
+	runs, err := db.Find[actions_model.ActionRun](db.DefaultContext, actions_model.FindRunOptions{
+		WorkflowID: workflowID,
+	})
+	require.NoError(t, err)
+	require.Len(t, runs, 1)
+	run := runs[0]
+	assert.EqualValues(t, 0, run.PreExecutionErrorCode, "pre execution error details: %#v", run.PreExecutionErrorDetails)
+
+	require.Len(t, localReusableCalled, 1, "localReusableCalled")
+	require.Len(t, remoteReusableCalled, 1, "remoteReusableCalled")
+
+	assert.Equal(t, &callArgs{4, "fakeSHA", "./.forgejo/workflows/reusable.yml"}, localReusableCalled[0])
+	assert.Equal(t, 2, cleanupCallCount, "cleanupCallCount")
+	assert.Equal(t, &model.NonLocalReusableWorkflowReference{
+		Org:         "some-org",
+		Repo:        "some-repo",
+		Filename:    "reusable-path.yml",
+		Ref:         "main",
+		GitPlatform: "forgejo",
+	}, remoteReusableCalled[0])
+}
diff --git a/services/actions/workflows.go b/services/actions/workflows.go
index fd5446a837..a08a069cc1 100644
--- a/services/actions/workflows.go
+++ b/services/actions/workflows.go
@@ -181,6 +181,8 @@ func (entry *Workflow) Dispatch(ctx context.Context, inputGetter InputValueGette
 		// `IncompleteMatrix` tagging for any jobs that require the inputs of other jobs.
 		jobparser.WithJobOutputs(map[string]map[string]string{}),
 		jobparser.SupportIncompleteRunsOn(),
+		jobparser.ExpandLocalReusableWorkflows(expandLocalReusableWorkflows(entry.Commit)),
+		jobparser.ExpandInstanceReusableWorkflows(expandInstanceReusableWorkflows(ctx)),
 	)
 	if err != nil {
 		return nil, nil, err
diff --git a/tests/integration/actions_trigger_test.go b/tests/integration/actions_trigger_test.go
index f42ced987a..2b770c95a1 100644
--- a/tests/integration/actions_trigger_test.go
+++ b/tests/integration/actions_trigger_test.go
@@ -1006,6 +1006,77 @@ func TestActionsWorkflowDispatchDynamicMatrix(t *testing.T) {
 	})
 }
 
+func TestActionsWorkflowDispatchReusableWorkflow(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		// create the repo
+		repo, sha, f := tests.CreateDeclarativeRepo(t, user2, "repo-workflow-dispatch",
+			[]unit_model.Type{unit_model.TypeActions}, nil,
+			[]*files_service.ChangeRepoFile{
+				{
+					Operation: "create",
+					TreePath:  ".forgejo/workflows/dispatch.yml",
+					ContentReader: strings.NewReader(
+						"name: test\n" +
+							"on: [workflow_dispatch]\n" +
+							"jobs:\n" +
+							"  test:\n" +
+							"    uses: ./.forgejo/workflows/reusable.yml\n",
+					),
+				},
+				{
+					Operation: "create",
+					TreePath:  ".forgejo/workflows/reusable.yml",
+					ContentReader: strings.NewReader(
+						"name: test\n" +
+							"on: [workflow_call]\n" +
+							"jobs:\n" +
+							"  inner:\n" +
+							"    runs-on: ubuntu-latest\n" +
+							"    steps:\n" +
+							"      - run: echo helloworld\n",
+					),
+				},
+			},
+		)
+		defer f()
+
+		gitRepo, err := gitrepo.OpenRepository(db.DefaultContext, repo)
+		require.NoError(t, err)
+		defer gitRepo.Close()
+
+		workflow, err := actions_service.GetWorkflowFromCommit(gitRepo, "main", "dispatch.yml")
+		require.NoError(t, err)
+		assert.Equal(t, "refs/heads/main", workflow.Ref)
+		assert.Equal(t, sha, workflow.Commit.ID.String())
+
+		inputGetter := func(key string) string {
+			return ""
+		}
+
+		run, _, err := workflow.Dispatch(db.DefaultContext, inputGetter, repo, user2)
+		require.NoError(t, err)
+
+		var runJobs []*actions_model.ActionRunJob
+		db.GetEngine(t.Context()).Where("run_id=?", run.ID).Find(&runJobs)
+		assert.Len(t, runJobs, 2)
+
+		var parentJob *actions_model.ActionRunJob
+		var childJob *actions_model.ActionRunJob
+		for _, j := range runJobs {
+			switch j.JobID {
+			case "test":
+				parentJob = j
+			case "test.inner":
+				childJob = j
+			}
+		}
+		assert.NotNil(t, parentJob, "parentJob")
+		assert.NotNil(t, childJob, "childJob")
+	})
+}
+
 func TestActionsWorkflowDispatchConcurrencyGroup(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

From 49c3b3f70e3f591452104ed4bc3d1e39cebb6453 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Thu, 25 Dec 2025 05:09:10 +0100
Subject: [PATCH 045/854] refactor: update Actions Runner admin API endpoint
 URLs to be consistent w/ other levels (#10573)

Align the URLs of admin API endpoints for runner management with other levels like organizations. It enables using the same URL schema (`/actions/runners`) for managing all kinds of runners. The old API endpoints that use `/admin/runners` have been deprecated but are retained for compatibility reasons for the foreseeable future.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Other changes without a feature or bug label
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10573): <!--number 10573 --><!--line 0 --><!--description cmVmYWN0b3I6IHVwZGF0ZSBBY3Rpb25zIFJ1bm5lciBhZG1pbiBBUEkgZW5kcG9pbnQgVVJMcyB0byBiZSBjb25zaXN0ZW50IHcvIG90aGVyIGxldmVscw==-->refactor: update Actions Runner admin API endpoint URLs to be consistent w/ other levels<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10573
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 routers/api/v1/admin/runners.go             |  55 +++++-
 routers/api/v1/api.go                       |   7 +-
 templates/swagger/v1_json.tmpl              |  51 +++++-
 tests/integration/api_admin_actions_test.go | 176 +++++++++++++-------
 4 files changed, 221 insertions(+), 68 deletions(-)

diff --git a/routers/api/v1/admin/runners.go b/routers/api/v1/admin/runners.go
index d978c86eea..b663eb57a3 100644
--- a/routers/api/v1/admin/runners.go
+++ b/routers/api/v1/admin/runners.go
@@ -8,9 +8,9 @@ import (
 	"forgejo.org/services/context"
 )
 
-// GetRegistrationToken returns the token to register global runners
-func GetRegistrationToken(ctx *context.APIContext) {
-	// swagger:operation GET /admin/runners/registration-token admin adminGetRunnerRegistrationToken
+// GetRunnerRegistrationToken returns a token to register global runners
+func GetRunnerRegistrationToken(ctx *context.APIContext) {
+	// swagger:operation GET /admin/actions/runners/registration-token admin adminGetRunnerRegistrationToken
 	// ---
 	// summary: Get a runner registration token for registering global runners
 	// produces:
@@ -23,11 +23,58 @@ func GetRegistrationToken(ctx *context.APIContext) {
 	shared.GetRegistrationToken(ctx, 0, 0)
 }
 
-// SearchActionRunJobs return a list of actions jobs filtered by the provided parameters
+// GetRegistrationToken returns the token to register global runners
+//
+// Deprecated: This operation has been deprecated in Forgejo 15. Use GetRunnerRegistrationToken instead.
+func GetRegistrationToken(ctx *context.APIContext) {
+	// swagger:operation GET /admin/runners/registration-token admin adminGetRegistrationToken
+	// ---
+	// summary: Get a runner registration token for registering global runners
+	// description: >
+	//   This operation has been deprecated in Forgejo 15.
+	//   Use [`/admin/actions/runners/registration-token`](#/admin/adminGetRunnerRegistrationToken) instead.
+	// deprecated: true
+	// produces:
+	// - application/json
+	// parameters:
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/RegistrationToken"
+
+	shared.GetRegistrationToken(ctx, 0, 0)
+}
+
+// GetActionRunJobs returns a list of action run jobs
+func GetActionRunJobs(ctx *context.APIContext) {
+	// swagger:operation GET /admin/actions/runners/jobs admin adminGetActionRunJobs
+	// ---
+	// summary: Get action run jobs
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: labels
+	//   in: query
+	//   description: a comma separated list of labels to search for
+	//   type: string
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/RunJobList"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	shared.GetActionRunJobs(ctx, 0, 0)
+}
+
+// SearchActionRunJobs returns a list of actions jobs filtered by the provided parameters
+//
+// Deprecated: This operation has been deprecated in Forgejo 15. Use GetActionRunJobs instead.
 func SearchActionRunJobs(ctx *context.APIContext) {
 	// swagger:operation GET /admin/runners/jobs admin adminSearchRunJobs
 	// ---
 	// summary: Search action jobs according to filter conditions
+	// description: >
+	//   This operation has been deprecated in Forgejo 15.
+	//   Use [`/admin/actions/runners/jobs`](#/admin/adminGetActionRunJobs) instead.
+	// deprecated: true
 	// produces:
 	// - application/json
 	// parameters:
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index f3589094b2..9029ba834b 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -1702,13 +1702,14 @@ func Routes() *web.Route {
 			})
 			m.Group("/actions/runners", func() {
 				m.Get("", admin.ListRunners)
-				m.Get("/registration-token", admin.GetRegistrationToken)
+				m.Get("/registration-token", admin.GetRunnerRegistrationToken)
 				m.Get("/{runner_id}", admin.GetRunner)
 				m.Delete("/{runner_id}", admin.DeleteRunner)
+				m.Get("/jobs", admin.GetActionRunJobs)
 			})
 			m.Group("/runners", func() {
-				m.Get("/registration-token", admin.GetRegistrationToken)
-				m.Get("/jobs", admin.SearchActionRunJobs)
+				m.Get("/registration-token", admin.GetRegistrationToken) //nolint:staticcheck
+				m.Get("/jobs", admin.SearchActionRunJobs)                //nolint:staticcheck
 			})
 			if setting.Quota.Enabled {
 				m.Group("/quota", func() {
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index d4015cd675..4a69a39292 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -348,6 +348,51 @@
         }
       }
     },
+    "/admin/actions/runners/jobs": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "admin"
+        ],
+        "summary": "Get action run jobs",
+        "operationId": "adminGetActionRunJobs",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "a comma separated list of labels to search for",
+            "name": "labels",
+            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/RunJobList"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          }
+        }
+      }
+    },
+    "/admin/actions/runners/registration-token": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "admin"
+        ],
+        "summary": "Get a runner registration token for registering global runners",
+        "operationId": "adminGetRunnerRegistrationToken",
+        "responses": {
+          "200": {
+            "$ref": "#/responses/RegistrationToken"
+          }
+        }
+      }
+    },
     "/admin/actions/runners/{runner_id}": {
       "get": {
         "produces": [
@@ -1236,6 +1281,7 @@
     },
     "/admin/runners/jobs": {
       "get": {
+        "description": "This operation has been deprecated in Forgejo 15. Use [`/admin/actions/runners/jobs`](#/admin/adminGetActionRunJobs) instead.\n",
         "produces": [
           "application/json"
         ],
@@ -1244,6 +1290,7 @@
         ],
         "summary": "Search action jobs according to filter conditions",
         "operationId": "adminSearchRunJobs",
+        "deprecated": true,
         "parameters": [
           {
             "type": "string",
@@ -1264,6 +1311,7 @@
     },
     "/admin/runners/registration-token": {
       "get": {
+        "description": "This operation has been deprecated in Forgejo 15. Use [`/admin/actions/runners/registration-token`](#/admin/adminGetRunnerRegistrationToken) instead.\n",
         "produces": [
           "application/json"
         ],
@@ -1271,7 +1319,8 @@
           "admin"
         ],
         "summary": "Get a runner registration token for registering global runners",
-        "operationId": "adminGetRunnerRegistrationToken",
+        "operationId": "adminGetRegistrationToken",
+        "deprecated": true,
         "responses": {
           "200": {
             "$ref": "#/responses/RegistrationToken"
diff --git a/tests/integration/api_admin_actions_test.go b/tests/integration/api_admin_actions_test.go
index 90db9c4836..d9a6a5d6e1 100644
--- a/tests/integration/api_admin_actions_test.go
+++ b/tests/integration/api_admin_actions_test.go
@@ -20,48 +20,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestActionsAPISearchActionJobs_GlobalRunner(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 393})
-	adminUsername := "user1"
-	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
-
-	req := NewRequest(
-		t,
-		"GET",
-		fmt.Sprintf("/api/v1/admin/runners/jobs?labels=%s", "ubuntu-latest"),
-	).AddTokenAuth(token)
-	res := MakeRequest(t, req, http.StatusOK)
-
-	var jobs []*api.ActionRunJob
-	DecodeJSON(t, res, &jobs)
-
-	assert.Len(t, jobs, 1)
-	assert.Equal(t, job.ID, jobs[0].ID)
-}
-
-func TestActionsAPISearchActionJobs_GlobalRunnerAllPendingJobsWithoutLabels(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	job196 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 196})
-	job397 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 397})
-
-	adminUsername := "user1"
-	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
-
-	req := NewRequest(t, "GET", "/api/v1/admin/runners/jobs?labels=").AddTokenAuth(token)
-	res := MakeRequest(t, req, http.StatusOK)
-
-	var jobs []*api.ActionRunJob
-	DecodeJSON(t, res, &jobs)
-
-	assert.Len(t, jobs, 2)
-	assert.Equal(t, job397.ID, jobs[0].ID)
-	assert.Equal(t, job196.ID, jobs[1].ID)
-}
-
-func TestActionsAPISearchActionJobs_GlobalRunnerAllPendingJobs(t *testing.T) {
+func TestAPIAdminActionsGetJobs(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	job196 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 196})
@@ -75,27 +34,111 @@ func TestActionsAPISearchActionJobs_GlobalRunnerAllPendingJobs(t *testing.T) {
 	adminUsername := "user1"
 	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
 
-	req := NewRequest(
-		t,
-		"GET",
-		"/api/v1/admin/runners/jobs",
-	).AddTokenAuth(token)
-	res := MakeRequest(t, req, http.StatusOK)
+	t.Run("jobs-with-label", func(t *testing.T) {
+		url := fmt.Sprintf("/api/v1/admin/actions/runners/jobs?labels=%s", "ubuntu-latest")
+		req := NewRequest(t, "GET", url)
+		req.AddTokenAuth(token)
+		res := MakeRequest(t, req, http.StatusOK)
 
-	var jobs []*api.ActionRunJob
-	DecodeJSON(t, res, &jobs)
+		var jobs []*api.ActionRunJob
+		DecodeJSON(t, res, &jobs)
 
-	assert.Len(t, jobs, 7)
-	assert.Equal(t, job397.ID, jobs[0].ID)
-	assert.Equal(t, job396.ID, jobs[1].ID)
-	assert.Equal(t, job395.ID, jobs[2].ID)
-	assert.Equal(t, job394.ID, jobs[3].ID)
-	assert.Equal(t, job393.ID, jobs[4].ID)
-	assert.Equal(t, job198.ID, jobs[5].ID)
-	assert.Equal(t, job196.ID, jobs[6].ID)
+		assert.Len(t, jobs, 1)
+		assert.Equal(t, job393.ID, jobs[0].ID)
+	})
+
+	t.Run("jobs-without-labels", func(t *testing.T) {
+		req := NewRequest(t, "GET", "/api/v1/admin/actions/runners/jobs?labels=")
+		req.AddTokenAuth(token)
+		res := MakeRequest(t, req, http.StatusOK)
+
+		var jobs []*api.ActionRunJob
+		DecodeJSON(t, res, &jobs)
+
+		assert.Len(t, jobs, 2)
+		assert.Equal(t, job397.ID, jobs[0].ID)
+		assert.Equal(t, job196.ID, jobs[1].ID)
+	})
+
+	t.Run("all-jobs", func(t *testing.T) {
+		req := NewRequest(t, "GET", "/api/v1/admin/actions/runners/jobs")
+		req.AddTokenAuth(token)
+		res := MakeRequest(t, req, http.StatusOK)
+
+		var jobs []*api.ActionRunJob
+		DecodeJSON(t, res, &jobs)
+
+		assert.Len(t, jobs, 7)
+		assert.Equal(t, job397.ID, jobs[0].ID)
+		assert.Equal(t, job396.ID, jobs[1].ID)
+		assert.Equal(t, job395.ID, jobs[2].ID)
+		assert.Equal(t, job394.ID, jobs[3].ID)
+		assert.Equal(t, job393.ID, jobs[4].ID)
+		assert.Equal(t, job198.ID, jobs[5].ID)
+		assert.Equal(t, job196.ID, jobs[6].ID)
+	})
 }
 
-func TestAPIGlobalActionsRunnerRegistrationTokenOperations(t *testing.T) {
+func TestAPIAdminActionsSearchJobs(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	job196 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 196})
+	job198 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 198})
+	job393 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 393})
+	job394 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 394})
+	job395 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 395})
+	job396 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 396})
+	job397 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 397})
+
+	adminUsername := "user1"
+	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeWriteAdmin)
+
+	t.Run("jobs-with-label", func(t *testing.T) {
+		url := fmt.Sprintf("/api/v1/admin/runners/jobs?labels=%s", "ubuntu-latest")
+		req := NewRequest(t, "GET", url)
+		req.AddTokenAuth(token)
+		res := MakeRequest(t, req, http.StatusOK)
+
+		var jobs []*api.ActionRunJob
+		DecodeJSON(t, res, &jobs)
+
+		assert.Len(t, jobs, 1)
+		assert.Equal(t, job393.ID, jobs[0].ID)
+	})
+
+	t.Run("jobs-without-labels", func(t *testing.T) {
+		req := NewRequest(t, "GET", "/api/v1/admin/runners/jobs?labels=")
+		req.AddTokenAuth(token)
+		res := MakeRequest(t, req, http.StatusOK)
+
+		var jobs []*api.ActionRunJob
+		DecodeJSON(t, res, &jobs)
+
+		assert.Len(t, jobs, 2)
+		assert.Equal(t, job397.ID, jobs[0].ID)
+		assert.Equal(t, job196.ID, jobs[1].ID)
+	})
+
+	t.Run("all-jobs", func(t *testing.T) {
+		req := NewRequest(t, "GET", "/api/v1/admin/runners/jobs")
+		req.AddTokenAuth(token)
+		res := MakeRequest(t, req, http.StatusOK)
+
+		var jobs []*api.ActionRunJob
+		DecodeJSON(t, res, &jobs)
+
+		assert.Len(t, jobs, 7)
+		assert.Equal(t, job397.ID, jobs[0].ID)
+		assert.Equal(t, job396.ID, jobs[1].ID)
+		assert.Equal(t, job395.ID, jobs[2].ID)
+		assert.Equal(t, job394.ID, jobs[3].ID)
+		assert.Equal(t, job393.ID, jobs[4].ID)
+		assert.Equal(t, job198.ID, jobs[5].ID)
+		assert.Equal(t, job196.ID, jobs[6].ID)
+	})
+}
+
+func TestAPIAdminActionsRegistrationTokenOperations(t *testing.T) {
 	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIGlobalActionsRunnerRegistrationTokenOperations")()
 	require.NoError(t, unittest.PrepareTestDatabase())
 
@@ -115,9 +158,22 @@ func TestAPIGlobalActionsRunnerRegistrationTokenOperations(t *testing.T) {
 
 		assert.Equal(t, expected, registrationToken)
 	})
+
+	t.Run("DeprecatedGetRegistrationToken", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/admin/runners/registration-token")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var registrationToken shared.RegistrationToken
+		DecodeJSON(t, response, &registrationToken)
+
+		expected := shared.RegistrationToken{Token: "BzcgyhjWhLeKGA4ihJIigeRDrcxrFESd0yizEpb7xZJ"}
+
+		assert.Equal(t, expected, registrationToken)
+	})
 }
 
-func TestAPIGlobalActionsRunnerOperations(t *testing.T) {
+func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIGlobalActionsRunnerOperations")()
 	require.NoError(t, unittest.PrepareTestDatabase())
 

From e3b4c960dad322e88e5e496fd6011d26f17f74d5 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 26 Dec 2025 09:26:28 +0100
Subject: [PATCH 046/854] fix: experimental releases are not being copied to
 forgejo-experimental (#10583)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10583
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .forgejo/workflows/build-release.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 25d93eb6bc..4a0c402b4a 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -227,11 +227,14 @@ jobs:
             curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null
             curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null
           fi
-          # actions/checkout@v3 sets http.https://codeberg.org/.extraheader with the automatic token.
-          # Get rid of it so it does not prevent using the token that has write permissions
-          git config --local --unset http.https://codeberg.org/.extraheader
+          # actions/checkout@v6 sets http.https://codeberg.org/.extraheader with the automatic token. Get rid of it so
+          # it does not prevent using the token that has write permissions. As of @v6, it is stored in
+          # /tmp/git-credentials-(uuid).config and included in the repo via
+          # includeif.gitdir:...=/tmp/git-credentials-(uuid).config. Since we don't need these credentials anymore we
+          # can just remove the generated config file.
+          rm /tmp/git-credentials-*
           if test -f .git/shallow ; then
-            echo "unexptected .git/shallow file is present"
+            echo "unexpected .git/shallow file is present"
             echo "it suggests a checkout --depth X was used which may prevent pushing the commit"
             echo "it happens when actions/checkout is called without depth: 0"
           fi

From 5261e86fad39f9499c71ca297c8c3d774b265c52 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 26 Dec 2025 16:12:17 +0100
Subject: [PATCH 047/854] fix: use RUNNER_TEMP in build-release.yml (#10586)

Second pass at fixing the issue documented in #10583, as it contains to fail: https://codeberg.org/forgejo-integration/forgejo/actions/runs/14694/jobs/0/attempt/1#jobstep-13-7.  Hoping that it is failing because RUNNER_TEMP is different than expected in the LXC environment, but additional `git` output commands should clarify the issue if this doesn't work.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10586
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .forgejo/workflows/build-release.yml | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 4a0c402b4a..11a3d5f2c7 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -227,12 +227,21 @@ jobs:
             curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null
             curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null
           fi
+
+          # FIXME: remove these diagnostic commands that are intended to ensure the `rm` below works.
+          git config --list
+          echo "RUNNER_TEMP = $RUNNER_TEMP"
+
           # actions/checkout@v6 sets http.https://codeberg.org/.extraheader with the automatic token. Get rid of it so
           # it does not prevent using the token that has write permissions. As of @v6, it is stored in
-          # /tmp/git-credentials-(uuid).config and included in the repo via
-          # includeif.gitdir:...=/tmp/git-credentials-(uuid).config. Since we don't need these credentials anymore we
-          # can just remove the generated config file.
-          rm /tmp/git-credentials-*
+          # $RUNNER_TEMP/git-credentials-(uuid).config and included in the repo via
+          # includeif.gitdir:...=$RUNNER_TEMP/git-credentials-(uuid).config. Since we don't need these credentials
+          # anymore we can just remove the generated config file.
+          rm -f $RUNNER_TEMP/git-credentials-*
+
+          # FIXME: remove these diagnostic comamnds that are intended to ensure the `rm` above works.
+          git config --list
+
           if test -f .git/shallow ; then
             echo "unexpected .git/shallow file is present"
             echo "it suggests a checkout --depth X was used which may prevent pushing the commit"

From 9244ed3b1c78ba911328b8793a0481861427a3e7 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 26 Dec 2025 20:02:27 +0100
Subject: [PATCH 048/854] test: fix intermittent PostgreSQL failure in
 TestAdminViewRepos (#10587)

Intermittent test failure ([example](https://codeberg.org/forgejo/forgejo/actions/runs/125874/jobs/9/attempt/1)):
```
=== TestAdminViewRepos (tests/test_utils.go:327)
--- FAIL: TestAdminViewRepos (0.39s)
    testlogger.go:411: 2025/12/26 15:21:27 ...les/storage/local.go:33:NewLocalStorage() [I] Creating new Local Storage at /workspace/forgejo/forgejo/tests/gitea-lfs-meta
    testlogger.go:411: 2025/12/26 15:21:27 ...eb/routing/logger.go:102:func1() [I] router: completed POST /user/login for test-mock:12345, 303 See Other in 4.7ms @ auth/auth.go:178(auth.SignInPost)
    testlogger.go:411: 2025/12/26 15:21:27 ...eb/routing/logger.go:102:func1() [I] router: completed GET /admin/repos for test-mock:12345, 200 OK in 75.1ms @ admin/repos.go:29(admin.Repos)
    admin_repo_test.go:29:
        	Error Trace:	/workspace/forgejo/forgejo/tests/integration/admin_repo_test.go:29
        	Error:      	Not equal:
        	            	expected: 1
        	            	actual  : 0
        	Test:       	TestAdminViewRepos
    admin_repo_test.go:30:
        	Error Trace:	/workspace/forgejo/forgejo/tests/integration/admin_repo_test.go:30
        	Error:      	Not equal:
        	            	expected: "repo49"
        	            	actual  : ""

        	            	Diff:
        	            	--- Expected
        	            	+++ Actual
        	            	@@ -1 +1 @@
        	            	-repo49
        	            	+
        	Test:       	TestAdminViewRepos
```

Cause: the page is displaying 50 out of 65 repos in the fixture with a default sort of "recently updated"; on PostgreSQL that is occasionally causing the target link not to appear on the first page.  As a fix, I've switched the test to load with reverse alphabetical order which should cause it to consistently appear on the first page.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10587
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 tests/integration/admin_repo_test.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/integration/admin_repo_test.go b/tests/integration/admin_repo_test.go
index 3c3b8a62d9..dd5b8f5d13 100644
--- a/tests/integration/admin_repo_test.go
+++ b/tests/integration/admin_repo_test.go
@@ -16,12 +16,12 @@ func TestAdminViewRepos(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	session := loginUser(t, "user1")
-	req := NewRequest(t, "GET", "/admin/repos")
+	req := NewRequest(t, "GET", "/admin/repos?q=&sort=reversealphabetically")
 	resp := session.MakeRequest(t, req, http.StatusOK)
 
 	htmlDoc := NewHTMLParser(t, resp.Body)
 
-	// Should be 50 rows of repositories rendered...
+	// Should be 50 rows of repositories rendered; this is the page size, and there are 65 repos in-fixture.
 	assert.Equal(t, 50, htmlDoc.Find("table tbody tr").Length())
 
 	// Check for a specific repo link to see if it is rendered correctly

From 663acf102a00bf909b1eb2c2e95ec7ea698de786 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 26 Dec 2025 20:03:12 +0100
Subject: [PATCH 049/854] fix: ListTrackedTimes API has no defined record
 ordering (#10588)

API call `GET /repos/{owner}/{repo}/issues/{index}/times` has no defined ordering implemented in it, causing PostgreSQL to have intermittent test failures on `TestAPIGetTrackedTimes` which expected records to be returned in ID order.  ID order is reasonable enough, so this PR adds that ordering.

Fixes #10577.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10588
Reviewed-by: Cyborus <cyborus@disroot.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/issues/tracked_time.go                   |  2 +-
 .../integration/api_issue_tracked_time_test.go  | 17 +++++++++++++++--
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/models/issues/tracked_time.go b/models/issues/tracked_time.go
index d229d83470..e083f6e1e8 100644
--- a/models/issues/tracked_time.go
+++ b/models/issues/tracked_time.go
@@ -148,7 +148,7 @@ func (opts *FindTrackedTimesOptions) toSession(e db.Engine) db.Engine {
 
 // GetTrackedTimes returns all tracked times that fit to the given options.
 func GetTrackedTimes(ctx context.Context, options *FindTrackedTimesOptions) (trackedTimes TrackedTimeList, err error) {
-	err = options.toSession(db.GetEngine(ctx)).Find(&trackedTimes)
+	err = options.toSession(db.GetEngine(ctx)).Asc("tracked_time.id").Find(&trackedTimes)
 	return trackedTimes, err
 }
 
diff --git a/tests/integration/api_issue_tracked_time_test.go b/tests/integration/api_issue_tracked_time_test.go
index a4f3d15f88..5e8b383437 100644
--- a/tests/integration/api_issue_tracked_time_test.go
+++ b/tests/integration/api_issue_tracked_time_test.go
@@ -61,8 +61,21 @@ func TestAPIGetTrackedTimes(t *testing.T) {
 	var filterAPITimes api.TrackedTimeList
 	DecodeJSON(t, resp, &filterAPITimes)
 	assert.Len(t, filterAPITimes, 2)
-	assert.Equal(t, int64(3), filterAPITimes[0].ID)
-	assert.Equal(t, int64(6), filterAPITimes[1].ID)
+	assert.EqualValues(t, 3, filterAPITimes[0].ID)
+	assert.EqualValues(t, 6, filterAPITimes[1].ID)
+
+	// test pagination
+	allIDs := []int64{}
+	for _, page := range []int{1, 2, 3} {
+		req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/issues/%d/times?page=%d&limit=1", user2.Name, issue2.Repo.Name, issue2.Index, page).
+			AddTokenAuth(token)
+		resp = MakeRequest(t, req, http.StatusOK)
+		var pageAPITimes api.TrackedTimeList
+		DecodeJSON(t, resp, &pageAPITimes)
+		require.Len(t, pageAPITimes, 1)
+		allIDs = append(allIDs, pageAPITimes[0].ID)
+	}
+	assert.Equal(t, []int64{2, 3, 6}, allIDs)
 }
 
 func TestAPIDeleteTrackedTime(t *testing.T) {

From 6be2c43d7427171460621733c0e7648b6aeb1df3 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 27 Dec 2025 02:27:51 +0100
Subject: [PATCH 050/854] Update module github.com/jackc/pgx/v5 to v5.8.0
 (forgejo) (#10596)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `v5.7.6` -> `v5.8.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fjackc%2fpgx%2fv5/v5.8.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fjackc%2fpgx%2fv5/v5.7.6/v5.8.0?slim=true) |

---

### Release Notes

<details>
<summary>jackc/pgx (github.com/jackc/pgx/v5)</summary>

### [`v5.8.0`](https://github.com/jackc/pgx/compare/v5.7.6...v5.8.0)

[Compare Source](https://github.com/jackc/pgx/compare/v5.7.6...v5.8.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10596
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0ba8e2b3ab..35b887a26e 100644
--- a/go.mod
+++ b/go.mod
@@ -67,7 +67,7 @@ require (
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/huandu/xstrings v1.5.0
 	github.com/inbucket/html2text v0.9.0
-	github.com/jackc/pgx/v5 v5.7.6
+	github.com/jackc/pgx/v5 v5.8.0
 	github.com/jhillyerd/enmime/v2 v2.2.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
diff --git a/go.sum b/go.sum
index 2f6c44c8ef..cb01138dc6 100644
--- a/go.sum
+++ b/go.sum
@@ -462,8 +462,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.7.6 h1:rWQc5FwZSPX58r1OQmkuaNicxdmExaEz5A2DO2hUuTk=
-github.com/jackc/pgx/v5 v5.7.6/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M=
+github.com/jackc/pgx/v5 v5.8.0 h1:TYPDoleBBme0xGSAX3/+NujXXtpZn9HBONkQC7IEZSo=
+github.com/jackc/pgx/v5 v5.8.0/go.mod h1:QVeDInX2m9VyzvNeiCJVjCkNFqzsNb43204HshNSZKw=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=

From cc11e564838c5a9ff12eff1db86ee31a94f95371 Mon Sep 17 00:00:00 2001
From: Codeberg Translate <translate@codeberg.org>
Date: Sat, 27 Dec 2025 14:06:04 +0000
Subject: [PATCH 051/854] i18n: update of translations from Codeberg Translate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: AYT04 <ayt04@noreply.codeberg.org>
Co-authored-by: Arthur Zamarin <arthurzam@gentoo.org>
Co-authored-by: Astrak <astrak@noreply.codeberg.org>
Co-authored-by: Baempaieo <baempaieo@noreply.codeberg.org>
Co-authored-by: Benedikt Straub <benedikt-straub@web.de>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Co-authored-by: Edgarsons <edgarsons@noreply.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Kenneth Bruen <kenny@kbruen.ro>
Co-authored-by: Kyush <kyush@noreply.codeberg.org>
Co-authored-by: Lzebulon <lzebulon@noreply.codeberg.org>
Co-authored-by: Nimplex <nimplex@noreply.codeberg.org>
Co-authored-by: Priit Jõerüüt <jrtcdbrg@noreply.codeberg.org>
Co-authored-by: Schmerling <schmerling@noreply.codeberg.org>
Co-authored-by: SomeTr <sometr@noreply.codeberg.org>
Co-authored-by: Vyxie <kitakita@disroot.org>
Co-authored-by: WithLithum <withlithum@noreply.codeberg.org>
Co-authored-by: Wuzzy <wuzzy@disroot.org>
Co-authored-by: Zughy <zughy@noreply.codeberg.org>
Co-authored-by: adam <me@adamperkowski.dev>
Co-authored-by: adriand <adriand@noreply.codeberg.org>
Co-authored-by: artnay <artnay@noreply.codeberg.org>
Co-authored-by: butterflyoffire <butterflyoffire@noreply.codeberg.org>
Co-authored-by: jimkats <jimkats@noreply.codeberg.org>
Co-authored-by: justbispo <justbispo@noreply.codeberg.org>
Co-authored-by: mahlzahn <mahlzahn@posteo.de>
Co-authored-by: pixelcode <pixelcode@noreply.codeberg.org>
Co-authored-by: vmtj <vmtj@noreply.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fil/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/he/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/it/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/kab/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/lv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/el/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/et/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fil/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/he/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/it/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/kab/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ko/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/mic/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ro/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/uk/
Translation: Forgejo/forgejo
Translation: Forgejo/forgejo-next
---
 options/locale/locale_ca.ini          |  57 +++++-
 options/locale/locale_de-DE.ini       | 200 ++++++++++----------
 options/locale/locale_el-GR.ini       |   2 +-
 options/locale/locale_es-ES.ini       |  22 ++-
 options/locale/locale_et.ini          |  99 +++++++++-
 options/locale/locale_fi-FI.ini       |   6 +
 options/locale/locale_fil.ini         |   6 +-
 options/locale/locale_he.ini          |  37 ++++
 options/locale/locale_it-IT.ini       |  14 +-
 options/locale/locale_kab.ini         | 122 ++++++++++++-
 options/locale/locale_ko-KR.ini       |  32 +++-
 options/locale/locale_mic.ini         |   8 +
 options/locale/locale_nl-NL.ini       |   2 +-
 options/locale/locale_pl-PL.ini       |  22 ++-
 options/locale/locale_ro.ini          |   5 +
 options/locale/locale_ru-RU.ini       |   4 +-
 options/locale/locale_uk-UA.ini       | 252 +++++++++++++-------------
 options/locale_next/locale_ca.json    |  49 ++++-
 options/locale_next/locale_cs-CZ.json |   5 +-
 options/locale_next/locale_de-DE.json |   5 +-
 options/locale_next/locale_fil.json   |  32 +++-
 options/locale_next/locale_fr-FR.json |  27 ++-
 options/locale_next/locale_he.json    |  89 ++++++++-
 options/locale_next/locale_it-IT.json |   5 +-
 options/locale_next/locale_kab.json   |  22 ++-
 options/locale_next/locale_lv-LV.json |   5 +-
 options/locale_next/locale_mic.json   |   1 +
 options/locale_next/locale_nds.json   |   5 +-
 options/locale_next/locale_pl-PL.json | 112 ++++++++++--
 options/locale_next/locale_pt-PT.json |   5 +-
 options/locale_next/locale_ru-RU.json |   5 +-
 options/locale_next/locale_uk-UA.json |  11 +-
 options/locale_next/locale_zh-CN.json |  32 +++-
 33 files changed, 1012 insertions(+), 288 deletions(-)
 create mode 100644 options/locale/locale_mic.ini
 create mode 100644 options/locale_next/locale_mic.json

diff --git a/options/locale/locale_ca.ini b/options/locale/locale_ca.ini
index a3ea3843d7..342e066057 100644
--- a/options/locale/locale_ca.ini
+++ b/options/locale/locale_ca.ini
@@ -616,6 +616,7 @@ username_error_no_dots = ` només pot contenir caràcters alfanumèrics ("0-9","
 username_claiming_cooldown = El nom d'usuari no es pot reservar degut a que el seu període de refredament encara no ha acabat. Es podrà fer servir en %[1]s.
 invalid_group_team_map_error = ` el mapatge no és vàlid: %s`
 repository_force_private = S'ha activat "Forçar privat": els repositoris privats no es poden fer públics.
+2fa_auth_required = L'accés remot requereix una autenticació de doble factor.
 
 [settings]
 pronouns = Pronoms
@@ -774,7 +775,7 @@ generate_token = Generar el testimoni
 generate_token_success = S'ha generat el vostre nou testimoni. Copieu-lo ara, ja que no es tornarà a mostrar.
 generate_token_name_duplicate = Ja s'ha usat <strong>%s</strong> com a nom d'aplicació. Si us plau, useu-ne un de nou.
 delete_token = Eliminar
-access_token_deletion =
+access_token_deletion =Esborra el testimoni d'accés
 delete_email = Eliminar
 biography_placeholder = Explica una mica sobre tu als altres! (Compatible amb Markdown)
 add_new_email = Afegir una adreça de correu electrònic
@@ -880,6 +881,26 @@ visibility.public = Públic
 visibility.limited = Limitat
 visibility.private = Privat
 primary = Principal
+lookup_avatar_by_mail = Cercar l'avatar amb l'adreça de correu electrònic
+access_token_desc = Els permisos de testimoni seleccionats es limiten a les rutes <a href="%[1]s" target="_blank">API</a> corresponents. Llegiu la <a href="%[2]s" target="_blank">documentació</a> per a més informació.
+oauth2_confidential_client = Client confidencial. Seleccioneu aquesta opció per a aplicacions que mantinguin el secret confidencial, com les aplicacions web. No la seleccioneu pas per a aplicacions nadiues, tant d'escriptori com mòbils.
+oauth2_application_create_description = Les aplicacions OAuth2 permeten que les vostres aplicacions de tercers accedeixin als comptes d'usuari d'aquesta instància.
+oauth2_application_remove_description = Esborrar una aplicació OAuth2 li denegarà l'accés als comptes d'usuari autoritzats d'aquesta instància. Voleu continuar?
+oauth2_application_locked = Forgejo registra per defecte algunes aplicacions OAuth2 en arrencar, si s'habilita a la configuració. Per evitar un comportament inesperat, aquestes aplicacions no es poden editar o eliminar. Si us plau, aneu a la documentació de l'OAuth2 per a més informació.
+twofa_is_enrolled = El vostre compte té actualment <strong>activada</strong> l'autenticació de doble factor.
+twofa_not_enrolled = El vostre compte no ha activat l'autenticació de doble factor.
+twofa_enroll = Activar l'autenticació de doble factor
+twofa_enrolled = S'ha activat satisfactòriament l'autentificació de doble factor per al vostre compte. Deseu la vostra clau de recuperació d'un sol ús (%s) en un lloc segur, ja que no es mostrarà més vegades.
+hooks.desc = Afegir webhooks que s'executaran per a <strong>tots els repositoris</strong> que teniu.
+delete_with_all_comments = El vostre compte és més recent que %s. Per evitar comentaris fantasma, tots els comentaris de problemes/PR s'eliminaran.
+email_notifications.submit = Establir la preferència de correu electrònic
+email_notifications.andyourown = I les vostres pròpies notificacions
+visibility = Visibilitat d'usuari
+quota.rule.exceeded.helper = La mida total dels objectes per a aquesta norma ha superat la quota.
+quota.rule.no_limit = Il·limitat
+quota.sizes.all = Tot
+quota.sizes.assets.all = Recursos
+quota.sizes.wiki = Wiki
 
 [repo]
 settings.basic_settings = Configuració bàsica
@@ -1395,7 +1416,7 @@ issues.reaction.alt_many = %[1]s i %[2]d més han reaccionat %[3]s.
 issues.reaction.alt_remove = Eliminar %[1]s reacció del comentari.
 issues.reaction.alt_add = Afegir %[1]s reacció al comentari.
 issues.context.copy_link = Copiar l'enllaç
-issues.context.quote_reply =
+issues.context.quote_reply =Citar la resposta
 issues.context.reference_issue = Referenciar-la en una nova incidència
 issues.no_content = No s'ha proporcionat cap descripció.
 issues.close = Tancar la incidència
@@ -1559,6 +1580,38 @@ activity.git_stats_addition_n = %d addicions
 activity.git_stats_deletion_1 = %d eliminació
 activity.git_stats_deletion_n = %d eliminacions
 settings.mirror_settings.docs = Configureu el vostre repositori per sincronitzar automàticament commits, etiquetes i branques amb un altre repositori.
+rss.must_be_on_branch = Heu d'estar en una branca per a tenir un canal RSS.
+admin.manage_flags = Gestiona les marques
+admin.enabled_flags = Marques habilitades del repositori:
+admin.update_flags = Actualitza les marques
+admin.failed_to_replace_flags = No s'han pogut reemplaçar les marques del repositori
+admin.flags_replaced = S'han reemplaçat les marques del repositori
+new_repo_helper = Un repositori conté tots els arxius del projecte, incloent l'historial de revisions. Ja n'esteu allotjant un en un altre lloc? <a href="%s">Migració de repositori</a>.
+new_from_template = Usar una plantilla
+size_format = %[1]s: %[2]s; %[3]s: %[4]s
+visibility_helper = Fer el repositori privat
+use_template = Usar aquesta plantilla
+license_helper_desc = Una llicència estableix què poden fer o no les altres persones amb el vostre codi. Si no esteu segur de quina és la més adequada per al vostre projecte, aneu a <a target="_blank" rel="noopener noreferrer" href="%s">Choose a license</a>.
+object_format = Format d'objecte
+object_format_helper = Format d'objecte del repositori. No es pot canviar després. SHA1 és el format més compatible.
+auto_init = Inicialitzar el repositori
+auto_init_description = Comença l'historial de Git amb un README i, opcionalment, afegeix un arxiu de llicència i .gitignore.
+create_repo = Crear un repositori
+mirror_use_ssh.text = Usar l'autenticació SSH
+mirror_denied_combination = No es poden usar simultàniament una autenticació per clau pública i per contrasenya.
+stars_remove_warning = Això eliminarà totes les estrelles d'aquest repositori.
+archive.pull.noreview = Aquest repositori està arxivat. No podeu revisar-ne les «pull requests».
+sync_fork.branch_behind_one = Aquesta branca és %[1]d commit darrere de %[2]s
+sync_fork.branch_behind_few = Aquesta branca és %[1]d commits darrere de %[2]s
+form.reach_limit_of_creation_1 = El propietari ja ha superat el límit de %d repositori.
+form.reach_limit_of_creation_n = El propietari ja ha superat el límit de %d repositoris.
+form.name_reserved = El nom de repositori "%s" està reservat.
+form.name_pattern_not_allowed = El patró "%s" no està permès en el nom del repositori.
+form.string_too_long = El text introduït té més de %d caràcters.
+migrate_options = Opcions de migració
+migrate_options_mirror_helper = Aquest repositori serà un mirall
+migrate_options_lfs_endpoint.description.local = També s'accepta un camí al servidor local.
+migrate_items = Elements de migració
 
 [user]
 unblock = Desbloquejar
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 3007546f37..a219068a60 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -9,7 +9,7 @@ sign_in_with_provider=Anmelden mit %s
 sign_in_or=oder
 sign_out=Abmelden
 sign_up=Registrieren
-link_account=Account verbinden
+link_account=Konto verbinden
 register=Registrieren
 version=Version
 powered_by=Betrieben mit %s
@@ -103,7 +103,7 @@ preview=Vorschau
 loading=Laden …
 
 error=Fehler
-error404=Die Seite, die du versuchst aufzurufen, <strong>existiert nicht</strong>, <strong>wurde entfernt</strong> oder <strong>du bist nicht berechtigt</strong>, diese anzusehen.
+error404=Die Seite, die du versuchst aufzurufen, <strong>existiert nicht</strong> oder <strong>wurde entfernt</strong>, oder <strong>du bist nicht berechtigt</strong>, diese anzusehen.
 go_back=Zurück
 
 never=Niemals
@@ -152,7 +152,7 @@ more_items = Mehr Einträge
 invalid_data = Ungültige Daten: %v
 copy_generic = In die Zwischenablage kopieren
 test = Test
-error413 = Du hast deine Quota ausgereizt.
+error413 = Du hast dein Kontingent ausgereizt.
 new_repo.title = Neues Repository
 new_migrate.title = Neue Migration
 new_org.title = Neue Organisation
@@ -202,7 +202,7 @@ table_modal.label.columns = Spalten
 link_modal.header = Einen Link hinzufügen
 link_modal.url = URL
 link_modal.description = Beschreibung
-link_modal.paste_reminder = Hinweis: Wenn du einen URL in der Zwischenablage hast, kannst du durch einfügen im Editor direkt einen Link erstellen.
+link_modal.paste_reminder = Hinweis: Wenn du einen URL in der Zwischenablage hast, kannst du durch Einfügen im Editor direkt einen Link erstellen.
 
 [filter]
 string.asc=A–Z
@@ -244,7 +244,7 @@ path=Pfad
 sqlite_helper=Dateipfad zur SQLite3-Datenbank.<br>Gib einen absoluten Pfad an, wenn Forgejo als Service gestartet wird.
 reinstall_error=Du versuchst, in eine bereits existierende Forgejo-Datenbank zu installieren
 reinstall_confirm_message=Eine Neuinstallation mit einer bestehenden Forgejo-Datenbank kann mehrere Probleme verursachen. In den meisten Fällen solltest du deine vorhandene „app.ini“ verwenden, um Forgejo auszuführen. Wenn du weißt, was du tust, bestätige die folgenden Angaben:
-reinstall_confirm_check_1=Die von der SECRET_KEY in app.ini verschlüsselten Daten können verloren gehen: Benutzer können sich unter Umständen nicht mit 2FA/OTP einloggen und Spiegel könnten nicht mehr richtig funktionieren. Mit der Ankreuzung dieses Kästchens bestätigst du, dass die aktuelle app.ini-Datei den korrekten SECRET_KEY enthält.
+reinstall_confirm_check_1=Die vom SECRET_KEY in app.ini verschlüsselten Daten können verloren gehen: Benutzer können sich unter Umständen nicht mit 2FA/OTP einloggen und Spiegel könnten nicht mehr richtig funktionieren. Mit der Ankreuzung dieses Kästchens bestätigst du, dass die aktuelle app.ini-Datei den korrekten SECRET_KEY enthält.
 reinstall_confirm_check_2=Die Repositorys und Einstellungen müssen eventuell neu synchronisiert werden. Durch das Ankreuzen dieses Kästchens bestätigst du, dass du die Hooks für die Repositorys und die authorized_keys-Datei manuell neu synchronisierst. Du bestätigst, dass du sicherstellst, dass die Repository- und Spiegeleinstellungen korrekt sind.
 reinstall_confirm_check_3=Du bestätigst, dass du absolut sicher bist, dass diese Forgejo mit der richtigen app.ini läuft, und du sicher bist, dass du neu installieren musst. Du bestätigst, dass du die oben genannten Risiken anerkennst.
 err_empty_db_path=Der SQLite3-Datenbankpfad darf nicht leer sein.
@@ -293,7 +293,7 @@ disable_gravatar.description=Gravatar und andere Drittanbieter-Avatar-Quellen de
 federated_avatar_lookup=Föderierte Profilbilder einschalten
 federated_avatar_lookup.description=Profilbilder mittels Libravatar suchen.
 disable_registration=Registrierung deaktivieren
-disable_registration.description=Nur Instanz-Administratoren können neue Benutzerkonten anlegen. Es wird dazu geraten, die Registrierung deaktiviert zu lassen, außer wenn man eine öffentliche Instanz für alle hosten will und bereit ist, mit Spam-Accounts in großer Anzahl umzugehen.
+disable_registration.description=Nur Instanz-Administratoren können neue Benutzerkonten anlegen. Es wird dazu geraten, die Registrierung deaktiviert zu lassen, außer wenn man eine öffentliche Instanz für alle hosten will und bereit ist, mit Spam-Konten in großer Anzahl umzugehen.
 allow_only_external_registration.description=Benutzer können nur über die konfigurierten externe Dienste neue Konten anlegen.
 openid_signin=OpenID-Anmeldung aktivieren
 openid_signin.description=Benutzeranmeldung via OpenID aktivieren.
@@ -391,8 +391,8 @@ allow_password_change=Verlange vom Benutzer das Passwort zu ändern (empfohlen)
 reset_password_mail_sent_prompt=Eine Bestätigungs-E-Mail wurde an <b>%s</b> gesendet. Um den Kontowiederherstellungsprozess abzuschließen, überprüfe bitte deinen Posteingang und folge dem angegebenen Link innerhalb von %s.
 active_your_account=Aktiviere dein Konto
 account_activated=Konto wurde aktiviert
-prohibit_login=Der Account ist gesperrt
-prohibit_login_desc=Dein Account ist auf dieser Instanz gesperrt worden. Bitte kontaktiere den Instanz-Administrator.
+prohibit_login=Das Konto ist gesperrt
+prohibit_login_desc=Dein Konto ist auf dieser Instanz gesperrt worden. Bitte kontaktiere den Instanz-Administrator.
 resent_limit_prompt=Du hast bereits eine Aktivierungs-E-Mail angefordert. Bitte warte 3 Minuten und probiere es dann nochmal.
 has_unconfirmed_mail=Hallo %s, du hast eine unbestätigte E-Mail-Adresse (<b>%s</b>). Wenn du keine Bestätigungs-E-Mail erhalten hast oder eine neue senden möchtest, klicke bitte auf den folgenden Button.
 resend_mail=Aktivierungs-E-Mail erneut verschicken
@@ -433,11 +433,11 @@ email_domain_blacklisted=Du kannst dich nicht mit deiner E-Mail-Adresse registri
 authorize_application=Anwendung autorisieren
 authorize_redirect_notice=Du wirst zu %s weitergeleitet, wenn du diese Anwendung autorisierst.
 authorize_application_created_by=Diese Anwendung wurde von %s erstellt.
-authorize_application_description=Wenn du diese Anwendung autorisierst, wird sie die Berechtigung erhalten, alle Informationen zu deinem Account zu bearbeiten oder zu lesen. Dies beinhaltet auch private Repositorys und Organisationen.
-authorize_title=„%s“ den Zugriff auf deinen Account gestatten?
+authorize_application_description=Wenn du diese Anwendung autorisierst, wird sie die Berechtigung erhalten, alle Informationen zu deinem Konto zu bearbeiten oder zu lesen. Dies beinhaltet auch private Repositorys und Organisationen.
+authorize_title=„%s“ den Zugriff auf dein Konto gestatten?
 authorization_failed=Autorisierung fehlgeschlagen
 authorization_failed_desc=Die Autorisierung ist fehlgeschlagen, da wir eine ungültige Anfrage erkannt haben. Bitte kontaktiere den Betreuer der App, die du zu autorisieren versucht hast.
-password_pwned=Das von dir gewählte Passwort befindet sich auf einer <a target="_blank" rel="noopener noreferrer" href="%s">List gestohlener Passwörter</a>, die öffentlich verfügbar sind. Bitte versuche es erneut mit einem anderen Passwort und ziehe in Erwägung, auch anderswo deine Passwörter zu ändern.
+password_pwned=Das von dir gewählte Passwort befindet sich auf einer <a target="_blank" rel="noopener noreferrer" href="%s">Liste gestohlener Passwörter</a>, die öffentlich verfügbar sind. Bitte versuche es erneut mit einem anderen Passwort und ziehe in Erwägung, auch anderswo deine Passwörter zu ändern.
 password_pwned_err=Anfrage an HaveIBeenPwned konnte nicht abgeschlossen werden
 change_unconfirmed_email_summary = Ändern der E-Mail-Adresse, an die die Aktivierungsnachricht gesendet wird.
 change_unconfirmed_email_error = Ändern der E-Mail-Adresse fehlgeschlagen: %v
@@ -449,7 +449,7 @@ sign_in_openid = Mit OpenID fortfahren
 hint_login = Hast du bereits ein Konto? <a href="%s">Jetzt anmelden!</a>
 hint_register = Brauchst du ein Konto? <a href="%s">Jetzt registrieren.</a>
 unauthorized_credentials = Die Zugangsdaten sind inkorrekt oder abgelaufen. Versuchen es erneut oder siehe %s für mehr Informationen
-use_onetime_code = Einen One-Time-Code benutzen
+use_onetime_code = Einen Einmal-Code benutzen
 
 [mail]
 view_it_on=Auf %s ansehen
@@ -467,7 +467,7 @@ activate_email.text=Bitte klicke innerhalb von <b>%s</b> auf folgenden Link, um
 register_notify=Willkommen bei %s
 register_notify.text_1=dies ist deine Bestätigungs-E-Mail für %s!
 register_notify.text_2=Du kannst dich mit dem Benutzernamen „%s“ anmelden
-register_notify.text_3=Wenn jemand anderes diesen Account für dich erstellt hat, musst du zuerst <a href="%s">dein Passwort setzen</a>.
+register_notify.text_3=Wenn jemand anderes dieses Konto für dich erstellt hat, musst du zuerst <a href="%s">dein Passwort setzen</a>.
 
 reset_password=Stelle dein Konto wieder her
 reset_password.text=Falls du das warst, klicke bitte innerhalb von <b>%s</b> auf folgenden Link, um dein Konto wiederherzustellen:
@@ -516,20 +516,20 @@ admin.new_user.subject = Neuer Benutzer %s hat sich gerade angemeldet
 admin.new_user.user_info = Benutzerinformationen
 admin.new_user.text = Bitte <a href="%s">hier klicken</a>, um den Benutzer aus dem Admin-Panel zu verwalten.
 password_change.subject = Dein Passwort wurde geändert
-password_change.text_1 = Das Passwort für deinen Account wurde soeben geändert.
+password_change.text_1 = Das Passwort für dein Konto wurde soeben geändert.
 primary_mail_change.subject = Deine primäre E-Mail-Adresse wurde geändert
 totp_disabled.subject = TOTP wurde deaktiviert
-totp_disabled.text_1 = TOTP (Time-based one-time password [zeitbasiertes Einmalpasswort]) wurde auf deinem Account soeben deaktiviert.
-totp_disabled.no_2fa = Es sind keine anderen 2FA-Methoden mehr konfiguriert, was bedeutet, dass es nicht mehr nötig ist, sich in deinen Account mit 2FA einzuloggen.
+totp_disabled.text_1 = TOTP (Time-based one-time password [zeitbasiertes Einmalpasswort]) wurde auf deinem Konto soeben deaktiviert.
+totp_disabled.no_2fa = Es sind keine anderen 2FA-Methoden mehr konfiguriert, was bedeutet, dass es nicht mehr nötig ist, sich in dein Konto mit 2FA einzuloggen.
 removed_security_key.subject = Ein Sicherheitsschlüssel wurde entfernt
-removed_security_key.no_2fa = Es sind keine anderen 2FA-Methoden mehr konfiguriert, was bedeutet, dass es nicht mehr nötig ist, sich in deinen Account mit 2FA einzuloggen.
+removed_security_key.no_2fa = Es sind keine anderen 2FA-Methoden mehr konfiguriert, was bedeutet, dass es nicht mehr nötig ist, sich in dein Konto mit 2FA einzuloggen.
 account_security_caution.text_1 = Wenn du das warst, kannst du diese E-Mail bedenkenlos ignorieren.
-removed_security_key.text_1 = Sicherheitsschlüssel „%[1]s“ wurde soeben von deinem Account entfernt.
-primary_mail_change.text_1 = Die primäre E-Mail-Adresse deines Account wurde soeben zu %[1]s geändert. Das bedeutet, dass diese E-Mail-Adresse keine E-Mail-Benachrichtigungen für deinen Account erhalten wird.
-account_security_caution.text_2 = Wenn du das nicht warst, wurde dein Account kompromittiert. Bitte kontaktiere die Admins dieser Webseite.
+removed_security_key.text_1 = Sicherheitsschlüssel „%[1]s“ wurde soeben aus deinem Konto entfernt.
+primary_mail_change.text_1 = Die primäre E-Mail-Adresse deines Kontos wurde soeben zu %[1]s geändert. Das bedeutet, dass diese E-Mail-Adresse keine E-Mail-Benachrichtigungen für dein Konto erhalten wird.
+account_security_caution.text_2 = Wenn du das nicht warst, wurde dein Konto kompromittiert. Bitte kontaktiere die Admins dieser Webseite.
 totp_enrolled.subject = Du hast TOTP als 2FA-Methode aktiviert
-totp_enrolled.text_1.has_webauthn = Du hast gerade eben TOTP für deinen Account aktiviert. Das bedeutet, dass du in Zukunft für alle Logins in deinen Account TOTP als 2FA-Methode oder einen deiner Sicherheitsschlüssel benutzen könntest.
-totp_enrolled.text_1.no_webauthn = Du hast gerade eben TOTP für deinen Account aktiviert. Das bedeutet, dass du in Zukunft für alle Logins in deinen Account TOTP als 2FA-Methode benutzen musst.
+totp_enrolled.text_1.has_webauthn = Du hast gerade eben TOTP für dein Konto aktiviert. Das bedeutet, dass du in Zukunft für alle Logins in dein Konto TOTP als 2FA-Methode oder einen deiner Sicherheitsschlüssel benutzen könntest.
+totp_enrolled.text_1.no_webauthn = Du hast gerade eben TOTP für dein Konto aktiviert. Das bedeutet, dass du in Zukunft für alle Logins in dein Konto TOTP als 2FA-Methode benutzen musst.
 
 [modal]
 yes=Ja
@@ -568,7 +568,7 @@ url_error=`„%s“ ist keine gültige URL.`
 include_error=` muss den Text „%s“ enthalten.`
 glob_pattern_error=` Glob-Pattern ist ungültig: %s.`
 regex_pattern_error=` regex ist ungültig: %s.`
-username_error=` darf nur alphanumerische Zeichen („0-9“, „a-z“, „A-Z“), Bindestriche („-“), Unterstriche („_“) und Punkte („.“) enthalten. Es kann nicht mit nicht-alphanumerischen Zeichen beginnen oder enden und aufeinanderfolgende nicht-alphanumerische Zeichen sind ebenfalls verboten.`
+username_error=` darf nur alphanumerische Zeichen („0-9“, „a-z“, „A-Z“), Bindestriche („-“), Unterstriche („_“) und Punkte („.“) enthalten. Es darf nicht mit nicht-alphanumerischen Zeichen beginnen oder enden, und aufeinanderfolgende nicht-alphanumerische Zeichen sind ebenfalls verboten.`
 invalid_group_team_map_error=` Zuordnung ist ungültig: %s`
 unknown_error=Unbekannter Fehler:
 captcha_incorrect=Der eingegebene CAPTCHA-Code ist falsch.
@@ -625,7 +625,7 @@ target_branch_not_exist=Der Ziel-Branch existiert nicht.
 username_error_no_dots = ` darf nur alphanumerische Zeichen („0-9“, „a-z“, „A-Z“), Bindestriche („-“), Unterstriche („_“) enthalten. Es kann nicht mit nicht-alphanumerischen Zeichen beginnen oder enden und aufeinanderfolgende nicht-alphanumerische Zeichen sind ebenfalls verboten.`
 admin_cannot_delete_self = Du kannst dich nicht selbst löschen, wenn du ein Admin bist. Bitte entferne zuerst deine Adminrechte.
 unset_password = Für den Benutzer ist das Passwort nicht gesetzt.
-unsupported_login_type = Dieser Login-Typ unterstützt keine Accountlöschung.
+unsupported_login_type = Dieser Login-Typ unterstützt keine Kontolöschung.
 required_prefix = Eingabe muss mit „%s“ anfangen
 Description = Beschreibung
 FullName = Vollständiger Name
@@ -678,9 +678,9 @@ following.title.few = Folgt
 followers.title.one = Follower
 public_activity.visibility_hint.self_public = Deine Aktivität ist sichtbar für alle, außer für Interaktionen in privaten Räumen. <a href="%s">Konfigurieren</a>.
 public_activity.visibility_hint.admin_public = Diese Aktivität ist sichtbar für alle, aber als Administrator kannst du außerdem Interaktionen in privaten Räumen sehen.
-public_activity.visibility_hint.self_private = Deine Aktivität ist nur sichtbar für dich und den Instanzadministratoren. <a href="%s">Konfigurieren</a>.
+public_activity.visibility_hint.self_private = Deine Aktivität ist nur sichtbar für dich und die Instanzadministratoren. <a href="%s">Konfigurieren</a>.
 public_activity.visibility_hint.admin_private = Diese Aktivität ist sichtbar für dich, weil du ein Administrator bist, aber der Benutzer will sie privat halten.
-public_activity.visibility_hint.self_private_profile = Deine Aktivität ist nur für dich und die Instanzadministratoren sichtbar, weil den Profil privat ist. <a href="%s">Konfigurieren</a>.
+public_activity.visibility_hint.self_private_profile = Deine Aktivität ist nur für dich und die Instanzadministratoren sichtbar, weil dein Profil privat ist. <a href="%s">Konfigurieren</a>.
 
 [settings]
 profile=Profil
@@ -699,7 +699,7 @@ organization=Organisationen
 uid=UID
 webauthn=Zwei-Faktor-Authentifizierung (Sicherheitsschlüssel)
 
-public_profile=Öffentliches profil
+public_profile=Öffentliches Profil
 biography_placeholder=Erzähle anderen ein wenig über dich selbst! (Markdown wird unterstützt)
 location_placeholder=Teile deinen ungefähren Standort mit anderen
 profile_desc=Über dich
@@ -789,16 +789,16 @@ add_email_success=Die neue E-Mail-Addresse wurde hinzugefügt.
 email_preference_set_success=E-Mail-Einstellungen wurden erfolgreich aktualisiert.
 add_openid_success=Die neue OpenID-Adresse wurde hinzugefügt.
 keep_email_private=E-Mail-Adresse verbergen
-keep_email_private_popup=Die E-Mail-Adresse wird nicht im Profil angezeigt und wird nicht der Standard für Commits über das Webinterface sein, wie zum Beispiel Dateiuploads, Bearbeitungen, und Merge-Commits. Stattdessen kann eine besondere Adresse %s benutzt werden, um Commits mit dem Benutzeraccount zu verbinden. Diese Option wirkt sich nicht auf bestehende Commits aus.
+keep_email_private_popup=Die E-Mail-Adresse wird nicht im Profil angezeigt und wird nicht der Standard für Commits über das Webinterface sein, wie zum Beispiel Dateiuploads, Bearbeitungen und Merge-Commits. Stattdessen kann eine besondere Adresse %s benutzt werden, um Commits mit dem Benutzerkonto zu verbinden. Diese Option wirkt sich nicht auf bestehende Commits aus.
 openid_desc=Mit OpenID kannst du dich über einen Drittanbieter authentifizieren.
 
 manage_ssh_keys=SSH-Schlüssel verwalten
 manage_ssh_principals=SSH-Zertifikats-Principals verwalten
 manage_gpg_keys=GPG-Schlüssel verwalten
 add_key=Schlüssel hinzufügen
-ssh_desc=Diese öffentlichen SSH-Schlüssel sind mit deinem Account verbunden. Der dazugehörigen privaten SSH-Schlüssel geben dir vollen Zugriff auf deine Repositorys. Verifizierte SSH-Schlüssel können verwendet werden, um SSH-signierte Git-Commits zu signieren.
+ssh_desc=Diese öffentlichen SSH-Schlüssel sind mit deinem Konto verbunden. Die dazugehörigen privaten SSH-Schlüssel geben dir vollen Zugriff auf deine Repositorys. Verifizierte SSH-Schlüssel können verwendet werden, um SSH-signierte Git-Commits zu signieren.
 principal_desc=Diese SSH-Zertifikat-Principals sind mit deinem Konto verknüpft und erlauben den vollen Zugriff auf deine Repositorys.
-gpg_desc=Diese öffentlichen GPG-Schlüssel sind mit deinem Account verbunden und werden benutzt, um deine Commits zu verifizieren. Halte die dazugehörigen privaten GPG-Schlüssel geheim, da diese deine Commits signieren.
+gpg_desc=Diese öffentlichen GPG-Schlüssel sind mit deinem Konto verbunden und werden benutzt, um deine Commits zu verifizieren. Halte die dazugehörigen privaten GPG-Schlüssel geheim, da diese deine Commits signieren.
 ssh_helper=<strong>Brauchst du Hilfe?</strong> Sieh dir die Anleitung zum <a href="%s">Erzeugen deiner eigenen SSH-Schlüssel</a> an oder zum Lösen <a href="%s">häufiger Probleme</a>, denen du bei der Arbeit mit SSH begegnen kannst.
 gpg_helper=<strong>Brauchst du Hilfe?</strong> Sieh dir die Anleitung <a href="%s">über GPG</a> an.
 key_content_ssh_placeholder=Startet mit „ssh-ed25519“, „ssh-rsa“, „ecdsa-sha2-nistp256“, „ecdsa-sha2-nistp384“, „ecdsa-sha2-nistp521“, „sk-ecdsa-sha2-nistp256@openssh.com“ oder „sk-ssh-ed25519@openssh.com“
@@ -814,7 +814,7 @@ gpg_key_matched_identities_long=Die eingebetteten Identitäten in diesem Schlüs
 gpg_key_verified=Verifizierter Schlüssel
 gpg_key_verified_long=Der Schlüssel wurde mit einem Token verifiziert. Er kann verwendet werden, um Commits zu verifizieren, die mit irgendeiner für diesen Nutzer aktivierten E-Mail-Adresse und irgendeiner Identität dieses Schlüssels übereinstimmen.
 gpg_key_verify=Verifizieren
-gpg_invalid_token_signature=Der GPG-Key, die Signatur und das Token stimmen nicht überein, oder das Token ist veraltet.
+gpg_invalid_token_signature=Der GPG-Schlüssel, die Signatur und das Token stimmen nicht überein, oder das Token ist veraltet.
 gpg_token_required=Du musst eine Signatur für das folgende Token angeben
 gpg_token=Token
 gpg_token_help=Du kannst eine Signatur wie folgt generieren:
@@ -830,7 +830,7 @@ ssh_token=Token
 ssh_token_help=Sie können eine Signatur wie folgt generieren:
 ssh_token_signature=SSH-Textsignatur (armored signature)
 key_signature_ssh_placeholder=Beginnt mit „-----BEGIN SSH SIGNATURE-----“
-verify_ssh_key_success=SSH-Key „%s“ wurde verifiziert.
+verify_ssh_key_success=SSH-Schlüssel „%s“ wurde verifiziert.
 subkeys=Unterschlüssel
 key_id=Schlüssel-ID
 key_name=Schlüsselname
@@ -906,12 +906,12 @@ oauth2_regenerate_secret=Geheimnis neu generieren
 oauth2_regenerate_secret_hint=Geheimnis verloren?
 oauth2_client_secret_hint=Das Geheimnis wird nach dem Verlassen oder Aktualisieren dieser Seite nicht mehr angezeigt. Bitte stelle sicher, dass du es gespeichert hast.
 oauth2_application_edit=Bearbeiten
-oauth2_application_create_description=OAuth2-Anwendungen geben deiner Drittanwendung Zugriff auf Benutzeraccounts dieser Forgejo-Instanz.
+oauth2_application_create_description=OAuth2-Anwendungen geben deiner Drittanwendung Zugriff auf Benutzerkonten dieser Forgejo-Instanz.
 oauth2_application_remove_description=Das Entfernen einer OAuth2-Anwendung hat zur Folge, dass diese nicht mehr auf autorisierte Benutzeraccounts auf dieser Instanz zugreifen kann. Möchtest Du fortfahren?
 oauth2_application_locked=Wenn es in der Konfiguration aktiviert ist, registriert Forgejo einige OAuth2-Anwendungen beim Starten vor. Um unerwartetes Verhalten zu verhindern, können diese weder bearbeitet noch entfernt werden. Weitere Informationen findest Du in der OAuth2-Dokumentation.
 
 authorized_oauth2_applications=Autorisierte OAuth2-Anwendungen
-authorized_oauth2_applications_description=Den folgenden Drittanbieter-Apps hast du Zugriff auf deinen persönlichen Forgejo-Account gewährt. Bitte widerrufe die Autorisierung für Apps, die nicht länger verwendet werden.
+authorized_oauth2_applications_description=Den folgenden Drittanbieter-Apps hast du Zugriff auf dein persönliches Forgejo-Konto gewährt. Bitte widerrufe die Autorisierung für Apps, die nicht länger verwendet werden.
 revoke_key=Widerrufen
 revoke_oauth2_grant=Autorisierung widerrufen
 revoke_oauth2_grant_description=Wenn du die Autorisierung widerrufst, kann die Anwendung nicht mehr auf deine Daten zugreifen. Bist du dir sicher?
@@ -926,7 +926,7 @@ twofa_scratch_token_regenerated=Dein einmalig verwendbarer Wiederherstellungssch
 twofa_enroll=Zwei-Faktor-Authentifizierung aktivieren
 twofa_disable_note=Du kannst die Zwei-Faktor-Authentifizierung auch wieder deaktivieren.
 twofa_disable_desc=Wenn du die Zwei-Faktor-Authentifizierung deaktivierst, wird die Sicherheit deines Kontos verringert. Fortfahren?
-regenerate_scratch_token_desc=Wenn du deinen Wiederherstellungsschlüssel verlegst oder es bereits benutzt hast, kannst du es hier zurücksetzen.
+regenerate_scratch_token_desc=Wenn du deinen Wiederherstellungsschlüssel verlegst oder ihn bereits benutzt hast, kannst du ihn hier zurücksetzen.
 twofa_disabled=Zwei-Faktor-Authentifizierung wurde deaktiviert.
 scan_this_image=Scanne diese Grafik mit deiner Authentifizierungs-App:
 or_enter_secret=Oder gib das Geheimnis ein: %s
@@ -941,12 +941,12 @@ webauthn_nickname=Nickname
 webauthn_delete_key=Sicherheitsschlüssel entfernen
 webauthn_delete_key_desc=Wenn du einen Sicherheitsschlüssel entfernst, kannst du dich nicht mehr mit ihm anmelden. Fortfahren?
 
-manage_account_links=Verknüpfte Accounts
+manage_account_links=Verknüpfte Konten
 manage_account_links_desc=Diese externen Accounts sind mit deinem Forgejo-Account verknüpft.
-link_account=Account verbinden
-remove_account_link=Verknüpften Account entfernen
-remove_account_link_desc=Wenn du den verknüpften Account entfernst, wirst du darüber nicht mehr auf deinen Forgejo-Account zugreifen können. Fortfahren?
-remove_account_link_success=Der verknüpfte Account wurde entfernt.
+link_account=Konto verbinden
+remove_account_link=Verknüpftes Konto entfernen
+remove_account_link_desc=Wenn du das verknüpfte Konto entfernst, wirst du darüber nicht mehr auf dein Forgejo-Konto zugreifen können. Fortfahren?
+remove_account_link_success=Das verknüpfte Konto wurde entfernt.
 
 hooks.desc=Webhooks hinzufügen, die für <strong>alle Repositorys</strong>, die dir gehören, ausgelöst werden.
 
@@ -955,7 +955,7 @@ repos_none=Du besitzt keine Repositorys.
 
 delete_account=Konto löschen
 delete_prompt=Wenn du fortfährst, wird dein Account permanent gelöscht. Dies <strong>KANN NICHT</strong> rückgängig gemacht werden.
-delete_with_all_comments=Dein Account existiert seit weniger als %s. Um Geisterkommentare zu vermeiden, werden alle deine Issue/PR-Kommentare gelöscht.
+delete_with_all_comments=Dein Konto existiert seit weniger als %s. Um Geisterkommentare zu vermeiden, werden alle deine Issue/PR-Kommentare gelöscht.
 confirm_delete_account=Löschen bestätigen
 delete_account_title=Benutzerkonto löschen
 delete_account_desc=Bist du sicher, dass du diesen Account dauerhaft löschen möchtest?
@@ -994,12 +994,12 @@ keep_activity_private.description = Deine <a href="%s">öffentliche Aktivität</
 language.localization_project = Hilf uns, Forgejo in deine Sprache zu übersetzen! <a href="%s">Mehr erfahren</a>.
 language.description = Diese Sprache wird in deinem Konto gespeichert und standardmäßig nach dem Anmelden benutzt.
 user_block_yourself = Du kannst dich nicht selbst blockieren.
-change_username_redirect_prompt.with_cooldown.one = Der alte Benutzername ist nach einer Schutzzeit von einem Tag wieder für alle verfügbar. Du kannst den alten Benutzername während dieser Schutzzeit erneut beanspruchen.
-change_username_redirect_prompt.with_cooldown.few = Der alte Benutzername ist nach einer Schutzzeit von %[1]d Tagen wieder für alle verfügbar. Du kannst den alten Benutzername während dieser Schutzzeit erneut beanspruchen.
+change_username_redirect_prompt.with_cooldown.one = Der alte Benutzername ist nach einer Schutzzeit von einem Tag wieder für alle verfügbar. Du kannst den alten Benutzernamen während dieser Schutzzeit erneut beanspruchen.
+change_username_redirect_prompt.with_cooldown.few = Der alte Benutzername ist nach einer Schutzzeit von %[1]d Tagen wieder für alle verfügbar. Du kannst den alten Benutzernamen während dieser Schutzzeit erneut beanspruchen.
 keep_pronouns_private = Pronomen nur angemeldeten Nutzern anzeigen
 keep_pronouns_private.description = Dies verbirgt deine Pronomen von Besuchern, die nicht angemeldet sind.
 quota.sizes.assets.artifacts = Artefakte
-quota.applies_to_user = Die folgenden Quota-Regeln greifen für deinen Account
+quota.applies_to_user = Die folgenden Quota-Regeln greifen für dein Konto
 quota.sizes.assets.attachments.issues = Issue-Anhänge
 quota.rule.exceeded.helper = Die Gesamtgröße der Objekte für diese Regel hat die Quota überschritten.
 storage_overview = Speicherübersicht
@@ -1018,9 +1018,9 @@ quota.sizes.assets.all = Assets
 quota.sizes.assets.attachments.all = Anhänge
 quota.sizes.assets.packages.all = Pakete
 quota.sizes.wiki = Wiki
-regenerate_token_success = Der Token wurde regeneriert. Anwendungen, die ihn benutzen, haben nicht länger Zugriff auf deinen Account und müssen mit dem neuen Token aktualisiert werden.
+regenerate_token_success = Der Token wurde regeneriert. Anwendungen, die ihn benutzen, haben nicht länger Zugriff auf dein Konto und müssen mit dem neuen Token aktualisiert werden.
 access_token_regeneration = Zugangstoken regenerieren
-access_token_regeneration_desc = Einen Token zu regenerieren, wird den Zugriff auf deinen Account von Anwendungen, die ihn nutzen, zurückziehen. Dies kann nicht rückgängig gemacht werden. Fortsetzen?
+access_token_regeneration_desc = Einen Token zu regenerieren, wird den Zugriff auf dein Konto von Anwendungen, die ihn nutzen, zurückziehen. Dies kann nicht rückgängig gemacht werden. Fortsetzen?
 regenerate_token = Regenerieren
 ssh_token_help_ssh_agent = , oder, falls Sie einen SSH-Agenten benutzen (mit der Variable SSH_AUTH_SOCK gesetzt):
 
@@ -1058,12 +1058,12 @@ repo_desc=Beschreibung
 repo_desc_helper=Gib eine kurze Beschreibung an (optional)
 repo_lang=Sprache
 repo_gitignore_helper=Wähle .gitignore-Vorlagen aus
-repo_gitignore_helper_desc=Wähle aus einer Liste an Vorlagen für bekannte Sprachen, welche Dateien ignoriert werden sollen. Typische Artefakte, die durch die Build-Tools der gewählten Sprache generiert werden, sind standardmäßig Bestandteil der .gitignore.
+repo_gitignore_helper_desc=Wähle aus einer Liste an Vorlagen für bekannte Sprachen, welche Dateien ignoriert werden sollen. Typische Artefakte, die durch die Build-Werkzeuge der gewählten Sprache generiert werden, sind standardmäßig Bestandteil der .gitignore.
 issue_labels=Labels
 issue_labels_helper=Wähle eine Label-Sammlung
 license=Lizenz
 license_helper=Wähle eine Lizenz
-license_helper_desc=Eine Lizenz regelt, was andere mit deinem Code tun (oder nicht tun) können. Unsicher, welche für dein Projekt die richtige ist? Siehe <a target="_blank" rel="noopener noreferrer" href="%s">Choose a license</a>.
+license_helper_desc=Eine Lizenz regelt, was andere mit deinem Code tun (oder nicht tun) dürfen. Unsicher, welche für dein Projekt die richtige ist? Siehe <a target="_blank" rel="noopener noreferrer" href="%s">Choose a license</a>.
 readme=README
 readme_helper=Wähle eine README-Vorlage
 readme_helper_desc=Hier kannst du eine komplette Beschreibung für dein Projekt schreiben.
@@ -1079,7 +1079,7 @@ mirror_interval_invalid=Das Spiegel-Intervall ist ungültig.
 mirror_sync_on_commit=Synchronisieren, wenn Commits gepusht wurden
 mirror_address=Klonen via URL
 mirror_address_desc=Gib alle erforderlichen Anmeldedaten im Abschnitt „Authentifizierung“ ein.
-mirror_address_url_invalid=Die angegebene URL ist ungültig. Achte darauf, dass alle Komponenten der URL korrekt escaped wurden.
+mirror_address_url_invalid=Die angegebene URL ist ungültig. Achte darauf, dass alle Komponenten der URL korrekt escapt wurden.
 mirror_address_protocol_invalid=Die angegebene URL ist ungültig. Nur Orte mit „http(s)://“ oder „git://“ können fürs Spiegeln benutzt werden.
 mirror_lfs=Großdatei-Speicher (LFS)
 mirror_lfs_desc=Spiegeln von LFS-Dateien aktivieren.
@@ -1139,7 +1139,7 @@ template.one_item=Es muss mindestens ein Vorlagenelement ausgewählt werden
 template.invalid=Es muss ein Vorlagen-Repository ausgewählt werden
 
 archive.title=Dieses Repository ist archiviert. Du kannst Dateien ansehen und es klonen, kannst aber seinen Status nicht verändern, zum Beispiel nichts pushen, keine Issues eröffnen und keine Pull-Requests oder Kommentare erstellen.
-archive.title_date=Dieses Repository wurde am %s archiviert. Du kannst Dateien ansehen und es klonen, kannst aber seinen Status nicht verändern, zum Beispiel nichts pushen, und keine Issues eröffnen, oder Pull-Requests oder Kommentare erstellen.
+archive.title_date=Dieses Repository wurde am %s archiviert. Du kannst Dateien ansehen und es klonen, kannst aber seinen Status nicht verändern, zum Beispiel nichts pushen, und keine Issues eröffnen oder Pull-Requests oder Kommentare erstellen.
 form.reach_limit_of_creation_1=Du hast bereits dein Limit von %d Repository erreicht.
 form.reach_limit_of_creation_n=Du hast bereits dein Limit von %d Repositorys erreicht.
 form.name_reserved=Der Repository-Name „%s“ ist reserviert.
@@ -1669,7 +1669,7 @@ issues.due_date_added=hat %[2]s das Fälligkeitsdatum %[1]s hinzugefügt
 issues.due_date_modified=hat das Fälligkeitsdatum von %[2]s auf %[1]s %[3]s geändert
 issues.due_date_remove=hat %[2]s das Fälligkeitsdatum %[1]s entfernt
 issues.due_date_overdue=Überfällig
-issues.due_date_invalid=Das Fälligkeitsdatum ist ungültig oder außerhalb des zulässigen Bereichs. Bitte verwende das Format „jjjj-mm-tt“.
+issues.due_date_invalid=Das Fälligkeitsdatum ist ungültig oder außerhalb des zulässigen Bereichs. Bitte verwende das Format „JJJJ-MM-TT“.
 issues.dependency.title=Abhängigkeiten
 issues.dependency.issue_no_dependencies=Keine Abhängigkeiten gesetzt.
 issues.dependency.pr_no_dependencies=Keine Abhängigkeiten gesetzt.
@@ -1788,7 +1788,7 @@ pulls.remove_prefix=Präfix „<strong>%s</strong>“ entfernen
 pulls.data_broken=Dieser Pull-Requests ist kaputt, da Fork-Informationen gelöscht wurden.
 pulls.files_conflicted=Dieser Pull-Request hat Änderungen, die Konflikte mit dem Ziel-Branch haben.
 pulls.is_checking=Die Merge-Konfliktprüfung läuft noch. Bitte aktualisiere die Seite in wenigen Augenblicken.
-pulls.is_ancestor=Dieser Branch ist bereits im Zielbranch enthalten. Es existiert nichts zusammenzuführen.
+pulls.is_ancestor=Dieser Branch ist bereits im Zielbranch enthalten. Es existiert nichts zum Zusammenführen.
 pulls.is_empty=Die Änderungen an diesem Branch sind bereits auf dem Zielbranch. Dies wird ein leerer Commit sein.
 pulls.required_status_check_failed=Einige erforderliche Prüfungen waren nicht erfolgreich.
 pulls.required_status_check_missing=Einige erforderliche Prüfungen fehlen.
@@ -1826,9 +1826,9 @@ pulls.merge_commit_id=Die Merge-Commit-ID
 pulls.require_signed_wont_sign=Der Branch erfordert einen signierten Commit, aber dieser Merge wird nicht signiert
 
 pulls.invalid_merge_option=Du kannst diese Merge-Option auf diesen Pull-Request nicht anwenden.
-pulls.merge_conflict=Merge fehlgeschlagen: Beim Zusammenführen existierte ein Konflikt. Tipp: Probiere eine andere Strategie
+pulls.merge_conflict=Merge fehlgeschlagen: Beim Zusammenführen ist ein Konflikt entstanden. Tipp: Probiere eine andere Strategie
 pulls.merge_conflict_summary=Fehlermeldung
-pulls.rebase_conflict=Merge fehlgeschlagen: Es existierte ein Konflikt beim Rebasen des Commits: %[1]s. Tipp: Versuche eine andere Strategie
+pulls.rebase_conflict=Merge fehlgeschlagen: Es ist ein Konflikt beim Rebasen des Commits entstanden: %[1]s. Tipp: Versuche eine andere Strategie
 pulls.rebase_conflict_summary=Fehlermeldung
 pulls.unrelated_histories=Merge fehlgeschlagen: Der Head des Merges und die Basis haben keinen gemeinsamen Verlauf. Tipp: Versuche eine andere Strategie
 pulls.merge_out_of_date=Merge fehlgeschlagen: Während des Zusammenführens wurde die Basis aktualisiert. Tipp: Versuche es erneut.
@@ -2133,7 +2133,7 @@ settings.trust_model.collaborator.long=Mitarbeiter: Vertraue Signaturen von Mita
 settings.trust_model.collaborator.desc=Gültige Signaturen von Mitarbeitern dieses Projekts werden als „vertrauenswürdig“ markiert (egal, ob sie mit dem Committer übereinstimmen oder nicht). Andernfalls werden gültige Signaturen als „nicht vertrauenswürdig“ markiert, falls die Signatur zum Committer passt, ansonsten werden sie als „nicht übereinstimmend“ markiert.
 settings.trust_model.committer=Committer
 settings.trust_model.committer.long=Committer: Vertraue Signaturen, die zu Committern passen (dies stimmt mit GitHub überein und zwingt signierte Commits von Forgejo dazu, Forgejo als Committer zu haben)
-settings.trust_model.committer.desc=Gültige Signaturen werden nur dann als „vertrauenswürdig“ gekennzeichnet, wenn sie mit ihrem Committer übereinstimmen. Ansonsten werden sie als „nicht übereinstimmend“ markiert. Das führt dazu, dass Forgejo auf signierten Commits, bei denen der echte Committer als „Co-authored-by:“ oder „Co-committed-by:“ in der Beschreibung eingetragen wurde, als Committer gilt. Der Forgejo-Standard-Key muss zu einem Benutzer in der Datenbank passen.
+settings.trust_model.committer.desc=Gültige Signaturen werden nur dann als „vertrauenswürdig“ gekennzeichnet, wenn sie mit ihrem Committer übereinstimmen. Ansonsten werden sie als „nicht übereinstimmend“ markiert. Das führt dazu, dass Forgejo auf signierten Commits, bei denen der echte Committer als „Co-authored-by:“ oder „Co-committed-by:“ in der Beschreibung eingetragen wurde, als Committer gilt. Der Forgejo-Standard-Schlüssel muss zu einem Benutzer in der Datenbank passen.
 settings.trust_model.collaboratorcommitter=Mitarbeiter+Committer
 settings.trust_model.collaboratorcommitter.long=Mitarbeiter+Committer: Signaturen der Mitarbeiter vertrauen die mit dem Committer übereinstimmen
 settings.trust_model.collaboratorcommitter.desc=Gültige Signaturen von Mitarbeitern dieses Projekts werden als „vertrauenswürdig“ markiert, wenn sie mit dem Committer übereinstimmen. Andernfalls werden gültige Signaturen als „nicht vertrauenswürdig“ markiert, wenn die Signatur mit dem Committer übereinstimmt. Ansonsten werden sie als „nicht übereinstimmend“ markiert. Dies zwingt Forgejo, als Committer bei signierten Commits mit dem echten Committer als „Co-Authored-By:“ und „Co-Committed-By:“ im Commit zu markieren. Der Standard-Forgejo-Schlüssel muss mit einem Benutzer in der Datenbank übereinstimmen.
@@ -2254,7 +2254,7 @@ settings.event_pull_request_merge=Pull-Request-Merge
 settings.event_package=Paket
 settings.event_package_desc=Paket wurde in einem Repository erstellt oder gelöscht.
 settings.branch_filter=Branch-Filter
-settings.branch_filter_desc=Positivliste für Branches für Push-, Erzeugungs- und Löschevents, als glob-Pattern beschrieben. Es werden Events für alle Branches gemeldet, falls das Pattern <code>*</code> ist oder falls es leer ist. Siehe die <a href="%[1]s">%[2]s</a>-Dokumentation für die Syntax (Englisch). Beispiele: <code>master</code>, <code>{master,release*}</code>.
+settings.branch_filter_desc=Positivliste für Branches für Push-, Erzeugungs- und Löschevents, als Glob-Muster beschrieben. Es werden Ereignisse für alle Branches gemeldet, falls das Muster <code>*</code> ist oder falls es leer ist. Siehe die <a href="%[1]s">%[2]s</a>-Dokumentation für die Syntax (Englisch). Beispiele: <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header=Authorization-Header
 settings.authorization_header_desc=Wird, falls vorhanden, als Authorization-Header mitgesendet. Beispiele: %s.
 settings.active=Aktiv
@@ -2286,9 +2286,9 @@ settings.web_hook_name_packagist=Packagist
 settings.packagist_username=Benutzername für Packagist
 settings.packagist_api_token=API-Token
 settings.packagist_package_url=Paket-URL
-settings.deploy_keys=Deploy-Keys
-settings.add_deploy_key=Deploy-Key hinzufügen
-settings.deploy_key_desc=Deploy-Keys können Nur-Lese-Zugriff oder Lese- und Schreibzugriff auf das Repository haben.
+settings.deploy_keys=Deploy-Schlüssel
+settings.add_deploy_key=Deploy-Schlüssel hinzufügen
+settings.deploy_key_desc=Deploy-Schlüssel können Nur-Lese-Zugriff oder Lese-und-Schreib-Zugriff auf das Repository haben.
 settings.is_writable=Erlaube Schreibzugriff
 settings.is_writable_info=Erlaube diesem Deploy-Key auf das Repository zu <strong>pushen</strong>.
 settings.no_deploy_keys=Noch keine Deploy-Keys vorhanden.
@@ -2296,8 +2296,8 @@ settings.title=Titel
 settings.deploy_key_content=Inhalt
 settings.key_been_used=Ein Deploy-Key mit identischem Inhalt wird bereits verwendet.
 settings.key_name_used=Ein Deploy-Key mit diesem Namen existiert bereits.
-settings.add_key_success=Der Deploy-Key „%s“ wurde erfolgreich hinzugefügt.
-settings.deploy_key_deletion=Deploy-Key löschen
+settings.add_key_success=Der Deploy-Schlüssel „%s“ wurde erfolgreich hinzugefügt.
+settings.deploy_key_deletion=Deploy-Schlüssel löschen
 settings.deploy_key_deletion_desc=Nach dem Löschen wird dieser Deploy-Key keinen Zugriff mehr auf dieses Repository haben. Fortfahren?
 settings.deploy_key_deletion_success=Der Deploy-Key wurde entfernt.
 settings.branches=Branches
@@ -2313,7 +2313,7 @@ settings.protect_enable_merge=Merge aktivieren
 settings.protect_enable_merge_desc=Jeder mit Schreibzugriff darf die Pull-Requests in diesen Branch zusammenführen.
 settings.protect_whitelist_committers=Positivlisten-eingeschränkter Push
 settings.protect_whitelist_committers_desc=Jeder, der auf der Whitelist steht, darf in diesen Branch pushen (aber kein Force-Push).
-settings.protect_whitelist_deploy_keys=Deploy-Key mit Schreibzugriff zum Pushen whitelisten.
+settings.protect_whitelist_deploy_keys=Deploy-Schlüssel mit Schreibzugriff zum Pushen auf die Positivliste setzen.
 settings.protect_whitelist_users=Nutzer, die pushen dürfen
 settings.protect_whitelist_teams=Teams, die pushen dürfen
 settings.protect_merge_whitelist_committers=Merge-Positivliste aktivieren
@@ -2323,10 +2323,10 @@ settings.protect_merge_whitelist_teams=Teams, die zusammenführen dürfen
 settings.protect_check_status_contexts=Statusprüfung aktivieren
 settings.protect_status_check_patterns=Statuscheck-Muster
 settings.protect_status_check_patterns_desc=Gib Muster ein, um festzulegen, welche Statusüberprüfungen durchgeführt werden müssen, bevor Branches in einen Branch, der dieser Regel entspricht, zusammenführen werden können. Jede Zeile gibt ein Muster an. Muster dürfen nicht leer sein.
-settings.protect_check_status_contexts_desc=Vor dem Zusammenführen müssen Statusprüfungen bestanden werden. Wähle aus, welche Statusprüfungen erfolgreich durchgeführt werden müssen, bevor Branches in einen anderen zusammengeführt werden können, der dieser Regel entspricht. Wenn aktiviert, müssen Commits zuerst auf einen anderen Branch gepusht werden, dann nach bestandener Statusprüfung gemergt oder direkt auf einen Branch gepusht werden, der dieser Regel entspricht. Wenn kein Kontext ausgewählt ist, muss der letzte Commit unabhängig vom Kontext erfolgreich sein.
+settings.protect_check_status_contexts_desc=Vor dem Zusammenführen müssen Statusprüfungen bestanden werden. Wähle aus, welche Statusprüfungen erfolgreich durchgeführt werden müssen, bevor Branches in einen anderen zusammengeführt werden können, der dieser Regel entspricht. Wenn aktiviert, müssen Commits zuerst auf einen anderen Branch gepusht werden, dann nach bestandener Statusprüfung zusammengeführt oder direkt auf einen Branch gepusht werden, der dieser Regel entspricht. Wenn kein Kontext ausgewählt ist, muss der letzte Commit unabhängig vom Kontext erfolgreich sein.
 settings.protect_check_status_contexts_list=Statusprüfungen, die in der letzten Woche für dieses Repository gefunden wurden
 settings.protect_status_check_matched=Übereinstimmung
-settings.protect_invalid_status_check_pattern=Ungültiges Statusprüfungspattern: „%s“.
+settings.protect_invalid_status_check_pattern=Ungültiges Statusprüfungsmuster: „%s“.
 settings.protect_no_valid_status_check_patterns=Keine gültigen Statuscheck-Muster.
 settings.protect_required_approvals=Erforderliche Genehmigungen
 settings.protect_required_approvals_desc=Erlaube das Zusammenführen des Pull-Requests nur mit genügend positiven Sichtungen.
@@ -2340,7 +2340,7 @@ settings.require_signed_commits=Signierte Commits erforderlich
 settings.require_signed_commits_desc=Pushes auf diesen Branch ablehnen, wenn Commits nicht signiert oder nicht überprüfbar sind.
 settings.protect_branch_name_pattern=Muster für geschützte Branchnamen
 settings.protect_patterns=Muster
-settings.protect_protected_file_patterns=Geschützte Dateimuster (durch Semikolon „;“ getrennt)
+settings.protect_protected_file_patterns=Muster für geschützte Dateien (durch Semikolon „;“ getrennt)
 settings.protect_protected_file_patterns_desc=Geschützte Dateien dürfen nicht direkt geändert werden, auch wenn der Benutzer Rechte hat, Dateien in diesem Branch hinzuzufügen, zu bearbeiten oder zu löschen. Mehrere Muster können mit Semikolon („;“) getrennt werden. Siehe <a href="%s">%s</a>-Dokumentation zur Mustersyntax. Beispiele: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns=Ungeschützte Dateimuster (durch Semikolon „;“ getrennt)
 settings.protect_unprotected_file_patterns_desc=Ungeschützte Dateien, die direkt geändert werden dürfen, wenn der Benutzer Schreibzugriff hat, können die Push-Beschränkung umgehen. Mehrere Muster können mit Semikolon („;“) getrennt werden. Siehe <a href="%[1]s">%[2]s</a>-Dokumentation zur Mustersyntax. Beispiele: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
@@ -2350,13 +2350,13 @@ settings.remove_protected_branch_failed=Entfernen der Branchschutzregel „%s“
 settings.protected_branch_deletion=Branch-Schutz löschen
 settings.protected_branch_deletion_desc=Wenn du den Branch-Schutz deaktivierst, können alle Nutzer mit Schreibrechten auf den Branch pushen. Fortfahren?
 settings.block_rejected_reviews=Zusammenführung bei abgelehnten Sichtungen blockieren
-settings.block_rejected_reviews_desc=Merge ist nicht möglich, wenn Änderungen durch offizielle Prüfer angefragt werden, auch wenn genügend Genehmigungen existieren.
+settings.block_rejected_reviews_desc=Zusammenführen ist nicht möglich, wenn Änderungen durch offizielle Prüfer angefragt werden, auch wenn genügend Genehmigungen existieren.
 settings.block_on_official_review_requests=Merge bei offiziellen Sichtungsanfragen blockieren
 settings.block_on_official_review_requests_desc=Merge ist nicht möglich, wenn offizielle Sichtungsanfrangen vorliegen, selbst wenn genügend Genehmigungen existieren.
 settings.block_outdated_branch=Merge blockieren, wenn der Pull-Request veraltet ist
 settings.block_outdated_branch_desc=Merge ist nicht möglich, wenn der Head-Branch hinter dem Basis-Branch ist.
 settings.default_branch_desc=Wähle einen Standardbranch für Pull-Requests und Code-Commits:
-settings.merge_style_desc=Merge-Styles
+settings.merge_style_desc=Merge-Stile
 settings.default_merge_style_desc=Standard-Mergeverhalten
 settings.choose_branch=Branch wählen …
 settings.no_protected_branch=Es gibt keine geschützten Branches.
@@ -2615,7 +2615,7 @@ pulls.cmd_instruction_hint = Anweisungen für die Kommandozeile betrachten
 pulls.cmd_instruction_checkout_title = Auschecken
 wiki.cancel = Abbrechen
 settings.wiki_globally_editable = Allen erlauben, das Wiki zu bearbeiten
-settings.protect_branch_name_pattern_desc = Geschützte Branch-Namens-Patterns. Siehe <a href="%s">die Dokumentation</a> für Pattern-Syntax. Beispiele: main, release/**
+settings.protect_branch_name_pattern_desc = Namensmuster für geschützte Branches. Siehe <a href="%s">die Dokumentation</a> für Mustersyntax. Beispiele: main, release/**
 settings.ignore_stale_approvals = Abgestandene Genehmigungen ignorieren
 settings.ignore_stale_approvals_desc = Genehmigungen, welche für ältere Commits gemacht wurden (abgestandene Sichtungen), nicht in die Gesamtzahl der Genehmigung des PRs mitzählen. Irrelevant, falls abgestandene Sichtungen bereits verworfen werden.
 pulls.commit_ref_at = `referenzierte diesen Pull-Request aus einem Commit %s`
@@ -2685,11 +2685,11 @@ settings.federation_following_repos = URLs folgender Repositorys. Durch „;“
 settings.federation_not_enabled = Föderation ist auf deiner Instanz nicht aktiviert.
 settings.federation_apapiurl = Föderations-URL dieses Repositorys. Kopiere sie und füge sie in die Föderationseinstellungen eines anderen Repositorys als URL eines folgenden Repositorys ein.
 project = Projekte
-comments.edit.already_changed = Die Änderungen an diesem Kommentar können nicht gespeichert werden. Es scheint, als seien die Inhalte bereits durch einen anderen Benutzer verändert worden. Bitte die Seite neu laden und das Bearbeiten erneut versuchen, um deren Änderungen nicht zu überschreiben
+comments.edit.already_changed = Die Änderungen an diesem Kommentar können nicht gespeichert werden. Es scheint, als seien die Inhalte bereits durch einen anderen Benutzer verändert worden. Bitte die Seite neu laden und das Bearbeiten erneut versuchen, um dessen Änderungen nicht zu überschreiben
 issues.edit.already_changed = Die Änderungen an diesem Issue können nicht gespeichert werden. Es scheint, als seien die Inhalte bereits durch einen anderen Benutzer verändert worden. Bitte die Seite neu laden und das Bearbeiten erneut versuchen, um deren Änderungen nicht zu überschreiben
-pulls.edit.already_changed = Die Änderungen an diesem Pull-Request können nicht gespeichert werden. Es scheint, als seien die Inhalte bereits durch einen anderen Benutzer verändert worden. Bitte die Seite neu laden und das Bearbeiten erneut versuchen, um deren Änderungen nicht zu überschreiben
-subscribe.pull.guest.tooltip = Einloggen, um diesen Pull-Request zu abbonieren.
-subscribe.issue.guest.tooltip = Einloggen, um dieses Issue zu abbonieren.
+pulls.edit.already_changed = Die Änderungen an diesem Pull-Request können nicht gespeichert werden. Es scheint, als seien die Inhalte bereits durch einen anderen Benutzer verändert worden. Bitte die Seite neu laden und das Bearbeiten erneut versuchen, um dessen Änderungen nicht zu überschreiben
+subscribe.pull.guest.tooltip = Anmelden, um diesen Pull-Request zu abbonieren.
+subscribe.issue.guest.tooltip = Anmelden, um dieses Issue zu abbonieren.
 issues.author.tooltip.pr = Dieser Benutzer ist der Autor dieses Pull-Requests.
 issues.author.tooltip.issue = Dieser Benutzer ist der Autor dieses Issues.
 activity.commit = Commit-Aktivität
@@ -2732,7 +2732,7 @@ issues.num_reviews_one = %d Sichtung
 issues.summary_card_alt = Zusammenfassung eines Issues mit dem Titel „%s“ im Repository %s
 issues.num_reviews_few = %d Sichtungen
 editor.add_tmpl.filename = Dateiname
-settings.default_update_style_desc = Standard-Aktualisierungsart um Pull-Requests zu aktualisieren, die hinter dem Base-Branch sind.
+settings.default_update_style_desc = Standard-Aktualisierungsart, um Pull-Requests zu aktualisieren, die hinter dem Base-Branch sind.
 new_advanced = Erweiterte Einstellungen
 new_advanced_expand = Zum Ausklappen klicken
 pulls.sign_in_require = <a href="%s">Anmelden</a>, um einen neuen Pull-Request zu erstellen.
@@ -2758,8 +2758,8 @@ issues.filter_no_results_placeholder = Versuche, deine Suchfilter anzupassen.
 migrate.repo_desc_helper = Leer lassen, um vorhandene Beschreibung zu importieren
 archive.nocomment = Kommentieren ist nicht möglich, da das Repository archiviert ist.
 comment.blocked_by_user = Kommentieren ist nicht möglich, da du vom Repository-Besitzer oder vom Autor blockiert wurdest.
-sync_fork.branch_behind_one = Dieser Branch ist %[1]d Commit hinter %[2]s
-sync_fork.branch_behind_few = Dieser Branch ist %[1]d Commits hinter %[2]s
+sync_fork.branch_behind_one = Dieser Branch hinkt %[1]d Commit hinter %[2]s
+sync_fork.branch_behind_few = Dieser Branch hinkt %[1]d Commits hinter %[2]s
 sync_fork.button = Sync
 settings.event_action_failure_desc = Action-Run endete im Fehlschlag.
 settings.event_action_success_desc = Action-Run war erfolgreich.
@@ -2944,11 +2944,11 @@ dashboard.delete_inactive_accounts.started=Löschen aller nicht aktivierten Acco
 dashboard.delete_repo_archives=Lösche alle Repository-Archive (ZIP, TAR.GZ, etc.)
 dashboard.delete_repo_archives.started=Löschen aller Repository-Archive gestartet.
 dashboard.delete_missing_repos=Alle Repository-Datensätze mit verloren gegangenen Git-Dateien löschen
-dashboard.delete_missing_repos.started=Alle Repositorys löschen, die den Git-File-Task nicht gestartet haben.
+dashboard.delete_missing_repos.started=Alle Repositorys löschen, die den Git-Dateien-Task nicht gestartet haben.
 dashboard.delete_generated_repository_avatars=Generierte Repository-Avatare löschen
 dashboard.sync_repo_branches=Fehlende Branches aus den Git-Daten in die Datenbank synchronisieren
 dashboard.update_mirrors=Spiegel aktualisieren
-dashboard.repo_health_check=Healthchecks für alle Repositorys ausführen
+dashboard.repo_health_check=Health-Prüfungen für alle Repositorys ausführen
 dashboard.check_repo_stats=Überprüfe alle Repository-Statistiken
 dashboard.archive_cleanup=Alte Repository-Archive löschen
 dashboard.deleted_branches_cleanup=Gelöschte Branches bereinigen
@@ -2971,13 +2971,13 @@ dashboard.pointer_lookup_times=Anzahl Zeigerlookups
 dashboard.memory_allocate_times=Speicheranforderungen
 dashboard.memory_free_times=Speicherfreigaben
 dashboard.current_heap_usage=Aktuelle Heap-Auslastung
-dashboard.heap_memory_obtained=Erhaltener Heap-Memory
-dashboard.heap_memory_idle=Unbenutzter Heap-Memory
-dashboard.heap_memory_in_use=Benutzter-Heap-Memory
-dashboard.heap_memory_released=Freigegebener Heap-Memory
+dashboard.heap_memory_obtained=Erhaltener Heap-Arbeitsspeicher
+dashboard.heap_memory_idle=Unbenutzter Heap-Arbeitsspeicher
+dashboard.heap_memory_in_use=Benutzter-Heap-Arbeitsspeicher
+dashboard.heap_memory_released=Freigegebener Heap-Arbeitsspeicher
 dashboard.heap_objects=Heap-Objekte
 dashboard.bootstrap_stack_usage=Bootstrap-Stack-Auslastung
-dashboard.stack_memory_obtained=Erhaltener Stack-Memory
+dashboard.stack_memory_obtained=Erhaltener Stack-Arbeitsspeicher
 dashboard.mspan_structures_usage=MSpan-Structures-Auslastung
 dashboard.mspan_structures_obtained=Erhaltene MSpan-Structures
 dashboard.mcache_structures_usage=MCache-Structures-Auslastung
@@ -3003,7 +3003,7 @@ dashboard.sync_branch.started=Synchronisierung der Branches gestartet
 dashboard.rebuild_issue_indexer=Issue-Indexer neu bauen
 
 users.user_manage_panel=Benutzerkonten verwalten
-users.new_account=Benutzeraccount erstellen
+users.new_account=Benutzerkonto erstellen
 users.name=Benutzername
 users.full_name=Vollständiger Name
 users.activated=Aktiviert
@@ -3018,7 +3018,7 @@ users.created=Registriert am
 users.last_login=Letzte Anmeldung
 users.never_login=Hat sich noch nie eingeloggt
 users.send_register_notify=Benachrichtigung über Registrierung per E-Mail
-users.new_success=Der Account „%s“ wurde erstellt.
+users.new_success=Das Konto „%s“ wurde erstellt.
 users.edit=Bearbeiten
 users.auth_source=Authentifizierungsquelle
 users.local=Lokal
@@ -3028,10 +3028,10 @@ users.update_profile_success=Das Benutzerkonto wurde aktualisiert.
 users.edit_account=Benutzerkonto bearbeiten
 users.max_repo_creation=Maximale Anzahl an Repositorys
 users.max_repo_creation_desc=(Gib -1 ein, um das globale Standardlimit zu verwenden.)
-users.is_activated=Aktivierter Account
-users.prohibit_login=Gesperrter Account
-users.is_admin=Administrator-Account
-users.is_restricted=Eingeschränkter Account
+users.is_activated=Aktiviertes Konto
+users.prohibit_login=Gesperrtes Konto
+users.is_admin=Administrator-Konto
+users.is_restricted=Eingeschränktes Konto
 users.allow_git_hook=Kann Git-Hooks erstellen
 users.allow_git_hook_tooltip=Git-Hooks werden mit denselben Benutzer-Rechten ausgeführt, mit denen Forgejo läuft, und haben die gleiche Ebene von Host-Zugriff. Dadurch können Benutzer mit diesen speziellen Git-Hook-Rechten auf alle Forgejo-Repositorys sowie auf die von Forgejo verwendete Datenbank zugreifen und diese ändern. Auch das Erhalten von Administratorrechten für Forgejo ist möglich.
 users.allow_import_local=Kann lokale Repositorys importieren
@@ -3054,8 +3054,8 @@ users.list_status_filter.is_admin=Administrator
 users.list_status_filter.not_admin=Nicht-Administrator
 users.list_status_filter.is_restricted=Eingeschränkt
 users.list_status_filter.not_restricted=Unbegrenzt
-users.list_status_filter.is_prohibit_login=Login verbieten
-users.list_status_filter.not_prohibit_login=Login erlaubt
+users.list_status_filter.is_prohibit_login=Anmelden verbieten
+users.list_status_filter.not_prohibit_login=Anmelden erlaubt
 users.list_status_filter.is_2fa_enabled=2FA aktiviert
 users.list_status_filter.not_2fa_enabled=2FA deaktiviert
 users.details=Benutzerdetails
@@ -3102,12 +3102,12 @@ packages.size=Größe
 packages.published=Veröffentlicht
 
 defaulthooks=Standard-Webhooks
-defaulthooks.desc=Webhooks senden automatisch HTTP-POST-Anfragen an einen Server, wenn bestimmte Forgejo-Events ausgelöst werden. Hier definierte Webhooks sind die Standardwerte, die in alle neuen Repositorys kopiert werden. Mehr Infos findest du in der <a target="_blank" rel="noopener" href="%s">Webhooks-Anleitung</a> (auf Englisch).
+defaulthooks.desc=Webhooks senden automatisch HTTP-POST-Anfragen an einen Server, wenn bestimmte Forgejo-Ereignisse ausgelöst werden. Hier definierte Webhooks sind die Standardwerte, die in alle neuen Repositorys kopiert werden. Mehr Infos findest du in der <a target="_blank" rel="noopener" href="%s">Webhooks-Anleitung</a> (auf Englisch).
 defaulthooks.add_webhook=Standard-Webhook hinzufügen
 defaulthooks.update_webhook=Standard-Webhook aktualisieren
 
 systemhooks=System-Webhooks
-systemhooks.desc=Webhooks senden automatisch HTTP-POST-Anfragen an einen Server, wenn bestimmte Forgejo-Events ausgelöst werden. Hier definierte Webhooks werden auf alle Repositorys des Systems übertragen, beachte daher mögliche Performance-Einbrüche. Mehr Infos findest du in der <a target="_blank" rel="noopener" href="%s">Webhooks-Anleitung</a> (auf Englisch).
+systemhooks.desc=Webhooks senden automatisch HTTP-POST-Anfragen an einen Server, wenn bestimmte Forgejo-Ereignisse ausgelöst werden. Hier definierte Webhooks werden auf alle Repositorys des Systems übertragen, beachte daher mögliche Performance-Einbrüche. Mehr Infos findest du in der <a target="_blank" rel="noopener" href="%s">Webhooks-Anleitung</a> (auf Englisch).
 systemhooks.add_webhook=System-Webhook hinzufügen
 systemhooks.update_webhook=System-Webhook aktualisieren
 
@@ -3142,9 +3142,9 @@ auths.search_page_size=Seitengröße
 auths.filter=Benutzerfilter
 auths.admin_filter=Admin-Filter
 auths.restricted_filter=Eingeschränkte Filter
-auths.restricted_filter_helper=Leer lassen, um keine Benutzer als eingeschränkt festzulegen. Verwende einen Asterisk („*“), um alle Benutzer, die nicht dem Admin-Filter entsprechen, als eingeschränkt zu setzen.
+auths.restricted_filter_helper=Leer lassen, um keine Benutzer als eingeschränkt festzulegen. Verwende ein Sternchen („*“), um alle Benutzer, die nicht dem Admin-Filter entsprechen, als eingeschränkt zu setzen.
 auths.verify_group_membership=Gruppenmitgliedschaft in LDAP verifizieren (zum Überspringen leer lassen)
-auths.group_search_base=Gruppensuche Basisdomainname
+auths.group_search_base=Gruppensuche-Basisdomainname
 auths.group_attribute_list_users=Gruppenattribut, welches Benutzerliste enthält
 auths.user_attribute_in_group=Benutzerattribut in der Gruppenliste
 auths.map_group_to_team=Ordne LDAP-Gruppen Organisationsteams zu (zum Überspringen leer lassen)
@@ -3175,7 +3175,7 @@ auths.oauth2_authURL=Authorisierungs-URL
 auths.oauth2_profileURL=Profil-URL
 auths.oauth2_emailURL=E-Mail-URL
 auths.skip_local_two_fa=Lokale 2FA überspringen
-auths.skip_local_two_fa_helper=Das Leerlassen bedeutet, dass lokale User die 2FA immer noch bestehen müssen, um sich anzumelden
+auths.skip_local_two_fa_helper=Leerlassen bedeutet, dass lokale Benutzer die 2FA weiterhin durchführen müssen, um sich anzumelden
 auths.oauth2_tenant=Inhaber
 auths.oauth2_scopes=Zusätzliche Bereiche
 auths.oauth2_required_claim_name=Benötigter Claim-Name
@@ -3192,7 +3192,7 @@ auths.tips.oauth2.general=OAuth2-Authentifizierung
 auths.tips.oauth2.general.tip=Beim Registrieren einer OAuth2-Anwendung sollte die Callback-URL folgendermaßen lauten:
 auths.tip.oauth2_provider=OAuth2-Anbieter
 auths.tip.bitbucket=Registriere einen neuen OAuth-Consumer unter %s
-auths.tip.nextcloud=Registriere einen neuen OAuth-Consumer auf deiner Instanz über das folgende Menü: „Settings -> Security -> OAuth 2.0 client“
+auths.tip.nextcloud=Registriere einen neuen OAuth-Consumer auf deiner Instanz über das folgende Menü: „Einstellungen -> Sicherheit -> OAuth-2.0-Client“
 auths.tip.dropbox=Erstelle eine neue App auf %s
 auths.tip.facebook=Erstelle eine neue Anwendung auf %s und füge das Produkt „Facebook Login“ hinzu
 auths.tip.github=Registriere unter %s eine neue OAuth-Anwendung
@@ -3434,7 +3434,7 @@ users.block.description = Diesem Benutzer verbieten, durch sein Konto mit diesem
 users.restricted.description = Nur Interaktionen mit den Repositorys und Organisationen erlauben, wo der Benutzer als Mitarbeiter hinzugefügt wurde. Dies verhindert Zugriff auf öffentliche Repositorys in dieser Instanz.
 users.local_import.description = Import von Repositorys aus dem lokalen Dateisystem des Servers erlauben. Dies kann ein Sicherheitsproblem sein.
 users.organization_creation.description = Erstellung neuer Organisationen erlauben.
-users.activated.description = Abschluss der E-Mail-Verifizierung. Der Besitzer eines nicht aktivierten Accounts wird nicht in der Lage sein, sich einzuloggen, bis die E-Mail-Verifikation abgeschlossen wurde.
+users.activated.description = Abschluss der E-Mail-Verifizierung. Der Besitzer eines nicht aktivierten Kontos wird nicht in der Lage sein, sich anzumelden, bis die E-Mail-Verifikation abgeschlossen wurde.
 users.admin.description = Diesem Benutzer vollständigen Zugriff zu allen administrativen Funktionen gewähren, die über das Web-UI und die API verfügbar sind.
 emails.delete = E-Mail-Adresse löschen
 emails.deletion_success = Die E-Mail-Adresse wurde gelöscht.
@@ -3696,7 +3696,7 @@ arch.version.provides = Bietet
 arch.version.groups = Gruppe
 arch.version.depends = Hängt ab von
 arch.version.makedepends = Make-Abhängigkeit
-arch.version.checkdepends = Check-Abhängigkeit
+arch.version.checkdepends = Prüfungs-Abhängigkeit
 arch.version.conflicts = Konflikte
 arch.version.replaces = Ersetzt
 arch.version.backup = Backup
@@ -3869,7 +3869,7 @@ exact_tooltip = Nur Ergebnisse einbinden, die auf den exakten Suchbegriff passen
 issue_kind = Issues suchen …
 pull_kind = Pulls suchen …
 union = Vereinigungsmenge
-union_tooltip = Ergebnisse, die auf ein beliebiges von den Whitespace getrennten Schlüsselwörtern passen, einbinden
+union_tooltip = Ergebnisse einbeziehen, die auf ein beliebiges der durch Leerzeichen getrennten Schlüsselwörter passen
 regexp = RegExp
 regexp_tooltip = Suchbegriff als regulären Ausdruck interpretieren
 
@@ -3903,7 +3903,7 @@ wiki.read = <b>Lesen:</b> Das integrierte Wiki und seine Historie lesen.
 wiki.write = <b>Schreiben:</b> Seiten im integrierten Wiki erstellen, aktualisieren und löschen.
 projects.read = <b>Lesen:</b> Zugriff auf Projektboards des Repositorys.
 projects.write = <b>Schreiben:</b> Projekte und Spalten erstellen und bearbeiten.
-packages.read = <b>Lesen:</b> Pakete dieses Repositorys betrachten und herunterladen.
+packages.read = <b>Lesen:</b> Pakete dieses Repositorys einsehen und herunterladen.
 packages.write = <b>Schreiben:</b> Pakete dieses Repositorys veröffentlichen und löschen.
 actions.read = <b>Lesen:</b> Workflow-Ausführungen und ihre Logs betrachten.
 actions.write = <b>Schreiben:</b> Workflows auslösen, neu starten und abbrechen. Vertrauensdelegation an Pull-Request-Einreicher verwalten.
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 065dc85b98..bf87086762 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -2955,7 +2955,7 @@ dashboard.update_migration_poster_id=Ενημέρωση των ID συντακτ
 dashboard.git_gc_repos=Garbage collect όλων των αποθετηρίων
 dashboard.resync_all_sshkeys=Ενημέρωση του αρχείου «.ssh/authorized_keys» με τα κλειδιά SSH του Forgejo.
 dashboard.resync_all_sshprincipals=Ενημέρωση του αρχείου «.ssh/authorized_principals» με τις αρχές SSH του Forgejo.
-dashboard.resync_all_hooks=Επανασυγχρονισμός των hook pre-receive, update και post-receive όλων των αποθετηρίων
+dashboard.resync_all_hooks=Επανασυγχρονισμός των Git hook όλων των αποθετηρίων (pre-receive, update, post-receive, proc-receive, …)
 dashboard.reinit_missing_repos=Επανεκκινήστε όλα τα αποθετήρια Git που λείπουν και για τα οποία υπάρχουν εγγραφές
 dashboard.sync_external_users=Συγχρονισμός δεδομένων εξωτερικών χρηστών
 dashboard.cleanup_hook_task_table=Εκκαθάριση πίνακα hook_task
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 224864c24a..1d47d0847f 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -178,8 +178,8 @@ contributions_format = {contributions} el {day} {month} {year}
 
 [editor]
 buttons.heading.tooltip=Añadir encabezado
-buttons.bold.tooltip=Añadir texto en negrita
-buttons.italic.tooltip=Añadir texto en cursiva
+buttons.bold.tooltip=Añadir texto en negrita (Ctrl+B / ⌘B)
+buttons.italic.tooltip=Añadir texto en cursiva (Ctrl+I / ⌘I)
 buttons.quote.tooltip=Citar texto
 buttons.code.tooltip=Añadir código
 buttons.link.tooltip=Añadir un enlace
@@ -1022,6 +1022,7 @@ regenerate_token_success = El token se ha regenerado. Las aplicaciones que lo ut
 quota.applies_to_user = Las siguientes reglas de cuota se aplican a tu cuenta
 quota.applies_to_org = Las siguientes reglas de cuota se aplican a esta organización
 quota.rule.exceeded.helper = El tamaño total de los objetos para esta regla ha superado la cuota.
+ssh_token_help_ssh_agent = o, si está usando un agente SSH (con la variable de entorno SSH_AUTH_SOCK):
 
 [repo]
 owner=Propietario
@@ -1628,8 +1629,8 @@ issues.lock.notice_3=- Siempre puede desbloquear esta incidencia de nuevo en el
 issues.unlock.notice_1=- Todos podrían comentar esta incidencia de nuevo.
 issues.unlock.notice_2=- Siempre puede bloquear esta incidencia de nuevo en el futuro.
 issues.lock.reason=Motivo del bloqueo
-issues.lock.title=Bloquear conversación sobre esta incidencia.
-issues.unlock.title=Desbloquear conversación sobre esta incidencia.
+issues.lock.title=Bloquear conversación
+issues.unlock.title=Desbloquear conversación
 issues.comment_on_locked=No puede comentar una incidencia bloqueada.
 issues.delete=Eliminar
 issues.delete.title=¿Eliminar esta incidencia?
@@ -2739,6 +2740,19 @@ settings.pull_mirror_sync_quota_exceeded = Cuota excedida, no se empujan los cam
 archive.nocomment = No es posible hacer comentarios porque el repositorio está archivado.
 sync_fork.branch_behind_one = Esta rama esta %[1]d cambios detrás de %[2]s
 sync_fork.branch_behind_few = Esta rama está %[1]d confirmaciones detrás de %[2]s
+migrate.repo_desc_helper = Deje vacío para importar la descripción existente
+commits.view_single_diff = Ver los cambios introducidos por la confirmación para este archivo
+issues.filter_type.all_pull_requests = Todas las solicitudes de incorporación de cambios
+issues.reaction.alt_many = %[1]s y %[2]d más reaccionaron %[3]s.
+comment.blocked_by_user = No es posible comentar porque ha sido bloqueado por el dueño del repositorio o el autor.
+issues.summary_card_alt = El resumen de la incidencia titulada "%s" en el repositorio %s
+pulls.editable_explanation = Esta incorporación de cambios permite ediciones de mantenedores. Tu puedes contribuir directamente a ella.
+pulls.delete_after_merge.head_branch.is_protected = La cabeza de la rama que quiere borrar está protegida y no se puede eliminar.
+pulls.delete_after_merge.head_branch.insufficient_branch = No tienes permiso para eliminar esa cabeza de la rama.
+settings.default_update_style_desc = El modo por defecto utilizado para actualizar las solicitudes de incorporación de cambios que estén detrás de la rama base.
+settings.wiki_branch_rename_success = La wiki de la rama del repositorio ha sido normalizada correctamente.
+settings.wiki_branch_rename_failure = Hubo un error al normalizar el nombre de la rama de la wiki del repositorio.
+release.hide_archive_links_helper = Ocultar el archivo de código generado automáticamente de este lanzamiento. Por ejemplo, si estás subiendo el tuyo propio.
 
 [graphs]
 component_loading = Cargando %s…
diff --git a/options/locale/locale_et.ini b/options/locale/locale_et.ini
index f62360f5ea..dba948f152 100644
--- a/options/locale/locale_et.ini
+++ b/options/locale/locale_et.ini
@@ -33,7 +33,7 @@ toggle_menu = Lülita menüü sisse/välja
 more_items = Rohkem objekte
 email = E-posti aadress
 password = Salasõna
-access_token = Tunnusluba
+access_token = Juurdepääsu tunnusluba
 re_type = Kinnita salasõna
 twofa = Kahefaktoriline autentimine
 twofa_scratch = Kahefaktoriline kriipsukood
@@ -124,8 +124,8 @@ filter = Filter
 filter.clear = Tühjenda filtrid
 filter.is_archived = Arhiveeritud
 filter.not_archived = Arhiveerimata
-filter.is_fork = 
-filter.not_fork = 
+filter.is_fork =Koodiharud
+filter.not_fork =Pole koodiharud
 filter.is_mirror = Peegelpildid
 filter.not_mirror = Pole peegelpilte
 filter.is_template = Mallid
@@ -333,17 +333,24 @@ sqlite3_not_available = See Forgejo versioon ei toeta SQLite3 andmebaasi. Palun
 offline_mode.description = Lülitage kolmandate osapoolte sisuedastusvõrgud välja ja jaga kõiki ressursse kohalikust serverist.
 password_algorithm = Salasõna räsialgoritm
 invalid_password_algorithm = Vigane salasõna räsialgoritm
+invalid_repo_path = Tarkvarahoidla juurkaust on vigane: %v
+invalid_app_data_path = Rakenduse andmete asukoht on vigane: %v
 
 [auth]
 allow_password_change = Eelda, et kasutajad muudavad oma salasõna (soovitatav)
 forgot_password_title = Ununenud salasõna
 must_change_password = Muuda oma salasõna
 forgot_password = Kas salasõna ununes?
+verify = Verifitseeri
+openid_connect_submit = Ühenda
 
 [mail]
 password_change.subject = Sinu salasõna on muutunud
 password_change.text_1 = Sinu kasutajakonto salasõna on just muutunud.
 totp_disabled.text_1 = Lisaautentimine ehk ajapõhise salasõna (TOTP) kasutamine on sinu kasutajakontol just välja lülitatud.
+release.note = Märkus:
+release.downloads = Allalaadimised:
+repo.transfer.to_you = sina
 
 [form]
 Retype = Korda salasõna
@@ -353,6 +360,13 @@ username_password_incorrect = Kassutajanimi või salasõna pole õige.
 required_prefix = Sisendi alguses peab olema „&s“
 To = Haru nimi
 NewBranchName = Haru uus nimi
+UserName = Kasutajanimi
+Description = Kirjeldus
+Pronouns = Asesõnad
+Biography = Biograafia
+Website = Veebisait
+Location = Asukoht
+Content = Sisu
 
 [settings]
 retype_new_password = Korda uut salasõna
@@ -362,6 +376,50 @@ update_password = Muuda salasõna
 old_password = Senine salasõna
 new_password = Uus salasõna
 comment_type_group_branch = Koodiharu
+profile = Profiil
+account = Kasutajakonto
+appearance = Välimus
+security = Turvalisus
+avatar = Tunnuspilt
+applications = Rakendused
+orgs = Organisatsioonid
+repos = Koodihoidlad
+organization = Organisatsioonid
+website = Veebisait
+location = Asukoht
+pronouns = Asesõnad
+pronouns_unspecified = Määratlemata
+cancel = Katkesta
+language = Keel
+ui = Kujundus
+hints = Vihjed
+comment_type_group_reference = Viide
+comment_type_group_label = Silt
+comment_type_group_milestone = Vahe-eesmärk
+comment_type_group_assignee = Määratud kasutajale
+comment_type_group_title = Pealkiri
+comment_type_group_deadline = Tähtaeg
+comment_type_group_dependency = Sõltuvus
+comment_type_group_project = Projekt
+privacy = Privaatsus
+primary = Esmane
+activated = Aktiveeritud
+delete_email = Eemalda
+gpg_key_verify = Verifitseeri
+gpg_token = Tunnusluba
+ssh_key_verify = Verifitseeri
+ssh_token = Tunnusluba
+subkeys = Alamvõtmed
+key_content = Sisu
+principal_content = Sisu
+delete_key = Eemalda
+can_read_info = Lugemine
+can_write_info = Kirjutamine
+delete_token = Kustuta
+permission_read = Lugemine
+permissions_list = Õigused:
+save_application = Salvesta
+oauth2_application_edit = Muuda
 
 [repo]
 mirror_sync_on_commit = Sünkrooni sissekannete tegemisel
@@ -417,6 +475,11 @@ settings.event_delete_desc = Koodiharu või silt on kustutatud.
 settings.branches = Kooduharud
 settings.protected_branch.save_rule = Salvesta reegel
 settings.protected_branch.delete_rule = Kustuta reegel
+editor.or = või
+editor.cancel_lower = Katkesta
+editor.add_tmpl.filename = failinimi
+pulls.editable = Muudetav
+editor.add_file = Lisa fail
 
 [actions]
 variables = Muutujad
@@ -432,6 +495,34 @@ auths.bind_password = Seo salasõna
 
 [explore]
 users = Kasutajad
+repos = Koodihoidlad
+organizations = Organisatsioonid
+code = Kood
 
 [user]
-starred = Tärniga märgitud hoidlad
\ No newline at end of file
+starred = Tärniga märgitud hoidlad
+repositories = Koodihoidlad
+followers.title.one = Jälgija
+followers.title.few = Jälgijad
+following.title.one = Sa jälgid
+following.title.few = Sa jälgid
+follow = Jälgi
+unfollow = Lõpeta jälgimine
+code = Kood
+projects = Projektid
+overview = Ülevaade
+block = Blokeeri
+unblock = Eemalda blokeering
+user_bio = Elulugu
+
+[home]
+my_repos = Koodihoidlad
+my_orgs = Organisatsioonid
+show_archived = Arhiveeritud
+show_private = Privaatne
+
+[modal]
+yes = Jah
+no = Ei
+confirm = Kinnita
+cancel = Katkesta
\ No newline at end of file
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 235ff2ed91..f1667e43ab 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -1009,6 +1009,10 @@ ssh_principal_deletion_success = Prinsipaali on poistettu.
 principal_state_desc = Tätä prinsipaalia on käytetty viimeisen seitsemän päivän aikana
 regenerate_token_success = Poletti on luotu uudelleen. Sovellukset, jotka käyttivät polettia, eivät enää pääse tilillesi. Kyseiset sovellukset tulee päivittää uudella poletilla.
 quota.sizes.assets.all = Resurssit
+can_not_add_email_activations_pending = Aktivointi odottaa. Odota hetki ja yritä uudelleen muutaman minuutin kuluttua, jos haluat lisätä uuden sähköpostiosoitteen.
+gpg_invalid_token_signature = Annettu GPG-avain, allekirjoitus ja poletti eivät täsmää, tai poletti on vanhentunut.
+ssh_invalid_token_signature = Annettu SSH-avain, allekirjoitus tai poletti eivät täsmää, tai poletti on vanhentunut.
+access_token_desc = Valitut poletin käyttöoikeudet rajoittavat valtuuden vain vastaaville <a href="%[1]s" target="_blank">API</a>-reiteille. Lue <a href="%[2]s" target="_blank">dokumentaatio</a> saadaksesi lisätietoja.
 
 [repo]
 owner=Omistaja
@@ -2546,6 +2550,8 @@ commitstatus.success = Onnistui
 projects.deletion_desc = Projektin poistaminen poistaa sen kaikilta siihen liittyviltä ongelmilta. Jatketaanko?
 issues.lock.unknown_reason = Ongelmaa ei voi lukita tuntemattomalla syyllä.
 issues.unlock_error = Ongelmaa, jota ei ole lukittu, ei voi avata lukituksesta.
+issues.tracking_already_started = `Olet jo aloittanut ajanseurannan <a href="%s">toisessa ongelmassa</a>!`
+issues.cancel_tracking_history = `perui ajanseurannan %s`
 
 
 
diff --git a/options/locale/locale_fil.ini b/options/locale/locale_fil.ini
index 4ab4ccab8e..c2cf9fd951 100644
--- a/options/locale/locale_fil.ini
+++ b/options/locale/locale_fil.ini
@@ -938,8 +938,8 @@ keep_activity_private.description = Makikita mo lang at mga tagapangasiwa ng ins
 language.description = Mase-save ang wika sa iyong account at gagamitin bilang default pagkatapos mong mag-log in.
 language.localization_project = Tulungan kaming isalin ang Forgejo sa iyong wika! <a href="%s">Matuto pa</a>.
 user_block_yourself = Hindi mo maaaring harangan ang sarili mo.
-change_username_redirect_prompt.with_cooldown.one = Magiging available ang lumang username sa lahat pagkatapos ng panahon ng cooldown ng %[1]d araw. Maaari mo pa ring ma-claim muli ang lumang username sa panahon ng panahon ng cooldown.
-change_username_redirect_prompt.with_cooldown.few = Magiging available ang lumang username sa lahat pagkatapos ng panahon ng cooldown ng %[1]d araw. Maaari mo pa ring ma-claim muli ang lumang username sa panahon ng panahon ng cooldown.
+change_username_redirect_prompt.with_cooldown.one = Magiging available ang lumang username sa lahat pagkatapos ng panahon ng pagprotekta na %[1]d araw. Maaari mo pa ring ma-claim muli ang lumang username sa panahon ng pagprotekta.
+change_username_redirect_prompt.with_cooldown.few = Magiging available ang lumang username sa lahat pagkatapos ng panahon ng pagprotekta na %[1]d na araw. Maaari mo pa ring ma-claim muli ang lumang username sa panahon ng pagprotekta.
 keep_pronouns_private = Ipakita lang ang mga panghalip sa mga naka-authenticate na user
 keep_pronouns_private.description = Itatago nito ang iyong mga panghalip mula sa mga bisita na hindi naka-log in.
 quota.applies_to_user = Nag-aapply ang mga sumusunod na panuntunan ng quota sa iyong account
@@ -2752,7 +2752,7 @@ dashboard.deleted_branches_cleanup = Linisin ang mga binurang branch
 dashboard.update_migration_poster_id = I-update ang mga migration poster ID
 dashboard.git_gc_repos = I-garbage collect ang lahat ng mga repositoryo
 dashboard.resync_all_sshprincipals = I-update ang ".ssh/authorized_principals" file sa mga principal ng Forgejo SSH.
-dashboard.resync_all_hooks = I-resychronize ang mga pre-receive, update at post-receive hook para sa lahat ng mga repositoryo
+dashboard.resync_all_hooks = I-resychronize ang mga Git hook ng lahat ng mga repositoryo (pre-receive, post-receive, proc-receive, …)
 dashboard.cleanup_hook_task_table = Linisin ang hook_task table
 dashboard.cleanup_packages = Linisin ang mga na-expire na package
 dashboard.cleanup_actions = Linisin ang mga nag-expire na log at artifact mula sa mga aksyon
diff --git a/options/locale/locale_he.ini b/options/locale/locale_he.ini
index a93d430271..6c3387c1b8 100644
--- a/options/locale/locale_he.ini
+++ b/options/locale/locale_he.ini
@@ -462,6 +462,43 @@ delete_with_all_comments = חשבונך נוצר לפני פחות מ־%s; כל
 update_avatar = עדכון תמונת פרופיל
 delete_current_avatar = מחיקת תמונת הפרופיל הנוכחית
 uploaded_avatar_not_a_image = הקובץ שהועלה לא תמונה.
+ssh_key_name_used = מפתח SSH עם אותו השם כבר קיים בחשבון שלך.
+gpg_key_id_used = מפתח GPG ציבורי עם אותו מזהה כבר הוסף.
+gpg_key_matched_identities = זהויות תואמות:
+gpg_key_verified = מפתח מאומת
+gpg_token_help = ניתן ליצור חתימה באמצעות:
+key_signature_gpg_placeholder = מתחיל עם "---BEGIN PGP SIGNATURE--"
+ssh_key_verified = מפתח מאומת
+ssh_token_help = ניתן ליצור חתימה באמצעות:
+key_signature_ssh_placeholder = מתחיל עם "---BEGIN SSH SIGNATURE--"
+key_id = מזהה מפתח
+no_activity = אין פעילות אחרונה
+regenerate_token = צור מחדש
+oauth2_client_id = מזהה תוכנת לקוח
+oauth2_client_secret = סוד תוכנת לקוח
+oauth2_regenerate_secret = צור סוד מחדש
+oauth2_regenerate_secret_hint = איבדת את הסוד שלך?
+twofa_disable = כבה אימות דו-שלבי
+twofa_enroll = הפעל אימות דו-שלבי
+twofa_disable_note = אפשר לכבות אימות דו-שלבי במידת הצורך.
+twofa_disable_desc = כיבוי אימות דו-שלבי יגרום לחשבונך להיות פחות מאובטח. להמשיך?
+twofa_disabled = אימות דו-שלבי כובה.
+scan_this_image = סרוק את התמונה עם יישום האימות שלך:
+or_enter_secret = או הזן את הסוד: %s
+then_enter_passcode = הזן את קוד המעבר המוצג ביישום:
+passcode_invalid = הקוד אינו נכון. נסה שוב.
+webauthn_register_key = הוסף מפתח אבטחה
+webauthn_nickname = כינוי
+webauthn_delete_key = הסר מפתח אבטחה
+webauthn_delete_key_desc = אם מפתח האבטחה יוסר אי אפשר יהיה להתחבר איתו. להמשיך?
+webauthn_key_loss_warning = אם מבטח האבטחה יאבד, תאבד את הגישה לחשבון שלך.
+webauthn_alternative_tip = ייתכן שתרצה להגדיר שיטת אימות נוספת.
+manage_account_links = חשבונות מקושרים
+manage_account_links_desc = חשבונות חיצוניים אלה קשורים לחשבון Forgejo שלך.
+link_account = קשר חשבון
+remove_account_link = הסר חשבון מקושר
+remove_account_link_desc = הסר חשבון מקושר תבטל את גישה היישום לחשבון Forgejo שלך. להמשיך?
+remove_account_link_success = החשבון המקושר הוסר.
 
 [repo]
 new_advanced = הגדרות מתקדמות
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index fce5fd5c6d..a52002718c 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -2110,7 +2110,7 @@ settings.protect_whitelist_deploy_keys=Chiavi di deploy in whitelist con permess
 settings.protect_whitelist_users=Utenti nella whitelist per pushare
 settings.protect_whitelist_teams=Team nella whitelist per pushare
 settings.protect_merge_whitelist_committers=Attiva la whitelist per le fusioni
-settings.protect_merge_whitelist_committers_desc=Consentire soltanto agli utenti o ai team in whitelist il permesso di unire le pull request di questo branch.
+settings.protect_merge_whitelist_committers_desc=Consentire soltanto agli utenti o ai team nella lista bianca di poter unire le richieste di modifica di questo ramo.
 settings.protect_merge_whitelist_users=Utenti nella whitelist per il merging
 settings.protect_merge_whitelist_teams=Team nella whitelist per il merging
 settings.protect_check_status_contexts=Abilita controllo dello stato
@@ -2136,8 +2136,8 @@ settings.block_outdated_branch=Blocca il merge se la pull request è obsoleta
 settings.block_outdated_branch_desc=Il merging non sarà possibile quando il ramo testa è dietro il ramo base.
 settings.default_branch_desc=Seleziona un branch del repository predefinito per le pull request ed i commit di codice:
 settings.default_merge_style_desc=Modalità di fusione predefinito
-settings.choose_branch=Scegli un branch…
-settings.no_protected_branch=Non ci sono branch protetti.
+settings.choose_branch=Scegli un ramo…
+settings.no_protected_branch=Non ci sono rami protetti.
 settings.edit_protected_branch=Modifica
 settings.protected_branch_required_approvals_min=Le autorizzazioni richieste non possono essere negative.
 settings.tags=Etichette
@@ -2159,7 +2159,7 @@ settings.archive.header=Archivia questo repositorio
 settings.archive.success=Il repo è stato archiviato con successo.
 settings.archive.error=Si è verificato un errore durante il tentativo di archiviare il repo. Vedi il log per maggiori dettagli.
 settings.archive.error_ismirror=Non puoi archiviare un mirror repo.
-settings.archive.branchsettings_unavailable=Le impostazioni dei branch non sono disponibili se il repo è archiviato.
+settings.archive.branchsettings_unavailable=Le impostazioni dei rami non sono disponibili se il repo è archiviato.
 settings.archive.tagsettings_unavailable=Le impostazioni dei tag non sono disponibili nei repositori archiviati.
 settings.update_avatar_success=L'avatar del repository è stato aggiornato.
 settings.lfs=LFS
@@ -2286,7 +2286,7 @@ release.add_tag=Crea tag
 branch.name=Nome ramo
 branch.delete_head=Elimina
 branch.delete_html=Elimina ramo
-branch.create_branch=Crea branch %s
+branch.create_branch=Crea ramo %s
 branch.deleted_by=Eliminato da %s
 branch.included_desc=Questo ramo fa parte del ramo predefinito
 branch.included=Incluso
@@ -2943,7 +2943,7 @@ dashboard.update_mirrors=Aggiorna specchi
 dashboard.repo_health_check=Controlla integrità di tutti i repository
 dashboard.check_repo_stats=Controlla tutte le statistiche del repository
 dashboard.archive_cleanup=Elimina vecchi archivi del repository
-dashboard.deleted_branches_cleanup=Pulisci branch eliminati
+dashboard.deleted_branches_cleanup=Pulisci i rami eliminati
 dashboard.update_migration_poster_id=Aggiorna gli ID del poster di migrazione
 dashboard.git_gc_repos=Esegui la garbage collection su tutti i repository
 dashboard.resync_all_sshkeys=Aggiornare il file ".ssh/authorized_keys" con le chiavi SSH di Forgejo.
@@ -3458,7 +3458,7 @@ merge_pull_request=`ha fuso la richiesta di modifica <a href="%[1]s">%[3]s#%[2]s
 transfer_repo=repository <code>%s</code> trasferito in <a href="%s">%s</a>
 push_tag=ha inviato il tag <a href="%[2]s">%[3]s</a> su <a href="%[1]s">%[4]s</a>
 delete_tag=tag eliminato %[2]s da <a href="%[1]s">%[3]s</a>
-delete_branch=branch eliminato <code>%[2]s</code> da <a href="%[1]s">%[3]s</a>
+delete_branch=ha eliminato il ramo <code>%[2]s</code> da <a href="%[1]s">%[3]s</a>
 compare_branch=Confronta
 compare_commits=Confronta %d commits
 compare_commits_general=Confronta commit
diff --git a/options/locale/locale_kab.ini b/options/locale/locale_kab.ini
index 9fd0dd6222..d671eb80ae 100644
--- a/options/locale/locale_kab.ini
+++ b/options/locale/locale_kab.ini
@@ -39,7 +39,7 @@ template = Tamudemt
 notifications = Ilɣa
 create_new = Snulfu-d…
 licenses = Turagin
-captcha = CAPČA
+captcha = KAPČA
 passcode = Angal n wadduf
 settings = Iɣewwaren
 your_profile = Amaɣnu
@@ -66,6 +66,17 @@ sign_out = Senser tuqqna
 link_account = Qqen amiḍan
 email = Tansa imayl
 access_token = Ajuṭu n unekcum
+copy_url = Nɣel tansa URL
+copy_path = Nɣel abrid
+copy_content = Nɣel agbur
+go_back = Uɣal ɣee deffir
+powered_by = S lmendad n %s
+sign_in_with_provider = Qqen s %s
+user_profile_and_more = Amaɣnu akken iɣewwaren…
+signed_in_as = D uqqin amzun d
+enable_javascript = Asmel-a Web yesra JavaScript.
+return_to_forgejo = Tuɣalin ɣer Forgejo
+twofa = Asesteb s snat n tarrayin
 
 [user]
 code = Tangalt
@@ -80,6 +91,7 @@ following.title.one = Yeṭṭafaṛ
 following.title.few = Yeṭṭafaṛ
 unfollow = Ur ṭṭafar ara
 overview = Tamuɣli s umata
+settings = Iɣewwaren n useqdac
 
 [org]
 code = Tanglat
@@ -90,6 +102,14 @@ settings.website = Asmel web
 settings.options = Tuddsa
 members.remove = Kkes
 teams.settings = Iɣewwaren
+settings.visibility.public = Azayaz
+settings.visibility.private_shortname = Uslig
+members.private = Yettwaffer
+members.owner = Bab-is
+members.member = Aɛeggal
+create_new_team = Agraw amaynut
+create_team = Snulfu-d yiwen n ugraw
+team_name = Isem n ugraw
 
 [repo]
 release.source_code = Tangalt taɣbalut
@@ -262,6 +282,44 @@ activity.period.monthly = 1 n wayyur
 activity.period.quarterly = 3 n wayyuren
 activity.period.semiyearly = 6 n wayyuren
 activity.period.yearly = 1 n useggas
+settings.collaboration.admin = Anedbal
+settings.collaboration.write = Tira
+settings.collaboration.read = Taɣuṛi
+settings.collaboration.owner = Bab-is
+settings.event_create = Snulfu-d
+settings.event_delete = Tukksa
+release.draft = Arewway
+download_zip = Sader-d ZIP
+download_tar = Sader-d TAR.GZ
+download_bundle = Sader-d BUNDLE
+new_advanced = Iɣewwaren leqqayen
+editor.add_tmpl = Rnu "<%s>"
+editor.add = Rnu %s
+projects.edit = Ẓreg asenfar
+projects.modify = Ẓreg asenfar
+wiki.page_title = Azwel n usebtar
+wiki.page_content = Agbur n usebter
+wiki.save_page = Sekles asebter
+wiki.new_page_button = Asebter amaynut
+wiki.delete_page_button = Kkes asebter
+wiki.search = Nadi deg wiki
+wiki.no_search_results = Ulac igmaḍ yettwafen
+activity.title.user_1 = %d n useqdac
+activity.title.user_n = %d n iseqdacen
+activity.git_stats_file_1 = %d n ufaylu
+activity.git_stats_file_n = %d n ifuyla
+settings.update_settings = Sekles iɣewwaren
+settings.advanced_settings = Iɣewwaren leqqayen
+settings.sync_mirror = Mtawi tura
+settings.admin_settings = Iɣewwaren n unedbal
+settings.add_team = Rnu yiwen n ugraw
+settings.slack_icon_url = URL n tignit
+settings.discord_icon_url = URL n tignit
+settings.graphql_url = URL n GraphQL
+settings.web_hook_name_msteams = Microsoft Teams
+settings.web_hook_name_larksuite_only = Lark Suite
+settings.packagist_username = Isem n useqdac n Packagist
+template_select = Fren yiwet n tmudemt
 
 [install]
 admin_password = Awal n uɛeddi
@@ -273,6 +331,12 @@ db_schema = Azenziɣ
 ssl_mode = SSL
 path = Abrid
 db_name = Isem n taffa n yisefka
+general_title = Iɣewwaren Imuta
+app_name = Azwel n tummant
+admin_email = Tansa imayl
+install_btn_confirm = Sebded Forgejo
+admin_name = Isem n useqdac n unedbal
+confirm_password = Serggeg awal n uɛeddi
 
 [admin]
 notices.type_1 = Akufi
@@ -298,10 +362,25 @@ config_settings = Iɣewwaren
 dashboard.statistic = Agzul
 users.2fa = 2FA
 config.db_ssl_mode = SSL
+first_page = Amezwaru
+last_page = Aneggaru
+users.edit = Ẓreg
+emails.filter_sort.email = Imayl
+orgs.teams = Igrawen
+orgs.members = Imttekkiyen
+repos.owner = Bab-is
+config.mailer_user = Aseqdac
 
 [search]
 code_kind = Nadi tangalt…
 search = Nadi…
+repo_kind = Nadi deg ikufiyen…
+user_kind = Nadi iseqdacen…
+org_kind = Nadi tirmisin…
+team_kind = Nadi igrawen…
+package_kind = Nadi ikemmusen…
+project_kind = Nadi isenfaren…
+branch_kind = Nadi tiseḍwa…
 
 [mail]
 release.download.targz = Tangalt taɣbalut (TAR.GZ)
@@ -309,6 +388,10 @@ release.download.zip = Tangalt taɣbalut (ZIP)
 release.note = Tazmilt:
 release.downloads = Isidar:
 repo.transfer.to_you = kečč·kemm
+hi_user_x = Azul a <b>%s</b>,
+admin.new_user.user_info = Talɣut ɣef useqdac
+release.title = Azwel: %s
+register_notify = Ansuf ar %s
 
 [editor]
 buttons.code.tooltip = Rnu tangalt
@@ -320,6 +403,7 @@ table_modal.placeholder.header = Aqeṛṛu
 table_modal.label.rows = Izirigen
 buttons.new_table.tooltip = Rnu tafelwit
 table_modal.header = Rnu tafelwit
+buttons.link.tooltip = Rnu yiwen n useɣwen
 
 [explore]
 code = Tanglat
@@ -339,6 +423,7 @@ RepoName = Isem n ukufi
 TeamName = Isem n terbaɛt
 Email = Tansa imayl
 Retype = Sentem awal n uɛeddi
+FullName = Isem ummid
 
 [aria]
 footer.links = Iseɣwan
@@ -350,6 +435,7 @@ more = Ugar
 [startpage]
 lightweight = D afessas
 license = Aɣbalu yeldin
+install = Fessus i usebded
 
 [home]
 my_repos = Ikufan
@@ -360,6 +446,11 @@ my_orgs = Tuddsiwin
 openid_connect_submit = Tuqqna
 verify = Senqed
 login_userpass = Qqen
+create_new_account = Snulfu-d amiḍan
+forgot_password_title = Tettuḍ awal n uɛeddi
+forgot_password = Tettuḍ awal n uɛeddi?
+sign_up_button = Asnulfu n umiḍan.
+reset_password = Tiririt n umiḍan
 
 [modal]
 yes = Ih
@@ -417,6 +508,13 @@ quota.sizes.assets.all = Igburen
 delete_email = Kkes
 update_language = Beddel tutlayt
 language.title = Tutlayt tamezwarut
+blocked_users = Imiḍanen yettusḥebsen
+old_password = Awal n uɛeddi amiran
+new_password = Awal n uɛeddi amaynut
+manage_themes = Asentel amezwer
+manage_openid = Tansiwin OpenID
+add_key = Rnu yiwet n tsarut
+quota.sizes.git.lfs = Git LFS
 
 [packages]
 arch.version.description = Aglam
@@ -429,6 +527,11 @@ rpm.repository.architectures = Tisegda
 alt.repository.architectures = Tisegda
 container.images.title = Tugniwin
 container.details.platform = Tiɣerɣert
+installation = Asebded
+details.project_site = Asmel Web n usenfar
+details.repository_site = Asmel Web n ukufi
+details.documentation_site = Asmel Web n tsemlit
+versions.view_all = Wali-ten akk
 
 [actions]
 runners.description = Aglam
@@ -439,4 +542,19 @@ runners.task_list.repository = Akufi
 type-2.display_name = Asenfar n ukufi
 
 [error]
-network_error = Tuccḍa deg uẓeṭṭa
\ No newline at end of file
+network_error = Tuccḍa deg uẓeṭṭa
+
+[tool]
+days = %d n wussan
+weeks = %d n imalasen
+months = %d n wayyuren
+years = %d n iseggasen
+1mon = 1 n wayyur
+1y = 1 n useggas
+
+[dropzone]
+remove_file = Kkes afaylu
+
+[filter]
+string.asc = A - Z
+string.desc = Z - A
\ No newline at end of file
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index b8ffcc190d..049d1dc514 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -178,9 +178,9 @@ less = 적은
 more = 많은
 
 [editor]
-buttons.italic.tooltip = 기울어진 텍스트 추가
+buttons.italic.tooltip = 기울어진 텍스트 추가 (Ctrl+I / ⌘I)
 buttons.heading.tooltip = 헤딩 추가
-buttons.bold.tooltip = 두꺼운 텍스트 추가
+buttons.bold.tooltip = 두꺼운 텍스트 추가 (Ctrl+B / ⌘B)
 buttons.code.tooltip = 코드 추가
 buttons.link.tooltip = 링크 추가
 buttons.quote.tooltip = 인용구 추가
@@ -198,6 +198,12 @@ table_modal.placeholder.header = 헤더
 table_modal.placeholder.content = 내용
 table_modal.label.rows = 행
 table_modal.label.columns = 열
+buttons.indent.tooltip = 항목들을 한 단계 들여쓰기
+buttons.unindent.tooltip = 항목들을 한 단계 내어쓰기
+link_modal.header = 링크 추가
+link_modal.url = Url
+link_modal.description = 설명
+link_modal.paste_reminder = 힌트: 클립보드에 URL이 있으면 편집기에 직접 붙여 넣어 링크를 만들 수 있습니다.
 
 [filter]
 string.desc = 하 - 가
@@ -330,6 +336,14 @@ secret_key_failed = 비밀 키 생성 실패: %v
 env_config_keys = 환경 설정
 invalid_password_algorithm = 올바르지 않은 암호 해시 알고리즘
 invalid_db_table = 데이터베이스 테이블 "%s"이(가) 올바르지 않습니다: %v
+domain_helper = 서버의 도메인 혹은 호스트 주소.
+require_sign_in_view.description = 콘텐츠 접근을 로그인한 사용자에게만 허용합니다. 손님은 인증 페이지를 통해서만 방문할 수 있습니다.
+config_location_hint = 이 구성 옵션은 다음 위치에 저장됩니다:
+invalid_app_data_path = 앱 데이터 경로가 잘못되었습니다: %v
+internal_token_failed = 내부 토큰을 생성하는데 실패했습니다: %v
+enable_update_checker_helper_forgejo = 이것은 release.forgejo.org의 TXT DNS 레코드를 확인함으로써 주기적으로 새로운 Forgejo 버전을 확인할 것입니다.
+password_algorithm_helper = 비밀번호 해싱 알고리즘을 설정합니다. 알고리즘은 요구사항과 강점이 서로 다릅니다. Argon2 알고리즘은 상당히 안전하지만 많은 메모리를 사용하므로 소형 시스템에는 적합하지 않을 수 있습니다.
+env_config_keys_prompt = 다음 환경 변수들은 구성 파일에도 저장됩니다:
 
 [home]
 uname_holder=사용자명 또는 이메일 주소
@@ -342,12 +356,21 @@ show_private=비공개
 issues.in_your_repos=당신의 저장소에
 feed_of = "%s"의 피드
 filter = 다른 필터
+filter_by_team_repositories = 팀 저장소로 필터링
+show_archived = 보관됨
+show_both_archived_unarchived = 보관된 항목과 보관되지 않은 항목 모두 표시
+show_only_archived = 보관된 항목만 표시
+show_only_unarchived = 보관되지 않은 항목만 표시
+show_both_private_public = 공개 및 비공개 모두 표시
+show_only_private = 비공개만 표시
+show_only_public = 공개만 표시
 
 [explore]
 repos=저장소
 users=사용자
 organizations=조직
 code=코드
+go_to = 이동
 
 [auth]
 create_new_account=계정 등록
@@ -361,7 +384,7 @@ allow_password_change=사용자에게 비밀번호 변경을 요청 (권장됨)
 reset_password_mail_sent_prompt=확인 메일이 <b>%s</b>로 전송되었습니다. 받은 편지함으로 도착한 메일을 %s 안에 확인해서 비밀번호 찾기 절차를 완료하십시오.
 active_your_account=계정 활성화
 account_activated=계정이 활성화 되었습니다
-prohibit_login = 
+prohibit_login =
 resent_limit_prompt=활성화를 위한 이메일을 이미 전송했습니다. 3분 내로 이메일을 받지 못한 경우 재시도해주세요.
 has_unconfirmed_mail=안녕하세요 %s, 이메일 주소(<b>%s</b>)가 확인되지 않았습니다. 확인 메일을 받으시지 못하겼거나 새로운 확인 메일이 필요하다면, 아래 버튼을 클릭해 재발송하실 수 있습니다.
 resend_mail=여기를 눌러 확인 메일 재전송
@@ -1841,4 +1864,5 @@ union = 통합 검색
 union_tooltip = 공백으로 구분된 키워드 중 하나라도 일치하는 결과를 포함하세요
 exact = 정확한
 regexp = 정규 표현식
-regexp_tooltip = 검색어를 정규 표현식으로 해석합니다
\ No newline at end of file
+regexp_tooltip = 검색어를 정규 표현식으로 해석합니다
+runner_kind = 러너 검색…
\ No newline at end of file
diff --git a/options/locale/locale_mic.ini b/options/locale/locale_mic.ini
new file mode 100644
index 0000000000..9f64bcae17
--- /dev/null
+++ b/options/locale/locale_mic.ini
@@ -0,0 +1,8 @@
+
+
+
+[common]
+home = L'mie
+help = apoqnmui
+name = Teluisi
+ok = A'
\ No newline at end of file
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index 4693b969a8..329df5bc50 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -2942,7 +2942,7 @@ dashboard.update_migration_poster_id=Werk migratie-poster IDs bij
 dashboard.git_gc_repos=Voer garbage collectie uit voor alle repositories
 dashboard.resync_all_sshkeys=Werk de ".ssh/authorized_keys" bestand bij met Forgejo SSH sleutels.
 dashboard.resync_all_sshprincipals=Update het ".ssh/authorized_principals" bestand met Forgejo SSH verantwoordelijken.
-dashboard.resync_all_hooks=Opnieuw synchroniseren van pre-ontvangst, bewerk en post-ontvangst hooks voor alle repositories
+dashboard.resync_all_hooks=Git hooks van alle repositories opnieuw synchroniseren (pre-receive, update en, post-receive hooks van alle repositories, proc-receive, ...)
 dashboard.reinit_missing_repos=Herinitialiseer alle ontbrekende Git repositories waarvoor records bestaan
 dashboard.sync_external_users=Externe gebruikersgegevens synchroniseren
 dashboard.server_uptime=Uptime server
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index b61e91ada0..df520d91bc 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -202,6 +202,7 @@ buttons.unindent.tooltip = Usuń jeden poziom zagnieżdżenia
 link_modal.header = Dodaj link
 link_modal.url = Url
 link_modal.description = Opis
+link_modal.paste_reminder = Wskazówka: Jeśli masz adres URL w schowku, możesz wkleić go bezpośrednio do edytora aby utworzyć link.
 
 [filter]
 string.asc = A - Z
@@ -334,7 +335,7 @@ smtp_from_invalid = Adres "Wyślij e-mail jako" jest nieprawidłowy
 env_config_keys_prompt = Następujące zmienne środowiskowe zostaną również zastosowane do pliku konfiguracyjnego:
 enable_update_checker_helper_forgejo = Będzie on okresowo sprawdzał dostępność nowych wersji Forgejo poprzez sprawdzanie rekordu TXT DNS pod adresem release.forgejo.org.
 config_location_hint = Te opcje konfiguracji zostaną zapisane w:
-password_algorithm_helper = Ustaw algorytm haszowania haseł. Algorytmy mają różne wymagania i siłę. Algorytm argon2 jest dość bezpieczny, ale zużywa dużo pamięci i może być nieodpowiedni dla małych systemów.
+password_algorithm_helper = Ustaw algorytm haszowania haseł. Algorytmy mają różne wymagania i siły. Algorytm argon2 jest dość bezpieczny, ale zużywa dużo pamięci i może być nieodpowiedni dla małych systemów.
 enable_update_checker = Włącz sprawdzanie aktualizacji
 env_config_keys = Konfiguracja środowiska
 run_user_helper = Nazwa użytkownika systemu operacyjnego, pod którą działa Forgejo. Należy pamiętać, że ten użytkownik musi mieć dostęp do ścieżki głównej repozytorium.
@@ -740,7 +741,7 @@ activate_email=Wyślij e-mail aktywacyjny
 activations_pending=Oczekujące aktywacje
 delete_email=Usuń
 email_deletion=Usuń adres e-mail
-email_deletion_desc=Adres e-mail i powiązane informacje zostaną usunięte z Twojego konta. Commity za pomocą tego adresu e-mail pozostaną niezmienione. Kontynuować?
+email_deletion_desc=Ten adres e-mail i powiązane z nim informacje zostaną usunięte z Twojego konta. Commity za pomocą tego adresu e-mail pozostaną niezmienione. Kontynuować?
 email_deletion_success=Adres e-mail został usunięty.
 theme_update_success=Twój motyw został zaktualizowany.
 theme_update_error=Wybrany motyw nie istnieje.
@@ -921,7 +922,7 @@ key_content_ssh_placeholder = Rozpoczyna się z "ssh-ed25519", "ssh-rsa", "ecdsa
 repo_and_org_access = Dostęp do Repozytoriów i Organizacji
 revoke_oauth2_grant_success = Dostęp cofnięty pomyślnie.
 update_language = Zmień język
-keep_email_private_popup = Twój adres e-mail nie będzie pokazywany na twoim profilu i nie będzie używany jako domyślny dla commitów utworzonych przez interfejs przeglądarki, takich jak wgrywanie plików, edycje, commity scalające. Zamiast tego, specjalny adres %s może zostać użyty do powiązania commitów z twoim kontem. Ta opcja nie wpływa na commity już istniejące.
+keep_email_private_popup = Adres e-mail nie będzie pokazywany na profilu i nie będzie używany jako domyślny dla commitów utworzonych przez interfejs przeglądarki, takich jak wgrywanie plików, edycje, czy commity scalające. Zamiast tego, specjalny adres %s może zostać użyty do powiązania commitów z kontem użytkownika. Ta opcja nie wpływa na commity już istniejące.
 repos_none = Nie posiadasz żadnych repozytoriów.
 verify_gpg_key_success = Klucz GPG "%s" został zweryfikowany.
 email_notifications.andyourown = Dodaj swoje własne powiadomienia
@@ -997,6 +998,21 @@ principal_state_desc = Ten podmiot nie był używany w ciągu ostatnich 7 dni
 add_principal_success = Podmiot certyfikatu SSH "%s" został dodany.
 keep_pronouns_private = Wyświetlaj zaimki tylko uwierzytelnionym użytkownikom
 keep_pronouns_private.description = Spowoduje to ukrycie zaimków przed odwiedzającymi, którzy nie są zalogowani.
+storage_overview = Przegląd pamięci
+ssh_token_help_ssh_agent = lub jeśli używasz agenta SSH (z ustawioną zmienną SSH_AUTH_SOCK):
+regenerate_token = Wygeneruj ponownie
+access_token_regeneration = Wygeneruj token dostępu ponownie
+access_token_regeneration_desc = Ponowne wygenerowanie tokenu spowoduje cofnięcie dostępu do Twojego konta dla aplikacji, które go używają. Tej czynności nie można cofnąć. Kontynuować?
+regenerate_token_success = Token został wygenerowany ponownie. Aplikacje, które go używają, nie mają już dostępu do Twojego konta i muszą zostać zaktualizowane nowym tokenem.
+quota.applies_to_org = Następujące zasady limitów obowiązują dla tej organizacji
+quota.rule.exceeded = Przekroczona
+quota.rule.exceeded.helper = Całkowity rozmiar obiektów dla tej zasady przekroczył limit.
+quota.rule.no_limit = Nielimitowana
+quota.sizes.all = Wszystkie
+quota.sizes.repos.all = Repozytoria
+quota.sizes.repos.public = Publiczne repozytoria
+quota.sizes.repos.private = Prywatne repozytoria
+quota.applies_to_user = Następujące zasady limitów obowiązują dla Twojego konta
 
 [repo]
 owner=Właściciel
diff --git a/options/locale/locale_ro.ini b/options/locale/locale_ro.ini
index 790a9c37eb..1cd772e251 100644
--- a/options/locale/locale_ro.ini
+++ b/options/locale/locale_ro.ini
@@ -186,6 +186,10 @@ report_message = Dacă credeți că aceasta este o problemă cu Forgejo, vă rug
 install = Ușor de instalat
 license = Sursă deschisă
 app_desc = Un serviciu Git fără probleme, auto-găzduit
+platform_desc = Forgejo rulează pe sisteme de operare libere ca Linux și FreeBSD, precum și pe diferite arhitecturi CPU. Alege ceea ce îți place!
+lightweight = Lejer
+license_desc = Descarcă <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Alătură-te nouă <a target="_blank" rel="noopener noreferrer" href="%[2]s">și contribuie</a> să îmbunătățești acest proiect. Nu ezita sa devii un contributor!
+lightweight_desc = Forgejo are cerințe minime mici și poate rula pe un Raspberry Pi ieftin. Economisește energie computațională!
 
 [install]
 require_db_desc = Forgejo are nevoie de MySQL, PostgreSQL, SQLite3 sau TiDB (protocol MySQL).
@@ -278,6 +282,7 @@ app_name_helper = Introdu numele instanței aici. Va fi afișat pe fiecare pagin
 app_slogan = Sloganul instanței
 app_slogan_helper = Introdu sloganul instanței aici. Lasă gol pentru a dezactiva.
 host = Gazdă
+db_schema = Schema
 
 [search]
 user_kind = Căutați utilizatori…
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 0cf1e52d86..cde13a7f55 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -745,7 +745,7 @@ lookup_avatar_by_mail=Найти изображение по моему адре
 enable_custom_avatar=Использовать своё изображение профиля
 choose_new_avatar=Выберите новое изображение профиля
 update_avatar=Обновить изображение профиля
-delete_current_avatar=Удалить текущее изображение профиля
+delete_current_avatar=Удалить изображение профиля
 uploaded_avatar_not_a_image=Загруженный файл не является изображением.
 uploaded_avatar_is_too_big=Размер выбранного файла (%d КиБ) превышает максимальный размер (%d КиБ).
 update_avatar_success=Изображение профиля было изменено.
@@ -3892,7 +3892,7 @@ filepreview.lines = Строки с %[1]d по %[2]d в %[3]s
 filepreview.truncated = Предпросмотр был обрезан
 
 [translation_meta]
-test = Wake up
+test = Wake up.
 
 [repo.permissions]
 code.write = <b>Запись:</b> отправка изменений в репозиторий, создание веток и тегов.
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 330ed2fb4b..8059ef38d2 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -103,7 +103,7 @@ webauthn_use_twofa = Введіть код підтвердження з тел
 webauthn_error = Не вдалося розпізнати ключ безпеки.
 webauthn_error_unknown = Сталася невідома помилка. Будь ласка, повторіть спробу.
 webauthn_error_unable_to_process = Сервер не зміг обробити запит.
-webauthn_error_duplicated = Запит із наданим ключем безпеки відхилено. Впевніться, що цього ключа ще не зареєстровано.
+webauthn_error_duplicated = Запит із наданим ключем безпеки відхилено. Впевніться, що цей ключ не є вже зареєстрованим.
 webauthn_error_empty = Ключ слід якось назвати.
 new_project_column = Новий стовпчик
 retry = Повторити
@@ -144,10 +144,10 @@ filter.private = Приватні
 more_items = Більше пунктів
 remove_label_str = Видалити елемент «%s»
 new_repo.title = Новий репозиторій
-new_migrate.title = Нова міграція
+new_migrate.title = Нове перенесення
 new_org.title = Нова організація
 new_repo.link = Новий репозиторій
-new_migrate.link = Нова міграція
+new_migrate.link = Нове перенесення
 new_org.link = Нова організація
 copy_generic = Скопіювати до буфера обміну
 show_log_seconds = Показувати секунди
@@ -250,9 +250,9 @@ err_empty_db_path=Шлях до файлу бази даних SQLite3 не мо
 no_admin_and_disable_registration=Ви не можете вимкнути реєстрацію до створення облікового запису адміністратора.
 err_empty_admin_password=Пароль адміністратора не може бути порожнім.
 err_empty_admin_email=Електронна адреса адміністратора не може бути порожньою.
-err_admin_name_is_reserved=Неправильне ім'я користувача-адміністратора — ім'я зарезервоване
-err_admin_name_pattern_not_allowed=Ім'я адміністратора недійсне, це ім'я підпадає під зарезервований шаблон
-err_admin_name_is_invalid=Неправильне ім'я користувача-адміністратора
+err_admin_name_is_reserved=Недійсне ім’я адміністратора — ім’я зарезервовано
+err_admin_name_pattern_not_allowed=Ім’я адміністратора недійсне, воно підпадає під шаблон зарезервованих імен
+err_admin_name_is_invalid=Недійсне ім’я адміністратора
 
 general_title=Загальні налаштування
 app_name=Назва екземпляра
@@ -302,7 +302,7 @@ enable_captcha.description=Вимагати перевірку CAPTCHA для с
 require_sign_in_view=Вимагати авторизації для перегляду вмісту екземпляра
 admin_setting.description=Створювати обліковий запис адміністратора необов'язково. Перший зареєстрований користувач автоматично стає адміністратором.
 admin_title=Налаштування облікового запису адміністратора
-admin_name=Ім'я користувача-адміністратора
+admin_name=Ім’я адміністратора
 admin_password=Пароль
 confirm_password=Підтвердження пароля
 admin_email=Адреса електронної пошти
@@ -337,7 +337,7 @@ allow_only_external_registration = Дозволити реєстрацію ті
 require_sign_in_view.description = Дозволити перегляд вмісту лише користувачам, які ввійшли. Гості бачитимуть лише сторінки входу і реєстрації.
 password_algorithm_helper = Установіть алгоритм хешування паролів. Алгоритми мають різні вимоги і стійкість. Алгоритм argon2 є досить безпечним, проте споживає багато пам’яті та є недоречним для малих систем.
 app_slogan = Гасло екземпляра
-app_slogan_helper = Уведіть гасло вашого екземпляра тут. Залиште порожнім, аби вимкнути.
+app_slogan_helper = Уведіть тут гасло вашого екземпляра. Залиште порожнім, аби вимкнути.
 run_user_helper = Ім’я користувача операційної системи, від якого запущено Forgejo. Зауважте, що цей користувач повинен мати доступ до кореневої теки репозиторію.
 smtp_from_invalid = Адреса з «Надсилати email від імені» недійсна
 allow_dots_in_usernames = Дозволити використання крапки в іменах користувачів. Не впливає на облікові записи, що вже існують.
@@ -585,7 +585,7 @@ team_name_been_taken=Назву команди вже зайнято.
 team_no_units_error=Дозволити доступ до принаймні одного розділу репозиторію.
 email_been_used=Ця електронна адреса вже використовується.
 email_invalid=Адреса електронної пошти помилкова.
-username_password_incorrect=Неправильне ім'я користувача або пароль.
+username_password_incorrect=Неправильне ім’я користувача або пароль.
 password_complexity=Пароль не відповідає вимогам до складності:
 password_lowercase_one=Принаймні одна буква в нижньому регістрі
 password_uppercase_one=Принаймні одна буква в верхньому регістрі
@@ -673,7 +673,7 @@ followers.title.few = Cтежать
 following.title.one = Відстежуваний
 following.title.few = Відстежувані
 form.name_reserved = Ім'я користувача «%s» зарезервовано.
-form.name_chars_not_allowed = Ім'я користувача «%s» містить неприпустимі символи.
+form.name_chars_not_allowed = Ім’я користувача «%s» містить неприпустимі символи.
 public_activity.visibility_hint.self_private = Вашу діяльність бачитимете лише ви й адміністрація сервера. <a href="%s">Налаштувати</a>.
 public_activity.visibility_hint.admin_private = Цю дію видно адміністрації, зокрема вам, але користувач_ка бажає залишити її приватною.
 public_activity.visibility_hint.self_private_profile = Вашу діяльність видно лише вам і адміністрації сервера, оскільки ваш профіль приватний. <a href="%s">Налаштувати</a>.
@@ -800,8 +800,8 @@ ssh_token_help=Ви можете створити підпис за допомо
 subkeys=Підключі
 key_id=ID ключа
 key_name=Назва ключа
-key_content=Зміст
-principal_content=Зміст
+key_content=Вміст
+principal_content=Вміст
 delete_key=Видалити
 ssh_key_deletion=Видалити ключ SSH
 gpg_key_deletion=Видалити ключ GPG
@@ -851,7 +851,7 @@ oauth2_client_secret=Ключ клієнта
 oauth2_regenerate_secret=Згенерувати новий ключ
 oauth2_regenerate_secret_hint=Ви втратили свій ключ?
 oauth2_application_edit=Редагувати
-oauth2_application_create_description=Програми OAuth2 надають вашим стороннім програмам доступ до облікових записів користувачів у цьому екземплярі.
+oauth2_application_create_description=Програми OAuth2 надають вашим стороннім програмам доступ до користувацьких облікових записів на цьому екземплярі.
 
 authorized_oauth2_applications=Авторизовані програми OAuth2
 revoke_key=Відкликати
@@ -916,7 +916,7 @@ email_desc = Ваша основна адреса електронної пош
 visibility.limited_tooltip = Видимий(а) тільки для зареєстрованих користувачів
 visibility.private_tooltip = Видимий(а) тільки для учасників організацій, до яких ви приєдналися
 twofa_scratch_token_regenerated = Ваш одноразовий ключ відновлення: %s. Збережіть його у безпечному місці, бо він не буде показаний знову.
-authorized_oauth2_applications_description = Ви надали цим стороннім застосункам доступ до вашого облікового запису Forgejo. Будь ласка, відкличте доступ із застосунків, що більше не використовуються.
+authorized_oauth2_applications_description = Ви надали цим стороннім програмам доступ до вашого облікового запису Forgejo. Будь ласка, відкличте доступ у програм, що більше не використовуються.
 webauthn_delete_key = Видалити ключ безпеки
 webauthn_key_loss_warning = Якщо ви втратите ключі безпеки, то втратите доступ до свого облікового запису.
 webauthn_register_key = Додати ключ безпеки
@@ -1059,7 +1059,7 @@ license=Ліцензія
 license_helper=Виберіть файл ліцензії
 license_helper_desc=Ліцензія регулює те, що інші можуть і не можуть робити з вашим кодом. Не впевнені, що саме підходить для вашого проєкту? Дивіться <a target="_blank" rel="noopener noreferrer" href="%s">Виберіть ліцензію</a>.
 readme=README
-readme_helper=Виберіть шаблон README
+readme_helper=Виберіть шаблон файлу README
 readme_helper_desc=Це місце, де ви можете написати повний опис вашого проєкту.
 auto_init=Ініціалізувати репозиторій
 create_repo=Створити репозиторій
@@ -1073,7 +1073,7 @@ mirror_address_desc=Помістіть будь-які необхідні обл
 mirror_lfs=Сховище великих файлів (LFS)
 mirror_lfs_desc=Активувати дзеркальне відображення даних LFS.
 mirror_lfs_endpoint=Кінцева точка LFS
-mirror_lfs_endpoint_desc=Синхронізація спробує використати URL-адресу клону, щоб <a target="_blank" rel="noopener noreferrer" href="%s">визначити сервер LFS</a>. Ви також можете вказати свою кінцеву точку, якщо дані LFS репозиторію зберігаються в іншому місці.
+mirror_lfs_endpoint_desc=Під час синхронізації буде виконано спробу <a target="_blank" rel="noopener noreferrer" href="%s">визначити сервер LFS</a>, використовуючи URL-адресу клону. Ви також можете вказати свою кінцеву точку, якщо дані LFS репозиторію зберігаються в іншому місці.
 mirror_last_synced=Остання синхронізація
 mirror_password_placeholder=(без змін)
 mirror_password_blank_placeholder=(відключено)
@@ -1084,11 +1084,11 @@ forks=Форки
 reactions_more=додати %d більше
 unit_disabled=Адміністратор сайту вимкнув цей розділ репозиторію.
 language_other=Інші
-adopt_search=Уведіть ім'я користувач_ки для пошуку неприйнятих репозиторіїв… (залиште порожнім, щоб знайти всі)
-adopt_preexisting_label=Прийняті файли
+adopt_search=Уведіть ім’я користувач_ки для пошуку неприйнятих репозиторіїв… (залиште порожнім, щоб знайти всі)
+adopt_preexisting_label=Прийняти файли
 adopt_preexisting=Прийняти вже існуючі файли
 adopt_preexisting_content=Створити репозиторій з %s
-adopt_preexisting_success=Прийняти файли та створити репозиторій з %s
+adopt_preexisting_success=Прийнято файли і створено репозиторій з %s
 delete_preexisting_label=Видалити
 delete_preexisting=Видалити існуючі файли
 delete_preexisting_content=Видалити файли з %s
@@ -1121,51 +1121,51 @@ form.reach_limit_of_creation_1=Ви досягли обмеження в %d ст
 form.reach_limit_of_creation_n=Ви досягли обмеження в %d створених репозиторіїв.
 
 need_auth=Авторизація
-migrate_options=Параметри міграції
-migrate_options_lfs=Перенесення LFS файлів
+migrate_options=Параметри перенесення
+migrate_options_lfs=Перенесення файлів LFS
 migrate_options_lfs_endpoint.label=Кінцева точка LFS
-migrate_options_lfs_endpoint.description=Міграція спробує використати ваш віддалений сервер Git, щоб <a target="_blank" rel="noopener noreferrer" href="%s">визначити сервер LFS</a>. Ви також можете вказати свою кінцеву точку, якщо дані LFS репозиторію зберігаються в іншому місці.
-migrate_options_lfs_endpoint.description.local=Також підтримуються шляхи на локальному сервері.
-migrate_items=Деталі міграції
+migrate_options_lfs_endpoint.description=Під час перенесення буде виконано спробу <a target="_blank" rel="noopener noreferrer" href="%s">визначити сервер LFS</a> через ваш віддалений сервер Git. Ви також можете вказати свою кінцеву точку, якщо дані LFS репозиторію зберігаються в іншому місці.
+migrate_options_lfs_endpoint.description.local=Також підтримується шлях на локальному сервері.
+migrate_items=Елементи для перенесення
 migrate_items_wiki=Вікі
 migrate_items_milestones=Етапи
 migrate_items_labels=Мітки
 migrate_items_issues=Задачі
 migrate_items_pullrequests=Запити на злиття
-migrate_items_merge_requests=Запити на об'єднання
+migrate_items_merge_requests=Запити на об’єднання
 migrate_items_releases=Випуски
 migrate_repo=Перенести репозиторій
-migrate.clone_address=Міграція / клонування з URL-адреси
+migrate.clone_address=Перенести / клонувати з URL-адреси
 migrate.clone_address_desc=URL-адреса HTTP(S) або Git «clone» існуючого репозиторію
-migrate.clone_local_path=або шлях до локального серверу
+migrate.clone_local_path=або шлях до локального сервера
 migrate.permission_denied=Вам не дозволено імпортувати локальні репозиторії.
 migrate.permission_denied_blocked=Ви не можете імпортувати з заборонених вузлів, будь ласка, попросіть адміністратора перевірити налаштування ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS.
 migrate.invalid_lfs_endpoint=Помилкова кінцева точка LFS.
-migrate.failed=Міграція не вдалася: %v
+migrate.failed=Перенесення не вдалося: %v
 migrate.migrate_items_options=Для перенесення додаткових елементів потрібен токен доступу
 migrated_from=Перенесено з <a href="%[1]s">%[2]s</a>
 migrated_from_fake=Перенесено з %[1]s
-migrate.migrate=Міграція з %s
-migrate.migrating=Міграція з <b>%s</b>…
-migrate.migrating_failed=Міграція із <b>%s</b> не вдалася.
-migrate.migrating_failed_no_addr=Міграція не вдалася.
-migrate.migrating_git=Міграція Git даних
-migrate.migrating_topics=Міграція тем
-migrate.migrating_milestones=Міграція етапів
-migrate.migrating_labels=Міграція міток
-migrate.migrating_releases=Міграція випусків
-migrate.migrating_issues=Міграція задач
-migrate.migrating_pulls=Міграція запитів на злиття
+migrate.migrate=Перенесення з %s
+migrate.migrating=Перенесення з <b>%s</b>…
+migrate.migrating_failed=Перенесення з <b>%s</b> не вдалося.
+migrate.migrating_failed_no_addr=Перенесення не вдалося.
+migrate.migrating_git=Перенесення даних Git
+migrate.migrating_topics=Перенесення тем
+migrate.migrating_milestones=Перенесення етапів
+migrate.migrating_labels=Перенесення міток
+migrate.migrating_releases=Перенесення випусків
+migrate.migrating_issues=Перенесення задач
+migrate.migrating_pulls=Перенесення запитів на злиття
 
 mirror_from=дзеркало
 forked_from=форк від
 generated_from=згенеровано з
 fork_from_self=Ви не можете створити форк репозиторію, яким володієте.
 fork_guest_user=Увійдіть, щоб створити форк репозиторію.
-watch_guest_user=Увійдіть, щоб слідкувати за цим репозиторієм.
+watch_guest_user=Увійдіть, щоб спостерігати за цим репозиторієм.
 star_guest_user=Увійдіть, щоб додати цей репозиторій в обрані.
 unwatch=Не стежити
-watch=Слідкувати
+watch=Стежити
 unstar=Видалити з обраних
 star=В обрані
 fork=Форк
@@ -1242,7 +1242,7 @@ editor.filename_help=Щоб додати каталог, наберіть йог
 editor.or=або
 editor.cancel_lower=Скасувати
 editor.commit_signed_changes=Внести підписані зміни
-editor.commit_changes=Закомітити зміни
+editor.commit_changes=Зберегти зміни
 editor.add_tmpl=Додати «<%s>»
 editor.commit_message_desc=Додати необов'язковий розширений опис…
 editor.signoff_desc=Додати повідомленню в журналі комітів рядок Signed-off-by від свого імені.
@@ -1253,8 +1253,8 @@ editor.propose_file_change=Запропонувати зміну файлу
 editor.new_branch_name_desc=Назва нової гілки…
 editor.cancel=Скасувати
 editor.filename_cannot_be_empty=Ім'я файлу не може бути порожнім.
-editor.file_changed_while_editing=Вміст файлу змінився відтоді, як ви його відкрили. <a target="_blank" rel="noopener noreferrer" href="%s">Натисніть тут</a>, щоб переглянути, що було змінено, або <strong>закомітьте зміни ще раз</strong>, щоб переписати їх.
-editor.commit_empty_file_header=Закомітити порожній файл
+editor.file_changed_while_editing=Вміст файлу змінився відтоді, як ви його відкрили. <a target="_blank" rel="noopener noreferrer" href="%s">Натисніть тут</a>, щоб переглянути, що було змінено, або <strong>збережіть зміни ще раз</strong>, щоб перезаписати їх.
+editor.commit_empty_file_header=Надіслати порожній файл
 editor.commit_empty_file_text=Файл, який ви збираєтеся зафіксувати, порожній. Продовжити?
 editor.no_changes_to_show=Нема змін для показу.
 editor.fail_to_update_file_summary=Помилка:
@@ -1353,12 +1353,12 @@ issues.add_labels=додано %s з мітками %s
 issues.remove_label=видалено %s з міткою %s
 issues.remove_labels=видалено %s з мітками %s
 issues.add_remove_labels=додано %s і видалено %s мітками %s
-issues.add_milestone_at=`додав(ла) до <b>%s</b> етапу %s`
-issues.add_project_at=`додав до проєкту <b>%s</b> %s`
+issues.add_milestone_at=`додає до етапу <b>%s</b> %s`
+issues.add_project_at=`додає до проєкту <b>%s</b> %s`
 issues.change_milestone_at=`змінено етап з <b>%s</b> на <b>%s</b> %s`
-issues.change_project_at=`змінив проєкт з <b>%s</b> на <b>%s</b> %s`
+issues.change_project_at=`змінює проєкт із <b>%s</b> на <b>%s</b> %s`
 issues.remove_milestone_at=`видалено з етапу<b>%s</b> %s`
-issues.remove_project_at=`видалив з проєкту <b>%s</b> %s`
+issues.remove_project_at=`видаляє з проєкту <b>%s</b> %s`
 issues.deleted_milestone=`(видалено)`
 issues.deleted_project=`(видалено)`
 issues.self_assign_at=`самостійно призначений %s`
@@ -1413,7 +1413,7 @@ issues.open_title=Відкрито
 issues.closed_title=Закрито
 issues.draft_title=Чернетка
 issues.num_comments=%d коментарів
-issues.commented_at=`прокоментував(ла) <a href="#%s">%s</a>`
+issues.commented_at=`коментує <a href="#%s">%s</a>`
 issues.delete_comment_confirm=Ви впевнені, що хочете видалити цей коментар?
 issues.context.copy_link=Скопіювати посилання
 issues.context.quote_reply=Цитувати відповідь
@@ -1487,18 +1487,18 @@ issues.delete=Видалити
 issues.tracker=Відстеження часу
 issues.start_tracking_short=Запустити таймер
 issues.start_tracking=Почати відстеження часу
-issues.start_tracking_history=`почав працювати %s`
+issues.start_tracking_history=`починає працювати %s`
 issues.tracker_auto_close=Таймер буде автоматично зупинено, коли ця задача буде закрита
 issues.tracking_already_started=`Ви вже почали відстежувати час для <a href="%s">іншої задачі</a>!`
 issues.stop_tracking=Зупинити таймер
-issues.stop_tracking_history=`перестав(-ла) працювати %s`
+issues.stop_tracking_history=`перестає працювати %s`
 issues.cancel_tracking=Скасувати
 issues.add_time=Вручну додати час
 issues.del_time=Видалити цей журнал часу
 issues.add_time_short=Додати час
 issues.add_time_cancel=Скасувати
-issues.add_time_history=`додав(-ла) витрачений час %s`
-issues.del_time_history=`видалив витрачений час %s`
+issues.add_time_history=`додає витрачений час %s`
+issues.del_time_history=`видаляє витрачений час %s`
 issues.add_time_hours=Години
 issues.add_time_minutes=Хвилини
 issues.add_time_sum_to_small=Час не введено.
@@ -1618,13 +1618,13 @@ pulls.num_conflicting_files_n=%d конфліктних файлів
 pulls.approve_count_1=%d схвалення
 pulls.approve_count_n=%d схвалень
 pulls.reject_count_1=%d запит на зміну
-pulls.reject_count_n=%d запити на зміну
-pulls.waiting_count_1=очікується %d рецензія
-pulls.waiting_count_n=очікується %d рецензії(й)
+pulls.reject_count_n=%d запитів на зміну
+pulls.waiting_count_1=очікується %d відгук
+pulls.waiting_count_n=очікується %d відгуків
 pulls.wrong_commit_id=ID коміту повинен бути ID коміту в цільовій гілці
 
-pulls.no_merge_desc=Цей запити на злиття неможливо злити, оскільки всі параметри об'єднання репозиторія вимкнено.
-pulls.no_merge_helper=Увімкніть параметри злиття в налаштуваннях репозиторія або злийте запити на злиття вручну.
+pulls.no_merge_desc=Цей запит на злиття неможливо злити, оскільки всі параметри об’єднання репозиторію вимкнено.
+pulls.no_merge_helper=Увімкніть параметри злиття в налаштуваннях репозиторію або злийте запити на злиття вручну.
 pulls.no_merge_wip=Цей запит на злиття неможливо об’єднати, тому що він уже виконується.
 pulls.no_merge_not_ready=Цей запит на злиття не готовий до об’єднання, зверніть увагу на відгуки і перевірки стану.
 pulls.no_merge_access=У вас нема дозволу злити цей запит.
@@ -1778,7 +1778,7 @@ activity.git_stats_deletion_n=%d видалень
 contributors.contribution_type.commits=Коміти
 
 settings=Налаштування
-settings.desc=У налаштуваннях ви можете змінювати різні параметри цього репозиторія
+settings.desc=У налаштуваннях ви можете змінювати різні параметри цього репозиторію
 settings.options=Репозиторій
 settings.collaboration=Співавтори
 settings.collaboration.admin=Адміністратор
@@ -1796,7 +1796,7 @@ settings.mirror_settings.direction.pull=Pull
 settings.mirror_settings.direction.push=Push
 settings.mirror_settings.last_update=Останнє оновлення
 settings.mirror_settings.push_mirror.none=Push-дзеркала не налаштовано
-settings.mirror_settings.push_mirror.remote_url=URL віддаленого репозиторію Git
+settings.mirror_settings.push_mirror.remote_url=URL віддаленого Git-репозиторію
 settings.mirror_settings.push_mirror.add=Додати push-дзеркало
 
 settings.sync_mirror=Синхронізувати зараз
@@ -1908,15 +1908,15 @@ settings.webhook_deletion=Видалити вебхук
 settings.webhook_deletion_desc=Видалення вебхука призведе до видалення його налаштувань та історії доставки. Продовжити?
 settings.webhook_deletion_success=Вебхук видалено.
 settings.webhook.test_delivery=Перевірити доставку
-settings.webhook.test_delivery_desc=Перевірте цей вебхук із підробленою подією.
+settings.webhook.test_delivery_desc=Перевірити цей вебхук за допомогою імітованої події.
 settings.webhook.request=Запит
 settings.webhook.response=Відповідь
 settings.webhook.headers=Заголовки
-settings.webhook.payload=Зміст
+settings.webhook.payload=Вміст
 settings.webhook.body=Тіло
-settings.githook_edit_desc=Якщо хук неактивний, буде представлено зразок змісту. Порожнє значення у цьому полі призведе до вимкнення хука.
+settings.githook_edit_desc=Якщо хук неактивний, буде представлено зразок вмісту. Порожнє значення у цьому полі призведе до вимкнення хука.
 settings.githook_name=Ім’я хука
-settings.githook_content=Зміст хука
+settings.githook_content=Вміст хука
 settings.update_githook=Оновити хук
 settings.add_webhook_desc=Forgejo надсилатиме <code>POST</code>-запити із вказаним Content-Type на цільову URL-адресу. Докладніше — в <a target="_blank" rel="noopener" href="%s">посібнику з вебхуків</a>.
 settings.payload_url=Цільова URL-адреса
@@ -1924,12 +1924,12 @@ settings.http_method=Метод HTTP
 settings.content_type=Тип вмісту POST
 settings.secret=Секрет
 settings.slack_username=Ім’я користувача
-settings.slack_icon_url=URL іконки
+settings.slack_icon_url=URL значка
 settings.slack_color=Колір
 settings.discord_username=Ім’я користувача
-settings.discord_icon_url=URL іконки
+settings.discord_icon_url=URL значка
 settings.event_desc=Спрацьовує на:
-settings.event_push_only=Push події
+settings.event_push_only=Події надсилання (push)
 settings.event_send_everything=Усі події
 settings.event_choose=Власні події…
 settings.event_header_repository=Події репозиторію
@@ -1980,7 +1980,7 @@ settings.add_hook_success=Вебхук додано.
 settings.update_webhook=Оновити вебхук
 settings.update_hook_success=Вебхук оновлено.
 settings.delete_webhook=Видалити вебхук
-settings.recent_deliveries=Недавні розсилки
+settings.recent_deliveries=Нещодавні розсилки
 settings.hook_type=Тип хука
 settings.slack_token=Токен
 settings.slack_domain=Домен
@@ -1992,11 +1992,11 @@ settings.is_writable=Увімкнути доступ на запис
 settings.is_writable_info=Дозволити цьому ключу розгортання виконувати <strong>push</strong> в репозиторій.
 settings.no_deploy_keys=Ви не додавали ключі розгортання.
 settings.title=Заголовок
-settings.deploy_key_content=Зміст
-settings.key_been_used=Зміст ключа розгортання вже використовується.
+settings.deploy_key_content=Вміст
+settings.key_been_used=Вміст ключа розгортання вже використовується.
 settings.key_name_used=Ключ розгортання з такою назвою вже існує.
 settings.deploy_key_deletion=Видалити ключ розгортання
-settings.deploy_key_deletion_desc=Видалення ключа розгортання унеможливить доступ до репозиторія з його допомогою. Продовжити?
+settings.deploy_key_deletion_desc=Видалення ключа розгортання унеможливить доступ до репозиторію з його допомогою. Продовжити?
 settings.deploy_key_deletion_success=Ключ розгортання видалено.
 settings.branches=Гілки
 settings.protected_branch=Захист гілки
@@ -2082,7 +2082,7 @@ settings.lfs_locks_no_locks=Немає блокувань
 settings.lfs_lock_file_no_exist=Заблокований файл не існує в типовій гілці
 settings.lfs_force_unlock=Примусове розблокування
 settings.lfs_pointers.found=Знайдено %d вказівників на blob — %d пов’язаних, %d непов’язаних (%d відсутні у сховищі)
-settings.lfs_pointers.sha=Blob SHA
+settings.lfs_pointers.sha=Blob hash
 settings.lfs_pointers.oid=OID
 settings.lfs_pointers.inRepo=У репозиторії
 settings.lfs_pointers.exists=Наявний у сховищі
@@ -2139,9 +2139,9 @@ diff.review.approve=Схвалити
 diff.review.reject=Запит змін
 diff.committed_by=зафіксовано
 diff.protected=Захищений
-diff.image.side_by_side=Пліч-о-пліч
-diff.image.swipe=Свайп
-diff.image.overlay=Оверлей
+diff.image.side_by_side=Поруч
+diff.image.swipe=Слайдер
+diff.image.overlay=Накладання
 
 releases.desc=Відслідковувати версії проєкту і завантаження.
 release.releases=Випуски
@@ -2171,7 +2171,7 @@ release.delete_release=Видалити випуск
 release.delete_tag=Видалити тег
 release.deletion=Видалити випуск
 release.deletion_success=Випуск видалено.
-release.deletion_tag_desc=Буде видалено цей тег із репозиторію. Вміст репозиторія та історія залишаться незмінними. Продовжити?
+release.deletion_tag_desc=Буде видалено цей тег із репозиторію. Вміст репозиторію та історія залишаться незмінними. Продовжити?
 release.deletion_tag_success=Тег видалено.
 release.tag_name_already_exist=Випуск із такою назвою тегу вже існує.
 release.tag_name_invalid=Неприпустима назва тегу.
@@ -2197,7 +2197,7 @@ branch.renamed=Гілку %s перейменовано на %s.
 tag.create_tag=Створити тег %s
 
 
-topic.manage_topics=Керувати тематичними мітками
+topic.manage_topics=Керування темами
 topic.done=Готово
 topic.count_prompt=Ви не можете вибрати більше 25 тем
 
@@ -2275,7 +2275,7 @@ settings.web_hook_name_slack = Slack
 settings.web_hook_name_discord = Дискорд
 settings.web_hook_name_forgejo = Forgejo
 settings.web_hook_name_wechatwork = WeCom (Wechat Work)
-migrate.migrating_failed.error = Міграція не вдалася: %s
+migrate.migrating_failed.error = Перенесення не вдалося: %s
 all_branches = Усі гілки
 settings.tracker_issue_style.regexp_pattern = Шаблон регулярного виразу
 settings.tracker_issue_style.regexp = Регулярний вираз
@@ -2387,7 +2387,7 @@ editor.file_delete_success = Файл «%s» видалено.
 file_follow = Слідувати за символьним посиланням
 projects.column.set_default = Установити за замовчуванням
 settings.federation_following_repos = URL-адреси відстежуваних репозиторіїв. Через «;», без пробілів.
-settings.federation_not_enabled = Федерацію вимкнено у вашому екземплярі.
+settings.federation_not_enabled = Федерацію вимкнено на вашому екземплярі.
 settings.federation_settings = Налаштування федерації
 signing.wont_sign.nokey = Цей екземпляр не має ключа для підписання цього коміту.
 settings.federation_apapiurl = URL федерації цього репозиторію. Скопіюйте її та вставте в налаштування федерації іншого репозиторію як URL-адресу відстежуваного репозиторію.
@@ -2430,9 +2430,9 @@ open_with_editor = Відкрити в %s
 commits.view_single_diff = Переглянути зміни до цього файлу, внесені у цьому коміті
 pulls.editable = Редаговане
 pulls.editable_explanation = Цей запит на злиття дозволено редагувати супроводжувачам. Ви можете зробити свій внесок безпосередньо до нього.
-admin.failed_to_replace_flags = Не вдалося замінити прапорці репозиторія
-admin.enabled_flags = Для репозиторія ввімкнено прапорці:
-admin.flags_replaced = Прапорці репозиторія замінено
+admin.failed_to_replace_flags = Не вдалося замінити прапорці репозиторію
+admin.enabled_flags = Для репозиторію ввімкнено прапорці:
+admin.flags_replaced = Прапорці репозиторію замінено
 admin.update_flags = Оновити прапорці
 admin.manage_flags = Керування прапорцями
 settings.rename_branch_failed_protected = Неможливо перейменувати гілку %s, оскільки ця гілка захищена.
@@ -2443,8 +2443,8 @@ mirror_sync_on_commit = Синхронізувати при вивантажен
 mirror_sync = синхронізовано
 mirror_use_ssh.helper = Forgejo може віддзеркалювати репозиторій за допомогою Git через SSH, згенерувавши вам пару ключів. Дозвольте відкритому ключу вивантажувати зміни в цільовий репозиторій. При виборі цієї опції вхід паролем неможливий.
 mirror_denied_combination = Неможливо водночас використовувати вхід відкритим ключем і паролем.
-new_repo_helper = Репозиторій містить усі файли проєкту, зокрема історію змін. У вас він уже десь є? <a href="%s">Мігруйте репозиторій</a>.
-object_format_helper = Формат об'єктів репозиторія. Змінити потім неможливо. SHA1 — найсумісніший.
+new_repo_helper = Репозиторій містить усі файли проєкту, зокрема історію змін. У вас він уже десь є? <a href="%s">Перенесіть репозиторій</a>.
+object_format_helper = Формат об’єктів репозиторію. Змінити потім неможливо. SHA1 — найсумісніший.
 mirror_interval = Інтервал синхронізації дзеркала (часові одиниці — «h», «m», «s»). 0 вимикає синхронізацію. (Мінімальний інтервал: %s)
 mirror_address_url_invalid = Вказано хибну URL-адресу. Впевніться, що всі неоднозначні складники адреси замінено escape-послідовностями.
 mirror_address_protocol_invalid = Хибна URL-адреса. Лише адреси http(s):// чи git:// можна використовувати для віддзеркалення.
@@ -2678,7 +2678,7 @@ issues.archived_label_description = (Архівна) %s
 issues.reaction.add = Додати реакцію
 issues.reaction.alt_add = Додати реакцію %[1]s до коментаря.
 issues.reaction.alt_remove = Прибрати реакцію %[1] з коментаря.
-migrate.github_token_desc = Ви можете ввести тут один або кілька токенів через кому, щоб пришвидшити міграцію в обхід обмеження частоти звернень до API GitHub. ОБЕРЕЖНО: зловживання цією функцією може порушити політику постачальника послуг і призвести до блокування облікового запису.
+migrate.github_token_desc = Ви можете ввести тут один або кілька токенів через кому, щоб пришвидшити перенесення в обхід обмеження частоти звернень до API GitHub. ОБЕРЕЖНО: зловживання цією функцією може порушити політику постачальника послуг і призвести до блокування облікового запису.
 issues.edit.already_changed = Не вдається зберегти зміни. Схоже, що хтось інший уже змінив вміст задачі. Оновіть сторінку і спробуйте відредагувати ще раз, щоб уникнути перезапису чужих змін
 pulls.edit.already_changed = Не вдається зберегти зміни. Схоже, що хтось інший уже змінив вміст запиту на злиття. Оновіть сторінку і спробуйте відредагувати ще раз, щоб уникнути перезапису чужих змін
 issues.reaction.alt_many = %[1]s і ще %[2]d реагують %[3]s.
@@ -2721,7 +2721,7 @@ editor.commit_email = Пошта автора
 issues.cancel_tracking_history = `скасовує відстеження часу %s`
 issues.label_archive_tooltip = Архівовані мітки за замовчуванням виключаються з пропозицій під час пошуку за міткою.
 settings.protect_status_check_matched = Збіг
-settings.webhook.delivery.success = Подію додано до черги доставки. Може знадобитися кілька секунд, перш ніж вона з'явиться в історії доставки.
+settings.webhook.delivery.success = Подію додано до черги доставки. Може знадобитися кілька секунд, перш ніж вона з’явиться в історії доставки.
 settings.protected_branch_required_rule_name = Необхідна назва правила
 tree_path_not_found.commit = Шлях %[1]s не існує в коміті %[2]s
 tree_path_not_found.tag = Шлях %[1]s не існує в тегу %[2]s
@@ -2746,11 +2746,11 @@ wiki.original_git_entry_tooltip = Переглянути оригінальни
 settings.mirror_settings.docs.no_new_mirrors = Ваш репозиторій дзеркалює зміни до іншого репозиторію або з нього. Майте на увазі, що в цей час ви не можете створювати нові дзеркала.
 settings.mirror_settings.docs.pull_mirror_instructions = Аби зробити pull-дзеркало, будь ласка, ознайомтеся з:
 settings.update_mirror_settings = Змінити налаштування дзеркала
-settings.add_collaborator_blocked_our = Неможливо додати співавтора, тому що власник репозиторія заблокував його.
+settings.add_collaborator_blocked_our = Неможливо додати співавтора, тому що власник репозиторію заблокував його.
 settings.add_collaborator_blocked_them = Неможливо додати співавтора, тому що вони заблокували власника репозиторію.
-settings.mirror_settings.docs.disabled_push_mirror.pull_mirror_warning = Зараз це можна зробити лише в меню «Нова міграція». По докладнішу інформацію, будь ласка, зверніться до:
+settings.mirror_settings.docs.disabled_push_mirror.pull_mirror_warning = Зараз це можна зробити лише в меню «Нове перенесення». По докладнішу інформацію, будь ласка, зверніться до:
 settings.tracker_issue_style.regexp_pattern_desc = Перша захоплена група буде використана замість <code>{index}</code>.
-settings.webhook.test_delivery_desc_disabled = Щоб протестувати цей вебхук за допомогою імітованої події, активуйте його.
+settings.webhook.test_delivery_desc_disabled = Щоб перевірити цей вебхук за допомогою імітованої події, активуйте його.
 settings.webhook.replay.description = Повторити цей вебхук.
 settings.webhook.replay.description_disabled = Щоб повторити цей вебхук, активуйте його.
 settings.githooks_desc = Git-хуки працюють завдяки самому Git. Ви можете редагувати файли хуків нижче, щоб налаштувати власні операції.
@@ -2800,8 +2800,8 @@ team_name=Назва команди
 team_desc=Опис
 team_name_helper=Назва команди має бути простою та зрозумілою.
 team_desc_helper=Опишіть мету або роль команди.
-team_access_desc=Доступ до репозиторія
-team_permission_desc=Права доступу
+team_access_desc=Доступ до репозиторію
+team_permission_desc=Дозвіл
 team_unit_desc=Дозволити доступ до розділів репозиторію
 team_unit_disabled=(Вимкнено)
 
@@ -2859,13 +2859,13 @@ teams.admin_access=Доступ адміністратора
 teams.admin_access_helper=Учасники можуть виконувати pull, push в репозиторії команд і додавати співавторів в команду.
 teams.no_desc=Ця команда не має опису
 teams.settings=Налаштування
-teams.owners_permission_desc=Власник має повний доступ до <strong>усіх репозиторіїв</strong> та має <strong>права адміністратора</strong> організації.
+teams.owners_permission_desc=Власники мають повний доступ до <strong>всіх репозиторіїв</strong> та мають <strong>права адміністратора</strong> організації.
 teams.members=Учасники команди
 teams.update_settings=Оновити налаштування
 teams.delete_team=Видалити команду
 teams.add_team_member=Додати учасника команди
 teams.delete_team_title=Видалити команду
-teams.delete_team_desc=Видалення команди скасовує доступ до репозиторія для її учасників. Продовжити?
+teams.delete_team_desc=Видалення команди скасовує доступ до репозиторію для її учасників. Продовжити?
 teams.delete_team_success=Команду видалено.
 teams.admin_permission_desc=Ця команда надає <strong>адміністраторський</strong> доступ: учасники можуть читати, виконувати push та додавати співавторів до її репозиторіїв.
 teams.create_repo_permission_desc=Крім того, ця команда надає дозвіл <strong>Створити репозиторій</strong>: учасники можуть створювати нові репозиторії в організації.
@@ -2880,7 +2880,7 @@ teams.members.none=У цій команді немає учасників.
 teams.specific_repositories=Конкретні репозиторії
 teams.specific_repositories_helper=Учасники матимуть доступ лише до репозиторіїв, які були явно додані до команди. Вибір цього пункту <strong>не призводить</strong> до автоматичного видалення репозиторіїв, доданих з <i>Всі репозиторії</i>.
 teams.all_repositories=Усі репозиторії
-teams.all_repositories_helper=Команда має доступ до всіх репозиторіїв. Вибір цього пункту <strong>додасть всі наявні</strong> репозиторії до команди.
+teams.all_repositories_helper=Команда має доступ до всіх репозиторіїв. Вибір цього пункту <strong>додасть усі наявні</strong> репозиторії до команди.
 code = Код
 open_dashboard = Відкрити панель управління
 follow_blocked_user = Ви не можете стежити за цією організацією, тому що вас у ній заблокували.
@@ -2947,7 +2947,7 @@ dashboard.repo_health_check=Перевірка стану всіх репози
 dashboard.check_repo_stats=Перевірити статистику всіх репозиторіїв
 dashboard.archive_cleanup=Видалити старі архіви репозиторіїв
 dashboard.deleted_branches_cleanup=Прибрати видалені гілки
-dashboard.update_migration_poster_id=Оновити мігровані ID авторів
+dashboard.update_migration_poster_id=Оновити перенесені ID авторів
 dashboard.git_gc_repos=Виконати очистку сміття для всіх репозиторіїв
 dashboard.resync_all_sshkeys=Оновити файл «.ssh/authorized_keys» з SSH-ключами Forgejo.
 dashboard.resync_all_sshprincipals=Оновити файл «.ssh/authorized_principals» з SSH-принципалами Forgejo.
@@ -2956,28 +2956,28 @@ dashboard.reinit_missing_repos=Переініціалізувати всі Git-
 dashboard.sync_external_users=Синхронізувати дані зовнішніх користувачів
 dashboard.cleanup_hook_task_table=Очистити таблицю hook_task
 dashboard.server_uptime=Час роботи сервера
-dashboard.current_goroutine=Поточна кількість Goroutines
-dashboard.current_memory_usage=Поточне використання пам'яті
-dashboard.total_memory_allocated=Виділено пам'яті загалом
-dashboard.memory_obtained=Отримано пам'яті
+dashboard.current_goroutine=Поточна кількість goroutines
+dashboard.current_memory_usage=Поточне використання пам’яті
+dashboard.total_memory_allocated=Виділено пам’яті загалом
+dashboard.memory_obtained=Отримано пам’яті
 dashboard.pointer_lookup_times=Пошуків вказівника
-dashboard.memory_allocate_times=Виділень пам'яті
-dashboard.memory_free_times=Звільнень пам'яті
-dashboard.current_heap_usage=Поточне використання динамічної пам'яті
-dashboard.heap_memory_obtained=Отримано динамічної пам'яті
-dashboard.heap_memory_idle=Динамічної пам'яті простоює
-dashboard.heap_memory_in_use=Динамічної пам'яті використовується
-dashboard.heap_memory_released=Звільнено динамічної пам'яті
-dashboard.heap_objects=Об'єктів динамічної пам'яті
-dashboard.bootstrap_stack_usage=Використання стеку Bootstrap
-dashboard.stack_memory_obtained=Зайнято пам'яті стеком
+dashboard.memory_allocate_times=Виділень пам’яті
+dashboard.memory_free_times=Звільнень пам’яті
+dashboard.current_heap_usage=Поточне використання динамічної пам’яті
+dashboard.heap_memory_obtained=Отримано динамічної пам’яті
+dashboard.heap_memory_idle=Динамічної пам’яті простоює
+dashboard.heap_memory_in_use=Динамічної пам’яті використовується
+dashboard.heap_memory_released=Звільнено динамічної пам’яті
+dashboard.heap_objects=Об’єктів динамічної пам’яті
+dashboard.bootstrap_stack_usage=Використання стеку bootstrap
+dashboard.stack_memory_obtained=Отримано пам’яті стеком
 dashboard.mspan_structures_usage=Використання структур MSpan
 dashboard.mspan_structures_obtained=Отримано структур MSpan
 dashboard.mcache_structures_usage=Використання структур MCache
 dashboard.mcache_structures_obtained=Отримано структур MCache
 dashboard.profiling_bucket_hash_table_obtained=Отримано хеш-таблиць профілювання
 dashboard.gc_metadata_obtained=Отримано метаданих збирача сміття
-dashboard.other_system_allocation_obtained=Отримання інших виділень пам'яті
+dashboard.other_system_allocation_obtained=Отримано інших виділень пам’яті
 dashboard.next_gc_recycle=Наступний цикл збирача сміття
 dashboard.last_gc_time=З останнього запуску збирача сміття
 dashboard.total_gc_pause=Загальна пауза збирача сміття
@@ -3125,7 +3125,7 @@ auths.disable_helo=Вимкнути HELO
 auths.pam_service_name=Ім'я служби PAM
 auths.pam_email_domain=Поштовий домен PAM (необов'язково)
 auths.oauth2_provider=Постачальник OAuth2
-auths.oauth2_icon_url=URL іконки
+auths.oauth2_icon_url=URL значка
 auths.oauth2_clientID=ID клієнта (ключ)
 auths.oauth2_clientSecret=Ключ клієнта
 auths.openIdConnectAutoDiscoveryURL=OpenID Connect URL для автоматизації входу
@@ -3167,7 +3167,7 @@ config.app_name=Назва екземпляра
 config.app_ver=Версія Forgejo
 config.app_url=Базова URL-адреса
 config.custom_conf=Шлях до файлу конфігурації
-config.custom_file_root_path=Шлях до файлу користувача
+config.custom_file_root_path=Шлях до користувацьких файлів
 config.domain=Домен сервера
 config.offline_mode=Локальний режим
 config.disable_router_log=Вимкнути журнал роутера
@@ -3230,7 +3230,7 @@ config.default_enable_dependencies=Увімкнути залежності за
 
 config.webhook_config=Конфігурація вебхуків
 config.queue_length=Довжина черги
-config.deliver_timeout=Затримка доставки
+config.deliver_timeout=Тайм-аут доставки
 config.skip_tls_verify=Пропустити перевірку TLS
 
 config.mailer_enabled=Увімкнено
@@ -3273,7 +3273,7 @@ config.git_max_diff_lines=Максимум рядків на diff (на один
 config.git_max_diff_line_characters=Максимум символів на diff (на одну строку)
 config.git_max_diff_files=Максимум diff-файлів (для показу)
 config.git_gc_args=Аргументи збирача сміття
-config.git_migrate_timeout=Тайм-аут міграції
+config.git_migrate_timeout=Тайм-аут перенесення
 config.git_mirror_timeout=Тайм-аут оновлення дзеркала
 config.git_clone_timeout=Тайм-аут операції клонування
 config.git_pull_timeout=Тайм-аут операції отримання змін
@@ -3369,7 +3369,7 @@ auths.tip.gitlab_new = Зареєструйте нову програму на %
 monitor.duration = Тривалість (с)
 users.reserved = Зарезервовано
 systemhooks.desc = Вебхуки автоматично сповіщають HTTP-сервер POST-запитами, коли в Forgejo відбуваються певні події. Вказані тут вебхуки спрацьовуватимуть для всіх репозиторіїв системи, тож врахуйте всі ймовірні наслідки для швидкодії. Докладніше — в <a target="_blank" rel="noopener" href="%s">посібнику з вебхуків</a>.
-dashboard.cleanup_actions = Очистити прострочені журнали й артефакти від дій
+dashboard.cleanup_actions = Очистити прострочені журнали й артефакти від Дій
 dashboard.gc_lfs = Виконати очистку сміття метаоб'єктів LFS
 dashboard.new_version_hint = Вийшла %s версія Forgejo, ви використовуєте %s. Докладніше читайте у <a target="_blank" rel="noreferrer" href="%s">блозі</a>.
 self_check.database_collation_case_insensitive = База даних використовує зіставлення %s, яке є нечутливим до регістру. Forgejo може працювати з ним, однак можливі рідкісні випадки, коли щось працюватиме не так, як очікувалося.
@@ -3394,11 +3394,11 @@ defaulthooks.desc = Вебхуки автоматично сповіщають H
 assets = Ресурси коду
 auths.invalid_openIdConnectAutoDiscoveryURL = Неправильна URL-адреса автоматичного виявлення (повинна бути дійсна URL-адреса, що починається з http:// або https://)
 settings = Налаштування адміністратора
-dashboard.start_schedule_tasks = Запустити заплановані завдання дій
+dashboard.start_schedule_tasks = Запустити заплановані завдання Дій
 config.logger_name_fmt = Журнал: %s
 config.set_setting_failed = Не вдалося встановити параметр %s
 config.access_log_template = Шаблон журналу доступу
-dashboard.cancel_abandoned_jobs = Скасувати покинуті завдання дій
+dashboard.cancel_abandoned_jobs = Скасувати покинуті завдання Дій
 monitor.download_diagnosis_report = Завантажити діагностичний звіт
 auths.oauth2_map_group_to_team_removal = Видаляти користувачів із синхронізованих команд, якщо користувачі не належать до відповідної групи.
 config.mailer_smtp_addr = Адреса SMTP
@@ -3436,8 +3436,8 @@ config.mailer_config = Налаштування пошти
 config.mailer_use_dummy = Болванка
 dashboard.sync_repo_branches = Синхронізувати відсутні гілки з даних Git в базу даних
 dashboard.sync_repo_tags = Синхронізувати теги з даних Git із базою даних
-dashboard.stop_zombie_tasks = Зупинити дії зомбі-завдань
-dashboard.stop_endless_tasks = Зупинити нескінченні дії завдань
+dashboard.stop_zombie_tasks = Зупинити зомбі-завдання Дій
+dashboard.stop_endless_tasks = Зупинити нескінченні завдання Дій
 users.remote = Віддалено
 users.restricted.description = Дозволити взаємодію лише з репозиторіями та організаціями, куди цього користувача додано як співавтора. Це запобігає доступу до публічних репозиторіїв на цьому екземплярі.
 auths.verify_group_membership = Перевірити членство у групі в LDAP (залиште фільтр порожнім, щоб пропустити)
@@ -3447,7 +3447,7 @@ config.open_with_editor_app_help = Редактори «Відкрити в» д
 
 
 [action]
-create_repo=створив(ла) репозиторій <a href="%s">%s</a>
+create_repo=створює репозиторій <a href="%s">%s</a>
 rename_repo=репозиторій перейменовано з <code>%[1]s</code> на <a href="%[2]s">%[3]s</a>
 commit_repo=надіслав зміни (push) до <a href="%[2]s">%[3]s</a> о <a href="%[1]s">%[4]s</a>
 create_issue=`відкрив задачу <a href="%[1]s">%[3]s#%[2]s</a>`
@@ -3458,11 +3458,11 @@ close_pull_request=`закрив запит злиття <a href="%[1]s">%[3]s#%
 reopen_pull_request=`повторно відкрив запит злиття <a href="%[1]s">%[3]s#%[2]s</a>`
 comment_issue=`прокоментував задачу <a href="%[1]s">%[3]s#%[2]s</a>`
 comment_pull=`прокоментував запит злиття <a href="%[1]s">%[3]s#%[2]s</a>`
-merge_pull_request=`прийняв запит злиття <a href="%[1]s">%[3]s#%[2]s</a>`
+merge_pull_request=`приймає запит на злиття <a href="%[1]s">%[3]s#%[2]s</a>`
 transfer_repo=передає репозиторій <code>%s</code> <a href="%s">%s</a>
 push_tag=надсилає тег <a href="%[2]s">%[3]s</a> в <a href="%[1]s">%[4]s</a>
 delete_tag=видаляє тег %[2]s із <a href="%[1]s">%[3]s</a>
-delete_branch=видалено гілку <code>%[2]s</code> з <a href="%[1]s">%[3]s</a>
+delete_branch=видаляє гілку <code>%[2]s</code> з <a href="%[1]s">%[3]s</a>
 compare_branch=Порівняти
 compare_commits=Порівняти %d комітів
 compare_commits_general=Порівняти коміти
@@ -3470,13 +3470,13 @@ mirror_sync_push=синхронізував коміти в <a href="%[2]s">%[3]
 mirror_sync_create=синхронізував нове посилання <a href="%[2]s">%[3]s</a> в <a href="%[1]s">%[4]s</a> із дзеркала
 mirror_sync_delete=синхронізовано й видалено посилання <code>%[2]s</code> на <a href="%[1]s">%[3]s</a> із дзеркала
 approve_pull_request=`схвалив <a href="%[1]s">%[3]s#%[2]s</a>`
-reject_pull_request=`запропонував зміни до <a href="%[1]s">%[3]s#%[2]s</a>`
+reject_pull_request=`пропонує зміни до <a href="%[1]s">%[3]s#%[2]s</a>`
 publish_release=`публікує випуск <a href="%[2]s">%[4]s</a> з <a href="%[1]s">%[3]s</a>`
 review_dismissed=`відхилив відгук від <b>%[4]s</b> для <a href="%[1]s">%[3]s#%[2]s</a>`
 review_dismissed_reason=Причина:
-create_branch=створив гілку <a href="%[2]s">%[3]s</a> в <a href="%[1]s">%[4]s</a>
-starred_repo=додав <a href="%[1]s">%[2]s</a> в обрані
-watched_repo=почав слідкувати за <a href="%[1]s">%[2]s</a>
+create_branch=створює гілку <a href="%[2]s">%[3]s</a> в <a href="%[1]s">%[4]s</a>
+starred_repo=додає <a href="%[1]s">%[2]s</a> в обрані
+watched_repo=починає спостерігати за <a href="%[1]s">%[2]s</a>
 auto_merge_pull_request = `автоматично об'єднав запит на злиття <a href="%[1]s">%[3]s#%[2]s</a>`
 
 [tool]
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index a1bd4c73c0..9acb703cab 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -196,5 +196,52 @@
         "other": "%s observadors"
     },
     "teams.remove_all_repos.modal.header": "Suprimeix tots els repositoris",
-    "teams.add_all_repos.modal.header": "Afegir tots els repositoris"
+    "teams.add_all_repos.modal.header": "Afegir tots els repositoris",
+    "repo.issues.filter_poster.hint": "Filtra per l'autor",
+    "repo.issues.filter_assignee.hint": "Filtra per l'usuari assignat",
+    "repo.issues.filter_reviewers.hint": "Filtra per l'usuari que revisa",
+    "repo.issues.filter_mention.hint": "Filtra per l'usuari mencionat",
+    "repo.issues.filter_modified.hint": "Filtra per la darrera data de modificació",
+    "repo.pulls.poster_manage_approval": "Gestiona l'aprovació",
+    "repo.pulls.poster_requires_approval": "Alguns fluxos de treball encara estan <a href=\"%[1]s\">pendents de revisió.</a>",
+    "repo.issues.filter_sort.hint": "Ordena per: creació/comentaris/actualització/termini",
+    "repo.pulls.poster_is_trusted": "L'autor d'aquesta «pull request» <a href=\"%[1]s\">sempre podrà executar fluxos de treball.</a>",
+    "repo.pulls.poster_is_trusted.tooltip": "L'autor d'aquesta «pull request» està explícitament autoritzat per a executar fluxos de treball a partir d'esdeveniments `pull_request`.",
+    "repo.pulls.poster_trust_deny": "Denega",
+    "repo.pulls.poster_trust_deny.tooltip": "Es cancel·laran els fluxos de treball pendents d'aprovació.",
+    "repo.pulls.poster_trust_once": "Aprova una vegada",
+    "repo.pulls.poster_trust_once.tooltip": "Els fluxos de treball provocats per un esdeveniment `pull_request` s'executaran en aquest commit, però caldrà aprovar-los per als futurs commits que siguin pujats a aquesta «pull request».",
+    "repo.pulls.poster_trust_always": "Aprova sempre",
+    "repo.pulls.poster_trust_always.tooltip": "Els fluxos de treball provocats per un esdeveniment `pull_request` s'executaran en aquest commit, i no caldrà aprovar futures execucions d'aquesta «pull request» o futures «pull requests» autoritzades pel mateix usuari.",
+    "repo.pulls.poster_trust_revoke": "Revoca",
+    "repo.pulls.poster_trust_revoke.tooltip": "L'autor d'aquesta «pull request» ja no serà autoritzat per a executar fluxos de treball a partir d'esdeveniments `pull_request`. Cada execució s'haurà d'aprovar manualment.",
+    "search.syntax": "Sintaxi de cerca",
+    "search.fuzzy": "Difusa",
+    "search.fuzzy_tooltip": "Inclou resultats que siguin una coincidència aproximada al terme de cerca",
+    "keys.verify.token.hint": "El testimoni només és vàlid durant un minut. <a href=\"%[1]s\">Obtén-ne un de nou si ha caducat</a>.",
+    "moderation.report.mark_as_handled": "Marca com a resolt",
+    "moderation.report.mark_as_ignored": "Marca com a ignorat",
+    "moderation.action.account.delete": "Elimina el compte",
+    "moderation.action.account.suspend": "Suspèn el compte",
+    "moderation.action.repo.delete": "Elimina el repositori",
+    "moderation.action.issue.delete": "Elimina el problema",
+    "moderation.action.comment.delete": "Elimina el comentari",
+    "moderation.unknown_action": "Acció desconeguda",
+    "moderation.users.cannot_suspend_admins": "Els usuaris amb privilegis d'administrador no es poden suspendre.",
+    "moderation.users.cannot_suspend_org": "Les organitzacions no es poden suspendre.",
+    "moderation.users.already_suspended": "Aquest compte d'usuari ja està suspès.",
+    "moderation.users.suspend_success": "El compte d'usuari s'ha suspès.",
+    "moderation.users.cannot_delete_admins": "Els usuaris amb privilegis d'administrador no es poden suprimir.",
+    "moderation.issue.deletion_success": "S'ha esborrat el problema.",
+    "moderation.comment.deletion_success": "S'ha esborrat el comentari.",
+    "admin.dashboard.transfer_lingering_logs": "Transfereix els registres d'accions finalitzades de la base de dades a l'emmagatzematge",
+    "actions.workflow.persistent_incomplete_matrix": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s a causa d'una expressió `needs` no vàlida. Potser fa referència a un treball que no és a la seva llista 'needs' (%[2]s), o una sortida que no existeix en un d'aquests treballs.",
+    "actions.workflow.incomplete_matrix_missing_job": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s: el treball %[2]s no és a la llista `needs` del treball %[1]s (%[3]s).",
+    "actions.workflow.incomplete_matrix_missing_output": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s: el treball %[2]s no té una sortida %[3]s.",
+    "actions.workflow.incomplete_matrix_unknown_cause": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s: error desconegut.",
+    "actions.workflow.incomplete_runson_missing_job": "No s'ha pogut avaluar `runs-on` del treball %[1]s: el treball %[2]s no és a la llista `needs` del treball %[1]s (%[3]s).",
+    "actions.workflow.incomplete_runson_missing_output": "No s'ha pogut avaluar `runs-on` del treball %[1]s: el treball %[2]s no té una sortida %[3]s.",
+    "actions.workflow.incomplete_runson_missing_matrix_dimension": "No s'ha pogut avaluar `runs-on` del treball %[1]s: la mida de la matriu %[2]s no existeix.",
+    "actions.workflow.incomplete_runson_unknown_cause": "No s'ha pogut avaluar `runs-on` del treball %[1]s: error desconegut.",
+    "admin.auths.oauth2_quota_group_map_removal": "Elimina els usuaris dels grups de quotes sincronitzats si l'usuari no pertany al grup corresponent."
 }
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 090be0f3a9..ba5c70c088 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -251,5 +251,8 @@
     "actions.workflow.incomplete_runson_missing_job": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: úloha %[2]s není v seznamu `needs` úlohy %[1]s (%[3]s).",
     "actions.workflow.incomplete_runson_missing_output": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: úloha %[2]s nemá výstup %[3]s.",
     "actions.workflow.incomplete_runson_missing_matrix_dimension": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: dimenze matice %[2]s neexistuje.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: neznámá chyba."
+    "actions.workflow.incomplete_runson_unknown_cause": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: neznámá chyba.",
+    "issues.updated": "aktualizováno %s",
+    "search.fuzzy": "Přibližné",
+    "search.fuzzy_tooltip": "Zahrnout výsledky v přibližné shodě s hledaným výrazem"
 }
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 0cd8d0ba75..99ee89204c 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -236,5 +236,8 @@
     "actions.workflow.incomplete_runson_missing_job": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: %[2]s ist nicht in der `needs`-Liste von Job %[1]s (%[3]s).",
     "actions.workflow.incomplete_runson_missing_output": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: %[2]s hat keine Ausgabe %[3]s.",
     "actions.workflow.incomplete_runson_missing_matrix_dimension": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: Matrixdimension %[2]s existiert nicht.",
-    "actions.workflow.incomplete_runson_unknown_cause": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: unbekannter Fehler."
+    "actions.workflow.incomplete_runson_unknown_cause": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: unbekannter Fehler.",
+    "search.fuzzy": "Unscharf",
+    "search.fuzzy_tooltip": "Ergebnisse, die ungefähr zum Suchbegriff passen, einbinden",
+    "issues.updated": "%s aktualisiert"
 }
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 3527875176..bcfc7473c6 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -209,5 +209,35 @@
         "other": "Naghihintay ng runner na may sumusunod na mga label: %s"
     },
     "teams.add_all_repos.modal.header": "Idagdag ang lahat ng mga repositoryo",
-    "teams.remove_all_repos.modal.header": "Tanggalin ang lahat ng mga repositoryo"
+    "teams.remove_all_repos.modal.header": "Tanggalin ang lahat ng mga repositoryo",
+    "issues.updated": "binago %s",
+    "search.fuzzy": "Humigit-kumulang",
+    "search.fuzzy_tooltip": "Ang mga resulta ay isang higit-kumukulang na tugma sa terminong hinahanap",
+    "moderation.report.mark_as_handled": "Markahan bilang ginawa",
+    "moderation.report.mark_as_ignored": "Markahan bilang hindi pinansin",
+    "moderation.action.account.delete": "Burahin ang account",
+    "moderation.action.account.suspend": "Isuspinde ang account",
+    "moderation.action.repo.delete": "Burahin ang repositoryo",
+    "moderation.action.issue.delete": "Burahin ang isyu",
+    "moderation.action.comment.delete": "Burahin ang komento",
+    "moderation.unknown_action": "Hindi alam na aksyon",
+    "moderation.users.cannot_suspend_self": "Hindi mo maaaring isuspinde ang sarili mo.",
+    "moderation.users.cannot_suspend_admins": "Hindi maaaring isuspinde ang mga user na may pribilehiyong tagapangasiwa.",
+    "moderation.users.cannot_suspend_org": "Hindi maaaring isuspinde ang mga organisasyon.",
+    "moderation.users.already_suspended": "Sinuspinde na ang user account.",
+    "moderation.users.suspend_success": "Nasuspinde na ang user account.",
+    "moderation.users.cannot_delete_admins": "Hindi maaaring burahin ang mga user na may pribilehiyong tagapangasiwa.",
+    "moderation.issue.deletion_success": "Binura na ang isyu.",
+    "moderation.comment.deletion_success": "Binura na ang komento.",
+    "actions.workflow.persistent_incomplete_matrix": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s dahil sa hindi wastong `needs` na ekspresyon. Maaari itong sumangguni sa isang trabaho na hindi nasa `needs` na listahan (%[2]s), o isang output na hindi umiiral sa isa sa mga trabaho na iyon.",
+    "actions.workflow.incomplete_matrix_missing_job": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: hindi nasa listahan ng `needs`ng trabahong %[1]s (%[3]s) ang trabahong %[2]s.",
+    "actions.workflow.incomplete_matrix_missing_output": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: walang output na %[3]s ang trabahong %[2]s.",
+    "actions.workflow.incomplete_matrix_unknown_cause": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: hindi alam na error.",
+    "actions.workflow.incomplete_runson_missing_job": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi nasa listahan ng `needs` ng trabahong %[1]s (%[3]s) ang trabahong %[2]s.",
+    "actions.workflow.incomplete_runson_missing_output": "Hindi masuri ang `runs-on` ng trabahong %[1]s: walang output na %[3]s ang trabahong %[2]s.",
+    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi umiiral ang matrix dimension na %[2]s.",
+    "actions.workflow.incomplete_runson_unknown_cause": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi alam na error.",
+    "admin.auths.oauth2_quota_group_claim_name": "Claim name na nagbibigay ng mga pangalan ng grupo para sa pinagmulan na ito na gagamitin sa pamamahala ng quota. (Opsyonal)",
+    "admin.auths.oauth2_quota_group_map": "I-map ang mga claimed group sa mga quota group. (Opsyonal - kinakailangan ang claim name sa itaas)",
+    "admin.auths.oauth2_quota_group_map_removal": "Tanggalin ang mga user mula sa mga naka-sync na quota group kung hindi nabibilang sa katumbas na grupo ang user."
 }
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index 7dcda632d7..088617715d 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -214,12 +214,35 @@
     "repo.issues.filter_reviewers.hint": "Filtrer par l'utilisateur qui a examiné",
     "repo.issues.filter_mention.hint": "Filtrer par utilisateur mentionné",
     "repo.issues.filter_modified.hint": "Filtrer par la dernière date modifiée",
-    "repo.issues.filter_sort.hint": "Trier par: date de création/commentaires/mise à jour/date limite",
+    "repo.issues.filter_sort.hint": "Trier par : date de création/commentaires/mise à jour/date limite",
     "search.syntax": "Syntaxe de recherche",
     "admin.dashboard.transfer_lingering_logs": "Transférer les journaux des actions terminées de la base de données au stockage",
     "actions.status.diagnostics.waiting": {
         "one": "Attente d'un exécuteur avec l'étiquette suivante : %s",
         "many": "Attente d'un exécuteur avec les étiquettes suivantes : %s",
         "other": ""
-    }
+    },
+    "moderation.report.mark_as_ignored": "Marquer comme ignoré",
+    "moderation.action.account.delete": "Supprimer le compte",
+    "moderation.action.account.suspend": "Suspendre le compte",
+    "moderation.action.repo.delete": "Supprimer le dépôt",
+    "moderation.action.issue.delete": "Supprimer le ticket",
+    "moderation.action.comment.delete": "Supprimer le commentaire",
+    "moderation.unknown_action": "Action inconnue",
+    "moderation.users.cannot_suspend_self": "Vous ne pouvez pas vous suspendre vous même.",
+    "moderation.users.cannot_suspend_admins": "Les utilisateurs avec les droits administrateur ne peuvent pas être suspendus.",
+    "moderation.users.cannot_suspend_org": "Les organisations ne peuvent pas être suspendues.",
+    "moderation.users.already_suspended": "Le compte est déjà suspendu.",
+    "moderation.users.suspend_success": "Le compte a été suspendu.",
+    "moderation.users.cannot_delete_admins": "Les utilisateurs avec les droits d'administration ne peuvent pas être supprimés.",
+    "moderation.issue.deletion_success": "Le ticket a été supprimé.",
+    "moderation.comment.deletion_success": "Le commentaire a été supprimé.",
+    "actions.workflow.incomplete_matrix_missing_job": "Impossible d'évaluer `strategy.matrix` de la tâche %[1]s : la tâche %[2]s n'est pas dans la liste `needs` de la tâche %[1]s (%[3]s).",
+    "actions.workflow.incomplete_matrix_missing_output": "Impossible d'évaluer `strategy.matrix` de la tâche %[1]s : la tâche %[2]s n'a pas de sortie %[3]s.",
+    "actions.workflow.incomplete_matrix_unknown_cause": "Impossible d'évaluer `strategy.matrix` de la tâche %[1]s : erreur inconnue.",
+    "actions.workflow.incomplete_runson_missing_job": "Impossible d'évaluer les `runs-on` de la tâche %[1]s : la tâche %[2]s n'est pas dans la liste des `needs` de la tâche %[1]s (%[3]s).",
+    "actions.workflow.incomplete_runson_missing_output": "Impossible d'évaluer les `runs-on` de la tâche %[1]s : la tâche %[2]s n'a pas de sortie %[3]s.",
+    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Impossible d'évaluer les `runs-on` de la tâche %[1]s : la dimension matricielle %[2]s n'existe pas.",
+    "actions.workflow.incomplete_runson_unknown_cause": "Impossible d'évaluer `runs-on` de la tâche %[1]s : erreur inconnue.",
+    "admin.auths.oauth2_quota_group_map_removal": "Supprimer les utilisateurs des groupes de quotas synchronisés si l'utilisateur n'appartient pas au groupe correspondant."
 }
diff --git a/options/locale_next/locale_he.json b/options/locale_next/locale_he.json
index 15882ce862..4c5871df1a 100644
--- a/options/locale_next/locale_he.json
+++ b/options/locale_next/locale_he.json
@@ -18,5 +18,92 @@
     "migrate.gitbucket.description": "יבוא מידע משרת GitBucket.",
     "migrate.codebase.description": "ייבוא מידע מ־codebasehq.com.",
     "migrate.forgejo.description": "ייבוא מידע מקודברג או שרת פורג'ו אחר.",
-    "home.welcome.no_activity": "אין פעילות"
+    "home.welcome.no_activity": "אין פעילות",
+    "home.explore_users": "גלה משתמשים",
+    "home.explore_orgs": "גלה ארגונים",
+    "followers.incoming.list.self.none": "אף אחד לא עוקב אחרי הפרופיל שלך.",
+    "followers.incoming.list.none": "אף אחד לא עוקב אחרי המשתמש הזה.",
+    "followers.outgoing.list.self.none": "אתה לא עוקב אחרי אף אחד.",
+    "followers.outgoing.list.none": "%s לא עוקב אחרי אף אחד.",
+    "relativetime.now": "עכשיו",
+    "relativetime.future": "בעתיד",
+    "relativetime.mins": {
+        "one": "לפי דקה אחת",
+        "two": "",
+        "other": "לפני %d דקות"
+    },
+    "relativetime.hours": {
+        "one": "לפני שעה אחת",
+        "two": "",
+        "other": "לפני %d שעות"
+    },
+    "relativetime.days": {
+        "one": "לפני יום אחד",
+        "two": "",
+        "other": "לפני %d ימים"
+    },
+    "relativetime.weeks": {
+        "one": "לפני שבוע אחד",
+        "two": "",
+        "other": "לפני %d שבועות"
+    },
+    "relativetime.months": {
+        "one": "לפני חודש אחד",
+        "two": "",
+        "other": "לפני %d חודשים"
+    },
+    "relativetime.years": {
+        "one": "לפני שנה אחת",
+        "two": "",
+        "other": "לפני %d שנים"
+    },
+    "relativetime.1day": "אתמול",
+    "relativetime.2days": "לפני יומיים",
+    "relativetime.1week": "בשבוע שעבר",
+    "relativetime.2weeks": "לפני שבועיים",
+    "relativetime.1month": "בחודש שעבר",
+    "relativetime.2months": "לפני חודשיים",
+    "relativetime.1year": "בשנה שעברה",
+    "relativetime.2years": "לפני שנתיים",
+    "repo.issues.filter_poster.hint": "סנן לפי המחבר",
+    "repo.issues.filter_assignee.hint": "סנן לפי המשתמש האחראי",
+    "repo.issues.filter_reviewers.hint": "סנן לפי המשתמש שערך ביקורת",
+    "repo.issues.filter_mention.hint": "סנן לפי המשתמש שהוזכר",
+    "repo.issues.filter_modified.hint": "סנן לפי תאריך שינוי אחרון",
+    "admin.moderation.reports": "דוחות",
+    "admin.moderation.no_open_reports": "כרגע אין דיווחים פתוחים.",
+    "moderation.report.mark_as_handled": "סמן כטופל",
+    "moderation.report.mark_as_ignored": "סמן כהוזמנח",
+    "moderation.action.account.delete": "מחק חשבון",
+    "moderation.action.account.suspend": "השעה חשבון",
+    "moderation.action.repo.delete": "מחק ריפו",
+    "moderation.action.issue.delete": "מחק סוגייה",
+    "moderation.action.comment.delete": "מחק תגובה",
+    "moderation.unknown_action": "פעולה לא ידועה",
+    "moderation.users.cannot_suspend_self": "אתה לא יכול להשעות את עצמך.",
+    "moderation.users.cannot_suspend_org": "ארגונים לא יכולים להיות מושעים.",
+    "moderation.users.already_suspended": "חשבון משתמש כבר מושעה.",
+    "moderation.users.suspend_success": "חשבון המשתמש הושעה.",
+    "moderation.issue.deletion_success": "הסוגייה נמחקה.",
+    "moderation.comment.deletion_success": "התגובה נמחקה.",
+    "moderation.report_abuse": "דיווח על התעללות",
+    "moderation.report_content": "תוכן הדיווח",
+    "moderation.report_abuse_form.header": "דיווח על התעללות למנהל",
+    "moderation.report_abuse_form.already_reported": "כבר דיווחת על התוכן הזה",
+    "moderation.abuse_category": "קטגוריה",
+    "moderation.abuse_category.placeholder": "בחר קטגוריה",
+    "moderation.abuse_category.spam": "ספאם",
+    "moderation.abuse_category.malware": "תוכנה זדונית",
+    "moderation.abuse_category.illegal_content": "תוכן בלתי חוקי",
+    "moderation.abuse_category.other_violations": "הפרות אחרות של כללי פלטפורמה",
+    "moderation.report_remarks": "הערות",
+    "moderation.report_remarks.placeholder": "אנא ספק פרטים בנוגע לניצול לרעה שאתה מדווח עליו.",
+    "moderation.submit_report": "הגש דיווח",
+    "moderation.reporting_failed": "דיווח התעללות נכשל: %v",
+    "moderation.reported_thank_you": "תודה על הדיווח שלך. ההנהלה עודכנה על כך.",
+    "mail.actions.run_info_sha": "קומיט: %[1]s",
+    "repo.diff.commit.next-short": "הבא",
+    "repo.diff.commit.previous-short": "הקודם",
+    "discussion.locked": "הדיון ננעל. היכולת להגיב מוגבלת לתורמים בלבד.",
+    "discussion.sidebar.reference": "מקור"
 }
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index c36cd7b4c1..219a62f0c0 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -196,5 +196,8 @@
     "actions.workflow.event_detection_error": "Impossibile analizzare gli eventi previsti nel flusso di lavoro: %v",
     "actions.workflow.pre_execution_error": "Il flusso di lavoro non è stato completato a causa di un errore che ha bloccato il tentativo di esecuzione.",
     "teams.add_all_repos.modal.header": "Aggiungi tutti i repositori",
-    "teams.remove_all_repos.modal.header": "Rimuovi tutti i repositori"
+    "teams.remove_all_repos.modal.header": "Rimuovi tutti i repositori",
+    "moderation.action.account.delete": "Elimina profilo",
+    "moderation.action.comment.delete": "Elimina commento",
+    "moderation.action.account.suspend": "Sospendi profilo"
 }
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index e64c287a38..672c915c6b 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -29,5 +29,25 @@
     "error.not_found.title": "Asebtar ulac-it",
     "moderation.abuse_category.placeholder": "Fren taggayt",
     "migrate.pagure.project_url": "Tansa URL n usenfar Pagure",
-    "themes.names.forgejo-auto": "Forgejo (akken i yella usentel n unagraw)"
+    "themes.names.forgejo-auto": "Forgejo (akken i yella usentel n unagraw)",
+    "stars.n_stars": {
+        "one": "%s n yitri",
+        "other": "%s n yitran"
+    },
+    "relativetime.days": {
+        "one": "%d n wass aya",
+        "other": "%d n wussan aya"
+    },
+    "relativetime.weeks": {
+        "one": "%d u imalas aya",
+        "other": "%d n imalasen aya"
+    },
+    "relativetime.months": {
+        "one": "%d n wayyur aya",
+        "other": "%d n wayyuren aya"
+    },
+    "relativetime.years": {
+        "one": "%d n useggas aya",
+        "other": "%d n iseggasen aya"
+    }
 }
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 1b98131fae..08e4d025fe 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -251,5 +251,8 @@
     "actions.workflow.incomplete_runson_missing_job": "Nevar novērtēt darba %[1]s `runs-on`: darbs %[2]s nav %[1]s `needs` sarakstā (%[3]s).",
     "actions.workflow.incomplete_runson_missing_output": "Nevar novērtēt darba %[1]s `runs-on`: darbam %[2]s nav izvades %[3]s.",
     "actions.workflow.incomplete_runson_missing_matrix_dimension": "Nevar novērtēt darba %[1]s `runs-on`: matricas dimensija %[2]s nepastāv.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Nevar novērtēt darba %[1]s `runs-on`: nezināma kļūda."
+    "actions.workflow.incomplete_runson_unknown_cause": "Nevar novērtēt darba %[1]s `runs-on`: nezināma kļūda.",
+    "issues.updated": "atjaunināts %s",
+    "search.fuzzy": "Aptuveni",
+    "search.fuzzy_tooltip": "Iekļaut iznākumus, kas aptuveni atbilst meklētajam"
 }
diff --git a/options/locale_next/locale_mic.json b/options/locale_next/locale_mic.json
new file mode 100644
index 0000000000..0967ef424b
--- /dev/null
+++ b/options/locale_next/locale_mic.json
@@ -0,0 +1 @@
+{}
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 19af25d076..6f7a4dde92 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -236,5 +236,8 @@
     "actions.workflow.incomplete_runson_missing_output": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hett keene Utgaav %[3]s.",
     "actions.workflow.incomplete_matrix_unknown_cause": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler.",
     "actions.workflow.incomplete_runson_unknown_cause": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Matrix-Richt %[2]s gifft dat nich."
+    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Matrix-Richt %[2]s gifft dat nich.",
+    "search.fuzzy": "Umslags",
+    "search.fuzzy_tooltip": "Ok Resultaten wiesen, wat so wat umslags to de Söökwoorden passen",
+    "issues.updated": "%s verneeit"
 }
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index d98b14157b..0a0c5b86c8 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -2,12 +2,12 @@
     "fork.n_forks": {
         "one": "%s fork",
         "few": "%s forki",
-        "many": ""
+        "many": "%s forków"
     },
     "stars.n_stars": {
         "one": "%s gwiazdka",
-        "few": "%s gwiazdek",
-        "many": ""
+        "few": "%s gwiazdki",
+        "many": "%s gwiazdek"
     },
     "release.n_downloads": {
         "one": "%s pobranie",
@@ -30,12 +30,12 @@
     "stars.list.none": "Nikt nie dał gwiazdki temu repozytorium.",
     "followers.incoming.list.self.none": "Nikt nie obserwuje twojego profilu.",
     "followers.incoming.list.none": "Nikt nie obserwuje tego użytkownika.",
-    "followers.outgoing.list.self.none": "Nie obserwujesz nikogo.",
-    "followers.outgoing.list.none": "%s nie obserwuje nikogo.",
+    "followers.outgoing.list.self.none": "Nikogo nie obserwujesz.",
+    "followers.outgoing.list.none": "%s nikogo nie obserwuje.",
     "home.welcome.no_activity": "Brak aktywności",
-    "home.explore_repos": "Eksploruj repozytoria",
-    "home.explore_users": "Eksploruj użytkowników",
-    "home.explore_orgs": "Eksploruj organizacje",
+    "home.explore_repos": "Przeglądaj repozytoria",
+    "home.explore_users": "Przeglądaj użytkowników",
+    "home.explore_orgs": "Przeglądaj organizacje",
     "relativetime.mins": {
         "one": "%d minutę temu",
         "few": "%d minuty temu",
@@ -65,7 +65,7 @@
     },
     "relativetime.weeks": {
         "one": "tydzień temu",
-        "few": "%d tygodni temu",
+        "few": "%d tygodnie temu",
         "many": "%d tygodni temu"
     },
     "relativetime.months": {
@@ -138,9 +138,99 @@
     "repo.pulls.maintainers_cannot_edit": "Opiekunowie nie mogą edytować tego pull requestu.",
     "watch.n_watchers": {
         "one": "%s obserwator",
-        "few": "%s obserwatora",
+        "few": "%s obserwatorów",
         "many": "%s obserwujących"
     },
     "repo.issues.filter_poster.hint": "Filtruj według autora",
-    "repo.issues.filter_assignee.hint": "Filtruj według przypisanego użytkownika"
+    "repo.issues.filter_assignee.hint": "Filtruj według przypisanego użytkownika",
+    "repo.issues.filter_reviewers.hint": "Filtruj według recenzentów",
+    "repo.issues.filter_mention.hint": "Filtruj według wspomnianych użytkowników",
+    "repo.issues.filter_modified.hint": "Filtruj według daty ostatniej modyfikacji",
+    "repo.issues.filter_sort.hint": "Sortuj według: created/comments/updated/deadline",
+    "issues.updated": "ostatnia aktualizacja: %s",
+    "repo.pulls.poster_manage_approval": "Zarządzaj zatwierdzeniami",
+    "repo.pulls.poster_requires_approval": "Kilka workflowów <a href=\"%[1]s\">oczekuje na sprawdzenie.</a>",
+    "repo.pulls.poster_requires_approval.tooltip": "Autor tego pull requesta nie jest zaufany do uruchamiania workflowów wyzwalanych przez pull requesty utworzone z forkowanego repozytorium lub z AGit. Workflowy wyzwalane przez zdarzenie `pull_request` nie zostaną uruchomione, dopóki nie zostaną zatwierdzone.",
+    "repo.pulls.poster_is_trusted": "Autor tego pull requesta jest <a href=\"%[1]s\">zawsze zaufany do uruchamiania workflowów.</a>",
+    "repo.pulls.poster_is_trusted.tooltip": "Autor tego pull requesta jest jawnie zaufany do uruchamiania workflowów wyzwalanych przez zdarzenia `pull_request`.",
+    "repo.pulls.poster_trust_deny.tooltip": "Workflowy oczekujące na zatwierdzenie zostaną anulowane.",
+    "repo.pulls.poster_trust_once.tooltip": "Workflowy wyzwalane przez zdarzenie `pull_request` zostaną uruchomione dla tego commita, ale będą wymagały zatwierdzenia dla wszystkich przyszłych commitów pushowanych do tego pull requesta.",
+    "repo.pulls.poster_trust_always.tooltip": "Workflowy wyzwalane przez zdarzenie `pull_request` zostaną uruchomione dla tego commita i nie będzie potrzeby zatwierdzania uruchomień z tego pull requesta ani z przyszłych pull requestów utworzonych przez tego samego użytkownika.",
+    "repo.pulls.poster_trust_revoke.tooltip": "Autor tego pull requesta nie będzie już zaufany do uruchamiania workflowów wyzwalanych przez zdarzenie `pull_request`. Każde uruchomienie będzie musiało zostać zatwierdzone ręcznie.",
+    "mail.actions.successful_run_after_failure_subject": "Workflow %[1]s został przywrócony w repozytorium %[2]s",
+    "mail.actions.not_successful_run_subject": "Workflow %[1]s zakończył się niepowodzeniem w repozytorium %[2]s",
+    "mail.actions.successful_run_after_failure": "Workflow %[1]s został przywrócony w repozytorium %[2]s",
+    "mail.actions.not_successful_run": "Workflow %[1]s zakończył się niepowodzeniem w repozytorium %[2]s",
+    "actions.workflow.job_parsing_error": "Nie można przeanalizować zadań w workflow: %v",
+    "actions.workflow.event_detection_error": "Nie można przeanalizować obsługiwanych zdarzeń w workflow: %v",
+    "actions.workflow.persistent_incomplete_matrix": "Nie można ocenić `strategy.matrix` zadania %[1]s z powodu nieprawidłowego wyrażenia `needs`. Może ono odwoływać się do zadania, które nie znajduje się na liście 'needs' (%[2]s), lub do wyniku, który nie istnieje w żadnym z tych zadań.",
+    "actions.workflow.incomplete_matrix_missing_job": "Nie można ocenić `strategy.matrix` zadania %[1]s: zadanie %[2]s nie znajduje się na liście `needs` zadania %[1]s (%[3]s).",
+    "actions.workflow.incomplete_matrix_missing_output": "Nie można ocenić `strategy.matrix` zadania %[1]s: zadanie %[2]s nie ma wyniku %[3]s.",
+    "actions.workflow.incomplete_matrix_unknown_cause": "Nie można ocenić `strategy.matrix` zadania %[1]s: nieznany błąd.",
+    "actions.workflow.incomplete_runson_missing_job": "Nie można ocenić `runs-on` zadania %[1]s: zadanie %[2]s nie znajduje się na liście `needs` zadania %[1]s (%[3]s).",
+    "actions.workflow.incomplete_runson_missing_output": "Nie można ocenić `runs-on` zadania %[1]s: zadanie %[2]s nie ma wyniku %[3]s.",
+    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Nie można ocenić `runs-on` zadania %[1]s: wymiar macierzy %[2]s nie istnieje.",
+    "actions.workflow.incomplete_runson_unknown_cause": "Nie można ocenić `runs-on` zadania %[1]s: nieznany błąd.",
+    "actions.workflow.pre_execution_error": "Workflow nie został uruchomiony z powodu błędu, który zablokował próbę jego wykonania.",
+    "mail.actions.run_info_cur_status": "Stan tego uruchomienia: %[1]s (dopiero zmieniony z %[2]s)",
+    "mail.actions.run_info_previous_status": "Stan poprzedniego uruchomienia: %[1]s",
+    "mail.actions.run_info_trigger": "Wyzwolony ponieważ: %[1]s przez: %[2]s",
+    "discussion.locked": "Ta dyskusja została ograniczona. Komentowanie dozwolone jest jedynie kontrybutorom.",
+    "moderation.report_abuse_form.details": "Ten formularz powinien być używany do zgłaszania użytkowników, którzy tworzą spamowe profile, repozytoria, zgłoszenia lub komentarze albo zachowują się nieodpowiednio.",
+    "moderation.report_abuse_form.already_reported": "Już to zgłosiłeś",
+    "moderation.report_remarks.placeholder": "Opisz nadużycie, które zgłaszasz.",
+    "moderation.reporting_failed": "Nie udało się wysłać zgłoszenia: %v",
+    "moderation.reported_thank_you": "Dziękujemy za zgłoszenie. Administracja została o tym powiadomiona.",
+    "admin.dashboard.cleanup_offline_runners": "Wyczyść runners offline",
+    "avatar.constraints_hint": "Własny awatar nie może przekraczać %[1]s rozmiaru pliku lub być większym niż %[2]dx%[3]d pikseli",
+    "og.repo.summary_card.alt_description": "Karta podsumowująca repozytorium %[1]s, opisana jako: %[2]s",
+    "mail.actions.run_info_sha": "Commit: %[1]s",
+    "discussion.sidebar.reference": "Referencja",
+    "admin.dashboard.remove_resolved_reports": "Usuń rozwiązane zgłoszenia",
+    "compare.branches.title": "Porównaj gałęzie",
+    "admin.auths.allow_username_change": "Zezwalaj na zmiany nazw użytkownika",
+    "repo.commit.load_tags_failed": "Wczytywanie tagów nie powiodło się z powodu wewnętrznego błędu serwera",
+    "teams.remove_all_repos.modal.header": "Usuń wszystkie repozytoria",
+    "teams.add_all_repos.modal.header": "Dodaj wszystkie repozytoria",
+    "search.fuzzy": "fFzzy",
+    "moderation.comment.deletion_success": "Komentarz został usunięty.",
+    "moderation.issue.deletion_success": "Zgłoszenie zostało usunięte.",
+    "moderation.users.cannot_delete_admins": "Użytkownik z uprawnieniami administratora nie może zostać usunięty.",
+    "moderation.users.suspend_success": "Konto zostało zawieszone.",
+    "moderation.users.already_suspended": "Konto jest już zawieszone.",
+    "moderation.users.cannot_suspend_org": "Organizacja nie może zostać zawieszona.",
+    "moderation.users.cannot_suspend_admins": "Użytkownik z uprawnieniami administratora nie może zostać zawieszony.",
+    "moderation.users.cannot_suspend_self": "Nie możesz zawiesić samego siebie.",
+    "moderation.unknown_action": "Nieznana akcja",
+    "moderation.action.comment.delete": "Usuń komentarz",
+    "moderation.action.issue.delete": "Usuń zgłoszenie",
+    "moderation.action.repo.delete": "Usuń repozytorium",
+    "moderation.action.account.suspend": "Zawieś konto",
+    "moderation.action.account.delete": "Usuń konto",
+    "moderation.report.mark_as_ignored": "Oznacz jako ignorowane",
+    "search.syntax": "Syntax wyszukiwania",
+    "actions.status.diagnostics.waiting": {
+        "one": "Oczekiwanie na runner z następującą etykietą: %s",
+        "few": "Oczekiwanie na runnery z następującą etykietą: %s",
+        "many": "Oczekiwanie na runnery z następującą etykietą: %s"
+    },
+    "repo.pulls.poster_trust_deny": "Odmów",
+    "repo.pulls.poster_trust_once": "Zezwól jednokrotnie",
+    "repo.pulls.poster_trust_always": "Zawsze zezwalaj",
+    "repo.pulls.poster_trust_revoke": "Unieważnij",
+    "admin.auths.allow_username_change.description": "Zezwól użytkownikom na zmiane nazwy użytkownika w ustawieniach profilu",
+    "admin.config.global_2fa_requirement.none": "Nie",
+    "admin.config.global_2fa_requirement.all": "Wszyscy użytkownicy",
+    "admin.config.global_2fa_requirement.admin": "Administratorzy",
+    "admin.config.global_2fa_requirement.title": "Globalne wymagane podwójnej weryfikacji",
+    "admin.config.security": "Konfiguracja zabezpieczeń",
+    "user.ghost.tooltip": "Ten użytkownik został usunięty lub nie można go znaleźć.",
+    "migrate.pagure.incorrect_url": "Nieprawidłowy URL repozytorium źródłowego został podany",
+    "migrate.pagure.description": "Przenieś dane z pagure.io lub innej instancji Pagure.",
+    "migrate.pagure.project_url": "Adres URL projektu na Pagure",
+    "migrate.pagure.project_example": "Adres URL projektu na Pagure, np. https://pagure.io/pagure",
+    "migrate.pagure.token_label": "Token do API Pagure",
+    "migrate.pagure.private_issues.summary": "Prywatne zgłoszenia (opcjonalne)",
+    "actions.runs.view_most_recent_run": "Pokaż ostatnie uruchomienie",
+    "actions.runs.run_attempt_label": "Próba uruchomienia #%[1]s (%[2]s)"
 }
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index 689d5d5fa6..3f68db87b7 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -251,5 +251,8 @@
     "actions.workflow.incomplete_runson_unknown_cause": "Não é possível avaliar `runs-on` do trabalho %[1]s: erro desconhecido.",
     "admin.auths.oauth2_quota_group_claim_name": "Nome da reivindicação que fornece nomes de grupos para esta fonte a ser usada para gestão de quotas. (Opcional)",
     "admin.auths.oauth2_quota_group_map": "Atribuir grupos reivindicados a grupos de quotas. (Opcional - requer o nome da reivindicação acima)",
-    "admin.auths.oauth2_quota_group_map_removal": "Remover os utilizadores dos grupos de quotas sincronizados se o utilizador não pertencer ao grupo correspondente."
+    "admin.auths.oauth2_quota_group_map_removal": "Remover os utilizadores dos grupos de quotas sincronizados se o utilizador não pertencer ao grupo correspondente.",
+    "issues.updated": "%s atualizado",
+    "search.fuzzy": "Difusa",
+    "search.fuzzy_tooltip": "Incluir resultados que correspondam aproximadamente ao termo de pesquisa"
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 14556e8c40..387985996e 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -251,5 +251,8 @@
     "actions.workflow.incomplete_runson_missing_output": "Не удалось проверить `runs-on` задачи %[1]s – задача %[2]s не имеет интерфейс вывода %[3]s.",
     "actions.workflow.incomplete_runson_missing_matrix_dimension": "Не удалось проверить `runs-on` задачи %[1]s – измерение матрицы %[2]s не существует.",
     "actions.workflow.incomplete_runson_unknown_cause": "Не удалось проверить `runs-on` задачи %[1]s – неизвестная ошибка.",
-    "admin.auths.oauth2_quota_group_map": "Связывать группы из указанного выше утверждения (claim) с группами квот"
+    "admin.auths.oauth2_quota_group_map": "Связывать группы из указанного выше утверждения (claim) с группами квот",
+    "search.fuzzy": "Приблиз.",
+    "search.fuzzy_tooltip": "Включает результаты, приблизительно соответствующие запросу",
+    "issues.updated": "обнов. %s"
 }
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index 7496fb2601..1ac1222f70 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -183,7 +183,7 @@
         "many": "%s активних запитів на злиття"
     },
     "migrate.pagure.private_issues.summary": "Приватні задачі (необов’язково)",
-    "migrate.pagure.private_issues.description": "Ця функція дозволяє створити додатковий репозиторій для архівування в ньому приватних задач із вашого проєкту Pagure. Спочатку виконайте звичайну міграцію (без токена), щоб імпортувати весь публічний вміст. Потім, якщо у вас є приватні задачі, які потрібно зберегти, створіть окремий репозиторій, використовуючи токен, щоб архівувати ці приватні задачі.",
+    "migrate.pagure.private_issues.description": "Ця функція дозволяє створити додатковий репозиторій для архівування в ньому приватних задач із вашого проєкту Pagure. Спочатку виконайте звичайне перенесення (без токена), щоб імпортувати весь публічний вміст. Потім, якщо у вас є приватні задачі, які потрібно зберегти, створіть окремий репозиторій, використовуючи токен, щоб архівувати ці приватні задачі.",
     "migrate.pagure.private_issues.warning": "Обов’язково встановіть видимість репозиторію на «Приватний», якщо використовуєте ключ API для імпорту приватних задач. Це запобігає випадковому розкриттю приватного вмісту в публічному репозиторії.",
     "migrate.pagure.token.placeholder": "Тільки для створення архіву приватних задач",
     "mail.issue.action.close_by_commit": "%[1]s закриває %[2]s в коміті %[3]s.",
@@ -210,14 +210,14 @@
     "repo.pulls.poster_trust_once.tooltip": "Робочі потоки, ініційовані подією `pull_request`, будуть виконані для цього коміту, але їх потрібно буде схвалювати для всіх наступних комітів, надісланих до цього запиту на злиття.",
     "repo.pulls.poster_trust_always.tooltip": "Робочі потоки, ініційовані подією `pull_request`, будуть виконані для цього коміту, і не буде необхідності схвалювати запуски з цього запиту на злиття або наступних запитів, створених тим самим користувачем.",
     "repo.pulls.poster_trust_revoke.tooltip": "Автор цього запиту на злиття більше не зможе запускати робочі потоки, ініційовані подією `pull_request`, кожен запуск потрібно буде схвалювати вручну.",
-    "admin.dashboard.actions_action_user": "Відкликати довіру Дій Forgejo для неактивних користувачів",
+    "admin.dashboard.actions_action_user": "Відкликати довіру Дій Forgejo у неактивних користувачів",
     "actions.status.diagnostics.waiting": {
         "one": "Очікування ранера з міткою: %s",
         "few": "Очікування ранера з мітками: %s",
         "many": "Очікування ранера з мітками: %s"
     },
     "keys.verify.token.hint": "Токен дійсний лише протягом 1 хвилини. <a href=\"%[1]s\">Отримайте новий, якщо термін дії закінчився</a>.",
-    "admin.dashboard.transfer_lingering_logs": "Перенести журнали виконаних завдань із бази даних до сховища",
+    "admin.dashboard.transfer_lingering_logs": "Перемістити журнали виконаних завдань із бази даних до сховища",
     "search.syntax": "Синтаксис пошуку",
     "repo.issues.filter_poster.hint": "Фільтрувати за автором",
     "repo.issues.filter_assignee.hint": "Фільтрувати за призначеним користувачем",
@@ -251,5 +251,8 @@
     "actions.workflow.incomplete_matrix_missing_output": "Неможливо оцінити `strategy.matrix` завдання %[1]s: результат %[3]s не існує в завданні %[2]s.",
     "actions.workflow.incomplete_runson_missing_job": "Неможливо оцінити `runs-on` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s).",
     "actions.workflow.incomplete_runson_missing_output": "Неможливо оцінити `runs-on` завдання %[1]s: результат %[3]s не існує в завданні %[2]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Неможливо оцінити `runs-on` завдання %[1]s: розмір матриці %[2]s не існує."
+    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Неможливо оцінити `runs-on` завдання %[1]s: розмір матриці %[2]s не існує.",
+    "search.fuzzy": "Нечіткий",
+    "search.fuzzy_tooltip": "Включати результати, які приблизно відповідають пошуковому запиту",
+    "issues.updated": "оновлено %s"
 }
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index 83c0b72aa1..847e5df36d 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -164,5 +164,35 @@
     "repo.pulls.poster_trust_always": "始终批准",
     "repo.pulls.poster_trust_always.tooltip": "由`pull_request`事件触发的工作流会基于此提交运行，且来自此合并请求或同一用户的其他合并请求的运行不需要批准。",
     "repo.pulls.poster_trust_revoke": "撤销",
-    "repo.pulls.poster_trust_revoke.tooltip": "此合并请求的作者将不再被信任以运行`pull_request`事件触发的工作流，所有运行均需被手动批准。"
+    "repo.pulls.poster_trust_revoke.tooltip": "此合并请求的作者将不再被信任以运行`pull_request`事件触发的工作流，所有运行均需被手动批准。",
+    "moderation.report.mark_as_handled": "标记为已处理",
+    "moderation.report.mark_as_ignored": "标记为忽略",
+    "moderation.action.account.delete": "删除账户",
+    "moderation.action.account.suspend": "封禁账户",
+    "moderation.action.repo.delete": "删除仓库",
+    "moderation.action.issue.delete": "删除议题",
+    "moderation.action.comment.delete": "删除评论",
+    "moderation.unknown_action": "未知操作",
+    "moderation.users.cannot_suspend_self": "您不能封禁您自己。",
+    "moderation.users.cannot_suspend_admins": "您不能封禁有管理权限的用户。",
+    "moderation.users.cannot_suspend_org": "您不能封禁组织。",
+    "moderation.users.already_suspended": "该账户已经处于封禁状态。",
+    "moderation.users.suspend_success": "已封禁该账户。",
+    "moderation.users.cannot_delete_admins": "您不能删除有管理权限的账户。",
+    "moderation.issue.deletion_success": "已删除该议题。",
+    "moderation.comment.deletion_success": "已删除该评论。",
+    "actions.workflow.persistent_incomplete_matrix": "因`needs`表达式无效，无法解析该任务的`strategy.martix`。可能引用了一个未在其 needs 列表（%[2]s）当中的任务，或者该列表中某些任务没有输出。",
+    "actions.workflow.incomplete_matrix_missing_job": "无法解析任务‘%[1]s’的`strategy.martix`：任务‘%[2]s’不在‘%[1]s’的`needs`列表当中（%[3]s）。",
+    "actions.workflow.incomplete_matrix_missing_output": "无法解析任务‘%[1]s’的`strategy.martix`：任务‘%[2]s’没有输出‘%[3]s’。",
+    "actions.workflow.incomplete_matrix_unknown_cause": "无法解析任务‘%[1]s’的`strategy.martix`：未知错误。",
+    "actions.workflow.incomplete_runson_missing_job": "无法解析任务‘%[1]s’的`runs-on`：任务‘%[2]s’不在任务‘%[1]s’的`needs`列表内（%[3]s）。",
+    "actions.workflow.incomplete_runson_missing_output": "无法解析任务‘%[1]s’的`runs-on`：任务‘%[2]s’没有输出‘%[3]s’。",
+    "actions.workflow.incomplete_runson_missing_matrix_dimension": "无法解析任务‘%[1]s’的`runs-on`：矩阵维度‘%[2]s’不存在。",
+    "actions.workflow.incomplete_runson_unknown_cause": "无法解析任务‘%[1]s’的`runs-on`：未知错误。",
+    "admin.auths.oauth2_quota_group_claim_name": "用于设定该来源配额组名的声明（claim）的名称。（可选）",
+    "admin.auths.oauth2_quota_group_map": "将声明组映射到配额组。（可选，需要填写上述声明名称）",
+    "admin.auths.oauth2_quota_group_map_removal": "如果用户不是对应组的成员，则将用户从同步的配额组中移出。",
+    "search.fuzzy": "模糊",
+    "issues.updated": "更新于 %s",
+    "search.fuzzy_tooltip": "包含与搜索关键字相似的结果"
 }

From e86f5ef7d488b8d40656e58d35fdb74aa262ab3a Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 27 Dec 2025 15:57:25 +0100
Subject: [PATCH 052/854] fix: allow Actions trust management on conflicted PRs
 (#10594)

Fixes #10589.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10594
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 templates/repo/issue/view_content/pull.tmpl |  1 +
 tests/integration/actions_trust_test.go     | 91 ++++++++++++++++++++-
 tests/integration/html_helper.go            |  8 ++
 3 files changed, 96 insertions(+), 4 deletions(-)

diff --git a/templates/repo/issue/view_content/pull.tmpl b/templates/repo/issue/view_content/pull.tmpl
index 21f0d613ed..3a6a306b12 100644
--- a/templates/repo/issue/view_content/pull.tmpl
+++ b/templates/repo/issue/view_content/pull.tmpl
@@ -77,6 +77,7 @@
 					<li>{{.}}</li>
 					{{end}}
 				</ul>
+				{{template "repo/pulls/trust" .}}
 			{{else if .IsPullRequestBroken}}
 				<div class="item">
 					{{svg "octicon-x"}}
diff --git a/tests/integration/actions_trust_test.go b/tests/integration/actions_trust_test.go
index 7a683d5625..651700cd26 100644
--- a/tests/integration/actions_trust_test.go
+++ b/tests/integration/actions_trust_test.go
@@ -20,6 +20,7 @@ import (
 	actions_module "forgejo.org/modules/actions"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/structs"
+	"forgejo.org/modules/translation"
 	actions_service "forgejo.org/services/actions"
 	pull_service "forgejo.org/services/pull"
 	repo_service "forgejo.org/services/repository"
@@ -68,6 +69,32 @@ func actionsTrustTestAssertNoTrustPanel(t *testing.T, session *TestSession, url
 	actionsTrustTestAssertTrustPanelPresence(t, session, url, false)
 }
 
+func actionsTrustTestAssertPRIsWIP(t *testing.T, session *TestSession, url string) {
+	t.Helper()
+
+	req := NewRequest(t, "GET", url)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	locale := translation.NewLocale("en-US")
+	assert.Equal(t, 1, htmlDoc.FindByTextTrim("div", locale.TrString("repo.pulls.cannot_merge_work_in_progress")).Length())
+}
+
+func actionsTrustTestAssertPRConflicted(t *testing.T, session *TestSession, url string) {
+	t.Helper()
+
+	req := NewRequest(t, "GET", url)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+
+	locale := translation.NewLocale("en-US")
+
+	// ....Eventually is used because conflict checking is async and may not complete immediately.
+	require.Eventually(t, func() bool {
+		return htmlDoc.FindByTextTrim("div", locale.TrString("repo.pulls.files_conflicted")).Length() == 1
+	}, 5*time.Second, time.Millisecond*100)
+}
+
 func actionsTrustTestCreateBaseRepo(t *testing.T, owner *user_model.User) (*repo_model.Repository, func()) {
 	t.Helper()
 
@@ -127,13 +154,19 @@ func actionsTrustTestRequireRun(t *testing.T, repo *repo_model.Repository, modif
 func actionsTrustTestRepoCreateBranch(t *testing.T, doer *user_model.User, repo *repo_model.Repository) *structs.FilesResponse {
 	t.Helper()
 
-	return actionsTrustTestModifyRepo(t, doer, repo, "file_in_fork.txt", "main", "fork-branch-1")
+	return actionsTrustTestModifyRepo(t, doer, repo, "file_in_fork.txt", "main", "fork-branch-1", "content")
+}
+
+func actionsTrustMakePRConflicted(t *testing.T, doer *user_model.User, repo *repo_model.Repository) *structs.FilesResponse {
+	t.Helper()
+
+	return actionsTrustTestModifyRepo(t, doer, repo, "file_in_fork.txt", "main", "main", "conflicting content")
 }
 
 func actionsTrustTestRepoModify(t *testing.T, doer *user_model.User, baseRepo, headRepo *repo_model.Repository, filename string) *structs.FilesResponse {
 	t.Helper()
 
-	modified := actionsTrustTestModifyRepo(t, doer, headRepo, filename, "fork-branch-1", "fork-branch-1")
+	modified := actionsTrustTestModifyRepo(t, doer, headRepo, filename, "fork-branch-1", "fork-branch-1", "content")
 	// the creation of the run is not synchronous
 	require.Eventually(t, func() bool {
 		return unittest.BeanExists(t, &actions_model.ActionRun{RepoID: baseRepo.ID, CommitSHA: modified.Commit.SHA})
@@ -141,7 +174,7 @@ func actionsTrustTestRepoModify(t *testing.T, doer *user_model.User, baseRepo, h
 	return modified
 }
 
-func actionsTrustTestModifyRepo(t *testing.T, doer *user_model.User, repo *repo_model.Repository, filename, oldBranch, newBranch string) *structs.FilesResponse {
+func actionsTrustTestModifyRepo(t *testing.T, doer *user_model.User, repo *repo_model.Repository, filename, oldBranch, newBranch, content string) *structs.FilesResponse {
 	t.Helper()
 
 	// add a new file to the forked repo
@@ -150,7 +183,7 @@ func actionsTrustTestModifyRepo(t *testing.T, doer *user_model.User, repo *repo_
 			{
 				Operation:     "create",
 				TreePath:      filename,
-				ContentReader: strings.NewReader("content"),
+				ContentReader: strings.NewReader(content),
 			},
 		},
 		Message:   "add " + filename,
@@ -220,6 +253,23 @@ func actionsTrustTestCreatePullRequestFromForkedRepo(t *testing.T, baseUser *use
 	return forkedRepo, pullRequest, addFileToForkedResp
 }
 
+// Mark the PR as a work-in-progress PR
+func actionsTrustTestSetPullRequestWIP(t *testing.T, pullRequest *issues_model.PullRequest, wip bool) {
+	t.Helper()
+	newTitle := pullRequest.Issue.Title
+	if wip && !pullRequest.IsWorkInProgress(t.Context()) {
+		newTitle = fmt.Sprintf("WIP: %s", pullRequest.Issue.Title)
+	} else if !wip {
+		prefix := pullRequest.GetWorkInProgressPrefix(t.Context())
+		newTitle = pullRequest.Issue.Title[len(prefix):]
+	}
+	pullRequest.Issue.Title = newTitle
+	require.NoError(t, issues_model.UpdateIssueCols(t.Context(), pullRequest.Issue, "name"))
+
+	pullRequest.Issue = nil
+	require.NoError(t, pullRequest.LoadIssue(t.Context()))
+}
+
 func TestActionsPullRequestTrustPanel(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		ownerUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) // owner of the repo
@@ -353,3 +403,36 @@ func TestActionsPullRequestTrustPanel(t *testing.T) {
 		})
 	})
 }
+
+func TestActionsPullRequestTrustPanelWIPConflicts(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		ownerUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2}) // owner of the repo
+
+		regularUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5}) // a regular user with no specific permission
+		regularSession := loginUser(t, regularUser.Name)
+
+		userAdmin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) // the instance admin
+		adminSession := loginUser(t, userAdmin.Name)
+
+		baseRepo, f := actionsTrustTestCreateBaseRepo(t, ownerUser)
+		defer f()
+
+		_, pullRequest, _ := actionsTrustTestCreatePullRequestFromForkedRepo(t, ownerUser, baseRepo, regularUser)
+		pullRequestLink := pullRequest.Issue.Link()
+
+		actionsTrustTestSetPullRequestWIP(t, pullRequest, true)
+		actionsTrustTestAssertPRIsWIP(t, adminSession, pullRequestLink)
+
+		t.Run("Regular user sees pending approval even though PR is a WIP PR", func(t *testing.T) {
+			actionsTrustTestAssertTrustPanel(t, regularSession, pullRequestLink)
+		})
+
+		actionsTrustTestSetPullRequestWIP(t, pullRequest, false)
+		_ = actionsTrustMakePRConflicted(t, userAdmin, baseRepo)
+		actionsTrustTestAssertPRConflicted(t, adminSession, pullRequestLink)
+
+		t.Run("Regular user sees pending approval even though PR is conflicted", func(t *testing.T) {
+			actionsTrustTestAssertTrustPanel(t, regularSession, pullRequestLink)
+		})
+	})
+}
diff --git a/tests/integration/html_helper.go b/tests/integration/html_helper.go
index bcf63e9730..e793009ce0 100644
--- a/tests/integration/html_helper.go
+++ b/tests/integration/html_helper.go
@@ -6,6 +6,7 @@ package integration
 import (
 	"bytes"
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/PuerkitoBio/goquery"
@@ -108,6 +109,13 @@ func (doc *HTMLDoc) FindByText(selector, text string) *goquery.Selection {
 	})
 }
 
+// FindByText gets all elements by selector that also has the given text, w/ leading & trailing whitespace trimmed
+func (doc *HTMLDoc) FindByTextTrim(selector, text string) *goquery.Selection {
+	return doc.doc.Find(selector).FilterFunction(func(i int, s *goquery.Selection) bool {
+		return strings.TrimSpace(s.Text()) == text
+	})
+}
+
 // AssertSelection check if selection exists or does not exist depending on checkExists
 func (doc *HTMLDoc) AssertSelection(t testing.TB, selection *goquery.Selection, checkExists bool) {
 	if checkExists {

From e959014c8cc222c4850ccd9d3d80dac9c3425f41 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 27 Dec 2025 17:23:47 +0100
Subject: [PATCH 053/854] test: remove diagnostic output in 'copy to
 experimental' (#10591)

Cleans up diagnostic output added in #10586.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10591
Reviewed-by: floss4good <floss4good@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .forgejo/workflows/build-release.yml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 11a3d5f2c7..4a17e30174 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -227,21 +227,12 @@ jobs:
             curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null
             curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null
           fi
-
-          # FIXME: remove these diagnostic commands that are intended to ensure the `rm` below works.
-          git config --list
-          echo "RUNNER_TEMP = $RUNNER_TEMP"
-
           # actions/checkout@v6 sets http.https://codeberg.org/.extraheader with the automatic token. Get rid of it so
           # it does not prevent using the token that has write permissions. As of @v6, it is stored in
           # $RUNNER_TEMP/git-credentials-(uuid).config and included in the repo via
           # includeif.gitdir:...=$RUNNER_TEMP/git-credentials-(uuid).config. Since we don't need these credentials
           # anymore we can just remove the generated config file.
           rm -f $RUNNER_TEMP/git-credentials-*
-
-          # FIXME: remove these diagnostic comamnds that are intended to ensure the `rm` above works.
-          git config --list
-
           if test -f .git/shallow ; then
             echo "unexpected .git/shallow file is present"
             echo "it suggests a checkout --depth X was used which may prevent pushing the commit"

From 0a1452f8ba9e722bbce0e8e1c799f0022c16fb39 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 28 Dec 2025 04:06:14 +0100
Subject: [PATCH 054/854] Update module github.com/go-openapi/spec to v0.22.3
 (forgejo) (#10579)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10579
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 35b887a26e..eef2384de2 100644
--- a/go.mod
+++ b/go.mod
@@ -50,7 +50,7 @@ require (
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-enry/go-enry/v2 v2.9.2
 	github.com/go-ldap/ldap/v3 v3.4.12
-	github.com/go-openapi/spec v0.22.2
+	github.com/go-openapi/spec v0.22.3
 	github.com/go-sql-driver/mysql v1.9.3
 	github.com/go-webauthn/webauthn v0.14.0
 	github.com/gobwas/glob v0.2.3
diff --git a/go.sum b/go.sum
index cb01138dc6..bc17ae36a1 100644
--- a/go.sum
+++ b/go.sum
@@ -311,8 +311,8 @@ github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegO
 github.com/go-openapi/jsonpointer v0.22.4/go.mod h1:elX9+UgznpFhgBuaMQ7iu4lvvX1nvNsesQ3oxmYTw80=
 github.com/go-openapi/jsonreference v0.21.4 h1:24qaE2y9bx/q3uRK/qN+TDwbok1NhbSmGjjySRCHtC8=
 github.com/go-openapi/jsonreference v0.21.4/go.mod h1:rIENPTjDbLpzQmQWCj5kKj3ZlmEh+EFVbz3RTUh30/4=
-github.com/go-openapi/spec v0.22.2 h1:KEU4Fb+Lp1qg0V4MxrSCPv403ZjBl8Lx1a83gIPU8Qc=
-github.com/go-openapi/spec v0.22.2/go.mod h1:iIImLODL2loCh3Vnox8TY2YWYJZjMAKYyLH2Mu8lOZs=
+github.com/go-openapi/spec v0.22.3 h1:qRSmj6Smz2rEBxMnLRBMeBWxbbOvuOoElvSvObIgwQc=
+github.com/go-openapi/spec v0.22.3/go.mod h1:iIImLODL2loCh3Vnox8TY2YWYJZjMAKYyLH2Mu8lOZs=
 github.com/go-openapi/swag/conv v0.25.4 h1:/Dd7p0LZXczgUcC/Ikm1+YqVzkEeCc9LnOWjfkpkfe4=
 github.com/go-openapi/swag/conv v0.25.4/go.mod h1:3LXfie/lwoAv0NHoEuY1hjoFAYkvlqI/Bn5EQDD3PPU=
 github.com/go-openapi/swag/jsonname v0.25.4 h1:bZH0+MsS03MbnwBXYhuTttMOqk+5KcQ9869Vye1bNHI=

From 17b14b3d5174c77a8aae5a115f79dc82dbfbe3c6 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 28 Dec 2025 06:27:32 +0100
Subject: [PATCH 055/854] Update dependency typescript-eslint to v8.50.1
 (forgejo) (#10606)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 124 +++++++++++++++++++++++-----------------------
 package.json      |   2 +-
 2 files changed, 63 insertions(+), 63 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c1910f07d3..2627e30450 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -98,7 +98,7 @@
         "stylelint-value-no-unknown-custom-properties": "6.1.0",
         "svgo": "4.0.0",
         "typescript": "5.9.3",
-        "typescript-eslint": "8.50.0",
+        "typescript-eslint": "8.50.1",
         "vite-string-plugin": "1.4.9",
         "vitest": "4.0.16"
       },
@@ -3742,17 +3742,17 @@
       "license": "MIT"
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.50.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.50.0.tgz",
-      "integrity": "sha512-O7QnmOXYKVtPrfYzMolrCTfkezCJS9+ljLdKW/+DCvRsc3UAz+sbH6Xcsv7p30+0OwUbeWfUDAQE0vpabZ3QLg==",
+      "version": "8.50.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.50.1.tgz",
+      "integrity": "sha512-PKhLGDq3JAg0Jk/aK890knnqduuI/Qj+udH7wCf0217IGi4gt+acgCyPVe79qoT+qKUvHMDQkwJeKW9fwl8Cyw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.10.0",
-        "@typescript-eslint/scope-manager": "8.50.0",
-        "@typescript-eslint/type-utils": "8.50.0",
-        "@typescript-eslint/utils": "8.50.0",
-        "@typescript-eslint/visitor-keys": "8.50.0",
+        "@typescript-eslint/scope-manager": "8.50.1",
+        "@typescript-eslint/type-utils": "8.50.1",
+        "@typescript-eslint/utils": "8.50.1",
+        "@typescript-eslint/visitor-keys": "8.50.1",
         "ignore": "^7.0.0",
         "natural-compare": "^1.4.0",
         "ts-api-utils": "^2.1.0"
@@ -3765,7 +3765,7 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.50.0",
+        "@typescript-eslint/parser": "^8.50.1",
         "eslint": "^8.57.0 || ^9.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
@@ -3781,17 +3781,17 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.50.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.50.0.tgz",
-      "integrity": "sha512-6/cmF2piao+f6wSxUsJLZjck7OQsYyRtcOZS02k7XINSNlz93v6emM8WutDQSXnroG2xwYlEVHJI+cPA7CPM3Q==",
+      "version": "8.50.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.50.1.tgz",
+      "integrity": "sha512-hM5faZwg7aVNa819m/5r7D0h0c9yC4DUlWAOvHAtISdFTc8xB86VmX5Xqabrama3wIPJ/q9RbGS1worb6JfnMg==",
       "dev": true,
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.50.0",
-        "@typescript-eslint/types": "8.50.0",
-        "@typescript-eslint/typescript-estree": "8.50.0",
-        "@typescript-eslint/visitor-keys": "8.50.0",
+        "@typescript-eslint/scope-manager": "8.50.1",
+        "@typescript-eslint/types": "8.50.1",
+        "@typescript-eslint/typescript-estree": "8.50.1",
+        "@typescript-eslint/visitor-keys": "8.50.1",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -3807,14 +3807,14 @@
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.50.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.50.0.tgz",
-      "integrity": "sha512-Cg/nQcL1BcoTijEWyx4mkVC56r8dj44bFDvBdygifuS20f3OZCHmFbjF34DPSi07kwlFvqfv/xOLnJ5DquxSGQ==",
+      "version": "8.50.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.50.1.tgz",
+      "integrity": "sha512-E1ur1MCVf+YiP89+o4Les/oBAVzmSbeRB0MQLfSlYtbWU17HPxZ6Bhs5iYmKZRALvEuBoXIZMOIRRc/P++Ortg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.50.0",
-        "@typescript-eslint/types": "^8.50.0",
+        "@typescript-eslint/tsconfig-utils": "^8.50.1",
+        "@typescript-eslint/types": "^8.50.1",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -3829,14 +3829,14 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.50.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.50.0.tgz",
-      "integrity": "sha512-xCwfuCZjhIqy7+HKxBLrDVT5q/iq7XBVBXLn57RTIIpelLtEIZHXAF/Upa3+gaCpeV1NNS5Z9A+ID6jn50VD4A==",
+      "version": "8.50.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.50.1.tgz",
+      "integrity": "sha512-mfRx06Myt3T4vuoHaKi8ZWNTPdzKPNBhiblze5N50//TSHOAQQevl/aolqA/BcqqbJ88GUnLqjjcBc8EWdBcVw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.50.0",
-        "@typescript-eslint/visitor-keys": "8.50.0"
+        "@typescript-eslint/types": "8.50.1",
+        "@typescript-eslint/visitor-keys": "8.50.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3847,9 +3847,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.50.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.50.0.tgz",
-      "integrity": "sha512-vxd3G/ybKTSlm31MOA96gqvrRGv9RJ7LGtZCn2Vrc5htA0zCDvcMqUkifcjrWNNKXHUU3WCkYOzzVSFBd0wa2w==",
+      "version": "8.50.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.50.1.tgz",
+      "integrity": "sha512-ooHmotT/lCWLXi55G4mvaUF60aJa012QzvLK0Y+Mp4WdSt17QhMhWOaBWeGTFVkb2gDgBe19Cxy1elPXylslDw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3864,15 +3864,15 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.50.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.50.0.tgz",
-      "integrity": "sha512-7OciHT2lKCewR0mFoBrvZJ4AXTMe/sYOe87289WAViOocEmDjjv8MvIOT2XESuKj9jp8u3SZYUSh89QA4S1kQw==",
+      "version": "8.50.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.50.1.tgz",
+      "integrity": "sha512-7J3bf022QZE42tYMO6SL+6lTPKFk/WphhRPe9Tw/el+cEwzLz1Jjz2PX3GtGQVxooLDKeMVmMt7fWpYRdG5Etg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.50.0",
-        "@typescript-eslint/typescript-estree": "8.50.0",
-        "@typescript-eslint/utils": "8.50.0",
+        "@typescript-eslint/types": "8.50.1",
+        "@typescript-eslint/typescript-estree": "8.50.1",
+        "@typescript-eslint/utils": "8.50.1",
         "debug": "^4.3.4",
         "ts-api-utils": "^2.1.0"
       },
@@ -3889,9 +3889,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.50.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.50.0.tgz",
-      "integrity": "sha512-iX1mgmGrXdANhhITbpp2QQM2fGehBse9LbTf0sidWK6yg/NE+uhV5dfU1g6EYPlcReYmkE9QLPq/2irKAmtS9w==",
+      "version": "8.50.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.50.1.tgz",
+      "integrity": "sha512-v5lFIS2feTkNyMhd7AucE/9j/4V9v5iIbpVRncjk/K0sQ6Sb+Np9fgYS/63n6nwqahHQvbmujeBL7mp07Q9mlA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3903,16 +3903,16 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.50.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.50.0.tgz",
-      "integrity": "sha512-W7SVAGBR/IX7zm1t70Yujpbk+zdPq/u4soeFSknWFdXIFuWsBGBOUu/Tn/I6KHSKvSh91OiMuaSnYp3mtPt5IQ==",
+      "version": "8.50.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.50.1.tgz",
+      "integrity": "sha512-woHPdW+0gj53aM+cxchymJCrh0cyS7BTIdcDxWUNsclr9VDkOSbqC13juHzxOmQ22dDkMZEpZB+3X1WpUvzgVQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.50.0",
-        "@typescript-eslint/tsconfig-utils": "8.50.0",
-        "@typescript-eslint/types": "8.50.0",
-        "@typescript-eslint/visitor-keys": "8.50.0",
+        "@typescript-eslint/project-service": "8.50.1",
+        "@typescript-eslint/tsconfig-utils": "8.50.1",
+        "@typescript-eslint/types": "8.50.1",
+        "@typescript-eslint/visitor-keys": "8.50.1",
         "debug": "^4.3.4",
         "minimatch": "^9.0.4",
         "semver": "^7.6.0",
@@ -3964,16 +3964,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.50.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.50.0.tgz",
-      "integrity": "sha512-87KgUXET09CRjGCi2Ejxy3PULXna63/bMYv72tCAlDJC3Yqwln0HiFJ3VJMst2+mEtNtZu5oFvX4qJGjKsnAgg==",
+      "version": "8.50.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.50.1.tgz",
+      "integrity": "sha512-lCLp8H1T9T7gPbEuJSnHwnSuO9mDf8mfK/Nion5mZmiEaQD9sWf9W4dfeFqRyqRjF06/kBuTmAqcs9sewM2NbQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.7.0",
-        "@typescript-eslint/scope-manager": "8.50.0",
-        "@typescript-eslint/types": "8.50.0",
-        "@typescript-eslint/typescript-estree": "8.50.0"
+        "@typescript-eslint/scope-manager": "8.50.1",
+        "@typescript-eslint/types": "8.50.1",
+        "@typescript-eslint/typescript-estree": "8.50.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3988,13 +3988,13 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.50.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.50.0.tgz",
-      "integrity": "sha512-Xzmnb58+Db78gT/CCj/PVCvK+zxbnsw6F+O1oheYszJbBSdEjVhQi3C/Xttzxgi/GLmpvOggRs1RFpiJ8+c34Q==",
+      "version": "8.50.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.50.1.tgz",
+      "integrity": "sha512-IrDKrw7pCRUR94zeuCSUWQ+w8JEf5ZX5jl/e6AHGSLi1/zIr0lgutfn/7JpfCey+urpgQEdrZVYzCaVVKiTwhQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.50.0",
+        "@typescript-eslint/types": "8.50.1",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -14609,16 +14609,16 @@
       }
     },
     "node_modules/typescript-eslint": {
-      "version": "8.50.0",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.50.0.tgz",
-      "integrity": "sha512-Q1/6yNUmCpH94fbgMUMg2/BSAr/6U7GBk61kZTv1/asghQOWOjTlp9K8mixS5NcJmm2creY+UFfGeW/+OcA64A==",
+      "version": "8.50.1",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.50.1.tgz",
+      "integrity": "sha512-ytTHO+SoYSbhAH9CrYnMhiLx8To6PSSvqnvXyPUgPETCvB6eBKmTI9w6XMPS3HsBRGkwTVBX+urA8dYQx6bHfQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.50.0",
-        "@typescript-eslint/parser": "8.50.0",
-        "@typescript-eslint/typescript-estree": "8.50.0",
-        "@typescript-eslint/utils": "8.50.0"
+        "@typescript-eslint/eslint-plugin": "8.50.1",
+        "@typescript-eslint/parser": "8.50.1",
+        "@typescript-eslint/typescript-estree": "8.50.1",
+        "@typescript-eslint/utils": "8.50.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
diff --git a/package.json b/package.json
index 3fde2aa8c4..b98bd83ea3 100644
--- a/package.json
+++ b/package.json
@@ -97,7 +97,7 @@
     "stylelint-value-no-unknown-custom-properties": "6.1.0",
     "svgo": "4.0.0",
     "typescript": "5.9.3",
-    "typescript-eslint": "8.50.0",
+    "typescript-eslint": "8.50.1",
     "vite-string-plugin": "1.4.9",
     "vitest": "4.0.16"
   },

From b76e69615b15637264ab34eeb43e4cf6e1e387af Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 28 Dec 2025 06:42:09 +0100
Subject: [PATCH 056/854] Lock file maintenance (forgejo) (#10608)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10608
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 86 +++++++++++++++++++++++------------------------
 1 file changed, 43 insertions(+), 43 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2627e30450..75e955309d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -246,16 +246,16 @@
       "license": "MIT"
     },
     "node_modules/@cacheable/memory": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/@cacheable/memory/-/memory-2.0.6.tgz",
-      "integrity": "sha512-7e8SScMocHxcAb8YhtkbMhGG+EKLRIficb1F5sjvhSYsWTZGxvg4KIDp8kgxnV2PUJ3ddPe6J9QESjKvBWRDkg==",
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/@cacheable/memory/-/memory-2.0.7.tgz",
+      "integrity": "sha512-RbxnxAMf89Tp1dLhXMS7ceft/PGsDl1Ip7T20z5nZ+pwIAsQ1p2izPjVG69oCLv/jfQ7HDPHTWK0c9rcAWXN3A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@cacheable/utils": "^2.3.2",
+        "@cacheable/utils": "^2.3.3",
         "@keyv/bigmap": "^1.3.0",
-        "hookified": "^1.13.0",
-        "keyv": "^5.5.4"
+        "hookified": "^1.14.0",
+        "keyv": "^5.5.5"
       }
     },
     "node_modules/@cacheable/memory/node_modules/@keyv/bigmap": {
@@ -287,14 +287,14 @@
       }
     },
     "node_modules/@cacheable/utils": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/@cacheable/utils/-/utils-2.3.2.tgz",
-      "integrity": "sha512-8kGE2P+HjfY8FglaOiW+y8qxcaQAfAhVML+i66XJR3YX5FtyDqn6Txctr3K2FrbxLKixRRYYBWMbuGciOhYNDg==",
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/@cacheable/utils/-/utils-2.3.3.tgz",
+      "integrity": "sha512-JsXDL70gQ+1Vc2W/KUFfkAJzgb4puKwwKehNLuB+HrNKWf91O736kGfxn4KujXCCSuh6mRRL4XEB0PkAFjWS0A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "hashery": "^1.2.0",
-        "keyv": "^5.5.4"
+        "hashery": "^1.3.0",
+        "keyv": "^5.5.5"
       }
     },
     "node_modules/@cacheable/utils/node_modules/keyv": {
@@ -2132,18 +2132,18 @@
       "license": "MIT"
     },
     "node_modules/@lit-labs/ssr-dom-shim": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/@lit-labs/ssr-dom-shim/-/ssr-dom-shim-1.4.0.tgz",
-      "integrity": "sha512-ficsEARKnmmW5njugNYKipTm4SFnbik7CXtoencDZzmzo/dQ+2Q0bgkzJuoJP20Aj0F+izzJjOqsnkd6F/o1bw==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@lit-labs/ssr-dom-shim/-/ssr-dom-shim-1.5.0.tgz",
+      "integrity": "sha512-HLomZXMmrCFHSRKESF5vklAKsDY7/fsT/ZhqCu3V0UoW/Qbv8wxmO4W9bx4KnCCF2Zak4yuk+AGraK/bPmI4kA==",
       "license": "BSD-3-Clause"
     },
     "node_modules/@lit/reactive-element": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/@lit/reactive-element/-/reactive-element-2.1.1.tgz",
-      "integrity": "sha512-N+dm5PAYdQ8e6UlywyyrgI2t++wFGXfHx+dSJ1oBrg6FAxUj40jId++EaRm80MKX5JnlH1sBsyZ5h0bcZKemCg==",
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/@lit/reactive-element/-/reactive-element-2.1.2.tgz",
+      "integrity": "sha512-pbCDiVMnne1lYUIaYNN5wrwQXDtHaYtg7YEFPeW+hws6U47WeFvISGUWekPGKWOP1ygrs0ef0o1VJMk1exos5A==",
       "license": "BSD-3-Clause",
       "dependencies": {
-        "@lit-labs/ssr-dom-shim": "^1.4.0"
+        "@lit-labs/ssr-dom-shim": "^1.5.0"
       }
     },
     "node_modules/@mcaptcha/core-glue": {
@@ -5130,9 +5130,9 @@
       }
     },
     "node_modules/ast-v8-to-istanbul": {
-      "version": "0.3.9",
-      "resolved": "https://registry.npmjs.org/ast-v8-to-istanbul/-/ast-v8-to-istanbul-0.3.9.tgz",
-      "integrity": "sha512-dSC6tJeOJxbZrPzPbv5mMd6CMiQ1ugaVXXPRad2fXUSsy1kstFn9XQWemV9VW7Y7kpxgQ/4WMoZfwdH8XSU48w==",
+      "version": "0.3.10",
+      "resolved": "https://registry.npmjs.org/ast-v8-to-istanbul/-/ast-v8-to-istanbul-0.3.10.tgz",
+      "integrity": "sha512-p4K7vMz2ZSk3wN8l5o3y2bJAoZXT3VuJI5OLTATY/01CYWumWvwkUw0SqDBnNq6IiTO3qDa1eSQDibAV8g7XOQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5528,9 +5528,9 @@
       "license": "CC-BY-4.0"
     },
     "node_modules/chai": {
-      "version": "6.2.1",
-      "resolved": "https://registry.npmjs.org/chai/-/chai-6.2.1.tgz",
-      "integrity": "sha512-p4Z49OGG5W/WBCPSS/dH3jQ73kD6tiMmUM+bckNK6Jr5JHMG3k9bg/BvKR8lKmtVBKmOiuVaV2ws8s9oSbwysg==",
+      "version": "6.2.2",
+      "resolved": "https://registry.npmjs.org/chai/-/chai-6.2.2.tgz",
+      "integrity": "sha512-NUPRluOfOiTKBKvWPtSD4PhFvWCqOi0BGStNWs57X9js7XGTprSmFoz5F0tWhR4WPjNeR9jXqdC7/UpSJTnlRg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -8096,9 +8096,9 @@
       }
     },
     "node_modules/fastq": {
-      "version": "1.19.1",
-      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.1.tgz",
-      "integrity": "sha512-GwLTyxkCXjXbxqIhTsMI2Nui8huMPtnxg7krajPJAjnEG/iiOS7i+zCtWGZR9G0NBKbXKh6X9m9UIsYX/N6vvQ==",
+      "version": "1.20.1",
+      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.20.1.tgz",
+      "integrity": "sha512-GGToxJ/w1x32s/D2EKND7kTil4n8OVk/9mycTc4VDza13lOvpUZTGX3mFSCtV9ksdGBVzvsyAVLM6mHFThxXxw==",
       "license": "ISC",
       "dependencies": {
         "reusify": "^1.0.4"
@@ -10202,9 +10202,9 @@
       }
     },
     "node_modules/lit": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/lit/-/lit-3.3.1.tgz",
-      "integrity": "sha512-Ksr/8L3PTapbdXJCk+EJVB78jDodUMaP54gD24W186zGRARvwrsPfS60wae/SSCTCNZVPd1chXqio1qHQmu4NA==",
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/lit/-/lit-3.3.2.tgz",
+      "integrity": "sha512-NF9zbsP79l4ao2SNrH3NkfmFgN/hBYSQo90saIVI1o5GpjAdCPVstVzO1MrLOakHoEhYkrtRjPK6Ob521aoYWQ==",
       "license": "BSD-3-Clause",
       "dependencies": {
         "@lit/reactive-element": "^2.1.0",
@@ -10213,20 +10213,20 @@
       }
     },
     "node_modules/lit-element": {
-      "version": "4.2.1",
-      "resolved": "https://registry.npmjs.org/lit-element/-/lit-element-4.2.1.tgz",
-      "integrity": "sha512-WGAWRGzirAgyphK2urmYOV72tlvnxw7YfyLDgQ+OZnM9vQQBQnumQ7jUJe6unEzwGU3ahFOjuz1iz1jjrpCPuw==",
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/lit-element/-/lit-element-4.2.2.tgz",
+      "integrity": "sha512-aFKhNToWxoyhkNDmWZwEva2SlQia+jfG0fjIWV//YeTaWrVnOxD89dPKfigCUspXFmjzOEUQpOkejH5Ly6sG0w==",
       "license": "BSD-3-Clause",
       "dependencies": {
-        "@lit-labs/ssr-dom-shim": "^1.4.0",
+        "@lit-labs/ssr-dom-shim": "^1.5.0",
         "@lit/reactive-element": "^2.1.0",
         "lit-html": "^3.3.0"
       }
     },
     "node_modules/lit-html": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/lit-html/-/lit-html-3.3.1.tgz",
-      "integrity": "sha512-S9hbyDu/vs1qNrithiNyeyv64c9yqiW9l+DBgI18fL+MTvOtWoFR0FWiyq1TxaYef5wNlpEmzlXoBlZEO+WjoA==",
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/lit-html/-/lit-html-3.3.2.tgz",
+      "integrity": "sha512-Qy9hU88zcmaxBXcc10ZpdK7cOLXvXpRoBxERdtqV9QOrfpMZZ6pSYP91LhpPtap3sFMUiL7Tw2RImbe0Al2/kw==",
       "license": "BSD-3-Clause",
       "dependencies": {
         "@types/trusted-types": "^2.0.2"
@@ -14468,9 +14468,9 @@
       "license": "MIT"
     },
     "node_modules/ts-api-utils": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.1.0.tgz",
-      "integrity": "sha512-CUgTZL1irw8u29bzrOD/nH85jqyc74D6SshFgujOIA7osm2Rz7dYH77agkx7H4FBNxDq7Cjf+IjaX/8zwFW+ZQ==",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.2.0.tgz",
+      "integrity": "sha512-L6f5oQRAoLU1RwXz0Ab9mxsE7LtxeVB6AIR1lpkZMsOyg/JXeaxBaXa/FVCBZyNr9S9I4wkHrlZTklX+im+WMw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -15260,9 +15260,9 @@
       }
     },
     "node_modules/watchpack": {
-      "version": "2.4.4",
-      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.4.4.tgz",
-      "integrity": "sha512-c5EGNOiyxxV5qmTtAB7rbiXxi1ooX1pQKMLX/MIabJjRA0SJBQOjKF+KSVfHkr9U1cADPon0mRiVe/riyaiDUA==",
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.5.0.tgz",
+      "integrity": "sha512-e6vZvY6xboSwLz2GD36c16+O/2Z6fKvIf4pOXptw2rY9MVwE/TXc6RGqxD3I3x0a28lwBY7DE+76uTPSsBrrCA==",
       "license": "MIT",
       "dependencies": {
         "glob-to-regexp": "^0.4.1",

From ea5fc2a7674ee081b19c9919817962bf97e74aef Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 28 Dec 2025 07:58:41 +0100
Subject: [PATCH 057/854] Update renovate to v42.66.9 (forgejo) (#10605)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 5179c4acf4..56bd69fc20 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:42.64.1
+      image: data.forgejo.org/renovate/renovate:42.66.9
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index 6baec198c1..f7fdbfe3e8 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.40.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@42.64.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@42.66.9 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From 6d82f2874c2196e2fa72349e6c3ba2edc3c380cf Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 28 Dec 2025 09:48:43 +0100
Subject: [PATCH 058/854] Update dependency @vitest/eslint-plugin to v1.6.4
 (forgejo) (#10607)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 75e955309d..dcf87b01ae 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -69,7 +69,7 @@
         "@stylistic/stylelint-plugin": "4.0.0",
         "@vitejs/plugin-vue": "6.0.3",
         "@vitest/coverage-v8": "4.0.16",
-        "@vitest/eslint-plugin": "1.5.4",
+        "@vitest/eslint-plugin": "1.6.4",
         "@vue/test-utils": "2.4.6",
         "eslint": "9.39.2",
         "eslint-import-resolver-typescript": "4.4.4",
@@ -4324,9 +4324,9 @@
       }
     },
     "node_modules/@vitest/eslint-plugin": {
-      "version": "1.5.4",
-      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.5.4.tgz",
-      "integrity": "sha512-usuVvl6zdqIkUgQlodxvvFBR7HIZIjWQqQemnc7ysqEP4jubLsDaaOhiJAwVz8PlrkBJRuHkC6PCux+OcEF6hg==",
+      "version": "1.6.4",
+      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.6.4.tgz",
+      "integrity": "sha512-+qw32ux8HMVNrJnQOYgdjrMYmCn9vsiKnJUv5MoOg40e18WOvhWurzHdbRB3vXLfUrP7+jYyQbd6TuRhL23AkQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index b98bd83ea3..24e7138402 100644
--- a/package.json
+++ b/package.json
@@ -68,7 +68,7 @@
     "@stylistic/stylelint-plugin": "4.0.0",
     "@vitejs/plugin-vue": "6.0.3",
     "@vitest/coverage-v8": "4.0.16",
-    "@vitest/eslint-plugin": "1.5.4",
+    "@vitest/eslint-plugin": "1.6.4",
     "@vue/test-utils": "2.4.6",
     "eslint": "9.39.2",
     "eslint-import-resolver-typescript": "4.4.4",

From fe5d10d6d75d4044d32fe7693b6057c2e9185d3c Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 28 Dec 2025 14:24:10 +0100
Subject: [PATCH 059/854] Update module code.forgejo.org/forgejo/actions-proto
 to v0.6.0 (forgejo) (#10610)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/actions-proto](https://code.forgejo.org/forgejo/actions-proto) | `v0.5.3` -> `v0.6.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2factions-proto/v0.6.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2factions-proto/v0.5.3/v0.6.0?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/actions-proto (code.forgejo.org/forgejo/actions-proto)</summary>

### [`v0.6.0`](https://code.forgejo.org/forgejo/actions-proto/compare/v0.5.3...v0.6.0)

[Compare Source](https://code.forgejo.org/forgejo/actions-proto/compare/v0.5.3...v0.6.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42NC4xIiwidXBkYXRlZEluVmVyIjoiNDIuNjQuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10610
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index eef2384de2..633f4bc3dd 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ toolchain go1.25.5
 require (
 	code.forgejo.org/f3/gof3/v3 v3.11.1
 	code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251
-	code.forgejo.org/forgejo/actions-proto v0.5.3
+	code.forgejo.org/forgejo/actions-proto v0.6.0
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
diff --git a/go.sum b/go.sum
index bc17ae36a1..f99e6db0dc 100644
--- a/go.sum
+++ b/go.sum
@@ -20,8 +20,8 @@ code.forgejo.org/f3/gof3/v3 v3.11.1 h1:c0vE8XvqpbXuSv8gzttn96k5T2FQi0u9bYnux46qS
 code.forgejo.org/f3/gof3/v3 v3.11.1/go.mod h1:1p2UKrqZiwxKneQF2DKrMnc403YIgR/lfcfvadZtmDs=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251 h1:HTZl3CBk3ABNYtFI6TPLvJgGKFIhKT5CBk0sbOtkDKU=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251/go.mod h1:PphB88CPbx601QrWPMZATeorACeVmQlyv3u+uUMbSaM=
-code.forgejo.org/forgejo/actions-proto v0.5.3 h1:dDProRNB4CDvEl9gfo8jkiVfGdiW7fXAt5TM9Irka28=
-code.forgejo.org/forgejo/actions-proto v0.5.3/go.mod h1:33iTdur/jVa/wAQP+BuciRTK9WZcVaxy0BNEnSWWFDM=
+code.forgejo.org/forgejo/actions-proto v0.6.0 h1:dw1Dogk9A4V/yrLVkhe9dSZPsqNAIkI1kCXPSqG3tZA=
+code.forgejo.org/forgejo/actions-proto v0.6.0/go.mod h1:+444hHBs9/qDh5X/AedaTv0Egj3vd/EXP93vg9zFV2E=
 code.forgejo.org/forgejo/go-rpmutils v1.0.0 h1:RZGGeKt70p/WaIEL97pyT6uiiEIoN8/aLmS5Z6WmX0M=
 code.forgejo.org/forgejo/go-rpmutils v1.0.0/go.mod h1:cg+VbgLXfrDPza9T+kBsMb3TVmmzPN4XseT6gDGLSUk=
 code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078 h1:RArF5AsF9LH4nEoJxqRxcP5r8hhRfWcId84G82YbqzA=

From 85dacd8e50a3315f3b493e962dc1d77b6d55dacb Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Sun, 28 Dec 2025 17:18:51 +0100
Subject: [PATCH 060/854] fix(ui): improve rendering of commit links (#10530)

This commit changes the commit link rendering (link to a single commit,
a diff, a PR, etc):

1. If it is a link to something on the local instance:
  1.1. If it is to the same org and repo, the link is just e.g. the
  commit hash
  1.2. If it is to another repo, the link is the org/repo/commit hash
2. If the link is to another instance:
  The link is the domain/optional sub path/org/repo/commit hash

This change is made to keep the link as short as possible, while not
hiding that the link may go to an external instance.

Followup to !9146

Closes #10241

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10530
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 modules/markup/html.go               |  44 ++++++++----
 modules/markup/html_internal_test.go | 101 +++++++++++++++------------
 modules/markup/html_test.go          |  56 +++++++++------
 3 files changed, 120 insertions(+), 81 deletions(-)

diff --git a/modules/markup/html.go b/modules/markup/html.go
index 0ac0463493..a7d882b00d 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -46,6 +46,9 @@ var (
 
 	// valid chars in encoded path and parameter: [-+~_%.a-zA-Z0-9/]
 
+	// httpSchemePattern matches https:// or http://
+	httpSchemePattern = regexp.MustCompile(`^https?://`)
+
 	// hashCurrentPattern matches string that represents a commit SHA, e.g. d8a994ef243349f321568f9e36d5c3f444b99cae
 	// Although SHA1 hashes are 40 chars long, SHA256 are 64, the regex matches the hash from 7 to 64 chars in length
 	// so that abbreviated hash links can be used as well. This matches git and GitHub usability.
@@ -72,7 +75,7 @@ var (
 	//   https://html.spec.whatwg.org/multipage/input.html#e-mail-state-(type%3Demail)
 	emailRegex = regexp.MustCompile("(?:\\s|^|\\(|\\[)([a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9]{2,}(?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+)(?:\\s|$|\\)|\\]|;|,|\\?|!|\\.(\\s|$))")
 
-	// Fediverse handle regex (same as emailRegex but with additonal @ or !
+	// Fediverse handle regex (same as emailRegex but with additional @ or !
 	// at start)
 	fediRegex = regexp.MustCompile("(?:\\s|^|\\(|\\[)([@!]([a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+)@([a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9]{2,}(?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+))(?:\\s|$|\\)|\\]|;|,|\\?|!|\\.(\\s|$))")
 
@@ -826,10 +829,7 @@ func pullReviewCommitPatternProcessor(ctx *RenderContext, node *html.Node) {
 
 		text := "!" + id + " (commit "
 
-		baseURLEnd := strings.Index(urlFull, repoSlug) + len(repoSlug)
-		if len(ctx.Links.Base) > 0 && !strings.HasPrefix(ctx.Links.Base, urlFull[:baseURLEnd]) {
-			text = repoSlug + "@" + text
-		}
+		optionalRepoSlugAndInstancePath(ctx, &text, urlFull, repoSlug)
 
 		aNode.AppendChild(&html.Node{
 			Type: html.TextNode,
@@ -1083,10 +1083,7 @@ func fullHashPatternProcessor(ctx *RenderContext, node *html.Node) {
 		// We need to figure out the base of the provided URL, which is up to and including the
 		// `<owner>/<repo>` slug.
 		// With that we can determine if it matches the current repo, or if the slug should be shown.
-		baseURLEnd := strings.Index(urlFull, repoSlug) + len(repoSlug)
-		if len(ctx.Links.Base) > 0 && !strings.HasPrefix(ctx.Links.Base, urlFull[:baseURLEnd]) {
-			text = repoSlug + "@" + text
-		}
+		optionalRepoSlugAndInstancePath(ctx, &text, urlFull, repoSlug)
 
 		// 3rd capture group matches an optional file path after the SHA
 		filePath := ""
@@ -1191,10 +1188,7 @@ func comparePatternProcessor(ctx *RenderContext, node *html.Node) {
 
 		text := text1 + textDots + text2
 
-		baseURLEnd := strings.Index(urlFull, repoSlug) + len(repoSlug)
-		if len(ctx.Links.Base) > 0 && !strings.HasPrefix(ctx.Links.Base, urlFull[:baseURLEnd]) {
-			text = repoSlug + "@" + text
-		}
+		optionalRepoSlugAndInstancePath(ctx, &text, urlFull, repoSlug)
 
 		extra := ""
 		if query != "" {
@@ -1525,3 +1519,27 @@ func createDescriptionLink(href, content string) *html.Node {
 	textNode.Parent = linkNode
 	return linkNode
 }
+
+// Adds an optional repo slug and optionally the instance domain and URL
+//
+// The repo slug is added if the link points to a different repo
+// The instance domain and sub-path is added if the link points to a different instance
+func optionalRepoSlugAndInstancePath(ctx *RenderContext, text *string, fullURL, slug string) {
+	if len(ctx.Links.Base) > 0 {
+		// The fullURL is the url to e.g. the commit. The slug is e.g. `forgejo/forgejo`.
+		// To retrieve the instance domain and sub-path we need to remove the repo slug
+		slugStart := strings.LastIndex(fullURL, slug)
+		targetInstance := fullURL[:slugStart]
+
+		// Check if the URL points to a different instance
+		if setting.AppURL != targetInstance {
+			// Remove the http scheme for displaying
+			targetInstance = httpSchemePattern.ReplaceAllString(targetInstance, "")
+
+			*text = targetInstance + slug + "@" + *text
+		} else if !strings.HasSuffix(strings.TrimSuffix(ctx.Links.Base, "/"), slug) {
+			// If it is a link to a different repo, but on the same instance only add the repo slug
+			*text = slug + "@" + *text
+		}
+	}
+}
diff --git a/modules/markup/html_internal_test.go b/modules/markup/html_internal_test.go
index 21572bdda3..264f31978d 100644
--- a/modules/markup/html_internal_test.go
+++ b/modules/markup/html_internal_test.go
@@ -12,6 +12,7 @@ import (
 
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
 	"forgejo.org/modules/util"
 
 	"github.com/stretchr/testify/assert"
@@ -19,9 +20,10 @@ import (
 )
 
 const (
-	TestAppURL  = "http://localhost:3000/"
-	TestOrgRepo = "gogits/gogs"
-	TestRepoURL = TestAppURL + TestOrgRepo + "/"
+	TestAppURL              = "http://localhost:3000/"
+	TestOrgRepo             = "gogits/gogs"
+	TestRepoURLWithoutSlash = TestAppURL + TestOrgRepo
+	TestRepoURL             = TestAppURL + TestOrgRepo + "/"
 )
 
 // externalIssueLink an HTML link to an alphanumeric-style issue
@@ -107,7 +109,7 @@ func TestRender_IssueIndexPattern(t *testing.T) {
 }
 
 func TestRender_IssueIndexPattern2(t *testing.T) {
-	setting.AppURL = TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, TestAppURL)()
 
 	// numeric: render inputs with valid mentions
 	test := func(s, expectedFmt, marker string, indices ...int) {
@@ -174,7 +176,7 @@ func TestRender_IssueIndexPattern2(t *testing.T) {
 }
 
 func TestRender_IssueIndexPattern3(t *testing.T) {
-	setting.AppURL = TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, TestAppURL)()
 
 	// alphanumeric: render inputs without valid mentions
 	test := func(s string) {
@@ -202,7 +204,7 @@ func TestRender_IssueIndexPattern3(t *testing.T) {
 }
 
 func TestRender_IssueIndexPattern4(t *testing.T) {
-	setting.AppURL = TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, TestAppURL)()
 
 	// alphanumeric: render inputs with valid mentions
 	test := func(s, expectedFmt string, names ...string) {
@@ -222,7 +224,7 @@ func TestRender_IssueIndexPattern4(t *testing.T) {
 }
 
 func TestRender_IssueIndexPattern5(t *testing.T) {
-	setting.AppURL = TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, TestAppURL)()
 
 	// regexp: render inputs without valid mentions
 	test := func(s, expectedFmt, pattern string, ids, names []string) {
@@ -265,7 +267,7 @@ func TestRender_IssueIndexPattern5(t *testing.T) {
 }
 
 func TestRender_IssueIndexPattern_Document(t *testing.T) {
-	setting.AppURL = TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, TestAppURL)()
 	metas := map[string]string{
 		"format": "https://someurl.com/{user}/{repo}/{index}",
 		"user":   "someUser",
@@ -301,9 +303,9 @@ func testRenderIssueIndexPattern(t *testing.T, input, expected string, ctx *Rend
 }
 
 func TestRender_AutoLink(t *testing.T) {
-	setting.AppURL = TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, TestAppURL)()
 
-	test := func(input, expected, base string) {
+	assert := func(input, expected, base string) {
 		var buffer strings.Builder
 		err := PostProcess(&RenderContext{
 			Ctx: git.DefaultContext,
@@ -330,7 +332,7 @@ func TestRender_AutoLink(t *testing.T) {
 
 	t.Run("Issue", func(t *testing.T) {
 		// render valid issue URLs
-		test(util.URLJoin(TestRepoURL, "issues", "3333"),
+		assert(util.URLJoin(TestRepoURL, "issues", "3333"),
 			numericIssueLink(util.URLJoin(TestRepoURL, "issues"), "ref-issue", 3333, "#"),
 			TestRepoURL)
 	})
@@ -338,81 +340,90 @@ func TestRender_AutoLink(t *testing.T) {
 	t.Run("Commit", func(t *testing.T) {
 		// render valid commit URLs
 		tmp := util.URLJoin(TestRepoURL, "commit", "d8a994ef243349f321568f9e36d5c3f444b99cae")
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24</code></a>", TestRepoURL)
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">"+TestOrgRepo+"@d8a994ef24</code></a>", "https://localhost/forgejo/forgejo")
-		test(
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24</code></a>", TestRepoURLWithoutSlash)
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">"+TestOrgRepo+"@d8a994ef24</code></a>", "/forgejo/forgejo")
+		assert(
 			tmp+"#diff-2",
 			"<a href=\""+tmp+"#diff-2\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24 (diff-2)</code></a>",
 			TestRepoURL,
 		)
-		test(
+		assert(
 			tmp+"#diff-953bb4f01b7c77fa18f0cd54211255051e647dbc",
 			"<a href=\""+tmp+"#diff-953bb4f01b7c77fa18f0cd54211255051e647dbc\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24 (diff-953bb4f01b)</code></a>",
-			TestRepoURL,
+			TestRepoURLWithoutSlash,
 		)
 
 		// render other commit URLs
 		tmp = "https://external-link.gitea.io/go-gitea/gitea/commit/d8a994ef243349f321568f9e36d5c3f444b99cae#diff-2"
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24 (diff-2)</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">go-gitea/gitea@d8a994ef24 (diff-2)</code></a>", TestRepoURL)
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">external-link.gitea.io/go-gitea/gitea@d8a994ef24 (diff-2)</code></a>", TestOrgRepo)
+		defer test.MockVariableValue(&setting.AppURL, "https://external-link.gitea.io/")()
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">d8a994ef24 (diff-2)</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
 
-		tmp = "http://localhost:3000/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">190d949293</code></a>", "http://localhost:3000/gogits/gogs")
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/gogs@190d949293</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+		tmp = TestAppURL + "gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">localhost:3000/gogits/gogs@190d949293</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+		defer test.MockVariableValue(&setting.AppURL, TestAppURL)()
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">190d949293</code></a>", "http://localhost:3000/gogits/gogs")
 
 		tmp = "http://localhost:3000/sub/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">190d949293</code></a>", "http://localhost:3000/sub/gogits/gogs")
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/gogs@190d949293</code></a>", "http://localhost:3000/gogits/gogs")
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/gogs@190d949293</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">localhost:3000/sub/gogits/gogs@190d949293</code></a>", TestRepoURLWithoutSlash)
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">localhost:3000/sub/gogits/gogs@190d949293</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+		defer test.MockVariableValue(&setting.AppURL, TestAppURL+"sub/")()
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">190d949293</code></a>", "http://localhost:3000/sub/gogits/gogs")
 
 		tmp = "http://localhost:3000/sub1/sub2/sub3/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">190d949293</code></a>", "http://localhost:3000/sub1/sub2/sub3/gogits/gogs")
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/gogs@190d949293</code></a>", "http://localhost:3000/sub1/gogits/gogs")
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/gogs@190d949293</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+		defer test.MockVariableValue(&setting.AppURL, TestAppURL+"sub1/sub2/sub3/")()
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">190d949293</code></a>", "http://localhost:3000/sub1/sub2/sub3/gogits/gogs")
+		defer test.MockVariableValue(&setting.AppURL, TestAppURL)()
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">localhost:3000/sub1/sub2/sub3/gogits/gogs@190d949293</code></a>", "http://localhost:3000/sub1/gogits/gogs")
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">localhost:3000/sub1/sub2/sub3/gogits/gogs@190d949293</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
 
 		// if the repository happens to be named like one of the known app routes (e.g. `src`),
 		// we can parse the URL correctly, if there is no sub path
 		tmp = "http://localhost:3000/gogits/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/src@190d949293</code></a>", TestRepoURL)
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/src@190d949293</code></a>", TestRepoURL)
 		tmp = "http://localhost:3000/gogits/src/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/src@190d949293</code></a>", TestRepoURL)
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">gogits/src@190d949293</code></a>", TestRepoURL)
 		// but if there is a sub path, we cannot reliably distinguish the repo name from the app route
 		tmp = "http://localhost:3000/sub/gogits/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
-		test(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">sub/gogits@190d949293</code></a>", TestRepoURL)
+		assert(tmp, "<a href=\""+tmp+"\" class=\"commit\"><code class=\"nohighlight\">sub/gogits@190d949293</code></a>", TestRepoURL)
 	})
 
 	t.Run("Compare", func(t *testing.T) {
 		tmp := util.URLJoin(TestRepoURL, "compare", "d8a994ef243349f321568f9e36d5c3f444b99cae..190d9492934af498c3f669d6a2431dc5459e5b20")
-		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">d8a994ef24..190d949293</code></a>", TestRepoURL)
-		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">"+TestOrgRepo+"@d8a994ef24..190d949293</code></a>", "https://localhost/forgejo/forgejo")
+		assert(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">d8a994ef24..190d949293</code></a>", TestRepoURL)
+		assert(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">"+TestOrgRepo+"@d8a994ef24..190d949293</code></a>", "https://localhost/forgejo/forgejo")
 
+		defer test.MockVariableValue(&setting.AppURL, TestAppURL+"sub/")()
 		tmp = "http://localhost:3000/sub/gogits/gogs/compare/190d9492934af498c3f669d6a2431dc5459e5b20..d8a994ef243349f321568f9e36d5c3f444b99cae"
-		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">190d949293..d8a994ef24</code></a>", "http://localhost:3000/sub/gogits/gogs")
-		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">gogits/gogs@190d949293..d8a994ef24</code></a>", "http://localhost:3000/gogits/gogs")
-		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">gogits/gogs@190d949293..d8a994ef24</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+		assert(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">190d949293..d8a994ef24</code></a>", "http://localhost:3000/sub/gogits/gogs")
+		assert(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">gogits/gogs@190d949293..d8a994ef24</code></a>", "http://localhost:3000/sub/gogits/gugs")
+		defer test.MockVariableValue(&setting.AppURL, "https://external-link.gitea.io/")()
+		assert(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">localhost:3000/sub/gogits/gogs@190d949293..d8a994ef24</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
 
+		defer test.MockVariableValue(&setting.AppURL, TestAppURL+"sub1/sub2/sub3/")()
 		tmp = "http://localhost:3000/sub1/sub2/sub3/gogits/gogs/compare/190d9492934af498c3f669d6a2431dc5459e5b20..d8a994ef243349f321568f9e36d5c3f444b99cae"
-		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">190d949293..d8a994ef24</code></a>", "http://localhost:3000/sub1/sub2/sub3/gogits/gogs")
-		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">gogits/gogs@190d949293..d8a994ef24</code></a>", "http://localhost:3000/sub1/gogits/gogs")
-		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">gogits/gogs@190d949293..d8a994ef24</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
+		assert(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">190d949293..d8a994ef24</code></a>", "http://localhost:3000/sub1/sub2/sub3/gogits/gogs")
+		assert(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">gogits/gogs@190d949293..d8a994ef24</code></a>", "/gogits/gous")
+		assert(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">gogits/gogs@190d949293..d8a994ef24</code></a>", "https://external-link.gitea.io/go-gitea/gitea")
 
 		tmp = "https://codeberg.org/forgejo/forgejo/compare/8bbac4c679bea930c74849c355a60ed3c52f8eb5...e2278e5a38187a1dc84dc41d583ec8b44e7257c1?files=options/locale/locale_fi-FI.ini"
-		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini)</code></a>", "https://codeberg.org/forgejo/forgejo")
-		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">forgejo/forgejo@8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini)</code></a>", TestRepoURL)
-		test(tmp+".", "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">forgejo/forgejo@8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini)</code></a>.", TestRepoURL)
+		assert(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">codeberg.org/forgejo/forgejo@8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini)</code></a>", TestRepoURL)
+		assert(tmp+".", "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">codeberg.org/forgejo/forgejo@8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini)</code></a>.", TestRepoURL)
+		defer test.MockVariableValue(&setting.AppURL, "https://codeberg.org/")()
+		assert(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini)</code></a>", "https://codeberg.org/forgejo/forgejo")
 
 		tmp = "https://codeberg.org/forgejo/forgejo/compare/8bbac4c679bea930c74849c355a60ed3c52f8eb5...e2278e5a38187a1dc84dc41d583ec8b44e7257c1?files=options/locale/locale_fi-FI.ini#L2"
-		test(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini#L2)</code></a>", "https://codeberg.org/forgejo/forgejo")
+		assert(tmp, "<a href=\""+tmp+"\" class=\"compare\"><code class=\"nohighlight\">8bbac4c679...e2278e5a38 (options/locale/locale_fi-FI.ini#L2)</code></a>", "https://codeberg.org/forgejo/forgejo")
 	})
 
 	t.Run("Invalid URLs", func(t *testing.T) {
 		tmp := "https://local host/gogits/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20"
-		test(tmp, "<a href=\"https://local\" class=\"link\">https://local</a> host/gogits/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20", TestRepoURL)
+		assert(tmp, "<a href=\"https://local\" class=\"link\">https://local</a> host/gogits/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20", TestRepoURL)
 	})
 }
 
 func TestRender_IssueIndexPatternRef(t *testing.T) {
-	setting.AppURL = TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, TestAppURL)()
 
 	test := func(input, expected string) {
 		var buf strings.Builder
@@ -428,7 +439,7 @@ func TestRender_IssueIndexPatternRef(t *testing.T) {
 }
 
 func TestRender_FullIssueURLs(t *testing.T) {
-	setting.AppURL = TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, TestAppURL)()
 
 	test := func(input, expected string) {
 		var result strings.Builder
diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go
index 6c6658748a..2ff829e627 100644
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -41,7 +41,7 @@ func TestMain(m *testing.M) {
 }
 
 func TestRender_Commits(t *testing.T) {
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 	test := func(input, expected string) {
 		buffer, err := markup.RenderString(&markup.RenderContext{
 			Ctx:          git.DefaultContext,
@@ -98,10 +98,19 @@ func TestRender_Commits(t *testing.T) {
 
 	fileStrangeChars := util.URLJoin(repo, "src", "commit", "eeb243c3395e1921c5d90e73bd739827251fc99d", "path", "to", "file%20%23.txt")
 	test(fileStrangeChars, `<p><a href="`+fileStrangeChars+`" rel="nofollow"><code>eeb243c339/path/to/file #.txt</code></a></p>`)
+
+	commitLink := util.URLJoin(repo, "src", "commit", "eeb243c3395e1921c5d90e73bd739827251fc99d")
+	test(commitLink, `<p><a href="`+commitLink+`" rel="nofollow"><code>eeb243c339</code></a></p>`)
+
+	crossCommitLink := util.URLJoin(markup.TestAppURL, "forgejo/forgejo", "src", "commit", "eeb243c3395e1921c5d90e73bd739827251fc99d")
+	test(crossCommitLink, `<p><a href="`+crossCommitLink+`" rel="nofollow"><code>forgejo/forgejo@eeb243c339</code></a></p>`)
+
+	extCommitLink := util.URLJoin("https://codeberg.org/", markup.TestOrgRepo, "src", "commit", "eeb243c3395e1921c5d90e73bd739827251fc99d")
+	test(extCommitLink, `<p><a href="`+extCommitLink+`" rel="nofollow"><code>codeberg.org/`+markup.TestOrgRepo+`@eeb243c339</code></a></p>`)
 }
 
 func TestRender_CrossReferences(t *testing.T) {
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 
 	test := func(input, expected string) {
 		buffer, err := markup.RenderString(&markup.RenderContext{
@@ -144,7 +153,7 @@ func TestRender_CrossReferences(t *testing.T) {
 }
 
 func TestRender_links(t *testing.T) {
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 
 	test := func(input, expected string) {
 		buffer, err := markup.RenderString(&markup.RenderContext{
@@ -246,12 +255,12 @@ func TestRender_links(t *testing.T) {
 }
 
 func TestRender_PullReviewCommitLink(t *testing.T) {
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 
 	sha := "190d9492934af498c3f669d6a2431dc5459e5b20"
 	prCommitLink := util.URLJoin(markup.TestRepoURL, "pulls", "1", "commits", sha)
 
-	test := func(input, expected, base string) {
+	assert := func(input, expected, base string) {
 		buffer, err := markup.RenderString(&markup.RenderContext{
 			Ctx:          git.DefaultContext,
 			RelativePath: ".md",
@@ -265,27 +274,28 @@ func TestRender_PullReviewCommitLink(t *testing.T) {
 		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer))
 	}
 
-	test(prCommitLink, `<p><a href="`+prCommitLink+`" rel="nofollow">!1 (commit <code>`+sha[0:10]+`</code>)</a></p>`, markup.TestRepoURL)
+	assert(prCommitLink, `<p><a href="`+prCommitLink+`" rel="nofollow">!1 (commit <code>`+sha[0:10]+`</code>)</a></p>`, markup.TestRepoURL)
 
 	prCommitLink = util.URLJoin(markup.TestAppURL, "sub1", "sub2", markup.TestOrgRepo, "pulls", "1", "commits", sha)
-	test(
+	assert(
 		prCommitLink,
-		`<p><a href="`+prCommitLink+`" rel="nofollow">!1 (commit <code>`+sha[0:10]+`</code>)</a></p>`,
+		`<p><a href="`+prCommitLink+`" rel="nofollow">localhost:3000/sub1/sub2/gogits/gogs@!1 (commit <code>`+sha[0:10]+`</code>)</a></p>`,
 		util.URLJoin(markup.TestAppURL, "sub1", "sub2", markup.TestOrgRepo),
 	)
-	test(
+	assert(
 		prCommitLink,
-		`<p><a href="`+prCommitLink+`" rel="nofollow">`+markup.TestOrgRepo+`@!1 (commit <code>`+sha[0:10]+`</code>)</a></p>`,
+		`<p><a href="`+prCommitLink+`" rel="nofollow">localhost:3000/sub1/sub2/gogits/gogs@!1 (commit <code>`+sha[0:10]+`</code>)</a></p>`,
 		markup.TestRepoURL,
 	)
 
 	prCommitLink = "https://codeberg.org/forgejo/forgejo/pulls/7979/commits/4d968c08e0a8d24bd2f3fb2a3a48b37e6d84a327#diff-7649acfa98a9ee3faf0d28b488bbff428317fc72"
-	test(prCommitLink, `<p><a href="`+prCommitLink+`" rel="nofollow">!7979 (commit <code>4d968c08e0</code>)</a></p>`, "https://codeberg.org/forgejo/forgejo")
-	test(prCommitLink, `<p><a href="`+prCommitLink+`" rel="nofollow">forgejo/forgejo@!7979 (commit <code>4d968c08e0</code>)</a></p>`, markup.TestRepoURL)
+	assert(prCommitLink, `<p><a href="`+prCommitLink+`" rel="nofollow">codeberg.org/forgejo/forgejo@!7979 (commit <code>4d968c08e0</code>)</a></p>`, markup.TestRepoURL)
+	defer test.MockVariableValue(&setting.AppURL, "https://codeberg.org/")()
+	assert(prCommitLink, `<p><a href="`+prCommitLink+`" rel="nofollow">!7979 (commit <code>4d968c08e0</code>)</a></p>`, "https://codeberg.org/forgejo/forgejo")
 }
 
 func TestRender_email(t *testing.T) {
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 
 	test := func(input, expected string) {
 		res, err := markup.RenderString(&markup.RenderContext{
@@ -369,7 +379,7 @@ func TestRender_email(t *testing.T) {
 }
 
 func TestRender_emoji(t *testing.T) {
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 	setting.StaticURLPrefix = markup.TestAppURL
 
 	test := func(input, expected string) {
@@ -436,7 +446,7 @@ func TestRender_emoji(t *testing.T) {
 }
 
 func TestRender_ShortLinks(t *testing.T) {
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 	tree := util.URLJoin(markup.TestRepoURL, "src", "master")
 
 	test := func(input, expected, expectedWiki string) {
@@ -549,7 +559,7 @@ func TestRender_ShortLinks(t *testing.T) {
 }
 
 func TestRender_RelativeImages(t *testing.T) {
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 
 	test := func(input, expected, expectedWiki string) {
 		buffer, err := markdown.RenderString(&markup.RenderContext{
@@ -589,7 +599,7 @@ func TestRender_RelativeImages(t *testing.T) {
 }
 
 func Test_ParseClusterFuzz(t *testing.T) {
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 
 	localMetas := map[string]string{
 		"user": "go-gitea",
@@ -625,7 +635,7 @@ func Test_ParseClusterFuzz(t *testing.T) {
 }
 
 func TestPostProcess_RenderDocument(t *testing.T) {
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 	setting.StaticURLPrefix = markup.TestAppURL // can't run standalone
 
 	localMetas := map[string]string{
@@ -670,7 +680,7 @@ func TestPostProcess_RenderDocument(t *testing.T) {
 }
 
 func TestIssue16020(t *testing.T) {
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 
 	localMetas := map[string]string{
 		"user": "go-gitea",
@@ -735,7 +745,7 @@ func TestIssue18471(t *testing.T) {
 	}, strings.NewReader(data), &res)
 
 	require.NoError(t, err)
-	assert.Equal(t, "<a href=\"http://domain/org/repo/compare/783b039...da951ce\" class=\"compare\"><code class=\"nohighlight\">783b039...da951ce</code></a>", res.String())
+	assert.Equal(t, "<a href=\"http://domain/org/repo/compare/783b039...da951ce\" class=\"compare\"><code class=\"nohighlight\">domain/org/repo@783b039...da951ce</code></a>", res.String())
 }
 
 func TestRender_FilePreview(t *testing.T) {
@@ -744,7 +754,7 @@ func TestRender_FilePreview(t *testing.T) {
 	defer test.MockVariableValue(&setting.Langs, []string{"en-US"})()
 	translation.InitLocales(t.Context())
 
-	setting.AppURL = markup.TestAppURL
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
 	markup.Init(&markup.ProcessorHelper{
 		GetRepoFileBlob: func(ctx context.Context, ownerName, repoName, commitSha, filePath string, language *string) (*git.Blob, error) {
 			gitRepo, err := git.OpenRepository(git.DefaultContext, "./tests/repo/repo1_filepreview")
@@ -884,7 +894,7 @@ func TestRender_FilePreview(t *testing.T) {
 
 		testRender(
 			urlWithSub,
-			`<p><a href="http://localhost:3000/sub/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20/path/to/file.go#L2-L3" rel="nofollow"><code>gogits/gogs@190d949293/path/to/file.go (L2-L3)</code></a></p>`,
+			`<p><a href="http://localhost:3000/sub/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20/path/to/file.go#L2-L3" rel="nofollow"><code>localhost:3000/sub/gogits/gogs@190d949293/path/to/file.go (L2-L3)</code></a></p>`,
 			localMetas,
 		)
 
@@ -924,7 +934,7 @@ func TestRender_FilePreview(t *testing.T) {
 
 		testRender(
 			"first without sub "+commitFilePreview+" second "+urlWithSub,
-			`<p>first without sub <a href="http://localhost:3000/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20/path/to/file.go#L2-L3" rel="nofollow"><code>190d949293/path/to/file.go (L2-L3)</code></a> second </p>`+
+			`<p>first without sub <a href="http://localhost:3000/gogits/gogs/src/commit/190d9492934af498c3f669d6a2431dc5459e5b20/path/to/file.go#L2-L3" rel="nofollow"><code>localhost:3000/gogits/gogs@190d949293/path/to/file.go (L2-L3)</code></a> second </p>`+
 				`<div class="file-preview-box">`+
 				`<div class="header">`+
 				`<div>`+

From fb35abb7e1d75c89a50ba36b8a66a0190aa7abb0 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 28 Dec 2025 20:05:13 +0100
Subject: [PATCH 061/854] feat: support workflow outputs on expanded reusable
 workflows (#10578)

Follow-up to #10525; adds support for `on.workflow_call.outputs` to expanded reusable workflows (when no `runs-on` is specified on a job that `uses: ...` another workflow).  When all the inner jobs of a workflow call complete, `on.workflow_call.outputs` is evaluated and the related outputs are stored on the outer job's `ActionTask`.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
- **end-to-end testing**: https://code.forgejo.org/forgejo/end-to-end/pulls/1322

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - https://codeberg.org/forgejo/docs/pulls/1661
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10578): <!--number 10578 --><!--line 0 --><!--description c3VwcG9ydCB3b3JrZmxvdyBvdXRwdXRzIG9uIGV4cGFuZGVkIHJldXNhYmxlIHdvcmtmbG93cw==-->support workflow outputs on expanded reusable workflows<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10578
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/run_job.go                     | 10 +++--
 .../action_task_output.yml                    |  6 +++
 .../action_variable.yml                       | 22 +++++++++
 services/actions/job_emitter.go               | 45 ++++++++++++++++++-
 services/actions/job_emitter_test.go          | 10 ++++-
 5 files changed, 86 insertions(+), 7 deletions(-)
 create mode 100644 services/actions/Test_tryHandleWorkflowCallOuterJob/action_task_output.yml
 create mode 100644 services/actions/Test_tryHandleWorkflowCallOuterJob/action_variable.yml

diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index 94a9f11ed6..e3e3f4f85f 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -234,7 +234,9 @@ func AggregateJobStatus(jobs []*ActionRunJob) Status {
 	}
 }
 
-func (job *ActionRunJob) decodeWorkflowPayload() (*jobparser.SingleWorkflow, error) {
+// Retrieves the parsed workflow for this specific job.  This field is often accessed multiple times in succession, so
+// the parsed content is cached in-memory on the `ActionRunJob` instance.
+func (job *ActionRunJob) DecodeWorkflowPayload() (*jobparser.SingleWorkflow, error) {
 	if job.workflowPayloadDecoded != nil {
 		return job.workflowPayloadDecoded, nil
 	}
@@ -259,7 +261,7 @@ func (job *ActionRunJob) ClearCachedWorkflowPayload() {
 // then regenerated and deleted.  If it is incomplete, and if the information is available, the specific job and/or
 // output that causes it to be incomplete will be returned as well.
 func (job *ActionRunJob) IsIncompleteMatrix() (bool, *jobparser.IncompleteNeeds, error) {
-	jobWorkflow, err := job.decodeWorkflowPayload()
+	jobWorkflow, err := job.DecodeWorkflowPayload()
 	if err != nil {
 		return false, nil, fmt.Errorf("failure decoding workflow payload: %w", err)
 	}
@@ -269,7 +271,7 @@ func (job *ActionRunJob) IsIncompleteMatrix() (bool, *jobparser.IncompleteNeeds,
 // Checks whether the target job has a `runs-on` field with an expression that requires an input from another job.  The
 // job will be blocked until the other job is complete, and then regenerated and deleted.
 func (job *ActionRunJob) IsIncompleteRunsOn() (bool, *jobparser.IncompleteNeeds, *jobparser.IncompleteMatrix, error) {
-	jobWorkflow, err := job.decodeWorkflowPayload()
+	jobWorkflow, err := job.DecodeWorkflowPayload()
 	if err != nil {
 		return false, nil, nil, fmt.Errorf("failure decoding workflow payload: %w", err)
 	}
@@ -279,7 +281,7 @@ func (job *ActionRunJob) IsIncompleteRunsOn() (bool, *jobparser.IncompleteNeeds,
 // Check whether this job is a caller of a reusable workflow -- in other words, the real work done in this job is in
 // spawned child jobs, not this job.
 func (job *ActionRunJob) IsWorkflowCallOuterJob() (bool, error) {
-	jobWorkflow, err := job.decodeWorkflowPayload()
+	jobWorkflow, err := job.DecodeWorkflowPayload()
 	if err != nil {
 		return false, fmt.Errorf("failure decoding workflow payload: %w", err)
 	}
diff --git a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_task_output.yml b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_task_output.yml
new file mode 100644
index 0000000000..9bf82649c1
--- /dev/null
+++ b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_task_output.yml
@@ -0,0 +1,6 @@
+# Case w/ action_run_job.id = 601
+-
+  id: 100
+  task_id: 100
+  output_key: my_output
+  output_value: 'abcdefghijklmnopqrstuvwxyz'
diff --git a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_variable.yml b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_variable.yml
new file mode 100644
index 0000000000..859f90ae34
--- /dev/null
+++ b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_variable.yml
@@ -0,0 +1,22 @@
+# Case w/ action_run_job.id = 601
+-
+  id: 1001
+  name: REPO_VAR
+  owner_id: 0
+  repo_id: 63
+  data: "this is a repo variable"
+  created_unix: 1737000000
+-
+  id: 1002
+  name: ORG_VAR
+  owner_id: 2
+  repo_id: 0
+  data: "this is an org variable"
+  created_unix: 1737000000
+-
+  id: 1003
+  name: GLOBAL_VAR
+  owner_id: 0
+  repo_id: 0
+  data: "this is a global variable"
+  created_unix: 1737000000
diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index 55e05aa712..4e61029878 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -391,8 +391,49 @@ func tryHandleWorkflowCallOuterJob(ctx context.Context, job *actions_model.Actio
 		return nil, nil
 	}
 
-	// Insert a placeholder task; this will be used in the future to store computed outputs
-	actionTask, err := actions_model.CreatePlaceholderTask(ctx, job, map[string]string{})
+	// Gather all the data that is needed to perform an expression evaluation of the job's outputs:
+	singleWorkflow, err := job.DecodeWorkflowPayload()
+	if err != nil {
+		return nil, fmt.Errorf("failure to decode workflow payload: %w", err)
+	}
+	err = job.LoadRun(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failure to load job's run: %w", err)
+	}
+	err = job.Run.LoadRepo(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failure to load run's repo: %w", err)
+	}
+	githubContext := generateGiteaContextForRun(job.Run)
+	taskNeeds, err := FindTaskNeeds(ctx, job)
+	if err != nil {
+		return nil, fmt.Errorf("failure to 'needs' for job: %w", err)
+	}
+	needs := make([]string, 0, len(taskNeeds))
+	jobResults := make(map[string]string, len(taskNeeds))
+	jobOutputs := make(map[string]map[string]string, len(taskNeeds))
+	for jobID, n := range taskNeeds {
+		needs = append(needs, jobID)
+		jobResults[jobID] = n.Result.String()
+		jobOutputs[jobID] = n.Outputs
+	}
+	vars, err := actions_model.GetVariablesOfRun(ctx, job.Run)
+	if err != nil {
+		return nil, fmt.Errorf("failure to 'var' for run: %w", err)
+	}
+
+	// With all the required contexts, we can calculate the outputs.
+	outputs := jobparser.EvaluateWorkflowCallOutputs(
+		singleWorkflow,
+		githubContext,
+		vars,
+		needs,
+		jobResults,
+		jobOutputs,
+	)
+
+	// Insert a placeholder task with all the computed outputs
+	actionTask, err := actions_model.CreatePlaceholderTask(ctx, job, outputs)
 	if err != nil {
 		return nil, fmt.Errorf("failure to insert placeholder task: %w", err)
 	}
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index 5e1885c709..0bfa10d7ea 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -440,7 +440,15 @@ func Test_tryHandleWorkflowCallOuterJob(t *testing.T) {
 			name:         "outputs for every context",
 			runJobID:     601,
 			updateFields: []string{"task_id"},
-			outputs:      map[string]string{},
+			outputs: map[string]string{
+				"from_inner_job":        "abcdefghijklmnopqrstuvwxyz",
+				"from_inner_job_result": "success",
+				"from_forgejo_ctx":      "refs/heads/main",
+				"from_input_ctx":        "hello, world!",
+				"from_vars_repo":        "this is a repo variable",
+				"from_vars_org":         "this is an org variable",
+				"from_vars_global":      "this is a global variable",
+			},
 		},
 	}
 	for _, tt := range tests {

From f25f4447ac5e6b5aa3946fb3915b6e3cb27554f0 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 28 Dec 2025 22:49:49 +0100
Subject: [PATCH 062/854] feat: provide multiple tasks to Runner in one
 FetchTask when requested (#10602)

Permits the Forgejo to return multiple tasks to the Runner in one API call, if requested.  Fixes #8917.

Related runner PR: https://code.forgejo.org/forgejo/runner/pulls/1245

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10602
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 routers/api/actions/runner/runner.go         | 23 ++++-
 tests/integration/actions_fetch_task_test.go | 89 ++++++++++++++++++++
 tests/integration/actions_runner_test.go     | 29 +++++++
 3 files changed, 139 insertions(+), 2 deletions(-)
 create mode 100644 tests/integration/actions_fetch_task_test.go

diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go
index 83a93cb1c9..3ee402733e 100644
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -152,6 +152,7 @@ func (s *Service) FetchTask(
 		latestVersion++
 	}
 
+	var additionalTasks []*runnerv1.Task
 	if tasksVersion != latestVersion {
 		// if the task version in request is not equal to the version in db,
 		// it means there may still be some tasks not be assigned.
@@ -162,10 +163,28 @@ func (s *Service) FetchTask(
 		} else if ok {
 			task = t
 		}
+
+		taskCapacity := req.Msg.GetTaskCapacity()
+		taskCapacity-- // remove 1 for the task already fetched as `task`
+		for taskCapacity > 0 {
+			if t, ok, err := actions_service.PickTask(ctx, runner); err != nil {
+				// Don't return an error to the client/runner -- we've already assigned one-or-more tasks to the runner
+				// and if we don't return them, they can't be picked up by another runner and will become zombie tasks.
+				// Log the error and return the tasks we've assigned so far.
+				log.Error("pick task failed: %v", err)
+				break
+			} else if ok {
+				additionalTasks = append(additionalTasks, t)
+				taskCapacity--
+			} else {
+				break
+			}
+		}
 	}
 	res := connect.NewResponse(&runnerv1.FetchTaskResponse{
-		Task:         task,
-		TasksVersion: latestVersion,
+		Task:            task,
+		TasksVersion:    latestVersion,
+		AdditionalTasks: additionalTasks,
 	})
 	return res, nil
 }
diff --git a/tests/integration/actions_fetch_task_test.go b/tests/integration/actions_fetch_task_test.go
new file mode 100644
index 0000000000..7416896be4
--- /dev/null
+++ b/tests/integration/actions_fetch_task_test.go
@@ -0,0 +1,89 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/url"
+	"strings"
+	"testing"
+
+	unit_model "forgejo.org/models/unit"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/setting"
+	files_service "forgejo.org/services/repository/files"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestActionFetchTask_TaskCapacity(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		// mock repo runner only supported on SQLite testing
+		t.Skip()
+	}
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		// create the repo
+		repo, _, f := tests.CreateDeclarativeRepo(t, user2, "repo-many-tasks",
+			[]unit_model.Type{unit_model.TypeActions}, nil,
+			[]*files_service.ChangeRepoFile{
+				{
+					Operation: "create",
+					TreePath:  ".forgejo/workflows/matrix.yml",
+					ContentReader: strings.NewReader(`
+on:
+  push:
+jobs:
+  job1:
+    strategy:
+      # matrix creates 125 different jobs from one push...
+      matrix:
+        d1: [a, b, c, d, e]
+        d2: [a, b, c, d, e]
+        d3: [a, b, c, d, e]
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo ${{ matrix.d1 }} ${{ matrix.d2 }} ${{ matrix.d3 }}
+      - run: sleep 2
+`),
+				},
+			},
+		)
+		defer f()
+
+		runner := newMockRunner()
+		runner.registerAsRepoRunner(t, user2.Name, repo.Name, "mock-runner", []string{"ubuntu-latest"})
+
+		// Fetch with TaskCapacity undefined, set to nil, should return a single pending task
+		task := runner.fetchTask(t)
+		require.NotNil(t, task)
+		assert.Contains(t, string(task.GetWorkflowPayload()), "name: job1 (a, a, a)")
+
+		// After successfully fetching a task, the runner sets their next requested version to 0.  This allows it to
+		// fetch back-to-back tasks without requiring that a server-side state change occurs.  That behaviour is
+		// replicated here:
+		runner.lastTasksVersion = 0
+
+		// Fetch with TaskCapacity set to 1; additional should be nil
+		capacity := int64(1)
+		task, addt := runner.fetchMultipleTasks(t, &capacity)
+		require.NotNil(t, task, "task")
+		assert.Nil(t, addt, "addt")
+		assert.Contains(t, string(task.GetWorkflowPayload()), "name: job1 (a, a, b)")
+
+		runner.lastTasksVersion = 0
+
+		capacity = 10
+		task, addt = runner.fetchMultipleTasks(t, &capacity)
+		require.NotNil(t, task, "task")
+		require.NotNil(t, addt, "addt")
+		assert.Contains(t, string(task.GetWorkflowPayload()), "name: job1 (a, a, c)")
+		require.Len(t, addt, 9)
+		assert.Contains(t, string(addt[0].GetWorkflowPayload()), "name: job1 (a, a, d)")
+	})
+}
diff --git a/tests/integration/actions_runner_test.go b/tests/integration/actions_runner_test.go
index 6cedaf6def..83e544464e 100644
--- a/tests/integration/actions_runner_test.go
+++ b/tests/integration/actions_runner_test.go
@@ -123,6 +123,35 @@ func (r *mockRunner) fetchTask(t *testing.T, timeout ...time.Duration) *runnerv1
 	return task
 }
 
+func (r *mockRunner) maybeFetchMultipleTasks(t *testing.T, taskCapacity *int64) (*runnerv1.Task, []*runnerv1.Task) {
+	resp, err := r.client.runnerServiceClient.FetchTask(t.Context(), connect.NewRequest(&runnerv1.FetchTaskRequest{
+		TasksVersion: r.lastTasksVersion,
+		TaskCapacity: taskCapacity,
+	}))
+	require.NoError(t, err)
+	r.lastTasksVersion = resp.Msg.TasksVersion
+	return resp.Msg.Task, resp.Msg.AdditionalTasks
+}
+
+func (r *mockRunner) fetchMultipleTasks(t *testing.T, taskCapacity *int64, timeout ...time.Duration) (*runnerv1.Task, []*runnerv1.Task) {
+	fetchTimeout := 10 * time.Second
+	if len(timeout) > 0 {
+		fetchTimeout = timeout[0]
+	}
+	var task *runnerv1.Task
+	var additional []*runnerv1.Task
+	require.Eventually(t, func() bool {
+		maybeTask, maybeAdditional := r.maybeFetchMultipleTasks(t, taskCapacity)
+		if maybeTask != nil {
+			task = maybeTask
+			additional = maybeAdditional
+			return true
+		}
+		return false
+	}, fetchTimeout, time.Millisecond*100, "failed to fetch a task")
+	return task, additional
+}
+
 type mockTaskOutcome struct {
 	result  runnerv1.Result
 	outputs map[string]string

From be33ac7b8bb7607f0da60e81a2092d841fe8c29b Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 29 Dec 2025 02:38:05 +0100
Subject: [PATCH 063/854] Update renovate to v42.66.11 (forgejo) (#10618)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 56bd69fc20..f9da8c787f 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:42.66.9
+      image: data.forgejo.org/renovate/renovate:42.66.11
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index f7fdbfe3e8..7afadaa493 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.40.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@42.66.9 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@42.66.11 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From 81cce58a486912bbc29f8c2ecece9b004757f220 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Mon, 29 Dec 2025 02:50:20 +0100
Subject: [PATCH 064/854] migration: update existing foreign key migrations to
 automatically fix inconsistencies (#10568)

Changes foreign key database inconsistency handling so that inconsistent records are automatically deleted with an administrator warning during migration.  As noted in discussion: https://codeberg.org/forgejo/discussions/issues/385#issuecomment-9175566

Intended for backport to v14 to eliminate pain during upgrades.

Because these migrations are now deleting data, rather than allowing the administrator to do it, all migrations have been covered with an integration test that verifies expected data is deleted.  This is particularly interesting with nullable fields.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10568
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .../forgejo_migrations/foreign_key_utils.go   | 36 ++++-----
 .../v14a_add-foreign-keys-collaboration.go    |  9 ++-
 ...14a_add-foreign-keys-collaboration_test.go | 53 +++++++++++++
 ...14a_add-foreign-keys-forgejo_auth_token.go |  6 +-
 ...dd-foreign-keys-forgejo_auth_token_test.go | 50 +++++++++++++
 .../v14a_add-foreign-keys-pull_request-1.go   |  9 ++-
 ...4a_add-foreign-keys-pull_request-1_test.go | 69 +++++++++++++++++
 models/forgejo_migrations_legacy/v41.go       | 56 +++++++++-----
 models/forgejo_migrations_legacy/v41_test.go  | 75 +++++++++++++++++++
 models/forgejo_migrations_legacy/v44.go       |  9 ++-
 models/forgejo_migrations_legacy/v44_test.go  | 50 +++++++++++++
 .../Test_AddForeignKeysAccess/access.yml      | 28 +++++++
 .../Test_AddForeignKeysAccess/repository.yml  |  2 +
 .../tracked_time.yml                          | 33 ++++++++
 .../Test_AddForeignKeysAccess/user.yml        |  2 +
 .../issue.yml                                 |  2 +
 .../stopwatch.yml                             | 28 +++++++
 .../tracked_time.yml                          | 33 ++++++++
 .../user.yml                                  |  2 +
 .../collaboration.yml                         | 16 ++++
 .../repository.yml                            |  2 +
 .../Test_addForeignKeysCollaboration/user.yml |  2 +
 .../forgejo_auth_token.yml                    | 16 ++++
 .../user.yml                                  |  2 +
 .../Test_addForeignKeysPullRequest1/issue.yml |  2 +
 .../pull_request.yml                          | 28 +++++++
 .../repository.yml                            |  2 +
 27 files changed, 578 insertions(+), 44 deletions(-)
 create mode 100644 models/forgejo_migrations/v14a_add-foreign-keys-collaboration_test.go
 create mode 100644 models/forgejo_migrations/v14a_add-foreign-keys-forgejo_auth_token_test.go
 create mode 100644 models/forgejo_migrations/v14a_add-foreign-keys-pull_request-1_test.go
 create mode 100644 models/forgejo_migrations_legacy/v41_test.go
 create mode 100644 models/forgejo_migrations_legacy/v44_test.go
 create mode 100644 models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/access.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/repository.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/tracked_time.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/user.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/issue.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/stopwatch.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/tracked_time.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/user.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/collaboration.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/repository.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/user.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_addForeignKeysForgejoAuthToken/forgejo_auth_token.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_addForeignKeysForgejoAuthToken/user.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/issue.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/pull_request.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/repository.yml

diff --git a/models/forgejo_migrations/foreign_key_utils.go b/models/forgejo_migrations/foreign_key_utils.go
index fc2680e43e..2a792fd66b 100644
--- a/models/forgejo_migrations/foreign_key_utils.go
+++ b/models/forgejo_migrations/foreign_key_utils.go
@@ -4,28 +4,30 @@
 package forgejo_migrations
 
 import (
-	"errors"
+	"fmt"
 
 	"forgejo.org/modules/log"
 
+	"xorm.io/builder"
 	"xorm.io/xorm"
 )
 
-func syncDoctorForeignKey(x *xorm.Engine, beans []any) error {
-	for _, bean := range beans {
-		// Sync() drops indexes by default, which will cause unnecessary rebuilding of indexes when syncDoctorForeignKey
-		// is used with partial bean definitions; so we disable that option
-		_, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, bean)
-		if err != nil {
-			if errors.Is(err, xorm.ErrForeignKeyViolation) {
-				tableName := x.TableName(bean)
-				log.Error(
-					"Foreign key creation on table %s failed. Run `forgejo doctor check --all` to identify the orphaned records preventing this foreign key from being created. Error was: %v",
-					tableName, err)
-				return err
-			}
-			return err
-		}
+// syncForeignKeyWithDelete will delete any records that match `cond`, and if present, log and warn to the
+// administrator; then it will perform an `xorm.Sync()` in order to create foreign keys on the table definition.
+func syncForeignKeyWithDelete(x *xorm.Engine, bean any, cond builder.Cond) error {
+	rowsDeleted, err := x.Where(cond).Delete(bean)
+	if err != nil {
+		return fmt.Errorf("failure to delete inconsistent records before foreign key sync: %w", err)
 	}
-	return nil
+	if rowsDeleted > 0 {
+		tableName := x.TableName(bean)
+		log.Warn(
+			"Foreign key creation on table %s required deleting %d records with inconsistent foreign key values.",
+			tableName, rowsDeleted)
+	}
+
+	// Sync() drops indexes by default, which will cause unnecessary rebuilding of indexes when syncForeignKeyWithDelete
+	// is used with partial bean definitions; so we disable that option
+	_, err = x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, bean)
+	return err
 }
diff --git a/models/forgejo_migrations/v14a_add-foreign-keys-collaboration.go b/models/forgejo_migrations/v14a_add-foreign-keys-collaboration.go
index a52e8d6220..774dfe158c 100644
--- a/models/forgejo_migrations/v14a_add-foreign-keys-collaboration.go
+++ b/models/forgejo_migrations/v14a_add-foreign-keys-collaboration.go
@@ -4,6 +4,7 @@
 package forgejo_migrations
 
 import (
+	"xorm.io/builder"
 	"xorm.io/xorm"
 )
 
@@ -19,7 +20,11 @@ func addForeignKeysCollaboration(x *xorm.Engine) error {
 		RepoID int64 `xorm:"UNIQUE(s) INDEX NOT NULL REFERENCES(repository, id)"`
 		UserID int64 `xorm:"UNIQUE(s) INDEX NOT NULL REFERENCES(user, id)"`
 	}
-	return syncDoctorForeignKey(x, []any{
+	return syncForeignKeyWithDelete(x,
 		new(Collaboration),
-	})
+		builder.Or(
+			builder.Expr("NOT EXISTS (SELECT id FROM repository WHERE repository.id = collaboration.repo_id)"),
+			builder.Expr("NOT EXISTS (SELECT id FROM `user` WHERE `user`.id = collaboration.user_id)"),
+		),
+	)
 }
diff --git a/models/forgejo_migrations/v14a_add-foreign-keys-collaboration_test.go b/models/forgejo_migrations/v14a_add-foreign-keys-collaboration_test.go
new file mode 100644
index 0000000000..657bdf377a
--- /dev/null
+++ b/models/forgejo_migrations/v14a_add-foreign-keys-collaboration_test.go
@@ -0,0 +1,53 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+	"forgejo.org/modules/timeutil"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_addForeignKeysCollaboration(t *testing.T) {
+	type AccessMode int
+	type Collaboration struct {
+		ID          int64              `xorm:"pk autoincr"`
+		RepoID      int64              `xorm:"UNIQUE(s) INDEX NOT NULL"`
+		UserID      int64              `xorm:"UNIQUE(s) INDEX NOT NULL"`
+		Mode        AccessMode         `xorm:"DEFAULT 2 NOT NULL"`
+		CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
+		UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
+	}
+	type Repository struct {
+		ID int64 `xorm:"pk autoincr"`
+	}
+	type User struct {
+		ID int64 `xorm:"pk autoincr"`
+	}
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(User), new(Repository), new(Collaboration))
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	require.NoError(t, addForeignKeysCollaboration(x))
+
+	var remainingRecords []*Collaboration
+	require.NoError(t,
+		db.GetEngine(t.Context()).
+			Table("collaboration").
+			Select("`id`, `repo_id`, `user_id`").
+			OrderBy("`id`").
+			Find(&remainingRecords))
+	assert.Equal(t,
+		[]*Collaboration{
+			{ID: 1, UserID: 1, RepoID: 1},
+		},
+		remainingRecords)
+}
diff --git a/models/forgejo_migrations/v14a_add-foreign-keys-forgejo_auth_token.go b/models/forgejo_migrations/v14a_add-foreign-keys-forgejo_auth_token.go
index a5d8126d91..4aea62da50 100644
--- a/models/forgejo_migrations/v14a_add-foreign-keys-forgejo_auth_token.go
+++ b/models/forgejo_migrations/v14a_add-foreign-keys-forgejo_auth_token.go
@@ -4,6 +4,7 @@
 package forgejo_migrations
 
 import (
+	"xorm.io/builder"
 	"xorm.io/xorm"
 )
 
@@ -18,7 +19,8 @@ func addForeignKeysForgejoAuthToken(x *xorm.Engine) error {
 	type ForgejoAuthToken struct {
 		UID int64 `xorm:"INDEX REFERENCES(user, id)"`
 	}
-	return syncDoctorForeignKey(x, []any{
+	return syncForeignKeyWithDelete(x,
 		new(ForgejoAuthToken),
-	})
+		builder.Expr("NOT EXISTS (SELECT id FROM `user` WHERE `user`.id = forgejo_auth_token.uid)"),
+	)
 }
diff --git a/models/forgejo_migrations/v14a_add-foreign-keys-forgejo_auth_token_test.go b/models/forgejo_migrations/v14a_add-foreign-keys-forgejo_auth_token_test.go
new file mode 100644
index 0000000000..7f01a9ccf3
--- /dev/null
+++ b/models/forgejo_migrations/v14a_add-foreign-keys-forgejo_auth_token_test.go
@@ -0,0 +1,50 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+	"forgejo.org/modules/timeutil"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_addForeignKeysForgejoAuthToken(t *testing.T) {
+	type AuthorizationPurpose string
+	type ForgejoAuthToken struct {
+		ID              int64  `xorm:"pk autoincr"`
+		UID             int64  `xorm:"INDEX"`
+		LookupKey       string `xorm:"INDEX UNIQUE"`
+		HashedValidator string
+		Purpose         AuthorizationPurpose `xorm:"NOT NULL DEFAULT 'long_term_authorization'"`
+		Expiry          timeutil.TimeStamp
+	}
+	type User struct {
+		ID int64 `xorm:"pk autoincr"`
+	}
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(User), new(ForgejoAuthToken))
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	require.NoError(t, addForeignKeysForgejoAuthToken(x))
+
+	var remainingRecords []*ForgejoAuthToken
+	require.NoError(t,
+		db.GetEngine(t.Context()).
+			Table("forgejo_auth_token").
+			Select("`id`, `uid`").
+			OrderBy("`id`").
+			Find(&remainingRecords))
+	assert.Equal(t,
+		[]*ForgejoAuthToken{
+			{ID: 1, UID: 1},
+		},
+		remainingRecords)
+}
diff --git a/models/forgejo_migrations/v14a_add-foreign-keys-pull_request-1.go b/models/forgejo_migrations/v14a_add-foreign-keys-pull_request-1.go
index 6d262f385f..6e67207c7d 100644
--- a/models/forgejo_migrations/v14a_add-foreign-keys-pull_request-1.go
+++ b/models/forgejo_migrations/v14a_add-foreign-keys-pull_request-1.go
@@ -4,6 +4,7 @@
 package forgejo_migrations
 
 import (
+	"xorm.io/builder"
 	"xorm.io/xorm"
 )
 
@@ -19,7 +20,11 @@ func addForeignKeysPullRequest1(x *xorm.Engine) error {
 		IssueID    int64 `xorm:"INDEX REFERENCES(issue, id)"`
 		BaseRepoID int64 `xorm:"INDEX REFERENCES(repository, id)"`
 	}
-	return syncDoctorForeignKey(x, []any{
+	return syncForeignKeyWithDelete(x,
 		new(PullRequest),
-	})
+		builder.Or(
+			builder.Expr("NOT EXISTS (SELECT id FROM issue WHERE issue.id = pull_request.issue_id)"),
+			builder.Expr("NOT EXISTS (SELECT id FROM repository WHERE repository.id = pull_request.base_repo_id)"),
+		),
+	)
 }
diff --git a/models/forgejo_migrations/v14a_add-foreign-keys-pull_request-1_test.go b/models/forgejo_migrations/v14a_add-foreign-keys-pull_request-1_test.go
new file mode 100644
index 0000000000..ebe8600350
--- /dev/null
+++ b/models/forgejo_migrations/v14a_add-foreign-keys-pull_request-1_test.go
@@ -0,0 +1,69 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+	"forgejo.org/modules/timeutil"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_addForeignKeysPullRequest1(t *testing.T) {
+	type PullRequestType int
+	type PullRequestStatus int
+	type PullRequestFlow int
+	type PullRequest struct {
+		ID                    int64 `xorm:"pk autoincr"`
+		Type                  PullRequestType
+		Status                PullRequestStatus
+		ConflictedFiles       []string `xorm:"TEXT JSON"`
+		CommitsAhead          int
+		CommitsBehind         int
+		ChangedProtectedFiles []string `xorm:"TEXT JSON"`
+		IssueID               int64    `xorm:"INDEX"`
+		Index                 int64
+		HeadRepoID            int64 `xorm:"INDEX"`
+		BaseRepoID            int64 `xorm:"INDEX"`
+		HeadBranch            string
+		BaseBranch            string
+		MergeBase             string             `xorm:"VARCHAR(64)"`
+		AllowMaintainerEdit   bool               `xorm:"NOT NULL DEFAULT false"`
+		HasMerged             bool               `xorm:"INDEX"`
+		MergedCommitID        string             `xorm:"VARCHAR(64)"`
+		MergerID              int64              `xorm:"INDEX"`
+		MergedUnix            timeutil.TimeStamp `xorm:"updated INDEX"`
+		Flow                  PullRequestFlow    `xorm:"NOT NULL DEFAULT 0"`
+	}
+	type Repository struct {
+		ID int64 `xorm:"pk autoincr"`
+	}
+	type Issue struct {
+		ID int64 `xorm:"pk autoincr"`
+	}
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(Issue), new(Repository), new(PullRequest))
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	require.NoError(t, addForeignKeysPullRequest1(x))
+
+	var remainingRecords []*PullRequest
+	require.NoError(t,
+		db.GetEngine(t.Context()).
+			Table("pull_request").
+			Select("`id`, `issue_id`, `base_repo_id`").
+			OrderBy("`id`").
+			Find(&remainingRecords))
+	assert.Equal(t,
+		[]*PullRequest{
+			{ID: 1, BaseRepoID: 1, IssueID: 1},
+		},
+		remainingRecords)
+}
diff --git a/models/forgejo_migrations_legacy/v41.go b/models/forgejo_migrations_legacy/v41.go
index 4b3306debd..6dd25486c6 100644
--- a/models/forgejo_migrations_legacy/v41.go
+++ b/models/forgejo_migrations_legacy/v41.go
@@ -4,7 +4,6 @@
 package forgejo_migrations_legacy
 
 import (
-	"errors"
 	"fmt"
 
 	"forgejo.org/modules/log"
@@ -13,23 +12,24 @@ import (
 	"xorm.io/xorm"
 )
 
-func syncDoctorForeignKey(x *xorm.Engine, beans []any) error {
-	for _, bean := range beans {
-		// Sync() drops indexes by default, which will cause unnecessary rebuilding of indexes when syncDoctorForeignKey
-		// is used with partial bean definitions; so we disable that option
-		_, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, bean)
-		if err != nil {
-			if errors.Is(err, xorm.ErrForeignKeyViolation) {
-				tableName := x.TableName(bean)
-				log.Error(
-					"Foreign key creation on table %s failed. Run `forgejo doctor check --all` to identify the orphaned records preventing this foreign key from being created. Error was: %v",
-					tableName, err)
-				return err
-			}
-			return err
-		}
+// syncForeignKeyWithDelete will delete any records that match `cond`, and if present, log and warn to the
+// administrator; then it will perform an `xorm.Sync()` in order to create foreign keys on the table definition.
+func syncForeignKeyWithDelete(x *xorm.Engine, bean any, cond builder.Cond) error {
+	rowsDeleted, err := x.Where(cond).Delete(bean)
+	if err != nil {
+		return fmt.Errorf("failure to delete inconsistent records before foreign key sync: %w", err)
 	}
-	return nil
+	if rowsDeleted > 0 {
+		tableName := x.TableName(bean)
+		log.Warn(
+			"Foreign key creation on table %s required deleting %d records with inconsistent foreign key values.",
+			tableName, rowsDeleted)
+	}
+
+	// Sync() drops indexes by default, which will cause unnecessary rebuilding of indexes when syncForeignKeyWithDelete
+	// is used with partial bean definitions; so we disable that option
+	_, err = x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, bean)
+	return err
 }
 
 func AddForeignKeysStopwatchTrackedTime(x *xorm.Engine) error {
@@ -50,6 +50,7 @@ func AddForeignKeysStopwatchTrackedTime(x *xorm.Engine) error {
 	err := x.Table("tracked_time").
 		Join("LEFT", "`user`", "`tracked_time`.user_id = `user`.id").
 		Where(builder.IsNull{"`user`.id"}).
+		Where(builder.NotNull{"tracked_time.user_id"}).
 		Find(&trackedTime)
 	if err != nil {
 		return err
@@ -63,8 +64,25 @@ func AddForeignKeysStopwatchTrackedTime(x *xorm.Engine) error {
 		}
 	}
 
-	return syncDoctorForeignKey(x, []any{
+	err = syncForeignKeyWithDelete(x,
 		new(Stopwatch),
+		builder.Or(
+			builder.Expr("NOT EXISTS (SELECT id FROM issue WHERE issue.id = stopwatch.issue_id)"),
+			builder.Expr("NOT EXISTS (SELECT id FROM `user` WHERE `user`.id = stopwatch.user_id)"),
+		),
+	)
+	if err != nil {
+		return err
+	}
+
+	return syncForeignKeyWithDelete(x,
 		new(TrackedTime),
-	})
+		builder.Or(
+			builder.And(
+				builder.Expr("user_id IS NOT NULL"),
+				builder.Expr("NOT EXISTS (SELECT id FROM `user` WHERE `user`.id = tracked_time.user_id)"),
+			),
+			builder.Expr("NOT EXISTS (SELECT id FROM issue WHERE issue.id = tracked_time.issue_id)"),
+		),
+	)
 }
diff --git a/models/forgejo_migrations_legacy/v41_test.go b/models/forgejo_migrations_legacy/v41_test.go
new file mode 100644
index 0000000000..47fc7f582e
--- /dev/null
+++ b/models/forgejo_migrations_legacy/v41_test.go
@@ -0,0 +1,75 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations_legacy
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+	"forgejo.org/modules/timeutil"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_AddForeignKeysStopwatchTrackedTime(t *testing.T) {
+	type Stopwatch struct {
+		ID          int64              `xorm:"pk autoincr"`
+		IssueID     int64              `xorm:"INDEX"`
+		UserID      int64              `xorm:"INDEX"`
+		CreatedUnix timeutil.TimeStamp `xorm:"created"`
+	}
+	type TrackedTime struct {
+		ID          int64 `xorm:"pk autoincr"`
+		IssueID     int64 `xorm:"INDEX"`
+		UserID      int64 `xorm:"INDEX"`
+		CreatedUnix int64 `xorm:"created"`
+		Time        int64 `xorm:"NOT NULL"`
+		Deleted     bool  `xorm:"NOT NULL DEFAULT false"`
+	}
+	type User struct {
+		ID int64 `xorm:"pk autoincr"`
+	}
+	type Issue struct {
+		ID int64 `xorm:"pk autoincr"`
+	}
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(User), new(Issue), new(Stopwatch), new(TrackedTime))
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	require.NoError(t, AddForeignKeysStopwatchTrackedTime(x))
+
+	var remainingStopwatch []*Stopwatch
+	require.NoError(t,
+		db.GetEngine(t.Context()).
+			Table("stopwatch").
+			Select("`id`, `issue_id`, `user_id`").
+			OrderBy("`id`").
+			Find(&remainingStopwatch))
+	assert.Equal(t,
+		[]*Stopwatch{
+			{1, 1, 1, 0},
+		},
+		remainingStopwatch,
+		"stopwatch")
+
+	var remainingTrackedTime []*TrackedTime
+	require.NoError(t,
+		db.GetEngine(t.Context()).
+			Table("tracked_time").
+			Select("`id`, `issue_id`, `user_id`").
+			OrderBy("`id`").
+			Find(&remainingTrackedTime))
+	assert.Equal(t,
+		[]*TrackedTime{
+			{ID: 1, IssueID: 1, UserID: 1},
+			{ID: 4, IssueID: 1, UserID: 0},
+			{ID: 5, IssueID: 1, UserID: 0},
+		},
+		remainingTrackedTime,
+		"tracked_time")
+}
diff --git a/models/forgejo_migrations_legacy/v44.go b/models/forgejo_migrations_legacy/v44.go
index 459c7ac29d..9f2fcef4f4 100644
--- a/models/forgejo_migrations_legacy/v44.go
+++ b/models/forgejo_migrations_legacy/v44.go
@@ -4,6 +4,7 @@
 package forgejo_migrations_legacy
 
 import (
+	"xorm.io/builder"
 	"xorm.io/xorm"
 )
 
@@ -12,7 +13,11 @@ func AddForeignKeysAccess(x *xorm.Engine) error {
 		UserID int64 `xorm:"UNIQUE(s) REFERENCES(user, id)"`
 		RepoID int64 `xorm:"UNIQUE(s) REFERENCES(repository, id)"`
 	}
-	return syncDoctorForeignKey(x, []any{
+	return syncForeignKeyWithDelete(x,
 		new(Access),
-	})
+		builder.Or(
+			builder.Expr("NOT EXISTS (SELECT id FROM repository WHERE repository.id = access.repo_id)"),
+			builder.Expr("NOT EXISTS (SELECT id FROM `user` WHERE `user`.id = access.user_id)"),
+		),
+	)
 }
diff --git a/models/forgejo_migrations_legacy/v44_test.go b/models/forgejo_migrations_legacy/v44_test.go
new file mode 100644
index 0000000000..e78aa2fe46
--- /dev/null
+++ b/models/forgejo_migrations_legacy/v44_test.go
@@ -0,0 +1,50 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations_legacy
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_AddForeignKeysAccess(t *testing.T) {
+	type AccessMode int
+	type Access struct {
+		ID     int64 `xorm:"pk autoincr"`
+		UserID int64 `xorm:"UNIQUE(s)"`
+		RepoID int64 `xorm:"UNIQUE(s)"`
+		Mode   AccessMode
+	}
+	type User struct {
+		ID int64 `xorm:"pk autoincr"`
+	}
+	type Repository struct {
+		ID int64 `xorm:"pk autoincr"`
+	}
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(User), new(Repository), new(Access))
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	require.NoError(t, AddForeignKeysAccess(x))
+
+	var remainingRecords []*Access
+	require.NoError(t,
+		db.GetEngine(t.Context()).
+			Table("access").
+			Select("`id`, `user_id`, `repo_id`").
+			OrderBy("`id`").
+			Find(&remainingRecords))
+	assert.Equal(t,
+		[]*Access{
+			{ID: 1, UserID: 1, RepoID: 1},
+		},
+		remainingRecords)
+}
diff --git a/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/access.yml b/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/access.yml
new file mode 100644
index 0000000000..8ce770fbd0
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/access.yml
@@ -0,0 +1,28 @@
+-
+  id: 1
+  repo_id: 1
+  user_id: 1
+
+# Expected to be deleted due to invalid repository foreign key
+-
+  id: 2
+  repo_id: 100
+  user_id: 1
+
+# Expected to be deleted due to null repository foreign key
+-
+  id: 3
+  repo_id: null
+  user_id: 1
+
+# Expected to be deleted due to invalid user foreign key
+-
+  id: 4
+  repo_id: 1
+  user_id: 100
+
+# Expected to be deleted due to null user foreign key
+-
+  id: 5
+  repo_id: 1
+  user_id: null
diff --git a/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/repository.yml b/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/repository.yml
new file mode 100644
index 0000000000..a88c2ef89f
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/repository.yml
@@ -0,0 +1,2 @@
+-
+  id: 1
diff --git a/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/tracked_time.yml b/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/tracked_time.yml
new file mode 100644
index 0000000000..0be83d55a5
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/tracked_time.yml
@@ -0,0 +1,33 @@
+-
+  id: 1
+  issue_id: 1
+  user_id: 1
+  time: 100
+
+# Expected to be deleted due to invalid issue foreign key
+-
+  id: 2
+  issue_id: 100
+  user_id: 1
+  time: 100
+
+# Expected to be deleted due to null issue foreign key
+-
+  id: 3
+  issue_id: null
+  user_id: 1
+  time: 100
+
+# Expected to be retained with null, due to invalid user foreign key
+-
+  id: 4
+  issue_id: 1
+  user_id: 100
+  time: 100
+
+# Expected to be retained with null user foreign key
+-
+  id: 5
+  issue_id: 1
+  user_id: null
+  time: 100
diff --git a/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/user.yml b/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/user.yml
new file mode 100644
index 0000000000..a88c2ef89f
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_AddForeignKeysAccess/user.yml
@@ -0,0 +1,2 @@
+-
+  id: 1
diff --git a/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/issue.yml b/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/issue.yml
new file mode 100644
index 0000000000..a88c2ef89f
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/issue.yml
@@ -0,0 +1,2 @@
+-
+  id: 1
diff --git a/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/stopwatch.yml b/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/stopwatch.yml
new file mode 100644
index 0000000000..5d84c3a78d
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/stopwatch.yml
@@ -0,0 +1,28 @@
+-
+  id: 1
+  issue_id: 1
+  user_id: 1
+
+# Expected to be deleted due to invalid issue foreign key
+-
+  id: 2
+  issue_id: 100
+  user_id: 1
+
+# Expected to be deleted due to null issue foreign key
+-
+  id: 3
+  issue_id: null
+  user_id: 1
+
+# Expected to be deleted due to invalid user foreign key
+-
+  id: 4
+  issue_id: 1
+  user_id: 100
+
+# Expected to be deleted due to null user foreign key
+-
+  id: 5
+  issue_id: 1
+  user_id: null
diff --git a/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/tracked_time.yml b/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/tracked_time.yml
new file mode 100644
index 0000000000..0be83d55a5
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/tracked_time.yml
@@ -0,0 +1,33 @@
+-
+  id: 1
+  issue_id: 1
+  user_id: 1
+  time: 100
+
+# Expected to be deleted due to invalid issue foreign key
+-
+  id: 2
+  issue_id: 100
+  user_id: 1
+  time: 100
+
+# Expected to be deleted due to null issue foreign key
+-
+  id: 3
+  issue_id: null
+  user_id: 1
+  time: 100
+
+# Expected to be retained with null, due to invalid user foreign key
+-
+  id: 4
+  issue_id: 1
+  user_id: 100
+  time: 100
+
+# Expected to be retained with null user foreign key
+-
+  id: 5
+  issue_id: 1
+  user_id: null
+  time: 100
diff --git a/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/user.yml b/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/user.yml
new file mode 100644
index 0000000000..a88c2ef89f
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_AddForeignKeysStopwatchTrackedTime/user.yml
@@ -0,0 +1,2 @@
+-
+  id: 1
diff --git a/models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/collaboration.yml b/models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/collaboration.yml
new file mode 100644
index 0000000000..a96c2340c8
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/collaboration.yml
@@ -0,0 +1,16 @@
+-
+  id: 1
+  user_id: 1
+  repo_id: 1
+
+# Expected to be deleted due to invalid user_id foreign key
+-
+  id: 2
+  user_id: 100
+  repo_id: 1
+
+# Expected to be deleted due to invalid repo_id foreign key
+-
+  id: 3
+  user_id: 1
+  repo_id: 100
diff --git a/models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/repository.yml b/models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/repository.yml
new file mode 100644
index 0000000000..a88c2ef89f
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/repository.yml
@@ -0,0 +1,2 @@
+-
+  id: 1
diff --git a/models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/user.yml b/models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/user.yml
new file mode 100644
index 0000000000..a88c2ef89f
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_addForeignKeysCollaboration/user.yml
@@ -0,0 +1,2 @@
+-
+  id: 1
diff --git a/models/gitea_migrations/fixtures/Test_addForeignKeysForgejoAuthToken/forgejo_auth_token.yml b/models/gitea_migrations/fixtures/Test_addForeignKeysForgejoAuthToken/forgejo_auth_token.yml
new file mode 100644
index 0000000000..ee151f769e
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_addForeignKeysForgejoAuthToken/forgejo_auth_token.yml
@@ -0,0 +1,16 @@
+-
+  id: 1
+  uid: 1
+  lookup_key: key-1
+
+# Expected to be deleted due to invalid user foreign key
+-
+  id: 2
+  uid: 100
+  lookup_key: key-2
+
+# Expected to be deleted due to a null user foreign key
+-
+  id: 3
+  uid: null
+  lookup_key: key-3
diff --git a/models/gitea_migrations/fixtures/Test_addForeignKeysForgejoAuthToken/user.yml b/models/gitea_migrations/fixtures/Test_addForeignKeysForgejoAuthToken/user.yml
new file mode 100644
index 0000000000..a88c2ef89f
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_addForeignKeysForgejoAuthToken/user.yml
@@ -0,0 +1,2 @@
+-
+  id: 1
diff --git a/models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/issue.yml b/models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/issue.yml
new file mode 100644
index 0000000000..a88c2ef89f
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/issue.yml
@@ -0,0 +1,2 @@
+-
+  id: 1
diff --git a/models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/pull_request.yml b/models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/pull_request.yml
new file mode 100644
index 0000000000..390bb2ff4d
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/pull_request.yml
@@ -0,0 +1,28 @@
+-
+  id: 1
+  issue_id: 1
+  base_repo_id: 1
+
+# Expected to be deleted due to invalid issue foreign key
+-
+  id: 2
+  issue_id: 100
+  base_repo_id: 1
+
+# Expected to be deleted due to null issue foreign key
+-
+  id: 3
+  issue_id: null
+  base_repo_id: 1
+
+# Expected to be deleted due to invalid repository foreign key
+-
+  id: 4
+  issue_id: 1
+  base_repo_id: 100
+
+# Expected to be deleted due to null repository foreign key
+-
+  id: 5
+  issue_id: 1
+  base_repo_id: null
diff --git a/models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/repository.yml b/models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/repository.yml
new file mode 100644
index 0000000000..a88c2ef89f
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_addForeignKeysPullRequest1/repository.yml
@@ -0,0 +1,2 @@
+-
+  id: 1

From 60fb59a7a0302537b3d2f5bbdc6d1d6216c4e0d1 Mon Sep 17 00:00:00 2001
From: Bram Hagens <bram@bramh.me>
Date: Mon, 29 Dec 2025 02:53:54 +0100
Subject: [PATCH 065/854] fix: display orphan branches separately in commit
 graph (#10484)

Fixes #2705.
Fixes #7635.

This PR fixes the commit graph showing false connections for orphan/root commits. Connection lines are now shown only when a parent/child relationship exists. Visible relationships are determined using `git log`'s `%P` output by the new `ComputeGlyphConnectivity` function. The SVG template is adapted to render vertical lines conditionally.

Unit tests for `ComputeGlyphConnectivity` cover regular linear commit history, orphan commits, merge commits, and non-commit glyphs (`|`, `/`, `\`). Unit tests also cover the changes to the `git log` parsing. The SVG template was verified manually.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10484
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Bram Hagens <bram@bramh.me>
Co-committed-by: Bram Hagens <bram@bramh.me>
---
 services/repository/gitgraph/graph.go        |   5 +-
 services/repository/gitgraph/graph_models.go | 127 +++++++++++++----
 services/repository/gitgraph/graph_test.go   | 139 ++++++++++++++++++-
 services/repository/gitgraph/parser.go       |   3 +
 templates/repo/graph/svgcontainer.tmpl       |  10 +-
 5 files changed, 255 insertions(+), 29 deletions(-)

diff --git a/services/repository/gitgraph/graph.go b/services/repository/gitgraph/graph.go
index bf15baed2a..1d1cea4225 100644
--- a/services/repository/gitgraph/graph.go
+++ b/services/repository/gitgraph/graph.go
@@ -16,7 +16,7 @@ import (
 
 // GetCommitGraph return a list of commit (GraphItems) from all branches
 func GetCommitGraph(r *git.Repository, page, maxAllowedColors int, hidePRRefs bool, branches, files []string) (*Graph, error) {
-	format := "DATA:%D|%H|%aD|%h|%s"
+	format := "DATA:%P|%D|%H|%aD|%h|%s"
 
 	if page == 0 {
 		page = 1
@@ -112,5 +112,8 @@ func GetCommitGraph(r *git.Repository, page, maxAllowedColors int, hidePRRefs bo
 	}); err != nil {
 		return graph, err
 	}
+
+	graph.ComputeGlyphConnectivity()
+
 	return graph, nil
 }
diff --git a/services/repository/gitgraph/graph_models.go b/services/repository/gitgraph/graph_models.go
index 20107cc646..2c4133e1f2 100644
--- a/services/repository/gitgraph/graph_models.go
+++ b/services/repository/gitgraph/graph_models.go
@@ -15,6 +15,7 @@ import (
 	git_model "forgejo.org/models/git"
 	repo_model "forgejo.org/models/repo"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/container"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/log"
 )
@@ -27,18 +28,20 @@ func NewGraph() *Graph {
 		Column: -1,
 	}
 	graph.Flows = map[int64]*Flow{}
+	graph.continuationAbove = map[[2]int]bool{}
 	return graph
 }
 
 // Graph represents a collection of flows
 type Graph struct {
-	Flows          map[int64]*Flow
-	Commits        []*Commit
-	MinRow         int
-	MinColumn      int
-	MaxRow         int
-	MaxColumn      int
-	relationCommit *Commit
+	Flows             map[int64]*Flow
+	Commits           []*Commit
+	MinRow            int
+	MinColumn         int
+	MaxRow            int
+	MaxColumn         int
+	relationCommit    *Commit
+	continuationAbove map[[2]int]bool
 }
 
 // Width returns the width of the graph
@@ -51,6 +54,69 @@ func (graph *Graph) Height() int {
 	return graph.MaxRow - graph.MinRow + 1
 }
 
+// ComputeGlyphConnectivity sets ConnectsUp/ConnectsDown for commit glyphs based on parent/child relationships
+func (graph *Graph) ComputeGlyphConnectivity() {
+	revs := make(container.Set[string])
+	revByPos := make(map[[2]int]string)
+	for _, c := range graph.Commits {
+		if c.Rev != "" {
+			revs.Add(c.Rev)
+			revByPos[[2]int{c.Row, c.Column}] = c.Rev
+		}
+	}
+
+	connectsDown := make(container.Set[string])
+	connectsUp := make(container.Set[string])
+
+	// Commits with parents connect down (even if parent is on another page)
+	// Commits with visible children connect up
+	for _, c := range graph.Commits {
+		if len(c.ParentHashes) > 0 {
+			connectsDown.Add(c.Rev)
+		}
+		for _, parentHash := range c.ParentHashes {
+			if revs.Contains(parentHash) {
+				connectsUp.Add(parentHash)
+			}
+		}
+	}
+
+	// Commits with a non-commit glyph above also connect up
+	for _, flow := range graph.Flows {
+		for _, g := range flow.Glyphs {
+			if g.Glyph != '*' {
+				pos := [2]int{g.Row + 1, g.Column}
+				if rev, exists := revByPos[pos]; exists {
+					connectsUp.Add(rev)
+				}
+			}
+		}
+	}
+
+	// Commits with continuation from previous page connect up
+	for pos := range graph.continuationAbove {
+		if rev, exists := revByPos[pos]; exists {
+			connectsUp.Add(rev)
+		}
+	}
+
+	for _, flow := range graph.Flows {
+		for i := range flow.Glyphs {
+			glyph := &flow.Glyphs[i]
+			if glyph.Glyph == '*' {
+				pos := [2]int{glyph.Row, glyph.Column}
+				if rev, exists := revByPos[pos]; exists {
+					glyph.ConnectsUp = connectsUp.Contains(rev)
+					glyph.ConnectsDown = connectsDown.Contains(rev)
+				}
+			} else {
+				glyph.ConnectsUp = true
+				glyph.ConnectsDown = true
+			}
+		}
+	}
+}
+
 // AddGlyph adds glyph to flows
 func (graph *Graph) AddGlyph(row, column int, flowID int64, color int, glyph byte) {
 	flow, ok := graph.Flows[flowID]
@@ -175,17 +241,19 @@ func (flow *Flow) AddGlyph(row, column int, glyph byte) {
 	}
 
 	flow.Glyphs = append(flow.Glyphs, Glyph{
-		row,
-		column,
-		glyph,
+		Row:    row,
+		Column: column,
+		Glyph:  glyph,
 	})
 }
 
 // Glyph represents a coordinate and glyph
 type Glyph struct {
-	Row    int
-	Column int
-	Glyph  byte
+	Row          int
+	Column       int
+	Glyph        byte
+	ConnectsUp   bool
+	ConnectsDown bool
 }
 
 // RelationCommit represents an empty relation commit
@@ -195,28 +263,36 @@ var RelationCommit = &Commit{
 
 // NewCommit creates a new commit from a provided line
 func NewCommit(row, column int, line []byte) (*Commit, error) {
-	data := bytes.SplitN(line, []byte("|"), 5)
-	if len(data) < 5 {
+	data := bytes.SplitN(line, []byte("|"), 6)
+	if len(data) < 6 {
 		return nil, fmt.Errorf("malformed data section on line %d with commit: %s", row, string(line))
 	}
 	// Format is a slight modification from RFC1123Z
-	t, err := time.Parse("Mon, _2 Jan 2006 15:04:05 -0700", string(data[2]))
+	t, err := time.Parse("Mon, _2 Jan 2006 15:04:05 -0700", string(data[3]))
 	if err != nil {
 		return nil, fmt.Errorf("could not parse date of commit: %w", err)
 	}
+
+	var parents []string
+	for p := range bytes.FieldsSeq(data[0]) {
+		parents = append(parents, string(p))
+	}
+
 	return &Commit{
 		Row:    row,
 		Column: column,
-		// 0 matches git log --pretty=format:%d => ref names, like the --decorate option of git-log(1)
-		Refs: newRefsFromRefNames(data[0]),
-		// 1 matches git log --pretty=format:%H => commit hash
-		Rev: string(data[1]),
-		// 2 matches git log --pretty=format:%aD => author date, RFC2822 style
+		// 0 matches git log --pretty=format:%P => parent hashes
+		ParentHashes: parents,
+		// 1 matches git log --pretty=format:%d => ref names, like the --decorate option of git-log(1)
+		Refs: newRefsFromRefNames(data[1]),
+		// 2 matches git log --pretty=format:%H => commit hash
+		Rev: string(data[2]),
+		// 3 matches git log --pretty=format:%aD => author date, RFC2822 style
 		Date: t,
-		// 3 matches git log --pretty=format:%h => abbreviated commit hash
-		ShortRev: string(data[3]),
-		// 4 matches git log --pretty=format:%s => subject
-		Subject: string(data[4]),
+		// 4 matches git log --pretty=format:%h => abbreviated commit hash
+		ShortRev: string(data[4]),
+		// 5 matches git log --pretty=format:%s => subject
+		Subject: string(data[5]),
 	}, nil
 }
 
@@ -254,6 +330,7 @@ type Commit struct {
 	Date         time.Time
 	ShortRev     string
 	Subject      string
+	ParentHashes []string
 }
 
 // OnlyRelation returns whether this a relation only commit
diff --git a/services/repository/gitgraph/graph_test.go b/services/repository/gitgraph/graph_test.go
index 374341b276..6dafaf03fd 100644
--- a/services/repository/gitgraph/graph_test.go
+++ b/services/repository/gitgraph/graph_test.go
@@ -10,6 +10,9 @@ import (
 	"testing"
 
 	"forgejo.org/modules/git"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func BenchmarkGetCommitGraph(b *testing.B) {
@@ -32,7 +35,7 @@ func BenchmarkGetCommitGraph(b *testing.B) {
 }
 
 func BenchmarkParseCommitString(b *testing.B) {
-	testString := "* DATA:|4e61bacab44e9b4730e44a6615d04098dd3a8eaf|2016-12-20 21:10:41 +0100|4e61bac|Add route for graph"
+	testString := "* DATA:abc123||4e61bacab44e9b4730e44a6615d04098dd3a8eaf|Tue, 20 Dec 2016 21:10:41 +0100|4e61bac|Add route for graph"
 
 	parser := &Parser{}
 	parser.Reset()
@@ -241,7 +244,7 @@ func TestParseGlyphs(t *testing.T) {
 }
 
 func TestCommitStringParsing(t *testing.T) {
-	dataFirstPart := "* DATA:|4e61bacab44e9b4730e44a6615d04098dd3a8eaf|Tue, 20 Dec 2016 21:10:41 +0100|4e61bac|"
+	dataFirstPart := "* DATA:abc123||4e61bacab44e9b4730e44a6615d04098dd3a8eaf|Tue, 20 Dec 2016 21:10:41 +0100|4e61bac|"
 	tests := []struct {
 		shouldPass    bool
 		testName      string
@@ -269,6 +272,138 @@ func TestCommitStringParsing(t *testing.T) {
 	}
 }
 
+func TestNewCommitParentHashes(t *testing.T) {
+	tests := []struct {
+		name            string
+		data            string
+		expectedParents []string
+	}{
+		{
+			name:            "no parents (orphan)",
+			data:            "||4e61bacab44e9b4730e44a6615d04098dd3a8eaf|Tue, 20 Dec 2016 21:10:41 +0100|4e61bac|subject",
+			expectedParents: nil,
+		},
+		{
+			name:            "single parent",
+			data:            "abc123||4e61bacab44e9b4730e44a6615d04098dd3a8eaf|Tue, 20 Dec 2016 21:10:41 +0100|4e61bac|subject",
+			expectedParents: []string{"abc123"},
+		},
+		{
+			name:            "multiple parents (merge)",
+			data:            "abc123 def456||4e61bacab44e9b4730e44a6615d04098dd3a8eaf|Tue, 20 Dec 2016 21:10:41 +0100|4e61bac|subject",
+			expectedParents: []string{"abc123", "def456"},
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			commit, err := NewCommit(0, 0, []byte(test.data))
+			require.NoError(t, err)
+			assert.Equal(t, test.expectedParents, commit.ParentHashes)
+		})
+	}
+}
+
+func TestComputeGlyphConnectivity(t *testing.T) {
+	addCommit := func(graph *Graph, row, col int, hash string, parents []string) {
+		flowID := int64(col + 1)
+		commit := &Commit{Row: row, Column: col, Rev: hash, ParentHashes: parents, Flow: flowID}
+		graph.AddGlyph(row, col, flowID, 1, '*')
+		graph.Commits = append(graph.Commits, commit)
+		graph.Flows[flowID].Commits = append(graph.Flows[flowID].Commits, commit)
+	}
+
+	getCommitConnectivity := func(graph *Graph, row, col int) (up, down bool) {
+		for _, flow := range graph.Flows {
+			for _, g := range flow.Glyphs {
+				if g.Row == row && g.Column == col && g.Glyph == '*' {
+					return g.ConnectsUp, g.ConnectsDown
+				}
+			}
+		}
+		return false, false
+	}
+
+	t.Run("ConnectsDown/no parents", func(t *testing.T) {
+		graph := NewGraph()
+		addCommit(graph, 0, 0, "orphan", nil)
+		graph.ComputeGlyphConnectivity()
+
+		_, down := getCommitConnectivity(graph, 0, 0)
+		assert.False(t, down)
+	})
+
+	t.Run("ConnectsDown/has parent in graph", func(t *testing.T) {
+		graph := NewGraph()
+		addCommit(graph, 0, 0, "child", []string{"parent"})
+		addCommit(graph, 1, 0, "parent", nil)
+		graph.ComputeGlyphConnectivity()
+
+		_, down := getCommitConnectivity(graph, 0, 0)
+		assert.True(t, down)
+	})
+
+	t.Run("ConnectsDown/has parent outside graph", func(t *testing.T) {
+		graph := NewGraph()
+		addCommit(graph, 0, 0, "child", []string{"parent-not-in-graph"})
+		graph.ComputeGlyphConnectivity()
+
+		_, down := getCommitConnectivity(graph, 0, 0)
+		assert.True(t, down)
+	})
+
+	t.Run("ConnectsUp/no child, no glyph above, no continuation", func(t *testing.T) {
+		graph := NewGraph()
+		addCommit(graph, 0, 0, "orphan", nil)
+		graph.ComputeGlyphConnectivity()
+
+		up, _ := getCommitConnectivity(graph, 0, 0)
+		assert.False(t, up)
+	})
+
+	t.Run("ConnectsUp/has visible child", func(t *testing.T) {
+		graph := NewGraph()
+		addCommit(graph, 0, 0, "child", []string{"parent"})
+		addCommit(graph, 1, 0, "parent", nil)
+		graph.ComputeGlyphConnectivity()
+
+		up, _ := getCommitConnectivity(graph, 1, 0)
+		assert.True(t, up)
+	})
+
+	t.Run("ConnectsUp/has non-commit glyph above", func(t *testing.T) {
+		graph := NewGraph()
+		graph.AddGlyph(0, 0, 1, 1, '|')
+		addCommit(graph, 1, 0, "commit", nil)
+		graph.ComputeGlyphConnectivity()
+
+		up, _ := getCommitConnectivity(graph, 1, 0)
+		assert.True(t, up)
+	})
+
+	t.Run("ConnectsUp/has continuationAbove", func(t *testing.T) {
+		graph := NewGraph()
+		addCommit(graph, 0, 0, "commit", nil)
+		graph.continuationAbove[[2]int{0, 0}] = true
+		graph.ComputeGlyphConnectivity()
+
+		up, _ := getCommitConnectivity(graph, 0, 0)
+		assert.True(t, up)
+	})
+
+	t.Run("non-commit glyphs always connect both ways", func(t *testing.T) {
+		for _, glyph := range []byte{'|', '/', '\\'} {
+			graph := NewGraph()
+			graph.AddGlyph(0, 0, 1, 1, glyph)
+			graph.ComputeGlyphConnectivity()
+
+			g := graph.Flows[1].Glyphs[0]
+			assert.True(t, g.ConnectsUp, "glyph %q should connect up", glyph)
+			assert.True(t, g.ConnectsDown, "glyph %q should connect down", glyph)
+		}
+	})
+}
+
 var testglyphs = `* 
 * 
 * 
diff --git a/services/repository/gitgraph/parser.go b/services/repository/gitgraph/parser.go
index f6bf9b0b90..3c98e66273 100644
--- a/services/repository/gitgraph/parser.go
+++ b/services/repository/gitgraph/parser.go
@@ -80,6 +80,9 @@ func (parser *Parser) AddLineToGraph(graph *Graph, row int, line []byte) error {
 				}
 				continue
 			}
+			if column < len(parser.oldGlyphs) && parser.oldGlyphs[column] == '|' {
+				graph.continuationAbove[[2]int{row, column}] = true
+			}
 			err2 := graph.AddCommit(row, column, flowID, line[idx+5:])
 			if err != nil && err2 != nil {
 				err = fmt.Errorf("%v %w", err2, err)
diff --git a/templates/repo/graph/svgcontainer.tmpl b/templates/repo/graph/svgcontainer.tmpl
index 99c3c87399..a04b8d310e 100644
--- a/templates/repo/graph/svgcontainer.tmpl
+++ b/templates/repo/graph/svgcontainer.tmpl
@@ -3,8 +3,16 @@
 		{{range $flowid, $flow := .Graph.Flows}}
 			<g id="flow-{{$flow.ID}}" class="flow-group flow-color-{{$flow.ColorNumber}} flow-color-16-{{$flow.Color16}}" data-flow="{{$flow.ID}}" data-color="{{$flow.ColorNumber}}">
 				<path d="{{range $i, $glyph := $flow.Glyphs -}}
-					{{- if or (eq $glyph.Glyph '*') (eq $glyph.Glyph '|') -}}
+					{{- if eq $glyph.Glyph '|' -}}
 						M {{Eval $glyph.Column "*" 5 "+" 5}} {{Eval $glyph.Row "*" 12 "+" 0}} v 12 {{/* */ -}}
+					{{- else if eq $glyph.Glyph '*' -}}
+						{{- if and $glyph.ConnectsUp $glyph.ConnectsDown -}}
+							M {{Eval $glyph.Column "*" 5 "+" 5}} {{Eval $glyph.Row "*" 12 "+" 0}} v 12 {{/* */ -}}
+						{{- else if $glyph.ConnectsUp -}}
+							M {{Eval $glyph.Column "*" 5 "+" 5}} {{Eval $glyph.Row "*" 12 "+" 0}} v 6 {{/* */ -}}
+						{{- else if $glyph.ConnectsDown -}}
+							M {{Eval $glyph.Column "*" 5 "+" 5}} {{Eval $glyph.Row "*" 12 "+" 6}} v 6 {{/* */ -}}
+						{{- end -}}
 					{{- else if eq $glyph.Glyph '/' -}}
 						M {{Eval $glyph.Column "*" 5 "+" 10}} {{Eval $glyph.Row "*" 12 "+" 0}} l -10 12 {{/* */ -}}
 					{{- else if eq $glyph.Glyph '\\' -}}

From f7d2f51bf77aff2ddafad983271ca8762f877108 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Mon, 29 Dec 2025 15:37:44 +0100
Subject: [PATCH 066/854] feat: support workflow inputs on expanded reusable
 workflows (#10614)

Follow-up to #10525; adds support for `on.workflow_call.inputs` to expanded reusable workflows (when no `runs-on` is specified in a job that `uses: ...` another workflow).

The majority of the work for this is done by the `jobparser` library which evaluates inputs automatically when the job is being parsed and stores those inputs on the expanded jobs as the "default" value in `on.workflow_call.inputs`.  Forgejo's role here is just to to ensure that `forgejo.event_name` is set to `"workflow_call"` when a job is dispatched, which causes the runner to use the inputs that are stored -- https://code.forgejo.org/forgejo/runner/src/commit/34c20aa50f1d65e1f0265b5b5274a0bbe5db128e/act/runner/expression.go#L452-L467.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
- **end-to-end testing**: https://code.forgejo.org/forgejo/end-to-end/pulls/1323

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - https://codeberg.org/forgejo/docs/pulls/1664
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10614): <!--number 10614 --><!--line 0 --><!--description c3VwcG9ydCB3b3JrZmxvdyBpbnB1dHMgb24gZXhwYW5kZWQgcmV1c2FibGUgd29ya2Zsb3dz-->support workflow inputs on expanded reusable workflows<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10614
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/run_job.go        |  9 ++++++
 models/actions/run_job_test.go   | 37 ++++++++++++++++++++++++
 services/actions/context.go      | 15 ++++++++--
 services/actions/context_test.go | 48 ++++++++++++++++++++++++++------
 services/actions/task.go         |  5 +++-
 5 files changed, 103 insertions(+), 11 deletions(-)

diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index e3e3f4f85f..7d943f1410 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -287,3 +287,12 @@ func (job *ActionRunJob) IsWorkflowCallOuterJob() (bool, error) {
 	}
 	return jobWorkflow.Metadata.WorkflowCallID != "", nil
 }
+
+// Check whether the target job was generated as a result of expanding a reusable workflow.
+func (job *ActionRunJob) IsWorkflowCallInnerJob() (bool, error) {
+	jobWorkflow, err := job.DecodeWorkflowPayload()
+	if err != nil {
+		return false, fmt.Errorf("failure decoding workflow payload: %w", err)
+	}
+	return jobWorkflow.Metadata.WorkflowCallParent != "", nil
+}
diff --git a/models/actions/run_job_test.go b/models/actions/run_job_test.go
index 82b055d3fa..231a17f463 100644
--- a/models/actions/run_job_test.go
+++ b/models/actions/run_job_test.go
@@ -196,3 +196,40 @@ func TestActionRunJob_IsWorkflowCallOuterJob(t *testing.T) {
 		})
 	}
 }
+
+func TestActionRunJob_IsWorkflowCallInnerJob(t *testing.T) {
+	tests := []struct {
+		name                   string
+		job                    ActionRunJob
+		isWorkflowCallInnerJob bool
+		errContains            string
+	}{
+		{
+			name:                   "normal workflow",
+			job:                    ActionRunJob{WorkflowPayload: []byte("on: [workflow_dispatch]\nname: workflow")},
+			isWorkflowCallInnerJob: false,
+		},
+		{
+			name:                   "inner job",
+			job:                    ActionRunJob{WorkflowPayload: []byte("on:\n  workflow_call:\nname: workflow\n__metadata:\n  workflow_call_parent: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed\n")},
+			isWorkflowCallInnerJob: true,
+		},
+		{
+			name:        "unparseable workflow",
+			job:         ActionRunJob{WorkflowPayload: []byte("name: []\nincomplete_runs_on: true")},
+			errContains: "failure unmarshaling WorkflowPayload to SingleWorkflow: yaml: unmarshal errors",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			isWorkflowCallInnerJob, err := tt.job.IsWorkflowCallInnerJob()
+			if tt.errContains != "" {
+				assert.ErrorContains(t, err, tt.errContains)
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, tt.isWorkflowCallInnerJob, isWorkflowCallInnerJob)
+			}
+		})
+	}
+}
diff --git a/services/actions/context.go b/services/actions/context.go
index 4e4bfd75ea..d982b231ff 100644
--- a/services/actions/context.go
+++ b/services/actions/context.go
@@ -80,9 +80,20 @@ func generateGiteaContextForRun(run *actions_model.ActionRun) *model.GithubConte
 
 // GenerateGiteaContext generate the gitea context without token and gitea_runtime_token
 // job can be nil when generating a context for parsing workflow-level expressions
-func GenerateGiteaContext(run *actions_model.ActionRun, job *actions_model.ActionRunJob) map[string]any {
+func GenerateGiteaContext(run *actions_model.ActionRun, job *actions_model.ActionRunJob) (map[string]any, error) {
 	gitContextObj := generateGiteaContextForRun(run)
 
+	if job != nil {
+		// Setting the `github.event_name` value to `workflow_call` while executing a reusable workflow's inner job
+		// causes forgejo-runner to read `on.workflow_call.inputs` and populate its values into the `inputs` context.
+		workflowCall, err := job.IsWorkflowCallInnerJob()
+		if err != nil {
+			return nil, fmt.Errorf("failed to inspect workflow call state: %w", err)
+		} else if workflowCall {
+			gitContextObj.EventName = "workflow_call"
+		}
+	}
+
 	gitContext, _ := githubContextToMap(gitContextObj)
 
 	// standard contexts, see https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
@@ -108,7 +119,7 @@ func GenerateGiteaContext(run *actions_model.ActionRun, job *actions_model.Actio
 		gitContext["run_attempt"] = fmt.Sprint(job.Attempt)
 	}
 
-	return gitContext
+	return gitContext, nil
 }
 
 func githubContextToMap(gitContext *model.GithubContext) (map[string]any, error) {
diff --git a/services/actions/context_test.go b/services/actions/context_test.go
index 544543a9c3..665f207219 100644
--- a/services/actions/context_test.go
+++ b/services/actions/context_test.go
@@ -66,7 +66,8 @@ func TestGenerateGiteaContext(t *testing.T) {
 			EventPayload:      `{"repository": {"name": "testrepo"}}`,
 		}
 
-		context := GenerateGiteaContext(run, nil)
+		context, err := GenerateGiteaContext(run, nil)
+		require.NoError(t, err)
 
 		assert.Equal(t, "testuser", context["actor"])
 		assert.Equal(t, setting.AppURL+"api/v1", context["api_url"])
@@ -121,13 +122,15 @@ func TestGenerateGiteaContext(t *testing.T) {
 		}
 
 		job := &actions_model.ActionRunJob{
-			ID:      100,
-			RunID:   1,
-			JobID:   "test-job",
-			Attempt: 1,
+			ID:              100,
+			RunID:           1,
+			JobID:           "test-job",
+			Attempt:         1,
+			WorkflowPayload: []byte("on: [push]"),
 		}
 
-		context := GenerateGiteaContext(run, job)
+		context, err := GenerateGiteaContext(run, job)
+		require.NoError(t, err)
 
 		assert.Equal(t, "test-job", context["job"])
 		assert.Equal(t, "1", context["run_id"])
@@ -166,7 +169,8 @@ func TestGenerateGiteaContext(t *testing.T) {
 			EventPayload:      string(payloadBytes),
 		}
 
-		context := GenerateGiteaContext(run, nil)
+		context, err := GenerateGiteaContext(run, nil)
+		require.NoError(t, err)
 
 		assert.Equal(t, "main", context["base_ref"])
 		assert.Equal(t, "feature-branch", context["head_ref"])
@@ -207,7 +211,8 @@ func TestGenerateGiteaContext(t *testing.T) {
 			EventPayload:      string(payloadBytes),
 		}
 
-		context := GenerateGiteaContext(run, nil)
+		context, err := GenerateGiteaContext(run, nil)
+		require.NoError(t, err)
 
 		assert.Equal(t, "main", context["base_ref"])
 		assert.Equal(t, "feature-branch", context["head_ref"])
@@ -218,6 +223,33 @@ func TestGenerateGiteaContext(t *testing.T) {
 		assert.Equal(t, "branch", context["ref_type"])
 		assert.Equal(t, "testowner/testrepo/.github/workflows/test-workflow.yml@refs/heads/main", context["workflow_ref"])
 	})
+
+	t.Run("workflow_call job", func(t *testing.T) {
+		run := &actions_model.ActionRun{
+			ID:           1,
+			Index:        42,
+			TriggerUser:  testUser,
+			Repo:         testRepo,
+			TriggerEvent: "push",
+			Ref:          "refs/heads/main",
+			CommitSHA:    "abc123def456",
+			WorkflowID:   "test-workflow",
+			EventPayload: `{}`,
+		}
+
+		job := &actions_model.ActionRunJob{
+			ID:              100,
+			RunID:           1,
+			JobID:           "test-job",
+			Attempt:         1,
+			WorkflowPayload: []byte("on: { workflow_call: { inputs: {} } }\n__metadata:\n  workflow_call_parent: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed\n"),
+		}
+
+		context, err := GenerateGiteaContext(run, job)
+		require.NoError(t, err)
+
+		assert.Equal(t, "workflow_call", context["event_name"])
+	})
 }
 
 func TestGenerateGiteaContextForRun(t *testing.T) {
diff --git a/services/actions/task.go b/services/actions/task.go
index f4ad230b0c..277c2f6ca0 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -88,7 +88,10 @@ func generateTaskContext(t *actions_model.ActionTask) (*structpb.Struct, error)
 		return nil, err
 	}
 
-	gitCtx := GenerateGiteaContext(t.Job.Run, t.Job)
+	gitCtx, err := GenerateGiteaContext(t.Job.Run, t.Job)
+	if err != nil {
+		return nil, err
+	}
 	gitCtx["token"] = t.Token
 	gitCtx["gitea_runtime_token"] = giteaRuntimeToken
 

From 4b0130584fe6b945cb1c59e32125b4ca520fc2de Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Mon, 29 Dec 2025 20:04:47 +0100
Subject: [PATCH 067/854] fix: don't stretch activity top author image (#10556)

This is a followup to !10524.

In addition I changed that the tooltip triggers for the whole height, instead for only the bar height, because otherwise it is esp for small bars nearly impossible to get the tooltip to open.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10556
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
---
 .../components/RepoActivityTopAuthors.test.js |  28 ++++
 .../js/components/RepoActivityTopAuthors.vue  | 125 +++++++++++-------
 2 files changed, 103 insertions(+), 50 deletions(-)
 create mode 100644 web_src/js/components/RepoActivityTopAuthors.test.js

diff --git a/web_src/js/components/RepoActivityTopAuthors.test.js b/web_src/js/components/RepoActivityTopAuthors.test.js
new file mode 100644
index 0000000000..410329441a
--- /dev/null
+++ b/web_src/js/components/RepoActivityTopAuthors.test.js
@@ -0,0 +1,28 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+import {flushPromises, mount} from '@vue/test-utils';
+import RepoActivityTopAuthors from './RepoActivityTopAuthors.vue';
+import {expect, test, vi} from 'vitest';
+
+test('calc image size and shift', async () => {
+  vi.spyOn(RepoActivityTopAuthors.methods, 'init').mockResolvedValue({});
+
+  const repoActivityTopAuthors = mount(RepoActivityTopAuthors, {
+    props: {
+      locale: {
+        commitActivity: '',
+      },
+    },
+  });
+  await flushPromises();
+
+  const square = repoActivityTopAuthors.vm.calcImageSizeAndShift({naturalWidth: 50, naturalHeight: 50});
+  expect(square).toEqual([20, 20, 0, 0]);
+
+  const portrait = repoActivityTopAuthors.vm.calcImageSizeAndShift({naturalWidth: 5, naturalHeight: 50});
+  expect(portrait).toEqual([2, 20, 9, 0]);
+
+  const landscape = repoActivityTopAuthors.vm.calcImageSizeAndShift({naturalWidth: 500, naturalHeight: 5});
+  expect(landscape).toEqual([20, 0.2, 0, 9.9]);
+});
diff --git a/web_src/js/components/RepoActivityTopAuthors.vue b/web_src/js/components/RepoActivityTopAuthors.vue
index 22c0b9bdb3..eeaf0c4f73 100644
--- a/web_src/js/components/RepoActivityTopAuthors.vue
+++ b/web_src/js/components/RepoActivityTopAuthors.vue
@@ -42,56 +42,7 @@ export default {
     i18nCommitActivity: this,
   }),
   mounted() {
-    const refStyle = window.getComputedStyle(this.$refs.style);
-    this.colors.barColor = refStyle.backgroundColor;
-
-    for (const item of this.activityTopAuthors) {
-      const img = new Image();
-      img.src = item.avatar_link;
-      item.avatar_img = img;
-    }
-
-    Chart.register({
-      id: 'image_label',
-      afterDraw: (chart) => {
-        const xAxis = chart.boxes[0];
-        const yAxis = chart.boxes[1];
-        for (const [index] of xAxis.ticks.entries()) {
-          const x = xAxis.getPixelForTick(index);
-          const img = this.activityTopAuthors[index].avatar_img;
-
-          chart.ctx.save();
-          chart.ctx.drawImage(img, 0, 0, img.naturalWidth, img.naturalHeight, x - 10, yAxis.bottom + 10, 20, 20);
-          chart.ctx.restore();
-        }
-      },
-      beforeEvent: (chart, args) => {
-        const event = args.event;
-        if (event.type !== 'mousemove' && event.type !== 'click') return;
-
-        const yAxis = chart.boxes[1];
-        if (event.y < yAxis.bottom + 10 || event.y > yAxis.bottom + 30) {
-          chart.canvas.style.cursor = '';
-          return;
-        }
-
-        const xAxis = chart.boxes[0];
-        const pointIdx = xAxis.ticks.findIndex((_, index) => {
-          const x = xAxis.getPixelForTick(index);
-          return event.x >= x - 10 && event.x <= x + 10;
-        });
-
-        if (pointIdx === -1) {
-          chart.canvas.style.cursor = '';
-          return;
-        }
-
-        chart.canvas.style.cursor = 'pointer';
-        if (event.type === 'click' && this.activityTopAuthors[pointIdx].home_link) {
-          window.location.href = this.activityTopAuthors[pointIdx].home_link;
-        }
-      },
-    });
+    this.init();
   },
   methods: {
     graphPoints() {
@@ -137,8 +88,82 @@ export default {
             },
           },
         },
+        plugins: {
+          tooltip: {
+            intersect: false,
+          },
+        },
       };
     },
+    init() {
+      const refStyle = window.getComputedStyle(this.$refs.style);
+      this.colors.barColor = refStyle.backgroundColor;
+
+      for (const item of this.activityTopAuthors) {
+        const img = new Image();
+        img.src = item.avatar_link;
+        item.avatar_img = img;
+      }
+
+      Chart.register({
+        id: 'image_label',
+        afterDraw: (chart) => {
+          const xAxis = chart.boxes[0];
+          const yAxis = chart.boxes[1];
+          for (const [index] of xAxis.ticks.entries()) {
+            const x = xAxis.getPixelForTick(index);
+            const img = this.activityTopAuthors[index].avatar_img;
+
+            chart.ctx.save();
+            const [width, height, dx, dy] = this.calcImageSizeAndShift(img);
+            chart.ctx.drawImage(img, 0, 0, img.naturalWidth, img.naturalHeight, x - 10 + dx, yAxis.bottom + 10 + dy, width, height);
+            chart.ctx.restore();
+          }
+        },
+        beforeEvent: (chart, args) => {
+          const event = args.event;
+          if (event.type !== 'mousemove' && event.type !== 'click') return;
+
+          const yAxis = chart.boxes[1];
+          if (event.y < yAxis.bottom + 10 || event.y > yAxis.bottom + 30) {
+            chart.canvas.style.cursor = '';
+            return;
+          }
+
+          const xAxis = chart.boxes[0];
+          const pointIdx = xAxis.ticks.findIndex((_, index) => {
+            const x = xAxis.getPixelForTick(index);
+            return event.x >= x - 10 && event.x <= x + 10;
+          });
+
+          if (pointIdx === -1) {
+            chart.canvas.style.cursor = '';
+            return;
+          }
+
+          chart.canvas.style.cursor = 'pointer';
+          if (event.type === 'click' && this.activityTopAuthors[pointIdx].home_link) {
+            window.location.href = this.activityTopAuthors[pointIdx].home_link;
+          }
+        },
+      });
+    },
+    calcImageSizeAndShift(img) {
+      const targetSize = 20;
+      const [imgWidth, imgHeight] = [img.naturalWidth, img.naturalHeight];
+
+      // The image should be contained in a square,
+      // so the scale depends on the longer dimension.
+      const scale = targetSize / (Math.max(imgWidth, imgHeight));
+      const calcScale = (size) => size * scale;
+      const [width, height] = [calcScale(imgWidth), calcScale(imgHeight)];
+
+      // The image should be centered in the 20x20 square.
+      const calcShift = (size) => (targetSize - size) / 2;
+      const [dx, dy] = [calcShift(width), calcShift(height)];
+
+      return [width, height, dx, dy];
+    },
   },
 };
 </script>

From 82624a2a8c704f6a573f80a4a4ebbb62cc93a7f7 Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Mon, 29 Dec 2025 20:54:49 +0100
Subject: [PATCH 068/854] fix: process dynamically added content via htmx
 (#10572)

When new content is added via JS and htmx is not used for this change,
htmx need to be informed that DOM changes happened and that it needs to
reprocess the DOM (or at least the changed parts).

When a diff is really large, it is hidden by default. The user can press
a button to load the diff, which then will be added via JS.
The diff contains buttons to expand it, which are using htmx behind the
scenes. Therefore a reprocessing via htmx needs to be triggered after
adding the large diff.

Fixes #10570

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10572
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
---
 tests/e2e/declare_repos_test.go  | 29 ++++++++++++++++++++++
 tests/e2e/file-diff.test.e2e.ts  | 41 ++++++++++++++++++++++++++++++++
 web_src/js/features/repo-diff.js |  2 ++
 3 files changed, 72 insertions(+)
 create mode 100644 tests/e2e/file-diff.test.e2e.ts

diff --git a/tests/e2e/declare_repos_test.go b/tests/e2e/declare_repos_test.go
index 23bc023b70..85e3fcbda8 100644
--- a/tests/e2e/declare_repos_test.go
+++ b/tests/e2e/declare_repos_test.go
@@ -6,6 +6,7 @@ package e2e
 import (
 	"fmt"
 	"os"
+	"strconv"
 	"strings"
 	"testing"
 	"time"
@@ -144,6 +145,34 @@ body:
 			addCommitToBranch(t, user, repo, "test-branch", "test-branch", "test-README.md", commit2Sha,
 				readStringFile(t, "tests/e2e/declarative-repo/long-diff-test/3-README.md"))
 		}),
+		newRepo(t, 2, "huge-diff-test", nil, []FileChanges{{
+			Filename: "glossary.po",
+			Versions: []string{
+				func() string {
+					var sb strings.Builder
+					sb.Write([]byte("0"))
+					for i := 1; i < 2000; i++ {
+						sb.WriteString(strconv.Itoa(i))
+						sb.WriteByte('\n')
+					}
+					return sb.String()
+				}(),
+			},
+		}}, func(user *user_model.User, repo *repo_model.Repository) {
+			addCommitToBranch(t, user, repo, "main", "main-2", "glossary.po", "",
+				func() string {
+					var sb strings.Builder
+					sb.Write([]byte("0"))
+					for i := 1; i < 2000; i++ {
+						sb.WriteString(strconv.Itoa(i))
+						if i%12 == 0 {
+							sb.WriteString("Blub")
+						}
+						sb.WriteByte('\n')
+					}
+					return sb.String()
+				}())
+		}),
 		// add your repo declarations here
 	}
 
diff --git a/tests/e2e/file-diff.test.e2e.ts b/tests/e2e/file-diff.test.e2e.ts
new file mode 100644
index 0000000000..f6c398e009
--- /dev/null
+++ b/tests/e2e/file-diff.test.e2e.ts
@@ -0,0 +1,41 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// @watch start
+// templates/repo/diff/**
+// web_src/css/review.css
+// web_src/js/features/repo-diff.js
+// @watch end
+
+import {expect} from '@playwright/test';
+import {test} from './utils_e2e.ts';
+
+test.use({user: 'user2'});
+
+test('Expand Large diff', async ({page}) => {
+  let response = await page.goto('/user2/huge-diff-test/src/branch/main-2', {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  const commitUrl = await page.locator('.commit-summary a').getAttribute('href');
+
+  response = await page.goto(commitUrl, {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  const loadDiff = page.locator('.diff-load-button');
+  const expandDiff = page.locator('.code-expander-button');
+  const diffLines = page.locator('.file-body tbody > tr');
+
+  await expect(loadDiff).toBeVisible();
+
+  loadDiff.click();
+  await page.waitForLoadState('load');
+
+  await expect(expandDiff).toHaveCount(167);
+  await expect(diffLines).toHaveCount(1495);
+
+  await expandDiff.first().click();
+  await page.waitForLoadState('load');
+
+  await expect(expandDiff).toHaveCount(166);
+  await expect(diffLines).toHaveCount(1502);
+});
diff --git a/web_src/js/features/repo-diff.js b/web_src/js/features/repo-diff.js
index 9b62b9f94f..02481be853 100644
--- a/web_src/js/features/repo-diff.js
+++ b/web_src/js/features/repo-diff.js
@@ -1,4 +1,5 @@
 import $ from 'jquery';
+import htmx from 'htmx.org';
 import {initCompReactionSelector} from './comp/ReactionSelector.js';
 import {initRepoIssueContentHistory} from './repo-issue-content.js';
 import {initDiffFileTree} from './repo-diff-filetree.js';
@@ -151,6 +152,7 @@ function onShowMoreFiles() {
   initViewedCheckboxListenerFor();
   countAndUpdateViewedFiles();
   initImageDiff();
+  htmx.process(document.body);
 }
 
 export async function loadMoreFiles(url) {

From 42114d262701c65c3b012b7b2d6141359fdcfa06 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 30 Dec 2025 02:31:23 +0100
Subject: [PATCH 069/854] fix: build-release workflow stops its own end-to-end
 checks when run concurrently (#10632)

`build-release.yml` attempts to run an end-to-end check with a cascading PR, but it doesn't target the currently building branch.  When two releases build simultaneously (eg. `forgejo/v14.0` and `forgejo`), whichever one starts the end-to-end test first is then "cancelled" by the second one as it pushes an update to the same branch.

This will be a bit of an experimental change due to the difficulty in setting up a test environment.  After merge, I intend to watch a v14 and forgejo build and verify that they are independent, and, that both are actually tested with the correct target build.

This introduces a need to backport any changes to `.forgejo/cascading-release-end-to-end` in the future to maintain cascading functionality in all active releases.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10632
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .forgejo/cascading-release-end-to-end | 3 +++
 .forgejo/workflows/build-release.yml  | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.forgejo/cascading-release-end-to-end b/.forgejo/cascading-release-end-to-end
index 9be0737b0f..f78c3aeedb 100755
--- a/.forgejo/cascading-release-end-to-end
+++ b/.forgejo/cascading-release-end-to-end
@@ -2,6 +2,9 @@
 
 set -ex
 
+# WARNING: Changes to the behaviour of this file should be backported to all active releases, as it is used in
+# `build-release.yml` from release branches.
+
 end_to_end=$1
 end_to_end_pr=$2
 forgejo=$3
diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 4a17e30174..7b38c27c83 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -206,7 +206,7 @@ jobs:
           origin-url: ${{ env.GITHUB_SERVER_URL }}
           origin-repo: ${{ github.repository }}
           origin-token: ${{ secrets.CASCADE_ORIGIN_TOKEN }}
-          origin-ref: refs/heads/forgejo
+          origin-ref: ${{ github.ref }}
           destination-url: https://code.forgejo.org
           destination-fork-repo: ${{ vars.CASCADE_DESTINATION_DOER }}/end-to-end
           destination-repo: forgejo/end-to-end

From d8a5ee81fbb228bc44b3938988c7e43621e4831f Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Tue, 30 Dec 2025 10:00:22 +0100
Subject: [PATCH 070/854] chore(release-notes): teach release-notes-assistant
 that v11.0 is LTS (#10638)

This needs to be updated every time a LTS is published because the release-notes-assistant has no notion of what a LTS is.

## Tests

- After it is merged
- Trigger https://codeberg.org/forgejo/forgejo/actions?workflow=release-notes-assistant-milestones.yml
- See that v11.0.9 milestone contains only the relevant pull requests https://codeberg.org/forgejo/forgejo/milestone/35400

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10638
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
---
 .release-notes-assistant.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.release-notes-assistant.yaml b/.release-notes-assistant.yaml
index f8264c0897..fe65dc3241 100644
--- a/.release-notes-assistant.yaml
+++ b/.release-notes-assistant.yaml
@@ -7,7 +7,7 @@ branch-from-version: 'v%[1]d.%[2]d/forgejo'
 tag-from-version: 'v%[1]d.%[2]d.%[3]d'
 supported-release-count: 3
 branch-known:
-  - 'v7.0/forgejo'
+  - 'v11.0/forgejo'
 cleanup-line: 'sed -Ee "s/^(feat|fix):\s*//g" -e "s/^\[WIP\] //" -e "s/^WIP: //" -e "s;\[(UI|BUG|FEAT|v.*?/forgejo)\]\s*;;g"'
 render-header: |
 

From 9b2f7c557bb917bb6bc7c1e2f2ea1487fd1b92a6 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 30 Dec 2025 17:33:21 +0100
Subject: [PATCH 071/854] feat: support jobs.<job_id>.secrets with reusable
 workflow expansion (#10627)

Follow-up to #10525; adds support for `jobs.<job_id>.secrets` to expanded reusable workflows (when no `runs-on` is specified in a job that `uses: ...` another workflow).

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
- **end-to-end testing**: [prepared, PR n](https://code.forgejo.org/forgejo/end-to-end/pulls/1351)

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - [ ] Doc to be created
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10627
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/run.go                         |  24 +++
 models/actions/run_test.go                    |  55 +++++
 models/secret/secret.go                       |  23 +--
 models/secret/secret_test.go                  |  15 +-
 .../TestGetSecretsOfJob/action_run.yml        |  94 +++++++++
 .../TestGetSecretsOfJob/action_run_job.yml    | 192 ++++++++++++++++++
 .../action_task_output.yml                    |   6 +
 .../TestGetSecretsOfJob/action_variable.yml   |  22 ++
 services/actions/secret.go                    | 145 +++++++++++++
 services/actions/secret_test.go               | 108 ++++++++++
 services/actions/task.go                      |   3 +-
 11 files changed, 654 insertions(+), 33 deletions(-)
 create mode 100644 services/actions/TestGetSecretsOfJob/action_run.yml
 create mode 100644 services/actions/TestGetSecretsOfJob/action_run_job.yml
 create mode 100644 services/actions/TestGetSecretsOfJob/action_task_output.yml
 create mode 100644 services/actions/TestGetSecretsOfJob/action_variable.yml
 create mode 100644 services/actions/secret.go
 create mode 100644 services/actions/secret_test.go

diff --git a/models/actions/run.go b/models/actions/run.go
index 8194c07940..1551032f07 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -208,6 +208,30 @@ func (run *ActionRun) SetDefaultConcurrencyGroup() {
 	))
 }
 
+func (run *ActionRun) FindOuterWorkflowCall(ctx context.Context, innerCall *ActionRunJob) (*ActionRunJob, error) {
+	allJobs, err := GetRunJobsByRunID(ctx, run.ID)
+	if err != nil {
+		return nil, fmt.Errorf("failure to get run jobs: %w", err)
+	}
+	if innerCall.workflowPayloadDecoded == nil || innerCall.workflowPayloadDecoded.Metadata.WorkflowCallParent == "" {
+		return nil, errors.New("invalid state for FindOuterWorkflowCall")
+	}
+	parent := innerCall.workflowPayloadDecoded.Metadata.WorkflowCallParent
+	for _, job := range allJobs {
+		if job.ID == innerCall.ID {
+			continue
+		}
+		swf, err := job.DecodeWorkflowPayload()
+		if err != nil {
+			return nil, err
+		}
+		if swf.Metadata.WorkflowCallID == parent {
+			return job, nil
+		}
+	}
+	return nil, fmt.Errorf("no workflow call with ID %s found in run %d", parent, run.ID)
+}
+
 func actionsCountOpenCacheKey(repoID int64) string {
 	return fmt.Sprintf("Actions:CountOpenActionRuns:%d", repoID)
 }
diff --git a/models/actions/run_test.go b/models/actions/run_test.go
index 3a169dd56a..a0fdfddbd6 100644
--- a/models/actions/run_test.go
+++ b/models/actions/run_test.go
@@ -272,3 +272,58 @@ jobs:
 	// Expect job with an incomplete runs-on to be StatusBlocked:
 	assert.Equal(t, StatusBlocked, job.Status)
 }
+
+func TestActionRun_FindOuterWorkflowCall(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	pullRequestPosterID := int64(4)
+	repoID := int64(10)
+	pullRequestID := int64(2)
+	run := &ActionRun{
+		RepoID:              repoID,
+		PullRequestID:       pullRequestID,
+		PullRequestPosterID: pullRequestPosterID,
+	}
+
+	workflowRaw := []byte(`
+jobs:
+  outer-job:
+    uses: ./.forgejo/workflows/reusable.yml
+`)
+	workflows, err := jobparser.Parse(workflowRaw, false,
+		jobparser.WithJobOutputs(map[string]map[string]string{}),
+		jobparser.ExpandLocalReusableWorkflows(func(job *jobparser.Job, path string) ([]byte, error) {
+			return []byte(`
+on:
+  workflow_call:
+jobs:
+  inner-job-1:
+    runs-on: debian
+    steps: []
+  inner-job-2:
+    runs-on: debian
+    steps: []
+`), nil
+		}))
+	require.NoError(t, err)
+	require.NoError(t, InsertRun(t.Context(), run, workflows))
+
+	jobs, err := db.Find[ActionRunJob](t.Context(), FindRunJobOptions{RunID: run.ID})
+	require.NoError(t, err)
+	require.Len(t, jobs, 3)
+
+	for _, j := range jobs {
+		t.Run(j.Name, func(t *testing.T) {
+			_, err := j.DecodeWorkflowPayload()
+			require.NoError(t, err)
+			outer, err := run.FindOuterWorkflowCall(t.Context(), j)
+			if j.Name == "outer-job" {
+				require.ErrorContains(t, err, "invalid state for FindOuterWorkflowCall")
+			} else {
+				require.NoError(t, err)
+				require.NotNil(t, outer)
+				assert.Equal(t, "outer-job", outer.Name)
+			}
+		})
+	}
+}
diff --git a/models/secret/secret.go b/models/secret/secret.go
index 0a5db17690..b19199c177 100644
--- a/models/secret/secret.go
+++ b/models/secret/secret.go
@@ -8,9 +8,7 @@ import (
 	"fmt"
 	"strings"
 
-	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
-	actions_module "forgejo.org/modules/actions"
 	"forgejo.org/modules/keying"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/timeutil"
@@ -120,28 +118,17 @@ func (s *Secret) SetSecret(data string) {
 	s.Data = keying.ActionSecret.Encrypt([]byte(data), keying.ColumnAndID("data", s.ID))
 }
 
-func GetSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) (map[string]string, error) {
+func FetchActionSecrets(ctx context.Context, ownerID, repoID int64) (map[string]string, error) {
 	secrets := map[string]string{}
 
-	secrets["GITHUB_TOKEN"] = task.Token
-	secrets["GITEA_TOKEN"] = task.Token
-	secrets["FORGEJO_TOKEN"] = task.Token
-
-	if task.Job.Run.IsForkPullRequest && task.Job.Run.TriggerEvent != actions_module.GithubEventPullRequestTarget {
-		// ignore secrets for fork pull request, except GITHUB_TOKEN, GITEA_TOKEN and FORGEJO_TOKEN which are automatically generated.
-		// for the tasks triggered by pull_request_target event, they could access the secrets because they will run in the context of the base branch
-		// see the documentation: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
-		return secrets, nil
-	}
-
-	ownerSecrets, err := db.Find[Secret](ctx, FindSecretsOptions{OwnerID: task.Job.Run.Repo.OwnerID})
+	ownerSecrets, err := db.Find[Secret](ctx, FindSecretsOptions{OwnerID: ownerID})
 	if err != nil {
-		log.Error("find secrets of owner %v: %v", task.Job.Run.Repo.OwnerID, err)
+		log.Error("find secrets of owner %v: %v", ownerID, err)
 		return nil, err
 	}
-	repoSecrets, err := db.Find[Secret](ctx, FindSecretsOptions{RepoID: task.Job.Run.RepoID})
+	repoSecrets, err := db.Find[Secret](ctx, FindSecretsOptions{RepoID: repoID})
 	if err != nil {
-		log.Error("find secrets of repo %v: %v", task.Job.Run.RepoID, err)
+		log.Error("find secrets of repo %v: %v", repoID, err)
 		return nil, err
 	}
 
diff --git a/models/secret/secret_test.go b/models/secret/secret_test.go
index 76b673f2fe..50120ecfa3 100644
--- a/models/secret/secret_test.go
+++ b/models/secret/secret_test.go
@@ -6,8 +6,6 @@ package secret
 import (
 	"testing"
 
-	"forgejo.org/models/actions"
-	"forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/keying"
 	"forgejo.org/modules/util"
@@ -85,17 +83,8 @@ func TestInsertEncryptedSecret(t *testing.T) {
 		})
 	})
 
-	t.Run("Get secrets", func(t *testing.T) {
-		secrets, err := GetSecretsOfTask(t.Context(), &actions.ActionTask{
-			Job: &actions.ActionRunJob{
-				Run: &actions.ActionRun{
-					RepoID: 1,
-					Repo: &repo.Repository{
-						OwnerID: 2,
-					},
-				},
-			},
-		})
+	t.Run("FetchActionSecrets", func(t *testing.T) {
+		secrets, err := FetchActionSecrets(t.Context(), 2, 1)
 		require.NoError(t, err)
 		assert.Equal(t, "some owner secret", secrets["OWNER_SECRET"])
 		assert.Equal(t, "some repository secret", secrets["REPO_SECRET"])
diff --git a/services/actions/TestGetSecretsOfJob/action_run.yml b/services/actions/TestGetSecretsOfJob/action_run.yml
new file mode 100644
index 0000000000..0bf311292f
--- /dev/null
+++ b/services/actions/TestGetSecretsOfJob/action_run.yml
@@ -0,0 +1,94 @@
+# Supporting data for Case 600
+-
+  id: 900
+  title: "running"
+  owner_id: 2
+  repo_id: 63
+  workflow_id: "running.yaml"
+  index: 4
+  trigger_event: "push"
+  is_fork_pull_request: false
+
+# Supporting data for Case 601
+-
+  id: 901
+  title: "running"
+  owner_id: 2
+  repo_id: 63
+  workflow_id: "running.yaml"
+  index: 5
+  trigger_event: "pull_request_target"
+  is_fork_pull_request: false
+
+# Supporting data for Case 602
+-
+  id: 902
+  title: "running"
+  owner_id: 2
+  repo_id: 63
+  workflow_id: "running.yaml"
+  index: 6
+  trigger_event: "pull_request_target"
+  is_fork_pull_request: true
+
+# Supporting data for Case 603
+-
+  id: 903
+  title: "running"
+  owner_id: 2
+  repo_id: 63
+  workflow_id: "running.yaml"
+  index: 7
+  trigger_event: "pull_request"
+  is_fork_pull_request: false
+
+# Supporting data for Case 604
+-
+  id: 904
+  title: "running"
+  owner_id: 2
+  repo_id: 63
+  workflow_id: "running.yaml"
+  index: 8
+  trigger_event: "pull_request"
+  is_fork_pull_request: true
+
+# Supporting data for Case 605
+-
+  id: 905
+  title: "running"
+  owner_id: 2
+  repo_id: 63
+  workflow_id: "running.yaml"
+  index: 9
+  trigger_event: "pull_request"
+  is_fork_pull_request: false
+
+# Supporting data for Case 607
+-
+  id: 906
+  title: "running"
+  owner_id: 2
+  repo_id: 63
+  workflow_id: "running.yaml"
+  index: 10
+  trigger_event: "pull_request"
+  is_fork_pull_request: false
+
+# Supporting data for Case 610
+-
+  id: 907
+  title: "running"
+  owner_id: 2
+  repo_id: 63
+  ref: "refs/heads/main"
+  workflow_id: "running.yaml"
+  index: 11
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: false
+  event_payload: |
+    {
+      "inputs": {
+        "some_wd_input": "some_wd_input_value"
+      }
+    }
diff --git a/services/actions/TestGetSecretsOfJob/action_run_job.yml b/services/actions/TestGetSecretsOfJob/action_run_job.yml
new file mode 100644
index 0000000000..a1bad9fe98
--- /dev/null
+++ b/services/actions/TestGetSecretsOfJob/action_run_job.yml
@@ -0,0 +1,192 @@
+# Case 600 -- on:push workflow with some secrets
+-
+  id: 600
+  run_id: 900
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      produce-artifacts:
+        name: produce-artifacts
+        runs-on: docker
+        steps:
+          - run: echo "OK!"
+
+# Case 601 -- on: pull_request_target workflow, local PR (not fork)
+-
+  id: 601
+  run_id: 901
+  workflow_payload: |
+    "on":
+      pull_request_target:
+    jobs:
+      produce-artifacts:
+        name: produce-artifacts
+        runs-on: docker
+        steps:
+          - run: echo "OK!"
+
+# Case 602 -- on: pull_request_target workflow, fork PR
+-
+  id: 602
+  run_id: 902
+  workflow_payload: |
+    "on":
+      pull_request_target:
+    jobs:
+      produce-artifacts:
+        name: produce-artifacts
+        runs-on: docker
+        steps:
+          - run: echo "OK!"
+
+# Case 603 -- on: pull_request workflow, local PR (not fork)
+-
+  id: 603
+  run_id: 903
+  workflow_payload: |
+    "on":
+      pull_request:
+    jobs:
+      produce-artifacts:
+        name: produce-artifacts
+        runs-on: docker
+        steps:
+          - run: echo "OK!"
+
+# Case 604 -- on: pull_request workflow, fork PR
+-
+  id: 604
+  run_id: 904
+  workflow_payload: |
+    "on":
+      pull_request:
+    jobs:
+      produce-artifacts:
+        name: produce-artifacts
+        runs-on: docker
+        steps:
+          - run: echo "OK!"
+
+# Case 605 -- workflow call inner job, inherit secrets, 606 is the outer job
+-
+  id: 605
+  run_id: 905
+  workflow_payload: |
+    "on":
+      pull_request_target:
+    jobs:
+      produce-artifacts:
+        name: produce-artifacts
+        runs-on: docker
+        steps:
+          - run: echo "OK!"
+    __metadata:
+      workflow_call_parent: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+-
+  id: 606
+  run_id: 905
+  workflow_payload: |
+    "on":
+      pull_request_target:
+    jobs:
+      invoke-reusable:
+        uses: ./.forgejo/workflows/produce.yml
+        secrets: inherit
+    __metadata:
+      workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+
+# Case 607 -- workflow call two layer inner job, inherit secrets, 607->608->609
+-
+  id: 607
+  run_id: 906
+  workflow_payload: |
+    "on":
+      workflow_call:
+    jobs:
+      produce-artifacts:
+        name: produce-artifacts
+        runs-on: docker
+        steps:
+          - run: echo "OK!"
+    __metadata:
+      workflow_call_parent: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+-
+  id: 608
+  run_id: 906
+  workflow_payload: |
+    "on":
+      workflow_call:
+    jobs:
+      invoke-reusable:
+        uses: ./.forgejo/workflows/produce-specific.yml
+        secrets: inherit
+    __metadata:
+      workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+      workflow_call_parent: 1976193ec4c48a92ba58816b34116272f5b3a612b91494956e5b53ee70b8714f
+-
+  id: 609
+  run_id: 906
+  workflow_payload: |
+    "on":
+      pull_request:
+    jobs:
+      invoke-reusable:
+        uses: ./.forgejo/workflows/produce.yml
+        secrets:
+          secret_1: ${{ secrets.secret_1 }} -- but are you sure?
+    __metadata:
+      workflow_call_id: 1976193ec4c48a92ba58816b34116272f5b3a612b91494956e5b53ee70b8714f
+
+# Case 610 -- workflow call specifically defined secrets, 611 is the outer job, 612 is another job in the same workflow
+-
+  id: 610
+  run_id: 907
+  workflow_payload: |
+    "on":
+      workflow_call:
+    jobs:
+      produce-artifacts:
+        name: produce-artifacts
+        runs-on: docker
+        steps:
+          - run: echo "OK!"
+    __metadata:
+      workflow_call_parent: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+-
+  id: 611
+  run_id: 907
+  needs: '["provide-outputs"]'
+  workflow_payload: |
+    "on":
+      workflow_dispatch:
+    jobs:
+      invoke-reusable:
+        uses: ./.forgejo/workflows/produce-specific.yml
+        secrets:
+          forgejo: context forgejo = ${{ forgejo.ref }}
+          inputs: context inputs = ${{ inputs.some_wd_input }}
+          matrix: context matrix = ${{ matrix.some-dimension }}
+          needs: context needs = ${{ needs.provide-outputs.outputs.some-output }}
+          secrets: context secrets = ${{ secrets.secret_1 }}
+          strategy: context strategy = ${{ strategy.fail-fast }}
+          vars: context vars = ${{ vars.repo_var }}
+        strategy:
+          fail-fast: false
+          matrix:
+            some-dimension:
+              - some-dimension-value
+    __metadata:
+      workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+-
+  id: 612
+  run_id: 907
+  job_id: provide-outputs
+  status: 1 # success
+  workflow_payload: |
+    "on":
+      workflow_dispatch:
+    jobs:
+      provide-outputs:
+        steps: []
+  task_id: 100
diff --git a/services/actions/TestGetSecretsOfJob/action_task_output.yml b/services/actions/TestGetSecretsOfJob/action_task_output.yml
new file mode 100644
index 0000000000..6f33d22d29
--- /dev/null
+++ b/services/actions/TestGetSecretsOfJob/action_task_output.yml
@@ -0,0 +1,6 @@
+# Supporting data for Case 610
+-
+  id: 100
+  task_id: 100
+  output_key: some-output
+  output_value: 'abcdefghijklmnopqrstuvwxyz'
diff --git a/services/actions/TestGetSecretsOfJob/action_variable.yml b/services/actions/TestGetSecretsOfJob/action_variable.yml
new file mode 100644
index 0000000000..859f90ae34
--- /dev/null
+++ b/services/actions/TestGetSecretsOfJob/action_variable.yml
@@ -0,0 +1,22 @@
+# Case w/ action_run_job.id = 601
+-
+  id: 1001
+  name: REPO_VAR
+  owner_id: 0
+  repo_id: 63
+  data: "this is a repo variable"
+  created_unix: 1737000000
+-
+  id: 1002
+  name: ORG_VAR
+  owner_id: 2
+  repo_id: 0
+  data: "this is an org variable"
+  created_unix: 1737000000
+-
+  id: 1003
+  name: GLOBAL_VAR
+  owner_id: 0
+  repo_id: 0
+  data: "this is a global variable"
+  created_unix: 1737000000
diff --git a/services/actions/secret.go b/services/actions/secret.go
new file mode 100644
index 0000000000..b62547ce70
--- /dev/null
+++ b/services/actions/secret.go
@@ -0,0 +1,145 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	actions_model "forgejo.org/models/actions"
+	secret_model "forgejo.org/models/secret"
+	actions_module "forgejo.org/modules/actions"
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/structs"
+
+	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
+)
+
+func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) (map[string]string, error) {
+	secrets, err := getSecretsOfJob(ctx, task.Job)
+	secrets["GITHUB_TOKEN"] = task.Token
+	secrets["GITEA_TOKEN"] = task.Token
+	secrets["FORGEJO_TOKEN"] = task.Token
+	return secrets, err
+}
+
+func getSecretsOfJob(ctx context.Context, job *actions_model.ActionRunJob) (map[string]string, error) {
+	isInnerWorkflowCall, err := job.IsWorkflowCallInnerJob()
+	if err != nil {
+		return nil, err
+	}
+
+	err = job.LoadRun(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failure to load job run: %w", err)
+	}
+
+	if isInnerWorkflowCall {
+		return getSecretsOfInnerWorkflowCall(ctx, job)
+	}
+
+	if job.Run.IsForkPullRequest && job.Run.TriggerEvent != actions_module.GithubEventPullRequestTarget {
+		// ignore secrets for fork pull request, except GITHUB_TOKEN, GITEA_TOKEN and FORGEJO_TOKEN which are automatically generated.
+		// for the tasks triggered by pull_request_target event, they could access the secrets because they will run in the context of the base branch
+		// see the documentation: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
+		return map[string]string{}, nil
+	}
+
+	err = job.Run.LoadRepo(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	jobSecrets, err := secret_model.FetchActionSecrets(ctx, job.Run.Repo.OwnerID, job.Run.RepoID)
+	if err != nil {
+		// Don't return error details, just in case they contain confidential details and error reaches a user;
+		// FetchActionSecrets logs all errors to the server log.
+		return nil, errors.New("failure to fetch secrets")
+	}
+	return jobSecrets, nil
+}
+
+func getSecretsOfInnerWorkflowCall(ctx context.Context, job *actions_model.ActionRunJob) (map[string]string, error) {
+	// Workflow calls can have two different behaviours -- they can either have `secrets: inherit` in which case we get
+	// the secrets of the caller and pass them in, or, they can have `secrets: { ... }` with key-values that need to be
+	// evaluated in the context of the parent (that is, `${{ secret.example_secret }}` would reference `example_secret`
+	// from the caller's secrets).
+	//
+	// In either case, we need the caller job's secrets, and we need the caller job's workflow definition to find out
+	// how they wanted secrets defined for this workflow call.
+	outerWorkflowCall, err := job.Run.FindOuterWorkflowCall(ctx, job)
+	if err != nil {
+		return nil, fmt.Errorf("failure to find outer workflow call: %w", err)
+	}
+	outerSecrets, err := getSecretsOfJob(ctx, outerWorkflowCall)
+	if err != nil {
+		return nil, err
+	}
+
+	outerWorkflowPayload, err := outerWorkflowCall.DecodeWorkflowPayload()
+	if err != nil {
+		return nil, err
+	}
+	_, outerJob := outerWorkflowPayload.Job()
+	if outerJob.InheritSecrets() {
+		return outerSecrets, nil
+	}
+
+	// Gather all the data that is needed to perform an expression evaluation of the parent job's secrets context:
+	err = outerWorkflowCall.LoadRun(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failure to load job's run: %w", err)
+	}
+	err = outerWorkflowCall.Run.LoadRepo(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failure to load run's repo: %w", err)
+	}
+	githubContext := generateGiteaContextForRun(outerWorkflowCall.Run)
+	taskNeeds, err := FindTaskNeeds(ctx, outerWorkflowCall)
+	if err != nil {
+		return nil, fmt.Errorf("failure evaluating 'needs' for job: %w", err)
+	}
+	needs := make([]string, 0, len(taskNeeds))
+	jobResults := make(map[string]string, len(taskNeeds))
+	jobOutputs := make(map[string]map[string]string, len(taskNeeds))
+	for jobID, n := range taskNeeds {
+		needs = append(needs, jobID)
+		jobResults[jobID] = n.Result.String()
+		jobOutputs[jobID] = n.Outputs
+	}
+	vars, err := actions_model.GetVariablesOfRun(ctx, job.Run)
+	if err != nil {
+		return nil, fmt.Errorf("failure evaluating 'vars' for run: %w", err)
+	}
+
+	var inputs map[string]any
+	if outerWorkflowCall.Run.TriggerEvent == actions_module.GithubEventWorkflowDispatch {
+		// workflow_dispatch inputs are stored in the event payload
+		var dispatchPayload *structs.WorkflowDispatchPayload
+		err := json.Unmarshal([]byte(outerWorkflowCall.Run.EventPayload), &dispatchPayload)
+		if err != nil {
+			return nil, fmt.Errorf("failure reading workflow dispatch payload: %w", err)
+		}
+		// transition from map[string]string to map[string]any...
+		inputs = make(map[string]any, len(dispatchPayload.Inputs))
+		for k, v := range dispatchPayload.Inputs {
+			inputs[k] = v
+		}
+	}
+
+	jobSecrets := jobparser.EvaluateWorkflowCallSecrets(&jobparser.EvaluateWorkflowCallSecretsArgs{
+		CallerWorkflow: outerWorkflowPayload,
+		CallerSecrets:  outerSecrets,
+
+		GitCtx:     githubContext,
+		Vars:       vars,
+		Needs:      needs,
+		JobResults: jobResults,
+		JobOutputs: jobOutputs,
+		JobInputs:  inputs,
+	})
+
+	return jobSecrets, nil
+}
diff --git a/services/actions/secret_test.go b/services/actions/secret_test.go
new file mode 100644
index 0000000000..107cde1a4d
--- /dev/null
+++ b/services/actions/secret_test.go
@@ -0,0 +1,108 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	secret_model "forgejo.org/models/secret"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGetSecretsOfJob(t *testing.T) {
+	tests := []struct {
+		name     string
+		runJobID int64
+		secrets  map[string]string
+	}{
+		{
+			name:     "push run",
+			runJobID: 600,
+			secrets: map[string]string{
+				"SECRET_1": "the sky is blue",
+				"SECRET_2": "the ocean is also blue",
+			},
+		},
+		{
+			name:     "on: pull_request_target workflow, local PR (not fork)",
+			runJobID: 601,
+			secrets: map[string]string{
+				"SECRET_1": "the sky is blue",
+				"SECRET_2": "the ocean is also blue",
+			},
+		},
+		{
+			name:     "on: pull_request_target workflow, fork PR",
+			runJobID: 602,
+			secrets: map[string]string{
+				"SECRET_1": "the sky is blue",
+				"SECRET_2": "the ocean is also blue",
+			},
+		},
+		{
+			name:     "on: pull_request workflow, local PR (not fork)",
+			runJobID: 603,
+			secrets: map[string]string{
+				"SECRET_1": "the sky is blue",
+				"SECRET_2": "the ocean is also blue",
+			},
+		},
+		{
+			name:     "on: pull_request workflow, fork PR",
+			runJobID: 604,
+			secrets:  map[string]string{},
+		},
+		{
+			name:     "workflow call inner job, inherit secrets",
+			runJobID: 605,
+			secrets: map[string]string{
+				"SECRET_1": "the sky is blue",
+				"SECRET_2": "the ocean is also blue",
+			},
+		},
+		{
+			name:     "workflow call two layer inner job, inherit secrets",
+			runJobID: 607,
+			secrets: map[string]string{
+				// Even though we're 'inherit' in this case, we're inheriting from the parent call which is a subset
+				// (and modification) of the secrets -- so shouldn't see SECRET_2.
+				"SECRET_1": "the sky is blue -- but are you sure?",
+			},
+		},
+		{
+			name:     "workflow call inner job, defined secrets",
+			runJobID: 610,
+			secrets: map[string]string{
+				"FORGEJO":  "context forgejo = refs/heads/main",
+				"INPUTS":   "context inputs = some_wd_input_value",
+				"MATRIX":   "context matrix = some-dimension-value",
+				"NEEDS":    "context needs = abcdefghijklmnopqrstuvwxyz",
+				"SECRETS":  "context secrets = the sky is blue",
+				"STRATEGY": "context strategy = false",
+				"VARS":     "context vars = this is a repo variable",
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			defer unittest.OverrideFixtures("services/actions/TestGetSecretsOfJob")()
+			require.NoError(t, unittest.PrepareTestDatabase())
+
+			// Due to encryption, more maintainable to do this rather than create secrets in fixture data
+			_, err := secret_model.InsertEncryptedSecret(t.Context(), 2, 0, "secret_1", "the sky is blue")
+			require.NoError(t, err)
+			_, err = secret_model.InsertEncryptedSecret(t.Context(), 0, 63, "secret_2", "the ocean is also blue")
+			require.NoError(t, err)
+
+			runJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: tt.runJobID})
+			actualSecrets, err := getSecretsOfJob(t.Context(), runJob)
+			require.NoError(t, err)
+			assert.Equal(t, tt.secrets, actualSecrets)
+		})
+	}
+}
diff --git a/services/actions/task.go b/services/actions/task.go
index 277c2f6ca0..1de054346a 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -10,7 +10,6 @@ import (
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
-	secret_model "forgejo.org/models/secret"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 
@@ -39,7 +38,7 @@ func PickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv
 		}
 		job = t.Job
 
-		secrets, err := secret_model.GetSecretsOfTask(ctx, t)
+		secrets, err := getSecretsOfTask(ctx, t)
 		if err != nil {
 			return fmt.Errorf("GetSecretsOfTask: %w", err)
 		}

From 51ac1bf45ffbb4e49625ba511ddec938fdec6713 Mon Sep 17 00:00:00 2001
From: Valentine Briese <valentinegb@icloud.com>
Date: Tue, 30 Dec 2025 18:01:17 +0100
Subject: [PATCH 072/854] feat: improve Discord webhook message formatting
 (#10626)

This pull request escapes the dash before the author when a Discord webhook is triggered by a push event and formats the commit hash as code.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

No tests were added, but the existing test for Discord webhooks passed.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10626
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Valentine Briese <valentinegb@icloud.com>
Co-committed-by: Valentine Briese <valentinegb@icloud.com>
---
 services/webhook/discord.go      | 2 +-
 services/webhook/discord_test.go | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/services/webhook/discord.go b/services/webhook/discord.go
index 52aaafd5a0..cdab4d6733 100644
--- a/services/webhook/discord.go
+++ b/services/webhook/discord.go
@@ -223,7 +223,7 @@ func (d discordConvertor) Push(p *api.PushPayload) (DiscordPayload, error) {
 		if utf8.RuneCountInString(message) > 50 {
 			message = fmt.Sprintf("%.47s...", message)
 		}
-		text += fmt.Sprintf("[%s](%s) %s - %s", commit.ID[:7], commit.URL, message, commit.Author.Name)
+		text += fmt.Sprintf("[`%s`](%s) %s \\- %s", commit.ID[:7], commit.URL, message, commit.Author.Name)
 		// add linebreak to each commit but the last
 		if i < len(p.Commits)-1 {
 			text += "\n"
diff --git a/services/webhook/discord_test.go b/services/webhook/discord_test.go
index b04be30bc6..e94486def8 100644
--- a/services/webhook/discord_test.go
+++ b/services/webhook/discord_test.go
@@ -72,7 +72,7 @@ func TestDiscordPayload(t *testing.T) {
 
 		assert.Len(t, pl.Embeds, 1)
 		assert.Equal(t, "[test/repo:test] 2 new commits", pl.Embeds[0].Title)
-		assert.Equal(t, "[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) commit message - user1\n[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) commit message - user1", pl.Embeds[0].Description)
+		assert.Equal(t, "[`2020558`](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) commit message \\- user1\n[`2020558`](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) commit message \\- user1", pl.Embeds[0].Description)
 		assert.Equal(t, "http://localhost:3000/test/repo/src/test", pl.Embeds[0].URL)
 		assert.Equal(t, p.Sender.UserName, pl.Embeds[0].Author.Name)
 		assert.Equal(t, setting.AppURL+p.Sender.UserName, pl.Embeds[0].Author.URL)
@@ -87,7 +87,7 @@ func TestDiscordPayload(t *testing.T) {
 
 		assert.Len(t, pl.Embeds, 1)
 		assert.Equal(t, "[test/repo:test] 2 new commits", pl.Embeds[0].Title)
-		assert.Equal(t, "[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) This is a commit summary ⚠️⚠️⚠️⚠️ containing 你好... - user1\n[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) This is a commit summary ⚠️⚠️⚠️⚠️ containing 你好... - user1", pl.Embeds[0].Description)
+		assert.Equal(t, "[`2020558`](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) This is a commit summary ⚠️⚠️⚠️⚠️ containing 你好... \\- user1\n[`2020558`](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) This is a commit summary ⚠️⚠️⚠️⚠️ containing 你好... \\- user1", pl.Embeds[0].Description)
 		assert.Equal(t, p.Sender.UserName, pl.Embeds[0].Author.Name)
 		assert.Equal(t, setting.AppURL+p.Sender.UserName, pl.Embeds[0].Author.URL)
 		assert.Equal(t, p.Sender.AvatarURL, pl.Embeds[0].Author.IconURL)
@@ -101,7 +101,7 @@ func TestDiscordPayload(t *testing.T) {
 
 		assert.Len(t, pl.Embeds, 1)
 		assert.Equal(t, "[test/repo:test] 2 new commits", pl.Embeds[0].Title)
-		assert.Equal(t, "[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) \\# conflicts\n\\# \\- some/conflicting/file.txt - user1\n[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) \\# conflicts\n\\# \\- some/conflicting/file.txt - user1", pl.Embeds[0].Description)
+		assert.Equal(t, "[`2020558`](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) \\# conflicts\n\\# \\- some/conflicting/file.txt \\- user1\n[`2020558`](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) \\# conflicts\n\\# \\- some/conflicting/file.txt \\- user1", pl.Embeds[0].Description)
 		assert.Equal(t, p.Sender.UserName, pl.Embeds[0].Author.Name)
 		assert.Equal(t, setting.AppURL+p.Sender.UserName, pl.Embeds[0].Author.URL)
 		assert.Equal(t, p.Sender.AvatarURL, pl.Embeds[0].Author.IconURL)
@@ -357,7 +357,7 @@ func TestDiscordJSONPayload(t *testing.T) {
 	var body DiscordPayload
 	err = json.NewDecoder(req.Body).Decode(&body)
 	require.NoError(t, err)
-	assert.Equal(t, "[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) commit message - user1\n[2020558](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) commit message - user1", body.Embeds[0].Description)
+	assert.Equal(t, "[`2020558`](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) commit message \\- user1\n[`2020558`](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) commit message \\- user1", body.Embeds[0].Description)
 }
 
 var escapedMarkdownTests = map[string]struct {

From 69f9d50745e75b025f714ec22f369cd6f78b4763 Mon Sep 17 00:00:00 2001
From: John Moon <john.moon@vts-i.com>
Date: Tue, 30 Dec 2025 22:39:34 +0100
Subject: [PATCH 073/854] feat: add Forgejo server version to runner context
 (#10642)

Currently, there's no way for actions runners to know what version of
Forgejo is running on the server side. This makes it
difficult/impossible to know which features are available and can make
maintaining compatibility tricky.

Let's add the Forgejo server version to the context.

See associated PR in the runner repo: https://code.forgejo.org/forgejo/runner/pulls/1249

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10642
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: John Moon <john.moon@vts-i.com>
Co-committed-by: John Moon <john.moon@vts-i.com>
---
 services/actions/context.go           | 1 +
 tests/integration/actions_job_test.go | 1 +
 2 files changed, 2 insertions(+)

diff --git a/services/actions/context.go b/services/actions/context.go
index d982b231ff..0313b11031 100644
--- a/services/actions/context.go
+++ b/services/actions/context.go
@@ -112,6 +112,7 @@ func GenerateGiteaContext(run *actions_model.ActionRun, job *actions_model.Actio
 
 	// additional contexts
 	gitContext["gitea_default_actions_url"] = setting.Actions.DefaultActionsURL.URL()
+	gitContext["forgejo_server_version"] = setting.AppVer
 
 	if job != nil {
 		gitContext["job"] = job.JobID
diff --git a/tests/integration/actions_job_test.go b/tests/integration/actions_job_test.go
index baa1420bdd..e91f0e92bd 100644
--- a/tests/integration/actions_job_test.go
+++ b/tests/integration/actions_job_test.go
@@ -443,6 +443,7 @@ jobs:
 		assert.Equal(t, actionRun.WorkflowID, gtCtx["workflow"].GetStringValue())
 		assert.Equal(t, "user2/actions-gitea-context/.gitea/workflows/pull.yml@refs/pull/1/head", gtCtx["workflow_ref"].GetStringValue())
 		assert.Equal(t, setting.Actions.DefaultActionsURL.URL(), gtCtx["gitea_default_actions_url"].GetStringValue())
+		assert.Equal(t, setting.AppVer, gtCtx["forgejo_server_version"].GetStringValue())
 		token := gtCtx["token"].GetStringValue()
 		assert.Equal(t, actionTask.TokenLastEight, token[len(token)-8:])
 

From 0a6a5cb73eb1000af25d2de9bc394ae2bc960377 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Wed, 31 Dec 2025 03:13:05 +0100
Subject: [PATCH 074/854] chore: remove obsolete code from button-legacy.css
 (#10581)

Fixes #10580

Remove obsolete styles so that people do not trip over them.

I went through the codebase with `rg` and made sure that the only elements which had potential to use such mix of classes were doing so accidentally, and removed all the unused code.

### A small fix for Forgejo themes

Ref https://codeberg.org/forgejo/forgejo/pulls/10581#issuecomment-9245399. The missing variable was used in one place outside of devtest.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10581
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 templates/devtest/gitea-ui.tmpl               |  2 -
 templates/repo/issue/filters.tmpl             |  2 +-
 .../notification_subscriptions.tmpl           |  2 +-
 web_src/css/modules/button-legacy.css         | 41 -------------------
 web_src/css/repo.css                          |  4 +-
 web_src/css/themes/theme-gitea-dark.css       |  1 -
 web_src/css/themes/theme-gitea-light.css      |  1 -
 7 files changed, 4 insertions(+), 49 deletions(-)

diff --git a/templates/devtest/gitea-ui.tmpl b/templates/devtest/gitea-ui.tmpl
index 1c88333520..6daf6d74c7 100644
--- a/templates/devtest/gitea-ui.tmpl
+++ b/templates/devtest/gitea-ui.tmpl
@@ -48,8 +48,6 @@
 				<li class="sample-group">
 					<h2>Supported but not recommended:</h2>
 					<p>Do not use if there is no strong requirement. Do not use grey/black buttons, they don't work well with dark theme.</p>
-					<button class="ui secondary button">Secondary</button>
-					<button class="ui basic secondary button">Basic Secondary</button>
 					<button class="ui teal button">Teal</button>
 					<button class="ui basic teal button">Basic Teal</button>
 					<button class="ui purple button">Purple</button>
diff --git a/templates/repo/issue/filters.tmpl b/templates/repo/issue/filters.tmpl
index 06e7c1aa6c..d69a8439ba 100644
--- a/templates/repo/issue/filters.tmpl
+++ b/templates/repo/issue/filters.tmpl
@@ -15,7 +15,7 @@
 		{{end}}
 	</div>
 	<div class="issue-list-toolbar-right">
-		<div class="ui secondary filter menu labels">
+		<div class="ui secondary filter menu">
 			{{if .PageIsMilestones}}
 				{{template "repo/issue/milestone/filter_list" .}}
 			{{else}}
diff --git a/templates/user/notification/notification_subscriptions.tmpl b/templates/user/notification/notification_subscriptions.tmpl
index 9e4685b849..49c1baad92 100644
--- a/templates/user/notification/notification_subscriptions.tmpl
+++ b/templates/user/notification/notification_subscriptions.tmpl
@@ -31,7 +31,7 @@
 						</a>
 					</div>
 					<div class="tw-flex">
-						<div class="ui right aligned secondary filter menu labels">
+						<div class="ui right aligned secondary filter menu">
 							<!-- Type -->
 								<div class="ui dropdown type jump item">
 									<span class="text">
diff --git a/web_src/css/modules/button-legacy.css b/web_src/css/modules/button-legacy.css
index 469a309a11..8683d9ed58 100644
--- a/web_src/css/modules/button-legacy.css
+++ b/web_src/css/modules/button-legacy.css
@@ -185,47 +185,6 @@ It needs some tricks to tweak the left/right borders with active state */
   border-color: var(--color-primary-active);
 }
 
-/* secondary */
-
-.ui.secondary.labels .label,
-.ui.ui.ui.secondary.label,
-.ui.secondary.button,
-.ui.secondary.buttons .button,
-.ui.secondary.button:focus,
-.ui.secondary.buttons .button:focus {
-  background: var(--color-secondary-button);
-}
-
-.ui.secondary.button:hover,
-.ui.secondary.buttons .button:hover {
-  background: var(--color-secondary-hover);
-}
-
-.ui.secondary.button:active,
-.ui.secondary.buttons .button:active {
-  background: var(--color-secondary-active);
-}
-
-.ui.basic.secondary.buttons .button,
-.ui.basic.secondary.button {
-  color: var(--color-secondary-button);
-  border-color: var(--color-secondary-button);
-}
-
-.ui.basic.secondary.buttons .button:hover,
-.ui.basic.secondary.button:hover,
-.ui.basic.secondary.button:focus,
-.ui.basic.secondary.buttons .button:focus {
-  color: var(--color-secondary-hover);
-  border-color: var(--color-secondary-hover);
-}
-
-.ui.basic.secondary.buttons .button:active,
-.ui.basic.secondary.button:active {
-  color: var(--color-secondary-active);
-  border-color: var(--color-secondary-active);
-}
-
 /* red */
 
 .ui.red.labels .label,
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index d51b340e0f..4234c07bf0 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -80,7 +80,7 @@
   overflow-x: auto;
 }
 
-.repository .filter.menu.labels .label-filter .menu .info {
+.repository .filter.menu .label-filter .menu .info {
   display: inline-block;
   padding: 0.5rem 0;
   font-size: 12px;
@@ -91,7 +91,7 @@
   text-align: left;
 }
 
-.repository .filter.menu.labels .label-filter .menu .info code {
+.repository .filter.menu .label-filter .menu .info code {
   border: 1px solid var(--color-secondary);
   border-radius: var(--border-radius);
   padding: 1px 2px;
diff --git a/web_src/css/themes/theme-gitea-dark.css b/web_src/css/themes/theme-gitea-dark.css
index 58e3a21f9a..0fbe7ba4ec 100644
--- a/web_src/css/themes/theme-gitea-dark.css
+++ b/web_src/css/themes/theme-gitea-dark.css
@@ -58,7 +58,6 @@
   --color-secondary-alpha-70: #3b444ab3;
   --color-secondary-alpha-80: #3b444acc;
   --color-secondary-alpha-90: #3b444ae1;
-  --color-secondary-button: var(--color-secondary-dark-4);
   --color-secondary-hover: var(--color-secondary-dark-3);
   --color-secondary-active: var(--color-secondary-dark-2);
   /* console colors - used for actions console and console files */
diff --git a/web_src/css/themes/theme-gitea-light.css b/web_src/css/themes/theme-gitea-light.css
index f889cac568..c9ca759472 100644
--- a/web_src/css/themes/theme-gitea-light.css
+++ b/web_src/css/themes/theme-gitea-light.css
@@ -58,7 +58,6 @@
   --color-secondary-alpha-70: #d0d7deb3;
   --color-secondary-alpha-80: #d0d7decc;
   --color-secondary-alpha-90: #d0d7dee1;
-  --color-secondary-button: var(--color-secondary-dark-4);
   --color-secondary-hover: var(--color-secondary-dark-5);
   --color-secondary-active: var(--color-secondary-dark-6);
   /* console colors - used for actions console and console files */

From 75cb38faa6f5b18c5b86a3ecfde7b1b41cdbddcf Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 31 Dec 2025 19:04:35 +0100
Subject: [PATCH 075/854] feat: support reusable workflow expansion when `with`
 or `strategy.matrix` contains ${{ needs... }} (#10647)

This change allows the `with:` field of a reusable workflow to reference a previous job, such as `with: { some-input: "${{ needs.other-job.outputs.other-output }}" }`.  `strategy.matrix` can also reference `${{ needs... }}`.

When a job is parsed and encounters this situation, the outer job of the workflow is marked with a field `incomplete_with` (or `incomplete_matrix`), indicating to Forgejo that it can't be executed as-is and the other jobs in its `needs` list need to be completed first.  And then in `job_emitter.go` when one job is completed, it checks if other jobs had a `needs` reference to it and unblocks those jobs -- but if they're marked with `incomplete_with` then they can be sent back through the job parser, with the now-available job outputs, to be expanded into the correct definition of the job.

The core functionality for this already exists to allow `runs-on` and `strategy.matrix` to reference the outputs of other jobs, but it is expanded upon here to include `with` for reusable workflows.

There is one known defect in this implementation, but it has a limited scope -- if this code path is used to expand a nested reusable workflow, then the `${{ input.... }}` context will be incorrect.  This will require an update to the jobparser in runner version 12.4.0, and so it is out-of-scope of this PR.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
- **end-to-end test:** will require the noted "known defect" to be resolved, but tests are authored at https://code.forgejo.org/forgejo/end-to-end/compare/main...mfenniak:expand-reusable-workflows-needs

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10647
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/pre_execution_errors.go        |  12 +
 models/actions/pre_execution_errors_test.go   |  36 ++-
 models/actions/run.go                         |   2 +-
 models/actions/run_job.go                     |  22 +-
 models/actions/run_job_test.go                |  56 +++-
 models/actions/run_test.go                    |  48 +++
 options/locale_next/locale_en-US.json         |   8 +-
 .../action_run.yml                            | 133 +++++++++
 .../action_run_job.yml                        | 274 +++++++++++++++++-
 .../action_task_output.yml                    |  10 +
 services/actions/commit_status.go             |   4 +-
 services/actions/commit_status_test.go        |   8 +-
 services/actions/job_emitter.go               | 145 +++++++--
 services/actions/job_emitter_test.go          | 268 ++++++++++++++++-
 services/actions/run.go                       |  10 +-
 15 files changed, 971 insertions(+), 65 deletions(-)

diff --git a/models/actions/pre_execution_errors.go b/models/actions/pre_execution_errors.go
index 28cd589ef9..64c9b17727 100644
--- a/models/actions/pre_execution_errors.go
+++ b/models/actions/pre_execution_errors.go
@@ -26,6 +26,10 @@ const (
 	ErrorCodeIncompleteRunsOnMissingOutput
 	ErrorCodeIncompleteRunsOnMissingMatrixDimension
 	ErrorCodeIncompleteRunsOnUnknownCause
+	ErrorCodeIncompleteWithMissingJob
+	ErrorCodeIncompleteWithMissingOutput
+	ErrorCodeIncompleteWithMissingMatrixDimension
+	ErrorCodeIncompleteWithUnknownCause
 )
 
 func TranslatePreExecutionError(lang translation.Locale, run *ActionRun) string {
@@ -57,6 +61,14 @@ func TranslatePreExecutionError(lang translation.Locale, run *ActionRun) string
 		return lang.TrString("actions.workflow.incomplete_runson_missing_matrix_dimension", run.PreExecutionErrorDetails...)
 	case ErrorCodeIncompleteRunsOnUnknownCause:
 		return lang.TrString("actions.workflow.incomplete_runson_unknown_cause", run.PreExecutionErrorDetails...)
+	case ErrorCodeIncompleteWithMissingJob:
+		return lang.TrString("actions.workflow.incomplete_with_missing_job", run.PreExecutionErrorDetails...)
+	case ErrorCodeIncompleteWithMissingOutput:
+		return lang.TrString("actions.workflow.incomplete_with_missing_output", run.PreExecutionErrorDetails...)
+	case ErrorCodeIncompleteWithMissingMatrixDimension:
+		return lang.TrString("actions.workflow.incomplete_with_missing_matrix_dimension", run.PreExecutionErrorDetails...)
+	case ErrorCodeIncompleteWithUnknownCause:
+		return lang.TrString("actions.workflow.incomplete_with_unknown_cause", run.PreExecutionErrorDetails...)
 	}
 	return fmt.Sprintf("<unsupported error: code=%v details=%#v", run.PreExecutionErrorCode, run.PreExecutionErrorDetails)
 }
diff --git a/models/actions/pre_execution_errors_test.go b/models/actions/pre_execution_errors_test.go
index d273fba13b..8c664b6048 100644
--- a/models/actions/pre_execution_errors_test.go
+++ b/models/actions/pre_execution_errors_test.go
@@ -60,7 +60,7 @@ func TestTranslatePreExecutionError(t *testing.T) {
 				PreExecutionErrorCode:    ErrorCodeIncompleteMatrixMissingOutput,
 				PreExecutionErrorDetails: []any{"blocked_job", "other_job", "some_output"},
 			},
-			expected: "Unable to evaluate `strategy.matrix` of job blocked_job: job other_job does not have an output some_output.",
+			expected: "Unable to evaluate `strategy.matrix` of job blocked_job: job other_job is missing output some_output.",
 		},
 		{
 			name: "ErrorCodeIncompleteMatrixMissingJob",
@@ -84,7 +84,7 @@ func TestTranslatePreExecutionError(t *testing.T) {
 				PreExecutionErrorCode:    ErrorCodeIncompleteRunsOnMissingOutput,
 				PreExecutionErrorDetails: []any{"blocked_job", "other_job", "some_output"},
 			},
-			expected: "Unable to evaluate `runs-on` of job blocked_job: job other_job does not have an output some_output.",
+			expected: "Unable to evaluate `runs-on` of job blocked_job: job other_job is missing output some_output.",
 		},
 		{
 			name: "ErrorCodeIncompleteRunsOnMissingJob",
@@ -110,6 +110,38 @@ func TestTranslatePreExecutionError(t *testing.T) {
 			},
 			expected: "Unable to evaluate `runs-on` of job blocked_job: unknown error.",
 		},
+		{
+			name: "ErrorCodeIncompleteWithMissingOutput",
+			run: &ActionRun{
+				PreExecutionErrorCode:    ErrorCodeIncompleteWithMissingOutput,
+				PreExecutionErrorDetails: []any{"blocked_job", "other_job", "some_output"},
+			},
+			expected: "Unable to evaluate `with` of job blocked_job: job other_job is missing output some_output.",
+		},
+		{
+			name: "ErrorCodeIncompleteWithMissingJob",
+			run: &ActionRun{
+				PreExecutionErrorCode:    ErrorCodeIncompleteWithMissingJob,
+				PreExecutionErrorDetails: []any{"blocked_job", "other_job", "needs-1, needs-2"},
+			},
+			expected: "Unable to evaluate `with` of job blocked_job: job other_job is not in the `needs` list of job blocked_job (needs-1, needs-2).",
+		},
+		{
+			name: "ErrorCodeIncompleteWithMissingMatrixDimension",
+			run: &ActionRun{
+				PreExecutionErrorCode:    ErrorCodeIncompleteWithMissingMatrixDimension,
+				PreExecutionErrorDetails: []any{"blocked_job", "platfurm"},
+			},
+			expected: "Unable to evaluate `with` of job blocked_job: matrix dimension platfurm does not exist.",
+		},
+		{
+			name: "ErrorCodeIncompleteWithUnknownCause",
+			run: &ActionRun{
+				PreExecutionErrorCode:    ErrorCodeIncompleteWithUnknownCause,
+				PreExecutionErrorDetails: []any{"blocked_job"},
+			},
+			expected: "Unable to evaluate `with` of job blocked_job: unknown error.",
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/models/actions/run.go b/models/actions/run.go
index 1551032f07..8924e04d37 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -366,7 +366,7 @@ func InsertRunJobs(ctx context.Context, run *ActionRun, jobs []*jobparser.Single
 			}
 			payload, _ = v.Marshal()
 
-			if len(needs) > 0 || run.NeedApproval || v.IncompleteMatrix || v.IncompleteRunsOn {
+			if len(needs) > 0 || run.NeedApproval || v.IncompleteMatrix || v.IncompleteRunsOn || v.IncompleteWith {
 				status = StatusBlocked
 			} else {
 				status = StatusWaiting
diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index 7d943f1410..0e59b931b5 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -260,7 +260,7 @@ func (job *ActionRunJob) ClearCachedWorkflowPayload() {
 // Checks whether the target job is an `(incomplete matrix)` job that will be blocked until the matrix is complete, and
 // then regenerated and deleted.  If it is incomplete, and if the information is available, the specific job and/or
 // output that causes it to be incomplete will be returned as well.
-func (job *ActionRunJob) IsIncompleteMatrix() (bool, *jobparser.IncompleteNeeds, error) {
+func (job *ActionRunJob) HasIncompleteMatrix() (bool, *jobparser.IncompleteNeeds, error) {
 	jobWorkflow, err := job.DecodeWorkflowPayload()
 	if err != nil {
 		return false, nil, fmt.Errorf("failure decoding workflow payload: %w", err)
@@ -270,7 +270,7 @@ func (job *ActionRunJob) IsIncompleteMatrix() (bool, *jobparser.IncompleteNeeds,
 
 // Checks whether the target job has a `runs-on` field with an expression that requires an input from another job.  The
 // job will be blocked until the other job is complete, and then regenerated and deleted.
-func (job *ActionRunJob) IsIncompleteRunsOn() (bool, *jobparser.IncompleteNeeds, *jobparser.IncompleteMatrix, error) {
+func (job *ActionRunJob) HasIncompleteRunsOn() (bool, *jobparser.IncompleteNeeds, *jobparser.IncompleteMatrix, error) {
 	jobWorkflow, err := job.DecodeWorkflowPayload()
 	if err != nil {
 		return false, nil, nil, fmt.Errorf("failure decoding workflow payload: %w", err)
@@ -278,6 +278,15 @@ func (job *ActionRunJob) IsIncompleteRunsOn() (bool, *jobparser.IncompleteNeeds,
 	return jobWorkflow.IncompleteRunsOn, jobWorkflow.IncompleteRunsOnNeeds, jobWorkflow.IncompleteRunsOnMatrix, nil
 }
 
+// Check whether the target job was generated as a result of expanding a reusable workflow.
+func (job *ActionRunJob) IsWorkflowCallInnerJob() (bool, error) {
+	jobWorkflow, err := job.DecodeWorkflowPayload()
+	if err != nil {
+		return false, fmt.Errorf("failure decoding workflow payload: %w", err)
+	}
+	return jobWorkflow.Metadata.WorkflowCallParent != "", nil
+}
+
 // Check whether this job is a caller of a reusable workflow -- in other words, the real work done in this job is in
 // spawned child jobs, not this job.
 func (job *ActionRunJob) IsWorkflowCallOuterJob() (bool, error) {
@@ -288,11 +297,12 @@ func (job *ActionRunJob) IsWorkflowCallOuterJob() (bool, error) {
 	return jobWorkflow.Metadata.WorkflowCallID != "", nil
 }
 
-// Check whether the target job was generated as a result of expanding a reusable workflow.
-func (job *ActionRunJob) IsWorkflowCallInnerJob() (bool, error) {
+// Checks whether the target job has a `with` field with an expression that requires an input from another job.  The job
+// will be blocked until the other job is complete, and then regenerated and deleted.
+func (job *ActionRunJob) HasIncompleteWith() (bool, *jobparser.IncompleteNeeds, *jobparser.IncompleteMatrix, error) {
 	jobWorkflow, err := job.DecodeWorkflowPayload()
 	if err != nil {
-		return false, fmt.Errorf("failure decoding workflow payload: %w", err)
+		return false, nil, nil, fmt.Errorf("failure decoding workflow payload: %w", err)
 	}
-	return jobWorkflow.Metadata.WorkflowCallParent != "", nil
+	return jobWorkflow.IncompleteWith, jobWorkflow.IncompleteWithNeeds, jobWorkflow.IncompleteWithMatrix, nil
 }
diff --git a/models/actions/run_job_test.go b/models/actions/run_job_test.go
index 231a17f463..7c204d4eb9 100644
--- a/models/actions/run_job_test.go
+++ b/models/actions/run_job_test.go
@@ -72,7 +72,7 @@ func TestActionRunJob_HTMLURL(t *testing.T) {
 	}
 }
 
-func TestActionRunJob_IsIncompleteMatrix(t *testing.T) {
+func TestActionRunJob_HasIncompleteMatrix(t *testing.T) {
 	tests := []struct {
 		name         string
 		job          ActionRunJob
@@ -100,7 +100,7 @@ func TestActionRunJob_IsIncompleteMatrix(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			isIncomplete, needs, err := tt.job.IsIncompleteMatrix()
+			isIncomplete, needs, err := tt.job.HasIncompleteMatrix()
 			if tt.errContains != "" {
 				assert.ErrorContains(t, err, tt.errContains)
 			} else {
@@ -112,7 +112,7 @@ func TestActionRunJob_IsIncompleteMatrix(t *testing.T) {
 	}
 }
 
-func TestActionRunJob_IsIncompleteRunsOn(t *testing.T) {
+func TestActionRunJob_HasIncompleteRunsOn(t *testing.T) {
 	tests := []struct {
 		name         string
 		job          ActionRunJob
@@ -147,7 +147,7 @@ func TestActionRunJob_IsIncompleteRunsOn(t *testing.T) {
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			isIncomplete, needs, matrix, err := tt.job.IsIncompleteRunsOn()
+			isIncomplete, needs, matrix, err := tt.job.HasIncompleteRunsOn()
 			if tt.errContains != "" {
 				assert.ErrorContains(t, err, tt.errContains)
 			} else {
@@ -233,3 +233,51 @@ func TestActionRunJob_IsWorkflowCallInnerJob(t *testing.T) {
 		})
 	}
 }
+
+func TestActionRunJob_HasIncompleteWith(t *testing.T) {
+	tests := []struct {
+		name         string
+		job          ActionRunJob
+		isIncomplete bool
+		needs        *jobparser.IncompleteNeeds
+		matrix       *jobparser.IncompleteMatrix
+		errContains  string
+	}{
+		{
+			name:         "normal workflow",
+			job:          ActionRunJob{WorkflowPayload: []byte("name: workflow")},
+			isIncomplete: false,
+		},
+		{
+			name:         "incomplete_with workflow",
+			job:          ActionRunJob{WorkflowPayload: []byte("name: workflow\nincomplete_with: true\nincomplete_with_needs: { job: abc }")},
+			needs:        &jobparser.IncompleteNeeds{Job: "abc"},
+			isIncomplete: true,
+		},
+		{
+			name:         "incomplete_with workflow",
+			job:          ActionRunJob{WorkflowPayload: []byte("name: workflow\nincomplete_with: true\nincomplete_with_matrix: { dimension: abc }")},
+			matrix:       &jobparser.IncompleteMatrix{Dimension: "abc"},
+			isIncomplete: true,
+		},
+		{
+			name:        "unparseable workflow",
+			job:         ActionRunJob{WorkflowPayload: []byte("name: []\nincomplete_with: true")},
+			errContains: "failure unmarshaling WorkflowPayload to SingleWorkflow: yaml: unmarshal errors",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			isIncomplete, needs, matrix, err := tt.job.HasIncompleteWith()
+			if tt.errContains != "" {
+				assert.ErrorContains(t, err, tt.errContains)
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, tt.isIncomplete, isIncomplete)
+				assert.Equal(t, tt.needs, needs)
+				assert.Equal(t, tt.matrix, matrix)
+			}
+		})
+	}
+}
diff --git a/models/actions/run_test.go b/models/actions/run_test.go
index a0fdfddbd6..5c98f453eb 100644
--- a/models/actions/run_test.go
+++ b/models/actions/run_test.go
@@ -327,3 +327,51 @@ jobs:
 		})
 	}
 }
+
+func TestActionRun_IncompleteWith(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	pullRequestPosterID := int64(4)
+	repoID := int64(10)
+	pullRequestID := int64(2)
+	runDoesNotNeedApproval := &ActionRun{
+		RepoID:              repoID,
+		PullRequestID:       pullRequestID,
+		PullRequestPosterID: pullRequestPosterID,
+	}
+
+	workflowRaw := []byte(`
+jobs:
+  outer-job:
+    with:
+      some_input: ${{ needs.other-job.outputs.some-output }}
+    uses: ./.forgejo/workflows/reusable.yml
+`)
+	workflows, err := jobparser.Parse(workflowRaw, false,
+		jobparser.WithJobOutputs(map[string]map[string]string{}),
+		jobparser.ExpandLocalReusableWorkflows(func(job *jobparser.Job, path string) ([]byte, error) {
+			return []byte(`
+on:
+  workflow_call:
+    inputs:
+      some_input:
+        type: string
+jobs:
+  inner-job:
+    runs-on: debian
+    steps: []
+`), nil
+		}))
+	require.NoError(t, err)
+	require.True(t, workflows[0].IncompleteWith) // must be set for this test scenario to be valid
+
+	require.NoError(t, InsertRun(t.Context(), runDoesNotNeedApproval, workflows))
+
+	jobs, err := db.Find[ActionRunJob](t.Context(), FindRunJobOptions{RunID: runDoesNotNeedApproval.ID})
+	require.NoError(t, err)
+	require.Len(t, jobs, 1)
+	job := jobs[0]
+
+	// Expect job with an incomplete with to be StatusBlocked:
+	assert.Equal(t, StatusBlocked, job.Status)
+}
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 38d7d18e7e..e85f8e311e 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -219,12 +219,16 @@
     "actions.workflow.event_detection_error": "Unable to parse supported events in workflow: %v",
     "actions.workflow.persistent_incomplete_matrix": "Unable to evaluate `strategy.matrix` of job %[1]s due to a `needs` expression that was invalid. It may reference a job that is not in it's 'needs' list (%[2]s), or an output that doesn't exist on one of those jobs.",
     "actions.workflow.incomplete_matrix_missing_job": "Unable to evaluate `strategy.matrix` of job %[1]s: job %[2]s is not in the `needs` list of job %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Unable to evaluate `strategy.matrix` of job %[1]s: job %[2]s does not have an output %[3]s.",
+    "actions.workflow.incomplete_matrix_missing_output": "Unable to evaluate `strategy.matrix` of job %[1]s: job %[2]s is missing output %[3]s.",
     "actions.workflow.incomplete_matrix_unknown_cause": "Unable to evaluate `strategy.matrix` of job %[1]s: unknown error.",
     "actions.workflow.incomplete_runson_missing_job": "Unable to evaluate `runs-on` of job %[1]s: job %[2]s is not in the `needs` list of job %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Unable to evaluate `runs-on` of job %[1]s: job %[2]s does not have an output %[3]s.",
+    "actions.workflow.incomplete_runson_missing_output": "Unable to evaluate `runs-on` of job %[1]s: job %[2]s is missing output %[3]s.",
     "actions.workflow.incomplete_runson_missing_matrix_dimension": "Unable to evaluate `runs-on` of job %[1]s: matrix dimension %[2]s does not exist.",
     "actions.workflow.incomplete_runson_unknown_cause": "Unable to evaluate `runs-on` of job %[1]s: unknown error.",
+    "actions.workflow.incomplete_with_missing_job": "Unable to evaluate `with` of job %[1]s: job %[2]s is not in the `needs` list of job %[1]s (%[3]s).",
+    "actions.workflow.incomplete_with_missing_output": "Unable to evaluate `with` of job %[1]s: job %[2]s is missing output %[3]s.",
+    "actions.workflow.incomplete_with_missing_matrix_dimension": "Unable to evaluate `with` of job %[1]s: matrix dimension %[2]s does not exist.",
+    "actions.workflow.incomplete_with_unknown_cause": "Unable to evaluate `with` of job %[1]s: unknown error.",
     "actions.workflow.pre_execution_error": "Workflow was not executed due to an error that blocked the execution attempt.",
     "pulse.n_active_issues": {
         "one": "%s active issue",
diff --git a/services/actions/Test_tryHandleIncompleteMatrix/action_run.yml b/services/actions/Test_tryHandleIncompleteMatrix/action_run.yml
index 2bbd44b405..06af0d3014 100644
--- a/services/actions/Test_tryHandleIncompleteMatrix/action_run.yml
+++ b/services/actions/Test_tryHandleIncompleteMatrix/action_run.yml
@@ -283,3 +283,136 @@
   need_approval: 0
   approved_by: 0
   concurrency_group: abc123
+-
+  id: 915
+  title: "running workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 19
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  concurrency_group: abc123
+-
+  id: 916
+  title: "running workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 20
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  concurrency_group: abc123
+-
+  id: 917
+  title: "running workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 21
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  concurrency_group: abc123
+-
+  id: 918
+  title: "running workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 22
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  concurrency_group: abc123
+-
+  id: 919
+  title: "running workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 23
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  concurrency_group: abc123
+-
+  id: 920
+  title: "running workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 24
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  concurrency_group: abc123
+-
+  id: 921
+  title: "running workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 25
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  concurrency_group: abc123
diff --git a/services/actions/Test_tryHandleIncompleteMatrix/action_run_job.yml b/services/actions/Test_tryHandleIncompleteMatrix/action_run_job.yml
index a352f54ee6..19cb5f2d59 100644
--- a/services/actions/Test_tryHandleIncompleteMatrix/action_run_job.yml
+++ b/services/actions/Test_tryHandleIncompleteMatrix/action_run_job.yml
@@ -7,7 +7,7 @@
   is_fork_pull_request: 0
   name: job_1
   attempt: 0
-  job_id: job_1
+  job_id: produce-artifacts
   task_id: 0
   status: 7 # blocked
   runs_on: '["fedora"]'
@@ -35,7 +35,7 @@
   is_fork_pull_request: 0
   name: job_1
   attempt: 0
-  job_id: job_1
+  job_id: produce-artifacts
   task_id: 0
   status: 7 # blocked
   runs_on: '["fedora"]'
@@ -76,7 +76,7 @@
   is_fork_pull_request: 0
   name: job_1
   attempt: 0
-  job_id: job_1
+  job_id: produce-artifacts
   task_id: 0
   status: 7 # blocked
   runs_on: '["fedora"]'
@@ -117,7 +117,7 @@
   is_fork_pull_request: 0
   name: job_1
   attempt: 0
-  job_id: job_1
+  job_id: produce-artifacts
   task_id: 0
   status: 7 # blocked
   runs_on: '["fedora"]'
@@ -159,7 +159,7 @@
   is_fork_pull_request: 0
   name: job_1
   attempt: 0
-  job_id: job_1
+  job_id: produce-artifacts
   task_id: 0
   status: 7 # blocked
   runs_on: '["fedora"]'
@@ -200,7 +200,7 @@
   is_fork_pull_request: 0
   name: job_1
   attempt: 0
-  job_id: job_1
+  job_id: run-tests
   task_id: 0
   status: 7 # blocked
   runs_on: '["fedora"]'
@@ -243,7 +243,7 @@
   is_fork_pull_request: 0
   name: job_1
   attempt: 0
-  job_id: job_1
+  job_id: run-tests
   task_id: 0
   status: 7 # blocked
   runs_on: '["fedora"]'
@@ -283,7 +283,7 @@
   is_fork_pull_request: 0
   name: job_1
   attempt: 0
-  job_id: job_1
+  job_id: scalar-job
   task_id: 0
   status: 7 # blocked
   runs_on: '["fedora"]'
@@ -328,7 +328,7 @@
   is_fork_pull_request: 0
   name: job_1
   attempt: 0
-  job_id: job_1
+  job_id: produce-artifacts
   task_id: 0
   status: 7 # blocked
   runs_on: '["fedora"]'
@@ -596,3 +596,259 @@
   task_id: 107
   status: 1 # success
   runs_on: '["fedora"]'
+
+-
+  id: 629
+  run_id: 915
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: consume-runs-on
+  attempt: 0
+  job_id: consume-runs-on
+  task_id: 0
+  status: 7 # blocked
+  runs_on: '[]'
+  needs: '["define-workflow-call"]'
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      consume-runs-on:
+        name: consume-runs-on
+        uses: some-repo/some-org/.forgejo/workflows/reusable.yml@non-existent-reference
+        with:
+          workflow_input: ${{ needs.define-workflow-call.outputs.workflow_input }}
+    incomplete_with: true
+
+-
+  id: 630
+  run_id: 916
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: perform-workflow-call
+  attempt: 0
+  job_id: perform-workflow-call
+  task_id: 0
+  status: 7 # blocked
+  runs_on: '[]'
+  needs: '["define-workflow-call"]'
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      perform-workflow-call:
+        name: perform-workflow-call
+        uses: some-repo/some-org/.forgejo/workflows/reusable.yml@simple
+        with:
+          workflow_input: ${{ needs.define-workflow-call.outputs.workflow_input }}
+    incomplete_with: true
+-
+  id: 631
+  run_id: 916
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: define-workflow-call
+  attempt: 0
+  job_id: define-workflow-call
+  task_id: 108
+  status: 1 # success
+  runs_on: '["fedora"]'
+
+-
+  id: 632
+  run_id: 917
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: perform-workflow-call
+  attempt: 0
+  job_id: perform-workflow-call
+  task_id: 0
+  status: 7 # blocked
+  runs_on: '[]'
+  needs: '["define-workflow-call"]'
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      perform-workflow-call:
+        name: perform-workflow-call
+        uses: some-repo/some-org/.forgejo/workflows/reusable.yml@more-incomplete
+        with:
+          workflow_input: ${{ needs.define-workflow-call.outputs.workflow_input }}
+    incomplete_with: true
+-
+  id: 633
+  run_id: 917
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: define-workflow-call
+  attempt: 0
+  job_id: define-workflow-call
+  task_id: 109
+  status: 1 # success
+  runs_on: '["fedora"]'
+
+-
+  id: 634
+  run_id: 918
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: perform-workflow-call
+  attempt: 0
+  job_id: perform-workflow-call
+  task_id: 0
+  status: 7 # blocked
+  runs_on: '[]'
+  needs: '["define-workflow-call"]'
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      perform-workflow-call:
+        name: perform-workflow-call
+        uses: some-repo/some-org/.forgejo/workflows/reusable.yml@more-incomplete
+        with:
+          workflow_input: ${{ needs.oops-i-misspelt-the-job-id.outputs.workflow_input }}
+    incomplete_with: true
+-
+  id: 635
+  run_id: 918
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: define-workflow-call
+  attempt: 0
+  job_id: define-workflow-call
+  task_id: 109
+  status: 1 # success
+  runs_on: '["fedora"]'
+
+-
+  id: 636
+  run_id: 919
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: perform-workflow-call
+  attempt: 0
+  job_id: perform-workflow-call
+  task_id: 0
+  status: 7 # blocked
+  runs_on: '[]'
+  needs: '["define-workflow-call"]'
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      perform-workflow-call:
+        name: perform-workflow-call
+        uses: some-repo/some-org/.forgejo/workflows/reusable.yml@more-incomplete
+        with:
+          workflow_input: ${{ needs.define-workflow-call.outputs.output-doesnt-exist }}
+    incomplete_with: true
+-
+  id: 637
+  run_id: 919
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: define-workflow-call
+  attempt: 0
+  job_id: define-workflow-call
+  task_id: 109
+  status: 1 # success
+  runs_on: '["fedora"]'
+
+-
+  id: 638
+  run_id: 920
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: perform-workflow-call
+  attempt: 0
+  job_id: perform-workflow-call
+  task_id: 0
+  status: 7 # blocked
+  runs_on: '[]'
+  needs: '["define-workflow-call"]'
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      perform-workflow-call:
+        name: perform-workflow-call
+        uses: some-repo/some-org/.forgejo/workflows/reusable.yml@more-incomplete
+        with:
+          workflow_input: ${{ matrix.dimension-oops-error }}
+        strategy:
+          matrix:
+            dimension1: [ abc, def ]
+    incomplete_with: true
+-
+  id: 639
+  run_id: 920
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: define-workflow-call
+  attempt: 0
+  job_id: define-workflow-call
+  task_id: 109
+  status: 1 # success
+  runs_on: '["fedora"]'
+
+-
+  id: 640
+  run_id: 921
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: perform-workflow-call
+  attempt: 0
+  job_id: perform-workflow-call
+  task_id: 0
+  status: 7 # blocked
+  runs_on: '[]'
+  needs: '["define-workflow-call"]'
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      perform-workflow-call:
+        name: perform-workflow-call
+        uses: ./.forgejo/workflows/reusable.yml
+        with:
+          workflow_input: ${{ needs.define-workflow-call.outputs.workflow_input }}
+    incomplete_with: true
+-
+  id: 641
+  run_id: 921
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: define-workflow-call
+  attempt: 0
+  job_id: define-workflow-call
+  task_id: 108
+  status: 1 # success
+  runs_on: '["fedora"]'
diff --git a/services/actions/Test_tryHandleIncompleteMatrix/action_task_output.yml b/services/actions/Test_tryHandleIncompleteMatrix/action_task_output.yml
index 6633ee72ee..35c4676504 100644
--- a/services/actions/Test_tryHandleIncompleteMatrix/action_task_output.yml
+++ b/services/actions/Test_tryHandleIncompleteMatrix/action_task_output.yml
@@ -48,3 +48,13 @@
   task_id: 107
   output_key: run-on-this
   output_value: nixos-25.11
+-
+  id: 110
+  task_id: 108
+  output_key: workflow_input
+  output_value: my-workflow-input
+-
+  id: 111
+  task_id: 109
+  output_key: workflow_input
+  output_value: my-workflow-input
diff --git a/services/actions/commit_status.go b/services/actions/commit_status.go
index e5093301ea..7f86dbecc1 100644
--- a/services/actions/commit_status.go
+++ b/services/actions/commit_status.go
@@ -33,8 +33,8 @@ func CreateCommitStatus(ctx context.Context, jobs ...*actions_model.ActionRunJob
 }
 
 func createCommitStatus(ctx context.Context, job *actions_model.ActionRunJob) error {
-	if incompleteMatrix, _, err := job.IsIncompleteMatrix(); err != nil {
-		return fmt.Errorf("job IsIncompleteMatrix: %w", err)
+	if incompleteMatrix, _, err := job.HasIncompleteMatrix(); err != nil {
+		return fmt.Errorf("job HasIncompleteMatrix: %w", err)
 	} else if incompleteMatrix {
 		// Don't create commit statuses for incomplete matrix jobs because they are never completed.
 		return nil
diff --git a/services/actions/commit_status_test.go b/services/actions/commit_status_test.go
index 0872a9d7df..372448e321 100644
--- a/services/actions/commit_status_test.go
+++ b/services/actions/commit_status_test.go
@@ -22,17 +22,17 @@ func TestCreateCommitStatus_IncompleteMatrix(t *testing.T) {
 	err := createCommitStatus(t.Context(), job)
 	require.ErrorContains(t, err, "object does not exist [id: 7a3858dc7f059543a8807a8b551304b7e362a7ef")
 
-	// Transition from IsIncompleteMatrix()=false to true...
-	isIncomplete, _, err := job.IsIncompleteMatrix()
+	// Transition from HasIncompleteMatrix()=false to true...
+	isIncomplete, _, err := job.HasIncompleteMatrix()
 	require.NoError(t, err)
 	require.False(t, isIncomplete)
 	job.WorkflowPayload = append(job.WorkflowPayload, "\nincomplete_matrix: true\n"...)
 	job.ClearCachedWorkflowPayload()
-	isIncomplete, _, err = job.IsIncompleteMatrix()
+	isIncomplete, _, err = job.HasIncompleteMatrix()
 	require.NoError(t, err)
 	require.True(t, isIncomplete)
 
-	// Now there should be no error since createCommitStatus will exit early due to the IsIncompleteMatrix() flag.
+	// Now there should be no error since createCommitStatus will exit early due to the HasIncompleteMatrix() flag.
 	err = createCommitStatus(t.Context(), job)
 	require.NoError(t, err)
 }
diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index 4e61029878..167083a028 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -168,7 +168,20 @@ func (r *jobStatusResolver) resolve() map[int64]actions_model.Status {
 				// success/failure.  checkJobsOfRun will do additional work in these cases to "finish" the workflow call
 				// job as well.
 				if allSucceed {
-					ret[id] = actions_model.StatusSuccess
+					isIncompleteMatrix, _, _ := r.jobMap[id].HasIncompleteMatrix()
+					isIncompleteWith, _, _, _ := r.jobMap[id].HasIncompleteWith()
+					if isIncompleteMatrix || isIncompleteWith {
+						// The `needs` of this job are done.  For an outer workflow call, that usually means that the
+						// inner jobs are done.  But if the job is incomplete, that means that the `needs` that were
+						// required to define the job are done, and now the job can be expanded with the missing values
+						// that come from `${{ needs... }}`.  By putting this job into `Waiting` state, it will go into
+						// `tryHandleIncompleteMatrix` to be reparsed, replaced with a full job definition, with new
+						// `needs` that contain its inner jobs:
+						ret[id] = actions_model.StatusWaiting
+					} else {
+						// This job is done by virtue of its inner jobs being done successfully.
+						ret[id] = actions_model.StatusSuccess
+					}
 				} else {
 					ret[id] = actions_model.StatusFailure
 				}
@@ -201,17 +214,22 @@ func (r *jobStatusResolver) resolve() map[int64]actions_model.Status {
 // Invoked once a job has all its `needs` parameters met and is ready to transition to waiting, this may expand the
 // job's `strategy.matrix` into multiple new jobs.
 func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.ActionRunJob, jobsInRun []*actions_model.ActionRunJob) (bool, error) {
-	incompleteMatrix, _, err := blockedJob.IsIncompleteMatrix()
+	incompleteMatrix, _, err := blockedJob.HasIncompleteMatrix()
 	if err != nil {
-		return false, fmt.Errorf("job IsIncompleteMatrix: %w", err)
+		return false, fmt.Errorf("job HasIncompleteMatrix: %w", err)
 	}
 
-	incompleteRunsOn, _, _, err := blockedJob.IsIncompleteRunsOn()
+	incompleteRunsOn, _, _, err := blockedJob.HasIncompleteRunsOn()
 	if err != nil {
-		return false, fmt.Errorf("job IsIncompleteRunsOn: %w", err)
+		return false, fmt.Errorf("job HasIncompleteRunsOn: %w", err)
 	}
 
-	if !incompleteMatrix && !incompleteRunsOn {
+	incompleteWith, _, _, err := blockedJob.HasIncompleteWith()
+	if err != nil {
+		return false, fmt.Errorf("job HasIncompleteWith: %w", err)
+	}
+
+	if !incompleteMatrix && !incompleteRunsOn && !incompleteWith {
 		// Not relevant to attempt re-parsing the job if it wasn't marked as Incomplete[...] previously.
 		return false, nil
 	}
@@ -247,13 +265,28 @@ func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.Ac
 
 	// Re-parse the blocked job, providing all the other completed jobs' outputs, to turn this incomplete job into
 	// one-or-more new jobs:
+	expandLocalReusableWorkflow, expandCleanup := lazyRepoExpandLocalReusableWorkflow(ctx, blockedJob.RepoID, blockedJob.CommitSHA)
+	defer expandCleanup()
 	newJobWorkflows, err := jobparser.Parse(blockedJob.WorkflowPayload, false,
 		jobparser.WithJobOutputs(jobOutputs),
 		jobparser.WithWorkflowNeeds(blockedJob.Needs),
 		jobparser.SupportIncompleteRunsOn(),
+		jobparser.ExpandLocalReusableWorkflows(expandLocalReusableWorkflow),
+		jobparser.ExpandInstanceReusableWorkflows(expandInstanceReusableWorkflows(ctx)),
 	)
 	if err != nil {
-		return false, fmt.Errorf("failure re-parsing SingleWorkflow: %w", err)
+		// Reparsing errors are quite rare here since we were already able to parse this workflow in the past to
+		// generate `blockedJob`, but it would be possible with a remote reusable workflow if the reference disappears
+		// from the remote repo -- eg. it was `@v1` and the `v1` tag was removed.
+		if err := FailRunPreExecutionError(
+			ctx,
+			blockedJob.Run,
+			actions_model.ErrorCodeJobParsingError,
+			[]any{err.Error()}); err != nil {
+			return false, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
+		}
+		// Return `true` to skip running this job in this invalid state
+		return true, nil
 	}
 
 	// Even though every job in the `needs` list is done, perform a consistency check if the job was still unable to be
@@ -261,20 +294,51 @@ func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.Ac
 	// reported back to the user for them to correct their workflow, so we slip this notification into
 	// PreExecutionError.
 	for _, swf := range newJobWorkflows {
-		if swf.IncompleteMatrix {
-			errorCode, errorDetails := persistentIncompleteMatrixError(blockedJob, swf.IncompleteMatrixNeeds)
-			if err := FailRunPreExecutionError(ctx, blockedJob.Run, errorCode, errorDetails); err != nil {
-				return false, fmt.Errorf("failure when marking run with error: %w", err)
+		// If the re-evaluated job has the same job ID as the input job, and it's still incomplete, then we'll consider
+		// it to be a "persistent incomplete" job with some error that needs to be reported to the user.  If the
+		// re-evaluated job has a different job ID, then it's likely an expanded job -- such as from a reusable workflow
+		// -- which could have it's own `needs` that allows it to expand into a correct job in the future.
+		jobID, job := swf.Job()
+		if jobID == blockedJob.JobID {
+			if swf.IncompleteMatrix {
+				errorCode, errorDetails := persistentIncompleteMatrixError(blockedJob, swf.IncompleteMatrixNeeds)
+				if err := FailRunPreExecutionError(ctx, blockedJob.Run, errorCode, errorDetails); err != nil {
+					return false, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
+				}
+				// Return `true` to skip running this job in this invalid state
+				return true, nil
+			} else if swf.IncompleteRunsOn {
+				errorCode, errorDetails := persistentIncompleteRunsOnError(blockedJob, swf.IncompleteRunsOnNeeds, swf.IncompleteRunsOnMatrix)
+				if err := FailRunPreExecutionError(ctx, blockedJob.Run, errorCode, errorDetails); err != nil {
+					return false, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
+				}
+				// Return `true` to skip running this job in this invalid state
+				return true, nil
+			} else if swf.IncompleteWith {
+				errorCode, errorDetails := persistentIncompleteWithError(blockedJob, swf.IncompleteWithNeeds, swf.IncompleteWithMatrix)
+				if err := FailRunPreExecutionError(ctx, blockedJob.Run, errorCode, errorDetails); err != nil {
+					return false, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
+				}
+				// Return `true` to skip running this job in this invalid state
+				return true, nil
 			}
-			// Return `true` to skip running this job in this invalid state
-			return true, nil
-		} else if swf.IncompleteRunsOn {
-			errorCode, errorDetails := persistentIncompleteRunsOnError(blockedJob, swf.IncompleteRunsOnNeeds, swf.IncompleteRunsOnMatrix)
-			if err := FailRunPreExecutionError(ctx, blockedJob.Run, errorCode, errorDetails); err != nil {
-				return false, fmt.Errorf("failure when marking run with error: %w", err)
+
+			// When `InsertRunJobs` is run on a job (including `blockedJob` when it was persisted), the `needs` are
+			// removed from it's WorkflowPayload and moved up to the database record so that Forgejo can manage ordering
+			// the run execution.  Now that `blockedJob` has been changed from incomplete->complete by reparsing it and
+			// providing its inputs, it would have been reparsed with an empty `needs` entry because of this earlier
+			// removal.  And the returned record could have its own new `needs` if it was a reusable workflow with inner
+			// jobs.  So, merge the old database list of needs with the new reparsed list of needs, and store them in
+			// the new `SingleWorkflow` which will be paseed to `InsertRunJobs` where it will be ripped out again.
+			//
+			// This is only relevant for `blockedJob` and not for any other generated jobs since they wouldn't have yet
+			// gone through `InsertRunJobs` to have this mutation performed.
+			newNeeds := append(job.Needs(), blockedJob.Needs...)
+			_ = job.RawNeeds.Encode(newNeeds)
+			err := swf.SetJob(jobID, job)
+			if err != nil {
+				return false, fmt.Errorf("failure to update needs in job: %w", err)
 			}
-			// Return `true` to skip running this job in this invalid state
-			return true, nil
 		}
 	}
 
@@ -375,6 +439,49 @@ func persistentIncompleteRunsOnError(job *actions_model.ActionRunJob, incomplete
 	return errorCode, errorDetails
 }
 
+func persistentIncompleteWithError(job *actions_model.ActionRunJob, incompleteNeeds *jobparser.IncompleteNeeds, incompleteMatrix *jobparser.IncompleteMatrix) (actions_model.PreExecutionError, []any) {
+	var errorCode actions_model.PreExecutionError
+	var errorDetails []any
+
+	// `incompleteMatrix` tells us which dimension of a matrix was accessed that was missing
+	if incompleteMatrix != nil {
+		dimension := incompleteMatrix.Dimension
+		errorCode = actions_model.ErrorCodeIncompleteWithMissingMatrixDimension
+		errorDetails = []any{
+			job.JobID,
+			dimension,
+		}
+		return errorCode, errorDetails
+	}
+
+	// `incompleteNeeds` tells us what part of a `${{ needs... }}` expression was missing
+	if incompleteNeeds != nil {
+		jobRef := incompleteNeeds.Job       // always provided
+		outputRef := incompleteNeeds.Output // missing if the entire job wasn't present
+		if outputRef != "" {
+			errorCode = actions_model.ErrorCodeIncompleteWithMissingOutput
+			errorDetails = []any{
+				job.JobID,
+				jobRef,
+				outputRef,
+			}
+		} else {
+			errorCode = actions_model.ErrorCodeIncompleteWithMissingJob
+			errorDetails = []any{
+				job.JobID,
+				jobRef,
+				strings.Join(job.Needs, ", "),
+			}
+		}
+		return errorCode, errorDetails
+	}
+
+	// Not sure why we ended up in `IncompleteWith` when nothing was marked as incomplete
+	errorCode = actions_model.ErrorCodeIncompleteWithUnknownCause
+	errorDetails = []any{job.JobID}
+	return errorCode, errorDetails
+}
+
 // When a workflow call outer job's dependencies are completed, `tryHandleWorkflowCallOuterJob` will complete the job
 // without actually executing it. It will not be dispatched it to a runner. There's no job execution logic, but we need
 // to update state of a few things -- particularly workflow outputs.
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index 0bfa10d7ea..14310703e6 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -4,6 +4,8 @@
 package actions
 
 import (
+	"context"
+	"errors"
 	"slices"
 	"testing"
 
@@ -12,6 +14,7 @@ import (
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/test"
 
+	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
 	"code.forgejo.org/forgejo/runner/v12/act/model"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -154,6 +157,58 @@ __metadata:
 				3: actions_model.StatusSuccess,
 			},
 		},
+		{
+			name: "unblocked workflow call outer job, incomplete `with`",
+			jobs: actions_model.ActionJobList{
+				{ID: 1, JobID: "job0", Status: actions_model.StatusSuccess, Needs: []string{}},
+				{ID: 2, JobID: "job1", Status: actions_model.StatusBlocked, Needs: []string{"job0"}, WorkflowPayload: []byte(
+					`
+name: test
+on: push
+jobs:
+  job2:
+    if: false
+    uses: ./.forgejo/workflows/reusable.yml
+    with:
+      something: ${{ needs.job0.outputs.something }}
+incomplete_with: true
+incomplete_with_needs:
+  job: job0
+  output: something
+__metadata:
+  workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+`)},
+			},
+			want: map[int64]actions_model.Status{
+				2: actions_model.StatusWaiting,
+			},
+		},
+		{
+			name: "unblocked workflow call outer job, incomplete `strategy.matrix`",
+			jobs: actions_model.ActionJobList{
+				{ID: 1, JobID: "job0", Status: actions_model.StatusSuccess, Needs: []string{}},
+				{ID: 2, JobID: "job1", Status: actions_model.StatusBlocked, Needs: []string{"job0"}, WorkflowPayload: []byte(
+					`
+name: test
+on: push
+jobs:
+  job2:
+    if: false
+    uses: ./.forgejo/workflows/reusable.yml
+    strategy:
+      matrix: ${{ fromJSON(needs.job0.outputs.something) }}
+incomplete_matrix: true
+incomplete_matrix_needs:
+  job: job0
+  output: something
+__metadata:
+  workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+`)},
+			},
+			want: map[int64]actions_model.Status{
+				2: actions_model.StatusWaiting,
+			},
+		},
 		{
 			name: "unblocked workflow call outer job with internal failure",
 			jobs: actions_model.ActionJobList{
@@ -184,21 +239,67 @@ __metadata:
 	}
 }
 
+const testWorkflowCallSimpleExpansion = `
+on:
+  workflow_call:
+    inputs:
+      workflow_input:
+        type: string
+jobs:
+  inner_job:
+    name: "inner ${{ inputs.workflow_input }}"
+    runs-on: debian-latest
+    steps:
+      - run: echo ${{ inputs.workflow_input }}
+`
+
+const testWorkflowCallMoreIncompleteExpansion = `
+on:
+  workflow_call:
+    inputs:
+      workflow_input:
+        type: string
+jobs:
+  define-runs-on:
+    name: "inner define-runs-on ${{ inputs.workflow_input }}"
+    runs-on: docker
+    outputs:
+      scalar-value: ${{ steps.define.outputs.scalar }}
+    steps:
+      - id: define
+        run: |
+          echo 'scalar=scalar value' >> "$FORGEJO_OUTPUT"
+  scalar-job:
+    name: "inner incomplete-job ${{ inputs.workflow_input }}"
+    runs-on: ${{ needs.define-runs-on.outputs.scalar-value }}
+    needs: define-runs-on
+    steps: []
+`
+
 func Test_tryHandleIncompleteMatrix(t *testing.T) {
 	// Shouldn't get any decoding errors during this test -- pop them up from a log warning to a test fatal error.
 	defer test.MockVariableValue(&model.OnDecodeNodeError, func(node yaml.Node, out any, err error) {
 		t.Fatalf("Failed to decode node %v into %T: %v", node, out, err)
 	})()
 
+	type localReusableWorkflowCallArgs struct {
+		repoID    int64
+		commitSHA string
+		path      string
+	}
+
 	tests := []struct {
-		name                     string
-		runJobID                 int64
-		errContains              string
-		consumed                 bool
-		runJobNames              []string
-		preExecutionError        actions_model.PreExecutionError
-		preExecutionErrorDetails []any
-		runsOn                   map[string][]string
+		name                          string
+		runJobID                      int64
+		errContains                   string
+		consumed                      bool
+		runJobNames                   []string
+		preExecutionError             actions_model.PreExecutionError
+		preExecutionErrorDetails      []any
+		runsOn                        map[string][]string
+		needs                         map[string][]string
+		expectIncompleteJob           []string
+		localReusableWorkflowCallArgs *localReusableWorkflowCallArgs
 	}{
 		{
 			name:     "not incomplete",
@@ -219,7 +320,7 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 			name:                     "missing needs for strategy.matrix evaluation",
 			runJobID:                 605,
 			preExecutionError:        actions_model.ErrorCodeIncompleteMatrixMissingJob,
-			preExecutionErrorDetails: []any{"job_1", "define-matrix-2", "define-matrix-1"},
+			preExecutionErrorDetails: []any{"produce-artifacts", "define-matrix-2", "define-matrix-1"},
 		},
 		{
 			name:        "matrix expanded to 0 jobs",
@@ -279,7 +380,7 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 			name:                     "missing needs output for strategy.matrix evaluation",
 			runJobID:                 615,
 			preExecutionError:        actions_model.ErrorCodeIncompleteMatrixMissingOutput,
-			preExecutionErrorDetails: []any{"job_1", "define-matrix-1", "colours-intentional-mistake"},
+			preExecutionErrorDetails: []any{"produce-artifacts", "define-matrix-1", "colours-intentional-mistake"},
 		},
 		{
 			name:     "runs-on evaluation with needs",
@@ -356,12 +457,126 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 			preExecutionError:        actions_model.ErrorCodeIncompleteRunsOnMissingMatrixDimension,
 			preExecutionErrorDetails: []any{"consume-runs-on", "dimension-oops-error"},
 		},
+		{
+			name:                     "workflow call remote reference unavailable",
+			runJobID:                 629,
+			preExecutionError:        actions_model.ErrorCodeJobParsingError,
+			preExecutionErrorDetails: []any{"unable to read instance workflow \"some-repo/some-org/.forgejo/workflows/reusable.yml@non-existent-reference\": someone deleted that reference maybe"},
+		},
+		{
+			name:     "workflow call with needs expansion",
+			runJobID: 630,
+			consumed: true,
+			runJobNames: []string{
+				"define-workflow-call",
+				"inner my-workflow-input",
+				"perform-workflow-call",
+			},
+			needs: map[string][]string{
+				"define-workflow-call":    nil,
+				"inner my-workflow-input": nil,
+				"perform-workflow-call":   {"define-workflow-call", "perform-workflow-call.inner_job"},
+			},
+		},
+		// Before reusable workflow expansion, there weren't any cases where evaluating a job in the job emitter could
+		// result in more incomplete jobs being generated (other than errors).  This is the first such case -- run job
+		// ID 632 references reusable workflow "more-incomplete" which generates more incomplete jobs.
+		{
+			name:     "workflow call generates more incomplete jobs",
+			runJobID: 632,
+			consumed: true,
+			runJobNames: []string{
+				"define-workflow-call",
+				"inner define-runs-on my-workflow-input",
+				"inner incomplete-job my-workflow-input",
+				"perform-workflow-call",
+			},
+			runsOn: map[string][]string{
+				"define-workflow-call":                   {"fedora"},
+				"perform-workflow-call":                  {},
+				"inner define-runs-on my-workflow-input": {"docker"},
+				"inner incomplete-job my-workflow-input": {"${{ needs[format('{0}.{1}', 'perform-workflow-call', 'define-runs-on')].outputs.scalar-value }}"},
+			},
+			needs: map[string][]string{
+				"define-workflow-call":                   nil,
+				"inner define-runs-on my-workflow-input": nil,
+				"inner incomplete-job my-workflow-input": {"perform-workflow-call.define-runs-on"},
+				"perform-workflow-call": {
+					"define-workflow-call",
+					"perform-workflow-call.define-runs-on",
+					"perform-workflow-call.scalar-job",
+				},
+			},
+			expectIncompleteJob: []string{"inner incomplete-job my-workflow-input"},
+		},
+		{
+			name:                     "missing needs job for workflow call evaluation",
+			runJobID:                 634,
+			preExecutionError:        actions_model.ErrorCodeIncompleteWithMissingJob,
+			preExecutionErrorDetails: []any{"perform-workflow-call", "oops-i-misspelt-the-job-id", "define-workflow-call"},
+		},
+		{
+			name:                     "missing needs output for workflow call evaluation",
+			runJobID:                 636,
+			preExecutionError:        actions_model.ErrorCodeIncompleteWithMissingOutput,
+			preExecutionErrorDetails: []any{"perform-workflow-call", "define-workflow-call", "output-doesnt-exist"},
+		},
+		{
+			name:                     "missing matrix dimension for workflow call evaluation",
+			runJobID:                 638,
+			preExecutionError:        actions_model.ErrorCodeIncompleteWithMissingMatrixDimension,
+			preExecutionErrorDetails: []any{"perform-workflow-call", "dimension-oops-error"},
+		},
+		{
+			name:     "local workflow call with needs expansion",
+			runJobID: 640,
+			consumed: true,
+			runJobNames: []string{
+				"define-workflow-call",
+				"inner my-workflow-input",
+				"perform-workflow-call",
+			},
+			localReusableWorkflowCallArgs: &localReusableWorkflowCallArgs{
+				repoID:    63,
+				commitSHA: "97f29ee599c373c729132a5c46a046978311e0ee",
+				path:      "./.forgejo/workflows/reusable.yml",
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			defer unittest.OverrideFixtures("services/actions/Test_tryHandleIncompleteMatrix")()
 			require.NoError(t, unittest.PrepareTestDatabase())
 
+			// Mock access to reusable workflows, both local and remote
+			var localReusableCalled []*localReusableWorkflowCallArgs
+			var cleanupCallCount int
+			defer test.MockVariableValue(&lazyRepoExpandLocalReusableWorkflow,
+				func(ctx context.Context, repoID int64, commitSHA string) (jobparser.LocalWorkflowFetcher, CleanupFunc) {
+					fetcher := func(job *jobparser.Job, path string) ([]byte, error) {
+						localReusableCalled = append(localReusableCalled, &localReusableWorkflowCallArgs{repoID, commitSHA, path})
+						return []byte(testWorkflowCallSimpleExpansion), nil
+					}
+					cleanup := func() {
+						cleanupCallCount++
+					}
+					return fetcher, cleanup
+				})()
+			defer test.MockVariableValue(&expandInstanceReusableWorkflows,
+				func(ctx context.Context) jobparser.InstanceWorkflowFetcher {
+					return func(job *jobparser.Job, ref *model.NonLocalReusableWorkflowReference) ([]byte, error) {
+						switch ref.Ref {
+						case "non-existent-reference":
+							return nil, errors.New("someone deleted that reference maybe")
+						case "simple":
+							return []byte(testWorkflowCallSimpleExpansion), nil
+						case "more-incomplete":
+							return []byte(testWorkflowCallMoreIncompleteExpansion), nil
+						}
+						return nil, errors.New("unknown workflow reference")
+					}
+				})()
+
 			blockedJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: tt.runJobID})
 
 			jobsInRun, err := db.Find[actions_model.ActionRunJob](t.Context(), actions_model.FindRunJobOptions{RunID: blockedJob.RunID})
@@ -381,7 +596,7 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 
 					// expectations are that the ActionRun has an empty PreExecutionError
 					actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: blockedJob.RunID})
-					assert.EqualValues(t, 0, actionRun.PreExecutionErrorCode)
+					assert.EqualValues(t, 0, actionRun.PreExecutionErrorCode, "PreExecutionError Details: %#v", actionRun.PreExecutionErrorDetails)
 
 					// compare jobs that exist with `runJobNames` to ensure new jobs are inserted:
 					allJobsInRun, err := db.Find[actions_model.ActionRunJob](t.Context(), actions_model.FindRunJobOptions{RunID: blockedJob.RunID})
@@ -404,6 +619,37 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 							}
 						}
 					}
+
+					if tt.needs != nil {
+						for _, j := range allJobsInRun {
+							expected, ok := tt.needs[j.Name]
+							if assert.Truef(t, ok, "unable to find runsOn[%q] in test case", j.Name) {
+								slices.Sort(j.Needs)
+								slices.Sort(expected)
+								assert.Equalf(t, expected, j.Needs, "comparing needs expectations for job %q", j.Name)
+							}
+						}
+					}
+
+					if tt.expectIncompleteJob != nil {
+						for _, j := range allJobsInRun {
+							if slices.Contains(tt.expectIncompleteJob, j.Name) {
+								m, _, err := j.HasIncompleteMatrix()
+								require.NoError(t, err)
+								r, _, _, err := j.HasIncompleteRunsOn()
+								require.NoError(t, err)
+								w, _, _, err := j.HasIncompleteWith()
+								require.NoError(t, err)
+								assert.True(t, m || r || w, "job %s was expected to still be marked as incomplete", j.Name)
+							}
+						}
+					}
+
+					if tt.localReusableWorkflowCallArgs != nil {
+						require.Len(t, localReusableCalled, 1)
+						assert.Equal(t, tt.localReusableWorkflowCallArgs, localReusableCalled[0])
+						assert.Equal(t, 1, cleanupCallCount)
+					}
 				} else if tt.preExecutionError != 0 {
 					// expectations are that the ActionRun has a populated PreExecutionError, is marked as failed
 					actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: blockedJob.RunID})
diff --git a/services/actions/run.go b/services/actions/run.go
index 9bc93bc68e..64228938f8 100644
--- a/services/actions/run.go
+++ b/services/actions/run.go
@@ -126,7 +126,7 @@ func checkJobWillRevisit(ctx context.Context, job *actions_model.ActionRunJob) (
 	// Check to ensure that a job marked with `IncompleteMatrix` doesn't refer to a job that it doesn't have listed in
 	// `needs`.  If that state is discovered, fail the job and mark a PreExecutionError on the run.
 
-	isIncompleteMatrix, matrixNeeds, err := job.IsIncompleteMatrix()
+	isIncompleteMatrix, matrixNeeds, err := job.HasIncompleteMatrix()
 	if err != nil {
 		return false, err
 	}
@@ -164,11 +164,11 @@ func checkJobWillRevisit(ctx context.Context, job *actions_model.ActionRunJob) (
 
 func checkJobRunsOnStaticMatrixError(ctx context.Context, job *actions_model.ActionRunJob) (bool, error) {
 	// If a job has a `runs-on` field that references a matrix dimension like `runs-on: ${{ matrix.platorm }}`, and
-	// `platform` is not part of the job's matrix at all, then it will be tagged as `IsIncompleteRunsOn` and will be
+	// `platform` is not part of the job's matrix at all, then it will be tagged as `HasIncompleteRunsOn` and will be
 	// blocked forever.  This only applies if the matrix is static -- that is, the job isn't also tagged
-	// `IsIncompleteMatrix` and the matrix is yet to be fully defined.
+	// `HasIncompleteMatrix` and the matrix is yet to be fully defined.
 
-	isIncompleteRunsOn, _, matrixReference, err := job.IsIncompleteRunsOn()
+	isIncompleteRunsOn, _, matrixReference, err := job.HasIncompleteRunsOn()
 	if err != nil {
 		return false, err
 	} else if !isIncompleteRunsOn || matrixReference == nil {
@@ -176,7 +176,7 @@ func checkJobRunsOnStaticMatrixError(ctx context.Context, job *actions_model.Act
 		return false, nil
 	}
 
-	isIncompleteMatrix, _, err := job.IsIncompleteMatrix()
+	isIncompleteMatrix, _, err := job.HasIncompleteMatrix()
 	if err != nil {
 		return false, err
 	} else if isIncompleteMatrix {

From 03e2ecfbc4301b0991ed597a03bd75511d5bf381 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 31 Dec 2025 19:20:17 +0100
Subject: [PATCH 076/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.4.0 (forgejo) (#10655)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.3.1` -> `v12.4.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.4.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.3.1/v12.4.0?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.4.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.4.0)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.3.1...v12.4.0)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1247): <!--number 1247 --><!--line 0 --><!--description ZmVhdDogaW5jbHVkZSBhbGwgaW50ZWdyYXRpb24gdGVzdHMgaW4gYG1ha2UgaW50ZWdyYXRpb24tdGVzdGA=-->feat: include all integration tests in `make integration-test`<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1238): <!--number 1238 --><!--line 0 --><!--description ZmVhdChkb2NrZXJfcnVuKTogYWRkIHN1cHBvcnQgZm9yIHVzZXIgYW5kIGdyb3VwLWFkZCBqb2Igb3B0aW9ucw==-->feat(docker\_run): add support for user and group-add job options<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1245): <!--number 1245 --><!--line 0 --><!--description ZmVhdDogcmVxdWVzdCB1cCB0byBgY2FwYWNpdHlgIGpvYnMgZnJvbSBGb3JnZWpvIGluIG9uZSBBUEkgY2FsbA==-->feat: request up to `capacity` jobs from Forgejo in one API call<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1240): <!--number 1240 --><!--line 0 --><!--description Zml4OiByZW1vdmUgYGNtZGAgYW5kIGBwb3J0c2AgZnJvbSBjb250YWluZXIgc2NoZW1h-->fix: remove `cmd` and `ports` from container schema<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1244): <!--number 1244 --><!--line 0 --><!--description Zml4OiBldmFsdWF0ZSBqb2JzLjxqb2JfaWQ+LmNvbnRhaW5lci52b2x1bWVz-->fix: evaluate jobs.\<job\_id>.container.volumes<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1251): <!--number 1251 --><!--line 0 --><!--description Zml4OiByZS1wYXJzaW5nIGluY29tcGxldGUgam9icyBtdXN0IHVzZSBvbi53b3JrZmxvd19jYWxsLmlucHV0cywgbm90IGdsb2JhbCBpbnB1dHM=-->fix: re-parsing incomplete jobs must use on.workflow\_call.inputs, not global inputs<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1246): <!--number 1246 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vYWN0aW9ucy1wcm90byB0byB2MC42LjA=-->Update module code.forgejo.org/forgejo/actions-proto to v0.6.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1242): <!--number 1242 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMi4zLjE=-->Update forgejo-runner to v12.3.1<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1241): <!--number 1241 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjU=-->Update dependency go to v1.25<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42Ni4xMSIsInVwZGF0ZWRJblZlciI6IjQyLjY2LjExIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10655
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 633f4bc3dd..470d13a566 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.3.1
+	code.forgejo.org/forgejo/runner/v12 v12.4.0
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index f99e6db0dc..1e33b27333 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.3.1 h1:85W9+OyCZbNLo4PnTnSopg95gkUYL3FTBNxW5tWxlkI=
-code.forgejo.org/forgejo/runner/v12 v12.3.1/go.mod h1:m6i/RnHQObdagTZUUPR+Nb2Th3VBLOHzjZ6tVw7F0qs=
+code.forgejo.org/forgejo/runner/v12 v12.4.0 h1:FNEUh368GMnyRxXrzQ3rQITV68b0Z3DKWsCeTGKzxF8=
+code.forgejo.org/forgejo/runner/v12 v12.4.0/go.mod h1:GwKqxU5CIkpUSBnOCwmT9GRpz2V4mdfdp9LQEKQ70HE=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=

From f6399a0d25165f69341f5d8406777ee6f032012e Mon Sep 17 00:00:00 2001
From: Codeberg Translate <translate@codeberg.org>
Date: Thu, 1 Jan 2026 08:27:08 +0000
Subject: [PATCH 077/854] i18n: update of translations from Codeberg Translate

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Arthur Zamarin <arthurzam@gentoo.org>
Co-authored-by: Benedikt Straub <benedikt-straub@web.de>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: SomeTr <sometr@noreply.codeberg.org>
Co-authored-by: killawabbit <killawabbit@noreply.codeberg.org>
Co-authored-by: m-casanova <m-casanova@noreply.codeberg.org>
Co-authored-by: nykula <nykula@noreply.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/he/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/it/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/uk/
Translation: Forgejo/forgejo
Translation: Forgejo/forgejo-next
---
 options/locale/locale_he.ini          | 24 +++++++++++++--
 options/locale/locale_it-IT.ini       |  4 +--
 options/locale/locale_uk-UA.ini       | 43 ++++++++++++++-------------
 options/locale_next/locale_cs-CZ.json | 10 +++++--
 options/locale_next/locale_nds.json   | 10 +++++--
 options/locale_next/locale_nl-NL.json |  3 +-
 options/locale_next/locale_ru-RU.json | 10 +++++--
 options/locale_next/locale_sv-SE.json | 34 ++++++++++++++++++++-
 options/locale_next/locale_uk-UA.json | 10 +++++--
 options/locale_next/locale_zh-CN.json |  6 +++-
 10 files changed, 113 insertions(+), 41 deletions(-)

diff --git a/options/locale/locale_he.ini b/options/locale/locale_he.ini
index 6c3387c1b8..047e4d7bd6 100644
--- a/options/locale/locale_he.ini
+++ b/options/locale/locale_he.ini
@@ -143,7 +143,7 @@ webauthn_use_twofa = השתמש בקוד אימות דו־שלבי מהטלפו
 error413 = מיצית את ההגבלה שלך.
 
 [search]
-search = חיפוש...
+search = חיפוש…
 type_tooltip = סוג חיפוש
 fuzzy = מקורב
 union = מילות מפתח
@@ -167,6 +167,7 @@ runner_kind = חיפוש מריצים…
 keyword_search_unavailable = חיפוש מילות מפתח לא זמין. נא לדווח למנהלי המערכת.
 code_search_unavailable = חיפוש קוד לא זמין. נא לדווח למנהלי המערכת.
 pull_kind = חיפוש בקשות מיזוג…
+regexp_tooltip = פרש את החיפוש כביטוי רגולרי
 
 [heatmap]
 number_of_contributions_in_the_last_12_months = % תרומות ב־12 החודשים האחרונים
@@ -194,8 +195,8 @@ lightweight_desc = פורג'ו צורך כמות מינימלית של משאב
 buttons.list.unordered.tooltip = הוספת רשימה לא ממוספרת
 buttons.switch_to_legacy.tooltip = מעבר לעורך הישן
 buttons.heading.tooltip = הוספת כותרת
-buttons.bold.tooltip = הדגשת טקסט
-buttons.italic.tooltip = הטיית טקסט
+buttons.bold.tooltip = הדגשת טקסט (Ctrl+B / ⌘B)
+buttons.italic.tooltip = הטיית טקסט (Ctrl+I / ⌘I)
 buttons.quote.tooltip = ציטוט
 buttons.code.tooltip = הוספת קוד
 buttons.link.tooltip = הוספת קישור
@@ -211,6 +212,11 @@ table_modal.placeholder.header = כותרת
 table_modal.placeholder.content = תוכן
 table_modal.label.rows = שורות
 table_modal.label.columns = עמודות
+buttons.indent.tooltip = קנן פריטים ברמה אחת פנימה
+buttons.unindent.tooltip = קנן פריטים ברמה אחת החוצה
+link_modal.header = הוספת קישור
+link_modal.url = Url
+link_modal.description = תיאור
 
 [filter]
 string.desc = סדר אלפבתי יורד
@@ -317,6 +323,18 @@ repo_name_been_taken = כבר יש קרפיף בשם זה.
 repository_files_already_exist = כבר יש קבצים בקרפיף זה. יש לדבר עם מנהל המערכת כדי לתקן את הבעיה.
 AccessToken = קוד גישה
 Content = תוכן
+email_been_used = כתובת האימייל כבר בשימוש.
+email_invalid = כתובת האימייל אינה תקינה.
+username_password_incorrect = שם משתמש או סיסמה לא נכונים.
+password_complexity = סיסמה לא עומדת בדרישות הסיבוכיות:
+password_lowercase_one = לפחות אות אנגלית קטנה אחת
+password_uppercase_one = לפחות אות אנגלית גדולה אחת
+password_digit_one = לפחות ספרה אחת
+password_special_one = לפחות תו מיוחד אחד (סימני פיסוק, סוגריים, מרכאות וכו')
+enterred_invalid_repo_name = שם הריפו שהזנת אינו תקין.
+enterred_invalid_org_name = שם הארגון שהוזן אינו תקין.
+enterred_invalid_owner_name = שם הבעלים החדש אינו תקין.
+enterred_invalid_password = הסיסמה שהזנת אינה נכונה.
 
 [projects]
 deleted.display_name = פרויקט נמחק
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index a52002718c..ad0ae03a04 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -30,8 +30,8 @@ password=Password
 access_token=Token di accesso
 re_type=Conferma password
 captcha=CAPTCHA
-twofa=Verifica in due passaggi
-twofa_scratch=Codice di recupero per la verifica in due passaggi
+twofa=Autenticazione a due fattori
+twofa_scratch=Codice di recupero per l'autenticazione a due fattori
 passcode=Codice di sicurezza
 
 webauthn_insert_key=Inserisci la tua chiave di sicurezza
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 8059ef38d2..2934f324bd 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -281,7 +281,7 @@ smtp_from=Надсилати email від імені
 smtp_from_helper=Електронна пошта для використання у Forgejo. Введіть звичайну адресу електронної пошти або використовуйте формат: "Ім’я" <email@example.com>.
 mailer_user=Ім’я користувача SMTP
 mailer_password=Пароль SMTP
-register_confirm=Потрібно підтвердити електронну пошту для реєстрації
+register_confirm=Вимагати підтвердити електронну пошту для реєстрації
 mail_notify=Увімкнути сповіщення електронною поштою
 server_service_title=Сервер і налаштування зовнішніх служб
 offline_mode=Увімкнути локальний режим
@@ -829,7 +829,7 @@ generate_new_token=Згенерувати новий токен
 tokens_desc=Ці токени надають доступ до вашого облікового запису за допомогою Forgejo API.
 token_name=Назва токена
 generate_token=Згенерувати токен
-generate_token_success=Ваш новий токен був створений. Скопіюйте його зараз, оскільки він не буде показаний знову.
+generate_token_success=Ваш новий токен створено. Скопіюйте його зараз, оскільки він показується лише один раз.
 generate_token_name_duplicate=Назва програми <strong>%s</strong> вже використовується. Будь ласка, використайте нову.
 delete_token=Видалити
 access_token_deletion=Видалити токен доступу
@@ -872,7 +872,7 @@ scan_this_image=Проскануйте це зображення вашим до
 or_enter_secret=Або введіть секрет: %s
 then_enter_passcode=І введіть пароль, який відображається в додатку:
 passcode_invalid=Неправильний пароль. Спробуйте ще раз.
-twofa_enrolled=Для вашого облікового запису було ввімкнено двофакторну автентифікацію. Зберігайте свій одноразовий ключ відновлення (%s) у безпечному місці, оскільки він показується лише один раз.
+twofa_enrolled=Для вашого облікового запису було ввімкнено двофакторну автентифікацію. Збережіть свій одноразовий ключ відновлення (%s) у безпечному місці, оскільки він показується лише один раз.
 twofa_failed_get_secret=Не вдалося отримати секрет.
 
 
@@ -915,7 +915,7 @@ retype_new_password = Підтвердіть новий пароль
 email_desc = Ваша основна адреса електронної пошти буде використовуватися для сповіщень, відновлення пароля і, за умови, що вона не прихована, для операцій з Git через веб-інтерфейс.
 visibility.limited_tooltip = Видимий(а) тільки для зареєстрованих користувачів
 visibility.private_tooltip = Видимий(а) тільки для учасників організацій, до яких ви приєдналися
-twofa_scratch_token_regenerated = Ваш одноразовий ключ відновлення: %s. Збережіть його у безпечному місці, бо він не буде показаний знову.
+twofa_scratch_token_regenerated = Ваш одноразовий ключ відновлення: %s. Збережіть його у безпечному місці, оскільки він показується лише один раз.
 authorized_oauth2_applications_description = Ви надали цим стороннім програмам доступ до вашого облікового запису Forgejo. Будь ласка, відкличте доступ у програм, що більше не використовуються.
 webauthn_delete_key = Видалити ключ безпеки
 webauthn_key_loss_warning = Якщо ви втратите ключі безпеки, то втратите доступ до свого облікового запису.
@@ -1204,7 +1204,7 @@ file.title=%s в %s
 file_raw=Неформатований
 file_history=Історія
 file_view_source=Переглянути вихідний код
-file_view_rendered=Переглянути відрендерено
+file_view_rendered=Переглянути рендер
 file_view_raw=Переглянути неформатований
 file_permalink=Постійне посилання
 file_too_large=Цей файл завеликий для показу.
@@ -1244,9 +1244,9 @@ editor.cancel_lower=Скасувати
 editor.commit_signed_changes=Внести підписані зміни
 editor.commit_changes=Зберегти зміни
 editor.add_tmpl=Додати «<%s>»
-editor.commit_message_desc=Додати необов'язковий розширений опис…
+editor.commit_message_desc=Додати необов’язковий розширений опис…
 editor.signoff_desc=Додати повідомленню в журналі комітів рядок Signed-off-by від свого імені.
-editor.commit_directly_to_this_branch=Зробіть коміт прямо в гілку <strong class="%[2]s">%[1]s</strong>.
+editor.commit_directly_to_this_branch=Зробити коміт прямо в гілку <strong class="%[2]s">%[1]s</strong>.
 editor.create_new_branch=Створити <strong>нову гілку</strong> для цього коміту та відкрити запит на злиття.
 editor.create_new_branch_np=Створити <strong>нову гілку</strong> для цього коміту.
 editor.propose_file_change=Запропонувати зміну файлу
@@ -2004,16 +2004,16 @@ settings.branch_protection=Правила захисту для гілки «<b>
 settings.protect_disable_push=Заборонити push
 settings.protect_disable_push_desc=Для цієї гілки буде заборонено виконання push.
 settings.protect_enable_push=Дозволити push
-settings.protect_enable_push_desc=Будь-хто з правом запису зможе виконувати push до цієї гілки (за винятком force push).
-settings.protect_whitelist_committers=Білий список обмеження Push
+settings.protect_enable_push_desc=Будь-хто з доступом на запис зможе виконувати push до цієї гілки (за винятком force push).
+settings.protect_whitelist_committers=Дозволити push окремим користувачам
 settings.protect_whitelist_committers_desc=Лише користувачі або команди з білого списку зможуть виконувати push до цієї гілки (за винятком force push).
-settings.protect_whitelist_deploy_keys=Білий список ключів розгортання з правом на запис.
-settings.protect_whitelist_users=Користувачі, які можуть робити push в цю гілку
-settings.protect_whitelist_teams=Команди, учасники яких можуть робити push в цю гілку
+settings.protect_whitelist_deploy_keys=Білий список ключів розгортання з доступом на запис для push.
+settings.protect_whitelist_users=Користувачі, які можуть робити push у цю гілку
+settings.protect_whitelist_teams=Команди, учасники яких можуть робити push у цю гілку
 settings.protect_merge_whitelist_committers=Обмежити право на об’єднання списком
 settings.protect_merge_whitelist_committers_desc=Дозволити лише користувачам або командам із білого списку об’єднувати запити на злиття в цю гілку.
-settings.protect_merge_whitelist_users=Користувачі з правом на об'єднання
-settings.protect_merge_whitelist_teams=Команди, яким дозволено об'єднання
+settings.protect_merge_whitelist_users=Користувачі, які можуть приймати запити на злиття
+settings.protect_merge_whitelist_teams=Команди, учасники яких можуть приймати запити на злиття
 settings.protect_check_status_contexts=Увімкнути перевірку стану
 settings.protect_check_status_contexts_desc=Вимагати успішного проходження перевірок стану перед злиттям. Коли цей пункт увімкнено, коміти спершу надсилаються до іншої гілки, а потім зливаються або надсилаються безпосередньо до гілки, яка відповідає цьому правилу після успішного проходження перевірок стану. Якщо контексти не вибрано, останній коміт має бути успішним незалежно від контексту.
 settings.protect_check_status_contexts_list=Перевірки стану, знайдені для репозиторію за минулий тиждень
@@ -2119,7 +2119,7 @@ diff.file_image_width=Ширина
 diff.file_image_height=Висота
 diff.file_byte_size=Розмір
 diff.file_suppressed=Різницю між файлами не показано, бо вона завелика
-diff.file_suppressed_line_too_long=Різницю між файлами не показано, оскільки один чи декілька рядків занадто довгі
+diff.file_suppressed_line_too_long=Різницю між файлами не показано, оскільки деякі рядки занадто довгі
 diff.too_many_files=Деякі з файлів не показано, оскільки було змінено дуже багато файлів
 diff.show_more=Показати більше
 diff.load=Завантажити різницю
@@ -2487,7 +2487,7 @@ tree_path_not_found_branch = Шлях %[1]s не існує в гілці %[2]s
 branch.create_success = Гілку «%s» створено.
 pulls.view = Переглянути запит на злиття
 pulls.allow_edits_from_maintainers_desc = Користувачі з доступом на запис у базову гілку можуть також виконувати push у цю гілку
-settings.protect_enable_merge_desc = Будь-хто з доступом на запис зможе об'єднувати запити на злиття у цю гілку.
+settings.protect_enable_merge_desc = Будь-хто з доступом на запис зможе об’єднувати запити на злиття у цю гілку.
 commit.contained_in = Цей коміт міститься в:
 pulls.reopen_failed.head_branch = Ви не можете знову відкрити цей запит на злиття, оскільки головна гілка більше не існує.
 settings.protect_new_rule = Створити нове правило захисту гілок
@@ -2593,7 +2593,7 @@ settings.unarchive.error = Сталася помилка при спробі р
 settings.wiki_rename_branch_main = Нормалізувати назву вікі-гілки
 settings.wiki_rename_branch_main_notices_2 = Внутрішню вікі-гілку репозиторію %s буде назавжди перейменовано. Існуючі перевірки потрібно буде оновити.
 settings.pull_mirror_sync_in_progress = Триває отримання змін з віддаленого репозиторію %s.
-settings.enter_repo_name = Уведіть ім'я власника і назву репозиторію, як показано:
+settings.enter_repo_name = Уведіть ім’я власника і назву репозиторію, як показано:
 settings.pulls.allow_rebase_update = Увімкнути оновлення гілки запиту на злиття за допомогою перебазування
 settings.mirror_settings.docs.pulling_remote_title = Отримання з віддаленого репозиторію
 settings.mirror_settings.docs.doc_link_pull_section = розділ документації «Отримання з віддаленого репозиторію».
@@ -2761,7 +2761,7 @@ settings.remove_protected_branch_success = Захист гілки для пра
 settings.update_protect_branch_success = Захист гілки для правила «%s» оновлено.
 settings.protect_unprotected_file_patterns = Шаблони незахищених файлів (розділені крапкою з комою «;»)
 settings.protect_protected_file_patterns = Шаблони захищених файлів (розділені крапкою з комою «;»)
-settings.protect_branch_name_pattern = Шаблон назви захищеної гілки
+settings.protect_branch_name_pattern = Шаблон назв захищених гілок
 settings.event_action_success_desc = Виконання завершилося успішно.
 settings.event_header_action = Події виконання Дій
 settings.event_action_failure_desc = Виконання завершилося невдало.
@@ -3269,9 +3269,9 @@ config.enable_federated_avatar=Увімкнути федеровані ават
 
 config.git_config=Конфігурація Git
 config.git_disable_diff_highlight=Вимкнути підсвітку синтаксису diff
-config.git_max_diff_lines=Максимум рядків на diff (на один файл)
-config.git_max_diff_line_characters=Максимум символів на diff (на одну строку)
-config.git_max_diff_files=Максимум diff-файлів (для показу)
+config.git_max_diff_lines=Максимум рядків на файл при порівнянні
+config.git_max_diff_line_characters=Максимум символів на рядок при порівнянні
+config.git_max_diff_files=Максимум файлів для показу при порівнянні
 config.git_gc_args=Аргументи збирача сміття
 config.git_migrate_timeout=Тайм-аут перенесення
 config.git_mirror_timeout=Тайм-аут оновлення дзеркала
@@ -3712,6 +3712,7 @@ owner.settings.cleanuprules.keep.pattern.container = Версія <code>latest</
 owner.settings.cleanuprules.remove.pattern = Видалити версії, що відповідають
 owner.settings.cleanuprules.keep.pattern = Залишити версії, що відповідають
 rubygems.dependencies.runtime = Залежності середовища виконання
+container.digest = Контрольна сума
 
 [secrets]
 deletion = Видалити секрет
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index ba5c70c088..52e09c7914 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -246,13 +246,17 @@
     "moderation.issue.deletion_success": "Problém byl smazán.",
     "moderation.comment.deletion_success": "Komentář byl smazán.",
     "actions.workflow.incomplete_matrix_missing_job": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s: úloha %[2]s není v seznamu `needs` úlohy %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s: úloha %[2]s nemá výstup %[3]s.",
+    "actions.workflow.incomplete_matrix_missing_output": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s: úloze %[2]s chybí výstup %[3]s.",
     "actions.workflow.incomplete_matrix_unknown_cause": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s: neznámá chyba.",
     "actions.workflow.incomplete_runson_missing_job": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: úloha %[2]s není v seznamu `needs` úlohy %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: úloha %[2]s nemá výstup %[3]s.",
+    "actions.workflow.incomplete_runson_missing_output": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: úloze %[2]s chybí výstup %[3]s.",
     "actions.workflow.incomplete_runson_missing_matrix_dimension": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: dimenze matice %[2]s neexistuje.",
     "actions.workflow.incomplete_runson_unknown_cause": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: neznámá chyba.",
     "issues.updated": "aktualizováno %s",
     "search.fuzzy": "Přibližné",
-    "search.fuzzy_tooltip": "Zahrnout výsledky v přibližné shodě s hledaným výrazem"
+    "search.fuzzy_tooltip": "Zahrnout výsledky, které jsou v přibližné shodě s hledaným výrazem",
+    "actions.workflow.incomplete_with_missing_job": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: úloha %[2]s není v seznamu `needs` úlohy %[1]s (%[3]s).",
+    "actions.workflow.incomplete_with_missing_output": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: úloze %[2]s chybí výstup %[3]s.",
+    "actions.workflow.incomplete_with_missing_matrix_dimension": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: rozměr matice %[2]s neexistuje.",
+    "actions.workflow.incomplete_with_unknown_cause": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: neznámá chyba."
 }
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 6f7a4dde92..bd3ddeaf84 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -231,13 +231,17 @@
     "moderation.issue.deletion_success": "Dat Gefall is lösket worden.",
     "moderation.comment.deletion_success": "De Kommentaar is lösket worden.",
     "actions.workflow.incomplete_matrix_missing_job": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s is nich in de `needs`-List vun Upgaav %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hett keene Utgaav %[3]s.",
+    "actions.workflow.incomplete_matrix_missing_output": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hapert Utgaav %[3]s.",
     "actions.workflow.incomplete_runson_missing_job": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s is nich in de `needs`-List vun Upgaav %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hett keene Utgaav %[3]s.",
+    "actions.workflow.incomplete_runson_missing_output": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hapert Utgaav %[3]s.",
     "actions.workflow.incomplete_matrix_unknown_cause": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler.",
     "actions.workflow.incomplete_runson_unknown_cause": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler.",
     "actions.workflow.incomplete_runson_missing_matrix_dimension": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Matrix-Richt %[2]s gifft dat nich.",
     "search.fuzzy": "Umslags",
     "search.fuzzy_tooltip": "Ok Resultaten wiesen, wat so wat umslags to de Söökwoorden passen",
-    "issues.updated": "%s verneeit"
+    "issues.updated": "%s verneeit",
+    "actions.workflow.incomplete_with_missing_job": "Kann de `with` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s is nich in de `needs`-List vun Upgaav %[1]s (%[3]s).",
+    "actions.workflow.incomplete_with_missing_output": "Kann de `with` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hapert Utgaav %[3]s.",
+    "actions.workflow.incomplete_with_missing_matrix_dimension": "Kann de `with` vun Upgaav %[1]s nich utweerten: Matrix-Richt %[2]s gifft dat nich.",
+    "actions.workflow.incomplete_with_unknown_cause": "Kann de `with` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler."
 }
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index f424bdf94d..e243743529 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -201,5 +201,6 @@
         "one": "Wachten op een runner met het volgende label: %s",
         "other": "Wachten op een runner met de volgende labels: %s"
     },
-    "keys.verify.token.hint": "De token is slechts 1 minuut geldig. <a href=\"%[1]s\">Krijg een nieuwe als deze verlopen is</a>."
+    "keys.verify.token.hint": "De token is slechts 1 minuut geldig. <a href=\"%[1]s\">Krijg een nieuwe als deze verlopen is</a>.",
+    "repo.issues.filter_poster.hint": "Filter op auteur"
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 387985996e..0a62aa9464 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -245,14 +245,18 @@
     "moderation.issue.deletion_success": "Задача была удалена.",
     "moderation.comment.deletion_success": "Комментарий был удалён.",
     "actions.workflow.incomplete_matrix_missing_job": "Не удалось проверить `strategy.matrix` задачи %[1]s – задача %[2]s отсутствует в списке требуемых (`needs`) задачи %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Не удалось проверить `strategy.matrix` задачи %[1]s – задача %[2]s не имеет интерфейс вывода %[3]s.",
+    "actions.workflow.incomplete_matrix_missing_output": "Не удалось проверить `strategy.matrix` задачи %[1]s – у задачи %[2]s не хватает интерфейса вывода %[3]s.",
     "actions.workflow.incomplete_matrix_unknown_cause": "Не удалось проверить `strategy.matrix` задачи %[1]s – неизвестная ошибка.",
     "actions.workflow.incomplete_runson_missing_job": "Не удалось проверить `runs-on` задачи %[1]s – задача %[2]s отсутствует в списке требуемых (`needs`) задачи %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Не удалось проверить `runs-on` задачи %[1]s – задача %[2]s не имеет интерфейс вывода %[3]s.",
+    "actions.workflow.incomplete_runson_missing_output": "Не удалось проверить `runs-on` задачи %[1]s – у задачи %[2]s не хватает интерфейс вывода %[3]s.",
     "actions.workflow.incomplete_runson_missing_matrix_dimension": "Не удалось проверить `runs-on` задачи %[1]s – измерение матрицы %[2]s не существует.",
     "actions.workflow.incomplete_runson_unknown_cause": "Не удалось проверить `runs-on` задачи %[1]s – неизвестная ошибка.",
     "admin.auths.oauth2_quota_group_map": "Связывать группы из указанного выше утверждения (claim) с группами квот",
     "search.fuzzy": "Приблиз.",
     "search.fuzzy_tooltip": "Включает результаты, приблизительно соответствующие запросу",
-    "issues.updated": "обнов. %s"
+    "issues.updated": "обнов. %s",
+    "actions.workflow.incomplete_with_missing_job": "Не удалось проверить `with` задачи %[1]s – задача %[2]s не указана в списке `needs` задачи %[1]s (%[3]s).",
+    "actions.workflow.incomplete_with_missing_output": "Не удалось проверить `with` задачи %[1]s – у задачи %[2]s не хватает интерфейса вывода %[3]s.",
+    "actions.workflow.incomplete_with_missing_matrix_dimension": "Не удалось проверить `with` задачи %[1]s: в матрице не указано измерение %[2]s.",
+    "actions.workflow.incomplete_with_unknown_cause": "Не удалось проверить `with` задачи %[1]s: неизвестная ошибка."
 }
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index 5efbae56ef..f3144805c9 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -190,5 +190,37 @@
     "actions.workflow.persistent_incomplete_matrix": "Det går inte att utvärdera `strategy.matrix` för jobb %[1]s på grund av ett ogiltigt `needs`-uttryck. Det kan hänvisa till ett jobb som inte finns i dess ’needs’-lista (%[2]s) eller en utdata som inte finns i något av dessa jobb.",
     "teams.add_all_repos.modal.header": "Lägg till arkiv",
     "teams.remove_all_repos.modal.header": "Ta bort alla arkiv",
-    "admin.auths.oauth2_quota_group_map_removal": "Ta bort användare från synkroniserade kvotgrupper om användaren inte tillhör motsvarande grupp."
+    "admin.auths.oauth2_quota_group_map_removal": "Ta bort användare från synkroniserade kvotgrupper om användaren inte tillhör motsvarande grupp.",
+    "issues.updated": "uppdaterade %s",
+    "repo.pulls.poster_requires_approval": "Vissa arbetsflöden <a href=\"%[1]s\">väntar på att bli granskade.</a>",
+    "repo.pulls.poster_is_trusted": "Upphovspersonen till denna pull-begäran är <a href=\"%[1]s\">alltid godkänd för att köra arbetsflöden.</a>",
+    "repo.pulls.poster_is_trusted.tooltip": "Upphovspersonen till denna pull-begäran är specifikt godkänd för att köra arbetsflöden som utlöses av en `pull_request`-händelser.",
+    "search.fuzzy_tooltip": "Inkludera resultat som ungefärligt matchar söktermen",
+    "search.fuzzy": "Ungefärlig",
+    "fork.n_forks": {
+        "one": "%s gaffling",
+        "other": "%s gafflingar"
+    },
+    "watch.n_watchers": {
+        "one": "%s bevakning",
+        "other": "%s bevakningar"
+    },
+    "repo.issues.filter_sort.hint": "Sortera utifrån: skapad/kommentarer/uppdaterad/deadline",
+    "repo.pulls.poster_trust_once.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer köra denna commit men kommer behöva godkännas för framtida commits pushade till den här pull-begäran.",
+    "repo.pulls.poster_trust_always.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer köra denna commit och kommer inte behöva godkännas för den här eller framtida pull-begäran från samma användare.",
+    "repo.pulls.poster_trust_revoke.tooltip": "Upphovspersonen för den här pull-begäran kommer inte längre vara godkänd för att köra arbetsflöden som utlösts av en `pull_request`-begäran, så att varje körning måste bli godkänd manuellt.",
+    "search.syntax": "Syntax för sökning",
+    "keys.verify.token.hint": "Den här token är bara giltig i 1 minut <a href=\"%[1]s\">Skaffa en ny om den har gått ut</a>.",
+    "moderation.report.mark_as_handled": "Markera som hanterad",
+    "moderation.report.mark_as_ignored": "Markera som ignorerad",
+    "moderation.action.account.delete": "Radera kontot",
+    "moderation.action.account.suspend": "Stäng av kontot",
+    "moderation.action.repo.delete": "Radera källförrådet",
+    "moderation.action.issue.delete": "Radera ärende",
+    "moderation.action.comment.delete": "Radera kommentar",
+    "moderation.unknown_action": "Okänd åtgärd",
+    "moderation.users.cannot_suspend_self": "Du kan inte stänga av dig själv.",
+    "moderation.users.cannot_suspend_admins": "Användare med administrativ åtkomst kan inte bli avstängda.",
+    "moderation.users.cannot_suspend_org": "Organisationer kan inte bli avstängda.",
+    "moderation.users.already_suspended": "Användarkontot är redan avstängt."
 }
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index 1ac1222f70..fd37dff4a5 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -248,11 +248,15 @@
     "actions.workflow.incomplete_matrix_missing_job": "Неможливо оцінити `strategy.matrix` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s).",
     "actions.workflow.incomplete_matrix_unknown_cause": "Неможливо оцінити `strategy.matrix` завдання %[1]s: невідома помилка.",
     "actions.workflow.incomplete_runson_unknown_cause": "Неможливо оцінити `runs-on`завдання %[1]s: невідома помилка.",
-    "actions.workflow.incomplete_matrix_missing_output": "Неможливо оцінити `strategy.matrix` завдання %[1]s: результат %[3]s не існує в завданні %[2]s.",
+    "actions.workflow.incomplete_matrix_missing_output": "Неможливо оцінити `strategy.matrix` завдання %[1]s: у завдання %[2]s немає результату %[3]s.",
     "actions.workflow.incomplete_runson_missing_job": "Неможливо оцінити `runs-on` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Неможливо оцінити `runs-on` завдання %[1]s: результат %[3]s не існує в завданні %[2]s.",
+    "actions.workflow.incomplete_runson_missing_output": "Неможливо оцінити `runs-on` завдання %[1]s: у завдання %[2]s немає результату %[3]s.",
     "actions.workflow.incomplete_runson_missing_matrix_dimension": "Неможливо оцінити `runs-on` завдання %[1]s: розмір матриці %[2]s не існує.",
     "search.fuzzy": "Нечіткий",
     "search.fuzzy_tooltip": "Включати результати, які приблизно відповідають пошуковому запиту",
-    "issues.updated": "оновлено %s"
+    "issues.updated": "оновлено %s",
+    "actions.workflow.incomplete_with_unknown_cause": "Неможливо оцінити `with`завдання %[1]s: невідома помилка.",
+    "actions.workflow.incomplete_with_missing_matrix_dimension": "Неможливо оцінити `with` завдання %[1]s: розмір матриці %[2]s не існує.",
+    "actions.workflow.incomplete_with_missing_output": "Неможливо оцінити `with` завдання %[1]s: у завдання %[2]s немає результату %[3]s.",
+    "actions.workflow.incomplete_with_missing_job": "Неможливо оцінити `with` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s)."
 }
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index 847e5df36d..c92c32ad27 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -194,5 +194,9 @@
     "admin.auths.oauth2_quota_group_map_removal": "如果用户不是对应组的成员，则将用户从同步的配额组中移出。",
     "search.fuzzy": "模糊",
     "issues.updated": "更新于 %s",
-    "search.fuzzy_tooltip": "包含与搜索关键字相似的结果"
+    "search.fuzzy_tooltip": "包含与搜索关键字相似的结果",
+    "actions.workflow.incomplete_with_missing_job": "无法解析任务‘%[1]s’的`with`：任务‘%[2]s’不在任务‘%[1]s’的`needs`列表（‘%[3]s’）中。",
+    "actions.workflow.incomplete_with_missing_output": "无法解析任务‘%[1]s’的`with`：任务‘%[2]s’没有输出‘%[3]s’。",
+    "actions.workflow.incomplete_with_missing_matrix_dimension": "无法解析任务‘%[1]s’的`with`：矩阵维度‘%[2]s’不存在。",
+    "actions.workflow.incomplete_with_unknown_cause": "无法解析任务‘%[1]s’的`with`：未知错误。"
 }

From 9c6821c06f5a897b29c2fff333f908e3bf2a7580 Mon Sep 17 00:00:00 2001
From: Codeberg Translate <translate@codeberg.org>
Date: Thu, 1 Jan 2026 10:10:10 +0000
Subject: [PATCH 078/854] i18n: update of translations from Codeberg Translate

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ar/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/be/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/bg/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/bn/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/bs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cy/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/da/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/el/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/eo/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/et/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/eu/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fa/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fil/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ga/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/gl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/he/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/hi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/hu/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/id/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/is/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/isv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/it/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ja/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/jbo/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ka/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/kab/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/kmr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ko/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/la/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/lt/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/lv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/mic/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ml/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nb_NO/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ro/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/si/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sr_SP/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ta/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/th/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/tok/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/tr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/tt/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uz/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/vi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/yi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hant/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hant_HK/
Translation: Forgejo/forgejo-next
---
 options/locale_next/locale_ar.json    | 358 +++++++++---------
 options/locale_next/locale_be.json    | 452 +++++++++++-----------
 options/locale_next/locale_bg.json    | 240 ++++++------
 options/locale_next/locale_bn.json    |   3 +-
 options/locale_next/locale_bs.json    |   4 +-
 options/locale_next/locale_ca.json    | 490 ++++++++++++------------
 options/locale_next/locale_cs-CZ.json | 520 +++++++++++++-------------
 options/locale_next/locale_cy.json    |   4 +-
 options/locale_next/locale_da.json    | 264 ++++++-------
 options/locale_next/locale_de-DE.json | 482 ++++++++++++------------
 options/locale_next/locale_el-GR.json | 358 +++++++++---------
 options/locale_next/locale_eo.json    | 189 +++++-----
 options/locale_next/locale_es-ES.json | 279 +++++++-------
 options/locale_next/locale_et.json    | 136 +++----
 options/locale_next/locale_eu.json    |   4 +-
 options/locale_next/locale_fa-IR.json |  59 +--
 options/locale_next/locale_fi-FI.json | 388 +++++++++----------
 options/locale_next/locale_fil.json   | 482 ++++++++++++------------
 options/locale_next/locale_fr-FR.json | 492 ++++++++++++------------
 options/locale_next/locale_ga.json    |  37 +-
 options/locale_next/locale_gl.json    |  75 ++--
 options/locale_next/locale_he.json    | 215 +++++------
 options/locale_next/locale_hi.json    | 174 ++++-----
 options/locale_next/locale_hu-HU.json |  25 +-
 options/locale_next/locale_id-ID.json | 276 +++++++-------
 options/locale_next/locale_is-IS.json |   7 +-
 options/locale_next/locale_isv.json   |   3 +-
 options/locale_next/locale_it-IT.json | 402 ++++++++++----------
 options/locale_next/locale_ja-JP.json |  62 ++-
 options/locale_next/locale_jbo.json   |   4 +-
 options/locale_next/locale_ka.json    |   4 +-
 options/locale_next/locale_kab.json   | 103 ++---
 options/locale_next/locale_kmr.json   |   4 +-
 options/locale_next/locale_ko-KR.json |  23 +-
 options/locale_next/locale_la.json    |  17 +-
 options/locale_next/locale_lt.json    |   3 +-
 options/locale_next/locale_lv-LV.json | 512 ++++++++++++-------------
 options/locale_next/locale_mic.json   |   4 +-
 options/locale_next/locale_ml-IN.json |   4 +-
 options/locale_next/locale_nb_NO.json | 262 ++++++-------
 options/locale_next/locale_nds.json   | 490 ++++++++++++------------
 options/locale_next/locale_nl-NL.json | 408 ++++++++++----------
 options/locale_next/locale_pl-PL.json | 469 +++++++++++------------
 options/locale_next/locale_pt-BR.json | 506 ++++++++++++-------------
 options/locale_next/locale_pt-PT.json | 512 ++++++++++++-------------
 options/locale_next/locale_ro.json    |   4 +-
 options/locale_next/locale_ru-RU.json | 520 +++++++++++++-------------
 options/locale_next/locale_si-LK.json |  37 +-
 options/locale_next/locale_sk-SK.json | 314 ++++++++--------
 options/locale_next/locale_sl.json    |   4 +-
 options/locale_next/locale_sr-SP.json | 322 ++++++++--------
 options/locale_next/locale_sv-SE.json | 448 +++++++++++-----------
 options/locale_next/locale_ta.json    | 476 +++++++++++------------
 options/locale_next/locale_th.json    | 312 ++++++++--------
 options/locale_next/locale_tok.json   |   4 +-
 options/locale_next/locale_tr-TR.json | 368 +++++++++---------
 options/locale_next/locale_tt.json    |  13 +-
 options/locale_next/locale_uk-UA.json | 520 +++++++++++++-------------
 options/locale_next/locale_uz.json    |  91 ++---
 options/locale_next/locale_vi.json    | 242 ++++++------
 options/locale_next/locale_yi.json    |   4 +-
 options/locale_next/locale_zh-CN.json | 400 ++++++++++----------
 options/locale_next/locale_zh-HK.json |   5 +-
 options/locale_next/locale_zh-TW.json | 201 +++++-----
 64 files changed, 7068 insertions(+), 7022 deletions(-)

diff --git a/options/locale_next/locale_ar.json b/options/locale_next/locale_ar.json
index fe55d8bc54..ed4bc84947 100644
--- a/options/locale_next/locale_ar.json
+++ b/options/locale_next/locale_ar.json
@@ -1,173 +1,189 @@
 {
-    "fork.n_forks": {
-        "one": "%s نسخة",
-        "other": "%s نُسَخ"
-    },
-    "stars.n_stars": {
-        "one": "%s نجمة",
-        "other": "%s نجوم"
-    },
-    "home.welcome.activity_hint": "لا يوجد شيء في موجزك حتى الآن. ستظهر هنا أفعالك ونشاطاتك من المستودعات التي تتابعها.",
-    "home.welcome.no_activity": "لا يوجد نشاط",
-    "home.explore_repos": "اكتشف المستودعات",
-    "home.explore_users": "اكتشف المستخدمين",
-    "home.explore_orgs": "اكتشف المنظمات",
-    "moderation.abuse_category.illegal_content": "محتوى غير مشروع",
-    "moderation.abuse_category.malware": "برمجية خبيثة",
-    "relativetime.now": "الآن",
-    "relativetime.1month": "الشهر الفائت",
-    "relativetime.2weeks": "منذ أسبوعين",
-    "search.milestone_kind": "معالم البحث…",
-    "moderation.abuse_category.other_violations": "انتهاكات أخرى لقواعد المنصة",
-    "repo.issue_indexer.title": "مفهرس الإبلاغات",
-    "incorrect_root_url": "تم تكوين هذه النسخة من Forgejo لتعمل على العنوان \"%s\". أنت تقوم حاليًا بتصفّح Forgejo عبر رابط مختلف، مما قد يتسبب في تعطل بعض أجزاء التطبيق. يتم تحديد الرابط الرسمي (canonical URL) من قِبل مسؤولي Forgejo من خلال إعداد `ROOT_URL` في ملف `app.ini`.",
-    "error.not_found.title": "الصفحة غير موجودة",
-    "themes.names.forgejo-auto": "فورجيو (اتبع سمة النظام)",
-    "themes.names.forgejo-light": "فورجيجو المضيء",
-    "themes.names.forgejo-dark": "فورجيجو الداكن",
-    "stars.list.none": "لم يقم أحد بتمييز هذا المستودع بنجمة.",
-    "watch.list.none": "لا أحد يشاهد هذا المستودع.",
-    "followers.incoming.list.self.none": "لا أحد يتابع ملفك الشخصي.",
-    "followers.incoming.list.none": "لا أحد يتابع هذا المستخدم.",
-    "followers.outgoing.list.self.none": "أنت لا تتبع أي شخص.",
-    "relativetime.1day": "الأمس",
-    "followers.outgoing.list.none": "لا يتابع %s أي شخص.",
-    "relativetime.1week": "أخر أسبوع",
-    "relativetime.2days": "منذ يومين",
-    "relativetime.2months": "منذ شهرين",
-    "relativetime.1year": "السنة الفائتة",
-    "relativetime.2years": "منذ سنتين",
-    "repo.form.cannot_create": "بلغت جميع المساحات التي يمكنك إنشاء مستودعات بها حدها.",
-    "alert.asset_load_failed": "تعذّر تحميل ملفات الأصول من {path}. تأكد من أن الملفات متاحة للوصول.",
-    "settings.visibility.description": "رؤية ملفك الشخصي تؤثر في قدرة الآخرين على الوصول إلى مستودعاتك غير الخاصة. <a href=\"%s\" target=\"_blank\">اعرف المزيد</a>",
-    "relativetime.mins": {
-        "zero": "الآن",
-        "one": "منذ دقيقة مضت",
-        "two": "منذ دقيقتين مضت",
-        "few": "منذ %d دقائق مضت",
-        "many": "منذ %d دقيقة مضت",
-        "other": "منذ %d دقيقة مضت"
-    },
-    "relativetime.hours": {
-        "zero": "الآن",
-        "one": "منذ ساعة",
-        "two": "منذ ساعتين",
-        "few": "منذ %d ساعات",
-        "many": "منذ %d ساعة",
-        "other": "منذ %d ساعة"
-    },
-    "moderation.report_remarks": "الملاحظات",
-    "repo.diff.commit.next-short": "التالي",
-    "repo.diff.commit.previous-short": "السابق",
-    "admin.dashboard.cleanup_offline_runners": "تنظيف وحدات التشغيل غير المتصلة",
-    "relativetime.days": {
-        "zero": "اليوم",
-        "one": "منذ يوم واحد",
-        "two": "منذ يومين",
-        "few": "منذ %d أيام",
-        "many": "منذ %d يوماً",
-        "other": "منذ %d يوماً"
-    },
-    "relativetime.weeks": {
-        "zero": "هذا الأسبوع",
-        "one": "منذ أسبوع واحد",
-        "two": "منذ أسبوعين",
-        "few": "منذ %d أسابيع",
-        "many": "منذ %d أسبوعاً",
-        "other": "منذ %d أسبوعاً"
-    },
-    "relativetime.years": {
-        "zero": "هذه السنة",
-        "one": "منذ سنة واحدة",
-        "two": "منذ سنتين",
-        "few": "منذ %d سنوات",
-        "many": "منذ %d سنة",
-        "other": "منذ %d سنة"
-    },
-    "repo.settings.push_mirror.branch_filter.label": "تصفية الفرع (اختياري)",
-    "repo.settings.push_mirror.branch_filter.description": "الفروع المطلوب عكسها. اترك الحقل فارغًا لعكس جميع الفروع. راجع توثيق <a href=\"%[1]s\">%[2]s</a> للاطلاع على الصيغة. أمثلة: <code>main, release/*</code>",
-    "og.repo.summary_card.alt_description": "بطاقة تلخيصية للمستودع %[1]، موصوفة بـ %[1]: %[2]s",
-    "meta.last_line": "شكرًا لك على ترجمة Forgejo! هذا السطر لا يراه المستخدمون ولكنه يخدم أغراضًا أخرى في إدارة الترجمة. يمكنك وضع حقيقة ممتعة في الترجمة بدلاً من ترجمتها.",
-    "relativetime.future": "في المستقبل",
-    "avatar.constraints_hint": "لا يمكن أن يتجاوز حجم الصورة الشخصية المخصصة %[1]s، ولا أبعادها عن %[2]d×%[3]d بكسل",
-    "repo.pulls.merged_title_desc": {
-        "zero": "لم دمج أي إيداع من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s",
-        "one": "تم دمج إيداع واحد من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s",
-        "two": "تم دمج إيداعين اثنين من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s",
-        "few": "تم دمج %[1]d إيداعات من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s",
-        "many": "تم دمج %[1]d إيداعاً من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s",
-        "other": "تم دمج %[1]d إيداعاً من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s"
-    },
-    "relativetime.months": {
-        "zero": "هذا الشهر",
-        "one": "منذ شهر",
-        "two": "منذ شهرين",
-        "few": "منذ %d أشهر",
-        "many": "منذ %d شهراً",
-        "other": "منذ %d شهراً"
-    },
-    "repo.pulls.title_desc": {
-        "zero": "لا يريد دمج أي إيداع من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>",
-        "one": "يريد دمج إيداع واحد من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>",
-        "two": "يريد دمج إيداعين من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>",
-        "few": "يريد دمج %[1]d إيداعات من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>",
-        "many": "يريد دمج %[1]d إيداعًا من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>",
-        "other": "يريد دمج %[1]d إيداعًا من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "mail.actions.run_info_sha": "إيداع: %[1]s",
-    "keys.gpg.link": "مفاتيح GPG",
-    "moderation.abuse_category.spam": "غير مرغوب به",
-    "keys.ssh.link": "مفاتيح SSH",
-    "profile.edit.link": "عدِّل ملف التعريف",
-    "moderation.abuse_category": "الفئة",
-    "moderation.abuse_category.placeholder": "حدد الفئة",
-    "moderation.report_remarks.placeholder": "يُرجى تقديم بعض التفاصيل المتعلقة بالإساءة التي أبلغت عنها.",
-    "moderation.submit_report": "إرسال التقرير",
-    "moderation.reporting_failed": "تعذر إرسال تقرير إساءة الاستخدام الجديد: %v",
-    "moderation.reported_thank_you": "شكراُ لك على تقريرك. وقد تم إبلاغ الإدارة به.",
-    "mail.actions.run_info_trigger": "تم تشغيله بسبب: %[1]s عبر: %[2]s",
-    "install.invalid_lfs_path": "غير قادر على إنشاء جذر LFS في المسار المحدد: %[1]s",
-    "alert.range_error": " يجب أن يكون رقمًا بين %[1]s و %[2]s.",
-    "mail.actions.not_successful_run_subject": "سير العمل %[1]s فشل في المستودت %[2]s",
-    "mail.actions.successful_run_after_failure": "تم استعادة سير العمل %[1]s في المستودع %[2]s",
-    "mail.actions.not_successful_run": "فشل سير العمل %[1]s في المستودع %[2]s",
-    "mail.actions.run_info_cur_status": "حالة هذا التشغيل: %[1]s (تم تحديثها من %[2]s للتو)",
-    "mail.actions.run_info_previous_status": "حالة التشغيل السابقة: %[1]s",
-    "discussion.locked": "تم إغلاق هذه المناقشة. يقتصر التعليق على المساهمين فقط.",
-    "editor.textarea.tab_hint": "السطر مُزاح بالفعل. اضغط <kbd>Tab</kbd> مرة أخرى أو <kbd>Escape</kbd> لمغادرة المحرر.",
-    "editor.textarea.shift_tab_hint": "لا توجد مسافة بادئة في هذا السطر. اضغط <kbd>Shift</kbd> + <kbd>Tab</kbd> مرة أخرى أو <kbd>Escape</kbd> لمغادرة المحرر.",
-    "profile.actions.tooltip": "إجراءات إضافية",
-    "moderation.report_content": "محتوى التقارير",
-    "moderation.report_abuse_form.header": "الإبلاغ عن الإساءة إلى المسؤول",
-    "moderation.report_abuse_form.details": "يتعين استخدام هذا النموذج للإبلاغ عن المستخدمين الذين ينشئون ملفات تعريف ، أو مستودعات ، أو إبلاغات ، أو تعليقات ، أو يتصرفون بشكل غير لائق.",
-    "moderation.report_abuse_form.invalid": "معاملا غير صالحة",
-    "moderation.report_abuse_form.already_reported": "‍لقد قمت بالفعل بالإبلاغ عن هذا المحتوى",
-    "moderation.report_abuse": "الإبلاغ عن إساءة الاستخدام",
-    "feed.atom.link": "موجز Atom",
-    "admin.config.moderation_config": "تهيئة الإشراف",
-    "mail.actions.successful_run_after_failure_subject": "تم استعادة سير العمل %[1]s في المستودع %[2]s",
-    "discussion.sidebar.reference": "مرجع",
-    "admin.moderation.moderation_reports": "تقارير الإشراف",
-    "admin.moderation.reports": "التقارير",
-    "admin.moderation.no_open_reports": "لا يوجد حالياً أية تقارير مفتوحة.",
-    "admin.moderation.deleted_content_ref": "المحتوى المُبلغ عنه بالنوع %[1]v والمعرف %[2]d لم يعد موجوداً",
-    "migrate.github.description": "ترحيل البيانات من github.com أو خادم GitHub Enterprise.",
-    "migrate.git.description": "ترحيل مستودع فقط من أي خدمة Git.",
-    "migrate.gitea.description": "ترحيل البيانات من gitea.com أو مثيلات Gitea الأخرى.",
-    "migrate.gitlab.description": "ترحيل البيانات من gitlab.com أو مثيلات GitLab الأخرى.",
-    "migrate.gogs.description": "ترحيل البيانات من notabug.org أو مثيلات Gogs الأخرى.",
-    "migrate.onedev.description": "ترحيل البيانات من code.onedev.io أو مثيلات OneDev الأخرى.",
-    "migrate.gitbucket.description": "ترحيل البيانات من مثيلات GitBucket.",
-    "migrate.codebase.description": "ترحيل البيانات من codebasehq.com.",
-    "migrate.forgejo.description": "ترحيل المعلومات من كودبيرج أو خوادم فورجيو الأخرى.",
-    "user.ghost.tooltip": "تم حذف هذا المستخدم أو لا يمكن مطابقته.",
-    "migrate.form.error.url_credentials": "يحتوي عنوان الرابط على بيانات اعتماد، ضعها في حقلي اسم المستخدم وكلمة المرور على التوالي",
-    "pulse.n_active_issues": {
-        "one": "%s مسألة حالية",
-        "other": "%s مسألة حالية"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s طلب دمج حالي",
-        "other": "%s طلب دمج حالي"
-    }
+	"fork.n_forks": {
+		"zero": "%s نسخة",
+		"one": "%s نُسَخ",
+		"two": "",
+		"few": "",
+		"many": "",
+		"other": ""
+	},
+	"stars.n_stars": {
+		"zero": "%s نجمة",
+		"one": "%s نجوم",
+		"two": "",
+		"few": "",
+		"many": "",
+		"other": ""
+	},
+	"home.welcome.activity_hint": "لا يوجد شيء في موجزك حتى الآن. ستظهر هنا أفعالك ونشاطاتك من المستودعات التي تتابعها.",
+	"home.welcome.no_activity": "لا يوجد نشاط",
+	"home.explore_repos": "اكتشف المستودعات",
+	"home.explore_users": "اكتشف المستخدمين",
+	"home.explore_orgs": "اكتشف المنظمات",
+	"moderation.abuse_category.illegal_content": "محتوى غير مشروع",
+	"moderation.abuse_category.malware": "برمجية خبيثة",
+	"relativetime.now": "الآن",
+	"relativetime.1month": "الشهر الفائت",
+	"relativetime.2weeks": "منذ أسبوعين",
+	"search.milestone_kind": "معالم البحث…",
+	"moderation.abuse_category.other_violations": "انتهاكات أخرى لقواعد المنصة",
+	"repo.issue_indexer.title": "مفهرس الإبلاغات",
+	"incorrect_root_url": "تم تكوين هذه النسخة من Forgejo لتعمل على العنوان \"%s\". أنت تقوم حاليًا بتصفّح Forgejo عبر رابط مختلف، مما قد يتسبب في تعطل بعض أجزاء التطبيق. يتم تحديد الرابط الرسمي (canonical URL) من قِبل مسؤولي Forgejo من خلال إعداد `ROOT_URL` في ملف `app.ini`.",
+	"error.not_found.title": "الصفحة غير موجودة",
+	"themes.names.forgejo-auto": "فورجيو (اتبع سمة النظام)",
+	"themes.names.forgejo-light": "فورجيجو المضيء",
+	"themes.names.forgejo-dark": "فورجيجو الداكن",
+	"stars.list.none": "لم يقم أحد بتمييز هذا المستودع بنجمة.",
+	"watch.list.none": "لا أحد يشاهد هذا المستودع.",
+	"followers.incoming.list.self.none": "لا أحد يتابع ملفك الشخصي.",
+	"followers.incoming.list.none": "لا أحد يتابع هذا المستخدم.",
+	"followers.outgoing.list.self.none": "أنت لا تتبع أي شخص.",
+	"relativetime.1day": "الأمس",
+	"followers.outgoing.list.none": "لا يتابع %s أي شخص.",
+	"relativetime.1week": "أخر أسبوع",
+	"relativetime.2days": "منذ يومين",
+	"relativetime.2months": "منذ شهرين",
+	"relativetime.1year": "السنة الفائتة",
+	"relativetime.2years": "منذ سنتين",
+	"repo.form.cannot_create": "بلغت جميع المساحات التي يمكنك إنشاء مستودعات بها حدها.",
+	"alert.asset_load_failed": "تعذّر تحميل ملفات الأصول من {path}. تأكد من أن الملفات متاحة للوصول.",
+	"settings.visibility.description": "رؤية ملفك الشخصي تؤثر في قدرة الآخرين على الوصول إلى مستودعاتك غير الخاصة. <a href=\"%s\" target=\"_blank\">اعرف المزيد</a>",
+	"relativetime.mins": {
+		"zero": "الآن",
+		"one": "منذ دقيقة مضت",
+		"two": "منذ دقيقتين مضت",
+		"few": "منذ %d دقائق مضت",
+		"many": "منذ %d دقيقة مضت",
+		"other": "منذ %d دقيقة مضت"
+	},
+	"relativetime.hours": {
+		"zero": "الآن",
+		"one": "منذ ساعة",
+		"two": "منذ ساعتين",
+		"few": "منذ %d ساعات",
+		"many": "منذ %d ساعة",
+		"other": "منذ %d ساعة"
+	},
+	"moderation.report_remarks": "الملاحظات",
+	"repo.diff.commit.next-short": "التالي",
+	"repo.diff.commit.previous-short": "السابق",
+	"admin.dashboard.cleanup_offline_runners": "تنظيف وحدات التشغيل غير المتصلة",
+	"relativetime.days": {
+		"zero": "اليوم",
+		"one": "منذ يوم واحد",
+		"two": "منذ يومين",
+		"few": "منذ %d أيام",
+		"many": "منذ %d يوماً",
+		"other": "منذ %d يوماً"
+	},
+	"relativetime.weeks": {
+		"zero": "هذا الأسبوع",
+		"one": "منذ أسبوع واحد",
+		"two": "منذ أسبوعين",
+		"few": "منذ %d أسابيع",
+		"many": "منذ %d أسبوعاً",
+		"other": "منذ %d أسبوعاً"
+	},
+	"relativetime.years": {
+		"zero": "هذه السنة",
+		"one": "منذ سنة واحدة",
+		"two": "منذ سنتين",
+		"few": "منذ %d سنوات",
+		"many": "منذ %d سنة",
+		"other": "منذ %d سنة"
+	},
+	"repo.settings.push_mirror.branch_filter.label": "تصفية الفرع (اختياري)",
+	"repo.settings.push_mirror.branch_filter.description": "الفروع المطلوب عكسها. اترك الحقل فارغًا لعكس جميع الفروع. راجع توثيق <a href=\"%[1]s\">%[2]s</a> للاطلاع على الصيغة. أمثلة: <code>main, release/*</code>",
+	"og.repo.summary_card.alt_description": "بطاقة تلخيصية للمستودع %[1]، موصوفة بـ %[1]: %[2]s",
+	"meta.last_line": "شكرًا لك على ترجمة Forgejo! هذا السطر لا يراه المستخدمون ولكنه يخدم أغراضًا أخرى في إدارة الترجمة. يمكنك وضع حقيقة ممتعة في الترجمة بدلاً من ترجمتها. (this string was needed to make weblate regenerate the file and can be removed)",
+	"relativetime.future": "في المستقبل",
+	"avatar.constraints_hint": "لا يمكن أن يتجاوز حجم الصورة الشخصية المخصصة %[1]s، ولا أبعادها عن %[2]d×%[3]d بكسل",
+	"repo.pulls.merged_title_desc": {
+		"zero": "لم دمج أي إيداع من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s",
+		"one": "تم دمج إيداع واحد من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s",
+		"two": "تم دمج إيداعين اثنين من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s",
+		"few": "تم دمج %[1]d إيداعات من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s",
+		"many": "تم دمج %[1]d إيداعاً من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s",
+		"other": "تم دمج %[1]d إيداعاً من <code>%[2]s</code> إلى <code>%[3]s</code> %[4]s"
+	},
+	"relativetime.months": {
+		"zero": "هذا الشهر",
+		"one": "منذ شهر",
+		"two": "منذ شهرين",
+		"few": "منذ %d أشهر",
+		"many": "منذ %d شهراً",
+		"other": "منذ %d شهراً"
+	},
+	"repo.pulls.title_desc": {
+		"zero": "لا يريد دمج أي إيداع من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>",
+		"one": "يريد دمج إيداع واحد من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>",
+		"two": "يريد دمج إيداعين من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>",
+		"few": "يريد دمج %[1]d إيداعات من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>",
+		"many": "يريد دمج %[1]d إيداعًا من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>",
+		"other": "يريد دمج %[1]d إيداعًا من <code>%[2]s</code> إلى <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"mail.actions.run_info_sha": "إيداع: %[1]s",
+	"keys.gpg.link": "مفاتيح GPG",
+	"moderation.abuse_category.spam": "غير مرغوب به",
+	"keys.ssh.link": "مفاتيح SSH",
+	"profile.edit.link": "عدِّل ملف التعريف",
+	"moderation.abuse_category": "الفئة",
+	"moderation.abuse_category.placeholder": "حدد الفئة",
+	"moderation.report_remarks.placeholder": "يُرجى تقديم بعض التفاصيل المتعلقة بالإساءة التي أبلغت عنها.",
+	"moderation.submit_report": "إرسال التقرير",
+	"moderation.reporting_failed": "تعذر إرسال تقرير إساءة الاستخدام الجديد: %v",
+	"moderation.reported_thank_you": "شكراُ لك على تقريرك. وقد تم إبلاغ الإدارة به.",
+	"mail.actions.run_info_trigger": "تم تشغيله بسبب: %[1]s عبر: %[2]s",
+	"install.invalid_lfs_path": "غير قادر على إنشاء جذر LFS في المسار المحدد: %[1]s",
+	"alert.range_error": " يجب أن يكون رقمًا بين %[1]s و %[2]s.",
+	"mail.actions.not_successful_run_subject": "سير العمل %[1]s فشل في المستودت %[2]s",
+	"mail.actions.successful_run_after_failure": "تم استعادة سير العمل %[1]s في المستودع %[2]s",
+	"mail.actions.not_successful_run": "فشل سير العمل %[1]s في المستودع %[2]s",
+	"mail.actions.run_info_cur_status": "حالة هذا التشغيل: %[1]s (تم تحديثها من %[2]s للتو)",
+	"mail.actions.run_info_previous_status": "حالة التشغيل السابقة: %[1]s",
+	"discussion.locked": "تم إغلاق هذه المناقشة. يقتصر التعليق على المساهمين فقط.",
+	"editor.textarea.tab_hint": "السطر مُزاح بالفعل. اضغط <kbd>Tab</kbd> مرة أخرى أو <kbd>Escape</kbd> لمغادرة المحرر.",
+	"editor.textarea.shift_tab_hint": "لا توجد مسافة بادئة في هذا السطر. اضغط <kbd>Shift</kbd> + <kbd>Tab</kbd> مرة أخرى أو <kbd>Escape</kbd> لمغادرة المحرر.",
+	"profile.actions.tooltip": "إجراءات إضافية",
+	"moderation.report_content": "محتوى التقارير",
+	"moderation.report_abuse_form.header": "الإبلاغ عن الإساءة إلى المسؤول",
+	"moderation.report_abuse_form.details": "يتعين استخدام هذا النموذج للإبلاغ عن المستخدمين الذين ينشئون ملفات تعريف ، أو مستودعات ، أو إبلاغات ، أو تعليقات ، أو يتصرفون بشكل غير لائق.",
+	"moderation.report_abuse_form.invalid": "معاملا غير صالحة",
+	"moderation.report_abuse_form.already_reported": "‍لقد قمت بالفعل بالإبلاغ عن هذا المحتوى",
+	"moderation.report_abuse": "الإبلاغ عن إساءة الاستخدام",
+	"feed.atom.link": "موجز Atom",
+	"admin.config.moderation_config": "تهيئة الإشراف",
+	"mail.actions.successful_run_after_failure_subject": "تم استعادة سير العمل %[1]s في المستودع %[2]s",
+	"discussion.sidebar.reference": "مرجع",
+	"admin.moderation.moderation_reports": "تقارير الإشراف",
+	"admin.moderation.reports": "التقارير",
+	"admin.moderation.no_open_reports": "لا يوجد حالياً أية تقارير مفتوحة.",
+	"admin.moderation.deleted_content_ref": "المحتوى المُبلغ عنه بالنوع %[1]v والمعرف %[2]d لم يعد موجوداً",
+	"migrate.github.description": "ترحيل البيانات من github.com أو خادم GitHub Enterprise.",
+	"migrate.git.description": "ترحيل مستودع فقط من أي خدمة Git.",
+	"migrate.gitea.description": "ترحيل البيانات من gitea.com أو مثيلات Gitea الأخرى.",
+	"migrate.gitlab.description": "ترحيل البيانات من gitlab.com أو مثيلات GitLab الأخرى.",
+	"migrate.gogs.description": "ترحيل البيانات من notabug.org أو مثيلات Gogs الأخرى.",
+	"migrate.onedev.description": "ترحيل البيانات من code.onedev.io أو مثيلات OneDev الأخرى.",
+	"migrate.gitbucket.description": "ترحيل البيانات من مثيلات GitBucket.",
+	"migrate.codebase.description": "ترحيل البيانات من codebasehq.com.",
+	"migrate.forgejo.description": "ترحيل المعلومات من كودبيرج أو خوادم فورجيو الأخرى.",
+	"user.ghost.tooltip": "تم حذف هذا المستخدم أو لا يمكن مطابقته.",
+	"migrate.form.error.url_credentials": "يحتوي عنوان الرابط على بيانات اعتماد، ضعها في حقلي اسم المستخدم وكلمة المرور على التوالي",
+	"pulse.n_active_issues": {
+		"zero": "%s مسألة حالية",
+		"one": "%s مسألة حالية",
+		"two": "",
+		"few": "",
+		"many": "",
+		"other": ""
+	},
+	"pulse.n_active_prs": {
+		"zero": "%s طلب دمج حالي",
+		"one": "%s طلب دمج حالي",
+		"two": "",
+		"few": "",
+		"many": "",
+		"other": ""
+	}
 }
diff --git a/options/locale_next/locale_be.json b/options/locale_next/locale_be.json
index d3edac4f95..7ec2839461 100644
--- a/options/locale_next/locale_be.json
+++ b/options/locale_next/locale_be.json
@@ -1,228 +1,228 @@
 {
-    "moderation.abuse_category.malware": "Шкодная праграма",
-    "home.welcome.no_activity": "Няма падзей",
-    "home.welcome.activity_hint": "У вашай стужцы пакуль што нічога няма. Вашыя дзеяньні ды падзеі з рэпазыторыяў зьявяцца тут.",
-    "home.explore_repos": "Агляд рэпазыторыяў",
-    "home.explore_users": "Агляд карыстальнікаў",
-    "home.explore_orgs": "Агляд арганізацый",
-    "stars.list.none": "Ніхто не пазначыў гэты рэпазіторый зоркай.",
-    "stars.n_stars": {
-        "one": "%s зорка",
-        "few": "%s зоркі",
-        "many": "%s зорак"
-    },
-    "watch.list.none": "Ніхто не назірае за гэтым рэпазіторыем.",
-    "watch.n_watchers": {
-        "one": "%s назіральнік",
-        "few": "%s назіральніка",
-        "many": "%s назіральнікоў"
-    },
-    "relativetime.years": {
-        "one": "%d год таму",
-        "few": "%d года таму",
-        "many": "%d гадоў таму"
-    },
-    "followers.incoming.list.self.none": "Ніхто не падпісаўся на ваш профіль.",
-    "followers.incoming.list.none": "Ніхто не падпісаўся на гэтага карыстальніка.",
-    "followers.outgoing.list.self.none": "Вы нікога не спягледзіце.",
-    "fork.n_forks": {
-        "one": "%s форк",
-        "few": "%s форка",
-        "many": "%s форкаў"
-    },
-    "followers.outgoing.list.none": "%s не падпісаны на каго-небудзь.",
-    "relativetime.now": "зараз",
-    "relativetime.future": "у будучыні",
-    "relativetime.mins": {
-        "one": "%d хвіліна таму",
-        "few": "%d хвіліны таму",
-        "many": "%d хвілін таму"
-    },
-    "relativetime.hours": {
-        "one": "%d гадзіна таму",
-        "few": "%d гадзіны таму",
-        "many": "%d гадзін таму"
-    },
-    "relativetime.days": {
-        "one": "%d дзень таму",
-        "few": "%d дні таму",
-        "many": "%d дзён таму"
-    },
-    "relativetime.weeks": {
-        "one": "%d тыдзень таму",
-        "few": "%d тыдзня таму",
-        "many": "%d тыдняў таму"
-    },
-    "relativetime.months": {
-        "one": "%d месяц таму",
-        "few": "%d месяца таму",
-        "many": "%d месяцаў таму"
-    },
-    "relativetime.1day": "учора",
-    "relativetime.2days": "два дні таму",
-    "relativetime.1week": "на мінулай тыдні",
-    "relativetime.2weeks": "два тыдні таму",
-    "relativetime.1month": "у мінулым месяцы",
-    "relativetime.2months": "два месяцы таму",
-    "relativetime.1year": "у мінулым годзе",
-    "relativetime.2years": "два гады таму",
-    "repo.issues.filter_poster.hint": "Фільтраваць па аўтары",
-    "repo.issues.filter_assignee.hint": "Фільтраваць па прызначаным карыстальніку",
-    "repo.issues.filter_reviewers.hint": "Фільтраваць па карыстальніку, які праверыў",
-    "repo.issues.filter_mention.hint": "Фільтраваць па згаданым карыстальніку",
-    "repo.issues.filter_modified.hint": "Фільтраваць па дате апошняй змены",
-    "repo.issues.filter_sort.hint": "Сартаваць па: створаны/каментары/абноўлены/дэдлайн",
-    "repo.pulls.poster_manage_approval": "Кіраваць зацвярджэннем",
-    "repo.pulls.poster_requires_approval": "Некаторыя працэсы <a href=\"%[1]s\">чакаюць рэвізіі.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "Аўтар гэтага запыту на зліццё не з’яўляецца надзейным для запуску працэсаў, якія запускаюцца запытам на зліццё, створаным з фаркаванага рэпазіторыя або з AGit. Працэсы, якія запускаюцца падзеяй `pull_request`, не будуць выконвацца, пакуль іх не зацвердзяць.",
-    "repo.pulls.poster_is_trusted": "Аўтар гэтага запыту на зліццё <a href=\"%[1]s\">заўсёды заслугоўвае даверу для запуску працэсаў.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "Аўтар гэтага запыту на зліццё ўдакладне заслужвае даверу для запуску працэсаў, якія запускаюцца падзеямі `pull_request`.",
-    "repo.pulls.poster_trust_deny": "Адмовіцца",
-    "repo.pulls.poster_trust_deny.tooltip": "Чакаючыя зацвярджэння працэсы будуць адменены.",
-    "repo.pulls.poster_trust_once": "Зацвердзіць аднойчы",
-    "repo.pulls.poster_trust_once.tooltip": "Працэсы, якія запускаюцца падзеямі `pull_request`, будуць запушчаныя для гэтага каміта, але патрабуюць зацвярджэння для ўсіх наступных камітаў, якія будуць запушчаныя ў гэты запыт на зліццё.",
-    "repo.pulls.poster_trust_always": "Зацвердзіць заўсёды",
-    "repo.pulls.poster_trust_always.tooltip": "Працэсы, якія запускаюцца падзеямі `pull_request`, будуць запушчаныя для гэтага каміта, і не патрабуюць зацвярджэння для запускаў з гэтага запыту на зліццё ці наступных запытаў на зліццё, аўтарам якіх з’яўляецца той жа карыстальнік.",
-    "repo.pulls.poster_trust_revoke": "Адклікаць",
-    "repo.pulls.poster_trust_revoke.tooltip": "Аўтар гэтага запыту на зліццё больш не будзе заслужваць даверу для запуску працэсаў, якія запускаюцца падзеямі `pull_request`, кожны запуск патрабуе ручнога зацвярджэння.",
-    "repo.pulls.already_merged": "Зліццё не ўдалося: гэты запыт на зліццё ўжо быў зліты.",
-    "repo.pulls.merged_title_desc": {
-        "one": "аб’яднана %[1]d каміт з <code>%[2]s</code> у <code>%[3]s</code> %[4]s",
-        "few": "аб’яднана %[1]d каміта з <code>%[2]s</code> у <code>%[3]s</code> %[4]s",
-        "many": "аб’яднана %[1]d камітаў з <code>%[2]s</code> у <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "хоча злічыць %[1]d каміт з <code>%[2]s</code> у <code id=\"%[4]s\">%[3]s</code>",
-        "few": "хоча злічыць %[1]d каміта з <code>%[2]s</code> у <code id=\"%[4]s\">%[3]s</code>",
-        "many": "хоча злічыць %[1]d камітаў з <code>%[2]s</code> у <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "repo.pulls.maintainers_can_edit": "Падтрымальнікі могуць рэдагаваць гэты запыт на зліццё.",
-    "repo.pulls.maintainers_cannot_edit": "Падтрымальнікі не могуць рэдагаваць гэты запыт на зліццё.",
-    "repo.form.cannot_create": "Усе прасторы, у якіх вы можаце ствараць рэпазітарыі, дасягнулі ліміту рэпазітараў.",
-    "migrate.form.error.url_credentials": "URL утрымлівае ўліковыя запісы, увядзіце іх адпаведна ў палях імя карыстальніка і пароля",
-    "migrate.github.description": "Міграцыя дадзеных з github.com або сервера GitHub Enterprise.",
-    "migrate.git.description": "Міграцыя рэпазітарыя толькі з любога Git-сервісу.",
-    "migrate.gitea.description": "Міграцыя дадзеных з gitea.com або іншых экземпляраў Gitea.",
-    "migrate.gitlab.description": "Міграцыя дадзеных з gitlab.com або іншых экземпляраў GitLab.",
-    "migrate.gogs.description": "Міграцыя дадзеных з notabug.org або іншых экземпляраў Gogs.",
-    "migrate.onedev.description": "Міграцыя дадзеных з code.onedev.io або іншых экземпляраў OneDev.",
-    "migrate.gitbucket.description": "Міграцыя дадзеных з экземпляраў GitBucket.",
-    "migrate.codebase.description": "Міграцыя дадзеных з codebasehq.com.",
-    "migrate.forgejo.description": "Міграцыя дадзеных з codeberg.org або іншых экземпляраў Forgejo.",
-    "repo.issue_indexer.title": "Індэксатар праблем",
-    "search.milestone_kind": "Пошук мільгамаў…",
-    "search.syntax": "Сінтаксіс пошуку",
-    "repo.settings.push_mirror.branch_filter.label": "Фільтр галін (неабавязкова)",
-    "repo.settings.push_mirror.branch_filter.description": "Галіны, якія трэба адлюстраваць. Пакіньце пустым, каб адлюстраваць усе галіны. Глядзіце <a href=\"%[1]s\">%[2]s дакументацыю</a> для сінтаксісу. Прыклады: <code>main, release/*</code>",
-    "incorrect_root_url": "Гэты экземпляр Forgejo настаўлены на службу на \"%s\". Зараз вы пераглядаеце Forgejo праз іншы URL, што можа прывесці да збояў у частках прыкладання. Кананічны URL кантралюецца адміністратарамі Forgejo праз наладу ROOT_URL у файле app.ini.",
-    "themes.names.forgejo-auto": "Forgejo (падаўжыць сістэмную тэму)",
-    "themes.names.forgejo-light": "Forgejo светлая",
-    "themes.names.forgejo-dark": "Forgejo цёмная",
-    "error.not_found.title": "Старонка не знойдзена",
-    "warning.repository.out_of_sync": "Прадстаўленне гэтага рэпазіторыя ў базе дадзеных не сінхронізавана. Калі гэта папярэджанне застаецца пасля пуша каміта ў гэты рэпазіторый, звяжыцеся з адміністратарам.",
-    "alert.asset_load_failed": "Не ўдалося загрузіць файлы рэсурсаў з {path}. Калі ласка, пераканайцеся, што файлы рэсурсаў даступныя.",
-    "alert.range_error": " павінна быць лікам паміж %[1]s і %[2]s.",
-    "install.invalid_lfs_path": "Немагчыма стварыць корань LFS па указаным шляху: %[1]s",
-    "profile.actions.tooltip": "Больш дзеянняў",
-    "profile.edit.link": "Рэдагаваць профіль",
-    "feed.atom.link": "Канал Atom",
-    "keys.ssh.link": "SSH-ключы",
-    "keys.gpg.link": "GPG-ключы",
-    "keys.verify.token.hint": "Токен дзейнічае толькі 1 хвіліну. <a href=\"%[1]s\">Атрымайце новы, калі ён скончыўся</a>.",
-    "admin.config.moderation_config": "Наладкі мадэрацыі",
-    "admin.moderation.moderation_reports": "Спісы мадэрацыі",
-    "admin.moderation.reports": "Спісы",
-    "admin.moderation.no_open_reports": "На цяперашні момант адкрытых спісаў няма.",
-    "admin.moderation.deleted_content_ref": "Паведамлены змест тыпу %[1]v і ідэнтыфікатара %[2]d больш не існуе",
-    "moderation.report_abuse": "Паведаміць аб злым ужыванні",
-    "moderation.report_content": "Паведаміць аб змесце",
-    "moderation.report_abuse_form.header": "Паведаміць аб злым ужыванні адміністратару",
-    "moderation.report_abuse_form.details": "Гэтая форма павінна выкарыстоўвацца для паведамлення пра карыстальнікаў, якія ствараюць спам-профілі, рэпазітарыі, праблемы, каментары або паводзяцца няўжыткова.",
-    "moderation.report_abuse_form.invalid": "Няправільныя аргументы",
-    "moderation.report_abuse_form.already_reported": "Вы ўжо паведамілі пра гэты змест",
-    "moderation.abuse_category": "Катэгорыя",
-    "moderation.abuse_category.placeholder": "Выберыце катэгорыю",
-    "moderation.abuse_category.spam": "Спам",
-    "moderation.abuse_category.illegal_content": "Незаконны змест",
-    "moderation.abuse_category.other_violations": "Іншыя парушэнні правіл платформы",
-    "moderation.report_remarks": "Заўвагі",
-    "moderation.report_remarks.placeholder": "Калі ласка, падрабязна апішыце злаўжыванне, якое вы паведамляеце.",
-    "moderation.submit_report": "Адправіць паведамленне",
-    "moderation.reporting_failed": "Немагчыма адправіць новае паведамленне аб злаўжыванні: %v",
-    "moderation.reported_thank_you": "Дзякуем за ваша паведамленне. Адміністрацыя была апавешчана.",
-    "mail.actions.successful_run_after_failure_subject": "Працэс %[1]s адноўлены ў рэпазіторы %[2]s",
-    "mail.actions.not_successful_run_subject": "Працэс %[1]s не ўдалося ў рэпазіторы %[2]s",
-    "mail.actions.successful_run_after_failure": "Працэс %[1]s адноўлены ў рэпазіторы %[2]s",
-    "mail.actions.not_successful_run": "Працэс %[1]s не ўдалося ў рэпазіторы %[2]s",
-    "mail.actions.run_info_cur_status": "Стан гэтага запуску: %[1]s (толькі што абноўлена з %[2]s)",
-    "mail.actions.run_info_previous_status": "Стан папярэдняга запуску: %[1]s",
-    "mail.actions.run_info_sha": "Каміт: %[1]s",
-    "mail.actions.run_info_trigger": "Запушчана таму што: %[1]s кіраўніком: %[2]s",
-    "mail.issue.action.close_by_commit": "%[1]s зачыніў %[2]s у каміце %[3]s.",
-    "repo.diff.commit.next-short": "Наступны",
-    "repo.diff.commit.previous-short": "Папярэдні",
-    "discussion.locked": "Гэта абмеркаванне заблакавана. Каментаванне абмежавана ўдзельнікамі.",
-    "discussion.sidebar.reference": "Спасылка",
-    "editor.textarea.tab_hint": "Радок ужо ўцягнуты. Націсніце <kbd>Tab</kbd> яшчэ раз або <kbd>Escape</kbd>, каб выйсці з рэдактара.",
-    "editor.textarea.shift_tab_hint": "Няма ўцягвання на гэтым радку. Націсніце <kbd>Shift</kbd> + <kbd>Tab</kbd> яшчэ раз або <kbd>Escape</kbd>, каб выйсці з рэдактара.",
-    "admin.auths.allow_username_change": "Дазволіць змяненне імя карыстальніка",
-    "admin.auths.allow_username_change.description": "Дазволіць карыстальнікам змяняць імя карыстальніка ў наладах профілю",
-    "admin.dashboard.cleanup_offline_runners": "Ачысціць афлайн-выканальнікі",
-    "admin.dashboard.remove_resolved_reports": "Выдаліць вырашаныя справаздачы",
-    "admin.dashboard.actions_action_user": "Адмяніць давер Forgejo Actions для неактыўных карыстальнікаў",
-    "admin.dashboard.transfer_lingering_logs": "Перанесці логі дзеянняў завершаных заданняў дзеянняў з базы дадзеных у сховішча",
-    "admin.config.security": "Налады бяспекі",
-    "admin.config.global_2fa_requirement.title": "Глабальны патрабаванне двухфактарнай аўтэнтыфікацыі",
-    "admin.config.global_2fa_requirement.none": "Не",
-    "admin.config.global_2fa_requirement.all": "Усе карыстальнікі",
-    "admin.config.global_2fa_requirement.admin": "Адміністратары",
-    "settings.visibility.description": "Відавочнасць профілю ўплывае на магчымасць іншых атрымаць доступ да вашых непрыватных рэпазіторыяў. <a href=\"%s\" target=\"_blank\">Даведацца больш</a>.",
-    "settings.twofa_unroll_unavailable": "Для вашага акаўнта патрабуецца двухфактарная аўтэнтыфікацыя і яна не можа быць адключаная.",
-    "settings.twofa_reenroll": "Паўторна ўключыць двухфактарную аўтэнтыфікацыю",
-    "settings.twofa_reenroll.description": "Паўторна ўключыць вашу двухфактарную аўтэнтыфікацыю",
-    "settings.must_enable_2fa": "Гэты экземпляр Forgejo патрабуе, каб карыстальнікі ўключылі двухфактарную аўтэнтыфікацыю, перш чым яны змогуць атрымаць доступ да сваіх уліковых запісаў.",
-    "error.must_enable_2fa": "Гэты экземпляр Forgejo патрабуе, каб карыстальнікі ўключылі двухфактарную аўтэнтыфікацыю, перш чым яны змогуць атрымаць доступ да сваіх уліковых запісаў. Уключыце яе там: %s",
-    "avatar.constraints_hint": "Кастамны аватар не павінен перавышаць памер %[1]s ці быць большым за %[2]dх%[3]d пікселяў",
-    "user.ghost.tooltip": "Гэты карыстальнік быў выдалены ці не можа быць знайдзены.",
-    "og.repo.summary_card.alt_description": "Зводная картка рэпазіторыя %[1]s, апісаная як: %[2]s",
-    "repo.commit.load_tags_failed": "Не ўдалося загрузіць тэгі з-за ўнутранай памылкі",
-    "compare.branches.title": "Параўнаць галінкі",
-    "migrate.pagure.description": "Міграцыя дадзеных з pagure.io ці іншых экземпляраў Pagure.",
-    "migrate.pagure.incorrect_url": "Пададзены няправільны URL-адрас крынічнага рэпазіторыя",
-    "migrate.pagure.project_url": "URL-адрас праекта Pagure",
-    "migrate.pagure.project_example": "URL-адрас праекта Pagure, напр. https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Токен API Pagure",
-    "migrate.pagure.private_issues.summary": "Прыватныя праблемы (неабавязкова)",
-    "migrate.pagure.private_issues.description": "Гэтая магчымасць прызначана для стварэння другога рэпазіторыя, які ўтрымлівае толькі прыватныя праблемы з вашага праекта Pagure, для архівацыі. Спачатку выканайце звычайную міграцыю (без токена), каб імпартаваць усё публічнае змест. Потым, калі ў вас ёсць прыватныя праблемы, якія трэба захаваць, стварыце асобны рэпазіторый, выкарыстоўваючы гэтую опцыю токена, каб архіваваць гэтыя прыватныя праблемы.",
-    "migrate.pagure.private_issues.warning": "Пераканайцеся, што ўсталюйце бачнасць рэпазіторыя вышэй у стан «Прыватны», калі вы выкарыстоўваеце ключ API для імпарту прыватных праблем. Гэта папярэджае выпадковыя раскрыцці прыватнага зместу ў публічным рэпазіторыі.",
-    "migrate.pagure.token.placeholder": "Толькі для стварэння архіва прыватных праблем",
-    "release.n_downloads": {
-        "one": "%s загрузка",
-        "few": "%s загрузки",
-        "many": "%s загрузак"
-    },
-    "actions.status.diagnostics.waiting": {
-        "one": "Чаканне выканаўцы з наступнай мэткай: %s",
-        "few": "Чаканне выканаўцы з наступнымі меткамі: %s",
-        "many": "Чаканне выканаўцы з наступнымі меткамі: %s"
-    },
-    "actions.runs.run_attempt_label": "Спроба запуску #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "Вы пераглядаеце застарэлы запуск гэтай задачы, які быў выкананы %[1]s.",
-    "actions.runs.view_most_recent_run": "Праглядзець апошні запуск",
-    "actions.workflow.job_parsing_error": "Немагчыма разабраць заданні ў працэсе: %v",
-    "actions.workflow.event_detection_error": "Немагчыма разабраць падтрымліваемыя падзеі ў працэсе: %v",
-    "actions.workflow.pre_execution_error": "Працэс не быў выкананы з-за памылкі, якая заблакавала спробу выканання.",
-    "pulse.n_active_issues": {
-        "one": "%s актыўная праблема",
-        "few": "%s актыўныя праблемы",
-        "many": "%s актыўных праблем"
-    },
-    "teams.add_all_repos.modal.header": "Дадаць усе рэпазіторыі",
-    "teams.remove_all_repos.modal.header": "Выдаліць усе рэпазіторыі",
-    "pulse.n_active_prs": {
-        "one": "%s актыўны запыт на зліццё",
-        "few": "%s актыўныя запыты на зліццё",
-        "many": "%s актыўных запытав на зліццё"
-    },
-    "meta.last_line": "Слава вялікай бульбе! Лукашэнка, гары ў адку! Kiss"
+	"moderation.abuse_category.malware": "Шкодная праграма",
+	"home.welcome.no_activity": "Няма падзей",
+	"home.welcome.activity_hint": "У вашай стужцы пакуль што нічога няма. Вашыя дзеяньні ды падзеі з рэпазыторыяў зьявяцца тут.",
+	"home.explore_repos": "Агляд рэпазыторыяў",
+	"home.explore_users": "Агляд карыстальнікаў",
+	"home.explore_orgs": "Агляд арганізацый",
+	"stars.list.none": "Ніхто не пазначыў гэты рэпазіторый зоркай.",
+	"stars.n_stars": {
+		"one": "%s зорка",
+		"few": "%s зоркі",
+		"many": "%s зорак"
+	},
+	"watch.list.none": "Ніхто не назірае за гэтым рэпазіторыем.",
+	"watch.n_watchers": {
+		"one": "%s назіральнік",
+		"few": "%s назіральніка",
+		"many": "%s назіральнікоў"
+	},
+	"relativetime.years": {
+		"one": "%d год таму",
+		"few": "%d года таму",
+		"many": "%d гадоў таму"
+	},
+	"followers.incoming.list.self.none": "Ніхто не падпісаўся на ваш профіль.",
+	"followers.incoming.list.none": "Ніхто не падпісаўся на гэтага карыстальніка.",
+	"followers.outgoing.list.self.none": "Вы нікога не спягледзіце.",
+	"fork.n_forks": {
+		"one": "%s форк",
+		"few": "%s форка",
+		"many": "%s форкаў"
+	},
+	"followers.outgoing.list.none": "%s не падпісаны на каго-небудзь.",
+	"relativetime.now": "зараз",
+	"relativetime.future": "у будучыні",
+	"relativetime.mins": {
+		"one": "%d хвіліна таму",
+		"few": "%d хвіліны таму",
+		"many": "%d хвілін таму"
+	},
+	"relativetime.hours": {
+		"one": "%d гадзіна таму",
+		"few": "%d гадзіны таму",
+		"many": "%d гадзін таму"
+	},
+	"relativetime.days": {
+		"one": "%d дзень таму",
+		"few": "%d дні таму",
+		"many": "%d дзён таму"
+	},
+	"relativetime.weeks": {
+		"one": "%d тыдзень таму",
+		"few": "%d тыдзня таму",
+		"many": "%d тыдняў таму"
+	},
+	"relativetime.months": {
+		"one": "%d месяц таму",
+		"few": "%d месяца таму",
+		"many": "%d месяцаў таму"
+	},
+	"relativetime.1day": "учора",
+	"relativetime.2days": "два дні таму",
+	"relativetime.1week": "на мінулай тыдні",
+	"relativetime.2weeks": "два тыдні таму",
+	"relativetime.1month": "у мінулым месяцы",
+	"relativetime.2months": "два месяцы таму",
+	"relativetime.1year": "у мінулым годзе",
+	"relativetime.2years": "два гады таму",
+	"repo.issues.filter_poster.hint": "Фільтраваць па аўтары",
+	"repo.issues.filter_assignee.hint": "Фільтраваць па прызначаным карыстальніку",
+	"repo.issues.filter_reviewers.hint": "Фільтраваць па карыстальніку, які праверыў",
+	"repo.issues.filter_mention.hint": "Фільтраваць па згаданым карыстальніку",
+	"repo.issues.filter_modified.hint": "Фільтраваць па дате апошняй змены",
+	"repo.issues.filter_sort.hint": "Сартаваць па: створаны/каментары/абноўлены/дэдлайн",
+	"repo.pulls.poster_manage_approval": "Кіраваць зацвярджэннем",
+	"repo.pulls.poster_requires_approval": "Некаторыя працэсы <a href=\"%[1]s\">чакаюць рэвізіі.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "Аўтар гэтага запыту на зліццё не з’яўляецца надзейным для запуску працэсаў, якія запускаюцца запытам на зліццё, створаным з фаркаванага рэпазіторыя або з AGit. Працэсы, якія запускаюцца падзеяй `pull_request`, не будуць выконвацца, пакуль іх не зацвердзяць.",
+	"repo.pulls.poster_is_trusted": "Аўтар гэтага запыту на зліццё <a href=\"%[1]s\">заўсёды заслугоўвае даверу для запуску працэсаў.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "Аўтар гэтага запыту на зліццё ўдакладне заслужвае даверу для запуску працэсаў, якія запускаюцца падзеямі `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Адмовіцца",
+	"repo.pulls.poster_trust_deny.tooltip": "Чакаючыя зацвярджэння працэсы будуць адменены.",
+	"repo.pulls.poster_trust_once": "Зацвердзіць аднойчы",
+	"repo.pulls.poster_trust_once.tooltip": "Працэсы, якія запускаюцца падзеямі `pull_request`, будуць запушчаныя для гэтага каміта, але патрабуюць зацвярджэння для ўсіх наступных камітаў, якія будуць запушчаныя ў гэты запыт на зліццё.",
+	"repo.pulls.poster_trust_always": "Зацвердзіць заўсёды",
+	"repo.pulls.poster_trust_always.tooltip": "Працэсы, якія запускаюцца падзеямі `pull_request`, будуць запушчаныя для гэтага каміта, і не патрабуюць зацвярджэння для запускаў з гэтага запыту на зліццё ці наступных запытаў на зліццё, аўтарам якіх з’яўляецца той жа карыстальнік.",
+	"repo.pulls.poster_trust_revoke": "Адклікаць",
+	"repo.pulls.poster_trust_revoke.tooltip": "Аўтар гэтага запыту на зліццё больш не будзе заслужваць даверу для запуску працэсаў, якія запускаюцца падзеямі `pull_request`, кожны запуск патрабуе ручнога зацвярджэння.",
+	"repo.pulls.already_merged": "Зліццё не ўдалося: гэты запыт на зліццё ўжо быў зліты.",
+	"repo.pulls.merged_title_desc": {
+		"one": "аб’яднана %[1]d каміт з <code>%[2]s</code> у <code>%[3]s</code> %[4]s",
+		"few": "аб’яднана %[1]d каміта з <code>%[2]s</code> у <code>%[3]s</code> %[4]s",
+		"many": "аб’яднана %[1]d камітаў з <code>%[2]s</code> у <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "хоча злічыць %[1]d каміт з <code>%[2]s</code> у <code id=\"%[4]s\">%[3]s</code>",
+		"few": "хоча злічыць %[1]d каміта з <code>%[2]s</code> у <code id=\"%[4]s\">%[3]s</code>",
+		"many": "хоча злічыць %[1]d камітаў з <code>%[2]s</code> у <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"repo.pulls.maintainers_can_edit": "Падтрымальнікі могуць рэдагаваць гэты запыт на зліццё.",
+	"repo.pulls.maintainers_cannot_edit": "Падтрымальнікі не могуць рэдагаваць гэты запыт на зліццё.",
+	"repo.form.cannot_create": "Усе прасторы, у якіх вы можаце ствараць рэпазітарыі, дасягнулі ліміту рэпазітараў.",
+	"migrate.form.error.url_credentials": "URL утрымлівае ўліковыя запісы, увядзіце іх адпаведна ў палях імя карыстальніка і пароля",
+	"migrate.github.description": "Міграцыя дадзеных з github.com або сервера GitHub Enterprise.",
+	"migrate.git.description": "Міграцыя рэпазітарыя толькі з любога Git-сервісу.",
+	"migrate.gitea.description": "Міграцыя дадзеных з gitea.com або іншых экземпляраў Gitea.",
+	"migrate.gitlab.description": "Міграцыя дадзеных з gitlab.com або іншых экземпляраў GitLab.",
+	"migrate.gogs.description": "Міграцыя дадзеных з notabug.org або іншых экземпляраў Gogs.",
+	"migrate.onedev.description": "Міграцыя дадзеных з code.onedev.io або іншых экземпляраў OneDev.",
+	"migrate.gitbucket.description": "Міграцыя дадзеных з экземпляраў GitBucket.",
+	"migrate.codebase.description": "Міграцыя дадзеных з codebasehq.com.",
+	"migrate.forgejo.description": "Міграцыя дадзеных з codeberg.org або іншых экземпляраў Forgejo.",
+	"repo.issue_indexer.title": "Індэксатар праблем",
+	"search.milestone_kind": "Пошук мільгамаў…",
+	"search.syntax": "Сінтаксіс пошуку",
+	"repo.settings.push_mirror.branch_filter.label": "Фільтр галін (неабавязкова)",
+	"repo.settings.push_mirror.branch_filter.description": "Галіны, якія трэба адлюстраваць. Пакіньце пустым, каб адлюстраваць усе галіны. Глядзіце <a href=\"%[1]s\">%[2]s дакументацыю</a> для сінтаксісу. Прыклады: <code>main, release/*</code>",
+	"incorrect_root_url": "Гэты экземпляр Forgejo настаўлены на службу на \"%s\". Зараз вы пераглядаеце Forgejo праз іншы URL, што можа прывесці да збояў у частках прыкладання. Кананічны URL кантралюецца адміністратарамі Forgejo праз наладу ROOT_URL у файле app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (падаўжыць сістэмную тэму)",
+	"themes.names.forgejo-light": "Forgejo светлая",
+	"themes.names.forgejo-dark": "Forgejo цёмная",
+	"error.not_found.title": "Старонка не знойдзена",
+	"warning.repository.out_of_sync": "Прадстаўленне гэтага рэпазіторыя ў базе дадзеных не сінхронізавана. Калі гэта папярэджанне застаецца пасля пуша каміта ў гэты рэпазіторый, звяжыцеся з адміністратарам.",
+	"alert.asset_load_failed": "Не ўдалося загрузіць файлы рэсурсаў з {path}. Калі ласка, пераканайцеся, што файлы рэсурсаў даступныя.",
+	"alert.range_error": " павінна быць лікам паміж %[1]s і %[2]s.",
+	"install.invalid_lfs_path": "Немагчыма стварыць корань LFS па указаным шляху: %[1]s",
+	"profile.actions.tooltip": "Больш дзеянняў",
+	"profile.edit.link": "Рэдагаваць профіль",
+	"feed.atom.link": "Канал Atom",
+	"keys.ssh.link": "SSH-ключы",
+	"keys.gpg.link": "GPG-ключы",
+	"keys.verify.token.hint": "Токен дзейнічае толькі 1 хвіліну. <a href=\"%[1]s\">Атрымайце новы, калі ён скончыўся</a>.",
+	"admin.config.moderation_config": "Наладкі мадэрацыі",
+	"admin.moderation.moderation_reports": "Спісы мадэрацыі",
+	"admin.moderation.reports": "Спісы",
+	"admin.moderation.no_open_reports": "На цяперашні момант адкрытых спісаў няма.",
+	"admin.moderation.deleted_content_ref": "Паведамлены змест тыпу %[1]v і ідэнтыфікатара %[2]d больш не існуе",
+	"moderation.report_abuse": "Паведаміць аб злым ужыванні",
+	"moderation.report_content": "Паведаміць аб змесце",
+	"moderation.report_abuse_form.header": "Паведаміць аб злым ужыванні адміністратару",
+	"moderation.report_abuse_form.details": "Гэтая форма павінна выкарыстоўвацца для паведамлення пра карыстальнікаў, якія ствараюць спам-профілі, рэпазітарыі, праблемы, каментары або паводзяцца няўжыткова.",
+	"moderation.report_abuse_form.invalid": "Няправільныя аргументы",
+	"moderation.report_abuse_form.already_reported": "Вы ўжо паведамілі пра гэты змест",
+	"moderation.abuse_category": "Катэгорыя",
+	"moderation.abuse_category.placeholder": "Выберыце катэгорыю",
+	"moderation.abuse_category.spam": "Спам",
+	"moderation.abuse_category.illegal_content": "Незаконны змест",
+	"moderation.abuse_category.other_violations": "Іншыя парушэнні правіл платформы",
+	"moderation.report_remarks": "Заўвагі",
+	"moderation.report_remarks.placeholder": "Калі ласка, падрабязна апішыце злаўжыванне, якое вы паведамляеце.",
+	"moderation.submit_report": "Адправіць паведамленне",
+	"moderation.reporting_failed": "Немагчыма адправіць новае паведамленне аб злаўжыванні: %v",
+	"moderation.reported_thank_you": "Дзякуем за ваша паведамленне. Адміністрацыя была апавешчана.",
+	"mail.actions.successful_run_after_failure_subject": "Працэс %[1]s адноўлены ў рэпазіторы %[2]s",
+	"mail.actions.not_successful_run_subject": "Працэс %[1]s не ўдалося ў рэпазіторы %[2]s",
+	"mail.actions.successful_run_after_failure": "Працэс %[1]s адноўлены ў рэпазіторы %[2]s",
+	"mail.actions.not_successful_run": "Працэс %[1]s не ўдалося ў рэпазіторы %[2]s",
+	"mail.actions.run_info_cur_status": "Стан гэтага запуску: %[1]s (толькі што абноўлена з %[2]s)",
+	"mail.actions.run_info_previous_status": "Стан папярэдняга запуску: %[1]s",
+	"mail.actions.run_info_sha": "Каміт: %[1]s",
+	"mail.actions.run_info_trigger": "Запушчана таму што: %[1]s кіраўніком: %[2]s",
+	"mail.issue.action.close_by_commit": "%[1]s зачыніў %[2]s у каміце %[3]s.",
+	"repo.diff.commit.next-short": "Наступны",
+	"repo.diff.commit.previous-short": "Папярэдні",
+	"discussion.locked": "Гэта абмеркаванне заблакавана. Каментаванне абмежавана ўдзельнікамі.",
+	"discussion.sidebar.reference": "Спасылка",
+	"editor.textarea.tab_hint": "Радок ужо ўцягнуты. Націсніце <kbd>Tab</kbd> яшчэ раз або <kbd>Escape</kbd>, каб выйсці з рэдактара.",
+	"editor.textarea.shift_tab_hint": "Няма ўцягвання на гэтым радку. Націсніце <kbd>Shift</kbd> + <kbd>Tab</kbd> яшчэ раз або <kbd>Escape</kbd>, каб выйсці з рэдактара.",
+	"admin.auths.allow_username_change": "Дазволіць змяненне імя карыстальніка",
+	"admin.auths.allow_username_change.description": "Дазволіць карыстальнікам змяняць імя карыстальніка ў наладах профілю",
+	"admin.dashboard.cleanup_offline_runners": "Ачысціць афлайн-выканальнікі",
+	"admin.dashboard.remove_resolved_reports": "Выдаліць вырашаныя справаздачы",
+	"admin.dashboard.actions_action_user": "Адмяніць давер Forgejo Actions для неактыўных карыстальнікаў",
+	"admin.dashboard.transfer_lingering_logs": "Перанесці логі дзеянняў завершаных заданняў дзеянняў з базы дадзеных у сховішча",
+	"admin.config.security": "Налады бяспекі",
+	"admin.config.global_2fa_requirement.title": "Глабальны патрабаванне двухфактарнай аўтэнтыфікацыі",
+	"admin.config.global_2fa_requirement.none": "Не",
+	"admin.config.global_2fa_requirement.all": "Усе карыстальнікі",
+	"admin.config.global_2fa_requirement.admin": "Адміністратары",
+	"settings.visibility.description": "Відавочнасць профілю ўплывае на магчымасць іншых атрымаць доступ да вашых непрыватных рэпазіторыяў. <a href=\"%s\" target=\"_blank\">Даведацца больш</a>.",
+	"settings.twofa_unroll_unavailable": "Для вашага акаўнта патрабуецца двухфактарная аўтэнтыфікацыя і яна не можа быць адключаная.",
+	"settings.twofa_reenroll": "Паўторна ўключыць двухфактарную аўтэнтыфікацыю",
+	"settings.twofa_reenroll.description": "Паўторна ўключыць вашу двухфактарную аўтэнтыфікацыю",
+	"settings.must_enable_2fa": "Гэты экземпляр Forgejo патрабуе, каб карыстальнікі ўключылі двухфактарную аўтэнтыфікацыю, перш чым яны змогуць атрымаць доступ да сваіх уліковых запісаў.",
+	"error.must_enable_2fa": "Гэты экземпляр Forgejo патрабуе, каб карыстальнікі ўключылі двухфактарную аўтэнтыфікацыю, перш чым яны змогуць атрымаць доступ да сваіх уліковых запісаў. Уключыце яе там: %s",
+	"avatar.constraints_hint": "Кастамны аватар не павінен перавышаць памер %[1]s ці быць большым за %[2]dх%[3]d пікселяў",
+	"user.ghost.tooltip": "Гэты карыстальнік быў выдалены ці не можа быць знайдзены.",
+	"og.repo.summary_card.alt_description": "Зводная картка рэпазіторыя %[1]s, апісаная як: %[2]s",
+	"repo.commit.load_tags_failed": "Не ўдалося загрузіць тэгі з-за ўнутранай памылкі",
+	"compare.branches.title": "Параўнаць галінкі",
+	"migrate.pagure.description": "Міграцыя дадзеных з pagure.io ці іншых экземпляраў Pagure.",
+	"migrate.pagure.incorrect_url": "Пададзены няправільны URL-адрас крынічнага рэпазіторыя",
+	"migrate.pagure.project_url": "URL-адрас праекта Pagure",
+	"migrate.pagure.project_example": "URL-адрас праекта Pagure, напр. https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Токен API Pagure",
+	"migrate.pagure.private_issues.summary": "Прыватныя праблемы (неабавязкова)",
+	"migrate.pagure.private_issues.description": "Гэтая магчымасць прызначана для стварэння другога рэпазіторыя, які ўтрымлівае толькі прыватныя праблемы з вашага праекта Pagure, для архівацыі. Спачатку выканайце звычайную міграцыю (без токена), каб імпартаваць усё публічнае змест. Потым, калі ў вас ёсць прыватныя праблемы, якія трэба захаваць, стварыце асобны рэпазіторый, выкарыстоўваючы гэтую опцыю токена, каб архіваваць гэтыя прыватныя праблемы.",
+	"migrate.pagure.private_issues.warning": "Пераканайцеся, што ўсталюйце бачнасць рэпазіторыя вышэй у стан «Прыватны», калі вы выкарыстоўваеце ключ API для імпарту прыватных праблем. Гэта папярэджае выпадковыя раскрыцці прыватнага зместу ў публічным рэпазіторыі.",
+	"migrate.pagure.token.placeholder": "Толькі для стварэння архіва прыватных праблем",
+	"release.n_downloads": {
+		"one": "%s загрузка",
+		"few": "%s загрузки",
+		"many": "%s загрузак"
+	},
+	"actions.status.diagnostics.waiting": {
+		"one": "Чаканне выканаўцы з наступнай мэткай: %s",
+		"few": "Чаканне выканаўцы з наступнымі меткамі: %s",
+		"many": "Чаканне выканаўцы з наступнымі меткамі: %s"
+	},
+	"actions.runs.run_attempt_label": "Спроба запуску #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "Вы пераглядаеце застарэлы запуск гэтай задачы, які быў выкананы %[1]s.",
+	"actions.runs.view_most_recent_run": "Праглядзець апошні запуск",
+	"actions.workflow.job_parsing_error": "Немагчыма разабраць заданні ў працэсе: %v",
+	"actions.workflow.event_detection_error": "Немагчыма разабраць падтрымліваемыя падзеі ў працэсе: %v",
+	"actions.workflow.pre_execution_error": "Працэс не быў выкананы з-за памылкі, якая заблакавала спробу выканання.",
+	"pulse.n_active_issues": {
+		"one": "%s актыўная праблема",
+		"few": "%s актыўныя праблемы",
+		"many": "%s актыўных праблем"
+	},
+	"teams.add_all_repos.modal.header": "Дадаць усе рэпазіторыі",
+	"teams.remove_all_repos.modal.header": "Выдаліць усе рэпазіторыі",
+	"pulse.n_active_prs": {
+		"one": "%s актыўны запыт на зліццё",
+		"few": "%s актыўныя запыты на зліццё",
+		"many": "%s актыўных запытав на зліццё"
+	},
+	"meta.last_line": "Слава вялікай бульбе! Лукашэнка, гары ў адку! Kiss (this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_bg.json b/options/locale_next/locale_bg.json
index ae55b01566..f17f9e4c2f 100644
--- a/options/locale_next/locale_bg.json
+++ b/options/locale_next/locale_bg.json
@@ -1,122 +1,122 @@
 {
-    "fork.n_forks": {
-        "one": "%s разклонение",
-        "other": "%s разклонения"
-    },
-    "stars.n_stars": {
-        "one": "%s звезда",
-        "other": "%s звезди"
-    },
-    "release.n_downloads": {
-        "one": "%s изтегляне",
-        "other": "%s изтегляния"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "сля %[1]d подаване от <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
-        "other": "сля %[1]d подавания от <code>%[2]s</code> в <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "иска да слее %[1]d подаване от <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>",
-        "other": "иска да слее %[1]d подавания от <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "mail.actions.run_info_trigger": "Задействано поради: %[1]s от: %[2]s",
-    "meta.last_line": "В България расте най-старото дърво в страната, Байкушевата мура, на възраст над 1300 години.",
-    "relativetime.1day": "вчера",
-    "relativetime.2months": "преди два месеца",
-    "home.explore_repos": "Разглеждане на хранилища",
-    "home.explore_users": "Разглеждане на потребители",
-    "home.explore_orgs": "Разглеждане на организации",
-    "relativetime.mins": {
-        "one": "преди %d минута",
-        "other": "преди %d минути"
-    },
-    "repo.form.cannot_create": "Всички пространства, в които можете да създавате хранилища, са достигнали лимита си на хранилища.",
-    "moderation.report_remarks": "Подробности",
-    "moderation.submit_report": "Изпращане на доклада",
-    "followers.incoming.list.self.none": "Никой не следва вашия профил.",
-    "followers.incoming.list.none": "Никой не следва този потребител.",
-    "relativetime.now": "сега",
-    "home.welcome.no_activity": "Няма дейност",
-    "relativetime.1year": "миналата година",
-    "moderation.abuse_category": "Категория",
-    "moderation.abuse_category.illegal_content": "Незаконно съдържание",
-    "home.welcome.activity_hint": "Все още няма нищо в емисията ви. Вашите действия и дейност от хранилищата, които наблюдавате, ще се появят тук.",
-    "stars.list.none": "Никой не е отбелязал това хранилище със звезда.",
-    "moderation.report_abuse_form.invalid": "Невалидни аргументи",
-    "moderation.report_abuse_form.already_reported": "Вече сте докладвали това съдържание",
-    "moderation.abuse_category.placeholder": "Изберете категория",
-    "moderation.abuse_category.spam": "Спам",
-    "repo.issue_indexer.title": "Индексатор на задачи",
-    "moderation.report_abuse_form.details": "Този формуляр трябва да се използва за докладване на потребители, които създават спам профили, хранилища, задачи, коментари или се държат неподходящо.",
-    "moderation.report_remarks.placeholder": "Моля, предоставете подробности относно злоупотребата, за която докладвате.",
-    "moderation.reporting_failed": "Не може да се изпрати новият доклад за злоупотреба: %v",
-    "moderation.reported_thank_you": "Благодарим ви за доклада. Администрацията е уведомена.",
-    "error.not_found.title": "Страницата не е намерена",
-    "incorrect_root_url": "Тази инстанция на Forgejo е конфигурирана да се сервира на \"%s\". В момента разглеждате Forgejo през друг URL адрес, което може да доведе до неправилно функциониране на части от приложението. Каноничният URL адрес се контролира от администраторите на Forgejo чрез настройката ROOT_URL в app.ini.",
-    "themes.names.forgejo-dark": "Forgejo тъмна",
-    "themes.names.forgejo-auto": "Forgejo (следване на системната тема)",
-    "themes.names.forgejo-light": "Forgejo светла",
-    "watch.list.none": "Никой не наблюдава това хранилище.",
-    "followers.outgoing.list.self.none": "Не следвате никого.",
-    "followers.outgoing.list.none": "%s не следва никого.",
-    "relativetime.future": "в бъдеще",
-    "relativetime.2days": "преди два дни",
-    "relativetime.1week": "миналата седмица",
-    "relativetime.2weeks": "преди две седмици",
-    "relativetime.1month": "миналия месец",
-    "relativetime.2years": "преди две години",
-    "moderation.report_abuse_form.header": "Докладване на злоупотреба до администратора",
-    "moderation.abuse_category.malware": "Зловреден софтуер",
-    "moderation.abuse_category.other_violations": "Други нарушения на правилата на платформата",
-    "alert.asset_load_failed": "Неуспешно зареждане на файлове с ресурси от {path}. Моля, уверете се, че файловете с ресурси са достъпни.",
-    "alert.range_error": " трябва да бъде число между %[1]s и %[2]s.",
-    "install.invalid_lfs_path": "Не може да се създаде LFS корен в посочения път: %[1]s",
-    "search.milestone_kind": "Търсене на етапи…",
-    "admin.config.moderation_config": "Конфигурация на модерацията",
-    "moderation.report_abuse": "Докладване на злоупотреба",
-    "moderation.report_content": "Докладване на съдържание",
-    "relativetime.hours": {
-        "one": "преди %d час",
-        "other": "преди %d часа"
-    },
-    "relativetime.days": {
-        "one": "преди %d ден",
-        "other": "преди %d дни"
-    },
-    "relativetime.weeks": {
-        "one": "преди %d седмица",
-        "other": "преди %d седмици"
-    },
-    "relativetime.months": {
-        "one": "преди %d месец",
-        "other": "преди %d месеца"
-    },
-    "relativetime.years": {
-        "one": "преди %d година",
-        "other": "преди %d години"
-    },
-    "editor.textarea.tab_hint": "Редът вече е с отстъп. Натиснете отново <kbd>Tab</kbd> или <kbd>Escape</kbd>, за да излезете от редактора.",
-    "editor.textarea.shift_tab_hint": "Няма отстъп на този ред. Натиснете отново <kbd>Shift</kbd> + <kbd>Tab</kbd> или <kbd>Escape</kbd>, за да излезете от редактора.",
-    "migrate.github.description": "Мигриране на данни от github.com или GitHub Enterprise сървър.",
-    "migrate.git.description": "Мигриране само на хранилище от всяка Git услуга.",
-    "migrate.gitea.description": "Мигриране на данни от gitea.com или други Gitea инстанции.",
-    "migrate.gitlab.description": "Мигриране на данни от gitlab.com или други GitLab инстанции.",
-    "migrate.gogs.description": "Мигриране на данни от notabug.org или други Gogs инстанции.",
-    "migrate.onedev.description": "Мигриране на данни от code.onedev.io или други OneDev инстанции.",
-    "migrate.gitbucket.description": "Мигриране на данни от GitBucket инстанции.",
-    "migrate.codebase.description": "Мигриране на данни от codebasehq.com.",
-    "migrate.forgejo.description": "Мигриране на данни от codeberg.org или други Forgejo инстанции.",
-    "keys.ssh.link": "SSH ключове",
-    "feed.atom.link": "Atom емисия",
-    "keys.gpg.link": "GPG ключове",
-    "profile.edit.link": "Редактиране на профила",
-    "profile.actions.tooltip": "Още действия",
-    "pulse.n_active_issues": {
-        "one": "%s активна задача",
-        "other": "%s активни задачи"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s активна заявка за сливане",
-        "other": "%s активни заявки за сливане"
-    }
+	"fork.n_forks": {
+		"one": "%s разклонение",
+		"other": "%s разклонения"
+	},
+	"stars.n_stars": {
+		"one": "%s звезда",
+		"other": "%s звезди"
+	},
+	"release.n_downloads": {
+		"one": "%s изтегляне",
+		"other": "%s изтегляния"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "сля %[1]d подаване от <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
+		"other": "сля %[1]d подавания от <code>%[2]s</code> в <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "иска да слее %[1]d подаване от <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>",
+		"other": "иска да слее %[1]d подавания от <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"mail.actions.run_info_trigger": "Задействано поради: %[1]s от: %[2]s",
+	"meta.last_line": "В България расте най-старото дърво в страната, Байкушевата мура, на възраст над 1300 години. (this string was needed to make weblate regenerate the file and can be removed)",
+	"relativetime.1day": "вчера",
+	"relativetime.2months": "преди два месеца",
+	"home.explore_repos": "Разглеждане на хранилища",
+	"home.explore_users": "Разглеждане на потребители",
+	"home.explore_orgs": "Разглеждане на организации",
+	"relativetime.mins": {
+		"one": "преди %d минута",
+		"other": "преди %d минути"
+	},
+	"repo.form.cannot_create": "Всички пространства, в които можете да създавате хранилища, са достигнали лимита си на хранилища.",
+	"moderation.report_remarks": "Подробности",
+	"moderation.submit_report": "Изпращане на доклада",
+	"followers.incoming.list.self.none": "Никой не следва вашия профил.",
+	"followers.incoming.list.none": "Никой не следва този потребител.",
+	"relativetime.now": "сега",
+	"home.welcome.no_activity": "Няма дейност",
+	"relativetime.1year": "миналата година",
+	"moderation.abuse_category": "Категория",
+	"moderation.abuse_category.illegal_content": "Незаконно съдържание",
+	"home.welcome.activity_hint": "Все още няма нищо в емисията ви. Вашите действия и дейност от хранилищата, които наблюдавате, ще се появят тук.",
+	"stars.list.none": "Никой не е отбелязал това хранилище със звезда.",
+	"moderation.report_abuse_form.invalid": "Невалидни аргументи",
+	"moderation.report_abuse_form.already_reported": "Вече сте докладвали това съдържание",
+	"moderation.abuse_category.placeholder": "Изберете категория",
+	"moderation.abuse_category.spam": "Спам",
+	"repo.issue_indexer.title": "Индексатор на задачи",
+	"moderation.report_abuse_form.details": "Този формуляр трябва да се използва за докладване на потребители, които създават спам профили, хранилища, задачи, коментари или се държат неподходящо.",
+	"moderation.report_remarks.placeholder": "Моля, предоставете подробности относно злоупотребата, за която докладвате.",
+	"moderation.reporting_failed": "Не може да се изпрати новият доклад за злоупотреба: %v",
+	"moderation.reported_thank_you": "Благодарим ви за доклада. Администрацията е уведомена.",
+	"error.not_found.title": "Страницата не е намерена",
+	"incorrect_root_url": "Тази инстанция на Forgejo е конфигурирана да се сервира на \"%s\". В момента разглеждате Forgejo през друг URL адрес, което може да доведе до неправилно функциониране на части от приложението. Каноничният URL адрес се контролира от администраторите на Forgejo чрез настройката ROOT_URL в app.ini.",
+	"themes.names.forgejo-dark": "Forgejo тъмна",
+	"themes.names.forgejo-auto": "Forgejo (следване на системната тема)",
+	"themes.names.forgejo-light": "Forgejo светла",
+	"watch.list.none": "Никой не наблюдава това хранилище.",
+	"followers.outgoing.list.self.none": "Не следвате никого.",
+	"followers.outgoing.list.none": "%s не следва никого.",
+	"relativetime.future": "в бъдеще",
+	"relativetime.2days": "преди два дни",
+	"relativetime.1week": "миналата седмица",
+	"relativetime.2weeks": "преди две седмици",
+	"relativetime.1month": "миналия месец",
+	"relativetime.2years": "преди две години",
+	"moderation.report_abuse_form.header": "Докладване на злоупотреба до администратора",
+	"moderation.abuse_category.malware": "Зловреден софтуер",
+	"moderation.abuse_category.other_violations": "Други нарушения на правилата на платформата",
+	"alert.asset_load_failed": "Неуспешно зареждане на файлове с ресурси от {path}. Моля, уверете се, че файловете с ресурси са достъпни.",
+	"alert.range_error": " трябва да бъде число между %[1]s и %[2]s.",
+	"install.invalid_lfs_path": "Не може да се създаде LFS корен в посочения път: %[1]s",
+	"search.milestone_kind": "Търсене на етапи…",
+	"admin.config.moderation_config": "Конфигурация на модерацията",
+	"moderation.report_abuse": "Докладване на злоупотреба",
+	"moderation.report_content": "Докладване на съдържание",
+	"relativetime.hours": {
+		"one": "преди %d час",
+		"other": "преди %d часа"
+	},
+	"relativetime.days": {
+		"one": "преди %d ден",
+		"other": "преди %d дни"
+	},
+	"relativetime.weeks": {
+		"one": "преди %d седмица",
+		"other": "преди %d седмици"
+	},
+	"relativetime.months": {
+		"one": "преди %d месец",
+		"other": "преди %d месеца"
+	},
+	"relativetime.years": {
+		"one": "преди %d година",
+		"other": "преди %d години"
+	},
+	"editor.textarea.tab_hint": "Редът вече е с отстъп. Натиснете отново <kbd>Tab</kbd> или <kbd>Escape</kbd>, за да излезете от редактора.",
+	"editor.textarea.shift_tab_hint": "Няма отстъп на този ред. Натиснете отново <kbd>Shift</kbd> + <kbd>Tab</kbd> или <kbd>Escape</kbd>, за да излезете от редактора.",
+	"migrate.github.description": "Мигриране на данни от github.com или GitHub Enterprise сървър.",
+	"migrate.git.description": "Мигриране само на хранилище от всяка Git услуга.",
+	"migrate.gitea.description": "Мигриране на данни от gitea.com или други Gitea инстанции.",
+	"migrate.gitlab.description": "Мигриране на данни от gitlab.com или други GitLab инстанции.",
+	"migrate.gogs.description": "Мигриране на данни от notabug.org или други Gogs инстанции.",
+	"migrate.onedev.description": "Мигриране на данни от code.onedev.io или други OneDev инстанции.",
+	"migrate.gitbucket.description": "Мигриране на данни от GitBucket инстанции.",
+	"migrate.codebase.description": "Мигриране на данни от codebasehq.com.",
+	"migrate.forgejo.description": "Мигриране на данни от codeberg.org или други Forgejo инстанции.",
+	"keys.ssh.link": "SSH ключове",
+	"feed.atom.link": "Atom емисия",
+	"keys.gpg.link": "GPG ключове",
+	"profile.edit.link": "Редактиране на профила",
+	"profile.actions.tooltip": "Още действия",
+	"pulse.n_active_issues": {
+		"one": "%s активна задача",
+		"other": "%s активни задачи"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s активна заявка за сливане",
+		"other": "%s активни заявки за сливане"
+	}
 }
diff --git a/options/locale_next/locale_bn.json b/options/locale_next/locale_bn.json
index 56a6e6dae4..321b792bea 100644
--- a/options/locale_next/locale_bn.json
+++ b/options/locale_next/locale_bn.json
@@ -1,3 +1,4 @@
 {
-    "moderation.abuse_category.malware": "ম্যালওয়্যার"
+	"moderation.abuse_category.malware": "ম্যালওয়্যার",
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_bs.json b/options/locale_next/locale_bs.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_bs.json
+++ b/options/locale_next/locale_bs.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index 9acb703cab..ec2de1883d 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -1,247 +1,247 @@
 {
-    "fork.n_forks": {
-        "one": "%s fork",
-        "many": "%s forks",
-        "other": ""
-    },
-    "stars.n_stars": {
-        "one": "%s estrella",
-        "many": "%s estrelles",
-        "other": ""
-    },
-    "search.milestone_kind": "Cerca fites…",
-    "moderation.abuse_category.malware": "Programari maliciós",
-    "relativetime.mins": {
-        "one": "Fa %d minut",
-        "many": "Fa %d minuts",
-        "other": "Fa %d minuts"
-    },
-    "relativetime.hours": {
-        "one": "Fa %d hora",
-        "many": "Fa %d hores",
-        "other": "Fa %d hores"
-    },
-    "relativetime.days": {
-        "one": "Fa %d dia",
-        "many": "Fa %d dies",
-        "other": "Fa %d dies"
-    },
-    "relativetime.weeks": {
-        "one": "Fa %d setmana",
-        "many": "Fa %d setmanes",
-        "other": "Fa %d setmanes"
-    },
-    "relativetime.months": {
-        "one": "Fa %d mes",
-        "many": "Fa %d mesos",
-        "other": "Fa %d mesos"
-    },
-    "relativetime.years": {
-        "one": "Fa %d any",
-        "many": "Fa %d anys",
-        "other": "Fa %d anys"
-    },
-    "home.explore_repos": "Explorar repositoris",
-    "home.explore_users": "Explorar usuaris",
-    "home.explore_orgs": "Explorar organitzacions",
-    "watch.list.none": "Ningú està observant aquest repositori.",
-    "followers.incoming.list.self.none": "Ningú està seguint el vostre perfil.",
-    "followers.incoming.list.none": "Ningú està seguint aquest usuari.",
-    "followers.outgoing.list.self.none": "No esteu seguint ningú.",
-    "followers.outgoing.list.none": "%s no està seguint ningú.",
-    "relativetime.now": "ara",
-    "relativetime.1day": "ahir",
-    "relativetime.2days": "fa dos dies",
-    "relativetime.1week": "la setmana passada",
-    "relativetime.2weeks": "fa dues setmanes",
-    "relativetime.1month": "el mes passat",
-    "relativetime.2months": "fa dos mesos",
-    "relativetime.1year": "l'any passat",
-    "relativetime.2years": "fa dos anys",
-    "repo.form.cannot_create": "Tots els espais en els quals podeu crear repositoris han arribat al límit de repositoris.",
-    "migrate.form.error.url_credentials": "La URL conté credencials, poseu-los en els camps respectius de nom d'usuari i contrasenya",
-    "migrate.github.description": "Migrar dades de github.com o d'un servidor GitHub Enterprise.",
-    "migrate.git.description": "Migrar un repositori només de qualsevol servei de Git.",
-    "migrate.gitea.description": "Migrar dades de gitea.com o d'altres instàncies de Gitea.",
-    "migrate.gitlab.description": "Migrar dades de gitlab.com o d'altres instàncies de GitLab.",
-    "migrate.gogs.description": "Migrar dades de notabug.org o d'altres instàncies de Gogs.",
-    "migrate.onedev.description": "Migrar dades de code.onedev.io o d'altres instàncies de OneDev.",
-    "migrate.gitbucket.description": "Migrar dades d'instàncies de GitBucket.",
-    "migrate.codebase.description": "Migrar dades de codebasehq.com.",
-    "migrate.forgejo.description": "Migrar dades de codeberg.org o d'altres instàncies de Forgejo.",
-    "repo.issue_indexer.title": "Indexador d'incidències",
-    "repo.settings.push_mirror.branch_filter.label": "Filtre de branca (opcional)",
-    "incorrect_root_url": "Aquesta instància de Forejo està configurada per ser servida a \"%s\". Actualment esteu veient Forgejo des d'una URL diferent, la qual cosa pot provocar que algunes parts de l'aplicació no funcionin correctament. Els administradors de Forgejo controlen l'URL canònica mitjançant el paràmetre ROOT_URL a app.ini.",
-    "themes.names.forgejo-auto": "Forgejo (segueix el tema del sistema)",
-    "themes.names.forgejo-light": "Forgejo clar",
-    "themes.names.forgejo-dark": "Forgejo fosc",
-    "error.not_found.title": "No s'ha trobat la pàgina",
-    "warning.repository.out_of_sync": "La representació de la base de dades d'aquest repositori s'ha dessincronitzat. Si aquest avís persisteix després de publicar un commit a aquest repositori, contacteu-ne l'administrador.",
-    "install.invalid_lfs_path": "No s'ha pogut crear l'arrel LFS al camí especificat: %[1]s",
-    "profile.actions.tooltip": "Més accions",
-    "profile.edit.link": "Editar perfil",
-    "feed.atom.link": "Canal Atom",
-    "keys.ssh.link": "Claus SSH",
-    "keys.gpg.link": "Claus GPG",
-    "admin.config.moderation_config": "Configuració de la moderació",
-    "admin.moderation.reports": "Denúncies",
-    "admin.moderation.moderation_reports": "Informes de moderació",
-    "admin.moderation.no_open_reports": "No hi ha cap denúncia oberta.",
-    "moderation.report_abuse": "Denunciar abús",
-    "moderation.report_content": "Denunciar contingut",
-    "moderation.report_abuse_form.header": "Denunciar un abús a l'administrador",
-    "moderation.report_abuse_form.details": "Aquest formulari s'hauria de fer servir per denunciar usuaris que creen perfils, repositoris, incidències o comentaris d'spam, o que es comporten de manera inapropiada.",
-    "moderation.report_abuse_form.invalid": "Arguments incorrectes",
-    "moderation.report_abuse_form.already_reported": "Ja heu denunciat aquest contingut",
-    "moderation.abuse_category": "Categoria",
-    "moderation.abuse_category.placeholder": "Seleccioneu una categoria",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.illegal_content": "Contingut il·legal",
-    "moderation.abuse_category.other_violations": "Altres violacions de les normes de la plataforma",
-    "moderation.report_remarks": "Observacions",
-    "moderation.report_remarks.placeholder": "Si us plau, proporcioneu alguns detalls sobre l'abús que esteu denunciant.",
-    "moderation.submit_report": "Enviar la denúncia",
-    "moderation.reporting_failed": "No s'ha pogut enviar la nova denúncia d'abús: %v",
-    "moderation.reported_thank_you": "Gràcies per la vostra denúncia. L'administració n'ha estat informada.",
-    "mail.actions.successful_run_after_failure_subject": "S'ha recuperat el flux de treball %[1]s al repositori %[2]s",
-    "mail.actions.not_successful_run_subject": "El flux de treball %[1]s ha fallat al repositori %[2]s",
-    "mail.actions.successful_run_after_failure": "S'ha recuperat el flux de treball %[1]s al repositori %[2]s",
-    "mail.actions.not_successful_run": "El flux de treball %[1]s ha fallat al repositori %[2]s",
-    "mail.actions.run_info_previous_status": "Estat de l'execució anterior: %[1]s",
-    "repo.diff.commit.next-short": "Següent",
-    "discussion.locked": "Aquesta discussió s'ha bloquejat. Només els contribuïdors hi poden comentar.",
-    "discussion.sidebar.reference": "Referència",
-    "editor.textarea.tab_hint": "La línia ja està sagnada. Premeu <kbd>Tabulació</kbd> un altre cop o <kbd>Esc</kbd> per sortir de l'editor.",
-    "home.welcome.no_activity": "Sense activitat",
-    "repo.pulls.merged_title_desc": {
-        "one": "ha fusionat %[1]d commit de <code>%[2]s</code> a <code>%[3]s</code> %[4]s",
-        "many": "ha fusionat %[1]d commits de <code>%[2]s</code> a <code>%[3]s</code> %[4]s",
-        "other": "ha fusionat %[1]d commits de <code>%[2]s</code> a <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "vol fusionar %[1]d commit de <code>%[2]s</code> a <code id=\"%[4]s\">%[3]s</code>",
-        "many": "vol fusionar %[1]d commits de <code>%[2]s</code> a <code id=\"%[4]s\">%[3]s</code>",
-        "other": "vol fusionar %[1]d commits de <code>%[2]s</code> a <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "repo.settings.push_mirror.branch_filter.description": "Les branques a ser replicades. Deixeu-ho en blanc per replicar-les totes. Per saber més de la sintaxis, vegeu la <a href=\"%[1]s\">documentació de %[2]s</a>. Exemples: <code>main, release/*</code>",
-    "alert.range_error": " ha de ser un nombre entre %[1]s i %[2]s.",
-    "admin.moderation.deleted_content_ref": "El contingut denunciat amb tipus %[1]v i ID %[2]d ja no existeix",
-    "mail.actions.run_info_cur_status": "Estat d'aquesta execució: %[1]s (actualitzat ara mateix de %[2]s)",
-    "repo.diff.commit.previous-short": "Anterior",
-    "editor.textarea.shift_tab_hint": "No si ha sagnat en aquesta línia. Premeu <kbd>Shift</kbd> + <kbd>Tabulació</kbd> un altre cop o <kbd>Esc</kbd> per sortir de l'editor.",
-    "admin.auths.allow_username_change": "Permet el canvi de nom d'usuari",
-    "admin.auths.allow_username_change.description": "Permet als usuaris canviar el seu nom d'usuari a la configuració del perfil",
-    "admin.dashboard.remove_resolved_reports": "Eliminar les denúncies resoltes",
-    "mail.actions.run_info_sha": "Commit: %[1]s",
-    "home.welcome.activity_hint": "El vostre canal de notícies és buit. Aquí apareixeran les vostres accions i l'activitat dels repositoris que observeu.",
-    "repo.pulls.already_merged": "La fusió ha fallat: aquesta sol·licitud d'extracció ja s'ha fusionat.",
-    "alert.asset_load_failed": "No s'han pogut carregar els fitxers d'actiu de {path}. Si us plau, assegureu-vos que els fitxers d'actiu són accessibles.",
-    "admin.config.security": "Configuració de seguretat",
-    "admin.config.global_2fa_requirement.title": "Requisit d'autenticació de doble factor global",
-    "admin.config.global_2fa_requirement.none": "No",
-    "admin.config.global_2fa_requirement.all": "Tots els usuaris",
-    "admin.config.global_2fa_requirement.admin": "Administradors",
-    "settings.visibility.description": "La visibilitat del perfil afecta la capacitat dels altres per accedir als vostres repositoris no privats. <a href=\"%s\" target=\"_blank\">Saber-ne més</a>.",
-    "settings.twofa_unroll_unavailable": "El vostre compte requereix l'autenticació de doble factor i no es pot desactivar.",
-    "settings.twofa_reenroll.description": "Torneu-vos a inscriure a la vostra autenticació de doble factor",
-    "settings.must_enable_2fa": "Aquesta instància de Forgejo requereix que els usuaris habilitin l'autenticació de doble factor abans de poder accedir als seus comptes.",
-    "error.must_enable_2fa": "Aquesta instància de Forgejo requereix que els usuaris habilitin l'autenticació de doble factor abans de poder accedir als seus comptes. Habiliteu-la a: %s",
-    "avatar.constraints_hint": "Els avatars personalitzats no poden pesar més de %[1]s ni tenir una dimensió superior a %[2]dx%[3]d píxels",
-    "repo.commit.load_tags_failed": "Ha fallat la càrrega de les etiquetes degut a un error intern",
-    "compare.branches.title": "Comparar branques",
-    "migrate.pagure.description": "Migreu dades de pagure.io o d'altres instàncies de Pagure.",
-    "migrate.pagure.incorrect_url": "S'ha proporcionat una URL del repositori font incorrecta",
-    "migrate.pagure.project_url": "URL del projecte de Pagure",
-    "migrate.pagure.project_example": "L'URL del projecte de pagure, per exemple: https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Testimoni de l'API de Pagure",
-    "meta.last_line": "Molt estudiar anglès i vinga a fer espíquings i ràitings i tal... I què passa amb el català? Eh?! Me'l noto una mica oxidat! També és important.",
-    "pulse.n_active_issues": {
-        "one": "%s incidència activa",
-        "many": "%s incidències actives",
-        "other": "%s incidències actives"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s sol·licitud d'extracció activa",
-        "many": "%s sol·licituds d'extracció actives",
-        "other": "%s sol·licituds d'extracció actives"
-    },
-    "user.ghost.tooltip": "Aquest usuari ha sigut eliminat, o no es pot trobar.",
-    "repo.pulls.maintainers_can_edit": "Els responsables poden editar aquesta sol·licitud d'extracció.",
-    "repo.pulls.maintainers_cannot_edit": "Els responsables no poden editar aquesta sol·licitud d'extracció.",
-    "mail.issue.action.close_by_commit": "%[1]s ha tancat %[2]s al commit %[3]s.",
-    "admin.dashboard.cleanup_offline_runners": "Neteja els executors fora de línia",
-    "settings.twofa_reenroll": "Torneu-vos a inscriure a l'autenticació de doble factor",
-    "migrate.pagure.private_issues.summary": "Incidències privades (opcional)",
-    "migrate.pagure.private_issues.description": "Aquesta funció està pensada per crear un segon repositori amb només les incidències privades del vostre projecte de Pragure amb la finalitat d'arxivar-lo. Primer, feu una migració normal (sense cap testimoni) per importar tot el contingut públic. Després, si teniu incidències privades que voleu preservar, creeu un repositori separat emprant aquesta opció de testimoni per arxivar-les.",
-    "migrate.pagure.token.placeholder": "Només per crear un arxiu d'incidències privades",
-    "actions.runs.viewing_out_of_date_run": "Esteu veient una execució desactualitzada d'aquesta tasca que va ser executada %[1]s.",
-    "actions.runs.view_most_recent_run": "Veure l'execució més recent",
-    "actions.workflow.pre_execution_error": "No s'ha executat el flux de treball degut a un error que ha bloquejat l'intent d'execució.",
-    "relativetime.future": "en el futur",
-    "migrate.pagure.private_issues.warning": "Assegureu-vos de configurar la visibilitat del repositori com a privada si esteu usant la clau API per importar incidències privades. Això evitarà exposar accidentalment el contingut privat en un repositori públic.",
-    "actions.runs.run_attempt_label": "Intent d'execució #%[1]s (%[2]s)",
-    "actions.workflow.job_parsing_error": "No s'han pogut analitzar les tasques al flux de treball: %v",
-    "release.n_downloads": {
-        "one": "%s baixada",
-        "many": "%s baixades",
-        "other": "%s baixades"
-    },
-    "actions.workflow.event_detection_error": "No s'han pogut analitzar els esdeveniments compatibles al flux de treball: %v",
-    "og.repo.summary_card.alt_description": "La targeta de resum del repositori %[1]s, descrita com a: %[2]s",
-    "stars.list.none": "Ningú ha marcat aquest repositori com a favorit.",
-    "mail.actions.run_info_trigger": "Activat per: %[1]s per: %[2]s",
-    "watch.n_watchers": {
-        "one": "%s observador",
-        "many": "%s observadors",
-        "other": "%s observadors"
-    },
-    "teams.remove_all_repos.modal.header": "Suprimeix tots els repositoris",
-    "teams.add_all_repos.modal.header": "Afegir tots els repositoris",
-    "repo.issues.filter_poster.hint": "Filtra per l'autor",
-    "repo.issues.filter_assignee.hint": "Filtra per l'usuari assignat",
-    "repo.issues.filter_reviewers.hint": "Filtra per l'usuari que revisa",
-    "repo.issues.filter_mention.hint": "Filtra per l'usuari mencionat",
-    "repo.issues.filter_modified.hint": "Filtra per la darrera data de modificació",
-    "repo.pulls.poster_manage_approval": "Gestiona l'aprovació",
-    "repo.pulls.poster_requires_approval": "Alguns fluxos de treball encara estan <a href=\"%[1]s\">pendents de revisió.</a>",
-    "repo.issues.filter_sort.hint": "Ordena per: creació/comentaris/actualització/termini",
-    "repo.pulls.poster_is_trusted": "L'autor d'aquesta «pull request» <a href=\"%[1]s\">sempre podrà executar fluxos de treball.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "L'autor d'aquesta «pull request» està explícitament autoritzat per a executar fluxos de treball a partir d'esdeveniments `pull_request`.",
-    "repo.pulls.poster_trust_deny": "Denega",
-    "repo.pulls.poster_trust_deny.tooltip": "Es cancel·laran els fluxos de treball pendents d'aprovació.",
-    "repo.pulls.poster_trust_once": "Aprova una vegada",
-    "repo.pulls.poster_trust_once.tooltip": "Els fluxos de treball provocats per un esdeveniment `pull_request` s'executaran en aquest commit, però caldrà aprovar-los per als futurs commits que siguin pujats a aquesta «pull request».",
-    "repo.pulls.poster_trust_always": "Aprova sempre",
-    "repo.pulls.poster_trust_always.tooltip": "Els fluxos de treball provocats per un esdeveniment `pull_request` s'executaran en aquest commit, i no caldrà aprovar futures execucions d'aquesta «pull request» o futures «pull requests» autoritzades pel mateix usuari.",
-    "repo.pulls.poster_trust_revoke": "Revoca",
-    "repo.pulls.poster_trust_revoke.tooltip": "L'autor d'aquesta «pull request» ja no serà autoritzat per a executar fluxos de treball a partir d'esdeveniments `pull_request`. Cada execució s'haurà d'aprovar manualment.",
-    "search.syntax": "Sintaxi de cerca",
-    "search.fuzzy": "Difusa",
-    "search.fuzzy_tooltip": "Inclou resultats que siguin una coincidència aproximada al terme de cerca",
-    "keys.verify.token.hint": "El testimoni només és vàlid durant un minut. <a href=\"%[1]s\">Obtén-ne un de nou si ha caducat</a>.",
-    "moderation.report.mark_as_handled": "Marca com a resolt",
-    "moderation.report.mark_as_ignored": "Marca com a ignorat",
-    "moderation.action.account.delete": "Elimina el compte",
-    "moderation.action.account.suspend": "Suspèn el compte",
-    "moderation.action.repo.delete": "Elimina el repositori",
-    "moderation.action.issue.delete": "Elimina el problema",
-    "moderation.action.comment.delete": "Elimina el comentari",
-    "moderation.unknown_action": "Acció desconeguda",
-    "moderation.users.cannot_suspend_admins": "Els usuaris amb privilegis d'administrador no es poden suspendre.",
-    "moderation.users.cannot_suspend_org": "Les organitzacions no es poden suspendre.",
-    "moderation.users.already_suspended": "Aquest compte d'usuari ja està suspès.",
-    "moderation.users.suspend_success": "El compte d'usuari s'ha suspès.",
-    "moderation.users.cannot_delete_admins": "Els usuaris amb privilegis d'administrador no es poden suprimir.",
-    "moderation.issue.deletion_success": "S'ha esborrat el problema.",
-    "moderation.comment.deletion_success": "S'ha esborrat el comentari.",
-    "admin.dashboard.transfer_lingering_logs": "Transfereix els registres d'accions finalitzades de la base de dades a l'emmagatzematge",
-    "actions.workflow.persistent_incomplete_matrix": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s a causa d'una expressió `needs` no vàlida. Potser fa referència a un treball que no és a la seva llista 'needs' (%[2]s), o una sortida que no existeix en un d'aquests treballs.",
-    "actions.workflow.incomplete_matrix_missing_job": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s: el treball %[2]s no és a la llista `needs` del treball %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s: el treball %[2]s no té una sortida %[3]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s: error desconegut.",
-    "actions.workflow.incomplete_runson_missing_job": "No s'ha pogut avaluar `runs-on` del treball %[1]s: el treball %[2]s no és a la llista `needs` del treball %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "No s'ha pogut avaluar `runs-on` del treball %[1]s: el treball %[2]s no té una sortida %[3]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "No s'ha pogut avaluar `runs-on` del treball %[1]s: la mida de la matriu %[2]s no existeix.",
-    "actions.workflow.incomplete_runson_unknown_cause": "No s'ha pogut avaluar `runs-on` del treball %[1]s: error desconegut.",
-    "admin.auths.oauth2_quota_group_map_removal": "Elimina els usuaris dels grups de quotes sincronitzats si l'usuari no pertany al grup corresponent."
+	"fork.n_forks": {
+		"one": "%s fork",
+		"many": "%s forks",
+		"other": ""
+	},
+	"stars.n_stars": {
+		"one": "%s estrella",
+		"many": "%s estrelles",
+		"other": ""
+	},
+	"search.milestone_kind": "Cerca fites…",
+	"moderation.abuse_category.malware": "Programari maliciós",
+	"relativetime.mins": {
+		"one": "Fa %d minut",
+		"many": "Fa %d minuts",
+		"other": "Fa %d minuts"
+	},
+	"relativetime.hours": {
+		"one": "Fa %d hora",
+		"many": "Fa %d hores",
+		"other": "Fa %d hores"
+	},
+	"relativetime.days": {
+		"one": "Fa %d dia",
+		"many": "Fa %d dies",
+		"other": "Fa %d dies"
+	},
+	"relativetime.weeks": {
+		"one": "Fa %d setmana",
+		"many": "Fa %d setmanes",
+		"other": "Fa %d setmanes"
+	},
+	"relativetime.months": {
+		"one": "Fa %d mes",
+		"many": "Fa %d mesos",
+		"other": "Fa %d mesos"
+	},
+	"relativetime.years": {
+		"one": "Fa %d any",
+		"many": "Fa %d anys",
+		"other": "Fa %d anys"
+	},
+	"home.explore_repos": "Explorar repositoris",
+	"home.explore_users": "Explorar usuaris",
+	"home.explore_orgs": "Explorar organitzacions",
+	"watch.list.none": "Ningú està observant aquest repositori.",
+	"followers.incoming.list.self.none": "Ningú està seguint el vostre perfil.",
+	"followers.incoming.list.none": "Ningú està seguint aquest usuari.",
+	"followers.outgoing.list.self.none": "No esteu seguint ningú.",
+	"followers.outgoing.list.none": "%s no està seguint ningú.",
+	"relativetime.now": "ara",
+	"relativetime.1day": "ahir",
+	"relativetime.2days": "fa dos dies",
+	"relativetime.1week": "la setmana passada",
+	"relativetime.2weeks": "fa dues setmanes",
+	"relativetime.1month": "el mes passat",
+	"relativetime.2months": "fa dos mesos",
+	"relativetime.1year": "l'any passat",
+	"relativetime.2years": "fa dos anys",
+	"repo.form.cannot_create": "Tots els espais en els quals podeu crear repositoris han arribat al límit de repositoris.",
+	"migrate.form.error.url_credentials": "La URL conté credencials, poseu-los en els camps respectius de nom d'usuari i contrasenya",
+	"migrate.github.description": "Migrar dades de github.com o d'un servidor GitHub Enterprise.",
+	"migrate.git.description": "Migrar un repositori només de qualsevol servei de Git.",
+	"migrate.gitea.description": "Migrar dades de gitea.com o d'altres instàncies de Gitea.",
+	"migrate.gitlab.description": "Migrar dades de gitlab.com o d'altres instàncies de GitLab.",
+	"migrate.gogs.description": "Migrar dades de notabug.org o d'altres instàncies de Gogs.",
+	"migrate.onedev.description": "Migrar dades de code.onedev.io o d'altres instàncies de OneDev.",
+	"migrate.gitbucket.description": "Migrar dades d'instàncies de GitBucket.",
+	"migrate.codebase.description": "Migrar dades de codebasehq.com.",
+	"migrate.forgejo.description": "Migrar dades de codeberg.org o d'altres instàncies de Forgejo.",
+	"repo.issue_indexer.title": "Indexador d'incidències",
+	"repo.settings.push_mirror.branch_filter.label": "Filtre de branca (opcional)",
+	"incorrect_root_url": "Aquesta instància de Forejo està configurada per ser servida a \"%s\". Actualment esteu veient Forgejo des d'una URL diferent, la qual cosa pot provocar que algunes parts de l'aplicació no funcionin correctament. Els administradors de Forgejo controlen l'URL canònica mitjançant el paràmetre ROOT_URL a app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (segueix el tema del sistema)",
+	"themes.names.forgejo-light": "Forgejo clar",
+	"themes.names.forgejo-dark": "Forgejo fosc",
+	"error.not_found.title": "No s'ha trobat la pàgina",
+	"warning.repository.out_of_sync": "La representació de la base de dades d'aquest repositori s'ha dessincronitzat. Si aquest avís persisteix després de publicar un commit a aquest repositori, contacteu-ne l'administrador.",
+	"install.invalid_lfs_path": "No s'ha pogut crear l'arrel LFS al camí especificat: %[1]s",
+	"profile.actions.tooltip": "Més accions",
+	"profile.edit.link": "Editar perfil",
+	"feed.atom.link": "Canal Atom",
+	"keys.ssh.link": "Claus SSH",
+	"keys.gpg.link": "Claus GPG",
+	"admin.config.moderation_config": "Configuració de la moderació",
+	"admin.moderation.reports": "Denúncies",
+	"admin.moderation.moderation_reports": "Informes de moderació",
+	"admin.moderation.no_open_reports": "No hi ha cap denúncia oberta.",
+	"moderation.report_abuse": "Denunciar abús",
+	"moderation.report_content": "Denunciar contingut",
+	"moderation.report_abuse_form.header": "Denunciar un abús a l'administrador",
+	"moderation.report_abuse_form.details": "Aquest formulari s'hauria de fer servir per denunciar usuaris que creen perfils, repositoris, incidències o comentaris d'spam, o que es comporten de manera inapropiada.",
+	"moderation.report_abuse_form.invalid": "Arguments incorrectes",
+	"moderation.report_abuse_form.already_reported": "Ja heu denunciat aquest contingut",
+	"moderation.abuse_category": "Categoria",
+	"moderation.abuse_category.placeholder": "Seleccioneu una categoria",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.illegal_content": "Contingut il·legal",
+	"moderation.abuse_category.other_violations": "Altres violacions de les normes de la plataforma",
+	"moderation.report_remarks": "Observacions",
+	"moderation.report_remarks.placeholder": "Si us plau, proporcioneu alguns detalls sobre l'abús que esteu denunciant.",
+	"moderation.submit_report": "Enviar la denúncia",
+	"moderation.reporting_failed": "No s'ha pogut enviar la nova denúncia d'abús: %v",
+	"moderation.reported_thank_you": "Gràcies per la vostra denúncia. L'administració n'ha estat informada.",
+	"mail.actions.successful_run_after_failure_subject": "S'ha recuperat el flux de treball %[1]s al repositori %[2]s",
+	"mail.actions.not_successful_run_subject": "El flux de treball %[1]s ha fallat al repositori %[2]s",
+	"mail.actions.successful_run_after_failure": "S'ha recuperat el flux de treball %[1]s al repositori %[2]s",
+	"mail.actions.not_successful_run": "El flux de treball %[1]s ha fallat al repositori %[2]s",
+	"mail.actions.run_info_previous_status": "Estat de l'execució anterior: %[1]s",
+	"repo.diff.commit.next-short": "Següent",
+	"discussion.locked": "Aquesta discussió s'ha bloquejat. Només els contribuïdors hi poden comentar.",
+	"discussion.sidebar.reference": "Referència",
+	"editor.textarea.tab_hint": "La línia ja està sagnada. Premeu <kbd>Tabulació</kbd> un altre cop o <kbd>Esc</kbd> per sortir de l'editor.",
+	"home.welcome.no_activity": "Sense activitat",
+	"repo.pulls.merged_title_desc": {
+		"one": "ha fusionat %[1]d commit de <code>%[2]s</code> a <code>%[3]s</code> %[4]s",
+		"many": "ha fusionat %[1]d commits de <code>%[2]s</code> a <code>%[3]s</code> %[4]s",
+		"other": "ha fusionat %[1]d commits de <code>%[2]s</code> a <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "vol fusionar %[1]d commit de <code>%[2]s</code> a <code id=\"%[4]s\">%[3]s</code>",
+		"many": "vol fusionar %[1]d commits de <code>%[2]s</code> a <code id=\"%[4]s\">%[3]s</code>",
+		"other": "vol fusionar %[1]d commits de <code>%[2]s</code> a <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"repo.settings.push_mirror.branch_filter.description": "Les branques a ser replicades. Deixeu-ho en blanc per replicar-les totes. Per saber més de la sintaxis, vegeu la <a href=\"%[1]s\">documentació de %[2]s</a>. Exemples: <code>main, release/*</code>",
+	"alert.range_error": " ha de ser un nombre entre %[1]s i %[2]s.",
+	"admin.moderation.deleted_content_ref": "El contingut denunciat amb tipus %[1]v i ID %[2]d ja no existeix",
+	"mail.actions.run_info_cur_status": "Estat d'aquesta execució: %[1]s (actualitzat ara mateix de %[2]s)",
+	"repo.diff.commit.previous-short": "Anterior",
+	"editor.textarea.shift_tab_hint": "No si ha sagnat en aquesta línia. Premeu <kbd>Shift</kbd> + <kbd>Tabulació</kbd> un altre cop o <kbd>Esc</kbd> per sortir de l'editor.",
+	"admin.auths.allow_username_change": "Permet el canvi de nom d'usuari",
+	"admin.auths.allow_username_change.description": "Permet als usuaris canviar el seu nom d'usuari a la configuració del perfil",
+	"admin.dashboard.remove_resolved_reports": "Eliminar les denúncies resoltes",
+	"mail.actions.run_info_sha": "Commit: %[1]s",
+	"home.welcome.activity_hint": "El vostre canal de notícies és buit. Aquí apareixeran les vostres accions i l'activitat dels repositoris que observeu.",
+	"repo.pulls.already_merged": "La fusió ha fallat: aquesta sol·licitud d'extracció ja s'ha fusionat.",
+	"alert.asset_load_failed": "No s'han pogut carregar els fitxers d'actiu de {path}. Si us plau, assegureu-vos que els fitxers d'actiu són accessibles.",
+	"admin.config.security": "Configuració de seguretat",
+	"admin.config.global_2fa_requirement.title": "Requisit d'autenticació de doble factor global",
+	"admin.config.global_2fa_requirement.none": "No",
+	"admin.config.global_2fa_requirement.all": "Tots els usuaris",
+	"admin.config.global_2fa_requirement.admin": "Administradors",
+	"settings.visibility.description": "La visibilitat del perfil afecta la capacitat dels altres per accedir als vostres repositoris no privats. <a href=\"%s\" target=\"_blank\">Saber-ne més</a>.",
+	"settings.twofa_unroll_unavailable": "El vostre compte requereix l'autenticació de doble factor i no es pot desactivar.",
+	"settings.twofa_reenroll.description": "Torneu-vos a inscriure a la vostra autenticació de doble factor",
+	"settings.must_enable_2fa": "Aquesta instància de Forgejo requereix que els usuaris habilitin l'autenticació de doble factor abans de poder accedir als seus comptes.",
+	"error.must_enable_2fa": "Aquesta instància de Forgejo requereix que els usuaris habilitin l'autenticació de doble factor abans de poder accedir als seus comptes. Habiliteu-la a: %s",
+	"avatar.constraints_hint": "Els avatars personalitzats no poden pesar més de %[1]s ni tenir una dimensió superior a %[2]dx%[3]d píxels",
+	"repo.commit.load_tags_failed": "Ha fallat la càrrega de les etiquetes degut a un error intern",
+	"compare.branches.title": "Comparar branques",
+	"migrate.pagure.description": "Migreu dades de pagure.io o d'altres instàncies de Pagure.",
+	"migrate.pagure.incorrect_url": "S'ha proporcionat una URL del repositori font incorrecta",
+	"migrate.pagure.project_url": "URL del projecte de Pagure",
+	"migrate.pagure.project_example": "L'URL del projecte de pagure, per exemple: https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Testimoni de l'API de Pagure",
+	"meta.last_line": "Molt estudiar anglès i vinga a fer espíquings i ràitings i tal... I què passa amb el català? Eh?! Me'l noto una mica oxidat! També és important.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"pulse.n_active_issues": {
+		"one": "%s incidència activa",
+		"many": "%s incidències actives",
+		"other": "%s incidències actives"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s sol·licitud d'extracció activa",
+		"many": "%s sol·licituds d'extracció actives",
+		"other": "%s sol·licituds d'extracció actives"
+	},
+	"user.ghost.tooltip": "Aquest usuari ha sigut eliminat, o no es pot trobar.",
+	"repo.pulls.maintainers_can_edit": "Els responsables poden editar aquesta sol·licitud d'extracció.",
+	"repo.pulls.maintainers_cannot_edit": "Els responsables no poden editar aquesta sol·licitud d'extracció.",
+	"mail.issue.action.close_by_commit": "%[1]s ha tancat %[2]s al commit %[3]s.",
+	"admin.dashboard.cleanup_offline_runners": "Neteja els executors fora de línia",
+	"settings.twofa_reenroll": "Torneu-vos a inscriure a l'autenticació de doble factor",
+	"migrate.pagure.private_issues.summary": "Incidències privades (opcional)",
+	"migrate.pagure.private_issues.description": "Aquesta funció està pensada per crear un segon repositori amb només les incidències privades del vostre projecte de Pragure amb la finalitat d'arxivar-lo. Primer, feu una migració normal (sense cap testimoni) per importar tot el contingut públic. Després, si teniu incidències privades que voleu preservar, creeu un repositori separat emprant aquesta opció de testimoni per arxivar-les.",
+	"migrate.pagure.token.placeholder": "Només per crear un arxiu d'incidències privades",
+	"actions.runs.viewing_out_of_date_run": "Esteu veient una execució desactualitzada d'aquesta tasca que va ser executada %[1]s.",
+	"actions.runs.view_most_recent_run": "Veure l'execució més recent",
+	"actions.workflow.pre_execution_error": "No s'ha executat el flux de treball degut a un error que ha bloquejat l'intent d'execució.",
+	"relativetime.future": "en el futur",
+	"migrate.pagure.private_issues.warning": "Assegureu-vos de configurar la visibilitat del repositori com a privada si esteu usant la clau API per importar incidències privades. Això evitarà exposar accidentalment el contingut privat en un repositori públic.",
+	"actions.runs.run_attempt_label": "Intent d'execució #%[1]s (%[2]s)",
+	"actions.workflow.job_parsing_error": "No s'han pogut analitzar les tasques al flux de treball: %v",
+	"release.n_downloads": {
+		"one": "%s baixada",
+		"many": "%s baixades",
+		"other": "%s baixades"
+	},
+	"actions.workflow.event_detection_error": "No s'han pogut analitzar els esdeveniments compatibles al flux de treball: %v",
+	"og.repo.summary_card.alt_description": "La targeta de resum del repositori %[1]s, descrita com a: %[2]s",
+	"stars.list.none": "Ningú ha marcat aquest repositori com a favorit.",
+	"mail.actions.run_info_trigger": "Activat per: %[1]s per: %[2]s",
+	"watch.n_watchers": {
+		"one": "%s observador",
+		"many": "%s observadors",
+		"other": "%s observadors"
+	},
+	"teams.remove_all_repos.modal.header": "Suprimeix tots els repositoris",
+	"teams.add_all_repos.modal.header": "Afegir tots els repositoris",
+	"repo.issues.filter_poster.hint": "Filtra per l'autor",
+	"repo.issues.filter_assignee.hint": "Filtra per l'usuari assignat",
+	"repo.issues.filter_reviewers.hint": "Filtra per l'usuari que revisa",
+	"repo.issues.filter_mention.hint": "Filtra per l'usuari mencionat",
+	"repo.issues.filter_modified.hint": "Filtra per la darrera data de modificació",
+	"repo.pulls.poster_manage_approval": "Gestiona l'aprovació",
+	"repo.pulls.poster_requires_approval": "Alguns fluxos de treball encara estan <a href=\"%[1]s\">pendents de revisió.</a>",
+	"repo.issues.filter_sort.hint": "Ordena per: creació/comentaris/actualització/termini",
+	"repo.pulls.poster_is_trusted": "L'autor d'aquesta «pull request» <a href=\"%[1]s\">sempre podrà executar fluxos de treball.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "L'autor d'aquesta «pull request» està explícitament autoritzat per a executar fluxos de treball a partir d'esdeveniments `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Denega",
+	"repo.pulls.poster_trust_deny.tooltip": "Es cancel·laran els fluxos de treball pendents d'aprovació.",
+	"repo.pulls.poster_trust_once": "Aprova una vegada",
+	"repo.pulls.poster_trust_once.tooltip": "Els fluxos de treball provocats per un esdeveniment `pull_request` s'executaran en aquest commit, però caldrà aprovar-los per als futurs commits que siguin pujats a aquesta «pull request».",
+	"repo.pulls.poster_trust_always": "Aprova sempre",
+	"repo.pulls.poster_trust_always.tooltip": "Els fluxos de treball provocats per un esdeveniment `pull_request` s'executaran en aquest commit, i no caldrà aprovar futures execucions d'aquesta «pull request» o futures «pull requests» autoritzades pel mateix usuari.",
+	"repo.pulls.poster_trust_revoke": "Revoca",
+	"repo.pulls.poster_trust_revoke.tooltip": "L'autor d'aquesta «pull request» ja no serà autoritzat per a executar fluxos de treball a partir d'esdeveniments `pull_request`. Cada execució s'haurà d'aprovar manualment.",
+	"search.syntax": "Sintaxi de cerca",
+	"search.fuzzy": "Difusa",
+	"search.fuzzy_tooltip": "Inclou resultats que siguin una coincidència aproximada al terme de cerca",
+	"keys.verify.token.hint": "El testimoni només és vàlid durant un minut. <a href=\"%[1]s\">Obtén-ne un de nou si ha caducat</a>.",
+	"moderation.report.mark_as_handled": "Marca com a resolt",
+	"moderation.report.mark_as_ignored": "Marca com a ignorat",
+	"moderation.action.account.delete": "Elimina el compte",
+	"moderation.action.account.suspend": "Suspèn el compte",
+	"moderation.action.repo.delete": "Elimina el repositori",
+	"moderation.action.issue.delete": "Elimina el problema",
+	"moderation.action.comment.delete": "Elimina el comentari",
+	"moderation.unknown_action": "Acció desconeguda",
+	"moderation.users.cannot_suspend_admins": "Els usuaris amb privilegis d'administrador no es poden suspendre.",
+	"moderation.users.cannot_suspend_org": "Les organitzacions no es poden suspendre.",
+	"moderation.users.already_suspended": "Aquest compte d'usuari ja està suspès.",
+	"moderation.users.suspend_success": "El compte d'usuari s'ha suspès.",
+	"moderation.users.cannot_delete_admins": "Els usuaris amb privilegis d'administrador no es poden suprimir.",
+	"moderation.issue.deletion_success": "S'ha esborrat el problema.",
+	"moderation.comment.deletion_success": "S'ha esborrat el comentari.",
+	"admin.dashboard.transfer_lingering_logs": "Transfereix els registres d'accions finalitzades de la base de dades a l'emmagatzematge",
+	"actions.workflow.persistent_incomplete_matrix": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s a causa d'una expressió `needs` no vàlida. Potser fa referència a un treball que no és a la seva llista 'needs' (%[2]s), o una sortida que no existeix en un d'aquests treballs.",
+	"actions.workflow.incomplete_matrix_missing_job": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s: el treball %[2]s no és a la llista `needs` del treball %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s: el treball %[2]s no té una sortida %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "No s'ha pogut avaluar `strategy.matrix` del treball %[1]s: error desconegut.",
+	"actions.workflow.incomplete_runson_missing_job": "No s'ha pogut avaluar `runs-on` del treball %[1]s: el treball %[2]s no és a la llista `needs` del treball %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "No s'ha pogut avaluar `runs-on` del treball %[1]s: el treball %[2]s no té una sortida %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "No s'ha pogut avaluar `runs-on` del treball %[1]s: la mida de la matriu %[2]s no existeix.",
+	"actions.workflow.incomplete_runson_unknown_cause": "No s'ha pogut avaluar `runs-on` del treball %[1]s: error desconegut.",
+	"admin.auths.oauth2_quota_group_map_removal": "Elimina els usuaris dels grups de quotes sincronitzats si l'usuari no pertany al grup corresponent."
 }
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 52e09c7914..7e38c9a38c 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -1,262 +1,262 @@
 {
-    "fork.n_forks": {
-        "one": "%s fork",
-        "few": "%s forky",
-        "other": "%s forků"
-    },
-    "stars.n_stars": {
-        "one": "%s oblíbení",
-        "few": "%s oblíbení",
-        "other": "%s oblíbení"
-    },
-    "release.n_downloads": {
-        "one": "%s stažení",
-        "few": "%s stažení",
-        "other": "%s stažení"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "sloučil/a %[1]d revizi z větve <code>%[2]s</code> do větve <code>%[3]s</code> %[4]s",
-        "few": "sloučil/a %[1]d revize z větve <code>%[2]s</code> do větve <code>%[3]s</code> před %[4]s",
-        "other": "sloučil/a %[1]d revizí z větve <code>%[2]s</code> do větve <code>%[3]s</code> před %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "žádá o sloučení %[1]d revize z větve <code>%[2]s</code> do větve <code id=\"%[4]s\">%[3]s</code>",
-        "few": "žádá o sloučení %[1]d revizí z větve <code>%[2]s</code> do větve <code id=\"%[4]s\">%[3]s</code>",
-        "other": "žádá o sloučení %[1]d revizí z větve <code>%[2]s</code> do větve <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Hledat milníky…",
-    "home.welcome.no_activity": "Žádná aktivita",
-    "home.welcome.activity_hint": "Váš feed je zatím prázdný. Zde se budou zobrazovat vaše akce a aktivity z repozitářů, které sledujete.",
-    "home.explore_repos": "Procházet repozitáře",
-    "home.explore_users": "Procházet uživatele",
-    "home.explore_orgs": "Procházet organizace",
-    "incorrect_root_url": "Tato instance Forgejo je nastavena tak, aby běžela na adrese „%s“. Vy si momentálně prohlížíte Forgejo na jiné adrese, což může způsobit rozbití některých částí aplikace. Správná adresa je ovládána správci Forgejo pomocí nastavení ROOT_URL v souboru app.ini.",
-    "themes.names.forgejo-auto": "Forgejo (podle motivu systému)",
-    "themes.names.forgejo-light": "Forgejo – světlé",
-    "themes.names.forgejo-dark": "Forgejo – tmavé",
-    "error.not_found.title": "Stránka nenalezena",
-    "alert.asset_load_failed": "Nepodařilo se načíst soubory příloh z {path}. Ujistěte se, že jsou dané soubory přístupné.",
-    "install.invalid_lfs_path": "Nepodařilo se vytvořit kořen LFS na zvolené cestě: %[1]s",
-    "alert.range_error": " musí být číslo mezi %[1]s a %[2]s.",
-    "meta.last_line": "Díky všem přispěvatelům za pomoc!",
-    "mail.actions.not_successful_run_subject": "Workflow %[1]s selhal v repozitáři %[2]s",
-    "mail.actions.not_successful_run": "Workflow %[1]s selhal v repozitáři %[2]s",
-    "mail.actions.run_info_cur_status": "Stav tohoto procesu: %[1]s (právě aktualizováno z %[2]s)",
-    "mail.actions.run_info_previous_status": "Stav předchozího procesu: %[1]s",
-    "mail.actions.run_info_trigger": "Spuštěno z důvodu: %[1]s od: %[2]s",
-    "mail.actions.successful_run_after_failure_subject": "Workflow %[1]s obnoven v repozitáři %[2]s",
-    "mail.actions.successful_run_after_failure": "Workflow %[1]s obnoven v repozitáři %[2]s",
-    "discussion.locked": "Tato diskuze byla uzamčena. Komentování je omezené na přispěvatele.",
-    "relativetime.future": "v budoucnu",
-    "relativetime.years": {
-        "one": "před %d rokem",
-        "few": "před %d lety",
-        "other": "před %d lety"
-    },
-    "relativetime.1day": "včera",
-    "relativetime.2days": "před dvěma dny",
-    "relativetime.1week": "minulý týden",
-    "relativetime.2weeks": "před dvěma týdny",
-    "relativetime.1month": "minulý měsíc",
-    "relativetime.2months": "před dvěma měsíci",
-    "relativetime.1year": "minulý rok",
-    "relativetime.2years": "před dvěma lety",
-    "relativetime.weeks": {
-        "one": "před %d týdnem",
-        "few": "před %d týdny",
-        "other": "před %d týdny"
-    },
-    "relativetime.days": {
-        "one": "před %d dnem",
-        "few": "před %d dny",
-        "other": "před %d dny"
-    },
-    "relativetime.mins": {
-        "one": "před %d minutou",
-        "few": "před %d minutami",
-        "other": "před %d minutami"
-    },
-    "relativetime.hours": {
-        "one": "před %d hodinou",
-        "few": "před %d hodinami",
-        "other": "před %d hodinami"
-    },
-    "relativetime.now": "nyní",
-    "relativetime.months": {
-        "one": "před %d měsícem",
-        "few": "před %d měsíci",
-        "other": "před %d měsíci"
-    },
-    "moderation.report_content": "Nahlásit obsah",
-    "moderation.report_abuse_form.details": "Tento formulář je určen k nahlašování uživatelů, kteří si vytvářejí spamové profily, repozitáře, problémy, komentáře nebo se chovají nevhodně.",
-    "admin.config.moderation_config": "Nastavení moderování",
-    "moderation.report_abuse": "Nahlásit zneužití",
-    "moderation.report_abuse_form.header": "Nahlásit zneužití administrátorovi",
-    "moderation.report_abuse_form.invalid": "Neplatné argumenty",
-    "moderation.report_abuse_form.already_reported": "Tento obsah jste již nahlásili",
-    "moderation.abuse_category": "Kategorie",
-    "moderation.submit_report": "Odeslat hlášení",
-    "moderation.reporting_failed": "Nepodařilo se odeslat nové hlášení zneužití: %v",
-    "moderation.report_remarks.placeholder": "Zadejte prosím podrobnosti o zneužití, které nahlašujete.",
-    "moderation.reported_thank_you": "Děkujeme za vaše hlášení. Správa platformy na ni byla upozorněna.",
-    "moderation.report_remarks": "Informace",
-    "moderation.abuse_category.placeholder": "Vyberte kategorii",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Malware",
-    "moderation.abuse_category.illegal_content": "Nezákonný obsah",
-    "moderation.abuse_category.other_violations": "Jiné porušení pravidel platformy",
-    "repo.form.cannot_create": "Všechny prostory, ve kterých můžete vytvářet repozitáře, dosáhly svého limitu.",
-    "repo.issue_indexer.title": "Indexování problémů",
-    "watch.list.none": "Tento repozitář nikdo nesleduje.",
-    "followers.incoming.list.self.none": "Váš profil nikdo nesleduje.",
-    "followers.incoming.list.none": "Tohoto uživatele nikdo nesleduje.",
-    "followers.outgoing.list.none": "%s nikoho nesleduje.",
-    "stars.list.none": "Tento repozitář si nikdo nepřidal do oblíbených.",
-    "followers.outgoing.list.self.none": "Nikoho nesledujete.",
-    "editor.textarea.tab_hint": "Řádek je již odsazen. Pro opuštění editoru stiskněte znovu <kbd>Tab</kbd> nebo <kbd>Escape</kbd>.",
-    "editor.textarea.shift_tab_hint": "Na tomto řádku není žádné odsazení. Pro opuštění editoru stiskněte znovu <kbd>Shift</kbd> + <kbd>Tab</kbd> nebo <kbd>Escape</kbd>.",
-    "admin.dashboard.cleanup_offline_runners": "Vymazat offline runnery",
-    "settings.visibility.description": "Viditelnost profilu ovlivňuje možnost ostatních přistupovat k vašim veřejným repozitářům. <a href=\"%s\" target=\"_blank\">Zjistit více</a>.",
-    "avatar.constraints_hint": "Velikost vlastního avataru nesmí překročit %[1]s nebo být větší než %[2]dx%[3]d pixelů",
-    "repo.diff.commit.next-short": "Další",
-    "repo.diff.commit.previous-short": "Předchozí",
-    "profile.actions.tooltip": "Další akce",
-    "keys.gpg.link": "Klíče GPG",
-    "profile.edit.link": "Upravit profil",
-    "feed.atom.link": "Zdroj Atom",
-    "keys.ssh.link": "Klíče SSH",
-    "og.repo.summary_card.alt_description": "Karta se souhrnem repozitáře %[1]s, popsaným jako: %[2]s",
-    "mail.actions.run_info_sha": "Revize: %[1]s",
-    "repo.settings.push_mirror.branch_filter.label": "Filtr větve (nepovinný)",
-    "repo.settings.push_mirror.branch_filter.description": "Větve, které mají být zrcadleny. Ponechte prázdné pro zrcadlení všech větví. Syntaxi naleznete v <a href=\"%[1]s\">dokumentaci %[2]s</a>. Příklady: <code>main, release/*</code>",
-    "discussion.sidebar.reference": "Reference",
-    "admin.moderation.moderation_reports": "Hlášení moderace",
-    "admin.moderation.reports": "Hlášení",
-    "admin.moderation.deleted_content_ref": "Nahlášený obsah s typem %[1]v a ID %[2]d již neexistuje",
-    "admin.moderation.no_open_reports": "Momentálně nejsou otevřena žádná hlášení.",
-    "admin.dashboard.remove_resolved_reports": "Odstranit vyřešená hlášení",
-    "compare.branches.title": "Porovnat větve",
-    "repo.commit.load_tags_failed": "Načtení značek selhalo z důvodu interní chyby",
-    "admin.auths.allow_username_change": "Povolit změnu uživatelského jména",
-    "admin.auths.allow_username_change.description": "Povolit uživatelům změnit své uživatelské jméno v nastavení profilu",
-    "warning.repository.out_of_sync": "Databázová reprezentace tohoto repozitáře není synchronizovaná. Pokud se toto varování zobrazuje i po odeslání revize do repozitáře, kontaktujte administrátora.",
-    "repo.pulls.already_merged": "Sloučení selhalo: tato žádost již byla sloučena.",
-    "migrate.pagure.description": "Migrovat data z pagure.io nebo jiných instancí Pagure.",
-    "migrate.pagure.incorrect_url": "Byla zadána nesprávná adresa URL zdrojového repozitáře",
-    "migrate.pagure.project_url": "Adresa projektu Pagure",
-    "migrate.pagure.project_example": "Adresa URL projektu Pagure, např. https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Token API Pagure",
-    "migrate.github.description": "Migrovat data z github.com nebo serveru GitHub Enterprise.",
-    "migrate.git.description": "Migrovat pouze repozitář z libovolné služby Git.",
-    "migrate.gitea.description": "Migrovat data z gitea.com nebo jiných instancí Gitea.",
-    "migrate.gitlab.description": "Migrovat data z gitlab.com nebo jiných instancí GitLab.",
-    "migrate.gogs.description": "Migrovat data z notabug.com nebo jiných instancí Gogs.",
-    "migrate.onedev.description": "Migrovat data z code.onedev.io nebo jiných instancí OneDev.",
-    "migrate.gitbucket.description": "Migrovat data z instancí GitBucket.",
-    "migrate.codebase.description": "Migrovat data z codebasehq.com.",
-    "migrate.forgejo.description": "Migrovat data z codeberg.org nebo jiných instancí Forgejo.",
-    "admin.config.security": "Nastavení zabezpečení",
-    "admin.config.global_2fa_requirement.title": "Globální požadavek dvoufázového ověření",
-    "error.must_enable_2fa": "Tato instance Forgejo vyžaduje, aby si všichni uživatelé zapnuli dvoufázové ověření, než začnou používat svůj účet. Povolíte jej zde: %s",
-    "settings.twofa_reenroll.description": "Znovu použít vaše dvoufázové ověření",
-    "admin.config.global_2fa_requirement.none": "Ne",
-    "admin.config.global_2fa_requirement.all": "Všichni uživatelé",
-    "admin.config.global_2fa_requirement.admin": "Administrátoři",
-    "settings.twofa_unroll_unavailable": "U vašeho účtu je vyžadováno dvoufázové ověření a nelze jej zakázat.",
-    "settings.twofa_reenroll": "Znovu použít dvoufázové ověření",
-    "settings.must_enable_2fa": "Tato instance Forgejo vyžaduje, aby si všichni uživatelé zapnuli dvoufázové ověření, než začnou používat svůj účet.",
-    "user.ghost.tooltip": "Tento uživatel byl odstraněn, nebo ho nelze dohledat.",
-    "migrate.form.error.url_credentials": "Adresa obsahuje údaje, zadejte je do odpovídajících polí uživatelského jména a hesla",
-    "actions.runs.viewing_out_of_date_run": "Prohlížíte si zastaralý běh této úlohy, který byl spuštěn %[1]s.",
-    "actions.runs.run_attempt_label": "Pokus o běh #%[1]s (%[2]s)",
-    "actions.runs.view_most_recent_run": "Zobrazit nejnovější běh",
-    "pulse.n_active_issues": {
-        "one": "%s aktivní problém",
-        "few": "%s aktivní problémy",
-        "other": "%s aktivních problémů"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s aktivní žádost o sloučení",
-        "few": "%s aktivní žádosti o sloučení",
-        "other": "%s aktivních žádostí o sloučení"
-    },
-    "repo.pulls.maintainers_can_edit": "Správci mohou upravit tuto žádost o sloučení.",
-    "repo.pulls.maintainers_cannot_edit": "Správci nemohou upravit tuto žádost o sloučení.",
-    "mail.issue.action.close_by_commit": "%[1]s zavřel/a %[2]s v revizi %[3]s.",
-    "migrate.pagure.private_issues.summary": "Soukromé problémy (volitelné)",
-    "migrate.pagure.private_issues.description": "Tato funkce je navržená pro vytvoření druhého repozitáře obsahujícího pouze soukromé problémy z vašeho projektu Pagure pro účely archivace. Nejprve proveďte normální migraci (bez tokenu) pro importování veškerého veřejného obsahu. Poté, pokud máte soukromé problémy k uchování, vytvořte oddělený repozitář pomocí této možnosti tokenu k archivování daných soukromých problémů.",
-    "migrate.pagure.private_issues.warning": "Ujistěte se, že je viditelnost repozitáře výše nastavena na Soukromou, pokud používáte klíč API k importování soukromých problémů. Tím zabráníte nechtěnému zveřejněný soukromého obsahu ve veřejném repozitáři.",
-    "migrate.pagure.token.placeholder": "Pouze pro vytvoření archivu soukromých problémů",
-    "actions.workflow.job_parsing_error": "Nepodařilo se zpracovat úlohy ve workflow: %v",
-    "actions.workflow.event_detection_error": "Nepodařilo se zpracovat podporované události ve workflow: %v",
-    "actions.workflow.pre_execution_error": "Workflow nebyl vykonán z důvodu chyby, která zablokovala pokus o vykonání.",
-    "watch.n_watchers": {
-        "one": "%s sledující",
-        "few": "%s sledující",
-        "other": "%s sledujících"
-    },
-    "teams.add_all_repos.modal.header": "Přidat všechny repozitáře",
-    "teams.remove_all_repos.modal.header": "Odstranit všechny repozitáře",
-    "repo.pulls.poster_manage_approval": "Spravovat schválení",
-    "repo.pulls.poster_requires_approval": "Některé běhy workflow <a href=\"%[1]s\">čekají na kontrolu</a>.",
-    "repo.pulls.poster_requires_approval.tooltip": "Autor této žádosti o sloučení není oprávněn spouštět běhy workflow iniciovaných žádostí o sloučení vytvořenou z forku repozitáře nebo pomocí AGit. Běhy workflow spuštěné událostí `pull_request` se nespustí, dokud nebudou schváleny.",
-    "repo.pulls.poster_is_trusted": "Autor této žádosti o sloučení je <a href=\"%[1]s\">oprávněný spouštět běhy workflow</a>.",
-    "repo.pulls.poster_is_trusted.tooltip": "Autor této žádosti o sloučení je explicitně oprávněný spouštět běhy workflow iniciované událostmi `pull_request`.",
-    "repo.pulls.poster_trust_deny": "Zamítnout",
-    "repo.pulls.poster_trust_deny.tooltip": "Běhy workflow čekající na schválení budou zrušeny.",
-    "repo.pulls.poster_trust_once": "Schválit jednou",
-    "repo.pulls.poster_trust_once.tooltip": "Běhy workflow iniciované událostí `pull_request` budou spuštěny u této revize, ale stále budou muset být schváleny pro všechny budoucí revize odeslané do této žádosti o sloučení.",
-    "repo.pulls.poster_trust_always": "Vždy schválit",
-    "repo.pulls.poster_trust_always.tooltip": "Běhy workflow iniciované událostí `pull_request` budou spuštěny u této revize a již nebude potřeba schvalovat další běhy z této žádosti o sloučení nebo budoucích žádostí o sloučení vytvořených stejným uživatelem.",
-    "repo.pulls.poster_trust_revoke": "Odvolat",
-    "repo.pulls.poster_trust_revoke.tooltip": "Autor této žádosti o sloučení již nebude moci spouštět běhy workflow iniciované událostí `pull_request`, každé spuštění bude muset být ručně schváleno.",
-    "admin.dashboard.actions_action_user": "Odvolat důvěřování ve Forgejo Actions neaktivním uživatelům",
-    "actions.status.diagnostics.waiting": {
-        "one": "Čekání na runner s následujícím štítkem: %s",
-        "few": "Čekání na runner s následujícími štítky: %s",
-        "other": "Čekání na runner s následujícími štítky: %s"
-    },
-    "keys.verify.token.hint": "Token je platný pouze 1 minutu. <a href=\"%[1]s\">Pokud vypršel, požádejte si o nový</a>.",
-    "admin.dashboard.transfer_lingering_logs": "Převést protokoly dokončených úloh akcí z databáze do úložiště",
-    "repo.issues.filter_poster.hint": "Filtrovat podle autora",
-    "repo.issues.filter_assignee.hint": "Filtrovat podle přiřazeného uživatele",
-    "repo.issues.filter_reviewers.hint": "Filtrovat podle uživatele, který prováděl kontrolu",
-    "repo.issues.filter_mention.hint": "Filtrovat podle zmíněného uživatele",
-    "repo.issues.filter_modified.hint": "Filtrovat podle data poslední úpravy",
-    "repo.issues.filter_sort.hint": "Seřadit podle: vytvořeno/komentáře/aktualizováno/termín",
-    "search.syntax": "Syntaxe vyhledávání",
-    "actions.workflow.persistent_incomplete_matrix": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s z důvodu výrazu `needs`, který byl neplatný. Může odkazovat na úlohu, která není v seznamu „needs“ (%[2]s), nebo výstup, který v jedné z těchto úloh neexistuje.",
-    "admin.auths.oauth2_quota_group_claim_name": "Zabrat název poskytující názvy skupin pro tento zdroj k použití ve správě kvót. (Volitelné)",
-    "admin.auths.oauth2_quota_group_map": "Přiřadit zabrané skupiny ke skupinám kvóty. (Volitelné – vyžaduje zabrání názvu výše)",
-    "admin.auths.oauth2_quota_group_map_removal": "Odstranit uživatele ze synchronizovaných skupin kvót, pokud do daných skupin uživatel nepatří.",
-    "moderation.report.mark_as_handled": "Označit jako vyřízené",
-    "moderation.report.mark_as_ignored": "Označit jako ignorované",
-    "moderation.action.account.delete": "Smazat účet",
-    "moderation.action.account.suspend": "Pozastavit účet",
-    "moderation.action.repo.delete": "Smazat repozitář",
-    "moderation.action.issue.delete": "Smazat problém",
-    "moderation.action.comment.delete": "Smazat komentář",
-    "moderation.unknown_action": "Neznámá akce",
-    "moderation.users.cannot_suspend_self": "Nemůžete pozastavit sami sebe.",
-    "moderation.users.cannot_suspend_admins": "Uživatele s administrátorskými právy nelze pozastavit.",
-    "moderation.users.cannot_suspend_org": "Organizace nelze pozastavit.",
-    "moderation.users.already_suspended": "Uživatelský účet je již pozastaven.",
-    "moderation.users.suspend_success": "Tento uživatelský účet byl pozastaven.",
-    "moderation.users.cannot_delete_admins": "Uživatele s administrátorskými oprávněními nelze smazat.",
-    "moderation.issue.deletion_success": "Problém byl smazán.",
-    "moderation.comment.deletion_success": "Komentář byl smazán.",
-    "actions.workflow.incomplete_matrix_missing_job": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s: úloha %[2]s není v seznamu `needs` úlohy %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s: úloze %[2]s chybí výstup %[3]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s: neznámá chyba.",
-    "actions.workflow.incomplete_runson_missing_job": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: úloha %[2]s není v seznamu `needs` úlohy %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: úloze %[2]s chybí výstup %[3]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: dimenze matice %[2]s neexistuje.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: neznámá chyba.",
-    "issues.updated": "aktualizováno %s",
-    "search.fuzzy": "Přibližné",
-    "search.fuzzy_tooltip": "Zahrnout výsledky, které jsou v přibližné shodě s hledaným výrazem",
-    "actions.workflow.incomplete_with_missing_job": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: úloha %[2]s není v seznamu `needs` úlohy %[1]s (%[3]s).",
-    "actions.workflow.incomplete_with_missing_output": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: úloze %[2]s chybí výstup %[3]s.",
-    "actions.workflow.incomplete_with_missing_matrix_dimension": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: rozměr matice %[2]s neexistuje.",
-    "actions.workflow.incomplete_with_unknown_cause": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: neznámá chyba."
+	"fork.n_forks": {
+		"one": "%s fork",
+		"few": "%s forky",
+		"other": "%s forků"
+	},
+	"stars.n_stars": {
+		"one": "%s oblíbení",
+		"few": "%s oblíbení",
+		"other": "%s oblíbení"
+	},
+	"release.n_downloads": {
+		"one": "%s stažení",
+		"few": "%s stažení",
+		"other": "%s stažení"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "sloučil/a %[1]d revizi z větve <code>%[2]s</code> do větve <code>%[3]s</code> %[4]s",
+		"few": "sloučil/a %[1]d revize z větve <code>%[2]s</code> do větve <code>%[3]s</code> před %[4]s",
+		"other": "sloučil/a %[1]d revizí z větve <code>%[2]s</code> do větve <code>%[3]s</code> před %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "žádá o sloučení %[1]d revize z větve <code>%[2]s</code> do větve <code id=\"%[4]s\">%[3]s</code>",
+		"few": "žádá o sloučení %[1]d revizí z větve <code>%[2]s</code> do větve <code id=\"%[4]s\">%[3]s</code>",
+		"other": "žádá o sloučení %[1]d revizí z větve <code>%[2]s</code> do větve <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Hledat milníky…",
+	"home.welcome.no_activity": "Žádná aktivita",
+	"home.welcome.activity_hint": "Váš feed je zatím prázdný. Zde se budou zobrazovat vaše akce a aktivity z repozitářů, které sledujete.",
+	"home.explore_repos": "Procházet repozitáře",
+	"home.explore_users": "Procházet uživatele",
+	"home.explore_orgs": "Procházet organizace",
+	"incorrect_root_url": "Tato instance Forgejo je nastavena tak, aby běžela na adrese „%s“. Vy si momentálně prohlížíte Forgejo na jiné adrese, což může způsobit rozbití některých částí aplikace. Správná adresa je ovládána správci Forgejo pomocí nastavení ROOT_URL v souboru app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (podle motivu systému)",
+	"themes.names.forgejo-light": "Forgejo – světlé",
+	"themes.names.forgejo-dark": "Forgejo – tmavé",
+	"error.not_found.title": "Stránka nenalezena",
+	"alert.asset_load_failed": "Nepodařilo se načíst soubory příloh z {path}. Ujistěte se, že jsou dané soubory přístupné.",
+	"install.invalid_lfs_path": "Nepodařilo se vytvořit kořen LFS na zvolené cestě: %[1]s",
+	"alert.range_error": " musí být číslo mezi %[1]s a %[2]s.",
+	"meta.last_line": "Díky všem přispěvatelům za pomoc!\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.not_successful_run_subject": "Workflow %[1]s selhal v repozitáři %[2]s",
+	"mail.actions.not_successful_run": "Workflow %[1]s selhal v repozitáři %[2]s",
+	"mail.actions.run_info_cur_status": "Stav tohoto procesu: %[1]s (právě aktualizováno z %[2]s)",
+	"mail.actions.run_info_previous_status": "Stav předchozího procesu: %[1]s",
+	"mail.actions.run_info_trigger": "Spuštěno z důvodu: %[1]s od: %[2]s",
+	"mail.actions.successful_run_after_failure_subject": "Workflow %[1]s obnoven v repozitáři %[2]s",
+	"mail.actions.successful_run_after_failure": "Workflow %[1]s obnoven v repozitáři %[2]s",
+	"discussion.locked": "Tato diskuze byla uzamčena. Komentování je omezené na přispěvatele.",
+	"relativetime.future": "v budoucnu",
+	"relativetime.years": {
+		"one": "před %d rokem",
+		"few": "před %d lety",
+		"other": "před %d lety"
+	},
+	"relativetime.1day": "včera",
+	"relativetime.2days": "před dvěma dny",
+	"relativetime.1week": "minulý týden",
+	"relativetime.2weeks": "před dvěma týdny",
+	"relativetime.1month": "minulý měsíc",
+	"relativetime.2months": "před dvěma měsíci",
+	"relativetime.1year": "minulý rok",
+	"relativetime.2years": "před dvěma lety",
+	"relativetime.weeks": {
+		"one": "před %d týdnem",
+		"few": "před %d týdny",
+		"other": "před %d týdny"
+	},
+	"relativetime.days": {
+		"one": "před %d dnem",
+		"few": "před %d dny",
+		"other": "před %d dny"
+	},
+	"relativetime.mins": {
+		"one": "před %d minutou",
+		"few": "před %d minutami",
+		"other": "před %d minutami"
+	},
+	"relativetime.hours": {
+		"one": "před %d hodinou",
+		"few": "před %d hodinami",
+		"other": "před %d hodinami"
+	},
+	"relativetime.now": "nyní",
+	"relativetime.months": {
+		"one": "před %d měsícem",
+		"few": "před %d měsíci",
+		"other": "před %d měsíci"
+	},
+	"moderation.report_content": "Nahlásit obsah",
+	"moderation.report_abuse_form.details": "Tento formulář je určen k nahlašování uživatelů, kteří si vytvářejí spamové profily, repozitáře, problémy, komentáře nebo se chovají nevhodně.",
+	"admin.config.moderation_config": "Nastavení moderování",
+	"moderation.report_abuse": "Nahlásit zneužití",
+	"moderation.report_abuse_form.header": "Nahlásit zneužití administrátorovi",
+	"moderation.report_abuse_form.invalid": "Neplatné argumenty",
+	"moderation.report_abuse_form.already_reported": "Tento obsah jste již nahlásili",
+	"moderation.abuse_category": "Kategorie",
+	"moderation.submit_report": "Odeslat hlášení",
+	"moderation.reporting_failed": "Nepodařilo se odeslat nové hlášení zneužití: %v",
+	"moderation.report_remarks.placeholder": "Zadejte prosím podrobnosti o zneužití, které nahlašujete.",
+	"moderation.reported_thank_you": "Děkujeme za vaše hlášení. Správa platformy na ni byla upozorněna.",
+	"moderation.report_remarks": "Informace",
+	"moderation.abuse_category.placeholder": "Vyberte kategorii",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Malware",
+	"moderation.abuse_category.illegal_content": "Nezákonný obsah",
+	"moderation.abuse_category.other_violations": "Jiné porušení pravidel platformy",
+	"repo.form.cannot_create": "Všechny prostory, ve kterých můžete vytvářet repozitáře, dosáhly svého limitu.",
+	"repo.issue_indexer.title": "Indexování problémů",
+	"watch.list.none": "Tento repozitář nikdo nesleduje.",
+	"followers.incoming.list.self.none": "Váš profil nikdo nesleduje.",
+	"followers.incoming.list.none": "Tohoto uživatele nikdo nesleduje.",
+	"followers.outgoing.list.none": "%s nikoho nesleduje.",
+	"stars.list.none": "Tento repozitář si nikdo nepřidal do oblíbených.",
+	"followers.outgoing.list.self.none": "Nikoho nesledujete.",
+	"editor.textarea.tab_hint": "Řádek je již odsazen. Pro opuštění editoru stiskněte znovu <kbd>Tab</kbd> nebo <kbd>Escape</kbd>.",
+	"editor.textarea.shift_tab_hint": "Na tomto řádku není žádné odsazení. Pro opuštění editoru stiskněte znovu <kbd>Shift</kbd> + <kbd>Tab</kbd> nebo <kbd>Escape</kbd>.",
+	"admin.dashboard.cleanup_offline_runners": "Vymazat offline runnery",
+	"settings.visibility.description": "Viditelnost profilu ovlivňuje možnost ostatních přistupovat k vašim veřejným repozitářům. <a href=\"%s\" target=\"_blank\">Zjistit více</a>.",
+	"avatar.constraints_hint": "Velikost vlastního avataru nesmí překročit %[1]s nebo být větší než %[2]dx%[3]d pixelů",
+	"repo.diff.commit.next-short": "Další",
+	"repo.diff.commit.previous-short": "Předchozí",
+	"profile.actions.tooltip": "Další akce",
+	"keys.gpg.link": "Klíče GPG",
+	"profile.edit.link": "Upravit profil",
+	"feed.atom.link": "Zdroj Atom",
+	"keys.ssh.link": "Klíče SSH",
+	"og.repo.summary_card.alt_description": "Karta se souhrnem repozitáře %[1]s, popsaným jako: %[2]s",
+	"mail.actions.run_info_sha": "Revize: %[1]s",
+	"repo.settings.push_mirror.branch_filter.label": "Filtr větve (nepovinný)",
+	"repo.settings.push_mirror.branch_filter.description": "Větve, které mají být zrcadleny. Ponechte prázdné pro zrcadlení všech větví. Syntaxi naleznete v <a href=\"%[1]s\">dokumentaci %[2]s</a>. Příklady: <code>main, release/*</code>",
+	"discussion.sidebar.reference": "Reference",
+	"admin.moderation.moderation_reports": "Hlášení moderace",
+	"admin.moderation.reports": "Hlášení",
+	"admin.moderation.deleted_content_ref": "Nahlášený obsah s typem %[1]v a ID %[2]d již neexistuje",
+	"admin.moderation.no_open_reports": "Momentálně nejsou otevřena žádná hlášení.",
+	"admin.dashboard.remove_resolved_reports": "Odstranit vyřešená hlášení",
+	"compare.branches.title": "Porovnat větve",
+	"repo.commit.load_tags_failed": "Načtení značek selhalo z důvodu interní chyby",
+	"admin.auths.allow_username_change": "Povolit změnu uživatelského jména",
+	"admin.auths.allow_username_change.description": "Povolit uživatelům změnit své uživatelské jméno v nastavení profilu",
+	"warning.repository.out_of_sync": "Databázová reprezentace tohoto repozitáře není synchronizovaná. Pokud se toto varování zobrazuje i po odeslání revize do repozitáře, kontaktujte administrátora.",
+	"repo.pulls.already_merged": "Sloučení selhalo: tato žádost již byla sloučena.",
+	"migrate.pagure.description": "Migrovat data z pagure.io nebo jiných instancí Pagure.",
+	"migrate.pagure.incorrect_url": "Byla zadána nesprávná adresa URL zdrojového repozitáře",
+	"migrate.pagure.project_url": "Adresa projektu Pagure",
+	"migrate.pagure.project_example": "Adresa URL projektu Pagure, např. https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Token API Pagure",
+	"migrate.github.description": "Migrovat data z github.com nebo serveru GitHub Enterprise.",
+	"migrate.git.description": "Migrovat pouze repozitář z libovolné služby Git.",
+	"migrate.gitea.description": "Migrovat data z gitea.com nebo jiných instancí Gitea.",
+	"migrate.gitlab.description": "Migrovat data z gitlab.com nebo jiných instancí GitLab.",
+	"migrate.gogs.description": "Migrovat data z notabug.com nebo jiných instancí Gogs.",
+	"migrate.onedev.description": "Migrovat data z code.onedev.io nebo jiných instancí OneDev.",
+	"migrate.gitbucket.description": "Migrovat data z instancí GitBucket.",
+	"migrate.codebase.description": "Migrovat data z codebasehq.com.",
+	"migrate.forgejo.description": "Migrovat data z codeberg.org nebo jiných instancí Forgejo.",
+	"admin.config.security": "Nastavení zabezpečení",
+	"admin.config.global_2fa_requirement.title": "Globální požadavek dvoufázového ověření",
+	"error.must_enable_2fa": "Tato instance Forgejo vyžaduje, aby si všichni uživatelé zapnuli dvoufázové ověření, než začnou používat svůj účet. Povolíte jej zde: %s",
+	"settings.twofa_reenroll.description": "Znovu použít vaše dvoufázové ověření",
+	"admin.config.global_2fa_requirement.none": "Ne",
+	"admin.config.global_2fa_requirement.all": "Všichni uživatelé",
+	"admin.config.global_2fa_requirement.admin": "Administrátoři",
+	"settings.twofa_unroll_unavailable": "U vašeho účtu je vyžadováno dvoufázové ověření a nelze jej zakázat.",
+	"settings.twofa_reenroll": "Znovu použít dvoufázové ověření",
+	"settings.must_enable_2fa": "Tato instance Forgejo vyžaduje, aby si všichni uživatelé zapnuli dvoufázové ověření, než začnou používat svůj účet.",
+	"user.ghost.tooltip": "Tento uživatel byl odstraněn, nebo ho nelze dohledat.",
+	"migrate.form.error.url_credentials": "Adresa obsahuje údaje, zadejte je do odpovídajících polí uživatelského jména a hesla",
+	"actions.runs.viewing_out_of_date_run": "Prohlížíte si zastaralý běh této úlohy, který byl spuštěn %[1]s.",
+	"actions.runs.run_attempt_label": "Pokus o běh #%[1]s (%[2]s)",
+	"actions.runs.view_most_recent_run": "Zobrazit nejnovější běh",
+	"pulse.n_active_issues": {
+		"one": "%s aktivní problém",
+		"few": "%s aktivní problémy",
+		"other": "%s aktivních problémů"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s aktivní žádost o sloučení",
+		"few": "%s aktivní žádosti o sloučení",
+		"other": "%s aktivních žádostí o sloučení"
+	},
+	"repo.pulls.maintainers_can_edit": "Správci mohou upravit tuto žádost o sloučení.",
+	"repo.pulls.maintainers_cannot_edit": "Správci nemohou upravit tuto žádost o sloučení.",
+	"mail.issue.action.close_by_commit": "%[1]s zavřel/a %[2]s v revizi %[3]s.",
+	"migrate.pagure.private_issues.summary": "Soukromé problémy (volitelné)",
+	"migrate.pagure.private_issues.description": "Tato funkce je navržená pro vytvoření druhého repozitáře obsahujícího pouze soukromé problémy z vašeho projektu Pagure pro účely archivace. Nejprve proveďte normální migraci (bez tokenu) pro importování veškerého veřejného obsahu. Poté, pokud máte soukromé problémy k uchování, vytvořte oddělený repozitář pomocí této možnosti tokenu k archivování daných soukromých problémů.",
+	"migrate.pagure.private_issues.warning": "Ujistěte se, že je viditelnost repozitáře výše nastavena na Soukromou, pokud používáte klíč API k importování soukromých problémů. Tím zabráníte nechtěnému zveřejněný soukromého obsahu ve veřejném repozitáři.",
+	"migrate.pagure.token.placeholder": "Pouze pro vytvoření archivu soukromých problémů",
+	"actions.workflow.job_parsing_error": "Nepodařilo se zpracovat úlohy ve workflow: %v",
+	"actions.workflow.event_detection_error": "Nepodařilo se zpracovat podporované události ve workflow: %v",
+	"actions.workflow.pre_execution_error": "Workflow nebyl vykonán z důvodu chyby, která zablokovala pokus o vykonání.",
+	"watch.n_watchers": {
+		"one": "%s sledující",
+		"few": "%s sledující",
+		"other": "%s sledujících"
+	},
+	"teams.add_all_repos.modal.header": "Přidat všechny repozitáře",
+	"teams.remove_all_repos.modal.header": "Odstranit všechny repozitáře",
+	"repo.pulls.poster_manage_approval": "Spravovat schválení",
+	"repo.pulls.poster_requires_approval": "Některé běhy workflow <a href=\"%[1]s\">čekají na kontrolu</a>.",
+	"repo.pulls.poster_requires_approval.tooltip": "Autor této žádosti o sloučení není oprávněn spouštět běhy workflow iniciovaných žádostí o sloučení vytvořenou z forku repozitáře nebo pomocí AGit. Běhy workflow spuštěné událostí `pull_request` se nespustí, dokud nebudou schváleny.",
+	"repo.pulls.poster_is_trusted": "Autor této žádosti o sloučení je <a href=\"%[1]s\">oprávněný spouštět běhy workflow</a>.",
+	"repo.pulls.poster_is_trusted.tooltip": "Autor této žádosti o sloučení je explicitně oprávněný spouštět běhy workflow iniciované událostmi `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Zamítnout",
+	"repo.pulls.poster_trust_deny.tooltip": "Běhy workflow čekající na schválení budou zrušeny.",
+	"repo.pulls.poster_trust_once": "Schválit jednou",
+	"repo.pulls.poster_trust_once.tooltip": "Běhy workflow iniciované událostí `pull_request` budou spuštěny u této revize, ale stále budou muset být schváleny pro všechny budoucí revize odeslané do této žádosti o sloučení.",
+	"repo.pulls.poster_trust_always": "Vždy schválit",
+	"repo.pulls.poster_trust_always.tooltip": "Běhy workflow iniciované událostí `pull_request` budou spuštěny u této revize a již nebude potřeba schvalovat další běhy z této žádosti o sloučení nebo budoucích žádostí o sloučení vytvořených stejným uživatelem.",
+	"repo.pulls.poster_trust_revoke": "Odvolat",
+	"repo.pulls.poster_trust_revoke.tooltip": "Autor této žádosti o sloučení již nebude moci spouštět běhy workflow iniciované událostí `pull_request`, každé spuštění bude muset být ručně schváleno.",
+	"admin.dashboard.actions_action_user": "Odvolat důvěřování ve Forgejo Actions neaktivním uživatelům",
+	"actions.status.diagnostics.waiting": {
+		"one": "Čekání na runner s následujícím štítkem: %s",
+		"few": "Čekání na runner s následujícími štítky: %s",
+		"other": "Čekání na runner s následujícími štítky: %s"
+	},
+	"keys.verify.token.hint": "Token je platný pouze 1 minutu. <a href=\"%[1]s\">Pokud vypršel, požádejte si o nový</a>.",
+	"admin.dashboard.transfer_lingering_logs": "Převést protokoly dokončených úloh akcí z databáze do úložiště",
+	"repo.issues.filter_poster.hint": "Filtrovat podle autora",
+	"repo.issues.filter_assignee.hint": "Filtrovat podle přiřazeného uživatele",
+	"repo.issues.filter_reviewers.hint": "Filtrovat podle uživatele, který prováděl kontrolu",
+	"repo.issues.filter_mention.hint": "Filtrovat podle zmíněného uživatele",
+	"repo.issues.filter_modified.hint": "Filtrovat podle data poslední úpravy",
+	"repo.issues.filter_sort.hint": "Seřadit podle: vytvořeno/komentáře/aktualizováno/termín",
+	"search.syntax": "Syntaxe vyhledávání",
+	"actions.workflow.persistent_incomplete_matrix": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s z důvodu výrazu `needs`, který byl neplatný. Může odkazovat na úlohu, která není v seznamu „needs“ (%[2]s), nebo výstup, který v jedné z těchto úloh neexistuje.",
+	"admin.auths.oauth2_quota_group_claim_name": "Zabrat název poskytující názvy skupin pro tento zdroj k použití ve správě kvót. (Volitelné)",
+	"admin.auths.oauth2_quota_group_map": "Přiřadit zabrané skupiny ke skupinám kvóty. (Volitelné – vyžaduje zabrání názvu výše)",
+	"admin.auths.oauth2_quota_group_map_removal": "Odstranit uživatele ze synchronizovaných skupin kvót, pokud do daných skupin uživatel nepatří.",
+	"moderation.report.mark_as_handled": "Označit jako vyřízené",
+	"moderation.report.mark_as_ignored": "Označit jako ignorované",
+	"moderation.action.account.delete": "Smazat účet",
+	"moderation.action.account.suspend": "Pozastavit účet",
+	"moderation.action.repo.delete": "Smazat repozitář",
+	"moderation.action.issue.delete": "Smazat problém",
+	"moderation.action.comment.delete": "Smazat komentář",
+	"moderation.unknown_action": "Neznámá akce",
+	"moderation.users.cannot_suspend_self": "Nemůžete pozastavit sami sebe.",
+	"moderation.users.cannot_suspend_admins": "Uživatele s administrátorskými právy nelze pozastavit.",
+	"moderation.users.cannot_suspend_org": "Organizace nelze pozastavit.",
+	"moderation.users.already_suspended": "Uživatelský účet je již pozastaven.",
+	"moderation.users.suspend_success": "Tento uživatelský účet byl pozastaven.",
+	"moderation.users.cannot_delete_admins": "Uživatele s administrátorskými oprávněními nelze smazat.",
+	"moderation.issue.deletion_success": "Problém byl smazán.",
+	"moderation.comment.deletion_success": "Komentář byl smazán.",
+	"actions.workflow.incomplete_matrix_missing_job": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s: úloha %[2]s není v seznamu `needs` úlohy %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s: úloze %[2]s chybí výstup %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s: neznámá chyba.",
+	"actions.workflow.incomplete_runson_missing_job": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: úloha %[2]s není v seznamu `needs` úlohy %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: úloze %[2]s chybí výstup %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: dimenze matice %[2]s neexistuje.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Nepodařilo se vyhodnotit `runs-on` úlohy %[1]s: neznámá chyba.",
+	"issues.updated": "aktualizováno %s",
+	"search.fuzzy": "Přibližné",
+	"search.fuzzy_tooltip": "Zahrnout výsledky, které jsou v přibližné shodě s hledaným výrazem",
+	"actions.workflow.incomplete_with_missing_job": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: úloha %[2]s není v seznamu `needs` úlohy %[1]s (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: úloze %[2]s chybí výstup %[3]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: rozměr matice %[2]s neexistuje.",
+	"actions.workflow.incomplete_with_unknown_cause": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: neznámá chyba."
 }
diff --git a/options/locale_next/locale_cy.json b/options/locale_next/locale_cy.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_cy.json
+++ b/options/locale_next/locale_cy.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index 201f505d20..c96bdcf76f 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -1,134 +1,134 @@
 {
-    "fork.n_forks": {
-        "one": "%s fork",
-        "other": "%s forks"
-    },
-    "stars.n_stars": {
-        "one": "%s stjerne",
-        "other": "%s stjerner"
-    },
-    "release.n_downloads": {
-        "one": "%s download",
-        "other": "%s downloads"
-    },
-    "search.milestone_kind": "Søg milepæle…",
-    "repo.pulls.title_desc": {
-        "one": "ønsker at flette %[1]d commit fra <code>%[2]s</code> til <code id=\"%[4]s\">%[3]s</code>",
-        "other": "ønsker at flette %[1]d commits fra <code>%[2]s</code> til <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "flettet %[1]d commit fra <code>%[2]s</code> til <code>%[3]s</code> %[4]s",
-        "other": "flettet %[1]d commits fra <code>%[2]s</code> til <code>%[3]s</code> %[4]s"
-    },
-    "incorrect_root_url": "Denne Forgejo-instans er konfigureret til at blive serveret på \"%s\". Du ser i øjeblikket Forgejo gennem en anden URL, hvilket kan få dele af applikationen til at gå i stykker. Den kanoniske URL styres af Forgejo-administratorer via indstillingen ROOT_URL i app.ini.",
-    "home.welcome.no_activity": "Ingen aktivitet",
-    "home.welcome.activity_hint": "Der er intet i dit feed endnu. Dine handlinger og aktivitet fra depoterne, som du ser, vises her.",
-    "home.explore_repos": "Udforsk depoter",
-    "home.explore_users": "Udforsk brugere",
-    "home.explore_orgs": "Udforsk organisationer",
-    "themes.names.forgejo-light": "Forgejo lys",
-    "themes.names.forgejo-dark": "Forgejo mørk",
-    "themes.names.forgejo-auto": "Forgejo (følg systemtema)",
-    "error.not_found.title": "Siden blev ikke fundet",
-    "alert.asset_load_failed": "Kunne ikke indlæse aktivfiler fra {path}. Sørg for, at aktivfilerne er tilgængelige.",
-    "install.invalid_lfs_path": "Kan ikke oprette LFS-roden på den angivne sti: %[1]s",
-    "alert.range_error": " skal være et tal mellem %[1]s og %[2]s.",
-    "meta.last_line": "Livet er det dejligste eventyr. - (H.C. Andersen)",
-    "mail.actions.not_successful_run_subject": "Arbejdsgangen %[1]s mislykkedes i depotet %[2]s",
-    "mail.actions.successful_run_after_failure_subject": "Arbejdsgang %[1]s gendannet i depotet %[2]s",
-    "mail.actions.successful_run_after_failure": "Arbejdsgang %[1]s gendannet i depotet %[2]s",
-    "mail.actions.not_successful_run": "Arbejdsgangen %[1]s mislykkedes i depotet %[2]s",
-    "mail.actions.run_info_cur_status": "Status for denne kørsel: %[1]s (lige opdateret fra %[2]s)",
-    "mail.actions.run_info_previous_status": "Status for forrige kørsel: %[1]s",
-    "mail.actions.run_info_trigger": "Udløst fordi: %[1]s af: %[2]s",
-    "discussion.locked": "Denne diskussion er blevet låst. Kommentarer er begrænset til bidragydere.",
-    "relativetime.now": "nu",
-    "relativetime.future": "i fremtiden",
-    "relativetime.mins": {
-        "one": "%d minut siden",
-        "other": "%d minutter siden"
-    },
-    "relativetime.hours": {
-        "one": "%d time siden",
-        "other": "%d timer siden"
-    },
-    "relativetime.days": {
-        "one": "%d dag siden",
-        "other": "%d dage siden"
-    },
-    "relativetime.months": {
-        "one": "%d måned siden",
-        "other": "%d måneder siden"
-    },
-    "relativetime.1day": "i går",
-    "relativetime.1week": "sidste uge",
-    "relativetime.2weeks": "2 uger siden",
-    "relativetime.2months": "2 måneder siden",
-    "relativetime.1year": "sidste år",
-    "relativetime.weeks": {
-        "one": "%d uge siden",
-        "other": "%d uger siden"
-    },
-    "relativetime.2years": "2 år siden",
-    "relativetime.years": {
-        "one": "%d år siden",
-        "other": "%d år siden"
-    },
-    "relativetime.2days": "2 dage siden",
-    "relativetime.1month": "sidste måned",
-    "repo.form.cannot_create": "Alle områder, hvor du kan oprette depoter, har nået grænsen for antal depoter.",
-    "repo.issue_indexer.title": "Problemindekser",
-    "moderation.report_remarks": "Bemærkninger",
-    "admin.config.moderation_config": "Moderationskonfiguration",
-    "moderation.report_abuse": "Rapportér misbrug",
-    "moderation.report_content": "Rapportér indhold",
-    "moderation.report_abuse_form.header": "Rapportér misbrug til administrator",
-    "moderation.report_abuse_form.details": "Denne formular skal bruges til at rapportere brugere, der opretter spamprofiler, arkiver, problemer, kommentarer eller opfører sig upassende.",
-    "moderation.report_abuse_form.invalid": "Ugyldige argumenter",
-    "moderation.report_abuse_form.already_reported": "Du har allerede rapporteret dette indhold",
-    "moderation.abuse_category": "Kategori",
-    "moderation.abuse_category.placeholder": "Vælg en kategori",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Malware",
-    "moderation.abuse_category.illegal_content": "Ulovligt indhold",
-    "moderation.abuse_category.other_violations": "Andre overtrædelser af platformens regler",
-    "moderation.report_remarks.placeholder": "Angiv venligst nogle detaljer vedrørende det misbrug, du anmelder.",
-    "moderation.submit_report": "Indsend rapport",
-    "moderation.reporting_failed": "Den nye misbrugsrapport kunne ikke indsendes: %v",
-    "moderation.reported_thank_you": "Tak for din rapport. Administrationen er blevet gjort opmærksom på den.",
-    "stars.list.none": "Ingen har markeret dette depot med en stjerne.",
-    "watch.list.none": "Ingen ser dette depot.",
-    "followers.incoming.list.self.none": "Ingen følger din profil.",
-    "followers.incoming.list.none": "Ingen følger denne bruger.",
-    "followers.outgoing.list.self.none": "Du følger ikke nogen.",
-    "followers.outgoing.list.none": "%s følger ikke nogen.",
-    "editor.textarea.tab_hint": "Linjen er allerede indrykket. Tryk på <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> for at forlade editoren.",
-    "editor.textarea.shift_tab_hint": "Ingen indrykning på denne linje. Tryk på <kbd>Shift</kbd> + <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> for at forlade editoren.",
-    "admin.dashboard.cleanup_offline_runners": "Ryd op offline runners",
-    "settings.visibility.description": "Profilsynlighed påvirker andres adgang til dine ikke-private depoter. <a href=\"%s\" target=\"_blank\">Læs mere</a>",
-    "avatar.constraints_hint": "Brugerdefineret avatar må ikke overstige %[1]s i størrelse eller være større end %[2]dx%[3]d pixels",
-    "repo.diff.commit.next-short": "Næste",
-    "repo.diff.commit.previous-short": "Forrige",
-    "profile.actions.tooltip": "Flere handlinger",
-    "profile.edit.link": "Redigere profil",
-    "feed.atom.link": "Atom feed",
-    "keys.ssh.link": "SSH Nøgler",
-    "keys.gpg.link": "GPG Nøgler",
-    "migrate.github.description": "Migrer data fra github.com eller GitHub Enterprise server.",
-    "migrate.git.description": "Migrer kun et depot fra enhver Git-tjeneste.",
-    "migrate.gitea.description": "Migrer data fra gitea.com eller andre Gitea-instanser.",
-    "migrate.gitlab.description": "Migrer data fra gitlab.com eller andre GitLab-instanser.",
-    "migrate.gogs.description": "Migrer data fra notabug.org eller andre Gogs-instanser.",
-    "migrate.onedev.description": "Migrer data fra code.onedev.io eller andre OneDev-instanser.",
-    "migrate.gitbucket.description": "Migrer data fra GitBucket-instanser.",
-    "migrate.codebase.description": "Migrer data fra codebasehq.com.",
-    "migrate.forgejo.description": "Migrer data fra codeberg.org eller andre Forgejo-instanser.",
-    "pulse.n_active_issues": {
-        "one": "%s aktivt problem",
-        "other": "%s aktive problemer"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s aktiv pull-anmodning",
-        "other": "%s aktive pull-anmodninger"
-    }
+	"fork.n_forks": {
+		"one": "%s fork",
+		"other": "%s forks"
+	},
+	"stars.n_stars": {
+		"one": "%s stjerne",
+		"other": "%s stjerner"
+	},
+	"release.n_downloads": {
+		"one": "%s download",
+		"other": "%s downloads"
+	},
+	"search.milestone_kind": "Søg milepæle…",
+	"repo.pulls.title_desc": {
+		"one": "ønsker at flette %[1]d commit fra <code>%[2]s</code> til <code id=\"%[4]s\">%[3]s</code>",
+		"other": "ønsker at flette %[1]d commits fra <code>%[2]s</code> til <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "flettet %[1]d commit fra <code>%[2]s</code> til <code>%[3]s</code> %[4]s",
+		"other": "flettet %[1]d commits fra <code>%[2]s</code> til <code>%[3]s</code> %[4]s"
+	},
+	"incorrect_root_url": "Denne Forgejo-instans er konfigureret til at blive serveret på \"%s\". Du ser i øjeblikket Forgejo gennem en anden URL, hvilket kan få dele af applikationen til at gå i stykker. Den kanoniske URL styres af Forgejo-administratorer via indstillingen ROOT_URL i app.ini.",
+	"home.welcome.no_activity": "Ingen aktivitet",
+	"home.welcome.activity_hint": "Der er intet i dit feed endnu. Dine handlinger og aktivitet fra depoterne, som du ser, vises her.",
+	"home.explore_repos": "Udforsk depoter",
+	"home.explore_users": "Udforsk brugere",
+	"home.explore_orgs": "Udforsk organisationer",
+	"themes.names.forgejo-light": "Forgejo lys",
+	"themes.names.forgejo-dark": "Forgejo mørk",
+	"themes.names.forgejo-auto": "Forgejo (følg systemtema)",
+	"error.not_found.title": "Siden blev ikke fundet",
+	"alert.asset_load_failed": "Kunne ikke indlæse aktivfiler fra {path}. Sørg for, at aktivfilerne er tilgængelige.",
+	"install.invalid_lfs_path": "Kan ikke oprette LFS-roden på den angivne sti: %[1]s",
+	"alert.range_error": " skal være et tal mellem %[1]s og %[2]s.",
+	"meta.last_line": "Livet er det dejligste eventyr. - (H.C. Andersen)\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.not_successful_run_subject": "Arbejdsgangen %[1]s mislykkedes i depotet %[2]s",
+	"mail.actions.successful_run_after_failure_subject": "Arbejdsgang %[1]s gendannet i depotet %[2]s",
+	"mail.actions.successful_run_after_failure": "Arbejdsgang %[1]s gendannet i depotet %[2]s",
+	"mail.actions.not_successful_run": "Arbejdsgangen %[1]s mislykkedes i depotet %[2]s",
+	"mail.actions.run_info_cur_status": "Status for denne kørsel: %[1]s (lige opdateret fra %[2]s)",
+	"mail.actions.run_info_previous_status": "Status for forrige kørsel: %[1]s",
+	"mail.actions.run_info_trigger": "Udløst fordi: %[1]s af: %[2]s",
+	"discussion.locked": "Denne diskussion er blevet låst. Kommentarer er begrænset til bidragydere.",
+	"relativetime.now": "nu",
+	"relativetime.future": "i fremtiden",
+	"relativetime.mins": {
+		"one": "%d minut siden",
+		"other": "%d minutter siden"
+	},
+	"relativetime.hours": {
+		"one": "%d time siden",
+		"other": "%d timer siden"
+	},
+	"relativetime.days": {
+		"one": "%d dag siden",
+		"other": "%d dage siden"
+	},
+	"relativetime.months": {
+		"one": "%d måned siden",
+		"other": "%d måneder siden"
+	},
+	"relativetime.1day": "i går",
+	"relativetime.1week": "sidste uge",
+	"relativetime.2weeks": "2 uger siden",
+	"relativetime.2months": "2 måneder siden",
+	"relativetime.1year": "sidste år",
+	"relativetime.weeks": {
+		"one": "%d uge siden",
+		"other": "%d uger siden"
+	},
+	"relativetime.2years": "2 år siden",
+	"relativetime.years": {
+		"one": "%d år siden",
+		"other": "%d år siden"
+	},
+	"relativetime.2days": "2 dage siden",
+	"relativetime.1month": "sidste måned",
+	"repo.form.cannot_create": "Alle områder, hvor du kan oprette depoter, har nået grænsen for antal depoter.",
+	"repo.issue_indexer.title": "Problemindekser",
+	"moderation.report_remarks": "Bemærkninger",
+	"admin.config.moderation_config": "Moderationskonfiguration",
+	"moderation.report_abuse": "Rapportér misbrug",
+	"moderation.report_content": "Rapportér indhold",
+	"moderation.report_abuse_form.header": "Rapportér misbrug til administrator",
+	"moderation.report_abuse_form.details": "Denne formular skal bruges til at rapportere brugere, der opretter spamprofiler, arkiver, problemer, kommentarer eller opfører sig upassende.",
+	"moderation.report_abuse_form.invalid": "Ugyldige argumenter",
+	"moderation.report_abuse_form.already_reported": "Du har allerede rapporteret dette indhold",
+	"moderation.abuse_category": "Kategori",
+	"moderation.abuse_category.placeholder": "Vælg en kategori",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Malware",
+	"moderation.abuse_category.illegal_content": "Ulovligt indhold",
+	"moderation.abuse_category.other_violations": "Andre overtrædelser af platformens regler",
+	"moderation.report_remarks.placeholder": "Angiv venligst nogle detaljer vedrørende det misbrug, du anmelder.",
+	"moderation.submit_report": "Indsend rapport",
+	"moderation.reporting_failed": "Den nye misbrugsrapport kunne ikke indsendes: %v",
+	"moderation.reported_thank_you": "Tak for din rapport. Administrationen er blevet gjort opmærksom på den.",
+	"stars.list.none": "Ingen har markeret dette depot med en stjerne.",
+	"watch.list.none": "Ingen ser dette depot.",
+	"followers.incoming.list.self.none": "Ingen følger din profil.",
+	"followers.incoming.list.none": "Ingen følger denne bruger.",
+	"followers.outgoing.list.self.none": "Du følger ikke nogen.",
+	"followers.outgoing.list.none": "%s følger ikke nogen.",
+	"editor.textarea.tab_hint": "Linjen er allerede indrykket. Tryk på <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> for at forlade editoren.",
+	"editor.textarea.shift_tab_hint": "Ingen indrykning på denne linje. Tryk på <kbd>Shift</kbd> + <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> for at forlade editoren.",
+	"admin.dashboard.cleanup_offline_runners": "Ryd op offline runners",
+	"settings.visibility.description": "Profilsynlighed påvirker andres adgang til dine ikke-private depoter. <a href=\"%s\" target=\"_blank\">Læs mere</a>",
+	"avatar.constraints_hint": "Brugerdefineret avatar må ikke overstige %[1]s i størrelse eller være større end %[2]dx%[3]d pixels",
+	"repo.diff.commit.next-short": "Næste",
+	"repo.diff.commit.previous-short": "Forrige",
+	"profile.actions.tooltip": "Flere handlinger",
+	"profile.edit.link": "Redigere profil",
+	"feed.atom.link": "Atom feed",
+	"keys.ssh.link": "SSH Nøgler",
+	"keys.gpg.link": "GPG Nøgler",
+	"migrate.github.description": "Migrer data fra github.com eller GitHub Enterprise server.",
+	"migrate.git.description": "Migrer kun et depot fra enhver Git-tjeneste.",
+	"migrate.gitea.description": "Migrer data fra gitea.com eller andre Gitea-instanser.",
+	"migrate.gitlab.description": "Migrer data fra gitlab.com eller andre GitLab-instanser.",
+	"migrate.gogs.description": "Migrer data fra notabug.org eller andre Gogs-instanser.",
+	"migrate.onedev.description": "Migrer data fra code.onedev.io eller andre OneDev-instanser.",
+	"migrate.gitbucket.description": "Migrer data fra GitBucket-instanser.",
+	"migrate.codebase.description": "Migrer data fra codebasehq.com.",
+	"migrate.forgejo.description": "Migrer data fra codeberg.org eller andre Forgejo-instanser.",
+	"pulse.n_active_issues": {
+		"one": "%s aktivt problem",
+		"other": "%s aktive problemer"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s aktiv pull-anmodning",
+		"other": "%s aktive pull-anmodninger"
+	}
 }
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 99ee89204c..6a28242433 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -1,243 +1,243 @@
 {
-    "fork.n_forks": {
-        "one": "%s Fork",
-        "other": "%s Forks"
-    },
-    "stars.n_stars": {
-        "one": "%s Favorisierung",
-        "other": "%s Favorisierungen"
-    },
-    "release.n_downloads": {
-        "one": "%s Download",
-        "other": "%s Downloads"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "hat %[1]d Commit von <code>%[2]s</code> nach <code>%[3]s</code> %[4]s zusammengeführt",
-        "other": "hat %[1]d Commits von <code>%[2]s</code> nach <code>%[3]s</code> %[4]s zusammengeführt"
-    },
-    "repo.pulls.title_desc": {
-        "one": "möchte %[1]d Commit von <code>%[2]s</code> nach <code id=\"%[4]s\">%[3]s</code> zusammenführen",
-        "other": "möchte %[1]d Commits von <code>%[2]s</code> nach <code id=\"%[4]s\">%[3]s</code> zusammenführen"
-    },
-    "search.milestone_kind": "Meilensteine suchen …",
-    "home.welcome.no_activity": "Keine Aktivität",
-    "home.explore_repos": "Repositorys erkunden",
-    "home.explore_users": "Benutzer erkunden",
-    "home.explore_orgs": "Organisationen erkunden",
-    "home.welcome.activity_hint": "Es gibt noch nichts in deinem Feed. Deine Aktionen und Aktivitäten aus Repositorys, die du beobachtest, werden hier auftauchen.",
-    "incorrect_root_url": "Diese Forgejo-Instanz ist konfiguriert, auf „%s“ bereitgestellt zu werden. Du rufst Forgejo über einen anderen URL auf, was dazu führen könnte, dass einige Bereiche nicht funktionieren. Der anerkannte URL wird durch die Forgejo-Admins mittels der Einstellung ROOT_URL in der app.ini kontrolliert.",
-    "themes.names.forgejo-auto": "Forgejo (folge Systemthema)",
-    "themes.names.forgejo-light": "Forgejo hell",
-    "themes.names.forgejo-dark": "Forgejo dunkel",
-    "error.not_found.title": "Seite nicht gefunden",
-    "alert.asset_load_failed": "Konnte Asset-Dateien nicht von {path} laden. Bitte stelle sicher, dass auf die Asset-Dateien zugegriffen werden kann.",
-    "install.invalid_lfs_path": "Der LFS-Root konnte nicht am angegebenen Pfad erstellt werden: %[1]s",
-    "alert.range_error": " muss eine Zahl zwischen %[1]s und %[2]s sein.",
-    "meta.last_line": "Vielen Dank für die Übersetzung von Forgejo! Diese Zeile wird von den Benutzern nicht gesehen, dient aber anderen Zwecken im Übersetzungsmanagement. Du kannst eine lustige Tatsache in der Übersetzung platzieren, anstatt sie zu übersetzen.",
-    "mail.actions.successful_run_after_failure_subject": "Arbeitsablauf %[1]s in Repository %[2]s wiederhergestellt",
-    "mail.actions.not_successful_run_subject": "Arbeitsablauf %[1]s in Repository %[2]s fehlgeschlagen",
-    "mail.actions.successful_run_after_failure": "Arbeitsablauf %[1]s in Repository %[2]s wiederhergestellt",
-    "mail.actions.not_successful_run": "Arbeitsablauf %[1]s in Repository %[2]s fehlgeschlagen",
-    "mail.actions.run_info_previous_status": "Vorheriger Status des Runs: %[1]s",
-    "mail.actions.run_info_trigger": "Ausgelöst, weil: %[1]s durch: %[2]s",
-    "mail.actions.run_info_cur_status": "Status dieses Runs: %[1]s (gerade eben von %[2]s aktualisiert)",
-    "discussion.locked": "Diese Diskussion wurde gesperrt. Nur Mitwirkende können kommentieren.",
-    "relativetime.now": "jetzt",
-    "relativetime.hours": {
-        "one": "vor %d Stunde",
-        "other": "vor %d Stunden"
-    },
-    "relativetime.days": {
-        "one": "vor %d Tag",
-        "other": "vor %d Tagen"
-    },
-    "relativetime.months": {
-        "one": "vor %d Monat",
-        "other": "vor %d Monaten"
-    },
-    "relativetime.years": {
-        "one": "vor %d Jahr",
-        "other": "vor %d Jahren"
-    },
-    "relativetime.1week": "letzte Woche",
-    "relativetime.1month": "letzten Monat",
-    "relativetime.2months": "vor zwei Monaten",
-    "relativetime.1year": "letztes Jahr",
-    "relativetime.2years": "vor zwei Jahren",
-    "relativetime.1day": "gestern",
-    "relativetime.weeks": {
-        "one": "vor %d Woche",
-        "other": "vor %d Wochen"
-    },
-    "relativetime.2weeks": "vor zwei Wochen",
-    "relativetime.mins": {
-        "one": "vor %d Minute",
-        "other": "vor %d Minuten"
-    },
-    "relativetime.2days": "vorgestern",
-    "relativetime.future": "in der Zukunft",
-    "admin.config.moderation_config": "Moderations-Konfiguration",
-    "moderation.report_abuse": "Missbrauch melden",
-    "moderation.report_content": "Inhalt melden",
-    "moderation.report_abuse_form.header": "Dem Administrator Missbrauch melden",
-    "moderation.report_abuse_form.details": "Dieses Formular soll genutzt werden, um Benutzer zu melden, die Spam-Profile, -Repositorys, -Issues, und -Kommentare erstellen, oder sich unangemessen verhalten.",
-    "moderation.report_abuse_form.invalid": "Ungültige Argumente",
-    "moderation.report_abuse_form.already_reported": "Du hast diesen Inhalt bereits gemeldet",
-    "moderation.abuse_category": "Kategorie",
-    "moderation.abuse_category.placeholder": "Eine Kategorie auswählen",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Malware",
-    "moderation.abuse_category.illegal_content": "Illegaler Inhalt",
-    "moderation.abuse_category.other_violations": "Andere Verstöße gegen die Plattformregeln",
-    "moderation.report_remarks": "Anmerkungen",
-    "moderation.report_remarks.placeholder": "Bitte stelle Details über den von dir gemeldeten Missbrauch bereit.",
-    "moderation.submit_report": "Meldung absenden",
-    "moderation.reporting_failed": "Kann die neue Missbrauchsmeldung nicht absenden: %v",
-    "moderation.reported_thank_you": "Danke für deine Meldung. Die Administration wurde darüber in Kenntnis gesetzt.",
-    "repo.form.cannot_create": "Alle Orte, wo du Repositorys erstellen kannst, haben die Obergrenze an Repositorys erreicht.",
-    "repo.issue_indexer.title": "Issue-Indexer",
-    "watch.list.none": "Niemand beobachtet dieses Repo.",
-    "followers.incoming.list.self.none": "Niemand folgt deinem Profil.",
-    "followers.outgoing.list.self.none": "Du folgst niemanden.",
-    "followers.outgoing.list.none": "%s folgt niemanden.",
-    "stars.list.none": "Niemand hat dieses Repo favorisiert.",
-    "followers.incoming.list.none": "Niemand folgt diesem Benutzer.",
-    "editor.textarea.tab_hint": "Zeile bereits eingerückt. Drücke nochmals <kbd>Tab</kbd> oder <kbd>Escape</kbd>, um den Editor zu verlassen.",
-    "editor.textarea.shift_tab_hint": "Keine Einrückung auf dieser Zeile. Drücke nochmals <kbd>Shift</kbd> + <kbd>Tab</kbd> oder <kbd>Escape</kbd>, um den Editor zu verlassen.",
-    "admin.dashboard.cleanup_offline_runners": "Aufräumen der Offline-Runner",
-    "settings.visibility.description": "Die Profilsichtbarkeit beeinflusst die Möglichkeit anderer, auf deine nicht-privaten Repositorys zuzugreifen. <a href=\"%s\" target=\"_blank\">Erfahre mehr</a>.",
-    "avatar.constraints_hint": "Individuelles Profilbild darf %[1]s in der Größe nicht überschreiten, und nicht größer als %[2]d×%[3]d Pixel sein",
-    "repo.diff.commit.next-short": "Nächste",
-    "repo.diff.commit.previous-short": "Vorherige",
-    "profile.edit.link": "Profil bearbeiten",
-    "feed.atom.link": "Atom-Feed",
-    "keys.ssh.link": "SSH-Schlüssel",
-    "keys.gpg.link": "GPG-Schlüssel",
-    "profile.actions.tooltip": "Mehr Aktionen",
-    "og.repo.summary_card.alt_description": "Zusammenfassungskarte des Repositorys %[1]s, beschrieben als %[2]s",
-    "mail.actions.run_info_sha": "Commit: %[1]s",
-    "repo.settings.push_mirror.branch_filter.label": "Branch-Filter (optional)",
-    "repo.settings.push_mirror.branch_filter.description": "Zu spiegelnde Branches. Leer lassen, um alle Branches zu spiegeln. Siehe die <a href=\"%[1]s\">„%[2]s“-Dokumentation</a> für die Syntax. Beispiele: <code>main, release/*</code>",
-    "discussion.sidebar.reference": "Referenz",
-    "admin.moderation.deleted_content_ref": "Gemeldeter Inhalt vom Typ %[1]v und ID %[2]d existiert nicht mehr",
-    "admin.moderation.moderation_reports": "Moderationsmeldungen",
-    "admin.moderation.reports": "Meldungen",
-    "admin.moderation.no_open_reports": "Es gibt momentan keine offenen Meldungen.",
-    "admin.dashboard.remove_resolved_reports": "Erledigte Meldungen entfernen",
-    "compare.branches.title": "Branches vergleichen",
-    "repo.commit.load_tags_failed": "Laden von Tags aufgrund eines internen Fehlers fehlgeschlagen",
-    "admin.auths.allow_username_change": "Benutzernamen ändern zulassen",
-    "admin.auths.allow_username_change.description": "Benutzern erlauben, ihren Benutzernamen in den Profileinstellungen zu ändern",
-    "warning.repository.out_of_sync": "Die Datenbankdarstellung dieses Repositorys ist nicht synchronisiert. Falls diese Warnung immer noch angezeigt wird, nachdem ein Commit zu diesem Repository gepusht wurde, kontaktieren Sie den Administrator.",
-    "migrate.github.description": "Daten von github.com oder GitHub-Enterprise-Server migrieren.",
-    "migrate.git.description": "Ein Repository von einem beliebigen Git-Dienst klonen.",
-    "migrate.gitea.description": "Daten von gitea.com oder anderen Gitea-Instanzen migrieren.",
-    "migrate.gitlab.description": "Daten von gitlab.com oder anderen GitLab-Instanzen migrieren.",
-    "migrate.gogs.description": "Daten von notabug.org oder anderen Gogs-Instanzen migrieren.",
-    "migrate.onedev.description": "Daten von code.onedev.io oder anderen OneDev-Instanzen migrieren.",
-    "migrate.gitbucket.description": "Daten von GitBucket-Instanzen migrieren.",
-    "migrate.codebase.description": "Daten von codebasehq.com migrieren.",
-    "migrate.forgejo.description": "Daten von codeberg.org oder anderen Forgejo-Instanzen migrieren.",
-    "repo.pulls.already_merged": "Zusammenführung fehlgeschlagen. Der Pull-Request wurde bereits zusammengeführt.",
-    "migrate.pagure.incorrect_url": "Falsche Quellrepository-URL wurde angegeben",
-    "migrate.pagure.project_example": "Die URL des Pagure-Projekts, z. B. https://pagure.io/pagure",
-    "migrate.pagure.description": "Daten von pagure.io oder anderen Pagure-Instanzen migrieren.",
-    "migrate.pagure.token_label": "Pagure-API-Token",
-    "migrate.pagure.project_url": "Pagure-Projekt-URL",
-    "admin.config.security": "Sicherheitskonfiguration",
-    "settings.twofa_unroll_unavailable": "Für deinen Account wird die Zwei-Faktor-Authentifizierung benötigt; sie kann nicht deaktiviert werden.",
-    "settings.must_enable_2fa": "Diese Forgejo-Instanz verlangt von den Benutzern, dass sie die Zwei-Faktor-Authentifizierung aktivieren, bevor sie auf ihren Accounts zugreifen können.",
-    "admin.config.global_2fa_requirement.none": "Nein",
-    "admin.config.global_2fa_requirement.all": "Alle Benutzer",
-    "admin.config.global_2fa_requirement.admin": "Administratoren",
-    "settings.twofa_reenroll": "Zwei-Faktor-Authentifizierung neu ausrollen",
-    "settings.twofa_reenroll.description": "Deine Zwei-Faktor-Authentifizierung neu ausrollen",
-    "error.must_enable_2fa": "Diese Forgejo-Instanz verlangt von den Benutzern, dass sie die Zwei-Faktor-Authentifizierung aktivieren, bevor sie auf ihren Accounts zugreifen können. Dies kann aktiviert werden bei: %s",
-    "admin.config.global_2fa_requirement.title": "Globale Zwei-Faktor-Anforderung",
-    "user.ghost.tooltip": "Dieser Benutzer wurde gelöscht oder konnte nicht gefunden werden.",
-    "actions.runs.view_most_recent_run": "Letzten Run betrachten",
-    "actions.runs.viewing_out_of_date_run": "Sie sehen einen veralteten Run dieses Jobs, der %[1]s ausgeführt wurde.",
-    "actions.runs.run_attempt_label": "Run-Versuch #%[1]s (%[2]s)",
-    "migrate.form.error.url_credentials": "Die URL enthält Anmeldedaten; diese sollten in das jeweilige Benutzername- und Passwortfeld eingetragen werden",
-    "repo.pulls.maintainers_can_edit": "Maintainer können diesen Pull-Request bearbeiten.",
-    "repo.pulls.maintainers_cannot_edit": "Maintainer können diesen Pull-Request nicht bearbeiten.",
-    "pulse.n_active_issues": {
-        "one": "%s aktives Issue",
-        "other": "%s aktive Issues"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s aktiver Pull-Request",
-        "other": "%s aktive Pull-Requests"
-    },
-    "migrate.pagure.private_issues.summary": "Private Issues (optional)",
-    "migrate.pagure.private_issues.description": "Dieses Feature wurde dafür entworfen, um ein zweites Repository zu erstellen, das nur private Issues von deinem Pagure-Projekt für Archivierungszwecke enthält. Nimm zuerst eine normale Migration (ohne ein Token) vor, um alle öffentliche Inhalte zu importieren. Anschließend, wenn du private Issues hast, die du aufbewahren willst, erstelle mit diesem Token ein separates Repository, um diese privaten Issues zu archivieren.",
-    "migrate.pagure.private_issues.warning": "Stell sicher, dass du die Repository-Sichtbarkeit oben auf Privat stellst, falls du den API-Schlüssel benutzt, um private Issues zu importieren. Damit verhindest du, dass du aus Versehen private Inhalte in einem öffentlichen Repository offenlegst.",
-    "migrate.pagure.token.placeholder": "Nur für die Erstellung eines privaten Issue-Archivs",
-    "mail.issue.action.close_by_commit": "%[1]s hat %[2]s in Commit %[3]s geschlossen.",
-    "actions.workflow.job_parsing_error": "Jobs im Workflow konnten nicht geparst werden: %v",
-    "actions.workflow.event_detection_error": "Unterstützte Ereignisse im Workflow konnten nicht geparst werden: %v",
-    "actions.workflow.pre_execution_error": "Der Workflow wurde aufgrund eines Fehlers, der den Ausführungsversuch blockierte, nicht ausgeführt.",
-    "watch.n_watchers": {
-        "one": "%s Beobachter",
-        "other": "%s Beobachter"
-    },
-    "teams.add_all_repos.modal.header": "Alle Repositorys hinzufügen",
-    "teams.remove_all_repos.modal.header": "Alle Repositorys entfernen",
-    "repo.pulls.poster_manage_approval": "Genehmigung verwalten",
-    "repo.pulls.poster_requires_approval": "Einige Workflows <a href=\"%[1]s\">warten auf die Sichtung.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "Dem Autor dieses Pull-Requests wird nicht vertraut, Workflows auszuführen, die von einem Pull-Request von einem geforkten Repository oder von AGit ausgelöst wurden. Die Workflows, die von einem `pull_request`-Ereignis ausgelöst wurden, werden nicht ausgeführt, bis sie genehmigt werden.",
-    "repo.pulls.poster_is_trusted": "Dem Autor dieses Pull-Requests wird <a href=\"%[1]s\">immer vertraut, Workflows auszuführen.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "Dem Autor dieses Pull-Requests wird explizit vertraut, Workflows, die von `pull_request`-Ereignissen ausgelöst wurden, auszuführen.",
-    "repo.pulls.poster_trust_deny": "Ablehnen",
-    "repo.pulls.poster_trust_deny.tooltip": "Die Workflows, die auf eine Genehmigung warten, werden abgebrochen.",
-    "repo.pulls.poster_trust_once": "Einmalig genehmigen",
-    "repo.pulls.poster_trust_once.tooltip": "Die Workflows, die von einem `pull_request`-Ereignis ausgelöst wurden, werden auf diesem Commit ausgeführt, aber sie müssen für alle zukünftigen Commits, die zu diesem Pull-Request gepusht werden, genehmigt werden.",
-    "repo.pulls.poster_trust_always": "Immer genehmigen",
-    "repo.pulls.poster_trust_always.tooltip": "Die Workflows, die von einem `pull_request`-Ereignis ausgelöst werden, werden auf diesem Commit ausgeführt und es wird nicht nötig sein, Ausführungen von diesem Pull-Request oder zukünftige Pull-Requests des selben Benutzers zu genehmigen.",
-    "repo.pulls.poster_trust_revoke": "Entziehen",
-    "repo.pulls.poster_trust_revoke.tooltip": "Dem Autor dieses Pull-Requests wird nicht länger vertraut, um Workflows, die von einem `pull_request`-Ereignis ausgelöst wurden, auszuführen; jede Ausführung muss manuell genehmigt werden.",
-    "admin.dashboard.actions_action_user": "Forgejo-Actions-Vertrauen für inaktive Benutzer entziehen",
-    "actions.status.diagnostics.waiting": {
-        "one": "Warte auf einen Runner mit dem folgenden Label: %s",
-        "other": "Warte auf einen Runner mit den folgenden Labels: %s"
-    },
-    "keys.verify.token.hint": "Der Token ist nur für 1 Minute gültig. <a href=\"%[1]s\">Hol dir einen neuen, falls er abgelaufen ist</a>.",
-    "repo.issues.filter_poster.hint": "Nach Autor filtern",
-    "repo.issues.filter_assignee.hint": "Nach zugewiesenem Benutzer filtern",
-    "repo.issues.filter_reviewers.hint": "Nach Benutzer, der gesichtet hat, filtern",
-    "repo.issues.filter_mention.hint": "Nach erwähntem Benutzer filtern",
-    "repo.issues.filter_modified.hint": "Nach letzten modifiziertem Datum filtern",
-    "repo.issues.filter_sort.hint": "Sortieren nach: erstellt/Kommentare/aktualisiert/Ablaufdatum",
-    "search.syntax": "Suchsyntax",
-    "admin.dashboard.transfer_lingering_logs": "Aktionslogs von fertigen Aktions-Jobs aus der Datenbank in den Speicher übertragen",
-    "actions.workflow.persistent_incomplete_matrix": "`strategy.matrix` vom Job %[1]s konnte aufgrund eines ungültigen `needs`-Ausdrucks nicht ausgewertet werden. Er könnte auf einen Job verweisen, der nicht in seiner „needs“-Liste (%[2]s) ist, oder auf eine Ausgabe, die in keinem dieser Jobs existiert.",
-    "admin.auths.oauth2_quota_group_map_removal": "Benutzer von synchronisierten Quotagruppen entfernen, falls Benutzer nicht zur entsprechenden Grupe gehört.",
-    "moderation.action.account.delete": "Account löschen",
-    "moderation.action.account.suspend": "Account sperren",
-    "moderation.action.repo.delete": "Repository löschen",
-    "moderation.action.issue.delete": "Issue löschen",
-    "moderation.action.comment.delete": "Kommentar löschen",
-    "moderation.unknown_action": "Unbekannte Action",
-    "moderation.users.cannot_suspend_self": "Du kannst dich nicht selbst sperren.",
-    "moderation.users.cannot_suspend_admins": "Benutzer mit Adminprivilegien können nicht gesperrt werden.",
-    "moderation.users.cannot_suspend_org": "Organisationen können nicht gesperrt werden.",
-    "moderation.users.already_suspended": "Der Benutzeraccount ist bereits gesperrt.",
-    "moderation.users.suspend_success": "Der Benutzeraccount wurde gesperrt.",
-    "moderation.users.cannot_delete_admins": "Benutzer mit Adminprivilegien können nicht gelöscht werden.",
-    "moderation.issue.deletion_success": "Das Issue wurde gelöscht.",
-    "moderation.comment.deletion_success": "Der Kommentar wurde gelöscht.",
-    "moderation.report.mark_as_handled": "Als bearbeitet markieren",
-    "moderation.report.mark_as_ignored": "Als ignoriert markieren",
-    "admin.auths.oauth2_quota_group_claim_name": "Der Claim-Name bietet Gruppennamen für diese Quelle, um für die Quotaverwaltung verwendet zu werden. (Optional)",
-    "admin.auths.oauth2_quota_group_map": "Beanspruchte Gruppen an Quota-Gruppen zuordnen. (Optional – benötigt Claim-Namen oben)",
-    "actions.workflow.incomplete_matrix_missing_job": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: %[2]s ist nicht in der `needs`-Liste von Job %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: %[2]s hat keine Ausgabe %[3]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: unbekannter Fehler.",
-    "actions.workflow.incomplete_runson_missing_job": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: %[2]s ist nicht in der `needs`-Liste von Job %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: %[2]s hat keine Ausgabe %[3]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: Matrixdimension %[2]s existiert nicht.",
-    "actions.workflow.incomplete_runson_unknown_cause": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: unbekannter Fehler.",
-    "search.fuzzy": "Unscharf",
-    "search.fuzzy_tooltip": "Ergebnisse, die ungefähr zum Suchbegriff passen, einbinden",
-    "issues.updated": "%s aktualisiert"
+	"fork.n_forks": {
+		"one": "%s Fork",
+		"other": "%s Forks"
+	},
+	"stars.n_stars": {
+		"one": "%s Favorisierung",
+		"other": "%s Favorisierungen"
+	},
+	"release.n_downloads": {
+		"one": "%s Download",
+		"other": "%s Downloads"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "hat %[1]d Commit von <code>%[2]s</code> nach <code>%[3]s</code> %[4]s zusammengeführt",
+		"other": "hat %[1]d Commits von <code>%[2]s</code> nach <code>%[3]s</code> %[4]s zusammengeführt"
+	},
+	"repo.pulls.title_desc": {
+		"one": "möchte %[1]d Commit von <code>%[2]s</code> nach <code id=\"%[4]s\">%[3]s</code> zusammenführen",
+		"other": "möchte %[1]d Commits von <code>%[2]s</code> nach <code id=\"%[4]s\">%[3]s</code> zusammenführen"
+	},
+	"search.milestone_kind": "Meilensteine suchen …",
+	"home.welcome.no_activity": "Keine Aktivität",
+	"home.explore_repos": "Repositorys erkunden",
+	"home.explore_users": "Benutzer erkunden",
+	"home.explore_orgs": "Organisationen erkunden",
+	"home.welcome.activity_hint": "Es gibt noch nichts in deinem Feed. Deine Aktionen und Aktivitäten aus Repositorys, die du beobachtest, werden hier auftauchen.",
+	"incorrect_root_url": "Diese Forgejo-Instanz ist konfiguriert, auf „%s“ bereitgestellt zu werden. Du rufst Forgejo über einen anderen URL auf, was dazu führen könnte, dass einige Bereiche nicht funktionieren. Der anerkannte URL wird durch die Forgejo-Admins mittels der Einstellung ROOT_URL in der app.ini kontrolliert.",
+	"themes.names.forgejo-auto": "Forgejo (folge Systemthema)",
+	"themes.names.forgejo-light": "Forgejo hell",
+	"themes.names.forgejo-dark": "Forgejo dunkel",
+	"error.not_found.title": "Seite nicht gefunden",
+	"alert.asset_load_failed": "Konnte Asset-Dateien nicht von {path} laden. Bitte stelle sicher, dass auf die Asset-Dateien zugegriffen werden kann.",
+	"install.invalid_lfs_path": "Der LFS-Root konnte nicht am angegebenen Pfad erstellt werden: %[1]s",
+	"alert.range_error": " muss eine Zahl zwischen %[1]s und %[2]s sein.",
+	"meta.last_line": "Vielen Dank für die Übersetzung von Forgejo! Diese Zeile wird von den Benutzern nicht gesehen, dient aber anderen Zwecken im Übersetzungsmanagement. Du kannst eine lustige Tatsache in der Übersetzung platzieren, anstatt sie zu übersetzen.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.successful_run_after_failure_subject": "Arbeitsablauf %[1]s in Repository %[2]s wiederhergestellt",
+	"mail.actions.not_successful_run_subject": "Arbeitsablauf %[1]s in Repository %[2]s fehlgeschlagen",
+	"mail.actions.successful_run_after_failure": "Arbeitsablauf %[1]s in Repository %[2]s wiederhergestellt",
+	"mail.actions.not_successful_run": "Arbeitsablauf %[1]s in Repository %[2]s fehlgeschlagen",
+	"mail.actions.run_info_previous_status": "Vorheriger Status des Runs: %[1]s",
+	"mail.actions.run_info_trigger": "Ausgelöst, weil: %[1]s durch: %[2]s",
+	"mail.actions.run_info_cur_status": "Status dieses Runs: %[1]s (gerade eben von %[2]s aktualisiert)",
+	"discussion.locked": "Diese Diskussion wurde gesperrt. Nur Mitwirkende können kommentieren.",
+	"relativetime.now": "jetzt",
+	"relativetime.hours": {
+		"one": "vor %d Stunde",
+		"other": "vor %d Stunden"
+	},
+	"relativetime.days": {
+		"one": "vor %d Tag",
+		"other": "vor %d Tagen"
+	},
+	"relativetime.months": {
+		"one": "vor %d Monat",
+		"other": "vor %d Monaten"
+	},
+	"relativetime.years": {
+		"one": "vor %d Jahr",
+		"other": "vor %d Jahren"
+	},
+	"relativetime.1week": "letzte Woche",
+	"relativetime.1month": "letzten Monat",
+	"relativetime.2months": "vor zwei Monaten",
+	"relativetime.1year": "letztes Jahr",
+	"relativetime.2years": "vor zwei Jahren",
+	"relativetime.1day": "gestern",
+	"relativetime.weeks": {
+		"one": "vor %d Woche",
+		"other": "vor %d Wochen"
+	},
+	"relativetime.2weeks": "vor zwei Wochen",
+	"relativetime.mins": {
+		"one": "vor %d Minute",
+		"other": "vor %d Minuten"
+	},
+	"relativetime.2days": "vorgestern",
+	"relativetime.future": "in der Zukunft",
+	"admin.config.moderation_config": "Moderations-Konfiguration",
+	"moderation.report_abuse": "Missbrauch melden",
+	"moderation.report_content": "Inhalt melden",
+	"moderation.report_abuse_form.header": "Dem Administrator Missbrauch melden",
+	"moderation.report_abuse_form.details": "Dieses Formular soll genutzt werden, um Benutzer zu melden, die Spam-Profile, -Repositorys, -Issues, und -Kommentare erstellen, oder sich unangemessen verhalten.",
+	"moderation.report_abuse_form.invalid": "Ungültige Argumente",
+	"moderation.report_abuse_form.already_reported": "Du hast diesen Inhalt bereits gemeldet",
+	"moderation.abuse_category": "Kategorie",
+	"moderation.abuse_category.placeholder": "Eine Kategorie auswählen",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Malware",
+	"moderation.abuse_category.illegal_content": "Illegaler Inhalt",
+	"moderation.abuse_category.other_violations": "Andere Verstöße gegen die Plattformregeln",
+	"moderation.report_remarks": "Anmerkungen",
+	"moderation.report_remarks.placeholder": "Bitte stelle Details über den von dir gemeldeten Missbrauch bereit.",
+	"moderation.submit_report": "Meldung absenden",
+	"moderation.reporting_failed": "Kann die neue Missbrauchsmeldung nicht absenden: %v",
+	"moderation.reported_thank_you": "Danke für deine Meldung. Die Administration wurde darüber in Kenntnis gesetzt.",
+	"repo.form.cannot_create": "Alle Orte, wo du Repositorys erstellen kannst, haben die Obergrenze an Repositorys erreicht.",
+	"repo.issue_indexer.title": "Issue-Indexer",
+	"watch.list.none": "Niemand beobachtet dieses Repo.",
+	"followers.incoming.list.self.none": "Niemand folgt deinem Profil.",
+	"followers.outgoing.list.self.none": "Du folgst niemanden.",
+	"followers.outgoing.list.none": "%s folgt niemanden.",
+	"stars.list.none": "Niemand hat dieses Repo favorisiert.",
+	"followers.incoming.list.none": "Niemand folgt diesem Benutzer.",
+	"editor.textarea.tab_hint": "Zeile bereits eingerückt. Drücke nochmals <kbd>Tab</kbd> oder <kbd>Escape</kbd>, um den Editor zu verlassen.",
+	"editor.textarea.shift_tab_hint": "Keine Einrückung auf dieser Zeile. Drücke nochmals <kbd>Shift</kbd> + <kbd>Tab</kbd> oder <kbd>Escape</kbd>, um den Editor zu verlassen.",
+	"admin.dashboard.cleanup_offline_runners": "Aufräumen der Offline-Runner",
+	"settings.visibility.description": "Die Profilsichtbarkeit beeinflusst die Möglichkeit anderer, auf deine nicht-privaten Repositorys zuzugreifen. <a href=\"%s\" target=\"_blank\">Erfahre mehr</a>.",
+	"avatar.constraints_hint": "Individuelles Profilbild darf %[1]s in der Größe nicht überschreiten, und nicht größer als %[2]d×%[3]d Pixel sein",
+	"repo.diff.commit.next-short": "Nächste",
+	"repo.diff.commit.previous-short": "Vorherige",
+	"profile.edit.link": "Profil bearbeiten",
+	"feed.atom.link": "Atom-Feed",
+	"keys.ssh.link": "SSH-Schlüssel",
+	"keys.gpg.link": "GPG-Schlüssel",
+	"profile.actions.tooltip": "Mehr Aktionen",
+	"og.repo.summary_card.alt_description": "Zusammenfassungskarte des Repositorys %[1]s, beschrieben als %[2]s",
+	"mail.actions.run_info_sha": "Commit: %[1]s",
+	"repo.settings.push_mirror.branch_filter.label": "Branch-Filter (optional)",
+	"repo.settings.push_mirror.branch_filter.description": "Zu spiegelnde Branches. Leer lassen, um alle Branches zu spiegeln. Siehe die <a href=\"%[1]s\">„%[2]s“-Dokumentation</a> für die Syntax. Beispiele: <code>main, release/*</code>",
+	"discussion.sidebar.reference": "Referenz",
+	"admin.moderation.deleted_content_ref": "Gemeldeter Inhalt vom Typ %[1]v und ID %[2]d existiert nicht mehr",
+	"admin.moderation.moderation_reports": "Moderationsmeldungen",
+	"admin.moderation.reports": "Meldungen",
+	"admin.moderation.no_open_reports": "Es gibt momentan keine offenen Meldungen.",
+	"admin.dashboard.remove_resolved_reports": "Erledigte Meldungen entfernen",
+	"compare.branches.title": "Branches vergleichen",
+	"repo.commit.load_tags_failed": "Laden von Tags aufgrund eines internen Fehlers fehlgeschlagen",
+	"admin.auths.allow_username_change": "Benutzernamen ändern zulassen",
+	"admin.auths.allow_username_change.description": "Benutzern erlauben, ihren Benutzernamen in den Profileinstellungen zu ändern",
+	"warning.repository.out_of_sync": "Die Datenbankdarstellung dieses Repositorys ist nicht synchronisiert. Falls diese Warnung immer noch angezeigt wird, nachdem ein Commit zu diesem Repository gepusht wurde, kontaktieren Sie den Administrator.",
+	"migrate.github.description": "Daten von github.com oder GitHub-Enterprise-Server migrieren.",
+	"migrate.git.description": "Ein Repository von einem beliebigen Git-Dienst klonen.",
+	"migrate.gitea.description": "Daten von gitea.com oder anderen Gitea-Instanzen migrieren.",
+	"migrate.gitlab.description": "Daten von gitlab.com oder anderen GitLab-Instanzen migrieren.",
+	"migrate.gogs.description": "Daten von notabug.org oder anderen Gogs-Instanzen migrieren.",
+	"migrate.onedev.description": "Daten von code.onedev.io oder anderen OneDev-Instanzen migrieren.",
+	"migrate.gitbucket.description": "Daten von GitBucket-Instanzen migrieren.",
+	"migrate.codebase.description": "Daten von codebasehq.com migrieren.",
+	"migrate.forgejo.description": "Daten von codeberg.org oder anderen Forgejo-Instanzen migrieren.",
+	"repo.pulls.already_merged": "Zusammenführung fehlgeschlagen. Der Pull-Request wurde bereits zusammengeführt.",
+	"migrate.pagure.incorrect_url": "Falsche Quellrepository-URL wurde angegeben",
+	"migrate.pagure.project_example": "Die URL des Pagure-Projekts, z. B. https://pagure.io/pagure",
+	"migrate.pagure.description": "Daten von pagure.io oder anderen Pagure-Instanzen migrieren.",
+	"migrate.pagure.token_label": "Pagure-API-Token",
+	"migrate.pagure.project_url": "Pagure-Projekt-URL",
+	"admin.config.security": "Sicherheitskonfiguration",
+	"settings.twofa_unroll_unavailable": "Für deinen Account wird die Zwei-Faktor-Authentifizierung benötigt; sie kann nicht deaktiviert werden.",
+	"settings.must_enable_2fa": "Diese Forgejo-Instanz verlangt von den Benutzern, dass sie die Zwei-Faktor-Authentifizierung aktivieren, bevor sie auf ihren Accounts zugreifen können.",
+	"admin.config.global_2fa_requirement.none": "Nein",
+	"admin.config.global_2fa_requirement.all": "Alle Benutzer",
+	"admin.config.global_2fa_requirement.admin": "Administratoren",
+	"settings.twofa_reenroll": "Zwei-Faktor-Authentifizierung neu ausrollen",
+	"settings.twofa_reenroll.description": "Deine Zwei-Faktor-Authentifizierung neu ausrollen",
+	"error.must_enable_2fa": "Diese Forgejo-Instanz verlangt von den Benutzern, dass sie die Zwei-Faktor-Authentifizierung aktivieren, bevor sie auf ihren Accounts zugreifen können. Dies kann aktiviert werden bei: %s",
+	"admin.config.global_2fa_requirement.title": "Globale Zwei-Faktor-Anforderung",
+	"user.ghost.tooltip": "Dieser Benutzer wurde gelöscht oder konnte nicht gefunden werden.",
+	"actions.runs.view_most_recent_run": "Letzten Run betrachten",
+	"actions.runs.viewing_out_of_date_run": "Sie sehen einen veralteten Run dieses Jobs, der %[1]s ausgeführt wurde.",
+	"actions.runs.run_attempt_label": "Run-Versuch #%[1]s (%[2]s)",
+	"migrate.form.error.url_credentials": "Die URL enthält Anmeldedaten; diese sollten in das jeweilige Benutzername- und Passwortfeld eingetragen werden",
+	"repo.pulls.maintainers_can_edit": "Maintainer können diesen Pull-Request bearbeiten.",
+	"repo.pulls.maintainers_cannot_edit": "Maintainer können diesen Pull-Request nicht bearbeiten.",
+	"pulse.n_active_issues": {
+		"one": "%s aktives Issue",
+		"other": "%s aktive Issues"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s aktiver Pull-Request",
+		"other": "%s aktive Pull-Requests"
+	},
+	"migrate.pagure.private_issues.summary": "Private Issues (optional)",
+	"migrate.pagure.private_issues.description": "Dieses Feature wurde dafür entworfen, um ein zweites Repository zu erstellen, das nur private Issues von deinem Pagure-Projekt für Archivierungszwecke enthält. Nimm zuerst eine normale Migration (ohne ein Token) vor, um alle öffentliche Inhalte zu importieren. Anschließend, wenn du private Issues hast, die du aufbewahren willst, erstelle mit diesem Token ein separates Repository, um diese privaten Issues zu archivieren.",
+	"migrate.pagure.private_issues.warning": "Stell sicher, dass du die Repository-Sichtbarkeit oben auf Privat stellst, falls du den API-Schlüssel benutzt, um private Issues zu importieren. Damit verhindest du, dass du aus Versehen private Inhalte in einem öffentlichen Repository offenlegst.",
+	"migrate.pagure.token.placeholder": "Nur für die Erstellung eines privaten Issue-Archivs",
+	"mail.issue.action.close_by_commit": "%[1]s hat %[2]s in Commit %[3]s geschlossen.",
+	"actions.workflow.job_parsing_error": "Jobs im Workflow konnten nicht geparst werden: %v",
+	"actions.workflow.event_detection_error": "Unterstützte Ereignisse im Workflow konnten nicht geparst werden: %v",
+	"actions.workflow.pre_execution_error": "Der Workflow wurde aufgrund eines Fehlers, der den Ausführungsversuch blockierte, nicht ausgeführt.",
+	"watch.n_watchers": {
+		"one": "%s Beobachter",
+		"other": "%s Beobachter"
+	},
+	"teams.add_all_repos.modal.header": "Alle Repositorys hinzufügen",
+	"teams.remove_all_repos.modal.header": "Alle Repositorys entfernen",
+	"repo.pulls.poster_manage_approval": "Genehmigung verwalten",
+	"repo.pulls.poster_requires_approval": "Einige Workflows <a href=\"%[1]s\">warten auf die Sichtung.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "Dem Autor dieses Pull-Requests wird nicht vertraut, Workflows auszuführen, die von einem Pull-Request von einem geforkten Repository oder von AGit ausgelöst wurden. Die Workflows, die von einem `pull_request`-Ereignis ausgelöst wurden, werden nicht ausgeführt, bis sie genehmigt werden.",
+	"repo.pulls.poster_is_trusted": "Dem Autor dieses Pull-Requests wird <a href=\"%[1]s\">immer vertraut, Workflows auszuführen.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "Dem Autor dieses Pull-Requests wird explizit vertraut, Workflows, die von `pull_request`-Ereignissen ausgelöst wurden, auszuführen.",
+	"repo.pulls.poster_trust_deny": "Ablehnen",
+	"repo.pulls.poster_trust_deny.tooltip": "Die Workflows, die auf eine Genehmigung warten, werden abgebrochen.",
+	"repo.pulls.poster_trust_once": "Einmalig genehmigen",
+	"repo.pulls.poster_trust_once.tooltip": "Die Workflows, die von einem `pull_request`-Ereignis ausgelöst wurden, werden auf diesem Commit ausgeführt, aber sie müssen für alle zukünftigen Commits, die zu diesem Pull-Request gepusht werden, genehmigt werden.",
+	"repo.pulls.poster_trust_always": "Immer genehmigen",
+	"repo.pulls.poster_trust_always.tooltip": "Die Workflows, die von einem `pull_request`-Ereignis ausgelöst werden, werden auf diesem Commit ausgeführt und es wird nicht nötig sein, Ausführungen von diesem Pull-Request oder zukünftige Pull-Requests des selben Benutzers zu genehmigen.",
+	"repo.pulls.poster_trust_revoke": "Entziehen",
+	"repo.pulls.poster_trust_revoke.tooltip": "Dem Autor dieses Pull-Requests wird nicht länger vertraut, um Workflows, die von einem `pull_request`-Ereignis ausgelöst wurden, auszuführen; jede Ausführung muss manuell genehmigt werden.",
+	"admin.dashboard.actions_action_user": "Forgejo-Actions-Vertrauen für inaktive Benutzer entziehen",
+	"actions.status.diagnostics.waiting": {
+		"one": "Warte auf einen Runner mit dem folgenden Label: %s",
+		"other": "Warte auf einen Runner mit den folgenden Labels: %s"
+	},
+	"keys.verify.token.hint": "Der Token ist nur für 1 Minute gültig. <a href=\"%[1]s\">Hol dir einen neuen, falls er abgelaufen ist</a>.",
+	"repo.issues.filter_poster.hint": "Nach Autor filtern",
+	"repo.issues.filter_assignee.hint": "Nach zugewiesenem Benutzer filtern",
+	"repo.issues.filter_reviewers.hint": "Nach Benutzer, der gesichtet hat, filtern",
+	"repo.issues.filter_mention.hint": "Nach erwähntem Benutzer filtern",
+	"repo.issues.filter_modified.hint": "Nach letzten modifiziertem Datum filtern",
+	"repo.issues.filter_sort.hint": "Sortieren nach: erstellt/Kommentare/aktualisiert/Ablaufdatum",
+	"search.syntax": "Suchsyntax",
+	"admin.dashboard.transfer_lingering_logs": "Aktionslogs von fertigen Aktions-Jobs aus der Datenbank in den Speicher übertragen",
+	"actions.workflow.persistent_incomplete_matrix": "`strategy.matrix` vom Job %[1]s konnte aufgrund eines ungültigen `needs`-Ausdrucks nicht ausgewertet werden. Er könnte auf einen Job verweisen, der nicht in seiner „needs“-Liste (%[2]s) ist, oder auf eine Ausgabe, die in keinem dieser Jobs existiert.",
+	"admin.auths.oauth2_quota_group_map_removal": "Benutzer von synchronisierten Quotagruppen entfernen, falls Benutzer nicht zur entsprechenden Grupe gehört.",
+	"moderation.action.account.delete": "Account löschen",
+	"moderation.action.account.suspend": "Account sperren",
+	"moderation.action.repo.delete": "Repository löschen",
+	"moderation.action.issue.delete": "Issue löschen",
+	"moderation.action.comment.delete": "Kommentar löschen",
+	"moderation.unknown_action": "Unbekannte Action",
+	"moderation.users.cannot_suspend_self": "Du kannst dich nicht selbst sperren.",
+	"moderation.users.cannot_suspend_admins": "Benutzer mit Adminprivilegien können nicht gesperrt werden.",
+	"moderation.users.cannot_suspend_org": "Organisationen können nicht gesperrt werden.",
+	"moderation.users.already_suspended": "Der Benutzeraccount ist bereits gesperrt.",
+	"moderation.users.suspend_success": "Der Benutzeraccount wurde gesperrt.",
+	"moderation.users.cannot_delete_admins": "Benutzer mit Adminprivilegien können nicht gelöscht werden.",
+	"moderation.issue.deletion_success": "Das Issue wurde gelöscht.",
+	"moderation.comment.deletion_success": "Der Kommentar wurde gelöscht.",
+	"moderation.report.mark_as_handled": "Als bearbeitet markieren",
+	"moderation.report.mark_as_ignored": "Als ignoriert markieren",
+	"admin.auths.oauth2_quota_group_claim_name": "Der Claim-Name bietet Gruppennamen für diese Quelle, um für die Quotaverwaltung verwendet zu werden. (Optional)",
+	"admin.auths.oauth2_quota_group_map": "Beanspruchte Gruppen an Quota-Gruppen zuordnen. (Optional – benötigt Claim-Namen oben)",
+	"actions.workflow.incomplete_matrix_missing_job": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: %[2]s ist nicht in der `needs`-Liste von Job %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: %[2]s hat keine Ausgabe %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: unbekannter Fehler.",
+	"actions.workflow.incomplete_runson_missing_job": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: %[2]s ist nicht in der `needs`-Liste von Job %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: %[2]s hat keine Ausgabe %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: Matrixdimension %[2]s existiert nicht.",
+	"actions.workflow.incomplete_runson_unknown_cause": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: unbekannter Fehler.",
+	"search.fuzzy": "Unscharf",
+	"search.fuzzy_tooltip": "Ergebnisse, die ungefähr zum Suchbegriff passen, einbinden",
+	"issues.updated": "%s aktualisiert"
 }
diff --git a/options/locale_next/locale_el-GR.json b/options/locale_next/locale_el-GR.json
index 0d4328e0df..48f2da23e1 100644
--- a/options/locale_next/locale_el-GR.json
+++ b/options/locale_next/locale_el-GR.json
@@ -1,181 +1,181 @@
 {
-    "fork.n_forks": {
-        "one": "%s fork",
-        "other": "%s forks"
-    },
-    "stars.n_stars": {
-        "one": "%s αστέρι",
-        "other": "%s αστέρια"
-    },
-    "release.n_downloads": {
-        "one": "%s λήψη",
-        "other": "%s λήψεις"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "συγχώνευθηκε %[1]d υποβολή από τον κλάδο <code>%[2]s</code> στον κλάδο <code>%[3]s</code> %[4]s",
-        "other": "συγχώνευσε %[1]d υποβολές από <code>%[2]s</code> σε <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": ": θα ήθελε να συγχωνεύσει %[1]d υποβολή από τον κλάδο <code>%[2]s</code> στον κλάδο <code id=\"%[4]s\">%[3]s</code>",
-        "other": "θέλει να συγχωνεύσει %[1]d υποβολές από <code>%[2]s</code> σε <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Αναζήτηση ορόσημων…",
-    "home.welcome.no_activity": "Καμιά δραστηριότητα",
-    "mail.actions.successful_run_after_failure_subject": "Η ροή εργασίας %[1]s αποκαταστάθηκε στο αποθετήριο %[2]s",
-    "mail.actions.not_successful_run_subject": "Η ροή εργασίας %[1]s απέτυχε στο αποθετήριο %[2]s",
-    "mail.actions.run_info_trigger": "Ενεργοποιήθηκε επειδή: %[1]s από: %[2]s",
-    "meta.last_line": "Ευχαριστούμε που μεταφράζετε το Forgejo! Αυτή η γραμμή δεν είναι ορατή από τους χρήστες αλλά εξυπηρετεί άλλους σκοπούς στη διαχείριση της μετάφρασης. Μπορείτε να γράψετε κάποιο αστείο αντί για μετάφραση.",
-    "mail.actions.successful_run_after_failure": "Η ροή εργασίας %[1]s αποκαταστάθηκε στο αποθετήριο %[2]s",
-    "discussion.locked": "Αυτή η συζήτηση έχει κλειδωθεί. Ο σχολιασμός περιορίζεται στους συνεισφέροντες.",
-    "incorrect_root_url": "Αυτή η εγκατάσταση του Forgejo έχει ρυθμιστεί στο \"%s\". Αυτή τη στιγμή βλέπετε το Forgejo μέσω ενός διαφορετικού URL, το οποίο μπορεί να προκαλέσει δυσλειτουργία σε τμήματα της εφαρμογής. Το κανονικό URL ελέγχεται από τους διαχειριστές του Forgejo με τη ρύθμιση ROOT_URL στο αρχείο app.ini.",
-    "home.explore_orgs": "Εξερευνήστε οργανισμούς",
-    "home.welcome.activity_hint": "Δεν υπάρχει τίποτα στην τροφοδοσία σας ακόμα. Οι ενέργειές σας και η δραστηριότητά σας από τα αποθετήρια που παρακολουθείτε θα εμφανίζονται εδώ.",
-    "home.explore_repos": "Εξερευνήστε τα αποθετήρια",
-    "home.explore_users": "Εξερευνήστε τους χρήστες",
-    "migrate.github.description": "Μεταφορά δεδομένων από το github.com ή διακομιστές GitHub Enterprise.",
-    "migrate.git.description": "Μεταφορά μόνο του αποθετηρίου από μια οποιαδήποτε υπηρεσία Git.",
-    "migrate.gitea.description": "Μεταφορά δεδομένων από το gitea.com ή άλλες εγκαταστάσεις Gitea.",
-    "migrate.gitlab.description": "Μεταφορά δεδομένων από το gitlab.com ή άλλες εγκαταστάσεις GitLab.",
-    "migrate.gogs.description": "Μεταφορά δεδομένων από το notabug.org ή άλλες εγκαταστάσεις Gogs.",
-    "migrate.onedev.description": "Μεταφορά δεδομένων από το code.onedev.io ή άλλες εγκαταστάσεις OneDev.",
-    "migrate.gitbucket.description": "Μεταφορά δεδομένων από διακομιστές GitBucket.",
-    "migrate.codebase.description": "Μεταφορά δεδομένων από το codebasehq.com.",
-    "migrate.forgejo.description": "Μεταφορά δεδομένων από το codeberg.org ή άλλων υπηρεσιών Forgejo.",
-    "relativetime.future": "στο μέλλον",
-    "relativetime.now": "τώρα",
-    "repo.form.cannot_create": "Όλοι οι χώροι που μπορείτε να δημιουργήσετε αποθετήρια έχουν φτάσει στο μέγιστο όριο αποθετηρίων.",
-    "error.not_found.title": "Δε βρέθηκε η σελίδα",
-    "themes.names.forgejo-auto": "Forgejo (ακολουθεί το θέμα του συστήματος)",
-    "themes.names.forgejo-light": "Forgejo φωτεινό",
-    "stars.list.none": "Κανένα αστέρι ακόμα για αυτό το αποθετήριο.",
-    "watch.list.none": "Καμία παρακολούθηση αυτού του αποθετηρίου.",
-    "followers.incoming.list.self.none": "Καμία παρακολούθηση στο προφίλ σας.",
-    "followers.incoming.list.none": "Κανείς δεν ακολουθεί αυτό το χρήστη.",
-    "followers.outgoing.list.none": "δεν ακολουθεί κανένα.",
-    "relativetime.2days": "πριν από δύο μέρες",
-    "relativetime.1week": "την προηγούμενη εβδομάδα",
-    "relativetime.2weeks": "πριν από δύο εβδομάδες",
-    "relativetime.1month": "τον προηγούμενο μήνα",
-    "relativetime.1year": "πέρυσι",
-    "relativetime.2years": "πριν από δύο έτη",
-    "compare.branches.title": "Σύγκριση κλάδων",
-    "repo.commit.load_tags_failed": "Αποτυχία ανάκτησης ετικετών λόγω εσωτερικού σφάλματος",
-    "admin.auths.allow_username_change": "Επιτρέπεται η αλλαγή ονόματος χρήστη",
-    "relativetime.days": {
-        "one": "πριν από %d μέρα",
-        "other": "πριν από %d μέρες"
-    },
-    "relativetime.weeks": {
-        "one": "πριν από %d εβδομάδα",
-        "other": "πριν από %d εβδομάδες"
-    },
-    "relativetime.mins": {
-        "one": "πριν από %d λεπτό",
-        "other": "πριν από %d λεπτά"
-    },
-    "mail.actions.run_info_sha": "Υποβολή: %[1]s",
-    "discussion.sidebar.reference": "Αναφορά",
-    "avatar.constraints_hint": "Το προσωπικό avatar δε μπορεί να υπερβαίνει %[1]s σε χώρο και %[2]dx%[3]d pixels σε μέγεθος",
-    "repo.settings.push_mirror.branch_filter.label": "Φίλτρο κλάδου (προαιρετικό)",
-    "relativetime.years": {
-        "one": "πριν από %d έτος",
-        "other": "πριν από %d έτη"
-    },
-    "themes.names.forgejo-dark": "Forgejo σκοτεινό",
-    "warning.repository.out_of_sync": "Αυτό το αποθετήριο είναι εκτός συγχρονισμού με την αναπαράσταση του στη βάση δεδομένων. Αν αυτή η προειδοποίηση εμφανίζεται ακόμα και αν ωθήσατε μια υποβολή στο αποθετήριο, τότε επικοινωνήστε με το διαχειριστή.",
-    "mail.actions.run_info_cur_status": "Κατάσταση αυτής της εκτέλεσης: %[1]s (μόλις άλλαξε από %[2]s)",
-    "repo.diff.commit.previous-short": "Προηγ",
-    "editor.textarea.shift_tab_hint": "Καμία στοίχιση σε αυτή τη γραμμή. Πατήστε <kbd>Shift</kbd> + <kbd>Tab</kbd> ξανά ή <kbd>Escape</kbd> για να βγείτε από το συντάκτη.",
-    "og.repo.summary_card.alt_description": "Συνοπτική καρτέλα του αποθετηρίου %[1]s, περιγράφεται ως: %[2]s",
-    "repo.diff.commit.next-short": "Επόμ",
-    "followers.outgoing.list.self.none": "Δεν ακολουθείτε κανένα.",
-    "mail.actions.run_info_previous_status": "Κατάσταση Προηγούμενης Εκτέλεσης: %[1]s",
-    "editor.textarea.tab_hint": "Η γραμμή είναι ήδη στοιχισμένη. Πατήστε <kbd>Tab</kbd> ξανά ή <kbd>Escape</kbd> για να βγείτε από το συντάκτη.",
-    "repo.settings.push_mirror.branch_filter.description": "Κλάδοι που θα καθρεφτιστούν. Αφήστε κενό για να καθρεφτίζονται όλοι οι κλάδοι. Δείτε τη <a href=\"%[1]s\">τεκμηρίωση του %[2]s</a> για τη σύνταξη. Παράδειγμα: <code>main, release/*</code>",
-    "relativetime.1day": "χθες",
-    "relativetime.2months": "πριν από δύο μήνες",
-    "error.must_enable_2fa": "Αυτή η εγκατάσταση Forgejo απαιτεί από τους χρήστες να ορίσουν τη ταυτοποίηση δύο-παραγόντων πριν αποκτήσουν πρόσβαση στο λογαριασμό τους. Ενεργοποιήστε τη στο: %s",
-    "user.ghost.tooltip": "Ο χρήστης έχει διαγραφεί ή δεν μπορεί να βρεθεί.",
-    "settings.twofa_reenroll.description": "Ορίστε ξανά την ταυτοποίηση δύο παραγόντων",
-    "settings.twofa_unroll_unavailable": "Η ταυτοποίηση δύο-παραγόντων είναι απαιτούμενη στο λογαριασμό σας και δε μπορεί να παρακαμφθεί.",
-    "settings.twofa_reenroll": "Επαναφορά ταυτοποίησης δύο-παραγόντων",
-    "settings.must_enable_2fa": "Αυτή η εγκατάσταση Forgejo απαιτεί στους χρήστες να ενεργοποιήσουν την ταυτοποίηση δύο-παραγόντων πριν αποκτήσουν πρόσβαση στο λογαριασμό τους.",
-    "relativetime.hours": {
-        "one": "πριν από %d ώρα",
-        "other": "πριν από %d ώρες"
-    },
-    "relativetime.months": {
-        "one": "πριν από %d μήνα",
-        "other": "πριν από %d μήνες"
-    },
-    "repo.pulls.already_merged": "Αποτυχία συγχώνευσης: Αυτό το pull request έχει ήδη συγχωνευτεί.",
-    "repo.issue_indexer.title": "Ευρετηρητής Ζητημάτων",
-    "migrate.pagure.token_label": "Διακριτικό Pagure API",
-    "migrate.pagure.incorrect_url": "Δόθηκε λανθασμένο URL αποθετηρίου πηγής",
-    "migrate.pagure.project_url": "URL έργου Pagure",
-    "migrate.pagure.description": "Μετανάστευση δεδομένων από το pagure.io ή άλλες εγκαταστάσεις Pagure.",
-    "migrate.pagure.project_example": "Το URL ενός έργου Pagure, πχ https://pagure.io/pagure",
-    "migrate.form.error.url_credentials": "Το URL περιέχει διαπιστευτήρια, τοποθετήστε τα στα πεδία όνομα χρήση και μυστικού κωδικού αντίστοιχα",
-    "mail.actions.not_successful_run": "Η ροή εργασίας %[1]s απέτυχε στο αποθετήριο %[2]s",
-    "alert.asset_load_failed": "Αποτυχία ανάκτησης αρχείων στοιχείων από {path}. Παρακαλώ βεβαιωθείτε ότι υπάρχει πρόσβαση στα αρχεία στοιχείων.",
-    "install.invalid_lfs_path": "Αδυναμία δημιουργίας της δομής LFS στη καθορισμένη διαδρομή: %[1]s",
-    "alert.range_error": " πρέπει να είναι αριθμός μεταξύ %[1]s και %[2]s.",
-    "admin.auths.allow_username_change.description": "Επιτρέπεται στους χρήστες να αλλάξουν το όνομα χρήστη τους στις ρυθμίσεις προφίλ",
-    "profile.edit.link": "Επεξεργασία προφίλ",
-    "feed.atom.link": "Ροή atom",
-    "keys.ssh.link": "Κλειδιά SSH",
-    "keys.gpg.link": "Κλειδιά GPG",
-    "admin.config.moderation_config": "Ρυθμίσεις εποπτείας",
-    "moderation.report_abuse": "Αναφορά κατάχρησης",
-    "moderation.report_content": "Αναφορά περιεχομένου",
-    "moderation.report_abuse_form.invalid": "Μη έγκυρες παράμετροι",
-    "admin.dashboard.cleanup_offline_runners": "Καθαρισμός των εκτελεστών εκτός σύνδεσης",
-    "admin.dashboard.remove_resolved_reports": "Αφαίρεση επιλυμένων αναφορών",
-    "profile.actions.tooltip": "Περισσότερες δράσεις",
-    "moderation.submit_report": "Υποβολή έκθεσης",
-    "moderation.reporting_failed": "Αδυναμία υποβολής της νέας έκθεσης κατάχρησης:% v",
-    "admin.moderation.moderation_reports": "Αναφορές εποπτείας",
-    "admin.moderation.reports": "Αναφορές",
-    "admin.moderation.no_open_reports": "Προς το παρόν δεν υπάρχουν ανοικτές αναφορές.",
-    "moderation.reported_thank_you": "Σας ευχαριστώ για την έκθεσή σας. Η διοίκηση το έχει ενημερωθεί.",
-    "moderation.report_remarks.placeholder": "Παρακαλείσθε να παρέχετε ορισμένες λεπτομέρειες σχετικά με την κατάχρηση που αναφέρετε.",
-    "admin.config.security": "Ρυθμίσεις ασφαλείας",
-    "admin.config.global_2fa_requirement.title": "Καθολική απαίτηση δύο-παραγόντων",
-    "admin.config.global_2fa_requirement.none": "Όχι",
-    "admin.config.global_2fa_requirement.all": "Όλοι οι χρήστες",
-    "admin.config.global_2fa_requirement.admin": "Διαχειριστές",
-    "moderation.report_abuse_form.header": "Αναφορά κατάχρησης στον διαχειριστή",
-    "moderation.report_abuse_form.already_reported": "Έχετε ήδη αναφέρει αυτό το περιεχόμενο",
-    "moderation.abuse_category": "Κατηγορία",
-    "admin.moderation.deleted_content_ref": "Το περιεχόμενο που αναφέρθηκε με τύπο %[1]v και id %[2]d δεν υπάρχει πλέον",
-    "moderation.report_abuse_form.details": "Αυτή η φόρμα θα πρέπει να χρησιμοποιείται για την αναφορά χρηστών που δημιουργούν προφίλ spam, αποθετήρια, ζητήματα, σχόλια ή συμπεριφέρονται ακατάλληλα.",
-    "moderation.abuse_category.placeholder": "Επιλέξτε μια κατηγορία",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Κακόβουλο λογισμικό",
-    "moderation.abuse_category.illegal_content": "Παράνομο περιεχόμενο",
-    "moderation.abuse_category.other_violations": "Άλλες παραβιάσεις των κανόνων της πλατφόρμας",
-    "moderation.report_remarks": "Παρατηρήσεις",
-    "settings.visibility.description": "Η ορατότητα το προφίλ σας, ελέγχει την δυνατότητα άλλων να έχουν πρόσβαση στα μη-ιδιωτικά σας αποθετήρια. <a href=\"%s\" target=\"_blank\">Μάθετε περισσότερα</a>.",
-    "actions.runs.run_attempt_label": "Προσπάθεια εκτέλεσης #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "Εμφανίζεται μια παρωχημένη εκτέλεση αυτής της εργασίας που έτρεξε %[1]s.",
-    "actions.runs.view_most_recent_run": "Εμφάνιση της πιο πρόσφατης εκτέλεσης",
-    "pulse.n_active_issues": {
-        "one": "%s ενεργό ζήτημα",
-        "other": "%s ενεργά ζητήματα"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s ενεργό pull request",
-        "other": "%s ενεργά pull request"
-    },
-    "watch.n_watchers": {
-        "one": "%s παρατηρητής",
-        "other": "%s παρατηρητές"
-    },
-    "repo.issues.filter_poster.hint": "Φίλτρο με βάση τον συγγραφέα",
-    "repo.issues.filter_assignee.hint": "Φίλτρο κατά τον εκχωρημένο χρήστη",
-    "repo.issues.filter_mention.hint": "Φίλτρο με βάση τον αναφερόμενο χρήστη",
-    "repo.issues.filter_modified.hint": "Φίλτρο με βάση την τελευταία τροποποίηση",
-    "repo.pulls.poster_manage_approval": "Διαχείριση έγκρισης",
-    "repo.issues.filter_reviewers.hint": "Φίλτρο με βάση το χρήστη που αναθεώρησε",
-    "repo.pulls.poster_requires_approval": "Κάποιες ροές εργασίας <a href=\"%[1]s\">περιμένουν για αναθεώρηση.</a>"
+	"fork.n_forks": {
+		"one": "%s fork",
+		"other": "%s forks"
+	},
+	"stars.n_stars": {
+		"one": "%s αστέρι",
+		"other": "%s αστέρια"
+	},
+	"release.n_downloads": {
+		"one": "%s λήψη",
+		"other": "%s λήψεις"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "συγχώνευθηκε %[1]d υποβολή από τον κλάδο <code>%[2]s</code> στον κλάδο <code>%[3]s</code> %[4]s",
+		"other": "συγχώνευσε %[1]d υποβολές από <code>%[2]s</code> σε <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": ": θα ήθελε να συγχωνεύσει %[1]d υποβολή από τον κλάδο <code>%[2]s</code> στον κλάδο <code id=\"%[4]s\">%[3]s</code>",
+		"other": "θέλει να συγχωνεύσει %[1]d υποβολές από <code>%[2]s</code> σε <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Αναζήτηση ορόσημων…",
+	"home.welcome.no_activity": "Καμιά δραστηριότητα",
+	"mail.actions.successful_run_after_failure_subject": "Η ροή εργασίας %[1]s αποκαταστάθηκε στο αποθετήριο %[2]s",
+	"mail.actions.not_successful_run_subject": "Η ροή εργασίας %[1]s απέτυχε στο αποθετήριο %[2]s",
+	"mail.actions.run_info_trigger": "Ενεργοποιήθηκε επειδή: %[1]s από: %[2]s",
+	"meta.last_line": "Ευχαριστούμε που μεταφράζετε το Forgejo! Αυτή η γραμμή δεν είναι ορατή από τους χρήστες αλλά εξυπηρετεί άλλους σκοπούς στη διαχείριση της μετάφρασης. Μπορείτε να γράψετε κάποιο αστείο αντί για μετάφραση.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.successful_run_after_failure": "Η ροή εργασίας %[1]s αποκαταστάθηκε στο αποθετήριο %[2]s",
+	"discussion.locked": "Αυτή η συζήτηση έχει κλειδωθεί. Ο σχολιασμός περιορίζεται στους συνεισφέροντες.",
+	"incorrect_root_url": "Αυτή η εγκατάσταση του Forgejo έχει ρυθμιστεί στο \"%s\". Αυτή τη στιγμή βλέπετε το Forgejo μέσω ενός διαφορετικού URL, το οποίο μπορεί να προκαλέσει δυσλειτουργία σε τμήματα της εφαρμογής. Το κανονικό URL ελέγχεται από τους διαχειριστές του Forgejo με τη ρύθμιση ROOT_URL στο αρχείο app.ini.",
+	"home.explore_orgs": "Εξερευνήστε οργανισμούς",
+	"home.welcome.activity_hint": "Δεν υπάρχει τίποτα στην τροφοδοσία σας ακόμα. Οι ενέργειές σας και η δραστηριότητά σας από τα αποθετήρια που παρακολουθείτε θα εμφανίζονται εδώ.",
+	"home.explore_repos": "Εξερευνήστε τα αποθετήρια",
+	"home.explore_users": "Εξερευνήστε τους χρήστες",
+	"migrate.github.description": "Μεταφορά δεδομένων από το github.com ή διακομιστές GitHub Enterprise.",
+	"migrate.git.description": "Μεταφορά μόνο του αποθετηρίου από μια οποιαδήποτε υπηρεσία Git.",
+	"migrate.gitea.description": "Μεταφορά δεδομένων από το gitea.com ή άλλες εγκαταστάσεις Gitea.",
+	"migrate.gitlab.description": "Μεταφορά δεδομένων από το gitlab.com ή άλλες εγκαταστάσεις GitLab.",
+	"migrate.gogs.description": "Μεταφορά δεδομένων από το notabug.org ή άλλες εγκαταστάσεις Gogs.",
+	"migrate.onedev.description": "Μεταφορά δεδομένων από το code.onedev.io ή άλλες εγκαταστάσεις OneDev.",
+	"migrate.gitbucket.description": "Μεταφορά δεδομένων από διακομιστές GitBucket.",
+	"migrate.codebase.description": "Μεταφορά δεδομένων από το codebasehq.com.",
+	"migrate.forgejo.description": "Μεταφορά δεδομένων από το codeberg.org ή άλλων υπηρεσιών Forgejo.",
+	"relativetime.future": "στο μέλλον",
+	"relativetime.now": "τώρα",
+	"repo.form.cannot_create": "Όλοι οι χώροι που μπορείτε να δημιουργήσετε αποθετήρια έχουν φτάσει στο μέγιστο όριο αποθετηρίων.",
+	"error.not_found.title": "Δε βρέθηκε η σελίδα",
+	"themes.names.forgejo-auto": "Forgejo (ακολουθεί το θέμα του συστήματος)",
+	"themes.names.forgejo-light": "Forgejo φωτεινό",
+	"stars.list.none": "Κανένα αστέρι ακόμα για αυτό το αποθετήριο.",
+	"watch.list.none": "Καμία παρακολούθηση αυτού του αποθετηρίου.",
+	"followers.incoming.list.self.none": "Καμία παρακολούθηση στο προφίλ σας.",
+	"followers.incoming.list.none": "Κανείς δεν ακολουθεί αυτό το χρήστη.",
+	"followers.outgoing.list.none": "δεν ακολουθεί κανένα.",
+	"relativetime.2days": "πριν από δύο μέρες",
+	"relativetime.1week": "την προηγούμενη εβδομάδα",
+	"relativetime.2weeks": "πριν από δύο εβδομάδες",
+	"relativetime.1month": "τον προηγούμενο μήνα",
+	"relativetime.1year": "πέρυσι",
+	"relativetime.2years": "πριν από δύο έτη",
+	"compare.branches.title": "Σύγκριση κλάδων",
+	"repo.commit.load_tags_failed": "Αποτυχία ανάκτησης ετικετών λόγω εσωτερικού σφάλματος",
+	"admin.auths.allow_username_change": "Επιτρέπεται η αλλαγή ονόματος χρήστη",
+	"relativetime.days": {
+		"one": "πριν από %d μέρα",
+		"other": "πριν από %d μέρες"
+	},
+	"relativetime.weeks": {
+		"one": "πριν από %d εβδομάδα",
+		"other": "πριν από %d εβδομάδες"
+	},
+	"relativetime.mins": {
+		"one": "πριν από %d λεπτό",
+		"other": "πριν από %d λεπτά"
+	},
+	"mail.actions.run_info_sha": "Υποβολή: %[1]s",
+	"discussion.sidebar.reference": "Αναφορά",
+	"avatar.constraints_hint": "Το προσωπικό avatar δε μπορεί να υπερβαίνει %[1]s σε χώρο και %[2]dx%[3]d pixels σε μέγεθος",
+	"repo.settings.push_mirror.branch_filter.label": "Φίλτρο κλάδου (προαιρετικό)",
+	"relativetime.years": {
+		"one": "πριν από %d έτος",
+		"other": "πριν από %d έτη"
+	},
+	"themes.names.forgejo-dark": "Forgejo σκοτεινό",
+	"warning.repository.out_of_sync": "Αυτό το αποθετήριο είναι εκτός συγχρονισμού με την αναπαράσταση του στη βάση δεδομένων. Αν αυτή η προειδοποίηση εμφανίζεται ακόμα και αν ωθήσατε μια υποβολή στο αποθετήριο, τότε επικοινωνήστε με το διαχειριστή.",
+	"mail.actions.run_info_cur_status": "Κατάσταση αυτής της εκτέλεσης: %[1]s (μόλις άλλαξε από %[2]s)",
+	"repo.diff.commit.previous-short": "Προηγ",
+	"editor.textarea.shift_tab_hint": "Καμία στοίχιση σε αυτή τη γραμμή. Πατήστε <kbd>Shift</kbd> + <kbd>Tab</kbd> ξανά ή <kbd>Escape</kbd> για να βγείτε από το συντάκτη.",
+	"og.repo.summary_card.alt_description": "Συνοπτική καρτέλα του αποθετηρίου %[1]s, περιγράφεται ως: %[2]s",
+	"repo.diff.commit.next-short": "Επόμ",
+	"followers.outgoing.list.self.none": "Δεν ακολουθείτε κανένα.",
+	"mail.actions.run_info_previous_status": "Κατάσταση Προηγούμενης Εκτέλεσης: %[1]s",
+	"editor.textarea.tab_hint": "Η γραμμή είναι ήδη στοιχισμένη. Πατήστε <kbd>Tab</kbd> ξανά ή <kbd>Escape</kbd> για να βγείτε από το συντάκτη.",
+	"repo.settings.push_mirror.branch_filter.description": "Κλάδοι που θα καθρεφτιστούν. Αφήστε κενό για να καθρεφτίζονται όλοι οι κλάδοι. Δείτε τη <a href=\"%[1]s\">τεκμηρίωση του %[2]s</a> για τη σύνταξη. Παράδειγμα: <code>main, release/*</code>",
+	"relativetime.1day": "χθες",
+	"relativetime.2months": "πριν από δύο μήνες",
+	"error.must_enable_2fa": "Αυτή η εγκατάσταση Forgejo απαιτεί από τους χρήστες να ορίσουν τη ταυτοποίηση δύο-παραγόντων πριν αποκτήσουν πρόσβαση στο λογαριασμό τους. Ενεργοποιήστε τη στο: %s",
+	"user.ghost.tooltip": "Ο χρήστης έχει διαγραφεί ή δεν μπορεί να βρεθεί.",
+	"settings.twofa_reenroll.description": "Ορίστε ξανά την ταυτοποίηση δύο παραγόντων",
+	"settings.twofa_unroll_unavailable": "Η ταυτοποίηση δύο-παραγόντων είναι απαιτούμενη στο λογαριασμό σας και δε μπορεί να παρακαμφθεί.",
+	"settings.twofa_reenroll": "Επαναφορά ταυτοποίησης δύο-παραγόντων",
+	"settings.must_enable_2fa": "Αυτή η εγκατάσταση Forgejo απαιτεί στους χρήστες να ενεργοποιήσουν την ταυτοποίηση δύο-παραγόντων πριν αποκτήσουν πρόσβαση στο λογαριασμό τους.",
+	"relativetime.hours": {
+		"one": "πριν από %d ώρα",
+		"other": "πριν από %d ώρες"
+	},
+	"relativetime.months": {
+		"one": "πριν από %d μήνα",
+		"other": "πριν από %d μήνες"
+	},
+	"repo.pulls.already_merged": "Αποτυχία συγχώνευσης: Αυτό το pull request έχει ήδη συγχωνευτεί.",
+	"repo.issue_indexer.title": "Ευρετηρητής Ζητημάτων",
+	"migrate.pagure.token_label": "Διακριτικό Pagure API",
+	"migrate.pagure.incorrect_url": "Δόθηκε λανθασμένο URL αποθετηρίου πηγής",
+	"migrate.pagure.project_url": "URL έργου Pagure",
+	"migrate.pagure.description": "Μετανάστευση δεδομένων από το pagure.io ή άλλες εγκαταστάσεις Pagure.",
+	"migrate.pagure.project_example": "Το URL ενός έργου Pagure, πχ https://pagure.io/pagure",
+	"migrate.form.error.url_credentials": "Το URL περιέχει διαπιστευτήρια, τοποθετήστε τα στα πεδία όνομα χρήση και μυστικού κωδικού αντίστοιχα",
+	"mail.actions.not_successful_run": "Η ροή εργασίας %[1]s απέτυχε στο αποθετήριο %[2]s",
+	"alert.asset_load_failed": "Αποτυχία ανάκτησης αρχείων στοιχείων από {path}. Παρακαλώ βεβαιωθείτε ότι υπάρχει πρόσβαση στα αρχεία στοιχείων.",
+	"install.invalid_lfs_path": "Αδυναμία δημιουργίας της δομής LFS στη καθορισμένη διαδρομή: %[1]s",
+	"alert.range_error": " πρέπει να είναι αριθμός μεταξύ %[1]s και %[2]s.",
+	"admin.auths.allow_username_change.description": "Επιτρέπεται στους χρήστες να αλλάξουν το όνομα χρήστη τους στις ρυθμίσεις προφίλ",
+	"profile.edit.link": "Επεξεργασία προφίλ",
+	"feed.atom.link": "Ροή atom",
+	"keys.ssh.link": "Κλειδιά SSH",
+	"keys.gpg.link": "Κλειδιά GPG",
+	"admin.config.moderation_config": "Ρυθμίσεις εποπτείας",
+	"moderation.report_abuse": "Αναφορά κατάχρησης",
+	"moderation.report_content": "Αναφορά περιεχομένου",
+	"moderation.report_abuse_form.invalid": "Μη έγκυρες παράμετροι",
+	"admin.dashboard.cleanup_offline_runners": "Καθαρισμός των εκτελεστών εκτός σύνδεσης",
+	"admin.dashboard.remove_resolved_reports": "Αφαίρεση επιλυμένων αναφορών",
+	"profile.actions.tooltip": "Περισσότερες δράσεις",
+	"moderation.submit_report": "Υποβολή έκθεσης",
+	"moderation.reporting_failed": "Αδυναμία υποβολής της νέας έκθεσης κατάχρησης:% v",
+	"admin.moderation.moderation_reports": "Αναφορές εποπτείας",
+	"admin.moderation.reports": "Αναφορές",
+	"admin.moderation.no_open_reports": "Προς το παρόν δεν υπάρχουν ανοικτές αναφορές.",
+	"moderation.reported_thank_you": "Σας ευχαριστώ για την έκθεσή σας. Η διοίκηση το έχει ενημερωθεί.",
+	"moderation.report_remarks.placeholder": "Παρακαλείσθε να παρέχετε ορισμένες λεπτομέρειες σχετικά με την κατάχρηση που αναφέρετε.",
+	"admin.config.security": "Ρυθμίσεις ασφαλείας",
+	"admin.config.global_2fa_requirement.title": "Καθολική απαίτηση δύο-παραγόντων",
+	"admin.config.global_2fa_requirement.none": "Όχι",
+	"admin.config.global_2fa_requirement.all": "Όλοι οι χρήστες",
+	"admin.config.global_2fa_requirement.admin": "Διαχειριστές",
+	"moderation.report_abuse_form.header": "Αναφορά κατάχρησης στον διαχειριστή",
+	"moderation.report_abuse_form.already_reported": "Έχετε ήδη αναφέρει αυτό το περιεχόμενο",
+	"moderation.abuse_category": "Κατηγορία",
+	"admin.moderation.deleted_content_ref": "Το περιεχόμενο που αναφέρθηκε με τύπο %[1]v και id %[2]d δεν υπάρχει πλέον",
+	"moderation.report_abuse_form.details": "Αυτή η φόρμα θα πρέπει να χρησιμοποιείται για την αναφορά χρηστών που δημιουργούν προφίλ spam, αποθετήρια, ζητήματα, σχόλια ή συμπεριφέρονται ακατάλληλα.",
+	"moderation.abuse_category.placeholder": "Επιλέξτε μια κατηγορία",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Κακόβουλο λογισμικό",
+	"moderation.abuse_category.illegal_content": "Παράνομο περιεχόμενο",
+	"moderation.abuse_category.other_violations": "Άλλες παραβιάσεις των κανόνων της πλατφόρμας",
+	"moderation.report_remarks": "Παρατηρήσεις",
+	"settings.visibility.description": "Η ορατότητα το προφίλ σας, ελέγχει την δυνατότητα άλλων να έχουν πρόσβαση στα μη-ιδιωτικά σας αποθετήρια. <a href=\"%s\" target=\"_blank\">Μάθετε περισσότερα</a>.",
+	"actions.runs.run_attempt_label": "Προσπάθεια εκτέλεσης #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "Εμφανίζεται μια παρωχημένη εκτέλεση αυτής της εργασίας που έτρεξε %[1]s.",
+	"actions.runs.view_most_recent_run": "Εμφάνιση της πιο πρόσφατης εκτέλεσης",
+	"pulse.n_active_issues": {
+		"one": "%s ενεργό ζήτημα",
+		"other": "%s ενεργά ζητήματα"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s ενεργό pull request",
+		"other": "%s ενεργά pull request"
+	},
+	"watch.n_watchers": {
+		"one": "%s παρατηρητής",
+		"other": "%s παρατηρητές"
+	},
+	"repo.issues.filter_poster.hint": "Φίλτρο με βάση τον συγγραφέα",
+	"repo.issues.filter_assignee.hint": "Φίλτρο κατά τον εκχωρημένο χρήστη",
+	"repo.issues.filter_mention.hint": "Φίλτρο με βάση τον αναφερόμενο χρήστη",
+	"repo.issues.filter_modified.hint": "Φίλτρο με βάση την τελευταία τροποποίηση",
+	"repo.pulls.poster_manage_approval": "Διαχείριση έγκρισης",
+	"repo.issues.filter_reviewers.hint": "Φίλτρο με βάση το χρήστη που αναθεώρησε",
+	"repo.pulls.poster_requires_approval": "Κάποιες ροές εργασίας <a href=\"%[1]s\">περιμένουν για αναθεώρηση.</a>"
 }
diff --git a/options/locale_next/locale_eo.json b/options/locale_next/locale_eo.json
index 3c1a173ded..0d61c5d503 100644
--- a/options/locale_next/locale_eo.json
+++ b/options/locale_next/locale_eo.json
@@ -1,96 +1,97 @@
 {
-    "fork.n_forks": {
-        "one": "%s disbranĉigo",
-        "other": "%s disbranĉigoj"
-    },
-    "stars.n_stars": {
-        "one": "%s stelo",
-        "other": "%s steloj"
-    },
-    "search.milestone_kind": "Serĉi celojn…",
-    "home.welcome.no_activity": "Neniu aktiveco",
-    "home.explore_repos": "Esplori deponejojn",
-    "home.explore_users": "Esplori uzantojn",
-    "home.explore_orgs": "Esplori organizaĵojn",
-    "stars.list.none": "Neniu stelumis ĉi tiun deponejon.",
-    "relativetime.now": "nun",
-    "relativetime.mins": {
-        "one": "antaŭ %d minuto",
-        "other": "antaŭ %d minutoj"
-    },
-    "relativetime.hours": {
-        "one": "antaŭ %d horo",
-        "other": "antaŭ %d horoj"
-    },
-    "relativetime.days": {
-        "one": "antaŭ %d tago",
-        "other": "antaŭ %d tagoj"
-    },
-    "relativetime.weeks": {
-        "one": "antaŭ %d semajno",
-        "other": "antaŭ %d semajnoj"
-    },
-    "relativetime.months": {
-        "one": "antaŭ %d monato",
-        "other": "antaŭ %d monatoj"
-    },
-    "relativetime.years": {
-        "one": "antaŭ %d jaro",
-        "other": "antaŭ %d jaroj"
-    },
-    "relativetime.1day": "hieraŭ",
-    "relativetime.2days": "antaŭ du tagoj",
-    "relativetime.1week": "je lasta semajno",
-    "relativetime.2weeks": "antaŭ du semajnoj",
-    "relativetime.1month": "je lasta monato",
-    "relativetime.2months": "antaŭ du monatoj",
-    "relativetime.1year": "je lasta jaro",
-    "relativetime.2years": "antaŭ du jaroj",
-    "migrate.github.description": "Migrigi datumojn el github.com aŭ Github Enterprise server.",
-    "migrate.git.description": "Migrigi nur deponejon el ajna Git servilo.",
-    "migrate.gitea.description": "Migrigi datumojn el gitea.com aŭ aliaj Gitea instancoj.",
-    "migrate.gitlab.description": "Migrigi datumojn el gitlab.com aŭ aliaj GitLab instancoj.",
-    "migrate.gogs.description": "Migrigi datumojn el notabug.org aŭ aliaj Gogs instancoj.",
-    "migrate.onedev.description": "Migrigi datumojn el code.onedev.io aŭ aliaj OneDev instancoj.",
-    "migrate.gitbucket.description": "Migrigi datumojn el GitBucket instancoj.",
-    "migrate.codebase.description": "Migrigi datumojn el codebasehq.com.",
-    "migrate.forgejo.description": "Migrigi datumojn el codeberg.org aŭ aliaj Forgejo instancoj.",
-    "repo.settings.push_mirror.branch_filter.label": "Branĉa filtrilo (malnepra)",
-    "themes.names.forgejo-auto": "Forgejo (konformi kun sistema etoso)",
-    "themes.names.forgejo-light": "Forgejo hela",
-    "themes.names.forgejo-dark": "Forgejo malhela",
-    "error.not_found.title": "Paĝo ne trovita",
-    "alert.range_error": " devas esti nombro inter %[1]s kaj %[2]s.",
-    "profile.edit.link": "Redakti profilon",
-    "feed.atom.link": "Atomfluo",
-    "keys.ssh.link": "SSH ŝlosiloj",
-    "keys.gpg.link": "GPG ŝlosiloj",
-    "admin.moderation.reports": "Raportoj",
-    "admin.moderation.no_open_reports": "Ne estas malfermataj raportoj.",
-    "watch.list.none": "Neniu sekvas ĉi tiun deponejon.",
-    "followers.incoming.list.self.none": "Neniu sekvas vian profilon.",
-    "followers.incoming.list.none": "Neniu sekvas ĉi tiun uzanton.",
-    "followers.outgoing.list.self.none": "Vi sekvas neniun.",
-    "followers.outgoing.list.none": "%s ne plu sekvas vin.",
-    "relativetime.future": "estonte",
-    "repo.pulls.already_merged": "La kunfandaĵo malsukcesis: Ĉi tiu tirpeto jam estas kunfandita.",
-    "repo.pulls.merged_title_desc": {
-        "one": "kunfandis %[1]d enmeton el <code>%[2]s</code> en <code>%[3]s</code> %[4]s",
-        "other": "kunfandis %[1]d enmetojn el <code>%[2]s</code> en <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "volas kunfandi %[1]d enmeton el <code>%[2]s</code> en <code id=\"%[4]s\">%[3]s</code>",
-        "other": "volas kunfandi %[1]d enmetojn el <code>%[2]s</code> en <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "home.welcome.activity_hint": "Nenio estas en via fluo ankoraŭ. Viaj agoj kaj aktiveco el deponejoj, kiujn vi rigardas, aperos ĉi tie.",
-    "repo.pulls.poster_manage_approval": "Administri aprobon",
-    "watch.n_watchers": {
-        "one": "%s observanto",
-        "other": "%s observantoj"
-    },
-    "repo.issues.filter_poster.hint": "Filtri laŭ la aŭtoro",
-    "repo.issues.filter_assignee.hint": "Filtri laŭ asignita uzanto",
-    "repo.issues.filter_reviewers.hint": "Filtri laŭ uzanto kiu recenzis",
-    "repo.issues.filter_mention.hint": "Filtri laŭ menciita uzanto",
-    "repo.issues.filter_modified.hint": "Filtri laŭ lasta modifdato"
+	"fork.n_forks": {
+		"one": "%s disbranĉigo",
+		"other": "%s disbranĉigoj"
+	},
+	"stars.n_stars": {
+		"one": "%s stelo",
+		"other": "%s steloj"
+	},
+	"search.milestone_kind": "Serĉi celojn…",
+	"home.welcome.no_activity": "Neniu aktiveco",
+	"home.explore_repos": "Esplori deponejojn",
+	"home.explore_users": "Esplori uzantojn",
+	"home.explore_orgs": "Esplori organizaĵojn",
+	"stars.list.none": "Neniu stelumis ĉi tiun deponejon.",
+	"relativetime.now": "nun",
+	"relativetime.mins": {
+		"one": "antaŭ %d minuto",
+		"other": "antaŭ %d minutoj"
+	},
+	"relativetime.hours": {
+		"one": "antaŭ %d horo",
+		"other": "antaŭ %d horoj"
+	},
+	"relativetime.days": {
+		"one": "antaŭ %d tago",
+		"other": "antaŭ %d tagoj"
+	},
+	"relativetime.weeks": {
+		"one": "antaŭ %d semajno",
+		"other": "antaŭ %d semajnoj"
+	},
+	"relativetime.months": {
+		"one": "antaŭ %d monato",
+		"other": "antaŭ %d monatoj"
+	},
+	"relativetime.years": {
+		"one": "antaŭ %d jaro",
+		"other": "antaŭ %d jaroj"
+	},
+	"relativetime.1day": "hieraŭ",
+	"relativetime.2days": "antaŭ du tagoj",
+	"relativetime.1week": "je lasta semajno",
+	"relativetime.2weeks": "antaŭ du semajnoj",
+	"relativetime.1month": "je lasta monato",
+	"relativetime.2months": "antaŭ du monatoj",
+	"relativetime.1year": "je lasta jaro",
+	"relativetime.2years": "antaŭ du jaroj",
+	"migrate.github.description": "Migrigi datumojn el github.com aŭ Github Enterprise server.",
+	"migrate.git.description": "Migrigi nur deponejon el ajna Git servilo.",
+	"migrate.gitea.description": "Migrigi datumojn el gitea.com aŭ aliaj Gitea instancoj.",
+	"migrate.gitlab.description": "Migrigi datumojn el gitlab.com aŭ aliaj GitLab instancoj.",
+	"migrate.gogs.description": "Migrigi datumojn el notabug.org aŭ aliaj Gogs instancoj.",
+	"migrate.onedev.description": "Migrigi datumojn el code.onedev.io aŭ aliaj OneDev instancoj.",
+	"migrate.gitbucket.description": "Migrigi datumojn el GitBucket instancoj.",
+	"migrate.codebase.description": "Migrigi datumojn el codebasehq.com.",
+	"migrate.forgejo.description": "Migrigi datumojn el codeberg.org aŭ aliaj Forgejo instancoj.",
+	"repo.settings.push_mirror.branch_filter.label": "Branĉa filtrilo (malnepra)",
+	"themes.names.forgejo-auto": "Forgejo (konformi kun sistema etoso)",
+	"themes.names.forgejo-light": "Forgejo hela",
+	"themes.names.forgejo-dark": "Forgejo malhela",
+	"error.not_found.title": "Paĝo ne trovita",
+	"alert.range_error": " devas esti nombro inter %[1]s kaj %[2]s.",
+	"profile.edit.link": "Redakti profilon",
+	"feed.atom.link": "Atomfluo",
+	"keys.ssh.link": "SSH ŝlosiloj",
+	"keys.gpg.link": "GPG ŝlosiloj",
+	"admin.moderation.reports": "Raportoj",
+	"admin.moderation.no_open_reports": "Ne estas malfermataj raportoj.",
+	"watch.list.none": "Neniu sekvas ĉi tiun deponejon.",
+	"followers.incoming.list.self.none": "Neniu sekvas vian profilon.",
+	"followers.incoming.list.none": "Neniu sekvas ĉi tiun uzanton.",
+	"followers.outgoing.list.self.none": "Vi sekvas neniun.",
+	"followers.outgoing.list.none": "%s ne plu sekvas vin.",
+	"relativetime.future": "estonte",
+	"repo.pulls.already_merged": "La kunfandaĵo malsukcesis: Ĉi tiu tirpeto jam estas kunfandita.",
+	"repo.pulls.merged_title_desc": {
+		"one": "kunfandis %[1]d enmeton el <code>%[2]s</code> en <code>%[3]s</code> %[4]s",
+		"other": "kunfandis %[1]d enmetojn el <code>%[2]s</code> en <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "volas kunfandi %[1]d enmeton el <code>%[2]s</code> en <code id=\"%[4]s\">%[3]s</code>",
+		"other": "volas kunfandi %[1]d enmetojn el <code>%[2]s</code> en <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"home.welcome.activity_hint": "Nenio estas en via fluo ankoraŭ. Viaj agoj kaj aktiveco el deponejoj, kiujn vi rigardas, aperos ĉi tie.",
+	"repo.pulls.poster_manage_approval": "Administri aprobon",
+	"watch.n_watchers": {
+		"one": "%s observanto",
+		"other": "%s observantoj"
+	},
+	"repo.issues.filter_poster.hint": "Filtri laŭ la aŭtoro",
+	"repo.issues.filter_assignee.hint": "Filtri laŭ asignita uzanto",
+	"repo.issues.filter_reviewers.hint": "Filtri laŭ uzanto kiu recenzis",
+	"repo.issues.filter_mention.hint": "Filtri laŭ menciita uzanto",
+	"repo.issues.filter_modified.hint": "Filtri laŭ lasta modifdato",
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index 113eebd165..76b41dc45b 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -1,139 +1,144 @@
 {
-    "fork.n_forks": {
-        "one": "%s bifurcación",
-        "other": "%s bifurcaciones"
-    },
-    "stars.n_stars": {
-        "one": "%s estrella",
-        "other": "%s estrellas"
-    },
-    "release.n_downloads": {
-        "one": "%s descarga",
-        "other": "%s descargas"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "fusionó %[1]d confirmación de <code>%[2]s</code> en <code>%[3]s</code> %[4]s",
-        "many": "fusionó %[1]d confirmaciones de <code>%[2]s</code> en <code>%[3]s</code> %[4]s",
-        "other": "fusionó %[1]d confirmaciones de <code>%[2]s</code> en <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "quiere fusionar %[1]d confirmación de <code>%[2]s</code> en <code id=\"%[4]s\">%[3]s</code>",
-        "many": "quiere fusionar %[1]d confirmaciones de <code>%[2]s</code> en <code id=\"%[4]s\">%[3]s</code>",
-        "other": "quiere fusionar %[1]d confirmaciones de <code>%[2]s</code> en <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Buscar hitos…",
-    "error.not_found.title": "Página no encontrada",
-    "themes.names.forgejo-auto": "Forgejo (seguir el tema del sistema)",
-    "themes.names.forgejo-dark": "Forgejo oscuro",
-    "themes.names.forgejo-light": "Forgejo claro",
-    "home.welcome.no_activity": "Sin actividad",
-    "meta.last_line": "¡Gracias por traducir Forgejo! Esta línea no es vista por los usuarios pero sirve para otros propósitos en la gestión de la traducción. Puedes colocar un dato curioso en la traducción en lugar de traducirla.",
-    "relativetime.now": "ahora",
-    "relativetime.mins": {
-        "one": "hace %d minuto",
-        "many": "hace %d minutos",
-        "other": "hace %d minutos"
-    },
-    "relativetime.hours": {
-        "one": "hace %d hora",
-        "many": "hace %d horas",
-        "other": "hace %d horas"
-    },
-    "relativetime.future": "en el futuro",
-    "home.explore_repos": "Explorar repositorios",
-    "home.explore_users": "Explorar usuarios",
-    "home.explore_orgs": "Explorar organizaciones",
-    "moderation.abuse_category.malware": "Malware",
-    "relativetime.1day": "ayer",
-    "relativetime.2months": "hace dos meses",
-    "relativetime.1year": "el año pasado",
-    "relativetime.2years": "hace dos años",
-    "repo.form.cannot_create": "Todos los espacios en los que puedes crear repositorios llegaron al límite de repositorios.",
-    "stars.list.none": "Nadie le ha dado una estrella a este repo.",
-    "watch.list.none": "Nadie está observando este repo.",
-    "followers.incoming.list.self.none": "Nadie está siguiendo tu perfil.",
-    "followers.incoming.list.none": "Nadie está siguiendo a este usuario.",
-    "followers.outgoing.list.self.none": "No estás siguiendo a nadie.",
-    "followers.outgoing.list.none": "%s no sigue a nadie.",
-    "relativetime.1week": "la semana pasada",
-    "relativetime.2weeks": "hace dos semanas",
-    "relativetime.1month": "el mes pasado",
-    "alert.asset_load_failed": "Error al cargar recursos desde {path}. Por favor, asegúrate de que se puede acceder a los recursos.",
-    "install.invalid_lfs_path": "Imposible crear la raíz LFS en la ruta indicada: %[1]s",
-    "alert.range_error": " debe ser un número entre %[1]s y %[2]s.",
-    "relativetime.days": {
-        "one": "hace %d día",
-        "many": "hace %d días",
-        "other": "hace %d días"
-    },
-    "relativetime.years": {
-        "one": "hace %d año",
-        "many": "hace %d años",
-        "other": "hace %d años"
-    },
-    "repo.settings.push_mirror.branch_filter.label": "Filtro de rama (opcional)",
-    "relativetime.weeks": {
-        "one": "hace %d semana",
-        "many": "hace %d semanas",
-        "other": "hace %d semanas"
-    },
-    "relativetime.months": {
-        "one": "hace %d mes",
-        "many": "hace %d meses",
-        "other": "hace %d meses"
-    },
-    "profile.actions.tooltip": "Mas acciones",
-    "profile.edit.link": "Editar perfil",
-    "admin.moderation.no_open_reports": "Actualmente no hay informes abiertos.",
-    "moderation.report_abuse_form.invalid": "Argumentos inválidos",
-    "admin.moderation.reports": "Informes",
-    "incorrect_root_url": "Esta instancia de Forgejo está configurada para servirse en \"%s\". Estás viendo Forgejo a través de una URL distinta, lo que puede hacer que se rompan partes de la aplicación. La URL canónica la controlan los administradores de Forgejo a través del ajuste ROOT_URL en app.ini.",
-    "admin.moderation.moderation_reports": "Informes de moderación",
-    "home.welcome.activity_hint": "Aún no hay nada en tu feed. Tus acciones y la actividad en los repositorios a los que sigues se mostrarán aquí.",
-    "feed.atom.link": "Feed Atom",
-    "keys.ssh.link": "Claves SSH",
-    "keys.gpg.link": "Claves GPG",
-    "admin.config.moderation_config": "Configuración de moderación",
-    "admin.moderation.deleted_content_ref": "El contenido reportado con tipo %[1]v e id %[2]d ya no existe",
-    "moderation.report_abuse": "Reportar abuso",
-    "moderation.report_content": "Reportar contenido",
-    "moderation.report_abuse_form.header": "Reportar abuso a un administrador",
-    "moderation.report_abuse_form.already_reported": "Ya has reportado este contenido",
-    "moderation.abuse_category": "Categoría",
-    "repo.issue_indexer.title": "Índice de incidencias",
-    "relativetime.2days": "hace dos días",
-    "moderation.abuse_category.illegal_content": "Contenido ilegal",
-    "repo.settings.push_mirror.branch_filter.description": "Ramas a seguir. Deje en blanco para seguir todas las ramas. Consulte la <a href=\"%[1]s\">%[2]s documentation</a> de la sintaxis. Ejemplos: <code>main, release/*</code>",
-    "moderation.reporting_failed": "No fue posible enviar el nuevo reporte de abuso: %v",
-    "moderation.abuse_category.placeholder": "Seleccione una categoría",
-    "moderation.abuse_category.other_violations": "Otras violaciones a las reglas de la plataforma",
-    "moderation.report_remarks": "Detalles",
-    "moderation.report_remarks.placeholder": "Por favor añada detalles respecto al abuso que está reportando.",
-    "moderation.submit_report": "Enviar reporte",
-    "mail.actions.successful_run_after_failure_subject": "Se recuperó el flujo %[1]s en el repositorio %[2]s",
-    "mail.actions.successful_run_after_failure": "Se recobró el flujo %[1]s en el repositorio %[2]s",
-    "mail.actions.not_successful_run": "Falló el flujo %[1]s en el repositorio %[2]s",
-    "repo.pulls.already_merged": "Fallo al fusionar: Esta solicitud de incorporación ya había sido fusionada.",
-    "warning.repository.out_of_sync": "La base de datos que representa este repositorio está desincronizada. Si esta advertencia continúa mostrándose después de empujar un commit a este repositorio, contacte al administrador.",
-    "moderation.report_abuse_form.details": "Este formulario se usa para reportar usuarios que crean perfiles, repositorios, incidencias, comentarios spam o se comportan de manera inapropiada.",
-    "moderation.reported_thank_you": "Gracias por su reporte. La administración ha sido notificada de esto.",
-    "mail.actions.not_successful_run_subject": "El flujo %[1]s falló en el repositorio %[2]s",
-    "migrate.github.description": "Migrar datos desde github.com o un servidor GitHub Enterprise.",
-    "migrate.git.description": "Migrar un repositorio sólo desde cualquier servicio Git.",
-    "migrate.gitea.description": "Migrar datos de gitea.com u otra instancia de Gitea.",
-    "migrate.gitlab.description": "Migrar datos de gitlab.com u otra instancia de GitLab.",
-    "migrate.gogs.description": "Migrar datos de notabug.org u otra instancia de Gogs.",
-    "migrate.onedev.description": "Migrar datos desde code.onedev.io u otra instancia de OneDev.",
-    "migrate.gitbucket.description": "Migrar datos de instancias de GitBucket.",
-    "migrate.codebase.description": "Migrar datos desde codebasehq.com.",
-    "migrate.forgejo.description": "Migrar datos desde codeberg.org u otras instancias de Forgejo.",
-    "moderation.abuse_category.spam": "Spam",
-    "pulse.n_active_issues": {
-        "one": "%s incidencia activa",
-        "other": "%s incidencias activas"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s pull request activa",
-        "other": "%s pull requests activas"
-    }
+	"fork.n_forks": {
+		"one": "%s bifurcación",
+		"many": "%s bifurcaciones",
+		"other": ""
+	},
+	"stars.n_stars": {
+		"one": "%s estrella",
+		"many": "%s estrellas",
+		"other": ""
+	},
+	"release.n_downloads": {
+		"one": "%s descarga",
+		"many": "%s descargas",
+		"other": ""
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "fusionó %[1]d confirmación de <code>%[2]s</code> en <code>%[3]s</code> %[4]s",
+		"many": "fusionó %[1]d confirmaciones de <code>%[2]s</code> en <code>%[3]s</code> %[4]s",
+		"other": "fusionó %[1]d confirmaciones de <code>%[2]s</code> en <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "quiere fusionar %[1]d confirmación de <code>%[2]s</code> en <code id=\"%[4]s\">%[3]s</code>",
+		"many": "quiere fusionar %[1]d confirmaciones de <code>%[2]s</code> en <code id=\"%[4]s\">%[3]s</code>",
+		"other": "quiere fusionar %[1]d confirmaciones de <code>%[2]s</code> en <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Buscar hitos…",
+	"error.not_found.title": "Página no encontrada",
+	"themes.names.forgejo-auto": "Forgejo (seguir el tema del sistema)",
+	"themes.names.forgejo-dark": "Forgejo oscuro",
+	"themes.names.forgejo-light": "Forgejo claro",
+	"home.welcome.no_activity": "Sin actividad",
+	"meta.last_line": "¡Gracias por traducir Forgejo! Esta línea no es vista por los usuarios pero sirve para otros propósitos en la gestión de la traducción. Puedes colocar un dato curioso en la traducción en lugar de traducirla.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"relativetime.now": "ahora",
+	"relativetime.mins": {
+		"one": "hace %d minuto",
+		"many": "hace %d minutos",
+		"other": "hace %d minutos"
+	},
+	"relativetime.hours": {
+		"one": "hace %d hora",
+		"many": "hace %d horas",
+		"other": "hace %d horas"
+	},
+	"relativetime.future": "en el futuro",
+	"home.explore_repos": "Explorar repositorios",
+	"home.explore_users": "Explorar usuarios",
+	"home.explore_orgs": "Explorar organizaciones",
+	"moderation.abuse_category.malware": "Malware",
+	"relativetime.1day": "ayer",
+	"relativetime.2months": "hace dos meses",
+	"relativetime.1year": "el año pasado",
+	"relativetime.2years": "hace dos años",
+	"repo.form.cannot_create": "Todos los espacios en los que puedes crear repositorios llegaron al límite de repositorios.",
+	"stars.list.none": "Nadie le ha dado una estrella a este repo.",
+	"watch.list.none": "Nadie está observando este repo.",
+	"followers.incoming.list.self.none": "Nadie está siguiendo tu perfil.",
+	"followers.incoming.list.none": "Nadie está siguiendo a este usuario.",
+	"followers.outgoing.list.self.none": "No estás siguiendo a nadie.",
+	"followers.outgoing.list.none": "%s no sigue a nadie.",
+	"relativetime.1week": "la semana pasada",
+	"relativetime.2weeks": "hace dos semanas",
+	"relativetime.1month": "el mes pasado",
+	"alert.asset_load_failed": "Error al cargar recursos desde {path}. Por favor, asegúrate de que se puede acceder a los recursos.",
+	"install.invalid_lfs_path": "Imposible crear la raíz LFS en la ruta indicada: %[1]s",
+	"alert.range_error": " debe ser un número entre %[1]s y %[2]s.",
+	"relativetime.days": {
+		"one": "hace %d día",
+		"many": "hace %d días",
+		"other": "hace %d días"
+	},
+	"relativetime.years": {
+		"one": "hace %d año",
+		"many": "hace %d años",
+		"other": "hace %d años"
+	},
+	"repo.settings.push_mirror.branch_filter.label": "Filtro de rama (opcional)",
+	"relativetime.weeks": {
+		"one": "hace %d semana",
+		"many": "hace %d semanas",
+		"other": "hace %d semanas"
+	},
+	"relativetime.months": {
+		"one": "hace %d mes",
+		"many": "hace %d meses",
+		"other": "hace %d meses"
+	},
+	"profile.actions.tooltip": "Mas acciones",
+	"profile.edit.link": "Editar perfil",
+	"admin.moderation.no_open_reports": "Actualmente no hay informes abiertos.",
+	"moderation.report_abuse_form.invalid": "Argumentos inválidos",
+	"admin.moderation.reports": "Informes",
+	"incorrect_root_url": "Esta instancia de Forgejo está configurada para servirse en \"%s\". Estás viendo Forgejo a través de una URL distinta, lo que puede hacer que se rompan partes de la aplicación. La URL canónica la controlan los administradores de Forgejo a través del ajuste ROOT_URL en app.ini.",
+	"admin.moderation.moderation_reports": "Informes de moderación",
+	"home.welcome.activity_hint": "Aún no hay nada en tu feed. Tus acciones y la actividad en los repositorios a los que sigues se mostrarán aquí.",
+	"feed.atom.link": "Feed Atom",
+	"keys.ssh.link": "Claves SSH",
+	"keys.gpg.link": "Claves GPG",
+	"admin.config.moderation_config": "Configuración de moderación",
+	"admin.moderation.deleted_content_ref": "El contenido reportado con tipo %[1]v e id %[2]d ya no existe",
+	"moderation.report_abuse": "Reportar abuso",
+	"moderation.report_content": "Reportar contenido",
+	"moderation.report_abuse_form.header": "Reportar abuso a un administrador",
+	"moderation.report_abuse_form.already_reported": "Ya has reportado este contenido",
+	"moderation.abuse_category": "Categoría",
+	"repo.issue_indexer.title": "Índice de incidencias",
+	"relativetime.2days": "hace dos días",
+	"moderation.abuse_category.illegal_content": "Contenido ilegal",
+	"repo.settings.push_mirror.branch_filter.description": "Ramas a seguir. Deje en blanco para seguir todas las ramas. Consulte la <a href=\"%[1]s\">%[2]s documentation</a> de la sintaxis. Ejemplos: <code>main, release/*</code>",
+	"moderation.reporting_failed": "No fue posible enviar el nuevo reporte de abuso: %v",
+	"moderation.abuse_category.placeholder": "Seleccione una categoría",
+	"moderation.abuse_category.other_violations": "Otras violaciones a las reglas de la plataforma",
+	"moderation.report_remarks": "Detalles",
+	"moderation.report_remarks.placeholder": "Por favor añada detalles respecto al abuso que está reportando.",
+	"moderation.submit_report": "Enviar reporte",
+	"mail.actions.successful_run_after_failure_subject": "Se recuperó el flujo %[1]s en el repositorio %[2]s",
+	"mail.actions.successful_run_after_failure": "Se recobró el flujo %[1]s en el repositorio %[2]s",
+	"mail.actions.not_successful_run": "Falló el flujo %[1]s en el repositorio %[2]s",
+	"repo.pulls.already_merged": "Fallo al fusionar: Esta solicitud de incorporación ya había sido fusionada.",
+	"warning.repository.out_of_sync": "La base de datos que representa este repositorio está desincronizada. Si esta advertencia continúa mostrándose después de empujar un commit a este repositorio, contacte al administrador.",
+	"moderation.report_abuse_form.details": "Este formulario se usa para reportar usuarios que crean perfiles, repositorios, incidencias, comentarios spam o se comportan de manera inapropiada.",
+	"moderation.reported_thank_you": "Gracias por su reporte. La administración ha sido notificada de esto.",
+	"mail.actions.not_successful_run_subject": "El flujo %[1]s falló en el repositorio %[2]s",
+	"migrate.github.description": "Migrar datos desde github.com o un servidor GitHub Enterprise.",
+	"migrate.git.description": "Migrar un repositorio sólo desde cualquier servicio Git.",
+	"migrate.gitea.description": "Migrar datos de gitea.com u otra instancia de Gitea.",
+	"migrate.gitlab.description": "Migrar datos de gitlab.com u otra instancia de GitLab.",
+	"migrate.gogs.description": "Migrar datos de notabug.org u otra instancia de Gogs.",
+	"migrate.onedev.description": "Migrar datos desde code.onedev.io u otra instancia de OneDev.",
+	"migrate.gitbucket.description": "Migrar datos de instancias de GitBucket.",
+	"migrate.codebase.description": "Migrar datos desde codebasehq.com.",
+	"migrate.forgejo.description": "Migrar datos desde codeberg.org u otras instancias de Forgejo.",
+	"moderation.abuse_category.spam": "Spam",
+	"pulse.n_active_issues": {
+		"one": "%s incidencia activa",
+		"many": "%s incidencias activas",
+		"other": ""
+	},
+	"pulse.n_active_prs": {
+		"one": "%s pull request activa",
+		"many": "%s pull requests activas",
+		"other": ""
+	}
 }
diff --git a/options/locale_next/locale_et.json b/options/locale_next/locale_et.json
index 40219acda3..8c451866c2 100644
--- a/options/locale_next/locale_et.json
+++ b/options/locale_next/locale_et.json
@@ -1,70 +1,70 @@
 {
-    "stars.n_stars": {
-        "one": "%s tärn",
-        "other": "%s tärni"
-    },
-    "search.milestone_kind": "Otsi verstaposte…",
-    "relativetime.2years": "kaks aastat tagasi",
-    "error.not_found.title": "Lehte ei leidu",
-    "themes.names.forgejo-light": "Forgejo hele kujundus",
-    "themes.names.forgejo-dark": "Forgejo tume kujundus",
-    "themes.names.forgejo-auto": "Forgejo (süsteemi kujundus)",
-    "relativetime.2days": "kaks päeva tagasi",
-    "relativetime.1week": "eelmisel nädalal",
-    "relativetime.2weeks": "kaks nädalat tagasi",
-    "relativetime.1month": "eelmisel kuul",
-    "relativetime.2months": "kaks kuud tagasi",
-    "relativetime.months": {
-        "one": "%d kuu tagasi",
-        "other": "%d kuud tagasi"
-    },
-    "relativetime.weeks": {
-        "one": "% nädal tagasi",
-        "other": "% nädalat tagasi"
-    },
-    "relativetime.years": {
-        "one": "%d aasta tagasi",
-        "other": "%d aastat tagasi"
-    },
-    "relativetime.mins": {
-        "one": "%d minut tagasi",
-        "other": "%d minutit tagasi"
-    },
-    "relativetime.hours": {
-        "one": "%d tund tagasi",
-        "other": "%d tundi tagasi"
-    },
-    "relativetime.days": {
-        "one": "% päev tagasi",
-        "other": "% päeva tagasi"
-    },
-    "relativetime.1day": "eile",
-    "relativetime.1year": "eelmisel aastal",
-    "relativetime.now": "praegu",
-    "relativetime.future": "tulevikus",
-    "stars.list.none": "Keegi pole seda koodihoidlat veel tähekeega märgistanud.",
-    "watch.list.none": "Keegi pole seda koodihoidlat veel jälgima asunud.",
-    "followers.incoming.list.self.none": "Mitte keegi ei jälgi sinu kasutajaprofiili.",
-    "followers.incoming.list.none": "Mitte keegi ei jälgi seda kasutajat.",
-    "followers.outgoing.list.self.none": "Sina ei jälgi mitte kedagi.",
-    "followers.outgoing.list.none": "%s ei jälgi mitte kedagi.",
-    "alert.range_error": " peab olema number %[1]s ja %[2]s vahel.",
-    "home.welcome.no_activity": "Hetkel on siin tühjus",
-    "home.explore_repos": "Uuri lähtekoodi hoidlaid",
-    "home.explore_users": "Otsi kasutajaid",
-    "home.explore_orgs": "Tutvu organisatsioonidega",
-    "meta.last_line": "Tänud, et oled Forgejo'd tõlkinud! Work hard and put in the effort, and love will come. (Tee tööd ja näe vaeva, siis tuleb armastus - A. H. Tammsaare)",
-    "keys.ssh.link": "SSH võtmed",
-    "keys.gpg.link": "GPG võtmed",
-    "profile.edit.link": "Muuda profiili",
-    "feed.atom.link": "Atom-uudisvoog",
-    "home.welcome.activity_hint": "Sinu uudisvoos ei leidu veel mitte midagi. Kui toimetad midagi sinu jälgitavates lähtekoodihoidlates, siis sinu tegevused ja aktiivsus on siin näha.",
-    "watch.n_watchers": {
-        "one": "%s jälgija",
-        "other": "%s jälgijat"
-    },
-    "release.n_downloads": {
-        "one": "%s allalaadimine",
-        "other": "%s allalaadimist"
-    }
+	"stars.n_stars": {
+		"one": "%s tärn",
+		"other": "%s tärni"
+	},
+	"search.milestone_kind": "Otsi verstaposte…",
+	"relativetime.2years": "kaks aastat tagasi",
+	"error.not_found.title": "Lehte ei leidu",
+	"themes.names.forgejo-light": "Forgejo hele kujundus",
+	"themes.names.forgejo-dark": "Forgejo tume kujundus",
+	"themes.names.forgejo-auto": "Forgejo (süsteemi kujundus)",
+	"relativetime.2days": "kaks päeva tagasi",
+	"relativetime.1week": "eelmisel nädalal",
+	"relativetime.2weeks": "kaks nädalat tagasi",
+	"relativetime.1month": "eelmisel kuul",
+	"relativetime.2months": "kaks kuud tagasi",
+	"relativetime.months": {
+		"one": "%d kuu tagasi",
+		"other": "%d kuud tagasi"
+	},
+	"relativetime.weeks": {
+		"one": "% nädal tagasi",
+		"other": "% nädalat tagasi"
+	},
+	"relativetime.years": {
+		"one": "%d aasta tagasi",
+		"other": "%d aastat tagasi"
+	},
+	"relativetime.mins": {
+		"one": "%d minut tagasi",
+		"other": "%d minutit tagasi"
+	},
+	"relativetime.hours": {
+		"one": "%d tund tagasi",
+		"other": "%d tundi tagasi"
+	},
+	"relativetime.days": {
+		"one": "% päev tagasi",
+		"other": "% päeva tagasi"
+	},
+	"relativetime.1day": "eile",
+	"relativetime.1year": "eelmisel aastal",
+	"relativetime.now": "praegu",
+	"relativetime.future": "tulevikus",
+	"stars.list.none": "Keegi pole seda koodihoidlat veel tähekeega märgistanud.",
+	"watch.list.none": "Keegi pole seda koodihoidlat veel jälgima asunud.",
+	"followers.incoming.list.self.none": "Mitte keegi ei jälgi sinu kasutajaprofiili.",
+	"followers.incoming.list.none": "Mitte keegi ei jälgi seda kasutajat.",
+	"followers.outgoing.list.self.none": "Sina ei jälgi mitte kedagi.",
+	"followers.outgoing.list.none": "%s ei jälgi mitte kedagi.",
+	"alert.range_error": " peab olema number %[1]s ja %[2]s vahel.",
+	"home.welcome.no_activity": "Hetkel on siin tühjus",
+	"home.explore_repos": "Uuri lähtekoodi hoidlaid",
+	"home.explore_users": "Otsi kasutajaid",
+	"home.explore_orgs": "Tutvu organisatsioonidega",
+	"meta.last_line": "Tänud, et oled Forgejo'd tõlkinud! Work hard and put in the effort, and love will come. (Tee tööd ja näe vaeva, siis tuleb armastus - A. H. Tammsaare)\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"keys.ssh.link": "SSH võtmed",
+	"keys.gpg.link": "GPG võtmed",
+	"profile.edit.link": "Muuda profiili",
+	"feed.atom.link": "Atom-uudisvoog",
+	"home.welcome.activity_hint": "Sinu uudisvoos ei leidu veel mitte midagi. Kui toimetad midagi sinu jälgitavates lähtekoodihoidlates, siis sinu tegevused ja aktiivsus on siin näha.",
+	"watch.n_watchers": {
+		"one": "%s jälgija",
+		"other": "%s jälgijat"
+	},
+	"release.n_downloads": {
+		"one": "%s allalaadimine",
+		"other": "%s allalaadimist"
+	}
 }
diff --git a/options/locale_next/locale_eu.json b/options/locale_next/locale_eu.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_eu.json
+++ b/options/locale_next/locale_eu.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_fa-IR.json b/options/locale_next/locale_fa-IR.json
index ec3d5e16e0..ce17cfba4d 100644
--- a/options/locale_next/locale_fa-IR.json
+++ b/options/locale_next/locale_fa-IR.json
@@ -1,31 +1,32 @@
 {
-    "repo.pulls.merged_title_desc": {
-        "one": "واکشی %[1]d سپرده از <code>%[2]s</code> به <code>%[3]s</code> %[4]s",
-        "other": "واکشی %[1]d سپرده‌ها از <code>%[2]s</code> به <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "خواست واکشی %[1]d سپرده را از <code>%[2]s</code> به <code id=\"%[4]s\">%[3]s</code> دارد",
-        "other": "خواست واکشی %[1]d سپرده‌ها را از <code>%[2]s</code> به <code id=\"%[4]s\">%[3]s</code> دارد"
-    },
-    "home.welcome.activity_hint": "هنوز چیزی در آزوغه شما نیست. در اینجا کنش‌ها و کوشش‌های شما در مخازنی که نگاه‌بانی می‌کنید نمایش داده خواهد شد.",
-    "search.milestone_kind": "جستجو نقاط عطف...",
-    "home.welcome.no_activity": "بدون کوشش",
-    "home.explore_repos": "کاوش مخازن",
-    "home.explore_users": "کاوش کاربران",
-    "home.explore_orgs": "کاوش سازمان‌ها",
-    "migrate.git.description": "کوچ یک مخزن فقط از یک سرویس Git.",
-    "migrate.gitea.description": "مهاجرت داده از gitea.com یا پیاده‌سازی‌های دیگر Gitea.",
-    "migrate.gitlab.description": "مهاجرت داده از gitlabb.com یا پیاده‌سازی‌های دیگر GitLab.",
-    "migrate.gogs.description": "مهاجرت داده از notabug.com یا پیاده‌سازی‌های دیگر Gogs.",
-    "migrate.onedev.description": "مهاجرت داده از code.onedev.io یا پیاده‌سازی‌های دیگر OneDev.",
-    "migrate.gitbucket.description": "مهاجرت داده از نمونه های GitBucket",
-    "migrate.codebase.description": "مهاجر داده ها از codebasehq.com.",
-    "pulse.n_active_issues": {
-        "one": "%s مسئله فعال",
-        "other": "%s مسئله فعال"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s تقاضای واکشی فعال",
-        "other": "%s تقاضاهای واکشی فعال"
-    }
+	"repo.pulls.merged_title_desc": {
+		"one": "واکشی %[1]d سپرده از <code>%[2]s</code> به <code>%[3]s</code> %[4]s",
+		"other": "واکشی %[1]d سپرده‌ها از <code>%[2]s</code> به <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "خواست واکشی %[1]d سپرده را از <code>%[2]s</code> به <code id=\"%[4]s\">%[3]s</code> دارد",
+		"other": "خواست واکشی %[1]d سپرده‌ها را از <code>%[2]s</code> به <code id=\"%[4]s\">%[3]s</code> دارد"
+	},
+	"home.welcome.activity_hint": "هنوز چیزی در آزوغه شما نیست. در اینجا کنش‌ها و کوشش‌های شما در مخازنی که نگاه‌بانی می‌کنید نمایش داده خواهد شد.",
+	"search.milestone_kind": "جستجو نقاط عطف...",
+	"home.welcome.no_activity": "بدون کوشش",
+	"home.explore_repos": "کاوش مخازن",
+	"home.explore_users": "کاوش کاربران",
+	"home.explore_orgs": "کاوش سازمان‌ها",
+	"migrate.git.description": "کوچ یک مخزن فقط از یک سرویس Git.",
+	"migrate.gitea.description": "مهاجرت داده از gitea.com یا پیاده‌سازی‌های دیگر Gitea.",
+	"migrate.gitlab.description": "مهاجرت داده از gitlabb.com یا پیاده‌سازی‌های دیگر GitLab.",
+	"migrate.gogs.description": "مهاجرت داده از notabug.com یا پیاده‌سازی‌های دیگر Gogs.",
+	"migrate.onedev.description": "مهاجرت داده از code.onedev.io یا پیاده‌سازی‌های دیگر OneDev.",
+	"migrate.gitbucket.description": "مهاجرت داده از نمونه های GitBucket",
+	"migrate.codebase.description": "مهاجر داده ها از codebasehq.com.",
+	"pulse.n_active_issues": {
+		"one": "%s مسئله فعال",
+		"other": "%s مسئله فعال"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s تقاضای واکشی فعال",
+		"other": "%s تقاضاهای واکشی فعال"
+	},
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_fi-FI.json b/options/locale_next/locale_fi-FI.json
index 809d22a1b7..025d79cac2 100644
--- a/options/locale_next/locale_fi-FI.json
+++ b/options/locale_next/locale_fi-FI.json
@@ -1,196 +1,196 @@
 {
-    "fork.n_forks": {
-        "one": "%s forkki",
-        "other": "%s forkkia"
-    },
-    "stars.n_stars": {
-        "one": "%s tähti",
-        "other": "%s tähteä"
-    },
-    "release.n_downloads": {
-        "one": "%s lataus",
-        "other": "%s latausta"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "yhdistetty %[1]d sitoumus <code>%[2]s</code>:sta kohteeseen <code>%[3]s</code> %[4]s",
-        "other": "yhdistetty %[1]d sitoumusta <code>%[2]s</code>:sta kohteeseen <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "haluaa yhdistää %[1]d sitoumus <code>%[2]s</code>:sta kohteeseen <code id=\"%[4]s\">%[3]s</code>",
-        "other": "haluaa yhdistää %[1]d sitoumusta <code>%[2]s</code>:sta kohteeseen <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Etsi merkkipaaluja…",
-    "home.welcome.no_activity": "Ei toimintaa",
-    "incorrect_root_url": "Tämä Forgejo-instanssi on määritetty toimimaan osoitteessa \"%s\". Tarkastelet tällä hetkellä Forgejoa eri URL-osoitteen kautta, mikä saattaa aiheuttaa sovelluksen osien toimimattomuutta. Virallinen URL-osoite on Forgejo-ylläpitäjien hallinnoima ROOT_URL-asetus app.ini -tiedostossa.",
-    "themes.names.forgejo-auto": "Forgejo (käyttöjärjestelmän määrittelemä teema)",
-    "home.welcome.activity_hint": "Syötteelläsi ei ole vielä mitään. Toimenpiteesi ja toimintasi tietovarastoissa, joita seuraat ilmaantuvat tälle sivulle.",
-    "home.explore_repos": "Tutustu tietovarastoihin",
-    "home.explore_users": "Tutki käyttäjiä",
-    "home.explore_orgs": "Tutki organisaatioita",
-    "error.not_found.title": "Sivua ei löytynyt",
-    "themes.names.forgejo-light": "Forgejo, vaalea",
-    "themes.names.forgejo-dark": "Forgejo, tumma",
-    "alert.range_error": " täytyy olla numero välillä %[1]s ja %[2]s.",
-    "alert.asset_load_failed": "Staattisen tiedoston lataus kohteesta {path} epäonnistui. Varmista, että staattisiin tiedostoihin pääsee käsiksi.",
-    "install.invalid_lfs_path": "LFS-juurta ei voitu luoda polkuun: %[1]s",
-    "mail.actions.not_successful_run_subject": "Työnkulku %[1]s epäonnistui tietovarastossa %[2]s",
-    "mail.actions.not_successful_run": "Työnkulku %[1]s epäonnistui tietovarastossa %[2]s",
-    "discussion.locked": "Tämä keskustelu on lukittu. Kommentointi on rajoitettu avustajille.",
-    "relativetime.future": "tulevaisuudessa",
-    "relativetime.days": {
-        "one": "%d päivä sitten",
-        "other": "%d päivää sitten"
-    },
-    "relativetime.months": {
-        "one": "%d kuukausi sitten",
-        "other": "%d kuukautta sitten"
-    },
-    "relativetime.years": {
-        "one": "%d vuosi sitten",
-        "other": "%d vuotta sitten"
-    },
-    "relativetime.1day": "eilen",
-    "relativetime.2days": "kaksi päivää sitten",
-    "relativetime.1week": "viime viikolla",
-    "relativetime.2weeks": "kaksi viikkoa sitten",
-    "relativetime.1year": "viime vuonna",
-    "relativetime.2years": "kaksi vuotta sitten",
-    "relativetime.hours": {
-        "one": "%d tunti sitten",
-        "other": "%d tuntia sitten"
-    },
-    "relativetime.mins": {
-        "one": "%d minuutti sitten",
-        "other": "%d minuuttia sitten"
-    },
-    "relativetime.1month": "viime kuussa",
-    "relativetime.now": "nyt",
-    "relativetime.weeks": {
-        "one": "%d viikko sitten",
-        "other": "%d viikkoa sitten"
-    },
-    "meta.last_line": "Thank you for translating Forgejo! Päivitä tämä käännös, jos luet tämän viestin.",
-    "relativetime.2months": "kaksi kuukautta sitten",
-    "mail.actions.successful_run_after_failure_subject": "Työnkulku %[1]s palautettu tietovarastoon %[2]s",
-    "mail.actions.successful_run_after_failure": "Työnkulku %[1]s palautettu tietovarastoon %[2]s",
-    "mail.actions.run_info_cur_status": "Tämän juoksun tila: %[1]s (juuri päivitetty %[2]s:sta)",
-    "mail.actions.run_info_previous_status": "Edellisen ajon tila: %[1]s",
-    "mail.actions.run_info_trigger": "Laukaistui, koska: %[1]s, tekijänä: %[2]s",
-    "moderation.abuse_category.malware": "Haittaohjelma",
-    "moderation.abuse_category.illegal_content": "Laiton sisältö",
-    "watch.list.none": "Kukaan ei seuraa tätä tietovarastoa.",
-    "followers.incoming.list.self.none": "Kukaan ei seuraa profiiliasi.",
-    "followers.incoming.list.none": "Kukaan ei seuraa tätä käyttäjää.",
-    "followers.outgoing.list.self.none": "Et seuraa yhtäkään käyttäjää.",
-    "compare.branches.title": "Vertaa haaroja",
-    "admin.auths.allow_username_change": "Salli käyttäjänimen vaihto",
-    "admin.auths.allow_username_change.description": "Salli käyttäjien vaihtaa käyttäjänimiään profiiliasetuksissaan",
-    "moderation.report_remarks": "Havainnot",
-    "repo.settings.push_mirror.branch_filter.label": "Haarasuodatin (valinnainen)",
-    "discussion.sidebar.reference": "Viittaus",
-    "profile.edit.link": "Muokkaa profiilia",
-    "feed.atom.link": "Atom-syöte",
-    "keys.ssh.link": "SSH-avaimet",
-    "keys.gpg.link": "GPG-avaimet",
-    "admin.moderation.reports": "Raportit",
-    "admin.moderation.no_open_reports": "Ei avoimia raportteja.",
-    "stars.list.none": "Kukaan ei ole lisännyt tähteä tähän tietovarastoon.",
-    "followers.outgoing.list.none": "%s ei seuraa yhtäkään käyttäjää.",
-    "moderation.report_abuse_form.details": "Käytä tätä lomaketta ilmoittaaksesi käyttäjistä, jotka luovat roskapostiprofiileja, -tietovarastoja, -ongelmia, -kommentteja tai muuten käyttäytyvät soveltumattomasti.",
-    "repo.settings.push_mirror.branch_filter.description": "Peilattavat haarat. Jätä tyhjäksi peilataksesi kaikki haarat. Lue <a href=\"%[1]s\">%[2]s-dokumentaatio</a> nähdäksesi syntaksin. Esimerkit: <code>main, release/*</code>",
-    "profile.actions.tooltip": "Lisää toimintoja",
-    "editor.textarea.tab_hint": "Rivi on jo sisennetty. Paina <kbd>Tab</kbd> uudelleen tai <kbd>Escape</kbd> poistuaksesi editorista.",
-    "mail.actions.run_info_sha": "Kommitti: %[1]s",
-    "editor.textarea.shift_tab_hint": "Ei sisennystä tällä rivillä. Paina <kbd>Shift</kbd> + <kbd>Tab</kbd> uudelleen tai <kbd>Escape</kbd> poistuaksesi editorista.",
-    "admin.config.global_2fa_requirement.all": "Kaikki käyttäjät",
-    "admin.config.global_2fa_requirement.admin": "Ylläpitäjät",
-    "repo.pulls.already_merged": "Yhdistäminen epäonnistui: tämä vetopyyntö on jo yhdistetty.",
-    "moderation.report_abuse": "Ilmoita väärinkäytöstä",
-    "moderation.report_content": "Ilmoita sisällöstä",
-    "moderation.report_abuse_form.header": "Ilmoita väärinkäytöstä ylläpidolle",
-    "moderation.report_abuse_form.already_reported": "Olet jo ilmoittanut tästä sisällöstä",
-    "moderation.abuse_category": "Luokka",
-    "moderation.abuse_category.placeholder": "Valitse luokka",
-    "moderation.abuse_category.spam": "Roskaposti",
-    "moderation.abuse_category.other_violations": "Muut alustan sääntöjen vastaiset toimet",
-    "moderation.report_remarks.placeholder": "Kerro lisätietoja väärinkäytökseen liittyen.",
-    "moderation.submit_report": "Lähetä raportti",
-    "moderation.reporting_failed": "Uuden väärinkäytösraportin lähettäminen ei onnistu: %v",
-    "moderation.reported_thank_you": "Kiitos ilmoituksesta. Ylläpito on nyt tietoinen siitä.",
-    "repo.diff.commit.next-short": "Seuraava",
-    "repo.diff.commit.previous-short": "Edellinen",
-    "admin.dashboard.remove_resolved_reports": "Poista selvitetyt raportit",
-    "migrate.pagure.project_url": "Pagure-projektin URL-osoite",
-    "migrate.pagure.project_example": "Pagure-projektin URL-osoite, esim. https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Poletti",
-    "migrate.github.description": "Tee migraatio github.comista tai GitHub Enterprise -palvelimelta.",
-    "migrate.git.description": "Suorita tietovaraston migraatio mistä tahansa Git-palvelusta.",
-    "migrate.gitea.description": "Tee migraatio gitea.comista tai muista Gitea-instansseista.",
-    "migrate.gitlab.description": "Tee migraatio gitlab.comista tai muista GitLab-instansseista.",
-    "migrate.gogs.description": "Tee migraatio notabug.orgista tai muista Gogs-instansseista.",
-    "migrate.onedev.description": "Tee migraatio code.onedev.io:sta tai muista OneDev-instansseista.",
-    "migrate.gitbucket.description": "Tee migraatio GitBucket-instansseista.",
-    "migrate.codebase.description": "Tee migraatio codebasehq.comista.",
-    "migrate.forgejo.description": "Tee migraatio codeberg.orgista tai muista Forgejo-instansseista.",
-    "moderation.report_abuse_form.invalid": "Virheelliset argumentit",
-    "admin.config.security": "Turvallisuusasetukset",
-    "admin.config.global_2fa_requirement.title": "Globaali kaksivaiheisen tunnistuksen vaatimus",
-    "admin.config.global_2fa_requirement.none": "Ei",
-    "settings.visibility.description": "Profiilin näkyvyys vaikuttaa muiden mahdollisuuteen päästä ei-yksityisiin tietovarastoihisi. <a href=\"%s\" target=\"_blank\">Lue lisää</a>.",
-    "settings.twofa_unroll_unavailable": "Kaksivaiheinen tunnistautuminen vaaditaan tilillesi, eikä sitä voi poistaa käytöstä.",
-    "settings.twofa_reenroll": "Ota uudelleen käyttöön kaksivaiheinen tunnistus",
-    "settings.must_enable_2fa": "Tämä Forgejo-instanssi vaatii käyttäjien ottavan käyttöön kaksivaiheisen tunnistuksen, ennen kuin käyttäjätiliä voi käyttää.",
-    "error.must_enable_2fa": "Tämä Forgejo-instanssi vaatii käyttäjien ottavan käyttöön kaksivaiheisen tunnistuksen, ennen kuin käyttäjätiliä voi käyttää. Ota se käyttöön: %s",
-    "avatar.constraints_hint": "Mukautettu profiilikuva voi olla kooltaan enintään %[1]s tai enintään %[2]dx%[3]d pikseliä",
-    "repo.commit.load_tags_failed": "Tagien lataaminen epäonnistui sisäisen virheen vuoksi",
-    "actions.runs.run_attempt_label": "Suoritusyritys #%[1]s (%[2]s)",
-    "migrate.pagure.description": "Tee migraatio pagure.io:sta tai muista Pagure-instansseista.",
-    "pulse.n_active_issues": {
-        "one": "%s aktiivinen ongelma",
-        "other": "%s aktiivista ongelmaa"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s aktiivinen vetopyyntö",
-        "other": "%s aktiivista vetopyyntöä"
-    },
-    "repo.pulls.maintainers_can_edit": "Ylläpitäjät voivat muokata tätä vetopyyntöä.",
-    "repo.pulls.maintainers_cannot_edit": "Ylläpitäjät eivät voi muokata tätä vetopyyntöä.",
-    "repo.form.cannot_create": "Kaikki tilat, joihin voit luoda tietovarastoja, ovat saavuttaneet tietovarastojen rajan.",
-    "migrate.form.error.url_credentials": "URL-osoite sisältää valtuustiedot, laita ne vastaavasti käyttäjänimi- ja salasanakenttiin",
-    "warning.repository.out_of_sync": "Tämän tietotietovaraston tietokantaesitys ei ole synkronoitu. Jos tämä varoitus näkyy edelleen tämän tietovaraston sitoumuksen lähettämisen jälkeen, ota yhteyttä järjestelmänvalvojaan.",
-    "admin.moderation.deleted_content_ref": "Ilmoitettua sisältöä, jonka tyyppi on %[1]v ja tunnus %[2]d, ei enää ole olemassa",
-    "settings.twofa_reenroll.description": "Ota mukaan kaksivaiheinen todennus uudelleen",
-    "user.ghost.tooltip": "Tämä käyttäjä on poistettu tai häntä ei voida yhdistää.",
-    "og.repo.summary_card.alt_description": "Yhteenvetokortti tietovarastosta %[1]s, kuvattu seuraavasti: %[2]s",
-    "migrate.pagure.incorrect_url": "Virheellinen lähdetietovaraston URL-osoite on syötetty",
-    "actions.runs.viewing_out_of_date_run": "Katselet tämän työn vanhentunutta suorituskertaa, joka suoritettiin %[1]s.",
-    "watch.n_watchers": {
-        "one": "%s seuraaja",
-        "other": "%s seuraajaa"
-    },
-    "repo.issues.filter_poster.hint": "Suodata tekijän perusteella",
-    "repo.issues.filter_reviewers.hint": "Suodata katselmoijan perusteella",
-    "repo.issues.filter_mention.hint": "Suodata mainitun käyttäjän perusteella",
-    "repo.issues.filter_modified.hint": "Suodata viimeisimmän muokkauspäivän perusteella",
-    "search.syntax": "Hakusyntaksi",
-    "keys.verify.token.hint": "Poletti on voimassa vain 1 minuutin. <a href=\"%[1]s\">Hanki uusi jos se vanheni</a>.",
-    "admin.moderation.moderation_reports": "Moderaatioraportit",
-    "migrate.pagure.private_issues.summary": "Yksityiset ongelmat (valinnainen)",
-    "teams.add_all_repos.modal.header": "Lisää kaikki tietovarastot",
-    "teams.remove_all_repos.modal.header": "Poista kaikki tietovarastot",
-    "repo.pulls.poster_trust_deny": "Kiellä",
-    "repo.pulls.poster_trust_once": "Hyväksy kerran",
-    "repo.pulls.poster_trust_always": "Hyväksy aina",
-    "moderation.action.account.delete": "Poista tili",
-    "moderation.action.account.suspend": "Jäädytä tili",
-    "moderation.action.repo.delete": "Poista tietovarasto",
-    "moderation.action.issue.delete": "Poista ongelma",
-    "moderation.action.comment.delete": "Poista kommentti",
-    "moderation.unknown_action": "Tuntematon toiminto",
-    "moderation.users.cannot_suspend_self": "Et voi jäädyttää omaa tiliäsi.",
-    "moderation.users.cannot_suspend_org": "Organisaatioita ei voi jäädyttää.",
-    "moderation.users.already_suspended": "Käyttäjätili on jo jäädytetty.",
-    "moderation.users.suspend_success": "Käyttäjätili on jäädytetty.",
-    "moderation.issue.deletion_success": "Ongelma on poistettu.",
-    "moderation.comment.deletion_success": "Kommentti on poistettu."
+	"fork.n_forks": {
+		"one": "%s forkki",
+		"other": "%s forkkia"
+	},
+	"stars.n_stars": {
+		"one": "%s tähti",
+		"other": "%s tähteä"
+	},
+	"release.n_downloads": {
+		"one": "%s lataus",
+		"other": "%s latausta"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "yhdistetty %[1]d sitoumus <code>%[2]s</code>:sta kohteeseen <code>%[3]s</code> %[4]s",
+		"other": "yhdistetty %[1]d sitoumusta <code>%[2]s</code>:sta kohteeseen <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "haluaa yhdistää %[1]d sitoumus <code>%[2]s</code>:sta kohteeseen <code id=\"%[4]s\">%[3]s</code>",
+		"other": "haluaa yhdistää %[1]d sitoumusta <code>%[2]s</code>:sta kohteeseen <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Etsi merkkipaaluja…",
+	"home.welcome.no_activity": "Ei toimintaa",
+	"incorrect_root_url": "Tämä Forgejo-instanssi on määritetty toimimaan osoitteessa \"%s\". Tarkastelet tällä hetkellä Forgejoa eri URL-osoitteen kautta, mikä saattaa aiheuttaa sovelluksen osien toimimattomuutta. Virallinen URL-osoite on Forgejo-ylläpitäjien hallinnoima ROOT_URL-asetus app.ini -tiedostossa.",
+	"themes.names.forgejo-auto": "Forgejo (käyttöjärjestelmän määrittelemä teema)",
+	"home.welcome.activity_hint": "Syötteelläsi ei ole vielä mitään. Toimenpiteesi ja toimintasi tietovarastoissa, joita seuraat ilmaantuvat tälle sivulle.",
+	"home.explore_repos": "Tutustu tietovarastoihin",
+	"home.explore_users": "Tutki käyttäjiä",
+	"home.explore_orgs": "Tutki organisaatioita",
+	"error.not_found.title": "Sivua ei löytynyt",
+	"themes.names.forgejo-light": "Forgejo, vaalea",
+	"themes.names.forgejo-dark": "Forgejo, tumma",
+	"alert.range_error": " täytyy olla numero välillä %[1]s ja %[2]s.",
+	"alert.asset_load_failed": "Staattisen tiedoston lataus kohteesta {path} epäonnistui. Varmista, että staattisiin tiedostoihin pääsee käsiksi.",
+	"install.invalid_lfs_path": "LFS-juurta ei voitu luoda polkuun: %[1]s",
+	"mail.actions.not_successful_run_subject": "Työnkulku %[1]s epäonnistui tietovarastossa %[2]s",
+	"mail.actions.not_successful_run": "Työnkulku %[1]s epäonnistui tietovarastossa %[2]s",
+	"discussion.locked": "Tämä keskustelu on lukittu. Kommentointi on rajoitettu avustajille.",
+	"relativetime.future": "tulevaisuudessa",
+	"relativetime.days": {
+		"one": "%d päivä sitten",
+		"other": "%d päivää sitten"
+	},
+	"relativetime.months": {
+		"one": "%d kuukausi sitten",
+		"other": "%d kuukautta sitten"
+	},
+	"relativetime.years": {
+		"one": "%d vuosi sitten",
+		"other": "%d vuotta sitten"
+	},
+	"relativetime.1day": "eilen",
+	"relativetime.2days": "kaksi päivää sitten",
+	"relativetime.1week": "viime viikolla",
+	"relativetime.2weeks": "kaksi viikkoa sitten",
+	"relativetime.1year": "viime vuonna",
+	"relativetime.2years": "kaksi vuotta sitten",
+	"relativetime.hours": {
+		"one": "%d tunti sitten",
+		"other": "%d tuntia sitten"
+	},
+	"relativetime.mins": {
+		"one": "%d minuutti sitten",
+		"other": "%d minuuttia sitten"
+	},
+	"relativetime.1month": "viime kuussa",
+	"relativetime.now": "nyt",
+	"relativetime.weeks": {
+		"one": "%d viikko sitten",
+		"other": "%d viikkoa sitten"
+	},
+	"meta.last_line": "Thank you for translating Forgejo! Päivitä tämä käännös, jos luet tämän viestin.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"relativetime.2months": "kaksi kuukautta sitten",
+	"mail.actions.successful_run_after_failure_subject": "Työnkulku %[1]s palautettu tietovarastoon %[2]s",
+	"mail.actions.successful_run_after_failure": "Työnkulku %[1]s palautettu tietovarastoon %[2]s",
+	"mail.actions.run_info_cur_status": "Tämän juoksun tila: %[1]s (juuri päivitetty %[2]s:sta)",
+	"mail.actions.run_info_previous_status": "Edellisen ajon tila: %[1]s",
+	"mail.actions.run_info_trigger": "Laukaistui, koska: %[1]s, tekijänä: %[2]s",
+	"moderation.abuse_category.malware": "Haittaohjelma",
+	"moderation.abuse_category.illegal_content": "Laiton sisältö",
+	"watch.list.none": "Kukaan ei seuraa tätä tietovarastoa.",
+	"followers.incoming.list.self.none": "Kukaan ei seuraa profiiliasi.",
+	"followers.incoming.list.none": "Kukaan ei seuraa tätä käyttäjää.",
+	"followers.outgoing.list.self.none": "Et seuraa yhtäkään käyttäjää.",
+	"compare.branches.title": "Vertaa haaroja",
+	"admin.auths.allow_username_change": "Salli käyttäjänimen vaihto",
+	"admin.auths.allow_username_change.description": "Salli käyttäjien vaihtaa käyttäjänimiään profiiliasetuksissaan",
+	"moderation.report_remarks": "Havainnot",
+	"repo.settings.push_mirror.branch_filter.label": "Haarasuodatin (valinnainen)",
+	"discussion.sidebar.reference": "Viittaus",
+	"profile.edit.link": "Muokkaa profiilia",
+	"feed.atom.link": "Atom-syöte",
+	"keys.ssh.link": "SSH-avaimet",
+	"keys.gpg.link": "GPG-avaimet",
+	"admin.moderation.reports": "Raportit",
+	"admin.moderation.no_open_reports": "Ei avoimia raportteja.",
+	"stars.list.none": "Kukaan ei ole lisännyt tähteä tähän tietovarastoon.",
+	"followers.outgoing.list.none": "%s ei seuraa yhtäkään käyttäjää.",
+	"moderation.report_abuse_form.details": "Käytä tätä lomaketta ilmoittaaksesi käyttäjistä, jotka luovat roskapostiprofiileja, -tietovarastoja, -ongelmia, -kommentteja tai muuten käyttäytyvät soveltumattomasti.",
+	"repo.settings.push_mirror.branch_filter.description": "Peilattavat haarat. Jätä tyhjäksi peilataksesi kaikki haarat. Lue <a href=\"%[1]s\">%[2]s-dokumentaatio</a> nähdäksesi syntaksin. Esimerkit: <code>main, release/*</code>",
+	"profile.actions.tooltip": "Lisää toimintoja",
+	"editor.textarea.tab_hint": "Rivi on jo sisennetty. Paina <kbd>Tab</kbd> uudelleen tai <kbd>Escape</kbd> poistuaksesi editorista.",
+	"mail.actions.run_info_sha": "Kommitti: %[1]s",
+	"editor.textarea.shift_tab_hint": "Ei sisennystä tällä rivillä. Paina <kbd>Shift</kbd> + <kbd>Tab</kbd> uudelleen tai <kbd>Escape</kbd> poistuaksesi editorista.",
+	"admin.config.global_2fa_requirement.all": "Kaikki käyttäjät",
+	"admin.config.global_2fa_requirement.admin": "Ylläpitäjät",
+	"repo.pulls.already_merged": "Yhdistäminen epäonnistui: tämä vetopyyntö on jo yhdistetty.",
+	"moderation.report_abuse": "Ilmoita väärinkäytöstä",
+	"moderation.report_content": "Ilmoita sisällöstä",
+	"moderation.report_abuse_form.header": "Ilmoita väärinkäytöstä ylläpidolle",
+	"moderation.report_abuse_form.already_reported": "Olet jo ilmoittanut tästä sisällöstä",
+	"moderation.abuse_category": "Luokka",
+	"moderation.abuse_category.placeholder": "Valitse luokka",
+	"moderation.abuse_category.spam": "Roskaposti",
+	"moderation.abuse_category.other_violations": "Muut alustan sääntöjen vastaiset toimet",
+	"moderation.report_remarks.placeholder": "Kerro lisätietoja väärinkäytökseen liittyen.",
+	"moderation.submit_report": "Lähetä raportti",
+	"moderation.reporting_failed": "Uuden väärinkäytösraportin lähettäminen ei onnistu: %v",
+	"moderation.reported_thank_you": "Kiitos ilmoituksesta. Ylläpito on nyt tietoinen siitä.",
+	"repo.diff.commit.next-short": "Seuraava",
+	"repo.diff.commit.previous-short": "Edellinen",
+	"admin.dashboard.remove_resolved_reports": "Poista selvitetyt raportit",
+	"migrate.pagure.project_url": "Pagure-projektin URL-osoite",
+	"migrate.pagure.project_example": "Pagure-projektin URL-osoite, esim. https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Poletti",
+	"migrate.github.description": "Tee migraatio github.comista tai GitHub Enterprise -palvelimelta.",
+	"migrate.git.description": "Suorita tietovaraston migraatio mistä tahansa Git-palvelusta.",
+	"migrate.gitea.description": "Tee migraatio gitea.comista tai muista Gitea-instansseista.",
+	"migrate.gitlab.description": "Tee migraatio gitlab.comista tai muista GitLab-instansseista.",
+	"migrate.gogs.description": "Tee migraatio notabug.orgista tai muista Gogs-instansseista.",
+	"migrate.onedev.description": "Tee migraatio code.onedev.io:sta tai muista OneDev-instansseista.",
+	"migrate.gitbucket.description": "Tee migraatio GitBucket-instansseista.",
+	"migrate.codebase.description": "Tee migraatio codebasehq.comista.",
+	"migrate.forgejo.description": "Tee migraatio codeberg.orgista tai muista Forgejo-instansseista.",
+	"moderation.report_abuse_form.invalid": "Virheelliset argumentit",
+	"admin.config.security": "Turvallisuusasetukset",
+	"admin.config.global_2fa_requirement.title": "Globaali kaksivaiheisen tunnistuksen vaatimus",
+	"admin.config.global_2fa_requirement.none": "Ei",
+	"settings.visibility.description": "Profiilin näkyvyys vaikuttaa muiden mahdollisuuteen päästä ei-yksityisiin tietovarastoihisi. <a href=\"%s\" target=\"_blank\">Lue lisää</a>.",
+	"settings.twofa_unroll_unavailable": "Kaksivaiheinen tunnistautuminen vaaditaan tilillesi, eikä sitä voi poistaa käytöstä.",
+	"settings.twofa_reenroll": "Ota uudelleen käyttöön kaksivaiheinen tunnistus",
+	"settings.must_enable_2fa": "Tämä Forgejo-instanssi vaatii käyttäjien ottavan käyttöön kaksivaiheisen tunnistuksen, ennen kuin käyttäjätiliä voi käyttää.",
+	"error.must_enable_2fa": "Tämä Forgejo-instanssi vaatii käyttäjien ottavan käyttöön kaksivaiheisen tunnistuksen, ennen kuin käyttäjätiliä voi käyttää. Ota se käyttöön: %s",
+	"avatar.constraints_hint": "Mukautettu profiilikuva voi olla kooltaan enintään %[1]s tai enintään %[2]dx%[3]d pikseliä",
+	"repo.commit.load_tags_failed": "Tagien lataaminen epäonnistui sisäisen virheen vuoksi",
+	"actions.runs.run_attempt_label": "Suoritusyritys #%[1]s (%[2]s)",
+	"migrate.pagure.description": "Tee migraatio pagure.io:sta tai muista Pagure-instansseista.",
+	"pulse.n_active_issues": {
+		"one": "%s aktiivinen ongelma",
+		"other": "%s aktiivista ongelmaa"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s aktiivinen vetopyyntö",
+		"other": "%s aktiivista vetopyyntöä"
+	},
+	"repo.pulls.maintainers_can_edit": "Ylläpitäjät voivat muokata tätä vetopyyntöä.",
+	"repo.pulls.maintainers_cannot_edit": "Ylläpitäjät eivät voi muokata tätä vetopyyntöä.",
+	"repo.form.cannot_create": "Kaikki tilat, joihin voit luoda tietovarastoja, ovat saavuttaneet tietovarastojen rajan.",
+	"migrate.form.error.url_credentials": "URL-osoite sisältää valtuustiedot, laita ne vastaavasti käyttäjänimi- ja salasanakenttiin",
+	"warning.repository.out_of_sync": "Tämän tietotietovaraston tietokantaesitys ei ole synkronoitu. Jos tämä varoitus näkyy edelleen tämän tietovaraston sitoumuksen lähettämisen jälkeen, ota yhteyttä järjestelmänvalvojaan.",
+	"admin.moderation.deleted_content_ref": "Ilmoitettua sisältöä, jonka tyyppi on %[1]v ja tunnus %[2]d, ei enää ole olemassa",
+	"settings.twofa_reenroll.description": "Ota mukaan kaksivaiheinen todennus uudelleen",
+	"user.ghost.tooltip": "Tämä käyttäjä on poistettu tai häntä ei voida yhdistää.",
+	"og.repo.summary_card.alt_description": "Yhteenvetokortti tietovarastosta %[1]s, kuvattu seuraavasti: %[2]s",
+	"migrate.pagure.incorrect_url": "Virheellinen lähdetietovaraston URL-osoite on syötetty",
+	"actions.runs.viewing_out_of_date_run": "Katselet tämän työn vanhentunutta suorituskertaa, joka suoritettiin %[1]s.",
+	"watch.n_watchers": {
+		"one": "%s seuraaja",
+		"other": "%s seuraajaa"
+	},
+	"repo.issues.filter_poster.hint": "Suodata tekijän perusteella",
+	"repo.issues.filter_reviewers.hint": "Suodata katselmoijan perusteella",
+	"repo.issues.filter_mention.hint": "Suodata mainitun käyttäjän perusteella",
+	"repo.issues.filter_modified.hint": "Suodata viimeisimmän muokkauspäivän perusteella",
+	"search.syntax": "Hakusyntaksi",
+	"keys.verify.token.hint": "Poletti on voimassa vain 1 minuutin. <a href=\"%[1]s\">Hanki uusi jos se vanheni</a>.",
+	"admin.moderation.moderation_reports": "Moderaatioraportit",
+	"migrate.pagure.private_issues.summary": "Yksityiset ongelmat (valinnainen)",
+	"teams.add_all_repos.modal.header": "Lisää kaikki tietovarastot",
+	"teams.remove_all_repos.modal.header": "Poista kaikki tietovarastot",
+	"repo.pulls.poster_trust_deny": "Kiellä",
+	"repo.pulls.poster_trust_once": "Hyväksy kerran",
+	"repo.pulls.poster_trust_always": "Hyväksy aina",
+	"moderation.action.account.delete": "Poista tili",
+	"moderation.action.account.suspend": "Jäädytä tili",
+	"moderation.action.repo.delete": "Poista tietovarasto",
+	"moderation.action.issue.delete": "Poista ongelma",
+	"moderation.action.comment.delete": "Poista kommentti",
+	"moderation.unknown_action": "Tuntematon toiminto",
+	"moderation.users.cannot_suspend_self": "Et voi jäädyttää omaa tiliäsi.",
+	"moderation.users.cannot_suspend_org": "Organisaatioita ei voi jäädyttää.",
+	"moderation.users.already_suspended": "Käyttäjätili on jo jäädytetty.",
+	"moderation.users.suspend_success": "Käyttäjätili on jäädytetty.",
+	"moderation.issue.deletion_success": "Ongelma on poistettu.",
+	"moderation.comment.deletion_success": "Kommentti on poistettu."
 }
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index bcfc7473c6..2ecf59ba73 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -1,243 +1,243 @@
 {
-    "fork.n_forks": {
-        "one": "%s fork",
-        "other": "%s mga fork"
-    },
-    "stars.n_stars": {
-        "one": "%s bituin",
-        "other": "%s mga bitwin"
-    },
-    "release.n_downloads": {
-        "one": "%s download",
-        "other": "%s mga download"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "isinali ang %[1]d commit mula <code>%[2]s</code> patungong <code>%[3]s</code> %[4]s",
-        "other": "isinali ang %[1]d mga commit mula sa <code>%[2]s</code> patungong <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "hinihiling na isama ang %[1]d commit mula <code>%[2]s</code> patungong <code id=\"%[4]s\">%[3]s</code>",
-        "other": "hiniling na isama ang %[1]d mga commit mula sa <code>%[2]s</code> patungong <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Maghanap ng mga milestone…",
-    "incorrect_root_url": "Ang Forgejo instance na ito ay naka-configure na ma-serve sa \"%s\". Kasalukuyan mong tinitignan ang Forgejo sa pamamagitan ng ibang URL, na maaaring magdulot na ang mga ibang bahagi ng application na masira. Ang canonical URL ay kino-control ng mga tagapangasiwa ng Forgejo sa pamamagitan ng ROOT_URL setting sa app.ini.",
-    "themes.names.forgejo-auto": "Forgejo (sundan ang tema ng sistema)",
-    "themes.names.forgejo-light": "Maliwanag na Forgejo",
-    "themes.names.forgejo-dark": "Madilim na Forgejo",
-    "home.welcome.no_activity": "Walang aktibidad",
-    "home.welcome.activity_hint": "Wala pang laman ang iyong feed. Makikita dito ang iyong mga aksyon at aktibidad mula sa mga repositoryo na pinapanood mo.",
-    "home.explore_repos": "Tuklasin ang mga repositoryo",
-    "home.explore_users": "Tuklasin ang mga user",
-    "home.explore_orgs": "Tuklasin ang mga organisasyon",
-    "error.not_found.title": "Hindi nahanap ang pahina",
-    "alert.asset_load_failed": "Nabigong i-load ang mga asset file mula sa {path}. Siguraduhin na maa-access ang mga asset file.",
-    "install.invalid_lfs_path": "Nabigong gawin ang LFS root sa tinakdang path: %[1]s",
-    "alert.range_error": " dapat ay numero sa pagitan ng %[1]s at %[2]s.",
-    "meta.last_line": "Every day, I imagine a future where I can be with you. In my hand is a pen that will write a poem of me and you. The ink flows down into a dark puddle... Just move your hand, write the way into his heart. But in this world of infinite choices, what will it take just to find that special day? Have I found everybody a fun assignment to do today? When you're here, everything that we do is fun for them anyway... When I can't even read my own feelings, what good are words when a smile says it all? And if this world won't write me an ending, what will it take just for me to have it all? Does my pen only write bitter words for those who are dear to me? Is it love if I take you, or is it love if I set you free? The ink flows down into a dark puddle... How can I write love into reality? If I can't hear the sound of your heartbeat, what do you call love in your reality? And in your reality, if I don't know how to love you... I'll leave you be.",
-    "mail.actions.successful_run_after_failure": "Na-recover ang workflow na %[1]s sa repositoryong %[2]s",
-    "mail.actions.not_successful_run": "Nabigo ang workflow na %[1]s sa repositoryong %[2]s",
-    "mail.actions.run_info_previous_status": "Nakaraang Status ng Run: %[1]s",
-    "mail.actions.run_info_trigger": "Na-trigger dahil: %[1]s ni/ng: %[2]s",
-    "mail.actions.successful_run_after_failure_subject": "Na-recover ang workflow na %[1]s sa repositoryong %[2]s",
-    "mail.actions.not_successful_run_subject": "Nabigo ang workflow na %[1]s sa repositoryong %[2]s",
-    "mail.actions.run_info_cur_status": "Status ng Run na Ito: %[1]s (na-update lang mula sa %[2]s)",
-    "relativetime.now": "ngayon",
-    "relativetime.mins": {
-        "one": "%d minuto ang nakalipas",
-        "other": "%d (na) minuto ang nakalipas"
-    },
-    "relativetime.days": {
-        "one": "%d araw ang nakalipas",
-        "other": "%d (na) araw ang nakalipas"
-    },
-    "relativetime.weeks": {
-        "one": "%d linggo ang nakalipas",
-        "other": "%d (na) linggo ang nakalipas"
-    },
-    "relativetime.years": {
-        "one": "%d taon ang nakalipas",
-        "other": "%d (na) taon ang nakalipas"
-    },
-    "relativetime.2days": "2 araw ang nakalipas",
-    "relativetime.2weeks": "2 linggo ang nakalipas",
-    "relativetime.2months": "2 buwan ang nakalipas",
-    "relativetime.1week": "nakaraang linggo",
-    "relativetime.future": "sa kinabukasan",
-    "relativetime.2years": "2 taon ang nakalipas",
-    "relativetime.1day": "kahapon",
-    "relativetime.hours": {
-        "one": "%d oras ang nakalipas",
-        "other": "%d (na) oras ang nakalipas"
-    },
-    "relativetime.months": {
-        "one": "%d buwan ang nakalipas",
-        "other": "%d (na) buwan ang nakalipas"
-    },
-    "discussion.locked": "Naka-kandado ang pag-uusap na ito. Nilimitahan ang pagkomento sa mga tagatulong.",
-    "relativetime.1month": "nakaraang buwan",
-    "relativetime.1year": "nakaraang taon",
-    "moderation.report_abuse_form.details": "Dapat gamitin ang form na ito upang mag-ulat ng mga user na gumagawa ng mga spam na profile, repositoryo, isyu, komento, o kumikilos nang hindi naaangkop.",
-    "admin.config.moderation_config": "Pagsasaayos ng Moderation",
-    "moderation.report_abuse": "Mag-ulat ng pang aabuso",
-    "moderation.report_content": "Iulat ng nilalaman",
-    "moderation.report_abuse_form.header": "Mag-ulat ng pang aabuso sa tagapangasiwa",
-    "moderation.report_abuse_form.invalid": "Hindi wasto ang mga argumento",
-    "moderation.report_abuse_form.already_reported": "Inulat mo na ang nilalaman na ito",
-    "moderation.abuse_category": "Kategorya",
-    "moderation.abuse_category.placeholder": "Pumili ng kategorya",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Malware",
-    "moderation.abuse_category.illegal_content": "Ilegal na nilalaman",
-    "moderation.abuse_category.other_violations": "Mga ibang paglabag sa mga patakaran ng platform",
-    "moderation.report_remarks": "Mga pahayag",
-    "moderation.report_remarks.placeholder": "Mangyaring magbigay ng mga detalye tungkol sa pang aabuso na inuulat mo.",
-    "moderation.submit_report": "I-submit ang ulat",
-    "moderation.reporting_failed": "Hindi ma-submit ang bagong ulat sa pang aabuso: %v",
-    "moderation.reported_thank_you": "Salamat sa iyong ulat. Naipaalam na ito sa administrasyon.",
-    "repo.form.cannot_create": "Naabot na ng lahat ng mga espasyo kung saan ka makakagawa ng mga repositoryo ang limitasyon ng mga repositoryo.",
-    "stars.list.none": "Wala pang nag-star ng repositoryong ito.",
-    "followers.incoming.list.self.none": "Walang sumusubaybay sa iyong profile.",
-    "repo.issue_indexer.title": "Indexer ng Isyu",
-    "watch.list.none": "Wala pang nanonood sa repositoryong ito.",
-    "followers.incoming.list.none": "Wala pang sumusunod sa user na ito.",
-    "followers.outgoing.list.self.none": "Hindi ka sumusunod ng anumang tao.",
-    "followers.outgoing.list.none": "Hindi sinusundan ni %s ang sinuman.",
-    "editor.textarea.tab_hint": "Naka-indent na ang linya. Pindutin ulit ang <kbd>Tab</kbd> o <kbd>Escape</kbd> para umalis sa editor.",
-    "editor.textarea.shift_tab_hint": "Walang indentation sa linyang ito. Pindutin ang <kbd>Shift</kbd> + <kbd>Tab</kbd> ulit o <kbd>Escape</kbd> para umalis sa editor.",
-    "admin.dashboard.cleanup_offline_runners": "Linisin ang mga offline na runner",
-    "settings.visibility.description": "Maaapektuhan ng visibility ng profile ang kakayahan ng iba na i-access ang iyong mga hindi pribadong repositoryo. <a href=\"%s\" target=\"_blank\">Matuto pa</a>.",
-    "avatar.constraints_hint": "Hindi maaaring lumagpas sa laking %[1]s o mas malaki sa %[2]dx%[3]d pixel ang custom na avatar",
-    "repo.diff.commit.next-short": "Susunod",
-    "repo.diff.commit.previous-short": "Nakaraan",
-    "profile.edit.link": "I-edit ang profile",
-    "feed.atom.link": "Atom feed",
-    "keys.ssh.link": "Mga SSH key",
-    "keys.gpg.link": "Mga GPG key",
-    "profile.actions.tooltip": "Higit pang mga aksyon",
-    "og.repo.summary_card.alt_description": "Card ng pangkalahatang ideya ng repositoryong %[1]s, inilalarawan bilang: %[2]s",
-    "mail.actions.run_info_sha": "Commit: %[1]s",
-    "repo.settings.push_mirror.branch_filter.label": "Filter ng branch (opsyonal)",
-    "repo.settings.push_mirror.branch_filter.description": "Mga branch na imi-mirror. Iwanang walang laman para i-mirror ang lahat ng mga branch. Tignan ang <a href=\"%[1]s\">dokumentasyon ng %[2]s</a> para sa syntax. Halimbawa: <code>main, your-reality, release/*</code>",
-    "discussion.sidebar.reference": "Sangguni",
-    "admin.moderation.moderation_reports": "Mga ulat sa moderation",
-    "admin.moderation.no_open_reports": "Kasalukuyang walang mga nakabukas na ulat.",
-    "admin.moderation.reports": "Mga ulat",
-    "admin.moderation.deleted_content_ref": "Hindi na umiiral ang inulat na nilalaman na may uri na %[1]v at ID %[2]d",
-    "admin.dashboard.remove_resolved_reports": "Tanggalin ang mga naresolbang ulat",
-    "compare.branches.title": "Ikumpara ang mga branch",
-    "repo.commit.load_tags_failed": "Nabigo ang pag-load ng mga tag dahil sa isang panloob na error",
-    "admin.auths.allow_username_change": "Payagan ang pagpalit ng username",
-    "admin.auths.allow_username_change.description": "Payagan ang mga user na palitan ang kanilang username sa mga setting ng profile",
-    "warning.repository.out_of_sync": "Wala sa pag-sync ang database na representasyon ng repositoryong ito. Kung pinapakita pa rin ang babala na ito pagkagapos magtulak ng commit sa repositoryong ito, makipagugnayan sa tagapangasiwa.",
-    "repo.pulls.already_merged": "Nabigo ang pagsasama: Naisama na ang hiling sa paghila na ito.",
-    "migrate.pagure.incorrect_url": "Maling pinagmulang URL ng repositoryo ang ibinigay",
-    "migrate.pagure.project_url": "URL ng Pagure na proyekto",
-    "migrate.pagure.token_label": "Pagure API Token",
-    "migrate.pagure.project_example": "Ang URL ng Pagure na proyekto, hal. https://pagure.io/pagure",
-    "migrate.pagure.description": "Mag-migrate ng data mula sa pagure.io o sa ibang mga Pagure na instansya.",
-    "migrate.github.description": "Magmigrate ng data mula sa github.com o GitHub Enterprise server.",
-    "migrate.git.description": "Mag-migrate lang ng repositoryo mula sa anumang serbisyo ng Git.",
-    "migrate.gitea.description": "Mag-migrate ng data mula sa gitea.com o iba pang mga Gitea na instansya.",
-    "migrate.gitlab.description": "Mag-migrate ng data mula sa gitlab.com o iba pang mga GitLab na instansya.",
-    "migrate.gogs.description": "Mag-migrate ng data mula sa notabug.org o iba pang mga Gogs na instansya.",
-    "migrate.onedev.description": "Mag-migrate ng data mula sa code.onedev.io o iba pang mga OneDev na instansya.",
-    "migrate.gitbucket.description": "Mag-migrate ng data mula sa mga GitBucket na instansya.",
-    "migrate.codebase.description": "Mag-migrate ng data mula sa codebasehq.com.",
-    "migrate.forgejo.description": "Mag-migrate ng data mula sa codeberg.org o iba pang mga Forgejo na instansya.",
-    "admin.config.security": "Pagsasaayos sa seguridad",
-    "error.must_enable_2fa": "Kinakailangan ng instansyang ito na ang mga user ay paganahin ang authentikasyong two-factor bago nila i-access ang kani-kanilang account. Paganahin ito sa: %s",
-    "admin.config.global_2fa_requirement.title": "Global na pangangailangan ng two-factor",
-    "settings.twofa_reenroll.description": "I-enroll muli ang iyong authentikasyong two-factor",
-    "settings.must_enable_2fa": "Kinakailangan ng instansyang ito na ang mga user ay paganahin ang authentikasyong two-factor bago nila i-access ang kani-kanilang account.",
-    "admin.config.global_2fa_requirement.none": "Hindi",
-    "admin.config.global_2fa_requirement.all": "Lahat ng mga user",
-    "admin.config.global_2fa_requirement.admin": "Mga tagapangasiwa",
-    "settings.twofa_unroll_unavailable": "Kinakailangan ang authentikasyong two-factor para sa iyong account at hindi maaaring i-disable.",
-    "settings.twofa_reenroll": "I-enroll muli ang authentikasyong two-factor",
-    "user.ghost.tooltip": "Binura ang user na ito, o hindi matugma.",
-    "migrate.form.error.url_credentials": "Naglalaman ng mga kredensyal ang URL, ilagay ang mga ito sa mga patlang ng username at password ayon sa pagkakabanggit",
-    "actions.runs.viewing_out_of_date_run": "Tumitingin ka sa isang hindi napapanahong paktabo ng trabahong ito na na-execute %[1]s.",
-    "actions.runs.view_most_recent_run": "Tignan ang pinakabagong pagtakbo",
-    "actions.runs.run_attempt_label": "Tangka sa pagtakbo #%[1]s (%[2]s)",
-    "pulse.n_active_issues": {
-        "one": "%s aktibong isyu",
-        "other": "%s mga aktibong isyu"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s aktibong hiling sa paghila",
-        "other": "%s aktibong mga hiling sa paghila"
-    },
-    "repo.pulls.maintainers_can_edit": "Maaaring i-edit ng mga tagapangaiswa ang hiling sa paghila na ito.",
-    "repo.pulls.maintainers_cannot_edit": "Hindi maaaring i-edit ng mga tagapangasiwa ang hiling sa paghila na ito.",
-    "migrate.pagure.private_issues.summary": "Mga Pribadong Isyu (Opsyonal)",
-    "migrate.pagure.private_issues.description": "Dinisenyo ang feature na ito na gumawa ng isa pang repositoryo na naglalaman lamang ng mga pribadong isyu mula sa iyong proyekto sa Pagure para sa layunin ng pag-archive. Una, magsagawa ng isang normal na pag-migrate (nang walang token) para i-import ang lahat ng mga nilalaman. At, kung may mga pribadong isyu na gusto mong panatilihin, gumawa ng isang hiwalay na repositoryo gamit ng opsyon ng token na ito para i-archive ang mga pribadong isyu.",
-    "migrate.pagure.private_issues.warning": "Siguraduhing itakda ang visibility ng repositoryo sa itaas sa Pribado kung ginagamit mo ang API key para i-import ang mga pribadong isyu. Pinipigilan nito ang paglalantag ng mga pribadong nilalaman sa isang pampublikong repositoryo.",
-    "migrate.pagure.token.placeholder": "Para lamang sa paggawa ng archive ng mga pribadong isyu",
-    "mail.issue.action.close_by_commit": "Isinara ni %[1]s ang %[2]s sa commit na %[3]s.",
-    "actions.workflow.job_parsing_error": "Hindi ma-parse ang mga trabaho sa workflow: %v",
-    "actions.workflow.event_detection_error": "Hindi ma-parse ang mga sinusuportahang event sa workflow: %v",
-    "actions.workflow.pre_execution_error": "Hindi na-execute ang workflow dahil sa isang error na hinarang ang pagtangka sa pag-execute.",
-    "watch.n_watchers": {
-        "one": "%s nanonood",
-        "other": "%s (mga) nanonood"
-    },
-    "repo.pulls.poster_manage_approval": "Ipamahala ang pagapruba",
-    "repo.pulls.poster_requires_approval": "Ang ilang mga workflow ay <a href=\"%[1]s\">naghihintay para suriin.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "Ang may-akda ng hiling sa paghilang ito ay hindi pinagkatiwalaan na tumakbo ng mga workflow na na-trigger ng isang hiling sa paghila na ginawa mula sa naka-fork na repositoryo o gamit ang AGit. Hindi tatakbo ang mga workflow na na-trigger ng `pull_request` event hanggang sa sila ay aprubahan.",
-    "repo.pulls.poster_is_trusted": "Ang may-akda ng hiling sa paghilang ito ay <a href=\"%[1]s\">palaging pinagkakatiwalaan na tumakbo ng mga workflow.</a>",
-    "repo.issues.filter_poster.hint": "I-filter ayon sa may-akda",
-    "repo.issues.filter_assignee.hint": "I-filter ayon sa itinalagang user",
-    "repo.issues.filter_reviewers.hint": "I-filter ayon sa user na sinuri",
-    "repo.issues.filter_mention.hint": "I-filter ayon sa nabanggit na user",
-    "repo.issues.filter_modified.hint": "I-filter ayon sa petsa ng huling binago",
-    "repo.issues.filter_sort.hint": "Isaayos ayon sa: ginawa/komento/binago/takdang petsa",
-    "repo.pulls.poster_is_trusted.tooltip": "Tahasang pinagkakatiwalaan ang may-akda ng hiling sa paghila na ito na patakbuhin ang mga workflow na na-trigger ng mga `pull_request` na event.",
-    "repo.pulls.poster_trust_deny": "Tanggihan",
-    "repo.pulls.poster_trust_deny.tooltip": "Ikakansela ang mga workflow na naghihintay para sa pag apruba.",
-    "repo.pulls.poster_trust_once": "Aprubahan nang isang beses",
-    "repo.pulls.poster_trust_once.tooltip": "Tatakbo ang mga workflow na na-trigger ng `pull_request` na event sa commit na ito ngunit kailangang aprubahan para sa lahat ng mga hinaharap na commit na tinulak sa hiling sa paghila na ito.",
-    "repo.pulls.poster_trust_always": "Palaging aprubahan",
-    "repo.pulls.poster_trust_always.tooltip": "Tatakbo ang mga workflow na na-trigger ng `pull_request` na event sa commit na ito at hindi na kailangang aprubahan ang mga pagtakbo mula sa hiling sa paghila na ito o sa mga hinaharap na hiling sa paghila na ginawa ng user na ito.",
-    "repo.pulls.poster_trust_revoke": "Tanggihan",
-    "repo.pulls.poster_trust_revoke.tooltip": "Hindi na mapagkakatiwalaan ang may-akda ng hiling sa paghila na ito na tumakbo ng mga workflow na na-trigger ng `pull_request` na event, kailangang manu-manong aprubahan ang bawat pagtakbo.",
-    "search.syntax": "Syntax ng paghahanap",
-    "keys.verify.token.hint": "Valid lang ang token sa loob ng 1 minuto. <a href=\"%[1]s\">Kumuha ng bago kung nag-expire na ito</a>.",
-    "admin.dashboard.actions_action_user": "Bawiin ang tiwala ng Forgejo Actions para sa mga hindi aktibong user",
-    "admin.dashboard.transfer_lingering_logs": "Ilipat ang mga actions log ng mga natapos na actions na trabaho mula sa database sa storage",
-    "actions.status.diagnostics.waiting": {
-        "one": "Naghihintay ng runner na may sumusunod na label: %s",
-        "other": "Naghihintay ng runner na may sumusunod na mga label: %s"
-    },
-    "teams.add_all_repos.modal.header": "Idagdag ang lahat ng mga repositoryo",
-    "teams.remove_all_repos.modal.header": "Tanggalin ang lahat ng mga repositoryo",
-    "issues.updated": "binago %s",
-    "search.fuzzy": "Humigit-kumulang",
-    "search.fuzzy_tooltip": "Ang mga resulta ay isang higit-kumukulang na tugma sa terminong hinahanap",
-    "moderation.report.mark_as_handled": "Markahan bilang ginawa",
-    "moderation.report.mark_as_ignored": "Markahan bilang hindi pinansin",
-    "moderation.action.account.delete": "Burahin ang account",
-    "moderation.action.account.suspend": "Isuspinde ang account",
-    "moderation.action.repo.delete": "Burahin ang repositoryo",
-    "moderation.action.issue.delete": "Burahin ang isyu",
-    "moderation.action.comment.delete": "Burahin ang komento",
-    "moderation.unknown_action": "Hindi alam na aksyon",
-    "moderation.users.cannot_suspend_self": "Hindi mo maaaring isuspinde ang sarili mo.",
-    "moderation.users.cannot_suspend_admins": "Hindi maaaring isuspinde ang mga user na may pribilehiyong tagapangasiwa.",
-    "moderation.users.cannot_suspend_org": "Hindi maaaring isuspinde ang mga organisasyon.",
-    "moderation.users.already_suspended": "Sinuspinde na ang user account.",
-    "moderation.users.suspend_success": "Nasuspinde na ang user account.",
-    "moderation.users.cannot_delete_admins": "Hindi maaaring burahin ang mga user na may pribilehiyong tagapangasiwa.",
-    "moderation.issue.deletion_success": "Binura na ang isyu.",
-    "moderation.comment.deletion_success": "Binura na ang komento.",
-    "actions.workflow.persistent_incomplete_matrix": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s dahil sa hindi wastong `needs` na ekspresyon. Maaari itong sumangguni sa isang trabaho na hindi nasa `needs` na listahan (%[2]s), o isang output na hindi umiiral sa isa sa mga trabaho na iyon.",
-    "actions.workflow.incomplete_matrix_missing_job": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: hindi nasa listahan ng `needs`ng trabahong %[1]s (%[3]s) ang trabahong %[2]s.",
-    "actions.workflow.incomplete_matrix_missing_output": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: walang output na %[3]s ang trabahong %[2]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: hindi alam na error.",
-    "actions.workflow.incomplete_runson_missing_job": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi nasa listahan ng `needs` ng trabahong %[1]s (%[3]s) ang trabahong %[2]s.",
-    "actions.workflow.incomplete_runson_missing_output": "Hindi masuri ang `runs-on` ng trabahong %[1]s: walang output na %[3]s ang trabahong %[2]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi umiiral ang matrix dimension na %[2]s.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi alam na error.",
-    "admin.auths.oauth2_quota_group_claim_name": "Claim name na nagbibigay ng mga pangalan ng grupo para sa pinagmulan na ito na gagamitin sa pamamahala ng quota. (Opsyonal)",
-    "admin.auths.oauth2_quota_group_map": "I-map ang mga claimed group sa mga quota group. (Opsyonal - kinakailangan ang claim name sa itaas)",
-    "admin.auths.oauth2_quota_group_map_removal": "Tanggalin ang mga user mula sa mga naka-sync na quota group kung hindi nabibilang sa katumbas na grupo ang user."
+	"fork.n_forks": {
+		"one": "%s fork",
+		"other": "%s mga fork"
+	},
+	"stars.n_stars": {
+		"one": "%s bituin",
+		"other": "%s mga bitwin"
+	},
+	"release.n_downloads": {
+		"one": "%s download",
+		"other": "%s mga download"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "isinali ang %[1]d commit mula <code>%[2]s</code> patungong <code>%[3]s</code> %[4]s",
+		"other": "isinali ang %[1]d mga commit mula sa <code>%[2]s</code> patungong <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "hinihiling na isama ang %[1]d commit mula <code>%[2]s</code> patungong <code id=\"%[4]s\">%[3]s</code>",
+		"other": "hiniling na isama ang %[1]d mga commit mula sa <code>%[2]s</code> patungong <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Maghanap ng mga milestone…",
+	"incorrect_root_url": "Ang Forgejo instance na ito ay naka-configure na ma-serve sa \"%s\". Kasalukuyan mong tinitignan ang Forgejo sa pamamagitan ng ibang URL, na maaaring magdulot na ang mga ibang bahagi ng application na masira. Ang canonical URL ay kino-control ng mga tagapangasiwa ng Forgejo sa pamamagitan ng ROOT_URL setting sa app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (sundan ang tema ng sistema)",
+	"themes.names.forgejo-light": "Maliwanag na Forgejo",
+	"themes.names.forgejo-dark": "Madilim na Forgejo",
+	"home.welcome.no_activity": "Walang aktibidad",
+	"home.welcome.activity_hint": "Wala pang laman ang iyong feed. Makikita dito ang iyong mga aksyon at aktibidad mula sa mga repositoryo na pinapanood mo.",
+	"home.explore_repos": "Tuklasin ang mga repositoryo",
+	"home.explore_users": "Tuklasin ang mga user",
+	"home.explore_orgs": "Tuklasin ang mga organisasyon",
+	"error.not_found.title": "Hindi nahanap ang pahina",
+	"alert.asset_load_failed": "Nabigong i-load ang mga asset file mula sa {path}. Siguraduhin na maa-access ang mga asset file.",
+	"install.invalid_lfs_path": "Nabigong gawin ang LFS root sa tinakdang path: %[1]s",
+	"alert.range_error": " dapat ay numero sa pagitan ng %[1]s at %[2]s.",
+	"meta.last_line": "Every day, I imagine a future where I can be with you. In my hand is a pen that will write a poem of me and you. The ink flows down into a dark puddle... Just move your hand, write the way into his heart. But in this world of infinite choices, what will it take just to find that special day? Have I found everybody a fun assignment to do today? When you're here, everything that we do is fun for them anyway... When I can't even read my own feelings, what good are words when a smile says it all? And if this world won't write me an ending, what will it take just for me to have it all? Does my pen only write bitter words for those who are dear to me? Is it love if I take you, or is it love if I set you free? The ink flows down into a dark puddle... How can I write love into reality? If I can't hear the sound of your heartbeat, what do you call love in your reality? And in your reality, if I don't know how to love you... I'll leave you be.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.successful_run_after_failure": "Na-recover ang workflow na %[1]s sa repositoryong %[2]s",
+	"mail.actions.not_successful_run": "Nabigo ang workflow na %[1]s sa repositoryong %[2]s",
+	"mail.actions.run_info_previous_status": "Nakaraang Status ng Run: %[1]s",
+	"mail.actions.run_info_trigger": "Na-trigger dahil: %[1]s ni/ng: %[2]s",
+	"mail.actions.successful_run_after_failure_subject": "Na-recover ang workflow na %[1]s sa repositoryong %[2]s",
+	"mail.actions.not_successful_run_subject": "Nabigo ang workflow na %[1]s sa repositoryong %[2]s",
+	"mail.actions.run_info_cur_status": "Status ng Run na Ito: %[1]s (na-update lang mula sa %[2]s)",
+	"relativetime.now": "ngayon",
+	"relativetime.mins": {
+		"one": "%d minuto ang nakalipas",
+		"other": "%d (na) minuto ang nakalipas"
+	},
+	"relativetime.days": {
+		"one": "%d araw ang nakalipas",
+		"other": "%d (na) araw ang nakalipas"
+	},
+	"relativetime.weeks": {
+		"one": "%d linggo ang nakalipas",
+		"other": "%d (na) linggo ang nakalipas"
+	},
+	"relativetime.years": {
+		"one": "%d taon ang nakalipas",
+		"other": "%d (na) taon ang nakalipas"
+	},
+	"relativetime.2days": "2 araw ang nakalipas",
+	"relativetime.2weeks": "2 linggo ang nakalipas",
+	"relativetime.2months": "2 buwan ang nakalipas",
+	"relativetime.1week": "nakaraang linggo",
+	"relativetime.future": "sa kinabukasan",
+	"relativetime.2years": "2 taon ang nakalipas",
+	"relativetime.1day": "kahapon",
+	"relativetime.hours": {
+		"one": "%d oras ang nakalipas",
+		"other": "%d (na) oras ang nakalipas"
+	},
+	"relativetime.months": {
+		"one": "%d buwan ang nakalipas",
+		"other": "%d (na) buwan ang nakalipas"
+	},
+	"discussion.locked": "Naka-kandado ang pag-uusap na ito. Nilimitahan ang pagkomento sa mga tagatulong.",
+	"relativetime.1month": "nakaraang buwan",
+	"relativetime.1year": "nakaraang taon",
+	"moderation.report_abuse_form.details": "Dapat gamitin ang form na ito upang mag-ulat ng mga user na gumagawa ng mga spam na profile, repositoryo, isyu, komento, o kumikilos nang hindi naaangkop.",
+	"admin.config.moderation_config": "Pagsasaayos ng Moderation",
+	"moderation.report_abuse": "Mag-ulat ng pang aabuso",
+	"moderation.report_content": "Iulat ng nilalaman",
+	"moderation.report_abuse_form.header": "Mag-ulat ng pang aabuso sa tagapangasiwa",
+	"moderation.report_abuse_form.invalid": "Hindi wasto ang mga argumento",
+	"moderation.report_abuse_form.already_reported": "Inulat mo na ang nilalaman na ito",
+	"moderation.abuse_category": "Kategorya",
+	"moderation.abuse_category.placeholder": "Pumili ng kategorya",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Malware",
+	"moderation.abuse_category.illegal_content": "Ilegal na nilalaman",
+	"moderation.abuse_category.other_violations": "Mga ibang paglabag sa mga patakaran ng platform",
+	"moderation.report_remarks": "Mga pahayag",
+	"moderation.report_remarks.placeholder": "Mangyaring magbigay ng mga detalye tungkol sa pang aabuso na inuulat mo.",
+	"moderation.submit_report": "I-submit ang ulat",
+	"moderation.reporting_failed": "Hindi ma-submit ang bagong ulat sa pang aabuso: %v",
+	"moderation.reported_thank_you": "Salamat sa iyong ulat. Naipaalam na ito sa administrasyon.",
+	"repo.form.cannot_create": "Naabot na ng lahat ng mga espasyo kung saan ka makakagawa ng mga repositoryo ang limitasyon ng mga repositoryo.",
+	"stars.list.none": "Wala pang nag-star ng repositoryong ito.",
+	"followers.incoming.list.self.none": "Walang sumusubaybay sa iyong profile.",
+	"repo.issue_indexer.title": "Indexer ng Isyu",
+	"watch.list.none": "Wala pang nanonood sa repositoryong ito.",
+	"followers.incoming.list.none": "Wala pang sumusunod sa user na ito.",
+	"followers.outgoing.list.self.none": "Hindi ka sumusunod ng anumang tao.",
+	"followers.outgoing.list.none": "Hindi sinusundan ni %s ang sinuman.",
+	"editor.textarea.tab_hint": "Naka-indent na ang linya. Pindutin ulit ang <kbd>Tab</kbd> o <kbd>Escape</kbd> para umalis sa editor.",
+	"editor.textarea.shift_tab_hint": "Walang indentation sa linyang ito. Pindutin ang <kbd>Shift</kbd> + <kbd>Tab</kbd> ulit o <kbd>Escape</kbd> para umalis sa editor.",
+	"admin.dashboard.cleanup_offline_runners": "Linisin ang mga offline na runner",
+	"settings.visibility.description": "Maaapektuhan ng visibility ng profile ang kakayahan ng iba na i-access ang iyong mga hindi pribadong repositoryo. <a href=\"%s\" target=\"_blank\">Matuto pa</a>.",
+	"avatar.constraints_hint": "Hindi maaaring lumagpas sa laking %[1]s o mas malaki sa %[2]dx%[3]d pixel ang custom na avatar",
+	"repo.diff.commit.next-short": "Susunod",
+	"repo.diff.commit.previous-short": "Nakaraan",
+	"profile.edit.link": "I-edit ang profile",
+	"feed.atom.link": "Atom feed",
+	"keys.ssh.link": "Mga SSH key",
+	"keys.gpg.link": "Mga GPG key",
+	"profile.actions.tooltip": "Higit pang mga aksyon",
+	"og.repo.summary_card.alt_description": "Card ng pangkalahatang ideya ng repositoryong %[1]s, inilalarawan bilang: %[2]s",
+	"mail.actions.run_info_sha": "Commit: %[1]s",
+	"repo.settings.push_mirror.branch_filter.label": "Filter ng branch (opsyonal)",
+	"repo.settings.push_mirror.branch_filter.description": "Mga branch na imi-mirror. Iwanang walang laman para i-mirror ang lahat ng mga branch. Tignan ang <a href=\"%[1]s\">dokumentasyon ng %[2]s</a> para sa syntax. Halimbawa: <code>main, your-reality, release/*</code>",
+	"discussion.sidebar.reference": "Sangguni",
+	"admin.moderation.moderation_reports": "Mga ulat sa moderation",
+	"admin.moderation.no_open_reports": "Kasalukuyang walang mga nakabukas na ulat.",
+	"admin.moderation.reports": "Mga ulat",
+	"admin.moderation.deleted_content_ref": "Hindi na umiiral ang inulat na nilalaman na may uri na %[1]v at ID %[2]d",
+	"admin.dashboard.remove_resolved_reports": "Tanggalin ang mga naresolbang ulat",
+	"compare.branches.title": "Ikumpara ang mga branch",
+	"repo.commit.load_tags_failed": "Nabigo ang pag-load ng mga tag dahil sa isang panloob na error",
+	"admin.auths.allow_username_change": "Payagan ang pagpalit ng username",
+	"admin.auths.allow_username_change.description": "Payagan ang mga user na palitan ang kanilang username sa mga setting ng profile",
+	"warning.repository.out_of_sync": "Wala sa pag-sync ang database na representasyon ng repositoryong ito. Kung pinapakita pa rin ang babala na ito pagkagapos magtulak ng commit sa repositoryong ito, makipagugnayan sa tagapangasiwa.",
+	"repo.pulls.already_merged": "Nabigo ang pagsasama: Naisama na ang hiling sa paghila na ito.",
+	"migrate.pagure.incorrect_url": "Maling pinagmulang URL ng repositoryo ang ibinigay",
+	"migrate.pagure.project_url": "URL ng Pagure na proyekto",
+	"migrate.pagure.token_label": "Pagure API Token",
+	"migrate.pagure.project_example": "Ang URL ng Pagure na proyekto, hal. https://pagure.io/pagure",
+	"migrate.pagure.description": "Mag-migrate ng data mula sa pagure.io o sa ibang mga Pagure na instansya.",
+	"migrate.github.description": "Magmigrate ng data mula sa github.com o GitHub Enterprise server.",
+	"migrate.git.description": "Mag-migrate lang ng repositoryo mula sa anumang serbisyo ng Git.",
+	"migrate.gitea.description": "Mag-migrate ng data mula sa gitea.com o iba pang mga Gitea na instansya.",
+	"migrate.gitlab.description": "Mag-migrate ng data mula sa gitlab.com o iba pang mga GitLab na instansya.",
+	"migrate.gogs.description": "Mag-migrate ng data mula sa notabug.org o iba pang mga Gogs na instansya.",
+	"migrate.onedev.description": "Mag-migrate ng data mula sa code.onedev.io o iba pang mga OneDev na instansya.",
+	"migrate.gitbucket.description": "Mag-migrate ng data mula sa mga GitBucket na instansya.",
+	"migrate.codebase.description": "Mag-migrate ng data mula sa codebasehq.com.",
+	"migrate.forgejo.description": "Mag-migrate ng data mula sa codeberg.org o iba pang mga Forgejo na instansya.",
+	"admin.config.security": "Pagsasaayos sa seguridad",
+	"error.must_enable_2fa": "Kinakailangan ng instansyang ito na ang mga user ay paganahin ang authentikasyong two-factor bago nila i-access ang kani-kanilang account. Paganahin ito sa: %s",
+	"admin.config.global_2fa_requirement.title": "Global na pangangailangan ng two-factor",
+	"settings.twofa_reenroll.description": "I-enroll muli ang iyong authentikasyong two-factor",
+	"settings.must_enable_2fa": "Kinakailangan ng instansyang ito na ang mga user ay paganahin ang authentikasyong two-factor bago nila i-access ang kani-kanilang account.",
+	"admin.config.global_2fa_requirement.none": "Hindi",
+	"admin.config.global_2fa_requirement.all": "Lahat ng mga user",
+	"admin.config.global_2fa_requirement.admin": "Mga tagapangasiwa",
+	"settings.twofa_unroll_unavailable": "Kinakailangan ang authentikasyong two-factor para sa iyong account at hindi maaaring i-disable.",
+	"settings.twofa_reenroll": "I-enroll muli ang authentikasyong two-factor",
+	"user.ghost.tooltip": "Binura ang user na ito, o hindi matugma.",
+	"migrate.form.error.url_credentials": "Naglalaman ng mga kredensyal ang URL, ilagay ang mga ito sa mga patlang ng username at password ayon sa pagkakabanggit",
+	"actions.runs.viewing_out_of_date_run": "Tumitingin ka sa isang hindi napapanahong paktabo ng trabahong ito na na-execute %[1]s.",
+	"actions.runs.view_most_recent_run": "Tignan ang pinakabagong pagtakbo",
+	"actions.runs.run_attempt_label": "Tangka sa pagtakbo #%[1]s (%[2]s)",
+	"pulse.n_active_issues": {
+		"one": "%s aktibong isyu",
+		"other": "%s mga aktibong isyu"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s aktibong hiling sa paghila",
+		"other": "%s aktibong mga hiling sa paghila"
+	},
+	"repo.pulls.maintainers_can_edit": "Maaaring i-edit ng mga tagapangaiswa ang hiling sa paghila na ito.",
+	"repo.pulls.maintainers_cannot_edit": "Hindi maaaring i-edit ng mga tagapangasiwa ang hiling sa paghila na ito.",
+	"migrate.pagure.private_issues.summary": "Mga Pribadong Isyu (Opsyonal)",
+	"migrate.pagure.private_issues.description": "Dinisenyo ang feature na ito na gumawa ng isa pang repositoryo na naglalaman lamang ng mga pribadong isyu mula sa iyong proyekto sa Pagure para sa layunin ng pag-archive. Una, magsagawa ng isang normal na pag-migrate (nang walang token) para i-import ang lahat ng mga nilalaman. At, kung may mga pribadong isyu na gusto mong panatilihin, gumawa ng isang hiwalay na repositoryo gamit ng opsyon ng token na ito para i-archive ang mga pribadong isyu.",
+	"migrate.pagure.private_issues.warning": "Siguraduhing itakda ang visibility ng repositoryo sa itaas sa Pribado kung ginagamit mo ang API key para i-import ang mga pribadong isyu. Pinipigilan nito ang paglalantag ng mga pribadong nilalaman sa isang pampublikong repositoryo.",
+	"migrate.pagure.token.placeholder": "Para lamang sa paggawa ng archive ng mga pribadong isyu",
+	"mail.issue.action.close_by_commit": "Isinara ni %[1]s ang %[2]s sa commit na %[3]s.",
+	"actions.workflow.job_parsing_error": "Hindi ma-parse ang mga trabaho sa workflow: %v",
+	"actions.workflow.event_detection_error": "Hindi ma-parse ang mga sinusuportahang event sa workflow: %v",
+	"actions.workflow.pre_execution_error": "Hindi na-execute ang workflow dahil sa isang error na hinarang ang pagtangka sa pag-execute.",
+	"watch.n_watchers": {
+		"one": "%s nanonood",
+		"other": "%s (mga) nanonood"
+	},
+	"repo.pulls.poster_manage_approval": "Ipamahala ang pagapruba",
+	"repo.pulls.poster_requires_approval": "Ang ilang mga workflow ay <a href=\"%[1]s\">naghihintay para suriin.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "Ang may-akda ng hiling sa paghilang ito ay hindi pinagkatiwalaan na tumakbo ng mga workflow na na-trigger ng isang hiling sa paghila na ginawa mula sa naka-fork na repositoryo o gamit ang AGit. Hindi tatakbo ang mga workflow na na-trigger ng `pull_request` event hanggang sa sila ay aprubahan.",
+	"repo.pulls.poster_is_trusted": "Ang may-akda ng hiling sa paghilang ito ay <a href=\"%[1]s\">palaging pinagkakatiwalaan na tumakbo ng mga workflow.</a>",
+	"repo.issues.filter_poster.hint": "I-filter ayon sa may-akda",
+	"repo.issues.filter_assignee.hint": "I-filter ayon sa itinalagang user",
+	"repo.issues.filter_reviewers.hint": "I-filter ayon sa user na sinuri",
+	"repo.issues.filter_mention.hint": "I-filter ayon sa nabanggit na user",
+	"repo.issues.filter_modified.hint": "I-filter ayon sa petsa ng huling binago",
+	"repo.issues.filter_sort.hint": "Isaayos ayon sa: ginawa/komento/binago/takdang petsa",
+	"repo.pulls.poster_is_trusted.tooltip": "Tahasang pinagkakatiwalaan ang may-akda ng hiling sa paghila na ito na patakbuhin ang mga workflow na na-trigger ng mga `pull_request` na event.",
+	"repo.pulls.poster_trust_deny": "Tanggihan",
+	"repo.pulls.poster_trust_deny.tooltip": "Ikakansela ang mga workflow na naghihintay para sa pag apruba.",
+	"repo.pulls.poster_trust_once": "Aprubahan nang isang beses",
+	"repo.pulls.poster_trust_once.tooltip": "Tatakbo ang mga workflow na na-trigger ng `pull_request` na event sa commit na ito ngunit kailangang aprubahan para sa lahat ng mga hinaharap na commit na tinulak sa hiling sa paghila na ito.",
+	"repo.pulls.poster_trust_always": "Palaging aprubahan",
+	"repo.pulls.poster_trust_always.tooltip": "Tatakbo ang mga workflow na na-trigger ng `pull_request` na event sa commit na ito at hindi na kailangang aprubahan ang mga pagtakbo mula sa hiling sa paghila na ito o sa mga hinaharap na hiling sa paghila na ginawa ng user na ito.",
+	"repo.pulls.poster_trust_revoke": "Tanggihan",
+	"repo.pulls.poster_trust_revoke.tooltip": "Hindi na mapagkakatiwalaan ang may-akda ng hiling sa paghila na ito na tumakbo ng mga workflow na na-trigger ng `pull_request` na event, kailangang manu-manong aprubahan ang bawat pagtakbo.",
+	"search.syntax": "Syntax ng paghahanap",
+	"keys.verify.token.hint": "Valid lang ang token sa loob ng 1 minuto. <a href=\"%[1]s\">Kumuha ng bago kung nag-expire na ito</a>.",
+	"admin.dashboard.actions_action_user": "Bawiin ang tiwala ng Forgejo Actions para sa mga hindi aktibong user",
+	"admin.dashboard.transfer_lingering_logs": "Ilipat ang mga actions log ng mga natapos na actions na trabaho mula sa database sa storage",
+	"actions.status.diagnostics.waiting": {
+		"one": "Naghihintay ng runner na may sumusunod na label: %s",
+		"other": "Naghihintay ng runner na may sumusunod na mga label: %s"
+	},
+	"teams.add_all_repos.modal.header": "Idagdag ang lahat ng mga repositoryo",
+	"teams.remove_all_repos.modal.header": "Tanggalin ang lahat ng mga repositoryo",
+	"issues.updated": "binago %s",
+	"search.fuzzy": "Humigit-kumulang",
+	"search.fuzzy_tooltip": "Ang mga resulta ay isang higit-kumukulang na tugma sa terminong hinahanap",
+	"moderation.report.mark_as_handled": "Markahan bilang ginawa",
+	"moderation.report.mark_as_ignored": "Markahan bilang hindi pinansin",
+	"moderation.action.account.delete": "Burahin ang account",
+	"moderation.action.account.suspend": "Isuspinde ang account",
+	"moderation.action.repo.delete": "Burahin ang repositoryo",
+	"moderation.action.issue.delete": "Burahin ang isyu",
+	"moderation.action.comment.delete": "Burahin ang komento",
+	"moderation.unknown_action": "Hindi alam na aksyon",
+	"moderation.users.cannot_suspend_self": "Hindi mo maaaring isuspinde ang sarili mo.",
+	"moderation.users.cannot_suspend_admins": "Hindi maaaring isuspinde ang mga user na may pribilehiyong tagapangasiwa.",
+	"moderation.users.cannot_suspend_org": "Hindi maaaring isuspinde ang mga organisasyon.",
+	"moderation.users.already_suspended": "Sinuspinde na ang user account.",
+	"moderation.users.suspend_success": "Nasuspinde na ang user account.",
+	"moderation.users.cannot_delete_admins": "Hindi maaaring burahin ang mga user na may pribilehiyong tagapangasiwa.",
+	"moderation.issue.deletion_success": "Binura na ang isyu.",
+	"moderation.comment.deletion_success": "Binura na ang komento.",
+	"actions.workflow.persistent_incomplete_matrix": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s dahil sa hindi wastong `needs` na ekspresyon. Maaari itong sumangguni sa isang trabaho na hindi nasa `needs` na listahan (%[2]s), o isang output na hindi umiiral sa isa sa mga trabaho na iyon.",
+	"actions.workflow.incomplete_matrix_missing_job": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: hindi nasa listahan ng `needs`ng trabahong %[1]s (%[3]s) ang trabahong %[2]s.",
+	"actions.workflow.incomplete_matrix_missing_output": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: walang output na %[3]s ang trabahong %[2]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: hindi alam na error.",
+	"actions.workflow.incomplete_runson_missing_job": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi nasa listahan ng `needs` ng trabahong %[1]s (%[3]s) ang trabahong %[2]s.",
+	"actions.workflow.incomplete_runson_missing_output": "Hindi masuri ang `runs-on` ng trabahong %[1]s: walang output na %[3]s ang trabahong %[2]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi umiiral ang matrix dimension na %[2]s.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi alam na error.",
+	"admin.auths.oauth2_quota_group_claim_name": "Claim name na nagbibigay ng mga pangalan ng grupo para sa pinagmulan na ito na gagamitin sa pamamahala ng quota. (Opsyonal)",
+	"admin.auths.oauth2_quota_group_map": "I-map ang mga claimed group sa mga quota group. (Opsyonal - kinakailangan ang claim name sa itaas)",
+	"admin.auths.oauth2_quota_group_map_removal": "Tanggalin ang mga user mula sa mga naka-sync na quota group kung hindi nabibilang sa katumbas na grupo ang user."
 }
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index 088617715d..da506fa36b 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -1,248 +1,248 @@
 {
-    "fork.n_forks": {
-        "one": "%s bifurcation",
-        "many": "%s bifurcations",
-        "other": ""
-    },
-    "stars.n_stars": {
-        "one": "%s étoiles",
-        "many": "%s étoiles",
-        "other": ""
-    },
-    "release.n_downloads": {
-        "one": "%s téléchargement",
-        "many": "%s téléchargements",
-        "other": ""
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "a fusionné %[1]d commit depuis <code>%[2]s</code> vers <code>%[3]s</code> %[4]s",
-        "many": "fusionné %[1]d de commits depuis <code>%[2]s</code> vers <code>%[3]s</code> %[4]s",
-        "other": "fusionné %[1]d commits depuis <code>%[2]s</code> vers <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "veut fusionner %[1]d commit depuis <code>%[2]s</code> vers <code id=\"%[4]s\">%[3]s</code>",
-        "many": "veut fusionner %[1]d commits depuis <code>%[2]s</code> vers <code id=\"%[4]s\">%[3]s</code>",
-        "other": ""
-    },
-    "search.milestone_kind": "Recherche dans les jalons…",
-    "discussion.locked": "Cette discussion a été bloqué. Les commentaires sont limités aux contributeurs.",
-    "relativetime.now": "maintenant",
-    "relativetime.future": "dans le future",
-    "relativetime.mins": {
-        "one": "il y a %d minute",
-        "many": "il y a %d minutes",
-        "other": "il y a %d minutes"
-    },
-    "relativetime.hours": {
-        "one": "il y a %d heure",
-        "many": "il y a %d heures",
-        "other": "il y a %d heures"
-    },
-    "relativetime.days": {
-        "one": "il y a %d jour",
-        "many": "il y a %d jours",
-        "other": "il y a %d jours"
-    },
-    "relativetime.months": {
-        "one": "il y a %d mois",
-        "many": "il y a %d mois",
-        "other": "il y a %d mois"
-    },
-    "relativetime.years": {
-        "one": "il y a %d an",
-        "many": "il y a %d ans",
-        "other": "il y a %d ans"
-    },
-    "relativetime.1day": "hier",
-    "relativetime.2days": "il y a 2 jours",
-    "relativetime.1week": "la semaine dernière",
-    "relativetime.2weeks": "il y a 2 semaines",
-    "relativetime.2months": "il y a 2 mois",
-    "relativetime.1year": "l'année dernière",
-    "relativetime.2years": "il y a 2 ans",
-    "themes.names.forgejo-light": "Forgejo clair",
-    "themes.names.forgejo-dark": "Forgejo sombre",
-    "themes.names.forgejo-auto": "Forgejo (suivre le thème du système)",
-    "alert.asset_load_failed": "Échec du chargement des fichiers d'asset de {path}. Faites en sorte que les fichiers d'asset puissent être accessibles.",
-    "install.invalid_lfs_path": "Impossible de créer le root LFS au chemin spécifié : %[1]s",
-    "alert.range_error": " doit être un nombre entre %[1]s et %[2]s.",
-    "home.welcome.no_activity": "Pas d'activité",
-    "home.welcome.activity_hint": "Il n'y a rien dans votre fil d'actualité. Vos actions et activités de vos dépôts que vous suivez s'afficheront ici.",
-    "home.explore_repos": "Explorer les dépôts",
-    "home.explore_users": "Explorer les utilisateurs",
-    "home.explore_orgs": "Explorer les organisations",
-    "relativetime.weeks": {
-        "one": "il y a %d semaine",
-        "many": "il y a %d semaines",
-        "other": "il y a %d semaines"
-    },
-    "error.not_found.title": "Page non trouvée",
-    "relativetime.1month": "le mois dernier",
-    "incorrect_root_url": "Cette instance Forgejo est configuré pour être servi sur \"%s\". Vous êtes actuellement en train de regarder Forgejo avec une URL différente, ce qui pourrait casser certaines parties de cette application. L'URL canonique est controllée par les administrateurs Forgejo grâce au paramètre ROOT_URL dans le app.ini.",
-    "meta.last_line": "Merci de traduire Forgejo ! Cette ligne n'est pas vue par les utilisateurs mais sert à d'autres fins dans la gestion de la traduction. Vous pouvez mettre une fun fact dans la traduction au lieu de la traduire. Miaou.",
-    "mail.actions.successful_run_after_failure": "Workflow %[1]s récupéré dans le dépôt %[2]s",
-    "mail.actions.successful_run_after_failure_subject": "Workflow %[1]s récupéré dans le dépôt %[2]s",
-    "mail.actions.not_successful_run_subject": "Workflow %[1]s a raté dans le dépôt %[2]s",
-    "mail.actions.not_successful_run": "Workflow %[1]s raté dans le dépôt %[2]s",
-    "mail.actions.run_info_cur_status": "Statut de cette exécution : %[1]s (vient de se mettre à jour de %[2]s)",
-    "mail.actions.run_info_previous_status": "Précédent statut de l'éxecution : %[1]s",
-    "moderation.reported_thank_you": "Merci pour votre signalement. L'administration a été mise au courant.",
-    "admin.config.moderation_config": "Configuration de la modération",
-    "moderation.report_content": "Signaler le contenu",
-    "moderation.report_abuse": "Signaler un abus",
-    "moderation.report_abuse_form.header": "Signaler un abus à l'administrateur",
-    "moderation.report_abuse_form.details": "Ce formulaire devrait être utilisé pour signaler des utilisateurs qui spam des comptes, des dépôts, des questions, des commentaires ou qui se comportent de façon inappropriée.",
-    "moderation.report_abuse_form.invalid": "Arguments invalides",
-    "moderation.report_abuse_form.already_reported": "Vous avez déjà signalisé ce contenu",
-    "moderation.abuse_category": "Catégorie",
-    "moderation.abuse_category.placeholder": "Sélectionnez une catégorie",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "logiciel malveillant",
-    "moderation.abuse_category.illegal_content": "Contenu illégal",
-    "moderation.abuse_category.other_violations": "Autres infractions des règles de la plateforme",
-    "moderation.report_remarks": "Remarques",
-    "moderation.report_remarks.placeholder": "Veuillez fournir quelques détails en rapport avec l'abus que vous signalez.",
-    "moderation.submit_report": "Soumettre le signalement",
-    "moderation.reporting_failed": "Impossible de soumettre le nouveau signalement : %v",
-    "followers.incoming.list.self.none": "Personne ne suit votre profile.",
-    "followers.incoming.list.none": "Personne ne suit cet utilisateur.",
-    "followers.outgoing.list.self.none": "Vous ne suivez personne.",
-    "followers.outgoing.list.none": "%s ne vous suit plus.",
-    "repo.issue_indexer.title": "Indexeur de problèmes",
-    "stars.list.none": "Personne n'a mis en favori ce dépôt.",
-    "watch.list.none": "Personne ne suit ce dépôt.",
-    "repo.form.cannot_create": "Tous les espaces où vous pouvez créer des dépôts a atteint la limite de dépôts.",
-    "admin.dashboard.cleanup_offline_runners": "Nettoyer les exécuteurs hors ligne",
-    "mail.actions.run_info_trigger": "Activé parce que : %[1]s par : %[2]s",
-    "settings.visibility.description": "La visibilité du profil affecte la capacité des autres à accéder à vos dépôts non-privés. <a href=\"%s\" target=\"_blank\">Voir plus</a>.",
-    "editor.textarea.shift_tab_hint": "Pas d'indentation sur cette ligne. Appuyez sur <kbd>Maj</kbd> + <kbd>Tab</kbd> une nouvelle fois ou sur <kbd>Échap</kbd> pour quitter l'éditeur.",
-    "avatar.constraints_hint": "L'avatar personnalisé ne doit pas dépasser une taille de %[1]s ou être plus grand que %[2]dx%[3]d pixels",
-    "editor.textarea.tab_hint": "Ligne déjà indentée. Appuyez sur <kbd>Tab</kbd> une nouvelle fois ou sur <kbd>Échap</kbd> pour quitter l'éditeur.",
-    "discussion.sidebar.reference": "Référence",
-    "repo.settings.push_mirror.branch_filter.label": "Filtre de branche (optionnel)",
-    "repo.diff.commit.next-short": "Suiv.",
-    "repo.diff.commit.previous-short": "Préc.",
-    "profile.actions.tooltip": "Plus d'actions",
-    "profile.edit.link": "Éditer le profil",
-    "keys.ssh.link": "Clé SSH",
-    "keys.gpg.link": "Clés GPG",
-    "compare.branches.title": "Comparer les branches",
-    "repo.settings.push_mirror.branch_filter.description": "Branches a répliquer. Laisser vide pour répliquer toutes les branches. Voir la documentation <a href=\"%[1]s\">%[2]</a> pour la syntaxe. Exemples : <code>main, release/*</code>",
-    "mail.actions.run_info_sha": "Commit: %[1]s",
-    "admin.moderation.deleted_content_ref": "Le signalement avec le type %[1]v et l'identifiant %[2]d n'existe plus",
-    "error.must_enable_2fa": "Cette instance Forgejo exige que les utilisateurs activent l'authentification à deux facteurs avant qu'ils puissent accéder a leurs comptes. Activez-la sur  : %s",
-    "admin.config.global_2fa_requirement.admin": "Administrateurs",
-    "admin.config.global_2fa_requirement.all": "Tous les utilisateurs",
-    "admin.config.global_2fa_requirement.none": "Non",
-    "admin.config.global_2fa_requirement.title": "Exigence globale de l'authentification à deux facteurs",
-    "admin.config.security": "Configuration de sécurité",
-    "settings.must_enable_2fa": "Cette instance Forgejo exige que les utilisateurs activent l'authentification à deux facteurs avant qu'ils puissent accéder a leurs comptes.",
-    "settings.twofa_unroll_unavailable": "L'authentification à deux facteurs est nécessaire pour votre compte et ne peut pas être désactivée.",
-    "migrate.github.description": "Migrer les données depuis github.com ou GitHub Enterprise Server.",
-    "migrate.git.description": "Migrer uniquement un dépôt depuis n’importe quel service Git.",
-    "migrate.gitea.description": "Migrer les données depuis gitea.com ou d’autres instances de Gitea.",
-    "migrate.gitlab.description": "Migrer les données depuis gitlab.com ou d’autres instances de GitLab.",
-    "migrate.gogs.description": "Migrer les données depuis notabug.org ou d’autres instances de Gogs.",
-    "migrate.onedev.description": "Migrer les données depuis code.onedev.io ou d’autre instance de OneDev.",
-    "migrate.gitbucket.description": "Migrer les données depuis des instances GitBucket.",
-    "migrate.codebase.description": "Migrer les données depuis codebasehq.com.",
-    "migrate.forgejo.description": "Migrer les données depuis codeberg.org ou une autre instance Forgejo.",
-    "admin.dashboard.remove_resolved_reports": "Supprimer les signalements résolus",
-    "admin.auths.allow_username_change": "Autoriser le changement de nom d'utilisateur",
-    "admin.auths.allow_username_change.description": "Autoriser les utilisateurs à changer leur nom d'utilisateur dans les paramètres du profil",
-    "feed.atom.link": "Flux Atom",
-    "admin.moderation.moderation_reports": "Signalements de modération",
-    "admin.moderation.reports": "Signalements",
-    "admin.moderation.no_open_reports": "Il n'y a actuellement aucun signalement ouvert.",
-    "warning.repository.out_of_sync": "La représentation en base de données de ce dépôt est désynchronisée. Si cet avertissement s'affiche toujours après avoir poussé un commit sur ce dépôt, veuillez contacter l'administrateur.",
-    "repo.pulls.already_merged": "Fusion échouée : Cette demande d'ajout a déjà été fusionnée.",
-    "migrate.form.error.url_credentials": "L'URL contient des identifiants, mettez-les dans les champs utilisateur et mot de passe respectivement",
-    "settings.twofa_reenroll": "Réenregistrer l'authentification à deux facteurs",
-    "settings.twofa_reenroll.description": "Réenregistrer votre authentification à deux facteurs",
-    "user.ghost.tooltip": "Cet utilisateur a été supprimé, ou ne peut pas être trouvé.",
-    "og.repo.summary_card.alt_description": "Fiche récapitulative du dépôt %[1]s, décrit comme : %[2]s",
-    "repo.commit.load_tags_failed": "Impossible de charger les étiquettes à cause d'une erreur interne",
-    "actions.runs.view_most_recent_run": "Voir l'exécution la plus récente",
-    "actions.runs.viewing_out_of_date_run": "Vous consultez une exécution obsolète de cette tâche qui a été lancée le %[1]s.",
-    "actions.runs.run_attempt_label": "Tentative d'exécution #%[1]s (%[2]s)",
-    "migrate.pagure.description": "Migrer les données depuis pagure.io ou d'autres instances Pagure.",
-    "migrate.pagure.incorrect_url": "L'URL du dépôt source fournie est incorrecte",
-    "migrate.pagure.project_url": "URL du projet Pagure",
-    "migrate.pagure.project_example": "L'URL du projet Pagure, ex. https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Jeton API Pagure",
-    "pulse.n_active_issues": {
-        "one": "%s ticket actif",
-        "many": "%s tickets actifs",
-        "other": ""
-    },
-    "pulse.n_active_prs": {
-        "one": "%s demande d'ajout active",
-        "many": "%s demandes d'ajout actives",
-        "other": ""
-    },
-    "repo.pulls.maintainers_can_edit": "Les mainteneurs peuvent modifier cette pull request.",
-    "repo.pulls.maintainers_cannot_edit": "Les mainteneurs ne peuvent pas éditer cette pull request.",
-    "mail.issue.action.close_by_commit": "%[1]s a fermé %[2]s dans le commit %[3]s.",
-    "migrate.pagure.private_issues.summary": "Tickets privés (Optionnel)",
-    "migrate.pagure.private_issues.description": "Cette fonctionnalité est conçue pour créer un deuxième dépôt contenant uniquement des tickets privés de votre projet Pagure à des fins d'archive. Premièrement, effectuer une migration normale (sans jeton) pour importer tout le contenu public. Ensuite, si vous avez des tickets privés à préserver, créez un dépôt séparé en utilisant cette option de jeton pour archiver ces tickets privés.",
-    "migrate.pagure.private_issues.warning": "Assurez-vous de définir la visibilité du dépôt ci-dessus à Privé si vous utilisez la clé API pour importer des tickets privés. Cela empêche d'exposer accidentellement du contenu privé dans un dépôt public.",
-    "migrate.pagure.token.placeholder": "Seulement pour créer des archives de tickets privés",
-    "actions.workflow.pre_execution_error": "Le workflow n'a pas été exécuté en raison d'une erreur qui a bloqué la tentative d'exécution.",
-    "watch.n_watchers": {
-        "one": "%s observateur",
-        "many": "%s observateurs",
-        "other": "%s observateurs"
-    },
-    "actions.workflow.event_detection_error": "Impossible d'analyser les évènements supportés dans le workflow : %v",
-    "teams.add_all_repos.modal.header": "Ajouter tous les dépôts",
-    "teams.remove_all_repos.modal.header": "Supprimer tous dépôts",
-    "repo.pulls.poster_manage_approval": "Gérer les approbations",
-    "repo.pulls.poster_is_trusted": "L'auteur de la pull request est <a href=\"%[1]s\">toujours approuvé à lancer le flux de travail.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "L'auteur de la pull request est explicitement autorisé à lancer le flux de travail déclenché par les événements `pull_request`.",
-    "repo.pulls.poster_trust_deny": "Refuser",
-    "repo.pulls.poster_trust_deny.tooltip": "Les flux de travail en attente d'approbation seront annulés.",
-    "repo.pulls.poster_trust_once": "Approuver une fois",
-    "repo.pulls.poster_trust_once.tooltip": "Les flux de travail déclenchés par un événement `pull_request` s'exécuteront sur ce commit mais devront être approuvés pour tous les futurs commits poussés vers cette pull request.",
-    "repo.pulls.poster_trust_always": "Toujours approuver",
-    "repo.pulls.poster_trust_always.tooltip": "Les flux de travail déclenchés par un événement `pull_request` s'exécuteront sur ce commit et il n'y aura pas besoin d'approuver les exécutions à partir de cette pull request ou de futures pull request créées par le même utilisateur.",
-    "repo.pulls.poster_trust_revoke": "Révoquer",
-    "repo.pulls.poster_trust_revoke.tooltip": "L'auteur de cette pull request ne sera plus autorisé pour exécuter les flux de travail déclenchés par un événement `pull_request`, chaque exécution devra être approuvée manuellement.",
-    "actions.workflow.job_parsing_error": "Impossible d'analyser le processus dans le flux de travail : %v",
-    "keys.verify.token.hint": "Le jeton est uniquement valide pour 1 minute. <a href=\"%[1]s\">Obtenez en un nouveau s'il a expiré</a>.",
-    "repo.issues.filter_poster.hint": "Filtrer par auteur",
-    "repo.issues.filter_assignee.hint": "Filtrer par utilisateur assigné",
-    "repo.issues.filter_reviewers.hint": "Filtrer par l'utilisateur qui a examiné",
-    "repo.issues.filter_mention.hint": "Filtrer par utilisateur mentionné",
-    "repo.issues.filter_modified.hint": "Filtrer par la dernière date modifiée",
-    "repo.issues.filter_sort.hint": "Trier par : date de création/commentaires/mise à jour/date limite",
-    "search.syntax": "Syntaxe de recherche",
-    "admin.dashboard.transfer_lingering_logs": "Transférer les journaux des actions terminées de la base de données au stockage",
-    "actions.status.diagnostics.waiting": {
-        "one": "Attente d'un exécuteur avec l'étiquette suivante : %s",
-        "many": "Attente d'un exécuteur avec les étiquettes suivantes : %s",
-        "other": ""
-    },
-    "moderation.report.mark_as_ignored": "Marquer comme ignoré",
-    "moderation.action.account.delete": "Supprimer le compte",
-    "moderation.action.account.suspend": "Suspendre le compte",
-    "moderation.action.repo.delete": "Supprimer le dépôt",
-    "moderation.action.issue.delete": "Supprimer le ticket",
-    "moderation.action.comment.delete": "Supprimer le commentaire",
-    "moderation.unknown_action": "Action inconnue",
-    "moderation.users.cannot_suspend_self": "Vous ne pouvez pas vous suspendre vous même.",
-    "moderation.users.cannot_suspend_admins": "Les utilisateurs avec les droits administrateur ne peuvent pas être suspendus.",
-    "moderation.users.cannot_suspend_org": "Les organisations ne peuvent pas être suspendues.",
-    "moderation.users.already_suspended": "Le compte est déjà suspendu.",
-    "moderation.users.suspend_success": "Le compte a été suspendu.",
-    "moderation.users.cannot_delete_admins": "Les utilisateurs avec les droits d'administration ne peuvent pas être supprimés.",
-    "moderation.issue.deletion_success": "Le ticket a été supprimé.",
-    "moderation.comment.deletion_success": "Le commentaire a été supprimé.",
-    "actions.workflow.incomplete_matrix_missing_job": "Impossible d'évaluer `strategy.matrix` de la tâche %[1]s : la tâche %[2]s n'est pas dans la liste `needs` de la tâche %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Impossible d'évaluer `strategy.matrix` de la tâche %[1]s : la tâche %[2]s n'a pas de sortie %[3]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "Impossible d'évaluer `strategy.matrix` de la tâche %[1]s : erreur inconnue.",
-    "actions.workflow.incomplete_runson_missing_job": "Impossible d'évaluer les `runs-on` de la tâche %[1]s : la tâche %[2]s n'est pas dans la liste des `needs` de la tâche %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Impossible d'évaluer les `runs-on` de la tâche %[1]s : la tâche %[2]s n'a pas de sortie %[3]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Impossible d'évaluer les `runs-on` de la tâche %[1]s : la dimension matricielle %[2]s n'existe pas.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Impossible d'évaluer `runs-on` de la tâche %[1]s : erreur inconnue.",
-    "admin.auths.oauth2_quota_group_map_removal": "Supprimer les utilisateurs des groupes de quotas synchronisés si l'utilisateur n'appartient pas au groupe correspondant."
+	"fork.n_forks": {
+		"one": "%s bifurcation",
+		"many": "%s bifurcations",
+		"other": ""
+	},
+	"stars.n_stars": {
+		"one": "%s étoiles",
+		"many": "%s étoiles",
+		"other": ""
+	},
+	"release.n_downloads": {
+		"one": "%s téléchargement",
+		"many": "%s téléchargements",
+		"other": ""
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "a fusionné %[1]d commit depuis <code>%[2]s</code> vers <code>%[3]s</code> %[4]s",
+		"many": "fusionné %[1]d de commits depuis <code>%[2]s</code> vers <code>%[3]s</code> %[4]s",
+		"other": "fusionné %[1]d commits depuis <code>%[2]s</code> vers <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "veut fusionner %[1]d commit depuis <code>%[2]s</code> vers <code id=\"%[4]s\">%[3]s</code>",
+		"many": "veut fusionner %[1]d commits depuis <code>%[2]s</code> vers <code id=\"%[4]s\">%[3]s</code>",
+		"other": ""
+	},
+	"search.milestone_kind": "Recherche dans les jalons…",
+	"discussion.locked": "Cette discussion a été bloqué. Les commentaires sont limités aux contributeurs.",
+	"relativetime.now": "maintenant",
+	"relativetime.future": "dans le future",
+	"relativetime.mins": {
+		"one": "il y a %d minute",
+		"many": "il y a %d minutes",
+		"other": "il y a %d minutes"
+	},
+	"relativetime.hours": {
+		"one": "il y a %d heure",
+		"many": "il y a %d heures",
+		"other": "il y a %d heures"
+	},
+	"relativetime.days": {
+		"one": "il y a %d jour",
+		"many": "il y a %d jours",
+		"other": "il y a %d jours"
+	},
+	"relativetime.months": {
+		"one": "il y a %d mois",
+		"many": "il y a %d mois",
+		"other": "il y a %d mois"
+	},
+	"relativetime.years": {
+		"one": "il y a %d an",
+		"many": "il y a %d ans",
+		"other": "il y a %d ans"
+	},
+	"relativetime.1day": "hier",
+	"relativetime.2days": "il y a 2 jours",
+	"relativetime.1week": "la semaine dernière",
+	"relativetime.2weeks": "il y a 2 semaines",
+	"relativetime.2months": "il y a 2 mois",
+	"relativetime.1year": "l'année dernière",
+	"relativetime.2years": "il y a 2 ans",
+	"themes.names.forgejo-light": "Forgejo clair",
+	"themes.names.forgejo-dark": "Forgejo sombre",
+	"themes.names.forgejo-auto": "Forgejo (suivre le thème du système)",
+	"alert.asset_load_failed": "Échec du chargement des fichiers d'asset de {path}. Faites en sorte que les fichiers d'asset puissent être accessibles.",
+	"install.invalid_lfs_path": "Impossible de créer le root LFS au chemin spécifié : %[1]s",
+	"alert.range_error": " doit être un nombre entre %[1]s et %[2]s.",
+	"home.welcome.no_activity": "Pas d'activité",
+	"home.welcome.activity_hint": "Il n'y a rien dans votre fil d'actualité. Vos actions et activités de vos dépôts que vous suivez s'afficheront ici.",
+	"home.explore_repos": "Explorer les dépôts",
+	"home.explore_users": "Explorer les utilisateurs",
+	"home.explore_orgs": "Explorer les organisations",
+	"relativetime.weeks": {
+		"one": "il y a %d semaine",
+		"many": "il y a %d semaines",
+		"other": "il y a %d semaines"
+	},
+	"error.not_found.title": "Page non trouvée",
+	"relativetime.1month": "le mois dernier",
+	"incorrect_root_url": "Cette instance Forgejo est configuré pour être servi sur \"%s\". Vous êtes actuellement en train de regarder Forgejo avec une URL différente, ce qui pourrait casser certaines parties de cette application. L'URL canonique est controllée par les administrateurs Forgejo grâce au paramètre ROOT_URL dans le app.ini.",
+	"meta.last_line": "Merci de traduire Forgejo ! Cette ligne n'est pas vue par les utilisateurs mais sert à d'autres fins dans la gestion de la traduction. Vous pouvez mettre une fun fact dans la traduction au lieu de la traduire. Miaou.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.successful_run_after_failure": "Workflow %[1]s récupéré dans le dépôt %[2]s",
+	"mail.actions.successful_run_after_failure_subject": "Workflow %[1]s récupéré dans le dépôt %[2]s",
+	"mail.actions.not_successful_run_subject": "Workflow %[1]s a raté dans le dépôt %[2]s",
+	"mail.actions.not_successful_run": "Workflow %[1]s raté dans le dépôt %[2]s",
+	"mail.actions.run_info_cur_status": "Statut de cette exécution : %[1]s (vient de se mettre à jour de %[2]s)",
+	"mail.actions.run_info_previous_status": "Précédent statut de l'éxecution : %[1]s",
+	"moderation.reported_thank_you": "Merci pour votre signalement. L'administration a été mise au courant.",
+	"admin.config.moderation_config": "Configuration de la modération",
+	"moderation.report_content": "Signaler le contenu",
+	"moderation.report_abuse": "Signaler un abus",
+	"moderation.report_abuse_form.header": "Signaler un abus à l'administrateur",
+	"moderation.report_abuse_form.details": "Ce formulaire devrait être utilisé pour signaler des utilisateurs qui spam des comptes, des dépôts, des questions, des commentaires ou qui se comportent de façon inappropriée.",
+	"moderation.report_abuse_form.invalid": "Arguments invalides",
+	"moderation.report_abuse_form.already_reported": "Vous avez déjà signalisé ce contenu",
+	"moderation.abuse_category": "Catégorie",
+	"moderation.abuse_category.placeholder": "Sélectionnez une catégorie",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "logiciel malveillant",
+	"moderation.abuse_category.illegal_content": "Contenu illégal",
+	"moderation.abuse_category.other_violations": "Autres infractions des règles de la plateforme",
+	"moderation.report_remarks": "Remarques",
+	"moderation.report_remarks.placeholder": "Veuillez fournir quelques détails en rapport avec l'abus que vous signalez.",
+	"moderation.submit_report": "Soumettre le signalement",
+	"moderation.reporting_failed": "Impossible de soumettre le nouveau signalement : %v",
+	"followers.incoming.list.self.none": "Personne ne suit votre profile.",
+	"followers.incoming.list.none": "Personne ne suit cet utilisateur.",
+	"followers.outgoing.list.self.none": "Vous ne suivez personne.",
+	"followers.outgoing.list.none": "%s ne vous suit plus.",
+	"repo.issue_indexer.title": "Indexeur de problèmes",
+	"stars.list.none": "Personne n'a mis en favori ce dépôt.",
+	"watch.list.none": "Personne ne suit ce dépôt.",
+	"repo.form.cannot_create": "Tous les espaces où vous pouvez créer des dépôts a atteint la limite de dépôts.",
+	"admin.dashboard.cleanup_offline_runners": "Nettoyer les exécuteurs hors ligne",
+	"mail.actions.run_info_trigger": "Activé parce que : %[1]s par : %[2]s",
+	"settings.visibility.description": "La visibilité du profil affecte la capacité des autres à accéder à vos dépôts non-privés. <a href=\"%s\" target=\"_blank\">Voir plus</a>.",
+	"editor.textarea.shift_tab_hint": "Pas d'indentation sur cette ligne. Appuyez sur <kbd>Maj</kbd> + <kbd>Tab</kbd> une nouvelle fois ou sur <kbd>Échap</kbd> pour quitter l'éditeur.",
+	"avatar.constraints_hint": "L'avatar personnalisé ne doit pas dépasser une taille de %[1]s ou être plus grand que %[2]dx%[3]d pixels",
+	"editor.textarea.tab_hint": "Ligne déjà indentée. Appuyez sur <kbd>Tab</kbd> une nouvelle fois ou sur <kbd>Échap</kbd> pour quitter l'éditeur.",
+	"discussion.sidebar.reference": "Référence",
+	"repo.settings.push_mirror.branch_filter.label": "Filtre de branche (optionnel)",
+	"repo.diff.commit.next-short": "Suiv.",
+	"repo.diff.commit.previous-short": "Préc.",
+	"profile.actions.tooltip": "Plus d'actions",
+	"profile.edit.link": "Éditer le profil",
+	"keys.ssh.link": "Clé SSH",
+	"keys.gpg.link": "Clés GPG",
+	"compare.branches.title": "Comparer les branches",
+	"repo.settings.push_mirror.branch_filter.description": "Branches a répliquer. Laisser vide pour répliquer toutes les branches. Voir la documentation <a href=\"%[1]s\">%[2]</a> pour la syntaxe. Exemples : <code>main, release/*</code>",
+	"mail.actions.run_info_sha": "Commit: %[1]s",
+	"admin.moderation.deleted_content_ref": "Le signalement avec le type %[1]v et l'identifiant %[2]d n'existe plus",
+	"error.must_enable_2fa": "Cette instance Forgejo exige que les utilisateurs activent l'authentification à deux facteurs avant qu'ils puissent accéder a leurs comptes. Activez-la sur  : %s",
+	"admin.config.global_2fa_requirement.admin": "Administrateurs",
+	"admin.config.global_2fa_requirement.all": "Tous les utilisateurs",
+	"admin.config.global_2fa_requirement.none": "Non",
+	"admin.config.global_2fa_requirement.title": "Exigence globale de l'authentification à deux facteurs",
+	"admin.config.security": "Configuration de sécurité",
+	"settings.must_enable_2fa": "Cette instance Forgejo exige que les utilisateurs activent l'authentification à deux facteurs avant qu'ils puissent accéder a leurs comptes.",
+	"settings.twofa_unroll_unavailable": "L'authentification à deux facteurs est nécessaire pour votre compte et ne peut pas être désactivée.",
+	"migrate.github.description": "Migrer les données depuis github.com ou GitHub Enterprise Server.",
+	"migrate.git.description": "Migrer uniquement un dépôt depuis n’importe quel service Git.",
+	"migrate.gitea.description": "Migrer les données depuis gitea.com ou d’autres instances de Gitea.",
+	"migrate.gitlab.description": "Migrer les données depuis gitlab.com ou d’autres instances de GitLab.",
+	"migrate.gogs.description": "Migrer les données depuis notabug.org ou d’autres instances de Gogs.",
+	"migrate.onedev.description": "Migrer les données depuis code.onedev.io ou d’autre instance de OneDev.",
+	"migrate.gitbucket.description": "Migrer les données depuis des instances GitBucket.",
+	"migrate.codebase.description": "Migrer les données depuis codebasehq.com.",
+	"migrate.forgejo.description": "Migrer les données depuis codeberg.org ou une autre instance Forgejo.",
+	"admin.dashboard.remove_resolved_reports": "Supprimer les signalements résolus",
+	"admin.auths.allow_username_change": "Autoriser le changement de nom d'utilisateur",
+	"admin.auths.allow_username_change.description": "Autoriser les utilisateurs à changer leur nom d'utilisateur dans les paramètres du profil",
+	"feed.atom.link": "Flux Atom",
+	"admin.moderation.moderation_reports": "Signalements de modération",
+	"admin.moderation.reports": "Signalements",
+	"admin.moderation.no_open_reports": "Il n'y a actuellement aucun signalement ouvert.",
+	"warning.repository.out_of_sync": "La représentation en base de données de ce dépôt est désynchronisée. Si cet avertissement s'affiche toujours après avoir poussé un commit sur ce dépôt, veuillez contacter l'administrateur.",
+	"repo.pulls.already_merged": "Fusion échouée : Cette demande d'ajout a déjà été fusionnée.",
+	"migrate.form.error.url_credentials": "L'URL contient des identifiants, mettez-les dans les champs utilisateur et mot de passe respectivement",
+	"settings.twofa_reenroll": "Réenregistrer l'authentification à deux facteurs",
+	"settings.twofa_reenroll.description": "Réenregistrer votre authentification à deux facteurs",
+	"user.ghost.tooltip": "Cet utilisateur a été supprimé, ou ne peut pas être trouvé.",
+	"og.repo.summary_card.alt_description": "Fiche récapitulative du dépôt %[1]s, décrit comme : %[2]s",
+	"repo.commit.load_tags_failed": "Impossible de charger les étiquettes à cause d'une erreur interne",
+	"actions.runs.view_most_recent_run": "Voir l'exécution la plus récente",
+	"actions.runs.viewing_out_of_date_run": "Vous consultez une exécution obsolète de cette tâche qui a été lancée le %[1]s.",
+	"actions.runs.run_attempt_label": "Tentative d'exécution #%[1]s (%[2]s)",
+	"migrate.pagure.description": "Migrer les données depuis pagure.io ou d'autres instances Pagure.",
+	"migrate.pagure.incorrect_url": "L'URL du dépôt source fournie est incorrecte",
+	"migrate.pagure.project_url": "URL du projet Pagure",
+	"migrate.pagure.project_example": "L'URL du projet Pagure, ex. https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Jeton API Pagure",
+	"pulse.n_active_issues": {
+		"one": "%s ticket actif",
+		"many": "%s tickets actifs",
+		"other": ""
+	},
+	"pulse.n_active_prs": {
+		"one": "%s demande d'ajout active",
+		"many": "%s demandes d'ajout actives",
+		"other": ""
+	},
+	"repo.pulls.maintainers_can_edit": "Les mainteneurs peuvent modifier cette pull request.",
+	"repo.pulls.maintainers_cannot_edit": "Les mainteneurs ne peuvent pas éditer cette pull request.",
+	"mail.issue.action.close_by_commit": "%[1]s a fermé %[2]s dans le commit %[3]s.",
+	"migrate.pagure.private_issues.summary": "Tickets privés (Optionnel)",
+	"migrate.pagure.private_issues.description": "Cette fonctionnalité est conçue pour créer un deuxième dépôt contenant uniquement des tickets privés de votre projet Pagure à des fins d'archive. Premièrement, effectuer une migration normale (sans jeton) pour importer tout le contenu public. Ensuite, si vous avez des tickets privés à préserver, créez un dépôt séparé en utilisant cette option de jeton pour archiver ces tickets privés.",
+	"migrate.pagure.private_issues.warning": "Assurez-vous de définir la visibilité du dépôt ci-dessus à Privé si vous utilisez la clé API pour importer des tickets privés. Cela empêche d'exposer accidentellement du contenu privé dans un dépôt public.",
+	"migrate.pagure.token.placeholder": "Seulement pour créer des archives de tickets privés",
+	"actions.workflow.pre_execution_error": "Le workflow n'a pas été exécuté en raison d'une erreur qui a bloqué la tentative d'exécution.",
+	"watch.n_watchers": {
+		"one": "%s observateur",
+		"many": "%s observateurs",
+		"other": "%s observateurs"
+	},
+	"actions.workflow.event_detection_error": "Impossible d'analyser les évènements supportés dans le workflow : %v",
+	"teams.add_all_repos.modal.header": "Ajouter tous les dépôts",
+	"teams.remove_all_repos.modal.header": "Supprimer tous dépôts",
+	"repo.pulls.poster_manage_approval": "Gérer les approbations",
+	"repo.pulls.poster_is_trusted": "L'auteur de la pull request est <a href=\"%[1]s\">toujours approuvé à lancer le flux de travail.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "L'auteur de la pull request est explicitement autorisé à lancer le flux de travail déclenché par les événements `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Refuser",
+	"repo.pulls.poster_trust_deny.tooltip": "Les flux de travail en attente d'approbation seront annulés.",
+	"repo.pulls.poster_trust_once": "Approuver une fois",
+	"repo.pulls.poster_trust_once.tooltip": "Les flux de travail déclenchés par un événement `pull_request` s'exécuteront sur ce commit mais devront être approuvés pour tous les futurs commits poussés vers cette pull request.",
+	"repo.pulls.poster_trust_always": "Toujours approuver",
+	"repo.pulls.poster_trust_always.tooltip": "Les flux de travail déclenchés par un événement `pull_request` s'exécuteront sur ce commit et il n'y aura pas besoin d'approuver les exécutions à partir de cette pull request ou de futures pull request créées par le même utilisateur.",
+	"repo.pulls.poster_trust_revoke": "Révoquer",
+	"repo.pulls.poster_trust_revoke.tooltip": "L'auteur de cette pull request ne sera plus autorisé pour exécuter les flux de travail déclenchés par un événement `pull_request`, chaque exécution devra être approuvée manuellement.",
+	"actions.workflow.job_parsing_error": "Impossible d'analyser le processus dans le flux de travail : %v",
+	"keys.verify.token.hint": "Le jeton est uniquement valide pour 1 minute. <a href=\"%[1]s\">Obtenez en un nouveau s'il a expiré</a>.",
+	"repo.issues.filter_poster.hint": "Filtrer par auteur",
+	"repo.issues.filter_assignee.hint": "Filtrer par utilisateur assigné",
+	"repo.issues.filter_reviewers.hint": "Filtrer par l'utilisateur qui a examiné",
+	"repo.issues.filter_mention.hint": "Filtrer par utilisateur mentionné",
+	"repo.issues.filter_modified.hint": "Filtrer par la dernière date modifiée",
+	"repo.issues.filter_sort.hint": "Trier par : date de création/commentaires/mise à jour/date limite",
+	"search.syntax": "Syntaxe de recherche",
+	"admin.dashboard.transfer_lingering_logs": "Transférer les journaux des actions terminées de la base de données au stockage",
+	"actions.status.diagnostics.waiting": {
+		"one": "Attente d'un exécuteur avec l'étiquette suivante : %s",
+		"many": "Attente d'un exécuteur avec les étiquettes suivantes : %s",
+		"other": ""
+	},
+	"moderation.report.mark_as_ignored": "Marquer comme ignoré",
+	"moderation.action.account.delete": "Supprimer le compte",
+	"moderation.action.account.suspend": "Suspendre le compte",
+	"moderation.action.repo.delete": "Supprimer le dépôt",
+	"moderation.action.issue.delete": "Supprimer le ticket",
+	"moderation.action.comment.delete": "Supprimer le commentaire",
+	"moderation.unknown_action": "Action inconnue",
+	"moderation.users.cannot_suspend_self": "Vous ne pouvez pas vous suspendre vous même.",
+	"moderation.users.cannot_suspend_admins": "Les utilisateurs avec les droits administrateur ne peuvent pas être suspendus.",
+	"moderation.users.cannot_suspend_org": "Les organisations ne peuvent pas être suspendues.",
+	"moderation.users.already_suspended": "Le compte est déjà suspendu.",
+	"moderation.users.suspend_success": "Le compte a été suspendu.",
+	"moderation.users.cannot_delete_admins": "Les utilisateurs avec les droits d'administration ne peuvent pas être supprimés.",
+	"moderation.issue.deletion_success": "Le ticket a été supprimé.",
+	"moderation.comment.deletion_success": "Le commentaire a été supprimé.",
+	"actions.workflow.incomplete_matrix_missing_job": "Impossible d'évaluer `strategy.matrix` de la tâche %[1]s : la tâche %[2]s n'est pas dans la liste `needs` de la tâche %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Impossible d'évaluer `strategy.matrix` de la tâche %[1]s : la tâche %[2]s n'a pas de sortie %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Impossible d'évaluer `strategy.matrix` de la tâche %[1]s : erreur inconnue.",
+	"actions.workflow.incomplete_runson_missing_job": "Impossible d'évaluer les `runs-on` de la tâche %[1]s : la tâche %[2]s n'est pas dans la liste des `needs` de la tâche %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Impossible d'évaluer les `runs-on` de la tâche %[1]s : la tâche %[2]s n'a pas de sortie %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Impossible d'évaluer les `runs-on` de la tâche %[1]s : la dimension matricielle %[2]s n'existe pas.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Impossible d'évaluer `runs-on` de la tâche %[1]s : erreur inconnue.",
+	"admin.auths.oauth2_quota_group_map_removal": "Supprimer les utilisateurs des groupes de quotas synchronisés si l'utilisateur n'appartient pas au groupe correspondant."
 }
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index 0734ca8447..771ce0d70c 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -1,17 +1,24 @@
 {
-    "migrate.git.description": "Aistrigh stór amháin ó aon seirbhís Git.",
-    "migrate.gitea.description": "Aistrigh sonraí ó gitea.com nó ó chásanna Gitea eile.",
-    "migrate.gitlab.description": "Aistrigh sonraí ó gitlab.com nó ó chásanna GitLab eile.",
-    "migrate.gogs.description": "Aistrigh sonraí ó notabug.org nó ó chásanna eile de chuid Gogs.",
-    "migrate.onedev.description": "Aistrigh sonraí ó code.onedev.io nó ó chásanna OneDev eile.",
-    "migrate.gitbucket.description": "Aistrigh sonraí ó chásanna GitBucket.",
-    "migrate.codebase.description": "Aistrigh sonraí ó codebasehq.com.",
-    "pulse.n_active_issues": {
-        "one": "%s Eagrán Gníomhach",
-        "other": "%s Ceisteanna Gníomhacha"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s Iarratas Tarraingthe Gníomhach",
-        "other": "%s Iarratais Tharraing Ghníomhach"
-    }
+	"migrate.git.description": "Aistrigh stór amháin ó aon seirbhís Git.",
+	"migrate.gitea.description": "Aistrigh sonraí ó gitea.com nó ó chásanna Gitea eile.",
+	"migrate.gitlab.description": "Aistrigh sonraí ó gitlab.com nó ó chásanna GitLab eile.",
+	"migrate.gogs.description": "Aistrigh sonraí ó notabug.org nó ó chásanna eile de chuid Gogs.",
+	"migrate.onedev.description": "Aistrigh sonraí ó code.onedev.io nó ó chásanna OneDev eile.",
+	"migrate.gitbucket.description": "Aistrigh sonraí ó chásanna GitBucket.",
+	"migrate.codebase.description": "Aistrigh sonraí ó codebasehq.com.",
+	"pulse.n_active_issues": {
+		"one": "%s Eagrán Gníomhach",
+		"two": "%s Ceisteanna Gníomhacha",
+		"few": "",
+		"many": "",
+		"other": ""
+	},
+	"pulse.n_active_prs": {
+		"one": "%s Iarratas Tarraingthe Gníomhach",
+		"two": "%s Iarratais Tharraing Ghníomhach",
+		"few": "",
+		"many": "",
+		"other": ""
+	},
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_gl.json b/options/locale_next/locale_gl.json
index e83a2ecbd9..dc7f49a511 100644
--- a/options/locale_next/locale_gl.json
+++ b/options/locale_next/locale_gl.json
@@ -1,39 +1,40 @@
 {
-    "relativetime.now": "agora",
-    "relativetime.future": "máis adiante",
-    "repo.form.cannot_create": "Todos os espazos onde podes crear repositorios chegaron ao límite de repositorios creados.",
-    "followers.outgoing.list.self.none": "Non esas seguindo a ninguén.",
-    "followers.outgoing.list.none": "%s non está seguindo a ninguén.",
-    "relativetime.1day": "onte",
-    "relativetime.2days": "hai dous días",
-    "relativetime.1week": "a semana pasada",
-    "relativetime.2weeks": "hai dúas semanas",
-    "relativetime.1month": "hai un mes",
-    "relativetime.2months": "hai dous meses",
-    "relativetime.1year": "hai un ano",
-    "relativetime.2years": "hai dous anos",
-    "relativetime.mins": {
-        "one": "hai %d minuto",
-        "other": "hai %d minutos"
-    },
-    "relativetime.hours": {
-        "one": "hai %d hora",
-        "other": "hai %d horas"
-    },
-    "relativetime.days": {
-        "one": "hai %d día",
-        "other": "hai %d días"
-    },
-    "relativetime.weeks": {
-        "one": "hai %d semana",
-        "other": "hai %d semanas"
-    },
-    "relativetime.months": {
-        "one": "hai %d mes",
-        "other": "hai %d meses"
-    },
-    "relativetime.years": {
-        "one": "hai %d ano",
-        "other": "hai %d anos"
-    }
+	"relativetime.now": "agora",
+	"relativetime.future": "máis adiante",
+	"repo.form.cannot_create": "Todos os espazos onde podes crear repositorios chegaron ao límite de repositorios creados.",
+	"followers.outgoing.list.self.none": "Non esas seguindo a ninguén.",
+	"followers.outgoing.list.none": "%s non está seguindo a ninguén.",
+	"relativetime.1day": "onte",
+	"relativetime.2days": "hai dous días",
+	"relativetime.1week": "a semana pasada",
+	"relativetime.2weeks": "hai dúas semanas",
+	"relativetime.1month": "hai un mes",
+	"relativetime.2months": "hai dous meses",
+	"relativetime.1year": "hai un ano",
+	"relativetime.2years": "hai dous anos",
+	"relativetime.mins": {
+		"one": "hai %d minuto",
+		"other": "hai %d minutos"
+	},
+	"relativetime.hours": {
+		"one": "hai %d hora",
+		"other": "hai %d horas"
+	},
+	"relativetime.days": {
+		"one": "hai %d día",
+		"other": "hai %d días"
+	},
+	"relativetime.weeks": {
+		"one": "hai %d semana",
+		"other": "hai %d semanas"
+	},
+	"relativetime.months": {
+		"one": "hai %d mes",
+		"other": "hai %d meses"
+	},
+	"relativetime.years": {
+		"one": "hai %d ano",
+		"other": "hai %d anos"
+	},
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_he.json b/options/locale_next/locale_he.json
index 4c5871df1a..465037bd79 100644
--- a/options/locale_next/locale_he.json
+++ b/options/locale_next/locale_he.json
@@ -1,109 +1,110 @@
 {
-    "fork.n_forks": {
-        "one": "מזלוג אחד",
-        "two": "%s מזלוגים",
-        "other": ""
-    },
-    "stars.n_stars": {
-        "one": "כוכב אחד",
-        "two": "%s כוכבים",
-        "other": ""
-    },
-    "migrate.github.description": "ייבוא מידע מ־github.com או שרת GitHub Enteprise.",
-    "migrate.git.description": "ייבוא קרפיף מכל שירות גיט שהוא.",
-    "migrate.gitea.description": "ייבוא מידע מ־gitea.com או שרת גיטאה אחר.",
-    "migrate.gitlab.description": "ייבוא מידע מ־gitlab.com או משרתי GitLab אחרים.",
-    "migrate.gogs.description": "ייבוא מידע מ־notabug.org או שרת גוגס אחר.",
-    "migrate.onedev.description": "ייבוא מידע מ־code.onedev.io או שרת OneDev אחר.",
-    "migrate.gitbucket.description": "יבוא מידע משרת GitBucket.",
-    "migrate.codebase.description": "ייבוא מידע מ־codebasehq.com.",
-    "migrate.forgejo.description": "ייבוא מידע מקודברג או שרת פורג'ו אחר.",
-    "home.welcome.no_activity": "אין פעילות",
-    "home.explore_users": "גלה משתמשים",
-    "home.explore_orgs": "גלה ארגונים",
-    "followers.incoming.list.self.none": "אף אחד לא עוקב אחרי הפרופיל שלך.",
-    "followers.incoming.list.none": "אף אחד לא עוקב אחרי המשתמש הזה.",
-    "followers.outgoing.list.self.none": "אתה לא עוקב אחרי אף אחד.",
-    "followers.outgoing.list.none": "%s לא עוקב אחרי אף אחד.",
-    "relativetime.now": "עכשיו",
-    "relativetime.future": "בעתיד",
-    "relativetime.mins": {
-        "one": "לפי דקה אחת",
-        "two": "",
-        "other": "לפני %d דקות"
-    },
-    "relativetime.hours": {
-        "one": "לפני שעה אחת",
-        "two": "",
-        "other": "לפני %d שעות"
-    },
-    "relativetime.days": {
-        "one": "לפני יום אחד",
-        "two": "",
-        "other": "לפני %d ימים"
-    },
-    "relativetime.weeks": {
-        "one": "לפני שבוע אחד",
-        "two": "",
-        "other": "לפני %d שבועות"
-    },
-    "relativetime.months": {
-        "one": "לפני חודש אחד",
-        "two": "",
-        "other": "לפני %d חודשים"
-    },
-    "relativetime.years": {
-        "one": "לפני שנה אחת",
-        "two": "",
-        "other": "לפני %d שנים"
-    },
-    "relativetime.1day": "אתמול",
-    "relativetime.2days": "לפני יומיים",
-    "relativetime.1week": "בשבוע שעבר",
-    "relativetime.2weeks": "לפני שבועיים",
-    "relativetime.1month": "בחודש שעבר",
-    "relativetime.2months": "לפני חודשיים",
-    "relativetime.1year": "בשנה שעברה",
-    "relativetime.2years": "לפני שנתיים",
-    "repo.issues.filter_poster.hint": "סנן לפי המחבר",
-    "repo.issues.filter_assignee.hint": "סנן לפי המשתמש האחראי",
-    "repo.issues.filter_reviewers.hint": "סנן לפי המשתמש שערך ביקורת",
-    "repo.issues.filter_mention.hint": "סנן לפי המשתמש שהוזכר",
-    "repo.issues.filter_modified.hint": "סנן לפי תאריך שינוי אחרון",
-    "admin.moderation.reports": "דוחות",
-    "admin.moderation.no_open_reports": "כרגע אין דיווחים פתוחים.",
-    "moderation.report.mark_as_handled": "סמן כטופל",
-    "moderation.report.mark_as_ignored": "סמן כהוזמנח",
-    "moderation.action.account.delete": "מחק חשבון",
-    "moderation.action.account.suspend": "השעה חשבון",
-    "moderation.action.repo.delete": "מחק ריפו",
-    "moderation.action.issue.delete": "מחק סוגייה",
-    "moderation.action.comment.delete": "מחק תגובה",
-    "moderation.unknown_action": "פעולה לא ידועה",
-    "moderation.users.cannot_suspend_self": "אתה לא יכול להשעות את עצמך.",
-    "moderation.users.cannot_suspend_org": "ארגונים לא יכולים להיות מושעים.",
-    "moderation.users.already_suspended": "חשבון משתמש כבר מושעה.",
-    "moderation.users.suspend_success": "חשבון המשתמש הושעה.",
-    "moderation.issue.deletion_success": "הסוגייה נמחקה.",
-    "moderation.comment.deletion_success": "התגובה נמחקה.",
-    "moderation.report_abuse": "דיווח על התעללות",
-    "moderation.report_content": "תוכן הדיווח",
-    "moderation.report_abuse_form.header": "דיווח על התעללות למנהל",
-    "moderation.report_abuse_form.already_reported": "כבר דיווחת על התוכן הזה",
-    "moderation.abuse_category": "קטגוריה",
-    "moderation.abuse_category.placeholder": "בחר קטגוריה",
-    "moderation.abuse_category.spam": "ספאם",
-    "moderation.abuse_category.malware": "תוכנה זדונית",
-    "moderation.abuse_category.illegal_content": "תוכן בלתי חוקי",
-    "moderation.abuse_category.other_violations": "הפרות אחרות של כללי פלטפורמה",
-    "moderation.report_remarks": "הערות",
-    "moderation.report_remarks.placeholder": "אנא ספק פרטים בנוגע לניצול לרעה שאתה מדווח עליו.",
-    "moderation.submit_report": "הגש דיווח",
-    "moderation.reporting_failed": "דיווח התעללות נכשל: %v",
-    "moderation.reported_thank_you": "תודה על הדיווח שלך. ההנהלה עודכנה על כך.",
-    "mail.actions.run_info_sha": "קומיט: %[1]s",
-    "repo.diff.commit.next-short": "הבא",
-    "repo.diff.commit.previous-short": "הקודם",
-    "discussion.locked": "הדיון ננעל. היכולת להגיב מוגבלת לתורמים בלבד.",
-    "discussion.sidebar.reference": "מקור"
+	"fork.n_forks": {
+		"one": "מזלוג אחד",
+		"two": "%s מזלוגים",
+		"other": ""
+	},
+	"stars.n_stars": {
+		"one": "כוכב אחד",
+		"two": "%s כוכבים",
+		"other": ""
+	},
+	"migrate.github.description": "ייבוא מידע מ־github.com או שרת GitHub Enteprise.",
+	"migrate.git.description": "ייבוא קרפיף מכל שירות גיט שהוא.",
+	"migrate.gitea.description": "ייבוא מידע מ־gitea.com או שרת גיטאה אחר.",
+	"migrate.gitlab.description": "ייבוא מידע מ־gitlab.com או משרתי GitLab אחרים.",
+	"migrate.gogs.description": "ייבוא מידע מ־notabug.org או שרת גוגס אחר.",
+	"migrate.onedev.description": "ייבוא מידע מ־code.onedev.io או שרת OneDev אחר.",
+	"migrate.gitbucket.description": "יבוא מידע משרת GitBucket.",
+	"migrate.codebase.description": "ייבוא מידע מ־codebasehq.com.",
+	"migrate.forgejo.description": "ייבוא מידע מקודברג או שרת פורג'ו אחר.",
+	"home.welcome.no_activity": "אין פעילות",
+	"home.explore_users": "גלה משתמשים",
+	"home.explore_orgs": "גלה ארגונים",
+	"followers.incoming.list.self.none": "אף אחד לא עוקב אחרי הפרופיל שלך.",
+	"followers.incoming.list.none": "אף אחד לא עוקב אחרי המשתמש הזה.",
+	"followers.outgoing.list.self.none": "אתה לא עוקב אחרי אף אחד.",
+	"followers.outgoing.list.none": "%s לא עוקב אחרי אף אחד.",
+	"relativetime.now": "עכשיו",
+	"relativetime.future": "בעתיד",
+	"relativetime.mins": {
+		"one": "לפי דקה אחת",
+		"two": "",
+		"other": "לפני %d דקות"
+	},
+	"relativetime.hours": {
+		"one": "לפני שעה אחת",
+		"two": "",
+		"other": "לפני %d שעות"
+	},
+	"relativetime.days": {
+		"one": "לפני יום אחד",
+		"two": "",
+		"other": "לפני %d ימים"
+	},
+	"relativetime.weeks": {
+		"one": "לפני שבוע אחד",
+		"two": "",
+		"other": "לפני %d שבועות"
+	},
+	"relativetime.months": {
+		"one": "לפני חודש אחד",
+		"two": "",
+		"other": "לפני %d חודשים"
+	},
+	"relativetime.years": {
+		"one": "לפני שנה אחת",
+		"two": "",
+		"other": "לפני %d שנים"
+	},
+	"relativetime.1day": "אתמול",
+	"relativetime.2days": "לפני יומיים",
+	"relativetime.1week": "בשבוע שעבר",
+	"relativetime.2weeks": "לפני שבועיים",
+	"relativetime.1month": "בחודש שעבר",
+	"relativetime.2months": "לפני חודשיים",
+	"relativetime.1year": "בשנה שעברה",
+	"relativetime.2years": "לפני שנתיים",
+	"repo.issues.filter_poster.hint": "סנן לפי המחבר",
+	"repo.issues.filter_assignee.hint": "סנן לפי המשתמש האחראי",
+	"repo.issues.filter_reviewers.hint": "סנן לפי המשתמש שערך ביקורת",
+	"repo.issues.filter_mention.hint": "סנן לפי המשתמש שהוזכר",
+	"repo.issues.filter_modified.hint": "סנן לפי תאריך שינוי אחרון",
+	"admin.moderation.reports": "דוחות",
+	"admin.moderation.no_open_reports": "כרגע אין דיווחים פתוחים.",
+	"moderation.report.mark_as_handled": "סמן כטופל",
+	"moderation.report.mark_as_ignored": "סמן כהוזמנח",
+	"moderation.action.account.delete": "מחק חשבון",
+	"moderation.action.account.suspend": "השעה חשבון",
+	"moderation.action.repo.delete": "מחק ריפו",
+	"moderation.action.issue.delete": "מחק סוגייה",
+	"moderation.action.comment.delete": "מחק תגובה",
+	"moderation.unknown_action": "פעולה לא ידועה",
+	"moderation.users.cannot_suspend_self": "אתה לא יכול להשעות את עצמך.",
+	"moderation.users.cannot_suspend_org": "ארגונים לא יכולים להיות מושעים.",
+	"moderation.users.already_suspended": "חשבון משתמש כבר מושעה.",
+	"moderation.users.suspend_success": "חשבון המשתמש הושעה.",
+	"moderation.issue.deletion_success": "הסוגייה נמחקה.",
+	"moderation.comment.deletion_success": "התגובה נמחקה.",
+	"moderation.report_abuse": "דיווח על התעללות",
+	"moderation.report_content": "תוכן הדיווח",
+	"moderation.report_abuse_form.header": "דיווח על התעללות למנהל",
+	"moderation.report_abuse_form.already_reported": "כבר דיווחת על התוכן הזה",
+	"moderation.abuse_category": "קטגוריה",
+	"moderation.abuse_category.placeholder": "בחר קטגוריה",
+	"moderation.abuse_category.spam": "ספאם",
+	"moderation.abuse_category.malware": "תוכנה זדונית",
+	"moderation.abuse_category.illegal_content": "תוכן בלתי חוקי",
+	"moderation.abuse_category.other_violations": "הפרות אחרות של כללי פלטפורמה",
+	"moderation.report_remarks": "הערות",
+	"moderation.report_remarks.placeholder": "אנא ספק פרטים בנוגע לניצול לרעה שאתה מדווח עליו.",
+	"moderation.submit_report": "הגש דיווח",
+	"moderation.reporting_failed": "דיווח התעללות נכשל: %v",
+	"moderation.reported_thank_you": "תודה על הדיווח שלך. ההנהלה עודכנה על כך.",
+	"mail.actions.run_info_sha": "קומיט: %[1]s",
+	"repo.diff.commit.next-short": "הבא",
+	"repo.diff.commit.previous-short": "הקודם",
+	"discussion.locked": "הדיון ננעל. היכולת להגיב מוגבלת לתורמים בלבד.",
+	"discussion.sidebar.reference": "מקור",
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_hi.json b/options/locale_next/locale_hi.json
index d583baad7f..1358151b37 100644
--- a/options/locale_next/locale_hi.json
+++ b/options/locale_next/locale_hi.json
@@ -1,89 +1,89 @@
 {
-    "fork.n_forks": {
-        "one": "%s फोर्क",
-        "other": "%s फोर्कस"
-    },
-    "stars.n_stars": {
-        "one": "%s सितारा",
-        "other": "%s सितारे"
-    },
-    "relativetime.2days": "दो दिन पहले",
-    "relativetime.1day": "कल",
-    "repo.form.cannot_create": "वो जगह जहाँ पे रिपॉजिटरी रखीं जातीं हैं वहां जगह ख़त्म",
-    "moderation.abuse_category.other_violations": "प्लेटफार्म का कोई रूल तोडा हैं",
-    "moderation.report_remarks": "टिप्पणी",
-    "repo.issue_indexer.title": "इशू ठौर",
-    "themes.names.forgejo-auto": "फॉरगेजो - सिस्टम थीम फॉलो करें",
-    "themes.names.forgejo-light": "फॉरगेजो लाइट",
-    "error.not_found.title": "पृष्ठ नहीं मिला",
-    "incorrect_root_url": "इस फॉरगेजो इंस्टैंस को %d सर्वर पे कॉन्फ़िगर किया गया है। आप फॉरगेजो को किसी अन्य url से देख रहे हैं, जिससे एप्लीकेशन टूटती है। अच्छा यूआरएल फॉरगेजो के एडमिन कण्ट्रोल करते हैं और रुट_यूआरएल जो की app. ini में है",
-    "themes.names.forgejo-dark": "फॉरगेजो डार्क",
-    "stars.list.none": "किसी ने भी चिन्हित/स्टार नहीं किया",
-    "watch.list.none": "कोई भी ये रिपॉजिटरी नहीं देख रहा",
-    "followers.incoming.list.self.none": "कोई भी प्रोफाइल फॉलो नहीं कर रहा",
-    "followers.incoming.list.none": "कोई भी यूजर को फॉलो नहीं कर रहा",
-    "followers.outgoing.list.self.none": "आप किसी को फॉलो ही नहीं कर रहे",
-    "followers.outgoing.list.none": "%s किसी को फॉलो नहीं कर रहे",
-    "relativetime.1week": "पिछले हफ्ते",
-    "relativetime.2weeks": "दो हफ्ते पहले",
-    "relativetime.1month": "पिछले महीने",
-    "relativetime.2months": "दो महीने पहले",
-    "relativetime.1year": "पिछले साल",
-    "relativetime.2years": "दो साल पहले",
-    "alert.asset_load_failed": "एसेट फाइल लोड नहीं हो पायी (path) ये पक्का करें की एसेट फाइल एक्सेस हो सकती है",
-    "alert.range_error": " एक अंक %d और %d के बीच में",
-    "search.milestone_kind": "माइलस्टोन ढूंढें…",
-    "home.welcome.no_activity": "गतिविधि नहीं",
-    "home.explore_repos": "रिपॉजिटरी निहारें",
-    "home.explore_users": "उसेर्स देखें",
-    "home.explore_orgs": "संस्थाएं देखें",
-    "relativetime.days": {
-        "one": "%d दिन पहले",
-        "other": "%d दिनों पहले"
-    },
-    "repo.settings.push_mirror.branch_filter.label": "शाखा फ़िल्टर",
-    "repo.settings.push_mirror.branch_filter.description": "शाखा मिरर होनीं हैं। खली छोड़ने पर सब मिरर होंगी।",
-    "install.invalid_lfs_path": "LFS रुट नहीं बना पाया इस path पर",
-    "relativetime.years": {
-        "one": "%d साल पहले",
-        "other": "%d सालों पहले"
-    },
-    "relativetime.weeks": {
-        "one": "%d हफ्ते पहले",
-        "other": "%d हफ़्तों पहले"
-    },
-    "relativetime.months": {
-        "one": "%d महीने पहले",
-        "other": "%d महीनों पहले"
-    },
-    "meta.last_line": "तीतर के दो पीछे तीतर तीतर के दो आगे तीतर बोलो कितने तीतर ?",
-    "relativetime.now": "अभी",
-    "avatar.constraints_hint": "कस्टम अवतार का फ़ाइल आकार 200 किलोबाइट से अधिक नहीं होना चाहिए और 125x125 पिक्सेल से बड़ा नहीं होना चाहिए",
-    "home.welcome.activity_hint": "आपकी फीड में अभी कुछ भी नहीं है। आपके कार्य और रिपॉजिटरी यहाँ दिखेंगे।",
-    "relativetime.future": "भविष्य में",
-    "moderation.report_abuse_form.details": "इस फॉर्म का प्रयोग वो करें जो बताना चाहते हैं स्पैम प्रोफाइल, रिपॉजिटरी, इशू, कमैंट्स या गलत पेशी",
-    "moderation.report_abuse_form.invalid": "इनवैलिड आर्गुमेंट",
-    "moderation.report_abuse_form.already_reported": "आप पहले शिकायत कर चुके हैं",
-    "moderation.abuse_category": "वर्ग",
-    "moderation.abuse_category.placeholder": "वर्ग चुनें",
-    "moderation.abuse_category.spam": "स्पैम",
-    "moderation.abuse_category.malware": "मैलवेयर",
-    "moderation.abuse_category.illegal_content": "गैर कानूनी कंटेंट",
-    "relativetime.mins": {
-        "one": "%d मिनट पहले",
-        "other": ""
-    },
-    "profile.actions.tooltip": "और एक्शन्स",
-    "profile.edit.link": "प्रोफाइल बनाएं",
-    "feed.atom.link": "एटम फीड",
-    "keys.ssh.link": "SSH कीस",
-    "keys.gpg.link": "GPG कीस",
-    "admin.config.moderation_config": "सत्यापन कॉन्फ़िगरेशन",
-    "moderation.report_abuse": "कंप्लेंट करें",
-    "moderation.report_content": "कंप्लेंट करें",
-    "moderation.report_abuse_form.header": "कंप्लेंट करें एडमिनिस्ट्रेटर से",
-    "moderation.report_remarks.placeholder": "कुछ डिटेल्स बताओ जिस बारे में रिपोर्ट कर रहे हो",
-    "moderation.submit_report": "रिपोर्ट सबमिट करो",
-    "moderation.reporting_failed": "नयी रिपोर्ट सबमिट नहीं हो सकती",
-    "moderation.reported_thank_you": "रिपोर्ट के लिए शुक्रिया। एडमिन को बताया गया है"
+	"fork.n_forks": {
+		"one": "%s फोर्क",
+		"other": "%s फोर्कस"
+	},
+	"stars.n_stars": {
+		"one": "%s सितारा",
+		"other": "%s सितारे"
+	},
+	"relativetime.2days": "दो दिन पहले",
+	"relativetime.1day": "कल",
+	"repo.form.cannot_create": "वो जगह जहाँ पे रिपॉजिटरी रखीं जातीं हैं वहां जगह ख़त्म",
+	"moderation.abuse_category.other_violations": "प्लेटफार्म का कोई रूल तोडा हैं",
+	"moderation.report_remarks": "टिप्पणी",
+	"repo.issue_indexer.title": "इशू ठौर",
+	"themes.names.forgejo-auto": "फॉरगेजो - सिस्टम थीम फॉलो करें",
+	"themes.names.forgejo-light": "फॉरगेजो लाइट",
+	"error.not_found.title": "पृष्ठ नहीं मिला",
+	"incorrect_root_url": "इस फॉरगेजो इंस्टैंस को %d सर्वर पे कॉन्फ़िगर किया गया है। आप फॉरगेजो को किसी अन्य url से देख रहे हैं, जिससे एप्लीकेशन टूटती है। अच्छा यूआरएल फॉरगेजो के एडमिन कण्ट्रोल करते हैं और रुट_यूआरएल जो की app. ini में है",
+	"themes.names.forgejo-dark": "फॉरगेजो डार्क",
+	"stars.list.none": "किसी ने भी चिन्हित/स्टार नहीं किया",
+	"watch.list.none": "कोई भी ये रिपॉजिटरी नहीं देख रहा",
+	"followers.incoming.list.self.none": "कोई भी प्रोफाइल फॉलो नहीं कर रहा",
+	"followers.incoming.list.none": "कोई भी यूजर को फॉलो नहीं कर रहा",
+	"followers.outgoing.list.self.none": "आप किसी को फॉलो ही नहीं कर रहे",
+	"followers.outgoing.list.none": "%s किसी को फॉलो नहीं कर रहे",
+	"relativetime.1week": "पिछले हफ्ते",
+	"relativetime.2weeks": "दो हफ्ते पहले",
+	"relativetime.1month": "पिछले महीने",
+	"relativetime.2months": "दो महीने पहले",
+	"relativetime.1year": "पिछले साल",
+	"relativetime.2years": "दो साल पहले",
+	"alert.asset_load_failed": "एसेट फाइल लोड नहीं हो पायी (path) ये पक्का करें की एसेट फाइल एक्सेस हो सकती है",
+	"alert.range_error": " एक अंक %d और %d के बीच में",
+	"search.milestone_kind": "माइलस्टोन ढूंढें…",
+	"home.welcome.no_activity": "गतिविधि नहीं",
+	"home.explore_repos": "रिपॉजिटरी निहारें",
+	"home.explore_users": "उसेर्स देखें",
+	"home.explore_orgs": "संस्थाएं देखें",
+	"relativetime.days": {
+		"one": "%d दिन पहले",
+		"other": "%d दिनों पहले"
+	},
+	"repo.settings.push_mirror.branch_filter.label": "शाखा फ़िल्टर",
+	"repo.settings.push_mirror.branch_filter.description": "शाखा मिरर होनीं हैं। खली छोड़ने पर सब मिरर होंगी।",
+	"install.invalid_lfs_path": "LFS रुट नहीं बना पाया इस path पर",
+	"relativetime.years": {
+		"one": "%d साल पहले",
+		"other": "%d सालों पहले"
+	},
+	"relativetime.weeks": {
+		"one": "%d हफ्ते पहले",
+		"other": "%d हफ़्तों पहले"
+	},
+	"relativetime.months": {
+		"one": "%d महीने पहले",
+		"other": "%d महीनों पहले"
+	},
+	"meta.last_line": "तीतर के दो पीछे तीतर तीतर के दो आगे तीतर बोलो कितने तीतर ?\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"relativetime.now": "अभी",
+	"avatar.constraints_hint": "कस्टम अवतार का फ़ाइल आकार 200 किलोबाइट से अधिक नहीं होना चाहिए और 125x125 पिक्सेल से बड़ा नहीं होना चाहिए",
+	"home.welcome.activity_hint": "आपकी फीड में अभी कुछ भी नहीं है। आपके कार्य और रिपॉजिटरी यहाँ दिखेंगे।",
+	"relativetime.future": "भविष्य में",
+	"moderation.report_abuse_form.details": "इस फॉर्म का प्रयोग वो करें जो बताना चाहते हैं स्पैम प्रोफाइल, रिपॉजिटरी, इशू, कमैंट्स या गलत पेशी",
+	"moderation.report_abuse_form.invalid": "इनवैलिड आर्गुमेंट",
+	"moderation.report_abuse_form.already_reported": "आप पहले शिकायत कर चुके हैं",
+	"moderation.abuse_category": "वर्ग",
+	"moderation.abuse_category.placeholder": "वर्ग चुनें",
+	"moderation.abuse_category.spam": "स्पैम",
+	"moderation.abuse_category.malware": "मैलवेयर",
+	"moderation.abuse_category.illegal_content": "गैर कानूनी कंटेंट",
+	"relativetime.mins": {
+		"one": "%d मिनट पहले",
+		"other": ""
+	},
+	"profile.actions.tooltip": "और एक्शन्स",
+	"profile.edit.link": "प्रोफाइल बनाएं",
+	"feed.atom.link": "एटम फीड",
+	"keys.ssh.link": "SSH कीस",
+	"keys.gpg.link": "GPG कीस",
+	"admin.config.moderation_config": "सत्यापन कॉन्फ़िगरेशन",
+	"moderation.report_abuse": "कंप्लेंट करें",
+	"moderation.report_content": "कंप्लेंट करें",
+	"moderation.report_abuse_form.header": "कंप्लेंट करें एडमिनिस्ट्रेटर से",
+	"moderation.report_remarks.placeholder": "कुछ डिटेल्स बताओ जिस बारे में रिपोर्ट कर रहे हो",
+	"moderation.submit_report": "रिपोर्ट सबमिट करो",
+	"moderation.reporting_failed": "नयी रिपोर्ट सबमिट नहीं हो सकती",
+	"moderation.reported_thank_you": "रिपोर्ट के लिए शुक्रिया। एडमिन को बताया गया है"
 }
diff --git a/options/locale_next/locale_hu-HU.json b/options/locale_next/locale_hu-HU.json
index 8698473f66..613b9b5c12 100644
--- a/options/locale_next/locale_hu-HU.json
+++ b/options/locale_next/locale_hu-HU.json
@@ -1,14 +1,15 @@
 {
-    "repo.pulls.merged_title_desc": "egyesítve %[1]d változás(ok) a <code>%[2]s</code>-ból <code>%[3]s</code>-ba %[4]s",
-    "repo.pulls.title_desc": "egyesíteni szeretné %[1]d változás(oka)t a(z) <code>%[2]s</code>-ból <code id=\"%[4]s\">%[3]s</code>-ba",
-    "search.milestone_kind": "Mérföldkövek keresése...",
-    "moderation.abuse_category.malware": "Malware",
-    "pulse.n_active_issues": {
-        "one": "%s Aktív hibajegy",
-        "other": "%s Aktív hibajegy"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s Aktív Egyesítési Kérés",
-        "other": "%s Aktív Egyesítési Kérések"
-    }
+	"repo.pulls.merged_title_desc": "egyesítve %[1]d változás(ok) a <code>%[2]s</code>-ból <code>%[3]s</code>-ba %[4]s",
+	"repo.pulls.title_desc": "egyesíteni szeretné %[1]d változás(oka)t a(z) <code>%[2]s</code>-ból <code id=\"%[4]s\">%[3]s</code>-ba",
+	"search.milestone_kind": "Mérföldkövek keresése...",
+	"moderation.abuse_category.malware": "Malware",
+	"pulse.n_active_issues": {
+		"one": "%s Aktív hibajegy",
+		"other": "%s Aktív hibajegy"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s Aktív Egyesítési Kérés",
+		"other": "%s Aktív Egyesítési Kérések"
+	},
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_id-ID.json b/options/locale_next/locale_id-ID.json
index 1ad3f2158a..ab83158939 100644
--- a/options/locale_next/locale_id-ID.json
+++ b/options/locale_next/locale_id-ID.json
@@ -1,142 +1,138 @@
 {
-    "repo.pulls.merged_title_desc": "commit %[1]d telah digabungkan dari <code>%[2]s</code> menjadi <code>%[3]s</code> %[4]s",
-    "repo.pulls.title_desc": "ingin menggabungkan komit %[1]d dari <code>%[2]s</code> menuju <code id=\"%[4]s\">%[3]s</code>",
-    "moderation.abuse_category.malware": "Perangkat pembahaya",
-    "pulse.n_active_issues": {
-        "other": "%s Masalah Aktif"
-    },
-    "pulse.n_active_prs": {
-        "other": "%s Tarik permintaan aktif"
-    },
-    "home.welcome.no_activity": "Tidak ada aktivitas",
-    "home.welcome.activity_hint": "Belum ada konten di feed Anda. Aktivitas dan tindakan Anda dari repositori yang Anda ikuti akan ditampilkan di sini.",
-    "home.explore_repos": "Jelajahi repositori",
-    "home.explore_users": "Jelajahi pengguna",
-    "home.explore_orgs": "Jelajahi organisasi",
-    "stars.list.none": "Tidak ada yang memberikan bintang pada repositori ini.",
-    "watch.list.none": "Tidak ada yang memantau repositori ini.",
-    "followers.incoming.list.self.none": "Tidak ada yang mengikuti profil Anda.",
-    "followers.incoming.list.none": "Tidak ada yang mengikuti pengguna ini.",
-    "followers.outgoing.list.self.none": "Anda tidak mengikuti siapa pun.",
-    "followers.outgoing.list.none": "%s tidak mengikuti siapa pun.",
-    "relativetime.now": "sekarang",
-    "relativetime.future": "di masa depan",
-    "relativetime.mins": "%d menit yang lalu",
-    "relativetime.hours": "%d jam yang lalu",
-    "relativetime.days": "%d hari yang lalu",
-    "relativetime.weeks": "%d minggu yang lalu",
-    "relativetime.months": "%d bulan yang lalu",
-    "relativetime.years": "%d tahun yang lalu",
-    "relativetime.1day": "kemarin",
-    "relativetime.2days": "dua hari yang lalu",
-    "relativetime.1week": "minggu lalu",
-    "relativetime.2weeks": "dua minggu yang lalu",
-    "relativetime.1month": "bulan lalu",
-    "relativetime.2months": "dua bulan yang lalu",
-    "relativetime.1year": "tahun lalu",
-    "relativetime.2years": "dua tahun yang lalu",
-    "repo.pulls.already_merged": "Penggabungan (merge) gagal: Permintaan pull (pull request) ini sudah digabungkan.",
-    "repo.pulls.maintainers_can_edit": "Pengelola dapat mengedit permintaan pull ini.",
-    "repo.pulls.maintainers_cannot_edit": "Pengelola tidak dapat mengedit permintaan pull ini.",
-    "repo.form.cannot_create": "Semua ruang di mana Anda dapat membuat repositori telah mencapai batas jumlah repositori.",
-    "migrate.form.error.url_credentials": "URL tersebut mengandung kredensial, masukkan kredensial tersebut ke dalam kolom nama pengguna dan kata sandi masing-masing",
-    "migrate.github.description": "Migrasikan data dari github.com atau server GitHub Enterprise.",
-    "migrate.git.description": "Migrasikan repositori hanya dari layanan Git mana pun.",
-    "migrate.gitea.description": "Migrasikan data dari gitea.com atau instance Gitea lainnya.",
-    "migrate.gitlab.description": "Migrasikan data dari gitlab.com atau instance GitLab lainnya.",
-    "migrate.gogs.description": "Migrasikan data dari notabug.org atau instance Gogs lainnya.",
-    "migrate.onedev.description": "Migrasikan data dari code.onedev.io atau instance OneDev lainnya.",
-    "migrate.gitbucket.description": "Migrasikan data dari instance GitBucket.",
-    "migrate.codebase.description": "Migrasikan data dari codebasehq.com.",
-    "migrate.forgejo.description": "Migrasikan data dari codeberg.org atau instance Forgejo lainnya.",
-    "repo.issue_indexer.title": "Indeks Masalah",
-    "search.milestone_kind": "Cari milestone…",
-    "repo.settings.push_mirror.branch_filter.label": "Filter cabang (opsional)",
-    "repo.settings.push_mirror.branch_filter.description": "Cabang yang akan disalin. Biarkan kosong untuk menyalin semua cabang. Lihat <a href=\"%[1]s\">%[2]s dokumentasi</a> untuk sintaksis. Contoh: <code>main, release/*</code>",
-    "incorrect_root_url": "Instance Forgejo ini dikonfigurasi untuk diakses melalui “%s”. Saat ini Anda mengakses Forgejo melalui URL yang berbeda, yang dapat menyebabkan sebagian fungsi aplikasi tidak berfungsi dengan baik. URL kanonik dikendalikan oleh admin Forgejo melalui pengaturan ROOT_URL di berkas app.ini.",
-    "themes.names.forgejo-auto": "Forgejo (mengikuti tema sistem)",
-    "themes.names.forgejo-light": "Forgejo terang",
-    "themes.names.forgejo-dark": "Forgejo gelap",
-    "error.not_found.title": "Halaman tidak ditemukan",
-    "warning.repository.out_of_sync": "Representasi basis data repositori ini tidak sinkron. Jika peringatan ini masih ditampilkan setelah melakukan commit ke repositori ini, hubungi administrator.",
-    "alert.asset_load_failed": "Gagal memuat berkas aset dari {path}. Pastikan berkas aset dapat diakses.",
-    "alert.range_error": " Harus berupa angka antara %[1]s dan %[2]s.",
-    "install.invalid_lfs_path": "Tidak dapat membuat direktori root LFS di jalur yang ditentukan: %[1]s",
-    "profile.actions.tooltip": "Lebih banyak tindakan",
-    "profile.edit.link": "Edit profil",
-    "feed.atom.link": "Atom feed",
-    "keys.ssh.link": "Kunci SSH",
-    "keys.gpg.link": "Kunci GPG",
-    "admin.config.moderation_config": "Konfigurasi moderasi",
-    "admin.moderation.moderation_reports": "Konfigurasi moderasi",
-    "admin.moderation.reports": "Laporan",
-    "admin.moderation.no_open_reports": "Saat ini tidak ada laporan yang terbuka.",
-    "admin.moderation.deleted_content_ref": "Konten yang dilaporkan dengan tipe %[1]v dan ID %[2]d tidak lagi tersedia",
-    "moderation.report_abuse": "Laporkan penyalahgunaan",
-    "moderation.report_content": "Isi laporan",
-    "moderation.report_abuse_form.header": "Laporkan penyalahgunaan kepada administrator",
-    "moderation.report_abuse_form.details": "Formulir ini harus digunakan untuk melaporkan pengguna yang membuat profil spam, repositori, masalah, komentar, atau berperilaku tidak pantas.",
-    "moderation.report_abuse_form.invalid": "Argumen tidak valid",
-    "moderation.report_abuse_form.already_reported": "Anda sudah melaporkan konten ini",
-    "moderation.abuse_category": "Kategori",
-    "moderation.abuse_category.placeholder": "Pilih kategori",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.illegal_content": "Konten ilegal",
-    "moderation.abuse_category.other_violations": "Pelanggaran lain terhadap aturan platform",
-    "moderation.report_remarks": "Catatan",
-    "moderation.report_remarks.placeholder": "Silakan berikan beberapa detail mengenai penyalahgunaan yang Anda laporkan.",
-    "moderation.submit_report": "Kirimkan laporan",
-    "moderation.reporting_failed": "Tidak dapat kirimkan laporan penyalahgunaan baru: %v",
-    "moderation.reported_thank_you": "Terima kasih atas laporan yang Anda sampaikan. Pihak administrasi telah mengetahui hal tersebut.",
-    "mail.actions.successful_run_after_failure_subject": "Alur kerja %[1] telah dipulihkan di repositori %[2]",
-    "mail.actions.not_successful_run_subject": "Alur kerja %[1] gagal di repositori %[2]",
-    "mail.actions.successful_run_after_failure": "Alur kerja %[1] telah dipulihkan di repositori %[2]",
-    "mail.actions.not_successful_run": "Alur kerja %[1] gagal di repositori %[2]",
-    "mail.actions.run_info_cur_status": "Status Lari Ini: %[1]s (baru saja diperbarui dari %[2]s)",
-    "mail.actions.run_info_previous_status": "Status Eksekusi Sebelumnya: %[1]s",
-    "mail.actions.run_info_sha": "Komitmen: %[1]s",
-    "mail.actions.run_info_trigger": "Dipicu oleh: %[1]s oleh: %[2]s",
-    "mail.issue.action.close_by_commit": "%[1]s ditutup %[2]s dalam commit %[3]s.",
-    "repo.diff.commit.next-short": "Selanjutnya",
-    "repo.diff.commit.previous-short": "Sebelumnya",
-    "discussion.locked": "Diskusi ini telah dikunci. Komentar hanya dapat dilakukan oleh kontributor.",
-    "discussion.sidebar.reference": "Referensi",
-    "editor.textarea.tab_hint": "Baris sudah diindentasi. Tekan <kbd>Tab</kbd> lagi atau <kbd>Escape</kbd> untuk keluar dari editor.",
-    "editor.textarea.shift_tab_hint": "Tidak ada indentasi pada baris ini. Tekan <kbd>Shift</kbd> + <kbd>Tab</kbd> lagi atau <kbd>Escape</kbd> untuk keluar dari editor.",
-    "admin.auths.allow_username_change": "Izinkan perubahan nama pengguna",
-    "admin.auths.allow_username_change.description": "Izinkan pengguna untuk mengubah nama pengguna mereka di pengaturan profil",
-    "admin.dashboard.cleanup_offline_runners": "Pembersihan pelari offline",
-    "admin.dashboard.remove_resolved_reports": "Hapus laporan yang telah diselesaikan",
-    "admin.config.security": "Konfigurasi keamanan",
-    "admin.config.global_2fa_requirement.title": "Persyaratan dua faktor global",
-    "admin.config.global_2fa_requirement.none": "Tidak",
-    "admin.config.global_2fa_requirement.all": "Semua pengguna",
-    "admin.config.global_2fa_requirement.admin": "Administrator",
-    "settings.visibility.description": "Visibilitas profil memengaruhi kemampuan orang lain untuk mengakses repositori non-pribadi Anda. <a href=\"%s\" target=\"_blank\">Pelajari lebih lanjut</a>.",
-    "settings.twofa_unroll_unavailable": "Otentikasi dua faktor diwajibkan untuk akun Anda dan tidak dapat dinonaktifkan.",
-    "settings.twofa_reenroll": "Aktifkan kembali otentikasi dua faktor",
-    "settings.twofa_reenroll.description": "Daftarkan ulang otentikasi dua faktor Anda",
-    "settings.must_enable_2fa": "Instance Forgejo ini mengharuskan pengguna untuk mengaktifkan otentikasi dua faktor sebelum mereka dapat mengakses akun mereka.",
-    "error.must_enable_2fa": "Instance Forgejo ini mengharuskan pengguna untuk mengaktifkan otentikasi dua faktor sebelum mereka dapat mengakses akun mereka. Aktifkan di: %s",
-    "avatar.constraints_hint": "Avatar kustom tidak boleh melebihi %[1]s dalam ukuran atau lebih besar dari %[2]dx%[3]d piksel",
-    "user.ghost.tooltip": "Pengguna ini telah dihapus, atau tidak dapat diidentifikasi.",
-    "og.repo.summary_card.alt_description": "Kartu ringkasan repositori %[1]s, dijelaskan sebagai: %[2]s",
-    "repo.commit.load_tags_failed": "Pemuatan tag gagal karena kesalahan internal",
-    "compare.branches.title": "Bandingkan cabang",
-    "migrate.pagure.description": "Migrasikan data dari pagure.io atau instance Pagure lainnya.",
-    "migrate.pagure.incorrect_url": "URL repositori sumber yang salah telah disediakan",
-    "migrate.pagure.project_url": "URL Proyek Pagure",
-    "migrate.pagure.project_example": "URL proyek Pagure, misalnya https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Token API Pagure",
-    "migrate.pagure.private_issues.summary": "Masalah Pribadi (Opsional)",
-    "migrate.pagure.private_issues.description": "Fitur ini dirancang untuk membuat repositori kedua yang hanya berisi masalah pribadi dari proyek Pagure Anda untuk tujuan arsip. Pertama, lakukan migrasi normal (tanpa token) untuk mengimpor semua konten publik. Kemudian, jika Anda memiliki masalah pribadi yang ingin disimpan, buat repositori terpisah menggunakan opsi token ini untuk mengarsipkan masalah pribadi tersebut.",
-    "migrate.pagure.private_issues.warning": "Pastikan untuk mengatur visibilitas repositori di atas menjadi Pribadi jika Anda menggunakan kunci API untuk mengimpor masalah pribadi. Hal ini mencegah pengungkapan konten pribadi secara tidak sengaja di repositori publik.",
-    "migrate.pagure.token.placeholder": "Hanya untuk membuat arsip masalah pribadi",
-    "actions.runs.run_attempt_label": "Upaya eksekusi #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "Anda sedang melihat hasil eksekusi yang sudah kadaluwarsa dari tugas ini yang dijalankan pada %[1]s.",
-    "actions.runs.view_most_recent_run": "Lihat hasil terbaru",
-    "actions.workflow.job_parsing_error": "Tidak dapat memproses pekerjaan dalam alur kerja: %v",
-    "actions.workflow.event_detection_error": "Tidak dapat memproses peristiwa yang didukung dalam alur kerja: %v",
-    "actions.workflow.pre_execution_error": "Alur kerja tidak dijalankan karena terjadi kesalahan yang menghalangi upaya eksekusi.",
-    "meta.last_line": "Terima kasih telah menerjemahkan Forgejo! Baris ini tidak terlihat oleh pengguna, tetapi memiliki fungsi lain dalam manajemen terjemahan. Anda dapat menambahkan fakta menarik dalam terjemahan alih-alih menerjemahkannya."
+	"repo.pulls.merged_title_desc": "commit %[1]d telah digabungkan dari <code>%[2]s</code> menjadi <code>%[3]s</code> %[4]s",
+	"repo.pulls.title_desc": "ingin menggabungkan komit %[1]d dari <code>%[2]s</code> menuju <code id=\"%[4]s\">%[3]s</code>",
+	"moderation.abuse_category.malware": "Perangkat pembahaya",
+	"pulse.n_active_issues": "%s Masalah Aktif",
+	"pulse.n_active_prs": "%s Tarik permintaan aktif",
+	"home.welcome.no_activity": "Tidak ada aktivitas",
+	"home.welcome.activity_hint": "Belum ada konten di feed Anda. Aktivitas dan tindakan Anda dari repositori yang Anda ikuti akan ditampilkan di sini.",
+	"home.explore_repos": "Jelajahi repositori",
+	"home.explore_users": "Jelajahi pengguna",
+	"home.explore_orgs": "Jelajahi organisasi",
+	"stars.list.none": "Tidak ada yang memberikan bintang pada repositori ini.",
+	"watch.list.none": "Tidak ada yang memantau repositori ini.",
+	"followers.incoming.list.self.none": "Tidak ada yang mengikuti profil Anda.",
+	"followers.incoming.list.none": "Tidak ada yang mengikuti pengguna ini.",
+	"followers.outgoing.list.self.none": "Anda tidak mengikuti siapa pun.",
+	"followers.outgoing.list.none": "%s tidak mengikuti siapa pun.",
+	"relativetime.now": "sekarang",
+	"relativetime.future": "di masa depan",
+	"relativetime.mins": "%d menit yang lalu",
+	"relativetime.hours": "%d jam yang lalu",
+	"relativetime.days": "%d hari yang lalu",
+	"relativetime.weeks": "%d minggu yang lalu",
+	"relativetime.months": "%d bulan yang lalu",
+	"relativetime.years": "%d tahun yang lalu",
+	"relativetime.1day": "kemarin",
+	"relativetime.2days": "dua hari yang lalu",
+	"relativetime.1week": "minggu lalu",
+	"relativetime.2weeks": "dua minggu yang lalu",
+	"relativetime.1month": "bulan lalu",
+	"relativetime.2months": "dua bulan yang lalu",
+	"relativetime.1year": "tahun lalu",
+	"relativetime.2years": "dua tahun yang lalu",
+	"repo.pulls.already_merged": "Penggabungan (merge) gagal: Permintaan pull (pull request) ini sudah digabungkan.",
+	"repo.pulls.maintainers_can_edit": "Pengelola dapat mengedit permintaan pull ini.",
+	"repo.pulls.maintainers_cannot_edit": "Pengelola tidak dapat mengedit permintaan pull ini.",
+	"repo.form.cannot_create": "Semua ruang di mana Anda dapat membuat repositori telah mencapai batas jumlah repositori.",
+	"migrate.form.error.url_credentials": "URL tersebut mengandung kredensial, masukkan kredensial tersebut ke dalam kolom nama pengguna dan kata sandi masing-masing",
+	"migrate.github.description": "Migrasikan data dari github.com atau server GitHub Enterprise.",
+	"migrate.git.description": "Migrasikan repositori hanya dari layanan Git mana pun.",
+	"migrate.gitea.description": "Migrasikan data dari gitea.com atau instance Gitea lainnya.",
+	"migrate.gitlab.description": "Migrasikan data dari gitlab.com atau instance GitLab lainnya.",
+	"migrate.gogs.description": "Migrasikan data dari notabug.org atau instance Gogs lainnya.",
+	"migrate.onedev.description": "Migrasikan data dari code.onedev.io atau instance OneDev lainnya.",
+	"migrate.gitbucket.description": "Migrasikan data dari instance GitBucket.",
+	"migrate.codebase.description": "Migrasikan data dari codebasehq.com.",
+	"migrate.forgejo.description": "Migrasikan data dari codeberg.org atau instance Forgejo lainnya.",
+	"repo.issue_indexer.title": "Indeks Masalah",
+	"search.milestone_kind": "Cari milestone…",
+	"repo.settings.push_mirror.branch_filter.label": "Filter cabang (opsional)",
+	"repo.settings.push_mirror.branch_filter.description": "Cabang yang akan disalin. Biarkan kosong untuk menyalin semua cabang. Lihat <a href=\"%[1]s\">%[2]s dokumentasi</a> untuk sintaksis. Contoh: <code>main, release/*</code>",
+	"incorrect_root_url": "Instance Forgejo ini dikonfigurasi untuk diakses melalui “%s”. Saat ini Anda mengakses Forgejo melalui URL yang berbeda, yang dapat menyebabkan sebagian fungsi aplikasi tidak berfungsi dengan baik. URL kanonik dikendalikan oleh admin Forgejo melalui pengaturan ROOT_URL di berkas app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (mengikuti tema sistem)",
+	"themes.names.forgejo-light": "Forgejo terang",
+	"themes.names.forgejo-dark": "Forgejo gelap",
+	"error.not_found.title": "Halaman tidak ditemukan",
+	"warning.repository.out_of_sync": "Representasi basis data repositori ini tidak sinkron. Jika peringatan ini masih ditampilkan setelah melakukan commit ke repositori ini, hubungi administrator.",
+	"alert.asset_load_failed": "Gagal memuat berkas aset dari {path}. Pastikan berkas aset dapat diakses.",
+	"alert.range_error": " Harus berupa angka antara %[1]s dan %[2]s.",
+	"install.invalid_lfs_path": "Tidak dapat membuat direktori root LFS di jalur yang ditentukan: %[1]s",
+	"profile.actions.tooltip": "Lebih banyak tindakan",
+	"profile.edit.link": "Edit profil",
+	"feed.atom.link": "Atom feed",
+	"keys.ssh.link": "Kunci SSH",
+	"keys.gpg.link": "Kunci GPG",
+	"admin.config.moderation_config": "Konfigurasi moderasi",
+	"admin.moderation.moderation_reports": "Konfigurasi moderasi",
+	"admin.moderation.reports": "Laporan",
+	"admin.moderation.no_open_reports": "Saat ini tidak ada laporan yang terbuka.",
+	"admin.moderation.deleted_content_ref": "Konten yang dilaporkan dengan tipe %[1]v dan ID %[2]d tidak lagi tersedia",
+	"moderation.report_abuse": "Laporkan penyalahgunaan",
+	"moderation.report_content": "Isi laporan",
+	"moderation.report_abuse_form.header": "Laporkan penyalahgunaan kepada administrator",
+	"moderation.report_abuse_form.details": "Formulir ini harus digunakan untuk melaporkan pengguna yang membuat profil spam, repositori, masalah, komentar, atau berperilaku tidak pantas.",
+	"moderation.report_abuse_form.invalid": "Argumen tidak valid",
+	"moderation.report_abuse_form.already_reported": "Anda sudah melaporkan konten ini",
+	"moderation.abuse_category": "Kategori",
+	"moderation.abuse_category.placeholder": "Pilih kategori",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.illegal_content": "Konten ilegal",
+	"moderation.abuse_category.other_violations": "Pelanggaran lain terhadap aturan platform",
+	"moderation.report_remarks": "Catatan",
+	"moderation.report_remarks.placeholder": "Silakan berikan beberapa detail mengenai penyalahgunaan yang Anda laporkan.",
+	"moderation.submit_report": "Kirimkan laporan",
+	"moderation.reporting_failed": "Tidak dapat kirimkan laporan penyalahgunaan baru: %v",
+	"moderation.reported_thank_you": "Terima kasih atas laporan yang Anda sampaikan. Pihak administrasi telah mengetahui hal tersebut.",
+	"mail.actions.successful_run_after_failure_subject": "Alur kerja %[1] telah dipulihkan di repositori %[2]",
+	"mail.actions.not_successful_run_subject": "Alur kerja %[1] gagal di repositori %[2]",
+	"mail.actions.successful_run_after_failure": "Alur kerja %[1] telah dipulihkan di repositori %[2]",
+	"mail.actions.not_successful_run": "Alur kerja %[1] gagal di repositori %[2]",
+	"mail.actions.run_info_cur_status": "Status Lari Ini: %[1]s (baru saja diperbarui dari %[2]s)",
+	"mail.actions.run_info_previous_status": "Status Eksekusi Sebelumnya: %[1]s",
+	"mail.actions.run_info_sha": "Komitmen: %[1]s",
+	"mail.actions.run_info_trigger": "Dipicu oleh: %[1]s oleh: %[2]s",
+	"mail.issue.action.close_by_commit": "%[1]s ditutup %[2]s dalam commit %[3]s.",
+	"repo.diff.commit.next-short": "Selanjutnya",
+	"repo.diff.commit.previous-short": "Sebelumnya",
+	"discussion.locked": "Diskusi ini telah dikunci. Komentar hanya dapat dilakukan oleh kontributor.",
+	"discussion.sidebar.reference": "Referensi",
+	"editor.textarea.tab_hint": "Baris sudah diindentasi. Tekan <kbd>Tab</kbd> lagi atau <kbd>Escape</kbd> untuk keluar dari editor.",
+	"editor.textarea.shift_tab_hint": "Tidak ada indentasi pada baris ini. Tekan <kbd>Shift</kbd> + <kbd>Tab</kbd> lagi atau <kbd>Escape</kbd> untuk keluar dari editor.",
+	"admin.auths.allow_username_change": "Izinkan perubahan nama pengguna",
+	"admin.auths.allow_username_change.description": "Izinkan pengguna untuk mengubah nama pengguna mereka di pengaturan profil",
+	"admin.dashboard.cleanup_offline_runners": "Pembersihan pelari offline",
+	"admin.dashboard.remove_resolved_reports": "Hapus laporan yang telah diselesaikan",
+	"admin.config.security": "Konfigurasi keamanan",
+	"admin.config.global_2fa_requirement.title": "Persyaratan dua faktor global",
+	"admin.config.global_2fa_requirement.none": "Tidak",
+	"admin.config.global_2fa_requirement.all": "Semua pengguna",
+	"admin.config.global_2fa_requirement.admin": "Administrator",
+	"settings.visibility.description": "Visibilitas profil memengaruhi kemampuan orang lain untuk mengakses repositori non-pribadi Anda. <a href=\"%s\" target=\"_blank\">Pelajari lebih lanjut</a>.",
+	"settings.twofa_unroll_unavailable": "Otentikasi dua faktor diwajibkan untuk akun Anda dan tidak dapat dinonaktifkan.",
+	"settings.twofa_reenroll": "Aktifkan kembali otentikasi dua faktor",
+	"settings.twofa_reenroll.description": "Daftarkan ulang otentikasi dua faktor Anda",
+	"settings.must_enable_2fa": "Instance Forgejo ini mengharuskan pengguna untuk mengaktifkan otentikasi dua faktor sebelum mereka dapat mengakses akun mereka.",
+	"error.must_enable_2fa": "Instance Forgejo ini mengharuskan pengguna untuk mengaktifkan otentikasi dua faktor sebelum mereka dapat mengakses akun mereka. Aktifkan di: %s",
+	"avatar.constraints_hint": "Avatar kustom tidak boleh melebihi %[1]s dalam ukuran atau lebih besar dari %[2]dx%[3]d piksel",
+	"user.ghost.tooltip": "Pengguna ini telah dihapus, atau tidak dapat diidentifikasi.",
+	"og.repo.summary_card.alt_description": "Kartu ringkasan repositori %[1]s, dijelaskan sebagai: %[2]s",
+	"repo.commit.load_tags_failed": "Pemuatan tag gagal karena kesalahan internal",
+	"compare.branches.title": "Bandingkan cabang",
+	"migrate.pagure.description": "Migrasikan data dari pagure.io atau instance Pagure lainnya.",
+	"migrate.pagure.incorrect_url": "URL repositori sumber yang salah telah disediakan",
+	"migrate.pagure.project_url": "URL Proyek Pagure",
+	"migrate.pagure.project_example": "URL proyek Pagure, misalnya https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Token API Pagure",
+	"migrate.pagure.private_issues.summary": "Masalah Pribadi (Opsional)",
+	"migrate.pagure.private_issues.description": "Fitur ini dirancang untuk membuat repositori kedua yang hanya berisi masalah pribadi dari proyek Pagure Anda untuk tujuan arsip. Pertama, lakukan migrasi normal (tanpa token) untuk mengimpor semua konten publik. Kemudian, jika Anda memiliki masalah pribadi yang ingin disimpan, buat repositori terpisah menggunakan opsi token ini untuk mengarsipkan masalah pribadi tersebut.",
+	"migrate.pagure.private_issues.warning": "Pastikan untuk mengatur visibilitas repositori di atas menjadi Pribadi jika Anda menggunakan kunci API untuk mengimpor masalah pribadi. Hal ini mencegah pengungkapan konten pribadi secara tidak sengaja di repositori publik.",
+	"migrate.pagure.token.placeholder": "Hanya untuk membuat arsip masalah pribadi",
+	"actions.runs.run_attempt_label": "Upaya eksekusi #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "Anda sedang melihat hasil eksekusi yang sudah kadaluwarsa dari tugas ini yang dijalankan pada %[1]s.",
+	"actions.runs.view_most_recent_run": "Lihat hasil terbaru",
+	"actions.workflow.job_parsing_error": "Tidak dapat memproses pekerjaan dalam alur kerja: %v",
+	"actions.workflow.event_detection_error": "Tidak dapat memproses peristiwa yang didukung dalam alur kerja: %v",
+	"actions.workflow.pre_execution_error": "Alur kerja tidak dijalankan karena terjadi kesalahan yang menghalangi upaya eksekusi.",
+	"meta.last_line": "Terima kasih telah menerjemahkan Forgejo! Baris ini tidak terlihat oleh pengguna, tetapi memiliki fungsi lain dalam manajemen terjemahan. Anda dapat menambahkan fakta menarik dalam terjemahan alih-alih menerjemahkannya.\n(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_is-IS.json b/options/locale_next/locale_is-IS.json
index add24fce42..2925565be6 100644
--- a/options/locale_next/locale_is-IS.json
+++ b/options/locale_next/locale_is-IS.json
@@ -1,6 +1,5 @@
 {
-    "repo.pulls.title_desc": {
-        "other": "vill sameina %[1]d framlög frá <code>%[2]s</code> í <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "migrate.git.description": "Flytja hugbúnaðarsafn aðeins frá Git þjónustu."
+	"repo.pulls.title_desc": "vill sameina %[1]d framlög frá <code>%[2]s</code> í <code id=\"%[4]s\">%[3]s</code>",
+	"migrate.git.description": "Flytja hugbúnaðarsafn aðeins frá Git þjónustu.",
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_isv.json b/options/locale_next/locale_isv.json
index b6081762cd..e1f7e1e5a2 100644
--- a/options/locale_next/locale_isv.json
+++ b/options/locale_next/locale_isv.json
@@ -1,3 +1,4 @@
 {
-    "home.welcome.no_activity": "Nema aktivnosti"
+	"home.welcome.no_activity": "Nema aktivnosti",
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index 219a62f0c0..fb17d8cf90 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -1,203 +1,203 @@
 {
-    "fork.n_forks": {
-        "one": "%s biforcazioni",
-        "many": "%s biforcazioni",
-        "other": ""
-    },
-    "stars.n_stars": {
-        "one": "%s stella",
-        "many": "%s stelle",
-        "other": ""
-    },
-    "release.n_downloads": {
-        "one": "%s download",
-        "many": "%s downloads",
-        "other": ""
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "ha fuso %[1]d commit da <code>%[2]s</code> in <code>%[3]s</code> %[4]s",
-        "many": "ha unito %[1]d commit da <code>%[2]s</code> a <code>%[3]s</code> %[4]s",
-        "other": ""
-    },
-    "repo.pulls.title_desc": {
-        "one": "vuole fondere %[1]d commit da <code>%[2]s</code> in <code id=\"%[4]s\">%[3]s</code>",
-        "many": "vuole fondere %[1]d commit da <code>%[2]s</code> a <code id=\"%[4]s\">%[3]s</code>",
-        "other": ""
-    },
-    "search.milestone_kind": "Ricerca traguardi…",
-    "themes.names.forgejo-light": "Forgejo chiaro",
-    "themes.names.forgejo-dark": "Forgejo scuro",
-    "home.welcome.no_activity": "Nessun'attività",
-    "home.explore_repos": "Esplora i repositori",
-    "home.explore_users": "Esplora l'utenza",
-    "home.explore_orgs": "Esplora le organizzazioni",
-    "mail.actions.successful_run_after_failure_subject": "Il flusso di lavoro %[1] ha ripreso a funzionare nel repositorio %[2]s",
-    "mail.actions.not_successful_run_subject": "Il flusso di lavoro %[1]s è fallito nel repositorio %[2]s",
-    "relativetime.future": "nel futuro",
-    "relativetime.days": {
-        "one": "ieri",
-        "many": "%d giorni fa",
-        "other": "%d giorni fa"
-    },
-    "relativetime.1day": "ieri",
-    "repo.form.cannot_create": "Tutti gli spazi in cui puoi creare repositori hanno raggiunto il limite di repositori.",
-    "discussion.locked": "Questa discussione è stata bloccata. Solo i contributori possono commentare.",
-    "relativetime.hours": {
-        "one": "un'ora fa",
-        "many": "%d ore fa",
-        "other": "%d ore fa"
-    },
-    "relativetime.2years": "due anni fa",
-    "relativetime.now": "adesso",
-    "relativetime.weeks": {
-        "one": "una settimana fa",
-        "many": "%d settimane fa",
-        "other": "%d settimane fa"
-    },
-    "relativetime.months": {
-        "one": "un mese fa",
-        "many": "%d mesi fa",
-        "other": "%d mesi fa"
-    },
-    "relativetime.years": {
-        "one": "un anno fa",
-        "many": "%d anni fa",
-        "other": "%d anni fa"
-    },
-    "repo.issue_indexer.title": "Indicizzatore delle segnalazioni",
-    "admin.config.moderation_config": "Impostazioni di moderazione",
-    "moderation.report_abuse": "Segnala abuso",
-    "moderation.report_content": "Segnala contenuto",
-    "moderation.report_abuse_form.already_reported": "Hai già segnalato questo contenuto",
-    "moderation.abuse_category": "Categoria",
-    "moderation.abuse_category.placeholder": "Seleziona una categoria",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Malware",
-    "moderation.abuse_category.illegal_content": "Contenuti illegali",
-    "moderation.abuse_category.other_violations": "Altre violazioni delle regole della piattaforma",
-    "moderation.report_remarks": "Note aggiuntive",
-    "moderation.report_remarks.placeholder": "Aggiungi dettagli riguardanti l'abuso che stai segnalando.",
-    "moderation.submit_report": "Invia segnalazione",
-    "error.not_found.title": "Pagina non trovata",
-    "themes.names.forgejo-auto": "Forgejo (segui le impostazioni di sistema)",
-    "stars.list.none": "Nessuno ha messo una stella a questo repo.",
-    "watch.list.none": "Nessuno sta osservando questo repo.",
-    "followers.incoming.list.self.none": "Nessuno sta seguendo il tuo profilo.",
-    "followers.incoming.list.none": "Nessuno sta seguendo questo utente.",
-    "followers.outgoing.list.self.none": "Non segui nessuno.",
-    "followers.outgoing.list.none": "%s non sta seguendo nessuno.",
-    "relativetime.2days": "due giorni fa",
-    "relativetime.2weeks": "due settimane fa",
-    "relativetime.1week": "la settimana scorsa",
-    "relativetime.1month": "il mese scorso",
-    "relativetime.2months": "due mesi fa",
-    "relativetime.1year": "l'anno scorso",
-    "moderation.report_abuse_form.header": "Segnala abuso all'amministratore",
-    "moderation.report_abuse_form.details": "Questo modulo dovrebbe essere utilizzato per segnalare utenti che creano profili, repositori, segnalazioni o commenti spam o che si comportano in modo non adeguato.",
-    "moderation.report_abuse_form.invalid": "Argomenti non validi",
-    "moderation.reporting_failed": "Impossibile inviare segnalazione: %v",
-    "moderation.reported_thank_you": "Grazie per la segnalazione. L'amministratore è stato avvertito.",
-    "alert.asset_load_failed": "Impossibile caricare i file di risorsa da {path}. Controlla che i file di risorsa siano accessibili.",
-    "install.invalid_lfs_path": "Non è possibile creare una root LFS nel percorso specificato: %[1]s",
-    "home.welcome.activity_hint": "Non c'è nulla nel tuo feed. Le tue azioni e le attività dei repositori che segui verranno mostrate qui.",
-    "relativetime.mins": {
-        "one": "un minuto fa",
-        "many": "%d minuti fa",
-        "other": "%d minuti fa"
-    },
-    "editor.textarea.tab_hint": "Linea già indentata. Premi di nuovo <kbd>Tab</kbd> o <kbd>Esc</kbd> per uscire dall'editor.",
-    "repo.diff.commit.previous-short": "Precedente",
-    "meta.last_line": "Ambaraba cicci cocco.",
-    "migrate.github.description": "Migrare i dati da github.com o da server GitHub Enterprise.",
-    "migrate.git.description": "Migra un repositorio solo da qualsiasi servizio Git.",
-    "migrate.gitea.description": "Migrare i dati da gitea.com o altre istanze di Gitea.",
-    "migrate.gitlab.description": "Migrare i dati da gitlab.com o da altre istanze di GitLab.",
-    "migrate.gogs.description": "Migrare i dati da notabug.org o da altre istanze Gogs.",
-    "migrate.onedev.description": "Migrare i dati da code.onedev.io o da altre istanze OneDev.",
-    "migrate.gitbucket.description": "Migra i dati dalle istanze di GitBucket.",
-    "migrate.codebase.description": "Migrare i dati da codebasehq.com.",
-    "migrate.forgejo.description": "Migra dati da codeberg.org o da altre istanze Forgejo.",
-    "repo.settings.push_mirror.branch_filter.label": "Filtro ramo (opzionale)",
-    "alert.range_error": " deve essere un numero tra %[1]s e %[2]s.",
-    "keys.gpg.link": "Chiavi GPG",
-    "mail.actions.successful_run_after_failure": "Flusso di lavoro %[1]s recuperato nel repositorio %[2]s",
-    "profile.actions.tooltip": "Altre azioni",
-    "profile.edit.link": "Modifica profilo",
-    "feed.atom.link": "Feed Atom",
-    "keys.ssh.link": "Chiavi SSH",
-    "admin.moderation.moderation_reports": "Rapporti moderazione",
-    "incorrect_root_url": "Questa istanza di Forgejo è configurata per operare su “%s”. Attualmente stai caricando Forgejo attraverso un URL differente, questo potrebbe causare il malfunzionamento di alcune parti dell'applicazione. L'URL canonico è definito dagli amministratori di Forgejo attraverso l'impostazione ROOT_URL in app.ini.",
-    "warning.repository.out_of_sync": "Lo stato del database di questo repositorio non è sincronizzato. Se questo avviso permane anche dopo aver inviato un commit a questo repositorio contattare l'amministratore.",
-    "migrate.form.error.url_credentials": "L'URL contiene delle credenziali, inseriscile rispettivamente nei campi nome utente e password",
-    "mail.actions.run_info_cur_status": "Stato di questa esecuzione: %[1]s (appena aggiornato da %[2]s)",
-    "compare.branches.title": "Confronta i rami",
-    "mail.actions.run_info_sha": "Commit: %[1]s",
-    "repo.settings.push_mirror.branch_filter.description": "Rami da essere specchiati. Lascia vuoto per specchiare tutti i rami. Consulta la <a href=\"%[1]s\">%[2]s documentazione</a> per la sintassi. Esempi: <code>main, release/*</code>",
-    "admin.moderation.reports": "Segnalazioni",
-    "admin.moderation.no_open_reports": "Attualmente non ci sono segnalazioni aperte.",
-    "admin.moderation.deleted_content_ref": "Il contenuto segnalato con tipo %[1]v e con id %[2]d non esiste più",
-    "mail.actions.run_info_previous_status": "Stato dell'esecuzione precedente: %[1]s",
-    "admin.auths.allow_username_change": "Consenti la modifica del nome utente",
-    "admin.auths.allow_username_change.description": "Consenti agli utenti di cambiare il proprio nome utente nelle impostazione del profilo",
-    "admin.dashboard.cleanup_offline_runners": "Elimina esecutori offline",
-    "admin.dashboard.remove_resolved_reports": "Rimuovi segnalazioni risolte",
-    "settings.twofa_unroll_unavailable": "La verifica in due passaggi è richiesta per il tuo account e non può essere disattivata.",
-    "settings.must_enable_2fa": "Questa istanza Forgejo richiede che gli utenti attivino la verifica in due passaggi prima di poter accedere ai propri account.",
-    "mail.actions.run_info_trigger": "Attivato perché: %[1]s da: %[2]s",
-    "repo.diff.commit.next-short": "Successivo",
-    "discussion.sidebar.reference": "Riferimento",
-    "editor.textarea.shift_tab_hint": "Nessuna indentazione su questa riga. Premi <kbd>Shift</kbd> + <kbd>Tab</kbd> di nuovo o <kbd>Escape</kbd> per uscire dall'editor.",
-    "settings.twofa_reenroll": "Reiscrivi la verifica in due passaggi",
-    "avatar.constraints_hint": "L'avatar personalizzato non può superare %[1]s di dimensione o essere più grande di %[2]dx%[3]d pixels",
-    "user.ghost.tooltip": "Questo utente è stato eliminato, o non può essere trovato.",
-    "og.repo.summary_card.alt_description": "Scheda di riepilogo del repositorio %[1]s, descritta come: %[2]s",
-    "repo.commit.load_tags_failed": "Caricamento dei tag fallito a causa di un errore interno",
-    "actions.runs.run_attempt_label": "Esegui tentativo #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "Stai visualizzando un'esecuzione obsoleta di questo lavoro che è stata eseguita il %[1]s.",
-    "actions.runs.view_most_recent_run": "Visualizza l'esecuzione più recente",
-    "settings.visibility.description": "La visibilità del profilo influisce sulla capacità degli altri di accedere ai tuoi repository non privati. <a href=\"%s\" target=\"_blank\">Scopri di più</a>.",
-    "error.must_enable_2fa": "Questa istanza Forgejo richiede che gli utenti attivino la verifica in due passaggi prima di poter accedere ai propri account. Attivala su: %s",
-    "migrate.pagure.token_label": "Token API Pagure",
-    "admin.config.security": "Configurazione della sicurezza",
-    "admin.config.global_2fa_requirement.title": "Requisito globale di autenticazione a due fattori",
-    "admin.config.global_2fa_requirement.none": "No",
-    "admin.config.global_2fa_requirement.all": "Tutti gli utenti",
-    "admin.config.global_2fa_requirement.admin": "Amministratori",
-    "repo.pulls.already_merged": "Fusione fallita: Questa richiesta di modifica è già stata fusa.",
-    "migrate.pagure.description": "Migra i dati da pagure.io o da altre istanze di Pagure.",
-    "migrate.pagure.incorrect_url": "È stato fornito un URL del repository sorgente errato",
-    "migrate.pagure.project_url": "URL del progetto Pagure",
-    "migrate.pagure.project_example": "L'URL del progetto Pagure, ad esempio https://pagure.io/pagure",
-    "mail.actions.not_successful_run": "Flusso di lavoro %[1]s non riuscito nel repositorio %[2]s",
-    "settings.twofa_reenroll.description": "Reinserisci la verifica in due passaggi",
-    "pulse.n_active_issues": {
-        "one": "%s segnalazione attiva",
-        "many": "%s segnalazioni attive",
-        "other": ""
-    },
-    "pulse.n_active_prs": {
-        "one": "%s richiesta di modifica attiva",
-        "many": "%s richieste di modifiche attive",
-        "other": ""
-    },
-    "repo.pulls.maintainers_can_edit": "I gestori possono modificare questa richiesta di modifica.",
-    "repo.pulls.maintainers_cannot_edit": "I gestori non possono modificare questa richiesta di modifica.",
-    "migrate.pagure.private_issues.summary": "Segnalazioni Private (opzionale)",
-    "watch.n_watchers": {
-        "one": "%s osservatore",
-        "many": "%s osservatori",
-        "other": "%s osservatori"
-    },
-    "mail.issue.action.close_by_commit": "%[1]s ha chiuso %[2]s nel commit %[3]s.",
-    "migrate.pagure.private_issues.description": "Questa funzionalità è progettata per creare un secondo repositorio contenente solo le segnalazioni private del tuo progetto Pagure a scopo di archiviazione. Innanzitutto, esegui una migrazione normale (senza token) per importare tutti i contenuti pubblici. Quindi, se hai segnalazioni private da conservare, crea un repositorio separato utilizzando questa opzione con token per archiviare tali segnalazioni private.",
-    "migrate.pagure.private_issues.warning": "Assicurasi di impostare la visibilità del repositorio su Privato se utilizzi una chiave API per importare segnalazioni private. Questo impedisce l'esposizione accidentalmente di contenuti privati in un repositorio pubblico.",
-    "migrate.pagure.token.placeholder": "Solo per creare un archivio di segnalazioni private",
-    "actions.workflow.job_parsing_error": "Impossibile analizzare i processi nel flusso di lavoro: %v",
-    "actions.workflow.event_detection_error": "Impossibile analizzare gli eventi previsti nel flusso di lavoro: %v",
-    "actions.workflow.pre_execution_error": "Il flusso di lavoro non è stato completato a causa di un errore che ha bloccato il tentativo di esecuzione.",
-    "teams.add_all_repos.modal.header": "Aggiungi tutti i repositori",
-    "teams.remove_all_repos.modal.header": "Rimuovi tutti i repositori",
-    "moderation.action.account.delete": "Elimina profilo",
-    "moderation.action.comment.delete": "Elimina commento",
-    "moderation.action.account.suspend": "Sospendi profilo"
+	"fork.n_forks": {
+		"one": "%s biforcazioni",
+		"many": "%s biforcazioni",
+		"other": ""
+	},
+	"stars.n_stars": {
+		"one": "%s stella",
+		"many": "%s stelle",
+		"other": ""
+	},
+	"release.n_downloads": {
+		"one": "%s download",
+		"many": "%s downloads",
+		"other": ""
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "ha fuso %[1]d commit da <code>%[2]s</code> in <code>%[3]s</code> %[4]s",
+		"many": "ha unito %[1]d commit da <code>%[2]s</code> a <code>%[3]s</code> %[4]s",
+		"other": ""
+	},
+	"repo.pulls.title_desc": {
+		"one": "vuole fondere %[1]d commit da <code>%[2]s</code> in <code id=\"%[4]s\">%[3]s</code>",
+		"many": "vuole fondere %[1]d commit da <code>%[2]s</code> a <code id=\"%[4]s\">%[3]s</code>",
+		"other": ""
+	},
+	"search.milestone_kind": "Ricerca traguardi…",
+	"themes.names.forgejo-light": "Forgejo chiaro",
+	"themes.names.forgejo-dark": "Forgejo scuro",
+	"home.welcome.no_activity": "Nessun'attività",
+	"home.explore_repos": "Esplora i repositori",
+	"home.explore_users": "Esplora l'utenza",
+	"home.explore_orgs": "Esplora le organizzazioni",
+	"mail.actions.successful_run_after_failure_subject": "Il flusso di lavoro %[1] ha ripreso a funzionare nel repositorio %[2]s",
+	"mail.actions.not_successful_run_subject": "Il flusso di lavoro %[1]s è fallito nel repositorio %[2]s",
+	"relativetime.future": "nel futuro",
+	"relativetime.days": {
+		"one": "ieri",
+		"many": "%d giorni fa",
+		"other": "%d giorni fa"
+	},
+	"relativetime.1day": "ieri",
+	"repo.form.cannot_create": "Tutti gli spazi in cui puoi creare repositori hanno raggiunto il limite di repositori.",
+	"discussion.locked": "Questa discussione è stata bloccata. Solo i contributori possono commentare.",
+	"relativetime.hours": {
+		"one": "un'ora fa",
+		"many": "%d ore fa",
+		"other": "%d ore fa"
+	},
+	"relativetime.2years": "due anni fa",
+	"relativetime.now": "adesso",
+	"relativetime.weeks": {
+		"one": "una settimana fa",
+		"many": "%d settimane fa",
+		"other": "%d settimane fa"
+	},
+	"relativetime.months": {
+		"one": "un mese fa",
+		"many": "%d mesi fa",
+		"other": "%d mesi fa"
+	},
+	"relativetime.years": {
+		"one": "un anno fa",
+		"many": "%d anni fa",
+		"other": "%d anni fa"
+	},
+	"repo.issue_indexer.title": "Indicizzatore delle segnalazioni",
+	"admin.config.moderation_config": "Impostazioni di moderazione",
+	"moderation.report_abuse": "Segnala abuso",
+	"moderation.report_content": "Segnala contenuto",
+	"moderation.report_abuse_form.already_reported": "Hai già segnalato questo contenuto",
+	"moderation.abuse_category": "Categoria",
+	"moderation.abuse_category.placeholder": "Seleziona una categoria",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Malware",
+	"moderation.abuse_category.illegal_content": "Contenuti illegali",
+	"moderation.abuse_category.other_violations": "Altre violazioni delle regole della piattaforma",
+	"moderation.report_remarks": "Note aggiuntive",
+	"moderation.report_remarks.placeholder": "Aggiungi dettagli riguardanti l'abuso che stai segnalando.",
+	"moderation.submit_report": "Invia segnalazione",
+	"error.not_found.title": "Pagina non trovata",
+	"themes.names.forgejo-auto": "Forgejo (segui le impostazioni di sistema)",
+	"stars.list.none": "Nessuno ha messo una stella a questo repo.",
+	"watch.list.none": "Nessuno sta osservando questo repo.",
+	"followers.incoming.list.self.none": "Nessuno sta seguendo il tuo profilo.",
+	"followers.incoming.list.none": "Nessuno sta seguendo questo utente.",
+	"followers.outgoing.list.self.none": "Non segui nessuno.",
+	"followers.outgoing.list.none": "%s non sta seguendo nessuno.",
+	"relativetime.2days": "due giorni fa",
+	"relativetime.2weeks": "due settimane fa",
+	"relativetime.1week": "la settimana scorsa",
+	"relativetime.1month": "il mese scorso",
+	"relativetime.2months": "due mesi fa",
+	"relativetime.1year": "l'anno scorso",
+	"moderation.report_abuse_form.header": "Segnala abuso all'amministratore",
+	"moderation.report_abuse_form.details": "Questo modulo dovrebbe essere utilizzato per segnalare utenti che creano profili, repositori, segnalazioni o commenti spam o che si comportano in modo non adeguato.",
+	"moderation.report_abuse_form.invalid": "Argomenti non validi",
+	"moderation.reporting_failed": "Impossibile inviare segnalazione: %v",
+	"moderation.reported_thank_you": "Grazie per la segnalazione. L'amministratore è stato avvertito.",
+	"alert.asset_load_failed": "Impossibile caricare i file di risorsa da {path}. Controlla che i file di risorsa siano accessibili.",
+	"install.invalid_lfs_path": "Non è possibile creare una root LFS nel percorso specificato: %[1]s",
+	"home.welcome.activity_hint": "Non c'è nulla nel tuo feed. Le tue azioni e le attività dei repositori che segui verranno mostrate qui.",
+	"relativetime.mins": {
+		"one": "un minuto fa",
+		"many": "%d minuti fa",
+		"other": "%d minuti fa"
+	},
+	"editor.textarea.tab_hint": "Linea già indentata. Premi di nuovo <kbd>Tab</kbd> o <kbd>Esc</kbd> per uscire dall'editor.",
+	"repo.diff.commit.previous-short": "Precedente",
+	"meta.last_line": "Ambaraba cicci cocco.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"migrate.github.description": "Migrare i dati da github.com o da server GitHub Enterprise.",
+	"migrate.git.description": "Migra un repositorio solo da qualsiasi servizio Git.",
+	"migrate.gitea.description": "Migrare i dati da gitea.com o altre istanze di Gitea.",
+	"migrate.gitlab.description": "Migrare i dati da gitlab.com o da altre istanze di GitLab.",
+	"migrate.gogs.description": "Migrare i dati da notabug.org o da altre istanze Gogs.",
+	"migrate.onedev.description": "Migrare i dati da code.onedev.io o da altre istanze OneDev.",
+	"migrate.gitbucket.description": "Migra i dati dalle istanze di GitBucket.",
+	"migrate.codebase.description": "Migrare i dati da codebasehq.com.",
+	"migrate.forgejo.description": "Migra dati da codeberg.org o da altre istanze Forgejo.",
+	"repo.settings.push_mirror.branch_filter.label": "Filtro ramo (opzionale)",
+	"alert.range_error": " deve essere un numero tra %[1]s e %[2]s.",
+	"keys.gpg.link": "Chiavi GPG",
+	"mail.actions.successful_run_after_failure": "Flusso di lavoro %[1]s recuperato nel repositorio %[2]s",
+	"profile.actions.tooltip": "Altre azioni",
+	"profile.edit.link": "Modifica profilo",
+	"feed.atom.link": "Feed Atom",
+	"keys.ssh.link": "Chiavi SSH",
+	"admin.moderation.moderation_reports": "Rapporti moderazione",
+	"incorrect_root_url": "Questa istanza di Forgejo è configurata per operare su “%s”. Attualmente stai caricando Forgejo attraverso un URL differente, questo potrebbe causare il malfunzionamento di alcune parti dell'applicazione. L'URL canonico è definito dagli amministratori di Forgejo attraverso l'impostazione ROOT_URL in app.ini.",
+	"warning.repository.out_of_sync": "Lo stato del database di questo repositorio non è sincronizzato. Se questo avviso permane anche dopo aver inviato un commit a questo repositorio contattare l'amministratore.",
+	"migrate.form.error.url_credentials": "L'URL contiene delle credenziali, inseriscile rispettivamente nei campi nome utente e password",
+	"mail.actions.run_info_cur_status": "Stato di questa esecuzione: %[1]s (appena aggiornato da %[2]s)",
+	"compare.branches.title": "Confronta i rami",
+	"mail.actions.run_info_sha": "Commit: %[1]s",
+	"repo.settings.push_mirror.branch_filter.description": "Rami da essere specchiati. Lascia vuoto per specchiare tutti i rami. Consulta la <a href=\"%[1]s\">%[2]s documentazione</a> per la sintassi. Esempi: <code>main, release/*</code>",
+	"admin.moderation.reports": "Segnalazioni",
+	"admin.moderation.no_open_reports": "Attualmente non ci sono segnalazioni aperte.",
+	"admin.moderation.deleted_content_ref": "Il contenuto segnalato con tipo %[1]v e con id %[2]d non esiste più",
+	"mail.actions.run_info_previous_status": "Stato dell'esecuzione precedente: %[1]s",
+	"admin.auths.allow_username_change": "Consenti la modifica del nome utente",
+	"admin.auths.allow_username_change.description": "Consenti agli utenti di cambiare il proprio nome utente nelle impostazione del profilo",
+	"admin.dashboard.cleanup_offline_runners": "Elimina esecutori offline",
+	"admin.dashboard.remove_resolved_reports": "Rimuovi segnalazioni risolte",
+	"settings.twofa_unroll_unavailable": "La verifica in due passaggi è richiesta per il tuo account e non può essere disattivata.",
+	"settings.must_enable_2fa": "Questa istanza Forgejo richiede che gli utenti attivino la verifica in due passaggi prima di poter accedere ai propri account.",
+	"mail.actions.run_info_trigger": "Attivato perché: %[1]s da: %[2]s",
+	"repo.diff.commit.next-short": "Successivo",
+	"discussion.sidebar.reference": "Riferimento",
+	"editor.textarea.shift_tab_hint": "Nessuna indentazione su questa riga. Premi <kbd>Shift</kbd> + <kbd>Tab</kbd> di nuovo o <kbd>Escape</kbd> per uscire dall'editor.",
+	"settings.twofa_reenroll": "Reiscrivi la verifica in due passaggi",
+	"avatar.constraints_hint": "L'avatar personalizzato non può superare %[1]s di dimensione o essere più grande di %[2]dx%[3]d pixels",
+	"user.ghost.tooltip": "Questo utente è stato eliminato, o non può essere trovato.",
+	"og.repo.summary_card.alt_description": "Scheda di riepilogo del repositorio %[1]s, descritta come: %[2]s",
+	"repo.commit.load_tags_failed": "Caricamento dei tag fallito a causa di un errore interno",
+	"actions.runs.run_attempt_label": "Esegui tentativo #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "Stai visualizzando un'esecuzione obsoleta di questo lavoro che è stata eseguita il %[1]s.",
+	"actions.runs.view_most_recent_run": "Visualizza l'esecuzione più recente",
+	"settings.visibility.description": "La visibilità del profilo influisce sulla capacità degli altri di accedere ai tuoi repository non privati. <a href=\"%s\" target=\"_blank\">Scopri di più</a>.",
+	"error.must_enable_2fa": "Questa istanza Forgejo richiede che gli utenti attivino la verifica in due passaggi prima di poter accedere ai propri account. Attivala su: %s",
+	"migrate.pagure.token_label": "Token API Pagure",
+	"admin.config.security": "Configurazione della sicurezza",
+	"admin.config.global_2fa_requirement.title": "Requisito globale di autenticazione a due fattori",
+	"admin.config.global_2fa_requirement.none": "No",
+	"admin.config.global_2fa_requirement.all": "Tutti gli utenti",
+	"admin.config.global_2fa_requirement.admin": "Amministratori",
+	"repo.pulls.already_merged": "Fusione fallita: Questa richiesta di modifica è già stata fusa.",
+	"migrate.pagure.description": "Migra i dati da pagure.io o da altre istanze di Pagure.",
+	"migrate.pagure.incorrect_url": "È stato fornito un URL del repository sorgente errato",
+	"migrate.pagure.project_url": "URL del progetto Pagure",
+	"migrate.pagure.project_example": "L'URL del progetto Pagure, ad esempio https://pagure.io/pagure",
+	"mail.actions.not_successful_run": "Flusso di lavoro %[1]s non riuscito nel repositorio %[2]s",
+	"settings.twofa_reenroll.description": "Reinserisci la verifica in due passaggi",
+	"pulse.n_active_issues": {
+		"one": "%s segnalazione attiva",
+		"many": "%s segnalazioni attive",
+		"other": ""
+	},
+	"pulse.n_active_prs": {
+		"one": "%s richiesta di modifica attiva",
+		"many": "%s richieste di modifiche attive",
+		"other": ""
+	},
+	"repo.pulls.maintainers_can_edit": "I gestori possono modificare questa richiesta di modifica.",
+	"repo.pulls.maintainers_cannot_edit": "I gestori non possono modificare questa richiesta di modifica.",
+	"migrate.pagure.private_issues.summary": "Segnalazioni Private (opzionale)",
+	"watch.n_watchers": {
+		"one": "%s osservatore",
+		"many": "%s osservatori",
+		"other": "%s osservatori"
+	},
+	"mail.issue.action.close_by_commit": "%[1]s ha chiuso %[2]s nel commit %[3]s.",
+	"migrate.pagure.private_issues.description": "Questa funzionalità è progettata per creare un secondo repositorio contenente solo le segnalazioni private del tuo progetto Pagure a scopo di archiviazione. Innanzitutto, esegui una migrazione normale (senza token) per importare tutti i contenuti pubblici. Quindi, se hai segnalazioni private da conservare, crea un repositorio separato utilizzando questa opzione con token per archiviare tali segnalazioni private.",
+	"migrate.pagure.private_issues.warning": "Assicurasi di impostare la visibilità del repositorio su Privato se utilizzi una chiave API per importare segnalazioni private. Questo impedisce l'esposizione accidentalmente di contenuti privati in un repositorio pubblico.",
+	"migrate.pagure.token.placeholder": "Solo per creare un archivio di segnalazioni private",
+	"actions.workflow.job_parsing_error": "Impossibile analizzare i processi nel flusso di lavoro: %v",
+	"actions.workflow.event_detection_error": "Impossibile analizzare gli eventi previsti nel flusso di lavoro: %v",
+	"actions.workflow.pre_execution_error": "Il flusso di lavoro non è stato completato a causa di un errore che ha bloccato il tentativo di esecuzione.",
+	"teams.add_all_repos.modal.header": "Aggiungi tutti i repositori",
+	"teams.remove_all_repos.modal.header": "Rimuovi tutti i repositori",
+	"moderation.action.account.delete": "Elimina profilo",
+	"moderation.action.comment.delete": "Elimina commento",
+	"moderation.action.account.suspend": "Sospendi profilo"
 }
diff --git a/options/locale_next/locale_ja-JP.json b/options/locale_next/locale_ja-JP.json
index b7c106fdfc..c10a6e7d29 100644
--- a/options/locale_next/locale_ja-JP.json
+++ b/options/locale_next/locale_ja-JP.json
@@ -1,35 +1,31 @@
 {
-    "fork.n_forks": {
-        "one": "%s のフォーク",
-        "other": "%s のフォーク"
-    },
-    "stars.n_stars": {
-        "one": "%s のスター",
-        "other": "%s のスター"
-    },
-    "release.n_downloads": {
-        "one": "%s のダウンロード",
-        "other": "%s のダウンロード"
-    },
-    "repo.pulls.merged_title_desc": "が %[1]d 個のコミットを <code>%[2]s</code> から <code>%[3]s</code> へマージ %[4]s",
-    "repo.pulls.title_desc": "が <code>%[2]s</code> から <code id=\"%[4]s\">%[3]s</code> への %[1]d コミットのマージを希望しています",
-    "search.milestone_kind": "マイルストーンを検索...",
-    "moderation.abuse_category.malware": "悪意のコード",
-    "migrate.github.description": "github.com やその他の GitHub エンタープライズサーバーからデータを移行します。",
-    "migrate.git.description": "Git サービスからリポジトリのみを移行します。",
-    "migrate.gitea.description": "gitea.com やその他の Gitea インスタンスからデータを移行します。",
-    "migrate.gitlab.description": "gitlab.com やその他の GitLab インスタンスからデータを移行します。",
-    "migrate.gogs.description": "notabug.org  やその他の Gogs インスタンスからデータを移行します。",
-    "migrate.onedev.description": "code.onedev.io やその他の OneDev インスタンスからデータを移行します。",
-    "migrate.gitbucket.description": "GitBucket インスタンスからデータを移行します。",
-    "migrate.codebase.description": "codebasehq.com からデータを移行します。",
-    "migrate.forgejo.description": "codeberg.orgまたは他のインスタンスからデータを移行する。",
-    "pulse.n_active_issues": {
-        "one": "%s件のアクティブなイシュー",
-        "other": "%s件のアクティブなイシュー"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s件のアクティブなプルリクエスト",
-        "other": "%s件のアクティブなプルリクエスト"
-    }
+	"fork.n_forks": {
+		"other": "%s のフォーク"
+	},
+	"stars.n_stars": {
+		"other": "%s のスター"
+	},
+	"release.n_downloads": {
+		"other": "%s のダウンロード"
+	},
+	"repo.pulls.merged_title_desc": "が %[1]d 個のコミットを <code>%[2]s</code> から <code>%[3]s</code> へマージ %[4]s",
+	"repo.pulls.title_desc": "が <code>%[2]s</code> から <code id=\"%[4]s\">%[3]s</code> への %[1]d コミットのマージを希望しています",
+	"search.milestone_kind": "マイルストーンを検索...",
+	"moderation.abuse_category.malware": "悪意のコード",
+	"migrate.github.description": "github.com やその他の GitHub エンタープライズサーバーからデータを移行します。",
+	"migrate.git.description": "Git サービスからリポジトリのみを移行します。",
+	"migrate.gitea.description": "gitea.com やその他の Gitea インスタンスからデータを移行します。",
+	"migrate.gitlab.description": "gitlab.com やその他の GitLab インスタンスからデータを移行します。",
+	"migrate.gogs.description": "notabug.org  やその他の Gogs インスタンスからデータを移行します。",
+	"migrate.onedev.description": "code.onedev.io やその他の OneDev インスタンスからデータを移行します。",
+	"migrate.gitbucket.description": "GitBucket インスタンスからデータを移行します。",
+	"migrate.codebase.description": "codebasehq.com からデータを移行します。",
+	"migrate.forgejo.description": "codeberg.orgまたは他のインスタンスからデータを移行する。",
+	"pulse.n_active_issues": {
+		"other": "%s件のアクティブなイシュー"
+	},
+	"pulse.n_active_prs": {
+		"other": "%s件のアクティブなプルリクエスト"
+	},
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_jbo.json b/options/locale_next/locale_jbo.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_jbo.json
+++ b/options/locale_next/locale_jbo.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_ka.json b/options/locale_next/locale_ka.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_ka.json
+++ b/options/locale_next/locale_ka.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index 672c915c6b..eb2f4de78b 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -1,53 +1,54 @@
 {
-    "relativetime.1day": "iḍelli",
-    "home.welcome.no_activity": "Ulac armud",
-    "relativetime.now": "tura",
-    "admin.moderation.reports": "Ineqqisen",
-    "moderation.abuse_category": "Taggayt",
-    "moderation.abuse_category.spam": "Aspam",
-    "repo.diff.commit.next-short": "Uḍfir",
-    "repo.diff.commit.previous-short": "Uzwir",
-    "admin.config.global_2fa_requirement.none": "Uhu",
-    "admin.config.global_2fa_requirement.admin": "Inedbalen",
-    "migrate.pagure.token_label": "Ajiṭun API n Pagure",
-    "home.explore_repos": "Snirem ikufan",
-    "home.explore_users": "Snirem iseqdacen",
-    "relativetime.1week": "dduṛt yezrin",
-    "relativetime.1month": "ayyur yezrin",
-    "relativetime.1year": "ilindi",
-    "themes.names.forgejo-light": "Forgejo aceɛlal",
-    "themes.names.forgejo-dark": "Forgejo ubrik",
-    "profile.actions.tooltip": "Ugar n tigawin",
-    "profile.edit.link": "Ẓreg amaɣnu",
-    "keys.ssh.link": "Tasarut SSH",
-    "keys.gpg.link": "Tisura GPG",
-    "admin.config.security": "Tawila n tɣellist",
-    "admin.config.global_2fa_requirement.all": "Akk iseqdacen",
-    "relativetime.2days": "sin n wussan aya",
-    "relativetime.2months": "sin n wayyuren aya",
-    "relativetime.2years": "sin n iseggasen aya",
-    "error.not_found.title": "Asebtar ulac-it",
-    "moderation.abuse_category.placeholder": "Fren taggayt",
-    "migrate.pagure.project_url": "Tansa URL n usenfar Pagure",
-    "themes.names.forgejo-auto": "Forgejo (akken i yella usentel n unagraw)",
-    "stars.n_stars": {
-        "one": "%s n yitri",
-        "other": "%s n yitran"
-    },
-    "relativetime.days": {
-        "one": "%d n wass aya",
-        "other": "%d n wussan aya"
-    },
-    "relativetime.weeks": {
-        "one": "%d u imalas aya",
-        "other": "%d n imalasen aya"
-    },
-    "relativetime.months": {
-        "one": "%d n wayyur aya",
-        "other": "%d n wayyuren aya"
-    },
-    "relativetime.years": {
-        "one": "%d n useggas aya",
-        "other": "%d n iseggasen aya"
-    }
+	"relativetime.1day": "iḍelli",
+	"home.welcome.no_activity": "Ulac armud",
+	"relativetime.now": "tura",
+	"admin.moderation.reports": "Ineqqisen",
+	"moderation.abuse_category": "Taggayt",
+	"moderation.abuse_category.spam": "Aspam",
+	"repo.diff.commit.next-short": "Uḍfir",
+	"repo.diff.commit.previous-short": "Uzwir",
+	"admin.config.global_2fa_requirement.none": "Uhu",
+	"admin.config.global_2fa_requirement.admin": "Inedbalen",
+	"migrate.pagure.token_label": "Ajiṭun API n Pagure",
+	"home.explore_repos": "Snirem ikufan",
+	"home.explore_users": "Snirem iseqdacen",
+	"relativetime.1week": "dduṛt yezrin",
+	"relativetime.1month": "ayyur yezrin",
+	"relativetime.1year": "ilindi",
+	"themes.names.forgejo-light": "Forgejo aceɛlal",
+	"themes.names.forgejo-dark": "Forgejo ubrik",
+	"profile.actions.tooltip": "Ugar n tigawin",
+	"profile.edit.link": "Ẓreg amaɣnu",
+	"keys.ssh.link": "Tasarut SSH",
+	"keys.gpg.link": "Tisura GPG",
+	"admin.config.security": "Tawila n tɣellist",
+	"admin.config.global_2fa_requirement.all": "Akk iseqdacen",
+	"relativetime.2days": "sin n wussan aya",
+	"relativetime.2months": "sin n wayyuren aya",
+	"relativetime.2years": "sin n iseggasen aya",
+	"error.not_found.title": "Asebtar ulac-it",
+	"moderation.abuse_category.placeholder": "Fren taggayt",
+	"migrate.pagure.project_url": "Tansa URL n usenfar Pagure",
+	"themes.names.forgejo-auto": "Forgejo (akken i yella usentel n unagraw)",
+	"stars.n_stars": {
+		"one": "%s n yitri",
+		"other": "%s n yitran"
+	},
+	"relativetime.days": {
+		"one": "%d n wass aya",
+		"other": "%d n wussan aya"
+	},
+	"relativetime.weeks": {
+		"one": "%d u imalas aya",
+		"other": "%d n imalasen aya"
+	},
+	"relativetime.months": {
+		"one": "%d n wayyur aya",
+		"other": "%d n wayyuren aya"
+	},
+	"relativetime.years": {
+		"one": "%d n useggas aya",
+		"other": "%d n iseggasen aya"
+	},
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_kmr.json b/options/locale_next/locale_kmr.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_kmr.json
+++ b/options/locale_next/locale_kmr.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_ko-KR.json b/options/locale_next/locale_ko-KR.json
index d187cf10d3..7578d0b228 100644
--- a/options/locale_next/locale_ko-KR.json
+++ b/options/locale_next/locale_ko-KR.json
@@ -1,14 +1,13 @@
 {
-    "stars.n_stars": {
-        "one": "%s 좋아요",
-        "other": "%s 좋아요"
-    },
-    "repo.pulls.merged_title_desc": "님이 <code>%[2]s</code> 에서 <code>%[3]s</code> 로 %[1]d 커밋을 %[4]s 병합함",
-    "repo.pulls.title_desc": "<code>%[2]s</code> 에서 <code id=\"%[4]s\">%[3]s</code> 로 %[1]d개의 커밋들을 병합하려함",
-    "home.welcome.no_activity": "활동 없음",
-    "moderation.abuse_category.malware": "악성 소프트웨어",
-    "pulse.n_active_issues": {
-        "one": "%s 개의 활성화된 이슈",
-        "other": "%s 개의 활성화된 이슈"
-    }
+	"stars.n_stars": {
+		"other": "%s 좋아요"
+	},
+	"repo.pulls.merged_title_desc": "님이 <code>%[2]s</code> 에서 <code>%[3]s</code> 로 %[1]d 커밋을 %[4]s 병합함",
+	"repo.pulls.title_desc": "<code>%[2]s</code> 에서 <code id=\"%[4]s\">%[3]s</code> 로 %[1]d개의 커밋들을 병합하려함",
+	"home.welcome.no_activity": "활동 없음",
+	"moderation.abuse_category.malware": "악성 소프트웨어",
+	"pulse.n_active_issues": {
+		"other": "%s 개의 활성화된 이슈"
+	},
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_la.json b/options/locale_next/locale_la.json
index 18cd17762b..0fdd9a866f 100644
--- a/options/locale_next/locale_la.json
+++ b/options/locale_next/locale_la.json
@@ -1,10 +1,11 @@
 {
-    "home.explore_orgs": "Explora organisationes",
-    "home.welcome.no_activity": "Nulla activitas",
-    "relativetime.now": "nunc",
-    "relativetime.future": "in futuro",
-    "relativetime.mins": {
-        "one": "ante %d minuta",
-        "other": "%d minuta abhinc"
-    }
+	"home.explore_orgs": "Explora organisationes",
+	"home.welcome.no_activity": "Nulla activitas",
+	"relativetime.now": "nunc",
+	"relativetime.future": "in futuro",
+	"relativetime.mins": {
+		"one": "ante %d minuta",
+		"other": "%d minuta abhinc"
+	},
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_lt.json b/options/locale_next/locale_lt.json
index 9f97587b09..3ffca4b0a4 100644
--- a/options/locale_next/locale_lt.json
+++ b/options/locale_next/locale_lt.json
@@ -1,3 +1,4 @@
 {
-    "search.milestone_kind": "Ieškoti gairių..."
+	"search.milestone_kind": "Ieškoti gairių...",
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 08e4d025fe..c576e10bd8 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -1,258 +1,258 @@
 {
-    "fork.n_forks": {
-        "zero": "%s atzarojumu",
-        "one": "%s atzarojums",
-        "other": "%s atzarojumi"
-    },
-    "stars.n_stars": {
-        "zero": "%s zvaigžņu",
-        "one": "%s zvaignzne",
-        "other": "%s zvaigznes"
-    },
-    "release.n_downloads": {
-        "zero": "%s lejupielāžu",
-        "one": "%s lejupielāde",
-        "other": "%s lejupielādes"
-    },
-    "repo.pulls.merged_title_desc": {
-        "zero": "iekļāva %[1]d iesūtījumu no <code>%[2]s</code> <code>%[3]s</code> %[4]s",
-        "one": "Iekļāva %[1]d iesūtījumu no <code>%[2]s</code> zarā <code>%[3]s</code> %[4]s",
-        "other": "Iekļāva %[1]d iesūtījumus no <code>%[2]s</code> zarā <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "zero": "vēlas iekļaut %[1]d iesūtījumu no <code>%[2]s</code> <code id=\"%[4]s\">%[3]s</code>",
-        "one": "vēlas iekļaut %[1]d iesūtījumu no <code>%[2]s</code> zarā <code id=\"%[4]s\">%[3]s</code>",
-        "other": "vēlas iekļaut %[1]d iesūtījumus no <code>%[2]s</code> zarā <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Meklēt atskaites punktus…",
-    "home.welcome.no_activity": "Nav darbību",
-    "home.welcome.activity_hint": "Barotnē pagaidām nekā nav. Šeit parādīsies darbības un vēroto glabātavu notikumi.",
-    "home.explore_repos": "Izpētīt glabātavas",
-    "home.explore_users": "Izpētīt lietotājus",
-    "home.explore_orgs": "Izpētīt apvienības",
-    "incorrect_root_url": "Šis Forgejo serveris ir konfigurēts darboties \"%s\". Pašlaik Forgejo tiek apmeklēta ar atšķirīgu URL, kas var radīt atsevišķu lietotnes daļu salūšanu. Kanonisko URL pārrauga Forgejo pārvaldītāji ar app.ini iestatījumu ROOT_URL.",
-    "themes.names.forgejo-auto": "Forgejo (ievērot sistēmas izskatu)",
-    "themes.names.forgejo-light": "Forgejo gaišais",
-    "themes.names.forgejo-dark": "Forgejo tumšais",
-    "error.not_found.title": "Lapa nav atrasta",
-    "alert.asset_load_failed": "Neizdevās ielādēt līdzekļu datnes no {path}. Lūgums pārliecināties, ka līdzekļu datnēm var piekļūt.",
-    "install.invalid_lfs_path": "Nav iespējams izveidot LFS pamatmapi norādītajā ceļā: %[1]s",
-    "alert.range_error": " jābūt skaitlin starp %[1]s un %[2]s.",
-    "meta.last_line": "Šis žagaru saišķis nav mans žagaru saišķis.",
-    "mail.actions.successful_run_after_failure_subject": "Darbplūsma %[1]s atkopta glabātavā %[2]s",
-    "mail.actions.not_successful_run_subject": "Darbplūsmas %[1]s atteice glabātavā %[2]s",
-    "mail.actions.successful_run_after_failure": "Darbplūsma %[1]s atkopta glabātavā %[2]s",
-    "mail.actions.not_successful_run": "Darbplūsmas %[1] atteice glabātavā %[2]s",
-    "mail.actions.run_info_cur_status": "Šī izpildījuma stāvoklis: %[1]s (tikko atjaunināts no %[2]s)",
-    "mail.actions.run_info_previous_status": "Iepriekšējā izpildījuma stāvoklis: %[1]s",
-    "mail.actions.run_info_trigger": "Izraisīšanas iemesls: %[2]s no: %[2]s",
-    "discussion.locked": "Šī apspriede tika slēgta. Piebilžu pievienošana ir ļauta tikai līdzdalībniekiem.",
-    "relativetime.future": "nākotnē",
-    "relativetime.hours": {
-        "zero": "pirms %d stundām",
-        "one": "pirms %d stundas",
-        "other": "pirms %d stundām"
-    },
-    "relativetime.days": {
-        "zero": "pirms %d dienām",
-        "one": "pirms %d dienas",
-        "other": "pirms %d dienām"
-    },
-    "relativetime.months": {
-        "zero": "pirms %d mēnešiem",
-        "one": "pirms %d mēneša",
-        "other": "pirms %d mēnešiem"
-    },
-    "relativetime.1day": "vakar",
-    "relativetime.2days": "pirms divām dienām",
-    "relativetime.1week": "iepriekšējā nedēļā",
-    "relativetime.2weeks": "pirms divām nedēļām",
-    "relativetime.2months": "pirms diviem mēnešiem",
-    "relativetime.1year": "iepriekšējā gadā",
-    "relativetime.2years": "pirms diviem gadiem",
-    "relativetime.years": {
-        "zero": "pirms %d gadiem",
-        "one": "pirms %d gada",
-        "other": "pirms %d gadiem"
-    },
-    "relativetime.mins": {
-        "zero": "pirms %d minūtēm",
-        "one": "pirms %d minūtes",
-        "other": "pirms %d minūtēm"
-    },
-    "relativetime.now": "tagad",
-    "relativetime.weeks": {
-        "zero": "pirms %d nedēļām",
-        "one": "pirms %d nedēļas",
-        "other": "pirms %d nedēļām"
-    },
-    "relativetime.1month": "iepriekšējā mēnesī",
-    "moderation.abuse_category.other_violations": "Citi noteikumu pārkāpumi",
-    "moderation.reported_thank_you": "Paldies par ziņojumu! Pārvaldītājiem ir darīts zināms par to.",
-    "admin.config.moderation_config": "Satura pārraudzības konfigurācija",
-    "moderation.report_abuse": "Ziņot par pārkāpumu",
-    "moderation.report_content": "Ziņot par saturu",
-    "moderation.report_abuse_form.header": "Ziņot pārvaldītājam par pārkāpumu",
-    "moderation.report_abuse_form.details": "Šī veidlapa ir izmantojama, lai ziņotu par lietotājiem, kuri izveido mēstuļošanas profilus, glabātavas, pieteikumus un piebildes vai uzvedas nepienācīgi.",
-    "moderation.report_abuse_form.invalid": "Nederīgi argumenti",
-    "moderation.report_abuse_form.already_reported": "Tu jau ziņoji par šo saturu",
-    "moderation.abuse_category": "Kategorija",
-    "moderation.abuse_category.placeholder": "Atlasīt kategoriju",
-    "moderation.abuse_category.spam": "Mēstuļošana",
-    "moderation.abuse_category.malware": "Ļaunatūra",
-    "moderation.abuse_category.illegal_content": "Nelikumīgs saturs",
-    "moderation.report_remarks": "Piezīmes",
-    "moderation.report_remarks.placeholder": "Lūgums sniegt informāciju par pārkāpumu, par ko ziņo.",
-    "moderation.submit_report": "Iesniegt ziņojumu",
-    "moderation.reporting_failed": "Nevar iesniegt jauno ziņojumu par pārkāpumu: %v",
-    "repo.form.cannot_create": "Visas vietas, kurās vari izveidot glabātavas, ir sasniegušas glabātavu skaita ierobežojumu.",
-    "repo.issue_indexer.title": "Pieteikumu indeksētājs",
-    "watch.list.none": "Neviens nevēro šo glabātavu.",
-    "followers.incoming.list.none": "Neviens neseko šim lietotājam.",
-    "followers.outgoing.list.self.none": "Tu nevienam neseko.",
-    "followers.outgoing.list.none": "%s nevienam neseko.",
-    "stars.list.none": "Neviens šo glabātavu nav atzīmējis ar zvaigzni.",
-    "followers.incoming.list.self.none": "Neviens neseko Tavam profilam.",
-    "editor.textarea.tab_hint": "Rinda jau ir ar atkāpi. Spied <kbd>Tab</kbd> vēlreiz vai <kbd>Escape</kbd>, lai izietu no redaktora!",
-    "editor.textarea.shift_tab_hint": "Šajā rindā nav atkāpes. Spied <kbd>Shift</kbd> + <kbd>Tab</kbd> vēlreiz vai <kbd>Escape</kbd>, lai izietu no redaktora!",
-    "admin.dashboard.cleanup_offline_runners": "Notīrīt bezsaistes izpildītājus",
-    "settings.visibility.description": "Profila redzamība ietekmē iespēju citiem piekļūt Tavām glabātavām, kas nav privātas. <a href=\"%s\" target=\"_blank\">Uzzināt vairāk</a>.",
-    "avatar.constraints_hint": "Pielāgots profila attēls nevar pārsniegt %[1]s vai būt lielāks par %[2]dx%[3]d pikseļiem",
-    "repo.diff.commit.next-short": "Nāk.",
-    "repo.diff.commit.previous-short": "Iepr.",
-    "profile.actions.tooltip": "Vairāk darbību",
-    "profile.edit.link": "Labot profilu",
-    "feed.atom.link": "Atom barotne",
-    "keys.ssh.link": "SSH atslēgas",
-    "keys.gpg.link": "GPG atslēgas",
-    "og.repo.summary_card.alt_description": "Glabātavas %[1]s kopsavilkuma kartīte, aprakstīta kā: %[2]s",
-    "mail.actions.run_info_sha": "Iesūtījums: %[1]s",
-    "repo.settings.push_mirror.branch_filter.description": "Zarus, kurus spoguļot. Atstāt tukšu, lai spoguļotu visus zarus. Pierakstu skatīt <a href=\"%[1]s\">%[2]s dokumentācijā</a>. Piemēri: <code>main, release/*</code>",
-    "repo.settings.push_mirror.branch_filter.label": "Zaru atlasītājs (izvēles)",
-    "discussion.sidebar.reference": "Atsauce",
-    "admin.moderation.no_open_reports": "Pašlaik nav atvērtu pārskatu.",
-    "admin.moderation.moderation_reports": "Satura pārraudzības pārskati",
-    "admin.moderation.reports": "Pārskati",
-    "admin.moderation.deleted_content_ref": "Saturs, par kuru ziņots, ar veidu %[1]v un Id %[2]d vairs nepastāv",
-    "admin.dashboard.remove_resolved_reports": "Noņemt atrisinātos ziņojumus",
-    "compare.branches.title": "Salīdzināt zarus",
-    "admin.auths.allow_username_change": "Atļaut lietotājvārda mainīšanu",
-    "repo.commit.load_tags_failed": "Birku ielādēšana neizdevās iekšējas kļūdas dēļ",
-    "admin.auths.allow_username_change.description": "Ļaut lietotājiem profila iestatījumos mainīt savu lietotājvārdu",
-    "warning.repository.out_of_sync": "Šīs glabātavas atspoguļojums datubāzē nav sinhronizēts. Ja šis brīdinājums tiek rādīts pēc iesūtījuma aizgādāšanas šajā glabātavā, jāsazinās ar pārvaldītāju.",
-    "migrate.pagure.description": "Pārcelt datus no pagure.io vai citiem Pagure serveriem.",
-    "migrate.pagure.incorrect_url": "Ir norādīts nepareizs avota glabātavas URL",
-    "migrate.pagure.project_url": "Pagure projekta URL",
-    "migrate.pagure.project_example": "Pagure projekta URL, piem., https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Pagure API ilnvara",
-    "migrate.github.description": "Pārcelt datus no github.com vai GitHub Enterprise servera.",
-    "migrate.git.description": "Pārcelt tikai glabātavu no jebkura Git pakalpojuma.",
-    "migrate.gitea.description": "Pārcelt datus no gitea.com vai citiem Gitea serveriem.",
-    "migrate.gitlab.description": "Pārcelt datus no gitlab.com vai citiem GitLab serveriem.",
-    "migrate.gogs.description": "Pārcelt datus no notabug.org vai citiem Gogs serveriem.",
-    "migrate.onedev.description": "Pārcelt datus no code.onedev.io vai citiem OneDev serveriem.",
-    "migrate.gitbucket.description": "Pārcelt datus no GitBucket serveriem.",
-    "migrate.codebase.description": "Pārcelt datus no codebasehq.com.",
-    "migrate.forgejo.description": "Pārcelt datus no codeberg.org vai citiem Fogejo serveriem.",
-    "repo.pulls.already_merged": "Apvienošana neizdevās: šis izmaiņu pieprasījums jau ir iekļauts.",
-    "admin.config.security": "Drošības konfigurācija",
-    "settings.twofa_reenroll.description": "Atkārtoti ieslēgt savu divpakāpju autentificēšanos",
-    "error.must_enable_2fa": "Šis Forgejo serveris pieprasa lietotājiem iespējot divpakāpju autentificēšanos, pirms viņi var piekļūt savam kontam. Iespējo to: %s",
-    "admin.config.global_2fa_requirement.title": "Visaptveroša divpakāpju prasība",
-    "admin.config.global_2fa_requirement.none": "Nē",
-    "admin.config.global_2fa_requirement.all": "Visi lietotāji",
-    "admin.config.global_2fa_requirement.admin": "Pārvaldītāji",
-    "settings.twofa_unroll_unavailable": "Tavam kontam ir nepieciešama divpakāpju autentificēšanās, un to nevar atspējot.",
-    "settings.twofa_reenroll": "Atkārtoti ieslēgt divpakāpju autentificēšanos",
-    "settings.must_enable_2fa": "Šis Forgejo serveris pieprasa lietotājiem iespējot divpakāpju autentificēšanos, pirms viņi var piekļūt savam kontam.",
-    "user.ghost.tooltip": "Šis lietotājs ir izdzēsts vai to nevar salāgot.",
-    "migrate.form.error.url_credentials": "URL satur pieteikšanās datus, tie ir attiecīgi jāievieto lietotājvārda un paroles laukā",
-    "actions.runs.view_most_recent_run": "Apskatīt visnesenāko palaišanu",
-    "actions.runs.run_attempt_label": "Palaišanas mēģinājums #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "Tu skati novecojušu šī darba palaišanu, kas tika izpildīta %[1]s.",
-    "repo.pulls.maintainers_can_edit": "Uzturētāji var labot šo izmaiņu pieprasījumu.",
-    "repo.pulls.maintainers_cannot_edit": "Uzturētāji nevar labot šo izmaiņu pieprasījumu.",
-    "pulse.n_active_issues": {
-        "zero": "%s atvērtu pieteikumu",
-        "one": "%s atvērts pieteikums",
-        "other": "%s atvērti pieteikumi"
-    },
-    "pulse.n_active_prs": {
-        "zero": "%s atvērtu izmaiņu pieprasījumu",
-        "one": "%s atvērts izmaiņu pieprasījums",
-        "other": "%s atvērti izmaiņu pieprasījumi"
-    },
-    "mail.issue.action.close_by_commit": "%[1] aizvēra %[2]s iesūtījumā %[3]s.",
-    "migrate.pagure.private_issues.summary": "Privātie pieteikumi (izvēles)",
-    "migrate.pagure.private_issues.description": "Šī iespēja ir izstrādāta, lai izveidotu otrēju glabātavu, kurā arhivēšanas nolūkā atrodas tikai privātie pieteikumi no Pagure projekta. Vispirms jāveic parasta pārcelšana (bez pilnvaras), lai ievietotu visu publisko saturu. Tad, ja ir saglabājami privāti pieteikumi, jāizveido atsevišķa glabātava, izmantojot šo pilnvaras iespēju, lai arhivētu privātos pieteikumus.",
-    "migrate.pagure.private_issues.warning": "Jāpārliecinās, ka glabātavas redzamība augstāk ir iestatīta kā privāta, ja izmanto API atslēgu, lai ievietotu privātos pieteikumus. Tas novērš nejaušu privāta satura atklāšanu publiskā glabātavā.",
-    "migrate.pagure.token.placeholder": "Tikai privātu pieteikumu arhīva izveidošanai",
-    "actions.workflow.job_parsing_error": "Nebija iespējams apstrādāt darbus darbplūsmā: %v",
-    "actions.workflow.event_detection_error": "Nebija iespējams apstrādāt atbalstītos notikumus darbplūsmā: %v",
-    "actions.workflow.pre_execution_error": "Darbplūsma netika izpildīta kļūdas, kura aizturēja izpildes mēģinājumu, dēļ.",
-    "watch.n_watchers": {
-        "zero": "%s vērotāju",
-        "one": "%s vērotājs",
-        "other": "%s vērotāji"
-    },
-    "teams.add_all_repos.modal.header": "Pievienot visas glabātavas",
-    "teams.remove_all_repos.modal.header": "Noņemt visas glabātavas",
-    "repo.pulls.poster_manage_approval": "Pārvaldīt apstiprinājumu",
-    "repo.pulls.poster_requires_approval": "Dažām darbplūsmām ir <a href=\"%[1]s\">nepieciešama izskatīšana</a>.",
-    "repo.pulls.poster_requires_approval.tooltip": "Šī izmaiņu pieprasījumu iesniedzējs nav uzticēta darbplūsmu, kuras izraisītas ar no atzarotas glabātavas izveidotu izmaiņu pieprasījumu vai ar AGit, izpildīšana. Darbplūsmas, kas ir izraisītas ar `pull_request` notikumu netiks izpildītas, kamēr tās nebūs apstiprinātas.",
-    "repo.pulls.poster_is_trusted": "Šī izmaiņu pieprasījumam <a href=\"%[1]s\">vienmēr ir uzticēts izpildīt darbplūsmas</a>.",
-    "repo.pulls.poster_is_trusted.tooltip": "Šī izmaiņu pieprasījuma izveidotājam ir noteikti uzticēts izpildīt darbplūsmas, kas izraisītas ar notikumu `pull_request`.",
-    "repo.pulls.poster_trust_deny": "Noraidīt",
-    "repo.pulls.poster_trust_deny.tooltip": "Darbplūsmas, kurām nepieciešama apstiprināšana, tiks atceltas.",
-    "repo.pulls.poster_trust_once": "Apstiprināt vienreiz",
-    "repo.pulls.poster_trust_once.tooltip": "Darbplūsmas, kas izraisītas ar notikumu `pull_request` tiks izpildītas šim iesūtījumam, bet būs nepieciešams apstiprinājums visiem pēc tam šajā izmaiņu pieprasījumā aizgādātajiem iesūtījumiem.",
-    "repo.pulls.poster_trust_always": "Vienmēr apstiprināt",
-    "repo.pulls.poster_trust_always.tooltip": "Notikuma `pull_request` izraisītas darbplūsmas tiks izpildītas šim iesūtījumam, un nebūs nepieciešamības apstiprināt izpildīšanu šajā izmaiņu pieprasījumā vai tā paša lietotāja pēc tam izveidotajiem izmaiņu pieprasījumiem.",
-    "repo.pulls.poster_trust_revoke": "Atsaukt",
-    "repo.pulls.poster_trust_revoke.tooltip": "Šī izmaiņu pieprasījuma izveidotājam vairs netiks uzticēts izpildīt notikuma `pull_request` notikuma izraisītas darbplūsmas, katra izpilde būs pašrocīgi jāapstiprina.",
-    "admin.dashboard.actions_action_user": "Atsaukt Forgejo darbību uzticamību neaktīviem lietotājiem",
-    "actions.status.diagnostics.waiting": {
-        "zero": "Gaida uz izpildītāju ar šādām iezīmēm: %s",
-        "one": "Gaida uz izpildītāju ar šādām iezīmēm: %s",
-        "other": "Gaida uz izpildītāju ar šādām iezīmēm: %s"
-    },
-    "keys.verify.token.hint": "Pilnvara ir derīga tikai 1 minūti. <a href=\"%[1]s\">Iegūt jaunu</a>, ja pašreizējā ir beigusies.",
-    "admin.dashboard.transfer_lingering_logs": "Pārcelt pabeigto darbību uzdevumu darbību žurnālus no datubāzes uz krātuvi",
-    "repo.issues.filter_poster.hint": "Atlasīt pēc izveidotāja",
-    "repo.issues.filter_assignee.hint": "Atlasīt pēc lietotāja, kuram piešķirti",
-    "repo.issues.filter_reviewers.hint": "Atlasīt pēc lietotāja, kurš izskatīja",
-    "repo.issues.filter_mention.hint": "Atlasīt pēc lietotāja, kurš ir pieminēts",
-    "repo.issues.filter_modified.hint": "Atlasīt pēc pēdējā izmainīšanas datuma",
-    "repo.issues.filter_sort.hint": "Kārtot pēc: izveidots/piebildes/atjaunināts/beigu datums",
-    "search.syntax": "Meklēšanas pieraksts",
-    "actions.workflow.persistent_incomplete_matrix": "Nav iespējams izvērtēt darba %[1]s `strategy.matrix` nederīgas `needs` izteiksmes dēļ. Tas, iespējams, atsaucas uz darbu, kas nav tā 'needs' sarakstā (%[2]s), vai izvadi, kas nepastāv kādā no darbiem.",
-    "admin.auths.oauth2_quota_group_claim_name": "Prasības nosaukums, kas sniedz kopu nosaukumus šim avotam, kas tiks izmantots apjomu pārvaldībai. (Pēc izvēles)",
-    "admin.auths.oauth2_quota_group_map": "Kartēt pieteiktās kopas ar apjomu kopām. (Pēc izvēles - augstāk nepieciešams norādīt prasības nosaukumu)",
-    "admin.auths.oauth2_quota_group_map_removal": "Noņemt lietotājus no sinhronizētām apjomu kopām, ja tie nepieder atbilstošajai kopai.",
-    "moderation.report.mark_as_handled": "Atzīmēt kā apstrādātu",
-    "moderation.report.mark_as_ignored": "Atzīmēt kā neņemtu vērā",
-    "moderation.action.account.delete": "Izdzēst kontu",
-    "moderation.action.account.suspend": "Apturēt konta darbību",
-    "moderation.action.repo.delete": "Izdzēst glabātavu",
-    "moderation.action.issue.delete": "Izdzēst pieteikumu",
-    "moderation.action.comment.delete": "Izdzēst piebildi",
-    "moderation.unknown_action": "Nezināma darbība",
-    "moderation.users.cannot_suspend_self": "Nevar apturēt sava konta darbību.",
-    "moderation.users.cannot_suspend_admins": "Lietotāju kontu ar pārvaldīšanas tiesībām darbību nevar apturēt.",
-    "moderation.users.cannot_suspend_org": "Apvienību kontu darbību nevar apturēt.",
-    "moderation.users.already_suspended": "Lietotāja konta darbība jau ir apturēta.",
-    "moderation.users.suspend_success": "Lietotāja konta darbība tika apturēta.",
-    "moderation.users.cannot_delete_admins": "Lietotājus ar pārvaldīšanas tiesībām nevar izdzēst.",
-    "moderation.issue.deletion_success": "Pieteikums tika izdzēsts.",
-    "moderation.comment.deletion_success": "Piebilde tika izdzēsta.",
-    "actions.workflow.incomplete_matrix_missing_job": "Nevar novērtēt darba %[1]s `strategy.matrix`: darbs %[2]s nav %[1]s `needs` sarakstā (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Nevar novērtēt darba %[1]s `strategy.matrix`: darbam %[2]s nav izvades %[2]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "Nevar novērtēt darba %[1]s `strategy.matrix`: nezināma kļūda.",
-    "actions.workflow.incomplete_runson_missing_job": "Nevar novērtēt darba %[1]s `runs-on`: darbs %[2]s nav %[1]s `needs` sarakstā (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Nevar novērtēt darba %[1]s `runs-on`: darbam %[2]s nav izvades %[3]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Nevar novērtēt darba %[1]s `runs-on`: matricas dimensija %[2]s nepastāv.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Nevar novērtēt darba %[1]s `runs-on`: nezināma kļūda.",
-    "issues.updated": "atjaunināts %s",
-    "search.fuzzy": "Aptuveni",
-    "search.fuzzy_tooltip": "Iekļaut iznākumus, kas aptuveni atbilst meklētajam"
+	"fork.n_forks": {
+		"zero": "%s atzarojumu",
+		"one": "%s atzarojums",
+		"other": "%s atzarojumi"
+	},
+	"stars.n_stars": {
+		"zero": "%s zvaigžņu",
+		"one": "%s zvaignzne",
+		"other": "%s zvaigznes"
+	},
+	"release.n_downloads": {
+		"zero": "%s lejupielāžu",
+		"one": "%s lejupielāde",
+		"other": "%s lejupielādes"
+	},
+	"repo.pulls.merged_title_desc": {
+		"zero": "iekļāva %[1]d iesūtījumu no <code>%[2]s</code> <code>%[3]s</code> %[4]s",
+		"one": "Iekļāva %[1]d iesūtījumu no <code>%[2]s</code> zarā <code>%[3]s</code> %[4]s",
+		"other": "Iekļāva %[1]d iesūtījumus no <code>%[2]s</code> zarā <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"zero": "vēlas iekļaut %[1]d iesūtījumu no <code>%[2]s</code> <code id=\"%[4]s\">%[3]s</code>",
+		"one": "vēlas iekļaut %[1]d iesūtījumu no <code>%[2]s</code> zarā <code id=\"%[4]s\">%[3]s</code>",
+		"other": "vēlas iekļaut %[1]d iesūtījumus no <code>%[2]s</code> zarā <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Meklēt atskaites punktus…",
+	"home.welcome.no_activity": "Nav darbību",
+	"home.welcome.activity_hint": "Barotnē pagaidām nekā nav. Šeit parādīsies darbības un vēroto glabātavu notikumi.",
+	"home.explore_repos": "Izpētīt glabātavas",
+	"home.explore_users": "Izpētīt lietotājus",
+	"home.explore_orgs": "Izpētīt apvienības",
+	"incorrect_root_url": "Šis Forgejo serveris ir konfigurēts darboties \"%s\". Pašlaik Forgejo tiek apmeklēta ar atšķirīgu URL, kas var radīt atsevišķu lietotnes daļu salūšanu. Kanonisko URL pārrauga Forgejo pārvaldītāji ar app.ini iestatījumu ROOT_URL.",
+	"themes.names.forgejo-auto": "Forgejo (ievērot sistēmas izskatu)",
+	"themes.names.forgejo-light": "Forgejo gaišais",
+	"themes.names.forgejo-dark": "Forgejo tumšais",
+	"error.not_found.title": "Lapa nav atrasta",
+	"alert.asset_load_failed": "Neizdevās ielādēt līdzekļu datnes no {path}. Lūgums pārliecināties, ka līdzekļu datnēm var piekļūt.",
+	"install.invalid_lfs_path": "Nav iespējams izveidot LFS pamatmapi norādītajā ceļā: %[1]s",
+	"alert.range_error": " jābūt skaitlin starp %[1]s un %[2]s.",
+	"meta.last_line": "Šis žagaru saišķis nav mans žagaru saišķis.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.successful_run_after_failure_subject": "Darbplūsma %[1]s atkopta glabātavā %[2]s",
+	"mail.actions.not_successful_run_subject": "Darbplūsmas %[1]s atteice glabātavā %[2]s",
+	"mail.actions.successful_run_after_failure": "Darbplūsma %[1]s atkopta glabātavā %[2]s",
+	"mail.actions.not_successful_run": "Darbplūsmas %[1] atteice glabātavā %[2]s",
+	"mail.actions.run_info_cur_status": "Šī izpildījuma stāvoklis: %[1]s (tikko atjaunināts no %[2]s)",
+	"mail.actions.run_info_previous_status": "Iepriekšējā izpildījuma stāvoklis: %[1]s",
+	"mail.actions.run_info_trigger": "Izraisīšanas iemesls: %[2]s no: %[2]s",
+	"discussion.locked": "Šī apspriede tika slēgta. Piebilžu pievienošana ir ļauta tikai līdzdalībniekiem.",
+	"relativetime.future": "nākotnē",
+	"relativetime.hours": {
+		"zero": "pirms %d stundām",
+		"one": "pirms %d stundas",
+		"other": "pirms %d stundām"
+	},
+	"relativetime.days": {
+		"zero": "pirms %d dienām",
+		"one": "pirms %d dienas",
+		"other": "pirms %d dienām"
+	},
+	"relativetime.months": {
+		"zero": "pirms %d mēnešiem",
+		"one": "pirms %d mēneša",
+		"other": "pirms %d mēnešiem"
+	},
+	"relativetime.1day": "vakar",
+	"relativetime.2days": "pirms divām dienām",
+	"relativetime.1week": "iepriekšējā nedēļā",
+	"relativetime.2weeks": "pirms divām nedēļām",
+	"relativetime.2months": "pirms diviem mēnešiem",
+	"relativetime.1year": "iepriekšējā gadā",
+	"relativetime.2years": "pirms diviem gadiem",
+	"relativetime.years": {
+		"zero": "pirms %d gadiem",
+		"one": "pirms %d gada",
+		"other": "pirms %d gadiem"
+	},
+	"relativetime.mins": {
+		"zero": "pirms %d minūtēm",
+		"one": "pirms %d minūtes",
+		"other": "pirms %d minūtēm"
+	},
+	"relativetime.now": "tagad",
+	"relativetime.weeks": {
+		"zero": "pirms %d nedēļām",
+		"one": "pirms %d nedēļas",
+		"other": "pirms %d nedēļām"
+	},
+	"relativetime.1month": "iepriekšējā mēnesī",
+	"moderation.abuse_category.other_violations": "Citi noteikumu pārkāpumi",
+	"moderation.reported_thank_you": "Paldies par ziņojumu! Pārvaldītājiem ir darīts zināms par to.",
+	"admin.config.moderation_config": "Satura pārraudzības konfigurācija",
+	"moderation.report_abuse": "Ziņot par pārkāpumu",
+	"moderation.report_content": "Ziņot par saturu",
+	"moderation.report_abuse_form.header": "Ziņot pārvaldītājam par pārkāpumu",
+	"moderation.report_abuse_form.details": "Šī veidlapa ir izmantojama, lai ziņotu par lietotājiem, kuri izveido mēstuļošanas profilus, glabātavas, pieteikumus un piebildes vai uzvedas nepienācīgi.",
+	"moderation.report_abuse_form.invalid": "Nederīgi argumenti",
+	"moderation.report_abuse_form.already_reported": "Tu jau ziņoji par šo saturu",
+	"moderation.abuse_category": "Kategorija",
+	"moderation.abuse_category.placeholder": "Atlasīt kategoriju",
+	"moderation.abuse_category.spam": "Mēstuļošana",
+	"moderation.abuse_category.malware": "Ļaunatūra",
+	"moderation.abuse_category.illegal_content": "Nelikumīgs saturs",
+	"moderation.report_remarks": "Piezīmes",
+	"moderation.report_remarks.placeholder": "Lūgums sniegt informāciju par pārkāpumu, par ko ziņo.",
+	"moderation.submit_report": "Iesniegt ziņojumu",
+	"moderation.reporting_failed": "Nevar iesniegt jauno ziņojumu par pārkāpumu: %v",
+	"repo.form.cannot_create": "Visas vietas, kurās vari izveidot glabātavas, ir sasniegušas glabātavu skaita ierobežojumu.",
+	"repo.issue_indexer.title": "Pieteikumu indeksētājs",
+	"watch.list.none": "Neviens nevēro šo glabātavu.",
+	"followers.incoming.list.none": "Neviens neseko šim lietotājam.",
+	"followers.outgoing.list.self.none": "Tu nevienam neseko.",
+	"followers.outgoing.list.none": "%s nevienam neseko.",
+	"stars.list.none": "Neviens šo glabātavu nav atzīmējis ar zvaigzni.",
+	"followers.incoming.list.self.none": "Neviens neseko Tavam profilam.",
+	"editor.textarea.tab_hint": "Rinda jau ir ar atkāpi. Spied <kbd>Tab</kbd> vēlreiz vai <kbd>Escape</kbd>, lai izietu no redaktora!",
+	"editor.textarea.shift_tab_hint": "Šajā rindā nav atkāpes. Spied <kbd>Shift</kbd> + <kbd>Tab</kbd> vēlreiz vai <kbd>Escape</kbd>, lai izietu no redaktora!",
+	"admin.dashboard.cleanup_offline_runners": "Notīrīt bezsaistes izpildītājus",
+	"settings.visibility.description": "Profila redzamība ietekmē iespēju citiem piekļūt Tavām glabātavām, kas nav privātas. <a href=\"%s\" target=\"_blank\">Uzzināt vairāk</a>.",
+	"avatar.constraints_hint": "Pielāgots profila attēls nevar pārsniegt %[1]s vai būt lielāks par %[2]dx%[3]d pikseļiem",
+	"repo.diff.commit.next-short": "Nāk.",
+	"repo.diff.commit.previous-short": "Iepr.",
+	"profile.actions.tooltip": "Vairāk darbību",
+	"profile.edit.link": "Labot profilu",
+	"feed.atom.link": "Atom barotne",
+	"keys.ssh.link": "SSH atslēgas",
+	"keys.gpg.link": "GPG atslēgas",
+	"og.repo.summary_card.alt_description": "Glabātavas %[1]s kopsavilkuma kartīte, aprakstīta kā: %[2]s",
+	"mail.actions.run_info_sha": "Iesūtījums: %[1]s",
+	"repo.settings.push_mirror.branch_filter.description": "Zarus, kurus spoguļot. Atstāt tukšu, lai spoguļotu visus zarus. Pierakstu skatīt <a href=\"%[1]s\">%[2]s dokumentācijā</a>. Piemēri: <code>main, release/*</code>",
+	"repo.settings.push_mirror.branch_filter.label": "Zaru atlasītājs (izvēles)",
+	"discussion.sidebar.reference": "Atsauce",
+	"admin.moderation.no_open_reports": "Pašlaik nav atvērtu pārskatu.",
+	"admin.moderation.moderation_reports": "Satura pārraudzības pārskati",
+	"admin.moderation.reports": "Pārskati",
+	"admin.moderation.deleted_content_ref": "Saturs, par kuru ziņots, ar veidu %[1]v un Id %[2]d vairs nepastāv",
+	"admin.dashboard.remove_resolved_reports": "Noņemt atrisinātos ziņojumus",
+	"compare.branches.title": "Salīdzināt zarus",
+	"admin.auths.allow_username_change": "Atļaut lietotājvārda mainīšanu",
+	"repo.commit.load_tags_failed": "Birku ielādēšana neizdevās iekšējas kļūdas dēļ",
+	"admin.auths.allow_username_change.description": "Ļaut lietotājiem profila iestatījumos mainīt savu lietotājvārdu",
+	"warning.repository.out_of_sync": "Šīs glabātavas atspoguļojums datubāzē nav sinhronizēts. Ja šis brīdinājums tiek rādīts pēc iesūtījuma aizgādāšanas šajā glabātavā, jāsazinās ar pārvaldītāju.",
+	"migrate.pagure.description": "Pārcelt datus no pagure.io vai citiem Pagure serveriem.",
+	"migrate.pagure.incorrect_url": "Ir norādīts nepareizs avota glabātavas URL",
+	"migrate.pagure.project_url": "Pagure projekta URL",
+	"migrate.pagure.project_example": "Pagure projekta URL, piem., https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Pagure API ilnvara",
+	"migrate.github.description": "Pārcelt datus no github.com vai GitHub Enterprise servera.",
+	"migrate.git.description": "Pārcelt tikai glabātavu no jebkura Git pakalpojuma.",
+	"migrate.gitea.description": "Pārcelt datus no gitea.com vai citiem Gitea serveriem.",
+	"migrate.gitlab.description": "Pārcelt datus no gitlab.com vai citiem GitLab serveriem.",
+	"migrate.gogs.description": "Pārcelt datus no notabug.org vai citiem Gogs serveriem.",
+	"migrate.onedev.description": "Pārcelt datus no code.onedev.io vai citiem OneDev serveriem.",
+	"migrate.gitbucket.description": "Pārcelt datus no GitBucket serveriem.",
+	"migrate.codebase.description": "Pārcelt datus no codebasehq.com.",
+	"migrate.forgejo.description": "Pārcelt datus no codeberg.org vai citiem Fogejo serveriem.",
+	"repo.pulls.already_merged": "Apvienošana neizdevās: šis izmaiņu pieprasījums jau ir iekļauts.",
+	"admin.config.security": "Drošības konfigurācija",
+	"settings.twofa_reenroll.description": "Atkārtoti ieslēgt savu divpakāpju autentificēšanos",
+	"error.must_enable_2fa": "Šis Forgejo serveris pieprasa lietotājiem iespējot divpakāpju autentificēšanos, pirms viņi var piekļūt savam kontam. Iespējo to: %s",
+	"admin.config.global_2fa_requirement.title": "Visaptveroša divpakāpju prasība",
+	"admin.config.global_2fa_requirement.none": "Nē",
+	"admin.config.global_2fa_requirement.all": "Visi lietotāji",
+	"admin.config.global_2fa_requirement.admin": "Pārvaldītāji",
+	"settings.twofa_unroll_unavailable": "Tavam kontam ir nepieciešama divpakāpju autentificēšanās, un to nevar atspējot.",
+	"settings.twofa_reenroll": "Atkārtoti ieslēgt divpakāpju autentificēšanos",
+	"settings.must_enable_2fa": "Šis Forgejo serveris pieprasa lietotājiem iespējot divpakāpju autentificēšanos, pirms viņi var piekļūt savam kontam.",
+	"user.ghost.tooltip": "Šis lietotājs ir izdzēsts vai to nevar salāgot.",
+	"migrate.form.error.url_credentials": "URL satur pieteikšanās datus, tie ir attiecīgi jāievieto lietotājvārda un paroles laukā",
+	"actions.runs.view_most_recent_run": "Apskatīt visnesenāko palaišanu",
+	"actions.runs.run_attempt_label": "Palaišanas mēģinājums #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "Tu skati novecojušu šī darba palaišanu, kas tika izpildīta %[1]s.",
+	"repo.pulls.maintainers_can_edit": "Uzturētāji var labot šo izmaiņu pieprasījumu.",
+	"repo.pulls.maintainers_cannot_edit": "Uzturētāji nevar labot šo izmaiņu pieprasījumu.",
+	"pulse.n_active_issues": {
+		"zero": "%s atvērtu pieteikumu",
+		"one": "%s atvērts pieteikums",
+		"other": "%s atvērti pieteikumi"
+	},
+	"pulse.n_active_prs": {
+		"zero": "%s atvērtu izmaiņu pieprasījumu",
+		"one": "%s atvērts izmaiņu pieprasījums",
+		"other": "%s atvērti izmaiņu pieprasījumi"
+	},
+	"mail.issue.action.close_by_commit": "%[1] aizvēra %[2]s iesūtījumā %[3]s.",
+	"migrate.pagure.private_issues.summary": "Privātie pieteikumi (izvēles)",
+	"migrate.pagure.private_issues.description": "Šī iespēja ir izstrādāta, lai izveidotu otrēju glabātavu, kurā arhivēšanas nolūkā atrodas tikai privātie pieteikumi no Pagure projekta. Vispirms jāveic parasta pārcelšana (bez pilnvaras), lai ievietotu visu publisko saturu. Tad, ja ir saglabājami privāti pieteikumi, jāizveido atsevišķa glabātava, izmantojot šo pilnvaras iespēju, lai arhivētu privātos pieteikumus.",
+	"migrate.pagure.private_issues.warning": "Jāpārliecinās, ka glabātavas redzamība augstāk ir iestatīta kā privāta, ja izmanto API atslēgu, lai ievietotu privātos pieteikumus. Tas novērš nejaušu privāta satura atklāšanu publiskā glabātavā.",
+	"migrate.pagure.token.placeholder": "Tikai privātu pieteikumu arhīva izveidošanai",
+	"actions.workflow.job_parsing_error": "Nebija iespējams apstrādāt darbus darbplūsmā: %v",
+	"actions.workflow.event_detection_error": "Nebija iespējams apstrādāt atbalstītos notikumus darbplūsmā: %v",
+	"actions.workflow.pre_execution_error": "Darbplūsma netika izpildīta kļūdas, kura aizturēja izpildes mēģinājumu, dēļ.",
+	"watch.n_watchers": {
+		"zero": "%s vērotāju",
+		"one": "%s vērotājs",
+		"other": "%s vērotāji"
+	},
+	"teams.add_all_repos.modal.header": "Pievienot visas glabātavas",
+	"teams.remove_all_repos.modal.header": "Noņemt visas glabātavas",
+	"repo.pulls.poster_manage_approval": "Pārvaldīt apstiprinājumu",
+	"repo.pulls.poster_requires_approval": "Dažām darbplūsmām ir <a href=\"%[1]s\">nepieciešama izskatīšana</a>.",
+	"repo.pulls.poster_requires_approval.tooltip": "Šī izmaiņu pieprasījumu iesniedzējs nav uzticēta darbplūsmu, kuras izraisītas ar no atzarotas glabātavas izveidotu izmaiņu pieprasījumu vai ar AGit, izpildīšana. Darbplūsmas, kas ir izraisītas ar `pull_request` notikumu netiks izpildītas, kamēr tās nebūs apstiprinātas.",
+	"repo.pulls.poster_is_trusted": "Šī izmaiņu pieprasījumam <a href=\"%[1]s\">vienmēr ir uzticēts izpildīt darbplūsmas</a>.",
+	"repo.pulls.poster_is_trusted.tooltip": "Šī izmaiņu pieprasījuma izveidotājam ir noteikti uzticēts izpildīt darbplūsmas, kas izraisītas ar notikumu `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Noraidīt",
+	"repo.pulls.poster_trust_deny.tooltip": "Darbplūsmas, kurām nepieciešama apstiprināšana, tiks atceltas.",
+	"repo.pulls.poster_trust_once": "Apstiprināt vienreiz",
+	"repo.pulls.poster_trust_once.tooltip": "Darbplūsmas, kas izraisītas ar notikumu `pull_request` tiks izpildītas šim iesūtījumam, bet būs nepieciešams apstiprinājums visiem pēc tam šajā izmaiņu pieprasījumā aizgādātajiem iesūtījumiem.",
+	"repo.pulls.poster_trust_always": "Vienmēr apstiprināt",
+	"repo.pulls.poster_trust_always.tooltip": "Notikuma `pull_request` izraisītas darbplūsmas tiks izpildītas šim iesūtījumam, un nebūs nepieciešamības apstiprināt izpildīšanu šajā izmaiņu pieprasījumā vai tā paša lietotāja pēc tam izveidotajiem izmaiņu pieprasījumiem.",
+	"repo.pulls.poster_trust_revoke": "Atsaukt",
+	"repo.pulls.poster_trust_revoke.tooltip": "Šī izmaiņu pieprasījuma izveidotājam vairs netiks uzticēts izpildīt notikuma `pull_request` notikuma izraisītas darbplūsmas, katra izpilde būs pašrocīgi jāapstiprina.",
+	"admin.dashboard.actions_action_user": "Atsaukt Forgejo darbību uzticamību neaktīviem lietotājiem",
+	"actions.status.diagnostics.waiting": {
+		"zero": "Gaida uz izpildītāju ar šādām iezīmēm: %s",
+		"one": "Gaida uz izpildītāju ar šādām iezīmēm: %s",
+		"other": "Gaida uz izpildītāju ar šādām iezīmēm: %s"
+	},
+	"keys.verify.token.hint": "Pilnvara ir derīga tikai 1 minūti. <a href=\"%[1]s\">Iegūt jaunu</a>, ja pašreizējā ir beigusies.",
+	"admin.dashboard.transfer_lingering_logs": "Pārcelt pabeigto darbību uzdevumu darbību žurnālus no datubāzes uz krātuvi",
+	"repo.issues.filter_poster.hint": "Atlasīt pēc izveidotāja",
+	"repo.issues.filter_assignee.hint": "Atlasīt pēc lietotāja, kuram piešķirti",
+	"repo.issues.filter_reviewers.hint": "Atlasīt pēc lietotāja, kurš izskatīja",
+	"repo.issues.filter_mention.hint": "Atlasīt pēc lietotāja, kurš ir pieminēts",
+	"repo.issues.filter_modified.hint": "Atlasīt pēc pēdējā izmainīšanas datuma",
+	"repo.issues.filter_sort.hint": "Kārtot pēc: izveidots/piebildes/atjaunināts/beigu datums",
+	"search.syntax": "Meklēšanas pieraksts",
+	"actions.workflow.persistent_incomplete_matrix": "Nav iespējams izvērtēt darba %[1]s `strategy.matrix` nederīgas `needs` izteiksmes dēļ. Tas, iespējams, atsaucas uz darbu, kas nav tā 'needs' sarakstā (%[2]s), vai izvadi, kas nepastāv kādā no darbiem.",
+	"admin.auths.oauth2_quota_group_claim_name": "Prasības nosaukums, kas sniedz kopu nosaukumus šim avotam, kas tiks izmantots apjomu pārvaldībai. (Pēc izvēles)",
+	"admin.auths.oauth2_quota_group_map": "Kartēt pieteiktās kopas ar apjomu kopām. (Pēc izvēles - augstāk nepieciešams norādīt prasības nosaukumu)",
+	"admin.auths.oauth2_quota_group_map_removal": "Noņemt lietotājus no sinhronizētām apjomu kopām, ja tie nepieder atbilstošajai kopai.",
+	"moderation.report.mark_as_handled": "Atzīmēt kā apstrādātu",
+	"moderation.report.mark_as_ignored": "Atzīmēt kā neņemtu vērā",
+	"moderation.action.account.delete": "Izdzēst kontu",
+	"moderation.action.account.suspend": "Apturēt konta darbību",
+	"moderation.action.repo.delete": "Izdzēst glabātavu",
+	"moderation.action.issue.delete": "Izdzēst pieteikumu",
+	"moderation.action.comment.delete": "Izdzēst piebildi",
+	"moderation.unknown_action": "Nezināma darbība",
+	"moderation.users.cannot_suspend_self": "Nevar apturēt sava konta darbību.",
+	"moderation.users.cannot_suspend_admins": "Lietotāju kontu ar pārvaldīšanas tiesībām darbību nevar apturēt.",
+	"moderation.users.cannot_suspend_org": "Apvienību kontu darbību nevar apturēt.",
+	"moderation.users.already_suspended": "Lietotāja konta darbība jau ir apturēta.",
+	"moderation.users.suspend_success": "Lietotāja konta darbība tika apturēta.",
+	"moderation.users.cannot_delete_admins": "Lietotājus ar pārvaldīšanas tiesībām nevar izdzēst.",
+	"moderation.issue.deletion_success": "Pieteikums tika izdzēsts.",
+	"moderation.comment.deletion_success": "Piebilde tika izdzēsta.",
+	"actions.workflow.incomplete_matrix_missing_job": "Nevar novērtēt darba %[1]s `strategy.matrix`: darbs %[2]s nav %[1]s `needs` sarakstā (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Nevar novērtēt darba %[1]s `strategy.matrix`: darbam %[2]s nav izvades %[2]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Nevar novērtēt darba %[1]s `strategy.matrix`: nezināma kļūda.",
+	"actions.workflow.incomplete_runson_missing_job": "Nevar novērtēt darba %[1]s `runs-on`: darbs %[2]s nav %[1]s `needs` sarakstā (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Nevar novērtēt darba %[1]s `runs-on`: darbam %[2]s nav izvades %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Nevar novērtēt darba %[1]s `runs-on`: matricas dimensija %[2]s nepastāv.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Nevar novērtēt darba %[1]s `runs-on`: nezināma kļūda.",
+	"issues.updated": "atjaunināts %s",
+	"search.fuzzy": "Aptuveni",
+	"search.fuzzy_tooltip": "Iekļaut iznākumus, kas aptuveni atbilst meklētajam"
 }
diff --git a/options/locale_next/locale_mic.json b/options/locale_next/locale_mic.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_mic.json
+++ b/options/locale_next/locale_mic.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_ml-IN.json b/options/locale_next/locale_ml-IN.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_ml-IN.json
+++ b/options/locale_next/locale_ml-IN.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_nb_NO.json b/options/locale_next/locale_nb_NO.json
index 79129dd86b..d9acb16425 100644
--- a/options/locale_next/locale_nb_NO.json
+++ b/options/locale_next/locale_nb_NO.json
@@ -1,133 +1,133 @@
 {
-    "relativetime.1day": "i går",
-    "moderation.abuse_category.other_violations": "Andre regel overtredelser",
-    "moderation.report_remarks": "Kommentar",
-    "moderation.report_remarks.placeholder": "Skriv noen detaljer rundt missbruket du rapporterer.",
-    "moderation.submit_report": "Send rapport",
-    "moderation.reporting_failed": "Missbruk rapporten kunne ikke sendes inn: %v",
-    "relativetime.hours": {
-        "one": "%d time siden",
-        "other": "%d timer siden"
-    },
-    "repo.form.cannot_create": "Det maksimale antallet repositories er nådd i alle områdene du har tilgang til.",
-    "repo.issue_indexer.title": "Saksindekserer",
-    "moderation.abuse_category.illegal_content": "Ulovlig innhold",
-    "error.not_found.title": "Fant ikke siden",
-    "themes.names.forgejo-light": "Forgejo lyst",
-    "themes.names.forgejo-dark": "Forgejo mørk",
-    "stars.list.none": "Ingen har gitt stjerner til dette repoet.",
-    "watch.list.none": "Ingen følger dette repoet.",
-    "followers.incoming.list.none": "Ingen følger denne brukeren.",
-    "followers.outgoing.list.self.none": "Du følger ikke noen.",
-    "followers.outgoing.list.none": "%s følger ikke noen.",
-    "relativetime.2days": "to dager siden",
-    "relativetime.1week": "forrige uke",
-    "relativetime.2weeks": "to uker siden",
-    "relativetime.1month": "forrige måned",
-    "relativetime.2months": "to måneder siden",
-    "relativetime.1year": "i fjor",
-    "relativetime.2years": "to år siden",
-    "alert.asset_load_failed": "Kunne ikke laste inn ressursfiler fra {path}. Sørg for at ressursfilene er tilgjengelige.",
-    "search.milestone_kind": "Søker i milepæler…",
-    "home.welcome.no_activity": "Ingen aktivitet",
-    "home.explore_repos": "Utforsk repositorier",
-    "home.explore_users": "Utforsk brukere",
-    "home.explore_orgs": "Utforsk organisasjoner",
-    "relativetime.mins": {
-        "one": "%d minutt siden",
-        "other": "%d minutter siden"
-    },
-    "relativetime.months": {
-        "one": "%d måned siden",
-        "other": "%d måneder siden"
-    },
-    "relativetime.years": {
-        "one": "%d år siden",
-        "other": "%d år siden"
-    },
-    "repo.pulls.title_desc": {
-        "one": "ønsker å slå sammen %[1]d commit fra <code>%[2]s</code> inn i <code id=\"%[4]s\">%[3]s</code>",
-        "other": "ønsker å slå sammen %[1]d commits fra <code>%[2]s</code> inn i <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "og.repo.summary_card.alt_description": "Sammendrag for repository %[1]s, beskrevet som: %[2]s",
-    "followers.incoming.list.self.none": "Ingen følger profilen din.",
-    "install.invalid_lfs_path": "Kan ikke opprette LFS-root på: %[1]s",
-    "relativetime.now": "nå",
-    "relativetime.future": "i fremtiden",
-    "repo.pulls.merged_title_desc": {
-        "one": "slo sammen %[1]d commit fra <code>%[2]s</code> inn i <code>%[3]s</code> %[4]s",
-        "other": "slo sammen %[1]d commits fra <code>%[2]s</code> inn i <code>%[3]s</code> %[4]s"
-    },
-    "editor.textarea.tab_hint": "Linjen er allerede innrykket. Trykk <kbd>Tab</kbd> igjen eller trykk <kbd>Escape</kbd> for å gå ut av editoren.",
-    "editor.textarea.shift_tab_hint": "Ingen innrykk på denne linjen. Trykk <kbd>Shift</kbd> + <kbd>Tab</kbd> igjen eller <kbd>Escape</kbd> for å gå ut av editoren.",
-    "alert.range_error": " må være et nummer mellom %[1]s og %[2]s.",
-    "themes.names.forgejo-auto": "Forgejo (følg systemtema)",
-    "home.welcome.activity_hint": "Det er foreløpig ingenting i feeden din. Aktivitetene dine og handlingene dine fra repositorier du følger, vil vises her etter hvert.",
-    "incorrect_root_url": "Denne Forgejo instansen er konfigurert til å bruke \"%s\". Du bruker Forgejo via en annen URL, noe som kan forårsake at deler av applikasjonen ikke fungerer. Den kanoniske URL-en styres av Forgejo-administratorer via innstillingen ROOT_URL i app.ini-filen.",
-    "mail.actions.run_info_trigger": "Startet på grunn av: %[1]s by: %[2]s",
-    "admin.dashboard.cleanup_offline_runners": "Rydd opp offline runners",
-    "settings.visibility.description": "Profilens synlighet påvirker andres mulighet til å få tilgang til dine ikke-private repositorier. <a href=\"%s\" target=\"_blank\">Les mer</a>",
-    "profile.actions.tooltip": "Flere handlinger",
-    "profile.edit.link": "Rediger profil",
-    "relativetime.days": {
-        "one": "%d dag siden",
-        "other": "%d dager siden"
-    },
-    "relativetime.weeks": {
-        "one": "%d uke siden",
-        "other": "%d uker siden"
-    },
-    "feed.atom.link": "Atom feed",
-    "keys.ssh.link": "SSH nøkler",
-    "keys.gpg.link": "GPG nøkler",
-    "admin.config.moderation_config": "Moderasjonskonfigurasjon",
-    "moderation.report_abuse": "Rapporter missbruk",
-    "moderation.report_content": "Rapporter innhold",
-    "moderation.report_abuse_form.header": "Rapporter missbruk til en administrator",
-    "moderation.report_abuse_form.details": "Denne formen skal brukes for å rapporterer brukere som oppretter spam profiler, repositorier, saker, kommentarer eller oppfører seg upassende.",
-    "moderation.report_abuse_form.invalid": "Ugyldige argumenter",
-    "moderation.report_abuse_form.already_reported": "Du har allerede rapportert dette innholdet",
-    "moderation.abuse_category": "Kategori",
-    "moderation.abuse_category.placeholder": "Velg en kategori",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Skadelig programvare",
-    "moderation.reported_thank_you": "Takk for meldingen. Vi har varslet administratorene.",
-    "mail.actions.successful_run_after_failure_subject": "Arbeidsflyten %[1]s er gjenopprettet i repository %[2]s",
-    "mail.actions.not_successful_run_subject": "Arbeidsflyten %[1]s feilet i repository %[2]s",
-    "mail.actions.successful_run_after_failure": "Arbeidsflyten %[1]s er gjenopprettet i repository %[2]s",
-    "mail.actions.not_successful_run": "Arbeidsflyten %[1]s feilet i repository %[2]s",
-    "mail.actions.run_info_cur_status": "Status for denne kjøringen: %[1]s (oppdatert fra %[2]s)",
-    "mail.actions.run_info_previous_status": "Status for forrige kjøring: %[1]s",
-    "repo.diff.commit.next-short": "Neste",
-    "repo.diff.commit.previous-short": "Forrige",
-    "discussion.locked": "Denne diskusjonen er låst. Kommentarer kan kun gjøres av bidragsytere.",
-    "avatar.constraints_hint": "Egendefinert avatar kan ikke overstige %[1]s i størrelse eller være større enn %[2]d × %[3]d piksler",
-    "meta.last_line": "Vi gir oss ikke. Kongen har sagt nei!",
-    "fork.n_forks": {
-        "one": "%s skille",
-        "other": "%s skiller"
-    },
-    "stars.n_stars": {
-        "one": "%s stjerne",
-        "other": "%s stjerner"
-    },
-    "watch.n_watchers": {
-        "one": "%s seer",
-        "other": "%s seere"
-    },
-    "repo.issues.filter_poster.hint": "Filtrer etter skaper",
-    "repo.issues.filter_assignee.hint": "Filtrer etter tildelt bruker",
-    "repo.issues.filter_reviewers.hint": "Filtrer etter bruker som anmelder",
-    "repo.issues.filter_mention.hint": "Filtrer etter nevnt bruker",
-    "repo.issues.filter_modified.hint": "Filtrer etter sist endret dato",
-    "repo.issues.filter_sort.hint": "Sorter etter: skapt/kommentarer/oppdatert/deadline",
-    "repo.pulls.poster_manage_approval": "Endre godkjenning",
-    "repo.pulls.poster_requires_approval": "Noen workflow <a href=\"%[1]s\">venter på å blir anmeldt.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "Skaperen av denne pull requesten er ikke verifisert til å kjøre workflow som blei kjørt av en pull request skapt i fra en forket repositorie eller med AGit. Workflowene som blei kjørt av `pull_request` event vil ikke kjøre inntil de blir godkjent.",
-    "repo.pulls.poster_is_trusted": "Skaperen av denne pull requesten er <a href=\"%[1]s\">alltid troverdige til å kjøre workflow-er.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "Skaperen av denne pull requesten har blitt eksplisitt troverdig til å kjøre workflow-er kjørt av `pull_request` event-er.",
-    "repo.pulls.poster_trust_deny": "Avslå",
-    "repo.pulls.poster_trust_deny.tooltip": "Workflow-ene som venter på godkjenning vil være avslått.",
-    "repo.pulls.poster_trust_once": "Godta én gang",
-    "repo.pulls.poster_trust_once.tooltip": "Workflow-ene kjørt av `pull_request`event vil kjøre på denne commit-en, men vil trenge godkjenning for fremtidige commit-er som blir tilsatt til denne pull requesten."
+	"relativetime.1day": "i går",
+	"moderation.abuse_category.other_violations": "Andre regel overtredelser",
+	"moderation.report_remarks": "Kommentar",
+	"moderation.report_remarks.placeholder": "Skriv noen detaljer rundt missbruket du rapporterer.",
+	"moderation.submit_report": "Send rapport",
+	"moderation.reporting_failed": "Missbruk rapporten kunne ikke sendes inn: %v",
+	"relativetime.hours": {
+		"one": "%d time siden",
+		"other": "%d timer siden"
+	},
+	"repo.form.cannot_create": "Det maksimale antallet repositories er nådd i alle områdene du har tilgang til.",
+	"repo.issue_indexer.title": "Saksindekserer",
+	"moderation.abuse_category.illegal_content": "Ulovlig innhold",
+	"error.not_found.title": "Fant ikke siden",
+	"themes.names.forgejo-light": "Forgejo lyst",
+	"themes.names.forgejo-dark": "Forgejo mørk",
+	"stars.list.none": "Ingen har gitt stjerner til dette repoet.",
+	"watch.list.none": "Ingen følger dette repoet.",
+	"followers.incoming.list.none": "Ingen følger denne brukeren.",
+	"followers.outgoing.list.self.none": "Du følger ikke noen.",
+	"followers.outgoing.list.none": "%s følger ikke noen.",
+	"relativetime.2days": "to dager siden",
+	"relativetime.1week": "forrige uke",
+	"relativetime.2weeks": "to uker siden",
+	"relativetime.1month": "forrige måned",
+	"relativetime.2months": "to måneder siden",
+	"relativetime.1year": "i fjor",
+	"relativetime.2years": "to år siden",
+	"alert.asset_load_failed": "Kunne ikke laste inn ressursfiler fra {path}. Sørg for at ressursfilene er tilgjengelige.",
+	"search.milestone_kind": "Søker i milepæler…",
+	"home.welcome.no_activity": "Ingen aktivitet",
+	"home.explore_repos": "Utforsk repositorier",
+	"home.explore_users": "Utforsk brukere",
+	"home.explore_orgs": "Utforsk organisasjoner",
+	"relativetime.mins": {
+		"one": "%d minutt siden",
+		"other": "%d minutter siden"
+	},
+	"relativetime.months": {
+		"one": "%d måned siden",
+		"other": "%d måneder siden"
+	},
+	"relativetime.years": {
+		"one": "%d år siden",
+		"other": "%d år siden"
+	},
+	"repo.pulls.title_desc": {
+		"one": "ønsker å slå sammen %[1]d commit fra <code>%[2]s</code> inn i <code id=\"%[4]s\">%[3]s</code>",
+		"other": "ønsker å slå sammen %[1]d commits fra <code>%[2]s</code> inn i <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"og.repo.summary_card.alt_description": "Sammendrag for repository %[1]s, beskrevet som: %[2]s",
+	"followers.incoming.list.self.none": "Ingen følger profilen din.",
+	"install.invalid_lfs_path": "Kan ikke opprette LFS-root på: %[1]s",
+	"relativetime.now": "nå",
+	"relativetime.future": "i fremtiden",
+	"repo.pulls.merged_title_desc": {
+		"one": "slo sammen %[1]d commit fra <code>%[2]s</code> inn i <code>%[3]s</code> %[4]s",
+		"other": "slo sammen %[1]d commits fra <code>%[2]s</code> inn i <code>%[3]s</code> %[4]s"
+	},
+	"editor.textarea.tab_hint": "Linjen er allerede innrykket. Trykk <kbd>Tab</kbd> igjen eller trykk <kbd>Escape</kbd> for å gå ut av editoren.",
+	"editor.textarea.shift_tab_hint": "Ingen innrykk på denne linjen. Trykk <kbd>Shift</kbd> + <kbd>Tab</kbd> igjen eller <kbd>Escape</kbd> for å gå ut av editoren.",
+	"alert.range_error": " må være et nummer mellom %[1]s og %[2]s.",
+	"themes.names.forgejo-auto": "Forgejo (følg systemtema)",
+	"home.welcome.activity_hint": "Det er foreløpig ingenting i feeden din. Aktivitetene dine og handlingene dine fra repositorier du følger, vil vises her etter hvert.",
+	"incorrect_root_url": "Denne Forgejo instansen er konfigurert til å bruke \"%s\". Du bruker Forgejo via en annen URL, noe som kan forårsake at deler av applikasjonen ikke fungerer. Den kanoniske URL-en styres av Forgejo-administratorer via innstillingen ROOT_URL i app.ini-filen.",
+	"mail.actions.run_info_trigger": "Startet på grunn av: %[1]s by: %[2]s",
+	"admin.dashboard.cleanup_offline_runners": "Rydd opp offline runners",
+	"settings.visibility.description": "Profilens synlighet påvirker andres mulighet til å få tilgang til dine ikke-private repositorier. <a href=\"%s\" target=\"_blank\">Les mer</a>",
+	"profile.actions.tooltip": "Flere handlinger",
+	"profile.edit.link": "Rediger profil",
+	"relativetime.days": {
+		"one": "%d dag siden",
+		"other": "%d dager siden"
+	},
+	"relativetime.weeks": {
+		"one": "%d uke siden",
+		"other": "%d uker siden"
+	},
+	"feed.atom.link": "Atom feed",
+	"keys.ssh.link": "SSH nøkler",
+	"keys.gpg.link": "GPG nøkler",
+	"admin.config.moderation_config": "Moderasjonskonfigurasjon",
+	"moderation.report_abuse": "Rapporter missbruk",
+	"moderation.report_content": "Rapporter innhold",
+	"moderation.report_abuse_form.header": "Rapporter missbruk til en administrator",
+	"moderation.report_abuse_form.details": "Denne formen skal brukes for å rapporterer brukere som oppretter spam profiler, repositorier, saker, kommentarer eller oppfører seg upassende.",
+	"moderation.report_abuse_form.invalid": "Ugyldige argumenter",
+	"moderation.report_abuse_form.already_reported": "Du har allerede rapportert dette innholdet",
+	"moderation.abuse_category": "Kategori",
+	"moderation.abuse_category.placeholder": "Velg en kategori",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Skadelig programvare",
+	"moderation.reported_thank_you": "Takk for meldingen. Vi har varslet administratorene.",
+	"mail.actions.successful_run_after_failure_subject": "Arbeidsflyten %[1]s er gjenopprettet i repository %[2]s",
+	"mail.actions.not_successful_run_subject": "Arbeidsflyten %[1]s feilet i repository %[2]s",
+	"mail.actions.successful_run_after_failure": "Arbeidsflyten %[1]s er gjenopprettet i repository %[2]s",
+	"mail.actions.not_successful_run": "Arbeidsflyten %[1]s feilet i repository %[2]s",
+	"mail.actions.run_info_cur_status": "Status for denne kjøringen: %[1]s (oppdatert fra %[2]s)",
+	"mail.actions.run_info_previous_status": "Status for forrige kjøring: %[1]s",
+	"repo.diff.commit.next-short": "Neste",
+	"repo.diff.commit.previous-short": "Forrige",
+	"discussion.locked": "Denne diskusjonen er låst. Kommentarer kan kun gjøres av bidragsytere.",
+	"avatar.constraints_hint": "Egendefinert avatar kan ikke overstige %[1]s i størrelse eller være større enn %[2]d × %[3]d piksler",
+	"meta.last_line": "Vi gir oss ikke. Kongen har sagt nei!\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"fork.n_forks": {
+		"one": "%s skille",
+		"other": "%s skiller"
+	},
+	"stars.n_stars": {
+		"one": "%s stjerne",
+		"other": "%s stjerner"
+	},
+	"watch.n_watchers": {
+		"one": "%s seer",
+		"other": "%s seere"
+	},
+	"repo.issues.filter_poster.hint": "Filtrer etter skaper",
+	"repo.issues.filter_assignee.hint": "Filtrer etter tildelt bruker",
+	"repo.issues.filter_reviewers.hint": "Filtrer etter bruker som anmelder",
+	"repo.issues.filter_mention.hint": "Filtrer etter nevnt bruker",
+	"repo.issues.filter_modified.hint": "Filtrer etter sist endret dato",
+	"repo.issues.filter_sort.hint": "Sorter etter: skapt/kommentarer/oppdatert/deadline",
+	"repo.pulls.poster_manage_approval": "Endre godkjenning",
+	"repo.pulls.poster_requires_approval": "Noen workflow <a href=\"%[1]s\">venter på å blir anmeldt.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "Skaperen av denne pull requesten er ikke verifisert til å kjøre workflow som blei kjørt av en pull request skapt i fra en forket repositorie eller med AGit. Workflowene som blei kjørt av `pull_request` event vil ikke kjøre inntil de blir godkjent.",
+	"repo.pulls.poster_is_trusted": "Skaperen av denne pull requesten er <a href=\"%[1]s\">alltid troverdige til å kjøre workflow-er.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "Skaperen av denne pull requesten har blitt eksplisitt troverdig til å kjøre workflow-er kjørt av `pull_request` event-er.",
+	"repo.pulls.poster_trust_deny": "Avslå",
+	"repo.pulls.poster_trust_deny.tooltip": "Workflow-ene som venter på godkjenning vil være avslått.",
+	"repo.pulls.poster_trust_once": "Godta én gang",
+	"repo.pulls.poster_trust_once.tooltip": "Workflow-ene kjørt av `pull_request`event vil kjøre på denne commit-en, men vil trenge godkjenning for fremtidige commit-er som blir tilsatt til denne pull requesten."
 }
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index bd3ddeaf84..5b530ec08c 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -1,247 +1,247 @@
 {
-    "fork.n_forks": {
-        "one": "%s Gabel",
-        "other": "%s Gabels"
-    },
-    "stars.n_stars": {
-        "one": "%s Steern",
-        "other": "%s Steerns"
-    },
-    "release.n_downloads": {
-        "one": "%s maal runnerladen",
-        "other": "%s maal runnerladen"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "hett %[4]s %[1]d Kommitteren vun <code>%[2]s</code> na <code>%[3]s</code> tosamenföhrt",
-        "other": "hett %[4]s %[1]d Kommitterens vun <code>%[2]s</code> na <code>%[3]s</code> tosamenföhrt"
-    },
-    "repo.pulls.title_desc": {
-        "one": "will %[1]d Kommitteren vun <code>%[2]s</code> na <code id=\"%[4]s\">%[3]s</code> tosamenföhren",
-        "other": "will %[1]d Kommitterens vun <code>%[2]s</code> na <code id=\"%[4]s\">%[3]s</code> tosamenföhren"
-    },
-    "search.milestone_kind": "In Markstenen söken …",
-    "home.explore_users": "Brukers utförsken",
-    "home.explore_orgs": "Vereenigungen utförsken",
-    "home.explore_repos": "Repositoriums utförsken",
-    "home.welcome.no_activity": "Keen Doon",
-    "home.welcome.activity_hint": "In dienem Schuuv is noch nix. Dien Doon un dat Doon vun Repositoriums, wat du beluurst, word hier wiest worden.",
-    "incorrect_root_url": "Deese Forgejo-Instanz is inricht, unner »%s« besöcht to worden. Du bekiekst Forgejo jüüst dör een anner URL, wat daarto föhren kann, dat ’t deelwies nich richtig warkt. De kanonisk URL word vun de Forgejo-Chefs över de ROOT_URL-Instellen in de app.ini kuntrolleert.",
-    "themes.names.forgejo-light": "Forgejo Hell",
-    "themes.names.forgejo-dark": "Forgejo Dunker",
-    "themes.names.forgejo-auto": "Forgejo (Systeem-Thema nagahn)",
-    "error.not_found.title": "Sied nich funnen",
-    "alert.asset_load_failed": "Kunn Objekt-Dateien ut {path} nich laden. Bidde wees wiss, dat up de Objekt-Dateien togriepen worden kann.",
-    "install.invalid_lfs_path": "Kunn de LFS-Ruut an de angeven Padd nich maken: %[1]s",
-    "alert.range_error": " mutt eene Tahl tüsken %[1]s un %[2]s wesen.",
-    "meta.last_line": "Moin!",
-    "mail.actions.successful_run_after_failure_subject": "Warkwies %[1]s in Repositorium %[2]s verhaalt",
-    "mail.actions.not_successful_run_subject": "Warkwies %[1]s in Repositorium %[2]s fehlslagen",
-    "mail.actions.successful_run_after_failure": "Warkwies %[1]s in Repositorium %[2]s hett sik verhaalt",
-    "mail.actions.not_successful_run": "Warkwies %[1]s in Repositorium %[2]s is fehlslagen",
-    "mail.actions.run_info_cur_status": "Tostand vun deesem Utföhren: %[1]s (jüüst vun %[2]s verneeit)",
-    "mail.actions.run_info_previous_status": "Tostand vun de vörig Utföhren: %[1]s",
-    "mail.actions.run_info_trigger": "Utlööst um: %[1]s vun: %[2]s",
-    "discussion.locked": "Deeser Snack is tosloten worden. Blots Bidragers könen kommenteren.",
-    "relativetime.future": "in Tokunft",
-    "relativetime.mins": {
-        "one": "vör %d Menüüt",
-        "other": "vör %d Menüten"
-    },
-    "relativetime.hours": {
-        "one": "vör %d Stünn",
-        "other": "vör %d Stünnen"
-    },
-    "relativetime.now": "nu",
-    "relativetime.months": {
-        "one": "vör %d Maant",
-        "other": "vör %d Maanten"
-    },
-    "relativetime.weeks": {
-        "one": "vör %d Week",
-        "other": "vör %d Weken"
-    },
-    "relativetime.years": {
-        "one": "vör %d Jahr",
-        "other": "vör %d Jahren"
-    },
-    "relativetime.1day": "güstern",
-    "relativetime.1week": "leste Week",
-    "relativetime.2weeks": "vörleste Week",
-    "relativetime.1month": "lesten Maant",
-    "relativetime.2months": "vörlesten Maant",
-    "relativetime.1year": "lestes Jahr",
-    "relativetime.2years": "vörlestes Jahr",
-    "relativetime.days": {
-        "one": "vör %d Dag",
-        "other": "vör %d Dagen"
-    },
-    "relativetime.2days": "vörgüstern",
-    "moderation.report_abuse": "Missbruuk mellen",
-    "moderation.report_content": "Inholl mellen",
-    "moderation.report_abuse_form.invalid": "Ungültige Argumenten",
-    "moderation.report_abuse_form.already_reported": "Du hest deesen Inholl al mellt",
-    "moderation.abuse_category": "Deel",
-    "moderation.abuse_category.placeholder": "Köör een Deel ut",
-    "moderation.abuse_category.spam": "Oolkert-Tüüg",
-    "moderation.abuse_category.illegal_content": "Verboden Inholl",
-    "moderation.abuse_category.other_violations": "Anner Verstöten tegen de Plattfoorms-Regels",
-    "moderation.report_remarks": "Anmarkens",
-    "moderation.submit_report": "Mellen ofschicken",
-    "moderation.reporting_failed": "Kann dat neje Missbruuk-Mellen nich ofschicken: %v",
-    "moderation.reported_thank_you": "Wees bedankt för dien Mellen. De Sied-Chefs hebben de Naricht daaröver kregen.",
-    "moderation.report_remarks.placeholder": "Bidde giff mehr Informatioonen över de Missbruuk, wat du mellst, an.",
-    "admin.config.moderation_config": "Moderatioons-Instellens",
-    "moderation.report_abuse_form.header": "Missbruuk an de Chef mellen",
-    "moderation.report_abuse_form.details": "Deeses Formular kann bruukt worden, um Brukers to mellen, wenn se Oolkert-Profilen, -Repositoriums, -Gefallens of -Kommentaren maken of sik unanstännig verhollen.",
-    "moderation.abuse_category.malware": "Schaa-Waar",
-    "repo.form.cannot_create": "All Rumen, waar du Repositoriums maken kannst, enthollen al de grootste Tahl vun verlöövt Repositoriums.",
-    "repo.issue_indexer.title": "Gefallen-Indizerer",
-    "followers.outgoing.list.none": "%s gaht nüms na.",
-    "watch.list.none": "Nüms beluurt deeses Repositorium.",
-    "followers.incoming.list.self.none": "Nüms gaht dienem Profil na.",
-    "followers.incoming.list.none": "Nüms gaht deesem Bruker na.",
-    "followers.outgoing.list.self.none": "Du gahst nüms na.",
-    "stars.list.none": "Nüms hett up deesem Repositorium eenen Steern sett.",
-    "editor.textarea.tab_hint": "Rieg al inschuven. Drück weer <kbd>Tab</kbd> of <kbd>Esc</kbd>, um de Bewarker to verlaten.",
-    "editor.textarea.shift_tab_hint": "Keen Inschuuv in deeser Rieg. Drück weer <kbd>Umschalt</kbd>+<kbd>Tab</kbd> of <kbd>Esc</kbd>, um de Bewarker to verlaten.",
-    "admin.dashboard.cleanup_offline_runners": "Nich verbunnen Lopers uprümen",
-    "settings.visibility.description": "De Profil-Sichtbaarkeid maakt daar wat an, of un wo anner Lüü diene nich-privaaten Repositoriums ankieken könen. <a href=\"%s\" target=\"_blank\">Mehr unnerhören</a>.",
-    "avatar.constraints_hint": "Dat eegene Kontobill düür nich groter as %[1]s wesen of groter as %[2]d×%[3]d Billtüttels wesen",
-    "repo.diff.commit.next-short": "Anner",
-    "repo.diff.commit.previous-short": "Vörig",
-    "feed.atom.link": "Atom-Schuuv",
-    "keys.ssh.link": "SSH-Slötels",
-    "keys.gpg.link": "GPG-Slötels",
-    "profile.actions.tooltip": "Mehr Aktioonen",
-    "profile.edit.link": "Profil bewarken",
-    "og.repo.summary_card.alt_description": "Tosamenfatens-Kaart vun de Repositorium %[1]s, beschrieven as: %[2]s",
-    "mail.actions.run_info_sha": "Kommitteren: %[1]s",
-    "repo.settings.push_mirror.branch_filter.description": "Twiegen tum Spegeln. Laat dat leeg, um all Twiegen to spegeln. Lees de <a href=\"%[1]s\">%[2]s-Dokumenteren</a> för de Syntax. Bispölen: <code>main, release/*</code>",
-    "repo.settings.push_mirror.branch_filter.label": "Twieg-Filter (wenn du willst)",
-    "discussion.sidebar.reference": "Nömen",
-    "admin.moderation.moderation_reports": "Moderatioons-Berichten",
-    "admin.moderation.no_open_reports": "Dat gifft jüüst keene open Berichten.",
-    "admin.moderation.reports": "Berichten",
-    "admin.moderation.deleted_content_ref": "Mellt Inholl mit Aard %[1]v un Kennteken %[2]d gifft dat nich mehr",
-    "admin.dashboard.remove_resolved_reports": "Lööst Berichten wegdoon",
-    "compare.branches.title": "Twiegen verglieken",
-    "repo.commit.load_tags_failed": "Kunn de Markens um eenen binnern Fehler nich laden",
-    "admin.auths.allow_username_change.description": "Verlööv Brukers, hör Brukernaam in de Profil-Instellens to ännern",
-    "admin.auths.allow_username_change": "Brukernaam-Ännern verlöven",
-    "warning.repository.out_of_sync": "De Datenbank-Tostand vun deesem Repositorium is verschuven. Wenn deese Wahrschau immer noch wiest word, nadeem een Kommitteren to deesem Repositorium schuven word, kuntakteer de Sied-Chef.",
-    "repo.pulls.already_merged": "Tosamenföhren fehlslagen: Deeser Haalvörslag is al tosamenföhrt worden.",
-    "migrate.pagure.description": "Daten vun pagure.io of anner Pagure-Instanzen umtrecken.",
-    "migrate.pagure.project_url": "Pagure-Projekt-URL",
-    "migrate.pagure.project_example": "De URL vum Projekt up Pagure, to’n Bispööl https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Pagure-API-Teken",
-    "migrate.pagure.incorrect_url": "Ungültige Quell-Repositoriums-URL is angeven worden",
-    "migrate.github.description": "Daten vun github.com of eenem GitHub-Enterprise-Server umtrecken.",
-    "migrate.git.description": "Een Repositorium blots vun elkeen Git-Deenst umtrecken.",
-    "migrate.gitea.description": "Daten vun gitea.com of anner Gitea-Instanzen umtrecken.",
-    "migrate.gitlab.description": "Daten vun gitlab.com of anner GitLab-Instanzen umtrecken.",
-    "migrate.gogs.description": "Daten vun notabug.org of anner Gogs-Instanzen umtrecken.",
-    "migrate.onedev.description": "Daten vun code.onedev.io of anner OneDev-Instanzen umtrecken.",
-    "migrate.gitbucket.description": "Daten vun GitBucket-Instanzen umtrecken.",
-    "migrate.codebase.description": "Daten vun codebasehq.com umtrecken.",
-    "migrate.forgejo.description": "Daten vun codeberg.org of anner Forgejo-Instanzen umtrecken.",
-    "admin.config.security": "Sekerheids-Instellens",
-    "admin.config.global_2fa_requirement.all": "All Brukers",
-    "error.must_enable_2fa": "Deese Forgejo-Instanz verlangt, dat Brukers Twee-Faktooren-Anmellen anknipsen, ehr se up hör Konten togriepen könen. Knips dat hier an: %s",
-    "settings.twofa_unroll_unavailable": "Twee-Faktooren-Anmellen word för dien Konto verlangt un kann nich utknipst worden.",
-    "admin.config.global_2fa_requirement.none": "Nee",
-    "admin.config.global_2fa_requirement.admin": "Chefs",
-    "admin.config.global_2fa_requirement.title": "Twee-Faktooren-Anmellen överall verlangen",
-    "settings.twofa_reenroll": "Twee-Faktooren-Anmellen neei inrichten",
-    "settings.twofa_reenroll.description": "Richt dien Twee-Faktooren-Anmellen neei in",
-    "settings.must_enable_2fa": "Deese Forgejo-Instanz verlangt, dat Brukers Twee-Faktooren-Anmellen anknipsen, ehr se up hör Konten togriepen könen.",
-    "user.ghost.tooltip": "Deeser Bruker is lösket worden of kann nich funnen worden.",
-    "migrate.form.error.url_credentials": "De URL enthollt Anmell-Daten, legg se in de Felden för Brukernaam un Passwoord",
-    "actions.runs.viewing_out_of_date_run": "Du bekiekst eenen verollten Loop vun deeser Upgaav, wat %[1]s utföhrt worden is.",
-    "actions.runs.view_most_recent_run": "Neeisten Loop ankieken",
-    "actions.runs.run_attempt_label": "Loop-Versöök #%[1]s (%[2]s)",
-    "repo.pulls.maintainers_can_edit": "Liddmaten könen deesen Haalvörslag bewarken.",
-    "repo.pulls.maintainers_cannot_edit": "Liddmaten könen deesen Haalvörslag nich bewarken.",
-    "pulse.n_active_issues": {
-        "one": "%s aktiiv Gefall",
-        "other": "%s aktiiv Gefallens"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s aktiiv Haalvörslag",
-        "other": "%s aktiiv Haalvörslagen"
-    },
-    "migrate.pagure.private_issues.summary": "Privaate Gefallens (wenn du willst)",
-    "migrate.pagure.token.placeholder": "Blots, um een Archiv vun privaaten Gefallens to maken",
-    "migrate.pagure.private_issues.description": "Deese Funktioon lett di een twedes Repositorium maken, wat blots privaate Gefallens ut dienem Pagure-Projekt för Archivzwecken enthollt. Maak toeerst eenen normaalen Umtreck (sünner een Teken), um alle publiken Inhollen to importeren. Dann, wenn du privaate Gefallens hest, wat du behollen willst, maak noch een anner Repositorium mit deesem Teken, um deese privaaten Gefallens to archiveren.",
-    "migrate.pagure.private_issues.warning": "Wees wiss, de Sichtbaarkeid vun de Repositorium up Privaat to setten, wenn du de API-Slötel bruukst, um privaate Gefallens to importeren. Dat verhinnert, dat du privaaten Inholl ut Versehn in eenem publiken Repositorium blootmaakst.",
-    "mail.issue.action.close_by_commit": "%[1]s hett %[2]s in Kommitteren %[3]s dichtmaakt.",
-    "actions.workflow.job_parsing_error": "Kann de Upgaven in de Warkwies nich lesen: %v",
-    "actions.workflow.event_detection_error": "Kann de unnerstütt Vörfallen in de Warkwies nich lesen: %v",
-    "actions.workflow.pre_execution_error": "Warkwies is nich utföhrt worden, denn een Fehler is uptreden, wat de Utföhrens-Versöök blockeert hett.",
-    "watch.n_watchers": {
-        "one": "%s Belurer",
-        "other": "%s Belurers"
-    },
-    "teams.add_all_repos.modal.header": "All Repositoriums hentofögen",
-    "teams.remove_all_repos.modal.header": "All Repositoriums wegdoon",
-    "repo.pulls.poster_manage_approval": "Tostimmen verwalten",
-    "repo.pulls.poster_requires_approval": "Eenige Warkwiesen <a href=\"%[1]s\">wachten up een Nakieken.</a>",
-    "repo.pulls.poster_is_trusted": "De Schriever vun deesem Haalvörslag word <a href=\"%[1]s\">alltied vertroot, Warkwiesen uttoföhren.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "De Schriever vun deesem Haalvörslag word nich vertroot, Warkwiesen uttoföhren, wat vun eenem Haalvörslag ut eener Gavel of mit AGit utlööst worden. De Warkwiesen, wat vun eenem `pull_request`-Vörfall utlööst worden, lopen eerst dann, wenn se tostimmt worden.",
-    "repo.pulls.poster_is_trusted.tooltip": "De Schriever vun deesem Haalvörslag word utdrückelk vertroot, Warkwiesen uttoföhren, wat vun `pull_request`-Vörfallen utlööst worden.",
-    "repo.pulls.poster_trust_deny": "Verseggen",
-    "repo.pulls.poster_trust_deny.tooltip": "De Warkwiesen, wat up Tostimmen wachten, worden ofbroken.",
-    "repo.pulls.poster_trust_once": "Een Maal tostimmen",
-    "repo.pulls.poster_trust_once.tooltip": "De Warkwiesen, wat vun eenem `pull_request`-Vörfall utlööst worden, worden för deeses Kommitteren lopen, mutten aver för all tokünftig Kommitterens, wat to deesem Haalvörslag schuven worden, weer neei tostimmt worden.",
-    "repo.pulls.poster_trust_always": "Alltieden verlöven",
-    "repo.pulls.poster_trust_always.tooltip": "De Warkwiesen, wat vun eenem `pull_request`-Vörfall utlööst worden, worden för deeses Kommitteren lopen, un wiedere Utföhrens vun deesem Haalvörslag of vun tokünftig Haalvörslagen vun de sülven Schriever mutten nich mehr tostimmt worden.",
-    "repo.pulls.poster_trust_revoke": "Torüggnehmen",
-    "repo.pulls.poster_trust_revoke.tooltip": "De Schriever vun deesem Haalvörslag word nich mehr vertroot, Warkwiesen, wat vun eenem `pull_request`-Vörfall utlööst worden, uttoföhren. Elkeen Utföhren mutt neei tostimmt worden.",
-    "admin.dashboard.actions_action_user": "Forgejo-Aktioonen-Vertroen för inaktiiv Brukers torüggnehmen",
-    "actions.status.diagnostics.waiting": {
-        "one": "Wacht up eenen Loper mit deesem Vermark: %s",
-        "other": "Wacht up eenen Loper mit deesen Vermarkens: %s"
-    },
-    "keys.verify.token.hint": "Deeses Teken gellt blots 1 Menüüt. <a href=\"%[1]s\">Haal een nejes, wenn ’t avlopen is</a>.",
-    "admin.dashboard.transfer_lingering_logs": "Aktioons-Utgaven vun ofsloten Aktioons-Upgaven vun de Datenbank in de Spieker överdragen",
-    "repo.issues.filter_poster.hint": "Na Autor filtern",
-    "repo.issues.filter_assignee.hint": "Na towiesen Bruker filtern",
-    "repo.issues.filter_reviewers.hint": "Na Nakieker filtern",
-    "repo.issues.filter_mention.hint": "Na benöömt Bruker filtern",
-    "repo.issues.filter_modified.hint": "Na lestem Ännern filtern",
-    "repo.issues.filter_sort.hint": "Sorteren na: maakt/Kommentaren/verneeit/Anstahn",
-    "search.syntax": "Söök-Syntax",
-    "actions.workflow.persistent_incomplete_matrix": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten, denn een `needs`-Utdruck weer ungültig. Verlicht benöömt dat eene Upgaav, wat nich in hör »needs«-List is (%[2]s), of eene Utgaav, wat in keener vun deeser Upgaven vörkummt.",
-    "admin.auths.oauth2_quota_group_map": "In Anspröök nohmen Gruppen up Quoten-Gruppen ofbillen. (Wenn du willst – bruukt Anspröök-Naam boven)",
-    "admin.auths.oauth2_quota_group_claim_name": "Anspöök-Naam, wat Grupp-Namen för deese Quell tum Bruken bi’m Quoten-Verwalten gifft. (Wenn du willst)",
-    "admin.auths.oauth2_quota_group_map_removal": "Brukers ut spegelt Quoten-Gruppen wegdoon, wenn Bruker nich to de tohörig Grupp tohöört.",
-    "moderation.report.mark_as_handled": "As ofhannelt markeren",
-    "moderation.report.mark_as_ignored": "As minnacht markeren",
-    "moderation.action.account.delete": "Konto lösken",
-    "moderation.action.account.suspend": "Konto sperren",
-    "moderation.action.repo.delete": "Repositorium lösken",
-    "moderation.action.issue.delete": "Gefall lösken",
-    "moderation.action.comment.delete": "Kommentaar lösken",
-    "moderation.unknown_action": "Unbekannte Aktioon",
-    "moderation.users.cannot_suspend_self": "Du kannst di nich sülvst sperren.",
-    "moderation.users.cannot_suspend_admins": "Brukers mit Chef-Rechten könen nich sperrt worden.",
-    "moderation.users.cannot_suspend_org": "Vereenigungen könen nich sperrt worden.",
-    "moderation.users.already_suspended": "Brukerkonto is al sperrt.",
-    "moderation.users.suspend_success": "Dat Brukerkonto is sperrt worden.",
-    "moderation.users.cannot_delete_admins": "Brukers mit Chef-Rechten könen nich lösket worden.",
-    "moderation.issue.deletion_success": "Dat Gefall is lösket worden.",
-    "moderation.comment.deletion_success": "De Kommentaar is lösket worden.",
-    "actions.workflow.incomplete_matrix_missing_job": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s is nich in de `needs`-List vun Upgaav %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hapert Utgaav %[3]s.",
-    "actions.workflow.incomplete_runson_missing_job": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s is nich in de `needs`-List vun Upgaav %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hapert Utgaav %[3]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Matrix-Richt %[2]s gifft dat nich.",
-    "search.fuzzy": "Umslags",
-    "search.fuzzy_tooltip": "Ok Resultaten wiesen, wat so wat umslags to de Söökwoorden passen",
-    "issues.updated": "%s verneeit",
-    "actions.workflow.incomplete_with_missing_job": "Kann de `with` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s is nich in de `needs`-List vun Upgaav %[1]s (%[3]s).",
-    "actions.workflow.incomplete_with_missing_output": "Kann de `with` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hapert Utgaav %[3]s.",
-    "actions.workflow.incomplete_with_missing_matrix_dimension": "Kann de `with` vun Upgaav %[1]s nich utweerten: Matrix-Richt %[2]s gifft dat nich.",
-    "actions.workflow.incomplete_with_unknown_cause": "Kann de `with` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler."
+	"fork.n_forks": {
+		"one": "%s Gabel",
+		"other": "%s Gabels"
+	},
+	"stars.n_stars": {
+		"one": "%s Steern",
+		"other": "%s Steerns"
+	},
+	"release.n_downloads": {
+		"one": "%s maal runnerladen",
+		"other": "%s maal runnerladen"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "hett %[4]s %[1]d Kommitteren vun <code>%[2]s</code> na <code>%[3]s</code> tosamenföhrt",
+		"other": "hett %[4]s %[1]d Kommitterens vun <code>%[2]s</code> na <code>%[3]s</code> tosamenföhrt"
+	},
+	"repo.pulls.title_desc": {
+		"one": "will %[1]d Kommitteren vun <code>%[2]s</code> na <code id=\"%[4]s\">%[3]s</code> tosamenföhren",
+		"other": "will %[1]d Kommitterens vun <code>%[2]s</code> na <code id=\"%[4]s\">%[3]s</code> tosamenföhren"
+	},
+	"search.milestone_kind": "In Markstenen söken …",
+	"home.explore_users": "Brukers utförsken",
+	"home.explore_orgs": "Vereenigungen utförsken",
+	"home.explore_repos": "Repositoriums utförsken",
+	"home.welcome.no_activity": "Keen Doon",
+	"home.welcome.activity_hint": "In dienem Schuuv is noch nix. Dien Doon un dat Doon vun Repositoriums, wat du beluurst, word hier wiest worden.",
+	"incorrect_root_url": "Deese Forgejo-Instanz is inricht, unner »%s« besöcht to worden. Du bekiekst Forgejo jüüst dör een anner URL, wat daarto föhren kann, dat ’t deelwies nich richtig warkt. De kanonisk URL word vun de Forgejo-Chefs över de ROOT_URL-Instellen in de app.ini kuntrolleert.",
+	"themes.names.forgejo-light": "Forgejo Hell",
+	"themes.names.forgejo-dark": "Forgejo Dunker",
+	"themes.names.forgejo-auto": "Forgejo (Systeem-Thema nagahn)",
+	"error.not_found.title": "Sied nich funnen",
+	"alert.asset_load_failed": "Kunn Objekt-Dateien ut {path} nich laden. Bidde wees wiss, dat up de Objekt-Dateien togriepen worden kann.",
+	"install.invalid_lfs_path": "Kunn de LFS-Ruut an de angeven Padd nich maken: %[1]s",
+	"alert.range_error": " mutt eene Tahl tüsken %[1]s un %[2]s wesen.",
+	"meta.last_line": "Moin!\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.successful_run_after_failure_subject": "Warkwies %[1]s in Repositorium %[2]s verhaalt",
+	"mail.actions.not_successful_run_subject": "Warkwies %[1]s in Repositorium %[2]s fehlslagen",
+	"mail.actions.successful_run_after_failure": "Warkwies %[1]s in Repositorium %[2]s hett sik verhaalt",
+	"mail.actions.not_successful_run": "Warkwies %[1]s in Repositorium %[2]s is fehlslagen",
+	"mail.actions.run_info_cur_status": "Tostand vun deesem Utföhren: %[1]s (jüüst vun %[2]s verneeit)",
+	"mail.actions.run_info_previous_status": "Tostand vun de vörig Utföhren: %[1]s",
+	"mail.actions.run_info_trigger": "Utlööst um: %[1]s vun: %[2]s",
+	"discussion.locked": "Deeser Snack is tosloten worden. Blots Bidragers könen kommenteren.",
+	"relativetime.future": "in Tokunft",
+	"relativetime.mins": {
+		"one": "vör %d Menüüt",
+		"other": "vör %d Menüten"
+	},
+	"relativetime.hours": {
+		"one": "vör %d Stünn",
+		"other": "vör %d Stünnen"
+	},
+	"relativetime.now": "nu",
+	"relativetime.months": {
+		"one": "vör %d Maant",
+		"other": "vör %d Maanten"
+	},
+	"relativetime.weeks": {
+		"one": "vör %d Week",
+		"other": "vör %d Weken"
+	},
+	"relativetime.years": {
+		"one": "vör %d Jahr",
+		"other": "vör %d Jahren"
+	},
+	"relativetime.1day": "güstern",
+	"relativetime.1week": "leste Week",
+	"relativetime.2weeks": "vörleste Week",
+	"relativetime.1month": "lesten Maant",
+	"relativetime.2months": "vörlesten Maant",
+	"relativetime.1year": "lestes Jahr",
+	"relativetime.2years": "vörlestes Jahr",
+	"relativetime.days": {
+		"one": "vör %d Dag",
+		"other": "vör %d Dagen"
+	},
+	"relativetime.2days": "vörgüstern",
+	"moderation.report_abuse": "Missbruuk mellen",
+	"moderation.report_content": "Inholl mellen",
+	"moderation.report_abuse_form.invalid": "Ungültige Argumenten",
+	"moderation.report_abuse_form.already_reported": "Du hest deesen Inholl al mellt",
+	"moderation.abuse_category": "Deel",
+	"moderation.abuse_category.placeholder": "Köör een Deel ut",
+	"moderation.abuse_category.spam": "Oolkert-Tüüg",
+	"moderation.abuse_category.illegal_content": "Verboden Inholl",
+	"moderation.abuse_category.other_violations": "Anner Verstöten tegen de Plattfoorms-Regels",
+	"moderation.report_remarks": "Anmarkens",
+	"moderation.submit_report": "Mellen ofschicken",
+	"moderation.reporting_failed": "Kann dat neje Missbruuk-Mellen nich ofschicken: %v",
+	"moderation.reported_thank_you": "Wees bedankt för dien Mellen. De Sied-Chefs hebben de Naricht daaröver kregen.",
+	"moderation.report_remarks.placeholder": "Bidde giff mehr Informatioonen över de Missbruuk, wat du mellst, an.",
+	"admin.config.moderation_config": "Moderatioons-Instellens",
+	"moderation.report_abuse_form.header": "Missbruuk an de Chef mellen",
+	"moderation.report_abuse_form.details": "Deeses Formular kann bruukt worden, um Brukers to mellen, wenn se Oolkert-Profilen, -Repositoriums, -Gefallens of -Kommentaren maken of sik unanstännig verhollen.",
+	"moderation.abuse_category.malware": "Schaa-Waar",
+	"repo.form.cannot_create": "All Rumen, waar du Repositoriums maken kannst, enthollen al de grootste Tahl vun verlöövt Repositoriums.",
+	"repo.issue_indexer.title": "Gefallen-Indizerer",
+	"followers.outgoing.list.none": "%s gaht nüms na.",
+	"watch.list.none": "Nüms beluurt deeses Repositorium.",
+	"followers.incoming.list.self.none": "Nüms gaht dienem Profil na.",
+	"followers.incoming.list.none": "Nüms gaht deesem Bruker na.",
+	"followers.outgoing.list.self.none": "Du gahst nüms na.",
+	"stars.list.none": "Nüms hett up deesem Repositorium eenen Steern sett.",
+	"editor.textarea.tab_hint": "Rieg al inschuven. Drück weer <kbd>Tab</kbd> of <kbd>Esc</kbd>, um de Bewarker to verlaten.",
+	"editor.textarea.shift_tab_hint": "Keen Inschuuv in deeser Rieg. Drück weer <kbd>Umschalt</kbd>+<kbd>Tab</kbd> of <kbd>Esc</kbd>, um de Bewarker to verlaten.",
+	"admin.dashboard.cleanup_offline_runners": "Nich verbunnen Lopers uprümen",
+	"settings.visibility.description": "De Profil-Sichtbaarkeid maakt daar wat an, of un wo anner Lüü diene nich-privaaten Repositoriums ankieken könen. <a href=\"%s\" target=\"_blank\">Mehr unnerhören</a>.",
+	"avatar.constraints_hint": "Dat eegene Kontobill düür nich groter as %[1]s wesen of groter as %[2]d×%[3]d Billtüttels wesen",
+	"repo.diff.commit.next-short": "Anner",
+	"repo.diff.commit.previous-short": "Vörig",
+	"feed.atom.link": "Atom-Schuuv",
+	"keys.ssh.link": "SSH-Slötels",
+	"keys.gpg.link": "GPG-Slötels",
+	"profile.actions.tooltip": "Mehr Aktioonen",
+	"profile.edit.link": "Profil bewarken",
+	"og.repo.summary_card.alt_description": "Tosamenfatens-Kaart vun de Repositorium %[1]s, beschrieven as: %[2]s",
+	"mail.actions.run_info_sha": "Kommitteren: %[1]s",
+	"repo.settings.push_mirror.branch_filter.description": "Twiegen tum Spegeln. Laat dat leeg, um all Twiegen to spegeln. Lees de <a href=\"%[1]s\">%[2]s-Dokumenteren</a> för de Syntax. Bispölen: <code>main, release/*</code>",
+	"repo.settings.push_mirror.branch_filter.label": "Twieg-Filter (wenn du willst)",
+	"discussion.sidebar.reference": "Nömen",
+	"admin.moderation.moderation_reports": "Moderatioons-Berichten",
+	"admin.moderation.no_open_reports": "Dat gifft jüüst keene open Berichten.",
+	"admin.moderation.reports": "Berichten",
+	"admin.moderation.deleted_content_ref": "Mellt Inholl mit Aard %[1]v un Kennteken %[2]d gifft dat nich mehr",
+	"admin.dashboard.remove_resolved_reports": "Lööst Berichten wegdoon",
+	"compare.branches.title": "Twiegen verglieken",
+	"repo.commit.load_tags_failed": "Kunn de Markens um eenen binnern Fehler nich laden",
+	"admin.auths.allow_username_change.description": "Verlööv Brukers, hör Brukernaam in de Profil-Instellens to ännern",
+	"admin.auths.allow_username_change": "Brukernaam-Ännern verlöven",
+	"warning.repository.out_of_sync": "De Datenbank-Tostand vun deesem Repositorium is verschuven. Wenn deese Wahrschau immer noch wiest word, nadeem een Kommitteren to deesem Repositorium schuven word, kuntakteer de Sied-Chef.",
+	"repo.pulls.already_merged": "Tosamenföhren fehlslagen: Deeser Haalvörslag is al tosamenföhrt worden.",
+	"migrate.pagure.description": "Daten vun pagure.io of anner Pagure-Instanzen umtrecken.",
+	"migrate.pagure.project_url": "Pagure-Projekt-URL",
+	"migrate.pagure.project_example": "De URL vum Projekt up Pagure, to’n Bispööl https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Pagure-API-Teken",
+	"migrate.pagure.incorrect_url": "Ungültige Quell-Repositoriums-URL is angeven worden",
+	"migrate.github.description": "Daten vun github.com of eenem GitHub-Enterprise-Server umtrecken.",
+	"migrate.git.description": "Een Repositorium blots vun elkeen Git-Deenst umtrecken.",
+	"migrate.gitea.description": "Daten vun gitea.com of anner Gitea-Instanzen umtrecken.",
+	"migrate.gitlab.description": "Daten vun gitlab.com of anner GitLab-Instanzen umtrecken.",
+	"migrate.gogs.description": "Daten vun notabug.org of anner Gogs-Instanzen umtrecken.",
+	"migrate.onedev.description": "Daten vun code.onedev.io of anner OneDev-Instanzen umtrecken.",
+	"migrate.gitbucket.description": "Daten vun GitBucket-Instanzen umtrecken.",
+	"migrate.codebase.description": "Daten vun codebasehq.com umtrecken.",
+	"migrate.forgejo.description": "Daten vun codeberg.org of anner Forgejo-Instanzen umtrecken.",
+	"admin.config.security": "Sekerheids-Instellens",
+	"admin.config.global_2fa_requirement.all": "All Brukers",
+	"error.must_enable_2fa": "Deese Forgejo-Instanz verlangt, dat Brukers Twee-Faktooren-Anmellen anknipsen, ehr se up hör Konten togriepen könen. Knips dat hier an: %s",
+	"settings.twofa_unroll_unavailable": "Twee-Faktooren-Anmellen word för dien Konto verlangt un kann nich utknipst worden.",
+	"admin.config.global_2fa_requirement.none": "Nee",
+	"admin.config.global_2fa_requirement.admin": "Chefs",
+	"admin.config.global_2fa_requirement.title": "Twee-Faktooren-Anmellen överall verlangen",
+	"settings.twofa_reenroll": "Twee-Faktooren-Anmellen neei inrichten",
+	"settings.twofa_reenroll.description": "Richt dien Twee-Faktooren-Anmellen neei in",
+	"settings.must_enable_2fa": "Deese Forgejo-Instanz verlangt, dat Brukers Twee-Faktooren-Anmellen anknipsen, ehr se up hör Konten togriepen könen.",
+	"user.ghost.tooltip": "Deeser Bruker is lösket worden of kann nich funnen worden.",
+	"migrate.form.error.url_credentials": "De URL enthollt Anmell-Daten, legg se in de Felden för Brukernaam un Passwoord",
+	"actions.runs.viewing_out_of_date_run": "Du bekiekst eenen verollten Loop vun deeser Upgaav, wat %[1]s utföhrt worden is.",
+	"actions.runs.view_most_recent_run": "Neeisten Loop ankieken",
+	"actions.runs.run_attempt_label": "Loop-Versöök #%[1]s (%[2]s)",
+	"repo.pulls.maintainers_can_edit": "Liddmaten könen deesen Haalvörslag bewarken.",
+	"repo.pulls.maintainers_cannot_edit": "Liddmaten könen deesen Haalvörslag nich bewarken.",
+	"pulse.n_active_issues": {
+		"one": "%s aktiiv Gefall",
+		"other": "%s aktiiv Gefallens"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s aktiiv Haalvörslag",
+		"other": "%s aktiiv Haalvörslagen"
+	},
+	"migrate.pagure.private_issues.summary": "Privaate Gefallens (wenn du willst)",
+	"migrate.pagure.token.placeholder": "Blots, um een Archiv vun privaaten Gefallens to maken",
+	"migrate.pagure.private_issues.description": "Deese Funktioon lett di een twedes Repositorium maken, wat blots privaate Gefallens ut dienem Pagure-Projekt för Archivzwecken enthollt. Maak toeerst eenen normaalen Umtreck (sünner een Teken), um alle publiken Inhollen to importeren. Dann, wenn du privaate Gefallens hest, wat du behollen willst, maak noch een anner Repositorium mit deesem Teken, um deese privaaten Gefallens to archiveren.",
+	"migrate.pagure.private_issues.warning": "Wees wiss, de Sichtbaarkeid vun de Repositorium up Privaat to setten, wenn du de API-Slötel bruukst, um privaate Gefallens to importeren. Dat verhinnert, dat du privaaten Inholl ut Versehn in eenem publiken Repositorium blootmaakst.",
+	"mail.issue.action.close_by_commit": "%[1]s hett %[2]s in Kommitteren %[3]s dichtmaakt.",
+	"actions.workflow.job_parsing_error": "Kann de Upgaven in de Warkwies nich lesen: %v",
+	"actions.workflow.event_detection_error": "Kann de unnerstütt Vörfallen in de Warkwies nich lesen: %v",
+	"actions.workflow.pre_execution_error": "Warkwies is nich utföhrt worden, denn een Fehler is uptreden, wat de Utföhrens-Versöök blockeert hett.",
+	"watch.n_watchers": {
+		"one": "%s Belurer",
+		"other": "%s Belurers"
+	},
+	"teams.add_all_repos.modal.header": "All Repositoriums hentofögen",
+	"teams.remove_all_repos.modal.header": "All Repositoriums wegdoon",
+	"repo.pulls.poster_manage_approval": "Tostimmen verwalten",
+	"repo.pulls.poster_requires_approval": "Eenige Warkwiesen <a href=\"%[1]s\">wachten up een Nakieken.</a>",
+	"repo.pulls.poster_is_trusted": "De Schriever vun deesem Haalvörslag word <a href=\"%[1]s\">alltied vertroot, Warkwiesen uttoföhren.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "De Schriever vun deesem Haalvörslag word nich vertroot, Warkwiesen uttoföhren, wat vun eenem Haalvörslag ut eener Gavel of mit AGit utlööst worden. De Warkwiesen, wat vun eenem `pull_request`-Vörfall utlööst worden, lopen eerst dann, wenn se tostimmt worden.",
+	"repo.pulls.poster_is_trusted.tooltip": "De Schriever vun deesem Haalvörslag word utdrückelk vertroot, Warkwiesen uttoföhren, wat vun `pull_request`-Vörfallen utlööst worden.",
+	"repo.pulls.poster_trust_deny": "Verseggen",
+	"repo.pulls.poster_trust_deny.tooltip": "De Warkwiesen, wat up Tostimmen wachten, worden ofbroken.",
+	"repo.pulls.poster_trust_once": "Een Maal tostimmen",
+	"repo.pulls.poster_trust_once.tooltip": "De Warkwiesen, wat vun eenem `pull_request`-Vörfall utlööst worden, worden för deeses Kommitteren lopen, mutten aver för all tokünftig Kommitterens, wat to deesem Haalvörslag schuven worden, weer neei tostimmt worden.",
+	"repo.pulls.poster_trust_always": "Alltieden verlöven",
+	"repo.pulls.poster_trust_always.tooltip": "De Warkwiesen, wat vun eenem `pull_request`-Vörfall utlööst worden, worden för deeses Kommitteren lopen, un wiedere Utföhrens vun deesem Haalvörslag of vun tokünftig Haalvörslagen vun de sülven Schriever mutten nich mehr tostimmt worden.",
+	"repo.pulls.poster_trust_revoke": "Torüggnehmen",
+	"repo.pulls.poster_trust_revoke.tooltip": "De Schriever vun deesem Haalvörslag word nich mehr vertroot, Warkwiesen, wat vun eenem `pull_request`-Vörfall utlööst worden, uttoföhren. Elkeen Utföhren mutt neei tostimmt worden.",
+	"admin.dashboard.actions_action_user": "Forgejo-Aktioonen-Vertroen för inaktiiv Brukers torüggnehmen",
+	"actions.status.diagnostics.waiting": {
+		"one": "Wacht up eenen Loper mit deesem Vermark: %s",
+		"other": "Wacht up eenen Loper mit deesen Vermarkens: %s"
+	},
+	"keys.verify.token.hint": "Deeses Teken gellt blots 1 Menüüt. <a href=\"%[1]s\">Haal een nejes, wenn ’t avlopen is</a>.",
+	"admin.dashboard.transfer_lingering_logs": "Aktioons-Utgaven vun ofsloten Aktioons-Upgaven vun de Datenbank in de Spieker överdragen",
+	"repo.issues.filter_poster.hint": "Na Autor filtern",
+	"repo.issues.filter_assignee.hint": "Na towiesen Bruker filtern",
+	"repo.issues.filter_reviewers.hint": "Na Nakieker filtern",
+	"repo.issues.filter_mention.hint": "Na benöömt Bruker filtern",
+	"repo.issues.filter_modified.hint": "Na lestem Ännern filtern",
+	"repo.issues.filter_sort.hint": "Sorteren na: maakt/Kommentaren/verneeit/Anstahn",
+	"search.syntax": "Söök-Syntax",
+	"actions.workflow.persistent_incomplete_matrix": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten, denn een `needs`-Utdruck weer ungültig. Verlicht benöömt dat eene Upgaav, wat nich in hör »needs«-List is (%[2]s), of eene Utgaav, wat in keener vun deeser Upgaven vörkummt.",
+	"admin.auths.oauth2_quota_group_map": "In Anspröök nohmen Gruppen up Quoten-Gruppen ofbillen. (Wenn du willst – bruukt Anspröök-Naam boven)",
+	"admin.auths.oauth2_quota_group_claim_name": "Anspöök-Naam, wat Grupp-Namen för deese Quell tum Bruken bi’m Quoten-Verwalten gifft. (Wenn du willst)",
+	"admin.auths.oauth2_quota_group_map_removal": "Brukers ut spegelt Quoten-Gruppen wegdoon, wenn Bruker nich to de tohörig Grupp tohöört.",
+	"moderation.report.mark_as_handled": "As ofhannelt markeren",
+	"moderation.report.mark_as_ignored": "As minnacht markeren",
+	"moderation.action.account.delete": "Konto lösken",
+	"moderation.action.account.suspend": "Konto sperren",
+	"moderation.action.repo.delete": "Repositorium lösken",
+	"moderation.action.issue.delete": "Gefall lösken",
+	"moderation.action.comment.delete": "Kommentaar lösken",
+	"moderation.unknown_action": "Unbekannte Aktioon",
+	"moderation.users.cannot_suspend_self": "Du kannst di nich sülvst sperren.",
+	"moderation.users.cannot_suspend_admins": "Brukers mit Chef-Rechten könen nich sperrt worden.",
+	"moderation.users.cannot_suspend_org": "Vereenigungen könen nich sperrt worden.",
+	"moderation.users.already_suspended": "Brukerkonto is al sperrt.",
+	"moderation.users.suspend_success": "Dat Brukerkonto is sperrt worden.",
+	"moderation.users.cannot_delete_admins": "Brukers mit Chef-Rechten könen nich lösket worden.",
+	"moderation.issue.deletion_success": "Dat Gefall is lösket worden.",
+	"moderation.comment.deletion_success": "De Kommentaar is lösket worden.",
+	"actions.workflow.incomplete_matrix_missing_job": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s is nich in de `needs`-List vun Upgaav %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hapert Utgaav %[3]s.",
+	"actions.workflow.incomplete_runson_missing_job": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s is nich in de `needs`-List vun Upgaav %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hapert Utgaav %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Kann de `runs-on` vun Upgaav %[1]s nich utweerten: Matrix-Richt %[2]s gifft dat nich.",
+	"search.fuzzy": "Umslags",
+	"search.fuzzy_tooltip": "Ok Resultaten wiesen, wat so wat umslags to de Söökwoorden passen",
+	"issues.updated": "%s verneeit",
+	"actions.workflow.incomplete_with_missing_job": "Kann de `with` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s is nich in de `needs`-List vun Upgaav %[1]s (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "Kann de `with` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hapert Utgaav %[3]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Kann de `with` vun Upgaav %[1]s nich utweerten: Matrix-Richt %[2]s gifft dat nich.",
+	"actions.workflow.incomplete_with_unknown_cause": "Kann de `with` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler."
 }
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index e243743529..642eee3357 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -1,206 +1,206 @@
 {
-    "fork.n_forks": {
-        "one": "%s fork",
-        "other": "%s forks"
-    },
-    "stars.n_stars": {
-        "one": "%s ster",
-        "other": "%s sterren"
-    },
-    "release.n_downloads": {
-        "one": "%s download",
-        "other": "%s downloads"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "heeft %[1]d commit van <code>%[2]s</code> samengevoegd in <code>%[3]s</code> %[4]s",
-        "other": "heeft %[1]d commits van <code>%[2]s</code> samengevoegd in <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "wil %[1]d commit van <code>%[2]s</code> samenvoegen in <code id=\"%[4]s\">%[3]s</code>",
-        "other": "wil %[1]d commits van <code>%[2]s</code> samenvoegen in <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Zoek mijlpalen…",
-    "home.welcome.no_activity": "Geen activiteit",
-    "home.welcome.activity_hint": "Er staat nog niets in uw feed. Uw acties en activiteiten van repositories die u monitort zullen hier verschijnen.",
-    "home.explore_repos": "Verken repositories",
-    "home.explore_users": "Verken gebruikers",
-    "home.explore_orgs": "Verken organisaties",
-    "incorrect_root_url": "Deze Forgejo-instantie is geconfigureerd om bereikbaar te zijn op \"%s\". U bekijkt Forgejo momenteel via een andere URL, waardoor onderdelen van de applicatie kunnen breken. De canonieke URL kan worden gewijzigd door Forgejo admins via de ROOT_URL instelling in de app.ini.",
-    "themes.names.forgejo-auto": "Forgejo (volg het systeemthema)",
-    "themes.names.forgejo-light": "Forgejo licht",
-    "themes.names.forgejo-dark": "Forgejo donker",
-    "error.not_found.title": "Pagina niet gevonden",
-    "alert.asset_load_failed": "Het laden van hulp-bestanden vanuit {path} is mislukt. Controleer of de hulp-bestanden toegankelijk zijn.",
-    "install.invalid_lfs_path": "Kan de LFS-root niet aanmaken op de opgegeven locatie: %[1]s",
-    "alert.range_error": " moet een getal zijn tussen %[1]s en %[2]s.",
-    "meta.last_line": "Wist je dat de paprika, behalve in de bekende kleuren rood, geel, oranje en groen, ook in de kleuren wit, paars, lila, muntgroen en bruin voorkomt.",
-    "mail.actions.successful_run_after_failure_subject": "Werkstroom %[1]s hersteld in repositorie %[2]s",
-    "mail.actions.not_successful_run_subject": "Werkstroom %[1]s mislukt in repositorie %[2]s",
-    "mail.actions.successful_run_after_failure": "Werkstroom %[1]s hersteld in repositorie %[2]s",
-    "mail.actions.not_successful_run": "Werkstroom %[1]s mislukt in repositorie %[2]s",
-    "mail.actions.run_info_cur_status": "De status van deze run: %[1]s (zojuist bijgewerkt van %[2]s)",
-    "mail.actions.run_info_previous_status": "Status vorige run: %[1]s",
-    "mail.actions.run_info_trigger": "Getriggerd omdat: %[1]s door: %[2]s",
-    "discussion.locked": "Deze discussie is afgesloten. Commentaar is alleen mogelijk voor bijdragers.",
-    "relativetime.now": "nu",
-    "relativetime.future": "in de toekomst",
-    "repo.form.cannot_create": "Alle ruimtes waarin u repositories kan maken hebben hun maximum aantal repositories bereikt.",
-    "moderation.report_content": "Meldt content",
-    "moderation.report_abuse_form.header": "Meld misbruik bij de beheerder",
-    "moderation.report_abuse_form.invalid": "Ongeldige argumenten",
-    "moderation.report_abuse_form.already_reported": "U heeft deze content reeds gerapporteerd",
-    "moderation.abuse_category": "Categorie",
-    "moderation.abuse_category.placeholder": "Selecteer een categorie",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Malware",
-    "moderation.report_abuse_form.details": "Dit formulier dient gebruikt te worden om gebruikers te rapporteren die spamprofielen, -issues, -commentaren aanmaken of zich anderszins misdragen.",
-    "moderation.submit_report": "Verzend rapport",
-    "moderation.reporting_failed": "De nieuwe misbruikrapportage kan niet worden ingediend: %v",
-    "moderation.reported_thank_you": "Dank voor uw melding. Het beheer is hierover nu geïnformeerd.",
-    "moderation.report_remarks.placeholder": "Geef a.u.b. wat details betreffende het misbruik dat u meldt.",
-    "followers.outgoing.list.none": "%s volgt niemand.",
-    "relativetime.1day": "gisteren",
-    "relativetime.2days": "twee dagen geleden",
-    "relativetime.1week": "vorige week",
-    "relativetime.2weeks": "twee weken geleden",
-    "relativetime.1month": "vorige maand",
-    "relativetime.2months": "twee maanden geleden",
-    "relativetime.1year": "vorig jaar",
-    "relativetime.2years": "twee jaar geleden",
-    "moderation.abuse_category.illegal_content": "Illegale content",
-    "moderation.abuse_category.other_violations": "Andere overtreding van platformregels",
-    "moderation.report_remarks": "Opmerkingen",
-    "editor.textarea.tab_hint": "Regel springt reeds in. Type <kbd>Tab</kbd> nogmaals of <kbd>Escape</kbd> om de editor te verlaten.",
-    "editor.textarea.shift_tab_hint": "Geen inspringing op deze regel. Type <kbd>Shift</kbd> + <kbd>Tab</kbd> nogmaals of <kbd>Escape</kbd> om de editor te verlaten.",
-    "relativetime.days": {
-        "one": "%d dag geleden",
-        "other": "%d dagen geleden"
-    },
-    "relativetime.weeks": {
-        "one": "%d week geleden",
-        "other": "%d weken geleden"
-    },
-    "relativetime.months": {
-        "one": "%d maand geleden",
-        "other": "%d maanden geleden"
-    },
-    "relativetime.years": {
-        "one": "%d jaar geleden",
-        "other": "%d jaren geleden"
-    },
-    "admin.config.moderation_config": "Moderatie configuratie",
-    "moderation.report_abuse": "Meld misbruik",
-    "relativetime.mins": {
-        "one": "%d minuut geleden",
-        "other": "%d minuten geleden"
-    },
-    "relativetime.hours": {
-        "one": "%d uur geleden",
-        "other": "%d uren geleden"
-    },
-    "repo.issue_indexer.title": "Issue indexer",
-    "stars.list.none": "Niemand heeft deze repo een ster gegeven.",
-    "watch.list.none": "Niemand houdt deze repo in de gaten.",
-    "followers.incoming.list.self.none": "Niemand volgt uw profiel.",
-    "followers.incoming.list.none": "Deze gebruiker wordt door niemand gevolgd.",
-    "followers.outgoing.list.self.none": "U volgt niemand.",
-    "settings.visibility.description": "Profielzichtbaarheid beïnvloedt de mogelijkheid van anderen om toegang te krijgen tot je niet-privé repositories. <a href=\"%s\" target=\"_blank\">Lees meer</a>.",
-    "repo.diff.commit.next-short": "Volgende",
-    "admin.dashboard.cleanup_offline_runners": "Offline runners opruimen",
-    "keys.ssh.link": "SSH sleutels",
-    "keys.gpg.link": "GPG sleutels",
-    "profile.actions.tooltip": "Meer acties",
-    "profile.edit.link": "Profiel bewerken",
-    "feed.atom.link": "Atom-feed",
-    "repo.diff.commit.previous-short": "Vorige",
-    "avatar.constraints_hint": "Eigen avatars mogen niet groter zijn dan %[1]s in grootte of groter zijn dan %[2]dx%[3]d pixels",
-    "og.repo.summary_card.alt_description": "Samenvattingsoverzicht van repositorie %[1]s, omschreven als: %[2]s",
-    "mail.actions.run_info_sha": "Commit: %[1]s",
-    "repo.settings.push_mirror.branch_filter.label": "Branch filter (optioneel)",
-    "repo.settings.push_mirror.branch_filter.description": "Branches die gespiegeld moeten worden. Laat het laag om alle branches te spiegelen. Zie <a href=\"%[1]s\">%[2]s documentatie</a> voor de syntax. Voorbeeld: <code>main, release/*</code>",
-    "admin.dashboard.remove_resolved_reports": "Opgeloste meldingen verwijderen",
-    "compare.branches.title": "Vergelijk branches",
-    "repo.commit.load_tags_failed": "Het laden van tags is mislukt vanwege een interne fout",
-    "admin.auths.allow_username_change": "Gebruikersnaam wijzigen toestaan",
-    "admin.auths.allow_username_change.description": "Gebruikers toestaan hun gebruikersnaam te wijzigen in de profielinstellingen",
-    "discussion.sidebar.reference": "Referentie",
-    "admin.moderation.moderation_reports": "Moderatiemeldingen",
-    "admin.moderation.no_open_reports": "Er zijn momenteel geen openstaande meldingen.",
-    "admin.moderation.reports": "Meldingen",
-    "admin.moderation.deleted_content_ref": "Gemelde inhoud met type %[1]v en id %[2]d bestaat niet meer",
-    "warning.repository.out_of_sync": "De databaserepresentatie van deze repository is niet gesynchroniseerd. Als deze waarschuwing nog steeds wordt weergegeven nadat u een commit naar deze repository hebt gepusht, neem dan contact op met de beheerder.",
-    "repo.pulls.already_merged": "Samenvoegen mislukt: deze pull request is al samengevoegd.",
-    "migrate.pagure.description": "Migreer gegevens van pagure.io of andere Pagure-instanties.",
-    "migrate.pagure.incorrect_url": "Er is een onjuiste URL voor de bronrepository opgegeven",
-    "migrate.pagure.project_url": "Pagure-project URL",
-    "migrate.pagure.project_example": "De url van het Pagure-project, bijvoorbeeld https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Pagure API-token",
-    "migrate.github.description": "Migreer gegevens van github.com of GitHub Enterprise server.",
-    "migrate.git.description": "Migreer een repositorie van elke Git service.",
-    "migrate.gitea.description": "Gegevens overzetten van gitea.com of andere Gitea instanties.",
-    "migrate.gitlab.description": "Gegevens migreren van gitlab.com of andere GitLab-instanties.",
-    "migrate.gogs.description": "Gegevens overzetten van notabug.org of andere Gogs instanties.",
-    "migrate.onedev.description": "Gegevens overzetten van code.onedev.io of andere OneDev instanties.",
-    "migrate.gitbucket.description": "Gegevens migreren van GitBucket instanties.",
-    "migrate.codebase.description": "Gegevens migreren van codebasehq.com.",
-    "migrate.forgejo.description": "Migreer data van codeberg.org of andere Forgejo instanties.",
-    "settings.twofa_unroll_unavailable": "Tweefactorauthenticatie is vereist voor uw account en kan niet worden uitgeschakeld.",
-    "admin.config.security": "Beveiligingsconfiguratie",
-    "admin.config.global_2fa_requirement.title": "Globale vereiste van tweefactorauthenticatie",
-    "admin.config.global_2fa_requirement.none": "Nee",
-    "admin.config.global_2fa_requirement.all": "Alle gebruikers",
-    "admin.config.global_2fa_requirement.admin": "Beheerders",
-    "settings.twofa_reenroll": "Herinschrijven voor tweefactorauthenticatie",
-    "settings.twofa_reenroll.description": "Herhaal uw tweefactorauthenticatie",
-    "settings.must_enable_2fa": "Deze Forgejo-instantie vereist dat gebruikers tweefactorauthenticatie inschakelen voordat ze toegang krijgen tot hun accounts.",
-    "user.ghost.tooltip": "Deze gebruiker is verwijderd of kan niet worden gevonden.",
-    "error.must_enable_2fa": "Deze Forgejo-instantie vereist dat gebruikers tweefactorauthenticatie inschakelen voordat ze toegang krijgen tot hun accounts. Schakel dit in op: %s",
-    "migrate.form.error.url_credentials": "De URL bevat inloggegevens. Vul deze in de velden voor gebruikersnaam en wachtwoord respectievelijk",
-    "actions.runs.view_most_recent_run": "Bekijk de meest recente run",
-    "actions.runs.run_attempt_label": "Uitvoerpoging #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "U bekijkt een verouderde uitvoer van deze opdracht die %[1]s is uitgevoerd.",
-    "repo.pulls.maintainers_can_edit": "Maintainers kan deze pull request bewerken.",
-    "repo.pulls.maintainers_cannot_edit": "Maintainers kunnen deze pull request niet bewerken.",
-    "pulse.n_active_issues": {
-        "one": "%s actieve issue",
-        "other": "%s actieve issues"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s actieve pull request",
-        "other": "%s actieve pull requests"
-    },
-    "watch.n_watchers": {
-        "one": "%s volger",
-        "other": "%s volgers"
-    },
-    "mail.issue.action.close_by_commit": "%[1]s sloot %[2]s in commit %[3]s.",
-    "migrate.pagure.private_issues.summary": "Privé-issues (optioneel)",
-    "migrate.pagure.private_issues.description": "Deze functie is ontworpen om een tweede repository aan te maken met alleen privé-issues van je Pagure project voor archiefdoeleinden. Voer eerst een normale migratie uit (zonder token) om alle publieke content te importeren. Als u vervolgens privé-issues wilt bewaren, maak dan een aparte repository aan met deze tokenoptie om die privé-issues te archiveren.",
-    "migrate.pagure.private_issues.warning": "Zorg ervoor dat je de repository zichtbaarheid hierboven op Privé zet als je de API sleutel gebruikt om privézaken te importeren. Dit voorkomt dat je per ongeluk privé-inhoud blootstelt in een openbare repository.",
-    "migrate.pagure.token.placeholder": "Alleen voor het aanmaken van een privé-archief met issues",
-    "actions.workflow.job_parsing_error": "Taken in workflow kunnen niet worden geparseerd: %v",
-    "actions.workflow.event_detection_error": "Ondersteunde gebeurtenissen in workflow kunnen niet worden geparseerd: %v",
-    "actions.workflow.pre_execution_error": "Workflow is niet uitgevoerd vanwege een fout die de uitvoeringspoging blokkeerde.",
-    "teams.add_all_repos.modal.header": "Alle repositories toevoegen",
-    "teams.remove_all_repos.modal.header": "Alle repositories verwijderen",
-    "repo.pulls.poster_manage_approval": "Goedkeuring beheren",
-    "repo.pulls.poster_requires_approval": "Sommige werkstromen zijn <a href=\"%[1]s\">wachtend om beoordeeld te worden.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "De auteur van dit pull request wordt niet vertrouwd om workflows uit te voeren die worden getriggerd door een pull request dat is aangemaakt vanuit een forked repository of met AGit. De werkstromen die worden geactiveerd door een `pull_request` evenement zullen niet worden uitgevoerd totdat ze zijn goedgekeurd.",
-    "repo.pulls.poster_is_trusted": "De auteur van dit pull request is <a href=\"%[1]s\">altijd vertrouwd om werkstromen uit te voeren.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "De auteur van dit pull request is expliciet vertrouwd om workflows uit te voeren die worden geactiveerd door een `pull_request` evenement.",
-    "repo.pulls.poster_trust_deny": "Weigeren",
-    "repo.pulls.poster_trust_deny.tooltip": "De workflows die op goedkeuring wachten, worden geannuleerd.",
-    "repo.pulls.poster_trust_once": "Eenmaal goedkeuren",
-    "repo.pulls.poster_trust_once.tooltip": "De workflows die getriggerd worden door een `pull_request` evenement zullen op deze commit draaien, maar zullen goedgekeurd moeten worden voor alle toekomstige commits die naar dit pull request gepushed worden.",
-    "repo.pulls.poster_trust_always": "Altijd goedkeuren",
-    "repo.pulls.poster_trust_always.tooltip": "De werkstromen die getriggerd worden door een `pull_request` evenement zullen op deze commit draaien en er zal geen noodzaak zijn om runs van dit pull request of toekomstige pull requests, gemaakt door dezelfde gebruiker, goed te keuren.",
-    "repo.pulls.poster_trust_revoke": "Intrekken",
-    "repo.pulls.poster_trust_revoke.tooltip": "De auteur van dit pull request zal niet langer worden vertrouwd om werkstromen uit te voeren die worden geactiveerd door een `pull_request` evenement, elke run zal handmatig moeten worden goedgekeurd.",
-    "admin.dashboard.actions_action_user": "Vertrouwen in acties van Forgejo intrekken voor inactieve gebruikers",
-    "actions.status.diagnostics.waiting": {
-        "one": "Wachten op een runner met het volgende label: %s",
-        "other": "Wachten op een runner met de volgende labels: %s"
-    },
-    "keys.verify.token.hint": "De token is slechts 1 minuut geldig. <a href=\"%[1]s\">Krijg een nieuwe als deze verlopen is</a>.",
-    "repo.issues.filter_poster.hint": "Filter op auteur"
+	"fork.n_forks": {
+		"one": "%s fork",
+		"other": "%s forks"
+	},
+	"stars.n_stars": {
+		"one": "%s ster",
+		"other": "%s sterren"
+	},
+	"release.n_downloads": {
+		"one": "%s download",
+		"other": "%s downloads"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "heeft %[1]d commit van <code>%[2]s</code> samengevoegd in <code>%[3]s</code> %[4]s",
+		"other": "heeft %[1]d commits van <code>%[2]s</code> samengevoegd in <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "wil %[1]d commit van <code>%[2]s</code> samenvoegen in <code id=\"%[4]s\">%[3]s</code>",
+		"other": "wil %[1]d commits van <code>%[2]s</code> samenvoegen in <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Zoek mijlpalen…",
+	"home.welcome.no_activity": "Geen activiteit",
+	"home.welcome.activity_hint": "Er staat nog niets in uw feed. Uw acties en activiteiten van repositories die u monitort zullen hier verschijnen.",
+	"home.explore_repos": "Verken repositories",
+	"home.explore_users": "Verken gebruikers",
+	"home.explore_orgs": "Verken organisaties",
+	"incorrect_root_url": "Deze Forgejo-instantie is geconfigureerd om bereikbaar te zijn op \"%s\". U bekijkt Forgejo momenteel via een andere URL, waardoor onderdelen van de applicatie kunnen breken. De canonieke URL kan worden gewijzigd door Forgejo admins via de ROOT_URL instelling in de app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (volg het systeemthema)",
+	"themes.names.forgejo-light": "Forgejo licht",
+	"themes.names.forgejo-dark": "Forgejo donker",
+	"error.not_found.title": "Pagina niet gevonden",
+	"alert.asset_load_failed": "Het laden van hulp-bestanden vanuit {path} is mislukt. Controleer of de hulp-bestanden toegankelijk zijn.",
+	"install.invalid_lfs_path": "Kan de LFS-root niet aanmaken op de opgegeven locatie: %[1]s",
+	"alert.range_error": " moet een getal zijn tussen %[1]s en %[2]s.",
+	"meta.last_line": "Wist je dat de paprika, behalve in de bekende kleuren rood, geel, oranje en groen, ook in de kleuren wit, paars, lila, muntgroen en bruin voorkomt.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.successful_run_after_failure_subject": "Werkstroom %[1]s hersteld in repositorie %[2]s",
+	"mail.actions.not_successful_run_subject": "Werkstroom %[1]s mislukt in repositorie %[2]s",
+	"mail.actions.successful_run_after_failure": "Werkstroom %[1]s hersteld in repositorie %[2]s",
+	"mail.actions.not_successful_run": "Werkstroom %[1]s mislukt in repositorie %[2]s",
+	"mail.actions.run_info_cur_status": "De status van deze run: %[1]s (zojuist bijgewerkt van %[2]s)",
+	"mail.actions.run_info_previous_status": "Status vorige run: %[1]s",
+	"mail.actions.run_info_trigger": "Getriggerd omdat: %[1]s door: %[2]s",
+	"discussion.locked": "Deze discussie is afgesloten. Commentaar is alleen mogelijk voor bijdragers.",
+	"relativetime.now": "nu",
+	"relativetime.future": "in de toekomst",
+	"repo.form.cannot_create": "Alle ruimtes waarin u repositories kan maken hebben hun maximum aantal repositories bereikt.",
+	"moderation.report_content": "Meldt content",
+	"moderation.report_abuse_form.header": "Meld misbruik bij de beheerder",
+	"moderation.report_abuse_form.invalid": "Ongeldige argumenten",
+	"moderation.report_abuse_form.already_reported": "U heeft deze content reeds gerapporteerd",
+	"moderation.abuse_category": "Categorie",
+	"moderation.abuse_category.placeholder": "Selecteer een categorie",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Malware",
+	"moderation.report_abuse_form.details": "Dit formulier dient gebruikt te worden om gebruikers te rapporteren die spamprofielen, -issues, -commentaren aanmaken of zich anderszins misdragen.",
+	"moderation.submit_report": "Verzend rapport",
+	"moderation.reporting_failed": "De nieuwe misbruikrapportage kan niet worden ingediend: %v",
+	"moderation.reported_thank_you": "Dank voor uw melding. Het beheer is hierover nu geïnformeerd.",
+	"moderation.report_remarks.placeholder": "Geef a.u.b. wat details betreffende het misbruik dat u meldt.",
+	"followers.outgoing.list.none": "%s volgt niemand.",
+	"relativetime.1day": "gisteren",
+	"relativetime.2days": "twee dagen geleden",
+	"relativetime.1week": "vorige week",
+	"relativetime.2weeks": "twee weken geleden",
+	"relativetime.1month": "vorige maand",
+	"relativetime.2months": "twee maanden geleden",
+	"relativetime.1year": "vorig jaar",
+	"relativetime.2years": "twee jaar geleden",
+	"moderation.abuse_category.illegal_content": "Illegale content",
+	"moderation.abuse_category.other_violations": "Andere overtreding van platformregels",
+	"moderation.report_remarks": "Opmerkingen",
+	"editor.textarea.tab_hint": "Regel springt reeds in. Type <kbd>Tab</kbd> nogmaals of <kbd>Escape</kbd> om de editor te verlaten.",
+	"editor.textarea.shift_tab_hint": "Geen inspringing op deze regel. Type <kbd>Shift</kbd> + <kbd>Tab</kbd> nogmaals of <kbd>Escape</kbd> om de editor te verlaten.",
+	"relativetime.days": {
+		"one": "%d dag geleden",
+		"other": "%d dagen geleden"
+	},
+	"relativetime.weeks": {
+		"one": "%d week geleden",
+		"other": "%d weken geleden"
+	},
+	"relativetime.months": {
+		"one": "%d maand geleden",
+		"other": "%d maanden geleden"
+	},
+	"relativetime.years": {
+		"one": "%d jaar geleden",
+		"other": "%d jaren geleden"
+	},
+	"admin.config.moderation_config": "Moderatie configuratie",
+	"moderation.report_abuse": "Meld misbruik",
+	"relativetime.mins": {
+		"one": "%d minuut geleden",
+		"other": "%d minuten geleden"
+	},
+	"relativetime.hours": {
+		"one": "%d uur geleden",
+		"other": "%d uren geleden"
+	},
+	"repo.issue_indexer.title": "Issue indexer",
+	"stars.list.none": "Niemand heeft deze repo een ster gegeven.",
+	"watch.list.none": "Niemand houdt deze repo in de gaten.",
+	"followers.incoming.list.self.none": "Niemand volgt uw profiel.",
+	"followers.incoming.list.none": "Deze gebruiker wordt door niemand gevolgd.",
+	"followers.outgoing.list.self.none": "U volgt niemand.",
+	"settings.visibility.description": "Profielzichtbaarheid beïnvloedt de mogelijkheid van anderen om toegang te krijgen tot je niet-privé repositories. <a href=\"%s\" target=\"_blank\">Lees meer</a>.",
+	"repo.diff.commit.next-short": "Volgende",
+	"admin.dashboard.cleanup_offline_runners": "Offline runners opruimen",
+	"keys.ssh.link": "SSH sleutels",
+	"keys.gpg.link": "GPG sleutels",
+	"profile.actions.tooltip": "Meer acties",
+	"profile.edit.link": "Profiel bewerken",
+	"feed.atom.link": "Atom-feed",
+	"repo.diff.commit.previous-short": "Vorige",
+	"avatar.constraints_hint": "Eigen avatars mogen niet groter zijn dan %[1]s in grootte of groter zijn dan %[2]dx%[3]d pixels",
+	"og.repo.summary_card.alt_description": "Samenvattingsoverzicht van repositorie %[1]s, omschreven als: %[2]s",
+	"mail.actions.run_info_sha": "Commit: %[1]s",
+	"repo.settings.push_mirror.branch_filter.label": "Branch filter (optioneel)",
+	"repo.settings.push_mirror.branch_filter.description": "Branches die gespiegeld moeten worden. Laat het laag om alle branches te spiegelen. Zie <a href=\"%[1]s\">%[2]s documentatie</a> voor de syntax. Voorbeeld: <code>main, release/*</code>",
+	"admin.dashboard.remove_resolved_reports": "Opgeloste meldingen verwijderen",
+	"compare.branches.title": "Vergelijk branches",
+	"repo.commit.load_tags_failed": "Het laden van tags is mislukt vanwege een interne fout",
+	"admin.auths.allow_username_change": "Gebruikersnaam wijzigen toestaan",
+	"admin.auths.allow_username_change.description": "Gebruikers toestaan hun gebruikersnaam te wijzigen in de profielinstellingen",
+	"discussion.sidebar.reference": "Referentie",
+	"admin.moderation.moderation_reports": "Moderatiemeldingen",
+	"admin.moderation.no_open_reports": "Er zijn momenteel geen openstaande meldingen.",
+	"admin.moderation.reports": "Meldingen",
+	"admin.moderation.deleted_content_ref": "Gemelde inhoud met type %[1]v en id %[2]d bestaat niet meer",
+	"warning.repository.out_of_sync": "De databaserepresentatie van deze repository is niet gesynchroniseerd. Als deze waarschuwing nog steeds wordt weergegeven nadat u een commit naar deze repository hebt gepusht, neem dan contact op met de beheerder.",
+	"repo.pulls.already_merged": "Samenvoegen mislukt: deze pull request is al samengevoegd.",
+	"migrate.pagure.description": "Migreer gegevens van pagure.io of andere Pagure-instanties.",
+	"migrate.pagure.incorrect_url": "Er is een onjuiste URL voor de bronrepository opgegeven",
+	"migrate.pagure.project_url": "Pagure-project URL",
+	"migrate.pagure.project_example": "De url van het Pagure-project, bijvoorbeeld https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Pagure API-token",
+	"migrate.github.description": "Migreer gegevens van github.com of GitHub Enterprise server.",
+	"migrate.git.description": "Migreer een repositorie van elke Git service.",
+	"migrate.gitea.description": "Gegevens overzetten van gitea.com of andere Gitea instanties.",
+	"migrate.gitlab.description": "Gegevens migreren van gitlab.com of andere GitLab-instanties.",
+	"migrate.gogs.description": "Gegevens overzetten van notabug.org of andere Gogs instanties.",
+	"migrate.onedev.description": "Gegevens overzetten van code.onedev.io of andere OneDev instanties.",
+	"migrate.gitbucket.description": "Gegevens migreren van GitBucket instanties.",
+	"migrate.codebase.description": "Gegevens migreren van codebasehq.com.",
+	"migrate.forgejo.description": "Migreer data van codeberg.org of andere Forgejo instanties.",
+	"settings.twofa_unroll_unavailable": "Tweefactorauthenticatie is vereist voor uw account en kan niet worden uitgeschakeld.",
+	"admin.config.security": "Beveiligingsconfiguratie",
+	"admin.config.global_2fa_requirement.title": "Globale vereiste van tweefactorauthenticatie",
+	"admin.config.global_2fa_requirement.none": "Nee",
+	"admin.config.global_2fa_requirement.all": "Alle gebruikers",
+	"admin.config.global_2fa_requirement.admin": "Beheerders",
+	"settings.twofa_reenroll": "Herinschrijven voor tweefactorauthenticatie",
+	"settings.twofa_reenroll.description": "Herhaal uw tweefactorauthenticatie",
+	"settings.must_enable_2fa": "Deze Forgejo-instantie vereist dat gebruikers tweefactorauthenticatie inschakelen voordat ze toegang krijgen tot hun accounts.",
+	"user.ghost.tooltip": "Deze gebruiker is verwijderd of kan niet worden gevonden.",
+	"error.must_enable_2fa": "Deze Forgejo-instantie vereist dat gebruikers tweefactorauthenticatie inschakelen voordat ze toegang krijgen tot hun accounts. Schakel dit in op: %s",
+	"migrate.form.error.url_credentials": "De URL bevat inloggegevens. Vul deze in de velden voor gebruikersnaam en wachtwoord respectievelijk",
+	"actions.runs.view_most_recent_run": "Bekijk de meest recente run",
+	"actions.runs.run_attempt_label": "Uitvoerpoging #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "U bekijkt een verouderde uitvoer van deze opdracht die %[1]s is uitgevoerd.",
+	"repo.pulls.maintainers_can_edit": "Maintainers kan deze pull request bewerken.",
+	"repo.pulls.maintainers_cannot_edit": "Maintainers kunnen deze pull request niet bewerken.",
+	"pulse.n_active_issues": {
+		"one": "%s actieve issue",
+		"other": "%s actieve issues"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s actieve pull request",
+		"other": "%s actieve pull requests"
+	},
+	"watch.n_watchers": {
+		"one": "%s volger",
+		"other": "%s volgers"
+	},
+	"mail.issue.action.close_by_commit": "%[1]s sloot %[2]s in commit %[3]s.",
+	"migrate.pagure.private_issues.summary": "Privé-issues (optioneel)",
+	"migrate.pagure.private_issues.description": "Deze functie is ontworpen om een tweede repository aan te maken met alleen privé-issues van je Pagure project voor archiefdoeleinden. Voer eerst een normale migratie uit (zonder token) om alle publieke content te importeren. Als u vervolgens privé-issues wilt bewaren, maak dan een aparte repository aan met deze tokenoptie om die privé-issues te archiveren.",
+	"migrate.pagure.private_issues.warning": "Zorg ervoor dat je de repository zichtbaarheid hierboven op Privé zet als je de API sleutel gebruikt om privézaken te importeren. Dit voorkomt dat je per ongeluk privé-inhoud blootstelt in een openbare repository.",
+	"migrate.pagure.token.placeholder": "Alleen voor het aanmaken van een privé-archief met issues",
+	"actions.workflow.job_parsing_error": "Taken in workflow kunnen niet worden geparseerd: %v",
+	"actions.workflow.event_detection_error": "Ondersteunde gebeurtenissen in workflow kunnen niet worden geparseerd: %v",
+	"actions.workflow.pre_execution_error": "Workflow is niet uitgevoerd vanwege een fout die de uitvoeringspoging blokkeerde.",
+	"teams.add_all_repos.modal.header": "Alle repositories toevoegen",
+	"teams.remove_all_repos.modal.header": "Alle repositories verwijderen",
+	"repo.pulls.poster_manage_approval": "Goedkeuring beheren",
+	"repo.pulls.poster_requires_approval": "Sommige werkstromen zijn <a href=\"%[1]s\">wachtend om beoordeeld te worden.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "De auteur van dit pull request wordt niet vertrouwd om workflows uit te voeren die worden getriggerd door een pull request dat is aangemaakt vanuit een forked repository of met AGit. De werkstromen die worden geactiveerd door een `pull_request` evenement zullen niet worden uitgevoerd totdat ze zijn goedgekeurd.",
+	"repo.pulls.poster_is_trusted": "De auteur van dit pull request is <a href=\"%[1]s\">altijd vertrouwd om werkstromen uit te voeren.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "De auteur van dit pull request is expliciet vertrouwd om workflows uit te voeren die worden geactiveerd door een `pull_request` evenement.",
+	"repo.pulls.poster_trust_deny": "Weigeren",
+	"repo.pulls.poster_trust_deny.tooltip": "De workflows die op goedkeuring wachten, worden geannuleerd.",
+	"repo.pulls.poster_trust_once": "Eenmaal goedkeuren",
+	"repo.pulls.poster_trust_once.tooltip": "De workflows die getriggerd worden door een `pull_request` evenement zullen op deze commit draaien, maar zullen goedgekeurd moeten worden voor alle toekomstige commits die naar dit pull request gepushed worden.",
+	"repo.pulls.poster_trust_always": "Altijd goedkeuren",
+	"repo.pulls.poster_trust_always.tooltip": "De werkstromen die getriggerd worden door een `pull_request` evenement zullen op deze commit draaien en er zal geen noodzaak zijn om runs van dit pull request of toekomstige pull requests, gemaakt door dezelfde gebruiker, goed te keuren.",
+	"repo.pulls.poster_trust_revoke": "Intrekken",
+	"repo.pulls.poster_trust_revoke.tooltip": "De auteur van dit pull request zal niet langer worden vertrouwd om werkstromen uit te voeren die worden geactiveerd door een `pull_request` evenement, elke run zal handmatig moeten worden goedgekeurd.",
+	"admin.dashboard.actions_action_user": "Vertrouwen in acties van Forgejo intrekken voor inactieve gebruikers",
+	"actions.status.diagnostics.waiting": {
+		"one": "Wachten op een runner met het volgende label: %s",
+		"other": "Wachten op een runner met de volgende labels: %s"
+	},
+	"keys.verify.token.hint": "De token is slechts 1 minuut geldig. <a href=\"%[1]s\">Krijg een nieuwe als deze verlopen is</a>.",
+	"repo.issues.filter_poster.hint": "Filter op auteur"
 }
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index 0a0c5b86c8..bc9a039ae6 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -1,236 +1,237 @@
 {
-    "fork.n_forks": {
-        "one": "%s fork",
-        "few": "%s forki",
-        "many": "%s forków"
-    },
-    "stars.n_stars": {
-        "one": "%s gwiazdka",
-        "few": "%s gwiazdki",
-        "many": "%s gwiazdek"
-    },
-    "release.n_downloads": {
-        "one": "%s pobranie",
-        "few": "%s pobrania",
-        "many": ""
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "scala %[1]d commit z <code>%[2]s</code> do <code>%[3]s</code> %[4]s",
-        "few": "scala %[1]d commity z <code>%[2]s</code> do <code>%[3]s</code> %[4]s",
-        "many": "scala %[1]d commitów z <code>%[2]s</code> do <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "chce scalić %[1]d commit z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>",
-        "few": "chce scalić %[1]d commity z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>",
-        "many": "chce scalić %[1]d commitów z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Wyszukaj kamienie milowe…",
-    "incorrect_root_url": "Ta instancja Forgejo jest skonfigurowana do korzystania z \"%s\". Obecnie oglądasz Forgejo za pomocą innego URL, co może powodować błędne działanie tej aplikacji. URL kanoniczny jest kontrolowany przez administratorów Forgejo za pomocą ROOT_URL w app.ini.",
-    "relativetime.now": "teraz",
-    "stars.list.none": "Nikt nie dał gwiazdki temu repozytorium.",
-    "followers.incoming.list.self.none": "Nikt nie obserwuje twojego profilu.",
-    "followers.incoming.list.none": "Nikt nie obserwuje tego użytkownika.",
-    "followers.outgoing.list.self.none": "Nikogo nie obserwujesz.",
-    "followers.outgoing.list.none": "%s nikogo nie obserwuje.",
-    "home.welcome.no_activity": "Brak aktywności",
-    "home.explore_repos": "Przeglądaj repozytoria",
-    "home.explore_users": "Przeglądaj użytkowników",
-    "home.explore_orgs": "Przeglądaj organizacje",
-    "relativetime.mins": {
-        "one": "%d minutę temu",
-        "few": "%d minuty temu",
-        "many": "%d minut temu"
-    },
-    "watch.list.none": "Nikt nie obserwuje tego repozytorium.",
-    "home.welcome.activity_hint": "Na razie nie ma nic w twoich aktualnościach. Pojawią się tutaj twoje działania oraz wydarzenia z repozytoriów, które obserwujesz.",
-    "relativetime.future": "w przyszłości",
-    "migrate.github.description": "Migracja danych z github.com lub serwerów Github Enterprise.",
-    "migrate.git.description": "Migracja repozytorium tylko z dowolnej usługi Git.",
-    "migrate.gitea.description": "Migruj dane z gitea.com lub innych instancji Gitea.",
-    "migrate.gitlab.description": "Migruj dane z gitlab.com lub innych instancji GitLab.",
-    "migrate.gogs.description": "Migracja danych z notabug.org lub innych instancji Gogs.",
-    "migrate.onedev.description": "Migracja danych z code.onedev.io lub innych instancji OneDev.",
-    "migrate.gitbucket.description": "Migruj dane z instancji GitBucket.",
-    "migrate.codebase.description": "Migracja danych z codebasehq.com.",
-    "migrate.forgejo.description": "Migruj dane z codeberg.org lub innych instancji Forgejo.",
-    "relativetime.hours": {
-        "one": "godzinę temu",
-        "few": "%d godziny temu",
-        "many": "%d godzin temu"
-    },
-    "relativetime.days": {
-        "one": "dzień temu",
-        "few": "%d dni temu",
-        "many": "%d dni temu"
-    },
-    "relativetime.weeks": {
-        "one": "tydzień temu",
-        "few": "%d tygodnie temu",
-        "many": "%d tygodni temu"
-    },
-    "relativetime.months": {
-        "one": "miesiąc temu",
-        "few": "%d miesiące temu",
-        "many": "%d miesięcy temu"
-    },
-    "relativetime.years": {
-        "one": "rok temu",
-        "few": "%d lata temu",
-        "many": "%d lat temu"
-    },
-    "relativetime.1day": "wczoraj",
-    "relativetime.2days": "2 dni temu",
-    "relativetime.1week": "w zeszłym tygodniu",
-    "relativetime.2weeks": "2 tygodnie temu",
-    "relativetime.1month": "w zeszłym miesiącu",
-    "relativetime.2months": "2 miesiące temu",
-    "relativetime.1year": "w zeszłym roku",
-    "relativetime.2years": "2 lata temu",
-    "repo.pulls.already_merged": "Merge zawiódł: Ten pull request został już scalony.",
-    "repo.form.cannot_create": "Wszystkie miejsca gdzie możesz tworzyć repozytoria osiągnęły limit repozytoriów.",
-    "keys.gpg.link": "klucze GPG",
-    "keys.ssh.link": "klucze SSH",
-    "repo.issue_indexer.title": "Indekser zgłoszeń",
-    "repo.settings.push_mirror.branch_filter.label": "Filtr gałęzi (opcjonalny)",
-    "repo.settings.push_mirror.branch_filter.description": "Gałęzie do skopiowania. Zostaw puste, aby kopia lustrzana obejmowała wszystkie gałęzie. Zobacz składnię na <a href=\"%[1]s\"> dokumentacja %[2]s </a>. Przykłady <code>main, release/*</code>",
-    "themes.names.forgejo-auto": "Forgejo (użyj motywu systemu)",
-    "themes.names.forgejo-light": "Forgejo jasny",
-    "themes.names.forgejo-dark": "Forgejo ciemny",
-    "error.not_found.title": "Strona nieznaleziona",
-    "profile.actions.tooltip": "Więcej akcji",
-    "profile.edit.link": "Edytuj profil",
-    "admin.moderation.reports": "Zgłoszenia",
-    "migrate.form.error.url_credentials": "URL zawiera kredencjały, przenieś je kolejno do pól nazwa użytkownika i hasło",
-    "warning.repository.out_of_sync": "Reprezentacja repozytorium w bazie danych jest rozsynchronizowana. Jeśli to ostrzeżenie dalej jest widoczne po wysłaniu commita do tego repozytorium, skontaktuj się z administratorem.",
-    "alert.asset_load_failed": "Nie udało się załadować zasobów z {path}. Upewnij się, że zasoby są dostępne.",
-    "alert.range_error": " musi być liczbą pomiędzy %[1]s a %[2]s.",
-    "install.invalid_lfs_path": "Nie udało się stworzyć korzenia LFS pod ścieżką: %[1]s",
-    "feed.atom.link": "kanał Atom",
-    "admin.config.moderation_config": "Konfiguracja moderacji",
-    "admin.moderation.moderation_reports": "Zgłoszenia moderacji",
-    "admin.moderation.no_open_reports": "Nie ma obecnie otwartych zgłoszeń.",
-    "moderation.abuse_category.malware": "Złośliwe oprogramowanie",
-    "moderation.abuse_category.illegal_content": "Nielegalna treść",
-    "moderation.abuse_category.other_violations": "Inne naruszenia zasad platformy",
-    "moderation.report_remarks": "Komentarze",
-    "moderation.report_content": "Zgłoś treść",
-    "moderation.report_abuse": "Zgłoś naruszenie",
-    "moderation.report_abuse_form.header": "Zgłoś naruszenie do administratora",
-    "moderation.abuse_category": "Kategoria",
-    "moderation.abuse_category.placeholder": "Wybierz kategorię",
-    "moderation.abuse_category.spam": "Spam",
-    "admin.moderation.deleted_content_ref": "Zgłoszona treść o typie %[1]v i id %[2]d nie istnieje",
-    "moderation.report_abuse_form.invalid": "Niepoprawne parametry",
-    "moderation.submit_report": "Wyślij zgłoszenie",
-    "repo.diff.commit.next-short": "Następny",
-    "repo.diff.commit.previous-short": "Poprzedni",
-    "pulse.n_active_issues": {
-        "one": "%s aktywne zgłoszenie",
-        "few": "%s aktywne zgłoszenia",
-        "many": ""
-    },
-    "pulse.n_active_prs": {
-        "one": "%s aktywny pull request",
-        "few": "%s aktywne pull requesty",
-        "many": ""
-    },
-    "repo.pulls.maintainers_can_edit": "Opiekunowie mogą edytować ten pull request.",
-    "repo.pulls.maintainers_cannot_edit": "Opiekunowie nie mogą edytować tego pull requestu.",
-    "watch.n_watchers": {
-        "one": "%s obserwator",
-        "few": "%s obserwatorów",
-        "many": "%s obserwujących"
-    },
-    "repo.issues.filter_poster.hint": "Filtruj według autora",
-    "repo.issues.filter_assignee.hint": "Filtruj według przypisanego użytkownika",
-    "repo.issues.filter_reviewers.hint": "Filtruj według recenzentów",
-    "repo.issues.filter_mention.hint": "Filtruj według wspomnianych użytkowników",
-    "repo.issues.filter_modified.hint": "Filtruj według daty ostatniej modyfikacji",
-    "repo.issues.filter_sort.hint": "Sortuj według: created/comments/updated/deadline",
-    "issues.updated": "ostatnia aktualizacja: %s",
-    "repo.pulls.poster_manage_approval": "Zarządzaj zatwierdzeniami",
-    "repo.pulls.poster_requires_approval": "Kilka workflowów <a href=\"%[1]s\">oczekuje na sprawdzenie.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "Autor tego pull requesta nie jest zaufany do uruchamiania workflowów wyzwalanych przez pull requesty utworzone z forkowanego repozytorium lub z AGit. Workflowy wyzwalane przez zdarzenie `pull_request` nie zostaną uruchomione, dopóki nie zostaną zatwierdzone.",
-    "repo.pulls.poster_is_trusted": "Autor tego pull requesta jest <a href=\"%[1]s\">zawsze zaufany do uruchamiania workflowów.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "Autor tego pull requesta jest jawnie zaufany do uruchamiania workflowów wyzwalanych przez zdarzenia `pull_request`.",
-    "repo.pulls.poster_trust_deny.tooltip": "Workflowy oczekujące na zatwierdzenie zostaną anulowane.",
-    "repo.pulls.poster_trust_once.tooltip": "Workflowy wyzwalane przez zdarzenie `pull_request` zostaną uruchomione dla tego commita, ale będą wymagały zatwierdzenia dla wszystkich przyszłych commitów pushowanych do tego pull requesta.",
-    "repo.pulls.poster_trust_always.tooltip": "Workflowy wyzwalane przez zdarzenie `pull_request` zostaną uruchomione dla tego commita i nie będzie potrzeby zatwierdzania uruchomień z tego pull requesta ani z przyszłych pull requestów utworzonych przez tego samego użytkownika.",
-    "repo.pulls.poster_trust_revoke.tooltip": "Autor tego pull requesta nie będzie już zaufany do uruchamiania workflowów wyzwalanych przez zdarzenie `pull_request`. Każde uruchomienie będzie musiało zostać zatwierdzone ręcznie.",
-    "mail.actions.successful_run_after_failure_subject": "Workflow %[1]s został przywrócony w repozytorium %[2]s",
-    "mail.actions.not_successful_run_subject": "Workflow %[1]s zakończył się niepowodzeniem w repozytorium %[2]s",
-    "mail.actions.successful_run_after_failure": "Workflow %[1]s został przywrócony w repozytorium %[2]s",
-    "mail.actions.not_successful_run": "Workflow %[1]s zakończył się niepowodzeniem w repozytorium %[2]s",
-    "actions.workflow.job_parsing_error": "Nie można przeanalizować zadań w workflow: %v",
-    "actions.workflow.event_detection_error": "Nie można przeanalizować obsługiwanych zdarzeń w workflow: %v",
-    "actions.workflow.persistent_incomplete_matrix": "Nie można ocenić `strategy.matrix` zadania %[1]s z powodu nieprawidłowego wyrażenia `needs`. Może ono odwoływać się do zadania, które nie znajduje się na liście 'needs' (%[2]s), lub do wyniku, który nie istnieje w żadnym z tych zadań.",
-    "actions.workflow.incomplete_matrix_missing_job": "Nie można ocenić `strategy.matrix` zadania %[1]s: zadanie %[2]s nie znajduje się na liście `needs` zadania %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Nie można ocenić `strategy.matrix` zadania %[1]s: zadanie %[2]s nie ma wyniku %[3]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "Nie można ocenić `strategy.matrix` zadania %[1]s: nieznany błąd.",
-    "actions.workflow.incomplete_runson_missing_job": "Nie można ocenić `runs-on` zadania %[1]s: zadanie %[2]s nie znajduje się na liście `needs` zadania %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Nie można ocenić `runs-on` zadania %[1]s: zadanie %[2]s nie ma wyniku %[3]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Nie można ocenić `runs-on` zadania %[1]s: wymiar macierzy %[2]s nie istnieje.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Nie można ocenić `runs-on` zadania %[1]s: nieznany błąd.",
-    "actions.workflow.pre_execution_error": "Workflow nie został uruchomiony z powodu błędu, który zablokował próbę jego wykonania.",
-    "mail.actions.run_info_cur_status": "Stan tego uruchomienia: %[1]s (dopiero zmieniony z %[2]s)",
-    "mail.actions.run_info_previous_status": "Stan poprzedniego uruchomienia: %[1]s",
-    "mail.actions.run_info_trigger": "Wyzwolony ponieważ: %[1]s przez: %[2]s",
-    "discussion.locked": "Ta dyskusja została ograniczona. Komentowanie dozwolone jest jedynie kontrybutorom.",
-    "moderation.report_abuse_form.details": "Ten formularz powinien być używany do zgłaszania użytkowników, którzy tworzą spamowe profile, repozytoria, zgłoszenia lub komentarze albo zachowują się nieodpowiednio.",
-    "moderation.report_abuse_form.already_reported": "Już to zgłosiłeś",
-    "moderation.report_remarks.placeholder": "Opisz nadużycie, które zgłaszasz.",
-    "moderation.reporting_failed": "Nie udało się wysłać zgłoszenia: %v",
-    "moderation.reported_thank_you": "Dziękujemy za zgłoszenie. Administracja została o tym powiadomiona.",
-    "admin.dashboard.cleanup_offline_runners": "Wyczyść runners offline",
-    "avatar.constraints_hint": "Własny awatar nie może przekraczać %[1]s rozmiaru pliku lub być większym niż %[2]dx%[3]d pikseli",
-    "og.repo.summary_card.alt_description": "Karta podsumowująca repozytorium %[1]s, opisana jako: %[2]s",
-    "mail.actions.run_info_sha": "Commit: %[1]s",
-    "discussion.sidebar.reference": "Referencja",
-    "admin.dashboard.remove_resolved_reports": "Usuń rozwiązane zgłoszenia",
-    "compare.branches.title": "Porównaj gałęzie",
-    "admin.auths.allow_username_change": "Zezwalaj na zmiany nazw użytkownika",
-    "repo.commit.load_tags_failed": "Wczytywanie tagów nie powiodło się z powodu wewnętrznego błędu serwera",
-    "teams.remove_all_repos.modal.header": "Usuń wszystkie repozytoria",
-    "teams.add_all_repos.modal.header": "Dodaj wszystkie repozytoria",
-    "search.fuzzy": "fFzzy",
-    "moderation.comment.deletion_success": "Komentarz został usunięty.",
-    "moderation.issue.deletion_success": "Zgłoszenie zostało usunięte.",
-    "moderation.users.cannot_delete_admins": "Użytkownik z uprawnieniami administratora nie może zostać usunięty.",
-    "moderation.users.suspend_success": "Konto zostało zawieszone.",
-    "moderation.users.already_suspended": "Konto jest już zawieszone.",
-    "moderation.users.cannot_suspend_org": "Organizacja nie może zostać zawieszona.",
-    "moderation.users.cannot_suspend_admins": "Użytkownik z uprawnieniami administratora nie może zostać zawieszony.",
-    "moderation.users.cannot_suspend_self": "Nie możesz zawiesić samego siebie.",
-    "moderation.unknown_action": "Nieznana akcja",
-    "moderation.action.comment.delete": "Usuń komentarz",
-    "moderation.action.issue.delete": "Usuń zgłoszenie",
-    "moderation.action.repo.delete": "Usuń repozytorium",
-    "moderation.action.account.suspend": "Zawieś konto",
-    "moderation.action.account.delete": "Usuń konto",
-    "moderation.report.mark_as_ignored": "Oznacz jako ignorowane",
-    "search.syntax": "Syntax wyszukiwania",
-    "actions.status.diagnostics.waiting": {
-        "one": "Oczekiwanie na runner z następującą etykietą: %s",
-        "few": "Oczekiwanie na runnery z następującą etykietą: %s",
-        "many": "Oczekiwanie na runnery z następującą etykietą: %s"
-    },
-    "repo.pulls.poster_trust_deny": "Odmów",
-    "repo.pulls.poster_trust_once": "Zezwól jednokrotnie",
-    "repo.pulls.poster_trust_always": "Zawsze zezwalaj",
-    "repo.pulls.poster_trust_revoke": "Unieważnij",
-    "admin.auths.allow_username_change.description": "Zezwól użytkownikom na zmiane nazwy użytkownika w ustawieniach profilu",
-    "admin.config.global_2fa_requirement.none": "Nie",
-    "admin.config.global_2fa_requirement.all": "Wszyscy użytkownicy",
-    "admin.config.global_2fa_requirement.admin": "Administratorzy",
-    "admin.config.global_2fa_requirement.title": "Globalne wymagane podwójnej weryfikacji",
-    "admin.config.security": "Konfiguracja zabezpieczeń",
-    "user.ghost.tooltip": "Ten użytkownik został usunięty lub nie można go znaleźć.",
-    "migrate.pagure.incorrect_url": "Nieprawidłowy URL repozytorium źródłowego został podany",
-    "migrate.pagure.description": "Przenieś dane z pagure.io lub innej instancji Pagure.",
-    "migrate.pagure.project_url": "Adres URL projektu na Pagure",
-    "migrate.pagure.project_example": "Adres URL projektu na Pagure, np. https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Token do API Pagure",
-    "migrate.pagure.private_issues.summary": "Prywatne zgłoszenia (opcjonalne)",
-    "actions.runs.view_most_recent_run": "Pokaż ostatnie uruchomienie",
-    "actions.runs.run_attempt_label": "Próba uruchomienia #%[1]s (%[2]s)"
+	"fork.n_forks": {
+		"one": "%s fork",
+		"few": "%s forki",
+		"many": "%s forków"
+	},
+	"stars.n_stars": {
+		"one": "%s gwiazdka",
+		"few": "%s gwiazdki",
+		"many": "%s gwiazdek"
+	},
+	"release.n_downloads": {
+		"one": "%s pobranie",
+		"few": "%s pobrania",
+		"many": ""
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "scala %[1]d commit z <code>%[2]s</code> do <code>%[3]s</code> %[4]s",
+		"few": "scala %[1]d commity z <code>%[2]s</code> do <code>%[3]s</code> %[4]s",
+		"many": "scala %[1]d commitów z <code>%[2]s</code> do <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "chce scalić %[1]d commit z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>",
+		"few": "chce scalić %[1]d commity z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>",
+		"many": "chce scalić %[1]d commitów z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Wyszukaj kamienie milowe…",
+	"incorrect_root_url": "Ta instancja Forgejo jest skonfigurowana do korzystania z \"%s\". Obecnie oglądasz Forgejo za pomocą innego URL, co może powodować błędne działanie tej aplikacji. URL kanoniczny jest kontrolowany przez administratorów Forgejo za pomocą ROOT_URL w app.ini.",
+	"relativetime.now": "teraz",
+	"stars.list.none": "Nikt nie dał gwiazdki temu repozytorium.",
+	"followers.incoming.list.self.none": "Nikt nie obserwuje twojego profilu.",
+	"followers.incoming.list.none": "Nikt nie obserwuje tego użytkownika.",
+	"followers.outgoing.list.self.none": "Nikogo nie obserwujesz.",
+	"followers.outgoing.list.none": "%s nikogo nie obserwuje.",
+	"home.welcome.no_activity": "Brak aktywności",
+	"home.explore_repos": "Przeglądaj repozytoria",
+	"home.explore_users": "Przeglądaj użytkowników",
+	"home.explore_orgs": "Przeglądaj organizacje",
+	"relativetime.mins": {
+		"one": "%d minutę temu",
+		"few": "%d minuty temu",
+		"many": "%d minut temu"
+	},
+	"watch.list.none": "Nikt nie obserwuje tego repozytorium.",
+	"home.welcome.activity_hint": "Na razie nie ma nic w twoich aktualnościach. Pojawią się tutaj twoje działania oraz wydarzenia z repozytoriów, które obserwujesz.",
+	"relativetime.future": "w przyszłości",
+	"migrate.github.description": "Migracja danych z github.com lub serwerów Github Enterprise.",
+	"migrate.git.description": "Migracja repozytorium tylko z dowolnej usługi Git.",
+	"migrate.gitea.description": "Migruj dane z gitea.com lub innych instancji Gitea.",
+	"migrate.gitlab.description": "Migruj dane z gitlab.com lub innych instancji GitLab.",
+	"migrate.gogs.description": "Migracja danych z notabug.org lub innych instancji Gogs.",
+	"migrate.onedev.description": "Migracja danych z code.onedev.io lub innych instancji OneDev.",
+	"migrate.gitbucket.description": "Migruj dane z instancji GitBucket.",
+	"migrate.codebase.description": "Migracja danych z codebasehq.com.",
+	"migrate.forgejo.description": "Migruj dane z codeberg.org lub innych instancji Forgejo.",
+	"relativetime.hours": {
+		"one": "godzinę temu",
+		"few": "%d godziny temu",
+		"many": "%d godzin temu"
+	},
+	"relativetime.days": {
+		"one": "dzień temu",
+		"few": "%d dni temu",
+		"many": "%d dni temu"
+	},
+	"relativetime.weeks": {
+		"one": "tydzień temu",
+		"few": "%d tygodnie temu",
+		"many": "%d tygodni temu"
+	},
+	"relativetime.months": {
+		"one": "miesiąc temu",
+		"few": "%d miesiące temu",
+		"many": "%d miesięcy temu"
+	},
+	"relativetime.years": {
+		"one": "rok temu",
+		"few": "%d lata temu",
+		"many": "%d lat temu"
+	},
+	"relativetime.1day": "wczoraj",
+	"relativetime.2days": "2 dni temu",
+	"relativetime.1week": "w zeszłym tygodniu",
+	"relativetime.2weeks": "2 tygodnie temu",
+	"relativetime.1month": "w zeszłym miesiącu",
+	"relativetime.2months": "2 miesiące temu",
+	"relativetime.1year": "w zeszłym roku",
+	"relativetime.2years": "2 lata temu",
+	"repo.pulls.already_merged": "Merge zawiódł: Ten pull request został już scalony.",
+	"repo.form.cannot_create": "Wszystkie miejsca gdzie możesz tworzyć repozytoria osiągnęły limit repozytoriów.",
+	"keys.gpg.link": "klucze GPG",
+	"keys.ssh.link": "klucze SSH",
+	"repo.issue_indexer.title": "Indekser zgłoszeń",
+	"repo.settings.push_mirror.branch_filter.label": "Filtr gałęzi (opcjonalny)",
+	"repo.settings.push_mirror.branch_filter.description": "Gałęzie do skopiowania. Zostaw puste, aby kopia lustrzana obejmowała wszystkie gałęzie. Zobacz składnię na <a href=\"%[1]s\"> dokumentacja %[2]s </a>. Przykłady <code>main, release/*</code>",
+	"themes.names.forgejo-auto": "Forgejo (użyj motywu systemu)",
+	"themes.names.forgejo-light": "Forgejo jasny",
+	"themes.names.forgejo-dark": "Forgejo ciemny",
+	"error.not_found.title": "Strona nieznaleziona",
+	"profile.actions.tooltip": "Więcej akcji",
+	"profile.edit.link": "Edytuj profil",
+	"admin.moderation.reports": "Zgłoszenia",
+	"migrate.form.error.url_credentials": "URL zawiera kredencjały, przenieś je kolejno do pól nazwa użytkownika i hasło",
+	"warning.repository.out_of_sync": "Reprezentacja repozytorium w bazie danych jest rozsynchronizowana. Jeśli to ostrzeżenie dalej jest widoczne po wysłaniu commita do tego repozytorium, skontaktuj się z administratorem.",
+	"alert.asset_load_failed": "Nie udało się załadować zasobów z {path}. Upewnij się, że zasoby są dostępne.",
+	"alert.range_error": " musi być liczbą pomiędzy %[1]s a %[2]s.",
+	"install.invalid_lfs_path": "Nie udało się stworzyć korzenia LFS pod ścieżką: %[1]s",
+	"feed.atom.link": "kanał Atom",
+	"admin.config.moderation_config": "Konfiguracja moderacji",
+	"admin.moderation.moderation_reports": "Zgłoszenia moderacji",
+	"admin.moderation.no_open_reports": "Nie ma obecnie otwartych zgłoszeń.",
+	"moderation.abuse_category.malware": "Złośliwe oprogramowanie",
+	"moderation.abuse_category.illegal_content": "Nielegalna treść",
+	"moderation.abuse_category.other_violations": "Inne naruszenia zasad platformy",
+	"moderation.report_remarks": "Komentarze",
+	"moderation.report_content": "Zgłoś treść",
+	"moderation.report_abuse": "Zgłoś naruszenie",
+	"moderation.report_abuse_form.header": "Zgłoś naruszenie do administratora",
+	"moderation.abuse_category": "Kategoria",
+	"moderation.abuse_category.placeholder": "Wybierz kategorię",
+	"moderation.abuse_category.spam": "Spam",
+	"admin.moderation.deleted_content_ref": "Zgłoszona treść o typie %[1]v i id %[2]d nie istnieje",
+	"moderation.report_abuse_form.invalid": "Niepoprawne parametry",
+	"moderation.submit_report": "Wyślij zgłoszenie",
+	"repo.diff.commit.next-short": "Następny",
+	"repo.diff.commit.previous-short": "Poprzedni",
+	"pulse.n_active_issues": {
+		"one": "%s aktywne zgłoszenie",
+		"few": "%s aktywne zgłoszenia",
+		"many": ""
+	},
+	"pulse.n_active_prs": {
+		"one": "%s aktywny pull request",
+		"few": "%s aktywne pull requesty",
+		"many": ""
+	},
+	"repo.pulls.maintainers_can_edit": "Opiekunowie mogą edytować ten pull request.",
+	"repo.pulls.maintainers_cannot_edit": "Opiekunowie nie mogą edytować tego pull requestu.",
+	"watch.n_watchers": {
+		"one": "%s obserwator",
+		"few": "%s obserwatorów",
+		"many": "%s obserwujących"
+	},
+	"repo.issues.filter_poster.hint": "Filtruj według autora",
+	"repo.issues.filter_assignee.hint": "Filtruj według przypisanego użytkownika",
+	"repo.issues.filter_reviewers.hint": "Filtruj według recenzentów",
+	"repo.issues.filter_mention.hint": "Filtruj według wspomnianych użytkowników",
+	"repo.issues.filter_modified.hint": "Filtruj według daty ostatniej modyfikacji",
+	"repo.issues.filter_sort.hint": "Sortuj według: created/comments/updated/deadline",
+	"issues.updated": "ostatnia aktualizacja: %s",
+	"repo.pulls.poster_manage_approval": "Zarządzaj zatwierdzeniami",
+	"repo.pulls.poster_requires_approval": "Kilka workflowów <a href=\"%[1]s\">oczekuje na sprawdzenie.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "Autor tego pull requesta nie jest zaufany do uruchamiania workflowów wyzwalanych przez pull requesty utworzone z forkowanego repozytorium lub z AGit. Workflowy wyzwalane przez zdarzenie `pull_request` nie zostaną uruchomione, dopóki nie zostaną zatwierdzone.",
+	"repo.pulls.poster_is_trusted": "Autor tego pull requesta jest <a href=\"%[1]s\">zawsze zaufany do uruchamiania workflowów.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "Autor tego pull requesta jest jawnie zaufany do uruchamiania workflowów wyzwalanych przez zdarzenia `pull_request`.",
+	"repo.pulls.poster_trust_deny.tooltip": "Workflowy oczekujące na zatwierdzenie zostaną anulowane.",
+	"repo.pulls.poster_trust_once.tooltip": "Workflowy wyzwalane przez zdarzenie `pull_request` zostaną uruchomione dla tego commita, ale będą wymagały zatwierdzenia dla wszystkich przyszłych commitów pushowanych do tego pull requesta.",
+	"repo.pulls.poster_trust_always.tooltip": "Workflowy wyzwalane przez zdarzenie `pull_request` zostaną uruchomione dla tego commita i nie będzie potrzeby zatwierdzania uruchomień z tego pull requesta ani z przyszłych pull requestów utworzonych przez tego samego użytkownika.",
+	"repo.pulls.poster_trust_revoke.tooltip": "Autor tego pull requesta nie będzie już zaufany do uruchamiania workflowów wyzwalanych przez zdarzenie `pull_request`. Każde uruchomienie będzie musiało zostać zatwierdzone ręcznie.",
+	"mail.actions.successful_run_after_failure_subject": "Workflow %[1]s został przywrócony w repozytorium %[2]s",
+	"mail.actions.not_successful_run_subject": "Workflow %[1]s zakończył się niepowodzeniem w repozytorium %[2]s",
+	"mail.actions.successful_run_after_failure": "Workflow %[1]s został przywrócony w repozytorium %[2]s",
+	"mail.actions.not_successful_run": "Workflow %[1]s zakończył się niepowodzeniem w repozytorium %[2]s",
+	"actions.workflow.job_parsing_error": "Nie można przeanalizować zadań w workflow: %v",
+	"actions.workflow.event_detection_error": "Nie można przeanalizować obsługiwanych zdarzeń w workflow: %v",
+	"actions.workflow.persistent_incomplete_matrix": "Nie można ocenić `strategy.matrix` zadania %[1]s z powodu nieprawidłowego wyrażenia `needs`. Może ono odwoływać się do zadania, które nie znajduje się na liście 'needs' (%[2]s), lub do wyniku, który nie istnieje w żadnym z tych zadań.",
+	"actions.workflow.incomplete_matrix_missing_job": "Nie można ocenić `strategy.matrix` zadania %[1]s: zadanie %[2]s nie znajduje się na liście `needs` zadania %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Nie można ocenić `strategy.matrix` zadania %[1]s: zadanie %[2]s nie ma wyniku %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Nie można ocenić `strategy.matrix` zadania %[1]s: nieznany błąd.",
+	"actions.workflow.incomplete_runson_missing_job": "Nie można ocenić `runs-on` zadania %[1]s: zadanie %[2]s nie znajduje się na liście `needs` zadania %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Nie można ocenić `runs-on` zadania %[1]s: zadanie %[2]s nie ma wyniku %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Nie można ocenić `runs-on` zadania %[1]s: wymiar macierzy %[2]s nie istnieje.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Nie można ocenić `runs-on` zadania %[1]s: nieznany błąd.",
+	"actions.workflow.pre_execution_error": "Workflow nie został uruchomiony z powodu błędu, który zablokował próbę jego wykonania.",
+	"mail.actions.run_info_cur_status": "Stan tego uruchomienia: %[1]s (dopiero zmieniony z %[2]s)",
+	"mail.actions.run_info_previous_status": "Stan poprzedniego uruchomienia: %[1]s",
+	"mail.actions.run_info_trigger": "Wyzwolony ponieważ: %[1]s przez: %[2]s",
+	"discussion.locked": "Ta dyskusja została ograniczona. Komentowanie dozwolone jest jedynie kontrybutorom.",
+	"moderation.report_abuse_form.details": "Ten formularz powinien być używany do zgłaszania użytkowników, którzy tworzą spamowe profile, repozytoria, zgłoszenia lub komentarze albo zachowują się nieodpowiednio.",
+	"moderation.report_abuse_form.already_reported": "Już to zgłosiłeś",
+	"moderation.report_remarks.placeholder": "Opisz nadużycie, które zgłaszasz.",
+	"moderation.reporting_failed": "Nie udało się wysłać zgłoszenia: %v",
+	"moderation.reported_thank_you": "Dziękujemy za zgłoszenie. Administracja została o tym powiadomiona.",
+	"admin.dashboard.cleanup_offline_runners": "Wyczyść runners offline",
+	"avatar.constraints_hint": "Własny awatar nie może przekraczać %[1]s rozmiaru pliku lub być większym niż %[2]dx%[3]d pikseli",
+	"og.repo.summary_card.alt_description": "Karta podsumowująca repozytorium %[1]s, opisana jako: %[2]s",
+	"mail.actions.run_info_sha": "Commit: %[1]s",
+	"discussion.sidebar.reference": "Referencja",
+	"admin.dashboard.remove_resolved_reports": "Usuń rozwiązane zgłoszenia",
+	"compare.branches.title": "Porównaj gałęzie",
+	"admin.auths.allow_username_change": "Zezwalaj na zmiany nazw użytkownika",
+	"repo.commit.load_tags_failed": "Wczytywanie tagów nie powiodło się z powodu wewnętrznego błędu serwera",
+	"teams.remove_all_repos.modal.header": "Usuń wszystkie repozytoria",
+	"teams.add_all_repos.modal.header": "Dodaj wszystkie repozytoria",
+	"search.fuzzy": "fFzzy",
+	"moderation.comment.deletion_success": "Komentarz został usunięty.",
+	"moderation.issue.deletion_success": "Zgłoszenie zostało usunięte.",
+	"moderation.users.cannot_delete_admins": "Użytkownik z uprawnieniami administratora nie może zostać usunięty.",
+	"moderation.users.suspend_success": "Konto zostało zawieszone.",
+	"moderation.users.already_suspended": "Konto jest już zawieszone.",
+	"moderation.users.cannot_suspend_org": "Organizacja nie może zostać zawieszona.",
+	"moderation.users.cannot_suspend_admins": "Użytkownik z uprawnieniami administratora nie może zostać zawieszony.",
+	"moderation.users.cannot_suspend_self": "Nie możesz zawiesić samego siebie.",
+	"moderation.unknown_action": "Nieznana akcja",
+	"moderation.action.comment.delete": "Usuń komentarz",
+	"moderation.action.issue.delete": "Usuń zgłoszenie",
+	"moderation.action.repo.delete": "Usuń repozytorium",
+	"moderation.action.account.suspend": "Zawieś konto",
+	"moderation.action.account.delete": "Usuń konto",
+	"moderation.report.mark_as_ignored": "Oznacz jako ignorowane",
+	"search.syntax": "Syntax wyszukiwania",
+	"actions.status.diagnostics.waiting": {
+		"one": "Oczekiwanie na runner z następującą etykietą: %s",
+		"few": "Oczekiwanie na runnery z następującą etykietą: %s",
+		"many": "Oczekiwanie na runnery z następującą etykietą: %s"
+	},
+	"repo.pulls.poster_trust_deny": "Odmów",
+	"repo.pulls.poster_trust_once": "Zezwól jednokrotnie",
+	"repo.pulls.poster_trust_always": "Zawsze zezwalaj",
+	"repo.pulls.poster_trust_revoke": "Unieważnij",
+	"admin.auths.allow_username_change.description": "Zezwól użytkownikom na zmiane nazwy użytkownika w ustawieniach profilu",
+	"admin.config.global_2fa_requirement.none": "Nie",
+	"admin.config.global_2fa_requirement.all": "Wszyscy użytkownicy",
+	"admin.config.global_2fa_requirement.admin": "Administratorzy",
+	"admin.config.global_2fa_requirement.title": "Globalne wymagane podwójnej weryfikacji",
+	"admin.config.security": "Konfiguracja zabezpieczeń",
+	"user.ghost.tooltip": "Ten użytkownik został usunięty lub nie można go znaleźć.",
+	"migrate.pagure.incorrect_url": "Nieprawidłowy URL repozytorium źródłowego został podany",
+	"migrate.pagure.description": "Przenieś dane z pagure.io lub innej instancji Pagure.",
+	"migrate.pagure.project_url": "Adres URL projektu na Pagure",
+	"migrate.pagure.project_example": "Adres URL projektu na Pagure, np. https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Token do API Pagure",
+	"migrate.pagure.private_issues.summary": "Prywatne zgłoszenia (opcjonalne)",
+	"actions.runs.view_most_recent_run": "Pokaż ostatnie uruchomienie",
+	"actions.runs.run_attempt_label": "Próba uruchomienia #%[1]s (%[2]s)",
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index 3dca31a73f..4bfa87f5be 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -1,255 +1,255 @@
 {
-    "fork.n_forks": {
-        "one": "%s fork",
-        "many": "%s forks",
-        "other": "%s forks"
-    },
-    "stars.n_stars": {
-        "one": "%s estrela",
-        "many": "%s estrelas",
-        "other": "%s estrelas"
-    },
-    "release.n_downloads": {
-        "one": "%s download",
-        "many": "%s downloads",
-        "other": "%s downloads"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "mesclou %[1]d commit de <code>%[2]s</code> em <code>%[3]s</code> %[4]s",
-        "many": "mesclou %[1]d de commits de <code>%[2]s</code> em <code>%[3]s</code> %[4]s",
-        "other": "mesclou %[1]d commits from <code>%[2]s</code> into <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "quer mesclar %[1]d commit de <code>%[2]s</code> em <code id=\"%[4]s\">%[3]s</code>",
-        "many": "quer mesclar %[1]d commits de <code>%[2]s</code> em <code id=\"%[4]s\">%[3]s</code>",
-        "other": "quer mesclar %[1]d commits de <code>%[2]s</code> em <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Pesquisar marcos…",
-    "home.welcome.no_activity": "Sem atividade",
-    "home.welcome.activity_hint": "Ainda não tem nada no seu feed. Suas Actions e atividade dos seus repositórios vigiados aparecerão aqui.",
-    "home.explore_repos": "Explorar repositórios",
-    "home.explore_users": "Explorar usuários",
-    "home.explore_orgs": "Explorar organizações",
-    "incorrect_root_url": "Esta instância do Forgejo está configurada para o endereço \"%s\". Você está atualmente vendo o Forgejo através de uma URL diferente, o que pode causar erros em algumas partes da aplicação. A URL oficial é controlada pela administração do Forgejo através da configuração ROOT_URL no arquivo app.ini.",
-    "themes.names.forgejo-auto": "Forgejo (usar o tema do sistema)",
-    "themes.names.forgejo-light": "Forgejo claro",
-    "themes.names.forgejo-dark": "Forgejo escuro",
-    "error.not_found.title": "Página não encontrada",
-    "alert.asset_load_failed": "Não foi possível carregar arquivos de assets de {path}. Por favor, certifique-se que os arquivos podem ser acessados.",
-    "install.invalid_lfs_path": "Não foi possível criar um root LFS no caminho especificado: %[1]s",
-    "alert.range_error": " deve ser um número entre %[1]s e %[2]s.",
-    "meta.last_line": "real hot girl shit",
-    "mail.actions.run_info_cur_status": "Status desta execução: %[1]s (atualizado recentemente de %[2]s)",
-    "mail.actions.run_info_previous_status": "Status da execução anterior: %[1]s",
-    "mail.actions.successful_run_after_failure_subject": "Workflow %[1]s recuperado no repositório %[2]s",
-    "mail.actions.not_successful_run_subject": "Workflow %[1]s falhou no repositório %[2]s",
-    "mail.actions.successful_run_after_failure": "Workflow %[1]s recuperado no repositório %[2]s",
-    "mail.actions.not_successful_run": "Workflow %[1]s falhou no repositório %[2]s",
-    "mail.actions.run_info_trigger": "Acionado devido a: %[1]s por: %[2]s",
-    "discussion.locked": "Esta discussão foi trancada. Apenas contribuidores podem adicionar comentários.",
-    "relativetime.future": "futuramente",
-    "relativetime.mins": {
-        "one": "%d minuto atrás",
-        "many": "%d minutos atrás",
-        "other": "%d minutos atrás"
-    },
-    "relativetime.days": {
-        "one": "%d dia atrás",
-        "many": "%d dias atrás",
-        "other": "%d dias atrás"
-    },
-    "relativetime.weeks": {
-        "one": "%d semana atrás",
-        "many": "%d semanas atrás",
-        "other": "%d semanas atrás"
-    },
-    "relativetime.months": {
-        "one": "%d mês atrás",
-        "many": "%d meses atrás",
-        "other": "%d meses atrás"
-    },
-    "relativetime.years": {
-        "one": "%d ano atrás",
-        "many": "%d anos atrás",
-        "other": "%d anos atrás"
-    },
-    "relativetime.1day": "ontem",
-    "relativetime.2days": "dois dias atrás",
-    "relativetime.1week": "semana passada",
-    "relativetime.1month": "mês passado",
-    "relativetime.2months": "dois meses atrás",
-    "relativetime.1year": "ano passado",
-    "relativetime.2years": "dois anos atrás",
-    "relativetime.hours": {
-        "one": "%d hora atrás",
-        "many": "%d horas atrás",
-        "other": "%d horas atrás"
-    },
-    "relativetime.2weeks": "duas semanas atrás",
-    "relativetime.now": "agora",
-    "moderation.reported_thank_you": "Agradecemos pela sua denúncia. A administração foi notificada.",
-    "moderation.report_content": "Denunciar conteúdo",
-    "admin.config.moderation_config": "Configuração de moderação",
-    "moderation.report_abuse": "Denunciar abuso",
-    "moderation.report_abuse_form.header": "Denunciar abuso à administração",
-    "moderation.report_abuse_form.invalid": "Argumentos inválidos",
-    "moderation.report_abuse_form.already_reported": "Você já denunciou este conteúdo",
-    "moderation.abuse_category": "Categoria",
-    "moderation.abuse_category.placeholder": "Selecione uma categoria",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Software malicioso",
-    "moderation.abuse_category.illegal_content": "Conteúdo ilegal",
-    "moderation.abuse_category.other_violations": "Outras violações de regras da plataforma",
-    "moderation.report_remarks": "Observações",
-    "moderation.report_remarks.placeholder": "Por favor, forneça detalhes sobre o abuso que você está denunciando.",
-    "moderation.submit_report": "Enviar denúncia",
-    "moderation.reporting_failed": "Não foi possível enviar a denúncia: %v",
-    "moderation.report_abuse_form.details": "Este formulário deve ser utilizado para denunciar contas com perfis, repositórios, issues e comentários com spam ou que se comportam inapropriadamente.",
-    "repo.form.cannot_create": "Todos os espaços onde você pode criar repositórios atingiram o limite de repositórios.",
-    "repo.issue_indexer.title": "Indexador de Issues",
-    "watch.list.none": "Ninguém está observando este repositório.",
-    "followers.incoming.list.self.none": "Ninguém está seguindo seu perfil.",
-    "followers.incoming.list.none": "Ninguém está seguindo este perfil.",
-    "followers.outgoing.list.none": "%s não está seguindo ninguém.",
-    "stars.list.none": "Ninguém favoritou este repositório.",
-    "followers.outgoing.list.self.none": "Você não está seguindo ninguém.",
-    "editor.textarea.tab_hint": "Linha já indentada. Pressione <kbd>Tab</kbd> novamente ou <kbd>Esc</kbd> para sair do editor.",
-    "editor.textarea.shift_tab_hint": "Sem indentação nesta linha. Pressione <kbd>Shift</kbd> + <kbd>Tab</kbd> novamente ou <kbd>Esc</kbd> para sair do editor.",
-    "admin.dashboard.cleanup_offline_runners": "Limpar runners desconectados",
-    "avatar.constraints_hint": "Imagem de perfil personalizada não pode exceder %[1]s em tamanho ou ser maior que %[2]dx%[3]d pixels",
-    "settings.visibility.description": "A visibilidade do perfil afeta a habilidade de acessarem seus repositórios não-privados. <a href=\"%s\" target=\"_blank\">Saiba mais</a>.",
-    "repo.diff.commit.next-short": "Próximo",
-    "repo.diff.commit.previous-short": "Anterior",
-    "profile.edit.link": "Editar perfil",
-    "feed.atom.link": "Feed Atom",
-    "keys.gpg.link": "Chaves GPG",
-    "og.repo.summary_card.alt_description": "Cartão de resumo do repositório %[1]s, descrito como: %[2]s",
-    "profile.actions.tooltip": "Mais Actions",
-    "keys.ssh.link": "Chaves SSH",
-    "mail.actions.run_info_sha": "Commit: %[1]s",
-    "repo.settings.push_mirror.branch_filter.label": "Filtro de branches (opcional)",
-    "repo.settings.push_mirror.branch_filter.description": "Branches para espelhar. Deixe em branco para espelhar todos os branches. Veja <a href=\"%[1]s\">%[2]s documentação</a> sobre a sintaxe. Exemplos: <code>main, release/*</code>",
-    "discussion.sidebar.reference": "Referência",
-    "admin.moderation.deleted_content_ref": "Conteúdo denunciado do tipo %[1]v e ID %[2]d não existe mais",
-    "admin.moderation.moderation_reports": "Denúncias para moderação",
-    "admin.moderation.reports": "Denúncias",
-    "admin.moderation.no_open_reports": "Não há denúncias abertas atualmente.",
-    "admin.dashboard.remove_resolved_reports": "Remover denúncias resolvidas",
-    "compare.branches.title": "Comparar branches",
-    "admin.auths.allow_username_change": "Permitir mudança de nome de usuário",
-    "admin.auths.allow_username_change.description": "Permitir que usuários alterem seus nomes de usuário nas configurações do perfil",
-    "repo.commit.load_tags_failed": "Carregamento de etiquetas falhou devido a um erro interno",
-    "migrate.pagure.description": "Migre dados do pagure.io ou outras instâncias do Pagure.",
-    "migrate.github.description": "Migre dados do servidor github.com ou GitHub Enterprise.",
-    "migrate.git.description": "Migrar um repositório somente de qualquer serviço Git.",
-    "migrate.gitea.description": "Migrar dados de gitea.com ou de outras instâncias do Gitea.",
-    "migrate.gitlab.description": "Migrar dados de gitlab.com ou de outras instâncias do GitLab.",
-    "migrate.gogs.description": "Migrar dados de notabug.org ou de outras instâncias do Gogs.",
-    "migrate.onedev.description": "Migrar dados de code.onedev.io ou de outras instâncias do OneDev.",
-    "migrate.gitbucket.description": "Migrar dados de instâncias do GitBucket.",
-    "migrate.codebase.description": "Migrar dados de codebasehq.com.",
-    "migrate.forgejo.description": "Migrar dados do codeberg.org ou outras servidores Forgejo.",
-    "warning.repository.out_of_sync": "A representação deste repositório no banco de dados está fora de sincronia. Se este aviso ainda aparecer após fazer push de um commit para este repositório, contate o administrador.",
-    "repo.pulls.already_merged": "Mescla falhou: Este pull request já foi mesclado.",
-    "migrate.pagure.incorrect_url": "Uma URL incorreta do repositório fonte foi fornecida",
-    "migrate.pagure.project_example": "URL do projeto Pagure, por exemplo: https://pagure.io/pagure",
-    "migrate.pagure.project_url": "URL do projeto Pagure",
-    "migrate.pagure.token_label": "Token de API Pagure",
-    "admin.config.global_2fa_requirement.title": "Exigência global de segundo fator",
-    "admin.config.global_2fa_requirement.none": "Não",
-    "admin.config.global_2fa_requirement.all": "Todos os usuários",
-    "settings.twofa_unroll_unavailable": "A autenticação de dois fatores é exigida para a sua conta e não pode ser desativada.",
-    "settings.twofa_reenroll": "Recadastrar autenticação de dois fatores",
-    "settings.must_enable_2fa": "Este servidor do Forgejo exige que usuários habilitem a autenticação de dois fatores antes que possam acessar suas contas.",
-    "admin.config.security": "Configuração de segurança",
-    "admin.config.global_2fa_requirement.admin": "Administradores",
-    "settings.twofa_reenroll.description": "Recadastrar sua autenticação de dois fatores",
-    "error.must_enable_2fa": "Este servidor do Forgejo exige que usuários habilitem a autenticação de dois fatores antes que possam acessar suas contas. Habilitar em: %s",
-    "user.ghost.tooltip": "Este usuário foi excluído, ou não pode ser encontrado.",
-    "migrate.form.error.url_credentials": "A URL contém credenciais, coloque-as nos campos de usuário e senha respectivamente",
-    "actions.runs.viewing_out_of_date_run": "Você está visualizando uma execução desatualizada deste trabalho que foi executada %[1]s.",
-    "actions.runs.view_most_recent_run": "Ver execução mais recente",
-    "actions.runs.run_attempt_label": "Tentativa de execução #%[1]s (%[2]s)",
-    "repo.pulls.maintainers_can_edit": "Mantenedores podem editar este pull request.",
-    "repo.pulls.maintainers_cannot_edit": "Mantenedores não podem editar este pull request.",
-    "pulse.n_active_issues": {
-        "one": "%s questão ativa",
-        "many": "%s questões ativas",
-        "other": "%s questões ativas"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s pull request ativo",
-        "many": "%s pull requests ativos",
-        "other": "%s pull requests ativos"
-    },
-    "migrate.pagure.private_issues.summary": "Questões Privadas (Opcional)",
-    "migrate.pagure.private_issues.description": "Esta funcionalidade foi projetada para criar um segundo repositório contendo somente questões privadas do seu projeto Pagure para a finalidade de arquivo. Primeiro, faça uma migração normal (sem token) para importar todo o conteúdo público. Depois, se você tem questões privadas que deseja preservar, crie um repositório separado usando esta opção de token para arquivar estas questões privadas.",
-    "migrate.pagure.private_issues.warning": "Certifique-se de definir a visibilidade do repositório acima para Privado se você está usando a chave de API para importar questões privadas. Isso evita expor acidentalmente conteúdo privado em um repositório público.",
-    "migrate.pagure.token.placeholder": "Somente para criar um arquivo de questões privadas",
-    "mail.issue.action.close_by_commit": "%[1]s fechou %[2]s no commit %[3]s.",
-    "actions.workflow.job_parsing_error": "Não foi possível processar alguns trabalhos do workflow: %v",
-    "actions.workflow.event_detection_error": "Não foi possível processar eventos suportados no workflow: %v",
-    "actions.workflow.pre_execution_error": "Workflow não foi executado devido a um erro que bloqueou a tentativa de execução.",
-    "watch.n_watchers": {
-        "one": "%s observador",
-        "many": "%s observadores",
-        "other": "%s observadores"
-    },
-    "teams.add_all_repos.modal.header": "Adicionar todos os repositórios",
-    "teams.remove_all_repos.modal.header": "Remover todos os repositórios",
-    "repo.pulls.poster_manage_approval": "Gerenciar aprovação",
-    "repo.pulls.poster_requires_approval": "Alguns workflows estão <a href=\"%[1]s\">aguardando revisão.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "O autor deste pull request não foi marcado como confiável para executar workflows acionados por um pull request criado de um repositório como fork ou com o AGit. Os workflows acionados por eventos `pull_request` não serão executados até que tenham sido aprovados.",
-    "repo.pulls.poster_is_trusted": "O autor desse pull request foi <a href=\"%[1]s\">marcado como sempre confiável para executar workflows.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "O autor deste pull request está marcado explicitamente como confiável para executar workflows acionados por eventos `pull_request`.",
-    "repo.pulls.poster_trust_deny": "Negar",
-    "repo.pulls.poster_trust_deny.tooltip": "Os workflows aguardando aprovação serão cancelados.",
-    "repo.pulls.poster_trust_once": "Aprovar desta vez",
-    "repo.pulls.poster_trust_once.tooltip": "Os workflows acionados por um evento `pull_request` irão ser executados neste commit mas precisão ser aprovados para todos os commits futuros enviados para este pull request.",
-    "repo.pulls.poster_trust_always": "Aprovar sempre",
-    "repo.pulls.poster_trust_always.tooltip": "Os workflows acionados por um evento `pull_request` irão ser executados neste commit e não será necessário aprovar execuções deste pull request ou de pull requests futuros de autoria do mesmo usuário.",
-    "repo.pulls.poster_trust_revoke": "Revogar",
-    "repo.pulls.poster_trust_revoke.tooltip": "O autor deste pull request não será mais considerado confiável para executar workflows acionados por um evento `pull_request`. Cada execução precisará ser manualmente aprovada.",
-    "admin.dashboard.actions_action_user": "Revogar confiança em Actions do Forgejo para usuários inativos",
-    "actions.status.diagnostics.waiting": {
-        "one": "Esperando por um runner com o seguinte rótulo: %s",
-        "many": "Esperando por um runner com os seguintes rótulos: %s",
-        "other": "Esperando por um runner com os seguintes rótulos: %s"
-    },
-    "keys.verify.token.hint": "Esse token é válido apenas por 1 minuto. <a href=\"%[1]s\">Obtenha um novo se ele expirou</a>.",
-    "repo.issues.filter_poster.hint": "Filtrar por autor",
-    "repo.issues.filter_assignee.hint": "Filtrar por usuário atribuído",
-    "repo.issues.filter_reviewers.hint": "Filtrar por usuário revisor",
-    "repo.issues.filter_mention.hint": "Filtrar por usuário mencionado",
-    "repo.issues.filter_modified.hint": "Filtrar por data da última modificação",
-    "repo.issues.filter_sort.hint": "Ordenar por: criado/comentários/atualizado/prazo",
-    "search.syntax": "Sintaxe de pesquisa",
-    "admin.dashboard.transfer_lingering_logs": "Transferir registros de actions de trabalhos finalizados do banco de dados para o armazenamento",
-    "actions.workflow.persistent_incomplete_matrix": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s devido a uma expressão `needs` que era inválida. Ela pode se referir a um trabalho que não está na sua lista de 'needs' (%[2]s), ou uma saída que não existe em um desses trabalhos.",
-    "admin.auths.oauth2_quota_group_claim_name": "Nome de reivindicação para agrupamento desta fonte no gerenciamento de cotas. (Opcional)",
-    "admin.auths.oauth2_quota_group_map": "Mapear grupos reivindicados com grupos de cotas. (Opcional - requer nome de reivindicação acima)",
-    "admin.auths.oauth2_quota_group_map_removal": "Remover usuários de grupos de cotas sincronizados se o usuário não pertence ao grupo correspondente.",
-    "moderation.report.mark_as_handled": "Marcar como resolvido",
-    "moderation.report.mark_as_ignored": "Marcar como ignorado",
-    "moderation.action.account.delete": "Excluir conta",
-    "moderation.action.account.suspend": "Suspender conta",
-    "moderation.action.repo.delete": "Excluir repositório",
-    "moderation.action.issue.delete": "Excluir questão",
-    "moderation.action.comment.delete": "Excluir comentário",
-    "moderation.unknown_action": "Ação desconhecida",
-    "moderation.users.cannot_suspend_self": "Você não pode se suspender.",
-    "moderation.users.cannot_suspend_admins": "Usuários com privilégios de administrador não podem ser suspensos.",
-    "moderation.users.cannot_suspend_org": "Organizações não podem ser suspensas.",
-    "moderation.users.already_suspended": "Esta conta já está suspensa.",
-    "moderation.users.suspend_success": "A conta do usuário foi suspensa.",
-    "moderation.users.cannot_delete_admins": "Usuários com privilégios de administrador não podem ser excluídos.",
-    "moderation.issue.deletion_success": "A questão foi excluída.",
-    "moderation.comment.deletion_success": "O comentário foi excluído.",
-    "actions.workflow.incomplete_matrix_missing_job": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: trabalho %[2]s não está na lista de `needs` do trabalho %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: o trabalho %[2]s não tem uma saída %[3]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: erro desconhecido.",
-    "actions.workflow.incomplete_runson_missing_job": "Não foi possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não está na lista `needs` do trabalho %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Não é possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não tem uma saída %[3]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Não é possível avaliar `runs-on` do trabalho %[1]s: a dimensão da matriz %[2]s não existe.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Não é possível avaliar `runs-on` do trabalho %[1]s: erro desconhecido."
+	"fork.n_forks": {
+		"one": "%s fork",
+		"many": "%s forks",
+		"other": "%s forks"
+	},
+	"stars.n_stars": {
+		"one": "%s estrela",
+		"many": "%s estrelas",
+		"other": "%s estrelas"
+	},
+	"release.n_downloads": {
+		"one": "%s download",
+		"many": "%s downloads",
+		"other": "%s downloads"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "mesclou %[1]d commit de <code>%[2]s</code> em <code>%[3]s</code> %[4]s",
+		"many": "mesclou %[1]d de commits de <code>%[2]s</code> em <code>%[3]s</code> %[4]s",
+		"other": "mesclou %[1]d commits from <code>%[2]s</code> into <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "quer mesclar %[1]d commit de <code>%[2]s</code> em <code id=\"%[4]s\">%[3]s</code>",
+		"many": "quer mesclar %[1]d commits de <code>%[2]s</code> em <code id=\"%[4]s\">%[3]s</code>",
+		"other": "quer mesclar %[1]d commits de <code>%[2]s</code> em <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Pesquisar marcos…",
+	"home.welcome.no_activity": "Sem atividade",
+	"home.welcome.activity_hint": "Ainda não tem nada no seu feed. Suas Actions e atividade dos seus repositórios vigiados aparecerão aqui.",
+	"home.explore_repos": "Explorar repositórios",
+	"home.explore_users": "Explorar usuários",
+	"home.explore_orgs": "Explorar organizações",
+	"incorrect_root_url": "Esta instância do Forgejo está configurada para o endereço \"%s\". Você está atualmente vendo o Forgejo através de uma URL diferente, o que pode causar erros em algumas partes da aplicação. A URL oficial é controlada pela administração do Forgejo através da configuração ROOT_URL no arquivo app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (usar o tema do sistema)",
+	"themes.names.forgejo-light": "Forgejo claro",
+	"themes.names.forgejo-dark": "Forgejo escuro",
+	"error.not_found.title": "Página não encontrada",
+	"alert.asset_load_failed": "Não foi possível carregar arquivos de assets de {path}. Por favor, certifique-se que os arquivos podem ser acessados.",
+	"install.invalid_lfs_path": "Não foi possível criar um root LFS no caminho especificado: %[1]s",
+	"alert.range_error": " deve ser um número entre %[1]s e %[2]s.",
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.run_info_cur_status": "Status desta execução: %[1]s (atualizado recentemente de %[2]s)",
+	"mail.actions.run_info_previous_status": "Status da execução anterior: %[1]s",
+	"mail.actions.successful_run_after_failure_subject": "Workflow %[1]s recuperado no repositório %[2]s",
+	"mail.actions.not_successful_run_subject": "Workflow %[1]s falhou no repositório %[2]s",
+	"mail.actions.successful_run_after_failure": "Workflow %[1]s recuperado no repositório %[2]s",
+	"mail.actions.not_successful_run": "Workflow %[1]s falhou no repositório %[2]s",
+	"mail.actions.run_info_trigger": "Acionado devido a: %[1]s por: %[2]s",
+	"discussion.locked": "Esta discussão foi trancada. Apenas contribuidores podem adicionar comentários.",
+	"relativetime.future": "futuramente",
+	"relativetime.mins": {
+		"one": "%d minuto atrás",
+		"many": "%d minutos atrás",
+		"other": "%d minutos atrás"
+	},
+	"relativetime.days": {
+		"one": "%d dia atrás",
+		"many": "%d dias atrás",
+		"other": "%d dias atrás"
+	},
+	"relativetime.weeks": {
+		"one": "%d semana atrás",
+		"many": "%d semanas atrás",
+		"other": "%d semanas atrás"
+	},
+	"relativetime.months": {
+		"one": "%d mês atrás",
+		"many": "%d meses atrás",
+		"other": "%d meses atrás"
+	},
+	"relativetime.years": {
+		"one": "%d ano atrás",
+		"many": "%d anos atrás",
+		"other": "%d anos atrás"
+	},
+	"relativetime.1day": "ontem",
+	"relativetime.2days": "dois dias atrás",
+	"relativetime.1week": "semana passada",
+	"relativetime.1month": "mês passado",
+	"relativetime.2months": "dois meses atrás",
+	"relativetime.1year": "ano passado",
+	"relativetime.2years": "dois anos atrás",
+	"relativetime.hours": {
+		"one": "%d hora atrás",
+		"many": "%d horas atrás",
+		"other": "%d horas atrás"
+	},
+	"relativetime.2weeks": "duas semanas atrás",
+	"relativetime.now": "agora",
+	"moderation.reported_thank_you": "Agradecemos pela sua denúncia. A administração foi notificada.",
+	"moderation.report_content": "Denunciar conteúdo",
+	"admin.config.moderation_config": "Configuração de moderação",
+	"moderation.report_abuse": "Denunciar abuso",
+	"moderation.report_abuse_form.header": "Denunciar abuso à administração",
+	"moderation.report_abuse_form.invalid": "Argumentos inválidos",
+	"moderation.report_abuse_form.already_reported": "Você já denunciou este conteúdo",
+	"moderation.abuse_category": "Categoria",
+	"moderation.abuse_category.placeholder": "Selecione uma categoria",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Software malicioso",
+	"moderation.abuse_category.illegal_content": "Conteúdo ilegal",
+	"moderation.abuse_category.other_violations": "Outras violações de regras da plataforma",
+	"moderation.report_remarks": "Observações",
+	"moderation.report_remarks.placeholder": "Por favor, forneça detalhes sobre o abuso que você está denunciando.",
+	"moderation.submit_report": "Enviar denúncia",
+	"moderation.reporting_failed": "Não foi possível enviar a denúncia: %v",
+	"moderation.report_abuse_form.details": "Este formulário deve ser utilizado para denunciar contas com perfis, repositórios, issues e comentários com spam ou que se comportam inapropriadamente.",
+	"repo.form.cannot_create": "Todos os espaços onde você pode criar repositórios atingiram o limite de repositórios.",
+	"repo.issue_indexer.title": "Indexador de Issues",
+	"watch.list.none": "Ninguém está observando este repositório.",
+	"followers.incoming.list.self.none": "Ninguém está seguindo seu perfil.",
+	"followers.incoming.list.none": "Ninguém está seguindo este perfil.",
+	"followers.outgoing.list.none": "%s não está seguindo ninguém.",
+	"stars.list.none": "Ninguém favoritou este repositório.",
+	"followers.outgoing.list.self.none": "Você não está seguindo ninguém.",
+	"editor.textarea.tab_hint": "Linha já indentada. Pressione <kbd>Tab</kbd> novamente ou <kbd>Esc</kbd> para sair do editor.",
+	"editor.textarea.shift_tab_hint": "Sem indentação nesta linha. Pressione <kbd>Shift</kbd> + <kbd>Tab</kbd> novamente ou <kbd>Esc</kbd> para sair do editor.",
+	"admin.dashboard.cleanup_offline_runners": "Limpar runners desconectados",
+	"avatar.constraints_hint": "Imagem de perfil personalizada não pode exceder %[1]s em tamanho ou ser maior que %[2]dx%[3]d pixels",
+	"settings.visibility.description": "A visibilidade do perfil afeta a habilidade de acessarem seus repositórios não-privados. <a href=\"%s\" target=\"_blank\">Saiba mais</a>.",
+	"repo.diff.commit.next-short": "Próximo",
+	"repo.diff.commit.previous-short": "Anterior",
+	"profile.edit.link": "Editar perfil",
+	"feed.atom.link": "Feed Atom",
+	"keys.gpg.link": "Chaves GPG",
+	"og.repo.summary_card.alt_description": "Cartão de resumo do repositório %[1]s, descrito como: %[2]s",
+	"profile.actions.tooltip": "Mais Actions",
+	"keys.ssh.link": "Chaves SSH",
+	"mail.actions.run_info_sha": "Commit: %[1]s",
+	"repo.settings.push_mirror.branch_filter.label": "Filtro de branches (opcional)",
+	"repo.settings.push_mirror.branch_filter.description": "Branches para espelhar. Deixe em branco para espelhar todos os branches. Veja <a href=\"%[1]s\">%[2]s documentação</a> sobre a sintaxe. Exemplos: <code>main, release/*</code>",
+	"discussion.sidebar.reference": "Referência",
+	"admin.moderation.deleted_content_ref": "Conteúdo denunciado do tipo %[1]v e ID %[2]d não existe mais",
+	"admin.moderation.moderation_reports": "Denúncias para moderação",
+	"admin.moderation.reports": "Denúncias",
+	"admin.moderation.no_open_reports": "Não há denúncias abertas atualmente.",
+	"admin.dashboard.remove_resolved_reports": "Remover denúncias resolvidas",
+	"compare.branches.title": "Comparar branches",
+	"admin.auths.allow_username_change": "Permitir mudança de nome de usuário",
+	"admin.auths.allow_username_change.description": "Permitir que usuários alterem seus nomes de usuário nas configurações do perfil",
+	"repo.commit.load_tags_failed": "Carregamento de etiquetas falhou devido a um erro interno",
+	"migrate.pagure.description": "Migre dados do pagure.io ou outras instâncias do Pagure.",
+	"migrate.github.description": "Migre dados do servidor github.com ou GitHub Enterprise.",
+	"migrate.git.description": "Migrar um repositório somente de qualquer serviço Git.",
+	"migrate.gitea.description": "Migrar dados de gitea.com ou de outras instâncias do Gitea.",
+	"migrate.gitlab.description": "Migrar dados de gitlab.com ou de outras instâncias do GitLab.",
+	"migrate.gogs.description": "Migrar dados de notabug.org ou de outras instâncias do Gogs.",
+	"migrate.onedev.description": "Migrar dados de code.onedev.io ou de outras instâncias do OneDev.",
+	"migrate.gitbucket.description": "Migrar dados de instâncias do GitBucket.",
+	"migrate.codebase.description": "Migrar dados de codebasehq.com.",
+	"migrate.forgejo.description": "Migrar dados do codeberg.org ou outras servidores Forgejo.",
+	"warning.repository.out_of_sync": "A representação deste repositório no banco de dados está fora de sincronia. Se este aviso ainda aparecer após fazer push de um commit para este repositório, contate o administrador.",
+	"repo.pulls.already_merged": "Mescla falhou: Este pull request já foi mesclado.",
+	"migrate.pagure.incorrect_url": "Uma URL incorreta do repositório fonte foi fornecida",
+	"migrate.pagure.project_example": "URL do projeto Pagure, por exemplo: https://pagure.io/pagure",
+	"migrate.pagure.project_url": "URL do projeto Pagure",
+	"migrate.pagure.token_label": "Token de API Pagure",
+	"admin.config.global_2fa_requirement.title": "Exigência global de segundo fator",
+	"admin.config.global_2fa_requirement.none": "Não",
+	"admin.config.global_2fa_requirement.all": "Todos os usuários",
+	"settings.twofa_unroll_unavailable": "A autenticação de dois fatores é exigida para a sua conta e não pode ser desativada.",
+	"settings.twofa_reenroll": "Recadastrar autenticação de dois fatores",
+	"settings.must_enable_2fa": "Este servidor do Forgejo exige que usuários habilitem a autenticação de dois fatores antes que possam acessar suas contas.",
+	"admin.config.security": "Configuração de segurança",
+	"admin.config.global_2fa_requirement.admin": "Administradores",
+	"settings.twofa_reenroll.description": "Recadastrar sua autenticação de dois fatores",
+	"error.must_enable_2fa": "Este servidor do Forgejo exige que usuários habilitem a autenticação de dois fatores antes que possam acessar suas contas. Habilitar em: %s",
+	"user.ghost.tooltip": "Este usuário foi excluído, ou não pode ser encontrado.",
+	"migrate.form.error.url_credentials": "A URL contém credenciais, coloque-as nos campos de usuário e senha respectivamente",
+	"actions.runs.viewing_out_of_date_run": "Você está visualizando uma execução desatualizada deste trabalho que foi executada %[1]s.",
+	"actions.runs.view_most_recent_run": "Ver execução mais recente",
+	"actions.runs.run_attempt_label": "Tentativa de execução #%[1]s (%[2]s)",
+	"repo.pulls.maintainers_can_edit": "Mantenedores podem editar este pull request.",
+	"repo.pulls.maintainers_cannot_edit": "Mantenedores não podem editar este pull request.",
+	"pulse.n_active_issues": {
+		"one": "%s questão ativa",
+		"many": "%s questões ativas",
+		"other": "%s questões ativas"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s pull request ativo",
+		"many": "%s pull requests ativos",
+		"other": "%s pull requests ativos"
+	},
+	"migrate.pagure.private_issues.summary": "Questões Privadas (Opcional)",
+	"migrate.pagure.private_issues.description": "Esta funcionalidade foi projetada para criar um segundo repositório contendo somente questões privadas do seu projeto Pagure para a finalidade de arquivo. Primeiro, faça uma migração normal (sem token) para importar todo o conteúdo público. Depois, se você tem questões privadas que deseja preservar, crie um repositório separado usando esta opção de token para arquivar estas questões privadas.",
+	"migrate.pagure.private_issues.warning": "Certifique-se de definir a visibilidade do repositório acima para Privado se você está usando a chave de API para importar questões privadas. Isso evita expor acidentalmente conteúdo privado em um repositório público.",
+	"migrate.pagure.token.placeholder": "Somente para criar um arquivo de questões privadas",
+	"mail.issue.action.close_by_commit": "%[1]s fechou %[2]s no commit %[3]s.",
+	"actions.workflow.job_parsing_error": "Não foi possível processar alguns trabalhos do workflow: %v",
+	"actions.workflow.event_detection_error": "Não foi possível processar eventos suportados no workflow: %v",
+	"actions.workflow.pre_execution_error": "Workflow não foi executado devido a um erro que bloqueou a tentativa de execução.",
+	"watch.n_watchers": {
+		"one": "%s observador",
+		"many": "%s observadores",
+		"other": "%s observadores"
+	},
+	"teams.add_all_repos.modal.header": "Adicionar todos os repositórios",
+	"teams.remove_all_repos.modal.header": "Remover todos os repositórios",
+	"repo.pulls.poster_manage_approval": "Gerenciar aprovação",
+	"repo.pulls.poster_requires_approval": "Alguns workflows estão <a href=\"%[1]s\">aguardando revisão.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "O autor deste pull request não foi marcado como confiável para executar workflows acionados por um pull request criado de um repositório como fork ou com o AGit. Os workflows acionados por eventos `pull_request` não serão executados até que tenham sido aprovados.",
+	"repo.pulls.poster_is_trusted": "O autor desse pull request foi <a href=\"%[1]s\">marcado como sempre confiável para executar workflows.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "O autor deste pull request está marcado explicitamente como confiável para executar workflows acionados por eventos `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Negar",
+	"repo.pulls.poster_trust_deny.tooltip": "Os workflows aguardando aprovação serão cancelados.",
+	"repo.pulls.poster_trust_once": "Aprovar desta vez",
+	"repo.pulls.poster_trust_once.tooltip": "Os workflows acionados por um evento `pull_request` irão ser executados neste commit mas precisão ser aprovados para todos os commits futuros enviados para este pull request.",
+	"repo.pulls.poster_trust_always": "Aprovar sempre",
+	"repo.pulls.poster_trust_always.tooltip": "Os workflows acionados por um evento `pull_request` irão ser executados neste commit e não será necessário aprovar execuções deste pull request ou de pull requests futuros de autoria do mesmo usuário.",
+	"repo.pulls.poster_trust_revoke": "Revogar",
+	"repo.pulls.poster_trust_revoke.tooltip": "O autor deste pull request não será mais considerado confiável para executar workflows acionados por um evento `pull_request`. Cada execução precisará ser manualmente aprovada.",
+	"admin.dashboard.actions_action_user": "Revogar confiança em Actions do Forgejo para usuários inativos",
+	"actions.status.diagnostics.waiting": {
+		"one": "Esperando por um runner com o seguinte rótulo: %s",
+		"many": "Esperando por um runner com os seguintes rótulos: %s",
+		"other": "Esperando por um runner com os seguintes rótulos: %s"
+	},
+	"keys.verify.token.hint": "Esse token é válido apenas por 1 minuto. <a href=\"%[1]s\">Obtenha um novo se ele expirou</a>.",
+	"repo.issues.filter_poster.hint": "Filtrar por autor",
+	"repo.issues.filter_assignee.hint": "Filtrar por usuário atribuído",
+	"repo.issues.filter_reviewers.hint": "Filtrar por usuário revisor",
+	"repo.issues.filter_mention.hint": "Filtrar por usuário mencionado",
+	"repo.issues.filter_modified.hint": "Filtrar por data da última modificação",
+	"repo.issues.filter_sort.hint": "Ordenar por: criado/comentários/atualizado/prazo",
+	"search.syntax": "Sintaxe de pesquisa",
+	"admin.dashboard.transfer_lingering_logs": "Transferir registros de actions de trabalhos finalizados do banco de dados para o armazenamento",
+	"actions.workflow.persistent_incomplete_matrix": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s devido a uma expressão `needs` que era inválida. Ela pode se referir a um trabalho que não está na sua lista de 'needs' (%[2]s), ou uma saída que não existe em um desses trabalhos.",
+	"admin.auths.oauth2_quota_group_claim_name": "Nome de reivindicação para agrupamento desta fonte no gerenciamento de cotas. (Opcional)",
+	"admin.auths.oauth2_quota_group_map": "Mapear grupos reivindicados com grupos de cotas. (Opcional - requer nome de reivindicação acima)",
+	"admin.auths.oauth2_quota_group_map_removal": "Remover usuários de grupos de cotas sincronizados se o usuário não pertence ao grupo correspondente.",
+	"moderation.report.mark_as_handled": "Marcar como resolvido",
+	"moderation.report.mark_as_ignored": "Marcar como ignorado",
+	"moderation.action.account.delete": "Excluir conta",
+	"moderation.action.account.suspend": "Suspender conta",
+	"moderation.action.repo.delete": "Excluir repositório",
+	"moderation.action.issue.delete": "Excluir questão",
+	"moderation.action.comment.delete": "Excluir comentário",
+	"moderation.unknown_action": "Ação desconhecida",
+	"moderation.users.cannot_suspend_self": "Você não pode se suspender.",
+	"moderation.users.cannot_suspend_admins": "Usuários com privilégios de administrador não podem ser suspensos.",
+	"moderation.users.cannot_suspend_org": "Organizações não podem ser suspensas.",
+	"moderation.users.already_suspended": "Esta conta já está suspensa.",
+	"moderation.users.suspend_success": "A conta do usuário foi suspensa.",
+	"moderation.users.cannot_delete_admins": "Usuários com privilégios de administrador não podem ser excluídos.",
+	"moderation.issue.deletion_success": "A questão foi excluída.",
+	"moderation.comment.deletion_success": "O comentário foi excluído.",
+	"actions.workflow.incomplete_matrix_missing_job": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: trabalho %[2]s não está na lista de `needs` do trabalho %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: o trabalho %[2]s não tem uma saída %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: erro desconhecido.",
+	"actions.workflow.incomplete_runson_missing_job": "Não foi possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não está na lista `needs` do trabalho %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Não é possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não tem uma saída %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Não é possível avaliar `runs-on` do trabalho %[1]s: a dimensão da matriz %[2]s não existe.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Não é possível avaliar `runs-on` do trabalho %[1]s: erro desconhecido."
 }
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index 3f68db87b7..56399358a6 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -1,258 +1,258 @@
 {
-    "fork.n_forks": {
-        "one": "%s derivação",
-        "many": "%s derivações",
-        "other": "%s derivações"
-    },
-    "stars.n_stars": {
-        "one": "%s estrela",
-        "many": "%s estrelas",
-        "other": "%s estrelas"
-    },
-    "release.n_downloads": {
-        "one": "%s descarga",
-        "many": "%s descargas",
-        "other": "%s descargas"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "integrou %[1]d cometimento do ramo <code>%[2]s</code> no ramo <code>%[3]s</code> %[4]s",
-        "many": "integrou %[1]d cometimentos do ramo <code>%[2]s</code> no ramo <code>%[3]s</code> %[4]s",
-        "other": "integrou %[1]d cometimentos do ramo <code>%[2]s</code> no ramo <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "quer integrar %[1]d cometimento do ramo <code>%[2]s</code> no ramo <code id=\"%[4]s\">%[3]s</code>",
-        "many": "quer integrar %[1]d cometimentos do ramo <code>%[2]s</code> no ramo <code id=\"%[4]s\">%[3]s</code>",
-        "other": "quer integrar %[1]d cometimentos do ramo <code>%[2]s</code> no ramo <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Procurar etapas…",
-    "home.welcome.no_activity": "Sem atividade",
-    "home.welcome.activity_hint": "Ainda não há nada no seu feed. As suas operações e a atividade dos repositórios que vigia aparecerão aqui.",
-    "home.explore_repos": "Explorar repositórios",
-    "home.explore_users": "Explorar utilizadores",
-    "home.explore_orgs": "Explorar organizações",
-    "incorrect_root_url": "Esta instância do Forgejo está configurada para ser servida em “%s”. Atualmente, está a visualizar o Forgejo através de um URL diferente, o que pode causar a quebra de partes da aplicação. O URL official é controlado pelos administradores do Forgejo através da configuração ROOT_URL no ficheiro app.ini.",
-    "themes.names.forgejo-auto": "Forgejo (segue o tema do sistema)",
-    "themes.names.forgejo-light": "Forgejo claro",
-    "themes.names.forgejo-dark": "Forgejo escuro",
-    "error.not_found.title": "Página não encontrada",
-    "alert.asset_load_failed": "Falha ao carregar ficheiros de recurso de {path}. Certifique-se de que os ficheiros de recurso podem ser acedidos.",
-    "install.invalid_lfs_path": "Não foi possível criar a raiz LFS no caminho especificado: %[1]s",
-    "alert.range_error": " deve ser um número entre %[1]s e %[2]s.",
-    "meta.last_line": "Se programarem em Python, por favor usem o uv e Ruff (e estejam atentos ao Red Knot no repositório do Ruff). E vejam também mise-en-place (https://mise.jdx.dev).",
-    "mail.actions.successful_run_after_failure_subject": "Sequência de trabalho %[1]s foi recuperada no repositório %[2]s",
-    "mail.actions.not_successful_run_subject": "Sequência de trabalho %[1]s falhou no repositório %[2]s",
-    "mail.actions.not_successful_run": "Sequência de trabalho %[1]s falhou no repositório %[2]s",
-    "mail.actions.successful_run_after_failure": "Sequência de trabalho %[1]s foi recuperada no repositório %[2]s",
-    "discussion.locked": "Esta discussão foi fechada. Apenas contribuidores podem publicar comentários.",
-    "mail.actions.run_info_cur_status": "Estado desta execução: %[1]s (atualizado recentemente de %[2]s)",
-    "mail.actions.run_info_previous_status": "Estado da execução anterior: %[1]s",
-    "mail.actions.run_info_trigger": "Ativado porque: %[1]s por: %[2]s",
-    "relativetime.now": "agora",
-    "relativetime.future": "no futuro",
-    "relativetime.mins": {
-        "one": "%d minuto atrás",
-        "many": "%d minutos atrás",
-        "other": "%d minutos atrás"
-    },
-    "relativetime.weeks": {
-        "one": "%d semana atrás",
-        "many": "%d semanas atrás",
-        "other": "%d semanas atrás"
-    },
-    "relativetime.months": {
-        "one": "%d mês atrás",
-        "many": "%d meses atrás",
-        "other": "%d meses atrás"
-    },
-    "relativetime.years": {
-        "one": "%d ano atrás",
-        "many": "%d anos atrás",
-        "other": "%d anos atrás"
-    },
-    "relativetime.2days": "dois dias atrás",
-    "relativetime.2weeks": "duas semanas atrás",
-    "relativetime.1month": "mês passado",
-    "relativetime.2months": "dois meses atrás",
-    "relativetime.1year": "ano passado",
-    "relativetime.2years": "dois anos atrás",
-    "relativetime.days": {
-        "one": "%d dia atrás",
-        "many": "%d dias atrás",
-        "other": "%d dias atrás"
-    },
-    "relativetime.hours": {
-        "one": "%d hora atrás",
-        "many": "%d horas atrás",
-        "other": "%d horas atrás"
-    },
-    "relativetime.1week": "semana passada",
-    "relativetime.1day": "ontem",
-    "moderation.report_remarks.placeholder": "Por favor forneça alguns pormenores sobre o abuso que está a denunciar.",
-    "admin.config.moderation_config": "Configuração de moderação",
-    "moderation.report_abuse": "Denunciar abuso",
-    "moderation.report_content": "Denunciar conteúdo",
-    "moderation.report_abuse_form.header": "Denunciar abuso à administração",
-    "moderation.report_abuse_form.details": "Este formulário deve ser utilizado para denunciar utilizadores que criam perfis, repositórios, questões, comentários de spam ou que se comportam de forma inadequada.",
-    "moderation.report_abuse_form.invalid": "Argumentos inválidos",
-    "moderation.report_abuse_form.already_reported": "Já denunciou este conteúdo",
-    "moderation.abuse_category": "Categoria",
-    "moderation.abuse_category.placeholder": "Escolha uma categoria",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Software malicioso",
-    "moderation.abuse_category.illegal_content": "Conteúdo ilegal",
-    "moderation.abuse_category.other_violations": "Outras violações das regras da plataforma",
-    "moderation.report_remarks": "Observações",
-    "moderation.submit_report": "Submeter denúncia",
-    "moderation.reporting_failed": "Não foi possível submeter a nova denúncia de abuso: %v",
-    "moderation.reported_thank_you": "Obrigado pela sua denúncia. A administração foi informada do facto.",
-    "repo.form.cannot_create": "Todos os espaços nos quais pode criar repositórios atingiram o limite de repositórios.",
-    "repo.issue_indexer.title": "Indexador de Questões",
-    "watch.list.none": "Ninguém está a vigiar este repositório.",
-    "followers.incoming.list.self.none": "Ninguém está a seguir o seu perfil.",
-    "followers.incoming.list.none": "Ninguém está a seguir este utilizador.",
-    "followers.outgoing.list.none": "%s não está a seguir ninguém.",
-    "followers.outgoing.list.self.none": "Não está a seguir ninguém.",
-    "editor.textarea.tab_hint": "Linha já indentada. Pressione <kbd>Tab</kbd> novamente ou <kbd>Escape</kbd> para sair do editor.",
-    "editor.textarea.shift_tab_hint": "Sem indentação nesta linha. Pressione <kbd>Shift</kbd> + <kbd>Tab</kbd> novamente ou <kbd>Escape</kbd> para sair do editor.",
-    "stars.list.none": "Ninguém juntou este repositório aos favoritos.",
-    "admin.dashboard.cleanup_offline_runners": "Limpeza de executores offline",
-    "settings.visibility.description": "A visibilidade do perfil afecta a capacidade de outros acederem aos seus repositórios não privados. <a href=\"%s\" target=\"_blank\">Saiba mais</a>.",
-    "avatar.constraints_hint": "O avatar personalizado não pode exceder %[1]s de tamanho ou ser maior do que %[2]dx%[3]d pixéis",
-    "repo.diff.commit.next-short": "Seg.",
-    "profile.actions.tooltip": "Mais Actions",
-    "profile.edit.link": "Editar perfil",
-    "feed.atom.link": "Feed Atom",
-    "keys.ssh.link": "Chaves SSH",
-    "keys.gpg.link": "Chaves GPG",
-    "repo.diff.commit.previous-short": "Ant.",
-    "og.repo.summary_card.alt_description": "Cartão de resumo do repositório %[1]s, descrito como: %[2]s",
-    "repo.settings.push_mirror.branch_filter.label": "Filtro de ramos (opcional)",
-    "repo.settings.push_mirror.branch_filter.description": "Ramos a serem espelhados. Deixe em branco para espelhar todos os ramos. Veja a <a href=\"%[1]s\">%[2]s documentação</a> sobre a sintaxe. Exemplos: <code>main, release/*</code>",
-    "mail.actions.run_info_sha": "Cometimento: %[1]s",
-    "discussion.sidebar.reference": "Referência",
-    "admin.dashboard.remove_resolved_reports": "Remover denúncias resolvidas",
-    "admin.moderation.no_open_reports": "Atualmente não há denúncias em aberto.",
-    "admin.moderation.deleted_content_ref": "O conteúdo denunciado do tipo %[1]v e id %[2]d já não existe",
-    "admin.moderation.moderation_reports": "Denúncias aos moderadores",
-    "admin.moderation.reports": "Denúncias",
-    "compare.branches.title": "Comparar ramos",
-    "warning.repository.out_of_sync": "A representação da base de dados deste repositório está desincronizada. Se este aviso continuar a ser apresentado após enviar uma confirmação para este repositório, contacte o administrador.",
-    "admin.auths.allow_username_change": "Permitir alteração do nome de utilizador",
-    "admin.auths.allow_username_change.description": "Permitir que os utilizadores alterem o seu nome de utilizador nas definições do perfil",
-    "admin.config.global_2fa_requirement.none": "Não",
-    "admin.config.global_2fa_requirement.all": "Todos os utilizadores",
-    "repo.commit.load_tags_failed": "Falha ao carregar tags devido a erro interno",
-    "admin.config.global_2fa_requirement.title": "Requisito global de dois fatores",
-    "admin.config.global_2fa_requirement.admin": "Administradores",
-    "repo.pulls.already_merged": "Integração falhou: este pedido de integração já foi integrado.",
-    "admin.config.security": "Configuração de segurança",
-    "settings.twofa_unroll_unavailable": "A autenticação de dois fatores é necessária para a sua conta e não pode ser desativada.",
-    "settings.twofa_reenroll": "Reativar a autenticação de dois fatores",
-    "settings.twofa_reenroll.description": "Reativar a sua autenticação de dois fatores",
-    "settings.must_enable_2fa": "Esta instância do Forgejo exige que os utilizadores ativem a autenticação de dois fatores antes de poderem aceder às suas contas.",
-    "error.must_enable_2fa": "Esta instância do Forgejo exige que os utilizadores ativem a autenticação de dois fatores antes de poderem aceder às suas contas. Ative-a em: %s",
-    "migrate.pagure.description": "Migrar dados do pagure.io ou de outras instâncias do Pagure.",
-    "migrate.pagure.incorrect_url": "Foi fornecida uma URL incorreta do repositório de origem",
-    "migrate.pagure.project_url": "URL do projeto Pagure",
-    "migrate.pagure.project_example": "URL do projeto Pagure, por exemplo, https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Código da API do Pagure",
-    "migrate.github.description": "Migrar dados do github.com ou do GitHub Enterprise server.",
-    "migrate.git.description": "Migrar um repositório somente de qualquer serviço Git.",
-    "migrate.gitea.description": "Migrar dados de gitea.com ou de outras instâncias do Gitea.",
-    "migrate.gitlab.description": "Migrar dados de gitlab.com ou de outras instâncias do GitLab.",
-    "migrate.gogs.description": "Migrar dados de notabug.org ou de outras instâncias do Gogs.",
-    "migrate.onedev.description": "Migrar dados de code.onedev.io ou de outras instâncias do OneDev.",
-    "migrate.gitbucket.description": "Migrar dados de instâncias do GitBucket.",
-    "migrate.codebase.description": "Migrar dados de codebasehq.com.",
-    "migrate.forgejo.description": "Migrar dados de codeberg.org ou de outras instâncias Forgejo.",
-    "migrate.form.error.url_credentials": "O URL contém credenciais, insira-as nos campos do nome de utilizador e palavra-passe, respetivamente",
-    "user.ghost.tooltip": "Este utilizador foi eliminado ou não é possível encontrar uma correspondência.",
-    "actions.runs.run_attempt_label": "Tentativa de execução #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "Está a visualizar uma execução desatualizada deste trabalho que foi executado %[1]s.",
-    "actions.runs.view_most_recent_run": "Ver execução mais recente",
-    "pulse.n_active_issues": {
-        "one": "%s questão vigente",
-        "many": "%s questões vigentes",
-        "other": "%s questões vigentes"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s pedido de integração vigente",
-        "many": "%s pedidos de integração vigentes",
-        "other": "%s pedidos de integração vigentes"
-    },
-    "repo.pulls.maintainers_can_edit": "Os responsáveis podem editar este pedido de integração.",
-    "repo.pulls.maintainers_cannot_edit": "Os responsáveis não podem editar este pedido de integração.",
-    "mail.issue.action.close_by_commit": "%[1]s fechou %[2]s no cometimento %[3]s.",
-    "migrate.pagure.private_issues.summary": "Questões privadas (opcional)",
-    "migrate.pagure.private_issues.description": "Esta funcionalidade está desenhada para criar um segundo repositório contendo apenas questões privadas do seu repositório Pagure para efeitos de arquivo. Primeiro, faça uma migração normal (sem um código) para importar todo o conteúdo público. Depois, se tiver questões privadas a preservar, crie um repositório separado usando esta opção com código para arquivar essas questões privadas.",
-    "migrate.pagure.private_issues.warning": "Certifique-se que passa a visibilidade do repositório para Privado se estiver a usar a chave de API para importar questões privadas. Isso irá evitar que exponha acidentalmente conteúdo privado num repositório público.",
-    "migrate.pagure.token.placeholder": "Somente para criar arquivo com questões privadas",
-    "actions.workflow.job_parsing_error": "Não foi possível analisar os trabalhos na sequência de trabalho: %v",
-    "actions.workflow.event_detection_error": "Não foi possível analisar eventos suportados na sequência de trabalho: %v",
-    "actions.workflow.pre_execution_error": "A sequência de trabalho não foi executada por causa de um erro que bloqueou a tentativa de execução.",
-    "watch.n_watchers": {
-        "one": "%s vigilante",
-        "many": "%s vigilantes",
-        "other": "%s vigilantes"
-    },
-    "teams.add_all_repos.modal.header": "Adicionar todos os repositórios",
-    "teams.remove_all_repos.modal.header": "Remover todos os repositórios",
-    "repo.pulls.poster_manage_approval": "Gerir aprovação",
-    "repo.pulls.poster_requires_approval": "Algumas sequências de trabalho estão <a href=\"%[1]s\">à espera de serem avaliadas.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "O autor deste pedido de integração não é confiável para executar sequências de trabalho acionados por um pedido de integração criada a partir de um repositório derivado ou com AGit. As sequências de trabalho acionadas por um evento `pull_request` não serão executadas até que sejam aprovadas.",
-    "repo.pulls.poster_is_trusted": "O autor deste pedido de integração é <a href=\"%[1]s\">sempre confiável para executar sequências de trabalho.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "O autor deste pedido de integração é explicitamente confiável para executar fluxos de trabalho acionados por eventos `pull_request`.",
-    "repo.pulls.poster_trust_deny": "Recusar",
-    "repo.pulls.poster_trust_deny.tooltip": "As sequências de trabalho que aguardam aprovação serão canceladas.",
-    "repo.pulls.poster_trust_once": "Aprovar uma vez",
-    "repo.pulls.poster_trust_once.tooltip": "As sequências de trabalho acionadas por um evento `pull_request` serão executadas neste commit, mas precisarão de ser aprovadas para todos os commits futuros enviados para este pedido de integração.",
-    "repo.pulls.poster_trust_always": "Aprovar sempre",
-    "repo.pulls.poster_trust_always.tooltip": "As sequências de trabalho acionadas por um evento `pull_request` serão executadas neste commit e não será necessário aprovar execuções deste pedido de integração ou de futuros pedidos de integração criados pelo mesmo utilizador.",
-    "repo.pulls.poster_trust_revoke": "Revogar",
-    "repo.pulls.poster_trust_revoke.tooltip": "O autor deste pedido de integração deixará de ser considerado confiável para executar sequências de trabalho acionadas por um evento `pull_request`, cada execução terá que ser aprovada manualmente.",
-    "admin.dashboard.actions_action_user": "Revogar a confiança em Forgejo Actions para utilizadores inativos",
-    "keys.verify.token.hint": "O código é válido apenas por 1 minuto. <a href=\"%[1]s\">Obtenha um novo se ele expirou</a>.",
-    "actions.status.diagnostics.waiting": {
-        "one": "Aguardando por um executor com o seguinte rótulo: %s",
-        "many": "Aguardando por um executor com os seguintes rótulos: %s",
-        "other": "Aguardando por um executor com os seguintes rótulos: %s"
-    },
-    "repo.issues.filter_poster.hint": "Filtrar pelo autor",
-    "repo.issues.filter_assignee.hint": "Filtrar por utilizador atribuído",
-    "repo.issues.filter_reviewers.hint": "Filtrar por utilizador que reviu",
-    "repo.issues.filter_mention.hint": "Filtrar por utilizador mencionado",
-    "repo.issues.filter_modified.hint": "Filtrar por data da última modificação",
-    "repo.issues.filter_sort.hint": "Ordenar por: criado/comentários/atualizado/prazo",
-    "search.syntax": "Sintaxe de pesquisa",
-    "admin.dashboard.transfer_lingering_logs": "Transferir registos de operações concluídas da base de dados para o armazenamento",
-    "moderation.report.mark_as_handled": "Marcar como tratado",
-    "moderation.report.mark_as_ignored": "Marcar como ignorado",
-    "moderation.action.account.delete": "Eliminar conta",
-    "moderation.action.account.suspend": "Suspender conta",
-    "moderation.action.repo.delete": "Eliminar repositório",
-    "moderation.action.issue.delete": "Eliminar questão",
-    "moderation.action.comment.delete": "Eliminar comentário",
-    "moderation.unknown_action": "Operação desconhecida",
-    "moderation.users.cannot_suspend_self": "Não pode suspender-se a si mesmo.",
-    "moderation.users.cannot_suspend_admins": "Utilizadores com privilégios de administrador não podem ser suspensos.",
-    "moderation.users.cannot_suspend_org": "Organizações não podem ser suspensas.",
-    "moderation.users.already_suspended": "A conta do utilizador já está suspensa.",
-    "moderation.users.suspend_success": "A conta do utilizador foi suspensa.",
-    "moderation.users.cannot_delete_admins": "Utilizadores com privilégios de administrador não podem ser eliminados.",
-    "moderation.issue.deletion_success": "A questão foi eliminada.",
-    "moderation.comment.deletion_success": "O comentário foi eliminado.",
-    "actions.workflow.persistent_incomplete_matrix": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s devido a uma expressão `needs` que era inválida. Pode estar a referir-se a um trabalho que não está na sua lista de 'needs' (%[2]s), ou a um resultado que não existe num desses trabalhos.",
-    "actions.workflow.incomplete_matrix_missing_job": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: trabalho %[2]s não está na lista de `needs` do trabalho %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: o trabalho %[2]s não tem um resultado %[3]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: erro desconhecido.",
-    "actions.workflow.incomplete_runson_missing_job": "Não foi possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não está na lista `needs` do trabalho %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Não é possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não tem um resultado %[3]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Não é possível avaliar `runs-on` do trabalho %[1]s: a dimensão da matriz %[2]s não existe.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Não é possível avaliar `runs-on` do trabalho %[1]s: erro desconhecido.",
-    "admin.auths.oauth2_quota_group_claim_name": "Nome da reivindicação que fornece nomes de grupos para esta fonte a ser usada para gestão de quotas. (Opcional)",
-    "admin.auths.oauth2_quota_group_map": "Atribuir grupos reivindicados a grupos de quotas. (Opcional - requer o nome da reivindicação acima)",
-    "admin.auths.oauth2_quota_group_map_removal": "Remover os utilizadores dos grupos de quotas sincronizados se o utilizador não pertencer ao grupo correspondente.",
-    "issues.updated": "%s atualizado",
-    "search.fuzzy": "Difusa",
-    "search.fuzzy_tooltip": "Incluir resultados que correspondam aproximadamente ao termo de pesquisa"
+	"fork.n_forks": {
+		"one": "%s derivação",
+		"many": "%s derivações",
+		"other": "%s derivações"
+	},
+	"stars.n_stars": {
+		"one": "%s estrela",
+		"many": "%s estrelas",
+		"other": "%s estrelas"
+	},
+	"release.n_downloads": {
+		"one": "%s descarga",
+		"many": "%s descargas",
+		"other": "%s descargas"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "integrou %[1]d cometimento do ramo <code>%[2]s</code> no ramo <code>%[3]s</code> %[4]s",
+		"many": "integrou %[1]d cometimentos do ramo <code>%[2]s</code> no ramo <code>%[3]s</code> %[4]s",
+		"other": "integrou %[1]d cometimentos do ramo <code>%[2]s</code> no ramo <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "quer integrar %[1]d cometimento do ramo <code>%[2]s</code> no ramo <code id=\"%[4]s\">%[3]s</code>",
+		"many": "quer integrar %[1]d cometimentos do ramo <code>%[2]s</code> no ramo <code id=\"%[4]s\">%[3]s</code>",
+		"other": "quer integrar %[1]d cometimentos do ramo <code>%[2]s</code> no ramo <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Procurar etapas…",
+	"home.welcome.no_activity": "Sem atividade",
+	"home.welcome.activity_hint": "Ainda não há nada no seu feed. As suas operações e a atividade dos repositórios que vigia aparecerão aqui.",
+	"home.explore_repos": "Explorar repositórios",
+	"home.explore_users": "Explorar utilizadores",
+	"home.explore_orgs": "Explorar organizações",
+	"incorrect_root_url": "Esta instância do Forgejo está configurada para ser servida em “%s”. Atualmente, está a visualizar o Forgejo através de um URL diferente, o que pode causar a quebra de partes da aplicação. O URL official é controlado pelos administradores do Forgejo através da configuração ROOT_URL no ficheiro app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (segue o tema do sistema)",
+	"themes.names.forgejo-light": "Forgejo claro",
+	"themes.names.forgejo-dark": "Forgejo escuro",
+	"error.not_found.title": "Página não encontrada",
+	"alert.asset_load_failed": "Falha ao carregar ficheiros de recurso de {path}. Certifique-se de que os ficheiros de recurso podem ser acedidos.",
+	"install.invalid_lfs_path": "Não foi possível criar a raiz LFS no caminho especificado: %[1]s",
+	"alert.range_error": " deve ser um número entre %[1]s e %[2]s.",
+	"meta.last_line": "Se programarem em Python, por favor usem o uv e Ruff (e estejam atentos ao Red Knot no repositório do Ruff). E vejam também mise-en-place (https://mise.jdx.dev).\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.successful_run_after_failure_subject": "Sequência de trabalho %[1]s foi recuperada no repositório %[2]s",
+	"mail.actions.not_successful_run_subject": "Sequência de trabalho %[1]s falhou no repositório %[2]s",
+	"mail.actions.not_successful_run": "Sequência de trabalho %[1]s falhou no repositório %[2]s",
+	"mail.actions.successful_run_after_failure": "Sequência de trabalho %[1]s foi recuperada no repositório %[2]s",
+	"discussion.locked": "Esta discussão foi fechada. Apenas contribuidores podem publicar comentários.",
+	"mail.actions.run_info_cur_status": "Estado desta execução: %[1]s (atualizado recentemente de %[2]s)",
+	"mail.actions.run_info_previous_status": "Estado da execução anterior: %[1]s",
+	"mail.actions.run_info_trigger": "Ativado porque: %[1]s por: %[2]s",
+	"relativetime.now": "agora",
+	"relativetime.future": "no futuro",
+	"relativetime.mins": {
+		"one": "%d minuto atrás",
+		"many": "%d minutos atrás",
+		"other": "%d minutos atrás"
+	},
+	"relativetime.weeks": {
+		"one": "%d semana atrás",
+		"many": "%d semanas atrás",
+		"other": "%d semanas atrás"
+	},
+	"relativetime.months": {
+		"one": "%d mês atrás",
+		"many": "%d meses atrás",
+		"other": "%d meses atrás"
+	},
+	"relativetime.years": {
+		"one": "%d ano atrás",
+		"many": "%d anos atrás",
+		"other": "%d anos atrás"
+	},
+	"relativetime.2days": "dois dias atrás",
+	"relativetime.2weeks": "duas semanas atrás",
+	"relativetime.1month": "mês passado",
+	"relativetime.2months": "dois meses atrás",
+	"relativetime.1year": "ano passado",
+	"relativetime.2years": "dois anos atrás",
+	"relativetime.days": {
+		"one": "%d dia atrás",
+		"many": "%d dias atrás",
+		"other": "%d dias atrás"
+	},
+	"relativetime.hours": {
+		"one": "%d hora atrás",
+		"many": "%d horas atrás",
+		"other": "%d horas atrás"
+	},
+	"relativetime.1week": "semana passada",
+	"relativetime.1day": "ontem",
+	"moderation.report_remarks.placeholder": "Por favor forneça alguns pormenores sobre o abuso que está a denunciar.",
+	"admin.config.moderation_config": "Configuração de moderação",
+	"moderation.report_abuse": "Denunciar abuso",
+	"moderation.report_content": "Denunciar conteúdo",
+	"moderation.report_abuse_form.header": "Denunciar abuso à administração",
+	"moderation.report_abuse_form.details": "Este formulário deve ser utilizado para denunciar utilizadores que criam perfis, repositórios, questões, comentários de spam ou que se comportam de forma inadequada.",
+	"moderation.report_abuse_form.invalid": "Argumentos inválidos",
+	"moderation.report_abuse_form.already_reported": "Já denunciou este conteúdo",
+	"moderation.abuse_category": "Categoria",
+	"moderation.abuse_category.placeholder": "Escolha uma categoria",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Software malicioso",
+	"moderation.abuse_category.illegal_content": "Conteúdo ilegal",
+	"moderation.abuse_category.other_violations": "Outras violações das regras da plataforma",
+	"moderation.report_remarks": "Observações",
+	"moderation.submit_report": "Submeter denúncia",
+	"moderation.reporting_failed": "Não foi possível submeter a nova denúncia de abuso: %v",
+	"moderation.reported_thank_you": "Obrigado pela sua denúncia. A administração foi informada do facto.",
+	"repo.form.cannot_create": "Todos os espaços nos quais pode criar repositórios atingiram o limite de repositórios.",
+	"repo.issue_indexer.title": "Indexador de Questões",
+	"watch.list.none": "Ninguém está a vigiar este repositório.",
+	"followers.incoming.list.self.none": "Ninguém está a seguir o seu perfil.",
+	"followers.incoming.list.none": "Ninguém está a seguir este utilizador.",
+	"followers.outgoing.list.none": "%s não está a seguir ninguém.",
+	"followers.outgoing.list.self.none": "Não está a seguir ninguém.",
+	"editor.textarea.tab_hint": "Linha já indentada. Pressione <kbd>Tab</kbd> novamente ou <kbd>Escape</kbd> para sair do editor.",
+	"editor.textarea.shift_tab_hint": "Sem indentação nesta linha. Pressione <kbd>Shift</kbd> + <kbd>Tab</kbd> novamente ou <kbd>Escape</kbd> para sair do editor.",
+	"stars.list.none": "Ninguém juntou este repositório aos favoritos.",
+	"admin.dashboard.cleanup_offline_runners": "Limpeza de executores offline",
+	"settings.visibility.description": "A visibilidade do perfil afecta a capacidade de outros acederem aos seus repositórios não privados. <a href=\"%s\" target=\"_blank\">Saiba mais</a>.",
+	"avatar.constraints_hint": "O avatar personalizado não pode exceder %[1]s de tamanho ou ser maior do que %[2]dx%[3]d pixéis",
+	"repo.diff.commit.next-short": "Seg.",
+	"profile.actions.tooltip": "Mais Actions",
+	"profile.edit.link": "Editar perfil",
+	"feed.atom.link": "Feed Atom",
+	"keys.ssh.link": "Chaves SSH",
+	"keys.gpg.link": "Chaves GPG",
+	"repo.diff.commit.previous-short": "Ant.",
+	"og.repo.summary_card.alt_description": "Cartão de resumo do repositório %[1]s, descrito como: %[2]s",
+	"repo.settings.push_mirror.branch_filter.label": "Filtro de ramos (opcional)",
+	"repo.settings.push_mirror.branch_filter.description": "Ramos a serem espelhados. Deixe em branco para espelhar todos os ramos. Veja a <a href=\"%[1]s\">%[2]s documentação</a> sobre a sintaxe. Exemplos: <code>main, release/*</code>",
+	"mail.actions.run_info_sha": "Cometimento: %[1]s",
+	"discussion.sidebar.reference": "Referência",
+	"admin.dashboard.remove_resolved_reports": "Remover denúncias resolvidas",
+	"admin.moderation.no_open_reports": "Atualmente não há denúncias em aberto.",
+	"admin.moderation.deleted_content_ref": "O conteúdo denunciado do tipo %[1]v e id %[2]d já não existe",
+	"admin.moderation.moderation_reports": "Denúncias aos moderadores",
+	"admin.moderation.reports": "Denúncias",
+	"compare.branches.title": "Comparar ramos",
+	"warning.repository.out_of_sync": "A representação da base de dados deste repositório está desincronizada. Se este aviso continuar a ser apresentado após enviar uma confirmação para este repositório, contacte o administrador.",
+	"admin.auths.allow_username_change": "Permitir alteração do nome de utilizador",
+	"admin.auths.allow_username_change.description": "Permitir que os utilizadores alterem o seu nome de utilizador nas definições do perfil",
+	"admin.config.global_2fa_requirement.none": "Não",
+	"admin.config.global_2fa_requirement.all": "Todos os utilizadores",
+	"repo.commit.load_tags_failed": "Falha ao carregar tags devido a erro interno",
+	"admin.config.global_2fa_requirement.title": "Requisito global de dois fatores",
+	"admin.config.global_2fa_requirement.admin": "Administradores",
+	"repo.pulls.already_merged": "Integração falhou: este pedido de integração já foi integrado.",
+	"admin.config.security": "Configuração de segurança",
+	"settings.twofa_unroll_unavailable": "A autenticação de dois fatores é necessária para a sua conta e não pode ser desativada.",
+	"settings.twofa_reenroll": "Reativar a autenticação de dois fatores",
+	"settings.twofa_reenroll.description": "Reativar a sua autenticação de dois fatores",
+	"settings.must_enable_2fa": "Esta instância do Forgejo exige que os utilizadores ativem a autenticação de dois fatores antes de poderem aceder às suas contas.",
+	"error.must_enable_2fa": "Esta instância do Forgejo exige que os utilizadores ativem a autenticação de dois fatores antes de poderem aceder às suas contas. Ative-a em: %s",
+	"migrate.pagure.description": "Migrar dados do pagure.io ou de outras instâncias do Pagure.",
+	"migrate.pagure.incorrect_url": "Foi fornecida uma URL incorreta do repositório de origem",
+	"migrate.pagure.project_url": "URL do projeto Pagure",
+	"migrate.pagure.project_example": "URL do projeto Pagure, por exemplo, https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Código da API do Pagure",
+	"migrate.github.description": "Migrar dados do github.com ou do GitHub Enterprise server.",
+	"migrate.git.description": "Migrar um repositório somente de qualquer serviço Git.",
+	"migrate.gitea.description": "Migrar dados de gitea.com ou de outras instâncias do Gitea.",
+	"migrate.gitlab.description": "Migrar dados de gitlab.com ou de outras instâncias do GitLab.",
+	"migrate.gogs.description": "Migrar dados de notabug.org ou de outras instâncias do Gogs.",
+	"migrate.onedev.description": "Migrar dados de code.onedev.io ou de outras instâncias do OneDev.",
+	"migrate.gitbucket.description": "Migrar dados de instâncias do GitBucket.",
+	"migrate.codebase.description": "Migrar dados de codebasehq.com.",
+	"migrate.forgejo.description": "Migrar dados de codeberg.org ou de outras instâncias Forgejo.",
+	"migrate.form.error.url_credentials": "O URL contém credenciais, insira-as nos campos do nome de utilizador e palavra-passe, respetivamente",
+	"user.ghost.tooltip": "Este utilizador foi eliminado ou não é possível encontrar uma correspondência.",
+	"actions.runs.run_attempt_label": "Tentativa de execução #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "Está a visualizar uma execução desatualizada deste trabalho que foi executado %[1]s.",
+	"actions.runs.view_most_recent_run": "Ver execução mais recente",
+	"pulse.n_active_issues": {
+		"one": "%s questão vigente",
+		"many": "%s questões vigentes",
+		"other": "%s questões vigentes"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s pedido de integração vigente",
+		"many": "%s pedidos de integração vigentes",
+		"other": "%s pedidos de integração vigentes"
+	},
+	"repo.pulls.maintainers_can_edit": "Os responsáveis podem editar este pedido de integração.",
+	"repo.pulls.maintainers_cannot_edit": "Os responsáveis não podem editar este pedido de integração.",
+	"mail.issue.action.close_by_commit": "%[1]s fechou %[2]s no cometimento %[3]s.",
+	"migrate.pagure.private_issues.summary": "Questões privadas (opcional)",
+	"migrate.pagure.private_issues.description": "Esta funcionalidade está desenhada para criar um segundo repositório contendo apenas questões privadas do seu repositório Pagure para efeitos de arquivo. Primeiro, faça uma migração normal (sem um código) para importar todo o conteúdo público. Depois, se tiver questões privadas a preservar, crie um repositório separado usando esta opção com código para arquivar essas questões privadas.",
+	"migrate.pagure.private_issues.warning": "Certifique-se que passa a visibilidade do repositório para Privado se estiver a usar a chave de API para importar questões privadas. Isso irá evitar que exponha acidentalmente conteúdo privado num repositório público.",
+	"migrate.pagure.token.placeholder": "Somente para criar arquivo com questões privadas",
+	"actions.workflow.job_parsing_error": "Não foi possível analisar os trabalhos na sequência de trabalho: %v",
+	"actions.workflow.event_detection_error": "Não foi possível analisar eventos suportados na sequência de trabalho: %v",
+	"actions.workflow.pre_execution_error": "A sequência de trabalho não foi executada por causa de um erro que bloqueou a tentativa de execução.",
+	"watch.n_watchers": {
+		"one": "%s vigilante",
+		"many": "%s vigilantes",
+		"other": "%s vigilantes"
+	},
+	"teams.add_all_repos.modal.header": "Adicionar todos os repositórios",
+	"teams.remove_all_repos.modal.header": "Remover todos os repositórios",
+	"repo.pulls.poster_manage_approval": "Gerir aprovação",
+	"repo.pulls.poster_requires_approval": "Algumas sequências de trabalho estão <a href=\"%[1]s\">à espera de serem avaliadas.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "O autor deste pedido de integração não é confiável para executar sequências de trabalho acionados por um pedido de integração criada a partir de um repositório derivado ou com AGit. As sequências de trabalho acionadas por um evento `pull_request` não serão executadas até que sejam aprovadas.",
+	"repo.pulls.poster_is_trusted": "O autor deste pedido de integração é <a href=\"%[1]s\">sempre confiável para executar sequências de trabalho.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "O autor deste pedido de integração é explicitamente confiável para executar fluxos de trabalho acionados por eventos `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Recusar",
+	"repo.pulls.poster_trust_deny.tooltip": "As sequências de trabalho que aguardam aprovação serão canceladas.",
+	"repo.pulls.poster_trust_once": "Aprovar uma vez",
+	"repo.pulls.poster_trust_once.tooltip": "As sequências de trabalho acionadas por um evento `pull_request` serão executadas neste commit, mas precisarão de ser aprovadas para todos os commits futuros enviados para este pedido de integração.",
+	"repo.pulls.poster_trust_always": "Aprovar sempre",
+	"repo.pulls.poster_trust_always.tooltip": "As sequências de trabalho acionadas por um evento `pull_request` serão executadas neste commit e não será necessário aprovar execuções deste pedido de integração ou de futuros pedidos de integração criados pelo mesmo utilizador.",
+	"repo.pulls.poster_trust_revoke": "Revogar",
+	"repo.pulls.poster_trust_revoke.tooltip": "O autor deste pedido de integração deixará de ser considerado confiável para executar sequências de trabalho acionadas por um evento `pull_request`, cada execução terá que ser aprovada manualmente.",
+	"admin.dashboard.actions_action_user": "Revogar a confiança em Forgejo Actions para utilizadores inativos",
+	"keys.verify.token.hint": "O código é válido apenas por 1 minuto. <a href=\"%[1]s\">Obtenha um novo se ele expirou</a>.",
+	"actions.status.diagnostics.waiting": {
+		"one": "Aguardando por um executor com o seguinte rótulo: %s",
+		"many": "Aguardando por um executor com os seguintes rótulos: %s",
+		"other": "Aguardando por um executor com os seguintes rótulos: %s"
+	},
+	"repo.issues.filter_poster.hint": "Filtrar pelo autor",
+	"repo.issues.filter_assignee.hint": "Filtrar por utilizador atribuído",
+	"repo.issues.filter_reviewers.hint": "Filtrar por utilizador que reviu",
+	"repo.issues.filter_mention.hint": "Filtrar por utilizador mencionado",
+	"repo.issues.filter_modified.hint": "Filtrar por data da última modificação",
+	"repo.issues.filter_sort.hint": "Ordenar por: criado/comentários/atualizado/prazo",
+	"search.syntax": "Sintaxe de pesquisa",
+	"admin.dashboard.transfer_lingering_logs": "Transferir registos de operações concluídas da base de dados para o armazenamento",
+	"moderation.report.mark_as_handled": "Marcar como tratado",
+	"moderation.report.mark_as_ignored": "Marcar como ignorado",
+	"moderation.action.account.delete": "Eliminar conta",
+	"moderation.action.account.suspend": "Suspender conta",
+	"moderation.action.repo.delete": "Eliminar repositório",
+	"moderation.action.issue.delete": "Eliminar questão",
+	"moderation.action.comment.delete": "Eliminar comentário",
+	"moderation.unknown_action": "Operação desconhecida",
+	"moderation.users.cannot_suspend_self": "Não pode suspender-se a si mesmo.",
+	"moderation.users.cannot_suspend_admins": "Utilizadores com privilégios de administrador não podem ser suspensos.",
+	"moderation.users.cannot_suspend_org": "Organizações não podem ser suspensas.",
+	"moderation.users.already_suspended": "A conta do utilizador já está suspensa.",
+	"moderation.users.suspend_success": "A conta do utilizador foi suspensa.",
+	"moderation.users.cannot_delete_admins": "Utilizadores com privilégios de administrador não podem ser eliminados.",
+	"moderation.issue.deletion_success": "A questão foi eliminada.",
+	"moderation.comment.deletion_success": "O comentário foi eliminado.",
+	"actions.workflow.persistent_incomplete_matrix": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s devido a uma expressão `needs` que era inválida. Pode estar a referir-se a um trabalho que não está na sua lista de 'needs' (%[2]s), ou a um resultado que não existe num desses trabalhos.",
+	"actions.workflow.incomplete_matrix_missing_job": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: trabalho %[2]s não está na lista de `needs` do trabalho %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: o trabalho %[2]s não tem um resultado %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: erro desconhecido.",
+	"actions.workflow.incomplete_runson_missing_job": "Não foi possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não está na lista `needs` do trabalho %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Não é possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não tem um resultado %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Não é possível avaliar `runs-on` do trabalho %[1]s: a dimensão da matriz %[2]s não existe.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Não é possível avaliar `runs-on` do trabalho %[1]s: erro desconhecido.",
+	"admin.auths.oauth2_quota_group_claim_name": "Nome da reivindicação que fornece nomes de grupos para esta fonte a ser usada para gestão de quotas. (Opcional)",
+	"admin.auths.oauth2_quota_group_map": "Atribuir grupos reivindicados a grupos de quotas. (Opcional - requer o nome da reivindicação acima)",
+	"admin.auths.oauth2_quota_group_map_removal": "Remover os utilizadores dos grupos de quotas sincronizados se o utilizador não pertencer ao grupo correspondente.",
+	"issues.updated": "%s atualizado",
+	"search.fuzzy": "Difusa",
+	"search.fuzzy_tooltip": "Incluir resultados que correspondam aproximadamente ao termo de pesquisa"
 }
diff --git a/options/locale_next/locale_ro.json b/options/locale_next/locale_ro.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_ro.json
+++ b/options/locale_next/locale_ro.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 0a62aa9464..14d843cbf2 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -1,262 +1,262 @@
 {
-    "fork.n_forks": {
-        "one": "%s ответвление",
-        "few": "%s ответвления",
-        "many": "%s ответвлений"
-    },
-    "stars.n_stars": {
-        "one": "В избранном у %s",
-        "few": "В избранном у %s-х",
-        "many": "В избранном у %s-и"
-    },
-    "release.n_downloads": {
-        "one": "%s скачивание",
-        "few": "%s скачивания",
-        "many": "%s скачиваний"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "слит %[1]d коммит из <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
-        "few": "слито %[1]d коммита из <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
-        "many": "слито %[1]d коммитов из <code>%[2]s</code> в <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "хочет влить %[1]d коммит из <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>",
-        "few": "хочет влить %[1]d коммита из <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>",
-        "many": "хочет влить %[1]d коммитов из <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Найти этапы…",
-    "home.explore_repos": "Каталог репозиториев",
-    "home.explore_users": "Каталог пользователей",
-    "home.explore_orgs": "Каталог организаций",
-    "home.welcome.activity_hint": "В вашей ленте пока ничего нет. Ваши действия и активность из отслеживаемых вами репозиториев будут отображены здесь.",
-    "home.welcome.no_activity": "Нет событий",
-    "incorrect_root_url": "Этот сервер Forgejo расположен по адресу «%s», но вы просматриваете страницу с другого адреса. Это может приводить к поломкам частей приложения. Канонический адрес указывается администратором сервера в файле конфигурации app.ini - ROOT_URL.",
-    "themes.names.forgejo-light": "Forgejo – светлая",
-    "themes.names.forgejo-auto": "Forgejo – как в системе",
-    "themes.names.forgejo-dark": "Forgejo – тёмная",
-    "error.not_found.title": "Страница не найдена",
-    "alert.asset_load_failed": "Не удалось получить ресурсы из {path}. Убедитесь, что файлы ресурсов доступны.",
-    "install.invalid_lfs_path": "Не удалось расположить корень LFS по указанному пути: %[1]s",
-    "alert.range_error": " - число должно быть в диапазоне от %[1]s-%[2]s.",
-    "meta.last_line": "This magic string will cause Codeberg Translate to create a new pull request in **the** Forgejo repository.",
-    "mail.actions.not_successful_run_subject": "Провал раб. потока %[1]s в репозитории %[2]s",
-    "mail.actions.successful_run_after_failure_subject": "Возобновление раб. потока %[1]s в репозитории %[2]s",
-    "mail.actions.run_info_trigger": "Причина срабатывания: %[1]s by: %[2]s",
-    "mail.actions.successful_run_after_failure": "Рабочий поток %[1]s в репозитории %[2]s был возобновлён после провала",
-    "mail.actions.run_info_cur_status": "Текущее состояние: %[1]s (обновлено после %[2]s)",
-    "mail.actions.run_info_previous_status": "Предыдущее состояние: %[1]s",
-    "discussion.locked": "Обсуждение ограничено. Комментировать могут только соавторы.",
-    "mail.actions.not_successful_run": "Рабочий поток %[1]s в репозитории %[2]s провалился",
-    "relativetime.now": "только что",
-    "relativetime.future": "из будущего",
-    "relativetime.mins": {
-        "one": "%d минуту назад",
-        "few": "%d минуты назад",
-        "many": "%d минут назад"
-    },
-    "relativetime.hours": {
-        "one": "%d час назад",
-        "few": "%d часа назад",
-        "many": "%d часов назад"
-    },
-    "relativetime.days": {
-        "one": "%d день назад",
-        "few": "%d дня назад",
-        "many": "%d дней назад"
-    },
-    "relativetime.weeks": {
-        "one": "%d неделю назад",
-        "few": "%d недели назад",
-        "many": "%d недель назад"
-    },
-    "relativetime.years": {
-        "one": "%d год назад",
-        "few": "%d года назад",
-        "many": "%d лет назад"
-    },
-    "relativetime.1day": "вчера",
-    "relativetime.2weeks": "две недели назад",
-    "relativetime.2months": "два месяца назад",
-    "relativetime.1month": "в прошлом месяце",
-    "relativetime.1week": "на прошлой неделе",
-    "relativetime.2days": "позавчера",
-    "relativetime.2years": "два года назад",
-    "relativetime.months": {
-        "one": "%d месяц назад",
-        "few": "%d месяца назад",
-        "many": "%d месяцев назад"
-    },
-    "relativetime.1year": "в прошлом году",
-    "repo.issue_indexer.title": "Индексатор задач",
-    "followers.incoming.list.self.none": "На вас никто не подписан.",
-    "followers.incoming.list.none": "На этого пользователя никто не подписан.",
-    "followers.outgoing.list.none": "%s ни на кого не подписан.",
-    "stars.list.none": "Никто не добавил этот репозиторий в избранное.",
-    "watch.list.none": "Никто не отслеживает этот репозиторий.",
-    "repo.form.cannot_create": "Во всех пространствах, где вы можете создавать репозитории, достигнуто ограничение количества репозиториев.",
-    "followers.outgoing.list.self.none": "Вы ни на кого не подписаны.",
-    "admin.config.moderation_config": "Настройки модерации",
-    "moderation.abuse_category": "Категория",
-    "moderation.abuse_category.placeholder": "Выберите категорию",
-    "moderation.abuse_category.spam": "Спам",
-    "moderation.abuse_category.malware": "Вредоносное ПО",
-    "moderation.abuse_category.illegal_content": "Незаконное содержимое",
-    "moderation.abuse_category.other_violations": "Прочие нарушения правил",
-    "moderation.report_remarks": "Подробности",
-    "moderation.report_abuse": "Пожаловаться",
-    "moderation.report_remarks.placeholder": "Пожалуйста, предоставьте немного подробностей о содержимом, на которое вы жалуетесь.",
-    "moderation.reporting_failed": "Не удалось отправить жалобу: %v",
-    "moderation.report_content": "Пожаловаться",
-    "moderation.report_abuse_form.already_reported": "Вы уже пожаловались на это содержимое",
-    "moderation.submit_report": "Пожаловаться",
-    "moderation.reported_thank_you": "Спасибо за ваше сообщение. Администрация оповещена.",
-    "moderation.report_abuse_form.details": "Через эту форму можно жаловаться на пользователей, распространяющих спам или ведущих себя неадекватно.",
-    "moderation.report_abuse_form.invalid": "Невалидные аргументы",
-    "moderation.report_abuse_form.header": "Жалоба администрации",
-    "editor.textarea.tab_hint": "Отступ уже добавлен. Нажмите <kbd>Tab</kbd> снова или <kbd>Escape</kbd>, чтобы покинуть редактор.",
-    "editor.textarea.shift_tab_hint": "В строке нет отступов. Нажмите <kbd>Shift</kbd> + <kbd>Tab</kbd> снова или <kbd>Escape</kbd>, чтобы покинуть редактор.",
-    "admin.dashboard.cleanup_offline_runners": "Удалить недоступных исполнителей",
-    "avatar.constraints_hint": "Изображение профиля не может быть более %[1]s и крупнее %[2]dx%[3]d пикселей",
-    "settings.visibility.description": "Видимость профиля влияет на доступ других до ваших не частных репозиториев. <a href=\"%s\" target=\"_blank\">Подробнее</a>.",
-    "repo.diff.commit.previous-short": "Пред.",
-    "repo.diff.commit.next-short": "След.",
-    "profile.actions.tooltip": "Показать действия",
-    "feed.atom.link": "Atom-лента",
-    "keys.ssh.link": "Ключи SSH",
-    "keys.gpg.link": "Ключи GPG",
-    "profile.edit.link": "Изменить профиль",
-    "og.repo.summary_card.alt_description": "Карточка со сводкой о репозитории %s. Описание: %[2]s",
-    "mail.actions.run_info_sha": "Коммит: %[1]s",
-    "repo.settings.push_mirror.branch_filter.description": "Синхронизируемые ветви. Оставьте пустым, чтобы синхронизировать все. Ознакомьтесь с синтаксисом в <a href=\"%[1]s\">документации %[2]s</a>. Примеры: <code>main, release/*</code>",
-    "repo.settings.push_mirror.branch_filter.label": "Выбор ветвей (опционально)",
-    "discussion.sidebar.reference": "Ссылка",
-    "admin.moderation.moderation_reports": "Жалобы модерации",
-    "admin.moderation.deleted_content_ref": "Содержимое типа %[1]v и ид. %[2]d, на которое пожаловались, более не существует",
-    "admin.moderation.reports": "Жалобы",
-    "admin.moderation.no_open_reports": "Нет открытых жалоб.",
-    "admin.dashboard.remove_resolved_reports": "Удалить разрешённые жалобы",
-    "compare.branches.title": "Сравнение ветвей",
-    "repo.commit.load_tags_failed": "Загрузка тегов не удалась из-за внутренней ошибки",
-    "admin.auths.allow_username_change.description": "Пользователи смогут изменять свои имена после регистрации",
-    "admin.auths.allow_username_change": "Разрешить смену имён",
-    "admin.config.global_2fa_requirement.title": "Глобальное требование 2ФА",
-    "admin.config.global_2fa_requirement.none": "Нет",
-    "admin.config.global_2fa_requirement.all": "Для всех пользователей",
-    "admin.config.global_2fa_requirement.admin": "Для администраторов",
-    "settings.must_enable_2fa": "Для доступа к учётной записи на этом сервере Forgejo вам необходимо защитить её двухфакторной аутентификацией.",
-    "error.must_enable_2fa": "Для доступа к учётной записи на этом сервере Forgejo вам необходимо защитить её двухфакторной аутентификацией. Подключите её здесь: %s",
-    "warning.repository.out_of_sync": "Состояние этого репозитория рассинхронизировано с базой данных. Если это предупреждение сохраняется после отправки коммитов, сообщите об этом администрации сервера.",
-    "admin.config.security": "Настройки безопасности",
-    "settings.twofa_unroll_unavailable": "Двухфакторная аутентификация требуется для вашей учётной записи и не может быть отключена.",
-    "settings.twofa_reenroll": "Заменить 2ФА",
-    "settings.twofa_reenroll.description": "Вы можете заменить двухфакторную аутентификацию",
-    "repo.pulls.already_merged": "Слияние не удалось: слияние уже выполнено.",
-    "migrate.pagure.description": "Перенести данные с pagure.io или другого сервера Pagure.",
-    "migrate.pagure.incorrect_url": "Введена неправильная ссылка на источник",
-    "migrate.pagure.project_url": "Ссылка проекта на Pagure",
-    "migrate.pagure.project_example": "Ссылка проекта. Например, https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Токен API Pagure",
-    "migrate.github.description": "Перенести данные с github.com или сервера GitHub Enterprise.",
-    "migrate.git.description": "Перенести Git-репозиторий из любого совместимого сервиса.",
-    "migrate.gitea.description": "Перенести данные с gitea.com или другого сервера Gitea.",
-    "migrate.gitlab.description": "Перенести данные с gitlab.com или другого сервера GitLab.",
-    "migrate.gogs.description": "Перенести данные с notabug.org или другого сервера Gogs.",
-    "migrate.onedev.description": "Перенести данные с code.onedev.io или другого сервера OneDev.",
-    "migrate.gitbucket.description": "Перенести данные с сервера GitBucket.",
-    "migrate.codebase.description": "Перенести данные с codebasehq.com.",
-    "migrate.forgejo.description": "Перенести данные с codeberg.org или другого сервера Forgejo.",
-    "user.ghost.tooltip": "Пользователь удалён или неизвестен.",
-    "migrate.form.error.url_credentials": "Ссылка содержит данные авторизации. Поместите их в соответствующие поля",
-    "actions.runs.run_attempt_label": "Попытка №%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "Это устаревший результат. Задание было выполнено %[1]s.",
-    "actions.runs.view_most_recent_run": "Перейти к актуальному",
-    "repo.pulls.maintainers_can_edit": "Сопровождающие могут вносить правки.",
-    "repo.pulls.maintainers_cannot_edit": "Сопровождающие не могут вносить правки.",
-    "pulse.n_active_issues": {
-        "one": "%s активная задача",
-        "few": "%s активных задачи",
-        "many": "%s активных задач"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s активный запрос слияния",
-        "few": "%s активных запроса слияния",
-        "many": "%s активных запросов слияния"
-    },
-    "migrate.pagure.private_issues.summary": "Скрытые задачи (необязательно)",
-    "migrate.pagure.private_issues.description": "Эта функция позволяет создать дополнительный репозиторий для архивации в нём скрытых задач из вашего проекта Pagure. Сперва выполните нормальный перенос репозитория без токена, чтобы скопировать всё публичное содержимое. Затем, если нужно, выполните ещё один перенос и укажите токен, чтобы разместить скрытые задачи в дополнительном репозитории.",
-    "migrate.pagure.private_issues.warning": "Не забудьте указать видимость репозитория как Частную при переносе скрытых задач, чтобы их никто не увидел.",
-    "migrate.pagure.token.placeholder": "Только для переноса скрытых задач",
-    "mail.issue.action.close_by_commit": "%[1]s закрыл %[2]s из коммита %[2]s.",
-    "actions.workflow.job_parsing_error": "Не удалось прочитать задачи в раб. потоке: %v",
-    "actions.workflow.event_detection_error": "Не удалось прочитать поддерживаемые события в раб. потоке: %v",
-    "actions.workflow.pre_execution_error": "Рабочий поток не был выполнен из-за ошибки, возникшей при попытке начать выполнение.",
-    "watch.n_watchers": {
-        "one": "%s наблюдатель",
-        "few": "%s наблюдателя",
-        "many": "%s наблюдателей"
-    },
-    "teams.add_all_repos.modal.header": "Добавить все репозитории",
-    "teams.remove_all_repos.modal.header": "Убрать все репозитории",
-    "repo.pulls.poster_requires_approval": "Раб. потоки, <a href=\"%[1]s\">ожидающие рецензии</a>.",
-    "repo.pulls.poster_requires_approval.tooltip": "Нет доверия к автору запроса на слияние. Раб. потоки, сработавшие по событию `pull_request`, не будут выполнятся на коде, предложенном из ответвления репозитория или через AGit, пока они не будут одобрены.",
-    "repo.pulls.poster_is_trusted": "Автор запроса на слияние <a href=\"%[1]s\">доверяется к запуску раб. потоков</a>.",
-    "repo.pulls.poster_is_trusted.tooltip": "Автор запроса на слияние доверяется для запуска раб. потоков, срабатывающих для событий `pull_request`.",
-    "repo.pulls.poster_trust_deny": "Отклонить",
-    "repo.pulls.poster_trust_deny.tooltip": "Раб. потоки, ожидающие одобрения, будут отменены.",
-    "repo.pulls.poster_trust_once": "Одобрить один раз",
-    "repo.pulls.poster_trust_once.tooltip": "Раб. потоки, сработавшие по событию `pull_request`, будут выполнены для последнего коммита, но все последующие коммиты будут снова потребуют одобрения.",
-    "repo.pulls.poster_trust_always": "Одобрить и начать доверять",
-    "repo.pulls.poster_trust_revoke": "Отозвать",
-    "keys.verify.token.hint": "Токен действителен в течение 1 минуты. <a href=\"%[1]s\">Получите новый, если этот истёк</a>.",
-    "admin.dashboard.actions_action_user": "Отозвать доверие Forgejo Действий у неактивных пользователей",
-    "actions.status.diagnostics.waiting": {
-        "one": "Ожидается исполнитель, имеющий метку: %s",
-        "few": "Ожидается исполнитель, имеющий одну из меток: %s",
-        "many": "Ожидается исполнитель, имеющий одну из меток: %s"
-    },
-    "repo.pulls.poster_manage_approval": "Управление одобрением",
-    "repo.pulls.poster_trust_revoke.tooltip": "Автор запроса на слияние больше не будет доверятся для запуска раб. потоков, срабатывающих для событий `pull_request`. Каждый запуск потребует одобрения.",
-    "repo.pulls.poster_trust_always.tooltip": "Этот раб. поток будет выполнен. Последующие раб. потоки, срабатывающие по событию `pull_request` в запросах на слияние от этого пользователя, будут запускаться без одобрения.",
-    "repo.issues.filter_poster.hint": "Отфильтровать по автору",
-    "repo.issues.filter_assignee.hint": "Отфильтровать по назначенному пользователю",
-    "repo.issues.filter_reviewers.hint": "Отфильтровать по оставившему рецензию",
-    "repo.issues.filter_mention.hint": "Отфильтровать по упомянутому пользователю",
-    "repo.issues.filter_modified.hint": "Отфильтровать по дате изменения",
-    "repo.issues.filter_sort.hint": "Отсортировать по: created/comments/updated/deadline",
-    "search.syntax": "Синтаксис поиска",
-    "admin.dashboard.transfer_lingering_logs": "Перенести журналы завершённых Действий из БД в хранилище",
-    "actions.workflow.persistent_incomplete_matrix": "Не удалось проверить `strategy.matrix` задачи %[1]s – выражение `needs` некорректно. Возможно, оно ссылается на задачу, не входящую в список требуемых (%[2]s), или на интерфейс вывода, отсутствующий у какой-то из этих задач.",
-    "admin.auths.oauth2_quota_group_claim_name": "Название утверждения (claim), сообщающего названия групп квоты для этого источника. (необязательно)",
-    "admin.auths.oauth2_quota_group_map_removal": "Удалить пользователей из синхронизованных групп квот, не входящих в соответствующие группы.",
-    "moderation.report.mark_as_handled": "Пометить решённой",
-    "moderation.report.mark_as_ignored": "Пометить проигнорированной",
-    "moderation.action.account.delete": "Удалить уч. запись",
-    "moderation.action.account.suspend": "Приостановить уч. запись",
-    "moderation.action.repo.delete": "Удалить репозиторий",
-    "moderation.action.issue.delete": "Удалить задачу",
-    "moderation.action.comment.delete": "Удалить комментарий",
-    "moderation.unknown_action": "Неизвестное действие",
-    "moderation.users.cannot_suspend_self": "Нельзя приостановить свою уч. запись.",
-    "moderation.users.cannot_suspend_admins": "Учётные записи администраторов не могут быть приостановлены.",
-    "moderation.users.cannot_suspend_org": "Организации не могут быть приостановлены.",
-    "moderation.users.already_suspended": "Эта уч. запись уже приостановлена.",
-    "moderation.users.suspend_success": "Учётная запись была приостановлена.",
-    "moderation.users.cannot_delete_admins": "Учётные записи администраторов не могут быть удалены.",
-    "moderation.issue.deletion_success": "Задача была удалена.",
-    "moderation.comment.deletion_success": "Комментарий был удалён.",
-    "actions.workflow.incomplete_matrix_missing_job": "Не удалось проверить `strategy.matrix` задачи %[1]s – задача %[2]s отсутствует в списке требуемых (`needs`) задачи %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Не удалось проверить `strategy.matrix` задачи %[1]s – у задачи %[2]s не хватает интерфейса вывода %[3]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "Не удалось проверить `strategy.matrix` задачи %[1]s – неизвестная ошибка.",
-    "actions.workflow.incomplete_runson_missing_job": "Не удалось проверить `runs-on` задачи %[1]s – задача %[2]s отсутствует в списке требуемых (`needs`) задачи %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Не удалось проверить `runs-on` задачи %[1]s – у задачи %[2]s не хватает интерфейс вывода %[3]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Не удалось проверить `runs-on` задачи %[1]s – измерение матрицы %[2]s не существует.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Не удалось проверить `runs-on` задачи %[1]s – неизвестная ошибка.",
-    "admin.auths.oauth2_quota_group_map": "Связывать группы из указанного выше утверждения (claim) с группами квот",
-    "search.fuzzy": "Приблиз.",
-    "search.fuzzy_tooltip": "Включает результаты, приблизительно соответствующие запросу",
-    "issues.updated": "обнов. %s",
-    "actions.workflow.incomplete_with_missing_job": "Не удалось проверить `with` задачи %[1]s – задача %[2]s не указана в списке `needs` задачи %[1]s (%[3]s).",
-    "actions.workflow.incomplete_with_missing_output": "Не удалось проверить `with` задачи %[1]s – у задачи %[2]s не хватает интерфейса вывода %[3]s.",
-    "actions.workflow.incomplete_with_missing_matrix_dimension": "Не удалось проверить `with` задачи %[1]s: в матрице не указано измерение %[2]s.",
-    "actions.workflow.incomplete_with_unknown_cause": "Не удалось проверить `with` задачи %[1]s: неизвестная ошибка."
+	"fork.n_forks": {
+		"one": "%s ответвление",
+		"few": "%s ответвления",
+		"many": "%s ответвлений"
+	},
+	"stars.n_stars": {
+		"one": "В избранном у %s",
+		"few": "В избранном у %s-х",
+		"many": "В избранном у %s-и"
+	},
+	"release.n_downloads": {
+		"one": "%s скачивание",
+		"few": "%s скачивания",
+		"many": "%s скачиваний"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "слит %[1]d коммит из <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
+		"few": "слито %[1]d коммита из <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
+		"many": "слито %[1]d коммитов из <code>%[2]s</code> в <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "хочет влить %[1]d коммит из <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>",
+		"few": "хочет влить %[1]d коммита из <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>",
+		"many": "хочет влить %[1]d коммитов из <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Найти этапы…",
+	"home.explore_repos": "Каталог репозиториев",
+	"home.explore_users": "Каталог пользователей",
+	"home.explore_orgs": "Каталог организаций",
+	"home.welcome.activity_hint": "В вашей ленте пока ничего нет. Ваши действия и активность из отслеживаемых вами репозиториев будут отображены здесь.",
+	"home.welcome.no_activity": "Нет событий",
+	"incorrect_root_url": "Этот сервер Forgejo расположен по адресу «%s», но вы просматриваете страницу с другого адреса. Это может приводить к поломкам частей приложения. Канонический адрес указывается администратором сервера в файле конфигурации app.ini - ROOT_URL.",
+	"themes.names.forgejo-light": "Forgejo – светлая",
+	"themes.names.forgejo-auto": "Forgejo – как в системе",
+	"themes.names.forgejo-dark": "Forgejo – тёмная",
+	"error.not_found.title": "Страница не найдена",
+	"alert.asset_load_failed": "Не удалось получить ресурсы из {path}. Убедитесь, что файлы ресурсов доступны.",
+	"install.invalid_lfs_path": "Не удалось расположить корень LFS по указанному пути: %[1]s",
+	"alert.range_error": " - число должно быть в диапазоне от %[1]s-%[2]s.",
+	"meta.last_line": "This magic string will cause Codeberg Translate to create a new pull request in **the** Forgejo repository. Hi",
+	"mail.actions.not_successful_run_subject": "Провал раб. потока %[1]s в репозитории %[2]s",
+	"mail.actions.successful_run_after_failure_subject": "Возобновление раб. потока %[1]s в репозитории %[2]s",
+	"mail.actions.run_info_trigger": "Причина срабатывания: %[1]s by: %[2]s",
+	"mail.actions.successful_run_after_failure": "Рабочий поток %[1]s в репозитории %[2]s был возобновлён после провала",
+	"mail.actions.run_info_cur_status": "Текущее состояние: %[1]s (обновлено после %[2]s)",
+	"mail.actions.run_info_previous_status": "Предыдущее состояние: %[1]s",
+	"discussion.locked": "Обсуждение ограничено. Комментировать могут только соавторы.",
+	"mail.actions.not_successful_run": "Рабочий поток %[1]s в репозитории %[2]s провалился",
+	"relativetime.now": "только что",
+	"relativetime.future": "из будущего",
+	"relativetime.mins": {
+		"one": "%d минуту назад",
+		"few": "%d минуты назад",
+		"many": "%d минут назад"
+	},
+	"relativetime.hours": {
+		"one": "%d час назад",
+		"few": "%d часа назад",
+		"many": "%d часов назад"
+	},
+	"relativetime.days": {
+		"one": "%d день назад",
+		"few": "%d дня назад",
+		"many": "%d дней назад"
+	},
+	"relativetime.weeks": {
+		"one": "%d неделю назад",
+		"few": "%d недели назад",
+		"many": "%d недель назад"
+	},
+	"relativetime.years": {
+		"one": "%d год назад",
+		"few": "%d года назад",
+		"many": "%d лет назад"
+	},
+	"relativetime.1day": "вчера",
+	"relativetime.2weeks": "две недели назад",
+	"relativetime.2months": "два месяца назад",
+	"relativetime.1month": "в прошлом месяце",
+	"relativetime.1week": "на прошлой неделе",
+	"relativetime.2days": "позавчера",
+	"relativetime.2years": "два года назад",
+	"relativetime.months": {
+		"one": "%d месяц назад",
+		"few": "%d месяца назад",
+		"many": "%d месяцев назад"
+	},
+	"relativetime.1year": "в прошлом году",
+	"repo.issue_indexer.title": "Индексатор задач",
+	"followers.incoming.list.self.none": "На вас никто не подписан.",
+	"followers.incoming.list.none": "На этого пользователя никто не подписан.",
+	"followers.outgoing.list.none": "%s ни на кого не подписан.",
+	"stars.list.none": "Никто не добавил этот репозиторий в избранное.",
+	"watch.list.none": "Никто не отслеживает этот репозиторий.",
+	"repo.form.cannot_create": "Во всех пространствах, где вы можете создавать репозитории, достигнуто ограничение количества репозиториев.",
+	"followers.outgoing.list.self.none": "Вы ни на кого не подписаны.",
+	"admin.config.moderation_config": "Настройки модерации",
+	"moderation.abuse_category": "Категория",
+	"moderation.abuse_category.placeholder": "Выберите категорию",
+	"moderation.abuse_category.spam": "Спам",
+	"moderation.abuse_category.malware": "Вредоносное ПО",
+	"moderation.abuse_category.illegal_content": "Незаконное содержимое",
+	"moderation.abuse_category.other_violations": "Прочие нарушения правил",
+	"moderation.report_remarks": "Подробности",
+	"moderation.report_abuse": "Пожаловаться",
+	"moderation.report_remarks.placeholder": "Пожалуйста, предоставьте немного подробностей о содержимом, на которое вы жалуетесь.",
+	"moderation.reporting_failed": "Не удалось отправить жалобу: %v",
+	"moderation.report_content": "Пожаловаться",
+	"moderation.report_abuse_form.already_reported": "Вы уже пожаловались на это содержимое",
+	"moderation.submit_report": "Пожаловаться",
+	"moderation.reported_thank_you": "Спасибо за ваше сообщение. Администрация оповещена.",
+	"moderation.report_abuse_form.details": "Через эту форму можно жаловаться на пользователей, распространяющих спам или ведущих себя неадекватно.",
+	"moderation.report_abuse_form.invalid": "Невалидные аргументы",
+	"moderation.report_abuse_form.header": "Жалоба администрации",
+	"editor.textarea.tab_hint": "Отступ уже добавлен. Нажмите <kbd>Tab</kbd> снова или <kbd>Escape</kbd>, чтобы покинуть редактор.",
+	"editor.textarea.shift_tab_hint": "В строке нет отступов. Нажмите <kbd>Shift</kbd> + <kbd>Tab</kbd> снова или <kbd>Escape</kbd>, чтобы покинуть редактор.",
+	"admin.dashboard.cleanup_offline_runners": "Удалить недоступных исполнителей",
+	"avatar.constraints_hint": "Изображение профиля не может быть более %[1]s и крупнее %[2]dx%[3]d пикселей",
+	"settings.visibility.description": "Видимость профиля влияет на доступ других до ваших не частных репозиториев. <a href=\"%s\" target=\"_blank\">Подробнее</a>.",
+	"repo.diff.commit.previous-short": "Пред.",
+	"repo.diff.commit.next-short": "След.",
+	"profile.actions.tooltip": "Показать действия",
+	"feed.atom.link": "Atom-лента",
+	"keys.ssh.link": "Ключи SSH",
+	"keys.gpg.link": "Ключи GPG",
+	"profile.edit.link": "Изменить профиль",
+	"og.repo.summary_card.alt_description": "Карточка со сводкой о репозитории %s. Описание: %[2]s",
+	"mail.actions.run_info_sha": "Коммит: %[1]s",
+	"repo.settings.push_mirror.branch_filter.description": "Синхронизируемые ветви. Оставьте пустым, чтобы синхронизировать все. Ознакомьтесь с синтаксисом в <a href=\"%[1]s\">документации %[2]s</a>. Примеры: <code>main, release/*</code>",
+	"repo.settings.push_mirror.branch_filter.label": "Выбор ветвей (опционально)",
+	"discussion.sidebar.reference": "Ссылка",
+	"admin.moderation.moderation_reports": "Жалобы модерации",
+	"admin.moderation.deleted_content_ref": "Содержимое типа %[1]v и ид. %[2]d, на которое пожаловались, более не существует",
+	"admin.moderation.reports": "Жалобы",
+	"admin.moderation.no_open_reports": "Нет открытых жалоб.",
+	"admin.dashboard.remove_resolved_reports": "Удалить разрешённые жалобы",
+	"compare.branches.title": "Сравнение ветвей",
+	"repo.commit.load_tags_failed": "Загрузка тегов не удалась из-за внутренней ошибки",
+	"admin.auths.allow_username_change.description": "Пользователи смогут изменять свои имена после регистрации",
+	"admin.auths.allow_username_change": "Разрешить смену имён",
+	"admin.config.global_2fa_requirement.title": "Глобальное требование 2ФА",
+	"admin.config.global_2fa_requirement.none": "Нет",
+	"admin.config.global_2fa_requirement.all": "Для всех пользователей",
+	"admin.config.global_2fa_requirement.admin": "Для администраторов",
+	"settings.must_enable_2fa": "Для доступа к учётной записи на этом сервере Forgejo вам необходимо защитить её двухфакторной аутентификацией.",
+	"error.must_enable_2fa": "Для доступа к учётной записи на этом сервере Forgejo вам необходимо защитить её двухфакторной аутентификацией. Подключите её здесь: %s",
+	"warning.repository.out_of_sync": "Состояние этого репозитория рассинхронизировано с базой данных. Если это предупреждение сохраняется после отправки коммитов, сообщите об этом администрации сервера.",
+	"admin.config.security": "Настройки безопасности",
+	"settings.twofa_unroll_unavailable": "Двухфакторная аутентификация требуется для вашей учётной записи и не может быть отключена.",
+	"settings.twofa_reenroll": "Заменить 2ФА",
+	"settings.twofa_reenroll.description": "Вы можете заменить двухфакторную аутентификацию",
+	"repo.pulls.already_merged": "Слияние не удалось: слияние уже выполнено.",
+	"migrate.pagure.description": "Перенести данные с pagure.io или другого сервера Pagure.",
+	"migrate.pagure.incorrect_url": "Введена неправильная ссылка на источник",
+	"migrate.pagure.project_url": "Ссылка проекта на Pagure",
+	"migrate.pagure.project_example": "Ссылка проекта. Например, https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Токен API Pagure",
+	"migrate.github.description": "Перенести данные с github.com или сервера GitHub Enterprise.",
+	"migrate.git.description": "Перенести Git-репозиторий из любого совместимого сервиса.",
+	"migrate.gitea.description": "Перенести данные с gitea.com или другого сервера Gitea.",
+	"migrate.gitlab.description": "Перенести данные с gitlab.com или другого сервера GitLab.",
+	"migrate.gogs.description": "Перенести данные с notabug.org или другого сервера Gogs.",
+	"migrate.onedev.description": "Перенести данные с code.onedev.io или другого сервера OneDev.",
+	"migrate.gitbucket.description": "Перенести данные с сервера GitBucket.",
+	"migrate.codebase.description": "Перенести данные с codebasehq.com.",
+	"migrate.forgejo.description": "Перенести данные с codeberg.org или другого сервера Forgejo.",
+	"user.ghost.tooltip": "Пользователь удалён или неизвестен.",
+	"migrate.form.error.url_credentials": "Ссылка содержит данные авторизации. Поместите их в соответствующие поля",
+	"actions.runs.run_attempt_label": "Попытка №%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "Это устаревший результат. Задание было выполнено %[1]s.",
+	"actions.runs.view_most_recent_run": "Перейти к актуальному",
+	"repo.pulls.maintainers_can_edit": "Сопровождающие могут вносить правки.",
+	"repo.pulls.maintainers_cannot_edit": "Сопровождающие не могут вносить правки.",
+	"pulse.n_active_issues": {
+		"one": "%s активная задача",
+		"few": "%s активных задачи",
+		"many": "%s активных задач"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s активный запрос слияния",
+		"few": "%s активных запроса слияния",
+		"many": "%s активных запросов слияния"
+	},
+	"migrate.pagure.private_issues.summary": "Скрытые задачи (необязательно)",
+	"migrate.pagure.private_issues.description": "Эта функция позволяет создать дополнительный репозиторий для архивации в нём скрытых задач из вашего проекта Pagure. Сперва выполните нормальный перенос репозитория без токена, чтобы скопировать всё публичное содержимое. Затем, если нужно, выполните ещё один перенос и укажите токен, чтобы разместить скрытые задачи в дополнительном репозитории.",
+	"migrate.pagure.private_issues.warning": "Не забудьте указать видимость репозитория как Частную при переносе скрытых задач, чтобы их никто не увидел.",
+	"migrate.pagure.token.placeholder": "Только для переноса скрытых задач",
+	"mail.issue.action.close_by_commit": "%[1]s закрыл %[2]s из коммита %[2]s.",
+	"actions.workflow.job_parsing_error": "Не удалось прочитать задачи в раб. потоке: %v",
+	"actions.workflow.event_detection_error": "Не удалось прочитать поддерживаемые события в раб. потоке: %v",
+	"actions.workflow.pre_execution_error": "Рабочий поток не был выполнен из-за ошибки, возникшей при попытке начать выполнение.",
+	"watch.n_watchers": {
+		"one": "%s наблюдатель",
+		"few": "%s наблюдателя",
+		"many": "%s наблюдателей"
+	},
+	"teams.add_all_repos.modal.header": "Добавить все репозитории",
+	"teams.remove_all_repos.modal.header": "Убрать все репозитории",
+	"repo.pulls.poster_requires_approval": "Раб. потоки, <a href=\"%[1]s\">ожидающие рецензии</a>.",
+	"repo.pulls.poster_requires_approval.tooltip": "Нет доверия к автору запроса на слияние. Раб. потоки, сработавшие по событию `pull_request`, не будут выполнятся на коде, предложенном из ответвления репозитория или через AGit, пока они не будут одобрены.",
+	"repo.pulls.poster_is_trusted": "Автор запроса на слияние <a href=\"%[1]s\">доверяется к запуску раб. потоков</a>.",
+	"repo.pulls.poster_is_trusted.tooltip": "Автор запроса на слияние доверяется для запуска раб. потоков, срабатывающих для событий `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Отклонить",
+	"repo.pulls.poster_trust_deny.tooltip": "Раб. потоки, ожидающие одобрения, будут отменены.",
+	"repo.pulls.poster_trust_once": "Одобрить один раз",
+	"repo.pulls.poster_trust_once.tooltip": "Раб. потоки, сработавшие по событию `pull_request`, будут выполнены для последнего коммита, но все последующие коммиты будут снова потребуют одобрения.",
+	"repo.pulls.poster_trust_always": "Одобрить и начать доверять",
+	"repo.pulls.poster_trust_revoke": "Отозвать",
+	"keys.verify.token.hint": "Токен действителен в течение 1 минуты. <a href=\"%[1]s\">Получите новый, если этот истёк</a>.",
+	"admin.dashboard.actions_action_user": "Отозвать доверие Forgejo Действий у неактивных пользователей",
+	"actions.status.diagnostics.waiting": {
+		"one": "Ожидается исполнитель, имеющий метку: %s",
+		"few": "Ожидается исполнитель, имеющий одну из меток: %s",
+		"many": "Ожидается исполнитель, имеющий одну из меток: %s"
+	},
+	"repo.pulls.poster_manage_approval": "Управление одобрением",
+	"repo.pulls.poster_trust_revoke.tooltip": "Автор запроса на слияние больше не будет доверятся для запуска раб. потоков, срабатывающих для событий `pull_request`. Каждый запуск потребует одобрения.",
+	"repo.pulls.poster_trust_always.tooltip": "Этот раб. поток будет выполнен. Последующие раб. потоки, срабатывающие по событию `pull_request` в запросах на слияние от этого пользователя, будут запускаться без одобрения.",
+	"repo.issues.filter_poster.hint": "Отфильтровать по автору",
+	"repo.issues.filter_assignee.hint": "Отфильтровать по назначенному пользователю",
+	"repo.issues.filter_reviewers.hint": "Отфильтровать по оставившему рецензию",
+	"repo.issues.filter_mention.hint": "Отфильтровать по упомянутому пользователю",
+	"repo.issues.filter_modified.hint": "Отфильтровать по дате изменения",
+	"repo.issues.filter_sort.hint": "Отсортировать по: created/comments/updated/deadline",
+	"search.syntax": "Синтаксис поиска",
+	"admin.dashboard.transfer_lingering_logs": "Перенести журналы завершённых Действий из БД в хранилище",
+	"actions.workflow.persistent_incomplete_matrix": "Не удалось проверить `strategy.matrix` задачи %[1]s – выражение `needs` некорректно. Возможно, оно ссылается на задачу, не входящую в список требуемых (%[2]s), или на интерфейс вывода, отсутствующий у какой-то из этих задач.",
+	"admin.auths.oauth2_quota_group_claim_name": "Название утверждения (claim), сообщающего названия групп квоты для этого источника. (необязательно)",
+	"admin.auths.oauth2_quota_group_map_removal": "Удалить пользователей из синхронизованных групп квот, не входящих в соответствующие группы.",
+	"moderation.report.mark_as_handled": "Пометить решённой",
+	"moderation.report.mark_as_ignored": "Пометить проигнорированной",
+	"moderation.action.account.delete": "Удалить уч. запись",
+	"moderation.action.account.suspend": "Приостановить уч. запись",
+	"moderation.action.repo.delete": "Удалить репозиторий",
+	"moderation.action.issue.delete": "Удалить задачу",
+	"moderation.action.comment.delete": "Удалить комментарий",
+	"moderation.unknown_action": "Неизвестное действие",
+	"moderation.users.cannot_suspend_self": "Нельзя приостановить свою уч. запись.",
+	"moderation.users.cannot_suspend_admins": "Учётные записи администраторов не могут быть приостановлены.",
+	"moderation.users.cannot_suspend_org": "Организации не могут быть приостановлены.",
+	"moderation.users.already_suspended": "Эта уч. запись уже приостановлена.",
+	"moderation.users.suspend_success": "Учётная запись была приостановлена.",
+	"moderation.users.cannot_delete_admins": "Учётные записи администраторов не могут быть удалены.",
+	"moderation.issue.deletion_success": "Задача была удалена.",
+	"moderation.comment.deletion_success": "Комментарий был удалён.",
+	"actions.workflow.incomplete_matrix_missing_job": "Не удалось проверить `strategy.matrix` задачи %[1]s – задача %[2]s отсутствует в списке требуемых (`needs`) задачи %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Не удалось проверить `strategy.matrix` задачи %[1]s – у задачи %[2]s не хватает интерфейса вывода %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Не удалось проверить `strategy.matrix` задачи %[1]s – неизвестная ошибка.",
+	"actions.workflow.incomplete_runson_missing_job": "Не удалось проверить `runs-on` задачи %[1]s – задача %[2]s отсутствует в списке требуемых (`needs`) задачи %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Не удалось проверить `runs-on` задачи %[1]s – у задачи %[2]s не хватает интерфейс вывода %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Не удалось проверить `runs-on` задачи %[1]s – измерение матрицы %[2]s не существует.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Не удалось проверить `runs-on` задачи %[1]s – неизвестная ошибка.",
+	"admin.auths.oauth2_quota_group_map": "Связывать группы из указанного выше утверждения (claim) с группами квот",
+	"search.fuzzy": "Приблиз.",
+	"search.fuzzy_tooltip": "Включает результаты, приблизительно соответствующие запросу",
+	"issues.updated": "обнов. %s",
+	"actions.workflow.incomplete_with_missing_job": "Не удалось проверить `with` задачи %[1]s – задача %[2]s не указана в списке `needs` задачи %[1]s (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "Не удалось проверить `with` задачи %[1]s – у задачи %[2]s не хватает интерфейса вывода %[3]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Не удалось проверить `with` задачи %[1]s: в матрице не указано измерение %[2]s.",
+	"actions.workflow.incomplete_with_unknown_cause": "Не удалось проверить `with` задачи %[1]s: неизвестная ошибка."
 }
diff --git a/options/locale_next/locale_si-LK.json b/options/locale_next/locale_si-LK.json
index 4748bf6eb5..8f30caa098 100644
--- a/options/locale_next/locale_si-LK.json
+++ b/options/locale_next/locale_si-LK.json
@@ -1,22 +1,19 @@
 {
-    "repo.pulls.merged_title_desc": {
-        "other": "මර්ජ්%[1]d සිට <code>%[2]s</code> දක්වා <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "other": "%[1]d සිට <code>%[2]s</code> දක්වා <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "migrate.git.description": "ඕනෑම Git සේවාවකින් පමණක් ගබඩාවක් සංක්රමණය කරන්න.",
-    "migrate.gitea.description": "Gitea.com හෝ වෙනත් Gitea අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
-    "migrate.gitlab.description": "gitlab.com හෝ වෙනත් GitLab අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
-    "migrate.gogs.description": "notabug.org හෝ වෙනත් Gogs අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
-    "migrate.onedev.description": "code.onedev.io හෝ වෙනත් OnedeV අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
-    "migrate.gitbucket.description": "GitBucket අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
-    "pulse.n_active_issues": {
-        "one": "%s ක්රියාකාරී නිකුතුව",
-        "other": "%s ක්රියාකාරී ගැටළු"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s ක්රියාකාරී අදින්න ඉල්ලීම",
-        "other": "%s ක්රියාකාරී අදින්න ඉල්ලීම්"
-    }
+	"repo.pulls.merged_title_desc": "මර්ජ්%[1]d සිට <code>%[2]s</code> දක්වා <code>%[3]s</code> %[4]s",
+	"repo.pulls.title_desc": "%[1]d සිට <code>%[2]s</code> දක්වා <code id=\"%[4]s\">%[3]s</code>",
+	"migrate.git.description": "ඕනෑම Git සේවාවකින් පමණක් ගබඩාවක් සංක්රමණය කරන්න.",
+	"migrate.gitea.description": "Gitea.com හෝ වෙනත් Gitea අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
+	"migrate.gitlab.description": "gitlab.com හෝ වෙනත් GitLab අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
+	"migrate.gogs.description": "notabug.org හෝ වෙනත් Gogs අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
+	"migrate.onedev.description": "code.onedev.io හෝ වෙනත් OnedeV අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
+	"migrate.gitbucket.description": "GitBucket අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
+	"pulse.n_active_issues": {
+		"one": "%s ක්රියාකාරී නිකුතුව",
+		"other": "%s ක්රියාකාරී ගැටළු"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s ක්රියාකාරී අදින්න ඉල්ලීම",
+		"other": "%s ක්රියාකාරී අදින්න ඉල්ලීම්"
+	},
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_sk-SK.json b/options/locale_next/locale_sk-SK.json
index c5b54cb198..c20baabaa4 100644
--- a/options/locale_next/locale_sk-SK.json
+++ b/options/locale_next/locale_sk-SK.json
@@ -1,158 +1,160 @@
 {
-    "fork.n_forks": {
-        "one": "%s fork",
-        "other": "%s forky"
-    },
-    "stars.n_stars": {
-        "one": "%s hviezda",
-        "other": "%s hviezdy"
-    },
-    "error.not_found.title": "Stránka nebola nájedná",
-    "incorrect_root_url": "Táto inštancia Forgejo je nakonfigurovaná tak, aby bola obsluhovaná na „%s“. Momentálne zobrazujete Forgejo prostredníctvom inej adresy URL, čo môže spôsobiť poruchu niektorých častí aplikácie. Kanonickú adresu URL kontrolujú správcovia aplikácie Forgejo prostredníctvom nastavenia ROOT_URL v súbore app.ini.",
-    "themes.names.forgejo-auto": "Forgejo (sleduj systémovú tému)",
-    "themes.names.forgejo-light": "Forgejo svetlé",
-    "themes.names.forgejo-dark": "Forgejo tmavé",
-    "alert.asset_load_failed": "Nepodarilo sa načítať súbory z {path}. Uistite sa, že súbory sú prístupné.",
-    "install.invalid_lfs_path": "Nie je možné vytvoriť koreňový systém LFS na zadanej ceste: %[1]s",
-    "alert.range_error": " musí byť číslo medzi %[1]s a %[2]s.",
-    "home.welcome.no_activity": "Žiadna aktivita",
-    "home.welcome.activity_hint": "Vo vašom kanáli zatiaľ nič nie je. Tu sa budú zobrazovať vaše akcie a aktivity z repozitárov, ktoré sledujete.",
-    "home.explore_repos": "Preskúmajte repozitáre",
-    "home.explore_users": "Preskúmajte používateľov",
-    "home.explore_orgs": "Preskúmajte organizácie",
-    "search.milestone_kind": "Hľadať v míľnikoch…",
-    "relativetime.now": "teraz",
-    "relativetime.future": "v budúcnosti",
-    "relativetime.1week": "posledný týždeň",
-    "relativetime.2months": "pred dvoma mesiacmi",
-    "relativetime.days": {
-        "one": "pred %d dňom",
-        "few": "pred %d dňami",
-        "other": "pred %d dňami"
-    },
-    "stars.list.none": "Nikto neoznačil toto repo hviezdou.",
-    "watch.list.none": "Nikto nesleduje toto repo.",
-    "followers.incoming.list.self.none": "Nikto nesleduje Váš profil.",
-    "followers.incoming.list.none": "Nikto nesleduje tohoto užívateľa.",
-    "followers.outgoing.list.self.none": "Nikoho nesledujete.",
-    "followers.outgoing.list.none": "%s nesleduje nikoho.",
-    "relativetime.2weeks": "pred dvoma týždňami",
-    "relativetime.1month": "posledný mesiac",
-    "relativetime.months": {
-        "one": "pred %d mesiacom",
-        "few": "pred %d mesiacmi",
-        "other": "pred %d mesiacmi"
-    },
-    "relativetime.years": {
-        "one": "pred %d rokom",
-        "few": "pred %d rokmi",
-        "other": "pred %d rokmi"
-    },
-    "relativetime.weeks": {
-        "one": "pred %d týždňom",
-        "few": "pred %d týždňami",
-        "other": "pred %d týždňami"
-    },
-    "relativetime.2days": "pred dvoma dňami",
-    "relativetime.1day": "včera",
-    "relativetime.mins": {
-        "one": "pred %d minútou",
-        "few": "pred %d minútami",
-        "other": "pred %d minútami"
-    },
-    "relativetime.hours": {
-        "one": "pred %d hodinou",
-        "few": "pred %d hodinami",
-        "other": "pred %d hodinami"
-    },
-    "relativetime.1year": "minulý rok",
-    "relativetime.2years": "pred dvoma rokmi",
-    "repo.form.cannot_create": "Všetky priestory, v ktorých môžete vytvárať repozitáre, dosiahli svoj limit.",
-    "repo.issue_indexer.title": "Indexovanie problémov",
-    "editor.textarea.shift_tab_hint": "V tomto riadku nie je žiadne odsadenie. Pre opustenie editoru stlačte znovu <kbd>Shift</kbd> + <kbd>Tab</kbd> alebo <kbd>Escape</kbd>.",
-    "admin.dashboard.remove_resolved_reports": "Odstrániť vyriešené hlásenia",
-    "settings.visibility.description": "Viditeľnosť profilu ovplyvňuje možnosť prístupu ostatných k vašim nesúkromným repozitárom. <a href=\"%s\" target=\"_blank\">Získajte viac informácií</a>.",
-    "compare.branches.title": "Porovnať vetve",
-    "repo.commit.load_tags_failed": "Načítanie značiek zlyhalo z dôvodu internej chyby",
-    "admin.auths.allow_username_change": "Povoliť zmenu mena užívateľa",
-    "admin.auths.allow_username_change.description": "Povoliť užívateľom zmeniť svoje užívateľské meno v nastavení profilu",
-    "moderation.report_abuse_form.header": "Nahlásiť zneužitie administrátorovi",
-    "moderation.report_abuse_form.invalid": "Neplatné argumenty",
-    "mail.actions.run_info_sha": "Revízia: %[1]s",
-    "discussion.sidebar.reference": "Referencia",
-    "profile.actions.tooltip": "Ďalšie akcie",
-    "profile.edit.link": "Upraviť profil",
-    "feed.atom.link": "Zdroj Atom",
-    "keys.ssh.link": "SSH kľúče",
-    "keys.gpg.link": "GPG kľúče",
-    "admin.config.moderation_config": "Nastavenia moderovania",
-    "moderation.report_abuse": "Nahlásiť zneužitie",
-    "moderation.report_content": "Nahlásiť obsah",
-    "admin.moderation.moderation_reports": "Nastavenia hlásení",
-    "admin.moderation.reports": "Hlásenia",
-    "mail.actions.not_successful_run_subject": "Workflow %[1]s zlyhal v repozitári %[2]s",
-    "mail.actions.successful_run_after_failure": "Workflow %[1]s obnovený v repozitári %[2]s",
-    "mail.actions.not_successful_run": "Workflov %[1]s zlyhal v repozitári %[2]s",
-    "discussion.locked": "Táto diskusia bola uzamknutá. Komentovanie je obmedzené na prispievateľov.",
-    "admin.moderation.no_open_reports": "Aktuálne nie sú otvorené žiadne hlásenia.",
-    "admin.moderation.deleted_content_ref": "Nahlásený obsah s typom %[1]v a ID %[2]d už neexistuje",
-    "moderation.reporting_failed": "Nepodarilo sa odoslať nové hlásenie o zneužití: %v",
-    "mail.actions.successful_run_after_failure_subject": "Workflow %[1]s obnovený v repozitári %[2]s",
-    "repo.settings.push_mirror.branch_filter.label": "Filter vetví (nepovinný)",
-    "repo.settings.push_mirror.branch_filter.description": "Vetvy ktoré majú byť zrkadlené. Pre zrkadlenie všetkých ponechajte prázdne. Syntax nájdete v <a href=\"%[1]s\">dokumentácii %[2]s</a>. Príklady: <code>main, release/*</code>",
-    "moderation.report_abuse_form.details": "Tento formulár by sa mal používať na nahlásenie používateľov, ktorí vytvárajú spamové profily, repozitáre, problémy, komentáre alebo sa správajú nevhodne.",
-    "moderation.reported_thank_you": "Ďakujeme za Vaše hlásenie. Administrátori boli o ňom informovaný.",
-    "admin.dashboard.cleanup_offline_runners": "Vymazať odpojené spúštače",
-    "migrate.pagure.project_example": "URL adresa projektu Pagure, napr. https://pagure.io/pagure",
-    "migrate.gitea.description": "Migrovať dáta z gitea.com alebo iných inštancií Gitea.",
-    "migrate.gitlab.description": "Migrovať dáta z gitlab.com alebo iných inštancií GitLab.",
-    "migrate.gogs.description": "Migrovať dáta z notabug.org alebo iných inštancií Gogs.",
-    "migrate.onedev.description": "Migrovať dáta z code.onedev.io alebo iných inštancií OneDev.",
-    "migrate.gitbucket.description": "Migrovať dáta z inštancií GitBucket.",
-    "migrate.codebase.description": "Migrovať dáta z codebasehq.com.",
-    "repo.pulls.title_desc": {
-        "one": "je potrebné zlúčiť %[1]d revíziu z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>",
-        "few": "je potrebné zlúčiť %[1]d revízie z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>",
-        "other": "je potrebné zlúčiť %[1]d revízií z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "editor.textarea.tab_hint": "Riadok je už odsadený. Pre opustenie editoru stlačte znovu <kbd>Tab</kbd> alebo <kbd>Escape</kbd>.",
-    "repo.pulls.merged_title_desc": {
-        "one": "zlúčená %[1]d revízia z <code>%[2]s</code> do <code>%[3]s</code>%[4]s",
-        "few": "zlúčené %[1]d revízie z <code>%[2]s</code> do <code>%[3]s</code>%[4]s",
-        "other": "zlúčených %[1]d revízií z <code>%[2]s</code> do <code>%[3]s</code>%[4]s"
-    },
-    "admin.config.security": "Nastavenie zabezpečenia",
-    "admin.config.global_2fa_requirement.title": "Globálna požiadavka dvojfázového overenia",
-    "admin.config.global_2fa_requirement.none": "Nie",
-    "admin.config.global_2fa_requirement.all": "Všetci užívatelia",
-    "admin.config.global_2fa_requirement.admin": "Správcovia",
-    "settings.twofa_unroll_unavailable": "Pre váš účet je vyžadované dvojfaktorové overenie a nie je možné ho zakázať.",
-    "settings.twofa_reenroll": "Znovu zaregistrovať dvojfaktorové overenie",
-    "settings.twofa_reenroll.description": "Znovu zaregistrujte Vaše dvojfaktorové overenie",
-    "settings.must_enable_2fa": "Táto inštancia Forgejo vyžaduje, aby používatelia povolili dvojfaktorové overenie predtým, ako budú môcť pristupovať k svojim účtom.",
-    "error.must_enable_2fa": "Táto inštancia Forgejo vyžaduje, aby používatelia povolili dvojfaktorové overenie predtým, ako budú môcť pristupovať k svojim účtom. Povolíte ho tu: %s",
-    "meta.last_line": "Ďakujem za preklad Forgejo! Tento riadok používatelia nevidia, ale slúži na iné účely v správe prekladov. Namiesto prekladu môžete do prekladu vložiť zaujímavý fakt.",
-    "moderation.abuse_category": "Kategória",
-    "warning.repository.out_of_sync": "Databázová reprezentácia tohto repozitára nie je synchronizovaná. Ak sa toto upozornenie zobrazuje aj po odoslaní commitu do tohto repozitára, kontaktujte administrátora.",
-    "repo.pulls.already_merged": "Zlúčenie zlyhalo: Táto žiadosť už bola spracovaná.",
-    "moderation.report_abuse_form.already_reported": "Tento obsah ste už nahlásili",
-    "moderation.abuse_category.placeholder": "Vyberte kategóriu",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Malware",
-    "moderation.abuse_category.illegal_content": "Nezákonný obsah",
-    "moderation.abuse_category.other_violations": "Iné porušenie pravidiel platformy",
-    "moderation.report_remarks": "Poznámky",
-    "og.repo.summary_card.alt_description": "Súhrnná karta repozitáru %[1]s, opísaná ako: %[2]s",
-    "moderation.report_remarks.placeholder": "Prosím, uveďte nejaké podrobnosti týkajúce sa zneužívania, ktoré nahlasujete.",
-    "moderation.submit_report": "Odoslať hlásenie",
-    "mail.actions.run_info_cur_status": "Stav procesu: %[1]s (práve aktualizované z %[2]s)",
-    "mail.actions.run_info_previous_status": "Stav predchádzajúceho procesu: %[1]s",
-    "mail.actions.run_info_trigger": "Spustené z dôvodu: %[1]s od: %[2]s",
-    "repo.diff.commit.next-short": "Ďalší",
-    "repo.diff.commit.previous-short": "Predchádzajúci",
-    "avatar.constraints_hint": "Vlastný avatar nesmie presiahnuť veľkosť %[1]s alebo byť väčší ako %[2]dx%[3]d pixelov",
-    "migrate.pagure.description": "Migrujte dáta z pagure.io alebo iných inštancií Pagure.",
-    "migrate.pagure.incorrect_url": "Bola zadaná nesprávna URL adresa zdrojového repozitáru",
-    "migrate.pagure.project_url": "URL adresa projektu Pagure",
-    "migrate.pagure.token_label": "Token"
+	"fork.n_forks": {
+		"one": "%s fork",
+		"few": "%s forky",
+		"other": ""
+	},
+	"stars.n_stars": {
+		"one": "%s hviezda",
+		"few": "%s hviezdy",
+		"other": ""
+	},
+	"error.not_found.title": "Stránka nebola nájedná",
+	"incorrect_root_url": "Táto inštancia Forgejo je nakonfigurovaná tak, aby bola obsluhovaná na „%s“. Momentálne zobrazujete Forgejo prostredníctvom inej adresy URL, čo môže spôsobiť poruchu niektorých častí aplikácie. Kanonickú adresu URL kontrolujú správcovia aplikácie Forgejo prostredníctvom nastavenia ROOT_URL v súbore app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (sleduj systémovú tému)",
+	"themes.names.forgejo-light": "Forgejo svetlé",
+	"themes.names.forgejo-dark": "Forgejo tmavé",
+	"alert.asset_load_failed": "Nepodarilo sa načítať súbory z {path}. Uistite sa, že súbory sú prístupné.",
+	"install.invalid_lfs_path": "Nie je možné vytvoriť koreňový systém LFS na zadanej ceste: %[1]s",
+	"alert.range_error": " musí byť číslo medzi %[1]s a %[2]s.",
+	"home.welcome.no_activity": "Žiadna aktivita",
+	"home.welcome.activity_hint": "Vo vašom kanáli zatiaľ nič nie je. Tu sa budú zobrazovať vaše akcie a aktivity z repozitárov, ktoré sledujete.",
+	"home.explore_repos": "Preskúmajte repozitáre",
+	"home.explore_users": "Preskúmajte používateľov",
+	"home.explore_orgs": "Preskúmajte organizácie",
+	"search.milestone_kind": "Hľadať v míľnikoch…",
+	"relativetime.now": "teraz",
+	"relativetime.future": "v budúcnosti",
+	"relativetime.1week": "posledný týždeň",
+	"relativetime.2months": "pred dvoma mesiacmi",
+	"relativetime.days": {
+		"one": "pred %d dňom",
+		"few": "pred %d dňami",
+		"other": "pred %d dňami"
+	},
+	"stars.list.none": "Nikto neoznačil toto repo hviezdou.",
+	"watch.list.none": "Nikto nesleduje toto repo.",
+	"followers.incoming.list.self.none": "Nikto nesleduje Váš profil.",
+	"followers.incoming.list.none": "Nikto nesleduje tohoto užívateľa.",
+	"followers.outgoing.list.self.none": "Nikoho nesledujete.",
+	"followers.outgoing.list.none": "%s nesleduje nikoho.",
+	"relativetime.2weeks": "pred dvoma týždňami",
+	"relativetime.1month": "posledný mesiac",
+	"relativetime.months": {
+		"one": "pred %d mesiacom",
+		"few": "pred %d mesiacmi",
+		"other": "pred %d mesiacmi"
+	},
+	"relativetime.years": {
+		"one": "pred %d rokom",
+		"few": "pred %d rokmi",
+		"other": "pred %d rokmi"
+	},
+	"relativetime.weeks": {
+		"one": "pred %d týždňom",
+		"few": "pred %d týždňami",
+		"other": "pred %d týždňami"
+	},
+	"relativetime.2days": "pred dvoma dňami",
+	"relativetime.1day": "včera",
+	"relativetime.mins": {
+		"one": "pred %d minútou",
+		"few": "pred %d minútami",
+		"other": "pred %d minútami"
+	},
+	"relativetime.hours": {
+		"one": "pred %d hodinou",
+		"few": "pred %d hodinami",
+		"other": "pred %d hodinami"
+	},
+	"relativetime.1year": "minulý rok",
+	"relativetime.2years": "pred dvoma rokmi",
+	"repo.form.cannot_create": "Všetky priestory, v ktorých môžete vytvárať repozitáre, dosiahli svoj limit.",
+	"repo.issue_indexer.title": "Indexovanie problémov",
+	"editor.textarea.shift_tab_hint": "V tomto riadku nie je žiadne odsadenie. Pre opustenie editoru stlačte znovu <kbd>Shift</kbd> + <kbd>Tab</kbd> alebo <kbd>Escape</kbd>.",
+	"admin.dashboard.remove_resolved_reports": "Odstrániť vyriešené hlásenia",
+	"settings.visibility.description": "Viditeľnosť profilu ovplyvňuje možnosť prístupu ostatných k vašim nesúkromným repozitárom. <a href=\"%s\" target=\"_blank\">Získajte viac informácií</a>.",
+	"compare.branches.title": "Porovnať vetve",
+	"repo.commit.load_tags_failed": "Načítanie značiek zlyhalo z dôvodu internej chyby",
+	"admin.auths.allow_username_change": "Povoliť zmenu mena užívateľa",
+	"admin.auths.allow_username_change.description": "Povoliť užívateľom zmeniť svoje užívateľské meno v nastavení profilu",
+	"moderation.report_abuse_form.header": "Nahlásiť zneužitie administrátorovi",
+	"moderation.report_abuse_form.invalid": "Neplatné argumenty",
+	"mail.actions.run_info_sha": "Revízia: %[1]s",
+	"discussion.sidebar.reference": "Referencia",
+	"profile.actions.tooltip": "Ďalšie akcie",
+	"profile.edit.link": "Upraviť profil",
+	"feed.atom.link": "Zdroj Atom",
+	"keys.ssh.link": "SSH kľúče",
+	"keys.gpg.link": "GPG kľúče",
+	"admin.config.moderation_config": "Nastavenia moderovania",
+	"moderation.report_abuse": "Nahlásiť zneužitie",
+	"moderation.report_content": "Nahlásiť obsah",
+	"admin.moderation.moderation_reports": "Nastavenia hlásení",
+	"admin.moderation.reports": "Hlásenia",
+	"mail.actions.not_successful_run_subject": "Workflow %[1]s zlyhal v repozitári %[2]s",
+	"mail.actions.successful_run_after_failure": "Workflow %[1]s obnovený v repozitári %[2]s",
+	"mail.actions.not_successful_run": "Workflov %[1]s zlyhal v repozitári %[2]s",
+	"discussion.locked": "Táto diskusia bola uzamknutá. Komentovanie je obmedzené na prispievateľov.",
+	"admin.moderation.no_open_reports": "Aktuálne nie sú otvorené žiadne hlásenia.",
+	"admin.moderation.deleted_content_ref": "Nahlásený obsah s typom %[1]v a ID %[2]d už neexistuje",
+	"moderation.reporting_failed": "Nepodarilo sa odoslať nové hlásenie o zneužití: %v",
+	"mail.actions.successful_run_after_failure_subject": "Workflow %[1]s obnovený v repozitári %[2]s",
+	"repo.settings.push_mirror.branch_filter.label": "Filter vetví (nepovinný)",
+	"repo.settings.push_mirror.branch_filter.description": "Vetvy ktoré majú byť zrkadlené. Pre zrkadlenie všetkých ponechajte prázdne. Syntax nájdete v <a href=\"%[1]s\">dokumentácii %[2]s</a>. Príklady: <code>main, release/*</code>",
+	"moderation.report_abuse_form.details": "Tento formulár by sa mal používať na nahlásenie používateľov, ktorí vytvárajú spamové profily, repozitáre, problémy, komentáre alebo sa správajú nevhodne.",
+	"moderation.reported_thank_you": "Ďakujeme za Vaše hlásenie. Administrátori boli o ňom informovaný.",
+	"admin.dashboard.cleanup_offline_runners": "Vymazať odpojené spúštače",
+	"migrate.pagure.project_example": "URL adresa projektu Pagure, napr. https://pagure.io/pagure",
+	"migrate.gitea.description": "Migrovať dáta z gitea.com alebo iných inštancií Gitea.",
+	"migrate.gitlab.description": "Migrovať dáta z gitlab.com alebo iných inštancií GitLab.",
+	"migrate.gogs.description": "Migrovať dáta z notabug.org alebo iných inštancií Gogs.",
+	"migrate.onedev.description": "Migrovať dáta z code.onedev.io alebo iných inštancií OneDev.",
+	"migrate.gitbucket.description": "Migrovať dáta z inštancií GitBucket.",
+	"migrate.codebase.description": "Migrovať dáta z codebasehq.com.",
+	"repo.pulls.title_desc": {
+		"one": "je potrebné zlúčiť %[1]d revíziu z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>",
+		"few": "je potrebné zlúčiť %[1]d revízie z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>",
+		"other": "je potrebné zlúčiť %[1]d revízií z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"editor.textarea.tab_hint": "Riadok je už odsadený. Pre opustenie editoru stlačte znovu <kbd>Tab</kbd> alebo <kbd>Escape</kbd>.",
+	"repo.pulls.merged_title_desc": {
+		"one": "zlúčená %[1]d revízia z <code>%[2]s</code> do <code>%[3]s</code>%[4]s",
+		"few": "zlúčené %[1]d revízie z <code>%[2]s</code> do <code>%[3]s</code>%[4]s",
+		"other": "zlúčených %[1]d revízií z <code>%[2]s</code> do <code>%[3]s</code>%[4]s"
+	},
+	"admin.config.security": "Nastavenie zabezpečenia",
+	"admin.config.global_2fa_requirement.title": "Globálna požiadavka dvojfázového overenia",
+	"admin.config.global_2fa_requirement.none": "Nie",
+	"admin.config.global_2fa_requirement.all": "Všetci užívatelia",
+	"admin.config.global_2fa_requirement.admin": "Správcovia",
+	"settings.twofa_unroll_unavailable": "Pre váš účet je vyžadované dvojfaktorové overenie a nie je možné ho zakázať.",
+	"settings.twofa_reenroll": "Znovu zaregistrovať dvojfaktorové overenie",
+	"settings.twofa_reenroll.description": "Znovu zaregistrujte Vaše dvojfaktorové overenie",
+	"settings.must_enable_2fa": "Táto inštancia Forgejo vyžaduje, aby používatelia povolili dvojfaktorové overenie predtým, ako budú môcť pristupovať k svojim účtom.",
+	"error.must_enable_2fa": "Táto inštancia Forgejo vyžaduje, aby používatelia povolili dvojfaktorové overenie predtým, ako budú môcť pristupovať k svojim účtom. Povolíte ho tu: %s",
+	"meta.last_line": "Ďakujem za preklad Forgejo! Tento riadok používatelia nevidia, ale slúži na iné účely v správe prekladov. Namiesto prekladu môžete do prekladu vložiť zaujímavý fakt.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"moderation.abuse_category": "Kategória",
+	"warning.repository.out_of_sync": "Databázová reprezentácia tohto repozitára nie je synchronizovaná. Ak sa toto upozornenie zobrazuje aj po odoslaní commitu do tohto repozitára, kontaktujte administrátora.",
+	"repo.pulls.already_merged": "Zlúčenie zlyhalo: Táto žiadosť už bola spracovaná.",
+	"moderation.report_abuse_form.already_reported": "Tento obsah ste už nahlásili",
+	"moderation.abuse_category.placeholder": "Vyberte kategóriu",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Malware",
+	"moderation.abuse_category.illegal_content": "Nezákonný obsah",
+	"moderation.abuse_category.other_violations": "Iné porušenie pravidiel platformy",
+	"moderation.report_remarks": "Poznámky",
+	"og.repo.summary_card.alt_description": "Súhrnná karta repozitáru %[1]s, opísaná ako: %[2]s",
+	"moderation.report_remarks.placeholder": "Prosím, uveďte nejaké podrobnosti týkajúce sa zneužívania, ktoré nahlasujete.",
+	"moderation.submit_report": "Odoslať hlásenie",
+	"mail.actions.run_info_cur_status": "Stav procesu: %[1]s (práve aktualizované z %[2]s)",
+	"mail.actions.run_info_previous_status": "Stav predchádzajúceho procesu: %[1]s",
+	"mail.actions.run_info_trigger": "Spustené z dôvodu: %[1]s od: %[2]s",
+	"repo.diff.commit.next-short": "Ďalší",
+	"repo.diff.commit.previous-short": "Predchádzajúci",
+	"avatar.constraints_hint": "Vlastný avatar nesmie presiahnuť veľkosť %[1]s alebo byť väčší ako %[2]dx%[3]d pixelov",
+	"migrate.pagure.description": "Migrujte dáta z pagure.io alebo iných inštancií Pagure.",
+	"migrate.pagure.incorrect_url": "Bola zadaná nesprávna URL adresa zdrojového repozitáru",
+	"migrate.pagure.project_url": "URL adresa projektu Pagure",
+	"migrate.pagure.token_label": "Token"
 }
diff --git a/options/locale_next/locale_sl.json b/options/locale_next/locale_sl.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_sl.json
+++ b/options/locale_next/locale_sl.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_sr-SP.json b/options/locale_next/locale_sr-SP.json
index 881c261462..7320dae376 100644
--- a/options/locale_next/locale_sr-SP.json
+++ b/options/locale_next/locale_sr-SP.json
@@ -1,163 +1,163 @@
 {
-    "moderation.abuse_category.malware": "Малвер",
-    "home.welcome.no_activity": "Без активности",
-    "home.welcome.activity_hint": "Нема још ничега у вашем фиду. Ваше активности као и активности из репозиторијума које Ви пратите ће овде бити показивати.",
-    "home.explore_repos": "Прегледајте репозиторијуми",
-    "home.explore_users": "Прегледајте кориснике",
-    "home.explore_orgs": "Предледајте организације",
-    "fork.n_forks": {
-        "one": "%s форк",
-        "few": "%s форка",
-        "other": "%s форкова"
-    },
-    "stars.list.none": "Нико није фаворизовао овај репозиторијум.",
-    "stars.n_stars": {
-        "one": "%s звезда",
-        "few": "%s звезде",
-        "other": "%s звезде"
-    },
-    "watch.list.none": "Нико не прати овај репозиторијум.",
-    "watch.n_watchers": {
-        "one": "%s пратилац",
-        "few": "%s пратиоца",
-        "other": "%s пратиоца"
-    },
-    "followers.incoming.list.self.none": "Нико не прати Ваш профил.",
-    "followers.incoming.list.none": "Нико не прати овог корисника.",
-    "followers.outgoing.list.self.none": "Не пратите никога.",
-    "followers.outgoing.list.none": "%s не прати никога.",
-    "relativetime.now": "сад",
-    "relativetime.future": "у будућности",
-    "relativetime.mins": {
-        "one": "пре %d минуте",
-        "few": "пре %d минуте",
-        "other": "пре %d минута"
-    },
-    "relativetime.hours": {
-        "one": "пре %d сата",
-        "few": "пре %d сата",
-        "other": "пре %d сати"
-    },
-    "relativetime.days": {
-        "one": "пре %d дана",
-        "few": "пре %d дана",
-        "other": "пре %d дана"
-    },
-    "relativetime.weeks": {
-        "one": "пре %d седмице",
-        "few": "пре %d седмица",
-        "other": "пре %d седмица"
-    },
-    "relativetime.months": {
-        "one": "пре %d месеца",
-        "few": "пре %d месеца",
-        "other": "пре %d месеци"
-    },
-    "relativetime.years": {
-        "one": "пре %d године",
-        "few": "пре %d године",
-        "other": "пре %d година"
-    },
-    "relativetime.1day": "јуче",
-    "relativetime.2days": "пре два дана",
-    "relativetime.1week": "прошле седмице",
-    "relativetime.2weeks": "пре две седмице",
-    "relativetime.1month": "прошлог месеца",
-    "relativetime.2months": "пре два месеца",
-    "relativetime.1year": "прошле године",
-    "relativetime.2years": "шре две године",
-    "repo.form.cannot_create": "Сви простори у којима можете створити репозиторијум су достигли ограничење броја репозиторијума.",
-    "migrate.form.error.url_credentials": "УРЛ садржава податке за пријаву, молимо да унесете корисничко име и лозинку у одговарајућа поља",
-    "migrate.github.description": "Пренесите податке са \"github.com\" или \"GitHub Enterprise\" сервера.",
-    "migrate.git.description": "Пренесите репозиторијум из било којег \"Git\" сервиса.",
-    "migrate.gitea.description": "Пренесите податке са \"gitea.com\" или друге \"Gitea\" инстанце.",
-    "migrate.gitlab.description": "Пренесите податке са \"gitlab.com\" или друге \"GitLab\" инстанце.",
-    "migrate.gogs.description": "Пренесите податке са \"notabug.org\" или друге \"Gogs\" инстанце.",
-    "migrate.onedev.description": "Пренесите податке са \"code.onedev.io\" или друге \"OneDev\" инстанце.",
-    "migrate.gitbucket.description": "Пренесите податке са \"GitBucket\" инстанце.",
-    "migrate.codebase.description": "Пренесите податке са \"codebasehq.com\".",
-    "migrate.forgejo.description": "Пренесите податке са \"codeberg.org\" или друге \"Forgejo\" инстанце.",
-    "repo.issue_indexer.title": "Индексер задатака",
-    "repo.settings.push_mirror.branch_filter.label": "Филтер гране (није обавезно поље)",
-    "repo.settings.push_mirror.branch_filter.description": "Гране које се требају синхронизовати. Оставите поље празно да бисте синхронизовали све гране. Погледајте <a href=\"%[1]s\">%[2]s документацију</a> ради синтаксе. Пример уноса: <code>main, release/*</code>",
-    "incorrect_root_url": "Ова Forgejo инстанца је конфигурисана да буде видљива под адресом \"%s\". Тренутно видите Форгејо преко друге УРЛ адресе што може изазвати веће сметње. Очекивана УРЛ се може подесити са стране Forgejo администратора путем опције \"ROOT_URL\" у фајлу \"app.ini\".",
-    "themes.names.forgejo-auto": "Forgejo (прати тему система)",
-    "themes.names.forgejo-light": "Forgejo светла тема",
-    "themes.names.forgejo-dark": "Forgejo тамна тема",
-    "error.not_found.title": "Страница није нађена",
-    "warning.repository.out_of_sync": "Репрезентација репозиторијума у бази података није синхронизована. Ако порука не нестане након што пушујете комит у овај репозиторијум, контактирајте администраторе.",
-    "alert.range_error": " мора бити број између %[1]s и %[2]s.",
-    "install.invalid_lfs_path": "Стварање ЛФС корена није успело на наведеној локацији: %[1]s",
-    "profile.actions.tooltip": "Даљње акције",
-    "profile.edit.link": "Уреди профил",
-    "feed.atom.link": "Атом фид",
-    "keys.ssh.link": "ССХ кључ",
-    "keys.gpg.link": "ГПГ кључ",
-    "admin.config.moderation_config": "Конфигурација модерације",
-    "admin.moderation.moderation_reports": "Модерационе пријаве",
-    "admin.moderation.reports": "Пријаве",
-    "admin.moderation.no_open_reports": "Тренутно нема отворених пријава.",
-    "admin.moderation.deleted_content_ref": "Пријављен садржај од типа %[1]v и с ознаком (id) %[2]d више не постоји",
-    "moderation.report_abuse": "Пријавите злостављање",
-    "moderation.report_content": "Пријавите садржај",
-    "moderation.report_abuse_form.header": "Пријави злостављање или злоупотребу администратору",
-    "moderation.report_abuse_form.details": "Овај формулар служи пријави корисника које стварају спам профиле, репозиторијуми, задатке, коментари или се понашају неприкладно.",
-    "moderation.report_abuse_form.invalid": "Неважећи унос",
-    "moderation.report_abuse_form.already_reported": "Ви сте већ пријавили овај садржај",
-    "moderation.abuse_category": "Категорија",
-    "moderation.abuse_category.placeholder": "Изаберите категорију",
-    "moderation.abuse_category.spam": "Спам",
-    "moderation.abuse_category.illegal_content": "Протузаконит садржај",
-    "moderation.abuse_category.other_violations": "Друге врсте кршења правила платформе",
-    "moderation.report_remarks": "Коментар",
-    "moderation.report_remarks.placeholder": "Молимо Вас да опишете детаљније злостављање или злоупотребу коју желите да пријавите.",
-    "moderation.submit_report": "Пошаљи пријаву",
-    "moderation.reporting_failed": "Немогуће послати нову пријаву: %v",
-    "moderation.reported_thank_you": "Хвала Вам на Вашој пријави. Администрација је обавештена о њој.",
-    "repo.diff.commit.next-short": "Даље",
-    "repo.diff.commit.previous-short": "Назад",
-    "discussion.locked": "Ова дискуција је закључана. Коментирати је само могуће доприносиоцима.",
-    "discussion.sidebar.reference": "Референца",
-    "editor.textarea.tab_hint": "Ред је већ увучен. Притисните <kbd>Tab</kbd> опет или <kbd>Escape</kbd> да изађете из уредника.",
-    "editor.textarea.shift_tab_hint": "Нема увлаћења у овом реду. Притисните <kbd>Shift</kbd> + <kbd>Tab</kbd> опет или <kbd>Escape</kbd> да изађете из уредника.",
-    "admin.auths.allow_username_change": "Дозволити промену корисничког имена",
-    "admin.auths.allow_username_change.description": "Дозволите корисницима да промене корисничко име на страници подешавања профила",
-    "admin.dashboard.remove_resolved_reports": "Обришите решене пријаве",
-    "admin.config.security": "Сигурносна конфигурација",
-    "admin.config.global_2fa_requirement.title": "Глобална обавеза дво-факторске аутентикације",
-    "admin.config.global_2fa_requirement.none": "Не",
-    "admin.config.global_2fa_requirement.all": "Сви корисници",
-    "admin.config.global_2fa_requirement.admin": "Администратори",
-    "settings.visibility.description": "Видљивост профила утиче на видљивост Ваших не-приватних репозиторијума. <a href=\"%s\" target=\"_blank\">Сазнајте више</a>.",
-    "settings.twofa_unroll_unavailable": "Дво-факторска аутентикација је обавезна за Ваш кориснички рачун и ме може се укинути.",
-    "settings.twofa_reenroll": "Поновно регистровати дво-факторску аутентикацију",
-    "settings.twofa_reenroll.description": "Поновно региструјте Вашу дво-факторску аутентикацију",
-    "settings.must_enable_2fa": "Ова Forgejo инстанца захтева кориснике да активирају дво-факторску аутентикацију прије што могу приступити корисничком рачуну.",
-    "error.must_enable_2fa": "Ова Forgejo инстанца захтева кориснике да активирају дво-факторску аутентикацију прије што могу приступити корисничком рачуну. Активирајте овде: %s",
-    "avatar.constraints_hint": "Лична слика профила не сме да пређе величину фајла од %[1]s или величину слике од %[2]dx%[3]d пиксли",
-    "user.ghost.tooltip": "Овај корисник је избрисан или не може се наћи.",
-    "og.repo.summary_card.alt_description": "Сажетачки преглед репозиторијума %[1]s, описан као: %[2]s",
-    "compare.branches.title": "Успоредите гране",
-    "migrate.pagure.description": "Пренесите податке са \"pagure.io\" или друге \"Pagure\" инстанце.",
-    "migrate.pagure.incorrect_url": "Неважећа УРЛ изворног репозиторијума унешена",
-    "migrate.pagure.project_url": "Pagure УРЛ пројекта",
-    "migrate.pagure.project_example": "Pagure УРЛ пројекта, нпр. https://pagure.io/pagure",
-    "migrate.pagure.private_issues.summary": "Приватни задатци (није обавезно)",
-    "migrate.pagure.private_issues.description": "Ова функција је направљена да створи други репозиторијум у којем су само приватни задатци из Вашег Pagure пројекта у сврху архивирања. Прво изврши нормалну миграцију (без токена) да би импортирали сав јавни садржај. Након тога, уколико имате приватних задатака да архивирате, онда ће те задатке бити архивирани у одвојеном репозиторијуму уз употребу токена.",
-    "migrate.pagure.private_issues.warning": "Уберите се да подесите видљивост репозиторијума да буде приватно уколико користите АПИ токен за импорт приватних задатака. С тиме ћете спречити објаву приватних садржаја грешком у јавном репозиторијуму.",
-    "migrate.pagure.token.placeholder": "Само за стварање архиве приватних задатака",
-    "release.n_downloads": {
-        "one": "%s преузиманје/а",
-        "few": "%s преузиманја",
-        "other": "%s преузиманја"
-    },
-    "pulse.n_active_issues": {
-        "one": "%s активан/них задатак/а",
-        "few": "%s активних задатака",
-        "other": "%s активних задатака"
-    },
-    "teams.add_all_repos.modal.header": "Додај сви репозиторијуми",
-    "teams.remove_all_repos.modal.header": "Обриши сви репозиторијуми",
-    "meta.last_line": "If you know a Latin and a Cyrillic alphabet, then you basically already know how the Greek alphabet works from which those alphabets stem from. Also, learning Cyrillic isn't difficult, but while Serbo-Croatian grammar can be annoying at times, at least its pronunciation is pretty easy – unlike Russian haha.",
-    "migrate.pagure.token_label": "Pagure АПИ токен"
+	"moderation.abuse_category.malware": "Малвер",
+	"home.welcome.no_activity": "Без активности",
+	"home.welcome.activity_hint": "Нема још ничега у вашем фиду. Ваше активности као и активности из репозиторијума које Ви пратите ће овде бити показивати.",
+	"home.explore_repos": "Прегледајте репозиторијуми",
+	"home.explore_users": "Прегледајте кориснике",
+	"home.explore_orgs": "Предледајте организације",
+	"fork.n_forks": {
+		"one": "%s форк",
+		"few": "%s форка",
+		"other": "%s форкова"
+	},
+	"stars.list.none": "Нико није фаворизовао овај репозиторијум.",
+	"stars.n_stars": {
+		"one": "%s звезда",
+		"few": "%s звезде",
+		"other": "%s звезде"
+	},
+	"watch.list.none": "Нико не прати овај репозиторијум.",
+	"watch.n_watchers": {
+		"one": "%s пратилац",
+		"few": "%s пратиоца",
+		"other": "%s пратиоца"
+	},
+	"followers.incoming.list.self.none": "Нико не прати Ваш профил.",
+	"followers.incoming.list.none": "Нико не прати овог корисника.",
+	"followers.outgoing.list.self.none": "Не пратите никога.",
+	"followers.outgoing.list.none": "%s не прати никога.",
+	"relativetime.now": "сад",
+	"relativetime.future": "у будућности",
+	"relativetime.mins": {
+		"one": "пре %d минуте",
+		"few": "пре %d минуте",
+		"other": "пре %d минута"
+	},
+	"relativetime.hours": {
+		"one": "пре %d сата",
+		"few": "пре %d сата",
+		"other": "пре %d сати"
+	},
+	"relativetime.days": {
+		"one": "пре %d дана",
+		"few": "пре %d дана",
+		"other": "пре %d дана"
+	},
+	"relativetime.weeks": {
+		"one": "пре %d седмице",
+		"few": "пре %d седмица",
+		"other": "пре %d седмица"
+	},
+	"relativetime.months": {
+		"one": "пре %d месеца",
+		"few": "пре %d месеца",
+		"other": "пре %d месеци"
+	},
+	"relativetime.years": {
+		"one": "пре %d године",
+		"few": "пре %d године",
+		"other": "пре %d година"
+	},
+	"relativetime.1day": "јуче",
+	"relativetime.2days": "пре два дана",
+	"relativetime.1week": "прошле седмице",
+	"relativetime.2weeks": "пре две седмице",
+	"relativetime.1month": "прошлог месеца",
+	"relativetime.2months": "пре два месеца",
+	"relativetime.1year": "прошле године",
+	"relativetime.2years": "шре две године",
+	"repo.form.cannot_create": "Сви простори у којима можете створити репозиторијум су достигли ограничење броја репозиторијума.",
+	"migrate.form.error.url_credentials": "УРЛ садржава податке за пријаву, молимо да унесете корисничко име и лозинку у одговарајућа поља",
+	"migrate.github.description": "Пренесите податке са \"github.com\" или \"GitHub Enterprise\" сервера.",
+	"migrate.git.description": "Пренесите репозиторијум из било којег \"Git\" сервиса.",
+	"migrate.gitea.description": "Пренесите податке са \"gitea.com\" или друге \"Gitea\" инстанце.",
+	"migrate.gitlab.description": "Пренесите податке са \"gitlab.com\" или друге \"GitLab\" инстанце.",
+	"migrate.gogs.description": "Пренесите податке са \"notabug.org\" или друге \"Gogs\" инстанце.",
+	"migrate.onedev.description": "Пренесите податке са \"code.onedev.io\" или друге \"OneDev\" инстанце.",
+	"migrate.gitbucket.description": "Пренесите податке са \"GitBucket\" инстанце.",
+	"migrate.codebase.description": "Пренесите податке са \"codebasehq.com\".",
+	"migrate.forgejo.description": "Пренесите податке са \"codeberg.org\" или друге \"Forgejo\" инстанце.",
+	"repo.issue_indexer.title": "Индексер задатака",
+	"repo.settings.push_mirror.branch_filter.label": "Филтер гране (није обавезно поље)",
+	"repo.settings.push_mirror.branch_filter.description": "Гране које се требају синхронизовати. Оставите поље празно да бисте синхронизовали све гране. Погледајте <a href=\"%[1]s\">%[2]s документацију</a> ради синтаксе. Пример уноса: <code>main, release/*</code>",
+	"incorrect_root_url": "Ова Forgejo инстанца је конфигурисана да буде видљива под адресом \"%s\". Тренутно видите Форгејо преко друге УРЛ адресе што може изазвати веће сметње. Очекивана УРЛ се може подесити са стране Forgejo администратора путем опције \"ROOT_URL\" у фајлу \"app.ini\".",
+	"themes.names.forgejo-auto": "Forgejo (прати тему система)",
+	"themes.names.forgejo-light": "Forgejo светла тема",
+	"themes.names.forgejo-dark": "Forgejo тамна тема",
+	"error.not_found.title": "Страница није нађена",
+	"warning.repository.out_of_sync": "Репрезентација репозиторијума у бази података није синхронизована. Ако порука не нестане након што пушујете комит у овај репозиторијум, контактирајте администраторе.",
+	"alert.range_error": " мора бити број између %[1]s и %[2]s.",
+	"install.invalid_lfs_path": "Стварање ЛФС корена није успело на наведеној локацији: %[1]s",
+	"profile.actions.tooltip": "Даљње акције",
+	"profile.edit.link": "Уреди профил",
+	"feed.atom.link": "Атом фид",
+	"keys.ssh.link": "ССХ кључ",
+	"keys.gpg.link": "ГПГ кључ",
+	"admin.config.moderation_config": "Конфигурација модерације",
+	"admin.moderation.moderation_reports": "Модерационе пријаве",
+	"admin.moderation.reports": "Пријаве",
+	"admin.moderation.no_open_reports": "Тренутно нема отворених пријава.",
+	"admin.moderation.deleted_content_ref": "Пријављен садржај од типа %[1]v и с ознаком (id) %[2]d више не постоји",
+	"moderation.report_abuse": "Пријавите злостављање",
+	"moderation.report_content": "Пријавите садржај",
+	"moderation.report_abuse_form.header": "Пријави злостављање или злоупотребу администратору",
+	"moderation.report_abuse_form.details": "Овај формулар служи пријави корисника које стварају спам профиле, репозиторијуми, задатке, коментари или се понашају неприкладно.",
+	"moderation.report_abuse_form.invalid": "Неважећи унос",
+	"moderation.report_abuse_form.already_reported": "Ви сте већ пријавили овај садржај",
+	"moderation.abuse_category": "Категорија",
+	"moderation.abuse_category.placeholder": "Изаберите категорију",
+	"moderation.abuse_category.spam": "Спам",
+	"moderation.abuse_category.illegal_content": "Протузаконит садржај",
+	"moderation.abuse_category.other_violations": "Друге врсте кршења правила платформе",
+	"moderation.report_remarks": "Коментар",
+	"moderation.report_remarks.placeholder": "Молимо Вас да опишете детаљније злостављање или злоупотребу коју желите да пријавите.",
+	"moderation.submit_report": "Пошаљи пријаву",
+	"moderation.reporting_failed": "Немогуће послати нову пријаву: %v",
+	"moderation.reported_thank_you": "Хвала Вам на Вашој пријави. Администрација је обавештена о њој.",
+	"repo.diff.commit.next-short": "Даље",
+	"repo.diff.commit.previous-short": "Назад",
+	"discussion.locked": "Ова дискуција је закључана. Коментирати је само могуће доприносиоцима.",
+	"discussion.sidebar.reference": "Референца",
+	"editor.textarea.tab_hint": "Ред је већ увучен. Притисните <kbd>Tab</kbd> опет или <kbd>Escape</kbd> да изађете из уредника.",
+	"editor.textarea.shift_tab_hint": "Нема увлаћења у овом реду. Притисните <kbd>Shift</kbd> + <kbd>Tab</kbd> опет или <kbd>Escape</kbd> да изађете из уредника.",
+	"admin.auths.allow_username_change": "Дозволити промену корисничког имена",
+	"admin.auths.allow_username_change.description": "Дозволите корисницима да промене корисничко име на страници подешавања профила",
+	"admin.dashboard.remove_resolved_reports": "Обришите решене пријаве",
+	"admin.config.security": "Сигурносна конфигурација",
+	"admin.config.global_2fa_requirement.title": "Глобална обавеза дво-факторске аутентикације",
+	"admin.config.global_2fa_requirement.none": "Не",
+	"admin.config.global_2fa_requirement.all": "Сви корисници",
+	"admin.config.global_2fa_requirement.admin": "Администратори",
+	"settings.visibility.description": "Видљивост профила утиче на видљивост Ваших не-приватних репозиторијума. <a href=\"%s\" target=\"_blank\">Сазнајте више</a>.",
+	"settings.twofa_unroll_unavailable": "Дво-факторска аутентикација је обавезна за Ваш кориснички рачун и ме може се укинути.",
+	"settings.twofa_reenroll": "Поновно регистровати дво-факторску аутентикацију",
+	"settings.twofa_reenroll.description": "Поновно региструјте Вашу дво-факторску аутентикацију",
+	"settings.must_enable_2fa": "Ова Forgejo инстанца захтева кориснике да активирају дво-факторску аутентикацију прије што могу приступити корисничком рачуну.",
+	"error.must_enable_2fa": "Ова Forgejo инстанца захтева кориснике да активирају дво-факторску аутентикацију прије што могу приступити корисничком рачуну. Активирајте овде: %s",
+	"avatar.constraints_hint": "Лична слика профила не сме да пређе величину фајла од %[1]s или величину слике од %[2]dx%[3]d пиксли",
+	"user.ghost.tooltip": "Овај корисник је избрисан или не може се наћи.",
+	"og.repo.summary_card.alt_description": "Сажетачки преглед репозиторијума %[1]s, описан као: %[2]s",
+	"compare.branches.title": "Успоредите гране",
+	"migrate.pagure.description": "Пренесите податке са \"pagure.io\" или друге \"Pagure\" инстанце.",
+	"migrate.pagure.incorrect_url": "Неважећа УРЛ изворног репозиторијума унешена",
+	"migrate.pagure.project_url": "Pagure УРЛ пројекта",
+	"migrate.pagure.project_example": "Pagure УРЛ пројекта, нпр. https://pagure.io/pagure",
+	"migrate.pagure.private_issues.summary": "Приватни задатци (није обавезно)",
+	"migrate.pagure.private_issues.description": "Ова функција је направљена да створи други репозиторијум у којем су само приватни задатци из Вашег Pagure пројекта у сврху архивирања. Прво изврши нормалну миграцију (без токена) да би импортирали сав јавни садржај. Након тога, уколико имате приватних задатака да архивирате, онда ће те задатке бити архивирани у одвојеном репозиторијуму уз употребу токена.",
+	"migrate.pagure.private_issues.warning": "Уберите се да подесите видљивост репозиторијума да буде приватно уколико користите АПИ токен за импорт приватних задатака. С тиме ћете спречити објаву приватних садржаја грешком у јавном репозиторијуму.",
+	"migrate.pagure.token.placeholder": "Само за стварање архиве приватних задатака",
+	"release.n_downloads": {
+		"one": "%s преузиманје/а",
+		"few": "%s преузиманја",
+		"other": "%s преузиманја"
+	},
+	"pulse.n_active_issues": {
+		"one": "%s активан/них задатак/а",
+		"few": "%s активних задатака",
+		"other": "%s активних задатака"
+	},
+	"teams.add_all_repos.modal.header": "Додај сви репозиторијуми",
+	"teams.remove_all_repos.modal.header": "Обриши сви репозиторијуми",
+	"meta.last_line": "If you know a Latin and a Cyrillic alphabet, then you basically already know how the Greek alphabet works from which those alphabets stem from. Also, learning Cyrillic isn't difficult, but while Serbo-Croatian grammar can be annoying at times, at least its pronunciation is pretty easy – unlike Russian haha.\n(I also agree that Cyrillic isn't difficult. And comes with advantage of lack of unreadable words like Illinois)",
+	"migrate.pagure.token_label": "Pagure АПИ токен"
 }
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index f3144805c9..beac718391 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -1,226 +1,226 @@
 {
-    "stars.n_stars": {
-        "one": "%s stjärna",
-        "other": "%s stjärnor"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "sammanfogade %[1]d incheckning från <code>%[2]s</code> in i <code>%[3]s</code> %[4]s",
-        "other": "sammanfogade %[1]d incheckningar från <code>%[2]s</code> in i <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "vill sammanfoga %[1]d incheckning från <code>s[2]s</code> in i <code id=\"%[4]s\">%[3]s</code>",
-        "other": "vill sammanfoga %[1]d incheckningar från <code>s[2]s</code> in i <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Sök milstolpar…",
-    "mail.actions.not_successful_run_subject": "Arbetsflödet %[1]s misslyckades i förrådet %[2]s",
-    "discussion.locked": "Denna diskussion har låsts. Kommentarer är begränsade till bidragsgivare.",
-    "relativetime.now": "nu",
-    "relativetime.1day": "igår",
-    "relativetime.2days": "för två dagar sedan",
-    "relativetime.days": {
-        "one": "%d dag sedan",
-        "other": "%d dagar sedan"
-    },
-    "admin.dashboard.cleanup_offline_runners": "Städa upp offline runners",
-    "repo.issue_indexer.title": "Indexerare för utgåvor",
-    "moderation.reported_thank_you": "Tack för din rapport. Administrationen har gjorts uppmärksam på det.",
-    "themes.names.forgejo-light": "Forgejo ljus",
-    "themes.names.forgejo-dark": "Forgejo mörk",
-    "themes.names.forgejo-auto": "Forgejo (följ systemets tema)",
-    "moderation.submit_report": "Skicka in rapport",
-    "moderation.reporting_failed": "Det gick inte att skicka in den nya övergreppsrapporten: %v",
-    "mail.actions.run_info_cur_status": "Status för denna körning: %[1]s (just uppdaterad från %[2]s)",
-    "mail.actions.run_info_previous_status": "Status för föregående körning: %[1]s",
-    "mail.actions.run_info_trigger": "Utlöses på grund av: %[1]s av: %[2]s",
-    "alert.asset_load_failed": "Misslyckades med att läsa in resursfiler från {path}. Kontrollera att resursfilerna är åtkomliga.",
-    "install.invalid_lfs_path": "Det gick inte att skapa LFS-roten på den angivna sökvägen: %[1]s",
-    "alert.range_error": " måste vara ett tal mellan %[1]s och %[2]s.",
-    "stars.list.none": "Ingen har stjärnmarkerat detta förråd.",
-    "watch.list.none": "Ingen tittar på det här förrådet.",
-    "followers.incoming.list.self.none": "Ingen följer din profil.",
-    "followers.incoming.list.none": "Ingen följer den här användaren.",
-    "followers.outgoing.list.self.none": "Du följer inte någon.",
-    "followers.outgoing.list.none": "%s följer inte någon.",
-    "relativetime.future": "i framtiden",
-    "relativetime.1week": "förra veckan",
-    "relativetime.2weeks": "för två veckor sedan",
-    "relativetime.1month": "senaste månaden",
-    "relativetime.2months": "för två månader sedan",
-    "relativetime.1year": "förra året",
-    "relativetime.2years": "för två år sedan",
-    "repo.form.cannot_create": "Alla utrymmen där du kan skapa förråd har nått gränsen för antal förråd.",
-    "incorrect_root_url": "Denna Forgejo-instans är konfigurerad att serveras på \"%s\". Du tittar för närvarande på Forgejo via en annan URL, vilket kan leda till att delar av applikationen bryts. Den kanoniska webbadressen styrs av Forgejo-administratörer via inställningen ROOT_URL i app.ini.",
-    "error.not_found.title": "Sidan hittades inte",
-    "moderation.abuse_category.illegal_content": "Olagligt innehåll",
-    "moderation.abuse_category.other_violations": "Andra överträdelser av plattformsreglerna",
-    "moderation.report_remarks": "Anmärkningar",
-    "moderation.report_remarks.placeholder": "Ge några detaljer om det övergrepp som du rapporterar.",
-    "mail.actions.successful_run_after_failure_subject": "Arbetsflöde %[1]s återställdes i förrådet %[2]s",
-    "mail.actions.successful_run_after_failure": "Arbetsflöde %[1]s återställdes i förrådet %[2]s",
-    "mail.actions.not_successful_run": "Arbetsflödet %[1]s misslyckades i förrådet %[2]s",
-    "editor.textarea.shift_tab_hint": "Ingen indragning på den här raden. Tryck på <kbd>Shift</kbd> + <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> för att lämna redigeringsläget.",
-    "meta.last_line": "Daniel Nylander heter jag och har översatt Forgejo. Mer information om mig på https://www.danielnylander.se",
-    "editor.textarea.tab_hint": "Raden är redan indragen. Tryck på <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> för att lämna redigeringsläget.",
-    "home.welcome.no_activity": "Ingen aktivitet",
-    "home.welcome.activity_hint": "Det finns inget i ditt flöde ännu. Dina åtgärder och aktivitet från förråd som du bevakar kommer att visas här.",
-    "home.explore_repos": "Utforska förråd",
-    "home.explore_users": "Utforska användare",
-    "home.explore_orgs": "Utforska organisationer",
-    "relativetime.mins": {
-        "one": "%d minut sedan",
-        "other": "%d minuter sedan"
-    },
-    "relativetime.hours": {
-        "one": "%d timme sedan",
-        "other": "%d timmar sedan"
-    },
-    "relativetime.weeks": {
-        "one": "%d vecka sedan",
-        "other": "%d veckor sedan"
-    },
-    "relativetime.months": {
-        "one": "%d månad sedan",
-        "other": "%d månader sedan"
-    },
-    "relativetime.years": {
-        "one": "%d år sedan",
-        "other": "%d år sedan"
-    },
-    "admin.config.moderation_config": "Konfiguration av moderering",
-    "moderation.report_abuse": "Rapportera missbruk",
-    "moderation.report_content": "Rapportera innehåll",
-    "moderation.report_abuse_form.header": "Rapportera missbruk till administratör",
-    "moderation.report_abuse_form.details": "Detta formulär ska användas för att rapportera användare som skapar skräpprofiler, förråd, problem, kommentarer eller beter sig olämpligt.",
-    "moderation.report_abuse_form.invalid": "Ogiltiga argument",
-    "moderation.report_abuse_form.already_reported": "Du har redan rapporterat detta innehåll",
-    "moderation.abuse_category": "Kategori",
-    "moderation.abuse_category.placeholder": "Välj en kategori",
-    "moderation.abuse_category.spam": "Skräppost",
-    "moderation.abuse_category.malware": "Skadlig kod",
-    "settings.visibility.description": "Profilens synlighet påverkar andras möjlighet att komma åt dina icke-privata förråd. <a href=\"%s\" target=\"_blank\">Läs mer</a>.",
-    "avatar.constraints_hint": "Anpassade avatarer får inte vara större än %[1] eller %[2]dx%[3] bildpunkter",
-    "og.repo.summary_card.alt_description": "Sammanfattningskort för arkivet %[1]s, beskrivet som: %[2]s",
-    "profile.actions.tooltip": "Fler åtgärder",
-    "keys.gpg.link": "GPG-nycklar",
-    "profile.edit.link": "Redigera profil",
-    "keys.ssh.link": "SSH-nycklar",
-    "repo.diff.commit.next-short": "Nästa",
-    "repo.diff.commit.previous-short": "Föreg",
-    "feed.atom.link": "Atom-flöde",
-    "repo.pulls.already_merged": "Sammanfogning misslyckades: Denna pulka förfrågning har redan blivit sammanfogad.",
-    "pulse.n_active_issues": {
-        "one": "%s aktivt ärende",
-        "other": "%s aktiva ärenden"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s aktiv pull-förfrågan",
-        "other": "%s aktiva pull-förfrågningar"
-    },
-    "migrate.form.error.url_credentials": "URL:en innehåller inloggningsuppgifter, sätt dem i respektive användarnamn- och lösenordsfält",
-    "migrate.git.description": "Migrera endast utvecklingskatalogen från vilken Git-tjänst som helst.",
-    "migrate.gitea.description": "Migrera data från gitea.com eller andra Gitea-instanser.",
-    "migrate.gitlab.description": "Migrera data från gitlab.com eller annan GitLab-instans.",
-    "migrate.gogs.description": "Migrera data från notabug.org eller annan Gogs-instans.",
-    "migrate.onedev.description": "Migrera data från code.onedev.io eller annan OneDev-instans.",
-    "migrate.gitbucket.description": "Migrera data från GitBucket-instans.",
-    "migrate.codebase.description": "Migrera data från codebasehq.com.",
-    "migrate.forgejo.description": "Migrera data från codeberg.org eller annan Forgejo-instans.",
-    "repo.settings.push_mirror.branch_filter.label": "Grenfilter (frivilligt)",
-    "repo.settings.push_mirror.branch_filter.description": "Grenar att speglas. Lämna tom för att spegla alla grenar. Se <a href=\"%[1]s\">%[2]s dokumentation</a> för syntax. Exempel: <code>main, release/*</code>",
-    "admin.moderation.moderation_reports": "Moderationsrapporter",
-    "admin.moderation.reports": "Rapporter",
-    "admin.moderation.no_open_reports": "Det finns för tillfället inga öppna rapporter.",
-    "mail.actions.run_info_sha": "Commit: %[1]s",
-    "discussion.sidebar.reference": "Referens",
-    "admin.auths.allow_username_change": "Tillåt användarnamnsändring",
-    "admin.auths.allow_username_change.description": "Tillåt användare att ändra sitt användarnamn i profilinställningarna",
-    "admin.dashboard.remove_resolved_reports": "Ta bort lösta rapporter",
-    "admin.config.security": "Säkerhetskonfiguration",
-    "admin.config.global_2fa_requirement.title": "Globalt tvåfaktorskrav",
-    "admin.config.global_2fa_requirement.none": "Nej",
-    "admin.config.global_2fa_requirement.all": "Alla användare",
-    "admin.config.global_2fa_requirement.admin": "Administratörer",
-    "settings.twofa_unroll_unavailable": "Tvåfaktorsautentisering krävs för ditt konto och kan inte inaktiveras.",
-    "settings.must_enable_2fa": "Denna Forgejo-instans kräver användare att aktivera tvåfaktorsautentisering innan de kan komma at deras konto.",
-    "error.must_enable_2fa": "Denna Forgejo-instans kräver användare att aktivera tvåfaktorsautentisering innan de kan komma åt deras konto. Aktivera det på: %s",
-    "repo.commit.load_tags_failed": "Laddning av taggar misslyckades på grund av internt fel",
-    "compare.branches.title": "Jämför grenar",
-    "migrate.pagure.description": "Migrera data från pagure.io eller andra Pagure-instanser.",
-    "migrate.pagure.project_url": "Pagure projekt-URL",
-    "migrate.pagure.project_example": "Pagure-projektets URL, t.ex. https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Pagure API-token",
-    "actions.runs.run_attempt_label": "Kör försök #%[1]s (%[2]s)",
-    "migrate.github.description": "Migrera data från github.com eller GitHub Enterprise server.",
-    "repo.pulls.maintainers_can_edit": "Underhållsansvariga kan redigera denna pull-begäran.",
-    "repo.pulls.maintainers_cannot_edit": "Underhållsansvariga kan inte redigera denna pull-begäran.",
-    "mail.issue.action.close_by_commit": "%[1]s stängde %[2]s i commit %[3]s.",
-    "user.ghost.tooltip": "Denna användare har tagits bort eller kan inte matchas.",
-    "migrate.pagure.private_issues.summary": "Privata ärenden (valfritt)",
-    "release.n_downloads": {
-        "one": "%s nedladdning",
-        "other": "%s nedladdningar"
-    },
-    "actions.runs.view_most_recent_run": "Visa senaste körning",
-    "actions.workflow.job_parsing_error": "Kunde inte tolka jobb i arbetsflöde: %v",
-    "actions.workflow.pre_execution_error": "Arbetsflödet kördes inte på grund av ett fel som blockerade körningsförsöket.",
-    "warning.repository.out_of_sync": "Databasrepresentationen av detta arkiv är inte synkroniserad. Om denna varning fortfarande visas efter att du har skickat en commit till detta arkiv, kontakta administratören.",
-    "admin.moderation.deleted_content_ref": "Rapporterat innehåll med typ %[1]v och id %[2]d finns inte längre",
-    "settings.twofa_reenroll": "Registrera om tvåfaktorsautentisering",
-    "settings.twofa_reenroll.description": "Registrera om din tvåfaktorsautentisering",
-    "migrate.pagure.incorrect_url": "Felaktig URL till källarkivet har angetts",
-    "migrate.pagure.private_issues.description": "Denna funktion är utformad för att skapa ett andra arkiv som endast innehåller privata ärenden från ditt Pagure-projekt för arkiveringsändamål. Utför först en normal migrering (utan token) för att importera allt publika innehåll. Om du har privata ärenden som du vill bevara skapar du sedan ett separat arkiv med hjälp av denna token-option för att arkivera dessa privata ärenden.",
-    "migrate.pagure.private_issues.warning": "Se till att ställa in synligheten för arkivet ovan till Privat om du använder API-nyckeln för att importera privata ärenden. Detta förhindrar att privat innehåll av misstag exponeras i ett publikt arkiv.",
-    "migrate.pagure.token.placeholder": "Endast för att skapa privata ärendearkiv",
-    "actions.runs.viewing_out_of_date_run": "Du tittar på en föråldrad körning av detta jobb som utfördes %[1]s.",
-    "actions.workflow.event_detection_error": "Det går inte att tolka stödda händelser i arbetsflödet: %v",
-    "repo.pulls.poster_manage_approval": "Hantera godkännande",
-    "repo.issues.filter_poster.hint": "Filtrera efter upphovsperson",
-    "repo.issues.filter_assignee.hint": "Filtrera efter tilldelad användare",
-    "repo.issues.filter_reviewers.hint": "Filtrera efter användare som granskat",
-    "repo.issues.filter_mention.hint": "Filtrera efter nämnd användare",
-    "repo.issues.filter_modified.hint": "Filtrera efter senaste ändringsdatum",
-    "repo.pulls.poster_requires_approval.tooltip": "Upphovspersonen till denna pull-begäran är inte godkänd för att köra arbetsflöden som utlöses av en pull-begäran som skapats från ett förgrenat arkiv eller med AGit. Arbetsflöden som utlöses av en `pull_request`-händelse kommer inte att köras förrän de har godkänts.",
-    "repo.pulls.poster_trust_deny": "Neka",
-    "repo.pulls.poster_trust_deny.tooltip": "Arbetsflöden som väntar på godkännande kommer att avbrytas.",
-    "repo.pulls.poster_trust_once": "Godkänn en gång",
-    "repo.pulls.poster_trust_always": "Godkänn alltid",
-    "repo.pulls.poster_trust_revoke": "Återkalla",
-    "admin.dashboard.actions_action_user": "Återkalla Forgejo Actions-förtroende för inaktiva användare",
-    "admin.dashboard.transfer_lingering_logs": "Överför loggar över slutförda åtgärder från databasen till lagringsutrymmet",
-    "actions.workflow.persistent_incomplete_matrix": "Det går inte att utvärdera `strategy.matrix` för jobb %[1]s på grund av ett ogiltigt `needs`-uttryck. Det kan hänvisa till ett jobb som inte finns i dess ’needs’-lista (%[2]s) eller en utdata som inte finns i något av dessa jobb.",
-    "teams.add_all_repos.modal.header": "Lägg till arkiv",
-    "teams.remove_all_repos.modal.header": "Ta bort alla arkiv",
-    "admin.auths.oauth2_quota_group_map_removal": "Ta bort användare från synkroniserade kvotgrupper om användaren inte tillhör motsvarande grupp.",
-    "issues.updated": "uppdaterade %s",
-    "repo.pulls.poster_requires_approval": "Vissa arbetsflöden <a href=\"%[1]s\">väntar på att bli granskade.</a>",
-    "repo.pulls.poster_is_trusted": "Upphovspersonen till denna pull-begäran är <a href=\"%[1]s\">alltid godkänd för att köra arbetsflöden.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "Upphovspersonen till denna pull-begäran är specifikt godkänd för att köra arbetsflöden som utlöses av en `pull_request`-händelser.",
-    "search.fuzzy_tooltip": "Inkludera resultat som ungefärligt matchar söktermen",
-    "search.fuzzy": "Ungefärlig",
-    "fork.n_forks": {
-        "one": "%s gaffling",
-        "other": "%s gafflingar"
-    },
-    "watch.n_watchers": {
-        "one": "%s bevakning",
-        "other": "%s bevakningar"
-    },
-    "repo.issues.filter_sort.hint": "Sortera utifrån: skapad/kommentarer/uppdaterad/deadline",
-    "repo.pulls.poster_trust_once.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer köra denna commit men kommer behöva godkännas för framtida commits pushade till den här pull-begäran.",
-    "repo.pulls.poster_trust_always.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer köra denna commit och kommer inte behöva godkännas för den här eller framtida pull-begäran från samma användare.",
-    "repo.pulls.poster_trust_revoke.tooltip": "Upphovspersonen för den här pull-begäran kommer inte längre vara godkänd för att köra arbetsflöden som utlösts av en `pull_request`-begäran, så att varje körning måste bli godkänd manuellt.",
-    "search.syntax": "Syntax för sökning",
-    "keys.verify.token.hint": "Den här token är bara giltig i 1 minut <a href=\"%[1]s\">Skaffa en ny om den har gått ut</a>.",
-    "moderation.report.mark_as_handled": "Markera som hanterad",
-    "moderation.report.mark_as_ignored": "Markera som ignorerad",
-    "moderation.action.account.delete": "Radera kontot",
-    "moderation.action.account.suspend": "Stäng av kontot",
-    "moderation.action.repo.delete": "Radera källförrådet",
-    "moderation.action.issue.delete": "Radera ärende",
-    "moderation.action.comment.delete": "Radera kommentar",
-    "moderation.unknown_action": "Okänd åtgärd",
-    "moderation.users.cannot_suspend_self": "Du kan inte stänga av dig själv.",
-    "moderation.users.cannot_suspend_admins": "Användare med administrativ åtkomst kan inte bli avstängda.",
-    "moderation.users.cannot_suspend_org": "Organisationer kan inte bli avstängda.",
-    "moderation.users.already_suspended": "Användarkontot är redan avstängt."
+	"stars.n_stars": {
+		"one": "%s stjärna",
+		"other": "%s stjärnor"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "sammanfogade %[1]d incheckning från <code>%[2]s</code> in i <code>%[3]s</code> %[4]s",
+		"other": "sammanfogade %[1]d incheckningar från <code>%[2]s</code> in i <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "vill sammanfoga %[1]d incheckning från <code>s[2]s</code> in i <code id=\"%[4]s\">%[3]s</code>",
+		"other": "vill sammanfoga %[1]d incheckningar från <code>s[2]s</code> in i <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Sök milstolpar…",
+	"mail.actions.not_successful_run_subject": "Arbetsflödet %[1]s misslyckades i förrådet %[2]s",
+	"discussion.locked": "Denna diskussion har låsts. Kommentarer är begränsade till bidragsgivare.",
+	"relativetime.now": "nu",
+	"relativetime.1day": "igår",
+	"relativetime.2days": "för två dagar sedan",
+	"relativetime.days": {
+		"one": "%d dag sedan",
+		"other": "%d dagar sedan"
+	},
+	"admin.dashboard.cleanup_offline_runners": "Städa upp offline runners",
+	"repo.issue_indexer.title": "Indexerare för utgåvor",
+	"moderation.reported_thank_you": "Tack för din rapport. Administrationen har gjorts uppmärksam på det.",
+	"themes.names.forgejo-light": "Forgejo ljus",
+	"themes.names.forgejo-dark": "Forgejo mörk",
+	"themes.names.forgejo-auto": "Forgejo (följ systemets tema)",
+	"moderation.submit_report": "Skicka in rapport",
+	"moderation.reporting_failed": "Det gick inte att skicka in den nya övergreppsrapporten: %v",
+	"mail.actions.run_info_cur_status": "Status för denna körning: %[1]s (just uppdaterad från %[2]s)",
+	"mail.actions.run_info_previous_status": "Status för föregående körning: %[1]s",
+	"mail.actions.run_info_trigger": "Utlöses på grund av: %[1]s av: %[2]s",
+	"alert.asset_load_failed": "Misslyckades med att läsa in resursfiler från {path}. Kontrollera att resursfilerna är åtkomliga.",
+	"install.invalid_lfs_path": "Det gick inte att skapa LFS-roten på den angivna sökvägen: %[1]s",
+	"alert.range_error": " måste vara ett tal mellan %[1]s och %[2]s.",
+	"stars.list.none": "Ingen har stjärnmarkerat detta förråd.",
+	"watch.list.none": "Ingen tittar på det här förrådet.",
+	"followers.incoming.list.self.none": "Ingen följer din profil.",
+	"followers.incoming.list.none": "Ingen följer den här användaren.",
+	"followers.outgoing.list.self.none": "Du följer inte någon.",
+	"followers.outgoing.list.none": "%s följer inte någon.",
+	"relativetime.future": "i framtiden",
+	"relativetime.1week": "förra veckan",
+	"relativetime.2weeks": "för två veckor sedan",
+	"relativetime.1month": "senaste månaden",
+	"relativetime.2months": "för två månader sedan",
+	"relativetime.1year": "förra året",
+	"relativetime.2years": "för två år sedan",
+	"repo.form.cannot_create": "Alla utrymmen där du kan skapa förråd har nått gränsen för antal förråd.",
+	"incorrect_root_url": "Denna Forgejo-instans är konfigurerad att serveras på \"%s\". Du tittar för närvarande på Forgejo via en annan URL, vilket kan leda till att delar av applikationen bryts. Den kanoniska webbadressen styrs av Forgejo-administratörer via inställningen ROOT_URL i app.ini.",
+	"error.not_found.title": "Sidan hittades inte",
+	"moderation.abuse_category.illegal_content": "Olagligt innehåll",
+	"moderation.abuse_category.other_violations": "Andra överträdelser av plattformsreglerna",
+	"moderation.report_remarks": "Anmärkningar",
+	"moderation.report_remarks.placeholder": "Ge några detaljer om det övergrepp som du rapporterar.",
+	"mail.actions.successful_run_after_failure_subject": "Arbetsflöde %[1]s återställdes i förrådet %[2]s",
+	"mail.actions.successful_run_after_failure": "Arbetsflöde %[1]s återställdes i förrådet %[2]s",
+	"mail.actions.not_successful_run": "Arbetsflödet %[1]s misslyckades i förrådet %[2]s",
+	"editor.textarea.shift_tab_hint": "Ingen indragning på den här raden. Tryck på <kbd>Shift</kbd> + <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> för att lämna redigeringsläget.",
+	"meta.last_line": "Daniel Nylander heter jag och har översatt Forgejo. Mer information om mig på https://www.danielnylander.se\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"editor.textarea.tab_hint": "Raden är redan indragen. Tryck på <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> för att lämna redigeringsläget.",
+	"home.welcome.no_activity": "Ingen aktivitet",
+	"home.welcome.activity_hint": "Det finns inget i ditt flöde ännu. Dina åtgärder och aktivitet från förråd som du bevakar kommer att visas här.",
+	"home.explore_repos": "Utforska förråd",
+	"home.explore_users": "Utforska användare",
+	"home.explore_orgs": "Utforska organisationer",
+	"relativetime.mins": {
+		"one": "%d minut sedan",
+		"other": "%d minuter sedan"
+	},
+	"relativetime.hours": {
+		"one": "%d timme sedan",
+		"other": "%d timmar sedan"
+	},
+	"relativetime.weeks": {
+		"one": "%d vecka sedan",
+		"other": "%d veckor sedan"
+	},
+	"relativetime.months": {
+		"one": "%d månad sedan",
+		"other": "%d månader sedan"
+	},
+	"relativetime.years": {
+		"one": "%d år sedan",
+		"other": "%d år sedan"
+	},
+	"admin.config.moderation_config": "Konfiguration av moderering",
+	"moderation.report_abuse": "Rapportera missbruk",
+	"moderation.report_content": "Rapportera innehåll",
+	"moderation.report_abuse_form.header": "Rapportera missbruk till administratör",
+	"moderation.report_abuse_form.details": "Detta formulär ska användas för att rapportera användare som skapar skräpprofiler, förråd, problem, kommentarer eller beter sig olämpligt.",
+	"moderation.report_abuse_form.invalid": "Ogiltiga argument",
+	"moderation.report_abuse_form.already_reported": "Du har redan rapporterat detta innehåll",
+	"moderation.abuse_category": "Kategori",
+	"moderation.abuse_category.placeholder": "Välj en kategori",
+	"moderation.abuse_category.spam": "Skräppost",
+	"moderation.abuse_category.malware": "Skadlig kod",
+	"settings.visibility.description": "Profilens synlighet påverkar andras möjlighet att komma åt dina icke-privata förråd. <a href=\"%s\" target=\"_blank\">Läs mer</a>.",
+	"avatar.constraints_hint": "Anpassade avatarer får inte vara större än %[1] eller %[2]dx%[3] bildpunkter",
+	"og.repo.summary_card.alt_description": "Sammanfattningskort för arkivet %[1]s, beskrivet som: %[2]s",
+	"profile.actions.tooltip": "Fler åtgärder",
+	"keys.gpg.link": "GPG-nycklar",
+	"profile.edit.link": "Redigera profil",
+	"keys.ssh.link": "SSH-nycklar",
+	"repo.diff.commit.next-short": "Nästa",
+	"repo.diff.commit.previous-short": "Föreg",
+	"feed.atom.link": "Atom-flöde",
+	"repo.pulls.already_merged": "Sammanfogning misslyckades: Denna pulka förfrågning har redan blivit sammanfogad.",
+	"pulse.n_active_issues": {
+		"one": "%s aktivt ärende",
+		"other": "%s aktiva ärenden"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s aktiv pull-förfrågan",
+		"other": "%s aktiva pull-förfrågningar"
+	},
+	"migrate.form.error.url_credentials": "URL:en innehåller inloggningsuppgifter, sätt dem i respektive användarnamn- och lösenordsfält",
+	"migrate.git.description": "Migrera endast utvecklingskatalogen från vilken Git-tjänst som helst.",
+	"migrate.gitea.description": "Migrera data från gitea.com eller andra Gitea-instanser.",
+	"migrate.gitlab.description": "Migrera data från gitlab.com eller annan GitLab-instans.",
+	"migrate.gogs.description": "Migrera data från notabug.org eller annan Gogs-instans.",
+	"migrate.onedev.description": "Migrera data från code.onedev.io eller annan OneDev-instans.",
+	"migrate.gitbucket.description": "Migrera data från GitBucket-instans.",
+	"migrate.codebase.description": "Migrera data från codebasehq.com.",
+	"migrate.forgejo.description": "Migrera data från codeberg.org eller annan Forgejo-instans.",
+	"repo.settings.push_mirror.branch_filter.label": "Grenfilter (frivilligt)",
+	"repo.settings.push_mirror.branch_filter.description": "Grenar att speglas. Lämna tom för att spegla alla grenar. Se <a href=\"%[1]s\">%[2]s dokumentation</a> för syntax. Exempel: <code>main, release/*</code>",
+	"admin.moderation.moderation_reports": "Moderationsrapporter",
+	"admin.moderation.reports": "Rapporter",
+	"admin.moderation.no_open_reports": "Det finns för tillfället inga öppna rapporter.",
+	"mail.actions.run_info_sha": "Commit: %[1]s",
+	"discussion.sidebar.reference": "Referens",
+	"admin.auths.allow_username_change": "Tillåt användarnamnsändring",
+	"admin.auths.allow_username_change.description": "Tillåt användare att ändra sitt användarnamn i profilinställningarna",
+	"admin.dashboard.remove_resolved_reports": "Ta bort lösta rapporter",
+	"admin.config.security": "Säkerhetskonfiguration",
+	"admin.config.global_2fa_requirement.title": "Globalt tvåfaktorskrav",
+	"admin.config.global_2fa_requirement.none": "Nej",
+	"admin.config.global_2fa_requirement.all": "Alla användare",
+	"admin.config.global_2fa_requirement.admin": "Administratörer",
+	"settings.twofa_unroll_unavailable": "Tvåfaktorsautentisering krävs för ditt konto och kan inte inaktiveras.",
+	"settings.must_enable_2fa": "Denna Forgejo-instans kräver användare att aktivera tvåfaktorsautentisering innan de kan komma at deras konto.",
+	"error.must_enable_2fa": "Denna Forgejo-instans kräver användare att aktivera tvåfaktorsautentisering innan de kan komma åt deras konto. Aktivera det på: %s",
+	"repo.commit.load_tags_failed": "Laddning av taggar misslyckades på grund av internt fel",
+	"compare.branches.title": "Jämför grenar",
+	"migrate.pagure.description": "Migrera data från pagure.io eller andra Pagure-instanser.",
+	"migrate.pagure.project_url": "Pagure projekt-URL",
+	"migrate.pagure.project_example": "Pagure-projektets URL, t.ex. https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Pagure API-token",
+	"actions.runs.run_attempt_label": "Kör försök #%[1]s (%[2]s)",
+	"migrate.github.description": "Migrera data från github.com eller GitHub Enterprise server.",
+	"repo.pulls.maintainers_can_edit": "Underhållsansvariga kan redigera denna pull-begäran.",
+	"repo.pulls.maintainers_cannot_edit": "Underhållsansvariga kan inte redigera denna pull-begäran.",
+	"mail.issue.action.close_by_commit": "%[1]s stängde %[2]s i commit %[3]s.",
+	"user.ghost.tooltip": "Denna användare har tagits bort eller kan inte matchas.",
+	"migrate.pagure.private_issues.summary": "Privata ärenden (valfritt)",
+	"release.n_downloads": {
+		"one": "%s nedladdning",
+		"other": "%s nedladdningar"
+	},
+	"actions.runs.view_most_recent_run": "Visa senaste körning",
+	"actions.workflow.job_parsing_error": "Kunde inte tolka jobb i arbetsflöde: %v",
+	"actions.workflow.pre_execution_error": "Arbetsflödet kördes inte på grund av ett fel som blockerade körningsförsöket.",
+	"warning.repository.out_of_sync": "Databasrepresentationen av detta arkiv är inte synkroniserad. Om denna varning fortfarande visas efter att du har skickat en commit till detta arkiv, kontakta administratören.",
+	"admin.moderation.deleted_content_ref": "Rapporterat innehåll med typ %[1]v och id %[2]d finns inte längre",
+	"settings.twofa_reenroll": "Registrera om tvåfaktorsautentisering",
+	"settings.twofa_reenroll.description": "Registrera om din tvåfaktorsautentisering",
+	"migrate.pagure.incorrect_url": "Felaktig URL till källarkivet har angetts",
+	"migrate.pagure.private_issues.description": "Denna funktion är utformad för att skapa ett andra arkiv som endast innehåller privata ärenden från ditt Pagure-projekt för arkiveringsändamål. Utför först en normal migrering (utan token) för att importera allt publika innehåll. Om du har privata ärenden som du vill bevara skapar du sedan ett separat arkiv med hjälp av denna token-option för att arkivera dessa privata ärenden.",
+	"migrate.pagure.private_issues.warning": "Se till att ställa in synligheten för arkivet ovan till Privat om du använder API-nyckeln för att importera privata ärenden. Detta förhindrar att privat innehåll av misstag exponeras i ett publikt arkiv.",
+	"migrate.pagure.token.placeholder": "Endast för att skapa privata ärendearkiv",
+	"actions.runs.viewing_out_of_date_run": "Du tittar på en föråldrad körning av detta jobb som utfördes %[1]s.",
+	"actions.workflow.event_detection_error": "Det går inte att tolka stödda händelser i arbetsflödet: %v",
+	"repo.pulls.poster_manage_approval": "Hantera godkännande",
+	"repo.issues.filter_poster.hint": "Filtrera efter upphovsperson",
+	"repo.issues.filter_assignee.hint": "Filtrera efter tilldelad användare",
+	"repo.issues.filter_reviewers.hint": "Filtrera efter användare som granskat",
+	"repo.issues.filter_mention.hint": "Filtrera efter nämnd användare",
+	"repo.issues.filter_modified.hint": "Filtrera efter senaste ändringsdatum",
+	"repo.pulls.poster_requires_approval.tooltip": "Upphovspersonen till denna pull-begäran är inte godkänd för att köra arbetsflöden som utlöses av en pull-begäran som skapats från ett förgrenat arkiv eller med AGit. Arbetsflöden som utlöses av en `pull_request`-händelse kommer inte att köras förrän de har godkänts.",
+	"repo.pulls.poster_trust_deny": "Neka",
+	"repo.pulls.poster_trust_deny.tooltip": "Arbetsflöden som väntar på godkännande kommer att avbrytas.",
+	"repo.pulls.poster_trust_once": "Godkänn en gång",
+	"repo.pulls.poster_trust_always": "Godkänn alltid",
+	"repo.pulls.poster_trust_revoke": "Återkalla",
+	"admin.dashboard.actions_action_user": "Återkalla Forgejo Actions-förtroende för inaktiva användare",
+	"admin.dashboard.transfer_lingering_logs": "Överför loggar över slutförda åtgärder från databasen till lagringsutrymmet",
+	"actions.workflow.persistent_incomplete_matrix": "Det går inte att utvärdera `strategy.matrix` för jobb %[1]s på grund av ett ogiltigt `needs`-uttryck. Det kan hänvisa till ett jobb som inte finns i dess ’needs’-lista (%[2]s) eller en utdata som inte finns i något av dessa jobb.",
+	"teams.add_all_repos.modal.header": "Lägg till arkiv",
+	"teams.remove_all_repos.modal.header": "Ta bort alla arkiv",
+	"admin.auths.oauth2_quota_group_map_removal": "Ta bort användare från synkroniserade kvotgrupper om användaren inte tillhör motsvarande grupp.",
+	"issues.updated": "uppdaterade %s",
+	"repo.pulls.poster_requires_approval": "Vissa arbetsflöden <a href=\"%[1]s\">väntar på att bli granskade.</a>",
+	"repo.pulls.poster_is_trusted": "Upphovspersonen till denna pull-begäran är <a href=\"%[1]s\">alltid godkänd för att köra arbetsflöden.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "Upphovspersonen till denna pull-begäran är specifikt godkänd för att köra arbetsflöden som utlöses av en `pull_request`-händelser.",
+	"search.fuzzy_tooltip": "Inkludera resultat som ungefärligt matchar söktermen",
+	"search.fuzzy": "Ungefärlig",
+	"fork.n_forks": {
+		"one": "%s gaffling",
+		"other": "%s gafflingar"
+	},
+	"watch.n_watchers": {
+		"one": "%s bevakning",
+		"other": "%s bevakningar"
+	},
+	"repo.issues.filter_sort.hint": "Sortera utifrån: skapad/kommentarer/uppdaterad/deadline",
+	"repo.pulls.poster_trust_once.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer köra denna commit men kommer behöva godkännas för framtida commits pushade till den här pull-begäran.",
+	"repo.pulls.poster_trust_always.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer köra denna commit och kommer inte behöva godkännas för den här eller framtida pull-begäran från samma användare.",
+	"repo.pulls.poster_trust_revoke.tooltip": "Upphovspersonen för den här pull-begäran kommer inte längre vara godkänd för att köra arbetsflöden som utlösts av en `pull_request`-begäran, så att varje körning måste bli godkänd manuellt.",
+	"search.syntax": "Syntax för sökning",
+	"keys.verify.token.hint": "Den här token är bara giltig i 1 minut <a href=\"%[1]s\">Skaffa en ny om den har gått ut</a>.",
+	"moderation.report.mark_as_handled": "Markera som hanterad",
+	"moderation.report.mark_as_ignored": "Markera som ignorerad",
+	"moderation.action.account.delete": "Radera kontot",
+	"moderation.action.account.suspend": "Stäng av kontot",
+	"moderation.action.repo.delete": "Radera källförrådet",
+	"moderation.action.issue.delete": "Radera ärende",
+	"moderation.action.comment.delete": "Radera kommentar",
+	"moderation.unknown_action": "Okänd åtgärd",
+	"moderation.users.cannot_suspend_self": "Du kan inte stänga av dig själv.",
+	"moderation.users.cannot_suspend_admins": "Användare med administrativ åtkomst kan inte bli avstängda.",
+	"moderation.users.cannot_suspend_org": "Organisationer kan inte bli avstängda.",
+	"moderation.users.already_suspended": "Användarkontot är redan avstängt."
 }
diff --git a/options/locale_next/locale_ta.json b/options/locale_next/locale_ta.json
index 475a7773fb..e8fab54663 100644
--- a/options/locale_next/locale_ta.json
+++ b/options/locale_next/locale_ta.json
@@ -1,240 +1,240 @@
 {
-    "home.welcome.no_activity": "செயல்பாடு இல்லை",
-    "home.welcome.activity_hint": "உங்கள் ஊட்டத்தில் இன்னும் எதுவும் இல்லை. நீங்கள் பார்க்கும் களஞ்சியங்களிலிருந்து உங்கள் செயல்களும் செயல்பாடுகளும் இங்கே காண்பிக்கப்படும்.",
-    "home.explore_repos": "களஞ்சியங்களை ஆராயுங்கள்",
-    "home.explore_users": "பயனர்களை ஆராயுங்கள்",
-    "home.explore_orgs": "நிறுவனங்களை ஆராயுங்கள்",
-    "fork.n_forks": {
-        "one": "%s முட்கரண்டி",
-        "other": "%s ஃபோர்க்ச்"
-    },
-    "stars.list.none": "இந்த ரெப்போவை யாரும் நட்சத்திரமிடவில்லை.",
-    "stars.n_stars": {
-        "one": "%s விண்மீன்",
-        "other": "%s நட்சத்திரங்கள்"
-    },
-    "watch.list.none": "இந்த ரெப்போவை யாரும் பார்ப்பதில்லை.",
-    "watch.n_watchers": {
-        "one": "%s பார்ப்பவர்",
-        "other": "%s பார்வையாளர்கள்"
-    },
-    "followers.incoming.list.self.none": "உங்கள் சுயவிவரத்தை யாரும் பின்தொடரவில்லை.",
-    "followers.incoming.list.none": "இந்தப் பயனரை யாரும் பின்தொடர்வதில்லை.",
-    "followers.outgoing.list.self.none": "நீங்கள் யாரையும் பின்தொடரவில்லை.",
-    "followers.outgoing.list.none": "%s யாரையும் பின்தொடரவில்லை.",
-    "relativetime.now": "இப்போது",
-    "relativetime.future": "எதிர்காலத்தில்",
-    "relativetime.mins": {
-        "one": "%d நிமிடத்திற்கு முன்பு",
-        "other": "%d நிமிடங்களுக்கு முன்பு"
-    },
-    "relativetime.hours": {
-        "one": "%d மணிநேரத்திற்கு முன்பு",
-        "other": "%d மணிநேரங்களுக்கு முன்பு"
-    },
-    "relativetime.days": {
-        "one": "%d நாளுக்கு முன்பு",
-        "other": "%d நாட்களுக்கு முன்பு"
-    },
-    "relativetime.weeks": {
-        "one": "%d வாரத்திற்கு முன்பு",
-        "other": "%d வாரங்களுக்கு முன்பு"
-    },
-    "relativetime.months": {
-        "one": "%d மாதம் முன்பு",
-        "other": "%d மாதங்களுக்கு முன்பு"
-    },
-    "relativetime.years": {
-        "one": "%d வருடம் முன்பு",
-        "other": "%d ஆண்டுகளுக்கு முன்பு"
-    },
-    "relativetime.1day": "நேற்று",
-    "relativetime.2days": "இரண்டு நாட்களுக்கு முன்பு",
-    "relativetime.1week": "கடந்த வாரம்",
-    "relativetime.2weeks": "இரண்டு வாரங்களுக்கு முன்பு",
-    "relativetime.1month": "கடந்த மாதம்",
-    "relativetime.2months": "இரண்டு மாதங்களுக்கு முன்பு",
-    "relativetime.1year": "கடந்த ஆண்டு",
-    "relativetime.2years": "இரண்டு ஆண்டுகளுக்கு முன்பு",
-    "repo.pulls.already_merged": "ஒன்றிணைக்க முடியவில்லை: இந்த இழுத்தல் கோரிக்கை ஏற்கனவே ஒன்றிணைக்கப்பட்டுள்ளது.",
-    "repo.pulls.merged_title_desc": {
-        "one": "%[1]d கமிட் <code>%[2]s</code> இலிருந்து <code>%[3]s</code> %[4]s இல் இணைக்கப்பட்டது",
-        "other": "%[1]d ஆனது <code>%[2]s</code> இலிருந்து <code>%[3]s</code> %[4]s ஆக இணைக்கப்பட்டது"
-    },
-    "repo.pulls.title_desc": {
-        "one": "<code>%[2]s</code> இலிருந்து %[1]d கமிட்ஐ <code id=\"%[4]s\">%[3]s</code> இல் இணைக்க விரும்புகிறது",
-        "other": "%[1]d கமிட்களை <code>%[2]s</code> இலிருந்து <code id=\"%[4]s\">%[3]s</code> இல் இணைக்க விரும்புகிறது"
-    },
-    "repo.pulls.maintainers_can_edit": "இந்த இழுத்தல் கோரிக்கையை பராமரிப்பாளர்கள் திருத்தலாம்.",
-    "repo.pulls.maintainers_cannot_edit": "இந்த இழுத்தல் கோரிக்கையை பராமரிப்பாளர்களால் திருத்த முடியாது.",
-    "repo.form.cannot_create": "நீங்கள் களஞ்சியங்களை உருவாக்கக்கூடிய அனைத்து இடங்களும் களஞ்சியங்களின் வரம்பை எட்டியுள்ளன.",
-    "migrate.form.error.url_credentials": "முகவரி இல் நற்சான்றிதழ்கள் உள்ளன, அவற்றை முறையே பயனர்பெயர் மற்றும் கடவுச்சொல் புலங்களில் வைக்கவும்",
-    "migrate.github.description": "github.com அல்லது GitHub நிறுவனம் சேவையகத்திலிருந்து தரவை நகர்த்தவும்.",
-    "migrate.git.description": "எந்த Git சேவையிலிருந்தும் ஒரு களஞ்சியத்தை மட்டும் நகர்த்தவும்.",
-    "migrate.gitea.description": "gitea.com அல்லது பிற அறிவிலிதேநீர் நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
-    "migrate.gitlab.description": "gitlab.com அல்லது பிற GitLab நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
-    "migrate.gogs.description": "notabug.org அல்லது பிற Gogs நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
-    "migrate.onedev.description": "code.onedev.io அல்லது பிற OneDev நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
-    "migrate.gitbucket.description": "GitBucket நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
-    "migrate.codebase.description": "codebasehq.com இலிருந்து தரவை நகர்த்தவும்.",
-    "migrate.forgejo.description": "codeberg.org அல்லது பிற Forgejo நிகழ்வுகளில் இருந்து தரவை நகர்த்தவும்.",
-    "repo.issue_indexer.title": "வெளியீட்டு அட்டவணை",
-    "search.milestone_kind": "மைல்கற்களைத் தேடு…",
-    "repo.settings.push_mirror.branch_filter.label": "கிளை வடிகட்டி (விரும்பினால்)",
-    "repo.settings.push_mirror.branch_filter.description": "கிளைகள் பிரதிபலிக்க வேண்டும். அனைத்து கிளைகளையும் பிரதிபலிக்க காலியாக விடவும். தொடரியலுக்கு <a href=\"%[1]s\">%[2]s ஆவணத்தைப்</a> பார்க்கவும். எடுத்துக்காட்டுகள்: <code>main, release/*</code>",
-    "incorrect_root_url": "இந்த Forgejo நிகழ்வு \"%s\" இல் வழங்குவதற்காக கட்டமைக்கப்பட்டுள்ளது. நீங்கள் தற்போது Forgejo ஐ வேறொரு முகவரி மூலம் பார்க்கிறீர்கள், இது பயன்பாட்டின் சில பகுதிகளை உடைக்கக்கூடும். app.ini இல் உள்ள ROOT_URL அமைப்பு வழியாக Forgejo நிர்வாகிகளால் நியமன முகவரி கட்டுப்படுத்தப்படுகிறது.",
-    "themes.names.forgejo-auto": "Forgejo (கணினி கருப்பொருள் பின்பற்றவும்)",
-    "themes.names.forgejo-light": "ஃபோர்சோ ஒளி",
-    "themes.names.forgejo-dark": "Forgejo இருண்ட",
-    "error.not_found.title": "பக்கம் கிடைக்கவில்லை",
-    "warning.repository.out_of_sync": "இந்த களஞ்சியத்தின் தரவுத்தள பிரதிநிதித்துவம் ஒத்திசைக்கப்படவில்லை. இந்தக் களஞ்சியத்தை உறுதி செய்த பிறகும் இந்த முன்னறிவிப்பு காட்டப்பட்டால், நிர்வாகியைத் தொடர்புகொள்ளவும்.",
-    "alert.asset_load_failed": "{path} இலிருந்து சொத்துக் கோப்புகளை ஏற்றுவதில் தோல்வி. சொத்துக் கோப்புகளை அணுக முடியுமா என்பதை உறுதிப்படுத்தவும்.",
-    "alert.range_error": " %[1]s மற்றும் %[2]s க்கு இடைப்பட்ட எண்ணாக இருக்க வேண்டும்.",
-    "install.invalid_lfs_path": "குறிப்பிட்ட பாதையில் LFS ரூட்டை உருவாக்க முடியவில்லை: %[1]s",
-    "profile.actions.tooltip": "மேலும் செயல்கள்",
-    "profile.edit.link": "சுயவிவரத்தைத் திருத்தவும்",
-    "feed.atom.link": "அணு ஊட்டம்",
-    "keys.ssh.link": "பாஓடு விசைகள்",
-    "keys.gpg.link": "GPG விசைகள்",
-    "admin.config.moderation_config": "மிதமான கட்டமைப்பு",
-    "admin.moderation.moderation_reports": "மிதமான அறிக்கைகள்",
-    "admin.moderation.reports": "அறிக்கைகள்",
-    "admin.moderation.no_open_reports": "தற்போது திறந்த அறிக்கைகள் எதுவும் இல்லை.",
-    "admin.moderation.deleted_content_ref": "%[1]v மற்றும் அடையாளம் %[2]d உடன் புகாரளிக்கப்பட்ட உள்ளடக்கம் இனி இல்லை",
-    "moderation.report_abuse": "முறைகேட்டைப் புகாரளிக்கவும்",
-    "moderation.report_content": "உள்ளடக்கத்தைப் புகாரளிக்கவும்",
-    "moderation.report_abuse_form.header": "துச்பிரயோகத்தை நிர்வாகியிடம் புகாரளிக்கவும்",
-    "moderation.report_abuse_form.details": "ச்பேம் சுயவிவரங்கள், களஞ்சியங்கள், சிக்கல்கள், கருத்துகள் அல்லது தகாத முறையில் நடந்துகொள்ளும் பயனர்களைப் புகாரளிக்க இந்தப் படிவம் பயன்படுத்தப்பட வேண்டும்.",
-    "moderation.report_abuse_form.invalid": "தவறான வாதங்கள்",
-    "moderation.report_abuse_form.already_reported": "நீங்கள் ஏற்கனவே இந்த உள்ளடக்கத்தைப் புகாரளித்துள்ளீர்கள்",
-    "moderation.abuse_category": "வகையினம்",
-    "moderation.abuse_category.placeholder": "ஒரு வகையைத் தேர்ந்தெடுக்கவும்",
-    "moderation.abuse_category.spam": "ச்பேம்",
-    "moderation.abuse_category.malware": "தீம்பொருள்",
-    "moderation.abuse_category.illegal_content": "சட்டவிரோத உள்ளடக்கம்",
-    "moderation.abuse_category.other_violations": "இயங்குதள விதிகளின் பிற மீறல்கள்",
-    "moderation.report_remarks": "கருத்துக்கள்",
-    "moderation.report_remarks.placeholder": "நீங்கள் புகாரளிக்கும் முறைகேடு தொடர்பான சில விவரங்களை வழங்கவும்.",
-    "moderation.submit_report": "அறிக்கையை சமர்ப்பிக்கவும்",
-    "moderation.reporting_failed": "புதிய முறைகேடு அறிக்கையைச் சமர்ப்பிக்க முடியவில்லை: %v",
-    "moderation.reported_thank_you": "உங்கள் அறிக்கைக்கு நன்றி. இது குறித்து நிர்வாகத்திற்கு தெரியப்படுத்தப்பட்டுள்ளது.",
-    "mail.actions.successful_run_after_failure_subject": "பணிப்பாய்வு %[1]s களஞ்சியத்தில் %[2]s மீட்டெடுக்கப்பட்டது",
-    "mail.actions.not_successful_run_subject": "%[2]s களஞ்சியத்தில் பணிப்பாய்வு %[1]s தோல்வியடைந்தது",
-    "mail.actions.successful_run_after_failure": "பணிப்பாய்வு %[1]s களஞ்சியத்தில் %[2]s மீட்டெடுக்கப்பட்டது",
-    "mail.actions.not_successful_run": "%[2]s களஞ்சியத்தில் பணிப்பாய்வு %[1]s தோல்வியடைந்தது",
-    "mail.actions.run_info_cur_status": "இந்த ஓட்டத்தின் நிலை: %[1]s (தற்போது %[2]s இலிருந்து புதுப்பிக்கப்பட்டது)",
-    "mail.actions.run_info_previous_status": "முந்தைய இயக்கத்தின் நிலை: %[1]s",
-    "mail.actions.run_info_sha": "உறுதி: %[1]கள்",
-    "mail.actions.run_info_trigger": "தூண்டப்பட்டது ஏனெனில்: %[1]s by: %[2]s",
-    "mail.issue.action.close_by_commit": "%[3]s இல் %[1]s மூடப்பட்டது %[2]s.",
-    "repo.diff.commit.next-short": "அடுத்தது",
-    "repo.diff.commit.previous-short": "முந்தைய",
-    "discussion.locked": "இந்த விவாதம் பூட்டப்பட்டுள்ளது. கருத்து தெரிவிப்பது பங்களிப்பாளர்களுக்கு மட்டுமே.",
-    "discussion.sidebar.reference": "குறிப்பு",
-    "editor.textarea.tab_hint": "வரி ஏற்கனவே உள்தள்ளப்பட்டுள்ளது. எடிட்டரை விட்டு வெளியேற <kbd>Tab</kbd> அல்லது <kbd>Escape</kbd> ஐ அழுத்தவும்.",
-    "editor.textarea.shift_tab_hint": "இந்த வரியில் உள்தள்ளல் இல்லை. எடிட்டரை விட்டு வெளியேற <kbd>Shift</kbd> + <kbd>Tab</kbd> அல்லது <kbd>Escape</kbd> ஐ அழுத்தவும்.",
-    "admin.auths.allow_username_change": "பயனர்பெயர் மாற்றத்தை அனுமதிக்கவும்",
-    "admin.auths.allow_username_change.description": "சுயவிவர அமைப்புகளில் பயனர்கள் தங்கள் பயனர்பெயரை மாற்ற அனுமதிக்கவும்",
-    "admin.dashboard.cleanup_offline_runners": "இணைப்பில்லாத ரன்னர்களை தூய்மை செய்யுங்கள்",
-    "admin.dashboard.remove_resolved_reports": "தீர்க்கப்பட்ட அறிக்கைகளை அகற்று",
-    "admin.config.security": "பாதுகாப்பு கட்டமைப்பு",
-    "admin.config.global_2fa_requirement.title": "உலகளாவிய இரு காரணி தேவை",
-    "admin.config.global_2fa_requirement.none": "இல்லை",
-    "admin.config.global_2fa_requirement.all": "அனைத்து பயனர்கள்",
-    "admin.config.global_2fa_requirement.admin": "நிர்வாகிகள்",
-    "settings.visibility.description": "சுயவிவரத் தெரிவுநிலையானது உங்கள் தனியார் அல்லாத களஞ்சியங்களை அணுகும் மற்றவர்களின் திறனைப் பாதிக்கிறது. <a href=\"%s\" target=\"_blank\">மேலும் அறிக</a>.",
-    "settings.twofa_unroll_unavailable": "உங்கள் கணக்கிற்கு இரு காரணி ஏற்பு தேவை மற்றும் அதை முடக்க முடியாது.",
-    "settings.twofa_reenroll": "இரண்டு காரணி அங்கீகாரத்தை மீண்டும் பதிவு செய்யவும்",
-    "settings.twofa_reenroll.description": "உங்கள் இரு காரணி அங்கீகாரத்தை மீண்டும் பதிவு செய்யவும்",
-    "settings.must_enable_2fa": "இந்த Forgejo நிகழ்விற்கு பயனர்கள் தங்கள் கணக்குகளை அணுகுவதற்கு முன் இரு காரணி அங்கீகாரத்தை இயக்க வேண்டும்.",
-    "error.must_enable_2fa": "இந்த Forgejo நிகழ்விற்கு பயனர்கள் தங்கள் கணக்குகளை அணுகுவதற்கு முன் இரு காரணி அங்கீகாரத்தை இயக்க வேண்டும். இதை இயக்கவும்: %s",
-    "avatar.constraints_hint": "தனிப்பயன் அவதார் அளவு %[1]s ஐ விட அதிகமாக இருக்கக்கூடாது அல்லது %[2]dx%[3]d பிக்சல்களை விட பெரியதாக இருக்கலாம்",
-    "user.ghost.tooltip": "இந்த பயனர் நீக்கப்பட்டுள்ளார் அல்லது பொருத்த முடியாது.",
-    "og.repo.summary_card.alt_description": "%[1]s களஞ்சியத்தின் சுருக்க அட்டை, இவ்வாறு விவரிக்கப்பட்டுள்ளது: %[2]s",
-    "repo.commit.load_tags_failed": "உள் பிழை காரணமாக குறிச்சொற்களை ஏற்ற முடியவில்லை",
-    "compare.branches.title": "கிளைகளை ஒப்பிடுக",
-    "migrate.pagure.description": "pagure.io அல்லது பிற Pagure நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
-    "migrate.pagure.incorrect_url": "தவறான மூல களஞ்சிய முகவரி வழங்கப்பட்டுள்ளது",
-    "migrate.pagure.project_url": "திட்ட முகவரி பாகுர்",
-    "migrate.pagure.project_example": "Pagure திட்ட URL, எ.கா. https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Pagure பநிஇ கிள்ளாக்கு",
-    "migrate.pagure.private_issues.summary": "தனிப்பட்ட சிக்கல்கள் (விரும்பினால்)",
-    "migrate.pagure.private_issues.description": "காப்பக நோக்கங்களுக்காக உங்கள் Pagure திட்டத்தில் இருந்து தனிப்பட்ட சிக்கல்களை மட்டுமே கொண்ட இரண்டாவது களஞ்சியத்தை உருவாக்க இந்த நற்பொருத்தம் வடிவமைக்கப்பட்டுள்ளது. முதலில், அனைத்து பொது உள்ளடக்கத்தையும் இறக்குமதி செய்ய ஒரு சாதாரண இடம்பெயர்வை (டோக்கன் இல்லாமல்) செய்யவும். பின்னர், உங்களிடம் தனிப்பட்ட சிக்கல்கள் இருந்தால், அந்தத் தனிப்பட்ட சிக்கல்களைக் காப்பகப்படுத்த இந்த கிள்ளாக்கு விருப்பத்தைப் பயன்படுத்தி ஒரு தனி களஞ்சியத்தை உருவாக்கவும்.",
-    "migrate.pagure.private_issues.warning": "தனிப்பட்ட சிக்கல்களை இறக்குமதி செய்ய பநிஇ விசையைப் பயன்படுத்தினால், மேலே உள்ள களஞ்சியத் தெரிவுநிலையை தனிப்பட்டதாக அமைக்க மறக்காதீர்கள். இது பொது களஞ்சியத்தில் தனிப்பட்ட உள்ளடக்கத்தை தற்செயலாக வெளிப்படுத்துவதைத் தடுக்கிறது.",
-    "migrate.pagure.token.placeholder": "தனிப்பட்ட சிக்கல்கள் காப்பகத்தை உருவாக்குவதற்கு மட்டுமே",
-    "release.n_downloads": {
-        "one": "%s பதிவிறக்கம்",
-        "other": "%s பதிவிறக்கங்கள்"
-    },
-    "actions.runs.run_attempt_label": "இயக்க முயற்சி #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "%[1]s செயல்படுத்தப்பட்ட இந்த வேலையின் காலாவதியான ஓட்டத்தை நீங்கள் பார்க்கிறீர்கள்.",
-    "actions.runs.view_most_recent_run": "அண்மைக் கால ஓட்டத்தைக் காண்க",
-    "actions.workflow.job_parsing_error": "பணிப்பாய்வுகளில் வேலைகளை அலச முடியவில்லை: %v",
-    "actions.workflow.event_detection_error": "பணிப்பாய்வுகளில் ஆதரிக்கப்படும் நிகழ்வுகளை அலச முடியவில்லை: %v",
-    "actions.workflow.pre_execution_error": "செயல்படுத்தும் முயற்சியைத் தடுத்த பிழையின் காரணமாக பணிப்பாய்வு செயல்படுத்தப்படவில்லை.",
-    "pulse.n_active_issues": {
-        "one": "%s செயலில் உள்ள சிக்கல்",
-        "other": "%s செயலில் உள்ள சிக்கல்கள்"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s செயலில் இழுக்கும் கோரிக்கை",
-        "other": "%s செயலில் இழுக்கும் கோரிக்கைகள்"
-    },
-    "teams.add_all_repos.modal.header": "அனைத்து களஞ்சியங்களையும் சேர்",
-    "teams.remove_all_repos.modal.header": "அனைத்து களஞ்சியங்களையும் அகற்று",
-    "meta.last_line": "Forgejo ஐ மொழிபெயர்த்ததற்கு நன்றி! இந்த வரியானது பயனர்களால் பார்க்கப்படவில்லை, ஆனால் இது மொழிபெயர்ப்பு நிர்வாகத்தில் பிற நோக்கங்களுக்காக உதவுகிறது. மொழிபெயர்ப்பிற்குப் பதிலாக ஒரு வேடிக்கையான உண்மையை மொழிபெயர்ப்பில் வைக்கலாம்.",
-    "repo.issues.filter_poster.hint": "ஆசிரியரால் வடிகட்டவும்",
-    "repo.issues.filter_assignee.hint": "ஒதுக்கப்பட்ட பயனரின்படி வடிகட்டவும்",
-    "repo.issues.filter_reviewers.hint": "மதிப்பாய்வு செய்த பயனரின்படி வடிகட்டவும்",
-    "repo.issues.filter_mention.hint": "குறிப்பிடப்பட்ட பயனரின்படி வடிகட்டவும்",
-    "repo.issues.filter_modified.hint": "கடைசியாக மாற்றியமைக்கப்பட்ட தேதியின்படி வடிகட்டவும்",
-    "repo.issues.filter_sort.hint": "வரிசைப்படுத்து: உருவாக்கப்பட்டது/கருத்துகள்/புதுப்பிக்கப்பட்டது/காலக்கெடு",
-    "repo.pulls.poster_manage_approval": "ஒப்புதலை நிர்வகிக்கவும்",
-    "repo.pulls.poster_requires_approval": "சில பணிப்பாய்வுகள் <a href=\"%[1]s\">மதிப்பாய்வுக்காக காத்திருக்கின்றன.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர், ஃபோர்க் செய்யப்பட்ட களஞ்சியத்திலிருந்து அல்லது AGit மூலம் உருவாக்கப்பட்ட இழுத்தல் கோரிக்கையால் தூண்டப்பட்ட பணிப்பாய்வுகளை இயக்க நம்பவில்லை. `புல்_ரிக்வெச்ட்` நிகழ்வால் தூண்டப்படும் பணிப்பாய்வுகள் அங்கீகரிக்கப்படும் வரை இயங்காது.",
-    "repo.pulls.poster_is_trusted": "இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர் <a href=\"%[1]s\">எப்பொழுதும் பணிப்பாய்வுகளை இயக்க நம்பகமானவர்.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர், `புல்_ரிக்வெச்ட்` நிகழ்வுகளால் தூண்டப்பட்ட பணிப்பாய்வுகளை இயக்க வெளிப்படையாக நம்புகிறார்.",
-    "repo.pulls.poster_trust_deny": "மறுக்கவும்",
-    "repo.pulls.poster_trust_deny.tooltip": "காத்திருப்பு பணிப்பாய்வு இசைவு ரத்து செய்யப்படும்.",
-    "repo.pulls.poster_trust_once": "ஒரு முறை அங்கீகரிக்கவும்",
-    "repo.pulls.poster_trust_once.tooltip": "`புல்_ரிக்வெச்ட்` நிகழ்வால் தூண்டப்படும் பணிப்பாய்வுகள் இந்தக் கமிட்டில் இயங்கும், ஆனால் இந்த இழுக்கக் கோரிக்கைக்கு தள்ளப்படும் அனைத்து எதிர்கால கமிட்களுக்கும் அங்கீகரிக்கப்பட வேண்டும்.",
-    "repo.pulls.poster_trust_always": "எப்போதும் அங்கீகரிக்கவும்",
-    "repo.pulls.poster_trust_always.tooltip": "`புல்_ரிக்வெச்ட்` நிகழ்வால் தூண்டப்படும் பணிப்பாய்வுகள் இந்த உறுதிப்பாட்டில் இயங்கும், மேலும் இந்த இழுத்தல் கோரிக்கை அல்லது அதே பயனரால் எழுதப்பட்ட எதிர்கால இழுப்புக் கோரிக்கைகளிலிருந்து ரன்களை அங்கீகரிக்க வேண்டிய அவசியமில்லை.",
-    "repo.pulls.poster_trust_revoke": "திரும்பப் பெறு",
-    "repo.pulls.poster_trust_revoke.tooltip": "`புல்_ரிக்வெச்ட்` நிகழ்வால் தூண்டப்படும் பணிப்பாய்வுகளை இயக்க இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர் இனி நம்பப்படமாட்டார், ஒவ்வொரு ஓட்டமும் கைமுறையாக அங்கீகரிக்கப்பட வேண்டும்.",
-    "search.syntax": "தொடரியல் தேடு",
-    "keys.verify.token.hint": "கிள்ளாக்கு 1 மணித்துளி மட்டுமே செல்லுபடியாகும். <a href=\"%[1]s\">அது காலாவதியானால் புதியதைப் பெறவும்</a>.",
-    "admin.dashboard.actions_action_user": "செயலற்ற பயனர்களுக்கான Forgejo செயல்கள் நம்பிக்கையைத் திரும்பப் பெறவும்",
-    "admin.dashboard.transfer_lingering_logs": "தரவுத்தளத்திலிருந்து சேமிப்பகத்திற்கு முடிக்கப்பட்ட செயல்களின் பதிவுகளை மாற்றும்",
-    "actions.status.diagnostics.waiting": {
-        "one": "பின்வரும் லேபிளுடன் ரன்னருக்காகக் காத்திருக்கிறது: %s",
-        "other": "பின்வரும் லேபிள்களுடன் ரன்னருக்காகக் காத்திருக்கிறது: %s"
-    },
-    "actions.workflow.persistent_incomplete_matrix": "தவறான ஒரு `தேவைகள்` வெளிப்பாடு காரணமாக %[1]s வேலையின் `strategy.matrix` ஐ மதிப்பிட முடியவில்லை. இது அதன் 'தேவைகள்' பட்டியலில் (%[2]s) இல்லாத வேலையைக் குறிப்பிடலாம் அல்லது அந்த வேலைகளில் ஒன்றில் இல்லாத வெளியீட்டைக் குறிப்பிடலாம்.",
-    "moderation.report.mark_as_handled": "கையாளப்பட்டதாகக் குறிக்கவும்",
-    "moderation.report.mark_as_ignored": "புறக்கணிக்கப்பட்டதாகக் குறிக்கவும்",
-    "moderation.action.account.delete": "கணக்கை நீக்கு",
-    "moderation.action.account.suspend": "கணக்கை இடைநிறுத்தவும்",
-    "moderation.action.repo.delete": "களஞ்சியத்தை நீக்கு",
-    "moderation.action.issue.delete": "சிக்கலை நீக்கு",
-    "moderation.action.comment.delete": "கருத்தை நீக்கு",
-    "moderation.unknown_action": "அறியப்படாத செயல்",
-    "moderation.users.cannot_suspend_self": "உங்களை நீங்களே இடைநீக்கம் செய்ய முடியாது.",
-    "moderation.users.cannot_suspend_admins": "நிர்வாக சலுகைகள் உள்ள பயனர்களை இடைநீக்கம் செய்ய முடியாது.",
-    "moderation.users.cannot_suspend_org": "அமைப்புகளை இடைநீக்கம் செய்ய முடியாது.",
-    "moderation.users.already_suspended": "பயனர் கணக்கு ஏற்கனவே இடைநிறுத்தப்பட்டுள்ளது.",
-    "moderation.users.suspend_success": "பயனர் கணக்கு இடைநிறுத்தப்பட்டது.",
-    "moderation.users.cannot_delete_admins": "நிர்வாகி உரிமைகள் உள்ள பயனர்களை நீக்க முடியாது.",
-    "moderation.issue.deletion_success": "சிக்கல் நீக்கப்பட்டது.",
-    "moderation.comment.deletion_success": "கருத்து நீக்கப்பட்டது.",
-    "actions.workflow.incomplete_matrix_missing_job": "%[1]s வேலையின் `strategy.matrix` ஐ மதிப்பிட முடியவில்லை: வேலை %[2]s வேலை %[1]s (%[3]s) இன் `தேவைகள்` பட்டியலில் இல்லை.",
-    "actions.workflow.incomplete_matrix_missing_output": "%[1]s வேலையின் `strategy.matrix` ஐ மதிப்பிட முடியவில்லை: வேலை %[2]s இல் %[3]s வெளியீடு இல்லை.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "%[1]s வேலையின் `strategy.matrix` ஐ மதிப்பிட முடியவில்லை: அறியப்படாத பிழை.",
-    "actions.workflow.incomplete_runson_missing_job": "%[1]s வேலையின் `ரன்-ஆன்` என்பதை மதிப்பிட முடியவில்லை: வேலை %[2]s வேலை %[1]s (%[3]s) இன் `தேவைகள்` பட்டியலில் இல்லை.",
-    "actions.workflow.incomplete_runson_missing_output": "%[1]s வேலையின் `ரன்-ஆன்` என்பதை மதிப்பிட முடியவில்லை: வேலை %[2]s இல் %[3]s வெளியீடு இல்லை.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "%[1]s இன் `ரன்-ஆன்` மதிப்பீட்டை மதிப்பிட முடியவில்லை: மேட்ரிக்ச் பரிமாணம் %[2]கள் இல்லை.",
-    "actions.workflow.incomplete_runson_unknown_cause": "%[1]s வேலையின் `ரன்-ஆன்` என்பதை மதிப்பிட முடியவில்லை: தெரியாத பிழை.",
-    "admin.auths.oauth2_quota_group_claim_name": "இந்த மூலத்திற்கான குழுப் பெயர்களை வழங்குவதற்கான உரிமைகோரல் பெயர் ஒதுக்கீடு மேலாண்மைக்கு பயன்படுத்தப்படும். (விரும்பினால்)",
-    "admin.auths.oauth2_quota_group_map": "மேப் உரிமைகோரப்பட்ட குழுக்களுக்கு ஒதுக்கப்பட்ட குழுக்களுக்கு. (விரும்பினால் - மேலே உள்ள உரிமைகோரல் பெயர் தேவை)",
-    "admin.auths.oauth2_quota_group_map_removal": "பயனர் தொடர்புடைய குழுவில் இல்லை என்றால், ஒத்திசைக்கப்பட்ட கோட்டா குழுக்களில் இருந்து பயனர்களை அகற்றவும்."
+	"home.welcome.no_activity": "செயல்பாடு இல்லை",
+	"home.welcome.activity_hint": "உங்கள் ஊட்டத்தில் இன்னும் எதுவும் இல்லை. நீங்கள் பார்க்கும் களஞ்சியங்களிலிருந்து உங்கள் செயல்களும் செயல்பாடுகளும் இங்கே காண்பிக்கப்படும்.",
+	"home.explore_repos": "களஞ்சியங்களை ஆராயுங்கள்",
+	"home.explore_users": "பயனர்களை ஆராயுங்கள்",
+	"home.explore_orgs": "நிறுவனங்களை ஆராயுங்கள்",
+	"fork.n_forks": {
+		"one": "%s முட்கரண்டி",
+		"other": "%s ஃபோர்க்ச்"
+	},
+	"stars.list.none": "இந்த ரெப்போவை யாரும் நட்சத்திரமிடவில்லை.",
+	"stars.n_stars": {
+		"one": "%s விண்மீன்",
+		"other": "%s நட்சத்திரங்கள்"
+	},
+	"watch.list.none": "இந்த ரெப்போவை யாரும் பார்ப்பதில்லை.",
+	"watch.n_watchers": {
+		"one": "%s பார்ப்பவர்",
+		"other": "%s பார்வையாளர்கள்"
+	},
+	"followers.incoming.list.self.none": "உங்கள் சுயவிவரத்தை யாரும் பின்தொடரவில்லை.",
+	"followers.incoming.list.none": "இந்தப் பயனரை யாரும் பின்தொடர்வதில்லை.",
+	"followers.outgoing.list.self.none": "நீங்கள் யாரையும் பின்தொடரவில்லை.",
+	"followers.outgoing.list.none": "%s யாரையும் பின்தொடரவில்லை.",
+	"relativetime.now": "இப்போது",
+	"relativetime.future": "எதிர்காலத்தில்",
+	"relativetime.mins": {
+		"one": "%d நிமிடத்திற்கு முன்பு",
+		"other": "%d நிமிடங்களுக்கு முன்பு"
+	},
+	"relativetime.hours": {
+		"one": "%d மணிநேரத்திற்கு முன்பு",
+		"other": "%d மணிநேரங்களுக்கு முன்பு"
+	},
+	"relativetime.days": {
+		"one": "%d நாளுக்கு முன்பு",
+		"other": "%d நாட்களுக்கு முன்பு"
+	},
+	"relativetime.weeks": {
+		"one": "%d வாரத்திற்கு முன்பு",
+		"other": "%d வாரங்களுக்கு முன்பு"
+	},
+	"relativetime.months": {
+		"one": "%d மாதம் முன்பு",
+		"other": "%d மாதங்களுக்கு முன்பு"
+	},
+	"relativetime.years": {
+		"one": "%d வருடம் முன்பு",
+		"other": "%d ஆண்டுகளுக்கு முன்பு"
+	},
+	"relativetime.1day": "நேற்று",
+	"relativetime.2days": "இரண்டு நாட்களுக்கு முன்பு",
+	"relativetime.1week": "கடந்த வாரம்",
+	"relativetime.2weeks": "இரண்டு வாரங்களுக்கு முன்பு",
+	"relativetime.1month": "கடந்த மாதம்",
+	"relativetime.2months": "இரண்டு மாதங்களுக்கு முன்பு",
+	"relativetime.1year": "கடந்த ஆண்டு",
+	"relativetime.2years": "இரண்டு ஆண்டுகளுக்கு முன்பு",
+	"repo.pulls.already_merged": "ஒன்றிணைக்க முடியவில்லை: இந்த இழுத்தல் கோரிக்கை ஏற்கனவே ஒன்றிணைக்கப்பட்டுள்ளது.",
+	"repo.pulls.merged_title_desc": {
+		"one": "%[1]d கமிட் <code>%[2]s</code> இலிருந்து <code>%[3]s</code> %[4]s இல் இணைக்கப்பட்டது",
+		"other": "%[1]d ஆனது <code>%[2]s</code> இலிருந்து <code>%[3]s</code> %[4]s ஆக இணைக்கப்பட்டது"
+	},
+	"repo.pulls.title_desc": {
+		"one": "<code>%[2]s</code> இலிருந்து %[1]d கமிட்ஐ <code id=\"%[4]s\">%[3]s</code> இல் இணைக்க விரும்புகிறது",
+		"other": "%[1]d கமிட்களை <code>%[2]s</code> இலிருந்து <code id=\"%[4]s\">%[3]s</code> இல் இணைக்க விரும்புகிறது"
+	},
+	"repo.pulls.maintainers_can_edit": "இந்த இழுத்தல் கோரிக்கையை பராமரிப்பாளர்கள் திருத்தலாம்.",
+	"repo.pulls.maintainers_cannot_edit": "இந்த இழுத்தல் கோரிக்கையை பராமரிப்பாளர்களால் திருத்த முடியாது.",
+	"repo.form.cannot_create": "நீங்கள் களஞ்சியங்களை உருவாக்கக்கூடிய அனைத்து இடங்களும் களஞ்சியங்களின் வரம்பை எட்டியுள்ளன.",
+	"migrate.form.error.url_credentials": "முகவரி இல் நற்சான்றிதழ்கள் உள்ளன, அவற்றை முறையே பயனர்பெயர் மற்றும் கடவுச்சொல் புலங்களில் வைக்கவும்",
+	"migrate.github.description": "github.com அல்லது GitHub நிறுவனம் சேவையகத்திலிருந்து தரவை நகர்த்தவும்.",
+	"migrate.git.description": "எந்த Git சேவையிலிருந்தும் ஒரு களஞ்சியத்தை மட்டும் நகர்த்தவும்.",
+	"migrate.gitea.description": "gitea.com அல்லது பிற அறிவிலிதேநீர் நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
+	"migrate.gitlab.description": "gitlab.com அல்லது பிற GitLab நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
+	"migrate.gogs.description": "notabug.org அல்லது பிற Gogs நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
+	"migrate.onedev.description": "code.onedev.io அல்லது பிற OneDev நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
+	"migrate.gitbucket.description": "GitBucket நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
+	"migrate.codebase.description": "codebasehq.com இலிருந்து தரவை நகர்த்தவும்.",
+	"migrate.forgejo.description": "codeberg.org அல்லது பிற Forgejo நிகழ்வுகளில் இருந்து தரவை நகர்த்தவும்.",
+	"repo.issue_indexer.title": "வெளியீட்டு அட்டவணை",
+	"search.milestone_kind": "மைல்கற்களைத் தேடு…",
+	"repo.settings.push_mirror.branch_filter.label": "கிளை வடிகட்டி (விரும்பினால்)",
+	"repo.settings.push_mirror.branch_filter.description": "கிளைகள் பிரதிபலிக்க வேண்டும். அனைத்து கிளைகளையும் பிரதிபலிக்க காலியாக விடவும். தொடரியலுக்கு <a href=\"%[1]s\">%[2]s ஆவணத்தைப்</a> பார்க்கவும். எடுத்துக்காட்டுகள்: <code>main, release/*</code>",
+	"incorrect_root_url": "இந்த Forgejo நிகழ்வு \"%s\" இல் வழங்குவதற்காக கட்டமைக்கப்பட்டுள்ளது. நீங்கள் தற்போது Forgejo ஐ வேறொரு முகவரி மூலம் பார்க்கிறீர்கள், இது பயன்பாட்டின் சில பகுதிகளை உடைக்கக்கூடும். app.ini இல் உள்ள ROOT_URL அமைப்பு வழியாக Forgejo நிர்வாகிகளால் நியமன முகவரி கட்டுப்படுத்தப்படுகிறது.",
+	"themes.names.forgejo-auto": "Forgejo (கணினி கருப்பொருள் பின்பற்றவும்)",
+	"themes.names.forgejo-light": "ஃபோர்சோ ஒளி",
+	"themes.names.forgejo-dark": "Forgejo இருண்ட",
+	"error.not_found.title": "பக்கம் கிடைக்கவில்லை",
+	"warning.repository.out_of_sync": "இந்த களஞ்சியத்தின் தரவுத்தள பிரதிநிதித்துவம் ஒத்திசைக்கப்படவில்லை. இந்தக் களஞ்சியத்தை உறுதி செய்த பிறகும் இந்த முன்னறிவிப்பு காட்டப்பட்டால், நிர்வாகியைத் தொடர்புகொள்ளவும்.",
+	"alert.asset_load_failed": "{path} இலிருந்து சொத்துக் கோப்புகளை ஏற்றுவதில் தோல்வி. சொத்துக் கோப்புகளை அணுக முடியுமா என்பதை உறுதிப்படுத்தவும்.",
+	"alert.range_error": " %[1]s மற்றும் %[2]s க்கு இடைப்பட்ட எண்ணாக இருக்க வேண்டும்.",
+	"install.invalid_lfs_path": "குறிப்பிட்ட பாதையில் LFS ரூட்டை உருவாக்க முடியவில்லை: %[1]s",
+	"profile.actions.tooltip": "மேலும் செயல்கள்",
+	"profile.edit.link": "சுயவிவரத்தைத் திருத்தவும்",
+	"feed.atom.link": "அணு ஊட்டம்",
+	"keys.ssh.link": "பாஓடு விசைகள்",
+	"keys.gpg.link": "GPG விசைகள்",
+	"admin.config.moderation_config": "மிதமான கட்டமைப்பு",
+	"admin.moderation.moderation_reports": "மிதமான அறிக்கைகள்",
+	"admin.moderation.reports": "அறிக்கைகள்",
+	"admin.moderation.no_open_reports": "தற்போது திறந்த அறிக்கைகள் எதுவும் இல்லை.",
+	"admin.moderation.deleted_content_ref": "%[1]v மற்றும் அடையாளம் %[2]d உடன் புகாரளிக்கப்பட்ட உள்ளடக்கம் இனி இல்லை",
+	"moderation.report_abuse": "முறைகேட்டைப் புகாரளிக்கவும்",
+	"moderation.report_content": "உள்ளடக்கத்தைப் புகாரளிக்கவும்",
+	"moderation.report_abuse_form.header": "துச்பிரயோகத்தை நிர்வாகியிடம் புகாரளிக்கவும்",
+	"moderation.report_abuse_form.details": "ச்பேம் சுயவிவரங்கள், களஞ்சியங்கள், சிக்கல்கள், கருத்துகள் அல்லது தகாத முறையில் நடந்துகொள்ளும் பயனர்களைப் புகாரளிக்க இந்தப் படிவம் பயன்படுத்தப்பட வேண்டும்.",
+	"moderation.report_abuse_form.invalid": "தவறான வாதங்கள்",
+	"moderation.report_abuse_form.already_reported": "நீங்கள் ஏற்கனவே இந்த உள்ளடக்கத்தைப் புகாரளித்துள்ளீர்கள்",
+	"moderation.abuse_category": "வகையினம்",
+	"moderation.abuse_category.placeholder": "ஒரு வகையைத் தேர்ந்தெடுக்கவும்",
+	"moderation.abuse_category.spam": "ச்பேம்",
+	"moderation.abuse_category.malware": "தீம்பொருள்",
+	"moderation.abuse_category.illegal_content": "சட்டவிரோத உள்ளடக்கம்",
+	"moderation.abuse_category.other_violations": "இயங்குதள விதிகளின் பிற மீறல்கள்",
+	"moderation.report_remarks": "கருத்துக்கள்",
+	"moderation.report_remarks.placeholder": "நீங்கள் புகாரளிக்கும் முறைகேடு தொடர்பான சில விவரங்களை வழங்கவும்.",
+	"moderation.submit_report": "அறிக்கையை சமர்ப்பிக்கவும்",
+	"moderation.reporting_failed": "புதிய முறைகேடு அறிக்கையைச் சமர்ப்பிக்க முடியவில்லை: %v",
+	"moderation.reported_thank_you": "உங்கள் அறிக்கைக்கு நன்றி. இது குறித்து நிர்வாகத்திற்கு தெரியப்படுத்தப்பட்டுள்ளது.",
+	"mail.actions.successful_run_after_failure_subject": "பணிப்பாய்வு %[1]s களஞ்சியத்தில் %[2]s மீட்டெடுக்கப்பட்டது",
+	"mail.actions.not_successful_run_subject": "%[2]s களஞ்சியத்தில் பணிப்பாய்வு %[1]s தோல்வியடைந்தது",
+	"mail.actions.successful_run_after_failure": "பணிப்பாய்வு %[1]s களஞ்சியத்தில் %[2]s மீட்டெடுக்கப்பட்டது",
+	"mail.actions.not_successful_run": "%[2]s களஞ்சியத்தில் பணிப்பாய்வு %[1]s தோல்வியடைந்தது",
+	"mail.actions.run_info_cur_status": "இந்த ஓட்டத்தின் நிலை: %[1]s (தற்போது %[2]s இலிருந்து புதுப்பிக்கப்பட்டது)",
+	"mail.actions.run_info_previous_status": "முந்தைய இயக்கத்தின் நிலை: %[1]s",
+	"mail.actions.run_info_sha": "உறுதி: %[1]கள்",
+	"mail.actions.run_info_trigger": "தூண்டப்பட்டது ஏனெனில்: %[1]s by: %[2]s",
+	"mail.issue.action.close_by_commit": "%[3]s இல் %[1]s மூடப்பட்டது %[2]s.",
+	"repo.diff.commit.next-short": "அடுத்தது",
+	"repo.diff.commit.previous-short": "முந்தைய",
+	"discussion.locked": "இந்த விவாதம் பூட்டப்பட்டுள்ளது. கருத்து தெரிவிப்பது பங்களிப்பாளர்களுக்கு மட்டுமே.",
+	"discussion.sidebar.reference": "குறிப்பு",
+	"editor.textarea.tab_hint": "வரி ஏற்கனவே உள்தள்ளப்பட்டுள்ளது. எடிட்டரை விட்டு வெளியேற <kbd>Tab</kbd> அல்லது <kbd>Escape</kbd> ஐ அழுத்தவும்.",
+	"editor.textarea.shift_tab_hint": "இந்த வரியில் உள்தள்ளல் இல்லை. எடிட்டரை விட்டு வெளியேற <kbd>Shift</kbd> + <kbd>Tab</kbd> அல்லது <kbd>Escape</kbd> ஐ அழுத்தவும்.",
+	"admin.auths.allow_username_change": "பயனர்பெயர் மாற்றத்தை அனுமதிக்கவும்",
+	"admin.auths.allow_username_change.description": "சுயவிவர அமைப்புகளில் பயனர்கள் தங்கள் பயனர்பெயரை மாற்ற அனுமதிக்கவும்",
+	"admin.dashboard.cleanup_offline_runners": "இணைப்பில்லாத ரன்னர்களை தூய்மை செய்யுங்கள்",
+	"admin.dashboard.remove_resolved_reports": "தீர்க்கப்பட்ட அறிக்கைகளை அகற்று",
+	"admin.config.security": "பாதுகாப்பு கட்டமைப்பு",
+	"admin.config.global_2fa_requirement.title": "உலகளாவிய இரு காரணி தேவை",
+	"admin.config.global_2fa_requirement.none": "இல்லை",
+	"admin.config.global_2fa_requirement.all": "அனைத்து பயனர்கள்",
+	"admin.config.global_2fa_requirement.admin": "நிர்வாகிகள்",
+	"settings.visibility.description": "சுயவிவரத் தெரிவுநிலையானது உங்கள் தனியார் அல்லாத களஞ்சியங்களை அணுகும் மற்றவர்களின் திறனைப் பாதிக்கிறது. <a href=\"%s\" target=\"_blank\">மேலும் அறிக</a>.",
+	"settings.twofa_unroll_unavailable": "உங்கள் கணக்கிற்கு இரு காரணி ஏற்பு தேவை மற்றும் அதை முடக்க முடியாது.",
+	"settings.twofa_reenroll": "இரண்டு காரணி அங்கீகாரத்தை மீண்டும் பதிவு செய்யவும்",
+	"settings.twofa_reenroll.description": "உங்கள் இரு காரணி அங்கீகாரத்தை மீண்டும் பதிவு செய்யவும்",
+	"settings.must_enable_2fa": "இந்த Forgejo நிகழ்விற்கு பயனர்கள் தங்கள் கணக்குகளை அணுகுவதற்கு முன் இரு காரணி அங்கீகாரத்தை இயக்க வேண்டும்.",
+	"error.must_enable_2fa": "இந்த Forgejo நிகழ்விற்கு பயனர்கள் தங்கள் கணக்குகளை அணுகுவதற்கு முன் இரு காரணி அங்கீகாரத்தை இயக்க வேண்டும். இதை இயக்கவும்: %s",
+	"avatar.constraints_hint": "தனிப்பயன் அவதார் அளவு %[1]s ஐ விட அதிகமாக இருக்கக்கூடாது அல்லது %[2]dx%[3]d பிக்சல்களை விட பெரியதாக இருக்கலாம்",
+	"user.ghost.tooltip": "இந்த பயனர் நீக்கப்பட்டுள்ளார் அல்லது பொருத்த முடியாது.",
+	"og.repo.summary_card.alt_description": "%[1]s களஞ்சியத்தின் சுருக்க அட்டை, இவ்வாறு விவரிக்கப்பட்டுள்ளது: %[2]s",
+	"repo.commit.load_tags_failed": "உள் பிழை காரணமாக குறிச்சொற்களை ஏற்ற முடியவில்லை",
+	"compare.branches.title": "கிளைகளை ஒப்பிடுக",
+	"migrate.pagure.description": "pagure.io அல்லது பிற Pagure நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
+	"migrate.pagure.incorrect_url": "தவறான மூல களஞ்சிய முகவரி வழங்கப்பட்டுள்ளது",
+	"migrate.pagure.project_url": "திட்ட முகவரி பாகுர்",
+	"migrate.pagure.project_example": "Pagure திட்ட URL, எ.கா. https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Pagure பநிஇ கிள்ளாக்கு",
+	"migrate.pagure.private_issues.summary": "தனிப்பட்ட சிக்கல்கள் (விரும்பினால்)",
+	"migrate.pagure.private_issues.description": "காப்பக நோக்கங்களுக்காக உங்கள் Pagure திட்டத்தில் இருந்து தனிப்பட்ட சிக்கல்களை மட்டுமே கொண்ட இரண்டாவது களஞ்சியத்தை உருவாக்க இந்த நற்பொருத்தம் வடிவமைக்கப்பட்டுள்ளது. முதலில், அனைத்து பொது உள்ளடக்கத்தையும் இறக்குமதி செய்ய ஒரு சாதாரண இடம்பெயர்வை (டோக்கன் இல்லாமல்) செய்யவும். பின்னர், உங்களிடம் தனிப்பட்ட சிக்கல்கள் இருந்தால், அந்தத் தனிப்பட்ட சிக்கல்களைக் காப்பகப்படுத்த இந்த கிள்ளாக்கு விருப்பத்தைப் பயன்படுத்தி ஒரு தனி களஞ்சியத்தை உருவாக்கவும்.",
+	"migrate.pagure.private_issues.warning": "தனிப்பட்ட சிக்கல்களை இறக்குமதி செய்ய பநிஇ விசையைப் பயன்படுத்தினால், மேலே உள்ள களஞ்சியத் தெரிவுநிலையை தனிப்பட்டதாக அமைக்க மறக்காதீர்கள். இது பொது களஞ்சியத்தில் தனிப்பட்ட உள்ளடக்கத்தை தற்செயலாக வெளிப்படுத்துவதைத் தடுக்கிறது.",
+	"migrate.pagure.token.placeholder": "தனிப்பட்ட சிக்கல்கள் காப்பகத்தை உருவாக்குவதற்கு மட்டுமே",
+	"release.n_downloads": {
+		"one": "%s பதிவிறக்கம்",
+		"other": "%s பதிவிறக்கங்கள்"
+	},
+	"actions.runs.run_attempt_label": "இயக்க முயற்சி #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "%[1]s செயல்படுத்தப்பட்ட இந்த வேலையின் காலாவதியான ஓட்டத்தை நீங்கள் பார்க்கிறீர்கள்.",
+	"actions.runs.view_most_recent_run": "அண்மைக் கால ஓட்டத்தைக் காண்க",
+	"actions.workflow.job_parsing_error": "பணிப்பாய்வுகளில் வேலைகளை அலச முடியவில்லை: %v",
+	"actions.workflow.event_detection_error": "பணிப்பாய்வுகளில் ஆதரிக்கப்படும் நிகழ்வுகளை அலச முடியவில்லை: %v",
+	"actions.workflow.pre_execution_error": "செயல்படுத்தும் முயற்சியைத் தடுத்த பிழையின் காரணமாக பணிப்பாய்வு செயல்படுத்தப்படவில்லை.",
+	"pulse.n_active_issues": {
+		"one": "%s செயலில் உள்ள சிக்கல்",
+		"other": "%s செயலில் உள்ள சிக்கல்கள்"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s செயலில் இழுக்கும் கோரிக்கை",
+		"other": "%s செயலில் இழுக்கும் கோரிக்கைகள்"
+	},
+	"teams.add_all_repos.modal.header": "அனைத்து களஞ்சியங்களையும் சேர்",
+	"teams.remove_all_repos.modal.header": "அனைத்து களஞ்சியங்களையும் அகற்று",
+	"meta.last_line": "Forgejo ஐ மொழிபெயர்த்ததற்கு நன்றி! இந்த வரியானது பயனர்களால் பார்க்கப்படவில்லை, ஆனால் இது மொழிபெயர்ப்பு நிர்வாகத்தில் பிற நோக்கங்களுக்காக உதவுகிறது. மொழிபெயர்ப்பிற்குப் பதிலாக ஒரு வேடிக்கையான உண்மையை மொழிபெயர்ப்பில் வைக்கலாம்.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"repo.issues.filter_poster.hint": "ஆசிரியரால் வடிகட்டவும்",
+	"repo.issues.filter_assignee.hint": "ஒதுக்கப்பட்ட பயனரின்படி வடிகட்டவும்",
+	"repo.issues.filter_reviewers.hint": "மதிப்பாய்வு செய்த பயனரின்படி வடிகட்டவும்",
+	"repo.issues.filter_mention.hint": "குறிப்பிடப்பட்ட பயனரின்படி வடிகட்டவும்",
+	"repo.issues.filter_modified.hint": "கடைசியாக மாற்றியமைக்கப்பட்ட தேதியின்படி வடிகட்டவும்",
+	"repo.issues.filter_sort.hint": "வரிசைப்படுத்து: உருவாக்கப்பட்டது/கருத்துகள்/புதுப்பிக்கப்பட்டது/காலக்கெடு",
+	"repo.pulls.poster_manage_approval": "ஒப்புதலை நிர்வகிக்கவும்",
+	"repo.pulls.poster_requires_approval": "சில பணிப்பாய்வுகள் <a href=\"%[1]s\">மதிப்பாய்வுக்காக காத்திருக்கின்றன.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர், ஃபோர்க் செய்யப்பட்ட களஞ்சியத்திலிருந்து அல்லது AGit மூலம் உருவாக்கப்பட்ட இழுத்தல் கோரிக்கையால் தூண்டப்பட்ட பணிப்பாய்வுகளை இயக்க நம்பவில்லை. `புல்_ரிக்வெச்ட்` நிகழ்வால் தூண்டப்படும் பணிப்பாய்வுகள் அங்கீகரிக்கப்படும் வரை இயங்காது.",
+	"repo.pulls.poster_is_trusted": "இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர் <a href=\"%[1]s\">எப்பொழுதும் பணிப்பாய்வுகளை இயக்க நம்பகமானவர்.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர், `புல்_ரிக்வெச்ட்` நிகழ்வுகளால் தூண்டப்பட்ட பணிப்பாய்வுகளை இயக்க வெளிப்படையாக நம்புகிறார்.",
+	"repo.pulls.poster_trust_deny": "மறுக்கவும்",
+	"repo.pulls.poster_trust_deny.tooltip": "காத்திருப்பு பணிப்பாய்வு இசைவு ரத்து செய்யப்படும்.",
+	"repo.pulls.poster_trust_once": "ஒரு முறை அங்கீகரிக்கவும்",
+	"repo.pulls.poster_trust_once.tooltip": "`புல்_ரிக்வெச்ட்` நிகழ்வால் தூண்டப்படும் பணிப்பாய்வுகள் இந்தக் கமிட்டில் இயங்கும், ஆனால் இந்த இழுக்கக் கோரிக்கைக்கு தள்ளப்படும் அனைத்து எதிர்கால கமிட்களுக்கும் அங்கீகரிக்கப்பட வேண்டும்.",
+	"repo.pulls.poster_trust_always": "எப்போதும் அங்கீகரிக்கவும்",
+	"repo.pulls.poster_trust_always.tooltip": "`புல்_ரிக்வெச்ட்` நிகழ்வால் தூண்டப்படும் பணிப்பாய்வுகள் இந்த உறுதிப்பாட்டில் இயங்கும், மேலும் இந்த இழுத்தல் கோரிக்கை அல்லது அதே பயனரால் எழுதப்பட்ட எதிர்கால இழுப்புக் கோரிக்கைகளிலிருந்து ரன்களை அங்கீகரிக்க வேண்டிய அவசியமில்லை.",
+	"repo.pulls.poster_trust_revoke": "திரும்பப் பெறு",
+	"repo.pulls.poster_trust_revoke.tooltip": "`புல்_ரிக்வெச்ட்` நிகழ்வால் தூண்டப்படும் பணிப்பாய்வுகளை இயக்க இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர் இனி நம்பப்படமாட்டார், ஒவ்வொரு ஓட்டமும் கைமுறையாக அங்கீகரிக்கப்பட வேண்டும்.",
+	"search.syntax": "தொடரியல் தேடு",
+	"keys.verify.token.hint": "கிள்ளாக்கு 1 மணித்துளி மட்டுமே செல்லுபடியாகும். <a href=\"%[1]s\">அது காலாவதியானால் புதியதைப் பெறவும்</a>.",
+	"admin.dashboard.actions_action_user": "செயலற்ற பயனர்களுக்கான Forgejo செயல்கள் நம்பிக்கையைத் திரும்பப் பெறவும்",
+	"admin.dashboard.transfer_lingering_logs": "தரவுத்தளத்திலிருந்து சேமிப்பகத்திற்கு முடிக்கப்பட்ட செயல்களின் பதிவுகளை மாற்றும்",
+	"actions.status.diagnostics.waiting": {
+		"one": "பின்வரும் லேபிளுடன் ரன்னருக்காகக் காத்திருக்கிறது: %s",
+		"other": "பின்வரும் லேபிள்களுடன் ரன்னருக்காகக் காத்திருக்கிறது: %s"
+	},
+	"actions.workflow.persistent_incomplete_matrix": "தவறான ஒரு `தேவைகள்` வெளிப்பாடு காரணமாக %[1]s வேலையின் `strategy.matrix` ஐ மதிப்பிட முடியவில்லை. இது அதன் 'தேவைகள்' பட்டியலில் (%[2]s) இல்லாத வேலையைக் குறிப்பிடலாம் அல்லது அந்த வேலைகளில் ஒன்றில் இல்லாத வெளியீட்டைக் குறிப்பிடலாம்.",
+	"moderation.report.mark_as_handled": "கையாளப்பட்டதாகக் குறிக்கவும்",
+	"moderation.report.mark_as_ignored": "புறக்கணிக்கப்பட்டதாகக் குறிக்கவும்",
+	"moderation.action.account.delete": "கணக்கை நீக்கு",
+	"moderation.action.account.suspend": "கணக்கை இடைநிறுத்தவும்",
+	"moderation.action.repo.delete": "களஞ்சியத்தை நீக்கு",
+	"moderation.action.issue.delete": "சிக்கலை நீக்கு",
+	"moderation.action.comment.delete": "கருத்தை நீக்கு",
+	"moderation.unknown_action": "அறியப்படாத செயல்",
+	"moderation.users.cannot_suspend_self": "உங்களை நீங்களே இடைநீக்கம் செய்ய முடியாது.",
+	"moderation.users.cannot_suspend_admins": "நிர்வாக சலுகைகள் உள்ள பயனர்களை இடைநீக்கம் செய்ய முடியாது.",
+	"moderation.users.cannot_suspend_org": "அமைப்புகளை இடைநீக்கம் செய்ய முடியாது.",
+	"moderation.users.already_suspended": "பயனர் கணக்கு ஏற்கனவே இடைநிறுத்தப்பட்டுள்ளது.",
+	"moderation.users.suspend_success": "பயனர் கணக்கு இடைநிறுத்தப்பட்டது.",
+	"moderation.users.cannot_delete_admins": "நிர்வாகி உரிமைகள் உள்ள பயனர்களை நீக்க முடியாது.",
+	"moderation.issue.deletion_success": "சிக்கல் நீக்கப்பட்டது.",
+	"moderation.comment.deletion_success": "கருத்து நீக்கப்பட்டது.",
+	"actions.workflow.incomplete_matrix_missing_job": "%[1]s வேலையின் `strategy.matrix` ஐ மதிப்பிட முடியவில்லை: வேலை %[2]s வேலை %[1]s (%[3]s) இன் `தேவைகள்` பட்டியலில் இல்லை.",
+	"actions.workflow.incomplete_matrix_missing_output": "%[1]s வேலையின் `strategy.matrix` ஐ மதிப்பிட முடியவில்லை: வேலை %[2]s இல் %[3]s வெளியீடு இல்லை.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "%[1]s வேலையின் `strategy.matrix` ஐ மதிப்பிட முடியவில்லை: அறியப்படாத பிழை.",
+	"actions.workflow.incomplete_runson_missing_job": "%[1]s வேலையின் `ரன்-ஆன்` என்பதை மதிப்பிட முடியவில்லை: வேலை %[2]s வேலை %[1]s (%[3]s) இன் `தேவைகள்` பட்டியலில் இல்லை.",
+	"actions.workflow.incomplete_runson_missing_output": "%[1]s வேலையின் `ரன்-ஆன்` என்பதை மதிப்பிட முடியவில்லை: வேலை %[2]s இல் %[3]s வெளியீடு இல்லை.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "%[1]s இன் `ரன்-ஆன்` மதிப்பீட்டை மதிப்பிட முடியவில்லை: மேட்ரிக்ச் பரிமாணம் %[2]கள் இல்லை.",
+	"actions.workflow.incomplete_runson_unknown_cause": "%[1]s வேலையின் `ரன்-ஆன்` என்பதை மதிப்பிட முடியவில்லை: தெரியாத பிழை.",
+	"admin.auths.oauth2_quota_group_claim_name": "இந்த மூலத்திற்கான குழுப் பெயர்களை வழங்குவதற்கான உரிமைகோரல் பெயர் ஒதுக்கீடு மேலாண்மைக்கு பயன்படுத்தப்படும். (விரும்பினால்)",
+	"admin.auths.oauth2_quota_group_map": "மேப் உரிமைகோரப்பட்ட குழுக்களுக்கு ஒதுக்கப்பட்ட குழுக்களுக்கு. (விரும்பினால் - மேலே உள்ள உரிமைகோரல் பெயர் தேவை)",
+	"admin.auths.oauth2_quota_group_map_removal": "பயனர் தொடர்புடைய குழுவில் இல்லை என்றால், ஒத்திசைக்கப்பட்ட கோட்டா குழுக்களில் இருந்து பயனர்களை அகற்றவும்."
 }
diff --git a/options/locale_next/locale_th.json b/options/locale_next/locale_th.json
index d92e500127..fd5844dd13 100644
--- a/options/locale_next/locale_th.json
+++ b/options/locale_next/locale_th.json
@@ -1,158 +1,158 @@
 {
-    "home.welcome.no_activity": "ไม่มีกิจกรรม",
-    "home.welcome.activity_hint": "ยังไม่มีอะไรในฟีดของคุณ การดำเนินการและกิจกรรมของคุณจากที่เก็บที่คุณดูจะปรากฏที่นี่",
-    "home.explore_repos": "สำรวจที่เก็บ",
-    "home.explore_users": "สำรวจผู้ใช้",
-    "home.explore_orgs": "สำรวจองค์กร",
-    "fork.n_forks": "%s fork",
-    "stars.list.none": "ไม่มีใครติดดาวที่เก็บนี้",
-    "stars.n_stars": "%s ดาว",
-    "watch.list.none": "ไม่มีใครกำลังดูที่เก็บนี้",
-    "watch.n_watchers": "%s ผู้ดู",
-    "followers.incoming.list.self.none": "ไม่มีใครกำลังติดตามโปรไฟล์ของคุณ",
-    "followers.incoming.list.none": "ไม่มีใครกำลังติดตามผู้ใช้นี้",
-    "followers.outgoing.list.self.none": "คุณไม่ได้กำลังติดตามใคร",
-    "followers.outgoing.list.none": "%s ไม่ได้กำลังติดตามใคร",
-    "relativetime.now": "ขณะนี้",
-    "relativetime.future": "ในอนาคต",
-    "relativetime.mins": "%d นาทีที่แล้ว",
-    "relativetime.hours": "%d ชั่วโมงที่แล้ว",
-    "relativetime.days": "%d วันที่แล้ว",
-    "relativetime.weeks": "%d สัปดาห์ที่แล้ว",
-    "relativetime.months": "%d เดือนที่แล้ว",
-    "relativetime.years": "%d ปีที่แล้ว",
-    "relativetime.1day": "เมื่อวาน",
-    "relativetime.2days": "สองวันที่แล้ว",
-    "relativetime.1week": "สัปดาห์ที่แล้ว",
-    "relativetime.2weeks": "สองสัปดาห์ที่แล้ว",
-    "relativetime.1month": "เดือนที่แล้ว",
-    "relativetime.2months": "สองเดือนที่แล้ว",
-    "relativetime.1year": "ปีที่แล้ว",
-    "relativetime.2years": "สองปีที่แล้ว",
-    "repo.pulls.already_merged": "การรวมล้มเหลว: คำขอดึงนี้ถูกรวมไปแล้ว",
-    "repo.pulls.merged_title_desc": "รวม %[1]d คอมมิตจาก <code>%[2]s</code> ไปยัง <code>%[3]s</code> %[4]s",
-    "repo.pulls.title_desc": "ต้องการรวม %[1]d คอมมิตจาก <code>%[2]s</code> ไปยัง <code id=\"%[4]s\">%[3]s</code>",
-    "repo.pulls.maintainers_can_edit": "ผู้ดูแลสามารถแก้ไขคำขอดึงนี้ได้",
-    "repo.pulls.maintainers_cannot_edit": "ผู้ดูแลไม่สามารถแก้ไขคำขอดึงนี้ได้",
-    "repo.form.cannot_create": "พื้นที่ทั้งหมดที่คุณสามารถสร้างที่เก็บได้ถึงขีดจำกัดของที่เก็บแล้ว",
-    "migrate.form.error.url_credentials": "URL มีข้อมูลประจำตัว โปรดใส่ในช่องชื่อผู้ใช้และรหัสผ่านตามลำดับ",
-    "migrate.github.description": "ย้ายข้อมูลจาก github.com หรือเซิร์ฟเวอร์ GitHub Enterprise",
-    "migrate.git.description": "ย้ายเฉพาะที่เก็บจากบริการ Git ใดๆ",
-    "migrate.gitea.description": "ย้ายข้อมูลจาก gitea.com หรืออินสแตนซ์ Gitea อื่นๆ",
-    "migrate.gitlab.description": "ย้ายข้อมูลจาก gitlab.com หรืออินสแตนซ์ GitLab อื่นๆ",
-    "migrate.gogs.description": "ย้ายข้อมูลจาก notabug.org หรืออินสแตนซ์ Gogs อื่นๆ",
-    "migrate.onedev.description": "ย้ายข้อมูลจาก code.onedev.io หรืออินสแตนซ์ OneDev อื่นๆ",
-    "migrate.gitbucket.description": "ย้ายข้อมูลจากอินสแตนซ์ GitBucket",
-    "migrate.codebase.description": "ย้ายข้อมูลจาก codebasehq.com",
-    "migrate.forgejo.description": "ย้ายข้อมูลจาก codeberg.org หรืออินสแตนซ์ Forgejo อื่นๆ",
-    "repo.issue_indexer.title": "ตัวจัดทำดัชนี Issue",
-    "search.milestone_kind": "ค้นหาเหตุการณ์สำคัญ…",
-    "repo.settings.push_mirror.branch_filter.label": "ตัวกรองสาขา (ไม่บังคับ)",
-    "repo.settings.push_mirror.branch_filter.description": "สาขาที่จะมิเรอร์ เว้นว่างไว้เพื่อมิเรอร์ทุกสาขา ดู <a href=\"%[1]s\">เอกสาร %[2]s</a> สำหรับไวยากรณ์ ตัวอย่าง: <code>main, release/*</code>",
-    "incorrect_root_url": "อินสแตนซ์ Forgejo นี้ถูกกำหนดค่าให้ให้บริการบน \"%s\" ขณะนี้คุณกำลังดู Forgejo ผ่าน URL อื่น ซึ่งอาจทำให้บางส่วนของแอปพลิเคชันเสียหาย URL หลักถูกควบคุมโดยผู้ดูแล Forgejo ผ่านการตั้งค่า ROOT_URL ใน app.ini",
-    "themes.names.forgejo-auto": "Forgejo (ตามธีมของระบบ)",
-    "themes.names.forgejo-light": "Forgejo สว่าง",
-    "themes.names.forgejo-dark": "Forgejo มืด",
-    "error.not_found.title": "ไม่พบหน้า",
-    "warning.repository.out_of_sync": "การแสดงผลฐานข้อมูลของที่เก็บนี้ไม่ตรงกัน หากคำเตือนนี้ยังคงแสดงอยู่หลังจากพุชคอมมิตไปยังที่เก็บนี้ โปรดติดต่อผู้ดูแลระบบ",
-    "alert.asset_load_failed": "ไม่สามารถโหลดไฟล์แอสเซทจาก {path} ได้ โปรดตรวจสอบให้แน่ใจว่าสามารถเข้าถึงไฟล์แอสเซทได้",
-    "alert.range_error": " ต้องเป็นตัวเลขระหว่าง %[1]s และ %[2]s",
-    "install.invalid_lfs_path": "ไม่สามารถสร้างรูท LFS ที่พาธที่ระบุ: %[1]s",
-    "profile.actions.tooltip": "การดำเนินการเพิ่มเติม",
-    "profile.edit.link": "แก้ไขโปรไฟล์",
-    "feed.atom.link": "ฟีด Atom",
-    "keys.ssh.link": "คีย์ SSH",
-    "keys.gpg.link": "คีย์ GPG",
-    "admin.config.moderation_config": "การกำหนดค่าการดูแล",
-    "admin.moderation.moderation_reports": "รายงานการดูแล",
-    "admin.moderation.reports": "รายงาน",
-    "admin.moderation.no_open_reports": "ขณะนี้ไม่มีรายงานที่เปิดอยู่",
-    "admin.moderation.deleted_content_ref": "เนื้อหาที่รายงานประเภท %[1]v และ ID %[2]d ไม่มีอยู่อีกต่อไป",
-    "moderation.report_abuse": "รายงานการละเมิด",
-    "moderation.report_content": "รายงานเนื้อหา",
-    "moderation.report_abuse_form.header": "รายงานการละเมิดไปยังผู้ดูแลระบบ",
-    "moderation.report_abuse_form.details": "แบบฟอร์มนี้ควรใช้เพื่อรายงานผู้ใช้ที่สร้างโปรไฟล์สแปม ที่เก็บ ปัญหา ความคิดเห็น หรือมีพฤติกรรมที่ไม่เหมาะสม",
-    "moderation.report_abuse_form.invalid": "อาร์กิวเมนต์ไม่ถูกต้อง",
-    "moderation.report_abuse_form.already_reported": "คุณได้รายงานเนื้อหานี้แล้ว",
-    "moderation.abuse_category": "หมวดหมู่",
-    "moderation.abuse_category.placeholder": "เลือกหมวดหมู่",
-    "moderation.abuse_category.spam": "สแปม",
-    "moderation.abuse_category.malware": "มัลแวร์",
-    "moderation.abuse_category.illegal_content": "เนื้อหาที่ผิดกฎหมาย",
-    "moderation.abuse_category.other_violations": "การละเมิดกฎของแพลตฟอร์มอื่นๆ",
-    "moderation.report_remarks": "ข้อสังเกต",
-    "moderation.report_remarks.placeholder": "โปรดให้รายละเอียดบางอย่างเกี่ยวกับการละเมิดที่คุณกำลังรายงาน",
-    "moderation.submit_report": "ส่งรายงาน",
-    "moderation.reporting_failed": "ไม่สามารถส่งรายงานการละเมิดใหม่ได้: %v",
-    "moderation.reported_thank_you": "ขอบคุณสำหรับรายงานของคุณ ผู้ดูแลระบบได้รับทราบแล้ว",
-    "mail.actions.successful_run_after_failure_subject": "เวิร์กโฟลว์ %[1]s กู้คืนแล้วในที่เก็บ %[2]s",
-    "mail.actions.not_successful_run_subject": "เวิร์กโฟลว์ %[1]s ล้มเหลวในที่เก็บ %[2]s",
-    "mail.actions.successful_run_after_failure": "เวิร์กโฟลว์ %[1]s กู้คืนแล้วในที่เก็บ %[2]s",
-    "mail.actions.not_successful_run": "เวิร์กโฟลว์ %[1]s ล้มเหลวในที่เก็บ %[2]s",
-    "mail.actions.run_info_cur_status": "สถานะการรันนี้: %[1]s (อัปเดตล่าสุดจาก %[2]s)",
-    "mail.actions.run_info_previous_status": "สถานะการรันก่อนหน้า: %[1]s",
-    "mail.actions.run_info_sha": "คอมมิต: %[1]s",
-    "mail.actions.run_info_trigger": "ทริกเกอร์เนื่องจาก: %[1]s โดย: %[2]s",
-    "mail.issue.action.close_by_commit": "%[1]s ปิด %[2]s ในคอมมิต %[3]s",
-    "repo.diff.commit.next-short": "ถัดไป",
-    "repo.diff.commit.previous-short": "ก่อนหน้า",
-    "discussion.locked": "การสนทนานี้ถูกล็อคแล้ว การแสดงความคิดเห็นจำกัดเฉพาะผู้มีส่วนร่วมเท่านั้น",
-    "discussion.sidebar.reference": "อ้างอิง",
-    "editor.textarea.tab_hint": "บรรทัดถูกเยื้องแล้ว กด <kbd>Tab</kbd> อีกครั้งหรือ <kbd>Escape</kbd> เพื่อออกจากตัวแก้ไข",
-    "editor.textarea.shift_tab_hint": "ไม่มีการเยื้องในบรรทัดนี้ กด <kbd>Shift</kbd> + <kbd>Tab</kbd> อีกครั้งหรือ <kbd>Escape</kbd> เพื่อออกจากตัวแก้ไข",
-    "admin.auths.allow_username_change": "อนุญาตให้เปลี่ยนชื่อผู้ใช้",
-    "admin.auths.allow_username_change.description": "อนุญาตให้ผู้ใช้เปลี่ยนชื่อผู้ใช้ในการตั้งค่าโปรไฟล์",
-    "admin.dashboard.cleanup_offline_runners": "ล้างข้อมูลรันเนอร์ออฟไลน์",
-    "admin.dashboard.remove_resolved_reports": "ลบรายงานที่แก้ไขแล้ว",
-    "admin.config.security": "การกำหนดค่าความปลอดภัย",
-    "admin.config.global_2fa_requirement.title": "ข้อกำหนดการยืนยันตัวตนสองปัจจัยทั่วโลก",
-    "admin.config.global_2fa_requirement.none": "ไม่",
-    "admin.config.global_2fa_requirement.all": "ผู้ใช้ทั้งหมด",
-    "admin.config.global_2fa_requirement.admin": "ผู้ดูแลระบบ",
-    "settings.visibility.description": "การมองเห็นโปรไฟล์มีผลต่อความสามารถของผู้อื่นในการเข้าถึงที่เก็บที่ไม่ใช่ส่วนตัวของคุณ <a href=\"%s\" target=\"_blank\">เรียนรู้เพิ่มเติม</a>",
-    "settings.twofa_unroll_unavailable": "จำเป็นต้องมีการยืนยันตัวตนสองปัจจัยสำหรับบัญชีของคุณและไม่สามารถปิดใช้งานได้",
-    "settings.twofa_reenroll": "ลงทะเบียนการยืนยันตัวตนสองปัจจัยอีกครั้ง",
-    "settings.twofa_reenroll.description": "ลงทะเบียนการยืนยันตัวตนสองปัจจัยของคุณอีกครั้ง",
-    "settings.must_enable_2fa": "อินสแตนซ์ Forgejo นี้ต้องการให้ผู้ใช้เปิดใช้งานการยืนยันตัวตนสองปัจจัยก่อนจึงจะสามารถเข้าถึงบัญชีของตนได้",
-    "error.must_enable_2fa": "อินสแตนซ์ Forgejo นี้ต้องการให้ผู้ใช้เปิดใช้งานการยืนยันตัวตนสองปัจจัยก่อนจึงจะสามารถเข้าถึงบัญชีของตนได้ เปิดใช้งานได้ที่: %s",
-    "avatar.constraints_hint": "อวาตาร์ที่กำหนดเองต้องมีขนาดไม่เกิน %[1]s หรือใหญ่กว่า %[2]dx%[3]d พิกเซล",
-    "user.ghost.tooltip": "ผู้ใช้นี้ถูกลบไปแล้ว หรือไม่สามารถจับคู่ได้",
-    "og.repo.summary_card.alt_description": "การ์ดสรุปของที่เก็บ %[1]s ซึ่งอธิบายว่า: %[2]s",
-    "repo.commit.load_tags_failed": "การโหลดแท็กล้มเหลวเนื่องจากข้อผิดพลาดภายใน",
-    "compare.branches.title": "เปรียบเทียบสาขา",
-    "migrate.pagure.description": "ย้ายข้อมูลจาก pagure.io หรืออินสแตนซ์ Pagure อื่นๆ",
-    "migrate.pagure.incorrect_url": "ให้ URL ที่เก็บต้นทางไม่ถูกต้อง",
-    "migrate.pagure.project_url": "URL โครงการ Pagure",
-    "migrate.pagure.project_example": "URL โครงการ Pagure เช่น https://pagure.io/pagure",
-    "migrate.pagure.token_label": "โทเค็น API ของ Pagure",
-    "migrate.pagure.private_issues.summary": "ปัญหาส่วนตัว (ไม่บังคับ)",
-    "migrate.pagure.private_issues.description": "คุณลักษณะนี้ออกแบบมาเพื่อสร้างที่เก็บที่สองซึ่งมีเฉพาะปัญหาส่วนตัวจากโครงการ Pagure ของคุณเพื่อวัตถุประสงค์ในการเก็บถาวร ขั้นแรก ให้ทำการย้ายข้อมูลตามปกติ (โดยไม่มีโทเค็น) เพื่อนำเข้าเนื้อหาสาธารณะทั้งหมด จากนั้น หากคุณมีปัญหาส่วนตัวที่ต้องเก็บรักษา ให้สร้างที่เก็บแยกต่างหากโดยใช้ตัวเลือกโทเค็นนี้เพื่อเก็บถาวรปัญหาส่วนตัวเหล่านั้น",
-    "migrate.pagure.private_issues.warning": "โปรดแน่ใจว่าได้ตั้งค่าการมองเห็นที่เก็บด้านบนเป็นส่วนตัว หากคุณกำลังใช้คีย์ API เพื่อนำเข้าปัญหาส่วนตัว ซึ่งจะช่วยป้องกันการเปิดเผยเนื้อหาส่วนตัวในที่เก็บสาธารณะโดยไม่ได้ตั้งใจ",
-    "migrate.pagure.token.placeholder": "สำหรับสร้างที่เก็บถาวรปัญหาส่วนตัวเท่านั้น",
-    "release.n_downloads": "%s ดาวน์โหลด",
-    "actions.runs.run_attempt_label": "พยายามรันครั้งที่ #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "คุณกำลังดูการรันงานนี้ที่ล้าสมัยซึ่งดำเนินการเมื่อ %[1]s",
-    "actions.runs.view_most_recent_run": "ดูการรันล่าสุด",
-    "actions.workflow.job_parsing_error": "ไม่สามารถแยกวิเคราะห์งานในเวิร์กโฟลว์ได้: %v",
-    "actions.workflow.event_detection_error": "ไม่สามารถแยกวิเคราะห์เหตุการณ์ที่รองรับในเวิร์กโฟลว์ได้: %v",
-    "actions.workflow.pre_execution_error": "เวิร์กโฟลว์ไม่ถูกดำเนินการเนื่องจากมีข้อผิดพลาดที่ขัดขวางความพยายามในการดำเนินการ",
-    "pulse.n_active_issues": "%s ปัญหาที่ใช้งานอยู่",
-    "pulse.n_active_prs": "%s คำขอดึงที่ใช้งานอยู่",
-    "meta.last_line": "ขอบคุณที่แปล Forgejo! บรรทัดนี้ผู้ใช้จะไม่เห็น แต่มีวัตถุประสงค์อื่นในการจัดการการแปล คุณสามารถใส่ข้อเท็จจริงสนุกๆ ในการแปลแทนการแปลก็ได้",
-    "repo.pulls.poster_manage_approval": "จัดการการอนุมัติ",
-    "repo.pulls.poster_requires_approval": "เวิร์กโฟลว์บางส่วนกำลัง<a href=\"%[1]s\">รอการตรวจสอบ</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "ผู้เขียนคําขอดึงข้อมูลนี้ไม่น่าเชื่อถือในการเรียกใช้เวิร์กโฟลว์ที่ทริกเกอร์โดยคําขอดึงข้อมูลที่สร้างขึ้นจากที่เก็บแบบแยกหรือด้วย AGit เวิร์กโฟลว์ที่ทริกเกอร์โดยเหตุการณ์ 'pull_request' จะไม่ทํางานจนกว่าจะได้รับการอนุมัติ",
-    "repo.pulls.poster_is_trusted": "ผู้เขียนคำขอดึงนี้ <a href=\"%[1]s\">ได้รับความไว้วางใจให้รันเวิร์กโฟลว์เสมอ</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "ผู้เขียนคำขอดึงนี้ได้รับความไว้วางใจอย่างชัดเจนในการรันเวิร์กโฟลว์ที่ทริกเกอร์โดยเหตุการณ์ `pull_request`",
-    "repo.pulls.poster_trust_deny": "ปฏิเสธ",
-    "repo.pulls.poster_trust_deny.tooltip": "เวิร์กโฟลว์ที่รอการอนุมัติจะถูกยกเลิก",
-    "repo.pulls.poster_trust_once": "อนุมัติครั้งเดียว",
-    "repo.pulls.poster_trust_once.tooltip": "เวิร์กโฟลว์ที่ทริกเกอร์โดยเหตุการณ์ `pull_request` จะทำงานบนคอมมิตนี้ แต่จะต้องได้รับการอนุมัติสำหรับคอมมิตในอนาคตทั้งหมดที่ส่งไปยังคำขอดึงนี้",
-    "repo.pulls.poster_trust_always": "อนุมัติเสมอ",
-    "repo.pulls.poster_trust_always.tooltip": "เวิร์กโฟลว์ที่ทริกเกอร์โดยเหตุการณ์ `pull_request` จะทำงานในการคอมมิตนี้ และจะไม่จำเป็นต้องอนุมัติการทำงานจากคำขอการดึงนี้หรือคำขอการดึงในอนาคตที่เขียนโดยผู้ใช้คนเดียวกัน",
-    "repo.pulls.poster_trust_revoke": "เพิกถอน",
-    "repo.pulls.poster_trust_revoke.tooltip": "ผู้เขียนคำขอดึงนี้จะไม่ได้รับความไว้วางใจให้รันเวิร์กโฟลว์ที่ทริกเกอร์โดยเหตุการณ์ `pull_request` อีกต่อไป โดยการทำงานแต่ละครั้งจะต้องได้รับการอนุมัติด้วยตนเอง",
-    "admin.dashboard.actions_action_user": "เพิกถอนความน่าเชื่อถือของ Forgejo Actions สําหรับผู้ใช้ที่ไม่ได้ใช้งาน",
-    "teams.add_all_repos.modal.header": "เพิ่มที่เก็บข้อมูลทั้งหมด",
-    "teams.remove_all_repos.modal.header": "ลบที่เก็บข้อมูลทั้งหมด"
+	"home.welcome.no_activity": "ไม่มีกิจกรรม",
+	"home.welcome.activity_hint": "ยังไม่มีอะไรในฟีดของคุณ การดำเนินการและกิจกรรมของคุณจากที่เก็บที่คุณดูจะปรากฏที่นี่",
+	"home.explore_repos": "สำรวจที่เก็บ",
+	"home.explore_users": "สำรวจผู้ใช้",
+	"home.explore_orgs": "สำรวจองค์กร",
+	"fork.n_forks": "%s fork",
+	"stars.list.none": "ไม่มีใครติดดาวที่เก็บนี้",
+	"stars.n_stars": "%s ดาว",
+	"watch.list.none": "ไม่มีใครกำลังดูที่เก็บนี้",
+	"watch.n_watchers": "%s ผู้ดู",
+	"followers.incoming.list.self.none": "ไม่มีใครกำลังติดตามโปรไฟล์ของคุณ",
+	"followers.incoming.list.none": "ไม่มีใครกำลังติดตามผู้ใช้นี้",
+	"followers.outgoing.list.self.none": "คุณไม่ได้กำลังติดตามใคร",
+	"followers.outgoing.list.none": "%s ไม่ได้กำลังติดตามใคร",
+	"relativetime.now": "ขณะนี้",
+	"relativetime.future": "ในอนาคต",
+	"relativetime.mins": "%d นาทีที่แล้ว",
+	"relativetime.hours": "%d ชั่วโมงที่แล้ว",
+	"relativetime.days": "%d วันที่แล้ว",
+	"relativetime.weeks": "%d สัปดาห์ที่แล้ว",
+	"relativetime.months": "%d เดือนที่แล้ว",
+	"relativetime.years": "%d ปีที่แล้ว",
+	"relativetime.1day": "เมื่อวาน",
+	"relativetime.2days": "สองวันที่แล้ว",
+	"relativetime.1week": "สัปดาห์ที่แล้ว",
+	"relativetime.2weeks": "สองสัปดาห์ที่แล้ว",
+	"relativetime.1month": "เดือนที่แล้ว",
+	"relativetime.2months": "สองเดือนที่แล้ว",
+	"relativetime.1year": "ปีที่แล้ว",
+	"relativetime.2years": "สองปีที่แล้ว",
+	"repo.pulls.already_merged": "การรวมล้มเหลว: คำขอดึงนี้ถูกรวมไปแล้ว",
+	"repo.pulls.merged_title_desc": "รวม %[1]d คอมมิตจาก <code>%[2]s</code> ไปยัง <code>%[3]s</code> %[4]s",
+	"repo.pulls.title_desc": "ต้องการรวม %[1]d คอมมิตจาก <code>%[2]s</code> ไปยัง <code id=\"%[4]s\">%[3]s</code>",
+	"repo.pulls.maintainers_can_edit": "ผู้ดูแลสามารถแก้ไขคำขอดึงนี้ได้",
+	"repo.pulls.maintainers_cannot_edit": "ผู้ดูแลไม่สามารถแก้ไขคำขอดึงนี้ได้",
+	"repo.form.cannot_create": "พื้นที่ทั้งหมดที่คุณสามารถสร้างที่เก็บได้ถึงขีดจำกัดของที่เก็บแล้ว",
+	"migrate.form.error.url_credentials": "URL มีข้อมูลประจำตัว โปรดใส่ในช่องชื่อผู้ใช้และรหัสผ่านตามลำดับ",
+	"migrate.github.description": "ย้ายข้อมูลจาก github.com หรือเซิร์ฟเวอร์ GitHub Enterprise",
+	"migrate.git.description": "ย้ายเฉพาะที่เก็บจากบริการ Git ใดๆ",
+	"migrate.gitea.description": "ย้ายข้อมูลจาก gitea.com หรืออินสแตนซ์ Gitea อื่นๆ",
+	"migrate.gitlab.description": "ย้ายข้อมูลจาก gitlab.com หรืออินสแตนซ์ GitLab อื่นๆ",
+	"migrate.gogs.description": "ย้ายข้อมูลจาก notabug.org หรืออินสแตนซ์ Gogs อื่นๆ",
+	"migrate.onedev.description": "ย้ายข้อมูลจาก code.onedev.io หรืออินสแตนซ์ OneDev อื่นๆ",
+	"migrate.gitbucket.description": "ย้ายข้อมูลจากอินสแตนซ์ GitBucket",
+	"migrate.codebase.description": "ย้ายข้อมูลจาก codebasehq.com",
+	"migrate.forgejo.description": "ย้ายข้อมูลจาก codeberg.org หรืออินสแตนซ์ Forgejo อื่นๆ",
+	"repo.issue_indexer.title": "ตัวจัดทำดัชนี Issue",
+	"search.milestone_kind": "ค้นหาเหตุการณ์สำคัญ…",
+	"repo.settings.push_mirror.branch_filter.label": "ตัวกรองสาขา (ไม่บังคับ)",
+	"repo.settings.push_mirror.branch_filter.description": "สาขาที่จะมิเรอร์ เว้นว่างไว้เพื่อมิเรอร์ทุกสาขา ดู <a href=\"%[1]s\">เอกสาร %[2]s</a> สำหรับไวยากรณ์ ตัวอย่าง: <code>main, release/*</code>",
+	"incorrect_root_url": "อินสแตนซ์ Forgejo นี้ถูกกำหนดค่าให้ให้บริการบน \"%s\" ขณะนี้คุณกำลังดู Forgejo ผ่าน URL อื่น ซึ่งอาจทำให้บางส่วนของแอปพลิเคชันเสียหาย URL หลักถูกควบคุมโดยผู้ดูแล Forgejo ผ่านการตั้งค่า ROOT_URL ใน app.ini",
+	"themes.names.forgejo-auto": "Forgejo (ตามธีมของระบบ)",
+	"themes.names.forgejo-light": "Forgejo สว่าง",
+	"themes.names.forgejo-dark": "Forgejo มืด",
+	"error.not_found.title": "ไม่พบหน้า",
+	"warning.repository.out_of_sync": "การแสดงผลฐานข้อมูลของที่เก็บนี้ไม่ตรงกัน หากคำเตือนนี้ยังคงแสดงอยู่หลังจากพุชคอมมิตไปยังที่เก็บนี้ โปรดติดต่อผู้ดูแลระบบ",
+	"alert.asset_load_failed": "ไม่สามารถโหลดไฟล์แอสเซทจาก {path} ได้ โปรดตรวจสอบให้แน่ใจว่าสามารถเข้าถึงไฟล์แอสเซทได้",
+	"alert.range_error": " ต้องเป็นตัวเลขระหว่าง %[1]s และ %[2]s",
+	"install.invalid_lfs_path": "ไม่สามารถสร้างรูท LFS ที่พาธที่ระบุ: %[1]s",
+	"profile.actions.tooltip": "การดำเนินการเพิ่มเติม",
+	"profile.edit.link": "แก้ไขโปรไฟล์",
+	"feed.atom.link": "ฟีด Atom",
+	"keys.ssh.link": "คีย์ SSH",
+	"keys.gpg.link": "คีย์ GPG",
+	"admin.config.moderation_config": "การกำหนดค่าการดูแล",
+	"admin.moderation.moderation_reports": "รายงานการดูแล",
+	"admin.moderation.reports": "รายงาน",
+	"admin.moderation.no_open_reports": "ขณะนี้ไม่มีรายงานที่เปิดอยู่",
+	"admin.moderation.deleted_content_ref": "เนื้อหาที่รายงานประเภท %[1]v และ ID %[2]d ไม่มีอยู่อีกต่อไป",
+	"moderation.report_abuse": "รายงานการละเมิด",
+	"moderation.report_content": "รายงานเนื้อหา",
+	"moderation.report_abuse_form.header": "รายงานการละเมิดไปยังผู้ดูแลระบบ",
+	"moderation.report_abuse_form.details": "แบบฟอร์มนี้ควรใช้เพื่อรายงานผู้ใช้ที่สร้างโปรไฟล์สแปม ที่เก็บ ปัญหา ความคิดเห็น หรือมีพฤติกรรมที่ไม่เหมาะสม",
+	"moderation.report_abuse_form.invalid": "อาร์กิวเมนต์ไม่ถูกต้อง",
+	"moderation.report_abuse_form.already_reported": "คุณได้รายงานเนื้อหานี้แล้ว",
+	"moderation.abuse_category": "หมวดหมู่",
+	"moderation.abuse_category.placeholder": "เลือกหมวดหมู่",
+	"moderation.abuse_category.spam": "สแปม",
+	"moderation.abuse_category.malware": "มัลแวร์",
+	"moderation.abuse_category.illegal_content": "เนื้อหาที่ผิดกฎหมาย",
+	"moderation.abuse_category.other_violations": "การละเมิดกฎของแพลตฟอร์มอื่นๆ",
+	"moderation.report_remarks": "ข้อสังเกต",
+	"moderation.report_remarks.placeholder": "โปรดให้รายละเอียดบางอย่างเกี่ยวกับการละเมิดที่คุณกำลังรายงาน",
+	"moderation.submit_report": "ส่งรายงาน",
+	"moderation.reporting_failed": "ไม่สามารถส่งรายงานการละเมิดใหม่ได้: %v",
+	"moderation.reported_thank_you": "ขอบคุณสำหรับรายงานของคุณ ผู้ดูแลระบบได้รับทราบแล้ว",
+	"mail.actions.successful_run_after_failure_subject": "เวิร์กโฟลว์ %[1]s กู้คืนแล้วในที่เก็บ %[2]s",
+	"mail.actions.not_successful_run_subject": "เวิร์กโฟลว์ %[1]s ล้มเหลวในที่เก็บ %[2]s",
+	"mail.actions.successful_run_after_failure": "เวิร์กโฟลว์ %[1]s กู้คืนแล้วในที่เก็บ %[2]s",
+	"mail.actions.not_successful_run": "เวิร์กโฟลว์ %[1]s ล้มเหลวในที่เก็บ %[2]s",
+	"mail.actions.run_info_cur_status": "สถานะการรันนี้: %[1]s (อัปเดตล่าสุดจาก %[2]s)",
+	"mail.actions.run_info_previous_status": "สถานะการรันก่อนหน้า: %[1]s",
+	"mail.actions.run_info_sha": "คอมมิต: %[1]s",
+	"mail.actions.run_info_trigger": "ทริกเกอร์เนื่องจาก: %[1]s โดย: %[2]s",
+	"mail.issue.action.close_by_commit": "%[1]s ปิด %[2]s ในคอมมิต %[3]s",
+	"repo.diff.commit.next-short": "ถัดไป",
+	"repo.diff.commit.previous-short": "ก่อนหน้า",
+	"discussion.locked": "การสนทนานี้ถูกล็อคแล้ว การแสดงความคิดเห็นจำกัดเฉพาะผู้มีส่วนร่วมเท่านั้น",
+	"discussion.sidebar.reference": "อ้างอิง",
+	"editor.textarea.tab_hint": "บรรทัดถูกเยื้องแล้ว กด <kbd>Tab</kbd> อีกครั้งหรือ <kbd>Escape</kbd> เพื่อออกจากตัวแก้ไข",
+	"editor.textarea.shift_tab_hint": "ไม่มีการเยื้องในบรรทัดนี้ กด <kbd>Shift</kbd> + <kbd>Tab</kbd> อีกครั้งหรือ <kbd>Escape</kbd> เพื่อออกจากตัวแก้ไข",
+	"admin.auths.allow_username_change": "อนุญาตให้เปลี่ยนชื่อผู้ใช้",
+	"admin.auths.allow_username_change.description": "อนุญาตให้ผู้ใช้เปลี่ยนชื่อผู้ใช้ในการตั้งค่าโปรไฟล์",
+	"admin.dashboard.cleanup_offline_runners": "ล้างข้อมูลรันเนอร์ออฟไลน์",
+	"admin.dashboard.remove_resolved_reports": "ลบรายงานที่แก้ไขแล้ว",
+	"admin.config.security": "การกำหนดค่าความปลอดภัย",
+	"admin.config.global_2fa_requirement.title": "ข้อกำหนดการยืนยันตัวตนสองปัจจัยทั่วโลก",
+	"admin.config.global_2fa_requirement.none": "ไม่",
+	"admin.config.global_2fa_requirement.all": "ผู้ใช้ทั้งหมด",
+	"admin.config.global_2fa_requirement.admin": "ผู้ดูแลระบบ",
+	"settings.visibility.description": "การมองเห็นโปรไฟล์มีผลต่อความสามารถของผู้อื่นในการเข้าถึงที่เก็บที่ไม่ใช่ส่วนตัวของคุณ <a href=\"%s\" target=\"_blank\">เรียนรู้เพิ่มเติม</a>",
+	"settings.twofa_unroll_unavailable": "จำเป็นต้องมีการยืนยันตัวตนสองปัจจัยสำหรับบัญชีของคุณและไม่สามารถปิดใช้งานได้",
+	"settings.twofa_reenroll": "ลงทะเบียนการยืนยันตัวตนสองปัจจัยอีกครั้ง",
+	"settings.twofa_reenroll.description": "ลงทะเบียนการยืนยันตัวตนสองปัจจัยของคุณอีกครั้ง",
+	"settings.must_enable_2fa": "อินสแตนซ์ Forgejo นี้ต้องการให้ผู้ใช้เปิดใช้งานการยืนยันตัวตนสองปัจจัยก่อนจึงจะสามารถเข้าถึงบัญชีของตนได้",
+	"error.must_enable_2fa": "อินสแตนซ์ Forgejo นี้ต้องการให้ผู้ใช้เปิดใช้งานการยืนยันตัวตนสองปัจจัยก่อนจึงจะสามารถเข้าถึงบัญชีของตนได้ เปิดใช้งานได้ที่: %s",
+	"avatar.constraints_hint": "อวาตาร์ที่กำหนดเองต้องมีขนาดไม่เกิน %[1]s หรือใหญ่กว่า %[2]dx%[3]d พิกเซล",
+	"user.ghost.tooltip": "ผู้ใช้นี้ถูกลบไปแล้ว หรือไม่สามารถจับคู่ได้",
+	"og.repo.summary_card.alt_description": "การ์ดสรุปของที่เก็บ %[1]s ซึ่งอธิบายว่า: %[2]s",
+	"repo.commit.load_tags_failed": "การโหลดแท็กล้มเหลวเนื่องจากข้อผิดพลาดภายใน",
+	"compare.branches.title": "เปรียบเทียบสาขา",
+	"migrate.pagure.description": "ย้ายข้อมูลจาก pagure.io หรืออินสแตนซ์ Pagure อื่นๆ",
+	"migrate.pagure.incorrect_url": "ให้ URL ที่เก็บต้นทางไม่ถูกต้อง",
+	"migrate.pagure.project_url": "URL โครงการ Pagure",
+	"migrate.pagure.project_example": "URL โครงการ Pagure เช่น https://pagure.io/pagure",
+	"migrate.pagure.token_label": "โทเค็น API ของ Pagure",
+	"migrate.pagure.private_issues.summary": "ปัญหาส่วนตัว (ไม่บังคับ)",
+	"migrate.pagure.private_issues.description": "คุณลักษณะนี้ออกแบบมาเพื่อสร้างที่เก็บที่สองซึ่งมีเฉพาะปัญหาส่วนตัวจากโครงการ Pagure ของคุณเพื่อวัตถุประสงค์ในการเก็บถาวร ขั้นแรก ให้ทำการย้ายข้อมูลตามปกติ (โดยไม่มีโทเค็น) เพื่อนำเข้าเนื้อหาสาธารณะทั้งหมด จากนั้น หากคุณมีปัญหาส่วนตัวที่ต้องเก็บรักษา ให้สร้างที่เก็บแยกต่างหากโดยใช้ตัวเลือกโทเค็นนี้เพื่อเก็บถาวรปัญหาส่วนตัวเหล่านั้น",
+	"migrate.pagure.private_issues.warning": "โปรดแน่ใจว่าได้ตั้งค่าการมองเห็นที่เก็บด้านบนเป็นส่วนตัว หากคุณกำลังใช้คีย์ API เพื่อนำเข้าปัญหาส่วนตัว ซึ่งจะช่วยป้องกันการเปิดเผยเนื้อหาส่วนตัวในที่เก็บสาธารณะโดยไม่ได้ตั้งใจ",
+	"migrate.pagure.token.placeholder": "สำหรับสร้างที่เก็บถาวรปัญหาส่วนตัวเท่านั้น",
+	"release.n_downloads": "%s ดาวน์โหลด",
+	"actions.runs.run_attempt_label": "พยายามรันครั้งที่ #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "คุณกำลังดูการรันงานนี้ที่ล้าสมัยซึ่งดำเนินการเมื่อ %[1]s",
+	"actions.runs.view_most_recent_run": "ดูการรันล่าสุด",
+	"actions.workflow.job_parsing_error": "ไม่สามารถแยกวิเคราะห์งานในเวิร์กโฟลว์ได้: %v",
+	"actions.workflow.event_detection_error": "ไม่สามารถแยกวิเคราะห์เหตุการณ์ที่รองรับในเวิร์กโฟลว์ได้: %v",
+	"actions.workflow.pre_execution_error": "เวิร์กโฟลว์ไม่ถูกดำเนินการเนื่องจากมีข้อผิดพลาดที่ขัดขวางความพยายามในการดำเนินการ",
+	"pulse.n_active_issues": "%s ปัญหาที่ใช้งานอยู่",
+	"pulse.n_active_prs": "%s คำขอดึงที่ใช้งานอยู่",
+	"meta.last_line": "ขอบคุณที่แปล Forgejo! บรรทัดนี้ผู้ใช้จะไม่เห็น แต่มีวัตถุประสงค์อื่นในการจัดการการแปล คุณสามารถใส่ข้อเท็จจริงสนุกๆ ในการแปลแทนการแปลก็ได้\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"repo.pulls.poster_manage_approval": "จัดการการอนุมัติ",
+	"repo.pulls.poster_requires_approval": "เวิร์กโฟลว์บางส่วนกำลัง<a href=\"%[1]s\">รอการตรวจสอบ</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "ผู้เขียนคําขอดึงข้อมูลนี้ไม่น่าเชื่อถือในการเรียกใช้เวิร์กโฟลว์ที่ทริกเกอร์โดยคําขอดึงข้อมูลที่สร้างขึ้นจากที่เก็บแบบแยกหรือด้วย AGit เวิร์กโฟลว์ที่ทริกเกอร์โดยเหตุการณ์ 'pull_request' จะไม่ทํางานจนกว่าจะได้รับการอนุมัติ",
+	"repo.pulls.poster_is_trusted": "ผู้เขียนคำขอดึงนี้ <a href=\"%[1]s\">ได้รับความไว้วางใจให้รันเวิร์กโฟลว์เสมอ</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "ผู้เขียนคำขอดึงนี้ได้รับความไว้วางใจอย่างชัดเจนในการรันเวิร์กโฟลว์ที่ทริกเกอร์โดยเหตุการณ์ `pull_request`",
+	"repo.pulls.poster_trust_deny": "ปฏิเสธ",
+	"repo.pulls.poster_trust_deny.tooltip": "เวิร์กโฟลว์ที่รอการอนุมัติจะถูกยกเลิก",
+	"repo.pulls.poster_trust_once": "อนุมัติครั้งเดียว",
+	"repo.pulls.poster_trust_once.tooltip": "เวิร์กโฟลว์ที่ทริกเกอร์โดยเหตุการณ์ `pull_request` จะทำงานบนคอมมิตนี้ แต่จะต้องได้รับการอนุมัติสำหรับคอมมิตในอนาคตทั้งหมดที่ส่งไปยังคำขอดึงนี้",
+	"repo.pulls.poster_trust_always": "อนุมัติเสมอ",
+	"repo.pulls.poster_trust_always.tooltip": "เวิร์กโฟลว์ที่ทริกเกอร์โดยเหตุการณ์ `pull_request` จะทำงานในการคอมมิตนี้ และจะไม่จำเป็นต้องอนุมัติการทำงานจากคำขอการดึงนี้หรือคำขอการดึงในอนาคตที่เขียนโดยผู้ใช้คนเดียวกัน",
+	"repo.pulls.poster_trust_revoke": "เพิกถอน",
+	"repo.pulls.poster_trust_revoke.tooltip": "ผู้เขียนคำขอดึงนี้จะไม่ได้รับความไว้วางใจให้รันเวิร์กโฟลว์ที่ทริกเกอร์โดยเหตุการณ์ `pull_request` อีกต่อไป โดยการทำงานแต่ละครั้งจะต้องได้รับการอนุมัติด้วยตนเอง",
+	"admin.dashboard.actions_action_user": "เพิกถอนความน่าเชื่อถือของ Forgejo Actions สําหรับผู้ใช้ที่ไม่ได้ใช้งาน",
+	"teams.add_all_repos.modal.header": "เพิ่มที่เก็บข้อมูลทั้งหมด",
+	"teams.remove_all_repos.modal.header": "ลบที่เก็บข้อมูลทั้งหมด"
 }
diff --git a/options/locale_next/locale_tok.json b/options/locale_next/locale_tok.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_tok.json
+++ b/options/locale_next/locale_tok.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_tr-TR.json b/options/locale_next/locale_tr-TR.json
index a2814608ca..d64e5ac7f9 100644
--- a/options/locale_next/locale_tr-TR.json
+++ b/options/locale_next/locale_tr-TR.json
@@ -1,186 +1,186 @@
 {
-    "fork.n_forks": {
-        "one": "%s çatal",
-        "other": "%s çatal"
-    },
-    "stars.n_stars": {
-        "one": "%s yıldız",
-        "other": "%s yıldız"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "%[4]s, <code>%[2]s</code> içindeki %[1]d katkıyı <code>%[3]s</code> ile birleştirdi",
-        "other": "%[4]s, <code>%[2]s</code> içindeki %[1]d katkıyı <code>%[3]s</code> ile birleştirdi"
-    },
-    "repo.pulls.title_desc": {
-        "one": "<code>%[2]s</code> içindeki %[1]d katkıyı <code id=\"%[4]s\">%[3]s</code> ile birleştirmek istiyor",
-        "other": "<code>%[2]s</code> içindeki %[1]d katkıyı <code id=\"%[4]s\">%[3]s</code> ile birleştirmek istiyor"
-    },
-    "search.milestone_kind": "Kilometre taşlarını ara…",
-    "moderation.abuse_category.malware": "Kötü amaçlı yazılım",
-    "migrate.github.description": "github.com veya GitHub Enterprise sunucusundan veri aktar.",
-    "migrate.git.description": "Herhangi bir Git servisinden sadece depoyu aktarın.",
-    "migrate.gitea.description": "gitea.com veya diğer Gitea oluşumlarından veri aktar.",
-    "migrate.gitlab.description": "gitlab.com veya diğer GitLab oluşumlarından veri aktar.",
-    "migrate.gogs.description": "notabug.org veya diğer Gogs oluşumlarından veri aktar.",
-    "migrate.onedev.description": "code.onedev.io veya diğer OneDev oluşumlarından veri aktar.",
-    "migrate.gitbucket.description": "GitBucket oluşumlarından veri aktar.",
-    "migrate.codebase.description": "codebasehq.com'dan veri aktar.",
-    "pulse.n_active_issues": {
-        "one": "%s aktif sorun",
-        "other": "%s aktif sorun"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s aktif birleştirme isteği",
-        "other": "%s aktif birleştirme isteği"
-    },
-    "home.welcome.no_activity": "Etkinlik yok",
-    "home.welcome.activity_hint": "Akışınızda henüz bir şey yok. Eylemleriniz ve izlediğiniz depolardaki etkinlikler burada gözükecek.",
-    "home.explore_repos": "Depoları keşfet",
-    "home.explore_users": "Kullanıcıları keşfet",
-    "home.explore_orgs": "Organizasyonları keşfet",
-    "stars.list.none": "Hiç kimse bu depoyu yıldızlamadı.",
-    "watch.list.none": "Hiç kimse bu depoyu izlemeye almamış.",
-    "followers.incoming.list.self.none": "Hiç kimse profilini takip etmiyor.",
-    "followers.incoming.list.none": "Hiç kimse bu kullanıcıyı takip etmiyor.",
-    "followers.outgoing.list.self.none": "Hiç kimseyi takip etmiyorsun.",
-    "followers.outgoing.list.none": "%s hiç kimseyi takip etmiyor.",
-    "relativetime.now": "şimdi",
-    "relativetime.future": "gelecekte",
-    "relativetime.1day": "dün",
-    "relativetime.2days": "evvelsi gün",
-    "relativetime.1week": "geçen hafta",
-    "relativetime.2weeks": "iki hafta önce",
-    "relativetime.1month": "geçen ay",
-    "relativetime.2months": "iki ay önce",
-    "relativetime.1year": "geçen yıl",
-    "relativetime.2years": "iki yıl önce",
-    "repo.pulls.already_merged": "Birleştirme başarısız: Bu birleştirme isteği zaten birleştirilmiş.",
-    "repo.pulls.maintainers_can_edit": "Bakımcılar bu birleştirme isteğini düzenleyebilirler.",
-    "repo.pulls.maintainers_cannot_edit": "Bakımcılar bu birleştirme isteğini düzenleyemezler.",
-    "repo.form.cannot_create": "Depo oluşturabileceğiniz her yer, depo sınırlarına ulaştılar.",
-    "migrate.form.error.url_credentials": "URL, kimlik bilgileri içeriyor; bu bilgileri sırasıyla kullanıcı adı ve şifre alanlarına koyunuz",
-    "watch.n_watchers": {
-        "one": "%s izleyen",
-        "other": "%s izleyen"
-    },
-    "migrate.forgejo.description": "codeberg.org veya diğer Forgejo oluşumlarından veri aktar.",
-    "repo.issue_indexer.title": "Sorun Endeksleyici",
-    "relativetime.mins": {
-        "one": "%d dakika önce",
-        "other": "%d dakika önce"
-    },
-    "relativetime.hours": {
-        "one": "%d saat önce",
-        "other": "%d saat önce"
-    },
-    "relativetime.days": {
-        "one": "%d gün önce",
-        "other": "%d gün önce"
-    },
-    "relativetime.weeks": {
-        "one": "%d hafta önce",
-        "other": "%d hafta önce"
-    },
-    "relativetime.months": {
-        "one": "%d ay önce",
-        "other": "%d ay önce"
-    },
-    "relativetime.years": {
-        "one": "%d yıl önce",
-        "other": "%d yıl önce"
-    },
-    "repo.settings.push_mirror.branch_filter.label": "Dal süzgeci (isteğe bağlı)",
-    "repo.settings.push_mirror.branch_filter.description": "Yansıtılıcak dallar. Tüm dalları yansıtmak için boş bırakın. Sözdizimi için <a href=\"%[1]s\">$[2]s dokümantasyonuna</a> başvurun. Örneğin: <code>main, release/*</code>",
-    "incorrect_root_url": "Bu Forgejo oluşumu \"%s\" üzerinde sunulmak için ayarlanmış. Şu an Forgejo'yu başka bir URL üzerinden görüntülüyorsunuz ki bu uygulamanın bazı kısımlarının bozulmasına yol açabilir. Kanonik URL, Forgejo yöneticileri tarafından app.ini içerisindeki ROOT_URL ayarıyla kontrol edilmektedir.",
-    "themes.names.forgejo-auto": "Forgejo (sistem temasını izle)",
-    "themes.names.forgejo-light": "Forgejo aydınlık",
-    "themes.names.forgejo-dark": "Forgejo karanlık",
-    "error.not_found.title": "Sayfa bulunamadı",
-    "warning.repository.out_of_sync": "Bu deponun veritabanı gösterimi senkronize değil. Bu uyarıyı depoya bir katkı yaptıktan sonra bile görüyorsanız yöneticiye ulaşın.",
-    "alert.asset_load_failed": "Varlık dosyaları {path} dizininden yüklenemedi. Lütfen varlık dosyalarının erişilebilir olduğundan emin olun.",
-    "alert.range_error": " , %[1]s ve %[2]s arasındaki bir sayı olmalı.",
-    "install.invalid_lfs_path": "Seçilen dizinde LFS kökü oluşturulamadı: %[1]s",
-    "profile.actions.tooltip": "Diğer işlemler",
-    "profile.edit.link": "Profili düzenle",
-    "feed.atom.link": "Atom akışı",
-    "keys.ssh.link": "SSH anahtarları",
-    "keys.gpg.link": "GPG anahtarları",
-    "admin.config.moderation_config": "Denetim ayarları",
-    "admin.moderation.moderation_reports": "Denetim bildirileri",
-    "admin.moderation.reports": "Bildiriler",
-    "admin.moderation.no_open_reports": "Hiç açık bildiri yok.",
-    "admin.moderation.deleted_content_ref": "%[1]v türündeki %[2]d kimliğine sahip bildirilen içerik artık mevcut değil",
-    "moderation.report_abuse": "Kötüye kullanım bildir",
-    "moderation.report_content": "İçeriği bildir",
-    "moderation.report_abuse_form.header": "Yöneticiye kötüye kullanımı bildir",
-    "moderation.report_abuse_form.details": "Bu form; spam profiller, depolar, sorunlar, yorumlar oluşturan veya uygunsuz davranan kullanıcıları bildirmek için kullanılmalıdır.",
-    "moderation.report_abuse_form.invalid": "Geçersiz argümanlar",
-    "moderation.report_abuse_form.already_reported": "Bu içeriği zaten bildirmişsiniz",
-    "moderation.abuse_category": "Kategori",
-    "moderation.abuse_category.placeholder": "Bir kategori seçiniz",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.illegal_content": "Yasa dışı içerik",
-    "moderation.abuse_category.other_violations": "Platform kurallarının diğer ihlalleri",
-    "moderation.report_remarks": "İlave notlar",
-    "moderation.report_remarks.placeholder": "Lütfen bildirdiğiniz kötüye kullanım hakkında detaylar sunun.",
-    "moderation.submit_report": "Bildir",
-    "moderation.reporting_failed": "Kötüye kullanım bildirisi gönderilemedi: %v",
-    "moderation.reported_thank_you": "Bildirin için teşekkürler. Yönetim bu konuda bilgilendirildi.",
-    "mail.actions.successful_run_after_failure_subject": "İş akışı, %[1]s; %[2]s deposunda kurtarıldı",
-    "mail.actions.not_successful_run_subject": "İş akışı, %[1]s; %[2]s deposunda başarısız oldu",
-    "mail.actions.successful_run_after_failure": "İş akışı, %[1]s; %[2]s deposunda kurtarıldı",
-    "mail.actions.not_successful_run": "İş akışı, %[1]s; %[2]s deposunda başarısız oldu",
-    "mail.actions.run_info_cur_status": "Bu Çalıştırmanın Durumu: %[1]s (biraz önce %[2]s'den güncellendi)",
-    "mail.actions.run_info_previous_status": "Önceki Çalıştırmanın Durumu: %[1]s",
-    "mail.actions.run_info_sha": "Katkı: %[1]s",
-    "mail.actions.run_info_trigger": "Başlama sebebi: %[2]s tarafından %[1]s",
-    "mail.issue.action.close_by_commit": "%[1]s; %[2]s sorununu, katkı %[3]s ile kapattı.",
-    "repo.diff.commit.next-short": "Ardıl",
-    "repo.diff.commit.previous-short": "Öncül",
-    "discussion.locked": "Bu tartışma kilitlenmiş. Sadece katılımcılar yorum yapabilir.",
-    "discussion.sidebar.reference": "Referans",
-    "editor.textarea.tab_hint": "Satır zaten girintilenmiş. Düzenleyiciyi terk etmek için tekrar <kbd>Tab</kbd>'a veya <kbd>Escape</kbd>'e basın.",
-    "editor.textarea.shift_tab_hint": "Bu satırda girinti yok. Düzenleyiciyi terk etmek için tekrar <kbd>Shift</kbd> + <kbd>Tab</kbd>'a veya <kbd>Escape</kbd>'e basın.",
-    "admin.auths.allow_username_change": "Kullanıcı adı değişimine izin ver",
-    "admin.auths.allow_username_change.description": "Kullanıcıların profil ayarlarında kullanıcı adlarını değiştirmelerine izin ver",
-    "admin.dashboard.cleanup_offline_runners": "Çevrim dışı çalıştırıcıları temizle",
-    "admin.dashboard.remove_resolved_reports": "Çözülen bildirileri kaldır",
-    "admin.config.security": "Güvenlik ayarları",
-    "admin.config.global_2fa_requirement.title": "Genel iki aşamalı giriş zorunluluğu",
-    "admin.config.global_2fa_requirement.none": "Hayır",
-    "admin.config.global_2fa_requirement.all": "Tüm kullanıcılar",
-    "admin.config.global_2fa_requirement.admin": "Yöneticiler",
-    "settings.visibility.description": "Profil görünürlüğü, diğerlerinin gizli olmayan depolarına erişim kabiliyetini etkiler. <a href=\"%s\" target=\"_blank\">Daha fazla bilgi edin</a>.",
-    "settings.twofa_unroll_unavailable": "İki aşamalı giriş, hesabınız için zorunludur ve devre dışı bırakılamaz.",
-    "settings.twofa_reenroll": "İki aşamalı girişi yeniden kaydet",
-    "settings.twofa_reenroll.description": "İki aşamalı girişinizi yeniden kaydedin",
-    "settings.must_enable_2fa": "Bu Forgejo oluşumu, kullanıcıların hesaplarına erişebilmek için iki aşamalı girişi etkinleştirmelerini zorunlu kılıyor.",
-    "error.must_enable_2fa": "Bu Forgejo oluşumu, kullanıcıların hesaplarına erişebilmek için iki aşamalı girişi etkinleştirmelerini zorunlu kılıyor. Etkinleştirmek için: %s",
-    "avatar.constraints_hint": "Özel profil resmi, boyut olarak %[1]s ve piksel olarak %[2]dx%[3]d sınırını aşmamalı",
-    "user.ghost.tooltip": "Bu kullanıcı ya silinmiş ya da bulunamadı.",
-    "og.repo.summary_card.alt_description": "%[1]s deposunun -%[2]s açıklamalı- özet kartı",
-    "repo.commit.load_tags_failed": "Etiketlerin yüklenmesi dahili bir hata sebebiyle başarısız oldu",
-    "compare.branches.title": "Dalları karşılaştır",
-    "migrate.pagure.description": "pagure.io veya diğer Pagure oluşumlarından veri aktar.",
-    "migrate.pagure.incorrect_url": "Kaynak depo URL'si yanlış verilmiş",
-    "migrate.pagure.project_url": "Pagure proje URL'si",
-    "migrate.pagure.project_example": "Pagure proje URL'si, örneğin: https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Pagure API Jetonu",
-    "migrate.pagure.private_issues.summary": "Gizli Sorunlar (İsteğe Bağlı)",
-    "migrate.pagure.private_issues.description": "Bu özellik, Pagure projenizdeki gizli sorunları arşivlemek amacıyla onları ikinci bir depoya saklamak için tasarlandı. Öncelikle herkese açık olan tüm içerikleri içe aktarmak için normal bir aktarma yapın (jetonsuz). Sonrasında korumak istediğiniz gizli sorunlar var ise onları arşivlemek için bu jeton ayarını kullanarak ayrı bir depo oluşturun.",
-    "migrate.pagure.private_issues.warning": "Eğer gizli sorunları içe aktarmak için API anahtarı kullanıyorsanız yukarıda depo görünürlüğünü Gizli'ye alın. Bu, gizli içeriklerin kazara herkese açık bir depoda ifşa olmasını önler.",
-    "migrate.pagure.token.placeholder": "Sadece gizli sorunlar arşivi oluşturmak için",
-    "release.n_downloads": {
-        "one": "%s indirme",
-        "other": "%s indirme"
-    },
-    "actions.runs.run_attempt_label": "Çalıştırma girişimi #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "Bu işin %[1]s çalışmış olan eski bir çalıştırmasını görüntülüyorsun.",
-    "actions.runs.view_most_recent_run": "En yeni çalıştırmayı görüntüle",
-    "actions.workflow.job_parsing_error": "İş akışındaki işler ayrıştırılamadı: %v",
-    "actions.workflow.event_detection_error": "İş akışındaki desteklenen etkinlikler ayrıştırılamadı: %v",
-    "actions.workflow.pre_execution_error": "Çalıştırma girişimini durduran bir hata sebebiyle iş akışı çalıştırılamadı.",
-    "teams.add_all_repos.modal.header": "Tüm depoları ekle",
-    "teams.remove_all_repos.modal.header": "Tüm depoları kaldır",
-    "meta.last_line": "Steve Jobs ile Nejat İşler'in kardeş olduğunu biliyor muydunuz."
+	"fork.n_forks": {
+		"one": "%s çatal",
+		"other": "%s çatal"
+	},
+	"stars.n_stars": {
+		"one": "%s yıldız",
+		"other": "%s yıldız"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "%[4]s, <code>%[2]s</code> içindeki %[1]d katkıyı <code>%[3]s</code> ile birleştirdi",
+		"other": "%[4]s, <code>%[2]s</code> içindeki %[1]d katkıyı <code>%[3]s</code> ile birleştirdi"
+	},
+	"repo.pulls.title_desc": {
+		"one": "<code>%[2]s</code> içindeki %[1]d katkıyı <code id=\"%[4]s\">%[3]s</code> ile birleştirmek istiyor",
+		"other": "<code>%[2]s</code> içindeki %[1]d katkıyı <code id=\"%[4]s\">%[3]s</code> ile birleştirmek istiyor"
+	},
+	"search.milestone_kind": "Kilometre taşlarını ara…",
+	"moderation.abuse_category.malware": "Kötü amaçlı yazılım",
+	"migrate.github.description": "github.com veya GitHub Enterprise sunucusundan veri aktar.",
+	"migrate.git.description": "Herhangi bir Git servisinden sadece depoyu aktarın.",
+	"migrate.gitea.description": "gitea.com veya diğer Gitea oluşumlarından veri aktar.",
+	"migrate.gitlab.description": "gitlab.com veya diğer GitLab oluşumlarından veri aktar.",
+	"migrate.gogs.description": "notabug.org veya diğer Gogs oluşumlarından veri aktar.",
+	"migrate.onedev.description": "code.onedev.io veya diğer OneDev oluşumlarından veri aktar.",
+	"migrate.gitbucket.description": "GitBucket oluşumlarından veri aktar.",
+	"migrate.codebase.description": "codebasehq.com'dan veri aktar.",
+	"pulse.n_active_issues": {
+		"one": "%s aktif sorun",
+		"other": "%s aktif sorun"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s aktif birleştirme isteği",
+		"other": "%s aktif birleştirme isteği"
+	},
+	"home.welcome.no_activity": "Etkinlik yok",
+	"home.welcome.activity_hint": "Akışınızda henüz bir şey yok. Eylemleriniz ve izlediğiniz depolardaki etkinlikler burada gözükecek.",
+	"home.explore_repos": "Depoları keşfet",
+	"home.explore_users": "Kullanıcıları keşfet",
+	"home.explore_orgs": "Organizasyonları keşfet",
+	"stars.list.none": "Hiç kimse bu depoyu yıldızlamadı.",
+	"watch.list.none": "Hiç kimse bu depoyu izlemeye almamış.",
+	"followers.incoming.list.self.none": "Hiç kimse profilini takip etmiyor.",
+	"followers.incoming.list.none": "Hiç kimse bu kullanıcıyı takip etmiyor.",
+	"followers.outgoing.list.self.none": "Hiç kimseyi takip etmiyorsun.",
+	"followers.outgoing.list.none": "%s hiç kimseyi takip etmiyor.",
+	"relativetime.now": "şimdi",
+	"relativetime.future": "gelecekte",
+	"relativetime.1day": "dün",
+	"relativetime.2days": "evvelsi gün",
+	"relativetime.1week": "geçen hafta",
+	"relativetime.2weeks": "iki hafta önce",
+	"relativetime.1month": "geçen ay",
+	"relativetime.2months": "iki ay önce",
+	"relativetime.1year": "geçen yıl",
+	"relativetime.2years": "iki yıl önce",
+	"repo.pulls.already_merged": "Birleştirme başarısız: Bu birleştirme isteği zaten birleştirilmiş.",
+	"repo.pulls.maintainers_can_edit": "Bakımcılar bu birleştirme isteğini düzenleyebilirler.",
+	"repo.pulls.maintainers_cannot_edit": "Bakımcılar bu birleştirme isteğini düzenleyemezler.",
+	"repo.form.cannot_create": "Depo oluşturabileceğiniz her yer, depo sınırlarına ulaştılar.",
+	"migrate.form.error.url_credentials": "URL, kimlik bilgileri içeriyor; bu bilgileri sırasıyla kullanıcı adı ve şifre alanlarına koyunuz",
+	"watch.n_watchers": {
+		"one": "%s izleyen",
+		"other": "%s izleyen"
+	},
+	"migrate.forgejo.description": "codeberg.org veya diğer Forgejo oluşumlarından veri aktar.",
+	"repo.issue_indexer.title": "Sorun Endeksleyici",
+	"relativetime.mins": {
+		"one": "%d dakika önce",
+		"other": "%d dakika önce"
+	},
+	"relativetime.hours": {
+		"one": "%d saat önce",
+		"other": "%d saat önce"
+	},
+	"relativetime.days": {
+		"one": "%d gün önce",
+		"other": "%d gün önce"
+	},
+	"relativetime.weeks": {
+		"one": "%d hafta önce",
+		"other": "%d hafta önce"
+	},
+	"relativetime.months": {
+		"one": "%d ay önce",
+		"other": "%d ay önce"
+	},
+	"relativetime.years": {
+		"one": "%d yıl önce",
+		"other": "%d yıl önce"
+	},
+	"repo.settings.push_mirror.branch_filter.label": "Dal süzgeci (isteğe bağlı)",
+	"repo.settings.push_mirror.branch_filter.description": "Yansıtılıcak dallar. Tüm dalları yansıtmak için boş bırakın. Sözdizimi için <a href=\"%[1]s\">$[2]s dokümantasyonuna</a> başvurun. Örneğin: <code>main, release/*</code>",
+	"incorrect_root_url": "Bu Forgejo oluşumu \"%s\" üzerinde sunulmak için ayarlanmış. Şu an Forgejo'yu başka bir URL üzerinden görüntülüyorsunuz ki bu uygulamanın bazı kısımlarının bozulmasına yol açabilir. Kanonik URL, Forgejo yöneticileri tarafından app.ini içerisindeki ROOT_URL ayarıyla kontrol edilmektedir.",
+	"themes.names.forgejo-auto": "Forgejo (sistem temasını izle)",
+	"themes.names.forgejo-light": "Forgejo aydınlık",
+	"themes.names.forgejo-dark": "Forgejo karanlık",
+	"error.not_found.title": "Sayfa bulunamadı",
+	"warning.repository.out_of_sync": "Bu deponun veritabanı gösterimi senkronize değil. Bu uyarıyı depoya bir katkı yaptıktan sonra bile görüyorsanız yöneticiye ulaşın.",
+	"alert.asset_load_failed": "Varlık dosyaları {path} dizininden yüklenemedi. Lütfen varlık dosyalarının erişilebilir olduğundan emin olun.",
+	"alert.range_error": " , %[1]s ve %[2]s arasındaki bir sayı olmalı.",
+	"install.invalid_lfs_path": "Seçilen dizinde LFS kökü oluşturulamadı: %[1]s",
+	"profile.actions.tooltip": "Diğer işlemler",
+	"profile.edit.link": "Profili düzenle",
+	"feed.atom.link": "Atom akışı",
+	"keys.ssh.link": "SSH anahtarları",
+	"keys.gpg.link": "GPG anahtarları",
+	"admin.config.moderation_config": "Denetim ayarları",
+	"admin.moderation.moderation_reports": "Denetim bildirileri",
+	"admin.moderation.reports": "Bildiriler",
+	"admin.moderation.no_open_reports": "Hiç açık bildiri yok.",
+	"admin.moderation.deleted_content_ref": "%[1]v türündeki %[2]d kimliğine sahip bildirilen içerik artık mevcut değil",
+	"moderation.report_abuse": "Kötüye kullanım bildir",
+	"moderation.report_content": "İçeriği bildir",
+	"moderation.report_abuse_form.header": "Yöneticiye kötüye kullanımı bildir",
+	"moderation.report_abuse_form.details": "Bu form; spam profiller, depolar, sorunlar, yorumlar oluşturan veya uygunsuz davranan kullanıcıları bildirmek için kullanılmalıdır.",
+	"moderation.report_abuse_form.invalid": "Geçersiz argümanlar",
+	"moderation.report_abuse_form.already_reported": "Bu içeriği zaten bildirmişsiniz",
+	"moderation.abuse_category": "Kategori",
+	"moderation.abuse_category.placeholder": "Bir kategori seçiniz",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.illegal_content": "Yasa dışı içerik",
+	"moderation.abuse_category.other_violations": "Platform kurallarının diğer ihlalleri",
+	"moderation.report_remarks": "İlave notlar",
+	"moderation.report_remarks.placeholder": "Lütfen bildirdiğiniz kötüye kullanım hakkında detaylar sunun.",
+	"moderation.submit_report": "Bildir",
+	"moderation.reporting_failed": "Kötüye kullanım bildirisi gönderilemedi: %v",
+	"moderation.reported_thank_you": "Bildirin için teşekkürler. Yönetim bu konuda bilgilendirildi.",
+	"mail.actions.successful_run_after_failure_subject": "İş akışı, %[1]s; %[2]s deposunda kurtarıldı",
+	"mail.actions.not_successful_run_subject": "İş akışı, %[1]s; %[2]s deposunda başarısız oldu",
+	"mail.actions.successful_run_after_failure": "İş akışı, %[1]s; %[2]s deposunda kurtarıldı",
+	"mail.actions.not_successful_run": "İş akışı, %[1]s; %[2]s deposunda başarısız oldu",
+	"mail.actions.run_info_cur_status": "Bu Çalıştırmanın Durumu: %[1]s (biraz önce %[2]s'den güncellendi)",
+	"mail.actions.run_info_previous_status": "Önceki Çalıştırmanın Durumu: %[1]s",
+	"mail.actions.run_info_sha": "Katkı: %[1]s",
+	"mail.actions.run_info_trigger": "Başlama sebebi: %[2]s tarafından %[1]s",
+	"mail.issue.action.close_by_commit": "%[1]s; %[2]s sorununu, katkı %[3]s ile kapattı.",
+	"repo.diff.commit.next-short": "Ardıl",
+	"repo.diff.commit.previous-short": "Öncül",
+	"discussion.locked": "Bu tartışma kilitlenmiş. Sadece katılımcılar yorum yapabilir.",
+	"discussion.sidebar.reference": "Referans",
+	"editor.textarea.tab_hint": "Satır zaten girintilenmiş. Düzenleyiciyi terk etmek için tekrar <kbd>Tab</kbd>'a veya <kbd>Escape</kbd>'e basın.",
+	"editor.textarea.shift_tab_hint": "Bu satırda girinti yok. Düzenleyiciyi terk etmek için tekrar <kbd>Shift</kbd> + <kbd>Tab</kbd>'a veya <kbd>Escape</kbd>'e basın.",
+	"admin.auths.allow_username_change": "Kullanıcı adı değişimine izin ver",
+	"admin.auths.allow_username_change.description": "Kullanıcıların profil ayarlarında kullanıcı adlarını değiştirmelerine izin ver",
+	"admin.dashboard.cleanup_offline_runners": "Çevrim dışı çalıştırıcıları temizle",
+	"admin.dashboard.remove_resolved_reports": "Çözülen bildirileri kaldır",
+	"admin.config.security": "Güvenlik ayarları",
+	"admin.config.global_2fa_requirement.title": "Genel iki aşamalı giriş zorunluluğu",
+	"admin.config.global_2fa_requirement.none": "Hayır",
+	"admin.config.global_2fa_requirement.all": "Tüm kullanıcılar",
+	"admin.config.global_2fa_requirement.admin": "Yöneticiler",
+	"settings.visibility.description": "Profil görünürlüğü, diğerlerinin gizli olmayan depolarına erişim kabiliyetini etkiler. <a href=\"%s\" target=\"_blank\">Daha fazla bilgi edin</a>.",
+	"settings.twofa_unroll_unavailable": "İki aşamalı giriş, hesabınız için zorunludur ve devre dışı bırakılamaz.",
+	"settings.twofa_reenroll": "İki aşamalı girişi yeniden kaydet",
+	"settings.twofa_reenroll.description": "İki aşamalı girişinizi yeniden kaydedin",
+	"settings.must_enable_2fa": "Bu Forgejo oluşumu, kullanıcıların hesaplarına erişebilmek için iki aşamalı girişi etkinleştirmelerini zorunlu kılıyor.",
+	"error.must_enable_2fa": "Bu Forgejo oluşumu, kullanıcıların hesaplarına erişebilmek için iki aşamalı girişi etkinleştirmelerini zorunlu kılıyor. Etkinleştirmek için: %s",
+	"avatar.constraints_hint": "Özel profil resmi, boyut olarak %[1]s ve piksel olarak %[2]dx%[3]d sınırını aşmamalı",
+	"user.ghost.tooltip": "Bu kullanıcı ya silinmiş ya da bulunamadı.",
+	"og.repo.summary_card.alt_description": "%[1]s deposunun -%[2]s açıklamalı- özet kartı",
+	"repo.commit.load_tags_failed": "Etiketlerin yüklenmesi dahili bir hata sebebiyle başarısız oldu",
+	"compare.branches.title": "Dalları karşılaştır",
+	"migrate.pagure.description": "pagure.io veya diğer Pagure oluşumlarından veri aktar.",
+	"migrate.pagure.incorrect_url": "Kaynak depo URL'si yanlış verilmiş",
+	"migrate.pagure.project_url": "Pagure proje URL'si",
+	"migrate.pagure.project_example": "Pagure proje URL'si, örneğin: https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Pagure API Jetonu",
+	"migrate.pagure.private_issues.summary": "Gizli Sorunlar (İsteğe Bağlı)",
+	"migrate.pagure.private_issues.description": "Bu özellik, Pagure projenizdeki gizli sorunları arşivlemek amacıyla onları ikinci bir depoya saklamak için tasarlandı. Öncelikle herkese açık olan tüm içerikleri içe aktarmak için normal bir aktarma yapın (jetonsuz). Sonrasında korumak istediğiniz gizli sorunlar var ise onları arşivlemek için bu jeton ayarını kullanarak ayrı bir depo oluşturun.",
+	"migrate.pagure.private_issues.warning": "Eğer gizli sorunları içe aktarmak için API anahtarı kullanıyorsanız yukarıda depo görünürlüğünü Gizli'ye alın. Bu, gizli içeriklerin kazara herkese açık bir depoda ifşa olmasını önler.",
+	"migrate.pagure.token.placeholder": "Sadece gizli sorunlar arşivi oluşturmak için",
+	"release.n_downloads": {
+		"one": "%s indirme",
+		"other": "%s indirme"
+	},
+	"actions.runs.run_attempt_label": "Çalıştırma girişimi #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "Bu işin %[1]s çalışmış olan eski bir çalıştırmasını görüntülüyorsun.",
+	"actions.runs.view_most_recent_run": "En yeni çalıştırmayı görüntüle",
+	"actions.workflow.job_parsing_error": "İş akışındaki işler ayrıştırılamadı: %v",
+	"actions.workflow.event_detection_error": "İş akışındaki desteklenen etkinlikler ayrıştırılamadı: %v",
+	"actions.workflow.pre_execution_error": "Çalıştırma girişimini durduran bir hata sebebiyle iş akışı çalıştırılamadı.",
+	"teams.add_all_repos.modal.header": "Tüm depoları ekle",
+	"teams.remove_all_repos.modal.header": "Tüm depoları kaldır",
+	"meta.last_line": "Steve Jobs ile Nejat İşler'in kardeş olduğunu biliyor muydunuz.\n(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_tt.json b/options/locale_next/locale_tt.json
index a06110c46a..0e8233d42b 100644
--- a/options/locale_next/locale_tt.json
+++ b/options/locale_next/locale_tt.json
@@ -1,8 +1,9 @@
 {
-    "home.welcome.no_activity": "Эшчәнлек юк",
-    "home.welcome.activity_hint": "Сезнең тасмада әлегә бернәрсә дә юк. Сез күзәткән репозиторийлардагы гамәлләрегез һәм активлыгыгыз монда күрсәтеләчәк.",
-    "home.explore_repos": "Репозиторийларны карау",
-    "home.explore_users": "Кулланучыларны өйрәнү",
-    "home.explore_orgs": "Оешмаларны өйрәнү",
-    "fork.n_forks": "%s чәнечке"
+	"home.welcome.no_activity": "Эшчәнлек юк",
+	"home.welcome.activity_hint": "Сезнең тасмада әлегә бернәрсә дә юк. Сез күзәткән репозиторийлардагы гамәлләрегез һәм активлыгыгыз монда күрсәтеләчәк.",
+	"home.explore_repos": "Репозиторийларны карау",
+	"home.explore_users": "Кулланучыларны өйрәнү",
+	"home.explore_orgs": "Оешмаларны өйрәнү",
+	"fork.n_forks": "%s чәнечке",
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index fd37dff4a5..c495790102 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -1,262 +1,262 @@
 {
-    "fork.n_forks": {
-        "one": "%s форк",
-        "few": "%s форки",
-        "many": "%s форків"
-    },
-    "stars.n_stars": {
-        "one": "%s зірка",
-        "few": "%s зірки",
-        "many": "%s зірок"
-    },
-    "release.n_downloads": {
-        "one": "%s завантаження",
-        "few": "%s завантаження",
-        "many": "%s завантажень"
-    },
-    "repo.pulls.merged_title_desc": {
-        "one": "об’єднує %[1]d коміт з <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
-        "few": "об’єднує %[1]d коміти з <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
-        "many": "об’єднує %[1]d комітів з <code>%[2]s</code> в <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "хоче об’єднати %[1]d коміт з <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>",
-        "few": "хоче об’єднати %[1]d коміти з <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>",
-        "many": "хоче об’єднати %[1]d комітів з <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "search.milestone_kind": "Шукати етапи…",
-    "home.welcome.activity_hint": "У вашій стрічці ще нічого немає. Тут з’являтимуться ваші дії та активність із відстежуваних репозиторіїв.",
-    "home.welcome.no_activity": "Немає подій",
-    "home.explore_repos": "Огляд репозиторіїв",
-    "home.explore_users": "Огляд користувачів",
-    "home.explore_orgs": "Огляд організацій",
-    "incorrect_root_url": "Цей екземпляр Forgejo налаштовано на відвідування з «%s». Зараз ви переглядаєте Forgejo за іншою URL-адресою, що може призвести до збоїв деяких частин програми. Канонічна URL-адреса встановлюється адміністраторами Forgejo за допомогою параметра ROOT_URL у файлі app.ini.",
-    "themes.names.forgejo-light": "Forgejo світла",
-    "themes.names.forgejo-dark": "Forgejo темна",
-    "themes.names.forgejo-auto": "Forgejo (як у системі)",
-    "error.not_found.title": "Сторінку не знайдено",
-    "alert.asset_load_failed": "Не вдалося завантажити файли ресурсів з {path}. Переконайтеся, що до файлів ресурсів є доступ.",
-    "install.invalid_lfs_path": "Не вдалося створити корінь LFS за вказаним шляхом: %[1]s",
-    "alert.range_error": " має бути числом від %[1]s до %[2]s.",
-    "meta.last_line": "Не зливай злий запити на злиття — зіллється зле.",
-    "mail.actions.successful_run_after_failure": "Робочий потік %[1]s відновлено в репозиторії %[2]s",
-    "mail.actions.successful_run_after_failure_subject": "Робочий потік %[1]s відновлено в репозиторії %[2]s",
-    "mail.actions.run_info_previous_status": "Стан попереднього запуску: %[1]s",
-    "mail.actions.run_info_cur_status": "Стан цього запуску: %[1]s (щойно оновлено з %[2]s)",
-    "mail.actions.run_info_trigger": "Причина: %[1]s від: %[2]s",
-    "mail.actions.not_successful_run_subject": "Помилка робочого потоку %[1]s в репозиторії %[2]s",
-    "mail.actions.not_successful_run": "Помилка робочого потоку %[1]s в репозиторії %[2]s",
-    "discussion.locked": "Це обговорення було закрито. Коментувати можуть лише учасники.",
-    "relativetime.mins": {
-        "one": "%d хвилину тому",
-        "few": "%d хвилини тому",
-        "many": "%d хвилин тому"
-    },
-    "relativetime.days": {
-        "one": "%d день тому",
-        "few": "%d дні тому",
-        "many": "%d днів тому"
-    },
-    "relativetime.1day": "учора",
-    "relativetime.1week": "минулого тижня",
-    "relativetime.2weeks": "два тижні тому",
-    "relativetime.1month": "минулого місяця",
-    "relativetime.1year": "минулого року",
-    "relativetime.2years": "два роки тому",
-    "relativetime.2months": "два місяці тому",
-    "relativetime.now": "щойно",
-    "relativetime.2days": "два дні тому",
-    "relativetime.future": "у майбутньому",
-    "relativetime.weeks": {
-        "one": "%d тиждень тому",
-        "few": "%d тижні тому",
-        "many": "%d тижнів тому"
-    },
-    "relativetime.months": {
-        "one": "%d місяць тому",
-        "few": "%d місяці тому",
-        "many": "%d місяців тому"
-    },
-    "relativetime.hours": {
-        "one": "%d годину тому",
-        "few": "%d години тому",
-        "many": "%d годин тому"
-    },
-    "relativetime.years": {
-        "one": "%d рік тому",
-        "few": "%d роки тому",
-        "many": "%d років тому"
-    },
-    "admin.config.moderation_config": "Конфігурація модерування",
-    "moderation.abuse_category.placeholder": "Виберіть категорію",
-    "moderation.report_abuse_form.invalid": "Недійсні аргументи",
-    "moderation.report_abuse_form.already_reported": "Ви вже скаржилися на цей вміст",
-    "moderation.report_abuse": "Повідомити про порушення",
-    "moderation.report_content": "Поскаржитися на вміст",
-    "moderation.abuse_category.spam": "Спам",
-    "moderation.report_remarks.placeholder": "Будь ласка, докладно опишіть порушення, про яке ви повідомляєте.",
-    "moderation.submit_report": "Надіслати скаргу",
-    "moderation.abuse_category.malware": "Шкідливе ПЗ",
-    "moderation.abuse_category.illegal_content": "Нелегальний вміст",
-    "moderation.report_abuse_form.header": "Повідомити адміністраторам про порушення",
-    "moderation.report_abuse_form.details": "Використовуйте цю форму, щоб повідомити про користувачів, які створюють спам-профілі, репозиторії, задачі, коментарі або поводяться неналежним чином.",
-    "moderation.abuse_category": "Категорія",
-    "moderation.abuse_category.other_violations": "Інші порушення правил платформи",
-    "moderation.reporting_failed": "Не вдалося надіслати повідомлення про порушення: %v",
-    "moderation.report_remarks": "Подробиці",
-    "moderation.reported_thank_you": "Дякуємо за ваше повідомлення. Адміністрацію поінформовано про нього.",
-    "repo.form.cannot_create": "У всіх просторах, де ви можете створювати репозиторії, досягнуто обмеження кількості репозиторіїв.",
-    "repo.issue_indexer.title": "Індексатор задач",
-    "followers.incoming.list.self.none": "Ніхто не стежить за вашим профілем.",
-    "followers.incoming.list.none": "Ніхто не стежить за цим користувачем.",
-    "followers.outgoing.list.self.none": "Ви ні за ким не стежите.",
-    "followers.outgoing.list.none": "%s ні за ким не стежить.",
-    "stars.list.none": "Ніхто не додав цей репозиторій в обрані.",
-    "watch.list.none": "Ніхто не спостерігає за цим репозиторієм.",
-    "editor.textarea.tab_hint": "У рядку вже є відступ. Натисніть <kbd>Tab</kbd> ще раз або <kbd>Esc</kbd>, щоб вийти з редактора.",
-    "editor.textarea.shift_tab_hint": "У цьому рядку немає відступів. Натисніть <kbd>Shift</kbd> + <kbd>Tab</kbd> ще раз або <kbd>Esc</kbd>, щоб вийти з редактора.",
-    "admin.dashboard.cleanup_offline_runners": "Очистити неактивні ранери",
-    "settings.visibility.description": "Видимість профілю впливає на можливість інших користувачів отримати доступ до ваших неприватних репозиторіїв. <a href=\"%s\" target=\"_blank\">Дізнатися більше</a>.",
-    "avatar.constraints_hint": "Розмір користувацького аватара не може перевищувати %[1]s або бути більшим за %[2]d×%[3]d пікселів",
-    "repo.diff.commit.next-short": "Наступний",
-    "repo.diff.commit.previous-short": "Попередній",
-    "keys.ssh.link": "Ключі SSH",
-    "keys.gpg.link": "Ключі GPG",
-    "profile.edit.link": "Редагувати профіль",
-    "feed.atom.link": "Стрічка Atom",
-    "profile.actions.tooltip": "Більше дій",
-    "og.repo.summary_card.alt_description": "Підсумкова картка репозиторію %[1]s з описом: %[2]s",
-    "mail.actions.run_info_sha": "Коміт: %[1]s",
-    "repo.settings.push_mirror.branch_filter.description": "Гілки для дзеркалювання. Залиште порожнім, щоб віддзеркалити всі гілки. Дивіться синтаксис у <a href=\"%[1]s\">документації %[2]s</a>. Приклади: <code>main, release/*</code>",
-    "repo.settings.push_mirror.branch_filter.label": "Фільтр гілок (необов’язково)",
-    "discussion.sidebar.reference": "Посилання",
-    "admin.moderation.no_open_reports": "Відкритих скарг наразі немає.",
-    "admin.moderation.reports": "Скарги",
-    "admin.moderation.deleted_content_ref": "Вміст типу %[1]v з ідентифікатором %[2]d, на який подано скаргу, більше не існує",
-    "admin.moderation.moderation_reports": "Скарги модераторам",
-    "admin.dashboard.remove_resolved_reports": "Видалити закриті скарги",
-    "compare.branches.title": "Порівняти гілки",
-    "repo.commit.load_tags_failed": "Завантаження тегів не вдалося через внутрішню помилку",
-    "admin.auths.allow_username_change.description": "Дозволити користувачам змінювати ім’я користувача в налаштуваннях профілю",
-    "admin.auths.allow_username_change": "Дозволити змінювати імена",
-    "warning.repository.out_of_sync": "База даних цього репозиторію не синхронізована. Якщо ви знову бачите це попередження після надсилання коміту в цей репозиторій, зверніться до адміністратора.",
-    "repo.pulls.already_merged": "Не вдалося об’єднати: цей запит на злиття вже об’єднано.",
-    "migrate.pagure.description": "Перенести дані з pagure.io або інших екземплярів Pagure.",
-    "migrate.pagure.token_label": "Токен API Pagure",
-    "migrate.pagure.project_url": "URL-адреса проєкту Pagure",
-    "migrate.pagure.project_example": "URL-адреса проєкту Pagure, наприклад, https://pagure.io/pagure",
-    "migrate.pagure.incorrect_url": "Вказано неправильну URL-адресу репозиторію-джерела",
-    "migrate.github.description": "Перенести дані з github.com або сервера GitHub Enterprise.",
-    "migrate.git.description": "Перенести репозиторій з будь-якої служби Git.",
-    "migrate.gitea.description": "Перенести дані з gitea.com та інших екземплярів Gitea.",
-    "migrate.gitlab.description": "Перенести дані з gitlab.com та інших екземплярів GitLab.",
-    "migrate.gogs.description": "Перенести дані з notabug.org та інших екземплярів Gogs.",
-    "migrate.onedev.description": "Перенести дані з code.onedev.io та інших екземплярів OneDev.",
-    "migrate.gitbucket.description": "Перенести дані з екземплярів GitBucket.",
-    "migrate.codebase.description": "Перенести дані з codebasehq.com.",
-    "migrate.forgejo.description": "Перенести дані з codeberg.org або інших екземплярів Forgejo.",
-    "settings.must_enable_2fa": "На цьому екземплярі Forgejo для доступу до облікового запису вам необхідно захистити його двофакторною автентифікацією.",
-    "error.must_enable_2fa": "На цьому екземплярі Forgejo для доступу до облікового запису вам необхідно захистити його двофакторною автентифікацією. Увімкніть її тут: %s",
-    "admin.config.global_2fa_requirement.none": "Немає",
-    "admin.config.global_2fa_requirement.all": "Усі користувачі",
-    "admin.config.global_2fa_requirement.admin": "Адміністратори",
-    "admin.config.security": "Конфігурація безпеки",
-    "admin.config.global_2fa_requirement.title": "Глобальна вимога двофакторної автентифікації",
-    "settings.twofa_unroll_unavailable": "Для вашого облікового запису необхідна двофакторна автентифікація; це неможливо вимкнути.",
-    "settings.twofa_reenroll": "Увімкнути двофакторну автентифікацію",
-    "settings.twofa_reenroll.description": "Повторно зареєструйте свою двофакторну автентифікацію",
-    "user.ghost.tooltip": "Користувача не знайдено; ймовірно, його було видалено.",
-    "migrate.form.error.url_credentials": "URL-адреса містить дані для входу, введіть їх у поля «Ім’я користувача» і «Пароль» відповідно",
-    "actions.runs.run_attempt_label": "Спроба запуску №%[1]s (%[2]s)",
-    "actions.runs.view_most_recent_run": "Переглянути останній запуск",
-    "actions.runs.viewing_out_of_date_run": "Ви переглядаєте застарілий запуск цього завдання, який було виконано %[1]s.",
-    "repo.pulls.maintainers_can_edit": "Супроводжувачі можуть редагувати цей запит на злиття.",
-    "repo.pulls.maintainers_cannot_edit": "Супроводжувачі не можуть редагувати цей запит на злиття.",
-    "pulse.n_active_issues": {
-        "one": "%s активна задача",
-        "few": "%s активних задачі",
-        "many": "%s активних задач"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s активний запит на злиття",
-        "few": "%s активних запити на злиття",
-        "many": "%s активних запитів на злиття"
-    },
-    "migrate.pagure.private_issues.summary": "Приватні задачі (необов’язково)",
-    "migrate.pagure.private_issues.description": "Ця функція дозволяє створити додатковий репозиторій для архівування в ньому приватних задач із вашого проєкту Pagure. Спочатку виконайте звичайне перенесення (без токена), щоб імпортувати весь публічний вміст. Потім, якщо у вас є приватні задачі, які потрібно зберегти, створіть окремий репозиторій, використовуючи токен, щоб архівувати ці приватні задачі.",
-    "migrate.pagure.private_issues.warning": "Обов’язково встановіть видимість репозиторію на «Приватний», якщо використовуєте ключ API для імпорту приватних задач. Це запобігає випадковому розкриттю приватного вмісту в публічному репозиторії.",
-    "migrate.pagure.token.placeholder": "Тільки для створення архіву приватних задач",
-    "mail.issue.action.close_by_commit": "%[1]s закриває %[2]s в коміті %[3]s.",
-    "actions.workflow.job_parsing_error": "Не вдалося розібрати завдання в робочому потоці: %v",
-    "actions.workflow.event_detection_error": "Не вдалося розібрати підтримувані події в робочому потоці: %v",
-    "actions.workflow.pre_execution_error": "Спробу виконання робочого потоку було заблоковано через помилку.",
-    "watch.n_watchers": {
-        "one": "%s спостерігач",
-        "few": "%s спостерігачі",
-        "many": "%s спостерігачів"
-    },
-    "teams.add_all_repos.modal.header": "Додати всі репозиторії",
-    "teams.remove_all_repos.modal.header": "Вилучити всі репозиторії",
-    "repo.pulls.poster_requires_approval": "Деякі робочі потоки <a href=\"%[1]s\">очікують на перевірку.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "Авторові цього запиту на злиття не довірено запуск робочих потоків, ініційованих запитом на злиття з форкнутого репозиторію або з AGit. Робочі потоки, ініційовані подією `pull_request`, не будуть виконані до їх схвалення.",
-    "repo.pulls.poster_manage_approval": "Керування схваленням",
-    "repo.pulls.poster_is_trusted.tooltip": "Авторові цього запиту на злиття явно довірено запуск робочих потоків, ініційованих подіями `pull_request`.",
-    "repo.pulls.poster_is_trusted": "Авторові цього запиту на злиття <a href=\"%[1]s\">завжди довірено запуск робочих потоків.</a>",
-    "repo.pulls.poster_trust_deny.tooltip": "Робочі потоки, що очікують на схвалення, будуть скасовані.",
-    "repo.pulls.poster_trust_once": "Схвалити один раз",
-    "repo.pulls.poster_trust_deny": "Відхилити",
-    "repo.pulls.poster_trust_revoke": "Відкликати",
-    "repo.pulls.poster_trust_always": "Схвалювати завжди",
-    "repo.pulls.poster_trust_once.tooltip": "Робочі потоки, ініційовані подією `pull_request`, будуть виконані для цього коміту, але їх потрібно буде схвалювати для всіх наступних комітів, надісланих до цього запиту на злиття.",
-    "repo.pulls.poster_trust_always.tooltip": "Робочі потоки, ініційовані подією `pull_request`, будуть виконані для цього коміту, і не буде необхідності схвалювати запуски з цього запиту на злиття або наступних запитів, створених тим самим користувачем.",
-    "repo.pulls.poster_trust_revoke.tooltip": "Автор цього запиту на злиття більше не зможе запускати робочі потоки, ініційовані подією `pull_request`, кожен запуск потрібно буде схвалювати вручну.",
-    "admin.dashboard.actions_action_user": "Відкликати довіру Дій Forgejo у неактивних користувачів",
-    "actions.status.diagnostics.waiting": {
-        "one": "Очікування ранера з міткою: %s",
-        "few": "Очікування ранера з мітками: %s",
-        "many": "Очікування ранера з мітками: %s"
-    },
-    "keys.verify.token.hint": "Токен дійсний лише протягом 1 хвилини. <a href=\"%[1]s\">Отримайте новий, якщо термін дії закінчився</a>.",
-    "admin.dashboard.transfer_lingering_logs": "Перемістити журнали виконаних завдань із бази даних до сховища",
-    "search.syntax": "Синтаксис пошуку",
-    "repo.issues.filter_poster.hint": "Фільтрувати за автором",
-    "repo.issues.filter_assignee.hint": "Фільтрувати за призначеним користувачем",
-    "repo.issues.filter_reviewers.hint": "Фільтрувати за користувачем, який залишив відгук",
-    "repo.issues.filter_mention.hint": "Фільтрувати за згаданим користувачем",
-    "repo.issues.filter_modified.hint": "Фільтрувати за датою останньої зміни",
-    "repo.issues.filter_sort.hint": "Сортувати за: створено/коментарі/оновлено/термін виконання",
-    "actions.workflow.persistent_incomplete_matrix": "Неможливо оцінити `strategy.matrix` завдання %[1]s через недійсний вираз `needs`. Можливо, він посилається на завдання, якого немає у списку «needs» (%[2]s), або на результат, якого не існує в одному з цих завдань.",
-    "admin.auths.oauth2_quota_group_claim_name": "Назва заявки, що надає назви груп для цього джерела, які будуть використовуватися для керування квотами. (Необов’язково)",
-    "admin.auths.oauth2_quota_group_map": "Зіставити заявлені групи з групами квот. (Необов’язково — потрібна назва заявки вище)",
-    "admin.auths.oauth2_quota_group_map_removal": "Видаляти користувачів із синхронізованих груп квот, якщо користувачі не належать до відповідної групи.",
-    "moderation.action.account.delete": "Видалити обліковий запис",
-    "moderation.action.repo.delete": "Видалити репозиторій",
-    "moderation.action.issue.delete": "Видалити задачу",
-    "moderation.action.comment.delete": "Видалити коментар",
-    "moderation.unknown_action": "Невідома дія",
-    "moderation.issue.deletion_success": "Задачу видалено.",
-    "moderation.comment.deletion_success": "Коментар видалено.",
-    "moderation.users.cannot_delete_admins": "Користувачів з правами адміністратора неможливо видалити.",
-    "moderation.users.cannot_suspend_self": "Ви не можете призупинити власний обліковий запис.",
-    "moderation.action.account.suspend": "Призупинити обліковий запис",
-    "moderation.users.cannot_suspend_admins": "Облікові записи з правами адміністратора неможливо призупинити.",
-    "moderation.users.cannot_suspend_org": "Організації неможливо призупинити.",
-    "moderation.users.already_suspended": "Обліковий запис уже призупинено.",
-    "moderation.users.suspend_success": "Обліковий запис призупинено.",
-    "moderation.report.mark_as_ignored": "Позначити як ігнороване",
-    "moderation.report.mark_as_handled": "Позначити як опрацьоване",
-    "actions.workflow.incomplete_matrix_missing_job": "Неможливо оцінити `strategy.matrix` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_unknown_cause": "Неможливо оцінити `strategy.matrix` завдання %[1]s: невідома помилка.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Неможливо оцінити `runs-on`завдання %[1]s: невідома помилка.",
-    "actions.workflow.incomplete_matrix_missing_output": "Неможливо оцінити `strategy.matrix` завдання %[1]s: у завдання %[2]s немає результату %[3]s.",
-    "actions.workflow.incomplete_runson_missing_job": "Неможливо оцінити `runs-on` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Неможливо оцінити `runs-on` завдання %[1]s: у завдання %[2]s немає результату %[3]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Неможливо оцінити `runs-on` завдання %[1]s: розмір матриці %[2]s не існує.",
-    "search.fuzzy": "Нечіткий",
-    "search.fuzzy_tooltip": "Включати результати, які приблизно відповідають пошуковому запиту",
-    "issues.updated": "оновлено %s",
-    "actions.workflow.incomplete_with_unknown_cause": "Неможливо оцінити `with`завдання %[1]s: невідома помилка.",
-    "actions.workflow.incomplete_with_missing_matrix_dimension": "Неможливо оцінити `with` завдання %[1]s: розмір матриці %[2]s не існує.",
-    "actions.workflow.incomplete_with_missing_output": "Неможливо оцінити `with` завдання %[1]s: у завдання %[2]s немає результату %[3]s.",
-    "actions.workflow.incomplete_with_missing_job": "Неможливо оцінити `with` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s)."
+	"fork.n_forks": {
+		"one": "%s форк",
+		"few": "%s форки",
+		"many": "%s форків"
+	},
+	"stars.n_stars": {
+		"one": "%s зірка",
+		"few": "%s зірки",
+		"many": "%s зірок"
+	},
+	"release.n_downloads": {
+		"one": "%s завантаження",
+		"few": "%s завантаження",
+		"many": "%s завантажень"
+	},
+	"repo.pulls.merged_title_desc": {
+		"one": "об’єднує %[1]d коміт з <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
+		"few": "об’єднує %[1]d коміти з <code>%[2]s</code> в <code>%[3]s</code> %[4]s",
+		"many": "об’єднує %[1]d комітів з <code>%[2]s</code> в <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "хоче об’єднати %[1]d коміт з <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>",
+		"few": "хоче об’єднати %[1]d коміти з <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>",
+		"many": "хоче об’єднати %[1]d комітів з <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"search.milestone_kind": "Шукати етапи…",
+	"home.welcome.activity_hint": "У вашій стрічці ще нічого немає. Тут з’являтимуться ваші дії та активність із відстежуваних репозиторіїв.",
+	"home.welcome.no_activity": "Немає подій",
+	"home.explore_repos": "Огляд репозиторіїв",
+	"home.explore_users": "Огляд користувачів",
+	"home.explore_orgs": "Огляд організацій",
+	"incorrect_root_url": "Цей екземпляр Forgejo налаштовано на відвідування з «%s». Зараз ви переглядаєте Forgejo за іншою URL-адресою, що може призвести до збоїв деяких частин програми. Канонічна URL-адреса встановлюється адміністраторами Forgejo за допомогою параметра ROOT_URL у файлі app.ini.",
+	"themes.names.forgejo-light": "Forgejo світла",
+	"themes.names.forgejo-dark": "Forgejo темна",
+	"themes.names.forgejo-auto": "Forgejo (як у системі)",
+	"error.not_found.title": "Сторінку не знайдено",
+	"alert.asset_load_failed": "Не вдалося завантажити файли ресурсів з {path}. Переконайтеся, що до файлів ресурсів є доступ.",
+	"install.invalid_lfs_path": "Не вдалося створити корінь LFS за вказаним шляхом: %[1]s",
+	"alert.range_error": " має бути числом від %[1]s до %[2]s.",
+	"meta.last_line": "Не зливай злий запити на злиття — зіллється зле.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.successful_run_after_failure": "Робочий потік %[1]s відновлено в репозиторії %[2]s",
+	"mail.actions.successful_run_after_failure_subject": "Робочий потік %[1]s відновлено в репозиторії %[2]s",
+	"mail.actions.run_info_previous_status": "Стан попереднього запуску: %[1]s",
+	"mail.actions.run_info_cur_status": "Стан цього запуску: %[1]s (щойно оновлено з %[2]s)",
+	"mail.actions.run_info_trigger": "Причина: %[1]s від: %[2]s",
+	"mail.actions.not_successful_run_subject": "Помилка робочого потоку %[1]s в репозиторії %[2]s",
+	"mail.actions.not_successful_run": "Помилка робочого потоку %[1]s в репозиторії %[2]s",
+	"discussion.locked": "Це обговорення було закрито. Коментувати можуть лише учасники.",
+	"relativetime.mins": {
+		"one": "%d хвилину тому",
+		"few": "%d хвилини тому",
+		"many": "%d хвилин тому"
+	},
+	"relativetime.days": {
+		"one": "%d день тому",
+		"few": "%d дні тому",
+		"many": "%d днів тому"
+	},
+	"relativetime.1day": "учора",
+	"relativetime.1week": "минулого тижня",
+	"relativetime.2weeks": "два тижні тому",
+	"relativetime.1month": "минулого місяця",
+	"relativetime.1year": "минулого року",
+	"relativetime.2years": "два роки тому",
+	"relativetime.2months": "два місяці тому",
+	"relativetime.now": "щойно",
+	"relativetime.2days": "два дні тому",
+	"relativetime.future": "у майбутньому",
+	"relativetime.weeks": {
+		"one": "%d тиждень тому",
+		"few": "%d тижні тому",
+		"many": "%d тижнів тому"
+	},
+	"relativetime.months": {
+		"one": "%d місяць тому",
+		"few": "%d місяці тому",
+		"many": "%d місяців тому"
+	},
+	"relativetime.hours": {
+		"one": "%d годину тому",
+		"few": "%d години тому",
+		"many": "%d годин тому"
+	},
+	"relativetime.years": {
+		"one": "%d рік тому",
+		"few": "%d роки тому",
+		"many": "%d років тому"
+	},
+	"admin.config.moderation_config": "Конфігурація модерування",
+	"moderation.abuse_category.placeholder": "Виберіть категорію",
+	"moderation.report_abuse_form.invalid": "Недійсні аргументи",
+	"moderation.report_abuse_form.already_reported": "Ви вже скаржилися на цей вміст",
+	"moderation.report_abuse": "Повідомити про порушення",
+	"moderation.report_content": "Поскаржитися на вміст",
+	"moderation.abuse_category.spam": "Спам",
+	"moderation.report_remarks.placeholder": "Будь ласка, докладно опишіть порушення, про яке ви повідомляєте.",
+	"moderation.submit_report": "Надіслати скаргу",
+	"moderation.abuse_category.malware": "Шкідливе ПЗ",
+	"moderation.abuse_category.illegal_content": "Нелегальний вміст",
+	"moderation.report_abuse_form.header": "Повідомити адміністраторам про порушення",
+	"moderation.report_abuse_form.details": "Використовуйте цю форму, щоб повідомити про користувачів, які створюють спам-профілі, репозиторії, задачі, коментарі або поводяться неналежним чином.",
+	"moderation.abuse_category": "Категорія",
+	"moderation.abuse_category.other_violations": "Інші порушення правил платформи",
+	"moderation.reporting_failed": "Не вдалося надіслати повідомлення про порушення: %v",
+	"moderation.report_remarks": "Подробиці",
+	"moderation.reported_thank_you": "Дякуємо за ваше повідомлення. Адміністрацію поінформовано про нього.",
+	"repo.form.cannot_create": "У всіх просторах, де ви можете створювати репозиторії, досягнуто обмеження кількості репозиторіїв.",
+	"repo.issue_indexer.title": "Індексатор задач",
+	"followers.incoming.list.self.none": "Ніхто не стежить за вашим профілем.",
+	"followers.incoming.list.none": "Ніхто не стежить за цим користувачем.",
+	"followers.outgoing.list.self.none": "Ви ні за ким не стежите.",
+	"followers.outgoing.list.none": "%s ні за ким не стежить.",
+	"stars.list.none": "Ніхто не додав цей репозиторій в обрані.",
+	"watch.list.none": "Ніхто не спостерігає за цим репозиторієм.",
+	"editor.textarea.tab_hint": "У рядку вже є відступ. Натисніть <kbd>Tab</kbd> ще раз або <kbd>Esc</kbd>, щоб вийти з редактора.",
+	"editor.textarea.shift_tab_hint": "У цьому рядку немає відступів. Натисніть <kbd>Shift</kbd> + <kbd>Tab</kbd> ще раз або <kbd>Esc</kbd>, щоб вийти з редактора.",
+	"admin.dashboard.cleanup_offline_runners": "Очистити неактивні ранери",
+	"settings.visibility.description": "Видимість профілю впливає на можливість інших користувачів отримати доступ до ваших неприватних репозиторіїв. <a href=\"%s\" target=\"_blank\">Дізнатися більше</a>.",
+	"avatar.constraints_hint": "Розмір користувацького аватара не може перевищувати %[1]s або бути більшим за %[2]d×%[3]d пікселів",
+	"repo.diff.commit.next-short": "Наступний",
+	"repo.diff.commit.previous-short": "Попередній",
+	"keys.ssh.link": "Ключі SSH",
+	"keys.gpg.link": "Ключі GPG",
+	"profile.edit.link": "Редагувати профіль",
+	"feed.atom.link": "Стрічка Atom",
+	"profile.actions.tooltip": "Більше дій",
+	"og.repo.summary_card.alt_description": "Підсумкова картка репозиторію %[1]s з описом: %[2]s",
+	"mail.actions.run_info_sha": "Коміт: %[1]s",
+	"repo.settings.push_mirror.branch_filter.description": "Гілки для дзеркалювання. Залиште порожнім, щоб віддзеркалити всі гілки. Дивіться синтаксис у <a href=\"%[1]s\">документації %[2]s</a>. Приклади: <code>main, release/*</code>",
+	"repo.settings.push_mirror.branch_filter.label": "Фільтр гілок (необов’язково)",
+	"discussion.sidebar.reference": "Посилання",
+	"admin.moderation.no_open_reports": "Відкритих скарг наразі немає.",
+	"admin.moderation.reports": "Скарги",
+	"admin.moderation.deleted_content_ref": "Вміст типу %[1]v з ідентифікатором %[2]d, на який подано скаргу, більше не існує",
+	"admin.moderation.moderation_reports": "Скарги модераторам",
+	"admin.dashboard.remove_resolved_reports": "Видалити закриті скарги",
+	"compare.branches.title": "Порівняти гілки",
+	"repo.commit.load_tags_failed": "Завантаження тегів не вдалося через внутрішню помилку",
+	"admin.auths.allow_username_change.description": "Дозволити користувачам змінювати ім’я користувача в налаштуваннях профілю",
+	"admin.auths.allow_username_change": "Дозволити змінювати імена",
+	"warning.repository.out_of_sync": "База даних цього репозиторію не синхронізована. Якщо ви знову бачите це попередження після надсилання коміту в цей репозиторій, зверніться до адміністратора.",
+	"repo.pulls.already_merged": "Не вдалося об’єднати: цей запит на злиття вже об’єднано.",
+	"migrate.pagure.description": "Перенести дані з pagure.io або інших екземплярів Pagure.",
+	"migrate.pagure.token_label": "Токен API Pagure",
+	"migrate.pagure.project_url": "URL-адреса проєкту Pagure",
+	"migrate.pagure.project_example": "URL-адреса проєкту Pagure, наприклад, https://pagure.io/pagure",
+	"migrate.pagure.incorrect_url": "Вказано неправильну URL-адресу репозиторію-джерела",
+	"migrate.github.description": "Перенести дані з github.com або сервера GitHub Enterprise.",
+	"migrate.git.description": "Перенести репозиторій з будь-якої служби Git.",
+	"migrate.gitea.description": "Перенести дані з gitea.com та інших екземплярів Gitea.",
+	"migrate.gitlab.description": "Перенести дані з gitlab.com та інших екземплярів GitLab.",
+	"migrate.gogs.description": "Перенести дані з notabug.org та інших екземплярів Gogs.",
+	"migrate.onedev.description": "Перенести дані з code.onedev.io та інших екземплярів OneDev.",
+	"migrate.gitbucket.description": "Перенести дані з екземплярів GitBucket.",
+	"migrate.codebase.description": "Перенести дані з codebasehq.com.",
+	"migrate.forgejo.description": "Перенести дані з codeberg.org або інших екземплярів Forgejo.",
+	"settings.must_enable_2fa": "На цьому екземплярі Forgejo для доступу до облікового запису вам необхідно захистити його двофакторною автентифікацією.",
+	"error.must_enable_2fa": "На цьому екземплярі Forgejo для доступу до облікового запису вам необхідно захистити його двофакторною автентифікацією. Увімкніть її тут: %s",
+	"admin.config.global_2fa_requirement.none": "Немає",
+	"admin.config.global_2fa_requirement.all": "Усі користувачі",
+	"admin.config.global_2fa_requirement.admin": "Адміністратори",
+	"admin.config.security": "Конфігурація безпеки",
+	"admin.config.global_2fa_requirement.title": "Глобальна вимога двофакторної автентифікації",
+	"settings.twofa_unroll_unavailable": "Для вашого облікового запису необхідна двофакторна автентифікація; це неможливо вимкнути.",
+	"settings.twofa_reenroll": "Увімкнути двофакторну автентифікацію",
+	"settings.twofa_reenroll.description": "Повторно зареєструйте свою двофакторну автентифікацію",
+	"user.ghost.tooltip": "Користувача не знайдено; ймовірно, його було видалено.",
+	"migrate.form.error.url_credentials": "URL-адреса містить дані для входу, введіть їх у поля «Ім’я користувача» і «Пароль» відповідно",
+	"actions.runs.run_attempt_label": "Спроба запуску №%[1]s (%[2]s)",
+	"actions.runs.view_most_recent_run": "Переглянути останній запуск",
+	"actions.runs.viewing_out_of_date_run": "Ви переглядаєте застарілий запуск цього завдання, який було виконано %[1]s.",
+	"repo.pulls.maintainers_can_edit": "Супроводжувачі можуть редагувати цей запит на злиття.",
+	"repo.pulls.maintainers_cannot_edit": "Супроводжувачі не можуть редагувати цей запит на злиття.",
+	"pulse.n_active_issues": {
+		"one": "%s активна задача",
+		"few": "%s активних задачі",
+		"many": "%s активних задач"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s активний запит на злиття",
+		"few": "%s активних запити на злиття",
+		"many": "%s активних запитів на злиття"
+	},
+	"migrate.pagure.private_issues.summary": "Приватні задачі (необов’язково)",
+	"migrate.pagure.private_issues.description": "Ця функція дозволяє створити додатковий репозиторій для архівування в ньому приватних задач із вашого проєкту Pagure. Спочатку виконайте звичайне перенесення (без токена), щоб імпортувати весь публічний вміст. Потім, якщо у вас є приватні задачі, які потрібно зберегти, створіть окремий репозиторій, використовуючи токен, щоб архівувати ці приватні задачі.",
+	"migrate.pagure.private_issues.warning": "Обов’язково встановіть видимість репозиторію на «Приватний», якщо використовуєте ключ API для імпорту приватних задач. Це запобігає випадковому розкриттю приватного вмісту в публічному репозиторії.",
+	"migrate.pagure.token.placeholder": "Тільки для створення архіву приватних задач",
+	"mail.issue.action.close_by_commit": "%[1]s закриває %[2]s в коміті %[3]s.",
+	"actions.workflow.job_parsing_error": "Не вдалося розібрати завдання в робочому потоці: %v",
+	"actions.workflow.event_detection_error": "Не вдалося розібрати підтримувані події в робочому потоці: %v",
+	"actions.workflow.pre_execution_error": "Спробу виконання робочого потоку було заблоковано через помилку.",
+	"watch.n_watchers": {
+		"one": "%s спостерігач",
+		"few": "%s спостерігачі",
+		"many": "%s спостерігачів"
+	},
+	"teams.add_all_repos.modal.header": "Додати всі репозиторії",
+	"teams.remove_all_repos.modal.header": "Вилучити всі репозиторії",
+	"repo.pulls.poster_requires_approval": "Деякі робочі потоки <a href=\"%[1]s\">очікують на перевірку.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "Авторові цього запиту на злиття не довірено запуск робочих потоків, ініційованих запитом на злиття з форкнутого репозиторію або з AGit. Робочі потоки, ініційовані подією `pull_request`, не будуть виконані до їх схвалення.",
+	"repo.pulls.poster_manage_approval": "Керування схваленням",
+	"repo.pulls.poster_is_trusted.tooltip": "Авторові цього запиту на злиття явно довірено запуск робочих потоків, ініційованих подіями `pull_request`.",
+	"repo.pulls.poster_is_trusted": "Авторові цього запиту на злиття <a href=\"%[1]s\">завжди довірено запуск робочих потоків.</a>",
+	"repo.pulls.poster_trust_deny.tooltip": "Робочі потоки, що очікують на схвалення, будуть скасовані.",
+	"repo.pulls.poster_trust_once": "Схвалити один раз",
+	"repo.pulls.poster_trust_deny": "Відхилити",
+	"repo.pulls.poster_trust_revoke": "Відкликати",
+	"repo.pulls.poster_trust_always": "Схвалювати завжди",
+	"repo.pulls.poster_trust_once.tooltip": "Робочі потоки, ініційовані подією `pull_request`, будуть виконані для цього коміту, але їх потрібно буде схвалювати для всіх наступних комітів, надісланих до цього запиту на злиття.",
+	"repo.pulls.poster_trust_always.tooltip": "Робочі потоки, ініційовані подією `pull_request`, будуть виконані для цього коміту, і не буде необхідності схвалювати запуски з цього запиту на злиття або наступних запитів, створених тим самим користувачем.",
+	"repo.pulls.poster_trust_revoke.tooltip": "Автор цього запиту на злиття більше не зможе запускати робочі потоки, ініційовані подією `pull_request`, кожен запуск потрібно буде схвалювати вручну.",
+	"admin.dashboard.actions_action_user": "Відкликати довіру Дій Forgejo у неактивних користувачів",
+	"actions.status.diagnostics.waiting": {
+		"one": "Очікування ранера з міткою: %s",
+		"few": "Очікування ранера з мітками: %s",
+		"many": "Очікування ранера з мітками: %s"
+	},
+	"keys.verify.token.hint": "Токен дійсний лише протягом 1 хвилини. <a href=\"%[1]s\">Отримайте новий, якщо термін дії закінчився</a>.",
+	"admin.dashboard.transfer_lingering_logs": "Перемістити журнали виконаних завдань із бази даних до сховища",
+	"search.syntax": "Синтаксис пошуку",
+	"repo.issues.filter_poster.hint": "Фільтрувати за автором",
+	"repo.issues.filter_assignee.hint": "Фільтрувати за призначеним користувачем",
+	"repo.issues.filter_reviewers.hint": "Фільтрувати за користувачем, який залишив відгук",
+	"repo.issues.filter_mention.hint": "Фільтрувати за згаданим користувачем",
+	"repo.issues.filter_modified.hint": "Фільтрувати за датою останньої зміни",
+	"repo.issues.filter_sort.hint": "Сортувати за: створено/коментарі/оновлено/термін виконання",
+	"actions.workflow.persistent_incomplete_matrix": "Неможливо оцінити `strategy.matrix` завдання %[1]s через недійсний вираз `needs`. Можливо, він посилається на завдання, якого немає у списку «needs» (%[2]s), або на результат, якого не існує в одному з цих завдань.",
+	"admin.auths.oauth2_quota_group_claim_name": "Назва заявки, що надає назви груп для цього джерела, які будуть використовуватися для керування квотами. (Необов’язково)",
+	"admin.auths.oauth2_quota_group_map": "Зіставити заявлені групи з групами квот. (Необов’язково — потрібна назва заявки вище)",
+	"admin.auths.oauth2_quota_group_map_removal": "Видаляти користувачів із синхронізованих груп квот, якщо користувачі не належать до відповідної групи.",
+	"moderation.action.account.delete": "Видалити обліковий запис",
+	"moderation.action.repo.delete": "Видалити репозиторій",
+	"moderation.action.issue.delete": "Видалити задачу",
+	"moderation.action.comment.delete": "Видалити коментар",
+	"moderation.unknown_action": "Невідома дія",
+	"moderation.issue.deletion_success": "Задачу видалено.",
+	"moderation.comment.deletion_success": "Коментар видалено.",
+	"moderation.users.cannot_delete_admins": "Користувачів з правами адміністратора неможливо видалити.",
+	"moderation.users.cannot_suspend_self": "Ви не можете призупинити власний обліковий запис.",
+	"moderation.action.account.suspend": "Призупинити обліковий запис",
+	"moderation.users.cannot_suspend_admins": "Облікові записи з правами адміністратора неможливо призупинити.",
+	"moderation.users.cannot_suspend_org": "Організації неможливо призупинити.",
+	"moderation.users.already_suspended": "Обліковий запис уже призупинено.",
+	"moderation.users.suspend_success": "Обліковий запис призупинено.",
+	"moderation.report.mark_as_ignored": "Позначити як ігнороване",
+	"moderation.report.mark_as_handled": "Позначити як опрацьоване",
+	"actions.workflow.incomplete_matrix_missing_job": "Неможливо оцінити `strategy.matrix` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Неможливо оцінити `strategy.matrix` завдання %[1]s: невідома помилка.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Неможливо оцінити `runs-on`завдання %[1]s: невідома помилка.",
+	"actions.workflow.incomplete_matrix_missing_output": "Неможливо оцінити `strategy.matrix` завдання %[1]s: у завдання %[2]s немає результату %[3]s.",
+	"actions.workflow.incomplete_runson_missing_job": "Неможливо оцінити `runs-on` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Неможливо оцінити `runs-on` завдання %[1]s: у завдання %[2]s немає результату %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Неможливо оцінити `runs-on` завдання %[1]s: розмір матриці %[2]s не існує.",
+	"search.fuzzy": "Нечіткий",
+	"search.fuzzy_tooltip": "Включати результати, які приблизно відповідають пошуковому запиту",
+	"issues.updated": "оновлено %s",
+	"actions.workflow.incomplete_with_unknown_cause": "Неможливо оцінити `with`завдання %[1]s: невідома помилка.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Неможливо оцінити `with` завдання %[1]s: розмір матриці %[2]s не існує.",
+	"actions.workflow.incomplete_with_missing_output": "Неможливо оцінити `with` завдання %[1]s: у завдання %[2]s немає результату %[3]s.",
+	"actions.workflow.incomplete_with_missing_job": "Неможливо оцінити `with` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s)."
 }
diff --git a/options/locale_next/locale_uz.json b/options/locale_next/locale_uz.json
index 1cd7fd1960..8c94d5f67a 100644
--- a/options/locale_next/locale_uz.json
+++ b/options/locale_next/locale_uz.json
@@ -1,47 +1,48 @@
 {
-    "home.explore_repos": "Omborlarni kashf etish",
-    "home.explore_users": "Foydalanuvchilarni kashf etish",
-    "home.explore_orgs": "`tashkilotlarni` kashf etish",
-    "stars.list.none": "Hech kim bu omborga yulduz bosmagan.",
-    "watch.list.none": "Bu ombor hech kimning ko'ruv'ida emas",
-    "followers.incoming.list.self.none": "Hech kim sizning profilingizga tirkalmagan.",
-    "followers.incoming.list.none": "Hech kim bu foydalanuvchiga tirkalmagan.",
-    "followers.outgoing.list.self.none": "Siz hech kimga tirkalmagansiz.",
-    "followers.outgoing.list.none": "%s hech kimga tirkalmagan.",
-    "relativetime.now": "hozir",
-    "relativetime.future": "kelajakda",
-    "relativetime.mins": {
-        "one": "%d daqiqa oldin.",
-        "other": "%d daqiqa oldin."
-    },
-    "relativetime.hours": {
-        "one": "%d soat oldin.",
-        "other": "%d soat oldin."
-    },
-    "relativetime.days": {
-        "one": "%d kun oldin.",
-        "other": "%d kun oldin."
-    },
-    "relativetime.weeks": {
-        "one": "%d hafta oldin.",
-        "other": "%d hafta oldin."
-    },
-    "relativetime.months": {
-        "one": "%d oy oldin.",
-        "other": "%d oy oldin."
-    },
-    "relativetime.years": {
-        "one": "%d yil oldin.",
-        "other": "%d yil oldin."
-    },
-    "relativetime.1day": "kecha",
-    "relativetime.2days": "2 kun oldin",
-    "relativetime.1week": "oxirgi hafta",
-    "relativetime.2weeks": "ikki hafta oldin",
-    "relativetime.1month": "oxirgi oy",
-    "relativetime.2months": "ikki oy oldin",
-    "relativetime.1year": "oxirgi yil",
-    "relativetime.2years": "ikki yil oldin",
-    "search.syntax": "Qidiruv sintaksisi",
-    "repo.settings.push_mirror.branch_filter.label": "Branch filteri (ixtiyoriy)"
+	"home.explore_repos": "Omborlarni kashf etish",
+	"home.explore_users": "Foydalanuvchilarni kashf etish",
+	"home.explore_orgs": "`tashkilotlarni` kashf etish",
+	"stars.list.none": "Hech kim bu omborga yulduz bosmagan.",
+	"watch.list.none": "Bu ombor hech kimning ko'ruv'ida emas",
+	"followers.incoming.list.self.none": "Hech kim sizning profilingizga tirkalmagan.",
+	"followers.incoming.list.none": "Hech kim bu foydalanuvchiga tirkalmagan.",
+	"followers.outgoing.list.self.none": "Siz hech kimga tirkalmagansiz.",
+	"followers.outgoing.list.none": "%s hech kimga tirkalmagan.",
+	"relativetime.now": "hozir",
+	"relativetime.future": "kelajakda",
+	"relativetime.mins": {
+		"one": "%d daqiqa oldin.",
+		"other": "%d daqiqa oldin."
+	},
+	"relativetime.hours": {
+		"one": "%d soat oldin.",
+		"other": "%d soat oldin."
+	},
+	"relativetime.days": {
+		"one": "%d kun oldin.",
+		"other": "%d kun oldin."
+	},
+	"relativetime.weeks": {
+		"one": "%d hafta oldin.",
+		"other": "%d hafta oldin."
+	},
+	"relativetime.months": {
+		"one": "%d oy oldin.",
+		"other": "%d oy oldin."
+	},
+	"relativetime.years": {
+		"one": "%d yil oldin.",
+		"other": "%d yil oldin."
+	},
+	"relativetime.1day": "kecha",
+	"relativetime.2days": "2 kun oldin",
+	"relativetime.1week": "oxirgi hafta",
+	"relativetime.2weeks": "ikki hafta oldin",
+	"relativetime.1month": "oxirgi oy",
+	"relativetime.2months": "ikki oy oldin",
+	"relativetime.1year": "oxirgi yil",
+	"relativetime.2years": "ikki yil oldin",
+	"search.syntax": "Qidiruv sintaksisi",
+	"repo.settings.push_mirror.branch_filter.label": "Branch filteri (ixtiyoriy)",
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_vi.json b/options/locale_next/locale_vi.json
index e70ef50077..a171b2721f 100644
--- a/options/locale_next/locale_vi.json
+++ b/options/locale_next/locale_vi.json
@@ -1,125 +1,121 @@
 {
-    "fork.n_forks": {
-        "other": "%s phân nhánh"
-    },
-    "stars.n_stars": {
-        "other": "%s sao"
-    },
-    "moderation.abuse_category.malware": "Mã độc",
-    "home.welcome.no_activity": "Chưa có hoạt động",
-    "home.explore_users": "Khám phá người dùng",
-    "home.explore_orgs": "Khám phá tổ chức",
-    "followers.incoming.list.self.none": "Không có ai đang theo dõi hồ sơ của bạn.",
-    "followers.incoming.list.none": "Không có ai đang theo dõi người dùng này.",
-    "followers.outgoing.list.self.none": "Bạn đang không theo dõi ai.",
-    "followers.outgoing.list.none": "%s đang không theo dõi ai.",
-    "relativetime.now": "bây giờ",
-    "relativetime.future": "trong tương lai",
-    "relativetime.mins": "%d phút trước",
-    "relativetime.hours": "%d tiếng trước",
-    "relativetime.days": "%d ngày trước",
-    "relativetime.weeks": "%d tuần trước",
-    "relativetime.months": "%d tháng trước",
-    "relativetime.years": "%d năm trước",
-    "relativetime.1day": "hôm qua",
-    "relativetime.2days": "hôm kia",
-    "relativetime.1week": "tuần trước",
-    "relativetime.2weeks": "hai tuần trước",
-    "relativetime.1month": "tháng trước",
-    "relativetime.2months": "hai tháng trước",
-    "relativetime.1year": "năm ngoái",
-    "relativetime.2years": "hai năm trước",
-    "migrate.form.error.url_credentials": "URL có chứa thông tin đăng nhập, điền chúng vào các ô tên người dùng và mật khẩu tương ứng",
-    "migrate.github.description": "Nhập dữ liệu từ github.com hoặc máy chủ GitHub Enterprise.",
-    "migrate.git.description": "Chỉ nhập kho mã từ dịch vụ Git bất kì.",
-    "home.explore_repos": "Khám phá kho mã",
-    "stars.list.none": "Chưa ai tặng sao cho kho mã này.",
-    "watch.list.none": "Không có ai đang theo dõi kho mã này.",
-    "repo.form.cannot_create": "Đã đạt giới hạn số kho mã.",
-    "migrate.gitea.description": "Nhập dữ liệu từ gitea.com hoặc máy chủ Gitea khác.",
-    "migrate.gitlab.description": "Nhập dữ liệu từ gitlab.com hoặc máy chủ GitLab khác.",
-    "migrate.gogs.description": "Nhập dữ liệu từ notabug.org hoặc máy chủ Gogs khác.",
-    "migrate.onedev.description": "Nhập dữ liệu từ code.onedev.io hoặc máy chủ OneDev khác.",
-    "migrate.gitbucket.description": "Nhập dữ liệu từ máy chủ GitBucket.",
-    "migrate.codebase.description": "Nhập dữ liệu từ codebasehq.com.",
-    "migrate.forgejo.description": "Nhập dữ liệu từ codeberg.org hoặc máy chủ Forgejo khác.",
-    "repo.issue_indexer.title": "Trình Đánh số Vấn đề",
-    "search.milestone_kind": "Tìm cột mốc…",
-    "repo.settings.push_mirror.branch_filter.label": "Bộ lọc nhánh (không bắt buộc)",
-    "incorrect_root_url": "Máy chủ Forgejo này được cài đặt để đáp ứng trên \"%s\". Bạn hiện đang xem Forgejo qua một URL khác, điều mà có thể gây lỗi cho các phần của ứng dụng. URL chuẩn được kiểm soát bởi quản trị viên Forgejo qua cài đặt ROOT_URL trong app.ini.",
-    "themes.names.forgejo-auto": "Forgejo (theo chủ đề hệ thống)",
-    "themes.names.forgejo-light": "Forgejo sáng",
-    "themes.names.forgejo-dark": "Forgejo tối",
-    "error.not_found.title": "Không tìm thấy trang",
-    "warning.repository.out_of_sync": "Cách biểu thị cơ sở dữ liệu của kho mã này không đồng bộ. Nếu cảnh báo này vẫn hiện sau khi đệ trình đến kho mã này, liên hệ quản trị viên.",
-    "alert.asset_load_failed": "Tải tệp tài nguyên từ {path} thất bại. Vui lòng đảm bảo rằng tệp tài nguyên có thể truy cập được.",
-    "alert.range_error": " phải trong khoảng từ %[1]s đến %[2]s.",
-    "install.invalid_lfs_path": "Không thể tạo gốc LFS ở đường dẫn chỉ định: %[1]s",
-    "profile.actions.tooltip": "Thêm hành động",
-    "profile.edit.link": "Chỉnh sửa hồ sơ",
-    "keys.ssh.link": "Mã SSH",
-    "keys.gpg.link": "Mã GPG",
-    "admin.config.moderation_config": "Cài đặt kiểm duyệt",
-    "admin.moderation.moderation_reports": "Báo cáo kiểm duyệt",
-    "admin.moderation.reports": "Báo cáo",
-    "admin.moderation.no_open_reports": "Hiện không có báo cáo nào đang mở.",
-    "admin.moderation.deleted_content_ref": "Nội dung bị báo cáo với loại %[1]v và id %[2]d không tồn tại nữa",
-    "moderation.report_abuse": "Báo cáo lạm dụng",
-    "moderation.report_content": "Báo cáo nội dung",
-    "moderation.report_abuse_form.header": "Báo cáo lạm dụng đến quản trị viên",
-    "moderation.report_abuse_form.details": "Đơn này chỉ nên dùng để báo cáo người dùng mà tạo các hồ sơ, kho mã, bình luận rác hoặc ứng xử không thích hợp.",
-    "moderation.report_abuse_form.invalid": "Đối số không hợp lệ",
-    "moderation.report_abuse_form.already_reported": "Bạn đã báo cáo nội dung này rồi",
-    "moderation.abuse_category": "Loại",
-    "moderation.abuse_category.placeholder": "Chọn loại",
-    "moderation.abuse_category.spam": "Rác",
-    "moderation.abuse_category.illegal_content": "Nội dung bất hợp pháp",
-    "moderation.abuse_category.other_violations": "Các vi phạm luật nền tảng khác",
-    "moderation.report_remarks": "Chi tiết",
-    "moderation.report_remarks.placeholder": "Vui lòng cung cấp chi tiết về việc lạm dụng mà bạn báo cáo.",
-    "moderation.submit_report": "Gửi báo cáo",
-    "moderation.reporting_failed": "Không thể gửi báo cáo lạm dụng mới: %v",
-    "moderation.reported_thank_you": "Cảm ơn vì đã báo cáo. Quản trị viên đã được biết về nó.",
-    "mail.actions.successful_run_after_failure_subject": "Đã khôi phục tiến trình %[1]s từ kho mã %[2]s",
-    "mail.actions.not_successful_run_subject": "Tiến trình %[1]s đã thất bại trong kho mã %[2]s",
-    "mail.actions.successful_run_after_failure": "Đã khôi phục tiến trình %[1]s trong kho mã %[2]s",
-    "mail.actions.not_successful_run": "Tiến trình %[1]s đã thất bại trong kho mã %[2]s",
-    "mail.actions.run_info_cur_status": "Trạng thái của Lần chạy này: %[1]s (vừa cập nhật từ %[2]s)",
-    "mail.actions.run_info_previous_status": "Trạng thái của Lần chạy trước: %[1]s",
-    "mail.actions.run_info_trigger": "Được kích hoạt vì: %[1]s bởi: %[2]s",
-    "repo.diff.commit.next-short": "Tiếp",
-    "repo.diff.commit.previous-short": "Trước",
-    "discussion.locked": "Cuộc thảo luận này đã bị khoá. Chỉ người đóng góp mới có thể bình luận.",
-    "discussion.sidebar.reference": "Tham khảo",
-    "editor.textarea.tab_hint": "Dòng đã được căn lề rồi. Nhấn <kbd>Tab</kbd> lần nữa hoặc <kbd>Escape</kbd> để thoát trình soạn thảo.",
-    "editor.textarea.shift_tab_hint": "Dòng này chưa được căn lề. Nhấn <kbd>Shift</kbd> + <kbd>Tab</kbd> lần nữa hoặc <kbd>Escape</kbd> để thoát trình soạn thảo.",
-    "admin.auths.allow_username_change": "Cho phép thay đổi tên người dùng",
-    "admin.auths.allow_username_change.description": "Cho phép thay đổi tên người dùng trong cài đặt hồ sơ",
-    "admin.dashboard.cleanup_offline_runners": "Dọn dẹp trình chạy ngoại tuyến",
-    "admin.dashboard.remove_resolved_reports": "Xoá báo cáo đã giải quyết",
-    "admin.config.security": "Cài đặt bảo mật",
-    "admin.config.global_2fa_requirement.title": "Yêu cầu xác thực hai yếu tố toàn cục",
-    "admin.config.global_2fa_requirement.none": "Không",
-    "admin.config.global_2fa_requirement.all": "Tất cả người dùng",
-    "admin.config.global_2fa_requirement.admin": "Quản trị viên",
-    "settings.visibility.description": "Chế độ hiển thị hồ sơ ảnh hưởng đến khả năng người khác truy cập kho mã công khai của bạn. <a href=\"%s\" target=\"_blank\">Tìm hiểu thêm</a>.",
-    "settings.twofa_unroll_unavailable": "Xác thực hai yếu tố là bắt buộc cho tài khoản của bạn và không thể bị vô hiệu hoá.",
-    "settings.twofa_reenroll": "Làm lại xác thực hai yếu tố",
-    "settings.twofa_reenroll.description": "Làm lại xác thực hai yếu tố của bạn",
-    "settings.must_enable_2fa": "Máy chủ Forgejo này yêu cầu người dùng bật xác thực hai yếu tố trước khi họ có thể truy cập tài khoản của họ.",
-    "error.must_enable_2fa": "Máy chủ Forgejo này yêu cầu người dùng bật xác thực hai yếu tố trước khi họ có thể truy cập tài khoản của họ. Bật nó tại: %s",
-    "avatar.constraints_hint": "Ảnh hồ sơ không được lớn hơn %[1]s hoặc rộng hơn %[2]dx%[3]d điểm ảnh",
-    "user.ghost.tooltip": "Người dùng này đã bị xoá, hoặc không thể đối chiếu được.",
-    "og.repo.summary_card.alt_description": "Bảng tóm tắt của kho mã %[1]s, được biểu diễn như: %[2]s",
-    "repo.commit.load_tags_failed": "Tải các nhãn thất bại vì lỗi nội bộ",
-    "compare.branches.title": "So sánh các nhánh",
-    "migrate.pagure.description": "Nhập dữ liệu từ pagure.io hoặc máy chủ Pagure khác.",
-    "migrate.pagure.incorrect_url": "URL kho mã nguồn được cung cấp không chính xác",
-    "migrate.pagure.project_url": "URL dự án Pagure",
-    "migrate.pagure.project_example": "URL dự án Pagure, vd: https://pagure.io/pagure",
-    "actions.runs.run_attempt_label": "Lần chạy #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "Bạn đang xem một lần chạy lỗi thời của công việc này mà đã chạy %[1]s.",
-    "actions.runs.view_most_recent_run": "Xem lần chạy gần đây nhất",
-    "meta.last_line": "\"xóa thần tượng\"",
-    "home.welcome.activity_hint": "Hiện chưa có gì trên bảng tin của bạn cả. Những hành động của bạn và hoạt động từ kho mã mà bạn theo dõi sẽ xuất hiện ở đây."
+	"fork.n_forks": "%s phân nhánh",
+	"stars.n_stars": "%s sao",
+	"moderation.abuse_category.malware": "Mã độc",
+	"home.welcome.no_activity": "Chưa có hoạt động",
+	"home.explore_users": "Khám phá người dùng",
+	"home.explore_orgs": "Khám phá tổ chức",
+	"followers.incoming.list.self.none": "Không có ai đang theo dõi hồ sơ của bạn.",
+	"followers.incoming.list.none": "Không có ai đang theo dõi người dùng này.",
+	"followers.outgoing.list.self.none": "Bạn đang không theo dõi ai.",
+	"followers.outgoing.list.none": "%s đang không theo dõi ai.",
+	"relativetime.now": "bây giờ",
+	"relativetime.future": "trong tương lai",
+	"relativetime.mins": "%d phút trước",
+	"relativetime.hours": "%d tiếng trước",
+	"relativetime.days": "%d ngày trước",
+	"relativetime.weeks": "%d tuần trước",
+	"relativetime.months": "%d tháng trước",
+	"relativetime.years": "%d năm trước",
+	"relativetime.1day": "hôm qua",
+	"relativetime.2days": "hôm kia",
+	"relativetime.1week": "tuần trước",
+	"relativetime.2weeks": "hai tuần trước",
+	"relativetime.1month": "tháng trước",
+	"relativetime.2months": "hai tháng trước",
+	"relativetime.1year": "năm ngoái",
+	"relativetime.2years": "hai năm trước",
+	"migrate.form.error.url_credentials": "URL có chứa thông tin đăng nhập, điền chúng vào các ô tên người dùng và mật khẩu tương ứng",
+	"migrate.github.description": "Nhập dữ liệu từ github.com hoặc máy chủ GitHub Enterprise.",
+	"migrate.git.description": "Chỉ nhập kho mã từ dịch vụ Git bất kì.",
+	"home.explore_repos": "Khám phá kho mã",
+	"stars.list.none": "Chưa ai tặng sao cho kho mã này.",
+	"watch.list.none": "Không có ai đang theo dõi kho mã này.",
+	"repo.form.cannot_create": "Đã đạt giới hạn số kho mã.",
+	"migrate.gitea.description": "Nhập dữ liệu từ gitea.com hoặc máy chủ Gitea khác.",
+	"migrate.gitlab.description": "Nhập dữ liệu từ gitlab.com hoặc máy chủ GitLab khác.",
+	"migrate.gogs.description": "Nhập dữ liệu từ notabug.org hoặc máy chủ Gogs khác.",
+	"migrate.onedev.description": "Nhập dữ liệu từ code.onedev.io hoặc máy chủ OneDev khác.",
+	"migrate.gitbucket.description": "Nhập dữ liệu từ máy chủ GitBucket.",
+	"migrate.codebase.description": "Nhập dữ liệu từ codebasehq.com.",
+	"migrate.forgejo.description": "Nhập dữ liệu từ codeberg.org hoặc máy chủ Forgejo khác.",
+	"repo.issue_indexer.title": "Trình Đánh số Vấn đề",
+	"search.milestone_kind": "Tìm cột mốc…",
+	"repo.settings.push_mirror.branch_filter.label": "Bộ lọc nhánh (không bắt buộc)",
+	"incorrect_root_url": "Máy chủ Forgejo này được cài đặt để đáp ứng trên \"%s\". Bạn hiện đang xem Forgejo qua một URL khác, điều mà có thể gây lỗi cho các phần của ứng dụng. URL chuẩn được kiểm soát bởi quản trị viên Forgejo qua cài đặt ROOT_URL trong app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (theo chủ đề hệ thống)",
+	"themes.names.forgejo-light": "Forgejo sáng",
+	"themes.names.forgejo-dark": "Forgejo tối",
+	"error.not_found.title": "Không tìm thấy trang",
+	"warning.repository.out_of_sync": "Cách biểu thị cơ sở dữ liệu của kho mã này không đồng bộ. Nếu cảnh báo này vẫn hiện sau khi đệ trình đến kho mã này, liên hệ quản trị viên.",
+	"alert.asset_load_failed": "Tải tệp tài nguyên từ {path} thất bại. Vui lòng đảm bảo rằng tệp tài nguyên có thể truy cập được.",
+	"alert.range_error": " phải trong khoảng từ %[1]s đến %[2]s.",
+	"install.invalid_lfs_path": "Không thể tạo gốc LFS ở đường dẫn chỉ định: %[1]s",
+	"profile.actions.tooltip": "Thêm hành động",
+	"profile.edit.link": "Chỉnh sửa hồ sơ",
+	"keys.ssh.link": "Mã SSH",
+	"keys.gpg.link": "Mã GPG",
+	"admin.config.moderation_config": "Cài đặt kiểm duyệt",
+	"admin.moderation.moderation_reports": "Báo cáo kiểm duyệt",
+	"admin.moderation.reports": "Báo cáo",
+	"admin.moderation.no_open_reports": "Hiện không có báo cáo nào đang mở.",
+	"admin.moderation.deleted_content_ref": "Nội dung bị báo cáo với loại %[1]v và id %[2]d không tồn tại nữa",
+	"moderation.report_abuse": "Báo cáo lạm dụng",
+	"moderation.report_content": "Báo cáo nội dung",
+	"moderation.report_abuse_form.header": "Báo cáo lạm dụng đến quản trị viên",
+	"moderation.report_abuse_form.details": "Đơn này chỉ nên dùng để báo cáo người dùng mà tạo các hồ sơ, kho mã, bình luận rác hoặc ứng xử không thích hợp.",
+	"moderation.report_abuse_form.invalid": "Đối số không hợp lệ",
+	"moderation.report_abuse_form.already_reported": "Bạn đã báo cáo nội dung này rồi",
+	"moderation.abuse_category": "Loại",
+	"moderation.abuse_category.placeholder": "Chọn loại",
+	"moderation.abuse_category.spam": "Rác",
+	"moderation.abuse_category.illegal_content": "Nội dung bất hợp pháp",
+	"moderation.abuse_category.other_violations": "Các vi phạm luật nền tảng khác",
+	"moderation.report_remarks": "Chi tiết",
+	"moderation.report_remarks.placeholder": "Vui lòng cung cấp chi tiết về việc lạm dụng mà bạn báo cáo.",
+	"moderation.submit_report": "Gửi báo cáo",
+	"moderation.reporting_failed": "Không thể gửi báo cáo lạm dụng mới: %v",
+	"moderation.reported_thank_you": "Cảm ơn vì đã báo cáo. Quản trị viên đã được biết về nó.",
+	"mail.actions.successful_run_after_failure_subject": "Đã khôi phục tiến trình %[1]s từ kho mã %[2]s",
+	"mail.actions.not_successful_run_subject": "Tiến trình %[1]s đã thất bại trong kho mã %[2]s",
+	"mail.actions.successful_run_after_failure": "Đã khôi phục tiến trình %[1]s trong kho mã %[2]s",
+	"mail.actions.not_successful_run": "Tiến trình %[1]s đã thất bại trong kho mã %[2]s",
+	"mail.actions.run_info_cur_status": "Trạng thái của Lần chạy này: %[1]s (vừa cập nhật từ %[2]s)",
+	"mail.actions.run_info_previous_status": "Trạng thái của Lần chạy trước: %[1]s",
+	"mail.actions.run_info_trigger": "Được kích hoạt vì: %[1]s bởi: %[2]s",
+	"repo.diff.commit.next-short": "Tiếp",
+	"repo.diff.commit.previous-short": "Trước",
+	"discussion.locked": "Cuộc thảo luận này đã bị khoá. Chỉ người đóng góp mới có thể bình luận.",
+	"discussion.sidebar.reference": "Tham khảo",
+	"editor.textarea.tab_hint": "Dòng đã được căn lề rồi. Nhấn <kbd>Tab</kbd> lần nữa hoặc <kbd>Escape</kbd> để thoát trình soạn thảo.",
+	"editor.textarea.shift_tab_hint": "Dòng này chưa được căn lề. Nhấn <kbd>Shift</kbd> + <kbd>Tab</kbd> lần nữa hoặc <kbd>Escape</kbd> để thoát trình soạn thảo.",
+	"admin.auths.allow_username_change": "Cho phép thay đổi tên người dùng",
+	"admin.auths.allow_username_change.description": "Cho phép thay đổi tên người dùng trong cài đặt hồ sơ",
+	"admin.dashboard.cleanup_offline_runners": "Dọn dẹp trình chạy ngoại tuyến",
+	"admin.dashboard.remove_resolved_reports": "Xoá báo cáo đã giải quyết",
+	"admin.config.security": "Cài đặt bảo mật",
+	"admin.config.global_2fa_requirement.title": "Yêu cầu xác thực hai yếu tố toàn cục",
+	"admin.config.global_2fa_requirement.none": "Không",
+	"admin.config.global_2fa_requirement.all": "Tất cả người dùng",
+	"admin.config.global_2fa_requirement.admin": "Quản trị viên",
+	"settings.visibility.description": "Chế độ hiển thị hồ sơ ảnh hưởng đến khả năng người khác truy cập kho mã công khai của bạn. <a href=\"%s\" target=\"_blank\">Tìm hiểu thêm</a>.",
+	"settings.twofa_unroll_unavailable": "Xác thực hai yếu tố là bắt buộc cho tài khoản của bạn và không thể bị vô hiệu hoá.",
+	"settings.twofa_reenroll": "Làm lại xác thực hai yếu tố",
+	"settings.twofa_reenroll.description": "Làm lại xác thực hai yếu tố của bạn",
+	"settings.must_enable_2fa": "Máy chủ Forgejo này yêu cầu người dùng bật xác thực hai yếu tố trước khi họ có thể truy cập tài khoản của họ.",
+	"error.must_enable_2fa": "Máy chủ Forgejo này yêu cầu người dùng bật xác thực hai yếu tố trước khi họ có thể truy cập tài khoản của họ. Bật nó tại: %s",
+	"avatar.constraints_hint": "Ảnh hồ sơ không được lớn hơn %[1]s hoặc rộng hơn %[2]dx%[3]d điểm ảnh",
+	"user.ghost.tooltip": "Người dùng này đã bị xoá, hoặc không thể đối chiếu được.",
+	"og.repo.summary_card.alt_description": "Bảng tóm tắt của kho mã %[1]s, được biểu diễn như: %[2]s",
+	"repo.commit.load_tags_failed": "Tải các nhãn thất bại vì lỗi nội bộ",
+	"compare.branches.title": "So sánh các nhánh",
+	"migrate.pagure.description": "Nhập dữ liệu từ pagure.io hoặc máy chủ Pagure khác.",
+	"migrate.pagure.incorrect_url": "URL kho mã nguồn được cung cấp không chính xác",
+	"migrate.pagure.project_url": "URL dự án Pagure",
+	"migrate.pagure.project_example": "URL dự án Pagure, vd: https://pagure.io/pagure",
+	"actions.runs.run_attempt_label": "Lần chạy #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "Bạn đang xem một lần chạy lỗi thời của công việc này mà đã chạy %[1]s.",
+	"actions.runs.view_most_recent_run": "Xem lần chạy gần đây nhất",
+	"meta.last_line": "\"xóa thần tượng\"\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"home.welcome.activity_hint": "Hiện chưa có gì trên bảng tin của bạn cả. Những hành động của bạn và hoạt động từ kho mã mà bạn theo dõi sẽ xuất hiện ở đây."
 }
diff --git a/options/locale_next/locale_yi.json b/options/locale_next/locale_yi.json
index 0967ef424b..60c4c22624 100644
--- a/options/locale_next/locale_yi.json
+++ b/options/locale_next/locale_yi.json
@@ -1 +1,3 @@
-{}
+{
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+}
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index c92c32ad27..ef5f7ba970 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -1,202 +1,202 @@
 {
-    "fork.n_forks": "%s 个派生",
-    "stars.n_stars": "%s 次点赞",
-    "release.n_downloads": "%s 次下载",
-    "repo.pulls.merged_title_desc": "于 %[4]s 将 %[1]d 次代码提交从 <code>%[2]s</code> 合并至 <code>%[3]s</code>",
-    "repo.pulls.title_desc": "请求将 %[1]d 次代码提交从 <code>%[2]s</code> 合并至 <code id=\"%[4]s\">%[3]s</code>",
-    "search.milestone_kind": "搜索里程碑…",
-    "home.welcome.no_activity": "无活动",
-    "home.welcome.activity_hint": "您的订阅中还没有任何内容。您关注的仓库中的操作和活动将显示在此处。",
-    "home.explore_repos": "探索仓库",
-    "home.explore_users": "探索用户",
-    "home.explore_orgs": "探索组织",
-    "incorrect_root_url": "此 Forgejo 实例配置为在“%s”上提供服务。您当前正在通过不同的网址查看 Forgejo，这可能会导致应用程序的某些部分损坏。Forgejo 管理员可以通过 app.ini 中的 ROOT_URL 设置控制规范网址。",
-    "themes.names.forgejo-auto": "Forgejo（遵循系统主题）",
-    "themes.names.forgejo-light": "Forgejo 浅色",
-    "themes.names.forgejo-dark": "Forgejo 深色",
-    "error.not_found.title": "页面不存在",
-    "alert.asset_load_failed": "无法从 {path} 加载资源文件。请确保资源文件可被访问。",
-    "install.invalid_lfs_path": "无法在指定路径创建 LFS 根目录：%[1]s",
-    "alert.range_error": " 必须是一个介于 %[1]s 和 %[2]s 之间的数字。",
-    "meta.last_line": "感谢各位对Forgejo翻译的支持和帮助！不需要翻译这个。(三维鱼)。",
-    "mail.actions.successful_run_after_failure_subject": "仓库 %[2]s 中的工作流 %[1]s 已恢复",
-    "mail.actions.not_successful_run_subject": "仓库 %[2]s 中的工作流 %[1]s 已失败",
-    "mail.actions.successful_run_after_failure": "仓库 %[2]s 中的工作流 %[1]s 已恢复",
-    "mail.actions.run_info_previous_status": "上次运行的状态：%[1]s",
-    "mail.actions.run_info_cur_status": "此次运行的状态：%[1]s（从 %[2]s 更新）",
-    "mail.actions.run_info_trigger": "由 %[2]s %[1]s 触发",
-    "mail.actions.not_successful_run": "仓库 %[2]s 中的工作流 %[1]s 已失败",
-    "discussion.locked": "讨论已被锁定。仅贡献者能够发表评论。",
-    "relativetime.future": "未来",
-    "relativetime.mins": "%d 分钟前",
-    "relativetime.hours": "%d 小时前",
-    "relativetime.weeks": "%d 周前",
-    "relativetime.months": "%d 个月前",
-    "relativetime.years": "%d 年前",
-    "relativetime.1day": "昨天",
-    "relativetime.2days": "两天前",
-    "relativetime.1week": "上周",
-    "relativetime.1month": "上个月",
-    "relativetime.2months": "两个月前",
-    "relativetime.1year": "去年",
-    "relativetime.2years": "两年前",
-    "relativetime.now": "现在",
-    "relativetime.2weeks": "两周前",
-    "relativetime.days": "%d 天前",
-    "moderation.report_abuse_form.details": "此表单用于举报创建垃圾个人信息、仓库、议题、评论或行为不当的用户。",
-    "admin.config.moderation_config": "审核配置",
-    "moderation.report_abuse": "举报滥用",
-    "moderation.report_content": "举报内容",
-    "moderation.report_abuse_form.header": "向管理员举报滥用",
-    "moderation.report_abuse_form.invalid": "参数无效",
-    "moderation.report_abuse_form.already_reported": "您已举报此内容",
-    "moderation.abuse_category": "类别",
-    "moderation.abuse_category.placeholder": "选择类别",
-    "moderation.abuse_category.spam": "垃圾信息",
-    "moderation.abuse_category.malware": "恶意软件",
-    "moderation.abuse_category.illegal_content": "非法内容",
-    "moderation.abuse_category.other_violations": "其他违反平台规则的行为",
-    "moderation.report_remarks.placeholder": "请提供一些关于您所举报的滥用行为的详细信息。",
-    "moderation.report_remarks": "备注",
-    "moderation.submit_report": "提交举报",
-    "moderation.reporting_failed": "无法提交新的滥用举报：%v",
-    "moderation.reported_thank_you": "感谢您的举报，管理员已收到通知。",
-    "repo.form.cannot_create": "您可以创建仓库的所有空间均已达到仓库限制。",
-    "repo.issue_indexer.title": "议题索引器",
-    "watch.list.none": "没有人关注这个仓库。",
-    "followers.incoming.list.none": "没有人关注这位用户。",
-    "followers.outgoing.list.self.none": "你没有关注任何人。",
-    "followers.outgoing.list.none": "%s 没有关注任何人。",
-    "stars.list.none": "没有人点赞这个仓库。",
-    "followers.incoming.list.self.none": "没有人关注你的个人资料。",
-    "editor.textarea.tab_hint": "此行已缩进。再次按 <kbd>Tab</kbd> 或按 <kbd>Escape</kbd> 退出编辑器。",
-    "editor.textarea.shift_tab_hint": "此行无缩进。再次按 <kbd>Shift</kbd> + <kbd>Tab</kbd> 或按 <kbd>Escape</kbd> 退出编辑器。",
-    "admin.dashboard.cleanup_offline_runners": "清理离线运行器",
-    "settings.visibility.description": "个人资料可见性设置会影响他人对您的非私有仓库的访问。<a href=\"%s\" target=\"_blank\">了解更多</a>。",
-    "avatar.constraints_hint": "自定义头像大小不得超过 %[1]s，且分辨率不得大于 %[2]d×%[3]d 像素",
-    "keys.ssh.link": "SSH 密钥",
-    "keys.gpg.link": "GPG 密钥",
-    "profile.actions.tooltip": "更多操作",
-    "repo.diff.commit.next-short": "下一个",
-    "repo.diff.commit.previous-short": "上一个",
-    "feed.atom.link": "Atom 订阅源",
-    "profile.edit.link": "编辑个人资料",
-    "og.repo.summary_card.alt_description": "仓库 %[1]s 的摘要卡片，描述为：%[2]s",
-    "repo.settings.push_mirror.branch_filter.label": "分支过滤器（可选）",
-    "repo.settings.push_mirror.branch_filter.description": "欲镜像的分支。留空以镜像所有分支。关于语法的更多信息，请参见 <a href=\"%[1]s\">%[2]s 文档</a>。例如：<code>main, release/*</code>",
-    "mail.actions.run_info_sha": "提交：%[1]s",
-    "discussion.sidebar.reference": "引用",
-    "admin.dashboard.remove_resolved_reports": "移除已解决的举报",
-    "compare.branches.title": "比较分支",
-    "admin.auths.allow_username_change.description": "允许用户在个人设置中更改用户名",
-    "admin.moderation.moderation_reports": "举报",
-    "admin.moderation.reports": "举报",
-    "admin.moderation.no_open_reports": "目前没有打开的举报。",
-    "admin.moderation.deleted_content_ref": "类型为 %[1]v、ID为 %[2]d 的举报不存在",
-    "repo.commit.load_tags_failed": "由于内部错误，无法加载标签",
-    "admin.auths.allow_username_change": "允许更改用户名",
-    "migrate.pagure.description": "从 pagure.io 或其他 Pagure 实例迁移数据。",
-    "migrate.github.description": "从 github.com 或 GitHub Enterprise 服务器迁移数据。",
-    "migrate.git.description": "从任意 Git 服务迁移仓库。",
-    "migrate.gitea.description": "从 gitea.com 或其他 Gitea 实例迁移数据。",
-    "migrate.gitlab.description": "从 gitlab.com 或其他 GitLab 实例迁移数据。",
-    "migrate.gogs.description": "从 notabug.org 或其他 Gogs 实例迁移数据。",
-    "migrate.onedev.description": "从 code.onedev.io 或其他 OneDev 实例迁移数据。",
-    "migrate.gitbucket.description": "从 GitBucket 实例迁移数据。",
-    "migrate.codebase.description": "从 codebasehq.com 迁移数据。",
-    "migrate.forgejo.description": "从 codeberg.org 或其他 Forgejo 实例迁移数据。",
-    "warning.repository.out_of_sync": "此仓库的数据库表示已脱同步。如果在向此仓库推送提交后仍出现此警告，请联系管理员。",
-    "admin.config.security": "安全设置",
-    "settings.twofa_unroll_unavailable": "你的账户必须启用双因子认证，无法禁用。",
-    "error.must_enable_2fa": "此 Forgejo 实例要求用户启用双因子认证。转到 %s 以启用",
-    "admin.config.global_2fa_requirement.title": "全局双因子认证要求",
-    "admin.config.global_2fa_requirement.none": "无",
-    "admin.config.global_2fa_requirement.all": "所有用户",
-    "admin.config.global_2fa_requirement.admin": "管理员",
-    "settings.twofa_reenroll": "重新启用双因子认证",
-    "settings.twofa_reenroll.description": "重新启用你的双因子认证",
-    "settings.must_enable_2fa": "此 Forgejo 实例要求用户启用双因子认证。",
-    "migrate.pagure.incorrect_url": "提供了错误的源仓库URL",
-    "migrate.pagure.project_url": "Pagure 项目 URL",
-    "migrate.pagure.project_example": "Pagure 项目 URL，例如：https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Pagure API 令牌",
-    "repo.pulls.already_merged": "合并失败：此合并请求已被合并。",
-    "user.ghost.tooltip": "该用户已被删除或无法找到。",
-    "migrate.form.error.url_credentials": "URL 包含凭据，请分别将凭据填入用户名和密码字段",
-    "actions.runs.view_most_recent_run": "查看最新运行",
-    "actions.runs.run_attempt_label": "运行尝试 #%[1]s（%[2]s）",
-    "actions.runs.viewing_out_of_date_run": "您正在查看于 %[1]s 执行的过期运行。",
-    "pulse.n_active_issues": "%s 项活动的议题",
-    "pulse.n_active_prs": "%s 个活跃的合并请求",
-    "repo.pulls.maintainers_can_edit": "维护者可以编辑此合并请求。",
-    "repo.pulls.maintainers_cannot_edit": "维护者无法编辑此合并请求。",
-    "migrate.pagure.private_issues.summary": "私有议题（可选）",
-    "migrate.pagure.private_issues.description": "此功能将创建一个单独的、只包含私有议题的仓库，以供存档。首先，不带令牌进行一次普通迁移以导入公开内容，然后若有需要，填写令牌并再次迁移以创建一个新的仓库并存档私有议题。",
-    "migrate.pagure.private_issues.warning": "请确保在导入私有议题时将仓库可见性设置为私有，以避免意外将私有内容泄漏至公开仓库。",
-    "migrate.pagure.token.placeholder": "仅用于创建私有议题归档",
-    "mail.issue.action.close_by_commit": "%[1]s 于提交 %[3]s 中关闭了 %[2]s。",
-    "actions.workflow.job_parsing_error": "无法解析工作流中的任务：%v",
-    "actions.workflow.event_detection_error": "无法解析工作流中受支持的事件：%v",
-    "actions.workflow.pre_execution_error": "因有错误阻止了执行尝试，工作流未被执行。",
-    "watch.n_watchers": "%s 位关注者",
-    "teams.add_all_repos.modal.header": "添加所有仓库",
-    "teams.remove_all_repos.modal.header": "移除所有仓库",
-    "repo.pulls.poster_manage_approval": "管理批准",
-    "repo.pulls.poster_requires_approval": "一些工作流正<a href=\"%[1]s\">等待审阅</a>。",
-    "repo.pulls.poster_requires_approval.tooltip": "此合并请求的作者未被信任以运行由派生仓库或AGit创建的PR触发的工作流。由 `pull_request` 事件触发的工作流在被批准前不会运行。",
-    "repo.pulls.poster_is_trusted": "此合并请求的作者<a href=\"%[1]s\">总是被信任以运行工作流</a>。",
-    "repo.pulls.poster_is_trusted.tooltip": "此合并请求的作者被明确信任以运行由 `pull_request` 事件触发的工作流。",
-    "repo.pulls.poster_trust_deny": "拒绝",
-    "repo.pulls.poster_trust_deny.tooltip": "等待批准的工作流将被取消。",
-    "repo.pulls.poster_trust_once": "批准一次",
-    "repo.issues.filter_poster.hint": "按作者过滤",
-    "repo.issues.filter_assignee.hint": "按指派用户过滤",
-    "repo.issues.filter_reviewers.hint": "按审阅用户过滤",
-    "repo.issues.filter_mention.hint": "按提及用户过滤",
-    "repo.issues.filter_modified.hint": "按最后修改时间过滤",
-    "repo.issues.filter_sort.hint": "按创建时间/评论数/更新时间/截止时间排序",
-    "search.syntax": "搜索语法",
-    "keys.verify.token.hint": "此令牌仅在一分钟内有效。过期后请<a href=\"%[1]s\">重新获取</a>。",
-    "admin.dashboard.actions_action_user": "撤销不活跃用户的Forgejo Actions信任",
-    "admin.dashboard.transfer_lingering_logs": "将已完成的actions任务的日志从数据库转移到硬盘",
-    "actions.status.diagnostics.waiting": "等待带有以下标签的运行器：%s",
-    "repo.pulls.poster_trust_once.tooltip": "由`pull_request`事件触发的工作流会基于此提交运行，但仍需批准。",
-    "repo.pulls.poster_trust_always": "始终批准",
-    "repo.pulls.poster_trust_always.tooltip": "由`pull_request`事件触发的工作流会基于此提交运行，且来自此合并请求或同一用户的其他合并请求的运行不需要批准。",
-    "repo.pulls.poster_trust_revoke": "撤销",
-    "repo.pulls.poster_trust_revoke.tooltip": "此合并请求的作者将不再被信任以运行`pull_request`事件触发的工作流，所有运行均需被手动批准。",
-    "moderation.report.mark_as_handled": "标记为已处理",
-    "moderation.report.mark_as_ignored": "标记为忽略",
-    "moderation.action.account.delete": "删除账户",
-    "moderation.action.account.suspend": "封禁账户",
-    "moderation.action.repo.delete": "删除仓库",
-    "moderation.action.issue.delete": "删除议题",
-    "moderation.action.comment.delete": "删除评论",
-    "moderation.unknown_action": "未知操作",
-    "moderation.users.cannot_suspend_self": "您不能封禁您自己。",
-    "moderation.users.cannot_suspend_admins": "您不能封禁有管理权限的用户。",
-    "moderation.users.cannot_suspend_org": "您不能封禁组织。",
-    "moderation.users.already_suspended": "该账户已经处于封禁状态。",
-    "moderation.users.suspend_success": "已封禁该账户。",
-    "moderation.users.cannot_delete_admins": "您不能删除有管理权限的账户。",
-    "moderation.issue.deletion_success": "已删除该议题。",
-    "moderation.comment.deletion_success": "已删除该评论。",
-    "actions.workflow.persistent_incomplete_matrix": "因`needs`表达式无效，无法解析该任务的`strategy.martix`。可能引用了一个未在其 needs 列表（%[2]s）当中的任务，或者该列表中某些任务没有输出。",
-    "actions.workflow.incomplete_matrix_missing_job": "无法解析任务‘%[1]s’的`strategy.martix`：任务‘%[2]s’不在‘%[1]s’的`needs`列表当中（%[3]s）。",
-    "actions.workflow.incomplete_matrix_missing_output": "无法解析任务‘%[1]s’的`strategy.martix`：任务‘%[2]s’没有输出‘%[3]s’。",
-    "actions.workflow.incomplete_matrix_unknown_cause": "无法解析任务‘%[1]s’的`strategy.martix`：未知错误。",
-    "actions.workflow.incomplete_runson_missing_job": "无法解析任务‘%[1]s’的`runs-on`：任务‘%[2]s’不在任务‘%[1]s’的`needs`列表内（%[3]s）。",
-    "actions.workflow.incomplete_runson_missing_output": "无法解析任务‘%[1]s’的`runs-on`：任务‘%[2]s’没有输出‘%[3]s’。",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "无法解析任务‘%[1]s’的`runs-on`：矩阵维度‘%[2]s’不存在。",
-    "actions.workflow.incomplete_runson_unknown_cause": "无法解析任务‘%[1]s’的`runs-on`：未知错误。",
-    "admin.auths.oauth2_quota_group_claim_name": "用于设定该来源配额组名的声明（claim）的名称。（可选）",
-    "admin.auths.oauth2_quota_group_map": "将声明组映射到配额组。（可选，需要填写上述声明名称）",
-    "admin.auths.oauth2_quota_group_map_removal": "如果用户不是对应组的成员，则将用户从同步的配额组中移出。",
-    "search.fuzzy": "模糊",
-    "issues.updated": "更新于 %s",
-    "search.fuzzy_tooltip": "包含与搜索关键字相似的结果",
-    "actions.workflow.incomplete_with_missing_job": "无法解析任务‘%[1]s’的`with`：任务‘%[2]s’不在任务‘%[1]s’的`needs`列表（‘%[3]s’）中。",
-    "actions.workflow.incomplete_with_missing_output": "无法解析任务‘%[1]s’的`with`：任务‘%[2]s’没有输出‘%[3]s’。",
-    "actions.workflow.incomplete_with_missing_matrix_dimension": "无法解析任务‘%[1]s’的`with`：矩阵维度‘%[2]s’不存在。",
-    "actions.workflow.incomplete_with_unknown_cause": "无法解析任务‘%[1]s’的`with`：未知错误。"
+	"fork.n_forks": "%s 个派生",
+	"stars.n_stars": "%s 次点赞",
+	"release.n_downloads": "%s 次下载",
+	"repo.pulls.merged_title_desc": "于 %[4]s 将 %[1]d 次代码提交从 <code>%[2]s</code> 合并至 <code>%[3]s</code>",
+	"repo.pulls.title_desc": "请求将 %[1]d 次代码提交从 <code>%[2]s</code> 合并至 <code id=\"%[4]s\">%[3]s</code>",
+	"search.milestone_kind": "搜索里程碑…",
+	"home.welcome.no_activity": "无活动",
+	"home.welcome.activity_hint": "您的订阅中还没有任何内容。您关注的仓库中的操作和活动将显示在此处。",
+	"home.explore_repos": "探索仓库",
+	"home.explore_users": "探索用户",
+	"home.explore_orgs": "探索组织",
+	"incorrect_root_url": "此 Forgejo 实例配置为在“%s”上提供服务。您当前正在通过不同的网址查看 Forgejo，这可能会导致应用程序的某些部分损坏。Forgejo 管理员可以通过 app.ini 中的 ROOT_URL 设置控制规范网址。",
+	"themes.names.forgejo-auto": "Forgejo（遵循系统主题）",
+	"themes.names.forgejo-light": "Forgejo 浅色",
+	"themes.names.forgejo-dark": "Forgejo 深色",
+	"error.not_found.title": "页面不存在",
+	"alert.asset_load_failed": "无法从 {path} 加载资源文件。请确保资源文件可被访问。",
+	"install.invalid_lfs_path": "无法在指定路径创建 LFS 根目录：%[1]s",
+	"alert.range_error": " 必须是一个介于 %[1]s 和 %[2]s 之间的数字。",
+	"meta.last_line": "感谢各位对Forgejo翻译的支持和帮助！不需要翻译这个。(三维鱼)。\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"mail.actions.successful_run_after_failure_subject": "仓库 %[2]s 中的工作流 %[1]s 已恢复",
+	"mail.actions.not_successful_run_subject": "仓库 %[2]s 中的工作流 %[1]s 已失败",
+	"mail.actions.successful_run_after_failure": "仓库 %[2]s 中的工作流 %[1]s 已恢复",
+	"mail.actions.run_info_previous_status": "上次运行的状态：%[1]s",
+	"mail.actions.run_info_cur_status": "此次运行的状态：%[1]s（从 %[2]s 更新）",
+	"mail.actions.run_info_trigger": "由 %[2]s %[1]s 触发",
+	"mail.actions.not_successful_run": "仓库 %[2]s 中的工作流 %[1]s 已失败",
+	"discussion.locked": "讨论已被锁定。仅贡献者能够发表评论。",
+	"relativetime.future": "未来",
+	"relativetime.mins": "%d 分钟前",
+	"relativetime.hours": "%d 小时前",
+	"relativetime.weeks": "%d 周前",
+	"relativetime.months": "%d 个月前",
+	"relativetime.years": "%d 年前",
+	"relativetime.1day": "昨天",
+	"relativetime.2days": "两天前",
+	"relativetime.1week": "上周",
+	"relativetime.1month": "上个月",
+	"relativetime.2months": "两个月前",
+	"relativetime.1year": "去年",
+	"relativetime.2years": "两年前",
+	"relativetime.now": "现在",
+	"relativetime.2weeks": "两周前",
+	"relativetime.days": "%d 天前",
+	"moderation.report_abuse_form.details": "此表单用于举报创建垃圾个人信息、仓库、议题、评论或行为不当的用户。",
+	"admin.config.moderation_config": "审核配置",
+	"moderation.report_abuse": "举报滥用",
+	"moderation.report_content": "举报内容",
+	"moderation.report_abuse_form.header": "向管理员举报滥用",
+	"moderation.report_abuse_form.invalid": "参数无效",
+	"moderation.report_abuse_form.already_reported": "您已举报此内容",
+	"moderation.abuse_category": "类别",
+	"moderation.abuse_category.placeholder": "选择类别",
+	"moderation.abuse_category.spam": "垃圾信息",
+	"moderation.abuse_category.malware": "恶意软件",
+	"moderation.abuse_category.illegal_content": "非法内容",
+	"moderation.abuse_category.other_violations": "其他违反平台规则的行为",
+	"moderation.report_remarks.placeholder": "请提供一些关于您所举报的滥用行为的详细信息。",
+	"moderation.report_remarks": "备注",
+	"moderation.submit_report": "提交举报",
+	"moderation.reporting_failed": "无法提交新的滥用举报：%v",
+	"moderation.reported_thank_you": "感谢您的举报，管理员已收到通知。",
+	"repo.form.cannot_create": "您可以创建仓库的所有空间均已达到仓库限制。",
+	"repo.issue_indexer.title": "议题索引器",
+	"watch.list.none": "没有人关注这个仓库。",
+	"followers.incoming.list.none": "没有人关注这位用户。",
+	"followers.outgoing.list.self.none": "你没有关注任何人。",
+	"followers.outgoing.list.none": "%s 没有关注任何人。",
+	"stars.list.none": "没有人点赞这个仓库。",
+	"followers.incoming.list.self.none": "没有人关注你的个人资料。",
+	"editor.textarea.tab_hint": "此行已缩进。再次按 <kbd>Tab</kbd> 或按 <kbd>Escape</kbd> 退出编辑器。",
+	"editor.textarea.shift_tab_hint": "此行无缩进。再次按 <kbd>Shift</kbd> + <kbd>Tab</kbd> 或按 <kbd>Escape</kbd> 退出编辑器。",
+	"admin.dashboard.cleanup_offline_runners": "清理离线运行器",
+	"settings.visibility.description": "个人资料可见性设置会影响他人对您的非私有仓库的访问。<a href=\"%s\" target=\"_blank\">了解更多</a>。",
+	"avatar.constraints_hint": "自定义头像大小不得超过 %[1]s，且分辨率不得大于 %[2]d×%[3]d 像素",
+	"keys.ssh.link": "SSH 密钥",
+	"keys.gpg.link": "GPG 密钥",
+	"profile.actions.tooltip": "更多操作",
+	"repo.diff.commit.next-short": "下一个",
+	"repo.diff.commit.previous-short": "上一个",
+	"feed.atom.link": "Atom 订阅源",
+	"profile.edit.link": "编辑个人资料",
+	"og.repo.summary_card.alt_description": "仓库 %[1]s 的摘要卡片，描述为：%[2]s",
+	"repo.settings.push_mirror.branch_filter.label": "分支过滤器（可选）",
+	"repo.settings.push_mirror.branch_filter.description": "欲镜像的分支。留空以镜像所有分支。关于语法的更多信息，请参见 <a href=\"%[1]s\">%[2]s 文档</a>。例如：<code>main, release/*</code>",
+	"mail.actions.run_info_sha": "提交：%[1]s",
+	"discussion.sidebar.reference": "引用",
+	"admin.dashboard.remove_resolved_reports": "移除已解决的举报",
+	"compare.branches.title": "比较分支",
+	"admin.auths.allow_username_change.description": "允许用户在个人设置中更改用户名",
+	"admin.moderation.moderation_reports": "举报",
+	"admin.moderation.reports": "举报",
+	"admin.moderation.no_open_reports": "目前没有打开的举报。",
+	"admin.moderation.deleted_content_ref": "类型为 %[1]v、ID为 %[2]d 的举报不存在",
+	"repo.commit.load_tags_failed": "由于内部错误，无法加载标签",
+	"admin.auths.allow_username_change": "允许更改用户名",
+	"migrate.pagure.description": "从 pagure.io 或其他 Pagure 实例迁移数据。",
+	"migrate.github.description": "从 github.com 或 GitHub Enterprise 服务器迁移数据。",
+	"migrate.git.description": "从任意 Git 服务迁移仓库。",
+	"migrate.gitea.description": "从 gitea.com 或其他 Gitea 实例迁移数据。",
+	"migrate.gitlab.description": "从 gitlab.com 或其他 GitLab 实例迁移数据。",
+	"migrate.gogs.description": "从 notabug.org 或其他 Gogs 实例迁移数据。",
+	"migrate.onedev.description": "从 code.onedev.io 或其他 OneDev 实例迁移数据。",
+	"migrate.gitbucket.description": "从 GitBucket 实例迁移数据。",
+	"migrate.codebase.description": "从 codebasehq.com 迁移数据。",
+	"migrate.forgejo.description": "从 codeberg.org 或其他 Forgejo 实例迁移数据。",
+	"warning.repository.out_of_sync": "此仓库的数据库表示已脱同步。如果在向此仓库推送提交后仍出现此警告，请联系管理员。",
+	"admin.config.security": "安全设置",
+	"settings.twofa_unroll_unavailable": "你的账户必须启用双因子认证，无法禁用。",
+	"error.must_enable_2fa": "此 Forgejo 实例要求用户启用双因子认证。转到 %s 以启用",
+	"admin.config.global_2fa_requirement.title": "全局双因子认证要求",
+	"admin.config.global_2fa_requirement.none": "无",
+	"admin.config.global_2fa_requirement.all": "所有用户",
+	"admin.config.global_2fa_requirement.admin": "管理员",
+	"settings.twofa_reenroll": "重新启用双因子认证",
+	"settings.twofa_reenroll.description": "重新启用你的双因子认证",
+	"settings.must_enable_2fa": "此 Forgejo 实例要求用户启用双因子认证。",
+	"migrate.pagure.incorrect_url": "提供了错误的源仓库URL",
+	"migrate.pagure.project_url": "Pagure 项目 URL",
+	"migrate.pagure.project_example": "Pagure 项目 URL，例如：https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Pagure API 令牌",
+	"repo.pulls.already_merged": "合并失败：此合并请求已被合并。",
+	"user.ghost.tooltip": "该用户已被删除或无法找到。",
+	"migrate.form.error.url_credentials": "URL 包含凭据，请分别将凭据填入用户名和密码字段",
+	"actions.runs.view_most_recent_run": "查看最新运行",
+	"actions.runs.run_attempt_label": "运行尝试 #%[1]s（%[2]s）",
+	"actions.runs.viewing_out_of_date_run": "您正在查看于 %[1]s 执行的过期运行。",
+	"pulse.n_active_issues": "%s 项活动的议题",
+	"pulse.n_active_prs": "%s 个活跃的合并请求",
+	"repo.pulls.maintainers_can_edit": "维护者可以编辑此合并请求。",
+	"repo.pulls.maintainers_cannot_edit": "维护者无法编辑此合并请求。",
+	"migrate.pagure.private_issues.summary": "私有议题（可选）",
+	"migrate.pagure.private_issues.description": "此功能将创建一个单独的、只包含私有议题的仓库，以供存档。首先，不带令牌进行一次普通迁移以导入公开内容，然后若有需要，填写令牌并再次迁移以创建一个新的仓库并存档私有议题。",
+	"migrate.pagure.private_issues.warning": "请确保在导入私有议题时将仓库可见性设置为私有，以避免意外将私有内容泄漏至公开仓库。",
+	"migrate.pagure.token.placeholder": "仅用于创建私有议题归档",
+	"mail.issue.action.close_by_commit": "%[1]s 于提交 %[3]s 中关闭了 %[2]s。",
+	"actions.workflow.job_parsing_error": "无法解析工作流中的任务：%v",
+	"actions.workflow.event_detection_error": "无法解析工作流中受支持的事件：%v",
+	"actions.workflow.pre_execution_error": "因有错误阻止了执行尝试，工作流未被执行。",
+	"watch.n_watchers": "%s 位关注者",
+	"teams.add_all_repos.modal.header": "添加所有仓库",
+	"teams.remove_all_repos.modal.header": "移除所有仓库",
+	"repo.pulls.poster_manage_approval": "管理批准",
+	"repo.pulls.poster_requires_approval": "一些工作流正<a href=\"%[1]s\">等待审阅</a>。",
+	"repo.pulls.poster_requires_approval.tooltip": "此合并请求的作者未被信任以运行由派生仓库或AGit创建的PR触发的工作流。由 `pull_request` 事件触发的工作流在被批准前不会运行。",
+	"repo.pulls.poster_is_trusted": "此合并请求的作者<a href=\"%[1]s\">总是被信任以运行工作流</a>。",
+	"repo.pulls.poster_is_trusted.tooltip": "此合并请求的作者被明确信任以运行由 `pull_request` 事件触发的工作流。",
+	"repo.pulls.poster_trust_deny": "拒绝",
+	"repo.pulls.poster_trust_deny.tooltip": "等待批准的工作流将被取消。",
+	"repo.pulls.poster_trust_once": "批准一次",
+	"repo.issues.filter_poster.hint": "按作者过滤",
+	"repo.issues.filter_assignee.hint": "按指派用户过滤",
+	"repo.issues.filter_reviewers.hint": "按审阅用户过滤",
+	"repo.issues.filter_mention.hint": "按提及用户过滤",
+	"repo.issues.filter_modified.hint": "按最后修改时间过滤",
+	"repo.issues.filter_sort.hint": "按创建时间/评论数/更新时间/截止时间排序",
+	"search.syntax": "搜索语法",
+	"keys.verify.token.hint": "此令牌仅在一分钟内有效。过期后请<a href=\"%[1]s\">重新获取</a>。",
+	"admin.dashboard.actions_action_user": "撤销不活跃用户的Forgejo Actions信任",
+	"admin.dashboard.transfer_lingering_logs": "将已完成的actions任务的日志从数据库转移到硬盘",
+	"actions.status.diagnostics.waiting": "等待带有以下标签的运行器：%s",
+	"repo.pulls.poster_trust_once.tooltip": "由`pull_request`事件触发的工作流会基于此提交运行，但仍需批准。",
+	"repo.pulls.poster_trust_always": "始终批准",
+	"repo.pulls.poster_trust_always.tooltip": "由`pull_request`事件触发的工作流会基于此提交运行，且来自此合并请求或同一用户的其他合并请求的运行不需要批准。",
+	"repo.pulls.poster_trust_revoke": "撤销",
+	"repo.pulls.poster_trust_revoke.tooltip": "此合并请求的作者将不再被信任以运行`pull_request`事件触发的工作流，所有运行均需被手动批准。",
+	"moderation.report.mark_as_handled": "标记为已处理",
+	"moderation.report.mark_as_ignored": "标记为忽略",
+	"moderation.action.account.delete": "删除账户",
+	"moderation.action.account.suspend": "封禁账户",
+	"moderation.action.repo.delete": "删除仓库",
+	"moderation.action.issue.delete": "删除议题",
+	"moderation.action.comment.delete": "删除评论",
+	"moderation.unknown_action": "未知操作",
+	"moderation.users.cannot_suspend_self": "您不能封禁您自己。",
+	"moderation.users.cannot_suspend_admins": "您不能封禁有管理权限的用户。",
+	"moderation.users.cannot_suspend_org": "您不能封禁组织。",
+	"moderation.users.already_suspended": "该账户已经处于封禁状态。",
+	"moderation.users.suspend_success": "已封禁该账户。",
+	"moderation.users.cannot_delete_admins": "您不能删除有管理权限的账户。",
+	"moderation.issue.deletion_success": "已删除该议题。",
+	"moderation.comment.deletion_success": "已删除该评论。",
+	"actions.workflow.persistent_incomplete_matrix": "因`needs`表达式无效，无法解析该任务的`strategy.martix`。可能引用了一个未在其 needs 列表（%[2]s）当中的任务，或者该列表中某些任务没有输出。",
+	"actions.workflow.incomplete_matrix_missing_job": "无法解析任务‘%[1]s’的`strategy.martix`：任务‘%[2]s’不在‘%[1]s’的`needs`列表当中（%[3]s）。",
+	"actions.workflow.incomplete_matrix_missing_output": "无法解析任务‘%[1]s’的`strategy.martix`：任务‘%[2]s’没有输出‘%[3]s’。",
+	"actions.workflow.incomplete_matrix_unknown_cause": "无法解析任务‘%[1]s’的`strategy.martix`：未知错误。",
+	"actions.workflow.incomplete_runson_missing_job": "无法解析任务‘%[1]s’的`runs-on`：任务‘%[2]s’不在任务‘%[1]s’的`needs`列表内（%[3]s）。",
+	"actions.workflow.incomplete_runson_missing_output": "无法解析任务‘%[1]s’的`runs-on`：任务‘%[2]s’没有输出‘%[3]s’。",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "无法解析任务‘%[1]s’的`runs-on`：矩阵维度‘%[2]s’不存在。",
+	"actions.workflow.incomplete_runson_unknown_cause": "无法解析任务‘%[1]s’的`runs-on`：未知错误。",
+	"admin.auths.oauth2_quota_group_claim_name": "用于设定该来源配额组名的声明（claim）的名称。（可选）",
+	"admin.auths.oauth2_quota_group_map": "将声明组映射到配额组。（可选，需要填写上述声明名称）",
+	"admin.auths.oauth2_quota_group_map_removal": "如果用户不是对应组的成员，则将用户从同步的配额组中移出。",
+	"search.fuzzy": "模糊",
+	"issues.updated": "更新于 %s",
+	"search.fuzzy_tooltip": "包含与搜索关键字相似的结果",
+	"actions.workflow.incomplete_with_missing_job": "无法解析任务‘%[1]s’的`with`：任务‘%[2]s’不在任务‘%[1]s’的`needs`列表（‘%[3]s’）中。",
+	"actions.workflow.incomplete_with_missing_output": "无法解析任务‘%[1]s’的`with`：任务‘%[2]s’没有输出‘%[3]s’。",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "无法解析任务‘%[1]s’的`with`：矩阵维度‘%[2]s’不存在。",
+	"actions.workflow.incomplete_with_unknown_cause": "无法解析任务‘%[1]s’的`with`：未知错误。"
 }
diff --git a/options/locale_next/locale_zh-HK.json b/options/locale_next/locale_zh-HK.json
index 277385cf5f..f1503cc03d 100644
--- a/options/locale_next/locale_zh-HK.json
+++ b/options/locale_next/locale_zh-HK.json
@@ -1,4 +1,5 @@
 {
-    "repo.pulls.merged_title_desc": "於 %[4]s 將 %[1]d 次代碼提交從 <code>%[2]s</code>合併至 <code>%[3]s</code>",
-    "moderation.abuse_category.malware": "惡意程式"
+	"repo.pulls.merged_title_desc": "於 %[4]s 將 %[1]d 次代碼提交從 <code>%[2]s</code>合併至 <code>%[3]s</code>",
+	"moderation.abuse_category.malware": "惡意程式",
+	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
 }
diff --git a/options/locale_next/locale_zh-TW.json b/options/locale_next/locale_zh-TW.json
index 0f0f20e448..09f6ec443a 100644
--- a/options/locale_next/locale_zh-TW.json
+++ b/options/locale_next/locale_zh-TW.json
@@ -1,105 +1,100 @@
 {
-    "fork.n_forks": {
-        "one": "%s 個分叉",
-        "other": "%s 個分叉"
-    },
-    "stars.n_stars": {
-        "one": "%s 顆星星",
-        "other": "%s 顆星星"
-    },
-    "release.n_downloads": {
-        "one": "%s 次下載",
-        "other": "%s 次下載"
-    },
-    "repo.pulls.merged_title_desc": "將 %[1]d 次提交從 <code>%[2]s</code> 合併至 <code>%[3]s</code> %[4]s",
-    "repo.pulls.title_desc": "請求將 %[1]d 次程式碼提交從 <code>%[2]s</code> 合併至 <code id=\"%[4]s\">%[3]s</code>",
-    "search.milestone_kind": "搜尋里程碑…",
-    "home.welcome.no_activity": "沒有活動",
-    "home.welcome.activity_hint": "您的動態摘要目前沒有任何內容。 您對關注的儲存庫所做的操作與活動將會顯示在這裡。",
-    "stars.list.none": "沒有人標星這個儲存庫。",
-    "watch.list.none": "沒有人關注這個儲存庫。",
-    "home.explore_repos": "探索儲存庫",
-    "home.explore_users": "探索使用者",
-    "home.explore_orgs": "探索組織",
-    "alert.range_error": " 必須是一個介於 %[1]s 和 %[2]s 之間的數字。",
-    "install.invalid_lfs_path": "無法在指定路徑建立 LFS 根目錄：%[1]s",
-    "relativetime.now": "現在",
-    "relativetime.future": "未來",
-    "repo.form.cannot_create": "您可以建立儲存庫的所有空間都已達到儲存庫上限。",
-    "repo.issue_indexer.title": "問題索引器",
-    "moderation.abuse_category": "分類",
-    "moderation.abuse_category.placeholder": "選擇分類",
-    "moderation.abuse_category.spam": "垃圾訊息",
-    "moderation.abuse_category.malware": "惡意軟體",
-    "moderation.abuse_category.illegal_content": "違法內容",
-    "moderation.report_remarks.placeholder": "請提供您所檢舉濫用行為的相關細節。",
-    "moderation.report_remarks": "備註",
-    "moderation.submit_report": "提交檢舉",
-    "moderation.reporting_failed": "無法提交新的濫用回報：%v",
-    "moderation.reported_thank_you": "感謝您的回報，管理團隊已收到相關通知。",
-    "mail.actions.successful_run_after_failure_subject": "儲存庫 %[2]s 中的工作流程 %[1]s 已恢復",
-    "error.not_found.title": "找不到頁面",
-    "incorrect_root_url": "這個 Forgejo 實例設定為在 \"%s\" 上提供服務。您目前是透過不同的 URL 存取 Forgejo，這可能會導致部分功能無法正常運作。正式的 URL 是由 Forgejo 管理員透過 app.ini 中的 ROOT_URL 設定所控制。",
-    "themes.names.forgejo-auto": "Forgejo（遵循系統主題）",
-    "themes.names.forgejo-light": "Forgejo 淺色",
-    "themes.names.forgejo-dark": "Forgejo 深色",
-    "followers.incoming.list.self.none": "沒有人關注您的個人資料。",
-    "followers.incoming.list.none": "沒有人關注這位使用者。",
-    "followers.outgoing.list.none": "%s 沒有追蹤任何人。",
-    "followers.outgoing.list.self.none": "您沒有追蹤任何人。",
-    "relativetime.mins": "%d 分鐘前",
-    "relativetime.hours": "%d 小時前",
-    "relativetime.days": "%d 天前",
-    "relativetime.weeks": "%d 周前",
-    "relativetime.months": "%d 個月前",
-    "relativetime.years": "%d 年前",
-    "relativetime.1day": "昨天",
-    "relativetime.2days": "兩天前",
-    "relativetime.1week": "上週",
-    "relativetime.2weeks": "兩週前",
-    "relativetime.1month": "上個月",
-    "relativetime.2months": "兩個月前",
-    "relativetime.1year": "去年",
-    "relativetime.2years": "兩年前",
-    "moderation.abuse_category.other_violations": "其他違反平台規則的行為",
-    "mail.actions.not_successful_run_subject": "儲存庫 %[2]s 中的工作流程 %[1]s 已失敗",
-    "mail.actions.successful_run_after_failure": "儲存庫 %[2]s 中的工作流程 %[1]s 已恢復",
-    "mail.actions.not_successful_run": "儲存庫 %[2]s 中的工作流程 %[1]s 已失敗",
-    "mail.actions.run_info_cur_status": "本次執行狀態：%[1]s（剛從 %[2]s 更新）",
-    "mail.actions.run_info_previous_status": "前一次執行狀態：%[1]s",
-    "mail.actions.run_info_trigger": "觸發原因：%[1]s，由 %[2]s 執行",
-    "discussion.locked": "此討論已被鎖定。僅限貢獻者留言。",
-    "alert.asset_load_failed": "無法從 {path} 載入資源檔案。請確保這些資源檔案可以被存取。",
-    "editor.textarea.tab_hint": "此行已縮排。再次按下 <kbd>Tab</kbd> 鍵或按下 <kbd>Escape</kbd> 鍵以離開編輯器。",
-    "editor.textarea.shift_tab_hint": "此行未縮排。請再次按下 <kbd>Shift</kbd> + <kbd>Tab</kbd>，或按下 <kbd>Escape</kbd> 鍵以離開編輯器。",
-    "admin.config.moderation_config": "審核設定",
-    "moderation.report_abuse": "回報濫用行為",
-    "moderation.report_content": "檢舉內容",
-    "moderation.report_abuse_form.header": "向管理員回報濫用",
-    "moderation.report_abuse_form.details": "這個表單是用來檢舉用戶建立垃圾帳號、儲存庫、問題、留言，或其他不當行為。",
-    "moderation.report_abuse_form.invalid": "無效參數",
-    "moderation.report_abuse_form.already_reported": "您已檢舉此內容",
-    "meta.last_line": "Rubi-chan? Hai! Nani ga suki? Choko minto yori mo a･na･ta♡ Ayumu-chan? Hai! Nani ga suki? Sutoroberii fureibaa yori mo a･na･ta♡ Shiki-chan! Hai! Nani ga suki? Kukkii and kuriimu yori mo a･na･ta♡ Minna? Hai! Nani ga suki? Mochiron daisuki AiScReam.",
-    "admin.dashboard.cleanup_offline_runners": "清理離線 runners",
-    "settings.visibility.description": "個人資料的可見度會影響他人存取您非私人儲存庫的能力。<a href=\"%s\" target=\"_blank\">了解更多</a>",
-    "avatar.constraints_hint": "自定義大頭貼的大小不得超過 %[1]s，且解析度不得大於 %[2]d×%[3]d 像素",
-    "repo.diff.commit.next-short": "下一個",
-    "repo.diff.commit.previous-short": "上一個",
-    "migrate.github.description": "從 github.com 或 GitHub Enterprise 伺服器遷移資料。",
-    "migrate.git.description": "從任何 Git 服務遷移儲存庫。",
-    "migrate.gitea.description": "從 gitea.com 或其他 Gitea 站點遷移資料。",
-    "migrate.gitlab.description": "從 gitlab.com 或其他 GitLab 站點遷移資料。",
-    "migrate.gogs.description": "從 notabug.org 或其他 Gogs 站點遷移資料。",
-    "migrate.onedev.description": "從 code.onedev.io 或其他 OneDev 站點遷移資料。",
-    "migrate.gitbucket.description": "從 GitBucket 站點遷移資料。",
-    "migrate.codebase.description": "從 codebasehq.com 遷移資料。",
-    "migrate.forgejo.description": "從 codeberg.org 或其他 Forgejo 站點遷移資料。",
-    "pulse.n_active_issues": {
-        "one": "%s 個問題",
-        "other": "%s 個問題"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s 個合併請求",
-        "other": "%s 個合併請求"
-    }
+	"fork.n_forks": {
+		"other": "%s 個分叉"
+	},
+	"stars.n_stars": {
+		"other": "%s 顆星星"
+	},
+	"release.n_downloads": {
+		"other": "%s 次下載"
+	},
+	"repo.pulls.merged_title_desc": "將 %[1]d 次提交從 <code>%[2]s</code> 合併至 <code>%[3]s</code> %[4]s",
+	"repo.pulls.title_desc": "請求將 %[1]d 次程式碼提交從 <code>%[2]s</code> 合併至 <code id=\"%[4]s\">%[3]s</code>",
+	"search.milestone_kind": "搜尋里程碑…",
+	"home.welcome.no_activity": "沒有活動",
+	"home.welcome.activity_hint": "您的動態摘要目前沒有任何內容。 您對關注的儲存庫所做的操作與活動將會顯示在這裡。",
+	"stars.list.none": "沒有人標星這個儲存庫。",
+	"watch.list.none": "沒有人關注這個儲存庫。",
+	"home.explore_repos": "探索儲存庫",
+	"home.explore_users": "探索使用者",
+	"home.explore_orgs": "探索組織",
+	"alert.range_error": " 必須是一個介於 %[1]s 和 %[2]s 之間的數字。",
+	"install.invalid_lfs_path": "無法在指定路徑建立 LFS 根目錄：%[1]s",
+	"relativetime.now": "現在",
+	"relativetime.future": "未來",
+	"repo.form.cannot_create": "您可以建立儲存庫的所有空間都已達到儲存庫上限。",
+	"repo.issue_indexer.title": "問題索引器",
+	"moderation.abuse_category": "分類",
+	"moderation.abuse_category.placeholder": "選擇分類",
+	"moderation.abuse_category.spam": "垃圾訊息",
+	"moderation.abuse_category.malware": "惡意軟體",
+	"moderation.abuse_category.illegal_content": "違法內容",
+	"moderation.report_remarks.placeholder": "請提供您所檢舉濫用行為的相關細節。",
+	"moderation.report_remarks": "備註",
+	"moderation.submit_report": "提交檢舉",
+	"moderation.reporting_failed": "無法提交新的濫用回報：%v",
+	"moderation.reported_thank_you": "感謝您的回報，管理團隊已收到相關通知。",
+	"mail.actions.successful_run_after_failure_subject": "儲存庫 %[2]s 中的工作流程 %[1]s 已恢復",
+	"error.not_found.title": "找不到頁面",
+	"incorrect_root_url": "這個 Forgejo 實例設定為在 \"%s\" 上提供服務。您目前是透過不同的 URL 存取 Forgejo，這可能會導致部分功能無法正常運作。正式的 URL 是由 Forgejo 管理員透過 app.ini 中的 ROOT_URL 設定所控制。",
+	"themes.names.forgejo-auto": "Forgejo（遵循系統主題）",
+	"themes.names.forgejo-light": "Forgejo 淺色",
+	"themes.names.forgejo-dark": "Forgejo 深色",
+	"followers.incoming.list.self.none": "沒有人關注您的個人資料。",
+	"followers.incoming.list.none": "沒有人關注這位使用者。",
+	"followers.outgoing.list.none": "%s 沒有追蹤任何人。",
+	"followers.outgoing.list.self.none": "您沒有追蹤任何人。",
+	"relativetime.mins": "%d 分鐘前",
+	"relativetime.hours": "%d 小時前",
+	"relativetime.days": "%d 天前",
+	"relativetime.weeks": "%d 周前",
+	"relativetime.months": "%d 個月前",
+	"relativetime.years": "%d 年前",
+	"relativetime.1day": "昨天",
+	"relativetime.2days": "兩天前",
+	"relativetime.1week": "上週",
+	"relativetime.2weeks": "兩週前",
+	"relativetime.1month": "上個月",
+	"relativetime.2months": "兩個月前",
+	"relativetime.1year": "去年",
+	"relativetime.2years": "兩年前",
+	"moderation.abuse_category.other_violations": "其他違反平台規則的行為",
+	"mail.actions.not_successful_run_subject": "儲存庫 %[2]s 中的工作流程 %[1]s 已失敗",
+	"mail.actions.successful_run_after_failure": "儲存庫 %[2]s 中的工作流程 %[1]s 已恢復",
+	"mail.actions.not_successful_run": "儲存庫 %[2]s 中的工作流程 %[1]s 已失敗",
+	"mail.actions.run_info_cur_status": "本次執行狀態：%[1]s（剛從 %[2]s 更新）",
+	"mail.actions.run_info_previous_status": "前一次執行狀態：%[1]s",
+	"mail.actions.run_info_trigger": "觸發原因：%[1]s，由 %[2]s 執行",
+	"discussion.locked": "此討論已被鎖定。僅限貢獻者留言。",
+	"alert.asset_load_failed": "無法從 {path} 載入資源檔案。請確保這些資源檔案可以被存取。",
+	"editor.textarea.tab_hint": "此行已縮排。再次按下 <kbd>Tab</kbd> 鍵或按下 <kbd>Escape</kbd> 鍵以離開編輯器。",
+	"editor.textarea.shift_tab_hint": "此行未縮排。請再次按下 <kbd>Shift</kbd> + <kbd>Tab</kbd>，或按下 <kbd>Escape</kbd> 鍵以離開編輯器。",
+	"admin.config.moderation_config": "審核設定",
+	"moderation.report_abuse": "回報濫用行為",
+	"moderation.report_content": "檢舉內容",
+	"moderation.report_abuse_form.header": "向管理員回報濫用",
+	"moderation.report_abuse_form.details": "這個表單是用來檢舉用戶建立垃圾帳號、儲存庫、問題、留言，或其他不當行為。",
+	"moderation.report_abuse_form.invalid": "無效參數",
+	"moderation.report_abuse_form.already_reported": "您已檢舉此內容",
+	"meta.last_line": "Rubi-chan? Hai! Nani ga suki? Choko minto yori mo a･na･ta♡ Ayumu-chan? Hai! Nani ga suki? Sutoroberii fureibaa yori mo a･na･ta♡ Shiki-chan! Hai! Nani ga suki? Kukkii and kuriimu yori mo a･na･ta♡ Minna? Hai! Nani ga suki? Mochiron daisuki AiScReam.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"admin.dashboard.cleanup_offline_runners": "清理離線 runners",
+	"settings.visibility.description": "個人資料的可見度會影響他人存取您非私人儲存庫的能力。<a href=\"%s\" target=\"_blank\">了解更多</a>",
+	"avatar.constraints_hint": "自定義大頭貼的大小不得超過 %[1]s，且解析度不得大於 %[2]d×%[3]d 像素",
+	"repo.diff.commit.next-short": "下一個",
+	"repo.diff.commit.previous-short": "上一個",
+	"migrate.github.description": "從 github.com 或 GitHub Enterprise 伺服器遷移資料。",
+	"migrate.git.description": "從任何 Git 服務遷移儲存庫。",
+	"migrate.gitea.description": "從 gitea.com 或其他 Gitea 站點遷移資料。",
+	"migrate.gitlab.description": "從 gitlab.com 或其他 GitLab 站點遷移資料。",
+	"migrate.gogs.description": "從 notabug.org 或其他 Gogs 站點遷移資料。",
+	"migrate.onedev.description": "從 code.onedev.io 或其他 OneDev 站點遷移資料。",
+	"migrate.gitbucket.description": "從 GitBucket 站點遷移資料。",
+	"migrate.codebase.description": "從 codebasehq.com 遷移資料。",
+	"migrate.forgejo.description": "從 codeberg.org 或其他 Forgejo 站點遷移資料。",
+	"pulse.n_active_issues": {
+		"other": "%s 個問題"
+	},
+	"pulse.n_active_prs": {
+		"other": "%s 個合併請求"
+	}
 }

From 2566924ff8ae7015028334741f10ad7eab7a72ad Mon Sep 17 00:00:00 2001
From: MayMeow <maymeow@noreply.codeberg.org>
Date: Thu, 1 Jan 2026 11:45:43 +0100
Subject: [PATCH 079/854] feat: Retrieve default merge commit message for pull
 requests (#10022)

Closes #7719

Co-authored-by: kukolos <91948790+kukolos@users.noreply.github.com>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10022
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: MayMeow <maymeow@noreply.codeberg.org>
Co-committed-by: MayMeow <maymeow@noreply.codeberg.org>
---
 options/locale_next/locale_en-US.json         |  5 ++
 templates/repo/issue/view_content/pull.tmpl   |  2 +-
 .../view_content/pull_merge_instruction.tmpl  | 29 +++++++
 .../pull_merge_instruction_test.go            | 83 +++++++++++++++++++
 4 files changed, 118 insertions(+), 1 deletion(-)
 create mode 100644 tests/integration/pull_merge_instruction_test.go

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index e85f8e311e..8210009f97 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -240,6 +240,11 @@
     },
     "teams.add_all_repos.modal.header": "Add all repositories",
     "teams.remove_all_repos.modal.header": "Remove all repositories",
+    "pulls.manual_merge.helper": "Manual merge helper",
+    "pulls.manual_merge.helpder.description": "Use this merge commit message when completing the merge manually.",
+    "pulls.manual_merge.commit.title": "Merge commit title",
+    "pulls.manual_merge.commit.body": "Merge commit body",
+    "pulls.manual_merge.copy.button": "Copy merge commit message",
     "admin.auths.oauth2_quota_group_claim_name": "Claim name providing group names for this source to be used for quota management. (Optional)",
     "admin.auths.oauth2_quota_group_map": "Map claimed groups to quota groups. (Optional - requires claim name above)",
     "admin.auths.oauth2_quota_group_map_removal": "Remove users from synchronized quota groups if user does not belong to corresponding group.",
diff --git a/templates/repo/issue/view_content/pull.tmpl b/templates/repo/issue/view_content/pull.tmpl
index 3a6a306b12..8198c6f98d 100644
--- a/templates/repo/issue/view_content/pull.tmpl
+++ b/templates/repo/issue/view_content/pull.tmpl
@@ -390,7 +390,7 @@
 			{{end}}
 
 			{{if and .Issue.PullRequest.HeadRepo (not .Issue.PullRequest.HasMerged) (not .Issue.IsClosed)}}
-				{{template "repo/issue/view_content/pull_merge_instruction" dict "PullRequest" .Issue.PullRequest "ShowMergeInstructions" .ShowMergeInstructions "AutodetectManualMerge" .AutodetectManualMerge}}
+				{{template "repo/issue/view_content/pull_merge_instruction" dict "PullRequest" .Issue.PullRequest "ShowMergeInstructions" .ShowMergeInstructions "AutodetectManualMerge" .AutodetectManualMerge "DefaultMergeMessage" .DefaultMergeMessage "DefaultMergeBody" .DefaultMergeBody "IsPullFilesConflicted" .IsPullFilesConflicted}}
 			{{end}}
 		</div>
 	</div>
diff --git a/templates/repo/issue/view_content/pull_merge_instruction.tmpl b/templates/repo/issue/view_content/pull_merge_instruction.tmpl
index dd30a3a8d6..1c83ae713c 100644
--- a/templates/repo/issue/view_content/pull_merge_instruction.tmpl
+++ b/templates/repo/issue/view_content/pull_merge_instruction.tmpl
@@ -1,6 +1,35 @@
 <div class="divider"></div>
 <details class="collapsible">
 	<summary class="tw-py-2"> {{ctx.Locale.Tr "repo.pulls.cmd_instruction_hint"}} </summary>
+	{{if .IsPullFilesConflicted}}
+		{{$titleID := printf "manual-merge-title-%d" .PullRequest.ID}}
+		{{$bodyID := printf "manual-merge-body-%d" .PullRequest.ID}}
+		{{$copySourceID := printf "manual-merge-message-%d" .PullRequest.ID}}
+		{{$fullMessage := .DefaultMergeMessage}}
+		{{if .DefaultMergeBody}}
+			{{$fullMessage = printf "%s\n\n%s" .DefaultMergeMessage .DefaultMergeBody}}
+		{{end}}
+		<div class="tw-mb-4">
+			<h3 class="tw-flex tw-items-center tw-gap-2">{{svg "octicon-info" 16}} {{ctx.Locale.Tr "pulls.manual_merge.helper"}}</h3>
+			<p class="tw-mb-2">{{ctx.Locale.Tr "pulls.manual_merge.helpder.description"}}</p>
+			<div class="ui secondary segment tw-space-y-3">
+				<div class="ui form">
+					<div class="field">
+						<label for="{{$titleID}}">{{ctx.Locale.Tr "pulls.manual_merge.commit.title"}}</label>
+						<textarea id="{{$titleID}}" readonly rows="1">{{- .DefaultMergeMessage -}}</textarea>
+					</div>
+					{{if .DefaultMergeBody}}
+					<div class="field">
+						<label for="{{$bodyID}}">{{ctx.Locale.Tr "pulls.manual_merge.commit.body"}}</label>
+						<textarea id="{{$bodyID}}" readonly rows="5">{{- .DefaultMergeBody -}}</textarea>
+					</div>
+					{{end}}
+					<textarea id="{{$copySourceID}}" class="tw-hidden" aria-hidden="true" readonly>{{- $fullMessage -}}</textarea>
+					<button class="secondary button" type="button" data-clipboard-target="#{{$copySourceID}}">{{svg "octicon-copy" 16}} {{ctx.Locale.Tr "pulls.manual_merge.copy.button"}}</button>
+				</div>
+			</div>
+		</div>
+	{{end}}
 	<div><h3>{{ctx.Locale.Tr "repo.pulls.cmd_instruction_checkout_title"}}</h3>{{ctx.Locale.Tr "repo.pulls.cmd_instruction_checkout_desc"}}</div>
 	{{$localBranch := .PullRequest.HeadBranch}}
 	{{if ne .PullRequest.HeadRepo.ID .PullRequest.BaseRepo.ID}}
diff --git a/tests/integration/pull_merge_instruction_test.go b/tests/integration/pull_merge_instruction_test.go
new file mode 100644
index 0000000000..9866e08937
--- /dev/null
+++ b/tests/integration/pull_merge_instruction_test.go
@@ -0,0 +1,83 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+
+	auth_model "forgejo.org/models/auth"
+	issues_model "forgejo.org/models/issues"
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/gitrepo"
+	api "forgejo.org/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPullMergeInstruction(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
+		session := loginUser(t, "user1")
+		testRepoFork(t, session, "user2", "repo1", "user1", "repo1")
+		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "conflict", "README.md", "Hello, World (Edited Once)\n")
+		testEditFileToNewBranch(t, session, "user1", "repo1", "master", "base", "README.md", "Hello, World (Edited Twice)\n")
+
+		// Use API to create a conflicting PR, mirroring TestCantMergeConflict
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+		req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls", "user1", "repo1"), &api.CreatePullRequestOption{
+			Head:  "conflict",
+			Base:  "base",
+			Title: "create a conflicting pr",
+		}).AddTokenAuth(token)
+		resp := session.MakeRequest(t, req, http.StatusCreated)
+
+		var pr api.PullRequest
+		DecodeJSON(t, resp, &pr)
+
+		user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{
+			Name: "user1",
+		})
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{
+			OwnerID: user1.ID,
+			Name:    "repo1",
+		})
+
+		// Assert that the PR exists, is open, and is not mergeable (conflicted)
+		prLoaded := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{
+			ID:         pr.ID,
+			HeadRepoID: repo1.ID,
+			BaseRepoID: repo1.ID,
+			HeadBranch: "conflict",
+			BaseBranch: "base",
+		}, "status = 0")
+		assert.False(t, prLoaded.Mergeable(t.Context()), "PR should be marked as conflicted")
+
+		gitRepo, err := gitrepo.OpenRepository(t.Context(), repo1)
+		require.NoError(t, err)
+		defer gitRepo.Close()
+
+		// Visit the PR page and check for the manual merge helper
+		req = NewRequest(t, "GET", fmt.Sprintf("/user1/repo1/pulls/%d", pr.Index))
+		resp = session.MakeRequest(t, req, http.StatusOK)
+
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		// Check for "View command line instructions"
+		summary := htmlDoc.doc.Find("details.collapsible summary").Text()
+		assert.Contains(t, summary, "View command line instructions")
+
+		// Check for "Manual merge helper"
+		helperTitle := htmlDoc.doc.Find("details.collapsible h3").Text()
+		assert.Contains(t, helperTitle, "Manual merge helper")
+
+		// Check for the description
+		helperDesc := htmlDoc.doc.Find("details.collapsible p").Text()
+		assert.Contains(t, helperDesc, "Use this merge commit message when completing the merge manually.")
+	})
+}

From c2649d40556a946d43ad434e9d6cd8754adaad77 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 1 Jan 2026 14:22:11 +0100
Subject: [PATCH 080/854] fix: dynamic Action jobs can stall by marking
 themselves blocked (#10658)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

#10647 introduced a regression which was detected by the [matrix-dynamic end-to-end test](https://code.forgejo.org/forgejo/end-to-end/src/commit/0e0b1429e675b4e842fa80788d99d3112370a728/actions/example-matrix-dynamic/.forgejo/workflows/test.yml), resulting in [test failures](https://code.forgejo.org/forgejo/end-to-end/actions/runs/4608/jobs/2/attempt/1).

The cause of this regression was an added code path which is invoked when a job is being reparsed due to being incomplete, in which the original `needs` value of the job is preserved.  To describe it in detail, here's an incomplete job...

```
on: [push]
jobs:
  # ...
  matrix-job:
    runs-on: docker
    needs: define-matrix
    strategy:
      matrix: ${{ fromJSON(needs.define-matrix.outputs.matrix-value) }}
    steps: # ...
```

This job is "incomplete" when it is parsed initially because the `define-matrix` job needs to be completed before its matrix can be evaluated into the correct jobs to run.  It `needs: define-matrix`.  When it is first parsed by Forgejo, `needs: define-matrix` is pulled out of the job definition and stored in the database, in the `action_run_job` table's `needs` column, because Forgejo will be the one managing when it is run by detecting the completion of the `define-matrix` job.

During #10647, a change was made which caused new jobs' which have their own `needs` (from reusable workflows) to have their `needs` be merged with the `needs` that were stored in the database.  The regression is that when a job is expanded, it will still be considered a blocked job because it has a `needs` list (even though we know that those jobs are complete):

https://codeberg.org/forgejo/forgejo/src/commit/03e2ecfbc4301b0991ed597a03bd75511d5bf381/models/actions/run.go#L369-L370

As for why it was originally added in #10647?  Unfortunately the comment that I left in the code doesn't explain the functional problem it was attempting to solve, and just describes it as-if the original needs are still needed for *something*. 🙄  It makes perfect sense to me, right now, that we would **not** keep `needs` values that are already known to be complete.

I've run through my new reusable workflow end-to-end test (https://code.forgejo.org/forgejo/end-to-end/pulls/1362) with this codepath removed and it works perfectly fine.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10658
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 services/actions/job_emitter.go      | 19 +------------------
 services/actions/job_emitter_test.go |  3 +--
 2 files changed, 2 insertions(+), 20 deletions(-)

diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index 167083a028..f1e9d21cbb 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -298,7 +298,7 @@ func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.Ac
 		// it to be a "persistent incomplete" job with some error that needs to be reported to the user.  If the
 		// re-evaluated job has a different job ID, then it's likely an expanded job -- such as from a reusable workflow
 		// -- which could have it's own `needs` that allows it to expand into a correct job in the future.
-		jobID, job := swf.Job()
+		jobID, _ := swf.Job()
 		if jobID == blockedJob.JobID {
 			if swf.IncompleteMatrix {
 				errorCode, errorDetails := persistentIncompleteMatrixError(blockedJob, swf.IncompleteMatrixNeeds)
@@ -322,23 +322,6 @@ func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.Ac
 				// Return `true` to skip running this job in this invalid state
 				return true, nil
 			}
-
-			// When `InsertRunJobs` is run on a job (including `blockedJob` when it was persisted), the `needs` are
-			// removed from it's WorkflowPayload and moved up to the database record so that Forgejo can manage ordering
-			// the run execution.  Now that `blockedJob` has been changed from incomplete->complete by reparsing it and
-			// providing its inputs, it would have been reparsed with an empty `needs` entry because of this earlier
-			// removal.  And the returned record could have its own new `needs` if it was a reusable workflow with inner
-			// jobs.  So, merge the old database list of needs with the new reparsed list of needs, and store them in
-			// the new `SingleWorkflow` which will be paseed to `InsertRunJobs` where it will be ripped out again.
-			//
-			// This is only relevant for `blockedJob` and not for any other generated jobs since they wouldn't have yet
-			// gone through `InsertRunJobs` to have this mutation performed.
-			newNeeds := append(job.Needs(), blockedJob.Needs...)
-			_ = job.RawNeeds.Encode(newNeeds)
-			err := swf.SetJob(jobID, job)
-			if err != nil {
-				return false, fmt.Errorf("failure to update needs in job: %w", err)
-			}
 		}
 	}
 
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index 14310703e6..767d5bdca4 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -475,7 +475,7 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 			needs: map[string][]string{
 				"define-workflow-call":    nil,
 				"inner my-workflow-input": nil,
-				"perform-workflow-call":   {"define-workflow-call", "perform-workflow-call.inner_job"},
+				"perform-workflow-call":   {"perform-workflow-call.inner_job"},
 			},
 		},
 		// Before reusable workflow expansion, there weren't any cases where evaluating a job in the job emitter could
@@ -502,7 +502,6 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 				"inner define-runs-on my-workflow-input": nil,
 				"inner incomplete-job my-workflow-input": {"perform-workflow-call.define-runs-on"},
 				"perform-workflow-call": {
-					"define-workflow-call",
 					"perform-workflow-call.define-runs-on",
 					"perform-workflow-call.scalar-job",
 				},

From 0af52cdca24dbf0d9e62a0551f6fc2d7919e68fd Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 1 Jan 2026 17:36:20 +0100
Subject: [PATCH 081/854] fix: in-progress job icon doesn't rotate on repo's
 action list (#10656)

In-progress jobs don't have a rotating status icon on `/org/repo/actions`.  Likely a regression from #9444 as the rotation style was in `RepoActionView` which won't be loaded on the action list page.

Manually tested and confirmed that the styling is effective on both `/org/repo/actions` and in the action log page (`.../runs/#/jobs/#/attempt/#`).

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reported-by: limiting-factor
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10656
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 web_src/css/actions.css                  |  9 +++++++++
 web_src/js/components/RepoActionView.vue | 10 ----------
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/web_src/css/actions.css b/web_src/css/actions.css
index f7d1340db4..3992253eef 100644
--- a/web_src/css/actions.css
+++ b/web_src/css/actions.css
@@ -98,3 +98,12 @@
     right: 0;
   }
 }
+
+.job-status-rotate {
+  animation: job-status-rotate-keyframes 1s linear infinite;
+}
+@keyframes job-status-rotate-keyframes {
+  100% {
+    transform: rotate(-360deg);
+  }
+}
diff --git a/web_src/js/components/RepoActionView.vue b/web_src/js/components/RepoActionView.vue
index aa2c4f6d2a..9e9fe81ab8 100644
--- a/web_src/js/components/RepoActionView.vue
+++ b/web_src/js/components/RepoActionView.vue
@@ -883,16 +883,6 @@ export default {
 
 <style>
 /* some elements are not managed by vue, so we need to use global style */
-.job-status-rotate {
-  animation: job-status-rotate-keyframes 1s linear infinite;
-}
-
-@keyframes job-status-rotate-keyframes {
-  100% {
-    transform: rotate(-360deg);
-  }
-}
-
 /* selectors here are intentionally exact to only match fullscreen */
 
 .full.height > .action-view-right {

From cf3fd8fa4c29ba773ab0270ed395b37b6d05891d Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 2 Jan 2026 02:54:18 +0100
Subject: [PATCH 082/854] Update module github.com/mattn/go-sqlite3 to v1.14.33
 (forgejo) (#10668)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `v1.14.32` -> `v1.14.33` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fmattn%2fgo-sqlite3/v1.14.33?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fmattn%2fgo-sqlite3/v1.14.32/v1.14.33?slim=true) |

---

### Release Notes

<details>
<summary>mattn/go-sqlite3 (github.com/mattn/go-sqlite3)</summary>

### [`v1.14.33`](https://github.com/mattn/go-sqlite3/compare/v1.14.32...v1.14.33)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.32...v1.14.33)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi42Ni4xMSIsInVwZGF0ZWRJblZlciI6IjQyLjY2LjExIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10668
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 470d13a566..655576183d 100644
--- a/go.mod
+++ b/go.mod
@@ -75,7 +75,7 @@ require (
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.80.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-sqlite3 v1.14.32
+	github.com/mattn/go-sqlite3 v1.14.33
 	github.com/meilisearch/meilisearch-go v0.34.0
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
diff --git a/go.sum b/go.sum
index 1e33b27333..c029923e1d 100644
--- a/go.sum
+++ b/go.sum
@@ -535,8 +535,8 @@ github.com/mattn/go-runewidth v0.0.17 h1:78v8ZlW0bP43XfmAfPsdXcoNCelfMHsDmd/pkEN
 github.com/mattn/go-runewidth v0.0.17/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/mattn/go-sqlite3 v1.14.32 h1:JD12Ag3oLy1zQA+BNn74xRgaBbdhbNIDYvQUEuuErjs=
-github.com/mattn/go-sqlite3 v1.14.32/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.33 h1:A5blZ5ulQo2AtayQ9/limgHEkFreKj1Dv226a1K73s0=
+github.com/mattn/go-sqlite3 v1.14.33/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/meilisearch/meilisearch-go v0.34.0 h1:P+Ohdx4/PCxXaoI5wNi0LMwPkuiNrF/kGIzBrKYS4tw=
 github.com/meilisearch/meilisearch-go v0.34.0/go.mod h1:cUVJZ2zMqTvvwIMEEAdsWH+zrHsrLpAw6gm8Lt1MXK0=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=

From 84d2df5b088e2909337af10d90ef22d375a97e4a Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 2 Jan 2026 05:28:14 +0100
Subject: [PATCH 083/854] Update dependency esbuild-loader to v4.4.2 (forgejo)
 (#10667)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10667
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index dcf87b01ae..2d74bda4a6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -25,7 +25,7 @@
         "dayjs": "1.11.18",
         "dropzone": "6.0.0-beta.2",
         "easymde": "2.18.0",
-        "esbuild-loader": "4.4.1",
+        "esbuild-loader": "4.4.2",
         "escape-goat": "4.0.0",
         "fast-glob": "3.3.3",
         "htmx.org": "2.0.8",
@@ -7325,9 +7325,9 @@
       }
     },
     "node_modules/esbuild-loader": {
-      "version": "4.4.1",
-      "resolved": "https://registry.npmjs.org/esbuild-loader/-/esbuild-loader-4.4.1.tgz",
-      "integrity": "sha512-aXMJpkrSKy/x4fvpB0uA7svGOBQFAkWvWdOtKuyWOXtUwruG3Rfr6jqjI/UKf4QDvcHjKQI6pnpKiOejpfE1jg==",
+      "version": "4.4.2",
+      "resolved": "https://registry.npmjs.org/esbuild-loader/-/esbuild-loader-4.4.2.tgz",
+      "integrity": "sha512-8LdoT9sC7fzfvhxhsIAiWhzLJr9yT3ggmckXxsgvM07wgrRxhuT98XhLn3E7VczU5W5AFsPKv9DdWcZIubbWkQ==",
       "license": "MIT",
       "dependencies": {
         "esbuild": "^0.27.1",
diff --git a/package.json b/package.json
index 24e7138402..984d7a7f02 100644
--- a/package.json
+++ b/package.json
@@ -24,7 +24,7 @@
     "dayjs": "1.11.18",
     "dropzone": "6.0.0-beta.2",
     "easymde": "2.18.0",
-    "esbuild-loader": "4.4.1",
+    "esbuild-loader": "4.4.2",
     "escape-goat": "4.0.0",
     "fast-glob": "3.3.3",
     "htmx.org": "2.0.8",

From 2faaa4c5b4bdadbe93b8e034aede57692ab49995 Mon Sep 17 00:00:00 2001
From: limiting-factor <limiting-factor@posteo.com>
Date: Fri, 2 Jan 2026 05:32:32 +0100
Subject: [PATCH 084/854] chore: move all test blank imports in a single
 package (#10662)

- Create `modules/testimport/import.go` to centralize blank import needed for tests (in order to run the `init` function)  to simplify maintenance.
- Remove the imports that are not needed.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10662
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: limiting-factor <limiting-factor@posteo.com>
Co-committed-by: limiting-factor <limiting-factor@posteo.com>
---
 models/activities/main_test.go                |  4 ----
 models/auth/main_test.go                      |  7 +------
 models/avatars/main_test.go                   |  4 ----
 models/db/main_test.go                        |  3 ---
 models/forgejo/semver/main_test.go            |  5 -----
 models/git/main_test.go                       |  5 -----
 models/issues/main_test.go                    |  6 ------
 models/main_test.go                           |  4 ----
 models/organization/main_test.go              |  8 +-------
 models/packages/debian/search_test.go         |  5 -----
 models/packages/main_test.go                  |  5 -----
 models/perm/access/main_test.go               |  7 -------
 models/project/main_test.go                   |  2 --
 models/quota/main_test.go                     |  5 -----
 models/repo/main_test.go                      |  8 +-------
 models/secret/main_test.go                    |  3 ---
 models/system/main_test.go                    |  6 ------
 models/user/main_test.go                      |  6 +-----
 modules/activitypub/main_test.go              |  5 -----
 modules/activitypub/user_settings_test.go     |  2 --
 modules/indexer/code/indexer_test.go          |  5 -----
 modules/indexer/issues/indexer_test.go        |  5 -----
 modules/indexer/stats/indexer_test.go         |  5 -----
 modules/repository/main_test.go               |  3 ---
 modules/templates/main_test.go                |  4 ----
 modules/testimport/import.go                  | 17 +++++++++++++++++
 routers/api/actions/runner/main_test.go       |  2 --
 services/actions/main_test.go                 |  4 ----
 services/attachment/attachment_test.go        |  3 ---
 services/convert/main_test.go                 |  3 ---
 services/feed/action_test.go                  |  3 ---
 services/forgejo/main_test.go                 |  5 -----
 services/gitdiff/main_test.go                 |  5 -----
 services/issue/comments_test.go               |  2 --
 services/issue/main_test.go                   |  2 --
 services/mailer/main_test.go                  |  2 +-
 services/moderation/main_test.go              |  3 ---
 services/pull/main_test.go                    |  3 ---
 services/redirect/main_test.go                |  5 -----
 services/release/release_test.go              |  3 ---
 services/repository/archiver/archiver_test.go |  3 ---
 services/repository/files/content_test.go     |  3 ---
 services/webhook/main_test.go                 |  4 ----
 services/wiki/wiki_test.go                    |  2 +-
 44 files changed, 23 insertions(+), 173 deletions(-)
 create mode 100644 modules/testimport/import.go

diff --git a/models/activities/main_test.go b/models/activities/main_test.go
index a5245ab1d3..403cf10c0f 100644
--- a/models/activities/main_test.go
+++ b/models/activities/main_test.go
@@ -7,10 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/auth/main_test.go b/models/auth/main_test.go
index b30db24483..5b8ca00831 100644
--- a/models/auth/main_test.go
+++ b/models/auth/main_test.go
@@ -8,12 +8,7 @@ import (
 
 	"forgejo.org/models/unittest"
 
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/auth"
-	_ "forgejo.org/models/forgefed"
-	_ "forgejo.org/models/perm/access"
+	_ "forgejo.org/modules/testimport"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/avatars/main_test.go b/models/avatars/main_test.go
index bdc66954b1..f8c90a09e6 100644
--- a/models/avatars/main_test.go
+++ b/models/avatars/main_test.go
@@ -7,10 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/perm/access"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/db/main_test.go b/models/db/main_test.go
index 4b06923950..77773b5d34 100644
--- a/models/db/main_test.go
+++ b/models/db/main_test.go
@@ -7,9 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/repo"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/forgejo/semver/main_test.go b/models/forgejo/semver/main_test.go
index dcc9d588cd..d4c75675ea 100644
--- a/models/forgejo/semver/main_test.go
+++ b/models/forgejo/semver/main_test.go
@@ -6,11 +6,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/git/main_test.go b/models/git/main_test.go
index 63a3c363ab..c0b444db8f 100644
--- a/models/git/main_test.go
+++ b/models/git/main_test.go
@@ -7,11 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/issues/main_test.go b/models/issues/main_test.go
index 05d854c964..c4057df9cc 100644
--- a/models/issues/main_test.go
+++ b/models/issues/main_test.go
@@ -9,12 +9,6 @@ import (
 	issues_model "forgejo.org/models/issues"
 	"forgejo.org/models/unittest"
 
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/repo"
-	_ "forgejo.org/models/user"
-
 	"github.com/stretchr/testify/require"
 )
 
diff --git a/models/main_test.go b/models/main_test.go
index 0edcf8f49d..1e4efb46e4 100644
--- a/models/main_test.go
+++ b/models/main_test.go
@@ -12,10 +12,6 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/forgefed"
-	_ "forgejo.org/models/system"
-
 	"github.com/stretchr/testify/require"
 )
 
diff --git a/models/organization/main_test.go b/models/organization/main_test.go
index dd10b60d30..5951e06299 100644
--- a/models/organization/main_test.go
+++ b/models/organization/main_test.go
@@ -8,13 +8,7 @@ import (
 
 	"forgejo.org/models/unittest"
 
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
-	_ "forgejo.org/models/organization"
-	_ "forgejo.org/models/repo"
-	_ "forgejo.org/models/user"
+	_ "forgejo.org/modules/testimport"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/packages/debian/search_test.go b/models/packages/debian/search_test.go
index 43cca6c4bd..15e454afc0 100644
--- a/models/packages/debian/search_test.go
+++ b/models/packages/debian/search_test.go
@@ -14,11 +14,6 @@ import (
 	"forgejo.org/modules/packages"
 	packages_service "forgejo.org/services/packages"
 
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/models/packages/main_test.go b/models/packages/main_test.go
index f9083d705d..35c37d4072 100644
--- a/models/packages/main_test.go
+++ b/models/packages/main_test.go
@@ -7,11 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/perm/access/main_test.go b/models/perm/access/main_test.go
index 0c27d022e0..6ae18dbf5e 100644
--- a/models/perm/access/main_test.go
+++ b/models/perm/access/main_test.go
@@ -7,13 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
-	_ "forgejo.org/models/repo"
-	_ "forgejo.org/models/user"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/project/main_test.go b/models/project/main_test.go
index eaa13bf309..55073c628d 100644
--- a/models/project/main_test.go
+++ b/models/project/main_test.go
@@ -7,8 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models/repo"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/quota/main_test.go b/models/quota/main_test.go
index ec0a0e0013..e752ecb690 100644
--- a/models/quota/main_test.go
+++ b/models/quota/main_test.go
@@ -7,11 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/repo/main_test.go b/models/repo/main_test.go
index 9fd1cacc97..3f7ab214fa 100644
--- a/models/repo/main_test.go
+++ b/models/repo/main_test.go
@@ -8,13 +8,7 @@ import (
 
 	"forgejo.org/models/unittest"
 
-	_ "forgejo.org/models" // register table model
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
-	_ "forgejo.org/models/perm/access" // register table model
-	_ "forgejo.org/models/repo"        // register table model
-	_ "forgejo.org/models/user"        // register table model
+	_ "forgejo.org/modules/testimport"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/secret/main_test.go b/models/secret/main_test.go
index 85bfec0c4f..ccf8b3ba41 100644
--- a/models/secret/main_test.go
+++ b/models/secret/main_test.go
@@ -7,9 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/activities"
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/system/main_test.go b/models/system/main_test.go
index ca2846527a..bd3406b986 100644
--- a/models/system/main_test.go
+++ b/models/system/main_test.go
@@ -7,12 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models" // register models
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
-	_ "forgejo.org/models/system" // register models of system
 )
 
 func TestMain(m *testing.M) {
diff --git a/models/user/main_test.go b/models/user/main_test.go
index f0dae086e0..902389fe06 100644
--- a/models/user/main_test.go
+++ b/models/user/main_test.go
@@ -8,11 +8,7 @@ import (
 
 	"forgejo.org/models/unittest"
 
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
-	_ "forgejo.org/models/user"
+	_ "forgejo.org/modules/testimport"
 )
 
 func TestMain(m *testing.M) {
diff --git a/modules/activitypub/main_test.go b/modules/activitypub/main_test.go
index c46c1759c1..a3f173f408 100644
--- a/modules/activitypub/main_test.go
+++ b/modules/activitypub/main_test.go
@@ -7,11 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/modules/activitypub/user_settings_test.go b/modules/activitypub/user_settings_test.go
index 475e761e69..f70b39d5ce 100644
--- a/modules/activitypub/user_settings_test.go
+++ b/modules/activitypub/user_settings_test.go
@@ -11,8 +11,6 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/activitypub"
 
-	_ "forgejo.org/models" // https://forum.gitea.com/t/testfixtures-could-not-clean-table-access-no-such-table-access/4137/4
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/modules/indexer/code/indexer_test.go b/modules/indexer/code/indexer_test.go
index 97f17b083f..87deaf928b 100644
--- a/modules/indexer/code/indexer_test.go
+++ b/modules/indexer/code/indexer_test.go
@@ -14,11 +14,6 @@ import (
 	"forgejo.org/modules/indexer/code/elasticsearch"
 	"forgejo.org/modules/indexer/code/internal"
 
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/modules/indexer/issues/indexer_test.go b/modules/indexer/issues/indexer_test.go
index 527627e0fc..99a09380e7 100644
--- a/modules/indexer/issues/indexer_test.go
+++ b/modules/indexer/issues/indexer_test.go
@@ -13,11 +13,6 @@ import (
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/modules/indexer/stats/indexer_test.go b/modules/indexer/stats/indexer_test.go
index a5899d2506..7d51d3f522 100644
--- a/modules/indexer/stats/indexer_test.go
+++ b/modules/indexer/stats/indexer_test.go
@@ -13,11 +13,6 @@ import (
 	"forgejo.org/modules/queue"
 	"forgejo.org/modules/setting"
 
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/modules/repository/main_test.go b/modules/repository/main_test.go
index 5906b10865..942a805638 100644
--- a/modules/repository/main_test.go
+++ b/modules/repository/main_test.go
@@ -7,9 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/modules/templates/main_test.go b/modules/templates/main_test.go
index 946bc603f6..422bc497d8 100644
--- a/modules/templates/main_test.go
+++ b/modules/templates/main_test.go
@@ -9,10 +9,6 @@ import (
 
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/markup"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/forgefed"
-	_ "forgejo.org/models/issues"
 )
 
 func TestMain(m *testing.M) {
diff --git a/modules/testimport/import.go b/modules/testimport/import.go
new file mode 100644
index 0000000000..cefa5b32a2
--- /dev/null
+++ b/modules/testimport/import.go
@@ -0,0 +1,17 @@
+// Copyright 2026 The Forgejo Authors
+// SPDX-License-Identifier: MIT
+
+package testimport
+
+// ensure the init() function of those modules are called in a test
+// environment that may not include them. It matters when the engine
+// is trying to figure out the ordering of foreign keys, for instance
+
+import ( //revive:disable:blank-imports
+	_ "forgejo.org/models/actions"
+	_ "forgejo.org/models/activities"
+	_ "forgejo.org/models/auth"
+	_ "forgejo.org/models/forgefed"
+	_ "forgejo.org/models/perm/access"
+	_ "forgejo.org/models/repo"
+)
diff --git a/routers/api/actions/runner/main_test.go b/routers/api/actions/runner/main_test.go
index 112ebe3cb6..e061521e92 100644
--- a/routers/api/actions/runner/main_test.go
+++ b/routers/api/actions/runner/main_test.go
@@ -7,8 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/services/actions/main_test.go b/services/actions/main_test.go
index 71ec1d3426..1151ab8f20 100644
--- a/services/actions/main_test.go
+++ b/services/actions/main_test.go
@@ -7,10 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/services/attachment/attachment_test.go b/services/attachment/attachment_test.go
index ef002bf16c..a6662b2837 100644
--- a/services/attachment/attachment_test.go
+++ b/services/attachment/attachment_test.go
@@ -13,9 +13,6 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/forgefed"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/services/convert/main_test.go b/services/convert/main_test.go
index 5915d16be4..e6d7a4a323 100644
--- a/services/convert/main_test.go
+++ b/services/convert/main_test.go
@@ -7,9 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/services/feed/action_test.go b/services/feed/action_test.go
index fd27bf32a9..51df063c52 100644
--- a/services/feed/action_test.go
+++ b/services/feed/action_test.go
@@ -18,9 +18,6 @@ import (
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
 
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/forgefed"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/services/forgejo/main_test.go b/services/forgejo/main_test.go
index 5523ed1aab..12d768cbcb 100644
--- a/services/forgejo/main_test.go
+++ b/services/forgejo/main_test.go
@@ -6,11 +6,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/services/gitdiff/main_test.go b/services/gitdiff/main_test.go
index cd7a6a4a6b..7deeef34c0 100644
--- a/services/gitdiff/main_test.go
+++ b/services/gitdiff/main_test.go
@@ -7,11 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/services/issue/comments_test.go b/services/issue/comments_test.go
index 0bf6d6db3e..1b307c2b45 100644
--- a/services/issue/comments_test.go
+++ b/services/issue/comments_test.go
@@ -18,8 +18,6 @@ import (
 	issue_service "forgejo.org/services/issue"
 	"forgejo.org/tests"
 
-	_ "forgejo.org/services/webhook"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/services/issue/main_test.go b/services/issue/main_test.go
index 673ec5e4cc..b54ff9ca02 100644
--- a/services/issue/main_test.go
+++ b/services/issue/main_test.go
@@ -9,8 +9,6 @@ import (
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/setting"
 	"forgejo.org/services/webhook"
-
-	_ "forgejo.org/models/actions"
 )
 
 func TestMain(m *testing.M) {
diff --git a/services/mailer/main_test.go b/services/mailer/main_test.go
index a42f487c32..eb998aa7ec 100644
--- a/services/mailer/main_test.go
+++ b/services/mailer/main_test.go
@@ -16,7 +16,7 @@ import (
 	"forgejo.org/modules/test"
 	"forgejo.org/modules/translation"
 
-	_ "forgejo.org/models/actions"
+	_ "forgejo.org/modules/testimport"
 
 	"github.com/stretchr/testify/assert"
 )
diff --git a/services/moderation/main_test.go b/services/moderation/main_test.go
index 3a268260d2..45de4cd7ab 100644
--- a/services/moderation/main_test.go
+++ b/services/moderation/main_test.go
@@ -7,9 +7,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models/forgefed"
-	_ "forgejo.org/models/moderation"
 )
 
 func TestMain(m *testing.M) {
diff --git a/services/pull/main_test.go b/services/pull/main_test.go
index 5262b5be50..ccbcd4b798 100644
--- a/services/pull/main_test.go
+++ b/services/pull/main_test.go
@@ -8,9 +8,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/services/redirect/main_test.go b/services/redirect/main_test.go
index 7363791caa..3b3992acfa 100644
--- a/services/redirect/main_test.go
+++ b/services/redirect/main_test.go
@@ -6,11 +6,6 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/activities"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/services/release/release_test.go b/services/release/release_test.go
index f03b4d42b8..2a593862ce 100644
--- a/services/release/release_test.go
+++ b/services/release/release_test.go
@@ -16,9 +16,6 @@ import (
 	"forgejo.org/modules/test"
 	"forgejo.org/services/attachment"
 
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/forgefed"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/services/repository/archiver/archiver_test.go b/services/repository/archiver/archiver_test.go
index 00d82267c9..1b9d062f1f 100644
--- a/services/repository/archiver/archiver_test.go
+++ b/services/repository/archiver/archiver_test.go
@@ -12,9 +12,6 @@ import (
 	"forgejo.org/modules/git"
 	"forgejo.org/services/contexttest"
 
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/forgefed"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/services/repository/files/content_test.go b/services/repository/files/content_test.go
index 8fc8f56b4f..da6c5552ef 100644
--- a/services/repository/files/content_test.go
+++ b/services/repository/files/content_test.go
@@ -13,9 +13,6 @@ import (
 	"forgejo.org/modules/gitrepo"
 	api "forgejo.org/modules/structs"
 
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/forgefed"
-
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/services/webhook/main_test.go b/services/webhook/main_test.go
index 97957291ca..6b781633bd 100644
--- a/services/webhook/main_test.go
+++ b/services/webhook/main_test.go
@@ -9,10 +9,6 @@ import (
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/hostmatcher"
 	"forgejo.org/modules/setting"
-
-	_ "forgejo.org/models"
-	_ "forgejo.org/models/actions"
-	_ "forgejo.org/models/forgefed"
 )
 
 func TestMain(m *testing.M) {
diff --git a/services/wiki/wiki_test.go b/services/wiki/wiki_test.go
index cb984425af..9471904e38 100644
--- a/services/wiki/wiki_test.go
+++ b/services/wiki/wiki_test.go
@@ -14,7 +14,7 @@ import (
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
 
-	_ "forgejo.org/models/actions"
+	_ "forgejo.org/modules/testimport"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

From 59c721d26b1a01e6e6ca812b63066a33e7e5e4da Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Fri, 2 Jan 2026 05:56:48 +0100
Subject: [PATCH 085/854] i18n(next): convert indention style to tabs: en,
 editorconfig (#10661)

Followup to #10659

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10661
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 .editorconfig                         |   5 +-
 options/locale_next/locale_en-US.json | 500 +++++++++++++-------------
 2 files changed, 252 insertions(+), 253 deletions(-)

diff --git a/.editorconfig b/.editorconfig
index 5476eb02fb..58daceb4f1 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -30,7 +30,6 @@ insert_final_newline = false
 [options/locale/locale_*.ini]
 insert_final_newline = false
 
-# Weblate JSON output defaults to four spaces
+# Weblate is configured to use one tab for indention
 [options/locale_next/locale_*.json]
-indent_style = space
-indent_size = 4
+indent_style = tab
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 8210009f97..73b2f5ec7f 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -1,252 +1,252 @@
 {
-    "home.welcome.no_activity": "No activity",
-    "home.welcome.activity_hint": "There is nothing in your feed yet. Your actions and activity from repositories that you watch will show up here.",
-    "home.explore_repos": "Explore repositories",
-    "home.explore_users": "Explore users",
-    "home.explore_orgs": "Explore organizations",
-    "fork.n_forks": {
-        "one": "%s fork",
-        "other": "%s forks"
-    },
-    "stars.list.none": "No one starred this repo.",
-    "stars.n_stars": {
-        "one": "%s star",
-        "other": "%s stars"
-    },
-    "watch.list.none": "No one is watching this repo.",
-    "watch.n_watchers": {
-        "one": "%s watcher",
-        "other": "%s watchers"
-    },
-    "followers.incoming.list.self.none": "No one is following your profile.",
-    "followers.incoming.list.none": "No one is following this user.",
-    "followers.outgoing.list.self.none": "You are not following anyone.",
-    "followers.outgoing.list.none": "%s isn't following anyone.",
-    "relativetime.now": "now",
-    "relativetime.future": "in future",
-    "relativetime.mins": {
-        "one": "%d minute ago",
-        "other": "%d minutes ago"
-    },
-    "relativetime.hours": {
-        "one": "%d hour ago",
-        "other": "%d hours ago"
-    },
-    "relativetime.days": {
-        "one": "%d day ago",
-        "other": "%d days ago"
-    },
-    "relativetime.weeks": {
-        "one": "%d week ago",
-        "other": "%d weeks ago"
-    },
-    "relativetime.months": {
-        "one": "%d month ago",
-        "other": "%d months ago"
-    },
-    "relativetime.years": {
-        "one": "%d year ago",
-        "other": "%d years ago"
-    },
-    "relativetime.1day": "yesterday",
-    "relativetime.2days": "two days ago",
-    "relativetime.1week": "last week",
-    "relativetime.2weeks": "two weeks ago",
-    "relativetime.1month": "last month",
-    "relativetime.2months": "two months ago",
-    "relativetime.1year": "last year",
-    "relativetime.2years": "two years ago",
-    "repo.issues.filter_poster.hint": "Filter by the author",
-    "repo.issues.filter_assignee.hint": "Filter by assigned user",
-    "repo.issues.filter_reviewers.hint": "Filter by user who reviewed",
-    "repo.issues.filter_mention.hint": "Filter by mentioned user",
-    "repo.issues.filter_modified.hint": "Filter by last modified date",
-    "repo.issues.filter_sort.hint": "Sort by: created/comments/updated/deadline",
-    "issues.updated": "updated %s",
-    "repo.pulls.poster_manage_approval": "Manage approval",
-    "repo.pulls.poster_requires_approval": "Some workflows are <a href=\"%[1]s\">waiting to be reviewed.</a>",
-    "repo.pulls.poster_requires_approval.tooltip": "The author of this pull request is not trusted to run workflows triggered by a pull request created from a forked repository or with AGit. The workflows triggered by a `pull_request` event will not run until they are approved.",
-    "repo.pulls.poster_is_trusted": "The author of this pull request is <a href=\"%[1]s\">always trusted to run workflows.</a>",
-    "repo.pulls.poster_is_trusted.tooltip": "The author of this pull request is explicitly trusted to run workflows triggered by `pull_request` events.",
-    "repo.pulls.poster_trust_deny": "Deny",
-    "repo.pulls.poster_trust_deny.tooltip": "The workflows waiting approval will be canceled.",
-    "repo.pulls.poster_trust_once": "Approve once",
-    "repo.pulls.poster_trust_once.tooltip": "The workflows triggered by a `pull_request` event will run on this commit but will need to be approved for all future commits pushed to this pull request.",
-    "repo.pulls.poster_trust_always": "Approve always",
-    "repo.pulls.poster_trust_always.tooltip": "The workflows triggered by a `pull_request` event will run on this commit and there will be no need to approve runs from this pull request or future pull requests authored by the same user.",
-    "repo.pulls.poster_trust_revoke": "Revoke",
-    "repo.pulls.poster_trust_revoke.tooltip": "The author of this pull request will no longer be trusted to run workflows triggered by a `pull_request` event, each run will have to be manually approved.",
-    "repo.pulls.already_merged": "Merge failed: This pull request has already been merged.",
-    "repo.pulls.merged_title_desc": {
-        "one": "merged %[1]d commit from <code>%[2]s</code> into <code>%[3]s</code> %[4]s",
-        "other": "merged %[1]d commits from <code>%[2]s</code> into <code>%[3]s</code> %[4]s"
-    },
-    "repo.pulls.title_desc": {
-        "one": "wants to merge %[1]d commit from <code>%[2]s</code> into <code id=\"%[4]s\">%[3]s</code>",
-        "other": "wants to merge %[1]d commits from <code>%[2]s</code> into <code id=\"%[4]s\">%[3]s</code>"
-    },
-    "repo.pulls.maintainers_can_edit": "Maintainers can edit this pull request.",
-    "repo.pulls.maintainers_cannot_edit": "Maintainers cannot edit this pull request.",
-    "repo.form.cannot_create": "All spaces in which you can create repositories have reached the limit of repositories.",
-    "migrate.form.error.url_credentials": "The URL contains credentials, put them in the username and password fields respectively",
-    "migrate.github.description": "Migrate data from github.com or GitHub Enterprise server.",
-    "migrate.git.description": "Migrate a repository only from any Git service.",
-    "migrate.gitea.description": "Migrate data from gitea.com or other Gitea instances.",
-    "migrate.gitlab.description": "Migrate data from gitlab.com or other GitLab instances.",
-    "migrate.gogs.description": "Migrate data from notabug.org or other Gogs instances.",
-    "migrate.onedev.description": "Migrate data from code.onedev.io or other OneDev instances.",
-    "migrate.gitbucket.description": "Migrate data from GitBucket instances.",
-    "migrate.codebase.description": "Migrate data from codebasehq.com.",
-    "migrate.forgejo.description": "Migrate data from codeberg.org or other Forgejo instances.",
-    "repo.issue_indexer.title": "Issue Indexer",
-    "search.milestone_kind": "Search milestones…",
-    "search.syntax": "Search syntax",
-    "search.fuzzy": "Fuzzy",
-    "search.fuzzy_tooltip": "Include results is an approximate match to the search term",
-    "repo.settings.push_mirror.branch_filter.label": "Branch filter (optional)",
-    "repo.settings.push_mirror.branch_filter.description": "Branches to be mirrored. Leave blank to mirror all branches. See <a href=\"%[1]s\">%[2]s documentation</a> for syntax. Examples: <code>main, release/*</code>",
-    "incorrect_root_url": "This Forgejo instance is configured to be served on \"%s\". You are currently viewing Forgejo through a different URL, which may cause parts of the application to break. The canonical URL is controlled by Forgejo admins via the ROOT_URL setting in the app.ini.",
-    "themes.names.forgejo-auto": "Forgejo (follow system theme)",
-    "themes.names.forgejo-light": "Forgejo light",
-    "themes.names.forgejo-dark": "Forgejo dark",
-    "error.not_found.title": "Page not found",
-    "warning.repository.out_of_sync": "The database representation of this repository is out of synchronization. If this warning is still shown after pushing a commit to this repository contact the administrator.",
-    "alert.asset_load_failed": "Failed to load asset files from {path}. Please make sure the asset files can be accessed.",
-    "alert.range_error": " must be a number between %[1]s and %[2]s.",
-    "install.invalid_lfs_path": "Unable to create the LFS root at the specified path: %[1]s",
-    "profile.actions.tooltip": "More actions",
-    "profile.edit.link": "Edit profile",
-    "feed.atom.link": "Atom feed",
-    "keys.ssh.link": "SSH keys",
-    "keys.gpg.link": "GPG keys",
-    "keys.verify.token.hint": "The token is only valid for 1 minute. <a href=\"%[1]s\">Get a new one if it expired</a>.",
-    "admin.config.moderation_config": "Moderation configuration",
-    "admin.moderation.moderation_reports": "Moderation reports",
-    "admin.moderation.reports": "Reports",
-    "admin.moderation.no_open_reports": "There are currently no open reports.",
-    "admin.moderation.deleted_content_ref": "Reported content with type %[1]v and id %[2]d no longer exists",
-    "moderation.report.mark_as_handled": "Mark as handled",
-    "moderation.report.mark_as_ignored": "Mark as ignored",
-    "moderation.action.account.delete": "Delete account",
-    "moderation.action.account.suspend": "Suspend account",
-    "moderation.action.repo.delete": "Delete repository",
-    "moderation.action.issue.delete": "Delete issue",
-    "moderation.action.comment.delete": "Delete comment",
-    "moderation.unknown_action": "Unknown action",
-    "moderation.users.cannot_suspend_self": "You cannot suspend yourself.",
-    "moderation.users.cannot_suspend_admins": "Users with admin privileges cannot be suspended.",
-    "moderation.users.cannot_suspend_org": "Organizations cannot be suspended.",
-    "moderation.users.already_suspended": "User account is already suspended.",
-    "moderation.users.suspend_success": "The user account has been suspended.",
-    "moderation.users.cannot_delete_admins": "Users with admin privileges cannot be deleted.",
-    "moderation.issue.deletion_success": "The issue has been deleted.",
-    "moderation.comment.deletion_success": "The comment has been deleted.",
-    "moderation.report_abuse": "Report abuse",
-    "moderation.report_content": "Report content",
-    "moderation.report_abuse_form.header": "Report abuse to administrator",
-    "moderation.report_abuse_form.details": "This form should be used to report users who create spam profiles, repositories, issues, comments or behave inappropriately.",
-    "moderation.report_abuse_form.invalid": "Invalid arguments",
-    "moderation.report_abuse_form.already_reported": "You've already reported this content",
-    "moderation.abuse_category": "Category",
-    "moderation.abuse_category.placeholder": "Select a category",
-    "moderation.abuse_category.spam": "Spam",
-    "moderation.abuse_category.malware": "Malware",
-    "moderation.abuse_category.illegal_content": "Illegal content",
-    "moderation.abuse_category.other_violations": "Other violations of platform rules",
-    "moderation.report_remarks": "Remarks",
-    "moderation.report_remarks.placeholder": "Please provide some details regarding the abuse you are reporting.",
-    "moderation.submit_report": "Submit report",
-    "moderation.reporting_failed": "Unable to submit the new abuse report: %v",
-    "moderation.reported_thank_you": "Thank you for your report. The administration has been made aware of it.",
-    "mail.actions.successful_run_after_failure_subject": "Workflow %[1]s recovered in repository %[2]s",
-    "mail.actions.not_successful_run_subject": "Workflow %[1]s failed in repository %[2]s",
-    "mail.actions.successful_run_after_failure": "Workflow %[1]s recovered in repository %[2]s",
-    "mail.actions.not_successful_run": "Workflow %[1]s failed in repository %[2]s",
-    "mail.actions.run_info_cur_status": "This Run's Status: %[1]s (just updated from %[2]s)",
-    "mail.actions.run_info_previous_status": "Previous Run's Status: %[1]s",
-    "mail.actions.run_info_sha": "Commit: %[1]s",
-    "mail.actions.run_info_trigger": "Triggered because: %[1]s by: %[2]s",
-    "mail.issue.action.close_by_commit": "%[1]s closed %[2]s in commit %[3]s.",
-    "repo.diff.commit.next-short": "Next",
-    "repo.diff.commit.previous-short": "Prev",
-    "discussion.locked": "This discussion has been locked. Commenting is limited to contributors.",
-    "discussion.sidebar.reference": "Reference",
-    "editor.textarea.tab_hint": "Line already indented. Press <kbd>Tab</kbd> again or <kbd>Escape</kbd> to leave the editor.",
-    "editor.textarea.shift_tab_hint": "No indentation on this line. Press <kbd>Shift</kbd> + <kbd>Tab</kbd> again or <kbd>Escape</kbd> to leave the editor.",
-    "admin.auths.allow_username_change": "Allow username change",
-    "admin.auths.allow_username_change.description": "Allow users to change their username in the profile settings",
-    "admin.dashboard.cleanup_offline_runners": "Cleanup offline runners",
-    "admin.dashboard.remove_resolved_reports": "Remove resolved reports",
-    "admin.dashboard.actions_action_user": "Revoke Forgejo Actions trust for inactive users",
-    "admin.dashboard.transfer_lingering_logs": "Transfer actions logs of finished actions jobs from the database to storage",
-    "admin.config.security": "Security configuration",
-    "admin.config.global_2fa_requirement.title": "Global two-factor requirement",
-    "admin.config.global_2fa_requirement.none": "No",
-    "admin.config.global_2fa_requirement.all": "All users",
-    "admin.config.global_2fa_requirement.admin": "Administrators",
-    "settings.visibility.description": "Profile visibility affects others' ability to access your non-private repositories. <a href=\"%s\" target=\"_blank\">Learn more</a>.",
-    "settings.twofa_unroll_unavailable": "Two-factor authentication is required for your account and cannot be disabled.",
-    "settings.twofa_reenroll": "Re-enroll two-factor authentication",
-    "settings.twofa_reenroll.description": "Re-enroll your two-factor authentication",
-    "settings.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts.",
-    "error.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts. Enable it at: %s",
-    "avatar.constraints_hint": "Custom avatar may not exceed %[1]s in size or be larger than %[2]dx%[3]d pixels",
-    "user.ghost.tooltip": "This user has been deleted, or cannot be matched.",
-    "og.repo.summary_card.alt_description": "Summary card of repository %[1]s, described as: %[2]s",
-    "repo.commit.load_tags_failed": "Load tags failed because of internal error",
-    "compare.branches.title": "Compare branches",
-    "migrate.pagure.description": "Migrate data from pagure.io or other Pagure instances.",
-    "migrate.pagure.incorrect_url": "Incorrect source repository URL has been provided",
-    "migrate.pagure.project_url": "Pagure project URL",
-    "migrate.pagure.project_example": "The Pagure project URL, e.g. https://pagure.io/pagure",
-    "migrate.pagure.token_label": "Pagure API Token",
-    "migrate.pagure.private_issues.summary": "Private Issues (Optional)",
-    "migrate.pagure.private_issues.description": "This feature is designed to create a second repository containing only private issues from your Pagure project for archive purposes. First, perform a normal migration (without a token) to import all public content. Then, if you have private issues to preserve, create a separate repository using this token option to archive those private issues.",
-    "migrate.pagure.private_issues.warning": "Be sure to set the repository visibility above to Private if you are using the API key to import private issues. This prevents accidentally exposing private content in a public repository.",
-    "migrate.pagure.token.placeholder": "Only for creating private issues archive",
-    "release.n_downloads": {
-        "one": "%s download",
-        "other": "%s downloads"
-    },
-    "actions.status.diagnostics.waiting": {
-        "one": "Waiting for a runner with the following label: %s",
-        "other": "Waiting for a runner with the following labels: %s"
-    },
-    "actions.runs.run_attempt_label": "Run attempt #%[1]s (%[2]s)",
-    "actions.runs.viewing_out_of_date_run": "You are viewing an out-of-date run of this job that was executed %[1]s.",
-    "actions.runs.view_most_recent_run": "View most recent run",
-    "actions.workflow.job_parsing_error": "Unable to parse jobs in workflow: %v",
-    "actions.workflow.event_detection_error": "Unable to parse supported events in workflow: %v",
-    "actions.workflow.persistent_incomplete_matrix": "Unable to evaluate `strategy.matrix` of job %[1]s due to a `needs` expression that was invalid. It may reference a job that is not in it's 'needs' list (%[2]s), or an output that doesn't exist on one of those jobs.",
-    "actions.workflow.incomplete_matrix_missing_job": "Unable to evaluate `strategy.matrix` of job %[1]s: job %[2]s is not in the `needs` list of job %[1]s (%[3]s).",
-    "actions.workflow.incomplete_matrix_missing_output": "Unable to evaluate `strategy.matrix` of job %[1]s: job %[2]s is missing output %[3]s.",
-    "actions.workflow.incomplete_matrix_unknown_cause": "Unable to evaluate `strategy.matrix` of job %[1]s: unknown error.",
-    "actions.workflow.incomplete_runson_missing_job": "Unable to evaluate `runs-on` of job %[1]s: job %[2]s is not in the `needs` list of job %[1]s (%[3]s).",
-    "actions.workflow.incomplete_runson_missing_output": "Unable to evaluate `runs-on` of job %[1]s: job %[2]s is missing output %[3]s.",
-    "actions.workflow.incomplete_runson_missing_matrix_dimension": "Unable to evaluate `runs-on` of job %[1]s: matrix dimension %[2]s does not exist.",
-    "actions.workflow.incomplete_runson_unknown_cause": "Unable to evaluate `runs-on` of job %[1]s: unknown error.",
-    "actions.workflow.incomplete_with_missing_job": "Unable to evaluate `with` of job %[1]s: job %[2]s is not in the `needs` list of job %[1]s (%[3]s).",
-    "actions.workflow.incomplete_with_missing_output": "Unable to evaluate `with` of job %[1]s: job %[2]s is missing output %[3]s.",
-    "actions.workflow.incomplete_with_missing_matrix_dimension": "Unable to evaluate `with` of job %[1]s: matrix dimension %[2]s does not exist.",
-    "actions.workflow.incomplete_with_unknown_cause": "Unable to evaluate `with` of job %[1]s: unknown error.",
-    "actions.workflow.pre_execution_error": "Workflow was not executed due to an error that blocked the execution attempt.",
-    "pulse.n_active_issues": {
-        "one": "%s active issue",
-        "other": "%s active issues"
-    },
-    "pulse.n_active_prs": {
-        "one": "%s active pull request",
-        "other": "%s active pull requests"
-    },
-    "teams.add_all_repos.modal.header": "Add all repositories",
-    "teams.remove_all_repos.modal.header": "Remove all repositories",
-    "pulls.manual_merge.helper": "Manual merge helper",
-    "pulls.manual_merge.helpder.description": "Use this merge commit message when completing the merge manually.",
-    "pulls.manual_merge.commit.title": "Merge commit title",
-    "pulls.manual_merge.commit.body": "Merge commit body",
-    "pulls.manual_merge.copy.button": "Copy merge commit message",
-    "admin.auths.oauth2_quota_group_claim_name": "Claim name providing group names for this source to be used for quota management. (Optional)",
-    "admin.auths.oauth2_quota_group_map": "Map claimed groups to quota groups. (Optional - requires claim name above)",
-    "admin.auths.oauth2_quota_group_map_removal": "Remove users from synchronized quota groups if user does not belong to corresponding group.",
-    "meta.last_line": "Thank you for translating Forgejo! This line isn't seen by the users but it serves other purposes in the translation management. You can place a fun fact in the translation instead of translating it."
+	"home.welcome.no_activity": "No activity",
+	"home.welcome.activity_hint": "There is nothing in your feed yet. Your actions and activity from repositories that you watch will show up here.",
+	"home.explore_repos": "Explore repositories",
+	"home.explore_users": "Explore users",
+	"home.explore_orgs": "Explore organizations",
+	"fork.n_forks": {
+		"one": "%s fork",
+		"other": "%s forks"
+	},
+	"stars.list.none": "No one starred this repo.",
+	"stars.n_stars": {
+		"one": "%s star",
+		"other": "%s stars"
+	},
+	"watch.list.none": "No one is watching this repo.",
+	"watch.n_watchers": {
+		"one": "%s watcher",
+		"other": "%s watchers"
+	},
+	"followers.incoming.list.self.none": "No one is following your profile.",
+	"followers.incoming.list.none": "No one is following this user.",
+	"followers.outgoing.list.self.none": "You are not following anyone.",
+	"followers.outgoing.list.none": "%s isn't following anyone.",
+	"relativetime.now": "now",
+	"relativetime.future": "in future",
+	"relativetime.mins": {
+		"one": "%d minute ago",
+		"other": "%d minutes ago"
+	},
+	"relativetime.hours": {
+		"one": "%d hour ago",
+		"other": "%d hours ago"
+	},
+	"relativetime.days": {
+		"one": "%d day ago",
+		"other": "%d days ago"
+	},
+	"relativetime.weeks": {
+		"one": "%d week ago",
+		"other": "%d weeks ago"
+	},
+	"relativetime.months": {
+		"one": "%d month ago",
+		"other": "%d months ago"
+	},
+	"relativetime.years": {
+		"one": "%d year ago",
+		"other": "%d years ago"
+	},
+	"relativetime.1day": "yesterday",
+	"relativetime.2days": "two days ago",
+	"relativetime.1week": "last week",
+	"relativetime.2weeks": "two weeks ago",
+	"relativetime.1month": "last month",
+	"relativetime.2months": "two months ago",
+	"relativetime.1year": "last year",
+	"relativetime.2years": "two years ago",
+	"repo.issues.filter_poster.hint": "Filter by the author",
+	"repo.issues.filter_assignee.hint": "Filter by assigned user",
+	"repo.issues.filter_reviewers.hint": "Filter by user who reviewed",
+	"repo.issues.filter_mention.hint": "Filter by mentioned user",
+	"repo.issues.filter_modified.hint": "Filter by last modified date",
+	"repo.issues.filter_sort.hint": "Sort by: created/comments/updated/deadline",
+	"issues.updated": "updated %s",
+	"repo.pulls.poster_manage_approval": "Manage approval",
+	"repo.pulls.poster_requires_approval": "Some workflows are <a href=\"%[1]s\">waiting to be reviewed.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "The author of this pull request is not trusted to run workflows triggered by a pull request created from a forked repository or with AGit. The workflows triggered by a `pull_request` event will not run until they are approved.",
+	"repo.pulls.poster_is_trusted": "The author of this pull request is <a href=\"%[1]s\">always trusted to run workflows.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "The author of this pull request is explicitly trusted to run workflows triggered by `pull_request` events.",
+	"repo.pulls.poster_trust_deny": "Deny",
+	"repo.pulls.poster_trust_deny.tooltip": "The workflows waiting approval will be canceled.",
+	"repo.pulls.poster_trust_once": "Approve once",
+	"repo.pulls.poster_trust_once.tooltip": "The workflows triggered by a `pull_request` event will run on this commit but will need to be approved for all future commits pushed to this pull request.",
+	"repo.pulls.poster_trust_always": "Approve always",
+	"repo.pulls.poster_trust_always.tooltip": "The workflows triggered by a `pull_request` event will run on this commit and there will be no need to approve runs from this pull request or future pull requests authored by the same user.",
+	"repo.pulls.poster_trust_revoke": "Revoke",
+	"repo.pulls.poster_trust_revoke.tooltip": "The author of this pull request will no longer be trusted to run workflows triggered by a `pull_request` event, each run will have to be manually approved.",
+	"repo.pulls.already_merged": "Merge failed: This pull request has already been merged.",
+	"repo.pulls.merged_title_desc": {
+		"one": "merged %[1]d commit from <code>%[2]s</code> into <code>%[3]s</code> %[4]s",
+		"other": "merged %[1]d commits from <code>%[2]s</code> into <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "wants to merge %[1]d commit from <code>%[2]s</code> into <code id=\"%[4]s\">%[3]s</code>",
+		"other": "wants to merge %[1]d commits from <code>%[2]s</code> into <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"repo.pulls.maintainers_can_edit": "Maintainers can edit this pull request.",
+	"repo.pulls.maintainers_cannot_edit": "Maintainers cannot edit this pull request.",
+	"repo.form.cannot_create": "All spaces in which you can create repositories have reached the limit of repositories.",
+	"migrate.form.error.url_credentials": "The URL contains credentials, put them in the username and password fields respectively",
+	"migrate.github.description": "Migrate data from github.com or GitHub Enterprise server.",
+	"migrate.git.description": "Migrate a repository only from any Git service.",
+	"migrate.gitea.description": "Migrate data from gitea.com or other Gitea instances.",
+	"migrate.gitlab.description": "Migrate data from gitlab.com or other GitLab instances.",
+	"migrate.gogs.description": "Migrate data from notabug.org or other Gogs instances.",
+	"migrate.onedev.description": "Migrate data from code.onedev.io or other OneDev instances.",
+	"migrate.gitbucket.description": "Migrate data from GitBucket instances.",
+	"migrate.codebase.description": "Migrate data from codebasehq.com.",
+	"migrate.forgejo.description": "Migrate data from codeberg.org or other Forgejo instances.",
+	"repo.issue_indexer.title": "Issue Indexer",
+	"search.milestone_kind": "Search milestones…",
+	"search.syntax": "Search syntax",
+	"search.fuzzy": "Fuzzy",
+	"search.fuzzy_tooltip": "Include results is an approximate match to the search term",
+	"repo.settings.push_mirror.branch_filter.label": "Branch filter (optional)",
+	"repo.settings.push_mirror.branch_filter.description": "Branches to be mirrored. Leave blank to mirror all branches. See <a href=\"%[1]s\">%[2]s documentation</a> for syntax. Examples: <code>main, release/*</code>",
+	"incorrect_root_url": "This Forgejo instance is configured to be served on \"%s\". You are currently viewing Forgejo through a different URL, which may cause parts of the application to break. The canonical URL is controlled by Forgejo admins via the ROOT_URL setting in the app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (follow system theme)",
+	"themes.names.forgejo-light": "Forgejo light",
+	"themes.names.forgejo-dark": "Forgejo dark",
+	"error.not_found.title": "Page not found",
+	"warning.repository.out_of_sync": "The database representation of this repository is out of synchronization. If this warning is still shown after pushing a commit to this repository contact the administrator.",
+	"alert.asset_load_failed": "Failed to load asset files from {path}. Please make sure the asset files can be accessed.",
+	"alert.range_error": " must be a number between %[1]s and %[2]s.",
+	"install.invalid_lfs_path": "Unable to create the LFS root at the specified path: %[1]s",
+	"profile.actions.tooltip": "More actions",
+	"profile.edit.link": "Edit profile",
+	"feed.atom.link": "Atom feed",
+	"keys.ssh.link": "SSH keys",
+	"keys.gpg.link": "GPG keys",
+	"keys.verify.token.hint": "The token is only valid for 1 minute. <a href=\"%[1]s\">Get a new one if it expired</a>.",
+	"admin.config.moderation_config": "Moderation configuration",
+	"admin.moderation.moderation_reports": "Moderation reports",
+	"admin.moderation.reports": "Reports",
+	"admin.moderation.no_open_reports": "There are currently no open reports.",
+	"admin.moderation.deleted_content_ref": "Reported content with type %[1]v and id %[2]d no longer exists",
+	"moderation.report.mark_as_handled": "Mark as handled",
+	"moderation.report.mark_as_ignored": "Mark as ignored",
+	"moderation.action.account.delete": "Delete account",
+	"moderation.action.account.suspend": "Suspend account",
+	"moderation.action.repo.delete": "Delete repository",
+	"moderation.action.issue.delete": "Delete issue",
+	"moderation.action.comment.delete": "Delete comment",
+	"moderation.unknown_action": "Unknown action",
+	"moderation.users.cannot_suspend_self": "You cannot suspend yourself.",
+	"moderation.users.cannot_suspend_admins": "Users with admin privileges cannot be suspended.",
+	"moderation.users.cannot_suspend_org": "Organizations cannot be suspended.",
+	"moderation.users.already_suspended": "User account is already suspended.",
+	"moderation.users.suspend_success": "The user account has been suspended.",
+	"moderation.users.cannot_delete_admins": "Users with admin privileges cannot be deleted.",
+	"moderation.issue.deletion_success": "The issue has been deleted.",
+	"moderation.comment.deletion_success": "The comment has been deleted.",
+	"moderation.report_abuse": "Report abuse",
+	"moderation.report_content": "Report content",
+	"moderation.report_abuse_form.header": "Report abuse to administrator",
+	"moderation.report_abuse_form.details": "This form should be used to report users who create spam profiles, repositories, issues, comments or behave inappropriately.",
+	"moderation.report_abuse_form.invalid": "Invalid arguments",
+	"moderation.report_abuse_form.already_reported": "You've already reported this content",
+	"moderation.abuse_category": "Category",
+	"moderation.abuse_category.placeholder": "Select a category",
+	"moderation.abuse_category.spam": "Spam",
+	"moderation.abuse_category.malware": "Malware",
+	"moderation.abuse_category.illegal_content": "Illegal content",
+	"moderation.abuse_category.other_violations": "Other violations of platform rules",
+	"moderation.report_remarks": "Remarks",
+	"moderation.report_remarks.placeholder": "Please provide some details regarding the abuse you are reporting.",
+	"moderation.submit_report": "Submit report",
+	"moderation.reporting_failed": "Unable to submit the new abuse report: %v",
+	"moderation.reported_thank_you": "Thank you for your report. The administration has been made aware of it.",
+	"mail.actions.successful_run_after_failure_subject": "Workflow %[1]s recovered in repository %[2]s",
+	"mail.actions.not_successful_run_subject": "Workflow %[1]s failed in repository %[2]s",
+	"mail.actions.successful_run_after_failure": "Workflow %[1]s recovered in repository %[2]s",
+	"mail.actions.not_successful_run": "Workflow %[1]s failed in repository %[2]s",
+	"mail.actions.run_info_cur_status": "This Run's Status: %[1]s (just updated from %[2]s)",
+	"mail.actions.run_info_previous_status": "Previous Run's Status: %[1]s",
+	"mail.actions.run_info_sha": "Commit: %[1]s",
+	"mail.actions.run_info_trigger": "Triggered because: %[1]s by: %[2]s",
+	"mail.issue.action.close_by_commit": "%[1]s closed %[2]s in commit %[3]s.",
+	"repo.diff.commit.next-short": "Next",
+	"repo.diff.commit.previous-short": "Prev",
+	"discussion.locked": "This discussion has been locked. Commenting is limited to contributors.",
+	"discussion.sidebar.reference": "Reference",
+	"editor.textarea.tab_hint": "Line already indented. Press <kbd>Tab</kbd> again or <kbd>Escape</kbd> to leave the editor.",
+	"editor.textarea.shift_tab_hint": "No indentation on this line. Press <kbd>Shift</kbd> + <kbd>Tab</kbd> again or <kbd>Escape</kbd> to leave the editor.",
+	"admin.auths.allow_username_change": "Allow username change",
+	"admin.auths.allow_username_change.description": "Allow users to change their username in the profile settings",
+	"admin.dashboard.cleanup_offline_runners": "Cleanup offline runners",
+	"admin.dashboard.remove_resolved_reports": "Remove resolved reports",
+	"admin.dashboard.actions_action_user": "Revoke Forgejo Actions trust for inactive users",
+	"admin.dashboard.transfer_lingering_logs": "Transfer actions logs of finished actions jobs from the database to storage",
+	"admin.config.security": "Security configuration",
+	"admin.config.global_2fa_requirement.title": "Global two-factor requirement",
+	"admin.config.global_2fa_requirement.none": "No",
+	"admin.config.global_2fa_requirement.all": "All users",
+	"admin.config.global_2fa_requirement.admin": "Administrators",
+	"settings.visibility.description": "Profile visibility affects others' ability to access your non-private repositories. <a href=\"%s\" target=\"_blank\">Learn more</a>.",
+	"settings.twofa_unroll_unavailable": "Two-factor authentication is required for your account and cannot be disabled.",
+	"settings.twofa_reenroll": "Re-enroll two-factor authentication",
+	"settings.twofa_reenroll.description": "Re-enroll your two-factor authentication",
+	"settings.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts.",
+	"error.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts. Enable it at: %s",
+	"avatar.constraints_hint": "Custom avatar may not exceed %[1]s in size or be larger than %[2]dx%[3]d pixels",
+	"user.ghost.tooltip": "This user has been deleted, or cannot be matched.",
+	"og.repo.summary_card.alt_description": "Summary card of repository %[1]s, described as: %[2]s",
+	"repo.commit.load_tags_failed": "Load tags failed because of internal error",
+	"compare.branches.title": "Compare branches",
+	"migrate.pagure.description": "Migrate data from pagure.io or other Pagure instances.",
+	"migrate.pagure.incorrect_url": "Incorrect source repository URL has been provided",
+	"migrate.pagure.project_url": "Pagure project URL",
+	"migrate.pagure.project_example": "The Pagure project URL, e.g. https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Pagure API Token",
+	"migrate.pagure.private_issues.summary": "Private Issues (Optional)",
+	"migrate.pagure.private_issues.description": "This feature is designed to create a second repository containing only private issues from your Pagure project for archive purposes. First, perform a normal migration (without a token) to import all public content. Then, if you have private issues to preserve, create a separate repository using this token option to archive those private issues.",
+	"migrate.pagure.private_issues.warning": "Be sure to set the repository visibility above to Private if you are using the API key to import private issues. This prevents accidentally exposing private content in a public repository.",
+	"migrate.pagure.token.placeholder": "Only for creating private issues archive",
+	"release.n_downloads": {
+		"one": "%s download",
+		"other": "%s downloads"
+	},
+	"actions.status.diagnostics.waiting": {
+		"one": "Waiting for a runner with the following label: %s",
+		"other": "Waiting for a runner with the following labels: %s"
+	},
+	"actions.runs.run_attempt_label": "Run attempt #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "You are viewing an out-of-date run of this job that was executed %[1]s.",
+	"actions.runs.view_most_recent_run": "View most recent run",
+	"actions.workflow.job_parsing_error": "Unable to parse jobs in workflow: %v",
+	"actions.workflow.event_detection_error": "Unable to parse supported events in workflow: %v",
+	"actions.workflow.persistent_incomplete_matrix": "Unable to evaluate `strategy.matrix` of job %[1]s due to a `needs` expression that was invalid. It may reference a job that is not in it's 'needs' list (%[2]s), or an output that doesn't exist on one of those jobs.",
+	"actions.workflow.incomplete_matrix_missing_job": "Unable to evaluate `strategy.matrix` of job %[1]s: job %[2]s is not in the `needs` list of job %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Unable to evaluate `strategy.matrix` of job %[1]s: job %[2]s is missing output %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Unable to evaluate `strategy.matrix` of job %[1]s: unknown error.",
+	"actions.workflow.incomplete_runson_missing_job": "Unable to evaluate `runs-on` of job %[1]s: job %[2]s is not in the `needs` list of job %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Unable to evaluate `runs-on` of job %[1]s: job %[2]s is missing output %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Unable to evaluate `runs-on` of job %[1]s: matrix dimension %[2]s does not exist.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Unable to evaluate `runs-on` of job %[1]s: unknown error.",
+	"actions.workflow.incomplete_with_missing_job": "Unable to evaluate `with` of job %[1]s: job %[2]s is not in the `needs` list of job %[1]s (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "Unable to evaluate `with` of job %[1]s: job %[2]s is missing output %[3]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Unable to evaluate `with` of job %[1]s: matrix dimension %[2]s does not exist.",
+	"actions.workflow.incomplete_with_unknown_cause": "Unable to evaluate `with` of job %[1]s: unknown error.",
+	"actions.workflow.pre_execution_error": "Workflow was not executed due to an error that blocked the execution attempt.",
+	"pulse.n_active_issues": {
+		"one": "%s active issue",
+		"other": "%s active issues"
+	},
+	"pulse.n_active_prs": {
+		"one": "%s active pull request",
+		"other": "%s active pull requests"
+	},
+	"teams.add_all_repos.modal.header": "Add all repositories",
+	"teams.remove_all_repos.modal.header": "Remove all repositories",
+	"pulls.manual_merge.helper": "Manual merge helper",
+	"pulls.manual_merge.helpder.description": "Use this merge commit message when completing the merge manually.",
+	"pulls.manual_merge.commit.title": "Merge commit title",
+	"pulls.manual_merge.commit.body": "Merge commit body",
+	"pulls.manual_merge.copy.button": "Copy merge commit message",
+	"admin.auths.oauth2_quota_group_claim_name": "Claim name providing group names for this source to be used for quota management. (Optional)",
+	"admin.auths.oauth2_quota_group_map": "Map claimed groups to quota groups. (Optional - requires claim name above)",
+	"admin.auths.oauth2_quota_group_map_removal": "Remove users from synchronized quota groups if user does not belong to corresponding group.",
+	"meta.last_line": "Thank you for translating Forgejo! This line isn't seen by the users but it serves other purposes in the translation management. You can place a fun fact in the translation instead of translating it."
 }

From 9d6ae1471eee19109d1250ce5294439cfba073d0 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 2 Jan 2026 15:26:11 +0100
Subject: [PATCH 086/854] fix: re-running an expanded reusable workflow causes
 duplicate "attempt 1" job (#10666)

Placeholder tasks, which are used to store the outputs of a reusable workflow, were hard coded to always have attempt 1.  If you executed "Re-run all jobs" with a reusable workflow, a second placeholder task would be created with the same attempt, which caused: (a) Forgejo to not know which attempt, and therefore which outputs, were valid, and (b) the UI to be stuck in "You are viewing an out-of-date run of this job..." when viewing the job.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10666
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/task.go                        |  8 ++--
 models/actions/task_test.go                   |  2 +-
 .../action_run.yml                            | 20 +++++++++
 .../action_run_job.yml                        | 36 ++++++++++++++++
 .../action_task.yml                           | 12 ++++++
 .../action_task_output.yml                    | 43 +++++++++++++++++++
 services/actions/job_emitter.go               |  6 ++-
 services/actions/job_emitter_test.go          | 29 ++++++++++---
 8 files changed, 145 insertions(+), 11 deletions(-)
 create mode 100644 services/actions/Test_tryHandleWorkflowCallOuterJob/action_task.yml

diff --git a/models/actions/task.go b/models/actions/task.go
index 517beee999..45f1643989 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -421,12 +421,14 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask
 	return task, true, nil
 }
 
-// Placeholder tasks are created when the status/content of an `ActionRunJob` is resolved by Forgejo without dispatch to
-// a runner, specifically in the case of a workflow call's outer job.
+// Placeholder tasks are created when the status/content of an [ActionRunJob] is resolved by Forgejo without dispatch to
+// a runner, specifically in the case of a workflow call's outer job. It is the responsibility of the caller to
+// increment the job's Attempt field before invoking this method, and to update that field in the database, so that
+// reruns can function for placeholder tasks and provide updated outputs.
 func CreatePlaceholderTask(ctx context.Context, job *ActionRunJob, outputs map[string]string) (*ActionTask, error) {
 	actionTask := &ActionTask{
 		JobID:             job.ID,
-		Attempt:           1,
+		Attempt:           job.Attempt,
 		Started:           timeutil.TimeStampNow(),
 		Stopped:           timeutil.TimeStampNow(),
 		Status:            job.Status,
diff --git a/models/actions/task_test.go b/models/actions/task_test.go
index 831a8bc3dc..08006e6b7b 100644
--- a/models/actions/task_test.go
+++ b/models/actions/task_test.go
@@ -58,7 +58,7 @@ func TestActionTask_CreatePlaceholderTask(t *testing.T) {
 
 	assert.NotEqualValues(t, 0, task.ID)
 	assert.Equal(t, job.ID, task.JobID)
-	assert.EqualValues(t, 1, task.Attempt)
+	assert.EqualValues(t, 0, task.Attempt)
 	assert.NotEqualValues(t, 0, task.Started)
 	assert.NotEqualValues(t, 0, task.Stopped)
 	assert.Equal(t, job.Status, task.Status)
diff --git a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run.yml b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run.yml
index 0cb546b3aa..7d4a59b0a3 100644
--- a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run.yml
+++ b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run.yml
@@ -17,3 +17,23 @@
   updated: 1683636626
   need_approval: 0
   approved_by: 0
+
+# Case w/ action_run_job.id = 603
+-
+  id: 901
+  title: "running workflow_dispatch run"
+  owner_id: 2
+  repo_id: 63
+  workflow_id: "running.yaml"
+  index: 5
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
diff --git a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml
index c0e55fd1a4..03449040ca 100644
--- a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml
+++ b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml
@@ -48,3 +48,39 @@
   status: 1 # success
   job_id: outer-job.inner-job
   task_id: 100
+
+# Case w/ action_run_job.id = 603 -- functionality of this is a duplicate of case 601 but it has already been executed
+# (attempt = 1) and we're testing that the updated outputs from the rerun are stored.
+-
+  id: 603
+  run_id: 901
+  attempt: 1
+  status: 1 # success
+  started: 1683636528
+  needs: ["outer-job.inner-job"]
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      outer-job:
+        name: outer-job
+        if: false
+        uses: ./.forgjeo/workflows/reusable.yml
+        outputs:
+          from_inner_job: ${{ needs['outer-job.inner-job'].outputs.my_output }}
+          from_inner_job_result: ${{ needs['outer-job.inner-job'].result }}
+          from_forgejo_ctx: ${{ forgejo.ref }}
+          from_input_ctx: ${{ inputs.wc_input }}!
+          from_vars_repo: ${{ vars.repo_var }}
+          from_vars_org: ${{ vars.org_var }}
+          from_vars_global: ${{ vars.global_var }}
+    __metadata:
+      workflow_call_inputs:
+        wc_input: 'hello, world'
+      workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+- # inner job of run 603
+  id: 604
+  run_id: 901
+  status: 1 # success
+  job_id: outer-job.inner-job
+  task_id: 101
diff --git a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_task.yml b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_task.yml
new file mode 100644
index 0000000000..8781278efd
--- /dev/null
+++ b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_task.yml
@@ -0,0 +1,12 @@
+# Case w/ action_run_job.id = 603 -- this is the placeholder task from attempt 1
+-
+  id: 58
+  attempt: 1
+  runner_id: 1
+  status: 1 # success
+  started: 1683636528
+  stopped: 1683636626
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: false
diff --git a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_task_output.yml b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_task_output.yml
index 9bf82649c1..1383c5be16 100644
--- a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_task_output.yml
+++ b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_task_output.yml
@@ -4,3 +4,46 @@
   task_id: 100
   output_key: my_output
   output_value: 'abcdefghijklmnopqrstuvwxyz'
+
+# Case w/ action_run_job.id = 603 -- outputs from a previous attempt
+-
+  id: 101
+  task_id: 58
+  output_key: from_inner_job
+  output_value: obsolete value
+-
+  id: 102
+  task_id: 58
+  output_key: from_inner_job_result
+  output_value: obsolete value
+-
+  id: 103
+  task_id: 58
+  output_key: from_forgejo_ctx
+  output_value: obsolete value
+-
+  id: 104
+  task_id: 58
+  output_key: from_input_ctx
+  output_value: obsolete value
+-
+  id: 105
+  task_id: 58
+  output_key: from_vars_repo
+  output_value: obsolete value
+-
+  id: 106
+  task_id: 58
+  output_key: from_vars_org
+  output_value: obsolete value
+-
+  id: 107
+  task_id: 58
+  output_key: from_vars_global
+  output_value: obsolete value
+# Case w/ action_run_job.id = 603 -- input from another job...
+-
+  id: 108
+  task_id: 101
+  output_key: my_output
+  output_value: 'abcdefghijklmnopqrstuvwxyz'
diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index f1e9d21cbb..389b19ac92 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -523,12 +523,14 @@ func tryHandleWorkflowCallOuterJob(ctx context.Context, job *actions_model.Actio
 	)
 
 	// Insert a placeholder task with all the computed outputs
+	job.Attempt++
 	actionTask, err := actions_model.CreatePlaceholderTask(ctx, job, outputs)
 	if err != nil {
 		return nil, fmt.Errorf("failure to insert placeholder task: %w", err)
 	}
 
-	// Populate task_id and ask caller to update it in DB:
+	// Populate task_id and ask caller to update it in DB.
+	// Update previously incremented attempt field as well.
 	job.TaskID = actionTask.ID
-	return []string{"task_id"}, nil
+	return []string{"task_id", "attempt"}, nil
 }
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index 767d5bdca4..6b8ccca6f9 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -672,10 +672,11 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 
 func Test_tryHandleWorkflowCallOuterJob(t *testing.T) {
 	tests := []struct {
-		name         string
-		runJobID     int64
-		updateFields []string
-		outputs      map[string]string
+		name            string
+		runJobID        int64
+		updateFields    []string
+		outputs         map[string]string
+		expectedAttempt int
 	}{
 		{
 			name:     "not workflow call outer job",
@@ -684,7 +685,7 @@ func Test_tryHandleWorkflowCallOuterJob(t *testing.T) {
 		{
 			name:         "outputs for every context",
 			runJobID:     601,
-			updateFields: []string{"task_id"},
+			updateFields: []string{"task_id", "attempt"},
 			outputs: map[string]string{
 				"from_inner_job":        "abcdefghijklmnopqrstuvwxyz",
 				"from_inner_job_result": "success",
@@ -694,6 +695,22 @@ func Test_tryHandleWorkflowCallOuterJob(t *testing.T) {
 				"from_vars_org":         "this is an org variable",
 				"from_vars_global":      "this is a global variable",
 			},
+			expectedAttempt: 1,
+		},
+		{
+			name:         "attempt 2 rerun task",
+			runJobID:     603,
+			updateFields: []string{"task_id", "attempt"},
+			outputs: map[string]string{
+				"from_inner_job":        "abcdefghijklmnopqrstuvwxyz",
+				"from_inner_job_result": "success",
+				"from_forgejo_ctx":      "refs/heads/main",
+				"from_input_ctx":        "hello, world!",
+				"from_vars_repo":        "this is a repo variable",
+				"from_vars_org":         "this is an org variable",
+				"from_vars_global":      "this is a global variable",
+			},
+			expectedAttempt: 2,
 		},
 	}
 	for _, tt := range tests {
@@ -709,6 +726,8 @@ func Test_tryHandleWorkflowCallOuterJob(t *testing.T) {
 			assert.Equal(t, tt.updateFields, updateFields)
 
 			if tt.updateFields != nil {
+				assert.EqualValues(t, tt.expectedAttempt, outerJob.Attempt)
+
 				// TaskID expected to be set by tryHandleWorkflowCallOuterJob
 				require.NotEqualValues(t, 0, outerJob.TaskID)
 

From fa5a52b9834adbcbc45b781e69e042bb9e2884d8 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 2 Jan 2026 17:11:12 +0100
Subject: [PATCH 087/854] fix: simultaneously experiencing a PreExecutionError
 and unblocking a different job causes error blocking job emitter queue
 (#10665)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In a workflow such as:
```yaml
jobs:
  define-matrix:
    runs-on: docker
    outputs:
      array-value: ${{ steps.define.outputs.array }}
    steps:
      - id: define
        run: |
          echo 'array=["value 1", "value 2"]' >> "$FORGEJO_OUTPUT"

  array-job:
    runs-on: docker
    needs: define-matrix
    strategy:
      matrix:
        array: ${{ fromJSON(needs.define-matrix.outputs.array-value-oops-i-made-an-error-here) }}
    steps: # ...

  other-job:
    runs-on: docker
    needs: define-matrix
    steps: # .... ${{ needs.define-matrix.outputs.array-value }}
```

After the job `define-matrix` is done, an error will be triggered because `array-value-oops-i-made-an-error-here` is not a valid output, and so `array-job` can't be figured out.  When the job emitter triggers that error and stores it in the database, it will mark all the jobs in the workflow as failed (`FailRunPreExecutionError()`) in order to ensure that no blocked jobs remain and appear stuck forever.

However, `other-job` is also unblocked by `job_emitter.go` because it's dependency of `define-matrix` is now complete.  After the error occurs, job emitter will attempt to unblock `other-job` and the conditional `UpdateRunJob` will fail because the condition `"status": StatusBlocked` is no longer true:

https://codeberg.org/forgejo/forgejo/src/commit/0af52cdca24dbf0d9e62a0551f6fc2d7919e68fd/services/actions/job_emitter.go#L88-L92

This causes an error, and that error rolls back the transaction in `checkJobsOfRun`, and that causes job emitter's queue to constantly retry the same work which has the same outcome each time.

This fix tells `checkJobsOfRun` that an error occurred that prevents all jobs in the run from progressing, and therefore no updates need to proceed.

Discovered while authoring https://code.forgejo.org/forgejo/end-to-end/pulls/1367 and causing an error unintentionally. 🤣

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10665
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 services/actions/job_emitter.go      | 77 +++++++++++++++++++---------
 services/actions/job_emitter_test.go | 10 ++--
 2 files changed, 57 insertions(+), 30 deletions(-)

diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index 389b19ac92..61e77744c9 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -70,11 +70,21 @@ func checkJobsOfRun(ctx context.Context, runID int64) error {
 				updateColumns := []string{"status"}
 
 				if status == actions_model.StatusWaiting {
-					ignore, err := tryHandleIncompleteMatrix(ctx, job, jobs)
-					if err != nil {
+					behaviour, err := tryHandleIncompleteMatrix(ctx, job, jobs)
+					switch behaviour {
+					case behaviourError:
 						return fmt.Errorf("error in tryHandleIncompleteMatrix: %w", err)
-					} else if ignore {
+
+					case behaviourExecuteJob:
+						// Intentional blank case -- proceed with updating the status of the job to waiting.
+
+					case behaviourIgnoreJob:
+						// Skip updating this job's status to waiting, continue with other jobs in the run.
 						continue
+
+					case behaviourIgnoreAllJobsInRun:
+						// Stop processing any other jobs in this run.
+						return nil
 					}
 				} else if status == actions_model.StatusSuccess || status == actions_model.StatusFailure {
 					// Transition to these states can be triggered by workflow call outer jobs
@@ -211,31 +221,47 @@ func (r *jobStatusResolver) resolve() map[int64]actions_model.Status {
 	return ret
 }
 
+type behaviour int
+
+const (
+	// behaviourError is used to indicate that there's no relevant behaviour due to an internal server error.
+	behaviourError behaviour = iota
+
+	// behaviourExecuteJob indicates that the job is ready to be unblocked as normal.
+	behaviourExecuteJob
+
+	// behaviourIgnoreJob indicates that the job should not be unblocked, and should instead be ignored.
+	behaviourIgnoreJob
+
+	// behaviourIgnoreAllJobsInRun indicates that something went wrong and all jobs in the run should now be ignored.
+	behaviourIgnoreAllJobsInRun
+)
+
 // Invoked once a job has all its `needs` parameters met and is ready to transition to waiting, this may expand the
 // job's `strategy.matrix` into multiple new jobs.
-func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.ActionRunJob, jobsInRun []*actions_model.ActionRunJob) (bool, error) {
+func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.ActionRunJob, jobsInRun []*actions_model.ActionRunJob) (behaviour, error) {
 	incompleteMatrix, _, err := blockedJob.HasIncompleteMatrix()
 	if err != nil {
-		return false, fmt.Errorf("job HasIncompleteMatrix: %w", err)
+		return behaviourError, fmt.Errorf("job HasIncompleteMatrix: %w", err)
 	}
 
 	incompleteRunsOn, _, _, err := blockedJob.HasIncompleteRunsOn()
 	if err != nil {
-		return false, fmt.Errorf("job HasIncompleteRunsOn: %w", err)
+		return behaviourError, fmt.Errorf("job HasIncompleteRunsOn: %w", err)
 	}
 
 	incompleteWith, _, _, err := blockedJob.HasIncompleteWith()
 	if err != nil {
-		return false, fmt.Errorf("job HasIncompleteWith: %w", err)
+		return behaviourError, fmt.Errorf("job HasIncompleteWith: %w", err)
 	}
 
 	if !incompleteMatrix && !incompleteRunsOn && !incompleteWith {
 		// Not relevant to attempt re-parsing the job if it wasn't marked as Incomplete[...] previously.
-		return false, nil
+		return behaviourExecuteJob, nil
 	}
 
 	if err := blockedJob.LoadRun(ctx); err != nil {
-		return false, fmt.Errorf("failure LoadRun in tryHandleIncompleteMatrix: %w", err)
+		return behaviourError, fmt.Errorf("failure LoadRun in tryHandleIncompleteMatrix: %w", err)
 	}
 
 	// Compute jobOutputs for all the other jobs required as needed by this job:
@@ -247,13 +273,13 @@ func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.Ac
 		} else if !job.Status.IsDone() {
 			// Unexpected: `job` is needed by `blockedJob` but it isn't done; `jobStatusResolver` shouldn't be calling
 			// `tryHandleIncompleteMatrix` in this case.
-			return false, fmt.Errorf(
+			return behaviourError, fmt.Errorf(
 				"jobStatusResolver attempted to tryHandleIncompleteMatrix for a job (id=%d) with an incomplete 'needs' job (id=%d)", blockedJob.ID, job.ID)
 		}
 
 		outputs, err := actions_model.FindTaskOutputByTaskID(ctx, job.TaskID)
 		if err != nil {
-			return false, fmt.Errorf("failed loading task outputs: %w", err)
+			return behaviourError, fmt.Errorf("failed loading task outputs: %w", err)
 		}
 
 		outputsMap := make(map[string]string, len(outputs))
@@ -283,10 +309,10 @@ func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.Ac
 			blockedJob.Run,
 			actions_model.ErrorCodeJobParsingError,
 			[]any{err.Error()}); err != nil {
-			return false, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
+			return behaviourError, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
 		}
-		// Return `true` to skip running this job in this invalid state
-		return true, nil
+		// `FailRunPreExecutionError` will mark all the pending runs in the job failed; ignore all of them.
+		return behaviourIgnoreAllJobsInRun, nil
 	}
 
 	// Even though every job in the `needs` list is done, perform a consistency check if the job was still unable to be
@@ -303,24 +329,24 @@ func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.Ac
 			if swf.IncompleteMatrix {
 				errorCode, errorDetails := persistentIncompleteMatrixError(blockedJob, swf.IncompleteMatrixNeeds)
 				if err := FailRunPreExecutionError(ctx, blockedJob.Run, errorCode, errorDetails); err != nil {
-					return false, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
+					return behaviourError, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
 				}
-				// Return `true` to skip running this job in this invalid state
-				return true, nil
+				// `FailRunPreExecutionError` will mark all the pending runs in the job failed; ignore all of them.
+				return behaviourIgnoreAllJobsInRun, nil
 			} else if swf.IncompleteRunsOn {
 				errorCode, errorDetails := persistentIncompleteRunsOnError(blockedJob, swf.IncompleteRunsOnNeeds, swf.IncompleteRunsOnMatrix)
 				if err := FailRunPreExecutionError(ctx, blockedJob.Run, errorCode, errorDetails); err != nil {
-					return false, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
+					return behaviourError, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
 				}
-				// Return `true` to skip running this job in this invalid state
-				return true, nil
+				// `FailRunPreExecutionError` will mark all the pending runs in the job failed; ignore all of them.
+				return behaviourIgnoreAllJobsInRun, nil
 			} else if swf.IncompleteWith {
 				errorCode, errorDetails := persistentIncompleteWithError(blockedJob, swf.IncompleteWithNeeds, swf.IncompleteWithMatrix)
 				if err := FailRunPreExecutionError(ctx, blockedJob.Run, errorCode, errorDetails); err != nil {
-					return false, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
+					return behaviourError, fmt.Errorf("setting run into PreExecutionError state failed: %w", err)
 				}
-				// Return `true` to skip running this job in this invalid state
-				return true, nil
+				// `FailRunPreExecutionError` will mark all the pending runs in the job failed; ignore all of them.
+				return behaviourIgnoreAllJobsInRun, nil
 			}
 		}
 	}
@@ -342,9 +368,10 @@ func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.Ac
 		return nil
 	})
 	if err != nil {
-		return false, err
+		return behaviourError, err
 	}
-	return true, nil
+	// job was deleted after it was replaced with one-or-more new jobs, so ignore it.
+	return behaviourIgnoreJob, nil
 }
 
 func persistentIncompleteMatrixError(job *actions_model.ActionRunJob, incompleteNeeds *jobparser.IncompleteNeeds) (actions_model.PreExecutionError, []any) {
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index 6b8ccca6f9..754e29cc7f 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -581,14 +581,14 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 			jobsInRun, err := db.Find[actions_model.ActionRunJob](t.Context(), actions_model.FindRunJobOptions{RunID: blockedJob.RunID})
 			require.NoError(t, err)
 
-			skip, err := tryHandleIncompleteMatrix(t.Context(), blockedJob, jobsInRun)
+			behaviour, err := tryHandleIncompleteMatrix(t.Context(), blockedJob, jobsInRun)
 
 			if tt.errContains != "" {
 				require.ErrorContains(t, err, tt.errContains)
 			} else {
 				require.NoError(t, err)
 				if tt.consumed {
-					assert.True(t, skip, "skip flag")
+					assert.Equal(t, behaviourIgnoreJob, behaviour)
 
 					// blockedJob should no longer exist in the database
 					unittest.AssertNotExistsBean(t, &actions_model.ActionRunJob{ID: tt.runJobID})
@@ -660,10 +660,10 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 					blockedJobReloaded := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: tt.runJobID})
 					assert.Equal(t, actions_model.StatusFailure, blockedJobReloaded.Status)
 
-					// skip is set to true
-					assert.True(t, skip, "skip flag")
+					// ensure all other jobs in this run are ignored
+					assert.Equal(t, behaviourIgnoreAllJobsInRun, behaviour)
 				} else {
-					assert.False(t, skip, "skip flag")
+					assert.Equal(t, behaviourExecuteJob, behaviour)
 				}
 			}
 		})

From 8f63ee9a948814e1b97f5e543b58ee219b127731 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 2 Jan 2026 19:02:10 +0100
Subject: [PATCH 088/854] fix: don't duplicate commit status records on
 workflows with empty name (#10678)

Fixes #10671.

Cleanup for the inflated number of records in this table will come in a near future change.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10678
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .../TestCreateCommitStatus/action_run.yml     | 25 ++++++++++
 .../TestCreateCommitStatus/action_run_job.yml | 26 +++++++++++
 services/actions/commit_status.go             |  4 +-
 services/actions/commit_status_test.go        | 46 +++++++++++++++++++
 4 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 services/actions/TestCreateCommitStatus/action_run.yml
 create mode 100644 services/actions/TestCreateCommitStatus/action_run_job.yml

diff --git a/services/actions/TestCreateCommitStatus/action_run.yml b/services/actions/TestCreateCommitStatus/action_run.yml
new file mode 100644
index 0000000000..cbeef34d70
--- /dev/null
+++ b/services/actions/TestCreateCommitStatus/action_run.yml
@@ -0,0 +1,25 @@
+-
+  id: 900
+  title: "update actions"
+  repo_id: 4
+  owner_id: 1
+  workflow_id: "artifact.yaml"
+  index: 200
+  trigger_user_id: 1
+  ref: "refs/heads/master"
+  commit_sha: "c7cd3cd144e6d23c9d6f3d07e52b2c1a956e0338"
+  event: "push"
+  is_fork_pull_request: false
+  status: 1
+  started: 1683636528
+  stopped: 1683636626
+  created: 1683636108
+  updated: 1683636626
+  need_approval: false
+  approved_by: 0
+  event_payload: |
+    {
+      "head_commit": {
+        "id": "c7cd3cd144e6d23c9d6f3d07e52b2c1a956e0338"
+      }
+    }
diff --git a/services/actions/TestCreateCommitStatus/action_run_job.yml b/services/actions/TestCreateCommitStatus/action_run_job.yml
new file mode 100644
index 0000000000..1c3b8e4b7d
--- /dev/null
+++ b/services/actions/TestCreateCommitStatus/action_run_job.yml
@@ -0,0 +1,26 @@
+-
+  id: 400
+  run_id: 900
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c7cd3cd144e6d23c9d6f3d07e52b2c1a956e0338
+  is_fork_pull_request: false
+  name: job_2
+  attempt: 1
+  job_id: job_2
+  task_id: 47
+  status: 7 # blocked
+  started: 1683636528
+  stopped: 1683636626
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      produce-artifacts:
+        name: produce-artifacts
+        runs-on: docker
+        steps:
+          - run: echo "OK!"
+        strategy:
+          matrix:
+            color: red
diff --git a/services/actions/commit_status.go b/services/actions/commit_status.go
index 7f86dbecc1..5a72a17022 100644
--- a/services/actions/commit_status.go
+++ b/services/actions/commit_status.go
@@ -8,6 +8,7 @@ import (
 	"errors"
 	"fmt"
 	"path"
+	"strings"
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
@@ -94,7 +95,8 @@ func createCommitStatus(ctx context.Context, job *actions_model.ActionRunJob) er
 	state := toCommitStatus(job.Status)
 	if statuses, _, err := git_model.GetLatestCommitStatus(ctx, repo.ID, sha, db.ListOptionsAll); err == nil {
 		for _, v := range statuses {
-			if v.Context == ctxname {
+			// TrimSpace(ctxname) to match stored value which is trimmed in `git.NewCommitStatus`
+			if v.Context == strings.TrimSpace(ctxname) {
 				if v.State == state {
 					// no need to update
 					return nil
diff --git a/services/actions/commit_status_test.go b/services/actions/commit_status_test.go
index 372448e321..3252969793 100644
--- a/services/actions/commit_status_test.go
+++ b/services/actions/commit_status_test.go
@@ -7,9 +7,14 @@ import (
 	"testing"
 
 	actions_model "forgejo.org/models/actions"
+	git_model "forgejo.org/models/git"
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/cache"
+	"forgejo.org/modules/structs"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"xorm.io/builder"
 )
 
 func TestCreateCommitStatus_IncompleteMatrix(t *testing.T) {
@@ -36,3 +41,44 @@ func TestCreateCommitStatus_IncompleteMatrix(t *testing.T) {
 	err = createCommitStatus(t.Context(), job)
 	require.NoError(t, err)
 }
+
+func TestCreateCommitStatus_AvoidsDuplicates(t *testing.T) {
+	defer unittest.OverrideFixtures("services/actions/TestCreateCommitStatus")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+	cache.Init()
+
+	job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 400})
+	targetCommitStatusFilter := builder.Eq{"repo_id": 4, "sha": job.CommitSHA}
+
+	// Begin with 0 commit statuses
+	assert.Equal(t, 0, unittest.GetCount(t, &git_model.CommitStatus{}, targetCommitStatusFilter))
+
+	err := createCommitStatus(t.Context(), job)
+	require.NoError(t, err)
+
+	// Should have 1 commit status now with one createCommitStatus call
+	assert.Equal(t, 1, unittest.GetCount(t, &git_model.CommitStatus{}, targetCommitStatusFilter))
+	status := unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{}, targetCommitStatusFilter)
+	assert.EqualValues(t, 4, status.RepoID)
+	assert.Equal(t, structs.CommitStatusState("pending"), status.State)
+	assert.Equal(t, "c7cd3cd144e6d23c9d6f3d07e52b2c1a956e0338", status.SHA)
+	assert.Equal(t, "/user5/repo4/actions/runs/200/jobs/0", status.TargetURL)
+	assert.Equal(t, "Blocked by required conditions", status.Description)
+	assert.Equal(t, "39c46bc9f0f68e0dcfbb59118e12778fa095b066", status.ContextHash)
+	assert.Equal(t, "/ job_2 (push)", status.Context) // This test is intended to cover the runName = "" case, which trims whitespace in this context string -- don't change it in the future
+
+	// No status change, but createCommitStatus invoked again
+	err = createCommitStatus(t.Context(), job)
+	require.NoError(t, err)
+
+	// Should have just the same 1 commit status since the context & state was unchanged.
+	assert.Equal(t, 1, unittest.GetCount(t, &git_model.CommitStatus{}, targetCommitStatusFilter))
+
+	// Update job status & create new commit status
+	job.Status = actions_model.StatusSuccess
+	err = createCommitStatus(t.Context(), job)
+	require.NoError(t, err)
+
+	// Should have 2 commit statuses now
+	assert.Equal(t, 2, unittest.GetCount(t, &git_model.CommitStatus{}, targetCommitStatusFilter))
+}

From 3c1d5c04fdb7c1185592c8260a11f209b66b8d2b Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 3 Jan 2026 04:02:19 +0100
Subject: [PATCH 089/854] Lock file maintenance (forgejo) (#10623)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10623
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2d74bda4a6..eb17bd2cbd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14468,9 +14468,9 @@
       "license": "MIT"
     },
     "node_modules/ts-api-utils": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.2.0.tgz",
-      "integrity": "sha512-L6f5oQRAoLU1RwXz0Ab9mxsE7LtxeVB6AIR1lpkZMsOyg/JXeaxBaXa/FVCBZyNr9S9I4wkHrlZTklX+im+WMw==",
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.3.0.tgz",
+      "integrity": "sha512-6eg3Y9SF7SsAvGzRHQvvc1skDAhwI4YQ32ui1scxD1Ccr0G5qIIbUBT3pFTKX8kmWIQClHobtUdNuaBgwdfdWg==",
       "dev": true,
       "license": "MIT",
       "engines": {

From 24019ef5e83fd7bed7f31ad09dd8d5f26b4bdc69 Mon Sep 17 00:00:00 2001
From: Luis <luis@adame.dev>
Date: Sat, 3 Jan 2026 04:45:43 +0100
Subject: [PATCH 090/854] fix: pull request merge menu item clipping the auto
 merge tip (#10652)

Fixes the auto merge tip not being properly displayed due to an `overflow: hidden` set at the `.item` level. The fix resets that overflow rule if the auto merge button is being hovered and goes back to `hidden` when no longer being hovered.

Fixed also a small misalignment between the tip and the button.

Resolves #4822

### Test

1. Go to a pull request that merges into a protected branch that requires status checks to pass.
2. Go to the merge area of that pull request.
3. Click on the "Create merge commit" button.
4. Hover over the clock icon.
5. Observe that some text appears to the right of that clock icon.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10652
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Luis <luis@adame.dev>
Co-committed-by: Luis <luis@adame.dev>
---
 web_src/js/components/PullRequestMergeForm.vue | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/web_src/js/components/PullRequestMergeForm.vue b/web_src/js/components/PullRequestMergeForm.vue
index e44e5bf02d..df123f5e2f 100644
--- a/web_src/js/components/PullRequestMergeForm.vue
+++ b/web_src/js/components/PullRequestMergeForm.vue
@@ -225,7 +225,7 @@ export default {
 .auto-merge-small .auto-merge-tip {
   display: none;
   left: 38px;
-  top: -1px;
+  top: -0.5px;
   bottom: -1px;
   position: absolute;
   align-items: center;
@@ -236,6 +236,10 @@ export default {
   padding-right: 1rem;
 }
 
+.menu .item:has(.auto-merge-small:hover) {
+  overflow: unset;
+}
+
 .auto-merge-small:hover {
   color: var(--color-info-text);
   background-color: var(--color-info-bg);

From b2bc6e288a4dbfadd0941dff026108136a81643e Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 3 Jan 2026 09:18:06 +0100
Subject: [PATCH 091/854] Update dependency forgejo/release-notes-assistant to
 v1.4.2 (forgejo) (#10683)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10683
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/release-notes-assistant-milestones.yml | 2 +-
 .forgejo/workflows/release-notes-assistant.yml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index 06de029d88..2baa279db4 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -6,7 +6,7 @@ on:
 
 env:
   RNA_WORKDIR: /srv/rna
-  RNA_VERSION: v1.4.1 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.4.2 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index 4b5ddf15d0..ab6d5c58ec 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -8,7 +8,7 @@ on:
       - labeled
 
 env:
-  RNA_VERSION: v1.4.1 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.4.2 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:

From 1cecec6536ab6180aab891fb3ee597be7b978db6 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sun, 4 Jan 2026 05:37:18 +0100
Subject: [PATCH 092/854] chore: download git-man over TLS (#10692)

- No need to use http when https is available.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10692
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 .../workflows-composite/install-minimum-git-version/action.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows-composite/install-minimum-git-version/action.yaml b/.forgejo/workflows-composite/install-minimum-git-version/action.yaml
index d4e6e3f2a7..ae50d38794 100644
--- a/.forgejo/workflows-composite/install-minimum-git-version/action.yaml
+++ b/.forgejo/workflows-composite/install-minimum-git-version/action.yaml
@@ -13,7 +13,7 @@ runs:
         apt-get update -qq
         apt-get -q install -y -qq curl ca-certificates
 
-        curl -sS -o /tmp/git-man.deb http://archive.ubuntu.com/ubuntu/pool/main/g/git/git-man_2.34.1-1ubuntu1_all.deb
+        curl -sS -o /tmp/git-man.deb https://archive.ubuntu.com/ubuntu/pool/main/g/git/git-man_2.34.1-1ubuntu1_all.deb
         curl -sS -o /tmp/git.deb https://archive.ubuntu.com/ubuntu/pool/main/g/git/git_2.34.1-1ubuntu1_amd64.deb
         curl -sS -o /tmp/git-lfs.deb https://archive.ubuntu.com/ubuntu/pool/universe/g/git-lfs/git-lfs_3.0.2-1_amd64.deb
 

From 28e0af23faf6c8e8f353ba2ae818ee0f83fd3e5c Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Sun, 4 Jan 2026 23:52:33 +0100
Subject: [PATCH 093/854] feat(ui): replace Monaco with CodeMirror (#10559)

- Replace the [Monaco Editor](https://microsoft.github.io/monaco-editor/)
with [CodeMirror 6](https://codemirror.net/). This editor is used to
facilitate the 'Add file' and 'Edit file' functionality.
- Rationale:
  - Monaco editor is a great and powerful editor, however for Forgejo's
  purpose it acts more like a small IDE than a code editor and is doing
  too much. In my limited user research the usage of editing files via
  the web UI is largely for small changes that does not need the
  features that Monaco editor provides.
  - Monaco editor has no mobile support, Codemirror is very usable on mobile.
  - Monaco editor pulls in large dependencies (for language support) and
  by replacing it with Codemirror the amount of time that webpack needs
  to build the frontend is reduced by 50% (~30s -> ~15s).
  - The binary of Forgejo (build with `bindata` tag) is reduced by 2MiB.
  - Codemirror is much more lightweight and should be more usable on
  less powerful hardware, most notably the lazy loading is much faster
  as codemirror uses less javascript.
  - Because Codemirror is modular it is much easier to change the
  behavior of the code editor if we wish to.
- Drawbacks:
  - Codemirror is quite modular and as seen in `package.json` and in
  `codeeditor.ts` we have to supply a lot more of its features to have
  feature parity with Monaco editor.
  - Monaco editor has great integrated language support (features that
  an lsp would provide), Codemirror only has such language support to an
  extend.
  - Monaco editor has its famous command palette (known by many as its
  also available in VSCode), this is not available in code mirror.
- Good to note:
  - All features that was added on top of the monaco editor (such as
  dynamically changing language  support depending on the filename)
  still works and the theme is based on the VSCode colors which largely
  resembles the monaco editor.
  - The code editor is still lazy-loaded (this is painfully clear by
  reading how imports are passed around in `codeeditor.ts`).
  - This change was privately tested by a few people, a few bugs were
  found (and fixed) but no major drawbacks were noted for their usage of
  the web editor.
  - There's a "search" button in the top bar, so that search can be used
  on mobile. It is otherwise only accessible via
  <kbd>Ctrl</kbd>+<kbd>f</kbd>.

Co-authored-by: Beowulf <beowulf@beocode.eu>

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10559
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: Beowulf <beowulf@beocode.eu>
---
 eslint.config.mjs                          |   6 +-
 options/locale_next/locale_en-US.json      |   8 +
 package-lock.json                          | 537 ++++++++++++++++++++-
 package.json                               |  29 +-
 renovate.json                              |   5 -
 templates/repo/editor/edit.tmpl            |  23 +-
 templates/repo/editor/patch.tmpl           |   9 +-
 templates/repo/settings/githook_edit.tmpl  |   2 +-
 templates/shared/codemirror_container.tmpl |  11 +
 tests/e2e/codemirror.test.e2e.ts           | 217 +++++++++
 tests/e2e/e2e_test.go                      |  11 +-
 tests/e2e/image-diff.test.e2e.ts           |   4 +-
 tests/e2e/markdown-editor.test.e2e.ts      |   7 +-
 tests/e2e/modal.test.e2e.ts                |   4 +-
 tests/e2e/repo-new.test.e2e.ts             |   2 +-
 tsconfig.json                              |   2 +-
 vitest.config.ts                           |   4 -
 web_src/css/features/codeeditor.css        | 129 +++--
 web_src/js/bootstrap.js                    |  15 -
 web_src/js/features/codeeditor.js          | 191 --------
 web_src/js/features/codeeditor.ts          | 124 +++++
 web_src/js/features/codemirror-lang.ts     | 161 ++++++
 web_src/js/features/codemirror-search.ts   | 240 +++++++++
 web_src/js/features/codemirror.ts          | 218 +++++++++
 web_src/js/features/repo-editor.js         |   4 +-
 web_src/js/features/repo-issue.test.js     |   1 -
 web_src/js/features/repo-settings.js       |   4 +-
 web_src/js/globals.d.ts                    |   3 +
 web_src/js/svg.js                          |   4 +
 web_src/js/types.d.ts                      |   5 +
 webpack.config.js                          |  10 +-
 31 files changed, 1665 insertions(+), 325 deletions(-)
 create mode 100644 templates/shared/codemirror_container.tmpl
 create mode 100644 tests/e2e/codemirror.test.e2e.ts
 delete mode 100644 web_src/js/features/codeeditor.js
 create mode 100644 web_src/js/features/codeeditor.ts
 create mode 100644 web_src/js/features/codemirror-lang.ts
 create mode 100644 web_src/js/features/codemirror-search.ts
 create mode 100644 web_src/js/features/codemirror.ts
 create mode 100644 web_src/js/globals.d.ts

diff --git a/eslint.config.mjs b/eslint.config.mjs
index 61987aef14..df3425d7a0 100644
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@@ -528,11 +528,7 @@ export default tseslint.config(
       'no-this-before-super': [2],
       'no-throw-literal': [2],
       'no-undef-init': [2],
-
-      'no-undef': [2, {
-        typeof: true,
-      }],
-
+      'no-undef': [0],
       'no-undefined': [0],
       'no-underscore-dangle': [0],
       'no-unexpected-multiline': [2],
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 73b2f5ec7f..39d4444b51 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -248,5 +248,13 @@
 	"admin.auths.oauth2_quota_group_claim_name": "Claim name providing group names for this source to be used for quota management. (Optional)",
 	"admin.auths.oauth2_quota_group_map": "Map claimed groups to quota groups. (Optional - requires claim name above)",
 	"admin.auths.oauth2_quota_group_map_removal": "Remove users from synchronized quota groups if user does not belong to corresponding group.",
+	"editor.search": "Search",
+	"editor.find_previous": "Previous find",
+	"editor.find_next": "Next find",
+	"editor.replace": "Replace",
+	"editor.replace_all": "Replace all",
+	"editor.toggle_case": "Toggle case sensitivity",
+	"editor.toggle_regex": "Toggle using regular expressions",
+	"editor.toggle_whole_word": "Toggle matching whole words",
 	"meta.last_line": "Thank you for translating Forgejo! This line isn't seen by the users but it serves other purposes in the translation management. You can place a fun fact in the translation instead of translating it."
 }
diff --git a/package-lock.json b/package-lock.json
index eb17bd2cbd..d923c15eb3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,10 +9,33 @@
         "@citation-js/core": "0.7.21",
         "@citation-js/plugin-bibtex": "0.7.21",
         "@citation-js/plugin-software-formats": "0.6.1",
+        "@codemirror/autocomplete": "6.19.1",
+        "@codemirror/commands": "6.10.0",
+        "@codemirror/lang-cpp": "6.0.3",
+        "@codemirror/lang-css": "6.3.1",
+        "@codemirror/lang-go": "6.0.1",
+        "@codemirror/lang-html": "6.4.11",
+        "@codemirror/lang-java": "6.0.2",
+        "@codemirror/lang-javascript": "6.2.4",
+        "@codemirror/lang-json": "6.0.2",
+        "@codemirror/lang-less": "6.0.2",
+        "@codemirror/lang-liquid": "6.3.0",
+        "@codemirror/lang-markdown": "6.5.0",
+        "@codemirror/lang-php": "6.0.2",
+        "@codemirror/lang-python": "6.2.1",
+        "@codemirror/lang-rust": "6.0.2",
+        "@codemirror/lang-sass": "6.0.2",
+        "@codemirror/lang-xml": "6.1.0",
+        "@codemirror/lang-yaml": "6.1.2",
+        "@codemirror/language": "6.11.3",
+        "@codemirror/search": "6.5.11",
+        "@codemirror/state": "6.5.2",
+        "@codemirror/view": "6.38.2",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.8.0",
         "@google/model-viewer": "4.1.0",
+        "@lezer/highlight": "1.2.1",
         "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
         "@primer/octicons": "19.14.0",
         "ansi_up": "6.0.5",
@@ -35,8 +58,6 @@
         "mermaid": "11.12.2",
         "mini-css-extract-plugin": "2.9.3",
         "minimatch": "10.1.1",
-        "monaco-editor": "0.52.2",
-        "monaco-editor-webpack-plugin": "7.1.1",
         "pdfobject": "2.3.0",
         "postcss": "8.5.6",
         "postcss-loader": "8.2.0",
@@ -477,6 +498,297 @@
         "node": ">=14.0.0"
       }
     },
+    "node_modules/@codemirror/autocomplete": {
+      "version": "6.19.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/autocomplete/-/autocomplete-6.19.1.tgz",
+      "integrity": "sha512-q6NenYkEy2fn9+JyjIxMWcNjzTL/IhwqfzOut1/G3PrIFkrbl4AL7Wkse5tLrQUUyqGoAKU5+Pi5jnnXxH5HGw==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.17.0",
+        "@lezer/common": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/commands": {
+      "version": "6.10.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/commands/-/commands-6.10.0.tgz",
+      "integrity": "sha512-2xUIc5mHXQzT16JnyOFkh8PvfeXuIut3pslWGfsGOhxP/lpgRm9HOl/mpzLErgt5mXDovqA0d11P21gofRLb9w==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.4.0",
+        "@codemirror/view": "^6.27.0",
+        "@lezer/common": "^1.1.0"
+      }
+    },
+    "node_modules/@codemirror/lang-cpp": {
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-cpp/-/lang-cpp-6.0.3.tgz",
+      "integrity": "sha512-URM26M3vunFFn9/sm6rzqrBzDgfWuDixp85uTY49wKudToc2jTHUrKIGGKs+QWND+YLofNNZpxcNGRynFJfvgA==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0",
+        "@lezer/cpp": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-css": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-css/-/lang-css-6.3.1.tgz",
+      "integrity": "sha512-kr5fwBGiGtmz6l0LSJIbno9QrifNMUusivHbnA1H6Dmqy4HZFte3UAICix1VuKo0lMPKQr2rqB+0BkKi/S3Ejg==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.0.2",
+        "@lezer/css": "^1.1.7"
+      }
+    },
+    "node_modules/@codemirror/lang-go": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-go/-/lang-go-6.0.1.tgz",
+      "integrity": "sha512-7fNvbyNylvqCphW9HD6WFnRpcDjr+KXX/FgqXy5H5ZS0eC5edDljukm/yNgYkwTsgp2busdod50AOTIy6Jikfg==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/language": "^6.6.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/go": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-html": {
+      "version": "6.4.11",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-html/-/lang-html-6.4.11.tgz",
+      "integrity": "sha512-9NsXp7Nwp891pQchI7gPdTwBuSuT3K65NGTHWHNJ55HjYcHLllr0rbIZNdOzas9ztc1EUVBlHou85FFZS4BNnw==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/lang-css": "^6.0.0",
+        "@codemirror/lang-javascript": "^6.0.0",
+        "@codemirror/language": "^6.4.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.17.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/css": "^1.1.0",
+        "@lezer/html": "^1.3.12"
+      }
+    },
+    "node_modules/@codemirror/lang-java": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-java/-/lang-java-6.0.2.tgz",
+      "integrity": "sha512-m5Nt1mQ/cznJY7tMfQTJchmrjdjQ71IDs+55d1GAa8DGaB8JXWsVCkVT284C3RTASaY43YknrK2X3hPO/J3MOQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0",
+        "@lezer/java": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-javascript": {
+      "version": "6.2.4",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-javascript/-/lang-javascript-6.2.4.tgz",
+      "integrity": "sha512-0WVmhp1QOqZ4Rt6GlVGwKJN3KW7Xh4H2q8ZZNGZaP6lRdxXJzmjm4FqvmOojVj6khWJHIb9sp7U/72W7xQgqAA==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/language": "^6.6.0",
+        "@codemirror/lint": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.17.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/javascript": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-json": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-json/-/lang-json-6.0.2.tgz",
+      "integrity": "sha512-x2OtO+AvwEHrEwR0FyyPtfDUiloG3rnVTSZV1W8UteaLL8/MajQd8DpvUb2YVzC+/T18aSDv0H9mu+xw0EStoQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0",
+        "@lezer/json": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-less": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-less/-/lang-less-6.0.2.tgz",
+      "integrity": "sha512-EYdQTG22V+KUUk8Qq582g7FMnCZeEHsyuOJisHRft/mQ+ZSZ2w51NupvDUHiqtsOy7It5cHLPGfHQLpMh9bqpQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/lang-css": "^6.2.0",
+        "@codemirror/language": "^6.0.0",
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-liquid": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-liquid/-/lang-liquid-6.3.0.tgz",
+      "integrity": "sha512-fY1YsUExcieXRTsCiwX/bQ9+PbCTA/Fumv7C7mTUZHoFkibfESnaXwpr2aKH6zZVwysEunsHHkaIpM/pl3xETQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/lang-html": "^6.0.0",
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.3.1"
+      }
+    },
+    "node_modules/@codemirror/lang-markdown": {
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-markdown/-/lang-markdown-6.5.0.tgz",
+      "integrity": "sha512-0K40bZ35jpHya6FriukbgaleaqzBLZfOh7HuzqbMxBXkbYMJDxfF39c23xOgxFezR+3G+tR2/Mup+Xk865OMvw==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.7.1",
+        "@codemirror/lang-html": "^6.0.0",
+        "@codemirror/language": "^6.3.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "@lezer/common": "^1.2.1",
+        "@lezer/markdown": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-php": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-php/-/lang-php-6.0.2.tgz",
+      "integrity": "sha512-ZKy2v1n8Fc8oEXj0Th0PUMXzQJ0AIR6TaZU+PbDHExFwdu+guzOA4jmCHS1Nz4vbFezwD7LyBdDnddSJeScMCA==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/lang-html": "^6.0.0",
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/php": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-python": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-python/-/lang-python-6.2.1.tgz",
+      "integrity": "sha512-IRjC8RUBhn9mGR9ywecNhB51yePWCGgvHfY1lWN/Mrp3cKuHr0isDKia+9HnvhiWNnMpbGhWrkhuWOc09exRyw==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.3.2",
+        "@codemirror/language": "^6.8.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.2.1",
+        "@lezer/python": "^1.1.4"
+      }
+    },
+    "node_modules/@codemirror/lang-rust": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-rust/-/lang-rust-6.0.2.tgz",
+      "integrity": "sha512-EZaGjCUegtiU7kSMvOfEZpaCReowEf3yNidYu7+vfuGTm9ow4mthAparY5hisJqOHmJowVH3Upu+eJlUji6qqA==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/language": "^6.0.0",
+        "@lezer/rust": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-sass": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-sass/-/lang-sass-6.0.2.tgz",
+      "integrity": "sha512-l/bdzIABvnTo1nzdY6U+kPAC51czYQcOErfzQ9zSm9D8GmNPD0WTW8st/CJwBTPLO8jlrbyvlSEcN20dc4iL0Q==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/lang-css": "^6.2.0",
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.0.2",
+        "@lezer/sass": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-xml": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-xml/-/lang-xml-6.1.0.tgz",
+      "integrity": "sha512-3z0blhicHLfwi2UgkZYRPioSgVTo9PV5GP5ducFH6FaHy0IAJRg+ixj5gTR1gnT/glAIC8xv4w2VL1LoZfs+Jg==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/language": "^6.4.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/xml": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/lang-yaml": {
+      "version": "6.1.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-yaml/-/lang-yaml-6.1.2.tgz",
+      "integrity": "sha512-dxrfG8w5Ce/QbT7YID7mWZFKhdhsaTNOYjOkSIMt1qmC4VQnXSDSYVHHHn8k6kJUfIhtLo8t1JJgltlxWdsITw==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.2.0",
+        "@lezer/lr": "^1.0.0",
+        "@lezer/yaml": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/language": {
+      "version": "6.11.3",
+      "resolved": "https://registry.npmjs.org/@codemirror/language/-/language-6.11.3.tgz",
+      "integrity": "sha512-9HBM2XnwDj7fnu0551HkGdrUrrqmYq/WC5iv6nbY2WdicXdGbhR/gfbZOH73Aqj4351alY1+aoG9rCNfiwS1RA==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.23.0",
+        "@lezer/common": "^1.1.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0",
+        "style-mod": "^4.0.0"
+      }
+    },
+    "node_modules/@codemirror/lint": {
+      "version": "6.9.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lint/-/lint-6.9.2.tgz",
+      "integrity": "sha512-sv3DylBiIyi+xKwRCJAAsBZZZWo82shJ/RTMymLabAdtbkV5cSKwWDeCgtUq3v8flTaXS2y1kKkICuRYtUswyQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.35.0",
+        "crelt": "^1.0.5"
+      }
+    },
+    "node_modules/@codemirror/search": {
+      "version": "6.5.11",
+      "resolved": "https://registry.npmjs.org/@codemirror/search/-/search-6.5.11.tgz",
+      "integrity": "sha512-KmWepDE6jUdL6n8cAAqIpRmLPBZ5ZKnicE8oGU/s3QrAVID+0VhLFrzUucVKHG5035/BSykhExDL/Xm7dHthiA==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "crelt": "^1.0.5"
+      }
+    },
+    "node_modules/@codemirror/state": {
+      "version": "6.5.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.5.2.tgz",
+      "integrity": "sha512-FVqsPqtPWKVVL3dPSxy8wEF/ymIEuVzF1PK3VbUgrxXpJUSHQWWZz4JMToquRxnkw+36LTamCZG2iua2Ptq0fA==",
+      "license": "MIT",
+      "dependencies": {
+        "@marijn/find-cluster-break": "^1.0.0"
+      }
+    },
+    "node_modules/@codemirror/view": {
+      "version": "6.38.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.38.2.tgz",
+      "integrity": "sha512-bTWAJxL6EOFLPzTx+O5P5xAO3gTqpatQ2b/ARQ8itfU/v2LlpS3pH2fkL0A3E/Fx8Y2St2KES7ZEV0sHTsSW/A==",
+      "license": "MIT",
+      "dependencies": {
+        "@codemirror/state": "^6.5.0",
+        "crelt": "^1.0.6",
+        "style-mod": "^4.1.0",
+        "w3c-keyname": "^2.2.4"
+      }
+    },
     "node_modules/@csstools/css-parser-algorithms": {
       "version": "3.0.5",
       "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-3.0.5.tgz",
@@ -2131,6 +2443,183 @@
       "integrity": "sha512-M5UknZPHRu3DEDWoipU6sE8PdkZ6Z/S+v4dD+Ke8IaNlpdSQah50lz1KtcFBa2vsdOnwbbnxJwVM4wty6udA5w==",
       "license": "MIT"
     },
+    "node_modules/@lezer/common": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/@lezer/common/-/common-1.4.0.tgz",
+      "integrity": "sha512-DVeMRoGrgn/k45oQNu189BoW4SZwgZFzJ1+1TV5j2NJ/KFC83oa/enRqZSGshyeMk5cPWMhsKs9nx+8o0unwGg==",
+      "license": "MIT"
+    },
+    "node_modules/@lezer/cpp": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/@lezer/cpp/-/cpp-1.1.4.tgz",
+      "integrity": "sha512-aYSdZyUueeTgnfXQntiGUqKNW5WujlAsIbbHzkfJDneSZoyjPg8ObmWG3bzDPVYMC/Kf4l43WJLCunPnYFfQ0g==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
+    "node_modules/@lezer/css": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/@lezer/css/-/css-1.3.0.tgz",
+      "integrity": "sha512-pBL7hup88KbI7hXnZV3PQsn43DHy6TWyzuyk2AO9UyoXcDltvIdqWKE1dLL/45JVZ+YZkHe1WVHqO6wugZZWcw==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.3.0"
+      }
+    },
+    "node_modules/@lezer/go": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@lezer/go/-/go-1.0.1.tgz",
+      "integrity": "sha512-xToRsYxwsgJNHTgNdStpcvmbVuKxTapV0dM0wey1geMMRc9aggoVyKgzYp41D2/vVOx+Ii4hmE206kvxIXBVXQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.3.0"
+      }
+    },
+    "node_modules/@lezer/highlight": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@lezer/highlight/-/highlight-1.2.1.tgz",
+      "integrity": "sha512-Z5duk4RN/3zuVO7Jq0pGLJ3qynpxUVsh7IbUbGj88+uV2ApSAn6kWg2au3iJb+0Zi7kKtqffIESgNcRXWZWmSA==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.0.0"
+      }
+    },
+    "node_modules/@lezer/html": {
+      "version": "1.3.12",
+      "resolved": "https://registry.npmjs.org/@lezer/html/-/html-1.3.12.tgz",
+      "integrity": "sha512-RJ7eRWdaJe3bsiiLLHjCFT1JMk8m1YP9kaUbvu2rMLEoOnke9mcTVDyfOslsln0LtujdWespjJ39w6zo+RsQYw==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
+    "node_modules/@lezer/java": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@lezer/java/-/java-1.1.3.tgz",
+      "integrity": "sha512-yHquUfujwg6Yu4Fd1GNHCvidIvJwi/1Xu2DaKl/pfWIA2c1oXkVvawH3NyXhCaFx4OdlYBVX5wvz2f7Aoa/4Xw==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
+    "node_modules/@lezer/javascript": {
+      "version": "1.5.4",
+      "resolved": "https://registry.npmjs.org/@lezer/javascript/-/javascript-1.5.4.tgz",
+      "integrity": "sha512-vvYx3MhWqeZtGPwDStM2dwgljd5smolYD2lR2UyFcHfxbBQebqx8yjmFmxtJ/E6nN6u1D9srOiVWm3Rb4tmcUA==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.1.3",
+        "@lezer/lr": "^1.3.0"
+      }
+    },
+    "node_modules/@lezer/json": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@lezer/json/-/json-1.0.3.tgz",
+      "integrity": "sha512-BP9KzdF9Y35PDpv04r0VeSTKDeox5vVr3efE7eBbx3r4s3oNLfunchejZhjArmeieBH+nVOpgIiBJpEAv8ilqQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
+    "node_modules/@lezer/lr": {
+      "version": "1.4.5",
+      "resolved": "https://registry.npmjs.org/@lezer/lr/-/lr-1.4.5.tgz",
+      "integrity": "sha512-/YTRKP5yPPSo1xImYQk7AZZMAgap0kegzqCSYHjAL9x1AZ0ZQW+IpcEzMKagCsbTsLnVeWkxYrCNeXG8xEPrjg==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.0.0"
+      }
+    },
+    "node_modules/@lezer/markdown": {
+      "version": "1.6.1",
+      "resolved": "https://registry.npmjs.org/@lezer/markdown/-/markdown-1.6.1.tgz",
+      "integrity": "sha512-72ah+Sml7lD8Wn7lnz9vwYmZBo9aQT+I2gjK/0epI+gjdwUbWw3MJ/ZBGEqG1UfrIauRqH37/c5mVHXeCTGXtA==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.0.0",
+        "@lezer/highlight": "^1.0.0"
+      }
+    },
+    "node_modules/@lezer/php": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/@lezer/php/-/php-1.0.5.tgz",
+      "integrity": "sha512-W7asp9DhM6q0W6DYNwIkLSKOvxlXRrif+UXBMxzsJUuqmhE7oVU+gS3THO4S/Puh7Xzgm858UNaFi6dxTP8dJA==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.1.0"
+      }
+    },
+    "node_modules/@lezer/python": {
+      "version": "1.1.18",
+      "resolved": "https://registry.npmjs.org/@lezer/python/-/python-1.1.18.tgz",
+      "integrity": "sha512-31FiUrU7z9+d/ElGQLJFXl+dKOdx0jALlP3KEOsGTex8mvj+SoE1FgItcHWK/axkxCHGUSpqIHt6JAWfWu9Rhg==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
+    "node_modules/@lezer/rust": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@lezer/rust/-/rust-1.0.2.tgz",
+      "integrity": "sha512-Lz5sIPBdF2FUXcWeCu1//ojFAZqzTQNRga0aYv6dYXqJqPfMdCAI0NzajWUd4Xijj1IKJLtjoXRPMvTKWBcqKg==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
+    "node_modules/@lezer/sass": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@lezer/sass/-/sass-1.1.0.tgz",
+      "integrity": "sha512-3mMGdCTUZ/84ArHOuXWQr37pnf7f+Nw9ycPUeKX+wu19b7pSMcZGLbaXwvD2APMBDOGxPmpK/O6S1v1EvLoqgQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
+    "node_modules/@lezer/xml": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/@lezer/xml/-/xml-1.0.6.tgz",
+      "integrity": "sha512-CdDwirL0OEaStFue/66ZmFSeppuL6Dwjlk8qk153mSQwiSH/Dlri4GNymrNWnUmPl2Um7QfV1FO9KFUyX3Twww==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0"
+      }
+    },
+    "node_modules/@lezer/yaml": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/@lezer/yaml/-/yaml-1.0.3.tgz",
+      "integrity": "sha512-GuBLekbw9jDBDhGur82nuwkxKQ+a3W5H0GfaAthDXcAu+XdpS43VlnxA9E9hllkpSP5ellRDKjLLj7Lu9Wr6xA==",
+      "license": "MIT",
+      "dependencies": {
+        "@lezer/common": "^1.2.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.4.0"
+      }
+    },
     "node_modules/@lit-labs/ssr-dom-shim": {
       "version": "1.5.0",
       "resolved": "https://registry.npmjs.org/@lit-labs/ssr-dom-shim/-/ssr-dom-shim-1.5.0.tgz",
@@ -2146,6 +2635,12 @@
         "@lit-labs/ssr-dom-shim": "^1.5.0"
       }
     },
+    "node_modules/@marijn/find-cluster-break": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/@marijn/find-cluster-break/-/find-cluster-break-1.0.2.tgz",
+      "integrity": "sha512-l0h88YhZFyKdXIFNfSWpyjStDjGHwZ/U7iobcK1cQQD8sejsONdQtTVU+1wVN1PBw40PiiHB1vA5S7VTfQiP9g==",
+      "license": "MIT"
+    },
     "node_modules/@mcaptcha/core-glue": {
       "version": "0.1.0-alpha-5",
       "resolved": "https://registry.npmjs.org/@mcaptcha/core-glue/-/core-glue-0.1.0-alpha-5.tgz",
@@ -5951,6 +6446,12 @@
         }
       }
     },
+    "node_modules/crelt": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/crelt/-/crelt-1.0.6.tgz",
+      "integrity": "sha512-VQ2MBenTq1fWZUH9DJNGti7kKv6EeAuYr3cLwxUWhIu1baTaXh4Ib5W2CqHVqib4/MqbYGJqiL3Zb8GJZr3l4g==",
+      "license": "MIT"
+    },
     "node_modules/cross-spawn": {
       "version": "7.0.6",
       "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
@@ -11298,26 +11799,6 @@
         "ufo": "^1.6.1"
       }
     },
-    "node_modules/monaco-editor": {
-      "version": "0.52.2",
-      "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.52.2.tgz",
-      "integrity": "sha512-GEQWEZmfkOGLdd3XK8ryrfWz3AIP8YymVXiPHEdewrUq7mh0qrKrfHLNCXcbB6sTnMLnOZ3ztSiKcciFUkIJwQ==",
-      "license": "MIT",
-      "peer": true
-    },
-    "node_modules/monaco-editor-webpack-plugin": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/monaco-editor-webpack-plugin/-/monaco-editor-webpack-plugin-7.1.1.tgz",
-      "integrity": "sha512-WxdbFHS3Wtz4V9hzhe/Xog5hQRSMxmDLkEEYZwqMDHgJlkZo00HVFZR0j5d0nKypjTUkkygH3dDSXERLG4757A==",
-      "license": "MIT",
-      "dependencies": {
-        "loader-utils": "^2.0.2"
-      },
-      "peerDependencies": {
-        "monaco-editor": ">= 0.31.0",
-        "webpack": "^4.5.0 || 5.x"
-      }
-    },
     "node_modules/moo": {
       "version": "0.5.2",
       "resolved": "https://registry.npmjs.org/moo/-/moo-0.5.2.tgz",
@@ -13755,6 +14236,12 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/style-mod": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/style-mod/-/style-mod-4.1.3.tgz",
+      "integrity": "sha512-i/n8VsZydrugj3Iuzll8+x/00GH2vnYsk1eomD8QiRrSAeW6ItbCQDtfXCeJHd0iwiNagqjQkvpvREEPtW3IoQ==",
+      "license": "MIT"
+    },
     "node_modules/style-search": {
       "version": "0.1.0",
       "resolved": "https://registry.npmjs.org/style-search/-/style-search-0.1.0.tgz",
@@ -15259,6 +15746,12 @@
         "vue": "^3.2.29"
       }
     },
+    "node_modules/w3c-keyname": {
+      "version": "2.2.8",
+      "resolved": "https://registry.npmjs.org/w3c-keyname/-/w3c-keyname-2.2.8.tgz",
+      "integrity": "sha512-dpojBhNsCNN7T82Tm7k26A6G9ML3NkhDsnw9n/eoxSRlVBB4CEtIQ/KTCLI2Fwf3ataSXRhYFkQi3SlnFwPvPQ==",
+      "license": "MIT"
+    },
     "node_modules/watchpack": {
       "version": "2.5.0",
       "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.5.0.tgz",
diff --git a/package.json b/package.json
index 984d7a7f02..99a310112d 100644
--- a/package.json
+++ b/package.json
@@ -8,10 +8,33 @@
     "@citation-js/core": "0.7.21",
     "@citation-js/plugin-bibtex": "0.7.21",
     "@citation-js/plugin-software-formats": "0.6.1",
+    "@codemirror/autocomplete": "6.19.1",
+    "@codemirror/commands": "6.10.0",
+    "@codemirror/lang-cpp": "6.0.3",
+    "@codemirror/lang-css": "6.3.1",
+    "@codemirror/lang-go": "6.0.1",
+    "@codemirror/lang-html": "6.4.11",
+    "@codemirror/lang-java": "6.0.2",
+    "@codemirror/lang-javascript": "6.2.4",
+    "@codemirror/lang-json": "6.0.2",
+    "@codemirror/lang-less": "6.0.2",
+    "@codemirror/lang-liquid": "6.3.0",
+    "@codemirror/lang-markdown": "6.5.0",
+    "@codemirror/lang-php": "6.0.2",
+    "@codemirror/lang-python": "6.2.1",
+    "@codemirror/lang-rust": "6.0.2",
+    "@codemirror/lang-sass": "6.0.2",
+    "@codemirror/lang-xml": "6.1.0",
+    "@codemirror/lang-yaml": "6.1.2",
+    "@codemirror/language": "6.11.3",
+    "@codemirror/search": "6.5.11",
+    "@codemirror/state": "6.5.2",
+    "@codemirror/view": "6.38.2",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.8.0",
     "@google/model-viewer": "4.1.0",
+    "@lezer/highlight": "1.2.1",
     "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
     "@primer/octicons": "19.14.0",
     "ansi_up": "6.0.5",
@@ -34,8 +57,6 @@
     "mermaid": "11.12.2",
     "mini-css-extract-plugin": "2.9.3",
     "minimatch": "10.1.1",
-    "monaco-editor": "0.52.2",
-    "monaco-editor-webpack-plugin": "7.1.1",
     "pdfobject": "2.3.0",
     "postcss": "8.5.6",
     "postcss-loader": "8.2.0",
@@ -101,9 +122,7 @@
     "vite-string-plugin": "1.4.9",
     "vitest": "4.0.16"
   },
-  "browserslist": [
-    "defaults"
-  ],
+  "browserslist": ["defaults"],
   "scarfSettings": {
     "enabled": false
   }
diff --git a/renovate.json b/renovate.json
index 908c24e836..6d75cc303c 100644
--- a/renovate.json
+++ b/renovate.json
@@ -137,11 +137,6 @@
       ],
       "automerge": true
     },
-    {
-      "description": "Hold back on some package updates for a few days",
-      "matchPackageNames": ["monaco-editor"],
-      "minimumReleaseAge": "30 days"
-    },
     {
       "description": "Disable indirect updates for stable branches",
       "matchBaseBranches": ["/^v\\d+\\.\\d+\\/forgejo$/"],
diff --git a/templates/repo/editor/edit.tmpl b/templates/repo/editor/edit.tmpl
index f5006bc3b5..47ff6dac67 100644
--- a/templates/repo/editor/edit.tmpl
+++ b/templates/repo/editor/edit.tmpl
@@ -25,25 +25,28 @@
 				</div>
 			</div>
 			<div class="field">
-				<div class="ui top attached tabular menu" data-write="write" data-preview="preview" data-diff="diff">
-					<a class="active item" data-tab="write">{{svg "octicon-code"}} {{if .IsNewFile}}{{ctx.Locale.Tr "repo.editor.new_file"}}{{else}}{{ctx.Locale.Tr "repo.editor.edit_file"}}{{end}}</a>
-					<a class="item" data-tab="preview" data-url="{{.Repository.Link}}/markup" data-context="{{.RepoLink}}" data-branch-path="{{.BranchNameSubURL}}" data-markup-mode="file">{{svg "octicon-eye"}} {{ctx.Locale.Tr "preview"}}</a>
-					{{if not .IsNewFile}}
-					<a class="item" data-tab="diff" hx-params="context,content" hx-vals='{"context":"{{.BranchLink}}"}' hx-include="#edit_area" hx-swap="innerHTML" hx-target=".tab[data-tab='diff']" hx-indicator=".tab[data-tab='diff']" hx-post="{{.RepoLink}}/_preview/{{.BranchName | PathEscapeSegments}}/{{.TreePath | PathEscapeSegments}}">{{svg "octicon-diff"}} {{ctx.Locale.Tr "repo.editor.preview_changes"}}</a>
-					{{end}}
+				<div id="editor-bar">
+					<div class="switch" data-write="write" data-preview="preview" data-diff="diff">
+						<button type="button" class="active item" data-tab="write">{{svg "octicon-code"}} {{if .IsNewFile}}{{ctx.Locale.Tr "repo.editor.new_file"}}{{else}}{{ctx.Locale.Tr "repo.editor.edit_file"}}{{end}}</button>
+						<button type="button" class="item" data-tab="preview" data-url="{{.Repository.Link}}/markup" data-context="{{.RepoLink}}" data-branch-path="{{.BranchNameSubURL}}" data-markup-mode="file">{{svg "octicon-eye"}} {{ctx.Locale.Tr "preview"}}</button>
+						{{if not .IsNewFile}}
+							<button type="button" class="item" data-tab="diff" hx-params="context,content" hx-vals='{"context":"{{.BranchLink}}"}' hx-include="#edit_area" hx-swap="innerHTML" hx-target=".tab[data-tab='diff']" hx-indicator=".tab[data-tab='diff']" hx-post="{{.RepoLink}}/_preview/{{.BranchName | PathEscapeSegments}}/{{.TreePath | PathEscapeSegments}}">{{svg "octicon-diff"}} {{ctx.Locale.Tr "repo.editor.preview_changes"}}</button>
+						{{end}}
+					</div>
+					<button class="secondary button" id="editor-find" type="button">{{svg "octicon-search"}}<span class="text not-mobile">Search</span></button>
 				</div>
-				<div class="ui bottom attached active tab segment" data-tab="write">
+				<div class="ui bottom active tab segment" data-tab="write">
 					<textarea id="edit_area" name="content" class="tw-hidden" data-id="repo-{{.Repository.Name}}-{{.TreePath}}"
 						data-url="{{.Repository.Link}}/markup"
 						data-context="{{.RepoLink}}"
 						data-previewable-extensions="{{.PreviewableExtensions}}"
 						data-line-wrap-extensions="{{.LineWrapExtensions}}">{{.FileContent}}</textarea>
-					<div class="editor-loading is-loading"></div>
+					{{template "shared/codemirror_container" .}}
 				</div>
-				<div class="ui bottom attached tab segment markup" data-tab="preview">
+				<div class="ui bottom tab segment markup" data-tab="preview">
 					{{ctx.Locale.Tr "loading"}}
 				</div>
-				<div class="ui bottom attached tab segment diff edit-diff" data-tab="diff">
+				<div class="ui bottom tab segment diff edit-diff" data-tab="diff">
 					<div class="tw-p-16"></div>
 				</div>
 			</div>
diff --git a/templates/repo/editor/patch.tmpl b/templates/repo/editor/patch.tmpl
index 533877fcfa..1f13a1b69f 100644
--- a/templates/repo/editor/patch.tmpl
+++ b/templates/repo/editor/patch.tmpl
@@ -18,15 +18,18 @@
 				</div>
 			</div>
 			<div class="field">
-				<div class="ui top attached tabular menu" data-write="write">
-					<a class="active item" data-tab="write">{{svg "octicon-code" 16 "tw-mr-1"}}{{ctx.Locale.Tr "repo.editor.new_patch"}}</a>
+				<div id="editor-bar">
+					<div class="switch" data-write="write">
+						<button type="button" class="active item" data-tab="write">{{svg "octicon-code" 16 "tw-mr-1"}}{{ctx.Locale.Tr "repo.editor.new_patch"}}</button>
+					</div>
+					<button class="secondary button" id="editor-find" type="button">{{svg "octicon-search"}}<span class="text not-mobile">Search</span></button>
 				</div>
 				<div class="ui bottom attached active tab segment" data-tab="write">
 					<textarea id="edit_area" name="content" class="tw-hidden" data-id="repo-{{.Repository.Name}}-patch"
 						data-context="{{.RepoLink}}"
 						data-line-wrap-extensions="{{.LineWrapExtensions}}">
 {{.FileContent}}</textarea>
-					<div class="editor-loading is-loading"></div>
+					{{template "shared/codemirror_container" .}}
 				</div>
 			</div>
 			{{template "repo/editor/commit_form" .}}
diff --git a/templates/repo/settings/githook_edit.tmpl b/templates/repo/settings/githook_edit.tmpl
index 40f2907cf3..03b72a9fba 100644
--- a/templates/repo/settings/githook_edit.tmpl
+++ b/templates/repo/settings/githook_edit.tmpl
@@ -14,7 +14,7 @@
 					<div class="field">
 						<label for="content">{{ctx.Locale.Tr "repo.settings.githook_content"}}</label>
 						<textarea id="content" name="content" class="tw-hidden">{{if .IsActive}}{{.Content}}{{else}}{{.Sample}}{{end}}</textarea>
-						<div class="editor-loading is-loading"></div>
+						{{template "shared/codemirror_container" .}}
 					</div>
 					<div class="inline field">
 						<button class="ui primary button">{{ctx.Locale.Tr "repo.settings.update_githook"}}</button>
diff --git a/templates/shared/codemirror_container.tmpl b/templates/shared/codemirror_container.tmpl
new file mode 100644
index 0000000000..a640eb0ee0
--- /dev/null
+++ b/templates/shared/codemirror_container.tmpl
@@ -0,0 +1,11 @@
+<div class="codemirror-container"
+	data-search-text="{{ctx.Locale.Tr "editor.search"}}"
+	data-find-prev-text="{{ctx.Locale.Tr "editor.find_previous"}}"
+	data-find-next-text="{{ctx.Locale.Tr "editor.find_next"}}"
+	data-replace-text="{{ctx.Locale.Tr "editor.replace"}}"
+	data-replace-all-text="{{ctx.Locale.Tr "editor.replace_all"}}"
+	data-toggle-case-text="{{ctx.Locale.Tr "editor.toggle_case"}}"
+	data-toggle-regex-text="{{ctx.Locale.Tr "editor.toggle_regex"}}"
+	data-toggle-whole-word-text="{{ctx.Locale.Tr "editor.toggle_whole_word"}}">
+	<div class="editor-loading is-loading"></div>
+</div>
diff --git a/tests/e2e/codemirror.test.e2e.ts b/tests/e2e/codemirror.test.e2e.ts
new file mode 100644
index 0000000000..466b9f1fd3
--- /dev/null
+++ b/tests/e2e/codemirror.test.e2e.ts
@@ -0,0 +1,217 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// @watch start
+// templates/repo/editor/edit.tmpl
+// web_src/css/features/codeeditor.css
+// web_src/js/features/codeeditor.ts
+// web_src/js/features/codemirror*
+// web_src/js/features/repo-editor.js
+// web_src/js/features/repo-settings.js
+// @watch end
+
+import {expect, type Page} from '@playwright/test';
+import {test} from './utils_e2e.ts';
+
+test.use({user: 'user1'});
+
+async function enterFilename(page: Page, filename: string) {
+  const filenameInput = page.getByPlaceholder('Name your file…');
+  await filenameInput.fill(filename);
+}
+
+async function pressEnter(page: Page) {
+  // eslint-disable-next-line playwright/no-wait-for-timeout
+  await page.waitForTimeout(5);
+  await page.keyboard.press('Enter', {delay: 5});
+  // eslint-disable-next-line playwright/no-wait-for-timeout
+  await page.waitForTimeout(10);
+}
+
+async function type(page: Page, text: string) {
+  await page.keyboard.type(text, {delay: 10});
+}
+
+test('New file editor', async ({page}) => {
+  const response = await page.goto('/user2/repo1/_new/master', {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  await enterFilename(page, `f.txt`);
+
+  const editor = page.locator('.cm-content');
+  const backingTextArea = page.locator('#edit_area');
+
+  await editor.click();
+  await type(page, 'This');
+  await pressEnter(page);
+  await type(page, 'is');
+  await pressEnter(page);
+  await type(page, 'Frogejo!');
+
+  const expected = 'This\nis\nFrogejo!';
+  await expect(async () => {
+    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
+    expect(internal).toStrictEqual(expected);
+  }).toPass();
+  await expect(backingTextArea).toHaveValue(expected);
+});
+
+test('New file with autocomplete and indent', async ({page}) => {
+  const response = await page.goto('/user2/repo1/_new/master', {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  await enterFilename(page, 'f.html');
+
+  const editor = page.locator('.cm-content');
+  const backingTextArea = page.locator('#edit_area');
+
+  await expect(editor).toHaveAttribute('data-language', 'html', {timeout: 3000});
+
+  await editor.click();
+  await type(page, '<html>');
+  await pressEnter(page);
+  await type(page, '<hea');
+  await page.locator('.cm-tooltip-autocomplete').waitFor({state: 'visible'});
+  await pressEnter(page);
+  await type(page, '>');
+  await pressEnter(page);
+  await type(page, '<title>Frogejo is the future');
+
+  const expected = '<html>\n  <head>\n    <title>Frogejo is the future</title>\n  </head>\n</html>';
+  await expect(async () => {
+    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
+    expect(internal).toStrictEqual(expected);
+  }).toPass();
+  await expect(backingTextArea).toHaveValue(expected);
+});
+
+test('Preview for markdown file', async ({page}) => {
+  const response = await page.goto('/user2/repo1/_new/master?value=%23%20Frogejo', {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  await enterFilename(page, 'f.md');
+
+  const editor = page.locator('.cm-content');
+  const preview = page.locator('button[data-tab="preview"]');
+
+  await expect(editor).toHaveAttribute('data-language', 'markdown', {timeout: 3000});
+
+  await preview.click();
+  await expect(preview).toHaveClass(/(^|\s)active(\s|$)/);
+  await expect(page.getByRole('heading', {name: 'Frogejo'})).toBeVisible();
+});
+
+test('Set from query', async ({page}) => {
+  const response = await page.goto('/user2/repo1/_new/master?value=This\\nis\\\\nFrogejo!', {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  await expect(async () => {
+    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
+    expect(internal).toStrictEqual('This\nis\\nFrogejo!');
+  }).toPass();
+});
+
+test('Search in file', async ({page}) => {
+  const response = await page.goto('/user2/repo1/_new/master?value=This\\nis\\nFrogejo!\\nthIs', {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  const editor = page.locator('.cm-content');
+  const searchField = page.locator('.fj-search input[name="search"]');
+  const toggleCase = page.locator('label[for="search_case_sensitive"]');
+  const toggleRegex = page.locator('label[for="search_regexp"]');
+  const toggleByWord = page.locator('label[for="search_by_word"]');
+  const nextButton = page.locator('button[aria-label="Next find"]');
+
+  await expect(async () => {
+    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
+    expect(internal).toStrictEqual('This\nis\nFrogejo!\nthIs');
+  }).toPass();
+
+  await editor.click();
+
+  // Open search
+  await page.keyboard.press('ControlOrMeta+F', {delay: 5});
+  await expect(searchField).toBeFocused();
+
+  const searchResults = editor.locator('.cm-line > .cm-searchMatch');
+  await expect(searchResults).toHaveCount(0);
+
+  await searchField.pressSequentially('Is');
+  await expect(searchResults).toHaveCount(3);
+
+  await expect(editor.locator('div:nth-child(1)')).not.toHaveClass(/(^|\s)cm-activeLine(\s|$)/);
+  await expect(editor.locator('div:nth-child(2)')).not.toHaveClass(/(^|\s)cm-activeLine(\s|$)/);
+  await nextButton.click();
+  await expect(editor.locator('div:nth-child(1)')).toHaveClass(/(^|\s)cm-activeLine(\s|$)/);
+  await expect(editor.locator('div:nth-child(2)')).not.toHaveClass(/(^|\s)cm-activeLine(\s|$)/);
+  await nextButton.click();
+  await expect(editor.locator('div:nth-child(1)')).not.toHaveClass(/(^|\s)cm-activeLine(\s|$)/);
+  await expect(editor.locator('div:nth-child(2)')).toHaveClass(/(^|\s)cm-activeLine(\s|$)/);
+
+  await toggleByWord.click();
+  await expect(searchResults).toHaveCount(1);
+
+  await toggleCase.click();
+  await expect(searchResults).toHaveCount(0);
+
+  await toggleByWord.click();
+  await expect(searchResults).toHaveCount(1);
+
+  await toggleRegex.click();
+  await expect(searchResults).toHaveCount(1);
+
+  await toggleCase.click();
+  await searchField.clear();
+  await expect(searchResults).toHaveCount(0);
+
+  await searchField.pressSequentially('^is$');
+  await expect(searchResults).toHaveCount(1);
+
+  await page.locator('#editor-find').click();
+  await expect(searchResults).toHaveCount(0);
+  await expect(searchField).toHaveCount(0);
+});
+
+test('Replace in file', async ({page}) => {
+  const response = await page.goto('/user2/repo1/_new/master?value=This\\nis\\nFrogejo!\\nthIs', {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  const editor = page.locator('.cm-content');
+  const searchField = page.locator('.fj-search input[name="search"]');
+  const replaceField = page.locator('.fj-search input[name="replace"]');
+
+  await expect(async () => {
+    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
+    expect(internal).toStrictEqual('This\nis\nFrogejo!\nthIs');
+  }).toPass();
+
+  await editor.click();
+
+  // Open search
+  await page.locator('#editor-find').click();
+  await expect(searchField).toBeFocused();
+
+  await searchField.pressSequentially('Is');
+  await replaceField.pressSequentially('Blub');
+
+  await page.getByRole('button', {name: 'Replace all'}).click();
+
+  await expect(async () => {
+    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
+    expect(internal).toStrictEqual('ThBlub\nBlub\nFrogejo!\nthBlub');
+  }).toPass();
+});
+
+test('Do not open search if search button not available', async ({page}) => {
+  const response = await page.goto('/user2/repo1/settings/hooks/git/pre-receive', {waitUntil: 'domcontentloaded'});
+  expect(response?.status()).toBe(200);
+
+  const editor = page.locator('.cm-content');
+  const searchField = page.locator('.fj-search input[name="search"]');
+
+  await expect(page.locator('#editor-find')).toHaveCount(0);
+  await editor.click();
+
+  await page.keyboard.press('ControlOrMeta+F', {delay: 5});
+  await expect(searchField).toHaveCount(0);
+});
diff --git a/tests/e2e/e2e_test.go b/tests/e2e/e2e_test.go
index 975768ff73..34bedf9dc8 100644
--- a/tests/e2e/e2e_test.go
+++ b/tests/e2e/e2e_test.go
@@ -103,14 +103,17 @@ func TestE2e(t *testing.T) {
 		}
 
 		t.Run(testname, func(t *testing.T) {
-			if testname == "user-settings.test.e2e" {
-				defer test.MockVariableValue(&setting.Quota.Enabled, true)()
-				defer test.MockVariableValue(&testE2eWebRoutes, routers.NormalRoutes())()
-			}
 			if testname == "buttons.test.e2e" || testname == "dropdown.test.e2e" || testname == "modal.test.e2e" {
 				defer test.MockVariableValue(&setting.IsProd, false)()
 				defer test.MockVariableValue(&testE2eWebRoutes, routers.NormalRoutes())()
 			}
+			if testname == "codemirror.test.e2e" {
+				defer test.MockVariableValue(&setting.DisableGitHooks, false)()
+			}
+			if testname == "user-settings.test.e2e" {
+				defer test.MockVariableValue(&setting.Quota.Enabled, true)()
+				defer test.MockVariableValue(&testE2eWebRoutes, routers.NormalRoutes())()
+			}
 
 			// Default 2 minute timeout
 			onForgejoRun(t, func(*testing.T, *url.URL) {
diff --git a/tests/e2e/image-diff.test.e2e.ts b/tests/e2e/image-diff.test.e2e.ts
index 273564fcb3..2e66b7ad3a 100644
--- a/tests/e2e/image-diff.test.e2e.ts
+++ b/tests/e2e/image-diff.test.e2e.ts
@@ -19,7 +19,7 @@ test('Repository image diff', async ({page}) => {
   const filename = `${dynamic_id()}.svg`;
 
   await page.getByPlaceholder('Name your file…').fill(filename);
-  await page.locator('.monaco-editor').click();
+  await page.locator('.cm-content').click();
   await page.keyboard.type('<svg version="1.1" width="300" height="200" xmlns="http://www.w3.org/2000/svg"><circle cx="150" cy="100" r="80" fill="green" /></svg>\n');
 
   await page.locator('.quick-pull-choice input[value="direct"]').click();
@@ -28,7 +28,7 @@ test('Repository image diff', async ({page}) => {
   response = await page.goto(`/user2/repo1/_edit/master/${filename}`, {waitUntil: 'domcontentloaded'});
   expect(response?.status()).toBe(200);
 
-  await page.locator('.monaco-editor').click();
+  await page.locator('.cm-content').click();
   await page.keyboard.press('Meta+KeyA');
   await page.keyboard.type('<svg version="1.1" width="300" height="200" xmlns="http://www.w3.org/2000/svg"><circle cx="150" cy="100" r="80" fill="red" /></svg>\n');
 
diff --git a/tests/e2e/markdown-editor.test.e2e.ts b/tests/e2e/markdown-editor.test.e2e.ts
index e2c2f36ed1..cc8a7be2d1 100644
--- a/tests/e2e/markdown-editor.test.e2e.ts
+++ b/tests/e2e/markdown-editor.test.e2e.ts
@@ -23,16 +23,15 @@ test('Markdown image preview behaviour', async ({page}) => {
   // Click 'Edit file' tab
   await page.locator('[data-tooltip-content="Edit file"]').click();
 
-  // This yields the monaco editor
-  const editor = page.getByRole('presentation').nth(0);
-  await editor.click();
+  // This yields the codemirror editor
+  await page.locator('.cm-content').click();
   // Clear all the content
   await page.keyboard.press('ControlOrMeta+KeyA');
   // Add the image
   await page.keyboard.type('![Logo of Forgejo](./assets/logo.svg "Logo of Forgejo")');
 
   // Click 'Preview' tab
-  await page.locator('a[data-tab="preview"]').click();
+  await page.locator('button[data-tab="preview"]').click();
 
   // Check for the image preview via the expected attribute
   const preview = page.locator('div[data-tab="preview"] p[dir="auto"] a');
diff --git a/tests/e2e/modal.test.e2e.ts b/tests/e2e/modal.test.e2e.ts
index 688943ee9d..4451b2543d 100644
--- a/tests/e2e/modal.test.e2e.ts
+++ b/tests/e2e/modal.test.e2e.ts
@@ -23,7 +23,7 @@ test('Dialog modal', async ({page}) => {
   const filename = `${dynamic_id()}.md`;
 
   await page.getByPlaceholder('Name your file…').fill(filename);
-  await page.locator('.monaco-editor').click();
+  await page.locator('.cm-content').click();
   await page.keyboard.type('Hi, nice to meet you. Can I talk about ');
 
   await page.locator('.quick-pull-choice input[value="direct"]').click();
@@ -32,7 +32,7 @@ test('Dialog modal', async ({page}) => {
   response = await page.goto(`/user2/repo1/_edit/master/${filename}`, {waitUntil: 'domcontentloaded'});
   expect(response?.status()).toBe(200);
 
-  await page.locator('.monaco-editor-container').click();
+  await page.locator('.cm-content').click();
   await page.keyboard.press('ControlOrMeta+A');
   await page.keyboard.press('Backspace');
 
diff --git a/tests/e2e/repo-new.test.e2e.ts b/tests/e2e/repo-new.test.e2e.ts
index 85bcf1b273..1614518f33 100644
--- a/tests/e2e/repo-new.test.e2e.ts
+++ b/tests/e2e/repo-new.test.e2e.ts
@@ -81,7 +81,7 @@ test('New repo: initialize later', async ({page}) => {
   // Otherwise, filling the filename might not populate the tree_path form field or preview tab
   // The editor has race conditions, likely related to https://codeberg.org/forgejo/forgejo/issues/3371
   await expect(page.locator('.is-loading')).toBeHidden();
-  await page.locator('.view-lines').click();
+  await page.locator('.cm-content').click();
   await page.keyboard.type('# Heading\n\nHello Forgejo!');
   await page.getByPlaceholder('Name your file…').fill('README.md');
   await expect(page.getByText('Preview')).toBeVisible();
diff --git a/tsconfig.json b/tsconfig.json
index 88130812fe..fbc5a35699 100644
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -25,6 +25,6 @@
     "noUnusedLocals": true,
     "noUnusedParameters": true,
     "noPropertyAccessFromIndexSignature": false,
-    "exactOptionalPropertyTypes": false,
+    "exactOptionalPropertyTypes": false
   }
 }
diff --git a/vitest.config.ts b/vitest.config.ts
index 7da67ead4c..08f1643b22 100644
--- a/vitest.config.ts
+++ b/vitest.config.ts
@@ -1,7 +1,6 @@
 import {defineConfig} from 'vitest/config';
 import vuePlugin from '@vitejs/plugin-vue';
 import {stringPlugin} from 'vite-string-plugin';
-import {resolve} from 'node:path';
 
 export default defineConfig({
   test: {
@@ -15,9 +14,6 @@ export default defineConfig({
     globals: true,
     watch: false,
     mockReset: true,
-    alias: {
-      'monaco-editor': resolve(import.meta.dirname, '/node_modules/monaco-editor/esm/vs/editor/editor.api'),
-    },
   },
   plugins: [
     stringPlugin(),
diff --git a/web_src/css/features/codeeditor.css b/web_src/css/features/codeeditor.css
index 34a104c833..afa6637654 100644
--- a/web_src/css/features/codeeditor.css
+++ b/web_src/css/features/codeeditor.css
@@ -1,48 +1,103 @@
-.monaco-editor-container,
 .editor-loading.is-loading {
-  width: 100%;
-  min-height: 200px;
-  height: 90vh;
+  height: 200px;
 }
 
-.edit.githook .monaco-editor-container {
+.edit.githook .codemirror-container {
   border: 1px solid var(--color-secondary);
-  height: 70vh;
 }
 
-/* overwrite conflicting styles from fomantic */
-.monaco-editor-container .inputarea {
-  min-height: 0 !important;
-  margin: 0 !important;
-  padding: 0 !important;
-  resize: none !important;
-  border: none !important;
-  color: transparent !important;
-  background-color: transparent !important;
+#editor-bar {
+  display: flex;
+  justify-content: space-between;
+  margin-bottom: 1rem;
 }
 
-/* these seem unthemeable */
-.monaco-scrollable-element > .scrollbar > .slider {
-  background: var(--color-primary) !important;
-}
-.monaco-scrollable-element > .scrollbar > .slider:hover {
-  background: var(--color-primary-dark-1) !important;
-}
-.monaco-scrollable-element > .scrollbar > .slider:active {
-  background: var(--color-primary-dark-2) !important;
+@media (max-width: 768px) {
+  #editor-bar {
+    gap: var(--button-spacing);
+    .switch {
+      overflow-x: scroll;
+    }
+  }
 }
 
-/* fomantic styles destroy this element only visible on IOS, restore it */
-.monaco-editor .iPadShowKeyboard {
-  border: none !important;
-  width: 58px !important;
-  min-width: 0 !important;
-  height: 36px !important;
-  min-height: 0 !important;
-  margin: 0 !important;
-  padding: 0 !important;
-  position: absolute !important;
-  resize: none !important;
-  overflow: hidden !important;
-  border-radius: var(--border-radius-medium) !important;
+.cm-panel.fj-search {
+  position: absolute;
+  top: 0;
+  right: 0;
+  background-color: var(--color-body);
+  box-shadow: 0 6px 18px var(--color-shadow);
+  border-radius: 0.3rem;
+  display: flex;
+  flex-direction: column;
+  gap: 1rem;
+
+  .search-input-group {
+    align-items: center;
+    background: var(--color-input-background);
+    border: 1px solid var(--color-input-border);
+    border-radius: 0.3rem;
+    display: inline-flex;
+    width: 100%;
+
+    &:focus-within {
+      border-color: var(--color-primary);
+    }
+
+    input {
+      background: none !important;
+      box-shadow: none !important;
+      border-color: transparent !important;
+    }
+
+    label {
+      display: inline-flex;
+      align-items: center;
+      justify-content: center;
+      background-color: var(--color-secondary-bg);
+      border-radius: 50%;
+      padding: 6px 12px;
+      height: 2em;
+      width: 2em;
+      font-size: 80%;
+      white-space: pre;
+      user-select: none;
+
+      &:hover {
+        background-color: var(--color-label-hover-bg);
+      }
+
+      &.focused {
+        box-shadow:
+          inset 0 1px 1px rgb(0 0 0 / 8%),
+          0 0 8px var(--color-accent);
+      }
+
+      &.active {
+        background-color: var(--color-accent);
+      }
+    }
+  }
+
+  .search-hidden-inputs {
+    position: absolute;
+    width: 1px;
+    height: 1px;
+    margin: -1px;
+    overflow: hidden;
+    clip-path: inset(50%);
+  }
+
+  .search-section,
+  .replace-section {
+    display: flex;
+    gap: var(--button-spacing);
+  }
+}
+
+@media screen and (max-width: 786px) {
+  .cm-panel.fj-search {
+    position: sticky;
+    box-shadow: none;
+  }
 }
diff --git a/web_src/js/bootstrap.js b/web_src/js/bootstrap.js
index c707979c48..924285cf8c 100644
--- a/web_src/js/bootstrap.js
+++ b/web_src/js/bootstrap.js
@@ -14,28 +14,13 @@ function shouldIgnoreError(err) {
   // If the error stack trace does not include the base URL of our script assets, it likely came
   // from a browser extension or inline script. Ignore these errors.
   if (!err.stack?.includes(assetBaseUrl)) return true;
-  // Ignore some known internal errors that we are unable to currently fix (eg via Monaco).
-  const ignorePatterns = [
-    '/assets/js/monaco.', // https://codeberg.org/forgejo/forgejo/issues/3638 , https://github.com/go-gitea/gitea/issues/30861 , https://github.com/microsoft/monaco-editor/issues/4496
-  ];
-  for (const pattern of ignorePatterns) {
-    if (err.stack?.includes(pattern)) return true;
-  }
   return false;
 }
 
-const filteredErrors = new Set([
-  'getModifierState is not a function', // https://github.com/microsoft/monaco-editor/issues/4325
-]);
-
 export function showGlobalErrorMessage(msg) {
   const pageContent = document.querySelector('.page-content');
   if (!pageContent) return;
 
-  for (const filteredError of filteredErrors) {
-    if (msg.includes(filteredError)) return;
-  }
-
   // compact the message to a data attribute to avoid too many duplicated messages
   const msgCompact = msg.replace(/\W/g, '').trim();
   let msgDiv = pageContent.querySelector(`.js-global-error[data-global-error-msg-compact="${msgCompact}"]`);
diff --git a/web_src/js/features/codeeditor.js b/web_src/js/features/codeeditor.js
deleted file mode 100644
index 07a686f459..0000000000
--- a/web_src/js/features/codeeditor.js
+++ /dev/null
@@ -1,191 +0,0 @@
-import tinycolor from 'tinycolor2';
-import {basename, extname, isObject, isDarkTheme} from '../utils.js';
-import {onInputDebounce} from '../utils/dom.js';
-
-const languagesByFilename = {};
-const languagesByExt = {};
-
-const baseOptions = {
-  fontFamily: 'var(--fonts-monospace)',
-  fontSize: 14, // https://github.com/microsoft/monaco-editor/issues/2242
-  guides: {bracketPairs: false, indentation: false},
-  links: false,
-  minimap: {enabled: false},
-  occurrencesHighlight: 'off',
-  overviewRulerLanes: 0,
-  renderLineHighlight: 'all',
-  renderLineHighlightOnlyWhenFocus: true,
-  rulers: false,
-  scrollbar: {horizontalScrollbarSize: 6, verticalScrollbarSize: 6},
-  scrollBeyondLastLine: false,
-  automaticLayout: true,
-};
-
-function getEditorconfig(input) {
-  try {
-    return JSON.parse(input.getAttribute('data-editorconfig'));
-  } catch {
-    return null;
-  }
-}
-
-function initLanguages(monaco) {
-  for (const {filenames, extensions, id} of monaco.languages.getLanguages()) {
-    for (const filename of filenames || []) {
-      languagesByFilename[filename] = id;
-    }
-    for (const extension of extensions || []) {
-      languagesByExt[extension] = id;
-    }
-  }
-}
-
-function getLanguage(filename) {
-  return languagesByFilename[filename] || languagesByExt[extname(filename)] || 'plaintext';
-}
-
-function updateEditor(monaco, editor, filename, lineWrapExts) {
-  editor.updateOptions(getFileBasedOptions(filename, lineWrapExts));
-  const model = editor.getModel();
-  const language = model.getLanguageId();
-  const newLanguage = getLanguage(filename);
-  if (language !== newLanguage) monaco.editor.setModelLanguage(model, newLanguage);
-}
-
-// export editor for customization - https://github.com/go-gitea/gitea/issues/10409
-function exportEditor(editor) {
-  if (!window.codeEditors) window.codeEditors = [];
-  if (!window.codeEditors.includes(editor)) window.codeEditors.push(editor);
-}
-
-export async function createMonaco(textarea, filename, editorOpts) {
-  const monaco = await import(/* webpackChunkName: "monaco" */'monaco-editor');
-
-  initLanguages(monaco);
-  let {language, ...other} = editorOpts;
-  if (!language) language = getLanguage(filename);
-
-  const container = document.createElement('div');
-  container.className = 'monaco-editor-container';
-  textarea.parentNode.append(container);
-
-  // https://github.com/microsoft/monaco-editor/issues/2427
-  // also, monaco can only parse 6-digit hex colors, so we convert the colors to that format
-  const styles = window.getComputedStyle(document.documentElement);
-  const getColor = (name) => tinycolor(styles.getPropertyValue(name).trim()).toString('hex6');
-
-  monaco.editor.defineTheme('gitea', {
-    base: isDarkTheme() ? 'vs-dark' : 'vs',
-    inherit: true,
-    rules: [
-      {
-        background: getColor('--color-code-bg'),
-      },
-    ],
-    colors: {
-      'editor.background': getColor('--color-code-bg'),
-      'editor.foreground': getColor('--color-text'),
-      'editor.inactiveSelectionBackground': getColor('--color-primary-light-4'),
-      'editor.lineHighlightBackground': getColor('--color-editor-line-highlight'),
-      'editor.selectionBackground': getColor('--color-primary-light-3'),
-      'editor.selectionForeground': getColor('--color-primary-light-3'),
-      'editorLineNumber.background': getColor('--color-code-bg'),
-      'editorLineNumber.foreground': getColor('--color-secondary-dark-6'),
-      'editorWidget.background': getColor('--color-body'),
-      'editorWidget.border': getColor('--color-secondary'),
-      'input.background': getColor('--color-input-background'),
-      'input.border': getColor('--color-input-border'),
-      'input.foreground': getColor('--color-input-text'),
-      'scrollbar.shadow': getColor('--color-shadow'),
-      'progressBar.background': getColor('--color-primary'),
-    },
-  });
-
-  const editor = monaco.editor.create(container, {
-    value: textarea.value,
-    theme: 'gitea',
-    language,
-    ...other,
-  });
-
-  monaco.editor.addKeybindingRules([
-    {keybinding: monaco.KeyCode.Enter, command: null}, // disable enter from accepting code completion
-  ]);
-
-  const model = editor.getModel();
-  model.onDidChangeContent(() => {
-    textarea.value = editor.getValue({preserveBOM: true});
-    textarea.dispatchEvent(new Event('change')); // seems to be needed for jquery-are-you-sure
-  });
-
-  exportEditor(editor);
-
-  const loading = document.querySelector('.editor-loading');
-  if (loading) loading.remove();
-
-  return {monaco, editor};
-}
-
-function getFileBasedOptions(filename, lineWrapExts) {
-  return {
-    wordWrap: (lineWrapExts || []).includes(extname(filename)) ? 'on' : 'off',
-  };
-}
-
-function togglePreviewDisplay(previewable) {
-  const previewTab = document.querySelector('a[data-tab="preview"]');
-  if (!previewTab) return;
-
-  if (previewable) {
-    const newUrl = (previewTab.getAttribute('data-url') || '').replace(/(.*)\/.*/, `$1/markup`);
-    previewTab.setAttribute('data-url', newUrl);
-    previewTab.style.display = '';
-  } else {
-    previewTab.style.display = 'none';
-    // If the "preview" tab was active, user changes the filename to a non-previewable one,
-    // then the "preview" tab becomes inactive (hidden), so the "write" tab should become active
-    if (previewTab.classList.contains('active')) {
-      const writeTab = document.querySelector('a[data-tab="write"]');
-      writeTab.click();
-    }
-  }
-}
-
-export async function createCodeEditor(textarea, filenameInput) {
-  const filename = basename(filenameInput.value);
-  const previewableExts = new Set((textarea.getAttribute('data-previewable-extensions') || '').split(','));
-  const lineWrapExts = (textarea.getAttribute('data-line-wrap-extensions') || '').split(',');
-  const previewable = previewableExts.has(extname(filename));
-  const editorConfig = getEditorconfig(filenameInput);
-
-  togglePreviewDisplay(previewable);
-
-  const {monaco, editor} = await createMonaco(textarea, filename, {
-    ...baseOptions,
-    ...getFileBasedOptions(filenameInput.value, lineWrapExts),
-    ...getEditorConfigOptions(editorConfig),
-  });
-
-  filenameInput.addEventListener('input', onInputDebounce(() => {
-    const filename = filenameInput.value;
-    const previewable = previewableExts.has(extname(filename));
-    togglePreviewDisplay(previewable);
-    updateEditor(monaco, editor, filename, lineWrapExts);
-  }));
-
-  return editor;
-}
-
-function getEditorConfigOptions(ec) {
-  if (!isObject(ec)) return {};
-
-  const opts = {};
-  opts.detectIndentation = !('indent_style' in ec) || !('indent_size' in ec);
-  if ('indent_size' in ec) opts.indentSize = Number(ec.indent_size);
-  if ('tab_width' in ec) opts.tabSize = Number(ec.tab_width) || opts.indentSize;
-  if ('max_line_length' in ec) opts.rulers = [Number(ec.max_line_length)];
-  opts.trimAutoWhitespace = ec.trim_trailing_whitespace === true;
-  opts.insertSpaces = ec.indent_style === 'space';
-  opts.useTabStops = ec.indent_style === 'tab';
-  return opts;
-}
diff --git a/web_src/js/features/codeeditor.ts b/web_src/js/features/codeeditor.ts
new file mode 100644
index 0000000000..0809c5c701
--- /dev/null
+++ b/web_src/js/features/codeeditor.ts
@@ -0,0 +1,124 @@
+import {basename, extname} from '../utils.js';
+import {hideElem, onInputDebounce, showElem} from '../utils/dom.js';
+import {createCodemirror, type CodemirrorEditor, type EditorOptions} from './codemirror.ts';
+import {EditorView} from '@codemirror/view';
+import type {LanguageSupport} from '@codemirror/language';
+
+interface EditorConfig {
+  indent_style: string;
+  indent_size: string;
+}
+
+export class SettableEditorView extends EditorView {
+  public setValue(value: string) {
+    // Replace \n with the actual newline character and unescape escaped \n
+    value = value.replaceAll(/(?<!\\)\\n/g, '\n').replaceAll(/\\\\n/g, '\\n');
+    this.dispatch({changes: {from: 0, to: this.state.doc.length, insert: value}});
+  }
+}
+
+function getEditorconfig(input: HTMLInputElement): null | EditorConfig {
+  try {
+    return JSON.parse(input.getAttribute('data-editorconfig'));
+  } catch {
+    return null;
+  }
+}
+
+async function updateEditor(editor: CodemirrorEditor, filename: string, lineWrapExts: string[]) {
+  const fileOption = getFileBasedOptions(filename, lineWrapExts);
+  editor.view.dispatch({
+    effects: editor.compartments.wordWrap.reconfigure(fileOption.wordWrap ? editor.codemirrorView.EditorView.lineWrapping : []),
+  });
+
+  const currentLanguage = editor.compartments.language.get(editor.view.state) as Array<unknown> | LanguageSupport;
+  const newLanguage = editor.codemirrorLanguage.LanguageDescription.matchFilename(editor.languages, filename);
+  if (!currentLanguage || (currentLanguage as Array<unknown>).length === 0 || !newLanguage || (currentLanguage as LanguageSupport).language.name.toLowerCase() !== newLanguage.name.toLowerCase()) {
+    editor.view.dispatch({
+      effects: editor.compartments.language.reconfigure(newLanguage ? await newLanguage.load() : []),
+    });
+  }
+}
+
+function getFileBasedOptions(filename: string, lineWrapExts: string[]): Pick<EditorOptions, 'wordWrap'> {
+  return {
+    wordWrap: (lineWrapExts || []).includes(extname(filename)),
+  };
+}
+
+function togglePreviewDisplay(previewable: boolean) {
+  const previewTab = document.querySelector('.item[data-tab="preview"]') as HTMLAnchorElement;
+  if (!previewTab) return;
+
+  if (previewable) {
+    const newUrl = (previewTab.getAttribute('data-url') || '').replace(/(.*)\/.*/, `$1/markup`);
+    previewTab.setAttribute('data-url', newUrl);
+    previewTab.style.display = '';
+  } else {
+    previewTab.style.display = 'none';
+    // If the "preview" tab was active, user changes the filename to a non-previewable one,
+    // then the "preview" tab becomes inactive (hidden), so the "write" tab should become active
+    if (previewTab.classList.contains('active')) {
+      const writeTab = document.querySelector('.item[data-tab="write"]') as HTMLAnchorElement;
+      writeTab.click();
+    }
+  }
+}
+
+export async function createCodeEditor(textarea: HTMLTextAreaElement, filenameInput: HTMLInputElement): Promise<SettableEditorView> {
+  const filename = basename(filenameInput.value);
+  const previewableExts = new Set((textarea.getAttribute('data-previewable-extensions') || '').split(','));
+  const lineWrapExts = (textarea.getAttribute('data-line-wrap-extensions') || '').split(',');
+  const previewable = previewableExts.has(extname(filename));
+  const editorConfig = getEditorconfig(filenameInput);
+
+  togglePreviewDisplay(previewable);
+
+  const editor = await createCodemirror(textarea, filename, {
+    ...getFileBasedOptions(filenameInput.value, lineWrapExts),
+    ...getEditorConfigOptions(editorConfig),
+  });
+
+  filenameInput.addEventListener('input', onInputDebounce(async () => {
+    const filename = filenameInput.value;
+    const previewable = previewableExts.has(extname(filename));
+    togglePreviewDisplay(previewable);
+    await updateEditor(editor, filename, lineWrapExts);
+  }));
+
+  const searchButton = document.querySelector('#editor-find');
+  searchButton.addEventListener('click', () => {
+    const search = editor.codemirrorSearch;
+    const view = editor.view;
+
+    if (search.searchPanelOpen(view.state)) {
+      search.closeSearchPanel(view);
+    } else {
+      search.openSearchPanel(view);
+    }
+  });
+
+  const writeTab = document.querySelector('#editor-bar .switch .item[data-tab="write"]');
+  document.querySelector('#editor-bar .switch').addEventListener('click', () => {
+    if (writeTab.classList.contains('active')) {
+      showElem(searchButton);
+    } else {
+      hideElem(searchButton);
+    }
+  });
+
+  return Object.setPrototypeOf(editor.view, SettableEditorView.prototype);
+}
+
+function getEditorConfigOptions(ec: null | EditorConfig): Pick<EditorOptions, 'indentSize' | 'tabSize' | 'indentStyle'> {
+  if (ec === null) {
+    return {indentStyle: 'space'};
+  }
+
+  const opts: ReturnType<typeof getEditorConfigOptions> = {
+    indentStyle: ec.indent_style,
+  };
+  if ('indent_size' in ec) opts.indentSize = Number(ec.indent_size);
+  if ('tab_width' in ec) opts.tabSize = Number(ec.tab_width) || opts.indentSize;
+  return opts;
+}
diff --git a/web_src/js/features/codemirror-lang.ts b/web_src/js/features/codemirror-lang.ts
new file mode 100644
index 0000000000..729f617a3e
--- /dev/null
+++ b/web_src/js/features/codemirror-lang.ts
@@ -0,0 +1,161 @@
+import type {LanguageDescription} from '@codemirror/language';
+
+export function languages(codemirrorLanguage: CodeMirrorLanguage): LanguageDescription[] {
+  return [
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'C',
+      extensions: ['c', 'h', 'ino'],
+      async load() {
+        return (await import('@codemirror/lang-cpp')).cpp();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'C++',
+      alias: ['cpp'],
+      extensions: ['cpp', 'c++', 'cc', 'cxx', 'hpp', 'h++', 'hh', 'hxx'],
+      async load() {
+        return (await import('@codemirror/lang-cpp')).cpp();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'CSS',
+      extensions: ['css'],
+      async load() {
+        return (await import('@codemirror/lang-css')).css();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'Go',
+      extensions: ['go'],
+      async load() {
+        return (await import('@codemirror/lang-go')).go();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'HTML',
+      alias: ['xhtml'],
+      extensions: ['html', 'htm', 'handlebars', 'hbs'],
+      async load() {
+        return (await import('@codemirror/lang-html')).html();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'Java',
+      extensions: ['java'],
+      async load() {
+        return (await import('@codemirror/lang-java')).java();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'JavaScript',
+      alias: ['ecmascript', 'js', 'node'],
+      extensions: ['js', 'mjs', 'cjs'],
+      async load() {
+        return (await import('@codemirror/lang-javascript')).javascript();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'JSON',
+      alias: ['json5'],
+      extensions: ['json', 'map'],
+      async load() {
+        return (await import('@codemirror/lang-json')).json();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'JSX',
+      extensions: ['jsx'],
+      async load() {
+        return (await import('@codemirror/lang-javascript')).javascript({jsx: true});
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'LESS',
+      extensions: ['less'],
+      async load() {
+        return (await import('@codemirror/lang-less')).less();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'Liquid',
+      extensions: ['liquid'],
+      async load() {
+        return (await import('@codemirror/lang-liquid')).liquid();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'Markdown',
+      extensions: ['md', 'markdown', 'mkd'],
+      async load() {
+        return (await import('@codemirror/lang-markdown')).markdown();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'PHP',
+      extensions: ['php', 'php3', 'php4', 'php5', 'php7', 'phtml'],
+      async load() {
+        return (await import('@codemirror/lang-php')).php();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'Python',
+      extensions: ['BUILD', 'bzl', 'py', 'pyw'],
+      filename: /^(BUCK|BUILD)$/,
+      async load() {
+        return (await import('@codemirror/lang-python')).python();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'Rust',
+      extensions: ['rs'],
+      async load() {
+        return (await import('@codemirror/lang-rust')).rust();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'Sass',
+      extensions: ['sass'],
+      async load() {
+        return (await import('@codemirror/lang-sass')).sass({indented: true});
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'SCSS',
+      extensions: ['scss'],
+      async load() {
+        return (await import('@codemirror/lang-sass')).sass();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'TSX',
+      extensions: ['tsx'],
+      async load() {
+        return (await import('@codemirror/lang-javascript')).javascript({jsx: true, typescript: true});
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'TypeScript',
+      alias: ['ts'],
+      extensions: ['ts', 'mts', 'cts'],
+      async load() {
+        return (await import('@codemirror/lang-javascript')).javascript({typescript: true});
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'XML',
+      alias: ['rss', 'wsdl', 'xsd'],
+      extensions: ['xml', 'xsl', 'xsd', 'svg'],
+      async load() {
+        return (await import('@codemirror/lang-xml')).xml();
+      },
+    }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'YAML',
+      alias: ['yml'],
+      extensions: ['yaml', 'yml'],
+      async load() {
+        return (await import('@codemirror/lang-yaml')).yaml();
+      },
+    }),
+  ];
+}
diff --git a/web_src/js/features/codemirror-search.ts b/web_src/js/features/codemirror-search.ts
new file mode 100644
index 0000000000..d94b408009
--- /dev/null
+++ b/web_src/js/features/codemirror-search.ts
@@ -0,0 +1,240 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+import type {SearchQuery} from '@codemirror/search';
+import type {EditorView, Panel, ViewUpdate} from '@codemirror/view';
+import {svg} from '../svg.js';
+
+class SearchPanel implements Panel {
+  searchField: HTMLInputElement;
+  replaceField: HTMLInputElement;
+  caseField: HTMLInputElement;
+  caseLabel: HTMLLabelElement;
+  reField: HTMLInputElement;
+  reLabel: HTMLLabelElement;
+  wordField: HTMLInputElement;
+  wordLabel: HTMLLabelElement;
+  dom: HTMLElement;
+  query: SearchQuery;
+  search: CodeMirrorSearch;
+
+  constructor(readonly codemirrorSearch: CodeMirrorSearch, readonly view: EditorView) {
+    this.search = codemirrorSearch;
+
+    const container = view.dom.parentElement;
+
+    const query = (this.query = this.search.getSearchQuery(view.state));
+    this.commit = this.commit.bind(this);
+
+    this.searchField = document.createElement('input');
+    this.searchField.value = query.search;
+    this.searchField.name = 'search';
+    const searchText = container.getAttribute('data-search-text');
+    this.searchField.placeholder = searchText;
+    this.searchField.ariaLabel = searchText;
+    this.searchField.classList.add('cm-textfield');
+    this.searchField.setAttribute('main-field', 'true');
+    this.searchField.addEventListener('keyup', this.commit);
+    this.searchField.addEventListener('change', this.commit);
+
+    this.caseField = document.createElement('input');
+    this.caseField.checked = query.caseSensitive;
+    this.caseField.type = 'checkbox';
+    this.caseField.name = 'case_sensitive';
+    this.caseField.id = 'search_case_sensitive';
+    this.caseField.addEventListener('change', this.commit);
+    this.caseField.addEventListener('focus', () => this.updateLabels());
+    this.caseField.addEventListener('blur', () => this.updateLabels());
+
+    this.caseLabel = document.createElement('label');
+    this.caseLabel.setAttribute('for', 'search_case_sensitive');
+    const caseText = container.getAttribute('data-toggle-case-text');
+    this.caseLabel.ariaLabel = caseText;
+    this.caseLabel.setAttribute('data-tooltip-content', caseText);
+    this.caseLabel.textContent = 'aA';
+
+    this.reField = document.createElement('input');
+    this.reField.checked = query.regexp;
+    this.reField.type = 'checkbox';
+    this.reField.name = 'regexp';
+    this.reField.id = 'search_regexp';
+    this.reField.addEventListener('change', this.commit);
+    this.reField.addEventListener('focus', () => this.updateLabels());
+    this.reField.addEventListener('blur', () => this.updateLabels());
+
+    this.reLabel = document.createElement('label');
+    this.reLabel.setAttribute('for', 'search_regexp');
+    const reText = container.getAttribute('data-toggle-regex-text');
+    this.reLabel.ariaLabel = reText;
+    this.reLabel.setAttribute('data-tooltip-content', reText);
+    this.reLabel.textContent = '[.+]';
+
+    this.wordField = document.createElement('input');
+    this.wordField.checked = query.wholeWord;
+    this.wordField.type = 'checkbox';
+    this.wordField.name = 'by_word';
+    this.wordField.id = 'search_by_word';
+    this.wordField.addEventListener('change', this.commit);
+    this.wordField.addEventListener('focus', () => this.updateLabels());
+    this.wordField.addEventListener('blur', () => this.updateLabels());
+
+    this.wordLabel = document.createElement('label');
+    this.wordLabel.setAttribute('for', 'search_by_word');
+    const wholeWordText = container.getAttribute('data-toggle-whole-word-text');
+    this.wordLabel.ariaLabel = wholeWordText;
+    this.wordLabel.setAttribute('data-tooltip-content', wholeWordText);
+    this.wordLabel.textContent = 'W';
+
+    this.updateLabels();
+
+    const searchFieldContainer = document.createElement('span');
+    searchFieldContainer.classList.add('search-input-group');
+    searchFieldContainer.replaceChildren(this.searchField, this.caseLabel, this.reLabel, this.wordLabel);
+
+    const hiddenInputs = document.createElement('div');
+    hiddenInputs.classList.add('search-hidden-inputs');
+    hiddenInputs.replaceChildren(this.caseField, this.reField, this.wordField);
+
+    const prevSearch = document.createElement('button');
+    prevSearch.classList.add('secondary', 'button');
+    prevSearch.type = 'button';
+    const findPrevText = container.getAttribute('data-find-prev-text');
+    prevSearch.ariaLabel = findPrevText;
+    prevSearch.addEventListener('click', () => {
+      this.search.findPrevious(view);
+    });
+    prevSearch.innerHTML = svg('octicon-arrow-up');
+
+    const nextSearch = document.createElement('button');
+    nextSearch.classList.add('secondary', 'button');
+    nextSearch.type = 'button';
+    const findNextText = container.getAttribute('data-find-next-text');
+    nextSearch.ariaLabel = findNextText;
+    nextSearch.addEventListener('click', () => {
+      this.search.findNext(view);
+    });
+    nextSearch.innerHTML = svg('octicon-arrow-down');
+
+    const searchSection = document.createElement('div');
+    searchSection.classList.add('search-section');
+    searchSection.replaceChildren(searchFieldContainer, hiddenInputs, prevSearch, nextSearch);
+
+    this.replaceField = document.createElement('input');
+    this.replaceField.value = query.replace;
+    this.replaceField.name = 'replace';
+    const replaceText = container.getAttribute('data-replace-text');
+    this.replaceField.placeholder = replaceText;
+    this.replaceField.ariaLabel = replaceText;
+    this.replaceField.classList.add('cm-textfield');
+    this.replaceField.addEventListener('keyup', this.commit);
+    this.replaceField.addEventListener('change', this.commit);
+
+    const replaceButton = document.createElement('button');
+    replaceButton.classList.add('secondary', 'button');
+    replaceButton.type = 'button';
+    replaceButton.addEventListener('click', () => {
+      this.search.replaceNext(view);
+    });
+    replaceButton.textContent = replaceText;
+
+    const replaceAllButton = document.createElement('button');
+    replaceAllButton.classList.add('secondary', 'button');
+    replaceAllButton.type = 'button';
+    replaceAllButton.addEventListener('click', () => {
+      this.search.replaceAll(view);
+    });
+    const replaceAllText = container.getAttribute('data-replace-all-text');
+    replaceAllButton.textContent = replaceAllText;
+
+    const replaceSection = document.createElement('div');
+    replaceSection.classList.add('replace-section');
+    replaceSection.replaceChildren(this.replaceField, replaceButton, replaceAllButton);
+
+    this.dom = document.createElement('div');
+    this.dom.classList.add('fj-search');
+    this.dom.addEventListener('keydown', (e: KeyboardEvent) => this.keydown(e));
+    this.dom.replaceChildren(searchSection, replaceSection);
+  }
+
+  commit() {
+    this.updateLabels();
+    const query = new this.search.SearchQuery({
+      search: this.searchField.value,
+      caseSensitive: this.caseField.checked,
+      regexp: this.reField.checked,
+      wholeWord: this.wordField.checked,
+      replace: this.replaceField.value,
+    });
+    if (!query.eq(this.query)) {
+      this.query = query;
+      this.view.dispatch({effects: this.search.setSearchQuery.of(query)});
+      // Set the new search query and reset the selection
+      const anchor = this.view.state.selection.main.anchor;
+      this.view.dispatch({
+        selection: {anchor},
+        effects: this.search.setSearchQuery.of(query),
+      });
+    }
+  }
+
+  keydown(e: KeyboardEvent) {
+    if (e.key === 'Enter' && e.target === this.searchField) {
+      e.preventDefault();
+      if (e.shiftKey) {
+        this.search.findPrevious(this.view);
+      } else {
+        this.search.findNext(this.view);
+      }
+    } else if (e.key === 'Enter' && e.target === this.replaceField) {
+      e.preventDefault();
+      this.search.replaceNext(this.view);
+    }
+  }
+
+  update(update: ViewUpdate) {
+    for (const tr of update.transactions) for (const effect of tr.effects) {
+      if (effect.is(this.search.setSearchQuery) && !effect.value.eq(this.query)) {
+        this.setQuery(effect.value);
+      }
+    }
+  }
+
+  setQuery(query: SearchQuery) {
+    this.query = query;
+    this.searchField.value = query.search;
+    this.replaceField.value = query.replace;
+    this.caseField.checked = query.caseSensitive;
+    this.reField.checked = query.regexp;
+    this.wordField.checked = query.wholeWord;
+    this.updateLabels();
+  }
+
+  updateLabels() {
+    this.caseLabel.classList.toggle('active', this.caseField.checked);
+    this.caseLabel.classList.toggle('focused', this.caseField === document.activeElement);
+    this.reLabel.classList.toggle('active', this.reField.checked);
+    this.reLabel.classList.toggle('focused', this.reField === document.activeElement);
+    this.wordLabel.classList.toggle('active', this.wordField.checked);
+    this.wordLabel.classList.toggle('focused', this.wordField === document.activeElement);
+  }
+
+  mount() {
+    this.searchField.select();
+  }
+
+  get pos() {
+    return 80;
+  }
+
+  get top() {
+    return true;
+  }
+}
+
+export function searchPanel(
+  codemirrorSearch: CodeMirrorSearch,
+): (view: EditorView) => Panel {
+  return (view) => {
+    return new SearchPanel(codemirrorSearch, view);
+  };
+}
diff --git a/web_src/js/features/codemirror.ts b/web_src/js/features/codemirror.ts
new file mode 100644
index 0000000000..f61449dccf
--- /dev/null
+++ b/web_src/js/features/codemirror.ts
@@ -0,0 +1,218 @@
+import {isDarkTheme} from '../utils.js';
+import {languages} from './codemirror-lang.ts';
+import type {LanguageDescription} from '@codemirror/language';
+import type {Compartment} from '@codemirror/state';
+import type {EditorView, ViewUpdate} from '@codemirror/view';
+import {searchPanel} from './codemirror-search.ts';
+
+// Export editor for customization - https://github.com/go-gitea/gitea/issues/10409
+function exportEditor(editor: EditorView) {
+  if (!window.codeEditors) window.codeEditors = new Set<EditorView>();
+  window.codeEditors.add(editor);
+}
+
+export interface EditorOptions {
+  indentSize?: number;
+  tabSize?: number;
+  wordWrap: boolean;
+  indentStyle: string;
+  onContentChange?: (update: ViewUpdate) => void;
+}
+
+export interface CodemirrorEditor {
+  codemirrorView: CodeMirrorView;
+  codemirrorLanguage: CodeMirrorLanguage;
+  codemirrorState: CodeMirrorState;
+  codemirrorSearch: CodeMirrorSearch;
+  view: EditorView;
+  languages: LanguageDescription[];
+  compartments: {
+    wordWrap: Compartment;
+    language: Compartment;
+    tabSize: Compartment;
+  };
+}
+
+export async function createCodemirror(
+  textarea: HTMLTextAreaElement,
+  filename: string,
+  editorOpts: EditorOptions,
+): Promise<CodemirrorEditor> {
+  const codemirrorView = await import(/* webpackChunkName: "codemirror" */ '@codemirror/view');
+  const codemirrorCommands = await import(/* webpackChunkName: "codemirror" */ '@codemirror/commands');
+  const codemirrorState = await import(/* webpackChunkName: "codemirror" */ '@codemirror/state');
+  const codemirrorSearch = await import(/* webpackChunkName: "codemirror" */ '@codemirror/search');
+  const codemirrorLanguage = await import(/* webpackChunkName: "codemirror" */ '@codemirror/language');
+  const codemirrorAutocomplete = await import(/* webpackChunkName: "codemirror" */ '@codemirror/autocomplete');
+  const {tags: t} = await import(/* webpackChunkName: "codemirror" */ '@lezer/highlight');
+
+  const languageDescriptions = languages(codemirrorLanguage);
+  const code = codemirrorLanguage.LanguageDescription.matchFilename(
+    languageDescriptions,
+    filename,
+  );
+  const onContentChange = editorOpts.onContentChange || ((update) => {
+    if (update.docChanged) {
+      textarea.value = update.state.doc.toString();
+        // Make jquery-are-you-sure happy.
+      textarea.dispatchEvent(new Event('change'));
+    }
+  });
+
+  const darkTheme = isDarkTheme();
+
+  const theme = codemirrorView.EditorView.theme(
+    {
+      '&': {
+        color: 'var(--color-text)',
+        backgroundColor: 'var(--color-code-bg)',
+        maxHeight: '90vh',
+      },
+      '.cm-content, .cm-gutter': {
+        minHeight: '200px',
+      },
+      '.cm-scroller': {
+        overflow: 'auto',
+      },
+      '.cm-content': {
+        caretColor: 'var(--color-caret)',
+        fontFamily: 'var(--fonts-monospace)',
+        fontSize: '14px',
+      },
+      '.cm-cursor, .cm-dropCursor': {
+        borederLeftCursor: 'var(--color-caret)',
+      },
+      '&.cm-focused > .cm-scroller > .cm-selectionLayer .cm-selectionBackground, .cm-selectionBackground':
+        {
+          backgroundColor: 'var(--color-primary-light-3)',
+        },
+      '.cm-panels': {
+        backgroundColor: 'var(--color-body)',
+        borderColor: 'var(--color-secondary)',
+      },
+      '.cm-activeLine, .cm-activeLineGutter': {
+        backgroundColor: '#6699ff0b',
+      },
+      '.cm-gutters': {
+        backgroundColor: 'var(--color-code-bg)',
+        color: 'var(--color-secondary-dark-6)',
+      },
+      '.cm-line ::selection, .cm-line::selection': {
+        color: 'inherit !important',
+      },
+      '.cm-searchMatch': {
+        backgroundColor: '#72a1ff59',
+        outline: `1px solid #ffffff0f`,
+      },
+      '.cm-tooltip.cm-tooltip-autocomplete > ul > li': {
+        padding: '0.5em 0.5em',
+      },
+    },
+    {dark: isDarkTheme()},
+  );
+
+  const highlightStyle = codemirrorLanguage.HighlightStyle.define([
+    {
+      tag: [t.keyword, t.operatorKeyword, t.modifier, t.color, t.constant(t.name), t.standard(t.name), t.standard(t.tagName), t.special(t.brace), t.atom, t.bool, t.special(t.variableName)],
+      color: darkTheme ? '#569cd6' : '#0064ff',
+    },
+    {tag: [t.controlKeyword, t.moduleKeyword], color: darkTheme ? '#c586c0' : '#af00db'},
+    {
+      tag: [t.name, t.deleted, t.character, t.macroName, t.propertyName, t.variableName, t.labelName, t.definition(t.name)],
+      color: darkTheme ? '#9cdcfe' : '#383a42',
+    },
+    {
+      tag: [t.typeName, t.className, t.tagName, t.number, t.changed, t.annotation, t.self, t.namespace],
+      color: darkTheme ? '#4ec9b0' : '#267f99',
+    },
+    {
+      tag: [t.function(t.variableName), t.function(t.propertyName)],
+      color: darkTheme ? '#dcdcaa' : '#795e26',
+    },
+    {tag: [t.number], color: darkTheme ? '#b5cea8' : '#098658'},
+    {
+      tag: [t.operator, t.punctuation, t.separator, t.url, t.escape, t.regexp],
+      color: darkTheme ? '#d4d4d4' : '#383a42',
+    },
+    {tag: [t.regexp], color: darkTheme ? '#d16969' : '#af00db'},
+    {
+      tag: [t.special(t.string), t.processingInstruction, t.string, t.inserted],
+      color: darkTheme ? '#ce9178' : '#a31515',
+    },
+    {tag: [t.meta, t.comment], color: darkTheme ? '#6a9955' : '#6b6b6b'},
+    {tag: t.invalid, color: darkTheme ? '#ff0000' : '#e51400'},
+    {tag: t.strong, fontWeight: 'bold'},
+    {tag: t.emphasis, fontStyle: 'italic'},
+    {tag: t.strikethrough, textDecoration: 'line-through'},
+    {tag: t.link, color: darkTheme ? '#6a9955' : '#006ab1', textDecoration: 'underline'},
+  ]);
+
+  const container = textarea.parentNode.querySelector('.codemirror-container');
+
+  const wordWrap = new codemirrorState.Compartment();
+  const language = new codemirrorState.Compartment();
+  const tabSize = new codemirrorState.Compartment();
+
+  const view = new codemirrorView.EditorView({
+    doc: textarea.value,
+    parent: container,
+    extensions: [
+      codemirrorView.lineNumbers(),
+      codemirrorLanguage.foldGutter(),
+      codemirrorView.highlightActiveLineGutter(),
+      codemirrorView.highlightSpecialChars(),
+      codemirrorView.highlightActiveLine(),
+      codemirrorView.drawSelection(),
+      codemirrorView.dropCursor(),
+      codemirrorSearch.search({createPanel: searchPanel(codemirrorSearch)}),
+      codemirrorView.keymap.of([
+        ...codemirrorAutocomplete.closeBracketsKeymap,
+        ...codemirrorCommands.defaultKeymap,
+        ...codemirrorCommands.historyKeymap,
+        // If no search panel, then disable the search keymap
+        ...(document.getElementById('editor-find') ? codemirrorSearch.searchKeymap : []),
+        ...codemirrorLanguage.foldKeymap,
+        ...codemirrorAutocomplete.completionKeymap,
+        codemirrorCommands.indentWithTab,
+      ]),
+      codemirrorState.EditorState.allowMultipleSelections.of(true),
+      codemirrorLanguage.indentOnInput(),
+      codemirrorLanguage.syntaxHighlighting(highlightStyle),
+      codemirrorLanguage.bracketMatching(),
+      codemirrorLanguage.indentUnit.of(
+        editorOpts.indentStyle === 'tab' ?
+          '\t' :
+          ' '.repeat(editorOpts.indentSize || 2),
+      ),
+      codemirrorAutocomplete.closeBrackets(),
+      codemirrorAutocomplete.autocompletion(),
+      codemirrorCommands.history(),
+      tabSize.of(
+        codemirrorState.EditorState.tabSize.of(editorOpts.tabSize || 4),
+      ),
+      wordWrap.of(
+        editorOpts.wordWrap ? codemirrorView.EditorView.lineWrapping : [],
+      ),
+      language.of(code ? await code.load() : []),
+      codemirrorView.EditorView.updateListener.of(onContentChange),
+      theme,
+    ],
+  });
+
+  exportEditor(view);
+
+  container.querySelector('.editor-loading')?.remove();
+  return {
+    codemirrorView,
+    codemirrorState,
+    codemirrorLanguage,
+    codemirrorSearch,
+    view,
+    languages: languageDescriptions,
+    compartments: {
+      tabSize,
+      wordWrap,
+      language,
+    },
+  };
+}
diff --git a/web_src/js/features/repo-editor.js b/web_src/js/features/repo-editor.js
index 44db51e98f..18224be1da 100644
--- a/web_src/js/features/repo-editor.js
+++ b/web_src/js/features/repo-editor.js
@@ -1,6 +1,6 @@
 import $ from 'jquery';
 import {htmlEscape} from 'escape-goat';
-import {createCodeEditor} from './codeeditor.js';
+import {createCodeEditor} from './codeeditor.ts';
 import {hideElem, showElem, createElementFromHTML} from '../utils/dom.js';
 import {initMarkupContent} from '../markup/content.js';
 import {attachRefIssueContextPopup} from './contextpopup.js';
@@ -9,7 +9,7 @@ import {initTab} from '../modules/tab.ts';
 import {showModal} from '../modules/modal.ts';
 
 function initEditPreviewTab($form) {
-  const $tabMenu = $form.find('.tabular.menu');
+  const $tabMenu = $form.find('.switch');
   initTab($tabMenu[0]);
   const $previewTab = $tabMenu.find(
     `.item[data-tab="${$tabMenu.data('preview')}"]`,
diff --git a/web_src/js/features/repo-issue.test.js b/web_src/js/features/repo-issue.test.js
index 8c9734b0c6..f72eb5794b 100644
--- a/web_src/js/features/repo-issue.test.js
+++ b/web_src/js/features/repo-issue.test.js
@@ -2,7 +2,6 @@ import {vi} from 'vitest';
 
 import {issueTitleHTML} from './repo-issue.js';
 
-// monaco-editor does not have any exports fields, which trips up vitest
 vi.mock('./comp/ComboMarkdownEditor.js', () => ({}));
 // jQuery is missing
 vi.mock('./common-global.js', () => ({}));
diff --git a/web_src/js/features/repo-settings.js b/web_src/js/features/repo-settings.js
index 93d907662e..7e418efb25 100644
--- a/web_src/js/features/repo-settings.js
+++ b/web_src/js/features/repo-settings.js
@@ -1,8 +1,8 @@
 import $ from 'jquery';
 import {minimatch} from 'minimatch';
-import {createMonaco} from './codeeditor.js';
 import {onInputDebounce, toggleElem} from '../utils/dom.js';
 import {POST} from '../modules/fetch.js';
+import {createCodemirror} from './codemirror.ts';
 
 const {appSubUrl} = window.config;
 
@@ -71,7 +71,7 @@ export function initRepoSettingSearchTeamBox() {
 export function initRepoSettingGitHook() {
   if (!$('.edit.githook').length) return;
   const filename = document.querySelector('.hook-filename').textContent;
-  const _promise = createMonaco($('#content')[0], filename, {language: 'shell'});
+  const _promise = createCodemirror($('#content')[0], filename, {language: 'shell'});
 }
 
 export function initRepoSettingBranches() {
diff --git a/web_src/js/globals.d.ts b/web_src/js/globals.d.ts
new file mode 100644
index 0000000000..47aaaba0c8
--- /dev/null
+++ b/web_src/js/globals.d.ts
@@ -0,0 +1,3 @@
+interface Window {
+  codeEditors: Set<import('codemirror').EditorView>;
+}
diff --git a/web_src/js/svg.js b/web_src/js/svg.js
index 13f26348c2..9481f0e3eb 100644
--- a/web_src/js/svg.js
+++ b/web_src/js/svg.js
@@ -5,6 +5,8 @@ import giteaDoubleChevronRight from '../../public/assets/img/svg/gitea-double-ch
 import giteaEmptyCheckbox from '../../public/assets/img/svg/gitea-empty-checkbox.svg';
 import giteaExclamation from '../../public/assets/img/svg/gitea-exclamation.svg';
 import octiconArchive from '../../public/assets/img/svg/octicon-archive.svg';
+import octiconArrowDown from '../../public/assets/img/svg/octicon-arrow-down.svg';
+import octiconArrowUp from '../../public/assets/img/svg/octicon-arrow-up.svg';
 import octiconArrowSwitch from '../../public/assets/img/svg/octicon-arrow-switch.svg';
 import octiconBlocked from '../../public/assets/img/svg/octicon-blocked.svg';
 import octiconBold from '../../public/assets/img/svg/octicon-bold.svg';
@@ -81,7 +83,9 @@ const svgs = {
   'gitea-empty-checkbox': giteaEmptyCheckbox,
   'gitea-exclamation': giteaExclamation,
   'octicon-archive': octiconArchive,
+  'octicon-arrow-down': octiconArrowDown,
   'octicon-arrow-switch': octiconArrowSwitch,
+  'octicon-arrow-up': octiconArrowUp,
   'octicon-blocked': octiconBlocked,
   'octicon-bold': octiconBold,
   'octicon-check': octiconCheck,
diff --git a/web_src/js/types.d.ts b/web_src/js/types.d.ts
index ed5a18b974..5efc36762b 100644
--- a/web_src/js/types.d.ts
+++ b/web_src/js/types.d.ts
@@ -8,3 +8,8 @@ declare module '*.vue' {
   import Vue from 'vue';
   export default Vue;
 }
+
+type CodeMirrorLanguage = typeof import('@codemirror/language');
+type CodeMirrorSearch = typeof import('@codemirror/search');
+type CodeMirrorState = typeof import('@codemirror/state');
+type CodeMirrorView = typeof import('@codemirror/view');
diff --git a/webpack.config.js b/webpack.config.js
index 8f9949d7b1..7f5760833e 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -2,7 +2,6 @@ import fastGlob from 'fast-glob';
 import wrapAnsi from 'wrap-ansi';
 import {init as licenseChecker} from 'license-checker-rseidelsohn';
 import MiniCssExtractPlugin from 'mini-css-extract-plugin';
-import MonacoWebpackPlugin from 'monaco-editor-webpack-plugin';
 import {VueLoaderPlugin} from 'vue-loader';
 import EsBuildLoader from 'esbuild-loader';
 import {parse} from 'node:path';
@@ -144,9 +143,8 @@ export default {
   output: {
     path: fileURLToPath(new URL('public/assets', import.meta.url)),
     filename: () => 'js/[name].js',
-    chunkFilename: ({chunk}) => {
-      const language = (/monaco.*languages?_.+?_(.+?)_/.exec(chunk.id) || [])[1];
-      return `js/${language ? `monaco-language-${language.toLowerCase()}` : `[name]`}.[contenthash:8].js`;
+    chunkFilename: () => {
+      return `js/[name].[contenthash:8].js`;
     },
   },
   optimization: {
@@ -254,9 +252,6 @@ export default {
       filename: '[file].[contenthash:8].map',
       ...(sourceMaps === 'reduced' && {include: /^js\/index\.js$/}),
     }),
-    new MonacoWebpackPlugin({
-      filename: 'js/monaco-[name].[contenthash:8].worker.js',
-    }),
   ],
   performance: {
     hints: false,
@@ -283,7 +278,6 @@ export default {
     colors: true,
     entrypoints: false,
     excludeAssets: [
-      /^js\/monaco-language-.+\.js$/,
       !isProduction && /^licenses.txt$/,
     ].filter(Boolean),
     groupAssetsByChunk: false,

From 0837c8d8be364be4485fcc27cc67d39e0177f109 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Mon, 5 Jan 2026 04:59:04 +0100
Subject: [PATCH 094/854] feat: add HTTP API endpoint for runner registration
 (#10677)

Add an HTTP API endpoint for runner registration. It enables managing the entire runner lifecycle using Forgejo's HTTP API. See https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/78 for background, design considerations, and usage.

Example usage:

```
$ curl -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "Authorization: token 3fc3ef39805b0f811a5d7789cb7b448348d6bfbb" --data '{"name":"api-runner","description":"Lorem ipsum"}' http://localhost:3000/api/v1/user/actions/runners
```
```json
{"id":30,"uuid":"a5e33697-9f58-437d-83c3-551b6c6a6334","token":"cac45fa6726fe4e28f42598773671af28a3be121"}
```

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10677
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 modules/structs/runner.go                   |  26 +++
 routers/api/v1/admin/runners.go             |  27 +++
 routers/api/v1/api.go                       |  12 +-
 routers/api/v1/org/action.go                |  32 +++
 routers/api/v1/repo/action.go               |  37 ++++
 routers/api/v1/shared/runners.go            |  30 +++
 routers/api/v1/swagger/action.go            |   7 +
 routers/api/v1/swagger/options.go           |   3 +
 routers/api/v1/user/runners.go              |  27 +++
 services/actions/interface.go               |   2 +
 templates/swagger/v1_json.tmpl              | 213 +++++++++++++++++++-
 tests/integration/api_admin_actions_test.go |  82 +++++++-
 tests/integration/api_org_actions_test.go   |  78 ++++++-
 tests/integration/api_repo_actions_test.go  |  82 +++++++-
 tests/integration/api_user_actions_test.go  |  78 ++++++-
 15 files changed, 714 insertions(+), 22 deletions(-)
 create mode 100644 modules/structs/runner.go

diff --git a/modules/structs/runner.go b/modules/structs/runner.go
new file mode 100644
index 0000000000..e744355b30
--- /dev/null
+++ b/modules/structs/runner.go
@@ -0,0 +1,26 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package structs
+
+// RegisterRunnerOptions declares the accepted options for registering runners.
+// swagger:model
+type RegisterRunnerOptions struct {
+	// Name of the runner to register. The name of the runner does not have to be unique.
+	//
+	// required: true
+	Name string `json:"name" binding:"Required"`
+
+	// Description of the runner to register.
+	//
+	// required: false
+	Description string `json:"description"`
+}
+
+// RegisterRunnerResponse contains the details of the just registered runner.
+// swagger:model
+type RegisterRunnerResponse struct {
+	ID    int64  `json:"id" binding:"Required"`
+	UUID  string `json:"uuid" binding:"Required"`
+	Token string `json:"token" binding:"Required"`
+}
diff --git a/routers/api/v1/admin/runners.go b/routers/api/v1/admin/runners.go
index b663eb57a3..81c029c57c 100644
--- a/routers/api/v1/admin/runners.go
+++ b/routers/api/v1/admin/runners.go
@@ -139,6 +139,33 @@ func GetRunner(ctx *context.APIContext) {
 	shared.GetRunner(ctx, 0, 0, ctx.ParamsInt64("runner_id"))
 }
 
+// RegisterRunner registers a new global runner
+func RegisterRunner(ctx *context.APIContext) {
+	// swagger:operation POST /admin/actions/runners admin registerAdminRunner
+	// ---
+	// summary: Register a new global runner
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/RegisterRunnerOptions"
+	// responses:
+	//   "201":
+	//     "$ref": "#/responses/RegisterRunnerResponse"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "401":
+	//     "$ref": "#/responses/unauthorized"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	shared.RegisterRunner(ctx, 0, 0)
+}
+
 // DeleteRunner removes a particular runner, no matter whether it is a global runner or scoped to an organization, user, or repository
 func DeleteRunner(ctx *context.APIContext) {
 	// swagger:operation DELETE /admin/actions/runners/{runner_id} admin deleteAdminRunner
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 9029ba834b..b7bb74e558 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -856,7 +856,9 @@ func Routes() *web.Route {
 			})
 
 			m.Group("/runners", func() {
-				m.Get("", reqToken(), reqChecker, act.ListRunners)
+				m.Combo("").
+					Get(reqToken(), reqChecker, act.ListRunners).
+					Post(reqToken(), reqChecker, bind(api.RegisterRunnerOptions{}), act.RegisterRunner)
 				m.Get("/registration-token", reqToken(), reqChecker, act.GetRegistrationToken)
 				m.Get("/{runner_id}", reqToken(), reqChecker, act.GetRunner)
 				m.Delete("/{runner_id}", reqToken(), reqChecker, act.DeleteRunner)
@@ -1019,7 +1021,9 @@ func Routes() *web.Route {
 				})
 
 				m.Group("/runners", func() {
-					m.Get("", reqToken(), user.ListRunners)
+					m.Combo("").
+						Get(reqToken(), user.ListRunners).
+						Post(bind(api.RegisterRunnerOptions{}), user.RegisterRunner)
 					m.Get("/registration-token", reqToken(), user.GetRegistrationToken)
 					m.Get("/{runner_id}", reqToken(), user.GetRunner)
 					m.Delete("/{runner_id}", reqToken(), user.DeleteRunner)
@@ -1701,7 +1705,9 @@ func Routes() *web.Route {
 					Delete(admin.DeleteHook)
 			})
 			m.Group("/actions/runners", func() {
-				m.Get("", admin.ListRunners)
+				m.Combo("").
+					Get(admin.ListRunners).
+					Post(bind(api.RegisterRunnerOptions{}), admin.RegisterRunner)
 				m.Get("/registration-token", admin.GetRunnerRegistrationToken)
 				m.Get("/{runner_id}", admin.GetRunner)
 				m.Delete("/{runner_id}", admin.DeleteRunner)
diff --git a/routers/api/v1/org/action.go b/routers/api/v1/org/action.go
index f30d30f17e..dac6704d4b 100644
--- a/routers/api/v1/org/action.go
+++ b/routers/api/v1/org/action.go
@@ -324,6 +324,38 @@ func (Action) GetRunner(ctx *context.APIContext) {
 	shared.GetRunner(ctx, ctx.Org.Organization.ID, 0, ctx.ParamsInt64("runner_id"))
 }
 
+// RegisterRunner registers a new organization-level runner
+func (Action) RegisterRunner(ctx *context.APIContext) {
+	// swagger:operation POST /orgs/{org}/actions/runners organization registerOrgRunner
+	// ---
+	// summary: Register a new organization-level runner
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: org
+	//   in: path
+	//   description: name of the organization
+	//   type: string
+	//   required: true
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/RegisterRunnerOptions"
+	// responses:
+	//   "201":
+	//     "$ref": "#/responses/RegisterRunnerResponse"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "401":
+	//     "$ref": "#/responses/unauthorized"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	shared.RegisterRunner(ctx, ctx.Org.Organization.ID, 0)
+}
+
 // DeleteRunner removes a particular runner that belongs to the organization
 func (Action) DeleteRunner(ctx *context.APIContext) {
 	// swagger:operation DELETE /orgs/{org}/actions/runners/{runner_id} organization deleteOrgRunner
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index 61c2b6e3fe..01ad2cc5aa 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -574,6 +574,43 @@ func (Action) GetRunner(ctx *context.APIContext) {
 	shared.GetRunner(ctx, 0, ctx.Repo.Repository.ID, ctx.ParamsInt64("runner_id"))
 }
 
+// RegisterRunner registers a new repository-level runner
+func (Action) RegisterRunner(ctx *context.APIContext) {
+	// swagger:operation POST /repos/{owner}/{repo}/actions/runners repository registerRepoRunner
+	// ---
+	// summary: Register a new repository-level runner
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/RegisterRunnerOptions"
+	// responses:
+	//   "201":
+	//     "$ref": "#/responses/RegisterRunnerResponse"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "401":
+	//     "$ref": "#/responses/unauthorized"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	shared.RegisterRunner(ctx, 0, ctx.Repo.Repository.ID)
+}
+
 // DeleteRunner removes a particular runner that belongs to a repository
 func (Action) DeleteRunner(ctx *context.APIContext) {
 	// swagger:operation DELETE /repos/{owner}/{repo}/actions/runners/{runner_id} repository deleteRepoRunner
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index 2e77cff1d0..ecfbbcda69 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -13,9 +13,12 @@ import (
 	"forgejo.org/models/db"
 	"forgejo.org/modules/structs"
 	"forgejo.org/modules/util"
+	"forgejo.org/modules/web"
 	"forgejo.org/routers/api/v1/utils"
 	"forgejo.org/services/context"
 	"forgejo.org/services/convert"
+
+	gouuid "github.com/google/uuid"
 )
 
 // RegistrationToken is a string used to register a runner with a server
@@ -146,6 +149,33 @@ func GetRunner(ctx *context.APIContext, ownerID, repoID, runnerID int64) {
 	ctx.JSON(http.StatusOK, actionRunner)
 }
 
+func RegisterRunner(ctx *context.APIContext, ownerID, repoID int64) {
+	if ownerID != 0 && repoID != 0 {
+		ctx.Error(http.StatusUnprocessableEntity, "RegisterRunner", fmt.Errorf("ownerID '%d' and repoID '%d' cannot be set simultaneously", ownerID, repoID))
+		return
+	}
+
+	options := web.GetForm(ctx).(*structs.RegisterRunnerOptions)
+	runner := &actions_model.ActionRunner{
+		UUID:        gouuid.NewString(),
+		Name:        options.Name,
+		OwnerID:     ownerID,
+		RepoID:      repoID,
+		Description: options.Description,
+	}
+	runner.GenerateToken()
+	if err := actions_model.CreateRunner(ctx, runner); err != nil {
+		ctx.Error(http.StatusInternalServerError, "CreateRunner", err)
+	}
+
+	response := &structs.RegisterRunnerResponse{
+		ID:    runner.ID,
+		UUID:  runner.UUID,
+		Token: runner.Token,
+	}
+	ctx.JSON(http.StatusCreated, response)
+}
+
 // DeleteRunner deletes the runner for api route validated ownerID and repoID
 // ownerID == 0 and repoID == 0 means any runner including global runners
 // ownerID == 0 and repoID != 0 means any runner for the given repo
diff --git a/routers/api/v1/swagger/action.go b/routers/api/v1/swagger/action.go
index bd55f59614..6f95975213 100644
--- a/routers/api/v1/swagger/action.go
+++ b/routers/api/v1/swagger/action.go
@@ -76,3 +76,10 @@ type swaggerActionRunnerListResponse struct {
 	// Links to other pages, if any
 	Link string `json:"Link"`
 }
+
+// RegisterRunnerResponse contains the details of the just registered runner.
+// swagger:response RegisterRunnerResponse
+type swaggerRegisterRunnerResponse struct {
+	// in: body
+	Body api.RegisterRunnerResponse `json:"body"`
+}
diff --git a/routers/api/v1/swagger/options.go b/routers/api/v1/swagger/options.go
index 4860f10c98..1cc77b319a 100644
--- a/routers/api/v1/swagger/options.go
+++ b/routers/api/v1/swagger/options.go
@@ -239,4 +239,7 @@ type swaggerParameterBodies struct {
 
 	// in:body
 	NoteOptions api.NoteOptions
+
+	// in:body
+	RegisterRunnerOptions api.RegisterRunnerOptions
 }
diff --git a/routers/api/v1/user/runners.go b/routers/api/v1/user/runners.go
index 15b138083c..340233f27d 100644
--- a/routers/api/v1/user/runners.go
+++ b/routers/api/v1/user/runners.go
@@ -102,6 +102,33 @@ func GetRunner(ctx *context.APIContext) {
 	shared.GetRunner(ctx, ctx.Doer.ID, 0, ctx.ParamsInt64("runner_id"))
 }
 
+// RegisterRunner registers a new user-level runner
+func RegisterRunner(ctx *context.APIContext) {
+	// swagger:operation POST /user/actions/runners user registerUserRunner
+	// ---
+	// summary: Register a new user-level runner
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/RegisterRunnerOptions"
+	// responses:
+	//   "201":
+	//     "$ref": "#/responses/RegisterRunnerResponse"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "401":
+	//     "$ref": "#/responses/unauthorized"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	shared.RegisterRunner(ctx, ctx.Doer.ID, 0)
+}
+
 // DeleteRunner deletes a particular user-level runner
 func DeleteRunner(ctx *context.APIContext) {
 	// swagger:operation DELETE /user/actions/runners/{runner_id} user deleteUserRunner
diff --git a/services/actions/interface.go b/services/actions/interface.go
index 466f8ef857..e444eec326 100644
--- a/services/actions/interface.go
+++ b/services/actions/interface.go
@@ -31,6 +31,8 @@ type API interface {
 	ListRunners(*context.APIContext)
 	// GetRunner get a runner
 	GetRunner(*context.APIContext)
+	// RegisterRunner registers a new runner
+	RegisterRunner(*context.APIContext)
 	// DeleteRunner delete runner
 	DeleteRunner(*context.APIContext)
 }
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 4a69a39292..28b9c43c37 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -346,6 +346,42 @@
             "$ref": "#/responses/notFound"
           }
         }
+      },
+      "post": {
+        "consumes": [
+          "application/json"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "admin"
+        ],
+        "summary": "Register a new global runner",
+        "operationId": "registerAdminRunner",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "$ref": "#/definitions/RegisterRunnerOptions"
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "$ref": "#/responses/RegisterRunnerResponse"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "401": {
+            "$ref": "#/responses/unauthorized"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
       }
     },
     "/admin/actions/runners/jobs": {
@@ -2715,6 +2751,49 @@
             "$ref": "#/responses/notFound"
           }
         }
+      },
+      "post": {
+        "consumes": [
+          "application/json"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "organization"
+        ],
+        "summary": "Register a new organization-level runner",
+        "operationId": "registerOrgRunner",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "name of the organization",
+            "name": "org",
+            "in": "path",
+            "required": true
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "$ref": "#/definitions/RegisterRunnerOptions"
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "$ref": "#/responses/RegisterRunnerResponse"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "401": {
+            "$ref": "#/responses/unauthorized"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
       }
     },
     "/orgs/{org}/actions/runners/jobs": {
@@ -5408,6 +5487,56 @@
             "$ref": "#/responses/notFound"
           }
         }
+      },
+      "post": {
+        "consumes": [
+          "application/json"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Register a new repository-level runner",
+        "operationId": "registerRepoRunner",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "$ref": "#/definitions/RegisterRunnerOptions"
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "$ref": "#/responses/RegisterRunnerResponse"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "401": {
+            "$ref": "#/responses/unauthorized"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
       }
     },
     "/repos/{owner}/{repo}/actions/runners/jobs": {
@@ -18852,6 +18981,42 @@
             "$ref": "#/responses/notFound"
           }
         }
+      },
+      "post": {
+        "consumes": [
+          "application/json"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "user"
+        ],
+        "summary": "Register a new user-level runner",
+        "operationId": "registerUserRunner",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "$ref": "#/definitions/RegisterRunnerOptions"
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "$ref": "#/responses/RegisterRunnerResponse"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "401": {
+            "$ref": "#/responses/unauthorized"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
       }
     },
     "/user/actions/runners/jobs": {
@@ -28320,6 +28485,46 @@
       },
       "x-go-package": "forgejo.org/modules/structs"
     },
+    "RegisterRunnerOptions": {
+      "type": "object",
+      "title": "RegisterRunnerOptions declares the accepted options for registering runners.",
+      "required": [
+        "name"
+      ],
+      "properties": {
+        "description": {
+          "description": "Description of the runner to register.",
+          "type": "string",
+          "x-go-name": "Description"
+        },
+        "name": {
+          "description": "Name of the runner to register. The name of the runner does not have to be unique.",
+          "type": "string",
+          "x-go-name": "Name"
+        }
+      },
+      "x-go-package": "forgejo.org/modules/structs"
+    },
+    "RegisterRunnerResponse": {
+      "type": "object",
+      "title": "RegisterRunnerResponse contains the details of the just registered runner.",
+      "properties": {
+        "id": {
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "ID"
+        },
+        "token": {
+          "type": "string",
+          "x-go-name": "Token"
+        },
+        "uuid": {
+          "type": "string",
+          "x-go-name": "UUID"
+        }
+      },
+      "x-go-package": "forgejo.org/modules/structs"
+    },
     "RegistrationToken": {
       "description": "RegistrationToken is a string used to register a runner with a server",
       "type": "object",
@@ -30715,6 +30920,12 @@
         }
       }
     },
+    "RegisterRunnerResponse": {
+      "description": "RegisterRunnerResponse contains the details of the just registered runner.",
+      "schema": {
+        "$ref": "#/definitions/RegisterRunnerResponse"
+      }
+    },
     "RegistrationToken": {
       "description": "RegistrationToken is a string used to register a runner with a server",
       "schema": {
@@ -31039,7 +31250,7 @@
     "parameterBodies": {
       "description": "parameterBodies",
       "schema": {
-        "$ref": "#/definitions/NoteOptions"
+        "$ref": "#/definitions/RegisterRunnerOptions"
       }
     },
     "quotaExceeded": {
diff --git a/tests/integration/api_admin_actions_test.go b/tests/integration/api_admin_actions_test.go
index d9a6a5d6e1..10e4660caa 100644
--- a/tests/integration/api_admin_actions_test.go
+++ b/tests/integration/api_admin_actions_test.go
@@ -16,6 +16,7 @@ import (
 	"forgejo.org/routers/api/v1/shared"
 	"forgejo.org/tests"
 
+	gouuid "github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -182,7 +183,7 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadAdmin)
 	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin)
 
-	t.Run("GetRunners", func(t *testing.T) {
+	t.Run("Get runners", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -233,7 +234,7 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		assert.Contains(t, runners, runnerThree)
 	})
 
-	t.Run("GetRunnersPaginated", func(t *testing.T) {
+	t.Run("Get runners paginated", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners?page=1&limit=5")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -246,7 +247,7 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		assert.Len(t, runners, 5)
 	})
 
-	t.Run("GetGlobalRunner", func(t *testing.T) {
+	t.Run("Get global runner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners/130793")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -269,7 +270,7 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		assert.Equal(t, runnerOne, runner)
 	})
 
-	t.Run("GetRepositoryScopedRunner", func(t *testing.T) {
+	t.Run("Get repository-scoped runner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners/130794")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -292,7 +293,7 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		assert.Equal(t, runnerFour, runner)
 	})
 
-	t.Run("DeleteGlobalRunner", func(t *testing.T) {
+	t.Run("Delete global runner", func(t *testing.T) {
 		url := "/api/v1/admin/actions/runners/130791"
 
 		request := NewRequest(t, "GET", url)
@@ -308,7 +309,7 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		MakeRequest(t, request, http.StatusNotFound)
 	})
 
-	t.Run("DeleteRepositoryScopedRunner", func(t *testing.T) {
+	t.Run("Delete repository-scoped runner", func(t *testing.T) {
 		url := "/api/v1/admin/actions/runners/130794"
 
 		request := NewRequest(t, "GET", url)
@@ -323,4 +324,73 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		request.AddTokenAuth(readToken)
 		MakeRequest(t, request, http.StatusNotFound)
 	})
+
+	t.Run("Register runner", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner", Description: "Some description"}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/admin/actions/runners", options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		assert.NotNil(t, registerRunnerResponse)
+		assert.Positive(t, registerRunnerResponse.ID)
+		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
+		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
+
+		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
+		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
+		assert.Zero(t, registeredRunner.OwnerID)
+		assert.Zero(t, registeredRunner.RepoID)
+		assert.Equal(t, "api-runner", registeredRunner.Name)
+		assert.Equal(t, "Some description", registeredRunner.Description)
+		assert.Empty(t, registeredRunner.AgentLabels)
+		assert.Empty(t, registeredRunner.Version)
+		assert.NotEmpty(t, registeredRunner.TokenHash)
+		assert.NotEmpty(t, registeredRunner.TokenSalt)
+	})
+
+	t.Run("Runner registration does not update runner with identical name", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner"}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/admin/actions/runners", options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		secondRequest := NewRequestWithJSON(t, "POST", "/api/v1/admin/actions/runners", options)
+		secondRequest.AddTokenAuth(writeToken)
+		secondResponse := MakeRequest(t, secondRequest, http.StatusCreated)
+
+		var secondRegisterRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, secondResponse, &secondRegisterRunnerResponse)
+
+		firstRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		secondRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: secondRegisterRunnerResponse.UUID})
+
+		assert.NotEqual(t, firstRunner.ID, secondRunner.ID)
+		assert.NotEqual(t, firstRunner.UUID, secondRunner.UUID)
+	})
+
+	t.Run("Runner registration requires write token for admin scope", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner"}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/admin/actions/runners", options)
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusForbidden)
+
+		type errorResponse struct {
+			Message string `json:"message"`
+		}
+
+		var errorMessage *errorResponse
+		DecodeJSON(t, response, &errorMessage)
+
+		assert.Equal(t, "token does not have at least one of required scope(s): [write:admin]", errorMessage.Message)
+	})
 }
diff --git a/tests/integration/api_org_actions_test.go b/tests/integration/api_org_actions_test.go
index 46f08f4624..c29798d03c 100644
--- a/tests/integration/api_org_actions_test.go
+++ b/tests/integration/api_org_actions_test.go
@@ -16,6 +16,7 @@ import (
 	"forgejo.org/routers/api/v1/shared"
 	"forgejo.org/tests"
 
+	gouuid "github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -111,7 +112,7 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
 	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
 
-	t.Run("GetRunners", func(t *testing.T) {
+	t.Run("Get runners", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -147,7 +148,7 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
 	})
 
-	t.Run("GetRunnersPaginated", func(t *testing.T) {
+	t.Run("Get runners paginated", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners?page=1&limit=1")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -160,7 +161,7 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		assert.Len(t, runners, 1)
 	})
 
-	t.Run("GetRunner", func(t *testing.T) {
+	t.Run("Get runner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners/655691")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -183,7 +184,7 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		assert.Equal(t, runnerOne, runner)
 	})
 
-	t.Run("DeleteRunner", func(t *testing.T) {
+	t.Run("Delete runner", func(t *testing.T) {
 		url := "/api/v1/orgs/org3/actions/runners/655691"
 
 		request := NewRequest(t, "GET", url)
@@ -198,4 +199,73 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		request.AddTokenAuth(readToken)
 		MakeRequest(t, request, http.StatusNotFound)
 	})
+
+	t.Run("Register runner", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner", Description: "Some description"}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/orgs/org3/actions/runners", options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		assert.NotNil(t, registerRunnerResponse)
+		assert.Positive(t, registerRunnerResponse.ID)
+		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
+		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
+
+		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
+		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
+		assert.Equal(t, int64(3), registeredRunner.OwnerID)
+		assert.Zero(t, registeredRunner.RepoID)
+		assert.Equal(t, "api-runner", registeredRunner.Name)
+		assert.Equal(t, "Some description", registeredRunner.Description)
+		assert.Empty(t, registeredRunner.AgentLabels)
+		assert.Empty(t, registeredRunner.Version)
+		assert.NotEmpty(t, registeredRunner.TokenHash)
+		assert.NotEmpty(t, registeredRunner.TokenSalt)
+	})
+
+	t.Run("Runner registration does not update runner with identical name", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner"}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/orgs/org3/actions/runners", options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		secondRequest := NewRequestWithJSON(t, "POST", "/api/v1/orgs/org3/actions/runners", options)
+		secondRequest.AddTokenAuth(writeToken)
+		secondResponse := MakeRequest(t, secondRequest, http.StatusCreated)
+
+		var secondRegisterRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, secondResponse, &secondRegisterRunnerResponse)
+
+		firstRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		secondRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: secondRegisterRunnerResponse.UUID})
+
+		assert.NotEqual(t, firstRunner.ID, secondRunner.ID)
+		assert.NotEqual(t, firstRunner.UUID, secondRunner.UUID)
+	})
+
+	t.Run("Runner registration requires write token for organization scope", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner"}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/orgs/org3/actions/runners", options)
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusForbidden)
+
+		type errorResponse struct {
+			Message string `json:"message"`
+		}
+
+		var errorMessage *errorResponse
+		DecodeJSON(t, response, &errorMessage)
+
+		assert.Equal(t, "token does not have at least one of required scope(s): [write:organization]", errorMessage.Message)
+	})
 }
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index 6692ddaa63..d12691b117 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -23,6 +23,7 @@ import (
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
+	gouuid "github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -380,11 +381,12 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 	session := loginUser(t, user2.Name)
 	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
 	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
 
-	t.Run("GetRunners", func(t *testing.T) {
+	t.Run("Get runners", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -420,7 +422,7 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
 	})
 
-	t.Run("GetRunnersPaginated", func(t *testing.T) {
+	t.Run("Get runners paginated", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners?page=1&limit=1")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -433,7 +435,7 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		assert.Len(t, runners, 1)
 	})
 
-	t.Run("GetRunner", func(t *testing.T) {
+	t.Run("Get runner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners/899251")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -456,7 +458,7 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		assert.Equal(t, runnerOne, runner)
 	})
 
-	t.Run("DeleteRunner", func(t *testing.T) {
+	t.Run("Delete runner", func(t *testing.T) {
 		url := "/api/v1/repos/user2/test_workflows/actions/runners/899253"
 
 		request := NewRequest(t, "GET", url)
@@ -471,4 +473,76 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		request.AddTokenAuth(readToken)
 		MakeRequest(t, request, http.StatusNotFound)
 	})
+
+	t.Run("Register runner", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner", Description: "Some description"}
+
+		requestURL := fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners", repo1.OwnerName, repo1.Name)
+		request := NewRequestWithJSON(t, "POST", requestURL, options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		assert.NotNil(t, registerRunnerResponse)
+		assert.Positive(t, registerRunnerResponse.ID)
+		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
+		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
+
+		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
+		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
+		assert.Zero(t, registeredRunner.OwnerID)
+		assert.Equal(t, repo1.ID, registeredRunner.RepoID)
+		assert.Equal(t, "api-runner", registeredRunner.Name)
+		assert.Equal(t, "Some description", registeredRunner.Description)
+		assert.Empty(t, registeredRunner.AgentLabels)
+		assert.Empty(t, registeredRunner.Version)
+		assert.NotEmpty(t, registeredRunner.TokenHash)
+		assert.NotEmpty(t, registeredRunner.TokenSalt)
+	})
+
+	t.Run("Runner registration does not update runner with identical name", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner"}
+
+		requestURL := fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners", repo1.OwnerName, repo1.Name)
+		request := NewRequestWithJSON(t, "POST", requestURL, options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		secondRequest := NewRequestWithJSON(t, "POST", requestURL, options)
+		secondRequest.AddTokenAuth(writeToken)
+		secondResponse := MakeRequest(t, secondRequest, http.StatusCreated)
+
+		var secondRegisterRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, secondResponse, &secondRegisterRunnerResponse)
+
+		firstRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		secondRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: secondRegisterRunnerResponse.UUID})
+
+		assert.NotEqual(t, firstRunner.ID, secondRunner.ID)
+		assert.NotEqual(t, firstRunner.UUID, secondRunner.UUID)
+	})
+
+	t.Run("Runner registration requires write token for repository scope", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner"}
+
+		requestURL := fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners", repo1.OwnerName, repo1.Name)
+		request := NewRequestWithJSON(t, "POST", requestURL, options)
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusForbidden)
+
+		type errorResponse struct {
+			Message string `json:"message"`
+		}
+
+		var errorMessage *errorResponse
+		DecodeJSON(t, response, &errorMessage)
+
+		assert.Equal(t, "token does not have at least one of required scope(s): [write:repository]", errorMessage.Message)
+	})
 }
diff --git a/tests/integration/api_user_actions_test.go b/tests/integration/api_user_actions_test.go
index 106c99bdbe..73a4060c0c 100644
--- a/tests/integration/api_user_actions_test.go
+++ b/tests/integration/api_user_actions_test.go
@@ -16,6 +16,7 @@ import (
 	"forgejo.org/routers/api/v1/shared"
 	"forgejo.org/tests"
 
+	gouuid "github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -109,7 +110,7 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
 	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
 
-	t.Run("GetRunners", func(t *testing.T) {
+	t.Run("Get runners", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/user/actions/runners")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -145,7 +146,7 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
 	})
 
-	t.Run("GetRunnersPaginated", func(t *testing.T) {
+	t.Run("Get runners paginated", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/user/actions/runners?page=1&limit=1")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -158,7 +159,7 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		assert.Len(t, runners, 1)
 	})
 
-	t.Run("GetRunner", func(t *testing.T) {
+	t.Run("Get runner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/user/actions/runners/71303")
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
@@ -181,7 +182,7 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		assert.Equal(t, runnerThree, runner)
 	})
 
-	t.Run("DeleteRunner", func(t *testing.T) {
+	t.Run("Delete runner", func(t *testing.T) {
 		url := "/api/v1/user/actions/runners/71303"
 
 		request := NewRequest(t, "GET", url)
@@ -196,4 +197,73 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		request.AddTokenAuth(readToken)
 		MakeRequest(t, request, http.StatusNotFound)
 	})
+
+	t.Run("Register runner", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner", Description: "Some description"}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/user/actions/runners", options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		assert.NotNil(t, registerRunnerResponse)
+		assert.Positive(t, registerRunnerResponse.ID)
+		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
+		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
+
+		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
+		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
+		assert.Equal(t, user2.ID, registeredRunner.OwnerID)
+		assert.Zero(t, registeredRunner.RepoID)
+		assert.Equal(t, "api-runner", registeredRunner.Name)
+		assert.Equal(t, "Some description", registeredRunner.Description)
+		assert.Empty(t, registeredRunner.AgentLabels)
+		assert.Empty(t, registeredRunner.Version)
+		assert.NotEmpty(t, registeredRunner.TokenHash)
+		assert.NotEmpty(t, registeredRunner.TokenSalt)
+	})
+
+	t.Run("Runner registration does not update runner with identical name", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner"}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/user/actions/runners", options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		secondRequest := NewRequestWithJSON(t, "POST", "/api/v1/user/actions/runners", options)
+		secondRequest.AddTokenAuth(writeToken)
+		secondResponse := MakeRequest(t, secondRequest, http.StatusCreated)
+
+		var secondRegisterRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, secondResponse, &secondRegisterRunnerResponse)
+
+		firstRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		secondRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: secondRegisterRunnerResponse.UUID})
+
+		assert.NotEqual(t, firstRunner.ID, secondRunner.ID)
+		assert.NotEqual(t, firstRunner.UUID, secondRunner.UUID)
+	})
+
+	t.Run("Runner registration requires write token for user scope", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "api-runner"}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/user/actions/runners", options)
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusForbidden)
+
+		type errorResponse struct {
+			Message string `json:"message"`
+		}
+
+		var errorMessage *errorResponse
+		DecodeJSON(t, response, &errorMessage)
+
+		assert.Equal(t, "token does not have at least one of required scope(s): [write:user]", errorMessage.Message)
+	})
 }

From 80efc34a138555ccddc8ed8402f8ffd348755f35 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 5 Jan 2026 08:54:59 +0100
Subject: [PATCH 095/854] Update module github.com/yuin/goldmark to v1.7.14
 (forgejo) (#10700)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10700
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 655576183d..4696d2fdfd 100644
--- a/go.mod
+++ b/go.mod
@@ -97,7 +97,7 @@ require (
 	github.com/urfave/cli/v3 v3.5.0
 	github.com/valyala/fastjson v1.6.7
 	github.com/yohcop/openid-go v1.0.1
-	github.com/yuin/goldmark v1.7.13
+	github.com/yuin/goldmark v1.7.14
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	gitlab.com/gitlab-org/api/client-go v0.143.2
 	go.uber.org/mock v0.6.0
diff --git a/go.sum b/go.sum
index c029923e1d..ac24bcf574 100644
--- a/go.sum
+++ b/go.sum
@@ -701,8 +701,8 @@ github.com/yohcop/openid-go v1.0.1/go.mod h1:b/AvD03P0KHj4yuihb+VtLD6bYYgsy0zqBz
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/goldmark v1.4.15/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yuin/goldmark v1.7.13 h1:GPddIs617DnBLFFVJFgpo1aBfe/4xcvMc3SB5t/D0pA=
-github.com/yuin/goldmark v1.7.13/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
+github.com/yuin/goldmark v1.7.14 h1:9F3UqVQdZ5GG5y6TU0l1TbbDhZmqfevaOcinQt88Qi8=
+github.com/yuin/goldmark v1.7.14/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc h1:+IAOyRda+RLrxa1WC7umKOZRsGq4QrFFMYApOeHzQwQ=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I=
 github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=

From 2cede357c2e1b86efb43a453f43c8650f0ebdbd7 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 5 Jan 2026 08:55:09 +0100
Subject: [PATCH 096/854] Update CodeMirror (forgejo) (#10701)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10701
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 56 +++++++++++++++++++++++------------------------
 package.json      | 12 +++++-----
 2 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d923c15eb3..96643a7d31 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,8 +9,8 @@
         "@citation-js/core": "0.7.21",
         "@citation-js/plugin-bibtex": "0.7.21",
         "@citation-js/plugin-software-formats": "0.6.1",
-        "@codemirror/autocomplete": "6.19.1",
-        "@codemirror/commands": "6.10.0",
+        "@codemirror/autocomplete": "6.20.0",
+        "@codemirror/commands": "6.10.1",
         "@codemirror/lang-cpp": "6.0.3",
         "@codemirror/lang-css": "6.3.1",
         "@codemirror/lang-go": "6.0.1",
@@ -19,7 +19,7 @@
         "@codemirror/lang-javascript": "6.2.4",
         "@codemirror/lang-json": "6.0.2",
         "@codemirror/lang-less": "6.0.2",
-        "@codemirror/lang-liquid": "6.3.0",
+        "@codemirror/lang-liquid": "6.3.1",
         "@codemirror/lang-markdown": "6.5.0",
         "@codemirror/lang-php": "6.0.2",
         "@codemirror/lang-python": "6.2.1",
@@ -27,10 +27,10 @@
         "@codemirror/lang-sass": "6.0.2",
         "@codemirror/lang-xml": "6.1.0",
         "@codemirror/lang-yaml": "6.1.2",
-        "@codemirror/language": "6.11.3",
+        "@codemirror/language": "6.12.1",
         "@codemirror/search": "6.5.11",
-        "@codemirror/state": "6.5.2",
-        "@codemirror/view": "6.38.2",
+        "@codemirror/state": "6.5.3",
+        "@codemirror/view": "6.39.8",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.8.0",
@@ -499,9 +499,9 @@
       }
     },
     "node_modules/@codemirror/autocomplete": {
-      "version": "6.19.1",
-      "resolved": "https://registry.npmjs.org/@codemirror/autocomplete/-/autocomplete-6.19.1.tgz",
-      "integrity": "sha512-q6NenYkEy2fn9+JyjIxMWcNjzTL/IhwqfzOut1/G3PrIFkrbl4AL7Wkse5tLrQUUyqGoAKU5+Pi5jnnXxH5HGw==",
+      "version": "6.20.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/autocomplete/-/autocomplete-6.20.0.tgz",
+      "integrity": "sha512-bOwvTOIJcG5FVo5gUUupiwYh8MioPLQ4UcqbcRf7UQ98X90tCa9E1kZ3Z7tqwpZxYyOvh1YTYbmZE9RTfTp5hg==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/language": "^6.0.0",
@@ -511,9 +511,9 @@
       }
     },
     "node_modules/@codemirror/commands": {
-      "version": "6.10.0",
-      "resolved": "https://registry.npmjs.org/@codemirror/commands/-/commands-6.10.0.tgz",
-      "integrity": "sha512-2xUIc5mHXQzT16JnyOFkh8PvfeXuIut3pslWGfsGOhxP/lpgRm9HOl/mpzLErgt5mXDovqA0d11P21gofRLb9w==",
+      "version": "6.10.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/commands/-/commands-6.10.1.tgz",
+      "integrity": "sha512-uWDWFypNdQmz2y1LaNJzK7fL7TYKLeUAU0npEC685OKTF3KcQ2Vu3klIM78D7I6wGhktme0lh3CuQLv0ZCrD9Q==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/language": "^6.0.0",
@@ -624,9 +624,9 @@
       }
     },
     "node_modules/@codemirror/lang-liquid": {
-      "version": "6.3.0",
-      "resolved": "https://registry.npmjs.org/@codemirror/lang-liquid/-/lang-liquid-6.3.0.tgz",
-      "integrity": "sha512-fY1YsUExcieXRTsCiwX/bQ9+PbCTA/Fumv7C7mTUZHoFkibfESnaXwpr2aKH6zZVwysEunsHHkaIpM/pl3xETQ==",
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-liquid/-/lang-liquid-6.3.1.tgz",
+      "integrity": "sha512-S/jE/D7iij2Pu70AC65ME6AYWxOOcX20cSJvaPgY5w7m2sfxsArAcUAuUgm/CZCVmqoi9KiOlS7gj/gyLipABw==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/autocomplete": "^6.0.0",
@@ -733,14 +733,14 @@
       }
     },
     "node_modules/@codemirror/language": {
-      "version": "6.11.3",
-      "resolved": "https://registry.npmjs.org/@codemirror/language/-/language-6.11.3.tgz",
-      "integrity": "sha512-9HBM2XnwDj7fnu0551HkGdrUrrqmYq/WC5iv6nbY2WdicXdGbhR/gfbZOH73Aqj4351alY1+aoG9rCNfiwS1RA==",
+      "version": "6.12.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/language/-/language-6.12.1.tgz",
+      "integrity": "sha512-Fa6xkSiuGKc8XC8Cn96T+TQHYj4ZZ7RdFmXA3i9xe/3hLHfwPZdM+dqfX0Cp0zQklBKhVD8Yzc8LS45rkqcwpQ==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.0.0",
         "@codemirror/view": "^6.23.0",
-        "@lezer/common": "^1.1.0",
+        "@lezer/common": "^1.5.0",
         "@lezer/highlight": "^1.0.0",
         "@lezer/lr": "^1.0.0",
         "style-mod": "^4.0.0"
@@ -769,18 +769,18 @@
       }
     },
     "node_modules/@codemirror/state": {
-      "version": "6.5.2",
-      "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.5.2.tgz",
-      "integrity": "sha512-FVqsPqtPWKVVL3dPSxy8wEF/ymIEuVzF1PK3VbUgrxXpJUSHQWWZz4JMToquRxnkw+36LTamCZG2iua2Ptq0fA==",
+      "version": "6.5.3",
+      "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.5.3.tgz",
+      "integrity": "sha512-MerMzJzlXogk2fxWFU1nKp36bY5orBG59HnPiz0G9nLRebWa0zXuv2siH6PLIHBvv5TH8CkQRqjBs0MlxCZu+A==",
       "license": "MIT",
       "dependencies": {
         "@marijn/find-cluster-break": "^1.0.0"
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.38.2",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.38.2.tgz",
-      "integrity": "sha512-bTWAJxL6EOFLPzTx+O5P5xAO3gTqpatQ2b/ARQ8itfU/v2LlpS3pH2fkL0A3E/Fx8Y2St2KES7ZEV0sHTsSW/A==",
+      "version": "6.39.8",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.8.tgz",
+      "integrity": "sha512-1rASYd9Z/mE3tkbC9wInRlCNyCkSn+nLsiQKZhEDUUJiUfs/5FHDpCUDaQpoTIaNGeDc6/bhaEAyLmeEucEFPw==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.5.0",
@@ -2444,9 +2444,9 @@
       "license": "MIT"
     },
     "node_modules/@lezer/common": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/@lezer/common/-/common-1.4.0.tgz",
-      "integrity": "sha512-DVeMRoGrgn/k45oQNu189BoW4SZwgZFzJ1+1TV5j2NJ/KFC83oa/enRqZSGshyeMk5cPWMhsKs9nx+8o0unwGg==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/@lezer/common/-/common-1.5.0.tgz",
+      "integrity": "sha512-PNGcolp9hr4PJdXR4ix7XtixDrClScvtSCYW3rQG106oVMOOI+jFb+0+J3mbeL/53g1Zd6s0kJzaw6Ri68GmAA==",
       "license": "MIT"
     },
     "node_modules/@lezer/cpp": {
diff --git a/package.json b/package.json
index 99a310112d..876efcab69 100644
--- a/package.json
+++ b/package.json
@@ -8,8 +8,8 @@
     "@citation-js/core": "0.7.21",
     "@citation-js/plugin-bibtex": "0.7.21",
     "@citation-js/plugin-software-formats": "0.6.1",
-    "@codemirror/autocomplete": "6.19.1",
-    "@codemirror/commands": "6.10.0",
+    "@codemirror/autocomplete": "6.20.0",
+    "@codemirror/commands": "6.10.1",
     "@codemirror/lang-cpp": "6.0.3",
     "@codemirror/lang-css": "6.3.1",
     "@codemirror/lang-go": "6.0.1",
@@ -18,7 +18,7 @@
     "@codemirror/lang-javascript": "6.2.4",
     "@codemirror/lang-json": "6.0.2",
     "@codemirror/lang-less": "6.0.2",
-    "@codemirror/lang-liquid": "6.3.0",
+    "@codemirror/lang-liquid": "6.3.1",
     "@codemirror/lang-markdown": "6.5.0",
     "@codemirror/lang-php": "6.0.2",
     "@codemirror/lang-python": "6.2.1",
@@ -26,10 +26,10 @@
     "@codemirror/lang-sass": "6.0.2",
     "@codemirror/lang-xml": "6.1.0",
     "@codemirror/lang-yaml": "6.1.2",
-    "@codemirror/language": "6.11.3",
+    "@codemirror/language": "6.12.1",
     "@codemirror/search": "6.5.11",
-    "@codemirror/state": "6.5.2",
-    "@codemirror/view": "6.38.2",
+    "@codemirror/state": "6.5.3",
+    "@codemirror/view": "6.39.8",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.8.0",

From 08b961de2c7fdc426b41f5515599f93142e5eb8b Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 5 Jan 2026 08:55:19 +0100
Subject: [PATCH 097/854] Update renovate to v42.71.0 (forgejo) (#10698)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index f9da8c787f..940cad9ab1 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:42.66.11
+      image: data.forgejo.org/renovate/renovate:42.71.0
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index 7afadaa493..6b8337ce02 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.40.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@42.66.11 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@42.71.0 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From acdfb122cbfd0f600dc1c8d97a09ea2791467cdd Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 5 Jan 2026 08:55:59 +0100
Subject: [PATCH 098/854] Update dependency @lezer/highlight to v1.2.3
 (forgejo) (#10699)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10699
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 10 +++++-----
 package.json      |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 96643a7d31..931a499f7e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -35,7 +35,7 @@
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.8.0",
         "@google/model-viewer": "4.1.0",
-        "@lezer/highlight": "1.2.1",
+        "@lezer/highlight": "1.2.3",
         "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
         "@primer/octicons": "19.14.0",
         "ansi_up": "6.0.5",
@@ -2483,12 +2483,12 @@
       }
     },
     "node_modules/@lezer/highlight": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/@lezer/highlight/-/highlight-1.2.1.tgz",
-      "integrity": "sha512-Z5duk4RN/3zuVO7Jq0pGLJ3qynpxUVsh7IbUbGj88+uV2ApSAn6kWg2au3iJb+0Zi7kKtqffIESgNcRXWZWmSA==",
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/@lezer/highlight/-/highlight-1.2.3.tgz",
+      "integrity": "sha512-qXdH7UqTvGfdVBINrgKhDsVTJTxactNNxLk7+UMwZhU13lMHaOBlJe9Vqp907ya56Y3+ed2tlqzys7jDkTmW0g==",
       "license": "MIT",
       "dependencies": {
-        "@lezer/common": "^1.0.0"
+        "@lezer/common": "^1.3.0"
       }
     },
     "node_modules/@lezer/html": {
diff --git a/package.json b/package.json
index 876efcab69..4f294c2e8e 100644
--- a/package.json
+++ b/package.json
@@ -34,7 +34,7 @@
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.8.0",
     "@google/model-viewer": "4.1.0",
-    "@lezer/highlight": "1.2.1",
+    "@lezer/highlight": "1.2.3",
     "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
     "@primer/octicons": "19.14.0",
     "ansi_up": "6.0.5",

From ea421cba4ee3899dd64a28e79a9026fb13a65dab Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Mon, 5 Jan 2026 14:47:27 +0100
Subject: [PATCH 099/854] fix: retain Forgejo Action's commit_status entries
 with distinct descriptions (#10696)

In #10678, I fixed an incorrect codepath that was intended to prevent duplicate redundant entries in `commit_status`.  However, the codepath that was repaired didn't take into account changes in the `description` field -- eg. going from `Waiting to run` to `Has started running` both have the `pending` commit status state but are distinct and should be retained.  This PR fixes the fix so that changes in description do still cause new entries into the `commit_status` table.

This issue was raised due to an end-to-end test failure in the `push-cancel` actions test.  I've manually tested that this fixes the end-to-end test.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10696
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 services/actions/commit_status.go      | 47 +++++++++++++-------------
 services/actions/commit_status_test.go | 24 +++++++++++--
 2 files changed, 46 insertions(+), 25 deletions(-)

diff --git a/services/actions/commit_status.go b/services/actions/commit_status.go
index 5a72a17022..2a8ca2810c 100644
--- a/services/actions/commit_status.go
+++ b/services/actions/commit_status.go
@@ -85,29 +85,6 @@ func createCommitStatus(ctx context.Context, job *actions_model.ActionRunJob) er
 		return nil
 	}
 
-	repo := run.Repo
-	// TODO: store workflow name as a field in ActionRun to avoid parsing
-	runName := path.Base(run.WorkflowID)
-	if wfs, err := jobparser.Parse(job.WorkflowPayload, false); err == nil && len(wfs) > 0 {
-		runName = wfs[0].Name
-	}
-	ctxname := fmt.Sprintf("%s / %s (%s)", runName, job.Name, event)
-	state := toCommitStatus(job.Status)
-	if statuses, _, err := git_model.GetLatestCommitStatus(ctx, repo.ID, sha, db.ListOptionsAll); err == nil {
-		for _, v := range statuses {
-			// TrimSpace(ctxname) to match stored value which is trimmed in `git.NewCommitStatus`
-			if v.Context == strings.TrimSpace(ctxname) {
-				if v.State == state {
-					// no need to update
-					return nil
-				}
-				break
-			}
-		}
-	} else {
-		return fmt.Errorf("GetLatestCommitStatus: %w", err)
-	}
-
 	description := ""
 	switch job.Status {
 	// TODO: if we want support description in different languages, we need to support i18n placeholders in it
@@ -127,6 +104,30 @@ func createCommitStatus(ctx context.Context, job *actions_model.ActionRunJob) er
 		description = "Blocked by required conditions"
 	}
 
+	repo := run.Repo
+	// TODO: store workflow name as a field in ActionRun to avoid parsing
+	runName := path.Base(run.WorkflowID)
+	if wfs, err := jobparser.Parse(job.WorkflowPayload, false); err == nil && len(wfs) > 0 {
+		runName = wfs[0].Name
+	}
+	ctxname := fmt.Sprintf("%s / %s (%s)", runName, job.Name, event)
+	state := toCommitStatus(job.Status)
+	if statuses, _, err := git_model.GetLatestCommitStatus(ctx, repo.ID, sha, db.ListOptionsAll); err == nil {
+		for _, v := range statuses {
+			// TrimSpace(ctxname) & TrimSpace(description) to match stored value which is trimmed in
+			// `git.NewCommitStatus`
+			if v.Context == strings.TrimSpace(ctxname) {
+				if v.State == state && v.Description == strings.TrimSpace(description) {
+					// no need to update
+					return nil
+				}
+				break
+			}
+		}
+	} else {
+		return fmt.Errorf("GetLatestCommitStatus: %w", err)
+	}
+
 	index, err := getIndexOfJob(ctx, job)
 	if err != nil {
 		return fmt.Errorf("getIndexOfJob: %w", err)
diff --git a/services/actions/commit_status_test.go b/services/actions/commit_status_test.go
index 3252969793..fc39c91bfe 100644
--- a/services/actions/commit_status_test.go
+++ b/services/actions/commit_status_test.go
@@ -66,6 +66,7 @@ func TestCreateCommitStatus_AvoidsDuplicates(t *testing.T) {
 	assert.Equal(t, "Blocked by required conditions", status.Description)
 	assert.Equal(t, "39c46bc9f0f68e0dcfbb59118e12778fa095b066", status.ContextHash)
 	assert.Equal(t, "/ job_2 (push)", status.Context) // This test is intended to cover the runName = "" case, which trims whitespace in this context string -- don't change it in the future
+	assert.EqualValues(t, 1, status.Index)
 
 	// No status change, but createCommitStatus invoked again
 	err = createCommitStatus(t.Context(), job)
@@ -74,11 +75,30 @@ func TestCreateCommitStatus_AvoidsDuplicates(t *testing.T) {
 	// Should have just the same 1 commit status since the context & state was unchanged.
 	assert.Equal(t, 1, unittest.GetCount(t, &git_model.CommitStatus{}, targetCommitStatusFilter))
 
+	// Change status, but still pending -- should add new commit status just for the Description change
+	job.Status = actions_model.StatusWaiting // Blocked -> Waiting
+	err = createCommitStatus(t.Context(), job)
+	require.NoError(t, err)
+
+	// New commit status added
+	assert.Equal(t, 2, unittest.GetCount(t, &git_model.CommitStatus{}, targetCommitStatusFilter))
+	status = unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{Index: 2}, targetCommitStatusFilter)
+	assert.Equal(t, structs.CommitStatusState("pending"), status.State)
+	assert.Equal(t, "Waiting to run", status.Description)
+
+	// Invoke createCommitStatus again, check no new record created again
+	err = createCommitStatus(t.Context(), job)
+	require.NoError(t, err)
+	assert.Equal(t, 2, unittest.GetCount(t, &git_model.CommitStatus{}, targetCommitStatusFilter))
+
 	// Update job status & create new commit status
 	job.Status = actions_model.StatusSuccess
 	err = createCommitStatus(t.Context(), job)
 	require.NoError(t, err)
 
-	// Should have 2 commit statuses now
-	assert.Equal(t, 2, unittest.GetCount(t, &git_model.CommitStatus{}, targetCommitStatusFilter))
+	// New commit status added w/ updated state & description
+	assert.Equal(t, 3, unittest.GetCount(t, &git_model.CommitStatus{}, targetCommitStatusFilter))
+	status = unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{Index: 3}, targetCommitStatusFilter)
+	assert.Equal(t, structs.CommitStatusState("success"), status.State)
+	assert.Equal(t, "Successful in 1m38s", status.Description)
 }

From d7d7b457e1fba893b5407fb1f3b6097601118438 Mon Sep 17 00:00:00 2001
From: famfo <famfo@famfo.xyz>
Date: Mon, 5 Jan 2026 19:35:33 +0100
Subject: [PATCH 100/854] chore: add famfo to CODEOWNERS for federation code
 (#10706)

I'd like to add myself to the CODEOWNERS for federation code, partly out of personal interest and partly because ActivityPub is easy to hold the wrong way and I unfortunately know a thing or two about this mess by now.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10706
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
---
 CODEOWNERS | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CODEOWNERS b/CODEOWNERS
index 4934331197..bb6f0578c2 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -51,3 +51,12 @@ modules/structs/.* @Cyborus
 routers/api/v1/.* @Cyborus
 routers/api/forgejo/.* @Cyborus
 tests/integration/api_.* @Cyborus
+
+# Federation code, requires care to be taken with regards to interoperability
+# and backwards compatibility due to the way signatures work.
+services/federation/.* @famfo
+modules/forgefed/.* @famfo
+models/forgefed/.* @famfo
+routers/api/v1/activitypub/.* @famfo
+tests/integration/api_activitypub_.* @famfo
+tests/integration/activitypub_.* @famfo

From 3f994a6e807183c29fea5840df5898c5a693a7e1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 6 Jan 2026 10:14:19 +0100
Subject: [PATCH 101/854] Update module github.com/yuin/goldmark to v1.7.16
 (forgejo) (#10709)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10709
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4696d2fdfd..0f36991e35 100644
--- a/go.mod
+++ b/go.mod
@@ -97,7 +97,7 @@ require (
 	github.com/urfave/cli/v3 v3.5.0
 	github.com/valyala/fastjson v1.6.7
 	github.com/yohcop/openid-go v1.0.1
-	github.com/yuin/goldmark v1.7.14
+	github.com/yuin/goldmark v1.7.16
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	gitlab.com/gitlab-org/api/client-go v0.143.2
 	go.uber.org/mock v0.6.0
diff --git a/go.sum b/go.sum
index ac24bcf574..1fcb9176eb 100644
--- a/go.sum
+++ b/go.sum
@@ -701,8 +701,8 @@ github.com/yohcop/openid-go v1.0.1/go.mod h1:b/AvD03P0KHj4yuihb+VtLD6bYYgsy0zqBz
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/goldmark v1.4.15/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yuin/goldmark v1.7.14 h1:9F3UqVQdZ5GG5y6TU0l1TbbDhZmqfevaOcinQt88Qi8=
-github.com/yuin/goldmark v1.7.14/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
+github.com/yuin/goldmark v1.7.16 h1:n+CJdUxaFMiDUNnWC3dMWCIQJSkxH4uz3ZwQBkAlVNE=
+github.com/yuin/goldmark v1.7.16/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc h1:+IAOyRda+RLrxa1WC7umKOZRsGq4QrFFMYApOeHzQwQ=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I=
 github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=

From 00b457e291c25761906607d01b056e52b26c07f7 Mon Sep 17 00:00:00 2001
From: Myers Carpenter <myers@maski.org>
Date: Tue, 6 Jan 2026 10:29:15 +0100
Subject: [PATCH 102/854] feat: Add header annotations for accurate API
 documentation (#9380)

This will help api packages like https://codeberg.org/Cyborus/forgejo-api to generate clients that expose the header information as well. Currently `forgejo-api` has to edit the swagger json to generate a client crate that knows about headers.

- Create separate response types for different endpoint behaviors
- CommitList: Base type with only X-Total-Count header
- CommitListWithPagination: For GetPullRequestCommits (pagination headers + X-Total-Count)
- CommitListWithLegacyPagination: For GetAllCommits (pagination headers + X-Total-Count + deprecated X-Total)
- ChangedFileList: Base type with only X-Total-Count header
- ChangedFileListWithPagination: For GetPullRequestFiles (pagination headers + X-Total-Count)

This ensures swagger documentation accurately reflects which headers each endpoint returns.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9380
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Cyborus <cyborus@disroot.org>
Co-authored-by: Myers Carpenter <myers@maski.org>
Co-committed-by: Myers Carpenter <myers@maski.org>
---
 modules/structs/user_app.go               |   1 -
 routers/api/v1/admin/hooks.go             |   2 +-
 routers/api/v1/notify/repo.go             |   2 +-
 routers/api/v1/notify/user.go             |   2 +-
 routers/api/v1/org/hook.go                |   2 +-
 routers/api/v1/org/org.go                 |   4 +-
 routers/api/v1/repo/issue_dependency.go   |   4 +-
 routers/api/v1/repo/issue_label.go        |   6 +-
 routers/api/v1/repo/issue_pin.go          |   2 +-
 routers/api/v1/repo/issue_reaction.go     |   2 +-
 routers/api/v1/repo/issue_tracked_time.go |   2 +-
 routers/api/v1/repo/pull.go               |   2 +-
 routers/api/v1/repo/pull_review.go        |   2 +-
 routers/api/v1/repo/teams.go              |   2 +-
 routers/api/v1/swagger/action.go          |   6 +
 routers/api/v1/swagger/activity.go        |   3 +
 routers/api/v1/swagger/app.go             |  20 ++
 routers/api/v1/swagger/cron.go            |   3 +
 routers/api/v1/swagger/issue.go           |  56 ++++
 routers/api/v1/swagger/key.go             |   3 +
 routers/api/v1/swagger/notify.go          |  10 +
 routers/api/v1/swagger/org.go             |  20 ++
 routers/api/v1/swagger/package.go         |   3 +
 routers/api/v1/swagger/repo.go            |  86 ++++-
 routers/api/v1/user/hook.go               |   2 +-
 templates/swagger/v1_json.tmpl            | 391 +++++++++++++++++++---
 26 files changed, 550 insertions(+), 88 deletions(-)

diff --git a/modules/structs/user_app.go b/modules/structs/user_app.go
index 6592c1cd48..a7504085fd 100644
--- a/modules/structs/user_app.go
+++ b/modules/structs/user_app.go
@@ -19,7 +19,6 @@ type AccessToken struct {
 }
 
 // AccessTokenList represents a list of API access token.
-// swagger:response AccessTokenList
 type AccessTokenList []*AccessToken
 
 // CreateAccessTokenOption options when create access token
diff --git a/routers/api/v1/admin/hooks.go b/routers/api/v1/admin/hooks.go
index 89977f6c6e..29aa8b3485 100644
--- a/routers/api/v1/admin/hooks.go
+++ b/routers/api/v1/admin/hooks.go
@@ -35,7 +35,7 @@ func ListHooks(ctx *context.APIContext) {
 	//   type: integer
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/HookList"
+	//     "$ref": "#/responses/HookListWithoutPagination"
 
 	sysHooks, total, err := webhook.GetSystemWebhooks(ctx, utils.GetListOptions(ctx), false)
 	if err != nil {
diff --git a/routers/api/v1/notify/repo.go b/routers/api/v1/notify/repo.go
index bf9b1541d5..718ff73f33 100644
--- a/routers/api/v1/notify/repo.go
+++ b/routers/api/v1/notify/repo.go
@@ -176,7 +176,7 @@ func ReadRepoNotifications(ctx *context.APIContext) {
 	//   required: false
 	// responses:
 	//   "205":
-	//     "$ref": "#/responses/NotificationThreadList"
+	//     "$ref": "#/responses/NotificationThreadListWithoutPagination"
 
 	lastRead := int64(0)
 	qLastRead := ctx.FormTrim("last_read_at")
diff --git a/routers/api/v1/notify/user.go b/routers/api/v1/notify/user.go
index 5b8757cf32..7bf261e75b 100644
--- a/routers/api/v1/notify/user.go
+++ b/routers/api/v1/notify/user.go
@@ -126,7 +126,7 @@ func ReadNotifications(ctx *context.APIContext) {
 	//   required: false
 	// responses:
 	//   "205":
-	//     "$ref": "#/responses/NotificationThreadList"
+	//     "$ref": "#/responses/NotificationThreadListWithoutPagination"
 
 	lastRead := int64(0)
 	qLastRead := ctx.FormTrim("last_read_at")
diff --git a/routers/api/v1/org/hook.go b/routers/api/v1/org/hook.go
index 2877acd3c7..5ddcf00233 100644
--- a/routers/api/v1/org/hook.go
+++ b/routers/api/v1/org/hook.go
@@ -36,7 +36,7 @@ func ListHooks(ctx *context.APIContext) {
 	//   type: integer
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/HookList"
+	//     "$ref": "#/responses/HookListWithoutPagination"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
diff --git a/routers/api/v1/org/org.go b/routers/api/v1/org/org.go
index a4ea924979..e69a24bc0b 100644
--- a/routers/api/v1/org/org.go
+++ b/routers/api/v1/org/org.go
@@ -68,7 +68,7 @@ func ListMyOrgs(ctx *context.APIContext) {
 	//   type: integer
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/OrganizationList"
+	//     "$ref": "#/responses/OrganizationListWithoutPagination"
 	//   "401":
 	//     "$ref": "#/responses/unauthorized"
 	//   "403":
@@ -102,7 +102,7 @@ func ListUserOrgs(ctx *context.APIContext) {
 	//   type: integer
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/OrganizationList"
+	//     "$ref": "#/responses/OrganizationListWithoutPagination"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
diff --git a/routers/api/v1/repo/issue_dependency.go b/routers/api/v1/repo/issue_dependency.go
index 80b4faffa3..400575d37c 100644
--- a/routers/api/v1/repo/issue_dependency.go
+++ b/routers/api/v1/repo/issue_dependency.go
@@ -52,7 +52,7 @@ func GetIssueDependencies(ctx *context.APIContext) {
 	//   type: integer
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/IssueList"
+	//     "$ref": "#/responses/IssueListWithoutPagination"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
@@ -315,7 +315,7 @@ func GetIssueBlocks(ctx *context.APIContext) {
 	//   type: integer
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/IssueList"
+	//     "$ref": "#/responses/IssueListWithoutPagination"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
diff --git a/routers/api/v1/repo/issue_label.go b/routers/api/v1/repo/issue_label.go
index e26703b872..70863b66b0 100644
--- a/routers/api/v1/repo/issue_label.go
+++ b/routers/api/v1/repo/issue_label.go
@@ -44,7 +44,7 @@ func ListIssueLabels(ctx *context.APIContext) {
 	//   required: true
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/LabelList"
+	//     "$ref": "#/responses/LabelListWithoutPagination"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
@@ -98,7 +98,7 @@ func AddIssueLabels(ctx *context.APIContext) {
 	//     "$ref": "#/definitions/IssueLabelsOption"
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/LabelList"
+	//     "$ref": "#/responses/LabelListWithoutPagination"
 	//   "403":
 	//     "$ref": "#/responses/forbidden"
 	//   "404":
@@ -254,7 +254,7 @@ func ReplaceIssueLabels(ctx *context.APIContext) {
 	//     "$ref": "#/definitions/IssueLabelsOption"
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/LabelList"
+	//     "$ref": "#/responses/LabelListWithoutPagination"
 	//   "403":
 	//     "$ref": "#/responses/forbidden"
 	//   "404":
diff --git a/routers/api/v1/repo/issue_pin.go b/routers/api/v1/repo/issue_pin.go
index 84079ed452..a892d4a65b 100644
--- a/routers/api/v1/repo/issue_pin.go
+++ b/routers/api/v1/repo/issue_pin.go
@@ -198,7 +198,7 @@ func ListPinnedIssues(ctx *context.APIContext) {
 	//   required: true
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/IssueList"
+	//     "$ref": "#/responses/IssueListWithoutPagination"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 	issues, err := issues_model.GetPinnedIssues(ctx, ctx.Repo.Repository.ID, false)
diff --git a/routers/api/v1/repo/issue_reaction.go b/routers/api/v1/repo/issue_reaction.go
index 2d6218bf46..25d4f3a8cb 100644
--- a/routers/api/v1/repo/issue_reaction.go
+++ b/routers/api/v1/repo/issue_reaction.go
@@ -45,7 +45,7 @@ func GetIssueCommentReactions(ctx *context.APIContext) {
 	//   required: true
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/ReactionList"
+	//     "$ref": "#/responses/ReactionListWithoutPagination"
 	//   "403":
 	//     "$ref": "#/responses/forbidden"
 	//   "404":
diff --git a/routers/api/v1/repo/issue_tracked_time.go b/routers/api/v1/repo/issue_tracked_time.go
index 61875b577c..0fb96fc319 100644
--- a/routers/api/v1/repo/issue_tracked_time.go
+++ b/routers/api/v1/repo/issue_tracked_time.go
@@ -411,7 +411,7 @@ func ListTrackedTimesByUser(ctx *context.APIContext) {
 	//   required: true
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/TrackedTimeList"
+	//     "$ref": "#/responses/TrackedTimeListWithoutPagination"
 	//   "400":
 	//     "$ref": "#/responses/error"
 	//   "403":
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 778a1c17b1..502adb18b6 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -1567,7 +1567,7 @@ func GetPullRequestFiles(ctx *context.APIContext) {
 	//   type: integer
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/ChangedFileList"
+	//     "$ref": "#/responses/ChangedFileListWithPagination"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
diff --git a/routers/api/v1/repo/pull_review.go b/routers/api/v1/repo/pull_review.go
index 06b47fef70..aa9a06d70c 100644
--- a/routers/api/v1/repo/pull_review.go
+++ b/routers/api/v1/repo/pull_review.go
@@ -743,7 +743,7 @@ func CreateReviewRequests(ctx *context.APIContext) {
 	//     "$ref": "#/definitions/PullReviewRequestOptions"
 	// responses:
 	//   "201":
-	//     "$ref": "#/responses/PullReviewList"
+	//     "$ref": "#/responses/PullReviewListWithoutPagination"
 	//   "422":
 	//     "$ref": "#/responses/validationError"
 	//   "404":
diff --git a/routers/api/v1/repo/teams.go b/routers/api/v1/repo/teams.go
index 4e9d3c40a9..cd08968efd 100644
--- a/routers/api/v1/repo/teams.go
+++ b/routers/api/v1/repo/teams.go
@@ -34,7 +34,7 @@ func ListTeams(ctx *context.APIContext) {
 	//   required: true
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/TeamList"
+	//     "$ref": "#/responses/TeamListWithoutPagination"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
diff --git a/routers/api/v1/swagger/action.go b/routers/api/v1/swagger/action.go
index 6f95975213..77b02e6a10 100644
--- a/routers/api/v1/swagger/action.go
+++ b/routers/api/v1/swagger/action.go
@@ -13,6 +13,9 @@ import (
 type swaggerResponseSecretList struct {
 	// in:body
 	Body []api.Secret `json:"body"`
+
+	// The total number of secrets
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // Secret
@@ -34,6 +37,9 @@ type swaggerResponseActionVariable struct {
 type swaggerResponseVariableList struct {
 	// in:body
 	Body []api.ActionVariable `json:"body"`
+
+	// The total number of variables
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // RunJobList is a list of action run jobs
diff --git a/routers/api/v1/swagger/activity.go b/routers/api/v1/swagger/activity.go
index 64466e5e7b..398f2b7505 100644
--- a/routers/api/v1/swagger/activity.go
+++ b/routers/api/v1/swagger/activity.go
@@ -12,4 +12,7 @@ import (
 type swaggerActivityFeedsList struct {
 	// in:body
 	Body []api.Activity `json:"body"`
+
+	// The total number of activity feeds
+	TotalCount int64 `json:"X-Total-Count"`
 }
diff --git a/routers/api/v1/swagger/app.go b/routers/api/v1/swagger/app.go
index 7d62b6d494..b651abe9e0 100644
--- a/routers/api/v1/swagger/app.go
+++ b/routers/api/v1/swagger/app.go
@@ -20,3 +20,23 @@ type swaggerResponseAccessToken struct {
 	// in:body
 	Body api.AccessToken `json:"body"`
 }
+
+// AccessTokenList
+// swagger:response AccessTokenList
+type swaggerResponseAccessTokenList struct {
+	// in:body
+	Body []api.AccessToken `json:"body"`
+
+	// The total number of access tokens
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// OAuth2ApplicationList
+// swagger:response OAuth2ApplicationList
+type swaggerResponseOAuth2ApplicationList struct {
+	// in:body
+	Body []api.OAuth2Application `json:"body"`
+
+	// The total number of OAuth2 applications
+	TotalCount int64 `json:"X-Total-Count"`
+}
diff --git a/routers/api/v1/swagger/cron.go b/routers/api/v1/swagger/cron.go
index 2c26b22441..7c7403b78e 100644
--- a/routers/api/v1/swagger/cron.go
+++ b/routers/api/v1/swagger/cron.go
@@ -12,4 +12,7 @@ import (
 type swaggerResponseCronList struct {
 	// in:body
 	Body []api.Cron `json:"body"`
+
+	// The total number of cron jobs
+	TotalCount int64 `json:"X-Total-Count"`
 }
diff --git a/routers/api/v1/swagger/issue.go b/routers/api/v1/swagger/issue.go
index b2b5de2228..685c0fee2f 100644
--- a/routers/api/v1/swagger/issue.go
+++ b/routers/api/v1/swagger/issue.go
@@ -21,6 +21,13 @@ type swaggerResponseIssueList struct {
 	Body []api.Issue `json:"body"`
 }
 
+// IssueListWithoutPagination - Issues without pagination headers (used for pinned issues, dependencies, etc.)
+// swagger:response IssueListWithoutPagination
+type swaggerIssueListWithoutPagination struct {
+	// in:body
+	Body []api.Issue `json:"body"`
+}
+
 // Comment
 // swagger:response Comment
 type swaggerResponseComment struct {
@@ -33,6 +40,16 @@ type swaggerResponseComment struct {
 type swaggerResponseCommentList struct {
 	// in:body
 	Body []api.Comment `json:"body"`
+
+	// The total number of comments
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// CommentListWithoutPagination - Comments without pagination headers
+// swagger:response CommentListWithoutPagination
+type swaggerCommentListWithoutPagination struct {
+	// in:body
+	Body []api.Comment `json:"body"`
 }
 
 // TimelineList
@@ -40,6 +57,9 @@ type swaggerResponseCommentList struct {
 type swaggerResponseTimelineList struct {
 	// in:body
 	Body []api.TimelineComment `json:"body"`
+
+	// The total number of timeline comments
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // Label
@@ -54,6 +74,16 @@ type swaggerResponseLabel struct {
 type swaggerResponseLabelList struct {
 	// in:body
 	Body []api.Label `json:"body"`
+
+	// The total number of labels
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// LabelListWithoutPagination - Labels for a specific issue (no pagination headers)
+// swagger:response LabelListWithoutPagination
+type swaggerLabelListWithoutPagination struct {
+	// in:body
+	Body []api.Label `json:"body"`
 }
 
 // Milestone
@@ -68,6 +98,9 @@ type swaggerResponseMilestone struct {
 type swaggerResponseMilestoneList struct {
 	// in:body
 	Body []api.Milestone `json:"body"`
+
+	// The total number of milestones
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // TrackedTime
@@ -82,6 +115,16 @@ type swaggerResponseTrackedTime struct {
 type swaggerResponseTrackedTimeList struct {
 	// in:body
 	Body []api.TrackedTime `json:"body"`
+
+	// The total number of tracked times
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// TrackedTimeListWithoutPagination - Tracked times for a specific user (no pagination headers)
+// swagger:response TrackedTimeListWithoutPagination
+type swaggerTrackedTimeListWithoutPagination struct {
+	// in:body
+	Body []api.TrackedTime `json:"body"`
 }
 
 // IssueDeadline
@@ -110,6 +153,9 @@ type swaggerResponseStopWatch struct {
 type swaggerResponseStopWatchList struct {
 	// in:body
 	Body []api.StopWatch `json:"body"`
+
+	// The total number of stop watches
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // Reaction
@@ -124,4 +170,14 @@ type swaggerReaction struct {
 type swaggerReactionList struct {
 	// in:body
 	Body []api.Reaction `json:"body"`
+
+	// The total number of reactions
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// ReactionListWithoutPagination - Reactions for a specific comment (no pagination headers)
+// swagger:response ReactionListWithoutPagination
+type swaggerReactionListWithoutPagination struct {
+	// in:body
+	Body []api.Reaction `json:"body"`
 }
diff --git a/routers/api/v1/swagger/key.go b/routers/api/v1/swagger/key.go
index 27aa72458d..3134a841fe 100644
--- a/routers/api/v1/swagger/key.go
+++ b/routers/api/v1/swagger/key.go
@@ -47,4 +47,7 @@ type swaggerResponseDeployKey struct {
 type swaggerResponseDeployKeyList struct {
 	// in:body
 	Body []api.DeployKey `json:"body"`
+
+	// The total number of deploy keys
+	TotalCount int64 `json:"X-Total-Count"`
 }
diff --git a/routers/api/v1/swagger/notify.go b/routers/api/v1/swagger/notify.go
index cd60ef2bcb..6df0a7512a 100644
--- a/routers/api/v1/swagger/notify.go
+++ b/routers/api/v1/swagger/notify.go
@@ -19,6 +19,16 @@ type swaggerNotificationThread struct {
 type swaggerNotificationThreadList struct {
 	// in:body
 	Body []api.NotificationThread `json:"body"`
+
+	// The total number of notification threads
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// NotificationThreadListWithoutPagination - Notification threads without pagination headers
+// swagger:response NotificationThreadListWithoutPagination
+type swaggerNotificationThreadListWithoutPagination struct {
+	// in:body
+	Body []api.NotificationThread `json:"body"`
 }
 
 // Number of unread notifications
diff --git a/routers/api/v1/swagger/org.go b/routers/api/v1/swagger/org.go
index 2d081708a8..7934e2d868 100644
--- a/routers/api/v1/swagger/org.go
+++ b/routers/api/v1/swagger/org.go
@@ -19,6 +19,16 @@ type swaggerResponseOrganization struct {
 type swaggerResponseOrganizationList struct {
 	// in:body
 	Body []api.Organization `json:"body"`
+
+	// The total number of organizations
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// OrganizationListWithoutPagination - Organizations without pagination headers
+// swagger:response OrganizationListWithoutPagination
+type swaggerOrganizationListWithoutPagination struct {
+	// in:body
+	Body []api.Organization `json:"body"`
 }
 
 // Team
@@ -33,6 +43,16 @@ type swaggerResponseTeam struct {
 type swaggerResponseTeamList struct {
 	// in:body
 	Body []api.Team `json:"body"`
+
+	// The total number of teams
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// TeamListWithoutPagination - Teams without pagination headers
+// swagger:response TeamListWithoutPagination
+type swaggerTeamListWithoutPagination struct {
+	// in:body
+	Body []api.Team `json:"body"`
 }
 
 // OrganizationPermissions
diff --git a/routers/api/v1/swagger/package.go b/routers/api/v1/swagger/package.go
index dd1b45e9aa..93e162eebe 100644
--- a/routers/api/v1/swagger/package.go
+++ b/routers/api/v1/swagger/package.go
@@ -19,6 +19,9 @@ type swaggerResponsePackage struct {
 type swaggerResponsePackageList struct {
 	// in:body
 	Body []api.Package `json:"body"`
+
+	// The total number of packages
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // PackageFileList
diff --git a/routers/api/v1/swagger/repo.go b/routers/api/v1/swagger/repo.go
index 30326d7226..31da865bb5 100644
--- a/routers/api/v1/swagger/repo.go
+++ b/routers/api/v1/swagger/repo.go
@@ -19,6 +19,16 @@ type swaggerResponseRepository struct {
 type swaggerResponseRepositoryList struct {
 	// in:body
 	Body []api.Repository `json:"body"`
+
+	// The total number of repositories
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// RepositoryListWithoutPagination - Repositories without pagination headers
+// swagger:response RepositoryListWithoutPagination
+type swaggerRepositoryListWithoutPagination struct {
+	// in:body
+	Body []api.Repository `json:"body"`
 }
 
 // Branch
@@ -33,6 +43,9 @@ type swaggerResponseBranch struct {
 type swaggerResponseBranchList struct {
 	// in:body
 	Body []api.Branch `json:"body"`
+
+	// The total number of branches
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // BranchProtection
@@ -54,6 +67,9 @@ type swaggerResponseBranchProtectionList struct {
 type swaggerResponseTagList struct {
 	// in:body
 	Body []api.Tag `json:"body"`
+
+	// The total number of tags
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // Tag
@@ -110,6 +126,16 @@ type swaggerResponseHook struct {
 type swaggerResponseHookList struct {
 	// in:body
 	Body []api.Hook `json:"body"`
+
+	// The total number of hooks
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// HookListWithoutPagination - Hooks without pagination headers
+// swagger:response HookListWithoutPagination
+type swaggerHookListWithoutPagination struct {
+	// in:body
+	Body []api.Hook `json:"body"`
 }
 
 // GitHook
@@ -138,6 +164,9 @@ type swaggerResponseRelease struct {
 type swaggerResponseReleaseList struct {
 	// in:body
 	Body []api.Release `json:"body"`
+
+	// The total number of releases
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // PullRequest
@@ -166,6 +195,16 @@ type swaggerResponsePullReview struct {
 type swaggerResponsePullReviewList struct {
 	// in:body
 	Body []api.PullReview `json:"body"`
+
+	// The total number of pull reviews
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// PullReviewListWithoutPagination - Review requests without pagination headers
+// swagger:response PullReviewListWithoutPagination
+type swaggerPullReviewListWithoutPagination struct {
+	// in:body
+	Body []api.PullReview `json:"body"`
 }
 
 // PullComment
@@ -194,6 +233,16 @@ type swaggerResponseStatus struct {
 type swaggerResponseCommitStatusList struct {
 	// in:body
 	Body []api.CommitStatus `json:"body"`
+
+	// The total number of commit statuses
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// CommitStatusListWithoutPagination - Commit statuses without pagination headers
+// swagger:response CommitStatusListWithoutPagination
+type swaggerCommitStatusListWithoutPagination struct {
+	// in:body
+	Body []api.CommitStatus `json:"body"`
 }
 
 // WatchInfo
@@ -255,21 +304,6 @@ type swaggerCommit struct {
 // CommitList
 // swagger:response CommitList
 type swaggerCommitList struct {
-	// The current page
-	Page int `json:"X-Page"`
-
-	// Commits per page
-	PerPage int `json:"X-PerPage"`
-
-	// Total commit count
-	Total int `json:"X-Total"`
-
-	// Total number of pages
-	PageCount int `json:"X-PageCount"`
-
-	// True if there is another page
-	HasMore bool `json:"X-HasMore"`
-
 	// in: body
 	Body []api.Commit `json:"body"`
 }
@@ -277,15 +311,22 @@ type swaggerCommitList struct {
 // ChangedFileList
 // swagger:response ChangedFileList
 type swaggerChangedFileList struct {
+	// in: body
+	Body []api.ChangedFile `json:"body"`
+
+	// The total number of changed files
+	TotalCount int64 `json:"X-Total-Count"`
+}
+
+// ChangedFileListWithPagination
+// swagger:response ChangedFileListWithPagination
+type swaggerChangedFileListWithPagination struct {
 	// The current page
 	Page int `json:"X-Page"`
 
 	// Commits per page
 	PerPage int `json:"X-PerPage"`
 
-	// Total commit count
-	Total int `json:"X-Total-Count"`
-
 	// Total number of pages
 	PageCount int `json:"X-PageCount"`
 
@@ -378,6 +419,9 @@ type swaggerCombinedStatus struct {
 type swaggerWikiPageList struct {
 	// in:body
 	Body []api.WikiPageMetaData `json:"body"`
+
+	// The total number of wiki pages
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // WikiPage
@@ -392,6 +436,9 @@ type swaggerWikiPage struct {
 type swaggerWikiCommitList struct {
 	// in:body
 	Body api.WikiCommitList `json:"body"`
+
+	// The total number of wiki commits
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // PushMirror
@@ -406,6 +453,9 @@ type swaggerPushMirror struct {
 type swaggerPushMirrorList struct {
 	// in:body
 	Body []api.PushMirror `json:"body"`
+
+	// The total number of push mirrors
+	TotalCount int64 `json:"X-Total-Count"`
 }
 
 // RepoCollaboratorPermission
diff --git a/routers/api/v1/user/hook.go b/routers/api/v1/user/hook.go
index c8cdf5040d..1c44204470 100644
--- a/routers/api/v1/user/hook.go
+++ b/routers/api/v1/user/hook.go
@@ -31,7 +31,7 @@ func ListHooks(ctx *context.APIContext) {
 	//   type: integer
 	// responses:
 	//   "200":
-	//     "$ref": "#/responses/HookList"
+	//     "$ref": "#/responses/HookListWithoutPagination"
 	//   "401":
 	//     "$ref": "#/responses/unauthorized"
 	//   "403":
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 28b9c43c37..c8cf126b73 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -654,7 +654,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/HookList"
+            "$ref": "#/responses/HookListWithoutPagination"
           }
         }
       },
@@ -2405,7 +2405,7 @@
         ],
         "responses": {
           "205": {
-            "$ref": "#/responses/NotificationThreadList"
+            "$ref": "#/responses/NotificationThreadListWithoutPagination"
           }
         }
       }
@@ -3469,7 +3469,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/HookList"
+            "$ref": "#/responses/HookListWithoutPagination"
           },
           "404": {
             "$ref": "#/responses/notFound"
@@ -10314,7 +10314,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/ReactionList"
+            "$ref": "#/responses/ReactionListWithoutPagination"
           },
           "403": {
             "$ref": "#/responses/forbidden"
@@ -10466,7 +10466,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/IssueList"
+            "$ref": "#/responses/IssueListWithoutPagination"
           },
           "404": {
             "$ref": "#/responses/notFound"
@@ -10958,7 +10958,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/IssueList"
+            "$ref": "#/responses/IssueListWithoutPagination"
           },
           "404": {
             "$ref": "#/responses/notFound"
@@ -11415,7 +11415,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/IssueList"
+            "$ref": "#/responses/IssueListWithoutPagination"
           },
           "404": {
             "$ref": "#/responses/notFound"
@@ -11563,7 +11563,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/LabelList"
+            "$ref": "#/responses/LabelListWithoutPagination"
           },
           "404": {
             "$ref": "#/responses/notFound"
@@ -11615,7 +11615,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/LabelList"
+            "$ref": "#/responses/LabelListWithoutPagination"
           },
           "403": {
             "$ref": "#/responses/forbidden"
@@ -11670,7 +11670,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/LabelList"
+            "$ref": "#/responses/LabelListWithoutPagination"
           },
           "403": {
             "$ref": "#/responses/forbidden"
@@ -13808,7 +13808,7 @@
         ],
         "responses": {
           "205": {
-            "$ref": "#/responses/NotificationThreadList"
+            "$ref": "#/responses/NotificationThreadListWithoutPagination"
           }
         }
       }
@@ -14363,7 +14363,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/ChangedFileList"
+            "$ref": "#/responses/ChangedFileListWithPagination"
           },
           "404": {
             "$ref": "#/responses/notFound"
@@ -14568,7 +14568,7 @@
         ],
         "responses": {
           "201": {
-            "$ref": "#/responses/PullReviewList"
+            "$ref": "#/responses/PullReviewListWithoutPagination"
           },
           "404": {
             "$ref": "#/responses/notFound"
@@ -17309,7 +17309,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/TeamList"
+            "$ref": "#/responses/TeamListWithoutPagination"
           },
           "404": {
             "$ref": "#/responses/notFound"
@@ -17567,7 +17567,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/TrackedTimeList"
+            "$ref": "#/responses/TrackedTimeListWithoutPagination"
           },
           "400": {
             "$ref": "#/responses/error"
@@ -20217,7 +20217,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/HookList"
+            "$ref": "#/responses/HookListWithoutPagination"
           },
           "401": {
             "$ref": "#/responses/unauthorized"
@@ -20579,7 +20579,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/OrganizationList"
+            "$ref": "#/responses/OrganizationListWithoutPagination"
           },
           "401": {
             "$ref": "#/responses/unauthorized"
@@ -21704,7 +21704,7 @@
         ],
         "responses": {
           "200": {
-            "$ref": "#/responses/OrganizationList"
+            "$ref": "#/responses/OrganizationListWithoutPagination"
           },
           "404": {
             "$ref": "#/responses/notFound"
@@ -30122,12 +30122,19 @@
       }
     },
     "AccessTokenList": {
-      "description": "AccessTokenList represents a list of API access token.",
+      "description": "AccessTokenList",
       "schema": {
         "type": "array",
         "items": {
           "$ref": "#/definitions/AccessToken"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of access tokens"
+        }
       }
     },
     "ActionRun": {
@@ -30181,6 +30188,13 @@
         "items": {
           "$ref": "#/definitions/Activity"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of activity feeds"
+        }
       }
     },
     "ActivityPub": {
@@ -30232,6 +30246,13 @@
         "items": {
           "$ref": "#/definitions/Branch"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of branches"
+        }
       }
     },
     "BranchProtection": {
@@ -30257,6 +30278,22 @@
           "$ref": "#/definitions/ChangedFile"
         }
       },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of changed files"
+        }
+      }
+    },
+    "ChangedFileListWithPagination": {
+      "description": "ChangedFileListWithPagination",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/ChangedFile"
+        }
+      },
       "headers": {
         "X-HasMore": {
           "type": "boolean",
@@ -30276,11 +30313,6 @@
           "type": "integer",
           "format": "int64",
           "description": "Commits per page"
-        },
-        "X-Total-Count": {
-          "type": "integer",
-          "format": "int64",
-          "description": "Total commit count"
         }
       }
     },
@@ -30298,6 +30330,22 @@
     },
     "CommentList": {
       "description": "CommentList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/Comment"
+        }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of comments"
+        }
+      }
+    },
+    "CommentListWithoutPagination": {
+      "description": "CommentListWithoutPagination - Comments without pagination headers",
       "schema": {
         "type": "array",
         "items": {
@@ -30318,32 +30366,6 @@
         "items": {
           "$ref": "#/definitions/Commit"
         }
-      },
-      "headers": {
-        "X-HasMore": {
-          "type": "boolean",
-          "description": "True if there is another page"
-        },
-        "X-Page": {
-          "type": "integer",
-          "format": "int64",
-          "description": "The current page"
-        },
-        "X-PageCount": {
-          "type": "integer",
-          "format": "int64",
-          "description": "Total number of pages"
-        },
-        "X-PerPage": {
-          "type": "integer",
-          "format": "int64",
-          "description": "Commits per page"
-        },
-        "X-Total": {
-          "type": "integer",
-          "format": "int64",
-          "description": "Total commit count"
-        }
       }
     },
     "CommitStatus": {
@@ -30354,6 +30376,22 @@
     },
     "CommitStatusList": {
       "description": "CommitStatusList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/CommitStatus"
+        }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of commit statuses"
+        }
+      }
+    },
+    "CommitStatusListWithoutPagination": {
+      "description": "CommitStatusListWithoutPagination - Commit statuses without pagination headers",
       "schema": {
         "type": "array",
         "items": {
@@ -30389,6 +30427,13 @@
         "items": {
           "$ref": "#/definitions/Cron"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of cron jobs"
+        }
       }
     },
     "DeployKey": {
@@ -30404,6 +30449,13 @@
         "items": {
           "$ref": "#/definitions/DeployKey"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of deploy keys"
+        }
       }
     },
     "DispatchWorkflowRun": {
@@ -30543,6 +30595,22 @@
     },
     "HookList": {
       "description": "HookList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/Hook"
+        }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of hooks"
+        }
+      }
+    },
+    "HookListWithoutPagination": {
+      "description": "HookListWithoutPagination - Hooks without pagination headers",
       "schema": {
         "type": "array",
         "items": {
@@ -30571,6 +30639,15 @@
         }
       }
     },
+    "IssueListWithoutPagination": {
+      "description": "IssueListWithoutPagination - Issues without pagination headers (used for pinned issues, dependencies, etc.)",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/Issue"
+        }
+      }
+    },
     "IssueTemplates": {
       "description": "IssueTemplates",
       "schema": {
@@ -30588,6 +30665,22 @@
     },
     "LabelList": {
       "description": "LabelList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/Label"
+        }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of labels"
+        }
+      }
+    },
+    "LabelListWithoutPagination": {
+      "description": "LabelListWithoutPagination - Labels for a specific issue (no pagination headers)",
       "schema": {
         "type": "array",
         "items": {
@@ -30663,6 +30756,13 @@
         "items": {
           "$ref": "#/definitions/Milestone"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of milestones"
+        }
       }
     },
     "NodeInfo": {
@@ -30691,6 +30791,22 @@
     },
     "NotificationThreadList": {
       "description": "NotificationThreadList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/NotificationThread"
+        }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of notification threads"
+        }
+      }
+    },
+    "NotificationThreadListWithoutPagination": {
+      "description": "NotificationThreadListWithoutPagination - Notification threads without pagination headers",
       "schema": {
         "type": "array",
         "items": {
@@ -30705,12 +30821,19 @@
       }
     },
     "OAuth2ApplicationList": {
-      "description": "OAuth2ApplicationList represents a list of OAuth2 applications.",
+      "description": "OAuth2ApplicationList",
       "schema": {
         "type": "array",
         "items": {
           "$ref": "#/definitions/OAuth2Application"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of OAuth2 applications"
+        }
       }
     },
     "Organization": {
@@ -30721,6 +30844,22 @@
     },
     "OrganizationList": {
       "description": "OrganizationList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/Organization"
+        }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of organizations"
+        }
+      }
+    },
+    "OrganizationListWithoutPagination": {
+      "description": "OrganizationListWithoutPagination - Organizations without pagination headers",
       "schema": {
         "type": "array",
         "items": {
@@ -30762,6 +30901,13 @@
         "items": {
           "$ref": "#/definitions/Package"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of packages"
+        }
       }
     },
     "PublicKey": {
@@ -30817,6 +30963,22 @@
     },
     "PullReviewList": {
       "description": "PullReviewList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/PullReview"
+        }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of pull reviews"
+        }
+      }
+    },
+    "PullReviewListWithoutPagination": {
+      "description": "PullReviewListWithoutPagination - Review requests without pagination headers",
       "schema": {
         "type": "array",
         "items": {
@@ -30837,6 +30999,13 @@
         "items": {
           "$ref": "#/definitions/PushMirror"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of push mirrors"
+        }
       }
     },
     "QuotaGroup": {
@@ -30898,6 +31067,22 @@
     },
     "ReactionList": {
       "description": "ReactionList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/Reaction"
+        }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of reactions"
+        }
+      }
+    },
+    "ReactionListWithoutPagination": {
+      "description": "ReactionListWithoutPagination - Reactions for a specific comment (no pagination headers)",
       "schema": {
         "type": "array",
         "items": {
@@ -30945,6 +31130,13 @@
         "items": {
           "$ref": "#/definitions/Release"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of releases"
+        }
       }
     },
     "RepoCollaboratorPermission": {
@@ -30979,6 +31171,22 @@
     },
     "RepositoryList": {
       "description": "RepositoryList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/Repository"
+        }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of repositories"
+        }
+      }
+    },
+    "RepositoryListWithoutPagination": {
+      "description": "RepositoryListWithoutPagination - Repositories without pagination headers",
       "schema": {
         "type": "array",
         "items": {
@@ -31014,6 +31222,13 @@
         "items": {
           "$ref": "#/definitions/Secret"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of secrets"
+        }
       }
     },
     "ServerVersion": {
@@ -31035,6 +31250,13 @@
         "items": {
           "$ref": "#/definitions/StopWatch"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of stop watches"
+        }
       }
     },
     "StringSlice": {
@@ -31065,6 +31287,13 @@
         "items": {
           "$ref": "#/definitions/Tag"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of tags"
+        }
       }
     },
     "TagProtection": {
@@ -31096,6 +31325,22 @@
     },
     "TeamList": {
       "description": "TeamList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/Team"
+        }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of teams"
+        }
+      }
+    },
+    "TeamListWithoutPagination": {
+      "description": "TeamListWithoutPagination - Teams without pagination headers",
       "schema": {
         "type": "array",
         "items": {
@@ -31110,6 +31355,13 @@
         "items": {
           "$ref": "#/definitions/TimelineComment"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of timeline comments"
+        }
       }
     },
     "TopicListResponse": {
@@ -31135,6 +31387,22 @@
     },
     "TrackedTimeList": {
       "description": "TrackedTimeList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/TrackedTime"
+        }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of tracked times"
+        }
+      }
+    },
+    "TrackedTimeListWithoutPagination": {
+      "description": "TrackedTimeListWithoutPagination - Tracked times for a specific user (no pagination headers)",
       "schema": {
         "type": "array",
         "items": {
@@ -31179,6 +31447,13 @@
         "items": {
           "$ref": "#/definitions/ActionVariable"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of variables"
+        }
       }
     },
     "WatchInfo": {
@@ -31191,6 +31466,13 @@
       "description": "WikiCommitList",
       "schema": {
         "$ref": "#/definitions/WikiCommitList"
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of wiki commits"
+        }
       }
     },
     "WikiPage": {
@@ -31206,6 +31488,13 @@
         "items": {
           "$ref": "#/definitions/WikiPageMetaData"
         }
+      },
+      "headers": {
+        "X-Total-Count": {
+          "type": "integer",
+          "format": "int64",
+          "description": "The total number of wiki pages"
+        }
       }
     },
     "boolean": {

From d8501b42fccc58340e833266bfd751e3769d730b Mon Sep 17 00:00:00 2001
From: luisadame <luisadame@noreply.codeberg.org>
Date: Tue, 6 Jan 2026 10:47:21 +0100
Subject: [PATCH 103/854] fix: don't display pending reviews as participants
 (#10528)

Fixes #10155

When participants are displayed, don't include those that only have made a pending review. Those should not yet be revealed as participants.

Apart from adding automated tests, this is the manual verification process I've followed:
1. Set up three users
2. User 1 creates a repository, then creates a pull request adding a new file
3. User 2 creates a new code comment but doesn't not publish the review, shows as pending.
4. User 3 creates a new code comment and publishes the review.
5. From everyone's perspective the number of participants is: 2. And, the participants displayed in the list are 1 and 3. User 2, which hasn't yet published the review is not displayed.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10528
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: luisadame <luisadame@noreply.codeberg.org>
Co-committed-by: luisadame <luisadame@noreply.codeberg.org>
---
 .../TestGetParticipantIDsByIssue/comment.yml       | 10 ++++++++++
 .../issues/TestGetParticipantIDsByIssue/review.yml |  7 +++++++
 models/issues/comment_list.go                      |  4 ++--
 models/issues/issue.go                             | 12 ++++++++----
 models/issues/issue_test.go                        |  2 ++
 routers/web/repo/issue.go                          | 12 +++++++++++-
 .../mailer/fixtures/TestCloseIssue/comment.yml     | 10 ++++++++++
 services/mailer/fixtures/TestCloseIssue/review.yml |  7 +++++++
 services/mailer/mail_issue_test.go                 |  1 +
 .../TestPullRequestParticipants/comment.yml        | 10 ++++++++++
 .../TestPullRequestParticipants/review.yml         |  7 +++++++
 tests/integration/pull_review_test.go              | 14 ++++++++++++++
 12 files changed, 89 insertions(+), 7 deletions(-)
 create mode 100644 models/issues/TestGetParticipantIDsByIssue/comment.yml
 create mode 100644 models/issues/TestGetParticipantIDsByIssue/review.yml
 create mode 100644 services/mailer/fixtures/TestCloseIssue/comment.yml
 create mode 100644 services/mailer/fixtures/TestCloseIssue/review.yml
 create mode 100644 tests/integration/fixtures/TestPullRequestParticipants/comment.yml
 create mode 100644 tests/integration/fixtures/TestPullRequestParticipants/review.yml

diff --git a/models/issues/TestGetParticipantIDsByIssue/comment.yml b/models/issues/TestGetParticipantIDsByIssue/comment.yml
new file mode 100644
index 0000000000..7ab1cf88a6
--- /dev/null
+++ b/models/issues/TestGetParticipantIDsByIssue/comment.yml
@@ -0,0 +1,10 @@
+- id: 1001
+  type: 21 # code comment
+  poster_id: 10
+  issue_id: 1
+  review_id: 1001
+  content: "Some code comment that is pending to be published"
+  line: -4
+  tree_path: "README.md"
+  created_unix: 946684812
+  invalidated: false
diff --git a/models/issues/TestGetParticipantIDsByIssue/review.yml b/models/issues/TestGetParticipantIDsByIssue/review.yml
new file mode 100644
index 0000000000..2b6fe5706e
--- /dev/null
+++ b/models/issues/TestGetParticipantIDsByIssue/review.yml
@@ -0,0 +1,7 @@
+- id: 1001
+  type: 0 # Pending review
+  reviewer_id: 10
+  issue_id: 1
+  content: "Pending review for issue 1"
+  updated_unix: 946684810
+  created_unix: 946684810
diff --git a/models/issues/comment_list.go b/models/issues/comment_list.go
index 9b502d1c91..3996dcb29a 100644
--- a/models/issues/comment_list.go
+++ b/models/issues/comment_list.go
@@ -417,7 +417,7 @@ func (comments CommentList) getReviewIDs() []int64 {
 	})
 }
 
-func (comments CommentList) loadReviews(ctx context.Context) error {
+func (comments CommentList) LoadReviews(ctx context.Context) error {
 	if len(comments) == 0 {
 		return nil
 	}
@@ -476,7 +476,7 @@ func (comments CommentList) LoadAttributes(ctx context.Context) (err error) {
 		return err
 	}
 
-	if err = comments.loadReviews(ctx); err != nil {
+	if err = comments.LoadReviews(ctx); err != nil {
 		return err
 	}
 
diff --git a/models/issues/issue.go b/models/issues/issue.go
index fc8794ad50..a90686eb50 100644
--- a/models/issues/issue.go
+++ b/models/issues/issue.go
@@ -591,10 +591,12 @@ func GetParticipantsIDsByIssueID(ctx context.Context, issueID int64) ([]int64, e
 	userIDs := make([]int64, 0, 5)
 	return userIDs, db.GetEngine(ctx).
 		Table("comment").
-		Cols("poster_id").
-		Where("issue_id = ?", issueID).
-		And("type in (?,?,?)", CommentTypeComment, CommentTypeCode, CommentTypeReview).
-		Distinct("poster_id").
+		Cols("`comment`.poster_id").
+		Where("`comment`.issue_id = ?", issueID).
+		And("`comment`.type in (?,?,?)", CommentTypeComment, CommentTypeCode, CommentTypeReview).
+		And("`review`.type is null or `review`.type != ?", ReviewTypePending).
+		Join("LEFT", "`review`", "`review`.id = `comment`.review_id").
+		Distinct("`comment`.poster_id").
 		Find(&userIDs)
 }
 
@@ -623,9 +625,11 @@ func (issue *Issue) GetParticipantIDsByIssue(ctx context.Context) ([]int64, erro
 	if err := db.GetEngine(ctx).Table("comment").Cols("poster_id").
 		Where("`comment`.issue_id = ?", issue.ID).
 		And("`comment`.type in (?,?,?)", CommentTypeComment, CommentTypeCode, CommentTypeReview).
+		And("`review`.type != ?", ReviewTypePending).
 		And("`user`.is_active = ?", true).
 		And("`user`.prohibit_login = ?", false).
 		Join("INNER", "`user`", "`user`.id = `comment`.poster_id").
+		Join("INNER", "`review`", "`review`.reviewer_id = `user`.id").
 		Distinct("poster_id").
 		Find(&userIDs); err != nil {
 		return nil, fmt.Errorf("get poster IDs: %w", err)
diff --git a/models/issues/issue_test.go b/models/issues/issue_test.go
index 2059c5013a..e9617548e9 100644
--- a/models/issues/issue_test.go
+++ b/models/issues/issue_test.go
@@ -85,6 +85,7 @@ func TestGetIssuesByIDs(t *testing.T) {
 }
 
 func TestGetParticipantIDsByIssue(t *testing.T) {
+	defer unittest.OverrideFixtures("models/issues/TestGetParticipantIDsByIssue")()
 	require.NoError(t, unittest.PrepareTestDatabase())
 
 	checkParticipants := func(issueID int64, userIDs []int) {
@@ -107,6 +108,7 @@ func TestGetParticipantIDsByIssue(t *testing.T) {
 	// User 2 only labeled issue1 (see fixtures/comment.yml)
 	// Users 3 and 5 made actual comments (see fixtures/comment.yml)
 	// User 3 is inactive, thus not active participant
+	// User 10 has a pending review, thus not an active participant, yet (see TestGetParticipantIDsByIssue/comment.yml)
 	checkParticipants(1, []int{1, 5})
 }
 
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index d46ea7f133..9df340378d 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -1654,17 +1654,27 @@ func ViewIssue(ctx *context.Context) {
 		ctx.ServerError("LoadAttachmentsByIssue", err)
 		return
 	}
+
 	if err := issue.Comments.LoadPosters(ctx); err != nil {
 		ctx.ServerError("LoadPosters", err)
 		return
 	}
 
+	if err := issue.Comments.LoadReviews(ctx); err != nil {
+		ctx.ServerError("LoadReviews", err)
+		return
+	}
+
 	for commentIdx, comment = range issue.Comments {
 		comment.Issue = issue
 		metas := ctx.Repo.Repository.ComposeMetas(ctx)
 		metas["scope"] = fmt.Sprintf("comment-%d", commentIdx)
 
-		if comment.Type == issues_model.CommentTypeComment || comment.Type == issues_model.CommentTypeReview {
+		if comment.Review != nil && comment.Review.Type == issues_model.ReviewTypePending {
+			continue
+		}
+
+		if comment.Type == issues_model.CommentTypeComment {
 			comment.RenderedContent, err = markdown.RenderString(&markup.RenderContext{
 				Links: markup.Links{
 					Base: ctx.Repo.RepoLink,
diff --git a/services/mailer/fixtures/TestCloseIssue/comment.yml b/services/mailer/fixtures/TestCloseIssue/comment.yml
new file mode 100644
index 0000000000..7ab1cf88a6
--- /dev/null
+++ b/services/mailer/fixtures/TestCloseIssue/comment.yml
@@ -0,0 +1,10 @@
+- id: 1001
+  type: 21 # code comment
+  poster_id: 10
+  issue_id: 1
+  review_id: 1001
+  content: "Some code comment that is pending to be published"
+  line: -4
+  tree_path: "README.md"
+  created_unix: 946684812
+  invalidated: false
diff --git a/services/mailer/fixtures/TestCloseIssue/review.yml b/services/mailer/fixtures/TestCloseIssue/review.yml
new file mode 100644
index 0000000000..2b6fe5706e
--- /dev/null
+++ b/services/mailer/fixtures/TestCloseIssue/review.yml
@@ -0,0 +1,7 @@
+- id: 1001
+  type: 0 # Pending review
+  reviewer_id: 10
+  issue_id: 1
+  content: "Pending review for issue 1"
+  updated_unix: 946684810
+  created_unix: 946684810
diff --git a/services/mailer/mail_issue_test.go b/services/mailer/mail_issue_test.go
index ad9e0aa525..3ed83fd03a 100644
--- a/services/mailer/mail_issue_test.go
+++ b/services/mailer/mail_issue_test.go
@@ -18,6 +18,7 @@ import (
 )
 
 func TestCloseIssue(t *testing.T) {
+	defer unittest.OverrideFixtures("services/mailer/fixtures/TestCloseIssue")()
 	defer require.NoError(t, unittest.PrepareTestDatabase())
 
 	called := false
diff --git a/tests/integration/fixtures/TestPullRequestParticipants/comment.yml b/tests/integration/fixtures/TestPullRequestParticipants/comment.yml
new file mode 100644
index 0000000000..85f915a2f3
--- /dev/null
+++ b/tests/integration/fixtures/TestPullRequestParticipants/comment.yml
@@ -0,0 +1,10 @@
+- id: 1001
+  type: 21 # code comment
+  poster_id: 10
+  issue_id: 2
+  review_id: 1001
+  content: "Some code comment that is pending to be published"
+  line: -4
+  tree_path: "README.md"
+  created_unix: 946684812
+  invalidated: false
diff --git a/tests/integration/fixtures/TestPullRequestParticipants/review.yml b/tests/integration/fixtures/TestPullRequestParticipants/review.yml
new file mode 100644
index 0000000000..d75122799d
--- /dev/null
+++ b/tests/integration/fixtures/TestPullRequestParticipants/review.yml
@@ -0,0 +1,7 @@
+- id: 1001
+  type: 0 # Pending review
+  reviewer_id: 10
+  issue_id: 2
+  content: "Pending review for issue 2"
+  updated_unix: 946684810
+  created_unix: 946684810
diff --git a/tests/integration/pull_review_test.go b/tests/integration/pull_review_test.go
index cd0c75eff2..69628e08b5 100644
--- a/tests/integration/pull_review_test.go
+++ b/tests/integration/pull_review_test.go
@@ -64,6 +64,20 @@ func TestPullView_ReviewerMissed(t *testing.T) {
 	assert.True(t, test.IsNormalPageCompleted(resp.Body.String()))
 }
 
+func TestPullRequestParticipants(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestPullRequestParticipants")()
+	defer tests.PrepareTestEnv(t)()
+	session := loginUser(t, "user1")
+
+	req := NewRequest(t, "GET", "/user2/repo1/pulls/2")
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	assert.Contains(t, resp.Body.String(), "2 participants")
+	assert.Contains(t, resp.Body.String(), `<a href="/user1" data-tooltip-content="user1">`)
+	assert.Contains(t, resp.Body.String(), `<a href="/user2" data-tooltip-content="user2">`)
+	// does not contain user10 which has a pending review for this issue
+	assert.NotContains(t, resp.Body.String(), `<a href="/user10" data-tooltip-content="user10">`)
+}
+
 func loadComment(t *testing.T, commentID string) *issues_model.Comment {
 	t.Helper()
 	id, err := strconv.ParseInt(commentID, 10, 64)

From 66f08baa1aad7ea42fd010f126d6d67ed020f3f1 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 6 Jan 2026 15:34:43 +0100
Subject: [PATCH 104/854] fix: prevent intermittent test failures caused by
 uncancellable tasks (#10713)

Attempt to fix intermittent test failure noted in #10633, detailed technical notes in https://codeberg.org/forgejo/forgejo/issues/10633#issuecomment-9571199.

- Failure to cancel the previous processes is now a test error that aborts immediately, preventing 2hr long test runs that won't succeed.
- When the process cancellation fails, the stack trace of all goroutines is printed to help diagnose the cause of any failure to cancel tasks.
- `context.Background()` referenced in the actions notifier is corrected when opening git repos, which seems to be a cause of failure to cancel the tasks -- git subprocesses are spawned from the repo context, which is the background context, and that prevents the context registered in the process manager from cancelling them.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10713
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 services/actions/notifier_helper.go |  6 +++---
 tests/test_utils.go                 | 17 +++++++++++++++++
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index 3e7c1f609c..184092e68e 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -187,8 +187,8 @@ func notify(ctx context.Context, input *notifyInput) error {
 	return handleWorkflows(ctx, detectedWorkflows, commit, input, ref.String())
 }
 
-func getGitRepoAndCommit(_ context.Context, input *notifyInput) (*git.Repository, *git.Commit, git.RefName, error) {
-	gitRepo, err := gitrepo.OpenRepository(context.Background(), input.Repo)
+func getGitRepoAndCommit(ctx context.Context, input *notifyInput) (*git.Repository, *git.Commit, git.RefName, error) {
+	gitRepo, err := gitrepo.OpenRepository(ctx, input.Repo)
 	if err != nil {
 		return nil, nil, "", fmt.Errorf("git.OpenRepository: %w", err)
 	}
@@ -600,7 +600,7 @@ func DetectAndHandleSchedules(ctx context.Context, repo *repo_model.Repository)
 		return nil
 	}
 
-	gitRepo, err := gitrepo.OpenRepository(context.Background(), repo)
+	gitRepo, err := gitrepo.OpenRepository(ctx, repo)
 	if err != nil {
 		return fmt.Errorf("git.OpenRepository: %w", err)
 	}
diff --git a/tests/test_utils.go b/tests/test_utils.go
index 6432dfc271..0fc9329b77 100644
--- a/tests/test_utils.go
+++ b/tests/test_utils.go
@@ -263,6 +263,11 @@ func cancelProcesses(t testing.TB, delay time.Duration) {
 			for _, p := range processes {
 				t.Logf("PrepareTestEnv:Remaining Process: %q", p.Description)
 			}
+			stacks := allGoroutineStacks()
+			t.Errorf("All goroutine stacks during process cancellation failure:\n%s", string(stacks))
+			// exit so that we don't spin in a loop executing `delay` wait over and over again when we won't be able to
+			// complete tests correctly due to the environmental issue present.
+			exitf("terminating test run due to unrecoverable failure")
 			return
 		}
 		runtime.Gosched() // let the context cancellation propagate
@@ -271,6 +276,18 @@ func cancelProcesses(t testing.TB, delay time.Duration) {
 	t.Logf("PrepareTestEnv: all processes cancelled within %s", time.Since(start))
 }
 
+// allGoroutineStacks is the same as runtime/debug.Stack(), but it captures the stack of all goroutines.
+func allGoroutineStacks() []byte {
+	buf := make([]byte, 1024)
+	for {
+		n := runtime.Stack(buf, true)
+		if n < len(buf) {
+			return buf[:n]
+		}
+		buf = make([]byte, 2*len(buf))
+	}
+}
+
 func PrepareGitRepoDirectory(t testing.TB) {
 	setting.RepoRootPath = t.TempDir()
 	require.NoError(t, unittest.CopyDir(preparedDir, setting.RepoRootPath))

From 0fe80e011083f269602eed4950ebe9f1d5d84419 Mon Sep 17 00:00:00 2001
From: Onur Cakmak <occ@noreply.codeberg.org>
Date: Tue, 6 Jan 2026 17:22:37 +0100
Subject: [PATCH 105/854] fix: Fix error messages in pull.go (#10715)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Co-authored-by: Onur Cakmak <occ@occ.me>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10715
Reviewed-by: Cyborus <cyborus@disroot.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Onur Cakmak <occ@noreply.codeberg.org>
Co-committed-by: Onur Cakmak <occ@noreply.codeberg.org>
---
 routers/api/v1/repo/pull.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 502adb18b6..5a5acc3c69 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -955,7 +955,7 @@ func MergePullRequest(ctx *context.APIContext) {
 	if manuallyMerged {
 		if err := pull_service.MergedManually(ctx, pr, ctx.Doer, ctx.Repo.GitRepo, form.MergeCommitID); err != nil {
 			if models.IsErrInvalidMergeStyle(err) {
-				ctx.Error(http.StatusMethodNotAllowed, "Invalid merge style", fmt.Errorf("%s is not allowed an allowed merge style for this repository", repo_model.MergeStyle(form.Do)))
+				ctx.Error(http.StatusMethodNotAllowed, "Invalid merge style", fmt.Errorf("%s is not an allowed merge style for this repository", repo_model.MergeStyle(form.Do)))
 				return
 			}
 			if strings.Contains(err.Error(), "Wrong commit ID") {
@@ -1005,7 +1005,7 @@ func MergePullRequest(ctx *context.APIContext) {
 
 	if err := pull_service.Merge(ctx, pr, ctx.Doer, ctx.Repo.GitRepo, repo_model.MergeStyle(form.Do), form.HeadCommitID, message, false); err != nil {
 		if models.IsErrInvalidMergeStyle(err) {
-			ctx.Error(http.StatusMethodNotAllowed, "Invalid merge style", fmt.Errorf("%s is not allowed an allowed merge style for this repository", repo_model.MergeStyle(form.Do)))
+			ctx.Error(http.StatusMethodNotAllowed, "Invalid merge style", fmt.Errorf("%s is not an allowed merge style for this repository", repo_model.MergeStyle(form.Do)))
 		} else if models.IsErrMergeConflicts(err) {
 			conflictError := err.(models.ErrMergeConflicts)
 			ctx.JSON(http.StatusConflict, conflictError)

From f7442ac4c72461811e9ebad267486d588dccf3ec Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 18 Dec 2025 09:47:40 -0700
Subject: [PATCH 106/854] fix: hide user profile anonymous options on public
 repo APIs

---
 models/fixtures/user.yml           |  1 +
 services/convert/repository.go     | 21 ++++++++++++++-----
 tests/integration/api_repo_test.go | 33 ++++++++++++++++++++++++++++++
 3 files changed, 50 insertions(+), 5 deletions(-)

diff --git a/models/fixtures/user.yml b/models/fixtures/user.yml
index fa7607abcd..4e957f30f3 100644
--- a/models/fixtures/user.yml
+++ b/models/fixtures/user.yml
@@ -46,6 +46,7 @@
   email: user2@example.com
   keep_email_private: true
   keep_pronouns_private: true
+  pronouns: he/him
   email_notifications_preference: enabled
   passwd: ZogKvWdyEx:password
   passwd_hash_algo: dummy
diff --git a/services/convert/repository.go b/services/convert/repository.go
index f3603ee7f1..3823fd3a09 100644
--- a/services/convert/repository.go
+++ b/services/convert/repository.go
@@ -4,7 +4,7 @@
 package convert
 
 import (
-	"context"
+	stdCtx "context"
 	"time"
 
 	"forgejo.org/models"
@@ -15,14 +15,15 @@ import (
 	unit_model "forgejo.org/models/unit"
 	"forgejo.org/modules/log"
 	api "forgejo.org/modules/structs"
+	"forgejo.org/services/context"
 )
 
 // ToRepo converts a Repository to api.Repository
-func ToRepo(ctx context.Context, repo *repo_model.Repository, permissionInRepo access_model.Permission) *api.Repository {
+func ToRepo(ctx stdCtx.Context, repo *repo_model.Repository, permissionInRepo access_model.Permission) *api.Repository {
 	return innerToRepo(ctx, repo, permissionInRepo, false)
 }
 
-func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInRepo access_model.Permission, isParent bool) *api.Repository {
+func innerToRepo(ctx stdCtx.Context, repo *repo_model.Repository, permissionInRepo access_model.Permission, isParent bool) *api.Repository {
 	var parent *api.Repository
 
 	if permissionInRepo.Units == nil && permissionInRepo.UnitsMode == nil {
@@ -179,9 +180,19 @@ func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInR
 
 	repoAPIURL := repo.APIURL()
 
+	// Calculate the effective permission for `ToUserWithAccessMode` for the repo owner.  When accessing a public repo,
+	// permissionInRepo.AccessMode will be AccessModeRead even for an anonymous user -- in that case, downgrade
+	// `ownerViewPerms` to `AccessModeNone`.  `innerToRepo` doesn't have great access to recognize an anonymous user, so
+	// the best-effort made here is to check if `ctx` is an `APIContext`.
+	ownerViewPerms := permissionInRepo.AccessMode
+	apiCtx, ok := ctx.(*context.APIContext)
+	if ok && apiCtx.Doer == nil {
+		ownerViewPerms = perm.AccessModeNone
+	}
+
 	return &api.Repository{
 		ID:                            repo.ID,
-		Owner:                         ToUserWithAccessMode(ctx, repo.Owner, permissionInRepo.AccessMode),
+		Owner:                         ToUserWithAccessMode(ctx, repo.Owner, ownerViewPerms),
 		Name:                          repo.Name,
 		FullName:                      repo.FullName(),
 		Description:                   repo.Description,
@@ -246,7 +257,7 @@ func innerToRepo(ctx context.Context, repo *repo_model.Repository, permissionInR
 }
 
 // ToRepoTransfer convert a models.RepoTransfer to a structs.RepeTransfer
-func ToRepoTransfer(ctx context.Context, t *models.RepoTransfer) *api.RepoTransfer {
+func ToRepoTransfer(ctx stdCtx.Context, t *models.RepoTransfer) *api.RepoTransfer {
 	teams, _ := ToTeams(ctx, t.Teams, false)
 
 	return &api.RepoTransfer{
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index ca939dfa7b..edd0c61a44 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -289,6 +289,39 @@ func TestAPIViewRepo(t *testing.T) {
 	assert.Equal(t, 1, repo.Stars)
 }
 
+// Validate that private information on the user profile isn't exposed by way of being an owner of a public repository.
+func TestAPIViewRepoOwnerSettings(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	var repo api.Repository
+
+	req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1")
+	resp := MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &repo)
+	assert.EqualValues(t, 1, repo.ID)
+	assert.Equal(t, "user2@noreply.example.org", repo.Owner.Email) // unauthed, always private
+	assert.Empty(t, repo.Owner.Pronouns)                           // user2.keep_pronouns_private = true
+
+	session := loginUser(t, "user2")
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+	req = NewRequest(t, "GET", "/api/v1/repos/user2/repo1").AddTokenAuth(token)
+	resp = MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &repo)
+	assert.Equal(t, "user2@noreply.example.org", repo.Owner.Email) // user2.keep_email_private = true
+	assert.Equal(t, "he/him", repo.Owner.Pronouns)                 // user2.keep_pronouns_private = true
+
+	req = NewRequest(t, "GET", "/api/v1/repos/user12/repo10")
+	resp = MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &repo)
+	assert.EqualValues(t, 10, repo.ID)
+	assert.Equal(t, "user12@noreply.example.org", repo.Owner.Email) // unauthed, always private
+
+	req = NewRequest(t, "GET", "/api/v1/repos/user12/repo10").AddTokenAuth(token)
+	resp = MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &repo)
+	assert.Equal(t, "user12@example.com", repo.Owner.Email) // user2.keep_email_private = false
+}
+
 func TestAPIOrgRepos(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

From 4866927e61be85bd8f3b7e6d9f11d01eabc079bb Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 18 Dec 2025 21:41:15 -0700
Subject: [PATCH 107/854] fix: incorrect whitespace handling on pre&post
 receive hooks

---
 cmd/hook.go      |   4 +-
 cmd/hook_test.go | 133 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 135 insertions(+), 2 deletions(-)

diff --git a/cmd/hook.go b/cmd/hook.go
index d92e84b289..82dcb30866 100644
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -237,7 +237,7 @@ Forgejo or set your environment appropriately.`, "")
 			continue
 		}
 
-		fields := bytes.Fields(scanner.Bytes())
+		fields := bytes.Split(scanner.Bytes(), []byte(" "))
 		if len(fields) != 3 {
 			continue
 		}
@@ -369,7 +369,7 @@ Forgejo or set your environment appropriately.`, "")
 			continue
 		}
 
-		fields := bytes.Fields(scanner.Bytes())
+		fields := bytes.Split(scanner.Bytes(), []byte(" "))
 		if len(fields) != 3 {
 			continue
 		}
diff --git a/cmd/hook_test.go b/cmd/hook_test.go
index 19e10455cb..a40036ffd5 100644
--- a/cmd/hook_test.go
+++ b/cmd/hook_test.go
@@ -14,6 +14,9 @@ import (
 	"testing"
 	"time"
 
+	"forgejo.org/modules/git"
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/private"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
 
@@ -161,3 +164,133 @@ func TestDelayWriter(t *testing.T) {
 		require.Empty(t, out)
 	})
 }
+
+func TestRunHookPrePostReceive(t *testing.T) {
+	// Setup the environment.
+	defer test.MockVariableValue(&setting.InternalToken, "Random")()
+	defer test.MockVariableValue(&setting.InstallLock, true)()
+	defer test.MockVariableValue(&setting.Git.VerbosePush, true)()
+	t.Setenv("SSH_ORIGINAL_COMMAND", "true")
+
+	tests := []struct {
+		name        string
+		inputLine   string
+		oldCommitID string
+		newCommitID string
+		refFullName string
+	}{
+		{
+			name:        "base case",
+			inputLine:   "00000000000000000000 00000000000000000001 refs/head/main\n",
+			oldCommitID: "00000000000000000000",
+			newCommitID: "00000000000000000001",
+			refFullName: "refs/head/main",
+		},
+		{
+			name:        "nbsp case",
+			inputLine:   "00000000000000000000 00000000000000000001 refs/head/ma\u00A0in\n",
+			oldCommitID: "00000000000000000000",
+			newCommitID: "00000000000000000001",
+			refFullName: "refs/head/ma\u00A0in",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Setup the Stdin.
+			f, err := os.OpenFile(t.TempDir()+"/stdin", os.O_RDWR|os.O_CREATE|os.O_EXCL, 0o666)
+			require.NoError(t, err)
+			_, err = f.Write([]byte(tt.inputLine))
+			require.NoError(t, err)
+			_, err = f.Seek(0, 0)
+			require.NoError(t, err)
+			defer test.MockVariableValue(os.Stdin, *f)()
+
+			// Setup the server that processes the hooks.
+			var serverError error
+			var hookOpts *private.HookOptions
+
+			ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				body, err := io.ReadAll(r.Body)
+				if err != nil {
+					serverError = err
+					w.WriteHeader(500)
+					return
+				}
+
+				err = json.Unmarshal(body, &hookOpts)
+				if err != nil {
+					serverError = err
+					w.WriteHeader(500)
+					return
+				}
+
+				w.WriteHeader(200)
+
+				resp := &private.HookPostReceiveResult{}
+				bytes, err := json.Marshal(resp)
+				if err != nil {
+					serverError = err
+					return
+				}
+
+				_, err = w.Write(bytes)
+				if err != nil {
+					serverError = err
+					return
+				}
+			}))
+			defer ts.Close()
+			defer test.MockVariableValue(&setting.LocalURL, ts.URL+"/")()
+
+			t.Run("pre-receive", func(t *testing.T) {
+				app := cli.Command{}
+				app.Commands = []*cli.Command{subcmdHookPreReceive()}
+
+				finish := captureOutput(t, os.Stdout)
+				err = app.Run(t.Context(), []string{"./forgejo", "pre-receive"})
+				require.NoError(t, err)
+				out := finish()
+				require.Empty(t, out)
+
+				require.NoError(t, serverError)
+				require.NotNil(t, hookOpts)
+
+				require.Len(t, hookOpts.OldCommitIDs, 1)
+				assert.Equal(t, tt.oldCommitID, hookOpts.OldCommitIDs[0])
+				require.Len(t, hookOpts.NewCommitIDs, 1)
+				assert.Equal(t, tt.newCommitID, hookOpts.NewCommitIDs[0])
+				require.Len(t, hookOpts.RefFullNames, 1)
+				assert.Equal(t, git.RefName(tt.refFullName), hookOpts.RefFullNames[0])
+			})
+
+			// seek stdin back to beginning
+			_, err = f.Seek(0, 0)
+			require.NoError(t, err)
+			// reset state from prev test
+			serverError = nil
+			hookOpts = nil
+
+			t.Run("post-receive", func(t *testing.T) {
+				app := cli.Command{}
+				app.Commands = []*cli.Command{subcmdHookPostReceive()}
+
+				finish := captureOutput(t, os.Stdout)
+				err = app.Run(t.Context(), []string{"./forgejo", "post-receive"})
+				require.NoError(t, err)
+				out := finish()
+				require.Empty(t, out)
+
+				require.NoError(t, serverError)
+				require.NotNil(t, hookOpts)
+
+				require.Len(t, hookOpts.OldCommitIDs, 1)
+				assert.Equal(t, tt.oldCommitID, hookOpts.OldCommitIDs[0])
+				require.Len(t, hookOpts.NewCommitIDs, 1)
+				assert.Equal(t, tt.newCommitID, hookOpts.NewCommitIDs[0])
+				require.Len(t, hookOpts.RefFullNames, 1)
+				assert.Equal(t, git.RefName(tt.refFullName), hookOpts.RefFullNames[0])
+			})
+		})
+	}
+}

From 57766d133c046f95b2d08496a7669955dcb59799 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 27 Dec 2025 10:11:22 -0700
Subject: [PATCH 108/854] fix: don't use attachment size as max memory for
 ParseMultipart

---
 services/context/api.go     | 8 --------
 services/context/context.go | 8 --------
 2 files changed, 16 deletions(-)

diff --git a/services/context/api.go b/services/context/api.go
index 19e0c04911..be8d5ae724 100644
--- a/services/context/api.go
+++ b/services/context/api.go
@@ -289,14 +289,6 @@ func APIContexter() func(http.Handler) http.Handler {
 			ctx.AppendContextValue(apiContextKey, ctx)
 			ctx.AppendContextValueFunc(gitrepo.RepositoryContextKey, func() any { return ctx.Repo.GitRepo })
 
-			// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
-			if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {
-				if err := ctx.Req.ParseMultipartForm(setting.Attachment.MaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size
-					ctx.InternalServerError(err)
-					return
-				}
-			}
-
 			httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform")
 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
 
diff --git a/services/context/context.go b/services/context/context.go
index 728a955692..c8a3a71a2e 100644
--- a/services/context/context.go
+++ b/services/context/context.go
@@ -173,14 +173,6 @@ func Contexter() func(next http.Handler) http.Handler {
 				}
 			})
 
-			// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
-			if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {
-				if err := ctx.Req.ParseMultipartForm(setting.Attachment.MaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size
-					ctx.ServerError("ParseMultipartForm", err)
-					return
-				}
-			}
-
 			httpcache.SetCacheControlInHeader(ctx.Resp.Header(), 0, "no-transform")
 			ctx.Resp.Header().Set(`X-Frame-Options`, setting.CORSConfig.XFrameOptions)
 

From e559a5fe6c31428d3da2bec13886a8dbf407cb1f Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 30 Dec 2025 05:05:38 +0100
Subject: [PATCH 109/854] fix: use correct GPG key for export

`GPGKeyToEntity` incorrectly assumed that within a keyring with multiple
keys that the first key is verified and should be exported. Look at all
keys and find the one that matches the verified key ID.
---
 models/asymkey/gpg_key.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/models/asymkey/gpg_key.go b/models/asymkey/gpg_key.go
index 64866da076..cae717011e 100644
--- a/models/asymkey/gpg_key.go
+++ b/models/asymkey/gpg_key.go
@@ -111,7 +111,13 @@ func GPGKeyToEntity(ctx context.Context, k *GPGKey) (*openpgp.Entity, error) {
 	if err != nil {
 		return nil, err
 	}
-	return keys[0], err
+
+	for _, key := range keys {
+		if key.PrimaryKey.KeyIdString() == k.KeyID {
+			return key, nil
+		}
+	}
+	return nil, fmt.Errorf("key with %s id not found", k.KeyID)
 }
 
 // parseSubGPGKey parse a sub Key

From 563f4d825b87989733d84db9a8e17c4a0ce66f3b Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Wed, 31 Dec 2025 04:00:36 +0100
Subject: [PATCH 110/854] chore: add integration test

Add a integration test that verifies that only the verified key is shown
in `{user}.gpg`.
---
 tests/integration/api_gpg_keys_test.go | 228 +++++++++++++++++++++++++
 1 file changed, 228 insertions(+)

diff --git a/tests/integration/api_gpg_keys_test.go b/tests/integration/api_gpg_keys_test.go
index b042c2ce6b..cec5d45bd2 100644
--- a/tests/integration/api_gpg_keys_test.go
+++ b/tests/integration/api_gpg_keys_test.go
@@ -1,19 +1,28 @@
 // Copyright 2017 The Gogs Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package integration
 
 import (
+	"bytes"
 	"net/http"
 	"net/http/httptest"
 	"strconv"
+	"strings"
 	"testing"
+	"time"
 
 	auth_model "forgejo.org/models/auth"
 	api "forgejo.org/modules/structs"
+	"forgejo.org/modules/test"
+	"forgejo.org/services/context"
 	"forgejo.org/tests"
 
+	"github.com/ProtonMail/go-crypto/openpgp"
+	"github.com/ProtonMail/go-crypto/openpgp/armor"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 type makeRequestFunc func(testing.TB, *RequestWrapper, int) *httptest.ResponseRecorder
@@ -277,3 +286,222 @@ mIMMn8taHIaQO7v9ln2EVQYTzbNCmwTw9ovTM0j/Pbkg2EftfP1TCoxQHvBnsCED
 =MgDv
 -----END PGP PUBLIC KEY BLOCK-----`)
 }
+
+func TestAPIGPGMultipleKeys(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	// Token used for verification is valid for each minute, to prevent
+	// this test being flaky wait till the next minute if we have less than
+	// five seconds until the next minute.
+	if _, _, sec := time.Now().Clock(); sec >= 55 {
+		test.SleepTillNextMinute()
+	}
+
+	session := loginUser(t, "user2")
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
+
+	publicKeyring := `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGlUhN8BEAC9B8bisIEVMMo+rtpvpTM6xYw79I9YcCtWkw2a2cS1SUApFZhd
+dmSFIJITcjHCRO4d3k7SYH5Y/UkCKbcAm+ggsM+++DaDLgWAdIx9rIdF4OBPjLVI
+ISZyaCC/i92pnwJbKkecLtInYM2/9SYlz0eqZI6W9hP8J0KwwwGcVPek2xFnVdKY
+UCzNkclYagTrn/RHeh+VtmLH99xyvYHTMqIHP/lFIuvqFjE0/e0VlKAe9u6ThxUF
+GyNa+gO44H7KNthBNqBtUoGT8RPjTzo4cW6vVjDFu+M21TL88zh5w39j/n8JignF
+MF4Qc76J+Vn0/HOmUlw1JNclWnuVZjyULMDk9ntHD2siWtySg1CYpJBLeLGxZ47n
++dPjXuPQ0tfYzVYyh9tBnMnNacxo5JpUgapnpXR1g91+SjSFaVLQlpsGZDke/7Cr
+UqsCM1Lo34jXAjso7ObSOjkRKK6sK5xujbUs+IztcXgOYInfPow2JdYdDmFEy2Ma
+9pFAxEzCx610cKPE3uxxnxJaFRoSIjXgmHfDssQ+8rp17MNC8l770PDQEwC4NYOr
+3udC9l90dNia5Uh0OdQze4CUhNF60kORBZLm0u12NHVKKHRfs1HuGO1bBS/wqVtm
+CGYrx12c64kJukN+SyFXTuZEg4TdWdzWya4CxGuXPrU6+ut7ZzeXgQ6eeQARAQAB
+tBpOT1QgTUlORSBmaXJzdEBleGFtcGxlLmNvbYkCTgQTAQoAOBYhBI9dzEKafc2X
+LjiEtwOk2yM5AfysBQJpVITfAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ
+EAOk2yM5Afys6C0P/RHjFYww3LKsfbgb1H6/rdrl+pccQ2GBzIU8eHGyuWiU+oEM
+W4vRQNwwJK+OoX6OFTps4IxVjvYIri+zvRHrHtWjJNr2zPC1hDsHn183LVq2ltZK
+LAyt3Rz+ruddCoelZSnu0p7DXRsQBHuOr/ELJFfC91/AAv83fytJmWPtuMefo4tj
+AZhRlVrSeiu0Gl7V0Vejf2SubCRhmysID1AsDbTA17aV8g7cDxQRL8Xyw7gvRnvm
+pa5h0SAvStJWf0FIY4sZJRGix95rPyyKe6uCbVikW90FnMY6eamUqg4IUhUP+rMz
+UzVU6sIYygjA630i6i7202yjPshbChX6iiYrrT47aW0LacG35kyTQDt/FFCLl6Ek
+EdaKcASiKXxnYRL+gP/wZc3p82AAz7+d2QOONrWxO78agw81DDVr4AudDZ1H+EIo
+tAqxiSE6/JgxksVdab0pv1AonLLzWlQY0/2fQfqUtsPc4ZCETgyniWzqowwV/guH
+rBjv8qT1Rgh801byxIAj+J7YYpYo2baDPLUaFpheDcSKmmhpZxGq/FIYV3rST9wt
+jCQEeT44AGNHLS4mClUO3WlVSUTUhE+lQYPK3DOkPNdckE0+/+/3BaF4Mp6b0Yow
+beURs3FhogE+2yGxN9Af5EpefDVlvNBdXVaK0WaW3Qk7gpr1nuGH9basXRHhmQIN
+BGlUhQ8BEADtbspAbq05twJTd1X9uFd7FpO459zhvvTIIk9oZVq7LWbD+ijGZLwM
+hcQjIyevtG9vemCmHjvouyEi+ZDl3xMZNsUZN3BpJZ3M05mKM0BGzLZyZzfW84Jw
+K+qfPkR5xR8CVvFsGRsPqP1ifUD+ujZ32IoY8mOat3IowHDzseJWg50rRUF0KjMv
+cZXg+oiJQLDU8IcqJT1CAeBxS/neZAaNCkS9QhFPMHOv3MoXxm8KUUnDHTb1rDNW
+5CNvDDl+m7BVNzgI9iuIGKcWlYeis8fkKQY6l2ti9pF3DN9t/U3+w2tcygdTFF56
+JO3DN+nq94lDo3EnXYwvk52YyL7zSODL8z83QwvQwllNZkQVrfNXlYaHNrwgD/es
+xXxxD3kmtPCUVGuqBim+XLa4drIibp1kII0lyPe5GPRf+uMV7ZejJqaUeEcMiX9Y
+H90CQJlc9qJ0w7AAAVx8X9fBVS32Rb9ndXoAkZW5I4CFqEnC7RO2yORPCliVWfcy
+/KBNbp01MEtaTgtjzj4Xl3tb3OmgPY0QjQW1s2PG72dWpUZVI/pWL5Ld0NPiS1bP
+3l4h/nNAIFDwAAwkq3IY+gAaNi0kH14G3KULWuoRk+/Opz6xH1X4W1ZF/SMjYDye
+WbvW/Fsh+7uHDIqtBdB2PUHmOdUfVcIkKiLza3opI19q4Pj67F+VIQARAQABtBdN
+SU5FIHNlY29uZEBleGFtcGxlLmNvbYkCTgQTAQoAOBYhBGiMLWqVQC5r6dElb6Y1
+6kUKAQDyBQJpVIUPAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEKY16kUK
+AQDyVsMQAKkW9an5lltfw2l0fsunVt3/m0gczRsrWNjpP13MpDtvKoHm3jpX8uez
+WO0D9o04Zq7SCAxqRdZIunFGeW+CzzioXrXz6jFyPYja0AbqbjZXVk684Ln4ZrfZ
+cUKXOe/WzdPckXt9UVVdcL6QOjHYwssg0ajV6JYAqTu3J2JamBoVWeyhrGmZPKan
+/l3WrdK6nhjQkDbSX1sh2Z+Zr/tLi7GIAeiogz+wI4AMvOtIz2c0aNTdhwiTgNGr
++UCRYpBy1I5nFMDlaIiDFcEwjU0zs0slUHOKIwW87S/kllBjo92NViKF53p54eI0
+519qU/fJRO8YRpyi9YrxgOFh7z4iZ2hgAdEpyEDhO02wHnXL5vPUHavZhBaHbzl0
+7u9FOStJ724ZKmk8AGZdXMgYgg0CQzXr1oo2Ag1r1zSAIVneCdGF9dPz1MD+mCax
+zGnjTfpMiHWhZ1Q/5RsS84QNKrR1Ii423ZCdSbFBRp9L43kAALWgsx4baKPcXXVM
+AFPUH5A0LQ59Hcat+ItgtHoamMi11PcPNBYBKMTcm4uh68D6ZAPCLiH/jvr0+ylW
+5kDi0ndHFi8k4ug0hIbdyXR1a5/IhJVqyshvhhNXDNg6xhx87T6nYaD/EaxKrL37
+H0/4Us9sF6z3+UtX6HsOYzWO8kqAw8xPsPxUBjZFqyRBPMJ7rAdwmQINBGlUhjYB
+EADHuyzOjbPk3U0qC85lGTecJBKb1CgUZ0xphv5wNg1TBzLjQLRBDzbnhGAROTjS
+08dESwrG5sf8lNKRRr9rRIKQ7p+OqhK2AkOqGC25vB6vJSBhUYNyUWDqV02XSmNy
+33FlwAgalIiff12hpZ+PctmzFcBY6TJ7Zh1dIKvS17CNZvkfjb/rm1r8VQk8I4qd
+gVUg8Ky898T8B6/sAHhKcDZNXXoOLpCCUsm6STCVlp+YE0fN3H6uUiyJ++zjrS85
+fzV9Ug+rDZr+V/ZiOc5e+mqIo51L9m9VfFsmZfJDZvPBcFJgcISvS7LySW/lJvZ+
+ntKoFANzxzlLOUNYWJv+X/tYzJIoiu4J9NAuUwieFU85CYNbz9aO7BUlVvNDVNn2
+sSTX/Aum9nqLvdi17pQRNmp7NFrmSzD9GbvD1G4C51tDesnCJI/jm5QQpor8PeiO
+AcaHey/GFIS0+e1nytT3RU72P8M22u44QVp+WSAeahnsEBHVLbA7BUoShykXul65
+d9Tko2H6lf4s5ggi66mXPvHH1O0Ry57JEcJVAFHpp+teckmXf8zDa+/ha4U+RtJk
+kJ4RI6mPrFnamx57mYPT2ji0igpU2paAtIGhbDxSi5UD3ZycdmDjTw/uUTxl/lon
++N7DVEFC+2F8HD2Aiw6TJ92AWs3CCZRsURMphH1W7cskvQARAQABtBZIYWhhIHVz
+ZXIyQGV4YW1wbGUuY29tiQJOBBMBCgA4FiEEr+MV6CFVMbWYwDdiwe3dkWyHwqYF
+AmlUhjYCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQwe3dkWyHwqapNhAA
+lPbcf96Ntyk0vttBOSDS/owq1fk2I/h66NgDK0G3601JT0JhFv1PnY9YV5w5rzuT
+vCLbQWALr8UD52B8Ua6fEn5XjiLf6dU6OuZnYqIgTqi2qm4xCuNhp5E1UqNLBb6N
+v225R1CB6XGEda+wFQkTRif2e+bQOi4/+hl6tp6tQXkqAMdJAhD53v0nvvpExHkP
+tRyfnoP2pFLC3Oic1fVlNUD9Gz2U/rL+BkKVFTRXHfsdf1eP5osOHbgXe8S8xWAW
++K8+FeU/5uyzx6HVIMHvvu8ZxefEvkuFyBtzeikOulp7gY0OBSprysRbPGUHXz2W
++l3t21L3QKx++gq+aPW3ILkzyK0ovtXoJdU0QeJmbM7UaqfkYHcUut9HaohCheLI
+cWlpTaqJlqMeSxx+I0NHIbRGILM2Db0DWRms0zZxYIywtlJlolSPhJeq3jd/Yc33
+4CXVtY/bU8pxInJewzUtAqMhJ8AUvUfsUpmaMUg0Vkqv7NrZBhL7TFZXsVpw1M3V
+c5nF8cfX8GfDh16cmFx9Tpz9SrVPSVAwiK1V+Lp9p6CGPZhE3Y33b94YUmt+CvWx
+Kx8OeiUGEqLG3W/KpXbnYUUetyCtCMikdmaGPpvq0ifDv5AEt3eZDWcqZOZ1dSTG
+9wmKghkVrgnB6Zow4c62WFtrDtFoN0XAjC42KsufgNQ=
+=3agD
+-----END PGP PUBLIC KEY BLOCK-----`
+
+	privateKeyring := `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+lQcYBGlUhjYBEADHuyzOjbPk3U0qC85lGTecJBKb1CgUZ0xphv5wNg1TBzLjQLRB
+DzbnhGAROTjS08dESwrG5sf8lNKRRr9rRIKQ7p+OqhK2AkOqGC25vB6vJSBhUYNy
+UWDqV02XSmNy33FlwAgalIiff12hpZ+PctmzFcBY6TJ7Zh1dIKvS17CNZvkfjb/r
+m1r8VQk8I4qdgVUg8Ky898T8B6/sAHhKcDZNXXoOLpCCUsm6STCVlp+YE0fN3H6u
+UiyJ++zjrS85fzV9Ug+rDZr+V/ZiOc5e+mqIo51L9m9VfFsmZfJDZvPBcFJgcISv
+S7LySW/lJvZ+ntKoFANzxzlLOUNYWJv+X/tYzJIoiu4J9NAuUwieFU85CYNbz9aO
+7BUlVvNDVNn2sSTX/Aum9nqLvdi17pQRNmp7NFrmSzD9GbvD1G4C51tDesnCJI/j
+m5QQpor8PeiOAcaHey/GFIS0+e1nytT3RU72P8M22u44QVp+WSAeahnsEBHVLbA7
+BUoShykXul65d9Tko2H6lf4s5ggi66mXPvHH1O0Ry57JEcJVAFHpp+teckmXf8zD
+a+/ha4U+RtJkkJ4RI6mPrFnamx57mYPT2ji0igpU2paAtIGhbDxSi5UD3ZycdmDj
+Tw/uUTxl/lon+N7DVEFC+2F8HD2Aiw6TJ92AWs3CCZRsURMphH1W7cskvQARAQAB
+AA/9GjOJF+T+9HG+QwXJeE8Wkc/US8eeemQSt2/oxk+mRSjB7uNOF5AnY7e54oiJ
+1nPHGu5n5i/gNwJO8pVABz0K482/S2KEPIbk2YDSfssZkLW4ybYnyEIPX1k/Py7t
+sjlzEXtflMe8zy+mLiPMCsVw9E1Q2QO+hkb0aIMgsfLES8h2Ze1H1WChTvjY0qAs
+Tv09wv8k/0/W8jkP8FB0zKRr0I+ys1Q9y4WQxnSo1aGCI4Zj+l2H64EG1r3LFb23
+tD3mhnTSxAhvjMN9TuVxF9nsn9WBjQrcZW/VhUlaaVKC0kgp26eRwG1DIbBV6CR0
+XFKkJT3QNiABzsce+Tf76Xgt61IqGRy7wEaBEb/MlNnYokTGTCeWHDMk+3KfgcTb
+0O4HInueO0wCOLivx4yMNtDLIEmeaSzUJkd24dEezEAljYOTbEAWXr4CIYIEJHQJ
+chmSD2dS8jbCcI8GlYr+SdWlw5QB++bUftxvh+NZHgw4kRoiWf2DOomx+VNcW7mX
+D0B3zYbIBpoZDncSKSNm0aVtOH3DFxoiI0sZc6eYL157nHgLv0ifTPAcfpBzszAE
+GWQ21AdhsJptRRhQflCQmKIhBGO5DWClzUydb+dmJpoHXmss6sIvaIjPKUogcM6V
+n/tL+DlOTfJMt1aEqt1SwtGN8LfT4nsGObhI0ONEMnuGbwEIANXfmvCJOYU1BtNE
+IY349Z5I8PNn5couC4RBEyMiNdqMb13FLiSiYT8c4N7dQfy5iROQEDgdp4BQVFAi
+k+yri7D6JpaUkJrz7RjseqBnvogTWdYzTzPueQ8t3GFIl+IN33JSGtwzo2/PQl/P
+rqabm1jsmXHEcuz3XvnKuy5nFkY1n9NmeB8yV0xVDVrG+3dn/Aro+kxT4l6d2v20
+3YO8ZIEzrO8KtZYT28GFGSw7f2VC9CbZcXKS2gTljW/I0vgPYr43ovrWZ4XrTPzJ
+Yl0fPQyi1qpTCh5inKAPrin5/fZEsZOy/PtDTSh3lRzmJmSIE9rdrRPPyhPc7GeO
+enogLIMIAO8SdKAf+u36WkrGaZkKJpfB2pEW4qnO2FN7RLWZ4jZvQw6w06vN3IM+
+rw59icGS5hN9uw9YAY+odaF/SJQzcLAOV6OAcOMPoxyyUtc2n2zfD1mkCpkkoGY/
+aJYPPwhEyNqdvMPMhB2pR3swohseKCOCVNR13U7l/HILA5huKcxo22fMGoouW8pG
+xTOqZg4VStOtFBYLdEficv3Qc/Zv67LnzV+RxPWocttSngFwgDyo18zXWCXUrJHE
+pMMDdsweAkAluBirCbSesQknkEFrM9egL7/XN2/QCShPK/Ks6Vj0pPhDGYQWl1oq
+PuePAt4mWUVb7H8JkwmuqQ+ZuihJJb8H/R+Rk/a4PtdlHoX9kVWuj81yNpORjlgc
+VBSPZSje9i2ix8skT6TE0pb/GBd6gwclGfOCYg5W210eowPSQEGg0F1uPTcFBkCy
+YPsDNHgqWi8caglv1lzm6SCaUSwJ7zkvBheutVRTmY25NxsVeLPUNR8TBPIOSyJN
+fL2cRHFqx/Ovm2PBwYVeUJ3GLPqJg581TfLeVehylV4Qs6OaEyMIeMi9JRYPzwgc
+brdRbuaYk643CkL7VWJQBwq3SgMaJ5Caf7CtvN+3ibExJWP0qGZZZ2Cfxaons/50
+CUoVOvEIrMyvvPQvuizNN7oODSyqXL9bSKGU6p67tjgJ1KNAHH4l/EBwjbQWSGFo
+YSB1c2VyMkBleGFtcGxlLmNvbYkCTgQTAQoAOBYhBK/jFeghVTG1mMA3YsHt3ZFs
+h8KmBQJpVIY2AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEMHt3ZFsh8Km
+qTYQAJT23H/ejbcpNL7bQTkg0v6MKtX5NiP4eujYAytBt+tNSU9CYRb9T52PWFec
+Oa87k7wi20FgC6/FA+dgfFGunxJ+V44i3+nVOjrmZ2KiIE6otqpuMQrjYaeRNVKj
+SwW+jb9tuUdQgelxhHWvsBUJE0Yn9nvm0DouP/oZeraerUF5KgDHSQIQ+d79J776
+RMR5D7Ucn56D9qRSwtzonNX1ZTVA/Rs9lP6y/gZClRU0Vx37HX9Xj+aLDh24F3vE
+vMVgFvivPhXlP+bss8eh1SDB777vGcXnxL5Lhcgbc3opDrpae4GNDgUqa8rEWzxl
+B189lvpd7dtS90CsfvoKvmj1tyC5M8itKL7V6CXVNEHiZmzO1Gqn5GB3FLrfR2qI
+QoXiyHFpaU2qiZajHkscfiNDRyG0RiCzNg29A1kZrNM2cWCMsLZSZaJUj4SXqt43
+f2HN9+Al1bWP21PKcSJyXsM1LQKjISfAFL1H7FKZmjFINFZKr+za2QYS+0xWV7Fa
+cNTN1XOZxfHH1/Bnw4denJhcfU6c/Uq1T0lQMIitVfi6faeghj2YRN2N92/eGFJr
+fgr1sSsfDnolBhKixt1vyqV252FFHrcgrQjIpHZmhj6b6tInw7+QBLd3mQ1nKmTm
+dXUkxvcJioIZFa4JwemaMOHOtlhbaw7RaDdFwIwuNirLn4DU
+=9to/
+-----END PGP PRIVATE KEY BLOCK-----
+`
+	block, err := armor.Decode(strings.NewReader(privateKeyring))
+	require.NoError(t, err)
+	keyring, err := openpgp.ReadKeyRing(block.Body)
+	require.NoError(t, err)
+	assert.Len(t, keyring, 1)
+
+	var verificationToken string
+	t.Run("No signature provided", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequestWithJSON(t, "POST", "/api/v1/user/gpg_keys", api.CreateGPGKeyOption{
+			ArmoredKey: publicKeyring,
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusNotFound)
+
+		var apiError context.APIError
+		DecodeJSON(t, resp, &apiError)
+
+		var ok bool
+		_, verificationToken, ok = strings.Cut(apiError.Message, ": ")
+		assert.True(t, ok)
+	})
+
+	t.Run("Signature provided", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		signatureOutput := &bytes.Buffer{}
+		require.NoError(t, openpgp.ArmoredDetachSign(signatureOutput, keyring[0], strings.NewReader(verificationToken), nil))
+
+		req := NewRequestWithJSON(t, "POST", "/api/v1/user/gpg_keys", api.CreateGPGKeyOption{
+			ArmoredKey: publicKeyring,
+			Signature:  signatureOutput.String(),
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+	})
+
+	t.Run("{user}.gpg", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2.gpg")
+		resp := session.MakeRequest(t, req, http.StatusOK)
+
+		assert.Equal(t, `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsFNBGlUhjYBEADHuyzOjbPk3U0qC85lGTecJBKb1CgUZ0xphv5wNg1TBzLjQLRB
+DzbnhGAROTjS08dESwrG5sf8lNKRRr9rRIKQ7p+OqhK2AkOqGC25vB6vJSBhUYNy
+UWDqV02XSmNy33FlwAgalIiff12hpZ+PctmzFcBY6TJ7Zh1dIKvS17CNZvkfjb/r
+m1r8VQk8I4qdgVUg8Ky898T8B6/sAHhKcDZNXXoOLpCCUsm6STCVlp+YE0fN3H6u
+UiyJ++zjrS85fzV9Ug+rDZr+V/ZiOc5e+mqIo51L9m9VfFsmZfJDZvPBcFJgcISv
+S7LySW/lJvZ+ntKoFANzxzlLOUNYWJv+X/tYzJIoiu4J9NAuUwieFU85CYNbz9aO
+7BUlVvNDVNn2sSTX/Aum9nqLvdi17pQRNmp7NFrmSzD9GbvD1G4C51tDesnCJI/j
+m5QQpor8PeiOAcaHey/GFIS0+e1nytT3RU72P8M22u44QVp+WSAeahnsEBHVLbA7
+BUoShykXul65d9Tko2H6lf4s5ggi66mXPvHH1O0Ry57JEcJVAFHpp+teckmXf8zD
+a+/ha4U+RtJkkJ4RI6mPrFnamx57mYPT2ji0igpU2paAtIGhbDxSi5UD3ZycdmDj
+Tw/uUTxl/lon+N7DVEFC+2F8HD2Aiw6TJ92AWs3CCZRsURMphH1W7cskvQARAQAB
+zRZIYWhhIHVzZXIyQGV4YW1wbGUuY29twsGOBBMBCgA4FiEEr+MV6CFVMbWYwDdi
+we3dkWyHwqYFAmlUhjYCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQwe3d
+kWyHwqapNhAAlPbcf96Ntyk0vttBOSDS/owq1fk2I/h66NgDK0G3601JT0JhFv1P
+nY9YV5w5rzuTvCLbQWALr8UD52B8Ua6fEn5XjiLf6dU6OuZnYqIgTqi2qm4xCuNh
+p5E1UqNLBb6Nv225R1CB6XGEda+wFQkTRif2e+bQOi4/+hl6tp6tQXkqAMdJAhD5
+3v0nvvpExHkPtRyfnoP2pFLC3Oic1fVlNUD9Gz2U/rL+BkKVFTRXHfsdf1eP5osO
+HbgXe8S8xWAW+K8+FeU/5uyzx6HVIMHvvu8ZxefEvkuFyBtzeikOulp7gY0OBSpr
+ysRbPGUHXz2W+l3t21L3QKx++gq+aPW3ILkzyK0ovtXoJdU0QeJmbM7UaqfkYHcU
+ut9HaohCheLIcWlpTaqJlqMeSxx+I0NHIbRGILM2Db0DWRms0zZxYIywtlJlolSP
+hJeq3jd/Yc334CXVtY/bU8pxInJewzUtAqMhJ8AUvUfsUpmaMUg0Vkqv7NrZBhL7
+TFZXsVpw1M3Vc5nF8cfX8GfDh16cmFx9Tpz9SrVPSVAwiK1V+Lp9p6CGPZhE3Y33
+b94YUmt+CvWxKx8OeiUGEqLG3W/KpXbnYUUetyCtCMikdmaGPpvq0ifDv5AEt3eZ
+DWcqZOZ1dSTG9wmKghkVrgnB6Zow4c62WFtrDtFoN0XAjC42KsufgNQ=
+=766/
+-----END PGP PUBLIC KEY BLOCK-----`, resp.Body.String())
+	})
+}

From 6f0d6b51f1832b78d4e3c73a8905fc7dbec2600e Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 30 Dec 2025 02:23:15 +0100
Subject: [PATCH 111/854] fix: load reviewer for pull review dismiss action
 notifier

This was implicitly loaded during the mail notifications notifier. If
you disable mail notifications on Forgejo then this will result in the
reviewer not being loaded and NPE.
---
 services/feed/action.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/services/feed/action.go b/services/feed/action.go
index 96de080691..96ed154064 100644
--- a/services/feed/action.go
+++ b/services/feed/action.go
@@ -308,6 +308,10 @@ func (*actionNotifier) AutoMergePullRequest(ctx context.Context, doer *user_mode
 }
 
 func (*actionNotifier) PullReviewDismiss(ctx context.Context, doer *user_model.User, review *issues_model.Review, comment *issues_model.Comment) {
+	if err := review.LoadReviewer(ctx); err != nil {
+		log.Error("LoadReviewer '%d/%d': %v", review.ID, review.ReviewerID, err)
+		return
+	}
 	reviewerName := review.Reviewer.Name
 	if len(review.OriginalAuthor) > 0 {
 		reviewerName = review.OriginalAuthor

From 9ede81a89fdd281f180e7ec9563ca47ee52540a1 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 6 Jan 2026 09:54:52 -0700
Subject: [PATCH 112/854] doc: add release notes for Jan 8 security release

---
 release-notes/10719.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 release-notes/10719.md

diff --git a/release-notes/10719.md b/release-notes/10719.md
new file mode 100644
index 0000000000..807e660339
--- /dev/null
+++ b/release-notes/10719.md
@@ -0,0 +1,5 @@
+fix: hide user profile anonymous options on public repo APIs
+fix: incorrect whitespace handling on pre&post receive hooks
+fix: reduce memory usage while processing large attachment uploads
+fix: load reviewer for pull review dismiss action notifier
+fix: use correct GPG key for export

From ef6debfc0263a87ce9d4ba721bf3e1d6daeac420 Mon Sep 17 00:00:00 2001
From: Luis <luis@adame.dev>
Date: Tue, 6 Jan 2026 20:03:58 +0100
Subject: [PATCH 113/854] fix(ui): actions list layout breakage with long
 content (#10648)

Fixes the layout of the actions list specifically when an action name is too long to be displayed within the column's constrained width.

I took the opportunity to add some ancillary improvements:
- Center elements vertically
- Space elements consistently: the error badge didn't have the same margin on the left like the disabled badge.

Fixes #4580

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10648
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Luis <luis@adame.dev>
Co-committed-by: Luis <luis@adame.dev>
---
 templates/repo/actions/list_inner.tmpl | 10 +++++++---
 web_src/css/actions.css                | 23 ++++++++++++++++++++++-
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/templates/repo/actions/list_inner.tmpl b/templates/repo/actions/list_inner.tmpl
index 207ca41c59..dce5e16e7b 100644
--- a/templates/repo/actions/list_inner.tmpl
+++ b/templates/repo/actions/list_inner.tmpl
@@ -1,12 +1,16 @@
 {{if .HasWorkflowsOrRuns}}
 <div class="ui stackable grid">
 	<div class="four wide column">
-		<div class="ui fluid vertical menu">
+		<div class="ui fluid vertical menu actions-menu">
 			<a class="item{{if not $.CurWorkflow}} active{{end}}" href="?actor={{$.CurActor}}&status={{$.CurStatus}}">{{ctx.Locale.Tr "actions.runs.all_workflows"}}</a>
 			{{range .workflows}}
-				<a class="item{{if eq .Entry.Name $.CurWorkflow}} active{{end}}" href="?workflow={{.Entry.Name}}&actor={{$.CurActor}}&status={{$.CurStatus}}">{{.Entry.Name}}
+				<a class="item{{if eq .Entry.Name $.CurWorkflow}} active{{end}}" href="?workflow={{.Entry.Name}}&actor={{$.CurActor}}&status={{$.CurStatus}}">
+					<span class="content" data-tooltip-content="{{.Entry.Name}}">
+						{{.Entry.Name}}
+					</span>
+
 					{{if .ErrMsg}}
-						<span data-tooltip-content="{{.ErrMsg}}">
+						<span class="error" data-tooltip-content="{{.ErrMsg}}">
 							{{svg "octicon-alert" 16 "text red"}}
 						</span>
 					{{end}}
diff --git a/web_src/css/actions.css b/web_src/css/actions.css
index 3992253eef..a9ff222e3c 100644
--- a/web_src/css/actions.css
+++ b/web_src/css/actions.css
@@ -55,7 +55,7 @@
 .run-list-item-right .run-list-meta {
   display: flex;
   flex-wrap: nowrap;
-  gap: .25rem;
+  gap: 0.25rem;
   align-items: center;
 }
 
@@ -107,3 +107,24 @@
     transform: rotate(-360deg);
   }
 }
+
+.ui.vertical.menu .item:not(:has(> :nth-child(1))),
+.ui.vertical.menu .item .content {
+  white-space: nowrap;
+  text-overflow: ellipsis;
+  overflow: hidden;
+}
+
+.ui.vertical.menu .item:has(.content) {
+  display: flex;
+}
+
+.ui.vertical.menu.actions-menu .item .error {
+  display: flex;
+  align-items: center;
+  margin-left: 1rem;
+}
+
+.ui.vertical.menu.actions-menu .item .label {
+  flex-shrink: 0;
+}

From b1e1984556a33a3b7c4ad6de4d67d2e0982d2f72 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Thu, 8 Jan 2026 09:56:38 +0100
Subject: [PATCH 114/854] chore(release-notes): Forgejo v11.0.9 (#10728)

https://codeberg.org/forgejo/forgejo/milestone/35400
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10728
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/11.0.9.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 release-notes-published/11.0.9.md

diff --git a/release-notes-published/11.0.9.md b/release-notes-published/11.0.9.md
new file mode 100644
index 0000000000..eb4b16626d
--- /dev/null
+++ b/release-notes-published/11.0.9.md
@@ -0,0 +1,17 @@
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10722): fix: hide user profile anonymous options on public repo APIs
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10722): fix: incorrect whitespace handling on pre&post receive hooks
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10722): fix: reduce memory usage while processing large attachment uploads
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10722): fix: load reviewer for pull review dismiss action notifier
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10722): fix: use correct GPG key for export
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10678) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10681)): <!--number 10681 --><!--line 0 --><!--description Zml4OiBkb24ndCBkdXBsaWNhdGUgY29tbWl0IHN0YXR1cyByZWNvcmRzIG9uIHdvcmtmbG93cyB3aXRoIGVtcHR5IG5hbWU=-->fix: don't duplicate commit status records on workflows with empty name<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10632) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10634)): <!--number 10634 --><!--line 0 --><!--description Zml4OiBidWlsZC1yZWxlYXNlIHdvcmtmbG93IHN0b3BzIGl0cyBvd24gZW5kLXRvLWVuZCBjaGVja3Mgd2hlbiBydW4gY29uY3VycmVudGx5-->fix: build-release workflow stops its own end-to-end checks when run concurrently<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10550) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10553)): <!--number 10553 --><!--line 0 --><!--description cG9ydChnaXRlYSk6IEZpeCBwYXNzd29yZCBsZWFrIGluIGxvZyBtZXNzYWdlcyAoZ28tZ2l0ZWEvZ2l0ZWEhMzU1ODQp-->port(gitea): Fix password leak in log messages (go-gitea/gitea!35584)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10304): <!--number 10304 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNSAodjExLjAvZm9yZ2Vqbyk=-->Update dependency go to v1.25.5 (v11.0/forgejo)<!--description-->
+<!--end release-notes-assistant-->

From c50166c28b160f41a0adc81d64645ff887a9ead1 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Thu, 8 Jan 2026 11:22:14 +0100
Subject: [PATCH 115/854] chore(release-notes): Forgejo v13.0.4 (#10730)

https://codeberg.org/forgejo/forgejo/milestone/35397
Co-authored-by: viceice <michael.kriese@gmx.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10730
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/13.0.4.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 release-notes-published/13.0.4.md

diff --git a/release-notes-published/13.0.4.md b/release-notes-published/13.0.4.md
new file mode 100644
index 0000000000..1883ba5d27
--- /dev/null
+++ b/release-notes-published/13.0.4.md
@@ -0,0 +1,28 @@
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes 
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10721): <!--number 10721 --><!--line 0 --><!--description aGlkZSB1c2VyIHByb2ZpbGUgYW5vbnltb3VzIG9wdGlvbnMgb24gcHVibGljIHJlcG8gQVBJcw==-->hide user profile anonymous options on public repo APIs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10721): <!--number 10721 --><!--line 1 --><!--description aW5jb3JyZWN0IHdoaXRlc3BhY2UgaGFuZGxpbmcgb24gcHJlJnBvc3QgcmVjZWl2ZSBob29rcw==-->incorrect whitespace handling on pre&post receive hooks<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10721): <!--number 10721 --><!--line 2 --><!--description cmVkdWNlIG1lbW9yeSB1c2FnZSB3aGlsZSBwcm9jZXNzaW5nIGxhcmdlIGF0dGFjaG1lbnQgdXBsb2Fkcw==-->reduce memory usage while processing large attachment uploads<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10721): <!--number 10721 --><!--line 3 --><!--description bG9hZCByZXZpZXdlciBmb3IgcHVsbCByZXZpZXcgZGlzbWlzcyBhY3Rpb24gbm90aWZpZXI=-->load reviewer for pull review dismiss action notifier<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10721): <!--number 10721 --><!--line 4 --><!--description dXNlIGNvcnJlY3QgR1BHIGtleSBmb3IgZXhwb3J0-->use correct GPG key for export<!--description-->
+- Localization
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10703): <!--number 10703 --><!--line 0 --><!--description VXBkYXRlcyBmcm9tIENvZGViZXJnIFRyYW5zbGF0ZTogWyMxMDcwM10oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL3B1bGxzLzEwNzAzKSAoYmFja3BvcnQgb2YgWyMxMDEzMV0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL3B1bGxzLzEwMTMxKSwgWyMxMDI0OV0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL3B1bGxzLzEwMjQ5KSk=-->Updates from Codeberg Translate: [#10703](https://codeberg.org/forgejo/forgejo/pulls/10703) (backport of [#10131](https://codeberg.org/forgejo/forgejo/pulls/10131), [#10249](https://codeberg.org/forgejo/forgejo/pulls/10249))<!--description-->
+- Features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9797): <!--number 9797 --><!--line 0 --><!--description ZmVhdDogYWxsb3cgd29ya2Zsb3dzIHRvIGNvbnRyb2wgY2FuY2VsbGF0aW9uIG9mIGV4aXN0aW5nIGpvYnM=-->feat: allow workflows to control cancellation of existing jobs<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10297) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10334)): <!--number 10334 --><!--line 0 --><!--description Zml4OiByZWR1Y2UgcnVudGltZSBvZiBjb250YWluZXIgY2xlYW51cCBieSByZWx5aW5nIG9uIG1hc3MgZGlnZXN0IGNsZWFudXA=-->fix: reduce runtime of container cleanup by relying on mass digest cleanup<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10225) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10229)): <!--number 10229 --><!--line 0 --><!--description Zml4OiBkb3dubG9hZCBsb2dzIG9mIGN1cnJlbnRseSBkaXNwbGF5ZWQgQWN0aW9uIHJ1biBhdHRlbXB0-->fix: download logs of currently displayed Action run attempt<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10678) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10680)): <!--number 10680 --><!--line 0 --><!--description Zml4OiBkb24ndCBkdXBsaWNhdGUgY29tbWl0IHN0YXR1cyByZWNvcmRzIG9uIHdvcmtmbG93cyB3aXRoIGVtcHR5IG5hbWU=-->fix: don't duplicate commit status records on workflows with empty name<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10692) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10693)): <!--number 10693 --><!--line 0 --><!--description Y2hvcmU6IGRvd25sb2FkIGdpdC1tYW4gb3ZlciBUTFM=-->chore: download git-man over TLS<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10632) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10637)): <!--number 10637 --><!--line 0 --><!--description Zml4OiBidWlsZC1yZWxlYXNlIHdvcmtmbG93IHN0b3BzIGl0cyBvd24gZW5kLXRvLWVuZCBjaGVja3Mgd2hlbiBydW4gY29uY3VycmVudGx5-->fix: build-release workflow stops its own end-to-end checks when run concurrently<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10550) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10554)): <!--number 10554 --><!--line 0 --><!--description cG9ydChnaXRlYSk6IEZpeCBwYXNzd29yZCBsZWFrIGluIGxvZyBtZXNzYWdlcyAoZ28tZ2l0ZWEvZ2l0ZWEhMzU1ODQp-->port(gitea): Fix password leak in log messages (go-gitea/gitea!35584)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10475) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10476)): <!--number 10476 --><!--line 0 --><!--description Zml4OiBkb24ndCBwdXNoIExGUyB3aGVuIHVzaW5nIFNTSCBhdXRoZW50aWNhdGlvbg==-->fix: don't push LFS when using SSH authentication<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10306): <!--number 10306 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNSAodjEzLjAvZm9yZ2Vqbyk=-->Update dependency go to v1.25.5 (v13.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10283): <!--number 10283 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWFya2Rvd25saW50LWNsaSB0byB2MC40Ni4wICh2MTMuMC9mb3JnZWpvKQ==-->Update dependency markdownlint-cli to v0.46.0 (v13.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10282): <!--number 10282 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVqcy9wbHVnaW4tdnVlIHRvIHY2LjAuMiAodjEzLjAvZm9yZ2Vqbyk=-->Update dependency @vitejs/plugin-vue to v6.0.2 (v13.0/forgejo)<!--description-->
+<!--end release-notes-assistant-->

From 616774969f62accccbf63a9fd62aea102d653926 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 8 Jan 2026 16:13:08 +0100
Subject: [PATCH 116/854] Update https://data.forgejo.org/actions/setup-forgejo
 action to v3.0.7 (forgejo) (#10619)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10619
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index e3cbd3b331..6461d456d4 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -29,7 +29,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.0.6
+        uses: https://data.forgejo.org/actions/setup-forgejo@v3.0.7
         with:
           user: root
           password: admin1234

From 3707f2e338e8bd0f307f830d9f9440eaec256419 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Thu, 8 Jan 2026 16:50:52 +0100
Subject: [PATCH 117/854] chore(renovate): use `forgejo-releases` datasource
 (#10731)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10731
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 .forgejo/workflows/release-notes-assistant-milestones.yml | 2 +-
 .forgejo/workflows/release-notes-assistant.yml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index 2baa279db4..41a409f110 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -6,7 +6,7 @@ on:
 
 env:
   RNA_WORKDIR: /srv/rna
-  RNA_VERSION: v1.4.2 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.4.2 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index ab6d5c58ec..c3084dbefe 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -8,7 +8,7 @@ on:
       - labeled
 
 env:
-  RNA_VERSION: v1.4.2 # renovate: datasource=gitea-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.4.2 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:

From 983a7c908cf392376e2e82d186e7d5fc28484f28 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 9 Jan 2026 02:59:24 +0100
Subject: [PATCH 118/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.5.0 (forgejo) (#10738)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.4.0` -> `v12.5.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.5.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.4.0/v12.5.0?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.5.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.5.0)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.4.0...v12.5.0)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1259): <!--number 1259 --><!--line 0 --><!--description ZmVhdDogaW50cm9kdWNlIGV4cGVyaW1lbnRhbCBjb21tYW5kIGNvbm5lY3Qgd2l0aCB0b2tlbiBvcHRpb24=-->feat: introduce experimental command connect with token option<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1232): <!--number 1232 --><!--line 0 --><!--description ZmVhdDogYWRkIE9JREMgd29ya2xvYWQgaWRlbnRpdHkgZmVkZXJhdGlvbiBzdXBwb3J0-->feat: add OIDC workload identity federation support<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1249): <!--number 1249 --><!--line 0 --><!--description ZmVhdDogaW5jbHVkZSBhdXRoIHRva2VuIHdoZW4gY2xvbmluZyBhY3Rpb25zIGZyb20gb3duIGluc3RhbmNl-->feat: include auth token when cloning actions from own instance<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1255): <!--number 1255 --><!--line 0 --><!--description Zml4OiBjbG9uZSBhY3Rpb25zIHdpdGggR2l0IGluc3RlYWQgb2YgZ28tZ2l0-->fix: clone actions with Git instead of go-git<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1257): <!--number 1257 --><!--line 0 --><!--description Zml4OiBob3N0LWJhc2VkIGV4ZWN1dG9yLCBjbGFyaWZ5IGVycm9yIG1lc3NhZ2UgZnJvbSBtaXNzaW5nIHdvcmtpbmctZGlyZWN0b3J5-->fix: host-based executor, clarify error message from missing working-directory<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1250): <!--number 1250 --><!--line 0 --><!--description Zml4OiBzdG9wIGNyZWF0aW9uIG9mIGJyYW5jaCBjYWxsZWQgSEVBRCBkdXJpbmcgZmV0Y2g=-->fix: stop creation of branch called HEAD during fetch<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1252): <!--number 1252 --><!--line 0 --><!--description ZG9jczogcmVtb3ZlICdyZXF1aXJlZCcgZmxhZyBmcm9tIHJldXNhYmxlIHdvcmtmbG93ICdydW5zLW9uJyBmaWVsZA==-->docs: remove 'required' flag from reusable workflow 'runs-on' field<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43MS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNzEuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10738
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 assets/go-licenses.json | 50 -----------------------------------------
 go.mod                  | 11 +--------
 go.sum                  | 36 ++---------------------------
 3 files changed, 3 insertions(+), 94 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 6f1e5d5225..2f8843be95 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -219,11 +219,6 @@
     "path": "connectrpc.com/connect/LICENSE",
     "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2021-2025 The Connect Authors\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
   },
-  {
-    "name": "dario.cat/mergo",
-    "path": "dario.cat/mergo/LICENSE",
-    "licenseText": "Copyright (c) 2013 Dario Castañé. All rights reserved.\nCopyright (c) 2012 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
-  },
   {
     "name": "filippo.io/edwards25519",
     "path": "filippo.io/edwards25519/LICENSE",
@@ -459,21 +454,6 @@
     "path": "github.com/cloudflare/circl/LICENSE",
     "licenseText": "Copyright (c) 2019 Cloudflare. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Cloudflare nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n========================================================================\n\nCopyright (c) 2009 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
-  {
-    "name": "github.com/cyphar/filepath-securejoin",
-    "path": "github.com/cyphar/filepath-securejoin/COPYING.md",
-    "licenseText": "## COPYING ##\n\n`SPDX-License-Identifier: BSD-3-Clause AND MPL-2.0`\n\nThis project is made up of code licensed under different licenses. Which code\nyou use will have an impact on whether only one or both licenses apply to your\nusage of this library.\n\nNote that **each file** in this project individually has a code comment at the\nstart describing the license of that particular file -- this is the most\naccurate license information of this project; in case there is any conflict\nbetween this document and the comment at the start of a file, the comment shall\ntake precedence. The only purpose of this document is to work around [a known\ntechnical limitation of pkg.go.dev's license checking tool when dealing with\nnon-trivial project licenses][go75067].\n\n[go75067]: https://go.dev/issue/75067\n\n### `BSD-3-Clause` ###\n\nAt time of writing, the following files and directories are licensed under the\nBSD-3-Clause license:\n\n * `doc.go`\n * `join*.go`\n * `vfs.go`\n * `internal/consts/*.go`\n * `pathrs-lite/internal/gocompat/*.go`\n * `pathrs-lite/internal/kernelversion/*.go`\n\nThe text of the BSD-3-Clause license used by this project is the following (the\ntext is also available from the [`LICENSE.BSD`](./LICENSE.BSD) file):\n\n```\nCopyright (C) 2014-2015 Docker Inc \u0026 Go Authors. All rights reserved.\nCopyright (C) 2017-2024 SUSE LLC. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n```\n\n### `MPL-2.0` ###\n\nAll other files (unless otherwise marked) are licensed under the Mozilla Public\nLicense (version 2.0).\n\nThe text of the Mozilla Public License (version 2.0) is the following (the text\nis also available from the [`LICENSE.MPL-2.0`](./LICENSE.MPL-2.0) file):\n\n```\nMozilla Public License Version 2.0\n==================================\n\n1. Definitions\n--------------\n\n1.1. \"Contributor\"\n    means each individual or legal entity that creates, contributes to\n    the creation of, or owns Covered Software.\n\n1.2. \"Contributor Version\"\n    means the combination of the Contributions of others (if any) used\n    by a Contributor and that particular Contributor's Contribution.\n\n1.3. \"Contribution\"\n    means Covered Software of a particular Contributor.\n\n1.4. \"Covered Software\"\n    means Source Code Form to which the initial Contributor has attached\n    the notice in Exhibit A, the Executable Form of such Source Code\n    Form, and Modifications of such Source Code Form, in each case\n    including portions thereof.\n\n1.5. \"Incompatible With Secondary Licenses\"\n    means\n\n    (a) that the initial Contributor has attached the notice described\n        in Exhibit B to the Covered Software; or\n\n    (b) that the Covered Software was made available under the terms of\n        version 1.1 or earlier of the License, but not also under the\n        terms of a Secondary License.\n\n1.6. \"Executable Form\"\n    means any form of the work other than Source Code Form.\n\n1.7. \"Larger Work\"\n    means a work that combines Covered Software with other material, in\n    a separate file or files, that is not Covered Software.\n\n1.8. \"License\"\n    means this document.\n\n1.9. \"Licensable\"\n    means having the right to grant, to the maximum extent possible,\n    whether at the time of the initial grant or subsequently, any and\n    all of the rights conveyed by this License.\n\n1.10. \"Modifications\"\n    means any of the following:\n\n    (a) any file in Source Code Form that results from an addition to,\n        deletion from, or modification of the contents of Covered\n        Software; or\n\n    (b) any new file in Source Code Form that contains any Covered\n        Software.\n\n1.11. \"Patent Claims\" of a Contributor\n    means any patent claim(s), including without limitation, method,\n    process, and apparatus claims, in any patent Licensable by such\n    Contributor that would be infringed, but for the grant of the\n    License, by the making, using, selling, offering for sale, having\n    made, import, or transfer of either its Contributions or its\n    Contributor Version.\n\n1.12. \"Secondary License\"\n    means either the GNU General Public License, Version 2.0, the GNU\n    Lesser General Public License, Version 2.1, the GNU Affero General\n    Public License, Version 3.0, or any later versions of those\n    licenses.\n\n1.13. \"Source Code Form\"\n    means the form of the work preferred for making modifications.\n\n1.14. \"You\" (or \"Your\")\n    means an individual or a legal entity exercising rights under this\n    License. For legal entities, \"You\" includes any entity that\n    controls, is controlled by, or is under common control with You. For\n    purposes of this definition, \"control\" means (a) the power, direct\n    or indirect, to cause the direction or management of such entity,\n    whether by contract or otherwise, or (b) ownership of more than\n    fifty percent (50%) of the outstanding shares or beneficial\n    ownership of such entity.\n\n2. License Grants and Conditions\n--------------------------------\n\n2.1. Grants\n\nEach Contributor hereby grants You a world-wide, royalty-free,\nnon-exclusive license:\n\n(a) under intellectual property rights (other than patent or trademark)\n    Licensable by such Contributor to use, reproduce, make available,\n    modify, display, perform, distribute, and otherwise exploit its\n    Contributions, either on an unmodified basis, with Modifications, or\n    as part of a Larger Work; and\n\n(b) under Patent Claims of such Contributor to make, use, sell, offer\n    for sale, have made, import, and otherwise transfer either its\n    Contributions or its Contributor Version.\n\n2.2. Effective Date\n\nThe licenses granted in Section 2.1 with respect to any Contribution\nbecome effective for each Contribution on the date the Contributor first\ndistributes such Contribution.\n\n2.3. Limitations on Grant Scope\n\nThe licenses granted in this Section 2 are the only rights granted under\nthis License. No additional rights or licenses will be implied from the\ndistribution or licensing of Covered Software under this License.\nNotwithstanding Section 2.1(b) above, no patent license is granted by a\nContributor:\n\n(a) for any code that a Contributor has removed from Covered Software;\n    or\n\n(b) for infringements caused by: (i) Your and any other third party's\n    modifications of Covered Software, or (ii) the combination of its\n    Contributions with other software (except as part of its Contributor\n    Version); or\n\n(c) under Patent Claims infringed by Covered Software in the absence of\n    its Contributions.\n\nThis License does not grant any rights in the trademarks, service marks,\nor logos of any Contributor (except as may be necessary to comply with\nthe notice requirements in Section 3.4).\n\n2.4. Subsequent Licenses\n\nNo Contributor makes additional grants as a result of Your choice to\ndistribute the Covered Software under a subsequent version of this\nLicense (see Section 10.2) or under the terms of a Secondary License (if\npermitted under the terms of Section 3.3).\n\n2.5. Representation\n\nEach Contributor represents that the Contributor believes its\nContributions are its original creation(s) or it has sufficient rights\nto grant the rights to its Contributions conveyed by this License.\n\n2.6. Fair Use\n\nThis License is not intended to limit any rights You have under\napplicable copyright doctrines of fair use, fair dealing, or other\nequivalents.\n\n2.7. Conditions\n\nSections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted\nin Section 2.1.\n\n3. Responsibilities\n-------------------\n\n3.1. Distribution of Source Form\n\nAll distribution of Covered Software in Source Code Form, including any\nModifications that You create or to which You contribute, must be under\nthe terms of this License. You must inform recipients that the Source\nCode Form of the Covered Software is governed by the terms of this\nLicense, and how they can obtain a copy of this License. You may not\nattempt to alter or restrict the recipients' rights in the Source Code\nForm.\n\n3.2. Distribution of Executable Form\n\nIf You distribute Covered Software in Executable Form then:\n\n(a) such Covered Software must also be made available in Source Code\n    Form, as described in Section 3.1, and You must inform recipients of\n    the Executable Form how they can obtain a copy of such Source Code\n    Form by reasonable means in a timely manner, at a charge no more\n    than the cost of distribution to the recipient; and\n\n(b) You may distribute such Executable Form under the terms of this\n    License, or sublicense it under different terms, provided that the\n    license for the Executable Form does not attempt to limit or alter\n    the recipients' rights in the Source Code Form under this License.\n\n3.3. Distribution of a Larger Work\n\nYou may create and distribute a Larger Work under terms of Your choice,\nprovided that You also comply with the requirements of this License for\nthe Covered Software. If the Larger Work is a combination of Covered\nSoftware with a work governed by one or more Secondary Licenses, and the\nCovered Software is not Incompatible With Secondary Licenses, this\nLicense permits You to additionally distribute such Covered Software\nunder the terms of such Secondary License(s), so that the recipient of\nthe Larger Work may, at their option, further distribute the Covered\nSoftware under the terms of either this License or such Secondary\nLicense(s).\n\n3.4. Notices\n\nYou may not remove or alter the substance of any license notices\n(including copyright notices, patent notices, disclaimers of warranty,\nor limitations of liability) contained within the Source Code Form of\nthe Covered Software, except that You may alter any license notices to\nthe extent required to remedy known factual inaccuracies.\n\n3.5. Application of Additional Terms\n\nYou may choose to offer, and to charge a fee for, warranty, support,\nindemnity or liability obligations to one or more recipients of Covered\nSoftware. However, You may do so only on Your own behalf, and not on\nbehalf of any Contributor. You must make it absolutely clear that any\nsuch warranty, support, indemnity, or liability obligation is offered by\nYou alone, and You hereby agree to indemnify every Contributor for any\nliability incurred by such Contributor as a result of warranty, support,\nindemnity or liability terms You offer. You may include additional\ndisclaimers of warranty and limitations of liability specific to any\njurisdiction.\n\n4. Inability to Comply Due to Statute or Regulation\n---------------------------------------------------\n\nIf it is impossible for You to comply with any of the terms of this\nLicense with respect to some or all of the Covered Software due to\nstatute, judicial order, or regulation then You must: (a) comply with\nthe terms of this License to the maximum extent possible; and (b)\ndescribe the limitations and the code they affect. Such description must\nbe placed in a text file included with all distributions of the Covered\nSoftware under this License. Except to the extent prohibited by statute\nor regulation, such description must be sufficiently detailed for a\nrecipient of ordinary skill to be able to understand it.\n\n5. Termination\n--------------\n\n5.1. The rights granted under this License will terminate automatically\nif You fail to comply with any of its terms. However, if You become\ncompliant, then the rights granted under this License from a particular\nContributor are reinstated (a) provisionally, unless and until such\nContributor explicitly and finally terminates Your grants, and (b) on an\nongoing basis, if such Contributor fails to notify You of the\nnon-compliance by some reasonable means prior to 60 days after You have\ncome back into compliance. Moreover, Your grants from a particular\nContributor are reinstated on an ongoing basis if such Contributor\nnotifies You of the non-compliance by some reasonable means, this is the\nfirst time You have received notice of non-compliance with this License\nfrom such Contributor, and You become compliant prior to 30 days after\nYour receipt of the notice.\n\n5.2. If You initiate litigation against any entity by asserting a patent\ninfringement claim (excluding declaratory judgment actions,\ncounter-claims, and cross-claims) alleging that a Contributor Version\ndirectly or indirectly infringes any patent, then the rights granted to\nYou by any and all Contributors for the Covered Software under Section\n2.1 of this License shall terminate.\n\n5.3. In the event of termination under Sections 5.1 or 5.2 above, all\nend user license agreements (excluding distributors and resellers) which\nhave been validly granted by You or Your distributors under this License\nprior to termination shall survive termination.\n\n************************************************************************\n*                                                                      *\n*  6. Disclaimer of Warranty                                           *\n*  -------------------------                                           *\n*                                                                      *\n*  Covered Software is provided under this License on an \"as is\"       *\n*  basis, without warranty of any kind, either expressed, implied, or  *\n*  statutory, including, without limitation, warranties that the       *\n*  Covered Software is free of defects, merchantable, fit for a        *\n*  particular purpose or non-infringing. The entire risk as to the     *\n*  quality and performance of the Covered Software is with You.        *\n*  Should any Covered Software prove defective in any respect, You     *\n*  (not any Contributor) assume the cost of any necessary servicing,   *\n*  repair, or correction. This disclaimer of warranty constitutes an   *\n*  essential part of this License. No use of any Covered Software is   *\n*  authorized under this License except under this disclaimer.         *\n*                                                                      *\n************************************************************************\n\n************************************************************************\n*                                                                      *\n*  7. Limitation of Liability                                          *\n*  --------------------------                                          *\n*                                                                      *\n*  Under no circumstances and under no legal theory, whether tort      *\n*  (including negligence), contract, or otherwise, shall any           *\n*  Contributor, or anyone who distributes Covered Software as          *\n*  permitted above, be liable to You for any direct, indirect,         *\n*  special, incidental, or consequential damages of any character      *\n*  including, without limitation, damages for lost profits, loss of    *\n*  goodwill, work stoppage, computer failure or malfunction, or any    *\n*  and all other commercial damages or losses, even if such party      *\n*  shall have been informed of the possibility of such damages. This   *\n*  limitation of liability shall not apply to liability for death or   *\n*  personal injury resulting from such party's negligence to the       *\n*  extent applicable law prohibits such limitation. Some               *\n*  jurisdictions do not allow the exclusion or limitation of           *\n*  incidental or consequential damages, so this exclusion and          *\n*  limitation may not apply to You.                                    *\n*                                                                      *\n************************************************************************\n\n8. Litigation\n-------------\n\nAny litigation relating to this License may be brought only in the\ncourts of a jurisdiction where the defendant maintains its principal\nplace of business and such litigation shall be governed by laws of that\njurisdiction, without reference to its conflict-of-law provisions.\nNothing in this Section shall prevent a party's ability to bring\ncross-claims or counter-claims.\n\n9. Miscellaneous\n----------------\n\nThis License represents the complete agreement concerning the subject\nmatter hereof. If any provision of this License is held to be\nunenforceable, such provision shall be reformed only to the extent\nnecessary to make it enforceable. Any law or regulation which provides\nthat the language of a contract shall be construed against the drafter\nshall not be used to construe this License against a Contributor.\n\n10. Versions of the License\n---------------------------\n\n10.1. New Versions\n\nMozilla Foundation is the license steward. Except as provided in Section\n10.3, no one other than the license steward has the right to modify or\npublish new versions of this License. Each version will be given a\ndistinguishing version number.\n\n10.2. Effect of New Versions\n\nYou may distribute the Covered Software under the terms of the version\nof the License under which You originally received the Covered Software,\nor under the terms of any subsequent version published by the license\nsteward.\n\n10.3. Modified Versions\n\nIf you create software not governed by this License, and you want to\ncreate a new license for such software, you may create and use a\nmodified version of this License if you rename the license and remove\nany references to the name of the license steward (except to note that\nsuch modified license differs from this License).\n\n10.4. Distributing Source Code Form that is Incompatible With Secondary\nLicenses\n\nIf You choose to distribute Source Code Form that is Incompatible With\nSecondary Licenses under the terms of this version of the License, the\nnotice described in Exhibit B of this License must be attached.\n\nExhibit A - Source Code Form License Notice\n-------------------------------------------\n\n  This Source Code Form is subject to the terms of the Mozilla Public\n  License, v. 2.0. If a copy of the MPL was not distributed with this\n  file, You can obtain one at https://mozilla.org/MPL/2.0/.\n\nIf it is not possible or desirable to put the notice in a particular\nfile, then You may include the notice in a location (such as a LICENSE\nfile in a relevant directory) where a recipient would be likely to look\nfor such a notice.\n\nYou may add additional accurate notices of copyright ownership.\n\nExhibit B - \"Incompatible With Secondary Licenses\" Notice\n---------------------------------------------------------\n\n  This Source Code Form is \"Incompatible With Secondary Licenses\", as\n  defined by the Mozilla Public License, v. 2.0.\n```\n"
-  },
-  {
-    "name": "github.com/cyphar/filepath-securejoin",
-    "path": "github.com/cyphar/filepath-securejoin/LICENSE.BSD",
-    "licenseText": "Copyright (C) 2014-2015 Docker Inc \u0026 Go Authors. All rights reserved.\nCopyright (C) 2017-2024 SUSE LLC. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
-  },
-  {
-    "name": "github.com/cyphar/filepath-securejoin",
-    "path": "github.com/cyphar/filepath-securejoin/LICENSE.MPL-2.0",
-    "licenseText": "Mozilla Public License Version 2.0\n==================================\n\n1. Definitions\n--------------\n\n1.1. \"Contributor\"\n    means each individual or legal entity that creates, contributes to\n    the creation of, or owns Covered Software.\n\n1.2. \"Contributor Version\"\n    means the combination of the Contributions of others (if any) used\n    by a Contributor and that particular Contributor's Contribution.\n\n1.3. \"Contribution\"\n    means Covered Software of a particular Contributor.\n\n1.4. \"Covered Software\"\n    means Source Code Form to which the initial Contributor has attached\n    the notice in Exhibit A, the Executable Form of such Source Code\n    Form, and Modifications of such Source Code Form, in each case\n    including portions thereof.\n\n1.5. \"Incompatible With Secondary Licenses\"\n    means\n\n    (a) that the initial Contributor has attached the notice described\n        in Exhibit B to the Covered Software; or\n\n    (b) that the Covered Software was made available under the terms of\n        version 1.1 or earlier of the License, but not also under the\n        terms of a Secondary License.\n\n1.6. \"Executable Form\"\n    means any form of the work other than Source Code Form.\n\n1.7. \"Larger Work\"\n    means a work that combines Covered Software with other material, in\n    a separate file or files, that is not Covered Software.\n\n1.8. \"License\"\n    means this document.\n\n1.9. \"Licensable\"\n    means having the right to grant, to the maximum extent possible,\n    whether at the time of the initial grant or subsequently, any and\n    all of the rights conveyed by this License.\n\n1.10. \"Modifications\"\n    means any of the following:\n\n    (a) any file in Source Code Form that results from an addition to,\n        deletion from, or modification of the contents of Covered\n        Software; or\n\n    (b) any new file in Source Code Form that contains any Covered\n        Software.\n\n1.11. \"Patent Claims\" of a Contributor\n    means any patent claim(s), including without limitation, method,\n    process, and apparatus claims, in any patent Licensable by such\n    Contributor that would be infringed, but for the grant of the\n    License, by the making, using, selling, offering for sale, having\n    made, import, or transfer of either its Contributions or its\n    Contributor Version.\n\n1.12. \"Secondary License\"\n    means either the GNU General Public License, Version 2.0, the GNU\n    Lesser General Public License, Version 2.1, the GNU Affero General\n    Public License, Version 3.0, or any later versions of those\n    licenses.\n\n1.13. \"Source Code Form\"\n    means the form of the work preferred for making modifications.\n\n1.14. \"You\" (or \"Your\")\n    means an individual or a legal entity exercising rights under this\n    License. For legal entities, \"You\" includes any entity that\n    controls, is controlled by, or is under common control with You. For\n    purposes of this definition, \"control\" means (a) the power, direct\n    or indirect, to cause the direction or management of such entity,\n    whether by contract or otherwise, or (b) ownership of more than\n    fifty percent (50%) of the outstanding shares or beneficial\n    ownership of such entity.\n\n2. License Grants and Conditions\n--------------------------------\n\n2.1. Grants\n\nEach Contributor hereby grants You a world-wide, royalty-free,\nnon-exclusive license:\n\n(a) under intellectual property rights (other than patent or trademark)\n    Licensable by such Contributor to use, reproduce, make available,\n    modify, display, perform, distribute, and otherwise exploit its\n    Contributions, either on an unmodified basis, with Modifications, or\n    as part of a Larger Work; and\n\n(b) under Patent Claims of such Contributor to make, use, sell, offer\n    for sale, have made, import, and otherwise transfer either its\n    Contributions or its Contributor Version.\n\n2.2. Effective Date\n\nThe licenses granted in Section 2.1 with respect to any Contribution\nbecome effective for each Contribution on the date the Contributor first\ndistributes such Contribution.\n\n2.3. Limitations on Grant Scope\n\nThe licenses granted in this Section 2 are the only rights granted under\nthis License. No additional rights or licenses will be implied from the\ndistribution or licensing of Covered Software under this License.\nNotwithstanding Section 2.1(b) above, no patent license is granted by a\nContributor:\n\n(a) for any code that a Contributor has removed from Covered Software;\n    or\n\n(b) for infringements caused by: (i) Your and any other third party's\n    modifications of Covered Software, or (ii) the combination of its\n    Contributions with other software (except as part of its Contributor\n    Version); or\n\n(c) under Patent Claims infringed by Covered Software in the absence of\n    its Contributions.\n\nThis License does not grant any rights in the trademarks, service marks,\nor logos of any Contributor (except as may be necessary to comply with\nthe notice requirements in Section 3.4).\n\n2.4. Subsequent Licenses\n\nNo Contributor makes additional grants as a result of Your choice to\ndistribute the Covered Software under a subsequent version of this\nLicense (see Section 10.2) or under the terms of a Secondary License (if\npermitted under the terms of Section 3.3).\n\n2.5. Representation\n\nEach Contributor represents that the Contributor believes its\nContributions are its original creation(s) or it has sufficient rights\nto grant the rights to its Contributions conveyed by this License.\n\n2.6. Fair Use\n\nThis License is not intended to limit any rights You have under\napplicable copyright doctrines of fair use, fair dealing, or other\nequivalents.\n\n2.7. Conditions\n\nSections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted\nin Section 2.1.\n\n3. Responsibilities\n-------------------\n\n3.1. Distribution of Source Form\n\nAll distribution of Covered Software in Source Code Form, including any\nModifications that You create or to which You contribute, must be under\nthe terms of this License. You must inform recipients that the Source\nCode Form of the Covered Software is governed by the terms of this\nLicense, and how they can obtain a copy of this License. You may not\nattempt to alter or restrict the recipients' rights in the Source Code\nForm.\n\n3.2. Distribution of Executable Form\n\nIf You distribute Covered Software in Executable Form then:\n\n(a) such Covered Software must also be made available in Source Code\n    Form, as described in Section 3.1, and You must inform recipients of\n    the Executable Form how they can obtain a copy of such Source Code\n    Form by reasonable means in a timely manner, at a charge no more\n    than the cost of distribution to the recipient; and\n\n(b) You may distribute such Executable Form under the terms of this\n    License, or sublicense it under different terms, provided that the\n    license for the Executable Form does not attempt to limit or alter\n    the recipients' rights in the Source Code Form under this License.\n\n3.3. Distribution of a Larger Work\n\nYou may create and distribute a Larger Work under terms of Your choice,\nprovided that You also comply with the requirements of this License for\nthe Covered Software. If the Larger Work is a combination of Covered\nSoftware with a work governed by one or more Secondary Licenses, and the\nCovered Software is not Incompatible With Secondary Licenses, this\nLicense permits You to additionally distribute such Covered Software\nunder the terms of such Secondary License(s), so that the recipient of\nthe Larger Work may, at their option, further distribute the Covered\nSoftware under the terms of either this License or such Secondary\nLicense(s).\n\n3.4. Notices\n\nYou may not remove or alter the substance of any license notices\n(including copyright notices, patent notices, disclaimers of warranty,\nor limitations of liability) contained within the Source Code Form of\nthe Covered Software, except that You may alter any license notices to\nthe extent required to remedy known factual inaccuracies.\n\n3.5. Application of Additional Terms\n\nYou may choose to offer, and to charge a fee for, warranty, support,\nindemnity or liability obligations to one or more recipients of Covered\nSoftware. However, You may do so only on Your own behalf, and not on\nbehalf of any Contributor. You must make it absolutely clear that any\nsuch warranty, support, indemnity, or liability obligation is offered by\nYou alone, and You hereby agree to indemnify every Contributor for any\nliability incurred by such Contributor as a result of warranty, support,\nindemnity or liability terms You offer. You may include additional\ndisclaimers of warranty and limitations of liability specific to any\njurisdiction.\n\n4. Inability to Comply Due to Statute or Regulation\n---------------------------------------------------\n\nIf it is impossible for You to comply with any of the terms of this\nLicense with respect to some or all of the Covered Software due to\nstatute, judicial order, or regulation then You must: (a) comply with\nthe terms of this License to the maximum extent possible; and (b)\ndescribe the limitations and the code they affect. Such description must\nbe placed in a text file included with all distributions of the Covered\nSoftware under this License. Except to the extent prohibited by statute\nor regulation, such description must be sufficiently detailed for a\nrecipient of ordinary skill to be able to understand it.\n\n5. Termination\n--------------\n\n5.1. The rights granted under this License will terminate automatically\nif You fail to comply with any of its terms. However, if You become\ncompliant, then the rights granted under this License from a particular\nContributor are reinstated (a) provisionally, unless and until such\nContributor explicitly and finally terminates Your grants, and (b) on an\nongoing basis, if such Contributor fails to notify You of the\nnon-compliance by some reasonable means prior to 60 days after You have\ncome back into compliance. Moreover, Your grants from a particular\nContributor are reinstated on an ongoing basis if such Contributor\nnotifies You of the non-compliance by some reasonable means, this is the\nfirst time You have received notice of non-compliance with this License\nfrom such Contributor, and You become compliant prior to 30 days after\nYour receipt of the notice.\n\n5.2. If You initiate litigation against any entity by asserting a patent\ninfringement claim (excluding declaratory judgment actions,\ncounter-claims, and cross-claims) alleging that a Contributor Version\ndirectly or indirectly infringes any patent, then the rights granted to\nYou by any and all Contributors for the Covered Software under Section\n2.1 of this License shall terminate.\n\n5.3. In the event of termination under Sections 5.1 or 5.2 above, all\nend user license agreements (excluding distributors and resellers) which\nhave been validly granted by You or Your distributors under this License\nprior to termination shall survive termination.\n\n************************************************************************\n*                                                                      *\n*  6. Disclaimer of Warranty                                           *\n*  -------------------------                                           *\n*                                                                      *\n*  Covered Software is provided under this License on an \"as is\"       *\n*  basis, without warranty of any kind, either expressed, implied, or  *\n*  statutory, including, without limitation, warranties that the       *\n*  Covered Software is free of defects, merchantable, fit for a        *\n*  particular purpose or non-infringing. The entire risk as to the     *\n*  quality and performance of the Covered Software is with You.        *\n*  Should any Covered Software prove defective in any respect, You     *\n*  (not any Contributor) assume the cost of any necessary servicing,   *\n*  repair, or correction. This disclaimer of warranty constitutes an   *\n*  essential part of this License. No use of any Covered Software is   *\n*  authorized under this License except under this disclaimer.         *\n*                                                                      *\n************************************************************************\n\n************************************************************************\n*                                                                      *\n*  7. Limitation of Liability                                          *\n*  --------------------------                                          *\n*                                                                      *\n*  Under no circumstances and under no legal theory, whether tort      *\n*  (including negligence), contract, or otherwise, shall any           *\n*  Contributor, or anyone who distributes Covered Software as          *\n*  permitted above, be liable to You for any direct, indirect,         *\n*  special, incidental, or consequential damages of any character      *\n*  including, without limitation, damages for lost profits, loss of    *\n*  goodwill, work stoppage, computer failure or malfunction, or any    *\n*  and all other commercial damages or losses, even if such party      *\n*  shall have been informed of the possibility of such damages. This   *\n*  limitation of liability shall not apply to liability for death or   *\n*  personal injury resulting from such party's negligence to the       *\n*  extent applicable law prohibits such limitation. Some               *\n*  jurisdictions do not allow the exclusion or limitation of           *\n*  incidental or consequential damages, so this exclusion and          *\n*  limitation may not apply to You.                                    *\n*                                                                      *\n************************************************************************\n\n8. Litigation\n-------------\n\nAny litigation relating to this License may be brought only in the\ncourts of a jurisdiction where the defendant maintains its principal\nplace of business and such litigation shall be governed by laws of that\njurisdiction, without reference to its conflict-of-law provisions.\nNothing in this Section shall prevent a party's ability to bring\ncross-claims or counter-claims.\n\n9. Miscellaneous\n----------------\n\nThis License represents the complete agreement concerning the subject\nmatter hereof. If any provision of this License is held to be\nunenforceable, such provision shall be reformed only to the extent\nnecessary to make it enforceable. Any law or regulation which provides\nthat the language of a contract shall be construed against the drafter\nshall not be used to construe this License against a Contributor.\n\n10. Versions of the License\n---------------------------\n\n10.1. New Versions\n\nMozilla Foundation is the license steward. Except as provided in Section\n10.3, no one other than the license steward has the right to modify or\npublish new versions of this License. Each version will be given a\ndistinguishing version number.\n\n10.2. Effect of New Versions\n\nYou may distribute the Covered Software under the terms of the version\nof the License under which You originally received the Covered Software,\nor under the terms of any subsequent version published by the license\nsteward.\n\n10.3. Modified Versions\n\nIf you create software not governed by this License, and you want to\ncreate a new license for such software, you may create and use a\nmodified version of this License if you rename the license and remove\nany references to the name of the license steward (except to note that\nsuch modified license differs from this License).\n\n10.4. Distributing Source Code Form that is Incompatible With Secondary\nLicenses\n\nIf You choose to distribute Source Code Form that is Incompatible With\nSecondary Licenses under the terms of this version of the License, the\nnotice described in Exhibit B of this License must be attached.\n\nExhibit A - Source Code Form License Notice\n-------------------------------------------\n\n  This Source Code Form is subject to the terms of the Mozilla Public\n  License, v. 2.0. If a copy of the MPL was not distributed with this\n  file, You can obtain one at https://mozilla.org/MPL/2.0/.\n\nIf it is not possible or desirable to put the notice in a particular\nfile, then You may include the notice in a location (such as a LICENSE\nfile in a relevant directory) where a recipient would be likely to look\nfor such a notice.\n\nYou may add additional accurate notices of copyright ownership.\n\nExhibit B - \"Incompatible With Secondary Licenses\" Notice\n---------------------------------------------------------\n\n  This Source Code Form is \"Incompatible With Secondary Licenses\", as\n  defined by the Mozilla Public License, v. 2.0.\n"
-  },
   {
     "name": "github.com/davecgh/go-spew/spew",
     "path": "github.com/davecgh/go-spew/spew/LICENSE",
@@ -549,11 +529,6 @@
     "path": "github.com/emersion/go-sasl/LICENSE",
     "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2016 emersion\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
   },
-  {
-    "name": "github.com/emirpasic/gods",
-    "path": "github.com/emirpasic/gods/LICENSE",
-    "licenseText": "Copyright (c) 2015, Emir Pasic\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n* Redistributions of source code must retain the above copyright notice, this\n  list of conditions and the following disclaimer.\n\n* Redistributions in binary form must reproduce the above copyright notice,\n  this list of conditions and the following disclaimer in the documentation\n  and/or other materials provided with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n-------------------------------------------------------------------------------\n\nAVL Tree:\n\nCopyright (c) 2017 Benjamin Scher Purcell \u003cbenjapurcell@gmail.com\u003e\n\nPermission to use, copy, modify, and distribute this software for any\npurpose with or without fee is hereby granted, provided that the above\ncopyright notice and this permission notice appear in all copies.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES\nWITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR\nANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES\nWHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN\nACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF\nOR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.\n"
-  },
   {
     "name": "github.com/fatih/color",
     "path": "github.com/fatih/color/LICENSE.md",
@@ -709,11 +684,6 @@
     "path": "github.com/golang/geo/LICENSE",
     "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
   },
-  {
-    "name": "github.com/golang/groupcache/lru",
-    "path": "github.com/golang/groupcache/lru/LICENSE",
-    "licenseText": "Apache License\nVersion 2.0, January 2004\nhttp://www.apache.org/licenses/\n\nTERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n1. Definitions.\n\n\"License\" shall mean the terms and conditions for use, reproduction, and\ndistribution as defined by Sections 1 through 9 of this document.\n\n\"Licensor\" shall mean the copyright owner or entity authorized by the copyright\nowner that is granting the License.\n\n\"Legal Entity\" shall mean the union of the acting entity and all other entities\nthat control, are controlled by, or are under common control with that entity.\nFor the purposes of this definition, \"control\" means (i) the power, direct or\nindirect, to cause the direction or management of such entity, whether by\ncontract or otherwise, or (ii) ownership of fifty percent (50%) or more of the\noutstanding shares, or (iii) beneficial ownership of such entity.\n\n\"You\" (or \"Your\") shall mean an individual or Legal Entity exercising\npermissions granted by this License.\n\n\"Source\" form shall mean the preferred form for making modifications, including\nbut not limited to software source code, documentation source, and configuration\nfiles.\n\n\"Object\" form shall mean any form resulting from mechanical transformation or\ntranslation of a Source form, including but not limited to compiled object code,\ngenerated documentation, and conversions to other media types.\n\n\"Work\" shall mean the work of authorship, whether in Source or Object form, made\navailable under the License, as indicated by a copyright notice that is included\nin or attached to the work (an example is provided in the Appendix below).\n\n\"Derivative Works\" shall mean any work, whether in Source or Object form, that\nis based on (or derived from) the Work and for which the editorial revisions,\nannotations, elaborations, or other modifications represent, as a whole, an\noriginal work of authorship. For the purposes of this License, Derivative Works\nshall not include works that remain separable from, or merely link (or bind by\nname) to the interfaces of, the Work and Derivative Works thereof.\n\n\"Contribution\" shall mean any work of authorship, including the original version\nof the Work and any modifications or additions to that Work or Derivative Works\nthereof, that is intentionally submitted to Licensor for inclusion in the Work\nby the copyright owner or by an individual or Legal Entity authorized to submit\non behalf of the copyright owner. For the purposes of this definition,\n\"submitted\" means any form of electronic, verbal, or written communication sent\nto the Licensor or its representatives, including but not limited to\ncommunication on electronic mailing lists, source code control systems, and\nissue tracking systems that are managed by, or on behalf of, the Licensor for\nthe purpose of discussing and improving the Work, but excluding communication\nthat is conspicuously marked or otherwise designated in writing by the copyright\nowner as \"Not a Contribution.\"\n\n\"Contributor\" shall mean Licensor and any individual or Legal Entity on behalf\nof whom a Contribution has been received by Licensor and subsequently\nincorporated within the Work.\n\n2. Grant of Copyright License.\n\nSubject to the terms and conditions of this License, each Contributor hereby\ngrants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,\nirrevocable copyright license to reproduce, prepare Derivative Works of,\npublicly display, publicly perform, sublicense, and distribute the Work and such\nDerivative Works in Source or Object form.\n\n3. Grant of Patent License.\n\nSubject to the terms and conditions of this License, each Contributor hereby\ngrants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,\nirrevocable (except as stated in this section) patent license to make, have\nmade, use, offer to sell, sell, import, and otherwise transfer the Work, where\nsuch license applies only to those patent claims licensable by such Contributor\nthat are necessarily infringed by their Contribution(s) alone or by combination\nof their Contribution(s) with the Work to which such Contribution(s) was\nsubmitted. If You institute patent litigation against any entity (including a\ncross-claim or counterclaim in a lawsuit) alleging that the Work or a\nContribution incorporated within the Work constitutes direct or contributory\npatent infringement, then any patent licenses granted to You under this License\nfor that Work shall terminate as of the date such litigation is filed.\n\n4. Redistribution.\n\nYou may reproduce and distribute copies of the Work or Derivative Works thereof\nin any medium, with or without modifications, and in Source or Object form,\nprovided that You meet the following conditions:\n\nYou must give any other recipients of the Work or Derivative Works a copy of\nthis License; and\nYou must cause any modified files to carry prominent notices stating that You\nchanged the files; and\nYou must retain, in the Source form of any Derivative Works that You distribute,\nall copyright, patent, trademark, and attribution notices from the Source form\nof the Work, excluding those notices that do not pertain to any part of the\nDerivative Works; and\nIf the Work includes a \"NOTICE\" text file as part of its distribution, then any\nDerivative Works that You distribute must include a readable copy of the\nattribution notices contained within such NOTICE file, excluding those notices\nthat do not pertain to any part of the Derivative Works, in at least one of the\nfollowing places: within a NOTICE text file distributed as part of the\nDerivative Works; within the Source form or documentation, if provided along\nwith the Derivative Works; or, within a display generated by the Derivative\nWorks, if and wherever such third-party notices normally appear. The contents of\nthe NOTICE file are for informational purposes only and do not modify the\nLicense. You may add Your own attribution notices within Derivative Works that\nYou distribute, alongside or as an addendum to the NOTICE text from the Work,\nprovided that such additional attribution notices cannot be construed as\nmodifying the License.\nYou may add Your own copyright statement to Your modifications and may provide\nadditional or different license terms and conditions for use, reproduction, or\ndistribution of Your modifications, or for any such Derivative Works as a whole,\nprovided Your use, reproduction, and distribution of the Work otherwise complies\nwith the conditions stated in this License.\n\n5. Submission of Contributions.\n\nUnless You explicitly state otherwise, any Contribution intentionally submitted\nfor inclusion in the Work by You to the Licensor shall be under the terms and\nconditions of this License, without any additional terms or conditions.\nNotwithstanding the above, nothing herein shall supersede or modify the terms of\nany separate license agreement you may have executed with Licensor regarding\nsuch Contributions.\n\n6. Trademarks.\n\nThis License does not grant permission to use the trade names, trademarks,\nservice marks, or product names of the Licensor, except as required for\nreasonable and customary use in describing the origin of the Work and\nreproducing the content of the NOTICE file.\n\n7. Disclaimer of Warranty.\n\nUnless required by applicable law or agreed to in writing, Licensor provides the\nWork (and each Contributor provides its Contributions) on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,\nincluding, without limitation, any warranties or conditions of TITLE,\nNON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are\nsolely responsible for determining the appropriateness of using or\nredistributing the Work and assume any risks associated with Your exercise of\npermissions under this License.\n\n8. Limitation of Liability.\n\nIn no event and under no legal theory, whether in tort (including negligence),\ncontract, or otherwise, unless required by applicable law (such as deliberate\nand grossly negligent acts) or agreed to in writing, shall any Contributor be\nliable to You for damages, including any direct, indirect, special, incidental,\nor consequential damages of any character arising as a result of this License or\nout of the use or inability to use the Work (including but not limited to\ndamages for loss of goodwill, work stoppage, computer failure or malfunction, or\nany and all other commercial damages or losses), even if such Contributor has\nbeen advised of the possibility of such damages.\n\n9. Accepting Warranty or Additional Liability.\n\nWhile redistributing the Work or Derivative Works thereof, You may choose to\noffer, and charge a fee for, acceptance of support, warranty, indemnity, or\nother liability obligations and/or rights consistent with this License. However,\nin accepting such obligations, You may act only on Your own behalf and on Your\nsole responsibility, not on behalf of any other Contributor, and only if You\nagree to indemnify, defend, and hold each Contributor harmless for any liability\nincurred by, or claims asserted against, such Contributor by reason of your\naccepting any such warranty or additional liability.\n\nEND OF TERMS AND CONDITIONS\n\nAPPENDIX: How to apply the Apache License to your work\n\nTo apply the Apache License to your work, attach the following boilerplate\nnotice, with the fields enclosed by brackets \"[]\" replaced with your own\nidentifying information. (Don't include the brackets!) The text should be\nenclosed in the appropriate comment syntax for the file format. We also\nrecommend that a file or class name and description of purpose be included on\nthe same \"printed page\" as the copyright notice for easier identification within\nthird-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n     http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
-  },
   {
     "name": "github.com/golang/snappy",
     "path": "github.com/golang/snappy/LICENSE",
@@ -859,11 +829,6 @@
     "path": "github.com/kballard/go-shellquote/LICENSE",
     "licenseText": "Copyright (C) 2014 Kevin Ballard\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the \"Software\"),\nto deal in the Software without restriction, including without limitation\nthe rights to use, copy, modify, merge, publish, distribute, sublicense,\nand/or sell copies of the Software, and to permit persons to whom the\nSoftware is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included\nin all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES\nOF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.\nIN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,\nDAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,\nTORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE\nOR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
   },
-  {
-    "name": "github.com/kevinburke/ssh_config",
-    "path": "github.com/kevinburke/ssh_config/LICENSE",
-    "licenseText": "Copyright (c) 2017 Kevin Burke.\n\nPermission is hereby granted, free of charge, to any person\nobtaining a copy of this software and associated documentation\nfiles (the \"Software\"), to deal in the Software without\nrestriction, including without limitation the rights to use,\ncopy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the\nSoftware is furnished to do so, subject to the following\nconditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES\nOF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\nHOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,\nWHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\nFROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR\nOTHER DEALINGS IN THE SOFTWARE.\n\n===================\n\nThe lexer and parser borrow heavily from github.com/pelletier/go-toml. The\nlicense for that project is copied below.\n\nThe MIT License (MIT)\n\nCopyright (c) 2013 - 2017 Thomas Pelletier, Eric Anderton\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
-  },
   {
     "name": "github.com/klauspost/compress",
     "path": "github.com/klauspost/compress/LICENSE",
@@ -1069,11 +1034,6 @@
     "path": "github.com/pierrec/lz4/v4/LICENSE",
     "licenseText": "Copyright (c) 2015, Pierre Curto\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n* Redistributions of source code must retain the above copyright notice, this\n  list of conditions and the following disclaimer.\n\n* Redistributions in binary form must reproduce the above copyright notice,\n  this list of conditions and the following disclaimer in the documentation\n  and/or other materials provided with the distribution.\n\n* Neither the name of xxHash nor the names of its\n  contributors may be used to endorse or promote products derived from\n  this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n"
   },
-  {
-    "name": "github.com/pjbgf/sha1cd",
-    "path": "github.com/pjbgf/sha1cd/LICENSE",
-    "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2023 pjbgf\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
-  },
   {
     "name": "github.com/pkg/errors",
     "path": "github.com/pkg/errors/LICENSE",
@@ -1154,11 +1114,6 @@
     "path": "github.com/sirupsen/logrus/LICENSE",
     "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2014 Simon Eskildsen\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n"
   },
-  {
-    "name": "github.com/skeema/knownhosts",
-    "path": "github.com/skeema/knownhosts/LICENSE",
-    "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"{}\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright {yyyy} {name of copyright owner}\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
-  },
   {
     "name": "github.com/sorairolake/lzip-go",
     "path": "github.com/sorairolake/lzip-go/LICENSE-APACHE",
@@ -1209,11 +1164,6 @@
     "path": "github.com/x448/float16/LICENSE",
     "licenseText": "MIT License\n\nCopyright (c) 2019 Montgomery Edwards⁴⁴⁸ and Faye Amacker\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n"
   },
-  {
-    "name": "github.com/xanzy/ssh-agent",
-    "path": "github.com/xanzy/ssh-agent/LICENSE",
-    "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"{}\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright {yyyy} {name of copyright owner}\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n\n"
-  },
   {
     "name": "github.com/yohcop/openid-go",
     "path": "github.com/yohcop/openid-go/LICENSE",
diff --git a/go.mod b/go.mod
index 0f36991e35..291f83c6af 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.4.0
+	code.forgejo.org/forgejo/runner/v12 v12.5.0
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
@@ -120,10 +120,8 @@ require (
 require (
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
 	code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0 // indirect
-	dario.cat/mergo v1.0.2 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
-	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/RoaringBitmap/roaring/v2 v2.4.5 // indirect
 	github.com/STARRY-S/zip v0.2.3 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
@@ -159,7 +157,6 @@ require (
 	github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudflare/circl v1.6.1 // indirect
-	github.com/cyphar/filepath-securejoin v0.6.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/davidmz/go-pageant v1.0.2 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
@@ -169,7 +166,6 @@ require (
 	github.com/dsoprea/go-photoshop-info-format v0.0.0-20200609050348-3db9b63b202c // indirect
 	github.com/dsoprea/go-utility/v2 v2.0.0-20221003172846-a3e1774ef349 // indirect
 	github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43 // indirect
-	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
 	github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7 // indirect
@@ -195,7 +191,6 @@ require (
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
 	github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect
-	github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
@@ -211,7 +206,6 @@ require (
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/kevinburke/ssh_config v1.2.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/libdns/libdns v1.0.0 // indirect
@@ -239,7 +233,6 @@ require (
 	github.com/onsi/ginkgo v1.16.5 // indirect
 	github.com/philhofer/fwd v1.2.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.22 // indirect
-	github.com/pjbgf/sha1cd v0.3.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
@@ -249,13 +242,11 @@ require (
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rs/xid v1.6.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/skeema/knownhosts v1.3.1 // indirect
 	github.com/sorairolake/lzip-go v0.3.8 // indirect
 	github.com/spf13/afero v1.15.0 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
 	github.com/tinylib/msgp v1.3.0 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/zeebo/assert v1.3.0 // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
 	go.etcd.io/bbolt v1.4.3 // indirect
diff --git a/go.sum b/go.sum
index 1fcb9176eb..4d5f2d019e 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.4.0 h1:FNEUh368GMnyRxXrzQ3rQITV68b0Z3DKWsCeTGKzxF8=
-code.forgejo.org/forgejo/runner/v12 v12.4.0/go.mod h1:GwKqxU5CIkpUSBnOCwmT9GRpz2V4mdfdp9LQEKQ70HE=
+code.forgejo.org/forgejo/runner/v12 v12.5.0 h1:/ZHlKlDZBAjd6CNFLd53n/FtFSoqlZg3Z3oZ5b/9uUg=
+code.forgejo.org/forgejo/runner/v12 v12.5.0/go.mod h1:GwKqxU5CIkpUSBnOCwmT9GRpz2V4mdfdp9LQEKQ70HE=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=
@@ -56,8 +56,6 @@ codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570 h1:TXbikPqa7YRtf
 codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570/go.mod h1:IIAjsijsd8q1isWX8MACefDEgTQslQ4stk2AeeTt3kM=
 connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
 connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
-dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
-dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
@@ -73,9 +71,6 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
-github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
 github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw=
 github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
 github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
@@ -102,8 +97,6 @@ github.com/andybalholm/cascadia v1.3.3 h1:AG2YHrzJIm4BZ19iwJ/DAua6Btl3IwJX+VI4kk
 github.com/andybalholm/cascadia v1.3.3/go.mod h1:xNd9bqTn98Ln4DwST8/nG+H0yuB8Hmgu1YHNnWw0GeA=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
 github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
-github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
-github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk=
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
@@ -192,8 +185,6 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
 github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/cyphar/filepath-securejoin v0.6.0 h1:BtGB77njd6SVO6VztOHfPxKitJvd/VPT+OFBFMOi1Is=
-github.com/cyphar/filepath-securejoin v0.6.0/go.mod h1:A8hd4EnAeyujCJRrICiOWqjS1AX0a9kM5XL+NwKoYSc=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -241,8 +232,6 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/editorconfig/editorconfig-core-go/v2 v2.6.4 h1:CHwUbBVVyKWRX9kt5A/OtwhYUJB32DrFp9xzmjR6cac=
 github.com/editorconfig/editorconfig-core-go/v2 v2.6.4/go.mod h1:JWRVKHdVW+dkv6F8p+xGCa6a+TyMrqsFbFkSs/aQkrQ=
-github.com/elazarl/goproxy v1.7.2 h1:Y2o6urb7Eule09PjlhQRGNsqRfPmYI3KKQLFpCAV3+o=
-github.com/elazarl/goproxy v1.7.2/go.mod h1:82vkLNir0ALaW14Rc399OTTjyNREgmdL2cVoIbS6XaE=
 github.com/emersion/go-imap v1.2.1 h1:+s9ZjMEjOB8NzZMVTM3cCenz2JrQIGGo5j1df19WjTA=
 github.com/emersion/go-imap v1.2.1/go.mod h1:Qlx1FSx2FTxjnjWpIlVNEuX+ylerZQNFE5NsmKFSejY=
 github.com/emersion/go-message v0.15.0/go.mod h1:wQUEfE+38+7EW8p8aZ96ptg6bAb1iwdgej19uXASlE4=
@@ -250,8 +239,6 @@ github.com/emersion/go-sasl v0.0.0-20200509203442-7bfe0ed36a21/go.mod h1:iL2twTe
 github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43 h1:hH4PQfOndHDlpzYfLAAfl63E8Le6F2+EL/cdhlkyRJY=
 github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ=
 github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594/go.mod h1:aqO8z8wPrjkscevZJFVE1wXJrLpC5LtJG7fqLOsPb2U=
-github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
-github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
@@ -297,8 +284,6 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
 github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
-github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4=
-github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII=
 github.com/go-git/go-git/v5 v5.16.3 h1:Z8BtvxZ09bYm/yYNgPKCzgWtaRqDTgIKRgIRHBfU6Z8=
 github.com/go-git/go-git/v5 v5.16.3/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -369,8 +354,6 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfU
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ=
-github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
@@ -492,8 +475,6 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
-github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
-github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
 github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
@@ -608,8 +589,6 @@ github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM=
 github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
 github.com/pierrec/lz4/v4 v4.1.22 h1:cKFw6uJDK+/gfw5BcDL0JL5aBsAFdsIT18eRtLj7VIU=
 github.com/pierrec/lz4/v4 v4.1.22/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pjbgf/sha1cd v0.3.2 h1:a9wb0bp1oC2TGwStyn0Umc/IGKQnEgF0vVaZ8QF8eo4=
-github.com/pjbgf/sha1cd v0.3.2/go.mod h1:zQWigSxVmsHEZow5qaLtPYxpcKMMQpa09ixqBxuCS6A=
 github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
@@ -651,11 +630,8 @@ github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCw
 github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs=
 github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
 github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
-github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
 github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
-github.com/skeema/knownhosts v1.3.1 h1:X2osQ+RAjK76shCbvhHHHVl3ZlgDm8apHEHFqRjnBY8=
-github.com/skeema/knownhosts v1.3.1/go.mod h1:r7KTdC8l4uxWRyK2TpQZ/1o5HaSzh06ePQNxPwTcfiY=
 github.com/sorairolake/lzip-go v0.3.8 h1:j5Q2313INdTA80ureWYRhX+1K78mUXfMoPZCw/ivWik=
 github.com/sorairolake/lzip-go v0.3.8/go.mod h1:JcBqGMV0frlxwrsE9sMWXDjqn3EeVf0/54YPsw66qkU=
 github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
@@ -667,7 +643,6 @@ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSS
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
 github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
@@ -692,8 +667,6 @@ github.com/valyala/fastjson v1.6.7 h1:ZE4tRy0CIkh+qDc5McjatheGX2czdn8slQjomexVpB
 github.com/valyala/fastjson v1.6.7/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
-github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
-github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
 github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
 github.com/yohcop/openid-go v1.0.1 h1:DPRd3iPO5F6O5zX2e62XpVAbPT6wV51cuucH0z9g3js=
@@ -745,7 +718,6 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
@@ -810,7 +782,6 @@ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/
 golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
@@ -856,7 +827,6 @@ golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -865,9 +835,7 @@ golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

From 95601d16476a7809a8ca1c8ee267857a7bca78c1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 9 Jan 2026 06:52:54 +0100
Subject: [PATCH 119/854] Update dependency forgejo/release-notes-assistant to
 v1.4.3 (forgejo) (#10737)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10737
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/release-notes-assistant-milestones.yml | 2 +-
 .forgejo/workflows/release-notes-assistant.yml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index 41a409f110..f5552e387d 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -6,7 +6,7 @@ on:
 
 env:
   RNA_WORKDIR: /srv/rna
-  RNA_VERSION: v1.4.2 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.4.3 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index c3084dbefe..7207311a48 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -8,7 +8,7 @@ on:
       - labeled
 
 env:
-  RNA_VERSION: v1.4.2 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.4.3 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:

From af4442d72dc3fcf9c5c1d0baaa0c6d2037075bc5 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 9 Jan 2026 13:37:35 +0100
Subject: [PATCH 120/854] Update dependency forgejo/release-notes-assistant to
 v1.5.0 (forgejo) (#10749)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10749
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/release-notes-assistant-milestones.yml | 2 +-
 .forgejo/workflows/release-notes-assistant.yml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index f5552e387d..3cdf61f3ad 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -6,7 +6,7 @@ on:
 
 env:
   RNA_WORKDIR: /srv/rna
-  RNA_VERSION: v1.4.3 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.5.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index 7207311a48..5941d5078c 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -8,7 +8,7 @@ on:
       - labeled
 
 env:
-  RNA_VERSION: v1.4.3 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.5.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:

From ed63f06d79b623b039b395abeef95529b2dc1a2c Mon Sep 17 00:00:00 2001
From: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Date: Fri, 9 Jan 2026 17:49:29 +0100
Subject: [PATCH 121/854] Move web app manifest to a own cache-able route and
 add a setting to set `"display": "standalone"`; Closes #2638 (#5384)

This PR does three things:
- First it moves the inline web app manifest into its own route `/manifest.json`
- Secondly, it add a setting `pwa.STANDALONE` that can be set to `true` if one wants users to be allowed to "install" forgejo as an pwa into their browser. This usually means an "install app" button, which essentially just creates an shortcut to use a single-tab window for browsing the app / forgejo.
- Thirdly since we have now an extra route, it checks if someone placed a `public/manifest.json` in forgejo's custom path; if yes, it's content is served instead. This allows more customization without the need on our side to completly implement every nuance of web app manifests.

This closes issue #2638

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs/pulls/1669) to explain to Forgejo users how to use this change.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [x] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5384): <!--number 5384 --><!--line 0 --><!--description W2FsbG93IGZvcmdlam8gdG8gcnVuIGFzIGEgcHdhIHN0YW5kYWxvbmUgYXBwbGljYXRpb24gJiBvdmVycmlkZSBvZiB0aGUgd2ViYXBwIG1hbmlmZXN0Lmpzb24gdmlhIHRoZSBhIGN1c3RvbSBmaWxlIGluIGBwdWJsaWMvbWFuaWZlc3QuanNvbmBdKGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8vZm9yZ2Vqby9wdWxscy81Mzg0KQ==-->[allow forgejo to run as a pwa standalone application & override of the webapp manifest.json via the a custom file in `public/manifest.json`](https://codeberg.org/forgejo/forgejo/pulls/5384)<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5384
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
---
 custom/conf/app.example.ini        |  9 ++++
 modules/setting/pwa.go             | 64 +++++++++++++++++++++++++
 modules/setting/server.go          | 48 +------------------
 modules/setting/setting.go         |  1 +
 modules/setting/setting_test.go    | 13 ++++-
 release-notes/5384.md              |  1 +
 routers/web/misc/misc.go           | 24 ++++++++++
 routers/web/web.go                 |  3 +-
 services/context/context.go        |  3 +-
 templates/base/head.tmpl           |  2 +-
 tests/integration/web_misc_test.go | 77 ++++++++++++++++++++++++++++++
 11 files changed, 193 insertions(+), 52 deletions(-)
 create mode 100644 modules/setting/pwa.go
 create mode 100644 release-notes/5384.md
 create mode 100644 tests/integration/web_misc_test.go

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 4ae02bb4c2..f9c7a666ce 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -2456,6 +2456,15 @@ LEVEL = Info
 ;; Enable/Disable RSS/Atom feed
 ;ENABLE_FEED = true
 
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;[pwa]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Enable standalone mode; this allows PWA enabled browsers to "install" the website as an progressive web app,
+;; by setting the https://developer.mozilla.org/en-US/docs/Web/Manifest/display property to "standalone".
+;STANDALONE = false
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[markup]
diff --git a/modules/setting/pwa.go b/modules/setting/pwa.go
new file mode 100644
index 0000000000..2c17efd715
--- /dev/null
+++ b/modules/setting/pwa.go
@@ -0,0 +1,64 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package setting
+
+import (
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/log"
+)
+
+type PwaConfig struct {
+	Standalone bool
+}
+
+var PWA = PwaConfig{
+	Standalone: false,
+}
+
+func loadPWAFrom(rootCfg ConfigProvider) {
+	sec := rootCfg.Section("pwa")
+	if err := sec.MapTo(&PWA); err != nil {
+		log.Fatal("Failed to map [pwa] settings: %v", err)
+	}
+}
+
+type manifestIcon struct {
+	Src   string `json:"src"`
+	Type  string `json:"type"`
+	Sizes string `json:"sizes"`
+}
+
+type manifestJSON struct {
+	Name      string         `json:"name"`
+	ShortName string         `json:"short_name"`
+	StartURL  string         `json:"start_url"`
+	Icons     []manifestIcon `json:"icons"`
+	Display   string         `json:"display,omitempty"`
+}
+
+func GetManifestJSON() ([]byte, error) {
+	manifest := manifestJSON{
+		Name:      AppName,
+		ShortName: AppName,
+		StartURL:  AppURL,
+		Icons: []manifestIcon{
+			{
+				Src:   AbsoluteAssetURL + "/assets/img/logo.png",
+				Type:  "image/png",
+				Sizes: "512x512",
+			},
+			{
+				Src:   AbsoluteAssetURL + "/assets/img/logo.svg",
+				Type:  "image/svg+xml",
+				Sizes: "512x512",
+			},
+		},
+	}
+
+	if PWA.Standalone {
+		manifest.Display = "standalone"
+	}
+
+	return json.Marshal(manifest)
+}
diff --git a/modules/setting/server.go b/modules/setting/server.go
index 3ff91d2cde..11c4ff8212 100644
--- a/modules/setting/server.go
+++ b/modules/setting/server.go
@@ -1,10 +1,10 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2024 The Forgejo Authors.
 // SPDX-License-Identifier: MIT
 
 package setting
 
 import (
-	"encoding/base64"
 	"net"
 	"net/url"
 	"path"
@@ -13,7 +13,6 @@ import (
 	"strings"
 	"time"
 
-	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/util"
 
@@ -111,50 +110,8 @@ var (
 	PerWritePerKbTimeout       = 10 * time.Second
 	StaticURLPrefix            string
 	AbsoluteAssetURL           string
-
-	ManifestData string
 )
 
-// MakeManifestData generates web app manifest JSON
-func MakeManifestData(appName, appURL, absoluteAssetURL string) []byte {
-	type manifestIcon struct {
-		Src   string `json:"src"`
-		Type  string `json:"type"`
-		Sizes string `json:"sizes"`
-	}
-
-	type manifestJSON struct {
-		Name      string         `json:"name"`
-		ShortName string         `json:"short_name"`
-		StartURL  string         `json:"start_url"`
-		Icons     []manifestIcon `json:"icons"`
-	}
-
-	bytes, err := json.Marshal(&manifestJSON{
-		Name:      appName,
-		ShortName: appName,
-		StartURL:  appURL,
-		Icons: []manifestIcon{
-			{
-				Src:   absoluteAssetURL + "/assets/img/logo.png",
-				Type:  "image/png",
-				Sizes: "512x512",
-			},
-			{
-				Src:   absoluteAssetURL + "/assets/img/logo.svg",
-				Type:  "image/svg+xml",
-				Sizes: "512x512",
-			},
-		},
-	})
-	if err != nil {
-		log.Error("unable to marshal manifest JSON. Error: %v", err)
-		return make([]byte, 0)
-	}
-
-	return bytes
-}
-
 // MakeAbsoluteAssetURL returns the absolute asset url prefix without a trailing slash
 func MakeAbsoluteAssetURL(appURL, staticURLPrefix string) string {
 	parsedPrefix, err := url.Parse(strings.TrimSuffix(staticURLPrefix, "/"))
@@ -311,9 +268,6 @@ func loadServerFrom(rootCfg ConfigProvider) {
 	AbsoluteAssetURL = MakeAbsoluteAssetURL(AppURL, StaticURLPrefix)
 	AssetVersion = strings.ReplaceAll(AppVer, "+", "~") // make sure the version string is clear (no real escaping is needed)
 
-	manifestBytes := MakeManifestData(AppName, AppURL, AbsoluteAssetURL)
-	ManifestData = `application/json;base64,` + base64.StdEncoding.EncodeToString(manifestBytes)
-
 	var defaultLocalURL string
 	switch Protocol {
 	case HTTPUnix:
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index 9644d9b83b..3904e29770 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -113,6 +113,7 @@ func loadCommonSettingsFrom(cfg ConfigProvider) error {
 	// WARNING: don't change the sequence except you know what you are doing.
 	loadRunModeFrom(cfg)
 	loadLogGlobalFrom(cfg)
+	loadPWAFrom(cfg)
 	loadServerFrom(cfg)
 	loadSSHFrom(cfg)
 
diff --git a/modules/setting/setting_test.go b/modules/setting/setting_test.go
index 1fef9e068a..9867b94aaf 100644
--- a/modules/setting/setting_test.go
+++ b/modules/setting/setting_test.go
@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	"forgejo.org/modules/json"
+	"forgejo.org/modules/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -29,10 +30,20 @@ func TestMakeAbsoluteAssetURL(t *testing.T) {
 }
 
 func TestMakeManifestData(t *testing.T) {
-	jsonBytes := MakeManifestData(`Example App '\"`, "https://example.com", "https://example.com/foo/bar")
+	jsonBytes, err := GetManifestJSON()
+	require.NoError(t, err)
 	assert.True(t, json.Valid(jsonBytes))
 }
 
+func TestMakeManifestDataStandalone(t *testing.T) {
+	defer test.MockVariableValue(&PWA.Standalone, true)()
+
+	jsonBytes, err := GetManifestJSON()
+	require.NoError(t, err)
+	assert.True(t, json.Valid(jsonBytes))
+	assert.Contains(t, string(jsonBytes), `"standalone"`)
+}
+
 func TestLoadServiceDomainListsForFederation(t *testing.T) {
 	oldAppURL := AppURL
 	oldFederation := Federation
diff --git a/release-notes/5384.md b/release-notes/5384.md
new file mode 100644
index 0000000000..7eae859176
--- /dev/null
+++ b/release-notes/5384.md
@@ -0,0 +1 @@
+feat: [allow forgejo to run as a pwa standalone application & override of the webapp manifest.json via the a custom file in `public/manifest.json`](https://codeberg.org/forgejo/forgejo/pulls/5384)
\ No newline at end of file
diff --git a/routers/web/misc/misc.go b/routers/web/misc/misc.go
index 22fdccf79f..2eb12846ae 100644
--- a/routers/web/misc/misc.go
+++ b/routers/web/misc/misc.go
@@ -1,4 +1,5 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2026 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package misc
@@ -28,6 +29,29 @@ func DummyOK(w http.ResponseWriter, req *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }
 
+func ManifestJSON(w http.ResponseWriter, req *http.Request) {
+	httpcache.SetCacheControlInHeader(w.Header(), setting.StaticCacheTime)
+	w.Header().Add("content-type", "application/manifest+json;charset=UTF-8")
+
+	manifestJSON := util.FilePathJoinAbs(setting.CustomPath, "public/manifest.json")
+	if ok, _ := util.IsExist(manifestJSON); ok {
+		http.ServeFile(w, req, manifestJSON)
+		return
+	}
+
+	bytes, err := setting.GetManifestJSON()
+	if err != nil {
+		log.Error("unable to marshal manifest JSON. Error: %v", err)
+		w.WriteHeader(http.StatusInternalServerError)
+		return
+	}
+
+	if _, err := w.Write(bytes); err != nil {
+		log.Error("unable to write manifest JSON. Error: %v", err)
+		return
+	}
+}
+
 func StaticRedirect(target string) func(w http.ResponseWriter, req *http.Request) {
 	return func(w http.ResponseWriter, req *http.Request) {
 		http.Redirect(w, req, path.Join(setting.StaticURLPrefix, target), http.StatusMovedPermanently)
diff --git a/routers/web/web.go b/routers/web/web.go
index 4e10dcc67b..1485579b1d 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1,5 +1,5 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// Copyright 2023 The Forgejo Authors. All rights reserved.
+// Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package web
@@ -278,6 +278,7 @@ func Routes() *web.Route {
 	}
 
 	routes.Methods("GET,HEAD", "/robots.txt", append(mid, misc.RobotsTxt)...)
+	routes.Methods("GET,HEAD", "/manifest.json", append(mid, misc.ManifestJSON)...)
 	routes.Get("/ssh_info", misc.SSHInfo)
 	routes.Get("/api/healthz", healthcheck.Check)
 
diff --git a/services/context/context.go b/services/context/context.go
index c8a3a71a2e..6c83ca5d02 100644
--- a/services/context/context.go
+++ b/services/context/context.go
@@ -1,5 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2020 The Gitea Authors. All rights reserved.
+// Copyright 2024 The Forgejo Authors.
 // SPDX-License-Identifier: MIT
 
 package context
@@ -184,8 +185,6 @@ func Contexter() func(next http.Handler) http.Handler {
 			ctx.Data["DisableForks"] = setting.Repository.DisableForks
 			ctx.Data["EnableActions"] = setting.Actions.Enabled
 
-			ctx.Data["ManifestData"] = setting.ManifestData
-
 			ctx.Data["UnitWikiGlobalDisabled"] = unit.TypeWiki.UnitGlobalDisabled()
 			ctx.Data["UnitIssuesGlobalDisabled"] = unit.TypeIssues.UnitGlobalDisabled()
 			ctx.Data["UnitPullsGlobalDisabled"] = unit.TypePullRequests.UnitGlobalDisabled()
diff --git a/templates/base/head.tmpl b/templates/base/head.tmpl
index af1467fb5c..12b41ac922 100644
--- a/templates/base/head.tmpl
+++ b/templates/base/head.tmpl
@@ -4,7 +4,7 @@
 	<meta name="viewport" content="width=device-width, initial-scale=1">
 	{{/* Display `- .Repository.FullName` only if `.Title` does not already start with that. */}}
 	<title>{{if .Title}}{{.Title}} - {{end}}{{if and (.Repository.Name) (not (StringUtils.HasPrefix .Title .Repository.FullName))}}{{.Repository.FullName}} - {{end}}{{AppDisplayName}}</title>
-	{{if .ManifestData}}<link rel="manifest" href="data:{{.ManifestData}}">{{end}}
+	<link rel="manifest" href="/manifest.json">
 	<meta name="author" content="{{if .Repository}}{{.Owner.Name}}{{else}}{{MetaAuthor}}{{end}}">
 	<meta name="description" content="{{if .Repository}}{{.Repository.Name}}{{if .Repository.Description}} - {{.Repository.Description}}{{end}}{{else}}{{MetaDescription}}{{end}}">
 	<meta name="keywords" content="{{MetaKeywords}}">
diff --git a/tests/integration/web_misc_test.go b/tests/integration/web_misc_test.go
new file mode 100644
index 0000000000..15b5e05fbd
--- /dev/null
+++ b/tests/integration/web_misc_test.go
@@ -0,0 +1,77 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"os"
+	"testing"
+
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+	"forgejo.org/modules/util"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestManifestJson(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user2")
+	req := NewRequest(t, "GET", "/manifest.json")
+	resp := session.MakeRequest(t, req, http.StatusOK)
+
+	data := make(map[string]any)
+	DecodeJSON(t, resp, &data)
+
+	assert.Equal(t, setting.AppName, data["name"])
+	assert.Equal(t, setting.AppName, data["short_name"])
+	assert.Equal(t, setting.AppURL, data["start_url"])
+	assert.NotContains(t, data, "display")
+}
+
+func TestManifestJsonStandalone(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	defer test.MockVariableValue(&setting.PWA.Standalone, true)()
+
+	session := loginUser(t, "user2")
+	req := NewRequest(t, "GET", "/manifest.json")
+	resp := session.MakeRequest(t, req, http.StatusOK)
+
+	data := make(map[string]any)
+	DecodeJSON(t, resp, &data)
+
+	assert.Equal(t, setting.AppName, data["name"])
+	assert.Equal(t, setting.AppName, data["short_name"])
+	assert.Equal(t, setting.AppURL, data["start_url"])
+	assert.Contains(t, data, "display")
+	assert.Equal(t, "standalone", data["display"])
+}
+
+func TestManifestJsonCustomFile(t *testing.T) {
+	require.NoError(t, os.MkdirAll(util.FilePathJoinAbs(setting.CustomPath, "public"), 0o777))
+	manifestPath := util.FilePathJoinAbs(setting.CustomPath, "public/manifest.json")
+	file, err := os.OpenFile(manifestPath, os.O_CREATE|os.O_RDWR, 0o777)
+	require.NoError(t, err)
+	_, err = file.Write([]byte(`{"name":"MyCustomJson"}`))
+	require.NoError(t, err)
+	require.NoError(t, file.Close())
+	defer os.Remove(manifestPath)
+
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user2")
+	req := NewRequest(t, "GET", "/manifest.json")
+	resp := session.MakeRequest(t, req, http.StatusOK)
+
+	data := make(map[string]any)
+	DecodeJSON(t, resp, &data)
+
+	assert.Equal(t, "MyCustomJson", data["name"])
+	assert.NotContains(t, data, "short_name")
+	assert.NotContains(t, data, "start_url")
+	assert.NotContains(t, data, "display")
+}

From 9c6169e868a55dc49ec0861a9a957ced9d920c1e Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 9 Jan 2026 19:33:38 +0100
Subject: [PATCH 122/854] chore: run renovate on v14 branch, remove v13
 (#10752)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10752
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 renovate.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/renovate.json b/renovate.json
index 6d75cc303c..ec84852076 100644
--- a/renovate.json
+++ b/renovate.json
@@ -9,7 +9,7 @@
   "baseBranchPatterns": [
     "$default",
     "/^v11\\.\\d+/forgejo$/",
-    "/^v13\\.\\d+/forgejo$/"
+    "/^v14\\.\\d+/forgejo$/"
   ],
   "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths", "npmDedupe"],
   "prConcurrentLimit": 10,

From 534e4e68ac51064e7f977279d9fc1984422c43bd Mon Sep 17 00:00:00 2001
From: elle <0xllx0@noreply.codeberg.org>
Date: Fri, 9 Jan 2026 23:53:06 +0100
Subject: [PATCH 123/854] chore: add @0xllx0 to federation codeowners (#10716)

Adds @0xllx0 as a maintainer + point-of-contact in the `CODEOWNERS` file for federation-related code.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10716
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: elle <0xllx0@noreply.codeberg.org>
Co-committed-by: elle <0xllx0@noreply.codeberg.org>
---
 CODEOWNERS | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/CODEOWNERS b/CODEOWNERS
index bb6f0578c2..c2459d4ab9 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -54,9 +54,9 @@ tests/integration/api_.* @Cyborus
 
 # Federation code, requires care to be taken with regards to interoperability
 # and backwards compatibility due to the way signatures work.
-services/federation/.* @famfo
-modules/forgefed/.* @famfo
-models/forgefed/.* @famfo
-routers/api/v1/activitypub/.* @famfo
-tests/integration/api_activitypub_.* @famfo
-tests/integration/activitypub_.* @famfo
+services/federation/.* @famfo @0xllx0
+modules/forgefed/.* @famfo @0xllx0
+models/forgefed/.* @famfo @0xllx0
+routers/api/v1/activitypub/.* @famfo @0xllx0
+tests/integration/api_activitypub_.* @famfo @0xllx0
+tests/integration/activitypub_.* @famfo @0xllx0

From 586e25bef0133109a4fe40764e38cb35f569cb11 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 10 Jan 2026 00:06:33 +0100
Subject: [PATCH 124/854] Update module golang.org/x/sys to v0.40.0 (forgejo)
 (#10740)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10740
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 291f83c6af..47a726b154 100644
--- a/go.mod
+++ b/go.mod
@@ -107,7 +107,7 @@ require (
 	golang.org/x/net v0.48.0
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.19.0
-	golang.org/x/sys v0.39.0
+	golang.org/x/sys v0.40.0
 	golang.org/x/text v0.32.0
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
diff --git a/go.sum b/go.sum
index 4d5f2d019e..345398580e 100644
--- a/go.sum
+++ b/go.sum
@@ -850,8 +850,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
-golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
+golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From 09713ab7a07a57c06a6bc64ffd68ebd19cc7af5e Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Sat, 10 Jan 2026 00:16:08 +0100
Subject: [PATCH 125/854] [skip ci] chore: Update pull request template
 regarding the release notes (#10707)

Closes forgejo/discussions#398

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10707
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
---
 .forgejo/pull_request_template.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/.forgejo/pull_request_template.md b/.forgejo/pull_request_template.md
index d30af48446..a0f74ae31d 100644
--- a/.forgejo/pull_request_template.md
+++ b/.forgejo/pull_request_template.md
@@ -28,6 +28,9 @@ The [contributor guide](https://forgejo.org/docs/next/contributor/) contains inf
 
 ### Release notes
 
-- [ ] I do not want this change to show in the release notes.
-- [ ] I want the title to show in the release notes with a link to this pull request.
-- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
+- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
+- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
+
+*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*
+
+The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

From c650039113f8d822478a91ac0832b1da7799c342 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 10 Jan 2026 00:43:35 +0100
Subject: [PATCH 126/854] Update module github.com/go-enry/go-enry/v2 to v2.9.3
 (forgejo) (#10724)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10724
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 47a726b154..c8c8efa174 100644
--- a/go.mod
+++ b/go.mod
@@ -48,7 +48,7 @@ require (
 	github.com/go-chi/chi/v5 v5.2.3
 	github.com/go-chi/cors v1.2.2
 	github.com/go-co-op/gocron v1.37.0
-	github.com/go-enry/go-enry/v2 v2.9.2
+	github.com/go-enry/go-enry/v2 v2.9.3
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-openapi/spec v0.22.3
 	github.com/go-sql-driver/mysql v1.9.3
diff --git a/go.sum b/go.sum
index 345398580e..ebc89a73bd 100644
--- a/go.sum
+++ b/go.sum
@@ -269,8 +269,8 @@ github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE=
 github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=
 github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY=
-github.com/go-enry/go-enry/v2 v2.9.2 h1:giOQAtCgBX08kosrX818DCQJTCNtKwoPBGu0qb6nKTY=
-github.com/go-enry/go-enry/v2 v2.9.2/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
+github.com/go-enry/go-enry/v2 v2.9.3 h1:sgAs50C0eDFl/NC4IGPTWQv2PsSEBULwBmdC4hkjiZY=
+github.com/go-enry/go-enry/v2 v2.9.3/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
 github.com/go-enry/go-oniguruma v1.2.1 h1:k8aAMuJfMrqm/56SG2lV9Cfti6tC4x8673aHCcBk+eo=
 github.com/go-enry/go-oniguruma v1.2.1/go.mod h1:bWDhYP+S6xZQgiRL7wlTScFYBe023B6ilRZbCAD5Hf4=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=

From d100b628032defdde900e432e8cbec7f7969e0c9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 10 Jan 2026 10:31:38 +0100
Subject: [PATCH 127/854] Update module github.com/alecthomas/chroma/v2 to
 v2.22.0 (forgejo) (#10762)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10762
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c8c8efa174..c95fbbb8e8 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/ProtonMail/go-crypto v1.3.0
 	github.com/PuerkitoBio/goquery v1.11.0
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2
-	github.com/alecthomas/chroma/v2 v2.21.1
+	github.com/alecthomas/chroma/v2 v2.22.0
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
 	github.com/blevesearch/bleve/v2 v2.5.6
 	github.com/buildkite/terminal-to-html/v3 v3.16.8
diff --git a/go.sum b/go.sum
index ebc89a73bd..e6a2a41e34 100644
--- a/go.sum
+++ b/go.sum
@@ -84,8 +84,8 @@ github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2/go.mod h1:JitQWJ8JuV4Y
 github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
 github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
 github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
-github.com/alecthomas/chroma/v2 v2.21.1 h1:FaSDrp6N+3pphkNKU6HPCiYLgm8dbe5UXIXcoBhZSWA=
-github.com/alecthomas/chroma/v2 v2.21.1/go.mod h1:NqVhfBR0lte5Ouh3DcthuUCTUpDC9cxBOfyMbMQPs3o=
+github.com/alecthomas/chroma/v2 v2.22.0 h1:PqEhf+ezz5F5owoDeOUKFzW+W3ZJDShNCaHg4sZuItI=
+github.com/alecthomas/chroma/v2 v2.22.0/go.mod h1:NqVhfBR0lte5Ouh3DcthuUCTUpDC9cxBOfyMbMQPs3o=
 github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
 github.com/alecthomas/repr v0.5.2 h1:SU73FTI9D1P5UNtvseffFSGmdNci/O6RsqzeXJtP0Qs=
 github.com/alecthomas/repr v0.5.2/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=

From 970b0da24d93a232fcadd8547cba7b93147ff105 Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Sat, 10 Jan 2026 10:44:59 +0100
Subject: [PATCH 128/854] fix: internal server error on a large .gitmodules
 (#10744)

Fix #10714 (introduced in #8438) by silently ignoring large .gitmodules files.

Additionally:
- the limit was bumped from 10KB to 64KB (https://github.com/boostorg/boost/blob/master/.gitmodules has 20KB)
- a warning is shown on the .gitmodules view page if this limit is exceeded

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10744
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
---
 .deadcode-out                           |   1 +
 modules/git/blob.go                     |  31 ++++--
 modules/git/submodule.go                |   9 +-
 options/locale_next/locale_en-US.json   |   1 +
 routers/web/repo/view.go                |   4 +
 services/repository/files/update.go     |  27 ++---
 tests/integration/repo_generate_test.go |   4 +-
 tests/integration/repo_test.go          | 138 +++++++++++++++++++-----
 8 files changed, 166 insertions(+), 49 deletions(-)

diff --git a/.deadcode-out b/.deadcode-out
index f71ef41ea2..20f13a03a1 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -238,6 +238,7 @@ forgejo.org/services/repository
 
 forgejo.org/services/repository/files
 	ContentType.String
+	RepoFileOptionMode
 
 forgejo.org/services/repository/gitgraph
 	Parser.Reset
diff --git a/modules/git/blob.go b/modules/git/blob.go
index e2dc624e86..020a591a23 100644
--- a/modules/git/blob.go
+++ b/modules/git/blob.go
@@ -141,6 +141,28 @@ func (b *Blob) Name() string {
 	return b.name
 }
 
+// NewReader return a blob-reader which fails immediately with [BlobTooLargeError] if the file is bigger than the limit
+func (b *Blob) NewReader(limit int64) (rc io.ReadCloser, actualSize int64, err error) {
+	actualSize = b.Size()
+	if actualSize > limit {
+		return nil, actualSize, BlobTooLargeError{
+			Size:  actualSize,
+			Limit: limit,
+		}
+	}
+	r, _, cancel, err := b.newReader()
+	if err != nil {
+		return nil, actualSize, err
+	}
+
+	return &blobReader{
+		rd:                r,
+		n:                 actualSize,
+		additionalDiscard: 0,
+		cancel:            cancel,
+	}, actualSize, nil
+}
+
 // NewTruncatedReader return a blob-reader which silently truncates when the limit is reached (io.EOF will be returned)
 func (b *Blob) NewTruncatedReader(limit int64) (rc io.ReadCloser, fullSize int64, err error) {
 	r, fullSize, cancel, err := b.newReader()
@@ -168,14 +190,7 @@ func (b BlobTooLargeError) Error() string {
 // GetContentBase64 Reads the content of the blob and returns it as base64 encoded string.
 // Returns [BlobTooLargeError] if the (unencoded) content is larger than the limit.
 func (b *Blob) GetContentBase64(limit int64) (string, error) {
-	if b.Size() > limit {
-		return "", BlobTooLargeError{
-			Size:  b.Size(),
-			Limit: limit,
-		}
-	}
-
-	rc, size, err := b.NewTruncatedReader(limit)
+	rc, size, err := b.NewReader(limit)
 	if err != nil {
 		return "", err
 	}
diff --git a/modules/git/submodule.go b/modules/git/submodule.go
index 4ea97d66eb..3d05657478 100644
--- a/modules/git/submodule.go
+++ b/modules/git/submodule.go
@@ -5,6 +5,7 @@
 package git
 
 import (
+	"errors"
 	"fmt"
 	"io"
 	"net"
@@ -19,6 +20,8 @@ import (
 	"gopkg.in/ini.v1" //nolint:depguard // used to read .gitmodules
 )
 
+const MaxGitmodulesFileSize = 64 * 1024
+
 // GetSubmodule returns the Submodule of a given path
 func (c *Commit) GetSubmodule(path string, entry *TreeEntry) (Submodule, error) {
 	err := c.readSubmodules()
@@ -55,8 +58,12 @@ func (c *Commit) readSubmodules() error {
 		return err
 	}
 
-	rc, _, err := entry.Blob().NewTruncatedReader(10 * 1024)
+	rc, _, err := entry.Blob().NewReader(MaxGitmodulesFileSize)
 	if err != nil {
+		if errors.As(err, &BlobTooLargeError{}) {
+			c.submodules = make(map[string]Submodule)
+			return nil
+		}
 		return err
 	}
 	defer rc.Close()
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 39d4444b51..b786e14131 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -88,6 +88,7 @@
 	"repo.pulls.maintainers_can_edit": "Maintainers can edit this pull request.",
 	"repo.pulls.maintainers_cannot_edit": "Maintainers cannot edit this pull request.",
 	"repo.form.cannot_create": "All spaces in which you can create repositories have reached the limit of repositories.",
+	"repo.view.gitmodules_too_large": "The .gitmodules file is too large and will be ignored (on API calls for instance)",
 	"migrate.form.error.url_credentials": "The URL contains credentials, put them in the username and password fields respectively",
 	"migrate.github.description": "Migrate data from github.com or GitHub Enterprise server.",
 	"migrate.git.description": "Migrate a repository only from any Git service.",
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index 74ed38de65..4d44a485b9 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -445,6 +445,10 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry) {
 				ctx.Data["FileWarning"] = strings.Join(warnings, "\n")
 			}
 		}
+	} else if ctx.Repo.TreePath == ".gitmodules" {
+		if fInfo.fileSize > git.MaxGitmodulesFileSize {
+			ctx.Data["FileWarning"] = ctx.Locale.Tr("repo.view.gitmodules_too_large")
+		}
 	}
 
 	isDisplayingSource := ctx.FormString("display") == "source"
diff --git a/services/repository/files/update.go b/services/repository/files/update.go
index f45ed384e7..9c2fde1c0e 100644
--- a/services/repository/files/update.go
+++ b/services/repository/files/update.go
@@ -43,7 +43,6 @@ type ChangeRepoFile struct {
 	ContentReader io.ReadSeeker
 	SHA           string
 	Options       *RepoFileOptions
-	Symlink       bool
 }
 
 // ChangeRepoFilesOptions holds the repository files update options
@@ -62,8 +61,13 @@ type ChangeRepoFilesOptions struct {
 type RepoFileOptions struct {
 	treePath     string
 	fromTreePath string
-	executable   bool
-	symlink      bool
+	entryMode    git.EntryMode
+}
+
+func RepoFileOptionMode(entryMode git.EntryMode) *RepoFileOptions {
+	return &RepoFileOptions{
+		entryMode: entryMode,
+	}
 }
 
 // ChangeRepoFiles adds, updates or removes multiple files in the given repository
@@ -114,11 +118,14 @@ func ChangeRepoFiles(ctx context.Context, repo *repo_model.Repository, doer *use
 			}
 		}
 
+		mode := git.EntryModeBlob
+		if file.Options != nil && file.Options.entryMode != 0 {
+			mode = file.Options.entryMode
+		}
 		file.Options = &RepoFileOptions{
 			treePath:     treePath,
 			fromTreePath: fromTreePath,
-			executable:   false,
-			symlink:      file.Symlink,
+			entryMode:    mode,
 		}
 		treePaths = append(treePaths, treePath)
 	}
@@ -320,7 +327,7 @@ func handleCheckErrors(file *ChangeRepoFile, actualBaseCommit *git.Commit, lastK
 			// haven't been made. We throw an error if one wasn't provided.
 			return models.ErrSHAOrCommitIDNotProvided{}
 		}
-		file.Options.executable = fromEntry.IsExecutable()
+		file.Options.entryMode = fromEntry.Mode()
 	}
 	if file.Operation == "create" || file.Operation == "update" {
 		// For the path where this file will be created/updated, we need to make
@@ -430,13 +437,7 @@ func CreateOrUpdateFile(ctx context.Context, t *TemporaryUploadRepository, file
 	}
 
 	// Add the object to the index
-	mode := "100644" // regular file
-	if file.Options.executable {
-		mode = "100755"
-	} else if file.Options.symlink {
-		mode = "120644"
-	}
-	if err := t.AddObjectToIndex(mode, objectHash, file.Options.treePath); err != nil {
+	if err := t.AddObjectToIndex(file.Options.entryMode.String(), objectHash, file.Options.treePath); err != nil {
 		return err
 	}
 
diff --git a/tests/integration/repo_generate_test.go b/tests/integration/repo_generate_test.go
index 22c2cc1633..af3415566a 100644
--- a/tests/integration/repo_generate_test.go
+++ b/tests/integration/repo_generate_test.go
@@ -343,7 +343,7 @@ func TestRepoGenerateTemplatingSymlink(t *testing.T) {
 							Operation:     "create",
 							TreePath:      "problem/Readme.md",
 							ContentReader: strings.NewReader(tc.symlinkTarget),
-							Symlink:       true,
+							Options:       files_service.RepoFileOptionMode(git.EntryModeSymlink),
 						},
 					}),
 				})
@@ -420,7 +420,7 @@ func TestRepoGenerateTemplatingSymlinkGlobFile(t *testing.T) {
 					Operation:     "create",
 					TreePath:      ".forgejo/template",
 					ContentReader: strings.NewReader("/etc/passwd"),
-					Symlink:       true,
+					Options:       files_service.RepoFileOptionMode(git.EntryModeSymlink),
 				},
 			}),
 		})
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index 159363668d..c7bfad32bd 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -1551,42 +1551,130 @@ func TestRepoIssueFilterLinks(t *testing.T) {
 func TestRepoSubmoduleView(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-		repo, _, f := tests.CreateDeclarativeRepo(t, user2, "", []unit_model.Type{unit_model.TypeCode}, nil, nil)
-		defer f()
+		t.Run("FromGit", func(t *testing.T) {
+			repo, _, f := tests.CreateDeclarativeRepo(t, user2, "", []unit_model.Type{unit_model.TypeCode}, nil, nil)
+			defer f()
 
-		// Clone the repository, add a submodule and push it.
-		dstPath := t.TempDir()
+			// Clone the repository, add a submodule and push it.
+			dstPath := t.TempDir()
 
-		uClone := *u
-		uClone.Path = repo.FullName()
-		uClone.User = url.UserPassword(user2.Name, userPassword)
+			uClone := *u
+			uClone.Path = repo.FullName()
+			uClone.User = url.UserPassword(user2.Name, userPassword)
 
-		t.Run("Clone", doGitClone(dstPath, &uClone))
+			t.Run("Clone", doGitClone(dstPath, &uClone))
 
-		_, _, err := git.NewCommand(git.DefaultContext, "submodule", "add").AddDynamicArguments(u.JoinPath("/user2/repo1").String()).RunStdString(&git.RunOpts{Dir: dstPath})
-		require.NoError(t, err)
+			_, _, err := git.NewCommand(git.DefaultContext, "submodule", "add").AddDynamicArguments(u.JoinPath("/user2/repo1").String()).RunStdString(&git.RunOpts{Dir: dstPath})
+			require.NoError(t, err)
 
-		_, _, err = git.NewCommand(git.DefaultContext, "add", "repo1", ".gitmodules").RunStdString(&git.RunOpts{Dir: dstPath})
-		require.NoError(t, err)
+			_, _, err = git.NewCommand(git.DefaultContext, "add", "repo1", ".gitmodules").RunStdString(&git.RunOpts{Dir: dstPath})
+			require.NoError(t, err)
 
-		_, _, err = git.NewCommand(git.DefaultContext, "commit", "-m", "add submodule").RunStdString(&git.RunOpts{Dir: dstPath})
-		require.NoError(t, err)
+			_, _, err = git.NewCommand(git.DefaultContext, "commit", "-m", "add submodule").RunStdString(&git.RunOpts{Dir: dstPath})
+			require.NoError(t, err)
 
-		_, _, err = git.NewCommand(git.DefaultContext, "push").RunStdString(&git.RunOpts{Dir: dstPath})
-		require.NoError(t, err)
+			_, _, err = git.NewCommand(git.DefaultContext, "push").RunStdString(&git.RunOpts{Dir: dstPath})
+			require.NoError(t, err)
 
-		// Check that the submodule entry exist and the link is correct.
-		req := NewRequest(t, "GET", "/"+repo.FullName())
-		resp := MakeRequest(t, req, http.StatusOK)
+			// Check that the submodule entry exist and the link is correct.
+			req := NewRequest(t, "GET", "/"+repo.FullName())
+			resp := MakeRequest(t, req, http.StatusOK)
 
-		htmlDoc := NewHTMLParser(t, resp.Body)
-		htmlDoc.AssertElement(t, fmt.Sprintf(`tr[data-entryname="repo1"] a[href="%s"]`, u.JoinPath("/user2/repo1").String()), true)
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			htmlDoc.AssertElement(t, fmt.Sprintf(`tr[data-entryname="repo1"] a[href="%s"]`, u.JoinPath("/user2/repo1").String()), true)
 
-		// Check that a link to the submodule returns a redirect and that the redirect link is correct.
-		req = NewRequest(t, "GET", "/"+repo.FullName()+"/src/branch/"+repo.DefaultBranch+"/repo1")
-		resp = MakeRequest(t, req, http.StatusSeeOther)
+			// Check that a link to the submodule returns a redirect and that the redirect link is correct.
+			req = NewRequest(t, "GET", "/"+repo.FullName()+"/src/branch/"+repo.DefaultBranch+"/repo1")
+			resp = MakeRequest(t, req, http.StatusSeeOther)
 
-		assert.Equal(t, u.JoinPath("/user2/repo1").String(), resp.Header().Get("Location"))
+			assert.Equal(t, u.JoinPath("/user2/repo1").String(), resp.Header().Get("Location"))
+		})
+
+		t.Run("Declarative", func(t *testing.T) {
+			repo, _, f := tests.CreateDeclarativeRepo(t, user2, "", []unit_model.Type{unit_model.TypeCode}, nil, []*files_service.ChangeRepoFile{
+				{
+					Operation: "create",
+					TreePath:  ".gitmodules",
+					ContentReader: strings.NewReader(`[submodule "relative-module"]
+  path = relative-module
+  url = https://git.example.org/submodule.git
+`),
+				}, {
+					Operation:     "create",
+					TreePath:      "relative-module",
+					FromTreePath:  "",
+					ContentReader: nil,
+					SHA:           "95601d16476a",
+					Options:       files_service.RepoFileOptionMode(git.EntryModeCommit),
+				},
+			})
+			defer f()
+
+			// Check that the submodule entry exist and the link is correct.
+			req := NewRequest(t, "GET", "/"+repo.FullName())
+			resp := MakeRequest(t, req, http.StatusOK)
+
+			expectedDst := "https://git.example.org/submodule"
+			htmlDoc := NewHTMLParser(t, resp.Body)
+
+			href, ok := htmlDoc.Find(`tr[data-entryname="relative-module"] a`).Attr("href")
+			assert.True(t, ok, "could not find entry 'relative-module' in file list")
+			assert.Equal(t, expectedDst, href)
+
+			// Check that a link to the submodule returns a redirect and that the redirect link is correct.
+			req = NewRequest(t, "GET", "/"+repo.FullName()+"/src/branch/"+repo.DefaultBranch+"/relative-module")
+			resp = MakeRequest(t, req, http.StatusSeeOther)
+
+			assert.Equal(t, expectedDst, resp.Header().Get("Location"))
+		})
+
+		t.Run("SubmodulesFileTooBig", func(t *testing.T) {
+			repo, _, f := tests.CreateDeclarativeRepo(t, user2, "", []unit_model.Type{unit_model.TypeCode}, nil, []*files_service.ChangeRepoFile{
+				{
+					Operation: "create",
+					TreePath:  ".gitmodules",
+					ContentReader: strings.NewReader(strings.Repeat("#", git.MaxGitmodulesFileSize-5) + // ensure that the partial read is invalid
+						`
+[submodule "relative-module"]
+  path = relative-module
+  url = https://git.example.org/submodule.git
+`),
+				}, {
+					Operation:     "create",
+					TreePath:      "relative-module",
+					FromTreePath:  "",
+					ContentReader: nil,
+					SHA:           "95601d16476a",
+					Options:       files_service.RepoFileOptionMode(git.EntryModeCommit),
+				},
+			})
+			defer f()
+
+			// Check that the submodule entry exist and the link is correct.
+			req := NewRequest(t, "GET", "/"+repo.FullName())
+			resp := MakeRequest(t, req, http.StatusOK)
+
+			htmlDoc := NewHTMLParser(t, resp.Body)
+
+			_, ok := htmlDoc.Find(`tr[data-entryname="relative-module"] td.name a`).Attr("href")
+			assert.False(t, ok, "should not find a link to 'relative-module' in file list")
+
+			// Check that a link to the submodule returns a redirect and that the redirect link is correct.
+			req = NewRequest(t, "GET", "/"+repo.FullName()+"/src/branch/"+repo.DefaultBranch+"/relative-module")
+			resp = MakeRequest(t, req, http.StatusSeeOther)
+
+			assert.Equal(t, "/"+repo.FullName()+"/src/branch/"+repo.DefaultBranch+"/", resp.Header().Get("Location"))
+
+			// Check that a warning is present
+			req = NewRequest(t, "GET", "/"+repo.FullName()+"/src/branch/"+repo.DefaultBranch+"/.gitmodules")
+			resp = MakeRequest(t, req, http.StatusOK)
+
+			htmlDoc = NewHTMLParser(t, resp.Body)
+
+			warn, err := htmlDoc.Find(`.non-diff-file-content .warning`).Html()
+			require.NoError(t, err)
+			assert.NotEmpty(t, warn)
+		})
 	})
 }
 

From 6eed310ae6288ae232fdb51f7ef6755c6da942f0 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 10 Jan 2026 14:07:51 +0100
Subject: [PATCH 129/854] Update https://data.forgejo.org/actions/setup-forgejo
 action to v3.1.0 (forgejo) (#10761)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10761
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 6461d456d4..a28a6ee29d 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -29,7 +29,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.0.7
+        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.0
         with:
           user: root
           password: admin1234

From ba2a6fbc41c43512d6482faa1530f6ce542df8e5 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sat, 10 Jan 2026 16:40:00 +0100
Subject: [PATCH 130/854] fix: disable actions endpoints of repository if
 actions are disabled (#10726)

Some HTTP API endpoints related to Actions, like `/api/v1/repos/{owner}/{repository}/actions/runners`, were not disabled if Actions had been disabled on a repository. With this change, all endpoints related to Actions will be disabled if Actions are disabled.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10726
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 routers/api/v1/api.go                        | 16 +++++++---
 tests/integration/api_repo_actions_test.go   | 23 +++++++++++++++
 tests/integration/api_repo_secrets_test.go   | 26 ++++++++++++++++
 tests/integration/api_repo_variables_test.go | 31 ++++++++++++++++++++
 4 files changed, 92 insertions(+), 4 deletions(-)

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index b7bb74e558..d428294036 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -436,9 +436,16 @@ func reqSiteAdmin() func(ctx *context.APIContext) {
 	}
 }
 
-// reqOwner user should be the owner of the repo or site admin.
-func reqOwner() func(ctx *context.APIContext) {
+// reqOwner requires that the current user is either the owner of the repository or an administrator. If one or more
+// unitTypes are given, it also requires that at least one the respective unitTypes is enabled.
+func reqOwner(unitTypes ...unit.Type) func(ctx *context.APIContext) {
 	return func(ctx *context.APIContext) {
+		if len(unitTypes) > 0 && !slices.ContainsFunc(unitTypes, func(unitType unit.Type) bool {
+			return ctx.Repo.Repository.UnitEnabled(ctx, unitType)
+		}) {
+			ctx.NotFound()
+			return
+		}
 		if !ctx.Repo.IsOwner() && !ctx.IsUserSiteAdmin() {
 			ctx.Error(http.StatusForbidden, "reqOwner", "user should be the owner of the repo")
 			return
@@ -466,7 +473,8 @@ func reqAdmin() func(ctx *context.APIContext) {
 	}
 }
 
-// reqRepoWriter user should have a permission to write to a repo, or be a site admin
+// reqRepoWriter requires that the current user has permission to write to a repository or that it is an administrator.
+// One or more unitTypes have to be specified, and at least one of them has to be enabled.
 func reqRepoWriter(unitTypes ...unit.Type) func(ctx *context.APIContext) {
 	return func(ctx *context.APIContext) {
 		if !slices.ContainsFunc(unitTypes, func(unitType unit.Type) bool {
@@ -1145,7 +1153,7 @@ func Routes() *web.Route {
 				}, reqToken())
 				addActionsRoutes(
 					m,
-					reqOwner(),
+					reqOwner(unit.TypeActions),
 					repo.NewAction(),
 				)
 				m.Group("/hooks/git", func() {
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index d12691b117..44d0cb2873 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -13,6 +13,7 @@ import (
 
 	actions_model "forgejo.org/models/actions"
 	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
 	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
@@ -20,6 +21,7 @@ import (
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/webhook"
 	"forgejo.org/routers/api/v1/shared"
+	repo_service "forgejo.org/services/repository"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
@@ -545,4 +547,25 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 
 		assert.Equal(t, "token does not have at least one of required scope(s): [write:repository]", errorMessage.Message)
 	})
+
+	t.Run("Endpoints disabled if Actions disabled", func(t *testing.T) {
+		repository, _, cleanUp := tests.CreateDeclarativeRepo(t, user2, "no-actions",
+			[]unit_model.Type{unit_model.TypeCode, unit_model.TypeActions}, []unit_model.Type{}, nil)
+		defer cleanUp()
+
+		requestURL := fmt.Sprintf("/api/v1/repos/%s/actions/runners", repository.FullName())
+
+		request := NewRequest(t, "GET", requestURL)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusOK)
+
+		enabledUnits := []repo_model.RepoUnit{{RepoID: repository.ID, Type: unit_model.TypeCode}}
+		disabledUnits := []unit_model.Type{unit_model.TypeActions}
+		err := repo_service.UpdateRepositoryUnits(db.DefaultContext, repository, enabledUnits, disabledUnits)
+		require.NoError(t, err)
+
+		request = NewRequest(t, "GET", requestURL)
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusNotFound)
+	})
 }
diff --git a/tests/integration/api_repo_secrets_test.go b/tests/integration/api_repo_secrets_test.go
index a2c9439f03..3da4412dde 100644
--- a/tests/integration/api_repo_secrets_test.go
+++ b/tests/integration/api_repo_secrets_test.go
@@ -9,11 +9,16 @@ import (
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
+	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	api "forgejo.org/modules/structs"
+	repo_service "forgejo.org/services/repository"
 	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/require"
 )
 
 func TestAPIRepoSecrets(t *testing.T) {
@@ -109,4 +114,25 @@ func TestAPIRepoSecrets(t *testing.T) {
 			AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusBadRequest)
 	})
+
+	t.Run("Endpoints disabled if Actions disabled", func(t *testing.T) {
+		repository, _, cleanUp := tests.CreateDeclarativeRepo(t, user, "no-actions",
+			[]unit_model.Type{unit_model.TypeCode, unit_model.TypeActions}, []unit_model.Type{}, nil)
+		defer cleanUp()
+
+		getURL := fmt.Sprintf("/api/v1/repos/%s/actions/secrets", repository.FullName())
+
+		getRequest := NewRequest(t, "GET", getURL)
+		getRequest.AddTokenAuth(token)
+		MakeRequest(t, getRequest, http.StatusOK)
+
+		enabledUnits := []repo_model.RepoUnit{{RepoID: repository.ID, Type: unit_model.TypeCode}}
+		disabledUnits := []unit_model.Type{unit_model.TypeActions}
+		err := repo_service.UpdateRepositoryUnits(db.DefaultContext, repository, enabledUnits, disabledUnits)
+		require.NoError(t, err)
+
+		getRequest = NewRequest(t, "GET", getURL)
+		getRequest.AddTokenAuth(token)
+		MakeRequest(t, getRequest, http.StatusNotFound)
+	})
 }
diff --git a/tests/integration/api_repo_variables_test.go b/tests/integration/api_repo_variables_test.go
index 27401dcdd3..9330ca6d7e 100644
--- a/tests/integration/api_repo_variables_test.go
+++ b/tests/integration/api_repo_variables_test.go
@@ -9,13 +9,17 @@ import (
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
+	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	api "forgejo.org/modules/structs"
+	repo_service "forgejo.org/services/repository"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestAPIRepoVariablesTestCreateRepositoryVariable(t *testing.T) {
@@ -234,3 +238,30 @@ func TestAPIRepoVariablesGetAllRepositoryVariables(t *testing.T) {
 	assert.Equal(t, "SECOND", actionVariables[1].Name)
 	assert.Equal(t, "Dolor sit amet", actionVariables[1].Data)
 }
+
+func TestAPIRepoVariablesEndpointsDisabledIfActionsDisabled(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	session := loginUser(t, user2.Name)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+	repository, _, cleanUp := tests.CreateDeclarativeRepo(t, user2, "no-actions",
+		[]unit_model.Type{unit_model.TypeCode, unit_model.TypeActions}, []unit_model.Type{}, nil)
+	defer cleanUp()
+
+	getURL := fmt.Sprintf("/api/v1/repos/%s/actions/variables", repository.FullName())
+
+	getRequest := NewRequest(t, "GET", getURL)
+	getRequest.AddTokenAuth(token)
+	MakeRequest(t, getRequest, http.StatusOK)
+
+	enabledUnits := []repo_model.RepoUnit{{RepoID: repository.ID, Type: unit_model.TypeCode}}
+	disabledUnits := []unit_model.Type{unit_model.TypeActions}
+	err := repo_service.UpdateRepositoryUnits(db.DefaultContext, repository, enabledUnits, disabledUnits)
+	require.NoError(t, err)
+
+	getRequest = NewRequest(t, "GET", getURL)
+	getRequest.AddTokenAuth(token)
+	MakeRequest(t, getRequest, http.StatusNotFound)
+}

From 270317a3ad28562f84b0fe65c0a32a69d74e3a3d Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 10 Jan 2026 23:15:21 +0100
Subject: [PATCH 131/854] fix: add `forgejo doctor cleanup-commit-status`
 command (#10686)

```
NAME:
   forgejo doctor cleanup-commit-status - Cleanup extra records in commit_status table

USAGE:
   forgejo doctor cleanup-commit-status

DESCRIPTION:
   Forgejo suffered from a bug which caused the creation of more entries in the
   "commit_status" table than necessary. This operation removes the redundant
   data caused by the bug. Removing this data is almost always safe.
   These reundant records can be accessed by users through the API, making it
   possible, but unlikely, that removing it could have an impact to
   integrating services (API: /repos/{owner}/{repo}/commits/{ref}/statuses).

   It is safe to run while Forgejo is online.

   On very large Forgejo instances, the performance of operation will improve
   if the buffer-size option is used with large values. Approximately 130 MB of
   memory is required for every 100,000 records in the buffer.

   Bug reference: https://codeberg.org/forgejo/forgejo/issues/10671

OPTIONS:
   --help, -h                       show help
   --custom-path string, -C string  Set custom path (defaults to '{WorkPath}/custom')
   --config string, -c string       Set custom config file (defaults to '{WorkPath}/custom/conf/app.ini')
   --work-path string, -w string    Set Forgejo's working path (defaults to the directory of the Forgejo binary)
   --verbose, -V                    Show process details
   --dry-run                        Report statistics from the operation but do not modify the database
   --buffer-size int                Record count per query while iterating records; larger values are typically faster but use more memory (default: 100000)
   --delete-chunk-size int          Number of records to delete per DELETE query (default: 1000)
```

The cleanup effectively performs `SELECT * FROM commit_status ORDER BY repo_id, sha, context, index, id`, and iterates through the records.  Whenever `index, id` changes without the other fields changing, then it's a useless record that can be deleted.  The major complication is doing that at scale without bringing the entire database table into memory, which is performed through a new iteration method `IterateByKeyset`.

Manually tested against a 455,303 record table in PostgreSQL, MySQL, and SQLite, which was reduced to 10,781 records, dropping 97.5% of the records.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10686
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 cmd/doctor.go                                 |  66 +++++++++
 models/db/iterate.go                          | 122 ++++++++++++++++
 models/db/iterate_test.go                     |  30 +++-
 .../TestCleanupCommitStatus/commit_status.yml | 135 ++++++++++++++++++
 models/git/commit_status.go                   |  65 +++++++++
 models/git/commit_status_test.go              |  43 ++++++
 6 files changed, 460 insertions(+), 1 deletion(-)
 create mode 100644 models/git/TestCleanupCommitStatus/commit_status.yml

diff --git a/cmd/doctor.go b/cmd/doctor.go
index f557481110..f7636013a6 100644
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -15,6 +15,7 @@ import (
 	"text/tabwriter"
 
 	"forgejo.org/models/db"
+	git_model "forgejo.org/models/git"
 	"forgejo.org/models/gitea_migrations"
 	migrate_base "forgejo.org/models/gitea_migrations/base"
 	repo_model "forgejo.org/models/repo"
@@ -41,6 +42,7 @@ func cmdDoctor() *cli.Command {
 			cmdRecreateTable(),
 			cmdDoctorConvert(),
 			cmdAvatarStripExif(),
+			cmdCleanupCommitStatuses(),
 		},
 	}
 }
@@ -115,6 +117,54 @@ func cmdAvatarStripExif() *cli.Command {
 	}
 }
 
+func cmdCleanupCommitStatuses() *cli.Command {
+	return &cli.Command{
+		Name:  "cleanup-commit-status",
+		Usage: "Cleanup extra records in commit_status table",
+		Description: `Forgejo suffered from a bug which caused the creation of more entries in the
+"commit_status" table than necessary. This operation removes the redundant
+data caused by the bug. Removing this data is almost always safe.
+These reundant records can be accessed by users through the API, making it
+possible, but unlikely, that removing it could have an impact to
+integrating services (API: /repos/{owner}/{repo}/commits/{ref}/statuses).
+
+It is safe to run while Forgejo is online.
+
+On very large Forgejo instances, the performance of operation will improve
+if the buffer-size option is used with large values. Approximately 130 MB of
+memory is required for every 100,000 records in the buffer.
+
+Bug reference: https://codeberg.org/forgejo/forgejo/issues/10671
+`,
+
+		Before: multipleBefore(noDanglingArgs, PrepareConsoleLoggerLevel(log.INFO)),
+		Action: runCleanupCommitStatus,
+		Flags: []cli.Flag{
+			&cli.BoolFlag{
+				Name:    "verbose",
+				Aliases: []string{"V"},
+				Usage:   "Show process details",
+			},
+			&cli.BoolFlag{
+				Name:  "dry-run",
+				Usage: "Report statistics from the operation but do not modify the database",
+			},
+			&cli.IntFlag{
+				Name:  "buffer-size",
+				Usage: "Record count per query while iterating records; larger values are typically faster but use more memory",
+				// See IterateByKeyset's documentation for performance notes which led to the choice of the default
+				// buffer size for this operation.
+				Value: 100000,
+			},
+			&cli.IntFlag{
+				Name:  "delete-chunk-size",
+				Usage: "Number of records to delete per DELETE query",
+				Value: 1000,
+			},
+		},
+	}
+}
+
 func runRecreateTable(stdCtx context.Context, ctx *cli.Command) error {
 	stdCtx, cancel := installSignals(stdCtx)
 	defer cancel()
@@ -322,3 +372,19 @@ func runAvatarStripExif(ctx context.Context, c *cli.Command) error {
 
 	return nil
 }
+
+func runCleanupCommitStatus(ctx context.Context, cli *cli.Command) error {
+	ctx, cancel := installSignals(ctx)
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	bufferSize := cli.Int("buffer-size")
+	deleteChunkSize := cli.Int("delete-chunk-size")
+	dryRun := cli.Bool("dry-run")
+	log.Debug("bufferSize = %d, deleteChunkSize = %d, dryRun = %v", bufferSize, deleteChunkSize, dryRun)
+
+	return git_model.CleanupCommitStatus(ctx, bufferSize, deleteChunkSize, dryRun)
+}
diff --git a/models/db/iterate.go b/models/db/iterate.go
index 5e30b5e8bc..d2315cb12c 100644
--- a/models/db/iterate.go
+++ b/models/db/iterate.go
@@ -5,8 +5,10 @@ package db
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"reflect"
+	"strings"
 
 	"forgejo.org/modules/setting"
 
@@ -84,3 +86,123 @@ func extractFieldValue(bean any, fieldName string) any {
 	field := v.FieldByName(fieldName)
 	return field.Interface()
 }
+
+// IterateByKeyset iterates all the records on a database (matching the provided condition) in the order of specified
+// order fields, and invokes the provided handler function for each record. It is safe to UPDATE or DELETE the record in
+// the handler function, as long as the order fields are not mutated on the record (which could cause records to be
+// missed or iterated multiple times).
+//
+// Assuming order fields a, b, and c, then database queries will be performed as "SELECT * FROM table WHERE (a, b, c) >
+// (last_a, last_b, last_c) ORDER BY a, b, c LIMIT buffer_size" repeatedly until the query returns no records (except
+// the first query will have no WHERE clause).
+//
+// Critical requirements for proper usage:
+//
+// - the order fields encompass at least one UNIQUE or PRIMARY KEY constraint of the table to ensure that records are
+// not duplicated -- for example, if the table has a unique index covering `(repo_id, index)`, then it would be safe to
+// use this function as long as both fields (in either order) are provided as order fields.
+//
+// - none of the order fields may have NULL values in them, as the `=` and `>` comparisons being performed by the
+// iterative queries will not operate on these records consistently as they do with other values.
+//
+// This implementation could be a much simpler streaming scan of the query results, except that doesn't permit making
+// any additional database queries or data modifications in the target function -- SQLite cannot write while holding a
+// read lock. Buffering pages of data in-memory avoids that issue.
+//
+// Performance:
+//
+// - High performance will result from an alignment of an index on the table with the order fields, in the same field
+// order, even if additional ordering fields could be provided after the index fields. In the absence of this index
+// alignment, it is reasonable to expect that every extra page of data accessed will require a query that will perform
+// an index scan (if available) or sequential scan of the target table. In testing on the `commit_status` table with
+// 455k records, a fully index-supported ordering allowed each query page to execute in 0.18ms, as opposed to 80ms
+// per-query without matching supporting index.
+//
+// - In the absence of a matching index, slower per-query performance can be compensated with a larger `batchSize`
+// parameter, which controls how many records to fetch at once and therefore reduces the number of queries required.
+// This requires more memory. Similar `commit_status` table testing showed these stats for iteration time and memory
+// usage for different buffer sizes; specifics will vary depending on the target table:
+//   - buffer size = 1,000,000 - iterates in 2.8 seconds, consumes 363 MB of RAM
+//   - buffer size = 100,000 - iterates in 3.5 seconds, consume 130 MB of RAM
+//   - buffer size = 10,000 - iterates in 7.1 seconds, consumes 59 MB of RAM
+//   - buffer size = 1,000 - iterates in 33.9 seconds, consumes 42 MB of RAM
+func IterateByKeyset[Bean any](ctx context.Context, cond builder.Cond, orderFields []string, batchSize int, f func(ctx context.Context, bean *Bean) error) error {
+	var dummy Bean
+
+	if len(orderFields) == 0 {
+		return errors.New("orderFields must be provided")
+	}
+
+	table, err := TableInfo(&dummy)
+	if err != nil {
+		return fmt.Errorf("unable to fetch table info for bean %v: %w", dummy, err)
+	}
+	goFieldNames := make([]string, len(orderFields))
+	for i, f := range orderFields {
+		goFieldNames[i] = table.GetColumn(f).FieldName
+	}
+	sqlFieldNames := make([]string, len(orderFields))
+	for i, f := range orderFields {
+		// Support field names like "index" which need quoting in builder.Cond & OrderBy
+		sqlFieldNames[i] = x.Dialect().Quoter().Quote(f)
+	}
+
+	var lastKey []any
+
+	// For the order fields, generate clauses (a, b, c) and (?, ?, ?) which will be used in the WHERE clause when
+	// reading additional pages of data.
+	rowValue := strings.Builder{}
+	rowParameterValue := strings.Builder{}
+	rowValue.WriteString("(")
+	rowParameterValue.WriteString("(")
+	for i, f := range sqlFieldNames {
+		rowValue.WriteString(f)
+		rowParameterValue.WriteString("?")
+		if i != len(sqlFieldNames)-1 {
+			rowValue.WriteString(", ")
+			rowParameterValue.WriteString(", ")
+		}
+	}
+	rowValue.WriteString(")")
+	rowParameterValue.WriteString(")")
+
+	for {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		default:
+			beans := make([]*Bean, 0, batchSize)
+
+			sess := GetEngine(ctx)
+			for _, f := range sqlFieldNames {
+				sess = sess.OrderBy(f)
+			}
+			if cond != nil {
+				sess = sess.Where(cond)
+			}
+			if lastKey != nil {
+				sess = sess.Where(
+					builder.Expr(fmt.Sprintf("%s > %s", rowValue.String(), rowParameterValue.String()), lastKey...))
+			}
+
+			if err := sess.Limit(batchSize).Find(&beans); err != nil {
+				return err
+			}
+			if len(beans) == 0 {
+				return nil
+			}
+
+			for _, bean := range beans {
+				if err := f(ctx, bean); err != nil {
+					return err
+				}
+			}
+
+			lastBean := beans[len(beans)-1]
+			lastKey = make([]any, len(goFieldNames))
+			for i := range goFieldNames {
+				lastKey[i] = extractFieldValue(lastBean, goFieldNames[i])
+			}
+		}
+	}
+}
diff --git a/models/db/iterate_test.go b/models/db/iterate_test.go
index 405db84866..d60db3da11 100644
--- a/models/db/iterate_test.go
+++ b/models/db/iterate_test.go
@@ -10,6 +10,7 @@ import (
 	"testing"
 
 	"forgejo.org/models/db"
+	git_model "forgejo.org/models/git"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/setting"
@@ -21,7 +22,6 @@ import (
 )
 
 func TestIterate(t *testing.T) {
-	db.SetLogSQL(t.Context(), true)
 	defer test.MockVariableValue(&setting.Database.IterateBufferSize, 50)()
 
 	t.Run("No Modifications", func(t *testing.T) {
@@ -115,3 +115,31 @@ func TestIterate(t *testing.T) {
 		assert.Empty(t, remainingRepoIDs)
 	})
 }
+
+func TestIterateMultipleFields(t *testing.T) {
+	for _, bufferSize := range []int{1, 2, 3, 10} { // 8 records in fixture
+		t.Run(fmt.Sprintf("No Modifications bufferSize=%d", bufferSize), func(t *testing.T) {
+			require.NoError(t, unittest.PrepareTestDatabase())
+
+			// Fetch all the commit status IDs...
+			var remainingIDs []int64
+			err := db.GetEngine(t.Context()).Table(&git_model.CommitStatus{}).Cols("id").Find(&remainingIDs)
+			require.NoError(t, err)
+			require.NotEmpty(t, remainingIDs)
+
+			// Ensure that every repo unit ID is found when doing iterate:
+			err = db.IterateByKeyset(t.Context(),
+				nil,
+				[]string{"repo_id", "sha", "context", "index", "id"},
+				bufferSize,
+				func(ctx context.Context, commit_status *git_model.CommitStatus) error {
+					remainingIDs = slices.DeleteFunc(remainingIDs, func(n int64) bool {
+						return commit_status.ID == n
+					})
+					return nil
+				})
+			require.NoError(t, err)
+			assert.Empty(t, remainingIDs)
+		})
+	}
+}
diff --git a/models/git/TestCleanupCommitStatus/commit_status.yml b/models/git/TestCleanupCommitStatus/commit_status.yml
new file mode 100644
index 0000000000..e62b39b6d2
--- /dev/null
+++ b/models/git/TestCleanupCommitStatus/commit_status.yml
@@ -0,0 +1,135 @@
+# Fields that should, if changed, prevent deletion: repo_id, sha, context, state, description.  The first test sets will
+# be varying each of these fields independently to confirm they're kept.
+
+
+# Vary description:
+-
+  id: 10
+  index: 1
+  repo_id: 62
+  state: "pending"
+  sha: "01"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness
+-
+  id: 11
+  index: 2
+  repo_id: 62
+  state: "pending"
+  sha: "01"
+  description: "Almost woke up..."
+  context: deploy/awesomeness
+
+# Vary state:
+-
+  id: 12
+  index: 1
+  repo_id: 62
+  state: "pending"
+  sha: "02"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness
+-
+  id: 13
+  index: 2
+  repo_id: 62
+  state: "success"
+  sha: "02"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness
+
+# Vary context:
+-
+  id: 14
+  index: 1
+  repo_id: 62
+  state: "pending"
+  sha: "03"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness-v1
+-
+  id: 15
+  index: 2
+  repo_id: 62
+  state: "pending"
+  sha: "03"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness-v2
+
+# Vary sha:
+-
+  id: 16
+  index: 1
+  repo_id: 62
+  state: "pending"
+  sha: "04"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness-v1
+-
+  id: 17
+  index: 2
+  repo_id: 62
+  state: "pending"
+  sha: "05"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness-v1
+
+# Vary Repo ID:
+-
+  id: 18
+  index: 1
+  repo_id: 62
+  state: "pending"
+  sha: "06"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness-v1
+-
+  id: 19
+  index: 2
+  repo_id: 63
+  state: "pending"
+  sha: "06"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness-v1
+
+# That's all the varying cases, now here's the data that should be affected by the delete:
+-
+  id: 20
+  index: 1
+  repo_id: 62
+  state: "pending"
+  sha: "07"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness-v1
+- # Dupe 1
+  id: 21
+  index: 2
+  repo_id: 62
+  state: "pending"
+  sha: "07"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness-v1
+- # Dupe 2
+  id: 22
+  index: 3
+  repo_id: 62
+  state: "pending"
+  sha: "07"
+  description: "Waiting for wake up"
+  context: deploy/awesomeness-v1
+- # Switched to "success", keep
+  id: 23
+  index: 4
+  repo_id: 62
+  state: "success"
+  sha: "07"
+  description: "Successful!"
+  context: deploy/awesomeness-v1
+- # Dupe reporting success again
+  id: 24
+  index: 5
+  repo_id: 62
+  state: "success"
+  sha: "07"
+  description: "Successful!"
+  context: deploy/awesomeness-v1
diff --git a/models/git/commit_status.go b/models/git/commit_status.go
index 60a0aa5a4f..4ae926eed6 100644
--- a/models/git/commit_status.go
+++ b/models/git/commit_status.go
@@ -467,3 +467,68 @@ func ParseCommitsWithStatus(ctx context.Context, commits []*git.Commit, repo *re
 func hashCommitStatusContext(context string) string {
 	return fmt.Sprintf("%x", sha1.Sum([]byte(context)))
 }
+
+func CleanupCommitStatus(ctx context.Context, bufferSize, deleteChunkSize int, dryRun bool) error {
+	startTime := time.Now()
+
+	var lastCommitStatus CommitStatus
+	deleteTargets := make([]int64, 0, deleteChunkSize)
+	recordCount := 0
+	deleteCount := 0
+
+	err := db.IterateByKeyset(ctx,
+		nil,
+		[]string{"repo_id", "sha", "context", "index", "id"},
+		bufferSize,
+		func(ctx context.Context, commitStatus *CommitStatus) error {
+			if commitStatus.RepoID != lastCommitStatus.RepoID ||
+				commitStatus.SHA != lastCommitStatus.SHA ||
+				commitStatus.Context != lastCommitStatus.Context ||
+				commitStatus.State != lastCommitStatus.State ||
+				commitStatus.Description != lastCommitStatus.Description {
+				// New context, or changed state/description; keep it, start looking for duplicates of it.
+				lastCommitStatus = *commitStatus
+			} else {
+				// Same context as previous record, and same state -- this record shouldn't have been stored.
+				deleteTargets = append(deleteTargets, commitStatus.ID)
+
+				if len(deleteTargets) == deleteChunkSize {
+					// Flush delete chunk
+					log.Debug("deleting chunk of %d records (dryRun=%v)", len(deleteTargets), dryRun)
+					if !dryRun {
+						if err := db.DeleteByIDs[CommitStatus](ctx, deleteTargets...); err != nil {
+							return err
+						}
+					}
+					deleteCount += len(deleteTargets)
+					deleteTargets = make([]int64, 0, deleteChunkSize)
+				}
+			}
+			recordCount++
+			return nil
+		})
+	if err != nil {
+		return err
+	}
+
+	if len(deleteTargets) > 0 {
+		log.Debug("deleting final chunk of %d records (dryRun=%v)", len(deleteTargets), dryRun)
+		if !dryRun {
+			if err := db.DeleteByIDs[CommitStatus](ctx, deleteTargets...); err != nil {
+				return err
+			}
+		}
+		deleteCount += len(deleteTargets)
+	}
+
+	duration := time.Since(startTime)
+
+	if dryRun {
+		log.Info("Reviewed %d records in commit_status, and would delete %d", recordCount, deleteCount)
+	} else {
+		log.Info("Reviewed %d records in commit_status, and deleted %d", recordCount, deleteCount)
+	}
+	log.Info("Cleanup commit status took %d milliseconds", duration.Milliseconds())
+
+	return nil
+}
diff --git a/models/git/commit_status_test.go b/models/git/commit_status_test.go
index ce6c0d4673..b5c3690e0f 100644
--- a/models/git/commit_status_test.go
+++ b/models/git/commit_status_test.go
@@ -244,3 +244,46 @@ func TestFindRepoRecentCommitStatusContexts(t *testing.T) {
 		assert.Equal(t, "compliance/lint-backend", contexts[0])
 	}
 }
+
+func TestCleanupCommitStatus(t *testing.T) {
+	defer unittest.OverrideFixtures("models/git/TestCleanupCommitStatus")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	// No changes after a dry run:
+	originalCount := unittest.GetCount(t, &git_model.CommitStatus{})
+	err := git_model.CleanupCommitStatus(t.Context(), 100, 100, true)
+	require.NoError(t, err)
+	countAfterDryRun := unittest.GetCount(t, &git_model.CommitStatus{})
+	assert.Equal(t, originalCount, countAfterDryRun)
+
+	// Perform actual cleanup
+	err = git_model.CleanupCommitStatus(t.Context(), 100, 100, false)
+	require.NoError(t, err)
+
+	// Varying descriptions
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 10})
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 11})
+
+	// Varying state
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 12})
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 13})
+
+	// Varying context
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 14})
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 15})
+
+	// Varying sha
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 16})
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 17})
+
+	// Varying repo ID
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 18})
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 19})
+
+	// Expected to remain or be removed from cleanup of fixture data:
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 20})
+	unittest.AssertNotExistsBean(t, &git_model.CommitStatus{ID: 21})
+	unittest.AssertNotExistsBean(t, &git_model.CommitStatus{ID: 22})
+	unittest.AssertExistsAndLoadBean(t, &git_model.CommitStatus{ID: 23})
+	unittest.AssertNotExistsBean(t, &git_model.CommitStatus{ID: 24})
+}

From 581227f20a84ba9358c19b976c2f94e4ace9d86e Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Sat, 10 Jan 2026 23:44:42 +0100
Subject: [PATCH 132/854] chore(ui): cleanup PR checks area (#10768)

Mostly a UI followup to https://codeberg.org/forgejo/forgejo/pulls/9397 with a few fixes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10768
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 templates/repo/issue/view_content/pull.tmpl   | 10 ++--
 .../view_content/update_branch_by_merge.tmpl  |  4 +-
 templates/repo/pulls/trust.tmpl               | 46 ++++++++-----------
 3 files changed, 26 insertions(+), 34 deletions(-)

diff --git a/templates/repo/issue/view_content/pull.tmpl b/templates/repo/issue/view_content/pull.tmpl
index 8198c6f98d..b5cce664a3 100644
--- a/templates/repo/issue/view_content/pull.tmpl
+++ b/templates/repo/issue/view_content/pull.tmpl
@@ -36,7 +36,7 @@
 			{{if .Issue.PullRequest.HasMerged}}
 				{{if .IsPullBranchDeletable}}
 					<div class="item item-section text tw-flex-1">
-						<div class="item-section-left">
+						<div>
 							<h3 class="tw-mb-2">
 								{{ctx.Locale.Tr "repo.pulls.merged_success"}}
 							</h3>
@@ -44,14 +44,14 @@
 								{{ctx.Locale.Tr "repo.pulls.merged_info_text" (HTMLFormat "<code>%s</code>" .HeadTarget)}}
 							</div>
 						</div>
-						<div class="item-section-right">
+						<div>
 							<button class="delete-button ui button" data-url="{{.DeleteBranchLink}}" data-modal-id="delete-branch">{{ctx.Locale.Tr "repo.branch.delete_html"}}</button>
 						</div>
 					</div>
 				{{end}}
 			{{else if .Issue.IsClosed}}
 				<div class="item item-section text tw-flex-1">
-					<div class="item-section-left">
+					<div>
 						<h3 class="tw-mb-2">{{ctx.Locale.Tr "repo.pulls.closed"}}</h3>
 						<div class="merge-section-info">
 							{{if .IsPullRequestBroken}}
@@ -62,7 +62,7 @@
 						</div>
 					</div>
 					{{if and .IsPullBranchDeletable (not .IsPullRequestBroken)}}
-						<div class="item-section-right">
+						<div>
 							<button class="delete-button ui button" data-url="{{.DeleteBranchLink}}" data-modal-id="delete-branch">{{ctx.Locale.Tr "repo.branch.delete_html"}}</button>
 						</div>
 					{{end}}
@@ -85,7 +85,7 @@
 				</div>
 			{{else if .IsPullWorkInProgress}}
 				<div class="item toggle-wip" data-title="{{.Issue.Title}}" data-wip-prefixes="{{JsonUtils.EncodeToString .PullRequestWorkInProgressPrefixes}}" data-update-url="{{.Issue.Link}}/title">
-					<div class="item-section-left flex-text-inline tw-flex-1">
+					<div class="flex-text-inline tw-flex-1">
 						{{svg "octicon-x"}}
 						{{ctx.Locale.Tr "repo.pulls.cannot_merge_work_in_progress"}}
 					</div>
diff --git a/templates/repo/issue/view_content/update_branch_by_merge.tmpl b/templates/repo/issue/view_content/update_branch_by_merge.tmpl
index 3e8b691784..fb3051e56e 100644
--- a/templates/repo/issue/view_content/update_branch_by_merge.tmpl
+++ b/templates/repo/issue/view_content/update_branch_by_merge.tmpl
@@ -1,11 +1,11 @@
 {{if and (gt $.Issue.PullRequest.CommitsBehind 0) (not $.Issue.IsClosed) (not $.Issue.PullRequest.IsChecking) (not $.IsPullFilesConflicted) (not $.IsPullRequestBroken)}}
 	<div class="divider"></div>
 	<div class="item item-section">
-		<div class="item-section-left flex-text-inline">
+		<div class="flex-text-inline">
 			{{svg "octicon-alert"}}
 			{{ctx.Locale.Tr "repo.pulls.outdated_with_base_branch"}}
 		</div>
-		<div class="item-section-right">
+		<div>
 			{{if and $.UpdateAllowed $.UpdateByRebaseAllowed}}
 				<div class="tw-inline-block">
 					<div class="ui buttons update-button">
diff --git a/templates/repo/pulls/trust.tmpl b/templates/repo/pulls/trust.tmpl
index f715f27bbf..68e5b692ee 100644
--- a/templates/repo/pulls/trust.tmpl
+++ b/templates/repo/pulls/trust.tmpl
@@ -14,45 +14,37 @@ Template Attributes:
 		<div class="pull-request-trust-panel" id="pull-request-trust-panel">
 			<div class="divider"></div>
 			<div class="item item-section">
-				<div class="item-section-left flex-text-inline" data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_is_trusted.tooltip"}}">
+				<div data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_is_trusted.tooltip"}}">
 					{{ctx.Locale.Tr "repo.pulls.poster_is_trusted" "https://forgejo.org/docs/latest/user/actions/security-pull-request/"}}
 				</div>
-				<div class="item-section-right">
-					<form id="pull-request-trust-panel-revoke" class="ui form" method="post" action="{{.Link}}/action-user-trust">
-						<input type="hidden" name="trust" value="revoke">
-						<button class="ui primary button" data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_trust_revoke.tooltip"}}">{{ctx.Locale.Tr "repo.pulls.poster_trust_revoke"}}</button>
-					</form>
-				</div>
+				<form id="pull-request-trust-panel-revoke" method="post" action="{{.Link}}/action-user-trust">
+					<input type="hidden" name="trust" value="revoke">
+					<button class="primary button" data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_trust_revoke.tooltip"}}">{{ctx.Locale.Tr "repo.pulls.poster_trust_revoke"}}</button>
+				</form>
 			</div>
 		</div>
 	{{else if and .PullRequestPosterIsNotTrustedWithActions .SomePullRequestRunsNeedApproval}}
 		<div class="pull-request-trust-panel" id="pull-request-trust-panel">
 			<div class="divider"></div>
 			<div class="item item-section">
-				<div class="item-section-left flex-text-inline" data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_requires_approval.tooltip"}}">
+				<div data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_requires_approval.tooltip"}}">
 					{{svg "octicon-alert" 16 "text red"}}
 					{{ctx.Locale.Tr "repo.pulls.poster_requires_approval" "https://forgejo.org/docs/latest/user/actions/security-pull-request/"}}
 				</div>
 				{{if .UserCanDelegateTrustWithPullRequest}}
-					<div class="item-section-right">
-						<div class="tw-inline-block">
-							<form id="pull-request-trust-panel-deny" class="ui form" method="post" action="{{.Link}}/action-user-trust">
-								<input type="hidden" name="trust" value="deny">
-								<button class="ui primary button" data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_trust_deny.tooltip"}}">{{ctx.Locale.Tr "repo.pulls.poster_trust_deny"}}</button>
-							</form>
-						</div>
-						<div class="tw-inline-block">
-							<form id="pull-request-trust-panel-once" class="ui form" method="post" action="{{.Link}}/action-user-trust">
-								<input type="hidden" name="trust" value="once">
-								<button class="ui primary button" data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_trust_once.tooltip"}}">{{ctx.Locale.Tr "repo.pulls.poster_trust_once"}}</button>
-							</form>
-						</div>
-						<div class="tw-inline-block">
-							<form id="pull-request-trust-panel-always" class="ui form" method="post" action="{{.Link}}/action-user-trust">
-								<input type="hidden" name="trust" value="always">
-								<button class="ui primary button" data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_trust_always.tooltip"}}">{{ctx.Locale.Tr "repo.pulls.poster_trust_always"}}</button>
-							</form>
-						</div>
+					<div class="button-sequence">
+						<form id="pull-request-trust-panel-deny" method="post" action="{{.Link}}/action-user-trust">
+							<input type="hidden" name="trust" value="deny">
+							<button class="primary button" data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_trust_deny.tooltip"}}">{{ctx.Locale.Tr "repo.pulls.poster_trust_deny"}}</button>
+						</form>
+						<form id="pull-request-trust-panel-once" method="post" action="{{.Link}}/action-user-trust">
+							<input type="hidden" name="trust" value="once">
+							<button class="primary button" data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_trust_once.tooltip"}}">{{ctx.Locale.Tr "repo.pulls.poster_trust_once"}}</button>
+						</form>
+						<form id="pull-request-trust-panel-always" method="post" action="{{.Link}}/action-user-trust">
+							<input type="hidden" name="trust" value="always">
+							<button class="primary button" data-tooltip-content="{{ctx.Locale.Tr "repo.pulls.poster_trust_always.tooltip"}}">{{ctx.Locale.Tr "repo.pulls.poster_trust_always"}}</button>
+						</form>
 					</div>
 				{{end}}
 			</div>

From fdb1d9d762df6904114bace9a143208cc3df258d Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 11 Jan 2026 09:20:42 +0100
Subject: [PATCH 133/854] Update dependency @codemirror/view to v6.39.9
 (forgejo) (#10758)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10758
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 931a499f7e..87b76a8002 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -30,7 +30,7 @@
         "@codemirror/language": "6.12.1",
         "@codemirror/search": "6.5.11",
         "@codemirror/state": "6.5.3",
-        "@codemirror/view": "6.39.8",
+        "@codemirror/view": "6.39.9",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.8.0",
@@ -778,9 +778,9 @@
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.39.8",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.8.tgz",
-      "integrity": "sha512-1rASYd9Z/mE3tkbC9wInRlCNyCkSn+nLsiQKZhEDUUJiUfs/5FHDpCUDaQpoTIaNGeDc6/bhaEAyLmeEucEFPw==",
+      "version": "6.39.9",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.9.tgz",
+      "integrity": "sha512-miGSIfBOKC1s2oHoa80dp+BjtsL8sXsrgGlQnQuOcfvaedcQUtqddTmKbJSDkLl4mkgPvZyXuKic2HDNYcJLYA==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.5.0",
diff --git a/package.json b/package.json
index 4f294c2e8e..4b83be4cbb 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "@codemirror/language": "6.12.1",
     "@codemirror/search": "6.5.11",
     "@codemirror/state": "6.5.3",
-    "@codemirror/view": "6.39.8",
+    "@codemirror/view": "6.39.9",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.8.0",

From 4fd275116dbe300e492a65e710ee1e16d85b4ffe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=CE=88=CE=BB=CE=BB=CE=B5=CE=BD=20=CE=95=CE=BC=CE=AF=CE=BB?=
 =?UTF-8?q?=CE=B9=CE=B1=20=CE=86=CE=BD=CE=BD=CE=B1=20Zscheile?=
 <fogti+devel@ytrizja.de>
Date: Sun, 11 Jan 2026 09:40:49 +0100
Subject: [PATCH 134/854] feat: teach lint-locale-usage about
 ObjectVerification.Reason (#10755)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add special parsing to handle the keys found in the `Reason` field of `ObjectVerification` structs.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10755
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>
Co-committed-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>
---
 .../allowed-masked-usage.txt                  |  7 ----
 build/lint-locale-usage/bin/handle-go.go      |  3 ++
 models/asymkey/lint-locale-usage/llu.go       | 33 +++++++++++++++++++
 3 files changed, 36 insertions(+), 7 deletions(-)
 create mode 100644 models/asymkey/lint-locale-usage/llu.go

diff --git a/build/lint-locale-usage/allowed-masked-usage.txt b/build/lint-locale-usage/allowed-masked-usage.txt
index cfab25a5fd..ca899c7d38 100644
--- a/build/lint-locale-usage/allowed-masked-usage.txt
+++ b/build/lint-locale-usage/allowed-masked-usage.txt
@@ -6,13 +6,6 @@ translation_meta.test
 # this also gets instantiated as a Messenger once
 repo.migrate.migrating_failed.error
 
-# models/asymkey/gpg_key_object_verification.go: $ObjectVerification.Reason
-# unfortunately, it is non-trivial to parse all the occurences
-gpg.error.extract_sign
-gpg.error.failed_retrieval_gpg_keys
-gpg.error.generate_hash
-gpg.error.no_committer_account
-
 # models/system/notice.go: func (n *Notice) TrStr() string
 admin.notices.type_1
 admin.notices.type_2
diff --git a/build/lint-locale-usage/bin/handle-go.go b/build/lint-locale-usage/bin/handle-go.go
index b1757fa0fc..ffa6b13165 100644
--- a/build/lint-locale-usage/bin/handle-go.go
+++ b/build/lint-locale-usage/bin/handle-go.go
@@ -15,6 +15,7 @@ import (
 	"strings"
 
 	llu "forgejo.org/build/lint-locale-usage"
+	lluAsymKey "forgejo.org/models/asymkey/lint-locale-usage"
 	lluUnit "forgejo.org/models/unit/lint-locale-usage"
 	lluMigrate "forgejo.org/services/migrations/lint-locale-usage"
 )
@@ -71,6 +72,8 @@ func HandleGoFile(handler llu.Handler, fname string, src any) error {
 		case *ast.CompositeLit:
 			if strings.HasSuffix(fname, "models/unit/unit.go") {
 				lluUnit.HandleCompositeUnit(handler, fset, n2)
+			} else if strings.Contains(fname, "models/asymkey/") {
+				lluAsymKey.HandleCompositeErrorReason(handler, fset, n2)
 			}
 
 		case *ast.FuncDecl:
diff --git a/models/asymkey/lint-locale-usage/llu.go b/models/asymkey/lint-locale-usage/llu.go
new file mode 100644
index 0000000000..256b5ca12b
--- /dev/null
+++ b/models/asymkey/lint-locale-usage/llu.go
@@ -0,0 +1,33 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package lintLocaleUsage
+
+import (
+	"go/ast"
+	"go/token"
+
+	llu "forgejo.org/build/lint-locale-usage"
+)
+
+// special case: models/asymkey/*.go,
+//
+//	handle &ObjectVerification{...}
+func HandleCompositeErrorReason(handler llu.Handler, fset *token.FileSet, n *ast.CompositeLit) {
+	ident, ok := n.Type.(*ast.Ident)
+	if !ok || ident.Name != "ObjectVerification" {
+		return
+	}
+
+	// fields are normally named
+	for _, i := range n.Elts {
+		if kve, ok := i.(*ast.KeyValueExpr); ok {
+			ident, ok = kve.Key.(*ast.Ident)
+			if ok && ident.Name == "Reason" {
+				handler.HandleGoTrArgument(fset, kve.Value, "")
+			}
+		} else {
+			handler.OnWarning(fset, i.Pos(), "unable to parse ObjectVerification field assignment")
+		}
+	}
+}

From d9de2833c7f1b511061ba3a1f6c993a95275d9d4 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 11 Jan 2026 12:23:02 +0100
Subject: [PATCH 135/854] Update dependency globals to v17 (forgejo) (#10775)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10775
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 34 ++++++++++++++++++++++++++++++----
 package.json      |  2 +-
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 87b76a8002..09c1b1314b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -107,7 +107,7 @@
         "eslint-plugin-vue": "10.6.2",
         "eslint-plugin-vue-scoped-css": "2.12.0",
         "eslint-plugin-wc": "3.0.2",
-        "globals": "16.5.0",
+        "globals": "17.0.0",
         "happy-dom": "20.0.11",
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.47.0",
@@ -8110,6 +8110,19 @@
         "eslint": ">=8.40.0"
       }
     },
+    "node_modules/eslint-plugin-playwright/node_modules/globals": {
+      "version": "16.5.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-16.5.0.tgz",
+      "integrity": "sha512-c/c15i26VrJ4IRt5Z89DnIzCGDn9EcebibhAOjw5ibqEHsE1wLUgkPn9RDmNcUKyU87GeaL633nyJ+pplFR2ZQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/eslint-plugin-regexp": {
       "version": "2.10.0",
       "resolved": "https://registry.npmjs.org/eslint-plugin-regexp/-/eslint-plugin-regexp-2.10.0.tgz",
@@ -8258,6 +8271,19 @@
         "eslint": ">=9.38.0"
       }
     },
+    "node_modules/eslint-plugin-unicorn/node_modules/globals": {
+      "version": "16.5.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-16.5.0.tgz",
+      "integrity": "sha512-c/c15i26VrJ4IRt5Z89DnIzCGDn9EcebibhAOjw5ibqEHsE1wLUgkPn9RDmNcUKyU87GeaL633nyJ+pplFR2ZQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/eslint-plugin-vitest-globals": {
       "version": "1.5.0",
       "resolved": "https://registry.npmjs.org/eslint-plugin-vitest-globals/-/eslint-plugin-vitest-globals-1.5.0.tgz",
@@ -9052,9 +9078,9 @@
       }
     },
     "node_modules/globals": {
-      "version": "16.5.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-16.5.0.tgz",
-      "integrity": "sha512-c/c15i26VrJ4IRt5Z89DnIzCGDn9EcebibhAOjw5ibqEHsE1wLUgkPn9RDmNcUKyU87GeaL633nyJ+pplFR2ZQ==",
+      "version": "17.0.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-17.0.0.tgz",
+      "integrity": "sha512-gv5BeD2EssA793rlFWVPMMCqefTlpusw6/2TbAVMy0FzcG8wKJn4O+NqJ4+XWmmwrayJgw5TzrmWjFgmz1XPqw==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/package.json b/package.json
index 4b83be4cbb..8b3a5715aa 100644
--- a/package.json
+++ b/package.json
@@ -106,7 +106,7 @@
     "eslint-plugin-vue": "10.6.2",
     "eslint-plugin-vue-scoped-css": "2.12.0",
     "eslint-plugin-wc": "3.0.2",
-    "globals": "16.5.0",
+    "globals": "17.0.0",
     "happy-dom": "20.0.11",
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.47.0",

From 8cca9317c2edb46b7670f91e41ac1e951e8fad35 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 11 Jan 2026 23:36:19 +0100
Subject: [PATCH 136/854] chore: correct spelling error in
 cleanup-commit-status CLI docs (#10780)

Fixes a typo that prevents the forgejo docs builds from being updated.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10780
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 cmd/doctor.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/doctor.go b/cmd/doctor.go
index f7636013a6..c2ddfef9c5 100644
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -124,7 +124,7 @@ func cmdCleanupCommitStatuses() *cli.Command {
 		Description: `Forgejo suffered from a bug which caused the creation of more entries in the
 "commit_status" table than necessary. This operation removes the redundant
 data caused by the bug. Removing this data is almost always safe.
-These reundant records can be accessed by users through the API, making it
+These redundant records can be accessed by users through the API, making it
 possible, but unlikely, that removing it could have an impact to
 integrating services (API: /repos/{owner}/{repo}/commits/{ref}/statuses).
 

From fda54d59b87aee0a7561389be09d34f33175c324 Mon Sep 17 00:00:00 2001
From: Leon Schmidt <mail@leon.wtf>
Date: Sun, 11 Jan 2026 23:50:21 +0100
Subject: [PATCH 137/854] Auto-link container images to repository (#10617)

Implements auto-linking container images from the package registry to a repository (closes #2823). This might ease implementing #2699 in the future.

Specifically, auto-linking happens on package creation and NOT when publishing updates to the same package. This should prevent "relinking" a manually unlinked package when publishing an update. Linking is performed either via the the Docker label `` (as described here: https://codeberg.org/forgejo/forgejo/issues/2823#issuecomment-8163866) or by naming the image like the repository (supports nested image names).

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - ~~[ ] in their respective `*_test.go` for unit tests.~~ _(Not required, since only already tested functions were used)_
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- ~~I added test coverage for JavaScript changes...~~ _(No changes to JavaScript code)_

### Documentation

- [X] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change: https://codeberg.org/forgejo/docs/pulls/1666
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [X] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10617
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Leon Schmidt <mail@leon.wtf>
Co-committed-by: Leon Schmidt <mail@leon.wtf>
---
 modules/packages/container/metadata.go        |  12 +-
 routers/api/packages/container/blob.go        |   7 +-
 routers/api/packages/container/manifest.go    | 125 +++++++++-
 .../api_packages_container_test.go            | 219 +++++++++++++++++-
 4 files changed, 351 insertions(+), 12 deletions(-)

diff --git a/modules/packages/container/metadata.go b/modules/packages/container/metadata.go
index 6cac77b7ff..4f332783ba 100644
--- a/modules/packages/container/metadata.go
+++ b/modules/packages/container/metadata.go
@@ -16,11 +16,12 @@ import (
 )
 
 const (
-	PropertyRepository        = "container.repository"
-	PropertyDigest            = "container.digest"
-	PropertyMediaType         = "container.mediatype"
-	PropertyManifestTagged    = "container.manifest.tagged"
-	PropertyManifestReference = "container.manifest.reference"
+	PropertyRepository                   = "container.repository"
+	PropertyRepositoryAutolinkingPending = "container.repository.autolinking-pending"
+	PropertyDigest                       = "container.digest"
+	PropertyMediaType                    = "container.mediatype"
+	PropertyManifestTagged               = "container.manifest.tagged"
+	PropertyManifestReference            = "container.manifest.reference"
 
 	DefaultPlatform = "linux/amd64"
 
@@ -63,6 +64,7 @@ type Metadata struct {
 	Labels           map[string]string `json:"labels,omitempty"`
 	ImageLayers      []string          `json:"layer_creation,omitempty"`
 	Manifests        []*Manifest       `json:"manifests,omitempty"`
+	Annotations      map[string]string `json:"annotations,omitempty"`
 }
 
 type Manifest struct {
diff --git a/routers/api/packages/container/blob.go b/routers/api/packages/container/blob.go
index 0e07b03c0c..29de375842 100644
--- a/routers/api/packages/container/blob.go
+++ b/routers/api/packages/container/blob.go
@@ -105,6 +105,7 @@ func getOrCreateUploadVersion(ctx context.Context, pi *packages_service.PackageI
 			LowerName: strings.ToLower(pi.Name),
 		}
 		var err error
+
 		if p, err = packages_model.TryInsertPackage(ctx, p); err != nil {
 			if err == packages_model.ErrDuplicatePackage {
 				created = false
@@ -116,7 +117,11 @@ func getOrCreateUploadVersion(ctx context.Context, pi *packages_service.PackageI
 
 		if created {
 			if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypePackage, p.ID, container_module.PropertyRepository, strings.ToLower(pi.Owner.LowerName+"/"+pi.Name)); err != nil {
-				log.Error("Error setting package property: %v", err)
+				log.Error("Error setting package property %s: %v", container_module.PropertyRepository, err)
+				return err
+			}
+			if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypePackage, p.ID, container_module.PropertyRepositoryAutolinkingPending, "yes"); err != nil {
+				log.Error("Error setting package property %s: %v", container_module.PropertyRepositoryAutolinkingPending, err)
 				return err
 			}
 		}
diff --git a/routers/api/packages/container/manifest.go b/routers/api/packages/container/manifest.go
index 428e7605a6..545bfb9f15 100644
--- a/routers/api/packages/container/manifest.go
+++ b/routers/api/packages/container/manifest.go
@@ -8,17 +8,20 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"net/url"
 	"os"
 	"strings"
 
 	"forgejo.org/models/db"
 	packages_model "forgejo.org/models/packages"
 	container_model "forgejo.org/models/packages/container"
+	repo_model "forgejo.org/models/repo"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
 	packages_module "forgejo.org/modules/packages"
 	container_module "forgejo.org/modules/packages/container"
+	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
 	notify_service "forgejo.org/services/notify"
 	packages_service "forgejo.org/services/packages"
@@ -117,6 +120,7 @@ func processImageManifest(ctx context.Context, mci *manifestCreationInfo, buf *p
 		if err != nil {
 			return err
 		}
+		metadata.Annotations = manifest.Annotations
 
 		blobReferences := make([]*blobReference, 0, 1+len(manifest.Layers))
 
@@ -320,6 +324,7 @@ func createPackageAndVersion(ctx context.Context, mci *manifestCreationInfo, met
 		LowerName: strings.ToLower(mci.Image),
 	}
 	var err error
+
 	if p, err = packages_model.TryInsertPackage(ctx, p); err != nil {
 		if err == packages_model.ErrDuplicatePackage {
 			created = false
@@ -331,9 +336,32 @@ func createPackageAndVersion(ctx context.Context, mci *manifestCreationInfo, met
 
 	if created {
 		if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypePackage, p.ID, container_module.PropertyRepository, strings.ToLower(mci.Owner.LowerName+"/"+mci.Image)); err != nil {
-			log.Error("Error setting package property: %v", err)
+			log.Error("Error setting package property %s: %v", container_module.PropertyRepository, err)
 			return nil, err
 		}
+		if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypePackage, p.ID, container_module.PropertyRepositoryAutolinkingPending, "yes"); err != nil {
+			log.Error("Error setting package property %s: %v", container_module.PropertyRepositoryAutolinkingPending, err)
+			return nil, err
+		}
+	}
+
+	// Check if auto-linking is required (this only happens after creation of package (not version!))
+	autolinkRequiredProps, err := packages_model.GetPropertiesByName(ctx, packages_model.PropertyTypePackage, p.ID, container_module.PropertyRepositoryAutolinkingPending)
+	if err != nil {
+		log.Error("Error getting package properties %s: %v", container_module.PropertyRepositoryAutolinkingPending, err)
+		return nil, err
+	}
+	if len(autolinkRequiredProps) > 0 {
+		autolinkRequiredProp := autolinkRequiredProps[0]
+		if autolinkRequiredProp != nil && autolinkRequiredProp.Value == "yes" { // check if auto-link is required (this prevents re-auto-linking on new versions, since the property is not set there)
+			if _, err := tryAutoLink(ctx, p, mci.Owner.LowerName, mci.Image, metadata, mci.Creator); err != nil {
+				log.Error("Auto-linking failed for package %d: %v", p.ID, err)
+			}
+			// remove property regardless of success/failure to keep behavior consistent and prevent retries on re-runs.
+			if err := packages_model.DeletePropertyByName(ctx, packages_model.PropertyTypePackage, p.ID, container_module.PropertyRepositoryAutolinkingPending); err != nil {
+				return nil, err
+			}
+		}
 	}
 
 	metadata.IsTagged = mci.IsTagged
@@ -481,3 +509,98 @@ func createManifestBlob(ctx context.Context, mci *manifestCreationInfo, pv *pack
 
 	return pb, !exists, manifestDigest, err
 }
+
+// Attempty to link a package to a repository in the following order of precedence: by annotation, by label and finally by image name.
+// If it fails, it returns false, nil. Only actual errors are returned, so don't use the err return only to determine if the linking was performed.
+func tryAutoLink(ctx context.Context, p *packages_model.Package, imageOwner, imageName string, metadata *container_module.Metadata, doer *user_model.User) (linked bool, err error) {
+	// We can use the same function for linking by annotation as is used for
+	// linking by label, since the field has the exact same structure
+	if linkedByAnnotation, err := tryAutolinkByLabel(ctx, p, metadata.Annotations, doer); err != nil {
+		return false, err
+	} else if linkedByAnnotation {
+		log.Info("Image %s/%s was auto-linked by annotation", imageOwner, imageName)
+		return true, nil
+	}
+
+	if linkedByLabel, err := tryAutolinkByLabel(ctx, p, metadata.Labels, doer); err != nil {
+		return false, err
+	} else if linkedByLabel {
+		log.Info("Image %s/%s was auto-linked by label", imageOwner, imageName)
+		return true, nil
+	}
+
+	if linkedByName, err := tryAutolinkByImageName(ctx, p, imageOwner, imageName, doer); err != nil {
+		return false, err
+	} else if linkedByName {
+		log.Info("Image %s/%s was auto-linked by image name", imageOwner, imageName)
+		return true, nil
+	}
+
+	return false, nil
+}
+
+// Tries to link a package to a repository by label from metadata.
+// If it fails, it returns false, nil. Only actual errors are returned, so don't use the err return to determine if the linking was performed.
+func tryAutolinkByLabel(ctx context.Context, p *packages_model.Package, labels map[string]string, doer *user_model.User) (linked bool, err error) {
+	if labels == nil {
+		return false, nil
+	}
+
+	labelRepo, ok := labels["org.opencontainers.image.source"]
+	if !ok {
+		return false, nil
+	}
+
+	u, err := url.Parse(labelRepo)
+	if err != nil {
+		log.Warn("Failed to extract label value org.opencontainers.image.source: value is not in format '{host}/{owner}/{repo}' (is: %s)", labelRepo)
+		return false, nil // we do not return an error here, since a malformed label should simply be ignored
+	}
+
+	fullBasePath := fmt.Sprintf("%s://%s/", u.Scheme, u.Host)
+	if setting.AppURL != fullBasePath {
+		log.Warn("Failed to extract label value org.opencontainers.image.source: host does not match Forgejo AppURL (is: %s, want: %s)", fullBasePath, setting.AppURL)
+		return false, nil
+	}
+
+	pathParts := strings.Split(strings.Trim(u.Path, "/"), "/")
+	if len(pathParts) != 2 {
+		log.Warn("Failed to extract label value org.opencontainers.image.source: value is not in format '{host}/{owner}/{repo}' (is: %s)", labelRepo)
+	}
+
+	repository, err := repo_model.GetRepositoryByOwnerAndName(ctx, pathParts[0], pathParts[1])
+	if err != nil {
+		if !repo_model.IsErrRepoNotExist(err) {
+			return false, err // this is a legit error
+		}
+		return false, nil
+	}
+
+	if err := packages_service.LinkToRepository(ctx, p, repository, doer); err != nil {
+		if errors.Is(err, util.ErrPermissionDenied) {
+			return false, nil // we don't want an error case if the user does not have write access to the repo they have write access to
+		}
+		return false, err
+	}
+	return true, nil
+}
+
+// Tries to link a package to a repository by its name (using {owner}/{repo}[/...]).
+// If it fails, it returns false, nil. Only actual errors are returned, so don't use the err return to determine if the linking was performed.
+func tryAutolinkByImageName(ctx context.Context, p *packages_model.Package, imageOwner, imageName string, doer *user_model.User) (linked bool, err error) {
+	repoName := strings.SplitN(imageName, "/", 2)[0] // [0] = repo; [1] = remainer (no need to check length since SplitN always returns at least one element)
+	repository, err := repo_model.GetRepositoryByOwnerAndName(ctx, imageOwner, repoName)
+	if err != nil {
+		if !repo_model.IsErrRepoNotExist(err) {
+			return false, err // this is a legit error
+		}
+		return false, nil
+	}
+	if err := packages_service.LinkToRepository(ctx, p, repository, doer); err != nil {
+		if errors.Is(err, util.ErrPermissionDenied) {
+			return false, nil // we don't want an error case if the user does not have write access to the repo they have write access to
+		}
+		return false, err
+	}
+	return true, nil
+}
diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go
index b961415feb..6ab0933931 100644
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -7,8 +7,10 @@ import (
 	"bytes"
 	"crypto/sha256"
 	"encoding/base64"
+	"encoding/hex"
 	"fmt"
 	"net/http"
+	"strconv"
 	"strings"
 	"sync"
 	"testing"
@@ -17,12 +19,15 @@ import (
 	"forgejo.org/models/db"
 	packages_model "forgejo.org/models/packages"
 	container_model "forgejo.org/models/packages/container"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
 	container_module "forgejo.org/modules/packages/container"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
+	packages_service "forgejo.org/services/packages"
 	"forgejo.org/tests"
 
 	oci "github.com/opencontainers/image-spec/specs-go/v1"
@@ -62,20 +67,20 @@ func TestPackageContainer(t *testing.T) {
 
 	unknownDigest := "sha256:0000000000000000000000000000000000000000000000000000000000000000"
 
-	blobDigest := "sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4"
 	blobContent, _ := base64.StdEncoding.DecodeString(`H4sIAAAJbogA/2IYBaNgFIxYAAgAAP//Lq+17wAEAAA=`)
+	blobDigest := "sha256:" + sha256Hash(string(blobContent))
 
-	configDigest := "sha256:4607e093bec406eaadb6f3a340f63400c9d3a7038680744c406903766b938f0d"
 	configContent := `{"architecture":"amd64","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/true"],"ArgsEscaped":true,"Image":"sha256:9bd8b88dc68b80cffe126cc820e4b52c6e558eb3b37680bfee8e5f3ed7b8c257"},"container":"b89fe92a887d55c0961f02bdfbfd8ac3ddf66167db374770d2d9e9fab3311510","container_config":{"Hostname":"b89fe92a887d","Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh","-c","#(nop) ","CMD [\"/true\"]"],"ArgsEscaped":true,"Image":"sha256:9bd8b88dc68b80cffe126cc820e4b52c6e558eb3b37680bfee8e5f3ed7b8c257"},"created":"2022-01-01T00:00:00.000000000Z","docker_version":"20.10.12","history":[{"created":"2022-01-01T00:00:00.000000000Z","created_by":"/bin/sh -c #(nop) COPY file:0e7589b0c800daaf6fa460d2677101e4676dd9491980210cb345480e513f3602 in /true "},{"created":"2022-01-01T00:00:00.000000001Z","created_by":"/bin/sh -c #(nop)  CMD [\"/true\"]","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:0ff3b91bdf21ecdf2f2f3d4372c2098a14dbe06cd678e8f0a85fd4902d00e2e2"]}}`
+	configDigest := "sha256:" + sha256Hash(configContent)
 
-	manifestDigest := "sha256:4f10484d1c1bb13e3956b4de1cd42db8e0f14a75be1617b60f2de3cd59c803c6"
 	manifestContent := `{"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"mediaType":"application/vnd.docker.container.image.v1+json","digest":"sha256:4607e093bec406eaadb6f3a340f63400c9d3a7038680744c406903766b938f0d","size":1069},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4","size":32}]}`
+	manifestDigest := "sha256:" + sha256Hash(manifestContent)
 
-	untaggedManifestDigest := "sha256:4305f5f5572b9a426b88909b036e52ee3cf3d7b9c1b01fac840e90747f56623d"
 	untaggedManifestContent := `{"schemaVersion":2,"mediaType":"` + oci.MediaTypeImageManifest + `","config":{"mediaType":"application/vnd.docker.container.image.v1+json","digest":"sha256:4607e093bec406eaadb6f3a340f63400c9d3a7038680744c406903766b938f0d","size":1069},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4","size":32}]}`
+	untaggedManifestDigest := "sha256:" + sha256Hash(untaggedManifestContent)
 
-	indexManifestDigest := "sha256:bab112d6efb9e7f221995caaaa880352feb5bd8b1faf52fae8d12c113aa123ec"
 	indexManifestContent := `{"schemaVersion":2,"mediaType":"` + oci.MediaTypeImageIndex + `","manifests":[{"mediaType":"application/vnd.docker.distribution.manifest.v2+json","digest":"` + manifestDigest + `","platform":{"os":"linux","architecture":"arm","variant":"v7"}},{"mediaType":"` + oci.MediaTypeImageManifest + `","digest":"` + untaggedManifestDigest + `","platform":{"os":"linux","architecture":"arm64","variant":"v8"}}]}`
+	indexManifestDigest := "sha256:" + sha256Hash(indexManifestContent)
 
 	anonymousToken := ""
 	readUserToken := ""
@@ -906,4 +911,208 @@ func TestPackageContainer(t *testing.T) {
 		})
 		session.MakeRequest(t, req, http.StatusSeeOther)
 	})
+
+	t.Run("AutoLinking", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// create repo which is used for auto-linking
+		repo := createTestRepositoryWithPackageRegistry(t, user, "autolink-repo")
+
+		// Test repo for the private user, used to test unauthorized auto-linking.
+		// We don't need the repo object, but the name is used in the annotation pushed in the test.
+		_ = createTestRepositoryWithPackageRegistry(t, privateUser, "autolink-repo")
+
+		// some paths to push to
+		urlExistingRepo := fmt.Sprintf("%sv2/%s/%s", setting.AppURL, user.Name, repo.Name)
+		nameNonexistingRepo1 := "nonexisting-repo"
+		urlNonexistingRepo1 := fmt.Sprintf("%sv2/%s/%s", setting.AppURL, user.Name, nameNonexistingRepo1)
+		nameNonexistingRepo2 := "another-nonexisting-repo"
+		urlNonexistingRepo2 := fmt.Sprintf("%sv2/%s/%s", setting.AppURL, user.Name, nameNonexistingRepo2)
+		nameNonexistingRepo3 := "secret-repo"
+		urlNonexistingRepo3 := fmt.Sprintf("%sv2/%s/%s", setting.AppURL, user.Name, nameNonexistingRepo3)
+		nameNonexistingRepo4 := "more-repo-names-generator"
+		urlNonexistingRepo4 := fmt.Sprintf("%sv2/%s/%s", setting.AppURL, user.Name, nameNonexistingRepo4)
+		nameExistingRepoNested := "nested-image1"
+		urlExistingRepoNested := fmt.Sprintf("%sv2/%s/%s/%s", setting.AppURL, user.Name, repo.Name, nameExistingRepoNested)
+
+		// variable to hold an auto-linked package, which will be unlinked again in a later test
+		var linkedPackage *packages_model.Package
+
+		t.Run("PushToArbitraryRepo", func(t *testing.T) {
+			// Upload blobs and manifest
+			req := NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlNonexistingRepo1, blobDigest), bytes.NewReader(blobContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlNonexistingRepo1, configDigest), strings.NewReader(configContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", urlNonexistingRepo1, "v1"), strings.NewReader(manifestContent)).
+				AddTokenAuth(userToken).
+				SetHeader("Content-Type", "application/vnd.docker.distribution.manifest.v2+json")
+			MakeRequest(t, req, http.StatusCreated)
+
+			p, err := packages_model.GetPackageByName(t.Context(), user.ID, packages_model.TypeContainer, nameNonexistingRepo1)
+			require.NoError(t, err)
+			require.Equal(t, nameNonexistingRepo1, p.Name) // just to make sure we have grabbed the correct package
+			assert.Equal(t, int64(0), p.RepoID)
+		})
+
+		t.Run("PushToExisingRepo", func(t *testing.T) {
+			// Upload blobs and manifest which should create a package with tag "v1"
+			req := NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlExistingRepo, blobDigest), bytes.NewReader(blobContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlExistingRepo, configDigest), strings.NewReader(configContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", urlExistingRepo, "v1"), strings.NewReader(manifestContent)).
+				AddTokenAuth(userToken).
+				SetHeader("Content-Type", "application/vnd.docker.distribution.manifest.v2+json")
+			MakeRequest(t, req, http.StatusCreated)
+
+			// get the resulting package
+			p, err := packages_model.GetPackageByName(t.Context(), user.ID, packages_model.TypeContainer, repo.Name)
+			require.NoError(t, err)
+			require.Equal(t, repo.Name, p.Name) // just to make sure we have grabbed the correct package
+			assert.Equal(t, repo.ID, p.RepoID)
+			linkedPackage = p // store auto-linked package for the next test
+		})
+
+		t.Run("PushToExistingRepoNested", func(t *testing.T) {
+			// Upload blobs and manifest which should create a package with tag "v1"
+			req := NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlExistingRepoNested, blobDigest), bytes.NewReader(blobContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlExistingRepoNested, configDigest), strings.NewReader(configContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", urlExistingRepoNested, "v1"), strings.NewReader(manifestContent)).
+				AddTokenAuth(userToken).
+				SetHeader("Content-Type", "application/vnd.docker.distribution.manifest.v2+json")
+			MakeRequest(t, req, http.StatusCreated)
+
+			// get the resulting package
+			p, err := packages_model.GetPackageByName(t.Context(), user.ID, packages_model.TypeContainer, repo.Name+"/"+nameExistingRepoNested)
+			require.NoError(t, err)
+			require.Equal(t, repo.Name+"/"+nameExistingRepoNested, p.Name) // just to make sure we have grabbed the correct package
+			assert.Equal(t, repo.ID, p.RepoID)
+		})
+
+		t.Run("PushVersionToUnlinkedRepo", func(t *testing.T) {
+			// unlink previously auto-linked package
+			require.NoError(t,
+				packages_service.UnlinkFromRepository(t.Context(), linkedPackage, user),
+			)
+			// test if correctly unlinked
+			checkPackageForUnlinked, err := packages_model.GetPackageByName(t.Context(), user.ID, packages_model.TypeContainer, repo.Name)
+			require.NoError(t, err)
+			require.Equal(t, int64(0), checkPackageForUnlinked.RepoID)
+
+			// push updated version (e.g. tag v2)
+			req := NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlExistingRepo, blobDigest), bytes.NewReader(blobContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlExistingRepo, configDigest), strings.NewReader(configContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", urlExistingRepo, "v2"), strings.NewReader(manifestContent)).
+				AddTokenAuth(userToken).
+				SetHeader("Content-Type", "application/vnd.docker.distribution.manifest.v2+json")
+			MakeRequest(t, req, http.StatusCreated)
+
+			// test if still unlinked
+			checkPackageForStillUnlinked, err := packages_model.GetPackageByName(t.Context(), user.ID, packages_model.TypeContainer, repo.Name)
+			require.NoError(t, err)
+			assert.Equal(t, int64(0), checkPackageForStillUnlinked.RepoID)
+		})
+
+		t.Run("PushWithLabel", func(t *testing.T) {
+			// Pushes to non-existing path but tries to link using an image label.
+
+			// same as configContent, but with the added label in config: "org.opencontainers.image.source": "{AppURL}/user2/autolink-repo"
+			configWithOpenContainersSourceLabelContent := `{"architecture":"amd64","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/true"],"ArgsEscaped":true,"Labels":{"org.opencontainers.image.source":"` + setting.AppURL + `user2/autolink-repo"},"Image":"sha256:9bd8b88dc68b80cffe126cc820e4b52c6e558eb3b37680bfee8e5f3ed7b8c257"},"container":"b89fe92a887d55c0961f02bdfbfd8ac3ddf66167db374770d2d9e9fab3311510","container_config":{"Hostname":"b89fe92a887d","Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh","-c","#(nop) ","CMD [\"/true\"]"],"ArgsEscaped":true,"Image":"sha256:9bd8b88dc68b80cffe126cc820e4b52c6e558eb3b37680bfee8e5f3ed7b8c257"},"created":"2022-01-01T00:00:00.000000000Z","docker_version":"20.10.12","history":[{"created":"2022-01-01T00:00:00.000000000Z","created_by":"/bin/sh -c #(nop) COPY file:0e7589b0c800daaf6fa460d2677101e4676dd9491980210cb345480e513f3602 in /true "},{"created":"2022-01-01T00:00:00.000000001Z","created_by":"/bin/sh -c #(nop)  CMD [\"/true\"]","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:0ff3b91bdf21ecdf2f2f3d4372c2098a14dbe06cd678e8f0a85fd4902d00e2e2"]}}`
+			configWithOpenContainersSourceLabelDigest := "sha256:" + sha256Hash(configWithOpenContainersSourceLabelContent)
+			manifestWithOpenContainersSourceLabelContent := `{"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"mediaType":"application/vnd.docker.container.image.v1+json","digest":"` + configWithOpenContainersSourceLabelDigest + `","size":` + strconv.Itoa(len(configWithOpenContainersSourceLabelContent)) + `},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"` + blobDigest + `","size":32}]}`
+
+			req := NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlNonexistingRepo2, blobDigest), bytes.NewReader(blobContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlNonexistingRepo2, configWithOpenContainersSourceLabelDigest), strings.NewReader(configWithOpenContainersSourceLabelContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", urlNonexistingRepo2, "v1"), strings.NewReader(manifestWithOpenContainersSourceLabelContent)).
+				AddTokenAuth(userToken).
+				SetHeader("Content-Type", "application/vnd.docker.distribution.manifest.v2+json")
+			MakeRequest(t, req, http.StatusCreated)
+
+			p, err := packages_model.GetPackageByName(t.Context(), user.ID, packages_model.TypeContainer, nameNonexistingRepo2)
+			require.NoError(t, err)
+			require.Equal(t, nameNonexistingRepo2, p.Name) // just to make sure we have grabbed the correct package
+			assert.Equal(t, repo.ID, p.RepoID)
+		})
+
+		t.Run("PushWithAnnotation", func(t *testing.T) {
+			// Pushes to non-existing path but tries to link using a push annotation in the manifest.
+
+			// same as configContent, but with the added annotation directly within the manifest: "org.opencontainers.image.source": "{AppURL}/user2/autolink-repo"
+			manifestWithOpenContainersSourceAnnotationContent := `{"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"mediaType":"application/vnd.docker.container.image.v1+json","digest":"` + configDigest + `","size":` + strconv.Itoa(len(configContent)) + `},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"` + blobDigest + `","size":32}],"annotations":{"org.opencontainers.image.source":"` + setting.AppURL + `user2/autolink-repo"}}`
+
+			req := NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlNonexistingRepo3, blobDigest), bytes.NewReader(blobContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlNonexistingRepo3, configDigest), strings.NewReader(configContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", urlNonexistingRepo3, "v1"), strings.NewReader(manifestWithOpenContainersSourceAnnotationContent)).
+				AddTokenAuth(userToken).
+				SetHeader("Content-Type", "application/vnd.docker.distribution.manifest.v2+json")
+			MakeRequest(t, req, http.StatusCreated)
+
+			p, err := packages_model.GetPackageByName(t.Context(), user.ID, packages_model.TypeContainer, nameNonexistingRepo3)
+			require.NoError(t, err)
+			require.Equal(t, nameNonexistingRepo3, p.Name) // just to make sure we have grabbed the correct package
+			assert.Equal(t, repo.ID, p.RepoID)
+		})
+
+		t.Run("PushWithAnnotationNoPermissions", func(t *testing.T) {
+			// This tests pushes a manifest as user2, but tries to link to an existing repo of user31.
+			// This should fail silently with the created package not automatically getting linked.
+
+			// same as configContent above (also uses blob[Digest/Content]), but with an added annotation to auto-link to a repo of the private user: "org.opencontainers.image.source": "{AppURL}/user31/autolink-repo"
+			manifestWithOpenContainersSourceAnnotationPrivateUserContent := `{"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"mediaType":"application/vnd.docker.container.image.v1+json","digest":"` + configDigest + `","size":` + strconv.Itoa(len(configContent)) + `},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"` + blobDigest + `","size":32}],"annotations":{"org.opencontainers.image.source":"` + setting.AppURL + `user31/autolink-repo"}}`
+
+			req := NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlNonexistingRepo4, blobDigest), bytes.NewReader(blobContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", urlNonexistingRepo4, configDigest), strings.NewReader(configContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+			req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/%s", urlNonexistingRepo4, "v1"), strings.NewReader(manifestWithOpenContainersSourceAnnotationPrivateUserContent)).
+				AddTokenAuth(userToken).
+				SetHeader("Content-Type", "application/vnd.docker.distribution.manifest.v2+json")
+			MakeRequest(t, req, http.StatusCreated) // wrongly annotated pushes still get pushed, but not auto linked
+
+			p, err := packages_model.GetPackageByName(t.Context(), user.ID, packages_model.TypeContainer, nameNonexistingRepo4)
+			require.NoError(t, err)
+			require.Equal(t, nameNonexistingRepo4, p.Name) // just to make sure we have grabbed the correct package
+			assert.Equal(t, int64(0), p.RepoID)            // ensure not linked
+		})
+	})
+}
+
+func createTestRepositoryWithPackageRegistry(t *testing.T, user *user_model.User, name string) *repo_model.Repository {
+	ctx := NewAPITestContext(t, user.Name, name, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+	t.Run("CreateRepo", doAPICreateRepository(ctx, nil, git.Sha1ObjectFormat, func(t *testing.T, r api.Repository) {
+		require.True(t, r.HasPackages)
+	}))
+
+	repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, name)
+	require.NoError(t, err)
+
+	return repo
+}
+
+func sha256Hash(in string) string {
+	sum := sha256.Sum256([]byte(in))
+	return hex.EncodeToString(sum[:])
 }

From 055973ce8c270f5cf51192b8ce98585d7281cd66 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Mon, 12 Jan 2026 10:53:40 +0100
Subject: [PATCH 138/854] fix: correctly compute required commit status
 (#10747)

We need to take all matching required status into account to get the desired status because there can be some pending.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10747
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 services/pull/commit_status.go      | 7 +++++--
 services/pull/commit_status_test.go | 8 +++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/services/pull/commit_status.go b/services/pull/commit_status.go
index 0a95ea1152..4821e2cceb 100644
--- a/services/pull/commit_status.go
+++ b/services/pull/commit_status.go
@@ -39,9 +39,12 @@ func MergeRequiredContextsCommitStatus(commitStatuses []*git_model.CommitStatus,
 			var targetStatus structs.CommitStatusState
 			for _, commitStatus := range commitStatuses {
 				if gp.Match(commitStatus.Context) {
-					targetStatus = commitStatus.State
+					if targetStatus == "" {
+						targetStatus = commitStatus.State
+					} else if commitStatus.State.NoBetterThan(targetStatus) {
+						targetStatus = commitStatus.State
+					}
 					matchedCount++
-					break
 				}
 			}
 
diff --git a/services/pull/commit_status_test.go b/services/pull/commit_status_test.go
index 593c88fb19..39fe587e74 100644
--- a/services/pull/commit_status_test.go
+++ b/services/pull/commit_status_test.go
@@ -22,8 +22,8 @@ func TestMergeRequiredContextsCommitStatus(t *testing.T) {
 		},
 		{
 			{Context: "Build 1", State: structs.CommitStatusSuccess},
-			{Context: "Build 2", State: structs.CommitStatusSuccess},
-			{Context: "Build 2t", State: structs.CommitStatusPending},
+			{Context: "Build 2", State: structs.CommitStatusPending},
+			{Context: "Build 2t", State: structs.CommitStatusSuccess},
 		},
 		{
 			{Context: "Build 1", State: structs.CommitStatusSuccess},
@@ -58,8 +58,6 @@ func TestMergeRequiredContextsCommitStatus(t *testing.T) {
 	}
 
 	for i, commitStatuses := range testCases {
-		if MergeRequiredContextsCommitStatus(commitStatuses, testCasesRequiredContexts[i]) != testCasesExpected[i] {
-			assert.Fail(t, "Test case failed", "Test case %d failed", i+1)
-		}
+		assert.Equal(t, testCasesExpected[i], MergeRequiredContextsCommitStatus(commitStatuses, testCasesRequiredContexts[i]), "Test case %d failed", i+1)
 	}
 }

From a4ac945e21a7d6e76304bb8b784de905e3f5c23e Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 12 Jan 2026 13:34:09 +0100
Subject: [PATCH 139/854] Update renovate to v42.78.1 (forgejo) (#10784)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 940cad9ab1..10ce3c8921 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:42.71.0
+      image: data.forgejo.org/renovate/renovate:42.78.2
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index 6b8337ce02..7a4f235c1f 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.40.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@42.71.0 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@42.78.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From 358e04a6a97efe7131ceeb6ccbacfc3e361f5c59 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 12 Jan 2026 17:50:51 +0100
Subject: [PATCH 140/854] Lock file maintenance (forgejo) (#10785)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43MS4wIiwidXBkYXRlZEluVmVyIjoiNDIuNzEuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10785
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json                  | 368 ++++++++++++++++-------------
 web_src/fomantic/package-lock.json |  18 +-
 2 files changed, 217 insertions(+), 169 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 09c1b1314b..086c54df44 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -814,9 +814,9 @@
       }
     },
     "node_modules/@csstools/css-syntax-patches-for-csstree": {
-      "version": "1.0.22",
-      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.0.22.tgz",
-      "integrity": "sha512-qBcx6zYlhleiFfdtzkRgwNC7VVoAwfK76Vmsw5t+PbvtdknO9StgRk7ROvq9so1iqbdW4uLIDAsXRsTfUrIoOw==",
+      "version": "1.0.25",
+      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.0.25.tgz",
+      "integrity": "sha512-g0Kw9W3vjx5BEBAF8c5Fm2NcB/Fs8jJXh85aXqwEXiL+tqtOut07TWgyaGzAAfTM+gKckrrncyeGEZPcaRgm2Q==",
       "dev": true,
       "funding": [
         {
@@ -943,9 +943,9 @@
       }
     },
     "node_modules/@emnapi/core": {
-      "version": "1.7.1",
-      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.7.1.tgz",
-      "integrity": "sha512-o1uhUASyo921r2XtHYOHy7gdkGLge8ghBEQHMWmyJFoXlpU58kIrhhN3w26lpQb6dspetweapMn2CSNwQ8I4wg==",
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.8.1.tgz",
+      "integrity": "sha512-AvT9QFpxK0Zd8J0jopedNm+w/2fIzvtPKPjqyw9jwvBaReTTqPBk9Hixaz7KbjimP+QNz605/XnjFcDAL2pqBg==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -955,9 +955,9 @@
       }
     },
     "node_modules/@emnapi/runtime": {
-      "version": "1.7.1",
-      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.7.1.tgz",
-      "integrity": "sha512-PVtJr5CmLwYAU9PZDMITZoR5iAOShYREoR45EyyLrbntV50mdePTgUn4AmOw90Ifcj+x2kRjdzr1HP3RrNiHGA==",
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.8.1.tgz",
+      "integrity": "sha512-mehfKSMWjjNol8659Z8KxEMrdSJDDot5SXMq00dM8BN4o+CLNXQ0xH2V7EchNHV4RmbZLmmPdEaXZc5H2FXmDg==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -1413,9 +1413,9 @@
       }
     },
     "node_modules/@eslint-community/eslint-utils": {
-      "version": "4.9.0",
-      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.0.tgz",
-      "integrity": "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g==",
+      "version": "4.9.1",
+      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.1.tgz",
+      "integrity": "sha512-phrYmNiYppR7znFEdqgfWHXR6NCkZEK7hwWDHZUjit/2/U0r6XvkDl0SYnoM51Hq7FhCGdLDT6zxCCOY1hexsQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2450,9 +2450,9 @@
       "license": "MIT"
     },
     "node_modules/@lezer/cpp": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/@lezer/cpp/-/cpp-1.1.4.tgz",
-      "integrity": "sha512-aYSdZyUueeTgnfXQntiGUqKNW5WujlAsIbbHzkfJDneSZoyjPg8ObmWG3bzDPVYMC/Kf4l43WJLCunPnYFfQ0g==",
+      "version": "1.1.5",
+      "resolved": "https://registry.npmjs.org/@lezer/cpp/-/cpp-1.1.5.tgz",
+      "integrity": "sha512-DIhSXmYtJKLehrjzDFN+2cPt547ySQ41nA8yqcDf/GxMc+YM736xqltFkvADL2M0VebU5I+3+4ks2Vv+Kyq3Aw==",
       "license": "MIT",
       "dependencies": {
         "@lezer/common": "^1.2.0",
@@ -2492,9 +2492,9 @@
       }
     },
     "node_modules/@lezer/html": {
-      "version": "1.3.12",
-      "resolved": "https://registry.npmjs.org/@lezer/html/-/html-1.3.12.tgz",
-      "integrity": "sha512-RJ7eRWdaJe3bsiiLLHjCFT1JMk8m1YP9kaUbvu2rMLEoOnke9mcTVDyfOslsln0LtujdWespjJ39w6zo+RsQYw==",
+      "version": "1.3.13",
+      "resolved": "https://registry.npmjs.org/@lezer/html/-/html-1.3.13.tgz",
+      "integrity": "sha512-oI7n6NJml729m7pjm9lvLvmXbdoMoi2f+1pwSDJkl9d68zGr7a9Btz8NdHTGQZtW2DA25ybeuv/SyDb9D5tseg==",
       "license": "MIT",
       "dependencies": {
         "@lezer/common": "^1.2.0",
@@ -2536,21 +2536,21 @@
       }
     },
     "node_modules/@lezer/lr": {
-      "version": "1.4.5",
-      "resolved": "https://registry.npmjs.org/@lezer/lr/-/lr-1.4.5.tgz",
-      "integrity": "sha512-/YTRKP5yPPSo1xImYQk7AZZMAgap0kegzqCSYHjAL9x1AZ0ZQW+IpcEzMKagCsbTsLnVeWkxYrCNeXG8xEPrjg==",
+      "version": "1.4.7",
+      "resolved": "https://registry.npmjs.org/@lezer/lr/-/lr-1.4.7.tgz",
+      "integrity": "sha512-wNIFWdSUfX9Jc6ePMzxSPVgTVB4EOfDIwLQLWASyiUdHKaMsiilj9bYiGkGQCKVodd0x6bgQCV207PILGFCF9Q==",
       "license": "MIT",
       "dependencies": {
         "@lezer/common": "^1.0.0"
       }
     },
     "node_modules/@lezer/markdown": {
-      "version": "1.6.1",
-      "resolved": "https://registry.npmjs.org/@lezer/markdown/-/markdown-1.6.1.tgz",
-      "integrity": "sha512-72ah+Sml7lD8Wn7lnz9vwYmZBo9aQT+I2gjK/0epI+gjdwUbWw3MJ/ZBGEqG1UfrIauRqH37/c5mVHXeCTGXtA==",
+      "version": "1.6.3",
+      "resolved": "https://registry.npmjs.org/@lezer/markdown/-/markdown-1.6.3.tgz",
+      "integrity": "sha512-jpGm5Ps+XErS+xA4urw7ogEGkeZOahVQF21Z6oECF0sj+2liwZopd2+I8uH5I/vZsRuuze3OxBREIANLf6KKUw==",
       "license": "MIT",
       "dependencies": {
-        "@lezer/common": "^1.0.0",
+        "@lezer/common": "^1.5.0",
         "@lezer/highlight": "^1.0.0"
       }
     },
@@ -2621,9 +2621,9 @@
       }
     },
     "node_modules/@lit-labs/ssr-dom-shim": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/@lit-labs/ssr-dom-shim/-/ssr-dom-shim-1.5.0.tgz",
-      "integrity": "sha512-HLomZXMmrCFHSRKESF5vklAKsDY7/fsT/ZhqCu3V0UoW/Qbv8wxmO4W9bx4KnCCF2Zak4yuk+AGraK/bPmI4kA==",
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/@lit-labs/ssr-dom-shim/-/ssr-dom-shim-1.5.1.tgz",
+      "integrity": "sha512-Aou5UdlSpr5whQe8AA/bZG0jMj96CoJIWbGfZ91qieWu5AWUMKw8VR/pAkQkJYvBNhmCcWnZlyyk5oze8JIqYA==",
       "license": "BSD-3-Clause"
     },
     "node_modules/@lit/reactive-element": {
@@ -2882,9 +2882,9 @@
       "license": "MIT"
     },
     "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.54.0.tgz",
-      "integrity": "sha512-OywsdRHrFvCdvsewAInDKCNyR3laPA2mc9bRYJ6LBp5IyvF3fvXbbNR0bSzHlZVFtn6E0xw2oZlyjg4rKCVcng==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.55.1.tgz",
+      "integrity": "sha512-9R0DM/ykwfGIlNu6+2U09ga0WXeZ9MRC2Ter8jnz8415VbuIykVuc6bhdrbORFZANDmTDvq26mJrEVTl8TdnDg==",
       "cpu": [
         "arm"
       ],
@@ -2896,9 +2896,9 @@
       ]
     },
     "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.54.0.tgz",
-      "integrity": "sha512-Skx39Uv+u7H224Af+bDgNinitlmHyQX1K/atIA32JP3JQw6hVODX5tkbi2zof/E69M1qH2UoN3Xdxgs90mmNYw==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.55.1.tgz",
+      "integrity": "sha512-eFZCb1YUqhTysgW3sj/55du5cG57S7UTNtdMjCW7LwVcj3dTTcowCsC8p7uBdzKsZYa8J7IDE8lhMI+HX1vQvg==",
       "cpu": [
         "arm64"
       ],
@@ -2910,9 +2910,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.54.0.tgz",
-      "integrity": "sha512-k43D4qta/+6Fq+nCDhhv9yP2HdeKeP56QrUUTW7E6PhZP1US6NDqpJj4MY0jBHlJivVJD5P8NxrjuobZBJTCRw==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.55.1.tgz",
+      "integrity": "sha512-p3grE2PHcQm2e8PSGZdzIhCKbMCw/xi9XvMPErPhwO17vxtvCN5FEA2mSLgmKlCjHGMQTP6phuQTYWUnKewwGg==",
       "cpu": [
         "arm64"
       ],
@@ -2924,9 +2924,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.54.0.tgz",
-      "integrity": "sha512-cOo7biqwkpawslEfox5Vs8/qj83M/aZCSSNIWpVzfU2CYHa2G3P1UN5WF01RdTHSgCkri7XOlTdtk17BezlV3A==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.55.1.tgz",
+      "integrity": "sha512-rDUjG25C9qoTm+e02Esi+aqTKSBYwVTaoS1wxcN47/Luqef57Vgp96xNANwt5npq9GDxsH7kXxNkJVEsWEOEaQ==",
       "cpu": [
         "x64"
       ],
@@ -2938,9 +2938,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-arm64": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.54.0.tgz",
-      "integrity": "sha512-miSvuFkmvFbgJ1BevMa4CPCFt5MPGw094knM64W9I0giUIMMmRYcGW/JWZDriaw/k1kOBtsWh1z6nIFV1vPNtA==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.55.1.tgz",
+      "integrity": "sha512-+JiU7Jbp5cdxekIgdte0jfcu5oqw4GCKr6i3PJTlXTCU5H5Fvtkpbs4XJHRmWNXF+hKmn4v7ogI5OQPaupJgOg==",
       "cpu": [
         "arm64"
       ],
@@ -2952,9 +2952,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-x64": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.54.0.tgz",
-      "integrity": "sha512-KGXIs55+b/ZfZsq9aR026tmr/+7tq6VG6MsnrvF4H8VhwflTIuYh+LFUlIsRdQSgrgmtM3fVATzEAj4hBQlaqQ==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.55.1.tgz",
+      "integrity": "sha512-V5xC1tOVWtLLmr3YUk2f6EJK4qksksOYiz/TCsFHu/R+woubcLWdC9nZQmwjOAbmExBIVKsm1/wKmEy4z4u4Bw==",
       "cpu": [
         "x64"
       ],
@@ -2966,9 +2966,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.54.0.tgz",
-      "integrity": "sha512-EHMUcDwhtdRGlXZsGSIuXSYwD5kOT9NVnx9sqzYiwAc91wfYOE1g1djOEDseZJKKqtHAHGwnGPQu3kytmfaXLQ==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.55.1.tgz",
+      "integrity": "sha512-Rn3n+FUk2J5VWx+ywrG/HGPTD9jXNbicRtTM11e/uorplArnXZYsVifnPPqNNP5BsO3roI4n8332ukpY/zN7rQ==",
       "cpu": [
         "arm"
       ],
@@ -2980,9 +2980,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.54.0.tgz",
-      "integrity": "sha512-+pBrqEjaakN2ySv5RVrj/qLytYhPKEUwk+e3SFU5jTLHIcAtqh2rLrd/OkbNuHJpsBgxsD8ccJt5ga/SeG0JmA==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.55.1.tgz",
+      "integrity": "sha512-grPNWydeKtc1aEdrJDWk4opD7nFtQbMmV7769hiAaYyUKCT1faPRm2av8CX1YJsZ4TLAZcg9gTR1KvEzoLjXkg==",
       "cpu": [
         "arm"
       ],
@@ -2994,9 +2994,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.54.0.tgz",
-      "integrity": "sha512-NSqc7rE9wuUaRBsBp5ckQ5CVz5aIRKCwsoa6WMF7G01sX3/qHUw/z4pv+D+ahL1EIKy6Enpcnz1RY8pf7bjwng==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.55.1.tgz",
+      "integrity": "sha512-a59mwd1k6x8tXKcUxSyISiquLwB5pX+fJW9TkWU46lCqD/GRDe9uDN31jrMmVP3feI3mhAdvcCClhV8V5MhJFQ==",
       "cpu": [
         "arm64"
       ],
@@ -3008,9 +3008,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.54.0.tgz",
-      "integrity": "sha512-gr5vDbg3Bakga5kbdpqx81m2n9IX8M6gIMlQQIXiLTNeQW6CucvuInJ91EuCJ/JYvc+rcLLsDFcfAD1K7fMofg==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.55.1.tgz",
+      "integrity": "sha512-puS1MEgWX5GsHSoiAsF0TYrpomdvkaXm0CofIMG5uVkP6IBV+ZO9xhC5YEN49nsgYo1DuuMquF9+7EDBVYu4uA==",
       "cpu": [
         "arm64"
       ],
@@ -3022,9 +3022,23 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-loong64-gnu": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.54.0.tgz",
-      "integrity": "sha512-gsrtB1NA3ZYj2vq0Rzkylo9ylCtW/PhpLEivlgWe0bpgtX5+9j9EZa0wtZiCjgu6zmSeZWyI/e2YRX1URozpIw==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.55.1.tgz",
+      "integrity": "sha512-r3Wv40in+lTsULSb6nnoudVbARdOwb2u5fpeoOAZjFLznp6tDU8kd+GTHmJoqZ9lt6/Sys33KdIHUaQihFcu7g==",
+      "cpu": [
+        "loong64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-loong64-musl": {
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.55.1.tgz",
+      "integrity": "sha512-MR8c0+UxAlB22Fq4R+aQSPBayvYa3+9DrwG/i1TKQXFYEaoW3B5b/rkSRIypcZDdWjWnpcvxbNaAJDcSbJU3Lw==",
       "cpu": [
         "loong64"
       ],
@@ -3036,9 +3050,23 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-ppc64-gnu": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.54.0.tgz",
-      "integrity": "sha512-y3qNOfTBStmFNq+t4s7Tmc9hW2ENtPg8FeUD/VShI7rKxNW7O4fFeaYbMsd3tpFlIg1Q8IapFgy7Q9i2BqeBvA==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.55.1.tgz",
+      "integrity": "sha512-3KhoECe1BRlSYpMTeVrD4sh2Pw2xgt4jzNSZIIPLFEsnQn9gAnZagW9+VqDqAHgm1Xc77LzJOo2LdigS5qZ+gw==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ]
+    },
+    "node_modules/@rollup/rollup-linux-ppc64-musl": {
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.55.1.tgz",
+      "integrity": "sha512-ziR1OuZx0vdYZZ30vueNZTg73alF59DicYrPViG0NEgDVN8/Jl87zkAPu4u6VjZST2llgEUjaiNl9JM6HH1Vdw==",
       "cpu": [
         "ppc64"
       ],
@@ -3050,9 +3078,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.54.0.tgz",
-      "integrity": "sha512-89sepv7h2lIVPsFma8iwmccN7Yjjtgz0Rj/Ou6fEqg3HDhpCa+Et+YSufy27i6b0Wav69Qv4WBNl3Rs6pwhebQ==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.55.1.tgz",
+      "integrity": "sha512-uW0Y12ih2XJRERZ4jAfKamTyIHVMPQnTZcQjme2HMVDAHY4amf5u414OqNYC+x+LzRdRcnIG1YodLrrtA8xsxw==",
       "cpu": [
         "riscv64"
       ],
@@ -3064,9 +3092,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-musl": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.54.0.tgz",
-      "integrity": "sha512-ZcU77ieh0M2Q8Ur7D5X7KvK+UxbXeDHwiOt/CPSBTI1fBmeDMivW0dPkdqkT4rOgDjrDDBUed9x4EgraIKoR2A==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.55.1.tgz",
+      "integrity": "sha512-u9yZ0jUkOED1BFrqu3BwMQoixvGHGZ+JhJNkNKY/hyoEgOwlqKb62qu+7UjbPSHYjiVy8kKJHvXKv5coH4wDeg==",
       "cpu": [
         "riscv64"
       ],
@@ -3078,9 +3106,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.54.0.tgz",
-      "integrity": "sha512-2AdWy5RdDF5+4YfG/YesGDDtbyJlC9LHmL6rZw6FurBJ5n4vFGupsOBGfwMRjBYH7qRQowT8D/U4LoSvVwOhSQ==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.55.1.tgz",
+      "integrity": "sha512-/0PenBCmqM4ZUd0190j7J0UsQ/1nsi735iPRakO8iPciE7BQ495Y6msPzaOmvx0/pn+eJVVlZrNrSh4WSYLxNg==",
       "cpu": [
         "s390x"
       ],
@@ -3092,9 +3120,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.54.0.tgz",
-      "integrity": "sha512-WGt5J8Ij/rvyqpFexxk3ffKqqbLf9AqrTBbWDk7ApGUzaIs6V+s2s84kAxklFwmMF/vBNGrVdYgbblCOFFezMQ==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.55.1.tgz",
+      "integrity": "sha512-a8G4wiQxQG2BAvo+gU6XrReRRqj+pLS2NGXKm8io19goR+K8lw269eTrPkSdDTALwMmJp4th2Uh0D8J9bEV1vg==",
       "cpu": [
         "x64"
       ],
@@ -3106,9 +3134,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.54.0.tgz",
-      "integrity": "sha512-JzQmb38ATzHjxlPHuTH6tE7ojnMKM2kYNzt44LO/jJi8BpceEC8QuXYA908n8r3CNuG/B3BV8VR3Hi1rYtmPiw==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.55.1.tgz",
+      "integrity": "sha512-bD+zjpFrMpP/hqkfEcnjXWHMw5BIghGisOKPj+2NaNDuVT+8Ds4mPf3XcPHuat1tz89WRL+1wbcxKY3WSbiT7w==",
       "cpu": [
         "x64"
       ],
@@ -3119,10 +3147,24 @@
         "linux"
       ]
     },
+    "node_modules/@rollup/rollup-openbsd-x64": {
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.55.1.tgz",
+      "integrity": "sha512-eLXw0dOiqE4QmvikfQ6yjgkg/xDM+MdU9YJuP4ySTibXU0oAvnEWXt7UDJmD4UkYialMfOGFPJnIHSe/kdzPxg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openbsd"
+      ]
+    },
     "node_modules/@rollup/rollup-openharmony-arm64": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.54.0.tgz",
-      "integrity": "sha512-huT3fd0iC7jigGh7n3q/+lfPcXxBi+om/Rs3yiFxjvSxbSB6aohDFXbWvlspaqjeOh+hx7DDHS+5Es5qRkWkZg==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.55.1.tgz",
+      "integrity": "sha512-xzm44KgEP11te3S2HCSyYf5zIzWmx3n8HDCc7EE59+lTcswEWNpvMLfd9uJvVX8LCg9QWG67Xt75AuHn4vgsXw==",
       "cpu": [
         "arm64"
       ],
@@ -3134,9 +3176,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.54.0.tgz",
-      "integrity": "sha512-c2V0W1bsKIKfbLMBu/WGBz6Yci8nJ/ZJdheE0EwB73N3MvHYKiKGs3mVilX4Gs70eGeDaMqEob25Tw2Gb9Nqyw==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.55.1.tgz",
+      "integrity": "sha512-yR6Bl3tMC/gBok5cz/Qi0xYnVbIxGx5Fcf/ca0eB6/6JwOY+SRUcJfI0OpeTpPls7f194as62thCt/2BjxYN8g==",
       "cpu": [
         "arm64"
       ],
@@ -3148,9 +3190,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.54.0.tgz",
-      "integrity": "sha512-woEHgqQqDCkAzrDhvDipnSirm5vxUXtSKDYTVpZG3nUdW/VVB5VdCYA2iReSj/u3yCZzXID4kuKG7OynPnB3WQ==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.55.1.tgz",
+      "integrity": "sha512-3fZBidchE0eY0oFZBnekYCfg+5wAB0mbpCBuofh5mZuzIU/4jIVkbESmd2dOsFNS78b53CYv3OAtwqkZZmU5nA==",
       "cpu": [
         "ia32"
       ],
@@ -3162,9 +3204,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-gnu": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.54.0.tgz",
-      "integrity": "sha512-dzAc53LOuFvHwbCEOS0rPbXp6SIhAf2txMP5p6mGyOXXw5mWY8NGGbPMPrs4P1WItkfApDathBj/NzMLUZ9rtQ==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.55.1.tgz",
+      "integrity": "sha512-xGGY5pXj69IxKb4yv/POoocPy/qmEGhimy/FoTpTSVju3FYXUQQMFCaZZXJVidsmGxRioZAwpThl/4zX41gRKg==",
       "cpu": [
         "x64"
       ],
@@ -3176,9 +3218,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.54.0.tgz",
-      "integrity": "sha512-hYT5d3YNdSh3mbCU1gwQyPgQd3T2ne0A3KG8KSBdav5TiBg6eInVmV+TeR5uHufiIgSFg0XsOWGW5/RhNcSvPg==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.55.1.tgz",
+      "integrity": "sha512-SPEpaL6DX4rmcXtnhdrQYgzQ5W2uW3SCJch88lB2zImhJRhIIK44fkUrgIV/Q8yUNfw5oyZ5vkeQsZLhCb06lw==",
       "cpu": [
         "x64"
       ],
@@ -4041,9 +4083,9 @@
       "license": "MIT"
     },
     "node_modules/@types/d3-shape": {
-      "version": "3.1.7",
-      "resolved": "https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.7.tgz",
-      "integrity": "sha512-VLvUQ33C+3J+8p+Daf+nYSOsjB4GXp19/S/aGo60m9h1v6XaxjiT82lKVWJCfzhtuZ3yD7i/TPeC/fuKLLOSmg==",
+      "version": "3.1.8",
+      "resolved": "https://registry.npmjs.org/@types/d3-shape/-/d3-shape-3.1.8.tgz",
+      "integrity": "sha512-lae0iWfcDeR7qt7rA88BNiqdvPS5pFVPpo5OfjElwNaT2yyekbM0C9vK+yqBqEmHr6lDkRnYNoTBYlAgJa7a4w==",
       "license": "MIT",
       "dependencies": {
         "@types/d3-path": "*"
@@ -4158,9 +4200,9 @@
       "license": "MIT"
     },
     "node_modules/@types/katex": {
-      "version": "0.16.7",
-      "resolved": "https://registry.npmjs.org/@types/katex/-/katex-0.16.7.tgz",
-      "integrity": "sha512-HMwFiRujE5PjrgwHQ25+bsLJgowjGjm5Z8FVSf0N6PwgJrwxH0QxzHYDcKsTfV3wva0vzrpqMTJS2jXPr5BMEQ==",
+      "version": "0.16.8",
+      "resolved": "https://registry.npmjs.org/@types/katex/-/katex-0.16.8.tgz",
+      "integrity": "sha512-trgaNyfU+Xh2Tc+ABIb44a5AYUpicB3uwirOioeOkNPPbmgRNtcWyDeeFRzjPZENO9Vq8gvVqfhaaXWLlevVwg==",
       "dev": true,
       "license": "MIT"
     },
@@ -4185,9 +4227,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "20.19.27",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.27.tgz",
-      "integrity": "sha512-N2clP5pJhB2YnZJ3PIHFk5RkygRX5WO/5f0WC08tp0wd+sv0rsJk3MqWn3CbNmT2J505a5336jaQj4ph1AdMug==",
+      "version": "20.19.28",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.28.tgz",
+      "integrity": "sha512-VyKBr25BuFDzBFCK5sUM6ZXiWfqgCTwTAOK8qzGV/m9FCirXYDlmczJ+d5dXBAQALGCdRRdbteKYfJ84NGEusw==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~6.21.0"
@@ -5713,9 +5755,9 @@
       }
     },
     "node_modules/axe-core": {
-      "version": "4.11.0",
-      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.11.0.tgz",
-      "integrity": "sha512-ilYanEU8vxxBexpJd8cWM4ElSQq4QctCLKih0TSfjIfCQTeyH/6zVrmIJfLPrKTKJRbiG+cfnZbQIjAlJmF1jQ==",
+      "version": "4.11.1",
+      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.11.1.tgz",
+      "integrity": "sha512-BASOg+YwO2C+346x3LZOeoovTIoTrRqEsqMa6fmfAV0P+U9mFr9NsyOEpiYvFjbc64NMrSswhV50WdXzdb/Z5A==",
       "dev": true,
       "license": "MPL-2.0",
       "engines": {
@@ -5750,9 +5792,9 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.9.11",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.11.tgz",
-      "integrity": "sha512-Sg0xJUNDU1sJNGdfGWhVHX0kkZ+HWcvmVymJbj6NSgZZmW/8S9Y2HQ5euytnIgakgxN6papOAWiwDo1ctFDcoQ==",
+      "version": "2.9.14",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.14.tgz",
+      "integrity": "sha512-B0xUquLkiGLgHhpPBqvl7GWegWBUNuujQ6kXd/r1U38ElPT6Ok8KZ8e+FpUGEc2ZoRQUzq/aUnaKFc/svWUGSg==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.js"
@@ -6003,9 +6045,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001761",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001761.tgz",
-      "integrity": "sha512-JF9ptu1vP2coz98+5051jZ4PwQgd2ni8A+gYSN7EA7dPKIMf0pDlSUxhdmVOaV3/fYK5uWBkgSXJaRLr4+3A6g==",
+      "version": "1.0.30001764",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001764.tgz",
+      "integrity": "sha512-9JGuzl2M+vPL+pz70gtMF9sHdMFbY9FJaQBi186cHKH3pSzDvzoUJUPV6fqiKIMyXbud9ZLg4F3Yza1vJ1+93g==",
       "funding": [
         {
           "type": "opencollective",
@@ -8457,9 +8499,9 @@
       }
     },
     "node_modules/esquery": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.6.0.tgz",
-      "integrity": "sha512-ca9pw9fomFcKPvFLXhBKUK90ZvGibiGOvRJNbjljY7s7uq/5YO4BOzcYtJqExdx99rF6aAcnRxHmcUHcz6sQsg==",
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.7.0.tgz",
+      "integrity": "sha512-Ap6G0WQwcU/LHsvLwON1fAQX9Zp0A2Y6Y/cJBl9r/JbW90Zyg4/zbG6zzKa2OTALELarYHmKu0GhpM5EO+7T0g==",
       "dev": true,
       "license": "BSD-3-Clause",
       "dependencies": {
@@ -9272,13 +9314,13 @@
       "license": "MIT"
     },
     "node_modules/hashery": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/hashery/-/hashery-1.3.0.tgz",
-      "integrity": "sha512-fWltioiy5zsSAs9ouEnvhsVJeAXRybGCNNv0lvzpzNOSDbULXRy7ivFWwCCv4I5Am6kSo75hmbsCduOoc2/K4w==",
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/hashery/-/hashery-1.4.0.tgz",
+      "integrity": "sha512-Wn2i1In6XFxl8Az55kkgnFRiAlIAushzh26PTjL2AKtQcEfXrcLa7Hn5QOWGZEf3LU057P9TwwZjFyxfS1VuvQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "hookified": "^1.13.0"
+        "hookified": "^1.14.0"
       },
       "engines": {
         "node": ">=20"
@@ -9297,9 +9339,9 @@
       }
     },
     "node_modules/hookified": {
-      "version": "1.14.0",
-      "resolved": "https://registry.npmjs.org/hookified/-/hookified-1.14.0.tgz",
-      "integrity": "sha512-pi1ynXIMFx/uIIwpWJ/5CEtOHLGtnUB0WhGeeYT+fKcQ+WCQbm3/rrkAXnpfph++PgepNqPdTC2WTj8A6k6zoQ==",
+      "version": "1.15.0",
+      "resolved": "https://registry.npmjs.org/hookified/-/hookified-1.15.0.tgz",
+      "integrity": "sha512-51w+ZZGt7Zw5q7rM3nC4t3aLn/xvKDETsXqMczndvwyVQhAHfUmUuFBRFcos8Iyebtk7OAE9dL26wFNzZVVOkw==",
       "dev": true,
       "license": "MIT"
     },
@@ -14604,11 +14646,14 @@
       }
     },
     "node_modules/svgo/node_modules/sax": {
-      "version": "1.4.3",
-      "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.3.tgz",
-      "integrity": "sha512-yqYn1JhPczigF94DMS+shiDMjDowYO6y9+wB/4WgO0Y19jWYk0lQ4tuG5KI7kj4FTp1wxPj5IFfcrz/s1c3jjQ==",
+      "version": "1.4.4",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.4.tgz",
+      "integrity": "sha512-1n3r/tGXO6b6VXMdFT54SHzT9ytu9yr7TaELowdYpMqY/Ao7EnlQGmAQ1+RatX7Tkkdm6hONI2owqNx2aZj5Sw==",
       "dev": true,
-      "license": "BlueOak-1.0.0"
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": ">=11.0.0"
+      }
     },
     "node_modules/swagger-ui-dist": {
       "version": "5.31.0",
@@ -14981,9 +15026,9 @@
       "license": "MIT"
     },
     "node_modules/ts-api-utils": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.3.0.tgz",
-      "integrity": "sha512-6eg3Y9SF7SsAvGzRHQvvc1skDAhwI4YQ32ui1scxD1Ccr0G5qIIbUBT3pFTKX8kmWIQClHobtUdNuaBgwdfdWg==",
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.4.0.tgz",
+      "integrity": "sha512-3TaVTaAv2gTiMB35i3FiGJaRfwb3Pyn/j3m/bfAvGe8FB7CF6u+LMYqYlDh7reQf7UNvoTvdfAqHGmPGOSsPmA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -15159,9 +15204,9 @@
       "license": "MIT"
     },
     "node_modules/ufo": {
-      "version": "1.6.1",
-      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.1.tgz",
-      "integrity": "sha512-9a4/uxlTWJ4+a5i0ooc1rU7C7YOw3wT+UGqdeNNHWnOF9qcMBgLRS+4IYUqbczewFx4mLEig6gawh7X6mFlEkA==",
+      "version": "1.6.2",
+      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.2.tgz",
+      "integrity": "sha512-heMioaxBcG9+Znsda5Q8sQbWnLJSl98AFDXTO80wELWEzX3hordXsTdxrIfMQoO9IY1MEnoGoPjpoKpMj+Yx0Q==",
       "license": "MIT"
     },
     "node_modules/uint8-to-base64": {
@@ -15344,9 +15389,9 @@
       "license": "MIT"
     },
     "node_modules/vite": {
-      "version": "7.3.0",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.0.tgz",
-      "integrity": "sha512-dZwN5L1VlUBewiP6H9s2+B3e3Jg96D0vzN+Ry73sOefebhYr9f94wwkMNN/9ouoU8pV1BqA1d1zGk8928cx0rg==",
+      "version": "7.3.1",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.1.tgz",
+      "integrity": "sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA==",
       "dev": true,
       "license": "MIT",
       "peer": true,
@@ -15481,9 +15526,9 @@
       }
     },
     "node_modules/vite/node_modules/rollup": {
-      "version": "4.54.0",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.54.0.tgz",
-      "integrity": "sha512-3nk8Y3a9Ea8szgKhinMlGMhGMw89mqule3KWczxhIzqudyHdCIOHw8WJlj/r329fACjKLEh13ZSk7oE22kyeIw==",
+      "version": "4.55.1",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.55.1.tgz",
+      "integrity": "sha512-wDv/Ht1BNHB4upNbK74s9usvl7hObDnvVzknxqY/E/O3X6rW1U1rV1aENEfJ54eFZDTNo7zv1f5N4edCluH7+A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -15497,28 +15542,31 @@
         "npm": ">=8.0.0"
       },
       "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.54.0",
-        "@rollup/rollup-android-arm64": "4.54.0",
-        "@rollup/rollup-darwin-arm64": "4.54.0",
-        "@rollup/rollup-darwin-x64": "4.54.0",
-        "@rollup/rollup-freebsd-arm64": "4.54.0",
-        "@rollup/rollup-freebsd-x64": "4.54.0",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.54.0",
-        "@rollup/rollup-linux-arm-musleabihf": "4.54.0",
-        "@rollup/rollup-linux-arm64-gnu": "4.54.0",
-        "@rollup/rollup-linux-arm64-musl": "4.54.0",
-        "@rollup/rollup-linux-loong64-gnu": "4.54.0",
-        "@rollup/rollup-linux-ppc64-gnu": "4.54.0",
-        "@rollup/rollup-linux-riscv64-gnu": "4.54.0",
-        "@rollup/rollup-linux-riscv64-musl": "4.54.0",
-        "@rollup/rollup-linux-s390x-gnu": "4.54.0",
-        "@rollup/rollup-linux-x64-gnu": "4.54.0",
-        "@rollup/rollup-linux-x64-musl": "4.54.0",
-        "@rollup/rollup-openharmony-arm64": "4.54.0",
-        "@rollup/rollup-win32-arm64-msvc": "4.54.0",
-        "@rollup/rollup-win32-ia32-msvc": "4.54.0",
-        "@rollup/rollup-win32-x64-gnu": "4.54.0",
-        "@rollup/rollup-win32-x64-msvc": "4.54.0",
+        "@rollup/rollup-android-arm-eabi": "4.55.1",
+        "@rollup/rollup-android-arm64": "4.55.1",
+        "@rollup/rollup-darwin-arm64": "4.55.1",
+        "@rollup/rollup-darwin-x64": "4.55.1",
+        "@rollup/rollup-freebsd-arm64": "4.55.1",
+        "@rollup/rollup-freebsd-x64": "4.55.1",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.55.1",
+        "@rollup/rollup-linux-arm-musleabihf": "4.55.1",
+        "@rollup/rollup-linux-arm64-gnu": "4.55.1",
+        "@rollup/rollup-linux-arm64-musl": "4.55.1",
+        "@rollup/rollup-linux-loong64-gnu": "4.55.1",
+        "@rollup/rollup-linux-loong64-musl": "4.55.1",
+        "@rollup/rollup-linux-ppc64-gnu": "4.55.1",
+        "@rollup/rollup-linux-ppc64-musl": "4.55.1",
+        "@rollup/rollup-linux-riscv64-gnu": "4.55.1",
+        "@rollup/rollup-linux-riscv64-musl": "4.55.1",
+        "@rollup/rollup-linux-s390x-gnu": "4.55.1",
+        "@rollup/rollup-linux-x64-gnu": "4.55.1",
+        "@rollup/rollup-linux-x64-musl": "4.55.1",
+        "@rollup/rollup-openbsd-x64": "4.55.1",
+        "@rollup/rollup-openharmony-arm64": "4.55.1",
+        "@rollup/rollup-win32-arm64-msvc": "4.55.1",
+        "@rollup/rollup-win32-ia32-msvc": "4.55.1",
+        "@rollup/rollup-win32-x64-gnu": "4.55.1",
+        "@rollup/rollup-win32-x64-msvc": "4.55.1",
         "fsevents": "~2.3.2"
       }
     },
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index 529437b44f..add2bfe691 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -478,9 +478,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "25.0.3",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.0.3.tgz",
-      "integrity": "sha512-W609buLVRVmeW693xKfzHeIV6nJGGz98uCPfeXI1ELMLXVeKYZ9m15fAMSaUPBHYLGFsVRcMmSCksQOrZV9BYA==",
+      "version": "25.0.6",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.0.6.tgz",
+      "integrity": "sha512-NNu0sjyNxpoiW3YuVFfNz7mxSQ+S4X2G28uqg2s+CzoqoQjLPsWSbsFFyztIAqt2vb8kfEAsJNepMGPTxFDx3Q==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~7.16.0"
@@ -1014,9 +1014,9 @@
       }
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.9.11",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.11.tgz",
-      "integrity": "sha512-Sg0xJUNDU1sJNGdfGWhVHX0kkZ+HWcvmVymJbj6NSgZZmW/8S9Y2HQ5euytnIgakgxN6papOAWiwDo1ctFDcoQ==",
+      "version": "2.9.14",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.14.tgz",
+      "integrity": "sha512-B0xUquLkiGLgHhpPBqvl7GWegWBUNuujQ6kXd/r1U38ElPT6Ok8KZ8e+FpUGEc2ZoRQUzq/aUnaKFc/svWUGSg==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.js"
@@ -1244,9 +1244,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001761",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001761.tgz",
-      "integrity": "sha512-JF9ptu1vP2coz98+5051jZ4PwQgd2ni8A+gYSN7EA7dPKIMf0pDlSUxhdmVOaV3/fYK5uWBkgSXJaRLr4+3A6g==",
+      "version": "1.0.30001764",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001764.tgz",
+      "integrity": "sha512-9JGuzl2M+vPL+pz70gtMF9sHdMFbY9FJaQBi186cHKH3pSzDvzoUJUPV6fqiKIMyXbud9ZLg4F3Yza1vJ1+93g==",
       "funding": [
         {
           "type": "opencollective",

From 2cd58c0ddee8826f61f6e190c626d9c48992f996 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 12 Jan 2026 21:57:41 +0100
Subject: [PATCH 141/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.5.1 (forgejo) (#10795)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.5.0` -> `v12.5.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.5.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.5.0/v12.5.1?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.5.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.5.1)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.5.0...v12.5.1)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1268): <!--number 1268 --><!--line 0 --><!--description Zml4OiBwcml2YXRlIHJlcG9zaXRvcnkgY2xvbmluZyB3aXRoIGF1dGhlbnRpY2F0aW9uIHRva2Vu-->fix: private repository cloning with authentication token<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1270): <!--number 1270 --><!--line 0 --><!--description Zml4OiBtaW5pbWl6ZSBsb2cgZGF0YSBsb3NzIGNhdXNlZCBieSBMWEMgJiBQVFkgYnVmZmVy-->fix: minimize log data loss caused by LXC & PTY buffer<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1269): <!--number 1269 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTYuNA==-->Update module github.com/go-git/go-git/v5 to v5.16.4<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1266): <!--number 1266 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9mb3JnZWpvIERvY2tlciB0YWcgdG8gdjExLjAuOQ==-->Update code.forgejo.org/forgejo/forgejo Docker tag to v11.0.9<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1263): <!--number 1263 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMi41LjA=-->Update forgejo-runner to v12.5.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1264): <!--number 1264 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuMA==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.1.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1262): <!--number 1262 --><!--line 0 --><!--description UmVwbGFjZSBOb2RlLmpzIHdpdGggZGF0YS5mb3JnZWpvLm9yZy9vY2kvbm9kZQ==-->Replace Node.js with data.forgejo.org/oci/node<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43OC4yIiwidXBkYXRlZEluVmVyIjoiNDIuNzguMiIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10795
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index c95fbbb8e8..a57adf03fe 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.5.0
+	code.forgejo.org/forgejo/runner/v12 v12.5.1
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
@@ -175,7 +175,7 @@ require (
 	github.com/go-fed/httpsig v1.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.2 // indirect
-	github.com/go-git/go-git/v5 v5.16.3 // indirect
+	github.com/go-git/go-git/v5 v5.16.4 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-openapi/jsonpointer v0.22.4 // indirect
 	github.com/go-openapi/jsonreference v0.21.4 // indirect
diff --git a/go.sum b/go.sum
index e6a2a41e34..1e126af447 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.5.0 h1:/ZHlKlDZBAjd6CNFLd53n/FtFSoqlZg3Z3oZ5b/9uUg=
-code.forgejo.org/forgejo/runner/v12 v12.5.0/go.mod h1:GwKqxU5CIkpUSBnOCwmT9GRpz2V4mdfdp9LQEKQ70HE=
+code.forgejo.org/forgejo/runner/v12 v12.5.1 h1:XTVGqSN68Y4LWsT5foZjzEIZC3dgVvYriKhQ8KUmplY=
+code.forgejo.org/forgejo/runner/v12 v12.5.1/go.mod h1:aqDGVIwMxGMkj2P5qW8QO10Q/CfMl2lou72Tf+UCHcA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=
@@ -284,8 +284,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
 github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
-github.com/go-git/go-git/v5 v5.16.3 h1:Z8BtvxZ09bYm/yYNgPKCzgWtaRqDTgIKRgIRHBfU6Z8=
-github.com/go-git/go-git/v5 v5.16.3/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
+github.com/go-git/go-git/v5 v5.16.4 h1:7ajIEZHZJULcyJebDLo99bGgS0jRrOxzZG4uCk2Yb2Y=
+github.com/go-git/go-git/v5 v5.16.4/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=

From 0eb0179c1ad629ce38c6e95e61f2cfcb375927cf Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Mon, 12 Jan 2026 21:59:40 +0100
Subject: [PATCH 142/854] feat: add foreign keys to the `action_runner_token`
 table (#10756)

In support of adding foreign keys to the `action_runner_token` table, this PR also had to:
- Add detection and error if a table with "soft delete" is used with a foreign key, because it causes a tricky to track down foreign key violation
- Remove unused xorm "soft delete" capability on the `action_runner_token` table
- Change the `RepoID` and `OwnerID` fields to use the value `NULL` to indicate that this scope wasn't valid for the token, rather than the value `0`

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10756
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/runner_token.go                | 39 +++++++++++--
 models/actions/runner_token_test.go           |  2 +-
 models/db/foreign_keys.go                     |  7 +++
 models/fixtures/action_runner_token.yml       | 10 ++--
 ...a_remove-softdelete-action_runner_token.go | 35 ++++++++++++
 ...ove-softdelete-action_runner_token_test.go | 51 +++++++++++++++++
 ...5b_add-foreign-keys-action_runner_token.go | 49 +++++++++++++++++
 ...d-foreign-keys-action_runner_token_test.go | 55 +++++++++++++++++++
 .../action_runner_token.yml                   | 24 ++++++++
 .../repository.yml                            |  2 +
 .../user.yml                                  |  2 +
 .../action_runner_token.yml                   | 33 +++++++++++
 routers/api/actions/runner/runner.go          |  4 +-
 .../action_runner_token.yml                   |  8 +++
 services/org/org_test.go                      |  5 ++
 services/repository/repository_test.go        |  8 +++
 .../TestDeleteUser/action_runner_token.yml    |  7 +++
 .../action_runner_token.yml                   |  8 +--
 .../action_runner_token.yml                   |  6 +-
 .../action_runner_token.yml                   |  6 +-
 .../action_runner_token.yml                   |  6 +-
 21 files changed, 336 insertions(+), 31 deletions(-)
 create mode 100644 models/forgejo_migrations/v15a_remove-softdelete-action_runner_token.go
 create mode 100644 models/forgejo_migrations/v15a_remove-softdelete-action_runner_token_test.go
 create mode 100644 models/forgejo_migrations/v15b_add-foreign-keys-action_runner_token.go
 create mode 100644 models/forgejo_migrations/v15b_add-foreign-keys-action_runner_token_test.go
 create mode 100644 models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/action_runner_token.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/repository.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/user.yml
 create mode 100644 models/gitea_migrations/fixtures/Test_removeSoftDeleteActionRunnerToken/action_runner_token.yml
 create mode 100644 services/org/TestDeleteOrganization/action_runner_token.yml
 create mode 100644 services/user/TestDeleteUser/action_runner_token.yml

diff --git a/models/actions/runner_token.go b/models/actions/runner_token.go
index ece15b55e8..848330c954 100644
--- a/models/actions/runner_token.go
+++ b/models/actions/runner_token.go
@@ -12,6 +12,8 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
+
+	"xorm.io/builder"
 )
 
 // ActionRunnerToken represents runner tokens
@@ -29,15 +31,14 @@ import (
 type ActionRunnerToken struct {
 	ID       int64
 	Token    string                 `xorm:"UNIQUE"`
-	OwnerID  int64                  `xorm:"index"`
+	OwnerID  int64                  `xorm:"index REFERENCES(user, id)"`
 	Owner    *user_model.User       `xorm:"-"`
-	RepoID   int64                  `xorm:"index"`
+	RepoID   int64                  `xorm:"index REFERENCES(repository, id)"`
 	Repo     *repo_model.Repository `xorm:"-"`
 	IsActive bool                   // true means it can be used
 
 	Created timeutil.TimeStamp `xorm:"created"`
 	Updated timeutil.TimeStamp `xorm:"updated"`
-	Deleted timeutil.TimeStamp `xorm:"deleted"`
 }
 
 func init() {
@@ -77,6 +78,16 @@ func NewRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerTo
 		ownerID = 0
 	}
 
+	// To ensure that NULL values are used for the unused columns, rather than attempting to insert 0 values which will
+	// cause FK violation, manage the list of columns that xorm will insert.
+	cols := []string{"is_active", "token"}
+	if ownerID != 0 {
+		cols = append(cols, "owner_id")
+	}
+	if repoID != 0 {
+		cols = append(cols, "repo_id")
+	}
+
 	token := util.CryptoRandomString(util.RandomStringHigh)
 	runnerToken := &ActionRunnerToken{
 		OwnerID:  ownerID,
@@ -86,17 +97,33 @@ func NewRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerTo
 	}
 
 	return runnerToken, db.WithTx(ctx, func(ctx context.Context) error {
-		if _, err := db.GetEngine(ctx).Where("owner_id =? AND repo_id = ?", ownerID, repoID).Cols("is_active").Update(&ActionRunnerToken{
+		if _, err := db.GetEngine(ctx).Where(runnerTokenCond(ownerID, repoID)).Cols("is_active").Update(&ActionRunnerToken{
 			IsActive: false,
 		}); err != nil {
 			return err
 		}
 
-		_, err := db.GetEngine(ctx).Insert(runnerToken)
+		_, err := db.GetEngine(ctx).Cols(cols...).Insert(runnerToken)
 		return err
 	})
 }
 
+func runnerTokenCond(ownerID, repoID int64) builder.Cond {
+	var condOwnerID builder.Cond
+	if ownerID == 0 {
+		condOwnerID = builder.IsNull{"owner_id"}
+	} else {
+		condOwnerID = builder.Eq{"owner_id": ownerID}
+	}
+	var condRepoID builder.Cond
+	if repoID == 0 {
+		condRepoID = builder.IsNull{"repo_id"}
+	} else {
+		condRepoID = builder.Eq{"repo_id": repoID}
+	}
+	return builder.And(condOwnerID, condRepoID)
+}
+
 // GetLatestRunnerToken returns the latest runner token
 func GetLatestRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerToken, error) {
 	if ownerID != 0 && repoID != 0 {
@@ -106,7 +133,7 @@ func GetLatestRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRu
 	}
 
 	var runnerToken ActionRunnerToken
-	has, err := db.GetEngine(ctx).Where("owner_id=? AND repo_id=?", ownerID, repoID).
+	has, err := db.GetEngine(ctx).Where(runnerTokenCond(ownerID, repoID)).
 		OrderBy("id DESC").Get(&runnerToken)
 	if err != nil {
 		return nil, err
diff --git a/models/actions/runner_token_test.go b/models/actions/runner_token_test.go
index 0de9ca5648..73320077a6 100644
--- a/models/actions/runner_token_test.go
+++ b/models/actions/runner_token_test.go
@@ -34,7 +34,7 @@ func TestUpdateRunnerToken(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	token := unittest.AssertExistsAndLoadBean(t, &ActionRunnerToken{ID: 3})
 	token.IsActive = true
-	require.NoError(t, UpdateRunnerToken(db.DefaultContext, token))
+	require.NoError(t, UpdateRunnerToken(db.DefaultContext, token, "is_active"))
 	expectedToken, err := GetLatestRunnerToken(db.DefaultContext, 1, 0)
 	require.NoError(t, err)
 	assert.Equal(t, expectedToken, token)
diff --git a/models/db/foreign_keys.go b/models/db/foreign_keys.go
index 7af0b92f73..1bf022596d 100644
--- a/models/db/foreign_keys.go
+++ b/models/db/foreign_keys.go
@@ -256,6 +256,13 @@ func extendBeansForCascade(beans []any) ([]any, error) {
 			if deduplicateTables.Contains(schema.Name) {
 				continue
 			}
+
+			for _, column := range schema.Columns() {
+				if column.IsDeleted {
+					return nil, fmt.Errorf("unable to use table %q in a cascade operation, as it has a soft-delete column %q", schema.Name, column.FieldName)
+				}
+			}
+
 			deduplicateTables.Add(schema.Name)
 			for _, referencingTable := range referencedTables[schema.Name] {
 				table := tableMap[referencingTable]
diff --git a/models/fixtures/action_runner_token.yml b/models/fixtures/action_runner_token.yml
index 8318349c9d..dffada23e2 100644
--- a/models/fixtures/action_runner_token.yml
+++ b/models/fixtures/action_runner_token.yml
@@ -1,8 +1,8 @@
 -
   id: 1 # instance scope
   token: xeiWBL5kuTYxGPynHCqQdoeYmJAeG3IzGXCYTrDX
-  owner_id: 0
-  repo_id: 0
+  owner_id: null
+  repo_id: null
   is_active: true
   created: 1695617748
   updated: 1695617748
@@ -11,7 +11,7 @@
   id: 2 # user scope and can't be used
   token: vohJB9QcZuSv1gAXESTk2uqpSjHhsKT9j4zYF84x
   owner_id: 1
-  repo_id: 0
+  repo_id: null
   is_active: false
   created: 1695617749
   updated: 1695617749
@@ -20,7 +20,7 @@
   id: 3 # user scope and can be used
   token: gjItAeJ3CA74hNPmPPo0Zco8I1eMaNcP1jVifjOE
   owner_id: 1
-  repo_id: 0
+  repo_id: null
   is_active: true
   created: 1695617750
   updated: 1695617750
@@ -28,7 +28,7 @@
 -
   id: 4 # repo scope
   token: NOjLubxzFxPGhPXflZknys0gjVvQNhomFbAYuhbH
-  owner_id: 0
+  owner_id: null
   repo_id: 1
   is_active: true
   created: 1695617751
diff --git a/models/forgejo_migrations/v15a_remove-softdelete-action_runner_token.go b/models/forgejo_migrations/v15a_remove-softdelete-action_runner_token.go
new file mode 100644
index 0000000000..c0f2e964a9
--- /dev/null
+++ b/models/forgejo_migrations/v15a_remove-softdelete-action_runner_token.go
@@ -0,0 +1,35 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"xorm.io/builder"
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "remove soft-delete capability from action_runner_token",
+		Upgrade:     removeSoftDeleteActionRunnerToken,
+	})
+}
+
+func removeSoftDeleteActionRunnerToken(x *xorm.Engine) error {
+	// ActionRunnerToken was implemented with a column: "Deleted timeutil.TimeStamp `xorm:"deleted"``", which invokes
+	// xorm's soft-delete capability -- that is, if a record is deleted from the table, then it is just marked with a
+	// delete timestamp which causes it to be automatically excluded from future queries.  This functionality is not
+	// used on `ActionRunnerToken` and it stands in the way of foreign key implementation -- if you can't actually
+	// delete the record in the table, then you can't remove foreign key references and therefore can't delete contents
+	// of the target tables, repository and user.
+	//
+	// This migration removes that column and deletes any records that were soft-deleted.
+
+	// Before dropping the 'deleted' column, hard-delete any soft-deleted records.
+	if _, err := x.Table("action_runner_token").Where(builder.NotNull{"deleted"}).Delete(); err != nil {
+		return err
+	}
+
+	_, err := x.Exec("ALTER TABLE action_runner_token DROP COLUMN `deleted`")
+	return err
+}
diff --git a/models/forgejo_migrations/v15a_remove-softdelete-action_runner_token_test.go b/models/forgejo_migrations/v15a_remove-softdelete-action_runner_token_test.go
new file mode 100644
index 0000000000..7a2c80e547
--- /dev/null
+++ b/models/forgejo_migrations/v15a_remove-softdelete-action_runner_token_test.go
@@ -0,0 +1,51 @@
+// Copyright 2026 The Forgejo Authors.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+	"forgejo.org/modules/timeutil"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_removeSoftDeleteActionRunnerToken(t *testing.T) {
+	type ActionRunnerToken struct {
+		ID       int64
+		Token    string `xorm:"UNIQUE"`
+		OwnerID  int64  `xorm:"index"`
+		RepoID   int64  `xorm:"index"`
+		IsActive bool
+		Created  timeutil.TimeStamp `xorm:"created"`
+		Updated  timeutil.TimeStamp `xorm:"updated"`
+		Deleted  timeutil.TimeStamp `xorm:"deleted"`
+	}
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(ActionRunnerToken))
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	require.NoError(t, removeSoftDeleteActionRunnerToken(x))
+
+	var remainingRecords []*ActionRunnerToken
+	require.NoError(t,
+		db.GetEngine(t.Context()).
+			Table("action_runner_token").
+			Select("`id`, `owner_id`, `repo_id`").
+			OrderBy("`id`").
+			Unscoped(). // `Deleted` column doesn't exist anymore, so don't include in query
+			Find(&remainingRecords))
+	assert.Equal(t,
+		[]*ActionRunnerToken{
+			{ID: 4},
+			{ID: 5, OwnerID: 1},
+			{ID: 6, RepoID: 1},
+		},
+		remainingRecords)
+}
diff --git a/models/forgejo_migrations/v15b_add-foreign-keys-action_runner_token.go b/models/forgejo_migrations/v15b_add-foreign-keys-action_runner_token.go
new file mode 100644
index 0000000000..584addf77b
--- /dev/null
+++ b/models/forgejo_migrations/v15b_add-foreign-keys-action_runner_token.go
@@ -0,0 +1,49 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"xorm.io/builder"
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add foreign keys to action_runner_token",
+		Upgrade:     addForeignKeysActionRunnerToken,
+	})
+}
+
+func addForeignKeysActionRunnerToken(x *xorm.Engine) error {
+	type ActionRunnerToken struct {
+		OwnerID int64 `xorm:"index REFERENCES(user, id)"`
+		RepoID  int64 `xorm:"index REFERENCES(repository, id)"`
+	}
+
+	// With the introduction of a foreign key, owner_id & repo_id cannot be set to "0".  Runners can be registered as
+	// global (owner_id = NULL, repo_id = NULL), user/org (repo_id = NULL), or repo (owner_id = NULL) and NULL values
+	// now replace the '0' values.
+	_, err := x.Table(&ActionRunnerToken{}).Where("owner_id = 0").Update(map[string]any{"owner_id": nil})
+	if err != nil {
+		return err
+	}
+	_, err = x.Table(&ActionRunnerToken{}).Where("repo_id = 0").Update(map[string]any{"repo_id": nil})
+	if err != nil {
+		return err
+	}
+
+	return syncForeignKeyWithDelete(x,
+		new(ActionRunnerToken),
+		builder.Or(
+			builder.And(
+				builder.Expr("owner_id IS NOT NULL"),
+				builder.Expr("NOT EXISTS (SELECT id FROM `user` WHERE `user`.id = action_runner_token.owner_id)"),
+			),
+			builder.And(
+				builder.Expr("repo_id IS NOT NULL"),
+				builder.Expr("NOT EXISTS (SELECT id FROM repository WHERE repository.id = action_runner_token.repo_id)"),
+			),
+		),
+	)
+}
diff --git a/models/forgejo_migrations/v15b_add-foreign-keys-action_runner_token_test.go b/models/forgejo_migrations/v15b_add-foreign-keys-action_runner_token_test.go
new file mode 100644
index 0000000000..04589d8eaf
--- /dev/null
+++ b/models/forgejo_migrations/v15b_add-foreign-keys-action_runner_token_test.go
@@ -0,0 +1,55 @@
+// Copyright 2026 The Forgejo Authors.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+	"forgejo.org/modules/timeutil"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_addForeignKeysActionRunnerToken(t *testing.T) {
+	type ActionRunnerToken struct {
+		ID       int64
+		Token    string `xorm:"UNIQUE"`
+		OwnerID  int64  `xorm:"index"`
+		RepoID   int64  `xorm:"index"`
+		IsActive bool
+		Created  timeutil.TimeStamp `xorm:"created"`
+		Updated  timeutil.TimeStamp `xorm:"updated"`
+	}
+	type User struct {
+		ID int64 `xorm:"pk autoincr"`
+	}
+	type Repository struct {
+		ID int64 `xorm:"pk autoincr"`
+	}
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(User), new(Repository), new(ActionRunnerToken))
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	require.NoError(t, addForeignKeysActionRunnerToken(x))
+
+	var remainingRecords []*ActionRunnerToken
+	require.NoError(t,
+		db.GetEngine(t.Context()).
+			Table("action_runner_token").
+			Select("`id`, `owner_id`, `repo_id`").
+			OrderBy("`id`").
+			Find(&remainingRecords))
+	assert.Equal(t,
+		[]*ActionRunnerToken{
+			{ID: 1},
+			{ID: 2, OwnerID: 1},
+			{ID: 3, RepoID: 1},
+		},
+		remainingRecords)
+}
diff --git a/models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/action_runner_token.yml b/models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/action_runner_token.yml
new file mode 100644
index 0000000000..9905c440cc
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/action_runner_token.yml
@@ -0,0 +1,24 @@
+-
+  id: 1
+  owner_id: null
+  repo_id: null
+
+-
+  id: 2
+  owner_id: 1
+  repo_id: null
+
+-
+  id: 3
+  owner_id: null
+  repo_id: 1
+
+# Expected to be deleted due to invalid owner_id foreign key
+-
+  id: 4
+  owner_id: 100
+
+# Expected to be deleted due to invalid repo_id foreign key
+-
+  id: 5
+  repo_id: 100
diff --git a/models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/repository.yml b/models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/repository.yml
new file mode 100644
index 0000000000..a88c2ef89f
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/repository.yml
@@ -0,0 +1,2 @@
+-
+  id: 1
diff --git a/models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/user.yml b/models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/user.yml
new file mode 100644
index 0000000000..a88c2ef89f
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_addForeignKeysActionRunnerToken/user.yml
@@ -0,0 +1,2 @@
+-
+  id: 1
diff --git a/models/gitea_migrations/fixtures/Test_removeSoftDeleteActionRunnerToken/action_runner_token.yml b/models/gitea_migrations/fixtures/Test_removeSoftDeleteActionRunnerToken/action_runner_token.yml
new file mode 100644
index 0000000000..3e79a7cb8a
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_removeSoftDeleteActionRunnerToken/action_runner_token.yml
@@ -0,0 +1,33 @@
+-
+  id: 1
+  owner_id: null
+  repo_id: null
+  deleted: 1767994875
+
+-
+  id: 2
+  owner_id: 1
+  repo_id: null
+  deleted: 1767994875
+
+-
+  id: 3
+  owner_id: null
+  repo_id: 1
+  deleted: 1767994875
+
+-
+  id: 4
+  owner_id: null
+  repo_id: null
+
+-
+  id: 5
+  owner_id: 1
+  repo_id: null
+
+-
+  id: 6
+  owner_id: null
+  repo_id: 1
+
diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go
index 3ee402733e..88e96aac1a 100644
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -56,13 +56,13 @@ func (s *Service) Register(
 		return nil, connect.NewError(connect.CodeInvalidArgument, errors.New("runner registration token has been invalidated, please use the latest one"))
 	}
 
-	if runnerToken.OwnerID > 0 {
+	if runnerToken.OwnerID != 0 {
 		if _, err := user_model.GetUserByID(ctx, runnerToken.OwnerID); err != nil {
 			return nil, connect.NewError(connect.CodeInternal, errors.New("owner of the token not found"))
 		}
 	}
 
-	if runnerToken.RepoID > 0 {
+	if runnerToken.RepoID != 0 {
 		if _, err := repo_model.GetRepositoryByID(ctx, runnerToken.RepoID); err != nil {
 			return nil, connect.NewError(connect.CodeInternal, errors.New("repository of the token not found"))
 		}
diff --git a/services/org/TestDeleteOrganization/action_runner_token.yml b/services/org/TestDeleteOrganization/action_runner_token.yml
new file mode 100644
index 0000000000..4abf9fd496
--- /dev/null
+++ b/services/org/TestDeleteOrganization/action_runner_token.yml
@@ -0,0 +1,8 @@
+-
+  id: 5
+  token: abc
+  owner_id: 6 # scoped for an organization that will be deleted
+  repo_id: null
+  is_active: true
+  created: 1695617751
+  updated: 1695617751
diff --git a/services/org/org_test.go b/services/org/org_test.go
index b0f591c745..10f753acd6 100644
--- a/services/org/org_test.go
+++ b/services/org/org_test.go
@@ -7,6 +7,7 @@ import (
 	"testing"
 
 	"forgejo.org/models"
+	"forgejo.org/models/actions"
 	"forgejo.org/models/db"
 	"forgejo.org/models/organization"
 	"forgejo.org/models/unittest"
@@ -21,12 +22,16 @@ func TestMain(m *testing.M) {
 }
 
 func TestDeleteOrganization(t *testing.T) {
+	defer unittest.OverrideFixtures("services/org/TestDeleteOrganization")()
 	require.NoError(t, unittest.PrepareTestDatabase())
+
 	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 6})
 	require.NoError(t, DeleteOrganization(db.DefaultContext, org, false))
 	unittest.AssertNotExistsBean(t, &organization.Organization{ID: 6})
 	unittest.AssertNotExistsBean(t, &organization.OrgUser{OrgID: 6})
 	unittest.AssertNotExistsBean(t, &organization.Team{OrgID: 6})
+	orgID := int64(6)
+	unittest.AssertNotExistsBean(t, &actions.ActionRunnerToken{OwnerID: orgID})
 
 	org = unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
 	err := DeleteOrganization(db.DefaultContext, org, false)
diff --git a/services/repository/repository_test.go b/services/repository/repository_test.go
index 9f71bdec23..5f63e4d9cb 100644
--- a/services/repository/repository_test.go
+++ b/services/repository/repository_test.go
@@ -10,6 +10,7 @@ import (
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -54,3 +55,10 @@ func TestConvertMirrorToNormalRepo(t *testing.T) {
 	require.NoError(t, err)
 	assert.False(t, repo.IsMirror)
 }
+
+func TestDeleteRepository(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	require.NoError(t, DeleteRepository(t.Context(), doer, repo, false))
+}
diff --git a/services/user/TestDeleteUser/action_runner_token.yml b/services/user/TestDeleteUser/action_runner_token.yml
new file mode 100644
index 0000000000..a96800c0a2
--- /dev/null
+++ b/services/user/TestDeleteUser/action_runner_token.yml
@@ -0,0 +1,7 @@
+-
+  id: 5
+  token: abc
+  owner_id: 4 # scoped to user that will be deleted
+  is_active: true
+  created: 1695617751
+  updated: 1695617751
diff --git a/tests/integration/fixtures/TestAPIGlobalActionsRunnerRegistrationTokenOperations/action_runner_token.yml b/tests/integration/fixtures/TestAPIGlobalActionsRunnerRegistrationTokenOperations/action_runner_token.yml
index c0b5007417..c9170054a9 100644
--- a/tests/integration/fixtures/TestAPIGlobalActionsRunnerRegistrationTokenOperations/action_runner_token.yml
+++ b/tests/integration/fixtures/TestAPIGlobalActionsRunnerRegistrationTokenOperations/action_runner_token.yml
@@ -1,12 +1,10 @@
 - id: 4691
   token: "BzcgyhjWhLeKGA4ihJIigeRDrcxrFESd0yizEpb7xZJ"
-  owner_id: 0
-  repo_id: 0
+  owner_id: null
+  repo_id: null
   is_active: true
-  deleted: 0
 - id: 4692
   token: "Sk9wHjBHelH4n1ckQy-mo3KVYRdoaPZ_aaH1ATfgI05"
   owner_id: 1
-  repo_id: 0
+  repo_id: null
   is_active: true
-  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIOrgActionsRunnerRegistrationTokenOperations/action_runner_token.yml b/tests/integration/fixtures/TestAPIOrgActionsRunnerRegistrationTokenOperations/action_runner_token.yml
index 2bd52feb31..4c2a36b8f7 100644
--- a/tests/integration/fixtures/TestAPIOrgActionsRunnerRegistrationTokenOperations/action_runner_token.yml
+++ b/tests/integration/fixtures/TestAPIOrgActionsRunnerRegistrationTokenOperations/action_runner_token.yml
@@ -1,12 +1,10 @@
 - id: 3621
   token: "BzcgyhjWhLeKGA4ihJIigeRDrcxrFESd0yizEpb7xZJ"
   owner_id: 1
-  repo_id: 0
+  repo_id: null
   is_active: true
-  deleted: 0
 - id: 3622
   token: "Sk9wHjBHelH4n1ckQy-mo3KVYRdoaPZ_aaH1ATfgI05"
   owner_id: 3
-  repo_id: 0
+  repo_id: null
   is_active: true
-  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIRepoActionsRunnerRegistrationTokenOperations/action_runner_token.yml b/tests/integration/fixtures/TestAPIRepoActionsRunnerRegistrationTokenOperations/action_runner_token.yml
index ec32b16bc6..05df50e2f5 100644
--- a/tests/integration/fixtures/TestAPIRepoActionsRunnerRegistrationTokenOperations/action_runner_token.yml
+++ b/tests/integration/fixtures/TestAPIRepoActionsRunnerRegistrationTokenOperations/action_runner_token.yml
@@ -1,12 +1,10 @@
 - id: 3621
   token: "BzcgyhjWhLeKGA4ihJIigeRDrcxrFESd0yizEpb7xZJ"
-  owner_id: 0
+  owner_id: null
   repo_id: 62
   is_active: true
-  deleted: 0
 - id: 3622
   token: "Sk9wHjBHelH4n1ckQy-mo3KVYRdoaPZ_aaH1ATfgI05"
-  owner_id: 0
+  owner_id: null
   repo_id: 1
   is_active: true
-  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIUserActionsRunnerRegistrationTokenOperations/action_runner_token.yml b/tests/integration/fixtures/TestAPIUserActionsRunnerRegistrationTokenOperations/action_runner_token.yml
index dc0167cb77..c284896b07 100644
--- a/tests/integration/fixtures/TestAPIUserActionsRunnerRegistrationTokenOperations/action_runner_token.yml
+++ b/tests/integration/fixtures/TestAPIUserActionsRunnerRegistrationTokenOperations/action_runner_token.yml
@@ -1,12 +1,10 @@
 - id: 383951
   token: "xVkXTYaIFUdkTxgqnLaO4X4c-Mg2OKBBcaEo6S1hkZo"
   owner_id: 1
-  repo_id: 0
+  repo_id: null
   is_active: true
-  deleted: 0
 - id: 383952
   token: "Xb3WmQBum2S0-WwFY399A0DhnPkgRdXzpEOJaMmL5UT"
   owner_id: 2
-  repo_id: 0
+  repo_id: null
   is_active: true
-  deleted: 0

From 14276244d29f8f1cd456ae896c70208f82603272 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 13 Jan 2026 02:05:59 +0100
Subject: [PATCH 143/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.5.2 (forgejo) (#10799)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.5.1` -> `v12.5.2` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.5.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.5.1/v12.5.2?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.5.2`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.5.2)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.5.1...v12.5.2)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1267): <!--number 1267 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2RvY2tlci9kb2NrZXIgdG8gdjI4LjUuMitpbmNvbXBhdGlibGU=-->Update module github.com/docker/docker to v28.5.2+incompatible<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1275): <!--number 1275 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMi41LjE=-->Update forgejo-runner to v12.5.1<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1276): <!--number 1276 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS41LjA=-->Update dependency forgejo/release-notes-assistant to v1.5.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1272): <!--number 1272 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3JoeXNkL2FjdGlvbmxpbnQgdG8gdjEuNy4xMA==-->Update module github.com/rhysd/actionlint to v1.7.10<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43OC4yIiwidXBkYXRlZEluVmVyIjoiNDIuNzguMiIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10799
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 assets/go-licenses.json |  2 +-
 go.mod                  |  6 +++---
 go.sum                  | 12 ++++++------
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 2f8843be95..2819730532 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -1222,7 +1222,7 @@
   {
     "name": "go.yaml.in/yaml/v4",
     "path": "go.yaml.in/yaml/v4/LICENSE",
-    "licenseText": "\nThis project is covered by two different licenses: MIT and Apache.\n\n#### MIT License ####\n\nThe following files were ported to Go from C files of libyaml, and thus\nare still covered by their original MIT license, with the additional\ncopyright staring in 2011 when the project was ported over:\n\n    apic.go emitterc.go parserc.go readerc.go scannerc.go\n    writerc.go yamlh.go yamlprivateh.go\n\nCopyright (c) 2006-2010 Kirill Simonov\nCopyright (c) 2006-2011 Kirill Simonov\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of\nthis software and associated documentation files (the \"Software\"), to deal in\nthe Software without restriction, including without limitation the rights to\nuse, copy, modify, merge, publish, distribute, sublicense, and/or sell copies\nof the Software, and to permit persons to whom the Software is furnished to do\nso, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n### Apache License ###\n\nAll the remaining project files are covered by the Apache license:\n\nCopyright (c) 2011-2019 Canonical Ltd\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n"
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2025 - The go-yaml Project Contributors\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
   },
   {
     "name": "go4.org/readerutil",
diff --git a/go.mod b/go.mod
index a57adf03fe..43f07760c5 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.5.1
+	code.forgejo.org/forgejo/runner/v12 v12.5.2
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
@@ -238,7 +238,7 @@ require (
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.62.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
-	github.com/rhysd/actionlint v1.7.8 // indirect
+	github.com/rhysd/actionlint v1.7.10 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rs/xid v1.6.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
@@ -254,7 +254,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	go.uber.org/zap/exp v0.3.0 // indirect
-	go.yaml.in/yaml/v4 v4.0.0-rc.2 // indirect
+	go.yaml.in/yaml/v4 v4.0.0-rc.3 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
 	golang.org/x/mod v0.31.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
diff --git a/go.sum b/go.sum
index 1e126af447..33f87ce002 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.5.1 h1:XTVGqSN68Y4LWsT5foZjzEIZC3dgVvYriKhQ8KUmplY=
-code.forgejo.org/forgejo/runner/v12 v12.5.1/go.mod h1:aqDGVIwMxGMkj2P5qW8QO10Q/CfMl2lou72Tf+UCHcA=
+code.forgejo.org/forgejo/runner/v12 v12.5.2 h1:VzlAze7DfpyjnS9FqDB1Ly+VjwHvScgGnL6q9TRTgn0=
+code.forgejo.org/forgejo/runner/v12 v12.5.2/go.mod h1:HAOlrRYqERs90Qomps7cc1uZSOepuS5Cu9+Ij8izj7c=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=
@@ -610,8 +610,8 @@ github.com/redis/go-redis/v9 v9.17.2 h1:P2EGsA4qVIM3Pp+aPocCJ7DguDHhqrXNhVcEp4Vi
 github.com/redis/go-redis/v9 v9.17.2/go.mod h1:u410H11HMLoB+TP67dz8rL9s6QW2j76l0//kSOd3370=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
-github.com/rhysd/actionlint v1.7.8 h1:3d+N9ourgAxVYG4z2IFxFIk/YiT6V+VnKASfXGwT60E=
-github.com/rhysd/actionlint v1.7.8/go.mod h1:3kiS6egcbXG+vQsJIhFxTz+UKaF1JprsE0SKrpCZKvU=
+github.com/rhysd/actionlint v1.7.10 h1:FL3XIEs72G4/++168vlv5FKOWMSWvWIQw1kBCadyOcM=
+github.com/rhysd/actionlint v1.7.10/go.mod h1:ZHX/hrmknlsJN73InPTKsKdXpAv9wVdrJy8h8HAwFHg=
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
@@ -707,8 +707,8 @@ go.uber.org/zap/exp v0.3.0 h1:6JYzdifzYkGmTdRR59oYH+Ng7k49H9qVpWwNSsGJj3U=
 go.uber.org/zap/exp v0.3.0/go.mod h1:5I384qq7XGxYyByIhHm6jg5CHkGY0nsTfbDLgDDlgJQ=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
-go.yaml.in/yaml/v4 v4.0.0-rc.2 h1:/FrI8D64VSr4HtGIlUtlFMGsm7H7pWTbj6vOLVZcA6s=
-go.yaml.in/yaml/v4 v4.0.0-rc.2/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0=
+go.yaml.in/yaml/v4 v4.0.0-rc.3 h1:3h1fjsh1CTAPjW7q/EMe+C8shx5d8ctzZTrLcs/j8Go=
+go.yaml.in/yaml/v4 v4.0.0-rc.3/go.mod h1:aZqd9kCMsGL7AuUv/m/PvWLdg5sjJsZ4oHDEnfPPfY0=
 go4.org v0.0.0-20230225012048-214862532bf5 h1:nifaUDeh+rPaBCMPMQHZmvJf+QdpLFnuQPwx+LxVmtc=
 go4.org v0.0.0-20230225012048-214862532bf5/go.mod h1:F57wTi5Lrj6WLyswp5EYV1ncrEbFGHD4hhz6S1ZYeaU=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=

From 79e5a2e8dbfd01fafe71f78948844b57f1d46fac Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 13 Jan 2026 16:07:20 +0100
Subject: [PATCH 144/854] Update module golang.org/x/net to v0.49.0 (forgejo)
 (#10802)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10802
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod |  6 +++---
 go.sum | 16 ++++++++--------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/go.mod b/go.mod
index 43f07760c5..73bd2fb3ef 100644
--- a/go.mod
+++ b/go.mod
@@ -102,13 +102,13 @@ require (
 	gitlab.com/gitlab-org/api/client-go v0.143.2
 	go.uber.org/mock v0.6.0
 	go.yaml.in/yaml/v3 v3.0.4
-	golang.org/x/crypto v0.46.0
+	golang.org/x/crypto v0.47.0
 	golang.org/x/image v0.33.0
-	golang.org/x/net v0.48.0
+	golang.org/x/net v0.49.0
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.19.0
 	golang.org/x/sys v0.40.0
-	golang.org/x/text v0.32.0
+	golang.org/x/text v0.33.0
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
diff --git a/go.sum b/go.sum
index 33f87ce002..8374c80201 100644
--- a/go.sum
+++ b/go.sum
@@ -722,8 +722,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU=
-golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0=
+golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
+golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -791,8 +791,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
-golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
+golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
+golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -861,8 +861,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q=
-golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg=
+golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
+golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -876,8 +876,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
-golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
+golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
+golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=

From 8cf17e38266ffa1272a5428d8aab4f579594934d Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Tue, 13 Jan 2026 16:34:27 +0100
Subject: [PATCH 145/854] chore: Teach Makefile to handle node pre-release
 versions (#10790)

Using node head built from source, "make frontend" failed with this confusing message:

```
$ make node-check
/bin/sh: 1: printf: 0-pre: not completely converted
Forgejo requires Node.js 20.0.0 or greater and npm to build. You can get it at https://nodejs.org/en/download/
make: *** [Makefile:327: node-check] Error 1
```

The reason is that from this output

```
$ node -v
v26.0.0-pre
```

`0-pre` could not be converted to the printf `"%d"` format.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10790
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 7a4f235c1f..a86e5727dd 100644
--- a/Makefile
+++ b/Makefile
@@ -322,7 +322,7 @@ git-check:
 node-check:
 	$(eval MIN_NODE_VERSION_STR := $(shell grep -Eo '"node":.*[0-9.]+"' package.json | sed -n 's/.*[^0-9.]\([0-9.]*\)"/\1/p'))
 	$(eval MIN_NODE_VERSION := $(shell printf "%03d%03d%03d" $(shell echo '$(MIN_NODE_VERSION_STR)' | tr '.' ' ')))
-	$(eval NODE_VERSION := $(shell printf "%03d%03d%03d" $(shell node -v | cut -c2- | tr '.' ' ');))
+	$(eval NODE_VERSION := $(shell printf "%03d%03d%03d" $(shell node -v | cut -c2- | sed 's:-.*::' | tr '.' ' ');))
 	$(eval NPM_MISSING := $(shell hash npm > /dev/null 2>&1 || echo 1))
 	@if [ "$(NODE_VERSION)" -lt "$(MIN_NODE_VERSION)" -o "$(NPM_MISSING)" = "1" ]; then \
 		echo "Forgejo requires Node.js $(MIN_NODE_VERSION_STR) or greater and npm to build. You can get it at https://nodejs.org/en/download/"; \

From a71392c6aad72f90c7243c92b8ce112c4a94da81 Mon Sep 17 00:00:00 2001
From: limiting-factor <limiting-factor@posteo.com>
Date: Tue, 13 Jan 2026 16:59:56 +0100
Subject: [PATCH 146/854] chore: update gof3/v3 v3.11.15 (#10673)

Update the Forgejo driver for gof3 with modifications for non-backward compatible changes. The changes are isolated behind the f3.Enable flag and not yet functional. The purpose of this upgrade is to not drift from the gof3 implementation while the work continues.

The `fix: include remote users when counting users` commit is a functional change to Forgejo itself but does not change the behavior because the remote users are only created in fixtures or by F3.

https://codeberg.org/forgejo/forgejo/src/commit/59c721d26b1a01e6e6ca812b63066a33e7e5e4da/models/user/user.go#L65-L66

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10673
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: limiting-factor <limiting-factor@posteo.com>
Co-committed-by: limiting-factor <limiting-factor@posteo.com>
---
 cmd/forgejo/f3.go                        |  7 ++-
 custom/conf/app.example.ini              |  2 +-
 go.mod                                   |  6 +-
 go.sum                                   |  8 +--
 models/user/user.go                      |  2 +-
 modules/setting/f3.go                    | 17 +++++-
 modules/setting/f3_test.go               | 74 ++++++++++++++++++++++++
 services/f3/driver/attachment.go         | 11 ++--
 services/f3/driver/attachments.go        | 15 ++---
 services/f3/driver/comment.go            | 13 ++++-
 services/f3/driver/comments.go           | 18 ++++--
 services/f3/driver/common.go             | 10 ++--
 services/f3/driver/forge.go              |  9 ++-
 services/f3/driver/issue.go              |  8 +--
 services/f3/driver/issues.go             | 10 ++--
 services/f3/driver/labels.go             | 10 ++--
 services/f3/driver/main_test.go          |  5 ++
 services/f3/driver/milestones.go         | 10 ++--
 services/f3/driver/organizations.go      | 19 ++++--
 services/f3/driver/projects.go           | 16 +++--
 services/f3/driver/pullrequest.go        | 14 ++---
 services/f3/driver/pullrequests.go       | 10 ++--
 services/f3/driver/reaction.go           | 11 ++--
 services/f3/driver/reactions.go          | 19 +++---
 services/f3/driver/release.go            |  2 +-
 services/f3/driver/releases.go           | 10 ++--
 services/f3/driver/repositories.go       | 14 ++---
 services/f3/driver/repository.go         |  8 ++-
 services/f3/driver/review.go             |  4 +-
 services/f3/driver/reviewcomment.go      |  2 +-
 services/f3/driver/reviewcomments.go     | 10 ++--
 services/f3/driver/reviews.go            | 12 ++--
 services/f3/driver/tests/options.go      |  3 +-
 services/f3/driver/topics.go             |  8 +--
 services/f3/driver/tree.go               | 62 ++++++++++----------
 services/f3/driver/user.go               | 22 ++++++-
 services/f3/driver/users.go              | 19 ++++--
 tests/integration/api_nodeinfo_test.go   |  2 +-
 tests/integration/cmd_forgejo_f3_test.go | 40 +++++--------
 39 files changed, 348 insertions(+), 194 deletions(-)
 create mode 100644 modules/setting/f3_test.go

diff --git a/cmd/forgejo/f3.go b/cmd/forgejo/f3.go
index c4aafeac58..2d1b617e46 100644
--- a/cmd/forgejo/f3.go
+++ b/cmd/forgejo/f3.go
@@ -24,7 +24,6 @@ import (
 )
 
 func CmdF3(ctx context.Context) *cli.Command {
-	ctx = f3_logger.ContextSetLogger(ctx, util.NewF3Logger(nil, log.GetLogger(log.DEFAULT)))
 	return &cli.Command{
 		Name:  "f3",
 		Usage: "F3",
@@ -38,7 +37,9 @@ func SubcmdF3Mirror(ctx context.Context) *cli.Command {
 	mirrorCmd := f3_cmd.CreateCmdMirror()
 	mirrorCmd.Before = prepareWorkPathAndCustomConf(ctx)
 	f3Action := mirrorCmd.Action
-	mirrorCmd.Action = func(ctx context.Context, cli *cli.Command) error { return runMirror(ctx, cli, f3Action) }
+	mirrorCmd.Action = func(ctx context.Context, cli *cli.Command) error {
+		return runMirror(ctx, cli, f3Action)
+	}
 	return mirrorCmd
 }
 
@@ -67,6 +68,8 @@ func runMirror(ctx context.Context, c *cli.Command, action cli.ActionFunc) error
 		if err := models.Init(ctx); err != nil {
 			return err
 		}
+
+		ctx = f3_logger.ContextSetLogger(ctx, util.NewF3Logger(nil, log.GetLogger(log.DEFAULT)))
 	}
 
 	err := action(ctx, c)
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index f9c7a666ce..01d02700b2 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -2552,7 +2552,7 @@ LEVEL = Info
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[F3]
+;[f3]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
diff --git a/go.mod b/go.mod
index 73bd2fb3ef..2c1303e9a0 100644
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,7 @@ go 1.25.0
 toolchain go1.25.5
 
 require (
-	code.forgejo.org/f3/gof3/v3 v3.11.1
+	code.forgejo.org/f3/gof3/v3 v3.11.15
 	code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251
 	code.forgejo.org/forgejo/actions-proto v0.6.0
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
@@ -63,7 +63,7 @@ require (
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/feeds v1.2.0
 	github.com/gorilla/sessions v1.4.0
-	github.com/hashicorp/go-version v1.7.0
+	github.com/hashicorp/go-version v1.8.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/huandu/xstrings v1.5.0
 	github.com/inbucket/html2text v0.9.0
@@ -94,7 +94,7 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/syndtr/goleveldb v1.0.0
 	github.com/ulikunitz/xz v0.5.15
-	github.com/urfave/cli/v3 v3.5.0
+	github.com/urfave/cli/v3 v3.6.1
 	github.com/valyala/fastjson v1.6.7
 	github.com/yohcop/openid-go v1.0.1
 	github.com/yuin/goldmark v1.7.16
diff --git a/go.sum b/go.sum
index 8374c80201..1102d28d07 100644
--- a/go.sum
+++ b/go.sum
@@ -16,8 +16,8 @@ cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2k
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-code.forgejo.org/f3/gof3/v3 v3.11.1 h1:c0vE8XvqpbXuSv8gzttn96k5T2FQi0u9bYnux46qSAs=
-code.forgejo.org/f3/gof3/v3 v3.11.1/go.mod h1:1p2UKrqZiwxKneQF2DKrMnc403YIgR/lfcfvadZtmDs=
+code.forgejo.org/f3/gof3/v3 v3.11.15 h1:/EzJWRQUhVVia1EmCWRZHCuW8qdAX1DEXY0M1n0mECc=
+code.forgejo.org/f3/gof3/v3 v3.11.15/go.mod h1:k99wl7QiI9LjS3qEd1RXLdcZPE3wZP5gkVhy8/WhzJ4=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251 h1:HTZl3CBk3ABNYtFI6TPLvJgGKFIhKT5CBk0sbOtkDKU=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251/go.mod h1:PphB88CPbx601QrWPMZATeorACeVmQlyv3u+uUMbSaM=
 code.forgejo.org/forgejo/actions-proto v0.6.0 h1:dw1Dogk9A4V/yrLVkhe9dSZPsqNAIkI1kCXPSqG3tZA=
@@ -660,8 +660,8 @@ github.com/tinylib/msgp v1.3.0/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
 github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli/v3 v3.5.0 h1:qCuFMmdayTF3zmjG8TSsoBzrDqszNrklYg2x3g4MSgw=
-github.com/urfave/cli/v3 v3.5.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
+github.com/urfave/cli/v3 v3.6.1 h1:j8Qq8NyUawj/7rTYdBGrxcH7A/j7/G8Q5LhWEW4G3Mo=
+github.com/urfave/cli/v3 v3.6.1/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/valyala/fastjson v1.6.7 h1:ZE4tRy0CIkh+qDc5McjatheGX2czdn8slQjomexVpBM=
 github.com/valyala/fastjson v1.6.7/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
diff --git a/models/user/user.go b/models/user/user.go
index f871284890..c78d396f39 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -888,7 +888,7 @@ func CountUsers(ctx context.Context, opts *CountUserFilter) int64 {
 func countUsers(ctx context.Context, opts *CountUserFilter) int64 {
 	sess := db.GetEngine(ctx)
 	cond := builder.NewCond()
-	cond = cond.And(builder.Eq{"type": UserTypeIndividual})
+	cond = cond.And(builder.In("type", UserTypeIndividual, UserTypeRemoteUser))
 
 	if opts != nil {
 		if opts.LastLoginSince != nil {
diff --git a/modules/setting/f3.go b/modules/setting/f3.go
index 31d12294b8..2412938a49 100644
--- a/modules/setting/f3.go
+++ b/modules/setting/f3.go
@@ -3,6 +3,9 @@
 package setting
 
 import (
+	"os"
+	"path/filepath"
+
 	"forgejo.org/modules/log"
 )
 
@@ -10,8 +13,10 @@ import (
 var (
 	F3 = struct {
 		Enabled bool
+		Path    string
 	}{
 		Enabled: false,
+		Path:    "f3",
 	}
 )
 
@@ -20,7 +25,17 @@ func LoadF3Setting() {
 }
 
 func loadF3From(rootCfg ConfigProvider) {
-	if err := rootCfg.Section("F3").MapTo(&F3); err != nil {
+	if err := rootCfg.Section("f3").MapTo(&F3); err != nil {
 		log.Fatal("Failed to map F3 settings: %v", err)
 	}
+
+	if !filepath.IsAbs(F3.Path) {
+		F3.Path = filepath.Join(AppDataPath, F3.Path)
+	} else {
+		F3.Path = filepath.Clean(F3.Path)
+	}
+
+	if err := os.MkdirAll(F3.Path, os.ModePerm); err != nil {
+		log.Fatal("Failed to create F3 path %s: %v", F3.Path, err)
+	}
 }
diff --git a/modules/setting/f3_test.go b/modules/setting/f3_test.go
new file mode 100644
index 0000000000..76c4fe015c
--- /dev/null
+++ b/modules/setting/f3_test.go
@@ -0,0 +1,74 @@
+// Copyright 2024 The Forgejo Authors.
+// SPDX-License-Identifier: GPLv3-or-later
+
+package setting
+
+import (
+	"fmt"
+	"testing"
+
+	"forgejo.org/modules/test"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSettingF3(t *testing.T) {
+	restoreF3 := test.MockProtect(&F3)
+	restoreAppDataPath := test.MockProtect(&AppDataPath)
+	restore := func() {
+		restoreF3()
+		restoreAppDataPath()
+	}
+	defer restore()
+
+	t.Run("enabled", func(t *testing.T) {
+		restore()
+		cfg, err := NewConfigProviderFromData(`
+[f3]
+ENABLED = true
+`)
+		require.NoError(t, err)
+		loadF3From(cfg)
+		assert.True(t, F3.Enabled)
+		assert.DirExists(t, F3.Path)
+	})
+
+	t.Run("disabled by default", func(t *testing.T) {
+		restore()
+		cfg, err := NewConfigProviderFromData(`
+[f3]
+`)
+		require.NoError(t, err)
+		loadF3From(cfg)
+		assert.False(t, F3.Enabled)
+	})
+
+	t.Run("default f3 path", func(t *testing.T) {
+		restore()
+		cfg, err := NewConfigProviderFromData(`
+[f3]
+ENABLED = true
+`)
+		require.NoError(t, err)
+		AppDataPath = t.TempDir()
+		loadF3From(cfg)
+		assert.Equal(t, AppDataPath+"/f3", F3.Path)
+		assert.DirExists(t, F3.Path)
+	})
+
+	t.Run("absolute f3 path", func(t *testing.T) {
+		restore()
+		other := t.TempDir()
+		cfg, err := NewConfigProviderFromData(fmt.Sprintf(`
+[f3]
+ENABLED = true
+PATH = %[1]s
+`, other))
+		require.NoError(t, err)
+		AppDataPath = t.TempDir()
+		loadF3From(cfg)
+		assert.Equal(t, other, F3.Path)
+		assert.DirExists(t, F3.Path)
+	})
+}
diff --git a/services/f3/driver/attachment.go b/services/f3/driver/attachment.go
index 298119664a..7d0bb7d733 100644
--- a/services/f3/driver/attachment.go
+++ b/services/f3/driver/attachment.go
@@ -21,8 +21,9 @@ import (
 
 	"code.forgejo.org/f3/gof3/v3/f3"
 	f3_id "code.forgejo.org/f3/gof3/v3/id"
+	f3_kind "code.forgejo.org/f3/gof3/v3/kind"
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 	f3_util "code.forgejo.org/f3/gof3/v3/util"
 	"github.com/google/uuid"
 )
@@ -145,11 +146,11 @@ func (o *attachment) Put(ctx context.Context) f3_id.NodeID {
 	attachableID := f3_tree.GetAttachableID(o.GetNode())
 
 	switch attachable.GetKind() {
-	case f3_tree.KindRelease:
+	case f3_kind.KindRelease:
 		o.forgejoAttachment.ReleaseID = attachableID
-	case f3_tree.KindComment:
+	case f3_kind.KindComment:
 		o.forgejoAttachment.CommentID = attachableID
-	case f3_tree.KindIssue, f3_tree.KindPullRequest:
+	case f3_kind.KindIssue, f3_kind.KindPullRequest:
 		o.forgejoAttachment.IssueID = attachableID
 	default:
 		panic(fmt.Errorf("unexpected type %s", attachable.GetKind()))
@@ -180,6 +181,6 @@ func (o *attachment) Delete(ctx context.Context) {
 	}
 }
 
-func newAttachment() generic.NodeDriverInterface {
+func newAttachment() f3_tree_generic.NodeDriverInterface {
 	return &attachment{}
 }
diff --git a/services/f3/driver/attachments.go b/services/f3/driver/attachments.go
index 392afda52c..5b9880683f 100644
--- a/services/f3/driver/attachments.go
+++ b/services/f3/driver/attachments.go
@@ -11,17 +11,18 @@ import (
 	issues_model "forgejo.org/models/issues"
 	repo_model "forgejo.org/models/repo"
 
+	f3_kind "code.forgejo.org/f3/gof3/v3/kind"
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type attachments struct {
 	container
 }
 
-func (o *attachments) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *attachments) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	if page > 1 {
-		return generic.NewChildrenSlice(0)
+		return f3_tree_generic.NewChildrenList(0)
 	}
 
 	attachable := f3_tree.GetAttachable(o.GetNode())
@@ -30,7 +31,7 @@ func (o *attachments) ListPage(ctx context.Context, page int) generic.ChildrenSl
 	var attachments []*repo_model.Attachment
 
 	switch attachable.GetKind() {
-	case f3_tree.KindRelease:
+	case f3_kind.KindRelease:
 		release, err := repo_model.GetReleaseByID(ctx, attachableID)
 		if err != nil {
 			panic(fmt.Errorf("GetReleaseByID %v %w", attachableID, err))
@@ -42,7 +43,7 @@ func (o *attachments) ListPage(ctx context.Context, page int) generic.ChildrenSl
 
 		attachments = release.Attachments
 
-	case f3_tree.KindComment:
+	case f3_kind.KindComment:
 		comment, err := issues_model.GetCommentByID(ctx, attachableID)
 		if err != nil {
 			panic(fmt.Errorf("GetCommentByID %v %w", attachableID, err))
@@ -54,7 +55,7 @@ func (o *attachments) ListPage(ctx context.Context, page int) generic.ChildrenSl
 
 		attachments = comment.Attachments
 
-	case f3_tree.KindIssue, f3_tree.KindPullRequest:
+	case f3_kind.KindIssue, f3_kind.KindPullRequest:
 		repoID := f3_tree.GetProjectID(o.GetNode())
 		issue, err := issues_model.GetIssueByIndex(ctx, repoID, attachableID)
 		if err != nil {
@@ -74,6 +75,6 @@ func (o *attachments) ListPage(ctx context.Context, page int) generic.ChildrenSl
 	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(attachments...)...)
 }
 
-func newAttachments() generic.NodeDriverInterface {
+func newAttachments() f3_tree_generic.NodeDriverInterface {
 	return &attachments{}
 }
diff --git a/services/f3/driver/comment.go b/services/f3/driver/comment.go
index bd924930b5..cdb08247e1 100644
--- a/services/f3/driver/comment.go
+++ b/services/f3/driver/comment.go
@@ -47,7 +47,7 @@ func (o *comment) ToFormat() f3.Interface {
 	}
 	return &f3.Comment{
 		Common:   f3.NewCommon(fmt.Sprintf("%d", o.forgejoComment.ID)),
-		PosterID: f3_tree.NewUserReference(o.forgejoComment.Poster.ID),
+		PosterID: f3_tree.NewUserReference(f3_util.ToString(o.forgejoComment.Poster.ID)),
 		Content:  o.forgejoComment.Content,
 		Created:  o.forgejoComment.CreatedUnix.AsTime(),
 		Updated:  o.forgejoComment.UpdatedUnix.AsTime(),
@@ -59,6 +59,7 @@ func (o *comment) FromFormat(content f3.Interface) {
 
 	o.forgejoComment = &issues_model.Comment{
 		ID:       f3_util.ParseInt(comment.GetID()),
+		Type:     issues_model.CommentTypeComment,
 		PosterID: comment.PosterID.GetIDAsInt(),
 		Poster: &user_model.User{
 			ID: comment.PosterID.GetIDAsInt(),
@@ -98,7 +99,15 @@ func (o *comment) Patch(ctx context.Context) {
 
 func (o *comment) Put(ctx context.Context) f3_id.NodeID {
 	node := o.GetNode()
-	o.Trace("%s", node.GetID())
+
+	issueIndex := f3_tree.GetCommentableID(node)
+	repositoryID := f3_tree.GetProjectID(node)
+
+	issue, err := issues_model.GetIssueByIndex(ctx, repositoryID, issueIndex)
+	if issues_model.IsErrIssueNotExist(err) {
+		panic(fmt.Errorf("issue index %d not found in repository id %d", issueIndex, repositoryID))
+	}
+	o.forgejoComment.IssueID = issue.ID
 
 	sess := db.GetEngine(ctx)
 
diff --git a/services/f3/driver/comments.go b/services/f3/driver/comments.go
index d8c84e290c..a0763240ed 100644
--- a/services/f3/driver/comments.go
+++ b/services/f3/driver/comments.go
@@ -12,18 +12,18 @@ import (
 	issues_model "forgejo.org/models/issues"
 
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type comments struct {
 	container
 }
 
-func (o *comments) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *comments) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	pageSize := o.getPageSize()
 
-	project := f3_tree.GetProjectID(o.GetNode())
-	commentable := f3_tree.GetCommentableID(o.GetNode())
+	project := f3_tree.GetProjectID(node)
+	commentable := f3_tree.GetCommentableID(node)
 
 	issue, err := issues_model.GetIssueByIndex(ctx, project, commentable)
 	if err != nil {
@@ -41,9 +41,15 @@ func (o *comments) ListPage(ctx context.Context, page int) generic.ChildrenSlice
 		panic(fmt.Errorf("error while listing comments: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(forgejoComments...)...)
+	for _, forgejoComment := range forgejoComments {
+		if err := forgejoComment.LoadPoster(ctx); err != nil {
+			panic(fmt.Errorf("LoadPoster %+v %w", *forgejoComment, err))
+		}
+	}
+
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(forgejoComments...)...)
 }
 
-func newComments() generic.NodeDriverInterface {
+func newComments() f3_tree_generic.NodeDriverInterface {
 	return &comments{}
 }
diff --git a/services/f3/driver/common.go b/services/f3/driver/common.go
index 4c5dfd8b1a..8ce6bd25b4 100644
--- a/services/f3/driver/common.go
+++ b/services/f3/driver/common.go
@@ -8,19 +8,19 @@ import (
 	"context"
 
 	f3_kind "code.forgejo.org/f3/gof3/v3/kind"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type common struct {
-	generic.NullDriver
+	f3_tree_generic.NullDriver
 }
 
 func (o *common) GetHelper() any {
 	panic("not implemented")
 }
 
-func (o *common) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
-	return generic.NewChildrenSlice(0)
+func (o *common) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
+	return f3_tree_generic.NewChildrenList(0)
 }
 
 func (o *common) GetNativeID() string {
@@ -30,7 +30,7 @@ func (o *common) GetNativeID() string {
 func (o *common) SetNative(native any) {
 }
 
-func (o *common) getTree() generic.TreeInterface {
+func (o *common) getTree() f3_tree_generic.TreeInterface {
 	return o.GetNode().GetTree()
 }
 
diff --git a/services/f3/driver/forge.go b/services/f3/driver/forge.go
index 03acb41450..0910666877 100644
--- a/services/f3/driver/forge.go
+++ b/services/f3/driver/forge.go
@@ -13,7 +13,6 @@ import (
 	"code.forgejo.org/f3/gof3/v3/f3"
 	f3_id "code.forgejo.org/f3/gof3/v3/id"
 	f3_kind "code.forgejo.org/f3/gof3/v3/kind"
-	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
 	"code.forgejo.org/f3/gof3/v3/tree/generic"
 	"code.forgejo.org/f3/gof3/v3/util"
 )
@@ -37,17 +36,17 @@ func (o *forge) getOwnersKind(ctx context.Context, id string) f3_kind.Kind {
 		if err != nil {
 			panic(fmt.Errorf("user_repo.GetUserByID: %w", err))
 		}
-		kind = f3_tree.KindUsers
+		kind = f3_kind.KindUsers
 		if user.IsOrganization() {
-			kind = f3_tree.KindOrganization
+			kind = f3_kind.KindOrganization
 		}
 		o.ownersKind[id] = kind
 	}
 	return kind
 }
 
-func (o *forge) getOwnersPath(ctx context.Context, id string) f3_tree.Path {
-	return f3_tree.NewPathFromString("/").SetForge().SetOwners(o.getOwnersKind(ctx, id))
+func (o *forge) getOwnersPath(ctx context.Context, id string) generic.Path {
+	return generic.NewNodePathFromString("/").SetForge().SetOwners(o.getOwnersKind(ctx, id))
 }
 
 func (o *forge) Equals(context.Context, generic.NodeInterface) bool { return true }
diff --git a/services/f3/driver/issue.go b/services/f3/driver/issue.go
index 6308c4cc2d..3869a53e8f 100644
--- a/services/f3/driver/issue.go
+++ b/services/f3/driver/issue.go
@@ -51,23 +51,23 @@ func (o *issue) ToFormat() f3.Interface {
 
 	milestone := &f3.Reference{}
 	if o.forgejoIssue.Milestone != nil {
-		milestone = f3_tree.NewIssueMilestoneReference(o.forgejoIssue.Milestone.ID)
+		milestone = f3_tree.NewIssueMilestoneReference(f3_util.ToString(o.forgejoIssue.Milestone.ID))
 	}
 
 	assignees := make([]*f3.Reference, 0, len(o.forgejoIssue.Assignees))
 	for _, assignee := range o.forgejoIssue.Assignees {
-		assignees = append(assignees, f3_tree.NewUserReference(assignee.ID))
+		assignees = append(assignees, f3_tree.NewUserReference(f3_util.ToString(assignee.ID)))
 	}
 
 	labels := make([]*f3.Reference, 0, len(o.forgejoIssue.Labels))
 	for _, label := range o.forgejoIssue.Labels {
-		labels = append(labels, f3_tree.NewIssueLabelReference(label.ID))
+		labels = append(labels, f3_tree.NewIssueLabelReference(f3_util.ToString(label.ID)))
 	}
 
 	return &f3.Issue{
 		Title:     o.forgejoIssue.Title,
 		Common:    f3.NewCommon(o.GetNativeID()),
-		PosterID:  f3_tree.NewUserReference(o.forgejoIssue.Poster.ID),
+		PosterID:  f3_tree.NewUserReference(f3_util.ToString(o.forgejoIssue.Poster.ID)),
 		Assignees: assignees,
 		Labels:    labels,
 		Content:   o.forgejoIssue.Content,
diff --git a/services/f3/driver/issues.go b/services/f3/driver/issues.go
index dd6828dc86..9442a09d59 100644
--- a/services/f3/driver/issues.go
+++ b/services/f3/driver/issues.go
@@ -12,17 +12,17 @@ import (
 	issues_model "forgejo.org/models/issues"
 
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type issues struct {
 	container
 }
 
-func (o *issues) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *issues) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	pageSize := o.getPageSize()
 
-	project := f3_tree.GetProjectID(o.GetNode())
+	project := f3_tree.GetProjectID(node)
 
 	forgejoIssues, err := issues_model.Issues(ctx, &issues_model.IssuesOptions{
 		Paginator: &db.ListOptions{Page: page, PageSize: pageSize},
@@ -32,9 +32,9 @@ func (o *issues) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
 		panic(fmt.Errorf("error while listing issues: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(forgejoIssues...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(forgejoIssues...)...)
 }
 
-func newIssues() generic.NodeDriverInterface {
+func newIssues() f3_tree_generic.NodeDriverInterface {
 	return &issues{}
 }
diff --git a/services/f3/driver/labels.go b/services/f3/driver/labels.go
index 4f705ed206..a86e1f686a 100644
--- a/services/f3/driver/labels.go
+++ b/services/f3/driver/labels.go
@@ -12,26 +12,26 @@ import (
 	issues_model "forgejo.org/models/issues"
 
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type labels struct {
 	container
 }
 
-func (o *labels) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *labels) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	pageSize := o.getPageSize()
 
-	project := f3_tree.GetProjectID(o.GetNode())
+	project := f3_tree.GetProjectID(node)
 
 	forgejoLabels, err := issues_model.GetLabelsByRepoID(ctx, project, "", db.ListOptions{Page: page, PageSize: pageSize})
 	if err != nil {
 		panic(fmt.Errorf("error while listing labels: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(forgejoLabels...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(forgejoLabels...)...)
 }
 
-func newLabels() generic.NodeDriverInterface {
+func newLabels() f3_tree_generic.NodeDriverInterface {
 	return &labels{}
 }
diff --git a/services/f3/driver/main_test.go b/services/f3/driver/main_test.go
index 838baa760b..69ef829599 100644
--- a/services/f3/driver/main_test.go
+++ b/services/f3/driver/main_test.go
@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
 	driver_options "forgejo.org/services/f3/driver/options"
@@ -25,6 +26,10 @@ import (
 func TestF3(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	defer test.MockVariableValue(&setting.SSH.RootPath, t.TempDir())()
+	log.SetConsoleLogger(log.DEFAULT, "console", log.TRACE)
+	defer func() {
+		log.SetConsoleLogger(log.DEFAULT, "console", log.INFO)
+	}()
 	tests_f3.ForgeCompliance(t, driver_options.Name)
 }
 
diff --git a/services/f3/driver/milestones.go b/services/f3/driver/milestones.go
index cf0b70c158..ad672acbd8 100644
--- a/services/f3/driver/milestones.go
+++ b/services/f3/driver/milestones.go
@@ -12,17 +12,17 @@ import (
 	issues_model "forgejo.org/models/issues"
 
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type milestones struct {
 	container
 }
 
-func (o *milestones) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *milestones) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	pageSize := o.getPageSize()
 
-	project := f3_tree.GetProjectID(o.GetNode())
+	project := f3_tree.GetProjectID(node)
 
 	forgejoMilestones, err := db.Find[issues_model.Milestone](ctx, issues_model.FindMilestoneOptions{
 		ListOptions: db.ListOptions{Page: page, PageSize: pageSize},
@@ -32,9 +32,9 @@ func (o *milestones) ListPage(ctx context.Context, page int) generic.ChildrenSli
 		panic(fmt.Errorf("error while listing milestones: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(forgejoMilestones...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(forgejoMilestones...)...)
 }
 
-func newMilestones() generic.NodeDriverInterface {
+func newMilestones() f3_tree_generic.NodeDriverInterface {
 	return &milestones{}
 }
diff --git a/services/f3/driver/organizations.go b/services/f3/driver/organizations.go
index eca6bfb9d4..b557ad8337 100644
--- a/services/f3/driver/organizations.go
+++ b/services/f3/driver/organizations.go
@@ -12,16 +12,17 @@ import (
 	org_model "forgejo.org/models/organization"
 	user_model "forgejo.org/models/user"
 
+	"code.forgejo.org/f3/gof3/v3/f3"
 	f3_id "code.forgejo.org/f3/gof3/v3/id"
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type organizations struct {
 	container
 }
 
-func (o *organizations) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *organizations) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	sess := db.GetEngine(ctx)
 	if page != 0 {
 		sess = db.SetSessionPagination(sess, &db.ListOptions{Page: page, PageSize: o.getPageSize()})
@@ -34,18 +35,26 @@ func (o *organizations) ListPage(ctx context.Context, page int) generic.Children
 		panic(fmt.Errorf("error while listing organizations: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(organizations...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(organizations...)...)
+}
+
+func (o *organizations) LookupMappedID(ctx context.Context, id f3_id.NodeID, f f3.Interface) f3_id.NodeID {
+	organization := f.(*f3.Organization)
+	return o.GetIDFromName(ctx, organization.Name)
 }
 
 func (o *organizations) GetIDFromName(ctx context.Context, name string) f3_id.NodeID {
 	organization, err := org_model.GetOrgByName(ctx, name)
+	if org_model.IsErrOrgNotExist(err) {
+		return f3_id.NilID
+	}
 	if err != nil {
-		panic(fmt.Errorf("GetOrganizationByName: %v", err))
+		panic(fmt.Errorf("GetOrgByName(%s): %v", name, err))
 	}
 
 	return f3_id.NewNodeID(organization.ID)
 }
 
-func newOrganizations() generic.NodeDriverInterface {
+func newOrganizations() f3_tree_generic.NodeDriverInterface {
 	return &organizations{}
 }
diff --git a/services/f3/driver/projects.go b/services/f3/driver/projects.go
index 0c76854f43..071dd000dc 100644
--- a/services/f3/driver/projects.go
+++ b/services/f3/driver/projects.go
@@ -11,15 +11,21 @@ import (
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
 
+	"code.forgejo.org/f3/gof3/v3/f3"
 	f3_id "code.forgejo.org/f3/gof3/v3/id"
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type projects struct {
 	container
 }
 
+func (o *projects) LookupMappedID(ctx context.Context, id f3_id.NodeID, f f3.Interface) f3_id.NodeID {
+	project := f.(*f3.Project)
+	return o.GetIDFromName(ctx, project.Name)
+}
+
 func (o *projects) GetIDFromName(ctx context.Context, name string) f3_id.NodeID {
 	owner := f3_tree.GetOwnerName(o.GetNode())
 	forgejoProject, err := repo_model.GetRepositoryByOwnerAndName(ctx, owner, name)
@@ -34,10 +40,10 @@ func (o *projects) GetIDFromName(ctx context.Context, name string) f3_id.NodeID
 	return f3_id.NewNodeID(forgejoProject.ID)
 }
 
-func (o *projects) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *projects) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	pageSize := o.getPageSize()
 
-	owner := f3_tree.GetOwner(o.GetNode())
+	owner := f3_tree.GetOwner(node)
 
 	forgejoProjects, _, err := repo_model.SearchRepository(ctx, &repo_model.SearchRepoOptions{
 		ListOptions: db.ListOptions{Page: page, PageSize: pageSize},
@@ -48,9 +54,9 @@ func (o *projects) ListPage(ctx context.Context, page int) generic.ChildrenSlice
 		panic(fmt.Errorf("error while listing projects: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(forgejoProjects...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(forgejoProjects...)...)
 }
 
-func newProjects() generic.NodeDriverInterface {
+func newProjects() f3_tree_generic.NodeDriverInterface {
 	return &projects{}
 }
diff --git a/services/f3/driver/pullrequest.go b/services/f3/driver/pullrequest.go
index 664ee6b13b..3300042895 100644
--- a/services/f3/driver/pullrequest.go
+++ b/services/f3/driver/pullrequest.go
@@ -19,7 +19,7 @@ import (
 
 	"code.forgejo.org/f3/gof3/v3/f3"
 	f3_id "code.forgejo.org/f3/gof3/v3/id"
-	f3_path "code.forgejo.org/f3/gof3/v3/path"
+	f3_kind "code.forgejo.org/f3/gof3/v3/kind"
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
 	"code.forgejo.org/f3/gof3/v3/tree/generic"
 	f3_util "code.forgejo.org/f3/gof3/v3/util"
@@ -53,17 +53,17 @@ func (o *pullRequest) repositoryToReference(ctx context.Context, repository *rep
 	if repository == nil {
 		panic("unexpected nil repository")
 	}
-	forge := o.getTree().GetRoot().GetChild(f3_id.NewNodeID(f3_tree.KindForge)).GetDriver().(*forge)
+	forge := o.getTree().GetRoot().GetChild(f3_id.NewNodeID(f3_kind.KindForge)).GetDriver().(*forge)
 	owners := forge.getOwnersPath(ctx, fmt.Sprintf("%d", repository.OwnerID))
-	return f3_tree.NewRepositoryReference(owners.String(), repository.OwnerID, repository.ID)
+	return f3_tree.NewRepositoryReference(owners.String(), f3_util.ToString(repository.OwnerID), f3_util.ToString(repository.ID), f3.RepositoryNameDefault)
 }
 
 func (o *pullRequest) referenceToRepository(reference *f3.Reference) int64 {
 	var project int64
-	if reference.Get() == "../../repository/vcs" {
+	if reference.Get() == "../../repositories/vcs" {
 		project = f3_tree.GetProjectID(o.GetNode())
 	} else {
-		p := f3_tree.ToPath(f3_path.PathAbsolute(generic.NewElementNode, o.GetNode().GetCurrentPath().String(), reference.Get()))
+		p := generic.PathAbsolute(generic.NewNode, o.GetNode().GetCurrentPath().String(), reference.Get())
 		o.Trace("%v %v", o.GetNode().GetCurrentPath().String(), p)
 		_, project = p.OwnerAndProjectID()
 	}
@@ -77,7 +77,7 @@ func (o *pullRequest) ToFormat() f3.Interface {
 
 	var milestone *f3.Reference
 	if o.forgejoPullRequest.Milestone != nil {
-		milestone = f3_tree.NewIssueMilestoneReference(o.forgejoPullRequest.Milestone.ID)
+		milestone = f3_tree.NewIssueMilestoneReference(f3_util.ToString(o.forgejoPullRequest.Milestone.ID))
 	}
 
 	var mergedTime *time.Time
@@ -125,7 +125,7 @@ func (o *pullRequest) ToFormat() f3.Interface {
 
 	return &f3.PullRequest{
 		Common:         f3.NewCommon(o.GetNativeID()),
-		PosterID:       f3_tree.NewUserReference(o.forgejoPullRequest.Poster.ID),
+		PosterID:       f3_tree.NewUserReference(f3_util.ToString(o.forgejoPullRequest.Poster.ID)),
 		Title:          o.forgejoPullRequest.Title,
 		Content:        o.forgejoPullRequest.Content,
 		Milestone:      milestone,
diff --git a/services/f3/driver/pullrequests.go b/services/f3/driver/pullrequests.go
index 227171994c..1d88aeb850 100644
--- a/services/f3/driver/pullrequests.go
+++ b/services/f3/driver/pullrequests.go
@@ -13,17 +13,17 @@ import (
 	"forgejo.org/modules/optional"
 
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type pullRequests struct {
 	container
 }
 
-func (o *pullRequests) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *pullRequests) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	pageSize := o.getPageSize()
 
-	project := f3_tree.GetProjectID(o.GetNode())
+	project := f3_tree.GetProjectID(node)
 
 	forgejoPullRequests, err := issues_model.Issues(ctx, &issues_model.IssuesOptions{
 		Paginator: &db.ListOptions{Page: page, PageSize: pageSize},
@@ -34,9 +34,9 @@ func (o *pullRequests) ListPage(ctx context.Context, page int) generic.ChildrenS
 		panic(fmt.Errorf("error while listing pullRequests: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(forgejoPullRequests...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(forgejoPullRequests...)...)
 }
 
-func newPullRequests() generic.NodeDriverInterface {
+func newPullRequests() f3_tree_generic.NodeDriverInterface {
 	return &pullRequests{}
 }
diff --git a/services/f3/driver/reaction.go b/services/f3/driver/reaction.go
index b959206074..bafab55898 100644
--- a/services/f3/driver/reaction.go
+++ b/services/f3/driver/reaction.go
@@ -14,6 +14,7 @@ import (
 
 	"code.forgejo.org/f3/gof3/v3/f3"
 	f3_id "code.forgejo.org/f3/gof3/v3/id"
+	f3_kind "code.forgejo.org/f3/gof3/v3/kind"
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
 	"code.forgejo.org/f3/gof3/v3/tree/generic"
 	f3_util "code.forgejo.org/f3/gof3/v3/util"
@@ -46,7 +47,7 @@ func (o *reaction) ToFormat() f3.Interface {
 	}
 	return &f3.Reaction{
 		Common:  f3.NewCommon(fmt.Sprintf("%d", o.forgejoReaction.ID)),
-		UserID:  f3_tree.NewUserReference(o.forgejoReaction.User.ID),
+		UserID:  f3_tree.NewUserReference(f3_util.ToString(o.forgejoReaction.User.ID)),
 		Content: o.forgejoReaction.Type,
 	}
 }
@@ -89,7 +90,7 @@ func (o *reaction) Patch(ctx context.Context) {
 }
 
 func (o *reaction) Put(ctx context.Context) f3_id.NodeID {
-	o.Trace("%v", o.forgejoReaction.User)
+	o.Trace("%+v", o.forgejoReaction.User)
 
 	sess := db.GetEngine(ctx)
 
@@ -97,20 +98,20 @@ func (o *reaction) Put(ctx context.Context) f3_id.NodeID {
 	reactionableID := f3_tree.GetReactionableID(o.GetNode())
 
 	switch reactionable.GetKind() {
-	case f3_tree.KindIssue, f3_tree.KindPullRequest:
+	case f3_kind.KindIssue, f3_kind.KindPullRequest:
 		project := f3_tree.GetProjectID(o.GetNode())
 		issue, err := issues_model.GetIssueByIndex(ctx, project, reactionableID)
 		if err != nil {
 			panic(fmt.Errorf("GetIssueByIndex %v %w", reactionableID, err))
 		}
 		o.forgejoReaction.IssueID = issue.ID
-	case f3_tree.KindComment:
+	case f3_kind.KindComment:
 		o.forgejoReaction.CommentID = reactionableID
 	default:
 		panic(fmt.Errorf("unexpected type %v", reactionable.GetKind()))
 	}
 
-	o.Trace("%v", o.forgejoReaction)
+	o.Trace("%+v", o.forgejoReaction)
 
 	if _, err := sess.Insert(o.forgejoReaction); err != nil {
 		panic(err)
diff --git a/services/f3/driver/reactions.go b/services/f3/driver/reactions.go
index a546927b92..8e8ff14014 100644
--- a/services/f3/driver/reactions.go
+++ b/services/f3/driver/reactions.go
@@ -11,8 +11,9 @@ import (
 	"forgejo.org/models/db"
 	issues_model "forgejo.org/models/issues"
 
+	f3_kind "code.forgejo.org/f3/gof3/v3/kind"
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 	"xorm.io/builder"
 )
 
@@ -20,23 +21,23 @@ type reactions struct {
 	container
 }
 
-func (o *reactions) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *reactions) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	pageSize := o.getPageSize()
 
-	reactionable := f3_tree.GetReactionable(o.GetNode())
-	reactionableID := f3_tree.GetReactionableID(o.GetNode())
+	reactionable := f3_tree.GetReactionable(node)
+	reactionableID := f3_tree.GetReactionableID(node)
 
 	sess := db.GetEngine(ctx)
 	cond := builder.NewCond()
 	switch reactionable.GetKind() {
-	case f3_tree.KindIssue, f3_tree.KindPullRequest:
-		project := f3_tree.GetProjectID(o.GetNode())
+	case f3_kind.KindIssue, f3_kind.KindPullRequest:
+		project := f3_tree.GetProjectID(node)
 		issue, err := issues_model.GetIssueByIndex(ctx, project, reactionableID)
 		if err != nil {
 			panic(fmt.Errorf("GetIssueByIndex %v %w", reactionableID, err))
 		}
 		cond = cond.And(builder.Eq{"reaction.issue_id": issue.ID})
-	case f3_tree.KindComment:
+	case f3_kind.KindComment:
 		cond = cond.And(builder.Eq{"reaction.comment_id": reactionableID})
 	default:
 		panic(fmt.Errorf("unexpected type %v", reactionable.GetKind()))
@@ -51,9 +52,9 @@ func (o *reactions) ListPage(ctx context.Context, page int) generic.ChildrenSlic
 		panic(fmt.Errorf("error while listing reactions: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(reactions...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(reactions...)...)
 }
 
-func newReactions() generic.NodeDriverInterface {
+func newReactions() f3_tree_generic.NodeDriverInterface {
 	return &reactions{}
 }
diff --git a/services/f3/driver/release.go b/services/f3/driver/release.go
index df38bd8bc0..e66cd9d026 100644
--- a/services/f3/driver/release.go
+++ b/services/f3/driver/release.go
@@ -56,7 +56,7 @@ func (o *release) ToFormat() f3.Interface {
 		Body:            o.forgejoRelease.Note,
 		Draft:           o.forgejoRelease.IsDraft,
 		Prerelease:      o.forgejoRelease.IsPrerelease,
-		PublisherID:     f3_tree.NewUserReference(o.forgejoRelease.Publisher.ID),
+		PublisherID:     f3_tree.NewUserReference(f3_util.ToString(o.forgejoRelease.Publisher.ID)),
 		Created:         o.forgejoRelease.CreatedUnix.AsTime(),
 	}
 }
diff --git a/services/f3/driver/releases.go b/services/f3/driver/releases.go
index a631c0b60e..cea5666071 100644
--- a/services/f3/driver/releases.go
+++ b/services/f3/driver/releases.go
@@ -12,17 +12,17 @@ import (
 	repo_model "forgejo.org/models/repo"
 
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type releases struct {
 	container
 }
 
-func (o *releases) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *releases) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	pageSize := o.getPageSize()
 
-	project := f3_tree.GetProjectID(o.GetNode())
+	project := f3_tree.GetProjectID(node)
 
 	forgejoReleases, err := db.Find[repo_model.Release](ctx, repo_model.FindReleasesOptions{
 		ListOptions:   db.ListOptions{Page: page, PageSize: pageSize},
@@ -34,9 +34,9 @@ func (o *releases) ListPage(ctx context.Context, page int) generic.ChildrenSlice
 		panic(fmt.Errorf("error while listing releases: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(forgejoReleases...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(forgejoReleases...)...)
 }
 
-func newReleases() generic.NodeDriverInterface {
+func newReleases() f3_tree_generic.NodeDriverInterface {
 	return &releases{}
 }
diff --git a/services/f3/driver/repositories.go b/services/f3/driver/repositories.go
index 03daf35e58..8e9f9347a3 100644
--- a/services/f3/driver/repositories.go
+++ b/services/f3/driver/repositories.go
@@ -9,28 +9,28 @@ import (
 
 	"code.forgejo.org/f3/gof3/v3/f3"
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type repositories struct {
 	container
 }
 
-func (o *repositories) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
-	children := generic.NewChildrenSlice(0)
+func (o *repositories) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
+	children := f3_tree_generic.NewChildrenList(0)
 	if page > 1 {
 		return children
 	}
 
 	names := []string{f3.RepositoryNameDefault}
-	project := f3_tree.GetProject(o.GetNode()).ToFormat().(*f3.Project)
+	project := f3_tree.GetProject(node).ToFormat().(*f3.Project)
 	if project.HasWiki {
-		names = append(names, f3.RepositoryNameWiki)
+		names = append(names, RepositoryNameWiki)
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(names...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(names...)...)
 }
 
-func newRepositories() generic.NodeDriverInterface {
+func newRepositories() f3_tree_generic.NodeDriverInterface {
 	return &repositories{}
 }
diff --git a/services/f3/driver/repository.go b/services/f3/driver/repository.go
index 3cd9aa7f2e..e198fa695e 100644
--- a/services/f3/driver/repository.go
+++ b/services/f3/driver/repository.go
@@ -76,10 +76,12 @@ func (o *repository) SetFetchFunc(fetchFunc func(ctx context.Context, destinatio
 	o.f.FetchFunc = fetchFunc
 }
 
+const RepositoryNameWiki = "vcs.wiki"
+
 func (o *repository) getURL() string {
 	owner := f3_tree.GetOwnerName(o.GetNode())
 	repoName := f3_tree.GetProjectName(o.GetNode())
-	if o.f.GetID() == f3.RepositoryNameWiki {
+	if o.f.GetID() == RepositoryNameWiki {
 		repoName += ".wiki"
 	}
 	return repo_model.RepoPath(owner, repoName)
@@ -89,6 +91,10 @@ func (o *repository) GetRepositoryURL() string {
 	return o.getURL()
 }
 
+func (o *repository) Delete(ctx context.Context) {
+	o.Trace("ignore attempt to delete repository")
+}
+
 func (o *repository) GetRepositoryPushURL() string {
 	return o.getURL()
 }
diff --git a/services/f3/driver/review.go b/services/f3/driver/review.go
index f4f5ff44b8..c291482618 100644
--- a/services/f3/driver/review.go
+++ b/services/f3/driver/review.go
@@ -48,7 +48,7 @@ func (o *review) ToFormat() f3.Interface {
 
 	review := &f3.Review{
 		Common:     f3.NewCommon(o.GetNativeID()),
-		ReviewerID: f3_tree.NewUserReference(o.forgejoReview.ReviewerID),
+		ReviewerID: f3_tree.NewUserReference(f3_util.ToString(o.forgejoReview.ReviewerID)),
 		Official:   o.forgejoReview.Official,
 		CommitID:   o.forgejoReview.CommitID,
 		Content:    o.forgejoReview.Content,
@@ -71,7 +71,7 @@ func (o *review) ToFormat() f3.Interface {
 	}
 
 	if o.forgejoReview.Reviewer != nil {
-		review.ReviewerID = f3_tree.NewUserReference(o.forgejoReview.Reviewer.ID)
+		review.ReviewerID = f3_tree.NewUserReference(f3_util.ToString(o.forgejoReview.Reviewer.ID))
 	}
 
 	return review
diff --git a/services/f3/driver/reviewcomment.go b/services/f3/driver/reviewcomment.go
index 22759b6df3..64279d0324 100644
--- a/services/f3/driver/reviewcomment.go
+++ b/services/f3/driver/reviewcomment.go
@@ -57,7 +57,7 @@ func (o *reviewComment) ToFormat() f3.Interface {
 
 	return &f3.ReviewComment{
 		Common:    f3.NewCommon(o.GetNativeID()),
-		PosterID:  f3_tree.NewUserReference(o.forgejoReviewComment.Poster.ID),
+		PosterID:  f3_tree.NewUserReference(f3_util.ToString(o.forgejoReviewComment.Poster.ID)),
 		Content:   o.forgejoReviewComment.Content,
 		TreePath:  o.forgejoReviewComment.TreePath,
 		DiffHunk:  patch2diff(o.forgejoReviewComment.PatchQuoted),
diff --git a/services/f3/driver/reviewcomments.go b/services/f3/driver/reviewcomments.go
index 2aa4dea22c..a9f6f03774 100644
--- a/services/f3/driver/reviewcomments.go
+++ b/services/f3/driver/reviewcomments.go
@@ -12,17 +12,17 @@ import (
 	issues_model "forgejo.org/models/issues"
 
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type reviewComments struct {
 	container
 }
 
-func (o *reviewComments) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *reviewComments) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	pageSize := o.getPageSize()
 
-	id := f3_tree.GetReviewID(o.GetNode())
+	id := f3_tree.GetReviewID(node)
 
 	sess := db.GetEngine(ctx).
 		Table("comment").
@@ -35,9 +35,9 @@ func (o *reviewComments) ListPage(ctx context.Context, page int) generic.Childre
 		panic(fmt.Errorf("error while listing reviewComments: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(forgejoReviewComments...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(forgejoReviewComments...)...)
 }
 
-func newReviewComments() generic.NodeDriverInterface {
+func newReviewComments() f3_tree_generic.NodeDriverInterface {
 	return &reviewComments{}
 }
diff --git a/services/f3/driver/reviews.go b/services/f3/driver/reviews.go
index 7c3dcb37de..1a94803862 100644
--- a/services/f3/driver/reviews.go
+++ b/services/f3/driver/reviews.go
@@ -12,18 +12,18 @@ import (
 	issues_model "forgejo.org/models/issues"
 
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type reviews struct {
 	container
 }
 
-func (o *reviews) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *reviews) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	pageSize := o.getPageSize()
 
-	project := f3_tree.GetProjectID(o.GetNode())
-	pullRequest := f3_tree.GetPullRequestID(o.GetNode())
+	project := f3_tree.GetProjectID(node)
+	pullRequest := f3_tree.GetPullRequestID(node)
 
 	issue, err := issues_model.GetIssueByIndex(ctx, project, pullRequest)
 	if err != nil {
@@ -41,9 +41,9 @@ func (o *reviews) ListPage(ctx context.Context, page int) generic.ChildrenSlice
 		panic(fmt.Errorf("error while listing reviews: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(forgejoReviews...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(forgejoReviews...)...)
 }
 
-func newReviews() generic.NodeDriverInterface {
+func newReviews() f3_tree_generic.NodeDriverInterface {
 	return &reviews{}
 }
diff --git a/services/f3/driver/tests/options.go b/services/f3/driver/tests/options.go
index f61b10c9ef..a3fc199a50 100644
--- a/services/f3/driver/tests/options.go
+++ b/services/f3/driver/tests/options.go
@@ -16,6 +16,7 @@ import (
 
 func newTestOptions(_ *testing.T) options.Interface {
 	o := options.GetFactory(driver_options.Name)().(*driver_options.Options)
-	o.SetLogger(util.NewF3Logger(nil, forgejo_log.GetLogger(forgejo_log.DEFAULT)))
+	l := forgejo_log.GetLogger(forgejo_log.DEFAULT)
+	o.SetLogger(util.NewF3Logger(nil, l))
 	return o
 }
diff --git a/services/f3/driver/topics.go b/services/f3/driver/topics.go
index 38f03dbd2d..5c2f7753b3 100644
--- a/services/f3/driver/topics.go
+++ b/services/f3/driver/topics.go
@@ -12,14 +12,14 @@ import (
 	repo_model "forgejo.org/models/repo"
 
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type topics struct {
 	container
 }
 
-func (o *topics) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *topics) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	pageSize := o.getPageSize()
 
 	sess := db.GetEngine(ctx)
@@ -33,9 +33,9 @@ func (o *topics) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
 		panic(fmt.Errorf("error while listing topics: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(topics...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(topics...)...)
 }
 
-func newTopics() generic.NodeDriverInterface {
+func newTopics() f3_tree_generic.NodeDriverInterface {
 	return &topics{}
 }
diff --git a/services/f3/driver/tree.go b/services/f3/driver/tree.go
index fe11b15f6e..573f75c457 100644
--- a/services/f3/driver/tree.go
+++ b/services/f3/driver/tree.go
@@ -27,67 +27,67 @@ func (o *treeDriver) Init() {
 
 func (o *treeDriver) Factory(ctx context.Context, kind f3_kind.Kind) generic.NodeDriverInterface {
 	switch kind {
-	case f3_tree.KindForge:
+	case f3_kind.KindForge:
 		return newForge()
-	case f3_tree.KindOrganizations:
+	case f3_kind.KindOrganizations:
 		return newOrganizations()
-	case f3_tree.KindOrganization:
+	case f3_kind.KindOrganization:
 		return newOrganization()
-	case f3_tree.KindUsers:
+	case f3_kind.KindUsers:
 		return newUsers()
-	case f3_tree.KindUser:
+	case f3_kind.KindUser:
 		return newUser()
-	case f3_tree.KindProjects:
+	case f3_kind.KindProjects:
 		return newProjects()
-	case f3_tree.KindProject:
+	case f3_kind.KindProject:
 		return newProject()
-	case f3_tree.KindIssues:
+	case f3_kind.KindIssues:
 		return newIssues()
-	case f3_tree.KindIssue:
+	case f3_kind.KindIssue:
 		return newIssue()
-	case f3_tree.KindComments:
+	case f3_kind.KindComments:
 		return newComments()
-	case f3_tree.KindComment:
+	case f3_kind.KindComment:
 		return newComment()
-	case f3_tree.KindAttachments:
+	case f3_kind.KindAttachments:
 		return newAttachments()
-	case f3_tree.KindAttachment:
+	case f3_kind.KindAttachment:
 		return newAttachment()
-	case f3_tree.KindLabels:
+	case f3_kind.KindLabels:
 		return newLabels()
-	case f3_tree.KindLabel:
+	case f3_kind.KindLabel:
 		return newLabel()
-	case f3_tree.KindReactions:
+	case f3_kind.KindReactions:
 		return newReactions()
-	case f3_tree.KindReaction:
+	case f3_kind.KindReaction:
 		return newReaction()
-	case f3_tree.KindReviews:
+	case f3_kind.KindReviews:
 		return newReviews()
-	case f3_tree.KindReview:
+	case f3_kind.KindReview:
 		return newReview()
-	case f3_tree.KindReviewComments:
+	case f3_kind.KindReviewComments:
 		return newReviewComments()
-	case f3_tree.KindReviewComment:
+	case f3_kind.KindReviewComment:
 		return newReviewComment()
-	case f3_tree.KindMilestones:
+	case f3_kind.KindMilestones:
 		return newMilestones()
-	case f3_tree.KindMilestone:
+	case f3_kind.KindMilestone:
 		return newMilestone()
-	case f3_tree.KindPullRequests:
+	case f3_kind.KindPullRequests:
 		return newPullRequests()
-	case f3_tree.KindPullRequest:
+	case f3_kind.KindPullRequest:
 		return newPullRequest()
-	case f3_tree.KindReleases:
+	case f3_kind.KindReleases:
 		return newReleases()
-	case f3_tree.KindRelease:
+	case f3_kind.KindRelease:
 		return newRelease()
-	case f3_tree.KindTopics:
+	case f3_kind.KindTopics:
 		return newTopics()
-	case f3_tree.KindTopic:
+	case f3_kind.KindTopic:
 		return newTopic()
-	case f3_tree.KindRepositories:
+	case f3_kind.KindRepositories:
 		return newRepositories()
-	case f3_tree.KindRepository:
+	case f3_kind.KindRepository:
 		return newRepository(ctx)
 	case f3_kind.KindRoot:
 		return newRoot(o.GetTree().(f3_tree.TreeInterface).NewFormat(kind))
diff --git a/services/f3/driver/user.go b/services/f3/driver/user.go
index bf8bfaf9c9..d100234fbc 100644
--- a/services/f3/driver/user.go
+++ b/services/f3/driver/user.go
@@ -28,6 +28,19 @@ type user struct {
 	forgejoUser *user_model.User
 }
 
+const fakeEmailSuffix = ".fakeemail"
+
+func fromFakeEmail(mail string) string {
+	return strings.TrimSuffix(mail, fakeEmailSuffix)
+}
+
+func toFakeEmail(mail string) string {
+	if !strings.HasSuffix(mail, fakeEmailSuffix) {
+		return mail + fakeEmailSuffix
+	}
+	return mail
+}
+
 func getSystemUserByName(name string) *user_model.User {
 	switch name {
 	case user_model.GhostUserName:
@@ -90,6 +103,7 @@ func (o *user) Get(ctx context.Context) bool {
 	if err != nil {
 		panic(fmt.Errorf("user %v %w", id, err))
 	}
+	u.Email = fromFakeEmail(u.Email)
 	o.forgejoUser = u
 	return true
 }
@@ -103,7 +117,8 @@ func (o *user) Put(ctx context.Context) f3_id.NodeID {
 	}
 
 	o.forgejoUser.LowerName = strings.ToLower(o.forgejoUser.Name)
-	o.Trace("%v", *o.forgejoUser)
+	o.forgejoUser.Email = toFakeEmail(o.forgejoUser.Email)
+	o.Trace("%+v", *o.forgejoUser)
 	overwriteDefault := &user_model.CreateUserOverwriteOptions{
 		IsActive: optional.Some(true),
 	}
@@ -119,6 +134,11 @@ func (o *user) Delete(ctx context.Context) {
 	node := o.GetNode()
 	o.Trace("%s", node.GetID())
 
+	if o.forgejoUser.ID == 1 && o.forgejoUser.IsAdmin {
+		o.Debug("silently ignore a request to delete the admin user with ID 1 because it is assumed to be required: %+v", o.forgejoUser.Type)
+		return
+	}
+
 	if err := user_service.DeleteUser(ctx, o.forgejoUser, true); err != nil {
 		panic(err)
 	}
diff --git a/services/f3/driver/users.go b/services/f3/driver/users.go
index cb413ae05d..bee664e42c 100644
--- a/services/f3/driver/users.go
+++ b/services/f3/driver/users.go
@@ -11,16 +11,17 @@ import (
 	"forgejo.org/models/db"
 	user_model "forgejo.org/models/user"
 
+	"code.forgejo.org/f3/gof3/v3/f3"
 	f3_id "code.forgejo.org/f3/gof3/v3/id"
 	f3_tree "code.forgejo.org/f3/gof3/v3/tree/f3"
-	"code.forgejo.org/f3/gof3/v3/tree/generic"
+	f3_tree_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 )
 
 type users struct {
 	container
 }
 
-func (o *users) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
+func (o *users) ListPage(ctx context.Context, node f3_tree_generic.NodeInterface, _ f3_tree_generic.ListOptions, page int) f3_tree_generic.ChildrenList {
 	sess := db.GetEngine(ctx).In("type", user_model.UserTypeIndividual, user_model.UserTypeRemoteUser)
 	if page != 0 {
 		sess = db.SetSessionPagination(sess, &db.ListOptions{Page: page, PageSize: o.getPageSize()})
@@ -32,18 +33,26 @@ func (o *users) ListPage(ctx context.Context, page int) generic.ChildrenSlice {
 		panic(fmt.Errorf("error while listing users: %v", err))
 	}
 
-	return f3_tree.ConvertListed(ctx, o.GetNode(), f3_tree.ConvertToAny(users...)...)
+	return f3_tree.ConvertListed(ctx, node, f3_tree.ConvertToAny(users...)...)
+}
+
+func (o *users) LookupMappedID(ctx context.Context, id f3_id.NodeID, f f3.Interface) f3_id.NodeID {
+	user := f.(*f3.User)
+	return o.GetIDFromName(ctx, user.UserName)
 }
 
 func (o *users) GetIDFromName(ctx context.Context, name string) f3_id.NodeID {
 	user, err := user_model.GetUserByName(ctx, name)
+	if user_model.IsErrUserNotExist(err) {
+		return f3_id.NilID
+	}
 	if err != nil {
-		panic(fmt.Errorf("GetUserByName: %v", err))
+		panic(fmt.Errorf("GetUserByName(%s): %v", name, err))
 	}
 
 	return f3_id.NewNodeID(user.ID)
 }
 
-func newUsers() generic.NodeDriverInterface {
+func newUsers() f3_tree_generic.NodeDriverInterface {
 	return &users{}
 }
diff --git a/tests/integration/api_nodeinfo_test.go b/tests/integration/api_nodeinfo_test.go
index cafdc1a7cc..ab7709d603 100644
--- a/tests/integration/api_nodeinfo_test.go
+++ b/tests/integration/api_nodeinfo_test.go
@@ -29,7 +29,7 @@ func TestNodeinfo(t *testing.T) {
 	DecodeJSON(t, resp, &nodeinfo)
 	assert.True(t, nodeinfo.OpenRegistrations)
 	assert.Equal(t, "forgejo", nodeinfo.Software.Name)
-	assert.Equal(t, 29, nodeinfo.Usage.Users.Total)
+	assert.Equal(t, 30, nodeinfo.Usage.Users.Total)
 	assert.Equal(t, 23, nodeinfo.Usage.LocalPosts)
 	assert.Equal(t, 4, nodeinfo.Usage.LocalComments)
 }
diff --git a/tests/integration/cmd_forgejo_f3_test.go b/tests/integration/cmd_forgejo_f3_test.go
index 19390eec90..ac5e8922df 100644
--- a/tests/integration/cmd_forgejo_f3_test.go
+++ b/tests/integration/cmd_forgejo_f3_test.go
@@ -24,6 +24,7 @@ import (
 	f3_generic "code.forgejo.org/f3/gof3/v3/tree/generic"
 	f3_tests "code.forgejo.org/f3/gof3/v3/tree/tests/f3"
 	f3_tests_forge "code.forgejo.org/f3/gof3/v3/tree/tests/f3/forge"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/urfave/cli/v3"
 )
@@ -61,14 +62,14 @@ func TestF3_CmdMirror_LocalForgejo(t *testing.T) {
 
 	ctx := t.Context()
 
-	mirrorOptions := f3_tests_forge.GetFactory(options.Name)().NewOptions(t)
+	mirrorForge := f3_tests_forge.GetFactory(options.Name)()
+	mirrorOptions := mirrorForge.NewOptions(t)
 	mirrorTree := f3_generic.GetFactory("f3")(ctx, mirrorOptions)
 
 	fixtureOptions := f3_tests_forge.GetFactory(f3_filesystem_options.Name)().NewOptions(t)
 	fixtureTree := f3_generic.GetFactory("f3")(ctx, fixtureOptions)
 
 	log := fixtureTree.GetLogger()
-	creator := f3_tests.NewCreator(t, "CmdMirrorLocalForgejo", log)
 
 	log.Trace("======= build fixture")
 
@@ -77,9 +78,10 @@ func TestF3_CmdMirror_LocalForgejo(t *testing.T) {
 		fixtureUserID := "userID01"
 		fixtureProjectID := "projectID01"
 
+		creator := f3_tests.NewCreator(t, "CMFixture", fixtureTree)
 		userFormat := creator.GenerateUser()
 		userFormat.SetID(fixtureUserID)
-		users := fixtureTree.MustFind(f3_generic.NewPathFromString("/forge/users"))
+		users := fixtureTree.MustFind(f3_generic.NewNodePathFromString("/forge/users"))
 		user := users.CreateChild(ctx)
 		user.FromFormat(userFormat)
 		user.Upsert(ctx)
@@ -87,7 +89,7 @@ func TestF3_CmdMirror_LocalForgejo(t *testing.T) {
 
 		projectFormat := creator.GenerateProject()
 		projectFormat.SetID(fixtureProjectID)
-		projects := user.MustFind(f3_generic.NewPathFromString("projects"))
+		projects := f3_generic.MustFind(user, f3_generic.NewNodePathFromString("projects"))
 		project := projects.CreateChild(ctx)
 		project.FromFormat(projectFormat)
 		project.Upsert(ctx)
@@ -98,25 +100,8 @@ func TestF3_CmdMirror_LocalForgejo(t *testing.T) {
 
 	log.Trace("======= create mirror")
 
-	var toPath string
-	var projects f3_generic.NodeInterface
-	{
-		userFormat := creator.GenerateUser()
-		users := mirrorTree.MustFind(f3_generic.NewPathFromString("/forge/users"))
-		user := users.CreateChild(ctx)
-		user.FromFormat(userFormat)
-		user.Upsert(ctx)
-		require.Equal(t, user.GetID(), users.GetIDFromName(ctx, userFormat.UserName))
-
-		projectFormat := creator.GenerateProject()
-		projects = user.MustFind(f3_generic.NewPathFromString("projects"))
-		project := projects.CreateChild(ctx)
-		project.FromFormat(projectFormat)
-		project.Upsert(ctx)
-		require.Equal(t, project.GetID(), projects.GetIDFromName(ctx, projectFormat.Name))
-
-		toPath = fmt.Sprintf("/forge/users/%s/projects/%s", userFormat.UserName, projectFormat.Name)
-	}
+	otherProjectName := "otherproject"
+	toPath := "/forge/users/otheruser/projects/" + otherProjectName
 
 	log.Trace("======= mirror %s => %s", fromPath, toPath)
 	output, err := runApp(ctx,
@@ -131,7 +116,10 @@ func TestF3_CmdMirror_LocalForgejo(t *testing.T) {
 	require.NoError(t, err)
 	log.Trace("======= assert")
 	require.Contains(t, output, fmt.Sprintf("mirror %s", fromPath))
-	projects.List(ctx)
-	require.NotEmpty(t, projects.GetChildren())
-	log.Trace("======= project %s", projects.GetChildren()[0])
+	project := f3_generic.NilNode
+	mirrorTree.ApplyAndGet(ctx, f3_generic.NewNodePathFromString(toPath), f3_generic.NewApplyOptions(func(ctx context.Context, parent, p f3_generic.Path, node f3_generic.NodeInterface) {
+		project = node
+	}))
+	require.NotEqual(t, f3_generic.NilNode, project)
+	assert.Equal(t, otherProjectName, project.GetName())
 }

From 5afa5a2b5a7a730c5fe0c8ff76ab8325b198ae4e Mon Sep 17 00:00:00 2001
From: zokki <zokki.softwareschmiede@gmail.com>
Date: Tue, 13 Jan 2026 18:18:40 +0100
Subject: [PATCH 147/854] fix: better error message for invalid tokens (#10727)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes https://codeberg.org/forgejo/forgejo/issues/7514
When a token is used, provide a better error message when that token is not valid.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10727
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
---
 services/auth/oauth2.go            | 25 +++++++++++--------
 services/auth/oauth2_test.go       | 39 ++++++++++++++++++++++++------
 tests/integration/api_repo_test.go |  2 +-
 3 files changed, 47 insertions(+), 19 deletions(-)

diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go
index ee9f64c91f..eb1dffa32a 100644
--- a/services/auth/oauth2.go
+++ b/services/auth/oauth2.go
@@ -147,7 +147,10 @@ func parseToken(req *http.Request) (string, bool) {
 // userIDFromToken returns the user id corresponding to the OAuth token.
 // It will set 'IsApiToken' to true if the token is an API token and
 // set 'ApiTokenScope' to the scope of the access token
-func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store DataStore) int64 {
+func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store DataStore) (int64, error) {
+	if tokenSHA == "" {
+		return 0, auth_model.ErrAccessTokenEmpty{}
+	}
 	// Let's see if token is valid.
 	if strings.Contains(tokenSHA, ".") {
 		// First attempt to decode an actions JWT, returning the actions user
@@ -155,7 +158,7 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat
 			if CheckTaskIsRunning(ctx, taskID) {
 				store.GetData()["IsActionsToken"] = true
 				store.GetData()["ActionsTaskID"] = taskID
-				return user_model.ActionsUserID
+				return user_model.ActionsUserID, nil
 			}
 		}
 
@@ -169,7 +172,7 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat
 				store.GetData()["ApiTokenScope"] = auth_model.AccessTokenScopeAll // fallback to all
 			}
 		}
-		return uid
+		return uid, nil
 	}
 	t, err := auth_model.GetAccessTokenBySHA(ctx, tokenSHA)
 	if err != nil {
@@ -182,19 +185,22 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat
 				store.GetData()["IsActionsToken"] = true
 				store.GetData()["ActionsTaskID"] = task.ID
 
-				return user_model.ActionsUserID
+				return user_model.ActionsUserID, nil
 			}
 		} else if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
 			log.Error("GetAccessTokenBySHA: %v", err)
 		}
-		return 0
+		return 0, err
 	}
 	if err := t.UpdateLastUsed(ctx); err != nil {
 		log.Error("UpdateLastUsed: %v", err)
 	}
+	if t.UID == 0 {
+		return 0, auth_model.ErrAccessTokenNotExist{}
+	}
 	store.GetData()["IsApiToken"] = true
 	store.GetData()["ApiTokenScope"] = t.Scope
-	return t.UID
+	return t.UID, nil
 }
 
 // Verify extracts the user ID from the OAuth token in the query parameters
@@ -213,10 +219,9 @@ func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStor
 		return nil, nil
 	}
 
-	id := o.userIDFromToken(req.Context(), token, store)
-
-	if id <= 0 && id != -2 { // -2 means actions, so we need to allow it.
-		return nil, user_model.ErrUserNotExist{}
+	id, err := o.userIDFromToken(req.Context(), token, store)
+	if err != nil {
+		return nil, err
 	}
 	log.Trace("OAuth2 Authorization: Found token for user[%d]", id)
 
diff --git a/services/auth/oauth2_test.go b/services/auth/oauth2_test.go
index 3fce7df50b..a8fe9961fa 100644
--- a/services/auth/oauth2_test.go
+++ b/services/auth/oauth2_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"testing"
 
+	"forgejo.org/models/auth"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/web/middleware"
@@ -27,11 +28,32 @@ func TestUserIDFromToken(t *testing.T) {
 		ds := make(middleware.ContextData)
 
 		o := OAuth2{}
-		uid := o.userIDFromToken(t.Context(), token, ds)
+		uid, err := o.userIDFromToken(t.Context(), token, ds)
+		require.NoError(t, err)
 		assert.Equal(t, int64(user_model.ActionsUserID), uid)
 		assert.Equal(t, true, ds["IsActionsToken"])
 		assert.Equal(t, ds["ActionsTaskID"], int64(RunningTaskID))
 	})
+
+	t.Run("Actions error-JWT", func(t *testing.T) {
+		cases := map[string]struct {
+			Token string
+			Error error
+		}{
+			"Empty":    {"", auth.ErrAccessTokenEmpty{}},
+			"To short": {"abc", auth.ErrAccessTokenNotExist{Token: "abc"}},
+		}
+
+		ds := make(middleware.ContextData)
+		o := OAuth2{}
+		for name, c := range cases {
+			t.Run(name, func(t *testing.T) {
+				uid, err := o.userIDFromToken(t.Context(), c.Token, ds)
+				require.ErrorIs(t, err, c.Error)
+				assert.Equal(t, int64(0), uid)
+			})
+		}
+	})
 }
 
 func TestCheckTaskIsRunning(t *testing.T) {
@@ -60,13 +82,14 @@ func TestParseToken(t *testing.T) {
 		ExpectedToken string
 		Expected      bool
 	}{
-		"Token Uppercase":  {Header: "Token 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
-		"Token Lowercase":  {Header: "token 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
-		"Token Unicode":    {Header: "to\u212Aen 1234567890123456789012345687901325467890", ExpectedToken: "", Expected: false},
-		"Bearer Uppercase": {Header: "Bearer 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
-		"Bearer Lowercase": {Header: "bearer 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
-		"Missing type":     {Header: "1234567890123456789012345687901325467890", ExpectedToken: "", Expected: false},
-		"Three Parts":      {Header: "abc 1234567890 test", ExpectedToken: "", Expected: false},
+		"Token Uppercase":   {Header: "Token 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
+		"Token Lowercase":   {Header: "token 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
+		"Token Unicode":     {Header: "to\u212Aen 1234567890123456789012345687901325467890", ExpectedToken: "", Expected: false},
+		"Bearer Uppercase":  {Header: "Bearer 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
+		"Bearer Lowercase":  {Header: "bearer 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
+		"Missing type":      {Header: "1234567890123456789012345687901325467890", ExpectedToken: "", Expected: false},
+		"Three Parts":       {Header: "abc 1234567890 test", ExpectedToken: "", Expected: false},
+		"Token Three Parts": {Header: "Token 1234567890 test", ExpectedToken: "", Expected: false},
 	}
 
 	for name := range cases {
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index edd0c61a44..3dd79c8ebe 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -52,7 +52,7 @@ func TestAPIUserReposWithWrongToken(t *testing.T) {
 		AddTokenAuth(wrongToken)
 	resp := MakeRequest(t, req, http.StatusUnauthorized)
 
-	assert.Contains(t, resp.Body.String(), "user does not exist")
+	assert.Contains(t, resp.Body.String(), "access token does not exist")
 }
 
 func TestAPISearchRepo(t *testing.T) {

From 1dceb238687cde6e38654f0eaee7cab6240cbad0 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Tue, 13 Jan 2026 21:04:35 +0100
Subject: [PATCH 148/854] fix: drop sqlite shared cache (#10812)

Use of sqlite shared cache is discouraged and obsolete. wal mode should be used instead.

- https://sqlite.org/sharedcache.html#use_of_shared_cache_is_discouraged

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10812
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 modules/setting/database.go                       | 15 +++++++++++----
 .../integration/migration-test/migration_test.go  |  2 +-
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/modules/setting/database.go b/modules/setting/database.go
index 91b3c90747..bd20edf9c2 100644
--- a/modules/setting/database.go
+++ b/modules/setting/database.go
@@ -239,12 +239,19 @@ func dbConnStrWithHost(host string) (string, error) {
 		if err := os.MkdirAll(filepath.Dir(Database.Path), os.ModePerm); err != nil {
 			return "", fmt.Errorf("failed to create directories: %w", err)
 		}
-		journalMode := ""
+		opts := ""
 		if Database.SQLiteJournalMode != "" {
-			journalMode = "&_journal_mode=" + Database.SQLiteJournalMode
+			opts = "&_journal_mode=" + Database.SQLiteJournalMode
 		}
-		connStr = fmt.Sprintf("file:%s?cache=shared&mode=rwc&_busy_timeout=%d&_txlock=immediate%s",
-			Database.Path, Database.Timeout, journalMode)
+
+		// in memory mode needs shared cache to be usable by multiple connections
+		// only used in tests normally
+		if Database.Path == ":memory:" {
+			opts += "&cache=shared"
+		} else {
+			opts += "&mode=rwc"
+		}
+		connStr = fmt.Sprintf("file:%s?_busy_timeout=%d&_txlock=immediate%s", Database.Path, Database.Timeout, opts)
 	default:
 		return "", fmt.Errorf("unknown database type: %s", Database.Type)
 	}
diff --git a/tests/integration/migration-test/migration_test.go b/tests/integration/migration-test/migration_test.go
index 2bc57142e2..58d525a8f7 100644
--- a/tests/integration/migration-test/migration_test.go
+++ b/tests/integration/migration-test/migration_test.go
@@ -158,7 +158,7 @@ func restoreOldDB(t *testing.T, version string) bool {
 		err := os.MkdirAll(path.Dir(setting.Database.Path), os.ModePerm)
 		require.NoError(t, err)
 
-		db, err := sql.Open("sqlite3", fmt.Sprintf("file:%s?cache=shared&mode=rwc&_busy_timeout=%d&_txlock=immediate", setting.Database.Path, setting.Database.Timeout))
+		db, err := sql.Open("sqlite3", fmt.Sprintf("file:%s?mode=rwc&_busy_timeout=%d&_txlock=immediate", setting.Database.Path, setting.Database.Timeout))
 		require.NoError(t, err)
 		defer db.Close()
 

From e3bb1589c30cd9c70674a20f91e5a2be603075c8 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 13 Jan 2026 21:30:59 +0100
Subject: [PATCH 149/854] fix: make lastcommit available for non-signed-in
 users (#10815)

- Regression of forgejo/forgejo!9830
- `reqSignIn` means it requires sign-in, but it does not require sign-in (can be hit by visiting large repository) so `ignSignIn` is the better option.
- Resulted in behavior of being redirected to `/user/login` when visiting a repository such as comaps or forgejo when not being logged in.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10815
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 routers/web/web.go                    |  2 +-
 tests/integration/repo_commit_test.go | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/routers/web/web.go b/routers/web/web.go
index 1485579b1d..16b47786d3 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1655,7 +1655,7 @@ func registerRoutes(m *web.Route) {
 		m.Post("/sync_fork", context.RepoMustNotBeArchived(), repo.MustBeNotEmpty, reqRepoCodeWriter, repo.SyncFork)
 	}, ignSignIn, context.RepoAssignment, context.UnitTypes())
 
-	m.Post("/{username}/{reponame}/lastcommit/*", reqSignIn, context.RepoAssignment, context.UnitTypes(), context.RepoRefByType(context.RepoRefCommit), reqRepoCodeReader, repo.LastCommit)
+	m.Post("/{username}/{reponame}/lastcommit/*", ignSignIn, context.RepoAssignment, context.UnitTypes(), context.RepoRefByType(context.RepoRefCommit), reqRepoCodeReader, repo.LastCommit)
 
 	m.Group("/{username}/{reponame}", func() {
 		if !setting.Repository.DisableStars {
diff --git a/tests/integration/repo_commit_test.go b/tests/integration/repo_commit_test.go
index 1e22192cd9..0975e48c0c 100644
--- a/tests/integration/repo_commit_test.go
+++ b/tests/integration/repo_commit_test.go
@@ -82,3 +82,19 @@ func TestRepoCommitHeader(t *testing.T) {
 		assert.Equal(t, commit.ID.String()[:10], sha.Find(".shortsha").Text())
 	})
 }
+
+func TestLastCommit(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Anonymous", func(t *testing.T) {
+		req := NewRequest(t, "POST", "/user2/repo1/lastcommit/65f1bf27bc3bf70f64657658635e66094edbcb4d")
+		MakeRequest(t, req, http.StatusOK)
+	})
+
+	t.Run("Signed in", func(t *testing.T) {
+		session := loginUser(t, "user2")
+
+		req := NewRequest(t, "POST", "/user2/repo1/lastcommit/65f1bf27bc3bf70f64657658635e66094edbcb4d")
+		session.MakeRequest(t, req, http.StatusOK)
+	})
+}

From eeb47e3340de5b1fdd84959cc0eac3e3a07a5302 Mon Sep 17 00:00:00 2001
From: zokki <zokki.softwareschmiede@gmail.com>
Date: Wed, 14 Jan 2026 04:19:21 +0100
Subject: [PATCH 150/854] fix: actions variable and secret names validation
 (#10682)

Fixed action variables and secrets according to [Docu](https://forgejo.org/docs/next/user/actions/basic-concepts/#name-constraints):
> Variable names must not start with the FORGEJO_, GITHUB_ or GITEA_ prefix.
This wasn't correctly enforced, so I changed the regex

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10682
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
---
 services/actions/variables.go                 |   9 +-
 services/secrets/secrets.go                   |   4 -
 services/secrets/validation.go                |   2 +-
 services/secrets/validation_test.go           |  57 +++++++
 templates/shared/secrets/add_list.tmpl        |   2 +-
 templates/shared/variables/variable_list.tmpl |   2 +-
 tests/integration/api_org_secrets_test.go     | 160 ++++++++++++++++++
 tests/integration/api_org_variables_test.go   |  35 +++-
 tests/integration/api_repo_secrets_test.go    |  62 ++++++-
 tests/integration/api_repo_variables_test.go  |  32 +++-
 tests/integration/api_user_secrets_test.go    |  43 ++++-
 tests/integration/api_user_variables_test.go  |  33 +++-
 12 files changed, 411 insertions(+), 30 deletions(-)
 create mode 100644 services/secrets/validation_test.go
 create mode 100644 tests/integration/api_org_secrets_test.go

diff --git a/services/actions/variables.go b/services/actions/variables.go
index f06c81e474..5dd68f0130 100644
--- a/services/actions/variables.go
+++ b/services/actions/variables.go
@@ -50,14 +50,6 @@ func UpdateVariable(ctx context.Context, variableID, ownerID, repoID int64, name
 }
 
 func DeleteVariableByName(ctx context.Context, ownerID, repoID int64, name string) error {
-	if err := secrets_service.ValidateName(name); err != nil {
-		return err
-	}
-
-	if err := envNameCIRegexMatch(name); err != nil {
-		return err
-	}
-
 	v, err := GetVariable(ctx, actions_model.FindVariablesOpts{
 		OwnerID: ownerID,
 		RepoID:  repoID,
@@ -86,6 +78,7 @@ func GetVariable(ctx context.Context, opts actions_model.FindVariablesOpts) (*ac
 // reference to:
 // https://docs.github.com/en/actions/learn-github-actions/variables#naming-conventions-for-configuration-variables
 // https://docs.github.com/en/actions/security-guides/encrypted-secrets#naming-your-secrets
+// https://forgejo.org/docs/next/user/actions/basic-concepts/#name-constraints
 var (
 	forbiddenEnvNameCIRx = regexp.MustCompile("(?i)^CI$")
 )
diff --git a/services/secrets/secrets.go b/services/secrets/secrets.go
index 2de83ef5a2..212016cf1e 100644
--- a/services/secrets/secrets.go
+++ b/services/secrets/secrets.go
@@ -56,10 +56,6 @@ func DeleteSecretByID(ctx context.Context, ownerID, repoID, secretID int64) erro
 }
 
 func DeleteSecretByName(ctx context.Context, ownerID, repoID int64, name string) error {
-	if err := ValidateName(name); err != nil {
-		return err
-	}
-
 	s, err := db.Find[secret_model.Secret](ctx, secret_model.FindSecretsOptions{
 		OwnerID: ownerID,
 		RepoID:  repoID,
diff --git a/services/secrets/validation.go b/services/secrets/validation.go
index 44250ba87b..676012f7d0 100644
--- a/services/secrets/validation.go
+++ b/services/secrets/validation.go
@@ -12,7 +12,7 @@ import (
 // https://docs.github.com/en/actions/security-guides/encrypted-secrets#naming-your-secrets
 var (
 	namePattern            = regexp.MustCompile("(?i)^[A-Z_][A-Z0-9_]*$")
-	forbiddenPrefixPattern = regexp.MustCompile("(?i)^GIT(EA|HUB)_")
+	forbiddenPrefixPattern = regexp.MustCompile("(?i)^FORGEJO_|GITEA_|GITHUB_")
 
 	ErrInvalidName = util.NewInvalidArgumentErrorf("invalid secret name")
 )
diff --git a/services/secrets/validation_test.go b/services/secrets/validation_test.go
new file mode 100644
index 0000000000..2dface6f6d
--- /dev/null
+++ b/services/secrets/validation_test.go
@@ -0,0 +1,57 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package secrets
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestValidateName(t *testing.T) {
+	testCases := []struct {
+		name  string
+		valid bool
+	}{
+		{"FORGEJO_", false},
+		{"FORGEJO_123", false},
+		{"FORGEJO_ABC", false},
+		{"GITEA_", false},
+		{"GITEA_123", false},
+		{"GITEA_ABC", false},
+		{"GITHUB_", false},
+		{"GITHUB_123", false},
+		{"GITHUB_ABC", false},
+		{"123_TEST", false},
+		{"CI", true},
+		{"_CI", true},
+		{"CI_", true},
+		{"CI123", true},
+		{"CIABC", true},
+		{"FORGEJO", true},
+		{"FORGEJO123", true},
+		{"FORGEJOABC", true},
+		{"GITEA", true},
+		{"GITEA123", true},
+		{"GITEAABC", true},
+		{"GITHUB", true},
+		{"GITHUB123", true},
+		{"GITHUBABC", true},
+		{"_123_TEST", true},
+	}
+	for _, tC := range testCases {
+		t.Run(tC.name, func(t *testing.T) {
+			t.Helper()
+			if tC.valid {
+				assert.NoError(t, ValidateName(tC.name))
+				assert.NoError(t, ValidateName(strings.ToLower(tC.name)))
+			} else {
+				require.ErrorIs(t, ValidateName(tC.name), ErrInvalidName)
+				require.ErrorIs(t, ValidateName(strings.ToLower(tC.name)), ErrInvalidName)
+			}
+		})
+	}
+}
diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
index 0cd276f64c..d4f3744717 100644
--- a/templates/shared/secrets/add_list.tmpl
+++ b/templates/shared/secrets/add_list.tmpl
@@ -62,7 +62,7 @@
 					id="secret-name"
 					name="name"
 					value="{{.name}}"
-					pattern="^(?!GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
+					pattern="^(?!FORGEJO_|GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
 					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>
 			</div>
diff --git a/templates/shared/variables/variable_list.tmpl b/templates/shared/variables/variable_list.tmpl
index 0ac9879264..ac7b0afe85 100644
--- a/templates/shared/variables/variable_list.tmpl
+++ b/templates/shared/variables/variable_list.tmpl
@@ -72,7 +72,7 @@
 					name="name"
 					id="dialog-variable-name"
 					value="{{.name}}"
-					pattern="^(?!GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
+					pattern="^(?!CI$)(?!FORGEJO_|GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
 					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>
 			</div>
diff --git a/tests/integration/api_org_secrets_test.go b/tests/integration/api_org_secrets_test.go
new file mode 100644
index 0000000000..2a0574549d
--- /dev/null
+++ b/tests/integration/api_org_secrets_test.go
@@ -0,0 +1,160 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"testing"
+
+	auth_model "forgejo.org/models/auth"
+	org_model "forgejo.org/models/organization"
+	secret_model "forgejo.org/models/secret"
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/keying"
+	api "forgejo.org/modules/structs"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAPIOrgSecrets(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
+	session := loginUser(t, "user2")
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
+
+	t.Run("List", func(t *testing.T) {
+		listURL := fmt.Sprintf("/api/v1/orgs/%s/actions/secrets", org.Name)
+		req := NewRequest(t, "GET", listURL).AddTokenAuth(token)
+		res := MakeRequest(t, req, http.StatusOK)
+		secrets := []*api.Secret{}
+		DecodeJSON(t, res, &secrets)
+		assert.Empty(t, secrets)
+
+		createData := api.CreateOrUpdateSecretOption{Data: "a secret to create"}
+		req = NewRequestWithJSON(t, "PUT", listURL+"/first", createData).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+		req = NewRequestWithJSON(t, "PUT", listURL+"/sec2", createData).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+		req = NewRequestWithJSON(t, "PUT", listURL+"/last", createData).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		req = NewRequest(t, "GET", listURL).AddTokenAuth(token)
+		res = MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, res, &secrets)
+		assert.Len(t, secrets, 3)
+		expectedValues := []string{"FIRST", "SEC2", "LAST"}
+		for _, secret := range secrets {
+			assert.Contains(t, expectedValues, secret.Name)
+		}
+	})
+
+	t.Run("Create", func(t *testing.T) {
+		cases := []struct {
+			Name           string
+			ExpectedStatus int
+		}{
+			{
+				Name:           "",
+				ExpectedStatus: http.StatusMethodNotAllowed,
+			},
+			{
+				Name:           "-",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           "_",
+				ExpectedStatus: http.StatusCreated,
+			},
+			{
+				Name:           "ci",
+				ExpectedStatus: http.StatusCreated,
+			},
+			{
+				Name:           "secret",
+				ExpectedStatus: http.StatusCreated,
+			},
+			{
+				Name:           "2secret",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           "FORGEJO_secret",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           "GITEA_secret",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           "GITHUB_secret",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+		}
+
+		for _, c := range cases {
+			req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/actions/secrets/%s", org.Name, c.Name), api.CreateOrUpdateSecretOption{
+				Data: "data",
+			}).AddTokenAuth(token)
+			MakeRequest(t, req, c.ExpectedStatus)
+		}
+	})
+
+	t.Run("Update", func(t *testing.T) {
+		name := "update_org_secret_and_test_data"
+		url := fmt.Sprintf("/api/v1/orgs/%s/actions/secrets/%s", org.Name, name)
+
+		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
+			Data: "initial",
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
+			Data: "changed data",
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{Name: strings.ToUpper(name)})
+		data, err := keying.ActionSecret.Decrypt(secret.Data, keying.ColumnAndID("data", secret.ID))
+		require.NoError(t, err)
+		assert.Equal(t, "changed data", string(data))
+	})
+
+	t.Run("Delete", func(t *testing.T) {
+		name := "delete_secret"
+		url := fmt.Sprintf("/api/v1/orgs/%s/actions/secrets/%s", org.Name, name)
+
+		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
+			Data: "initial",
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		req = NewRequest(t, "DELETE", url).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		req = NewRequest(t, "DELETE", url).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+
+	t.Run("Delete with forbidden names", func(t *testing.T) {
+		secret, err := secret_model.InsertEncryptedSecret(t.Context(), org.ID, 0, "FORGEJO_FORBIDDEN", "illegal")
+		require.NoError(t, err)
+
+		url := fmt.Sprintf("/api/v1/orgs/%s/actions/secrets/%s", org.Name, secret.Name)
+
+		req := NewRequest(t, "DELETE", url).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		req = NewRequest(t, "DELETE", url).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+}
diff --git a/tests/integration/api_org_variables_test.go b/tests/integration/api_org_variables_test.go
index ffd73fadb2..f3ef009772 100644
--- a/tests/integration/api_org_variables_test.go
+++ b/tests/integration/api_org_variables_test.go
@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"testing"
 
+	actions_model "forgejo.org/models/actions"
 	auth_model "forgejo.org/models/auth"
 	org_model "forgejo.org/models/organization"
 	"forgejo.org/models/unittest"
@@ -15,6 +16,7 @@ import (
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestAPIOrgVariablesCreateOrganizationVariable(t *testing.T) {
@@ -56,6 +58,10 @@ func TestAPIOrgVariablesCreateOrganizationVariable(t *testing.T) {
 			Name:           "var@test",
 			ExpectedStatus: http.StatusBadRequest,
 		},
+		{
+			Name:           "forgejo_var",
+			ExpectedStatus: http.StatusBadRequest,
+		},
 		{
 			Name:           "github_var",
 			ExpectedStatus: http.StatusBadRequest,
@@ -68,9 +74,21 @@ func TestAPIOrgVariablesCreateOrganizationVariable(t *testing.T) {
 
 	for _, c := range cases {
 		requestURL := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, c.Name)
-		request := NewRequestWithJSON(t, "POST", requestURL, api.CreateVariableOption{Value: "value"})
+		request := NewRequestWithJSON(t, "POST", requestURL, api.CreateVariableOption{
+			Value: "value" + c.Name,
+		})
 		request.AddTokenAuth(token)
 		MakeRequest(t, request, c.ExpectedStatus)
+
+		if c.ExpectedStatus < 300 {
+			request = NewRequest(t, "GET", requestURL).
+				AddTokenAuth(token)
+			res := MakeRequest(t, request, http.StatusOK)
+			variable := api.ActionVariable{}
+			DecodeJSON(t, res, &variable)
+			assert.Equal(t, variable.Name, c.Name)
+			assert.Equal(t, variable.Data, "value"+c.Name)
+		}
 	}
 }
 
@@ -114,6 +132,11 @@ func TestAPIOrgVariablesUpdateOrganizationVariable(t *testing.T) {
 			UpdateName:     "ci",
 			ExpectedStatus: http.StatusBadRequest,
 		},
+		{
+			Name:           variableName,
+			UpdateName:     "forgejo_foo",
+			ExpectedStatus: http.StatusBadRequest,
+		},
 		{
 			Name:           variableName,
 			UpdateName:     "updated_var_name",
@@ -141,6 +164,8 @@ func TestAPIOrgVariablesDeleteOrganizationVariable(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
+	variable, err := actions_model.InsertVariable(t.Context(), org.ID, 0, "FORGEJO_FORBIDDEN", "illegal")
+	require.NoError(t, err)
 	session := loginUser(t, "user2")
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
 
@@ -157,6 +182,14 @@ func TestAPIOrgVariablesDeleteOrganizationVariable(t *testing.T) {
 
 	request = NewRequest(t, "DELETE", url).AddTokenAuth(token)
 	MakeRequest(t, request, http.StatusNotFound)
+
+	// deleting of forbidden names should still be possible
+	url = fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, variable.Name)
+	request = NewRequest(t, "DELETE", url).AddTokenAuth(token)
+	MakeRequest(t, request, http.StatusNoContent)
+
+	request = NewRequest(t, "DELETE", url).AddTokenAuth(token)
+	MakeRequest(t, request, http.StatusNotFound)
 }
 
 func TestAPIOrgVariablesGetSingleOrganizationVariable(t *testing.T) {
diff --git a/tests/integration/api_repo_secrets_test.go b/tests/integration/api_repo_secrets_test.go
index 3da4412dde..a6a59818f7 100644
--- a/tests/integration/api_repo_secrets_test.go
+++ b/tests/integration/api_repo_secrets_test.go
@@ -6,18 +6,22 @@ package integration
 import (
 	"fmt"
 	"net/http"
+	"strings"
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
+	secret_model "forgejo.org/models/secret"
 	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/keying"
 	api "forgejo.org/modules/structs"
 	repo_service "forgejo.org/services/repository"
 	"forgejo.org/tests"
 
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
@@ -30,9 +34,29 @@ func TestAPIRepoSecrets(t *testing.T) {
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
 
 	t.Run("List", func(t *testing.T) {
-		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/actions/secrets", repo.FullName())).
-			AddTokenAuth(token)
-		MakeRequest(t, req, http.StatusOK)
+		listURL := fmt.Sprintf("/api/v1/repos/%s/actions/secrets", repo.FullName())
+		req := NewRequest(t, "GET", listURL).AddTokenAuth(token)
+		res := MakeRequest(t, req, http.StatusOK)
+		secrets := []*api.Secret{}
+		DecodeJSON(t, res, &secrets)
+		assert.Empty(t, secrets)
+
+		createData := api.CreateOrUpdateSecretOption{Data: "a secret to create"}
+		req = NewRequestWithJSON(t, "PUT", listURL+"/first", createData).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+		req = NewRequestWithJSON(t, "PUT", listURL+"/sec2", createData).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+		req = NewRequestWithJSON(t, "PUT", listURL+"/last", createData).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		req = NewRequest(t, "GET", listURL).AddTokenAuth(token)
+		res = MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, res, &secrets)
+		assert.Len(t, secrets, 3)
+		expectedValues := []string{"FIRST", "SEC2", "LAST"}
+		for _, secret := range secrets {
+			assert.Contains(t, expectedValues, secret.Name)
+		}
 	})
 
 	t.Run("Create", func(t *testing.T) {
@@ -52,6 +76,10 @@ func TestAPIRepoSecrets(t *testing.T) {
 				Name:           "_",
 				ExpectedStatus: http.StatusCreated,
 			},
+			{
+				Name:           "ci",
+				ExpectedStatus: http.StatusCreated,
+			},
 			{
 				Name:           "secret",
 				ExpectedStatus: http.StatusCreated,
@@ -60,6 +88,10 @@ func TestAPIRepoSecrets(t *testing.T) {
 				Name:           "2secret",
 				ExpectedStatus: http.StatusBadRequest,
 			},
+			{
+				Name:           "FORGEJO_secret",
+				ExpectedStatus: http.StatusBadRequest,
+			},
 			{
 				Name:           "GITEA_secret",
 				ExpectedStatus: http.StatusBadRequest,
@@ -79,7 +111,7 @@ func TestAPIRepoSecrets(t *testing.T) {
 	})
 
 	t.Run("Update", func(t *testing.T) {
-		name := "update_secret"
+		name := "update_repo_secret_and_test_data"
 		url := fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), name)
 
 		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
@@ -88,9 +120,14 @@ func TestAPIRepoSecrets(t *testing.T) {
 		MakeRequest(t, req, http.StatusCreated)
 
 		req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
-			Data: "changed",
+			Data: "changed data",
 		}).AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusNoContent)
+
+		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{Name: strings.ToUpper(name)})
+		data, err := keying.ActionSecret.Decrypt(secret.Data, keying.ColumnAndID("data", secret.ID))
+		require.NoError(t, err)
+		assert.Equal(t, "changed data", string(data))
 	})
 
 	t.Run("Delete", func(t *testing.T) {
@@ -109,10 +146,21 @@ func TestAPIRepoSecrets(t *testing.T) {
 		req = NewRequest(t, "DELETE", url).
 			AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusNotFound)
+	})
 
-		req = NewRequest(t, "DELETE", fmt.Sprintf("/api/v1/repos/%s/actions/secrets/000", repo.FullName())).
+	t.Run("Delete with forbidden names", func(t *testing.T) {
+		secret, err := secret_model.InsertEncryptedSecret(t.Context(), 0, repo.ID, "FORGEJO_FORBIDDEN", "illegal")
+		require.NoError(t, err)
+
+		url := fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), secret.Name)
+
+		req := NewRequest(t, "DELETE", url).
 			AddTokenAuth(token)
-		MakeRequest(t, req, http.StatusBadRequest)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		req = NewRequest(t, "DELETE", url).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
 	})
 
 	t.Run("Endpoints disabled if Actions disabled", func(t *testing.T) {
diff --git a/tests/integration/api_repo_variables_test.go b/tests/integration/api_repo_variables_test.go
index 9330ca6d7e..0cc79bc423 100644
--- a/tests/integration/api_repo_variables_test.go
+++ b/tests/integration/api_repo_variables_test.go
@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"testing"
 
+	actions_model "forgejo.org/models/actions"
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
@@ -62,6 +63,10 @@ func TestAPIRepoVariablesTestCreateRepositoryVariable(t *testing.T) {
 			Name:           "var@test",
 			ExpectedStatus: http.StatusBadRequest,
 		},
+		{
+			Name:           "forgejo_var",
+			ExpectedStatus: http.StatusBadRequest,
+		},
 		{
 			Name:           "github_var",
 			ExpectedStatus: http.StatusBadRequest,
@@ -74,9 +79,19 @@ func TestAPIRepoVariablesTestCreateRepositoryVariable(t *testing.T) {
 
 	for _, c := range cases {
 		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/actions/variables/%s", repo.FullName(), c.Name), api.CreateVariableOption{
-			Value: "value",
+			Value: "value" + c.Name,
 		}).AddTokenAuth(token)
 		MakeRequest(t, req, c.ExpectedStatus)
+
+		if c.ExpectedStatus < 300 {
+			req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/actions/variables/%s", repo.FullName(), c.Name)).
+				AddTokenAuth(token)
+			res := MakeRequest(t, req, http.StatusOK)
+			variable := api.ActionVariable{}
+			DecodeJSON(t, res, &variable)
+			assert.Equal(t, variable.Name, c.Name)
+			assert.Equal(t, variable.Data, "value"+c.Name)
+		}
 	}
 }
 
@@ -119,6 +134,11 @@ func TestAPIRepoVariablesUpdateRepositoryVariable(t *testing.T) {
 			UpdateName:     "ci",
 			ExpectedStatus: http.StatusBadRequest,
 		},
+		{
+			Name:           variableName,
+			UpdateName:     "forgejo_foo",
+			ExpectedStatus: http.StatusBadRequest,
+		},
 		{
 			Name:           variableName,
 			UpdateName:     "updated_var_name",
@@ -148,6 +168,8 @@ func TestAPIRepoVariablesDeleteRepositoryVariable(t *testing.T) {
 
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+	variable, err := actions_model.InsertVariable(t.Context(), 0, repo.ID, "FORGEJO_FORBIDDEN", "illegal")
+	require.NoError(t, err)
 	session := loginUser(t, user.Name)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
 
@@ -164,6 +186,14 @@ func TestAPIRepoVariablesDeleteRepositoryVariable(t *testing.T) {
 
 	req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusNotFound)
+
+	// deleting of forbidden names should still be possible
+	url = fmt.Sprintf("/api/v1/repos/%s/actions/variables/%s", repo.FullName(), variable.Name)
+	req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
+	MakeRequest(t, req, http.StatusNoContent)
+
+	req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
+	MakeRequest(t, req, http.StatusNotFound)
 }
 
 func TestAPIRepoVariablesGetSingleRepositoryVariable(t *testing.T) {
diff --git a/tests/integration/api_user_secrets_test.go b/tests/integration/api_user_secrets_test.go
index 50ecdedfd6..5b26aa57b1 100644
--- a/tests/integration/api_user_secrets_test.go
+++ b/tests/integration/api_user_secrets_test.go
@@ -6,17 +6,26 @@ package integration
 import (
 	"fmt"
 	"net/http"
+	"strings"
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
+	secret_model "forgejo.org/models/secret"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/keying"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestAPIUserSecrets(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	session := loginUser(t, "user1")
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})
+	session := loginUser(t, user.Name)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
 
 	t.Run("Create", func(t *testing.T) {
@@ -36,6 +45,10 @@ func TestAPIUserSecrets(t *testing.T) {
 				Name:           "_",
 				ExpectedStatus: http.StatusCreated,
 			},
+			{
+				Name:           "ci",
+				ExpectedStatus: http.StatusCreated,
+			},
 			{
 				Name:           "secret",
 				ExpectedStatus: http.StatusCreated,
@@ -44,6 +57,10 @@ func TestAPIUserSecrets(t *testing.T) {
 				Name:           "2secret",
 				ExpectedStatus: http.StatusBadRequest,
 			},
+			{
+				Name:           "FORGEJO_secret",
+				ExpectedStatus: http.StatusBadRequest,
+			},
 			{
 				Name:           "GITEA_secret",
 				ExpectedStatus: http.StatusBadRequest,
@@ -63,7 +80,7 @@ func TestAPIUserSecrets(t *testing.T) {
 	})
 
 	t.Run("Update", func(t *testing.T) {
-		name := "update_secret"
+		name := "update_user_secret_and_test_data"
 		url := fmt.Sprintf("/api/v1/user/actions/secrets/%s", name)
 
 		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
@@ -72,9 +89,14 @@ func TestAPIUserSecrets(t *testing.T) {
 		MakeRequest(t, req, http.StatusCreated)
 
 		req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
-			Data: "changed",
+			Data: "changed data",
 		}).AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusNoContent)
+
+		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{Name: strings.ToUpper(name)})
+		data, err := keying.ActionSecret.Decrypt(secret.Data, keying.ColumnAndID("data", secret.ID))
+		require.NoError(t, err)
+		assert.Equal(t, "changed data", string(data))
 	})
 
 	t.Run("Delete", func(t *testing.T) {
@@ -93,9 +115,20 @@ func TestAPIUserSecrets(t *testing.T) {
 		req = NewRequest(t, "DELETE", url).
 			AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusNotFound)
+	})
 
-		req = NewRequest(t, "DELETE", "/api/v1/user/actions/secrets/000").
+	t.Run("Delete with forbidden names", func(t *testing.T) {
+		secret, err := secret_model.InsertEncryptedSecret(t.Context(), user.ID, 0, "FORGEJO_FORBIDDEN", "illegal")
+		require.NoError(t, err)
+
+		url := fmt.Sprintf("/api/v1/user/actions/secrets/%s", secret.Name)
+
+		req := NewRequest(t, "DELETE", url).
 			AddTokenAuth(token)
-		MakeRequest(t, req, http.StatusBadRequest)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		req = NewRequest(t, "DELETE", url).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
 	})
 }
diff --git a/tests/integration/api_user_variables_test.go b/tests/integration/api_user_variables_test.go
index 12b4cb5b55..d4806031b5 100644
--- a/tests/integration/api_user_variables_test.go
+++ b/tests/integration/api_user_variables_test.go
@@ -8,6 +8,7 @@ import (
 	"net/http"
 	"testing"
 
+	actions_model "forgejo.org/models/actions"
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
@@ -15,6 +16,7 @@ import (
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestAPIUserVariablesCreateUserVariable(t *testing.T) {
@@ -57,6 +59,10 @@ func TestAPIUserVariablesCreateUserVariable(t *testing.T) {
 			Name:           "var@test",
 			ExpectedStatus: http.StatusBadRequest,
 		},
+		{
+			Name:           "forgejo_var",
+			ExpectedStatus: http.StatusBadRequest,
+		},
 		{
 			Name:           "github_var",
 			ExpectedStatus: http.StatusBadRequest,
@@ -69,9 +75,19 @@ func TestAPIUserVariablesCreateUserVariable(t *testing.T) {
 
 	for _, c := range cases {
 		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/user/actions/variables/%s", c.Name), api.CreateVariableOption{
-			Value: "value",
+			Value: "value" + c.Name,
 		}).AddTokenAuth(token)
 		MakeRequest(t, req, c.ExpectedStatus)
+
+		if c.ExpectedStatus < 300 {
+			req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/actions/variables/%s", c.Name)).
+				AddTokenAuth(token)
+			res := MakeRequest(t, req, http.StatusOK)
+			variable := api.ActionVariable{}
+			DecodeJSON(t, res, &variable)
+			assert.Equal(t, variable.Name, c.Name)
+			assert.Equal(t, variable.Data, "value"+c.Name)
+		}
 	}
 }
 
@@ -114,6 +130,11 @@ func TestAPIUserVariablesUpdateUserVariable(t *testing.T) {
 			UpdateName:     "ci",
 			ExpectedStatus: http.StatusBadRequest,
 		},
+		{
+			Name:           variableName,
+			UpdateName:     "forgejo_foo",
+			ExpectedStatus: http.StatusBadRequest,
+		},
 		{
 			Name:           variableName,
 			UpdateName:     "updated_var_name",
@@ -142,6 +163,8 @@ func TestAPIUserVariablesDeleteUserVariable(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})
+	variable, err := actions_model.InsertVariable(t.Context(), user1.ID, 0, "FORGEJO_FORBIDDEN", "illegal")
+	require.NoError(t, err)
 
 	session := loginUser(t, user1.Name)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
@@ -159,6 +182,14 @@ func TestAPIUserVariablesDeleteUserVariable(t *testing.T) {
 
 	req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusNotFound)
+
+	// deleting of forbidden names should still be possible
+	url = fmt.Sprintf("/api/v1/user/actions/variables/%s", variable.Name)
+	req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
+	MakeRequest(t, req, http.StatusNoContent)
+
+	req = NewRequest(t, "DELETE", url).AddTokenAuth(token)
+	MakeRequest(t, req, http.StatusNotFound)
 }
 
 func TestAPIUserVariablesGetSingleUserVariable(t *testing.T) {

From eedf7fd38833a4cef99fa20136fb2217716ed661 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 14 Jan 2026 06:58:56 +0100
Subject: [PATCH 151/854] Update Node.js to v24.13.0 (forgejo) (#10822)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10822
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .node-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.node-version b/.node-version
index 1e4f3920b5..cf2efde811 100644
--- a/.node-version
+++ b/.node-version
@@ -1 +1 @@
-24.12.0
\ No newline at end of file
+24.13.0
\ No newline at end of file

From a8a12241ce0854dff3ea7e084f310eef87334796 Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Wed, 14 Jan 2026 08:15:39 +0100
Subject: [PATCH 152/854] fix(ui): show switch default branch button in branch
 list only for repo admins (#10814)

The default braunch is configured in the repo settings. Only users with
administrator privileges for the repository can access the repo
settings. When the feature was implemented (72e956b79a3b2e055bb5d4d5e20e88eaa2eeec96),
the button in the branch list was only guarded with a check for repo
write permissions. This means the button is shown to too many users.
If no an user with write, but not admin permissions clicks on the button,
they see just a 404 page. Which is bad UX.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10814
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 templates/repo/branch/list.tmpl       |  2 +-
 tests/integration/repo_branch_test.go | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/templates/repo/branch/list.tmpl b/templates/repo/branch/list.tmpl
index 55a7bbcf07..a3a81cccc4 100644
--- a/templates/repo/branch/list.tmpl
+++ b/templates/repo/branch/list.tmpl
@@ -7,7 +7,7 @@
 		{{if .DefaultBranchBranch}}
 			<h4 class="ui top attached header">
 				{{ctx.Locale.Tr "repo.default_branch"}}
-				{{if and $.IsWriter (not $.Repository.IsArchived) (not .IsDeleted)}}
+				{{if and $.Permission.IsAdmin (not $.Repository.IsArchived) (not .IsDeleted)}}
 				<a role="button" class="right" href="{{.RepoLink}}/settings/branches" data-tooltip-content="{{ctx.Locale.Tr "repo.settings.branches.switch_default_branch"}}">
 					{{svg "octicon-arrow-switch"}}
 				</a>
diff --git a/tests/integration/repo_branch_test.go b/tests/integration/repo_branch_test.go
index c9bec7d2fc..68bbbf3f7b 100644
--- a/tests/integration/repo_branch_test.go
+++ b/tests/integration/repo_branch_test.go
@@ -186,6 +186,31 @@ func TestDatabaseMissingABranch(t *testing.T) {
 	})
 }
 
+func TestSwitchDefaultBranchButtonVisibility(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		session := loginUser(t, "user5")
+
+		t.Run("Check switch default branch button", func(t *testing.T) {
+			t.Run("Repo admin", func(t *testing.T) {
+				repo4 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+
+				// Check that the button is present
+				resp := session.MakeRequest(t, NewRequest(t, "GET", "/"+repo4.FullName()+"/branches"), http.StatusOK)
+				htmlDoc := NewHTMLParser(t, resp.Body)
+				assert.Equal(t, 1, htmlDoc.doc.Find("a[href='/"+repo4.FullName()+"/settings/branches']").Length())
+			})
+			t.Run("None repo admin", func(t *testing.T) {
+				repo40 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 40})
+
+				// Check that the button is NOT present
+				resp := session.MakeRequest(t, NewRequest(t, "GET", "/"+repo40.FullName()+"/branches"), http.StatusOK)
+				htmlDoc := NewHTMLParser(t, resp.Body)
+				assert.Equal(t, 0, htmlDoc.doc.Find("a[href='/"+repo40.FullName()+"/settings/branches']").Length())
+			})
+		})
+	})
+}
+
 func TestCreateBranchButtonVisibility(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		session := loginUser(t, "user1")

From 5c8da92a6dee63375748c8de0f3f3af53d529949 Mon Sep 17 00:00:00 2001
From: Otto Richter <git@otto.splvs.net>
Date: Wed, 14 Jan 2026 10:10:02 +0100
Subject: [PATCH 153/854] config: Lower default `[database].MAX_OPEN_CONNS`
 (#10821)

Resolves https://codeberg.org/forgejo/forgejo/issues/10584

Codeberg mostly uses about 30 connections with rare peaks, so I think it's safe to assume that this value is reasonable even for large Forgejo deployments, and only needs to be adjusted for very busy instances. In practice, the open connections likely remain lower due to the connection lifetime and maximum idle connections (which could maybe also be tuned later). A value of 30 would technically allow 3 full-loaded Forgejo instances to operate on one PostgreSQL instance (30 * 3 = 90 < 97) without conflicting.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10821
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Otto Richter <git@otto.splvs.net>
Co-committed-by: Otto Richter <git@otto.splvs.net>
---
 custom/conf/app.example.ini | 4 ++--
 modules/setting/database.go | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 01d02700b2..20eb64f38a 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -417,8 +417,8 @@ DB_TYPE = sqlite3
 ;; Database connection max idle time, 0 prevents closing due to idle time.
 ;CONN_MAX_IDLETIME = 0
 ;;
-;; Database maximum number of open connections, default is 100 which is the lowest default from Postgres (MariaDB + MySQL default to 151). Ensure you only increase the value if you configured your database server accordingly.
-;MAX_OPEN_CONNS = 100
+;; Database maximum number of open connections. Ensure you only increase the value if your database server is configured to handle the amount of open connections accordingly.
+;MAX_OPEN_CONNS = 30
 ;;
 ;; Whether execute database models migrations automatically
 ;AUTO_MIGRATION = true
diff --git a/modules/setting/database.go b/modules/setting/database.go
index bd20edf9c2..4edd0897d8 100644
--- a/modules/setting/database.go
+++ b/modules/setting/database.go
@@ -96,7 +96,7 @@ func loadDBSetting(rootCfg ConfigProvider) {
 		Database.ConnMaxLifetime = sec.Key("CONN_MAX_LIFETIME").MustDuration(0)
 	}
 	Database.ConnMaxIdleTime = sec.Key("CONN_MAX_IDLETIME").MustDuration(0)
-	Database.MaxOpenConns = sec.Key("MAX_OPEN_CONNS").MustInt(100)
+	Database.MaxOpenConns = sec.Key("MAX_OPEN_CONNS").MustInt(30)
 
 	Database.IterateBufferSize = sec.Key("ITERATE_BUFFER_SIZE").MustInt(50)
 	Database.LogSQL = sec.Key("LOG_SQL").MustBool(false)

From eb682c3c0bf55b3522e2a77b0f9d5bc9b3fd1a61 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 14 Jan 2026 10:21:20 +0100
Subject: [PATCH 154/854] Update dependency asciinema-player to v3.14.0
 (forgejo) (#10759)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10759
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 086c54df44..423d0ca260 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -39,7 +39,7 @@
         "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
         "@primer/octicons": "19.14.0",
         "ansi_up": "6.0.5",
-        "asciinema-player": "3.13.5",
+        "asciinema-player": "3.14.0",
         "chart.js": "4.5.1",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
@@ -5633,9 +5633,9 @@
       }
     },
     "node_modules/asciinema-player": {
-      "version": "3.13.5",
-      "resolved": "https://registry.npmjs.org/asciinema-player/-/asciinema-player-3.13.5.tgz",
-      "integrity": "sha512-mgpJc9g6I+k4Tz5qVUNd0H+GoYlhiUwvlay6vD6IXiuiWOWhBOjxbvqQ1bcI/HPTrOYxhTyxZuzHIXM36Tw60Q==",
+      "version": "3.14.0",
+      "resolved": "https://registry.npmjs.org/asciinema-player/-/asciinema-player-3.14.0.tgz",
+      "integrity": "sha512-44m3CpNavn8i7DSr/AeeV+rJpHpcqc/OCildCs9FAu5gnXB6XNBdbhfg6mHMG4uU3R1rxFNA3ZRTt8FMhHC48Q==",
       "license": "Apache-2.0",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
diff --git a/package.json b/package.json
index 8b3a5715aa..28e4f05a7b 100644
--- a/package.json
+++ b/package.json
@@ -38,7 +38,7 @@
     "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
     "@primer/octicons": "19.14.0",
     "ansi_up": "6.0.5",
-    "asciinema-player": "3.13.5",
+    "asciinema-player": "3.14.0",
     "chart.js": "4.5.1",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",

From ca0c354159d0f0fbf2f61271f7c911683a92cf5a Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Wed, 14 Jan 2026 11:14:32 +0100
Subject: [PATCH 155/854] fix: proper styling for global time tracker popup
 (#10827)

- Resolves forgejo/forgejo#10819
- CSS from tippy is overriding the style specifically for active-stopwatch-popup because of strange/incorrect HTML structure, so override it via `!important`.

## Test
1. Start timer on any issue.
2. See that the styling is okay in the global time tracker popup in the navbar.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10827
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 web_src/css/modules/tippy.css | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/web_src/css/modules/tippy.css b/web_src/css/modules/tippy.css
index 6ac7c37d93..ebc49b6d22 100644
--- a/web_src/css/modules/tippy.css
+++ b/web_src/css/modules/tippy.css
@@ -168,3 +168,8 @@
 .tippy-svg-arrow-inner {
   fill: var(--color-body);
 }
+
+/* Stopwatch popup needs extra help with overriding tippy's styling. */
+.tippy-box .active-stopwatch-popup {
+  display: flex !important;
+}

From f6ca98573997da89e9764fcf6a1584ea48180087 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Wed, 14 Jan 2026 17:30:03 +0100
Subject: [PATCH 156/854] chore(release): delete 10037 and 9840 release notes
 (#10837)

Same as https://codeberg.org/forgejo/forgejo/pulls/10835 but for main branch since release-notes-assistant recently gained ability to search on both branches.

It was already announced in release notes of v13 and v11 point releases and shouldn't be in release notes of v14, which this file is causing.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10837
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 release-notes/10037.md | 6 ------
 release-notes/9840.md  | 5 -----
 2 files changed, 11 deletions(-)
 delete mode 100644 release-notes/10037.md
 delete mode 100644 release-notes/9840.md

diff --git a/release-notes/10037.md b/release-notes/10037.md
deleted file mode 100644
index f0019ef55b..0000000000
--- a/release-notes/10037.md
+++ /dev/null
@@ -1,6 +0,0 @@
-fix(api): fix dependency repo perms in Create/RemoveIssueDependency
-fix(api): draft releases could be read before being published
-fix: misconfigured security checks on tag delete web form
-fix: incorrect logic in "Update PR" did not enforce head branch protection rules correctly
-fix: issue owner can delete another user's comment's edit history on same issue
-fix: tag protection rules can be bypassed during tag delete operation
diff --git a/release-notes/9840.md b/release-notes/9840.md
deleted file mode 100644
index f9ebc4a25c..0000000000
--- a/release-notes/9840.md
+++ /dev/null
@@ -1,5 +0,0 @@
-fix: [commit](https://codeberg.org/forgejo/forgejo/commit/675eb9b9e69bd287c28052ef40e34c30f3c6a00a) prevent commit API from leaking user's hidden email address on valid GPG signed commits
-fix: [commit](https://codeberg.org/forgejo/forgejo/commit/7be431da88acdedabb02d8e3881cdc18294e3ce8) prevent writing to out-of-repo symlink destinations while evaluating template repos
-fix: [commit](https://codeberg.org/forgejo/forgejo/commit/77cab5dbe29955c3e63470c27393fb676ea8f00b) prevent .forgejo/template from being out-of-repo content
-fix: [commit](https://codeberg.org/forgejo/forgejo/commit/9144f3e6b354cd7f7966e8c696b54ed8758c0661) return on error if an LFS token cannot be parsed
-

From c84cbd56a1152dfc0e41f25812acdb3a7954c769 Mon Sep 17 00:00:00 2001
From: Mario Minardi <mminardi@shaw.ca>
Date: Thu, 15 Jan 2026 03:39:00 +0100
Subject: [PATCH 157/854] feat: add OIDC workload identity federation support
 (#10481)

Add support for OIDC workload identity federation.

Add ID_TOKEN_SIGNING_ALGORITHM, ID_TOKEN_SIGNING_PRIVATE_KEY_FILE, and
ID_TOKEN_EXPIRATION_TIME settings to settings.actions to allow for admin
configuration of this functionality.

Add OIDC endpoints (/.well-known/openid-configuration and /.well-known/keys)
underneath the "/api/actions" route.

Add a token generation endpoint (/_apis/pipelines/workflows/{run_id}/idtoken)
underneath the "/api/actions" route.

Depends on: https://code.forgejo.org/forgejo/runner/pulls/1232
Docs PR: https://codeberg.org/forgejo/docs/pulls/1667

Signed-off-by: Mario Minardi <mminardi@shaw.ca>

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10481
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Mario Minardi <mminardi@shaw.ca>
Co-committed-by: Mario Minardi <mminardi@shaw.ca>
---
 custom/conf/app.example.ini                   |   9 +
 models/actions/run_job.go                     |   9 +
 .../jwtx/signingkey.go                        | 139 +++++++------
 modules/jwtx/signingkey_test.go               | 113 +++++++++++
 modules/setting/actions.go                    |  24 +++
 modules/setting/actions_test.go               |  61 ++++++
 routers/api/actions/actions.go                |   3 +
 routers/api/actions/id_token.go               | 151 ++++++++++++++
 routers/api/actions/oidc.go                   | 146 ++++++++++++++
 routers/init.go                               |   2 +
 routers/web/auth/oauth.go                     |   9 +-
 routers/web/auth/oauth_test.go                |   3 +-
 services/actions/auth.go                      | 168 ++++++++++++++--
 services/actions/auth_test.go                 | 187 +++++++++++++++---
 services/actions/task.go                      |  35 +++-
 services/actions/task_test.go                 |  99 ++++++++++
 services/auth/oauth2_test.go                  |  10 +-
 services/auth/source/oauth2/init.go           |   8 +-
 .../auth/source/oauth2/jwtsigningkey_test.go  | 116 -----------
 services/auth/source/oauth2/token.go          |   7 +-
 tests/integration/actions_job_test.go         | 175 +++++++++-------
 .../api_actions_artifact_v4_test.go           |  64 +++++-
 .../integration/api_actions_id_token_test.go  | 182 +++++++++++++++++
 tests/integration/api_actions_oidc_test.go    |  71 +++++++
 24 files changed, 1478 insertions(+), 313 deletions(-)
 rename services/auth/source/oauth2/jwtsigningkey.go => modules/jwtx/signingkey.go (77%)
 create mode 100644 modules/jwtx/signingkey_test.go
 create mode 100644 routers/api/actions/id_token.go
 create mode 100644 routers/api/actions/oidc.go
 create mode 100644 services/actions/task_test.go
 delete mode 100644 services/auth/source/oauth2/jwtsigningkey_test.go
 create mode 100644 tests/integration/api_actions_id_token_test.go
 create mode 100644 tests/integration/api_actions_oidc_test.go

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 20eb64f38a..051b65dd55 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -2791,6 +2791,15 @@ LEVEL = Info
 ;; server and database workload due to more complex database queries and more frequent server task querying; this
 ;; feature can be disabled to reduce performance impact
 ;CONCURRENCY_GROUP_QUEUE_ENABLED = true
+;; Algorithm used to sign ID tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA.
+;; RS256 will ensure compatibility with all relying parties.
+;; If a different algorithm is chosen, verify that relying parties of interest support the signing algorithm.
+;ID_TOKEN_SIGNING_ALGORITHM = RS256
+;; Private key file path used to sign ID tokens. The path is relative to APP_DATA_PATH.
+;; The file must contain an RSA or ECDSA private key in the PKCS8 format. If no key exists, a key will be created for you.
+;ID_TOKEN_SIGNING_PRIVATE_KEY_FILE = actions_id_token/private.pem
+;; Lifetime of ID tokens generated by the actions `/idtoken` endpoint in seconds.
+;ID_TOKEN_EXPIRATION_TIME = 3600
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index 0e59b931b5..aee7cd9aa1 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -306,3 +306,12 @@ func (job *ActionRunJob) HasIncompleteWith() (bool, *jobparser.IncompleteNeeds,
 	}
 	return jobWorkflow.IncompleteWith, jobWorkflow.IncompleteWithNeeds, jobWorkflow.IncompleteWithMatrix, nil
 }
+
+// EnableOpenIDConnect checks whether the job allows for ID token generation.
+func (job *ActionRunJob) EnableOpenIDConnect() (bool, error) {
+	jobWorkflow, err := job.DecodeWorkflowPayload()
+	if err != nil {
+		return false, fmt.Errorf("failure decoding workflow payload: %w", err)
+	}
+	return jobWorkflow.EnableOpenIDConnect, nil
+}
diff --git a/services/auth/source/oauth2/jwtsigningkey.go b/modules/jwtx/signingkey.go
similarity index 77%
rename from services/auth/source/oauth2/jwtsigningkey.go
rename to modules/jwtx/signingkey.go
index 550945a812..14bbc8b2f5 100644
--- a/services/auth/source/oauth2/jwtsigningkey.go
+++ b/modules/jwtx/signingkey.go
@@ -1,7 +1,7 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package oauth2
+package jwtx
 
 import (
 	"crypto/ecdsa"
@@ -16,10 +16,10 @@ import (
 	"math/big"
 	"os"
 	"path/filepath"
+	"slices"
 	"strings"
 
 	"forgejo.org/modules/log"
-	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
 
 	"github.com/golang-jwt/jwt/v5"
@@ -34,8 +34,8 @@ func (err ErrInvalidAlgorithmType) Error() string {
 	return fmt.Sprintf("JWT signing algorithm is not supported: %s", err.Algorithm)
 }
 
-// JWTSigningKey represents a algorithm/key pair to sign JWTs
-type JWTSigningKey interface {
+// SigningKey represents a algorithm/key pair to sign JWTs
+type SigningKey interface {
 	IsSymmetric() bool
 	SigningMethod() jwt.SigningMethod
 	SignKey() any
@@ -228,8 +228,8 @@ func (key ecdsaSingingKey) PreProcessToken(token *jwt.Token) {
 	token.Header["kid"] = key.id
 }
 
-// CreateJWTSigningKey creates a signing key from an algorithm / key pair.
-func CreateJWTSigningKey(algorithm string, key any) (JWTSigningKey, error) {
+// CreateSigningKey creates a signing key from an algorithm / key pair.
+func CreateSigningKey(algorithm string, key any) (SigningKey, error) {
 	var signingMethod jwt.SigningMethod
 	switch algorithm {
 	case "HS256":
@@ -286,58 +286,9 @@ func CreateJWTSigningKey(algorithm string, key any) (JWTSigningKey, error) {
 	}
 }
 
-// DefaultSigningKey is the default signing key for JWTs.
-var DefaultSigningKey JWTSigningKey
-
-// InitSigningKey creates the default signing key from settings or creates a random key.
-func InitSigningKey() error {
-	var err error
-	var key any
-
-	switch setting.OAuth2.JWTSigningAlgorithm {
-	case "HS256":
-		fallthrough
-	case "HS384":
-		fallthrough
-	case "HS512":
-		key = setting.GetGeneralTokenSigningSecret()
-	case "RS256":
-		fallthrough
-	case "RS384":
-		fallthrough
-	case "RS512":
-		fallthrough
-	case "ES256":
-		fallthrough
-	case "ES384":
-		fallthrough
-	case "ES512":
-		fallthrough
-	case "EdDSA":
-		key, err = loadOrCreateAsymmetricKey()
-	default:
-		return ErrInvalidAlgorithmType{setting.OAuth2.JWTSigningAlgorithm}
-	}
-
-	if err != nil {
-		return fmt.Errorf("Error while loading or creating JWT key: %w", err)
-	}
-
-	signingKey, err := CreateJWTSigningKey(setting.OAuth2.JWTSigningAlgorithm, key)
-	if err != nil {
-		return err
-	}
-
-	DefaultSigningKey = signingKey
-
-	return nil
-}
-
 // loadOrCreateAsymmetricKey checks if the configured private key exists.
 // If it does not exist a new random key gets generated and saved on the configured path.
-func loadOrCreateAsymmetricKey() (any, error) {
-	keyPath := setting.OAuth2.JWTSigningPrivateKeyFile
-
+func loadOrCreateAsymmetricKey(keyPath, algorithm string) (any, error) {
 	isExist, err := util.IsExist(keyPath)
 	if err != nil {
 		log.Fatal("Unable to check if %s exists. Error: %v", keyPath, err)
@@ -346,9 +297,9 @@ func loadOrCreateAsymmetricKey() (any, error) {
 		err := func() error {
 			key, err := func() (any, error) {
 				switch {
-				case strings.HasPrefix(setting.OAuth2.JWTSigningAlgorithm, "RS"):
+				case strings.HasPrefix(algorithm, "RS"):
 					var bits int
-					switch setting.OAuth2.JWTSigningAlgorithm {
+					switch algorithm {
 					case "RS256":
 						bits = 2048
 					case "RS384":
@@ -357,12 +308,12 @@ func loadOrCreateAsymmetricKey() (any, error) {
 						bits = 4096
 					}
 					return rsa.GenerateKey(rand.Reader, bits)
-				case setting.OAuth2.JWTSigningAlgorithm == "EdDSA":
+				case algorithm == "EdDSA":
 					_, pk, err := ed25519.GenerateKey(rand.Reader)
 					return pk, err
 				default:
 					var curve elliptic.Curve
-					switch setting.OAuth2.JWTSigningAlgorithm {
+					switch algorithm {
 					case "ES256":
 						curve = elliptic.P256()
 					case "ES384":
@@ -420,3 +371,71 @@ func loadOrCreateAsymmetricKey() (any, error) {
 
 	return x509.ParsePKCS8PrivateKey(block.Bytes)
 }
+
+// InitSigningKey creates a signing key from settings or creates a random key.
+func InitSigningKey(getGeneralTokenSigningSecret func() []byte, keyPath, algorithm string) (SigningKey, error) {
+	var err error
+	var key SigningKey
+
+	key, err = InitSymmetricSigningKey(getGeneralTokenSigningSecret, algorithm)
+	if err != nil {
+		key, err = InitAsymmetricSigningKey(keyPath, algorithm)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return key, nil
+}
+
+// IsValidSymmetricAlgorithm checks if the passed in algorithm is a supported symettric algorithm.
+func IsValidSymmetricAlgorithm(algorithm string) bool {
+	validAlgs := []string{"HS256", "HS384", "HS512"}
+
+	return slices.Contains(validAlgs, algorithm)
+}
+
+// InitSymmetricSigningKey creates a symmetric signing key from settings.
+func InitSymmetricSigningKey(getGeneralTokenSigningSecret func() []byte, algorithm string) (SigningKey, error) {
+	var err error
+
+	if !IsValidSymmetricAlgorithm(algorithm) {
+		return nil, fmt.Errorf("invalid algorithm: %s", algorithm)
+	}
+
+	signingKey, err := CreateSigningKey(algorithm, getGeneralTokenSigningSecret())
+	if err != nil {
+		return nil, err
+	}
+
+	return signingKey, nil
+}
+
+// IsValidAsymmetricAlgorithm checks if the passed in algorithm is a supported asymmetric algorithm.
+func IsValidAsymmetricAlgorithm(algorithm string) bool {
+	validAlgs := []string{"RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "EdDSA"}
+
+	return slices.Contains(validAlgs, algorithm)
+}
+
+// InitAsymmetricSigningKey creates an asymmetric signing key from settings or creates a random key.
+func InitAsymmetricSigningKey(keyPath, algorithm string) (SigningKey, error) {
+	var err error
+	var key any
+
+	if !IsValidAsymmetricAlgorithm(algorithm) {
+		return nil, ErrInvalidAlgorithmType{Algorithm: algorithm}
+	}
+
+	key, err = loadOrCreateAsymmetricKey(keyPath, algorithm)
+	if err != nil {
+		return nil, fmt.Errorf("Error while loading or creating JWT key: %w", err)
+	}
+
+	signingKey, err := CreateSigningKey(algorithm, key)
+	if err != nil {
+		return nil, err
+	}
+
+	return signingKey, nil
+}
diff --git a/modules/jwtx/signingkey_test.go b/modules/jwtx/signingkey_test.go
new file mode 100644
index 0000000000..6f5cc3f49d
--- /dev/null
+++ b/modules/jwtx/signingkey_test.go
@@ -0,0 +1,113 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package jwtx
+
+import (
+	"crypto/ecdsa"
+	"crypto/ed25519"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/pem"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestLoadOrCreateAsymmetricKey(t *testing.T) {
+	loadKey := func(t *testing.T, keyPath, algorithm string) any {
+		t.Helper()
+		loadOrCreateAsymmetricKey(keyPath, algorithm)
+
+		fileContent, err := os.ReadFile(keyPath)
+		require.NoError(t, err)
+
+		block, _ := pem.Decode(fileContent)
+		assert.NotNil(t, block)
+		assert.Equal(t, "PRIVATE KEY", block.Type)
+
+		parsedKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+		require.NoError(t, err)
+
+		return parsedKey
+	}
+	t.Run("RSA-2048", func(t *testing.T) {
+		keyPath := filepath.Join(t.TempDir(), "jwt-rsa-2048.priv")
+		algorithm := "RS256"
+
+		parsedKey := loadKey(t, keyPath, algorithm)
+
+		rsaPrivateKey := parsedKey.(*rsa.PrivateKey)
+		assert.Equal(t, 2048, rsaPrivateKey.N.BitLen())
+
+		t.Run("Load key with differ specified algorithm", func(t *testing.T) {
+			algorithm = "EdDSA"
+
+			parsedKey := loadKey(t, keyPath, algorithm)
+			rsaPrivateKey := parsedKey.(*rsa.PrivateKey)
+			assert.Equal(t, 2048, rsaPrivateKey.N.BitLen())
+		})
+	})
+
+	t.Run("RSA-3072", func(t *testing.T) {
+		keyPath := filepath.Join(t.TempDir(), "jwt-rsa-3072.priv")
+		algorithm := "RS384"
+
+		parsedKey := loadKey(t, keyPath, algorithm)
+
+		rsaPrivateKey := parsedKey.(*rsa.PrivateKey)
+		assert.Equal(t, 3072, rsaPrivateKey.N.BitLen())
+	})
+
+	t.Run("RSA-4096", func(t *testing.T) {
+		keyPath := filepath.Join(t.TempDir(), "jwt-rsa-4096.priv")
+		algorithm := "RS512"
+
+		parsedKey := loadKey(t, keyPath, algorithm)
+
+		rsaPrivateKey := parsedKey.(*rsa.PrivateKey)
+		assert.Equal(t, 4096, rsaPrivateKey.N.BitLen())
+	})
+
+	t.Run("ECDSA-256", func(t *testing.T) {
+		keyPath := filepath.Join(t.TempDir(), "jwt-ecdsa-256.priv")
+		algorithm := "ES256"
+
+		parsedKey := loadKey(t, keyPath, algorithm)
+
+		ecdsaPrivateKey := parsedKey.(*ecdsa.PrivateKey)
+		assert.Equal(t, 256, ecdsaPrivateKey.Params().BitSize)
+	})
+
+	t.Run("ECDSA-384", func(t *testing.T) {
+		keyPath := filepath.Join(t.TempDir(), "jwt-ecdsa-384.priv")
+		algorithm := "ES384"
+
+		parsedKey := loadKey(t, keyPath, algorithm)
+
+		ecdsaPrivateKey := parsedKey.(*ecdsa.PrivateKey)
+		assert.Equal(t, 384, ecdsaPrivateKey.Params().BitSize)
+	})
+
+	t.Run("ECDSA-512", func(t *testing.T) {
+		keyPath := filepath.Join(t.TempDir(), "jwt-ecdsa-512.priv")
+		algorithm := "ES512"
+
+		parsedKey := loadKey(t, keyPath, algorithm)
+
+		ecdsaPrivateKey := parsedKey.(*ecdsa.PrivateKey)
+		assert.Equal(t, 521, ecdsaPrivateKey.Params().BitSize)
+	})
+
+	t.Run("EdDSA", func(t *testing.T) {
+		keyPath := filepath.Join(t.TempDir(), "jwt-eddsa.priv")
+		algorithm := "EdDSA"
+
+		parsedKey := loadKey(t, keyPath, algorithm)
+
+		assert.NotNil(t, parsedKey.(ed25519.PrivateKey))
+	})
+}
diff --git a/modules/setting/actions.go b/modules/setting/actions.go
index a0c8f977fa..2e0554195f 100644
--- a/modules/setting/actions.go
+++ b/modules/setting/actions.go
@@ -5,8 +5,11 @@ package setting
 
 import (
 	"fmt"
+	"path/filepath"
 	"strings"
 	"time"
+
+	"forgejo.org/modules/jwtx"
 )
 
 // Actions settings
@@ -25,12 +28,18 @@ var (
 		SkipWorkflowStrings          []string          `ini:"SKIP_WORKFLOW_STRINGS"`
 		LimitDispatchInputs          int64             `ini:"LIMIT_DISPATCH_INPUTS"`
 		ConcurrencyGroupQueueEnabled bool              `ini:"CONCURRENCY_GROUP_QUEUE_ENABLED"`
+		IDTokenSigningAlgorithm      idTokenAlgorithm  `ini:"ID_TOKEN_SIGNING_ALGORITHM"`
+		IDTokenSigningPrivateKeyFile string            `ini:"ID_TOKEN_SIGNING_PRIVATE_KEY_FILE"`
+		IDTokenExpirationTime        int64             `ini:"ID_TOKEN_EXPIRATION_TIME"`
 	}{
 		Enabled:                      true,
 		DefaultActionsURL:            defaultActionsURLForgejo,
 		SkipWorkflowStrings:          []string{"[skip ci]", "[ci skip]", "[no ci]", "[skip actions]", "[actions skip]"},
 		LimitDispatchInputs:          100,
 		ConcurrencyGroupQueueEnabled: true,
+		IDTokenSigningAlgorithm:      "RS256",
+		IDTokenSigningPrivateKeyFile: "actions_id_token/private.pem",
+		IDTokenExpirationTime:        3600,
 	}
 )
 
@@ -67,6 +76,13 @@ func (c logCompression) IsZstd() bool {
 	return c == "" || strings.ToLower(string(c)) == "zstd"
 }
 
+type idTokenAlgorithm string
+
+func (c idTokenAlgorithm) IsValid() bool {
+	// Empty string implies RS256
+	return jwtx.IsValidAsymmetricAlgorithm(string(c)) || string(c) == ""
+}
+
 func loadActionsFrom(rootCfg ConfigProvider) error {
 	sec := rootCfg.Section("actions")
 	err := sec.MapTo(&Actions)
@@ -104,5 +120,13 @@ func loadActionsFrom(rootCfg ConfigProvider) error {
 		return fmt.Errorf("invalid [actions] LOG_COMPRESSION: %q", Actions.LogCompression)
 	}
 
+	if !Actions.IDTokenSigningAlgorithm.IsValid() {
+		return fmt.Errorf("invalid [actions] ID_TOKEN_SIGNING_ALGORITHM: %q", Actions.IDTokenSigningAlgorithm)
+	}
+
+	if !filepath.IsAbs(Actions.IDTokenSigningPrivateKeyFile) {
+		Actions.IDTokenSigningPrivateKeyFile = filepath.Join(AppDataPath, Actions.IDTokenSigningPrivateKeyFile)
+	}
+
 	return nil
 }
diff --git a/modules/setting/actions_test.go b/modules/setting/actions_test.go
index a3cd5ced44..8320b2057b 100644
--- a/modules/setting/actions_test.go
+++ b/modules/setting/actions_test.go
@@ -7,6 +7,8 @@ import (
 	"path/filepath"
 	"testing"
 
+	"forgejo.org/modules/test"
+
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -155,3 +157,62 @@ DEFAULT_ACTIONS_URL = https://example.com
 		})
 	}
 }
+
+func Test_getIDTokenSettingsForActions(t *testing.T) {
+	defer test.MockVariableValue(&AppDataPath, "/home/app/data")()
+
+	oldActions := Actions
+	oldAppURL := AppURL
+	defer func() {
+		Actions = oldActions
+		AppURL = oldAppURL
+	}()
+
+	iniStr := `
+  [actions]
+  `
+	cfg, err := NewConfigProviderFromData(iniStr)
+	require.NoError(t, err)
+	require.NoError(t, loadActionsFrom(cfg))
+
+	assert.EqualValues(t, "RS256", Actions.IDTokenSigningAlgorithm)
+	assert.Equal(t, "/home/app/data/actions_id_token/private.pem", Actions.IDTokenSigningPrivateKeyFile)
+	assert.EqualValues(t, 3600, Actions.IDTokenExpirationTime)
+
+	iniStr = `
+  [actions]
+	ID_TOKEN_SIGNING_ALGORITHM = ES256
+  ID_TOKEN_SIGNING_PRIVATE_KEY_FILE = /test/test.pem
+  ID_TOKEN_EXPIRATION_TIME = 120
+	`
+	cfg, err = NewConfigProviderFromData(iniStr)
+	require.NoError(t, err)
+	require.NoError(t, loadActionsFrom(cfg))
+
+	assert.EqualValues(t, "ES256", Actions.IDTokenSigningAlgorithm)
+	assert.Equal(t, "/test/test.pem", Actions.IDTokenSigningPrivateKeyFile)
+	assert.EqualValues(t, 120, Actions.IDTokenExpirationTime)
+
+	iniStr = `
+  [actions]
+	ID_TOKEN_SIGNING_ALGORITHM = EdDSA
+  ID_TOKEN_SIGNING_PRIVATE_KEY_FILE = ./test/test.pem
+  ID_TOKEN_EXPIRATION_TIME = 123
+	`
+	cfg, err = NewConfigProviderFromData(iniStr)
+	require.NoError(t, err)
+	require.NoError(t, loadActionsFrom(cfg))
+
+	assert.EqualValues(t, "EdDSA", Actions.IDTokenSigningAlgorithm)
+	assert.Equal(t, "/home/app/data/test/test.pem", Actions.IDTokenSigningPrivateKeyFile)
+	assert.EqualValues(t, 123, Actions.IDTokenExpirationTime)
+
+	iniStr = `
+  [actions]
+	ID_TOKEN_SIGNING_ALGORITHM = HS256
+	`
+	cfg, err = NewConfigProviderFromData(iniStr)
+	require.NoError(t, err)
+	err = loadActionsFrom(cfg)
+	require.Errorf(t, err, "invalid [actions] ID_TOKEN_SIGNING_ALGORITHM %q", Actions.IDTokenSigningAlgorithm)
+}
diff --git a/routers/api/actions/actions.go b/routers/api/actions/actions.go
index 70158c4e18..73d3b90a8c 100644
--- a/routers/api/actions/actions.go
+++ b/routers/api/actions/actions.go
@@ -20,5 +20,8 @@ func Routes(prefix string) *web.Route {
 	path, handler = runner.NewRunnerServiceHandler()
 	m.Post(path+"*", http.StripPrefix(prefix, handler).ServeHTTP)
 
+	m.Mount("/.well-known", OIDCRoutes(prefix))
+	m.Get(idTokenRouteBase, IDTokenContexter(), generateIDToken)
+
 	return m
 }
diff --git a/routers/api/actions/id_token.go b/routers/api/actions/id_token.go
new file mode 100644
index 0000000000..cd0432acb7
--- /dev/null
+++ b/routers/api/actions/id_token.go
@@ -0,0 +1,151 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"forgejo.org/models/actions"
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/timeutil"
+	"forgejo.org/modules/web"
+	web_types "forgejo.org/modules/web/types"
+	actions_service "forgejo.org/services/actions"
+	"forgejo.org/services/context"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+const idTokenRouteBase = "/_apis/pipelines/workflows/{run_id}/idtoken"
+
+type idTokenContextKeyType struct{}
+
+var idTokenContextKey = idTokenContextKeyType{}
+
+type IDTokenContext struct {
+	*context.Base
+
+	Audience                 string
+	AuthorizationTokenClaims *actions_service.AuthorizationTokenClaims
+	IDTokenCustomClaims      *actions_service.IDTokenCustomClaims
+}
+
+func init() {
+	web.RegisterResponseStatusProvider[*IDTokenContext](func(req *http.Request) web_types.ResponseStatusProvider {
+		return req.Context().Value(idTokenContextKey).(*IDTokenContext)
+	})
+}
+
+func IDTokenContexter() func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
+			base, baseCleanUp := context.NewBaseContext(resp, req)
+			defer baseCleanUp()
+
+			ctx := &IDTokenContext{Base: base}
+			ctx.AppendContextValue(idTokenContextKey, ctx)
+
+			// action task call server api with Bearer ACTIONS_ID_TOKEN_REQUEST_TOKEN
+			// we should verify the ACTIONS_ID_TOKEN_REQUEST_TOKEN
+			authHeader := req.Header.Get("Authorization")
+			if len(authHeader) == 0 || !strings.HasPrefix(strings.ToLower(authHeader), "bearer ") {
+				ctx.Error(http.StatusUnauthorized, "Bad authorization header")
+				return
+			}
+
+			// Require using new act_runner that uses jwt to authenticate
+			authorizationTokenClaims, err := actions_service.ParseAuthorizationTokenClaims(req)
+			if err != nil {
+				log.Error("Error runner api parsing authorization token: %v", err)
+				ctx.Error(http.StatusInternalServerError, "Error runner api parsing authorization token")
+				return
+			}
+
+			customClaims := &actions_service.IDTokenCustomClaims{}
+			err = json.Unmarshal([]byte(authorizationTokenClaims.OIDCExtra), customClaims)
+			if err != nil {
+				log.Error("Error runner api parsing custom claims: %v", err)
+				ctx.Error(http.StatusInternalServerError, "Error runner api parsing custom claims")
+			}
+
+			task, err := actions.GetTaskByID(req.Context(), authorizationTokenClaims.TaskID)
+			if err != nil {
+				log.Error("Error runner api getting task by ID: %v", err)
+				ctx.Error(http.StatusInternalServerError, "Error runner api getting task by ID")
+				return
+			}
+			if task.Status != actions.StatusRunning {
+				log.Error("Error runner api getting task: task is not running")
+				ctx.Error(http.StatusInternalServerError, "Error runner api getting task: task is not running")
+				return
+			}
+			err = task.LoadAttributes(req.Context())
+			if err != nil {
+				log.Error("Error runner api getting task attributes: %v", err)
+				ctx.Error(http.StatusInternalServerError, "Error runner api getting task attributes")
+				return
+			}
+
+			runID := ctx.ParamsInt64("run_id")
+			if task.Job.RunID != runID {
+				log.Error("Error runID not match" + fmt.Sprint(task.Job.RunID) + " " + fmt.Sprint(runID))
+				ctx.Error(http.StatusBadRequest, "run-id does not match")
+				return
+			}
+
+			audience := req.URL.Query().Get("audience")
+			if audience == "" {
+				// Default to organization that owns the repo if no audience is provided
+				audience = setting.AppURL + customClaims.RepositoryOwner
+			}
+
+			ctx.AuthorizationTokenClaims = authorizationTokenClaims
+			ctx.IDTokenCustomClaims = customClaims
+			ctx.Audience = audience
+			next.ServeHTTP(ctx.Resp, ctx.Req)
+		})
+	}
+}
+
+func generateIDToken(ctx *IDTokenContext) {
+	expirationDate := timeutil.TimeStampNow().Add(setting.Actions.IDTokenExpirationTime)
+
+	var claims jwt.MapClaims
+	inrec, _ := json.Marshal(ctx.IDTokenCustomClaims)
+	err := json.Unmarshal(inrec, &claims)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "Error generating token")
+	}
+	now := time.Now()
+
+	claims["sub"] = ctx.AuthorizationTokenClaims.OIDCSub
+	claims["aud"] = ctx.Audience
+	claims["exp"] = jwt.NewNumericDate(expirationDate.AsTime())
+	claims["iat"] = jwt.NewNumericDate(now)
+	claims["nbf"] = jwt.NewNumericDate(now)
+	claims["iss"] = strings.TrimSuffix(setting.AppURL, "/") + "/api/actions"
+
+	jwtToken := jwt.NewWithClaims(jwtSigningKey.SigningMethod(), claims)
+	jwtSigningKey.PreProcessToken(jwtToken)
+
+	signedToken, err := jwtToken.SignedString(jwtSigningKey.SignKey())
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "Error signing token")
+	}
+
+	resp := IDTokenResponse{
+		Value: signedToken,
+	}
+
+	ctx.JSON(http.StatusOK, resp)
+}
+
+type IDTokenResponse struct {
+	Value string `json:"value"`
+}
diff --git a/routers/api/actions/oidc.go b/routers/api/actions/oidc.go
new file mode 100644
index 0000000000..92341e4f66
--- /dev/null
+++ b/routers/api/actions/oidc.go
@@ -0,0 +1,146 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"fmt"
+	"net/http"
+	"reflect"
+	"strings"
+
+	"forgejo.org/modules/jwtx"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/web"
+	web_types "forgejo.org/modules/web/types"
+	actions_service "forgejo.org/services/actions"
+	"forgejo.org/services/context"
+)
+
+type oidcRoutes struct {
+	openIDConfiguration openIDConfiguration
+	jwks                map[string][]map[string]string
+}
+
+type openIDConfiguration struct {
+	Issuer                           string   `json:"issuer"`
+	JwksURI                          string   `json:"jwks_uri"`
+	SubjectTypesSupported            []string `json:"subject_types_supported"`
+	ResponseTypesSupported           []string `json:"response_types_supported"`
+	ClaimsSupported                  []string `json:"claims_supported"`
+	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
+	ScopesSupported                  []string `json:"scopes_supported"`
+}
+
+type oidcContextKeyType struct{}
+
+var oidcContextKey = oidcContextKeyType{}
+
+// jwtSigningKey is the default signing key for JWTs.
+var jwtSigningKey jwtx.SigningKey
+
+// jwk is the JWK format of the jwtSigningKey.
+var jwk map[string]string
+
+type OIDCContext struct {
+	*context.Base
+}
+
+func InitOIDC() error {
+	var err error
+	jwtSigningKey, err = jwtx.InitAsymmetricSigningKey(setting.Actions.IDTokenSigningPrivateKeyFile, string(setting.Actions.IDTokenSigningAlgorithm))
+	if err != nil {
+		return err
+	}
+
+	jwk, err = jwtSigningKey.ToJWK()
+	if err != nil {
+		return fmt.Errorf("Error getting JWK from default signing key: %v", err)
+	}
+	jwk["use"] = "sig"
+
+	return nil
+}
+
+func init() {
+	web.RegisterResponseStatusProvider[*OIDCContext](func(req *http.Request) web_types.ResponseStatusProvider {
+		return req.Context().Value(oidcContextKey).(*OIDCContext)
+	})
+}
+
+func OIDCContexter() func(next http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
+			base, baseCleanUp := context.NewBaseContext(resp, req)
+			defer baseCleanUp()
+
+			ctx := &OIDCContext{Base: base}
+			ctx.AppendContextValue(oidcContextKey, ctx)
+
+			next.ServeHTTP(ctx.Resp, ctx.Req)
+		})
+	}
+}
+
+func OIDCRoutes(prefix string) *web.Route {
+	m := web.NewRoute()
+
+	prefix = strings.TrimPrefix(prefix, "/")
+
+	// Standard claims
+	claimsSupported := []string{
+		"sub",
+		"aud",
+		"exp",
+		"iat",
+		"iss",
+		"nbf",
+	}
+
+	// Add custom claims by iterating over [actions_service.IDTokenCustomClaims]
+	// and inspecting the names of the json struct tags
+	customClaims := actions_service.IDTokenCustomClaims{}
+	rt := reflect.TypeOf(customClaims)
+
+	for i := 0; i < rt.NumField(); i++ {
+		f := rt.Field(i)
+		v := strings.Split(f.Tag.Get("json"), ",")[0]
+		if v == "" || v == "-" {
+			continue
+		}
+
+		claimsSupported = append(claimsSupported, v)
+	}
+
+	o := &oidcRoutes{
+		openIDConfiguration: openIDConfiguration{
+			Issuer:                           setting.AppURL + prefix,
+			JwksURI:                          setting.AppURL + prefix + "/.well-known/keys",
+			SubjectTypesSupported:            []string{"public"},
+			ResponseTypesSupported:           []string{"id_token"},
+			ClaimsSupported:                  claimsSupported,
+			IDTokenSigningAlgValuesSupported: []string{string(setting.Actions.IDTokenSigningAlgorithm)},
+			ScopesSupported:                  []string{"openid"},
+		},
+		jwks: map[string][]map[string]string{
+			"keys": {
+				jwk,
+			},
+		},
+	}
+
+	m.Group("", func() {
+		m.Get("/keys", o.keys)
+		m.Get("/openid-configuration", o.configuration)
+	}, OIDCContexter())
+
+	return m
+}
+
+func (o *oidcRoutes) configuration(ctx *OIDCContext) {
+	ctx.JSON(http.StatusOK, o.openIDConfiguration)
+}
+
+func (o *oidcRoutes) keys(ctx *OIDCContext) {
+	ctx.JSON(http.StatusOK, o.jwks)
+}
diff --git a/routers/init.go b/routers/init.go
index 6313d9a3ad..7c52a6d6b6 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -171,6 +171,8 @@ func InitWebInstalled(ctx context.Context) {
 	actions_service.Init()
 	mustInit(stats.Init)
 
+	mustInit(actions_router.InitOIDC)
+
 	// Finally start up the cron
 	cron.NewContext(ctx)
 }
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index f44a102a49..739d36ddde 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -25,6 +25,7 @@ import (
 	"forgejo.org/modules/base"
 	"forgejo.org/modules/container"
 	"forgejo.org/modules/json"
+	"forgejo.org/modules/jwtx"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
@@ -153,7 +154,7 @@ type AccessTokenResponse struct {
 	IDToken      string    `json:"id_token,omitempty"`
 }
 
-func newAccessTokenResponse(ctx go_context.Context, grant *auth.OAuth2Grant, serverKey, clientKey oauth2.JWTSigningKey) (*AccessTokenResponse, *AccessTokenError) {
+func newAccessTokenResponse(ctx go_context.Context, grant *auth.OAuth2Grant, serverKey, clientKey jwtx.SigningKey) (*AccessTokenResponse, *AccessTokenError) {
 	if setting.OAuth2.InvalidateRefreshTokens {
 		if err := grant.IncreaseCounter(ctx); err != nil {
 			return nil, &AccessTokenError{
@@ -741,7 +742,7 @@ func AccessTokenOAuth(ctx *context.Context) {
 	clientKey := serverKey
 	if serverKey.IsSymmetric() {
 		var err error
-		clientKey, err = oauth2.CreateJWTSigningKey(serverKey.SigningMethod().Alg(), []byte(form.ClientSecret))
+		clientKey, err = jwtx.CreateSigningKey(serverKey.SigningMethod().Alg(), []byte(form.ClientSecret))
 		if err != nil {
 			handleAccessTokenError(ctx, AccessTokenError{
 				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
@@ -764,7 +765,7 @@ func AccessTokenOAuth(ctx *context.Context) {
 	}
 }
 
-func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, serverKey, clientKey oauth2.JWTSigningKey) {
+func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, serverKey, clientKey jwtx.SigningKey) {
 	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
 	if err != nil {
 		handleAccessTokenError(ctx, AccessTokenError{
@@ -824,7 +825,7 @@ func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, server
 	ctx.JSON(http.StatusOK, accessToken)
 }
 
-func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, serverKey, clientKey oauth2.JWTSigningKey) {
+func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, serverKey, clientKey jwtx.SigningKey) {
 	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
 	if err != nil {
 		handleAccessTokenError(ctx, AccessTokenError{
diff --git a/routers/web/auth/oauth_test.go b/routers/web/auth/oauth_test.go
index 9782711dd0..cc2020fcda 100644
--- a/routers/web/auth/oauth_test.go
+++ b/routers/web/auth/oauth_test.go
@@ -10,6 +10,7 @@ import (
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/jwtx"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/services/auth/source/oauth2"
 
@@ -19,7 +20,7 @@ import (
 )
 
 func createAndParseToken(t *testing.T, grant *auth.OAuth2Grant) *oauth2.OIDCToken {
-	signingKey, err := oauth2.CreateJWTSigningKey("HS256", make([]byte, 32))
+	signingKey, err := jwtx.CreateSigningKey("HS256", make([]byte, 32))
 	require.NoError(t, err)
 	assert.NotNil(t, signingKey)
 
diff --git a/services/actions/auth.go b/services/actions/auth.go
index 98b618aeba..c147643504 100644
--- a/services/actions/auth.go
+++ b/services/actions/auth.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 	"time"
 
+	actions_model "forgejo.org/models/actions"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
@@ -17,13 +18,33 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 )
 
-type actionsClaims struct {
+type AuthorizationTokenClaims struct {
 	jwt.RegisteredClaims
-	Scp    string `json:"scp"`
-	TaskID int64
-	RunID  int64
-	JobID  int64
-	Ac     string `json:"ac"`
+	Scp       string `json:"scp"`
+	TaskID    int64
+	RunID     int64
+	JobID     int64
+	Ac        string `json:"ac"`
+	OIDCExtra string `json:"oidc_extra,omitempty"`
+	OIDCSub   string `json:"oidc_sub,omitempty"`
+}
+
+type IDTokenCustomClaims struct {
+	Actor           string `json:"actor"`
+	BaseRef         string `json:"base_ref"`
+	EventName       string `json:"event_name"`
+	HeadRef         string `json:"head_ref"`
+	Ref             string `json:"ref"`
+	RefProtected    string `json:"ref_protected"`
+	RefType         string `json:"ref_type"`
+	Repository      string `json:"repository"`
+	RepositoryOwner string `json:"repository_owner"`
+	RunAttempt      string `json:"run_attempt"`
+	RunID           string `json:"run_id"`
+	RunNumber       string `json:"run_number"`
+	Sha             string `json:"sha"`
+	Workflow        string `json:"workflow"`
+	WorkflowRef     string `json:"workflow_ref"`
 }
 
 type actionsCacheScope struct {
@@ -38,8 +59,11 @@ const (
 	actionsCachePermissionWrite
 )
 
-func CreateAuthorizationToken(taskID, runID, jobID int64) (string, error) {
+func CreateAuthorizationToken(task *actions_model.ActionTask, gitGtx map[string]any, enableOpenIDConnect bool) (string, error) {
 	now := time.Now()
+	taskID := task.ID
+	runID := task.Job.RunID
+	jobID := task.Job.ID
 
 	ac, err := json.Marshal(&[]actionsCacheScope{
 		{
@@ -51,17 +75,31 @@ func CreateAuthorizationToken(taskID, runID, jobID int64) (string, error) {
 		return "", err
 	}
 
-	claims := actionsClaims{
+	runIDJobID := fmt.Sprintf("%d:%d", runID, jobID)
+	claims := AuthorizationTokenClaims{
 		RegisteredClaims: jwt.RegisteredClaims{
 			ExpiresAt: jwt.NewNumericDate(now.Add(24 * time.Hour)),
 			NotBefore: jwt.NewNumericDate(now),
 		},
-		Scp:    fmt.Sprintf("Actions.Results:%d:%d", runID, jobID),
+		Scp:    fmt.Sprintf("Actions.Results:%s", runIDJobID),
 		Ac:     string(ac),
 		TaskID: taskID,
 		RunID:  runID,
 		JobID:  jobID,
 	}
+
+	// Only populate OIDC information if the task has OIDC enabled.
+	if enableOpenIDConnect {
+		oidcExtra, err := generateOIDCExtra(gitGtx)
+		if err != nil {
+			return "", err
+		}
+
+		claims.OIDCExtra = oidcExtra
+		claims.OIDCSub = generateOIDCSub(gitGtx)
+		claims.Scp = fmt.Sprintf("%s generate_id_token:%s", claims.Scp, runIDJobID)
+	}
+
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 
 	tokenString, err := token.SignedString(setting.GetGeneralTokenSigningSecret())
@@ -72,24 +110,66 @@ func CreateAuthorizationToken(taskID, runID, jobID int64) (string, error) {
 	return tokenString, nil
 }
 
+func generateOIDCExtra(gitCtx map[string]any) (string, error) {
+	ctxVal := func(key string) string {
+		val, ok := gitCtx[key]
+		if !ok {
+			return ""
+		}
+		return fmt.Sprint(val)
+	}
+
+	claims := IDTokenCustomClaims{
+		Actor:           ctxVal("actor"),
+		BaseRef:         ctxVal("base_ref"),
+		EventName:       ctxVal("event_name"),
+		HeadRef:         ctxVal("head_ref"),
+		Ref:             ctxVal("ref"),
+		RefProtected:    ctxVal("ref_protected"),
+		RefType:         ctxVal("ref_type"),
+		Repository:      ctxVal("repository"),
+		RepositoryOwner: ctxVal("repository_owner"),
+		RunAttempt:      ctxVal("run_attempt"),
+		RunID:           ctxVal("run_id"),
+		RunNumber:       ctxVal("run_number"),
+		Sha:             ctxVal("sha"),
+		Workflow:        ctxVal("workflow"),
+		WorkflowRef:     ctxVal("workflow_ref"),
+	}
+
+	ret, err := json.Marshal(claims)
+	if err != nil {
+		return "", err
+	}
+
+	return string(ret), nil
+}
+
+func generateOIDCSub(gitCtx map[string]any) string {
+	switch gitCtx["event_name"] {
+	case "pull_request":
+		return fmt.Sprintf("repo:%s:pull_request", gitCtx["repository"])
+	default:
+		return fmt.Sprintf("repo:%s:ref:%s", gitCtx["repository"], gitCtx["ref"])
+	}
+}
+
 func ParseAuthorizationToken(req *http.Request) (int64, error) {
-	h := req.Header.Get("Authorization")
-	if h == "" {
+	token, err := parseTokenFromHeader(req)
+	if err != nil {
+		return 0, err
+	}
+
+	if token == "" {
 		return 0, nil
 	}
 
-	parts := strings.SplitN(h, " ", 2)
-	if len(parts) != 2 {
-		log.Error("split token failed: %s", h)
-		return 0, errors.New("split token failed")
-	}
-
-	return TokenToTaskID(parts[1])
+	return TokenToTaskID(token)
 }
 
 // TokenToTaskID returns the TaskID associated with the provided JWT token
 func TokenToTaskID(token string) (int64, error) {
-	parsedToken, err := jwt.ParseWithClaims(token, &actionsClaims{}, func(t *jwt.Token) (any, error) {
+	parsedToken, err := jwt.ParseWithClaims(token, &AuthorizationTokenClaims{}, func(t *jwt.Token) (any, error) {
 		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
 		}
@@ -99,10 +179,58 @@ func TokenToTaskID(token string) (int64, error) {
 		return 0, err
 	}
 
-	c, ok := parsedToken.Claims.(*actionsClaims)
+	c, ok := parsedToken.Claims.(*AuthorizationTokenClaims)
 	if !parsedToken.Valid || !ok {
 		return 0, errors.New("invalid token claim")
 	}
 
 	return c.TaskID, nil
 }
+
+func ParseAuthorizationTokenClaims(req *http.Request) (*AuthorizationTokenClaims, error) {
+	token, err := parseTokenFromHeader(req)
+	if err != nil {
+		return nil, err
+	}
+
+	claims, err := decodeTokenClaims(token)
+	if err != nil {
+		return nil, err
+	}
+
+	return claims, nil
+}
+
+func parseTokenFromHeader(req *http.Request) (string, error) {
+	h := req.Header.Get("Authorization")
+	if h == "" {
+		return "", nil
+	}
+
+	parts := strings.SplitN(h, " ", 2)
+	if len(parts) != 2 {
+		log.Error("split token failed: %s", h)
+		return "", errors.New("split token failed")
+	}
+
+	return parts[1], nil
+}
+
+func decodeTokenClaims(token string) (*AuthorizationTokenClaims, error) {
+	parsedToken, err := jwt.ParseWithClaims(token, &AuthorizationTokenClaims{}, func(t *jwt.Token) (any, error) {
+		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
+		}
+		return setting.GetGeneralTokenSigningSecret(), nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	c, ok := parsedToken.Claims.(*AuthorizationTokenClaims)
+	if !parsedToken.Valid || !ok {
+		return nil, errors.New("invalid token claim")
+	}
+
+	return c, nil
+}
diff --git a/services/actions/auth_test.go b/services/actions/auth_test.go
index d9f0437e1b..82d4d2efd3 100644
--- a/services/actions/auth_test.go
+++ b/services/actions/auth_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"testing"
 
+	actions_model "forgejo.org/models/actions"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/setting"
 
@@ -16,34 +17,102 @@ import (
 )
 
 func TestCreateAuthorizationToken(t *testing.T) {
-	var taskID int64 = 23
-	token, err := CreateAuthorizationToken(taskID, 1, 2)
-	require.NoError(t, err)
-	assert.NotEmpty(t, token)
-	claims := jwt.MapClaims{}
-	_, err = jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (any, error) {
-		return setting.GetGeneralTokenSigningSecret(), nil
-	})
-	require.NoError(t, err)
-	scp, ok := claims["scp"]
-	assert.True(t, ok, "Has scp claim in jwt token")
-	assert.Contains(t, scp, "Actions.Results:1:2")
-	taskIDClaim, ok := claims["TaskID"]
-	assert.True(t, ok, "Has TaskID claim in jwt token")
-	assert.InDelta(t, float64(taskID), taskIDClaim, 0, "Supplied taskid must match stored one")
-	acClaim, ok := claims["ac"]
-	assert.True(t, ok, "Has ac claim in jwt token")
-	ac, ok := acClaim.(string)
-	assert.True(t, ok, "ac claim is a string for buildx gha cache")
-	scopes := []actionsCacheScope{}
-	err = json.Unmarshal([]byte(ac), &scopes)
-	require.NoError(t, err, "ac claim is a json list for buildx gha cache")
-	assert.GreaterOrEqual(t, len(scopes), 1, "Expected at least one action cache scope for buildx gha cache")
+	task := &actions_model.ActionTask{
+		ID: 23,
+		Job: &actions_model.ActionRunJob{
+			ID:    2,
+			RunID: 1,
+		},
+	}
+
+	testcases := []struct {
+		name                string
+		enableOpenIDConnect bool
+		gitCtx              map[string]any
+	}{
+		{
+			name:                "enableOpenIDConnect false",
+			enableOpenIDConnect: false,
+			gitCtx:              map[string]any{},
+		},
+		{
+			name:                "enableOpenIDConnect true",
+			enableOpenIDConnect: true,
+			gitCtx: map[string]any{
+				"actor":            "user1",
+				"base_ref":         "master",
+				"event_name":       "push",
+				"head_ref":         "master",
+				"ref":              "refs/heads/master",
+				"ref_protected":    "false",
+				"ref_type":         "branch",
+				"repository":       "mpminardi/testing",
+				"repository_owner": "mpminardi",
+				"run_attempt":      "1",
+				"run_id":           "1",
+				"run_number":       "1",
+				"sha":              "pretend-sha",
+				"workflow":         "test.yml",
+				"workflow_ref":     "pretend-ref",
+			},
+		},
+	}
+
+	for _, tc := range testcases {
+		t.Run(tc.name, func(t *testing.T) {
+			token, err := CreateAuthorizationToken(task, tc.gitCtx, tc.enableOpenIDConnect)
+			require.NoError(t, err)
+			assert.NotEmpty(t, token)
+			claims := jwt.MapClaims{}
+			_, err = jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (any, error) {
+				return setting.GetGeneralTokenSigningSecret(), nil
+			})
+			require.NoError(t, err)
+			scp, ok := claims["scp"]
+			assert.True(t, ok, "Has scp claim in jwt token")
+			assert.Contains(t, scp, "Actions.Results:1:2")
+			taskIDClaim, ok := claims["TaskID"]
+			assert.True(t, ok, "Has TaskID claim in jwt token")
+			assert.InDelta(t, float64(task.ID), taskIDClaim, 0, "Supplied taskid must match stored one")
+			acClaim, ok := claims["ac"]
+			assert.True(t, ok, "Has ac claim in jwt token")
+			ac, ok := acClaim.(string)
+			assert.True(t, ok, "ac claim is a string for buildx gha cache")
+			scopes := []actionsCacheScope{}
+			err = json.Unmarshal([]byte(ac), &scopes)
+			require.NoError(t, err, "ac claim is a json list for buildx gha cache")
+			assert.GreaterOrEqual(t, len(scopes), 1, "Expected at least one action cache scope for buildx gha cache")
+
+			if tc.enableOpenIDConnect {
+				assert.Contains(t, scp, "generate_id_token:1:2")
+				oidcSubClaim, ok := claims["oidc_sub"]
+				assert.True(t, ok, "Has oidc_sub claim in jwt token")
+				assert.Equal(t, "repo:mpminardi/testing:ref:refs/heads/master", oidcSubClaim)
+				oidcExtraClaim, ok := claims["oidc_extra"]
+				assert.True(t, ok, "Has oidc_extra claim in jwt token")
+				val, err := json.Marshal(tc.gitCtx)
+				require.NoError(t, err)
+				assert.Equal(t, string(val), oidcExtraClaim)
+			} else {
+				assert.NotContains(t, scp, "generate_id_token")
+				_, ok := claims["oidc_sub"]
+				assert.False(t, ok, "Does not have oidc_sub claim in jwt token")
+				_, ok = claims["oidc_extra"]
+				assert.False(t, ok, "Does not have oidc_extra claim in jwt token")
+			}
+		})
+	}
 }
 
 func TestParseAuthorizationToken(t *testing.T) {
-	var taskID int64 = 23
-	token, err := CreateAuthorizationToken(taskID, 1, 2)
+	task := &actions_model.ActionTask{
+		ID: 23,
+		Job: &actions_model.ActionRunJob{
+			ID:    2,
+			RunID: 1,
+		},
+	}
+	token, err := CreateAuthorizationToken(task, map[string]any{}, false)
 	require.NoError(t, err)
 	assert.NotEmpty(t, token)
 	headers := http.Header{}
@@ -52,7 +121,51 @@ func TestParseAuthorizationToken(t *testing.T) {
 		Header: headers,
 	})
 	require.NoError(t, err)
-	assert.Equal(t, taskID, rTaskID)
+	assert.Equal(t, task.ID, rTaskID)
+}
+
+func TestParseAuthorizationTokenClaims(t *testing.T) {
+	task := &actions_model.ActionTask{
+		ID: 23,
+		Job: &actions_model.ActionRunJob{
+			ID:    2,
+			RunID: 1,
+		},
+	}
+	gitCtx := map[string]any{
+		"actor":            "user1",
+		"base_ref":         "master",
+		"event_name":       "push",
+		"head_ref":         "master",
+		"ref":              "refs/heads/master",
+		"ref_protected":    "false",
+		"ref_type":         "branch",
+		"repository":       "mpminardi/testing",
+		"repository_owner": "mpminardi",
+		"run_attempt":      "1",
+		"run_id":           "1",
+		"run_number":       "1",
+		"sha":              "pretend-sha",
+		"workflow":         "test.yml",
+		"workflow_ref":     "pretend-ref",
+	}
+	token, err := CreateAuthorizationToken(task, gitCtx, true)
+	require.NoError(t, err)
+	assert.NotEmpty(t, token)
+	headers := http.Header{}
+	headers.Set("Authorization", "Bearer "+token)
+	tokenClaims, err := ParseAuthorizationTokenClaims(&http.Request{
+		Header: headers,
+	})
+	require.NoError(t, err)
+	assert.Equal(t, task.ID, tokenClaims.TaskID)
+	assert.Equal(t, task.Job.ID, tokenClaims.JobID)
+	assert.Equal(t, task.Job.RunID, tokenClaims.RunID)
+	var customClaims map[string]any
+	err = json.Unmarshal([]byte(tokenClaims.OIDCExtra), &customClaims)
+	require.NoError(t, err)
+	assert.Equal(t, gitCtx, customClaims)
+	assert.Equal(t, "repo:mpminardi/testing:ref:refs/heads/master", tokenClaims.OIDCSub)
 }
 
 func TestParseAuthorizationTokenNoAuthHeader(t *testing.T) {
@@ -63,3 +176,25 @@ func TestParseAuthorizationTokenNoAuthHeader(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, int64(0), rTaskID)
 }
+
+func TestGenerateOIDCSub(t *testing.T) {
+	t.Run("pull_request event", func(t *testing.T) {
+		sub := generateOIDCSub(map[string]any{
+			"event_name": "pull_request",
+			"repository": "mpminardi/testing",
+			"ref":        "refs/heads/master",
+		})
+
+		assert.Equal(t, "repo:mpminardi/testing:pull_request", sub)
+	})
+
+	t.Run("other event", func(t *testing.T) {
+		sub := generateOIDCSub(map[string]any{
+			"event_name": "random",
+			"repository": "mpminardi/testing",
+			"ref":        "refs/heads/master",
+		})
+
+		assert.Equal(t, "repo:mpminardi/testing:ref:refs/heads/master", sub)
+	})
+}
diff --git a/services/actions/task.go b/services/actions/task.go
index 1de054346a..7b4e32571d 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -10,6 +10,8 @@ import (
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
+	actions_module "forgejo.org/modules/actions"
+	"forgejo.org/modules/setting"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 
@@ -82,18 +84,39 @@ func PickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv
 }
 
 func generateTaskContext(t *actions_model.ActionTask) (*structpb.Struct, error) {
-	giteaRuntimeToken, err := CreateAuthorizationToken(t.ID, t.Job.RunID, t.JobID)
-	if err != nil {
-		return nil, err
-	}
-
-	gitCtx, err := GenerateGiteaContext(t.Job.Run, t.Job)
+	run := t.Job.Run
+	gitCtx, err := GenerateGiteaContext(run, t.Job)
 	if err != nil {
 		return nil, err
 	}
 	gitCtx["token"] = t.Token
+
+	enableOpenIDConnect, err := t.Job.EnableOpenIDConnect()
+	if err != nil {
+		return nil, err
+	}
+
+	// Override the setting from the workflow is this is coming from a fork pull request
+	// and this isn't a pull_request_target event.
+	if run.IsForkPullRequest && run.TriggerEvent != actions_module.GithubEventPullRequestTarget {
+		enableOpenIDConnect = false
+	}
+
+	giteaRuntimeToken, err := CreateAuthorizationToken(t, gitCtx, enableOpenIDConnect)
+	if err != nil {
+		return nil, err
+	}
+
 	gitCtx["gitea_runtime_token"] = giteaRuntimeToken
 
+	if enableOpenIDConnect {
+		gitCtx["forgejo_actions_id_token_request_token"] = giteaRuntimeToken
+		// The "placeholder=true" at the end of the URL is meaningless, but we need a param
+		// here if we want to match the format used in GitHub actions examples (e.g., to ensure
+		// that "ACTIONS_ID_TOKEN_REQUEST_URL&audience=..." will work as expected).
+		gitCtx["forgejo_actions_id_token_request_url"] = setting.AppURL + setting.AppSubURL + fmt.Sprintf("api/actions/_apis/pipelines/workflows/%d/idtoken?placeholder=true", t.Job.RunID)
+	}
+
 	return structpb.NewStruct(gitCtx)
 }
 
diff --git a/services/actions/task_test.go b/services/actions/task_test.go
new file mode 100644
index 0000000000..f725a93674
--- /dev/null
+++ b/services/actions/task_test.go
@@ -0,0 +1,99 @@
+package actions
+
+import (
+	"fmt"
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/repo"
+	"forgejo.org/models/user"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestGenerateTaskContext(t *testing.T) {
+	workflowFormat := `
+name: Pull Request
+on: pull_request
+enable-openid-connect: %s
+jobs:
+  wf1-job:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo 'test the pull'
+`
+	testUser := &user.User{
+		ID:   1,
+		Name: "testuser",
+	}
+
+	testRepo := &repo.Repository{
+		ID:        1,
+		OwnerName: "testowner",
+		Name:      "testrepo",
+	}
+
+	createTask := func(workflowPayload string, isFork bool, triggerEvent string) *actions_model.ActionTask {
+		return &actions_model.ActionTask{
+			ID: 47,
+			Job: &actions_model.ActionRunJob{
+				ID:    2,
+				RunID: 1,
+				Run: &actions_model.ActionRun{
+					ID:                1,
+					Index:             42,
+					TriggerUser:       testUser,
+					Repo:              testRepo,
+					TriggerEvent:      triggerEvent,
+					Ref:               "refs/heads/main",
+					CommitSHA:         "abc123def456",
+					WorkflowID:        "test-workflow.yaml",
+					WorkflowDirectory: ".forgejo/workflows",
+					EventPayload:      `{"repository": {"name": "testrepo"}}`,
+					IsForkPullRequest: isFork,
+				},
+				WorkflowPayload: []byte(workflowPayload),
+			},
+		}
+	}
+
+	t.Run("openid connect enabled", func(t *testing.T) {
+		task := createTask(fmt.Sprintf(workflowFormat, "true"), false, "push")
+
+		taskContext, err := generateTaskContext(task)
+		require.NoError(t, err)
+		require.NotEmpty(t, taskContext.Fields["forgejo_actions_id_token_request_token"].GetStringValue())
+		require.NotEmpty(t, taskContext.Fields["forgejo_actions_id_token_request_url"].GetStringValue())
+		require.NotEmpty(t, taskContext.Fields["gitea_runtime_token"].GetStringValue())
+	})
+
+	t.Run("openid connect enabled from fork with pull_request_target event", func(t *testing.T) {
+		task := createTask(fmt.Sprintf(workflowFormat, "true"), true, "pull_request_target")
+
+		taskContext, err := generateTaskContext(task)
+		require.NoError(t, err)
+		require.NotEmpty(t, taskContext.Fields["forgejo_actions_id_token_request_token"].GetStringValue())
+		require.NotEmpty(t, taskContext.Fields["forgejo_actions_id_token_request_url"].GetStringValue())
+		require.NotEmpty(t, taskContext.Fields["gitea_runtime_token"].GetStringValue())
+	})
+
+	t.Run("openid connect enabled from fork with pull_request event", func(t *testing.T) {
+		task := createTask(fmt.Sprintf(workflowFormat, "true"), true, "pull_request")
+
+		taskContext, err := generateTaskContext(task)
+		require.NoError(t, err)
+		require.Empty(t, taskContext.Fields["forgejo_actions_id_token_request_token"].GetStringValue())
+		require.Empty(t, taskContext.Fields["forgejo_actions_id_token_request_url"].GetStringValue())
+		require.NotEmpty(t, taskContext.Fields["gitea_runtime_token"].GetStringValue())
+	})
+
+	t.Run("openid connect disabled", func(t *testing.T) {
+		task := createTask(fmt.Sprintf(workflowFormat, "false"), false, "push")
+
+		taskContext, err := generateTaskContext(task)
+		require.NoError(t, err)
+		require.Empty(t, taskContext.Fields["forgejo_actions_id_token_request_token"].GetStringValue())
+		require.Empty(t, taskContext.Fields["forgejo_actions_id_token_request_url"].GetStringValue())
+		require.NotEmpty(t, taskContext.Fields["gitea_runtime_token"].GetStringValue())
+	})
+}
diff --git a/services/auth/oauth2_test.go b/services/auth/oauth2_test.go
index a8fe9961fa..67e42c3c56 100644
--- a/services/auth/oauth2_test.go
+++ b/services/auth/oauth2_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"testing"
 
+	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/auth"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
@@ -22,7 +23,14 @@ func TestUserIDFromToken(t *testing.T) {
 
 	t.Run("Actions JWT", func(t *testing.T) {
 		const RunningTaskID = 47
-		token, err := actions.CreateAuthorizationToken(RunningTaskID, 1, 2)
+		task := &actions_model.ActionTask{
+			ID: RunningTaskID,
+			Job: &actions_model.ActionRunJob{
+				ID:    2,
+				RunID: 1,
+			},
+		}
+		token, err := actions.CreateAuthorizationToken(task, map[string]any{}, false)
 		require.NoError(t, err)
 
 		ds := make(middleware.ContextData)
diff --git a/services/auth/source/oauth2/init.go b/services/auth/source/oauth2/init.go
index 6c78a14da4..ac7853222c 100644
--- a/services/auth/source/oauth2/init.go
+++ b/services/auth/source/oauth2/init.go
@@ -11,6 +11,7 @@ import (
 
 	"forgejo.org/models/auth"
 	"forgejo.org/models/db"
+	"forgejo.org/modules/jwtx"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
@@ -28,9 +29,14 @@ const UsersStoreKey = "gitea-oauth2-sessions"
 // ProviderHeaderKey is the HTTP header key
 const ProviderHeaderKey = "gitea-oauth2-provider"
 
+// DefaultSigningKey is the default signing key for JWTs.
+var DefaultSigningKey jwtx.SigningKey
+
 // Init initializes the oauth source
 func Init(ctx context.Context) error {
-	if err := InitSigningKey(); err != nil {
+	var err error
+	DefaultSigningKey, err = jwtx.InitSigningKey(setting.GetGeneralTokenSigningSecret, setting.OAuth2.JWTSigningPrivateKeyFile, setting.OAuth2.JWTSigningAlgorithm)
+	if err != nil {
 		return err
 	}
 
diff --git a/services/auth/source/oauth2/jwtsigningkey_test.go b/services/auth/source/oauth2/jwtsigningkey_test.go
deleted file mode 100644
index 9b07b022df..0000000000
--- a/services/auth/source/oauth2/jwtsigningkey_test.go
+++ /dev/null
@@ -1,116 +0,0 @@
-// Copyright 2024 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: GPL-3.0-or-later
-
-package oauth2
-
-import (
-	"crypto/ecdsa"
-	"crypto/ed25519"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"forgejo.org/modules/setting"
-	"forgejo.org/modules/test"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestLoadOrCreateAsymmetricKey(t *testing.T) {
-	loadKey := func(t *testing.T) any {
-		t.Helper()
-		loadOrCreateAsymmetricKey()
-
-		fileContent, err := os.ReadFile(setting.OAuth2.JWTSigningPrivateKeyFile)
-		require.NoError(t, err)
-
-		block, _ := pem.Decode(fileContent)
-		assert.NotNil(t, block)
-		assert.Equal(t, "PRIVATE KEY", block.Type)
-
-		parsedKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
-		require.NoError(t, err)
-
-		return parsedKey
-	}
-	t.Run("RSA-2048", func(t *testing.T) {
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningPrivateKeyFile, filepath.Join(t.TempDir(), "jwt-rsa-2048.priv"))()
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningAlgorithm, "RS256")()
-
-		parsedKey := loadKey(t)
-
-		rsaPrivateKey := parsedKey.(*rsa.PrivateKey)
-		assert.Equal(t, 2048, rsaPrivateKey.N.BitLen())
-
-		t.Run("Load key with differ specified algorithm", func(t *testing.T) {
-			defer test.MockVariableValue(&setting.OAuth2.JWTSigningAlgorithm, "EdDSA")()
-
-			parsedKey := loadKey(t)
-			rsaPrivateKey := parsedKey.(*rsa.PrivateKey)
-			assert.Equal(t, 2048, rsaPrivateKey.N.BitLen())
-		})
-	})
-
-	t.Run("RSA-3072", func(t *testing.T) {
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningPrivateKeyFile, filepath.Join(t.TempDir(), "jwt-rsa-3072.priv"))()
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningAlgorithm, "RS384")()
-
-		parsedKey := loadKey(t)
-
-		rsaPrivateKey := parsedKey.(*rsa.PrivateKey)
-		assert.Equal(t, 3072, rsaPrivateKey.N.BitLen())
-	})
-
-	t.Run("RSA-4096", func(t *testing.T) {
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningPrivateKeyFile, filepath.Join(t.TempDir(), "jwt-rsa-4096.priv"))()
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningAlgorithm, "RS512")()
-
-		parsedKey := loadKey(t)
-
-		rsaPrivateKey := parsedKey.(*rsa.PrivateKey)
-		assert.Equal(t, 4096, rsaPrivateKey.N.BitLen())
-	})
-
-	t.Run("ECDSA-256", func(t *testing.T) {
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningPrivateKeyFile, filepath.Join(t.TempDir(), "jwt-ecdsa-256.priv"))()
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningAlgorithm, "ES256")()
-
-		parsedKey := loadKey(t)
-
-		ecdsaPrivateKey := parsedKey.(*ecdsa.PrivateKey)
-		assert.Equal(t, 256, ecdsaPrivateKey.Params().BitSize)
-	})
-
-	t.Run("ECDSA-384", func(t *testing.T) {
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningPrivateKeyFile, filepath.Join(t.TempDir(), "jwt-ecdsa-384.priv"))()
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningAlgorithm, "ES384")()
-
-		parsedKey := loadKey(t)
-
-		ecdsaPrivateKey := parsedKey.(*ecdsa.PrivateKey)
-		assert.Equal(t, 384, ecdsaPrivateKey.Params().BitSize)
-	})
-
-	t.Run("ECDSA-512", func(t *testing.T) {
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningPrivateKeyFile, filepath.Join(t.TempDir(), "jwt-ecdsa-512.priv"))()
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningAlgorithm, "ES512")()
-
-		parsedKey := loadKey(t)
-
-		ecdsaPrivateKey := parsedKey.(*ecdsa.PrivateKey)
-		assert.Equal(t, 521, ecdsaPrivateKey.Params().BitSize)
-	})
-
-	t.Run("EdDSA", func(t *testing.T) {
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningPrivateKeyFile, filepath.Join(t.TempDir(), "jwt-eddsa.priv"))()
-		defer test.MockVariableValue(&setting.OAuth2.JWTSigningAlgorithm, "EdDSA")()
-
-		parsedKey := loadKey(t)
-
-		assert.NotNil(t, parsedKey.(ed25519.PrivateKey))
-	})
-}
diff --git a/services/auth/source/oauth2/token.go b/services/auth/source/oauth2/token.go
index b060b6b746..6b5c3676aa 100644
--- a/services/auth/source/oauth2/token.go
+++ b/services/auth/source/oauth2/token.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"time"
 
+	"forgejo.org/modules/jwtx"
 	"forgejo.org/modules/timeutil"
 
 	"github.com/golang-jwt/jwt/v5"
@@ -41,7 +42,7 @@ type Token struct {
 }
 
 // ParseToken parses a signed jwt string
-func ParseToken(jwtToken string, signingKey JWTSigningKey) (*Token, error) {
+func ParseToken(jwtToken string, signingKey jwtx.SigningKey) (*Token, error) {
 	parsedToken, err := jwt.ParseWithClaims(jwtToken, &Token{}, func(token *jwt.Token) (any, error) {
 		if token.Method == nil || token.Method.Alg() != signingKey.SigningMethod().Alg() {
 			return nil, fmt.Errorf("unexpected signing algo: %v", token.Header["alg"])
@@ -63,7 +64,7 @@ func ParseToken(jwtToken string, signingKey JWTSigningKey) (*Token, error) {
 }
 
 // SignToken signs the token with the JWT secret
-func (token *Token) SignToken(signingKey JWTSigningKey) (string, error) {
+func (token *Token) SignToken(signingKey jwtx.SigningKey) (string, error) {
 	token.IssuedAt = jwt.NewNumericDate(time.Now())
 	jwtToken := jwt.NewWithClaims(signingKey.SigningMethod(), token)
 	signingKey.PreProcessToken(jwtToken)
@@ -93,7 +94,7 @@ type OIDCToken struct {
 }
 
 // SignToken signs an id_token with the (symmetric) client secret key
-func (token *OIDCToken) SignToken(signingKey JWTSigningKey) (string, error) {
+func (token *OIDCToken) SignToken(signingKey jwtx.SigningKey) (string, error) {
 	token.IssuedAt = jwt.NewNumericDate(time.Now())
 	jwtToken := jwt.NewWithClaims(signingKey.SigningMethod(), token)
 	signingKey.PreProcessToken(jwtToken)
diff --git a/tests/integration/actions_job_test.go b/tests/integration/actions_job_test.go
index e91f0e92bd..91c61fe258 100644
--- a/tests/integration/actions_job_test.go
+++ b/tests/integration/actions_job_test.go
@@ -365,6 +365,41 @@ func TestActionsGiteaContext(t *testing.T) {
 		t.Skip()
 	}
 
+	testCases := []struct {
+		name                string
+		treePath            string
+		fileContent         string
+		enableOpenIDConnect bool
+	}{
+		{
+			name:     "openid_connect_disabled",
+			treePath: ".gitea/workflows/pull.yml",
+			fileContent: `name: Pull Request
+on: pull_request
+jobs:
+  wf1-job:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo 'test the pull'
+`,
+			enableOpenIDConnect: false,
+		},
+		{
+			name:     "openid_connect_enabled",
+			treePath: ".gitea/workflows/pull-enabled.yml",
+			fileContent: `name: Pull Request
+on: pull_request
+jobs:
+  wf1-job:
+    enable-openid-connect: true
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo 'test the pull'
+`,
+			enableOpenIDConnect: true,
+		},
+	}
+
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		user2Session := loginUser(t, user2.Name)
@@ -377,75 +412,79 @@ func TestActionsGiteaContext(t *testing.T) {
 		runner := newMockRunner()
 		runner.registerAsRepoRunner(t, baseRepo.OwnerName, baseRepo.Name, "mock-runner", []string{"ubuntu-latest"})
 
-		// init the workflow
-		wfTreePath := ".gitea/workflows/pull.yml"
-		wfFileContent := `name: Pull Request
-on: pull_request
-jobs:
-  wf1-job:
-    runs-on: ubuntu-latest
-    steps:
-      - run: echo 'test the pull'
-`
-		opts := getWorkflowCreateFileOptions(user2, baseRepo.DefaultBranch, fmt.Sprintf("create %s", wfTreePath), wfFileContent)
-		createWorkflowFile(t, user2Token, baseRepo.OwnerName, baseRepo.Name, wfTreePath, opts)
-		// user2 creates a pull request
-		doAPICreateFile(user2APICtx, "user2-patch.txt", &api.CreateFileOptions{
-			FileOptions: api.FileOptions{
-				NewBranchName: "user2/patch-1",
-				Message:       "create user2-patch.txt",
-				Author: api.Identity{
-					Name:  user2.Name,
-					Email: user2.Email,
-				},
-				Committer: api.Identity{
-					Name:  user2.Name,
-					Email: user2.Email,
-				},
-				Dates: api.CommitDateOptions{
-					Author:    time.Now(),
-					Committer: time.Now(),
-				},
-			},
-			ContentBase64: base64.StdEncoding.EncodeToString([]byte("user2-fix")),
-		})(t)
-		apiPull, err := doAPICreatePullRequest(user2APICtx, baseRepo.OwnerName, baseRepo.Name, baseRepo.DefaultBranch, "user2/patch-1")(t)
-		require.NoError(t, err)
-		task := runner.fetchTask(t)
-		gtCtx := task.Context.GetFields()
-		actionTask := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: task.Id})
-		actionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: actionTask.JobID})
-		actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: actionRunJob.RunID})
-		require.NoError(t, actionRun.LoadAttributes(t.Context()))
+		for _, tc := range testCases {
+			t.Run(tc.name, func(t *testing.T) {
+				opts := getWorkflowCreateFileOptions(user2, baseRepo.DefaultBranch, fmt.Sprintf("create %s", tc.treePath), tc.fileContent)
+				createWorkflowFile(t, user2Token, baseRepo.OwnerName, baseRepo.Name, tc.treePath, opts)
+				// user2 creates a pull request
+				doAPICreateFile(user2APICtx, "user2-patch.txt", &api.CreateFileOptions{
+					FileOptions: api.FileOptions{
+						NewBranchName: tc.name,
+						Message:       "create user2-patch.txt",
+						Author: api.Identity{
+							Name:  user2.Name,
+							Email: user2.Email,
+						},
+						Committer: api.Identity{
+							Name:  user2.Name,
+							Email: user2.Email,
+						},
+						Dates: api.CommitDateOptions{
+							Author:    time.Now(),
+							Committer: time.Now(),
+						},
+					},
+					ContentBase64: base64.StdEncoding.EncodeToString([]byte("user2-fix")),
+				})(t)
+				apiPull, err := doAPICreatePullRequest(user2APICtx, baseRepo.OwnerName, baseRepo.Name, baseRepo.DefaultBranch, tc.name)(t)
+				require.NoError(t, err)
+				task := runner.fetchTask(t)
+				gtCtx := task.Context.GetFields()
+				actionTask := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: task.Id})
+				actionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: actionTask.JobID})
+				actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: actionRunJob.RunID})
+				require.NoError(t, actionRun.LoadAttributes(t.Context()))
 
-		assert.Equal(t, user2.Name, gtCtx["actor"].GetStringValue())
-		assert.Equal(t, setting.AppURL+"api/v1", gtCtx["api_url"].GetStringValue())
-		assert.Equal(t, apiPull.Base.Ref, gtCtx["base_ref"].GetStringValue())
-		runEvent := map[string]any{}
-		require.NoError(t, json.Unmarshal([]byte(actionRun.EventPayload), &runEvent))
-		assert.True(t, reflect.DeepEqual(gtCtx["event"].GetStructValue().AsMap(), runEvent))
-		assert.Equal(t, actionRun.TriggerEvent, gtCtx["event_name"].GetStringValue())
-		assert.Equal(t, apiPull.Head.Ref, gtCtx["head_ref"].GetStringValue())
-		assert.Equal(t, actionRunJob.JobID, gtCtx["job"].GetStringValue())
-		assert.Equal(t, actionRun.Ref, gtCtx["ref"].GetStringValue())
-		assert.Equal(t, (git.RefName(actionRun.Ref)).ShortName(), gtCtx["ref_name"].GetStringValue())
-		assert.False(t, gtCtx["ref_protected"].GetBoolValue())
-		assert.Equal(t, (git.RefName(actionRun.Ref)).RefType(), gtCtx["ref_type"].GetStringValue())
-		assert.Equal(t, actionRun.Repo.OwnerName+"/"+actionRun.Repo.Name, gtCtx["repository"].GetStringValue())
-		assert.Equal(t, actionRun.Repo.OwnerName, gtCtx["repository_owner"].GetStringValue())
-		assert.Equal(t, actionRun.Repo.HTMLURL(), gtCtx["repositoryUrl"].GetStringValue())
-		assert.Equal(t, fmt.Sprint(actionRunJob.RunID), gtCtx["run_id"].GetStringValue())
-		assert.Equal(t, fmt.Sprint(actionRun.Index), gtCtx["run_number"].GetStringValue())
-		assert.Equal(t, fmt.Sprint(actionRunJob.Attempt), gtCtx["run_attempt"].GetStringValue())
-		assert.Equal(t, "Actions", gtCtx["secret_source"].GetStringValue())
-		assert.Equal(t, setting.AppURL, gtCtx["server_url"].GetStringValue())
-		assert.Equal(t, actionRun.CommitSHA, gtCtx["sha"].GetStringValue())
-		assert.Equal(t, actionRun.WorkflowID, gtCtx["workflow"].GetStringValue())
-		assert.Equal(t, "user2/actions-gitea-context/.gitea/workflows/pull.yml@refs/pull/1/head", gtCtx["workflow_ref"].GetStringValue())
-		assert.Equal(t, setting.Actions.DefaultActionsURL.URL(), gtCtx["gitea_default_actions_url"].GetStringValue())
-		assert.Equal(t, setting.AppVer, gtCtx["forgejo_server_version"].GetStringValue())
-		token := gtCtx["token"].GetStringValue()
-		assert.Equal(t, actionTask.TokenLastEight, token[len(token)-8:])
+				assert.Equal(t, user2.Name, gtCtx["actor"].GetStringValue())
+				assert.Equal(t, setting.AppURL+"api/v1", gtCtx["api_url"].GetStringValue())
+				assert.Equal(t, apiPull.Base.Ref, gtCtx["base_ref"].GetStringValue())
+				runEvent := map[string]any{}
+				require.NoError(t, json.Unmarshal([]byte(actionRun.EventPayload), &runEvent))
+				assert.True(t, reflect.DeepEqual(gtCtx["event"].GetStructValue().AsMap(), runEvent))
+				assert.Equal(t, actionRun.TriggerEvent, gtCtx["event_name"].GetStringValue())
+				assert.Equal(t, apiPull.Head.Ref, gtCtx["head_ref"].GetStringValue())
+				assert.Equal(t, actionRunJob.JobID, gtCtx["job"].GetStringValue())
+				assert.Equal(t, actionRun.Ref, gtCtx["ref"].GetStringValue())
+				assert.Equal(t, (git.RefName(actionRun.Ref)).ShortName(), gtCtx["ref_name"].GetStringValue())
+				assert.False(t, gtCtx["ref_protected"].GetBoolValue())
+				assert.Equal(t, (git.RefName(actionRun.Ref)).RefType(), gtCtx["ref_type"].GetStringValue())
+				assert.Equal(t, actionRun.Repo.OwnerName+"/"+actionRun.Repo.Name, gtCtx["repository"].GetStringValue())
+				assert.Equal(t, actionRun.Repo.OwnerName, gtCtx["repository_owner"].GetStringValue())
+				assert.Equal(t, actionRun.Repo.HTMLURL(), gtCtx["repositoryUrl"].GetStringValue())
+				assert.Equal(t, fmt.Sprint(actionRunJob.RunID), gtCtx["run_id"].GetStringValue())
+				assert.Equal(t, fmt.Sprint(actionRun.Index), gtCtx["run_number"].GetStringValue())
+				assert.Equal(t, fmt.Sprint(actionRunJob.Attempt), gtCtx["run_attempt"].GetStringValue())
+				assert.Equal(t, "Actions", gtCtx["secret_source"].GetStringValue())
+				assert.Equal(t, setting.AppURL, gtCtx["server_url"].GetStringValue())
+				assert.Equal(t, actionRun.CommitSHA, gtCtx["sha"].GetStringValue())
+				assert.Equal(t, actionRun.WorkflowID, gtCtx["workflow"].GetStringValue())
+				assert.Contains(t, gtCtx["workflow_ref"].GetStringValue(), fmt.Sprintf("user2/actions-gitea-context/%s@refs/pull", tc.treePath))
+				assert.Equal(t, setting.Actions.DefaultActionsURL.URL(), gtCtx["gitea_default_actions_url"].GetStringValue())
+				assert.Equal(t, setting.AppVer, gtCtx["forgejo_server_version"].GetStringValue())
+				token := gtCtx["token"].GetStringValue()
+				assert.Equal(t, actionTask.TokenLastEight, token[len(token)-8:])
+				if tc.enableOpenIDConnect {
+					assert.NotEmpty(t, gtCtx["forgejo_actions_id_token_request_token"].GetStringValue())
+					assert.Equal(t,
+						fmt.Sprintf("%sapi/actions/_apis/pipelines/workflows/%d/idtoken?placeholder=true",
+							setting.AppURL, actionRunJob.RunID), gtCtx["forgejo_actions_id_token_request_url"].GetStringValue(),
+					)
+				} else {
+					assert.Empty(t, gtCtx["forgejo_actions_id_token_request_token"].GetStringValue())
+					assert.Empty(t, gtCtx["forgejo_actions_id_token_request_url"].GetStringValue())
+				}
+			})
+		}
 
 		doAPIDeleteRepository(user2APICtx)(t)
 	})
diff --git a/tests/integration/api_actions_artifact_v4_test.go b/tests/integration/api_actions_artifact_v4_test.go
index 02324ee73b..62be33d552 100644
--- a/tests/integration/api_actions_artifact_v4_test.go
+++ b/tests/integration/api_actions_artifact_v4_test.go
@@ -14,6 +14,7 @@ import (
 	"testing"
 	"time"
 
+	actions_model "forgejo.org/models/actions"
 	"forgejo.org/modules/storage"
 	"forgejo.org/routers/api/actions"
 	actions_service "forgejo.org/services/actions"
@@ -35,7 +36,14 @@ func toProtoJSON(m protoreflect.ProtoMessage) io.Reader {
 }
 
 func uploadArtifact(t *testing.T, body string) string {
-	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
+	task := &actions_model.ActionTask{
+		ID: 48,
+		Job: &actions_model.ActionRunJob{
+			ID:    193,
+			RunID: 792,
+		},
+	}
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -88,7 +96,14 @@ func TestActionsArtifactV4UploadSingleFile(t *testing.T) {
 func TestActionsArtifactV4UploadSingleFileWrongChecksum(t *testing.T) {
 	defer prepareTestEnvActionsArtifacts(t)()
 
-	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
+	task := &actions_model.ActionTask{
+		ID: 48,
+		Job: &actions_model.ActionRunJob{
+			ID:    193,
+			RunID: 792,
+		},
+	}
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -132,7 +147,14 @@ func TestActionsArtifactV4UploadSingleFileWrongChecksum(t *testing.T) {
 func TestActionsArtifactV4UploadSingleFileWithRetentionDays(t *testing.T) {
 	defer prepareTestEnvActionsArtifacts(t)()
 
-	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
+	task := &actions_model.ActionTask{
+		ID: 48,
+		Job: &actions_model.ActionRunJob{
+			ID:    193,
+			RunID: 792,
+		},
+	}
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -180,7 +202,14 @@ func TestActionsArtifactV4UploadSingleFileWithRetentionDays(t *testing.T) {
 func TestActionsArtifactV4UploadSingleFileWithPotentialHarmfulBlockID(t *testing.T) {
 	defer prepareTestEnvActionsArtifacts(t)()
 
-	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
+	task := &actions_model.ActionTask{
+		ID: 48,
+		Job: &actions_model.ActionRunJob{
+			ID:    193,
+			RunID: 792,
+		},
+	}
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -243,7 +272,14 @@ func TestActionsArtifactV4UploadSingleFileWithPotentialHarmfulBlockID(t *testing
 func TestActionsArtifactV4UploadSingleFileWithChunksOutOfOrder(t *testing.T) {
 	defer prepareTestEnvActionsArtifacts(t)()
 
-	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
+	task := &actions_model.ActionTask{
+		ID: 48,
+		Job: &actions_model.ActionRunJob{
+			ID:    193,
+			RunID: 792,
+		},
+	}
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -308,7 +344,14 @@ func TestActionsArtifactV4UploadSingleFileWithChunksOutOfOrder(t *testing.T) {
 func TestActionsArtifactV4DownloadSingle(t *testing.T) {
 	defer prepareTestEnvActionsArtifacts(t)()
 
-	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
+	task := &actions_model.ActionTask{
+		ID: 48,
+		Job: &actions_model.ActionRunJob{
+			ID:    193,
+			RunID: 792,
+		},
+	}
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -369,7 +412,14 @@ func TestActionsArtifactV4DownloadRange(t *testing.T) {
 func TestActionsArtifactV4Delete(t *testing.T) {
 	defer prepareTestEnvActionsArtifacts(t)()
 
-	token, err := actions_service.CreateAuthorizationToken(48, 792, 193)
+	task := &actions_model.ActionTask{
+		ID: 48,
+		Job: &actions_model.ActionRunJob{
+			ID:    193,
+			RunID: 792,
+		},
+	}
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
 	require.NoError(t, err)
 
 	// delete artifact by name
diff --git a/tests/integration/api_actions_id_token_test.go b/tests/integration/api_actions_id_token_test.go
new file mode 100644
index 0000000000..d5c7301ad1
--- /dev/null
+++ b/tests/integration/api_actions_id_token_test.go
@@ -0,0 +1,182 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"crypto/rsa"
+	"encoding/base64"
+	"math/big"
+	"net/http"
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/db"
+	"forgejo.org/modules/setting"
+	actions_service "forgejo.org/services/actions"
+	"forgejo.org/tests"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+type getTokenResponse struct {
+	Value string `json:"value"`
+}
+
+func prepareTestEnvActionsIDToken(t *testing.T) func() {
+	t.Helper()
+	f := tests.PrepareTestEnv(t, 1)
+	return f
+}
+
+func TestActionsIDToken(t *testing.T) {
+	defer prepareTestEnvActionsIDToken(t)()
+	task, err := actions_model.GetTaskByID(db.DefaultContext, 48)
+	if err != nil {
+		t.Fatal(err)
+	}
+	err = task.LoadAttributes(db.DefaultContext)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	gitCtx, err := actions_service.GenerateGiteaContext(task.Job.Run, task.Job)
+	require.NoError(t, err)
+
+	token, err := actions_service.CreateAuthorizationToken(task, gitCtx, true)
+	require.NoError(t, err)
+
+	// get JWKs information
+	req := NewRequest(t, "GET", "/api/actions/.well-known/keys")
+	resp := MakeRequest(t, req, http.StatusOK)
+	var jwks jwksResponse
+	DecodeJSON(t, resp, &jwks)
+	require.Len(t, jwks["keys"], 1)
+	key := jwks["keys"][0]
+
+	var exponent []byte
+	if exponent, err = base64.RawURLEncoding.DecodeString(key["e"]); err != nil {
+		t.Fatal(err)
+	}
+
+	var modulus []byte
+	if modulus, err = base64.RawURLEncoding.DecodeString(key["n"]); err != nil {
+		t.Fatal(err)
+	}
+
+	pubKey := rsa.PublicKey{
+		E: int(big.NewInt(0).SetBytes(exponent).Uint64()),
+		N: big.NewInt(0).SetBytes(modulus),
+	}
+
+	t.Run("success path", func(t *testing.T) {
+		doAssertions := func(aud string, claims map[string]any) {
+			assert.Equal(t, "user1", claims["actor"])
+			assert.Equal(t, aud, claims["aud"])
+			assert.Equal(t, setting.AppURL+"api/actions", claims["iss"])
+			assert.Equal(t, "refs/heads/master", claims["ref"])
+			assert.Equal(t, "false", claims["ref_protected"])
+			assert.Equal(t, "branch", claims["ref_type"])
+			assert.Equal(t, "user5/repo4", claims["repository"])
+			assert.Equal(t, "user5", claims["repository_owner"])
+			assert.Equal(t, "1", claims["run_attempt"])
+			assert.Equal(t, "792", claims["run_id"])
+			assert.Equal(t, "188", claims["run_number"])
+			assert.Equal(t, "c2d72f548424103f01ee1dc02889c1e2bff816b0", claims["sha"])
+			assert.Equal(t, "repo:user5/repo4:ref:refs/heads/master", claims["sub"])
+			assert.Equal(t, "artifact.yaml", claims["workflow"])
+			assert.Equal(t, "user5/repo4/.forgejo/workflows/artifact.yaml@refs/heads/master", claims["workflow_ref"])
+		}
+
+		// Default aud
+		req = NewRequest(t, "GET", "/api/actions/_apis/pipelines/workflows/792/idtoken?placeholder=true").AddTokenAuth(token)
+		resp = MakeRequest(t, req, http.StatusOK)
+		var getResponse getTokenResponse
+		DecodeJSON(t, resp, &getResponse)
+
+		claims := jwt.MapClaims{}
+		_, err = jwt.ParseWithClaims(getResponse.Value, claims, func(t *jwt.Token) (any, error) {
+			return &pubKey, nil
+		})
+		require.NoError(t, err)
+
+		doAssertions(setting.AppURL+"user5", claims)
+
+		// Custom aud
+		req = NewRequest(t, "GET", "/api/actions/_apis/pipelines/workflows/792/idtoken?placeholder=true&audience=testingAud").AddTokenAuth(token)
+		resp = MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &getResponse)
+
+		claims = jwt.MapClaims{}
+		_, err = jwt.ParseWithClaims(getResponse.Value, claims, func(t *jwt.Token) (any, error) {
+			return &pubKey, nil
+		})
+		require.NoError(t, err)
+
+		doAssertions("testingAud", claims)
+	})
+
+	t.Run("with no auth header", func(t *testing.T) {
+		req = NewRequest(t, "GET", "/api/actions/_apis/pipelines/workflows/792/idtoken?placeholder=true&audience=testingAud")
+		resp = MakeRequest(t, req, http.StatusUnauthorized)
+		assert.Contains(t, resp.Body.String(), "Bad authorization header")
+	})
+
+	t.Run("with bad token format", func(t *testing.T) {
+		req = NewRequest(t, "GET", "/api/actions/_apis/pipelines/workflows/792/idtoken?placeholder=true&audience=testingAud").AddTokenAuth("1234567")
+		resp = MakeRequest(t, req, http.StatusInternalServerError)
+		assert.Contains(t, resp.Body.String(), "Error runner api parsing authorization token")
+	})
+
+	t.Run("with invalid task", func(t *testing.T) {
+		task, err := actions_model.GetTaskByID(db.DefaultContext, 48)
+		if err != nil {
+			t.Fatal(err)
+		}
+		err = task.LoadAttributes(db.DefaultContext)
+		if err != nil {
+			t.Fatal(err)
+		}
+		// Change ID to be invalid
+		task.ID = 123456
+
+		gitCtx, err := actions_service.GenerateGiteaContext(task.Job.Run, task.Job)
+		require.NoError(t, err)
+
+		token, err := actions_service.CreateAuthorizationToken(task, gitCtx, true)
+		require.NoError(t, err)
+
+		req = NewRequest(t, "GET", "/api/actions/_apis/pipelines/workflows/abcde/idtoken?placeholder=true&audience=testingAud").AddTokenAuth(token)
+		resp = MakeRequest(t, req, http.StatusInternalServerError)
+		assert.Contains(t, resp.Body.String(), "Error runner api getting task by ID")
+	})
+
+	t.Run("with task that is not running", func(t *testing.T) {
+		task, err := actions_model.GetTaskByID(db.DefaultContext, 49)
+		if err != nil {
+			t.Fatal(err)
+		}
+		err = task.LoadAttributes(db.DefaultContext)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		gitCtx, err := actions_service.GenerateGiteaContext(task.Job.Run, task.Job)
+		require.NoError(t, err)
+
+		token, err := actions_service.CreateAuthorizationToken(task, gitCtx, true)
+		require.NoError(t, err)
+
+		req = NewRequest(t, "GET", "/api/actions/_apis/pipelines/workflows/abcde/idtoken?placeholder=true&audience=testingAud").AddTokenAuth(token)
+		resp = MakeRequest(t, req, http.StatusInternalServerError)
+		assert.Contains(t, resp.Body.String(), "Error runner api getting task: task is not running")
+	})
+
+	t.Run("with mismatched run ID", func(t *testing.T) {
+		req = NewRequest(t, "GET", "/api/actions/_apis/pipelines/workflows/123/idtoken?placeholder=true&audience=testingAud").AddTokenAuth(token)
+		resp = MakeRequest(t, req, http.StatusBadRequest)
+		assert.Contains(t, resp.Body.String(), "run-id does not match")
+	})
+}
diff --git a/tests/integration/api_actions_oidc_test.go b/tests/integration/api_actions_oidc_test.go
new file mode 100644
index 0000000000..71e96d7531
--- /dev/null
+++ b/tests/integration/api_actions_oidc_test.go
@@ -0,0 +1,71 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"encoding/base64"
+	"net/http"
+	"testing"
+
+	"forgejo.org/modules/setting"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+type jwksResponse map[string][]map[string]string
+
+type openIDConfigurationResponse struct {
+	Issuer                           string   `json:"issuer"`
+	JwksURI                          string   `json:"jwks_uri"`
+	SubjectTypesSupported            []string `json:"subject_types_supported"`
+	ResponseTypesSupported           []string `json:"response_types_supported"`
+	ClaimsSupported                  []string `json:"claims_supported"`
+	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
+	ScopesSupported                  []string `json:"scopes_supported"`
+}
+
+func prepareTestEnvActionsOIDC(t *testing.T) func() {
+	t.Helper()
+	f := tests.PrepareTestEnv(t, 1)
+	return f
+}
+
+func TestActionsOIDC(t *testing.T) {
+	defer prepareTestEnvActionsOIDC(t)()
+
+	// get config information
+	req := NewRequest(t, "GET", "/api/actions/.well-known/openid-configuration")
+	resp := MakeRequest(t, req, http.StatusOK)
+	var config openIDConfigurationResponse
+	DecodeJSON(t, resp, &config)
+	assert.Equal(t, setting.AppURL+"api/actions", config.Issuer)
+	assert.Equal(t, setting.AppURL+"api/actions/.well-known/keys", config.JwksURI)
+	assert.Equal(t, []string{"public"}, config.SubjectTypesSupported)
+	assert.Equal(t, []string{"id_token"}, config.ResponseTypesSupported)
+	assert.Equal(t, []string{"sub", "aud", "exp", "iat", "iss", "nbf", "actor", "base_ref", "event_name", "head_ref", "ref", "ref_protected", "ref_type", "repository", "repository_owner", "run_attempt", "run_id", "run_number", "sha", "workflow", "workflow_ref"}, config.ClaimsSupported)
+	assert.Equal(t, []string{"RS256"}, config.IDTokenSigningAlgValuesSupported)
+	assert.Equal(t, []string{"openid"}, config.ScopesSupported)
+
+	// get JWKs information
+	req = NewRequest(t, "GET", config.JwksURI)
+	resp = MakeRequest(t, req, http.StatusOK)
+	var jwks jwksResponse
+	DecodeJSON(t, resp, &jwks)
+	require.Len(t, jwks["keys"], 1)
+	key := jwks["keys"][0]
+	require.Equal(t, "RSA", key["kty"])
+	require.Equal(t, "RS256", key["alg"])
+	require.Equal(t, "sig", key["use"])
+
+	// Basic validation of returned exponents
+	if _, err := base64.RawURLEncoding.DecodeString(key["e"]); err != nil {
+		t.Fatal(err)
+	}
+
+	if _, err := base64.RawURLEncoding.DecodeString(key["n"]); err != nil {
+		t.Fatal(err)
+	}
+}

From 635d55043f4f0a7d943c833dfecfe25db15a5df9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 15 Jan 2026 06:27:12 +0100
Subject: [PATCH 158/854] Update module github.com/go-chi/chi/v5 to v5.2.4
 (forgejo) (#10841)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10841
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2c1303e9a0..3bc49aa701 100644
--- a/go.mod
+++ b/go.mod
@@ -45,7 +45,7 @@ require (
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9
 	github.com/go-ap/jsonld v0.0.0-20251216162253-e38fa664ea77
-	github.com/go-chi/chi/v5 v5.2.3
+	github.com/go-chi/chi/v5 v5.2.4
 	github.com/go-chi/cors v1.2.2
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-enry/go-enry/v2 v2.9.3
diff --git a/go.sum b/go.sum
index 1102d28d07..52df9db5f6 100644
--- a/go.sum
+++ b/go.sum
@@ -263,8 +263,8 @@ github.com/go-ap/jsonld v0.0.0-20251216162253-e38fa664ea77/go.mod h1:4h93IBxgfnE
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-chi/chi/v5 v5.0.1/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
-github.com/go-chi/chi/v5 v5.2.3 h1:WQIt9uxdsAbgIYgid+BpYc+liqQZGMHRaUwp0JUcvdE=
-github.com/go-chi/chi/v5 v5.2.3/go.mod h1:L2yAIGWB3H+phAw1NxKwWM+7eUH/lU8pOMm5hHcoops=
+github.com/go-chi/chi/v5 v5.2.4 h1:WtFKPHwlywe8Srng8j2BhOD9312j9cGUxG1SP4V2cR4=
+github.com/go-chi/chi/v5 v5.2.4/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0=
 github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE=
 github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=

From 1a4c5cd69081fa61d0e6b2bf12ee031eb6b5f374 Mon Sep 17 00:00:00 2001
From: limiting-factor <limiting-factor@posteo.com>
Date: Thu, 15 Jan 2026 11:05:02 +0100
Subject: [PATCH 159/854] fix: pin github.com/urfave/cli to v3.5.0 (#10828)

Upgrading to v3.6.1 breaks `--help`

```
$ forgejo forgejo-cli --help
Incorrect Usage: flag provided but not defined: -help
```

### Testing

```
$ make forgejo
$ ./forgejo forgejo-cli --help
NAME:
   forgejo forgejo-cli - Forgejo CLI

USAGE:
   forgejo forgejo-cli [command [command options]]

COMMANDS:
   actions  Commands for managing Forgejo Actions
   f3       F3
```

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10828
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: limiting-factor <limiting-factor@posteo.com>
Co-committed-by: limiting-factor <limiting-factor@posteo.com>
---
 cmd/main_test.go | 5 +++++
 go.mod           | 2 ++
 go.sum           | 4 ++--
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/cmd/main_test.go b/cmd/main_test.go
index 737150c62f..1ec3471343 100644
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -108,6 +108,11 @@ func TestCliCmd(t *testing.T) {
 			cmd: "./gitea test-cmd --config /tmp/app-other.ini",
 			exp: makePathOutput("/tmp", "/tmp/custom", "/tmp/app-other.ini"),
 		},
+		{
+			env: map[string]string{"GITEA_WORK_DIR": "/tmp"},
+			cmd: "./gitea forgejo-cli --help",
+			exp: "(subcommand help template)",
+		},
 	}
 
 	for _, c := range cases {
diff --git a/go.mod b/go.mod
index 3bc49aa701..e50d57ffc5 100644
--- a/go.mod
+++ b/go.mod
@@ -274,3 +274,5 @@ replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-2024121
 replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
 
 replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.4
+
+replace github.com/urfave/cli/v3 => github.com/urfave/cli/v3 v3.5.0
diff --git a/go.sum b/go.sum
index 52df9db5f6..fb35920cda 100644
--- a/go.sum
+++ b/go.sum
@@ -660,8 +660,8 @@ github.com/tinylib/msgp v1.3.0/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
 github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli/v3 v3.6.1 h1:j8Qq8NyUawj/7rTYdBGrxcH7A/j7/G8Q5LhWEW4G3Mo=
-github.com/urfave/cli/v3 v3.6.1/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
+github.com/urfave/cli/v3 v3.5.0 h1:qCuFMmdayTF3zmjG8TSsoBzrDqszNrklYg2x3g4MSgw=
+github.com/urfave/cli/v3 v3.5.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/valyala/fastjson v1.6.7 h1:ZE4tRy0CIkh+qDc5McjatheGX2czdn8slQjomexVpBM=
 github.com/valyala/fastjson v1.6.7/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=

From e6b13797a25a498caac2b5e03b3d642cbe9364eb Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 15 Jan 2026 13:04:48 +0100
Subject: [PATCH 160/854] Update module github.com/minio/minio-go/v7 to v7.0.98
 (forgejo) (#10842)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10842
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 assets/go-licenses.json | 10 +++++-----
 go.mod                  |  7 ++++---
 go.sum                  | 14 ++++++++------
 3 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 2819730532..4db7e9638d 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -654,11 +654,6 @@
     "path": "github.com/gobwas/glob/LICENSE",
     "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2016 Sergey Kamardin\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE."
   },
-  {
-    "name": "github.com/goccy/go-json",
-    "path": "github.com/goccy/go-json/LICENSE",
-    "licenseText": "MIT License\n\nCopyright (c) 2020 Masaaki Goshima\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
-  },
   {
     "name": "github.com/gogs/chardet",
     "path": "github.com/gogs/chardet/LICENSE",
@@ -859,6 +854,11 @@
     "path": "github.com/klauspost/cpuid/v2/LICENSE",
     "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2015 Klaus Post\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n"
   },
+  {
+    "name": "github.com/klauspost/crc32",
+    "path": "github.com/klauspost/crc32/LICENSE",
+    "licenseText": "Copyright (c) 2012 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+  },
   {
     "name": "github.com/klauspost/pgzip",
     "path": "github.com/klauspost/pgzip/LICENSE",
diff --git a/go.mod b/go.mod
index e50d57ffc5..8616316b8d 100644
--- a/go.mod
+++ b/go.mod
@@ -79,7 +79,7 @@ require (
 	github.com/meilisearch/meilisearch-go v0.34.0
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
-	github.com/minio/minio-go/v7 v7.0.95
+	github.com/minio/minio-go/v7 v7.0.98
 	github.com/msteinert/pam/v2 v2.1.0
 	github.com/niklasfasching/go-org v1.9.1
 	github.com/olivere/elastic/v7 v7.0.32
@@ -206,6 +206,7 @@ require (
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
+	github.com/klauspost/crc32 v1.3.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/lib/pq v1.10.9 // indirect
 	github.com/libdns/libdns v1.0.0 // indirect
@@ -217,7 +218,7 @@ require (
 	github.com/mholt/acmez/v3 v3.1.2 // indirect
 	github.com/miekg/dns v1.1.63 // indirect
 	github.com/mikelolasagasti/xz v1.0.1 // indirect
-	github.com/minio/crc64nvme v1.0.2 // indirect
+	github.com/minio/crc64nvme v1.1.1 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/minio/minlz v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
@@ -245,7 +246,7 @@ require (
 	github.com/sorairolake/lzip-go v0.3.8 // indirect
 	github.com/spf13/afero v1.15.0 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
-	github.com/tinylib/msgp v1.3.0 // indirect
+	github.com/tinylib/msgp v1.6.1 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/zeebo/assert v1.3.0 // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
diff --git a/go.sum b/go.sum
index fb35920cda..41236c8227 100644
--- a/go.sum
+++ b/go.sum
@@ -483,6 +483,8 @@ github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgo
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.11 h1:0OwqZRYI2rFrjS4kvkDnqJkKHdHaRnCm68/DY4OxRzU=
 github.com/klauspost/cpuid/v2 v2.2.11/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/klauspost/crc32 v1.3.0 h1:sSmTt3gUt81RP655XGZPElI0PelVTZ6YwCRnPSupoFM=
+github.com/klauspost/crc32 v1.3.0/go.mod h1:D7kQaZhnkX/Y0tstFGf8VUzv2UofNGqCjnC3zdHB0Hw=
 github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
 github.com/klauspost/pgzip v1.2.6/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -530,12 +532,12 @@ github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY=
 github.com/miekg/dns v1.1.63/go.mod h1:6NGHfjhpmr5lt3XPLuyfDJi5AXbNIPM9PY6H6sF1Nfs=
 github.com/mikelolasagasti/xz v1.0.1 h1:Q2F2jX0RYJUG3+WsM+FJknv+6eVjsjXNDV0KJXZzkD0=
 github.com/mikelolasagasti/xz v1.0.1/go.mod h1:muAirjiOUxPRXwm9HdDtB3uoRPrGnL85XHtokL9Hcgc=
-github.com/minio/crc64nvme v1.0.2 h1:6uO1UxGAD+kwqWWp7mBFsi5gAse66C4NXO8cmcVculg=
-github.com/minio/crc64nvme v1.0.2/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
+github.com/minio/crc64nvme v1.1.1 h1:8dwx/Pz49suywbO+auHCBpCtlW1OfpcLN7wYgVR6wAI=
+github.com/minio/crc64nvme v1.1.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.95 h1:ywOUPg+PebTMTzn9VDsoFJy32ZuARN9zhB+K3IYEvYU=
-github.com/minio/minio-go/v7 v7.0.95/go.mod h1:wOOX3uxS334vImCNRVyIDdXX9OsXDm89ToynKgqUKlo=
+github.com/minio/minio-go/v7 v7.0.98 h1:MeAVKjLVz+XJ28zFcuYyImNSAh8Mq725uNW4beRisi0=
+github.com/minio/minio-go/v7 v7.0.98/go.mod h1:cY0Y+W7yozf0mdIclrttzo1Iiu7mEf9y7nk2uXqMOvM=
 github.com/minio/minlz v1.0.1 h1:OUZUzXcib8diiX+JYxyRLIdomyZYzHct6EShOKtQY2A=
 github.com/minio/minlz v1.0.1/go.mod h1:qT0aEB35q79LLornSzeDH75LBf3aH1MV+jB5w9Wasec=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
@@ -655,8 +657,8 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
-github.com/tinylib/msgp v1.3.0 h1:ULuf7GPooDaIlbyvgAxBV/FI7ynli6LZ1/nVUNu+0ww=
-github.com/tinylib/msgp v1.3.0/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0=
+github.com/tinylib/msgp v1.6.1 h1:ESRv8eL3u+DNHUoSAAQRE50Hm162zqAnBoGv9PzScPY=
+github.com/tinylib/msgp v1.6.1/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
 github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=

From ad45c652bef84728505a924263a7d547a47b58f2 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Thu, 15 Jan 2026 14:52:18 +0100
Subject: [PATCH 161/854] chore(release-notes): Forgejo v14.0.0 (#10832)

https://codeberg.org/forgejo/forgejo/milestone/27583
Co-authored-by: viceice <michael.kriese@gmx.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10832
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/14.0.0.md | 466 ++++++++++++++++++++++++++++++
 1 file changed, 466 insertions(+)

diff --git a/release-notes-published/14.0.0.md b/release-notes-published/14.0.0.md
index e69de29bb2..3766b9682d 100644
--- a/release-notes-published/14.0.0.md
+++ b/release-notes-published/14.0.0.md
@@ -0,0 +1,466 @@
+A [companion blog post](https://forgejo.org/2026-01-release-v14-0/) provides additional context on this major release.
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Breaking security features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10010): <!--number 10010 --><!--line 0 --><!--description SWYgU1NIIGlzIGVuYWJsZWQgYW5kIGFuIGBhdXRob3JpemVkX2tleXNgIGZpbGUgaXMgbWFuYWdlZCBieSBGb3JnZWpvLCB3aGVuIEZvcmdlam8gc3RhcnRzIHVwIGl0IHdpbGwgcmVhZCB0aGUgU1NIIGF1dGhvcml6ZWRfa2V5cyBmaWxlIGFuZCB2YWxpZGF0ZSB0aGUgZmlsZSdzIGNvbnRlbnRzLiBJZiBhbnkga2V5cyBhcmUgZm91bmQgaW4gdGhlIGZpbGUgdGhhdCBhcmUgbm90IGV4cGVjdGVkLCB0aGVuIEZvcmdlam8gd2lsbCB0ZXJtaW5hdGUgaXRzIHN0YXJ0dXAgaW4gb3JkZXIgdG8gc2lnbmFsIHRvIHRoZSBzZXJ2ZXIgYWRtaW5pc3RyYXRvciB0aGF0IGEgc2VjdXJpdHkgcmlzayBpcyBwcmVzZW50IHRoYXQgbXVzdCBiZSBhZGRyZXNzZWQuIFRoZSBzZXJ2ZXIgYWRtaW5pc3RyYXRvciBjYW4gYWRkcmVzcyB0aGlzIHByb2JsZW0gZWl0aGVyIGJ5IGRlbGV0aW5nIHRoZSBgYXV0aG9yaXplZF9rZXlzYCBmaWxlLCB3aGljaCBGb3JnZWpvIHdpbGwgcmVnZW5lcmF0ZSB3aXRoIHZhbGlkIGtleXM7IG9yIGJ5IGRpc2FibGluZyB0aGUgbmV3IGNoZWNrIGJ5IHNldHRpbmcgYFtzZXJ2ZXJdLlNTSF9BTExPV19VTkVYUEVDVEVEX0FVVEhPUklaRURfS0VZUyA9IHRydWVgIGluIHRoZWlyIGBhcHAuaW5pYCBmaWxlLg==-->If SSH is enabled and an `authorized_keys` file is managed by Forgejo, when Forgejo starts up it will read the SSH authorized_keys file and validate the file's contents. If any keys are found in the file that are not expected, then Forgejo will terminate its startup in order to signal to the server administrator that a security risk is present that must be addressed. The server administrator can address this problem either by deleting the `authorized_keys` file, which Forgejo will regenerate with valid keys; or by disabling the new check by setting `[server].SSH_ALLOW_UNEXPECTED_AUTHORIZED_KEYS = true` in their `app.ini` file.<!--description-->
+- Security features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9830): <!--number 9830 --><!--line 0 --><!--description Q1NSRiBhdHRhY2tzIGFyZSBub3cgcHJldmVudGVkIHZpYSBhIHN0YXRlbGVzcyBtZXRob2QgdGhhdCB1c2VzIFticm93c2VyIEZldGNoIG1ldGFkYXRhXShodHRwczovL2RldmVsb3Blci5tb3ppbGxhLm9yZy9lbi1VUy9kb2NzL1dlYi9IVFRQL1JlZmVyZW5jZS9IZWFkZXJzL1NlYy1GZXRjaC1TaXRlKSwgYW50aS1DU1JGIHRva2VucyBhcmUgdGhlcmVmb3JlIG5vIGxvbmdlciB1c2VkIGFzIHN1Y2ggdGhlIGBDU1JGX0NPT0tJRV9IVFRQX09OTFlgIG9wdGlvbiB3YXMgcmVtb3ZlZC4gQmVjYXVzZSBpdCBpcyBzdGF0ZWxlc3MsIHlvdSBjYW4gbm93IHN1Ym1pdCB3b3JrIG9uIHRhYnMgdGhhdCBoYXZlIGJlZW4gb3BlbiBmb3IgbW9yZSB0aGFuIDI0IGhvdXJzLiBUaGUgYnJvd3NlciBGZXRjaCBtZXRhZGF0YSBhcmUgc3VwcG9ydGVkIGJ5IGFsbCBtYWpvciBicm93c2VycyBzaW5jZSAyMDIwIGFuZCBTYWZhcmkgc2luY2UgIDIwMjMsIHRoZSB2ZXJpZmljYXRpb24gZmFsbHMgYmFjayB0byB1c2luZyB0aGUgYEhvc3RgIGFuZCBgT3JpZ2luYCBoZWFkZXIgaWYgbm8gRmV0Y2ggbWV0YWRhdGEgaXMgc2VudC4gRm9yZ2VqbyBpbnN0YW5jZXMgdGhhdCBhcmUgaG9zdGVkIG9uIGEgc3VicGF0aCBhcmUgbm8gbG9uZ2VyIHByb3RlY3RlZCBhZ2FpbnN0IENTUkYgYXR0YWNrcyBmcm9tIHNlcnZpY2VzIHRoYXQgYXJlIGhvc3RlZCBvbiB0aGUgc2FtZSBvcmlnaW4gKHNhbWUgc2NoZW1lLCBob3N0L2RvbWFpbiBhbmQgcG9ydCku-->CSRF attacks are now prevented via a stateless method that uses [browser Fetch metadata](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Fetch-Site), anti-CSRF tokens are therefore no longer used as such the `CSRF_COOKIE_HTTP_ONLY` option was removed. Because it is stateless, you can now submit work on tabs that have been open for more than 24 hours. The browser Fetch metadata are supported by all major browsers since 2020 and Safari since  2023, the verification falls back to using the `Host` and `Origin` header if no Fetch metadata is sent. Forgejo instances that are hosted on a subpath are no longer protected against CSRF attacks from services that are hosted on the same origin (same scheme, host/domain and port).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9923): <!--number 9923 --><!--line 0 --><!--description dXNlIGBrZXlpbmdgIGZvciB0YXNrIHNlY3JldHM=-->use `keying` for task secrets<!--description-->
+- Breaking bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9915): <!--number 9915 --><!--line 0 --><!--description Zml4ITogcGFnaW5hdGUgYEdFVCAvYXBpL3YxL2FkbWluL2hvb2tzYCByZXNwb25zZQ==-->fix!: paginate `GET /api/v1/admin/hooks` response<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9513): <!--number 9513 --><!--line 0 --><!--description Zml4ITogUHJldmVudCBmb3JrZWQgYC5wcm9maWxlYCByZXBvc2l0b3JpZXMgZnJvbSBkaXNwbGF5aW5nIHByb2ZpbGUgY29udGVudC4gV2hlbiBhIHVzZXIgZm9ya2VkIGEgcmVwb3NpdG9yeSBuYW1lZCBgLnByb2ZpbGVgIHdpdGhvdXQgaGF2aW5nIGNyZWF0ZWQgdGhlaXIgb3duIGAucHJvZmlsZWAgcmVwb3NpdG9yeSwgdGhlIGNvbnRlbnQgZnJvbSB0aGUgZm9ya2VkIHJlcG9zaXRvcnkgd2FzIHVuZXhwZWN0ZWRseSBkaXNwbGF5ZWQgb24gdGhlaXIgcHVibGljIHByb2ZpbGUgcGFnZS4gVGhpcyBjb3VsZCBsZWFkIHRvIHVzZXJzJyBwcm9maWxlcyBkaXNwbGF5aW5nIGNvbnRlbnQgdGhleSBkaWQgbm90IGludGVudGlvbmFsbHkgY3JlYXRlIGZvciB0aGF0IHB1cnBvc2UuIEZvcmtlZCBgLnByb2ZpbGVgIHJlcG9zaXRvcmllcyBhcmUgbm93IHRyZWF0ZWQgYXMgc3RhbmRhcmQgcmVwb3NpdG9yaWVzIGFuZCBkbyBub3QgcG9wdWxhdGUgdGhlIHVzZXIncyBwdWJsaWMgcHJvZmlsZSBwYWdlLiBVc2VycyB3aG8gd2lzaCB0byB1c2UgdGhlIGNvbnRlbnQgZnJvbSBhIGZvcmtlZCBgLnByb2ZpbGVgIHJlcG9zaXRvcnkgY2FuIGNvbnZlcnQgdGhlIGZvcmsgdG8gYSByZWd1bGFyIHJlcG9zaXRvcnkgaW4gdGhlICJEYW5nZXIgWm9uZSIgc2VjdGlvbiBvZiBSZXBvc2l0b3J5IHNldHRpbmdzLiBUaGlzIGlzc3VlIHdhcyBwYXJ0aWN1bGFybHkgcHJvYmxlbWF0aWMgb24gaW5zdGFuY2VzIHdoZXJlIHVzZXJzIGhhZCByZXBvc2l0b3J5IGNyZWF0aW9uIGxpbWl0cyAoLTEpIGFuZCB3b3VsZCBpbmFwcHJvcHJpYXRlbHkgdXNlIGZvcmtlZCBgLnByb2ZpbGVgIHJlcG9zaXRvcmllcyB0byBvYnRhaW4gcHJvZmlsZSBjdXN0b21pemF0aW9uLiA=-->fix!: Prevent forked `.profile` repositories from displaying profile content. When a user forked a repository named `.profile` without having created their own `.profile` repository, the content from the forked repository was unexpectedly displayed on their public profile page. This could lead to users' profiles displaying content they did not intentionally create for that purpose. Forked `.profile` repositories are now treated as standard repositories and do not populate the user's public profile page. Users who wish to use the content from a forked `.profile` repository can convert the fork to a regular repository in the "Danger Zone" section of Repository settings. This issue was particularly problematic on instances where users had repository creation limits (-1) and would inappropriately use forked `.profile` repositories to obtain profile customization.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9458): <!--number 9458 --><!--line 0 --><!--description Rm9yZ2VqbyBzdWJjb21tYW5kcyB3aGljaCBvbmx5IGFjY2VwdCBmbGFnIG9wdGlvbnMgd291bGQgcHJldmlvdXNseSBpZ25vcmUgYW55IGNvbW1hbmQtbGluZSBhcmd1bWVudHMgdGhhdCB3ZXJlIG5vdCBmbGFncyBhbmQgc2lsZW50bHkgcHJvY2VlZCB0byBleGVjdXRlIHRoZSBjb21tYW5kLiBUaGlzIGNvdWxkIGxlYWQgdG8gdW5leHBlY3RlZCBlZmZlY3RzOyBmb3IgZXhhbXBsZSwgYC0tbXVzdC1jaGFuZ2UtcGFzc3dvcmQgZmFsc2VgIGlzIGFjdHVhbGx5IHBhcnNlZCBhcyB0d28gYXJndW1lbnRzLCBgLS1tdXN0LWNoYW5nZS1wYXNzd29yZGAsIGFuZCBgZmFsc2VgLCB3aGVyZSB0aGUgYGZhbHNlYCBhcmd1bWVudCB3YXMgaWdub3JlZC4gSW4gb3JkZXIgdG8gcHJldmVudCBtaXN1bmRlcnN0YW5kaW5ncyB3aGVyZSB0aGUgdXNlciBtYXkgaGF2ZSBpbnRlbmRlZCBhIHN1cHBvcnRlZCBhcmd1bWVudCBmb3JtYXQgKGAtLW11c3QtY2hhbmdlLXBhc3N3b3JkPWZhbHNlYCksIHRoZSBwcmVzZW5jZSBvZiBleHRyYSBhcmd1bWVudHMgdGhhdCBhcmUgbm90IGZsYWdzIHdpbGwgbm93IHJlc3VsdCBpbiBhbiBlcnJvci4gVXNlcnMgb2YgdGhlIEZvcmdlam8gQ0xJIHdobyBhcmUgcmVseWluZyBvbiB0aGUgcHJldmlvdXMgYmVoYXZpb3Igd2lsbCBmaW5kIHRoZWlyIGNvbW1hbmRzIGFyZSBub3cgcmVzdWx0aW5nIGluIGVycm9ycy4=-->Forgejo subcommands which only accept flag options would previously ignore any command-line arguments that were not flags and silently proceed to execute the command. This could lead to unexpected effects; for example, `--must-change-password false` is actually parsed as two arguments, `--must-change-password`, and `false`, where the `false` argument was ignored. In order to prevent misunderstandings where the user may have intended a supported argument format (`--must-change-password=false`), the presence of extra arguments that are not flags will now result in an error. Users of the Forgejo CLI who are relying on the previous behavior will find their commands are now resulting in errors.<!--description-->
+- User Interface features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8716): <!--number 8716 --><!--line 0 --><!--description YWRkIGFkbWluIG1vZGVyYXRpb24gYWN0aW9ucyBmb3IgYWJ1c2UgcmVwb3J0cyBhbmQgZm9yIHJlcG9ydGVkIGFidXNpdmUgY29udGVudA==-->add admin moderation actions for abuse reports and for reported abusive content<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10559) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10697)): <!--number 10697 --><!--line 0 --><!--description ZmVhdCh1aSk6IHJlcGxhY2UgTW9uYWNvIHdpdGggQ29kZU1pcnJvciAoIzEwNTU5KQ==-->feat(ui): replace Monaco with CodeMirror (#10559)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9598): <!--number 9598 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgY2xvc2UvcmVvcGVuL2NvbW1lbnQgYnV0dG9ucw==-->feat(ui): improve close/reopen/comment buttons<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10530) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10613)): <!--number 10613 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSByZW5kZXJpbmcgb2YgY29tbWl0IGxpbmtz-->fix(ui): improve rendering of commit links<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9146): <!--number 9146 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgcmVuZGVyaW5nIGNvbW1pdCBsaW5rcyBmb3IgUFIgY29tbWl0cywgZXh0ZXJuYWwgcmVwb3MgYW5kIGRpZmZz-->feat(ui): improve rendering commit links for PR commits, external repos and diffs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9444): <!--number 9444 --><!--line 0 --><!--description bGF6eS1sb2FkIGFsbCBWdWUgY29tcG9uZW50cw==-->lazy-load all Vue components<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10033): <!--number 10033 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFycm93IGtleSBuYXZpZ2F0aW9uIGluIGRyb3Bkb3du-->feat(ui): arrow key navigation in dropdown<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10133): <!--number 10133 --><!--line 0 --><!--description ZmVhdCh1aSk6IGNvbnZlcnQgZGlzYWJsZS9lbmFibGUgd29ya2Zsb3cgbWVudSB0byBKUy1sZXNzIGRyb3Bkb3du-->feat(ui): convert disable/enable workflow menu to JS-less dropdown<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9556): <!--number 9556 --><!--line 0 --><!--description ZmVhdCh1aSk6IEpTLWxlc3Mgc29ydGluZyBvbiAvZXhwbG9yZS97dXNlcnMsb3JnYW5pemF0aW9uc30=-->feat(ui): JS-less sorting on /explore/{users,organizations}<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10025): <!--number 10025 --><!--line 0 --><!--description ZmVhdCh1aSk6IEpTLWxlc3MgZHJvcGRvd25zIGluIG5hdmJhcg==-->feat(ui): JS-less dropdowns in navbar<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9429): <!--number 9429 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFkZCBsZWdlbmRzIHRvIHN0b3JhZ2Ugb3ZlcnZpZXcgKEpTLWZyZWUp-->feat(ui): add legends to storage overview (JS-free)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9532): <!--number 9532 --><!--line 0 --><!--description ZmVhdCh1aSk6IHJlc3BvbnNpdmUsIEpTLWZyZWUgcmVwbyBsYW5ndWFnZSBzdGF0cyBwYW5lbA==-->feat(ui): responsive, JS-free repo language stats panel<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10488) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10500)): <!--number 10500 --><!--line 0 --><!--description ZmVhdDogc2hvdyB1cGRhdGUgdGltZSB3aGVuIHNvcnRpbmcgYnkgcmVjZW50bHkgdXBkYXRlZA==-->feat: show update time when sorting by recently updated<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9261) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10531)): <!--number 10531 --><!--line 0 --><!--description ZmVhdCh1aSk6IHNob3cgY2FuY2VsIGJ1dHRvbiB1bnRpbCBhbGwgam9icyBhcmUgZmluaXNoZWQ=-->feat(ui): show cancel button until all jobs are finished<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9359): <!--number 9359 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcGxlbWVudCBuZXcgYnV0dG9ucyBmb3IgYmV0dGVyIGNvaGVzaXZlbmVzcw==-->feat(ui): implement new buttons for better cohesiveness<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9951): <!--number 9951 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFsbG93IGRyb3Bkb3duIHRvIGNvbnRhaW4gbm90IGp1c3QgaXRlbXM=-->feat(ui): allow dropdown to contain not just items<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10263): <!--number 10263 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgZGV2dGVzdCwgbGluayB0byBpdCBmcm9tIHVzZXIgbWVudQ==-->feat(ui): improve devtest, link to it from user menu<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10270): <!--number 10270 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgYWRtaW4gZGFzaGJvYXJkIGNyb24gbGlzdA==-->feat(ui): improve admin dashboard cron list<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9940): <!--number 9940 --><!--line 0 --><!--description dWk6IGltcHJvdmUgcmVsZWFzZSBlZGl0aW5n-->ui: improve release editing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10246): <!--number 10246 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgbW9kYWwgd2lkdGggcnVsZXM=-->feat(ui): improve modal width rules<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9636): <!--number 9636 --><!--line 0 --><!--description bW92ZSBtb3JlIG1vZGFscyB0byBuYXRpdmUgZGlhbG9ncw==-->move more modals to native dialogs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9103): <!--number 9103 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFkZCBzd2l0Y2ggYmV0d2VlbiBmb3JtYXRzIHdoZW4gcHJldmlld2luZyBDSVRBVElPTi57Y2ZmLGJpYn0gZmlsZXM=-->feat(ui): add switch between formats when previewing CITATION.{cff,bib} files<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9760): <!--number 9760 --><!--line 0 --><!--description Y29udmVydCBjcmVhdGUvcmVuYW1lIGJyYW5jaCBhbmQgY3JlYXRlIHRhZyB0byBuYXRpdmUgZGlhbG9n-->convert create/rename branch and create tag to native dialog<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9594): <!--number 9594 --><!--line 0 --><!--description QWRkIGFkbWluIGluZGl2aWR1YWwgdXNlciBlbWFpbCBtYW5hZ2VtZW50IGVuZHBvaW50cw==-->Add admin individual user email management endpoints<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9863): <!--number 9863 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgbmV3IGJ1dHRvbnMsIHVzZSBpbiBtb3JlIGFyZWFz-->feat(ui): improve new buttons, use in more areas<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9652): <!--number 9652 --><!--line 0 --><!--description ZmVhdCh1aSk6IGRhbmdlcm91cyBidXR0b25z-->feat(ui): dangerous buttons<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9754): <!--number 9754 --><!--line 0 --><!--description aW1wcm92ZSB0b29sdGlwcyBhbmQgYXJpYS1sYWJlbHMgb2Ygc3RhcnMvZm9ya3Mvd2F0Y2hlcnMgbGlua3M=-->improve tooltips and aria-labels of stars/forks/watchers links<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9530): <!--number 9530 --><!--line 0 --><!--description QWN0aW9ucyBqb2JzIHRoYXQgY2FuJ3QgYmUgdW5kZXJzdG9vZCBkaXNwbGF5IGEgdGVjaG5pY2FsIGVycm9yIGluIHRoZSBVSSwgbm90IGp1c3Qgc2VydmVyLXNpZGUgbG9ncw==-->Actions jobs that can't be understood display a technical error in the UI, not just server-side logs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6687): <!--number 6687 --><!--line 0 --><!--description RHJhZyBhbmQgZHJvcCBuZXN0ZWQgZGlyZWN0b3JpZXM=-->Drag and drop nested directories<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9455): <!--number 9455 --><!--line 0 --><!--description YWJpbGl0eSB0byBmaWx0ZXIgbGlzdGVkIGFjY291bnRzIGJ5IHR5cGUgaW4gYWRtaW4gZGFzaGJvYXJk-->ability to filter listed accounts by type in admin dashboard<!--description-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9932): <!--number 9932 --><!--line 0 --><!--description ZmVhdCh1aSk6IGFkZCBhIGxpdHRsZSBwYWRkaW5nLXRvcCB0byBmb3JtIC5oZWxw-->feat(ui): add a little padding-top to form .help<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10827) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10831)): <!--number 10831 --><!--line 0 --><!--description Zml4OiBwcm9wZXIgc3R5bGluZyBmb3IgZ2xvYmFsIHRpbWUgdHJhY2tlciBwb3B1cA==-->fix: proper styling for global time tracker popup<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10814) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10826)): <!--number 10826 --><!--line 0 --><!--description Zml4KHVpKTogc2hvdyBzd2l0Y2ggZGVmYXVsdCBicmFuY2ggYnV0dG9uIGluIGJyYW5jaCBsaXN0IG9ubHkgZm9yIHJlcG8gYWRtaW5z-->fix(ui): show switch default branch button in branch list only for repo admins<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10648) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10723)): <!--number 10723 --><!--line 0 --><!--description Zml4KHVpKTogYWN0aW9ucyBsaXN0IGxheW91dCBicmVha2FnZSB3aXRoIGxvbmcgY29udGVudA==-->fix(ui): actions list layout breakage with long content<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10652) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10685)): <!--number 10685 --><!--line 0 --><!--description Zml4KHVpKTogcHVsbCByZXF1ZXN0IG1lcmdlIG1lbnUgaXRlbSBjbGlwcGluZyB0aGUgYXV0byBtZXJnZSB0aXA=-->fix(ui): pull request merge menu item clipping the auto merge tip<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9614): <!--number 9614 --><!--line 0 --><!--description Zml4KHVpKTogbWFrZSBpdCBwb3NzaWJsZSB0byBwb3N0IGlzc3VlcyBhbmQgY29tbWVudHMgdy9vIEpT-->fix(ui): make it possible to post issues and comments w/o JS<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10572) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10630)): <!--number 10630 --><!--line 0 --><!--description Zml4KHVpKTogcHJvY2VzcyBkeW5hbWljYWxseSBhZGRlZCBjb250ZW50IHZpYSBodG14-->fix(ui): process dynamically added content via htmx<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10556) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10628)): <!--number 10628 --><!--line 0 --><!--description Zml4KHVpKTogZG9uJ3Qgc3RyZXRjaCBhY3Rpdml0eSB0b3AgYXV0aG9yIGltYWdl-->fix(ui): don't stretch activity top author image<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8244) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10543)): <!--number 10543 --><!--line 0 --><!--description Zml4OiBhZGQgZHluYW1pYyBhcmlhLWxhYmVsIHRvIG1vbm9zcGFjZSBidXR0b24gaW4gbWFya2Rvd24gZWRpdG9y-->fix: add dynamic aria-label to monospace button in markdown editor<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10106): <!--number 10106 --><!--line 0 --><!--description Rml4ZWQgU1NIIGtleSB2ZXJpZmljYXRpb24gaW5zdHJ1Y3Rpb25zIGZvciBXaW5kb3dzIGNtZA==-->Fixed SSH key verification instructions for Windows cmd<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10489) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10494)): <!--number 10494 --><!--line 0 --><!--description Zml4OiBhbGlnbiBkdWUgZGF0ZSBpY29uIGluIGlzc3VlIGxpc3Q=-->fix: align due date icon in issue list<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10486) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10495)): <!--number 10495 --><!--line 0 --><!--description Zml4OiBpZ25vcmUgcHJpdmF0ZSAucHJvZmlsZSByZXBvIG9uIHVzZXIgcHJvZmlsZSBwYWdl-->fix: ignore private .profile repo on user profile page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10520) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10527)): <!--number 10527 --><!--line 0 --><!--description QWRkIHRvIGh0bWwgYnV0dG9uIGluIG1hcmtkb3duIGB0eXBlPSJidXR0b24iYA==-->Add to html button in markdown `type="button"`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10521) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10526)): <!--number 10526 --><!--line 0 --><!--description Zml4KHVpKTogYWRkIG1pc3Npbmcgc3BhY2UgYmVmb3JlICdDb21taXQnIGJhY2s=-->fix(ui): add missing space before 'Commit' back<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10240): <!--number 10240 --><!--line 0 --><!--description Zml4KHVpKTogZml4IHdpZHRoIG9mIGF0dGFjaGVkIGZvbWFudGljIHNlZ21lbnRz-->fix(ui): fix width of attached fomantic segments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10227): <!--number 10227 --><!--line 0 --><!--description Zml4KHVpKTogdXNlIG9jdGljb24tcmVwby1mb3JrZWQgaW4gcmVwbyBsaXN0-->fix(ui): use octicon-repo-forked in repo list<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9002): <!--number 9002 --><!--line 0 --><!--description Zml4KHVpKTogZG9jdW1lbnQgdG9rZW4gdmFsaWRpdHkgaW4ga2V5IHZlcmlmaWNhdGlvbiB2aWV3-->fix(ui): document token validity in key verification view<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9964): <!--number 9964 --><!--line 0 --><!--description Zml4KHVpKTogcmVwbGFjZSBvYnNvbGV0ZSBndC0gaGVscGVycw==-->fix(ui): replace obsolete gt- helpers<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9762): <!--number 9762 --><!--line 0 --><!--description Zml4KHVpL2Ryb3Bkb3duKTogZW5zdXJlIHNhbWUgaGVpZ2h0IGZvciBhbGwgaXRlbXM=-->fix(ui/dropdown): ensure same height for all items<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9403): <!--number 9403 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBtYXJrZG93biBlZGl0b3IgaW5kZW50YXRpb24gY291bnRpbmc=-->fix(ui): improve markdown editor indentation counting<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/7569): <!--number 7569 --><!--line 0 --><!--description cHJldmVudCBwYWdlIGp1bXBzIGR1ZSB0byB0ZXh0YXJlYSBhdXRvIHJlc2l6aW5n-->prevent page jumps due to textarea auto resizing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9447): <!--number 9447 --><!--line 0 --><!--description c3RvcCBjbG9uZS1wYW5lbCBlbmxhcmdpbmcgc2l0ZSBvbiBtb2JpbGU=-->stop clone-panel enlarging site on mobile<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8458): <!--number 8458 --><!--line 0 --><!--description Zml4KHVpKTogc3RyaWtlIHRocm91Z2ggZGVsZXRlZCBjb21tZW50IHJldmlzaW9ucw==-->fix(ui): strike through deleted comment revisions<!--description-->
+- Localization
+  - Updates from Codeberg Translate: [#9423](https://codeberg.org/forgejo/forgejo/pulls/9423), [#9465](https://codeberg.org/forgejo/forgejo/pulls/9465), [#9597](https://codeberg.org/forgejo/forgejo/pulls/9597), [#9696](https://codeberg.org/forgejo/forgejo/pulls/9696), [#9804](https://codeberg.org/forgejo/forgejo/pulls/9804), [#9917](https://codeberg.org/forgejo/forgejo/pulls/9917), [#10249](https://codeberg.org/forgejo/forgejo/pulls/10249), [#10131](https://codeberg.org/forgejo/forgejo/pulls/10131), [#10786](https://codeberg.org/forgejo/forgejo/pulls/10786) (backport of [#10417](https://codeberg.org/forgejo/forgejo/pulls/10417), [#10599](https://codeberg.org/forgejo/forgejo/pulls/10599))
+- Features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10276): <!--number 10276 --><!--line 0 --><!--description ZmVhdChhY3Rpb25zKTogbWFrZSBHSVRIVUJfV09SS0ZMT1dfUkVGIGF2YWlsYWJsZQ==-->feat(actions): make GITHUB_WORKFLOW_REF available<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9409): <!--number 9409 --><!--line 0 --><!--description YWRkIHN1cHBvcnQgZm9yIGVwaGVtZXJhbCBydW5uZXJzIGNvbXBhdGlibGUgd2l0aCBhdXRvc2NhbGluZyB0b29scw==-->add support for ephemeral runners compatible with autoscaling tools<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9397): <!--number 9397 --><!--line 0 --><!--description YWxsb3cvZGlzYWxsb3cgdXNlcnMgdG8gcnVuIHdvcmtmbG93cyB3aGVuIHB1c2hpbmcgdG8gYSBwdWxsIHJlcXVlc3QgZnJvbSBhIGZvcms=-->allow/disallow users to run workflows when pushing to a pull request from a fork<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10602) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10751)): <!--number 10751 --><!--line 0 --><!--description ZmVhdDogcHJvdmlkZSBtdWx0aXBsZSB0YXNrcyB0byBSdW5uZXIgaW4gb25lIEZldGNoVGFzayB3aGVuIHJlcXVlc3RlZA==-->feat: provide multiple tasks to Runner in one FetchTask when requested<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9668): <!--number 9668 --><!--line 0 --><!--description QWRkIHN1cHBvcnQgZm9yIGFkbWluaXN0cmF0b3JzIHRvIHNldCBlbWFpbCB2aXNpYmlsaXR5IG9uIHVzZXIgYWNjb3VudHM=-->Add support for administrators to set email visibility on user accounts<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9373): <!--number 9373 --><!--line 0 --><!--description Rm9yZWlnbiBrZXlzIGhhdmUgYmVlbiBhZGRlZCB0byB0aGUgRm9yZ2VqbyBkYXRhYmFzZSBzY2hlbWEsIHdoaWNoIG1heSBpZGVudGlmeSBkYXRhIGluY29uc2lzdGVuY2llcyBkdXJpbmcgdGhlIHY0MSBkYXRhYmFzZSBzY2hlbWEgdXBncmFkZS4gSWYgbWlncmF0aW9uIGVycm9ycyBvY2N1ciwgYGZvcmdlam8gZG9jdG9yIGNoZWNrIC0tYWxsYCBjYW4gYmUgdXNlZCB0byBpZGVudGlmeSB0aGUgaW5jb25zaXN0ZW50IHJlY29yZHMsIHdoaWNoIGNhbiBiZSBtYW51YWxseSBjb3JyZWN0ZWQgb3IgZGVsZXRlZC4gYGZvcmdlam8gZG9jdG9yIGNoZWNrIC0tYWxsIC0tZml4YCB3aWxsIGF1dG9tYXRpY2FsbHkgZGVsZXRlIHRoZSBpbmNvbnNpc3RlbnQgcmVjb3Jkcy4gQWZmZWN0ZWQgdGFibGVzIGluIHRoaXMgcmVsZWFzZSBhcmU6IGBzdG9wd2F0Y2hgIChyZWZlcmVuY2VzIGBpc3N1ZWAgYW5kIGB1c2VyYCksIGFuZCBgdHJhY2tlZF90aW1lYCAocmVmZXJlbmNlcyBgaXNzdWVgIGFuZCBgdXNlcmApLg==-->Foreign keys have been added to the Forgejo database schema, which may identify data inconsistencies during the v41 database schema upgrade. If migration errors occur, `forgejo doctor check --all` can be used to identify the inconsistent records, which can be manually corrected or deleted. `forgejo doctor check --all --fix` will automatically delete the inconsistent records. Affected tables in this release are: `stopwatch` (references `issue` and `user`), and `tracked_time` (references `issue` and `user`).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10642) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10643)): <!--number 10643 --><!--line 0 --><!--description ZmVhdDogYWRkIEZvcmdlam8gc2VydmVyIHZlcnNpb24gdG8gcnVubmVyIGNvbnRleHQ=-->feat: add Forgejo server version to runner context<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10308): <!--number 10308 --><!--line 0 --><!--description ZmVhdChhY3Rpb25zKTogc3VwcG9ydCByZWZlcmVuY2luZyBgJHt7IG5lZWRzLi4uIH19YCB2YXJpYWJsZXMgaW4gYHJ1bnMtb25g-->feat(actions): support referencing `${{ needs... }}` variables in `runs-on`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10244): <!--number 10244 --><!--line 0 --><!--description ZmVhdChhY3Rpb25zKTogc3VwcG9ydCByZWZlcmVuY2luZyAke3sgbmVlZHMuLi4gfX0gdmFyaWFibGVzIGluIGBzdHJhdGVneS5tYXRyaXhg-->feat(actions): support referencing ${{ needs... }} variables in `strategy.matrix`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9434): <!--number 9434 --><!--line 0 --><!--description aW1wbGVtZW50ICJjb25jdXJyZW5jeSIgYmxvY2sgaW4gRm9yZ2VqbyBBY3Rpb25zIGF0IHRoZSB3b3JrZmxvdyBsZXZlbA==-->implement "concurrency" block in Forgejo Actions at the workflow level<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9966): <!--number 9966 --><!--line 0 --><!--description ZGlzcGxheSBkZXRhaWxlZCBhY3Rpb24gcnVuIGRpYWdub3N0aWNz-->display detailed action run diagnostics<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9557): <!--number 9557 --><!--line 0 --><!--description YWRkIGZvcmVpZ24ga2V5cyB0byB0aGUgYGFjY2Vzc2AgdGFibGU=-->add foreign keys to the `access` table<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9886): <!--number 9886 --><!--line 0 --><!--description YWRkIGZvcmVpZ24ga2V5cyB0byBmb3JnZWpvX2F1dGhfdG9rZW4=-->add foreign keys to forgejo_auth_token<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9724): <!--number 9724 --><!--line 0 --><!--description YWRkIGZvcmVpZ24ga2V5cyB0byB0YWJsZSBjb2xsYWJvcmF0aW9u-->add foreign keys to table collaboration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9587): <!--number 9587 --><!--line 0 --><!--description aW1wcm92ZSBwZXJmb3JtYW5jZSBvZiBnZXR0aW5nIHNob3J0c3RhdA==-->improve performance of getting shortstat<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10299): <!--number 10299 --><!--line 0 --><!--description QWRkIFlZWVktTU0tREQgZGF0ZSBmb3JtYXQgc3VwcG9ydCBmb3IgUGFndXJlIG1pbGVzdG9uZSBtaWdyYXRpb24=-->Add YYYY-MM-DD date format support for Pagure milestone migration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10388) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10485)): <!--number 10485 --><!--line 0 --><!--description ZmVhdDogYWxsb3cgdG8gYWRkIHBhbSBzb3VyY2UgZnJvbSBjb21tYW5kIGxpbmU=-->feat: allow to add pam source from command line<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9829): <!--number 9829 --><!--line 0 --><!--description Y2hvcmU6IFJlbW92ZSBJc0RlbGV0ZWQgZnJvbSBhY3Rpb24gKGFjdGl2aXR5KSB0YWJsZQ==-->chore: Remove IsDeleted from action (activity) table<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10421): <!--number 10421 --><!--line 0 --><!--description QWRkIHN1cHBvcnQgZm9yIGxvYWRpbmcgZGIgcGFzc3dvcmQgZnJvbSBmaWxlIHZpYSBQQVNTRF9VUkk=-->Add support for loading db password from file via PASSD_URI<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10378): <!--number 10378 --><!--line 0 --><!--description ZmVhdChjb2RlLXNlYXJjaCk6IGFkZCBzdXBwb3J0IHRvIG9wdC1pbiBmb3IgZnV6enkgc2VhcmNo-->feat(code-search): add support to opt-in for fuzzy search<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10358): <!--number 10358 --><!--line 0 --><!--description ZmVhdChpMThuKTogdHJhbnNsYXRlIHN5c3RlbSBzdGF0dXMgZGF0YSB1bml0cyBpbiBydW50aW1l-->feat(i18n): translate system status data units in runtime<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9638): <!--number 9638 --><!--line 0 --><!--description VXBsb2FkZWQgYXZhdGFyIGltYWdlcyBjYW4gc29tZXRpbWVzIGNvbnRhaW4gdW5leHBlY3RlZCBtZXRhZGF0YSBzdWNoIGFzIHRoZSBsb2NhdGlvbiB3aGVyZSB0aGUgaW1hZ2Ugd2FzIGNyZWF0ZWQsIG9yIHRoZSBkZXZpY2UgdGhlIGltYWdlIHdhcyBjcmVhdGVkIHdpdGgsIHN0b3JlZCBpbiBhIGZvcm1hdCBjYWxsZWQgRVhJRi4gRm9yZ2VqbyBub3cgcmVtb3ZlcyBFWElGIGRhdGEgd2hlbiBjdXN0b20gdXNlciBhbmQgcmVwb3NpdG9yeSBpbWFnZXMgYXJlIHVwbG9hZGVkIGluIG9yZGVyIHRvIHJlZHVjZSB0aGUgcmlzayBvZiBwZXJzb25hbGx5IGlkZW50aWZpYWJsZSBpbmZvcm1hdGlvbiBiZWluZyBsZWFrZWQgdW5leHBlY3RlZGx5LiBBIG5ldyBDTEkgc3ViY29tbWFuZCBgZm9yZ2VqbyBkb2N0b3IgYXZhdGFyLXN0cmlwLWV4aWZgIGNhbiBiZSB1c2VkIHRvIHN0cmlwIEVYSUYgaW5mb3JtYXRpb24gZnJvbSBhbGwgZXhpc3RpbmcgYXZhdGFyczsgd2UgcmVjb21tZW5kIHRoYXQgYWRtaW5pc3RyYXRvcnMgcnVuIHRoaXMgY29tbWFuZCBvbmNlIGFmdGVyIHVwZ3JhZGUgaW4gb3JkZXIgdG8gbWluaW1pemUgdGhpcyByaXNrIGZvciBleGlzdGluZyBzdG9yZWQgZmlsZXMu-->Uploaded avatar images can sometimes contain unexpected metadata such as the location where the image was created, or the device the image was created with, stored in a format called EXIF. Forgejo now removes EXIF data when custom user and repository images are uploaded in order to reduce the risk of personally identifiable information being leaked unexpectedly. A new CLI subcommand `forgejo doctor avatar-strip-exif` can be used to strip EXIF information from all existing avatars; we recommend that administrators run this command once after upgrade in order to minimize this risk for existing stored files.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8554): <!--number 8554 --><!--line 0 --><!--description YWxsb3cgc3luYyBxdW90YSBncm91cHMgd2l0aCBvYXV0aDIgYXV0aCBzb3VyY2U=-->allow sync quota groups with oauth2 auth source<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10147): <!--number 10147 --><!--line 0 --><!--description ZmVhdChzbGFjayk6IHBsYWNlIHVzZXIgbmFtZXMgaW50byBpbmxpbmUgY29kZSBibG9ja3MgZm9yIFNsYWNr-->feat(slack): place user names into inline code blocks for Slack<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9109): <!--number 9109 --><!--line 0 --><!--description ZmVhdChpc3N1ZS1zZWFyY2gpOiBzdXBwb3J0IHF1ZXJ5IHN5bnRheA==-->feat(issue-search): support query syntax<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9045): <!--number 9045 --><!--line 0 --><!--description YWxsb3cgUFJzIGJldHdlZW4gY29tbW9uIGZvcmtzIG9mIHRoZSBzYW1lIGJhc2UgcmVwb3NpdG9yeQ==-->allow PRs between common forks of the same base repository<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10079): <!--number 10079 --><!--line 0 --><!--description c2hvdyBsaW5rIHRvIHB1bGwgcmVxdWVzdHMgdGFyZ2V0aW5nIGEgbm9uLWRlZmF1bHQgYnJhbmNoIHdoZW4gcHVzaGluZw==-->show link to pull requests targeting a non-default branch when pushing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9950): <!--number 9950 --><!--line 0 --><!--description QWxsb3cgcmVmZXJlbmNpbmcgaW5wdXRzIGluIGpvYnMuPGpvYl9pZD4ucnVucy1vbg==-->Allow referencing inputs in jobs.<job_id>.runs-on<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9522): <!--number 9522 --><!--line 0 --><!--description ZmVhdChlbWFpbCk6IHJlZmVyZW5jZSB0aGUgY29tbWl0IGNsb3NpbmcgdGhlIGlzc3Vl-->feat(email): reference the commit closing the issue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9392): <!--number 9392 --><!--line 0 --><!--description ZGlzcGxheSB0aGUgUFIgZWRpdGFibGUgc3RhdHVzIGluIHRoZSByaWdodC1oYW5kIHNpZGUgbWVudQ==-->display the PR editable status in the right-hand side menu<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10298): <!--number 10298 --><!--line 0 --><!--description Zml4KGFjdGlvbnMpOiBpbXByb3ZlIGVycm9ycyB3aGVuIGAke3sgbmVlZHMuLi4gfX1gIGlzIHVzZWQgaW4gYHN0cmF0ZWd5Lm1hdHJpeGAgaW5jb3JyZWN0bHk=-->fix(actions): improve errors when `${{ needs... }}` is used in `strategy.matrix` incorrectly<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10169): <!--number 10169 --><!--line 0 --><!--description aGFuZGxlIGVtcHR5IGRhdGVzIGluIHBhZ3VyZSBtaWxlc3RvbmUgbWlncmF0aW9u-->handle empty dates in pagure milestone migration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10036): <!--number 10036 --><!--line 0 --><!--description aW5jbHVkZSB2YXJpYWJsZSB2YWx1ZXMgaW4gL3JlcG9zLy4uLi9hY3Rpb25zL3ZhcmlhYmxlcyBBUEkgcmVzcG9uc2U=-->include variable values in /repos/.../actions/variables API response<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9348): <!--number 9348 --><!--line 0 --><!--description Z2l0aHViIGlzc3VlIG1pZ3JhdGlvbiBmYWlsaW5nIGZvciBsYXJnZSBkYXRhc2V0cw==-->github issue migration failing for large datasets<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10686) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10781)): <!--number 10781 --><!--line 0 --><!--description Zml4OiBhZGQgYGZvcmdlam8gZG9jdG9yIGNsZWFudXAtY29tbWl0LXN0YXR1c2AgY29tbWFuZCB0byByZWNvdmVyIGZyb20gIzEwNjcx-->fix: add `forgejo doctor cleanup-commit-status` command to recover from #10671<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10747) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10788)): <!--number 10788 --><!--line 0 --><!--description Zml4OiBjb3JyZWN0bHkgY29tcHV0ZSByZXF1aXJlZCBjb21taXQgc3RhdHVz-->fix: correctly compute required commit status<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10744) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10767)): <!--number 10767 --><!--line 0 --><!--description Zml4OiBpbnRlcm5hbCBzZXJ2ZXIgZXJyb3Igb24gYSBsYXJnZSAuZ2l0bW9kdWxlcw==-->fix: internal server error on a large .gitmodules<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9916): <!--number 9916 --><!--line 0 --><!--description cmVkdWNlIGRlYWRsb2NrcyBtZXJnaW5nIFBScyB3LyBhc3luYyBtaWxlc3RvbmUgc3RhdCByZWNhbGNz-->reduce deadlocks merging PRs w/ async milestone stat recalcs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10484) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10622)): <!--number 10622 --><!--line 0 --><!--description Zml4OiBkaXNwbGF5IG9ycGhhbiBicmFuY2hlcyBzZXBhcmF0ZWx5IGluIGNvbW1pdCBncmFwaA==-->fix: display orphan branches separately in commit graph<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10594) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10600)): <!--number 10600 --><!--line 0 --><!--description Zml4OiBhbGxvdyBBY3Rpb25zIHRydXN0IG1hbmFnZW1lbnQgb24gY29uZmxpY3RlZCBQUnM=-->fix: allow Actions trust management on conflicted PRs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9922): <!--number 9922 --><!--line 0 --><!--description cmVkdWNlIGRlYWRsb2NrcyBtZXJnaW5nIFBScyBieSB1c2luZyBjYWNoaW5nIGZvciByZXBvIGlzc3VlIGNvdW50IHN0YXRz-->reduce deadlocks merging PRs by using caching for repo issue count stats<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9868): <!--number 9868 --><!--line 0 --><!--description cmVkdWNlIGRlYWRsb2NrcyBtZXJnaW5nIFBScyB3LyBhc3luYyBsYWJlbCBzdGF0IHJlY2FsY3M=-->reduce deadlocks merging PRs w/ async label stat recalcs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10127): <!--number 10127 --><!--line 0 --><!--description cG9zc2libGUgY2F1c2Ugb2YgaW52YWxpZCBpc3N1ZSBjb3VudHM7IGNhY2hlIG1vZHVsZSBkb2Vzbid0IGd1YXJhbnRlZSBjb25jdXJyZW5jeSBzYWZldHk=-->possible cause of invalid issue counts; cache module doesn't guarantee concurrency safety<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9927): <!--number 9927 --><!--line 0 --><!--description cHJldmVudCBkZWFkbG9ja3MgdXBkYXRpbmcgcmVwby5udW1fYWN0aW9uX3J1bnMvbnVtX2Nsb3NlZF9hY3Rpb25fcnVucw==-->prevent deadlocks updating repo.num_action_runs/num_closed_action_runs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10130): <!--number 10130 --><!--line 0 --><!--description cG9zc2libGUgY2F1c2Ugb2YgaW52YWxpZCBpc3N1ZSBjb3VudHM7IGNhY2hlIGludmFsaWRhdGlvbiBvY2N1cnMgYmVmb3JlIGEgYWN0aXZlIHRyYW5zYWN0aW9uIGlzIGNvbW1pdHRlZA==-->possible cause of invalid issue counts; cache invalidation occurs before a active transaction is committed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10394) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10542)): <!--number 10542 --><!--line 0 --><!--description Zml4OiBhbHdheXMgc2VhcmNoIGZvciBpc3N1ZSBwb3N0ZXJzIGJ5IHVzZXIgYW5kIGZ1bGwgbmFtZQ==-->fix: always search for issue posters by user and full name<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10009): <!--number 10009 --><!--line 0 --><!--description Z2FyYmFnZSBjb2xsZWN0IGxpbmdlcmluZyBhY3Rpb25zIGxvZ3M=-->garbage collect lingering actions logs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10387): <!--number 10387 --><!--line 0 --><!--description Zml4KDEwMzU5KTogQ291bnQgcmVsZWFzZXMgY29ycmVjdGx5IHdoZW4gdXNpbmcgZmlsdGVycyAocSk=-->fix(10359): Count releases correctly when using filters (q)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10411): <!--number 10411 --><!--line 0 --><!--description Zml4KGFjdGlvbnMpOiByZXBsYWNlIGhhcmRjb2RlZCB3aXRoIGR5bmFtaWNhbGx5IGRldGVybWluZWQgd29ya2Zsb3cgZGlyZWN0b3J5-->fix(actions): replace hardcoded with dynamically determined workflow directory<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10309): <!--number 10309 --><!--line 0 --><!--description QWxsb3cgU0hBLTI1NiBpbiBQUiBjb21taXQgVVJMcw==-->Allow SHA-256 in PR commit URLs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10321): <!--number 10321 --><!--line 0 --><!--description ZGlzcGxheSBhY3Rpb24gcnVuIGF0dGVtcHQgc3RhdHVzIGluc3RlYWQgb2Ygam9iIHN0YXR1cw==-->display action run attempt status instead of job status<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9930): <!--number 9930 --><!--line 0 --><!--description Rml4IG1lcmdlIG1lc3NhZ2UgdGVtcGxhdGUgd2l0aCBlbXB0eSBtZXNzYWdl-->Fix merge message template with empty message<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10185): <!--number 10185 --><!--line 0 --><!--description aXNzdWVzIGFuZCBwdWxscyByb3V0ZSBwZXJtaXR0ZWQgZXh0cmEgY2hhcmFjdGVycw==-->issues and pulls route permitted extra characters<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10267): <!--number 10267 --><!--line 0 --><!--description aTE4bjogdHJhbnNsYXRlIEFjdGlvbnMgUHJlRXhlY3V0aW9uRXJyb3IgZm9yIHZpZXdlcg==-->i18n: translate Actions PreExecutionError for viewer<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9892): <!--number 9892 --><!--line 0 --><!--description cmVwbGFjZSBsaW1pdC9vZmZzZXQgcGFnaW5hdGlvbiBpbiBkZWJpYW4gU2VhcmNoUGFja2FnZXM=-->replace limit/offset pagination in debian SearchPackages<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9274): <!--number 9274 --><!--line 0 --><!--description c3R1Y2sgZ2l0ZWEgbWlncmF0aW9uIGR1ZSB0byBnaXRhIGFwaSBwYWdpbmF0aW9uIGJ1Zw==-->stuck gitea migration due to gita api pagination bug<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9833): <!--number 9833 --><!--line 0 --><!--description cmVwbGFjZSBiYWQgcGFnaW5hdGlvbiB0byBjbGVhbnVwIGJyYW5jaCBwcm90ZWN0aW9uIHJ1bGVzIG9uIHVzZXIgZGVsZXRl-->replace bad pagination to cleanup branch protection rules on user delete<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9752): <!--number 9752 --><!--line 0 --><!--description cmVwbGFjZSBidWdneSBsaW1pdC9vZmZzZXQgcGFnaW5hdGlvbiBpbiBEb2N0b3JVc2VyU3Rhck51bQ==-->replace buggy limit/offset pagination in DoctorUserStarNum<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9789): <!--number 9789 --><!--line 0 --><!--description Zml4KHBlcmYpOiBhZGQgbWlzc2luZyBpbmRleCBvbiBhY3Rpb25fdGFzayB0YWJsZQ==-->fix(perf): add missing index on action_task table<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9773): <!--number 9773 --><!--line 0 --><!--description c3RyaWN0IGVycm9yIGhhbmRsaW5nIG9uIGNvcnJ1cHRlZCBEQiBtaWdyYXRpb24gdHJhY2tpbmcgdGFibGVz-->strict error handling on corrupted DB migration tracking tables<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9705): <!--number 9705 --><!--line 0 --><!--description T3BlbkdyYXBoIGNhcmRzIGZvciBzb21lIGlzc3VlcyBzaG93IHdyb25nIHRpbWVzdGFtcA==-->OpenGraph cards for some issues show wrong timestamp<!--description-->
+- User Interface changes without a feature or bug label
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10768) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10772)): <!--number 10772 --><!--line 0 --><!--description Y2hvcmUodWkpOiBjbGVhbnVwIFBSIGNoZWNrcyBhcmVh-->chore(ui): cleanup PR checks area<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10524) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10540)): <!--number 10540 --><!--line 0 --><!--description Zml4KHVpKTogYXZhdGFyIGZvciBkaXNtaXNzZWQgcmV2aWV3IGlzIHN0cmV0Y2hlZCBpZiBub3Qgc3F1YXJl-->fix(ui): avatar for dismissed review is stretched if not square<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10268): <!--number 10268 --><!--line 0 --><!--description Y2hvcmUodWkpOiBjbGVhbnVwIHJldmlld3MgY3NzLCBpbXByb3ZlIGNvbnNpc3RlbmN5-->chore(ui): cleanup reviews css, improve consistency<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6931): <!--number 6931 --><!--line 0 --><!--description UHJpb3JpdGl6ZSBOb3RvIFNhbnMgb3ZlciBSb2JvdG8gYW5kIE5vdG8gU2FucyBIZWJyZXcgb3ZlciBBcmlhbA==-->Prioritize Noto Sans over Roboto and Noto Sans Hebrew over Arial<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9746): <!--number 9746 --><!--line 0 --><!--description Y2hvcmUodWkpOiBhIGZldyBjb25zaXN0ZW5jeSBpbXByb3ZlbWVudHMgZm9yIG1vZGFscw==-->chore(ui): a few consistency improvements for modals<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9643): <!--number 9643 --><!--line 0 --><!--description cmVmYWN0b3IodWkpOiByZS1pbXBsZW1lbnQgaWNvbiBjb2xvcnMgYnV0IGZvciBhbGwgdGhpbiBlbGVtZW50cw==-->refactor(ui): re-implement icon colors but for all thin elements<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9507): <!--number 9507 --><!--line 0 --><!--description Zml4KHVpKTogRG9uJ3QgdXNlIHRoZSBzdWJ0bGUgY29sb3IgZm9yIGxvZyB0ZXh0-->fix(ui): Don't use the subtle color for log text<!--description-->
+- Other changes without a feature or bug label
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10812) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10816)): <!--number 10816 --><!--line 0 --><!--description Zml4OiBkcm9wIHNxbGl0ZSBzaGFyZWQgY2FjaGU=-->fix: drop sqlite shared cache<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10568) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10621)): <!--number 10621 --><!--line 0 --><!--description bWlncmF0aW9uOiB1cGRhdGUgZXhpc3RpbmcgZm9yZWlnbiBrZXkgbWlncmF0aW9ucyB0byBhdXRvbWF0aWNhbGx5IGZpeCBpbmNvbnNpc3RlbmNpZXM=-->migration: update existing foreign key migrations to automatically fix inconsistencies<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10219): <!--number 10219 --><!--line 0 --><!--description cmVmYWN0b3I6IG1pZ3JhdGUgZnJvbSBgbGliL3BxYCB0byBgamFja2MvcGd4YA==-->refactor: migrate from `lib/pq` to `jackc/pgx`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9832): <!--number 9832 --><!--line 0 --><!--description YWRkIGZvcmVpZ24ga2V5cyB0byB0YWJsZSBwdWxsX3JlcXVlc3Q=-->add foreign keys to table pull_request<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10429): <!--number 10429 --><!--line 0 --><!--description ZmVhdChzc2gpOiB1c2UgQXBwRG9tYWluIGZvciBrZXkgdmVyaWZpY2F0aW9u-->feat(ssh): use AppDomain for key verification<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9675): <!--number 9675 --><!--line 0 --><!--description ZmFsc2UgZXJyb3IgbG9nZ2luZyAiUmVuZGVyIEpTT04gZmFpbGVkIiBmcm9tIHdvcmtmbG93IGRpc3BhdGNoIHZpYSBBUEk=-->false error logging "Render JSON failed" from workflow dispatch via API<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10187): <!--number 10187 --><!--line 0 --><!--description Zml4KGkxOG4vZW4pOiBpbXByb3ZlIHNlYXJjaCBzeW50YXggaGludHM=-->fix(i18n/en): improve search syntax hints<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10835): <!--number 10835 --><!--line 0 --><!--description W3NraXAgY2ldIDogY2hvcmUocmVsZWFzZSk6IGRlbGV0ZSBwcmV2aW91c2x5IGFubm91bmNlZCByZWxlYXNlIG5vdGVz-->[skip ci] : chore(release): delete previously announced release notes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10780) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10838)): <!--number 10838 --><!--line 0 --><!--description Y2hvcmU6IGNvcnJlY3Qgc3BlbGxpbmcgZXJyb3IgaW4gY2xlYW51cC1jb21taXQtc3RhdHVzIENMSSBkb2Nz-->chore: correct spelling error in cleanup-commit-status CLI docs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10077): <!--number 10077 --><!--line 0 --><!--description YnVnOiBpc3N1ZS8xODY5LWdpdGxhYi1taWdyYXRpb24tcmVmZXJlbmNlcw==-->bug: issue/1869-gitlab-migration-references<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10037): <!--number 10037 --><!--line 0 --><!--description MjAyNS0xMS0yMSBjb21iaW5lZCBzZWN1cml0eSBwYXRjaGVz-->2025-11-21 combined security patches<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10815) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10817)): <!--number 10817 --><!--line 0 --><!--description Zml4OiBtYWtlIGxhc3Rjb21taXQgYXZhaWxhYmxlIGZvciBub24tc2lnbmVkLWluIHVzZXJz-->fix: make lastcommit available for non-signed-in users<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10475): <!--number 10475 --><!--line 0 --><!--description ZG9uJ3QgcHVzaCBMRlMgd2hlbiB1c2luZyBTU0ggYXV0aGVudGljYXRpb24=-->don't push LFS when using SSH authentication<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10776): <!--number 10776 --><!--line 0 --><!--description VXBkYXRlIENvZGVNaXJyb3IgKHYxNC4wL2Zvcmdlam8p-->Update CodeMirror (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10754): <!--number 10754 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vYWN0aW9ucy1wcm90byB0byB2MC42LjAgKHYxNC4wL2Zvcmdlam8p-->Update module code.forgejo.org/forgejo/actions-proto to v0.6.0 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10189): <!--number 10189 --><!--line 0 --><!--description Zml4KGFwaS9hY3Rpdml0eXB1Yik6IHNpbXBsaWZ5IHNpZ25hdHVyZSByZXF1aXJlbWVudHM=-->fix(api/activitypub): simplify signature requirements<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10720): <!--number 10720 --><!--line 0 --><!--description SmFudWFyeSA4dGggc2VjdXJpdHkgcGF0Y2hlcw==-->January 8th security patches<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10713) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10717)): <!--number 10717 --><!--line 0 --><!--description Zml4OiBwcmV2ZW50IGludGVybWl0dGVudCB0ZXN0IGZhaWx1cmVzIGNhdXNlZCBieSB1bmNhbmNlbGxhYmxlIHRhc2tz-->fix: prevent intermittent test failures caused by uncancellable tasks<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10696) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10704)): <!--number 10704 --><!--line 0 --><!--description Zml4OiByZXRhaW4gRm9yZ2VqbyBBY3Rpb24ncyBjb21taXRfc3RhdHVzIGVudHJpZXMgd2l0aCBkaXN0aW5jdCBkZXNjcmlwdGlvbnM=-->fix: retain Forgejo Action's commit_status entries with distinct descriptions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10656) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10663)): <!--number 10663 --><!--line 0 --><!--description Zml4OiBpbi1wcm9ncmVzcyBqb2IgaWNvbiBkb2Vzbid0IHJvdGF0ZSBvbiByZXBvJ3MgYWN0aW9uIGxpc3QgKCMxMDY1Nik=-->fix: in-progress job icon doesn't rotate on repo's action list (#10656)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10662) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10672)): <!--number 10672 --><!--line 0 --><!--description Y2hvcmUoY2xlYW51cCk6IG1vdmUgYWxsIHRlc3QgYmxhbmsgaW1wb3J0cyBpbiBhIHNpbmdsZSBwYWNrYWdl-->chore(cleanup): move all test blank imports in a single package<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10692) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10694)): <!--number 10694 --><!--line 0 --><!--description Y2hvcmU6IGRvd25sb2FkIGdpdC1tYW4gb3ZlciBUTFM=-->chore: download git-man over TLS<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10678) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10679)): <!--number 10679 --><!--line 0 --><!--description Zml4OiBkb24ndCBkdXBsaWNhdGUgY29tbWl0IHN0YXR1cyByZWNvcmRzIG9uIHdvcmtmbG93cyB3aXRoIGVtcHR5IG5hbWU=-->fix: don't duplicate commit status records on workflows with empty name<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10015): <!--number 10015 --><!--line 0 --><!--description VXNlIGByZWNlaXZlLmhpZGVSZWZzYA==-->Use `receive.hideRefs`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10632) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10635)): <!--number 10635 --><!--line 0 --><!--description Zml4OiBidWlsZC1yZWxlYXNlIHdvcmtmbG93IHN0b3BzIGl0cyBvd24gZW5kLXRvLWVuZCBjaGVja3Mgd2hlbiBydW4gY29uY3VycmVudGx5-->fix: build-release workflow stops its own end-to-end checks when run concurrently<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10204): <!--number 10204 --><!--line 0 --><!--description YnVnOiBzaWduYXR1cmU6IG1vZGlmeSBVUkwgYWZ0ZXIgZXJyb3IgY2hlY2s=-->bug: signature: modify URL after error check<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10587) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10592)): <!--number 10592 --><!--line 0 --><!--description dGVzdDogZml4IGludGVybWl0dGVudCBQb3N0Z3JlU1FMIGZhaWx1cmUgaW4gVGVzdEFkbWluVmlld1JlcG9z-->test: fix intermittent PostgreSQL failure in TestAdminViewRepos<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10588) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10593)): <!--number 10593 --><!--line 0 --><!--description Zml4OiBMaXN0VHJhY2tlZFRpbWVzIEFQSSBoYXMgbm8gZGVmaW5lZCByZWNvcmQgb3JkZXJpbmc=-->fix: ListTrackedTimes API has no defined record ordering<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10550) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10555)): <!--number 10555 --><!--line 0 --><!--description cG9ydChnaXRlYSk6IEZpeCBwYXNzd29yZCBsZWFrIGluIGxvZyBtZXNzYWdlcyAoZ28tZ2l0ZWEvZ2l0ZWEhMzU1ODQp-->port(gitea): Fix password leak in log messages (go-gitea/gitea!35584)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10120): <!--number 10120 --><!--line 0 --><!--description Zml4KGFwaSk6IGFkZCBzdHViIG91dGJveGVzIHRvIGFjdG9ycw==-->fix(api): add stub outboxes to actors<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10366): <!--number 10366 --><!--line 0 --><!--description cmVmYWN0b3I6IGV4dHJhY3QgQWN0aW9uSm9iU3RlcCBmcm9tIFJlcG9BY3Rpb25WaWV3-->refactor: extract ActionJobStep from RepoActionView<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10194): <!--number 10194 --><!--line 0 --><!--description cmVuZGVyIGEgbGluayB0byBwb3N0ZXIgcHJvZmlsZSBuZXh0IHRvIHRoZSBJRCB3aXRoaW4gc2hhZG93IGNvcHkgZGV0YWlscw==-->render a link to poster profile next to the ID within shadow copy details<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10040): <!--number 10040 --><!--line 0 --><!--description cmVhbGlnbiBpbmRleGVzIG9uIHRoZSAnYWN0aW9uJyB0YWJsZQ==-->realign indexes on the 'action' table<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10463): <!--number 10463 --><!--line 0 --><!--description UmV2ZXJ0ICJmZWF0OiBhZGQgc3VwcG9ydCBmb3IgZXBoZW1lcmFsIHJ1bm5lcnMgY29tcGF0aWJsZSB3aXRoIGF1dG9zY2FsaW5nIHRvb2xzICgjOTQwOSki-->Revert "feat: add support for ephemeral runners compatible with autoscaling tools (#9409)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10054): <!--number 10054 --><!--line 0 --><!--description TmV3IGlzc3VlIHRlbXBsYXRlcw==-->New issue templates<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10478): <!--number 10478 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2VkaXRvcmNvbmZpZy9lZGl0b3Jjb25maWctY29yZS1nby92MiB0byB2Mi42LjQgKGZvcmdlam8p-->Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10441): <!--number 10441 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgc3dhZ2dlci11aS1kaXN0IHRvIHY1LjMxLjAgKGZvcmdlam8p-->Update dependency swagger-ui-dist to v5.31.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10326): <!--number 10326 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2FscGluZSBEb2NrZXIgdGFnIHRvIHYzLjIzIChmb3JnZWpvKQ==-->Update data.forgejo.org/oci/alpine Docker tag to v3.23 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10400): <!--number 10400 --><!--line 0 --><!--description VXBkYXRlIE5vZGUuanMgdG8gdjI0LjEyLjAgKGZvcmdlam8p-->Update Node.js to v24.12.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10415): <!--number 10415 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb29nbGUuZ29sYW5nLm9yZy9wcm90b2J1ZiB0byB2MS4zNi4xMSAoZm9yZ2Vqbyk=-->Update module google.golang.org/protobuf to v1.36.11 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10409): <!--number 10409 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2dpdC1iYWNrcG9ydGluZyBhY3Rpb24gdG8gdjQuOC43IChmb3JnZWpvKQ==-->Update https://data.forgejo.org/actions/git-backporting action to v4.8.7 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10399): <!--number 10399 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMjcgKGZvcmdlam8p-->Update dependency katex to v0.16.27 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10317): <!--number 10317 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3JlZGlzL2dvLXJlZGlzL3Y5IHRvIHY5LjE3LjIgKGZvcmdlam8p-->Update module github.com/redis/go-redis/v9 to v9.17.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10471): <!--number 10471 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgYXNjaWluZW1hLXBsYXllciB0byB2My4xMy40IChmb3JnZWpvKQ==-->Update dependency asciinema-player to v3.13.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10434): <!--number 10434 --><!--line 0 --><!--description Zml4KHVzZXIpOiBzZXQgQWN0aXZpdHlQdWIgdXNlcnMgdG8gUHJvaGliaXRMb2dpbg==-->fix(user): set ActivityPub users to ProhibitLogin<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10439): <!--number 10439 --><!--line 0 --><!--description YnVpbGQ6IHVzZSBpbnRlcmFjdGl2ZSBzcWxpdGUgdmlhIG5peA==-->build: use interactive sqlite via nix<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10447): <!--number 10447 --><!--line 0 --><!--description Y2hvcmUoc2VjdXJpdHkpOiB1cGRhdGUgc2VjdXJpdHkudHh0IHdpdGggbmV3IGV4cGlyYXRpb24gZGF0ZQ==-->chore(security): update security.txt with new expiration date<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10452): <!--number 10452 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ28tYXAvanNvbmxkIGRpZ2VzdCB0byBlMzhmYTY2IChmb3JnZWpvKQ==-->Update github.com/go-ap/jsonld digest to e38fa66 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10410): <!--number 10410 --><!--line 0 --><!--description Zml4KHVpL2J1dHRvbnMpOiBpbXBsZW1lbnQgLmRpc2FibGVkIGNsYXNz-->fix(ui/buttons): implement .disabled class<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10440): <!--number 10440 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgYXNjaWluZW1hLXBsYXllciB0byB2My4xMy4yIChmb3JnZWpvKQ==-->Update dependency asciinema-player to v3.13.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10438): <!--number 10438 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuMi4wIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.2.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10385): <!--number 10385 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3ZhbHlhbGEvZmFzdGpzb24gdG8gdjEuNi43IChmb3JnZWpvKQ==-->Update module github.com/valyala/fastjson to v1.6.7 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10371): <!--number 10371 --><!--line 0 --><!--description bG9nIGluc3RydW1lbnRhdGlvbiAmIHRlc3QgcGFja2FnZQ==-->log instrumentation & test package<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10339): <!--number 10339 --><!--line 0 --><!--description J01vcmUgYWN0aW9ucycgKOKLrykgZHJvcGRvd24gZnJvbSBtb2RlcmF0aW9uIHJlcG9ydHMgb3ZlcnZpZXcgcGFnZQ==-->'More actions' (⋯) dropdown from moderation reports overview page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10367): <!--number 10367 --><!--line 0 --><!--description ZG9jcyhBUEkpOiBDb3JyZWN0IHRva2VuIHN1bW1hcnkgdG8gc3BlY2lmeSB0aGUgdXNlZCB1c2VyLg==-->docs(API): Correct token summary to specify the used user.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10389): <!--number 10389 --><!--line 0 --><!--description cmVuYW1lIGEgZmlsZSB3aXRoIHR5cG86IFNUTVAgLT4gU01UUA==-->rename a file with typo: STMP -> SMTP<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10253): <!--number 10253 --><!--line 0 --><!--description Y2hvcmUobGludCk6IEVuc3VyZSBjb25zaXN0ZW50IGltcG9ydCBhbGlhc2luZyBmb3Igc2VydmljZXMgYW5kIG1vZGVscw==-->chore(lint): Ensure consistent import aliasing for services and models<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10374): <!--number 10374 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjQ2LjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.46.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10377): <!--number 10377 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvb2F1dGgyIHRvIHYwLjM0LjAgKGZvcmdlam8p-->Update module golang.org/x/oauth2 to v0.34.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10365): <!--number 10365 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10275): <!--number 10275 --><!--line 0 --><!--description Y2hvcmUobGludCk6IEFkZCBleGNlcHRpb25zIGZvciBkYmZzX21vZGVsIGFuZCB1bml0dGVzdA==-->chore(lint): Add exceptions for dbfs_model and unittest<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10364): <!--number 10364 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi4zOS4yIChmb3JnZWpvKQ==-->Update renovate to v42.39.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10357): <!--number 10357 --><!--line 0 --><!--description Zml4KHVpKTogZG8gbm90IHdyb25nbHkgaGlnaGxpZ2h0IGRldnRlc3QgbGluayBpbiBuYXZiYXIgbWVudQ==-->fix(ui): do not wrongly highlight devtest link in navbar menu<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10354): <!--number 10354 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuMS4yIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.1.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10338): <!--number 10338 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMTIuMiAoZm9yZ2Vqbyk=-->Update dependency mermaid to v11.12.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10307): <!--number 10307 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2JsZXZlc2VhcmNoL2JsZXZlL3YyIHRvIHYyLjUuNiAoZm9yZ2Vqbyk=-->Update module github.com/blevesearch/bleve/v2 to v2.5.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10333): <!--number 10333 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuMS4xIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.1.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10296): <!--number 10296 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNsaW50LXBsdWdpbi11bmljb3JuIHRvIHY2MiAoZm9yZ2Vqbyk=-->Update dependency eslint-plugin-unicorn to v62 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10294): <!--number 10294 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHBsYXl3cmlnaHQvdGVzdCB0byB2MS41Ny4wIChmb3JnZWpvKQ==-->Update dependency @playwright/test to v1.57.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10289): <!--number 10289 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVqcy9wbHVnaW4tdnVlIHRvIHY2LjAuMiAoZm9yZ2Vqbyk=-->Update dependency @vitejs/plugin-vue to v6.0.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10295): <!--number 10295 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10291): <!--number 10291 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdml0ZS1zdHJpbmctcGx1Z2luIHRvIHYxLjQuOSAoZm9yZ2Vqbyk=-->Update dependency vite-string-plugin to v1.4.9 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10302): <!--number 10302 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNSAoZm9yZ2Vqbyk=-->Update dependency go to v1.25.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10292): <!--number 10292 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdnVlIHRvIHYzLjUuMjUgKGZvcmdlam8pIC0gYXV0b2Nsb3NlZA==-->Update dependency vue to v3.5.25 (forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10293): <!--number 10293 --><!--line 0 --><!--description VXBkYXRlIHZpdGVzdCBtb25vcmVwbyB0byB2NC4wLjE0IChmb3JnZWpvKQ==-->Update vitest monorepo to v4.0.14 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10290): <!--number 10290 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMC4wLjExIChmb3JnZWpvKQ==-->Update dependency happy-dom to v20.0.11 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10288): <!--number 10288 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ29vZ2xlL3Bwcm9mIGRpZ2VzdCB0byA0OTAyZmRkIChmb3JnZWpvKQ==-->Update github.com/google/pprof digest to 4902fdd (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10278): <!--number 10278 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi4yNy41IChmb3JnZWpvKQ==-->Update renovate to v42.27.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10280): <!--number 10280 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2tsYXVzcG9zdC9jb21wcmVzcyB0byB2MS4xOC4yIChmb3JnZWpvKQ==-->Update module github.com/klauspost/compress to v1.18.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10281): <!--number 10281 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2VkaXRvcmNvbmZpZy1jaGVja2VyL2VkaXRvcmNvbmZpZy1jaGVja2VyL3YzL2NtZC9lZGl0b3Jjb25maWctY2hlY2tlciB0byB2My42LjAgKGZvcmdlam8p-->Update module github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker to v3.6.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10220): <!--number 10220 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10265): <!--number 10265 --><!--line 0 --><!--description cGF0aCBlc2NhcGUgYnJvd3NlIGZ1cnRoZXIgVVJM-->path escape browse further URL<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9926): <!--number 9926 --><!--line 0 --><!--description cmV3b3JrIGBub3RpZmljYXRpb25gIHRhYmxl-->rework `notification` table<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10256): <!--number 10256 --><!--line 0 --><!--description Y2hvcmUobGludCk6IFJlbW92ZSB1bm5lY2Vzc2FyeSBkZXBndWFyZCBydWxlcw==-->chore(lint): Remove unnecessary depguard rules<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10257): <!--number 10257 --><!--line 0 --><!--description Y2hvcmUoZTJlKTogdXNlIGV4cGVjdCgpLnRvQmVDbG9zZVRvIGluc3RlYWQgb2YgTWF0aC5yb3VuZA==-->chore(e2e): use expect().toBeCloseTo instead of Math.round<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10182): <!--number 10182 --><!--line 0 --><!--description TWVudGlvbiBwcm9jLXJlY2VpdmUgaW4gdGV4dCBmb3IgZGFzaGJvYXJkLnJlc3luY19hbGxfaG9va3MgZnVuYw==-->Mention proc-receive in text for dashboard.resync_all_hooks func<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9875): <!--number 9875 --><!--line 0 --><!--description ZG9uJ3Qgc2hvdyBDb25FbXUgT1NDIGVzY2FwZSBzZXF1ZW5jZXM=-->don't show ConEmu OSC escape sequences<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9973): <!--number 9973 --><!--line 0 --><!--description cGFndXJlIG1pZ3JhdGlvbjogQWRkIHJlcXVpcmVkIGhlYWRlcnM=-->pagure migration: Add required headers<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10056): <!--number 10056 --><!--line 0 --><!--description bGVzcyByZXN0cmljdGl2ZSBtYXRyaXggcm9vbV9pZCBwYXR0ZXJu-->less restrictive matrix room_id pattern<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9757): <!--number 9757 --><!--line 0 --><!--description cHJldmVudCBvcmdzIGZyb20gYmVpbmcgYWRkZWQgYXMgbWVtYmVycyBvZiBvcmdz-->prevent orgs from being added as members of orgs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9997): <!--number 9997 --><!--line 0 --><!--description Zml4KGFwaSk6IHNldCBhbGwgaG9vayBldmVudCB0eXBlcw==-->fix(api): set all hook event types<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9913): <!--number 9913 --><!--line 0 --><!--description c2V0IHRhZyBtZXNzYWdlIG9uIHRhZyBhZGRpdGlvbg==-->set tag message on tag addition<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9872): <!--number 9872 --><!--line 0 --><!--description Y29uc3RydWN0IHByb2plY3QgbGlua3MgaW4gdGltZWxpbmUgYmV0dGVy-->construct project links in timeline better<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10258): <!--number 10258 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuMS4wIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.1.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10141): <!--number 10141 --><!--line 0 --><!--description cmVmYWN0b3IobW9kZWxzL3B1bGwpOiBNb3ZlIGNvZGUgZm9yIG1hbnVhbCBtZXJnZXMgaW50byBtZXJnZV9tYW51YWwuZ28=-->refactor(models/pull): Move code for manual merges into merge_manual.go<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9807): <!--number 9807 --><!--line 0 --><!--description Y2hvcmU6IEFkZCBkaWFnbm9zdGljIGxvZyBmb3IgTERBUCBsb2dpbnMgdGhhdCBleHBlY3QgZ3JvdXBz-->chore: Add diagnostic log for LDAP logins that expect groups<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10197): <!--number 10197 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDMuMCAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.103.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10199): <!--number 10199 --><!--line 0 --><!--description bWFrZSBzdXJlIHRoZSBkZXRhaWxzIHBhZ2UgaXMgc3RpbGwgcmVuZGVyZWQgY29ycmVjdGx5IGV2ZW4gaWYgdGhlIHBvc3RlciBvZiByZXBvcnRlZCBjb21tZW50IHdhcyBkZWxldGVk-->make sure the details page is still rendered correctly even if the poster of reported comment was deleted<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10217): <!--number 10217 --><!--line 0 --><!--description Zml4KGFwaSk6IGBhZG1pbkRFbGV0ZVF1b3RhUnVsZWAgdHlwbw==-->fix(api): `adminDEleteQuotaRule` typo<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10213): <!--number 10213 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMSB0byB2MTIgKGZvcmdlam8p-->Update module code.forgejo.org/forgejo/runner/v11 to v12 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10188): <!--number 10188 --><!--line 0 --><!--description Rml4IHR5cG8=-->Fix typo<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10201): <!--number 10201 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjExLjAuOCBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v11.0.8 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10200): <!--number 10200 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEzLjAuMyBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v13.0.3 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10198): <!--number 10198 --><!--line 0 --><!--description VXBkYXRlIHgvdG9vbHMgdG8gdjAuMzkuMCAoZm9yZ2Vqbyk=-->Update x/tools to v0.39.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10195): <!--number 10195 --><!--line 0 --><!--description VXBkYXRlIGdvLW9wZW5hcGkgcGFja2FnZXMgKGZvcmdlam8p-->Update go-openapi packages (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9501): <!--number 9501 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWxkYXAvbGRhcC92MyB0byB2My40LjEyIChmb3JnZWpvKQ==-->Update module github.com/go-ldap/ldap/v3 to v3.4.12 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10196): <!--number 10196 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuNi4yIChmb3JnZWpvKQ==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.6.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10180): <!--number 10180 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBzdXBwb3J0IGAuZm9yZ2Vqby9yZW5vdmF0ZS5qc29uYA==-->chore(renovate): support `.forgejo/renovate.json`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10173): <!--number 10173 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjQ1LjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.45.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10179): <!--number 10179 --><!--line 0 --><!--description Y2hvcmU6IHBpbiBub2RlIHZlcnNpb24=-->chore: pin node version<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10163): <!--number 10163 --><!--line 0 --><!--description RG8gbm90IGNsb2JiZXIgfi8uc3NoL2F1dGhvcml6ZWRfa2V5cyBpbiBjZXJ0YWluIHRlc3Rz-->Do not clobber ~/.ssh/authorized_keys in certain tests<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10165): <!--number 10165 --><!--line 0 --><!--description dHlwbyBpbiBBY3Rpb25zLlNraXBXb3JrZmxvd1N0cmluZ3MgaW5pIHRhZw==-->typo in Actions.SkipWorkflowStrings ini tag<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10161): <!--number 10161 --><!--line 0 --><!--description dGVzdDogY29tcGFyZSBmaWxlIGxpc3QgaW5zdGVhZCBvZiBieXRlIGxlbmd0aCBpbiBnemlwcGVkIHJlcG8gYXJjaGl2ZSB0ZXN0-->test: compare file list instead of byte length in gzipped repo archive test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10162): <!--number 10162 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjAuNiAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.0.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10160): <!--number 10160 --><!--line 0 --><!--description YWRkIG15c2VsZiB0byBgQ09ERU9XTkVSU2AgZm9yIHRoZSBBUEk=-->add myself to `CODEOWNERS` for the API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10142): <!--number 10142 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi4xMS4wIChmb3JnZWpvKQ==-->Update renovate to v42.11.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10046): <!--number 10046 --><!--line 0 --><!--description Y2hvcmU6IERlYWQgQ29kZTogYERlbGV0ZUlzc3VlYCBOb3RpZnkgVG9waWM=-->chore: Dead Code: `DeleteIssue` Notify Topic<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10139): <!--number 10139 --><!--line 0 --><!--description dGVzdDogZml4IG1vZHVsZXMvcXVldWUgdGVzdHMgdG8gdXNlIFRFU1RfUkVESVNfU0VSVkVSIHdoZW4gcHJlc2VudA==-->test: fix modules/queue tests to use TEST_REDIS_SERVER when present<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10072): <!--number 10072 --><!--line 0 --><!--description aGFuZGxlIHVwcGVyY2FzZSBpbiBvYXV0aCBlbWFpbCBhdXRvcmVnaXN0cmF0aW9u-->handle uppercase in oauth email autoregistration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10114): <!--number 10114 --><!--line 0 --><!--description Y2FjaGUgZGVyaXZlZCBrZXlzIGZvciBmYXN0ZXIga2V5aW5n-->cache derived keys for faster keying<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9401): <!--number 9401 --><!--line 0 --><!--description UmVwbGFjZSAiQWxsIHB1bGwgcmVxdWVzdHMiIGluIHJlcG8gaXNzdWUgZmlsdGVy-->Replace "All pull requests" in repo issue filter<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9478): <!--number 9478 --><!--line 0 --><!--description bWFya3VwIHJlbmRlcmluZyBwYW5pYyBtdXN0IG5vdCBhYm9ydCB0aGUgcHJvY2Vzcw==-->markup rendering panic must not abort the process<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9626): <!--number 9626 --><!--line 0 --><!--description Zml4KHVpL3JlbGVhc2VzKTogc3RyZWNoIGVsZW1lbnRzIGFwYXJ0IHdoZW4gbm8gc2VhcmNoIGJhcg==-->fix(ui/releases): strech elements apart when no search bar<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9502): <!--number 9502 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBQYWd1cmUgbWlncmF0b3IgcHJpdmF0ZSBpc3N1ZXMgY2xhcml0eQ==-->fix(ui): improve Pagure migrator private issues clarity<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9534): <!--number 9534 --><!--line 0 --><!--description Zml4KHVpKTogcmV3b3JrZWQgZmlsZSBwcmV2aWV3IHBsYWNlbWVudCB0b3dhcmRzIGJldHRlciBIVE1MIHZhbGlkaXR5LCB0YWtlIDI=-->fix(ui): reworked file preview placement towards better HTML validity, take 2<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8908): <!--number 8908 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUgKGZvcmdlam8p-->Update dependency go to v1.25 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9822): <!--number 9822 --><!--line 0 --><!--description Y2hvcmU6IHVwZGF0ZSBnbyB0YXJnZXQgbGFuZ3VhZ2UgdmVyc2lvbiB0byB2MS4yNS4w-->chore: update go target language version to v1.25.0<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9504): <!--number 9504 --><!--line 0 --><!--description YWxsb3cgdW5hY3RpdmF0ZWQgdXNlcnMgdG8gc2VuZCByZWNvdmVyeSBtYWlscw==-->allow unactivated users to send recovery mails<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9611): <!--number 9611 --><!--line 0 --><!--description Y2hvcmUoY2kpOiBsaW1pdCBMREFQIHNlcnZpY2UgY29udGFpbmVyIG1lbW9yeSB1c2FnZSB0byA1MDBN-->chore(ci): limit LDAP service container memory usage to 500M<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9662): <!--number 9662 --><!--line 0 --><!--description Y2hvcmUoZTJlKTogdGVzdCBmbGFraW5lc3MgaW4gd2ViYXV0aG4udGVzdC5lMmUudHM=-->chore(e2e): test flakiness in webauthn.test.e2e.ts<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9454): <!--number 9454 --><!--line 0 --><!--description dGVzdDogZml4ICdNaXNzaW5nIHJlcXVpcmVkIHByb3AnIHdhcm5pbmcgZHVyaW5nIFJlcG9BY3Rpb25WaWV3IGZyb250ZW5kIHRlc3Rz-->test: fix 'Missing required prop' warning during RepoActionView frontend tests<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10125): <!--number 10125 --><!--line 0 --><!--description Zml4KHVpKTogZml4IGNvbG9yIG9mIGhvdmVyaW5nIG92ZXIgbWVudSBidXR0b25zIGluIHRvcCBuYXYgYmFy-->fix(ui): fix color of hovering over menu buttons in top nav bar<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9840): <!--number 9840 --><!--line 0 --><!--description MjAyNS0xMC0yNiBTZWN1cml0eSBQYXRjaGVz-->2025-10-26 Security Patches<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10075): <!--number 10075 --><!--line 0 --><!--description Zml4KHRlc3QpOiBpbXByb3ZlIHJlbGlhYmlsaXR5IG9mIEUyRSAiQnV0dG9uIHRleHQgcmVwbGFjZWQgYnkgSlMi-->fix(test): improve reliability of E2E "Button text replaced by JS"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10128): <!--number 10128 --><!--line 0 --><!--description Y2hvcmU6IGJ1bXAgbml4cGtncyBpbiBmbGFrZS5sb2Nr-->chore: bump nixpkgs in flake.lock<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10053): <!--number 10053 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuNi4xIChmb3JnZWpvKQ==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.6.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10110): <!--number 10110 --><!--line 0 --><!--description Y2hvcmU6IHVuaWZ5IHRoZSB1c2FnZSBvZiBgQ3J5cHRvUmFuZG9tU3RyaW5nYA==-->chore: unify the usage of `CryptoRandomString`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10109): <!--number 10109 --><!--line 0 --><!--description Y2hvcmU6IHR3byBzbWFsbCByZWZhY3RvcnMgaW4gZ2l0IG1vZHVsZQ==-->chore: two small refactors in git module<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10123): <!--number 10123 --><!--line 0 --><!--description d29ya2Zsb3cgZGlzcGF0Y2ggc2hvdWxkbid0IGluY2x1ZGUgZW1wdHkgZmllbGRzIGluIGlucHV0cw==-->workflow dispatch shouldn't include empty fields in inputs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10089): <!--number 10089 --><!--line 0 --><!--description YWNjZXB0IGB0cnVlYCBhcyBpbnB1dCBpbiB3b3JrZmxvd19kaXNwYXRjaA==-->accept `true` as input in workflow_dispatch<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10112): <!--number 10112 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjQ3LjAgKGZvcmdlam8p-->Update module golang.org/x/net to v0.47.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10111): <!--number 10111 --><!--line 0 --><!--description VXBkYXRlIGdvLW9wZW5hcGkgcGFja2FnZXMgKGZvcmdlam8p-->Update go-openapi packages (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10119): <!--number 10119 --><!--line 0 --><!--description Y2hvcmUodGVzdCk6IGNsZWFudXAgTmV3UmVxdWVzdCB3aGljaCBubyBsb25nZXIgc3VwcGx5IENTUkYgdmFsdWVz-->chore(test): cleanup NewRequest which no longer supply CSRF values<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10103): <!--number 10103 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSB3ZWJraXQgYW5kIG1vYmlsZSBzYWZhcmkgZnJvbSBwbGF5d3JpZ2h0-->chore: remove webkit and mobile safari from playwright<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10092): <!--number 10092 --><!--line 0 --><!--description VXBkYXRlIE5vZGUuanMgdG8gdjI0IChmb3JnZWpvKQ==-->Update Node.js to v24 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10095): <!--number 10095 --><!--line 0 --><!--description bWFrZSBgRmV0Y2hgIHdvcmsgd2l0aCBnaXQgPCAyLjQx-->make `Fetch` work with git < 2.41<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10085): <!--number 10085 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzMuMCAoZm9yZ2Vqbyk=-->Update module golang.org/x/image to v0.33.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10096): <!--number 10096 --><!--line 0 --><!--description VXBkYXRlIE5QTSBjb25zdHJhaW50-->Update NPM constraint<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10091): <!--number 10091 --><!--line 0 --><!--description VXBkYXRlIE5vZGUuanMgdG8gdjI0IChmb3JnZWpvKQ==-->Update Node.js to v24 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10084): <!--number 10084 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjQ0LjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.44.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10082): <!--number 10082 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2JsZXZlc2VhcmNoL2JsZXZlL3YyIHRvIHYyLjUuNSAoZm9yZ2Vqbyk=-->Update module github.com/blevesearch/bleve/v2 to v2.5.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9959): <!--number 9959 --><!--line 0 --><!--description Zml4KHVpKTogcHJldmVudCBKUyBmcm9tIHJlbW92aW5nIGljb24gZnJvbSBjbG9zZS9yZW9wZW4gYnV0dG9u-->fix(ui): prevent JS from removing icon from close/reopen button<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10068): <!--number 10068 --><!--line 0 --><!--description YnJhbmRpbmc6IHVzYWdlIG9mIGdlbmVyYXRl-->branding: usage of generate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10042): <!--number 10042 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MiAoZm9yZ2VqbykgKG1ham9yKQ==-->Update renovate to v42 (forgejo) (major)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10032): <!--number 10032 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvc3lzIHRvIHYwLjM4LjAgKGZvcmdlam8p-->Update module golang.org/x/sys to v0.38.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10035): <!--number 10035 --><!--line 0 --><!--description Z2l0ZWFfZG93bmxvYWRlcjogZml4IHR5cG9z-->gitea_downloader: fix typos<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10028): <!--number 10028 --><!--line 0 --><!--description Y2hvcmU6IGFkanVzdCBmYWlsaW5nIEUyRSB0ZXN0cw==-->chore: adjust failing E2E tests<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10029): <!--number 10029 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjAuNSAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.0.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10016): <!--number 10016 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgY2xpcHBpZSB0byB2NC4xLjkgKGZvcmdlam8p-->Update dependency clippie to v4.1.9 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10017): <!--number 10017 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgc2hhcnAgdG8gdjAuMzQuNSAoZm9yZ2Vqbyk=-->Update dependency sharp to v0.34.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10018): <!--number 10018 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMSB0byB2MTEuMy4xIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v11 to v11.3.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9988): <!--number 9988 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdnVlIHRvIHYzLjUuMjQgKGZvcmdlam8p-->Update dependency vue to v3.5.24 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9985): <!--number 9985 --><!--line 0 --><!--description Y2hvcmU6IHNpbXBsaWZ5IGBHZXROb3RlYA==-->chore: simplify `GetNote`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9983): <!--number 9983 --><!--line 0 --><!--description YWRtaW4gcmVwbyBwYWdlIGVycm9yIG9uIE51bUlzc3Vlcw==-->admin repo page error on NumIssues<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9982): <!--number 9982 --><!--line 0 --><!--description dGVzdDogRW5zdXJlIGpvYnMuPGpvYl9pZD4ucnVucy1vbiB3b3JrcyB3aXRoIHZhcnM=-->test: Ensure jobs.<job_id>.runs-on works with vars<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9984): <!--number 9984 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNCAoZm9yZ2Vqbyk=-->Update dependency go to v1.25.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9897): <!--number 9897 --><!--line 0 --><!--description L2FwaS9mb3JnZWpvL3YxL3ZlcnNpb24gQ29udGVudC1UeXBlIGVycm9y-->/api/forgejo/v1/version Content-Type error<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9981): <!--number 9981 --><!--line 0 --><!--description Y2hvcmU6IHVzZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vYWN0aW9ucy1wcm90bw==-->chore: use code.forgejo.org/forgejo/actions-proto<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9969): <!--number 9969 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMSB0byB2MTEuMy4wIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v11 to v11.3.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9952): <!--number 9952 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdnVlLWNoYXJ0anMgdG8gdjUuMy4zIChmb3JnZWpvKQ==-->Update dependency vue-chartjs to v5.3.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9943): <!--number 9943 --><!--line 0 --><!--description cGVyZjogdXBkYXRlIGNvbmN1cnJlbmN5IGdyb3VwIHF1ZXJ5IHRvIGJlIGluZGV4LWNhcGFibGUgZm9yIHN0YXR1cw==-->perf: update concurrency group query to be index-capable for status<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9948): <!--number 9948 --><!--line 0 --><!--description VXNlIG1vY2sgc2VydmVyIGZvciBgVGVzdEJyZWFrQ29uZGl0aW9uc2A=-->Use mock server for `TestBreakConditions`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9933): <!--number 9933 --><!--line 0 --><!--description Y2hvcmUodWkpOiByZW1vdmUgdW51c2VkIGNzcyBvZiBpZCBjcmVhdGUtcGFnZS1mb3Jt-->chore(ui): remove unused css of id create-page-form<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9925): <!--number 9925 --><!--line 0 --><!--description dGVzdDogY29uY3VycmVudCBtZXJnZXMgdGFyZ2V0aW5nIHNlcGFyYXRlIGJyYW5jaGVzIHByb2NlZWQgd2l0aG91dCBlcnJvcnM=-->test: concurrent merges targeting separate branches proceed without errors<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9946): <!--number 9946 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ2xvYmFscyB0byB2MTYuNS4wIChmb3JnZWpvKQ==-->Update dependency globals to v16.5.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9944): <!--number 9944 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS4xNjkuMSAoZm9yZ2Vqbyk=-->Update renovate to v41.169.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9753): <!--number 9753 --><!--line 0 --><!--description Zml4KHVpKTogcmVtb3ZlIGV4dHJhIGhlbHBlcnMgZnJvbSBzdGF0dXNwYWdlcw==-->fix(ui): remove extra helpers from statuspages<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9780): <!--number 9780 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2JsZXZlc2VhcmNoL2JsZXZlL3YyIHRvIHYyLjUuNCAoZm9yZ2Vqbyk=-->Update module github.com/blevesearch/bleve/v2 to v2.5.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9890): <!--number 9890 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWluaW1hdGNoIHRvIHYxMC4xLjEgKGZvcmdlam8p-->Update dependency minimatch to v10.1.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9899): <!--number 9899 --><!--line 0 --><!--description bWFrZSBlZGl0IGxhYmVsIGRpYWxvZyB3b3JrIGFnYWlu-->make edit label dialog work again<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9744): <!--number 9744 --><!--line 0 --><!--description Y2hvcmUoZGVwcyk6IHVwZ3JhZGUgeG9ybSB0byByZW1vdmUgYWNjZXNzIHRvIHVuc2FmZSBCdWZmZXJTaXplKCk=-->chore(deps): upgrade xorm to remove access to unsafe BufferSize()<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9888): <!--number 9888 --><!--line 0 --><!--description dXBkYXRlIGRldmNvbnRhaW5lciB0YWcgdG8gZ286MS4yNS10cml4aWU=-->update devcontainer tag to go:1.25-trixie<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9858): <!--number 9858 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjExLjAuNyBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v11.0.7 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9857): <!--number 9857 --><!--line 0 --><!--description Y2hvcmU6IGFkZCByZWxlYXNlIG5vdGVzIGZvciBiYWNrcG9ydHMgb2YgdjExIGFuZCB2MTMgW3NraXAgY2ld-->chore: add release notes for backports of v11 and v13 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9859): <!--number 9859 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEzLjAuMiBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v13.0.2 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9867): <!--number 9867 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9839): <!--number 9839 --><!--line 0 --><!--description cmV0dXJuIGFsbCBwZW5kaW5nIGpvYnMgaWYgbGFiZWxzIHBhcmFtZXRlciBpcyBhYnNlbnQ=-->return all pending jobs if labels parameter is absent<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9877): <!--number 9877 --><!--line 0 --><!--description bWlncmF0ZSBhZGQvcmVtb3ZlIHJlcG9zaXRvcmllcyBpbiB0ZWFtIHRvIG5hdGl2ZSBkaWFsb2c=-->migrate add/remove repositories in team to native dialog<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9880): <!--number 9880 --><!--line 0 --><!--description bWlub3IgdHlwb3M=-->minor typos<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9878): <!--number 9878 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMTIuMSAoZm9yZ2Vqbyk=-->Update dependency mermaid to v11.12.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9874): <!--number 9874 --><!--line 0 --><!--description c2hvdyBzcGlubmVyIHdoZW4gbG9hZGluZyBjb250ZW50IGhpc3RvcnkgbWVudQ==-->show spinner when loading content history menu<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9855): <!--number 9855 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaHRteC5vcmcgdG8gdjIuMC44IChmb3JnZWpvKQ==-->Update dependency htmx.org to v2.0.8 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9834): <!--number 9834 --><!--line 0 --><!--description ZG9jczogZG9uJ3Qgc3VnZ2VzdCBzZXR0aW5nIGRlZmF1bHQgY2FyZ28gcmVnaXN0cnk=-->docs: don't suggest setting default cargo registry<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9796): <!--number 9796 --><!--line 0 --><!--description ZG9uJ3QgZHJvcCB1bmV4cGVjdGVkIGluZGV4ZXMgaW4gRm9yZ2VqbyBzdGFydHVw-->don't drop unexpected indexes in Forgejo startup<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9823): <!--number 9823 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2dvbGFuZyBEb2NrZXIgdGFnIHRvIHYxLjI1IChmb3JnZWpvKQ==-->Update data.forgejo.org/oci/golang Docker tag to v1.25 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9562): <!--number 9562 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLXN3YWdnZXIvZ28tc3dhZ2dlci9jbWQvc3dhZ2dlciB0byB2MC4zMy4xIChmb3JnZWpvKQ==-->Update module github.com/go-swagger/go-swagger/cmd/swagger to v0.33.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9814): <!--number 9814 --><!--line 0 --><!--description VXBkYXRlIHZpdGVzdCBtb25vcmVwbyB0byB2NCAoZm9yZ2VqbykgKG1ham9yKQ==-->Update vitest monorepo to v4 (forgejo) (major)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9818): <!--number 9818 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3VyZmF2ZS9jbGkvdjMgdG8gdjMuNS4wIChmb3JnZWpvKQ==-->Update module github.com/urfave/cli/v3 to v3.5.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9811): <!--number 9811 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBtdmRhbi5jYy9nb2Z1bXB0IHRvIHYwLjkuMiAoZm9yZ2Vqbyk=-->Update module mvdan.cc/gofumpt to v0.9.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9815): <!--number 9815 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSB0d28gR2l0IHNldHRpbmdz-->chore: remove two Git settings<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9812): <!--number 9812 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGF4ZS1jb3JlL3BsYXl3cmlnaHQgdG8gdjQuMTEuMCAoZm9yZ2Vqbyk=-->Update dependency @axe-core/playwright to v4.11.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9813): <!--number 9813 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9810): <!--number 9810 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMC4wLjggKGZvcmdlam8p-->Update dependency happy-dom to v20.0.8 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9561): <!--number 9561 --><!--line 0 --><!--description cmVmYWN0b3I6IGRldmVsb3Blci1mcmllbmRseSBkYXRhYmFzZSBzY2hlbWEgbWlncmF0aW9uIHJlZ2lzdHJhdGlvbg==-->refactor: developer-friendly database schema migration registration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9805): <!--number 9805 --><!--line 0 --><!--description cmVmYWN0b3I6IFNpbXBsaWZ5IGZsYWtlLm5peA==-->refactor: Simplify flake.nix<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9808): <!--number 9808 --><!--line 0 --><!--description Zml4KHdvcmtmbG93cy9jb3ZlcmFnZSk6IHVzZSBjb3JyZWN0IGZvcmdlam8gb3BlbmxkYXAgaW1hZ2U=-->fix(workflows/coverage): use correct forgejo openldap image<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9784): <!--number 9784 --><!--line 0 --><!--description c3VwcHJlc3MgZmFsc2UtcG9zaXRpdmUgZXJyb3IgbG9nIHdoZW4gUFIgaXMgYWxyZWFkeSBpbiB0aGUgYXV0b21lcmdlIHF1ZXVl-->suppress false-positive error log when PR is already in the automerge queue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9779): <!--number 9779 --><!--line 0 --><!--description VXBkYXRlIGNpdGF0aW9uLWpzIG1vbm9yZXBvIHRvIHYwLjcuMjEgKGZvcmdlam8p-->Update citation-js monorepo to v0.7.21 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9786): <!--number 9786 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2tsYXVzcG9zdC9jb21wcmVzcyB0byB2MS4xOC4xIChmb3JnZWpvKQ==-->Update module github.com/klauspost/compress to v1.18.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9761): <!--number 9761 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9731): <!--number 9731 --><!--line 0 --><!--description Y2hvcmU6IGVuYWJsZSBlbWFpbCBub3RpZmljYXRpb25zIG9uIHB1bGxfcmVxdWVzdCB3b3JrZmxvd3M=-->chore: enable email notifications on pull_request workflows<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9758): <!--number 9758 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS4xNTIuOSAoZm9yZ2Vqbyk=-->Update renovate to v41.152.9 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9759): <!--number 9759 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMSB0byB2MTEuMi4wIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v11 to v11.2.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9625): <!--number 9625 --><!--line 0 --><!--description Y2hvcmUoaTE4bik6IG1pZ3JhdGUgZG93bmxvYWQgY291bnRzIHRvIGpzb24=-->chore(i18n): migrate download counts to json<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9734): <!--number 9734 --><!--line 0 --><!--description ZG9udCBzZXQgbWVyZ2UtYmFzZSBvbiBwdWxsIHJlcXVlc3QgY3JlYXRpb24=-->dont set merge-base on pull request creation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9740): <!--number 9740 --><!--line 0 --><!--description c2ltcGxpZnkgYEdldFB1bGxSZXF1ZXN0RmlsZXNg-->simplify `GetPullRequestFiles`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9732): <!--number 9732 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEzLjAuMQ==-->chore(release-notes): Forgejo v13.0.1<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9722): <!--number 9722 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEzLjAuMCAoZm9sbG93dXAgMSk=-->chore(release-notes): Forgejo v13.0.0 (followup 1)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9721): <!--number 9721 --><!--line 0 --><!--description cmVwbGFjZSBHaXRlYSAtPiBGb3JnZWpvIGluIGFwcC5leGFtcGxlLmluaSB3aGVyZSBlYXNpbHkgcG9zc2libGU=-->replace Gitea -> Forgejo in app.example.ini where easily possible<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9709): <!--number 9709 --><!--line 0 --><!--description ZW1wdHkgREJzIGNyZWF0ZSB0YWJsZXMgaW4gYW4gdW5nb3Zlcm5lZCBvcmRlciByZXN1bHRpbmcgaW4gZnV0dXJlIGZvcmVpZ24ga2V5IGVycm9ycw==-->empty DBs create tables in an ungoverned order resulting in future foreign key errors<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9708): <!--number 9708 --><!--line 0 --><!--description aW50ZWdyYXRpb24gdGVzdHMgJiBlbXB0eSBEQiBjcmVhdGlvbiB3aWxsIGZhaWwgYXMgc29vbiBhcyBmb3JnZWpvX21pZ3JhdGlvbnMgYWNjZXNzZXMgYW4gZXhpc3RpbmcgdGFibGU=-->integration tests & empty DB creation will fail as soon as forgejo_migrations accesses an existing table<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9442): <!--number 9442 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEzLjAuMA==-->chore(release-notes): Forgejo v13.0.0<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9435): <!--number 9435 --><!--line 0 --><!--description UmVwbyBtaWdyYXRlIEFQSSBlbmRwb2ludCByZXR1cm5pbmcgMjAwIHdoZW4gaXQgY3Jhc2hlcw==-->Repo migrate API endpoint returning 200 when it crashes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9702): <!--number 9702 --><!--line 0 --><!--description VXBkYXRlIHgvdG9vbHMgdG8gdjAuMzguMCAoZm9yZ2Vqbyk=-->Update x/tools to v0.38.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9684): <!--number 9684 --><!--line 0 --><!--description dGVzdDogaW50cm9kdWNlIFRydW5jYXRlQmVhbnNDYXNjYWRlIHRlc3QgaGVscGVyIHRvIHN1cHBvcnQgZGF0YSBjbGVhbnVwIG9mIGZvcmVpZ24ta2V5IHJlZmVyZW5jZWQgdGFibGVz-->test: introduce TruncateBeansCascade test helper to support data cleanup of foreign-key referenced tables<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9701): <!--number 9701 --><!--line 0 --><!--description VXBkYXRlIGdvLW9wZW5hcGkgcGFja2FnZXMgKGZvcmdlam8p-->Update go-openapi packages (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9704): <!--number 9704 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLW5vZGUgYWN0aW9uIHRvIHY2IChmb3JnZWpvKQ==-->Update https://data.forgejo.org/actions/setup-node action to v6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9703): <!--number 9703 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMCAoZm9yZ2Vqbyk=-->Update dependency happy-dom to v20 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9700): <!--number 9700 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2VkaXRvcmNvbmZpZy1jaGVja2VyL2VkaXRvcmNvbmZpZy1jaGVja2VyL3YzL2NtZC9lZGl0b3Jjb25maWctY2hlY2tlciB0byB2My40LjEgKGZvcmdlam8p-->Update module github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker to v3.4.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9699): <!--number 9699 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9682): <!--number 9682 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2Rzb3ByZWEvZ28tZXhpZi92MyB0byB2My4wLjEgKGZvcmdlam8p-->Update module github.com/dsoprea/go-exif/v3 to v3.0.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9616): <!--number 9616 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy90ai1hY3Rpb25zL2NoYW5nZWQtZmlsZXMgYWN0aW9uIHRvIHY0NyAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/tj-actions/changed-files action to v47 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9688): <!--number 9688 --><!--line 0 --><!--description Y2hvcmUoZTJlKTogYWRkcmVzcyBhbm90aGVyIGZsYWtleSBmYWlsdXJlIGluIHdlYmF1dGhuLnRlc3QuZTJlLnRz-->chore(e2e): address another flakey failure in webauthn.test.e2e.ts<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9683): <!--number 9683 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21ob2x0L2FyY2hpdmVzIHRvIHYwLjEuNSAoZm9yZ2Vqbyk=-->Update module github.com/mholt/archives to v0.1.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9679): <!--number 9679 --><!--line 0 --><!--description Y2hvcmU6IG1ha2UgcmVub3ZhdGUgd29yayBvbiB2MTMgZm9yZ2Vqbw==-->chore: make renovate work on v13 forgejo<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9677): <!--number 9677 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgY2hhcnQuanMgdG8gdjQuNS4xIChmb3JnZWpvKQ==-->Update dependency chart.js to v4.5.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9558): <!--number 9558 --><!--line 0 --><!--description aW5jbHVkZSBub24tY29udmVudGlvbmFsIGhlYWRlcnMgaW4gcGF5bG9hZCBmb3IgZ2l0IHNpZ25hdHVyZXM=-->include non-conventional headers in payload for git signatures<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9676): <!--number 9676 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuMyAoZm9yZ2Vqbyk=-->Update dependency go to v1.25.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9645): <!--number 9645 --><!--line 0 --><!--description YXZvaWQganVtcGluZyB0byBiZWdpbiBvZiBwYWdlIG9uIGVkaXQgY29tbWVudCBhY3Rpb24=-->avoid jumping to begin of page on edit comment action<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9572): <!--number 9572 --><!--line 0 --><!--description YXZvaWQgdXBkYXRpbmcgYWxsIGNvbHVtbnM=-->avoid updating all columns<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9666): <!--number 9666 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9660): <!--number 9660 --><!--line 0 --><!--description Y2hvcmUoZTJlKTogdGVzdCBmbGFraW5lc3MgaW4gaXNzdWUtY29tbWVudC1kcm9wem9uZS50ZXN0LmUyZS50cw==-->chore(e2e): test flakiness in issue-comment-dropzone.test.e2e.ts<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9610): <!--number 9610 --><!--line 0 --><!--description YXZvaWQgcmVtb3RlIGZvciBjb2Rlb3duZXIncyBtZXJnZSBiYXNl-->avoid remote for codeowner's merge base<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9665): <!--number 9665 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMjQgKGZvcmdlam8p-->Update dependency katex to v0.16.24 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9664): <!--number 9664 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS4xNDYuMCAoZm9yZ2Vqbyk=-->Update renovate to v41.146.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9647): <!--number 9647 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgYXNjaWluZW1hLXBsYXllciB0byB2My4xMi4xIChmb3JnZWpvKQ==-->Update dependency asciinema-player to v3.12.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9655): <!--number 9655 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vcmh5c2QvYWN0aW9ubGludCAoaW5kaXJlY3QpIHRvIHYxLjcuOCAoZm9yZ2Vqbyk=-->Update github.com/rhysd/actionlint (indirect) to v1.7.8 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9642): <!--number 9642 --><!--line 0 --><!--description Y2hvcmUoZTJlKTogZGlzYWJsZSB3ZWJraXQvc2FmYXJpIGluIHNvbWUgdGVzdHM=-->chore(e2e): disable webkit/safari in some tests<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9599): <!--number 9599 --><!--line 0 --><!--description Zml4KGUyZSk6IGRpc2FibGUgd2Via2l0L3NhZmFyaSBpbiB0ZXN0cyB3aGVyZSB0aGV5IGFyZSB0b28gZmFsa3k=-->fix(e2e): disable webkit/safari in tests where they are too falky<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9605): <!--number 9605 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzIuMCAoZm9yZ2Vqbyk=-->Update module golang.org/x/image to v0.32.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9640): <!--number 9640 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBicmFuZGluZyBmcm9tIGFwcGxpY2F0aW9uIHJ1biBoZWxwZXI=-->chore: remove branding from application run helper<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9628): <!--number 9628 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBicmFuZGluZyBmcm9tIGNvbnRleHQgaW1wb3J0cw==-->chore: remove branding from context imports<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9606): <!--number 9606 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjQ2LjAgKGZvcmdlam8p-->Update module golang.org/x/net to v0.46.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9639): <!--number 9639 --><!--line 0 --><!--description Y2hvcmUodWkpOiByZW1vdmUgdW51c2VkIGNsYXNzIC5zbWFsbC1tZW51LWl0ZW1z-->chore(ui): remove unused class .small-menu-items<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9632): <!--number 9632 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbW9uYWNvLWVkaXRvci13ZWJwYWNrLXBsdWdpbiB0byB2Ny4xLjEgKGZvcmdlam8p-->Update dependency monaco-editor-webpack-plugin to v7.1.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9635): <!--number 9635 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvb2F1dGgyIHRvIHYwLjMyLjAgKGZvcmdlam8p-->Update module golang.org/x/oauth2 to v0.32.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9463): <!--number 9463 --><!--line 0 --><!--description Y2hvcmUoaTE4bik6IG1vdmUgc29tZSBwbHVyYWwgc3RyaW5ncyB0byBqc29u-->chore(i18n): move some plural strings to json<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9617): <!--number 9617 --><!--line 0 --><!--description VXBkYXRlIG1jci5taWNyb3NvZnQuY29tL2RldmNvbnRhaW5lcnMvZ28gRG9ja2VyIHRhZyB0byB2MiAoZm9yZ2Vqbyk=-->Update mcr.microsoft.com/devcontainers/go Docker tag to v2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9574): <!--number 9574 --><!--line 0 --><!--description cnVuIHRzYyBpbiBDSQ==-->run tsc in CI<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9612): <!--number 9612 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb25uZWN0cnBjLmNvbS9jb25uZWN0IHRvIHYxLjE5LjEgKGZvcmdlam8pIChmb2xsb3d1cCk=-->Update module connectrpc.com/connect to v1.19.1 (forgejo) (followup)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9604): <!--number 9604 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjQzLjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.43.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9567): <!--number 9567 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb25uZWN0cnBjLmNvbS9jb25uZWN0IHRvIHYxLjE5LjEgKGZvcmdlam8p-->Update module connectrpc.com/connect to v1.19.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9575): <!--number 9575 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVzdC9lc2xpbnQtcGx1Z2luIHRvIHYxLjMuMTYgKGZvcmdlam8p-->Update dependency @vitest/eslint-plugin to v1.3.16 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9578): <!--number 9578 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9580): <!--number 9580 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBtdmRhbi5jYy9nb2Z1bXB0IHRvIHYwLjkuMSAoZm9yZ2Vqbyk=-->Update module mvdan.cc/gofumpt to v0.9.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9583): <!--number 9583 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2NoZWNrb3V0IGFjdGlvbiB0byB2NSAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/checkout action to v5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9576): <!--number 9576 --><!--line 0 --><!--description VXBkYXRlIHJlZ2lzdHJ5LnJlZGljdC5pby9yZWRpY3QgRG9ja2VyIHRhZyB0byB2Ny4zLjYgKGZvcmdlam8p-->Update registry.redict.io/redict Docker tag to v7.3.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9582): <!--number 9582 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYxOSAoZm9yZ2Vqbyk=-->Update dependency happy-dom to v19 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9577): <!--number 9577 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHBsYXl3cmlnaHQvdGVzdCB0byB2MS41Ni4wIChmb3JnZWpvKQ==-->Update dependency @playwright/test to v1.56.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9579): <!--number 9579 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2VkaXRvcmNvbmZpZy1jaGVja2VyL2VkaXRvcmNvbmZpZy1jaGVja2VyL3YzL2NtZC9lZGl0b3Jjb25maWctY2hlY2tlciB0byB2My40LjAgKGZvcmdlam8p-->Update module github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker to v3.4.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9584): <!--number 9584 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWdvIGFjdGlvbiB0byB2NiAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-go action to v6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9581): <!--number 9581 --><!--line 0 --><!--description VXBkYXRlIHgvdG9vbHMgdG8gdjAuMzcuMCAoZm9yZ2Vqbyk=-->Update x/tools to v0.37.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9545): <!--number 9545 --><!--line 0 --><!--description Zml4KHVpL21kZSk6IGZpeCBzd2l0Y2ggaGVpZ2h0IGFuZCBidXR0b25zIGFsaWdubWVudA==-->fix(ui/mde): fix switch height and buttons alignment<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9564): <!--number 9564 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDIuMSAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.102.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9563): <!--number 9563 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuNS4wIChmb3JnZWpvKQ==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.5.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9559): <!--number 9559 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjQuOCAoZm9yZ2Vqbyk=-->Update dependency go to v1.24.8 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9524): <!--number 9524 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgYXNjaWluZW1hLXBsYXllciB0byB2My4xMS4xIChmb3JnZWpvKQ==-->Update dependency asciinema-player to v3.11.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9538): <!--number 9538 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNidWlsZC1sb2FkZXIgdG8gdjQuNC4wIChmb3JnZWpvKQ==-->Update dependency esbuild-loader to v4.4.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9537): <!--number 9537 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS4xMzUuNSAoZm9yZ2Vqbyk=-->Update renovate to v41.135.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9539): <!--number 9539 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9533): <!--number 9533 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IGFkZCBjaHJvbWEgdXBkYXRlcyBmb3IgdjEzLCB2MTIsIHYxMCwgdjg=-->chore(release-notes): add chroma updates for v13, v12, v10, v8<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9523): <!--number 9523 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMjMgKGZvcmdlam8p-->Update dependency katex to v0.16.23 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9519): <!--number 9519 --><!--line 0 --><!--description Y2hvcmU6IGFkZCB1bml0IHRlc3QgZm9yIGBTZWFyY2hQb2ludGVyQmxvYnNg-->chore: add unit test for `SearchPointerBlobs`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9499): <!--number 9499 --><!--line 0 --><!--description ZTJlOiBTZWxlY3RpdmUgc2NyZWVuc2hvdHM=-->e2e: Selective screenshots<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9510): <!--number 9510 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb29nbGUuZ29sYW5nLm9yZy9wcm90b2J1ZiB0byB2MS4zNi4xMCAoZm9yZ2Vqbyk=-->Update module google.golang.org/protobuf to v1.36.10 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9460): <!--number 9460 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9505): <!--number 9505 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdHlwZXNjcmlwdCB0byB2NS45LjMgKGZvcmdlam8p-->Update dependency typescript to v5.9.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9477): <!--number 9477 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDIuMCAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.102.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9500): <!--number 9500 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdGFpbHdpbmRjc3MgdG8gdjMuNC4xOCAoZm9yZ2Vqbyk=-->Update dependency tailwindcss to v3.4.18 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9488): <!--number 9488 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHBsYXl3cmlnaHQvdGVzdCB0byB2MS41NS4xIChmb3JnZWpvKQ==-->Update dependency @playwright/test to v1.55.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9491): <!--number 9491 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVzdC9lc2xpbnQtcGx1Z2luIHRvIHYxLjMuMTMgKGZvcmdlam8p-->Update dependency @vitest/eslint-plugin to v1.3.13 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9496): <!--number 9496 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBucG0gdmVyc2lvbiBjb25zdHJhaW50IHRvIHJlbm92YXRl-->chore: add npm version constraint to renovate<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9490): <!--number 9490 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBub3Qgd29ya2luZyBQUkVGRVJSRURfVElNRVNUQU1QX1RFTlNFIHNldHRpbmc=-->chore: remove not working PREFERRED_TIMESTAMP_TENSE setting<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8877): <!--number 8877 --><!--line 0 --><!--description Zml4KHVpKTogbWFrZSAiVG9rZW4gbmFtZSItaW5wdXQgYSByZWFsIHJlcXVpcmVkLWZpZWxk-->fix(ui): make "Token name"-input a real required-field<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9487): <!--number 9487 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ29vZ2xlL3Bwcm9mIGRpZ2VzdCB0byA5ZTVhNTFhIChmb3JnZWpvKQ==-->Update github.com/google/pprof digest to 9e5a51a (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9494): <!--number 9494 --><!--line 0 --><!--description cmVwbGFjZSAiR2l0ZWEiIHdpdGggIkZvcmdlam8iIGluIGJ1dHRvbiBsYWJlbA==-->replace "Gitea" with "Forgejo" in button label<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9486): <!--number 9486 --><!--line 0 --><!--description cmVwbGFjZSB0aGUgcGx1cyBzaWduIHRvIGNvbmZpcm0gYSBuZXcgZHVlIGRhdGUgb24gaXNzdWVzIHdpdGggYSBjaGVjayBtYXJr-->replace the plus sign to confirm a new due date on issues with a check mark<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9492): <!--number 9492 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2YzL2dvZjMvdjMgdG8gdjMuMTEuMSAoZm9yZ2Vqbyk=-->Update module code.forgejo.org/f3/gof3/v3 to v3.11.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8935): <!--number 8935 --><!--line 0 --><!--description ZG9jczogYWRkIGJhY2sgd2FybmluZyBhcyBhIGNvbW1pdCBzdGF0dXM=-->docs: add back warning as a commit status<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9386): <!--number 9386 --><!--line 0 --><!--description ZW5zdXJlIGRlbGV0ZWQgRGViaWFuIHBhY2thZ2UgZG9lcyBub3QgcmVtYWluIHJlZmVyZW5jZWQgaW4gdGhlIGFwdCByZXBvc2l0b3J5IGZpbGVz-->ensure deleted Debian package does not remain referenced in the apt repository files<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9480): <!--number 9480 --><!--line 0 --><!--description Y2hvcmU6IHJlbGVhc2Utbm90ZXMtYXNzaXN0YW50OiB0aGVyZSBtYXkgYmUgdGhyZWUgc3VwcG9ydGVkIHJlbGVhc2Vz-->chore: release-notes-assistant: there may be three supported releases<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9095): <!--number 9095 --><!--line 0 --><!--description ZmVhdChidWlsZCk6IGFkZCBzdXBwb3J0IGZvciB0aGUgYmFzZS5NZXNzZW5nZXIsICQubG9jYWxlLlRyLCBGb3JtIHN0cnVjdHMgdG8gbGludC1sb2NhbGUtdXNhZ2U=-->feat(build): add support for the base.Messenger, $.locale.Tr, Form structs to lint-locale-usage<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9467): <!--number 9467 --><!--line 0 --><!--description YWRkIHZ1ZSBkYXRhIHRvIGBjcmVhdGVBcHBgIGluc3RlYWQgYG1vdW50YA==-->add vue data to `createApp` instead `mount`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9456): <!--number 9456 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MS4xMzEuOSAoZm9yZ2Vqbyk=-->Update renovate to v41.131.9 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9438): <!--number 9438 --><!--line 0 --><!--description UmV2ZXJ0ICJVcGRhdGUgbW9kdWxlIGNvbm5lY3RycGMuY29tL2Nvbm5lY3QgdG8gdjEuMTkuMCAoZm9yZ2VqbykgKCM5NDI1KSI=-->Revert "Update module connectrpc.com/connect to v1.19.0 (forgejo) (#9425)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9425): <!--number 9425 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb25uZWN0cnBjLmNvbS9jb25uZWN0IHRvIHYxLjE5LjAgKGZvcmdlam8p-->Update module connectrpc.com/connect to v1.19.0 (forgejo)<!--description-->
+- Already announced in the release notes of an older stable release
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10297): <!--number 10297 --><!--line 0 --><!--description cmVkdWNlIHJ1bnRpbWUgb2YgY29udGFpbmVyIGNsZWFudXAgYnkgcmVseWluZyBvbiBtYXNzIGRpZ2VzdCBjbGVhbnVw-->reduce runtime of container cleanup by relying on mass digest cleanup<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10225): <!--number 10225 --><!--line 0 --><!--description ZG93bmxvYWQgbG9ncyBvZiBjdXJyZW50bHkgZGlzcGxheWVkIEFjdGlvbiBydW4gYXR0ZW1wdA==-->download logs of currently displayed Action run attempt<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9763): <!--number 9763 --><!--line 0 --><!--description Zml4KGFsdCk6IGhhbmRsZSBwYWNrYWdlIG5hbWVzIHdpdGggZG90cyBpbiBBTFQgcmVwb3NpdG9yeQ==-->fix(alt): handle package names with dots in ALT repository<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9914): <!--number 9914 --><!--line 0 --><!--description cHVsbCByZXF1ZXN0IHJldmlldyBjb21tZW50IHBvc2l0aW9u-->pull request review comment position<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10140): <!--number 10140 --><!--line 0 --><!--description Z2V0IG5ldyBzZXNzaW9uIGZyb20gZW5naW5lZ3JvdXAgaW5zdGVhZCBvZiBtYXN0ZXJlbmdpbmU=-->get new session from enginegroup instead of masterengine<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10146): <!--number 10146 --><!--line 0 --><!--description c3VwcG9ydCBnaXQgY2xvbmUgd2hlbiAvdG1wIGhhcyBub2V4ZWM=-->support git clone when /tmp has noexec<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10002): <!--number 10002 --><!--line 0 --><!--description ZW5kbGVzcyByZWRpcmVjdGlvbiBsb29wIGJldHdlZW4gL3VzZXIvc2V0dGluZ3MvY2hhbmdlX3Bhc3N3b3JkIGFuZCAvdXNlci9zZXR0aW5ncy9zZWN1cml0eQ==-->endless redirection loop between /user/settings/change_password and /user/settings/security<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9468): <!--number 9468 --><!--line 0 --><!--description cGFja2FnZSBjbGVhbmVkIHJ1bGUgZmFpbHMgaWYgdGhlIGtlZXAgY291bnQgaXMgdG9vIGhpZ2g=-->package cleaned rule fails if the keep count is too high<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9657): <!--number 9657 --><!--line 0 --><!--description ZGIuSXRlcmF0ZSBjYW4gbWlzcyByZWNvcmRzLCBjYW4gcmV0dXJuIHJlY29yZHMgdHdpY2U=-->db.Iterate can miss records, can return records twice<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9764): <!--number 9764 --><!--line 0 --><!--description R0xPQkFMX1RXT19GQUNUT1JfUkVRVUlSRU1FTlQgYWxsIHByZXZlbnRzIGFjdGlvbnMvY2hlY2tvdXQgZnJvbSBjbG9uaW5nIHJlcG9zaXRvcmllcw==-->GLOBAL_TWO_FACTOR_REQUIREMENT all prevents actions/checkout from cloning repositories<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9508): <!--number 9508 --><!--line 0 --><!--description VXNlIHNjcm9sbEhlaWdodCBmb3IgcmVuZGVyZWQgaWZyYW1lIGlmIG9mZnNldEhlaWdodCBpcyB1bmF2YWlsYWJsZQ==-->Use scrollHeight for rendered iframe if offsetHeight is unavailable<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9690): <!--number 9690 --><!--line 0 --><!--description cmVsZWFzZSBlbWFpbCBsaW5rcw==-->release email links<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9634): <!--number 9634 --><!--line 0 --><!--description Zml4KHVpKTogYWRkIGBtYXJrdXBgIGNsYXNzIHRvIHByb2plY3QgZGVzY3JpcHRpb25z-->fix(ui): add `markup` class to project descriptions<!--description-->
+<!--end release-notes-assistant-->

From 2d9422aaec90c49f20a2d6d78ad9e75b46bca332 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 15 Jan 2026 22:42:10 +0100
Subject: [PATCH 162/854] Update dependency go to v1.25.6 (forgejo) (#10850)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10850
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 8616316b8d..edb10b7e27 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module forgejo.org
 
 go 1.25.0
 
-toolchain go1.25.5
+toolchain go1.25.6
 
 require (
 	code.forgejo.org/f3/gof3/v3 v3.11.15

From 2a8881c4ca8d9e3632f311055c06706f79493e4e Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 16 Jan 2026 00:03:07 +0100
Subject: [PATCH 163/854] fix: use `strict-origin` as referrer policy (#10851)

- Resolves forgejo/forgejo#10849
- Yes, the referrer policy is causing cross-origin protection to fail.
Why? Because someone really cared about privacy, the referrer policy was
set to no-referrer. So no `Referrer` HTTP header and `Origin` is either
omited or set to `null`, because hey the browser isn't allowed to leak
it via that header either. The new cross-origin protection relies on
Sec-Fetch metadata to determine if the request is same-origin or not.
This metadata is only sent to trustworthy origins, and thus not when
you visit Forgejo on your intranet. But the new protection has a
fallback to compare the Origin to the Host header... but the Origin
header was conviently set to `null` to protect the user's privacy.
- We now set the referrer policy to strict-origin, which means only for
same-origin requests a Origin header is set. For cross-origin the
behavior is unchanged and the user's privacy is preserved.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10851
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 templates/base/head.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/base/head.tmpl b/templates/base/head.tmpl
index 12b41ac922..d31d25db46 100644
--- a/templates/base/head.tmpl
+++ b/templates/base/head.tmpl
@@ -8,7 +8,7 @@
 	<meta name="author" content="{{if .Repository}}{{.Owner.Name}}{{else}}{{MetaAuthor}}{{end}}">
 	<meta name="description" content="{{if .Repository}}{{.Repository.Name}}{{if .Repository.Description}} - {{.Repository.Description}}{{end}}{{else}}{{MetaDescription}}{{end}}">
 	<meta name="keywords" content="{{MetaKeywords}}">
-	<meta name="referrer" content="no-referrer">
+	<meta name="referrer" content="strict-origin">
 {{if .GoGetImport}}
 	<meta name="go-import" content="{{.GoGetImport}} git {{.RepoCloneLink.HTTPS}}">
 	<meta name="go-source" content="{{.GoGetImport}} _ {{.GoDocDirectory}} {{.GoDocFile}}">

From d49137226cb2db3b5370c9e9589d408a6fd19937 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 16 Jan 2026 09:52:59 +0100
Subject: [PATCH 164/854] Update dependency forgejo/release-notes-assistant to
 v1.5.1 (forgejo) (#10865)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10865
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/release-notes-assistant-milestones.yml | 2 +-
 .forgejo/workflows/release-notes-assistant.yml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index 3cdf61f3ad..0a6c67dc27 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -6,7 +6,7 @@ on:
 
 env:
   RNA_WORKDIR: /srv/rna
-  RNA_VERSION: v1.5.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.5.1 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index 5941d5078c..ae0ca19d59 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -8,7 +8,7 @@ on:
       - labeled
 
 env:
-  RNA_VERSION: v1.5.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.5.1 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:

From c1c000a83373ff5bc30b42bc9cee189db7adc975 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Fri, 16 Jan 2026 10:42:14 +0100
Subject: [PATCH 165/854] ci: use rna binary instead of source (#10867)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10867
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 .forgejo/workflows/release-notes-assistant.yml | 17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index ae0ca19d59..127577962f 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -15,7 +15,7 @@ jobs:
     if: ( vars.ROLE == 'forgejo-coding' ) && contains(github.event.pull_request.labels.*.name, 'worth a release-note')
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/ci:1'
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
@@ -28,17 +28,12 @@ jobs:
           ${{ toJSON(github.event) }}
           EOF
 
-      - uses: https://data.forgejo.org/actions/setup-go@v6
-        with:
-          go-version-file: "go.mod"
-          cache: false
-
-      - name: apt install jq
+      - name: install release-notes-assistant
         run: |
-          export DEBIAN_FRONTEND=noninteractive
-          apt-get update -qq
-          apt-get -q install -y -qq jq
+          set -x
+          wget -O /usr/local/bin/rna https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/${{ env.RNA_VERSION}}/release-notes-assistant
+          chmod +x /usr/local/bin/rna
 
       - name: release-notes-assistant preview
         run: |
-          go run code.forgejo.org/forgejo/release-notes-assistant@$RNA_VERSION --config .release-notes-assistant.yaml --storage pr --storage-location ${{ github.event.pull_request.number }}  --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} preview ${{ github.event.pull_request.number }}
+          rna --config .release-notes-assistant.yaml --storage pr --storage-location ${{ github.event.pull_request.number }} --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} preview ${{ github.event.pull_request.number }}

From c78a4198b15840c4ec5b650f652af993199e70c0 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 16 Jan 2026 10:53:19 +0100
Subject: [PATCH 166/854] fix: recreate-tables doesn't work on PostgreSQL with
 multiple Forgejo schemas (#10854)

Discovered while trying to reproduce #10848 -- when using `forgejo doctor recreate-tables` against a PostgreSQL database with multiple Forgejo schemas in it, it fails.  The reason is that when querying for index and sequence information, it begins to get information from the other schemas.

```
2026/01/15 15:19:15 ...3.6.1/command_run.go:288:run() [I] PING DATABASE postgresschema
2026/01/15 15:19:15 ...igrations/base/db.go:51:func2() [I] Creating temp table: tmp_recreate__external_login_user for Bean: ExternalLoginUser
2026/01/15 15:19:15 ...igrations/base/db.go:108:func2() [I] Copying table external_login_user to temp table tmp_recreate__external_login_user
2026/01/15 15:19:15 ...igrations/base/db.go:120:func2() [I] Dropping existing table external_login_user, and renaming temp table tmp_recreate__external_login_user in its place
2026/01/15 15:19:15 cmd/doctor.go:216:func1() [E] [Error SQL Query] ALTER INDEX "external_login_user_pkey" RENAME TO "external_login_user_pkey" [] - ERROR: relation "external_login_user_pkey" does not exist (SQLSTATE 42P01)
2026/01/15 15:19:15 ...igrations/base/db.go:404:renameTable() [E] Unable to rename external_login_user_pkey to external_login_user_pkey. Error: ERROR: relation "external_login_user_pkey" does not exist (SQLSTATE 42P01)
Command error: migrate: ERROR: relation "external_login_user_pkey" does not exist (SQLSTATE 42P01)
```

This is a very niche use-case that is likely to only affect a developer using PostgreSQL and popping back to older releases often enough to keep them around in different DB schemas.  I don't think it's worth an automated test, which would require creating a secondary DB schema in a specific migration test.  Manually tested on my dev environment.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10854
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/gitea_migrations/base/db.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/models/gitea_migrations/base/db.go b/models/gitea_migrations/base/db.go
index 2f70fc0806..7e9dcebe21 100644
--- a/models/gitea_migrations/base/db.go
+++ b/models/gitea_migrations/base/db.go
@@ -363,7 +363,7 @@ func renameTable(sess *xorm.Session, bean any, tableName, tempTableName string,
 
 		schema := sess.Engine().Dialect().URI().Schema
 		sess.Engine().SetSchema("")
-		if err := sess.Table("information_schema.sequences").Cols("sequence_name").Where("sequence_name LIKE ? || '_id_seq' AND sequence_catalog = ?", tableName, setting.Database.Name).Find(&originalSequences); err != nil {
+		if err := sess.Table("information_schema.sequences").Cols("sequence_name").Where("sequence_schema = ? AND (sequence_name LIKE ? || '_id_seq' AND sequence_catalog = ?)", schema, tableName, setting.Database.Name).Find(&originalSequences); err != nil {
 			log.Error("Unable to rename %s to %s. Error: %v", tempTableName, tableName, err)
 			return err
 		}
@@ -392,7 +392,7 @@ func renameTable(sess *xorm.Session, bean any, tableName, tempTableName string,
 
 		var indices []string
 		sess.Engine().SetSchema("")
-		if err := sess.Table("pg_indexes").Cols("indexname").Where("tablename = ? ", tableName).Find(&indices); err != nil {
+		if err := sess.Table("pg_indexes").Cols("indexname").Where("tablename = ? AND schemaname = ?", tableName, schema).Find(&indices); err != nil {
 			log.Error("Unable to rename %s to %s. Error: %v", tempTableName, tableName, err)
 			return err
 		}
@@ -408,7 +408,7 @@ func renameTable(sess *xorm.Session, bean any, tableName, tempTableName string,
 
 		var sequences []string
 		sess.Engine().SetSchema("")
-		if err := sess.Table("information_schema.sequences").Cols("sequence_name").Where("sequence_name LIKE 'tmp_recreate__' || ? || '_id_seq' AND sequence_catalog = ?", tableName, setting.Database.Name).Find(&sequences); err != nil {
+		if err := sess.Table("information_schema.sequences").Cols("sequence_name").Where("sequence_schema = ? AND sequence_name LIKE 'tmp_recreate__' || ? || '_id_seq' AND sequence_catalog = ?", schema, tableName, setting.Database.Name).Find(&sequences); err != nil {
 			log.Error("Unable to rename %s to %s. Error: %v", tempTableName, tableName, err)
 			return err
 		}

From 1aca323acba62b48af43aa5a5b506cdaa281b2d6 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 16 Jan 2026 10:54:01 +0100
Subject: [PATCH 167/854] fix: make concurrency group job cancellation effect
 runs that are failed (#10863)

When an action's job fails, it marks the entire run as failed.  Concurrency group cancellation was only looking for runs that are in a pending state, and therefore after a single job failed in the run, none of the other jobs in the run could be cancelled by a matching cancel-in-progress job.

Raised in https://codeberg.org/Codeberg/Community/issues/2315.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10863
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/run_list.go              | 21 +++++++---------
 services/actions/schedule_tasks.go      | 32 +++++++++++++++----------
 services/actions/schedule_tasks_test.go | 31 ++++++++++++++++--------
 3 files changed, 48 insertions(+), 36 deletions(-)

diff --git a/models/actions/run_list.go b/models/actions/run_list.go
index 174d2aa70c..92be510569 100644
--- a/models/actions/run_list.go
+++ b/models/actions/run_list.go
@@ -5,7 +5,6 @@ package actions
 
 import (
 	"context"
-	"strings"
 
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
@@ -65,15 +64,14 @@ func (runs RunList) LoadRepos(ctx context.Context) error {
 
 type FindRunOptions struct {
 	db.ListOptions
-	RepoID           int64
-	OwnerID          int64
-	WorkflowID       string
-	Ref              string // the commit/tag/… that caused this workflow
-	TriggerUserID    int64
-	TriggerEvent     webhook_module.HookEventType
-	Approved         bool // not util.OptionalBool, it works only when it's true
-	Status           []Status
-	ConcurrencyGroup string
+	RepoID        int64
+	OwnerID       int64
+	WorkflowID    string
+	Ref           string // the commit/tag/… that caused this workflow
+	TriggerUserID int64
+	TriggerEvent  webhook_module.HookEventType
+	Approved      bool // not util.OptionalBool, it works only when it's true
+	Status        []Status
 }
 
 func (opts FindRunOptions) ToConds() builder.Cond {
@@ -102,9 +100,6 @@ func (opts FindRunOptions) ToConds() builder.Cond {
 	if opts.TriggerEvent != "" {
 		cond = cond.And(builder.Eq{"trigger_event": opts.TriggerEvent})
 	}
-	if opts.ConcurrencyGroup != "" {
-		cond = cond.And(builder.Eq{"concurrency_group": strings.ToLower(opts.ConcurrencyGroup)})
-	}
 	return cond
 }
 
diff --git a/services/actions/schedule_tasks.go b/services/actions/schedule_tasks.go
index 7c2f85ba94..4c9de4d7f6 100644
--- a/services/actions/schedule_tasks.go
+++ b/services/actions/schedule_tasks.go
@@ -8,6 +8,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strings"
 	"time"
 
 	actions_model "forgejo.org/models/actions"
@@ -219,7 +220,7 @@ func CancelPreviousJobs(ctx context.Context, repoID int64, ref, workflowID strin
 	// Iterate over each found run and cancel its associated jobs.
 	errorSlice := []error{}
 	for _, run := range runs {
-		err := cancelJobsForRun(ctx, run)
+		err := cancelJobsForRun(ctx, run.ID)
 		errorSlice = append(errorSlice, err)
 	}
 	err = errors.Join(errorSlice...)
@@ -232,22 +233,27 @@ func CancelPreviousJobs(ctx context.Context, repoID int64, ref, workflowID strin
 
 // Cancels all pending jobs in the same repository with the same concurrency group.
 func CancelPreviousWithConcurrencyGroup(ctx context.Context, repoID int64, concurrencyGroup string) error {
-	runs, _, err := db.FindAndCount[actions_model.ActionRun](ctx, actions_model.FindRunOptions{
-		RepoID:           repoID,
-		ConcurrencyGroup: concurrencyGroup,
-		Status:           []actions_model.Status{actions_model.StatusRunning, actions_model.StatusWaiting, actions_model.StatusBlocked},
-	})
-	if err != nil {
+	// Find all runs in the concurrency group which have at least one job that is still pending; we can't use the run's
+	// status for this because runs are set to failed if a single job is marked as failed, even if other jobs are still
+	// running.
+	runIDs := make([]int64, 0, 10)
+	if err := db.GetEngine(ctx).Table("action_run").
+		Join("INNER", "action_run_job", "action_run_job.run_id = action_run.id").
+		Where("action_run.repo_id = ? AND action_run.concurrency_group = ?", repoID, strings.ToLower(concurrencyGroup)).
+		In("action_run_job.status", actions_model.PendingStatuses()).
+		Distinct("action_run.id").
+		Select("action_run.id").
+		Find(&runIDs); err != nil {
 		return err
 	}
 
 	// Iterate over each found run and cancel its associated jobs.
 	errorSlice := []error{}
-	for _, run := range runs {
-		err := cancelJobsForRun(ctx, run)
+	for _, runID := range runIDs {
+		err := cancelJobsForRun(ctx, runID)
 		errorSlice = append(errorSlice, err)
 	}
-	err = errors.Join(errorSlice...)
+	err := errors.Join(errorSlice...)
 	if err != nil {
 		return err
 	}
@@ -255,10 +261,10 @@ func CancelPreviousWithConcurrencyGroup(ctx context.Context, repoID int64, concu
 	return nil
 }
 
-func cancelJobsForRun(ctx context.Context, run *actions_model.ActionRun) error {
+func cancelJobsForRun(ctx context.Context, runID int64) error {
 	// Find all jobs associated with the current run.
 	jobs, err := db.Find[actions_model.ActionRunJob](ctx, actions_model.FindRunJobOptions{
-		RunID: run.ID,
+		RunID: runID,
 	})
 	if err != nil {
 		return err
@@ -297,7 +303,7 @@ func cancelJobsForRun(ctx context.Context, run *actions_model.ActionRun) error {
 
 		// If the job has an associated task, try to stop the task, effectively cancelling the job.
 		if err := StopTask(ctx, job.TaskID, actions_model.StatusCancelled); err != nil {
-			errorSlice = append(errorSlice, errors.New("job has changed, try again"))
+			errorSlice = append(errorSlice, err)
 			continue
 		}
 	}
diff --git a/services/actions/schedule_tasks_test.go b/services/actions/schedule_tasks_test.go
index 850288159c..9bf964fd90 100644
--- a/services/actions/schedule_tasks_test.go
+++ b/services/actions/schedule_tasks_test.go
@@ -209,8 +209,10 @@ func TestCancelPreviousJobs(t *testing.T) {
 
 func TestCancelPreviousWithConcurrencyGroup(t *testing.T) {
 	for _, tc := range []struct {
-		name         string
-		updateRun901 map[string]any
+		name              string
+		updateRun901      map[string]any
+		updateRun901Jobs  map[string]any
+		expected901Status actions_model.Status
 	}{
 		// run 900 & 901 in the fixture data have almost the same data and so should both be cancelled by
 		// TestCancelPreviousWithConcurrencyGroup -- but each test case will vary something different about 601 to
@@ -224,8 +226,15 @@ func TestCancelPreviousWithConcurrencyGroup(t *testing.T) {
 			updateRun901: map[string]any{"concurrency_group": "321cba"},
 		},
 		{
-			name:         "only cancels running",
-			updateRun901: map[string]any{"status": actions_model.StatusSuccess},
+			name:              "only cancels running",
+			updateRun901:      map[string]any{"status": actions_model.StatusSuccess},
+			updateRun901Jobs:  map[string]any{"status": actions_model.StatusSuccess},
+			expected901Status: actions_model.StatusSuccess,
+		},
+		{
+			name:              "cancels running job in failed run",
+			updateRun901:      map[string]any{"status": actions_model.StatusFailure}, // still has a running job in it (601), but run is marked as failed as-if another job had failed in it
+			expected901Status: actions_model.StatusCancelled,
 		},
 	} {
 		t.Run(tc.name, func(t *testing.T) {
@@ -239,18 +248,20 @@ func TestCancelPreviousWithConcurrencyGroup(t *testing.T) {
 				affected, err := e.Table(&actions_model.ActionRun{}).Where("id = ?", 901).Update(tc.updateRun901)
 				require.NoError(t, err)
 				require.EqualValues(t, 1, affected)
-				newStatus, ok := tc.updateRun901["status"]
-				if ok {
-					expected901Status = newStatus.(actions_model.Status)
-				}
+			}
+			if tc.updateRun901Jobs != nil {
+				affected, err := e.Table(&actions_model.ActionRunJob{}).Where("run_id = ?", 901).Update(tc.updateRun901Jobs)
+				require.NoError(t, err)
+				require.EqualValues(t, 1, affected)
+			}
+			if tc.expected901Status != actions_model.StatusUnknown {
+				expected901Status = tc.expected901Status
 			}
 
 			run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 900})
 			assert.Equal(t, actions_model.StatusRunning, run.Status)
 			assert.EqualValues(t, 1683636626, run.Updated)
 			assert.Equal(t, "abc123", run.ConcurrencyGroup)
-			run = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 901})
-			assert.Equal(t, expected901Status, run.Status)
 			runJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: 900})
 			assert.Equal(t, actions_model.StatusRunning, runJob.Status)
 			assert.EqualValues(t, 1683636528, runJob.Started)

From 05269232b84ed919af9e952fd4439871ba1be1ea Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Fri, 16 Jan 2026 12:14:27 +0100
Subject: [PATCH 168/854] fix(release): move reverted v14.0.0 feature line to
 Included for completeness (#10866)

Followup to https://codeberg.org/forgejo/forgejo/pulls/9409#issuecomment-9894122

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10866
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 release-notes-published/14.0.0.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/release-notes-published/14.0.0.md b/release-notes-published/14.0.0.md
index 3766b9682d..56d364e6d9 100644
--- a/release-notes-published/14.0.0.md
+++ b/release-notes-published/14.0.0.md
@@ -72,7 +72,6 @@ A [companion blog post](https://forgejo.org/2026-01-release-v14-0/) provides add
   - Updates from Codeberg Translate: [#9423](https://codeberg.org/forgejo/forgejo/pulls/9423), [#9465](https://codeberg.org/forgejo/forgejo/pulls/9465), [#9597](https://codeberg.org/forgejo/forgejo/pulls/9597), [#9696](https://codeberg.org/forgejo/forgejo/pulls/9696), [#9804](https://codeberg.org/forgejo/forgejo/pulls/9804), [#9917](https://codeberg.org/forgejo/forgejo/pulls/9917), [#10249](https://codeberg.org/forgejo/forgejo/pulls/10249), [#10131](https://codeberg.org/forgejo/forgejo/pulls/10131), [#10786](https://codeberg.org/forgejo/forgejo/pulls/10786) (backport of [#10417](https://codeberg.org/forgejo/forgejo/pulls/10417), [#10599](https://codeberg.org/forgejo/forgejo/pulls/10599))
 - Features
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/10276): <!--number 10276 --><!--line 0 --><!--description ZmVhdChhY3Rpb25zKTogbWFrZSBHSVRIVUJfV09SS0ZMT1dfUkVGIGF2YWlsYWJsZQ==-->feat(actions): make GITHUB_WORKFLOW_REF available<!--description-->
-  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9409): <!--number 9409 --><!--line 0 --><!--description YWRkIHN1cHBvcnQgZm9yIGVwaGVtZXJhbCBydW5uZXJzIGNvbXBhdGlibGUgd2l0aCBhdXRvc2NhbGluZyB0b29scw==-->add support for ephemeral runners compatible with autoscaling tools<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/9397): <!--number 9397 --><!--line 0 --><!--description YWxsb3cvZGlzYWxsb3cgdXNlcnMgdG8gcnVuIHdvcmtmbG93cyB3aGVuIHB1c2hpbmcgdG8gYSBwdWxsIHJlcXVlc3QgZnJvbSBhIGZvcms=-->allow/disallow users to run workflows when pushing to a pull request from a fork<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/10602) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10751)): <!--number 10751 --><!--line 0 --><!--description ZmVhdDogcHJvdmlkZSBtdWx0aXBsZSB0YXNrcyB0byBSdW5uZXIgaW4gb25lIEZldGNoVGFzayB3aGVuIHJlcXVlc3RlZA==-->feat: provide multiple tasks to Runner in one FetchTask when requested<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/9668): <!--number 9668 --><!--line 0 --><!--description QWRkIHN1cHBvcnQgZm9yIGFkbWluaXN0cmF0b3JzIHRvIHNldCBlbWFpbCB2aXNpYmlsaXR5IG9uIHVzZXIgYWNjb3VudHM=-->Add support for administrators to set email visibility on user accounts<!--description-->
@@ -176,6 +175,7 @@ A [companion blog post](https://forgejo.org/2026-01-release-v14-0/) provides add
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/10366): <!--number 10366 --><!--line 0 --><!--description cmVmYWN0b3I6IGV4dHJhY3QgQWN0aW9uSm9iU3RlcCBmcm9tIFJlcG9BY3Rpb25WaWV3-->refactor: extract ActionJobStep from RepoActionView<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/10194): <!--number 10194 --><!--line 0 --><!--description cmVuZGVyIGEgbGluayB0byBwb3N0ZXIgcHJvZmlsZSBuZXh0IHRvIHRoZSBJRCB3aXRoaW4gc2hhZG93IGNvcHkgZGV0YWlscw==-->render a link to poster profile next to the ID within shadow copy details<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/10040): <!--number 10040 --><!--line 0 --><!--description cmVhbGlnbiBpbmRleGVzIG9uIHRoZSAnYWN0aW9uJyB0YWJsZQ==-->realign indexes on the 'action' table<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9409): <!--number 9409 --><!--line 0 --><!--description YWRkIHN1cHBvcnQgZm9yIGVwaGVtZXJhbCBydW5uZXJzIGNvbXBhdGlibGUgd2l0aCBhdXRvc2NhbGluZyB0b29scw==-->add support for ephemeral runners compatible with autoscaling tools<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/10463): <!--number 10463 --><!--line 0 --><!--description UmV2ZXJ0ICJmZWF0OiBhZGQgc3VwcG9ydCBmb3IgZXBoZW1lcmFsIHJ1bm5lcnMgY29tcGF0aWJsZSB3aXRoIGF1dG9zY2FsaW5nIHRvb2xzICgjOTQwOSki-->Revert "feat: add support for ephemeral runners compatible with autoscaling tools (#9409)"<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/10054): <!--number 10054 --><!--line 0 --><!--description TmV3IGlzc3VlIHRlbXBsYXRlcw==-->New issue templates<!--description-->
   - [PR](https://codeberg.org/forgejo/forgejo/pulls/10478): <!--number 10478 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2VkaXRvcmNvbmZpZy9lZGl0b3Jjb25maWctY29yZS1nby92MiB0byB2Mi42LjQgKGZvcmdlam8p-->Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.4 (forgejo)<!--description-->

From 4d8094cb3dc4f43767e7246a3022f669281805a0 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 16 Jan 2026 16:59:46 +0100
Subject: [PATCH 169/854] Update dependency
 @citation-js/plugin-software-formats to v0.6.2 (forgejo) (#10875)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10875
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 50 +++++++++++++++++++++++------------------------
 package.json      |  2 +-
 2 files changed, 26 insertions(+), 26 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 423d0ca260..1f4876e863 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,7 +8,7 @@
       "dependencies": {
         "@citation-js/core": "0.7.21",
         "@citation-js/plugin-bibtex": "0.7.21",
-        "@citation-js/plugin-software-formats": "0.6.1",
+        "@citation-js/plugin-software-formats": "0.6.2",
         "@codemirror/autocomplete": "6.20.0",
         "@codemirror/commands": "6.10.1",
         "@codemirror/lang-cpp": "6.0.3",
@@ -419,22 +419,22 @@
       }
     },
     "node_modules/@citation-js/plugin-cff": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/@citation-js/plugin-cff/-/plugin-cff-0.6.1.tgz",
-      "integrity": "sha512-tLjTgsfzNOdQWGn5mNc2NAaydHnlRucSERoyAXLN7u0BQBfp7j5zwdxCmxcQD/N7hH3fpDKMG+qDzbqpJuKyNA==",
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/@citation-js/plugin-cff/-/plugin-cff-0.6.2.tgz",
+      "integrity": "sha512-jvERDFbtQQOBb9s+E8VbRIYsEIb2YEbcLH3yVDxXK0xqBGQDE5m8JZAYUkENy4FmbaD979l0+xJTWAsYN1pV/w==",
       "license": "MIT",
       "dependencies": {
         "@citation-js/date": "^0.5.0",
-        "@citation-js/plugin-yaml": "^0.6.1"
+        "@citation-js/plugin-yaml": "^0.6.2"
       },
       "engines": {
         "node": ">=14.0.0"
       }
     },
     "node_modules/@citation-js/plugin-github": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/@citation-js/plugin-github/-/plugin-github-0.6.1.tgz",
-      "integrity": "sha512-1ZeSgQ5AoYsa8n2acVooUeRk76oA8rLszYNBjzj5z6MPa11BZlQJ9O+Gy4tHjlImvsENLbLPx5f8/V1VHXaCfQ==",
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/@citation-js/plugin-github/-/plugin-github-0.6.2.tgz",
+      "integrity": "sha512-NKq/1Ja060o4II1Z4p1+utwpvMsx+XIWdNiFvnJDfR2Z9E1xGETjByPpdobGBsteUTpJPEe9OVfF8Dee/Q7zLQ==",
       "license": "MIT",
       "dependencies": {
         "@citation-js/date": "^0.5.0",
@@ -445,9 +445,9 @@
       }
     },
     "node_modules/@citation-js/plugin-npm": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/@citation-js/plugin-npm/-/plugin-npm-0.6.1.tgz",
-      "integrity": "sha512-rojJA+l/p2KBpDoY+8n0YfNyQO1Aw03fQR5BN+gXD1LNAP1V+8wqvdPsaHnzPsrhrd4ZXDR7ch/Nk0yynPkJ3Q==",
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/@citation-js/plugin-npm/-/plugin-npm-0.6.2.tgz",
+      "integrity": "sha512-mbQg/N9HM+gOqHJCdDZEElSW+h/oM94snKCl3llXuZ4MEH3tHraElS6CYRW/vW7s8KUTTHhgE62Q6ua5aRml8g==",
       "license": "MIT",
       "dependencies": {
         "@citation-js/date": "^0.5.0",
@@ -458,25 +458,25 @@
       }
     },
     "node_modules/@citation-js/plugin-software-formats": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/@citation-js/plugin-software-formats/-/plugin-software-formats-0.6.1.tgz",
-      "integrity": "sha512-BDF9rqi56K0hoTgYTVANCFVRSbWKC9V06Uap7oa8SjqCTgnHJAy8t/F3NxsyYPPG+zmRsLW9VNbcIsJOl0eu/w==",
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/@citation-js/plugin-software-formats/-/plugin-software-formats-0.6.2.tgz",
+      "integrity": "sha512-x1IG0LBKglBU6SuiiKfvOtn7g7o7s+YhQhB44o7zrFaKEO8jkyQ5qMKtM5VFdCBL7teLfzZLjpjNkdJXtZ6XZw==",
       "license": "MIT",
       "dependencies": {
-        "@citation-js/plugin-cff": "^0.6.1",
-        "@citation-js/plugin-github": "^0.6.1",
-        "@citation-js/plugin-npm": "^0.6.1",
-        "@citation-js/plugin-yaml": "^0.6.1",
-        "@citation-js/plugin-zenodo": "^0.6.1"
+        "@citation-js/plugin-cff": "^0.6.2",
+        "@citation-js/plugin-github": "^0.6.2",
+        "@citation-js/plugin-npm": "^0.6.2",
+        "@citation-js/plugin-yaml": "^0.6.2",
+        "@citation-js/plugin-zenodo": "^0.6.2"
       },
       "engines": {
         "node": ">=14.0.0"
       }
     },
     "node_modules/@citation-js/plugin-yaml": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/@citation-js/plugin-yaml/-/plugin-yaml-0.6.1.tgz",
-      "integrity": "sha512-XEVVks1cJTqRbjy+nmthfw/puR6NwRB3fyJWi1tX13UYXlkhP/h45nsv4zjgLLGekdcMHQvhad9MAYunOftGKA==",
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/@citation-js/plugin-yaml/-/plugin-yaml-0.6.2.tgz",
+      "integrity": "sha512-qw53Uy2fDekKAzNhv8pkAWpIccIxyKQ3nQuClMgzDPdyeWg34ElIs4bDub9ZZup15fy+X//2gP8k12RJqNo4lA==",
       "license": "MIT",
       "dependencies": {
         "js-yaml": "^4.0.0"
@@ -486,9 +486,9 @@
       }
     },
     "node_modules/@citation-js/plugin-zenodo": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/@citation-js/plugin-zenodo/-/plugin-zenodo-0.6.1.tgz",
-      "integrity": "sha512-bUybENHoZqJ6gheUqgkumjI+mu+fA2bg6VoniDmZTb7Qng9iEpi+IWEAR26/vBE0gK0EWrJjczyDW3HCwrhvVw==",
+      "version": "0.6.2",
+      "resolved": "https://registry.npmjs.org/@citation-js/plugin-zenodo/-/plugin-zenodo-0.6.2.tgz",
+      "integrity": "sha512-3XQOO3u4WXY/7AWZyQ+9SuBzS8bYTlJ+NF1uCgrZO64g36nK5iIc5YV9cBl2TL2QhHF6S36nvAsXsj5fX9FeHw==",
       "license": "MIT",
       "dependencies": {
         "@citation-js/date": "^0.5.0",
diff --git a/package.json b/package.json
index 28e4f05a7b..fce5ef30ed 100644
--- a/package.json
+++ b/package.json
@@ -7,7 +7,7 @@
   "dependencies": {
     "@citation-js/core": "0.7.21",
     "@citation-js/plugin-bibtex": "0.7.21",
-    "@citation-js/plugin-software-formats": "0.6.1",
+    "@citation-js/plugin-software-formats": "0.6.2",
     "@codemirror/autocomplete": "6.20.0",
     "@codemirror/commands": "6.10.1",
     "@codemirror/lang-cpp": "6.0.3",

From 3252fd5134e640c63931136bc166780a67874954 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Fri, 16 Jan 2026 20:24:22 +0100
Subject: [PATCH 170/854] ci: tie go cache to go version and add `Makefile` to
 key hash (#10883)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10883
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 .forgejo/workflows-composite/setup-cache-go/action.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.forgejo/workflows-composite/setup-cache-go/action.yaml b/.forgejo/workflows-composite/setup-cache-go/action.yaml
index 7543155699..392723567d 100644
--- a/.forgejo/workflows-composite/setup-cache-go/action.yaml
+++ b/.forgejo/workflows-composite/setup-cache-go/action.yaml
@@ -52,10 +52,9 @@ runs:
       id: cache-deps
       uses: https://data.forgejo.org/actions/cache@v5
       with:
-        key: setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}-${{ steps.go-version.outputs.go_version }}-${{ hashFiles('go.sum', 'go.mod') }}
+        key: setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}-${{ steps.go-version.outputs.go_version }}-${{ hashFiles('go.sum', 'go.mod', 'Makefile') }}
         restore-keys: |
           setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}-${{ steps.go-version.outputs.go_version }}-
-          setup-cache-go-deps-${{ runner.os }}-${{ inputs.username }}-
         path: |
           ${{ steps.go-environment.outputs.modcache }}
           ${{ steps.go-environment.outputs.cache }}

From feb787c3ab543e40ff04af1775bbe63003383483 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Sat, 17 Jan 2026 07:08:16 +0100
Subject: [PATCH 171/854] chore(release-notes): Forgejo v11.0.10 [skip ci]
 (#10894)

https://codeberg.org/forgejo/forgejo/milestone/45320
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10894
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/11.0.10.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 release-notes-published/11.0.10.md

diff --git a/release-notes-published/11.0.10.md b/release-notes-published/11.0.10.md
new file mode 100644
index 0000000000..928c7a549e
--- /dev/null
+++ b/release-notes-published/11.0.10.md
@@ -0,0 +1,14 @@
+This release includes an upgrade of Go version with security fixes. The issues addressed by this update do not pose any risk to the system or data security of Forgejo deployments, only potential for denial of service attacks.
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10686) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10783)): <!--number 10783 --><!--line 0 --><!--description Zml4OiBhZGQgYGZvcmdlam8gZG9jdG9yIGNsZWFudXAtY29tbWl0LXN0YXR1c2AgY29tbWFuZCAoIzEwNjg2KQ==-->fix: add `forgejo doctor cleanup-commit-status` command (#10686)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10747) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10787)): <!--number 10787 --><!--line 0 --><!--description Zml4OiBjb3JyZWN0bHkgY29tcHV0ZSByZXF1aXJlZCBjb21taXQgc3RhdHVz-->fix: correctly compute required commit status<!--description-->
+- Other changes without a feature or bug label
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10852): <!--number 10852 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNiAodjExLjAvZm9yZ2Vqbyk=-->Update dependency go to v1.25.6 (v11.0/forgejo)<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10780) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10839)): <!--number 10839 --><!--line 0 --><!--description Y2hvcmU6IGNvcnJlY3Qgc3BlbGxpbmcgZXJyb3IgaW4gY2xlYW51cC1jb21taXQtc3RhdHVzIENMSSBkb2Nz-->chore: correct spelling error in cleanup-commit-status CLI docs<!--description-->
+<!--end release-notes-assistant-->

From 8f58ed029ae882740ed2159f7fbdaa8846154a4a Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Sat, 17 Jan 2026 07:08:24 +0100
Subject: [PATCH 172/854] chore(release-notes): Forgejo v13.0.5 [skip ci]
 (#10896)

https://codeberg.org/forgejo/forgejo/milestone/45323
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10896
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/13.0.5.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 release-notes-published/13.0.5.md

diff --git a/release-notes-published/13.0.5.md b/release-notes-published/13.0.5.md
new file mode 100644
index 0000000000..6357b30210
--- /dev/null
+++ b/release-notes-published/13.0.5.md
@@ -0,0 +1,11 @@
+This release includes an upgrade of Go version with security fixes. The issues addressed by this update do not pose any risk to the system or data security of Forgejo deployments, only potential for denial of service attacks.
+
+Forgejo v13.0 is end of life since 15 January 2026, however, since the release schedule currently doesn't have overlap of supported dates for major releases, it receives an upgrade for use by those who couldn't address the breaking changes in the Forgejo v14.0.0 release yet.
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Other changes without a feature or bug label
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10877): <!--number 10877 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNiAodjEzL2Zvcmdlam8p-->Update dependency go to v1.25.6 (v13/forgejo)<!--description-->
+<!--end release-notes-assistant-->

From a2462adca0c8945a8d22932519e8e06e187c6948 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Sat, 17 Jan 2026 07:08:33 +0100
Subject: [PATCH 173/854] chore(release-notes): Forgejo v14.0.1 [skip ci]
 (#10895)

https://codeberg.org/forgejo/forgejo/milestone/46904
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10895
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/14.0.1.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 release-notes-published/14.0.1.md

diff --git a/release-notes-published/14.0.1.md b/release-notes-published/14.0.1.md
new file mode 100644
index 0000000000..567f1317cb
--- /dev/null
+++ b/release-notes-published/14.0.1.md
@@ -0,0 +1,15 @@
+This release includes an upgrade of Go version with security fixes. The issues addressed by this update do not pose any risk to the system or data security of Forgejo deployments, only potential for denial of service attacks.
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10851) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10858)): <!--number 10858 --><!--line 0 --><!--description Zml4OiB1c2UgYHN0cmljdC1vcmlnaW5gIGFzIHJlZmVycmVyIHBvbGljeQ==-->fix: use `strict-origin` as referrer policy<!--description-->
+- Other changes without a feature or bug label
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10853): <!--number 10853 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNiAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency go to v1.25.6 (v14.0/forgejo)<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10876): <!--number 10876 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGNpdGF0aW9uLWpzL3BsdWdpbi1zb2Z0d2FyZS1mb3JtYXRzIHRvIHYwLjYuMiAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency @citation-js/plugin-software-formats to v0.6.2 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10863) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10871)): <!--number 10871 --><!--line 0 --><!--description Zml4OiBtYWtlIGNvbmN1cnJlbmN5IGdyb3VwIGpvYiBjYW5jZWxsYXRpb24gZWZmZWN0IHJ1bnMgdGhhdCBhcmUgZmFpbGVk-->fix: make concurrency group job cancellation effect runs that are failed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10854) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10870)): <!--number 10870 --><!--line 0 --><!--description Zml4OiByZWNyZWF0ZS10YWJsZXMgZG9lc24ndCB3b3JrIG9uIFBvc3RncmVTUUwgd2l0aCBtdWx0aXBsZSBGb3JnZWpvIHNjaGVtYXM=-->fix: recreate-tables doesn't work on PostgreSQL with multiple Forgejo schemas<!--description-->
+<!--end release-notes-assistant-->

From fdf4dfd2a592ff1c605b883e520c4bbad7f64afc Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Sat, 17 Jan 2026 10:10:56 +0100
Subject: [PATCH 174/854] feat(ui): dedicated icon for CITATION file (#10873)

Fix forgejo/forgejo#7864

Screenshot:
https://codeberg.org/attachments/62fbd43e-fe08-45dd-97a6-224353fd94a9

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10873
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
---
 modules/base/tool.go                |  8 ++++++++
 routers/web/repo/view.go            |  8 ++------
 tests/integration/repo_view_test.go | 18 ++++++++++++++++++
 web_src/css/repo.css                |  1 +
 4 files changed, 29 insertions(+), 6 deletions(-)

diff --git a/modules/base/tool.go b/modules/base/tool.go
index e3a3ff4a23..ada73df7da 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -118,9 +118,17 @@ func EntryIcon(entry *git.TreeEntry) string {
 		return "file-submodule"
 	}
 
+	if IsCitationFile(entry) {
+		return "cross-reference"
+	}
+
 	return "file"
 }
 
+func IsCitationFile(entry *git.TreeEntry) bool {
+	return entry.Name() == "CITATION.cff" || entry.Name() == "CITATION.bib"
+}
+
 // SetupGiteaRoot Sets GITEA_ROOT if it is not already set and returns the value
 func SetupGiteaRoot() string {
 	giteaRoot := os.Getenv("GITEA_ROOT")
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index 4d44a485b9..17e25d55ae 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -605,7 +605,7 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry) {
 			ctx.Data["EscapeStatus"] = status
 			ctx.Data["FileContent"] = fileContent
 			ctx.Data["LineEscapeStatus"] = statuses
-			ctx.Data["IsCitationFile"] = isCitationFile(entry)
+			ctx.Data["IsCitationFile"] = base.IsCitationFile(entry)
 		}
 		if !fInfo.isLFSFile {
 			if ctx.Repo.CanEnableEditor(ctx, ctx.Doer) {
@@ -783,10 +783,6 @@ func checkHomeCodeViewable(ctx *context.Context) {
 	ctx.NotFound("Home", errors.New(ctx.Locale.TrString("units.error.no_unit_allowed_repo")))
 }
 
-func isCitationFile(entry *git.TreeEntry) bool {
-	return entry.Name() == "CITATION.cff" || entry.Name() == "CITATION.bib"
-}
-
 func checkCitationFile(ctx *context.Context, entry *git.TreeEntry) {
 	if entry.Name() != "" {
 		return
@@ -802,7 +798,7 @@ func checkCitationFile(ctx *context.Context, entry *git.TreeEntry) {
 		return
 	}
 	for _, entry := range allEntries {
-		if isCitationFile(entry) {
+		if base.IsCitationFile(entry) {
 			ctx.Data["CitationFile"] = entry.Name()
 			break
 		}
diff --git a/tests/integration/repo_view_test.go b/tests/integration/repo_view_test.go
index ce24aca16a..74864765ea 100644
--- a/tests/integration/repo_view_test.go
+++ b/tests/integration/repo_view_test.go
@@ -188,6 +188,11 @@ func TestRepoViewFileLines(t *testing.T) {
 				TreePath:      "seemingly-empty",
 				ContentReader: strings.NewReader("\n"),
 			},
+			{
+				Operation:     "create",
+				TreePath:      "CITATION.cff",
+				ContentReader: strings.NewReader(""),
+			},
 		})
 		defer f()
 
@@ -220,5 +225,18 @@ func TestRepoViewFileLines(t *testing.T) {
 			testEOL(t, "empty", true)
 			testEOL(t, "seemingly-empty", true)
 		})
+		t.Run("list", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", repo.Link())
+			resp := MakeRequest(t, req, http.StatusOK)
+			htmlDoc := NewHTMLParser(t, resp.Body)
+
+			nodes := htmlDoc.Find("#repo-files-table tr")
+			t.Run("CITATION.cff", func(t *testing.T) {
+				c, ok := nodes.Find(`.name a[title="CITATION.cff"] svg`).Attr("class")
+				assert.True(t, ok, "could not find CITATION.cff line")
+				assert.Contains(t, c, "octicon-cross-reference")
+			})
+		})
 	})
 }
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index 4234c07bf0..48705180b2 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -252,6 +252,7 @@ td .commit-summary {
   color: var(--color-primary);
 }
 
+.repository.file.list #repo-files-table tbody .svg.octicon-cross-reference,
 .repository.file.list #repo-files-table tbody .svg.octicon-file,
 .repository.file.list #repo-files-table tbody .svg.octicon-file-symlink-file,
 .repository.file.list #repo-files-table tbody .svg.octicon-file-directory-symlink {

From 009e3c670bda79d5b6c4c4e8d1d938f1b7835f17 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 17 Jan 2026 21:28:35 +0100
Subject: [PATCH 175/854] fix: use ALTER TABLE in SQLite DropTableColumns(),
 allowing unexpected database sources to work better in migrations (#10888)

The existing implementation of `DropTableColumns()` came from before SQLite had the ability to `ALTER TABLE ... DROP COLUMN ...`.  It works by parsing the table definition and rewriting it without the columns that are to be dropped, but it will fail to do this correctly if the table definition is not in the exact expected format.  In #10887, a database that had probably come through some migration tool was not exactly formatted the way Forgejo expected, resulting in a migration failure.

This replaces `DropTableColumns()`'s hacky SQLite implementation with a more straightforward implementation.  Affected indexes touching the target fields are dropped, then the field is dropped.

DROP COLUMN is supported on SQLite since [3.35.0, 2021-03-12](https://sqlite.org/releaselog/3_35_0.html).

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- Existing `test-sqlite-migration` coverage is relied upon for this change.  During development it was proven to exercise the affected code -- in other words, multiple iterations of changes were required due to it failing as I worked on it.
- No coverage is added for "database with unexpected schema definition format" as the trigger issue for this change though, a point that can be raised if someone believes it is worthwhile.
- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10888
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/gitea_migrations/base/db.go | 77 +++++-------------------------
 1 file changed, 13 insertions(+), 64 deletions(-)

diff --git a/models/gitea_migrations/base/db.go b/models/gitea_migrations/base/db.go
index 7e9dcebe21..d716e05caf 100644
--- a/models/gitea_migrations/base/db.go
+++ b/models/gitea_migrations/base/db.go
@@ -7,7 +7,6 @@ import (
 	"errors"
 	"fmt"
 	"reflect"
-	"regexp"
 	"slices"
 	"strings"
 
@@ -469,74 +468,24 @@ func DropTableColumns(sess *xorm.Session, tableName string, columnNames ...strin
 			if err != nil {
 				return err
 			}
-			if len(indexRes) != 1 {
-				continue
+			containsDroppedColumn := false
+			for _, r := range indexRes {
+				indexCol := string(r["name"])
+				if slices.Contains(columnNames, indexCol) {
+					containsDroppedColumn = true
+					break
+				}
 			}
-			indexColumn := string(indexRes[0]["name"])
-			for _, name := range columnNames {
-				if name == indexColumn {
-					_, err := sess.Exec(fmt.Sprintf("DROP INDEX `%s`", indexName))
-					if err != nil {
-						return err
-					}
+			if containsDroppedColumn {
+				if _, err := sess.Exec(fmt.Sprintf("DROP INDEX `%s`", indexName)); err != nil {
+					return err
 				}
 			}
 		}
-
-		// Here we need to get the columns from the original table
-		sql := fmt.Sprintf("SELECT sql FROM sqlite_master WHERE tbl_name='%s' and type='table'", tableName)
-		res, err := sess.Query(sql)
-		if err != nil {
-			return err
-		}
-		tableSQL := string(res[0]["sql"])
-
-		// Get the string offset for column definitions: `CREATE TABLE ( column-definitions... )`
-		columnDefinitionsIndex := strings.Index(tableSQL, "(")
-		if columnDefinitionsIndex < 0 {
-			return errors.New("couldn't find column definitions")
-		}
-
-		// Separate out the column definitions
-		tableSQL = tableSQL[columnDefinitionsIndex:]
-
-		// Remove the required columnNames
-		for _, name := range columnNames {
-			tableSQL = regexp.MustCompile(regexp.QuoteMeta("`"+name+"`")+"[^`,)]*?[,)]").ReplaceAllString(tableSQL, "")
-		}
-
-		// Ensure the query is ended properly
-		tableSQL = strings.TrimSpace(tableSQL)
-		if tableSQL[len(tableSQL)-1] != ')' {
-			if tableSQL[len(tableSQL)-1] == ',' {
-				tableSQL = tableSQL[:len(tableSQL)-1]
+		for _, col := range columnNames {
+			if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE `%s` DROP COLUMN `%s`", tableName, col)); err != nil {
+				return fmt.Errorf("drop table `%s` column %s encountered error: %w", tableName, col, err)
 			}
-			tableSQL += ")"
-		}
-
-		// Find all the columns in the table
-		columns := regexp.MustCompile("`([^`]*)`").FindAllString(tableSQL, -1)
-
-		tableSQL = fmt.Sprintf("CREATE TABLE `new_%s_new` ", tableName) + tableSQL
-		if _, err := sess.Exec(tableSQL); err != nil {
-			return err
-		}
-
-		// Now restore the data
-		columnsSeparated := strings.Join(columns, ",")
-		insertSQL := fmt.Sprintf("INSERT INTO `new_%s_new` (%s) SELECT %s FROM %s", tableName, columnsSeparated, columnsSeparated, tableName)
-		if _, err := sess.Exec(insertSQL); err != nil {
-			return err
-		}
-
-		// Now drop the old table
-		if _, err := sess.Exec(fmt.Sprintf("DROP TABLE `%s`", tableName)); err != nil {
-			return err
-		}
-
-		// Rename the table
-		if _, err := sess.Exec(fmt.Sprintf("ALTER TABLE `new_%s_new` RENAME TO `%s`", tableName, tableName)); err != nil {
-			return err
 		}
 
 	case setting.Database.Type.IsPostgreSQL():

From 157a9516f78ad0f78484e0fb1302d50ee4b4f5bc Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 17 Jan 2026 22:38:23 +0100
Subject: [PATCH 176/854] Update module github.com/klauspost/compress to
 v1.18.3 (forgejo) (#10891)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10891
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index edb10b7e27..9cd4479757 100644
--- a/go.mod
+++ b/go.mod
@@ -71,7 +71,7 @@ require (
 	github.com/jhillyerd/enmime/v2 v2.2.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
-	github.com/klauspost/compress v1.18.2
+	github.com/klauspost/compress v1.18.3
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.80.0
 	github.com/mattn/go-isatty v0.0.20
diff --git a/go.sum b/go.sum
index 41236c8227..79bd5581b4 100644
--- a/go.sum
+++ b/go.sum
@@ -477,8 +477,8 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNU
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
-github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/klauspost/compress v1.18.3 h1:9PJRvfbmTabkOX8moIpXPbMMbYN60bWImDDU7L+/6zw=
+github.com/klauspost/compress v1.18.3/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.11 h1:0OwqZRYI2rFrjS4kvkDnqJkKHdHaRnCm68/DY4OxRzU=

From 9f8dda632538350c9667489b4dc045c3a6c12d14 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 17 Jan 2026 23:09:49 +0100
Subject: [PATCH 177/854] fix: retry ActionRun updates when
 optimistic-concurrency-control indicates record changed (#10893)

When concurrent updates occur to the `action_run` table, fetching a task via `FetchTask` can result in an error:
```
time="2026-01-16T16:02:30Z" level=error msg="failed to fetch task" error="internal: pick task: CreateTaskForRunner: update run 2358339: run has changed"
```

This is an error with no known harm.  However, it is more efficient to recover from doing 90% of the work to fetch a task, and complete that work, rather than error out and rollback.  Discovered while investigating https://code.forgejo.org/forgejo/runner/issues/1302#issuecomment-73859, although conclusions do not indicate that it is a source of this bug.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10893
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/run.go          |  9 ++++--
 models/actions/run_job.go      | 30 ++++++++++++++----
 models/actions/run_job_test.go | 58 ++++++++++++++++++++++++++++++++++
 3 files changed, 89 insertions(+), 8 deletions(-)

diff --git a/models/actions/run.go b/models/actions/run.go
index 8924e04d37..126a4e7e38 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -479,6 +479,10 @@ func GetRunByIndex(ctx context.Context, repoID, index int64) (*ActionRun, error)
 	return run, nil
 }
 
+// Error returned when ActionRun's optimistic concurrency control has indicated that the record has been updated in the
+// database by another session since it was loaded in-memory in this session.
+var ErrActionRunOutOfDate = errors.New("run has changed")
+
 // UpdateRun updates a run.
 // It requires the inputted run has Version set.
 // It will return error if the version is not matched (it means the run has been changed after loaded).
@@ -495,8 +499,9 @@ func UpdateRunWithoutNotification(ctx context.Context, run *ActionRun, cols ...s
 		return err
 	}
 	if affected == 0 {
-		return errors.New("run has changed")
-		// It's impossible that the run is not found, since Gitea never deletes runs.
+		// UPDATE has no conditions on it, and we never delete runs, so the only possible cause of this is
+		// `xorm:"version"` tagged field indicated that the version has changed since the record was loaded.
+		return ErrActionRunOutOfDate
 	}
 
 	if run.Status != 0 || slices.Contains(cols, "status") {
diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index aee7cd9aa1..9ddae1e301 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -5,12 +5,14 @@ package actions
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"slices"
 	"time"
 
 	"forgejo.org/models/db"
 	"forgejo.org/modules/container"
+	"forgejo.org/modules/log"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 
@@ -174,7 +176,7 @@ func UpdateRunJobWithoutNotification(ctx context.Context, job *ActionRunJob, con
 		}
 	}
 
-	{
+	for {
 		// Other goroutines may aggregate the status of the run and update it too.
 		// So we need load the run and its jobs before updating the run.
 		run, err := GetRunByID(ctx, job.RunID)
@@ -185,23 +187,39 @@ func UpdateRunJobWithoutNotification(ctx context.Context, job *ActionRunJob, con
 		if err != nil {
 			return 0, err
 		}
-		run.Status = AggregateJobStatus(jobs)
+
+		updateRequired := false
+		newStatus := AggregateJobStatus(jobs)
+		if run.Status != newStatus {
+			run.Status = newStatus
+			updateRequired = true
+		}
 		if run.Started.IsZero() && run.Status.IsRunning() {
 			run.Started = timeutil.TimeStampNow()
+			updateRequired = true
 		}
 		if run.Stopped.IsZero() && run.Status.IsDone() {
 			run.Stopped = timeutil.TimeStampNow()
+			updateRequired = true
 		}
-		// As the caller has to ensure the ActionRunNowDone notification is sent we can ignore doing so here.
-		if err := UpdateRunWithoutNotification(ctx, run, "status", "started", "stopped"); err != nil {
-			return 0, fmt.Errorf("update run %d: %w", run.ID, err)
+		if updateRequired {
+			// As the caller has to ensure the ActionRunNowDone notification is sent we can ignore doing so here.
+			if err := UpdateRunWithoutNotification(ctx, run, "status", "started", "stopped"); err != nil && errors.Is(err, ErrActionRunOutOfDate) {
+				// Retry update; another session affected `run` simultaneously. It wasn't necessarily another update
+				// from this same loop -- there are other codepaths that update `ActionRun`.
+				log.Debug("UpdateRunWithoutNotification failed with %v; looping for retry", err)
+				continue
+			} else if err != nil {
+				return 0, fmt.Errorf("update run %d: %w", run.ID, err)
+			}
 		}
+		break // exit retry loop
 	}
 
 	return affected, nil
 }
 
-func AggregateJobStatus(jobs []*ActionRunJob) Status {
+var AggregateJobStatus = func(jobs []*ActionRunJob) Status {
 	allSuccessOrSkipped := len(jobs) != 0
 	allSkipped := len(jobs) != 0
 	var hasFailure, hasCancelled, hasWaiting, hasRunning, hasBlocked bool
diff --git a/models/actions/run_job_test.go b/models/actions/run_job_test.go
index 7c204d4eb9..caaaae2cf8 100644
--- a/models/actions/run_job_test.go
+++ b/models/actions/run_job_test.go
@@ -8,6 +8,7 @@ import (
 
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/test"
 
 	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
 	"github.com/stretchr/testify/assert"
@@ -281,3 +282,60 @@ func TestActionRunJob_HasIncompleteWith(t *testing.T) {
 		})
 	}
 }
+
+func TestUpdateRunJobWithoutNotificationConcurrency(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	testJob := unittest.AssertExistsAndLoadBean(t, &ActionRunJob{ID: 192})
+	testRun := unittest.AssertExistsAndLoadBean(t, &ActionRun{ID: testJob.RunID})
+
+	// UpdateRunJobWithoutNotification is intended to update the related `ActionRun`, setting its `Started`, `Stopped`,
+	// and `Status` field to an appropriate state considering the job update.  It has a retry loop to perform this work
+	// even if `ActionRun` is updated concurrently.  To test that loop, we're going to intercept the invocation of
+	// AggregateJobStatus and freeze that update process, perform a different modification to the run, and then release
+	// the frozen test.  The retry loop should trigger and a second pass updating the `ActionRun` should succeed.
+
+	syncBeginPoint := make(chan any)
+	syncMidPoint := make(chan any)
+	syncEndPoint := make(chan any)
+	firstPass := true
+
+	defer test.MockVariableValue(&AggregateJobStatus, func(jobs []*ActionRunJob) Status {
+		// Synchronization here needs to handle the faact that `AggregateJobStatus` will be invoked twice -- pause
+		// correctly on the first run, but continue with no concerns on the second run.
+		if firstPass {
+			firstPass = false
+			// Signal that we're in AggregateJobStatus()...
+			close(syncBeginPoint)
+			// Wait until signalled to continue
+			<-syncMidPoint
+		}
+		return StatusCancelled
+	})()
+
+	go func() {
+		testJob.Status = StatusCancelled
+		updated, err := UpdateRunJobWithoutNotification(t.Context(), testJob, nil, "status")
+		close(syncEndPoint) // close before asserts, so that the test doesn't hang if it fails
+		require.NoError(t, err)
+		assert.EqualValues(t, 1, updated)
+	}()
+
+	// Wait until UpdateRunJobWithoutNotification reaches AggregateJobStatus()...
+	<-syncBeginPoint
+
+	// Perform a concurrent modification to `ActionRun`
+	testRun.Status = StatusSkipped
+	err := UpdateRunWithoutNotification(t.Context(), testRun, "status")
+	require.NoError(t, err)
+
+	// Signal for AggregateJobStatus to continue
+	close(syncMidPoint)
+
+	// Wait for goroutine to complete
+	<-syncEndPoint
+
+	// Reload the `ActionRun`
+	testRun = unittest.AssertExistsAndLoadBean(t, &ActionRun{ID: testJob.RunID})
+	assert.Equal(t, StatusCancelled, testRun.Status)
+}

From 230eca13c437ee42c28dcb30c1610b57772fcd3b Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 17 Jan 2026 23:36:30 +0100
Subject: [PATCH 178/854] fix: don't return AdditionalTasks from FetchTask if
 there is no Task (#10899)

Possible bug that could cause https://code.forgejo.org/forgejo/runner/issues/1302: by picking more tasks after the first `PickTask` didn't find anything, they'll be returned in `AdditionalTasks`.  But the runner doesn't act upon additional tasks if there is no "first" task.

I can't see a practical way to cover this with an automated test other than mutating the production code to provide a synchronization point between the two operations.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10899
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 routers/api/actions/runner/runner.go | 30 ++++++++++++++--------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go
index 88e96aac1a..ed48ee320b 100644
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -162,22 +162,22 @@ func (s *Service) FetchTask(
 			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("pick task: %w", err))
 		} else if ok {
 			task = t
-		}
 
-		taskCapacity := req.Msg.GetTaskCapacity()
-		taskCapacity-- // remove 1 for the task already fetched as `task`
-		for taskCapacity > 0 {
-			if t, ok, err := actions_service.PickTask(ctx, runner); err != nil {
-				// Don't return an error to the client/runner -- we've already assigned one-or-more tasks to the runner
-				// and if we don't return them, they can't be picked up by another runner and will become zombie tasks.
-				// Log the error and return the tasks we've assigned so far.
-				log.Error("pick task failed: %v", err)
-				break
-			} else if ok {
-				additionalTasks = append(additionalTasks, t)
-				taskCapacity--
-			} else {
-				break
+			taskCapacity := req.Msg.GetTaskCapacity()
+			taskCapacity-- // remove 1 for the task already fetched as `task`
+			for taskCapacity > 0 {
+				if t, ok, err := actions_service.PickTask(ctx, runner); err != nil {
+					// Don't return an error to the client/runner -- we've already assigned one-or-more tasks to the runner
+					// and if we don't return them, they can't be picked up by another runner and will become zombie tasks.
+					// Log the error and return the tasks we've assigned so far.
+					log.Error("pick task failed: %v", err)
+					break
+				} else if ok {
+					additionalTasks = append(additionalTasks, t)
+					taskCapacity--
+				} else {
+					break
+				}
 			}
 		}
 	}

From a135f0c240f262719bfbdc14e62b7d40eace67c7 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 18 Jan 2026 03:47:28 +0100
Subject: [PATCH 179/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.5.3 (forgejo) (#10911)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.5.2` -> `v12.5.3` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.5.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.5.2/v12.5.3?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.5.3`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.5.3)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.5.2...v12.5.3)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1303): <!--number 1303 --><!--line 0 --><!--description Zml4OiBzdXBwb3J0IEZvcmdlam8gcmV0dXJuaW5nIEFkZGl0aW9uYWxUYXNrcyBidXQgbm90IFRhc2s=-->fix: support Forgejo returning AdditionalTasks but not Task<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1293): <!--number 1293 --><!--line 0 --><!--description Zml4OiBvbmx5IHNraXAgZmV0Y2hpbmcgd2hlbiBhIGNvbW1pdCBleGlzdHMgbG9jYWxseQ==-->fix: only skip fetching when a commit exists locally<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1294): <!--number 1294 --><!--line 0 --><!--description Zml4OiB1bmJyZWFrIHRoZSBidWlsZCBmb3IgcGxhdGZvcm1zIHcvbyBkb2NrZXIgc3VwcG9ydA==-->fix: unbreak the build for platforms w/o docker support<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1277): <!--number 1277 --><!--line 0 --><!--description Zml4OiB0cnkgdG8gZW1wdHkgY2xvbmUgZGlyZWN0b3J5IHRoYXQgaXMgbm90IGVtcHR5-->fix: try to empty clone directory that is not empty<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1301): <!--number 1301 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS41LjE=-->Update dependency forgejo/release-notes-assistant to v1.5.1<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1299): <!--number 1299 --><!--line 0 --><!--description Y2hvcmU6IGltcHJvdmUgaW50ZXJuYWwgcmVwb3J0ZXIuZ28gbG9nZ2luZw==-->chore: improve internal reporter.go logging<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1298): <!--number 1298 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNg==-->Update dependency go to v1.25.6<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1297): <!--number 1297 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvdGVybSB0byB2MC4zOS4w-->Update module golang.org/x/term to v0.39.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1295): <!--number 1295 --><!--line 0 --><!--description Y2hvcmU6IGJ1aWxkIHVuc3VwcG9ydGVkIHBsYXRmb3Jtcw==-->chore: build unsupported platforms<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1296): <!--number 1296 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvc3lzIHRvIHYwLjQwLjA=-->Update module golang.org/x/sys to v0.40.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1288): <!--number 1288 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2FscGluZSBEb2NrZXIgdGFnIHRvIHYzLjIz-->Update data.forgejo.org/oci/alpine Docker tag to v3.23<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1286): <!--number 1286 --><!--line 0 --><!--description dGVzdDogYWRkIGFuIExYQyBlbnZpcm9ubWVudCB0ZXN0-->test: add an LXC environment test<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1261): <!--number 1261 --><!--line 0 --><!--description Y2hvcmU6IGVuc3VyZSBhbGwgdGVzdHMgYXJlIHJ1bg==-->chore: ensure all tests are run<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1279): <!--number 1279 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3NwZjEzL2NvYnJhIHRvIHYxLjEwLjI=-->Update module github.com/spf13/cobra to v1.10.2<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1281): <!--number 1281 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuOC4w-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.8.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1280): <!--number 1280 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby1ydW5uZXItc2VydmljZS15cSB0byB2NC41MC4x-->Update dependency forgejo-runner-service-yq to v4.50.1<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1284): <!--number 1284 --><!--line 0 --><!--description dGVzdDogcGluZyBob3N0bmFtZSBpbnN0ZWFkIG9mIGxvY2FsaG9zdA==-->test: ping hostname instead of localhost<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1285): <!--number 1285 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbHhjLW5vZGUgdG8gdjI0-->Update dependency lxc-node to v24<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1283): <!--number 1283 --><!--line 0 --><!--description VXBkYXRlIE5vZGUuanMgdG8gdjI0-->Update Node.js to v24<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1278): <!--number 1278 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMi41LjI=-->Update forgejo-runner to v12.5.2<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi43OC4yIiwidXBkYXRlZEluVmVyIjoiNDIuNzguMiIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10911
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 9cd4479757..671066322e 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.5.2
+	code.forgejo.org/forgejo/runner/v12 v12.5.3
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index 79bd5581b4..55e802220f 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.5.2 h1:VzlAze7DfpyjnS9FqDB1Ly+VjwHvScgGnL6q9TRTgn0=
-code.forgejo.org/forgejo/runner/v12 v12.5.2/go.mod h1:HAOlrRYqERs90Qomps7cc1uZSOepuS5Cu9+Ij8izj7c=
+code.forgejo.org/forgejo/runner/v12 v12.5.3 h1:x5dydZLjCIgusbVTJwazX3Axu7BBMxSELaXVes+bMt0=
+code.forgejo.org/forgejo/runner/v12 v12.5.3/go.mod h1:nSg+9OoDP3SQG6m6bgzOe1b8x062EwMwxp9uKXEBzfU=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=

From bfef19d39dd82d7b4d7b3b92fd7fb2e4d27c9d15 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Sun, 18 Jan 2026 05:39:28 +0100
Subject: [PATCH 180/854] chore(ui): remove obsolete var --color-nav-text
 (#10898)

This variable isn't needed because all themes are setting it to `--color-text`, but the relevant UI elements are already inheriting it from `body`.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10898
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 web_src/css/modules/navbar.css             | 4 ----
 web_src/css/themes/theme-forgejo-dark.css  | 1 -
 web_src/css/themes/theme-forgejo-light.css | 1 -
 web_src/css/themes/theme-gitea-dark.css    | 1 -
 web_src/css/themes/theme-gitea-light.css   | 1 -
 5 files changed, 8 deletions(-)

diff --git a/web_src/css/modules/navbar.css b/web_src/css/modules/navbar.css
index b725b54182..ab905196a8 100644
--- a/web_src/css/modules/navbar.css
+++ b/web_src/css/modules/navbar.css
@@ -33,10 +33,6 @@
   display: flex;
 }
 
-#navbar > .menu > .item {
-  color: var(--color-nav-text);
-}
-
 #navbar .dropdown .item {
   justify-content: stretch;
 }
diff --git a/web_src/css/themes/theme-forgejo-dark.css b/web_src/css/themes/theme-forgejo-dark.css
index 40fb093665..1c5466b3c8 100644
--- a/web_src/css/themes/theme-forgejo-dark.css
+++ b/web_src/css/themes/theme-forgejo-dark.css
@@ -265,7 +265,6 @@
   --color-tooltip-bg: #000000f0;
   --color-nav-bg: var(--steel-900);
   --color-nav-hover-bg: var(--steel-600);
-  --color-nav-text: var(--color-text);
   --color-secondary-nav-bg: var(--color-body);
   --color-label-text: #fff;
   --color-label-bg: var(--steel-600);
diff --git a/web_src/css/themes/theme-forgejo-light.css b/web_src/css/themes/theme-forgejo-light.css
index b4ad8f1649..be94290f5c 100644
--- a/web_src/css/themes/theme-forgejo-light.css
+++ b/web_src/css/themes/theme-forgejo-light.css
@@ -263,7 +263,6 @@
   --color-tooltip-bg: #000000f0;
   --color-nav-bg: var(--zinc-100);
   --color-nav-hover-bg: var(--zinc-300);
-  --color-nav-text: var(--color-text);
   --color-secondary-nav-bg: var(--color-body);
   --color-label-text: var(--color-text);
   --color-label-bg: #cacaca7b;
diff --git a/web_src/css/themes/theme-gitea-dark.css b/web_src/css/themes/theme-gitea-dark.css
index 0fbe7ba4ec..31cf57b7c9 100644
--- a/web_src/css/themes/theme-gitea-dark.css
+++ b/web_src/css/themes/theme-gitea-dark.css
@@ -224,7 +224,6 @@
   --color-tooltip-bg: #000017f0;
   --color-nav-bg: #16191c;
   --color-nav-hover-bg: var(--color-secondary-light-1);
-  --color-nav-text: var(--color-text);
   --color-secondary-nav-bg: #181c20;
   --color-label-text: var(--color-text);
   --color-label-bg: #73828e4b;
diff --git a/web_src/css/themes/theme-gitea-light.css b/web_src/css/themes/theme-gitea-light.css
index c9ca759472..74272c738e 100644
--- a/web_src/css/themes/theme-gitea-light.css
+++ b/web_src/css/themes/theme-gitea-light.css
@@ -224,7 +224,6 @@
   --color-tooltip-bg: #000017f0;
   --color-nav-bg: #f6f7fa;
   --color-nav-hover-bg: var(--color-secondary-light-1);
-  --color-nav-text: var(--color-text);
   --color-secondary-nav-bg: #f9fafb;
   --color-label-text: var(--color-text);
   --color-label-bg: #949da64b;

From 42754def4c7b7b72df18f1b4a03d7a2c32344e08 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 18 Jan 2026 16:41:40 +0100
Subject: [PATCH 181/854] Update module github.com/urfave/cli/v3 to v3.6.2
 (forgejo) (#10912)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 671066322e..67b223ee4e 100644
--- a/go.mod
+++ b/go.mod
@@ -94,7 +94,7 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/syndtr/goleveldb v1.0.0
 	github.com/ulikunitz/xz v0.5.15
-	github.com/urfave/cli/v3 v3.6.1
+	github.com/urfave/cli/v3 v3.6.2
 	github.com/valyala/fastjson v1.6.7
 	github.com/yohcop/openid-go v1.0.1
 	github.com/yuin/goldmark v1.7.16

From 4143678d85b21fde648cea3078b29b3bc5f93ca3 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 18 Jan 2026 21:27:29 +0100
Subject: [PATCH 182/854] Update CodeMirror (forgejo) (#10892)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10892
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 26 +++++++++++++-------------
 package.json      |  6 +++---
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 1f4876e863..c2f554ed52 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -28,9 +28,9 @@
         "@codemirror/lang-xml": "6.1.0",
         "@codemirror/lang-yaml": "6.1.2",
         "@codemirror/language": "6.12.1",
-        "@codemirror/search": "6.5.11",
-        "@codemirror/state": "6.5.3",
-        "@codemirror/view": "6.39.9",
+        "@codemirror/search": "6.6.0",
+        "@codemirror/state": "6.5.4",
+        "@codemirror/view": "6.39.11",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.8.0",
@@ -758,29 +758,29 @@
       }
     },
     "node_modules/@codemirror/search": {
-      "version": "6.5.11",
-      "resolved": "https://registry.npmjs.org/@codemirror/search/-/search-6.5.11.tgz",
-      "integrity": "sha512-KmWepDE6jUdL6n8cAAqIpRmLPBZ5ZKnicE8oGU/s3QrAVID+0VhLFrzUucVKHG5035/BSykhExDL/Xm7dHthiA==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/search/-/search-6.6.0.tgz",
+      "integrity": "sha512-koFuNXcDvyyotWcgOnZGmY7LZqEOXZaaxD/j6n18TCLx2/9HieZJ5H6hs1g8FiRxBD0DNfs0nXn17g872RmYdw==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.0.0",
-        "@codemirror/view": "^6.0.0",
+        "@codemirror/view": "^6.37.0",
         "crelt": "^1.0.5"
       }
     },
     "node_modules/@codemirror/state": {
-      "version": "6.5.3",
-      "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.5.3.tgz",
-      "integrity": "sha512-MerMzJzlXogk2fxWFU1nKp36bY5orBG59HnPiz0G9nLRebWa0zXuv2siH6PLIHBvv5TH8CkQRqjBs0MlxCZu+A==",
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.5.4.tgz",
+      "integrity": "sha512-8y7xqG/hpB53l25CIoit9/ngxdfoG+fx+V3SHBrinnhOtLvKHRyAJJuHzkWrR4YXXLX8eXBsejgAAxHUOdW1yw==",
       "license": "MIT",
       "dependencies": {
         "@marijn/find-cluster-break": "^1.0.0"
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.39.9",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.9.tgz",
-      "integrity": "sha512-miGSIfBOKC1s2oHoa80dp+BjtsL8sXsrgGlQnQuOcfvaedcQUtqddTmKbJSDkLl4mkgPvZyXuKic2HDNYcJLYA==",
+      "version": "6.39.11",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.11.tgz",
+      "integrity": "sha512-bWdeR8gWM87l4DB/kYSF9A+dVackzDb/V56Tq7QVrQ7rn86W0rgZFtlL3g3pem6AeGcb9NQNoy3ao4WpW4h5tQ==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.5.0",
diff --git a/package.json b/package.json
index fce5ef30ed..e0e5515b15 100644
--- a/package.json
+++ b/package.json
@@ -27,9 +27,9 @@
     "@codemirror/lang-xml": "6.1.0",
     "@codemirror/lang-yaml": "6.1.2",
     "@codemirror/language": "6.12.1",
-    "@codemirror/search": "6.5.11",
-    "@codemirror/state": "6.5.3",
-    "@codemirror/view": "6.39.9",
+    "@codemirror/search": "6.6.0",
+    "@codemirror/state": "6.5.4",
+    "@codemirror/view": "6.39.11",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.8.0",

From db98396184b9db24b9ca9b4c958e999fa3b1a144 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 19 Jan 2026 06:56:44 +0100
Subject: [PATCH 183/854] Update https://data.forgejo.org/actions/setup-forgejo
 action to v3.1.1 (forgejo) (#10919)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10919
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index a28a6ee29d..4523a4bae7 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -29,7 +29,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.0
+        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.1
         with:
           user: root
           password: admin1234

From 70035bc654a199424ba321bf7faabf11d8d129fa Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 19 Jan 2026 07:42:34 +0100
Subject: [PATCH 184/854] Update renovate to v42.84.2 (forgejo) (#10918)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 10ce3c8921..b2530e62c9 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:42.78.2
+      image: data.forgejo.org/renovate/renovate:42.84.2
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index a86e5727dd..855498d55c 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.40.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@42.78.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@42.84.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From 7f22f525fc7272ef1552548fd70cfab9470f043d Mon Sep 17 00:00:00 2001
From: Enrique Sanchez Cardoso <enriqueesanchz@gmail.com>
Date: Mon, 19 Jan 2026 18:41:20 +0100
Subject: [PATCH 185/854] feat: strip newlines on og image rendering (#10914)

Replace newlines from the repo description with spaces to match in-app
rendering.

Related issue: #10823

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10914
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Enrique Sanchez Cardoso <enriqueesanchz@gmail.com>
Co-committed-by: Enrique Sanchez Cardoso <enriqueesanchz@gmail.com>
---
 routers/web/repo/card.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/routers/web/repo/card.go b/routers/web/repo/card.go
index c8bab8cc49..dd0cedae2d 100644
--- a/routers/web/repo/card.go
+++ b/routers/web/repo/card.go
@@ -152,7 +152,13 @@ func drawRepoSummaryCard(ctx *context.Context, repo *repo_model.Repository) (*ca
 	}
 
 	issueDescription.SetMargin(10)
-	_, err = issueDescription.DrawText(repo.Description, color.Gray{128}, 36, card.Top, card.Left)
+	// Replace new lines with spaces to match repo description in-app rendering
+	issueDescriptionText := strings.NewReplacer(
+		"\r\n", " ",
+		"\r", " ",
+		"\n", " ",
+	).Replace(repo.Description)
+	_, err = issueDescription.DrawText(issueDescriptionText, color.Gray{128}, 36, card.Top, card.Left)
 	if err != nil {
 		return nil, err
 	}

From 10aaef5c7bdd562aa6ab7f3705615e402bb9e672 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Tue, 20 Jan 2026 04:59:15 +0100
Subject: [PATCH 186/854] feat(perf): remove unused size url parameter for
 local avatars (#10932)

Avatars storage handler ignores the size= url parameter, and we don't have any code for creating multiple sizes of the same avatar.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10932
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 models/avatars/avatar.go            | 8 +-------
 models/user/avatar.go               | 5 +++--
 modules/repository/commits_test.go  | 4 +---
 routers/web/user/setting/profile.go | 1 -
 4 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/models/avatars/avatar.go b/models/avatars/avatar.go
index ad59bd8769..43d52c562b 100644
--- a/models/avatars/avatar.go
+++ b/models/avatars/avatar.go
@@ -165,10 +165,7 @@ func GenerateUserAvatarFastLink(userName string, size int) string {
 }
 
 // GenerateUserAvatarImageLink returns a link for `User.Avatar` image file: "/avatars/${User.Avatar}"
-func GenerateUserAvatarImageLink(userAvatar string, size int) string {
-	if size > 0 {
-		return setting.AppSubURL + "/avatars/" + url.PathEscape(userAvatar) + "?size=" + strconv.Itoa(size)
-	}
+func GenerateUserAvatarImageLink(userAvatar string) string {
 	return setting.AppSubURL + "/avatars/" + url.PathEscape(userAvatar)
 }
 
@@ -210,9 +207,6 @@ func generateEmailAvatarLink(ctx context.Context, email string, size int, final
 		}
 		// for non-final link, we should return fast (use a 302 redirection link)
 		urlStr := setting.AppSubURL + "/avatar/" + url.PathEscape(emailHash)
-		if size > 0 {
-			urlStr += "?size=" + strconv.Itoa(size)
-		}
 		return urlStr
 	}
 
diff --git a/models/user/avatar.go b/models/user/avatar.go
index d534bd7bea..cc1b1b7b9d 100644
--- a/models/user/avatar.go
+++ b/models/user/avatar.go
@@ -60,7 +60,8 @@ func GenerateRandomAvatar(ctx context.Context, u *User) error {
 	return nil
 }
 
-// AvatarLinkWithSize returns a link to the user's avatar with size. size <= 0 means default size
+// AvatarLinkWithSize returns a link to the user's avatar. Size is only used for
+// GenerateEmailAvatarFastLink, for external email-based avatar services
 func (u *User) AvatarLinkWithSize(ctx context.Context, size int) string {
 	if u.IsGhost() || u.ID <= 0 {
 		return avatars.DefaultAvatarLink()
@@ -88,7 +89,7 @@ func (u *User) AvatarLinkWithSize(ctx context.Context, size int) string {
 		if u.Avatar == "" {
 			return avatars.DefaultAvatarLink()
 		}
-		return avatars.GenerateUserAvatarImageLink(u.Avatar, size)
+		return avatars.GenerateUserAvatarImageLink(u.Avatar)
 	}
 	return avatars.GenerateEmailAvatarFastLink(ctx, u.AvatarEmail, size)
 }
diff --git a/modules/repository/commits_test.go b/modules/repository/commits_test.go
index 4b6d4bfe51..ef998f7916 100644
--- a/modules/repository/commits_test.go
+++ b/modules/repository/commits_test.go
@@ -5,7 +5,6 @@
 package repository
 
 import (
-	"strconv"
 	"testing"
 	"time"
 
@@ -13,7 +12,6 @@ import (
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/git"
-	"forgejo.org/modules/setting"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -126,7 +124,7 @@ func TestPushCommits_AvatarLink(t *testing.T) {
 	}
 
 	assert.Equal(t,
-		"/avatars/ab53a2911ddf9b4817ac01ddcd3d975f?size="+strconv.Itoa(28*setting.Avatar.RenderedSizeFactor),
+		"/avatars/ab53a2911ddf9b4817ac01ddcd3d975f",
 		pushCommits.AvatarLink(db.DefaultContext, "user2@example.com"))
 
 	assert.Equal(t,
diff --git a/routers/web/user/setting/profile.go b/routers/web/user/setting/profile.go
index e0ce88b582..125e387866 100644
--- a/routers/web/user/setting/profile.go
+++ b/routers/web/user/setting/profile.go
@@ -123,7 +123,6 @@ func ProfilePost(ctx *context.Context) {
 }
 
 // UpdateAvatarSetting update user's avatar
-// FIXME: limit size.
 func UpdateAvatarSetting(ctx *context.Context, form *forms.AvatarForm, ctxUser *user_model.User) error {
 	ctxUser.UseCustomAvatar = form.Source == forms.AvatarLocal
 	if len(form.Gravatar) > 0 {

From c17d62569d535baf0a063a7f9a8089eae829f207 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 20 Jan 2026 06:52:00 +0100
Subject: [PATCH 187/854] Update
 https://data.forgejo.org/infrastructure/issue-action action to v1.5.0
 (forgejo) (#10935)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10935
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/publish-release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index 853a730a1a..a7cb5f9f07 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -63,14 +63,14 @@ jobs:
 
       - name: get trigger mirror issue
         id: mirror
-        uses: https://data.forgejo.org/infrastructure/issue-action/get@v1.3.0
+        uses: https://data.forgejo.org/infrastructure/issue-action/get@v1.5.0
         with:
           forgejo: https://code.forgejo.org
           repository: forgejo/forgejo
           labels: mirror-trigger
 
       - name: trigger the mirror
-        uses: https://data.forgejo.org/infrastructure/issue-action/set@v1.3.0
+        uses: https://data.forgejo.org/infrastructure/issue-action/set@v1.5.0
         with:
           forgejo: https://code.forgejo.org
           repository: forgejo/forgejo

From 374b3d9f4d4470e50fe33fee463a7d62d17ee1d7 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 20 Jan 2026 17:34:59 +0100
Subject: [PATCH 188/854] fix: remove infinite loop in
 UpdateRunJobWithoutNotification when run in transaction (#10945)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

#10893 introduced a retry loop to manage concurrent updates when updating the state of `action_run` in the function `UpdateRunJobWithoutNotification`.  However, when `UpdateRunJobWithoutNotification` is called from within a transaction, the retry loop continues to read the same data from the DB (due to repeatable read isolation) and loops infinitely.

As #10893 was later identified to not be required to fix the target problem (https://code.forgejo.org/forgejo/runner/issues/1302), this PR reverts the change.  The only retained change is that the error `ErrActionRunOutOfDate` is a constant rather than `errors.New("run has changed")`.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
      - [x] Reverted the test added for 10893 after confirming that it is the cause of the problem.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10945
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/run_job.go      | 12 ++-----
 models/actions/run_job_test.go | 58 ----------------------------------
 2 files changed, 2 insertions(+), 68 deletions(-)

diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index 9ddae1e301..ddf622f9e9 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -5,14 +5,12 @@ package actions
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"slices"
 	"time"
 
 	"forgejo.org/models/db"
 	"forgejo.org/modules/container"
-	"forgejo.org/modules/log"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 
@@ -176,7 +174,7 @@ func UpdateRunJobWithoutNotification(ctx context.Context, job *ActionRunJob, con
 		}
 	}
 
-	for {
+	{
 		// Other goroutines may aggregate the status of the run and update it too.
 		// So we need load the run and its jobs before updating the run.
 		run, err := GetRunByID(ctx, job.RunID)
@@ -204,16 +202,10 @@ func UpdateRunJobWithoutNotification(ctx context.Context, job *ActionRunJob, con
 		}
 		if updateRequired {
 			// As the caller has to ensure the ActionRunNowDone notification is sent we can ignore doing so here.
-			if err := UpdateRunWithoutNotification(ctx, run, "status", "started", "stopped"); err != nil && errors.Is(err, ErrActionRunOutOfDate) {
-				// Retry update; another session affected `run` simultaneously. It wasn't necessarily another update
-				// from this same loop -- there are other codepaths that update `ActionRun`.
-				log.Debug("UpdateRunWithoutNotification failed with %v; looping for retry", err)
-				continue
-			} else if err != nil {
+			if err := UpdateRunWithoutNotification(ctx, run, "status", "started", "stopped"); err != nil {
 				return 0, fmt.Errorf("update run %d: %w", run.ID, err)
 			}
 		}
-		break // exit retry loop
 	}
 
 	return affected, nil
diff --git a/models/actions/run_job_test.go b/models/actions/run_job_test.go
index caaaae2cf8..7c204d4eb9 100644
--- a/models/actions/run_job_test.go
+++ b/models/actions/run_job_test.go
@@ -8,7 +8,6 @@ import (
 
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
-	"forgejo.org/modules/test"
 
 	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
 	"github.com/stretchr/testify/assert"
@@ -282,60 +281,3 @@ func TestActionRunJob_HasIncompleteWith(t *testing.T) {
 		})
 	}
 }
-
-func TestUpdateRunJobWithoutNotificationConcurrency(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-
-	testJob := unittest.AssertExistsAndLoadBean(t, &ActionRunJob{ID: 192})
-	testRun := unittest.AssertExistsAndLoadBean(t, &ActionRun{ID: testJob.RunID})
-
-	// UpdateRunJobWithoutNotification is intended to update the related `ActionRun`, setting its `Started`, `Stopped`,
-	// and `Status` field to an appropriate state considering the job update.  It has a retry loop to perform this work
-	// even if `ActionRun` is updated concurrently.  To test that loop, we're going to intercept the invocation of
-	// AggregateJobStatus and freeze that update process, perform a different modification to the run, and then release
-	// the frozen test.  The retry loop should trigger and a second pass updating the `ActionRun` should succeed.
-
-	syncBeginPoint := make(chan any)
-	syncMidPoint := make(chan any)
-	syncEndPoint := make(chan any)
-	firstPass := true
-
-	defer test.MockVariableValue(&AggregateJobStatus, func(jobs []*ActionRunJob) Status {
-		// Synchronization here needs to handle the faact that `AggregateJobStatus` will be invoked twice -- pause
-		// correctly on the first run, but continue with no concerns on the second run.
-		if firstPass {
-			firstPass = false
-			// Signal that we're in AggregateJobStatus()...
-			close(syncBeginPoint)
-			// Wait until signalled to continue
-			<-syncMidPoint
-		}
-		return StatusCancelled
-	})()
-
-	go func() {
-		testJob.Status = StatusCancelled
-		updated, err := UpdateRunJobWithoutNotification(t.Context(), testJob, nil, "status")
-		close(syncEndPoint) // close before asserts, so that the test doesn't hang if it fails
-		require.NoError(t, err)
-		assert.EqualValues(t, 1, updated)
-	}()
-
-	// Wait until UpdateRunJobWithoutNotification reaches AggregateJobStatus()...
-	<-syncBeginPoint
-
-	// Perform a concurrent modification to `ActionRun`
-	testRun.Status = StatusSkipped
-	err := UpdateRunWithoutNotification(t.Context(), testRun, "status")
-	require.NoError(t, err)
-
-	// Signal for AggregateJobStatus to continue
-	close(syncMidPoint)
-
-	// Wait for goroutine to complete
-	<-syncEndPoint
-
-	// Reload the `ActionRun`
-	testRun = unittest.AssertExistsAndLoadBean(t, &ActionRun{ID: testJob.RunID})
-	assert.Equal(t, StatusCancelled, testRun.Status)
-}

From 3595e1e830c9303c2cf151b0d67001e24aea98a8 Mon Sep 17 00:00:00 2001
From: emilycares <emilydoescare@gmail.com>
Date: Tue, 20 Jan 2026 18:24:46 +0100
Subject: [PATCH 189/854] fix(api): default new release 'title' field to label
 name, if not provided (#10925)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10925
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: emilycares <emilydoescare@gmail.com>
Co-committed-by: emilycares <emilydoescare@gmail.com>
---
 routers/api/v1/repo/release.go         |  8 ++++++--
 tests/integration/api_releases_test.go | 22 ++++++++++++++++++++++
 2 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/routers/api/v1/repo/release.go b/routers/api/v1/repo/release.go
index cacdcfefba..0f48c8427e 100644
--- a/routers/api/v1/repo/release.go
+++ b/routers/api/v1/repo/release.go
@@ -230,6 +230,10 @@ func CreateRelease(ctx *context.APIContext) {
 		ctx.Error(http.StatusUnprocessableEntity, "RepoIsEmpty", errors.New("repo is empty"))
 		return
 	}
+	title := form.Title
+	if len(title) == 0 {
+		title = form.TagName
+	}
 	rel, err := repo_model.GetRelease(ctx, ctx.Repo.Repository.ID, form.TagName)
 	if err != nil {
 		if !repo_model.IsErrReleaseNotExist(err) {
@@ -246,7 +250,7 @@ func CreateRelease(ctx *context.APIContext) {
 			Publisher:        ctx.Doer,
 			TagName:          form.TagName,
 			Target:           form.Target,
-			Title:            form.Title,
+			Title:            title,
 			Note:             form.Note,
 			IsDraft:          form.IsDraft,
 			IsPrerelease:     form.IsPrerelease,
@@ -272,7 +276,7 @@ func CreateRelease(ctx *context.APIContext) {
 			return
 		}
 
-		rel.Title = form.Title
+		rel.Title = title
 		rel.Note = form.Note
 		rel.IsDraft = form.IsDraft
 		rel.IsPrerelease = form.IsPrerelease
diff --git a/tests/integration/api_releases_test.go b/tests/integration/api_releases_test.go
index 133a290284..9f9ed1cf09 100644
--- a/tests/integration/api_releases_test.go
+++ b/tests/integration/api_releases_test.go
@@ -497,6 +497,28 @@ func TestAPIReleaseMissingAsset(t *testing.T) {
 	MakeRequest(t, req, http.StatusBadRequest)
 }
 
+func TestAPIReleaseMissingTitle(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+	session := loginUser(t, owner.LowerName)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+	gitRepo, err := gitrepo.OpenRepository(git.DefaultContext, repo)
+	require.NoError(t, err)
+	defer gitRepo.Close()
+
+	err = gitRepo.CreateTag("v0.0.1", "master")
+	require.NoError(t, err)
+
+	target, err := gitRepo.GetTagCommitID("v0.0.1")
+	require.NoError(t, err)
+
+	r := createNewReleaseUsingAPI(t, token, owner, repo, target, "", "", "")
+	assert.Equal(t, r.Title, target)
+}
+
 func TestAPIReleaseGithubFormat(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From 953c468b32465985937b787b3319d0890495c119 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Tue, 20 Jan 2026 19:23:31 +0100
Subject: [PATCH 190/854] fix(ui): improve force-push layout alignment (#10939)

Followup to https://codeberg.org/forgejo/forgejo/pulls/7746
Replaces https://codeberg.org/forgejo/forgejo/pulls/10938

grid layout (desktop): give the Compare button a wrapper with same height as the first text line so it stays aligned to it (and to timeline badge)

inline layout (mobile): give the Compare button left margin so there's a gap between it and the text line

Initial fix for grid was proposed by luisadame.

Co-authored-by: Luis <luis@adame.dev>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10939
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 templates/repo/issue/view_content/comments.tmpl |  4 +++-
 web_src/css/repo.css                            | 10 ++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/templates/repo/issue/view_content/comments.tmpl b/templates/repo/issue/view_content/comments.tmpl
index c3cc94dfb3..bde6a0b5b2 100644
--- a/templates/repo/issue/view_content/comments.tmpl
+++ b/templates/repo/issue/view_content/comments.tmpl
@@ -580,7 +580,9 @@
 								}}
 							</span>
 							{{if $.Issue.PullRequest.BaseRepo.Name}}
-								<a href="{{$.Issue.PullRequest.BaseRepo.Link}}/compare/{{PathEscape .OldCommit}}..{{PathEscape .NewCommit}}" rel="nofollow" class="ui compare label">{{ctx.Locale.Tr "repo.issues.force_push_compare"}}</a>
+								<span class="compare">
+									<a href="{{$.Issue.PullRequest.BaseRepo.Link}}/compare/{{PathEscape .OldCommit}}..{{PathEscape .NewCommit}}" rel="nofollow" class="ui compare label">{{ctx.Locale.Tr "repo.issues.force_push_compare"}}</a>
+								</span>
 							{{end}}
 						</span>
 					{{else}}
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index 48705180b2..2ead2b4797 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -887,6 +887,16 @@ citation-information .tab:not(.active) {
     display: grid;
     grid-template-columns: 1fr auto;
     column-gap: 1rem;
+    span.compare {
+      /* Same height as .timeline-item .badge for alignment */
+      height: 34px;
+    }
+  }
+}
+
+@media (max-width: 767.98px) {
+  .repository.view.issue .comment-list .timeline-item .forced-push span.compare {
+    margin-inline-start: 1rem;
   }
 }
 

From 67d62ee4568523c68394a99bc9615bb0475b2764 Mon Sep 17 00:00:00 2001
From: avery <avery@catpowered.net>
Date: Tue, 20 Jan 2026 22:09:11 +0100
Subject: [PATCH 191/854] fix: "disable router log" indicator on configuration
 summary page (#10356)

## Summary
Currently, on `{INSTANCE_URL}/admin/config`, the "Disable router log" indicator is completely meaningless, as nothing is assigned to `ctx.Data["DisableRouterLog"]` in [`routers/web/admin/config.go`](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/routers/web/admin/config.go#L121).
This makes the indicator useful without changing any Go code by querying the `Loggers` item that has already been dumped to the context.

Some pictures :)
---

### Before (always)
![image0](/attachments/451c9742-df4b-451a-8144-9d852dcd139f)

### After (with default log config)
![image0](/attachments/451c9742-df4b-451a-8144-9d852dcd139f)

### After (with `LOGGER_ROUTER_MODE` set to empty)
![image](/attachments/df04e085-9a32-402c-8e56-51a311a2a470)

---
## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests
As far as I can tell, there aren't tests for TMPL template rendering, if I have overlooked them I'll be happy to add.

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes
(I don't really mind)

- [x] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10356
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: avery <avery@catpowered.net>
Co-committed-by: avery <avery@catpowered.net>
---
 templates/admin/config.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/admin/config.tmpl b/templates/admin/config.tmpl
index 43bf3db37a..0962c6bfc7 100644
--- a/templates/admin/config.tmpl
+++ b/templates/admin/config.tmpl
@@ -20,7 +20,7 @@
 				<dt>{{ctx.Locale.Tr "admin.config.offline_mode"}}</dt>
 				<dd>{{if .OfflineMode}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</dd>
 				<dt>{{ctx.Locale.Tr "admin.config.disable_router_log"}}</dt>
-				<dd>{{if .DisableRouterLog}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</dd>
+				<dd>{{if .Loggers.router.IsEnabled}}{{svg "octicon-x"}}{{else}}{{svg "octicon-check"}}{{end}}</dd>
 
 				<div class="divider"></div>
 

From 7894e1bb8fe95c409905797d720074454ccd0980 Mon Sep 17 00:00:00 2001
From: Otto Richter <otto@codeberg.org>
Date: Wed, 21 Jan 2026 14:54:15 +0100
Subject: [PATCH 192/854] Improve issue templates for new workflow (#10847)

* Separate documentation about the workflow for better attention. I could imagine that it was not read by everyone, since it was after the trivial 'Please write in English' instructions.
* Improve explanations about the workflow, expectations and next steps.
* Explicitly mark the Enhancement template to be mostly for contributors.
* Disable blank issues. I could not really identify any recent usage of it that was legitimate.
* Improve instructions about which details to share about the own Forgejo usage.
* Explicitly state in the enhancement template that only issue references should go in there, not noise.
* Create a placeholder in problem template to add references to potential solutions later.

I hope this resolves some of the issues observed with the new workflow and improves the quality of submitted reports. Also addresses the feedback already received in https://codeberg.org/forgejo/user-research/issues/71

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10847
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Otto Richter <otto@codeberg.org>
Co-committed-by: Otto Richter <otto@codeberg.org>
---
 .forgejo/issue_template/1-problem.yaml     | 39 +++++++++++++++++-----
 .forgejo/issue_template/2-enhancement.yaml | 17 +++++++---
 .forgejo/issue_template/config.yml         |  1 +
 3 files changed, 44 insertions(+), 13 deletions(-)

diff --git a/.forgejo/issue_template/1-problem.yaml b/.forgejo/issue_template/1-problem.yaml
index 39008de1d2..516360a5c4 100644
--- a/.forgejo/issue_template/1-problem.yaml
+++ b/.forgejo/issue_template/1-problem.yaml
@@ -13,7 +13,18 @@ body:
       - Please speak English, as this is the language all maintainers can speak and write.
       - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
       - Take a moment to [check if a similar problem has already been discussed in the past.](https://codeberg.org/forgejo/forgejo/issues?q=&type=all&labels=78137). Feel free to add your own experience there, if applicable.
-      - We are currently experimenting with a new workflow to understand your problems and requests. Please try to focus on explaining the problem you are facing, which could be a bug in the code, a moment of confusion, or a missing feature. We'll think about solutions to the problem at a later step. If you want to learn more about the background of our workflow, feel invited to read and participate in [the discussion that led to the current approach](https://codeberg.org/forgejo/discussions/issues/415). We are looking forward to your feedback.
+- type: markdown
+  attributes:
+    value: |
+      ### New workflow
+      
+      We are currently experimenting with a new workflow to manage issues and better understand your problems and needs. This is step 1 of the workflow: Please try to focus on explaining the problem you are facing, which could be a bug in the code, a moment of confusion, or a need that you have.
+      
+      We do not expect anything from Forgejo users after creating a problem report, but we appreciate if you stay responsive to further questions. If you want, you can also participate in a discussion for solutions.
+      
+      Forgejo contributors will review your report, try to understand how important it is to you and other Forgejo users, and suggest potential solutions. In a next step, solutions can be documented and implemented.
+      
+      If you want to learn more about the background of our workflow, feel invited to read and participate in [the discussion that led to the current approach](https://codeberg.org/forgejo/discussions/issues/415). We are looking forward to your feedback.
 - type: dropdown
   id: can-reproduce
   attributes:
@@ -30,15 +41,18 @@ body:
 - type: textarea
   id: environment
   attributes:
-    label: Your usage of Forgejo
+    label: About your usage of Forgejo
     description: |
-      Please provide a description of your usage of Forgejo. To better understand your problem, it will be relevant to know in which environment you use Forgejo and if you have performed specific configuration.
+      Please provide a brief description of your usage of Forgejo. There is no clear guideline on how much you need to share here. You can be brief, but we value the insights you provide us to better understand your use case. Thank you very much!
       <details><summary>Further instructions</summary>
       
-      * If you report a bug with a certain functionality, it will be relevant to learn about related configuration ("This is how I configured my identity provider", "This is how my Forgejo Actions runner is set up").
-      * Please elaborate on your personal relation to Forgejo and user role ("I'm new to Forgejo, but used a comparable product called …", "In my role as a designer, …").
-      * If you feel that Forgejo needs a change in functionality, please describe in which environment you want to use it, so that we can understand for which audience the complexity needs to appeal to ("We're a group of friends with no technical / professional background and use a personal Forgejo instance to prepare our first libre game").
-      * If you already explained your usage of Forgejo elsewhere (e.g. in another issue or in a user research repository), you can put a link here.
+      * When reporting problems with certain functionality, you should include related information. Examples:
+        * When reporting an issue with setting up an identity provider, it is useful to know if you use Forgejo in a 10-users non-profit / start up, or if you are talking about a school / university with several thousands of users.
+        * When describing confusion, it will be relevant to know your skill level and background ("New, but used a similar product", "In my role as a project manager ..."), so we know for which target audience we need to design the functionality.
+        * When reporting workflow issues or needs, it will be useful to know how large your project is, how many team members you have, which skill level we are talking about etc. For example, we might choose a different design depending on whether a feature is only for professional developers or for hobby coders.
+      * If you want, we always appreciate generic information about your Forgejo usage to help us understand your usage and make better decisions. For example:
+        * Your personal relation to Forgejo and user role ("I'm new to Forgejo, but used a comparable product called …", "In my role as a designer, …").
+      * If you already explained your usage of Forgejo elsewhere (e.g. in another issue or in a user research repository), feel free to just drop a link.
       
       </details>
   validations:
@@ -48,7 +62,7 @@ body:
   attributes:
     label: Problem description
     description: |
-      Please describe your problem as a first-hand experience. Try to focus on the problem. Finding a solution will happen in a next step.
+      Please describe your problem as a first-hand experience. Try to focus on the problem. You do not have to find a solution, you can leave this to us.
       <details><summary>Further instructions</summary>
       
       * Start by explaining what you want to achieve ("I wanted to find an issue to work on").
@@ -75,7 +89,7 @@ body:
   id: forgejo-ver
   attributes:
     label: Forgejo Version
-    description: Forgejo version (or commit reference) your instance is running
+    description: Forgejo version (or commit reference) your instance is running or that you used to reproduce the bug on Forgejo Next.
 - type: textarea
   id: versions
   attributes:
@@ -84,3 +98,10 @@ body:
       Please include details to help us understand your problem: browser engine and version (for UI issues), operating system and version running Forgejo, database engine and version, deployment methods and relevant third-party packages (e.g. renderers, identity providers)
   validations:
     required: true
+- type: markdown
+  attributes:
+    value: |
+      ### Solutions
+      
+      *Accepted solutions to address this problem will go here*
+  visible: [content]
diff --git a/.forgejo/issue_template/2-enhancement.yaml b/.forgejo/issue_template/2-enhancement.yaml
index 3014d8901a..68594152b6 100644
--- a/.forgejo/issue_template/2-enhancement.yaml
+++ b/.forgejo/issue_template/2-enhancement.yaml
@@ -1,5 +1,5 @@
 name: "Step 2: Enhancement"
-description: Suggest a solution to one or multiple problems that have already been reported (see step 1).
+description: "[Advanced users only] Suggest a solution to one or multiple problems that have already been reported (see step 1)."
 title: "enh: "
 labels: ["enhancement/feature"]
 body:
@@ -8,19 +8,28 @@ body:
     value: |
       - Please speak English, as this is the language all maintainers can speak and write.
       - Be civil, and follow the [Forgejo Code of Conduct](https://codeberg.org/forgejo/code-of-conduct).
-      - We are currently experimenting with a new workflow to understand your problems and requests. This is step 2 of a two-step-process. The goal is to discuss potential solutions to already-reported problems. If you want to learn more about the background of our workflow, feel invited to read and participate in [the discussion that led to the current approach](https://codeberg.org/forgejo/discussions/issues/415). We are looking forward to your feedback.
+- type: markdown
+  attributes:
+    value: |
+      ### New workflow
+      
+      We are currently experimenting with a new workflow to manage issues and better understand your problems and needs. This is step 2 of the workflow, which is intended for Forgejo contributors: If you just want to raise a problem or need you have, please refer to step 1.
+      
+      This step allows to document a solution to one or multiple problems. It allows developers to focus on actionable implementation tasks without the clutter of previous discussions or triaging work.
+      
+      If you want to learn more about the background of our workflow, feel invited to read and participate in [the discussion that led to the current approach](https://codeberg.org/forgejo/discussions/issues/415). We are looking forward to your feedback.
 - type: textarea
   id: problems
   attributes:
     label: Existing problems this enhancement addresses
-    description: List the issue numbers of the reported problems that this enhancement addresses. If you haven't previously described a problem, please [complete step one of the workflow](https://codeberg.org/forgejo/forgejo/issues/new?template=.forgejo%2fissue_template%2fproblem.yaml) and describe the problem you'd like to solve first.
+    description: Only list the issue numbers of the **existing** problems that your proposal addresses. **Do not add new descriptions.** If you haven't previously described a problem, please [complete step one of the workflow](https://codeberg.org/forgejo/forgejo/issues/new?template=.forgejo%2fissue_template%2fproblem.yaml) and describe the problem you'd like to solve first.
   validations:
     required: true
 - type: textarea
   id: description
   attributes:
     label: Enhancement description
-    description: As concisely as possible, describe the changes you suggest for Forgejo and explain how they address the problems.
+    description: Describe the changes you suggest for Forgejo and explain how they address the problems.
   validations:
     required: true
 - type: textarea
diff --git a/.forgejo/issue_template/config.yml b/.forgejo/issue_template/config.yml
index f2ea8d945a..b4bd06af17 100644
--- a/.forgejo/issue_template/config.yml
+++ b/.forgejo/issue_template/config.yml
@@ -1,3 +1,4 @@
+blank_issues_enabled: false
 contact_links:
   - name: 🔓 Security Reports
     url: mailto:security@forgejo.org

From da7ce1753377ac5670e8de6672123ad789972b57 Mon Sep 17 00:00:00 2001
From: Shiny Nematoda <snematoda.751k2@aleeas.com>
Date: Wed, 21 Jan 2026 16:42:18 +0100
Subject: [PATCH 193/854] fix(ui): add missing translation for code search when
 keyword is empty string (#10964)

- `CodeSearchMode` should now be set when keyword is empty
- The default value for search mode should be exact, use fuzzy ONLY when fuzziness is enabled in settings

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10964
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
---
 routers/web/repo/search.go            | 10 ++++--
 tests/integration/repo_search_test.go | 44 +++++++++++++++++++++++++--
 2 files changed, 50 insertions(+), 4 deletions(-)

diff --git a/routers/web/repo/search.go b/routers/web/repo/search.go
index 03da55a9ec..bdc85aed38 100644
--- a/routers/web/repo/search.go
+++ b/routers/web/repo/search.go
@@ -68,8 +68,9 @@ func Search(ctx *context.Context) {
 	mode := ExactSearchMode
 	if modeStr := ctx.FormString("mode"); len(modeStr) > 0 {
 		mode = searchModeFromString(modeStr)
-	} else if ctx.FormOptionalBool("fuzzy").ValueOrDefault(true) { // for backward compatibility in links
-		mode = UnionSearchMode
+	} else if ctx.FormOptionalBool("fuzzy").ValueOrDefault(true) &&
+		setting.Indexer.RepoIndexerEnableFuzzy { // for backward compatibility in links
+		mode = FuzzySearchMode
 	}
 
 	ctx.Data["PageIsViewCode"] = true
@@ -81,6 +82,11 @@ func Search(ctx *context.Context) {
 	}
 
 	if opts.Keyword == "" {
+		if setting.Indexer.RepoIndexerEnabled {
+			ctx.Data["CodeSearchMode"] = mode.ToIndexer().String()
+		} else {
+			ctx.Data["CodeSearchMode"] = mode.ToGitGrep().String()
+		}
 		ctx.HTML(http.StatusOK, tplSearch)
 		return
 	}
diff --git a/tests/integration/repo_search_test.go b/tests/integration/repo_search_test.go
index 874970fe56..bb894b843c 100644
--- a/tests/integration/repo_search_test.go
+++ b/tests/integration/repo_search_test.go
@@ -83,6 +83,9 @@ func testSearchRepo(t *testing.T, indexer bool) {
 		code_indexer.UpdateRepoIndexer(repo)
 	}
 
+	testEmptySearch(t, indexer, true)
+	testEmptySearch(t, indexer, false)
+
 	testSearch(t, "/user2/glob/search?q=", []string{}, indexer)
 	testSearch(t, "/user2/glob/search?q=loren&page=1", []string{"a.txt"}, indexer)
 	testSearch(t, "/user2/glob/search?q=loren&page=1&mode=exact", []string{"a.txt"}, indexer)
@@ -97,6 +100,30 @@ func testSearchRepo(t *testing.T, indexer bool) {
 	testSearch(t, "/user2/glob/search?q=file5&page=1&mode=exact", []string{}, indexer)
 }
 
+func testEmptySearch(t *testing.T, indexer, withFuzzy bool) {
+	defer test.MockVariableValue(&setting.Indexer.RepoIndexerEnableFuzzy, withFuzzy)()
+	req := NewRequest(t, "GET", "/user2/glob/search")
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	container := NewHTMLParser(t, resp.Body).
+		Find(".repository").
+		Find(".ui.container")
+
+	key := "search.exact"
+	if withFuzzy && indexer {
+		key = "search.fuzzy"
+	}
+
+	expected := translation.NewLocale("en-US").TrString(key)
+	menu := container.Find(".menu[data-test-tag=fuzzy-dropdown]")
+	defaultOpt := menu.
+		Parent().
+		Find(".text").
+		Text()
+
+	assert.Equal(t, expected, strings.TrimSpace(defaultOpt))
+}
+
 func testSearch(t *testing.T, rawURL string, expected []string, indexer bool) {
 	req := NewRequest(t, "GET", rawURL)
 	resp := MakeRequest(t, req, http.StatusOK)
@@ -131,10 +158,23 @@ func testSearch(t *testing.T, rawURL string, expected []string, indexer bool) {
 
 // testDropdownOptions verifies additional properties of dropdown options
 func testDropdownOptions(t *testing.T, container *goquery.Selection, options []string, locale translation.Locale) {
-	for _, option := range options {
+	tr := make([]string, len(options))
+	for i, option := range options {
+		tr[i] = locale.TrString(fmt.Sprintf("search.%s", option))
+	}
+
+	// assert that the default value (in a .text adjacent to the menu) is a valid option
+	defaultOpt := container.
+		Find(".menu[data-test-tag=fuzzy-dropdown]").
+		Parent().
+		Find(".text").
+		Text()
+	assert.Contains(t, tr, strings.TrimSpace(defaultOpt))
+
+	for i, option := range options {
 		label := container.Find(fmt.Sprintf("label.item:has(input[value='%s'])", option))
 		name := strings.TrimSpace(label.Text())
-		assert.Equal(t, name, locale.TrString(fmt.Sprintf("search.%s", option)))
+		assert.Equal(t, name, tr[i])
 
 		tooltip, exists := label.Attr("data-tooltip-content")
 		assert.True(t, exists)

From 7c7d50638642edf04dd93c8962a7ab23a1642beb Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Thu, 22 Jan 2026 05:52:31 +0100
Subject: [PATCH 194/854] fix typo: say good bye to the singing key (#10966)

Polish a glitch from #10481

(kinda sad to let go of such a cute name)

### Checklist

* no tests to change
* no docs to change
* not relevant for release notes

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10966
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 modules/jwtx/signingkey.go | 48 +++++++++++++++++++-------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/modules/jwtx/signingkey.go b/modules/jwtx/signingkey.go
index 14bbc8b2f5..55cc522f22 100644
--- a/modules/jwtx/signingkey.go
+++ b/modules/jwtx/signingkey.go
@@ -74,42 +74,42 @@ func (key hmacSigningKey) ToJWK() (map[string]string, error) {
 
 func (key hmacSigningKey) PreProcessToken(*jwt.Token) {}
 
-type rsaSingingKey struct {
+type rsaSigningKey struct {
 	signingMethod jwt.SigningMethod
 	key           *rsa.PrivateKey
 	id            string
 }
 
-func newRSASingingKey(signingMethod jwt.SigningMethod, key *rsa.PrivateKey) (rsaSingingKey, error) {
+func newRSASigningKey(signingMethod jwt.SigningMethod, key *rsa.PrivateKey) (rsaSigningKey, error) {
 	kid, err := util.CreatePublicKeyFingerprint(key.Public().(*rsa.PublicKey))
 	if err != nil {
-		return rsaSingingKey{}, err
+		return rsaSigningKey{}, err
 	}
 
-	return rsaSingingKey{
+	return rsaSigningKey{
 		signingMethod,
 		key,
 		base64.RawURLEncoding.EncodeToString(kid),
 	}, nil
 }
 
-func (key rsaSingingKey) IsSymmetric() bool {
+func (key rsaSigningKey) IsSymmetric() bool {
 	return false
 }
 
-func (key rsaSingingKey) SigningMethod() jwt.SigningMethod {
+func (key rsaSigningKey) SigningMethod() jwt.SigningMethod {
 	return key.signingMethod
 }
 
-func (key rsaSingingKey) SignKey() any {
+func (key rsaSigningKey) SignKey() any {
 	return key.key
 }
 
-func (key rsaSingingKey) VerifyKey() any {
+func (key rsaSigningKey) VerifyKey() any {
 	return key.key.Public()
 }
 
-func (key rsaSingingKey) ToJWK() (map[string]string, error) {
+func (key rsaSigningKey) ToJWK() (map[string]string, error) {
 	pubKey := key.key.Public().(*rsa.PublicKey)
 
 	return map[string]string{
@@ -121,7 +121,7 @@ func (key rsaSingingKey) ToJWK() (map[string]string, error) {
 	}, nil
 }
 
-func (key rsaSingingKey) PreProcessToken(token *jwt.Token) {
+func (key rsaSigningKey) PreProcessToken(token *jwt.Token) {
 	token.Header["kid"] = key.id
 }
 
@@ -131,7 +131,7 @@ type eddsaSigningKey struct {
 	id            string
 }
 
-func newEdDSASingingKey(signingMethod jwt.SigningMethod, key ed25519.PrivateKey) (eddsaSigningKey, error) {
+func newEdDSASigningKey(signingMethod jwt.SigningMethod, key ed25519.PrivateKey) (eddsaSigningKey, error) {
 	kid, err := util.CreatePublicKeyFingerprint(key.Public().(ed25519.PublicKey))
 	if err != nil {
 		return eddsaSigningKey{}, err
@@ -176,42 +176,42 @@ func (key eddsaSigningKey) PreProcessToken(token *jwt.Token) {
 	token.Header["kid"] = key.id
 }
 
-type ecdsaSingingKey struct {
+type ecdsaSigningKey struct {
 	signingMethod jwt.SigningMethod
 	key           *ecdsa.PrivateKey
 	id            string
 }
 
-func newECDSASingingKey(signingMethod jwt.SigningMethod, key *ecdsa.PrivateKey) (ecdsaSingingKey, error) {
+func newECDSASigningKey(signingMethod jwt.SigningMethod, key *ecdsa.PrivateKey) (ecdsaSigningKey, error) {
 	kid, err := util.CreatePublicKeyFingerprint(key.Public().(*ecdsa.PublicKey))
 	if err != nil {
-		return ecdsaSingingKey{}, err
+		return ecdsaSigningKey{}, err
 	}
 
-	return ecdsaSingingKey{
+	return ecdsaSigningKey{
 		signingMethod,
 		key,
 		base64.RawURLEncoding.EncodeToString(kid),
 	}, nil
 }
 
-func (key ecdsaSingingKey) IsSymmetric() bool {
+func (key ecdsaSigningKey) IsSymmetric() bool {
 	return false
 }
 
-func (key ecdsaSingingKey) SigningMethod() jwt.SigningMethod {
+func (key ecdsaSigningKey) SigningMethod() jwt.SigningMethod {
 	return key.signingMethod
 }
 
-func (key ecdsaSingingKey) SignKey() any {
+func (key ecdsaSigningKey) SignKey() any {
 	return key.key
 }
 
-func (key ecdsaSingingKey) VerifyKey() any {
+func (key ecdsaSigningKey) VerifyKey() any {
 	return key.key.Public()
 }
 
-func (key ecdsaSingingKey) ToJWK() (map[string]string, error) {
+func (key ecdsaSigningKey) ToJWK() (map[string]string, error) {
 	pubKey := key.key.Public().(*ecdsa.PublicKey)
 
 	return map[string]string{
@@ -224,7 +224,7 @@ func (key ecdsaSingingKey) ToJWK() (map[string]string, error) {
 	}, nil
 }
 
-func (key ecdsaSingingKey) PreProcessToken(token *jwt.Token) {
+func (key ecdsaSigningKey) PreProcessToken(token *jwt.Token) {
 	token.Header["kid"] = key.id
 }
 
@@ -264,19 +264,19 @@ func CreateSigningKey(algorithm string, key any) (SigningKey, error) {
 		if !ok {
 			return nil, jwt.ErrInvalidKeyType
 		}
-		return newEdDSASingingKey(signingMethod, privateKey)
+		return newEdDSASigningKey(signingMethod, privateKey)
 	case *jwt.SigningMethodECDSA:
 		privateKey, ok := key.(*ecdsa.PrivateKey)
 		if !ok {
 			return nil, jwt.ErrInvalidKeyType
 		}
-		return newECDSASingingKey(signingMethod, privateKey)
+		return newECDSASigningKey(signingMethod, privateKey)
 	case *jwt.SigningMethodRSA:
 		privateKey, ok := key.(*rsa.PrivateKey)
 		if !ok {
 			return nil, jwt.ErrInvalidKeyType
 		}
-		return newRSASingingKey(signingMethod, privateKey)
+		return newRSASigningKey(signingMethod, privateKey)
 	default:
 		secret, ok := key.([]byte)
 		if !ok {

From 4b8885471274307cb4af26eaf717a2ad008725f7 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 22 Jan 2026 08:29:11 +0100
Subject: [PATCH 195/854] Update
 https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.5.0
 (forgejo) (#10972)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10972
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/build-release.yml   | 4 ++--
 .forgejo/workflows/publish-release.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 7b38c27c83..f59e844a63 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -164,7 +164,7 @@ jobs:
 
       - name: build container & release
         if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.4.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.5.0
         with:
           forgejo: "${{ env.GITHUB_SERVER_URL }}"
           owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
@@ -183,7 +183,7 @@ jobs:
 
       - name: build rootless container
         if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.4.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.5.0
         with:
           forgejo: "${{ env.GITHUB_SERVER_URL }}"
           owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index a7cb5f9f07..51894e8289 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -44,7 +44,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - name: copy & sign
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.4.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.5.0
         with:
           from-forgejo: ${{ vars.FORGEJO }}
           to-forgejo: ${{ vars.FORGEJO }}

From 5978d8d6f0409efe1f6a2c522ab83742f8cbce49 Mon Sep 17 00:00:00 2001
From: viceice <michael.kriese@gmx.de>
Date: Thu, 22 Jan 2026 09:16:32 +0100
Subject: [PATCH 196/854] fix: "revert Update
 https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.5.0"
 (#10977)

needs newer docker version first

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10977
Co-authored-by: viceice <michael.kriese@gmx.de>
Co-committed-by: viceice <michael.kriese@gmx.de>
---
 .forgejo/workflows/build-release.yml   | 4 ++--
 .forgejo/workflows/publish-release.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index f59e844a63..7b38c27c83 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -164,7 +164,7 @@ jobs:
 
       - name: build container & release
         if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.5.0
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.4.1
         with:
           forgejo: "${{ env.GITHUB_SERVER_URL }}"
           owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
@@ -183,7 +183,7 @@ jobs:
 
       - name: build rootless container
         if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.5.0
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.4.1
         with:
           forgejo: "${{ env.GITHUB_SERVER_URL }}"
           owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index 51894e8289..a7cb5f9f07 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -44,7 +44,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - name: copy & sign
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.5.0
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.4.1
         with:
           from-forgejo: ${{ vars.FORGEJO }}
           to-forgejo: ${{ vars.FORGEJO }}

From 5c676637062d8f248c4d9e14c16d19dc1bc58999 Mon Sep 17 00:00:00 2001
From: Codeberg Translate <translate@codeberg.org>
Date: Thu, 22 Jan 2026 08:08:16 +0000
Subject: [PATCH 197/854] i18n: update of translations from Codeberg Translate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Atalanttore <atalanttore@noreply.codeberg.org>
Co-authored-by: BKehayov <bkehayov@noreply.codeberg.org>
Co-authored-by: Benedikt Straub <benedikt-straub@web.de>
Co-authored-by: Bullbagaren <bullbagaren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Co-authored-by: Edgarsons <edgarsons@noreply.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: KWik <kwik@noreply.codeberg.org>
Co-authored-by: Klenje <klenje@noreply.codeberg.org>
Co-authored-by: Lzebulon <lzebulon@noreply.codeberg.org>
Co-authored-by: Priit Jõerüüt <jrtcdbrg@noreply.codeberg.org>
Co-authored-by: SomeTr <sometr@noreply.codeberg.org>
Co-authored-by: Vyxie <kitakita@disroot.org>
Co-authored-by: Wuzzy <wuzzy@disroot.org>
Co-authored-by: aindriu80 <aindriu80@noreply.codeberg.org>
Co-authored-by: artnay <artnay@noreply.codeberg.org>
Co-authored-by: atarwn <atarwn@noreply.codeberg.org>
Co-authored-by: bespinas <bespinas@noreply.codeberg.org>
Co-authored-by: hanklank <hanklank@noreply.codeberg.org>
Co-authored-by: hugoalh <hugoalh@noreply.codeberg.org>
Co-authored-by: jimkats <jimkats@noreply.codeberg.org>
Co-authored-by: justbispo <justbispo@noreply.codeberg.org>
Co-authored-by: lanticy <lanticy@noreply.codeberg.org>
Co-authored-by: mahlzahn <mahlzahn@posteo.de>
Co-authored-by: ospalh <ospalh@noreply.codeberg.org>
Co-authored-by: retarded-beast <retarded-beast@noreply.codeberg.org>
Co-authored-by: smlxdesign <smlxdesign@noreply.codeberg.org>
Co-authored-by: tibfulv <tibfulv@noreply.codeberg.org>
Co-authored-by: vmtj <vmtj@noreply.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Co-authored-by: yookoala <yookoala@noreply.codeberg.org>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ar/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/be/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/bg/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/bn/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/bs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cy/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/da/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/el/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/eo/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/et/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/eu/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fa/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fil/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fur/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ga/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/gl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/he/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/hi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/hu/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/id/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/is/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/isv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/it/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ja/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/jbo/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ka/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/kab/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/kmr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ko/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/la/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/lt/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/lv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/mic/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ml/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nb_NO/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ro/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/si/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ta/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/th/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/tok/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/tr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/tt/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uz/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/vi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/yi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hant/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hant_HK/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/bg/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/eo/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/et/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ga/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/lv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/nb_NO/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/zh_Hant/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/zh_Hant_HK/
Translation: Forgejo/forgejo
Translation: Forgejo/forgejo-next
---
 options/locale/locale_bg.ini          |    3 +
 options/locale/locale_ca.ini          |   45 +-
 options/locale/locale_eo.ini          |   14 +-
 options/locale/locale_et.ini          |  138 +-
 options/locale/locale_fi-FI.ini       |   36 +-
 options/locale/locale_fur.ini         |    1 +
 options/locale/locale_ga-IE.ini       |   54 +-
 options/locale/locale_lv-LV.ini       |    2 +-
 options/locale/locale_nb_NO.ini       |   35 +-
 options/locale/locale_ru-RU.ini       |    2 +-
 options/locale/locale_sv-SE.ini       | 1792 ++++++++++++++++++++++---
 options/locale/locale_uk-UA.ini       |   38 +-
 options/locale/locale_zh-CN.ini       |    6 +-
 options/locale/locale_zh-HK.ini       |    4 +-
 options/locale/locale_zh-TW.ini       |   39 +-
 options/locale_next/locale_ar.json    |    2 +-
 options/locale_next/locale_be.json    |    2 +-
 options/locale_next/locale_bg.json    |   26 +-
 options/locale_next/locale_bn.json    |    2 +-
 options/locale_next/locale_bs.json    |    2 +-
 options/locale_next/locale_ca.json    |    2 +-
 options/locale_next/locale_cs-CZ.json |   18 +-
 options/locale_next/locale_cy.json    |    2 +-
 options/locale_next/locale_da.json    |    2 +-
 options/locale_next/locale_de-DE.json |   30 +-
 options/locale_next/locale_el-GR.json |   33 +-
 options/locale_next/locale_eo.json    |    3 +-
 options/locale_next/locale_es-ES.json |    2 +-
 options/locale_next/locale_et.json    |   10 +-
 options/locale_next/locale_eu.json    |    2 +-
 options/locale_next/locale_fa-IR.json |    2 +-
 options/locale_next/locale_fi-FI.json |   10 +-
 options/locale_next/locale_fil.json   |   17 +-
 options/locale_next/locale_fr-FR.json |   21 +-
 options/locale_next/locale_fur.json   |    7 +
 options/locale_next/locale_ga.json    |  318 ++++-
 options/locale_next/locale_gl.json    |    2 +-
 options/locale_next/locale_he.json    |    2 +-
 options/locale_next/locale_hi.json    |    2 +-
 options/locale_next/locale_hu-HU.json |    2 +-
 options/locale_next/locale_id-ID.json |    2 +-
 options/locale_next/locale_is-IS.json |    2 +-
 options/locale_next/locale_isv.json   |    2 +-
 options/locale_next/locale_it-IT.json |    2 +-
 options/locale_next/locale_ja-JP.json |   22 +-
 options/locale_next/locale_jbo.json   |    2 +-
 options/locale_next/locale_ka.json    |    2 +-
 options/locale_next/locale_kab.json   |    2 +-
 options/locale_next/locale_kmr.json   |    2 +-
 options/locale_next/locale_ko-KR.json |   10 +-
 options/locale_next/locale_la.json    |    2 +-
 options/locale_next/locale_lt.json    |    2 +-
 options/locale_next/locale_lv-LV.json |   26 +-
 options/locale_next/locale_mic.json   |    2 +-
 options/locale_next/locale_ml-IN.json |    2 +-
 options/locale_next/locale_nb_NO.json |    2 +-
 options/locale_next/locale_nds.json   |   18 +-
 options/locale_next/locale_nl-NL.json |    2 +-
 options/locale_next/locale_pl-PL.json |    2 +-
 options/locale_next/locale_pt-BR.json |    2 +-
 options/locale_next/locale_pt-PT.json |   26 +-
 options/locale_next/locale_ro.json    |    2 +-
 options/locale_next/locale_ru-RU.json |   16 +-
 options/locale_next/locale_si-LK.json |    2 +-
 options/locale_next/locale_sk-SK.json |    2 +-
 options/locale_next/locale_sl.json    |    2 +-
 options/locale_next/locale_sv-SE.json |    2 +-
 options/locale_next/locale_ta.json    |    2 +-
 options/locale_next/locale_th.json    |    2 +-
 options/locale_next/locale_tok.json   |    2 +-
 options/locale_next/locale_tr-TR.json |    2 +-
 options/locale_next/locale_tt.json    |    2 +-
 options/locale_next/locale_uk-UA.json |   20 +-
 options/locale_next/locale_uz.json    |    2 +-
 options/locale_next/locale_vi.json    |    2 +-
 options/locale_next/locale_yi.json    |    2 +-
 options/locale_next/locale_zh-CN.json |   18 +-
 options/locale_next/locale_zh-HK.json |    2 +-
 options/locale_next/locale_zh-TW.json |   22 +-
 79 files changed, 2528 insertions(+), 440 deletions(-)
 create mode 100644 options/locale/locale_fur.ini
 create mode 100644 options/locale_next/locale_fur.json

diff --git a/options/locale/locale_bg.ini b/options/locale/locale_bg.ini
index b8c11a6807..8efe46fffd 100644
--- a/options/locale/locale_bg.ini
+++ b/options/locale/locale_bg.ini
@@ -137,6 +137,9 @@ webauthn_error = Неуспешно прочитане на вашия ключ
 webauthn_unsupported_browser = Вашият браузър в момента не поддържа WebAuthn.
 webauthn_error_duplicated = Ключът за сигурност не е разрешен за тази заявка. Моля, уверете се, че ключът не е вече регистриран.
 tracked_time_summary = Обобщение на проследеното време въз основа на филтрите в списъка със задачи
+active_stopwatch = Активен тракер за време
+access_token = Токен за достъп
+passcode = Паскод
 
 [settings]
 ui = Тема
diff --git a/options/locale/locale_ca.ini b/options/locale/locale_ca.ini
index 342e066057..7ae7f3b98d 100644
--- a/options/locale/locale_ca.ini
+++ b/options/locale/locale_ca.ini
@@ -23,7 +23,7 @@ enable_javascript = Aquest lloc web requereix Javascript.
 toc = Taula de Continguts
 licenses = Llicències
 sign_up = Registrar-se
-link_account = Vincular un compte
+link_account = Vincula un compte
 tracked_time_summary = Resum del temps registrat basat en filtres del llistat de temes
 return_to_forgejo = Tornar a Forgejo
 toggle_menu = Commuta el menú
@@ -494,8 +494,8 @@ primary_mail_change.subject = S'ha canviat la vostra adreça de correu electròn
 totp_disabled.subject = S'ha deshabilitat TOTP
 removed_security_key.subject = S'ha eliminat una clau de seguretat
 removed_security_key.text_1 = S'ha eliminat la clau de seguretat "%[1]s" del vostre compte.
-account_security_caution.text_1 = Podeu ignorar aquest correu si heu sigut vos.
-account_security_caution.text_2 = Si no heu sigut vos, el vostre compte està compromès. Si us plau, contacteu els administradors d'aquest lloc.
+account_security_caution.text_1 = Podeu ignorar aquest correu si heu sigut vós.
+account_security_caution.text_2 = Si no heu sigut vós, el vostre compte està compromès. Si us plau, contacteu els administradors d'aquest lloc.
 totp_enrolled.subject = Heu activat TOTP com a mètode d'autenticació de doble factor
 totp_enrolled.text_1.no_webauthn = Heu activat TOTP pel vostre compte. Això vol dir que haureu d'usar TOTP com a mètode d'autenticació de doble factor a tots els inicis de sessió futurs al vostre compte.
 issue_assigned.pull = @%[1]s us ha assignat la sol·licitud d'extracció %[2]s al repositori %[3]s.
@@ -617,6 +617,8 @@ username_claiming_cooldown = El nom d'usuari no es pot reservar degut a que el s
 invalid_group_team_map_error = ` el mapatge no és vàlid: %s`
 repository_force_private = S'ha activat "Forçar privat": els repositoris privats no es poden fer públics.
 2fa_auth_required = L'accés remot requereix una autenticació de doble factor.
+visit_rate_limit = S'ha sobrepassat la taxa de visita remota.
+unset_password = L'usuari no ha establert una contrasenya.
 
 [settings]
 pronouns = Pronoms
@@ -671,7 +673,7 @@ twofa = Autenticació de doble factor (TOTP)
 webauthn = Autenticació de doble factor (claus de seguretat)
 storage_overview = Vista general de l'emmagatzematge
 quota = Quota
-profile_desc = Sobre vos
+profile_desc = Sobre vós
 password_username_disabled = Els usuaris no locals no tenen permès canviar el seu nom d'usuari. Si us plau, contacteu el vostre administrador per saber-ne més.
 update_profile = Actualitzar el perfil
 update_language = Canviar l'idioma
@@ -834,7 +836,7 @@ twofa_scratch_token_regenerate = Regenerar la clau de recuperació d'un sol ús
 twofa_scratch_token_regenerated = La vostra clau de recuperació d'un sol ús ara és %s. Emmagatzemeu-la en un lloc segur, ja que no es tornarà a mostrar.
 twofa_disable_note = L'autenticació de doble factor es pot desactivar si és necessari.
 twofa_disable_desc = Desactivar l'autenticació de doble factor farà que el vostre compte sigui menys segur. Voleu continuar?
-regenerate_scratch_token_desc = Si heu perdur la vostra clau de recuperació o ja l'heu fet servir per iniciar sessió, la podeu reiniciar aquí.
+regenerate_scratch_token_desc = Si heu perdut la vostra clau de recuperació o ja l'heu fet servir per iniciar sessió, la podeu reiniciar aquí.
 twofa_disabled = S'ha desactivat l'autenticació de doble factor.
 scan_this_image = Escanegeu aquesta imatge amb la vostra aplicació d'autenticació:
 or_enter_secret = O introduïu el secret: %s
@@ -901,6 +903,10 @@ quota.rule.no_limit = Il·limitat
 quota.sizes.all = Tot
 quota.sizes.assets.all = Recursos
 quota.sizes.wiki = Wiki
+user_block_yourself = No us podeu bloquejar.
+quota.applies_to_user = Les regles de quota següents s'apliquen al vostre compte
+quota.applies_to_org = Les regles de quota següents s'apliquen a aquesta organització
+quota.rule.exceeded = Sobrepassat
 
 [repo]
 settings.basic_settings = Configuració bàsica
@@ -1459,7 +1465,7 @@ issues.lock_duplicate = No es pot bloquejar una incidència dues vegades.
 issues.unlock_error = No es pot desbloquejar una incidència que no està bloquejada.
 issues.unlock_comment = ha desbloquejat aquesta conversa %s
 issues.lock.notice_1 = - Els altres usuaris no podran deixar més comentaris en aquesta incidència.
-issues.lock.notice_2 = - Vos i altres col·laboradors amb accés a aquest repositori encara podeu deixar comentaris que els altres poden veure.
+issues.lock.notice_2 = - Vós i altres col·laboradors amb accés a aquest repositori encara podeu deixar comentaris que els altres poden veure.
 issues.lock.notice_3 = - Sempre podeu desbloquejar aquesta incidència una altra vegada més endavant.
 issues.unlock.notice_1 = - Tothom podrà tornar a deixar comentaris en aquesta incidència.
 issues.unlock.notice_2 = - Sempre podeu bloquejar aquesta incidència una altra vegada més endavant.
@@ -1612,6 +1618,33 @@ migrate_options = Opcions de migració
 migrate_options_mirror_helper = Aquest repositori serà un mirall
 migrate_options_lfs_endpoint.description.local = També s'accepta un camí al servidor local.
 migrate_items = Elements de migració
+open_with_editor = Obre amb %s
+mirror_prune_desc = Elimina les referències de seguiment remot obsoletes
+mirror_sync_on_commit = Sincronitza quan es pugin commits
+mirror_lfs = Emmagatzematge gran de fitxers (LFS)
+mirror_lfs_desc = Activa l'emmirallament de dades LFS.
+mirror_lfs_endpoint = Punt final LFS
+mirror_lfs_endpoint_desc = En sincronitzar, s'intentarà utilitzar l'url de clonatge per a <a target="_blank" rel="noopener noreferrer" href="%s">determinar el servidor LFS</a>. També podeu especificar un punt final personalitzat si les dades LFS del repositori són en un altre lloc.
+mirror_password_help = Canvia el nom d'usuari per esborrar una contrasenya desada.
+adopt_search = Entra el nom d'usuari per cercar repositoris no-adoptats... (deixeu-ho en blanc per cercar-los tots)
+adopt_preexisting_label = Adopta fitxers
+adopt_preexisting = Adopta fitxers preexistents
+adopt_preexisting_content = Crea un repositori des de %s
+adopt_preexisting_success = Fitxers adoptats i repositori creat des de %s
+delete_preexisting = Elimina fitxers preexistents
+delete_preexisting_content = Elimina fitxers en %s
+template.git_hooks_tooltip = Actualment no podeu modificar o eliminar els ganxos git un cop s'han afegit. Només selecciona això si confieu en el repositori de plantilla.
+template.one_item = Heu de seleccionar un ítem de plantilla com a mínim
+template.invalid = Heu de seleccionar un repositori de plantilla
+archive.title = Aquest repositori és un arxiu. Podeu veure-hi els fitxers i clonar-lo, però no podeu fer-hi canvis com pujar modificacions, crear-ne incidències, «pull requests» o comentaris.
+archive.title_date = Aquest repositori és un arxiu a %s. Podeu veure-hi els fitxers i clonar-lo, però no podeu fer-hi canvis com pujar modificacions, crear-ne incidències, «pull requests» o comentaris.
+archive.nocomment = No es poden crear comentaris perquè el repositori és un arxiu.
+sync_fork.button = Sincronitza
+migrate_options_lfs = Migra els fitxers LFS
+migrate_options_lfs_endpoint.label = Punt final LFS
+migrate_options_lfs_endpoint.description = En migrar, s'intentarà utilitzar el vostre remot git per a <a target="_blank" rel="noopener noreferrer" href="%s">determinar el servidor LFS</a>. També podeu especificar un punt final personalitzat si les dades LFS del repositori són en un altre lloc.
+migrate_options_lfs_endpoint.placeholder = Si ho deixeu en blanc, el punt final derivarà de l'URL de clonació
+migrate_items_pullrequests = Pull requests
 
 [user]
 unblock = Desbloquejar
diff --git a/options/locale/locale_eo.ini b/options/locale/locale_eo.ini
index fd69e375aa..9b231518c6 100644
--- a/options/locale/locale_eo.ini
+++ b/options/locale/locale_eo.ini
@@ -575,6 +575,7 @@ Location = Kieo
 To = Branĉonomo
 AccessToken = Atingoĵetono
 required_prefix = La enigaĵo devas komenciĝi per "%s"
+username_error = ` enhavu sole literojn («a–z», «A–Z»), numerojn («0–9«), strekojn («-»), substrekojn («_») kaj punktojn («.»). Gi ne povas komenci kun ne-alfanumeraj signoj, kaj sinsekva ne-alfanumeraj signoj ankaŭ estas malpermesitaj.`
 
 [modal]
 confirm = Konfirmi
@@ -710,7 +711,7 @@ password_incorrect = La nuna pasvorto malĝustas.
 gpg_helper = <strong>Ĉu bezonas helpon?</strong> Legetu la gvidon <a href="%s">pri GPG</a>.
 choose_new_avatar = Elekti novan profilbildon
 activated = Konfirmita
-add_new_email = Aldoni novan retpoŝtadreson
+add_new_email = Aldoni retpoŝtadreson
 verify_gpg_key_success = GPG-ŝlosilo «%s» jam konfirmiĝis.
 show_openid = Montri je profilo
 hide_openid = Kaŝi de profilo
@@ -738,7 +739,7 @@ ssh_key_deletion_desc = Forigi SSH-ŝlosilon reprenus ĝian aliron al via konto.
 permission_no_access = Neniu aliro
 comment_type_group_dependency = Dependaĵo
 change_password_success = Via pasvorto konserviĝis. Salutu ekde nun per tiu nova pasvorto.
-email_deletion_desc = La retpoŝtmesaĝo kaj rilataj informoj forviŝiĝos de via konto. Git-enmetoj de tiu ĉi adreso restos senŝanĝaj. Ĉu daŭrigu?
+email_deletion_desc = Tiu ĉi retpoŝtadreso kaj rilataj informoj forviŝiĝos de via konto. Git-enmetoj de tiu ĉi adreso restos senŝanĝaj. Ĉu daŭrigu?
 permissions_list = Permesoj:
 permission_write = Lega kaj Skriba
 key_content = Enhavo
@@ -918,6 +919,10 @@ settings.archive.text = Arĥivigi la deponejon igus ĝin sole legebla. Ĝi kaŝi
 migrate_items_releases = Eldonoj
 commits.commits = Enmetoj
 rss.must_be_on_branch = Vi devas esti en branĉo por havi RSS-fluon.
+repo_name = Deponejonomo
+size_format = %[1]s: %[2]s; %[3]s: %[4]s
+template = Ŝablono
+template_select = Elektu ŝablonon
 
 [org]
 code = Fontkodo
@@ -976,4 +981,7 @@ directory = Dosierujo
 normal_file = Normala dosiero
 executable_file = Rulebla dosiero
 symbolic_link = Simbola ligilo
-submodule = Submodulo
\ No newline at end of file
+submodule = Submodulo
+
+[translation_meta]
+test = Mi prononcas Forgejo per g-sono. Ĝi ja ne estas literumita forĝejo :)
\ No newline at end of file
diff --git a/options/locale/locale_et.ini b/options/locale/locale_et.ini
index dba948f152..543ec78c7a 100644
--- a/options/locale/locale_et.ini
+++ b/options/locale/locale_et.ini
@@ -67,7 +67,7 @@ all = Kõik
 sources = Allikad
 mirror = Peegelpilt
 mirrors = Peegelpildid
-forks = Harud
+forks = Koodiharud
 activities = Tegevused
 pull_requests = Päringud koodi mestimiseks
 issues = Veahaldus
@@ -92,7 +92,7 @@ copy = Kopeeri
 copy_url = Kopeeri võrguaadress
 copy_hash = Kopeeri räsi
 copy_content = Kopeeri sisu
-copy_branch = Kopeeri haru nimi
+copy_branch = Kopeeri alamharu nimi
 copy_success = Kopeeritud!
 copy_error = Kopeerimine ei õnnestunud
 copy_type_unsupported = Seda failitüüpi ei saa kopeerida
@@ -156,7 +156,7 @@ team_kind = Otsi tiime…
 code_kind = Otsi koodi…
 package_kind = Otsi pakette…
 project_kind = Otsi projekte…
-branch_kind = Otsi harusid…
+branch_kind = Otsi alamharusid…
 commit_kind = Otsi kommiteid…
 runner_kind = Otsi jooksjaid…
 no_results = Sobivaid tulemusi ei leitud.
@@ -358,8 +358,8 @@ password_not_match = Salasõnad ei klapi.
 Password = Salasõna
 username_password_incorrect = Kassutajanimi või salasõna pole õige.
 required_prefix = Sisendi alguses peab olema „&s“
-To = Haru nimi
-NewBranchName = Haru uus nimi
+To = Alamharu nimi
+NewBranchName = Alamharu uus nimi
 UserName = Kasutajanimi
 Description = Kirjeldus
 Pronouns = Asesõnad
@@ -367,6 +367,14 @@ Biography = Biograafia
 Website = Veebisait
 Location = Asukoht
 Content = Sisu
+target_branch_not_exist = Sihiks võetud alamharu pole olemas.
+password_complexity = Salasõna ei vasta keerukuse reeglitele:
+password_lowercase_one = Peaks olema vähemalt üks väiketäht
+password_uppercase_one = Peaks olema vähemalt üks suurtäht
+password_digit_one = Peaks olema vähemalt üks number
+password_special_one = Peaks olema vähemalt üks erimärk (kirjavahemärk, sulg, jutumärk, jne)
+enterred_invalid_password = Sinu sisestatud salasõna pole korrektne.
+unset_password = Siselogiv kasutaja pole lisanud oma kontole salasõna.
 
 [settings]
 retype_new_password = Korda uut salasõna
@@ -375,7 +383,7 @@ change_password_success = Sina salasõna on nüüd muudetud. Edaspidi kasuta sis
 update_password = Muuda salasõna
 old_password = Senine salasõna
 new_password = Uus salasõna
-comment_type_group_branch = Koodiharu
+comment_type_group_branch = Alamharu
 profile = Profiil
 account = Kasutajakonto
 appearance = Välimus
@@ -420,6 +428,9 @@ permission_read = Lugemine
 permissions_list = Õigused:
 save_application = Salvesta
 oauth2_application_edit = Muuda
+change_password = Salasõna muutmine
+password_change_disabled = Kohalikus serveris mitteleiduvad kasutajad ei saa oma salasõna Forgejo kasutajaliidesest muuta.
+email_desc = Sinu põhilist e-posti aadressi kasutatakse teavitusteks, salasõna taastamiseks ning kui ta pole peidetud, siis ka veebipõhisteks toiminguteks gitiga.
 
 [repo]
 mirror_sync_on_commit = Sünkrooni sissekannete tegemisel
@@ -432,7 +443,7 @@ mirror_password_help = Salvestatud salasõna kustutamiseks muuda kasutajanime.
 mirror_address = Klooni võrguaadressilt
 mirror_password_blank_placeholder = (Seadistamata)
 commits.message = Sõnum
-commits.search_all = Kõik koodiharud
+commits.search_all = Kõik alamharu
 commits.author = Autor
 commits.browse_further = Sirvi edasi
 commits.renamed_from = Nimi muudetud, vana nimi oli „%s“
@@ -440,7 +451,7 @@ commits.date = Kuupäev
 commits.older = Vanemad
 commits.newer = Uuemad
 commitstatus.error = Viga
-commits.search_branch = See koodiharu
+commits.search_branch = See alamharu
 projects = Projektid
 commitstatus.failure = Tõrge
 commitstatus.pending = Ootel
@@ -450,29 +461,29 @@ issues.filter_sort.moststars = Enim tärne
 issues.choose.get_started = Alustame
 issues.start_tracking_short = Käivita taimer
 issues.filter_sort.feweststars = Kõike vähem tärne
-rss.must_be_on_branch = RSS-voo jaoks pead asuma koodiharus.
-all_branches = Kõik koodiharud
-default_branch = Vaikimisi koodiharu
+rss.must_be_on_branch = RSS-voo jaoks pead asuma alamharus.
+all_branches = Kõik alamharud
+default_branch = Vaikimisi alamharu
 default_branch_label = vaikimisi
-code.desc = Ligipääs lähtekoodile, failidele, sissekannetele ja koodiharudele.
-filter_branch_and_tag = Filtreeri koodiharu või sildi alusel
-branches = Koodiharud
-n_branch_one = %s koodiharu
-n_branch_few = %s koodiharu
-commit_graph.select = Vali koodiharud
-commit.contained_in_default_branch = See sissekanne on vaikimisi koodiharu osa
-editor.new_branch_name_desc = Koodiharu uus nimi…
-commits.nothing_to_compare = Need koodiharud on võrdsed.
-issues.no_ref = Ühtegi koodiharu/silti pole määratud
-pulls.merged_info_text = Koodiharu %s võid nüüd kustutada.
-pulls.update_branch_success = Koodiharu uuendamine õnnestus
-pulls.update_not_allowed = Sul pole õigust koodiharu uuendada
+code.desc = Ligipääs lähtekoodile, failidele, sissekannetele ja alamharudele.
+filter_branch_and_tag = Filtreeri alamharu või sildi alusel
+branches = Alamharud
+n_branch_one = %s alamharu
+n_branch_few = %s alamharu
+commit_graph.select = Vali alamharud
+commit.contained_in_default_branch = See sissekanne on vaikimisi alamharu osa
+editor.new_branch_name_desc = Alamharu uus nimi…
+commits.nothing_to_compare = Need alamharud on võrdsed.
+issues.no_ref = Ühtegi alamharu/silti pole määratud
+pulls.merged_info_text = Selle alamharu %s võid nüüd kustutada.
+pulls.update_branch_success = Alamharu uuendamine õnnestus
+pulls.update_not_allowed = Sul pole õigust alamharu uuendada
 pull.deleted_branch = (kustutatud):%s
-settings.branches.update_default_branch = Uuenda vaikimisi koodiharu
+settings.branches.update_default_branch = Uuenda vaikimisi alamharu
 settings.branches.add_new_rule = Lisa uus reegel
-settings.event_create_desc = Koodiharu või silt on loodud.
-settings.event_delete_desc = Koodiharu või silt on kustutatud.
-settings.branches = Kooduharud
+settings.event_create_desc = Alamharu või silt on loodud.
+settings.event_delete_desc = Alamharu või silt on kustutatud.
+settings.branches = Alamharud
 settings.protected_branch.save_rule = Salvesta reegel
 settings.protected_branch.delete_rule = Kustuta reegel
 editor.or = või
@@ -480,6 +491,69 @@ editor.cancel_lower = Katkesta
 editor.add_tmpl.filename = failinimi
 pulls.editable = Muudetav
 editor.add_file = Lisa fail
+fork_repo = Tee lähtekoodihoidlast uus koodiharu
+fork_from = Tee koodiharu allikast
+already_forked = Sa juba oled siit teinud koodiharu: %s
+fork_to_different_account = Tee koodihatu teisele kasutajakontole
+fork_visibility_helper = Lähtekoodihoidla koodiharu nähtavust ei saa muuta.
+forks = Koodharud
+sync_fork.button = Sünkrooni
+forked_from = koodiharu allikast
+fork_from_self = Sa ei saa endale kuuluvast lähtekoodi hoidlast koodiharu teha.
+fork_guest_user = Logi sisse sellest lähtekoodi hoidlast koodiharu tegemiseks.
+fork = Tee koodiharu
+fork_branch = Alamharu, millest tahad kloonid koodiharu
+commit.load_referencing_branches_and_tags = Laadi alamharud ja sildid, mis viitavad sellele sissekandele
+editor.must_be_on_a_branch = Selle faili muutmiseks või muudatuste pakkumiseks pead asuma antud alamharus.
+editor.create_new_branch_np = Loo selle sissekande jaoks <strong>uus alamharu</strong>.
+editor.new_branch_name = Anna selle sissekande jaoks loodud uuele alamharule nimi
+editor.branch_does_not_exist = Selles lähtekoodihoidlas pole olemas alamharu nimega „%s“.
+editor.branch_already_exists = Selles lähtekoodihoidlas juba on olemas alamharu nimega „%s“.
+editor.cannot_commit_to_protected_branch = Kaitstud alamharusse nimega „%s“ ei saa sissekandeid teha.
+commit.revert-content = Vali alamharu, kuhu tahad tagasi pöörata:
+issues.delete_branch_at = `kustutatud alamharu <b>%s</b> %s`
+pulls.filter_branch = Filtreeri alamharu alusel
+pulls.nothing_to_compare_have_tag = Valitud alamharud/sildid on võrdsed.
+activity.git_stats_push_to_all_branches = kõikidesse alamharudesse.
+activity.git_stats_push_to_branch = alamharusse %s ja
+activity.git_stats_on_default_branch = Alamharus %s,
+settings.branches.switch_default_branch = Vaheta vaikimisi alamharusse
+settings.branch_filter = Alamharude filter
+settings.protected_branch = Alamharu kaitse
+settings.protect_new_rule = Lisa uus alamharu kaitsmise reegel
+settings.branch_protection = <b>%s</b> alamharu kaitsmise reeglid
+settings.rename_branch = Muuda alamharu nime
+branch.name = Alamharu nimi
+branch.already_exists = Alamharu nimega „%s“ on juba olemas.
+branch.delete = Kustuta alamharu „%s“
+branch.delete_html = Kustuta alamharu
+branch.deletion_success = Alamharu „%s“ on kustutatud.
+branch.deletion_failed = Alamharu „%s“ kustutamine ei õnnestunud.
+branch.create_branch = Loo Alamharu „%s“
+branch.create_from = allikast „%s“
+branch.create_success = Alamharu „%s“ on loodud.
+branch.branch_already_exists = Alamharu nimega „%s“ on selles lähtekoodihoidlas juba olemas.
+branch.branch_name_conflict = Alamharu nimi „%s“ on vastolus olemasoleva alamharuga „%s“.
+branch.deleted_by = Kustutaja: %s
+branch.restore_success = Alamharu „%s“ on taastatud.
+branch.restore_failed = Alamharu „%s“ taastamine ei õnnestunud.
+branch.protected_deletion_failed = Alamharu „%s“ on kaitstud ja teda ei saa kustutada.
+branch.default_deletion_failed = Alamharu „%s“ on vaikimisi alamharu ja teda ei saa kustutada.
+branch.restore = Taasta alamharu „%s“
+branch.download = Laadi alla alamharu „%s“
+branch.rename = Muuda alamharu „%s“ nime
+branch.included_desc = See alamharu on vaikimisi alamharu osa
+branch.included = Sealhulgas
+branch.create_new_branch = Loo sellest alamharust uus alamharu:
+branch.confirm_create_branch = Loo alamharu
+branch.warning_rename_default_branch = Sa muudad vaikimisi alamharu nime.
+branch.rename_branch_to = Alamharu „%s“ nimi on muutmisel.
+branch.create_branch_operation = Loo alamharu
+branch.new_branch = Loo uus alamharu
+branch.new_branch_from = Loo uus alamharu siit: „%s“
+tree_path_not_found.branch = Asukohta „%[1]s“ pole olemas alamharus „%[2]s“
+template.git_content = Giti sisu (vaikimisi alamharu)
+mirror_denied_combination = Salasõnapõhist ja avaliku võtme põhist autentimist ei saa samal ajal kasutada.
 
 [actions]
 variables = Muutujad
@@ -525,4 +599,10 @@ show_private = Privaatne
 yes = Jah
 no = Ei
 confirm = Kinnita
-cancel = Katkesta
\ No newline at end of file
+cancel = Katkesta
+
+[action]
+compare_branch = Võrdle
+
+[packages]
+alpine.repository.branches = Alamharud
\ No newline at end of file
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index f1667e43ab..8b0c0c3edf 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -151,7 +151,7 @@ confirm_delete_artifact = Haluatko varmasti poistaa artefaktin "%s"?
 new_migrate.title = Uusi migraatio
 test = Testi
 concept_system_global = Yleisesti pätevä
-sign_in_with_provider = Kirjaudu %s-tilillä
+sign_in_with_provider = Kirjaudu käyttäen %sia
 filter.is_fork = Forkit
 filter.is_mirror = Peilit
 filter.is_template = Mallipohjat
@@ -902,7 +902,7 @@ webauthn_key_loss_warning = Jos menetät turva-avaimesi, menetät pääsyn tilil
 keep_activity_private.description = <a href="%s">Julkinen toimintasi</a> näkyy vain sinulle ja instanssin ylläpitäjille.
 email_desc = Ensisijaista sähköpostiosoitettasi käytetään ilmoituksiin, salasanan palautukseen ja jos sähköpostiosoite ei ole piilotettu, web-pohjaisiin Git-toimenpiteisiin.
 tokens_desc = Nämä poletit mahdollistavat pääsyn tilillesi Forgejon rajapintaa vasten.
-keep_email_private_popup = Sähköpostiosoitettasi ei näytetä profiilissasi, eikä sitä käytetä oletuksena verkkokäyttöliittymän kautta tehtävissä kommiteissa, kuten tiedostojen lähetyksissä, muokkauksissa ja yhdistämiskommiteissa. Sen sijaan voit käyttää erityistä osoitetta %s kommittien linkittämiseen tiliisi. Tämä vaihtoehto ei vaikuta olemassa oleviin kommitteihin.
+keep_email_private_popup = Sähköpostiosoitetta ei näytetä profiilisivulla, eikä sitä käytetä oletuksena verkkokäyttöliittymän kautta tehtävissä kommiteissa, kuten tiedostojen lähetyksissä, muokkauksissa ja yhdistämiskommiteissa. Sen sijaan erityistä osoitetta %s voi käyttää kommittien linkittämiseen käyttäjätiliin. Tämä asetus ei vaikuta olemassa oleviin kommitteihin.
 added_on = Lisätty %s
 additional_repo_units_hint = Ehdota tietovaraston lisäyksiköiden käyttöönottoa
 revoke_oauth2_grant_success = Pääsy mitätöity.
@@ -1013,6 +1013,9 @@ can_not_add_email_activations_pending = Aktivointi odottaa. Odota hetki ja yrit
 gpg_invalid_token_signature = Annettu GPG-avain, allekirjoitus ja poletti eivät täsmää, tai poletti on vanhentunut.
 ssh_invalid_token_signature = Annettu SSH-avain, allekirjoitus tai poletti eivät täsmää, tai poletti on vanhentunut.
 access_token_desc = Valitut poletin käyttöoikeudet rajoittavat valtuuden vain vastaaville <a href="%[1]s" target="_blank">API</a>-reiteille. Lue <a href="%[2]s" target="_blank">dokumentaatio</a> saadaksesi lisätietoja.
+oauth2_application_remove_description = OAuth2-sovelluksen poistaminen estää sitä pääsemästä valtuutettuihin käyttäjätileihin tässä instanssissa. Jatketaanko?
+oauth2_application_locked = Forgejo esirekisteröi joitain OAuth2-sovelluksia käynnistymisen yhteydessä, jos näin on määritetty kokoonpanon asetuksissa. Odottamattoman toiminnan estämiseksi näitä sovelluksia ei voi muokata tai poistaa. Lisätietoja on saatavilla OAuth2-dokumentaatiossa.
+quota.rule.exceeded.helper = Objektien yhteiskoko tälle säännölle on ylittänyt kiintiön.
 
 [repo]
 owner=Omistaja
@@ -1196,7 +1199,7 @@ issues.new.open_milestone=Avoimet merkkipaalut
 issues.new.closed_milestone=Suljetut merkkipaalut
 issues.new.assignees=Käsittelijä
 issues.new.clear_assignees=Tyhjennä käsittelijä
-issues.new.no_assignees=Ei käsittelijää
+issues.new.no_assignees=Ei käsittelijöitä
 issues.choose.open_external_link=Avaa
 issues.choose.blank=Oletus
 issues.no_ref=Haaraa/tagia ei määritelty
@@ -1423,7 +1426,7 @@ activity.closed_issues_count_1=suljettu ongelma
 activity.closed_issues_count_n=suljettua ongelmaa
 activity.title.issues_created_by=%s luonut %s
 activity.closed_issue_label=Suljettu
-activity.new_issues_count_1=Uusi ongelma
+activity.new_issues_count_1=uusi ongelma
 activity.new_issues_count_n=uutta ongelmaa
 activity.new_issue_label=Avoinna
 activity.unresolved_conv_label=Auki
@@ -1826,10 +1829,10 @@ readme_helper = Valitse README-tiedoston mallipohja
 settings.default_merge_style_desc = Oletusarvoinen yhdistämistyyli
 wiki.back_to_wiki = Takaisin wikisivulle
 wiki.delete_page_notice_1 = Wikisivun "%s" poistamista ei voi perua. Jatketaanko?
-activity.merged_prs_count_1 = Yhdistetty vetopyyntö
-activity.merged_prs_count_n = Yhdistettyä vetopyyntöä
-activity.opened_prs_count_1 = Ehdotettu vetopyyntö
-activity.opened_prs_count_n = Ehdotettua vetopyyntöä
+activity.merged_prs_count_1 = yhdistetty vetopyyntö
+activity.merged_prs_count_n = yhdistettyä vetopyyntöä
+activity.opened_prs_count_1 = ehdotettu vetopyyntö
+activity.opened_prs_count_n = ehdotettua vetopyyntöä
 activity.title.user_1 = %d käyttäjä
 activity.title.prs_n = %d vetopyyntöä
 settings.sourcehut_builds.secrets = Salaisuudet
@@ -2552,6 +2555,20 @@ issues.lock.unknown_reason = Ongelmaa ei voi lukita tuntemattomalla syyllä.
 issues.unlock_error = Ongelmaa, jota ei ole lukittu, ei voi avata lukituksesta.
 issues.tracking_already_started = `Olet jo aloittanut ajanseurannan <a href="%s">toisessa ongelmassa</a>!`
 issues.cancel_tracking_history = `perui ajanseurannan %s`
+summary_card_alt = Tietovaraston %s yhteenvetokortti
+migrate_options_lfs_endpoint.placeholder = Jos jätetty tyhjäksi, päätepiste johdetaan kloonaus-URL:stä
+broken_message = Tämän tietovaraston taustalla olevaa Git-dataa ei voi lukea. Ota yhteys tämän instanssin ylläpitoon tai poista tietovarasto.
+issues.edit.already_changed = Muutosten tallentaminen ongelmaan ei onnistu. Vaikuttaa siltä, että sisältöä on jo muutettu toisen käyttäjän toimesta. Päivitä sivu ja yritä muokata uudelleen välttääksesi muiden tekemien muutosten ylikirjoittamisen
+issues.choose.invalid_templates = Virheellisiä mallipohjia löytyi %v
+issues.ref_issue_from = `<a href="%[2]s">viittasi tähän ongelmaan %[3]s</a> %[1]s`
+issues.due_date_invalid = Eräpäivä on virheellinen tai ajanjakson ulkopuolella. Käytä muotoa "yyyy-mm-dd".
+issues.dependency.issue_close_blocked = Sinun täytyy sulkea kaikki tämän ongelman estävät ongelmat, ennen kuin voit sulkea tämän ongelman.
+issues.review.pending.tooltip = Tämä kommentti ei ole näkyvissä tällä hetkellä muille käyttäjille. Lähettääksesi odottavat kommentit, valitse "%s" -> "%s/%s/%s" sivun yläosasta.
+milestones.deletion_desc = Merkkipaalun poistaminen poistaa sen kaikista siihen liittyvistä ongelmista. Jatketaanko?
+activity.title.issues_closed_from = %s sulkenut %s
+settings.protected_branch_duplicate_rule_name = Tälle joukolle haaroja on jo olemassa sääntö
+issues.filter_assginee_no_assignee = Ei käsittelijää
+issues.action_assignee_no_select = Ei käsittelijää
 
 
 
@@ -3123,6 +3140,8 @@ notices.delete_success = Järjestelmäilmoitukset on poistettu.
 monitor.queue.settings.maxnumberworkers.placeholder = Tällä hetkellä %[1]d
 auths.force_smtps_helper = SMTPS:ää käytetään aina portissa 465. Aseta tämä pakottaaksesi SMTPS toisiin portteihin. (Muuten STARTTLS:ää käytetään toisiin portteihin, jos palvelin tukee sitä.)
 dashboard.resync_all_sshprincipals = Päivitä ".ssh/authorized_principals"-tiedosto Forgejon SSH-prinsipaaleilla.
+auths.verify_group_membership = Vahvista ryhmäjäsenyys LDAP:issa (jätä suodatin tyhjäksi ohittaaksesi)
+auths.oauth2_map_group_to_team_removal = Poista käyttäjät synkronoiduista tiimeistä, jos käyttäjä ei kuulu vastaavaan ryhmään.
 
 
 [action]
@@ -3475,6 +3494,7 @@ runs.no_job_without_needs = Työnkulun tulee sisältää vähintään yksi työ
 runs.no_runs = Työnkululla ei ole vielä suorituksia.
 variables.not_found = Muuttujaa ei löytynyt.
 runs.no_workflows.help_write_access = Etkö tiedä, miten aloittaa Forgejo Actionsin käyttö? Lue <a target="_blank" rel="noopener noreferrer" href="%s">pikaopas</a> kirjoittaaksesi ensimmäisen työnkulun, sen jälkeen <a target="_blank" rel="noopener noreferrer" href="%s">määritä Forgejo-ajaja</a> suorittamaan asettamiasi töitä.
+runs.status_no_select = Kaikki tilat
 
 
 
diff --git a/options/locale/locale_fur.ini b/options/locale/locale_fur.ini
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/options/locale/locale_fur.ini
@@ -0,0 +1 @@
+
diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini
index 41a4f51227..1d6175a023 100644
--- a/options/locale/locale_ga-IE.ini
+++ b/options/locale/locale_ga-IE.ini
@@ -9,7 +9,7 @@ sign_in_with_provider = Sínigh isteach le %s
 sign_in_or = nó
 sign_out = Sínigh amach
 sign_up = Cláraigh
-link_account = Cuntas Nasc
+link_account = Nasc cuntas
 register = Cláraigh
 version = Leagan
 powered_by = Cumhachtaithe ag %s
@@ -98,7 +98,7 @@ write = Scríobh
 preview = Réamhamharc
 loading = Á lódáil...
 error = Earráid
-error404 = Níl an leathanach atá tú ag iarraidh a bhaint amach <strong>ann</strong> nó <strong>níl tú údaraithe</strong> chun é a fheiceáil.
+error404 = Níl an leathanach atá tú <strong>ag iarraidh a bhaint amach ann</strong>, <strong>nó baineadh é</strong> nó <strong>níl údarú </strong>agat é a fheiceáil.
 go_back = Ar ais
 invalid_data = Sonraí neamhbhailí: %v
 never = Riamh
@@ -124,9 +124,26 @@ filter.is_archived = Cartlannaithe
 filter.not_archived = Gan Cartlannaithe
 filter.public = Poiblí
 filter.private = Príobháideach
+return_to_forgejo = Fill ar ais go Forgejo
+toggle_menu = Roghchlár scoránaigh
+new_repo.title = Stórlann nua
+new_migrate.title = Imirce nua
+new_org.title = Eagraíocht nua
+new_repo.link = Stórlann nua
+new_migrate.link = Imirce nua
+new_org.link = Eagraíocht nua
+error413 = Tá do chuóta ídithe agat.
+confirm_delete_artifact = An bhfuil tú cinnte gur mian leat an déantán "%s" a scriosadh?
+filter.clear = Glan scagairí
+filter.is_fork = Forcanna
+filter.not_fork = Ní forcanna
+filter.is_mirror = Scátháin
+filter.not_mirror = Ní scátháin
+filter.is_template = Teimpléid
+filter.not_template = Ní teimpléid iad
 
 [search]
-search = Cuardaigh...
+search = Cuardaigh…
 type_tooltip = Cineál cuardaigh
 fuzzy = Doiléir
 fuzzy_tooltip = Cuir san áireamh torthaí a mheaitseálann an téarma cuardaigh go dlúth freisin
@@ -147,21 +164,30 @@ no_results = Níl aon torthaí meaitseála le fáil.
 issue_kind = Saincheisteanna cuardaigh…
 pull_kind = Cuardaigh iarratais tarraingthe…
 keyword_search_unavailable = Níl cuardach de réir eochairfhocal ar fáil faoi láthair. Déan teagmháil le riarthóir an láithreáin.
+union = Aontas
+union_tooltip = Cuir torthaí san áireamh a mheaitseálann aon cheann de na heochairfhocail scartha le spás bán
+regexp = RegExp
+regexp_tooltip = Léirmhínigh an téarma cuardaigh mar ghnáthléiriú
 
 [aria]
 navbar = Barra Nascleanúint
 footer = Buntásc
 footer.links = Naisc
+footer.software = Maidir leis an mbogearra seo
 
 [heatmap]
 number_of_contributions_in_the_last_12_months = %s ranníocaíochtaí le 12 mhí anuas
 less = Níos lú
 more = Níos mó
+contributions_zero = Gan aon ranníocaíochtaí
+contributions_format = {contributions} ar {month} {day}, {year}
+contributions_one = ranníocaíocht
+contributions_few = ranníocaíochtaí
 
 [editor]
 buttons.heading.tooltip = Cuir ceannteideal leis
-buttons.bold.tooltip = Cuir téacs trom leis
-buttons.italic.tooltip = Cuir téacs iodálach leis
+buttons.bold.tooltip = Cuir téacs trom leis (Ctrl+B / ⌘B)
+buttons.italic.tooltip = Cuir téacs iodálach leis (Ctrl+I / ⌘I)
 buttons.quote.tooltip = Téacs luaigh
 buttons.code.tooltip = Cuir cód leis
 buttons.link.tooltip = Cuir nasc leis
@@ -173,6 +199,18 @@ buttons.ref.tooltip = Déan tagairt d'eisiúint nó iarratas tarraingthe
 buttons.switch_to_legacy.tooltip = Úsáid an eagarthóir oidhreachta ina ionad
 buttons.enable_monospace_font = Cumasaigh cló monospace
 buttons.disable_monospace_font = Díchumasaigh cló monospace
+buttons.indent.tooltip = Míreanna neadaithe leibhéal amháin
+buttons.unindent.tooltip = Díneadaigh míreanna leibhéal amháin
+buttons.new_table.tooltip = Cuir tábla leis
+table_modal.header = Cuir tábla leis
+table_modal.placeholder.header = Ceanntásc
+table_modal.placeholder.content = Ábhar
+table_modal.label.rows = Sraitheanna
+table_modal.label.columns = Colúin
+link_modal.header = Cuir nasc leis
+link_modal.url = Url
+link_modal.description = Cur síos
+link_modal.paste_reminder = Leid: Le URL i do ghearrthaisce, is féidir leat é a ghreamú go díreach isteach san eagarthóir chun nasc a chruthú.
 
 [filter]
 string.asc = A - Z
@@ -182,6 +220,8 @@ string.desc = Z - A
 occurred = Tharla earráid
 not_found = Ní raibh an sprioc in ann a fháil.
 network_error = Earráid líonra
+report_message = Má chreideann tú gur fabht Forgejo atá ann, déan cuardach ar shaincheisteanna ar <a href="%s" target="_blank">Codeberg</a> nó oscail saincheist nua más gá.
+server_internal = Earráid inmheánach freastalaí
 
 [startpage]
 app_desc = Seirbhís Git gan phian, féin-óstáil
@@ -190,6 +230,9 @@ install_desc = Níl ort ach <a target="_blank" rel="noopener noreferrer" href="%
 platform = Tras-ardán
 lightweight = Éadrom
 license = Foinse Oscailte
+platform_desc = Tá sé deimhnithe go n-oibríonn Forgejo ar chórais oibriúcháin saor in aisce ar nós Linux agus FreeBSD, chomh maith le hailtireachtaí LAP éagsúla. Roghnaigh an ceann is fearr leat!
+lightweight_desc = Tá riachtanais íosta ísle ag Forgejo agus is féidir é a rith ar Raspberry Pi saor. Sábháil fuinneamh do mheaisín!
+license_desc = Téigh agus faigh <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Bí linn trí <a target="_blank" rel="noopener noreferrer" href="%[2]s">cur leis</a> chun an tionscadal seo a dhéanamh níos fearr fós. Ná bíodh drogall ort a bheith i do rannpháirtí!
 
 [install]
 install = Suiteáil
@@ -266,6 +309,7 @@ password_algorithm_helper = Socraigh an algartam hashing pasfhocal. Tá riachtan
 enable_update_checker = Cumasaigh Seiceoir Nuashonraithe
 env_config_keys = Cumraíocht Comhshaoil
 env_config_keys_prompt = Cuirfear na hathróga comhshaoil seo a leanas i bhfeidhm ar do chomhad cumraíochta freisin:
+docker_helper = Má ritheann tú Forgejo taobh istigh de Docker, léigh an <a target="_blank" rel="noopener noreferrer" href="%s">doiciméadú</a> le do thoil sula n-athraíonn tú aon socruithe.
 
 [home]
 uname_holder = Ainm Úsáideora nó Seoladh Ríomhphoist
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index 4b518260d4..1745af2776 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -1040,7 +1040,7 @@ visibility_description=Tikai apvienības īpašnieks vai tās dalībnieki, ja vi
 visibility_helper=Padarīt glabātavu privātu
 visibility_helper_forced=Vietnes pārvaldītājs ir noteicis, ka jaunām glabātavām ir jābūt privātām.
 visibility_fork_helper=(Šīs vērtības mainīšana ietekmēs visus atzarojumus.)
-clone_helper=Nepieciešama palīdzība klonēšanā? Apmeklē <a target="_blank" rel="noopener noreferrer" href="%s">palīdzības</a> sadaļu.
+clone_helper=Nepieciešama palīdzība klonēšanā? Apmeklē <a target="_blank" rel="noopener noreferrer" href="%s">palīdzības</a> sadaļu!
 fork_repo=Izveidot glabātavas atzarojumu
 fork_from=Izveidot atzarojumu no
 already_forked=Jau ir atzarojums no %s
diff --git a/options/locale/locale_nb_NO.ini b/options/locale/locale_nb_NO.ini
index 14bee09141..4e8232f207 100644
--- a/options/locale/locale_nb_NO.ini
+++ b/options/locale/locale_nb_NO.ini
@@ -141,7 +141,7 @@ filter.not_fork = Ikke forks
 pull_requests = Pull requests
 copy_branch = Kopier branch navn
 error404 = Siden du forsøker å nå <strong>eksisterer ikke</strong>, <strong>er blitt fjernet</strong> eller <strong>du har ikke tilgang til å se den</strong>.
-tracked_time_summary = Oppsummering av sporet tid basert på problemfiltre
+tracked_time_summary = Oppsummering av registrert tid basert på problemfiltre
 
 [search]
 search = Søk…
@@ -205,6 +205,39 @@ send_reset_mail = Send gjenopprettings e-post
 reset_password = Kontogjenoppretting
 invalid_code = Din bekreftningskode er ugyldig eller har utløpt.
 invalid_code_forgot_password = Din bekreftningskode er ugyldig eller har utløpt. Trykk <a href="%s">her</a> for å starte ny økt.
+invalid_password = Passordet ditt er ikke det samme som ble brukt til å opprette kontoen.
+use_onetime_code = Bruk engangskode
+use_scratch_code = Bruk sikkerhetskode
+twofa_scratch_used = Du har brukt sikkerhetskoden din. Du har blitt videresendt til siden for tofaktorinnstillinger, slik at du kan fjerne din enhetsregistrering eller generere en ny sikkerhetskode.
+twofa_passcode_incorrect = Tilgangskoden din er feil. Om du har forlagt enheten, kan du bruke sikkerhetskoden for å logge inn.
+twofa_scratch_token_incorrect = Sikkerhetskoden din er feil.
+oauth_signin_tab = Tilknytt en eksisterende konto
+oauth_signin_title = Logg inn for å autorisere den tilknyttede kontoen
+oauth_signin_submit = Tilknytt konto
+oauth.signin.error = Det oppstod en feil underveis med forespørselen for autorisasjon. Dersom feilen vedvarer, vennligst kontakt systemansvarlig.
+oauth.signin.error.access_denied = Forespørselen om autorisasjon ble avslått.
+oauth.signin.error.temporarily_unavailable = Kunne ikke autorisere fordi autorisasjonstjeneren er midlertidig utilgjengelig. Vennligst prøv igjen senere.
+openid_connect_submit = Koble til
+openid_connect_title = Koble til en eksisterende konto
+password_too_short = Lengden på passordet kan ikke være kortere enn %d tegn.
+non_local_account = Brukere fra andre kilder kan ikke oppdatere passordet ved hjelp av Forgejos webgrensesnitt.
+reset_password_helper = Gjenopprett konto
+reset_password_wrong_user = Du er logget på som %s, men lenken for gjenoppretting av kontoen er tiltenkt %s
+scratch_code = Sikkerhetskode
+unauthorized_credentials = Akkreditering er uriktig eller har løpt ut. Gjenta kommandoen eller se %s for mer informasjon
+openid_connect_desc = Den valgte OpenID-URIen er ukjent. Knytt den til en ny konto her.
+openid_register_title = Opprett ny konto
+openid_register_desc = Den valgte OpenID-URIen er ukjent. Tilknytt den til en ny konto her.
+openid_signin_desc = Oppgi din OpenID-URI. Eksempelvis alice.openid.example.org eller https://openid.example.org/alice.
+disable_forgot_password_mail = Gjenoppretting av konto er deaktivert ettersom det ikke er satt opp en e-post. Vennligst kontakt din systemansvarlig.
+disable_forgot_password_mail_admin = Gjenoppretting av konto er kun tilgjengelig når e-post er satt opp. Vennligst sett opp e-post for gjenoppretting av konto.
+email_domain_blacklisted = Du kan ikke registrere deg med din e-postadresse.
+authorize_application = Autoriser applikasjon
+authorize_redirect_notice = Du vil bli omdirigert til %s dersom du autoriserer denne applikasjonen.
+authorize_application_created_by = Denne applikasjonen ble laget av %s.
+authorize_application_description = Dersom du gir tilgang vil den kunne lese og skrive til all kontoinformasjonen din, inklusive private repo-er og organisasjoner.
+authorize_title = Autoriser "%s" for tilgang til din konto?
+authorization_failed = Autorisering feilet
 
 [home]
 uname_holder = Brukernavn eller e-postadresse
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index cde13a7f55..e880c0fa78 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -1018,7 +1018,7 @@ quota.sizes.assets.attachments.all = Все прикреплённые файл
 quota.sizes.assets.attachments.releases = Файлы выпусков
 quota.sizes.assets.attachments.issues = Файлы задач
 quota.sizes.assets.artifacts = Артефакты
-regenerate_token = Заменить
+regenerate_token = Создать новый
 access_token_regeneration_desc = Будет создан новый токен, предыдущий будет отозван. Вам потребуется заменить токен в приложениях, использующих его. Это действие нельзя отменить. Продолжить?
 regenerate_token_success = Токен был заменён. Приложения, использующие его, более не имеют доступа к этой учётной записи и должны получить новый токен.
 access_token_regeneration = Замена токена доступа
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 74b19b02c6..31c113b5d9 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -37,7 +37,7 @@ repository=Utvecklingskatalog
 organization=Organisation
 mirror=Spegel
 new_mirror=Ny spegling
-new_fork=Ny förgrening av utvecklingskatalog
+new_fork=Ny förgrening av kodförråd
 new_project=Nytt projekt
 admin_panel=Sidadministration
 settings=inställningar
@@ -52,7 +52,7 @@ collaborative=Kollaborativa
 forks=Forks
 
 activities=Aktiviteter
-pull_requests=Pull-förfrågningar
+pull_requests=Ändringsförfrågningar
 issues=Ärenden
 milestones=Milstolpar
 
@@ -105,8 +105,8 @@ copy_error = Kopiering misslyckades
 copy_content = Kopiera innehåll
 webauthn_insert_key = Skriv in din säkerhetsnyckel
 webauthn_press_button = Var god tryck på knappen på din säkerhetsnyckel…
-webauthn_error = Kunde inte läsa din säkerhetsnyckel.
-webauthn_unsupported_browser = Din webbläsare har inte ännu stöd för WebAuthn.
+webauthn_error = Det gick inte att läsa din säkerhetsnyckel.
+webauthn_unsupported_browser = Din webbläsare har ännu inte stöd för WebAuthn.
 webauthn_error_unknown = Ett okänt fel har inträffat. Var god försök igen.
 webauthn_error_empty = Du måste ange ett namn för den här nyckeln.
 new_org.title = Ny organisation
@@ -132,38 +132,38 @@ filter.is_mirror = Speglar
 copy_path = Kopiera sökväg
 unpin = Lossa
 value = Värde
-filter.not_archived = Inte arkiverade
+filter.not_archived = Ej arkiverade
 error413 = Du har använt upp din kvot.
 invalid_data = Ogiltig data: %v
-filter.not_template = Inte mallar
+filter.not_template = Ej mallar
 copy_hash = Kopiera hash
 view = Se
 copy_branch = Kopiera grennamn
 pin = Fäst
 filter.public = Publika
-new_repo.title = Ny utvecklingskatalog
+new_repo.title = Nytt kodförråd
 new_migrate.title = Ny migrering
-new_repo.link = Ny utvecklingskatalog
+new_repo.link = Nytt kodförråd
 new_migrate.link = Ny migrering
-filter.not_mirror = Inte speglar
+filter.not_mirror = Ej speglar
 filter.is_template = Mallar
 filter.private = Privata
 active_stopwatch = Spårning av aktiv tid
 tracked_time_summary = Sammanfattning av spårad tid baserat på filter av ärendelistan
-toggle_menu = Visningsmeny
+toggle_menu = Växla meny
 confirm_delete_selected = Bekräfta för att ta bort alla valda objekt?
-webauthn_error_timeout = Timeout uppnåddes innan din nyckel kan läsas. Vänligen ladda om denna sida och försök igen.
+webauthn_error_timeout = Det gick inte att läsa din nyckel innan tidsgränsen nåddes. Läs om denna sida och försök igen.
 filter.is_fork = Förgreningar
 webauthn_error_duplicated = Säkerhetsnyckeln är inte tillåten för denna begäran. Se till att nyckeln inte redan är registrerad.
-filter.not_fork = Inte förgrenade
-remove_label_str = Ta bort objektet "%"
+filter.not_fork = Ej förgreningar
+remove_label_str = Ta bort objektet "%s"
 webauthn_use_twofa = Använd en tvåfaktorskod från din telefon
 webauthn_error_insecure = WebAuthn stöder endast säkra anslutningar. För testning över HTTP kan du använda "localhost" eller "127.0.0.1"
 webauthn_error_unable_to_process = Servern kunde inte hantera din begäran.
 copy_generic = Kopiera till urklipp
 
 [aria]
-footer.software = Om den här mjukvaran
+footer.software = Om programvaran
 footer.links = Länkar
 footer = Sidfot
 navbar = Navigeringsfält
@@ -171,7 +171,7 @@ navbar = Navigeringsfält
 [heatmap]
 contributions_one = bidrag
 contributions_zero = Inga bidrag
-contributions_format = {contributions} på {day} {month}, {year}
+contributions_format = {contributions} den {day} {month} {year}
 contributions_few = bidrag
 less = Mindre
 more = Mer
@@ -186,23 +186,24 @@ buttons.bold.tooltip = Lägg till fetstilt text (CTRL+B / ⌘B)
 buttons.italic.tooltip = Lägg till kursiv text (CTRL+I / ⌘I)
 buttons.list.unordered.tooltip = Lägg till en punktlista
 buttons.list.ordered.tooltip = Lägg till en numrerad lista
-buttons.list.task.tooltip = Lägg till en lista med sysslor
+buttons.list.task.tooltip = Lägg till en uppgiftslista
 buttons.mention.tooltip = Nämn en användare eller ett team
-buttons.ref.tooltip = Hänvisa till ett ärende eller en pull request
+buttons.ref.tooltip = Hänvisa till ett ärende eller en ändringsförfrågan
 buttons.new_table.tooltip = Lägg till tabell
 table_modal.header = Lägg till tabell
 table_modal.placeholder.header = Sidhuvud
 table_modal.placeholder.content = Innehåll
 table_modal.label.rows = Rader
 table_modal.label.columns = Kolumner
-buttons.switch_to_legacy.tooltip = Använd legacy-redigeraren istället
-link_modal.url = Url
+buttons.switch_to_legacy.tooltip = Använd den föråldrade redigeraren istället
+link_modal.url = URL
 link_modal.description = Beskrivning
 link_modal.header = Lägg till en länk
-buttons.disable_monospace_font = Avaktivera jämnbrett typsnitt
-link_modal.paste_reminder = Tips: Med ett URL i ditt klippbord, kan du klistra in direkt i textredigeraren för att skapa en länk.
+buttons.disable_monospace_font = Inaktivera jämnbrett typsnitt
+link_modal.paste_reminder = Tips: Med en URL i urklipp kan du klistra in direkt i textredigeraren för att skapa en länk.
 buttons.enable_monospace_font = Aktivera jämnbrett typsnitt
-buttons.indent.tooltip = Inplacera föremål med en nivå
+buttons.indent.tooltip = Öka indrag med en nivå
+buttons.unindent.tooltip = Minska indrag med en nivå
 
 [filter]
 string.asc = A - Ö
@@ -212,18 +213,19 @@ string.desc = Ö - A
 occurred = Ett fel har inträffat
 server_internal = Internt serverfel
 network_error = Nätverksfel
-report_message = Om du tror att detta är en Forgejo-bugg, sök efter ärenden på <a href="%s" target="_blank">Codeberg </a> eller öppna ett nytt ärende om det behövs.
+report_message = Om du tror att detta är ett fel i Forgejo, sök efter ärenden på <a href="%s" target="_blank">Codeberg</a> eller öppna ett nytt ärende om det behövs.
 not_found = Målet kunde inte hittas.
 
 [startpage]
 app_desc=En smidig, självhostad Git-tjänst
 install=Lätt att installera
 platform=Plattformsoberoende
-platform_desc=Forgejo har bekräftats körbart på libre-operativsystem så som Linux och FreeBSD, samt på olika CPU-arkitekturer. Välj den du älskar!
+platform_desc=Forgejo har bekräftats körbart på fria operativsystem såsom Linux och FreeBSD, såväl som på olika CPU-arkitekturer. Välj vad du föredrar!
 lightweight=Lättviktig
 lightweight_desc=Forgejo har låga minimum-krav och kan köras på en billig Rasperry Pi. Spara på din maskins kraft!
 license=Öppen källkod
-license_desc=Hämta <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Gå med oss genom att <a target="_blank" rel="noopener noreferrer" href="%[2]s">bidra</a> för att göra projektet ännu bättre. Var inte blyg för att bli en medarbetare!
+license_desc=Hämta <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Gå med oss genom att <a target="_blank" rel="noopener noreferrer" href="%[2]s">bidra</a> för att göra projektet ännu bättre. Var inte blyg - bli en bidragsgivare!
+install_desc = Kör den <a target="_blank" rel="noopener noreferrer" href="%[1]s">binära filen</a> för din plattform, lansera den med <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a>, eller få den <a target="_blank" rel="noopener noreferrer" href="%[3]s">paketerad</a>.
 
 [install]
 install=Installation
@@ -250,14 +252,14 @@ err_admin_name_is_invalid=Administratörsanvändarnamnet är ogiltigt
 
 general_title=Allmänna inställningar
 app_name=Instansens titel
-app_name_helper=Skriv in din instans namn här. Det kommer att visas på varje sida.
-repo_path=Rotsökväg för utvecklingskatalog
+app_name_helper=Skriv in instansens namn här. Det kommer att visas på varje sida.
+repo_path=Rotsökväg för kodförråd
 repo_path_helper=Fjärrutvecklingskataloger kommer att sparas i denna katalog.
 lfs_path=LFS rotsökväg
 lfs_path_helper=Filer hanterade av Git LFS kommer att sparas i denna mapp. Lämna tom för att avaktivera.
 run_user=Användare att köra som
 ssh_port=SSH-serverport
-ssh_port_helper=Portnumret som din SSH-server använder. Lämna tom för att inaktivera SSH-server.
+ssh_port_helper=Portnumret som din SSH-server använder. Lämna tomt för att inaktivera.
 http_port=HTTP-lyssningsport
 http_port_helper=Portnumret som kommer att användas av Forgejos webbserver.
 app_url=Bas-URL
@@ -269,17 +271,17 @@ optional_title=Övriga inställningar
 email_title=E-postinställningar
 smtp_addr=SMTP-server
 smtp_port=SMTP-port
-smtp_from=Skicka E-post som
+smtp_from=Skicka e-post som
 smtp_from_helper=Mejladress som Forgejo kommer att använda. Anges i simpelt ('email@example.com') eller fullständigt ('Name <email@example.com>') format.
 mailer_user=SMTP-användarnamn
 mailer_password=SMTP-lösenord
-register_confirm=Kräv bekräftelse via E-post för att registrera
-mail_notify=Aktivera E-postnotifikationer
+register_confirm=Kräv bekräftelse via e-post för att registrera
+mail_notify=Aktivera e-postnotifikationer
 server_service_title=Inställningar för server- och tredjepartstjänster
 offline_mode=Aktivera lokalt läge
 offline_mode.description=Inaktivera CDN från tredjepart och distribuera samtliga resurser lokalt istället.
 disable_gravatar=Inaktivera Gravatar
-disable_gravatar.description=Inaktivera Gravatar- och avatarskällor från tredjepart. Standardbilder kommer att användas för användaravatarer om dom inte laddar upp en egen avatar till instansen.
+disable_gravatar.description=Inaktivera Gravatar- och avatarskällor från tredjepart. Standardbilder kommer att användas för användaravatarer om de inte laddar upp en egen avatar till instansen.
 federated_avatar_lookup=Aktivera federerade avatarer
 federated_avatar_lookup.description=Använd Libavatar för uppslagning av avatarer.
 disable_registration=Inaktivera självregistrering
@@ -299,7 +301,7 @@ admin_password=Lösenord
 confirm_password=Bekräfta lösenord
 admin_email=E-postadress
 install_btn_confirm=Installera Forgejo
-test_git_failed=Misslyckades att testa "git" kommando: %v
+test_git_failed=Det gick inte att testa "git"-kommando: %v
 sqlite3_not_available=Denna version av Forgejo stödjer inte SQLite3. Ladda ner den officiella binären från %s (inte "gobuild" versionen).
 invalid_db_setting=Databasinställningarna är ogiltiga: %v
 invalid_repo_path=Utvecklingskatalogens rotsökväg är ogiltig: %v
@@ -309,19 +311,19 @@ invalid_admin_setting=Inställning för administartörskontot är ogiltig: %v
 invalid_log_root_path=Sökvägen för loggar är ogiltig: %v
 default_keep_email_private=Dölj e-postadresser som standard
 default_keep_email_private.description=Dölj e-postadress för nya användarkonton som standard så att den informationen inte omedelbart läcker efter registrering.
-default_allow_create_organization=Tillåt skapandet utav organisationer som standard
+default_allow_create_organization=Tillåt skapande av organisationer som standard
 default_allow_create_organization.description=Tillåt nya användarkonton att skapa organisationer som standard. När detta alternativt ej är aktivt så behöver en administratör tilldela rättigheter att skapa organisationer till nya användare.
 default_enable_timetracking=Aktivera tidredovisning som standard
-default_enable_timetracking.description=Aktivera tidsredovisning för nya utvecklingskataloger som standard.
+default_enable_timetracking.description=Aktivera tidsredovisning för nya kodförråd som standard.
 no_reply_address=Dold e-postdomän
 no_reply_address_helper=Domännamn för användare med en dold e-postadress. Exempelvis kommer användarnamnet "joe" att loggas i Git som "joe@noreply.example.org" om den dolda e-postdomänen är satt till "noreply.example.org".
 require_db_desc = Forgejo kräver MySQL, PostgreSQL, SQLite3 eller TiDB (MySQL-protokoll).
 allow_only_external_registration = Tillåt registrering endast via externa tjänster
 app_slogan = Instansslogan
-app_slogan_helper = Skriv in din slogan här. Lämna tom för att stänga av.
+app_slogan_helper = Skriv in din slogan här. Lämna tomt för att stänga av.
 domain = Serverdomän
 domain_helper = Domän eller värdadress för servern.
-reinstall_error = Du försöker att installera i en existerande Forgejo-databas
+reinstall_error = Du försöker att installera i en befintlig Forgejo-databas
 password_algorithm_helper = Ställ in hashalgoritmen för lösenord. Algoritmer har olika krav och styrkor. Argon2-algoritmen är ganska säker men använder mycket minne och kan vara olämplig för små system.
 config_location_hint = Dessa konfigurationsinställningar kommer att sparas i:
 invalid_db_table = Databastabellen "%s" är ogiltig: %v
@@ -330,15 +332,18 @@ allow_dots_in_usernames = Tillåt användare att använda punkter i sina använd
 reinstall_confirm_message = Ominstallation med en befintlig Forgejo-databas kan orsaka flera problem. I de flesta fall bör du använda din befintliga "app.ini" för att köra Forgejo. Om du vet vad du håller på med, bekräfta följande:
 require_sign_in_view.description = Begränsa åtkomst till innehåll till inloggade användare. Gäster kommer endast att kunna besöka autentiseringssidorna.
 invalid_app_data_path = Sökvägen för appdata är ogiltig: %v
-internal_token_failed = Misslyckades att generera intern token: %v
+internal_token_failed = Misslyckades med att generera intern token: %v
 password_algorithm = Hashalgoritm för lösenord
 invalid_password_algorithm = Ogiltig hashalgoritm för lösenord
 env_config_keys_prompt = Följande miljövariabler kommer också att tillämpas på din konfigurationsfil:
-smtp_from_invalid = "Skicka E-post som" adressen är ogiltig
-reinstall_confirm_check_1 = Data krypterad av HEMLIG_NYCKEL i app.ini kan gå förlorad: användare kommer kanske inte att kunna logga in med 2FA/OTP & speglar funkar kanske inte korrekt. Genom att kryssa i rutan godkänner du att den nuvarande app.ini innehåller korrekta HEMLIG_NYCKEL.
-reinstall_confirm_check_2 = Kodkatalogerna och inställningarna kan behövas omsynkroniseras. Genom att kryssa i rutan bekräftar du att du kommer omsynkronisera hakarna för kodkatalogerna och befogade_nycklar filen manuellt. Du bekräfar att du  säkerställer att kodkatalogen och spegel inställningarna är korrekt.
-run_user_helper = Operativsystemets användarnamn som Forgejo körs som. Notera att denna användare måste ha tillgång till utvecklingskatalogens rotsökväg.
-enable_update_checker_helper_forgejo = Den kommer periodiskt kolla efter nya Forgejo-versionser genom att kolla ett TXT-DNS-record på release.forgejo.org.
+smtp_from_invalid = "Skicka e-post som"-adressen är ogiltig
+reinstall_confirm_check_1 = Data krypterad av SECRET_KEY i app.ini kan gå förlorad: användare kommer kanske inte att kunna logga in med 2FA/OTP och speglar fungerar kanske inte korrekt. Genom att kryssa i rutan godkänner du att den nuvarande app.ini innehåller korrekt SECRET_KEY.
+reinstall_confirm_check_2 = Kodförråden och inställningarna kan behöva omsynkroniseras. Genom att kryssa i rutan bekräftar du att du kommer omsynkronisera krokarna för kodförråden och authorized_keys-filen manuellt. Du bekräftar att du säkerställer att kodförrådet och spegelinställningarna är korrekta.
+run_user_helper = Operativsystemets användarnamn som Forgejo körs som. Notera att denna användare måste ha tillgång till kodförrådets rotsökväg.
+enable_update_checker_helper_forgejo = Den kommer regelbundet att leta efter nya Forgejo-versioner genom att läsa av en DNS TXT-post från release.forgejo.org.
+enable_update_checker = Aktivera uppdateringskontroll
+reinstall_confirm_check_3 = Du bekräftar att du är helt säker på att denna Forgejo körs med rätt app.ini-plats och att du är säker på att du måste installera om. Du bekräftar att du förstår ovanstående risker.
+env_config_keys = Miljökonfiguration
 
 [home]
 uname_holder=Användarnamn eller e-postadress
@@ -359,7 +364,7 @@ show_only_private=Visar endast privata
 show_only_public=Visar endast publika
 
 issues.in_your_repos=I dina utvecklingskataloger
-filter_by_team_repositories = Filtrera efter lagutvecklingskataloger
+filter_by_team_repositories = Filtrera efter teamkodförråd
 feed_of = Flöde av "%s"
 
 [explore]
@@ -369,8 +374,8 @@ organizations=Organisationer
 code=Kod
 code_last_indexed_at=Indexerades senast %s
 go_to = Gå till
-relevant_repositories = Endast relevanta utvecklingskataloger visas, <a href="%s">visa ofiltrerade resultat</a>.
-relevant_repositories_tooltip = Utvecklingskataloger som är gafflingar eller inte har ämne, ikon, och beskrivning är dolda.
+relevant_repositories = Endast relevanta kodförråd visas, <a href="%s">visa ofiltrerade resultat</a>.
+relevant_repositories_tooltip = Kodförråd som är förgreningar eller inte har ämne, ikon, och beskrivning är dolda.
 
 [auth]
 create_new_account=Registrera konto
@@ -379,17 +384,17 @@ disable_register_mail=Bekräftelsemejl vid registrering är inaktiverad.
 remember_me=Kom ihåg denna enhet
 forgot_password_title=Glömt lösenord
 forgot_password=Glömt lösenord?
-confirmation_mail_sent_prompt=Ett nytt bekräftelsemejl has skickats till <b>%s</b>. För att slutföra registreringsprocessen, vänligen kolla din inkorg inom dom kommande %s. Om e-postadressen är felaktig så kan du logga in och begära att få ett nytt bekräftelsemejlet skickat till en annan e-postadressen.
+confirmation_mail_sent_prompt=Ett nytt bekräftelsemeddelande har skickats till <b>%s</b>. För att slutföra registreringsprocessen, vänligen kontrollera din inkorg inom de kommande %s. Om e-postadressen är felaktig så kan du logga in och begära att få ett nytt bekräftelsemeddelande skickat till en annan e-postadress.
 must_change_password=Ändra ditt lösenord
 allow_password_change=Kräv att användaren byter lösenord (rekommenderas)
-reset_password_mail_sent_prompt=Ett nytt bekräftelsemail has skickats till <b>%s</b>. För att slutföra återställning av ditt konto, kontrollera din inkorg och gå till den bifogade länken inom de kommande %s.
+reset_password_mail_sent_prompt=Ett nytt bekräftelsemeddelande har skickats till <b>%s</b>. För att slutföra återställning av ditt konto, kontrollera din inkorg och gå till den bifogade länken inom de kommande %s.
 active_your_account=Aktivera ditt konto
 account_activated=Kontot har aktiverats
 prohibit_login=Kontot är avstängd
 resent_limit_prompt=Du har redan begärt ett aktiveringsmejl nyligen. Vänligen vänta 3 minuter och försök igen.
 has_unconfirmed_mail=Hej %s, du har en obekräftad epostaddress (<b>%s</b>). Om du inte har fått ett bekräftelsemail eller behöver ett nytt, klicka på knappen nedan.
 resend_mail=Klicka här för att skicka ditt aktiveringsmejl igen
-send_reset_mail=Skicka mejl för kontoåterställning
+send_reset_mail=Skicka e-post för kontoåterställning
 reset_password=Kontoåterställning
 invalid_code=Din bekräftelsekod är ogiltig eller har löpt ut.
 reset_password_helper=Återställ konto
@@ -417,28 +422,35 @@ email_domain_blacklisted=Du kan inte registrera dig med din e-postadress.
 authorize_application=Godkänn applikation
 authorize_redirect_notice=Du kommer att omdirigeras till %s om du auktoriserar denna applikation.
 authorize_application_created_by=Denna applikation skapades av %s.
-authorize_application_description=Om du beviljar åtkomst kommer den att kunna läsa och skriva information om ditt konto, inklusive privata förråd och organisationer.
+authorize_application_description=Om du beviljar åtkomst kommer den att kunna läsa och skriva information om ditt konto, inklusive privata kodförråd och organisationer.
 authorize_title=Ge "%s" tillgång till ditt konto?
 authorization_failed=Auktorisering misslyckades
 password_pwned_err=Kunde inte slutföra begäran till HaveIBeenPwned
 reset_password_wrong_user = Du är inloggad som %s, men kontoåterställningslänken är avsedd för %s
-invalid_code_forgot_password = Din bekräftelsekod är ogiltig eller har gått ut. Klicka på <a href="%s">här</a> för att påbörja en ny session.
+invalid_code_forgot_password = Din bekräftelsekod är ogiltig eller har gått ut. <a href="%s">Påbörja en ny session</a>.
 invalid_password = Ditt lösenord matchar inte lösenordet som användes för att skapa kontot.
 openid_signin_desc = Ange din OpenID URI. Till exempel: alice.openid.example.org eller https://openid.example.org/alice.
 sign_in_openid = Fortsätt med OpenID
 hint_login = Har du redan ett konto? <a href="%s">Logga in nu!</a>
-change_unconfirmed_email_summary = Ändra e-postadressen som aktiveringsmejl skickas till.
+change_unconfirmed_email_summary = Ändra e-postadressen som aktiveringsmeddelanden skickas till.
 change_unconfirmed_email_error = Det går inte att ändra e-postadressen: %v
 use_onetime_code = Använde en engångskod
 last_admin = Du kan inte ta bort den sista administratören. Det måste finnas minst en administratör.
 back_to_sign_in = Tillbaka till Logga in
 hint_register = Behöver du ett konto? <a href="%s">Registrera ett nu.</a>
-prohibit_login_desc = Ditt konto har blivit avstängt från att interagera med instansen. Kontakta instansadministratören för att återfå tillgång.
+prohibit_login_desc = Ditt konto har stängts av från att interagera med instansen. Kontakta instansadministratören för att återfå tillgång.
 password_pwned = Lösenordet du valde finns på en <a target="_blank" rel="noopener noreferrer" href="%s">lista över stulna lösenord</a> som tidigare exponerats i offentliga dataintrång. Försök igen med ett annat lösenord och överväg att ändra detta lösenord på annat håll också.
 sign_up_button = Registrera dig.
 sign_up_successful = Kontot skapades. Välkommen!
-change_unconfirmed_email = Om du har fått fel e-post-adress under registrering kan du ändra den nedan och ett konfirmationsmejl kommer skickas till den nya e-posten istället.
+change_unconfirmed_email = Om du har fått fel e-postadress under registrering kan du ändra den nedan och ett bekräftelsemeddelande kommer skickas till den nya adressen istället.
 unauthorized_credentials = Inloggningsuppgifterna är felaktiga eller har gått ut. Försök kommandot igen eller se %s för mer information
+manual_activation_only = Kontakta webbplatsadministratören för att slutföra aktiveringen.
+oauth.signin.error = Ett fel uppstod vid behandling av behörighetsbegäran. Om felet kvarstår, kontakta webbplatsadministratören.
+oauth.signin.error.access_denied = Behörighetsbegäran nekades.
+oauth.signin.error.temporarily_unavailable = Behörighetskontrollen misslyckades eftersom autentiseringsservern är tillfälligt otillgänglig. Försök igen senare.
+disable_forgot_password_mail = Kontoåterställning är inaktiverad eftersom ingen e-post har konfigurerats. Kontakta din webbplatsadministratör.
+disable_forgot_password_mail_admin = Kontoåterställning är endast tillgänglig när e-post har konfigurerats. Konfigurera e-post för att aktivera kontoåterställning.
+authorization_failed_desc = Auktoriseringen misslyckades eftersom vi upptäckte en ogiltig begäran. Kontakta ansvarig för appen du försökte auktorisera.
 
 [mail]
 activate_account=Vänligen aktivera ditt konto
@@ -457,7 +469,7 @@ activate_account.text_1 = Hej <b>%[1]s</b>, tack för att du registrerat dig hos
 reply = eller svara på detta e-postmeddelande direkt
 hi_user_x = Hej <b>%s</b>,
 admin.new_user.user_info = Användarinformation
-admin.new_user.text = Vänligen <a href="%s">klicka här</a> för att hantera denna användare från administratörspanelen.
+admin.new_user.text = <a href="%s">Hantera denna användare</a> från administratörspanelen.
 admin.new_user.subject = Ny användare %s har just registrerat sig
 totp_disabled.no_2fa = Det finns inga andra 2FA-metoder konfigurerade längre, vilket innebär att det inte längre är nödvändigt att logga in på ditt konto med 2FA.
 removed_security_key.text_1 = Säkerhetsnyckeln ”%[1]s” har just tagits bort från ditt konto.
@@ -477,23 +489,41 @@ account_security_caution.text_1 = Om detta var du, kan du tryggt ignorera detta
 activate_account.text_2 = Klicka på följande länk för att aktivera ditt konto inom <b>%s</b>:
 activate_email.text = Klicka på följande länk för att verifiera din e-postadress inom <b>%s</b>:
 register_notify.text_3 = Om någon annan har skapat det här kontot åt dig måste du först <a href="%s">ställa in ditt lösenord</a>.
-issue.x_mentioned_you = <b>@%s2</b> nämnde dig:
+issue.x_mentioned_you = <b>@%s</b> nämnde dig:
 repo.collaborator.added.subject = %s har lagt till dig som medarbetare i %s
-repo.collaborator.added.text = Du har lagts till som medarbetare i förrådet:
+repo.collaborator.added.text = Du har lagts till som medarbetare i kodförrådet:
 team_invite.subject = %[1]s har bjudit in dig att gå med i organisationen %[2]s
 register_notify.text_1 = detta är din registreringsbekräftelse via e-post för %s!
 release.downloads = Hämtningar:
 release.download.zip = Källkod (ZIP)
 release.download.targz = Källkod (TAR.GZ)
-repo.transfer.subject_to = %s vill överföra förrådet ”%s” till %s
+repo.transfer.subject_to = %s vill överföra kodförrådet ”%s” till %s
 removed_security_key.subject = En säkerhetsnyckel har tagits bort
-issue_assigned.pull = @%[1] har tilldelat dig pull-begäran %[2]s i förrådet %[3]s.
-issue_assigned.issue = @%[1] har tilldelat dig ärendet %[2] i förrådet %[3].
+issue_assigned.pull = @%[1]s har tilldelat dig ändringsförfrågan %[2]s i kodförrådet %[3]s.
+issue_assigned.issue = @%[1]s har tilldelat dig ärendet %[2]s i kodförrådet %[3]s.
 register_notify.text_2 = Du kan logga in på ditt konto med ditt användarnamn: %s
 reset_password.text = Om detta var du, klicka på följande länk för att återställa ditt konto inom <b>%s</b>:
-issue.action.force_push = <b>%[1]s2</b> gjorde en force-push av <b>%[2]s</b> från %[3]s till %[4]s.
-repo.transfer.subject_to_you = %s vill överföra förrådet ”%s” till dig
+issue.action.force_push = <b>%[1]s</b> gjorde en tvingad skickning av <b>%[2]s</b> från %[3]s till %[4]s.
+repo.transfer.subject_to_you = %s vill överföra kodförrådet ”%s” till dig
 release.title = Titel: %s
+view_it_on = Visa på %s
+issue.action.push_1 = <b>@%[1]s</b> skickade %[3]d incheckning till %[2]s
+issue.action.push_n = <b>@%[1]s</b> skickade %[3]d incheckningar till %[2]s
+issue.action.close = <b>@%[1]s</b> stängde #%[2]d.
+issue.action.reopen = <b>@%[1]s</b> öppnade #%[2]d igen.
+issue.action.merge = <b>@%[1]s</b> sammanfogade #%[2]d till %[3]s.
+issue.action.approve = <b>@%[1]s</b> godkände denna ändringsförfrågan.
+issue.action.reject = <b>@%[1]s</b> begärde ändringar på denna ändringsförfrågan.
+issue.action.review = <b>@%[1]s</b> kommenterade på denna ändringsförfrågan.
+issue.action.review_dismissed = <b>@%[1]s</b> avfärdade senaste granskningen från %[2]s för denna ändringsförfrågan.
+issue.action.ready_for_review = <b>@%[1]s</b> markerade denna ändringsförfrågan som redo för granskning.
+issue.action.new = <b>@%[1]s</b> skapade #%[2]d.
+issue.in_tree_path = I %s:
+release.new.subject = %s i %s har släppts
+release.new.text = <b>@%[1]s</b> släppte %[2]s i %[3]s
+team_invite.text_1 = %[1]s har bjudit in dig till teamet %[2]s i organisationen %[3]s.
+team_invite.text_2 = Klicka på följande länk för att gå med i teamet:
+team_invite.text_3 = Obs: Denna inbjudan var avsedd för %[1]s. Om du inte förväntade dig denna inbjudan kan du ignorera detta e-postmeddelande.
 
 
 
@@ -573,10 +603,10 @@ auth_failed=Autentisering misslyckades: %v
 
 
 target_branch_not_exist=Målgrenen finns inte.
-org_still_own_repo = Denna organisation äger fortfarande ett eller flera förråd, ta bort eller överför dem först.
-must_use_public_key = Den nyckel du angav är en privat nyckel. Skicka inte upp din privata nyckel någonstans. Använd istället din publika nyckel.
+org_still_own_repo = Denna organisation äger fortfarande en eller flera kodförråd, ta bort eller överför dem först.
+must_use_public_key = Den nyckel du angav är en privat nyckel. Skicka inte upp din privata nyckel någonstans. Använd istället din offentliga nyckel.
 unable_verify_ssh_key = SSH-nyckeln kan inte verifieras. Kontrollera att den är korrekt.
-still_own_repo = Ditt konto äger ett eller flera förråd, ta bort eller överför dem först.
+still_own_repo = Ditt konto äger en eller flera kodförråd, ta bort eller överför dem först.
 still_has_org = Ditt konto är medlem i en eller flera organisationer. Lämna dem först.
 still_own_packages = Ditt konto har ett eller flera paket, ta bort dem först.
 Description = Beskrivning
@@ -585,6 +615,28 @@ Website = Webbplats
 Location = Plats
 FullName = Fullständigt namn
 To = Grennamn
+Pronouns = Pronomen
+AccessToken = Åtkomsttoken
+url_error = `"%s" är inte en giltig URL.`
+include_error = ` måste innehålla delsträngen "%s".`
+regex_pattern_error = ` regex-mönstret är ogiltigt: %s.`
+username_error = ` kan endast innehålla alfanumeriska tecken ("0-9","a-z","A-Z"), bindestreck ("-"), understreck ("_") och punkt ("."). Det får inte börja eller sluta med icke-alfanumeriska tecken, och flera icke-alfanumeriska tecken i rad är också förbjudna.`
+username_error_no_dots = ` kan endast innehålla alfanumeriska tecken ("0-9","a-z","A-Z"), bindestreck ("-") och understreck ("_"). Det får inte börja eller sluta med icke-alfanumeriska tecken, och flera icke-alfanumeriska tecken i rad är också förbjudna.`
+invalid_group_team_map_error = ` mappning är ogiltig: %s`
+username_change_not_local_user = Icke-lokala användare får inte ändra sitt användarnamn.
+username_claiming_cooldown = Användarnamnet kan inte tas i anspråk, eftersom vänteperioden inte är över än. Det kan tas i anspråk %[1]s.
+repository_force_private = Tvingad privat är aktiverat: privata kodförråd kan inte göras publika.
+email_domain_is_not_allowed = Domänen för användarens e-postadress <b>%s</b> är i konflikt med EMAIL_DOMAIN_ALLOWLIST eller EMAIL_DOMAIN_BLOCKLIST. Kontrollera att e-postadressen är korrekt angiven.
+openid_been_used = OpenID-adressen "%s" används redan.
+enterred_invalid_org_name = Organisationsnamnet du angav är felaktigt.
+unset_password = Användaren har inte angett något lösenord.
+unsupported_login_type = Inloggningstypen stöds inte för att ta bort konto.
+duplicate_invite_to_team = Användaren har redan bjudits in som teammedlem.
+organization_leave_success = Du har lämnat organisationen %s.
+invalid_ssh_principal = Ogiltigt certifikatnamn: %s
+org_still_own_packages = Denna organisation äger fortfarande ett eller flera paket, ta bort dem först.
+admin_cannot_delete_self = Du kan inte ta bort dig själv när du är administratör. Ta bort dina administratörsbehörigheter först.
+required_prefix = Inmatningen måste börja med "%s"
 
 
 [user]
@@ -592,7 +644,7 @@ change_avatar=Byt din avatar…
 repositories=Utvecklingskataloger
 activity=Offentlig aktivitet
 followers_few=%d följare
-starred=Stjärnmärkta utvecklingskataloger
+starred=Stjärnmärkta kodförråd
 projects=Projekt
 overview=Översikt
 following_few=%d följer
@@ -601,7 +653,7 @@ unfollow=Sluta följa
 user_bio=Biografi
 disabled_public_activity=Den här användaren har inaktiverat den publika synligheten av aktiviteten.
 code = Kod
-watched = Övervakade förråd
+watched = Övervakade kodförråd
 unblock = Avblockera
 email_visibility.limited = Din e-postadress är synlig för alla autentiserade användare
 show_on_map = Visa denna plats på en karta
@@ -614,6 +666,20 @@ following.title.few = Följer
 block_user = Blockera användare
 followers_one = %d följare
 following_one = %d följer
+joined_on = Gick med %s
+block_user.detail = Observera att blockering av en användare har andra effekter, såsom:
+block_user.detail_1 = Ni kommer att sluta följa varandra och kommer inte kunna följa varandra.
+block_user.detail_2 = Denna användare kommer inte kunna interagera med de kodförråd du äger, eller de ärenden och kommentarer du har skapat.
+block_user.detail_3 = Ni kommer inte kunna lägga till varandra som medarbetare i kodförråd.
+follow_blocked_user = Du kan inte följa denna användare eftersom du har blockerat denna användare eller denna användare har blockerat dig.
+public_activity.visibility_hint.self_public = Din aktivitet är synlig för alla, förutom interaktioner i privata utrymmen. <a href="%s">Konfigurera</a>.
+public_activity.visibility_hint.admin_public = Denna aktivitet är synlig för alla, men som administratör kan du även se interaktioner i privata utrymmen.
+public_activity.visibility_hint.self_private = Din aktivitet är endast synlig för dig och instansadministratörerna. <a href="%s">Konfigurera</a>.
+public_activity.visibility_hint.admin_private = Denna aktivitet är synlig för dig eftersom du är administratör, men användaren vill att den ska förbli privat.
+public_activity.visibility_hint.self_private_profile = Din aktivitet är endast synlig för dig och instansadministratörerna eftersom din profil är privat. <a href="%s">Konfigurera</a>.
+form.name_reserved = Användarnamnet "%s" är reserverat.
+form.name_pattern_not_allowed = Mönstret "%s" är inte tillåtet i ett användarnamn.
+form.name_chars_not_allowed = Användarnamnet "%s" innehåller ogiltiga tecken.
 
 
 [settings]
@@ -672,7 +738,7 @@ activate_email=Skicka aktivering
 activations_pending=Väntar på aktivering
 delete_email=Ta Bort
 email_deletion=Ta bort e-postadress
-email_deletion_desc=Denna mejladress och relaterad information kommer tas bort från ditt konto. Git-commits med denna mejladress förblir oförändrade. Vill du fortsätta?
+email_deletion_desc=Denna e-postadress och relaterad information kommer tas bort från ditt konto. Git-incheckningar med denna e-postadress förblir oförändrade. Vill du fortsätta?
 email_deletion_success=Mejladressen har tagits bort.
 theme_update_success=Ditt tema ändrades.
 theme_update_error=Det valda temat finns inte.
@@ -692,8 +758,8 @@ openid_desc=OpenID låter dig delegera autentiseringen till en extern leverantö
 manage_ssh_keys=Hantera SSH-nycklar
 manage_gpg_keys=Hantera GPG-nycklar
 add_key=Lägg till nyckel
-ssh_desc=Dessa publika SSH nycklar är associerade med ditt konto. De motsvarande privata nycklarna tillåter full åtkomst till dina utvecklingskataloger. SSH-nycklar som har blivit verifierade kan användas för att verifiera SSH-signerade Git-commiter.
-gpg_desc=Dessa publika GPG nycklar är associerade med ditt konto. Håll dina privata nycklar säkra då de tillåter att commits kan verifieras.
+ssh_desc=Dessa offentliga SSH-nycklar är kopplade till ditt konto. De motsvarande privata nycklarna ger full åtkomst till dina kodförråd. SSH-nycklar som har verifierats kan användas för att verifiera SSH-signerade Git-incheckningar.
+gpg_desc=Dessa offentliga GPG-nycklar är kopplade till ditt konto. Håll dina privata nycklar säkra då de gör det möjligt att verifiera incheckningar.
 ssh_helper=<strong>Behöver du hjälp?</strong> Kolla in Github's guide för att <a href="%s">skapa din egen SSH-nycklar</a> eller lösa <a href="%s">vanliga problem</a> som kan uppstå med SSH.
 gpg_helper=<strong>Behöver du hjälp?</strong> Ta en titt på Github's guide <a href="%s"> om GPG</a>.
 key_content_gpg_placeholder=Börjar med "-----BEGIN PGP PUBLIC KEY BLOCK-----"
@@ -802,7 +868,7 @@ visibility.private=Privat
 change_password = Byt lösenord
 user_block_success = Användaren har blockerats.
 blocked_since = Blockerad sedan %s
-user_unblock_success = Användaren har blivit avblockerad.
+user_unblock_success = Användaren har avblockerats.
 visibility.limited = Begränsad
 visibility.limited_tooltip = Synlig endast för inloggade användare
 visibility.private_tooltip = Synlig endast för medlemmar i organisationer som du har gått med i
@@ -828,10 +894,137 @@ update_language = Ändra språk
 blocked_users = Blockerade användare
 update_hints = Uppdatera tips
 language.title = Standardspråk
+webauthn = Tvåfaktorsautentisering (Säkerhetsnycklar)
+storage_overview = Lagringsöversikt
+quota = Kvot
+biography_placeholder = Berätta lite om dig själv! (Markdown stöds)
+location_placeholder = Dela din ungefärliga plats med andra
+pronouns = Pronomen
+pronouns_unspecified = Ej angivet
+update_language_not_found = Språket "%s" är inte tillgängligt.
+update_language_success = Språket har uppdaterats.
+change_username_prompt = Obs: Att ändra ditt användarnamn ändrar också din konto-URL.
+change_username_redirect_prompt = Det gamla användarnamnet kommer omdirigera tills någon tar det i anspråk.
+change_username_redirect_prompt.with_cooldown.one = Det gamla användarnamnet blir tillgängligt för alla efter en vänteperiod på %[1]d dag. Du kan fortfarande återta det gamla användarnamnet under vänteperioden.
+change_username_redirect_prompt.with_cooldown.few = Det gamla användarnamnet blir tillgängligt för alla efter en vänteperiod på %[1]d dagar. Du kan fortfarande återta det gamla användarnamnet under vänteperioden.
+language.description = Detta språk sparas på ditt konto och används som standard efter inloggning.
+language.localization_project = Hjälp oss översätta Forgejo till ditt språk! <a href="%s">Läs mer</a>.
+additional_repo_units_hint = Föreslå att aktivera ytterligare kodförrådsenheter
+additional_repo_units_hint_description = Visa en "Aktivera fler" ledtråd för kodförråd som inte har alla tillgängliga enheter aktiverade.
+update_hints_success = Ledtrådarna har uppdaterats.
+hidden_comment_types = Dolda kommentarstyper
+hidden_comment_types_description = Kommentarstyper som är markerade här visas inte på ärendesidor. Att markera "Etikett" tar till exempel bort alla "<user> lade till/tog bort <label>" kommentarer.
+hidden_comment_types.ref_tooltip = Kommentarer där detta ärende refererades från ett annat ärende/incheckning/…
+hidden_comment_types.issue_ref_tooltip = Kommentarer där användaren ändrar grenen/taggen som är kopplad till ärendet
+comment_type_group_assignee = Tilldelad
+comment_type_group_time_tracking = Tidsspårning
+comment_type_group_deadline = Tidsfrist
+comment_type_group_lock = Låsstatus
+comment_type_group_review_request = Granskningsbegäran
+comment_type_group_pull_request_push = Tillagda incheckningar
+comment_type_group_issue_ref = Ärendereferens
+saved_successfully = Dina inställningar har sparats.
+keep_activity_private = Dölj aktivitet från profilsidan
+keep_activity_private.description = Din <a href="%s">publika aktivitet</a> kommer endast vara synlig för dig och instansadministratörerna.
+uploaded_avatar_is_too_big = Den uppladdade filstorleken (%d KiB) överskrider maxstorleken (%d KiB).
+update_user_avatar_success = Användarens avatar har uppdaterats.
+retype_new_password = Bekräfta nytt lösenord
+email_desc = Din primära e-postadress används för notiser, lösenordsåterställning och, om den inte är dold, webbaserade Git-operationer.
+can_not_add_email_activations_pending = Det finns en väntande aktivering, försök igen om några minuter om du vill lägga till en ny e-postadress.
+add_email_confirmation_sent = Ett bekräftelsemeddelande har skickats till "%s". Kontrollera din inkorg och följ länken inom %s för att bekräfta din e-postadress.
+keep_email_private_popup = E-postadressen visas inte på profilsidan och används inte som standard för incheckningar via webbgränssnittet, som filuppladdningar, redigeringar och sammanfogningsincheckningar. Istället kan en särskild adress %s användas för att länka incheckningar till användarkontot. Detta alternativ påverkar inte befintliga incheckningar.
+keep_pronouns_private = Visa endast pronomen för inloggade användare
+keep_pronouns_private.description = Detta döljer dina pronomen för besökare som inte är inloggade.
+manage_ssh_principals = Hantera SSH-certifikatnamn
+principal_desc = Dessa SSH-certifikatnamn är kopplade till ditt konto och ger full åtkomst till dina kodförråd.
+key_content_ssh_placeholder = Börjar med "ssh-ed25519", "ssh-rsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "sk-ecdsa-sha2-nistp256@openssh.com" eller "sk-ssh-ed25519@openssh.com"
+add_new_principal = Lägg till certifikatnamn
+ssh_key_name_used = En SSH-nyckel med samma namn finns redan på ditt konto.
+ssh_principal_been_used = Detta certifikatnamn har redan lagts till på servern.
+gpg_no_key_email_found = Denna GPG-nyckel matchar inte någon aktiverad e-postadress kopplad till ditt konto. Den kan fortfarande läggas till om du signerar den angivna tokenen.
+gpg_key_matched_identities = Matchade identiteter:
+gpg_key_matched_identities_long = De inbäddade identiteterna i denna nyckel matchar följande aktiverade e-postadresser för denna användare. Incheckningar som matchar dessa e-postadresser kan verifieras med denna nyckel.
+gpg_key_verified = Verifierad nyckel
+gpg_key_verified_long = Nyckeln har verifierats med en token och kan användas för att verifiera incheckningar som matchar aktiverade e-postadresser för denna användare samt matchade identiteter för denna nyckel.
+gpg_invalid_token_signature = Den angivna GPG-nyckeln, signaturen och tokenen matchar inte eller så är tokenen föråldrad.
+gpg_token_required = Du måste ange en signatur för tokenen nedan
+gpg_token_signature = Armerad GPG-signatur
+key_signature_gpg_placeholder = Börjar med "-----BEGIN PGP SIGNATURE-----"
+verify_gpg_key_success = GPG-nyckeln "%s" har verifierats.
+ssh_key_verified = Verifierad nyckel
+ssh_key_verified_long = Nyckeln har verifierats med en token och kan användas för att verifiera incheckningar som matchar aktiverade e-postadresser för denna användare.
+ssh_invalid_token_signature = Den angivna SSH-nyckeln, signaturen eller tokenen matchar inte eller så är tokenen föråldrad.
+ssh_token_required = Du måste ange en signatur för tokenen nedan
+ssh_token_help = Du kan generera en signatur med:
+ssh_token_help_ssh_agent = eller, om du använder en SSH-agent (med SSH_AUTH_SOCK-variabeln satt):
+ssh_token_signature = Armerad SSH-signatur
+key_signature_ssh_placeholder = Börjar med "-----BEGIN SSH SIGNATURE-----"
+verify_ssh_key_success = SSH-nyckeln "%s" har verifierats.
+add_key_success = SSH-nyckeln "%s" har lagts till.
+add_gpg_key_success = GPG-nyckeln "%s" har lagts till.
+add_principal_success = SSH-certifikatnamnet "%s" har lagts till.
+ssh_principal_deletion = Ta bort SSH-certifikatnamn
+ssh_principal_deletion_desc = Att ta bort ett SSH-certifikatnamn återkallar dess åtkomst till ditt konto. Vill du fortsätta?
+ssh_principal_deletion_success = Certifikatnamnet har tagits bort.
+added_on = Tillagd %s
+valid_until_date = Giltig till %s
+principal_state_desc = Detta certifikatnamn har använts under de senaste 7 dagarna
+ssh_signonly = SSH är för närvarande inaktiverat så dessa nycklar används endast för verifiering av incheckningssignaturer.
+ssh_externally_managed = Denna SSH-nyckel hanteras externt för denna användare
+access_token_deletion_desc = Att ta bort en token återkallar åtkomst till ditt konto för applikationer som använder den. Detta kan inte ångras. Vill du fortsätta?
+regenerate_token = Generera om
+access_token_regeneration = Generera om åtkomsttoken
+access_token_regeneration_desc = Att generera om en token återkallar åtkomst till ditt konto för applikationer som använder den. Detta kan inte ångras. Vill du fortsätta?
+regenerate_token_success = Tokenen har genererats om. Applikationer som använder den har inte längre åtkomst till ditt konto och måste uppdateras med den nya tokenen.
+repo_and_org_access = Kodförråds- och organisationsåtkomst
+permissions_public_only = Endast publika
+permissions_access_all = Alla (publika, privata och begränsade)
+access_token_desc = Valda tokenbehörigheter begränsar auktorisering endast till motsvarande <a href="%[1]s" target="_blank">API</a>-rutter. Läs <a href="%[2]s" target="_blank">dokumentationen</a> för mer information.
+at_least_one_permission = Du måste välja minst en behörighet för att skapa en token
+permissions_list = Behörigheter:
+create_oauth2_application_success = Du har skapat en ny OAuth2-applikation.
+update_oauth2_application_success = Du har uppdaterat OAuth2-applikationen.
+oauth2_confidential_client = Konfidentiell klient. Välj för appar som håller hemligheten konfidentiell, såsom webbappar. Välj inte för nativa appar inklusive skrivbords- och mobilappar.
+oauth2_redirect_uris = Omdirigerings-URI:er. Använd en ny rad för varje URI.
+oauth2_application_remove_description = Att ta bort en OAuth2-applikation förhindrar den från att komma åt auktoriserade användarkonton på denna instans. Vill du fortsätta?
+oauth2_application_locked = Forgejo förregistrerar vissa OAuth2-applikationer vid uppstart om det är aktiverat i konfigurationen. För att förhindra oväntat beteende kan dessa varken redigeras eller tas bort. Se OAuth2-dokumentationen för mer information.
+authorized_oauth2_applications_description = Du har beviljat dessa tredjepartsapplikationer åtkomst till ditt personliga Forgejo-konto. Återkalla åtkomst för applikationer som inte längre används.
+revoke_oauth2_grant_success = Åtkomsten har återkallats.
+twofa_recovery_tip = Om du förlorar din enhet kan du använda en engångsåterställningsnyckel för att återfå åtkomst till ditt konto.
+twofa_scratch_token_regenerated = Din engångsåterställningsnyckel är nu %s. Förvara den på ett säkert ställe, den visas inte igen.
+twofa_failed_get_secret = Misslyckades med att hämta hemligheten.
+webauthn_desc = Säkerhetsnycklar är hårdvaruenheter som innehåller kryptografiska nycklar. De kan användas för tvåfaktorsautentisering. Säkerhetsnycklar måste stödja standarden <a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a>.
+webauthn_register_key = Lägg till säkerhetsnyckel
+webauthn_delete_key = Ta bort säkerhetsnyckel
+webauthn_delete_key_desc = Om du tar bort en säkerhetsnyckel kan du inte längre logga in med den. Vill du fortsätta?
+webauthn_key_loss_warning = Om du förlorar dina säkerhetsnycklar förlorar du åtkomsten till ditt konto.
+webauthn_alternative_tip = Du kanske vill konfigurera en ytterligare autentiseringsmetod.
+hooks.desc = Lägg till webbkrokar som utlöses för <strong>alla kodförråd</strong> som du äger.
+repos_none = Du äger inga kodförråd.
+blocked_users_none = Det finns inga blockerade användare.
+delete_with_all_comments = Ditt konto är yngre än %s. För att undvika spökkommentarer kommer alla ärende-/PR-kommentarer att raderas tillsammans med det.
+email_notifications.andyourown = Och dina egna notiser
+visibility = Användarsynlighet
+visibility.public_tooltip = Synlig för alla
+quota.applies_to_user = Följande kvotregler gäller för ditt konto
+quota.applies_to_org = Följande kvotregler gäller för denna organisation
+quota.rule.exceeded = Överskriden
+quota.rule.exceeded.helper = Den totala storleken på objekt för denna regel har överskridit kvoten.
+quota.rule.no_limit = Obegränsad
+quota.sizes.repos.all = Kodförråd
+quota.sizes.repos.public = Publika kodförråd
+quota.sizes.repos.private = Privata kodförråd
+quota.sizes.git.all = Git-innehåll
+quota.sizes.git.lfs = Git LFS
+quota.sizes.assets.all = Tillgångar
+quota.sizes.assets.attachments.all = Bilagor
+quota.sizes.assets.attachments.issues = Ärendebilagor
+quota.sizes.assets.attachments.releases = Utgivningsbilagor
+quota.sizes.assets.artifacts = Artefakter
 
 [repo]
 owner=Ägare
-repo_name=Utvecklingskatalogens namn
+repo_name=Kodförrådets namn
 repo_name_helper=Bra namn på utvecklingskataloger består utav korta, unika nyckelord som är enkla att komma ihåg.
 repo_size=Utvecklingskatalogens storlek
 template=Mall
@@ -841,10 +1034,10 @@ template_description=Utvecklingskatalogmallar låter användare skapa nya utveck
 visibility=Synligt för
 visibility_description=Bara ägaren eller medlemmar i organisationen med rätt rättigheter kommer kunna se det.
 visibility_helper_forced=Din tjänstadministratör påtvingar privata utvecklingskataloger.
-visibility_fork_helper=(Att ändra detta kommer att påverka alla forkar.)
+visibility_fork_helper=(Att ändra detta kommer att påverka alla förgreningar.)
 clone_helper=Hjälp med kloning? Se <a target="_blank" rel="noopener" href="%s">hjälp</a>.
-fork_repo=Forka utveckligskatalog
-fork_from=Forka från
+fork_repo=Förgrena kodförråd
+fork_from=Förgrena från
 fork_visibility_helper=Synligheten av en forkad utvecklingskatalog kan inte ändras.
 use_template=Välj den här mallen
 generate_repo=Generera utvecklingskatalog
@@ -861,8 +1054,8 @@ license_helper_desc=En licens styr vad andra kan och inte kan göra med din kod.
 readme=README
 readme_helper=Välj en mall för README-filen
 readme_helper_desc=Här kan du skriva en fullständig beskrivning för ditt projekt.
-auto_init=Initiera utvecklingskatalog
-create_repo=Skapa utvecklingskatalog
+auto_init=Initiera kodförråd
+create_repo=Skapa kodförråd
 default_branch=Standardgren
 default_branch_helper=Den förvalda grenen är bas-gren för pull requests och kod-commits.
 mirror_prune=Rensa
@@ -891,7 +1084,7 @@ desc.archived=Arkiverade
 
 template.items=Mallobjekt
 template.git_content=Git-innehåll (standardgren)
-template.git_hooks=Githookar
+template.git_hooks=Git-krokar
 template.webhooks=Webbhookar
 template.topics=Ämnen
 template.avatar=Profilbild
@@ -905,12 +1098,12 @@ migrate_items_wiki=Wiki
 migrate_items_milestones=Milstenar
 migrate_items_labels=Etiketter
 migrate_items_issues=Ärenden
-migrate_items_pullrequests=Pull-förfrågningar
-migrate_items_merge_requests=Begäran om sammanslagning
+migrate_items_pullrequests=Ändringsförfrågningar
+migrate_items_merge_requests=Begäran om sammanfogning
 migrate_items_releases=Releaser
-migrate_repo=Migrera utvecklingskatalog
+migrate_repo=Migrera kodförråd
 migrate.clone_address=Migrera eller klona från URL
-migrate.clone_address_desc=HTTP(S)- eller Git "clone" länk för en existerande utvecklingskatalog
+migrate.clone_address_desc=HTTP(S)- eller Git "clone"-länk för ett befintligt kodförråd
 migrate.clone_local_path=eller en lokal serversökväg
 migrate.permission_denied=Du får inte importera lokala repon.
 migrate.failed=Migrering misslyckades: %v
@@ -952,7 +1145,7 @@ filter_branch_and_tag=Filtrera gren eller tagg
 branches=Grenar
 tags=Taggar
 issues=Ärenden
-pulls=Pull-förfrågningar
+pulls=Ändringsförfrågningar
 labels=Etiketter
 org_labels_desc=Etiketter på organisationsnivå som kan användas i <strong>alla utvecklingskataloger</strong> tillhörande denna organisation
 org_labels_desc_manage=hantera
@@ -971,7 +1164,7 @@ video_not_supported_in_browser=Din webbläsare stödjer ej HTML5-taggen "video".
 audio_not_supported_in_browser=Din webbläsare stödjer ej HTML5-taggen "audio".
 stored_lfs=Sparad med Git LFS
 symbolic_link=Symbolisk länk
-commit_graph=Commitgraf
+commit_graph=Incheckningsgraf
 commit_graph.monochrome=Mono
 blame=Blame
 normal_view=Normal vy
@@ -991,10 +1184,10 @@ editor.fork_before_edit=Du måste forka denna utvecklingskatalog för att göra
 editor.delete_this_file=Ta bort fil
 editor.must_have_write_access=Du måste ha skrivåtkomst för att göra eller föreslå ändringar av denna fil.
 editor.name_your_file=Namnge din fil…
-editor.filename_help=Lägg till en katalog genom att skriva dess namn följt utav ett snedstreck ("/"). Ta bort katalog genom att sudda i början utav fältet.
+editor.filename_help=Lägg till en katalog genom att skriva dess namn följt av ett snedstreck ("/"). Ta bort katalog genom att radera i början av fältet.
 editor.or=eller
 editor.cancel_lower=Avbryt
-editor.commit_signed_changes=Committa signerade ändringar
+editor.commit_signed_changes=Checka in signerade ändringar
 editor.commit_changes=Checka in ändringar
 editor.add_tmpl=Lägg till '<%s>'
 editor.commit_message_desc=Lägg till en valfri utökad beskrivning…
@@ -1005,7 +1198,7 @@ editor.propose_file_change=Föreslå filändring
 editor.new_branch_name_desc=Nytt branchnamn…
 editor.cancel=Avbryt
 editor.filename_cannot_be_empty=Filnamnet kan inte vara tomt.
-editor.file_changed_while_editing=Filens innehåll har ändrats sedan du öppnade filen.<a target="_blank" rel="noopener noreferrer" href="%s">Klicka här</a> för att se ändringarna eller <strong>commita ändringarna igen</strong> för att skriva över dem.
+editor.file_changed_while_editing=Filens innehåll har ändrats sedan du öppnade filen. <a target="_blank" rel="noopener noreferrer" href="%s">Visa ändringarna</a> eller <strong>checka in ändringarna igen</strong> för att skriva över dem.
 editor.commit_empty_file_header=Committa en tom fil
 editor.commit_empty_file_text=Filen du vill committa är tom. Vill du fortsätta?
 editor.no_changes_to_show=Det finns inga ändringar att visa.
@@ -1155,9 +1348,9 @@ issues.closed_at=`stängde ärendet %s`
 issues.reopened_at=`återöppnade detta ärende %s`
 issues.commit_ref_at=`refererade till detta ärende från en incheckning %s`
 issues.ref_issue_from=`<a href="%[2]s">refererade till detta ärende %[3]s</a> %[1]s`
-issues.ref_pull_from=`<a href="%[2]s">refererade till denna pull-förfrågan %[3]s</a> %[1]s`
-issues.ref_closing_from=`<a href="%[2]s">hänvisade till detta ärende från en pull-förfrågan %[3]s som kommer att stänga det</a> %[1]s`
-issues.ref_reopening_from=`<a href="%[2]s">hänvisade till detta ärende från en pull-förfrågan %[3]s som kommer att öppna ärendet på nytt</a> %[1]s`
+issues.ref_pull_from=`<a href="%[2]s">refererade till denna ändringsförfrågan %[3]s</a> %[1]s`
+issues.ref_closing_from=`<a href="%[2]s">hänvisade till detta ärende från en ändringsförfrågan %[3]s som kommer att stänga det</a> %[1]s`
+issues.ref_reopening_from=`<a href="%[2]s">hänvisade till detta ärende från en ändringsförfrågan %[3]s som kommer att öppna ärendet på nytt</a> %[1]s`
 issues.ref_from=`från %[1]s`
 issues.role.owner=Ägare
 issues.role.member=Medlem
@@ -1227,10 +1420,10 @@ issues.add_time_sum_to_small=Inge tid har angivits.
 issues.time_spent_total=Total tid spenderad
 issues.time_spent_from_all_authors=`Total Tid Spenderad: %s`
 issues.due_date=Förfallodatum
-issues.push_commit_1=lade till %d commit %s
-issues.push_commits_n=lade till %d committer %s
+issues.push_commit_1=lade till %d incheckning %s
+issues.push_commits_n=lade till %d incheckningar %s
 issues.force_push_compare=Jämför
-issues.due_date_form=yyyy-MM-dd
+issues.due_date_form=yyyy-mm-dd
 issues.due_date_form_edit=Ändra
 issues.due_date_form_remove=Ta bort
 issues.due_date_not_set=Inget förfallodatum satt.
@@ -1254,7 +1447,7 @@ issues.dependency.blocked_by_short=Beroende av
 issues.dependency.remove_header=Ta bort beroende
 issues.dependency.issue_remove_text=Detta tar bort beroendet från det här ärendet. Vill du fortsätta?
 issues.dependency.pr_remove_text=Det här kommer att ta bort beroendet från denna pull-förfrågan. Vill du fortsätta?
-issues.dependency.setting=Aktivera beroenden för ärenden och pull-förfrågningar
+issues.dependency.setting=Aktivera beroenden för ärenden och ändringsförfrågningar
 issues.dependency.add_error_same_issue=Ett ärende kan inte bero på sig själv.
 issues.dependency.add_error_dep_issue_not_exist=Ärendet du beror på, finns inte.
 issues.dependency.add_error_dep_not_exist=Beroendet finns inte.
@@ -1284,15 +1477,15 @@ issues.content_history.options=Alternativ
 
 
 pulls.desc=Aktivera pull-förfrågningar och kodgranskning.
-pulls.new=Ny pull-förfrågan
-pulls.compare_changes=Ny pull-förfrågan
+pulls.new=Ny ändringsförfrågan
+pulls.compare_changes=Ny ändringsförfrågan
 pulls.compare_changes_desc=Välj branchen att merga in i, och ifrån.
 pulls.compare_base=merga in i
 pulls.compare_compare=pulla från
 pulls.filter_branch=Filtrera gren
 pulls.no_results=Inga resultat hittades.
 pulls.nothing_to_compare=Dessa brancher är ekvivalenta. Det finns ingen anledning att skapa en pull-request.
-pulls.create=Skapa pull-förfrågan
+pulls.create=Skapa ändringsförfrågan
 pulls.change_target_branch_at=`ändrade mål-branch från <b>%s</b> till <b>%s</b>%s`
 pulls.tab_conversation=Konversation
 pulls.tab_commits=Incheckningar
@@ -1304,7 +1497,7 @@ pulls.is_closed=Pull-förfrågan har stängts.
 pulls.title_wip_desc=`<a href="#">Börja titeln med <strong>%s</strong></a> för att förhindra att pull-förfrågan sammanfogas av misstag`
 pulls.data_broken=Pull-requesten är trasig pågrund av oexisterande information on forken.
 pulls.files_conflicted=Den här pull-förfrågan ha ändringar som är i konflikt med mål-branchen.
-pulls.is_checking=Merge-konfliktkontroll pågår. Försök igen senare.
+pulls.is_checking=Sammanfognings-konfliktkontroll pågår. Försök igen senare.
 pulls.required_status_check_failed=Vissa tvingande kontroller lyckades inte.
 pulls.required_status_check_missing=Vissa tvingande kontroller saknas.
 pulls.required_status_check_administrator=Som administratör kan du fortfarande merga den här pull requesten.
@@ -1381,14 +1574,14 @@ activity.period.quarterly=3 månader
 activity.period.semiyearly=6 månader
 activity.period.yearly=1 år
 activity.overview=Översikt
-activity.merged_prs_count_1=Sammanfogad Pull-förfrågan
-activity.merged_prs_count_n=Sammanfogade Pull-förfrågningar
-activity.opened_prs_count_1=Föreslagen pull-förfrågan
-activity.opened_prs_count_n=Föreslagna pull-förfrågningar
+activity.merged_prs_count_1=Sammanfogad ändringsförfrågan
+activity.merged_prs_count_n=Sammanfogade ändringsförfrågningar
+activity.opened_prs_count_1=Föreslagen ändringsförfrågan
+activity.opened_prs_count_n=Föreslagna ändringsförfrågningar
 activity.title.user_1=%d användare
 activity.title.user_n=%d användare
-activity.title.prs_1=%d pull-förfrågningar
-activity.title.prs_n=%d pull-förfrågningar
+activity.title.prs_1=%d ändringsförfrågan
+activity.title.prs_n=%d ändringsförfrågningar
 activity.title.prs_merged_by=%s sammanfogad av %s
 activity.title.prs_opened_by=%s föreslås av %s
 activity.merged_prs_label=Sammanfogad
@@ -1438,7 +1631,7 @@ settings.collaboration.read=Läsa
 settings.collaboration.owner=Ägare
 settings.collaboration.undefined=Odefinierad
 settings.hooks=Webbhookar
-settings.githooks=Githookar
+settings.githooks=Git-krokar
 settings.basic_settings=Basinställningar
 settings.mirror_settings=Inställningar för spegling
 
@@ -1446,13 +1639,13 @@ settings.sync_mirror=Synkronisera nu
 settings.site=Webbplats
 settings.update_settings=Spara inställningar
 settings.advanced_settings=Avancerade Inställningar
-settings.wiki_desc=Aktivera wiki för utvecklingskatalog
+settings.wiki_desc=Aktivera wiki för kodförråd
 settings.use_internal_wiki=Använd inbyggd wiki
 settings.use_external_wiki=Använd extern wiki
 settings.external_wiki_url=URL till extern wiki
 settings.external_wiki_url_error=Den externa wiki-länken är inte giltig.
 settings.external_wiki_url_desc=Besökare omdirigeras till den externa wiki-länken när de trycker på wiki-tabben.
-settings.issues_desc=Aktivera ärendehantering för utvecklingskatalogen
+settings.issues_desc=Aktivera ärendehantering för kodförrådet
 settings.use_internal_issue_tracker=Använd inbyggt ärendehanteringssystem
 settings.use_external_issue_tracker=Använd externt ärendehanteringssystem
 settings.external_tracker_url=URL för externt ärendehanteringssystem
@@ -1465,21 +1658,21 @@ settings.tracker_issue_style.numeric=Numerisk
 settings.tracker_issue_style.alphanumeric=Alfanumerisk
 settings.tracker_url_format_desc=Använd variablerna <code>{user}</code>, <code>{repo}</code> och <code>{index}</code> för användarnamn, utvecklingskatalogsnamn och ärenderegister.
 settings.enable_timetracker=Aktivera tidsredovisning
-settings.allow_only_contributors_to_track_time=Låt endast medarbetare spåra tid
-settings.pulls_desc=Aktivera pull-förfrågningar för utvecklingskatalog
+settings.allow_only_contributors_to_track_time=Låt endast bidragsgivare spåra tid
+settings.pulls_desc=Aktivera ändringsförfrågningar för kodförråd
 settings.pulls.ignore_whitespace=Ignorera blanksteg vid konflikter
 settings.admin_settings=Administratörsinställningar
-settings.admin_enable_health_check=Aktivera hälsokontroll för utvecklingskataloger (git fsck)
+settings.admin_enable_health_check=Aktivera hälsokontroll för kodförråd (git fsck)
 settings.admin_enable_close_issues_via_commit_in_any_branch=Stäng ett ärende via en commit gjord i en icke standard-gren
 settings.danger_zone=Farozon
 settings.new_owner_has_same_repo=Den nya ägaren har redan ett repo med det namnet. Vänligen välj ett annat namn.
-settings.convert=Konvertera till vanlig utvecklingskatalog
+settings.convert=Konvertera till vanligt kodförråd
 settings.convert_desc=Du kan konvertera denna spegling till en vanlig utvecklingskatalog. Detta kan ej ångras.
 settings.convert_notices_1=Denna operation kommer att omvandla speglingen till en vanlig utvecklingskatalog och detta kan inte ångras.
-settings.convert_confirm=Konvertera utvecklingskatalog
+settings.convert_confirm=Konvertera kodförråd
 settings.convert_succeed=Speglingen har blivit konverterad till en vanlig utvecklingskatalog.
-settings.convert_fork=Konvertera till vanlig utvecklingskatalog
-settings.convert_fork_confirm=Konvertera utvecklingskatalog
+settings.convert_fork=Konvertera till vanligt kodförråd
+settings.convert_fork_confirm=Konvertera kodförråd
 settings.transfer.title=Överför Ägarskap
 settings.transfer_desc=Överför denna utvecklingskatalog till en användare eller organisation för vilken du har administratörsrättigheter till.
 settings.transfer_notices_1=- Du kommer förlora åtkomst till denna utvecklingskatalog om du för över den till en individuell användare.
@@ -1492,14 +1685,14 @@ settings.wiki_delete_desc=Borttagning av utvecklingskatalogens wiki-data är per
 settings.wiki_delete_notices_1=- Detta kommer permanent ta bort och inaktivera utvecklingskatalogens wiki för %s.
 settings.confirm_wiki_delete=Ta bort wikidata
 settings.wiki_deletion_success=Utvecklingskatalogens wiki-data har blivit borttaget.
-settings.delete=Ta bort denna utvecklingskatalog
+settings.delete=Ta bort detta kodförråd
 settings.delete_desc=Borttagning av en utvecklingskatalog är permanent och kan ej ångras.
 settings.delete_notices_1=- Denna åtgärd kan <strong>INTE</strong> ångras.
 settings.delete_notices_2=- Denna åtgärd kommer permanent ta bort utvecklingskatalogen <strong>%s</strong> inklusive kod, ärenden, kommentarer, wiki-data samt medarbetarinställningar.
 settings.delete_notices_fork_1=- Forkar av denna utvecklingskatalog kommer bli självständiga efter borttagning.
 settings.deletion_success=Utvecklingskatalog har tagits bort.
 settings.update_settings_success=Inställningar för utvecklingskatalog har uppdaterats.
-settings.confirm_delete=Ta bort utvecklingskatalog
+settings.confirm_delete=Ta bort kodförråd
 settings.add_collaborator=Lägg till medarbetare
 settings.add_collaborator_success=Medarbetare har lagts till.
 settings.add_collaborator_duplicate=Kollaboratören är redan tillagd i denna utvecklingskatalog.
@@ -1514,9 +1707,9 @@ settings.teams=Grupper
 settings.add_team_duplicate=Teamet har redan utvecklingskatalogen
 settings.add_team_success=Teamet har nu tillgång till utvecklingskatalogen.
 settings.remove_team_success=Teamets åtkomst till utvecklingskatalogen har tagits bort.
-settings.add_webhook=Lägg till webbhook
+settings.add_webhook=Lägg till webbkrok
 settings.hooks_desc=Webhooks gör automatiskt ett HTTP POST anrop mot en server när vissa Forgejo events triggas. Läs mer om detta i <a target="_blank" rel="noopener noreferrer" href="%s">webhooks guiden</a>.
-settings.webhook_deletion=Ta bort webbhook
+settings.webhook_deletion=Ta bort webbkrok
 settings.webhook_deletion_desc=Borttagning utav en webhook tar även bort dess inställningar och leveranshistorik. Vill du fortsätta?
 settings.webhook_deletion_success=Webhooken har blivit borttagen.
 settings.webhook.test_delivery=Testa leverans
@@ -1530,20 +1723,20 @@ settings.githook_edit_desc=Om kroken är inaktiv visas exempelinnehåll. Inaktiv
 settings.githook_name=Kroknamn
 settings.githook_content=Krokinnehåll
 settings.update_githook=Uppdatera krok
-settings.add_webhook_desc=Forgejo kommer skicka ett <code>POST</code> anrop med en specificerad Content-Type till måladressen. Läs mer om detta i <a target="_blank" rel="noopener noreferrer" href="%s">webhook-guiden</a>.
+settings.add_webhook_desc=Forgejo kommer skicka ett <code>POST</code>-anrop med en specificerad Content-Type till måladressen. Läs mer om detta i <a target="_blank" rel="noopener noreferrer" href="%s">webbkroksguiden</a>.
 settings.payload_url=Mål-URL
 settings.http_method=HTTP-metod
-settings.content_type=POST content type
+settings.content_type=POST-innehållstyp
 settings.secret=Hemlighet
 settings.slack_username=Användarnamn
 settings.slack_icon_url=URL för ikon
 settings.discord_username=Användarnamn
 settings.discord_icon_url=URL för ikon
-settings.event_desc=Trigga vid:
-settings.event_push_only=Push-händelser
+settings.event_desc=Utlöses vid:
+settings.event_push_only=Skicka-händelser
 settings.event_send_everything=Alla händelser
 settings.event_choose=Anpassade händelser…
-settings.event_header_repository=Händelser i utvecklingskatalogen
+settings.event_header_repository=Händelser i kodförrådet
 settings.event_create=Skapa
 settings.event_create_desc=Branch eller tagg skapad.
 settings.event_delete=Ta bort
@@ -1557,24 +1750,24 @@ settings.event_push_desc=Git push till en utvecklingskatalog.
 settings.event_repository=Utvecklingskatalog
 settings.event_repository_desc=Utvecklingskatalogen skapad eller borttagen.
 settings.event_header_issue=Ärendehändelser
-settings.event_issues=Ärenden
-settings.event_issue_comment=Kommentar
+settings.event_issues=Ändring
+settings.event_issue_comment=Kommentarer
 settings.event_issue_comment_desc=Kommentar skapad, ändrad eller borttagen.
-settings.event_pull_request=Hämtningsbegäran
+settings.event_pull_request=Ändring
 settings.branch_filter=Branch-filter
 settings.active=Aktiv
 settings.add_hook_success=Webhook har lagts till.
-settings.update_webhook=Uppdatera Webhook
+settings.update_webhook=Uppdatera webbkrok
 settings.update_hook_success=Webhook har blivit uppdaterad.
-settings.delete_webhook=Ta bort webhook
+settings.delete_webhook=Ta bort webbkrok
 settings.recent_deliveries=Färska leveranser
 settings.hook_type=Kroktyp
 settings.slack_token=Pollett
 settings.slack_domain=Domän
 settings.slack_channel=Kanal
-settings.deploy_keys=Driftsättningsnycklar
-settings.add_deploy_key=Lägg till driftsättningsnyckel
-settings.deploy_key_desc=Distributionsnycklar har skrivskyddad åtkomst till utvecklingskatalogen.
+settings.deploy_keys=Distributionsnycklar
+settings.add_deploy_key=Lägg till distributionsnyckel
+settings.deploy_key_desc=Distributionsnycklar kan ha läs- eller läs- och skrivåtkomst till kodförrådet.
 settings.is_writable=Aktivera skrivåtkomst
 settings.is_writable_info=Tillåt denna distributionsnyckel att<strong>pusha</strong> till utvecklingskatalogen.
 settings.no_deploy_keys=Det finns inga distributionsnycklar ännu.
@@ -1582,19 +1775,19 @@ settings.title=Titel
 settings.deploy_key_content=Innehåll
 settings.key_been_used=En distributionsnyckel med identiskt innehåller används redan.
 settings.key_name_used=En distributionsnyckel med samma namn finns redan.
-settings.deploy_key_deletion=Ta bort driftsättningsnyckel
+settings.deploy_key_deletion=Ta bort distributionsnyckel
 settings.deploy_key_deletion_desc=Borttagning utav en distributionsnyckel kommer att återkalla dess åtkomst till utvecklingskatalogen. Vill du fortsätta?
 settings.deploy_key_deletion_success=Distributionsnyckeln har blivit borttagen.
 settings.branches=Brancher
 settings.protected_branch=Grenskydd
 settings.branch_protection=Skyddsregler för gren "<b>%s</b>"
-settings.protect_disable_push=Inaktivera push
+settings.protect_disable_push=Inaktivera skickning
 settings.protect_disable_push_desc=Inga push-förfrågningar kommer att tillåtas till denna branch.
-settings.protect_enable_push=Aktivera push
+settings.protect_enable_push=Aktivera skickning
 settings.protect_enable_push_desc=Alla med skrivrättigheter kommer att kunna pusha till denna branch (men inte force-pusha).
 settings.protect_whitelist_deploy_keys=Vitlista deploy-nyckar med skrivåtkomst till push.
-settings.protect_whitelist_users=Vitlistade användare för pushning
-settings.protect_whitelist_teams=Vitlistade team för pushning
+settings.protect_whitelist_users=Vitlistade användare för skickning
+settings.protect_whitelist_teams=Vitlistade team för skickning
 settings.protect_merge_whitelist_committers=Aktivera vitlista för sammanfogning
 settings.protect_merge_whitelist_committers_desc=Tillåt endast vitlistade användare eller team att sammanfoga pull requests i denna branch.
 settings.protect_merge_whitelist_users=Vitlistade användare för sammanfogning
@@ -1605,7 +1798,7 @@ settings.protect_check_status_contexts_list=Statuskontroller funna under senaste
 settings.protect_required_approvals=Godkännanden som krävs
 settings.protect_approvals_whitelist_users=Vitlistade granskare
 settings.protect_approvals_whitelist_teams=Vitlistade team för granskning
-settings.require_signed_commits=Kräv signerade commiter
+settings.require_signed_commits=Kräv signerade incheckningar
 settings.require_signed_commits_desc=Avvisa pushar till den här grenen om dom är osignerade eller inte verifierbara.
 settings.protected_branch_deletion=Inaktivera grenskydd
 settings.protected_branch_deletion_desc=Genom att inaktivera branchskyddet tillåts användare med skrivrättigheter att pusha till branchen. Vill du fortsätta?
@@ -1618,36 +1811,36 @@ settings.bot_token=Bottoken
 settings.chat_id=Chatt-ID
 settings.matrix.room_id=Rum-ID
 settings.matrix.message_type=Typ av meddelande
-settings.archive.button=Arkivera utvecklingskatalog
-settings.archive.header=Arkivera denna utvecklingskatalog
+settings.archive.button=Arkivera kodförråd
+settings.archive.header=Arkivera detta kodförråd
 settings.archive.success=Förrådet arkiverades.
 settings.archive.error=Ett fel uppstod när utvecklingskatalogen arkiverades. Se loggen för fler detaljer.
 settings.archive.error_ismirror=Du kan inte arkivera ett speglat förråd.
-settings.archive.branchsettings_unavailable=Inställningar för grenar är inte tillgängliga för arkiverade utvecklingskataloger.
+settings.archive.branchsettings_unavailable=Inställningar för grenar är inte tillgängliga för arkiverade kodförråd.
 settings.update_avatar_success=Utvecklingskatalogens avatar har uppdaterats.
 settings.lfs=LFS
 settings.lfs_filelist=LFS filer lagrade i denna utvecklingskatalog
 settings.lfs_no_lfs_files=Inga LFS filer är lagrade i denna utvecklingskatalog
 settings.lfs_findcommits=Hitta commits
-settings.lfs_lfs_file_no_commits=Ingen commit hittad för denna LFS-fil
+settings.lfs_lfs_file_no_commits=Ingen incheckning hittad för denna LFS-fil
 settings.lfs_locks=Lås
 settings.lfs_invalid_locking_path=Ogiltig sökväg: %s
 settings.lfs_invalid_lock_directory=Kan inte låsa katalog: %s
 settings.lfs_lock_already_exists=Lås finns redan: %s
 settings.lfs_lock=Lås
-settings.lfs_lock_path=Filväg att låsa...
+settings.lfs_lock_path=Filväg att låsa…
 settings.lfs_locks_no_locks=Inga lås
 settings.lfs_force_unlock=Tvinga upplåsning
 settings.lfs_pointers.sha=Blobhash
 settings.lfs_pointers.oid=OID
-settings.lfs_pointers.inRepo=I utvecklingskatalogen
+settings.lfs_pointers.inRepo=I kodförrådet
 settings.rename_branch_failed_not_exist=Kan inte byta namn på branchen %s eftersom den inte finns.
 
 diff.browse_source=Bläddra källkod
 diff.parent=förälder
 diff.commit=incheckning
 diff.git-notes=Anteckningar
-diff.data_not_available=Diff-innehåll ej tillgänglig
+diff.data_not_available=Diff-innehåll ej tillgängligt
 diff.show_split_view=Delad vy
 diff.show_unified_view=Unifierad vy
 diff.whitespace_button=Blanksteg
@@ -1707,8 +1900,8 @@ release.tag_name_invalid=Taggnamnet är inte giltigt.
 release.downloads=Nedladdningar
 branch.name=Grennamn
 branch.delete_head=Radera
-branch.delete_html=Ta borg gren
-branch.create_branch=Skapa branchen %s
+branch.delete_html=Ta bort gren
+branch.create_branch=Skapa grenen %s
 branch.deleted_by=Raderad av %s
 
 
@@ -1716,21 +1909,21 @@ branch.deleted_by=Raderad av %s
 topic.manage_topics=Hantera ämnen
 topic.done=Klar
 topic.count_prompt=Du kan inte välja fler än 25 ämnen
-settings.enter_repo_name = Ange ägar- och utvecklingskatalog-namnet exakt som det visas:
+settings.enter_repo_name = Ange ägar- och kodförråd-namnet exakt som det visas:
 release = Utgåva
 commitstatus.success = Lyckades
-visibility_helper = Gör förrådet privat
+visibility_helper = Gör kodförrådet privat
 download_bundle = Hämta BUNDLE
 download_zip = Hämta ZIP
 download_tar = Hämta TAR.GZ
 repo_desc_helper = Ange kort beskrivning (valfritt)
 all_branches = Alla grenar
-fork_no_valid_owners = Detta förråd kan inte förgrenas eftersom det inte finns några giltiga ägare.
+fork_no_valid_owners = Detta kodförråd kan inte förgrenas eftersom det inte finns några giltiga ägare.
 fork_to_different_account = Förgrena till ett annat konto
 size_format = %[1]s: %[2]s, %[3]s: %[4]s
 already_forked = Du har redan förgrenat %s
-commitstatus.failure = Fel
-ext_issues = Externa fel
+commitstatus.failure = Misslyckad
+ext_issues = Externa ärenden
 open_with_editor = Öppna med %s
 default_branch_label = standard
 desc.sha256 = SHA256
@@ -1748,10 +1941,10 @@ pulls.status_checks_details = Detaljer
 wiki.cancel = Avbryt
 settings.mirror_settings.direction = Riktning
 settings.slack_color = Färg
-settings.event_issue_label = Etikett
-settings.event_issue_milestone = Målstolpe
-settings.event_pull_request_label = Etikett
-settings.event_pull_request_milestone = Målstolpar
+settings.event_issue_label = Etiketter
+settings.event_issue_milestone = Milstolpar
+settings.event_pull_request_label = Etiketter
+settings.event_pull_request_milestone = Milstolpar
 settings.event_pull_request_comment = Kommentarer
 settings.event_package = Paket
 settings.web_hook_name_slack = Slack
@@ -1811,7 +2004,7 @@ settings.tags.protection.create = Lägg till regel
 settings.thread_id = Tråd-ID
 settings.rename_branch = Döp om gren
 diff.show_more = Visa mer
-release.tag_helper_existing = Existerande tagg.
+release.tag_helper_existing = Befintlig tagg.
 release.delete_tag = Ta bort tagg
 release.add_tag = Skapa tagg
 branch.create_from = från "%s"
@@ -1828,12 +2021,753 @@ settings.transfer.modal.title = Överför ägarskap
 wiki.search = Sök wiki
 wiki.no_search_results = Inga resultat
 release.asset_external_url = Extern URL
+rss.must_be_on_branch = Du måste vara på en gren för att ha ett RSS-flöde.
+admin.enabled_flags = Flaggor aktiverade för kodförrådet:
+admin.failed_to_replace_flags = Det gick inte att ersätta kodförrådets flaggor
+admin.flags_replaced = Kodförrådets flaggor ersatta
+new_repo_helper = Ett kodförråd innehåller alla projektfiler, inklusive revisionshistorik. Har du redan ett kodförråd någon annanstans? <a href="%s">Migrera kodförråd</a>.
+new_from_template = Använd en mall
+new_from_template_description = Du kan välja en befintlig kodförrådsmall på denna instans och tillämpa dess inställningar.
+new_advanced = Avancerade inställningar
+new_advanced_expand = Klicka för att expandera
+owner_helper = Vissa organisationer kanske inte visas i rullgardinsmenyn på grund av en maxgräns för antal kodförråd.
+fork_branch = Gren som ska klonas till förgreningen
+object_format_helper = Objektformat för kodförrådet. Kan inte ändras senare. SHA1 är mest kompatibelt.
+auto_init_description = Starta Git-historiken med en README och lägg valfritt till licens- och .gitignore-filer.
+mirror_interval = Speglingsintervall (giltiga tidsenheter är "h", "m", "s"). 0 för att inaktivera periodisk synkronisering. (Minsta intervall: %s)
+mirror_public_key = Offentlig SSH-nyckel
+mirror_use_ssh.text = Använd SSH-autentisering
+mirror_use_ssh.helper = Forgejo kommer att spegla kodförrådet via Git över SSH och skapa ett nyckelpar åt dig när du väljer detta alternativ. Du måste se till att den genererade offentliga nyckeln är auktoriserad att skicka till målkodförrådet. Du kan inte använda lösenordsbaserad autentisering när du väljer detta.
+mirror_use_ssh.not_available = SSH-autentisering är inte tillgängligt.
+mirror_denied_combination = Det går inte att använda offentlig nyckel och lösenordsbaserad autentisering i kombination.
+mirror_sync = synkroniserad
+mirror_sync_on_commit = Synkronisera när incheckningar skickas
+mirror_address_desc = Lägg eventuella nödvändiga autentiseringsuppgifter i auktoriseringssektionen.
+mirror_address_url_invalid = Den angivna URL:en är ogiltig. Se till att komponenterna i URL:en är korrekt kodade.
+mirror_address_protocol_invalid = Den angivna URL:en är ogiltig. Endast http(s):// eller git:// adresser kan användas för spegling.
+mirror_lfs = Storfilslagring (LFS)
+mirror_lfs_desc = Aktivera spegling av LFS-data.
+mirror_lfs_endpoint = LFS-slutpunkt
+mirror_lfs_endpoint_desc = Synkronisering kommer försöka använda klonings-URL:en för att <a target="_blank" rel="noopener noreferrer" href="%s">bestämma LFS-servern</a>. Du kan också ange en anpassad slutpunkt om kodförrådets LFS-data lagras någon annanstans.
+mirror_password_placeholder = (Oförändrat)
+mirror_password_blank_placeholder = (Ej angivet)
+mirror_password_help = Ändra användarnamnet för att radera ett sparat lösenord.
+stars_remove_warning = Detta kommer ta bort alla stjärnor från detta kodförråd.
+adopt_search = Ange användarnamn för att söka efter oadopterade kodförråd… (lämna tomt för att hitta alla)
+adopt_preexisting_label = Adoptera filer
+adopt_preexisting = Adoptera befintliga filer
+adopt_preexisting_success = Adopterade filer och skapade kodförråd från %s
+delete_preexisting_success = Raderade oadopterade filer i %s
+blame_prior = Visa klander före denna ändring
+blame.ignore_revs = Ignorerar revisioner i <a href="%s">.git-blame-ignore-revs</a>. Klicka <a href="%s">här för att kringgå</a> och se normal klandervy.
+blame.ignore_revs.failed = Det gick inte att ignorera revisioner i <a href="%s">.git-blame-ignore-revs</a>.
+author_search_tooltip = Visar maximalt 30 användare
+summary_card_alt = Sammanfattningskort för kodförråd %s
+tree_path_not_found.commit = Sökvägen %[1]s finns inte i incheckning %[2]s
+tree_path_not_found.branch = Sökvägen %[1]s finns inte i gren %[2]s
+tree_path_not_found.tag = Sökvägen %[1]s finns inte i tagg %[2]s
+transfer.accept_desc = Överför till "%s"
+transfer.reject = Avvisa överföring
+transfer.reject_desc = Avbryt överföring till "%s"
+transfer.no_permission_to_accept = Du har inte behörighet att acceptera denna överföring.
+transfer.no_permission_to_reject = Du har inte behörighet att avvisa denna överföring.
+template.git_hooks_tooltip = Du kan för närvarande inte modifiera eller ta bort Git-krokar när de väl lagts till. Välj detta endast om du litar på mallens kodförråd.
+archive.title = Detta kodförråd är arkiverat. Du kan visa filer och klona det, men du kan inte göra några ändringar av dess tillstånd, såsom att skicka och skapa nya ärenden, ändringsförfrågningar eller kommentarer.
+archive.title_date = Detta kodförråd arkiverades %s. Du kan visa filer och klona det, men du kan inte göra några ändringar av dess tillstånd, såsom att skicka och skapa nya ärenden, ändringsförfrågningar eller kommentarer.
+archive.nocomment = Kommentering är inte möjlig eftersom kodförrådet är arkiverat.
+archive.pull.noreview = Detta kodförråd är arkiverat. Du kan inte granska ändringsförfrågningar.
+sync_fork.branch_behind_one = Denna gren ligger %[1]d incheckning efter %[2]s
+sync_fork.branch_behind_few = Denna gren ligger %[1]d incheckningar efter %[2]s
+sync_fork.button = Synkronisera
+form.reach_limit_of_creation_1 = Ägaren har redan nått gränsen på %d kodförråd.
+form.reach_limit_of_creation_n = Ägaren har redan nått gränsen på %d kodförråd.
+form.name_reserved = Kodförrådets namn "%s" är reserverat.
+form.name_pattern_not_allowed = Mönstret "%s" är inte tillåtet i ett kodförrådsnamn.
+form.string_too_long = Den angivna strängen är längre än %d tecken.
+need_auth = Auktorisering
+migrate_options_mirror_helper = Detta kodförråd kommer vara en spegling
+migrate_options_lfs = Migrera LFS-filer
+migrate_options_lfs_endpoint.label = LFS-slutpunkt
+migrate_options_lfs_endpoint.description = Migreringen kommer försöka använda din Git-remote för att <a target="_blank" rel="noopener noreferrer" href="%s">bestämma LFS-servern</a>. Du kan också ange en anpassad slutpunkt om kodförrådets LFS-data lagras någon annanstans.
+migrate_options_lfs_endpoint.description.local = En lokal serversökväg stöds också.
+migrate_options_lfs_endpoint.placeholder = Om den lämnas tom kommer slutpunkten härledas från klonings-URL:en
+migrate.repo_desc_helper = Lämna tomt för att importera befintlig beskrivning
+migrate.github_token_desc = Du kan ange en eller flera tokens här separerade med kommatecken för att göra migreringen snabbare genom att kringgå GitHubs API-hastighetsbegränsning. VARNING: Missbruk av denna funktion kan bryta mot tjänsteleverantörens regler och kan leda till att ditt/dina konto(n) blockeras.
+migrate.permission_denied_blocked = Du kan inte importera från otillåtna värdar, be administratören att kontrollera inställningarna för ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS.
+migrate.invalid_local_path = Den lokala sökvägen är ogiltig. Den finns inte eller är inte en katalog.
+migrate.invalid_lfs_endpoint = LFS-slutpunkten är inte giltig.
+migrate.migrating_failed.error = Misslyckades med att migrera: %s
+migrate.migrating_failed_no_addr = Migreringen misslyckades.
+migrate.migrating_git = Migrerar Git-data
+migrate.migrating_topics = Migrerar ämnen
+migrate.migrating_milestones = Migrerar milstolpar
+migrate.migrating_labels = Migrerar etiketter
+migrate.migrating_releases = Migrerar utgåvor
+migrate.migrating_pulls = Migrerar ändringsförfrågningar
+migrate.cancel_migrating_title = Avbryt migrering
+migrate.cancel_migrating_confirm = Vill du avbryta denna migrering?
+subscribe.issue.guest.tooltip = Logga in för att prenumerera på detta ärende.
+subscribe.pull.guest.tooltip = Logga in för att prenumerera på denna ändringsförfrågan.
+more_operations = Fler åtgärder
+cite_this_repo = Citera detta kodförråd
+broken_message = Git-datan som ligger till grund för detta kodförråd kan inte läsas. Kontakta administratören för denna instans eller ta bort detta kodförråd.
+actions = Actions
+n_commit_one = %s incheckning
+n_commit_few = %s incheckningar
+n_branch_one = %s gren
+n_branch_few = %s grenar
+n_tag_one = %s tagg
+n_tag_few = %s taggar
+n_release_one = %s utgåva
+n_release_few = %s utgåvor
+released_this = släppte detta
+file.title = %s vid %s
+file_follow = Följ symlänk
+file_view_rendered = Visa renderad
+invisible_runes_header = `Denna fil innehåller osynliga Unicode-tecken`
+invisible_runes_description = `Denna fil innehåller osynliga Unicode-tecken som är omöjliga att skilja för människor men kan bearbetas annorlunda av en dator. Om du tror att detta är avsiktligt kan du säkert ignorera denna varning. Använd Escape-knappen för att visa dem.`
+ambiguous_runes_header = `Denna fil innehåller tvetydiga Unicode-tecken`
+ambiguous_runes_description = `Denna fil innehåller Unicode-tecken som kan förväxlas med andra tecken. Om du tror att detta är avsiktligt kan du säkert ignorera denna varning. Använd Escape-knappen för att visa dem.`
+invisible_runes_line = `Denna rad innehåller osynliga Unicode-tecken`
+ambiguous_runes_line = `Denna rad innehåller tvetydiga Unicode-tecken`
+ambiguous_character = `%[1]c [U+%04[1]X] kan förväxlas med %[2]c [U+%04[2]X]`
+escape_control_characters = Maskera
+unescape_control_characters = Avmaskera
+view_git_blame = Visa git blame
+executable_file = Körbar fil
+vendored = Tredjepartspaketerad
+generated = Genererad
+commit_graph.hide_pr_refs = Dölj ändringsförfrågan
+commit.contained_in = Denna incheckning finns i:
+commit.contained_in_default_branch = Denna incheckning är en del av standardgrenen
+commit.load_referencing_branches_and_tags = Ladda grenar och taggar som refererar till denna incheckning
+no_eol.text = Ingen EOL
+no_eol.tooltip = Denna fil innehåller ingen avslutande radsluts-tecken.
+editor.file_delete_success = Filen "%s" har raderats.
+editor.patch = Applicera programfix
+editor.patching = Programfixar:
+editor.fail_to_apply_patch = Det gick inte att applicera programfix "%s"
+editor.new_patch = Ny programfix
+editor.signoff_desc = Lägg till en Signed-off-by-avslutning av den som checkar in i slutet av incheckning-loggmeddelandet.
+editor.new_branch_name = Namnge den nya grenen för denna incheckning
+editor.filename_is_invalid = Filnamnet är ogiltigt: "%s".
+editor.invalid_commit_mail = Ogiltig e-post för att skapa en incheckning.
+editor.branch_does_not_exist = Grenen "%s" finns inte i detta kodförråd.
+editor.branch_already_exists = Grenen "%s" finns redan i detta kodförråd.
+editor.directory_is_a_file = Katalognamnet "%s" används redan som ett filnamn i detta kodförråd.
+editor.file_is_a_symlink = `"%s" är en symbolisk länk. Symboliska länkar kan inte redigeras i webbeditorn`
+editor.filename_is_a_directory = Filnamnet "%s" används redan som ett katalognamn i detta kodförråd.
+editor.file_editing_no_longer_exists = Filen som redigeras, "%s", finns inte längre i detta kodförråd.
+editor.file_deleting_no_longer_exists = Filen som raderas, "%s", finns inte längre i detta kodförråd.
+editor.file_already_exists = En fil med namnet "%s" finns redan i detta kodförråd.
+editor.commit_id_not_matching = Filen ändrades medan du redigerade den. Checka in till en ny gren och sammanfoga sedan.
+editor.push_out_of_date = Skickningen verkar vara inaktuell.
+editor.fail_to_update_file = Det gick inte att uppdatera/skapa fil "%s".
+editor.push_rejected_no_message = Ändringen avvisades av servern utan ett meddelande. Kontrollera Git-krokar.
+editor.push_rejected = Ändringen avvisades av servern. Kontrollera Git-krokar.
+editor.push_rejected_summary = Fullständigt avvisningsmeddelande:
+editor.unable_to_upload_files = Det gick inte att ladda upp filer till "%s" med fel: %v
+editor.upload_file_is_locked = Filen "%s" är låst av %s.
+editor.upload_files_to_dir = Ladda upp filer till "%s"
+editor.cannot_commit_to_protected_branch = Det går inte att checka in till skyddad gren "%s".
+editor.cherry_pick = Russinplocka %s till:
+editor.revert = Återställ %s till:
+editor.commit_email = E-post för incheckning
+commits.no_commits = Inga gemensamma incheckningar. "%s" och "%s" har helt olika historik.
+commits.nothing_to_compare = Dessa grenar är identiska.
+commits.search.tooltip = Du kan prefixa nyckelord med "author:", "committer:", "after:", eller "before:", t.ex. "revert author:Alice before:2019-01-13".
+commits.browse_further = Bläddra vidare
+commits.renamed_from = Bytt namn från %s
+commits.ssh_key_fingerprint = SSH-nyckelfingeravtryck
+commits.view_path = Visa vid denna punkt i historiken
+commits.view_single_diff = Visa ändringar av denna fil introducerade i denna incheckning
+commit.operations = Åtgärder
+commit.revert = Återställ
+commit.revert-header = Återställ: %s
+commit.revert-content = Välj gren att återställa till:
+commit.cherry-pick = Russinplocka
+commit.cherry-pick-header = Russinplocka: %s
+commit.cherry-pick-content = Välj gren att russinplocka till:
+projects.description = Beskrivning (valfri)
+projects.new_subheader = Koordinera, spåra och uppdatera ditt arbete på ett ställe, så att projekten förblir transparenta och håller schemat.
+projects.create_success = Projektet "%s" har skapats.
+projects.deletion_desc = Att radera ett projekt tar bort det från alla relaterade ärenden. Vill du fortsätta?
+projects.edit_subheader = Projekt organiserar ärenden och spårar framsteg.
+projects.edit_success = Projektet "%s" har uppdaterats.
+projects.type.basic_kanban = Grundläggande kanban
+projects.type.bug_triage = Sortering av programfel
+projects.template.desc_helper = Välj en projektmall för att komma igång
+projects.column.set_default = Ange som standard
+projects.column.set_default_desc = Ställ in denna kolumn som standard för okategoriserade ärenden och ändringsförfrågningar
+projects.column.deletion_desc = Att radera en projektkolumn flyttar alla relaterade ärenden till standardkolumnen. Vill du fortsätta?
+projects.column.assigned_to = Tilldelad till
+projects.card_type.desc = Kortförhandsvisningar
+projects.card_type.images_and_text = Bilder och text
+issues.filter_no_results = Inga resultat
+issues.filter_no_results_placeholder = Försök justera dina sökfilter.
+issues.new.assign_to_me = Tilldela till mig
+issues.edit.already_changed = Det gick inte att spara ändringar till ärendet. Det verkar som att innehållet redan har ändrats av en annan användare. Uppdatera sidan och försök redigera igen för att undvika att skriva över deras ändringar
+issues.choose.ignore_invalid_templates = Ogiltiga mallar har ignorerats
+issues.choose.invalid_templates = %v ogiltig(a) mall(ar) hittades
+issues.choose.invalid_config = Ärendekonfigurationen innehåller fel:
+issues.label_templates.fail_to_load_file = Det gick inte att ladda etikettmallfilen "%s": %v
+issues.add_label = lade till etiketten %s %s
+issues.add_labels = lade till etiketterna %s %s
+issues.remove_label = tog bort etiketten %s %s
+issues.remove_labels = tog bort etiketterna %s %s
+issues.add_remove_labels = lade till %s och tog bort %s etiketter %s
+issues.change_project_at = `ändrade projektet från <b>%s</b> till <b>%s</b> %s`
+issues.change_ref_at = `ändrade referens från <b><strike>%s</strike></b> till <b>%s</b> %s`
+issues.remove_ref_at = `tog bort referens <b>%s</b> %s`
+issues.add_ref_at = `lade till referens <b>%s</b> %s`
+issues.filter_milestone_all = Alla milstolpar
+issues.filter_milestone_none = Inga milstolpar
+issues.filter_milestone_open = Öppna milstolpar
+issues.filter_milestone_closed = Stängda milstolpar
+issues.filter_poster = Författare
+issues.filter_poster_no_select = Alla författare
+issues.filter_type.all_pull_requests = Alla ändringsförfrågningar
+issues.filter_type.review_requested = Granskning begärd
+issues.filter_type.reviewed_by_you = Granskad av dig
+issues.action_check = Markera/Avmarkera
+issues.action_check_all = Markera/Avmarkera alla objekt
+pulls.merged_by = av <a href="%[2]s">%[3]s</a> sammanfogades %[1]s
+pulls.merged_by_fake = av %[2]s sammanfogades %[1]s
+issues.closed_by = av <a href="%[2]s">%[3]s</a> stängdes %[1]s
+issues.opened_by_fake = öppnades %[1]s av %[2]s
+issues.closed_by_fake = av %[2]s stängdes %[1]s
+issues.num_comments_1 = %d kommentar
+issues.num_reviews_one = %d granskning
+issues.num_reviews_few = %d granskningar
+issues.reaction.add = Lägg till reaktion
+issues.reaction.alt_few = %[1]s reagerade %[2]s.
+issues.reaction.alt_many = %[1]s och %[2]d fler reagerade %[3]s.
+issues.reaction.alt_remove = Ta bort %[1]s-reaktion från kommentar.
+issues.reaction.alt_add = Lägg till %[1]s-reaktion till kommentar.
+issues.context.menu = Kommentarmeny
+issues.no_content = Ingen beskrivning angiven.
+issues.close = Stäng ärende
+issues.comment_pull_merged_at = sammanfogade incheckning %[1]s till %[2]s %[3]s
+issues.comment_manually_pull_merged_at = sammanfogade manuellt incheckning %[1]s till %[2]s %[3]s
+issues.author = Författare
+issues.author.tooltip.issue = Denna användare är författare till detta ärende.
+issues.author.tooltip.pr = Denna användare är författare till denna ändringsförfrågan.
+issues.role.owner_helper = Denna användare är ägare till detta kodförråd.
+issues.role.member_helper = Denna användare är medlem i organisationen som äger detta kodförråd.
+issues.role.collaborator = Medarbetare
+issues.role.collaborator_helper = Denna användare har bjudits in att samarbeta på kodförrådet.
+issues.role.first_time_contributor = Förstagångsbidragare
+issues.role.first_time_contributor_helper = Detta är denna användares första bidrag till kodförrådet.
+issues.role.contributor = Bidragsgivare
+issues.role.contributor_helper = Denna användare har tidigare checkat in i detta kodförråd.
+issues.is_stale = Det har skett ändringar i denna ändringsförfrågan sedan denna granskning
+issues.dismiss_review = Avfärda granskning
+issues.dismiss_review_warning = Är du säker på att du vill avfärda denna granskning?
+issues.label_exclusive = Exklusiv
+issues.label_archived_filter = Visa arkiverade etiketter
+issues.label_archive_tooltip = Arkiverade etiketter exkluderas som standard från förslagen vid sökning efter etikett.
+issues.label_exclusive_desc = Namnge etiketten <code>scope/item</code> för att göra den ömsesidigt exklusiv med andra <code>scope/</code>-etiketter.
+issues.label_exclusive_warning = Eventuella konfliktande omfångsetiketter kommer att tas bort vid redigering av etiketter för ett ärende eller ändringsförfrågan.
+issues.archived_label_description = (Arkiverad) %s
+issues.num_participants_one = %d deltagare
+issues.unpin_issue = Lossa ärende
+issues.max_pinned = Du kan inte fästa fler ärenden
+issues.pin_comment = fäste detta %s
+issues.unpin_comment = lossade detta %s
+issues.start_tracking_short = Starta timer
+issues.stop_tracking = Stoppa timer
+issues.cancel_tracking = Kassera
+issues.cancel_tracking_history = `avbröt tidspårning %s`
+issues.del_time = Radera denna tidslogg
+issues.force_push_codes = `tvångsskickade %[1]s från <a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s till <a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s %[6]s`
+issues.due_date_modified = ändrade förfallodatumet från %[2]s till %[1]s %[3]s
+issues.dependency.issue_no_dependencies = Inga beroenden satta.
+issues.dependency.pr_no_dependencies = Inga beroenden satta.
+issues.dependency.no_permission_1 = Du har inte behörighet att läsa %d beroende
+issues.dependency.no_permission_n = Du har inte behörighet att läsa %d beroenden
+issues.dependency.no_permission.can_remove = Du har inte behörighet att läsa detta beroende men kan ta bort detta beroende
+issues.dependency.pr_closing_blockedby = Stängning av denna ändringsförfrågan blockeras av följande ärenden
+issues.dependency.issue_closing_blockedby = Stängning av detta ärende blockeras av följande ärenden
+issues.dependency.issue_batch_close_blocked = Det går inte att batchstänga valda ärenden, eftersom ärende #%d fortfarande har öppna beroenden
+issues.review.dismissed = avfärdade %s:s granskning %s
+issues.review.dismissed_label = Avfärdad
+issues.review.add_review_requests = begärde granskningar från %[1]s %[2]s
+issues.review.remove_review_requests = tog bort granskningsbegäranden för %[1]s %[2]s
+issues.review.add_remove_review_requests = begärde granskningar från %[1]s och tog bort granskningsbegäranden för %[2]s %[3]s
+issues.review.pending.tooltip = Denna kommentar är för närvarande inte synlig för andra användare. För att skicka dina väntande kommentarer, välj "%s" -> "%s/%s/%s" högst upp på sidan.
+issues.review.outdated = Föråldrad
+issues.review.outdated_description = Innehållet har ändrats sedan denna kommentar gjordes
+issues.review.option.show_outdated_comments = Visa föråldrade kommentarer
+issues.review.option.hide_outdated_comments = Dölj föråldrade kommentarer
+issues.review.un_resolve_conversation = Återöppna konversation
+issues.reference_issue.body = Brödtext
+issues.content_history.delete_from_history = Radera från historik
+issues.content_history.delete_from_history_confirm = Radera från historik?
+issues.blocked_by_user = Du kan inte skapa ärenden i detta kodförråd eftersom du är blockerad av kodförrådets ägare.
+comment.blocked_by_user = Kommentering är inte möjlig eftersom du är blockerad av kodförrådets ägare eller författaren.
+issues.summary_card_alt = Sammanfattningskort för ett ärende med titel "%s" i kodförråd %s
+compare.compare_base = bas
+pulls.view = Visa ändringsförfrågan
+pulls.edit.already_changed = Det gick inte att spara ändringar till ändringsförfrågan. Det verkar som att innehållet redan har ändrats av en annan användare. Uppdatera sidan och försök redigera igen för att undvika att skriva över deras ändringar
+pulls.sign_in_require = <a href="%s">Logga in</a> för att skapa en ny ändringsförfrågan.
+pulls.allow_edits_from_maintainers = Tillåt redigeringar från underhållare
+pulls.allow_edits_from_maintainers_desc = Användare med skrivåtkomst till basgrenen kan också skicka till denna gren
+pulls.allow_edits_from_maintainers_err = Uppdatering misslyckades
+pulls.has_changed_since_last_review = Ändrad sedan din senaste granskning
+pulls.viewed_files_label = %[1]d / %[2]d filer visade
+pulls.expand_files = Expandera alla filer
+pulls.collapse_files = Fäll ihop alla filer
+pulls.switch_comparison_type = Byt jämförelsetyp
+pulls.switch_head_and_base = Byt huvud och bas
+pulls.show_all_commits = Visa alla incheckningar
+pulls.show_changes_since_your_last_review = Visa ändringar sedan din senaste granskning
+pulls.showing_only_single_commit = Visar endast ändringar av incheckning %[1]s
+pulls.showing_specified_commit_range = Visar endast ändringar mellan %[1]s..%[2]s
+pulls.select_commit_hold_shift_for_range = Välj incheckning. Håll shift + klicka för att välja ett intervall
+pulls.filter_changes_by_commit = Filtrera efter incheckning
+pulls.nothing_to_compare_have_tag = De valda grenarna/taggarna är identiska.
+pulls.nothing_to_compare_and_allow_empty_pr = Dessa grenar är identiska. Denna PR kommer vara tom.
+pulls.has_pull_request = `En ändringsförfrågan mellan dessa grenar finns redan: <a href="%[1]s">%[2]s#%[3]d</a>`
+pulls.merged_success = Ändringsförfrågan sammanfogad och stängd
+pulls.closed = Ändringsförfrågan stängd
+pulls.manually_merged = Manuellt sammanfogad
+pulls.merged_info_text = Grenen %s kan nu raderas.
+pulls.cannot_merge_work_in_progress = Denna ändringsförfrågan är markerad som pågående arbete.
+pulls.still_in_progress = Fortfarande pågående?
+pulls.add_prefix = Lägg till <strong>%s</strong>-prefix
+pulls.ready_for_review = Redo för granskning?
+pulls.remove_prefix = Ta bort <strong>%s</strong>-prefix
+pulls.is_ancestor = Denna gren ingår redan i målgrenen. Det finns inget att sammanfoga.
+pulls.is_empty = Ändringarna på denna gren finns redan på målgrenen. Detta blir en tom incheckning.
+pulls.blocked_by_approvals = Denna ändringsförfrågan har inte tillräckligt med godkännanden ännu. %d av %d godkännanden beviljade.
+pulls.blocked_by_rejection = Denna ändringsförfrågan har ändringar begärda av en officiell granskare.
+pulls.blocked_by_official_review_requests = Denna ändringsförfrågan är blockerad eftersom den saknar godkännande från en eller flera officiella granskare.
+pulls.blocked_by_outdated_branch = Denna ändringsförfrågan är blockerad eftersom den är föråldrad.
+pulls.blocked_by_changed_protected_files_1 = Denna ändringsförfrågan är blockerad eftersom den ändrar en skyddad fil:
+pulls.blocked_by_changed_protected_files_n = Denna ändringsförfrågan är blockerad eftersom den ändrar skyddade filer:
+pulls.num_conflicting_files_1 = %d konfliktande fil
+pulls.num_conflicting_files_n = %d konfliktande filer
+pulls.approve_count_1 = %d godkännande
+pulls.approve_count_n = %d godkännanden
+pulls.reject_count_1 = %d ändringsbegäran
+pulls.reject_count_n = %d ändringsbegäranden
+pulls.waiting_count_1 = %d väntande granskning
+pulls.waiting_count_n = %d väntande granskningar
+pulls.wrong_commit_id = inchecknings-id måste vara ett inchecknings-id på målgrenen
+pulls.blocked_by_user = Du kan inte skapa en ändringsförfrågan på detta kodförråd eftersom du är blockerad av kodförrådets ägare.
+pulls.no_merge_wip = Denna ändringsförfrågan kan inte sammanfogas eftersom den är markerad som pågående arbete.
+pulls.no_merge_not_ready = Denna ändringsförfrågan är inte redo att sammanfogas, kontrollera granskningsstatus och statuskontroller.
+pulls.no_merge_access = Du är inte behörig att sammanfoga denna ändringsförfrågan.
+pulls.merge_pull_request = Skapa sammanfogningsincheckning
+pulls.rebase_merge_pull_request = Ombasera sedan snabbspola
+pulls.rebase_merge_commit_pull_request = Ombasera sedan skapa sammanfogningsincheckning
+pulls.squash_merge_pull_request = Slå samman till en incheckning
+pulls.fast_forward_only_merge_pull_request = Endast snabbspolning
+pulls.merge_manually = Manuellt sammanfogad
+pulls.merge_commit_id = Sammanfogningsincheckningens ID
+pulls.require_signed_wont_sign = Grenen kräver signerade incheckningar men denna sammanfogning kommer inte signeras
+pulls.merge_conflict = Sammanfogning misslyckades: Det uppstod en konflikt vid sammanfogning. Tips: Prova en annan strategi
+pulls.rebase_conflict = Sammanfogning misslyckades: Det uppstod en konflikt vid ombasering av incheckning: %[1]s. Tips: Prova en annan strategi
+pulls.unrelated_histories = Sammanfogning misslyckades: Sammanfogningshuvudet och basen delar ingen gemensam historik. Tips: Prova en annan strategi
+pulls.merge_out_of_date = Sammanfogning misslyckades: Under sammanfogningen uppdaterades basen. Tips: Försök igen.
+pulls.head_out_of_date = Sammanfogning misslyckades: Under sammanfogningen uppdaterades huvudet. Tips: Försök igen.
+pulls.has_merged = Misslyckades: Ändringsförfrågan har redan sammanfogats, du kan inte sammanfoga igen eller ändra målgren.
+pulls.push_rejected = Skickning misslyckades: Skickningen avvisades. Granska Git-krokarna för detta kodförråd.
+pulls.push_rejected_summary = Fullständigt avvisningsmeddelande
+pulls.push_rejected_no_message = Skickning misslyckades: Skickningen avvisades men det fanns inget fjärrmeddelande. Granska Git-krokarna för detta kodförråd
+pulls.status_checking = Vissa kontroller väntar
+pulls.status_checks_success = Alla kontroller lyckades
+pulls.status_checks_warning = Vissa kontroller rapporterade varningar
+pulls.status_checks_failure = Vissa kontroller misslyckades
+pulls.status_checks_error = Vissa kontroller rapporterade fel
+pulls.status_checks_requested = Obligatorisk
+pulls.status_checks_hide_all = Dölj alla kontroller
+pulls.status_checks_show_all = Visa alla kontroller
+pulls.update_branch = Uppdatera gren via sammanfogning
+pulls.update_branch_rebase = Uppdatera gren via ombasering
+pulls.close = Stäng ändringsförfrågan
+pulls.closed_at = `stängde denna ändringsförfrågan %s`
+pulls.reopened_at = `återöppnade denna ändringsförfrågan %s`
+pulls.commit_ref_at = `refererade denna ändringsförfrågan från en incheckning %s`
+pulls.cmd_instruction_hint = Visa kommandoradsinstruktioner
+pulls.cmd_instruction_checkout_title = Checkout
+pulls.cmd_instruction_checkout_desc = Från din projektkatalog, checka ut en ny gren och testa ändringarna.
+pulls.cmd_instruction_merge_title = Sammanfoga
+pulls.cmd_instruction_merge_desc = Sammanfoga ändringarna och uppdatera på Forgejo.
+pulls.cmd_instruction_merge_warning = <b>Varning:</b> Inställningen "Automatisk identifiering av manuell sammanfogning" är inte aktiverad för detta kodförråd, du måste markera denna ändringsförfrågan som manuellt sammanfogad efteråt.
+pulls.clear_merge_message = Rensa sammanfogningsmeddelande
+pulls.clear_merge_message_hint = Att rensa sammanfogningsmeddelandet tar endast bort incheckningsmeddelandes innehåll och behåller genererade git-trailers som "Co-Authored-By …".
+pulls.reopen_failed.head_branch = Ändringsförfrågan kan inte återöppnas eftersom huvudgrenen inte längre existerar.
+pulls.reopen_failed.base_branch = Ändringsförfrågan kan inte återöppnas eftersom basgrenen inte längre existerar.
+pulls.made_using_agit = AGit
+pulls.agit_explanation = Skapad med AGit-arbetsflödet. AGit låter bidragsgivare föreslå ändringar med "git-skickning" utan att skapa en förgrening eller en ny gren.
+pulls.editable_explanation = Denna ändringsförfrågan tillåter redigeringar från underhållare. Du kan bidra direkt till den.
+pulls.auto_merge_button_when_succeed = (När kontroller lyckas)
+pulls.auto_merge_when_succeed = Automatisk sammanfogning när alla kontroller lyckas
+pulls.auto_merge_newly_scheduled = Ändringsförfrågan schemalagdes att sammanfogas när alla kontroller lyckas.
+pulls.auto_merge_has_pending_schedule = %[1]s schemalade denna ändringsförfrågan för automatisk sammanfogning när alla kontroller lyckas %[2]s.
+pulls.auto_merge_cancel_schedule = Avbryt automatisk sammanfogning
+pulls.auto_merge_not_scheduled = Denna ändringsförfrågan är inte schemalagd för automatisk sammanfogning.
+pulls.auto_merge_canceled_schedule = Automatisk sammanfogning avbröts för denna ändringsförfrågan.
+pulls.auto_merge_newly_scheduled_comment = `schemalade denna ändringsförfrågan för automatisk sammanfogning när alla kontroller lyckas %[1]s`
+pulls.auto_merge_canceled_schedule_comment = `avbröt automatisk sammanfogning av denna ändringsförfrågan när alla kontroller lyckas %[1]s`
+pulls.delete_after_merge.head_branch.is_default = Huvudgrenen du vill radera är standardgrenen och kan inte raderas.
+pulls.delete_after_merge.head_branch.is_protected = Huvudgrenen du vill radera är en skyddad gren och kan inte raderas.
+pulls.delete_after_merge.head_branch.insufficient_branch = Du har inte behörighet att radera huvudgrenen.
+pulls.delete.title = Radera denna ändringsförfrågan?
+pulls.delete.text = Vill du verkligen radera denna ändringsförfrågan? (Detta tar permanent bort allt innehåll. Överväg att stänga den istället om du vill behålla den arkiverad)
+pulls.recently_pushed_new_branches = Du skickade till gren <a href="%[3]s"><strong>%[1]s</strong></a> %[2]s
+pull.deleted_branch = (raderad):%s
+comments.edit.already_changed = Det gick inte att spara ändringar till kommentaren. Det verkar som att innehållet redan har ändrats av en annan användare. Uppdatera sidan och försök redigera igen för att undvika att skriva över deras ändringar
+milestones.update_ago = Uppdaterad %s
+milestones.new_subheader = Milstolpar kan hjälpa dig organisera ärenden och följa deras framsteg.
+milestones.create_success = Milstolpen "%s" har skapats.
+milestones.edit_success = Milstolpen "%s" har uppdaterats.
+milestones.filter_sort.earliest_due_data = Närmaste förfallodatum
+milestones.filter_sort.latest_due_date = Avlägsnaste förfallodatum
+signing.will_sign = Denna incheckning kommer signeras med nyckel "%s".
+signing.wont_sign.error = Det uppstod ett fel vid kontroll om incheckningen kunde signeras.
+signing.wont_sign.nokey = Denna instans har ingen nyckel att signera denna incheckning med.
+signing.wont_sign.never = Incheckningar signeras aldrig.
+signing.wont_sign.always = Incheckningar signeras alltid.
+signing.wont_sign.pubkey = Incheckningen kommer inte signeras eftersom du inte har en offentlig nyckel kopplad till ditt konto.
+signing.wont_sign.twofa = Du måste ha tvåfaktorsautentisering aktiverad för att få incheckningar signerade.
+signing.wont_sign.parentsigned = Incheckningen kommer inte signeras eftersom föräldraincheckningen inte är signerad.
+signing.wont_sign.basesigned = Sammanfogningen kommer inte signeras eftersom basincheckningen inte är signerad.
+signing.wont_sign.headsigned = Sammanfogningen kommer inte signeras eftersom huvudincheckningen inte är signerad.
+signing.wont_sign.commitssigned = Sammanfogningen kommer inte signeras eftersom inte alla tillhörande incheckningar är signerade.
+signing.wont_sign.approved = Sammanfogningen kommer inte signeras eftersom ändringsförfrågan inte är godkänd.
+signing.wont_sign.not_signed_in = Du är inte inloggad.
+wiki.file_revision = Sidrevision
+wiki.wiki_page_revisions = Sidrevisioner
+wiki.delete_page_notice_1 = Borttagning av wiki-sidan "%s" kan inte ångras. Vill du fortsätta?
+wiki.reserved_page = Wiki-sidnamnet "%s" är reserverat.
+wiki.page_name_desc = Ange ett namn för denna wiki-sida. Vissa speciella namn är: "Home", "_Sidebar" och "_Footer".
+wiki.original_git_entry_tooltip = Visa ursprunglig Git-fil istället för att använda vänlig länk.
+activity.navbar.contributors = Bidragsgivare
+activity.navbar.recent_commits = Senaste incheckningar
+activity.title.issues_closed_from = %s stängda från %s
+activity.published_prerelease_label = Förutgåva
+activity.git_stats_pushed_1 = har skickat
+activity.git_stats_pushed_n = har skickat
+activity.git_stats_commit_1 = %d incheckning
+activity.git_stats_commit_n = %d incheckningar
+activity.git_stats_push_to_branch = till %s och
+activity.git_stats_additions = och det har gjorts
+activity.commit = Incheckningsaktivitet
+contributors.contribution_type.filter_label = Bidragstyp:
+contributors.contribution_type.additions = Tillägg
+contributors.contribution_type.deletions = Borttagningar
+settings.federation_settings = Federationsinställningar
+settings.federation_apapiurl = Federations-URL för detta kodförråd. Kopiera och klistra in detta i Federationsinställningar för ett annat kodförråd som en URL för ett följt kodförråd.
+settings.federation_following_repos = URL:er för följda kodförråd. Separerade med ";", inga mellanslag.
+settings.federation_not_enabled = Federation är inte aktiverat på din instans.
+settings.mirror_settings.docs = Konfigurera ditt kodförråd för att automatiskt synkronisera incheckningar, taggar och grenar med ett annat kodförråd.
+settings.mirror_settings.docs.disabled_pull_mirror.instructions = Konfigurera ditt projekt för att automatiskt skicka incheckningar, taggar och grenar till ett annat kodförråd. Dra-speglingar har inaktiverats av din webbplatsadministratör.
+settings.mirror_settings.docs.disabled_push_mirror.instructions = Konfigurera ditt projekt för att automatiskt hämta incheckningar, taggar och grenar från ett annat kodförråd.
+settings.mirror_settings.docs.disabled_push_mirror.pull_mirror_warning = Just nu kan detta endast göras i menyn "Ny migrering". För mer information, se:
+settings.mirror_settings.docs.disabled_push_mirror.info = Skicka-speglingar har inaktiverats av din webbplatsadministratör.
+settings.mirror_settings.docs.no_new_mirrors = Ditt kodförråd speglar ändringar till eller från ett annat kodförråd. Observera att du inte kan skapa några nya speglingar just nu.
+settings.mirror_settings.docs.can_still_use = Även om du inte kan ändra befintliga speglingar eller skapa nya, kan du fortfarande använda din befintliga spegling.
+settings.mirror_settings.docs.pull_mirror_instructions = För att konfigurera en dra-spegling, se:
+settings.mirror_settings.docs.more_information_if_disabled = Du kan läsa mer om skicka- och dra-speglingar här:
+settings.mirror_settings.docs.doc_link_title = Hur speglar jag kodförråd?
+settings.mirror_settings.docs.doc_link_pull_section = avsnittet "Hämta från ett fjärr-kodförråd" i dokumentationen.
+settings.mirror_settings.docs.pulling_remote_title = Hämta från ett fjärr-kodförråd
+settings.mirror_settings.mirrored_repository = Speglat kodförråd
+settings.mirror_settings.pushed_repository = Skickat kodförråd
+settings.mirror_settings.direction.pull = Dra
+settings.mirror_settings.direction.push = Skicka
+settings.mirror_settings.push_mirror.none = Inga skicka-speglingar konfigurerade
+settings.mirror_settings.push_mirror.remote_url = URL till fjärr-Git-kodförråd
+settings.mirror_settings.push_mirror.add = Lägg till skicka-spegling
+settings.mirror_settings.push_mirror.edit_sync_time = Redigera synkroniseringsintervall för spegling
+settings.units.units = Enheter
+settings.mirror_settings.push_mirror.copy_public_key = Kopiera offentlig nyckel
+settings.pull_mirror_sync_in_progress = Hämtar ändringar från fjärr-kodförrådet %s just nu.
+settings.pull_mirror_sync_quota_exceeded = Kvoten överskriden, hämtar inte ändringar.
+settings.push_mirror_sync_in_progress = Skickar ändringar till fjärr-kodförrådet %s just nu.
+settings.update_mirror_settings = Uppdatera speglingsinställningar
+settings.branches.switch_default_branch = Byt standardgren
+settings.branches.update_default_branch = Uppdatera standardgren
+settings.branches.add_new_rule = Lägg till ny regel
+settings.wiki_globally_editable = Tillåt vem som helst att redigera wikin
+settings.tracker_issue_style.regexp = Reguljärt uttryck
+settings.tracker_issue_style.regexp_pattern = Mönster för reguljärt uttryck
+settings.tracker_issue_style.regexp_pattern_desc = Den första fångade gruppen kommer att användas i stället för <code>{index}</code>.
+settings.pulls.enable_autodetect_manual_merge = Aktivera automatisk identifiering av manuell sammanfogning (Obs: I vissa specialfall kan felaktiga bedömningar förekomma)
+settings.pulls.allow_rebase_update = Aktivera uppdatering av ändringsförfrågan-gren via ombasering
+settings.default_update_style_desc = Standarduppdateringsstil som används för att uppdatera ändringsförfrågningar som ligger efter basgrenen.
+settings.pulls.default_delete_branch_after_merge = Ta bort ändringsförfrågan-grenen efter sammanfogning som standard
+settings.pulls.default_allow_edits_from_maintainers = Tillåt redigeringar från underhållare som standard
+settings.releases_desc = Aktivera utgåvor för kodförrådet
+settings.packages_desc = Aktivera paketregister för kodförrådet
+settings.projects_desc = Aktivera projekt för kodförrådet
+settings.actions_desc = Aktivera integrerade CI/CD-pipelines med Forgejo Actions
+settings.admin_code_indexer = Kodindexerare
+settings.admin_stats_indexer = Kodstatistikindexerare
+settings.admin_indexer_commit_sha = Senast indexerad incheckning
+settings.admin_indexer_unindexed = Oindexerad
+settings.reindex_button = Lägg till i omindexeringskön
+settings.reindex_requested = Omindexering begärd
+settings.new_owner_blocked_doer = Den nya ägaren har blockerat dig.
+settings.convert_fork_desc = Du kan konvertera denna förgrening till ett vanligt kodförråd. Detta kan inte ångras.
+settings.convert_fork_notices_1 = Denna åtgärd kommer att konvertera förgreningen till ett vanligt kodförråd och kan inte ångras.
+settings.convert_fork_succeed = Förgreningen har konverterats till ett vanligt kodförråd.
+settings.transfer.rejected = Överföring av kodförråd avvisades.
+settings.transfer.success = Överföring av kodförråd lyckades.
+settings.transfer_abort_invalid = Du kan inte avbryta en obefintlig överföring av kodförråd.
+settings.transfer_abort_success = Överföringen av kodförrådet till %s avbröts framgångsrikt.
+settings.confirmation_string = Bekräftelsesträng
+settings.transfer_in_progress = Det pågår för närvarande en överföring. Avbryt den om du vill överföra detta kodförråd till en annan användare.
+settings.transfer_notices_3 = - Om kodförrådet är privat och överförs till en enskild användare, ser denna åtgärd till att användaren har åtminstone läsbehörighet (och ändrar behörigheter vid behov).
+settings.transfer_perform = Genomför överföring
+settings.transfer_started = Detta kodförråd har markerats för överföring och väntar på bekräftelse från "%s"
+settings.transfer_quota_exceeded = Den nya ägaren (%s) har överskridit kvoten. Kodförrådet har inte överförts.
+settings.signing_settings = Inställningar för signaturverifiering
+settings.trust_model = Förtroendemodell för signaturer
+settings.trust_model.default = Standardförtroendemodell
+settings.trust_model.default.desc = Använd standardförtroendemodell för kodförråd i denna installation.
+settings.trust_model.collaborator.long = Medarbetare: Lita på signaturer från medarbetare
+settings.trust_model.collaborator.desc = Giltiga signaturer från medarbetare i detta kodförråd markeras som "betrodda" - (oavsett om de matchar incheckaren eller inte). Annars markeras giltiga signaturer som "ej betrodda" om signaturen matchar incheckaren och "ej matchande" om inte.
+settings.trust_model.committer = Incheckare
+settings.trust_model.committer.long = Incheckare: Lita på signaturer som matchar incheckare (Detta matchar GitHub och tvingar Forgejo-signerade incheckningar att ha Forgejo som incheckare)
+settings.trust_model.committer.desc = Giltiga signaturer markeras endast som "betrodda" om de matchar incheckaren, annars markeras de som "ej matchande". Detta tvingar Forgejo att vara incheckare på signerade incheckningar med den faktiska incheckaren markerad som Co-authored-by: och Co-committed-by: i incheckningens avslutning. Forgejos standardnyckel måste matcha en användare i databasen.
+settings.trust_model.collaboratorcommitter = Medarbetare+Incheckare
+settings.trust_model.collaboratorcommitter.long = Medarbetare+Incheckare: Lita på signaturer från medarbetare som matchar incheckaren
+settings.trust_model.collaboratorcommitter.desc = Giltiga signaturer från medarbetare i detta kodförråd markeras som "betrodda" om de matchar incheckaren. Annars markeras giltiga signaturer som "ej betrodda" om signaturen matchar incheckaren och "ej matchande" annars. Detta tvingar Forgejo att markeras som incheckare på signerade incheckningar med den faktiska incheckaren markerad som Co-Authored-By: och Co-Committed-By: i incheckningens avslutning. Forgejos standardnyckel måste matcha en användare i databasen.
+settings.wiki_rename_branch_main = Normalisera wiki-grenens namn
+settings.wiki_rename_branch_main_desc = Byt namn på grenen som används internt av wikin till "%s". Denna ändring är permanent och kan inte ångras.
+settings.wiki_rename_branch_main_notices_1 = Denna åtgärd kan <strong>INTE</strong> ångras.
+settings.wiki_rename_branch_main_notices_2 = Detta kommer permanent byta namn på den interna grenen för %s:s wiki. Befintliga utcheckningar behöver uppdateras.
+settings.wiki_branch_rename_success = Kodförrådets wiki-grennamn har normaliserats framgångsrikt.
+settings.wiki_branch_rename_failure = Misslyckades med att normalisera kodförrådets wiki-grennamn.
+settings.confirm_wiki_branch_rename = Byt namn på wiki-grenen
+settings.update_settings_no_unit = Kodförrådet bör tillåta åtminstone någon form av interaktion.
+settings.add_collaborator_inactive_user = Det går inte att lägga till en inaktiv användare som medarbetare.
+settings.add_collaborator_owner = Det går inte att lägga till en ägare som medarbetare.
+settings.add_collaborator_blocked_our = Det går inte att lägga till medarbetaren, eftersom kodförrådets ägare har blockerat dem.
+settings.add_collaborator_blocked_them = Det går inte att lägga till medarbetaren, eftersom de har blockerat kodförrådets ägare.
+settings.change_team_permission_tip = Teamets behörighet ställs in på teaminställningssidan och kan inte ändras per kodförråd
+settings.delete_team_tip = Detta team har åtkomst till alla kodförråd och kan inte tas bort
+settings.add_webhook.invalid_channel_name = Webbkrok-kanalnamn kan inte vara tomt och kan inte bara innehålla ett #-tecken.
+settings.add_webhook.invalid_path = Sökvägen får inte innehålla en del som är "." eller ".." eller en tom sträng. Den kan inte börja eller sluta med ett snedstreck.
+settings.webhook.test_delivery_desc_disabled = För att testa denna webbkrok med en simulerad händelse, aktivera den.
+settings.webhook.replay.description = Spela upp denna webbkrok igen.
+settings.webhook.replay.description_disabled = För att spela upp denna webbkrok igen, aktivera den.
+settings.webhook.delivery.success = Ett händelse har lagts till i leveranskön. Det kan ta några sekunder innan det visas i leveranshistoriken.
+settings.githooks_desc = Git-krokar drivs av Git själv. Du kan redigera krokfiler nedan för att sätta upp anpassade operationer.
+settings.discord_icon_url.exceeds_max_length = Ikon-URL måste vara 2048 tecken eller färre
+settings.event_delete_desc = Gren eller tagg borttagen.
+settings.event_wiki_desc = Wiki-sida skapad, omdöpt, redigerad eller borttagen.
+settings.event_issues_desc = Ärende öppnat, stängt, återöppnat, eller redigerat.
+settings.event_issue_assign = Tilldelning
+settings.event_issue_assign_desc = Ärende tilldelat eller avtilldelat.
+settings.event_issue_label_desc = Ärendeetiketter tillagda eller borttagna.
+settings.event_issue_milestone_desc = Milstolpe tillagd, borttagen eller ändrad.
+settings.event_header_pull_request = Ändringsförfrågan-händelser
+settings.event_pull_request_desc = Ändringsförfrågan öppnad, stängd, återöppnad, eller redigerad.
+settings.event_pull_request_assign = Tilldelning
+settings.event_pull_request_assign_desc = Ändringsförfrågan tilldelad eller avtilldelad.
+settings.event_pull_request_label_desc = Ändringsförfrågan-etiketter tillagda eller borttagna.
+settings.event_pull_request_milestone_desc = Milstolpe tillagd, borttagen eller ändrad.
+settings.event_pull_request_comment_desc = Ändringsförfrågan-kommentar skapad, redigerad, eller borttagen.
+settings.event_pull_request_review = Granskningar
+settings.event_pull_request_review_desc = Ändringsförfrågan godkänd, avvisad, eller granskningskommentarer tillagda.
+settings.event_pull_request_sync = Synkroniserad
+settings.event_pull_request_sync_desc = Gren uppdaterad automatiskt med målgrenen.
+settings.event_pull_request_review_request = Granskningsförfrågningar
+settings.event_pull_request_review_request_desc = Ändringsförfrågan-granskning begärd eller granskningsförfrågan borttagen.
+settings.event_pull_request_approvals = Ändringsförfrågan-godkännanden
+settings.event_pull_request_merge = Ändringsförfrågan-sammanfogning
+settings.event_pull_request_enforcement = Tillämpning
+settings.event_header_action = Action Run-händelser
+settings.event_action_failure = Misslyckande
+settings.event_action_failure_desc = Actions-körning avslutades som misslyckande.
+settings.event_action_recover = Återhämtning
+settings.event_action_recover_desc = Actions-körning lyckades efter att senaste körning i samma arbetsflöde misslyckades.
+settings.event_action_success = Lyckad
+settings.event_action_success_desc = Actions-körning lyckades.
+settings.event_package_desc = Paket skapat eller borttaget i ett kodförråd.
+settings.branch_filter_desc = Vitlista för grenar vid skicka-, grenskapande- och grenborttagningshändelser, angivet som glob-mönster. Om tomt eller <code>*</code>, rapporteras händelser för alla grenar. Se <a href="%[1]s">%[2]s</a>-dokumentationen för syntax. Exempel: <code>master</code>, <code>{master,release*}</code>.
+settings.authorization_header = Auktoriseringshuvud
+settings.authorization_header_desc = Kommer att inkluderas som auktoriseringshuvud för förfrågningar när det finns. Exempel: %s.
+settings.active_helper = Information om utlösta händelser kommer att skickas till denna webbkrok-URL.
+settings.add_web_hook_desc = Integrera <a target="_blank" rel="noreferrer" href="%s">%s</a> i ditt kodförråd.
+settings.web_hook_name_gitea = Gitea
+settings.web_hook_name_forgejo = Forgejo
+settings.web_hook_name_gogs = Gogs
+settings.web_hook_name_dingtalk = DingTalk
+settings.web_hook_name_matrix = Matrix
+settings.web_hook_name_msteams = Microsoft Teams
+settings.web_hook_name_feishu = Feishu / Lark Suite
+settings.web_hook_name_feishu_only = Feishu
+settings.web_hook_name_larksuite_only = Lark Suite
+settings.web_hook_name_wechatwork = WeCom (Wechat Work)
+settings.web_hook_name_packagist = Packagist
+settings.packagist_username = Packagist-användarnamn
+settings.packagist_package_url = Packagist-paket-URL
+settings.web_hook_name_sourcehut_builds = SourceHut Builds
+settings.sourcehut_builds.manifest_path = Sökväg till byggmanifest
+settings.sourcehut_builds.visibility = Jobbsynlighet
+settings.sourcehut_builds.secrets_helper = Ge jobbet åtkomst till bygghemligheterna (kräver SECRETS:RO-behörighet)
+settings.sourcehut_builds.access_token_helper = Åtkomsttoken som har JOBS:RW-behörighet. Generera en <a target="_blank" rel="noopener noreferrer" href="%s">builds.sr.ht-token</a> eller en <a target="_blank" rel="noopener noreferrer" href="%s">builds.sr.ht-token med hemlighetstillgång</a> på meta.sr.ht.
+settings.add_key_success = Distributionsnyckeln "%s" har lagts till.
+settings.protect_new_rule = Skapa en ny grenskyddsregel
+settings.protect_enable_merge = Aktivera sammanfogning
+settings.protect_enable_merge_desc = Alla med skrivåtkomst kommer att kunna sammanfoga ändringsförfrågningar till denna gren.
+settings.protect_whitelist_committers = Vitlista begränsad skickning
+settings.protect_whitelist_committers_desc = Endast vitlistade användare eller team kommer att kunna skicka till denna gren (men inte tvångsskicka).
+settings.protect_status_check_patterns = Mönster för statuskontroller
+settings.protect_status_check_patterns_desc = Ange mönster för att specificera vilka statuskontroller som måste godkännas innan grenar kan sammanfogas till en gren som matchar denna regel. Varje rad anger ett mönster. Mönster kan inte vara tomma.
+settings.protect_status_check_matched = Matchad
+settings.protect_invalid_status_check_pattern = Ogiltigt mönster för statuskontroll: "%s".
+settings.protect_no_valid_status_check_patterns = Inga giltiga mönster för statuskontroll.
+settings.protect_required_approvals_desc = Tillåt endast sammanfogning av ändringsförfrågan med tillräckligt många positiva granskningar.
+settings.protect_approvals_whitelist_enabled = Begränsa godkännanden till vitlistade användare eller team
+settings.protect_approvals_whitelist_enabled_desc = Endast granskningar från vitlistade användare eller team räknas mot erforderliga godkännanden. Utan godkännandevitlista räknas granskningar från alla med skrivåtkomst mot erforderliga godkännanden.
+settings.dismiss_stale_approvals = Avfärda inaktuella godkännanden
+settings.dismiss_stale_approvals_desc = När nya incheckningar som ändrar innehållet i ändringsförfrågan skickas till grenen, kommer gamla godkännanden att avfärdas.
+settings.ignore_stale_approvals = Ignorera inaktuella godkännanden
+settings.ignore_stale_approvals_desc = Räkna inte godkännanden som gjordes på äldre incheckningar (inaktuella granskningar) mot hur många godkännanden ändringsförfrågan har. Irrelevant om inaktuella granskningar redan avfärdats.
+settings.protect_branch_name_pattern = Mönster för skyddat grennamn
+settings.protect_branch_name_pattern_desc = Mönster för skyddade grennamn. Se <a href="%s">dokumentationen</a> för mönstersyntax. Exempel: main, release/**
+settings.protect_protected_file_patterns = Mönster för skyddade filer (separerade med semikolon ";")
+settings.protect_protected_file_patterns_desc = Skyddade filer får inte ändras direkt även om användaren har rättigheter att lägga till, redigera, eller ta bort filer i denna gren. Flera mönster kan separeras med semikolon (";"). Se <a href="%[1]s">%[2]s</a>-dokumentationen för mönstersyntax. Exempel: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
+settings.protect_unprotected_file_patterns = Mönster för oskyddade filer (separerade med semikolon ";")
+settings.protect_unprotected_file_patterns_desc = Oskyddade filer som kan ändras direkt om användaren har skrivåtkomst, förbi push-begränsningen. Flera mönster kan separeras med semikolon (";"). Se <a href="%[1]s">%[2]s</a>-dokumentationen för mönstersyntax. Exempel: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
+settings.update_protect_branch_success = Grenskydd för regeln "%s" har uppdaterats.
+settings.remove_protected_branch_success = Grenskydd för regeln "%s" har tagits bort.
+settings.remove_protected_branch_failed = Borttagning av grenskyddsregeln "%s" misslyckades.
+settings.block_rejected_reviews = Blockera sammanfogning vid avvisade granskningar
+settings.block_rejected_reviews_desc = Sammanfogning kommer inte vara möjlig när ändringar begärts av officiella granskare, även om det finns tillräckligt med godkännanden.
+settings.block_on_official_review_requests = Blockera sammanfogning vid officiella granskningsförfrågningar
+settings.block_on_official_review_requests_desc = Sammanfogning kommer inte vara möjlig när det finns officiella granskningsförfrågningar, även om det finns tillräckligt med godkännanden.
+settings.block_outdated_branch = Blockera sammanfogning om ändringsförfrågan är inaktuell
+settings.block_outdated_branch_desc = Sammanfogning kommer inte vara möjlig när head-grenen ligger efter basgrenen.
+settings.enforce_on_admins = Tillämpa denna regel för kodförrådsadministratörer
+settings.enforce_on_admins_desc = Kodförrådsadministratörer kan inte kringgå denna regel.
+settings.merge_style_desc = Sammanfogningsstilar
+settings.default_merge_style_desc = Standard sammanfogningsstil
+settings.protected_branch_required_rule_name = Obligatoriskt regelnamn
+settings.protected_branch_duplicate_rule_name = Det finns redan en regel för denna uppsättning grenar
+settings.tags.protection = Taggskydd
+settings.tags.protection.pattern = Taggmönster
+settings.tags.protection.allowed = Tillåtna
+settings.tags.protection.none = Det finns inga skyddade taggar.
+settings.tags.protection.pattern.description = Du kan använda ett enda namn eller ett glob-mönster eller reguljärt uttryck för att matcha flera taggar. Läs mer i <a target="_blank" rel="noopener" href="%s">guiden för skyddade taggar</a>.
+settings.matrix.homeserver_url = Homeserver URL
+settings.matrix.access_token_helper = Det rekommenderas att skapa ett dedikerat Matrix-konto för detta. Åtkomsttoken kan hämtas från Element-webbklienten (i en privat/inkognito-flik) > Användarmeny (uppe till vänster) > Alla inställningar > Hjälp & Om > Avancerat > Åtkomsttoken (precis under Homeserver-URL). Stäng den privata/inkognito-fliken (att logga ut skulle ogiltigförklara token).
+settings.matrix.room_id_helper = Rum-ID kan hämtas från Element-webbklienten > Rumsinställningar > Avancerat > Internt rum-ID. Exempel: %s.
+settings.archive.text = Arkivering av kodförrådet gör det helt skrivskyddat. Det kommer att döljas från instrumentpanelen. Ingen (inte ens du!) kommer att kunna göra nya incheckningar, eller öppna ärenden eller ändringsförfrågningar.
+settings.archive.tagsettings_unavailable = Tagginställningar är inte tillgängliga i arkiverade kodförråd.
+settings.archive.mirrors_unavailable = Speglingar är inte tillgängliga i arkiverade kodförråd.
+settings.unarchive.button = Avarkivera kodförråd
+settings.unarchive.header = Avarkivera detta kodförråd
+settings.unarchive.text = Avarkivering av kodförrådet återställer dess förmåga att ta emot incheckningar och skickar, samt nya ärenden och ändringsförfrågningar.
+settings.unarchive.success = Kodförrådet avarkiverades framgångsrikt.
+settings.unarchive.error = Ett fel uppstod vid försök att avarkivera kodförrådet. Se loggen för mer detaljer.
+settings.lfs_noattribute = Denna sökväg har inte attributet låsbar i standardgrenen
+settings.lfs_delete = Ta bort LFS-fil med OID %s
+settings.lfs_delete_warning = Borttagning av en LFS-fil kan orsaka "objekt finns inte"-fel vid utcheckning. Är du säker?
+settings.lfs_findpointerfiles = Hitta pekarfiler
+settings.lfs_lock_file_no_exist = Låst fil finns inte i standardgrenen
+settings.lfs_pointers.found = Hittade %d blob-pekare - %d kopplade, %d okopplade (%d saknas från lagret)
+settings.lfs_pointers.exists = Finns i lagret
+settings.lfs_pointers.accessible = Tillgänglig för användare
+settings.lfs_pointers.associateAccessible = Associera tillgängliga %d OID:er
+settings.rename_branch_failed_protected = Det går inte att byta namn på grenen %s eftersom det är en skyddad gren.
+settings.rename_branch_failed_exist = Det går inte att byta namn på grenen eftersom målgrenen %s redan finns.
+settings.rename_branch_success = Grenen %s byttes framgångsrikt namn till %s.
+diff.git-notes.add = Lägg till anteckning
+diff.git-notes.remove-header = Ta bort anteckning
+diff.git-notes.remove-body = Denna anteckning kommer att tas bort.
+diff.options_button = Diff-alternativ
+diff.download_patch = Ladda ner programfixfil
+diff.download_diff = Ladda ner diff-fil
+diff.stats_desc_file = %d ändringar: %d tillägg och %d borttagningar
+diff.bin_not_shown = Binärfil visas inte.
+diff.file_suppressed_line_too_long = Fil-diff undertryckt eftersom en eller flera rader är för långa
+diff.too_many_files = Vissa filer visades inte eftersom för många filer har ändrats i denna diff
+diff.load = Ladda diff
+diff.generated = genererad
+diff.vendored = tredjepartspaketerad
+diff.comment.add_line_comment = Lägg till radkommentar
+diff.review.header = Skicka granskning
+diff.review.self_reject = Ändringsförfrågan-författare kan inte begära ändringar på sin egen ändringsförfrågan
+diff.review.self_approve = Ändringsförfrågan-författare kan inte godkänna sin egen ändringsförfrågan
+diff.protected = Skyddad
+diff.image.side_by_side = Sida vid sida
+diff.image.swipe = Svep
+diff.image.overlay = Överlägga
+diff.show_file_tree = Visa filträd
+diff.hide_file_tree = Dölj filträd
+release.detail = Utgåvadetaljer
+release.tag_helper_new = Ny tagg. Denna tagg kommer att skapas från målet.
+release.title = Utgåvatitel
+release.title_empty = Titeln kan inte vara tom.
+release.message = Beskriv denna utgåva
+release.deletion_desc = Borttagning av en utgåva tar bara bort den från Forgejo. Det påverkar inte Git-taggen, innehållet i ditt kodförråd eller dess historik. Vill du fortsätta?
+release.deletion_tag_desc = Detta kommer att ta bort taggen från kodförrådet. Kodförrådets innehåll och historik förblir oförändrade. Vill du fortsätta?
+release.deletion_tag_success = Taggen har tagits bort.
+release.tag_name_protected = Taggnamnet är skyddat.
+release.add_tag_msg = Använd utgåvans titel och innehåll som taggmeddelande.
+release.hide_archive_links = Dölj automatiskt genererade arkiv
+release.hide_archive_links_helper = Dölj automatiskt genererade källkodsarkiv för denna utgåva. Till exempel om du laddar upp egna.
+release.releases_for = Utgåvor för %s
+release.tags_for = Taggar för %s
+release.system_generated = Denna bilaga genereras automatiskt.
+release.type_attachment = Bilaga
+release.type_external_asset = Extern resurs
+release.asset_name = Resursnamn
+release.add_external_asset = Lägg till extern resurs
+release.invalid_external_url = Ogiltig extern URL: "%s"
+release.summary_card_alt = Sammanfattningskort för en utgåva med titeln "%s" i kodförrådet %s
+branch.already_exists = En gren med namnet "%s" finns redan.
+branch.delete = Ta bort grenen "%s"
+branch.delete_desc = Borttagning av en gren är permanent. Även om den borttagna grenen kan fortsätta existera en kort tid innan den faktiskt tas bort, kan det INTE ångras i de flesta fall. Vill du fortsätta?
+branch.deletion_success = Grenen "%s" har tagits bort.
+branch.deletion_failed = Misslyckades med att ta bort grenen "%s".
+branch.delete_branch_has_new_commits = Grenen "%s" kan inte tas bort eftersom nya incheckningar har lagts till efter sammanfogning.
+branch.create_success = Grenen "%s" har skapats.
+branch.branch_already_exists = Grenen "%s" finns redan i detta kodförråd.
+branch.branch_name_conflict = Grennamnet "%s" är i konflikt med den redan befintliga grenen "%s".
+branch.tag_collision = Grenen "%s" kan inte skapas eftersom en tagg med samma namn redan finns i kodförrådet.
+branch.restore_success = Grenen "%s" har återställts.
+branch.restore_failed = Misslyckades med att återställa grenen "%s".
+branch.protected_deletion_failed = Grenen "%s" är skyddad. Den kan inte tas bort.
+branch.default_deletion_failed = Grenen "%s" är standardgrenen. Den kan inte tas bort.
+branch.restore = Återställ grenen "%s"
+branch.download = Ladda ner grenen "%s"
+branch.rename = Byt namn på grenen "%s"
+branch.included_desc = Denna gren är en del av standardgrenen
+branch.included = Inkluderad
+branch.create_new_branch = Skapa gren från gren:
+branch.warning_rename_default_branch = Du byter namn på standardgrenen.
+branch.rename_branch_to = Byter namn på grenen "%s".
+branch.new_branch = Skapa ny gren
+branch.new_branch_from = Skapa ny gren från "%s"
+branch.renamed = Grenen %s byttes namn till %s.
+tag.create_tag = Skapa taggen %s
+tag.create_tag_from = Skapa ny tagg från "%s"
+tag.create_success = Taggen "%s" har skapats.
+topic.format_prompt = Ämnen måste börja med en bokstav eller siffra, kan innehålla bindestreck ("-") och punkter ("."), och kan vara upp till 35 tecken långa. Bokstäver måste vara gemener.
+find_file.go_to_file = Hitta en fil
+find_file.no_matching = Ingen matchande fil hittades
+error.csv.too_large = Det går inte att rendera denna fil eftersom den är för stor.
+error.csv.unexpected = Det går inte att rendera denna fil eftersom den innehåller ett oväntat tecken på rad %d och kolumn %d.
+error.csv.invalid_field_count = Det går inte att rendera denna fil eftersom den har fel antal fält på rad %d.
 
 
 
 [graphs]
 component_loading = Laddar %s…
 code_frequency.what = kodfrekvens
+component_loading_failed = Det gick inte att ladda %s
+component_loading_info = Detta kan ta en stund…
+component_failed_to_load = Ett oväntat fel inträffade.
+contributors.what = bidrag
+recent_commits.what = senaste incheckningar
 
 [org]
 org_name_holder=Organisationsnamn
@@ -1845,16 +2779,16 @@ members=Medlemmar
 teams=Grupper
 lower_members=medlemmar
 lower_repositories=utvecklingskataloger
-create_new_team=Nytt lag
-create_team=Skapa lag
+create_new_team=Nytt team
+create_team=Skapa team
 org_desc=Beskrivning
-team_name=Lagnamn
+team_name=Teamnamn
 team_desc=Beskrivning
 team_name_helper=Teamnamn bör vara korta och lätta att komma ihåg.
 team_desc_helper=Beskriv syftet eller rollen för teamet.
 team_access_desc=Åtkomst till utvecklingskatalogen
 team_permission_desc=Behörighet
-team_unit_desc=Tillåt åtkomst till delar utav utvecklingskatalogen
+team_unit_desc=Tillåt åtkomst till delar av kodförrådet
 team_unit_disabled=(Inaktiverad)
 
 form.create_org_not_allowed=Du tillåts inte att skapa organisationer.
@@ -1875,7 +2809,7 @@ settings.update_settings=Uppdatera inställningar
 settings.update_setting_success=Organisationsinställningarna har uppdaterats.
 settings.update_avatar_success=Organisationens avatar har uppdateras.
 settings.delete=Tag bort organisation
-settings.delete_account=Ta bort denna organisationen
+settings.delete_account=Ta bort denna organisation
 settings.delete_prompt=Organisationen kommer tas bort permanent, och det går <strong>INTE</strong> att ångra detta!
 settings.confirm_delete_account=Bekräfta borttagning
 settings.delete_org_title=Ta bort organisation
@@ -1909,12 +2843,12 @@ teams.settings=Inställningar
 teams.owners_permission_desc=Ägare har full åtkomst till <strong>alla utvecklingskataloger</strong> och har <strong>administratörsåtkomst</strong> till organisationen.
 teams.members=Lagmedlemmar
 teams.update_settings=Uppdatera inställningar
-teams.delete_team=Ta bort lag
-teams.add_team_member=Lägg till lagmedlem
-teams.delete_team_title=Ta bort lag
+teams.delete_team=Ta bort team
+teams.add_team_member=Lägg till teammedlem
+teams.delete_team_title=Ta bort team
 teams.delete_team_desc=Borttagning av ett team återkallar åtkomsten till utvecklingskatalogen för dess medlemmar. Vill du fortsätta?
 teams.delete_team_success=Teamet har blivit borttaget.
-teams.admin_permission_desc=Medlemskap i detta lag ger <strong>administratörsrättigheter</strong>: medlemmar kan läsa från, pusha till och lägga till medarbetare till lagets utvecklingskataloger.
+teams.admin_permission_desc=Medlemskap i detta team ger <strong>administratörsrättigheter</strong>: medlemmar kan läsa från, skicka till och lägga till medarbetare till teamets kodförråd.
 teams.create_repo_permission_desc=Vidare så ger detta team <strong>Skapa utvecklingskatalog</strong> rättigheten: medlemmar can skapa nya utvecklingskataloger i organisationen.
 teams.repositories=Lagets utvecklingskataloger
 teams.remove_all_repos_title=Ta bort alla utvecklingskataloger för teamet
@@ -1934,6 +2868,26 @@ teams.write_access = Skriv
 teams.none_access = Ingen åtkomst
 teams.general_access = Anpassad åtkomst
 teams.invite_team_member.list = Väntande inbjudningar
+open_dashboard = Öppna instrumentpanel
+follow_blocked_user = Du kan inte följa denna organisation eftersom denna organisation har blockerat dig.
+form.name_reserved = Organisationsnamnet "%s" är reserverat.
+form.name_pattern_not_allowed = Mönstret "%s" är inte tillåtet i ett organisationsnamn.
+settings.email = Kontakt-e-post
+settings.visibility.limited = Begränsad (synlig endast för inloggade användare)
+settings.change_orgname_prompt = Obs: Att ändra organisationsnamnet ändrar också din organisations URL och frigör det gamla namnet.
+settings.change_orgname_redirect_prompt = Det gamla namnet kommer omdirigera tills någon tar det i anspråk.
+settings.change_orgname_redirect_prompt.with_cooldown.one = Det gamla organisationsnamnet blir tillgängligt för alla efter en vänteperiod på %[1]d dag. Du kan fortfarande återta det gamla namnet under vänteperioden.
+settings.change_orgname_redirect_prompt.with_cooldown.few = Det gamla organisationsnamnet blir tillgängligt för alla efter en vänteperiod på %[1]d dagar. Du kan fortfarande återta det gamla namnet under vänteperioden.
+members.remove.detail = Ta bort %[1]s från %[2]s?
+members.leave.detail = Är du säker på att du vill lämna organisationen "%s"?
+teams.leave.detail = Är du säker på att du vill lämna teamet "%s"?
+teams.none_access_helper = Alternativet "ingen åtkomst" har endast effekt på privata kodförråd.
+teams.general_access_helper = Medlemmarnas behörigheter bestäms av behörighetstabellen nedan.
+teams.invite_team_member = Bjud in till %s
+teams.add_nonexistent_repo = Kodförrådet du försöker lägga till finns inte, skapa den först.
+teams.invite.title = Du har bjudits in att gå med i teamet <strong>%s</strong> i organisationen <strong>%s</strong>.
+teams.invite.by = Inbjuden av %s
+teams.invite.description = Klicka på knappen nedan för att gå med i teamet.
 
 [admin]
 dashboard=Instrumentpanel
@@ -1959,7 +2913,7 @@ dashboard.clean_unbind_oauth_success=Alla obundna OAuth anslutningar har raderat
 dashboard.delete_missing_repos=Ta bort alla utvecklingskataloger som saknar filer specifika för Git
 dashboard.delete_generated_repository_avatars=Ta bort genererade avatarer för utvecklingskatalogen
 dashboard.git_gc_repos=Rensa skräpfiler på samtliga utvecklingskataloger
-dashboard.resync_all_hooks=Återsynkronisera pre-recieve, update och post-receive hooks för alla utvecklingskataloger
+dashboard.resync_all_hooks=Återsynkronisera pre-receive-, update- och post-receive-krokar för alla kodförråd
 dashboard.reinit_missing_repos=Återinitialisera alla saknade utvecklingskataloger som vi känner till
 dashboard.sync_external_users=Synkronisera extern användardata
 dashboard.server_uptime=Serverns upptid
@@ -2001,7 +2955,7 @@ users.repos=Utvecklingskataloger
 users.created=Skapad
 users.last_login=Senaste inloggning
 users.never_login=Aldrig loggat in
-users.send_register_notify=Notifiera om registrering via e-post
+users.send_register_notify=Meddela om registrering via e-post
 users.edit=Redigera
 users.auth_source=Autentiseringskälla
 users.local=Lokal
@@ -2009,13 +2963,13 @@ users.auth_login_name=Användarnamn för inloggning
 users.password_helper=Lämna lösenordsfältet tomt att låta det förbli oförändrat.
 users.update_profile_success=Användarkontot har blivit uppdaterat.
 users.edit_account=Redigera användarkontot
-users.max_repo_creation=Maximalt antal utvecklingskataloger
+users.max_repo_creation=Maximalt antal kodförråd
 users.max_repo_creation_desc=(Ange -1 för att använda global satt gräns.)
 users.is_activated=Aktiverat konto
 users.prohibit_login=Avstängt konto
 users.is_admin=Administratörkonto
 users.allow_git_hook=Kan skapa Git-hooks
-users.allow_import_local=Kan importera lokala utvecklingskataloger
+users.allow_import_local=Kan importera lokala kodförråd
 users.allow_create_organization=Kan skapa organisationer
 users.update_profile=Uppdatera användarkonto
 users.delete_account=Ta bort användarkontot
@@ -2038,7 +2992,7 @@ orgs.teams=Team
 orgs.members=Medlemmar
 orgs.new_orga=Ny organisation
 
-repos.repo_manage_panel=Hantera utvecklingskataloger
+repos.repo_manage_panel=Hantera kodförråd
 repos.owner=Ägare
 repos.name=Namn
 repos.private=Privat
@@ -2052,10 +3006,10 @@ packages.repository=Utvecklingskatalog
 packages.size=Storlek
 
 
-systemhooks=Systemets webbhooks
+systemhooks=Systemwebbkrokar
 
 auths.auth_manage_panel=Hantera autentiseringkällor
-auths.new=Lägg till autensieringskälla
+auths.new=Lägg till autentiseringskälla
 auths.name=Namn
 auths.type=Typ
 auths.enabled=Aktiv
@@ -2077,7 +3031,7 @@ auths.attribute_name=Förnamnsattribut
 auths.attribute_surname=Efternamnsattribut
 auths.attribute_mail=E-postattribut
 auths.attribute_ssh_public_key=Attribut för offentlig SSH-nyckel
-auths.attributes_in_bind=Hämta attribut ur bind DN context
+auths.attributes_in_bind=Hämta attribut ur bind DN kontext
 auths.use_paged_search=Använd paginerad sökning
 auths.search_page_size=Sidstorlek
 auths.filter=Användarfilter
@@ -2100,7 +3054,7 @@ auths.oauth2_authURL=Auktoriseringslänk
 auths.oauth2_profileURL=Profil-URL
 auths.oauth2_emailURL=E-post URL
 auths.tips=Tips
-auths.tips.oauth2.general=OAuth2-autensiering
+auths.tips.oauth2.general=OAuth2-autentisering
 auths.tip.oauth2_provider=OAuth2-leverantör
 auths.tip.bitbucket=Registrera en ny OAuth konsument på %s
 auths.tip.dropbox=Skapa en ny applikation på %s
@@ -2108,7 +3062,7 @@ auths.tip.facebook=Registrera en ny appliaktion på %s och lägg till produkten
 auths.tip.github=Registrera en ny OAuth applikation på %s
 auths.tip.google_plus=Erhåll inloggningsuppgifter för OAuth2 från Google API-konsolen på %s
 auths.tip.openid_connect=Använd OpenID Connect Discovery länken (<server>/.well-known/openid-configuration) för att ange slutpunkterna
-auths.tip.twitter=Gå till %s, skapa en applikation och försäkra att alternativet "Allow this application to be used to Sign in with Twitter" är aktiverat
+auths.tip.twitter=Gå till %s, skapa en applikation och försäkra att alternativet "Tillåt att denna applikation används för att logga in med Twitter" är aktiverat
 auths.tip.discord=Registrera en ny applikation på %s
 auths.edit=Redigera autentiseringskälla
 auths.activated=Denna autentiseringskälla är aktiverad
@@ -2130,7 +3084,7 @@ config.disable_router_log=Inaktivera routerloggning
 config.run_user=Användare att köra som
 config.run_mode=Exekveringsläge
 config.git_version=Git-version
-config.repo_root_path=Rotsökväg för utvecklingskatalog
+config.repo_root_path=Rotsökväg för kodförråd
 config.lfs_root_path=LFS rotsökväg
 config.log_file_root_path=Sökväg för loggar
 config.script_type=Skripttyp
@@ -2169,7 +3123,7 @@ config.mail_notify=Aktivera e-postnotiser
 config.enable_captcha=Aktivera CAPTCHA
 config.active_code_lives=Livstid för aktiveringskoder
 config.default_keep_email_private=Dölj e-postadresser som standard
-config.default_allow_create_organization=Tillåt skapandet utav organisationer som standard
+config.default_allow_create_organization=Tillåt skapande av organisationer som standard
 config.enable_timetracking=Aktivera tidsredovisning
 config.default_enable_timetracking=Aktivera tidredovisning som standard
 config.default_allow_only_contributors_to_track_time=Låt endast bidragsgivare spåra tid
@@ -2187,7 +3141,7 @@ config.mailer_user=Användare
 config.mailer_use_sendmail=Använd Sendmail
 config.mailer_sendmail_path=Sökväg för sendmail
 config.mailer_sendmail_args=Extra argument till sendmail
-config.send_test_mail=Skicka testmejl
+config.send_test_mail=Skicka testmeddelande
 
 config.oauth_config=OAuth-konfiguration
 config.oauth_enabled=Aktiverad
@@ -2220,7 +3174,7 @@ config.git_gc_args=Skräpsamlarargument
 config.git_migrate_timeout=Migreringstimeout
 config.git_mirror_timeout=Tidsfrist för spegeluppdatering
 config.git_clone_timeout=Tidsfrist för kloning
-config.git_pull_timeout=Tidsfrist för pull
+config.git_pull_timeout=Tidsfrist för dragning
 config.git_gc_timeout=Tidsfrist för skräpsamling
 
 config.log_config=Loggkonfiguration
@@ -2264,13 +3218,13 @@ notices.op=Op.
 notices.delete_success=Systemnotifikationer har blivit raderade.
 users.2fa = 2FA
 users.reserved = Reserverad
-self_check.database_fix_mysql = För MySQL/MariaDB-användare så kan du använda kommandot ”forgejo doctor convert” för att åtgärda problemet med kollateringen, eller så du åtgärda det genom att manuellt använda SQL "ALTER ... COLLATE ...".
+self_check.database_fix_mysql = För MySQL/MariaDB-användare så kan du använda kommandot ”forgejo doctor convert” för att åtgärda problemet med kollateringen, eller så kan du åtgärda det genom att manuellt använda SQL "ALTER ... COLLATE ...".
 users.bot = Bott
 users.remote = Fjärråtkomst
-users.restricted.description = Tillåt endast interaktion med utvecklingskataloger och organisationer där den här användaren finns tillagd som medarbetare. Det förhindrar tillgång till allmänna utvecklingskataloger i den här instansen.
+users.restricted.description = Tillåt endast interaktion med kodförråd och organisationer där den här användaren finns tillagd som medarbetare. Det förhindrar tillgång till allmänna kodförråd i den här instansen.
 users.is_restricted = Begränsat konto
 self_check.database_inconsistent_collation_columns = Databasen använder kollateringen %s, men dessa kolumner använder felanpassade kollateringar. Det kan komma att orsaka oväntade problem.
-hooks = Webhooks
+hooks = webbkrokar
 integrations = Integrationer
 users.list_status_filter.menu_text = Filter
 packages.creator = Skapare
@@ -2292,6 +3246,187 @@ config.domain = Serverdomän
 config.lfs_config = LFS-konfiguration
 monitor.queue.settings.remove_all_items = Ta bort alla
 auths.tips.gmail_settings = Gmail-inställningar:
+self_check = Självkontroll
+identity_access = Identitet & åtkomst
+assets = Kodtillgångar
+emails = Användares e-post
+config_summary = Sammanfattning
+dashboard.new_version_hint = Forgejo %s är nu tillgänglig, du kör %s. Se <a target="_blank" rel="noreferrer" href="%s">bloggen</a> för mer detaljer.
+dashboard.task.started = Startade uppgift: %[1]s
+dashboard.task.process = Uppgift: %[1]s
+dashboard.task.cancelled = Uppgift: %[1]s avbruten: %[3]s
+dashboard.task.error = Fel i uppgift: %[1]s: %[3]s
+dashboard.task.finished = Uppgift: %[1]s startad av %[2]s har slutförts
+dashboard.task.unknown = Okänd uppgift: %[1]s
+dashboard.cron.started = Startade Cron: %[1]s
+dashboard.cron.process = Cron: %[1]s
+dashboard.cron.cancelled = Cron: %[1]s avbruten: %[3]s
+dashboard.cron.error = Fel i Cron: %s: %[3]s
+dashboard.cron.finished = Cron: %[1]s har slutförts
+dashboard.delete_inactive_accounts = Radera alla oaktiverade konton
+dashboard.delete_inactive_accounts.started = Uppgift att radera alla oaktiverade konton startad.
+dashboard.delete_repo_archives = Radera alla kodförrådsarkiv (ZIP, TAR.GZ, osv.)
+dashboard.delete_repo_archives.started = Uppgift att radera alla kodförrådsarkiv startad.
+dashboard.delete_missing_repos.started = Uppgift att radera alla kodförråd som saknar Git-filer startad.
+dashboard.sync_repo_branches = Synkronisera saknade grenar från Git-data till databas
+dashboard.sync_repo_tags = Synkronisera taggar från Git-data till databas
+dashboard.update_mirrors = Uppdatera speglar
+dashboard.repo_health_check = Hälsokontrollera alla kodförråd
+dashboard.check_repo_stats = Kontrollera all kodförrådsstatistik
+dashboard.archive_cleanup = Radera gamla kodförrådsarkiv
+dashboard.deleted_branches_cleanup = Städa raderade grenar
+dashboard.update_migration_poster_id = Uppdatera migrationsuppläggares ID:n
+dashboard.resync_all_sshkeys = Uppdatera filen ".ssh/authorized_keys" med Forgejo SSH-nycklar.
+dashboard.resync_all_sshprincipals = Uppdatera filen ".ssh/authorized_principals" med Forgejo SSH-certifikatnamn.
+dashboard.cleanup_hook_task_table = Städa hook_task-tabellen
+dashboard.cleanup_packages = Städa utgångna paket
+dashboard.cleanup_actions = Städa utgångna loggar och artefakter från actions
+dashboard.delete_old_actions = Radera alla gamla aktiviteter från databasen
+dashboard.delete_old_actions.started = Radering av alla gamla aktiviteter från databasen startad.
+dashboard.update_checker = Uppdateringskontroll
+dashboard.delete_old_system_notices = Radera alla gamla systemmeddelanden från databasen
+dashboard.gc_lfs = Skräpsamla LFS-metaobjekt
+dashboard.stop_zombie_tasks = Stoppa zombie actions-uppgifter
+dashboard.stop_endless_tasks = Stoppa oändliga actions-uppgifter
+dashboard.cancel_abandoned_jobs = Avbryt övergivna actions-jobb
+dashboard.start_schedule_tasks = Starta schemalagda actions-uppgifter
+dashboard.sync_branch.started = Grensynkronisering startad
+dashboard.sync_tag.started = Taggsynkronisering startad
+dashboard.rebuild_issue_indexer = Återuppbygg ärendeindexerare
+users.restricted = Begränsad
+users.new_success = Användarkontot "%s" har skapats.
+users.activated.description = Slutförande av e-postverifiering. Ägaren av ett oaktiverat konto kommer inte kunna logga in förrän e-postverifieringen är slutförd.
+users.block.description = Blockera denna användare från att interagera med denna tjänst genom deras konto och förbjud inloggning.
+users.admin.description = Ge denna användare full åtkomst till alla administrativa funktioner tillgängliga via webbgränssnittet och API:et.
+users.allow_git_hook_tooltip = Git-krokar körs som OS-användaren som kör Forgejo och kommer ha samma nivå av värdåtkomst. Som ett resultat kan användare med denna speciella Git-hook-behörighet komma åt och modifiera alla Forgejo-kodförråd samt databasen som används av Forgejo. Följaktligen kan de också få Forgejo-administratörsbehörigheter.
+users.local_import.description = Tillåt import av kodförråd från serverns lokala filsystem. Detta kan vara ett säkerhetsproblem.
+users.organization_creation.description = Tillåt skapande av nya organisationer.
+users.cannot_delete_self = Du kan inte radera dig själv
+users.purge = Rensa användare
+users.purge_help = Tvångsradera användare och alla kodförråd, organisationer och paket som ägs av användaren. Alla kommentarer och ärenden skapade av denna användare kommer också raderas.
+users.still_own_packages = Denna användare äger fortfarande ett eller flera paket, radera dessa paket först.
+users.reset_2fa = Återställ 2FA
+users.list_status_filter.reset = Återställ
+users.list_status_filter.not_active = Inaktiv
+users.list_status_filter.is_restricted = Begränsad
+users.list_status_filter.not_restricted = Ej begränsad
+users.list_status_filter.is_prohibit_login = Förbjud inloggning
+users.list_status_filter.is_2fa_enabled = 2FA aktiverad
+users.list_status_filter.not_2fa_enabled = 2FA inaktiverad
+emails.email_manage_panel = Hantera användares e-postadresser
+emails.not_updated = Det gick inte att uppdatera den begärda e-postadressen: %v
+emails.duplicate_active = Denna e-postadress är redan aktiv för en annan användare.
+emails.change_email_header = Uppdatera e-postegenskaper
+emails.change_email_text = Är du säker på att du vill uppdatera denna e-postadress?
+emails.delete = Radera e-postadress
+emails.delete_desc = Är du säker på att du vill radera denna e-postadress?
+emails.deletion_success = E-postadressen har raderats.
+emails.delete_primary_email_error = Du kan inte radera den primära e-postadressen.
+repos.unadopted = Oadopterade kodförråd
+repos.unadopted.no_more = Inga oadopterade kodförråd hittades.
+repos.lfs_size = LFS-storlek
+packages.total_size = Total storlek: %s
+packages.unreferenced_size = Orefererad storlek: %s
+packages.cleanup = Städa utgången data
+packages.cleanup.success = Städade utgången data framgångsrikt
+packages.published = Publicerad
+defaulthooks = Standardwebbkrokar
+defaulthooks.desc = Webbkrokar gör automatiskt HTTP POST-förfrågningar till en server när vissa Forgejo-händelser utlöses. Webbkrokar definierade här är standard och kopieras till alla nya kodförråd. Läs mer i <a target="_blank" rel="noopener" href="%s">webbkroksguiden</a>.
+defaulthooks.add_webhook = Lägg till standardwebbkrok
+defaulthooks.update_webhook = Uppdatera standardwebbkrok
+systemhooks.desc = Webbkrokar gör automatiskt HTTP POST-förfrågningar till en server när vissa Forgejo-händelser utlöses. Webbkrokar definierade här kommer påverka alla kodförråd i systemet, så tänk på eventuella prestandakonsekvenser. Läs mer i <a target="_blank" rel="noopener" href="%s">webbkroksguiden</a>.
+systemhooks.add_webhook = Lägg till systemwebbkrok
+systemhooks.update_webhook = Uppdatera systemwebbkrok
+auths.attribute_avatar = Avatarattribut
+auths.default_domain_name = Standarddomännamn som används för e-postadress
+auths.allow_deactivate_all = Tillåt att ett tomt sökresultat inaktiverar alla användare
+auths.restricted_filter = Begränsningsfilter
+auths.restricted_filter_helper = Lämna tomt för att inte sätta några användare som begränsade. Använd en asterisk ("*") för att sätta alla användare som inte matchar adminfiltret som begränsade.
+auths.verify_group_membership = Verifiera gruppmedlemskap i LDAP (lämna filtret tomt för att hoppa över)
+auths.group_search_base = Gruppsökbas-DN
+auths.group_attribute_list_users = Gruppattribut som innehåller lista med användare
+auths.user_attribute_in_group = Användarattribut listat i grupp
+auths.map_group_to_team = Mappa LDAP-grupper till organisationsteam (lämna fältet tomt för att hoppa över)
+auths.map_group_to_team_removal = Ta bort användare från synkroniserade team om användaren inte tillhör motsvarande LDAP-grupp
+auths.enable_ldap_groups = Aktivera LDAP-grupper
+auths.force_smtps_helper = SMTPS används alltid på port 465. Ställ in detta för att tvinga SMTPS på andra portar. (Annars används STARTTLS på andra portar om det stöds av värden.)
+auths.helo_hostname = HELO-värdnamn
+auths.helo_hostname_helper = Värdnamn som skickas med HELO. Lämna tomt för att skicka nuvarande värdnamn.
+auths.disable_helo = Inaktivera HELO
+auths.pam_email_domain = PAM e-postdomän (valfritt)
+auths.skip_local_two_fa = Hoppa över lokal 2FA
+auths.skip_local_two_fa_helper = Att lämna det omarkerat innebär att lokala användare med 2FA aktiverat fortfarande måste klara 2FA för att logga in
+auths.oauth2_tenant = Klient
+auths.oauth2_scopes = Ytterligare scopes
+auths.oauth2_required_claim_name = Obligatoriskt claim-namn
+auths.oauth2_required_claim_name_helper = Ange detta namn för att begränsa inloggning från denna källa till användare med ett claim med detta namn
+auths.oauth2_required_claim_value = Obligatoriskt claim-värde
+auths.oauth2_required_claim_value_helper = Ange detta värde för att begränsa inloggning från denna källa till användare med ett claim med detta namn och värde
+auths.oauth2_group_claim_name = Claim-namn som ger gruppnamn för denna källa. (Valfritt)
+auths.oauth2_admin_group = Grupp-claim-värde för administratörsanvändare. (Valfritt - kräver claim-namn ovan)
+auths.oauth2_restricted_group = Grupp-claim-värde för begränsade användare. (Valfritt - kräver claim-namn ovan)
+auths.oauth2_map_group_to_team = Mappa claimade grupper till organisationsteam. (Valfritt - kräver claim-namn ovan)
+auths.oauth2_map_group_to_team_removal = Ta bort användare från synkroniserade team om användaren inte tillhör motsvarande grupp.
+auths.tips.oauth2.general.tip = När du registrerar en ny OAuth2-autentisering bör callback/omdirigerings-URL:en vara:
+auths.tip.nextcloud = Registrera en ny OAuth-konsument på din instans via menyn "Inställningar -> Säkerhet -> OAuth 2.0-klient"
+auths.tip.gitlab_new = Registrera en ny applikation på %s
+auths.tip.gitea = Registrera en ny OAuth2-applikation. Guide finns på %s
+auths.tip.yandex = Skapa en ny applikation på %s. Välj följande behörigheter från "Yandex.Passport API"-sektionen: "Åtkomst till e-postadress", "Åtkomst till användaravatar" och "Åtkomst till användarnamn, förnamn och efternamn, kön"
+auths.tip.mastodon = Ange en anpassad instans-URL för Mastodon-instansen du vill autentisera med (eller använd standardinstansen)
+auths.new_success = Autentiseringen "%s" har lagts till.
+auths.login_source_exist = Autentiseringskällan "%s" finns redan.
+auths.unable_to_initialize_openid = Det gick inte att initiera OpenID Connect-leverantör: %s
+auths.invalid_openIdConnectAutoDiscoveryURL = Ogiltig Auto Discovery-URL (detta måste vara en giltig URL som börjar med http:// eller https://)
+config.app_slogan = Instansslogan
+config.custom_file_root_path = Anpassad filrotsökväg
+config.app_data_path = Sökväg för appdata
+config.ssh_domain = SSH-serverdomän
+config.lfs_content_path = Sökväg för LFS-innehåll
+config.lfs_http_auth_expiry = Utgångstid för LFS HTTP-autentisering
+config.allow_only_internal_registration = Tillåt registrering endast genom Forgejo
+config.allow_only_external_registration = Tillåt registrering endast genom externa tjänster
+config.reset_password_code_lives = Utgångstid för återställningskod
+config.allow_dots_in_usernames = Tillåt användare att använda punkter i sina användarnamn. Påverkar inte befintliga konton.
+config.default_visibility_organization = Standardsynlighet för nya organisationer
+config.default_enable_dependencies = Aktivera ärendeberoenden som standard
+config.mailer_config = E-postkonfiguration
+config.mailer_enable_helo = Aktivera HELO
+config.mailer_smtp_addr = SMTP-värd
+config.mailer_sendmail_timeout = Sendmail-tidsgräns
+config.mailer_use_dummy = Dummy
+config.test_email_placeholder = E-post (t.ex. test@example.com)
+config.test_mail_failed = Det gick inte att skicka testmeddelande till "%s": %v
+config.test_mail_sent = Ett testmeddelande har skickats till "%s".
+config.cache_item_ttl = Cache-objekts TTL
+config.cache_test = Testa cache
+config.cache_test_failed = Det gick inte att testa cachen: %v.
+config.cache_test_slow = Cachetest lyckades, men svaret är långsamt: %s.
+config.cache_test_succeeded = Cachetest lyckades, fick svar på %s.
+config.open_with_editor_app_help = "Öppna med"-redigerare för klonmenyn. Om det lämnas tomt används standardvärdet. Expandera för att se standardvärdet.
+config.logger_name_fmt = Loggare: %s
+config.access_log_template = Åtkomstloggmall
+config.set_setting_failed = Det gick inte att sätta inställning %s
+monitor.stacktrace = Stackspårning
+monitor.processes_count = %d processer
+monitor.download_diagnosis_report = Ladda ner diagnosrapport
+monitor.duration = Varaktighet (s)
+monitor.process.cancel = Avbryt process
+monitor.process.cancel_desc = Att avbryta en process kan orsaka dataförlust
+monitor.process.cancel_notices = Avbryt: <strong>%s</strong>?
+monitor.queue.exemplar = Exempeltyp
+monitor.queue.activeworkers = Aktiva arbetare
+monitor.queue.numberinqueue = Antal i kö
+monitor.queue.review_add = Granska / lägg till arbetare
+monitor.queue.settings.title = Poolinställningar
+monitor.queue.settings.desc = Pooler växer dynamiskt som svar på att deras arbetarkö blockeras.
+monitor.queue.settings.maxnumberworkers = Max antal arbetare
+monitor.queue.settings.maxnumberworkers.placeholder = För närvarande %[1]d
+monitor.queue.settings.maxnumberworkers.error = Max antal arbetare måste vara ett tal
+monitor.queue.settings.remove_all_items_done = Alla objekt i kön har tagits bort.
+notices.operations = Åtgärder
+self_check.no_problem_found = Inga problem hittades ännu.
+self_check.database_collation_mismatch = Förväntar att databasen använder kollatering: %s
+self_check.database_collation_case_insensitive = Databasen använder kollateringen %s, som är en skiftlägesokänslig kollatering. Även om Forgejo kan fungera med den, kan det finnas sällsynta fall som inte fungerar som förväntat.
 
 
 [action]
@@ -2299,7 +3434,7 @@ create_repo=skapade utvecklingskatalog <a href="%s"> %s</a>
 rename_repo=döpte om utvecklingskalatogen från <code>%[1]s</code> till <a href="%[2]s">%[3]s</a>
 transfer_repo=överförde utvecklingskalatogen <code>%s</code> till <a href="%s">%s</a>
 delete_tag=tog bort taggen %[2]s från <a href="%[1]s">%[3]s</a>
-delete_branch=tog bort branchen <code>%[2]s</code> from <a href="%[1]s">%[3]s</a>
+delete_branch=tog bort grenen <code>%[2]s</code> från <a href="%[1]s">%[3]s</a>
 compare_branch=Jämför
 compare_commits=Jämför %d commits
 compare_commits_general=Jämför commits
@@ -2309,6 +3444,23 @@ create_branch = skapade grenen <a href="%[2]s">%[3]s</a> i <a href="%[1]s">%[4]s
 starred_repo = stjärnmärkte <a href="%[1]s">%[2]s</a>
 watched_repo = började följa <a href="%[1]s">%[2]s</a>
 review_dismissed_reason = Orsak:
+commit_repo = skickade till <a href="%[2]s">%[3]s</a> i <a href="%[1]s">%[4]s</a>
+create_issue = `öppnade ärende <a href="%[1]s">%[3]s#%[2]s</a>`
+close_issue = `stängde ärende <a href="%[1]s">%[3]s#%[2]s</a>`
+reopen_issue = `återöppnade ärende <a href="%[1]s">%[3]s#%[2]s</a>`
+create_pull_request = `skapade ändringsförfrågan <a href="%[1]s">%[3]s#%[2]s</a>`
+close_pull_request = `stängde ändringsförfrågan <a href="%[1]s">%[3]s#%[2]s</a>`
+reopen_pull_request = `återöppnade ändringsförfrågan <a href="%[1]s">%[3]s#%[2]s</a>`
+comment_issue = `kommenterade på ärende <a href="%[1]s">%[3]s#%[2]s</a>`
+comment_pull = `kommenterade på ändringsförfrågan <a href="%[1]s">%[3]s#%[2]s</a>`
+merge_pull_request = `sammanfogade ändringsförfrågan <a href="%[1]s">%[3]s#%[2]s</a>`
+auto_merge_pull_request = `sammanfogade automatiskt ändringsförfrågan <a href="%[1]s">%[3]s#%[2]s</a>`
+push_tag = skickade tagg <a href="%[2]s">%[3]s</a> till <a href="%[1]s">%[4]s</a>
+mirror_sync_push = synkade incheckningar till <a href="%[2]s">%[3]s</a> i <a href="%[1]s">%[4]s</a> från spegel
+mirror_sync_create = synkade ny referens <a href="%[2]s">%[3]s</a> till <a href="%[1]s">%[4]s</a> från spegel
+reject_pull_request = `föreslog ändringar för <a href="%[1]s">%[3]s#%[2]s</a>`
+publish_release = `släppte <a href="%[2]s">%[4]s</a> i <a href="%[1]s">%[3]s</a>`
+review_dismissed = `avfärdade granskning från <b>%[4]s</b> för <a href="%[1]s">%[3]s#%[2]s</a>`
 
 [tool]
 now=nu
@@ -2348,21 +3500,23 @@ mark_as_unread=Markera som oläst
 mark_all_as_read=Markera alla som lästa
 subscriptions = Prenumerationer
 no_subscriptions = Inga prenumerationer
+watching = Watching
 
 [gpg]
 default_key=Signerad med standard nyckeln
 error.extract_sign=Det gick inte att extrahera signatur
 error.generate_hash=Misslyckades att generera hashsumma av commiten
 error.no_committer_account=Inget konto är kopplat till bidragsgivarens mejladress
-error.no_gpg_keys_found=Ingen känd nyckel hittad för denna signaturen i databasen
-error.not_signed_commit=Inte en signerad commit
+error.no_gpg_keys_found=Ingen känd nyckel hittad för denna signatur i databasen
+error.not_signed_commit=Inte en signerad incheckning
 error.failed_retrieval_gpg_keys=Det gick inte att hämta någon nyckel kopplad till bidragsgivarens konto
-error.probable_bad_signature=VARNING! Även om det finns en nyckel med detta ID i databasen så verifierar det inte committen! Denna commit är MISSTÄNKT.
-error.probable_bad_default_signature=VARNING! Även om standard-nyckeln har detta ID så verifierar det inte committen! Denna commit är MISSTÄNKT.
+error.probable_bad_signature=VARNING! Även om det finns en nyckel med detta ID i databasen så verifierar det inte incheckningen! Denna incheckning är MISSTÄNKT.
+error.probable_bad_default_signature=VARNING! Även om standardnyckeln har detta ID så verifierar det inte incheckningen! Denna incheckning är MISSTÄNKT.
 
 [units]
 error.no_unit_allowed_repo=Du tillåts inte åtkomst till någon del av denna utvecklingskatalog.
 error.unit_not_allowed=Du har inte åtkomst till denna del av utvecklingskatalogen.
+unit = Enhet
 
 [packages]
 filter.type=Typ
@@ -2402,12 +3556,160 @@ container.details.type = Bildtyp
 container.layers = Bildlager
 pypi.requires = Kräver Python
 settings.delete = Ta bort paket
+empty = Det finns inga paket ännu.
+empty.documentation = För mer information om paketregistret, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
+empty.repo = Laddade du upp ett paket men det visas inte här? Gå till <a href="%[1]s">paketinställningar</a> och länka det till detta kodförråd.
+registry.documentation = För mer information om %s-registret, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
+filter.no_result = Ditt filter gav inga resultat.
+filter.container.tagged = Taggad
+filter.container.untagged = Otaggad
+published_by = Publicerad %[1]s av <a href="%[2]s">%[3]s</a>
+published_by_in = Publicerad %[1]s av <a href="%[2]s">%[3]s</a> i <a href="%[4]s"><strong>%[5]s</strong></a>
+about = Om detta paket
+keywords = Nyckelord
+details.author = Författare
+details.project_site = Projektwebbplats
+details.repository_site = Kodförrådswebbplats
+details.documentation_site = Dokumentationswebbplats
+assets = Assets
+search_in_external_registry = Sök i %s
+alpine.registry = Konfigurera detta register genom att lägga till URL:en i din <code>/etc/apk/repositories</code>-fil:
+alpine.registry.key = Ladda ner registrets offentliga RSA-nyckel till <code>/etc/apk/keys/</code>-mappen för att verifiera indexsignaturen:
+alpine.registry.info = Välj $gren och $kodförråd från listan nedan.
+alpine.install = För att installera paketet, kör följande kommando:
+alpine.repository = Kodförrådsinfo
+arch.pacman.helper.gpg = Lägg till förtroendecertifikat för pacman:
+arch.pacman.repo.multi = %s har samma version i olika distributioner.
+arch.pacman.repo.multi.item = Konfiguration för %s
+arch.pacman.conf = Lägg till server med relaterad distribution och arkitektur till <code>/etc/pacman.conf</code>:
+arch.pacman.sync = Synkronisera paket med pacman:
+arch.version.properties = Versionsegenskaper
+arch.version.provides = Tillhandahåller
+arch.version.depends = Beroenden
+arch.version.optdepends = Valfria beroenden
+arch.version.makedepends = Byggberoenden
+arch.version.checkdepends = Kontrollberoenden
+arch.version.backup = Säkerhetskopia
+cargo.registry = Konfigurera detta register i Cargo-konfigurationsfilen (till exempel <code>~/.cargo/config.toml</code>):
+cargo.install = För att installera paketet med Cargo, kör följande kommando:
+chef.registry = Konfigurera detta register i din <code>~/.chef/config.rb</code>-fil:
+chef.install = För att installera paketet, kör följande kommando:
+composer.registry = Konfigurera detta register i din <code>~/.composer/config.json</code>-fil:
+composer.install = För att installera paketet med Composer, kör följande kommando:
+composer.dependencies.development = Utvecklingsberoenden
+conan.registry = Konfigurera detta register från kommandoraden:
+conan.install = För att installera paketet med Conan, kör följande kommando:
+conda.registry = Konfigurera detta register som ett Conda-kodförråd i din <code>.condarc</code>-fil:
+conda.install = För att installera paketet med Conda, kör följande kommando:
+container.pull = Hämta bilden från kommandoraden:
+container.digest = Digest
+container.multi_arch = OS / Arch
+cran.registry = Konfigurera detta register i din <code>Rprofile.site</code>-fil:
+cran.install = För att installera paketet, kör följande kommando:
+debian.registry = Konfigurera detta register från kommandoraden:
+debian.registry.info = Välj $distribution och $component från listan nedan.
+debian.install = För att installera paketet, kör följande kommando:
+debian.repository = Kodförrådsinfo
+debian.repository.distributions = Distributioner
+generic.download = Ladda ner paket från kommandoraden:
+go.install = Installera paketet från kommandoraden:
+helm.registry = Konfigurera detta register från kommandoraden:
+helm.install = För att installera paketet, kör följande kommando:
+maven.registry = Konfigurera detta register i ditt projekts <code>pom.xml</code>-fil:
+maven.install = För att använda paketet, inkludera följande i <code>dependencies</code>-blocket i <code>pom.xml</code>-filen:
+maven.install2 = Kör via kommandoraden:
+maven.download = För att ladda ner beroendet, kör via kommandoraden:
+nuget.registry = Konfigurera detta register från kommandoraden:
+nuget.install = För att installera paketet med NuGet, kör följande kommando:
+nuget.dependency.framework = Målramverk
+npm.registry = Konfigurera detta register i ditt projekts <code>.npmrc</code>-fil:
+npm.install = För att installera paketet med npm, kör följande kommando:
+npm.install2 = eller lägg till det i package.json-filen:
+npm.dependencies.development = Utvecklingsberoenden
+npm.dependencies.bundle = Buntade beroenden
+npm.dependencies.peer = Peer-beroenden
+npm.dependencies.optional = Valfria beroenden
+pub.install = För att installera paketet med Dart, kör följande kommando:
+pypi.install = För att installera paketet med pip, kör följande kommando:
+rpm.registry = Konfigurera detta register från kommandoraden:
+rpm.distros.redhat = på RedHat-baserade distributioner
+rpm.distros.suse = på SUSE-baserade distributioner
+rpm.install = För att installera paketet, kör följande kommando:
+rpm.repository = Kodförrådsinfo
+rpm.repository.multiple_groups = Detta paket är tillgängligt i flera grupper.
+alt.registry = Konfigurera detta register från kommandoraden:
+alt.registry.install = För att installera paketet, kör följande kommando:
+alt.install = Installera paket
+alt.setup = Lägg till ett kodförråd i listan över anslutna kodförråd (välj nödvändig arkitektur istället för "_arch_"):
+alt.repository = Kodförrådsinfo
+alt.repository.multiple_groups = Detta paket är tillgängligt i flera grupper.
+rubygems.install = För att installera paketet med gem, kör följande kommando:
+rubygems.install2 = eller lägg till det i Gemfile:
+rubygems.dependencies.runtime = Körtidsberoenden
+rubygems.dependencies.development = Utvecklingsberoenden
+rubygems.required.ruby = Kräver Ruby-version
+rubygems.required.rubygems = Kräver RubyGem-version
+swift.registry = Konfigurera detta register från kommandoraden:
+swift.install = Lägg till paketet i din <code>Package.swift</code>-fil:
+swift.install2 = och kör följande kommando:
+vagrant.install = För att lägga till en Vagrant-box, kör följande kommando:
+settings.link = Länka detta paket till ett kodförråd
+settings.link.description = Om du länkar ett paket med ett kodförråd, listas paketet i kodförrådets paketlista.
+settings.link.select = Välj kodförråd
+settings.link.button = Uppdatera kodförrådslänk
+settings.link.success = Kodförrådslänken uppdaterades framgångsrikt.
+settings.link.error = Misslyckades med att uppdatera kodförrådslänken.
+settings.delete.description = Borttagning av ett paket är permanent och kan inte ångras.
+settings.delete.notice = Du är på väg att ta bort %s (%s). Denna åtgärd är oåterkallelig, är du säker?
+settings.delete.success = Paketet har tagits bort.
+settings.delete.error = Misslyckades med att ta bort paketet.
+owner.settings.cargo.title = Cargo-registerindex
+owner.settings.cargo.initialize = Initiera index
+owner.settings.cargo.initialize.description = En särskild index-Git-kodförråd behövs för att använda Cargo-registret. Att använda detta alternativ kommer att (åter)skapa kodförrådet och konfigurera den automatiskt.
+owner.settings.cargo.initialize.error = Misslyckades med att initiera Cargo-index: %v
+owner.settings.cargo.initialize.success = Cargo-indexet skapades framgångsrikt.
+owner.settings.cargo.rebuild = Bygg om index
+owner.settings.cargo.rebuild.description = Ombyggnad kan vara användbart om indexet inte är synkroniserat med de lagrade Cargo-paketen.
+owner.settings.cargo.rebuild.error = Misslyckades med att bygga om Cargo-index: %v
+owner.settings.cargo.rebuild.success = Cargo-indexet byggdes om framgångsrikt.
+owner.settings.cargo.rebuild.no_index = Det går inte att bygga om, inget index är initierat.
+owner.settings.cleanuprules.title = Städregler
+owner.settings.cleanuprules.add = Lägg till städregel
+owner.settings.cleanuprules.edit = Redigera städregel
+owner.settings.cleanuprules.none = Det finns inga städregler ännu.
+owner.settings.cleanuprules.preview = Förhandsgranskning av städregel
+owner.settings.cleanuprules.preview.overview = %d paket är planerade att tas bort.
+owner.settings.cleanuprules.preview.none = Städregeln matchar inga paket.
+owner.settings.cleanuprules.pattern_full_match = Tillämpa mönster på fullständigt paketnamn
+owner.settings.cleanuprules.keep.title = Versioner som matchar dessa regler behålls, även om de matchar en borttagningsregel nedan.
+owner.settings.cleanuprules.keep.count = Behåll de senaste
+owner.settings.cleanuprules.keep.count.1 = 1 version per paket
+owner.settings.cleanuprules.keep.count.n = %d versioner per paket
+owner.settings.cleanuprules.keep.pattern = Behåll versioner som matchar
+owner.settings.cleanuprules.keep.pattern.container = Versionen <code>latest</code> behålls alltid för Container-paket.
+owner.settings.cleanuprules.remove.title = Versioner som matchar dessa regler tas bort, om inte en regel ovan säger att de ska behållas.
+owner.settings.cleanuprules.remove.days = Ta bort versioner äldre än
+owner.settings.cleanuprules.remove.pattern = Ta bort versioner som matchar
+owner.settings.cleanuprules.success.update = Städregeln har uppdaterats.
+owner.settings.cleanuprules.success.delete = Städregeln har tagits bort.
+owner.settings.chef.title = Chef-register
+owner.settings.chef.keypair = Generera nyckelpar
+owner.settings.chef.keypair.description = Förfrågningar som skickas till Chef-registret måste vara kryptografiskt signerade som en autentiseringsmetod. När ett nyckelpar genereras lagras endast den offentliga nyckeln på Forgejo. Den privata nyckeln tillhandahålls till dig för användning med knife. Att generera ett nytt nyckelpar kommer att skriva över det tidigare.
 
 [secrets]
 secrets = Hemligheter
 creation = Lägg till hemlighet
 deletion = Ta bort hemlighet
 management = Hantera hemligheter
+description = Hemligheter skickas till vissa actions och kan inte läsas annars.
+none = Det finns inga hemligheter ännu.
+creation.name_placeholder = skiftlägesokänslig, endast alfanumeriska tecken eller understreck, kan inte börja med GITEA_ eller GITHUB_
+creation.value_placeholder = Ange valfritt innehåll. Blanksteg i början och slutet utelämnas.
+creation.success = Hemligheten "%s" har lagts till.
+creation.failed = Misslyckades med att lägga till hemlighet.
+deletion.description = Borttagning av en hemlighet är permanent och kan inte ångras. Vill du fortsätta?
+deletion.success = Hemligheten har tagits bort.
+deletion.failed = Misslyckades med att ta bort hemlighet.
 
 [actions]
 runners.name=Namn
@@ -2435,30 +3737,105 @@ variables.management = Hantera variabler
 variables.creation = Lägg till variabel
 variables.deletion = Ta bort variabel
 variables.edit = Redigera variabel
+actions = Actions
+status.running = Körs
+status.success = Lyckad
+status.failure = Misslyckad
+status.cancelled = Avbruten
+status.skipped = Överhoppad
+status.blocked = Blockerad
+runners = Körare
+runners.runner_manage_panel = Hantera körare
+runners.new = Skapa ny körare
+runners.new_notice = Hur man startar en körare
+runners.last_online = Senast online
+runners.runner_title = Körare
+runners.task_list = Senaste uppgifter på denna körare
+runners.task_list.no_tasks = Det finns ingen uppgift ännu.
+runners.task_list.done_at = Klar
+runners.edit_runner = Redigera körare
+runners.update_runner_success = Körare uppdaterad framgångsrikt
+runners.update_runner_failed = Misslyckades med att uppdatera körare
+runners.delete_runner = Ta bort denna körare
+runners.delete_runner_success = Körare borttagen framgångsrikt
+runners.delete_runner_failed = Misslyckades med att ta bort körare
+runners.delete_runner_header = Bekräfta för att ta bort denna körare
+runners.delete_runner_notice = Om en uppgift körs på denna körare kommer den att avbrytas och markeras som misslyckad. Det kan bryta byggarbetsflödet.
+runners.none = Inga körare tillgängliga
+runners.status.idle = Inaktiv
+runners.reset_registration_token = Återställ registreringstoken
+runners.reset_registration_token_success = Körarens registreringstoken återställd framgångsrikt
+runs.all_workflows = Alla arbetsflöden
+runs.scheduled = Schemalagd
+runs.pushed_by = skickad av
+runs.workflow = Arbetsflöde
+runs.invalid_workflow_helper = Arbetsflödets konfigurationsfil är ogiltig. Kontrollera din konfigurationsfil: %s
+runs.no_matching_online_runner_helper = Ingen matchande körare online med etikett: %s
+runs.no_job_without_needs = Arbetsflödet måste innehålla minst ett jobb utan beroenden.
+runs.no_job = Arbetsflödet måste innehålla minst ett jobb
+runs.actor = Aktör
+runs.actors_no_select = Alla aktörer
+runs.status_no_select = Alla statusar
+runs.no_results = Inga resultat matchade.
+runs.no_workflows = Det finns inga arbetsflöden ännu.
+runs.no_workflows.help_write_access = Vet du inte hur du kommer igång med Forgejo Actions? Se <a target="_blank" rel="noopener noreferrer" href="%s">snabbstarten i användardokumentationen</a> för att skriva ditt första arbetsflöde, sedan <a target="_blank" rel="noopener noreferrer" href="%s">konfigurera en Forgejo-körare</a> för att köra dina jobb.
+runs.no_workflows.help_no_write_access = För att lära dig om Forgejo Actions, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
+runs.no_runs = Arbetsflödet har inga körningar ännu.
+runs.empty_commit_message = (tomt incheckningsmeddelande)
+runs.expire_log_message = Loggar har rensats eftersom de var för gamla.
+workflow.disable = Inaktivera arbetsflöde
+workflow.disable_success = Arbetsflödet "%s" inaktiverat framgångsrikt.
+workflow.enable = Aktivera arbetsflöde
+workflow.enable_success = Arbetsflödet "%s" aktiverat framgångsrikt.
+workflow.disabled = Arbetsflödet är inaktiverat.
+workflow.dispatch.trigger_found = Detta arbetsflöde har en <c>workflow_dispatch</c>-händelseutlösare.
+workflow.dispatch.use_from = Använd arbetsflöde från
+workflow.dispatch.run = Kör arbetsflöde
+workflow.dispatch.success = Arbetsflödeskörning begärdes framgångsrikt.
+workflow.dispatch.input_required = Värde krävs för indata "%s".
+workflow.dispatch.invalid_input_type = Ogiltig indatatyp "%s".
+workflow.dispatch.warn_input_limit = Visar endast de första %d indatafälten.
+need_approval_desc = Godkännande krävs för att köra arbetsflöden för ändringsförfrågningar från förgreningar.
+variables.none = Det finns inga variabler ännu.
+variables.deletion.description = Borttagning av en variabel är permanent och kan inte ångras. Vill du fortsätta?
+variables.description = Variabler skickas till vissa actions och kan inte läsas annars.
+variables.not_found = Misslyckades med att hitta variabeln.
+variables.deletion.failed = Misslyckades med att ta bort variabel.
+variables.deletion.success = Variabeln har tagits bort.
+variables.creation.failed = Misslyckades med att lägga till variabel.
+variables.creation.success = Variabeln "%s" har lagts till.
+variables.update.failed = Misslyckades med att redigera variabel.
+variables.update.success = Variabeln har redigerats.
 
 
 
 
 [projects]
 type-1.display_name = Individuellt projekt
+deleted.display_name = Borttaget projekt
+type-2.display_name = Kodförrådsprojekt
+type-3.display_name = Organisationsprojekt
 
 [git.filemode]
 symbolic_link=Symbolisk länk
 submodule = Submodul
 normal_file = Normal fil
+changed_filemode = %[1]s → %[2]s
+directory = Katalog
+executable_file = Körbar fil
 
 
 
 [search]
 exact = Exakt
 exact_tooltip = Inkludera bara resultat som exakt matchar söktermen
-repo_kind = Sök repon…
+repo_kind = Sök kodförråd…
 user_kind = Sök användare…
 code_kind = Sök kod…
 package_kind = Sök paket…
-runner_kind = Sök exekutorer…
+runner_kind = Sök körare…
 branch_kind = Sök grenar…
-commit_kind = Sök commiter…
+commit_kind = Sök incheckningar…
 project_kind = Sök projekt…
 search = Sök…
 type_tooltip = Söktyp
@@ -2466,15 +3843,15 @@ team_kind = Sök team…
 org_kind = Sök organisationer…
 issue_kind = Sök ärenden…
 regexp_tooltip = Tolka söktermen som ett reguljärt uttryck
-code_search_unavailable = Kodsökning är för närvarande inte tillgängligt. Vänligen kontakta webbplatsadministratören.
+code_search_unavailable = Kodsökning är för närvarande inte tillgänglig. Vänligen kontakta webbplatsadministratören.
 fuzzy_tooltip = Inkludera resultat som är närliggande till söktermen
 no_results = Inga matchande resultat hittades.
 fuzzy = Ungefärlig
-union = Nyckelord
+union = Union
 union_tooltip = Inkludera resultat som matchar något av de med mellanslag separerade sökorden
-pull_kind = Sök ändringsförslag…
+pull_kind = Sök ändringsförfrågan…
 regexp = RegExp
-keyword_search_unavailable = Sökning på nyckelord är för närvarande inte tillgängligt. Vänligen kontakta webbplatsadministratören.
+keyword_search_unavailable = Sökning på nyckelord är för närvarande inte tillgänglig. Vänligen kontakta webbplatsadministratören.
 
 
 [translation_meta]
@@ -2487,4 +3864,29 @@ mib = MiB
 gib = GiB
 tib = TiB
 pib = PiB
-eib = EiB
\ No newline at end of file
+eib = EiB
+
+[repo.permissions]
+code.read = <b>Läs:</b> Åtkomst och klona koden i kodförrådet.
+code.write = <b>Skriv:</b> Skicka till kodförrådet, skapa grenar och taggar.
+issues.read = <b>Läs:</b> Läs och skapa ärenden och kommentarer.
+issues.write = <b>Skriv:</b> Stäng ärenden och hantera metadata som etiketter, milstolpar, tilldelade, förfallodatum och beroenden.
+pulls.read = <b>Läs:</b> Läs och skapa ändringsförfrågan.
+pulls.write = <b>Skriv:</b> Stäng ändringsförfrågan och hantera metadata som etiketter, milstolpar, tilldelade, förfallodatum och beroenden.
+releases.read = <b>Läs:</b> Visa och ladda ner releaser.
+releases.write = <b>Skriv:</b> Publicera, redigera och ta bort utgåvor och deras resurser.
+wiki.read = <b>Läs:</b> Läs den integrerade wikin och dess historik.
+wiki.write = <b>Skriv:</b> Skapa, uppdatera och ta bort sidor i den integrerade wikin.
+projects.read = <b>Läs:</b> Åtkomst till kodförrådets projekttavlor.
+projects.write = <b>Skriv:</b> Skapa projekt och kolumner och redigera dem.
+packages.read = <b>Läs:</b> Visa och ladda ner paket tilldelade till kodförrådet.
+packages.write = <b>Skriv:</b> Publicera och ta bort paket tilldelade till kodförrådet.
+actions.read = <b>Läs:</b> Visa arbetsflödeskörningar och deras loggar.
+actions.write = <b>Skriv:</b> Starta, starta om, och avbryt arbetsflöden. Hantera förtroendedelegering till ändringsförfrågan-skapare.
+ext_issues = Åtkomst till länken till ett externt ärendehanteringssystem. Behörigheterna hanteras externt.
+ext_wiki = Åtkomst till länken till en extern wiki. Behörigheterna hanteras externt.
+
+[markup]
+filepreview.line = Rad %[1]d i %[2]s
+filepreview.lines = Rad %[1]d till %[2]d i %[3]s
+filepreview.truncated = Förhandsgranskningen har avkortats
\ No newline at end of file
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 2934f324bd..a0402fd46a 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -321,7 +321,7 @@ invalid_log_root_path=Неприпустимий шлях до журналів:
 default_keep_email_private=Приховати адреси електронної пошти за замовчуванням
 default_keep_email_private.description=За замовчуванням приховати адреси електронної пошти нових облікових записів, щоб ця інформація не «витікала» одразу після реєстрації.
 default_allow_create_organization=Дозволити створення організацій за замовчуванням
-default_allow_create_organization.description=Дозволити новим користувачам створювати організації за замовчуванням. Якщо цю опцію вимкнено, дозвіл на створення організацій новим користувачам надає адміністратор.
+default_allow_create_organization.description=Дозволити новим користувачам створювати організації за замовчуванням. Якщо цю опцію вимкнено, дозвіл на створення організацій новим користувачам надає адміністрація.
 default_enable_timetracking=Увімкнути відстеження часу за замовчуванням
 default_enable_timetracking.description=Дозволити використання функції відстеження часу для нових репозиторіїв за замовчуванням.
 no_reply_address=Прихований поштовий домен
@@ -378,7 +378,7 @@ go_to = Перейти до
 
 [auth]
 create_new_account=Реєстрація облікового запису
-disable_register_prompt=Вибачте, можливість реєстрації відключена. Будь ласка, зв'яжіться з адміністратором сайту.
+disable_register_prompt=Вибачте, можливість реєстрації відключена. Будь ласка, зверніться до адміністрації сайту.
 disable_register_mail=Підтвердження реєстрації електронною поштою вимкнено.
 remember_me=Запам'ятати цей пристрій
 forgot_password_title=Забули пароль
@@ -417,7 +417,7 @@ openid_connect_title=Підключитися до існуючого облік
 openid_connect_desc=Вибраний OpenID URI невідомий. Пов’яжіть його з новим обліковим записом тут.
 openid_register_title=Створити новий обліковий запис
 openid_register_desc=Вибраний OpenID URI невідомий. Пов’яжіть його з новим обліковим записом тут.
-disable_forgot_password_mail=Відновлення облікового запису вимкнено, оскільки не налаштована електронна пошта. Будь ласка, зв'яжіться з адміністратором сайту.
+disable_forgot_password_mail=Відновлення облікового запису вимкнено, оскільки не налаштована електронна пошта. Будь ласка, зверніться до адміністрації сайту.
 disable_forgot_password_mail_admin=Відновлення облікового запису доступне лише після налаштування електронної пошти. Будь ласка, налаштуйте ел. пошту для відновлення облікового запису.
 email_domain_blacklisted=З вказаним email реєстрація неможлива.
 authorize_application=Авторизувати програму
@@ -433,8 +433,8 @@ change_unconfirmed_email = Якщо під час реєстрації ви вк
 last_admin = Ви не можете видалити останнього адміністратора. Має бути хоча б один адміністратор.
 oauth.signin.error.access_denied = Запит на авторизацію було відхилено.
 change_unconfirmed_email_error = Не вдалося змінити електронну адресу: %v
-manual_activation_only = Зв'яжіться з адміністратором сайту, аби завершити активацію.
-prohibit_login_desc = Взаємодію вашого облікового запису з екземпляром призупинено. Зв’яжіться з адміністратором екземпляра, щоб відновити доступ.
+manual_activation_only = Аби завершити активацію, зверніться до адміністрації сайту.
+prohibit_login_desc = Взаємодію вашого облікового запису з екземпляром призупинено. Зверніться до адміністрації екземпляра, щоб відновити доступ.
 invalid_code_forgot_password = Ваш код підтвердження недійсний. Натисніть <a href="%s">тут</a>, аби почати нову сесію.
 reset_password_wrong_user = Ви ввійшли як %s, але посилання на відновлення було передбачене для %s
 back_to_sign_in = Назад до входу
@@ -447,7 +447,7 @@ sign_up_button = Зареєструватися.
 sign_up_successful = Обліковий запис успішно створений. Вітаємо!
 unauthorized_credentials = Хибні або прострочені дані для входу. Спробуйте ще раз або перейдіть до %s по докладнішу інформацію
 use_onetime_code = Використати одноразовий код
-oauth.signin.error = Виникла помилка при обробці запиту на авторизацію. Якщо ця помилка буде повторюватись, зверніться до адміністратора сайту.
+oauth.signin.error = Виникла помилка при обробці запиту на авторизацію. Якщо ця помилка буде повторюватись, зверніться до адміністрації сайту.
 authorization_failed_desc = Авторизація не відбулася: виявлено недійсний запит. Будь ласка, зверніться до розробника програми, яку ви намагалися авторизувати.
 password_pwned = Вибраний вами пароль є у <a target="_blank" rel="noopener noreferrer" href="%s">списку викрадених паролів</a>, виявлених під час витоків даних. Будь ласка, спробуйте ще раз з іншим паролем. Варто також змінити цей пароль в інших місцях.
 
@@ -523,7 +523,7 @@ team_invite.text_3 = Примітка: Це запрошення признач
 team_invite.text_1 = %[1]s запрошує Вас приєднатися до команди %[2]s в організації %[3]s.
 primary_mail_change.text_1 = Основну адресу електронної пошти вашого облікового запису було змінено на %[1]s. Це означає, що ця адреса більше не отримуватиме сповіщення для вашого облікового запису.
 account_security_caution.text_1 = Якщо це були ви, можете сміливо знехтувати цим листом.
-account_security_caution.text_2 = Якщо це були не ви, ваш обліковий запис знаходиться під загрозою. Будь ласка, зв’яжіться з адміністраторами цього сайту.
+account_security_caution.text_2 = Якщо це були не ви, ваш обліковий запис знаходиться під загрозою. Будь ласка, зверніться до адміністраторів цього сайту.
 totp_enrolled.subject = Ви задіяли TOTP як засіб двофакторної автентифікації
 totp_enrolled.text_1.has_webauthn = Ви щойно задіяли TOTP для свого облікового запису. Всі наступні спроби входу вимагатимуть використання TOTP як засобу двофакторної автентифікації або будь-якого з ваших ключів безпеки.
 totp_enrolled.text_1.no_webauthn = Ви щойно задіяли TOTP для свого облікового запису. Всі наступні спроби входу вимагатимуть використання TOTP як засобу двофакторної автентифікації.
@@ -698,7 +698,7 @@ twofa=Двофакторна автентифікація (TOTP)
 organization=Організації
 
 public_profile=Загальнодоступний профіль
-password_username_disabled=Нелокальним користувачам заборонено змінювати ім'я користувача. Щоб отримати докладнішу інформацію, зв'яжіться з адміністратором сайту.
+password_username_disabled=Нелокальним користувачам заборонено змінювати ім'я користувача. Щоб отримати докладнішу інформацію, зверніться до адміністраторів сайту.
 full_name=Повне ім'я
 website=Вебсайт
 location=Місцезнаходження
@@ -1036,7 +1036,7 @@ template_helper=Зробити репозиторій шаблоном
 template_description=Шаблонні репозиторії дозволяють користувачам створювати нові репозиторії з такою ж структурою каталогів, файлами та додатковими налаштуваннями.
 visibility=Видимість
 visibility_description=Тільки власник або учасники організації, які мають відповідні права, зможуть побачити.
-visibility_helper_forced=Адміністратор вашого сайту налаштував параметри: всі нові репозиторії будуть приватними.
+visibility_helper_forced=Адміністрацією вашого сайту дозволено створювати тільки приватні репозиторії.
 visibility_fork_helper=(Буде змінено видимість усіх форків.)
 clone_helper=Потрібна допомога у клонуванні? Відвідайте сторінку <a target="_blank" rel="noopener" href="%s">Допомога</a>.
 fork_repo=Створити форк репозиторію
@@ -1082,7 +1082,7 @@ watchers=Спостерігачі
 stargazers=Зацікавлені
 forks=Форки
 reactions_more=додати %d більше
-unit_disabled=Адміністратор сайту вимкнув цей розділ репозиторію.
+unit_disabled=Цей розділ репозиторію вимкнено адміністрацією сайту.
 language_other=Інші
 adopt_search=Уведіть ім’я користувач_ки для пошуку неприйнятих репозиторіїв… (залиште порожнім, щоб знайти всі)
 adopt_preexisting_label=Прийняти файли
@@ -1139,7 +1139,7 @@ migrate.clone_address=Перенести / клонувати з URL-адрес
 migrate.clone_address_desc=URL-адреса HTTP(S) або Git «clone» існуючого репозиторію
 migrate.clone_local_path=або шлях до локального сервера
 migrate.permission_denied=Вам не дозволено імпортувати локальні репозиторії.
-migrate.permission_denied_blocked=Ви не можете імпортувати з заборонених вузлів, будь ласка, попросіть адміністратора перевірити налаштування ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS.
+migrate.permission_denied_blocked=Ви не можете імпортувати з заборонених вузлів. Будь ласка, попросіть адміністраторів перевірити налаштування ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS.
 migrate.invalid_lfs_endpoint=Помилкова кінцева точка LFS.
 migrate.failed=Перенесення не вдалося: %v
 migrate.migrate_items_options=Для перенесення додаткових елементів потрібен токен доступу
@@ -1415,7 +1415,7 @@ issues.draft_title=Чернетка
 issues.num_comments=%d коментарів
 issues.commented_at=`коментує <a href="#%s">%s</a>`
 issues.delete_comment_confirm=Ви впевнені, що хочете видалити цей коментар?
-issues.context.copy_link=Скопіювати посилання
+issues.context.copy_link=Копіювати посилання
 issues.context.quote_reply=Цитувати відповідь
 issues.context.reference_issue=Послатися в новій задачі
 issues.context.edit=Редагувати
@@ -2544,7 +2544,7 @@ settings.event_action_recover = Відновлено
 commitstatus.success = Успіх
 commitstatus.failure = Збій
 issues.filter_type.all_pull_requests = Усі запити на злиття
-broken_message = Неможливо прочитати дані Git, що лежать в основі цього репозиторію. Зверніться до адміністратора цього екземпляра або видаліть репозиторій.
+broken_message = Неможливо прочитати дані Git, що лежать в основі цього репозиторію. Зверніться до адміністрації екземпляра або видаліть репозиторій.
 migrate.invalid_local_path = Локальний шлях недійсний. Він не існує або не є каталогом.
 editor.filename_is_a_directory = Назва файлу «%s» уже використовується в цьому репозиторії як назва каталогу.
 editor.filename_is_invalid = Хибна назва файлу: «%s».
@@ -2693,8 +2693,8 @@ issues.delete.text = Ви дійсно хочете видалити цю зад
 signing.wont_sign.twofa = Щоб підписувати коміти, у вас повинна бути ввімкнена двофакторна автентифікація.
 settings.mirror_settings.docs = Налаштуйте свій репозиторій на автоматичну синхронізацію комітів, тегів і гілок з іншим репозиторієм.
 settings.mirror_settings.docs.disabled_push_mirror.instructions = Налаштуйте свій проєкт на автоматичне отримання комітів, тегів і гілок з іншого репозиторію.
-settings.mirror_settings.docs.disabled_push_mirror.info = Push-дзеркала вимкнено адміністратором сайту.
-settings.mirror_settings.docs.disabled_pull_mirror.instructions = Налаштуйте свій проєкт на автоматичне надсилання комітів, тегів і гілок до іншого репозиторію. Pull-дзеркала вимкнено адміністратором сайту.
+settings.mirror_settings.docs.disabled_push_mirror.info = Push-дзеркала вимкнено адміністрацією сайту.
+settings.mirror_settings.docs.disabled_pull_mirror.instructions = Налаштуйте свій проєкт на автоматичне надсилання комітів, тегів і гілок до іншого репозиторію. Pull-дзеркала вимкнено адміністрацією сайту.
 issues.label_templates.fail_to_load_file = Не вдалося завантажити файл шаблону міток «%s»: %v
 migrate.cancel_migrating_confirm = Бажаєте скасувати перенесення?
 transfer.no_permission_to_accept = У вас немає дозволу прийняти цю передачу.
@@ -3104,9 +3104,9 @@ auths.allow_deactivate_all=Дозволити порожньому резуль
 auths.use_paged_search=Використовувати посторінковий пошук
 auths.search_page_size=Розмір сторінки
 auths.filter=Фільтр користувачів
-auths.admin_filter=Фільтр адміністратора
+auths.admin_filter=Фільтр адміністраторів
 auths.restricted_filter=Фільтр обмежених
-auths.restricted_filter_helper=Залиште порожнім, щоб не встановлювати обмеження на жодного з користувачів. Використовуйте зірочку («*»), щоб установити обмеження на всіх користувачів, які не відповідають Фільтру адміністратора.
+auths.restricted_filter_helper=Залиште порожнім, щоб не встановлювати обмеження на жодного з користувачів. Використовуйте зірочку («*»), щоб установити обмеження на всіх користувачів, які не відповідають Фільтру адміністраторів.
 auths.group_search_base=Пошукова база груп DN
 auths.group_attribute_list_users=Атрибут групи зі списком користувачів
 auths.user_attribute_in_group=Атрибут користувача в групі
@@ -3848,7 +3848,7 @@ changed_filemode = %[1]s → %[2]s
 
 [search]
 code_kind = Шукати код…
-code_search_unavailable = Пошук коду наразі недоступний. Будь ласка, зв’яжіться з адміністратором сайту.
+code_search_unavailable = Пошук коду наразі недоступний. Будь ласка, зверніться до адміністрації сайту.
 user_kind = Шукати користувачів…
 repo_kind = Шукати репозиторії…
 search = Пошук…
@@ -3865,7 +3865,7 @@ org_kind = Шукати організації…
 team_kind = Шукати команди…
 commit_kind = Шукати коміти…
 no_results = Не знайдено відповідних результатів.
-keyword_search_unavailable = Пошук за ключовими словами наразі недоступний. Будь ласка, зв'яжіться з адміністратором сайту.
+keyword_search_unavailable = Пошук за ключовими словами наразі недоступний. Будь ласка, зверніться до адміністрації сайту.
 package_kind = Шукати пакунки…
 project_kind = Шукати проєкти…
 branch_kind = Шукати гілки…
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 3de6dba3fb..c1ed4ab330 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -261,7 +261,7 @@ app_name_helper=在此处输入您的实例名称。它将显示在所有页面
 repo_path=仓库根目录
 repo_path_helper=所有远程 Git 仓库将保存到此目录。
 lfs_path=LFS 根目录
-lfs_path_helper=存储为Git LFS的文件将被存储在此目录。留空以禁用LFS。
+lfs_path_helper=存储为 Git LFS 的文件将被存储在此目录。留空以禁用 LFS。
 run_user=要使用的用户身份
 run_user_helper=输入 Forgejo 运行的操作系统用户名。请注意，此用户必须具有对仓库根路径的访问权限。
 domain=服务器域名
@@ -1262,7 +1262,7 @@ file_copy_permalink=复制固定链接
 view_git_blame=查看 Git Blame
 video_not_supported_in_browser=您的浏览器不支持 HTML5 “video” 标签。
 audio_not_supported_in_browser=您的浏览器不支持 HTML5 “audio” 标签。
-stored_lfs=存储到Git LFS
+stored_lfs=存储到 Git LFS
 symbolic_link=符号链接
 executable_file=可执行文件
 vendored = Vendored
@@ -1287,7 +1287,7 @@ editor.new_file=新建文件
 editor.upload_file=上传文件
 editor.edit_file=编辑文件
 editor.preview_changes=预览变更
-editor.cannot_edit_lfs_files=无法在 web 界面中编辑 lfs 文件。
+editor.cannot_edit_lfs_files=无法在 Web 界面中编辑 LFS 文件。
 editor.cannot_edit_non_text_files=网页不能编辑二进制文件。
 editor.edit_this_file=编辑文件
 editor.this_file_locked=文件已锁定
diff --git a/options/locale/locale_zh-HK.ini b/options/locale/locale_zh-HK.ini
index e19e23c51f..45c487fe61 100644
--- a/options/locale/locale_zh-HK.ini
+++ b/options/locale/locale_zh-HK.ini
@@ -1017,7 +1017,7 @@ monitor.execute_time=已執行時間
 
 monitor.queue.name=組織名稱
 monitor.queue.type=認證類型
-monitor.queue.settings.submit=更新組織設定
+monitor.queue.settings.submit=更新設定
 
 notices.system_notice_list=系統提示管理
 notices.view_detail_header=查看提示細節
@@ -1037,7 +1037,7 @@ users = 使用者帳戶
 defaulthooks = 預設 Webhook
 
 
-config_settings = 組織設定
+config_settings = 設定
 
 [action]
 create_repo=建立了儲存庫 <a href="%s">%s</a>
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index c72e1c6ce1..c7fc4fb5a1 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -178,8 +178,8 @@ contributions_few = 項貢獻
 
 [editor]
 buttons.heading.tooltip=新增標題
-buttons.bold.tooltip=新增粗體文字
-buttons.italic.tooltip=新增斜體文字
+buttons.bold.tooltip=新增粗體文字（Ctrl+B／⌘B）
+buttons.italic.tooltip=新增斜體文字（Ctrl+I／⌘I）
 buttons.quote.tooltip=引用文字
 buttons.code.tooltip=新增程式碼
 buttons.link.tooltip=新增連結
@@ -759,7 +759,7 @@ activate_email=寄送啟用信
 activations_pending=等待啟用中
 delete_email=移除
 email_deletion=移除電子信箱
-email_deletion_desc=您的帳號中的電子信箱和相關資訊將被刪除，使用此電子信箱的 Git 提交將保持不變。要繼續嗎？
+email_deletion_desc=此電子信箱地址和相關資訊將從您的帳號中刪除。使用此電子信箱地址的 Git 提交將保持不變。繼續？
 email_deletion_success=該電子信箱已被刪除。
 theme_update_success=已更新佈景主題。
 theme_update_error=選取的佈景主題不存在。
@@ -962,7 +962,7 @@ change_username_prompt = 註：更改您的使用者名稱也會更改您的帳
 change_username_redirect_prompt = 舊的使用者名稱在被其他使用者認領之前將會轉址到新的使用者名稱。
 visibility.limited_tooltip = 僅對已登入的使用者可見
 visibility.private_tooltip = 只有您加入的組織之成員能看見
-keep_email_private_popup = 您的電子郵件地址不會顯示在個人資料頁面中，也不會成為透過網頁介面（例如上傳檔案、編輯或合併提交）所建立的提交紀錄的預設地址。取而代之的是，可以使用特殊地址 %s 將這些提交關聯到您的帳號。此設定不會影響既有的提交紀錄。
+keep_email_private_popup = 電子信箱地址不會顯示在個人資料頁面中，也不會作為透過網頁介面（例如上傳檔案、編輯或合併提交）所建立的提交紀錄的預設地址。取而代之的是，可以使用特殊地址 %s 將這些提交關聯到您的帳號。此設定不會影響既有的提交紀錄。
 ssh_signonly = 因為目前 SSH 已被停用，這個金鑰只被用來校驗提交簽署。
 email_desc = 您的主要電子信箱將被用於通知、密碼復原、和網頁 Git 操作（如果您的信箱不是隱藏的）。
 oauth2_client_secret_hint = 這把密鑰在您離開或重新整理此頁面後將不再被顯示。請確保您已儲存它。
@@ -993,7 +993,7 @@ language.localization_project = 幫助我們翻譯 Forgejo 至您的語言！<a
 language.description = 這個語言會被儲存至您的帳號，並被用作您登入後的預設語言。
 user_block_yourself = 你不能封鎖自己。
 change_username_redirect_prompt.with_cooldown.one = 舊的使用者名稱將在 %[1]d 天的冷卻期後對所有人開放。你仍然可以在冷卻期內重新獲得舊的使用者名稱。
-change_username_redirect_prompt.with_cooldown.few = 舊的使用者名稱將在 %[1]d 天的冷卻期後對所有人開放，你仍然可以在冷卻期內重新獲得舊的使用者名稱。
+change_username_redirect_prompt.with_cooldown.few = 舊的使用者名稱將在 %[1]d 天的冷卻期後對所有人開放。你仍然可以在冷卻期內重新獲得舊的使用者名稱。
 keep_activity_private.description = 你的<a href="%s">公開活動</a>只有你和站點管理員可見。
 quota.rule.exceeded = 已超出
 quota.sizes.assets.packages.all = 軟體包
@@ -1444,7 +1444,7 @@ issues.remove_ref_at=`移除了參考 <b>%s</b> %s`
 issues.add_ref_at=`新增了參考 <b>%s</b> %s`
 issues.delete_branch_at=`刪除分支 <b>%s</b> %s`
 issues.filter_label=標籤
-issues.filter_label_exclude=`使用 <code>alt</code> + <code>click/enter</code> 來排除標籤`
+issues.filter_label_exclude=使用 <kbd>Alt</kbd> + <kbd>點擊</kbd> 來排除標籤
 issues.filter_label_no_select=所有標籤
 issues.filter_label_select_no_label=沒有標籤
 issues.filter_milestone=里程碑
@@ -1573,8 +1573,8 @@ issues.lock.notice_3=- 你以後可以隨時再解鎖這個問題。
 issues.unlock.notice_1=- 所有人將可對此問題再次發表留言。
 issues.unlock.notice_2=- 您之後可以隨時再鎖定這個問題。
 issues.lock.reason=鎖定原因
-issues.lock.title=鎖定此問題的對話。
-issues.unlock.title=解鎖此問題的對話。
+issues.lock.title=鎖定對話
+issues.unlock.title=解除鎖定對話
 issues.comment_on_locked=您無法在已鎖定的問題上留言。
 issues.delete=刪除
 issues.delete.title=刪除此問題？
@@ -2456,7 +2456,7 @@ desc.sha256 = SHA256
 form.name_pattern_not_allowed = 您無法在儲存庫的名字中使用「%s」式樣。
 admin.manage_flags = 管理旗標
 visibility_helper = 將儲存庫設為私有
-mirror_address_url_invalid = URL 無效。您必須正確的跳脫（escape）該 URL 的每個部份。
+mirror_address_url_invalid = 提供的網址無效。必須確保正確的跳脫（escape）此網址的每個部份。
 migrate.migrating_failed.error = 遷移失敗：%s
 migrate.cancel_migrating_confirm = 您確定要取消這次的遷移嗎？
 invisible_runes_header = `此檔案內含不可見的 Unicode 字元`
@@ -2508,7 +2508,7 @@ settings.mirror_settings.docs.pull_mirror_instructions = 如需建立一個拉
 blame.ignore_revs = <a href="%s">.git-blame-ignore-revs</a> 中的修訂已被忽略。點擊<a href="%s">這裡</a>來檢視一般的責任歸屬界面。
 editor.file_is_a_symlink = `「%s」是一個符號連結。網頁編輯器無法編輯符號連結`
 issues.label_archive = 封存標籤
-pulls.nothing_to_compare_have_tag = 所選的分支／標籤是相等的。
+pulls.nothing_to_compare_have_tag = 所選擇的分支／標籤是相等的。
 pulls.select_commit_hold_shift_for_range = 選則一個提交。按住 shift 並點擊來選擇一個範圍
 pulls.review_only_possible_for_full_diff = 只有在檢視完整 diff 時才能進行審閱
 pulls.filter_changes_by_commit = 以提交來篩選
@@ -2613,7 +2613,7 @@ issues.filter_milestone_closed = 已關閉的里程碑
 settings.sourcehut_builds.secrets = 秘密
 settings.ignore_stale_approvals = 忽略過時的批准
 settings.unarchive.button = 取消封存儲存庫
-branch.rename_branch_to = 重新命名「%s」至：
+branch.rename_branch_to = 正在重新命名分支「%s」。
 activity.published_tag_label = 標籤
 settings.event_pull_request_merge = 合併請求合併
 settings.update_mirror_settings = 更新鏡像設定
@@ -2768,6 +2768,7 @@ settings.matrix.room_id_helper = 可從 Element 網頁版客戶端取得 Room ID
 settings.web_hook_name_sourcehut_builds = SourceHut Builds
 diff.git-notes.remove-body = 此注釋將會被移除。
 settings.sourcehut_builds.secrets_helper = 授權此作業存取建置機密（需要 SECRETS:RO 權限）
+issues.filter_type.all_pull_requests = 所有合併請求
 
 [graphs]
 component_loading = 正在載入 %s…
@@ -2895,8 +2896,8 @@ form.name_pattern_not_allowed = 組織名稱中不允許使用式樣「%s」。
 follow_blocked_user = 你無法關注此組織，因為此組織已封鎖你。
 teams.invite.title = 你已被邀請加入組織 <strong>%[2]s</strong> 中的團隊 <strong>%[1]s</strong>。
 settings.change_orgname_prompt = 注意：變更組織名稱也會變更你組織的網址並釋放舊名稱。
-settings.change_orgname_redirect_prompt.with_cooldown.few = 舊的組織名稱將在 %[1]d 天的冷卻期後對所有人可用，你仍然可以在冷卻期內重新使用舊名稱。
-settings.change_orgname_redirect_prompt.with_cooldown.one = 舊的組織名稱將在 %[1]d 天的冷卻期後對所有人可用，您仍然可以在冷卻期內重新使用舊名稱。
+settings.change_orgname_redirect_prompt.with_cooldown.few = 舊的組織名稱將在 %[1]d 天的冷卻期後對所有人可用。你仍然可以在冷卻期內重新使用舊名稱。
+settings.change_orgname_redirect_prompt.with_cooldown.one = 舊的組織名稱將在 %[1]d 天的冷卻期後對所有人可用。您仍然可以在冷卻期內重新使用舊名稱。
 
 [admin]
 dashboard=資訊主頁
@@ -2947,7 +2948,7 @@ dashboard.update_migration_poster_id=更新遷移發布者 ID
 dashboard.git_gc_repos=對所有儲存庫進行垃圾回收
 dashboard.resync_all_sshkeys=使用 Forgejo 的 SSH 金鑰更新「.ssh/authorized_keys」檔案。
 dashboard.resync_all_sshprincipals=使用 Forgejo 的 SSH 規則更新「.ssh/authorized_principals」檔案。
-dashboard.resync_all_hooks=重新同步所有儲存庫的 pre-receive、update 和 post-receive Hook
+dashboard.resync_all_hooks=重新同步所有儲存庫的 Git hooks（pre-receive、update、post-receive、proc-receive 等）
 dashboard.reinit_missing_repos=重新初始化所有記錄存在但遺失的 Git 儲存庫
 dashboard.sync_external_users=同步外部使用者資料
 dashboard.cleanup_hook_task_table=清理 hook_task 資料表
@@ -3378,7 +3379,7 @@ emails.change_email_text = 您確定要更新這個電子信箱地址嗎？
 monitor.download_diagnosis_report = 下載診斷報告
 dashboard.task.cancelled = 作業：%[1]s 已被取消：%[3]s
 dashboard.cron.cancelled = 定時作業：%[1]s 已被取消：%[3]s
-dashboard.cleanup_actions = 清除過期的 Action 日誌和物件
+dashboard.cleanup_actions = 清理過期的 Action 日誌和物件
 users.bot = 機器人
 users.remote = 遠端
 monitor.queue.settings.remove_all_items_done = 已移除佇列中所有項目。
@@ -3399,7 +3400,7 @@ identity_access = 身分和存取
 config.cache_test = 測試快取
 config_settings = 設定
 config_summary = 概要
-emails.delete = 刪除電子郵件
+emails.delete = 刪除電子信箱地址
 dashboard.sync_tag.started = 標籤同步已開始
 users.reserved = 已保留
 auths.tips.gmail_settings = Gmail 設定：
@@ -3647,7 +3648,7 @@ owner.settings.cargo.initialize.error=初始化 Cargo 索引失敗: %v
 owner.settings.cargo.initialize.success=成功建立了 Cargo 索引。
 owner.settings.cargo.rebuild=重建索引
 owner.settings.cargo.rebuild.error=重建 Cargo 索引失敗: %v
-owner.settings.cargo.rebuild.success=成功重建了 Cargo 索引。
+owner.settings.cargo.rebuild.success=已成功重建 Cargo 索引。
 owner.settings.cleanuprules.title=清理規則
 owner.settings.cleanuprules.add=加入清理規則
 owner.settings.cleanuprules.edit=編輯清理規則
@@ -3907,5 +3908,5 @@ projects.read = <b>讀取：</b>存取儲存庫的專案看板。
 packages.write = <b>寫入：</b>發布與刪除指派給此儲存庫的套件。
 projects.write = <b>寫入：</b>建立專案與欄位，並編輯它們。
 packages.read = <b>讀取：</b>檢視並下載指派給此儲存庫的套件。
-actions.read = <b>讀取：</b>查看整合的 CI/CD 流程及其紀錄。
-actions.write = <b>寫入：</b>手動觸發、重新啟動、取消或核准待處理的 CI/CD 流程。
\ No newline at end of file
+actions.read = <b>讀取：</b>查看工作流程運行及其紀錄。
+actions.write = <b>寫入：</b>觸發、重新啟動和取消工作流程。管理對合併請求提交者的信任委託。
\ No newline at end of file
diff --git a/options/locale_next/locale_ar.json b/options/locale_next/locale_ar.json
index ed4bc84947..e4e72d0452 100644
--- a/options/locale_next/locale_ar.json
+++ b/options/locale_next/locale_ar.json
@@ -95,7 +95,7 @@
 	"repo.settings.push_mirror.branch_filter.label": "تصفية الفرع (اختياري)",
 	"repo.settings.push_mirror.branch_filter.description": "الفروع المطلوب عكسها. اترك الحقل فارغًا لعكس جميع الفروع. راجع توثيق <a href=\"%[1]s\">%[2]s</a> للاطلاع على الصيغة. أمثلة: <code>main, release/*</code>",
 	"og.repo.summary_card.alt_description": "بطاقة تلخيصية للمستودع %[1]، موصوفة بـ %[1]: %[2]s",
-	"meta.last_line": "شكرًا لك على ترجمة Forgejo! هذا السطر لا يراه المستخدمون ولكنه يخدم أغراضًا أخرى في إدارة الترجمة. يمكنك وضع حقيقة ممتعة في الترجمة بدلاً من ترجمتها. (this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "شكرًا لك على ترجمة Forgejo! هذا السطر لا يراه المستخدمون ولكنه يخدم أغراضًا أخرى في إدارة الترجمة. يمكنك وضع حقيقة ممتعة في الترجمة بدلاً من ترجمتها.",
 	"relativetime.future": "في المستقبل",
 	"avatar.constraints_hint": "لا يمكن أن يتجاوز حجم الصورة الشخصية المخصصة %[1]s، ولا أبعادها عن %[2]d×%[3]d بكسل",
 	"repo.pulls.merged_title_desc": {
diff --git a/options/locale_next/locale_be.json b/options/locale_next/locale_be.json
index 7ec2839461..a7fe15e0b1 100644
--- a/options/locale_next/locale_be.json
+++ b/options/locale_next/locale_be.json
@@ -224,5 +224,5 @@
 		"few": "%s актыўныя запыты на зліццё",
 		"many": "%s актыўных запытав на зліццё"
 	},
-	"meta.last_line": "Слава вялікай бульбе! Лукашэнка, гары ў адку! Kiss (this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": "Слава вялікай бульбе! Лукашэнка, гары ў адку! Kiss"
 }
diff --git a/options/locale_next/locale_bg.json b/options/locale_next/locale_bg.json
index f17f9e4c2f..33631e6a0b 100644
--- a/options/locale_next/locale_bg.json
+++ b/options/locale_next/locale_bg.json
@@ -20,7 +20,7 @@
 		"other": "иска да слее %[1]d подавания от <code>%[2]s</code> в <code id=\"%[4]s\">%[3]s</code>"
 	},
 	"mail.actions.run_info_trigger": "Задействано поради: %[1]s от: %[2]s",
-	"meta.last_line": "В България расте най-старото дърво в страната, Байкушевата мура, на възраст над 1300 години. (this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "В България расте най-старото дърво в страната, Байкушевата мура, на възраст над 1300 години.",
 	"relativetime.1day": "вчера",
 	"relativetime.2months": "преди два месеца",
 	"home.explore_repos": "Разглеждане на хранилища",
@@ -118,5 +118,27 @@
 	"pulse.n_active_prs": {
 		"one": "%s активна заявка за сливане",
 		"other": "%s активни заявки за сливане"
-	}
+	},
+	"watch.n_watchers": {
+		"one": "наблюдател",
+		"other": "наблюдатели"
+	},
+	"repo.issues.filter_poster.hint": "Филтриране по автор",
+	"repo.issues.filter_assignee.hint": "Филтриране по назначен потребител",
+	"repo.issues.filter_reviewers.hint": "Филтриране по потребител, който е прегледал",
+	"repo.issues.filter_mention.hint": "Филтриране по споменат портребител",
+	"repo.issues.filter_modified.hint": "Филтрирай по дата на последното изменение",
+	"repo.issues.filter_sort.hint": "Сортиране по: създаден/коментари/актуализиран/краен срок",
+	"issues.updated": "актуализирано %s",
+	"repo.pulls.poster_manage_approval": "Управление на одобренията",
+	"repo.pulls.poster_requires_approval": "Някои работни процеси са <a href=\"%[1]s\">в очакване на преглед.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "На автора на това искане за изтегляне не се доверява да изпълнява работни потоци, задействани от искане за изтегляне, създадено от разклонено хранилище или с AGit. Работните потоци, задействани от събитие `pull_request`, няма да се изпълняват, докато не бъдат одобрени.",
+	"repo.pulls.poster_is_trusted": "Авторът на това искане за изтегляне е <a href=\"%[1]s\">винаги надежден за изпълнение на работни процеси.</a>pick",
+	"repo.pulls.poster_is_trusted.tooltip": "На автора на това искане за изтегляне се предоставя изрично доверие да изпълнява работни потоци, задействани от събития `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Отказване",
+	"repo.pulls.poster_trust_deny.tooltip": "Работните процеси, които чакат одобрение, ще бъдат отменени.",
+	"repo.pulls.poster_trust_once": "Одобри веднъж",
+	"repo.pulls.poster_trust_always": "Одобрявай винаги",
+	"repo.pulls.poster_trust_revoke": "Отмяна",
+	"repo.pulls.already_merged": "Сливането се провали: Тази заявка за сливане вече е била слята."
 }
diff --git a/options/locale_next/locale_bn.json b/options/locale_next/locale_bn.json
index 321b792bea..2ece5f996a 100644
--- a/options/locale_next/locale_bn.json
+++ b/options/locale_next/locale_bn.json
@@ -1,4 +1,4 @@
 {
 	"moderation.abuse_category.malware": "ম্যালওয়্যার",
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_bs.json b/options/locale_next/locale_bs.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_bs.json
+++ b/options/locale_next/locale_bs.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index ec2de1883d..8a227a626a 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -154,7 +154,7 @@
 	"migrate.pagure.project_url": "URL del projecte de Pagure",
 	"migrate.pagure.project_example": "L'URL del projecte de pagure, per exemple: https://pagure.io/pagure",
 	"migrate.pagure.token_label": "Testimoni de l'API de Pagure",
-	"meta.last_line": "Molt estudiar anglès i vinga a fer espíquings i ràitings i tal... I què passa amb el català? Eh?! Me'l noto una mica oxidat! També és important.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Molt estudiar anglès i vinga a fer espíquings i ràitings i tal... I què passa amb el català? Eh?! Me'l noto una mica oxidat! També és important.",
 	"pulse.n_active_issues": {
 		"one": "%s incidència activa",
 		"many": "%s incidències actives",
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 7e38c9a38c..690be4eca4 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -38,7 +38,7 @@
 	"alert.asset_load_failed": "Nepodařilo se načíst soubory příloh z {path}. Ujistěte se, že jsou dané soubory přístupné.",
 	"install.invalid_lfs_path": "Nepodařilo se vytvořit kořen LFS na zvolené cestě: %[1]s",
 	"alert.range_error": " musí být číslo mezi %[1]s a %[2]s.",
-	"meta.last_line": "Díky všem přispěvatelům za pomoc!\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Díky všem přispěvatelům za pomoc!",
 	"mail.actions.not_successful_run_subject": "Workflow %[1]s selhal v repozitáři %[2]s",
 	"mail.actions.not_successful_run": "Workflow %[1]s selhal v repozitáři %[2]s",
 	"mail.actions.run_info_cur_status": "Stav tohoto procesu: %[1]s (právě aktualizováno z %[2]s)",
@@ -258,5 +258,19 @@
 	"actions.workflow.incomplete_with_missing_job": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: úloha %[2]s není v seznamu `needs` úlohy %[1]s (%[3]s).",
 	"actions.workflow.incomplete_with_missing_output": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: úloze %[2]s chybí výstup %[3]s.",
 	"actions.workflow.incomplete_with_missing_matrix_dimension": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: rozměr matice %[2]s neexistuje.",
-	"actions.workflow.incomplete_with_unknown_cause": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: neznámá chyba."
+	"actions.workflow.incomplete_with_unknown_cause": "Nepodařilo se vyhodnotit `with` úlohy %[1]s: neznámá chyba.",
+	"pulls.manual_merge.helper": "Pomocník s ručním sloučením",
+	"pulls.manual_merge.helpder.description": "Použít tuto zprávu revize při ručním dokončení sloučení.",
+	"pulls.manual_merge.commit.title": "Nadpis slučovací revize",
+	"pulls.manual_merge.commit.body": "Tělo slučovací revize",
+	"pulls.manual_merge.copy.button": "Kopírovat zprávu slučovací revize",
+	"editor.search": "Hledat",
+	"editor.find_previous": "Předchozí výsledek",
+	"editor.find_next": "Další výsledek",
+	"editor.replace": "Nahradit",
+	"editor.replace_all": "Nahradit vše",
+	"editor.toggle_case": "Přepnout rozlišování velikosti písmen",
+	"editor.toggle_regex": "Přepnout používání regulárních výrazů",
+	"editor.toggle_whole_word": "Přepnout shodu s celými slovy",
+	"repo.view.gitmodules_too_large": "Soubor .gitmodules je příliš velký a bude ignorován (např. při voláních API)"
 }
diff --git a/options/locale_next/locale_cy.json b/options/locale_next/locale_cy.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_cy.json
+++ b/options/locale_next/locale_cy.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index c96bdcf76f..87de9c186a 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -33,7 +33,7 @@
 	"alert.asset_load_failed": "Kunne ikke indlæse aktivfiler fra {path}. Sørg for, at aktivfilerne er tilgængelige.",
 	"install.invalid_lfs_path": "Kan ikke oprette LFS-roden på den angivne sti: %[1]s",
 	"alert.range_error": " skal være et tal mellem %[1]s og %[2]s.",
-	"meta.last_line": "Livet er det dejligste eventyr. - (H.C. Andersen)\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Livet er det dejligste eventyr. - (H.C. Andersen)",
 	"mail.actions.not_successful_run_subject": "Arbejdsgangen %[1]s mislykkedes i depotet %[2]s",
 	"mail.actions.successful_run_after_failure_subject": "Arbejdsgang %[1]s gendannet i depotet %[2]s",
 	"mail.actions.successful_run_after_failure": "Arbejdsgang %[1]s gendannet i depotet %[2]s",
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 6a28242433..842b12195d 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -33,7 +33,7 @@
 	"alert.asset_load_failed": "Konnte Asset-Dateien nicht von {path} laden. Bitte stelle sicher, dass auf die Asset-Dateien zugegriffen werden kann.",
 	"install.invalid_lfs_path": "Der LFS-Root konnte nicht am angegebenen Pfad erstellt werden: %[1]s",
 	"alert.range_error": " muss eine Zahl zwischen %[1]s und %[2]s sein.",
-	"meta.last_line": "Vielen Dank für die Übersetzung von Forgejo! Diese Zeile wird von den Benutzern nicht gesehen, dient aber anderen Zwecken im Übersetzungsmanagement. Du kannst eine lustige Tatsache in der Übersetzung platzieren, anstatt sie zu übersetzen.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Vielen Dank für die Übersetzung von Forgejo! Diese Zeile wird von den Benutzern nicht gesehen, dient aber anderen Zwecken im Übersetzungsmanagement. Du kannst eine lustige Tatsache in der Übersetzung platzieren, anstatt sie zu übersetzen.",
 	"mail.actions.successful_run_after_failure_subject": "Arbeitsablauf %[1]s in Repository %[2]s wiederhergestellt",
 	"mail.actions.not_successful_run_subject": "Arbeitsablauf %[1]s in Repository %[2]s fehlgeschlagen",
 	"mail.actions.successful_run_after_failure": "Arbeitsablauf %[1]s in Repository %[2]s wiederhergestellt",
@@ -207,11 +207,11 @@
 	"repo.issues.filter_reviewers.hint": "Nach Benutzer, der gesichtet hat, filtern",
 	"repo.issues.filter_mention.hint": "Nach erwähntem Benutzer filtern",
 	"repo.issues.filter_modified.hint": "Nach letzten modifiziertem Datum filtern",
-	"repo.issues.filter_sort.hint": "Sortieren nach: erstellt/Kommentare/aktualisiert/Ablaufdatum",
+	"repo.issues.filter_sort.hint": "Sortieren nach: created/comments/updated/deadline",
 	"search.syntax": "Suchsyntax",
 	"admin.dashboard.transfer_lingering_logs": "Aktionslogs von fertigen Aktions-Jobs aus der Datenbank in den Speicher übertragen",
 	"actions.workflow.persistent_incomplete_matrix": "`strategy.matrix` vom Job %[1]s konnte aufgrund eines ungültigen `needs`-Ausdrucks nicht ausgewertet werden. Er könnte auf einen Job verweisen, der nicht in seiner „needs“-Liste (%[2]s) ist, oder auf eine Ausgabe, die in keinem dieser Jobs existiert.",
-	"admin.auths.oauth2_quota_group_map_removal": "Benutzer von synchronisierten Quotagruppen entfernen, falls Benutzer nicht zur entsprechenden Grupe gehört.",
+	"admin.auths.oauth2_quota_group_map_removal": "Benutzer von synchronisierten Quotagruppen entfernen, falls Benutzer nicht zur entsprechenden Gruppe gehört.",
 	"moderation.action.account.delete": "Account löschen",
 	"moderation.action.account.suspend": "Account sperren",
 	"moderation.action.repo.delete": "Repository löschen",
@@ -231,13 +231,31 @@
 	"admin.auths.oauth2_quota_group_claim_name": "Der Claim-Name bietet Gruppennamen für diese Quelle, um für die Quotaverwaltung verwendet zu werden. (Optional)",
 	"admin.auths.oauth2_quota_group_map": "Beanspruchte Gruppen an Quota-Gruppen zuordnen. (Optional – benötigt Claim-Namen oben)",
 	"actions.workflow.incomplete_matrix_missing_job": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: %[2]s ist nicht in der `needs`-Liste von Job %[1]s (%[3]s).",
-	"actions.workflow.incomplete_matrix_missing_output": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: %[2]s hat keine Ausgabe %[3]s.",
+	"actions.workflow.incomplete_matrix_missing_output": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: %[2]s fehlt die Ausgabe %[3]s.",
 	"actions.workflow.incomplete_matrix_unknown_cause": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: unbekannter Fehler.",
 	"actions.workflow.incomplete_runson_missing_job": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: %[2]s ist nicht in der `needs`-Liste von Job %[1]s (%[3]s).",
-	"actions.workflow.incomplete_runson_missing_output": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: %[2]s hat keine Ausgabe %[3]s.",
+	"actions.workflow.incomplete_runson_missing_output": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: %[2]s fehlt die Ausgabe %[3]s.",
 	"actions.workflow.incomplete_runson_missing_matrix_dimension": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: Matrixdimension %[2]s existiert nicht.",
 	"actions.workflow.incomplete_runson_unknown_cause": "`runs-on` vom Job %[1]s konnte nicht evaluiert werden: unbekannter Fehler.",
 	"search.fuzzy": "Unscharf",
 	"search.fuzzy_tooltip": "Ergebnisse, die ungefähr zum Suchbegriff passen, einbinden",
-	"issues.updated": "%s aktualisiert"
+	"issues.updated": "%s aktualisiert",
+	"actions.workflow.incomplete_with_missing_job": "`with` vom Job %[1]s konnte nicht evaluiert werden: Job %[2]s ist nicht in der `needs`-List vom Job %[1]s (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "`with` vom Job %[1]s konnte nicht evaluiert werden: Job %[2]s fehlt die Ausgabe %[3]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "`with` vom Job %[1]s konnte nicht evaluiert werden: Matrixdimension %[2]s existiert nicht.",
+	"actions.workflow.incomplete_with_unknown_cause": "`with` vom Job %[1]s konnte nicht evaluiert werden: Unbekannter Fehler.",
+	"pulls.manual_merge.helper": "Manueller Zusammenführungshelfer",
+	"pulls.manual_merge.helpder.description": "Diese Zusammenführungs-Commitnachricht benutzen, wenn die Zusammenführung manuell vorgenommen wird.",
+	"pulls.manual_merge.commit.title": "Zusammenführungs-Commit-Titel",
+	"pulls.manual_merge.commit.body": "Zusammenführungs-Commit-Body",
+	"pulls.manual_merge.copy.button": "Zusammenführungs-Commitnachricht kopieren",
+	"editor.toggle_case": "Beachtung der Groß-/Kleinschreibung umschalten",
+	"editor.toggle_regex": "Mit regulären Ausdrücken umschalten",
+	"editor.search": "Suchen",
+	"editor.replace": "Ersetzen",
+	"editor.replace_all": "Alle ersetzen",
+	"editor.find_previous": "Vorheriger Treffer",
+	"editor.find_next": "Nächster Treffer",
+	"editor.toggle_whole_word": "Treffer auf ganze Wörter umschalten",
+	"repo.view.gitmodules_too_large": "Die .gitmodules-Datei ist zu groß und wird ignoriert (zum Beispiel für API-Aufrufe)"
 }
diff --git a/options/locale_next/locale_el-GR.json b/options/locale_next/locale_el-GR.json
index 48f2da23e1..b2388616b5 100644
--- a/options/locale_next/locale_el-GR.json
+++ b/options/locale_next/locale_el-GR.json
@@ -24,12 +24,12 @@
 	"mail.actions.successful_run_after_failure_subject": "Η ροή εργασίας %[1]s αποκαταστάθηκε στο αποθετήριο %[2]s",
 	"mail.actions.not_successful_run_subject": "Η ροή εργασίας %[1]s απέτυχε στο αποθετήριο %[2]s",
 	"mail.actions.run_info_trigger": "Ενεργοποιήθηκε επειδή: %[1]s από: %[2]s",
-	"meta.last_line": "Ευχαριστούμε που μεταφράζετε το Forgejo! Αυτή η γραμμή δεν είναι ορατή από τους χρήστες αλλά εξυπηρετεί άλλους σκοπούς στη διαχείριση της μετάφρασης. Μπορείτε να γράψετε κάποιο αστείο αντί για μετάφραση.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Ευχαριστούμε που μεταφράζετε το Forgejo! Αυτή η γραμμή δεν είναι ορατή από τους χρήστες αλλά εξυπηρετεί άλλους σκοπούς στη διαχείριση της μετάφρασης. Μπορείτε να γράψετε κάποιο αστείο αντί για μετάφραση.",
 	"mail.actions.successful_run_after_failure": "Η ροή εργασίας %[1]s αποκαταστάθηκε στο αποθετήριο %[2]s",
 	"discussion.locked": "Αυτή η συζήτηση έχει κλειδωθεί. Ο σχολιασμός περιορίζεται στους συνεισφέροντες.",
 	"incorrect_root_url": "Αυτή η εγκατάσταση του Forgejo έχει ρυθμιστεί στο \"%s\". Αυτή τη στιγμή βλέπετε το Forgejo μέσω ενός διαφορετικού URL, το οποίο μπορεί να προκαλέσει δυσλειτουργία σε τμήματα της εφαρμογής. Το κανονικό URL ελέγχεται από τους διαχειριστές του Forgejo με τη ρύθμιση ROOT_URL στο αρχείο app.ini.",
 	"home.explore_orgs": "Εξερευνήστε οργανισμούς",
-	"home.welcome.activity_hint": "Δεν υπάρχει τίποτα στην τροφοδοσία σας ακόμα. Οι ενέργειές σας και η δραστηριότητά σας από τα αποθετήρια που παρακολουθείτε θα εμφανίζονται εδώ.",
+	"home.welcome.activity_hint": "Δεν υπάρχει τίποτα στη ροή σας ακόμη. Οι ενέργειές σας και η δραστηριότητά σας από τα αποθετήρια που παρακολουθείτε θα εμφανίζονται εδώ.",
 	"home.explore_repos": "Εξερευνήστε τα αποθετήρια",
 	"home.explore_users": "Εξερευνήστε τους χρήστες",
 	"migrate.github.description": "Μεταφορά δεδομένων από το github.com ή διακομιστές GitHub Enterprise.",
@@ -47,11 +47,11 @@
 	"error.not_found.title": "Δε βρέθηκε η σελίδα",
 	"themes.names.forgejo-auto": "Forgejo (ακολουθεί το θέμα του συστήματος)",
 	"themes.names.forgejo-light": "Forgejo φωτεινό",
-	"stars.list.none": "Κανένα αστέρι ακόμα για αυτό το αποθετήριο.",
+	"stars.list.none": "Κανένα αστέρι ακόμη για αυτό το αποθετήριο.",
 	"watch.list.none": "Καμία παρακολούθηση αυτού του αποθετηρίου.",
 	"followers.incoming.list.self.none": "Καμία παρακολούθηση στο προφίλ σας.",
 	"followers.incoming.list.none": "Κανείς δεν ακολουθεί αυτό το χρήστη.",
-	"followers.outgoing.list.none": "δεν ακολουθεί κανένα.",
+	"followers.outgoing.list.none": "Ο χρήστης %s δεν ακολουθεί κανέναν.",
 	"relativetime.2days": "πριν από δύο μέρες",
 	"relativetime.1week": "την προηγούμενη εβδομάδα",
 	"relativetime.2weeks": "πριν από δύο εβδομάδες",
@@ -82,13 +82,13 @@
 		"other": "πριν από %d έτη"
 	},
 	"themes.names.forgejo-dark": "Forgejo σκοτεινό",
-	"warning.repository.out_of_sync": "Αυτό το αποθετήριο είναι εκτός συγχρονισμού με την αναπαράσταση του στη βάση δεδομένων. Αν αυτή η προειδοποίηση εμφανίζεται ακόμα και αν ωθήσατε μια υποβολή στο αποθετήριο, τότε επικοινωνήστε με το διαχειριστή.",
+	"warning.repository.out_of_sync": "Αυτό το αποθετήριο είναι εκτός συγχρονισμού με την αναπαράσταση του στη βάση δεδομένων. Αν αυτή η προειδοποίηση εμφανίζεται ακόμη και αν ωθήσατε μια υποβολή στο αποθετήριο, τότε επικοινωνήστε με το διαχειριστή.",
 	"mail.actions.run_info_cur_status": "Κατάσταση αυτής της εκτέλεσης: %[1]s (μόλις άλλαξε από %[2]s)",
 	"repo.diff.commit.previous-short": "Προηγ",
 	"editor.textarea.shift_tab_hint": "Καμία στοίχιση σε αυτή τη γραμμή. Πατήστε <kbd>Shift</kbd> + <kbd>Tab</kbd> ξανά ή <kbd>Escape</kbd> για να βγείτε από το συντάκτη.",
 	"og.repo.summary_card.alt_description": "Συνοπτική καρτέλα του αποθετηρίου %[1]s, περιγράφεται ως: %[2]s",
 	"repo.diff.commit.next-short": "Επόμ",
-	"followers.outgoing.list.self.none": "Δεν ακολουθείτε κανένα.",
+	"followers.outgoing.list.self.none": "Δεν ακολουθείτε κανέναν.",
 	"mail.actions.run_info_previous_status": "Κατάσταση Προηγούμενης Εκτέλεσης: %[1]s",
 	"editor.textarea.tab_hint": "Η γραμμή είναι ήδη στοιχισμένη. Πατήστε <kbd>Tab</kbd> ξανά ή <kbd>Escape</kbd> για να βγείτε από το συντάκτη.",
 	"repo.settings.push_mirror.branch_filter.description": "Κλάδοι που θα καθρεφτιστούν. Αφήστε κενό για να καθρεφτίζονται όλοι οι κλάδοι. Δείτε τη <a href=\"%[1]s\">τεκμηρίωση του %[2]s</a> για τη σύνταξη. Παράδειγμα: <code>main, release/*</code>",
@@ -122,7 +122,7 @@
 	"alert.range_error": " πρέπει να είναι αριθμός μεταξύ %[1]s και %[2]s.",
 	"admin.auths.allow_username_change.description": "Επιτρέπεται στους χρήστες να αλλάξουν το όνομα χρήστη τους στις ρυθμίσεις προφίλ",
 	"profile.edit.link": "Επεξεργασία προφίλ",
-	"feed.atom.link": "Ροή atom",
+	"feed.atom.link": "Ροή Atom",
 	"keys.ssh.link": "Κλειδιά SSH",
 	"keys.gpg.link": "Κλειδιά GPG",
 	"admin.config.moderation_config": "Ρυθμίσεις εποπτείας",
@@ -131,7 +131,7 @@
 	"moderation.report_abuse_form.invalid": "Μη έγκυρες παράμετροι",
 	"admin.dashboard.cleanup_offline_runners": "Καθαρισμός των εκτελεστών εκτός σύνδεσης",
 	"admin.dashboard.remove_resolved_reports": "Αφαίρεση επιλυμένων αναφορών",
-	"profile.actions.tooltip": "Περισσότερες δράσεις",
+	"profile.actions.tooltip": "Περισσότερες ενέργειες",
 	"moderation.submit_report": "Υποβολή έκθεσης",
 	"moderation.reporting_failed": "Αδυναμία υποβολής της νέας έκθεσης κατάχρησης:% v",
 	"admin.moderation.moderation_reports": "Αναφορές εποπτείας",
@@ -177,5 +177,20 @@
 	"repo.issues.filter_modified.hint": "Φίλτρο με βάση την τελευταία τροποποίηση",
 	"repo.pulls.poster_manage_approval": "Διαχείριση έγκρισης",
 	"repo.issues.filter_reviewers.hint": "Φίλτρο με βάση το χρήστη που αναθεώρησε",
-	"repo.pulls.poster_requires_approval": "Κάποιες ροές εργασίας <a href=\"%[1]s\">περιμένουν για αναθεώρηση.</a>"
+	"repo.pulls.poster_requires_approval": "Κάποιες ροές εργασίας <a href=\"%[1]s\">περιμένουν για αναθεώρηση.</a>",
+	"issues.updated": "ενημερώθηκε %s",
+	"repo.pulls.poster_trust_revoke": "Ανάκληση",
+	"repo.pulls.poster_trust_deny": "Απόρριψη",
+	"repo.pulls.poster_trust_once": "Έγκριση μια φορά",
+	"repo.pulls.poster_trust_always": "Έγκριση πάντα",
+	"search.syntax": "Σύνταξη αναζήτησης",
+	"search.fuzzy": "Παραπλήσια",
+	"search.fuzzy_tooltip": "Να συμπεριλαμβάνονται αποτελέσματα που έχουν παρεμφερή αντιστοιχία με τον όρο αναζήτησης",
+	"moderation.unknown_action": "Άγνωστη ενέργεια",
+	"moderation.action.comment.delete": "Διαγραφή σχολίου",
+	"moderation.action.account.delete": "Διαγραφή λογαριασμού",
+	"moderation.action.account.suspend": "Αναστολή λογαριασμού",
+	"moderation.action.repo.delete": "Διαγραφή αποθετηρίου",
+	"moderation.action.issue.delete": "Διαγραφή ζητήματος",
+	"keys.verify.token.hint": "Το διακριτικό είναι έγκυρο μόνο για 1 λεπτό. <a href=\"%[1]s\">Λάβετε ένα καινούργιο εάν έχει λήξει</a>."
 }
diff --git a/options/locale_next/locale_eo.json b/options/locale_next/locale_eo.json
index 0d61c5d503..6adccb9eb5 100644
--- a/options/locale_next/locale_eo.json
+++ b/options/locale_next/locale_eo.json
@@ -93,5 +93,6 @@
 	"repo.issues.filter_reviewers.hint": "Filtri laŭ uzanto kiu recenzis",
 	"repo.issues.filter_mention.hint": "Filtri laŭ menciita uzanto",
 	"repo.issues.filter_modified.hint": "Filtri laŭ lasta modifdato",
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " ",
+	"moderation.report_remarks": "Rimarkoj"
 }
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index 76b41dc45b..aff074090f 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -30,7 +30,7 @@
 	"themes.names.forgejo-dark": "Forgejo oscuro",
 	"themes.names.forgejo-light": "Forgejo claro",
 	"home.welcome.no_activity": "Sin actividad",
-	"meta.last_line": "¡Gracias por traducir Forgejo! Esta línea no es vista por los usuarios pero sirve para otros propósitos en la gestión de la traducción. Puedes colocar un dato curioso en la traducción en lugar de traducirla.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "¡Gracias por traducir Forgejo! Esta línea no es vista por los usuarios pero sirve para otros propósitos en la gestión de la traducción. Puedes colocar un dato curioso en la traducción en lugar de traducirla.",
 	"relativetime.now": "ahora",
 	"relativetime.mins": {
 		"one": "hace %d minuto",
diff --git a/options/locale_next/locale_et.json b/options/locale_next/locale_et.json
index 8c451866c2..882310f58a 100644
--- a/options/locale_next/locale_et.json
+++ b/options/locale_next/locale_et.json
@@ -53,7 +53,7 @@
 	"home.explore_repos": "Uuri lähtekoodi hoidlaid",
 	"home.explore_users": "Otsi kasutajaid",
 	"home.explore_orgs": "Tutvu organisatsioonidega",
-	"meta.last_line": "Tänud, et oled Forgejo'd tõlkinud! Work hard and put in the effort, and love will come. (Tee tööd ja näe vaeva, siis tuleb armastus - A. H. Tammsaare)\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Tänud, et oled Forgejo'd tõlkinud! Work hard and put in the effort, and love will come. (Tee tööd ja näe vaeva, siis tuleb armastus - A. H. Tammsaare).",
 	"keys.ssh.link": "SSH võtmed",
 	"keys.gpg.link": "GPG võtmed",
 	"profile.edit.link": "Muuda profiili",
@@ -66,5 +66,11 @@
 	"release.n_downloads": {
 		"one": "%s allalaadimine",
 		"other": "%s allalaadimist"
-	}
+	},
+	"fork.n_forks": {
+		"one": "%s koodiharu",
+		"other": "%s koodiharu"
+	},
+	"compare.branches.title": "Võrdle alamharusid",
+	"repo.settings.push_mirror.branch_filter.label": "Alamharude filter (kui soovid)"
 }
diff --git a/options/locale_next/locale_eu.json b/options/locale_next/locale_eu.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_eu.json
+++ b/options/locale_next/locale_eu.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_fa-IR.json b/options/locale_next/locale_fa-IR.json
index ce17cfba4d..26cda2f301 100644
--- a/options/locale_next/locale_fa-IR.json
+++ b/options/locale_next/locale_fa-IR.json
@@ -28,5 +28,5 @@
 		"one": "%s تقاضای واکشی فعال",
 		"other": "%s تقاضاهای واکشی فعال"
 	},
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_fi-FI.json b/options/locale_next/locale_fi-FI.json
index 025d79cac2..f0809c8343 100644
--- a/options/locale_next/locale_fi-FI.json
+++ b/options/locale_next/locale_fi-FI.json
@@ -69,7 +69,7 @@
 		"one": "%d viikko sitten",
 		"other": "%d viikkoa sitten"
 	},
-	"meta.last_line": "Thank you for translating Forgejo! Päivitä tämä käännös, jos luet tämän viestin.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Thank you for translating Forgejo! Päivitä tämä käännös, jos luet tämän viestin.",
 	"relativetime.2months": "kaksi kuukautta sitten",
 	"mail.actions.successful_run_after_failure_subject": "Työnkulku %[1]s palautettu tietovarastoon %[2]s",
 	"mail.actions.successful_run_after_failure": "Työnkulku %[1]s palautettu tietovarastoon %[2]s",
@@ -192,5 +192,11 @@
 	"moderation.users.already_suspended": "Käyttäjätili on jo jäädytetty.",
 	"moderation.users.suspend_success": "Käyttäjätili on jäädytetty.",
 	"moderation.issue.deletion_success": "Ongelma on poistettu.",
-	"moderation.comment.deletion_success": "Kommentti on poistettu."
+	"moderation.comment.deletion_success": "Kommentti on poistettu.",
+	"issues.updated": "päivitetty %s",
+	"search.fuzzy": "Sumea",
+	"mail.issue.action.close_by_commit": "%[1]s sulki %[2]s kommitissa %[3]s.",
+	"editor.search": "Hae",
+	"editor.replace": "Korvaa",
+	"editor.replace_all": "Korvaa kaikki"
 }
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 2ecf59ba73..224abe76e7 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -33,7 +33,7 @@
 	"alert.asset_load_failed": "Nabigong i-load ang mga asset file mula sa {path}. Siguraduhin na maa-access ang mga asset file.",
 	"install.invalid_lfs_path": "Nabigong gawin ang LFS root sa tinakdang path: %[1]s",
 	"alert.range_error": " dapat ay numero sa pagitan ng %[1]s at %[2]s.",
-	"meta.last_line": "Every day, I imagine a future where I can be with you. In my hand is a pen that will write a poem of me and you. The ink flows down into a dark puddle... Just move your hand, write the way into his heart. But in this world of infinite choices, what will it take just to find that special day? Have I found everybody a fun assignment to do today? When you're here, everything that we do is fun for them anyway... When I can't even read my own feelings, what good are words when a smile says it all? And if this world won't write me an ending, what will it take just for me to have it all? Does my pen only write bitter words for those who are dear to me? Is it love if I take you, or is it love if I set you free? The ink flows down into a dark puddle... How can I write love into reality? If I can't hear the sound of your heartbeat, what do you call love in your reality? And in your reality, if I don't know how to love you... I'll leave you be.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Every day, I imagine a future where I can be with you. In my hand is a pen that will write a poem of me and you. The ink flows down into a dark puddle... Just move your hand, write the way into his heart. But in this world of infinite choices, what will it take just to find that special day? Have I found everybody a fun assignment to do today? When you're here, everything that we do is fun for them anyway... When I can't even read my own feelings, what good are words when a smile says it all? And if this world won't write me an ending, what will it take just for me to have it all? Does my pen only write bitter words for those who are dear to me? Is it love if I take you, or is it love if I set you free? The ink flows down into a dark puddle... How can I write love into reality? If I can't hear the sound of your heartbeat, what do you call love in your reality? And in your reality, if I don't know how to love you... I'll leave you be.",
 	"mail.actions.successful_run_after_failure": "Na-recover ang workflow na %[1]s sa repositoryong %[2]s",
 	"mail.actions.not_successful_run": "Nabigo ang workflow na %[1]s sa repositoryong %[2]s",
 	"mail.actions.run_info_previous_status": "Nakaraang Status ng Run: %[1]s",
@@ -231,13 +231,22 @@
 	"moderation.comment.deletion_success": "Binura na ang komento.",
 	"actions.workflow.persistent_incomplete_matrix": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s dahil sa hindi wastong `needs` na ekspresyon. Maaari itong sumangguni sa isang trabaho na hindi nasa `needs` na listahan (%[2]s), o isang output na hindi umiiral sa isa sa mga trabaho na iyon.",
 	"actions.workflow.incomplete_matrix_missing_job": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: hindi nasa listahan ng `needs`ng trabahong %[1]s (%[3]s) ang trabahong %[2]s.",
-	"actions.workflow.incomplete_matrix_missing_output": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: walang output na %[3]s ang trabahong %[2]s.",
+	"actions.workflow.incomplete_matrix_missing_output": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: nawawalang output na %[3]s ang trabahong %[2]s.",
 	"actions.workflow.incomplete_matrix_unknown_cause": "Hindi masuri ang `strategy.matrix` ng trabahong %[1]s: hindi alam na error.",
 	"actions.workflow.incomplete_runson_missing_job": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi nasa listahan ng `needs` ng trabahong %[1]s (%[3]s) ang trabahong %[2]s.",
-	"actions.workflow.incomplete_runson_missing_output": "Hindi masuri ang `runs-on` ng trabahong %[1]s: walang output na %[3]s ang trabahong %[2]s.",
+	"actions.workflow.incomplete_runson_missing_output": "Hindi masuri ang `runs-on` ng trabahong %[1]s: nawawalang output na %[3]s ang trabahong %[2]s.",
 	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi umiiral ang matrix dimension na %[2]s.",
 	"actions.workflow.incomplete_runson_unknown_cause": "Hindi masuri ang `runs-on` ng trabahong %[1]s: hindi alam na error.",
 	"admin.auths.oauth2_quota_group_claim_name": "Claim name na nagbibigay ng mga pangalan ng grupo para sa pinagmulan na ito na gagamitin sa pamamahala ng quota. (Opsyonal)",
 	"admin.auths.oauth2_quota_group_map": "I-map ang mga claimed group sa mga quota group. (Opsyonal - kinakailangan ang claim name sa itaas)",
-	"admin.auths.oauth2_quota_group_map_removal": "Tanggalin ang mga user mula sa mga naka-sync na quota group kung hindi nabibilang sa katumbas na grupo ang user."
+	"admin.auths.oauth2_quota_group_map_removal": "Tanggalin ang mga user mula sa mga naka-sync na quota group kung hindi nabibilang sa katumbas na grupo ang user.",
+	"actions.workflow.incomplete_with_missing_job": "Hindi masuri ang `with` ng trabahong %[1]s: hindi nasa listahan ng `needs` ng trabahong %[1]s (%[3]s) ang trabahong %[2]s.",
+	"actions.workflow.incomplete_with_missing_output": "Hindi masuri ang `with` ng trabahong %[1]s: nawawalang output na %[3]s ang trabahong %[2]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Hindi masuri ang `with` ng trabahong %[1]s: hindi umiiral ang matrix dimension na %[2]s.",
+	"actions.workflow.incomplete_with_unknown_cause": "Hindi masuri ang `with` ng trabahong %[1]s: hindi alam na error.",
+	"pulls.manual_merge.helper": "Tagatulong sa manwal na pagsasama",
+	"pulls.manual_merge.helpder.description": "Gamitin ang mensahe na ito kapag kukumpletuhin nang manwal ang pagsasama.",
+	"pulls.manual_merge.commit.title": "Title ng merge commit",
+	"pulls.manual_merge.commit.body": "Nilalaman ng merge commit",
+	"pulls.manual_merge.copy.button": "Kopyahin ang mensahe ng merge commit"
 }
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index da506fa36b..41aaea5359 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -79,7 +79,7 @@
 	"error.not_found.title": "Page non trouvée",
 	"relativetime.1month": "le mois dernier",
 	"incorrect_root_url": "Cette instance Forgejo est configuré pour être servi sur \"%s\". Vous êtes actuellement en train de regarder Forgejo avec une URL différente, ce qui pourrait casser certaines parties de cette application. L'URL canonique est controllée par les administrateurs Forgejo grâce au paramètre ROOT_URL dans le app.ini.",
-	"meta.last_line": "Merci de traduire Forgejo ! Cette ligne n'est pas vue par les utilisateurs mais sert à d'autres fins dans la gestion de la traduction. Vous pouvez mettre une fun fact dans la traduction au lieu de la traduire. Miaou.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Merci de traduire Forgejo ! Cette ligne n'est pas vue par les utilisateurs mais sert à d'autres fins dans la gestion de la traduction. Vous pouvez mettre une fun fact dans la traduction au lieu de la traduire. Miaou.",
 	"mail.actions.successful_run_after_failure": "Workflow %[1]s récupéré dans le dépôt %[2]s",
 	"mail.actions.successful_run_after_failure_subject": "Workflow %[1]s récupéré dans le dépôt %[2]s",
 	"mail.actions.not_successful_run_subject": "Workflow %[1]s a raté dans le dépôt %[2]s",
@@ -127,7 +127,7 @@
 	"keys.ssh.link": "Clé SSH",
 	"keys.gpg.link": "Clés GPG",
 	"compare.branches.title": "Comparer les branches",
-	"repo.settings.push_mirror.branch_filter.description": "Branches a répliquer. Laisser vide pour répliquer toutes les branches. Voir la documentation <a href=\"%[1]s\">%[2]</a> pour la syntaxe. Exemples : <code>main, release/*</code>",
+	"repo.settings.push_mirror.branch_filter.description": "Branches a répliquer. Laisser vide pour répliquer toutes les branches. Voir la documentation <a href=\"%[1]s\">%[2]s</a> pour la syntaxe. Exemples : <code>main, release/*</code>",
 	"mail.actions.run_info_sha": "Commit: %[1]s",
 	"admin.moderation.deleted_content_ref": "Le signalement avec le type %[1]v et l'identifiant %[2]d n'existe plus",
 	"error.must_enable_2fa": "Cette instance Forgejo exige que les utilisateurs activent l'authentification à deux facteurs avant qu'ils puissent accéder a leurs comptes. Activez-la sur  : %s",
@@ -244,5 +244,20 @@
 	"actions.workflow.incomplete_runson_missing_output": "Impossible d'évaluer les `runs-on` de la tâche %[1]s : la tâche %[2]s n'a pas de sortie %[3]s.",
 	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Impossible d'évaluer les `runs-on` de la tâche %[1]s : la dimension matricielle %[2]s n'existe pas.",
 	"actions.workflow.incomplete_runson_unknown_cause": "Impossible d'évaluer `runs-on` de la tâche %[1]s : erreur inconnue.",
-	"admin.auths.oauth2_quota_group_map_removal": "Supprimer les utilisateurs des groupes de quotas synchronisés si l'utilisateur n'appartient pas au groupe correspondant."
+	"admin.auths.oauth2_quota_group_map_removal": "Supprimer les utilisateurs des groupes de quotas synchronisés si l'utilisateur n'appartient pas au groupe correspondant.",
+	"issues.updated": "actualisé %s",
+	"search.fuzzy_tooltip": "Inclure les résultats avec une correspondance approximative avec le terme recherché",
+	"moderation.report.mark_as_handled": "Marquer comme traité",
+	"actions.workflow.incomplete_with_missing_job": "Impossible d'évaluer `with` avec la tâche %[1]s : la tâche %[2]s n'est pas dans la liste `needs` de la tâche %[1]s (%[3]s).",
+	"pulls.manual_merge.copy.button": "Copier le message de commit de fusion",
+	"editor.search": "Rechercher",
+	"editor.find_previous": "Recherche précédente",
+	"editor.find_next": "Recherche suivante",
+	"editor.replace": "Remplacer",
+	"editor.toggle_case": "Activer/désactiver la sensibilité à la casse",
+	"editor.toggle_regex": "Activer/désactiver l'utilisation d'expressions régulières",
+	"repo.view.gitmodules_too_large": "Le fichier .gitmodules est trop volumineux et sera ignoré (lors des appels API par exemple)",
+	"search.fuzzy": "Approximative",
+	"pulls.manual_merge.commit.title": "Titre de la fusion de commit",
+	"pulls.manual_merge.commit.body": "Contenue de la fusion de commit"
 }
diff --git a/options/locale_next/locale_fur.json b/options/locale_next/locale_fur.json
new file mode 100644
index 0000000000..f94b420a3f
--- /dev/null
+++ b/options/locale_next/locale_fur.json
@@ -0,0 +1,7 @@
+{
+	"home.welcome.no_activity": "Nissune ativitât",
+	"stars.n_stars": {
+		"one": "%s stele",
+		"other": "%s stelis"
+	}
+}
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index 771ce0d70c..2f3ff7b138 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -1,24 +1,306 @@
 {
-	"migrate.git.description": "Aistrigh stór amháin ó aon seirbhís Git.",
-	"migrate.gitea.description": "Aistrigh sonraí ó gitea.com nó ó chásanna Gitea eile.",
-	"migrate.gitlab.description": "Aistrigh sonraí ó gitlab.com nó ó chásanna GitLab eile.",
-	"migrate.gogs.description": "Aistrigh sonraí ó notabug.org nó ó chásanna eile de chuid Gogs.",
-	"migrate.onedev.description": "Aistrigh sonraí ó code.onedev.io nó ó chásanna OneDev eile.",
-	"migrate.gitbucket.description": "Aistrigh sonraí ó chásanna GitBucket.",
-	"migrate.codebase.description": "Aistrigh sonraí ó codebasehq.com.",
+	"migrate.git.description": "Ná himirce stórlann ach ó aon seirbhís Git.",
+	"migrate.gitea.description": "Imirce sonraí ó gitea.com nó ó chásanna Gitea eile.",
+	"migrate.gitlab.description": "Imirce sonraí ó gitlab.com nó ó chásanna GitLab eile.",
+	"migrate.gogs.description": "Imirce sonraí ó notabug.org nó ó chásanna Gogs eile.",
+	"migrate.onedev.description": "Imirce sonraí ó code.onedev.io nó ó chásanna OneDev eile.",
+	"migrate.gitbucket.description": "Imirce sonraí ó chásanna GitBucket.",
+	"migrate.codebase.description": "Imirce sonraí ó codebasehq.com.",
 	"pulse.n_active_issues": {
-		"one": "%s Eagrán Gníomhach",
-		"two": "%s Ceisteanna Gníomhacha",
-		"few": "",
-		"many": "",
-		"other": ""
+		"one": "%s saincheist ghníomhach",
+		"two": "%s saincheisteanna ghníomhach",
+		"few": "%s saincheisteanna ghníomhach",
+		"many": "%s saincheisteanna ghníomhach",
+		"other": "%s saincheisteanna ghníomhach"
 	},
 	"pulse.n_active_prs": {
-		"one": "%s Iarratas Tarraingthe Gníomhach",
-		"two": "%s Iarratais Tharraing Ghníomhach",
-		"few": "",
-		"many": "",
-		"other": ""
+		"one": "%s iarratas tarraingthe gníomhach",
+		"two": "%s iarratais tarraingthe gníomhach",
+		"few": "%s iarratais tarraingthe gníomhach",
+		"many": "%s iarratais tarraingthe gníomhach",
+		"other": "%s iarratais tarraingthe gníomhach"
 	},
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": "Go raibh maith agat as Forgejo a aistriú! Ní fheiceann na húsáideoirí an líne seo ach tá cuspóirí eile aici i mbainistíocht an aistriúcháin. Is féidir leat fíric spraíúil a chur san aistriúchán in ionad í a aistriú.",
+	"home.welcome.no_activity": "Gan aon ghníomhaíocht",
+	"home.welcome.activity_hint": "Níl aon rud i do bheatha go fóill. Taispeánfar anseo do ghníomhartha agus do ghníomhaíocht ó stórtha a bhféachann tú orthu.",
+	"home.explore_repos": "Taiscéal stórtha",
+	"home.explore_users": "Taiscéal úsáideoirí",
+	"home.explore_orgs": "Taiscéal eagraíochtaí",
+	"fork.n_forks": {
+		"one": "%s forc",
+		"two": "%s forcanna",
+		"few": "%s forcanna",
+		"many": "%s forcanna",
+		"other": "%s forcanna"
+	},
+	"stars.list.none": "Níor chuir aon duine réalta leis an stór seo.",
+	"stars.n_stars": {
+		"one": "%s réalta",
+		"two": "%s réaltaí",
+		"few": "%s réaltaí",
+		"many": "%s réaltaí",
+		"other": "%s réaltaí"
+	},
+	"watch.list.none": "Níl aon duine ag breathnú ar an stór seo.",
+	"watch.n_watchers": {
+		"one": "%s faireoir",
+		"two": "%s faireoirí",
+		"few": "%s faireoirí",
+		"many": "%s faireoirí",
+		"other": "%s faireoirí"
+	},
+	"followers.incoming.list.self.none": "Níl aon duine ag leanúint do phróifíl.",
+	"followers.incoming.list.none": "Níl aon duine ag leanúint an úsáideora seo.",
+	"followers.outgoing.list.self.none": "Níl tú ag leanúint aon duine.",
+	"followers.outgoing.list.none": "Níl %s ag leanúint aon duine.",
+	"relativetime.now": "anois",
+	"relativetime.future": "sa todhchaí",
+	"relativetime.mins": {
+		"one": "%d nóiméad ó shin",
+		"two": "%d nóiméid ó shin",
+		"few": "%d nóiméid ó shin",
+		"many": "%d nóiméid ó shin",
+		"other": "%d nóiméid ó shin"
+	},
+	"relativetime.hours": {
+		"one": "%d uair ó shin",
+		"two": "%d uair an chloig ó shin",
+		"few": "%d uair an chloig ó shin",
+		"many": "%d uair an chloig ó shin",
+		"other": "%d uair an chloig ó shin"
+	},
+	"relativetime.days": {
+		"one": "%d lá ó shin",
+		"two": "%d laethanta ó shin",
+		"few": "%d laethanta ó shin",
+		"many": "%d laethanta ó shin",
+		"other": "%d laethanta ó shin"
+	},
+	"relativetime.weeks": {
+		"one": "%d seachtain ó shin",
+		"two": "%d seachtainí ó shin",
+		"few": "%d seachtainí ó shin",
+		"many": "%d seachtainí ó shin",
+		"other": "%d seachtainí ó shin"
+	},
+	"relativetime.months": {
+		"one": "%d mí ó shin",
+		"two": "%d míonna ó shin",
+		"few": "%d míonna ó shin",
+		"many": "%d míonna ó shin",
+		"other": "%d míonna ó shin"
+	},
+	"relativetime.years": {
+		"one": "%d bliain ó shin",
+		"two": "%d blianta ó shin",
+		"few": "%d blianta ó shin",
+		"many": "%d blianta ó shin",
+		"other": "%d blianta ó shin"
+	},
+	"relativetime.1day": "inné",
+	"relativetime.2days": "dhá lá ó shin",
+	"relativetime.1week": "an tseachtain seo caite",
+	"relativetime.2weeks": "coicís ó shin",
+	"relativetime.1month": "an mhí seo caite",
+	"relativetime.2months": "dhá mhí ó shin",
+	"relativetime.1year": "anuraidh",
+	"relativetime.2years": "dhá bhliain ó shin",
+	"repo.issues.filter_poster.hint": "Scag de réir an údair",
+	"repo.issues.filter_assignee.hint": "Scag de réir úsáideora sannta",
+	"repo.issues.filter_reviewers.hint": "Scag de réir úsáideora a rinne athbhreithniú",
+	"repo.issues.filter_mention.hint": "Scag de réir úsáideora luaite",
+	"repo.issues.filter_modified.hint": "Scag de réir an dáta deiridh a ndearnadh an modhnú air",
+	"repo.issues.filter_sort.hint": "Sórtáil de réir: cruthaithe/tráchtanna/nuashonraithe/spriocdháta",
+	"issues.updated": "nuashonraithe %s",
+	"repo.pulls.poster_manage_approval": "Bainistigh ceadú",
+	"repo.pulls.poster_requires_approval": "Tá roinnt sreafaí oibre <a href=\"%[1]s\">ag fanacht le hathbhreithniú.</a>",
+	"repo.pulls.poster_requires_approval.tooltip": "Níl muinín ag údar an iarratais tarraingthe seo chun sreafaí oibre a rith a spreagtar ag iarratas tarraingthe a cruthaíodh ó stór forcaithe nó le AGit. Ní rithfidh na sreafaí oibre a spreagtar ag imeacht `pull_request` go dtí go gceadófar iad.",
+	"repo.pulls.poster_is_trusted": "Tá <a href=\"%[1]s\">iontaointe i gcónaí as údar an iarratais tarraingthe seo chun sreafaí oibre a rith.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "Tá muinín shoiléir as údar an iarratais tarraingthe seo chun sreafaí oibre a rith arna spreagadh ag imeachtaí `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Diúltaigh",
+	"repo.pulls.poster_trust_deny.tooltip": "Cuirfear na sreafaí oibre atá ag fanacht le ceadú ar ceal.",
+	"repo.pulls.poster_trust_once": "Ceadaigh uair amháin",
+	"repo.pulls.poster_trust_once.tooltip": "Rithfidh na sreafaí oibre a spreagtar ag imeacht `pull_request` ar an tiomantas seo ach beidh gá iad a cheadú do gach tiomantas amach anseo a bhrúitear chuig an iarratas tarraingthe seo.",
+	"repo.pulls.poster_trust_always": "Ceadaigh i gcónaí",
+	"repo.pulls.poster_trust_always.tooltip": "Rithfidh na sreafaí oibre a spreagtar ag imeacht `pull_request` ar an tiomantas seo agus ní bheidh aon ghá le ritheanna ón iarratas tarraingthe seo ná ó iarratais tarraingthe amach anseo arna n-údarú ag an úsáideoir céanna a cheadú.",
+	"repo.pulls.poster_trust_revoke": "Cúlghairm",
+	"repo.pulls.poster_trust_revoke.tooltip": "Ní bheidh muinín a thuilleadh as údar an iarratais tarraingthe seo chun sreafaí oibre a rith arna spreagadh ag imeacht `pull_request`, beidh ort gach rith a cheadú de láimh.",
+	"repo.pulls.already_merged": "Theip ar chumasc: Tá an t-iarratas tarraingthe seo cumasctha cheana féin.",
+	"repo.pulls.merged_title_desc": {
+		"one": "%[1]d tiomantas comhcheangailte ó <code>%[2]s</code> isteach i <code>%[3]s</code> %[4]s",
+		"two": "%[1]d tiomantais comhcheangailte ó <code>%[2]s</code> isteach i <code>%[3]s</code> %[4]s",
+		"few": "%[1]d tiomantais comhcheangailte ó <code>%[2]s</code> isteach i <code>%[3]s</code> %[4]s",
+		"many": "%[1]d tiomantais comhcheangailte ó <code>%[2]s</code> isteach i <code>%[3]s</code> %[4]s",
+		"other": "%[1]d tiomantais comhcheangailte ó <code>%[2]s</code> isteach i <code>%[3]s</code> %[4]s"
+	},
+	"repo.pulls.title_desc": {
+		"one": "ag iarraidh %[1]d tiomantas ó <code>%[2]s</code> a chumasc le <code id=\"%[4]s\">%[3]s</code>",
+		"two": "ag iarraidh %[1]d tiomantais ó <code>%[2]s</code> a chumasc le <code id=\"%[4]s\">%[3]s</code>",
+		"few": "ag iarraidh %[1]d tiomantais ó <code>%[2]s</code> a chumasc le <code id=\"%[4]s\">%[3]s</code>",
+		"many": "ag iarraidh %[1]d tiomantais ó <code>%[2]s</code> a chumasc le <code id=\"%[4]s\">%[3]s</code>",
+		"other": "ag iarraidh %[1]d tiomantais ó <code>%[2]s</code> a chumasc le <code id=\"%[4]s\">%[3]s</code>"
+	},
+	"repo.pulls.maintainers_can_edit": "Is féidir le cothabhálaithe an iarratas tarraingthe seo a chur in eagar.",
+	"repo.pulls.maintainers_cannot_edit": "Ní féidir le cothabhálaithe an iarratas tarraingthe seo a chur in eagar.",
+	"repo.form.cannot_create": "Tá an teorainn stórtha sroichte ag na spásanna uile inar féidir leat stórtha a chruthú.",
+	"repo.view.gitmodules_too_large": "Tá an comhad .gitmodules rómhór agus déanfar neamhaird de (ar ghlaonna API mar shampla)",
+	"migrate.form.error.url_credentials": "Tá dintiúir sa URL, cuir iad sna réimsí ainm úsáideora agus pasfhocail faoi seach",
+	"migrate.github.description": "Imirce sonraí ó github.com nó freastalaí GitHub Enterprise.",
+	"migrate.forgejo.description": "Imirce sonraí ó codeberg.org nó ó chásanna Forgejo eile.",
+	"repo.issue_indexer.title": "Innéacsóir na Saincheisteanna",
+	"search.milestone_kind": "Cuardaigh clocha míle…",
+	"search.syntax": "Comhréir cuardaigh",
+	"search.fuzzy": "Doiléir",
+	"search.fuzzy_tooltip": "Is meaitseáil gharbh leis an téarma cuardaigh é torthaí a chur san áireamh",
+	"repo.settings.push_mirror.branch_filter.label": "Scagaire brainse (roghnach)",
+	"repo.settings.push_mirror.branch_filter.description": "Brainsí le scáthánú. Fág bán chun gach brainse a scáthánú. Féach ar <a href=\"%[1]s\">doiciméadú %[2]s</a> le haghaidh comhréir. Samplaí: <code>main, release/*</code>",
+	"incorrect_root_url": "Tá an sampla Forgejo seo cumraithe le freastal ar \"%s\". Tá tú ag féachaint ar Forgejo faoi láthair trí URL difriúil, rud a d'fhéadfadh a bheith ina chúis le briseadh i gcodanna den fheidhmchlár. Rialaíonn riarthóirí Forgejo an URL canónach tríd an socrú ROOT_URL san app.ini.",
+	"themes.names.forgejo-auto": "Forgejo (téama an chórais a leanúint)",
+	"themes.names.forgejo-light": "Solas Forgejo",
+	"themes.names.forgejo-dark": "Forgejo dorcha",
+	"error.not_found.title": "Leathanach gan aimsiú",
+	"warning.repository.out_of_sync": "Tá ionadaíocht bhunachar sonraí an stórais seo as sioncrónú. Má tá an rabhadh seo fós le feiceáil tar éis tiomnú a bhrú chuig an stóras seo, déan teagmháil leis an riarthóir.",
+	"alert.asset_load_failed": "Theip ar chomhaid sócmhainní a luchtú ó {path}. Cinntigh le do thoil gur féidir rochtain a fháil ar na comhaid sócmhainní.",
+	"alert.range_error": " ní mór gur uimhir idir %[1]s agus %[2]s í.",
+	"install.invalid_lfs_path": "Ní féidir fréamh LFS a chruthú ag an gcosán sonraithe: %[1]s",
+	"profile.actions.tooltip": "Tuilleadh gníomhartha",
+	"profile.edit.link": "Cuir próifíl in eagar",
+	"feed.atom.link": "Beatha adamhach",
+	"keys.ssh.link": "Eochracha SSH",
+	"keys.gpg.link": "Eochracha GPG",
+	"keys.verify.token.hint": "Níl an comhartha bailí ach ar feadh nóiméid amháin. <a href=\"%[1]s\">Faigh ceann nua má tá sé imithe in éag</a>.",
+	"admin.config.moderation_config": "Cumraíocht modhnóireachta",
+	"admin.moderation.moderation_reports": "Tuairiscí modhnóireachta",
+	"admin.moderation.reports": "Tuairiscí",
+	"admin.moderation.no_open_reports": "Níl aon tuarascálacha oscailte faoi láthair.",
+	"admin.moderation.deleted_content_ref": "Níl an t-ábhar tuairiscithe le cineál %[1]v agus id %[2]d ann a thuilleadh",
+	"moderation.report.mark_as_handled": "Marcáil mar láimhseáilte",
+	"moderation.report.mark_as_ignored": "Marcáil mar neamhaird",
+	"moderation.action.account.delete": "Scrios cuntas",
+	"moderation.action.account.suspend": "Cuir cuntas ar fionraí",
+	"moderation.action.repo.delete": "Scrios an stórlann",
+	"moderation.action.issue.delete": "Scrios an cheist",
+	"moderation.action.comment.delete": "Scrios trácht",
+	"moderation.unknown_action": "Gníomh anaithnid",
+	"moderation.users.cannot_suspend_self": "Ní féidir leat tú féin a chur ar fionraí.",
+	"moderation.users.cannot_suspend_admins": "Ní féidir úsáideoirí a bhfuil pribhléidí riarthóra acu a chur ar fionraí.",
+	"moderation.users.cannot_suspend_org": "Ní féidir eagraíochtaí a chur ar fionraí.",
+	"moderation.users.already_suspended": "Tá cuntas úsáideora ar fionraí cheana féin.",
+	"moderation.users.suspend_success": "Tá an cuntas úsáideora curtha ar fionraí.",
+	"moderation.users.cannot_delete_admins": "Ní féidir úsáideoirí a bhfuil pribhléidí riarthóra acu a scriosadh.",
+	"moderation.issue.deletion_success": "Tá an cheist scriosta.",
+	"moderation.comment.deletion_success": "Scriosadh an trácht.",
+	"moderation.report_abuse": "Tuairiscigh mí-úsáid",
+	"moderation.report_content": "Tuairiscigh ábhar",
+	"moderation.report_abuse_form.header": "Tuairiscigh mí-úsáid don riarthóir",
+	"moderation.report_abuse_form.details": "Ba chóir an fhoirm seo a úsáid chun tuairisc a thabhairt ar úsáideoirí a chruthaíonn próifílí turscair, stórtha, fadhbanna, tuairimí nó a iompraíonn iad féin go míchuí.",
+	"moderation.report_abuse_form.invalid": "Argóintí neamhbhailí",
+	"moderation.report_abuse_form.already_reported": "Tá an t-ábhar seo tuairiscithe agat cheana féin",
+	"moderation.abuse_category": "Catagóir",
+	"moderation.abuse_category.placeholder": "Roghnaigh catagóir",
+	"moderation.abuse_category.spam": "Turscar",
+	"moderation.abuse_category.malware": "Bogearraí mailíseacha",
+	"moderation.abuse_category.illegal_content": "Ábhar mídhleathach",
+	"moderation.abuse_category.other_violations": "Sáruithe eile ar rialacha an ardáin",
+	"moderation.report_remarks": "Suntas",
+	"moderation.report_remarks.placeholder": "Tabhair roinnt sonraí maidir leis an mí-úsáid atá á tuairisciú agat, le do thoil.",
+	"moderation.submit_report": "Cuir isteach tuarascáil",
+	"moderation.reporting_failed": "Ní féidir an tuarascáil nua mí-úsáide a chur isteach: %v",
+	"moderation.reported_thank_you": "Go raibh maith agat as do thuairisc. Tá an riarachán curtha ar an eolas faoi.",
+	"mail.actions.successful_run_after_failure_subject": "Aisghafa sreabhadh oibre %[1]s i stórlann %[2]s",
+	"mail.actions.not_successful_run_subject": "Theip ar shreabhadh oibre %[1]s i stórlann %[2]s",
+	"mail.actions.successful_run_after_failure": "Aisghafa sreabhadh oibre %[1]s i stórlann %[2]s",
+	"mail.actions.not_successful_run": "Theip ar shreabhadh oibre %[1]s i stórlann %[2]s",
+	"mail.actions.run_info_cur_status": "Stádas an Rith seo: %[1]s (nuashonraithe díreach ó %[2]s)",
+	"mail.actions.run_info_previous_status": "Stádas an Rith Roimhe Seo: %[1]s",
+	"mail.actions.run_info_sha": "Tiomantas: %[1]s",
+	"mail.actions.run_info_trigger": "Spreagtha mar gheall ar: %[1]s ag: %[2]s",
+	"mail.issue.action.close_by_commit": "%[1]s dhún %[2]s i ngealltanas %[3]s.",
+	"repo.diff.commit.next-short": "Ar Aghaidh",
+	"repo.diff.commit.previous-short": "Roimh",
+	"discussion.locked": "Tá an plé seo faoi ghlas. Tá cead trácht a dhéanamh teoranta do rannpháirtithe.",
+	"discussion.sidebar.reference": "Tagairt",
+	"editor.textarea.tab_hint": "Tá an líne fillte cheana féin. Brúigh <kbd>Tab</kbd> arís nó <kbd>Escape</kbd> chun an eagarthóir a fhágáil.",
+	"editor.textarea.shift_tab_hint": "Gan aon eangú ar an líne seo. Brúigh <kbd>Shift</kbd> + <kbd>Tab</kbd> arís nó <kbd>Escape</kbd> chun an t-eagarthóir a fhágáil.",
+	"admin.auths.allow_username_change": "Ceadaigh athrú ainm úsáideora",
+	"admin.auths.allow_username_change.description": "Ceadaigh d’úsáideoirí a n-ainm úsáideora a athrú sna socruithe próifíle",
+	"admin.dashboard.cleanup_offline_runners": "Glanadh reathaithe as líne",
+	"admin.dashboard.remove_resolved_reports": "Bain tuairiscí réitithe",
+	"admin.dashboard.actions_action_user": "Cúlghair muinín Forgejo Actions d'úsáideoirí neamhghníomhacha",
+	"admin.dashboard.transfer_lingering_logs": "Aistrigh logaí gníomhartha na bpost gníomhartha críochnaithe ón mbunachar sonraí go dtí an stóras",
+	"admin.config.security": "Cumraíocht slándála",
+	"admin.config.global_2fa_requirement.title": "Riachtanas domhanda dhá fhachtóir",
+	"admin.config.global_2fa_requirement.none": "Níl",
+	"admin.config.global_2fa_requirement.all": "Gach úsáideoirí",
+	"admin.config.global_2fa_requirement.admin": "Riarthóirí",
+	"settings.visibility.description": "Bíonn tionchar ag infheictheacht próifíle ar chumas daoine eile rochtain a fháil ar do stórtha neamhphríobháideacha. <a href=\"%s\" target=\"_blank\">Foghlaim tuilleadh</a>.",
+	"settings.twofa_unroll_unavailable": "Tá fíordheimhniú dhá fhachtóir ag teastáil do do chuntas agus ní féidir é a dhíchumasú.",
+	"settings.twofa_reenroll": "Athchláraigh fíordheimhniú dhá fhachtóir",
+	"settings.twofa_reenroll.description": "Athchláraigh d’fhíordheimhniú dhá fhachtóir",
+	"settings.must_enable_2fa": "Éilíonn an cás Forgejo seo ar úsáideoirí fíordheimhniú dhá fhachtóir a chumasú sula bhféadann siad rochtain a fháil ar a gcuntais.",
+	"error.must_enable_2fa": "Éilíonn an sampla Forgejo seo ar úsáideoirí fíordheimhniú dhá fhachtóir a chumasú sula bhféadann siad rochtain a fháil ar a gcuntais. Cumasaigh é ag: %s",
+	"avatar.constraints_hint": "Ní fhéadfaidh avatar saincheaptha a bheith níos mó ná %[1]s i méid ná níos mó ná %[2]dx%[3]d picteilín",
+	"user.ghost.tooltip": "Tá an t-úsáideoir seo scriosta, nó ní féidir é a mheaitseáil.",
+	"og.repo.summary_card.alt_description": "Cárta achoimre stórtha %[1]s, curtha síos mar: %[2]s",
+	"repo.commit.load_tags_failed": "Theip ar chlibeanna a luchtú mar gheall ar earráid inmheánach",
+	"compare.branches.title": "Déan comparáid idir brainsí",
+	"migrate.pagure.description": "Imirce sonraí ó pagure.io nó ó chásanna Pagure eile.",
+	"migrate.pagure.incorrect_url": "Soláthraíodh URL stórais foinse mícheart",
+	"migrate.pagure.project_url": "URL tionscadail leathanaigh",
+	"migrate.pagure.project_example": "URL thionscadal Pagure, m.sh. https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Comhartha API Pagure",
+	"migrate.pagure.private_issues.summary": "Saincheisteanna Príobháideacha (Roghnach)",
+	"migrate.pagure.private_issues.description": "Tá an ghné seo deartha chun dara stór a chruthú ina bhfuil saincheisteanna príobháideacha ó do thionscadal Pagure amháin chun críocha cartlannaithe. Ar dtús, déan aistriú gnáth (gan chomhartha) chun an t-ábhar poiblí go léir a allmhairiú. Ansin, má tá saincheisteanna príobháideacha agat le caomhnú, cruthaigh stór ar leith ag baint úsáide as an rogha comhartha seo chun na saincheisteanna príobháideacha sin a chartlannú.",
+	"migrate.pagure.private_issues.warning": "Bí cinnte infheictheacht an stórais thuas a shocrú go Príobháideach má tá tú ag úsáid an eochair API chun saincheisteanna príobháideacha a allmhairiú. Cuireann sé seo cosc ar ábhar príobháideach a nochtadh de thaisme i stór poiblí.",
+	"migrate.pagure.token.placeholder": "Chun cartlann saincheisteanna príobháideacha a chruthú amháin",
+	"release.n_downloads": {
+		"one": "%s íoslódáil",
+		"two": "%s íoslódálacha",
+		"few": "%s íoslódálacha",
+		"many": "%s íoslódálacha",
+		"other": "%s íoslódálacha"
+	},
+	"actions.status.diagnostics.waiting": {
+		"one": "Ag fanacht le rithire leis an lipéad seo a leanas: %s",
+		"two": "Ag fanacht le rithire leis an lipéad seo a lipéid: %s",
+		"few": "Ag fanacht le rithire leis an lipéad seo a lipéid: %s",
+		"many": "Ag fanacht le rithire leis an lipéad seo a lipéid: %s",
+		"other": "Ag fanacht le rithire leis an lipéad seo a lipéid: %s"
+	},
+	"actions.runs.run_attempt_label": "Iarracht rith #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "Tá tú ag féachaint ar rith atá as dáta den phost seo a cuireadh i gcrích %[1]s.",
+	"actions.runs.view_most_recent_run": "Féach ar an rith is déanaí",
+	"actions.workflow.job_parsing_error": "Ní féidir poist a pharsáil sa sreabhadh oibre: %v",
+	"actions.workflow.event_detection_error": "Ní féidir imeachtaí tacaithe a pharsáil sa sreabhadh oibre: %v",
+	"actions.workflow.persistent_incomplete_matrix": "Ní féidir `strategy.matrix` den phost %[1]s a mheas mar gheall ar léiriú `needs` a bhí neamhbhailí. D’fhéadfadh sé tagairt a dhéanamh do phost nach bhfuil ina liosta 'needs' (%[2]s), nó d’aschur nach bhfuil ann ar cheann de na poist sin.",
+	"actions.workflow.incomplete_matrix_missing_job": "Ní féidir `strategy.matrix` de phost %[1]s a mheas: níl post %[2]s ar an liosta `riachtanais` de phost %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Ní féidir `strategy.matrix` den phost %[1]s a mheas: tá aschur %[3]s ar iarraidh ón bpost %[2]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Ní féidir `strategy.matrix` den phost %[1]s a mheas: earráid anaithnid.",
+	"actions.workflow.incomplete_runson_missing_job": "Ní féidir `run-on` de phost %[1]s a mheas: níl post %[2]s ar an liosta `needs` de phost %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Ní féidir `runs-on` an phoist %[1]s a mheas: tá aschur %[3]s ar iarraidh ón bpost %[2]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Ní féidir `runs-on` an phoist %[1]s a mheas: níl toise maitrís %[2]s ann.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Ní féidir `runs-on` den phost %[1]s a mheas: earráid anaithnid.",
+	"actions.workflow.incomplete_with_missing_job": "Ní féidir `le` de phost %[1]s a mheas: níl post %[2]s ar an liosta `riachtanais` de phost %[1]s (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "Ní féidir `le` den phost %[1]s a mheas: tá aschur %[3]s ar iarraidh ón bpost %[2]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Ní féidir `le` den phost %[1]s a mheas: níl toise maitrís %[2]s ann.",
+	"actions.workflow.incomplete_with_unknown_cause": "Ní féidir `le` den phost %[1]s a mheas: earráid anaithnid.",
+	"actions.workflow.pre_execution_error": "Níor cuireadh an sreabhadh oibre i gcrích mar gheall ar earráid a chuir bac ar an iarracht forghníomhaithe.",
+	"teams.add_all_repos.modal.header": "Cuir na stórais uile leis",
+	"teams.remove_all_repos.modal.header": "Bain na stórais uile",
+	"pulls.manual_merge.helper": "Cúntóir cumasc láimhe",
+	"pulls.manual_merge.helpder.description": "Bain úsáid as an teachtaireacht tiomantais chumasc seo agus an cumasc á chríochnú de láimh.",
+	"pulls.manual_merge.commit.title": "Teideal an tiomnaidh chumasc",
+	"pulls.manual_merge.commit.body": "Comhcheangail corp an tiomnaidh",
+	"pulls.manual_merge.copy.button": "Cóipeáil teachtaireacht tiomantais chumasc",
+	"admin.auths.oauth2_quota_group_claim_name": "Ainm an éilimh lena soláthraítear ainmneacha grúpa don fhoinse seo le húsáid le haghaidh bainistíocht cuóta. (Roghnach)",
+	"admin.auths.oauth2_quota_group_map": "Mapáil grúpaí éilithe chuig grúpaí cuóta. (Roghnach - tá ainm an éilimh thuas ag teastáil)",
+	"admin.auths.oauth2_quota_group_map_removal": "Bain úsáideoirí as grúpaí cuóta sioncrónaithe mura mbaineann an t-úsáideoir leis an ngrúpa comhfhreagrach.",
+	"editor.search": "Cuardaigh",
+	"editor.find_previous": "Aimsiú roimhe seo",
+	"editor.find_next": "An chéad aimsiú eile",
+	"editor.replace": "Athsholáthair",
+	"editor.replace_all": "Cuir gach rud in ionad",
+	"editor.toggle_case": "Íogaireacht cás a scoránaigh",
+	"editor.toggle_regex": "Scoránaigh ag baint úsáide as nathanna rialta",
+	"editor.toggle_whole_word": "Athraigh focail iomlána meaitseála"
 }
diff --git a/options/locale_next/locale_gl.json b/options/locale_next/locale_gl.json
index dc7f49a511..9e3ea4c99e 100644
--- a/options/locale_next/locale_gl.json
+++ b/options/locale_next/locale_gl.json
@@ -36,5 +36,5 @@
 		"one": "hai %d ano",
 		"other": "hai %d anos"
 	},
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_he.json b/options/locale_next/locale_he.json
index 465037bd79..0380200a58 100644
--- a/options/locale_next/locale_he.json
+++ b/options/locale_next/locale_he.json
@@ -106,5 +106,5 @@
 	"repo.diff.commit.previous-short": "הקודם",
 	"discussion.locked": "הדיון ננעל. היכולת להגיב מוגבלת לתורמים בלבד.",
 	"discussion.sidebar.reference": "מקור",
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_hi.json b/options/locale_next/locale_hi.json
index 1358151b37..7abcc87b82 100644
--- a/options/locale_next/locale_hi.json
+++ b/options/locale_next/locale_hi.json
@@ -56,7 +56,7 @@
 		"one": "%d महीने पहले",
 		"other": "%d महीनों पहले"
 	},
-	"meta.last_line": "तीतर के दो पीछे तीतर तीतर के दो आगे तीतर बोलो कितने तीतर ?\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "तीतर के दो पीछे तीतर तीतर के दो आगे तीतर बोलो कितने तीतर ?",
 	"relativetime.now": "अभी",
 	"avatar.constraints_hint": "कस्टम अवतार का फ़ाइल आकार 200 किलोबाइट से अधिक नहीं होना चाहिए और 125x125 पिक्सेल से बड़ा नहीं होना चाहिए",
 	"home.welcome.activity_hint": "आपकी फीड में अभी कुछ भी नहीं है। आपके कार्य और रिपॉजिटरी यहाँ दिखेंगे।",
diff --git a/options/locale_next/locale_hu-HU.json b/options/locale_next/locale_hu-HU.json
index 613b9b5c12..9894730929 100644
--- a/options/locale_next/locale_hu-HU.json
+++ b/options/locale_next/locale_hu-HU.json
@@ -11,5 +11,5 @@
 		"one": "%s Aktív Egyesítési Kérés",
 		"other": "%s Aktív Egyesítési Kérések"
 	},
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_id-ID.json b/options/locale_next/locale_id-ID.json
index ab83158939..0b447adf4f 100644
--- a/options/locale_next/locale_id-ID.json
+++ b/options/locale_next/locale_id-ID.json
@@ -134,5 +134,5 @@
 	"actions.workflow.job_parsing_error": "Tidak dapat memproses pekerjaan dalam alur kerja: %v",
 	"actions.workflow.event_detection_error": "Tidak dapat memproses peristiwa yang didukung dalam alur kerja: %v",
 	"actions.workflow.pre_execution_error": "Alur kerja tidak dijalankan karena terjadi kesalahan yang menghalangi upaya eksekusi.",
-	"meta.last_line": "Terima kasih telah menerjemahkan Forgejo! Baris ini tidak terlihat oleh pengguna, tetapi memiliki fungsi lain dalam manajemen terjemahan. Anda dapat menambahkan fakta menarik dalam terjemahan alih-alih menerjemahkannya.\n(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": "Terima kasih telah menerjemahkan Forgejo! Baris ini tidak terlihat oleh pengguna, tetapi memiliki fungsi lain dalam manajemen terjemahan. Anda dapat menambahkan fakta menarik dalam terjemahan alih-alih menerjemahkannya."
 }
diff --git a/options/locale_next/locale_is-IS.json b/options/locale_next/locale_is-IS.json
index 2925565be6..78dd51eea5 100644
--- a/options/locale_next/locale_is-IS.json
+++ b/options/locale_next/locale_is-IS.json
@@ -1,5 +1,5 @@
 {
 	"repo.pulls.title_desc": "vill sameina %[1]d framlög frá <code>%[2]s</code> í <code id=\"%[4]s\">%[3]s</code>",
 	"migrate.git.description": "Flytja hugbúnaðarsafn aðeins frá Git þjónustu.",
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_isv.json b/options/locale_next/locale_isv.json
index e1f7e1e5a2..236136a54d 100644
--- a/options/locale_next/locale_isv.json
+++ b/options/locale_next/locale_isv.json
@@ -1,4 +1,4 @@
 {
 	"home.welcome.no_activity": "Nema aktivnosti",
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index fb17d8cf90..5f431a6f87 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -107,7 +107,7 @@
 	},
 	"editor.textarea.tab_hint": "Linea già indentata. Premi di nuovo <kbd>Tab</kbd> o <kbd>Esc</kbd> per uscire dall'editor.",
 	"repo.diff.commit.previous-short": "Precedente",
-	"meta.last_line": "Ambaraba cicci cocco.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Ambaraba cicci cocco.",
 	"migrate.github.description": "Migrare i dati da github.com o da server GitHub Enterprise.",
 	"migrate.git.description": "Migra un repositorio solo da qualsiasi servizio Git.",
 	"migrate.gitea.description": "Migrare i dati da gitea.com o altre istanze di Gitea.",
diff --git a/options/locale_next/locale_ja-JP.json b/options/locale_next/locale_ja-JP.json
index c10a6e7d29..00bc49c676 100644
--- a/options/locale_next/locale_ja-JP.json
+++ b/options/locale_next/locale_ja-JP.json
@@ -1,13 +1,7 @@
 {
-	"fork.n_forks": {
-		"other": "%s のフォーク"
-	},
-	"stars.n_stars": {
-		"other": "%s のスター"
-	},
-	"release.n_downloads": {
-		"other": "%s のダウンロード"
-	},
+	"fork.n_forks": "%s のフォーク",
+	"stars.n_stars": "%s のスター",
+	"release.n_downloads": "%s のダウンロード",
 	"repo.pulls.merged_title_desc": "が %[1]d 個のコミットを <code>%[2]s</code> から <code>%[3]s</code> へマージ %[4]s",
 	"repo.pulls.title_desc": "が <code>%[2]s</code> から <code id=\"%[4]s\">%[3]s</code> への %[1]d コミットのマージを希望しています",
 	"search.milestone_kind": "マイルストーンを検索...",
@@ -21,11 +15,7 @@
 	"migrate.gitbucket.description": "GitBucket インスタンスからデータを移行します。",
 	"migrate.codebase.description": "codebasehq.com からデータを移行します。",
 	"migrate.forgejo.description": "codeberg.orgまたは他のインスタンスからデータを移行する。",
-	"pulse.n_active_issues": {
-		"other": "%s件のアクティブなイシュー"
-	},
-	"pulse.n_active_prs": {
-		"other": "%s件のアクティブなプルリクエスト"
-	},
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"pulse.n_active_issues": "%s件のアクティブなイシュー",
+	"pulse.n_active_prs": "%s件のアクティブなプルリクエスト",
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_jbo.json b/options/locale_next/locale_jbo.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_jbo.json
+++ b/options/locale_next/locale_jbo.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_ka.json b/options/locale_next/locale_ka.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_ka.json
+++ b/options/locale_next/locale_ka.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index eb2f4de78b..d230feaa9c 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -50,5 +50,5 @@
 		"one": "%d n useggas aya",
 		"other": "%d n iseggasen aya"
 	},
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_kmr.json b/options/locale_next/locale_kmr.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_kmr.json
+++ b/options/locale_next/locale_kmr.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_ko-KR.json b/options/locale_next/locale_ko-KR.json
index 7578d0b228..3aa74996b9 100644
--- a/options/locale_next/locale_ko-KR.json
+++ b/options/locale_next/locale_ko-KR.json
@@ -1,13 +1,9 @@
 {
-	"stars.n_stars": {
-		"other": "%s 좋아요"
-	},
+	"stars.n_stars": "%s 좋아요",
 	"repo.pulls.merged_title_desc": "님이 <code>%[2]s</code> 에서 <code>%[3]s</code> 로 %[1]d 커밋을 %[4]s 병합함",
 	"repo.pulls.title_desc": "<code>%[2]s</code> 에서 <code id=\"%[4]s\">%[3]s</code> 로 %[1]d개의 커밋들을 병합하려함",
 	"home.welcome.no_activity": "활동 없음",
 	"moderation.abuse_category.malware": "악성 소프트웨어",
-	"pulse.n_active_issues": {
-		"other": "%s 개의 활성화된 이슈"
-	},
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"pulse.n_active_issues": "%s 개의 활성화된 이슈",
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_la.json b/options/locale_next/locale_la.json
index 0fdd9a866f..1583aa84bc 100644
--- a/options/locale_next/locale_la.json
+++ b/options/locale_next/locale_la.json
@@ -7,5 +7,5 @@
 		"one": "ante %d minuta",
 		"other": "%d minuta abhinc"
 	},
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_lt.json b/options/locale_next/locale_lt.json
index 3ffca4b0a4..bd3d3d0e54 100644
--- a/options/locale_next/locale_lt.json
+++ b/options/locale_next/locale_lt.json
@@ -1,4 +1,4 @@
 {
 	"search.milestone_kind": "Ieškoti gairių...",
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index c576e10bd8..e2dbaad744 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -38,7 +38,7 @@
 	"alert.asset_load_failed": "Neizdevās ielādēt līdzekļu datnes no {path}. Lūgums pārliecināties, ka līdzekļu datnēm var piekļūt.",
 	"install.invalid_lfs_path": "Nav iespējams izveidot LFS pamatmapi norādītajā ceļā: %[1]s",
 	"alert.range_error": " jābūt skaitlin starp %[1]s un %[2]s.",
-	"meta.last_line": "Šis žagaru saišķis nav mans žagaru saišķis.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Šis žagaru saišķis nav mans žagaru saišķis.",
 	"mail.actions.successful_run_after_failure_subject": "Darbplūsma %[1]s atkopta glabātavā %[2]s",
 	"mail.actions.not_successful_run_subject": "Darbplūsmas %[1]s atteice glabātavā %[2]s",
 	"mail.actions.successful_run_after_failure": "Darbplūsma %[1]s atkopta glabātavā %[2]s",
@@ -246,13 +246,31 @@
 	"moderation.issue.deletion_success": "Pieteikums tika izdzēsts.",
 	"moderation.comment.deletion_success": "Piebilde tika izdzēsta.",
 	"actions.workflow.incomplete_matrix_missing_job": "Nevar novērtēt darba %[1]s `strategy.matrix`: darbs %[2]s nav %[1]s `needs` sarakstā (%[3]s).",
-	"actions.workflow.incomplete_matrix_missing_output": "Nevar novērtēt darba %[1]s `strategy.matrix`: darbam %[2]s nav izvades %[2]s.",
+	"actions.workflow.incomplete_matrix_missing_output": "Nevar novērtēt darba %[1]s `strategy.matrix`: darbam %[2]s trūkst izvades %[2]s.",
 	"actions.workflow.incomplete_matrix_unknown_cause": "Nevar novērtēt darba %[1]s `strategy.matrix`: nezināma kļūda.",
 	"actions.workflow.incomplete_runson_missing_job": "Nevar novērtēt darba %[1]s `runs-on`: darbs %[2]s nav %[1]s `needs` sarakstā (%[3]s).",
-	"actions.workflow.incomplete_runson_missing_output": "Nevar novērtēt darba %[1]s `runs-on`: darbam %[2]s nav izvades %[3]s.",
+	"actions.workflow.incomplete_runson_missing_output": "Nevar novērtēt darba %[1]s `runs-on`: darbam %[2]s trūkst izvades %[3]s.",
 	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Nevar novērtēt darba %[1]s `runs-on`: matricas dimensija %[2]s nepastāv.",
 	"actions.workflow.incomplete_runson_unknown_cause": "Nevar novērtēt darba %[1]s `runs-on`: nezināma kļūda.",
 	"issues.updated": "atjaunināts %s",
 	"search.fuzzy": "Aptuveni",
-	"search.fuzzy_tooltip": "Iekļaut iznākumus, kas aptuveni atbilst meklētajam"
+	"search.fuzzy_tooltip": "Iekļaut iznākumus, kas aptuveni atbilst meklētajam",
+	"actions.workflow.incomplete_with_missing_job": "Nevar novērtēt darba %[1]s `with`: darbs %[2]s nav darba %[1]s `needs` sarakstā (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "Nevar novērtēt darba %[1]s `with`: darbam %[2]s trūkst izvades %[3]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Nevar novērtēt darba %[1]s `with`: matricas dimensija %[2]s nepastāv.",
+	"actions.workflow.incomplete_with_unknown_cause": "Nevar novērtēt darba %[1]s `with`: nezināma kļūda.",
+	"pulls.manual_merge.helper": "Pašrocīgas iekļaušanas palīgs",
+	"pulls.manual_merge.helpder.description": "Šis iekļaušanas iesūtījuma ziņojums ir izmantojams, kad pašrocīgi pabeidz iekļaušanu.",
+	"pulls.manual_merge.commit.title": "Iekļaušanas iesūtījuma virsraksts",
+	"pulls.manual_merge.commit.body": "Iekļaušanas iesūtījuma apraksts",
+	"pulls.manual_merge.copy.button": "Ievietot starpliktuvē iekļaušanas iesūtījuma ziņojumu",
+	"editor.search": "Meklēt",
+	"editor.find_previous": "Iepriekšējais atradums",
+	"editor.find_next": "Nākamais atradums",
+	"editor.replace": "Aizstāt",
+	"editor.replace_all": "Aizstāt visu",
+	"editor.toggle_case": "Pārslēgt reģistrjutīgumu",
+	"editor.toggle_regex": "Pārslēgt regulāro izteiksmju izmantošanu",
+	"editor.toggle_whole_word": "Pārslēgt atbilstību veseliem vārdiem",
+	"repo.view.gitmodules_too_large": "Datne .gitmodules ir pārāk liela un netiks ņemta vērā (piemēram, API izsaukumos)"
 }
diff --git a/options/locale_next/locale_mic.json b/options/locale_next/locale_mic.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_mic.json
+++ b/options/locale_next/locale_mic.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_ml-IN.json b/options/locale_next/locale_ml-IN.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_ml-IN.json
+++ b/options/locale_next/locale_ml-IN.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_nb_NO.json b/options/locale_next/locale_nb_NO.json
index d9acb16425..496e8714ce 100644
--- a/options/locale_next/locale_nb_NO.json
+++ b/options/locale_next/locale_nb_NO.json
@@ -102,7 +102,7 @@
 	"repo.diff.commit.previous-short": "Forrige",
 	"discussion.locked": "Denne diskusjonen er låst. Kommentarer kan kun gjøres av bidragsytere.",
 	"avatar.constraints_hint": "Egendefinert avatar kan ikke overstige %[1]s i størrelse eller være større enn %[2]d × %[3]d piksler",
-	"meta.last_line": "Vi gir oss ikke. Kongen har sagt nei!\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Vi gir oss ikke. Kongen har sagt nei!",
 	"fork.n_forks": {
 		"one": "%s skille",
 		"other": "%s skiller"
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 5b530ec08c..20f0f19a35 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -33,7 +33,7 @@
 	"alert.asset_load_failed": "Kunn Objekt-Dateien ut {path} nich laden. Bidde wees wiss, dat up de Objekt-Dateien togriepen worden kann.",
 	"install.invalid_lfs_path": "Kunn de LFS-Ruut an de angeven Padd nich maken: %[1]s",
 	"alert.range_error": " mutt eene Tahl tüsken %[1]s un %[2]s wesen.",
-	"meta.last_line": "Moin!\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Moin!",
 	"mail.actions.successful_run_after_failure_subject": "Warkwies %[1]s in Repositorium %[2]s verhaalt",
 	"mail.actions.not_successful_run_subject": "Warkwies %[1]s in Repositorium %[2]s fehlslagen",
 	"mail.actions.successful_run_after_failure": "Warkwies %[1]s in Repositorium %[2]s hett sik verhaalt",
@@ -243,5 +243,19 @@
 	"actions.workflow.incomplete_with_missing_job": "Kann de `with` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s is nich in de `needs`-List vun Upgaav %[1]s (%[3]s).",
 	"actions.workflow.incomplete_with_missing_output": "Kann de `with` vun Upgaav %[1]s nich utweerten: Upgaav %[2]s hapert Utgaav %[3]s.",
 	"actions.workflow.incomplete_with_missing_matrix_dimension": "Kann de `with` vun Upgaav %[1]s nich utweerten: Matrix-Richt %[2]s gifft dat nich.",
-	"actions.workflow.incomplete_with_unknown_cause": "Kann de `with` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler."
+	"actions.workflow.incomplete_with_unknown_cause": "Kann de `with` vun Upgaav %[1]s nich utweerten: Unbekannter Fehler.",
+	"pulls.manual_merge.helper": "Hülper för ’t Tosamenföhren vun Hand",
+	"pulls.manual_merge.helpder.description": "Bruuk deese Tosamenföhrens-Kommitteren-Naricht, wenn du dat Tosamenföhren vun Hand ofsluttst.",
+	"pulls.manual_merge.commit.title": "Tosamenföhrens-Kommitterens-Titel",
+	"pulls.manual_merge.commit.body": "Tosamenföhrens-Kommitterens-Text",
+	"pulls.manual_merge.copy.button": "Tosamenföhrens-Kommitterens-Naricht koperen",
+	"editor.search": "Söök",
+	"editor.find_previous": "Lester Fund",
+	"editor.find_next": "Anner Fund",
+	"editor.replace": "Utwesseln",
+	"editor.replace_all": "All utwesseln",
+	"editor.toggle_case": "Grot- un Kleenschrievens minnachten an- of utknipsen",
+	"editor.toggle_regex": "Regel-Utdrücken bruken an- of utknipsen",
+	"editor.toggle_whole_word": "Hele Woorden söken an- of utknipsen",
+	"repo.view.gitmodules_too_large": "De .gitmodules-Datei is to grot un word minnacht (to’n Bispööl för API-Upropen)"
 }
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index 642eee3357..2bd292a04d 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -33,7 +33,7 @@
 	"alert.asset_load_failed": "Het laden van hulp-bestanden vanuit {path} is mislukt. Controleer of de hulp-bestanden toegankelijk zijn.",
 	"install.invalid_lfs_path": "Kan de LFS-root niet aanmaken op de opgegeven locatie: %[1]s",
 	"alert.range_error": " moet een getal zijn tussen %[1]s en %[2]s.",
-	"meta.last_line": "Wist je dat de paprika, behalve in de bekende kleuren rood, geel, oranje en groen, ook in de kleuren wit, paars, lila, muntgroen en bruin voorkomt.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Wist je dat de paprika, behalve in de bekende kleuren rood, geel, oranje en groen, ook in de kleuren wit, paars, lila, muntgroen en bruin voorkomt.",
 	"mail.actions.successful_run_after_failure_subject": "Werkstroom %[1]s hersteld in repositorie %[2]s",
 	"mail.actions.not_successful_run_subject": "Werkstroom %[1]s mislukt in repositorie %[2]s",
 	"mail.actions.successful_run_after_failure": "Werkstroom %[1]s hersteld in repositorie %[2]s",
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index bc9a039ae6..2335ec76c9 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -233,5 +233,5 @@
 	"migrate.pagure.private_issues.summary": "Prywatne zgłoszenia (opcjonalne)",
 	"actions.runs.view_most_recent_run": "Pokaż ostatnie uruchomienie",
 	"actions.runs.run_attempt_label": "Próba uruchomienia #%[1]s (%[2]s)",
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index 4bfa87f5be..84a3b183b8 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -38,7 +38,7 @@
 	"alert.asset_load_failed": "Não foi possível carregar arquivos de assets de {path}. Por favor, certifique-se que os arquivos podem ser acessados.",
 	"install.invalid_lfs_path": "Não foi possível criar um root LFS no caminho especificado: %[1]s",
 	"alert.range_error": " deve ser um número entre %[1]s e %[2]s.",
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": " ",
 	"mail.actions.run_info_cur_status": "Status desta execução: %[1]s (atualizado recentemente de %[2]s)",
 	"mail.actions.run_info_previous_status": "Status da execução anterior: %[1]s",
 	"mail.actions.successful_run_after_failure_subject": "Workflow %[1]s recuperado no repositório %[2]s",
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index 56399358a6..a0294a9245 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -38,7 +38,7 @@
 	"alert.asset_load_failed": "Falha ao carregar ficheiros de recurso de {path}. Certifique-se de que os ficheiros de recurso podem ser acedidos.",
 	"install.invalid_lfs_path": "Não foi possível criar a raiz LFS no caminho especificado: %[1]s",
 	"alert.range_error": " deve ser um número entre %[1]s e %[2]s.",
-	"meta.last_line": "Se programarem em Python, por favor usem o uv e Ruff (e estejam atentos ao Red Knot no repositório do Ruff). E vejam também mise-en-place (https://mise.jdx.dev).\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Se programarem em Python, por favor usem o uv e Ruff (e estejam atentos ao Red Knot no repositório do Ruff). E vejam também mise-en-place (https://mise.jdx.dev).",
 	"mail.actions.successful_run_after_failure_subject": "Sequência de trabalho %[1]s foi recuperada no repositório %[2]s",
 	"mail.actions.not_successful_run_subject": "Sequência de trabalho %[1]s falhou no repositório %[2]s",
 	"mail.actions.not_successful_run": "Sequência de trabalho %[1]s falhou no repositório %[2]s",
@@ -243,10 +243,10 @@
 	"moderation.comment.deletion_success": "O comentário foi eliminado.",
 	"actions.workflow.persistent_incomplete_matrix": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s devido a uma expressão `needs` que era inválida. Pode estar a referir-se a um trabalho que não está na sua lista de 'needs' (%[2]s), ou a um resultado que não existe num desses trabalhos.",
 	"actions.workflow.incomplete_matrix_missing_job": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: trabalho %[2]s não está na lista de `needs` do trabalho %[1]s (%[3]s).",
-	"actions.workflow.incomplete_matrix_missing_output": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: o trabalho %[2]s não tem um resultado %[3]s.",
+	"actions.workflow.incomplete_matrix_missing_output": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: falta o resultado %[3]s no trabalho %[2]s.",
 	"actions.workflow.incomplete_matrix_unknown_cause": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: erro desconhecido.",
 	"actions.workflow.incomplete_runson_missing_job": "Não foi possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não está na lista `needs` do trabalho %[1]s (%[3]s).",
-	"actions.workflow.incomplete_runson_missing_output": "Não é possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não tem um resultado %[3]s.",
+	"actions.workflow.incomplete_runson_missing_output": "Não é possível avaliar `runs-on` do trabalho %[1]s: falta o resultado %[3]s no trabalho %[2]s.",
 	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Não é possível avaliar `runs-on` do trabalho %[1]s: a dimensão da matriz %[2]s não existe.",
 	"actions.workflow.incomplete_runson_unknown_cause": "Não é possível avaliar `runs-on` do trabalho %[1]s: erro desconhecido.",
 	"admin.auths.oauth2_quota_group_claim_name": "Nome da reivindicação que fornece nomes de grupos para esta fonte a ser usada para gestão de quotas. (Opcional)",
@@ -254,5 +254,23 @@
 	"admin.auths.oauth2_quota_group_map_removal": "Remover os utilizadores dos grupos de quotas sincronizados se o utilizador não pertencer ao grupo correspondente.",
 	"issues.updated": "%s atualizado",
 	"search.fuzzy": "Difusa",
-	"search.fuzzy_tooltip": "Incluir resultados que correspondam aproximadamente ao termo de pesquisa"
+	"search.fuzzy_tooltip": "Incluir resultados que correspondam aproximadamente ao termo de pesquisa",
+	"actions.workflow.incomplete_with_missing_job": "Não é possível avaliar `with` do trabalho %[1]s: o trabalho %[2]s não está na lista de `needs` do trabalho %[1]s (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "Não é possível avaliar `with` do trabalho %[1]s: falta o resultado %[3]s no trabalho %[2]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Não é possível avaliar `with` do trabalho %[1]s: a dimensão da matriz %[2]s não existe.",
+	"actions.workflow.incomplete_with_unknown_cause": "Não é possível avaliar `with` do trabalho %[1]s: erro desconhecido.",
+	"pulls.manual_merge.helper": "Assistente de integração manual",
+	"pulls.manual_merge.helpder.description": "Usar esta mensagem de cometimento de integração ao concluir a integração manualmente.",
+	"pulls.manual_merge.commit.title": "Título do cometimento de integração",
+	"pulls.manual_merge.commit.body": "Corpo do cometimento de integração",
+	"pulls.manual_merge.copy.button": "Copiar mensagem do cometimento de integração",
+	"editor.search": "Procurar",
+	"editor.find_previous": "Ocorrência anterior",
+	"editor.find_next": "Ocorrência seguinte",
+	"editor.replace": "Substituir",
+	"editor.replace_all": "Substituir tudo",
+	"editor.toggle_case": "Ativar/desativar a diferenciação de maiúsculas e minúsculas",
+	"editor.toggle_regex": "Ativar/desativar o uso de expressões regulares",
+	"editor.toggle_whole_word": "Ativar/desativar correspondência de palavras inteiras",
+	"repo.view.gitmodules_too_large": "O ficheiro .gitmodules é demasiado grande e será ignorado (por exemplo, em chamadas API)"
 }
diff --git a/options/locale_next/locale_ro.json b/options/locale_next/locale_ro.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_ro.json
+++ b/options/locale_next/locale_ro.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 14d843cbf2..534ae02a0a 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -258,5 +258,19 @@
 	"actions.workflow.incomplete_with_missing_job": "Не удалось проверить `with` задачи %[1]s – задача %[2]s не указана в списке `needs` задачи %[1]s (%[3]s).",
 	"actions.workflow.incomplete_with_missing_output": "Не удалось проверить `with` задачи %[1]s – у задачи %[2]s не хватает интерфейса вывода %[3]s.",
 	"actions.workflow.incomplete_with_missing_matrix_dimension": "Не удалось проверить `with` задачи %[1]s: в матрице не указано измерение %[2]s.",
-	"actions.workflow.incomplete_with_unknown_cause": "Не удалось проверить `with` задачи %[1]s: неизвестная ошибка."
+	"actions.workflow.incomplete_with_unknown_cause": "Не удалось проверить `with` задачи %[1]s: неизвестная ошибка.",
+	"pulls.manual_merge.helper": "Инструкции для ручного слияния",
+	"pulls.manual_merge.helpder.description": "Используйте следующее сообщение для коммита при выполнении слияния вручную.",
+	"pulls.manual_merge.commit.title": "Заголовок коммита слияния",
+	"pulls.manual_merge.commit.body": "Тело коммита слияния",
+	"pulls.manual_merge.copy.button": "Копировать сообщение коммита слияния",
+	"editor.search": "Поиск",
+	"editor.find_previous": "Предыдущий результат",
+	"editor.find_next": "Следующий результат",
+	"editor.replace": "Заменить",
+	"editor.replace_all": "Заменить все",
+	"editor.toggle_case": "Изменить чувствительность к регистру",
+	"editor.toggle_regex": "Изменить использование рег. выражений",
+	"editor.toggle_whole_word": "Изменить поиск целых слов",
+	"repo.view.gitmodules_too_large": "Файл .gitmodules слишком большой и будет игнорироваться (например, при вызовах API)"
 }
diff --git a/options/locale_next/locale_si-LK.json b/options/locale_next/locale_si-LK.json
index 8f30caa098..40ffa8ccc6 100644
--- a/options/locale_next/locale_si-LK.json
+++ b/options/locale_next/locale_si-LK.json
@@ -15,5 +15,5 @@
 		"one": "%s ක්රියාකාරී අදින්න ඉල්ලීම",
 		"other": "%s ක්රියාකාරී අදින්න ඉල්ලීම්"
 	},
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_sk-SK.json b/options/locale_next/locale_sk-SK.json
index c20baabaa4..0c22e4ccda 100644
--- a/options/locale_next/locale_sk-SK.json
+++ b/options/locale_next/locale_sk-SK.json
@@ -133,7 +133,7 @@
 	"settings.twofa_reenroll.description": "Znovu zaregistrujte Vaše dvojfaktorové overenie",
 	"settings.must_enable_2fa": "Táto inštancia Forgejo vyžaduje, aby používatelia povolili dvojfaktorové overenie predtým, ako budú môcť pristupovať k svojim účtom.",
 	"error.must_enable_2fa": "Táto inštancia Forgejo vyžaduje, aby používatelia povolili dvojfaktorové overenie predtým, ako budú môcť pristupovať k svojim účtom. Povolíte ho tu: %s",
-	"meta.last_line": "Ďakujem za preklad Forgejo! Tento riadok používatelia nevidia, ale slúži na iné účely v správe prekladov. Namiesto prekladu môžete do prekladu vložiť zaujímavý fakt.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Ďakujem za preklad Forgejo! Tento riadok používatelia nevidia, ale slúži na iné účely v správe prekladov. Namiesto prekladu môžete do prekladu vložiť zaujímavý fakt.",
 	"moderation.abuse_category": "Kategória",
 	"warning.repository.out_of_sync": "Databázová reprezentácia tohto repozitára nie je synchronizovaná. Ak sa toto upozornenie zobrazuje aj po odoslaní commitu do tohto repozitára, kontaktujte administrátora.",
 	"repo.pulls.already_merged": "Zlúčenie zlyhalo: Táto žiadosť už bola spracovaná.",
diff --git a/options/locale_next/locale_sl.json b/options/locale_next/locale_sl.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_sl.json
+++ b/options/locale_next/locale_sl.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index beac718391..bb0b1935d5 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -59,7 +59,7 @@
 	"mail.actions.successful_run_after_failure": "Arbetsflöde %[1]s återställdes i förrådet %[2]s",
 	"mail.actions.not_successful_run": "Arbetsflödet %[1]s misslyckades i förrådet %[2]s",
 	"editor.textarea.shift_tab_hint": "Ingen indragning på den här raden. Tryck på <kbd>Shift</kbd> + <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> för att lämna redigeringsläget.",
-	"meta.last_line": "Daniel Nylander heter jag och har översatt Forgejo. Mer information om mig på https://www.danielnylander.se\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Daniel Nylander heter jag och har översatt Forgejo. Mer information om mig på https://www.danielnylander.se",
 	"editor.textarea.tab_hint": "Raden är redan indragen. Tryck på <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> för att lämna redigeringsläget.",
 	"home.welcome.no_activity": "Ingen aktivitet",
 	"home.welcome.activity_hint": "Det finns inget i ditt flöde ännu. Dina åtgärder och aktivitet från förråd som du bevakar kommer att visas här.",
diff --git a/options/locale_next/locale_ta.json b/options/locale_next/locale_ta.json
index e8fab54663..60e84fe304 100644
--- a/options/locale_next/locale_ta.json
+++ b/options/locale_next/locale_ta.json
@@ -182,7 +182,7 @@
 	},
 	"teams.add_all_repos.modal.header": "அனைத்து களஞ்சியங்களையும் சேர்",
 	"teams.remove_all_repos.modal.header": "அனைத்து களஞ்சியங்களையும் அகற்று",
-	"meta.last_line": "Forgejo ஐ மொழிபெயர்த்ததற்கு நன்றி! இந்த வரியானது பயனர்களால் பார்க்கப்படவில்லை, ஆனால் இது மொழிபெயர்ப்பு நிர்வாகத்தில் பிற நோக்கங்களுக்காக உதவுகிறது. மொழிபெயர்ப்பிற்குப் பதிலாக ஒரு வேடிக்கையான உண்மையை மொழிபெயர்ப்பில் வைக்கலாம்.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Forgejo ஐ மொழிபெயர்த்ததற்கு நன்றி! இந்த வரியானது பயனர்களால் பார்க்கப்படவில்லை, ஆனால் இது மொழிபெயர்ப்பு நிர்வாகத்தில் பிற நோக்கங்களுக்காக உதவுகிறது. மொழிபெயர்ப்பிற்குப் பதிலாக ஒரு வேடிக்கையான உண்மையை மொழிபெயர்ப்பில் வைக்கலாம்.",
 	"repo.issues.filter_poster.hint": "ஆசிரியரால் வடிகட்டவும்",
 	"repo.issues.filter_assignee.hint": "ஒதுக்கப்பட்ட பயனரின்படி வடிகட்டவும்",
 	"repo.issues.filter_reviewers.hint": "மதிப்பாய்வு செய்த பயனரின்படி வடிகட்டவும்",
diff --git a/options/locale_next/locale_th.json b/options/locale_next/locale_th.json
index fd5844dd13..836559caca 100644
--- a/options/locale_next/locale_th.json
+++ b/options/locale_next/locale_th.json
@@ -138,7 +138,7 @@
 	"actions.workflow.pre_execution_error": "เวิร์กโฟลว์ไม่ถูกดำเนินการเนื่องจากมีข้อผิดพลาดที่ขัดขวางความพยายามในการดำเนินการ",
 	"pulse.n_active_issues": "%s ปัญหาที่ใช้งานอยู่",
 	"pulse.n_active_prs": "%s คำขอดึงที่ใช้งานอยู่",
-	"meta.last_line": "ขอบคุณที่แปล Forgejo! บรรทัดนี้ผู้ใช้จะไม่เห็น แต่มีวัตถุประสงค์อื่นในการจัดการการแปล คุณสามารถใส่ข้อเท็จจริงสนุกๆ ในการแปลแทนการแปลก็ได้\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "ขอบคุณที่แปล Forgejo! บรรทัดนี้ผู้ใช้จะไม่เห็น แต่มีวัตถุประสงค์อื่นในการจัดการการแปล คุณสามารถใส่ข้อเท็จจริงสนุกๆ ในการแปลแทนการแปลก็ได้",
 	"repo.pulls.poster_manage_approval": "จัดการการอนุมัติ",
 	"repo.pulls.poster_requires_approval": "เวิร์กโฟลว์บางส่วนกำลัง<a href=\"%[1]s\">รอการตรวจสอบ</a>",
 	"repo.pulls.poster_requires_approval.tooltip": "ผู้เขียนคําขอดึงข้อมูลนี้ไม่น่าเชื่อถือในการเรียกใช้เวิร์กโฟลว์ที่ทริกเกอร์โดยคําขอดึงข้อมูลที่สร้างขึ้นจากที่เก็บแบบแยกหรือด้วย AGit เวิร์กโฟลว์ที่ทริกเกอร์โดยเหตุการณ์ 'pull_request' จะไม่ทํางานจนกว่าจะได้รับการอนุมัติ",
diff --git a/options/locale_next/locale_tok.json b/options/locale_next/locale_tok.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_tok.json
+++ b/options/locale_next/locale_tok.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_tr-TR.json b/options/locale_next/locale_tr-TR.json
index d64e5ac7f9..0ce764ab81 100644
--- a/options/locale_next/locale_tr-TR.json
+++ b/options/locale_next/locale_tr-TR.json
@@ -182,5 +182,5 @@
 	"actions.workflow.pre_execution_error": "Çalıştırma girişimini durduran bir hata sebebiyle iş akışı çalıştırılamadı.",
 	"teams.add_all_repos.modal.header": "Tüm depoları ekle",
 	"teams.remove_all_repos.modal.header": "Tüm depoları kaldır",
-	"meta.last_line": "Steve Jobs ile Nejat İşler'in kardeş olduğunu biliyor muydunuz.\n(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": "Steve Jobs ile Nejat İşler'in kardeş olduğunu biliyor muydunuz."
 }
diff --git a/options/locale_next/locale_tt.json b/options/locale_next/locale_tt.json
index 0e8233d42b..beccf1758c 100644
--- a/options/locale_next/locale_tt.json
+++ b/options/locale_next/locale_tt.json
@@ -5,5 +5,5 @@
 	"home.explore_users": "Кулланучыларны өйрәнү",
 	"home.explore_orgs": "Оешмаларны өйрәнү",
 	"fork.n_forks": "%s чәнечке",
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index c495790102..5866b0c0f5 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -38,7 +38,7 @@
 	"alert.asset_load_failed": "Не вдалося завантажити файли ресурсів з {path}. Переконайтеся, що до файлів ресурсів є доступ.",
 	"install.invalid_lfs_path": "Не вдалося створити корінь LFS за вказаним шляхом: %[1]s",
 	"alert.range_error": " має бути числом від %[1]s до %[2]s.",
-	"meta.last_line": "Не зливай злий запити на злиття — зіллється зле.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Не зливай злий запити на злиття — зіллється зле.",
 	"mail.actions.successful_run_after_failure": "Робочий потік %[1]s відновлено в репозиторії %[2]s",
 	"mail.actions.successful_run_after_failure_subject": "Робочий потік %[1]s відновлено в репозиторії %[2]s",
 	"mail.actions.run_info_previous_status": "Стан попереднього запуску: %[1]s",
@@ -139,7 +139,7 @@
 	"repo.commit.load_tags_failed": "Завантаження тегів не вдалося через внутрішню помилку",
 	"admin.auths.allow_username_change.description": "Дозволити користувачам змінювати ім’я користувача в налаштуваннях профілю",
 	"admin.auths.allow_username_change": "Дозволити змінювати імена",
-	"warning.repository.out_of_sync": "База даних цього репозиторію не синхронізована. Якщо ви знову бачите це попередження після надсилання коміту в цей репозиторій, зверніться до адміністратора.",
+	"warning.repository.out_of_sync": "База даних цього репозиторію не синхронізована. Якщо ви знову бачите це попередження після надсилання коміту в цей репозиторій, зверніться до адміністрації.",
 	"repo.pulls.already_merged": "Не вдалося об’єднати: цей запит на злиття вже об’єднано.",
 	"migrate.pagure.description": "Перенести дані з pagure.io або інших екземплярів Pagure.",
 	"migrate.pagure.token_label": "Токен API Pagure",
@@ -258,5 +258,19 @@
 	"actions.workflow.incomplete_with_unknown_cause": "Неможливо оцінити `with`завдання %[1]s: невідома помилка.",
 	"actions.workflow.incomplete_with_missing_matrix_dimension": "Неможливо оцінити `with` завдання %[1]s: розмір матриці %[2]s не існує.",
 	"actions.workflow.incomplete_with_missing_output": "Неможливо оцінити `with` завдання %[1]s: у завдання %[2]s немає результату %[3]s.",
-	"actions.workflow.incomplete_with_missing_job": "Неможливо оцінити `with` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s)."
+	"actions.workflow.incomplete_with_missing_job": "Неможливо оцінити `with` завдання %[1]s: завдання %[2]s немає у списку `needs` завдання %[1]s (%[3]s).",
+	"editor.replace": "Замінити",
+	"editor.replace_all": "Замінити все",
+	"editor.search": "Знайти",
+	"editor.find_previous": "Попередній",
+	"editor.find_next": "Наступний",
+	"editor.toggle_case": "Перемкнути врахування регістру",
+	"editor.toggle_whole_word": "Перемкнути пошук цілих слів",
+	"editor.toggle_regex": "Перемкнути регулярні вирази",
+	"pulls.manual_merge.helper": "Помічник із ручного об’єднання",
+	"pulls.manual_merge.helpder.description": "Використовувати це повідомлення коміту під час виконання злиття вручну.",
+	"pulls.manual_merge.commit.title": "Заголовок коміту злиття",
+	"pulls.manual_merge.commit.body": "Тіло коміту злиття",
+	"pulls.manual_merge.copy.button": "Копіювати повідомлення коміту злиття",
+	"repo.view.gitmodules_too_large": "Файл .gitmodules занадто великий і буде проігнорований (наприклад, при викликах API)"
 }
diff --git a/options/locale_next/locale_uz.json b/options/locale_next/locale_uz.json
index 8c94d5f67a..2aeab4207b 100644
--- a/options/locale_next/locale_uz.json
+++ b/options/locale_next/locale_uz.json
@@ -44,5 +44,5 @@
 	"relativetime.2years": "ikki yil oldin",
 	"search.syntax": "Qidiruv sintaksisi",
 	"repo.settings.push_mirror.branch_filter.label": "Branch filteri (ixtiyoriy)",
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_vi.json b/options/locale_next/locale_vi.json
index a171b2721f..fb49a027fa 100644
--- a/options/locale_next/locale_vi.json
+++ b/options/locale_next/locale_vi.json
@@ -116,6 +116,6 @@
 	"actions.runs.run_attempt_label": "Lần chạy #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Bạn đang xem một lần chạy lỗi thời của công việc này mà đã chạy %[1]s.",
 	"actions.runs.view_most_recent_run": "Xem lần chạy gần đây nhất",
-	"meta.last_line": "\"xóa thần tượng\"\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "\"xóa thần tượng\"",
 	"home.welcome.activity_hint": "Hiện chưa có gì trên bảng tin của bạn cả. Những hành động của bạn và hoạt động từ kho mã mà bạn theo dõi sẽ xuất hiện ở đây."
 }
diff --git a/options/locale_next/locale_yi.json b/options/locale_next/locale_yi.json
index 60c4c22624..e1940e1e14 100644
--- a/options/locale_next/locale_yi.json
+++ b/options/locale_next/locale_yi.json
@@ -1,3 +1,3 @@
 {
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index ef5f7ba970..bbbc3d5695 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -18,7 +18,7 @@
 	"alert.asset_load_failed": "无法从 {path} 加载资源文件。请确保资源文件可被访问。",
 	"install.invalid_lfs_path": "无法在指定路径创建 LFS 根目录：%[1]s",
 	"alert.range_error": " 必须是一个介于 %[1]s 和 %[2]s 之间的数字。",
-	"meta.last_line": "感谢各位对Forgejo翻译的支持和帮助！不需要翻译这个。(三维鱼)。\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "感谢各位对Forgejo翻译的支持和帮助！不需要翻译这个。(三维鱼)。",
 	"mail.actions.successful_run_after_failure_subject": "仓库 %[2]s 中的工作流 %[1]s 已恢复",
 	"mail.actions.not_successful_run_subject": "仓库 %[2]s 中的工作流 %[1]s 已失败",
 	"mail.actions.successful_run_after_failure": "仓库 %[2]s 中的工作流 %[1]s 已恢复",
@@ -198,5 +198,19 @@
 	"actions.workflow.incomplete_with_missing_job": "无法解析任务‘%[1]s’的`with`：任务‘%[2]s’不在任务‘%[1]s’的`needs`列表（‘%[3]s’）中。",
 	"actions.workflow.incomplete_with_missing_output": "无法解析任务‘%[1]s’的`with`：任务‘%[2]s’没有输出‘%[3]s’。",
 	"actions.workflow.incomplete_with_missing_matrix_dimension": "无法解析任务‘%[1]s’的`with`：矩阵维度‘%[2]s’不存在。",
-	"actions.workflow.incomplete_with_unknown_cause": "无法解析任务‘%[1]s’的`with`：未知错误。"
+	"actions.workflow.incomplete_with_unknown_cause": "无法解析任务‘%[1]s’的`with`：未知错误。",
+	"pulls.manual_merge.helper": "手动合并助手",
+	"pulls.manual_merge.helpder.description": "手动完成合并时，请使用此合并提交消息。",
+	"pulls.manual_merge.commit.title": "合并提交标题",
+	"pulls.manual_merge.commit.body": "合并提交消息",
+	"pulls.manual_merge.copy.button": "复制合并提交消息",
+	"editor.search": "查找",
+	"editor.find_previous": "上一个结果",
+	"editor.find_next": "下一个结果",
+	"editor.replace": "替换",
+	"editor.replace_all": "替换全部",
+	"editor.toggle_case": "切换大小写敏感",
+	"editor.toggle_regex": "切换正则表达式",
+	"editor.toggle_whole_word": "切换全词匹配",
+	"repo.view.gitmodules_too_large": ".gitmodules 因太大而被（API等）忽略"
 }
diff --git a/options/locale_next/locale_zh-HK.json b/options/locale_next/locale_zh-HK.json
index f1503cc03d..a76b5a81e7 100644
--- a/options/locale_next/locale_zh-HK.json
+++ b/options/locale_next/locale_zh-HK.json
@@ -1,5 +1,5 @@
 {
 	"repo.pulls.merged_title_desc": "於 %[4]s 將 %[1]d 次代碼提交從 <code>%[2]s</code>合併至 <code>%[3]s</code>",
 	"moderation.abuse_category.malware": "惡意程式",
-	"meta.last_line": "(this string was needed to make weblate regenerate the file and can be removed)"
+	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_zh-TW.json b/options/locale_next/locale_zh-TW.json
index 09f6ec443a..661f207fbf 100644
--- a/options/locale_next/locale_zh-TW.json
+++ b/options/locale_next/locale_zh-TW.json
@@ -1,13 +1,7 @@
 {
-	"fork.n_forks": {
-		"other": "%s 個分叉"
-	},
-	"stars.n_stars": {
-		"other": "%s 顆星星"
-	},
-	"release.n_downloads": {
-		"other": "%s 次下載"
-	},
+	"fork.n_forks": "%s 個分叉",
+	"stars.n_stars": "%s 顆星星",
+	"release.n_downloads": "%s 次下載",
 	"repo.pulls.merged_title_desc": "將 %[1]d 次提交從 <code>%[2]s</code> 合併至 <code>%[3]s</code> %[4]s",
 	"repo.pulls.title_desc": "請求將 %[1]d 次程式碼提交從 <code>%[2]s</code> 合併至 <code id=\"%[4]s\">%[3]s</code>",
 	"search.milestone_kind": "搜尋里程碑…",
@@ -76,7 +70,7 @@
 	"moderation.report_abuse_form.details": "這個表單是用來檢舉用戶建立垃圾帳號、儲存庫、問題、留言，或其他不當行為。",
 	"moderation.report_abuse_form.invalid": "無效參數",
 	"moderation.report_abuse_form.already_reported": "您已檢舉此內容",
-	"meta.last_line": "Rubi-chan? Hai! Nani ga suki? Choko minto yori mo a･na･ta♡ Ayumu-chan? Hai! Nani ga suki? Sutoroberii fureibaa yori mo a･na･ta♡ Shiki-chan! Hai! Nani ga suki? Kukkii and kuriimu yori mo a･na･ta♡ Minna? Hai! Nani ga suki? Mochiron daisuki AiScReam.\n(this string was needed to make weblate regenerate the file and can be removed)",
+	"meta.last_line": "Rubi-chan? Hai! Nani ga suki? Choko minto yori mo a･na･ta♡ Ayumu-chan? Hai! Nani ga suki? Sutoroberii fureibaa yori mo a･na･ta♡ Shiki-chan! Hai! Nani ga suki? Kukkii and kuriimu yori mo a･na･ta♡ Minna? Hai! Nani ga suki? Mochiron daisuki AiScReam.",
 	"admin.dashboard.cleanup_offline_runners": "清理離線 runners",
 	"settings.visibility.description": "個人資料的可見度會影響他人存取您非私人儲存庫的能力。<a href=\"%s\" target=\"_blank\">了解更多</a>",
 	"avatar.constraints_hint": "自定義大頭貼的大小不得超過 %[1]s，且解析度不得大於 %[2]d×%[3]d 像素",
@@ -91,10 +85,6 @@
 	"migrate.gitbucket.description": "從 GitBucket 站點遷移資料。",
 	"migrate.codebase.description": "從 codebasehq.com 遷移資料。",
 	"migrate.forgejo.description": "從 codeberg.org 或其他 Forgejo 站點遷移資料。",
-	"pulse.n_active_issues": {
-		"other": "%s 個問題"
-	},
-	"pulse.n_active_prs": {
-		"other": "%s 個合併請求"
-	}
+	"pulse.n_active_issues": "%s 個問題",
+	"pulse.n_active_prs": "%s 個合併請求"
 }

From 71f2e091b75871f2881d5a93c3179a2cfb2cad51 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Thu, 22 Jan 2026 10:21:44 +0100
Subject: [PATCH 198/854] ci: use newer forgejo for release simulation (#10975)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10975
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 .forgejo/workflows/build-release-integration.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 4523a4bae7..c8bac88d14 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -1,6 +1,9 @@
 name: Integration tests for the release process
 enable-email-notifications: true
 
+env:
+  FORGEJO_VERSION: 11.0.10 # renovate: datasource=docker depName=code.forgejo.org/forgejo/forgejo
+
 on:
   push:
     paths:
@@ -33,7 +36,7 @@ jobs:
         with:
           user: root
           password: admin1234
-          image-version: 1.21
+          image-version: ${{ env.FORGEJO_VERSION }}
           lxc-ip-prefix: 10.0.9
 
       - name: publish the forgejo release

From d34794ab144b564ba93227aa725e4fa1ee809b91 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Thu, 22 Jan 2026 10:33:03 +0100
Subject: [PATCH 199/854] ci: add name to step (#10976)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10976
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 .forgejo/workflows/testing.yml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index 1d5c8dad2f..395e6c99e5 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -38,7 +38,8 @@ jobs:
       - run: make deps-frontend
       - run: make lint-frontend
       - run: make checks-frontend
-      - run: |
+      - name: make test-frontend-coverage
+        run: |
           # Usage of `dayjs` can be impacted by local system timezone and can be sensitive to DST differences; since
           # frontend tests are very short they're run twice with varying DST rules to reduce regression risk.
           TZ=Europe/Berlin make test-frontend-coverage
@@ -50,7 +51,7 @@ jobs:
         run: |
           apt-get update -qq
           apt-get -q install -qq -y zstd
-      - name: "Cache frontend build for playwright testing"
+      - name: 'Cache frontend build for playwright testing'
         uses: https://data.forgejo.org/actions/cache/save@v5
         with:
           path: ${{github.workspace}}/public/assets
@@ -68,7 +69,7 @@ jobs:
         options: --tmpfs /bitnami/elasticsearch/data
         env:
           discovery.type: single-node
-          ES_JAVA_OPTS: "-Xms512m -Xmx512m"
+          ES_JAVA_OPTS: '-Xms512m -Xmx512m'
       minio:
         image: data.forgejo.org/oci/bitnami/minio:2024.8.17
         options: >-
@@ -109,13 +110,13 @@ jobs:
         with:
           fetch-depth: 20
       - uses: ./.forgejo/workflows-composite/setup-env
-      - name: "Restore frontend build"
+      - name: 'Restore frontend build'
         uses: https://data.forgejo.org/actions/cache/restore@v5
         id: cache-frontend
         with:
           path: ${{github.workspace}}/public/assets
           key: frontend-build-${{ github.sha }}
-      - name: "Build frontend (if not cached)"
+      - name: 'Build frontend (if not cached)'
         if: steps.cache-frontend.outputs.cache-hit != 'true'
         run: |
           su forgejo -c 'make deps-frontend frontend'
@@ -173,7 +174,7 @@ jobs:
         image: ${{ matrix.cacher.image }}
         options: ${{ matrix.cacher.options }}
         env:
-          ALLOW_EMPTY_PASSWORD: "yes" # redis & valkey will immediately shutdown with no defined password unless overridden
+          ALLOW_EMPTY_PASSWORD: 'yes' # redis & valkey will immediately shutdown with no defined password unless overridden
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env

From 31e62e81da1c06bdb9ef8a67866f55f434ed4b17 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 22 Jan 2026 10:56:09 +0100
Subject: [PATCH 200/854] Update https://data.forgejo.org/actions/cache action
 to v5.0.2 (forgejo) (#10890)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10890
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index b2530e62c9..2463dfd467 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Load renovate repo cache
-        uses: https://data.forgejo.org/actions/cache/restore@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: https://data.forgejo.org/actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         with:
           path: |
             .tmp/cache/renovate/repository
@@ -70,7 +70,7 @@ jobs:
 
       - name: Save renovate repo cache
         if: always() && env.RENOVATE_DRY_RUN != 'full'
-        uses: https://data.forgejo.org/actions/cache/save@9255dc7a253b0ccc959486e2bca901246202afeb # v5.0.1
+        uses: https://data.forgejo.org/actions/cache/save@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
         with:
           path: |
             .tmp/cache/renovate/repository

From ce5d13ed026120911099a309d7b4ac74aeab9391 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 22 Jan 2026 11:37:17 +0100
Subject: [PATCH 201/854] Update
 https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.5.1
 (forgejo) (#10980)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10980
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/build-release.yml   | 4 ++--
 .forgejo/workflows/publish-release.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 7b38c27c83..5794558a85 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -164,7 +164,7 @@ jobs:
 
       - name: build container & release
         if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.4.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.5.1
         with:
           forgejo: "${{ env.GITHUB_SERVER_URL }}"
           owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
@@ -183,7 +183,7 @@ jobs:
 
       - name: build rootless container
         if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.4.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.5.1
         with:
           forgejo: "${{ env.GITHUB_SERVER_URL }}"
           owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index a7cb5f9f07..312ccfa9db 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -44,7 +44,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - name: copy & sign
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.4.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.5.1
         with:
           from-forgejo: ${{ vars.FORGEJO }}
           to-forgejo: ${{ vars.FORGEJO }}

From 1978afdb65721116ef3ffee7a9b49afd83bca2bf Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Thu, 22 Jan 2026 11:42:52 +0100
Subject: [PATCH 202/854] i18n(*): migrate ini section [packages] to json
 (#10979)

The following strings were skipped because they will need a separate template update for plurals:
```ini
[packages]
owner.settings.cleanuprules.keep.count.1
owner.settings.cleanuprules.keep.count.n
```

Repro command:
```sh
python remap.py --config --write \
	--insertion-mode s+p \
	--remap [packages]title:packages.title \
	--remap [packages]empty:packages.empty \
	--remap [packages]empty.documentation:packages.empty.documentation \
	--remap [packages]empty.repo:packages.empty.repo \
	--remap [packages]registry.documentation:packages.registry.documentation \
	--remap [packages]filter.type:packages.filter.type \
	--remap [packages]filter.type.all:packages.filter.type.all \
	--remap [packages]filter.no_result:packages.filter.no_result \
	--remap [packages]filter.container.tagged:packages.filter.container.tagged \
	--remap [packages]filter.container.untagged:packages.filter.container.untagged \
	--remap [packages]published_by:packages.published_by \
	--remap [packages]published_by_in:packages.published_by_in \
	--remap [packages]installation:packages.installation \
	--remap [packages]about:packages.about \
	--remap [packages]requirements:packages.requirements \
	--remap [packages]dependencies:packages.dependencies \
	--remap [packages]keywords:packages.keywords \
	--remap [packages]details:packages.details \
	--remap [packages]details.author:packages.details.author \
	--remap [packages]details.project_site:packages.details.project_site \
	--remap [packages]details.repository_site:packages.details.repository_site \
	--remap [packages]details.documentation_site:packages.details.documentation_site \
	--remap [packages]details.license:packages.details.license \
	--remap [packages]assets:packages.assets \
	--remap [packages]versions:packages.versions \
	--remap [packages]versions.view_all:packages.versions.view_all \
	--remap [packages]dependency.id:packages.dependency.id \
	--remap [packages]dependency.version:packages.dependency.version \
	--remap [packages]search_in_external_registry:packages.search_in_external_registry \
	--remap [packages]alpine.registry:packages.alpine.registry \
	--remap [packages]alpine.registry.key:packages.alpine.registry.key \
	--remap [packages]alpine.registry.info:packages.alpine.registry.info \
	--remap [packages]alpine.install:packages.alpine.install \
	--remap [packages]alpine.repository:packages.alpine.repository \
	--remap [packages]alpine.repository.branches:packages.alpine.repository.branches \
	--remap [packages]alpine.repository.repositories:packages.alpine.repository.repositories \
	--remap [packages]alpine.repository.architectures:packages.alpine.repository.architectures \
	--remap [packages]arch.pacman.helper.gpg:packages.arch.pacman.helper.gpg \
	--remap [packages]arch.pacman.repo.multi:packages.arch.pacman.repo.multi \
	--remap [packages]arch.pacman.repo.multi.item:packages.arch.pacman.repo.multi.item \
	--remap [packages]arch.pacman.conf:packages.arch.pacman.conf \
	--remap [packages]arch.pacman.sync:packages.arch.pacman.sync \
	--remap [packages]arch.version.properties:packages.arch.version.properties \
	--remap [packages]arch.version.description:packages.arch.version.description \
	--remap [packages]arch.version.provides:packages.arch.version.provides \
	--remap [packages]arch.version.groups:packages.arch.version.groups \
	--remap [packages]arch.version.depends:packages.arch.version.depends \
	--remap [packages]arch.version.optdepends:packages.arch.version.optdepends \
	--remap [packages]arch.version.makedepends:packages.arch.version.makedepends \
	--remap [packages]arch.version.checkdepends:packages.arch.version.checkdepends \
	--remap [packages]arch.version.conflicts:packages.arch.version.conflicts \
	--remap [packages]arch.version.replaces:packages.arch.version.replaces \
	--remap [packages]arch.version.backup:packages.arch.version.backup \
	--remap [packages]cargo.registry:packages.cargo.registry \
	--remap [packages]cargo.install:packages.cargo.install \
	--remap [packages]chef.registry:packages.chef.registry \
	--remap [packages]chef.install:packages.chef.install \
	--remap [packages]composer.registry:packages.composer.registry \
	--remap [packages]composer.install:packages.composer.install \
	--remap [packages]composer.dependencies:packages.composer.dependencies \
	--remap [packages]composer.dependencies.development:packages.composer.dependencies.development \
	--remap [packages]conan.registry:packages.conan.registry \
	--remap [packages]conan.install:packages.conan.install \
	--remap [packages]conda.registry:packages.conda.registry \
	--remap [packages]conda.install:packages.conda.install \
	--remap [packages]container.images.title:packages.container.images.title \
	--remap [packages]container.details.type:packages.container.details.type \
	--remap [packages]container.details.platform:packages.container.details.platform \
	--remap [packages]container.pull:packages.container.pull \
	--remap [packages]container.digest:packages.container.digest \
	--remap [packages]container.multi_arch:packages.container.multi_arch \
	--remap [packages]container.layers:packages.container.layers \
	--remap [packages]container.labels:packages.container.labels \
	--remap [packages]container.labels.key:packages.container.labels.key \
	--remap [packages]container.labels.value:packages.container.labels.value \
	--remap [packages]cran.registry:packages.cran.registry \
	--remap [packages]cran.install:packages.cran.install \
	--remap [packages]debian.registry:packages.debian.registry \
	--remap [packages]debian.registry.info:packages.debian.registry.info \
	--remap [packages]debian.install:packages.debian.install \
	--remap [packages]debian.repository:packages.debian.repository \
	--remap [packages]debian.repository.distributions:packages.debian.repository.distributions \
	--remap [packages]debian.repository.components:packages.debian.repository.components \
	--remap [packages]debian.repository.architectures:packages.debian.repository.architectures \
	--remap [packages]generic.download:packages.generic.download \
	--remap [packages]go.install:packages.go.install \
	--remap [packages]helm.registry:packages.helm.registry \
	--remap [packages]helm.install:packages.helm.install \
	--remap [packages]maven.registry:packages.maven.registry \
	--remap [packages]maven.install:packages.maven.install \
	--remap [packages]maven.install2:packages.maven.install2 \
	--remap [packages]maven.download:packages.maven.download \
	--remap [packages]nuget.registry:packages.nuget.registry \
	--remap [packages]nuget.install:packages.nuget.install \
	--remap [packages]nuget.dependency.framework:packages.nuget.dependency.framework \
	--remap [packages]npm.registry:packages.npm.registry \
	--remap [packages]npm.install:packages.npm.install \
	--remap [packages]npm.install2:packages.npm.install2 \
	--remap [packages]npm.dependencies:packages.npm.dependencies \
	--remap [packages]npm.dependencies.development:packages.npm.dependencies.development \
	--remap [packages]npm.dependencies.bundle:packages.npm.dependencies.bundle \
	--remap [packages]npm.dependencies.peer:packages.npm.dependencies.peer \
	--remap [packages]npm.dependencies.optional:packages.npm.dependencies.optional \
	--remap [packages]npm.details.tag:packages.npm.details.tag \
	--remap [packages]pub.install:packages.pub.install \
	--remap [packages]pypi.requires:packages.pypi.requires \
	--remap [packages]pypi.install:packages.pypi.install \
	--remap [packages]rpm.registry:packages.rpm.registry \
	--remap [packages]rpm.distros.redhat:packages.rpm.distros.redhat \
	--remap [packages]rpm.distros.suse:packages.rpm.distros.suse \
	--remap [packages]rpm.install:packages.rpm.install \
	--remap [packages]rpm.repository:packages.rpm.repository \
	--remap [packages]rpm.repository.architectures:packages.rpm.repository.architectures \
	--remap [packages]rpm.repository.multiple_groups:packages.rpm.repository.multiple_groups \
	--remap [packages]alt.registry:packages.alt.registry \
	--remap [packages]alt.registry.install:packages.alt.registry.install \
	--remap [packages]alt.install:packages.alt.install \
	--remap [packages]alt.setup:packages.alt.setup \
	--remap [packages]alt.repository:packages.alt.repository \
	--remap [packages]alt.repository.architectures:packages.alt.repository.architectures \
	--remap [packages]alt.repository.multiple_groups:packages.alt.repository.multiple_groups \
	--remap [packages]rubygems.install:packages.rubygems.install \
	--remap [packages]rubygems.install2:packages.rubygems.install2 \
	--remap [packages]rubygems.dependencies.runtime:packages.rubygems.dependencies.runtime \
	--remap [packages]rubygems.dependencies.development:packages.rubygems.dependencies.development \
	--remap [packages]rubygems.required.ruby:packages.rubygems.required.ruby \
	--remap [packages]rubygems.required.rubygems:packages.rubygems.required.rubygems \
	--remap [packages]swift.registry:packages.swift.registry \
	--remap [packages]swift.install:packages.swift.install \
	--remap [packages]swift.install2:packages.swift.install2 \
	--remap [packages]vagrant.install:packages.vagrant.install \
	--remap [packages]settings.link:packages.settings.link \
	--remap [packages]settings.link.description:packages.settings.link.description \
	--remap [packages]settings.link.select:packages.settings.link.select \
	--remap [packages]settings.link.button:packages.settings.link.button \
	--remap [packages]settings.link.success:packages.settings.link.success \
	--remap [packages]settings.link.error:packages.settings.link.error \
	--remap [packages]settings.delete:packages.settings.delete \
	--remap [packages]settings.delete.description:packages.settings.delete.description \
	--remap [packages]settings.delete.notice:packages.settings.delete.notice \
	--remap [packages]settings.delete.success:packages.settings.delete.success \
	--remap [packages]settings.delete.error:packages.settings.delete.error \
	--remap [packages]owner.settings.cargo.title:packages.owner.settings.cargo.title \
	--remap [packages]owner.settings.cargo.initialize:packages.owner.settings.cargo.initialize \
	--remap [packages]owner.settings.cargo.initialize.description:packages.owner.settings.cargo.initialize.description \
	--remap [packages]owner.settings.cargo.initialize.error:packages.owner.settings.cargo.initialize.error \
	--remap [packages]owner.settings.cargo.initialize.success:packages.owner.settings.cargo.initialize.success \
	--remap [packages]owner.settings.cargo.rebuild:packages.owner.settings.cargo.rebuild \
	--remap [packages]owner.settings.cargo.rebuild.description:packages.owner.settings.cargo.rebuild.description \
	--remap [packages]owner.settings.cargo.rebuild.error:packages.owner.settings.cargo.rebuild.error \
	--remap [packages]owner.settings.cargo.rebuild.success:packages.owner.settings.cargo.rebuild.success \
	--remap [packages]owner.settings.cargo.rebuild.no_index:packages.owner.settings.cargo.rebuild.no_index \
	--remap [packages]owner.settings.cleanuprules.title:packages.owner.settings.cleanuprules.title \
	--remap [packages]owner.settings.cleanuprules.add:packages.owner.settings.cleanuprules.add \
	--remap [packages]owner.settings.cleanuprules.edit:packages.owner.settings.cleanuprules.edit \
	--remap [packages]owner.settings.cleanuprules.none:packages.owner.settings.cleanuprules.none \
	--remap [packages]owner.settings.cleanuprules.preview:packages.owner.settings.cleanuprules.preview \
	--remap [packages]owner.settings.cleanuprules.preview.overview:packages.owner.settings.cleanuprules.preview.overview \
	--remap [packages]owner.settings.cleanuprules.preview.none:packages.owner.settings.cleanuprules.preview.none \
	--remap [packages]owner.settings.cleanuprules.pattern_full_match:packages.owner.settings.cleanuprules.pattern_full_match \
	--remap [packages]owner.settings.cleanuprules.keep.title:packages.owner.settings.cleanuprules.keep.title \
	--remap [packages]owner.settings.cleanuprules.keep.count:packages.owner.settings.cleanuprules.keep.count \
	--remap [packages]owner.settings.cleanuprules.keep.pattern:packages.owner.settings.cleanuprules.keep.pattern \
	--remap [packages]owner.settings.cleanuprules.keep.pattern.container:packages.owner.settings.cleanuprules.keep.pattern.container \
	--remap [packages]owner.settings.cleanuprules.remove.title:packages.owner.settings.cleanuprules.remove.title \
	--remap [packages]owner.settings.cleanuprules.remove.days:packages.owner.settings.cleanuprules.remove.days \
	--remap [packages]owner.settings.cleanuprules.remove.pattern:packages.owner.settings.cleanuprules.remove.pattern \
	--remap [packages]owner.settings.cleanuprules.success.update:packages.owner.settings.cleanuprules.success.update \
	--remap [packages]owner.settings.cleanuprules.success.delete:packages.owner.settings.cleanuprules.success.delete \
	--remap [packages]owner.settings.chef.title:packages.owner.settings.chef.title \
	--remap [packages]owner.settings.chef.keypair:packages.owner.settings.chef.keypair \
	--remap [packages]owner.settings.chef.keypair.description:packages.owner.settings.chef.keypair.description
```

In en-US the strings were manually moved lower in the file, before the `actions` section. Weblate proposes strings sequentially to translators, and would be really awkward to start a translation with `packages`.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10979
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 options/locale/locale_ar.ini          |  34 -----
 options/locale/locale_bg.ini          | 157 -----------------------
 options/locale/locale_cs-CZ.ini       | 172 -------------------------
 options/locale/locale_da.ini          | 172 -------------------------
 options/locale/locale_de-DE.ini       | 172 -------------------------
 options/locale/locale_el-GR.ini       | 172 -------------------------
 options/locale/locale_en-US.ini       | 172 -------------------------
 options/locale/locale_eo.ini          |   4 +-
 options/locale/locale_es-ES.ini       | 170 -------------------------
 options/locale/locale_et.ini          |   3 +-
 options/locale/locale_fa-IR.ini       |   3 -
 options/locale/locale_fi-FI.ini       | 152 ----------------------
 options/locale/locale_fil.ini         | 172 -------------------------
 options/locale/locale_fr-FR.ini       | 172 -------------------------
 options/locale/locale_ga-IE.ini       | 142 ---------------------
 options/locale/locale_hu-HU.ini       |   3 -
 options/locale/locale_id-ID.ini       |   3 -
 options/locale/locale_is-IS.ini       |  20 ---
 options/locale/locale_it-IT.ini       | 172 -------------------------
 options/locale/locale_ja-JP.ini       | 149 ----------------------
 options/locale/locale_ka.ini          |  40 ------
 options/locale/locale_kab.ini         |  18 ---
 options/locale/locale_ko-KR.ini       |  10 +-
 options/locale/locale_lv-LV.ini       | 172 -------------------------
 options/locale/locale_nds.ini         | 172 -------------------------
 options/locale/locale_nl-NL.ini       | 172 -------------------------
 options/locale/locale_pl-PL.ini       | 172 -------------------------
 options/locale/locale_pt-BR.ini       | 172 -------------------------
 options/locale/locale_pt-PT.ini       | 172 -------------------------
 options/locale/locale_ru-RU.ini       | 172 -------------------------
 options/locale/locale_si-LK.ini       |   3 -
 options/locale/locale_sk-SK.ini       |   2 -
 options/locale/locale_sl.ini          |   1 -
 options/locale/locale_sv-SE.ini       | 172 -------------------------
 options/locale/locale_ta.ini          | 175 --------------------------
 options/locale/locale_th.ini          | 175 --------------------------
 options/locale/locale_tr-TR.ini       | 147 ----------------------
 options/locale/locale_uk-UA.ini       | 172 -------------------------
 options/locale/locale_vi.ini          |  12 +-
 options/locale/locale_zh-CN.ini       | 172 -------------------------
 options/locale/locale_zh-HK.ini       |   4 -
 options/locale/locale_zh-TW.ini       | 172 -------------------------
 options/locale_next/locale_ar.json    |  34 +++++
 options/locale_next/locale_bg.json    | 157 +++++++++++++++++++++++
 options/locale_next/locale_cs-CZ.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_da.json    | 172 +++++++++++++++++++++++++
 options/locale_next/locale_de-DE.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_el-GR.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_en-US.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_eo.json    |   1 +
 options/locale_next/locale_es-ES.json | 170 +++++++++++++++++++++++++
 options/locale_next/locale_et.json    |   1 +
 options/locale_next/locale_fa-IR.json |   3 +
 options/locale_next/locale_fi-FI.json | 152 ++++++++++++++++++++++
 options/locale_next/locale_fil.json   | 172 +++++++++++++++++++++++++
 options/locale_next/locale_fr-FR.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_ga.json    | 142 +++++++++++++++++++++
 options/locale_next/locale_hu-HU.json |   3 +
 options/locale_next/locale_id-ID.json |   3 +
 options/locale_next/locale_is-IS.json |  20 +++
 options/locale_next/locale_it-IT.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_ja-JP.json | 148 ++++++++++++++++++++++
 options/locale_next/locale_ka.json    |  40 ++++++
 options/locale_next/locale_kab.json   |  15 +++
 options/locale_next/locale_ko-KR.json |   8 ++
 options/locale_next/locale_lv-LV.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_nds.json   | 172 +++++++++++++++++++++++++
 options/locale_next/locale_nl-NL.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_pl-PL.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_pt-BR.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_pt-PT.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_ru-RU.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_si-LK.json |   3 +
 options/locale_next/locale_sk-SK.json |   2 +
 options/locale_next/locale_sl.json    |   1 +
 options/locale_next/locale_sv-SE.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_ta.json    | 172 +++++++++++++++++++++++++
 options/locale_next/locale_th.json    | 172 +++++++++++++++++++++++++
 options/locale_next/locale_tr-TR.json | 146 +++++++++++++++++++++
 options/locale_next/locale_uk-UA.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_vi.json    |   6 +
 options/locale_next/locale_zh-CN.json | 172 +++++++++++++++++++++++++
 options/locale_next/locale_zh-HK.json |   4 +
 options/locale_next/locale_zh-TW.json | 172 +++++++++++++++++++++++++
 84 files changed, 4677 insertions(+), 4689 deletions(-)

diff --git a/options/locale/locale_ar.ini b/options/locale/locale_ar.ini
index 256692c080..ee7bac75a6 100644
--- a/options/locale/locale_ar.ini
+++ b/options/locale/locale_ar.ini
@@ -1817,41 +1817,7 @@ use_onetime_code = استخدم رمزًا لمرة واحدة
 unauthorized_credentials = بيانات الاعتماد غير صحيحة أو انتهت صلاحيتها. أعد محاولة تنفيذ الأمر أو راجع %s لمزيد من المعلومات
 
 [packages]
-rpm.repository.multiple_groups = هذه الحزمة متوفرة في مجموعات متعددة.
-rpm.repository.architectures = بنيات
-rpm.repository = معلومات المستودع
-settings.delete.notice = أنت على وشك حذف %s (%s). هذه العملية لا رجعة فيها، هل أنت متأكد؟
-settings.link.select = اختر المستودع
-settings.link.button = حدّث رابط المستودع
-swift.install = اضف الحزمة إلى ملف <code>Package.swift</code>:
-settings.delete = حذف الحزمة
-settings.link.success = تم تحديث رابط المستودع بنجاح.
-title = حزم
-details.project_site = موقع المشروع
-filter.type = النوع
-details.author = الكاتب
-details.repository_site = موقع المستودع
-settings.link.description = اذا ربطت حزمة مع مستودع، الحزمة سوف تُدرع تحت قائمة الحزم لدى المستودع.
-versions = الاصدارات
-requirements = المتطلبات
-installation = التثبيت
-settings.delete.success = تم حذف الحزمة.
-keywords = الكلمات المفتاحية
-settings.link = اربط هذه الحزمة بمستودع
-details.license = الترخيص
-filter.type.all = الكل
-settings.delete.error = فشل حذف الحزمة.
-details = التفاصيل
-about = عن هذه الحزمة
-settings.link.error = فشل تحديث رابط المستودع.
-empty = لا يوجد حزم بعد.
-dependency.version = الاصدار
-settings.delete.description = إن حذف الحزمة إجراء نهائي ولا يمكن عكسه.
 desc = إدارة حزم المستودع.
-alpine.registry.key = نزّل مفتاح RSA العام للتسجيل في المجلد <code>/etc/apk/keys/</code> للتحقق من توقيع الفهرس:
-generic.download = نزّل الحزمة عبر سطر الأوامر:
-filter.container.untagged = غير موسوم
-filter.container.tagged = موسوم
 
 [heatmap]
 less = أقل
diff --git a/options/locale/locale_bg.ini b/options/locale/locale_bg.ini
index 8efe46fffd..96f34afaca 100644
--- a/options/locale/locale_bg.ini
+++ b/options/locale/locale_bg.ini
@@ -384,168 +384,11 @@ quota.sizes.repos.all = Хранилища
 quota.sizes.assets.attachments.issues = Прикачени файлове към задачи
 
 [packages]
-container.labels.value = Стойност
-alpine.repository.repositories = Хранилища
-dependency.version = Версия
-title = Пакети
-empty = Все още няма пакети.
-empty.documentation = За повече информация относно регистъра на пакетите вижте <a target="_blank" rel="noopener noreferrer" href="%s">документацията</a>.
-container.labels.key = Ключ
-requirements = Изисквания
-details = Подробности
-details.license = Лиценз
-container.labels = Етикети
-versions = Версии
-empty.repo = Качихте ли пакет, но той не се показва тук? Отидете в <a href="%[1]s">настройките за пакети</a> и го свържете към това хранилище.
-keywords = Ключови думи
-details.author = Автор
-about = Относно този пакет
-settings.delete.success = Пакетът е изтрит.
-settings.delete = Изтриване на пакета
-container.details.platform = Платформа
-settings.delete.error = Неуспешно изтриване на пакет.
-installation = Инсталация
-versions.view_all = Вижте всички
-dependencies = Зависимости
-published_by_in = Публикуван %[1]s от <a href="%[2]s">%[3]s</a> в <a href="%[4]s"><strong>%[5]s</strong></a>
-published_by = Публикуван %[1]s от <a href="%[2]s">%[3]s</a>
-generic.download = Изтеглете пакета от командния ред:
-container.details.type = Тип образ
-alpine.repository = За хранилището
-container.images.title = Образи
-arch.version.description = Описание
-search_in_external_registry = Търсене в %s
-filter.type = Тип
-filter.container.untagged = Без маркер
-filter.type.all = Всички
-registry.documentation = За повече информация относно регистъра %s, вижте <a target="_blank" rel="noopener noreferrer" href="%s">документацията</a>.
-filter.no_result = Вашият филтър не даде резултати.
-filter.container.tagged = С маркер
-arch.pacman.repo.multi = %s има същата версия в различни дистрибуции.
-arch.pacman.helper.gpg = Добавете доверителен сертификат за pacman:
-alpine.repository.architectures = Архитектури
-arch.version.provides = Доставя
-arch.version.groups = Група
-details.project_site = Уебсайт на проекта
-arch.pacman.conf = Добавете сървър със свързаната дистрибуция и архитектура към <code>/etc/pacman.conf</code> :
-arch.pacman.sync = Синхронизирайте пакета с pacman:
-details.repository_site = Уебсайт на хранилището
-arch.version.depends = Зависимости
-arch.version.optdepends = Допълнителни зависимости
-arch.version.replaces = Заменя
-go.install = Инсталирайте пакета от командния ред:
-cargo.registry = Настройте този регистър в конфигурационния файл на Cargo (например <code>~/.cargo/config.toml</code>):
-cargo.install = За да инсталирате пакета с Cargo, изпълнете следната команда:
-details.documentation_site = Уебсайт на документацията
-arch.version.conflicts = В конфликт
-alpine.repository.branches = Клонове
-arch.pacman.repo.multi.item = Конфигурация за %s
-container.multi_arch = ОС / Архитектура
-rpm.repository = Информация за хранилището
-container.pull = Издърпайте образа от командния ред:
-helm.registry = Настройте този регистър от командния ред:
-debian.repository.distributions = Дистрибуции
-npm.dependencies.optional = Опционални зависимости
-owner.settings.cargo.title = Индекс на регистъра на Cargo
-owner.settings.cleanuprules.keep.pattern.container = Версията <code>latest</code> винаги се запазва за Container пакети.
-owner.settings.cleanuprules.remove.pattern = Премахване на версии, съответстващи на
-rpm.distros.suse = на дистрибуции, базирани на SUSE
-owner.settings.cleanuprules.preview.overview = %d пакета са насрочени за премахване.
-owner.settings.cleanuprules.preview = Преглед на правило за почистване
-arch.version.properties = Свойства на версията
-conan.registry = Настройте този регистър от командния ред:
 conan.details.repository = Хранилище
-composer.install = За да инсталирате пакета с Composer, изпълнете следната команда:
-chef.install = За да инсталирате пакета, изпълнете следната команда:
-chef.registry = Настройте този регистър във вашия файл <code>~/.chef/config.rb</code>:
-pub.install = За да инсталирате пакета с Dart, изпълнете следната команда:
-npm.details.tag = Маркер
-npm.install = За да инсталирате пакета с npm, изпълнете следната команда:
-maven.registry = Настройте този регистър във файла на вашия проект <code>pom.xml</code>:
-debian.repository.components = Компоненти
-debian.install = За да инсталирате пакета, изпълнете следната команда:
-cran.install = За да инсталирате пакета, изпълнете следната команда:
-cran.registry = Настройте този регистър във вашия файл <code>Rprofile.site</code>:
-rpm.distros.redhat = на дистрибуции, базирани на RedHat
-alt.registry = Настройте този регистър от командния ред:
-rpm.repository.architectures = Архитектури
-alt.registry.install = За да инсталирате пакета, изпълнете следната команда:
-alt.setup = Добавете хранилище към списъка със свързани хранилища (изберете необходимата архитектура вместо „_arch_“):
-alt.repository = Информация за хранилището
-owner.settings.cargo.initialize.error = Неуспешно инициализиране на индекса на Cargo: %v
-owner.settings.cargo.initialize = Инициализиране на индекс
-settings.delete.description = Изтриването на пакет е трайно и не може да бъде отменено.
-alt.repository.multiple_groups = Този пакет е наличен в няколко групи.
-alt.repository.architectures = Архитектури
-owner.settings.chef.title = Регистър на Chef
-owner.settings.cleanuprules.remove.days = Премахване на версии, по-стари от
-owner.settings.cleanuprules.keep.pattern = Запазване на версии, съответстващи на
 owner.settings.cleanuprules.keep.count.n = %d версии на пакет
 owner.settings.cleanuprules.keep.count.1 = 1 версия на пакет
-owner.settings.cleanuprules.keep.count = Запазване на най-новите
 owner.settings.cleanuprules.enabled = Включено
-owner.settings.cleanuprules.preview.none = Правилото за почистване не съвпада с нито един пакет.
-owner.settings.cleanuprules.none = Все още няма правила за почистване.
-owner.settings.cleanuprules.add = Добавяне на правило за почистване
-owner.settings.cleanuprules.title = Правила за почистване
-owner.settings.cargo.rebuild.success = Индексът на Cargo беше успешно преизграден.
-alpine.registry.key = Изтеглете публичния RSA ключ на регистъра в папката <code>/etc/apk/keys/</code>, за да проверите подписа на индекса:
-alpine.registry.info = Изберете $branch и $repository от списъка по-долу.
-arch.version.checkdepends = Зависимости за проверката
-composer.dependencies = Зависимости
-swift.install = Добавете пакета във вашия файл <code>Package.swift</code>:
-settings.link.error = Неуспешно обновяване на връзката на хранилището.
-swift.install2 = и изпълнете следната команда:
-rpm.repository.multiple_groups = Този пакет е наличен в няколко групи.
-conda.registry = Настройте този регистър като Conda хранилище във вашия файл <code>.condarc</code>:
-conda.install = За да инсталирате пакета с Conda, изпълнете следната команда:
-owner.settings.cargo.rebuild.error = Неуспешно преизграждане на индекса на Cargo: %v
-owner.settings.cargo.rebuild = Преизграждане на индекс
-settings.link.button = Обновяване на връзката на хранилището
-settings.link.select = Изберете хранилище
-debian.repository.architectures = Архитектури
-rpm.registry = Настройте този регистър от командния ред:
-debian.registry = Настройте този регистър от командния ред:
-helm.install = За да инсталирате пакета, изпълнете следната команда:
-swift.registry = Настройте този регистър от командния ред:
-settings.link = Свързване на този пакет с хранилище
-settings.link.description = Ако свържете пакет с хранилище, пакетът се изброява в списъка с пакети на хранилището.
-settings.link.success = Връзката на хранилището беше успешно обновена.
-owner.settings.cleanuprules.pattern_full_match = Прилагане на шаблона към пълното име на пакета
-owner.settings.cleanuprules.keep.title = Версиите, които съответстват на тези правила, се запазват, дори ако съответстват на правило за премахване по-долу.
-debian.repository = Информация за хранилището
-maven.install = За да използвате пакета, включете следното в блока <code>dependencies</code> във файла <code>pom.xml</code>:
-nuget.install = За да инсталирате пакета с NuGet, изпълнете следната команда:
-alt.install = Инсталиране на пакет
-owner.settings.cleanuprules.edit = Редактиране на правилото за почистване
-rpm.install = За да инсталирате пакета, изпълнете следната команда:
-pypi.install = За да инсталирате пакета с pip, изпълнете следната команда:
-arch.version.makedepends = Зависимости за изграждането
-alpine.install = За да инсталирате пакета, изпълнете следната команда:
 desc = Управление на пакетите на хранилището.
-owner.settings.cargo.rebuild.no_index = Не може да се преизгради, няма инициализиран индекс.
-owner.settings.cargo.rebuild.description = Преизграждането може да бъде полезно, ако индексът не е синхронизиран със съхранените Cargo пакети.
-owner.settings.cargo.initialize.description = Необходимо е специално Git хранилище за индекс, за да се използва регистърът на Cargo. Използването на тази опция ще (пре)създаде хранилището и ще го конфигурира автоматично.
-pypi.requires = Изисква Python
-debian.registry.info = Изберете $distribution и $component от списъка по-долу.
-alpine.registry = Настройте този регистър, като добавите URL адреса във вашия файл <code>/etc/apk/repositories</code>:
-owner.settings.cargo.initialize.success = Индексът на Cargo беше успешно създаден.
-npm.registry = Настройте този регистър във файла на вашия проект <code>.npmrc</code>:
-owner.settings.chef.keypair = Генериране на двойка ключове
-owner.settings.chef.keypair.description = Заявките, изпратени до регистъра на Chef, трябва да бъдат криптографски подписани като средство за удостоверяване. При генериране на двойка ключове, само публичният ключ се съхранява във Forgejo. Частният ключ ви се предоставя, за да се използва с knife. Генерирането на нова двойка ключове ще презапише предишната.
-owner.settings.cleanuprules.remove.title = Версиите, които съответстват на тези правила, се премахват, освен ако правило по-горе не казва да се запазят.
-nuget.registry = Настройте този регистър от командния ред:
-owner.settings.cleanuprules.success.update = Правилото за почистване е обновено.
-settings.delete.notice = На път сте да изтриете %s (%s). Тази операция е необратима, сигурни ли сте?
-npm.install2 = или го добавете във файла package.json:
-owner.settings.cleanuprules.success.delete = Правилото за почистване е изтрито.
-vagrant.install = За да добавите Vagrant box, изпълнете следната команда:
-nuget.dependency.framework = Целева платформа
-maven.install2 = Изпълнете през командния ред:
-maven.download = За да изтеглите зависимостта, изпълнете през командния ред:
-container.layers = Слоеве на образа
-conan.install = За да инсталирате пакета с Conan, изпълнете следната команда:
-composer.registry = Настройте този регистър във вашия файл <code>~/.composer/config.json</code>:
 
 [tool]
 hours = %d часа
diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index d3626ed677..3a0e3d564f 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -3533,183 +3533,11 @@ error.no_unit_allowed_repo=Nejste oprávněni přistupovat k žádné části to
 error.unit_not_allowed=Nejste oprávněni přistupovat k této části repozitáře.
 
 [packages]
-title=Balíčky
 desc=Správa balíčků repozitáře.
-empty=Zatím zde nejsou žádné balíčky.
-empty.documentation=Další informace o registru balíčků naleznete v <a target="_blank" rel="noopener noreferrer" href="%s">dokumentaci</a>.
-empty.repo=Nahráli jste balíček, ale nezobrazil se zde? Přejděte na <a href="%[1]s">nastavení balíčku</a> a propojte jej s tímto repozitářem.
-registry.documentation=Další informace o registru %s naleznete v <a target="_blank" rel="noopener noreferrer" href="%s">dokumentaci</a>.
-filter.type=Typ
-filter.type.all=Vše
-filter.no_result=Váš filtr nepřinesl žádné výsledky.
-filter.container.tagged=Označeno
-filter.container.untagged=Neoznačeno
-published_by=Zveřejněno %[1]s od <a href="%[2]s">%[3]s</a>
-published_by_in=Zveřejněno %[1]s od <a href="%[2]s">%[3]s</a> v <a href="%[4]s"><strong>%[5]s</strong></a>
-installation=Instalace
-about=O tomto balíčku
-requirements=Požadavky
-dependencies=Závislosti
-keywords=Klíčová slova
-details=Podrobnosti
-details.author=Autor
-details.project_site=Web projektu
-details.repository_site=Web repositáře
-details.documentation_site=Web dokumentace
-details.license=Licence
-assets=Prostředky
-versions=Verze
-versions.view_all=Zobrazit všechny
-dependency.id=ID
-dependency.version=Verze
-alpine.registry=Nastavte tento registr přidáním URL do <code>/etc/apk/repositories</code>:
-alpine.registry.key=Stáhněte si veřejný RSA klíč registru do složky <code>/etc/apk/keys/</code> pro ověření podpisu indexu:
-alpine.registry.info=Vyberte $branch a $repository ze seznamu níže.
-alpine.install=Pro instalaci balíčku spusťte následující příkaz:
-alpine.repository=Informace o repozitáři
-alpine.repository.branches=Větve
-alpine.repository.repositories=Repozitáře
-alpine.repository.architectures=Architektury
-cargo.registry=Nastavte tento registr v konfiguračním souboru Cargo (například <code>~/.cargo/config.toml</code>):
-cargo.install=Chcete-li nainstalovat balíček pomocí Cargo, spusťte následující příkaz:
-chef.registry=Nastavit tento registr v souboru <code>~/.chef/config.rb</code>:
-chef.install=Pro instalaci balíčku spusťte následující příkaz:
-composer.registry=Nastavit tento registr v souboru <code>~/.composer/config.json</code>:
-composer.install=Pro instalaci balíčku pomocí Compposer spusťte následující příkaz:
-composer.dependencies=Závislosti
-composer.dependencies.development=Vývojové závislosti
 conan.details.repository=Repozitář
-conan.registry=Nastavte tento registr z příkazového řádku:
-conan.install=Pro instalaci balíčku pomocí Conan spusťte následující příkaz:
-conda.registry=Nastavte tento registr jako Conda repozitář ve vašem <code>.condarc</code>:
-conda.install=Pro instalaci balíčku pomocí Conda spusťte následující příkaz:
-container.details.type=Typ obrazu
-container.details.platform=Platforma
-container.pull=Stáhnout obraz z příkazové řádky:
-container.digest=Výběr
-container.multi_arch=OS/architektura
-container.layers=Vrstvy obrazu
-container.labels=Štítky
-container.labels.key=Klíč
-container.labels.value=Hodnota
-cran.registry=Nastavte tento registr v souboru <code>Rprofile.site</code>:
-cran.install=Pro instalaci balíčku spusťte následující příkaz:
-debian.registry=Nastavte tento registr z příkazového řádku:
-debian.registry.info=Vyberte $distribution a $component ze seznamu níže.
-debian.install=Pro instalaci balíčku spusťte následující příkaz:
-debian.repository=Informace o repozitáři
-debian.repository.distributions=Distribuce
-debian.repository.components=Komponenty
-debian.repository.architectures=Architektury
-generic.download=Stáhnout balíček z příkazové řádky:
-go.install=Nainstalovat balíček z příkazové řádky:
-helm.registry=Nastavte tento registr z příkazového řádku:
-helm.install=Pro instalaci balíčku spusťte následující příkaz:
-maven.registry=Nastavte tento registr ve vašem projektu <code>pom.xml</code> souboru:
-maven.install=Pro použití balíčku uveďte následující v bloku <code>dependencies</code> v souboru <code>pom.xml</code>:
-maven.install2=Spustit pomocí příkazové řádky:
-maven.download=Chcete-li stáhnout závislost, spusťte přes příkazový řádek:
-nuget.registry=Nastavte tento registr z příkazového řádku:
-nuget.install=Chcete-li nainstalovat balíček pomocí NuGet, spusťte následující příkaz:
-nuget.dependency.framework=Cílový Framework
-npm.registry=Nastavte tento registr ve vašem projektu v souboru <code>.npmrc</code>:
-npm.install=Pro instalaci balíčku pomocí npm spusťte následující příkaz:
-npm.install2=nebo ho přidejte do souboru package.json:
-npm.dependencies=Závislosti
-npm.dependencies.development=Vývojové závislosti
-npm.dependencies.peer=Vzájemné závislosti
-npm.dependencies.optional=Volitelné závislosti
-npm.details.tag=Značka
-pub.install=Chcete-li nainstalovat balíček pomocí Dart, spusťte následující příkaz:
-pypi.requires=Vyžaduje Python
-pypi.install=Pro instalaci balíčku pomocí pip spusťte následující příkaz:
-rpm.registry=Nastavte tento registr z příkazového řádku:
-rpm.distros.redhat=na distribuce založené na RedHat
-rpm.distros.suse=na distribuce založené na SUSE
-rpm.install=Pro instalaci balíčku spusťte následující příkaz:
-rpm.repository=Informace o repozitáři
-rpm.repository.architectures=Architektury
-rpm.repository.multiple_groups = Tento balíček je dostupný v několika skupinách.
-rubygems.install=Pro instalaci balíčku pomocí gem spusťte následující příkaz:
-rubygems.install2=nebo ho přidejte do Gemfie:
-rubygems.dependencies.runtime=Běhové závislosti
-rubygems.dependencies.development=Vývojové závislosti
-rubygems.required.ruby=Vyžaduje verzi Ruby
-rubygems.required.rubygems=Vyžaduje verzi RubyGem
-swift.registry=Nastavte tento registr z příkazového řádku:
-swift.install=Přidejte balíček do svého <code>Package.swift</code> souboru:
-swift.install2=a spustit následující příkaz:
-vagrant.install=Pro přidání Vagrant box spusťte následující příkaz:
-settings.link=Propojit tento balíček s repozitářem
-settings.link.description=Pokud propojíte balíček s repozitářem, je tento balíček uveden v seznamu balíčků repozitáře.
-settings.link.select=Vybrat repozitář
-settings.link.button=Aktualizovat odkaz na repozitář
-settings.link.success=Odkaz na repozitář byl úspěšně aktualizován.
-settings.link.error=Nepodařilo se aktualizovat odkaz na repozitář.
-settings.delete=Odstranit balíček
-settings.delete.description=Smazání balíčku je trvalé a nelze ho vrátit zpět.
-settings.delete.notice=Chystáte se odstranit %s (%s). Tato operace je nevratná, jste si jisti?
-settings.delete.success=Balíček byl odstraněn.
-settings.delete.error=Nepodařilo se odstranit balíček.
-owner.settings.cargo.title=Index registru Cargo
-owner.settings.cargo.initialize=Inicializovat index
-owner.settings.cargo.initialize.description=Pro použití registru Cargo je zapotřebí speciální index Git. Použití této možnosti (znovu) vytvoří repozitář a automaticky jej nastaví.
-owner.settings.cargo.initialize.error=Nepodařilo se inicializovat Cargo index: %v
-owner.settings.cargo.initialize.success=Index Cargo byl úspěšně vytvořen.
-owner.settings.cargo.rebuild=Znovu vytvořit index
-owner.settings.cargo.rebuild.error=Obnovení Cargo indexu se nezdařilo: %v
-owner.settings.cargo.rebuild.success=Index Cargo byl úspěšně znovu sestaven.
-owner.settings.cleanuprules.title=Pravidla čištění
-owner.settings.cleanuprules.add=Přidat pravidlo pro čištění
-owner.settings.cleanuprules.edit=Upravit pravidlo pro čištění
-owner.settings.cleanuprules.none=Zatím nejsou k dispozici žádná pravidla čištění.
-owner.settings.cleanuprules.preview=Náhled pravidla pro čištění
-owner.settings.cleanuprules.preview.overview=%d balíčků má být odstraněno.
-owner.settings.cleanuprules.preview.none=Pravidlo čištění neodpovídá žádným balíčkům.
 owner.settings.cleanuprules.enabled=Povolený
-owner.settings.cleanuprules.pattern_full_match=Použít vzor na úplný název balíčku
-owner.settings.cleanuprules.keep.title=Verze, které odpovídají těmto pravidlům, jsou zachovány, i když odpovídají níže uvedenému pravidlu pro odstranění.
-owner.settings.cleanuprules.keep.count=Zachovat nejnovější
 owner.settings.cleanuprules.keep.count.1=1 verze na balíček
 owner.settings.cleanuprules.keep.count.n=%d verzí na balíček
-owner.settings.cleanuprules.keep.pattern=Ponechat odpovídající verze
-owner.settings.cleanuprules.keep.pattern.container=U balíčků Container je vždy zachována <code>nejnovější</code> verze.
-owner.settings.cleanuprules.remove.title=Verze, které odpovídají těmto pravidlům, jsou odstraněny, pokud výše uvedené pravidlo neukládá jejich zachování.
-owner.settings.cleanuprules.remove.days=Odstranit verze starší než
-owner.settings.cleanuprules.remove.pattern=Odstranit odpovídající verze
-owner.settings.cleanuprules.success.update=Pravidlo pro čištění bylo aktualizováno.
-owner.settings.cleanuprules.success.delete=Pravidlo pro čištění bylo odstraněno.
-owner.settings.chef.title=Registr Chef
-owner.settings.chef.keypair=Generovat pár klíčů
-owner.settings.chef.keypair.description=Žádosti odeslané do registru Chef musí být kryptograficky podepsané jako způsob ověření. Při generování páru klíčů je ve službě Forgejo uložen pouze veřejný klíč. Soukromý klíč je poskytnut vám, abyste jej mohli použít s programem knife. Vygenerováním nového páru klíčů přepíšete ten předchozí.
-owner.settings.cargo.rebuild.description = Opětovné sestavení může být užitečné, pokud není index synchronizován s uloženými balíčky Cargo.
-owner.settings.cargo.rebuild.no_index = Opětovné vytvoření selhalo, nebyl inicializován žádný index.
-npm.dependencies.bundle = Přidružené závislosti
-arch.pacman.helper.gpg = Přidat certifikát důvěryhodnosti do nástroje pacman:
-arch.pacman.repo.multi = %s má stejnou verzi v různých distribucích.
-arch.pacman.repo.multi.item = Nastavení pro %s
-arch.pacman.conf = Přidejte server s odpovídající distribucí a architekturou do <code>/etc/pacman.conf</code> :
-arch.pacman.sync = Synchronizace balíčku nástrojem pacman:
-arch.version.properties = Vlastnosti verze
-arch.version.description = Popis
-arch.version.provides = Poskytuje
-arch.version.groups = Skupina
-arch.version.depends = Závislosti
-arch.version.optdepends = Volitelné závislosti
-arch.version.makedepends = Závislosti Make
-arch.version.checkdepends = Závislosti Check
-arch.version.conflicts = Konflikty
-arch.version.replaces = Nahrazuje
-arch.version.backup = Záloha
-container.images.title = Obrázky
-search_in_external_registry = Hledat v %s
-alt.install = Instalovat balíček
-alt.setup = Přidejte repozitář do seznamu připojených repozitářů (místo „_arch_“ zvolte potřebnou architekturu):
-alt.repository = Informace o repozitáři
-alt.repository.architectures = Architektury
-alt.repository.multiple_groups = Tento balíček je dostupný v několika skupinách.
-alt.registry = Nastavit tento registr z příkazové řádky:
-alt.registry.install = Pro instalaci balíčku spusťte následující příkaz:
 
 [secrets]
 secrets=Tajné klíče
diff --git a/options/locale/locale_da.ini b/options/locale/locale_da.ini
index f9db1298e0..75164efc9a 100644
--- a/options/locale/locale_da.ini
+++ b/options/locale/locale_da.ini
@@ -3377,183 +3377,11 @@ auths.restricted_filter = Begrænset filter
 auths.user_attribute_in_group = Brugerattribut angivet i gruppen
 
 [packages]
-arch.version.description = Beskrivelse
-container.labels = Etiketter
-rubygems.dependencies.development = Udviklingsafhængigheder
 conan.details.repository = Depot
-conan.registry = Konfigurer dette register fra kommandolinjen:
-rubygems.dependencies.runtime = Kørselsafhængigheder
-rubygems.install = For at installere pakken ved hjælp af gem skal du køre følgende kommando:
-debian.repository = Depot info
-npm.details.tag = Tag
-chef.install = For at installere pakken skal du køre følgende kommando:
-alpine.repository.architectures = Arkitekturer
-composer.dependencies.development = Udviklingsafhængigheder
-alt.repository.multiple_groups = Denne pakke er tilgængelig i flere grupper.
 owner.settings.cleanuprules.enabled = Aktiveret
-helm.registry = Konfigurer dette register fra kommandolinjen:
-alt.registry.install = For at installere pakken skal du køre følgende kommando:
-helm.install = For at installere pakken skal du køre følgende kommando:
-alt.repository.architectures = Arkitekturer
-swift.registry = Konfigurer dette register fra kommandolinjen:
-npm.dependencies.bundle = Samlede afhængigheder
-debian.registry = Konfigurer dette register fra kommandolinjen:
-cran.install = For at installere pakken skal du køre følgende kommando:
-debian.install = For at installere pakken skal du køre følgende kommando:
-pub.install = For at installere pakken ved hjælp af Dart skal du køre følgende kommando:
-pypi.requires = Kræver Python
-nuget.registry = Konfigurer dette register fra kommandolinjen:
-debian.repository.distributions = Fordelinger
-debian.repository.components = Komponenter
-debian.repository.architectures = Arkitekturer
-rpm.repository.multiple_groups = Denne pakke er tilgængelig i flere grupper.
-rubygems.install2 = eller føj det til Gemfilen:
-npm.dependencies.development = Udviklingsafhængigheder
-npm.dependencies.peer = Peer-afhængigheder
-npm.dependencies.optional = Valgfrie afhængigheder
-rpm.registry = Konfigurer dette register fra kommandolinjen:
-rpm.install = For at installere pakken skal du køre følgende kommando:
-alpine.install = For at installere pakken skal du køre følgende kommando:
-alpine.repository = Depot info
-pypi.install = For at installere pakken ved hjælp af pip skal du køre følgende kommando:
-rpm.repository = Depot info
-rpm.repository.architectures = Arkitekturer
-alt.registry = Konfigurer dette register fra kommandolinjen:
-alt.repository = Depot info
-alpine.repository.repositories = Depoter
-search_in_external_registry = Søg i %s
-dependency.version = Version
-alpine.registry = Konfigurer dette register ved at tilføje url'en i din <code>/etc/apk/repositories</code> fil:
-alpine.registry.key = Download den offentlige RSA-nøgle til registreringsdatabasen i mappen <code>/etc/apk/keys/</code> for at bekræfte indekssignaturen:
-alpine.registry.info = Vælg $branch og $repository fra listen nedenfor.
-empty = Der er ingen pakker endnu.
-filter.type.all = Alle
-filter.container.untagged = Umærket
-about = Om denne pakke
-filter.no_result = Dit filter gav ingen resultater.
-dependencies = Afhængigheder
-empty.documentation = For mere information om pakkeregistret, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
-filter.type = Type
-registry.documentation = For mere information om %s registreringsdatabasen, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
-title = Pakker
 desc = Administrer depotpakker.
-empty.repo = Har du uploadet en pakke, men den vises ikke her? Gå til <a href="%[1]s">pakkeindstillinger</a> og link den til denne repo.
-filter.container.tagged = Tagget
-published_by = Udgivet %[1]s af <a href="%[2]s">%[3]s</a>
-published_by_in = Udgivet %[1]s af <a href="%[2]s">%[3]s</a> i <a href="%[4]s"><strong>%[5]s</strong></a>
-installation = Installation
-requirements = Krav
-cran.registry = Konfigurer dette register i din <code>Rprofile.site</code> fil:
-rubygems.required.rubygems = Kræver RubyGem version
-owner.settings.chef.title = Kokkeregister
-owner.settings.chef.keypair = Generer nøglepar
-arch.pacman.repo.multi.item = Konfiguration for %s
-arch.pacman.sync = Synkroniser pakke med pacman:
-arch.version.properties = Versionsegenskaber
-arch.version.provides = Forsyner
-arch.version.checkdepends = Check afhænger
-arch.version.replaces = Erstatter
-conan.install = For at installere pakken ved hjælp af Conan skal du køre følgende kommando:
-conda.registry = Konfigurer dette register som et Conda-depot i din <code>.condarc</code>-fil:
-conda.install = For at installere pakken ved hjælp af Conda skal du køre følgende kommando:
-container.images.title = Billeder
-container.details.type = Billedtype
-container.details.platform = Platform
-container.pull = Træk billedet fra kommandolinjen:
-container.digest = Fordøje
-alt.setup = Tilføj et depot til listen over tilsluttede arkiver (vælg den nødvendige arkitektur i stedet for "_arch_"):
-vagrant.install = For at tilføje en Vagrant-boks skal du køre følgende kommando:
-swift.install2 = og kør følgende kommando:
-settings.link = Link denne pakke til et depot
-settings.link.success = Depotlinket blev opdateret.
-owner.settings.cargo.initialize.description = Et særligt indeks Git-depot er nødvendigt for at bruge Cargo-registret. Brug af denne mulighed vil (gen-)oprette depotet og konfigurere det automatisk.
-settings.delete.notice = Du er ved at slette %s (%s). Denne operation er uigenkaldeligt, er du sikker?
-owner.settings.cargo.title = Lastregisterindeks
-owner.settings.cargo.initialize = Initialiser indeks
-owner.settings.cleanuprules.preview.none = Oprydningsreglen matcher ikke nogen pakker.
-owner.settings.cleanuprules.none = Der er endnu ingen oprydningsregler.
 owner.settings.cleanuprules.keep.count.1 = 1 version pr. pakke
-owner.settings.cleanuprules.preview.overview = %d pakker er planlagt til at blive fjernet.
-owner.settings.cleanuprules.keep.pattern.container = Den <code>seneste</code> version bevares altid for containerpakker.
-settings.delete = Slet pakke
-settings.delete.description = Sletning af en pakke er permanent og kan ikke fortrydes.
 owner.settings.cleanuprules.keep.count.n = %d versioner pr. pakke
-arch.version.makedepends = Gør afhænger
-alt.install = Installer pakken
-composer.registry = Konfigurer dette register i din <code>~/.composer/config.json</code> fil:
-composer.dependencies = Afhængigheder
-settings.delete.success = Pakken er blevet slettet.
-settings.delete.error = Kunne ikke slette pakken.
-owner.settings.cargo.rebuild.error = Kunne ikke genopbygge Cargo-indeks: %v
-owner.settings.cargo.rebuild = Genopbyg indeks
-owner.settings.cleanuprules.preview = Forhåndsvisning af oprydningsregel
-owner.settings.cleanuprules.keep.count = Behold den nyeste
-owner.settings.cleanuprules.keep.pattern = Hold versionerne matchende
-owner.settings.chef.keypair.description = Anmodninger sendt til Chef-registret skal være kryptografisk signeret som et middel til godkendelse. Når et nøglepar genereres, gemmes kun den offentlige nøgle på Forgejo. Den private nøgle gives til dig til brug med Knife. Generering af et nyt nøglepar vil overskrive det forrige.
-maven.install = For at bruge pakken skal du inkludere følgende i blokken <code>afhængigheder</code> i filen <code>pom.xml</code>:
-details = Detaljer
-cargo.registry = Konfigurer dette register i Cargo-konfigurationsfilen (for eksempel <code>~/.cargo/config.toml</code>):
-cargo.install = For at installere pakken ved hjælp af Cargo skal du køre følgende kommando:
-composer.install = For at installere pakken ved hjælp af Composer skal du køre følgende kommando:
-container.multi_arch = OS / Arch
-rubygems.required.ruby = Kræver Ruby version
-swift.install = Tilføj pakken i din <code>Package.swift</code>-fil:
-settings.link.select = Vælg depot
-settings.link.button = Opdater depot link
-settings.link.error = Kunne ikke opdatere depotlinket.
-owner.settings.cargo.initialize.success = Cargo-indekset blev oprettet.
-owner.settings.cargo.rebuild.description = Genopbygning kan være nyttig, hvis indekset ikke er synkroniseret med de lagrede Cargo-pakker.
-owner.settings.cargo.rebuild.success = Cargo-indekset blev genopbygget med succes.
-owner.settings.cleanuprules.add = Tilføj oprydningsregel
-owner.settings.cleanuprules.edit = Rediger oprydningsregel
-owner.settings.cleanuprules.title = Oprydningsregler
-maven.registry = Konfigurer denne registreringsdatabasen i din projekt <code>pom.xml</code> fil:
-npm.install2 = eller føj det til filen package.json:
-nuget.dependency.framework = Mål Framework
-npm.registry = Konfigurer denne registreringsdatabase i din projekt-<code>.npmrc</code>-fil:
-nuget.install = For at installere pakken ved hjælp af NuGet skal du køre følgende kommando:
-npm.dependencies = Afhængigheder
-settings.link.description = Hvis du forbinder en pakke med et depot, vises pakken i depotets pakkeliste.
-owner.settings.cargo.initialize.error = Kunne ikke initialisere Cargo index: %v
-owner.settings.cleanuprules.keep.title = Versioner, der matcher disse regler, bevares, selvom de matcher en fjernelsesregel nedenfor.
-generic.download = Download pakken fra kommandolinjen:
-go.install = Installer pakken fra kommandolinjen:
-container.layers = Billedlag
-container.labels.key = Nøgle
-container.labels.value = Værdi
-debian.registry.info = Vælg $distribution og $component fra listen nedenfor.
-maven.download = For at downloade afhængigheden skal du køre via kommandolinjen:
-rpm.distros.suse = på SUSE-baserede distributioner
-rpm.distros.redhat = på RedHat-baserede distributioner
-owner.settings.cleanuprules.pattern_full_match = Anvend mønster på det fulde pakkenavn
-details.author = Forfatter
-details.repository_site = Depots hjemmeside
-details.documentation_site = Dokumentations hjemmeside
-details.license = Licens
-assets = Aktiver
-versions = Versioner
-details.project_site = Projektets hjemmeside
-versions.view_all = Se alle
-dependency.id = ID
-alpine.repository.branches = Grene
-arch.version.optdepends = Valgfri afhænger
-owner.settings.cleanuprules.remove.title = Versioner, der matcher disse regler, fjernes, medmindre en regel ovenfor siger, at de skal beholdes.
-owner.settings.cleanuprules.remove.days = Fjern versioner ældre end
-owner.settings.cleanuprules.remove.pattern = Fjern matchende versioner
-owner.settings.cleanuprules.success.update = Oprydningsreglen er blevet opdateret.
-owner.settings.cleanuprules.success.delete = Oprydningsregel er blevet slettet.
-arch.version.backup = Backup
-chef.registry = Konfigurer dette register i din <code>~/.chef/config.rb</code> fil:
-npm.install = For at installere pakken ved hjælp af npm skal du køre følgende kommando:
-owner.settings.cargo.rebuild.no_index = Kan ikke genopbygge, intet indeks er initialiseret.
-maven.install2 = Kør via kommandolinje:
-keywords = Keywords
-arch.pacman.helper.gpg = Tilføj tillidscertifikat til pacman:
-arch.pacman.repo.multi = %s har den samme version i forskellige distributioner.
-arch.pacman.conf = Tilføj server med relateret distribution og arkitektur til <code>/etc/pacman.conf</code>:
-arch.version.groups = Gruppe
-arch.version.depends = Afhænger
-arch.version.conflicts = Konflikter
 
 [actions]
 runners.description = Beskrivelse
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index a219068a60..2ce02fb8bd 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -3533,183 +3533,11 @@ error.no_unit_allowed_repo=Du hast keine Berechtigung, auf etwas in diesem Repos
 error.unit_not_allowed=Du hast keine Berechtigung, um auf diesen Repository-Bereich zuzugreifen.
 
 [packages]
-title=Pakete
 desc=Repository-Pakete verwalten.
-empty=Noch keine Pakete vorhanden.
-empty.documentation=Weitere Informationen zur Paket-Registry findest du in der <a target="_blank" rel="noopener noreferrer" href="%s">Dokumentation</a>.
-empty.repo=Hast du ein Paket hochgeladen, das hier nicht angezeigt wird? Gehe zu den <a href="%[1]s">Paketeinstellungen</a> und verlinke es mit diesem Repo.
-registry.documentation=Für weitere Informationen zur %s-Registry, schaue in der <a target="_blank" rel="noopener noreferrer" href="%s">Dokumentation</a> nach.
-filter.type=Typ
-filter.type.all=Alle
-filter.no_result=Keine Ergebnisse mit diesen Kriterien gefunden.
-filter.container.tagged=Getaggt
-filter.container.untagged=Nicht getaggt
-published_by=%[1]s von <a href="%[2]s">%[3]s</a> veröffentlicht
-published_by_in=%[1]s von <a href="%[2]s">%[3]s</a> in <a href="%[4]s"><strong>%[5]s</strong></a> veröffentlicht
-installation=Installation
-about=Über dieses Paket
-requirements=Voraussetzungen
-dependencies=Abhängigkeiten
-keywords=Schlüsselwörter
-details=Details
-details.author=Autor
-details.project_site=Projektwebseite
-details.repository_site=Repository-Webseite
-details.documentation_site=Dokumentationswebseite
-details.license=Lizenz
-assets=Assets
-versions=Versionen
-versions.view_all=Alle anzeigen
-dependency.id=ID
-dependency.version=Version
-alpine.registry=Richte diese Registry ein, indem Du die URL in die <code>/etc/apk/repositories</code>-Datei hinzufügst:
-alpine.registry.key=Lade den öffentlichen RSA-Key der Registry in den <code>/etc/apk/keys/</code>-Ordner, um die Signatur zu überprüfen:
-alpine.registry.info=Wähle $branch und $repository aus der Liste unten.
-alpine.install=Nutze folgenden Befehl, um das Paket zu installieren:
-alpine.repository=Repository-Informationen
-alpine.repository.branches=Branches
-alpine.repository.repositories=Repositorys
-alpine.repository.architectures=Architekturen
-cargo.registry=Richte diese Registry in der Cargo-Konfigurationsdatei ein (z.B. <code>~/.cargo/config.toml</code>):
-cargo.install=Um das Paket mit Cargo zu installieren, führe den folgenden Befehl aus:
-chef.registry=Richte diese Registry in deiner <code>~/.chef/config.rb</code>-Datei ein:
-chef.install=Nutze folgenden Befehl, um das Paket zu installieren:
-composer.registry=Setze diese Paketverwaltung in deiner <code>~/.composer/config.json</code>-Datei auf:
-composer.install=Nutze folgenden Befehl, um das Paket mit Composer zu installieren:
-composer.dependencies=Abhängigkeiten
-composer.dependencies.development=Entwicklungsabhängigkeiten
 conan.details.repository=Repository
-conan.registry=Diese Registry über die Kommandozeile einrichten:
-conan.install=Um das Paket mit Conan zu installieren, führe den folgenden Befehl aus:
-conda.registry=Richte diese Registry als Conda-Repository in deiner <code>.condarc</code>-Datei ein:
-conda.install=Um das Paket mit Conda zu installieren, führe den folgenden Befehl aus:
-container.details.type=Abbildtyp
-container.details.platform=Plattform
-container.pull=Lade das Container-Image von der Kommandozeile aus herunter:
-container.digest=Prüfsumme
-container.multi_arch=Betriebsystem/Architektur
-container.layers=Abbildebenen
-container.labels=Labels
-container.labels.key=Schlüssel
-container.labels.value=Wert
-cran.registry=Richte diese Registry in deiner <code>Rprofile.site</code>-Datei ein:
-cran.install=Nutze folgenden Befehl, um das Paket zu installieren:
-debian.registry=Diese Registry über die Kommandozeile einrichten:
-debian.registry.info=Wähle $distribution und $component aus der Liste unten.
-debian.install=Nutze folgenden Befehl, um das Paket zu installieren:
-debian.repository=Repository-Informationen
-debian.repository.distributions=Distributionen
-debian.repository.components=Komponenten
-debian.repository.architectures=Architekturen
-generic.download=Lade das Paket mit der Kommandozeile herunter:
-go.install=Installiere das Paket über die Kommandozeile:
-helm.registry=Diese Paketverwaltung über die Kommandozeile einrichten:
-helm.install=Nutze folgenden Befehl, um das Paket zu installieren:
-maven.registry=Setze diese Paketverwaltung in der <code>pom.xml</code> deines Projektes auf:
-maven.install=Um das Paket zu verwenden, nimm Folgendes in den <code>dependencies</code>-Block in der <code>pom.xml</code>-Datei auf:
-maven.install2=Über die Kommandozeile ausführen:
-maven.download=Nutze folgendes Kommando, um die Abhängigkeit herunterzuladen:
-nuget.registry=Diese Registry über die Kommandozeile einrichten:
-nuget.install=Um das Paket mit NuGet zu installieren, führe den folgenden Befehl aus:
-nuget.dependency.framework=Zielframework
-npm.registry=Setze diese Paketverwaltung in der <code>.npmrc</code> deines Projektes auf:
-npm.install=Um das Paket mit npm zu installieren, führe den folgenden Befehl aus:
-npm.install2=oder füge es zur package.json-Datei hinzu:
-npm.dependencies=Abhängigkeiten
-npm.dependencies.development=Entwicklungsabhängigkeiten
-npm.dependencies.peer=Peer-Abhängigkeiten
-npm.dependencies.optional=Optionale Abhängigkeiten
-npm.details.tag=Tag
-pub.install=Um das Paket mit Dart zu installieren, führe den folgenden Befehl aus:
-pypi.requires=Erfordert Python
-pypi.install=Nutze folgenden Befehl, um das Paket mit pip zu installieren:
-rpm.registry=Diese Registry über die Kommandozeile einrichten:
-rpm.distros.redhat=auf RedHat-basierten Distributionen
-rpm.distros.suse=auf SUSE-basierten Distributionen
-rpm.install=Nutze folgenden Befehl, um das Paket zu installieren:
-rpm.repository = Repository-Info
-rpm.repository.architectures = Architekturen
-rubygems.install=Um das Paket mit gem zu installieren, führe den folgenden Befehl aus:
-rubygems.install2=oder füg es zum Gemfile hinzu:
-rubygems.dependencies.runtime=Laufzeitabhängigkeiten
-rubygems.dependencies.development=Entwicklungsabhängigkeiten
-rubygems.required.ruby=Benötigt Ruby-Version
-rubygems.required.rubygems=Benötigt RubyGem-Version
-swift.registry=Diese Registry über die Kommandozeile einrichten:
-swift.install=Füge das Paket deiner <code>Package.swift</code>-Datei hinzu:
-swift.install2=und führe den folgenden Befehl aus:
-vagrant.install=Um eine Vagrant-Box hinzuzufügen, führe den folgenden Befehl aus:
-settings.link=Dieses Paket einem Repository zuweisen
-settings.link.description=Wenn du ein Paket mit einem Repository verknüpfst, wird es in der Paketliste des Repositorys angezeigt.
-settings.link.select=Repository auswählen
-settings.link.button=Repository-Link aktualisieren
-settings.link.success=Repository-Link wurde erfolgreich aktualisiert.
-settings.link.error=Fehler beim Aktualisieren des Repository-Links.
-settings.delete=Paket löschen
-settings.delete.description=Das Löschen eines Pakets ist dauerhaft und kann nicht rückgängig gemacht werden.
-settings.delete.notice=Du bist dabei, %s (%s) zu löschen. Dieser Vorgang ist unwiderruflich. Bist du sicher?
-settings.delete.success=Das Paket wurde gelöscht.
-settings.delete.error=Löschen des Pakets fehlgeschlagen.
-owner.settings.cargo.title=Cargo-Registry-Index
-owner.settings.cargo.initialize=Index initialisieren
-owner.settings.cargo.initialize.description=Ein spezielles Index-Repository wird benötigt, um die Cargo-Registry zu nutzen. Diese Option wird dieses Repository (neu) erstellen und automatisch konfigurieren.
-owner.settings.cargo.initialize.error=Cargo-Index konnte nicht initialisiert werden: %v
-owner.settings.cargo.initialize.success=Der Cargo-Index wurde erfolgreich erstellt.
-owner.settings.cargo.rebuild=Index neu erstellen
-owner.settings.cargo.rebuild.description=Neubauen kann hilfreich sein, wenn der Index nicht mit den gespeicherten Cargo-Paketen synchronisiert ist.
-owner.settings.cargo.rebuild.error=Cargo-Index konnte nicht neu erstellt werden: %v
-owner.settings.cargo.rebuild.success=Der Cargo-Index wurde erfolgreich neu erstellt.
-owner.settings.cleanuprules.title=Bereinigungsregeln
-owner.settings.cleanuprules.add=Bereinigungsregel hinzufügen
-owner.settings.cleanuprules.edit=Bereinigungsregel bearbeiten
-owner.settings.cleanuprules.none=Es bestehen derzeit keine Bereinigungsregeln.
-owner.settings.cleanuprules.preview=Vorschau der Bereinigungsregel
-owner.settings.cleanuprules.preview.overview=%d Pakete sollen entfernt werden.
-owner.settings.cleanuprules.preview.none=Bereinigungsregel stimmt mit keinem Paket überein.
 owner.settings.cleanuprules.enabled=Aktiviert
-owner.settings.cleanuprules.pattern_full_match=Muster auf den vollständigen Paketnamen anwenden
-owner.settings.cleanuprules.keep.title=Versionen, die diesen Regeln entsprechen, werden beibehalten, auch wenn sie mit einer Entfernungsregel unten übereinstimmen.
-owner.settings.cleanuprules.keep.count=Behalte die aktuellsten
 owner.settings.cleanuprules.keep.count.1=1 Version pro Paket
 owner.settings.cleanuprules.keep.count.n=%d Versionen pro Paket
-owner.settings.cleanuprules.keep.pattern=Behalte übereinstimmende Versionen
-owner.settings.cleanuprules.keep.pattern.container=Die Version <code>latest</code> bei Container-Paketen wird immer behalten.
-owner.settings.cleanuprules.remove.title=Versionen, die diesen Regeln entsprechen, werden entfernt, es sei denn, eine obige Regel besagt, sie zu behalten.
-owner.settings.cleanuprules.remove.days=Entferne Versionen älter als
-owner.settings.cleanuprules.remove.pattern=Entferne übereinstimmende Versionen
-owner.settings.cleanuprules.success.update=Bereinigungsregel wurde aktualisiert.
-owner.settings.cleanuprules.success.delete=Bereinigungsregel wurde gelöscht.
-owner.settings.chef.title=Chef-Registry
-owner.settings.chef.keypair=Schlüsselpaar generieren
-owner.settings.chef.keypair.description=Anfragen an die Chef-Registry müssen zur Authentifizierung kryptografisch signiert werden. Beim Erstellen eines Schlüsselpaars wird nur der öffentliche Schlüssel in Forgejo gespeichert. Der private Schlüssel wird dir für die Verwendung mit knife bereitgestellt. Das Generieren eines neuen Schlüsselpaars überschreibt das vorherige.
-rpm.repository.multiple_groups = Dieses Paket ist in mehreren Gruppen verfügbar.
-owner.settings.cargo.rebuild.no_index = Kann nicht erneut erzeugen, es wurde kein Index initialisiert.
-npm.dependencies.bundle = Gebündelte Abhängigkeiten
-arch.pacman.helper.gpg = Trust-Zertifikat für pacman hinzufügen:
-arch.pacman.repo.multi = %s hat die gleiche Version in verschiedenen Distributionen.
-arch.pacman.repo.multi.item = Konfiguration für %s
-arch.pacman.conf = Server mit verwandter Distribution und Architektur zu <code>/etc/pacman.conf</code> hinzufügen:
-arch.pacman.sync = Paket mit pacman synchronisieren:
-arch.version.properties = Versionseigenschaften
-arch.version.description = Beschreibung
-arch.version.provides = Bietet
-arch.version.groups = Gruppe
-arch.version.depends = Hängt ab von
-arch.version.makedepends = Make-Abhängigkeit
-arch.version.checkdepends = Prüfungs-Abhängigkeit
-arch.version.conflicts = Konflikte
-arch.version.replaces = Ersetzt
-arch.version.backup = Backup
-arch.version.optdepends = Optionale Abhängigkeit
-container.images.title = Bilder
-search_in_external_registry = In %s suchen
-alt.registry = Diese Registry von der Befehlszeile aus einrichten:
-alt.registry.install = Um das Paket zu installieren, folgenden Befehl ausführen:
-alt.install = Paket installieren
-alt.setup = Ein Repository zur Liste der verbundenen Repositorys hinzufügen (wähle die nötige Architektur anstelle von „_arch_“):
-alt.repository = Repository-Infos
-alt.repository.architectures = Architekturen
-alt.repository.multiple_groups = Dieses Paket ist in verschiedenen Gruppen verfügbar.
 
 [secrets]
 secrets=Geheimnisse
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index bf87086762..dd3dc4619e 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -3532,183 +3532,11 @@ error.no_unit_allowed_repo=Δεν σας επιτρέπεται η πρόσβα
 error.unit_not_allowed=Δεν σας επιτρέπεται η πρόσβαση σε αυτήν την μονάδα αποθετηρίου.
 
 [packages]
-title=Πακέτα
 desc=Διαχείριση πακέτων μητρώου.
-empty=Δεν υπάρχουν πακέτα ακόμα.
-empty.documentation=Για περισσότερες πληροφορίες σχετικά με το μητρώο πακέτων, συμβουλευτείτε <a target="_blank" rel="noopener noreferrer" href="%s">τον οδηγό</a>.
-empty.repo=Μήπως ανεβάσατε ένα πακέτο, αλλά δεν εμφανίζεται εδώ; Πηγαίνετε στις <a href="%[1]s">ρυθμίσεις πακέτων</a> και συνδέστε το σε αυτό το repository.
-registry.documentation=Για περισσότερες πληροφορίες σχετικά με το μητρώο %s, συμβουλευτείτε τον <a target="_blank" rel="noopener noreferrer" href="%s">οδηγό</a>.
-filter.type=Τύπος
-filter.type.all=Όλα
-filter.no_result=Το φίλτρο δεν παρήγαγε αποτελέσματα.
-filter.container.tagged=Επισημάνθηκαν
-filter.container.untagged=Χωρίς επισήμανση
-published_by=Δημοσιεύθηκε %[1]s από <a href="%[2]s">%[3]s</a>
-published_by_in=Δημοσιεύθηκε %[1]s κατά <a href="%[2]s">%[3]s</a> σε <a href="%[4]s"><strong>%[5]s</strong></a>
-installation=Εγκατάσταση
-about=Σχετικά με αυτό το πακέτο
-requirements=Απαιτήσεις
-dependencies=Εξαρτήσεις
-keywords=Λέξεις κλειδιά
-details=Λεπτομέρειες
-details.author=Συγγραφέας
-details.project_site=Ιστοσελίδα έργου
-details.repository_site=Ιστοσελίδα αποθετηρίου
-details.documentation_site=Ιστοσελίδα τεκμηρίωσης
-details.license=Άδεια
-assets=Πόροι
-versions=Εκδόσεις
-versions.view_all=Προβολή όλων
-dependency.id=ID
-dependency.version=Έκδοση
-alpine.registry=Ρυθμίστε αυτό το μητρώο προσθέτοντας το url στο αρχείο <code>/etc/apk/repositories</code>:
-alpine.registry.key=Αποθηκεύστε το δημόσιο κλειδί RSA του μητρώου στο φάκελο <code>/etc/apk/keys/</code> για να επαληθεύσετε την υπογραφή ευρετηρίου:
-alpine.registry.info=Επιλέξτε $branch και $repository από την παρακάτω λίστα.
-alpine.install=Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:
-alpine.repository=Πληροφορίες αποθετηρίου
-alpine.repository.branches=Κλάδοι
-alpine.repository.repositories=Αποθετήρια
-alpine.repository.architectures=Αρχιτεκτονικές
-cargo.registry=Ρυθμίστε αυτό το μητρώο στις ρυθμίσεις του Cargo (για παράδειγμα <code>~/.cargo/config.toml</code>):
-cargo.install=Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Cargo, εκτελέστε την ακόλουθη εντολή:
-chef.registry=Ρυθμίστε αυτό το μητρώο στο αρχείο <code>~/.chef/config.rb</code>:
-chef.install=Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:
-composer.registry=Ρυθμίστε αυτό το μητρώο στο αρχείο <code>~/.composer/config.json</code>:
-composer.install=Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Composer, εκτελέστε την ακόλουθη εντολή:
-composer.dependencies=Εξαρτήσεις
-composer.dependencies.development=Εξαρτήσεις ανάπτυξης
 conan.details.repository=Repository
-conan.registry=Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:
-conan.install=Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Conan, εκτελέστε την ακόλουθη εντολή:
-conda.registry=Ρυθμίστε αυτό το μητρώο ως repository Conda στο αρχείο <code>.condarc</code>:
-conda.install=Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Conda, εκτελέστε την ακόλουθη εντολή:
-container.details.type=Τύπος εικόνας
-container.details.platform=Πλατφόρμα
-container.pull=Κατεβάστε την εικόνα από τη γραμμή εντολών:
-container.digest=Σύνοψη
-container.multi_arch=ΛΣ / Αρχιτεκτονική
-container.layers=Στρώματα εικόνας
-container.labels=Ετικέτες
-container.labels.key=Κλειδί
-container.labels.value=Τιμή
-cran.registry=Ρυθμίστε αυτό το μητρώο στο αρχείο <code>Rprofile.site</code>:
-cran.install=Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:
-debian.registry=Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:
-debian.registry.info=Επιλέξτε $distribution και $component από την παρακάτω λίστα.
-debian.install=Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:
-debian.repository=Πληροφορίες αποθετηρίου
-debian.repository.distributions=Διανομές
-debian.repository.components=Συστατικά
-debian.repository.architectures=Αρχιτεκτονικές
-generic.download=Λήψη πακέτου από τη γραμμή εντολών:
-go.install=Εγκαταστήστε το πακέτο από τη γραμμή εντολών:
-helm.registry=Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:
-helm.install=Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:
-maven.registry=Ρυθμίστε αυτό το μητρώο στο αρχείο <code>pom.xml</code> του έργου σας:
-maven.install=Για να χρησιμοποιήσετε το πακέτο, συμπεριλάβετε τα ακόλουθα στη περιοχή <code>dependencies</code> στο αρχείο <code>pom.xml</code>:
-maven.install2=Εκτέλεση μέσω γραμμής εντολών:
-maven.download=Για να κατεβάσετε την εξάρτηση, εκτελέστε μέσω της γραμμής εντολών:
-nuget.registry=Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:
-nuget.install=Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το NuGet, εκτελέστε την ακόλουθη εντολή:
-nuget.dependency.framework=Πλαίσιο Ανάπτυξης
-npm.registry=Ρυθμίστε αυτό το μητρώο στο αρχείο <code>.npmrc</code> του έργου σας:
-npm.install=Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας npm, εκτελέστε την ακόλουθη εντολή:
-npm.install2=ή προσθέστε το στο αρχείο package.json:
-npm.dependencies=Εξαρτήσεις
-npm.dependencies.development=Εξαρτήσεις ανάπτυξης
-npm.dependencies.peer=Εξαρτήσεις ομότιμου
-npm.dependencies.optional=Προαιρετικές εξαρτήσεις
-npm.details.tag=Σήμανση
-pub.install=Για να εγκαταστήσετε το πακέτο μέσω του Dart, εκτελέστε την ακόλουθη εντολή:
-pypi.requires=Απαιτεί Python
-pypi.install=Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το pip, εκτελέστε την ακόλουθη εντολή:
-rpm.registry=Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:
-rpm.distros.redhat=σε διανομές βασισμένες στο RedHat
-rpm.distros.suse=σε διανομές με βάση το SUSE
-rpm.install=Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:
-rpm.repository=Πληροφορίες αποθετηρίου
-rpm.repository.architectures=Αρχιτεκτονικές
-rubygems.install=Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το gem, εκτελέστε την ακόλουθη εντολή:
-rubygems.install2=ή προσθέστε το στο Gemfile:
-rubygems.dependencies.runtime=Εξαρτήσεις κατά την εκτέλεση
-rubygems.dependencies.development=Εξαρτήσεις ανάπτυξης
-rubygems.required.ruby=Απαιτεί την έκδοση Ruby
-rubygems.required.rubygems=Απαιτεί έκδοση RubyGem
-swift.registry=Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:
-swift.install=Προσθέστε το πακέτο στο αρχείο <code>Package.swift</code>:
-swift.install2=και εκτελέστε την ακόλουθη εντολή:
-vagrant.install=Για προσθήκη ενός κυτίου Vagrant, εκτελέστε την ακόλουθη εντολή:
-settings.link=Σύνδεση αυτού του πακέτου με ένα repository
-settings.link.description=Εάν συνδέσετε ένα πακέτο με ένα repository, το πακέτο περιλαμβάνεται στη λίστα πακέτων του repository.
-settings.link.select=Επιλογή αποθετηρίου
-settings.link.button=Ενημέρωση συνδέσμου αποθετηρίου
-settings.link.success=Ο σύνδεσμος αποθετηρίου ενημερώθηκε επιτυχώς.
-settings.link.error=Αποτυχία ενημέρωσης συνδέσμου αποθετηρίου.
-settings.delete=Διαγραφή πακέτου
-settings.delete.description=Η διαγραφή ενός πακέτου είναι μόνιμη και δεν μπορεί να αναιρεθεί.
-settings.delete.notice=Πρόκειται να διαγράψετε το %s (%s). Αυτή η διαδικασία είναι μη αναστρέψιμη, είστε σίγουροι;
-settings.delete.success=Το πακέτο έχει διαγραφεί.
-settings.delete.error=Αποτυχία διαγραφής του πακέτου.
-owner.settings.cargo.title=Ευρετήριο μητρώου Cargo
-owner.settings.cargo.initialize=Αρχικοποίηση ευρετηρίου
-owner.settings.cargo.initialize.description=Απαιτείται ένα ειδικό repository ευρετηρίου Git για τη χρήση του μητρώου Cargo. Χρησιμοποιώντας αυτή την επιλογή θα δημιουργηθεί ξανά το repository και θα ρυθμιστεί αυτόματα.
-owner.settings.cargo.initialize.error=Αποτυχία αρχικοποίησης ευρετηρίου Cargo: %v
-owner.settings.cargo.initialize.success=Ο ευρετήριο Cargo δημιουργήθηκε με επιτυχία.
-owner.settings.cargo.rebuild=Ανανέωση ευρετηρίου
-owner.settings.cargo.rebuild.description=Η ανοικοδόμηση μπορεί να είναι χρήσιμη εάν ο δείκτης δεν είναι συγχρονισμένος με τα αποθηκευμένα πακέτα Cargo.
-owner.settings.cargo.rebuild.error=Αποτυχία αναδόμησης του ευρετηρίου Cargo: %v
-owner.settings.cargo.rebuild.success=Το ευρετήριο Cargo αναπλάστηκε με επιτυχία.
-owner.settings.cleanuprules.title=Κανόνες εκκαθάρισης
-owner.settings.cleanuprules.add=Προσθήκη κανόνα εκκαθάρισης
-owner.settings.cleanuprules.edit=Επεξεργασία κανόνα εκκαθάρισης
-owner.settings.cleanuprules.none=Δεν υπάρχουν ακόμα κάποιοι κανόνες εκκαθάρισης.
-owner.settings.cleanuprules.preview=Προεπισκόπηση κανόνα εκκαθάρισης
-owner.settings.cleanuprules.preview.overview=%d πακέτα έχουν προγραμματιστεί να αφαιρεθούν.
-owner.settings.cleanuprules.preview.none=Ο κανόνας εκκαθάρισης δεν ταιριάζει με κανένα πακέτο.
 owner.settings.cleanuprules.enabled=Ενεργοποιημένο
-owner.settings.cleanuprules.pattern_full_match=Εφαρμογή μοτίβου στο πλήρες όνομα του πακέτου
-owner.settings.cleanuprules.keep.title=Οι εκδόσεις που ταιριάζουν με αυτούς τους κανόνες παραμένουν, ακόμη και αν ταιριάζουν με έναν κανόνα αφαίρεσης παρακάτω.
-owner.settings.cleanuprules.keep.count=Κράτησε το πιο πρόσφατο
 owner.settings.cleanuprules.keep.count.1=1 έκδοση ανά πακέτο
 owner.settings.cleanuprules.keep.count.n=%d εκδόσεις ανά πακέτο
-owner.settings.cleanuprules.keep.pattern=Διατήρηση εκδόσεων που ταιριάζουν
-owner.settings.cleanuprules.keep.pattern.container=Η <code>τελευταία</code> έκδοση διατηρείται πάντα για τα πακέτα Container.
-owner.settings.cleanuprules.remove.title=Οι εκδόσεις που ταιριάζουν με αυτούς τους κανόνες καταργούνται, εκτός και αν ένας παραπάνω κανόνας ορίζει να μείνουν.
-owner.settings.cleanuprules.remove.days=Αφαίρεση εκδόσεων παλαιότερων από
-owner.settings.cleanuprules.remove.pattern=Αφαίρεση εκδόσεων που ταιριάζουν
-owner.settings.cleanuprules.success.update=Ο κανόνας καθαρισμού ενημερώθηκε.
-owner.settings.cleanuprules.success.delete=Ο κανόνας καθαρισμού διαγράφηκε.
-owner.settings.chef.title=Μητρώο Chef
-owner.settings.chef.keypair=Δημιουργία ζεύγους κλειδιών
-owner.settings.chef.keypair.description=Οι αιτήσεις που στέλνονται στο μητρώο Chef πρέπει να ταυτοποιούνται με κρυπτογραφική υπογραφή. Όταν δημιουργείτε ένα ζεύγος κλειδιών, μόνο το δημόσιο κλειδί αποθηκεύεται στο Forgejo. Το ιδιωτικό κλειδί σας δίνεται για χρήση με το knife. Η αναδημιουργία ενός νέου ζεύγους κλειδιών αντικαθιστεί τα προηγούμενα.
-rpm.repository.multiple_groups = Αυτό το πακέτο είναι διαθέσιμο σε πολλαπλά group.
-owner.settings.cargo.rebuild.no_index = Η ανανέωση δεν είναι δυνατή, επειδή το ευρετήριο δεν έρχει αρχικοποιηθεί.
-arch.version.conflicts = Συγκρούεται με
-arch.version.replaces = Αντικαταστά
-arch.pacman.repo.multi = Το %s έχει την ίδια έκδοση σε διαφορετικές διανομές.
-arch.pacman.repo.multi.item = Ρυθμίσεις για %s
-arch.pacman.helper.gpg = Προσθέστε το trust certificate για το pacman:
-arch.pacman.conf = Προσθέστε τον server με τις σχετικές πληροφορίες διανομής και αρχιτεκτονικής επεξεργαστή στο <code>/etc/pacman.conf</code>:
-arch.pacman.sync = «Συγχρονίστε» το πακέτο με το pacman:
-arch.version.properties = Πληροφορίες έκδοσης
-arch.version.description = Περιγραφή
-arch.version.provides = Προσφέρει
-arch.version.groups = Γκρουπ
-arch.version.depends = Εξαρτάται
-arch.version.optdepends = Εξαρτάται προαιρετικά από
-arch.version.makedepends = Εξαρτήσεις make
-arch.version.checkdepends = Εξαρτήσεις ελέγχου
-container.images.title = Εικόνες
-npm.dependencies.bundle = Ενσωματωμένες εξαρτήσεις
-arch.version.backup = Αντίγραφο
-alt.install = Εγκατάσταση πακέτου
-alt.repository = Πληροφορίες αποθετηρίου
-alt.repository.architectures = Αρχιτεκτονικές
-alt.repository.multiple_groups = Αυτό το πακέτο είναι διαθέσιμο σε πολλαπλές ομάδες.
-alt.registry.install = Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:
-alt.registry = Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:
-alt.setup = Προσθήκη ενός αποθετηρίου στη λίστα των συνδεδεμένων αποθετηρίων (επιλέξτε την απαραίτητη αρχιτεκτονική αντί του "_arch_"):
-search_in_external_registry = Αναζήτηση σε %s
 
 [secrets]
 secrets=Μυστικά
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index ad560f9beb..5fbe63eff6 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3543,180 +3543,8 @@ unit = Unit
 error.no_unit_allowed_repo = You are not allowed to access any section of this repository.
 
 [packages]
-title = Packages
-empty = There are no packages yet.
-empty.documentation = For more information on the package registry, see <a target="_blank" rel="noopener noreferrer" href="%s">the documentation</a>.
-empty.repo = Did you upload a package, but it's not shown here? Go to <a href="%[1]s">package settings</a> and link it to this repo.
-registry.documentation = For more information on the %s registry, see <a target="_blank" rel="noopener noreferrer" href="%s">the documentation</a>.
-filter.type = Type
-filter.type.all = All
-filter.no_result = Your filter produced no results.
-filter.container.tagged = Tagged
-filter.container.untagged = Untagged
-published_by = Published %[1]s by <a href="%[2]s">%[3]s</a>
-published_by_in = Published %[1]s by <a href="%[2]s">%[3]s</a> in <a href="%[4]s"><strong>%[5]s</strong></a>
-installation = Installation
-about = About this package
-requirements = Requirements
-dependencies = Dependencies
-keywords = Keywords
-details = Details
-details.author = Author
-details.project_site = Project website
-details.repository_site = Repository website
-details.documentation_site = Documentation website
-details.license = License
-assets = Assets
-versions = Versions
-versions.view_all = View all
-dependency.id = ID
-dependency.version = Version
-search_in_external_registry = Search in %s
-alpine.registry = Setup this registry by adding the url in your <code>/etc/apk/repositories</code> file:
-alpine.registry.key = Download the registry public RSA key into the <code>/etc/apk/keys/</code> folder to verify the index signature:
-alpine.registry.info = Choose $branch and $repository from the list below.
-alpine.install = To install the package, run the following command:
-alpine.repository = Repository info
-alpine.repository.branches = Branches
-alpine.repository.repositories = Repositories
-alpine.repository.architectures = Architectures
-arch.pacman.helper.gpg = Add trust certificate for pacman:
-arch.pacman.repo.multi = %s has the same version in different distributions.
-arch.pacman.repo.multi.item = Configuration for %s
-arch.pacman.conf = Add server with related distribution and architecture to <code>/etc/pacman.conf</code> :
-arch.pacman.sync = Sync package with pacman:
-arch.version.properties = Version properties
-arch.version.description = Description
-arch.version.provides = Provides
-arch.version.groups = Group
-arch.version.depends = Depends
-arch.version.optdepends = Optional depends
-arch.version.makedepends = Make depends
-arch.version.checkdepends = Check depends
-arch.version.conflicts = Conflicts
-arch.version.replaces = Replaces
-arch.version.backup = Backup
-cargo.registry = Setup this registry in the Cargo configuration file (for example <code>~/.cargo/config.toml</code>):
-cargo.install = To install the package using Cargo, run the following command:
-chef.registry = Setup this registry in your <code>~/.chef/config.rb</code> file:
-chef.install = To install the package, run the following command:
-composer.registry = Setup this registry in your <code>~/.composer/config.json</code> file:
-composer.install = To install the package using Composer, run the following command:
-composer.dependencies = Dependencies
-composer.dependencies.development = Development dependencies
-conan.registry = Setup this registry from the command line:
-conan.install = To install the package using Conan, run the following command:
-conda.registry = Setup this registry as a Conda repository in your <code>.condarc</code> file:
-conda.install = To install the package using Conda, run the following command:
-container.images.title = Images
-container.details.type = Image type
-container.details.platform = Platform
-container.pull = Pull the image from the command line:
-container.digest = Digest
-container.multi_arch = OS / Arch
-container.layers = Image layers
-container.labels = Labels
-container.labels.key = Key
-container.labels.value = Value
-cran.registry = Setup this registry in your <code>Rprofile.site</code> file:
-cran.install = To install the package, run the following command:
-debian.registry = Setup this registry from the command line:
-debian.registry.info = Choose $distribution and $component from the list below.
-debian.install = To install the package, run the following command:
-debian.repository = Repository info
-debian.repository.distributions = Distributions
-debian.repository.components = Components
-debian.repository.architectures = Architectures
-generic.download = Download package from the command line:
-go.install = Install the package from the command line:
-helm.registry = Setup this registry from the command line:
-helm.install = To install the package, run the following command:
-maven.registry = Setup this registry in your project <code>pom.xml</code> file:
-maven.install = To use the package include the following in the <code>dependencies</code> block in the <code>pom.xml</code> file:
-maven.install2 = Run via command line:
-maven.download = To download the dependency, run via command line:
-nuget.registry = Setup this registry from the command line:
-nuget.install = To install the package using NuGet, run the following command:
-nuget.dependency.framework = Target Framework
-npm.registry = Setup this registry in your project <code>.npmrc</code> file:
-npm.install = To install the package using npm, run the following command:
-npm.install2 = or add it to the package.json file:
-npm.dependencies = Dependencies
-npm.dependencies.development = Development dependencies
-npm.dependencies.bundle = Bundled dependencies
-npm.dependencies.peer = Peer dependencies
-npm.dependencies.optional = Optional dependencies
-npm.details.tag = Tag
-pub.install = To install the package using Dart, run the following command:
-pypi.requires = Requires Python
-pypi.install = To install the package using pip, run the following command:
-rpm.registry = Setup this registry from the command line:
-rpm.distros.redhat = on RedHat based distributions
-rpm.distros.suse = on SUSE based distributions
-rpm.install = To install the package, run the following command:
-rpm.repository = Repository info
-rpm.repository.architectures = Architectures
-rpm.repository.multiple_groups = This package is available in multiple groups.
-alt.registry = Setup this registry from the command line:
-alt.registry.install = To install the package, run the following command:
-alt.install = Install package
-alt.setup = Add a repository to the list of connected repositories (choose the necessary architecture instead of "_arch_"):
-alt.repository = Repository info
-alt.repository.architectures = Architectures
-alt.repository.multiple_groups = This package is available in multiple groups.
-rubygems.install = To install the package using gem, run the following command:
-rubygems.install2 = or add it to the Gemfile:
-rubygems.dependencies.runtime = Runtime dependencies
-rubygems.dependencies.development = Development dependencies
-rubygems.required.ruby = Requires Ruby version
-rubygems.required.rubygems = Requires RubyGem version
-swift.registry = Setup this registry from the command line:
-swift.install = Add the package in your <code>Package.swift</code> file:
-swift.install2 = and run the following command:
-vagrant.install = To add a Vagrant box, run the following command:
-settings.link = Link this package to a repository
-settings.link.description = If you link a package with a repository, the package is listed in the repository's package list.
-settings.link.select = Select repository
-settings.link.button = Update repository link
-settings.link.success = Repository link was successfully updated.
-settings.link.error = Failed to update repository link.
-settings.delete = Delete package
-settings.delete.description = Deleting a package is permanent and cannot be undone.
-settings.delete.notice = You are about to delete %s (%s). This operation is irreversible, are you sure?
-settings.delete.success = The package has been deleted.
-settings.delete.error = Failed to delete the package.
-owner.settings.cargo.title = Cargo registry index
-owner.settings.cargo.initialize = Initialize index
-owner.settings.cargo.initialize.description = A special index Git repository is needed to use the Cargo registry. Using this option will (re-)create the repository and configure it automatically.
-owner.settings.cargo.initialize.error = Failed to initialize Cargo index: %v
-owner.settings.cargo.initialize.success = The Cargo index was successfully created.
-owner.settings.cargo.rebuild = Rebuild index
-owner.settings.cargo.rebuild.description = Rebuilding can be useful if the index is not synchronized with the stored Cargo packages.
-owner.settings.cargo.rebuild.error = Failed to rebuild Cargo index: %v
-owner.settings.cargo.rebuild.success = The Cargo index was successfully rebuilt.
-owner.settings.cargo.rebuild.no_index = Cannot rebuild, no index is initialized.
-owner.settings.cleanuprules.title = Cleanup rules
-owner.settings.cleanuprules.add = Add cleanup rule
-owner.settings.cleanuprules.edit = Edit cleanup rule
-owner.settings.cleanuprules.none = There are no cleanup rules yet.
-owner.settings.cleanuprules.preview = Cleanup rule preview
-owner.settings.cleanuprules.preview.overview = %d packages are scheduled to be removed.
-owner.settings.cleanuprules.preview.none = Cleanup rule does not match any packages.
-owner.settings.cleanuprules.pattern_full_match = Apply pattern to full package name
-owner.settings.cleanuprules.keep.title = Versions that match these rules are kept, even if they match a removal rule below.
-owner.settings.cleanuprules.keep.count = Keep the most recent
 owner.settings.cleanuprules.keep.count.1 = 1 version per package
 owner.settings.cleanuprules.keep.count.n = %d versions per package
-owner.settings.cleanuprules.keep.pattern = Keep versions matching
-owner.settings.cleanuprules.keep.pattern.container = The <code>latest</code> version is always kept for Container packages.
-owner.settings.cleanuprules.remove.title = Versions that match these rules are removed, unless a rule above says to keep them.
-owner.settings.cleanuprules.remove.days = Remove versions older than
-owner.settings.cleanuprules.remove.pattern = Remove versions matching
-owner.settings.cleanuprules.success.update = Cleanup rule has been updated.
-owner.settings.cleanuprules.success.delete = Cleanup rule has been deleted.
-owner.settings.chef.title = Chef registry
-owner.settings.chef.keypair = Generate key pair
-owner.settings.chef.keypair.description = Requests sent to the Chef registry must be cryptographically signed as a means of authentication. When generating a keypair, only the public key is stored on Forgejo. The private key is provided to you to be used with knife. Generating a new keypair will overwrite the previous one.
 
 [secrets]
 secrets = Secrets
diff --git a/options/locale/locale_eo.ini b/options/locale/locale_eo.ini
index 9b231518c6..c309824898 100644
--- a/options/locale/locale_eo.ini
+++ b/options/locale/locale_eo.ini
@@ -769,7 +769,7 @@ enable_custom_avatar = Uzi propran profilbildon
 change_password = Ŝanĝi pasvorton
 keep_pronouns_private = Montri pronomojn nur al la aŭtentikigitaj uzantoj
 keep_pronouns_private.description = Tio maskos viajn pronomojn kontraŭ neaŭtentikigitaj vizitantoj.
-add_new_principal =
+add_new_principal = 
 gpg_token_required = Vi devas disponigi signaturon por la malsupran ĵetono
 gpg_token = Ĵetono
 gpg_token_help = Vi povas generi signaturon uzante:
@@ -930,8 +930,6 @@ settings = Agordoj
 teams.settings = Agordoj
 
 [packages]
-npm.details.tag = Etikedo
-
 
 [search]
 search = Serĉi…
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 1d47d0847f..81835db5e8 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -3501,181 +3501,11 @@ error.no_unit_allowed_repo=No tiene permisos para acceder a ninguna sección de
 error.unit_not_allowed=No tiene permisos para acceder a esta sección del repositorio.
 
 [packages]
-title=Paquetes
 desc=Administrar paquetes del repositorio.
-empty=Todavía no hay paquetes.
-empty.documentation=Para más información sobre el registro de paquetes, consulte <a target="_blank" rel="noopener noreferrer" href="%s">la documentación</a>.
-empty.repo=¿Has subido un paquete, pero no se muestra aquí? Ve a <a href="%[1]s">la configuración del paquete</a> y añade el link a este repositorio.
-registry.documentation=Para obtener más información sobre el registro %s, consulte <a target="_blank" rel="noopener noreferrer" href="%s">la documentación</a>.
-filter.type=Tipo
-filter.type.all=Todo
-filter.no_result=El filtro no produjo ningún resultado.
-filter.container.tagged=Etiquetado
-filter.container.untagged=Etiqueta eliminada
-published_by=Publicado %[1]s por <a href="%[2]s">%[3]s</a>
-published_by_in=Publicado %[1]s por <a href="%[2]s">%[3]s</a> en <a href="%[4]s"><strong>%[5]s</strong></a>
-installation=Instalación
-about=Acerca de este paquete
-requirements=Requisitos
-dependencies=Dependencias
-keywords=Palabras clave
-details=Detalles
-details.author=Autor
-details.project_site=Sitio del proyecto
-details.repository_site=Sitio del repositorio
-details.documentation_site=Sitio de documentación
-details.license=Licencia
-assets=Activos
-versions=Versiones
-versions.view_all=Ver todo
-dependency.id=Id.
-dependency.version=Versión
-alpine.registry=Configura este registro agregando la url en tu archivo <code>./apk/repositories</code>:
-alpine.registry.key=Descargue la clave RSA pública del registro en la carpeta <code>./apk/keys/</code> para verificar la firma del índice:
-alpine.registry.info=Seleccione $branch y $repository de la siguiente lista.
-alpine.install=Para instalar el paquete, ejecute el siguiente comando:
-alpine.repository=Información del repositorio
-alpine.repository.branches=Ramas
-alpine.repository.repositories=Repositorios
-alpine.repository.architectures=Arquitecturas
-cargo.registry=Configurar este registro en el archivo de configuración de Cargo (por ejemplo <code>~/.cargo/config.toml</code>):
-cargo.install=Para instalar el paquete usando Cargo, ejecute el siguiente comando:
-chef.registry=Configura este registro en tu archivo <code>~/.chef/config.rb</code>:
-chef.install=Para instalar el paquete, ejecute el siguiente comando:
-composer.registry=Configura este registro en el archivo <code>~/.composer/config.json</code>:
-composer.install=Para instalar el paquete usando Composer, ejecute el siguiente comando:
-composer.dependencies=Dependencias
-composer.dependencies.development=Dependencias de desarrollo
 conan.details.repository=Repositorio
-conan.registry=Configurar este registro desde la línea de comandos:
-conan.install=Para instalar el paquete usando Conan, ejecuta el siguiente comando:
-conda.registry=Configura este registro como un repositorio Conda en tu archivo <code>.condarc</code>:
-conda.install=Para instalar el paquete usando Conda, ejecute el siguiente comando:
-container.details.type=Tipo de imagen
-container.details.platform=Plataforma
-container.pull=Arrastra la imagen desde la línea de comandos:
-container.digest=Resumen
-container.multi_arch=SO / Arquitectura
-container.layers=Capas de imagen
-container.labels=Etiquetas
-container.labels.key=Clave
-container.labels.value=Valor
-cran.registry=Configurar este registro en su archivo <code>Rprofile.site</code>:
-cran.install=Para instalar el paquete, ejecute el siguiente comando:
-debian.registry=Configurar este registro desde la línea de comandos:
-debian.registry.info=Seleccione $distribution y $component de la siguiente lista.
-debian.install=Para instalar el paquete, ejecute el siguiente comando:
-debian.repository=Información del repositorio
-debian.repository.distributions=Distribuciones
-debian.repository.components=Componentes
-debian.repository.architectures=Arquitecturas
-generic.download=Descargar paquete desde la línea de comandos:
-go.install=Instalar el paquete desde la línea de comandos:
-helm.registry=Configurar este registro desde la línea de comandos:
-helm.install=Para instalar el paquete, ejecute el siguiente comando:
-maven.registry=Configure este registro en su proyecto <code>pom.xml</code> archivo:
-maven.install=Para usar el paquete incluya lo siguiente en el bloque <code>dependencias</code> en el archivo <code>pom.xml</code>:
-maven.install2=Ejecutar vía línea de comandos:
-maven.download=Para descargar la dependencia, ejecute vía línea de comandos:
-nuget.registry=Configurar este registro desde la línea de comandos:
-nuget.install=Para instalar el paquete usando NuGet, ejecute el siguiente comando:
-nuget.dependency.framework=Marco de destino
-npm.registry=Configura este registro en tu proyecto <code>.npmrc</code> archivo:
-npm.install=Para instalar el paquete usando npm, ejecute el siguiente comando:
-npm.install2=o añádelo al archivo package.json:
-npm.dependencies=Dependencias
-npm.dependencies.development=Dependencias de desarrollo
-npm.dependencies.peer=Dependencias de pares
-npm.dependencies.optional=Dependencias opcionales
-npm.details.tag=Etiqueta
-pub.install=Para instalar el paquete usando Dart, ejecute el siguiente comando:
-pypi.requires=Requiere Python
-pypi.install=Para instalar el paquete usando pip, ejecute el siguiente comando:
-rpm.registry=Configurar este registro desde la línea de comandos:
-rpm.distros.redhat=en distribuciones basadas en RedHat
-rpm.distros.suse=en distribuciones basadas en SUSE
-rpm.install=Para instalar el paquete, ejecute el siguiente comando:
-rpm.repository=Información del repositorio
-rpm.repository.architectures=Arquitecturas
-rubygems.install=Para instalar el paquete usando gem, ejecute el siguiente comando:
-rubygems.install2=o añádelo al archivo Gemfile:
-rubygems.dependencies.runtime=Dependencias en tiempo de ejecución
-rubygems.dependencies.development=Dependencias de desarrollo
-rubygems.required.ruby=Requiere versión Ruby
-rubygems.required.rubygems=Requiere la versión de RubyGem
-swift.registry=Configurar este registro desde la línea de comandos:
-swift.install=Añade el paquete en tu archivo <code>Package.swift</code>:
-swift.install2=y ejecuta el siguiente comando:
-vagrant.install=Para añadir un paquete Vagrant, ejecuta el siguiente comando:
-settings.link=Vincular este paquete a un repositorio
-settings.link.description=Si enlaza un paquete con un repositorio, el paquete se enumera en la lista de paquetes del repositorio.
-settings.link.select=Seleccionar repositorio
-settings.link.button=Actualizar enlace de repositorio
-settings.link.success=El enlace del repositorio se ha actualizado correctamente.
-settings.link.error=Error al actualizar el enlace del repositorio.
-settings.delete=Eliminar paquete
-settings.delete.description=La eliminación de un paquete es permanente y no se puede deshacer.
-settings.delete.notice=Está a punto de eliminar %s (%s). Esta operación es irreversible, ¿está seguro?
-settings.delete.success=Se ha eliminado el paquete.
-settings.delete.error=No se pudo eliminar el paquete.
-owner.settings.cargo.title=Índice del registro Cargo
-owner.settings.cargo.initialize=Inicializar índice
-owner.settings.cargo.initialize.description=Se necesita un repositorio Git de índice especial para usar el registro de Cargo. Usar esta opción (re)creará el repositorio y lo configurará automáticamente.
-owner.settings.cargo.initialize.error=Fallo al inicializar el índice de Cargo: %v
-owner.settings.cargo.initialize.success=El índice de Cargo se ha creado correctamente.
-owner.settings.cargo.rebuild=Reconstruir índice
-owner.settings.cargo.rebuild.description=Reconstruir puede ser útil si el índice no se sincroniza con los paquetes de Cargo almacenados.
-owner.settings.cargo.rebuild.error=Fallo al reconstruir el índice de Cargo: %v
-owner.settings.cargo.rebuild.success=El índice de Cargo se ha reconstruido correctamente.
-owner.settings.cleanuprules.title=Administrar reglas de limpieza
-owner.settings.cleanuprules.add=Añadir regla de limpieza
-owner.settings.cleanuprules.edit=Editar regla de limpieza
-owner.settings.cleanuprules.none=No hay reglas de limpieza disponibles. Por favor, consulte la documentación.
-owner.settings.cleanuprules.preview=Vista previa de regla de limpieza
-owner.settings.cleanuprules.preview.overview=%d paquetes están programados para ser eliminados.
-owner.settings.cleanuprules.preview.none=Regla de limpieza no coincide con ningún paquete.
 owner.settings.cleanuprules.enabled=Activo
-owner.settings.cleanuprules.pattern_full_match=Aplicar patrón al nombre completo del paquete
-owner.settings.cleanuprules.keep.title=Las versiones que coinciden con estas reglas son reales, incluso si coinciden con una regla de eliminación a continuación.
-owner.settings.cleanuprules.keep.count=Mantener el más reciente
 owner.settings.cleanuprules.keep.count.1=1 versión por paquete
 owner.settings.cleanuprules.keep.count.n=%d versiones por paquete
-owner.settings.cleanuprules.keep.pattern=Mantener las versiones coincidentes
-owner.settings.cleanuprules.keep.pattern.container=La <code>última</code> versión siempre es guardada en los paquetes de contenedor.
-owner.settings.cleanuprules.remove.title=Se eliminan las versiones que coinciden con estas reglas, a menos que una regla anterior indique mantenerlas.
-owner.settings.cleanuprules.remove.days=Eliminar versiones anteriores a
-owner.settings.cleanuprules.remove.pattern=Eliminar versiones coincidentes
-owner.settings.cleanuprules.success.update=Regla de limpieza ha sido actualizada.
-owner.settings.cleanuprules.success.delete=Regla de limpieza ha sido eliminada.
-owner.settings.chef.title=Registro de Chef
-owner.settings.chef.keypair=Generar par de claves
-owner.settings.chef.keypair.description=Un par de claves es necesario para autenticarse en el registro del Chef. Si ha generado un par de claves antes, generar un nuevo par de claves descartará el par de claves antiguo.
-search_in_external_registry = Buscar en %s
-arch.pacman.sync = Sincronizar el paquete con pacman:
-arch.version.properties = Propiedades de la versión
-arch.pacman.repo.multi = %s tiene la misma versión en diferentes distribuciones.
-arch.pacman.repo.multi.item = Configuración para %s
-arch.pacman.conf = Añadir servidor con distribución y arquitectura relacionadas a <code>/etc/pacman.conf</code> :
-arch.version.backup = Copia de seguridad
-arch.version.depends = Depende
-arch.version.groups = Grupo
-rpm.repository.multiple_groups = Este paquete está disponible en múltiples grupos.
-arch.version.conflicts = Conflictos
-arch.version.replaces = Reemplazos
-container.images.title = Imágenes
-alt.registry = Configurar este registro desde la línea de comandos:
-alt.registry.install = Para instalar el paquete, ejecute el siguiente comando:
-alt.install = Instalar paquete
-alt.repository = Información del repositorio
-alt.repository.architectures = Arquitecturas
-alt.repository.multiple_groups = Este paquete está disponible en múltiples grupos.
-arch.version.description = Descripción
-arch.version.provides = Proveedores
-npm.dependencies.bundle = Empaquetar dependencias
-arch.version.checkdepends = Comprobar dependencias
-arch.version.optdepends = Dependencias opcionales
-arch.version.makedepends = Construir dependencias
-arch.pacman.helper.gpg = Añade el certificado de confianza para pacman:
 
 [secrets]
 secrets=Secretos
diff --git a/options/locale/locale_et.ini b/options/locale/locale_et.ini
index 543ec78c7a..e86a0669dd 100644
--- a/options/locale/locale_et.ini
+++ b/options/locale/locale_et.ini
@@ -604,5 +604,4 @@ cancel = Katkesta
 [action]
 compare_branch = Võrdle
 
-[packages]
-alpine.repository.branches = Alamharud
\ No newline at end of file
+[packages]
\ No newline at end of file
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index 16c6b0228b..85487dfb23 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -2580,9 +2580,6 @@ error.no_unit_allowed_repo=شما اجازه دسترسی به هیچ قسمت 
 error.unit_not_allowed=شما اجازه دسترسی به این قسمت مخزن را ندارید.
 
 [packages]
-filter.type=نوع
-alpine.repository.branches=شاخه‎ها
-alpine.repository.repositories=مخازن
 conan.details.repository=مخزن
 owner.settings.cleanuprules.enabled=فعال شده
 
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 8b0c0c3edf..5f4ca4dbc2 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -3229,163 +3229,11 @@ error.unit_not_allowed = Sinulla ei ole pääsyä tähän tietovaraston osioon.
 error.no_unit_allowed_repo = Sinulla ei ole pääsyä mihinkään tämän tietovaraston osioon.
 
 [packages]
-title=Paketit
 desc=Hallitse tietovaraston paketteja.
-empty=Täällä ei vielä ole paketteja.
-filter.type=Tyyppi
-filter.type.all=Kaikki
-filter.no_result=Suodattimesi ei tuottanut tuloksia.
-installation=Asennus
-details.author=Tekijä
-alpine.repository.branches=Haarat
-alpine.repository.repositories=Tietovarastot
 conan.details.repository=Tietovarasto
 owner.settings.cleanuprules.enabled=Käytössä
-details.license = Lisenssi
-about = Tietoja tästä paketista
-debian.install = Asenna paketti komennolla:
-owner.settings.cleanuprules.edit = Muokkaa siivoussääntöä
-arch.version.groups = Ryhmä
-details.project_site = Projektin verkkosivusto
-details.repository_site = Tietovaraston verkkosivusto
-container.pull = Vedä levykuva komentoriviltä:
-generic.download = Lataa paketti komentoriviltä:
-dependency.version = Versio
-keywords = Avainsanat
-dependencies = Riippuvuudet
-container.labels.key = Avain
-container.labels.value = Arvo
-pypi.install = Asenna paketti pipillä komennolla:
-npm.install = Asenna paketti npm:llä komennolla:
-npm.install2 = tai lisää se package.json-tiedostoon:
-empty.documentation = Lisätietoja pakettirekisteristä on saatavilla <a target="_blank" rel="noopener noreferrer" href="%s">dokumentaatiossa</a>.
-helm.install = Asenna paketti komennolla:
-owner.settings.chef.keypair = Luo avainpari
-settings.delete.error = Paketin poistaminen epäonnistui.
-requirements = Vaatimukset
-published_by_in = Julkaistu %[1]s, julkaisija <a href="%[2]s">%[3]s</a> tietovarastossa <a href="%[4]s"><strong>%[5]s</strong></a>
-pypi.requires = Vaatii Pythonin
-alpine.install = Asenna paketti seuraavalla komennolla:
-debian.repository.components = Komponentit
-cran.install = Asenna paketti komennolla:
-settings.link.select = Valitse tietovarasto
-owner.settings.chef.title = Chef-rekisteri
-owner.settings.cleanuprules.add = Lisää siivoussääntö
-versions = Versiot
-versions.view_all = Näytä kaikki
-debian.repository.architectures = Arkkitehtuurit
-container.details.type = Levykuvan tyyppi
-arch.version.properties = Version ominaisuudet
-rpm.install = Asenna paketti komennolla:
-owner.settings.cleanuprules.none = Siivoussääntöjä ei vielä ole.
-container.details.platform = Alusta
-npm.dependencies = Riippuvuudet
-owner.settings.cleanuprules.title = Siivoussäännöt
-arch.version.depends = Riippuu
-settings.delete = Poista paketti
-arch.version.description = Kuvaus
-settings.delete.success = Paketti on poistettu.
-npm.dependencies.optional = Valinnaiset riippuvuudet
-debian.repository.distributions = Jakelut
-composer.dependencies = Riippuvuudet
-chef.install = Asenna paketti komennolla:
-details.documentation_site = Dokumentaation verkkosivusto
-go.install = Asenna paketti komentoriviltä:
-alpine.repository.architectures = Arkkitehtuurit
-composer.registry = Määritä tämä rekisteri <code>~/.composer/config.json</code>-tiedostossa:
-debian.registry = Määritä tämä rekisteri komentoriviltä:
-rpm.registry = Määritä rekisteri komentoriviltä:
-maven.install = Käytä pakettia sisällyttämällä seuraava sisältö <code>dependencies</code>-lohkoon <code>pom.xml</code>-tiedostossa:
-npm.registry = Määritä rekisteri projektin <code>.npmrc</code>-tiedostossa:
-alpine.repository = Tietovaraston tiedot
-cargo.registry = Määritä tämä rekisteri Cargon asetustiedostossa (esimerkiksi <code>~/.cargo/config.toml</code>):
-cargo.install = Asenna paketti Cargolla suorittamalla seuraava komento:
-composer.install = Asenna paketti Composerilla suorittamalla komento:
-rpm.distros.redhat = RedHatiin pohjautuvilla jakeluilla
-rpm.distros.suse = SUSE:en pohjautuvilla jakeluilla
-rpm.repository.architectures = Arkkitehtuurit
-cran.registry = Määritä rekisteri <code>Rprofile.site</code>-tiedostossa:
-swift.install2 = ja suorita komento:
-maven.registry = Määritä tämä rekisteri projektin <code>pom.xml</code>-tiedostossa:
-maven.install2 = Suorita komentoriviltä:
-nuget.registry = Määritä rekisteri komentoriviltä:
-nuget.install = Asenna paketti NuGetillä suorittamalla komento:
-rubygems.install = Asenna paketti gemillä suorittamalla komento:
-rubygems.install2 = tai lisää se Gemfileen:
-swift.registry = Määritä rekisteri komentoriviltä:
-swift.install = Lisää paketti <code>Package.swift</code>-tiedostoon:
 owner.settings.cleanuprules.keep.count.1 = 1 versio per paketti
 owner.settings.cleanuprules.keep.count.n = %d versiota per paketti
-conan.install = Asenna paketti Conanilla suorittamalla komento:
-chef.registry = Määritä tämä rekisteri <code>~/.chef/config.rb</code>-tiedostossa:
-conan.registry = Määritä tämä rekisteri komentoriviltä:
-conda.install = Asenna paketti Condalla suorittamalla komento:
-helm.registry = Määritä tämä rekisteri komentoriviltä:
-pub.install = Asenna paketti Dartilla suorittamalla komento:
-owner.settings.cargo.title = Cargo-rekisterin indeksi
-settings.delete.description = Paketin poistaminen on peruuttamaton toimenpide, sitä ei voi perua.
-settings.link.success = Tietovaraston linkki päivitettiin onnistuneesti.
-settings.link.button = Päivitä tietovaraston linkki
-owner.settings.cleanuprules.preview.overview = %d pakettia on ajastettu poistettavaksi.
-owner.settings.cargo.initialize.success = Cargo-indeksi luotiin onnistuneesti.
-vagrant.install = Lisää Vagrant-boksi suorittamalla komento:
-rubygems.dependencies.development = Kehitysriippuvuudet
-owner.settings.cleanuprules.preview = Siivoussäännön esikatselu
-npm.dependencies.development = Kehitysriippuvuudet
-composer.dependencies.development = Kehitysriippuvuudet
-owner.settings.cleanuprules.success.update = Siivoussääntö on päivitetty.
-owner.settings.cleanuprules.success.delete = Siivoussääntö on poistettu.
-settings.link = Linkitä tämä paketti tietovarastoon
-maven.download = Lataa riippuvuus suorittamalla komentorivillä:
-registry.documentation = Lisätietoja %s-rekisteristä on <a target="_blank" rel="noopener noreferrer" href="%s">dokumentaatiossa</a>.
-owner.settings.chef.keypair.description = Chef-rekisteriin lähetettävät pyynnöt on allekirjoitettava salauskirjoituksella todennuskeinona. Avainparia luotaessa vain julkinen avain tallennetaan Forgejoon. Yksityinen avain toimitetaan sinulle käytettäväksi knifen kanssa. Uuden avainparin luominen korvaa edellisen.
-owner.settings.cleanuprules.keep.pattern = Säilytä kaavaa vastaavat versiot
-owner.settings.cleanuprules.pattern_full_match = Toteuta kaava paketin koko nimeen
-owner.settings.cleanuprules.keep.title = Näitä sääntöjä vastaavat versiot säilytetään, vaikka ne vastaisivat alla olevaa poistosääntöä.
-owner.settings.cleanuprules.keep.count = Säilytä viimeisimmät
-owner.settings.cleanuprules.remove.pattern = Poista kaavaa vastaavat versiot
-owner.settings.cleanuprules.keep.pattern.container = Viimeisin (<code>latest</code>) versio säilytetään aina Container-paketeista.
-owner.settings.cleanuprules.remove.title = Näitä sääntöjä vastaavat versiot poistetaan, ellei sääntö yläpuolella käske säilyttää niitä.
-owner.settings.cleanuprules.remove.days = Poista versiot, jotka ovat vanhempia kuin
-arch.pacman.helper.gpg = Lisää luottamusvarmenne pacmanille:
-arch.pacman.sync = Synkronoi paketti pacmanin kanssa:
-debian.registry.info = Valitse $distribution ja $component alla olevasta listasta.
-rpm.repository.multiple_groups = Tämä paketti on saatavilla useissa ryhmissä.
-owner.settings.cargo.rebuild.success = Cargo-indeksi rakennettiin uudelleen.
-owner.settings.cleanuprules.preview.none = Siivoussääntö ei vastaa yhtäkään pakettia.
-arch.pacman.conf = Lisää palvelin asiaan liittyvällä jakelulla ja arkkitehtuurilla tiedostoon <code>/etc/pacman.conf</code> :
-published_by = Julkaistu %[1]s käyttäjän <a href="%[2]s">%[3]s</a> toimesta
-alpine.registry.key = Lataa rekisterin julkinen RSA-avain hakemistoon <code>/etc/apk/keys/</code> vahvistaaksesi indeksin allekirjoituksen:
-alpine.registry = Aseta tämä rekisteri lisäämällä URL-osoite tiedostoon <code>/etc/apk/tietovarastot</code>:
-rubygems.dependencies.runtime = Ajonaikaiset riippuvuudet
-owner.settings.cargo.rebuild.error = Cargo-indeksin rakentaminen uudelleen epäonnistui: %v
-owner.settings.cargo.rebuild = Rakenna indeksi uudelleen
-empty.repo = Lähetitkö paketin, mutta se ei näy täällä? Siirry <a href="%[1]s">paketin asetuksiin</a> ja linkitä se tähän tietovarastoon.
-alpine.registry.info = Valitse $branch ja $repository alla olevasta listasta.
-container.images.title = Levykuvat
-owner.settings.cargo.initialize = Alusta indeksi
-owner.settings.cargo.initialize.description = Cargo-rekisterin käyttöä varten tarvitaan erityinen indeksi Git -tietovarasto. Tämän vaihtoehdon käyttäminen luo (uudelleen) tietovaraston ja määrittää sen automaattisesti.
-settings.link.error = Tietovaraston linkin päivittäminen epäonnistui.
-alt.repository.multiple_groups = Tämä paketti on saatavilla useissa ryhmissä.
-alt.repository.architectures = Arkkitehtuurit
-alt.install = Asenna paketti
-alt.registry.install = Asenna paketti komennolla:
-details = Yksityiskohdat
-arch.version.provides = Tarjoaa
-rpm.repository = Tietovaraston tiedot
-rubygems.required.ruby = Vaatii Ruby-version
-settings.delete.notice = Olet aikeissa poistaa %s (%s). Tätä toimenpidettä ei voi perua. Haluatko varmasti jatkaa?
-owner.settings.cargo.initialize.error = Cargo-indeksin alustaminen epäonnistui: %v
-owner.settings.cargo.rebuild.no_index = Ei voi rakentaa uudelleen, indeksiä ei ole alustettu.
-rubygems.required.rubygems = Vaatii RubyGem-version
-alt.registry = Määritä tämä rekisteri komentoriviltä:
-alt.repository = Tietovaraston tiedot
-arch.version.replaces = Korvaa
-debian.repository = Tietovaraston tiedot
-conda.registry = Määritä tämä rekisteri Conda-tietovarastoksi <code>.condarc</code>-tiedostossa:
-container.labels = Nimilaput
-settings.link.description = Jos linkität paketin tietovarastoon, paketti listataan tietovaraston pakettilistalla.
-assets = Resurssit
 
 [secrets]
 creation.failed = Salaisuuden lisääminen epäonnistui.
diff --git a/options/locale/locale_fil.ini b/options/locale/locale_fil.ini
index c2cf9fd951..3b6acd30a9 100644
--- a/options/locale/locale_fil.ini
+++ b/options/locale/locale_fil.ini
@@ -3335,183 +3335,11 @@ settings.change_orgname_redirect_prompt.with_cooldown.one = Magiging available a
 
 
 [packages]
-alpine.repository.branches = Mga branch
-owner.settings.cargo.initialize.success = Matagumpay na nagawa ang Cargo index.
-details = Mga detalye
-empty = Wala pang anumang mga package.
-filter.container.tagged = Naka-tag
-filter.container.untagged = Hindi naka-tag
-filter.type = Uri
-filter.type.all = Lahat
-filter.no_result = Walang resulta ang iyong filter.
-about = Tungkol sa package na ito
-installation = Pag-install
-details.repository_site = Website ng repositoryo
-details.documentation_site = Website ng dokumentasyon
-alpine.repository.repositories = Mga Repositoryo
-alpine.repository.architectures = Mga architechture
-chef.install = Para i-install ang package na ito, patakbuhin ang sumusunod na command:
-composer.registry = I-setup ang registry na ito sa iyong <code>~/.composee/config.json</code> file:
-composer.install = Para i-install ang package gamit ang Composer, patakbuhin ang sumusunod na command:
-empty.repo = Nag-upload ka ba ng package, ngunit hindi pinapakita dito? Pumunta sa <a href="%[1]s">mga setting ng package</a> at i-link iyan sa repo na ito.
-keywords = Mga keyword
-versions = Mga bersyon
-title = Mga package
 desc = Ipamahala ang mga package ng repositoryo.
-registry.documentation = Para sa higit pang impormasyon tungkol sa %s registry, tignan ang <a target="_blank" rel="noopener noreferrer" href="%s">dokumentasyon</a>.
-published_by = Na-publish ang %[1]s ni/ng <a href="%[2]s">%[3]s</a>
-requirements = Mga kinakailangan
-dependencies = Mga dependency
-details.author = May-akda
-details.project_site = Website ng proyekto
-details.license = Lisensya
-versions.view_all = Tignan lahat
-dependency.id = ID
-dependency.version = Bersyon
-alpine.registry = I-setup ang registry na ito sa pamamagitan ng pagdagdag ng url sa iyong <code>/etc/apk/repositories</code> file:
-alpine.registry.info = Pumili ng $branch at $repository mula sa listahan sa ibaba.
-alpine.install = Para i-install ang package, patakbuhin ang sumusunod na command:
-alpine.repository = Info ng repositoryo
-cargo.registry = I-setup ang registry na ito sa Cargo configuration file (halimbawa <code>~/.cargo/config.toml</code>):
-chef.registry = I-setup ang registry na ito sa iyong <code>~/.chef/config.rb</code> file:
-composer.dependencies = Mga dependency
-composer.dependencies.development = Mga dependency ng pag-develop
 conan.details.repository = Repositoryo
-conan.registry = I-setup ang registry na ito mula sa command line:
-assets = Mga asset
-empty.documentation = Para sa higit pang impormasyon sa package registry, tignan ang <a target="_blank" rel="noopener noreferrer" href="%s">dokumentasyon</a>.
-cargo.install = Para i-install ang package gamit ang Cargo, patakbuhin ang sumusunod na command:
-published_by_in = Na-publish ang %[1]s ni <a href="%[2]s">%[3]s </a> sa <a href="%[4]s"><strong>%[5]s</strong></a>
-alpine.registry.key = I-download ang registry public RSA key sa <code>/etc/apk/keys</code> folder para i-verify ang index signature:
-swift.install2 = at patakbuhin ang sumusunod na utos:
-arch.version.description = Paglalarawan
-arch.version.properties = Mga katangian ng bersyon
-settings.delete.description = Permanente ang pagbura ng package at hindi ito mababawi.
-owner.settings.cargo.initialize.description = Ang isang espesyal na index Git repository ay kinakailangan para gamitin ang Cargo registry. Ang paggamit ng opsyon na ito ay (muling) gagawin ang repositoryo at awtomatikong i-configure.
-owner.settings.cargo.rebuild.description = Maaaring maging kapaki-pakinabang ang muling pagtatayo kung ang index ay hindi naka-synchronize sa mga nakaimbak na Cargo package.
-helm.install = Para i-install ang package na ito, patakbuhin ang sumusunod na command:
-helm.registry = I-setup ang registry na ito mula sa command line:
-owner.settings.cargo.rebuild.no_index = Hindi makaka-rebuild, walang index na naka-initialize.
-pypi.install = Para i-install ang package gamit ang pip, patakbuhin ang sumusunod na command:
 owner.settings.cleanuprules.keep.count.n = %d mga bersyon kada package
-owner.settings.cleanuprules.success.update = Na-update na cleanup rule.
-arch.version.backup = Backup
-owner.settings.cleanuprules.keep.pattern = Panatilihin ang mga bersyon na tumutugma
-conda.install = Para i-install ang package gamit ang Conda, patakbuhin ang sumusunod na command:
-container.multi_arch = OS / Arch
-debian.repository.components = Mga component
-conda.registry = I-set up ang registry na ito bilang Conda repository sa iyong <code>.condarc</code> file:
-npm.registry = I-set up ang registry na ito sa <code>.npmrc</code> file ng iyong proyekto:
-owner.settings.cargo.rebuild = I-rebuild ang index
-cran.registry = I-set up ang registry na ito sa iyong <code>Rprofile.site</code> na file:
-arch.version.depends = Dumedepende
-arch.version.provides = Nagbibigay
-arch.version.groups = Grupo
-arch.version.optdepends = Opsyonal na dumepende
-pub.install = Para i-install ang package gamit ang Dart, patakbuhin ang sumusunod na command:
-pypi.requires = Kinakailangan ang Python
-rubygems.dependencies.development = Mga development dependency
 owner.settings.cleanuprules.keep.count.1 = 1 bersyon kada package
-owner.settings.cleanuprules.remove.pattern = Tanggalin ang mga bersyon na tumutugma sa
-nuget.install = Para i-install ang package gamit ang NuGet, patakbuhin ang sumusunod na command:
-container.labels = Mga Label
-rpm.repository.multiple_groups = Available ang package na ito sa iba't ibang grupo.
-settings.delete.error = Nabigong burahin ang package.
-owner.settings.cargo.title = Index ng Cargo registry
-debian.repository = Info ng repositoryo
-owner.settings.cleanuprules.remove.title = Ang mga bersyon na tumutugma sa mga rule na ito ay tatanggalin, maliban mung may rule sa itaas ay sasabihin na panatilihin sila.
-owner.settings.cleanuprules.remove.days = Tanggalin ang mga bersyon mas luma sa
-container.details.platform = Platform
-container.digest = Digest
-container.details.type = Uri ng image
-rubygems.required.ruby = Kinakailangan ang bersyon ng Ruby
-npm.dependencies.bundle = Mga kasamang dependency
-owner.settings.cleanuprules.success.delete = Nabura na ang cleanup rule.
-owner.settings.chef.keypair.description = Ang mga hiling na pinapadala sa Chef registry ay dapat na cryptographically na nakalagda bilang paraan ng authentication. Kapag nag-ge-generate ng isang keypair, ang pampublikong key lamang ang iniimbak ng Forgejo. Ang pribadong key ay binibigay sa iyo na gagamitin sa knife. Ang pag-generate ng bagong keypair i io-overwrite ang luma.
-npm.dependencies = Mga dependency
-npm.dependencies.peer = Mga peer dependency
-rubygems.install = Para i-install ang package sa pamamagitan ng gem, patakbuhin ang sumusunod na command:
-settings.link.description = Kung mag-link ka ng package sa repository, ang package ay nakalista sa listahan ng mga package ng repositoryo.
-settings.delete.success = Nabura na ang package.
-arch.pacman.repo.multi.item = Configuration para sa %s
-arch.pacman.conf = Idagdag ang server na may kaugnay na distribution at architechture sa <code>/etc/pacman.conf</code>:
-arch.pacman.sync = I-sync ang package sa pamamagitan ng pacman:
-arch.version.makedepends = Mga make depend
-arch.version.checkdepends = Mga check depend
-container.pull = Hilahin ang image mula sa command line:
-container.labels.key = Key
-cran.install = Para i-install ang package na ito, patakbuhin ang sumusunod na command:
-debian.repository.distributions = Mga distribution
-generic.download = I-download ang package mula sa command line:
-go.install = I-install ang package mula sa command line:
-maven.install2 = Patakbuhin sa pamamagitan ng command line:
-maven.download = Para i-download ang dependency, patakbuhin sa pamamagitan ng command line:
-nuget.registry = I-setup ang registry na ito mula sa command line:
-nuget.dependency.framework = Target na Framework
-npm.install = Para i-install ang package gamit ng npm, patakbuhin ang sumusunod na command:
-npm.install2 = o idagdag ito sa package.json file:
-npm.dependencies.development = Mga development dependency
-npm.details.tag = Tag
-swift.install = Idagdag ang package sa iyong <code>Package.swift</code> na file:
-vagrant.install = Para magdagdag ng Vagrant box, patakbuhin ang sumusunod na command:
-settings.link = I-link ang package na ito sa repository
-settings.link.select = Pumili ng repositoryo
-settings.link.button = I-update ang link ng repositoryo
-settings.link.error = Nabigong i-update ang link ng repositoryo.
-settings.delete = Burahin ang package
-owner.settings.cargo.initialize = I-initialize ang index
-owner.settings.cleanuprules.add = Magdagdag ng cleanup rule
-owner.settings.cleanuprules.preview = Preview ng cleanup rule
-owner.settings.cleanuprules.preview.overview = %d mga package ay naka-iskedyul para tanggalin.
-owner.settings.cleanuprules.preview.none = Hindi tumutugma sa anumang mga package ang cleanup rule.
 owner.settings.cleanuprules.enabled = Naka-enable
-owner.settings.cleanuprules.pattern_full_match = I-apply ang pattern sa punong pangalan ng package
-owner.settings.chef.keypair = Gumawa ng key pair
-arch.pacman.helper.gpg = Magdagdag ng trust certificate para sa pacman:
-arch.pacman.repo.multi = Ang %s ay may katulad na beryson sa iba't ibang mga distribution.
-arch.version.conflicts = Mga salungatan
-arch.version.replaces = Pinapalit
-npm.dependencies.optional = Mga opsyonal na dependency
-rpm.distros.suse = sa mga SUSE based na distribution
-rpm.install = Para i-install ang package na ito, patakbuhin ang sumusunod na command:
-rpm.repository = Info ng repositoryo
-rpm.repository.architectures = Mga architechture
-rpm.registry = I-setup ang registry na ito mula sa command line:
-rpm.distros.redhat = sa mga RedHat based na distribution
-rubygems.dependencies.runtime = Mga runtime dependency
-rubygems.install2 = o idagdag ito sa Gemfile:
-debian.repository.architectures = Mga architechture
-owner.settings.chef.title = Chef registry
-rubygems.required.rubygems = Kinakailangan ang bersyon ng RubyGem
-owner.settings.cleanuprules.edit = I-edit ang cleanup rule
-settings.link.success = Matagumpay na na-update ang link ng repositoryo.
-owner.settings.cleanuprules.keep.pattern.container = Ang <code>latest</code> na bersyon ay palaging pinapatilihin para sa mga Container package.
-owner.settings.cleanuprules.none = Wala pang mga cleanup rule sa ngayon.
-owner.settings.cleanuprules.keep.count = Panatilihin ang pinaka-recent
-settings.delete.notice = Buburahin mo ang %s (%s). Hindi mababalikan ang aksyon na ito, sigurado ka ba?
-owner.settings.cargo.initialize.error = Nabigong i-initialize ang Cargo index: %v
-debian.install = Para i-install ang package na ito, patakbuhin ang sumusunod na command:
-owner.settings.cargo.rebuild.error = Nabigong i-rebuild ang cargo index: %v
-conan.install = Para i-install ang package gamit ang Conan, patakbuhin ang sumusunod na command:
-swift.registry = I-setup ang registry na ito mula sa command line:
-maven.registry = I-set up ang registry na ito sa iyong <code>pom.xml</code> ng iyong proyekto:
-owner.settings.cleanuprules.keep.title = Ang mga bersyon na tumutugma sa mga rule na ito ay papanatilihin, kahit na tumutugma sila sa removal rule sa ibaba.
-maven.install = Para gamitin ang package isama ang sumusunod sa <code>dependencies</code> block sa <code>pom.xml</code> file:
-container.labels.value = Value
-debian.registry = I-setup ang registry na ito mula sa command line:
-debian.registry.info = Pumili ng $distribution at $component sa listahan sa ibaba.
-owner.settings.cargo.rebuild.success = Matagumpay na na-rebuild ang Cargo index.
-owner.settings.cleanuprules.title = Mga cleanup rule
-container.layers = Mga layer ng image
-container.images.title = Mga image
-search_in_external_registry = Maghanap sa %s
-alt.registry = I-setup ang registry na ito mula sa command line:
-alt.registry.install = Para i-install ang package na ito, patakbuhin ang sumusunod na command:
-alt.install = I-install ang package
-alt.setup = Idagdag ang repositoryo sa listahan ng mga nakakonektang repositoryo (piliin ang kinakailangang architechture sa halip ng "_arch_"):
-alt.repository = Info ng repositoryo
-alt.repository.architectures = Mga architechture
-alt.repository.multiple_groups = Available ang package na ito sa iba't ibang grupo.
 
 [actions]
 runners.last_online = Huling oras na online
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 72a4a14dd1..6557e4d7b5 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -3530,183 +3530,11 @@ error.no_unit_allowed_repo=Vous n'êtes pas autorisé à accéder à n'importe q
 error.unit_not_allowed=Vous n'êtes pas autorisé à accéder à cette section du dépôt.
 
 [packages]
-title=Paquets
 desc=Gérer les paquets du dépôt.
-empty=Il n'y pas de paquet pour le moment.
-empty.documentation=Pour plus d'informations sur le registre de paquets, voir <a target="_blank" rel="noopener noreferrer" href="%s">la documentation</a>.
-empty.repo=Avez-vous téléchargé un paquet, mais il n'est pas affiché ici ? Allez dans les <a href="%[1]s">paramètres du paquet</a> et liez le à ce dépôt.
-registry.documentation=Pour plus d’informations sur le registre %s, voir <a target="_blank" rel="noopener noreferrer" href="%s">la documentation</a>.
-filter.type=Type
-filter.type.all=Tous
-filter.no_result=Votre filtre n'affiche aucun résultat.
-filter.container.tagged=Balisé
-filter.container.untagged=Débalisé
-published_by=%[1]s publié par <a href="%[2]s">%[3]s</a>
-published_by_in=%[1]s publié par <a href="%[2]s">%[3]s</a> en <a href="%[4]s"><strong>%[5]s</strong></a>
-installation=Installation
-about=À propos de ce paquet
-requirements=Exigences
-dependencies=Dépendances
-keywords=Mots-clés
-details=Détails
-details.author=Auteur
-details.project_site=Site du projet
-details.repository_site=Site du dépôt
-details.documentation_site=Site de la documentation
-details.license=Licence
-assets=Ressources
-versions=Versions
-versions.view_all=Voir tout
-dependency.id=ID
-dependency.version=Version
-alpine.registry=Configurez ce registre en ajoutant l’URL dans votre fichier <code>/etc/apk/repositories</code> :
-alpine.registry.key=Téléchargez la clé RSA publique du registre dans le dossier <code>/etc/apk/keys/</code> pour vérifier la signature de l'index :
-alpine.registry.info=Choisissez $branch et $repository dans la liste ci-dessous.
-alpine.install=Pour installer le paquet, exécutez la commande suivante :
-alpine.repository=Informations sur le dépôt
-alpine.repository.branches=Branches
-alpine.repository.repositories=Dépôts
-alpine.repository.architectures=Architectures
-cargo.registry=Configurez ce registre dans le fichier de configuration Cargo (par exemple <code>~/.cargo/config.toml</code>) :
-cargo.install=Pour installer le paquet en utilisant Cargo, exécutez la commande suivante :
-chef.registry=Configurer ce registre dans votre fichier <code>~/.chef/config.rb</code> :
-chef.install=Pour installer le paquet, exécutez la commande suivante :
-composer.registry=Configurez ce registre dans votre fichier <code>~/.composer/config.json</code> :
-composer.install=Pour installer le paquet en utilisant Composer, exécutez la commande suivante :
-composer.dependencies=Dépendances
-composer.dependencies.development=Dépendances de développement
 conan.details.repository=Dépôt
-conan.registry=Configurez ce registre à partir d'un terminal :
-conan.install=Pour installer le paquet en utilisant Conan, exécutez la commande suivante :
-conda.registry=Configurez ce registre en tant que dépôt Conda dans le fichier <code>.condarc</code> :
-conda.install=Pour installer le paquet en utilisant Conda, exécutez la commande suivante :
-container.details.type=Type d'image
-container.details.platform=Plateforme
-container.pull=Tirez l'image depuis un terminal :
-container.digest=Empreinte
-container.multi_arch=SE / Arch
-container.layers=Calques d'image
-container.labels=Labels
-container.labels.key=Clé
-container.labels.value=Valeur
-cran.registry=Configurez ce registre dans le fichier <code>Rprofile.site</code> :
-cran.install=Pour installer le paquet, exécutez la commande suivante :
-debian.registry=Configurez ce registre à partir d'un terminal :
-debian.registry.info=Choisissez $distribution et $component dans la liste ci-dessous.
-debian.install=Pour installer le paquet, exécutez la commande suivante :
-debian.repository=Infos sur le dépôt
-debian.repository.distributions=Distributions
-debian.repository.components=Composants
-debian.repository.architectures=Architectures
-generic.download=Télécharger le paquet depuis un terminal :
-go.install=Installer le paquet à partir de la ligne de commande :
-helm.registry=Configurer ce registre à partir d'un terminal :
-helm.install=Pour installer le paquet, exécutez la commande suivante :
-maven.registry=Configurez ce registre dans le fichier <code>pom.xml</code> de votre projet :
-maven.install=Pour utiliser le paquet, inclure ce qui suit dans le bloc <code>dependencies</code> dans le fichier <code>pom.xml</code> :
-maven.install2=Exécuter dans un terminal :
-maven.download=Pour télécharger la dépendance, exécutez dans un terminal :
-nuget.registry=Configurer ce registre à partir d'un terminal :
-nuget.install=Pour installer le paquet en utilisant NuGet, exécutez la commande suivante :
-nuget.dependency.framework=Cadriciel cible
-npm.registry=Configurez ce registre dans le fichier <code>.npmrc</code> de votre projet :
-npm.install=Pour installer le paquet en utilisant npm, exécutez la commande suivante :
-npm.install2=ou ajoutez-le au fichier package.json :
-npm.dependencies=Dépendances
-npm.dependencies.development=Dépendances de développement
-npm.dependencies.peer=Dépendances de pairs
-npm.dependencies.optional=Dépendances optionnelles
-npm.details.tag=Balise
-pub.install=Pour installer le paquet en utilisant Dart, exécutez la commande suivante :
-pypi.requires=Nécessite Python
-pypi.install=Pour installer le paquet en utilisant pip, exécutez la commande suivante :
-rpm.registry=Configurez ce registre à partir d'un terminal :
-rpm.distros.redhat=sur les distributions basées sur RedHat
-rpm.distros.suse=sur les distributions basées sur SUSE
-rpm.install=Pour installer le paquet, exécutez la commande suivante :
-rpm.repository = Information sur le dépôt
-rpm.repository.architectures = Architectures
-rpm.repository.multiple_groups = Ce paquet est disponible dans plusieurs groupes.
-rubygems.install=Pour installer le paquet en utilisant gem, exécutez la commande suivante :
-rubygems.install2=ou ajoutez-le au Gemfile :
-rubygems.dependencies.runtime=Dépendances d'exécution
-rubygems.dependencies.development=Dépendances de développement
-rubygems.required.ruby=Nécessite Ruby en version
-rubygems.required.rubygems=Nécessite RubyGem en version
-swift.registry=Configurez ce registre à partir d'un terminal :
-swift.install=Ajoutez le paquet dans votre fichier <code>Package.swift</code> :
-swift.install2=et exécutez la commande suivante :
-vagrant.install=Pour ajouter une machine Vagrant, exécutez la commande suivante :
-settings.link=Lier ce paquet à un dépôt
-settings.link.description=Si vous liez un paquet à dépôt, le paquet sera inclus dans sa liste des paquets.
-settings.link.select=Sélectionner un dépôt
-settings.link.button=Actualiser le lien du dépôt
-settings.link.success=Le lien du dépôt a été mis à jour avec succès.
-settings.link.error=Impossible de mettre à jour le lien du dépôt.
-settings.delete=Supprimer le paquet
-settings.delete.description=Supprimer un paquet est permanent et irréversible.
-settings.delete.notice=Vous êtes sur le point de supprimer %s (%s). Cette opération est irréversible, êtes-vous sûr ?
-settings.delete.success=Le paquet a été supprimé.
-settings.delete.error=Impossible de supprimer le paquet.
-owner.settings.cargo.title=Index du registre cargo
-owner.settings.cargo.initialize=Initialiser l'index
-owner.settings.cargo.initialize.description=Un dépôt Git d’index spécial est nécessaire pour utiliser le registre Cargo. Utiliser cette option va (re)créer le dépôt et le configurer automatiquement.
-owner.settings.cargo.initialize.error=Impossible d'initialiser l'index de Cargo : %v
-owner.settings.cargo.initialize.success=L'index Cargo a été créé avec succès.
-owner.settings.cargo.rebuild=Reconstruire l'index
-owner.settings.cargo.rebuild.description=La reconstruction peut être utile si l'index n'est pas synchronisé avec les paquets Cargo stockés.
-owner.settings.cargo.rebuild.error=Impossible de reconstruire l'index Cargo : %v
-owner.settings.cargo.rebuild.success=L'index Cargo a été reconstruit avec succès.
-owner.settings.cleanuprules.title=Règles de nettoyage
-owner.settings.cleanuprules.add=Ajouter une règle de nettoyage
-owner.settings.cleanuprules.edit=Modifier la règle de nettoyage
-owner.settings.cleanuprules.none=Aucune règle de nettoyage disponible. Veuillez consulter la documentation.
-owner.settings.cleanuprules.preview=Aperçu des règles de nettoyage
-owner.settings.cleanuprules.preview.overview=%d paquets sont programmés pour être supprimés.
-owner.settings.cleanuprules.preview.none=La règle de nettoyage ne correspond à aucun paquet.
 owner.settings.cleanuprules.enabled=Activé
-owner.settings.cleanuprules.pattern_full_match=Appliquer le motif au nom complet du paquet
-owner.settings.cleanuprules.keep.title=Les versions qui correspondent à ces règles sont conservées, même si elles correspondent à une règle de suppression ci-dessous.
-owner.settings.cleanuprules.keep.count=Garder le plus récent
 owner.settings.cleanuprules.keep.count.1=1 version par paquet
 owner.settings.cleanuprules.keep.count.n=%d versions par paquet
-owner.settings.cleanuprules.keep.pattern=Garder les versions correspondantes
-owner.settings.cleanuprules.keep.pattern.container=La version <code>latest</code> est toujours conservée pour les paquets Container.
-owner.settings.cleanuprules.remove.title=Les versions qui correspondent à ces règles sont supprimées, sauf si une règle ci-dessus dit de les garder.
-owner.settings.cleanuprules.remove.days=Supprimer les versions antérieures à
-owner.settings.cleanuprules.remove.pattern=Supprimer les versions correspondantes
-owner.settings.cleanuprules.success.update=La règle de nettoyage a été mise à jour.
-owner.settings.cleanuprules.success.delete=La règle de nettoyage a été supprimée.
-owner.settings.chef.title=Dépôt Chef
-owner.settings.chef.keypair=Générer une paire de clés
-owner.settings.chef.keypair.description=Les requêtes envoyées au registre Chef doivent être signées cryptographiquement à des fin d'authentification. Lorsqu'une paire de clés est générée, seule la clé publique est conservée dans Forgejo. La clé privée est fournie afin que vous puissiez l'utiliser avec knife. La génération d'une nouvelle clé remplace la précédente.
-owner.settings.cargo.rebuild.no_index = Incapable de reconstruire, index non initialisé.
-npm.dependencies.bundle = Bundles de dépendances
-arch.pacman.helper.gpg = Ajouter un certificat de confiance pour pacman :
-arch.pacman.repo.multi = %s a la même version dans différentes distributions.
-arch.pacman.repo.multi.item = Configuration pour %s
-arch.pacman.conf = Ajouter un serveur associées à la distribution et l'architecture dans <code>/etc/pacman.conf</code> :
-arch.pacman.sync = Synchroniser le paquet avec pacman :
-arch.version.properties = Propriétés de version
-arch.version.description = Description
-arch.version.provides = Fournit
-arch.version.groups = Groupe
-arch.version.depends = Dépend
-arch.version.optdepends = Dépendances optionnelles
-arch.version.checkdepends = Vérifier les dépendances
-arch.version.conflicts = Conflits
-arch.version.replaces = Remplace
-arch.version.backup = Sauvegarde
-arch.version.makedepends = Faire des dépendances
-container.images.title = Images
-search_in_external_registry = Rechercher dans %s
-alt.repository = Informations sur le dépôt
-alt.repository.architectures =Architectures
-alt.registry = Configurez ce registre à partir d'un terminal :
-alt.registry.install = Pour installer le paquet, exécutez la commande suivante :
-alt.install = Installer le paquet
-alt.repository.multiple_groups = Ce paquet est disponible dans plusieurs groupes.
-alt.setup = Ajouter un dépôt à la liste des dépôts connecté (choisissez l'architecture nécessaire à la place de "_arch") :
 
 [secrets]
 secrets=Secrets
diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini
index 1d6175a023..33311205b9 100644
--- a/options/locale/locale_ga-IE.ini
+++ b/options/locale/locale_ga-IE.ini
@@ -2761,153 +2761,11 @@ error.no_unit_allowed_repo = Níl cead agat rochtain a fháil ar aon chuid den t
 error.unit_not_allowed = Níl cead agat an rannán stóras seo a rochtain.
 
 [packages]
-title = Pacáistí
 desc = Bainistigh pacáistí stórais.
-empty = Níl aon phacáistí ann fós.
-empty.documentation = Le haghaidh tuilleadh eolais ar chlárlann na bpacáistí, féach ar <a target="_blank" rel="noopener noreferrer" href="%s">na doiciméid</a>.
-empty.repo = An ndearna tú uaslódáil ar phacáiste, ach nach bhfuil sé léirithe anseo? Téigh go <a href="%[1]s">socruithe pacáiste</a> agus nasc leis an stóras seo é.
-registry.documentation = Le haghaidh tuilleadh eolais ar chlárlann %s, féach ar <a target="_blank" rel="noopener noreferrer" href="%s">na doiciméid</a>.
-filter.type = Cineál
-filter.type.all = Gach
-filter.no_result = Níor thug do scagaire aon torthaí.
-filter.container.tagged = Clibeáilte
-filter.container.untagged = Gan chlib
-published_by = Foilsithe %[1]s ag <a href="%[2]s">%[3]s</a>
-published_by_in = Foilsithe ag %[1]s ag <a href="%[2]s">%[3]s</a> in <a href="%[4]s"><strong>%[5]s</strong></a>
-installation = Suiteáil
-about = Maidir leis an bpacáiste seo
-requirements = Riachtanais
-dependencies = Spleithiúlachtaí
-keywords = Eochairfhocail
-details = Sonraí
-details.author = Údar
-details.license = Ceadúnas
-assets = Sócmhainní
-versions = Leaganacha
-versions.view_all = Féach ar gach
-dependency.id = ID
-dependency.version = Leagan
-search_in_external_registry = Cuardaigh i %s
-alpine.registry = Socraigh an chlár seo tríd an url a chur i do chomhad <code>/etc/apk/repositories</code>:
-alpine.registry.key = Íoslódáil eochair RSA poiblí na clárlainne isteach san fhillteán <code>/etc/apk/keys/</code> chun an síniú innéacs a fhíorú:
-alpine.registry.info = Roghnaigh $branch agus $repository ón liosta thíos.
-alpine.install = Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:
-alpine.repository = Eolas Stórais
-alpine.repository.branches = Brainsí
-alpine.repository.repositories = Stórais
-alpine.repository.architectures = Ailtireachtaí
-cargo.registry = Socraigh an clárlann seo sa chomhad cumraíochta lasta (mar shampla <code>~/.cargo/config.toml</code>):
-cargo.install = Chun an pacáiste a shuiteáil ag baint úsáide as Cargo, reáchtáil an t-ordú seo a leanas:
-chef.registry = Socraigh an clárlann seo i do chomhad <code>~/.chef/config.rb</code>:
-chef.install = Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:
-composer.registry = Socraigh an chlár seo i do chomhad <code>~/.composer/config.json</code>:
-composer.install = Chun an pacáiste a shuiteáil ag baint úsáide as Cumadóir, reáchtáil an t-ordú seo a leanas:
-composer.dependencies = Spleithiúlachtaí
-composer.dependencies.development = Spleithiúlachtaí Forbartha
 conan.details.repository = Stóras
-conan.registry = Socraigh an clárlann seo ón líne ordaithe:
-conan.install = Chun an pacáiste a shuiteáil ag úsáid Conan, reáchtáil an t-ordú seo a leanas:
-conda.registry = Socraigh an chlár seo mar stóras Conda i do chomhad <code>.condarc</code>:
-conda.install = Chun an pacáiste a shuiteáil ag úsáid Conda, reáchtáil an t-ordú seo a leanas:
-container.details.type = Cineál Íomhá
-container.details.platform = Ardán
-container.pull = Tarraing an íomhá ón líne ordaithe:
-container.digest = Díleáigh
-container.multi_arch = Córas Oibriúcháin / Ailtireacht
-container.layers = Sraitheanna Íomhá
-container.labels = Lipéid
-container.labels.key = Eochair
-container.labels.value = Luach
-cran.registry = Cumraigh an chlárlann seo i do chomhad <code>Rprofile.site</code>:
-cran.install = Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:
-debian.registry = Socraigh an clárlann seo ón líne ordaithe:
-debian.registry.info = Roghnaigh $distribution agus $component ón liosta thíos.
-debian.install = Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:
-debian.repository = Eolas Stóras
-debian.repository.distributions = Dáiltí
-debian.repository.components = Comhpháirteanna
-debian.repository.architectures = Ailtireachtaí
-generic.download = Íoslódáil pacáiste ón líne ordaithe:
-go.install = Suiteáil an pacáiste ón líne ordaithe:
-helm.registry = Socraigh an clárlann seo ón líne ordaithe:
-helm.install = Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:
-maven.registry = Socraigh an clárlann seo i do chomhad <code>pom.xml</code> tionscadail:
-maven.install = Chun an pacáiste a úsáid cuir na nithe seo a leanas sa bhloc <code>spleáchais</code> sa chomhad <code>pom.xml</code>:
-maven.install2 = Rith tríd an líne ordaithe:
-maven.download = Chun an spleáchas a íoslódáil, rith tríd an líne ordaithe:
-nuget.registry = Socraigh an clárlann seo ón líne ordaithe:
-nuget.install = Chun an pacáiste a shuiteáil ag úsáid NuGet, reáchtáil an t-ordú seo a leanas:
-nuget.dependency.framework = Spriocchreat
-npm.registry = Socraigh an chlárlann seo i do chomhad <code>.npmrc</code> do thionscadail:
-npm.install = Chun an pacáiste a shuiteáil ag úsáid npm, reáchtáil an t-ordú seo a leanas:
-npm.install2 = nó cuir leis an gcomhad package.json é:
-npm.dependencies = Spleithiúlachtaí
-npm.dependencies.development = Spleithiúlachtaí Forbartha
-npm.dependencies.bundle = Spleáchais Chuachta
-npm.dependencies.peer = Spleithiúlachtaí Piaraí
-npm.dependencies.optional = Spleáchais Roghnacha
-npm.details.tag = Clib
-pub.install = Chun an pacáiste a shuiteáil ag úsáid Dart, reáchtáil an t-ordú seo a leanas:
-pypi.requires = Teastaíonn Python
-pypi.install = Chun an pacáiste a shuiteáil ag úsáid pip, reáchtáil an t-ordú seo a leanas:
-rpm.registry = Socraigh an clárlann seo ón líne ordaithe:
-rpm.distros.redhat = ar dháileadh bunaithe ar RedHat
-rpm.distros.suse = ar dháileadh bunaithe ar SUSE
-rpm.install = Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:
-rpm.repository = Eolas Stóras
-rpm.repository.architectures = Ailtireachtaí
-rpm.repository.multiple_groups = Tá an pacáiste seo ar fáil i ngrúpaí éagsúla.
-rubygems.install = Chun an pacáiste a shuiteáil ag baint úsáide as gem, reáchtáil an t-ordú seo a leanas:
-rubygems.install2 = nó cuir leis an Gemfile é:
-rubygems.dependencies.runtime = Spleáchais Rith-Ama
-rubygems.dependencies.development = Spleáchais Forbartha
-rubygems.required.ruby = Éilíonn leagan Ruby
-rubygems.required.rubygems = Éilíonn leagan RubyGem
-swift.registry = Socraigh an clárlann seo ón líne ordaithe:
-swift.install = Cuir an pacáiste i do <code>chomhad Package.swift</code>:
-swift.install2 = agus reáchtáil an t-ordú seo a leanas:
-vagrant.install = Chun bosca Vagrant a chur leis, reáchtáil an t-ordú seo a leanas:
-settings.link = Nasc an pacáiste seo le stóras
-settings.link.description = Má nascann tú pacáiste le stóras, liostaítear an pacáiste i liosta pacáistí an stórais.
-settings.link.select = Roghnaigh Stóras
-settings.link.button = Nuashonraigh Nasc Stórais
-settings.link.success = D'éirigh le nasc an stórais a nuashonrú.
-settings.link.error = Theip ar an nasc stóras a nuashonrú.
-settings.delete = Scrios pacáiste
-settings.delete.description = Tá pacáiste a scriosadh buan agus ní féidir é a chur ar ais.
-settings.delete.notice = Tá tú ar tí %s (%s) a scriosadh. Tá an oibríocht seo dochúlaithe, an bhfuil tú cinnte?
-settings.delete.success = Tá an pacáiste scriosta.
-settings.delete.error = Theip ar an pacáiste a scriosadh.
-owner.settings.cargo.title = Innéacs Clárlann Lasta
-owner.settings.cargo.initialize = Innéacs a chur i dtosach
-owner.settings.cargo.initialize.description = Tá gá le stóras innéacs speisialta Git chun an clárlann Cargo a úsáid. Tríd an rogha seo, cruthófar an stóras (nó athchruthófar é) agus cumrófar é go huathoibríoch.
-owner.settings.cargo.initialize.error = Níorbh fhéidir an t-innéacs Cargo a thúsú: %v
-owner.settings.cargo.initialize.success = Cruthaíodh an t-innéacs Cargo go rathúil.
-owner.settings.cargo.rebuild = Innéacs Atógáil
-owner.settings.cargo.rebuild.description = Is féidir atógáil a bheith úsáideach mura bhfuil an t-innéacs sioncronaithe leis na pacáistí Cargo stóráilte.
-owner.settings.cargo.rebuild.error = Níorbh fhéidir an t-innéacs Cargo a atógáil: %v
-owner.settings.cargo.rebuild.success = D'éirigh leis an innéacs Cargo a atógáil.
-owner.settings.cleanuprules.add = Cuir Riail Glantacháin leis
-owner.settings.cleanuprules.edit = Cuir Riail Glantacháin in eagar
-owner.settings.cleanuprules.preview = Réamhamharc Riail Glantacháin
-owner.settings.cleanuprules.preview.overview = Tá pacáistí %d beartaithe a bhaint.
-owner.settings.cleanuprules.preview.none = Ní hionann riail glantacháin agus pacáistí ar bith.
 owner.settings.cleanuprules.enabled = Cumasaithe
-owner.settings.cleanuprules.pattern_full_match = Cuir patrún i bhfeidhm ar ainm an phacáiste iomlán
-owner.settings.cleanuprules.keep.title = Coinnítear leaganacha a mheaitseálann leis na rialacha seo, fiú má mheaitseálann siad riail bhaint thíos.
-owner.settings.cleanuprules.keep.count = Coinnigh an ceann is déanaí
 owner.settings.cleanuprules.keep.count.1 = 1 leagan in aghaidh an phacáiste
 owner.settings.cleanuprules.keep.count.n = Leaganacha %d in aghaidh an phacáiste
-owner.settings.cleanuprules.keep.pattern = Coinnigh leaganacha meaitseála
-owner.settings.cleanuprules.keep.pattern.container = Coinnítear an leagan <code>is déanaí</code> le haghaidh pacáistí Coimeádán i gcónaí.
-owner.settings.cleanuprules.remove.title = Baintear leaganacha a mheaitseálann leis na rialacha seo, mura deir riail thuas iad a choinneáil.
-owner.settings.cleanuprules.remove.days = Bain leaganacha níos sine ná
-owner.settings.cleanuprules.remove.pattern = Bain leaganacha meaitseála
-owner.settings.cleanuprules.success.update = Nuashonraíodh an riail ghlantacháin.
-owner.settings.cleanuprules.success.delete = Scriosadh an riail glantacháin.
-owner.settings.chef.title = Clárlann Chef
-owner.settings.chef.keypair = Gin péire eochair
-owner.settings.chef.keypair.description = Tá eochairphéire riachtanach le fíordheimhniú a dhéanamh ar chlárlann an Chef. Má tá péire eochrach ginte agat roimhe seo, má ghinfidh tú eochairphéire nua, scriosfar an seanphéire eochair.
 
 [secrets]
 secrets = Rúin
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index 2bf82ad025..442e41ef8c 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -1658,9 +1658,6 @@ error.not_signed_commit=Nem aláírt commit
 [units]
 
 [packages]
-filter.type=Típus
-alpine.repository.branches=Ágak
-alpine.repository.repositories=Tárolók
 conan.details.repository=Tároló
 owner.settings.cleanuprules.enabled=Engedélyezett
 
diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini
index 7070a00f26..f3ccbc0e8b 100644
--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@@ -1351,9 +1351,6 @@ error.no_unit_allowed_repo=Anda tidak diijinkan untuk melihat semua unit dari re
 error.unit_not_allowed=Anda tidak diizinkan untuk mengunjungi unit repositori ini.
 
 [packages]
-filter.type=Jenis
-alpine.repository.branches=Cabang
-alpine.repository.repositories=Repositori
 conan.details.repository=Repositori
 owner.settings.cleanuprules.enabled=Aktif
 
diff --git a/options/locale/locale_is-IS.ini b/options/locale/locale_is-IS.ini
index 4cee9c0cd3..24c8be3685 100644
--- a/options/locale/locale_is-IS.ini
+++ b/options/locale/locale_is-IS.ini
@@ -1281,27 +1281,7 @@ read=Lesnar
 [units]
 
 [packages]
-title=Pakkar
-filter.type=Tegund
-filter.type.all=Allir
-installation=Uppsetning
-keywords=Stikkorð
-details=Nánar
-details.author=Höfundur
-details.license=Hugbúnaðarleyfi
-versions=Útgáfur
-versions.view_all=Sjá allar
-dependency.id=Auðkenni
-dependency.version=Útgáfa
-alpine.repository.branches=Greinar
-alpine.repository.repositories=Hugbúnaðarsöfn
 conan.details.repository=Hugbúnaðarsafn
-container.details.platform=Vettvangur
-container.labels=Lýsingar
-container.labels.key=Lykill
-container.labels.value=Gildi
-npm.details.tag=Merki
-pypi.requires=Þarfnast Python
 
 [secrets]
 
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index ad0ae03a04..b9983c6422 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -3533,183 +3533,11 @@ error.no_unit_allowed_repo=Non possiedi il permesso di accedere ad alcuna sezion
 error.unit_not_allowed=Non possiedi il permesso di accedere a questa sezione di repository.
 
 [packages]
-title=Pacchetti
 desc=Gestisci pacchetti repository.
-empty=Non ci sono ancora pacchetti.
-empty.repo=Hai caricato un pacchetto, ma non è mostrato qui? Vai alle <a href="%[1]s">impostazioni del pacchetto</a> e collegalo a questo repo.
-filter.type=Tipo
-filter.type.all=Tutti
-filter.no_result=Il filtro non ha prodotto risultati.
-filter.container.tagged=Etichettato
-filter.container.untagged=Nont etichettato
-published_by=Pubblicato %[1]s di <a href="%[2]s">%[3]s</a>
-published_by_in=Pubblicato %[1]s di <a href="%[2]s">%[3]s</a> in <a href="%[4]s"><strong>%[5]s</strong></a>
-installation=Installazione
-about=Informazioni su questo pacchetto
-requirements=Requisiti
-dependencies=Dipendenze
-keywords=Parole Chiave
-details=Dettagli
-details.author=Autore
-details.project_site=Sito del progetto
-details.license=Licenza
-assets=Asset
-versions=Versioni
-versions.view_all=Vedi tutti
-dependency.id=ID
-dependency.version=Versione
-alpine.install=Per installare il pacchetto, eseguire il seguente comando:
-alpine.repository.branches=Rami
-alpine.repository.repositories=Repository
-chef.install=Per installare il pacchetto, eseguire il seguente comando:
-composer.registry=Imposta questo registro nel tuo file <code>~/.composer/config.json</code>:
-composer.install=Per installare il pacchetto utilizzando Composer, eseguire il seguente comando:
-composer.dependencies=Dipendenze
-composer.dependencies.development=Dipendenze Di Sviluppo
 conan.details.repository=Repository
-conan.registry=Configura questo registro dalla riga di comando:
-conan.install=Per installare il pacchetto usando Conan, eseguire il seguente comando:
-container.details.type=Tipo Immagine
-container.details.platform=Piattaforma
-container.pull=Tirare l'immagine dalla riga di comando:
-container.multi_arch=SO / Architettura
-container.layers=Livelli Immagine
-container.labels=Etichette
-container.labels.key=Chiave
-container.labels.value=Valore
-cran.install=Per installare il pacchetto, eseguire il seguente comando:
-debian.registry=Configura questo registro dalla riga di comando:
-debian.install=Per installare il pacchetto, eseguire il seguente comando:
-generic.download=Scarica il pacchetto dalla riga di comando:
-helm.registry=Configura questo registro dalla riga di comando:
-helm.install=Per installare il pacchetto, eseguire il seguente comando:
-maven.registry=Configura questo registro nel file <code>pom.xml</code> del tuo progetto:
-maven.install=Per utilizzare il pacchetto includere i seguenti nel blocco <code>dipendenze</code> nel file <code>pom.xml</code>:
-maven.install2=Esegui tramite riga di comando:
-maven.download=Per scaricare la dipendenza, eseguire tramite riga di comando:
-nuget.registry=Configura questo registro dalla riga di comando:
-nuget.install=Per installare il pacchetto utilizzando NuGet, eseguire il seguente comando:
-nuget.dependency.framework=Target Framework
-npm.registry=Impostare questo registro nel file del progetto <code>.npmrc</code>:
-npm.install=Per installare il pacchetto usando npm, eseguire il seguente comando:
-npm.install2=o aggiungerlo al file package.json:
-npm.dependencies=Dipendenze
-npm.dependencies.development=Dipendenze Di Sviluppo
-npm.dependencies.peer=Dipendenze Peer
-npm.dependencies.optional=Dipendenze Opzionali
-npm.details.tag=Tag
-pub.install=Per installare il pacchetto utilizzando NuGet, eseguire il seguente comando:
-pypi.requires=Richiede Python
-pypi.install=Per installare il pacchetto usando pip, eseguire il seguente comando:
-rpm.registry=Configura questo registro dalla riga di comando:
-rpm.install=Per installare il pacchetto, eseguire il seguente comando:
-rubygems.install=Per installare il pacchetto usando gem, eseguire il seguente comando:
-rubygems.install2=o aggiungerlo al file Gem:
-rubygems.dependencies.runtime=Dipendenze Runtime
-rubygems.dependencies.development=Dipendenze Di Sviluppo
-rubygems.required.ruby=Richiede la versione di Ruby
-rubygems.required.rubygems=Richiede la versione RubyGem
-swift.registry=Configura questo registro dalla riga di comando:
-settings.link=Collega questo pacchetto a un repository
-settings.link.description=Se si collega un pacchetto a un repository, il pacchetto è elencato nell'elenco dei pacchetti del repository.
-settings.link.select=Seleziona repositorio
-settings.link.button=Aggiorna collegamento repositorio
-settings.link.success=Il link del repository è stato aggiornato correttamente.
-settings.link.error=Impossibile aggiornare il link del repository.
-settings.delete=Elimina pacchetto
-settings.delete.description=L'eliminazione di un pacchetto è permanente e non può essere annullata.
-settings.delete.notice=Stai per eliminare %s (%s). Questa operazione è irreversibile, sei sicuro?
-settings.delete.success=Il pacchetto è stato eliminato.
-settings.delete.error=Impossibile eliminare il pacchetto.
 owner.settings.cleanuprules.enabled=Attivo
-debian.repository.architectures = Architetture
-rpm.repository.architectures = Architetture
-container.digest = Digest:
-debian.repository.components = Componenti
-alpine.repository.architectures = Architetture
-debian.repository.distributions = Distribuzioni
-empty.documentation = Per ulteriori informazioni sul registro dei pacchetti vedi <a target="_blank" rel="noopener noreferrer" href="%s">la documentazione</a>.
-registry.documentation = Per ulteriori informazioni sul registro %s vedi <a target="_blank" rel="noopener noreferrer" href="%s">la documentazione</a>.
-details.repository_site = Sito del repositorio
-details.documentation_site = Sito della documentazione
-alpine.registry = Imposta questo registro aggiungendo l'URL nel tuo file <code>/etc/apk/repositories</code>:
-alpine.registry.key = Scarica la chiave RSA pubblica del registro nella cartella <code>/etc/apk/keys/</code> per verificare la firma dell'indice:
-alpine.repository = Informazioni sul repositorio
-cargo.registry = Imposta il registro nel file di configurazione di Cargo (per esempio <code>~/.cargo/config.toml</code>):
-chef.registry = Imposta questo registro nel tuo file <code>~/.chef/config.rb</code>:
-conda.registry = Imposta questo registro come un repositorio Conda nel tuo file <code>.condarc</code>:
-conda.install = Per installare il pacchetto usando conda, esegui il comando seguente:
-debian.registry.info = Scegli $distribuzione e $componente dalla lista sotto.
-debian.repository = Informazioni sul repositorio
-go.install = Installa il pacchetto dalla riga di comando:
-rpm.distros.suse = sulle distribuzioni basate su SUSE
-rpm.repository = Informazioni sul repositorio
-swift.install = Aggiungi il pacchetto nel tuo file <code>Package.swift</code>:
-swift.install2 = ed esegui il comando seguente:
-vagrant.install = Per aggiungere una scatola Vagrant esegui il comando seguente:
-owner.settings.cargo.initialize = Inizializza indice
-rpm.distros.redhat = sulle distribuzione basate su RedHat
-alpine.registry.info = scegli $ramo e $repositorio dalla lista sotto.
-cargo.install = Per installare il pacchetto usando Cargo esegui il comando seguente:
-cran.registry = Imposta questo registro nel tuo file <code>Rprofile.site</code>:
-rpm.repository.multiple_groups = Questo pacchetto è disponibile in molteplici gruppi.
-owner.settings.cargo.title = Indice del registro di Cargo
-owner.settings.cargo.initialize.error = Impossibile inizializzare l'indice di cargo: %v
-owner.settings.cargo.rebuild = Ricostruendo l'indice
-owner.settings.chef.keypair = Genera coppia di chiavi
-owner.settings.chef.title = Registro Chef
-owner.settings.cleanuprules.success.delete = La regola di pulizia è stata eliminata.
-owner.settings.cleanuprules.success.update = La regola di pulizia è stata aggiornata.
-owner.settings.cleanuprules.remove.pattern = Rimuovi versioni corrispondenti
-owner.settings.cleanuprules.remove.days = Rimuovi versioni più vecchie di
-owner.settings.cleanuprules.keep.pattern.container = La versione <code>latest</code> è sempre tenuta per pacchetti container.
-owner.settings.cleanuprules.keep.pattern = Mantieni le versioni corrispondenti
 owner.settings.cleanuprules.keep.count.n = %s versioni per pacchetto
 owner.settings.cleanuprules.keep.count.1 = 1 versione per pacchetto
-owner.settings.cleanuprules.keep.count = Mantieni la più recente
-owner.settings.cleanuprules.remove.title = Le versioni che soddisfano queste regole saranno rimosse, eccetto se la regola sopra dice di tenerle.
-owner.settings.cleanuprules.pattern_full_match = Applica il modello a tutto il nome del pacchetto
-owner.settings.cleanuprules.preview.none = La regola di pulizia non corrisponde ad alcun pacchetto.
-owner.settings.cleanuprules.preview.overview = È prevista la rimozione di %d pacchetti.
-owner.settings.cleanuprules.preview = Anteprima della regola di pulizia
-owner.settings.cleanuprules.none = Non c'è ancora nessuna regola di pulizia.
-owner.settings.cleanuprules.edit = Modifica regola di pulizia
-owner.settings.cleanuprules.add = Aggiungi regola di pulizia
-owner.settings.cleanuprules.title = Gestisci regole di pulizia
-owner.settings.cargo.rebuild.success = L'indice di Cargo è stato ricostruito correttamente.
-owner.settings.cargo.rebuild.error = Impossibile ricostruire l'indice di Cargo: %v
-owner.settings.cleanuprules.keep.title = Le versioni che soddisfano queste regole sono mantenute, anche se soddisfano una regola di rimozione sotto.
-owner.settings.cargo.initialize.description = Per utilizzare il registro Cargo è necessario un repositorio Git con un indice speciale. Utilizzando questa opzione, il repositorio verrà (ri)creato e configurato automaticamente.
-owner.settings.chef.keypair.description = Per autenticarsi al registro Chef è necessaria una coppia di chiavi. Se hai già generato una coppia di chiavi la generazione di una nuova coppia scarterà la vecchia.
-owner.settings.cargo.initialize.success = L'indice di Cargo è stato creato correttamente.
-owner.settings.cargo.rebuild.no_index = Impossibile ricostruire, nessun indice è inizializzato.
-owner.settings.cargo.rebuild.description = La ricostruzione può essere utile se l'indice non è sincronizzato con i pacchetti Cargo conservati.
-npm.dependencies.bundle = Dipendenze raggruppate
-arch.version.groups = Gruppo
-arch.version.conflicts = Va in conflitto con
-arch.version.depends = Dipende da
-arch.version.makedepends = Dipendenze di build
-arch.version.checkdepends = Dipendenze di controllo
-arch.version.replaces = Sostituisce
-arch.version.optdepends = Dipende opzionalmente da
-arch.version.backup = Backup
-search_in_external_registry = Cerca in %s
-arch.version.provides = Fornisce
-arch.pacman.conf = Aggiungi il server con la relativa distribuzione e architettura a <code>/etc/pacman.conf</code>:
-alt.setup = Aggiungi il repositorio alla lista dei repositori in rete (seleziona l'architettura necessaria al posto di "_arch_"):
-container.images.title = Immagini
-arch.version.properties = Proprietà della versione
-alt.registry.install = Per installare il pacchetto, esegui il comando seguente:
-alt.install = Installa pacchetto
-alt.registry = Configura questo registro dalla riga di comando:
-arch.pacman.helper.gpg = Aggiungi il certificato a pacman:
-arch.pacman.repo.multi = %s ha la stessa versione in diverse distribuzioni.
-arch.pacman.repo.multi.item = Configurazione per %s
-arch.pacman.sync = Sincronizza il paccketto con pacman:
-arch.version.description = Descrizione
-alt.repository = Informazioni del repositorio
-alt.repository.architectures = Architetture
-alt.repository.multiple_groups = Questo pacchetto è disponibile per più gruppi.
 
 [secrets]
 secrets = Segreti
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index f20a2f08ae..d1cc477b3b 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -3433,160 +3433,11 @@ error.no_unit_allowed_repo=このリポジトリのどのセクションにも
 error.unit_not_allowed=このセクションへのアクセスが許可されていません。
 
 [packages]
-title=パッケージ
 desc=リポジトリ パッケージを管理します。
-empty=パッケージはまだありません。
-empty.documentation=パッケージレジストリの詳細については、 <a target="_blank" rel="noopener noreferrer" href="%s">ドキュメント</a> を参照してください。
-empty.repo=パッケージはアップロードしたけども、ここに表示されない？ <a href="%[1]s">パッケージ設定</a>を開いて、パッケージをこのリポジトリにリンクしてください。
-registry.documentation=%sレジストリの詳細については、 <a target="_blank" rel="noopener noreferrer" href="%s">ドキュメント</a> を参照してください。
-filter.type=タイプ
-filter.type.all=すべて
-filter.no_result=フィルタの結果、空になりました。
-filter.container.tagged=タグあり
-filter.container.untagged=タグなし
-published_by=%[1]sに<a href="%[2]s">%[3]s</a>が配布
-published_by_in=%[1]sに<a href="%[2]s">%[3]s</a>が<a href="%[4]s"><strong>%[5]s</strong></a>で配布
-installation=インストール方法
-about=このパッケージについて
-requirements=要求事項
-dependencies=依存関係
-keywords=キーワード
-details=詳細
-details.author=著作者
-details.project_site=プロジェクトサイト
-details.repository_site=リポジトリサイト
-details.documentation_site=ドキュメンテーションサイト
-details.license=ライセンス
-assets=アセット
-versions=バージョン
-versions.view_all=すべて表示
-dependency.id=ID
-dependency.version=バージョン
-alpine.registry=あなたの <code>/etc/apk/repositories</code> ファイルにURLを追加して、このレジストリをセットアップします:
-alpine.registry.key=インデックス署名の検証のため、レジストリのRSA公開鍵を <code>/etc/apk/keys/</code> フォルダにダウンロードします:
-alpine.registry.info=$branch と $repository は下にあるリストから選んでください。
-alpine.install=パッケージをインストールするには、次のコマンドを実行します:
-alpine.repository=リポジトリ情報
-alpine.repository.branches=Branches
-alpine.repository.repositories=Repositories
-alpine.repository.architectures=Architectures
-cargo.registry=Cargo 設定ファイルでこのレジストリをセットアップします。(例 <code>~/.cargo/config.toml</code>):
-cargo.install=Cargo を使用してパッケージをインストールするには、次のコマンドを実行します:
-chef.registry=あなたの <code>~/.chef/config.rb</code> ファイルに、このレジストリをセットアップします:
-chef.install=パッケージをインストールするには、次のコマンドを実行します:
-composer.registry=あなたの <code>~/.composer/config.json</code> ファイルに、このレジストリをセットアップします:
-composer.install=Composer を使用してパッケージをインストールするには、次のコマンドを実行します:
-composer.dependencies=依存関係
-composer.dependencies.development=開発用依存関係
 conan.details.repository=リポジトリ
-conan.registry=このレジストリをコマンドラインからセットアップします:
-conan.install=Conan を使用してパッケージをインストールするには、次のコマンドを実行します:
-conda.registry=あなたの <code>.condarc</code> ファイルに、このレジストリを Conda リポジトリとしてセットアップします:
-conda.install=Conda を使用してパッケージをインストールするには、次のコマンドを実行します:
-container.details.type=イメージタイプ
-container.details.platform=プラットフォーム
-container.pull=コマンドラインでイメージを取得します:
-container.digest=ダイジェスト:
-container.multi_arch=OS / アーキテクチャ
-container.layers=イメージレイヤー
-container.labels=ラベル
-container.labels.key=キー
-container.labels.value=値
-cran.registry=あなたの <code>Rprofile.site</code> ファイルに、このレジストリをセットアップします:
-cran.install=パッケージをインストールするには、次のコマンドを実行します:
-debian.registry=このレジストリをコマンドラインからセットアップします:
-debian.registry.info=$distribution と $component は下にあるリストから選んでください。
-debian.install=パッケージをインストールするには、次のコマンドを実行します:
-debian.repository=リポジトリ情報
-debian.repository.distributions=Distributions
-debian.repository.components=Components
-debian.repository.architectures=Architectures
-generic.download=コマンドラインでパッケージをダウンロードします:
-go.install=コマンドラインでパッケージをインストール:
-helm.registry=このレジストリをコマンドラインからセットアップします:
-helm.install=パッケージをインストールするには、次のコマンドを実行します:
-maven.registry=あなたのプロジェクトの <code>pom.xml</code> ファイルに、このレジストリをセットアップします:
-maven.install=パッケージを使用するため <code>pom.xml</code> ファイル内の <code>dependencies</code> ブロックに以下を含めます:
-maven.install2=コマンドラインで実行します:
-maven.download=依存関係をダウンロードするには、コマンドラインでこれを実行します:
-nuget.registry=このレジストリをコマンドラインからセットアップします:
-nuget.install=NuGet を使用してパッケージをインストールするには、次のコマンドを実行します:
-nuget.dependency.framework=ターゲットフレームワーク
-npm.registry=あなたのプロジェクトの <code>.npmrc</code> ファイルに、このレジストリをセットアップします:
-npm.install=npm を使用してパッケージをインストールするには、次のコマンドを実行します:
-npm.install2=または package.json ファイルに追加します:
-npm.dependencies=依存関係
-npm.dependencies.development=開発用依存関係
-npm.dependencies.peer=Peer依存関係
-npm.dependencies.optional=オプションの依存関係
-npm.details.tag=タグ
-pub.install=Dart を使用してパッケージをインストールするには、次のコマンドを実行します:
-pypi.requires=必要なPython
-pypi.install=pip を使用してパッケージをインストールするには、次のコマンドを実行します:
-rpm.registry=このレジストリをコマンドラインからセットアップします:
-rpm.distros.redhat=RedHat系ディストリビューションの場合
-rpm.distros.suse=SUSE系ディストリビューションの場合
-rpm.install=パッケージをインストールするには、次のコマンドを実行します:
-rpm.repository=リポジトリ情報
-rpm.repository.architectures=Architectures
-rubygems.install=gem を使用してパッケージをインストールするには、次のコマンドを実行します:
-rubygems.install2=または Gemfile に追加します:
-rubygems.dependencies.runtime=実行用依存関係
-rubygems.dependencies.development=開発用依存関係
-rubygems.required.ruby=必要なRubyバージョン
-rubygems.required.rubygems=必要なRubyGemバージョン
-swift.registry=このレジストリをコマンドラインからセットアップします:
-swift.install=あなたの <code>Package.swift</code> ファイルにパッケージを追加します:
-swift.install2=そして次のコマンドを実行します:
-vagrant.install=Vagrant ボックスを追加するには、次のコマンドを実行します。
-settings.link=このパッケージをリポジトリにリンク
-settings.link.description=パッケージをリポジトリにリンクすると、リポジトリのパッケージリストに表示されるようになります。
-settings.link.select=リポジトリを選択
-settings.link.button=リポジトリのリンクを更新
-settings.link.success=リポジトリのリンクが正常に更新されました。
-settings.link.error=リポジトリのリンクの更新に失敗しました。
-settings.delete=パッケージ削除
-settings.delete.description=パッケージの削除は恒久的で元に戻すことはできません。
-settings.delete.notice=%s (%s) を削除しようとしています。この操作は元に戻せません。よろしいですか？
-settings.delete.success=パッケージを削除しました。
-settings.delete.error=パッケージの削除に失敗しました。
-owner.settings.cargo.title=Cargoレジストリ インデックス
-owner.settings.cargo.initialize=インデックスを初期化
-owner.settings.cargo.initialize.description=Cargoレジストリを使用するには、インデックス用の特別なgitリポジトリが必要です。 このオプションを使用するとそのリポジトリを(再)作成し、自動的に構成します。
-owner.settings.cargo.initialize.error=Cargoインデックスの初期化に失敗しました: %v
-owner.settings.cargo.initialize.success=Cargoインデックスは正常に作成されました。
-owner.settings.cargo.rebuild=インデックスを再構築
-owner.settings.cargo.rebuild.description=インデックスが格納されているCargoパッケージと同期していない場合は、再構築すると良いでしょう。
-owner.settings.cargo.rebuild.error=Cargoインデックスの再構築に失敗しました: %v
-owner.settings.cargo.rebuild.success=Cargoインデックスは正常に再構築されました。
-owner.settings.cleanuprules.title=クリーンアップルールの管理
-owner.settings.cleanuprules.add=クリーンアップルールを追加
-owner.settings.cleanuprules.edit=クリーンアップルールを編集
-owner.settings.cleanuprules.none=クリーンアップルールはありません。 ドキュメントを参照してください。
-owner.settings.cleanuprules.preview=クリーンアップルールをプレビュー
-owner.settings.cleanuprules.preview.overview=%d パッケージが削除される予定です。
-owner.settings.cleanuprules.preview.none=クリーンアップルールと一致するパッケージがありません。
 owner.settings.cleanuprules.enabled=有効
-owner.settings.cleanuprules.pattern_full_match=フルパッケージ名にパターンを適用
-owner.settings.cleanuprules.keep.title=以下のルールにマッチするバージョンを残します。 (下にある削除ルールにマッチしていても残します)
-owner.settings.cleanuprules.keep.count=最近のものを残す
 owner.settings.cleanuprules.keep.count.1=1 パッケージにつき 1 バージョン
 owner.settings.cleanuprules.keep.count.n=1 パッケージにつき %d バージョン
-owner.settings.cleanuprules.keep.pattern=マッチするバージョンを残す
-owner.settings.cleanuprules.keep.pattern.container=Containerパッケージの場合、<code>最新</code>バージョンは常に残します。
-owner.settings.cleanuprules.remove.title=以下のルールにマッチするバージョンを削除します。 (上にあるルールが残す対象としている場合を除きます)
-owner.settings.cleanuprules.remove.days=これより古いバージョンを削除する
-owner.settings.cleanuprules.remove.pattern=マッチするバージョンを削除する
-owner.settings.cleanuprules.success.update=クリーンアップルールが更新されました。
-owner.settings.cleanuprules.success.delete=クリーンアップルールが削除されました。
-owner.settings.chef.title=Chefレジストリ
-owner.settings.chef.keypair=キーペアを生成
-owner.settings.chef.keypair.description=Chefレジストリの認証にはキーペアが必要です。 すでにキーペアを生成していた場合、新しいキーペアを生成すると古いキーペアは破棄されます。
-rpm.repository.multiple_groups = このパッケージは複数のグループで利用できます。
-owner.settings.cargo.rebuild.no_index = 再構築できません、インデックスが初期化されていません。
-npm.dependencies.bundle = バンドルされた依存関係
-
-search_in_external_registry = %s で検索
 
 [secrets]
 secrets=シークレット
diff --git a/options/locale/locale_ka.ini b/options/locale/locale_ka.ini
index eb60c243b2..d3be81a718 100644
--- a/options/locale/locale_ka.ini
+++ b/options/locale/locale_ka.ini
@@ -748,48 +748,8 @@ unread = წაკითხულობის გაუქმება
 unit = ერთეული
 
 [packages]
-title = პაკეტები
-filter.type = ტიპი
-filter.type.all = ყველა
-filter.container.tagged = ჭდით
-filter.container.untagged = ჭდემოხსნილი
-installation = დაყენება
-requirements = მოთხოვნები
-dependencies = დამოკიდებულებები
-keywords = საკვანძო სიტყვები
-details = დეტალები
-details.author = ავტორი
-details.license = ლიცენზია
-assets = ობიექტები
-versions = ვერსიები
-dependency.id = ID
-dependency.version = ვერსია
-alpine.repository.branches = ბრენჩები
-alpine.repository.repositories = რეპოზიტორიები
-alpine.repository.architectures = არქიტექტურები
-arch.version.provides = მოგაწვდით
-arch.version.depends = დამოკიდებულია
-arch.version.conflicts = კონფლიქტშია
-arch.version.replaces = ანაცვლებს
-arch.version.backup = მარქაფი
 conan.details.repository = რეპოზიტორია
-container.images.title = ასლის ფაილები
-container.details.platform = პლატფორმა
-container.digest = დაიჯესტი
-container.labels = ჭდეები
-container.labels.key = გასაღები
-debian.repository.distributions = დისტრიბუტივები
-debian.repository.components = კომპონენტები
-debian.repository.architectures = არქიტექტურები
-npm.dependencies = დამოკიდებულებები
-npm.details.tag = ჭდე
-rpm.repository.architectures = არქიტექტურები
-alt.repository.architectures = არქიტექტურები
 owner.settings.cleanuprules.enabled = ჩართულია
-arch.version.description = აღწერა
-arch.version.groups = ჯგუფი
-composer.dependencies = დამოკიდებულებები
-container.labels.value = მნიშვნელობა
 
 [secrets]
 secrets = საიდუმლოები
diff --git a/options/locale/locale_kab.ini b/options/locale/locale_kab.ini
index d671eb80ae..cb24455f2b 100644
--- a/options/locale/locale_kab.ini
+++ b/options/locale/locale_kab.ini
@@ -1,6 +1,3 @@
-
-
-
 [common]
 home = Agejdan
 username = Isem n useqdac
@@ -517,21 +514,6 @@ add_key = Rnu yiwet n tsarut
 quota.sizes.git.lfs = Git LFS
 
 [packages]
-arch.version.description = Aglam
-alpine.repository.branches = Tiṣeḍwa
-alpine.repository.repositories = Ikufan
-settings.link.select = Fren akufi
-alpine.repository.architectures = Tisegda
-debian.repository.architectures = Tisegda
-rpm.repository.architectures = Tisegda
-alt.repository.architectures = Tisegda
-container.images.title = Tugniwin
-container.details.platform = Tiɣerɣert
-installation = Asebded
-details.project_site = Asmel Web n usenfar
-details.repository_site = Asmel Web n ukufi
-details.documentation_site = Asmel Web n tsemlit
-versions.view_all = Wali-ten akk
 
 [actions]
 runners.description = Aglam
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index 049d1dc514..bb4f82bb75 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -384,7 +384,7 @@ allow_password_change=사용자에게 비밀번호 변경을 요청 (권장됨)
 reset_password_mail_sent_prompt=확인 메일이 <b>%s</b>로 전송되었습니다. 받은 편지함으로 도착한 메일을 %s 안에 확인해서 비밀번호 찾기 절차를 완료하십시오.
 active_your_account=계정 활성화
 account_activated=계정이 활성화 되었습니다
-prohibit_login =
+prohibit_login = 
 resent_limit_prompt=활성화를 위한 이메일을 이미 전송했습니다. 3분 내로 이메일을 받지 못한 경우 재시도해주세요.
 has_unconfirmed_mail=안녕하세요 %s, 이메일 주소(<b>%s</b>)가 확인되지 않았습니다. 확인 메일을 받으시지 못하겼거나 새로운 확인 메일이 필요하다면, 아래 버튼을 클릭해 재발송하실 수 있습니다.
 resend_mail=여기를 눌러 확인 메일 재전송
@@ -1809,16 +1809,8 @@ error.no_unit_allowed_repo=이 저장소의 어떤 섹션에도 접근할 수 
 error.unit_not_allowed=이 저장소 섹션에 접근할 수 없습니다.
 
 [packages]
-filter.type=유형
-alpine.repository.branches=브랜치
-alpine.repository.repositories=저장소
 conan.details.repository=저장소
 owner.settings.cleanuprules.enabled=활성화됨
-nuget.dependency.framework = 타겟 프레임워크
-maven.download = 종속성을 다운로드하려면 명령줄을 통해 실행하세요:
-dependency.id = ID
-dependency.version = 버전
-details.author = 작성자
 
 [secrets]
 
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index 1745af2776..85dadcf1b3 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -3536,183 +3536,11 @@ error.no_unit_allowed_repo=Nav ļauts piekļūt nevienai šīs glabātavas sada
 error.unit_not_allowed=Nav ļauts piekļūt šai glabātavas sadaļai.
 
 [packages]
-title=Pakotnes
 desc=Pārvaldīt glabātavas pakotnes.
-empty=Pašlaik šeit nav nevienas pakotnes.
-empty.documentation=Papildu informācija par pakotņu reģistru ir pieejama <a target="_blank" rel="noopener noreferrer" href="%s">dokumentācijā</a>.
-empty.repo=Šeit netiek parādīta augšupielādēta pakotne? Jādodas uz <a href="%[1]s">pakotņu iestatījumiem</a> un jāsasaista tā ar šo glabātavu.
-registry.documentation=Vairāk informācijas par %s reģistru ir <a target="_blank" rel="noopener noreferrer" href="%s">dokumentācijā</a>.
-filter.type=Veids
-filter.type.all=Visas
-filter.no_result=Norādītajām atlasīšanas vērtībām nekas neatbilst.
-filter.container.tagged=Ar birku
-filter.container.untagged=Bez birkas
-published_by=Laida klajā <a href="%[2]s">%[3]s</a> %[1]s
-published_by_in=<a href="%[2]s">%[3]s</a> laida klajā %[1]s <a href="%[4]s"><strong>%[5]s</strong></a>
-installation=Uzstādīšana
-about=Par šo pakotni
-requirements=Prasības
-dependencies=Atkarības
-keywords=Atslēgvārdi
-details=Papildu informācija
-details.author=Autors
-details.project_site=Projekta tīmekļvietne
-details.repository_site=Glabātavas tīmekļvietne
-details.documentation_site=Dokumentācijas tīmekļvietne
-details.license=Licence
-assets=Resursi
-versions=Versijas
-versions.view_all=Parādīt visas
-dependency.id=ID
-dependency.version=Versija
-alpine.registry=Iestatīt šo reģistru ar URL pievienošanu datnē <code>/etc/apk/repositories</code>:
-alpine.registry.key=Reģistra publiskā RSA atslēga jālejupielādē mapē <code>/etc/apk/keys/</code>, lai apliecinātu indeksa parakstu:
-alpine.registry.info=No zemāk esošā saraksta jāizvēlas $branch un $repository.
-alpine.install=Lai uzstādītu pakotni, ir jāizpilda šī komanda:
-alpine.repository=Glabātavas informācija
-alpine.repository.branches=Zari
-alpine.repository.repositories=Glabātavas
-alpine.repository.architectures=Arhitektūras
-cargo.registry=Iestatīt šo reģistru Cargo konfigurācijas datnē (piemēram, <code>~/.cargo/config.toml</code>):
-cargo.install=Lai uzstādītu pakotni ar Cargo, jāizpilda šī komanda:
-chef.registry=Iestatīt šo reģistru datnē <code>~/.chef/config.rb</code>:
-chef.install=Lai uzstādītu pakotni, ir jāizpilda šī komanda:
-composer.registry=Iestatīt šo reģistru datnē <code>~/.composer/config.json</code>:
-composer.install=Lai uzstādīt pakotni ar Composer, jāizpilda šī komanda:
-composer.dependencies=Atkarības
-composer.dependencies.development=Izstrādes atkarības
 conan.details.repository=Glabātava
-conan.registry=Šis reģistra uzstādīšana komandrindā:
-conan.install=Lai uzstādītu pakotni ar Conan, jāizpilda šī komanda:
-conda.registry=Izveidot šo reģistru kā Conda glabātavu datnē <code>.condarc</code>:
-conda.install=Lai uzstādītu pakotni ar Conda, jāizpilda šī komanda:
-container.details.type=Attēla veids
-container.details.platform=Platforma
-container.pull=Atgādāt attēlu komandrindā:
-container.digest=Īssavilkums
-container.multi_arch=OS / arhitektūra
-container.layers=Attēla slāņi
-container.labels=Iezīmes
-container.labels.key=Atslēga
-container.labels.value=Vērtība
-cran.registry=Iestatīt šo reģistru datnē <code>Rprofile.site</code>:
-cran.install=Lai uzstādītu pakotni, ir jāizpilda šī komanda:
-debian.registry=Šis reģistra uzstādīšana komandrindā:
-debian.registry.info=No zemāk esošā saraksta jāizvēlas $distribution un $component.
-debian.install=Lai uzstādītu pakotni, ir jāizpilda šī komanda:
-debian.repository=Glabātavas informācija
-debian.repository.distributions=Distribūcijas
-debian.repository.components=Komponentes
-debian.repository.architectures=Arhitektūras
-generic.download=Lejupielādēt pakotni, izmantojot, komandrindu:
-go.install=Uzstādīt pakotni komandrindā:
-helm.registry=Šī reģistra uzstādīšana komandrindā:
-helm.install=Lai uzstādītu pakotni, ir jāizpilda šī komanda:
-maven.registry=Iestatīt šo reģistru sava projekta datnē <code>pom.xml</code>:
-maven.install=Lai izmantotu pakotni, datnes <code>pom.xml</code> sadaļā <code>dependencies</code> jāievieto šīs rindas:
-maven.install2=Jāizpilda komandrindā:
-maven.download=Jāizpilda komandrindā, lai lejupielādētu šo atkarību:
-nuget.registry=Šī reģistra uzstādīšana komandrindā:
-nuget.install=Lai uzstādītu pakotni ar NuGet, jāizpilda šī komanda:
-nuget.dependency.framework=Mērķa ietvars
-npm.registry=Iestatīt šo reģistru sava projekta datnē <code>.npmrc</code>:
-npm.install=Lai uzstādītu pakotni ar npm, jāizpilda šī komanda:
-npm.install2=vai datnē package.json jāpievieno:
-npm.dependencies=Atkarības
-npm.dependencies.development=Izstrādes atkarības
-npm.dependencies.peer=Līdzatkarības
-npm.dependencies.optional=Izvēles atkarības
-npm.details.tag=Birka
-pub.install=Lai uzstādītu pakotni ar Dart, jāizpilda šī komanda:
-pypi.requires=Nepieciešams Python
-pypi.install=Lai uzstādītu pakotni ar pip, jāizpilda šī komanda:
-rpm.registry=Šī reģistra uzstādīšana komandrindā:
-rpm.distros.redhat=uz RedHat balstītās operētājsistēmās
-rpm.distros.suse=uz SUSE balstītās operētājsistēmās
-rpm.install=Lai uzstādītu pakotni, ir jāizpilda šī komanda:
-rpm.repository=Glabātavas informācija
-rpm.repository.architectures=Arhitektūras
-rubygems.install=Lai uzstādītu pakotni ar gem, jāizpilda šī komanda:
-rubygems.install2=vai jāpievieno tas Gemfile:
-rubygems.dependencies.runtime=Izpildlaika atkarības
-rubygems.dependencies.development=Izstrādes atkarības
-rubygems.required.ruby=Nepieciešamā Ruby versija
-rubygems.required.rubygems=Nepieciešamā RubyGem versija
-swift.registry=Šī reģistra uzstādīšana komandrindā:
-swift.install=Pakotne jāpievieno datnē <code>Package.swift</code>:
-swift.install2=vai jāpievieno tā Gemfile:
-vagrant.install=Lai pievienotu Vagrant kasti, jāizpilda šī komanda:
-settings.link=Piesaistīt šo pakotni glabātavai
-settings.link.description=Ja pakotne tiek sasaistīta ar glabātavu, tā tiek attēlota glabātavas pakotņu sarakstā.
-settings.link.select=Atlasīt glabātavu
-settings.link.button=Atjaunināt glabātavas saiti
-settings.link.success=Glabātavas saite tika sekmīgi atjaunināta.
-settings.link.error=Neizdevās atjaunināt glabātavas saiti.
-settings.delete=Izdzēst pakotni
-settings.delete.description=Pakotne tiks neatgriezeniski izdzēsta.
-settings.delete.notice=Tiks izdzēsta pakotne %s (%s). Šī darbība ir neatgriezeniska. Tiešām turpināt?
-settings.delete.success=Pakotne tika izdzēsta.
-settings.delete.error=Neizdevās izdzēst pakotni.
-owner.settings.cargo.title=Cargo reģistra inkdess
-owner.settings.cargo.initialize=Sāknēt indeksu
-owner.settings.cargo.initialize.description=Ir nepieciešams īpaša indeksa Git glabātava, lai izmantotu Cargo reģistru. Šīs iespējas izmantošana (atkārtoti) izveidos glabātavu un automātiski to iestatīs.
-owner.settings.cargo.initialize.error=Neizdevās sāknēt Cargo indeksu: %v
-owner.settings.cargo.initialize.success=Cargo indekss tika sekmīgi izveidots.
-owner.settings.cargo.rebuild=Pārbūvēt indeksu
-owner.settings.cargo.rebuild.description=Pārbūvēšana var būt noderīga, ja indekss nav sinhronizēts ar saglabātajām Cargo pakotnēm.
-owner.settings.cargo.rebuild.error=Neizdevās pārbūvēt Cargo indeksu: %v
-owner.settings.cargo.rebuild.success=Cargo indekss tika sekmīgi pārbūvēts.
-owner.settings.cleanuprules.title=Notīrīšanas kārtulas
-owner.settings.cleanuprules.add=Pievienot notīrīšanas kārtulu
-owner.settings.cleanuprules.edit=Labot notīrīšanas kārtulu
-owner.settings.cleanuprules.none=Vēl nav pieejama neviena notīrīšanas kārtula.
-owner.settings.cleanuprules.preview=Notīrīšanas kārtulas priekšskatījums
-owner.settings.cleanuprules.preview.overview=Ir paredzēta %d pakotņu noņemšana.
-owner.settings.cleanuprules.preview.none=Notīrīšanas kārtulai neatbilst neviena pakotne.
 owner.settings.cleanuprules.enabled=Iespējots
-owner.settings.cleanuprules.pattern_full_match=Pielietot paraugu visam pakotnes nosaukumam
-owner.settings.cleanuprules.keep.title=Versijas, kas atbilst šīm kārtulām, tiks paturētas, pat ja tās atbildīs zemāk esošajai noņemšanas kārtulai.
-owner.settings.cleanuprules.keep.count=Paturēt visjaunāko
 owner.settings.cleanuprules.keep.count.1=1 versija katrai pakotnei
 owner.settings.cleanuprules.keep.count.n=%d versijas katrai pakotnei
-owner.settings.cleanuprules.keep.pattern=Paturēt versijas, kas atbilst
-owner.settings.cleanuprules.keep.pattern.container=Versija <code>latest</code> vienmēr tiks paturēta konteineru pakotnēm.
-owner.settings.cleanuprules.remove.title=Versijas, kas atbilst šīm kārtulām, tiks noņemtas, ja vien augstāk esošā kārtula nenosaka, ka tās ir jāpatur.
-owner.settings.cleanuprules.remove.days=Noņemt versijas vecākas kā
-owner.settings.cleanuprules.remove.pattern=Noņemt versijas, kas atbilst
-owner.settings.cleanuprules.success.update=Notīrīšanas kārtula tika atjaunināta.
-owner.settings.cleanuprules.success.delete=Notīrīšanas kārtula tika izdzēsta.
-owner.settings.chef.title=Chef reģistrs
-owner.settings.chef.keypair=Izveidot atslēgu pāri
-owner.settings.chef.keypair.description=Pieprasījumiem, kuri tiek nosūtīti Chef reģistram, jābūt kriptogrāfiski parakstītam, kas ir autentificēšanās līdzeklis. Kad tiek izveidots atslēgu pāris, Forgejo tiek glabāta tikai publiskā atslēga. Privātā atslēga tiek sniegta, lai to izmantotu ar komandrindas rīku knife. Jauna atslēgu pāra izveidošana aizvietos iepriekšējo.
-arch.version.properties = Versijas īpašības
-arch.pacman.helper.gpg = Jāpievieno uzticēšanās sertifikāts pacman:
-arch.pacman.repo.multi = %s ir tāda pati versija dažādās distribūcijās.
-arch.pacman.repo.multi.item = %s konfigurācija
-arch.pacman.sync = Jāsinhronizē pakotne ar pacman:
-arch.version.description = Apraksts
-arch.version.provides = Nodrošina
-arch.pacman.conf = <code>/etc/pacman.conf</code> jāpievieno serveris ar atbilstošu distribūciju un arhitektūru:
-arch.version.groups = Kopa
-arch.version.replaces = Aizvieto
-arch.version.checkdepends = Pārbaudīt atkarības
-arch.version.conflicts = Nesaderības
-npm.dependencies.bundle = Iekļautās atkarības
-container.images.title = Attēli
-arch.version.optdepends = Izvēles atkarības
-arch.version.makedepends = Izveidot atkarības
-arch.version.backup = Rezerves kopija
-arch.version.depends = Atkarības
-rpm.repository.multiple_groups = Šī pakotne ir pieejama vairākās kopās.
-owner.settings.cargo.rebuild.no_index = Nevar pārbūvēt, nav sāknēts neviens indekss.
-search_in_external_registry = Meklēt %s
-alt.registry = Šī reģistra uzstādīšana komandrindā:
-alt.registry.install = Lai uzstādītu pakotni, jāizpilda šī komanda:
-alt.install = Uzstādīt pakotni
-alt.setup = Pievienot glabātavu savienoto glabātavu sarakstā ("_arch_" vietā jāizvēlas nepieciešamā arhitektūra):
-alt.repository = Informācija par glabātavu
-alt.repository.architectures = Arhitektūras
-alt.repository.multiple_groups = Šī pakotne ir pieejama vairākās kopās.
 
 [secrets]
 secrets=Noslēpumi
diff --git a/options/locale/locale_nds.ini b/options/locale/locale_nds.ini
index 202f11f6a6..891efbc387 100644
--- a/options/locale/locale_nds.ini
+++ b/options/locale/locale_nds.ini
@@ -3461,183 +3461,11 @@ error.no_unit_allowed_repo = Du hest nich dat Recht, to elkeen Deel vun deesem R
 error.unit_not_allowed = Du hest nich dat Recht, up deese Deel vum Repositorium totogriepen.
 
 [packages]
-title = Paketen
 desc = Repositorium-Paketen verwalten.
-empty = Dat gifft noch keene Paketen.
-filter.type = Aard
-filter.type.all = All
-filter.container.tagged = Markt
-filter.container.untagged = Nich markt
-published_by = %[1]s vun <a href="%[2]s">%[3]s</a> publizeert
-installation = Installeren
-about = Över deeses Paket
-requirements = Bruukt
-dependencies = Ofhangens
-keywords = Slötelwoorden
-details = Mehr Informatioonen
-details.author = Autor
-details.project_site = Projekt-Internett-Sied
-details.repository_site = Repositoriums-Internett-Sied
-details.documentation_site = Dokumenterens-Internett-Sied
-details.license = Lizenz
-assets = Objekten
-versions = Versioonen
-versions.view_all = All wiesen
-dependency.id = ID
-dependency.version = Versioon
-alpine.registry.info = Köör $branch un $repository ut de List unnern ut.
-alpine.repository = Repositoriums-Informatioon
-alpine.repository.branches = Twiegen
-alpine.repository.repositories = Repositoriums
-arch.version.properties = Versioon-Eegenskuppen
-arch.version.provides = Stellt paraat
-arch.version.groups = Grupp
-arch.version.depends = Hangt of vun
-arch.version.optdepends = Hangt nich nödig of vun
-arch.version.makedepends = Bau-Ofhangens
-arch.version.checkdepends = Överprüfens-Ofhangens
-arch.version.conflicts = Unverdragelkheiden
-arch.version.replaces = Staht liek för
-composer.dependencies = Ofhangens
-composer.dependencies.development = Entwicklens-Ofhangens
 conan.details.repository = Repositorium
-container.labels = Vermarkens
-container.labels.key = Slötel
-container.labels.value = Weert
-cran.install = Um dat Paket to installeren, föhr deese Oorder ut:
-debian.install = Um dat Paket to installeren, föhr deese Oorder ut:
-debian.repository = Repositoriums-Informatioon
-debian.repository.distributions = Verdeelens
-debian.repository.components = Delen
-debian.repository.architectures = Architekturen
-helm.install = Um dat Paket to installeren, föhr deese Oorder ut:
-npm.dependencies.development = Entwicklens-Ofhangens
-npm.dependencies.bundle = Mitbrocht Ofhangens
-npm.dependencies.peer = Maten-Ofhangens
-npm.dependencies.optional = Nich nödige Ofhangens
-npm.details.tag = Mark
-pypi.requires = Bruukt Python
-rpm.repository = Repositoriums-Informatioon
-rpm.repository.architectures = Architekturen
-rubygems.dependencies.runtime = Looptied-Ofhangens
-rubygems.dependencies.development = Entwicklens-Ofhangens
-rubygems.required.ruby = Bruukt Ruby-Versioon
-rubygems.required.rubygems = Bruukt RubyGem-Versioon
-swift.install2 = un föhr deese Oorder ut:
-settings.link.description = Wenn du een Paket mit eenem Repositorium verbinnst, word dat Paket in de Paketlist vum Repositorium wiest.
-settings.link.select = Repositorium utkören
-settings.link.error = Kunn de Repositoriums-Verwies nich vernejen.
-settings.delete = Paket lösken
-settings.delete.description = Een Paket to lösken is för all Tieden un kann nich torüggnohmen worden.
-settings.delete.success = Dat Paket is lösket worden.
-settings.delete.error = Kunn dat Paket nich lösken.
-owner.settings.cargo.initialize = Index inrichten
-owner.settings.cargo.initialize.error = Kunn Cargo-Index nich inrichten: %v
-owner.settings.cargo.initialize.success = De Cargo-Index is inricht worden.
-owner.settings.cargo.rebuild = Index neei bauen
-owner.settings.cargo.rebuild.error = Kunn Cargo-Index nich neei bauen: %v
-owner.settings.cargo.rebuild.success = De Cargo-Index is neei baut worden.
-owner.settings.cleanuprules.title = Schoonmakens-Örders
-owner.settings.cleanuprules.add = Schoonmakens-Örder hentofögen
-owner.settings.cleanuprules.edit = Schoonmakens-Örder bewarken
-owner.settings.cleanuprules.none = Dat gifft noch keene Schoonmakens-Örders.
-owner.settings.cleanuprules.preview = Schoonmakens-Örder-Utkiek
-owner.settings.cleanuprules.preview.none = Schoonmakens-Örder passt up keene Paketen.
 owner.settings.cleanuprules.enabled = Anknipst
-owner.settings.cleanuprules.pattern_full_match = Muster up de kumplete Paketnaam anwennen
-owner.settings.cleanuprules.keep.count = De neeiste behollen
 owner.settings.cleanuprules.keep.count.1 = 1 Versioon pro Paket
 owner.settings.cleanuprules.keep.count.n = %d Versioonen pro Paket
-owner.settings.cleanuprules.keep.pattern = Versioonen behollen, wat passen
-owner.settings.cleanuprules.remove.title = Versioonen, wat up deese Örders passen, worden lösket, wenn dat keene Örder boven gifft, wat seggt, dat se behollt worden mutten.
-owner.settings.cleanuprules.remove.days = Versioonen oller as dat lösken
-owner.settings.cleanuprules.remove.pattern = Versioonen lösken, wat passen
-owner.settings.cleanuprules.success.update = Schoonmakens-Örder is verneeit worden.
-filter.no_result = Dien Filter gifft keene Resultaten.
-alpine.repository.architectures = Architekturen
-settings.link.button = Repositoriums-Verwies vernejen
-alpine.install = Um dat Paket to installeren, föhr deese Oorder ut:
-arch.version.description = Beschrieven
-published_by_in = %[1]s vun <a href="%[2]s">%[3]s</a> in <a href="%[4]s"><strong>%[5]s</strong></a> publizeert
-settings.link.success = Repositoriums-Verwies is verneeit worden.
-settings.delete.notice = Du willst %s (%s) lösken. Dat kann nich torüggnohmen worden, willst du dat würrelk?
-owner.settings.cleanuprules.preview.overview = %d Paketen sünd tum Lösken vörmarkt.
-owner.settings.cleanuprules.success.delete = Schoonmakens-Örder is wegdaan worden.
-owner.settings.cargo.rebuild.no_index = Kann nich neei bauen, keen Index is inricht.
-npm.dependencies = Ofhangens
-rpm.install = Um dat Paket to installeren, föhr deese Oorder ut:
-settings.link = Verbinn deeses Paket mit eenem Repositorium
-owner.settings.cleanuprules.keep.title = Versioonen, wat up deese Örders passen, worden behollt, ok wenn se up eene Löskens-Örder unnern passen.
-empty.documentation = För mehr Informatioonen över de Paketlist, kiek <a target="_blank" rel="noopener noreferrer" href="%s">de Dokumenteren</a> an.
-empty.repo = Hest du een Paket upladen, aver dat word hier nich wiest? Gah to de <a href="%[1]s">Paket-Instellens</a> un verbinn dat mit deesem Repo.
-registry.documentation = För mehr Informatioonen över de %s-Paketlist, kiek <a target="_blank" rel="noopener noreferrer" href="%s">de Dokumenteren</a> an.
-alpine.registry = Richt deese Paketlist in, indeem du de URL in diene <code>/etc/apk/repositories</code>-Datei inföögst:
-alpine.registry.key = Laad de publiken RSA-Slötel vun de Paketlist in dat Verteeknis <code>/etc/apk/keys/</code> runner, um de Index-Unnerschrift uttowiesen:
-arch.pacman.helper.gpg = Föög dat Vertroens-Zertifikaat för Pacman hento:
-arch.pacman.repo.multi = %s hett in mennig Verdeelens de sülve Versioon.
-arch.pacman.repo.multi.item = Inrichten för %s
-arch.pacman.conf = Föög de Server mit de verwandt Verdeelen un Architektuur to de <code>/etc/pacman.conf</code> hento:
-arch.pacman.sync = Verneei dat Paket mit Pacman:
-arch.version.backup = Sekerheids-Kopie
-cargo.registry = Richt deese Paketlist in de Cargo-Instellens-Datei in (to’n Bispööl <code>~/.cargo/config.toml</code>):
-cargo.install = Um dat Paket mit Cargo to installeren, föhr deese Oorder ut:
-chef.install = Um dat Paket to installeren, föhr deese Oorder ut:
-chef.registry = Richt deese Paketlist in diener <code>~/.chef/config.rb</code>-Datei in:
-composer.registry = Richt deese Paketlist in diener <code>~/.composer/config.json</code>-Datei in:
-conan.registry = Richt deese Paketlist vun de Oorderreeg in:
-conda.registry = Richt deese Paketlist as een Conda-Repositorium in diener <code>~/.condarc</code>-Datei in:
-composer.install = Um dat Paket mit Composer to installeren, föhr deese Oorder ut:
-conda.install = Um dat Paket mit Conda to installeren, föhr deese Oorder ut:
-container.details.type = Avbill-Aard
-container.details.platform = Plattfoorm
-container.pull = Haal deeses Avbill vun de Oorderreeg:
-container.digest = Prüüfsumm
-container.multi_arch = BS / Arch
-container.layers = Avbill-Schichten
-cran.registry = Richt deese Paketlist in diener <code>Rprofile.site</code>-Datei in:
-debian.registry = Richt deese Paketlist vun de Oorderreeg in:
-debian.registry.info = Köör $distribution un $component ut de unnern List ut.
-generic.download = Laad deeses Paket vun de Oorderreeg runner:
-go.install = Installeer dat Paket vun de Oorderreeg:
-helm.registry = Richt deese Paketlist vun de Oorderreeg in:
-maven.registry = Richt deese Paketlist in diener <code>pom.xml</code>-Datei in:
-maven.install2 = Vun de Oorderreeg utföhren:
-maven.download = Um de Ofhangen runnertoladen, föhr in de Oorderreeg ut:
-nuget.registry = Richt deese Paketlist vun de Oorderreeg in:
-nuget.install = Um dat Paket mit NuGet to installeren, föhr deese Oorder ut:
-nuget.dependency.framework = Enn-Rahmwark
-npm.registry = Richt deese Paketlist in de <code>.npmrc</code>-Datei vun dienem Projekt in:
-maven.install = Um dat Paket to bruken, giff in de <code>dependencies</code>-Deel vun de <code>pom.xml</code>-Datei dat an:
-npm.install = Um dat Paket mit npm to installeren, föhr deese Oorder ut:
-npm.install2 = of föög dat to de »package.json«-Datei hento:
-pub.install = Um dat Paket mit Dart to installeren, föhr deese Oorder ut:
-pypi.install = Um dat Paket mit pip to installeren, föhr deese Oorder ut:
-rpm.registry = Richt deese Paketlist vun de Oorderreeg in:
-rpm.distros.redhat = Up Verdeelens mit RedHat as Grundlaag
-rpm.distros.suse = Up Verdeelens mit SUSE as Grundlaag
-rpm.repository.multiple_groups = Deeses Paket is in mennig Gruppen verföögbaar.
-rubygems.install = Um dat Paket mit gem to installeren, föhr deese Oorder ut:
-rubygems.install2 = of föög dat to de »Gemfile«-Datei hento:
-swift.registry = Richt deese Paketlist vun de Oorderreeg in:
-swift.install = Föög dat Paket in diener <code>Package.swift</code>-Datei hento:
-vagrant.install = Um eene Vagrant-Kist hentotofögen, föhr deese Oorder ut:
-owner.settings.cargo.title = Cargo-Paketlist-Index
-owner.settings.cargo.initialize.description = Een besünners Index-Git-Repositorium is nödig, um de Cargo-Paketlist to bruken. Deese Instellen word dat Repositorium (neei) maken un automatisk inrichten.
-owner.settings.cargo.rebuild.description = Neeibauen kann nüttelk wesen, wenn de Index nich to de lagert Cargo-Paketen passt.
-owner.settings.cleanuprules.keep.pattern.container = De <code>latest</code>-Versioon word för Behälter-Paketen alltieden behollen.
-owner.settings.chef.title = Chef-Paketlist
-owner.settings.chef.keypair = Slötelpaar maken
-owner.settings.chef.keypair.description = Anfragen, wat to de Chef-Paketlist schickt worden, mutten tum Utwiesen kryptographisk unnerschreven worden. Wenn du een Slötelpaar maakst, word blots de publike Slötel up Forgejo verwahrt. De privaate Slötel word di tum Bruken mit knife geven. Wenn du een nejes Slötelpaar maakst, word dat olle överschrieven.
-conan.install = Um dat Paket mit Conan to installeren, föhr deese Oorder ut:
-container.images.title = Avbillers
-search_in_external_registry = In %s söken
-alt.setup = Föög een Repositorium to de List vun verbunnen Repositoriums hento (köör de nödige Architektuur in Stee vun »_arch_« ut):
-alt.registry.install = Um dat Paket to installeren, föhr deese Oorder ut:
-alt.repository.architectures = Architekturen
-alt.repository.multiple_groups = Deeses Paket is in mennig Gruppen verföögbaar.
-alt.registry = Richt deese Paketlist vun de Oorderreeg in:
-alt.install = Paket installeren
-alt.repository = Repositoriums-Informatioon
 
 [secrets]
 secrets = Geheemsten
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index 329df5bc50..d5b4bcdabc 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -3529,183 +3529,11 @@ error.unit_not_allowed=U heeft geen toegang tot deze sectie van de repository.
 unit = Eenheid
 
 [packages]
-filter.type=Type
-assets=Bezittingen
-alpine.repository.branches=Branches
-alpine.repository.repositories=Repositories
 conan.details.repository=Opslagplaats
-rubygems.required.ruby=Vereist Ruby versie
-rubygems.required.rubygems=Vereist RubyGem versie
-settings.link.button=Repository link bijwerken
 owner.settings.cleanuprules.enabled=Ingeschakeld
-owner.settings.cleanuprules.remove.days = Verwijder versies ouder dan
-owner.settings.cleanuprules.remove.pattern = Verwijder versies die overeenkomen met
-owner.settings.cleanuprules.success.update = Opruimregel is bijgewerkt.
-owner.settings.cleanuprules.success.delete = Opruimregel is verwijderd.
-owner.settings.chef.title = Chef register
-owner.settings.chef.keypair = Genereer sleutelpaar
-owner.settings.cleanuprules.remove.title = Versies die overeenkomen met deze regels worden verwijderd, tenzij een regel hierboven zegt dat ze bewaard moeten worden.
-owner.settings.cleanuprules.keep.pattern.container = De <code>laatste</code> versie wordt altijd bewaard voor Container pakketten.
-owner.settings.chef.keypair.description = Verzoeken die naar het Chef-register worden gestuurd, moeten cryptografisch worden ondertekend als authenticatiemiddel. Bij het genereren van een sleutelpaar wordt alleen de publieke sleutel opgeslagen in Forgejo. De privésleutel wordt aan u verstrekt voor gebruik met knife. Het genereren van een nieuw sleutelpaar overschrijft de vorige.
-container.labels.value = Waarde
-cran.install = Voer het volgende commando uit om het pakket te installeren:
-debian.registry = Stel dit register in vanaf de terminal:
-debian.registry.info = Kies $distribution en $component uit de onderstaande lijst.
-cran.registry = Stel dit register in je <code>Rprofile.site</code> bestand:
-dependency.version = Versie
-alpine.registry.info = Kies $branch en $repository uit de onderstaande lijst.
-alpine.install = Voer het volgende commando uit om het pakket te installeren:
-alpine.repository = Repository informatie
-alpine.repository.architectures = Architecturen
-cargo.registry = Stel dit register in het Cargo configuratiebestand in (bijvoorbeeld <code>~/.cargo/config.toml</code>):
-cargo.install = Voer de volgende opdracht uit om het pakket met Cargo te installeren:
-chef.install = Voer het volgende commando uit om het pakket te installeren:
-composer.registry = Stel dit register in je <code>~/.composer/config.json</code> bestand:
-composer.dependencies = Afhankelijkheden
-composer.dependencies.development = Ontwikkelings afhankelijkheden
-conan.registry = Stel dit register in vanaf de terminal:
-conan.install = Voer het volgende commando uit om het pakket met Conan te installeren:
-conda.registry = Stel dit register in als een Conda repository in je <code>.condarc</code> bestand:
-container.details.type = Afbeelding type
-container.details.platform = Platform
-container.pull = Haal de afbeelding op vanaf de terminal:
-container.digest = Digest
-container.multi_arch = Besturingssysteem / Arch
-container.layers = Afbeelding lagen
-container.labels = Labels
-container.labels.key = Sleutel
-debian.repository = Repository informatie
-debian.repository.distributions = Distributies
-debian.repository.components = Componenten
-debian.repository.architectures = Architecturen
-generic.download = Pakket downloaden vanaf de terminal:
-go.install = Installeer het pakket vanaf de terminal:
-helm.registry = Stel dit register in vanaf de terminal:
-helm.install = Voer het volgende commando uit om het pakket te installeren:
-maven.install = Om het pakket te gebruiken, voeg het volgende toe aan het <code>dependencies</code> blok in het <code>pom.xml</code> bestand:
-pypi.requires = Python vereist
-pypi.install = Voer het volgende commando uit om het pakket met pip te installeren:
-rpm.registry = Stel dit register in vanaf de terminal:
-rpm.distros.redhat = op distributies gebaseerd op RedHat
-rpm.distros.suse = op SUSE gebaseerde distributies
-rpm.repository = Repository informatie
-rpm.repository.architectures = Architecturen
-rpm.repository.multiple_groups = Dit pakket is beschikbaar in meerdere groepen.
-rubygems.install = Voer het volgende commando uit om het pakket met gem te installeren:
-rubygems.install2 = of voeg het toe aan het Gemfile:
-rubygems.dependencies.development = Ontwikkelings dependencies
-swift.registry = Stel dit register in vanaf de terminal:
-swift.install = Voeg het pakket toe in je <code>Package.swift</code> bestand:
-swift.install2 = en voer het volgende commando uit:
-settings.link = Koppel dit pakket aan een repository
-settings.link.select = Repository selecteren
-settings.link.success = De koppeling naar de repository is bijgewerkt.
-settings.link.error = Het is niet gelukt om de koppeling naar de repository bij te werken.
-settings.delete = Pakket verwijderen
-settings.delete.description = Het verwijderen van een pakket is permanent en kan niet ongedaan worden gemaakt.
-settings.delete.notice = U staat op het punt om %s (%s) te verwijderen. Deze bewerking is onomkeerbaar, weet u het zeker?
-settings.delete.success = Het pakket is verwijderd.
-maven.install2 = Uitvoeren via opdrachtregel:
-nuget.registry = Stel dit register in vanaf de terminal:
-nuget.install = Voer het volgende commando uit om het pakket met NuGet te installeren:
-npm.install = Voer het volgende commando uit om het pakket met npm te installeren:
-npm.install2 = of voeg het toe aan het package.json bestand:
-npm.dependencies = Afhankelijkheden
-npm.dependencies.development = Ontwikkelings afhankelijkheden
-npm.dependencies.peer = Peer afhankelijkheden
-npm.dependencies.optional = Optionele afhankelijkheden
-owner.settings.cargo.title = Cargo register index
-owner.settings.cargo.initialize = Index initialiseren
-owner.settings.cargo.initialize.error = Cargo index is niet geïnitialiseerd: %v
-owner.settings.cargo.initialize.success = De Cargo index is met succes aangemaakt.
-owner.settings.cargo.rebuild = Index herbouwen
-owner.settings.cargo.rebuild.description = Heropbouwen kan nuttig zijn als de index niet is gesynchroniseerd met de opgeslagen Cargo pakketten.
-owner.settings.cargo.rebuild.error = Mislukt om Cargo index te herbouwen: %v
-owner.settings.cargo.rebuild.success = De Cargo index is met succes opnieuw opgebouwd.
-owner.settings.cleanuprules.title = Opschoonregels
-owner.settings.cleanuprules.add = Regel voor opschonen toevoegen
-owner.settings.cleanuprules.edit = Regel voor opschonen bewerken
-owner.settings.cleanuprules.preview = Voorbeeld opruimregel
-owner.settings.cleanuprules.preview.overview = %d pakketten zijn gepland om verwijderd te worden.
-owner.settings.cleanuprules.preview.none = Opschoonregel komt niet overeen met pakketten.
-owner.settings.cleanuprules.pattern_full_match = Patroon toepassen op volledige pakketnaam
-owner.settings.cleanuprules.keep.count = Bewaar de meest recente
 owner.settings.cleanuprules.keep.count.1 = 1 versie per pakket
 owner.settings.cleanuprules.keep.count.n = %d versies per pakket
-pub.install = Voer het volgende commando uit om het pakket met Dart te installeren:
-rubygems.dependencies.runtime = Runtime dependencies
-settings.delete.error = Het verwijderen van het pakket is mislukt.
-alpine.registry = Stel dit register in door de url toe te voegen aan je <code>/etc/apk/repositories</code> bestand:
-maven.registry = Stel dit register in het <code>pom.xml</code> bestand van je project:
-rpm.install = Voer het volgende commando uit om het pakket te installeren:
-vagrant.install = Om een Vagrant box toe te voegen, voer je het volgende commando uit:
-settings.link.description = Als je een pakket koppelt aan een repository, dan wordt het pakket weergegeven in de pakketlijst van de repository.
-debian.install = Voer het volgende commando uit om het pakket te installeren:
-owner.settings.cleanuprules.keep.pattern = Behoud versies die overeenkomen met
-npm.details.tag = Label
-owner.settings.cargo.initialize.description = Een speciale index Git repository is nodig om het Cargo register te gebruiken. Door deze optie te gebruiken wordt de repository (opnieuw) aangemaakt en automatisch geconfigureerd.
-owner.settings.cleanuprules.none = Er zijn nog geen opruimregels.
-owner.settings.cleanuprules.keep.title = Versies die overeenkomen met deze regels worden bewaard, zelfs als ze overeenkomen met een verwijderingsregel hieronder.
-alpine.registry.key = Download de openbare RSA-sleutel van het register in de map <code>/etc/apk/keys/</code> om de indexhandtekening te verifiëren:
-chef.registry = Stel dit register in je <code>~/.chef/config.rb</code> bestand:
-composer.install = Voer de volgende opdracht uit om het pakket met Composer te installeren:
-conda.install = Voer het volgende commando uit om het pakket met Conda te installeren:
-maven.download = Voer de opdrachtregel uit om de dependencies te downloaden:
-npm.registry = Stel dit register in het <code>.npmrc</code> bestand van je project:
-dependency.id = ID
-nuget.dependency.framework = Target Framework
-title = Pakketten
 desc = Beheer repository pakketten.
-empty = Er zijn nog geen pakketten.
-empty.documentation = Voor meer informatie over het pakketregister, zie <a target="_blank" rel="noopener noreferrer" href="%s">de documentatie</a>.
-empty.repo = Did you upload a package, but it's not shown here? Ga naar <a href="%[1]s">pakketinstellingen</a> en link het naar deze repo.
-registry.documentation = Zie <a target="_blank" rel="noopener noreferrer" href="%s">de documentatie</a> voor meer informatie over de %s register.
-filter.no_result = Je filter heeft geen resultaten opgeleverd.
-filter.container.tagged = Getagd
-filter.container.untagged = Ongetagd
-published_by = Gepubliceerd %[1]s door <a href="%[2]s">%[3]s</a>
-published_by_in = Gepubliceerd %[1]s door <a href="%[2]s">%[3]s</a> in <a href="%[4]s"><strong>%[5]s</strong></a>
-installation = Installatie
-about = Over dit pakket
-requirements = Vereisten
-dependencies = Afhankelijkheden
-keywords = Trefwoorden
-details = Details
-details.author = Auteur
-details.project_site = Projectwebsite
-details.repository_site = Repository website
-details.documentation_site = Documentatie website
-details.license = Licentie
-versions = Versies
-versions.view_all = Alles weergeven
-filter.type.all = Alle
-owner.settings.cargo.rebuild.no_index = Kan niet herbouwen, er is geen index geïnitialiseerd.
-npm.dependencies.bundle = Gebundelde dependencies
-arch.version.depends = Afhankelijk van
-arch.pacman.helper.gpg = Vertrouwenscertificaat toevoegen voor pacman:
-arch.pacman.repo.multi = %s heeft dezelfde versie in verschillende distributies.
-arch.pacman.repo.multi.item = Configuratie voor %s
-arch.pacman.conf = Voeg server met gerelateerde distributie en architectuur toe aan <code>/etc/pacman.conf</code> :
-arch.pacman.sync = Synchroniseer pakket met pacman:
-arch.version.properties = Versie-eigenschappen
-arch.version.description = Beschrijving
-arch.version.provides = Biedt
-arch.version.groups = Groep
-arch.version.optdepends = Optioneel is afhankelijk van
-arch.version.checkdepends = Controleer is afhankelijk van
-arch.version.conflicts = Conflicten
-arch.version.replaces = Vervangt
-arch.version.backup = Back-up
-arch.version.makedepends = Maken is afhankelijk van
-container.images.title = Afbeeldingen
-search_in_external_registry = Zoeken in %s
-alt.registry.install = Voer het volgende commando uit om het pakket te installeren:
-alt.repository = Repository info
-alt.repository.architectures = Architecturen
-alt.repository.multiple_groups = Dit pakket is beschikbaar in meerdere groepen.
-alt.registry = Stel dit register in vanaf de opdrachtregel:
-alt.install = Pakket installeren
-alt.setup = Voeg een repository toe aan de lijst met gekoppelde repositories (kies de benodigde architectuur in plaats van "_arch_"):
 
 [secrets]
 secrets = Geheimen
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index df520d91bc..1e195970eb 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -3506,183 +3506,11 @@ error.unit_not_allowed=Nie masz uprawnień do tej sekcji repozytorium.
 unit = Jednostka
 
 [packages]
-filter.type=Typ
-alpine.repository.branches=Gałęzie
-alpine.repository.repositories=Repozytoria
 conan.details.repository=Repozytorium
 owner.settings.cleanuprules.enabled=Włączone
-alpine.repository.architectures = Architektury
-container.details.platform = Platforma
-requirements = Wymagania
-keywords = Słowa kluczowe
-versions = Wersje
-dependency.id = ID
-dependency.version = Wersja
-details.author = Autor
-filter.type.all = Wszystko
-filter.container.tagged = Oznaczone
-details.license = Licencja
-installation = Instalacja
-composer.dependencies = Zależności
-filter.container.untagged = Nieoznaczone
-title = Pakiety
-dependencies = Zależności
-details = Szczegóły
-debian.repository.distributions = Dystrybucje
-npm.details.tag = Znacznik
-container.labels = Etykiety
-container.labels.key = Klucz
-debian.repository.architectures = Architektury
-debian.repository.components = Komponenty
-container.labels.value = Wartość
-npm.dependencies = Zależności
-rpm.repository.architectures = Architektury
-owner.settings.chef.keypair.description = Para kluczy jest konieczna do uwierzytelnienia do rejestru Chef. Jeżeli wygenerowałeś(-aś) parę kluczy wcześniej, generowanie nowej pary kluczy porzuci starą parę kluczy.
-maven.install2 = Uruchom z wiersza poleceń:
-settings.delete = Usuń pakiet
-assets = Zasoby
-helm.registry = Skonfiguruj ten rejestr z wiersza poleceń:
-helm.install = By zainstalować ten pakiet, wykonaj następujące polecenie:
-alt.install = Zainstaluj pakiet
-alt.repository.multiple_groups = Ten pakiet jest dostępny w wielu grupach.
-settings.delete.description = Usunięcie pakietu jest operacją permanentną i nie może zostać cofnięte.
-nuget.registry = Skonfiguruj ten rejestr z wiersza poleceń:
-conda.registry = Skonfiguruj ten rejestr jako repozytorium Conda w twoim pliku <code>.condarc</code>:
-search_in_external_registry = Szukaj w %s
-settings.delete.notice = Za moment usuniesz %s (%s). Ta operacja jest nieodwracalna, jesteś pewien(-na)?
-settings.delete.success = Pakiet został usunięty.
-settings.delete.error = Nie udało się usunąć pakietu.
-debian.registry = Skonfiguruj ten rejestr z wiersza poleceń:
-debian.repository = Informacje o repozytorium
-generic.download = Pobierz pakiet z wiersza poleceń:
-go.install = Zainstaluj pakiet z wiersza poleceń:
-maven.registry = Skonfiguruj ten rejestr w twoim pliku projektu <code>pom.xml</code>:
-npm.install = By zainstalować ten pakiet przy użyciu npm, wykonaj następujące polecenie:
-npm.dependencies.optional = Zależności opcjonalne
-alt.setup = Dodaj repozytorium do listy połączonych repozytoriów (wybierz wymaganą architekturę zamiast '_arch_'):
-alt.repository.architectures = Architektury
-alpine.install = By zainstalować ten pakiet, wykonaj następujące polecenie:
-conan.install = By zainstalować ten pakiet przy użyciu Conan, wykonaj następujące polecenie:
-composer.install = By zainstalować ten pakiet przy użyciu Composer, wykonaj następujące polecenie:
-npm.dependencies.peer = Zależności rówieśnicze
-owner.settings.chef.keypair = Wygeneruj parę kluczy
-owner.settings.cleanuprules.success.update = Reguła czyszczenia została zaktualizowana.
-chef.registry = Skonfiguruj ten rejestr w twoim pliku <code>~/.chef/config.rb</code>:
-rubygems.install2 = lub dodaj to do Gemfile:
-about = O tym pakiecie
-published_by_in = Opublikowano %[1]s przez <a href="%[2]s">%[3]s</a> w <a href="%[4]s"><strong>%[5]s</strong></a>
-published_by = Opublikowano %[1]s przez <a href="%[2]s">%[3]s</a>
-npm.registry = Skonfiguruj ten rejestr w pliku projektu <code>.npmrc</code>:
-rpm.repository.multiple_groups = Ten pakiet jest dostępny w wielu grupach.
-rpm.repository = Informacje o repozytorium
-alpine.registry = Skonfiguruj ten rejestr dodając url do twojego pliku <code>/etc/apk/repositories</code>:
-cargo.registry = Skonfiguruj ten rejestr w pliku konfiguracyjnym Cargo (na przykład <code>~/.cargo/config.toml</code>):
-nuget.install = By zainstalować ten pakiet przy użyciu NuGet, wykonaj następujące polecenie:
-rpm.distros.suse = na dystrybucjach opartych o SUSE
-npm.dependencies.bundle = Dołączone zależności
-rubygems.required.ruby = Wymaga wersji Ruby
-rubygems.required.rubygems = Wymaga wersji RubyGem
-arch.version.groups = Grupa
-arch.version.depends = Zależności
-arch.version.optdepends = Opcjonalne zależności
-composer.registry = Skonfiguruj ten rejestr w twoim pliku <code>~/.composer/config.json</code>:
-conda.install = By zainstalować ten pakiet przy użyciu Conda, wykonaj następujące polecenie:
-container.details.type = Rodzaj obrazu
-rpm.distros.redhat = na dystrybucjach opartych o RedHat
-filter.no_result = Twój filtr nie dał żadnych wyników.
-registry.documentation = Więcej informacji o rejestrze %s znajdziesz w <a target="_blank" rel="noopener noreferrer" href="%s">dokumentacji</a>.
-empty.repo = Czy wgrałeś pakiet, ale nie jest tutaj wyświetlany? Odwiedź <a href="%[1]s">ustawienia pakietów</a> i powiąż go z tym repozytorium.
-empty.documentation = Więcej informacji o rejestrze przekietów znajdziesz w <a target="_blank" rel="noopener noreferrer" href="%s">dokumentacji</a>.
-alpine.repository = Informacje o repozytorium
-arch.pacman.helper.gpg = Dodaj certyfikat zaufania do pacmana:
-alpine.registry.key = Pobierz klucz publiczny RSA rejestru do folderu <code>/etc/apk/keys/</code> by zweryfikować podpis indeksu:
-arch.pacman.sync = Synchronizuj pakiet przy użyciu pacman:
-arch.version.checkdepends = Zależności weryfikacji
-arch.version.conflicts = Konflikty
-cargo.install = By zainstalować ten pakiet przy użyciu Cargo, wykonaj następujące polecenie:
-chef.install = By zainstalować ten pakiet, wykonaj następujące polecenie:
-debian.install = By zainstalować ten pakiet, wykonaj następujące polecenie:
-maven.download = By pobrać zależność, wykonaj w wierszu poleceń:
-npm.install2 = lub dodaj to do pliku package.json:
-pub.install = By zainstalować ten pakiet przy użyciu Dart, wykonaj następujące polecenie:
-maven.install = By użyć tego pakietu dołącz następującą treść w bloku <code>dependencies</code> w pliku <code>pom.xml</code>:
-pypi.install = By zainstalować ten pakiet przy użyciu pip, wykonaj następujące polecenie:
-rpm.registry = Skonfiguruj ten rejestr z wiersza poleceń:
-rpm.install = By zainstalować ten pakiet, wykonaj następujące polecenie:
-rubygems.install = By zainstalować ten pakiet przy użyciu gem, wykonaj następujące polecenie:
-settings.link.description = Jeżeli połączych pakiet z repozytorium, pakiet ten będzie widoczny na liście pakietów danego repozytorium.
-settings.link.success = Połączone repozytorium zostało zaktualizowane pomyślnie.
-owner.settings.cleanuprules.keep.count = Pozostaw ostatnie
 owner.settings.cleanuprules.keep.count.1 = 1 wersji na pakiet
-owner.settings.chef.title = Rejestr Chef
-conan.registry = Skonfiguruj ten rejestr z wiersza poleceń:
-container.multi_arch = OS / Architektura
-container.images.title = Obrazy
-owner.settings.cleanuprules.keep.pattern = Pozostaw pasujące wersje
 desc = Zarządzaj pakietami repozytoriów.
-settings.link.button = Zaktualizuj Połączone Repozytorium
-settings.link = Połącz ten pakiet z repozytorium
-swift.install2 = i wykonaj następujące polecenie:
-arch.version.properties = Własności wersji
-arch.pacman.repo.multi.item = Konfiguracja dla %s
-arch.pacman.repo.multi = %s ma tę samą wersję co w innych dystrybucjach.
-arch.pacman.conf = Dodaj serwer z powiązaną dystrybucją i architekturą do <code>/etc/pacman.conf</code> :
-versions.view_all = Pokaż wszystkie
-details.documentation_site = Strona dokumentacji
-details.repository_site = Strona repozytorium
-arch.version.description = Opis
-arch.version.provides = Zapewnia
-arch.version.makedepends = Zależności budowy
-container.pull = Pobierz obraz z wiersza poleceń:
-container.layers = Warstwy obrazu
-pypi.requires = Wymagany Python
-rubygems.dependencies.runtime = Zależności czasu wykonywania
-swift.registry = Skonfiguruj ten rejestr z wiersza poleceń:
-alt.registry = Skonfiguruj ten rejestr z wiersza poleceń:
-alt.registry.install = By zainstalować ten pakiet, wykonaj następujące polecenie:
-owner.settings.cleanuprules.preview.overview = %d pakietów jest zaplanowanych do usunięcia.
 owner.settings.cleanuprules.keep.count.n = %d wersji na pakiet
-owner.settings.cleanuprules.remove.title = Wersje które nie pasują do tych reguł zostaną usunięte, chyba, że reguła wcześniej każe jest pozostawić.
-owner.settings.cleanuprules.remove.days = Usuń wersje starsze niż
-alt.repository = Informacje o repozytorium
-owner.settings.cleanuprules.remove.pattern = Usuń wersje pasujące
-owner.settings.cleanuprules.success.delete = Reguła czyszczenia została usunięta.
-arch.version.replaces = Zamienia
-arch.version.backup = Kopia zapasowa
-details.project_site = Strona projektu
-settings.link.error = Nie udało się zaktualizować połączonego repozytorium.
-swift.install = Dodaj ten packiet do twojego pliku <code>Package.swift</code>:
-settings.link.select = Wybierz Repozytorium
-empty = Nie ma jeszcze żadnych pakietów.
-cran.registry = Skonfiguruj ten rejestr w twoim pliku <code>Rprofile.site</code>:
-cran.install = By zainstalować ten pakiet, wykonaj następujące polecenie:
-owner.settings.cargo.rebuild.no_index = Nie można odbudować, żaden indeks nie jest zainicjowany.
-owner.settings.cargo.title = Indeks rejestru Cargo
-owner.settings.cargo.rebuild.error = Nie udało się odbudować indeksu Cargo: %v
-owner.settings.cargo.rebuild.success = Indeks Cargo został odbudowany pomyślnie.
-owner.settings.cleanuprules.none = Nie ma jeszcze żadnych reguł czyszczenia.
-nuget.dependency.framework = Framework Docelowy
-owner.settings.cleanuprules.preview = Podgląd reguły czyszczenia
-owner.settings.cleanuprules.keep.pattern.container = Wersja <code>latest</code> jest zawsze pozostawiana dla pakietów kontenerów.
-owner.settings.cargo.initialize.success = Indeks Cargo został utworzony pomyślnie.
-owner.settings.cargo.rebuild = Odbuduj indeks
-owner.settings.cargo.initialize.error = Nie udało się zainicjować indeksu Cargo: %v
-composer.dependencies.development = Zależności programistyczne
-owner.settings.cargo.initialize = Zainicjuj indeks
-alpine.registry.info = Wybierz $branch i $repository z listy poniżej.
-owner.settings.cleanuprules.pattern_full_match = Zastosuj wzór do pełnej nazwy pakietu
-owner.settings.cleanuprules.keep.title = Wersje które pasują do tych reguł są pozostawiane, nawet jeżeli pasują do reguły usunięcia niżej.
-vagrant.install = By dodać box Vagrant, wykonaj następujące polecenie:
-npm.dependencies.development = Zależności programistyczne
-rubygems.dependencies.development = Zależności programistyczne
-owner.settings.cargo.rebuild.description = Odbudowanie może być przydatne gdy indeks nie jest synchronizowany z zapisanymi pakietami Cargo.
-owner.settings.cleanuprules.title = Reguły czyszczenia
-owner.settings.cleanuprules.add = Dodaj regułę czyszczenia
-owner.settings.cleanuprules.edit = Edytuj regułę czyszczenia
-owner.settings.cleanuprules.preview.none = Reguła czyszczenia nie pasuje do żadnego pakietu.
-owner.settings.cargo.initialize.description = Specjalny indeks repozytorium Git jest potrzebny by użyć rejestru Cargo. Wybranie tej opcji utworzy/odtworzy repozytorium i skonfiguruje jest automatycznie.
-container.digest = Digest
-debian.registry.info = Wybierz $distribution i $component z listy poniżej.
 
 [secrets]
 secrets = Sekrety
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index 823737a6db..7762e34325 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -3536,183 +3536,11 @@ error.no_unit_allowed_repo=Você não tem permissão para acessar nenhuma seçã
 error.unit_not_allowed=Você não tem permissão para acessar esta seção do repositório.
 
 [packages]
-title=Pacotes
 desc=Gerenciar pacotes do repositório.
-empty=Não há pacotes ainda.
-empty.documentation=Para obter mais informações sobre o registro de pacotes, consulte <a target="_blank" rel="noopener noreferrer" href="%s">a documentação</a>.
-empty.repo=Você enviou um pacote, mas ele não está aqui? Vá para <a href="%[1]s">configurações do pacote</a> e vincule-o a este repositório.
-filter.type=Tipo
-filter.type.all=Todos
-filter.no_result=Seu filtro não produziu resultados.
-filter.container.tagged=Marcado
-filter.container.untagged=Desmarcado
-published_by=Publicado %[1]s por <a href="%[2]s">%[3]s</a>
-published_by_in=Publicado %[1]s por <a href="%[2]s">%[3]s</a> em <a href="%[4]s"><strong>%[5]s</strong></a>
-installation=Instalação
-about=Sobre este pacote
-requirements=Requisitos
-dependencies=Dependências
-keywords=Palavras-chave
-details=Detalhes
-details.author=Autor
-details.project_site=Site do projeto
-details.repository_site=Site do repositório
-details.documentation_site=Site da documentação
-details.license=Licença
-assets=Recursos
-versions=Versões
-versions.view_all=Ver todas
-dependency.id=ID
-dependency.version=Versão
-alpine.registry=Configure este registro adicionando o URL no arquivo <code>/etc/apk/repositories</code>:
-alpine.registry.key=Baixe a chave RSA pública do registro para a pasta <code>/etc/apk/keys/</code> para verificar a assinatura do índice:
-alpine.registry.info=Escolha o $branch e $repository da lista abaixo.
-alpine.install=Para instalar o pacote, execute o seguinte comando:
-alpine.repository=Informações do repositório
-alpine.repository.branches=Branches
-alpine.repository.repositories=Repositórios
-alpine.repository.architectures=Arquiteturas
-cargo.registry=Configurar este registro no arquivo de configuração de Cargo (por exemplo <code>~/.cargo/config.toml</code>):
-cargo.install=Para instalar o pacote usando Cargo, execute o seguinte comando:
-chef.registry=Configure este registro em seu arquivo <code>~/.chef/config.rb</code>:
-chef.install=Para instalar o pacote, execute o seguinte comando:
-composer.registry=Configure este registro em seu arquivo <code>~/.composer/config.json</code>:
-composer.install=Para instalar o pacote usando o Composer, execute o seguinte comando:
-composer.dependencies=Dependências
-composer.dependencies.development=Dependências de desenvolvimento
 conan.details.repository=Repositório
-conan.registry=Configure este registro pela linha de comando:
-conan.install=Para instalar o pacote usando o Conan, execute o seguinte comando:
-conda.registry=Configure este registro como um repositório Conda no arquivo <code>.condarc</code>:
-conda.install=Para instalar o pacote usando o Conda, execute o seguinte comando:
-container.details.type=Tipo de imagem
-container.details.platform=Plataforma
-container.pull=Puxe a imagem pela linha de comando:
-container.digest=Digest
-container.multi_arch=S.O. / Arquitetura
-container.layers=Camadas da imagem
-container.labels=Rótulos
-container.labels.key=Chave
-container.labels.value=Valor
-cran.registry=Configure este registro no arquivo <code>Rprofile.site</code>:
-cran.install=Para instalar o pacote, execute o seguinte comando:
-debian.registry=Configure este registro pela linha de comando:
-debian.registry.info=Escolha uma $distribution e um $component da lista abaixo:
-debian.install=Para instalar o pacote, execute o seguinte comando:
-debian.repository=Informações do repositório
-debian.repository.distributions=Distribuições
-debian.repository.components=Componentes
-debian.repository.architectures=Arquiteturas
-generic.download=Baixar pacote pela linha de comando:
-go.install=Instale o pacote usando o comando:
-helm.registry=Configurar este registro pela linha de comando:
-helm.install=Para instalar o pacote, execute o seguinte comando:
-maven.registry=Configure este registro no arquivo <code>pom.xml</code> do seu projeto:
-maven.install=Para usar o pacote inclua o seguinte no bloco de <code>dependencies</code> no arquivo <code>pom.xml</code>:
-maven.install2=Executar via linha de comando:
-maven.download=Para baixar a dependência, execute via linha de comando:
-nuget.registry=Configurar este registro pela linha de comando:
-nuget.install=Para instalar o pacote usando NuGet, execute o seguinte comando:
-nuget.dependency.framework=Estrutura Alvo
-npm.registry=Configure este registro no arquivo <code>.npmrc</code> do seu projeto:
-npm.install=Para instalar o pacote usando o npm, execute o seguinte comando:
-npm.install2=ou adicione-o ao arquivo package.json:
-npm.dependencies=Dependências
-npm.dependencies.development=Dependências de desenvolvimento
-npm.dependencies.peer=Dependências peer
-npm.dependencies.optional=Dependências opcionais
-npm.details.tag=Tag
-pub.install=Para instalar o pacote usando Dart, execute o seguinte comando:
-pypi.requires=Requer Python
-pypi.install=Para instalar o pacote usando pip, execute o seguinte comando:
-rpm.registry=Configure este registro pela linha de comando:
-rpm.distros.redhat=em distribuições baseadas no RedHat
-rpm.distros.suse=em distribuições baseadas no SUSE
-rpm.install=Para instalar o pacote, execute o seguinte comando:
-rpm.repository = Informações do repositório
-rpm.repository.architectures = Arquiteturas
-rubygems.install=Para instalar o pacote usando gem, execute o seguinte comando:
-rubygems.install2=ou adicione-o ao Gemfile:
-rubygems.dependencies.runtime=Dependências de tempo de execução
-rubygems.dependencies.development=Dependências de desenvolvimento
-rubygems.required.ruby=Requer o Ruby versão
-rubygems.required.rubygems=Requer o RubyGem versão
-swift.registry=Configure este registro pela linha de comando:
-swift.install=Adicione o pacote em seu arquivo <code>Package.swift</code>:
-swift.install2=e execute o seguinte comando:
-vagrant.install=Para adicionar uma Vagrant box, execute o seguinte comando:
-settings.link=Vincular este pacote a um repositório
-settings.link.description=Se você vincular um pacote a um repositório, o pacote será listado na lista de pacotes do repositório.
-settings.link.select=Selecionar repositório
-settings.link.button=Atualizar link do repositório
-settings.link.success=Link do repositório foi atualizado com sucesso.
-settings.link.error=Falha ao atualizar o link do repositório.
-settings.delete=Excluir o pacote
-settings.delete.description=A exclusão de um pacote é permanente e não pode ser desfeita.
-settings.delete.notice=Você está prestes a excluir %s (%s). Esta operação é irreversível, tem certeza?
-settings.delete.success=O pacote foi excluído.
-settings.delete.error=Falha ao excluir o pacote.
-owner.settings.cargo.title=Índice do registro Cargo
-owner.settings.cargo.initialize=Inicializar índice
-owner.settings.cargo.initialize.error=Falha ao inicializar índice Cargo: %v
-owner.settings.cargo.initialize.success=O índice Cargo foi criado com sucesso.
-owner.settings.cargo.rebuild=Reconstruir índice
-owner.settings.cargo.rebuild.error=Falha ao reconstruir índice Cargo: %v
-owner.settings.cargo.rebuild.success=O índice Cargo foi reconstruído com sucesso.
-owner.settings.cleanuprules.title=Regras de limpeza
-owner.settings.cleanuprules.add=Adicionar regra de limpeza
-owner.settings.cleanuprules.edit=Editar regra de limpeza
-owner.settings.cleanuprules.preview=Pré-visualizar regra de limpeza
-owner.settings.cleanuprules.preview.overview=%d pacotes agendados para serem removidos.
-owner.settings.cleanuprules.preview.none=A regra de limpeza não corresponde a nenhum pacote.
 owner.settings.cleanuprules.enabled=Habilitado
-owner.settings.cleanuprules.pattern_full_match=Aplicar padrão ao nome completo do pacote
-owner.settings.cleanuprules.keep.title=Versões que correspondem a estas regras são mantidas, mesmo se corresponderem a uma regra de remoção abaixo.
-owner.settings.cleanuprules.keep.count=Manter o mais recente
 owner.settings.cleanuprules.keep.count.1=1 versão por pacote
 owner.settings.cleanuprules.keep.count.n=%d versões por pacote
-owner.settings.cleanuprules.keep.pattern=Manter versões correspondentes
-owner.settings.cleanuprules.keep.pattern.container=A versão <code>latest</code> é sempre mantida para pacotes de Container.
-owner.settings.cleanuprules.remove.title=Versões que correspondem a essas regras são removidas, a menos que uma regra acima diga para mantê-las.
-owner.settings.cleanuprules.remove.days=Remover versões mais antigas que
-owner.settings.cleanuprules.remove.pattern=Remover versões correspondentes
-owner.settings.cleanuprules.success.update=Regra de limpeza foi atualizada.
-owner.settings.cleanuprules.success.delete=Regra de limpeza foi excluída.
-owner.settings.chef.title=Registro Chef
-owner.settings.chef.keypair=Gerar par de chaves
-rpm.repository.multiple_groups = Este pacote está disponível em vários grupos.
-npm.dependencies.bundle = Dependências em bundle
-registry.documentation = Para mais informações sobre o registro %s, veja <a target="_blank" rel="noopener noreferrer" href="%s">a documentação</a>.
-arch.version.replaces = Substitui
-arch.version.conflicts = Conflitos
-arch.version.properties = Propriedades da versão
-arch.version.description = Descrição
-arch.version.groups = Grupo
-arch.version.provides = Fornece
-arch.version.depends = Depende
-arch.version.optdepends = Depende opcionalmente
-arch.pacman.repo.multi.item = Configuração para %s
-arch.pacman.sync = Sincronizar pacote com o pacman:
-arch.pacman.repo.multi = %s possui a mesma versão em distribuições diferentes.
-arch.pacman.helper.gpg = Adicionar certificado de confiança para o pacman:
-arch.version.backup = Cópia de Segurança
-owner.settings.cleanuprules.none = Não há regras de limpeza ainda.
-owner.settings.cargo.rebuild.description = Reconstruir pode ser útil se o índice não estiver sincronizado com os pacotes do Cargo armazenados.
-owner.settings.cargo.rebuild.no_index = Não foi possível reconstruir, não há um índice inicializado.
-arch.pacman.conf = Adicione o servidor com a distribuição e arquitetura no arquivo <code>/etc/pacman.conf</code> :
-arch.version.makedepends = Dependências do make
-arch.version.checkdepends = Verificar dependências
-owner.settings.cargo.initialize.description = É necessário um repositório Git especial de índice para usar o registro Cargo. Usar esta opção irá (re-)criar o repositório e configurá-lo automaticamente.
-owner.settings.chef.keypair.description = Requisições enviadas ao registro Chef precisam ser criptograficamente assinadas como uma forma de autenticação. Ao gerar um par de chaves, somente a chave pública é armazenada no Forgejo. A chave privada é fornecida a você para ser usada com o knife. Gerar um novo par de chaves irá sobrescrever o anterior.
-container.images.title = Imagens
-search_in_external_registry = Buscar em %s
-alt.registry.install = Para instalar o pacote, execute o seguinte comando:
-alt.registry = Configurar este registro da linha de comando:
-alt.install = Instalar pacote
-alt.repository = Informação do repositório
-alt.repository.architectures = Arquiteturas
-alt.repository.multiple_groups = Este pacote está disponível em múltiplos grupos.
-alt.setup = Adicionar um repositório à lista de repositórios conectados (escolha a arquitetura necessária em vez de "_arch_"):
 
 [secrets]
 secrets=Segredos
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 044a07a7b7..754ce3483f 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -3533,183 +3533,11 @@ error.no_unit_allowed_repo=Não tem permissão para aceder a nenhuma parte deste
 error.unit_not_allowed=Não tem permissão para aceder a esta parte do repositório.
 
 [packages]
-title=Pacotes
 desc=Gerir pacotes do repositório.
-empty=Ainda não há pacotes.
-empty.documentation=Para obter mais informação sobre o registo de pacotes, veja <a target="_blank" rel="noopener noreferrer" href="%s">a documentação</a>.
-empty.repo=Carregou um pacote mas este não é apresentado aqui? Vá às <a href="%[1]s">configurações do pacote</a> e ligue-o a este repositório.
-registry.documentation=Para mais informação sobre o registo %s, veja <a target="_blank" rel="noopener noreferrer" href="%s">a documentação</a>.
-filter.type=Tipo
-filter.type.all=Todos
-filter.no_result=O seu filtro não produziu quaisquer resultados.
-filter.container.tagged=Com etiqueta
-filter.container.untagged=Sem etiqueta
-published_by=Publicado %[1]s por <a href="%[2]s">%[3]s</a>
-published_by_in=Publicado %[1]s por <a href="%[2]s">%[3]s</a> em <a href="%[4]s"><strong>%[5]s</strong></a>
-installation=Instalação
-about=Sobre este pacote
-requirements=Requisitos
-dependencies=Dependências
-keywords=Palavras-chave
-details=Detalhes
-details.author=Autor(a)
-details.project_site=Sítio web do projecto
-details.repository_site=Sítio web do repositório
-details.documentation_site=Sítio web da documentação
-details.license=Licença
-assets=Recursos
-versions=Versões
-versions.view_all=Ver todas
-dependency.id=ID
-dependency.version=Versão
-alpine.registry=Configure este registo adicionando o URL no seu ficheiro <code>/etc/apk/repositories</code>:
-alpine.registry.key=Descarregue a chave RSA pública do registo para dentro da pasta <code>/etc/apk/keys/</code> para verificar a assinatura do índice:
-alpine.registry.info=Escolha $branch e $repository da lista abaixo.
-alpine.install=Para instalar o pacote, execute o seguinte comando:
-alpine.repository=Informações do repositório
-alpine.repository.branches=Ramos
-alpine.repository.repositories=Repositórios
-alpine.repository.architectures=Arquitecturas
-cargo.registry=Configurar este registo no ficheiro de configuração do Cargo (por exemplo: <code>~/.cargo/config.toml</code>):
-cargo.install=Para instalar o pacote usando o Cargo, execute o seguinte comando:
-chef.registry=Configure este registo no seu ficheiro <code>~/.chef/config.rb</code>:
-chef.install=Para instalar o pacote, execute o seguinte comando:
-composer.registry=Configure este registo no seu ficheiro <code>~/.composer/config.json</code>:
-composer.install=Para instalar o pacote usando o Composer, execute o seguinte comando:
-composer.dependencies=Dependências
-composer.dependencies.development=Dependências de desenvolvimento
 conan.details.repository=Repositório
-conan.registry=Configurar este registo usando a linha de comandos:
-conan.install=Para instalar o pacote usando o Conan, execute o seguinte comando:
-conda.registry=Configure este registo como um repositório Conda no seu ficheiro <code>.condarc</code>:
-conda.install=Para instalar o pacote usando o Conda, execute o seguinte comando:
-container.details.type=Tipo de imagem
-container.details.platform=Plataforma
-container.pull=Puxar a imagem usando a linha de comandos:
-container.digest=Resumo
-container.multi_arch=S.O. / Arquit.
-container.layers=Camadas da imagem
-container.labels=Rótulos
-container.labels.key=Chave
-container.labels.value=Valor
-cran.registry=Configure este registo no seu ficheiro <code>Rprofile.site</code>:
-cran.install=Para instalar o pacote, execute o seguinte comando:
-debian.registry=Configurar este registo usando a linha de comandos:
-debian.registry.info=Escolha $distribution e $component da lista abaixo.
-debian.install=Para instalar o pacote, execute o seguinte comando:
-debian.repository=Informações do repositório
-debian.repository.distributions=Distribuições
-debian.repository.components=Componentes
-debian.repository.architectures=Arquitecturas
-generic.download=Descarregar pacote usando a linha de comandos:
-go.install=Instale o pacote a partir da linha de comandos:
-helm.registry=Configurar este registo usando a linha de comandos:
-helm.install=Para instalar o pacote, execute o seguinte comando:
-maven.registry=Configure este registo no seu ficheiro <code>pom.xml</code> do projecto:
-maven.install=Para usar este pacote, inclua no bloco <code>dependencies</code> do ficheiro <code>pom.xml</code> o seguinte:
-maven.install2=Executar usando a linha de comandos:
-maven.download=Para descarregar a dependência, execute na linha de comandos:
-nuget.registry=Configurar este registo usando a linha de comandos:
-nuget.install=Para instalar o pacote usando NuGet, execute o seguinte comando:
-nuget.dependency.framework=Estrutura alvo
-npm.registry=Configure este registo no seu ficheiro <code>.npmrc</code> do projecto:
-npm.install=Para instalar o pacote usando o npm, execute o seguinte comando:
-npm.install2=ou adicione-o ao ficheiro <code>package.json</code>:
-npm.dependencies=Dependências
-npm.dependencies.development=Dependências de desenvolvimento
-npm.dependencies.peer=Dependências de pares
-npm.dependencies.optional=Dependências opcionais
-npm.details.tag=Etiqueta
-pub.install=Para instalar o pacote usando o Dart, execute o seguinte comando:
-pypi.requires=Requer Python
-pypi.install=Para instalar o pacote usando o pip, execute o seguinte comando:
-rpm.registry=Configurar este registo usando a linha de comandos:
-rpm.distros.redhat=em distribuições baseadas no RedHat
-rpm.distros.suse=em distribuições baseadas no SUSE
-rpm.install=Para instalar o pacote, execute o seguinte comando:
-rpm.repository=Informações do repositório
-rpm.repository.architectures=Arquitecturas
-rpm.repository.multiple_groups=Este pacote está disponível em vários grupos.
-rubygems.install=Para instalar o pacote usando o gem, execute o seguinte comando:
-rubygems.install2=ou adicione-o ao ficheiro <code>Gemfile</code>:
-rubygems.dependencies.runtime=Dependências em tempo de execução
-rubygems.dependencies.development=Dependências de desenvolvimento
-rubygems.required.ruby=Requer a versão do Ruby
-rubygems.required.rubygems=Requer a versão do RubyGem
-swift.registry=Configurar este registo usando a linha de comandos:
-swift.install=Adicione o pacote no seu ficheiro <code>Package.swift</code>:
-swift.install2=e execute o seguinte comando:
-vagrant.install=Para adicionar uma máquina virtual Vagrant, execute o seguinte comando:
-settings.link=Vincular este pacote a um repositório
-settings.link.description=Se você vincular um pacote a um repositório, o pacote será listado na lista de pacotes do repositório.
-settings.link.select=Escolher repositório
-settings.link.button=Modificar vínculo ao repositório
-settings.link.success=O vínculo ao repositório foi modificado com sucesso.
-settings.link.error=Falhou a modificação do vínculo ao repositório.
-settings.delete=Eliminar pacote
-settings.delete.description=Eliminar o pacote é permanente e não pode ser desfeito.
-settings.delete.notice=Está prestes a eliminar %s (%s). Esta operação é irreversível. Tem a certeza?
-settings.delete.success=O pacote foi eliminado.
-settings.delete.error=Falhou a eliminação do pacote.
-owner.settings.cargo.title=Índice do registo do Cargo
-owner.settings.cargo.initialize=Inicializar índice
-owner.settings.cargo.initialize.description=É necessário um repositório Git de índice especial para usar o registo Cargo. Usar esta opção irá (re-)criar o repositório e configurá-lo automaticamente.
-owner.settings.cargo.initialize.error=Falhou ao inicializar o índice do Cargo: %v
-owner.settings.cargo.initialize.success=O índice do Cargo foi criado com sucesso.
-owner.settings.cargo.rebuild=Reconstruir índice
-owner.settings.cargo.rebuild.description=Reconstruir pode ser útil se o índice não estiver sincronizado com os pacotes de Cargo armazenados.
-owner.settings.cargo.rebuild.error=Falhou ao reconstruir o índice do Cargo: %v
-owner.settings.cargo.rebuild.success=O índice do Cargo foi reconstruído com sucesso.
-owner.settings.cleanuprules.title=Regras de limpeza
-owner.settings.cleanuprules.add=Adicionar regra de limpeza
-owner.settings.cleanuprules.edit=Editar regra de limpeza
-owner.settings.cleanuprules.none=Ainda não há quaisquer regras de limpeza.
-owner.settings.cleanuprules.preview=Previsão da regra de limpeza
-owner.settings.cleanuprules.preview.overview=%d pacotes estão agendados para serem removidos.
-owner.settings.cleanuprules.preview.none=A regra de limpeza não corresponde a nenhum pacote.
 owner.settings.cleanuprules.enabled=Habilitado
-owner.settings.cleanuprules.pattern_full_match=Aplicar o padrão ao nome completo do pacote
-owner.settings.cleanuprules.keep.title=As versões que correspondem a estas regras serão mantidas, mesmo que correspondam à regra de remoção abaixo.
-owner.settings.cleanuprules.keep.count=Manter a mais recente
 owner.settings.cleanuprules.keep.count.1=1 versão por pacote
 owner.settings.cleanuprules.keep.count.n=%d versões por pacote
-owner.settings.cleanuprules.keep.pattern=Manter as versões correspondentes
-owner.settings.cleanuprules.keep.pattern.container=A <code>última</code> versão será sempre mantida para pacotes de contentor.
-owner.settings.cleanuprules.remove.title=Versões que correspondam a estas regras serão removidos, a não ser que a regra acima diga para os manter.
-owner.settings.cleanuprules.remove.days=Remover versões mais antigas do que
-owner.settings.cleanuprules.remove.pattern=Remover as versões correspondentes
-owner.settings.cleanuprules.success.update=A regra de limpeza foi modificada.
-owner.settings.cleanuprules.success.delete=A regra de limpeza foi eliminada.
-owner.settings.chef.title=Registo do Chef
-owner.settings.chef.keypair=Gerar par de chaves
-owner.settings.chef.keypair.description=Os pedidos enviados para o registo do Chef têm de ser assinados criptograficamente como meio de autenticação. Ao gerar um par de chaves, apenas a chave pública é armazenada no Forgejo. A chave privada é-lhe fornecida para ser utilizada com o knife. A geração de um novo par de chaves substituirá o anterior.
-owner.settings.cargo.rebuild.no_index = Não foi possível reconstruir, não há um índice inicializado.
-npm.dependencies.bundle = Dependências agrupadas
-arch.pacman.repo.multi.item = Configurações para %s
-arch.pacman.sync = Sincronizar pacote com o pacman:
-arch.version.properties = Propriedades da versão
-arch.version.description = Descrição
-arch.version.provides = Fornece
-arch.pacman.helper.gpg = Adicionar certificado de confiança para o pacman:
-arch.pacman.conf = Adicionar servidor com distribuição e arquitectura relacionadas a <code>/etc/pacman.conf</code> :
-arch.pacman.repo.multi = %s tem a mesma versão em distribuições diferentes.
-arch.version.optdepends = Depende opcionalmente
-arch.version.depends = Depende de
-arch.version.makedepends = Dependências do make
-arch.version.groups = Grupo
-arch.version.checkdepends = Verificar dependências
-arch.version.conflicts = Conflitos
-arch.version.backup = Cópia de segurança
-arch.version.replaces = Substitui
-container.images.title = Imagens
-search_in_external_registry = Procurar em %s
-alt.registry = Configure este registo a partir da linha de comandos:
-alt.registry.install = Para instalar o pacote, execute o seguinte comando:
-alt.install = Instalar pacote
-alt.repository = Informação do repositório
-alt.repository.architectures = Arquiteturas
-alt.repository.multiple_groups = Este pacote está disponível em vários grupos.
-alt.setup = Adicionar um repositório à lista de repositórios ligados (escolha a arquitetura necessária em vez de "_arch_"):
 
 [secrets]
 secrets=Segredos
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index e880c0fa78..5d9eadf5d2 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -3545,183 +3545,11 @@ error.no_unit_allowed_repo=У вас нет доступа ни к одному
 error.unit_not_allowed=У вас нет доступа к этому разделу репозитория.
 
 [packages]
-title=Пакеты
 desc=Управление пакетами репозитория.
-empty=Пока нет пакетов.
-empty.documentation=Дополнительную информацию о реестре пакетов можно найти в <a target="_blank" rel="noopener noreferrer" href="%s">документации</a>.
-empty.repo=Вы загрузили пакет, но он здесь не отображается? Перейдите в <a href="%[1]s">настройки пакета</a> и свяжите его с этим репозиторием.
-registry.documentation=Для получения дополнительной информации о реестре %s смотрите <a target="_blank" rel="noopener noreferrer" href="%s">документацию</a>.
-filter.type=Тип
-filter.type.all=Все
-filter.no_result=Фильтр не дал результатов.
-filter.container.tagged=С тегом
-filter.container.untagged=Без тегов
-published_by=Опубликовано %[1]s <a href="%[2]s">%[3]s</a>
-published_by_in=Опубликовано %[1]s <a href="%[2]s">%[3]s</a> в <a href="%[4]s"><strong>%[5]s</strong></a>
-installation=Установка
-about=Об этом пакете
-requirements=Требования
-dependencies=Зависимости
-keywords=Ключевые слова
-details=Сведения
-details.author=Автор
-details.project_site=Веб-сайт проекта
-details.repository_site=Веб-сайт репозитория
-details.documentation_site=Веб-сайт документации
-details.license=Лицензия
-assets=Объекты
-versions=Версии
-versions.view_all=Показать всё
-dependency.id=ID
-dependency.version=Версия
-alpine.registry=Настройте этот реестр, добавив URL в файл <code>/etc/apk/repositories</code>:
-alpine.registry.key=Загрузите публичный ключ RSA реестра в каталог <code>/etc/apk/keys/</code> для проверки подписи индекса:
-alpine.registry.info=Выберите $branch и $repository из списка ниже.
-alpine.install=Для установки пакета выполните следующую команду:
-alpine.repository=О репозитории
-alpine.repository.branches=Ветви
-alpine.repository.repositories=Репозитории
-alpine.repository.architectures=Архитектуры
-cargo.registry=Настройте этот реестр в файле конфигурации Cargo (например, <code>~/.cargo/config.toml</code>):
-cargo.install=Чтобы установить пакет с помощью Cargo, выполните следующую команду:
-chef.registry=Настройте этот реестр в своём файле <code>~/.chef/config.rb</code>:
-chef.install=Для установки пакета выполните следующую команду:
-composer.registry=Настройте этот реестр в файле <code>~/.composer/config.json</code>:
-composer.install=Чтобы установить пакет с помощью Composer, выполните следующую команду:
-composer.dependencies=Зависимости
-composer.dependencies.development=Зависимости для разработки
 conan.details.repository=Репозиторий
-conan.registry=Добавьте реестр командой:
-conan.install=Чтобы установить пакет с помощью Conan, выполните следующую команду:
-conda.registry=Пропишите этот реестр в качестве репозитория Conda в своём файле <code>.condarc</code>:
-conda.install=Чтобы установить пакет с помощью Conda, выполните следующую команду:
-container.details.type=Тип образа
-container.details.platform=Платформа
-container.pull=Загрузите образ из командной строки:
-container.digest=Отпечаток
-container.multi_arch=ОС / архитектура
-container.layers=Слои образа
-container.labels=Метки
-container.labels.key=Ключ
-container.labels.value=Значение
-cran.registry=Настройте этот реестр в файле <code>Rprofile.site</code>:
-cran.install=Для установки пакета выполните следующую команду:
-debian.registry=Добавьте реестр командой:
-debian.registry.info=Выберите $distribution и $component из списка ниже.
-debian.install=Для установки пакета выполните следующую команду:
-debian.repository=О репозитории
-debian.repository.distributions=Дистрибутивы
-debian.repository.components=Компоненты
-debian.repository.architectures=Архитектуры
-generic.download=Скачать пакет из командной строки:
-go.install=Установите пакет из командной строки:
-helm.registry=Добавьте реестр командой:
-helm.install=Для установки пакета выполните следующую команду:
-maven.registry=Настройте реестр в файле <code>pom.xml</code> вашего проекта:
-maven.install=Чтобы использовать пакет, включите в блок <code>dependencies</code> в файле <code>pom.xml</code> следующее:
-maven.install2=Выполнить через командную строку:
-maven.download=Чтобы скачать зависимость, запустите в командной строке:
-nuget.registry=Добавьте реестр командой:
-nuget.install=Чтобы установить пакет с помощью NuGet, выполните следующую команду:
-nuget.dependency.framework=Целевой фреймворк
-npm.registry=Настройте реестр в файле <code>.npmrc</code> вашего проекта:
-npm.install=Чтобы установить пакет с помощью npm, выполните следующую команду:
-npm.install2=или добавьте его в файл package.json:
-npm.dependencies=Зависимости
-npm.dependencies.development=Зависимости для разработки
-npm.dependencies.peer=Одноранговые зависимости
-npm.dependencies.optional=Необязательные зависимости
-npm.details.tag=Тег
-pub.install=Чтобы установить пакет с помощью Dart, выполните следующую команду:
-pypi.requires=Требуется Python
-pypi.install=Чтобы установить пакет с помощью pip, выполните следующую команду:
-rpm.registry=Добавьте реестр командой:
-rpm.distros.redhat=на дистрибутивах семейства RedHat
-rpm.distros.suse=на дистрибутивах семейства SUSE
-rpm.install=Для установки пакета выполните следующую команду:
-rpm.repository = О репозитории
-rpm.repository.architectures = Архитектуры
-rubygems.install=Чтобы установить пакет с помощью gem, выполните следующую команду:
-rubygems.install2=или добавьте его в Gemfile:
-rubygems.dependencies.runtime=Зависимости времени выполнения
-rubygems.dependencies.development=Зависимости для разработки
-rubygems.required.ruby=Требуется версия Ruby
-rubygems.required.rubygems=Требуется версия RubyGem
-swift.registry=Добавьте реестр командой:
-swift.install=Добавьте пакет в свой файл <code>Package.swift</code>:
-swift.install2=и запустите следующую команду:
-vagrant.install=Чтобы добавить бокс Vagrant, выполните следующую команду:
-settings.link=Связать этот пакет с репозиторием
-settings.link.description=Если связать пакет с репозиторием, он добавится в список пакетов репозитория.
-settings.link.select=Выберите репозиторий
-settings.link.button=Обновить ссылку на репозиторий
-settings.link.success=Связь с репозиторием успешно обновлена.
-settings.link.error=Не удалось обновить привязку к репозиторию.
-settings.delete=Удалить пакет
-settings.delete.description=Удаление пакета необратимо и не может быть отменено.
-settings.delete.notice=Вы собираетесь удалить %s (%s). Эта операция необратима, вы уверены?
-settings.delete.success=Пакет удалён.
-settings.delete.error=Не удалось удалить пакет.
-owner.settings.cargo.title=Индекс реестра Cargo
-owner.settings.cargo.initialize=Инициализировать индекс
-owner.settings.cargo.initialize.description=Для использования реестра Cargo необходим специальный Git-репозиторий с индексом. Эта опция (пере)создаст репозиторий и настроит его автоматически.
-owner.settings.cargo.initialize.error=Не удалось инициализировать индекс Cargo: %v
-owner.settings.cargo.initialize.success=Индекс Cargo успешно создан.
-owner.settings.cargo.rebuild=Перестроить индекс
-owner.settings.cargo.rebuild.error=Не удалось перестроить индекс Cargo: %v
-owner.settings.cargo.rebuild.success=Индекс Cargo был перестроен успешно.
-owner.settings.cleanuprules.title=Правила очистки
-owner.settings.cleanuprules.add=Добавить правило очистки
-owner.settings.cleanuprules.edit=Изменить правило очистки
-owner.settings.cleanuprules.preview=Предпросмотр правила очистки
-owner.settings.cleanuprules.preview.overview=Планируется удалить %d пакетов.
-owner.settings.cleanuprules.preview.none=Правило очистки не соответствует ни одному пакету.
 owner.settings.cleanuprules.enabled=Включено
-owner.settings.cleanuprules.pattern_full_match=Применить шаблон к полному имени пакета
-owner.settings.cleanuprules.keep.title=Версии, соответствующие этим правилам, сохраняются, даже если они соответствуют приведённому ниже правилу удаления.
-owner.settings.cleanuprules.keep.count=Оставить последние
 owner.settings.cleanuprules.keep.count.1=1 версию на пакет
 owner.settings.cleanuprules.keep.count.n=%d версий на пакет
-owner.settings.cleanuprules.keep.pattern=Сохранять версии, совпадающие с
-owner.settings.cleanuprules.keep.pattern.container=Версия <code>latest</code> всегда сохраняется для пакетов контейнера.
-owner.settings.cleanuprules.remove.title=Версии, соответствующие этим правилам, удаляются, если правило выше не требует хранить их.
-owner.settings.cleanuprules.remove.days=Удалять версии старше, чем
-owner.settings.cleanuprules.remove.pattern=Удалять версии, совпадающие с
-owner.settings.cleanuprules.success.update=Правило очистки обновлено.
-owner.settings.cleanuprules.success.delete=Правило очистки удалено.
-owner.settings.chef.title=Реестр Chef
-owner.settings.chef.keypair=Создать пару ключей
-owner.settings.cleanuprules.none = Правил очистки пока нет.
-owner.settings.cargo.rebuild.description = Пересборка может быть полезна в случае, если индекс не синхронизирован с хранящимися пакетами Cargo.
-rpm.repository.multiple_groups = Этот пакет доступен в нескольких группах.
-owner.settings.chef.keypair.description = Запросы к реестру Chef заверяются криптографическими подписями для аутентификации. При создании пары ключей только публичный ключ сохраняется в базе Forgejo. Закрытый ключ, который вы получите, будет использоваться knife. Создание новой пары ключей удалит старую.
-owner.settings.cargo.rebuild.no_index = Невозможно выполнить пересборку. Нет инициализированного индекса.
-npm.dependencies.bundle = Комплектные зависимости
-arch.pacman.conf = Добавьте адрес с необходимым дистрибутивом и архитектурой в <code>/etc/pacman.conf</code>:
-arch.pacman.helper.gpg = Добавьте сертификат доверия в pacman:
-arch.pacman.repo.multi.item = Конфигурация %s
-arch.pacman.sync = Синхронизируйте пакет в pacman:
-arch.version.properties = Свойства версии
-arch.version.description = Описание
-arch.version.provides = Предоставляет
-arch.version.groups = Группа
-arch.version.depends = Зависит от
-arch.version.optdepends = Опциональные зависимости
-arch.pacman.repo.multi = У %s имеется одна и та же версия в разных дистрибутивах.
-arch.version.makedepends = Сборочные зависимости
-arch.version.replaces = Заменяет
-arch.version.backup = Рез. копия
-arch.version.conflicts = Конфликтует с
-arch.version.checkdepends = Проверочные зависимости
-container.images.title = Образы
-search_in_external_registry = Найти в %s
-alt.repository = О репозитории
-alt.repository.architectures = Архитектуры
-alt.registry = Добавьте реестр командой:
-alt.repository.multiple_groups = Этот пакет доступен в нескольких группах.
-alt.setup = Добавьте репозиторий в свой список репозиториев (выберите подходящую архитектуру вместо «_arch_»):
-alt.install = Установка пакета
-alt.registry.install = Для установки пакета выполните следующую команду:
 
 [secrets]
 secrets=Секреты
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index 8ad4571000..e9c7b0cb0e 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -2411,9 +2411,6 @@ no_read=කියවූ දැනුම්දීම් නැත.
 [units]
 
 [packages]
-filter.type=වර්ගය
-alpine.repository.branches=ශාඛා
-alpine.repository.repositories=කෝෂ්ඨ
 conan.details.repository=කෝෂ්ඨය
 owner.settings.cleanuprules.enabled=සබල කර ඇත
 
diff --git a/options/locale/locale_sk-SK.ini b/options/locale/locale_sk-SK.ini
index 3022570254..64476156d0 100644
--- a/options/locale/locale_sk-SK.ini
+++ b/options/locale/locale_sk-SK.ini
@@ -1393,9 +1393,7 @@ error.not_signed_commit=Nie je podpísaný commit
 [units]
 
 [packages]
-alpine.repository.repositories=Repozitáre
 conan.details.repository=Repozitár
-container.labels=Štítky
 owner.settings.cleanuprules.enabled=Povolené
 
 [secrets]
diff --git a/options/locale/locale_sl.ini b/options/locale/locale_sl.ini
index f90a20391d..48402a2d56 100644
--- a/options/locale/locale_sl.ini
+++ b/options/locale/locale_sl.ini
@@ -639,7 +639,6 @@ follow_blocked_user = Temu uporabniku ne morete slediti, ker ste ga blokirali al
 code = Koda
 
 [packages]
-owner.settings.chef.keypair.description = Za preverjanje pristnosti v registru Chef je potreben par ključev. Če ste par ključev ustvarili že prej, se pri ustvarjanju novega para ključev stari par ključev zavrže.
 
 [actions]
 runners.runner_manage_panel = Upravljanje tekačev
\ No newline at end of file
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 31c113b5d9..e916fc401a 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -3519,182 +3519,10 @@ error.unit_not_allowed=Du har inte åtkomst till denna del av utvecklingskatalog
 unit = Enhet
 
 [packages]
-filter.type=Typ
-alpine.repository.branches=Brancher
-alpine.repository.repositories=Utvecklingskataloger
 conan.details.repository=Utvecklingskatalog
 owner.settings.cleanuprules.enabled=Aktiv
-title = Paket
-filter.type.all = Alla
-installation = Installation
-requirements = Krav
-dependencies = Beroenden
-details = Detaljer
-details.license = Licens
-versions = Versioner
-dependency.id = ID
-dependency.version = Version
-alpine.repository.architectures = Arkitekturer
-composer.dependencies = Beroenden
-container.details.platform = Plattform
-container.labels = Etiketter
-container.labels.key = Nyckel
-container.labels.value = Värde
-debian.repository.components = Komponenter
-debian.repository.architectures = Arkitekturer
-npm.dependencies = Beroenden
-npm.details.tag = Tagg
-rpm.repository.architectures = Arkitekturer
-arch.version.description = Beskrivning
-arch.version.groups = Grupp
-arch.version.conflicts = Konflikter
-arch.version.replaces = Ersätter
-container.images.title = Bilder
-alt.repository.architectures = Arkitekturer
-versions.view_all = Visa alla
-container.details.type = Bildtyp
-container.layers = Bildlager
-pypi.requires = Kräver Python
-settings.delete = Ta bort paket
-empty = Det finns inga paket ännu.
-empty.documentation = För mer information om paketregistret, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
-empty.repo = Laddade du upp ett paket men det visas inte här? Gå till <a href="%[1]s">paketinställningar</a> och länka det till detta kodförråd.
-registry.documentation = För mer information om %s-registret, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
-filter.no_result = Ditt filter gav inga resultat.
-filter.container.tagged = Taggad
-filter.container.untagged = Otaggad
-published_by = Publicerad %[1]s av <a href="%[2]s">%[3]s</a>
-published_by_in = Publicerad %[1]s av <a href="%[2]s">%[3]s</a> i <a href="%[4]s"><strong>%[5]s</strong></a>
-about = Om detta paket
-keywords = Nyckelord
-details.author = Författare
-details.project_site = Projektwebbplats
-details.repository_site = Kodförrådswebbplats
-details.documentation_site = Dokumentationswebbplats
-assets = Assets
-search_in_external_registry = Sök i %s
-alpine.registry = Konfigurera detta register genom att lägga till URL:en i din <code>/etc/apk/repositories</code>-fil:
-alpine.registry.key = Ladda ner registrets offentliga RSA-nyckel till <code>/etc/apk/keys/</code>-mappen för att verifiera indexsignaturen:
-alpine.registry.info = Välj $gren och $kodförråd från listan nedan.
-alpine.install = För att installera paketet, kör följande kommando:
-alpine.repository = Kodförrådsinfo
-arch.pacman.helper.gpg = Lägg till förtroendecertifikat för pacman:
-arch.pacman.repo.multi = %s har samma version i olika distributioner.
-arch.pacman.repo.multi.item = Konfiguration för %s
-arch.pacman.conf = Lägg till server med relaterad distribution och arkitektur till <code>/etc/pacman.conf</code>:
-arch.pacman.sync = Synkronisera paket med pacman:
-arch.version.properties = Versionsegenskaper
-arch.version.provides = Tillhandahåller
-arch.version.depends = Beroenden
-arch.version.optdepends = Valfria beroenden
-arch.version.makedepends = Byggberoenden
-arch.version.checkdepends = Kontrollberoenden
-arch.version.backup = Säkerhetskopia
-cargo.registry = Konfigurera detta register i Cargo-konfigurationsfilen (till exempel <code>~/.cargo/config.toml</code>):
-cargo.install = För att installera paketet med Cargo, kör följande kommando:
-chef.registry = Konfigurera detta register i din <code>~/.chef/config.rb</code>-fil:
-chef.install = För att installera paketet, kör följande kommando:
-composer.registry = Konfigurera detta register i din <code>~/.composer/config.json</code>-fil:
-composer.install = För att installera paketet med Composer, kör följande kommando:
-composer.dependencies.development = Utvecklingsberoenden
-conan.registry = Konfigurera detta register från kommandoraden:
-conan.install = För att installera paketet med Conan, kör följande kommando:
-conda.registry = Konfigurera detta register som ett Conda-kodförråd i din <code>.condarc</code>-fil:
-conda.install = För att installera paketet med Conda, kör följande kommando:
-container.pull = Hämta bilden från kommandoraden:
-container.digest = Digest
-container.multi_arch = OS / Arch
-cran.registry = Konfigurera detta register i din <code>Rprofile.site</code>-fil:
-cran.install = För att installera paketet, kör följande kommando:
-debian.registry = Konfigurera detta register från kommandoraden:
-debian.registry.info = Välj $distribution och $component från listan nedan.
-debian.install = För att installera paketet, kör följande kommando:
-debian.repository = Kodförrådsinfo
-debian.repository.distributions = Distributioner
-generic.download = Ladda ner paket från kommandoraden:
-go.install = Installera paketet från kommandoraden:
-helm.registry = Konfigurera detta register från kommandoraden:
-helm.install = För att installera paketet, kör följande kommando:
-maven.registry = Konfigurera detta register i ditt projekts <code>pom.xml</code>-fil:
-maven.install = För att använda paketet, inkludera följande i <code>dependencies</code>-blocket i <code>pom.xml</code>-filen:
-maven.install2 = Kör via kommandoraden:
-maven.download = För att ladda ner beroendet, kör via kommandoraden:
-nuget.registry = Konfigurera detta register från kommandoraden:
-nuget.install = För att installera paketet med NuGet, kör följande kommando:
-nuget.dependency.framework = Målramverk
-npm.registry = Konfigurera detta register i ditt projekts <code>.npmrc</code>-fil:
-npm.install = För att installera paketet med npm, kör följande kommando:
-npm.install2 = eller lägg till det i package.json-filen:
-npm.dependencies.development = Utvecklingsberoenden
-npm.dependencies.bundle = Buntade beroenden
-npm.dependencies.peer = Peer-beroenden
-npm.dependencies.optional = Valfria beroenden
-pub.install = För att installera paketet med Dart, kör följande kommando:
-pypi.install = För att installera paketet med pip, kör följande kommando:
-rpm.registry = Konfigurera detta register från kommandoraden:
-rpm.distros.redhat = på RedHat-baserade distributioner
-rpm.distros.suse = på SUSE-baserade distributioner
-rpm.install = För att installera paketet, kör följande kommando:
-rpm.repository = Kodförrådsinfo
-rpm.repository.multiple_groups = Detta paket är tillgängligt i flera grupper.
-alt.registry = Konfigurera detta register från kommandoraden:
-alt.registry.install = För att installera paketet, kör följande kommando:
-alt.install = Installera paket
-alt.setup = Lägg till ett kodförråd i listan över anslutna kodförråd (välj nödvändig arkitektur istället för "_arch_"):
-alt.repository = Kodförrådsinfo
-alt.repository.multiple_groups = Detta paket är tillgängligt i flera grupper.
-rubygems.install = För att installera paketet med gem, kör följande kommando:
-rubygems.install2 = eller lägg till det i Gemfile:
-rubygems.dependencies.runtime = Körtidsberoenden
-rubygems.dependencies.development = Utvecklingsberoenden
-rubygems.required.ruby = Kräver Ruby-version
-rubygems.required.rubygems = Kräver RubyGem-version
-swift.registry = Konfigurera detta register från kommandoraden:
-swift.install = Lägg till paketet i din <code>Package.swift</code>-fil:
-swift.install2 = och kör följande kommando:
-vagrant.install = För att lägga till en Vagrant-box, kör följande kommando:
-settings.link = Länka detta paket till ett kodförråd
-settings.link.description = Om du länkar ett paket med ett kodförråd, listas paketet i kodförrådets paketlista.
-settings.link.select = Välj kodförråd
-settings.link.button = Uppdatera kodförrådslänk
-settings.link.success = Kodförrådslänken uppdaterades framgångsrikt.
-settings.link.error = Misslyckades med att uppdatera kodförrådslänken.
-settings.delete.description = Borttagning av ett paket är permanent och kan inte ångras.
-settings.delete.notice = Du är på väg att ta bort %s (%s). Denna åtgärd är oåterkallelig, är du säker?
-settings.delete.success = Paketet har tagits bort.
-settings.delete.error = Misslyckades med att ta bort paketet.
-owner.settings.cargo.title = Cargo-registerindex
-owner.settings.cargo.initialize = Initiera index
-owner.settings.cargo.initialize.description = En särskild index-Git-kodförråd behövs för att använda Cargo-registret. Att använda detta alternativ kommer att (åter)skapa kodförrådet och konfigurera den automatiskt.
-owner.settings.cargo.initialize.error = Misslyckades med att initiera Cargo-index: %v
-owner.settings.cargo.initialize.success = Cargo-indexet skapades framgångsrikt.
-owner.settings.cargo.rebuild = Bygg om index
-owner.settings.cargo.rebuild.description = Ombyggnad kan vara användbart om indexet inte är synkroniserat med de lagrade Cargo-paketen.
-owner.settings.cargo.rebuild.error = Misslyckades med att bygga om Cargo-index: %v
-owner.settings.cargo.rebuild.success = Cargo-indexet byggdes om framgångsrikt.
-owner.settings.cargo.rebuild.no_index = Det går inte att bygga om, inget index är initierat.
-owner.settings.cleanuprules.title = Städregler
-owner.settings.cleanuprules.add = Lägg till städregel
-owner.settings.cleanuprules.edit = Redigera städregel
-owner.settings.cleanuprules.none = Det finns inga städregler ännu.
-owner.settings.cleanuprules.preview = Förhandsgranskning av städregel
-owner.settings.cleanuprules.preview.overview = %d paket är planerade att tas bort.
-owner.settings.cleanuprules.preview.none = Städregeln matchar inga paket.
-owner.settings.cleanuprules.pattern_full_match = Tillämpa mönster på fullständigt paketnamn
-owner.settings.cleanuprules.keep.title = Versioner som matchar dessa regler behålls, även om de matchar en borttagningsregel nedan.
-owner.settings.cleanuprules.keep.count = Behåll de senaste
 owner.settings.cleanuprules.keep.count.1 = 1 version per paket
 owner.settings.cleanuprules.keep.count.n = %d versioner per paket
-owner.settings.cleanuprules.keep.pattern = Behåll versioner som matchar
-owner.settings.cleanuprules.keep.pattern.container = Versionen <code>latest</code> behålls alltid för Container-paket.
-owner.settings.cleanuprules.remove.title = Versioner som matchar dessa regler tas bort, om inte en regel ovan säger att de ska behållas.
-owner.settings.cleanuprules.remove.days = Ta bort versioner äldre än
-owner.settings.cleanuprules.remove.pattern = Ta bort versioner som matchar
-owner.settings.cleanuprules.success.update = Städregeln har uppdaterats.
-owner.settings.cleanuprules.success.delete = Städregeln har tagits bort.
-owner.settings.chef.title = Chef-register
-owner.settings.chef.keypair = Generera nyckelpar
-owner.settings.chef.keypair.description = Förfrågningar som skickas till Chef-registret måste vara kryptografiskt signerade som en autentiseringsmetod. När ett nyckelpar genereras lagras endast den offentliga nyckeln på Forgejo. Den privata nyckeln tillhandahålls till dig för användning med knife. Att generera ett nytt nyckelpar kommer att skriva över det tidigare.
 
 [secrets]
 secrets = Hemligheter
diff --git a/options/locale/locale_ta.ini b/options/locale/locale_ta.ini
index 38c7584a65..c76bd2ffd4 100644
--- a/options/locale/locale_ta.ini
+++ b/options/locale/locale_ta.ini
@@ -1,6 +1,3 @@
-
-
-
 [common]
 home = வீடு
 dashboard = முகப்புப்பெட்டி
@@ -3383,180 +3380,8 @@ unit = அலகு
 error.no_unit_allowed_repo = இந்தக் களஞ்சியத்தின் எந்தப் பகுதியையும் அணுக உங்களுக்கு இசைவு இல்லை.
 
 [packages]
-title = தொகுப்பு
-empty = இதுவரை தொகுப்புகள் எதுவும் இல்லை.
-empty.documentation = தொகுப்பு பதிவேட்டில் மேலும் தகவலுக்கு, <a target="_blank" rel="noopener noreferrer" href="%s">ஆவணங்கள்</a> பார்க்கவும்.
-empty.repo = நீங்கள் ஒரு தொகுப்பைப் பதிவேற்றினீர்களா, ஆனால் அது இங்கே காட்டப்படவில்லையா? <a href="%[1]s">தொகுப்பு அமைப்புகளுக்குச்</a> சென்று இந்த ரெப்போவுடன் இணைக்கவும்.
-registry.documentation = %s பதிவேட்டில் மேலும் தகவலுக்கு, <a target="_blank" rel="noopener noreferrer" href="%s">ஆவணத்தை</a> பார்க்கவும்.
-filter.type = வகை
-filter.type.all = அனைத்தும்
-filter.no_result = உங்கள் வடிகட்டி எந்த முடிவையும் தரவில்லை.
-filter.container.tagged = குறியிடப்பட்டது
-filter.container.untagged = குறியிடப்படாதது
-published_by = %[1]s <a href="%[2]s">%[3]s</a> ஆல் வெளியிடப்பட்டது
-published_by_in = <a href="%[2]s">%[3]s</a> மூலம் %[1]s வெளியிடப்பட்டது <a href="%[4]s"><strong>%[5]s</strong></a>
-installation = நிறுவல்
-about = இந்த தொகுப்பு பற்றி
-requirements = தேவைகள்
-dependencies = சார்புநிலைகள்
-keywords = முக்கிய வார்த்தைகள்
-details = விவரங்கள்
-details.author = நூலாசிரியர்
-details.project_site = திட்ட இணையதளம்
-details.repository_site = களஞ்சிய இணையதளம்
-details.documentation_site = ஆவண இணையதளம்
-details.license = உரிமம்
-assets = சொத்துக்கள்
-versions = பதிப்புகள்
-versions.view_all = அனைத்தையும் பார்க்கவும்
-dependency.id = ஐடி
-dependency.version = பதிப்பு
-search_in_external_registry = %s இல் தேடவும்
-alpine.registry = உங்கள் <code>/etc/apk/repositories</code> கோப்பில் urlஐச் சேர்ப்பதன் மூலம் இந்தப் பதிவேட்டை அமைக்கவும்:
-alpine.registry.key = குறியீட்டு கையொப்பத்தைச் சரிபார்க்க, <code>/etc/apk/keys/</code> கோப்புறையில் பொது RSA விசையைப் பதிவிறக்கவும்:
-alpine.registry.info = கீழே உள்ள பட்டியலில் இருந்து $கிளை மற்றும் $ களஞ்சியத்தைத் தேர்ந்தெடுக்கவும்.
-alpine.install = தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-alpine.repository = களஞ்சிய செய்தி
-alpine.repository.branches = கிளைகள்
-alpine.repository.repositories = களஞ்சியங்கள்
-alpine.repository.architectures = கட்டமைப்புகள்
-arch.pacman.helper.gpg = பேக்மேனுக்கான நம்பிக்கைச் சான்றிதழைச் சேர்க்கவும்:
-arch.pacman.repo.multi = வெவ்வேறு விநியோகங்களில் %s ஒரே பதிப்பைக் கொண்டுள்ளது.
-arch.pacman.repo.multi.item = %s க்கான கட்டமைப்பு
-arch.pacman.conf = <code>/etc/pacman.conf</code> இல் தொடர்புடைய வழங்கல் மற்றும் கட்டமைப்புடன் சேவையகத்தைச் சேர்க்கவும்:
-arch.pacman.sync = பேக்மேனுடன் தொகுப்பை ஒத்திசைக்கவும்:
-arch.version.properties = பதிப்பு பண்புகள்
-arch.version.description = விவரம்
-arch.version.provides = வழங்குகிறது
-arch.version.groups = குழு
-arch.version.depends = சார்ந்துள்ளது
-arch.version.optdepends = விருப்பம் சார்ந்தது
-arch.version.makedepends = செய்வது சார்ந்தது
-arch.version.checkdepends = காசோலை சார்ந்தது
-arch.version.conflicts = மோதல்கள்
-arch.version.replaces = மாற்றுகிறது
-arch.version.backup = காப்புப்பிரதி
-cargo.registry = சரக்கு உள்ளமைவு கோப்பில் இந்தப் பதிவேட்டை அமைக்கவும் (உதாரணமாக <code>~/.cargo/config.toml</code>):
-cargo.install = கார்கோவைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-chef.registry = இந்தப் பதிவேட்டை உங்கள் <code>~/.chef/config.rb</code> கோப்பில் அமைக்கவும்:
-chef.install = தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-composer.registry = இந்தப் பதிவேட்டை உங்கள் <code>~/.composer/config.json</code> கோப்பில் அமைக்கவும்:
-composer.install = கம்போசரைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-composer.dependencies = சார்புநிலைகள்
-composer.dependencies.development = வளர்ச்சி சார்புகள்
-conan.registry = கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:
-conan.install = கோனனைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-conda.registry = இந்த பதிவேட்டை உங்கள் <code>.condarc</code> கோப்பில் கோண்டா களஞ்சியமாக அமைக்கவும்:
-conda.install = கோண்டாவைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-container.images.title = படங்கள்
-container.details.type = பட வகை
-container.details.platform = மேடை
-container.pull = கட்டளை வரியிலிருந்து படத்தை இழுக்கவும்:
-container.digest = செரிமானம்
-container.multi_arch = OS / ஆர்ச்
-container.layers = பட அடுக்குகள்
-container.labels = சிட்டைகள்
-container.labels.key = முக்கிய
-container.labels.value = மதிப்பு
-cran.registry = இந்த பதிவேட்டை உங்கள் <code>Rprofile.site</code> கோப்பில் அமைக்கவும்:
-cran.install = தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-debian.registry = கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:
-debian.registry.info = கீழே உள்ள பட்டியலில் இருந்து $distribution மற்றும் $component என்பதைத் தேர்ந்தெடுக்கவும்.
-debian.install = தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-debian.repository = களஞ்சிய செய்தி
-debian.repository.distributions = விநியோகங்கள்
-debian.repository.components = கூறுகள்
-debian.repository.architectures = கட்டமைப்புகள்
-generic.download = கட்டளை வரியிலிருந்து தொகுப்பைப் பதிவிறக்கவும்:
-go.install = கட்டளை வரியிலிருந்து தொகுப்பை நிறுவவும்:
-helm.registry = கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:
-helm.install = தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-maven.registry = இந்தப் பதிவேட்டை உங்கள் திட்டப்பணி <code>pom.xml</code> கோப்பில் அமைக்கவும்:
-maven.install = தொகுப்பைப் பயன்படுத்த, <code>pom.xml</code> கோப்பில் உள்ள <code>சார்புகள்</code> தொகுதியில் பின்வருவனவற்றைச் சேர்க்கவும்:
-maven.install2 = கட்டளை வரி வழியாக இயக்கவும்:
-maven.download = சார்புநிலையைப் பதிவிறக்க, கட்டளை வரி வழியாக இயக்கவும்:
-nuget.registry = கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:
-nuget.install = NuGet ஐப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-nuget.dependency.framework = இலக்கு கட்டமைப்பு
-npm.registry = இந்தப் பதிவேட்டை உங்கள் திட்டப்பணி <code>.npmrc</code> கோப்பில் அமைக்கவும்:
-npm.install = npm ஐப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-npm.install2 = அல்லது pack.json கோப்பில் சேர்க்கவும்:
-npm.dependencies = சார்புநிலைகள்
-npm.dependencies.development = வளர்ச்சி சார்புகள்
-npm.dependencies.bundle = தொகுக்கப்பட்ட சார்புகள்
-npm.dependencies.peer = தம சார்புகள்
-npm.dependencies.optional = விருப்ப சார்புகள்
-npm.details.tag = குறிச்சொல்
-pub.install = டார்ட்டைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-pypi.requires = பைதான் தேவை
-pypi.install = பிப்பைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-rpm.registry = கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:
-rpm.distros.redhat = RedHat அடிப்படையிலான விநியோகங்களில்
-rpm.distros.suse = SUSE அடிப்படையிலான விநியோகங்களில்
-rpm.install = தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-rpm.repository = களஞ்சிய செய்தி
-rpm.repository.architectures = கட்டமைப்புகள்
-rpm.repository.multiple_groups = இந்த தொகுப்பு பல குழுக்களில் கிடைக்கிறது.
-alt.registry = கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:
-alt.registry.install = தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-alt.install = தொகுப்பை நிறுவவும்
-alt.setup = இணைக்கப்பட்ட களஞ்சியங்களின் பட்டியலில் ஒரு களஞ்சியத்தைச் சேர்க்கவும் ("_arch_"க்குப் பதிலாக தேவையான கட்டமைப்பைத் தேர்வு செய்யவும்):
-alt.repository = களஞ்சிய செய்தி
-alt.repository.architectures = கட்டமைப்புகள்
-alt.repository.multiple_groups = இந்த தொகுப்பு பல குழுக்களில் கிடைக்கிறது.
-rubygems.install = செம் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:
-rubygems.install2 = அல்லது செம்ஃபைலில் சேர்க்கவும்:
-rubygems.dependencies.runtime = இயக்க நேர சார்புகள்
-rubygems.dependencies.development = வளர்ச்சி சார்புகள்
-rubygems.required.ruby = ரூபி பதிப்பு தேவை
-rubygems.required.rubygems = ரூபிசெம் பதிப்பு தேவை
-swift.registry = கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:
-swift.install = உங்கள் <code>Package.swift</code> கோப்பில் தொகுப்பைச் சேர்க்கவும்:
-swift.install2 = மற்றும் பின்வரும் கட்டளையை இயக்கவும்:
-vagrant.install = அலைபாயும் பெட்டியைச் சேர்க்க, பின்வரும் கட்டளையை இயக்கவும்:
-settings.link = இந்த தொகுப்பை ஒரு களஞ்சியத்துடன் இணைக்கவும்
-settings.link.description = நீங்கள் ஒரு தொகுப்பை ஒரு களஞ்சியத்துடன் இணைத்தால், தொகுப்பு களஞ்சியத்தின் தொகுப்பு பட்டியலில் பட்டியலிடப்படும்.
-settings.link.select = களஞ்சியத்தைத் தேர்ந்தெடுக்கவும்
-settings.link.button = களஞ்சிய இணைப்பைப் புதுப்பிக்கவும்
-settings.link.success = களஞ்சிய இணைப்பு வெற்றிகரமாக புதுப்பிக்கப்பட்டது.
-settings.link.error = களஞ்சிய இணைப்பைப் புதுப்பிக்க முடியவில்லை.
-settings.delete = தொகுப்பை நீக்கு
-settings.delete.description = தொகுப்பை நீக்குவது நிரந்தரமானது மற்றும் செயல்தவிர்க்க முடியாது.
-settings.delete.notice = நீங்கள் %s (%s) ஐ நீக்க உள்ளீர்கள். இந்த செயல்பாடு மீள முடியாதது, நீங்கள் உறுதியாக இருக்கிறீர்களா?
-settings.delete.success = தொகுப்பு நீக்கப்பட்டது.
-settings.delete.error = தொகுப்பை நீக்க முடியவில்லை.
-owner.settings.cargo.title = சரக்கு பதிவு அட்டவணை
-owner.settings.cargo.initialize = குறியீட்டை துவக்கவும்
-owner.settings.cargo.initialize.description = சரக்கு பதிவேட்டைப் பயன்படுத்த ஒரு சிறப்பு குறியீட்டு Git களஞ்சியம் தேவை. இந்த விருப்பத்தை பயன்படுத்தி (மீண்டும்) களஞ்சியத்தை உருவாக்கி, தானாகவே கட்டமைக்கும்.
-owner.settings.cargo.initialize.error = சரக்கு குறியீட்டை துவக்குவதில் தோல்வி: %v
-owner.settings.cargo.initialize.success = சரக்கு குறியீடு வெற்றிகரமாக உருவாக்கப்பட்டது.
-owner.settings.cargo.rebuild = குறியீட்டை மீண்டும் உருவாக்கவும்
-owner.settings.cargo.rebuild.description = சேமிக்கப்பட்ட சரக்கு தொகுப்புகளுடன் குறியீட்டு ஒத்திசைக்கப்படாவிட்டால், மறுகட்டமைப்பு பயனுள்ளதாக இருக்கும்.
-owner.settings.cargo.rebuild.error = சரக்கு குறியீட்டை மீண்டும் உருவாக்க முடியவில்லை: %v
-owner.settings.cargo.rebuild.success = சரக்கு குறியீடு வெற்றிகரமாக மறுகட்டமைக்கப்பட்டது.
-owner.settings.cargo.rebuild.no_index = மறுகட்டமைக்க முடியாது, எந்த குறியீடும் துவக்கப்படவில்லை.
-owner.settings.cleanuprules.title = துப்புரவு விதிகள்
-owner.settings.cleanuprules.add = தூய்மைப்படுத்தும் விதியைச் சேர்க்கவும்
-owner.settings.cleanuprules.edit = தூய்மைப்படுத்தும் விதியைத் திருத்தவும்
-owner.settings.cleanuprules.none = துப்புரவு விதிகள் எதுவும் இல்லை.
-owner.settings.cleanuprules.preview = துப்புரவு விதி மாதிரிக்காட்சி
-owner.settings.cleanuprules.preview.overview = %d தொகுப்புகள் அகற்றப்பட திட்டமிடப்பட்டுள்ளன.
-owner.settings.cleanuprules.preview.none = துப்புரவு விதி எந்த தொகுப்புகளுடனும் பொருந்தவில்லை.
-owner.settings.cleanuprules.pattern_full_match = முழு பேக்கேச் பெயருக்கு பேட்டர்னைப் பயன்படுத்தவும்
-owner.settings.cleanuprules.keep.title = கீழே உள்ள அகற்றுதல் விதியுடன் பொருந்தினாலும், இந்த விதிகளுடன் பொருந்தக்கூடிய பதிப்புகள் வைக்கப்படும்.
-owner.settings.cleanuprules.keep.count = மிகச் சமீபத்தியதை வைத்திருங்கள்
 owner.settings.cleanuprules.keep.count.1 = ஒரு தொகுப்புக்கு 1 பதிப்பு
 owner.settings.cleanuprules.keep.count.n = ஒரு தொகுப்பிற்கு %d பதிப்புகள்
-owner.settings.cleanuprules.keep.pattern = பதிப்புகள் பொருத்தமாக இருக்கவும்
-owner.settings.cleanuprules.keep.pattern.container = <code>சமீபத்திய</code> பதிப்பு எப்போதும் கொள்கலன் தொகுப்புகளுக்காக வைக்கப்படும்.
-owner.settings.cleanuprules.remove.title = இந்த விதிகளுடன் பொருந்தக்கூடிய பதிப்புகள் அகற்றப்படும், மேலே உள்ள விதி அவற்றை வைத்திருக்கும் வரை.
-owner.settings.cleanuprules.remove.days = பழைய பதிப்புகளை அகற்று
-owner.settings.cleanuprules.remove.pattern = பொருந்தக்கூடிய பதிப்புகளை அகற்று
-owner.settings.cleanuprules.success.update = துப்புரவு விதி புதுப்பிக்கப்பட்டது.
-owner.settings.cleanuprules.success.delete = துப்புரவு விதி நீக்கப்பட்டது.
-owner.settings.chef.title = சமையல்காரர் பதிவு
-owner.settings.chef.keypair = முக்கிய சோடியை உருவாக்கவும்
-owner.settings.chef.keypair.description = செஃப் ரெசிச்ட்ரிக்கு அனுப்பப்படும் கோரிக்கைகள் கிரிப்டோகிராஃபிக் முறையில் கையொப்பமிடப்பட வேண்டும். விசைப்பலகையை உருவாக்கும் போது, பொது விசை மட்டுமே Forgejo இல் சேமிக்கப்படும். கத்தியுடன் பயன்படுத்த தனிப்பட்ட விசை உங்களுக்கு வழங்கப்படுகிறது. புதிய விசை இணையை உருவாக்குவது முந்தையதை மேலெழுதும்.
 
 [secrets]
 secrets = இரகசியங்கள்
diff --git a/options/locale/locale_th.ini b/options/locale/locale_th.ini
index 49bbae934b..19b0370f28 100644
--- a/options/locale/locale_th.ini
+++ b/options/locale/locale_th.ini
@@ -1,6 +1,3 @@
-
-
-
 [common]
 home = หน้าแรก
 explore = สำรวจ
@@ -3383,180 +3380,8 @@ unit = หน่วย
 error.no_unit_allowed_repo = คุณไม่ได้รับอนุญาตให้เข้าถึงส่วนใด ๆ ของที่เก็บนี้
 
 [packages]
-title = แพ็คเกจ
-empty = ยังไม่มีแพ็คเกจ
-empty.documentation = สำหรับข้อมูลเพิ่มเติมเกี่ยวกับรีจิสทรีแพ็คเกจ โปรดดู <a target="_blank" rel="noopener noreferrer" href="%s">เอกสารประกอบ</a>
-empty.repo = คุณอัปโหลดแพ็คเกจแล้ว แต่ไม่แสดงที่นี่? ไปที่ <a href="%[1]s">การตั้งค่าแพ็คเกจ</a> และเชื่อมโยงกับที่เก็บนี้
-registry.documentation = สำหรับข้อมูลเพิ่มเติมเกี่ยวกับรีจิสทรี %s โปรดดู <a target="_blank" rel="noopener noreferrer" href="%s">เอกสารประกอบ</a>
-filter.type = ประเภท
-filter.type.all = ทั้งหมด
-filter.no_result = ตัวกรองของคุณไม่ให้ผลลัพธ์
-filter.container.tagged = ติดแท็ก
-filter.container.untagged = ไม่ได้ติดแท็ก
-published_by = เผยแพร่ %[1]s โดย <a href="%[2]s">%[3]s</a>
-published_by_in = เผยแพร่ %[1]s โดย <a href="%[2]s">%[3]s</a> ใน <a href="%[4]s"><strong>%[5]s</strong></a>
-installation = การติดตั้ง
-about = เกี่ยวกับแพ็คเกจนี้
-requirements = ข้อกำหนด
-dependencies = การพึ่งพา
-keywords = คำสำคัญ
-details = รายละเอียด
-details.author = ผู้เขียน
-details.project_site = เว็บไซต์โปรเจกต์
-details.repository_site = เว็บไซต์ที่เก็บ
-details.documentation_site = เว็บไซต์เอกสารประกอบ
-details.license = ใบอนุญาต
-assets = สินทรัพย์
-versions = เวอร์ชัน
-versions.view_all = ดูทั้งหมด
-dependency.id = ID
-dependency.version = เวอร์ชัน
-search_in_external_registry = ค้นหาใน %s
-alpine.registry = ตั้งค่ารีจิสทรีนี้โดยเพิ่ม url ในไฟล์ <code>/etc/apk/repositories</code> ของคุณ:
-alpine.registry.key = ดาวน์โหลดคีย์ RSA สาธารณะของรีจิสทรีลงในโฟลเดอร์ <code>/etc/apk/keys/</code> เพื่อตรวจสอบลายเซ็นดัชนี:
-alpine.registry.info = เลือก $branch และ $repository จากรายการด้านล่าง
-alpine.install = หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:
-alpine.repository = ข้อมูลที่เก็บ
-alpine.repository.branches = สาขา
-alpine.repository.repositories = ที่เก็บ
-alpine.repository.architectures = สถาปัตยกรรม
-arch.pacman.helper.gpg = เพิ่มใบรับรองความน่าเชื่อถือสำหรับ pacman:
-arch.pacman.repo.multi = %s มีเวอร์ชันเดียวกันในการแจกจ่ายที่แตกต่างกัน
-arch.pacman.repo.multi.item = การกำหนดค่าสำหรับ %s
-arch.pacman.conf = เพิ่มเซิร์ฟเวอร์พร้อมการแจกจ่ายและสถาปัตยกรรมที่เกี่ยวข้องไปยัง <code>/etc/pacman.conf</code>:
-arch.pacman.sync = ซิงค์แพ็คเกจกับ pacman:
-arch.version.properties = คุณสมบัติเวอร์ชัน
-arch.version.description = คำอธิบาย
-arch.version.provides = ให้
-arch.version.groups = กลุ่ม
-arch.version.depends = ขึ้นอยู่กับ
-arch.version.optdepends = การพึ่งพาเพิ่มเติม
-arch.version.makedepends = การพึ่งพาการสร้าง
-arch.version.checkdepends = การพึ่งพาการตรวจสอบ
-arch.version.conflicts = ขัดแย้ง
-arch.version.replaces = แทนที่
-arch.version.backup = สำรอง
-cargo.registry = ตั้งค่ารีจิสทรีนี้ในไฟล์การกำหนดค่า Cargo (เช่น <code>~/.cargo/config.toml</code>):
-cargo.install = หากต้องการติดตั้งแพ็คเกจโดยใช้ Cargo ให้เรียกใช้คำสั่งต่อไปนี้:
-chef.registry = ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>~/.chef/config.rb</code> ของคุณ:
-chef.install = หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:
-composer.registry = ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>~/.composer/config.json</code> ของคุณ:
-composer.install = หากต้องการติดตั้งแพ็คเกจโดยใช้ Composer ให้เรียกใช้คำสั่งต่อไปนี้:
-composer.dependencies = การพึ่งพา
-composer.dependencies.development = การพึ่งพาการพัฒนา
-conan.registry = ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:
-conan.install = หากต้องการติดตั้งแพ็คเกจโดยใช้ Conan ให้เรียกใช้คำสั่งต่อไปนี้:
-conda.registry = ตั้งค่ารีจิสทรีนี้เป็นที่เก็บ Conda ในไฟล์ <code>.condarc</code> ของคุณ:
-conda.install = หากต้องการติดตั้งแพ็คเกจโดยใช้ Conda ให้เรียกใช้คำสั่งต่อไปนี้:
-container.images.title = รูปภาพ
-container.details.type = ประเภทรูปภาพ
-container.details.platform = แพลตฟอร์ม
-container.pull = ดึงรูปภาพจากบรรทัดคำสั่ง:
-container.digest = ไดเจสต์
-container.multi_arch = OS / สถาปัตยกรรม
-container.layers = เลเยอร์รูปภาพ
-container.labels = ป้ายกำกับ
-container.labels.key = คีย์
-container.labels.value = ค่า
-cran.registry = ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>Rprofile.site</code> ของคุณ:
-cran.install = หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:
-debian.registry = ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:
-debian.registry.info = เลือก $distribution และ $component จากรายการด้านล่าง
-debian.install = หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:
-debian.repository = ข้อมูลที่เก็บ
-debian.repository.distributions = การแจกจ่าย
-debian.repository.components = ส่วนประกอบ
-debian.repository.architectures = สถาปัตยกรรม
-generic.download = ดาวน์โหลดแพ็คเกจจากบรรทัดคำสั่ง:
-go.install = ติดตั้งแพ็คเกจจากบรรทัดคำสั่ง:
-helm.registry = ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:
-helm.install = หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:
-maven.registry = ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>pom.xml</code> ของโปรเจกต์ของคุณ:
-maven.install = หากต้องการใช้แพ็คเกจ ให้รวมสิ่งต่อไปนี้ในบล็อก <code>dependencies</code> ในไฟล์ <code>pom.xml</code>:
-maven.install2 = เรียกใช้ผ่านบรรทัดคำสั่ง:
-maven.download = หากต้องการดาวน์โหลดการพึ่งพา ให้เรียกใช้ผ่านบรรทัดคำสั่ง:
-nuget.registry = ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:
-nuget.install = หากต้องการติดตั้งแพ็คเกจโดยใช้ NuGet ให้เรียกใช้คำสั่งต่อไปนี้:
-nuget.dependency.framework = เฟรมเวิร์กเป้าหมาย
-npm.registry = ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>.npmrc</code> ของโปรเจกต์ของคุณ:
-npm.install = หากต้องการติดตั้งแพ็คเกจโดยใช้ npm ให้เรียกใช้คำสั่งต่อไปนี้:
-npm.install2 = หรือเพิ่มลงในไฟล์ package.json:
-npm.dependencies = การพึ่งพา
-npm.dependencies.development = การพึ่งพาการพัฒนา
-npm.dependencies.bundle = การพึ่งพาที่รวมอยู่
-npm.dependencies.peer = การพึ่งพาแบบเพียร์
-npm.dependencies.optional = การพึ่งพาเพิ่มเติม
-npm.details.tag = แท็ก
-pub.install = หากต้องการติดตั้งแพ็คเกจโดยใช้ Dart ให้เรียกใช้คำสั่งต่อไปนี้:
-pypi.requires = ต้องใช้ Python
-pypi.install = หากต้องการติดตั้งแพ็คเกจโดยใช้ pip ให้เรียกใช้คำสั่งต่อไปนี้:
-rpm.registry = ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:
-rpm.distros.redhat = บนการแจกจ่ายที่ใช้ RedHat
-rpm.distros.suse = บนการแจกจ่ายที่ใช้ SUSE
-rpm.install = หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:
-rpm.repository = ข้อมูลที่เก็บ
-rpm.repository.architectures = สถาปัตยกรรม
-rpm.repository.multiple_groups = แพ็คเกจนี้มีอยู่ในหลายกลุ่ม
-alt.registry = ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:
-alt.registry.install = หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:
-alt.install = ติดตั้งแพ็คเกจ
-alt.setup = เพิ่มที่เก็บไปยังรายการที่เก็บที่เชื่อมต่อ ((เลือกสถาปัตยกรรมที่จำเป็นแทน "_arch_")
-alt.repository = ข้อมูลที่เก็บ
-alt.repository.architectures = สถาปัตยกรรม
-alt.repository.multiple_groups = แพ็คเกจนี้มีอยู่ในหลายกลุ่ม
-rubygems.install = หากต้องการติดตั้งแพ็คเกจโดยใช้ gem ให้เรียกใช้คำสั่งต่อไปนี้:
-rubygems.install2 = หรือเพิ่มลงใน Gemfile:
-rubygems.dependencies.runtime = การพึ่งพาขณะทำงาน
-rubygems.dependencies.development = การพึ่งพาการพัฒนา
-rubygems.required.ruby = ต้องการ Ruby เวอร์ชัน
-rubygems.required.rubygems = ต้องการ RubyGem เวอร์ชัน
-swift.registry = ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:
-swift.install = เพิ่มแพ็คเกจในไฟล์ <code>Package.swift</code> ของคุณ:
-swift.install2 = และเรียกใช้คำสั่งต่อไปนี้:
-vagrant.install = หากต้องการเพิ่ม Vagrant box ให้เรียกใช้คำสั่งต่อไปนี้:
-settings.link = เชื่อมโยงแพ็คเกจนี้กับที่เก็บ
-settings.link.description = หากคุณเชื่อมโยงแพ็คเกจกับที่เก็บ แพ็คเกจจะแสดงอยู่ในรายการแพ็คเกจของที่เก็บ
-settings.link.select = เลือกที่เก็บ
-settings.link.button = อัปเดตการเชื่อมโยงที่เก็บ
-settings.link.success = อัปเดตการเชื่อมโยงที่เก็บสำเร็จแล้ว
-settings.link.error = ไม่สามารถอัปเดตการเชื่อมโยงที่เก็บได้
-settings.delete = ลบแพ็คเกจ
-settings.delete.description = การลบแพ็คเกจเป็นการกระทำถาวรและไม่สามารถยกเลิกได้
-settings.delete.notice = คุณกำลังจะลบ %s (%s) การดำเนินการนี้ไม่สามารถย้อนกลับได้ คุณแน่ใจหรือไม่?
-settings.delete.success = แพ็คเกจถูกลบแล้ว
-settings.delete.error = ไม่สามารถลบแพ็คเกจได้
-owner.settings.cargo.title = ดัชนีรีจิสทรี Cargo
-owner.settings.cargo.initialize = เริ่มต้นดัชนี
-owner.settings.cargo.initialize.description = จำเป็นต้องมีที่เก็บ Git ดัชนีพิเศษเพื่อใช้รีจิสทรี Cargo การใช้ตัวเลือกนี้จะ (สร้างใหม่) ที่เก็บและกำหนดค่าโดยอัตโนมัติ
-owner.settings.cargo.initialize.error = ไม่สามารถเริ่มต้นดัชนี Cargo: %v
-owner.settings.cargo.initialize.success = สร้างดัชนี Cargo สำเร็จแล้ว
-owner.settings.cargo.rebuild = สร้างดัชนีใหม่
-owner.settings.cargo.rebuild.description = การสร้างใหม่จะมีประโยชน์หากดัชนีไม่ซิงโครไนซ์กับแพ็คเกจ Cargo ที่เก็บไว้
-owner.settings.cargo.rebuild.error = ไม่สามารถสร้างดัชนี Cargo ใหม่: %v
-owner.settings.cargo.rebuild.success = สร้างดัชนี Cargo ใหม่สำเร็จแล้ว
-owner.settings.cargo.rebuild.no_index = ไม่สามารถสร้างใหม่ได้ ไม่มีดัชนีที่เริ่มต้น
-owner.settings.cleanuprules.title = กฎการล้างข้อมูล
-owner.settings.cleanuprules.add = เพิ่มกฎการล้างข้อมูล
-owner.settings.cleanuprules.edit = แก้ไขกฎการล้างข้อมูล
-owner.settings.cleanuprules.none = ยังไม่มีกฎการล้างข้อมูล
-owner.settings.cleanuprules.preview = ตัวอย่างกฎการล้างข้อมูล
-owner.settings.cleanuprules.preview.overview = มี %d แพ็คเกจที่กำหนดให้ลบ
-owner.settings.cleanuprules.preview.none = กฎการล้างข้อมูลไม่ตรงกับแพ็คเกจใด ๆ
-owner.settings.cleanuprules.pattern_full_match = ใช้รูปแบบกับชื่อแพ็คเกจเต็ม
-owner.settings.cleanuprules.keep.title = เวอร์ชันที่ตรงกับกฎเหล่านี้จะถูกเก็บไว้ แม้ว่าจะตรงกับกฎการลบด้านล่างก็ตาม
-owner.settings.cleanuprules.keep.count = เก็บเวอร์ชันล่าสุด
 owner.settings.cleanuprules.keep.count.1 = 1 เวอร์ชันต่อแพ็คเกจ
 owner.settings.cleanuprules.keep.count.n = %d เวอร์ชันต่อแพ็คเกจ
-owner.settings.cleanuprules.keep.pattern = เก็บเวอร์ชันที่ตรงกัน
-owner.settings.cleanuprules.keep.pattern.container = เวอร์ชัน <code>latest</code> จะถูกเก็บไว้เสมอสำหรับแพ็คเกจ Container
-owner.settings.cleanuprules.remove.title = เวอร์ชันที่ตรงกับกฎเหล่านี้จะถูกลบออก เว้นแต่กฎด้านบนจะระบุให้เก็บไว้
-owner.settings.cleanuprules.remove.days = ลบเวอร์ชันที่เก่ากว่า
-owner.settings.cleanuprules.remove.pattern = ลบเวอร์ชันที่ตรงกัน
-owner.settings.cleanuprules.success.update = อัปเดตกฎการล้างข้อมูลแล้ว
-owner.settings.cleanuprules.success.delete = ลบกฎการล้างข้อมูลแล้ว
-owner.settings.chef.title = รีจิสทรี Chef
-owner.settings.chef.keypair = สร้างคู่คีย์
-owner.settings.chef.keypair.description = คำขอที่ส่งไปยังรีจิสทรี Chef จะต้องได้รับการลงนามด้วยการเข้ารหัสเพื่อเป็นการยืนยันตัวตน เมื่อสร้างคู่คีย์ จะมีเพียงคีย์สาธารณะเท่านั้นที่ถูกเก็บไว้ใน Forgejo คีย์ส่วนตัวจะถูกมอบให้คุณเพื่อใช้กับ knife การสร้างคู่คีย์ใหม่จะเขียนทับคู่คีย์ก่อนหน้า
 
 [secrets]
 secrets = ข้อมูลลับ
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index fff9ff800e..65293727b5 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -3447,158 +3447,11 @@ error.no_unit_allowed_repo=Bu deponun hiçbir bölümüne erişme izniniz yok.
 error.unit_not_allowed=Bu depo bölümüne erişme izniniz yok.
 
 [packages]
-title=Paketler
 desc=Depo paketlerini yönet.
-empty=Henüz hiçbir paket yok.
-empty.documentation=Paket deposu hakkında daha fazla bilgi için, <a target="_blank" rel="noopener noreferrer" href="%s">belgeye</a> bakabilirsiniz.
-empty.repo=Bir paket yüklediniz ama burada gösterilmiyor mu? <a href="%[1]s">Paket ayarları</a>na gidin ve bu depoya bağlantı verin.
-registry.documentation=%s kütüğü hakkında daha fazla bilgi için, <a target="_blank" rel="noopener noreferrer" href="%s">belgeye</a> bakabilirsiniz.
-filter.type=Tür
-filter.type.all=Tümü
-filter.no_result=Filtreniz herhangi bir sonuç döndürmedi.
-filter.container.tagged=Etiketlenmiş
-filter.container.untagged=Etiketlenmemiş
-published_by=%[1]s, <a href="%[2]s">%[3]s</a> tarafından yayınlandı
-published_by_in=%[1]s, <a href="%[2]s">%[3]s</a> tarafından <a href="%[4]s"><strong>%[5]s</strong></a> içerisinde yayınlanmış
-installation=Kurulum
-about=Bu paket hakkında
-requirements=Gereksinimler
-dependencies=Bağımlılıklar
-keywords=Anahtar Kelimeler
-details=Ayrıntılar
-details.author=Yazar
-details.project_site=Proje Web Sitesi
-details.repository_site=Depo Sitesi
-details.documentation_site=Belge Sitesi
-details.license=Lisans
-assets=Varlıklar
-versions=Sürümler
-versions.view_all=Tümünü görüntüle
-dependency.id=Kimlik
-dependency.version=Sürüm
-alpine.registry=Bu kütüğü, <code>/etc/apk/repositories</code> dosyanıza url'yi ekleyerek kurun:
-alpine.registry.key=Kütüğün açık RSA anahtarını, indeks imzasını doğrulamak için <code>/etc/apk/keys/</code> dizinine indirin:
-alpine.registry.info=Aşağıdaki listeden $branch ve $repository seçin.
-alpine.install=Paketi kurmak için, aşağıdaki komutu çalıştırın:
-alpine.repository=Depo Bilgisi
-alpine.repository.branches=Dallar
-alpine.repository.repositories=Depolar
-alpine.repository.architectures=Mimariler
-cargo.registry=Bu kütüğü Cargo yapılandırma dosyasına (örneğin <code>~/.cargo/config.toml</code>) ayarlayın:
-cargo.install=Paketi Cargo kullanarak kurmak için, şu komutu çalıştırın:
-chef.registry=Bu kütüğü <code>~/.chef/config.rb</code> dosyasında ayarlayın:
-chef.install=Paketi kurmak için, aşağıdaki komutu çalıştırın:
-composer.registry=Bu kütüğü <code>~/.composer/config.json</code> dosyasında ayarlayın:
-composer.install=Paketi Composer ile kurmak için, şu komutu çalıştırın:
-composer.dependencies=Bağımlılıklar
-composer.dependencies.development=Geliştirme Bağımlılıkları
 conan.details.repository=Depo
-conan.registry=Bu kütüğü komut satırını kullanarak kurun:
-conan.install=Conan ile paket kurmak için aşağıdaki komutu çalıştırın:
-conda.registry=Bu kütüğü <code>.condarc</code> dosyasında bir Conda deposu olarak ayarlayın:
-conda.install=Conda ile paket kurmak için aşağıdaki komutu çalıştırın:
-container.details.type=Görüntü Türü
-container.details.platform=Platform
-container.pull=Görüntüyü komut satırını kullanarak çekin:
-container.digest=Özet:
-container.multi_arch=İşletim Sistemi / Mimari
-container.layers=Görüntü Katmanları
-container.labels=Etiketler
-container.labels.key=Anahtar
-container.labels.value=Değer
-cran.registry=Bu kütüğü <code>Rprofile.site</code> dosyasında ayarlayın:
-cran.install=Paketi kurmak için, aşağıdaki komutu çalıştırın:
-debian.registry=Bu kütüğü komut satırını kullanarak kurun:
-debian.registry.info=Aşağıdaki listeden $distribution ve $component seçin.
-debian.install=Paketi kurmak için, aşağıdaki komutu çalıştırın:
-debian.repository=Depo Bilgisi
-debian.repository.distributions=Dağıtımlar
-debian.repository.components=Bileşenler
-debian.repository.architectures=Mimariler
-generic.download=Paketi komut satırında indirin:
-go.install=Paketi komut satırını kullanarak yükleyin:
-helm.registry=Bu kütüğü komut satırını kullanarak kurun:
-helm.install=Paketi kurmak için, aşağıdaki komutu çalıştırın:
-maven.registry=Bu kütüğü projenizdeki <code>pom.xml</code> dosyasında ayarlayın:
-maven.install=Paketi kullanmak için aşağıdaki <code>dependencies</code> parçasını <code>pom.xml</code> dosyasınıza ekleyin:
-maven.install2=Komut satırında çalıştırın:
-maven.download=Bağımlılığı indirmek için, komut satırında çalıştırın:
-nuget.registry=Bu kütüğü komut satırını kullanarak kurun:
-nuget.install=Paketi NuGet ile kurmak için, şu komutu çalıştırın:
-nuget.dependency.framework=Hedef Çerçeve
-npm.registry=Bu kütüğü projenizdeki <code>.npmrc</code> dosyasında ayarlayın:
-npm.install=Paketi npm ile kurmak için, şu komutu çalıştırın:
-npm.install2=veya paketi package.json dosyasına ekleyin:
-npm.dependencies=Bağımlılıklar
-npm.dependencies.development=Geliştirme Bağımlılıkları
-npm.dependencies.peer=Eş Bağımlılıkları
-npm.dependencies.optional=İsteğe Bağlı Bağımlılıklar
-npm.details.tag=Etiket
-pub.install=Paketi Dart ile kurmak için, şu komutu çalıştırın:
-pypi.requires=Gereken Python
-pypi.install=Paketi pip ile kurmak için, şu komutu çalıştırın:
-rpm.registry=Bu kütüğü komut satırını kullanarak kurun:
-rpm.distros.redhat=RedHat tabanlı dağıtımlarda
-rpm.distros.suse=SUSE tabanlı dağıtımlarda
-rpm.install=Paketi kurmak için, aşağıdaki komutu çalıştırın:
-rpm.repository=Depo Bilgisi
-rpm.repository.architectures=Mimariler
-rubygems.install=Paketi gem ile kurmak için, şu komutu çalıştırın:
-rubygems.install2=veya paketi Gemfile dosyasına ekleyin:
-rubygems.dependencies.runtime=Çalışma Zamanı Bağımlılıkları
-rubygems.dependencies.development=Geliştirme Bağımlılıkları
-rubygems.required.ruby=Gereken Ruby sürümü
-rubygems.required.rubygems=Gereken RubyGem sürümü
-swift.registry=Bu kütüğü komut satırını kullanarak kurun:
-swift.install=Paketi <code>Package.swift</code> dosyanıza ekleyin:
-swift.install2=ve şu komutu çalıştırın:
-vagrant.install=Vagrant paketi eklemek için aşağıdaki komutu çalıştırın:
-settings.link=Bu paketi bir depoya bağlayın
-settings.link.description=Eğer bir paketi bir depoya bağlarsanız, paket deponun paket listesinde listelenecektir.
-settings.link.select=Depo Seç
-settings.link.button=Depo Bağlantısını Güncelle
-settings.link.success=Depo bağlantısı başarıyla güncellendi.
-settings.link.error=Depo bağlantısı güncellenemedi.
-settings.delete=Paket Sil
-settings.delete.description=Bir paketi silmek kalıcıdır ve geri alınamaz.
-settings.delete.notice=%s (%s) paketini silmek üzeresiniz. Bu işlem geri alınamaz, emin misiniz?
-settings.delete.success=Paket silindi.
-settings.delete.error=Paket silinemedi.
-owner.settings.cargo.title=Cargo Kayıt Dizini
-owner.settings.cargo.initialize=Dizini İlkle
-owner.settings.cargo.initialize.description=Cargo kütüğünü kullanmak için özel bir Git depo indeksi gerekiyor. Bu seçeneği kullanmak depoyu (yeniden) oluşturacak ve otomatik olarak yapılandıracaktır.
-owner.settings.cargo.initialize.error=Cargo dizini oluşturma başarısız oldu: %v
-owner.settings.cargo.initialize.success=Cargo dizini başarıyla oluşturuldu.
-owner.settings.cargo.rebuild=Dizini yeniden oluştur
-owner.settings.cargo.rebuild.description=İndeks, depolanmış Cargo paketleriyle eşzamanlanmamışsa yeniden oluşturma yararlı olabilir.
-owner.settings.cargo.rebuild.error=Cargo dizinini yeniden oluşturma başarısız oldu: %v
-owner.settings.cargo.rebuild.success=Cargo dizini başarıyla yeniden oluşturuldu.
-owner.settings.cleanuprules.title=Temizleme Kurallarını Yönet
-owner.settings.cleanuprules.add=Temizleme Kuralı Ekle
-owner.settings.cleanuprules.edit=Temizleme Kuralı Düzenle
-owner.settings.cleanuprules.none=Temizleme kuralı yok. Lütfen belgelere danışın.
-owner.settings.cleanuprules.preview=Temizleme Kuralı Önizleme
-owner.settings.cleanuprules.preview.overview=%d paketin kaldırılması planlandı.
-owner.settings.cleanuprules.preview.none=Temizleme kuralı herhangi bir paketle eşleşmiyor.
 owner.settings.cleanuprules.enabled=Aktifleştirilmiş
-owner.settings.cleanuprules.pattern_full_match=Deseni tüm paket adına uygula
-owner.settings.cleanuprules.keep.title=Bu kurallara uyan sürümler, aşağıdaki bir temizleme kuralıyla eşleşseler bile saklanır.
-owner.settings.cleanuprules.keep.count=En sonuncuyu sakla
 owner.settings.cleanuprules.keep.count.1=Paket başına 1 sürüm
 owner.settings.cleanuprules.keep.count.n=Paket başına %d sürüm
-owner.settings.cleanuprules.keep.pattern=Eşleşen sürümleri sakla
-owner.settings.cleanuprules.keep.pattern.container=Container paketlerinde <code>en son</code> (latest) sürüm her zaman saklanır.
-owner.settings.cleanuprules.remove.title=Bu kurallara uyan sürümlar, yukarıdaki bir saklama kuralıyla eşleşmiyorlarsa kaldırılırlar.
-owner.settings.cleanuprules.remove.days=Şundan eski sürümleri kaldır
-owner.settings.cleanuprules.remove.pattern=Eşleşen sürümlari kaldır
-owner.settings.cleanuprules.success.update=Temizleme kuralı güncellendi.
-owner.settings.cleanuprules.success.delete=Temizleme kuralı silindi.
-owner.settings.chef.title=Chef deposu
-owner.settings.chef.keypair=Anahtar çifti üret
-owner.settings.chef.keypair.description=Chef kayıt defterine gönderilen istekler kimlik doğrulama yöntemi olarak kriptografik olarak imzalanmalıdır. Bir anahtar çifti oluştururken, yalnızca genel anahtar Forgejo'da saklanır. Özel anahtar size knife ile kullanılmak üzere sağlanır. Yeni bir anahtar çifti oluşturmak öncekini geçersiz kılar.
-
-npm.dependencies.bundle = Paketlenmiş Bağımlılıklar
-rpm.repository.multiple_groups = Bu paket birçok grupta mevcut.
 
 [secrets]
 secrets=Gizlilikler
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index a0402fd46a..5b63af7cda 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -3536,183 +3536,11 @@ error.unit_not_allowed=У вас немає доступу до жодного 
 unit = Одиниця
 
 [packages]
-filter.type=Тип
-alpine.repository.branches=Гілки
-alpine.repository.repositories=Репозиторії
 conan.details.repository=Репозиторій
 owner.settings.cleanuprules.enabled=Увімкнено
-about = Про цей пакунок
-empty = Пакунків поки що немає.
-empty.documentation = Докладніше про реєстр пакунків читайте в <a target="_blank" rel="noopener noreferrer" href="%s">документації</a>.
-registry.documentation = Докладніше про реєстр %s читайте в <a target="_blank" rel="noopener noreferrer" href="%s">документації</a>.
-settings.delete.notice = Ви збираєтеся видалити %s (%s). Цю операцію не можна скасувати, ви впевнені?
-details.author = Автор
-title = Пакунки
-arch.version.backup = Резервне копіювання
-arch.version.conflicts = Конфлікти
-arch.version.replaces = Заміни
-arch.version.provides = Надає
-arch.version.groups = Група
-conda.install = Аби встановити пакунок, використовуючи Conda, виконайте команду:
-cargo.install = Аби встановити пакунок, використовуючи Cargo, виконайте команду:
-versions.view_all = Переглянути всі
-generic.download = Завантажте пакунок із командного рядка:
-details = Подробиці
-arch.version.optdepends = Необов’язково залежить
-installation = Установлення
-details.license = Ліцензія
-filter.type.all = Усі
-conan.install = Аби встановити пакунок, використовуючи Conan, виконайте команду:
-container.layers = Шари образу
-details.project_site = Вебсторінка проєкту
-details.documentation_site = Вебсторінка документації
 desc = Керування пакунками репозиторію.
-requirements = Вимоги
-dependencies = Залежності
-empty.repo = Ви опублікували пакунок, але він не показаний тут? Перейдіть до <a href="%[1]s">налаштувань пакунка</a> і пов’яжіть його з цим репозиторієм.
-alpine.repository = Про репозиторій
-alpine.install = Аби встановити цей пакунок, виконайте команду:
-cran.install = Аби встановити пакунок, виконайте команду:
-composer.dependencies.development = Залежності розробки
-container.labels.key = Ключ
-container.labels.value = Значення
-composer.install = Аби встановити пакунок, використовуючи Composer, виконайте команду:
-debian.repository.components = Складові
-filter.container.tagged = Відмічений
-filter.container.untagged = Невідмічений
-container.multi_arch = ОС / Архітектура
-arch.pacman.helper.gpg = Додайте сертифікат довіреності до pacman:
-arch.pacman.sync = Синхронізуйте пакунок з pacman:
-arch.pacman.conf = Додайте сервер із пов’язаним дистрибутивом та архітектурою до <code>/etc/pacman.conf</code>:
-arch.version.properties = Властивості версії
-arch.version.description = Опис
-chef.install = Аби встановити пакунок, виконайте команду:
-container.details.platform = Платформа
-container.details.type = Тип образу
-container.pull = Завантажити образ із командного рядка:
-details.repository_site = Вебсторінка репозиторію
-composer.dependencies = Залежності
-debian.install = Аби встановити пакунок, виконайте команду:
-debian.repository = Про репозиторій
-debian.repository.distributions = Дистрибутиви
-alpine.repository.architectures = Архітектури
-arch.version.depends = Залежить
-go.install = Встановити пакунок із командного рядка:
-debian.repository.architectures = Архітектури
-helm.install = Аби встановити пакунок, виконайте команду:
-keywords = Ключові слова
-assets = Ресурси
-versions = Версії
-dependency.version = Версія
-container.labels = Мітки
-filter.no_result = Ваш фільтр не видав жодних результатів.
-dependency.id = ID
-rpm.repository = Про репозиторій
-rpm.repository.architectures = Архітектури
-settings.delete.error = Не вдалося видалити пакунок.
-settings.delete.success = Пакунок видалено.
-npm.dependencies = Залежності
-settings.delete = Видалити пакунок
-npm.dependencies.development = Залежності розробки
-rubygems.dependencies.development = Залежності розробки
-npm.dependencies.optional = Необов'язкові залежності
-container.images.title = Образи
-search_in_external_registry = Шукати в %s
 owner.settings.cleanuprules.keep.count.n = %d версій на пакунок
-settings.delete.description = Видалення пакунка є остаточним і його неможливо скасувати.
 owner.settings.cleanuprules.keep.count.1 = 1 версію на пакунок
-rpm.repository.multiple_groups = Цей пакунок доступний у кількох групах.
-helm.registry = Налаштуйте цей реєстр із командного рядка:
-rpm.registry = Налаштуйте цей реєстр із командного рядка:
-conan.registry = Налаштуйте цей реєстр із командного рядка:
-nuget.registry = Налаштуйте цей реєстр із командного рядка:
-swift.registry = Налаштуйте цей реєстр із командного рядка:
-alt.repository.architectures = Архітектури
-alt.repository = Про репозиторій
-alt.repository.multiple_groups = Цей пакунок доступний у кількох групах.
-alt.install = Встановити пакунок
-alt.registry = Налаштуйте цей реєстр із командного рядка:
-debian.registry = Налаштуйте цей реєстр із командного рядка:
-debian.registry.info = Виберіть $distribution і $component зі списку нижче.
-npm.install = Аби встановити пакунок, використовуючи npm, виконайте команду:
-alt.registry.install = Щоб установити пакунок, виконайте команду:
-swift.install2 = і виконайте команду:
-rubygems.install = Аби встановити пакунок, використовуючи gem, виконайте команду:
-alt.setup = Додайте репозиторій до списку підключених репозиторіїв (виберіть потрібну архітектуру замість «_arch_»):
-pypi.install = Аби встановити пакунок, використовуючи pip, виконайте команду:
-nuget.install = Аби встановити пакунок, використовуючи NuGet, виконайте команду:
-pub.install = Аби встановити пакунок, використовуючи Dart, виконайте команду:
-rpm.install = Щоб установити пакунок, виконайте команду:
-maven.install = Для використання пакунка включіть у блок <code>dependencies</code> у файлі <code>pom.xml</code> таке:
-vagrant.install = Щоб додати скриньку Vagrant, виконайте команду:
-owner.settings.chef.keypair = Згенерувати пару ключів
-published_by_in = %[1]s опубліковано <a href="%[2]s">%[3]s</a> в <a href="%[4]s"><strong>%[5]s</strong></a>
-npm.install2 = або додайте його у файл package.json:
-npm.details.tag = Тег
-rubygems.install2 = або додайте його у Gemfile:
-published_by = %[1]s опубліковано <a href="%[2]s">%[3]s</a>
-swift.install = Додайте пакунок у свій файл <code>Package.swift</code>:
-settings.link.select = Виберіть репозиторій
-alpine.registry.info = Виберіть $branch і $repository зі списку нижче.
-conda.registry = Встановіть цей реєстр як репозиторій Conda у своєму файлі <code>.condarc</code>:
-owner.settings.chef.title = Реєстр Chef
-arch.pacman.repo.multi.item = Конфігурація %s
-maven.registry = Налаштуйте цей реєстр у файлі <code>pom.xml</code> свого проєкту:
-cargo.registry = Налаштуйте цей реєстр у файлі конфігурації Cargo (наприклад, <code>~/.cargo/config.toml</code>):
-composer.registry = Налаштуйте цей реєстр у файлі <code>~/.composer/config.json</code>:
-alpine.registry = Налаштуйте цей реєстр, додавши URL у файл <code>/etc/apk/repositories</code>:
-cran.registry = Налаштуйте цей реєстр у файлі <code>Rprofile.site</code>:
-npm.registry = Налаштуйте цей реєстр у файлі <code>.npmrc</code> свого проєкту:
-chef.registry = Налаштуйте цей реєстр у файлі <code>~/.chef/config.rb</code>:
-owner.settings.chef.keypair.description = Запити до реєстру Chef повинні бути криптографічно підписані як засіб автентифікації. При генерації пари ключів на Forgejo зберігається тільки відкритий ключ. Приватний ключ надається вам для використання команд knife. Генерація нової пари ключів замінить попередню.
-nuget.dependency.framework = Цільовий фреймворк
-owner.settings.cleanuprules.preview.overview = Заплановано видалити %d пакунків.
-owner.settings.cleanuprules.pattern_full_match = Застосувати шаблон до повної назви пакунка
-maven.download = Щоб завантажити залежність, запустіть із командного рядка:
-maven.install2 = Запустити з командного рядка:
-npm.dependencies.bundle = Пакетні залежності
-npm.dependencies.peer = Однорангові залежності
-arch.pacman.repo.multi = %s має одну й ту саму версію в різних дистрибутивах.
-owner.settings.cargo.rebuild = Перебудувати індекс
-owner.settings.cleanuprules.none = Правил очистки ще немає.
-owner.settings.cleanuprules.preview.none = Правило очистки не відповідає жодному пакунку.
-owner.settings.cargo.initialize = Ініціалізувати індекс
-owner.settings.cargo.initialize.description = Для реєстру Cargo потрібен спеціальний Git-репозиторій з індексом. Використання цієї опції (пере)створить репозиторій і автоматично його налаштує.
-owner.settings.cargo.initialize.error = Не вдалось ініціалізувати індекс Cargo: %v
-owner.settings.cargo.initialize.success = Індекс Cargo успішно створено.
-owner.settings.cargo.rebuild.error = Не вдалося перебудувати індекс Cargo: %v
-owner.settings.cargo.title = Індекс реєстру Cargo
-owner.settings.cleanuprules.title = Правила очистки
-owner.settings.cleanuprules.add = Додати правило очистки
-owner.settings.cargo.rebuild.success = Індекс Cargo успішно перебудовано.
-owner.settings.cleanuprules.success.update = Правило очистки оновлено.
-owner.settings.cleanuprules.success.delete = Правило очистки видалено.
-owner.settings.cleanuprules.edit = Редагувати правило очистки
-owner.settings.cleanuprules.preview = Попередній перегляд правила очистки
-owner.settings.cargo.rebuild.description = Перебудування може бути корисним, якщо індекс не синхронізовано зі збереженими пакунками Cargo.
-rpm.distros.redhat = у дистрибутивах на основі RedHat
-rpm.distros.suse = у дистрибутивах на основі SUSE
-owner.settings.cargo.rebuild.no_index = Неможливо перебудувати, індекс не ініціалізовано.
-alpine.registry.key = Завантажте відкритий RSA-ключ реєстру в папку <code>/etc/apk/keys/</code> для перевірки підпису індексу:
-rubygems.required.ruby = Необхідна версія Ruby
-rubygems.required.rubygems = Необхідна версія RubyGem
-pypi.requires = Необхідний Python
-settings.link = Пов’язати цей пакунок із репозиторієм
-settings.link.description = Якщо пов’язати пакунок із репозиторієм, то його буде додано до списку пакунків цього репозиторію.
-owner.settings.cleanuprules.keep.count = Залишити найновіші
-owner.settings.cleanuprules.remove.title = Версії, які підпадають під ці правила, буде видалено, крім версій, які правило вище вимагає залишити.
-owner.settings.cleanuprules.remove.days = Видалити версії старіші, ніж
-arch.version.makedepends = Залежності для збірки
-arch.version.checkdepends = Перевірити залежності
-settings.link.button = Оновити посилання на репозиторій
-settings.link.success = Посилання на репозиторій успішно оновлено.
-settings.link.error = Помилка при оновленні посилання на репозиторій.
-owner.settings.cleanuprules.keep.title = Версії, які підпадають під ці правила, залишаться, навіть якщо вони підпадають під правило видалення нижче.
-owner.settings.cleanuprules.keep.pattern.container = Версія <code>latest</code> завжди зберігається для пакунків Container.
-owner.settings.cleanuprules.remove.pattern = Видалити версії, що відповідають
-owner.settings.cleanuprules.keep.pattern = Залишити версії, що відповідають
-rubygems.dependencies.runtime = Залежності середовища виконання
-container.digest = Контрольна сума
 
 [secrets]
 deletion = Видалити секрет
diff --git a/options/locale/locale_vi.ini b/options/locale/locale_vi.ini
index 61c9853230..1e0feb2137 100644
--- a/options/locale/locale_vi.ini
+++ b/options/locale/locale_vi.ini
@@ -706,7 +706,7 @@ update_hints = Cập nhật các gợi ý
 update_hints_success = Đã cập nhật các gợi ý.
 hidden_comment_types = Loại bình luận bị ẩn
 hidden_comment_types_description = Các loại bình luận được chọn ở đây sẽ không hiện trên các trang vấn đề. Ví dụ: Chọn "Nhãn" thì sẽ loại bỏ tất cả các bình luận "<user> đã thêm/bỏ <label>".
-hidden_comment_types.ref_tooltip =
+hidden_comment_types.ref_tooltip = 
 hidden_comment_types.issue_ref_tooltip = Các bình luận mà người dùng đổi nhánh/nhãn gắn với vấn đề
 comment_type_group_reference = Đề cập
 comment_type_group_label = Nhãn
@@ -782,7 +782,7 @@ key_content_gpg_placeholder = Bắt đầu bằng "-----BEGIN PGP PUBLIC KEY BLO
 ssh_key_been_used = Mã SSH này đã được thêm vào máy chủ rồi.
 ssh_key_name_used = Một mã SSH cùng tên đã tồn tại trong tài khoản của bạn.
 gpg_key_id_used = Một mã GPG công khai cùng ID đã tồn tại.
-gpg_no_key_email_found =
+gpg_no_key_email_found = 
 gpg_key_matched_identities = Các danh tính khớp:
 gpg_key_verify = Xác thực
 gpg_token_help = Bạn có thể tạo chữ kí bằng:
@@ -803,7 +803,7 @@ delete_key = Gỡ
 ssh_key_deletion = Gỡ mã SSH
 gpg_key_deletion = Gỡ mã GPG
 ssh_key_deletion_desc = Việc gỡ mã SSH sẽ tước quyền truy cập của nó đến tài khoản của bạn. Tiếp tục?
-gpg_key_deletion_desc =
+gpg_key_deletion_desc = 
 ssh_key_deletion_success = Đã gỡ mã SSH.
 gpg_key_deletion_success = Đã gỡ mã GPG.
 added_on = Đã được thêm từ %s
@@ -1493,12 +1493,6 @@ teams.admin_access_helper = Các thành viên có thể kéo và đẩy đến c
 teams.admin_permission_desc = Nhóm này cấp quyền <strong>Quản trị</strong>: các thành viên có thể đọc từ, đẩy đến và thêm cộng tác viên vào các kho mã nhóm.
 
 [packages]
-details.project_site = Trang mạng dự án
-details.repository_site = Trang mạng kho mã
-details.documentation_site = Trang mạng tài liệu
-filter.container.tagged = Được gắn nhãn
-filter.container.untagged = Không được gắn nhãn
-npm.details.tag = Nhãn
 
 [actions]
 runs.pushed_by = đẩy bởi
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index c1ed4ab330..a267b3a566 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -3533,183 +3533,11 @@ error.no_unit_allowed_repo=您没有被允许访问此仓库的任何单元。
 error.unit_not_allowed=您没有权限访问此仓库单元。
 
 [packages]
-title=软件包
 desc=管理仓库软件包。
-empty=还没有软件包。
-empty.documentation=关于软件包注册中心的更多信息，请参阅 <a target="_blank" rel="noopener noreferrer" href="%s"> 文档 </a>。
-empty.repo=您上传了一个包，但没有显示在这里吗？转到 <a href="%[1]s">包设置</a> 并将其链接到这个仓库中。
-registry.documentation=关于 %s 注册中心的更多信息，请参阅 <a target="_blank" rel="noopener noreferrer" href="%s">文档</a>。
-filter.type=类型
-filter.type.all=所有
-filter.no_result=您的过滤器没有产生任何结果。
-filter.container.tagged=已加标签
-filter.container.untagged=未加标签
-published_by=由 <a href="%[2]s">%[3]s</a> 发布于 %[1]s
-published_by_in=<a href="%[2]s">%[3]s</a> 于 %[1]s 发布了 <a href="%[4]s"><strong>%[5]s</strong></a>
-installation=安装
-about=关于这个软件包
-requirements=要求
-dependencies=依赖
-keywords=关键词
-details=详情
-details.author=作者
-details.project_site=项目站点
-details.repository_site=仓库网站
-details.documentation_site=文档站点
-details.license=许可协议
-assets=资源
-versions=版本
-versions.view_all=查看全部
-dependency.id=ID
-dependency.version=版本
-alpine.registry=通过在您的 <code>/etc/apk/repositories</code> 文件中添加 URL 来设置此注册中心：
-alpine.registry.key=下载注册中心公开的 RSA 密钥到 <code>/etc/apk/keys/</code> 文件夹来验证索引签名：
-alpine.registry.info=从下面的列表中选择 $branch 和 $repository。
-alpine.install=要安装包，请运行以下命令：
-alpine.repository=仓库信息
-alpine.repository.branches=分支
-alpine.repository.repositories=仓库管理
-alpine.repository.architectures=架构
-cargo.registry=在 Cargo 配置文件中设置此注册中心（例如：<code>~/.cargo/config.toml</code>）：
-cargo.install=要使用 Cargo 安装软件包，请运行以下命令：
-chef.registry=在您的 <code>~/.chef/config.rb</code> 文件中设置此注册中心：
-chef.install=要安装包，请运行以下命令：
-composer.registry=在您的 <code>~/.composer/config.json</code> 文件中设置此注册中心：
-composer.install=要使用 Composer 安装软件包，请运行以下命令：
-composer.dependencies=依赖
-composer.dependencies.development=开发依赖
 conan.details.repository=仓库
-conan.registry=从命令行设置此注册中心：
-conan.install=要使用 Conan 安装软件包，请运行以下命令：
-conda.registry=在您的 <code>.condarc</code> 文件中将此注册中心设置为 Conda 仓库：
-conda.install=要使用 Conda 安装软件包，请运行以下命令：
-container.details.type=镜像类型
-container.details.platform=平台
-container.pull=从命令行拉取镜像：
-container.digest=摘要
-container.multi_arch=操作系统 / 架构
-container.layers=镜像分层
-container.labels=标签
-container.labels.key=键
-container.labels.value=值
-cran.registry=在您的 <code>Rprofile.site</code> 文件中设置此注册中心：
-cran.install=要安装包，请运行以下命令：
-debian.registry=从命令行设置此注册中心：
-debian.registry.info=从下面的列表中选择 $distribution 和 $component。
-debian.install=要安装包，请运行以下命令：
-debian.repository=仓库信息
-debian.repository.distributions=发行版
-debian.repository.components=组件
-debian.repository.architectures=架构
-generic.download=从命令行下载软件包：
-go.install=通过命令行安装软件包：
-helm.registry=从命令行设置此注册中心：
-helm.install=要安装包，请运行以下命令：
-maven.registry=在您项目的 <code>pom.xml</code> 文件中设置此注册中心：
-maven.install=要使用这个软件包，在 <code>pom.xml</code> 文件中的 <code>依赖项</code> 块中包含以下内容：
-maven.install2=通过命令行运行：
-maven.download=要下载依赖项，请通过命令行运行：
-nuget.registry=从命令行设置此注册中心：
-nuget.install=要使用 Nuget 安装软件包，请运行以下命令：
-nuget.dependency.framework=目标框架
-npm.registry=在您项目的 <code>.npmrc</code> 文件中设置此注册中心：
-npm.install=要使用 npm 安装软件包，请运行以下命令：
-npm.install2=或将其添加到 package.json 文件：
-npm.dependencies=依赖项
-npm.dependencies.development=开发依赖
-npm.dependencies.peer=同等依赖
-npm.dependencies.optional=可选依赖
-npm.details.tag=标签
-pub.install=要使用 Dart 安装软件包，请运行以下命令：
-pypi.requires=需要 Python
-pypi.install=要使用 pip 安装软件包，请运行以下命令：
-rpm.registry=从命令行设置此注册中心：
-rpm.distros.redhat=在基于 RedHat 的发行版
-rpm.distros.suse=在基于 SUSE 的发行版
-rpm.install=要安装包，请运行以下命令：
-rpm.repository = 仓库信息
-rpm.repository.architectures = 架构
-rpm.repository.multiple_groups = 该软件包可在多个组中使用。
-rubygems.install=要使用 gem 安装软件包，请运行以下命令：
-rubygems.install2=或将它添加到 Gemfile：
-rubygems.dependencies.runtime=运行时依赖
-rubygems.dependencies.development=开发依赖
-rubygems.required.ruby=需要 Ruby 版本
-rubygems.required.rubygems=需要 RubyGem 版本
-swift.registry=从命令行设置此注册中心：
-swift.install=在你的 <code>Package.swift</code>文件中添加该包：
-swift.install2=并运行以下命令：
-vagrant.install=若要添加一个 Vagrant box，请运行以下命令：
-settings.link=将此软件包链接到仓库
-settings.link.description=如果您将一个软件包与一个代码库链接起来，软件包将显示在代码库的软件包列表中。
-settings.link.select=选择仓库
-settings.link.button=更新仓库链接
-settings.link.success=仓库链接已成功更新。
-settings.link.error=更新仓库链接失败。
-settings.delete=删除软件包
-settings.delete.description=删除软件包是永久性的，无法撤消。
-settings.delete.notice=您将要删除 %s（%s）。此操作是不可逆的，您确定吗？
-settings.delete.success=软件包已被删除。
-settings.delete.error=删除软件包失败。
-owner.settings.cargo.title=Cargo 注册中心索引
-owner.settings.cargo.initialize=初始化索引
-owner.settings.cargo.initialize.description=使用 Cargo 注册中心时需要一个特殊索引的 Git 仓库。使用此选项将（重新）创建仓库并自动配置它。
-owner.settings.cargo.initialize.error=初始化Cargo索引失败：%v
-owner.settings.cargo.initialize.success=Cargo索引已经成功创建。
-owner.settings.cargo.rebuild=重建索引
-owner.settings.cargo.rebuild.description=如果索引与存储的 Cargo 包不同步，重建可能会有用。
-owner.settings.cargo.rebuild.error=无法重建 Cargo 索引：%v
-owner.settings.cargo.rebuild.success=Cargo 索引已成功重建。
-owner.settings.cleanuprules.title=清理规则
-owner.settings.cleanuprules.add=添加清理规则
-owner.settings.cleanuprules.edit=编辑清理规则
-owner.settings.cleanuprules.none=尚无清理规则。
-owner.settings.cleanuprules.preview=清理规则预览
-owner.settings.cleanuprules.preview.overview=%d 个软件包计划被删除。
-owner.settings.cleanuprules.preview.none=清理规则与任何软件包都不匹配。
 owner.settings.cleanuprules.enabled=启用
-owner.settings.cleanuprules.pattern_full_match=应用规则到完整软件包名称
-owner.settings.cleanuprules.keep.title=与这些规则相匹配的版本即使与下面的删除规则相匹配，也将予以保留。
-owner.settings.cleanuprules.keep.count=保留最新的
 owner.settings.cleanuprules.keep.count.1=每个软件包1个版本
 owner.settings.cleanuprules.keep.count.n=每个软件包 %d 个版本
-owner.settings.cleanuprules.keep.pattern=保持版本匹配
-owner.settings.cleanuprules.keep.pattern.container=容器的<code>latest</code>版本总是会被保留。
-owner.settings.cleanuprules.remove.title=与这些规则相匹配的版本将被删除，除非其中存在某个保留它们的规则。
-owner.settings.cleanuprules.remove.days=移除旧于天数的版本
-owner.settings.cleanuprules.remove.pattern=删除匹配的版本
-owner.settings.cleanuprules.success.update=清理规则已更新。
-owner.settings.cleanuprules.success.delete=清理规则已删除。
-owner.settings.chef.title=Chef 注册中心
-owner.settings.chef.keypair=生成密钥对
-owner.settings.chef.keypair.description=发送至 Chef 注册表的请求必须被密码学签名，以进行身份验证。在生成密钥对时，Forgejo仅保存公钥。私钥将被提供给您以和 knife 一同使用。生成新的密钥对将丢弃旧的密钥对。
-owner.settings.cargo.rebuild.no_index = 无法重建，未初始化任何索引。
-npm.dependencies.bundle = 捆绑的依赖项
-arch.pacman.helper.gpg = 为 pacman 添加信任证书：
-arch.pacman.repo.multi = %s 在不同的发行版中有相同的版本。
-arch.pacman.repo.multi.item = %s 的配置
-arch.pacman.conf = 将具有相关发行版和架构的服务器添加到 <code>/etc/pacman.conf</code> 中：
-arch.pacman.sync = 在 pacman 下同步软件包：
-arch.version.properties = 版本属性
-arch.version.description = 说明
-arch.version.provides = 提供
-arch.version.groups = 组
-arch.version.depends = 依赖
-arch.version.optdepends = 可选依赖
-arch.version.conflicts = 冲突
-arch.version.replaces = 替换
-arch.version.backup = 备份
-arch.version.checkdepends = 检查依赖
-arch.version.makedepends = 编译依赖
-container.images.title = 镜像
-search_in_external_registry = 在 %s 中搜索
-alt.registry.install = 要安装此软件包，请运行以下命令：
-alt.install = 安装软件包
-alt.registry = 通过命令行配置此注册表：
-alt.setup = 添加一个仓库到连接的仓库列表（选择必要的架构而非“_arch_”）：
-alt.repository = 仓库信息
-alt.repository.architectures = 架构
-alt.repository.multiple_groups = 此软件包在多个组中可用。
 
 [secrets]
 secrets=密钥
diff --git a/options/locale/locale_zh-HK.ini b/options/locale/locale_zh-HK.ini
index 45c487fe61..771d1c3112 100644
--- a/options/locale/locale_zh-HK.ini
+++ b/options/locale/locale_zh-HK.ini
@@ -1086,12 +1086,8 @@ error.not_signed_commit=未簽名的提交
 [units]
 
 [packages]
-filter.type=認證類型
-alpine.repository.branches=分支列表
-alpine.repository.repositories=儲存庫管理
 conan.details.repository=儲存庫
 owner.settings.cleanuprules.enabled=已啟用
-container.labels = 標籤
 
 [secrets]
 
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index c7fc4fb5a1..1ccf2cb5f8 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -3533,183 +3533,11 @@ error.no_unit_allowed_repo=您未被允許存取此儲存庫的任何區域。
 error.unit_not_allowed=您未被允許存取此儲存庫區域。
 
 [packages]
-title=軟體包
 desc=管理儲存庫軟體包。
-empty=目前還沒有軟體包。
-empty.documentation=關於軟體包註冊中心的詳情請參閱<a target="_blank" rel="noopener noreferrer" href="%s">文件</a>。
-empty.repo=已經上傳了一個軟體包，但是它不在這裡嗎？造訪<a href="%[1]s">軟體包設定</a>並將其連結到這個儲存庫。
-filter.type=類型
-filter.type.all=所有
-filter.no_result=沒有篩選結果。
-filter.container.tagged=已加標籤
-filter.container.untagged=未加標籤
-published_by=發布於 %[1]s 由 <a href="%[2]s">%[3]s</a>
-published_by_in=發布於 %[1]s 由 <a href="%[2]s">%[3]s</a> 在 <a href="%[4]s"><strong>%[5]s</strong></a>
-installation=安裝
-about=關於此軟體包
-requirements=需求
-dependencies=相依性
-keywords=關鍵字
-details=詳情
-details.author=作者
-details.project_site=專案網站
-details.repository_site=儲存庫網站
-details.documentation_site=文件網站
-details.license=授權條款
-assets=檔案
-versions=版本
-versions.view_all=檢視全部
-dependency.id=ID
-dependency.version=版本
-alpine.registry=在您的 <code>/etc/apk/repositories</code> 檔加入下列 URL 以設定此註冊中心:
-alpine.registry.key=下載註冊中心的公開 RSA 金鑰到 <code>/etc/apk/keys/</code> 資料夾來驗證索引簽署:
-alpine.registry.info=從下列清單選擇 $branch 和 $repository。
-alpine.install=執行下列命令安裝此軟體包：
-alpine.repository=儲存庫資訊
-alpine.repository.branches=分支
-alpine.repository.repositories=儲存庫
-alpine.repository.architectures=架構
-cargo.registry=在 Cargo 組態檔設定此註冊中心 (例如: <code>~/.cargo/config.toml</code>):
-cargo.install=執行下列命令以使用 Cargo 安裝此軟體包：
-chef.registry=在您的 <code>~/.chef/config.rb</code> 檔設定此註冊中心:
-chef.install=執行下列命令以安裝此軟體包：
-composer.registry=在您的 <code>~/.composer/config.json</code> 檔設定此註冊中心:
-composer.install=執行下列命令以使用 Composer 安裝此軟體包：
-composer.dependencies=相依性
-composer.dependencies.development=開發相依性
 conan.details.repository=儲存庫
-conan.registry=透過下列命令設定此註冊中心:
-conan.install=執行下列命令以使用 Conan 安裝此軟體包：
-conda.registry=在您的 <code>.condarc</code> 檔設定此註冊中心為 Conda 存儲庫:
-conda.install=執行下列命令以使用 Conda 安裝此軟體包：
-container.details.type=映像檔類型
-container.details.platform=平台
-container.pull=透過下列命令拉取映像檔：
-container.digest=摘要
-container.multi_arch=作業系統 / 架構
-container.layers=映像檔分層
-container.labels=標籤
-container.labels.key=鍵
-container.labels.value=值
-cran.install=執行下列命令以安裝此軟體包：
-debian.registry=透過下列命令設定此註冊中心:
-debian.install=執行下列命令以安裝此軟體包：
-debian.repository=儲存庫資訊
-debian.repository.architectures=架構
-generic.download=使用命令列下載軟體包：
-helm.registry=透過下列命令設定此註冊中心:
-helm.install=執行下列命令安裝以此軟體包：
-maven.registry=在您專案的 <code>pom.xml</code> 檔設定此註冊中心:
-maven.install=若要使用此軟體包，請在您 <code>pom.xml</code> 檔的 <code>dependencies</code> 段落加入下列內容:
-maven.install2=透過下列命令執行:
-maven.download=透過下列命令下載相依性：
-nuget.registry=透過下列命令設定此註冊中心：
-nuget.install=執行下列命令以使用 NuGet 安裝此軟體包：
-nuget.dependency.framework=目標框架
-npm.registry=在您專案的 <code>.npmrc</code> 檔設定此註冊中心:
-npm.install=執行下列命令以使用 npm 安裝此軟體包：
-npm.install2=或將它加到 package.json 檔：
-npm.dependencies=相依性
-npm.dependencies.development=開發相依性
-npm.dependencies.peer=同行相依性
-npm.dependencies.optional=選用相依性
-npm.details.tag=標籤
-pub.install=執行下列命令以使用 Dart 安裝此軟體包：
-pypi.requires=需要 Python
-pypi.install=執行下列命令以使用 pip 安裝此軟體包：
-rpm.registry=透過下列命令設定此註冊中心:
-rpm.install=執行下列命令以安裝此軟體包：
-rpm.repository=儲存庫資訊
-rpm.repository.architectures=架構
-rubygems.install=執行下列命令以使用 gem 安裝此軟體包：
-rubygems.install2=或將它加到 Gemfile:
-rubygems.dependencies.runtime=執行階段相依性
-rubygems.dependencies.development=開發相依性
-rubygems.required.ruby=需要的 Ruby 版本
-rubygems.required.rubygems=需要的 RubyGem 版本
-swift.registry=透過下列命令設定此註冊中心:
-swift.install=將此軟體包加入您的 <code>Package.swift</code> 檔：
-swift.install2=並執行下列命令：
-vagrant.install=執行下列命令以新增 Vagrant box:
-settings.link=連結此軟體包至儲存庫
-settings.link.description=如果您將軟體包連結至儲存庫，該軟體包會顯示在儲存庫的軟體包清單。
-settings.link.select=選擇儲存庫
-settings.link.button=更新儲存庫連結
-settings.link.success=儲存庫連結更新成功。
-settings.link.error=儲存庫連結更新失敗。
-settings.delete=刪除軟體包
-settings.delete.description=刪除軟體包是永久且不可還原的。
-settings.delete.notice=您正要刪除 %s (%s)，此動作是無法還原的，您確定嗎？
-settings.delete.success=已刪除該軟體包。
-settings.delete.error=軟體包刪除失敗。
-owner.settings.cargo.title=Cargo Registry 索引
-owner.settings.cargo.initialize=初始化索引
-owner.settings.cargo.initialize.error=初始化 Cargo 索引失敗: %v
-owner.settings.cargo.initialize.success=成功建立了 Cargo 索引。
-owner.settings.cargo.rebuild=重建索引
-owner.settings.cargo.rebuild.error=重建 Cargo 索引失敗: %v
-owner.settings.cargo.rebuild.success=已成功重建 Cargo 索引。
-owner.settings.cleanuprules.title=清理規則
-owner.settings.cleanuprules.add=加入清理規則
-owner.settings.cleanuprules.edit=編輯清理規則
-owner.settings.cleanuprules.preview=預覽清理規則
-owner.settings.cleanuprules.preview.overview=已排程移除 %d 個軟體包。
-owner.settings.cleanuprules.preview.none=清理規則不符合任何軟體包。
 owner.settings.cleanuprules.enabled=已啟用
-owner.settings.cleanuprules.pattern_full_match=將比對式樣套用到完整的軟體包名稱
-owner.settings.cleanuprules.keep.title=符合這些規則的版本即使符合下面的刪除規則也會被保留。
-owner.settings.cleanuprules.keep.count=保留最新的
 owner.settings.cleanuprules.keep.count.1=每個軟體包 1 個版本
 owner.settings.cleanuprules.keep.count.n=每個軟體包 %d 個版本
-owner.settings.cleanuprules.keep.pattern=保留版本的比對規則
-owner.settings.cleanuprules.keep.pattern.container=總是保留 Container 軟體包的<code>最新</code>版本。
-owner.settings.cleanuprules.remove.title=符合這些規則的版本將被移除，除非前述的規則要求保留它們。
-owner.settings.cleanuprules.remove.days=移除早於天數的版本
-owner.settings.cleanuprules.remove.pattern=移除版本的比對規則
-owner.settings.cleanuprules.success.update=已更新清理規則。
-owner.settings.cleanuprules.success.delete=已刪除清理規則。
-owner.settings.chef.title=Chef Registry
-owner.settings.chef.keypair=產生密鑰組
-debian.repository.components = 元件
-go.install = 使用命令列安裝軟體包：
-owner.settings.cleanuprules.none = 目前沒有任何清理規則。
-arch.version.description = 描述
-arch.version.properties = 版本屬性
-arch.version.backup = 備份
-arch.version.conflicts = 衝突
-npm.dependencies.bundle = 已捆綁相依性
-arch.version.provides = 提供
-arch.pacman.repo.multi.item = %s 的組態
-arch.version.replaces = 取代
-arch.version.checkdepends = 檢查依賴
-arch.version.optdepends = 選擇性依賴
-arch.version.depends = 依賴
-owner.settings.cargo.rebuild.no_index = 無法重建，未初始化任何索引。
-cran.registry = 在你的 <code>Rprofile.site</code> 檔案中設定此註冊表：
-debian.repository.distributions = 發行版
-owner.settings.chef.keypair.description = 送往 Chef 註冊表的請求必須經過加密簽署，以作為驗證身分的方式。在產生金鑰對時，只有公鑰會儲存在 Forgejo 上，私鑰則會提供給你用於 knife 工具。產生新的金鑰對將會覆蓋先前的金鑰。
-owner.settings.cargo.initialize.description = 使用 Cargo 註冊表需要一個特殊的索引 Git 儲存庫。使用此選項將會（重新）建立儲存庫並自動配置它。
-rpm.repository.multiple_groups = 此套件可以在多個群組中使用。
-rpm.distros.suse = 在基於 SUSE 的發行版上
-rpm.distros.redhat = 在基於 RedHat 的發行版上
-owner.settings.cargo.rebuild.description = 如果索引與儲存的 Cargo 套件不同步，重建可能會很有用。
-arch.version.groups = 群組
-alt.repository.architectures = 架構
-alt.repository = 儲存庫資訊
-arch.pacman.helper.gpg = 為 pacman 新增信任憑證：
-search_in_external_registry = 在 %s 中搜尋
-debian.registry.info = 從下面的清單中選擇 $distribution 和 $component。
-arch.pacman.conf = 將相關發行版和架構的伺服器新增至 <code>/etc/pacman.conf</code>：
-arch.pacman.sync = 使用 pacman 同步軟體包：
-arch.pacman.repo.multi = %s 在不同的發行版中具有相同的版本。
-container.images.title = 映像檔
-alt.registry = 從命令列設定此註冊表：
-alt.install = 安裝軟體包
-registry.documentation = 有關 %s 註冊表的更多資訊，請參閱<a target="_blank" rel="noopener noreferrer" href="%s">文件</a>。
-alt.registry.install = 若要安裝軟體包，執行以下命令：
-alt.repository.multiple_groups = 此軟體包在多個群組中可用。
-alt.setup = 新增儲存庫至已連接的儲存庫清單（選擇必要的架構結構而非「_arch_」）：
-arch.version.makedepends = 編譯依賴
 
 [secrets]
 secrets=Secret
diff --git a/options/locale_next/locale_ar.json b/options/locale_next/locale_ar.json
index e4e72d0452..e019476c93 100644
--- a/options/locale_next/locale_ar.json
+++ b/options/locale_next/locale_ar.json
@@ -1,4 +1,38 @@
 {
+	"packages.title": "حزم",
+	"packages.empty": "لا يوجد حزم بعد.",
+	"packages.filter.type": "النوع",
+	"packages.filter.type.all": "الكل",
+	"packages.filter.container.tagged": "موسوم",
+	"packages.filter.container.untagged": "غير موسوم",
+	"packages.installation": "التثبيت",
+	"packages.about": "عن هذه الحزمة",
+	"packages.requirements": "المتطلبات",
+	"packages.keywords": "الكلمات المفتاحية",
+	"packages.details": "التفاصيل",
+	"packages.details.author": "الكاتب",
+	"packages.details.project_site": "موقع المشروع",
+	"packages.details.repository_site": "موقع المستودع",
+	"packages.details.license": "الترخيص",
+	"packages.versions": "الاصدارات",
+	"packages.dependency.version": "الاصدار",
+	"packages.alpine.registry.key": "نزّل مفتاح RSA العام للتسجيل في المجلد <code>/etc/apk/keys/</code> للتحقق من توقيع الفهرس:",
+	"packages.generic.download": "نزّل الحزمة عبر سطر الأوامر:",
+	"packages.rpm.repository": "معلومات المستودع",
+	"packages.rpm.repository.architectures": "بنيات",
+	"packages.rpm.repository.multiple_groups": "هذه الحزمة متوفرة في مجموعات متعددة.",
+	"packages.swift.install": "اضف الحزمة إلى ملف <code>Package.swift</code>:",
+	"packages.settings.link": "اربط هذه الحزمة بمستودع",
+	"packages.settings.link.description": "اذا ربطت حزمة مع مستودع، الحزمة سوف تُدرع تحت قائمة الحزم لدى المستودع.",
+	"packages.settings.link.select": "اختر المستودع",
+	"packages.settings.link.button": "حدّث رابط المستودع",
+	"packages.settings.link.success": "تم تحديث رابط المستودع بنجاح.",
+	"packages.settings.link.error": "فشل تحديث رابط المستودع.",
+	"packages.settings.delete": "حذف الحزمة",
+	"packages.settings.delete.description": "إن حذف الحزمة إجراء نهائي ولا يمكن عكسه.",
+	"packages.settings.delete.notice": "أنت على وشك حذف %s (%s). هذه العملية لا رجعة فيها، هل أنت متأكد؟",
+	"packages.settings.delete.success": "تم حذف الحزمة.",
+	"packages.settings.delete.error": "فشل حذف الحزمة.",
 	"fork.n_forks": {
 		"zero": "%s نسخة",
 		"one": "%s نُسَخ",
diff --git a/options/locale_next/locale_bg.json b/options/locale_next/locale_bg.json
index 33631e6a0b..e807d5aa05 100644
--- a/options/locale_next/locale_bg.json
+++ b/options/locale_next/locale_bg.json
@@ -1,4 +1,161 @@
 {
+	"packages.title": "Пакети",
+	"packages.empty": "Все още няма пакети.",
+	"packages.empty.documentation": "За повече информация относно регистъра на пакетите вижте <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документацията</a>.",
+	"packages.empty.repo": "Качихте ли пакет, но той не се показва тук? Отидете в <a href=\"%[1]s\">настройките за пакети</a> и го свържете към това хранилище.",
+	"packages.registry.documentation": "За повече информация относно регистъра %s, вижте <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документацията</a>.",
+	"packages.filter.type": "Тип",
+	"packages.filter.type.all": "Всички",
+	"packages.filter.no_result": "Вашият филтър не даде резултати.",
+	"packages.filter.container.tagged": "С маркер",
+	"packages.filter.container.untagged": "Без маркер",
+	"packages.published_by": "Публикуван %[1]s от <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Публикуван %[1]s от <a href=\"%[2]s\">%[3]s</a> в <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "За да инсталирате пакета с Dart, изпълнете следната команда:",
+	"packages.installation": "Инсталация",
+	"packages.about": "Относно този пакет",
+	"packages.requirements": "Изисквания",
+	"packages.dependencies": "Зависимости",
+	"packages.keywords": "Ключови думи",
+	"packages.details": "Подробности",
+	"packages.details.author": "Автор",
+	"packages.details.project_site": "Уебсайт на проекта",
+	"packages.details.repository_site": "Уебсайт на хранилището",
+	"packages.details.documentation_site": "Уебсайт на документацията",
+	"packages.details.license": "Лиценз",
+	"packages.versions": "Версии",
+	"packages.versions.view_all": "Вижте всички",
+	"packages.dependency.version": "Версия",
+	"packages.search_in_external_registry": "Търсене в %s",
+	"packages.alpine.registry": "Настройте този регистър, като добавите URL адреса във вашия файл <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Изтеглете публичния RSA ключ на регистъра в папката <code>/etc/apk/keys/</code>, за да проверите подписа на индекса:",
+	"packages.alpine.registry.info": "Изберете $branch и $repository от списъка по-долу.",
+	"packages.alpine.install": "За да инсталирате пакета, изпълнете следната команда:",
+	"packages.alpine.repository": "За хранилището",
+	"packages.alpine.repository.branches": "Клонове",
+	"packages.alpine.repository.repositories": "Хранилища",
+	"packages.alpine.repository.architectures": "Архитектури",
+	"packages.arch.pacman.helper.gpg": "Добавете доверителен сертификат за pacman:",
+	"packages.arch.pacman.repo.multi": "%s има същата версия в различни дистрибуции.",
+	"packages.arch.pacman.repo.multi.item": "Конфигурация за %s",
+	"packages.arch.pacman.conf": "Добавете сървър със свързаната дистрибуция и архитектура към <code>/etc/pacman.conf</code> :",
+	"packages.arch.pacman.sync": "Синхронизирайте пакета с pacman:",
+	"packages.arch.version.properties": "Свойства на версията",
+	"packages.arch.version.description": "Описание",
+	"packages.arch.version.provides": "Доставя",
+	"packages.arch.version.groups": "Група",
+	"packages.arch.version.depends": "Зависимости",
+	"packages.arch.version.optdepends": "Допълнителни зависимости",
+	"packages.arch.version.makedepends": "Зависимости за изграждането",
+	"packages.arch.version.checkdepends": "Зависимости за проверката",
+	"packages.arch.version.conflicts": "В конфликт",
+	"packages.arch.version.replaces": "Заменя",
+	"packages.cargo.registry": "Настройте този регистър в конфигурационния файл на Cargo (например <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "За да инсталирате пакета с Cargo, изпълнете следната команда:",
+	"packages.chef.registry": "Настройте този регистър във вашия файл <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "За да инсталирате пакета, изпълнете следната команда:",
+	"packages.composer.registry": "Настройте този регистър във вашия файл <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "За да инсталирате пакета с Composer, изпълнете следната команда:",
+	"packages.composer.dependencies": "Зависимости",
+	"packages.conan.registry": "Настройте този регистър от командния ред:",
+	"packages.conan.install": "За да инсталирате пакета с Conan, изпълнете следната команда:",
+	"packages.conda.registry": "Настройте този регистър като Conda хранилище във вашия файл <code>.condarc</code>:",
+	"packages.conda.install": "За да инсталирате пакета с Conda, изпълнете следната команда:",
+	"packages.container.images.title": "Образи",
+	"packages.container.details.type": "Тип образ",
+	"packages.container.details.platform": "Платформа",
+	"packages.container.pull": "Издърпайте образа от командния ред:",
+	"packages.container.multi_arch": "ОС / Архитектура",
+	"packages.container.layers": "Слоеве на образа",
+	"packages.container.labels": "Етикети",
+	"packages.container.labels.key": "Ключ",
+	"packages.container.labels.value": "Стойност",
+	"packages.cran.registry": "Настройте този регистър във вашия файл <code>Rprofile.site</code>:",
+	"packages.cran.install": "За да инсталирате пакета, изпълнете следната команда:",
+	"packages.debian.registry": "Настройте този регистър от командния ред:",
+	"packages.debian.registry.info": "Изберете $distribution и $component от списъка по-долу.",
+	"packages.debian.install": "За да инсталирате пакета, изпълнете следната команда:",
+	"packages.debian.repository": "Информация за хранилището",
+	"packages.debian.repository.distributions": "Дистрибуции",
+	"packages.debian.repository.components": "Компоненти",
+	"packages.debian.repository.architectures": "Архитектури",
+	"packages.generic.download": "Изтеглете пакета от командния ред:",
+	"packages.go.install": "Инсталирайте пакета от командния ред:",
+	"packages.helm.registry": "Настройте този регистър от командния ред:",
+	"packages.helm.install": "За да инсталирате пакета, изпълнете следната команда:",
+	"packages.maven.registry": "Настройте този регистър във файла на вашия проект <code>pom.xml</code>:",
+	"packages.maven.install": "За да използвате пакета, включете следното в блока <code>dependencies</code> във файла <code>pom.xml</code>:",
+	"packages.maven.install2": "Изпълнете през командния ред:",
+	"packages.maven.download": "За да изтеглите зависимостта, изпълнете през командния ред:",
+	"packages.nuget.registry": "Настройте този регистър от командния ред:",
+	"packages.nuget.install": "За да инсталирате пакета с NuGet, изпълнете следната команда:",
+	"packages.nuget.dependency.framework": "Целева платформа",
+	"packages.npm.registry": "Настройте този регистър във файла на вашия проект <code>.npmrc</code>:",
+	"packages.npm.install": "За да инсталирате пакета с npm, изпълнете следната команда:",
+	"packages.npm.install2": "или го добавете във файла package.json:",
+	"packages.npm.dependencies.optional": "Опционални зависимости",
+	"packages.npm.details.tag": "Маркер",
+	"packages.pypi.requires": "Изисква Python",
+	"packages.pypi.install": "За да инсталирате пакета с pip, изпълнете следната команда:",
+	"packages.rpm.registry": "Настройте този регистър от командния ред:",
+	"packages.rpm.distros.redhat": "на дистрибуции, базирани на RedHat",
+	"packages.rpm.distros.suse": "на дистрибуции, базирани на SUSE",
+	"packages.rpm.install": "За да инсталирате пакета, изпълнете следната команда:",
+	"packages.rpm.repository": "Информация за хранилището",
+	"packages.rpm.repository.architectures": "Архитектури",
+	"packages.rpm.repository.multiple_groups": "Този пакет е наличен в няколко групи.",
+	"packages.alt.registry": "Настройте този регистър от командния ред:",
+	"packages.alt.registry.install": "За да инсталирате пакета, изпълнете следната команда:",
+	"packages.alt.install": "Инсталиране на пакет",
+	"packages.alt.setup": "Добавете хранилище към списъка със свързани хранилища (изберете необходимата архитектура вместо „_arch_“):",
+	"packages.alt.repository": "Информация за хранилището",
+	"packages.alt.repository.architectures": "Архитектури",
+	"packages.alt.repository.multiple_groups": "Този пакет е наличен в няколко групи.",
+	"packages.swift.registry": "Настройте този регистър от командния ред:",
+	"packages.swift.install": "Добавете пакета във вашия файл <code>Package.swift</code>:",
+	"packages.swift.install2": "и изпълнете следната команда:",
+	"packages.vagrant.install": "За да добавите Vagrant box, изпълнете следната команда:",
+	"packages.settings.link": "Свързване на този пакет с хранилище",
+	"packages.settings.link.description": "Ако свържете пакет с хранилище, пакетът се изброява в списъка с пакети на хранилището.",
+	"packages.settings.link.select": "Изберете хранилище",
+	"packages.settings.link.button": "Обновяване на връзката на хранилището",
+	"packages.settings.link.success": "Връзката на хранилището беше успешно обновена.",
+	"packages.settings.link.error": "Неуспешно обновяване на връзката на хранилището.",
+	"packages.settings.delete": "Изтриване на пакета",
+	"packages.settings.delete.description": "Изтриването на пакет е трайно и не може да бъде отменено.",
+	"packages.settings.delete.notice": "На път сте да изтриете %s (%s). Тази операция е необратима, сигурни ли сте?",
+	"packages.settings.delete.success": "Пакетът е изтрит.",
+	"packages.settings.delete.error": "Неуспешно изтриване на пакет.",
+	"packages.owner.settings.cargo.title": "Индекс на регистъра на Cargo",
+	"packages.owner.settings.cargo.initialize": "Инициализиране на индекс",
+	"packages.owner.settings.cargo.initialize.description": "Необходимо е специално Git хранилище за индекс, за да се използва регистърът на Cargo. Използването на тази опция ще (пре)създаде хранилището и ще го конфигурира автоматично.",
+	"packages.owner.settings.cargo.initialize.error": "Неуспешно инициализиране на индекса на Cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "Индексът на Cargo беше успешно създаден.",
+	"packages.owner.settings.cargo.rebuild": "Преизграждане на индекс",
+	"packages.owner.settings.cargo.rebuild.description": "Преизграждането може да бъде полезно, ако индексът не е синхронизиран със съхранените Cargo пакети.",
+	"packages.owner.settings.cargo.rebuild.error": "Неуспешно преизграждане на индекса на Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Индексът на Cargo беше успешно преизграден.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Не може да се преизгради, няма инициализиран индекс.",
+	"packages.owner.settings.cleanuprules.title": "Правила за почистване",
+	"packages.owner.settings.cleanuprules.add": "Добавяне на правило за почистване",
+	"packages.owner.settings.cleanuprules.edit": "Редактиране на правилото за почистване",
+	"packages.owner.settings.cleanuprules.none": "Все още няма правила за почистване.",
+	"packages.owner.settings.cleanuprules.preview": "Преглед на правило за почистване",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d пакета са насрочени за премахване.",
+	"packages.owner.settings.cleanuprules.preview.none": "Правилото за почистване не съвпада с нито един пакет.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Прилагане на шаблона към пълното име на пакета",
+	"packages.owner.settings.cleanuprules.keep.title": "Версиите, които съответстват на тези правила, се запазват, дори ако съответстват на правило за премахване по-долу.",
+	"packages.owner.settings.cleanuprules.keep.count": "Запазване на най-новите",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Запазване на версии, съответстващи на",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Версията <code>latest</code> винаги се запазва за Container пакети.",
+	"packages.owner.settings.cleanuprules.remove.title": "Версиите, които съответстват на тези правила, се премахват, освен ако правило по-горе не казва да се запазят.",
+	"packages.owner.settings.cleanuprules.remove.days": "Премахване на версии, по-стари от",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Премахване на версии, съответстващи на",
+	"packages.owner.settings.cleanuprules.success.update": "Правилото за почистване е обновено.",
+	"packages.owner.settings.cleanuprules.success.delete": "Правилото за почистване е изтрито.",
+	"packages.owner.settings.chef.title": "Регистър на Chef",
+	"packages.owner.settings.chef.keypair": "Генериране на двойка ключове",
+	"packages.owner.settings.chef.keypair.description": "Заявките, изпратени до регистъра на Chef, трябва да бъдат криптографски подписани като средство за удостоверяване. При генериране на двойка ключове, само публичният ключ се съхранява във Forgejo. Частният ключ ви се предоставя, за да се използва с knife. Генерирането на нова двойка ключове ще презапише предишната.",
 	"fork.n_forks": {
 		"one": "%s разклонение",
 		"other": "%s разклонения"
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 690be4eca4..00091a7192 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Balíčky",
+	"packages.empty": "Zatím zde nejsou žádné balíčky.",
+	"packages.empty.documentation": "Další informace o registru balíčků naleznete v <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentaci</a>.",
+	"packages.empty.repo": "Nahráli jste balíček, ale nezobrazil se zde? Přejděte na <a href=\"%[1]s\">nastavení balíčku</a> a propojte jej s tímto repozitářem.",
+	"packages.registry.documentation": "Další informace o registru %s naleznete v <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentaci</a>.",
+	"packages.filter.type": "Typ",
+	"packages.filter.type.all": "Vše",
+	"packages.filter.no_result": "Váš filtr nepřinesl žádné výsledky.",
+	"packages.filter.container.tagged": "Označeno",
+	"packages.filter.container.untagged": "Neoznačeno",
+	"packages.published_by": "Zveřejněno %[1]s od <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Zveřejněno %[1]s od <a href=\"%[2]s\">%[3]s</a> v <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Chcete-li nainstalovat balíček pomocí Dart, spusťte následující příkaz:",
+	"packages.installation": "Instalace",
+	"packages.about": "O tomto balíčku",
+	"packages.requirements": "Požadavky",
+	"packages.dependencies": "Závislosti",
+	"packages.keywords": "Klíčová slova",
+	"packages.details": "Podrobnosti",
+	"packages.details.author": "Autor",
+	"packages.details.project_site": "Web projektu",
+	"packages.details.repository_site": "Web repositáře",
+	"packages.details.documentation_site": "Web dokumentace",
+	"packages.details.license": "Licence",
+	"packages.assets": "Prostředky",
+	"packages.versions": "Verze",
+	"packages.versions.view_all": "Zobrazit všechny",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Verze",
+	"packages.search_in_external_registry": "Hledat v %s",
+	"packages.alpine.registry": "Nastavte tento registr přidáním URL do <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Stáhněte si veřejný RSA klíč registru do složky <code>/etc/apk/keys/</code> pro ověření podpisu indexu:",
+	"packages.alpine.registry.info": "Vyberte $branch a $repository ze seznamu níže.",
+	"packages.alpine.install": "Pro instalaci balíčku spusťte následující příkaz:",
+	"packages.alpine.repository": "Informace o repozitáři",
+	"packages.alpine.repository.branches": "Větve",
+	"packages.alpine.repository.repositories": "Repozitáře",
+	"packages.alpine.repository.architectures": "Architektury",
+	"packages.arch.pacman.helper.gpg": "Přidat certifikát důvěryhodnosti do nástroje pacman:",
+	"packages.arch.pacman.repo.multi": "%s má stejnou verzi v různých distribucích.",
+	"packages.arch.pacman.repo.multi.item": "Nastavení pro %s",
+	"packages.arch.pacman.conf": "Přidejte server s odpovídající distribucí a architekturou do <code>/etc/pacman.conf</code> :",
+	"packages.arch.pacman.sync": "Synchronizace balíčku nástrojem pacman:",
+	"packages.arch.version.properties": "Vlastnosti verze",
+	"packages.arch.version.description": "Popis",
+	"packages.arch.version.provides": "Poskytuje",
+	"packages.arch.version.groups": "Skupina",
+	"packages.arch.version.depends": "Závislosti",
+	"packages.arch.version.optdepends": "Volitelné závislosti",
+	"packages.arch.version.makedepends": "Závislosti Make",
+	"packages.arch.version.checkdepends": "Závislosti Check",
+	"packages.arch.version.conflicts": "Konflikty",
+	"packages.arch.version.replaces": "Nahrazuje",
+	"packages.arch.version.backup": "Záloha",
+	"packages.cargo.registry": "Nastavte tento registr v konfiguračním souboru Cargo (například <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Chcete-li nainstalovat balíček pomocí Cargo, spusťte následující příkaz:",
+	"packages.chef.registry": "Nastavit tento registr v souboru <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "Pro instalaci balíčku spusťte následující příkaz:",
+	"packages.composer.registry": "Nastavit tento registr v souboru <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "Pro instalaci balíčku pomocí Compposer spusťte následující příkaz:",
+	"packages.composer.dependencies": "Závislosti",
+	"packages.composer.dependencies.development": "Vývojové závislosti",
+	"packages.conan.registry": "Nastavte tento registr z příkazového řádku:",
+	"packages.conan.install": "Pro instalaci balíčku pomocí Conan spusťte následující příkaz:",
+	"packages.conda.registry": "Nastavte tento registr jako Conda repozitář ve vašem <code>.condarc</code>:",
+	"packages.conda.install": "Pro instalaci balíčku pomocí Conda spusťte následující příkaz:",
+	"packages.container.images.title": "Obrázky",
+	"packages.container.details.type": "Typ obrazu",
+	"packages.container.details.platform": "Platforma",
+	"packages.container.pull": "Stáhnout obraz z příkazové řádky:",
+	"packages.container.digest": "Výběr",
+	"packages.container.multi_arch": "OS/architektura",
+	"packages.container.layers": "Vrstvy obrazu",
+	"packages.container.labels": "Štítky",
+	"packages.container.labels.key": "Klíč",
+	"packages.container.labels.value": "Hodnota",
+	"packages.cran.registry": "Nastavte tento registr v souboru <code>Rprofile.site</code>:",
+	"packages.cran.install": "Pro instalaci balíčku spusťte následující příkaz:",
+	"packages.debian.registry": "Nastavte tento registr z příkazového řádku:",
+	"packages.debian.registry.info": "Vyberte $distribution a $component ze seznamu níže.",
+	"packages.debian.install": "Pro instalaci balíčku spusťte následující příkaz:",
+	"packages.debian.repository": "Informace o repozitáři",
+	"packages.debian.repository.distributions": "Distribuce",
+	"packages.debian.repository.components": "Komponenty",
+	"packages.debian.repository.architectures": "Architektury",
+	"packages.generic.download": "Stáhnout balíček z příkazové řádky:",
+	"packages.go.install": "Nainstalovat balíček z příkazové řádky:",
+	"packages.helm.registry": "Nastavte tento registr z příkazového řádku:",
+	"packages.helm.install": "Pro instalaci balíčku spusťte následující příkaz:",
+	"packages.maven.registry": "Nastavte tento registr ve vašem projektu <code>pom.xml</code> souboru:",
+	"packages.maven.install": "Pro použití balíčku uveďte následující v bloku <code>dependencies</code> v souboru <code>pom.xml</code>:",
+	"packages.maven.install2": "Spustit pomocí příkazové řádky:",
+	"packages.maven.download": "Chcete-li stáhnout závislost, spusťte přes příkazový řádek:",
+	"packages.nuget.registry": "Nastavte tento registr z příkazového řádku:",
+	"packages.nuget.install": "Chcete-li nainstalovat balíček pomocí NuGet, spusťte následující příkaz:",
+	"packages.nuget.dependency.framework": "Cílový Framework",
+	"packages.npm.registry": "Nastavte tento registr ve vašem projektu v souboru <code>.npmrc</code>:",
+	"packages.npm.install": "Pro instalaci balíčku pomocí npm spusťte následující příkaz:",
+	"packages.npm.install2": "nebo ho přidejte do souboru package.json:",
+	"packages.npm.dependencies": "Závislosti",
+	"packages.npm.dependencies.development": "Vývojové závislosti",
+	"packages.npm.dependencies.bundle": "Přidružené závislosti",
+	"packages.npm.dependencies.peer": "Vzájemné závislosti",
+	"packages.npm.dependencies.optional": "Volitelné závislosti",
+	"packages.npm.details.tag": "Značka",
+	"packages.pypi.requires": "Vyžaduje Python",
+	"packages.pypi.install": "Pro instalaci balíčku pomocí pip spusťte následující příkaz:",
+	"packages.rpm.registry": "Nastavte tento registr z příkazového řádku:",
+	"packages.rpm.distros.redhat": "na distribuce založené na RedHat",
+	"packages.rpm.distros.suse": "na distribuce založené na SUSE",
+	"packages.rpm.install": "Pro instalaci balíčku spusťte následující příkaz:",
+	"packages.rpm.repository": "Informace o repozitáři",
+	"packages.rpm.repository.architectures": "Architektury",
+	"packages.rpm.repository.multiple_groups": "Tento balíček je dostupný v několika skupinách.",
+	"packages.alt.registry": "Nastavit tento registr z příkazové řádky:",
+	"packages.alt.registry.install": "Pro instalaci balíčku spusťte následující příkaz:",
+	"packages.alt.install": "Instalovat balíček",
+	"packages.alt.setup": "Přidejte repozitář do seznamu připojených repozitářů (místo „_arch_“ zvolte potřebnou architekturu):",
+	"packages.alt.repository": "Informace o repozitáři",
+	"packages.alt.repository.architectures": "Architektury",
+	"packages.alt.repository.multiple_groups": "Tento balíček je dostupný v několika skupinách.",
+	"packages.rubygems.install": "Pro instalaci balíčku pomocí gem spusťte následující příkaz:",
+	"packages.rubygems.install2": "nebo ho přidejte do Gemfie:",
+	"packages.rubygems.dependencies.runtime": "Běhové závislosti",
+	"packages.rubygems.dependencies.development": "Vývojové závislosti",
+	"packages.rubygems.required.ruby": "Vyžaduje verzi Ruby",
+	"packages.rubygems.required.rubygems": "Vyžaduje verzi RubyGem",
+	"packages.swift.registry": "Nastavte tento registr z příkazového řádku:",
+	"packages.swift.install": "Přidejte balíček do svého <code>Package.swift</code> souboru:",
+	"packages.swift.install2": "a spustit následující příkaz:",
+	"packages.vagrant.install": "Pro přidání Vagrant box spusťte následující příkaz:",
+	"packages.settings.link": "Propojit tento balíček s repozitářem",
+	"packages.settings.link.description": "Pokud propojíte balíček s repozitářem, je tento balíček uveden v seznamu balíčků repozitáře.",
+	"packages.settings.link.select": "Vybrat repozitář",
+	"packages.settings.link.button": "Aktualizovat odkaz na repozitář",
+	"packages.settings.link.success": "Odkaz na repozitář byl úspěšně aktualizován.",
+	"packages.settings.link.error": "Nepodařilo se aktualizovat odkaz na repozitář.",
+	"packages.settings.delete": "Odstranit balíček",
+	"packages.settings.delete.description": "Smazání balíčku je trvalé a nelze ho vrátit zpět.",
+	"packages.settings.delete.notice": "Chystáte se odstranit %s (%s). Tato operace je nevratná, jste si jisti?",
+	"packages.settings.delete.success": "Balíček byl odstraněn.",
+	"packages.settings.delete.error": "Nepodařilo se odstranit balíček.",
+	"packages.owner.settings.cargo.title": "Index registru Cargo",
+	"packages.owner.settings.cargo.initialize": "Inicializovat index",
+	"packages.owner.settings.cargo.initialize.description": "Pro použití registru Cargo je zapotřebí speciální index Git. Použití této možnosti (znovu) vytvoří repozitář a automaticky jej nastaví.",
+	"packages.owner.settings.cargo.initialize.error": "Nepodařilo se inicializovat Cargo index: %v",
+	"packages.owner.settings.cargo.initialize.success": "Index Cargo byl úspěšně vytvořen.",
+	"packages.owner.settings.cargo.rebuild": "Znovu vytvořit index",
+	"packages.owner.settings.cargo.rebuild.description": "Opětovné sestavení může být užitečné, pokud není index synchronizován s uloženými balíčky Cargo.",
+	"packages.owner.settings.cargo.rebuild.error": "Obnovení Cargo indexu se nezdařilo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Index Cargo byl úspěšně znovu sestaven.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Opětovné vytvoření selhalo, nebyl inicializován žádný index.",
+	"packages.owner.settings.cleanuprules.title": "Pravidla čištění",
+	"packages.owner.settings.cleanuprules.add": "Přidat pravidlo pro čištění",
+	"packages.owner.settings.cleanuprules.edit": "Upravit pravidlo pro čištění",
+	"packages.owner.settings.cleanuprules.none": "Zatím nejsou k dispozici žádná pravidla čištění.",
+	"packages.owner.settings.cleanuprules.preview": "Náhled pravidla pro čištění",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d balíčků má být odstraněno.",
+	"packages.owner.settings.cleanuprules.preview.none": "Pravidlo čištění neodpovídá žádným balíčkům.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Použít vzor na úplný název balíčku",
+	"packages.owner.settings.cleanuprules.keep.title": "Verze, které odpovídají těmto pravidlům, jsou zachovány, i když odpovídají níže uvedenému pravidlu pro odstranění.",
+	"packages.owner.settings.cleanuprules.keep.count": "Zachovat nejnovější",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Ponechat odpovídající verze",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "U balíčků Container je vždy zachována <code>nejnovější</code> verze.",
+	"packages.owner.settings.cleanuprules.remove.title": "Verze, které odpovídají těmto pravidlům, jsou odstraněny, pokud výše uvedené pravidlo neukládá jejich zachování.",
+	"packages.owner.settings.cleanuprules.remove.days": "Odstranit verze starší než",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Odstranit odpovídající verze",
+	"packages.owner.settings.cleanuprules.success.update": "Pravidlo pro čištění bylo aktualizováno.",
+	"packages.owner.settings.cleanuprules.success.delete": "Pravidlo pro čištění bylo odstraněno.",
+	"packages.owner.settings.chef.title": "Registr Chef",
+	"packages.owner.settings.chef.keypair": "Generovat pár klíčů",
+	"packages.owner.settings.chef.keypair.description": "Žádosti odeslané do registru Chef musí být kryptograficky podepsané jako způsob ověření. Při generování páru klíčů je ve službě Forgejo uložen pouze veřejný klíč. Soukromý klíč je poskytnut vám, abyste jej mohli použít s programem knife. Vygenerováním nového páru klíčů přepíšete ten předchozí.",
 	"fork.n_forks": {
 		"one": "%s fork",
 		"few": "%s forky",
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index 87de9c186a..116c2dc794 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Pakker",
+	"packages.empty": "Der er ingen pakker endnu.",
+	"packages.empty.documentation": "For mere information om pakkeregistret, se <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentationen</a>.",
+	"packages.empty.repo": "Har du uploadet en pakke, men den vises ikke her? Gå til <a href=\"%[1]s\">pakkeindstillinger</a> og link den til denne repo.",
+	"packages.registry.documentation": "For mere information om %s registreringsdatabasen, se <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentationen</a>.",
+	"packages.filter.type": "Type",
+	"packages.filter.type.all": "Alle",
+	"packages.filter.no_result": "Dit filter gav ingen resultater.",
+	"packages.filter.container.tagged": "Tagget",
+	"packages.filter.container.untagged": "Umærket",
+	"packages.published_by": "Udgivet %[1]s af <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Udgivet %[1]s af <a href=\"%[2]s\">%[3]s</a> i <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "For at installere pakken ved hjælp af Dart skal du køre følgende kommando:",
+	"packages.installation": "Installation",
+	"packages.about": "Om denne pakke",
+	"packages.requirements": "Krav",
+	"packages.dependencies": "Afhængigheder",
+	"packages.keywords": "Keywords",
+	"packages.details": "Detaljer",
+	"packages.details.author": "Forfatter",
+	"packages.details.project_site": "Projektets hjemmeside",
+	"packages.details.repository_site": "Depots hjemmeside",
+	"packages.details.documentation_site": "Dokumentations hjemmeside",
+	"packages.details.license": "Licens",
+	"packages.assets": "Aktiver",
+	"packages.versions": "Versioner",
+	"packages.versions.view_all": "Se alle",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Version",
+	"packages.search_in_external_registry": "Søg i %s",
+	"packages.alpine.registry": "Konfigurer dette register ved at tilføje url'en i din <code>/etc/apk/repositories</code> fil:",
+	"packages.alpine.registry.key": "Download den offentlige RSA-nøgle til registreringsdatabasen i mappen <code>/etc/apk/keys/</code> for at bekræfte indekssignaturen:",
+	"packages.alpine.registry.info": "Vælg $branch og $repository fra listen nedenfor.",
+	"packages.alpine.install": "For at installere pakken skal du køre følgende kommando:",
+	"packages.alpine.repository": "Depot info",
+	"packages.alpine.repository.branches": "Grene",
+	"packages.alpine.repository.repositories": "Depoter",
+	"packages.alpine.repository.architectures": "Arkitekturer",
+	"packages.arch.pacman.helper.gpg": "Tilføj tillidscertifikat til pacman:",
+	"packages.arch.pacman.repo.multi": "%s har den samme version i forskellige distributioner.",
+	"packages.arch.pacman.repo.multi.item": "Konfiguration for %s",
+	"packages.arch.pacman.conf": "Tilføj server med relateret distribution og arkitektur til <code>/etc/pacman.conf</code>:",
+	"packages.arch.pacman.sync": "Synkroniser pakke med pacman:",
+	"packages.arch.version.properties": "Versionsegenskaber",
+	"packages.arch.version.description": "Beskrivelse",
+	"packages.arch.version.provides": "Forsyner",
+	"packages.arch.version.groups": "Gruppe",
+	"packages.arch.version.depends": "Afhænger",
+	"packages.arch.version.optdepends": "Valgfri afhænger",
+	"packages.arch.version.makedepends": "Gør afhænger",
+	"packages.arch.version.checkdepends": "Check afhænger",
+	"packages.arch.version.conflicts": "Konflikter",
+	"packages.arch.version.replaces": "Erstatter",
+	"packages.arch.version.backup": "Backup",
+	"packages.cargo.registry": "Konfigurer dette register i Cargo-konfigurationsfilen (for eksempel <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "For at installere pakken ved hjælp af Cargo skal du køre følgende kommando:",
+	"packages.chef.registry": "Konfigurer dette register i din <code>~/.chef/config.rb</code> fil:",
+	"packages.chef.install": "For at installere pakken skal du køre følgende kommando:",
+	"packages.composer.registry": "Konfigurer dette register i din <code>~/.composer/config.json</code> fil:",
+	"packages.composer.install": "For at installere pakken ved hjælp af Composer skal du køre følgende kommando:",
+	"packages.composer.dependencies": "Afhængigheder",
+	"packages.composer.dependencies.development": "Udviklingsafhængigheder",
+	"packages.conan.registry": "Konfigurer dette register fra kommandolinjen:",
+	"packages.conan.install": "For at installere pakken ved hjælp af Conan skal du køre følgende kommando:",
+	"packages.conda.registry": "Konfigurer dette register som et Conda-depot i din <code>.condarc</code>-fil:",
+	"packages.conda.install": "For at installere pakken ved hjælp af Conda skal du køre følgende kommando:",
+	"packages.container.images.title": "Billeder",
+	"packages.container.details.type": "Billedtype",
+	"packages.container.details.platform": "Platform",
+	"packages.container.pull": "Træk billedet fra kommandolinjen:",
+	"packages.container.digest": "Fordøje",
+	"packages.container.multi_arch": "OS / Arch",
+	"packages.container.layers": "Billedlag",
+	"packages.container.labels": "Etiketter",
+	"packages.container.labels.key": "Nøgle",
+	"packages.container.labels.value": "Værdi",
+	"packages.cran.registry": "Konfigurer dette register i din <code>Rprofile.site</code> fil:",
+	"packages.cran.install": "For at installere pakken skal du køre følgende kommando:",
+	"packages.debian.registry": "Konfigurer dette register fra kommandolinjen:",
+	"packages.debian.registry.info": "Vælg $distribution og $component fra listen nedenfor.",
+	"packages.debian.install": "For at installere pakken skal du køre følgende kommando:",
+	"packages.debian.repository": "Depot info",
+	"packages.debian.repository.distributions": "Fordelinger",
+	"packages.debian.repository.components": "Komponenter",
+	"packages.debian.repository.architectures": "Arkitekturer",
+	"packages.generic.download": "Download pakken fra kommandolinjen:",
+	"packages.go.install": "Installer pakken fra kommandolinjen:",
+	"packages.helm.registry": "Konfigurer dette register fra kommandolinjen:",
+	"packages.helm.install": "For at installere pakken skal du køre følgende kommando:",
+	"packages.maven.registry": "Konfigurer denne registreringsdatabasen i din projekt <code>pom.xml</code> fil:",
+	"packages.maven.install": "For at bruge pakken skal du inkludere følgende i blokken <code>afhængigheder</code> i filen <code>pom.xml</code>:",
+	"packages.maven.install2": "Kør via kommandolinje:",
+	"packages.maven.download": "For at downloade afhængigheden skal du køre via kommandolinjen:",
+	"packages.nuget.registry": "Konfigurer dette register fra kommandolinjen:",
+	"packages.nuget.install": "For at installere pakken ved hjælp af NuGet skal du køre følgende kommando:",
+	"packages.nuget.dependency.framework": "Mål Framework",
+	"packages.npm.registry": "Konfigurer denne registreringsdatabase i din projekt-<code>.npmrc</code>-fil:",
+	"packages.npm.install": "For at installere pakken ved hjælp af npm skal du køre følgende kommando:",
+	"packages.npm.install2": "eller føj det til filen package.json:",
+	"packages.npm.dependencies": "Afhængigheder",
+	"packages.npm.dependencies.development": "Udviklingsafhængigheder",
+	"packages.npm.dependencies.bundle": "Samlede afhængigheder",
+	"packages.npm.dependencies.peer": "Peer-afhængigheder",
+	"packages.npm.dependencies.optional": "Valgfrie afhængigheder",
+	"packages.npm.details.tag": "Tag",
+	"packages.pypi.requires": "Kræver Python",
+	"packages.pypi.install": "For at installere pakken ved hjælp af pip skal du køre følgende kommando:",
+	"packages.rpm.registry": "Konfigurer dette register fra kommandolinjen:",
+	"packages.rpm.distros.redhat": "på RedHat-baserede distributioner",
+	"packages.rpm.distros.suse": "på SUSE-baserede distributioner",
+	"packages.rpm.install": "For at installere pakken skal du køre følgende kommando:",
+	"packages.rpm.repository": "Depot info",
+	"packages.rpm.repository.architectures": "Arkitekturer",
+	"packages.rpm.repository.multiple_groups": "Denne pakke er tilgængelig i flere grupper.",
+	"packages.alt.registry": "Konfigurer dette register fra kommandolinjen:",
+	"packages.alt.registry.install": "For at installere pakken skal du køre følgende kommando:",
+	"packages.alt.install": "Installer pakken",
+	"packages.alt.setup": "Tilføj et depot til listen over tilsluttede arkiver (vælg den nødvendige arkitektur i stedet for \"_arch_\"):",
+	"packages.alt.repository": "Depot info",
+	"packages.alt.repository.architectures": "Arkitekturer",
+	"packages.alt.repository.multiple_groups": "Denne pakke er tilgængelig i flere grupper.",
+	"packages.rubygems.install": "For at installere pakken ved hjælp af gem skal du køre følgende kommando:",
+	"packages.rubygems.install2": "eller føj det til Gemfilen:",
+	"packages.rubygems.dependencies.runtime": "Kørselsafhængigheder",
+	"packages.rubygems.dependencies.development": "Udviklingsafhængigheder",
+	"packages.rubygems.required.ruby": "Kræver Ruby version",
+	"packages.rubygems.required.rubygems": "Kræver RubyGem version",
+	"packages.swift.registry": "Konfigurer dette register fra kommandolinjen:",
+	"packages.swift.install": "Tilføj pakken i din <code>Package.swift</code>-fil:",
+	"packages.swift.install2": "og kør følgende kommando:",
+	"packages.vagrant.install": "For at tilføje en Vagrant-boks skal du køre følgende kommando:",
+	"packages.settings.link": "Link denne pakke til et depot",
+	"packages.settings.link.description": "Hvis du forbinder en pakke med et depot, vises pakken i depotets pakkeliste.",
+	"packages.settings.link.select": "Vælg depot",
+	"packages.settings.link.button": "Opdater depot link",
+	"packages.settings.link.success": "Depotlinket blev opdateret.",
+	"packages.settings.link.error": "Kunne ikke opdatere depotlinket.",
+	"packages.settings.delete": "Slet pakke",
+	"packages.settings.delete.description": "Sletning af en pakke er permanent og kan ikke fortrydes.",
+	"packages.settings.delete.notice": "Du er ved at slette %s (%s). Denne operation er uigenkaldeligt, er du sikker?",
+	"packages.settings.delete.success": "Pakken er blevet slettet.",
+	"packages.settings.delete.error": "Kunne ikke slette pakken.",
+	"packages.owner.settings.cargo.title": "Lastregisterindeks",
+	"packages.owner.settings.cargo.initialize": "Initialiser indeks",
+	"packages.owner.settings.cargo.initialize.description": "Et særligt indeks Git-depot er nødvendigt for at bruge Cargo-registret. Brug af denne mulighed vil (gen-)oprette depotet og konfigurere det automatisk.",
+	"packages.owner.settings.cargo.initialize.error": "Kunne ikke initialisere Cargo index: %v",
+	"packages.owner.settings.cargo.initialize.success": "Cargo-indekset blev oprettet.",
+	"packages.owner.settings.cargo.rebuild": "Genopbyg indeks",
+	"packages.owner.settings.cargo.rebuild.description": "Genopbygning kan være nyttig, hvis indekset ikke er synkroniseret med de lagrede Cargo-pakker.",
+	"packages.owner.settings.cargo.rebuild.error": "Kunne ikke genopbygge Cargo-indeks: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Cargo-indekset blev genopbygget med succes.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Kan ikke genopbygge, intet indeks er initialiseret.",
+	"packages.owner.settings.cleanuprules.title": "Oprydningsregler",
+	"packages.owner.settings.cleanuprules.add": "Tilføj oprydningsregel",
+	"packages.owner.settings.cleanuprules.edit": "Rediger oprydningsregel",
+	"packages.owner.settings.cleanuprules.none": "Der er endnu ingen oprydningsregler.",
+	"packages.owner.settings.cleanuprules.preview": "Forhåndsvisning af oprydningsregel",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d pakker er planlagt til at blive fjernet.",
+	"packages.owner.settings.cleanuprules.preview.none": "Oprydningsreglen matcher ikke nogen pakker.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Anvend mønster på det fulde pakkenavn",
+	"packages.owner.settings.cleanuprules.keep.title": "Versioner, der matcher disse regler, bevares, selvom de matcher en fjernelsesregel nedenfor.",
+	"packages.owner.settings.cleanuprules.keep.count": "Behold den nyeste",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Hold versionerne matchende",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Den <code>seneste</code> version bevares altid for containerpakker.",
+	"packages.owner.settings.cleanuprules.remove.title": "Versioner, der matcher disse regler, fjernes, medmindre en regel ovenfor siger, at de skal beholdes.",
+	"packages.owner.settings.cleanuprules.remove.days": "Fjern versioner ældre end",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Fjern matchende versioner",
+	"packages.owner.settings.cleanuprules.success.update": "Oprydningsreglen er blevet opdateret.",
+	"packages.owner.settings.cleanuprules.success.delete": "Oprydningsregel er blevet slettet.",
+	"packages.owner.settings.chef.title": "Kokkeregister",
+	"packages.owner.settings.chef.keypair": "Generer nøglepar",
+	"packages.owner.settings.chef.keypair.description": "Anmodninger sendt til Chef-registret skal være kryptografisk signeret som et middel til godkendelse. Når et nøglepar genereres, gemmes kun den offentlige nøgle på Forgejo. Den private nøgle gives til dig til brug med Knife. Generering af et nyt nøglepar vil overskrive det forrige.",
 	"fork.n_forks": {
 		"one": "%s fork",
 		"other": "%s forks"
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 842b12195d..02571c2ecb 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Pakete",
+	"packages.empty": "Noch keine Pakete vorhanden.",
+	"packages.empty.documentation": "Weitere Informationen zur Paket-Registry findest du in der <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">Dokumentation</a>.",
+	"packages.empty.repo": "Hast du ein Paket hochgeladen, das hier nicht angezeigt wird? Gehe zu den <a href=\"%[1]s\">Paketeinstellungen</a> und verlinke es mit diesem Repo.",
+	"packages.registry.documentation": "Für weitere Informationen zur %s-Registry, schaue in der <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">Dokumentation</a> nach.",
+	"packages.filter.type": "Typ",
+	"packages.filter.type.all": "Alle",
+	"packages.filter.no_result": "Keine Ergebnisse mit diesen Kriterien gefunden.",
+	"packages.filter.container.tagged": "Getaggt",
+	"packages.filter.container.untagged": "Nicht getaggt",
+	"packages.published_by": "%[1]s von <a href=\"%[2]s\">%[3]s</a> veröffentlicht",
+	"packages.published_by_in": "%[1]s von <a href=\"%[2]s\">%[3]s</a> in <a href=\"%[4]s\"><strong>%[5]s</strong></a> veröffentlicht",
+	"packages.pub.install": "Um das Paket mit Dart zu installieren, führe den folgenden Befehl aus:",
+	"packages.installation": "Installation",
+	"packages.about": "Über dieses Paket",
+	"packages.requirements": "Voraussetzungen",
+	"packages.dependencies": "Abhängigkeiten",
+	"packages.keywords": "Schlüsselwörter",
+	"packages.details": "Details",
+	"packages.details.author": "Autor",
+	"packages.details.project_site": "Projektwebseite",
+	"packages.details.repository_site": "Repository-Webseite",
+	"packages.details.documentation_site": "Dokumentationswebseite",
+	"packages.details.license": "Lizenz",
+	"packages.assets": "Assets",
+	"packages.versions": "Versionen",
+	"packages.versions.view_all": "Alle anzeigen",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Version",
+	"packages.search_in_external_registry": "In %s suchen",
+	"packages.alpine.registry": "Richte diese Registry ein, indem Du die URL in die <code>/etc/apk/repositories</code>-Datei hinzufügst:",
+	"packages.alpine.registry.key": "Lade den öffentlichen RSA-Key der Registry in den <code>/etc/apk/keys/</code>-Ordner, um die Signatur zu überprüfen:",
+	"packages.alpine.registry.info": "Wähle $branch und $repository aus der Liste unten.",
+	"packages.alpine.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
+	"packages.alpine.repository": "Repository-Informationen",
+	"packages.alpine.repository.branches": "Branches",
+	"packages.alpine.repository.repositories": "Repositorys",
+	"packages.alpine.repository.architectures": "Architekturen",
+	"packages.arch.pacman.helper.gpg": "Trust-Zertifikat für pacman hinzufügen:",
+	"packages.arch.pacman.repo.multi": "%s hat die gleiche Version in verschiedenen Distributionen.",
+	"packages.arch.pacman.repo.multi.item": "Konfiguration für %s",
+	"packages.arch.pacman.conf": "Server mit verwandter Distribution und Architektur zu <code>/etc/pacman.conf</code> hinzufügen:",
+	"packages.arch.pacman.sync": "Paket mit pacman synchronisieren:",
+	"packages.arch.version.properties": "Versionseigenschaften",
+	"packages.arch.version.description": "Beschreibung",
+	"packages.arch.version.provides": "Bietet",
+	"packages.arch.version.groups": "Gruppe",
+	"packages.arch.version.depends": "Hängt ab von",
+	"packages.arch.version.optdepends": "Optionale Abhängigkeit",
+	"packages.arch.version.makedepends": "Make-Abhängigkeit",
+	"packages.arch.version.checkdepends": "Prüfungs-Abhängigkeit",
+	"packages.arch.version.conflicts": "Konflikte",
+	"packages.arch.version.replaces": "Ersetzt",
+	"packages.arch.version.backup": "Backup",
+	"packages.cargo.registry": "Richte diese Registry in der Cargo-Konfigurationsdatei ein (z.B. <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Um das Paket mit Cargo zu installieren, führe den folgenden Befehl aus:",
+	"packages.chef.registry": "Richte diese Registry in deiner <code>~/.chef/config.rb</code>-Datei ein:",
+	"packages.chef.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
+	"packages.composer.registry": "Setze diese Paketverwaltung in deiner <code>~/.composer/config.json</code>-Datei auf:",
+	"packages.composer.install": "Nutze folgenden Befehl, um das Paket mit Composer zu installieren:",
+	"packages.composer.dependencies": "Abhängigkeiten",
+	"packages.composer.dependencies.development": "Entwicklungsabhängigkeiten",
+	"packages.conan.registry": "Diese Registry über die Kommandozeile einrichten:",
+	"packages.conan.install": "Um das Paket mit Conan zu installieren, führe den folgenden Befehl aus:",
+	"packages.conda.registry": "Richte diese Registry als Conda-Repository in deiner <code>.condarc</code>-Datei ein:",
+	"packages.conda.install": "Um das Paket mit Conda zu installieren, führe den folgenden Befehl aus:",
+	"packages.container.images.title": "Bilder",
+	"packages.container.details.type": "Abbildtyp",
+	"packages.container.details.platform": "Plattform",
+	"packages.container.pull": "Lade das Container-Image von der Kommandozeile aus herunter:",
+	"packages.container.digest": "Prüfsumme",
+	"packages.container.multi_arch": "Betriebsystem/Architektur",
+	"packages.container.layers": "Abbildebenen",
+	"packages.container.labels": "Labels",
+	"packages.container.labels.key": "Schlüssel",
+	"packages.container.labels.value": "Wert",
+	"packages.cran.registry": "Richte diese Registry in deiner <code>Rprofile.site</code>-Datei ein:",
+	"packages.cran.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
+	"packages.debian.registry": "Diese Registry über die Kommandozeile einrichten:",
+	"packages.debian.registry.info": "Wähle $distribution und $component aus der Liste unten.",
+	"packages.debian.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
+	"packages.debian.repository": "Repository-Informationen",
+	"packages.debian.repository.distributions": "Distributionen",
+	"packages.debian.repository.components": "Komponenten",
+	"packages.debian.repository.architectures": "Architekturen",
+	"packages.generic.download": "Lade das Paket mit der Kommandozeile herunter:",
+	"packages.go.install": "Installiere das Paket über die Kommandozeile:",
+	"packages.helm.registry": "Diese Paketverwaltung über die Kommandozeile einrichten:",
+	"packages.helm.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
+	"packages.maven.registry": "Setze diese Paketverwaltung in der <code>pom.xml</code> deines Projektes auf:",
+	"packages.maven.install": "Um das Paket zu verwenden, nimm Folgendes in den <code>dependencies</code>-Block in der <code>pom.xml</code>-Datei auf:",
+	"packages.maven.install2": "Über die Kommandozeile ausführen:",
+	"packages.maven.download": "Nutze folgendes Kommando, um die Abhängigkeit herunterzuladen:",
+	"packages.nuget.registry": "Diese Registry über die Kommandozeile einrichten:",
+	"packages.nuget.install": "Um das Paket mit NuGet zu installieren, führe den folgenden Befehl aus:",
+	"packages.nuget.dependency.framework": "Zielframework",
+	"packages.npm.registry": "Setze diese Paketverwaltung in der <code>.npmrc</code> deines Projektes auf:",
+	"packages.npm.install": "Um das Paket mit npm zu installieren, führe den folgenden Befehl aus:",
+	"packages.npm.install2": "oder füge es zur package.json-Datei hinzu:",
+	"packages.npm.dependencies": "Abhängigkeiten",
+	"packages.npm.dependencies.development": "Entwicklungsabhängigkeiten",
+	"packages.npm.dependencies.bundle": "Gebündelte Abhängigkeiten",
+	"packages.npm.dependencies.peer": "Peer-Abhängigkeiten",
+	"packages.npm.dependencies.optional": "Optionale Abhängigkeiten",
+	"packages.npm.details.tag": "Tag",
+	"packages.pypi.requires": "Erfordert Python",
+	"packages.pypi.install": "Nutze folgenden Befehl, um das Paket mit pip zu installieren:",
+	"packages.rpm.registry": "Diese Registry über die Kommandozeile einrichten:",
+	"packages.rpm.distros.redhat": "auf RedHat-basierten Distributionen",
+	"packages.rpm.distros.suse": "auf SUSE-basierten Distributionen",
+	"packages.rpm.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
+	"packages.rpm.repository": "Repository-Info",
+	"packages.rpm.repository.architectures": "Architekturen",
+	"packages.rpm.repository.multiple_groups": "Dieses Paket ist in mehreren Gruppen verfügbar.",
+	"packages.alt.registry": "Diese Registry von der Befehlszeile aus einrichten:",
+	"packages.alt.registry.install": "Um das Paket zu installieren, folgenden Befehl ausführen:",
+	"packages.alt.install": "Paket installieren",
+	"packages.alt.setup": "Ein Repository zur Liste der verbundenen Repositorys hinzufügen (wähle die nötige Architektur anstelle von „_arch_“):",
+	"packages.alt.repository": "Repository-Infos",
+	"packages.alt.repository.architectures": "Architekturen",
+	"packages.alt.repository.multiple_groups": "Dieses Paket ist in verschiedenen Gruppen verfügbar.",
+	"packages.rubygems.install": "Um das Paket mit gem zu installieren, führe den folgenden Befehl aus:",
+	"packages.rubygems.install2": "oder füg es zum Gemfile hinzu:",
+	"packages.rubygems.dependencies.runtime": "Laufzeitabhängigkeiten",
+	"packages.rubygems.dependencies.development": "Entwicklungsabhängigkeiten",
+	"packages.rubygems.required.ruby": "Benötigt Ruby-Version",
+	"packages.rubygems.required.rubygems": "Benötigt RubyGem-Version",
+	"packages.swift.registry": "Diese Registry über die Kommandozeile einrichten:",
+	"packages.swift.install": "Füge das Paket deiner <code>Package.swift</code>-Datei hinzu:",
+	"packages.swift.install2": "und führe den folgenden Befehl aus:",
+	"packages.vagrant.install": "Um eine Vagrant-Box hinzuzufügen, führe den folgenden Befehl aus:",
+	"packages.settings.link": "Dieses Paket einem Repository zuweisen",
+	"packages.settings.link.description": "Wenn du ein Paket mit einem Repository verknüpfst, wird es in der Paketliste des Repositorys angezeigt.",
+	"packages.settings.link.select": "Repository auswählen",
+	"packages.settings.link.button": "Repository-Link aktualisieren",
+	"packages.settings.link.success": "Repository-Link wurde erfolgreich aktualisiert.",
+	"packages.settings.link.error": "Fehler beim Aktualisieren des Repository-Links.",
+	"packages.settings.delete": "Paket löschen",
+	"packages.settings.delete.description": "Das Löschen eines Pakets ist dauerhaft und kann nicht rückgängig gemacht werden.",
+	"packages.settings.delete.notice": "Du bist dabei, %s (%s) zu löschen. Dieser Vorgang ist unwiderruflich. Bist du sicher?",
+	"packages.settings.delete.success": "Das Paket wurde gelöscht.",
+	"packages.settings.delete.error": "Löschen des Pakets fehlgeschlagen.",
+	"packages.owner.settings.cargo.title": "Cargo-Registry-Index",
+	"packages.owner.settings.cargo.initialize": "Index initialisieren",
+	"packages.owner.settings.cargo.initialize.description": "Ein spezielles Index-Repository wird benötigt, um die Cargo-Registry zu nutzen. Diese Option wird dieses Repository (neu) erstellen und automatisch konfigurieren.",
+	"packages.owner.settings.cargo.initialize.error": "Cargo-Index konnte nicht initialisiert werden: %v",
+	"packages.owner.settings.cargo.initialize.success": "Der Cargo-Index wurde erfolgreich erstellt.",
+	"packages.owner.settings.cargo.rebuild": "Index neu erstellen",
+	"packages.owner.settings.cargo.rebuild.description": "Neubauen kann hilfreich sein, wenn der Index nicht mit den gespeicherten Cargo-Paketen synchronisiert ist.",
+	"packages.owner.settings.cargo.rebuild.error": "Cargo-Index konnte nicht neu erstellt werden: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Der Cargo-Index wurde erfolgreich neu erstellt.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Kann nicht erneut erzeugen, es wurde kein Index initialisiert.",
+	"packages.owner.settings.cleanuprules.title": "Bereinigungsregeln",
+	"packages.owner.settings.cleanuprules.add": "Bereinigungsregel hinzufügen",
+	"packages.owner.settings.cleanuprules.edit": "Bereinigungsregel bearbeiten",
+	"packages.owner.settings.cleanuprules.none": "Es bestehen derzeit keine Bereinigungsregeln.",
+	"packages.owner.settings.cleanuprules.preview": "Vorschau der Bereinigungsregel",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d Pakete sollen entfernt werden.",
+	"packages.owner.settings.cleanuprules.preview.none": "Bereinigungsregel stimmt mit keinem Paket überein.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Muster auf den vollständigen Paketnamen anwenden",
+	"packages.owner.settings.cleanuprules.keep.title": "Versionen, die diesen Regeln entsprechen, werden beibehalten, auch wenn sie mit einer Entfernungsregel unten übereinstimmen.",
+	"packages.owner.settings.cleanuprules.keep.count": "Behalte die aktuellsten",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Behalte übereinstimmende Versionen",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Die Version <code>latest</code> bei Container-Paketen wird immer behalten.",
+	"packages.owner.settings.cleanuprules.remove.title": "Versionen, die diesen Regeln entsprechen, werden entfernt, es sei denn, eine obige Regel besagt, sie zu behalten.",
+	"packages.owner.settings.cleanuprules.remove.days": "Entferne Versionen älter als",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Entferne übereinstimmende Versionen",
+	"packages.owner.settings.cleanuprules.success.update": "Bereinigungsregel wurde aktualisiert.",
+	"packages.owner.settings.cleanuprules.success.delete": "Bereinigungsregel wurde gelöscht.",
+	"packages.owner.settings.chef.title": "Chef-Registry",
+	"packages.owner.settings.chef.keypair": "Schlüsselpaar generieren",
+	"packages.owner.settings.chef.keypair.description": "Anfragen an die Chef-Registry müssen zur Authentifizierung kryptografisch signiert werden. Beim Erstellen eines Schlüsselpaars wird nur der öffentliche Schlüssel in Forgejo gespeichert. Der private Schlüssel wird dir für die Verwendung mit knife bereitgestellt. Das Generieren eines neuen Schlüsselpaars überschreibt das vorherige.",
 	"fork.n_forks": {
 		"one": "%s Fork",
 		"other": "%s Forks"
diff --git a/options/locale_next/locale_el-GR.json b/options/locale_next/locale_el-GR.json
index b2388616b5..d4813225ae 100644
--- a/options/locale_next/locale_el-GR.json
+++ b/options/locale_next/locale_el-GR.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Πακέτα",
+	"packages.empty": "Δεν υπάρχουν πακέτα ακόμα.",
+	"packages.empty.documentation": "Για περισσότερες πληροφορίες σχετικά με το μητρώο πακέτων, συμβουλευτείτε <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">τον οδηγό</a>.",
+	"packages.empty.repo": "Μήπως ανεβάσατε ένα πακέτο, αλλά δεν εμφανίζεται εδώ; Πηγαίνετε στις <a href=\"%[1]s\">ρυθμίσεις πακέτων</a> και συνδέστε το σε αυτό το repository.",
+	"packages.registry.documentation": "Για περισσότερες πληροφορίες σχετικά με το μητρώο %s, συμβουλευτείτε τον <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">οδηγό</a>.",
+	"packages.filter.type": "Τύπος",
+	"packages.filter.type.all": "Όλα",
+	"packages.filter.no_result": "Το φίλτρο δεν παρήγαγε αποτελέσματα.",
+	"packages.filter.container.tagged": "Επισημάνθηκαν",
+	"packages.filter.container.untagged": "Χωρίς επισήμανση",
+	"packages.published_by": "Δημοσιεύθηκε %[1]s από <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Δημοσιεύθηκε %[1]s κατά <a href=\"%[2]s\">%[3]s</a> σε <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Για να εγκαταστήσετε το πακέτο μέσω του Dart, εκτελέστε την ακόλουθη εντολή:",
+	"packages.installation": "Εγκατάσταση",
+	"packages.about": "Σχετικά με αυτό το πακέτο",
+	"packages.requirements": "Απαιτήσεις",
+	"packages.dependencies": "Εξαρτήσεις",
+	"packages.keywords": "Λέξεις κλειδιά",
+	"packages.details": "Λεπτομέρειες",
+	"packages.details.author": "Συγγραφέας",
+	"packages.details.project_site": "Ιστοσελίδα έργου",
+	"packages.details.repository_site": "Ιστοσελίδα αποθετηρίου",
+	"packages.details.documentation_site": "Ιστοσελίδα τεκμηρίωσης",
+	"packages.details.license": "Άδεια",
+	"packages.assets": "Πόροι",
+	"packages.versions": "Εκδόσεις",
+	"packages.versions.view_all": "Προβολή όλων",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Έκδοση",
+	"packages.search_in_external_registry": "Αναζήτηση σε %s",
+	"packages.alpine.registry": "Ρυθμίστε αυτό το μητρώο προσθέτοντας το url στο αρχείο <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Αποθηκεύστε το δημόσιο κλειδί RSA του μητρώου στο φάκελο <code>/etc/apk/keys/</code> για να επαληθεύσετε την υπογραφή ευρετηρίου:",
+	"packages.alpine.registry.info": "Επιλέξτε $branch και $repository από την παρακάτω λίστα.",
+	"packages.alpine.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
+	"packages.alpine.repository": "Πληροφορίες αποθετηρίου",
+	"packages.alpine.repository.branches": "Κλάδοι",
+	"packages.alpine.repository.repositories": "Αποθετήρια",
+	"packages.alpine.repository.architectures": "Αρχιτεκτονικές",
+	"packages.arch.pacman.helper.gpg": "Προσθέστε το trust certificate για το pacman:",
+	"packages.arch.pacman.repo.multi": "Το %s έχει την ίδια έκδοση σε διαφορετικές διανομές.",
+	"packages.arch.pacman.repo.multi.item": "Ρυθμίσεις για %s",
+	"packages.arch.pacman.conf": "Προσθέστε τον server με τις σχετικές πληροφορίες διανομής και αρχιτεκτονικής επεξεργαστή στο <code>/etc/pacman.conf</code>:",
+	"packages.arch.pacman.sync": "«Συγχρονίστε» το πακέτο με το pacman:",
+	"packages.arch.version.properties": "Πληροφορίες έκδοσης",
+	"packages.arch.version.description": "Περιγραφή",
+	"packages.arch.version.provides": "Προσφέρει",
+	"packages.arch.version.groups": "Γκρουπ",
+	"packages.arch.version.depends": "Εξαρτάται",
+	"packages.arch.version.optdepends": "Εξαρτάται προαιρετικά από",
+	"packages.arch.version.makedepends": "Εξαρτήσεις make",
+	"packages.arch.version.checkdepends": "Εξαρτήσεις ελέγχου",
+	"packages.arch.version.conflicts": "Συγκρούεται με",
+	"packages.arch.version.replaces": "Αντικαταστά",
+	"packages.arch.version.backup": "Αντίγραφο",
+	"packages.cargo.registry": "Ρυθμίστε αυτό το μητρώο στις ρυθμίσεις του Cargo (για παράδειγμα <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Cargo, εκτελέστε την ακόλουθη εντολή:",
+	"packages.chef.registry": "Ρυθμίστε αυτό το μητρώο στο αρχείο <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
+	"packages.composer.registry": "Ρυθμίστε αυτό το μητρώο στο αρχείο <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Composer, εκτελέστε την ακόλουθη εντολή:",
+	"packages.composer.dependencies": "Εξαρτήσεις",
+	"packages.composer.dependencies.development": "Εξαρτήσεις ανάπτυξης",
+	"packages.conan.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
+	"packages.conan.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Conan, εκτελέστε την ακόλουθη εντολή:",
+	"packages.conda.registry": "Ρυθμίστε αυτό το μητρώο ως repository Conda στο αρχείο <code>.condarc</code>:",
+	"packages.conda.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Conda, εκτελέστε την ακόλουθη εντολή:",
+	"packages.container.images.title": "Εικόνες",
+	"packages.container.details.type": "Τύπος εικόνας",
+	"packages.container.details.platform": "Πλατφόρμα",
+	"packages.container.pull": "Κατεβάστε την εικόνα από τη γραμμή εντολών:",
+	"packages.container.digest": "Σύνοψη",
+	"packages.container.multi_arch": "ΛΣ / Αρχιτεκτονική",
+	"packages.container.layers": "Στρώματα εικόνας",
+	"packages.container.labels": "Ετικέτες",
+	"packages.container.labels.key": "Κλειδί",
+	"packages.container.labels.value": "Τιμή",
+	"packages.cran.registry": "Ρυθμίστε αυτό το μητρώο στο αρχείο <code>Rprofile.site</code>:",
+	"packages.cran.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
+	"packages.debian.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
+	"packages.debian.registry.info": "Επιλέξτε $distribution και $component από την παρακάτω λίστα.",
+	"packages.debian.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
+	"packages.debian.repository": "Πληροφορίες αποθετηρίου",
+	"packages.debian.repository.distributions": "Διανομές",
+	"packages.debian.repository.components": "Συστατικά",
+	"packages.debian.repository.architectures": "Αρχιτεκτονικές",
+	"packages.generic.download": "Λήψη πακέτου από τη γραμμή εντολών:",
+	"packages.go.install": "Εγκαταστήστε το πακέτο από τη γραμμή εντολών:",
+	"packages.helm.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
+	"packages.helm.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
+	"packages.maven.registry": "Ρυθμίστε αυτό το μητρώο στο αρχείο <code>pom.xml</code> του έργου σας:",
+	"packages.maven.install": "Για να χρησιμοποιήσετε το πακέτο, συμπεριλάβετε τα ακόλουθα στη περιοχή <code>dependencies</code> στο αρχείο <code>pom.xml</code>:",
+	"packages.maven.install2": "Εκτέλεση μέσω γραμμής εντολών:",
+	"packages.maven.download": "Για να κατεβάσετε την εξάρτηση, εκτελέστε μέσω της γραμμής εντολών:",
+	"packages.nuget.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
+	"packages.nuget.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το NuGet, εκτελέστε την ακόλουθη εντολή:",
+	"packages.nuget.dependency.framework": "Πλαίσιο Ανάπτυξης",
+	"packages.npm.registry": "Ρυθμίστε αυτό το μητρώο στο αρχείο <code>.npmrc</code> του έργου σας:",
+	"packages.npm.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας npm, εκτελέστε την ακόλουθη εντολή:",
+	"packages.npm.install2": "ή προσθέστε το στο αρχείο package.json:",
+	"packages.npm.dependencies": "Εξαρτήσεις",
+	"packages.npm.dependencies.development": "Εξαρτήσεις ανάπτυξης",
+	"packages.npm.dependencies.bundle": "Ενσωματωμένες εξαρτήσεις",
+	"packages.npm.dependencies.peer": "Εξαρτήσεις ομότιμου",
+	"packages.npm.dependencies.optional": "Προαιρετικές εξαρτήσεις",
+	"packages.npm.details.tag": "Σήμανση",
+	"packages.pypi.requires": "Απαιτεί Python",
+	"packages.pypi.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το pip, εκτελέστε την ακόλουθη εντολή:",
+	"packages.rpm.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
+	"packages.rpm.distros.redhat": "σε διανομές βασισμένες στο RedHat",
+	"packages.rpm.distros.suse": "σε διανομές με βάση το SUSE",
+	"packages.rpm.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
+	"packages.rpm.repository": "Πληροφορίες αποθετηρίου",
+	"packages.rpm.repository.architectures": "Αρχιτεκτονικές",
+	"packages.rpm.repository.multiple_groups": "Αυτό το πακέτο είναι διαθέσιμο σε πολλαπλά group.",
+	"packages.alt.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
+	"packages.alt.registry.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
+	"packages.alt.install": "Εγκατάσταση πακέτου",
+	"packages.alt.setup": "Προσθήκη ενός αποθετηρίου στη λίστα των συνδεδεμένων αποθετηρίων (επιλέξτε την απαραίτητη αρχιτεκτονική αντί του \"_arch_\"):",
+	"packages.alt.repository": "Πληροφορίες αποθετηρίου",
+	"packages.alt.repository.architectures": "Αρχιτεκτονικές",
+	"packages.alt.repository.multiple_groups": "Αυτό το πακέτο είναι διαθέσιμο σε πολλαπλές ομάδες.",
+	"packages.rubygems.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το gem, εκτελέστε την ακόλουθη εντολή:",
+	"packages.rubygems.install2": "ή προσθέστε το στο Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Εξαρτήσεις κατά την εκτέλεση",
+	"packages.rubygems.dependencies.development": "Εξαρτήσεις ανάπτυξης",
+	"packages.rubygems.required.ruby": "Απαιτεί την έκδοση Ruby",
+	"packages.rubygems.required.rubygems": "Απαιτεί έκδοση RubyGem",
+	"packages.swift.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
+	"packages.swift.install": "Προσθέστε το πακέτο στο αρχείο <code>Package.swift</code>:",
+	"packages.swift.install2": "και εκτελέστε την ακόλουθη εντολή:",
+	"packages.vagrant.install": "Για προσθήκη ενός κυτίου Vagrant, εκτελέστε την ακόλουθη εντολή:",
+	"packages.settings.link": "Σύνδεση αυτού του πακέτου με ένα repository",
+	"packages.settings.link.description": "Εάν συνδέσετε ένα πακέτο με ένα repository, το πακέτο περιλαμβάνεται στη λίστα πακέτων του repository.",
+	"packages.settings.link.select": "Επιλογή αποθετηρίου",
+	"packages.settings.link.button": "Ενημέρωση συνδέσμου αποθετηρίου",
+	"packages.settings.link.success": "Ο σύνδεσμος αποθετηρίου ενημερώθηκε επιτυχώς.",
+	"packages.settings.link.error": "Αποτυχία ενημέρωσης συνδέσμου αποθετηρίου.",
+	"packages.settings.delete": "Διαγραφή πακέτου",
+	"packages.settings.delete.description": "Η διαγραφή ενός πακέτου είναι μόνιμη και δεν μπορεί να αναιρεθεί.",
+	"packages.settings.delete.notice": "Πρόκειται να διαγράψετε το %s (%s). Αυτή η διαδικασία είναι μη αναστρέψιμη, είστε σίγουροι;",
+	"packages.settings.delete.success": "Το πακέτο έχει διαγραφεί.",
+	"packages.settings.delete.error": "Αποτυχία διαγραφής του πακέτου.",
+	"packages.owner.settings.cargo.title": "Ευρετήριο μητρώου Cargo",
+	"packages.owner.settings.cargo.initialize": "Αρχικοποίηση ευρετηρίου",
+	"packages.owner.settings.cargo.initialize.description": "Απαιτείται ένα ειδικό repository ευρετηρίου Git για τη χρήση του μητρώου Cargo. Χρησιμοποιώντας αυτή την επιλογή θα δημιουργηθεί ξανά το repository και θα ρυθμιστεί αυτόματα.",
+	"packages.owner.settings.cargo.initialize.error": "Αποτυχία αρχικοποίησης ευρετηρίου Cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "Ο ευρετήριο Cargo δημιουργήθηκε με επιτυχία.",
+	"packages.owner.settings.cargo.rebuild": "Ανανέωση ευρετηρίου",
+	"packages.owner.settings.cargo.rebuild.description": "Η ανοικοδόμηση μπορεί να είναι χρήσιμη εάν ο δείκτης δεν είναι συγχρονισμένος με τα αποθηκευμένα πακέτα Cargo.",
+	"packages.owner.settings.cargo.rebuild.error": "Αποτυχία αναδόμησης του ευρετηρίου Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Το ευρετήριο Cargo αναπλάστηκε με επιτυχία.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Η ανανέωση δεν είναι δυνατή, επειδή το ευρετήριο δεν έρχει αρχικοποιηθεί.",
+	"packages.owner.settings.cleanuprules.title": "Κανόνες εκκαθάρισης",
+	"packages.owner.settings.cleanuprules.add": "Προσθήκη κανόνα εκκαθάρισης",
+	"packages.owner.settings.cleanuprules.edit": "Επεξεργασία κανόνα εκκαθάρισης",
+	"packages.owner.settings.cleanuprules.none": "Δεν υπάρχουν ακόμα κάποιοι κανόνες εκκαθάρισης.",
+	"packages.owner.settings.cleanuprules.preview": "Προεπισκόπηση κανόνα εκκαθάρισης",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d πακέτα έχουν προγραμματιστεί να αφαιρεθούν.",
+	"packages.owner.settings.cleanuprules.preview.none": "Ο κανόνας εκκαθάρισης δεν ταιριάζει με κανένα πακέτο.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Εφαρμογή μοτίβου στο πλήρες όνομα του πακέτου",
+	"packages.owner.settings.cleanuprules.keep.title": "Οι εκδόσεις που ταιριάζουν με αυτούς τους κανόνες παραμένουν, ακόμη και αν ταιριάζουν με έναν κανόνα αφαίρεσης παρακάτω.",
+	"packages.owner.settings.cleanuprules.keep.count": "Κράτησε το πιο πρόσφατο",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Διατήρηση εκδόσεων που ταιριάζουν",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Η <code>τελευταία</code> έκδοση διατηρείται πάντα για τα πακέτα Container.",
+	"packages.owner.settings.cleanuprules.remove.title": "Οι εκδόσεις που ταιριάζουν με αυτούς τους κανόνες καταργούνται, εκτός και αν ένας παραπάνω κανόνας ορίζει να μείνουν.",
+	"packages.owner.settings.cleanuprules.remove.days": "Αφαίρεση εκδόσεων παλαιότερων από",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Αφαίρεση εκδόσεων που ταιριάζουν",
+	"packages.owner.settings.cleanuprules.success.update": "Ο κανόνας καθαρισμού ενημερώθηκε.",
+	"packages.owner.settings.cleanuprules.success.delete": "Ο κανόνας καθαρισμού διαγράφηκε.",
+	"packages.owner.settings.chef.title": "Μητρώο Chef",
+	"packages.owner.settings.chef.keypair": "Δημιουργία ζεύγους κλειδιών",
+	"packages.owner.settings.chef.keypair.description": "Οι αιτήσεις που στέλνονται στο μητρώο Chef πρέπει να ταυτοποιούνται με κρυπτογραφική υπογραφή. Όταν δημιουργείτε ένα ζεύγος κλειδιών, μόνο το δημόσιο κλειδί αποθηκεύεται στο Forgejo. Το ιδιωτικό κλειδί σας δίνεται για χρήση με το knife. Η αναδημιουργία ενός νέου ζεύγους κλειδιών αντικαθιστεί τα προηγούμενα.",
 	"fork.n_forks": {
 		"one": "%s fork",
 		"other": "%s forks"
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index b786e14131..e1b9125e7f 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -213,6 +213,178 @@
 		"one": "Waiting for a runner with the following label: %s",
 		"other": "Waiting for a runner with the following labels: %s"
 	},
+	"packages.title": "Packages",
+	"packages.empty": "There are no packages yet.",
+	"packages.empty.documentation": "For more information on the package registry, see <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">the documentation</a>.",
+	"packages.empty.repo": "Did you upload a package, but it's not shown here? Go to <a href=\"%[1]s\">package settings</a> and link it to this repo.",
+	"packages.registry.documentation": "For more information on the %s registry, see <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">the documentation</a>.",
+	"packages.filter.type": "Type",
+	"packages.filter.type.all": "All",
+	"packages.filter.no_result": "Your filter produced no results.",
+	"packages.filter.container.tagged": "Tagged",
+	"packages.filter.container.untagged": "Untagged",
+	"packages.published_by": "Published %[1]s by <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Published %[1]s by <a href=\"%[2]s\">%[3]s</a> in <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "To install the package using Dart, run the following command:",
+	"packages.installation": "Installation",
+	"packages.about": "About this package",
+	"packages.requirements": "Requirements",
+	"packages.dependencies": "Dependencies",
+	"packages.keywords": "Keywords",
+	"packages.details": "Details",
+	"packages.details.author": "Author",
+	"packages.details.project_site": "Project website",
+	"packages.details.repository_site": "Repository website",
+	"packages.details.documentation_site": "Documentation website",
+	"packages.details.license": "License",
+	"packages.assets": "Assets",
+	"packages.versions": "Versions",
+	"packages.versions.view_all": "View all",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Version",
+	"packages.search_in_external_registry": "Search in %s",
+	"packages.alpine.registry": "Setup this registry by adding the url in your <code>/etc/apk/repositories</code> file:",
+	"packages.alpine.registry.key": "Download the registry public RSA key into the <code>/etc/apk/keys/</code> folder to verify the index signature:",
+	"packages.alpine.registry.info": "Choose $branch and $repository from the list below.",
+	"packages.alpine.install": "To install the package, run the following command:",
+	"packages.alpine.repository": "Repository info",
+	"packages.alpine.repository.branches": "Branches",
+	"packages.alpine.repository.repositories": "Repositories",
+	"packages.alpine.repository.architectures": "Architectures",
+	"packages.arch.pacman.helper.gpg": "Add trust certificate for pacman:",
+	"packages.arch.pacman.repo.multi": "%s has the same version in different distributions.",
+	"packages.arch.pacman.repo.multi.item": "Configuration for %s",
+	"packages.arch.pacman.conf": "Add server with related distribution and architecture to <code>/etc/pacman.conf</code> :",
+	"packages.arch.pacman.sync": "Sync package with pacman:",
+	"packages.arch.version.properties": "Version properties",
+	"packages.arch.version.description": "Description",
+	"packages.arch.version.provides": "Provides",
+	"packages.arch.version.groups": "Group",
+	"packages.arch.version.depends": "Depends",
+	"packages.arch.version.optdepends": "Optional depends",
+	"packages.arch.version.makedepends": "Make depends",
+	"packages.arch.version.checkdepends": "Check depends",
+	"packages.arch.version.conflicts": "Conflicts",
+	"packages.arch.version.replaces": "Replaces",
+	"packages.arch.version.backup": "Backup",
+	"packages.cargo.registry": "Setup this registry in the Cargo configuration file (for example <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "To install the package using Cargo, run the following command:",
+	"packages.chef.registry": "Setup this registry in your <code>~/.chef/config.rb</code> file:",
+	"packages.chef.install": "To install the package, run the following command:",
+	"packages.composer.registry": "Setup this registry in your <code>~/.composer/config.json</code> file:",
+	"packages.composer.install": "To install the package using Composer, run the following command:",
+	"packages.composer.dependencies": "Dependencies",
+	"packages.composer.dependencies.development": "Development dependencies",
+	"packages.conan.registry": "Setup this registry from the command line:",
+	"packages.conan.install": "To install the package using Conan, run the following command:",
+	"packages.conda.registry": "Setup this registry as a Conda repository in your <code>.condarc</code> file:",
+	"packages.conda.install": "To install the package using Conda, run the following command:",
+	"packages.container.images.title": "Images",
+	"packages.container.details.type": "Image type",
+	"packages.container.details.platform": "Platform",
+	"packages.container.pull": "Pull the image from the command line:",
+	"packages.container.digest": "Digest",
+	"packages.container.multi_arch": "OS / Arch",
+	"packages.container.layers": "Image layers",
+	"packages.container.labels": "Labels",
+	"packages.container.labels.key": "Key",
+	"packages.container.labels.value": "Value",
+	"packages.cran.registry": "Setup this registry in your <code>Rprofile.site</code> file:",
+	"packages.cran.install": "To install the package, run the following command:",
+	"packages.debian.registry": "Setup this registry from the command line:",
+	"packages.debian.registry.info": "Choose $distribution and $component from the list below.",
+	"packages.debian.install": "To install the package, run the following command:",
+	"packages.debian.repository": "Repository info",
+	"packages.debian.repository.distributions": "Distributions",
+	"packages.debian.repository.components": "Components",
+	"packages.debian.repository.architectures": "Architectures",
+	"packages.generic.download": "Download package from the command line:",
+	"packages.go.install": "Install the package from the command line:",
+	"packages.helm.registry": "Setup this registry from the command line:",
+	"packages.helm.install": "To install the package, run the following command:",
+	"packages.maven.registry": "Setup this registry in your project <code>pom.xml</code> file:",
+	"packages.maven.install": "To use the package include the following in the <code>dependencies</code> block in the <code>pom.xml</code> file:",
+	"packages.maven.install2": "Run via command line:",
+	"packages.maven.download": "To download the dependency, run via command line:",
+	"packages.nuget.registry": "Setup this registry from the command line:",
+	"packages.nuget.install": "To install the package using NuGet, run the following command:",
+	"packages.nuget.dependency.framework": "Target Framework",
+	"packages.npm.registry": "Setup this registry in your project <code>.npmrc</code> file:",
+	"packages.npm.install": "To install the package using npm, run the following command:",
+	"packages.npm.install2": "or add it to the package.json file:",
+	"packages.npm.dependencies": "Dependencies",
+	"packages.npm.dependencies.development": "Development dependencies",
+	"packages.npm.dependencies.bundle": "Bundled dependencies",
+	"packages.npm.dependencies.peer": "Peer dependencies",
+	"packages.npm.dependencies.optional": "Optional dependencies",
+	"packages.npm.details.tag": "Tag",
+	"packages.pypi.requires": "Requires Python",
+	"packages.pypi.install": "To install the package using pip, run the following command:",
+	"packages.rpm.registry": "Setup this registry from the command line:",
+	"packages.rpm.distros.redhat": "on RedHat based distributions",
+	"packages.rpm.distros.suse": "on SUSE based distributions",
+	"packages.rpm.install": "To install the package, run the following command:",
+	"packages.rpm.repository": "Repository info",
+	"packages.rpm.repository.architectures": "Architectures",
+	"packages.rpm.repository.multiple_groups": "This package is available in multiple groups.",
+	"packages.alt.registry": "Setup this registry from the command line:",
+	"packages.alt.registry.install": "To install the package, run the following command:",
+	"packages.alt.install": "Install package",
+	"packages.alt.setup": "Add a repository to the list of connected repositories (choose the necessary architecture instead of \"_arch_\"):",
+	"packages.alt.repository": "Repository info",
+	"packages.alt.repository.architectures": "Architectures",
+	"packages.alt.repository.multiple_groups": "This package is available in multiple groups.",
+	"packages.rubygems.install": "To install the package using gem, run the following command:",
+	"packages.rubygems.install2": "or add it to the Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Runtime dependencies",
+	"packages.rubygems.dependencies.development": "Development dependencies",
+	"packages.rubygems.required.ruby": "Requires Ruby version",
+	"packages.rubygems.required.rubygems": "Requires RubyGem version",
+	"packages.swift.registry": "Setup this registry from the command line:",
+	"packages.swift.install": "Add the package in your <code>Package.swift</code> file:",
+	"packages.swift.install2": "and run the following command:",
+	"packages.vagrant.install": "To add a Vagrant box, run the following command:",
+	"packages.settings.link": "Link this package to a repository",
+	"packages.settings.link.description": "If you link a package with a repository, the package is listed in the repository's package list.",
+	"packages.settings.link.select": "Select repository",
+	"packages.settings.link.button": "Update repository link",
+	"packages.settings.link.success": "Repository link was successfully updated.",
+	"packages.settings.link.error": "Failed to update repository link.",
+	"packages.settings.delete": "Delete package",
+	"packages.settings.delete.description": "Deleting a package is permanent and cannot be undone.",
+	"packages.settings.delete.notice": "You are about to delete %s (%s). This operation is irreversible, are you sure?",
+	"packages.settings.delete.success": "The package has been deleted.",
+	"packages.settings.delete.error": "Failed to delete the package.",
+	"packages.owner.settings.cargo.title": "Cargo registry index",
+	"packages.owner.settings.cargo.initialize": "Initialize index",
+	"packages.owner.settings.cargo.initialize.description": "A special index Git repository is needed to use the Cargo registry. Using this option will (re-)create the repository and configure it automatically.",
+	"packages.owner.settings.cargo.initialize.error": "Failed to initialize Cargo index: %v",
+	"packages.owner.settings.cargo.initialize.success": "The Cargo index was successfully created.",
+	"packages.owner.settings.cargo.rebuild": "Rebuild index",
+	"packages.owner.settings.cargo.rebuild.description": "Rebuilding can be useful if the index is not synchronized with the stored Cargo packages.",
+	"packages.owner.settings.cargo.rebuild.error": "Failed to rebuild Cargo index: %v",
+	"packages.owner.settings.cargo.rebuild.success": "The Cargo index was successfully rebuilt.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Cannot rebuild, no index is initialized.",
+	"packages.owner.settings.cleanuprules.title": "Cleanup rules",
+	"packages.owner.settings.cleanuprules.add": "Add cleanup rule",
+	"packages.owner.settings.cleanuprules.edit": "Edit cleanup rule",
+	"packages.owner.settings.cleanuprules.none": "There are no cleanup rules yet.",
+	"packages.owner.settings.cleanuprules.preview": "Cleanup rule preview",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d packages are scheduled to be removed.",
+	"packages.owner.settings.cleanuprules.preview.none": "Cleanup rule does not match any packages.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Apply pattern to full package name",
+	"packages.owner.settings.cleanuprules.keep.title": "Versions that match these rules are kept, even if they match a removal rule below.",
+	"packages.owner.settings.cleanuprules.keep.count": "Keep the most recent",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Keep versions matching",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "The <code>latest</code> version is always kept for Container packages.",
+	"packages.owner.settings.cleanuprules.remove.title": "Versions that match these rules are removed, unless a rule above says to keep them.",
+	"packages.owner.settings.cleanuprules.remove.days": "Remove versions older than",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Remove versions matching",
+	"packages.owner.settings.cleanuprules.success.update": "Cleanup rule has been updated.",
+	"packages.owner.settings.cleanuprules.success.delete": "Cleanup rule has been deleted.",
+	"packages.owner.settings.chef.title": "Chef registry",
+	"packages.owner.settings.chef.keypair": "Generate key pair",
+	"packages.owner.settings.chef.keypair.description": "Requests sent to the Chef registry must be cryptographically signed as a means of authentication. When generating a keypair, only the public key is stored on Forgejo. The private key is provided to you to be used with knife. Generating a new keypair will overwrite the previous one.",
 	"actions.runs.run_attempt_label": "Run attempt #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "You are viewing an out-of-date run of this job that was executed %[1]s.",
 	"actions.runs.view_most_recent_run": "View most recent run",
diff --git a/options/locale_next/locale_eo.json b/options/locale_next/locale_eo.json
index 6adccb9eb5..edb35eea9f 100644
--- a/options/locale_next/locale_eo.json
+++ b/options/locale_next/locale_eo.json
@@ -1,4 +1,5 @@
 {
+	"packages.npm.details.tag": "Etikedo",
 	"fork.n_forks": {
 		"one": "%s disbranĉigo",
 		"other": "%s disbranĉigoj"
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index aff074090f..152553c2e3 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -1,4 +1,174 @@
 {
+	"packages.title": "Paquetes",
+	"packages.empty": "Todavía no hay paquetes.",
+	"packages.empty.documentation": "Para más información sobre el registro de paquetes, consulte <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentación</a>.",
+	"packages.empty.repo": "¿Has subido un paquete, pero no se muestra aquí? Ve a <a href=\"%[1]s\">la configuración del paquete</a> y añade el link a este repositorio.",
+	"packages.registry.documentation": "Para obtener más información sobre el registro %s, consulte <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentación</a>.",
+	"packages.filter.type": "Tipo",
+	"packages.filter.type.all": "Todo",
+	"packages.filter.no_result": "El filtro no produjo ningún resultado.",
+	"packages.filter.container.tagged": "Etiquetado",
+	"packages.filter.container.untagged": "Etiqueta eliminada",
+	"packages.published_by": "Publicado %[1]s por <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Publicado %[1]s por <a href=\"%[2]s\">%[3]s</a> en <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Para instalar el paquete usando Dart, ejecute el siguiente comando:",
+	"packages.installation": "Instalación",
+	"packages.about": "Acerca de este paquete",
+	"packages.requirements": "Requisitos",
+	"packages.dependencies": "Dependencias",
+	"packages.keywords": "Palabras clave",
+	"packages.details": "Detalles",
+	"packages.details.author": "Autor",
+	"packages.details.project_site": "Sitio del proyecto",
+	"packages.details.repository_site": "Sitio del repositorio",
+	"packages.details.documentation_site": "Sitio de documentación",
+	"packages.details.license": "Licencia",
+	"packages.assets": "Activos",
+	"packages.versions": "Versiones",
+	"packages.versions.view_all": "Ver todo",
+	"packages.dependency.id": "Id.",
+	"packages.dependency.version": "Versión",
+	"packages.search_in_external_registry": "Buscar en %s",
+	"packages.alpine.registry": "Configura este registro agregando la url en tu archivo <code>./apk/repositories</code>:",
+	"packages.alpine.registry.key": "Descargue la clave RSA pública del registro en la carpeta <code>./apk/keys/</code> para verificar la firma del índice:",
+	"packages.alpine.registry.info": "Seleccione $branch y $repository de la siguiente lista.",
+	"packages.alpine.install": "Para instalar el paquete, ejecute el siguiente comando:",
+	"packages.alpine.repository": "Información del repositorio",
+	"packages.alpine.repository.branches": "Ramas",
+	"packages.alpine.repository.repositories": "Repositorios",
+	"packages.alpine.repository.architectures": "Arquitecturas",
+	"packages.arch.pacman.helper.gpg": "Añade el certificado de confianza para pacman:",
+	"packages.arch.pacman.repo.multi": "%s tiene la misma versión en diferentes distribuciones.",
+	"packages.arch.pacman.repo.multi.item": "Configuración para %s",
+	"packages.arch.pacman.conf": "Añadir servidor con distribución y arquitectura relacionadas a <code>/etc/pacman.conf</code> :",
+	"packages.arch.pacman.sync": "Sincronizar el paquete con pacman:",
+	"packages.arch.version.properties": "Propiedades de la versión",
+	"packages.arch.version.description": "Descripción",
+	"packages.arch.version.provides": "Proveedores",
+	"packages.arch.version.groups": "Grupo",
+	"packages.arch.version.depends": "Depende",
+	"packages.arch.version.optdepends": "Dependencias opcionales",
+	"packages.arch.version.makedepends": "Construir dependencias",
+	"packages.arch.version.checkdepends": "Comprobar dependencias",
+	"packages.arch.version.conflicts": "Conflictos",
+	"packages.arch.version.replaces": "Reemplazos",
+	"packages.arch.version.backup": "Copia de seguridad",
+	"packages.cargo.registry": "Configurar este registro en el archivo de configuración de Cargo (por ejemplo <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Para instalar el paquete usando Cargo, ejecute el siguiente comando:",
+	"packages.chef.registry": "Configura este registro en tu archivo <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "Para instalar el paquete, ejecute el siguiente comando:",
+	"packages.composer.registry": "Configura este registro en el archivo <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "Para instalar el paquete usando Composer, ejecute el siguiente comando:",
+	"packages.composer.dependencies": "Dependencias",
+	"packages.composer.dependencies.development": "Dependencias de desarrollo",
+	"packages.conan.registry": "Configurar este registro desde la línea de comandos:",
+	"packages.conan.install": "Para instalar el paquete usando Conan, ejecuta el siguiente comando:",
+	"packages.conda.registry": "Configura este registro como un repositorio Conda en tu archivo <code>.condarc</code>:",
+	"packages.conda.install": "Para instalar el paquete usando Conda, ejecute el siguiente comando:",
+	"packages.container.images.title": "Imágenes",
+	"packages.container.details.type": "Tipo de imagen",
+	"packages.container.details.platform": "Plataforma",
+	"packages.container.pull": "Arrastra la imagen desde la línea de comandos:",
+	"packages.container.digest": "Resumen",
+	"packages.container.multi_arch": "SO / Arquitectura",
+	"packages.container.layers": "Capas de imagen",
+	"packages.container.labels": "Etiquetas",
+	"packages.container.labels.key": "Clave",
+	"packages.container.labels.value": "Valor",
+	"packages.cran.registry": "Configurar este registro en su archivo <code>Rprofile.site</code>:",
+	"packages.cran.install": "Para instalar el paquete, ejecute el siguiente comando:",
+	"packages.debian.registry": "Configurar este registro desde la línea de comandos:",
+	"packages.debian.registry.info": "Seleccione $distribution y $component de la siguiente lista.",
+	"packages.debian.install": "Para instalar el paquete, ejecute el siguiente comando:",
+	"packages.debian.repository": "Información del repositorio",
+	"packages.debian.repository.distributions": "Distribuciones",
+	"packages.debian.repository.components": "Componentes",
+	"packages.debian.repository.architectures": "Arquitecturas",
+	"packages.generic.download": "Descargar paquete desde la línea de comandos:",
+	"packages.go.install": "Instalar el paquete desde la línea de comandos:",
+	"packages.helm.registry": "Configurar este registro desde la línea de comandos:",
+	"packages.helm.install": "Para instalar el paquete, ejecute el siguiente comando:",
+	"packages.maven.registry": "Configure este registro en su proyecto <code>pom.xml</code> archivo:",
+	"packages.maven.install": "Para usar el paquete incluya lo siguiente en el bloque <code>dependencias</code> en el archivo <code>pom.xml</code>:",
+	"packages.maven.install2": "Ejecutar vía línea de comandos:",
+	"packages.maven.download": "Para descargar la dependencia, ejecute vía línea de comandos:",
+	"packages.nuget.registry": "Configurar este registro desde la línea de comandos:",
+	"packages.nuget.install": "Para instalar el paquete usando NuGet, ejecute el siguiente comando:",
+	"packages.nuget.dependency.framework": "Marco de destino",
+	"packages.npm.registry": "Configura este registro en tu proyecto <code>.npmrc</code> archivo:",
+	"packages.npm.install": "Para instalar el paquete usando npm, ejecute el siguiente comando:",
+	"packages.npm.install2": "o añádelo al archivo package.json:",
+	"packages.npm.dependencies": "Dependencias",
+	"packages.npm.dependencies.development": "Dependencias de desarrollo",
+	"packages.npm.dependencies.bundle": "Empaquetar dependencias",
+	"packages.npm.dependencies.peer": "Dependencias de pares",
+	"packages.npm.dependencies.optional": "Dependencias opcionales",
+	"packages.npm.details.tag": "Etiqueta",
+	"packages.pypi.requires": "Requiere Python",
+	"packages.pypi.install": "Para instalar el paquete usando pip, ejecute el siguiente comando:",
+	"packages.rpm.registry": "Configurar este registro desde la línea de comandos:",
+	"packages.rpm.distros.redhat": "en distribuciones basadas en RedHat",
+	"packages.rpm.distros.suse": "en distribuciones basadas en SUSE",
+	"packages.rpm.install": "Para instalar el paquete, ejecute el siguiente comando:",
+	"packages.rpm.repository": "Información del repositorio",
+	"packages.rpm.repository.architectures": "Arquitecturas",
+	"packages.rpm.repository.multiple_groups": "Este paquete está disponible en múltiples grupos.",
+	"packages.alt.registry": "Configurar este registro desde la línea de comandos:",
+	"packages.alt.registry.install": "Para instalar el paquete, ejecute el siguiente comando:",
+	"packages.alt.install": "Instalar paquete",
+	"packages.alt.repository": "Información del repositorio",
+	"packages.alt.repository.architectures": "Arquitecturas",
+	"packages.alt.repository.multiple_groups": "Este paquete está disponible en múltiples grupos.",
+	"packages.rubygems.install": "Para instalar el paquete usando gem, ejecute el siguiente comando:",
+	"packages.rubygems.install2": "o añádelo al archivo Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Dependencias en tiempo de ejecución",
+	"packages.rubygems.dependencies.development": "Dependencias de desarrollo",
+	"packages.rubygems.required.ruby": "Requiere versión Ruby",
+	"packages.rubygems.required.rubygems": "Requiere la versión de RubyGem",
+	"packages.swift.registry": "Configurar este registro desde la línea de comandos:",
+	"packages.swift.install": "Añade el paquete en tu archivo <code>Package.swift</code>:",
+	"packages.swift.install2": "y ejecuta el siguiente comando:",
+	"packages.vagrant.install": "Para añadir un paquete Vagrant, ejecuta el siguiente comando:",
+	"packages.settings.link": "Vincular este paquete a un repositorio",
+	"packages.settings.link.description": "Si enlaza un paquete con un repositorio, el paquete se enumera en la lista de paquetes del repositorio.",
+	"packages.settings.link.select": "Seleccionar repositorio",
+	"packages.settings.link.button": "Actualizar enlace de repositorio",
+	"packages.settings.link.success": "El enlace del repositorio se ha actualizado correctamente.",
+	"packages.settings.link.error": "Error al actualizar el enlace del repositorio.",
+	"packages.settings.delete": "Eliminar paquete",
+	"packages.settings.delete.description": "La eliminación de un paquete es permanente y no se puede deshacer.",
+	"packages.settings.delete.notice": "Está a punto de eliminar %s (%s). Esta operación es irreversible, ¿está seguro?",
+	"packages.settings.delete.success": "Se ha eliminado el paquete.",
+	"packages.settings.delete.error": "No se pudo eliminar el paquete.",
+	"packages.owner.settings.cargo.title": "Índice del registro Cargo",
+	"packages.owner.settings.cargo.initialize": "Inicializar índice",
+	"packages.owner.settings.cargo.initialize.description": "Se necesita un repositorio Git de índice especial para usar el registro de Cargo. Usar esta opción (re)creará el repositorio y lo configurará automáticamente.",
+	"packages.owner.settings.cargo.initialize.error": "Fallo al inicializar el índice de Cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "El índice de Cargo se ha creado correctamente.",
+	"packages.owner.settings.cargo.rebuild": "Reconstruir índice",
+	"packages.owner.settings.cargo.rebuild.description": "Reconstruir puede ser útil si el índice no se sincroniza con los paquetes de Cargo almacenados.",
+	"packages.owner.settings.cargo.rebuild.error": "Fallo al reconstruir el índice de Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "El índice de Cargo se ha reconstruido correctamente.",
+	"packages.owner.settings.cleanuprules.title": "Administrar reglas de limpieza",
+	"packages.owner.settings.cleanuprules.add": "Añadir regla de limpieza",
+	"packages.owner.settings.cleanuprules.edit": "Editar regla de limpieza",
+	"packages.owner.settings.cleanuprules.none": "No hay reglas de limpieza disponibles. Por favor, consulte la documentación.",
+	"packages.owner.settings.cleanuprules.preview": "Vista previa de regla de limpieza",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d paquetes están programados para ser eliminados.",
+	"packages.owner.settings.cleanuprules.preview.none": "Regla de limpieza no coincide con ningún paquete.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Aplicar patrón al nombre completo del paquete",
+	"packages.owner.settings.cleanuprules.keep.title": "Las versiones que coinciden con estas reglas son reales, incluso si coinciden con una regla de eliminación a continuación.",
+	"packages.owner.settings.cleanuprules.keep.count": "Mantener el más reciente",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Mantener las versiones coincidentes",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "La <code>última</code> versión siempre es guardada en los paquetes de contenedor.",
+	"packages.owner.settings.cleanuprules.remove.title": "Se eliminan las versiones que coinciden con estas reglas, a menos que una regla anterior indique mantenerlas.",
+	"packages.owner.settings.cleanuprules.remove.days": "Eliminar versiones anteriores a",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Eliminar versiones coincidentes",
+	"packages.owner.settings.cleanuprules.success.update": "Regla de limpieza ha sido actualizada.",
+	"packages.owner.settings.cleanuprules.success.delete": "Regla de limpieza ha sido eliminada.",
+	"packages.owner.settings.chef.title": "Registro de Chef",
+	"packages.owner.settings.chef.keypair": "Generar par de claves",
+	"packages.owner.settings.chef.keypair.description": "Un par de claves es necesario para autenticarse en el registro del Chef. Si ha generado un par de claves antes, generar un nuevo par de claves descartará el par de claves antiguo.",
 	"fork.n_forks": {
 		"one": "%s bifurcación",
 		"many": "%s bifurcaciones",
diff --git a/options/locale_next/locale_et.json b/options/locale_next/locale_et.json
index 882310f58a..e2dc9f88d7 100644
--- a/options/locale_next/locale_et.json
+++ b/options/locale_next/locale_et.json
@@ -1,4 +1,5 @@
 {
+	"packages.alpine.repository.branches": "Alamharud",
 	"stars.n_stars": {
 		"one": "%s tärn",
 		"other": "%s tärni"
diff --git a/options/locale_next/locale_fa-IR.json b/options/locale_next/locale_fa-IR.json
index 26cda2f301..b11c0843ab 100644
--- a/options/locale_next/locale_fa-IR.json
+++ b/options/locale_next/locale_fa-IR.json
@@ -1,4 +1,7 @@
 {
+	"packages.filter.type": "نوع",
+	"packages.alpine.repository.branches": "شاخه‎ها",
+	"packages.alpine.repository.repositories": "مخازن",
 	"repo.pulls.merged_title_desc": {
 		"one": "واکشی %[1]d سپرده از <code>%[2]s</code> به <code>%[3]s</code> %[4]s",
 		"other": "واکشی %[1]d سپرده‌ها از <code>%[2]s</code> به <code>%[3]s</code> %[4]s"
diff --git a/options/locale_next/locale_fi-FI.json b/options/locale_next/locale_fi-FI.json
index f0809c8343..f99322eef5 100644
--- a/options/locale_next/locale_fi-FI.json
+++ b/options/locale_next/locale_fi-FI.json
@@ -1,4 +1,156 @@
 {
+	"packages.title": "Paketit",
+	"packages.empty": "Täällä ei vielä ole paketteja.",
+	"packages.empty.documentation": "Lisätietoja pakettirekisteristä on saatavilla <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentaatiossa</a>.",
+	"packages.empty.repo": "Lähetitkö paketin, mutta se ei näy täällä? Siirry <a href=\"%[1]s\">paketin asetuksiin</a> ja linkitä se tähän tietovarastoon.",
+	"packages.registry.documentation": "Lisätietoja %s-rekisteristä on <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentaatiossa</a>.",
+	"packages.filter.type": "Tyyppi",
+	"packages.filter.type.all": "Kaikki",
+	"packages.filter.no_result": "Suodattimesi ei tuottanut tuloksia.",
+	"packages.published_by": "Julkaistu %[1]s käyttäjän <a href=\"%[2]s\">%[3]s</a> toimesta",
+	"packages.published_by_in": "Julkaistu %[1]s, julkaisija <a href=\"%[2]s\">%[3]s</a> tietovarastossa <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Asenna paketti Dartilla suorittamalla komento:",
+	"packages.installation": "Asennus",
+	"packages.about": "Tietoja tästä paketista",
+	"packages.requirements": "Vaatimukset",
+	"packages.dependencies": "Riippuvuudet",
+	"packages.keywords": "Avainsanat",
+	"packages.details": "Yksityiskohdat",
+	"packages.details.author": "Tekijä",
+	"packages.details.project_site": "Projektin verkkosivusto",
+	"packages.details.repository_site": "Tietovaraston verkkosivusto",
+	"packages.details.documentation_site": "Dokumentaation verkkosivusto",
+	"packages.details.license": "Lisenssi",
+	"packages.assets": "Resurssit",
+	"packages.versions": "Versiot",
+	"packages.versions.view_all": "Näytä kaikki",
+	"packages.dependency.version": "Versio",
+	"packages.alpine.registry": "Aseta tämä rekisteri lisäämällä URL-osoite tiedostoon <code>/etc/apk/tietovarastot</code>:",
+	"packages.alpine.registry.key": "Lataa rekisterin julkinen RSA-avain hakemistoon <code>/etc/apk/keys/</code> vahvistaaksesi indeksin allekirjoituksen:",
+	"packages.alpine.registry.info": "Valitse $branch ja $repository alla olevasta listasta.",
+	"packages.alpine.install": "Asenna paketti seuraavalla komennolla:",
+	"packages.alpine.repository": "Tietovaraston tiedot",
+	"packages.alpine.repository.branches": "Haarat",
+	"packages.alpine.repository.repositories": "Tietovarastot",
+	"packages.alpine.repository.architectures": "Arkkitehtuurit",
+	"packages.arch.pacman.helper.gpg": "Lisää luottamusvarmenne pacmanille:",
+	"packages.arch.pacman.conf": "Lisää palvelin asiaan liittyvällä jakelulla ja arkkitehtuurilla tiedostoon <code>/etc/pacman.conf</code> :",
+	"packages.arch.pacman.sync": "Synkronoi paketti pacmanin kanssa:",
+	"packages.arch.version.properties": "Version ominaisuudet",
+	"packages.arch.version.description": "Kuvaus",
+	"packages.arch.version.provides": "Tarjoaa",
+	"packages.arch.version.groups": "Ryhmä",
+	"packages.arch.version.depends": "Riippuu",
+	"packages.arch.version.replaces": "Korvaa",
+	"packages.cargo.registry": "Määritä tämä rekisteri Cargon asetustiedostossa (esimerkiksi <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Asenna paketti Cargolla suorittamalla seuraava komento:",
+	"packages.chef.registry": "Määritä tämä rekisteri <code>~/.chef/config.rb</code>-tiedostossa:",
+	"packages.chef.install": "Asenna paketti komennolla:",
+	"packages.composer.registry": "Määritä tämä rekisteri <code>~/.composer/config.json</code>-tiedostossa:",
+	"packages.composer.install": "Asenna paketti Composerilla suorittamalla komento:",
+	"packages.composer.dependencies": "Riippuvuudet",
+	"packages.composer.dependencies.development": "Kehitysriippuvuudet",
+	"packages.conan.registry": "Määritä tämä rekisteri komentoriviltä:",
+	"packages.conan.install": "Asenna paketti Conanilla suorittamalla komento:",
+	"packages.conda.registry": "Määritä tämä rekisteri Conda-tietovarastoksi <code>.condarc</code>-tiedostossa:",
+	"packages.conda.install": "Asenna paketti Condalla suorittamalla komento:",
+	"packages.container.images.title": "Levykuvat",
+	"packages.container.details.type": "Levykuvan tyyppi",
+	"packages.container.details.platform": "Alusta",
+	"packages.container.pull": "Vedä levykuva komentoriviltä:",
+	"packages.container.labels": "Nimilaput",
+	"packages.container.labels.key": "Avain",
+	"packages.container.labels.value": "Arvo",
+	"packages.cran.registry": "Määritä rekisteri <code>Rprofile.site</code>-tiedostossa:",
+	"packages.cran.install": "Asenna paketti komennolla:",
+	"packages.debian.registry": "Määritä tämä rekisteri komentoriviltä:",
+	"packages.debian.registry.info": "Valitse $distribution ja $component alla olevasta listasta.",
+	"packages.debian.install": "Asenna paketti komennolla:",
+	"packages.debian.repository": "Tietovaraston tiedot",
+	"packages.debian.repository.distributions": "Jakelut",
+	"packages.debian.repository.components": "Komponentit",
+	"packages.debian.repository.architectures": "Arkkitehtuurit",
+	"packages.generic.download": "Lataa paketti komentoriviltä:",
+	"packages.go.install": "Asenna paketti komentoriviltä:",
+	"packages.helm.registry": "Määritä tämä rekisteri komentoriviltä:",
+	"packages.helm.install": "Asenna paketti komennolla:",
+	"packages.maven.registry": "Määritä tämä rekisteri projektin <code>pom.xml</code>-tiedostossa:",
+	"packages.maven.install": "Käytä pakettia sisällyttämällä seuraava sisältö <code>dependencies</code>-lohkoon <code>pom.xml</code>-tiedostossa:",
+	"packages.maven.install2": "Suorita komentoriviltä:",
+	"packages.maven.download": "Lataa riippuvuus suorittamalla komentorivillä:",
+	"packages.nuget.registry": "Määritä rekisteri komentoriviltä:",
+	"packages.nuget.install": "Asenna paketti NuGetillä suorittamalla komento:",
+	"packages.npm.registry": "Määritä rekisteri projektin <code>.npmrc</code>-tiedostossa:",
+	"packages.npm.install": "Asenna paketti npm:llä komennolla:",
+	"packages.npm.install2": "tai lisää se package.json-tiedostoon:",
+	"packages.npm.dependencies": "Riippuvuudet",
+	"packages.npm.dependencies.development": "Kehitysriippuvuudet",
+	"packages.npm.dependencies.optional": "Valinnaiset riippuvuudet",
+	"packages.pypi.requires": "Vaatii Pythonin",
+	"packages.pypi.install": "Asenna paketti pipillä komennolla:",
+	"packages.rpm.registry": "Määritä rekisteri komentoriviltä:",
+	"packages.rpm.distros.redhat": "RedHatiin pohjautuvilla jakeluilla",
+	"packages.rpm.distros.suse": "SUSE:en pohjautuvilla jakeluilla",
+	"packages.rpm.install": "Asenna paketti komennolla:",
+	"packages.rpm.repository": "Tietovaraston tiedot",
+	"packages.rpm.repository.architectures": "Arkkitehtuurit",
+	"packages.rpm.repository.multiple_groups": "Tämä paketti on saatavilla useissa ryhmissä.",
+	"packages.alt.registry": "Määritä tämä rekisteri komentoriviltä:",
+	"packages.alt.registry.install": "Asenna paketti komennolla:",
+	"packages.alt.install": "Asenna paketti",
+	"packages.alt.repository": "Tietovaraston tiedot",
+	"packages.alt.repository.architectures": "Arkkitehtuurit",
+	"packages.alt.repository.multiple_groups": "Tämä paketti on saatavilla useissa ryhmissä.",
+	"packages.rubygems.install": "Asenna paketti gemillä suorittamalla komento:",
+	"packages.rubygems.install2": "tai lisää se Gemfileen:",
+	"packages.rubygems.dependencies.runtime": "Ajonaikaiset riippuvuudet",
+	"packages.rubygems.dependencies.development": "Kehitysriippuvuudet",
+	"packages.rubygems.required.ruby": "Vaatii Ruby-version",
+	"packages.rubygems.required.rubygems": "Vaatii RubyGem-version",
+	"packages.swift.registry": "Määritä rekisteri komentoriviltä:",
+	"packages.swift.install": "Lisää paketti <code>Package.swift</code>-tiedostoon:",
+	"packages.swift.install2": "ja suorita komento:",
+	"packages.vagrant.install": "Lisää Vagrant-boksi suorittamalla komento:",
+	"packages.settings.link": "Linkitä tämä paketti tietovarastoon",
+	"packages.settings.link.description": "Jos linkität paketin tietovarastoon, paketti listataan tietovaraston pakettilistalla.",
+	"packages.settings.link.select": "Valitse tietovarasto",
+	"packages.settings.link.button": "Päivitä tietovaraston linkki",
+	"packages.settings.link.success": "Tietovaraston linkki päivitettiin onnistuneesti.",
+	"packages.settings.link.error": "Tietovaraston linkin päivittäminen epäonnistui.",
+	"packages.settings.delete": "Poista paketti",
+	"packages.settings.delete.description": "Paketin poistaminen on peruuttamaton toimenpide, sitä ei voi perua.",
+	"packages.settings.delete.notice": "Olet aikeissa poistaa %s (%s). Tätä toimenpidettä ei voi perua. Haluatko varmasti jatkaa?",
+	"packages.settings.delete.success": "Paketti on poistettu.",
+	"packages.settings.delete.error": "Paketin poistaminen epäonnistui.",
+	"packages.owner.settings.cargo.title": "Cargo-rekisterin indeksi",
+	"packages.owner.settings.cargo.initialize": "Alusta indeksi",
+	"packages.owner.settings.cargo.initialize.description": "Cargo-rekisterin käyttöä varten tarvitaan erityinen indeksi Git -tietovarasto. Tämän vaihtoehdon käyttäminen luo (uudelleen) tietovaraston ja määrittää sen automaattisesti.",
+	"packages.owner.settings.cargo.initialize.error": "Cargo-indeksin alustaminen epäonnistui: %v",
+	"packages.owner.settings.cargo.initialize.success": "Cargo-indeksi luotiin onnistuneesti.",
+	"packages.owner.settings.cargo.rebuild": "Rakenna indeksi uudelleen",
+	"packages.owner.settings.cargo.rebuild.error": "Cargo-indeksin rakentaminen uudelleen epäonnistui: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Cargo-indeksi rakennettiin uudelleen.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Ei voi rakentaa uudelleen, indeksiä ei ole alustettu.",
+	"packages.owner.settings.cleanuprules.title": "Siivoussäännöt",
+	"packages.owner.settings.cleanuprules.add": "Lisää siivoussääntö",
+	"packages.owner.settings.cleanuprules.edit": "Muokkaa siivoussääntöä",
+	"packages.owner.settings.cleanuprules.none": "Siivoussääntöjä ei vielä ole.",
+	"packages.owner.settings.cleanuprules.preview": "Siivoussäännön esikatselu",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d pakettia on ajastettu poistettavaksi.",
+	"packages.owner.settings.cleanuprules.preview.none": "Siivoussääntö ei vastaa yhtäkään pakettia.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Toteuta kaava paketin koko nimeen",
+	"packages.owner.settings.cleanuprules.keep.title": "Näitä sääntöjä vastaavat versiot säilytetään, vaikka ne vastaisivat alla olevaa poistosääntöä.",
+	"packages.owner.settings.cleanuprules.keep.count": "Säilytä viimeisimmät",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Säilytä kaavaa vastaavat versiot",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Viimeisin (<code>latest</code>) versio säilytetään aina Container-paketeista.",
+	"packages.owner.settings.cleanuprules.remove.title": "Näitä sääntöjä vastaavat versiot poistetaan, ellei sääntö yläpuolella käske säilyttää niitä.",
+	"packages.owner.settings.cleanuprules.remove.days": "Poista versiot, jotka ovat vanhempia kuin",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Poista kaavaa vastaavat versiot",
+	"packages.owner.settings.cleanuprules.success.update": "Siivoussääntö on päivitetty.",
+	"packages.owner.settings.cleanuprules.success.delete": "Siivoussääntö on poistettu.",
+	"packages.owner.settings.chef.title": "Chef-rekisteri",
+	"packages.owner.settings.chef.keypair": "Luo avainpari",
+	"packages.owner.settings.chef.keypair.description": "Chef-rekisteriin lähetettävät pyynnöt on allekirjoitettava salauskirjoituksella todennuskeinona. Avainparia luotaessa vain julkinen avain tallennetaan Forgejoon. Yksityinen avain toimitetaan sinulle käytettäväksi knifen kanssa. Uuden avainparin luominen korvaa edellisen.",
 	"fork.n_forks": {
 		"one": "%s forkki",
 		"other": "%s forkkia"
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 224abe76e7..9928fd0c93 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Mga package",
+	"packages.empty": "Wala pang anumang mga package.",
+	"packages.empty.documentation": "Para sa higit pang impormasyon sa package registry, tignan ang <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentasyon</a>.",
+	"packages.empty.repo": "Nag-upload ka ba ng package, ngunit hindi pinapakita dito? Pumunta sa <a href=\"%[1]s\">mga setting ng package</a> at i-link iyan sa repo na ito.",
+	"packages.registry.documentation": "Para sa higit pang impormasyon tungkol sa %s registry, tignan ang <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentasyon</a>.",
+	"packages.filter.type": "Uri",
+	"packages.filter.type.all": "Lahat",
+	"packages.filter.no_result": "Walang resulta ang iyong filter.",
+	"packages.filter.container.tagged": "Naka-tag",
+	"packages.filter.container.untagged": "Hindi naka-tag",
+	"packages.published_by": "Na-publish ang %[1]s ni/ng <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Na-publish ang %[1]s ni <a href=\"%[2]s\">%[3]s </a> sa <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Para i-install ang package gamit ang Dart, patakbuhin ang sumusunod na command:",
+	"packages.installation": "Pag-install",
+	"packages.about": "Tungkol sa package na ito",
+	"packages.requirements": "Mga kinakailangan",
+	"packages.dependencies": "Mga dependency",
+	"packages.keywords": "Mga keyword",
+	"packages.details": "Mga detalye",
+	"packages.details.author": "May-akda",
+	"packages.details.project_site": "Website ng proyekto",
+	"packages.details.repository_site": "Website ng repositoryo",
+	"packages.details.documentation_site": "Website ng dokumentasyon",
+	"packages.details.license": "Lisensya",
+	"packages.assets": "Mga asset",
+	"packages.versions": "Mga bersyon",
+	"packages.versions.view_all": "Tignan lahat",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Bersyon",
+	"packages.search_in_external_registry": "Maghanap sa %s",
+	"packages.alpine.registry": "I-setup ang registry na ito sa pamamagitan ng pagdagdag ng url sa iyong <code>/etc/apk/repositories</code> file:",
+	"packages.alpine.registry.key": "I-download ang registry public RSA key sa <code>/etc/apk/keys</code> folder para i-verify ang index signature:",
+	"packages.alpine.registry.info": "Pumili ng $branch at $repository mula sa listahan sa ibaba.",
+	"packages.alpine.install": "Para i-install ang package, patakbuhin ang sumusunod na command:",
+	"packages.alpine.repository": "Info ng repositoryo",
+	"packages.alpine.repository.branches": "Mga branch",
+	"packages.alpine.repository.repositories": "Mga Repositoryo",
+	"packages.alpine.repository.architectures": "Mga architechture",
+	"packages.arch.pacman.helper.gpg": "Magdagdag ng trust certificate para sa pacman:",
+	"packages.arch.pacman.repo.multi": "Ang %s ay may katulad na beryson sa iba't ibang mga distribution.",
+	"packages.arch.pacman.repo.multi.item": "Configuration para sa %s",
+	"packages.arch.pacman.conf": "Idagdag ang server na may kaugnay na distribution at architechture sa <code>/etc/pacman.conf</code>:",
+	"packages.arch.pacman.sync": "I-sync ang package sa pamamagitan ng pacman:",
+	"packages.arch.version.properties": "Mga katangian ng bersyon",
+	"packages.arch.version.description": "Paglalarawan",
+	"packages.arch.version.provides": "Nagbibigay",
+	"packages.arch.version.groups": "Grupo",
+	"packages.arch.version.depends": "Dumedepende",
+	"packages.arch.version.optdepends": "Opsyonal na dumepende",
+	"packages.arch.version.makedepends": "Mga make depend",
+	"packages.arch.version.checkdepends": "Mga check depend",
+	"packages.arch.version.conflicts": "Mga salungatan",
+	"packages.arch.version.replaces": "Pinapalit",
+	"packages.arch.version.backup": "Backup",
+	"packages.cargo.registry": "I-setup ang registry na ito sa Cargo configuration file (halimbawa <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Para i-install ang package gamit ang Cargo, patakbuhin ang sumusunod na command:",
+	"packages.chef.registry": "I-setup ang registry na ito sa iyong <code>~/.chef/config.rb</code> file:",
+	"packages.chef.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
+	"packages.composer.registry": "I-setup ang registry na ito sa iyong <code>~/.composee/config.json</code> file:",
+	"packages.composer.install": "Para i-install ang package gamit ang Composer, patakbuhin ang sumusunod na command:",
+	"packages.composer.dependencies": "Mga dependency",
+	"packages.composer.dependencies.development": "Mga dependency ng pag-develop",
+	"packages.conan.registry": "I-setup ang registry na ito mula sa command line:",
+	"packages.conan.install": "Para i-install ang package gamit ang Conan, patakbuhin ang sumusunod na command:",
+	"packages.conda.registry": "I-set up ang registry na ito bilang Conda repository sa iyong <code>.condarc</code> file:",
+	"packages.conda.install": "Para i-install ang package gamit ang Conda, patakbuhin ang sumusunod na command:",
+	"packages.container.images.title": "Mga image",
+	"packages.container.details.type": "Uri ng image",
+	"packages.container.details.platform": "Platform",
+	"packages.container.pull": "Hilahin ang image mula sa command line:",
+	"packages.container.digest": "Digest",
+	"packages.container.multi_arch": "OS / Arch",
+	"packages.container.layers": "Mga layer ng image",
+	"packages.container.labels": "Mga Label",
+	"packages.container.labels.key": "Key",
+	"packages.container.labels.value": "Value",
+	"packages.cran.registry": "I-set up ang registry na ito sa iyong <code>Rprofile.site</code> na file:",
+	"packages.cran.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
+	"packages.debian.registry": "I-setup ang registry na ito mula sa command line:",
+	"packages.debian.registry.info": "Pumili ng $distribution at $component sa listahan sa ibaba.",
+	"packages.debian.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
+	"packages.debian.repository": "Info ng repositoryo",
+	"packages.debian.repository.distributions": "Mga distribution",
+	"packages.debian.repository.components": "Mga component",
+	"packages.debian.repository.architectures": "Mga architechture",
+	"packages.generic.download": "I-download ang package mula sa command line:",
+	"packages.go.install": "I-install ang package mula sa command line:",
+	"packages.helm.registry": "I-setup ang registry na ito mula sa command line:",
+	"packages.helm.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
+	"packages.maven.registry": "I-set up ang registry na ito sa iyong <code>pom.xml</code> ng iyong proyekto:",
+	"packages.maven.install": "Para gamitin ang package isama ang sumusunod sa <code>dependencies</code> block sa <code>pom.xml</code> file:",
+	"packages.maven.install2": "Patakbuhin sa pamamagitan ng command line:",
+	"packages.maven.download": "Para i-download ang dependency, patakbuhin sa pamamagitan ng command line:",
+	"packages.nuget.registry": "I-setup ang registry na ito mula sa command line:",
+	"packages.nuget.install": "Para i-install ang package gamit ang NuGet, patakbuhin ang sumusunod na command:",
+	"packages.nuget.dependency.framework": "Target na Framework",
+	"packages.npm.registry": "I-set up ang registry na ito sa <code>.npmrc</code> file ng iyong proyekto:",
+	"packages.npm.install": "Para i-install ang package gamit ng npm, patakbuhin ang sumusunod na command:",
+	"packages.npm.install2": "o idagdag ito sa package.json file:",
+	"packages.npm.dependencies": "Mga dependency",
+	"packages.npm.dependencies.development": "Mga development dependency",
+	"packages.npm.dependencies.bundle": "Mga kasamang dependency",
+	"packages.npm.dependencies.peer": "Mga peer dependency",
+	"packages.npm.dependencies.optional": "Mga opsyonal na dependency",
+	"packages.npm.details.tag": "Tag",
+	"packages.pypi.requires": "Kinakailangan ang Python",
+	"packages.pypi.install": "Para i-install ang package gamit ang pip, patakbuhin ang sumusunod na command:",
+	"packages.rpm.registry": "I-setup ang registry na ito mula sa command line:",
+	"packages.rpm.distros.redhat": "sa mga RedHat based na distribution",
+	"packages.rpm.distros.suse": "sa mga SUSE based na distribution",
+	"packages.rpm.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
+	"packages.rpm.repository": "Info ng repositoryo",
+	"packages.rpm.repository.architectures": "Mga architechture",
+	"packages.rpm.repository.multiple_groups": "Available ang package na ito sa iba't ibang grupo.",
+	"packages.alt.registry": "I-setup ang registry na ito mula sa command line:",
+	"packages.alt.registry.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
+	"packages.alt.install": "I-install ang package",
+	"packages.alt.setup": "Idagdag ang repositoryo sa listahan ng mga nakakonektang repositoryo (piliin ang kinakailangang architechture sa halip ng \"_arch_\"):",
+	"packages.alt.repository": "Info ng repositoryo",
+	"packages.alt.repository.architectures": "Mga architechture",
+	"packages.alt.repository.multiple_groups": "Available ang package na ito sa iba't ibang grupo.",
+	"packages.rubygems.install": "Para i-install ang package sa pamamagitan ng gem, patakbuhin ang sumusunod na command:",
+	"packages.rubygems.install2": "o idagdag ito sa Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Mga runtime dependency",
+	"packages.rubygems.dependencies.development": "Mga development dependency",
+	"packages.rubygems.required.ruby": "Kinakailangan ang bersyon ng Ruby",
+	"packages.rubygems.required.rubygems": "Kinakailangan ang bersyon ng RubyGem",
+	"packages.swift.registry": "I-setup ang registry na ito mula sa command line:",
+	"packages.swift.install": "Idagdag ang package sa iyong <code>Package.swift</code> na file:",
+	"packages.swift.install2": "at patakbuhin ang sumusunod na utos:",
+	"packages.vagrant.install": "Para magdagdag ng Vagrant box, patakbuhin ang sumusunod na command:",
+	"packages.settings.link": "I-link ang package na ito sa repository",
+	"packages.settings.link.description": "Kung mag-link ka ng package sa repository, ang package ay nakalista sa listahan ng mga package ng repositoryo.",
+	"packages.settings.link.select": "Pumili ng repositoryo",
+	"packages.settings.link.button": "I-update ang link ng repositoryo",
+	"packages.settings.link.success": "Matagumpay na na-update ang link ng repositoryo.",
+	"packages.settings.link.error": "Nabigong i-update ang link ng repositoryo.",
+	"packages.settings.delete": "Burahin ang package",
+	"packages.settings.delete.description": "Permanente ang pagbura ng package at hindi ito mababawi.",
+	"packages.settings.delete.notice": "Buburahin mo ang %s (%s). Hindi mababalikan ang aksyon na ito, sigurado ka ba?",
+	"packages.settings.delete.success": "Nabura na ang package.",
+	"packages.settings.delete.error": "Nabigong burahin ang package.",
+	"packages.owner.settings.cargo.title": "Index ng Cargo registry",
+	"packages.owner.settings.cargo.initialize": "I-initialize ang index",
+	"packages.owner.settings.cargo.initialize.description": "Ang isang espesyal na index Git repository ay kinakailangan para gamitin ang Cargo registry. Ang paggamit ng opsyon na ito ay (muling) gagawin ang repositoryo at awtomatikong i-configure.",
+	"packages.owner.settings.cargo.initialize.error": "Nabigong i-initialize ang Cargo index: %v",
+	"packages.owner.settings.cargo.initialize.success": "Matagumpay na nagawa ang Cargo index.",
+	"packages.owner.settings.cargo.rebuild": "I-rebuild ang index",
+	"packages.owner.settings.cargo.rebuild.description": "Maaaring maging kapaki-pakinabang ang muling pagtatayo kung ang index ay hindi naka-synchronize sa mga nakaimbak na Cargo package.",
+	"packages.owner.settings.cargo.rebuild.error": "Nabigong i-rebuild ang cargo index: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Matagumpay na na-rebuild ang Cargo index.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Hindi makaka-rebuild, walang index na naka-initialize.",
+	"packages.owner.settings.cleanuprules.title": "Mga cleanup rule",
+	"packages.owner.settings.cleanuprules.add": "Magdagdag ng cleanup rule",
+	"packages.owner.settings.cleanuprules.edit": "I-edit ang cleanup rule",
+	"packages.owner.settings.cleanuprules.none": "Wala pang mga cleanup rule sa ngayon.",
+	"packages.owner.settings.cleanuprules.preview": "Preview ng cleanup rule",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d mga package ay naka-iskedyul para tanggalin.",
+	"packages.owner.settings.cleanuprules.preview.none": "Hindi tumutugma sa anumang mga package ang cleanup rule.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "I-apply ang pattern sa punong pangalan ng package",
+	"packages.owner.settings.cleanuprules.keep.title": "Ang mga bersyon na tumutugma sa mga rule na ito ay papanatilihin, kahit na tumutugma sila sa removal rule sa ibaba.",
+	"packages.owner.settings.cleanuprules.keep.count": "Panatilihin ang pinaka-recent",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Panatilihin ang mga bersyon na tumutugma",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Ang <code>latest</code> na bersyon ay palaging pinapatilihin para sa mga Container package.",
+	"packages.owner.settings.cleanuprules.remove.title": "Ang mga bersyon na tumutugma sa mga rule na ito ay tatanggalin, maliban mung may rule sa itaas ay sasabihin na panatilihin sila.",
+	"packages.owner.settings.cleanuprules.remove.days": "Tanggalin ang mga bersyon mas luma sa",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Tanggalin ang mga bersyon na tumutugma sa",
+	"packages.owner.settings.cleanuprules.success.update": "Na-update na cleanup rule.",
+	"packages.owner.settings.cleanuprules.success.delete": "Nabura na ang cleanup rule.",
+	"packages.owner.settings.chef.title": "Chef registry",
+	"packages.owner.settings.chef.keypair": "Gumawa ng key pair",
+	"packages.owner.settings.chef.keypair.description": "Ang mga hiling na pinapadala sa Chef registry ay dapat na cryptographically na nakalagda bilang paraan ng authentication. Kapag nag-ge-generate ng isang keypair, ang pampublikong key lamang ang iniimbak ng Forgejo. Ang pribadong key ay binibigay sa iyo na gagamitin sa knife. Ang pag-generate ng bagong keypair i io-overwrite ang luma.",
 	"fork.n_forks": {
 		"one": "%s fork",
 		"other": "%s mga fork"
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index 41aaea5359..b352790a8b 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Paquets",
+	"packages.empty": "Il n'y pas de paquet pour le moment.",
+	"packages.empty.documentation": "Pour plus d'informations sur le registre de paquets, voir <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentation</a>.",
+	"packages.empty.repo": "Avez-vous téléchargé un paquet, mais il n'est pas affiché ici ? Allez dans les <a href=\"%[1]s\">paramètres du paquet</a> et liez le à ce dépôt.",
+	"packages.registry.documentation": "Pour plus d’informations sur le registre %s, voir <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentation</a>.",
+	"packages.filter.type": "Type",
+	"packages.filter.type.all": "Tous",
+	"packages.filter.no_result": "Votre filtre n'affiche aucun résultat.",
+	"packages.filter.container.tagged": "Balisé",
+	"packages.filter.container.untagged": "Débalisé",
+	"packages.published_by": "%[1]s publié par <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "%[1]s publié par <a href=\"%[2]s\">%[3]s</a> en <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Pour installer le paquet en utilisant Dart, exécutez la commande suivante :",
+	"packages.installation": "Installation",
+	"packages.about": "À propos de ce paquet",
+	"packages.requirements": "Exigences",
+	"packages.dependencies": "Dépendances",
+	"packages.keywords": "Mots-clés",
+	"packages.details": "Détails",
+	"packages.details.author": "Auteur",
+	"packages.details.project_site": "Site du projet",
+	"packages.details.repository_site": "Site du dépôt",
+	"packages.details.documentation_site": "Site de la documentation",
+	"packages.details.license": "Licence",
+	"packages.assets": "Ressources",
+	"packages.versions": "Versions",
+	"packages.versions.view_all": "Voir tout",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Version",
+	"packages.search_in_external_registry": "Rechercher dans %s",
+	"packages.alpine.registry": "Configurez ce registre en ajoutant l’URL dans votre fichier <code>/etc/apk/repositories</code> :",
+	"packages.alpine.registry.key": "Téléchargez la clé RSA publique du registre dans le dossier <code>/etc/apk/keys/</code> pour vérifier la signature de l'index :",
+	"packages.alpine.registry.info": "Choisissez $branch et $repository dans la liste ci-dessous.",
+	"packages.alpine.install": "Pour installer le paquet, exécutez la commande suivante :",
+	"packages.alpine.repository": "Informations sur le dépôt",
+	"packages.alpine.repository.branches": "Branches",
+	"packages.alpine.repository.repositories": "Dépôts",
+	"packages.alpine.repository.architectures": "Architectures",
+	"packages.arch.pacman.helper.gpg": "Ajouter un certificat de confiance pour pacman :",
+	"packages.arch.pacman.repo.multi": "%s a la même version dans différentes distributions.",
+	"packages.arch.pacman.repo.multi.item": "Configuration pour %s",
+	"packages.arch.pacman.conf": "Ajouter un serveur associées à la distribution et l'architecture dans <code>/etc/pacman.conf</code> :",
+	"packages.arch.pacman.sync": "Synchroniser le paquet avec pacman :",
+	"packages.arch.version.properties": "Propriétés de version",
+	"packages.arch.version.description": "Description",
+	"packages.arch.version.provides": "Fournit",
+	"packages.arch.version.groups": "Groupe",
+	"packages.arch.version.depends": "Dépend",
+	"packages.arch.version.optdepends": "Dépendances optionnelles",
+	"packages.arch.version.makedepends": "Faire des dépendances",
+	"packages.arch.version.checkdepends": "Vérifier les dépendances",
+	"packages.arch.version.conflicts": "Conflits",
+	"packages.arch.version.replaces": "Remplace",
+	"packages.arch.version.backup": "Sauvegarde",
+	"packages.cargo.registry": "Configurez ce registre dans le fichier de configuration Cargo (par exemple <code>~/.cargo/config.toml</code>) :",
+	"packages.cargo.install": "Pour installer le paquet en utilisant Cargo, exécutez la commande suivante :",
+	"packages.chef.registry": "Configurer ce registre dans votre fichier <code>~/.chef/config.rb</code> :",
+	"packages.chef.install": "Pour installer le paquet, exécutez la commande suivante :",
+	"packages.composer.registry": "Configurez ce registre dans votre fichier <code>~/.composer/config.json</code> :",
+	"packages.composer.install": "Pour installer le paquet en utilisant Composer, exécutez la commande suivante :",
+	"packages.composer.dependencies": "Dépendances",
+	"packages.composer.dependencies.development": "Dépendances de développement",
+	"packages.conan.registry": "Configurez ce registre à partir d'un terminal :",
+	"packages.conan.install": "Pour installer le paquet en utilisant Conan, exécutez la commande suivante :",
+	"packages.conda.registry": "Configurez ce registre en tant que dépôt Conda dans le fichier <code>.condarc</code> :",
+	"packages.conda.install": "Pour installer le paquet en utilisant Conda, exécutez la commande suivante :",
+	"packages.container.images.title": "Images",
+	"packages.container.details.type": "Type d'image",
+	"packages.container.details.platform": "Plateforme",
+	"packages.container.pull": "Tirez l'image depuis un terminal :",
+	"packages.container.digest": "Empreinte",
+	"packages.container.multi_arch": "SE / Arch",
+	"packages.container.layers": "Calques d'image",
+	"packages.container.labels": "Labels",
+	"packages.container.labels.key": "Clé",
+	"packages.container.labels.value": "Valeur",
+	"packages.cran.registry": "Configurez ce registre dans le fichier <code>Rprofile.site</code> :",
+	"packages.cran.install": "Pour installer le paquet, exécutez la commande suivante :",
+	"packages.debian.registry": "Configurez ce registre à partir d'un terminal :",
+	"packages.debian.registry.info": "Choisissez $distribution et $component dans la liste ci-dessous.",
+	"packages.debian.install": "Pour installer le paquet, exécutez la commande suivante :",
+	"packages.debian.repository": "Infos sur le dépôt",
+	"packages.debian.repository.distributions": "Distributions",
+	"packages.debian.repository.components": "Composants",
+	"packages.debian.repository.architectures": "Architectures",
+	"packages.generic.download": "Télécharger le paquet depuis un terminal :",
+	"packages.go.install": "Installer le paquet à partir de la ligne de commande :",
+	"packages.helm.registry": "Configurer ce registre à partir d'un terminal :",
+	"packages.helm.install": "Pour installer le paquet, exécutez la commande suivante :",
+	"packages.maven.registry": "Configurez ce registre dans le fichier <code>pom.xml</code> de votre projet :",
+	"packages.maven.install": "Pour utiliser le paquet, inclure ce qui suit dans le bloc <code>dependencies</code> dans le fichier <code>pom.xml</code> :",
+	"packages.maven.install2": "Exécuter dans un terminal :",
+	"packages.maven.download": "Pour télécharger la dépendance, exécutez dans un terminal :",
+	"packages.nuget.registry": "Configurer ce registre à partir d'un terminal :",
+	"packages.nuget.install": "Pour installer le paquet en utilisant NuGet, exécutez la commande suivante :",
+	"packages.nuget.dependency.framework": "Cadriciel cible",
+	"packages.npm.registry": "Configurez ce registre dans le fichier <code>.npmrc</code> de votre projet :",
+	"packages.npm.install": "Pour installer le paquet en utilisant npm, exécutez la commande suivante :",
+	"packages.npm.install2": "ou ajoutez-le au fichier package.json :",
+	"packages.npm.dependencies": "Dépendances",
+	"packages.npm.dependencies.development": "Dépendances de développement",
+	"packages.npm.dependencies.bundle": "Bundles de dépendances",
+	"packages.npm.dependencies.peer": "Dépendances de pairs",
+	"packages.npm.dependencies.optional": "Dépendances optionnelles",
+	"packages.npm.details.tag": "Balise",
+	"packages.pypi.requires": "Nécessite Python",
+	"packages.pypi.install": "Pour installer le paquet en utilisant pip, exécutez la commande suivante :",
+	"packages.rpm.registry": "Configurez ce registre à partir d'un terminal :",
+	"packages.rpm.distros.redhat": "sur les distributions basées sur RedHat",
+	"packages.rpm.distros.suse": "sur les distributions basées sur SUSE",
+	"packages.rpm.install": "Pour installer le paquet, exécutez la commande suivante :",
+	"packages.rpm.repository": "Information sur le dépôt",
+	"packages.rpm.repository.architectures": "Architectures",
+	"packages.rpm.repository.multiple_groups": "Ce paquet est disponible dans plusieurs groupes.",
+	"packages.alt.registry": "Configurez ce registre à partir d'un terminal :",
+	"packages.alt.registry.install": "Pour installer le paquet, exécutez la commande suivante :",
+	"packages.alt.install": "Installer le paquet",
+	"packages.alt.setup": "Ajouter un dépôt à la liste des dépôts connecté (choisissez l'architecture nécessaire à la place de \"_arch\") :",
+	"packages.alt.repository": "Informations sur le dépôt",
+	"packages.alt.repository.architectures": "Architectures",
+	"packages.alt.repository.multiple_groups": "Ce paquet est disponible dans plusieurs groupes.",
+	"packages.rubygems.install": "Pour installer le paquet en utilisant gem, exécutez la commande suivante :",
+	"packages.rubygems.install2": "ou ajoutez-le au Gemfile :",
+	"packages.rubygems.dependencies.runtime": "Dépendances d'exécution",
+	"packages.rubygems.dependencies.development": "Dépendances de développement",
+	"packages.rubygems.required.ruby": "Nécessite Ruby en version",
+	"packages.rubygems.required.rubygems": "Nécessite RubyGem en version",
+	"packages.swift.registry": "Configurez ce registre à partir d'un terminal :",
+	"packages.swift.install": "Ajoutez le paquet dans votre fichier <code>Package.swift</code> :",
+	"packages.swift.install2": "et exécutez la commande suivante :",
+	"packages.vagrant.install": "Pour ajouter une machine Vagrant, exécutez la commande suivante :",
+	"packages.settings.link": "Lier ce paquet à un dépôt",
+	"packages.settings.link.description": "Si vous liez un paquet à dépôt, le paquet sera inclus dans sa liste des paquets.",
+	"packages.settings.link.select": "Sélectionner un dépôt",
+	"packages.settings.link.button": "Actualiser le lien du dépôt",
+	"packages.settings.link.success": "Le lien du dépôt a été mis à jour avec succès.",
+	"packages.settings.link.error": "Impossible de mettre à jour le lien du dépôt.",
+	"packages.settings.delete": "Supprimer le paquet",
+	"packages.settings.delete.description": "Supprimer un paquet est permanent et irréversible.",
+	"packages.settings.delete.notice": "Vous êtes sur le point de supprimer %s (%s). Cette opération est irréversible, êtes-vous sûr ?",
+	"packages.settings.delete.success": "Le paquet a été supprimé.",
+	"packages.settings.delete.error": "Impossible de supprimer le paquet.",
+	"packages.owner.settings.cargo.title": "Index du registre cargo",
+	"packages.owner.settings.cargo.initialize": "Initialiser l'index",
+	"packages.owner.settings.cargo.initialize.description": "Un dépôt Git d’index spécial est nécessaire pour utiliser le registre Cargo. Utiliser cette option va (re)créer le dépôt et le configurer automatiquement.",
+	"packages.owner.settings.cargo.initialize.error": "Impossible d'initialiser l'index de Cargo : %v",
+	"packages.owner.settings.cargo.initialize.success": "L'index Cargo a été créé avec succès.",
+	"packages.owner.settings.cargo.rebuild": "Reconstruire l'index",
+	"packages.owner.settings.cargo.rebuild.description": "La reconstruction peut être utile si l'index n'est pas synchronisé avec les paquets Cargo stockés.",
+	"packages.owner.settings.cargo.rebuild.error": "Impossible de reconstruire l'index Cargo : %v",
+	"packages.owner.settings.cargo.rebuild.success": "L'index Cargo a été reconstruit avec succès.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Incapable de reconstruire, index non initialisé.",
+	"packages.owner.settings.cleanuprules.title": "Règles de nettoyage",
+	"packages.owner.settings.cleanuprules.add": "Ajouter une règle de nettoyage",
+	"packages.owner.settings.cleanuprules.edit": "Modifier la règle de nettoyage",
+	"packages.owner.settings.cleanuprules.none": "Aucune règle de nettoyage disponible. Veuillez consulter la documentation.",
+	"packages.owner.settings.cleanuprules.preview": "Aperçu des règles de nettoyage",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d paquets sont programmés pour être supprimés.",
+	"packages.owner.settings.cleanuprules.preview.none": "La règle de nettoyage ne correspond à aucun paquet.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Appliquer le motif au nom complet du paquet",
+	"packages.owner.settings.cleanuprules.keep.title": "Les versions qui correspondent à ces règles sont conservées, même si elles correspondent à une règle de suppression ci-dessous.",
+	"packages.owner.settings.cleanuprules.keep.count": "Garder le plus récent",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Garder les versions correspondantes",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "La version <code>latest</code> est toujours conservée pour les paquets Container.",
+	"packages.owner.settings.cleanuprules.remove.title": "Les versions qui correspondent à ces règles sont supprimées, sauf si une règle ci-dessus dit de les garder.",
+	"packages.owner.settings.cleanuprules.remove.days": "Supprimer les versions antérieures à",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Supprimer les versions correspondantes",
+	"packages.owner.settings.cleanuprules.success.update": "La règle de nettoyage a été mise à jour.",
+	"packages.owner.settings.cleanuprules.success.delete": "La règle de nettoyage a été supprimée.",
+	"packages.owner.settings.chef.title": "Dépôt Chef",
+	"packages.owner.settings.chef.keypair": "Générer une paire de clés",
+	"packages.owner.settings.chef.keypair.description": "Les requêtes envoyées au registre Chef doivent être signées cryptographiquement à des fin d'authentification. Lorsqu'une paire de clés est générée, seule la clé publique est conservée dans Forgejo. La clé privée est fournie afin que vous puissiez l'utiliser avec knife. La génération d'une nouvelle clé remplace la précédente.",
 	"fork.n_forks": {
 		"one": "%s bifurcation",
 		"many": "%s bifurcations",
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index 2f3ff7b138..6b0a3b0b80 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -1,4 +1,146 @@
 {
+	"packages.title": "Pacáistí",
+	"packages.empty": "Níl aon phacáistí ann fós.",
+	"packages.empty.documentation": "Le haghaidh tuilleadh eolais ar chlárlann na bpacáistí, féach ar <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">na doiciméid</a>.",
+	"packages.empty.repo": "An ndearna tú uaslódáil ar phacáiste, ach nach bhfuil sé léirithe anseo? Téigh go <a href=\"%[1]s\">socruithe pacáiste</a> agus nasc leis an stóras seo é.",
+	"packages.registry.documentation": "Le haghaidh tuilleadh eolais ar chlárlann %s, féach ar <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">na doiciméid</a>.",
+	"packages.filter.type": "Cineál",
+	"packages.filter.type.all": "Gach",
+	"packages.filter.no_result": "Níor thug do scagaire aon torthaí.",
+	"packages.filter.container.tagged": "Clibeáilte",
+	"packages.filter.container.untagged": "Gan chlib",
+	"packages.published_by": "Foilsithe %[1]s ag <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Foilsithe ag %[1]s ag <a href=\"%[2]s\">%[3]s</a> in <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Chun an pacáiste a shuiteáil ag úsáid Dart, reáchtáil an t-ordú seo a leanas:",
+	"packages.installation": "Suiteáil",
+	"packages.about": "Maidir leis an bpacáiste seo",
+	"packages.requirements": "Riachtanais",
+	"packages.dependencies": "Spleithiúlachtaí",
+	"packages.keywords": "Eochairfhocail",
+	"packages.details": "Sonraí",
+	"packages.details.author": "Údar",
+	"packages.details.license": "Ceadúnas",
+	"packages.assets": "Sócmhainní",
+	"packages.versions": "Leaganacha",
+	"packages.versions.view_all": "Féach ar gach",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Leagan",
+	"packages.search_in_external_registry": "Cuardaigh i %s",
+	"packages.alpine.registry": "Socraigh an chlár seo tríd an url a chur i do chomhad <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Íoslódáil eochair RSA poiblí na clárlainne isteach san fhillteán <code>/etc/apk/keys/</code> chun an síniú innéacs a fhíorú:",
+	"packages.alpine.registry.info": "Roghnaigh $branch agus $repository ón liosta thíos.",
+	"packages.alpine.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
+	"packages.alpine.repository": "Eolas Stórais",
+	"packages.alpine.repository.branches": "Brainsí",
+	"packages.alpine.repository.repositories": "Stórais",
+	"packages.alpine.repository.architectures": "Ailtireachtaí",
+	"packages.cargo.registry": "Socraigh an clárlann seo sa chomhad cumraíochta lasta (mar shampla <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Chun an pacáiste a shuiteáil ag baint úsáide as Cargo, reáchtáil an t-ordú seo a leanas:",
+	"packages.chef.registry": "Socraigh an clárlann seo i do chomhad <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
+	"packages.composer.registry": "Socraigh an chlár seo i do chomhad <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "Chun an pacáiste a shuiteáil ag baint úsáide as Cumadóir, reáchtáil an t-ordú seo a leanas:",
+	"packages.composer.dependencies": "Spleithiúlachtaí",
+	"packages.composer.dependencies.development": "Spleithiúlachtaí Forbartha",
+	"packages.conan.registry": "Socraigh an clárlann seo ón líne ordaithe:",
+	"packages.conan.install": "Chun an pacáiste a shuiteáil ag úsáid Conan, reáchtáil an t-ordú seo a leanas:",
+	"packages.conda.registry": "Socraigh an chlár seo mar stóras Conda i do chomhad <code>.condarc</code>:",
+	"packages.conda.install": "Chun an pacáiste a shuiteáil ag úsáid Conda, reáchtáil an t-ordú seo a leanas:",
+	"packages.container.details.type": "Cineál Íomhá",
+	"packages.container.details.platform": "Ardán",
+	"packages.container.pull": "Tarraing an íomhá ón líne ordaithe:",
+	"packages.container.digest": "Díleáigh",
+	"packages.container.multi_arch": "Córas Oibriúcháin / Ailtireacht",
+	"packages.container.layers": "Sraitheanna Íomhá",
+	"packages.container.labels": "Lipéid",
+	"packages.container.labels.key": "Eochair",
+	"packages.container.labels.value": "Luach",
+	"packages.cran.registry": "Cumraigh an chlárlann seo i do chomhad <code>Rprofile.site</code>:",
+	"packages.cran.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
+	"packages.debian.registry": "Socraigh an clárlann seo ón líne ordaithe:",
+	"packages.debian.registry.info": "Roghnaigh $distribution agus $component ón liosta thíos.",
+	"packages.debian.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
+	"packages.debian.repository": "Eolas Stóras",
+	"packages.debian.repository.distributions": "Dáiltí",
+	"packages.debian.repository.components": "Comhpháirteanna",
+	"packages.debian.repository.architectures": "Ailtireachtaí",
+	"packages.generic.download": "Íoslódáil pacáiste ón líne ordaithe:",
+	"packages.go.install": "Suiteáil an pacáiste ón líne ordaithe:",
+	"packages.helm.registry": "Socraigh an clárlann seo ón líne ordaithe:",
+	"packages.helm.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
+	"packages.maven.registry": "Socraigh an clárlann seo i do chomhad <code>pom.xml</code> tionscadail:",
+	"packages.maven.install": "Chun an pacáiste a úsáid cuir na nithe seo a leanas sa bhloc <code>spleáchais</code> sa chomhad <code>pom.xml</code>:",
+	"packages.maven.install2": "Rith tríd an líne ordaithe:",
+	"packages.maven.download": "Chun an spleáchas a íoslódáil, rith tríd an líne ordaithe:",
+	"packages.nuget.registry": "Socraigh an clárlann seo ón líne ordaithe:",
+	"packages.nuget.install": "Chun an pacáiste a shuiteáil ag úsáid NuGet, reáchtáil an t-ordú seo a leanas:",
+	"packages.nuget.dependency.framework": "Spriocchreat",
+	"packages.npm.registry": "Socraigh an chlárlann seo i do chomhad <code>.npmrc</code> do thionscadail:",
+	"packages.npm.install": "Chun an pacáiste a shuiteáil ag úsáid npm, reáchtáil an t-ordú seo a leanas:",
+	"packages.npm.install2": "nó cuir leis an gcomhad package.json é:",
+	"packages.npm.dependencies": "Spleithiúlachtaí",
+	"packages.npm.dependencies.development": "Spleithiúlachtaí Forbartha",
+	"packages.npm.dependencies.bundle": "Spleáchais Chuachta",
+	"packages.npm.dependencies.peer": "Spleithiúlachtaí Piaraí",
+	"packages.npm.dependencies.optional": "Spleáchais Roghnacha",
+	"packages.npm.details.tag": "Clib",
+	"packages.pypi.requires": "Teastaíonn Python",
+	"packages.pypi.install": "Chun an pacáiste a shuiteáil ag úsáid pip, reáchtáil an t-ordú seo a leanas:",
+	"packages.rpm.registry": "Socraigh an clárlann seo ón líne ordaithe:",
+	"packages.rpm.distros.redhat": "ar dháileadh bunaithe ar RedHat",
+	"packages.rpm.distros.suse": "ar dháileadh bunaithe ar SUSE",
+	"packages.rpm.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
+	"packages.rpm.repository": "Eolas Stóras",
+	"packages.rpm.repository.architectures": "Ailtireachtaí",
+	"packages.rpm.repository.multiple_groups": "Tá an pacáiste seo ar fáil i ngrúpaí éagsúla.",
+	"packages.rubygems.install": "Chun an pacáiste a shuiteáil ag baint úsáide as gem, reáchtáil an t-ordú seo a leanas:",
+	"packages.rubygems.install2": "nó cuir leis an Gemfile é:",
+	"packages.rubygems.dependencies.runtime": "Spleáchais Rith-Ama",
+	"packages.rubygems.dependencies.development": "Spleáchais Forbartha",
+	"packages.rubygems.required.ruby": "Éilíonn leagan Ruby",
+	"packages.rubygems.required.rubygems": "Éilíonn leagan RubyGem",
+	"packages.swift.registry": "Socraigh an clárlann seo ón líne ordaithe:",
+	"packages.swift.install": "Cuir an pacáiste i do <code>chomhad Package.swift</code>:",
+	"packages.swift.install2": "agus reáchtáil an t-ordú seo a leanas:",
+	"packages.vagrant.install": "Chun bosca Vagrant a chur leis, reáchtáil an t-ordú seo a leanas:",
+	"packages.settings.link": "Nasc an pacáiste seo le stóras",
+	"packages.settings.link.description": "Má nascann tú pacáiste le stóras, liostaítear an pacáiste i liosta pacáistí an stórais.",
+	"packages.settings.link.select": "Roghnaigh Stóras",
+	"packages.settings.link.button": "Nuashonraigh Nasc Stórais",
+	"packages.settings.link.success": "D'éirigh le nasc an stórais a nuashonrú.",
+	"packages.settings.link.error": "Theip ar an nasc stóras a nuashonrú.",
+	"packages.settings.delete": "Scrios pacáiste",
+	"packages.settings.delete.description": "Tá pacáiste a scriosadh buan agus ní féidir é a chur ar ais.",
+	"packages.settings.delete.notice": "Tá tú ar tí %s (%s) a scriosadh. Tá an oibríocht seo dochúlaithe, an bhfuil tú cinnte?",
+	"packages.settings.delete.success": "Tá an pacáiste scriosta.",
+	"packages.settings.delete.error": "Theip ar an pacáiste a scriosadh.",
+	"packages.owner.settings.cargo.title": "Innéacs Clárlann Lasta",
+	"packages.owner.settings.cargo.initialize": "Innéacs a chur i dtosach",
+	"packages.owner.settings.cargo.initialize.description": "Tá gá le stóras innéacs speisialta Git chun an clárlann Cargo a úsáid. Tríd an rogha seo, cruthófar an stóras (nó athchruthófar é) agus cumrófar é go huathoibríoch.",
+	"packages.owner.settings.cargo.initialize.error": "Níorbh fhéidir an t-innéacs Cargo a thúsú: %v",
+	"packages.owner.settings.cargo.initialize.success": "Cruthaíodh an t-innéacs Cargo go rathúil.",
+	"packages.owner.settings.cargo.rebuild": "Innéacs Atógáil",
+	"packages.owner.settings.cargo.rebuild.description": "Is féidir atógáil a bheith úsáideach mura bhfuil an t-innéacs sioncronaithe leis na pacáistí Cargo stóráilte.",
+	"packages.owner.settings.cargo.rebuild.error": "Níorbh fhéidir an t-innéacs Cargo a atógáil: %v",
+	"packages.owner.settings.cargo.rebuild.success": "D'éirigh leis an innéacs Cargo a atógáil.",
+	"packages.owner.settings.cleanuprules.add": "Cuir Riail Glantacháin leis",
+	"packages.owner.settings.cleanuprules.edit": "Cuir Riail Glantacháin in eagar",
+	"packages.owner.settings.cleanuprules.preview": "Réamhamharc Riail Glantacháin",
+	"packages.owner.settings.cleanuprules.preview.overview": "Tá pacáistí %d beartaithe a bhaint.",
+	"packages.owner.settings.cleanuprules.preview.none": "Ní hionann riail glantacháin agus pacáistí ar bith.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Cuir patrún i bhfeidhm ar ainm an phacáiste iomlán",
+	"packages.owner.settings.cleanuprules.keep.title": "Coinnítear leaganacha a mheaitseálann leis na rialacha seo, fiú má mheaitseálann siad riail bhaint thíos.",
+	"packages.owner.settings.cleanuprules.keep.count": "Coinnigh an ceann is déanaí",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Coinnigh leaganacha meaitseála",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Coinnítear an leagan <code>is déanaí</code> le haghaidh pacáistí Coimeádán i gcónaí.",
+	"packages.owner.settings.cleanuprules.remove.title": "Baintear leaganacha a mheaitseálann leis na rialacha seo, mura deir riail thuas iad a choinneáil.",
+	"packages.owner.settings.cleanuprules.remove.days": "Bain leaganacha níos sine ná",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Bain leaganacha meaitseála",
+	"packages.owner.settings.cleanuprules.success.update": "Nuashonraíodh an riail ghlantacháin.",
+	"packages.owner.settings.cleanuprules.success.delete": "Scriosadh an riail glantacháin.",
+	"packages.owner.settings.chef.title": "Clárlann Chef",
+	"packages.owner.settings.chef.keypair": "Gin péire eochair",
+	"packages.owner.settings.chef.keypair.description": "Tá eochairphéire riachtanach le fíordheimhniú a dhéanamh ar chlárlann an Chef. Má tá péire eochrach ginte agat roimhe seo, má ghinfidh tú eochairphéire nua, scriosfar an seanphéire eochair.",
 	"migrate.git.description": "Ná himirce stórlann ach ó aon seirbhís Git.",
 	"migrate.gitea.description": "Imirce sonraí ó gitea.com nó ó chásanna Gitea eile.",
 	"migrate.gitlab.description": "Imirce sonraí ó gitlab.com nó ó chásanna GitLab eile.",
diff --git a/options/locale_next/locale_hu-HU.json b/options/locale_next/locale_hu-HU.json
index 9894730929..27f47f82c5 100644
--- a/options/locale_next/locale_hu-HU.json
+++ b/options/locale_next/locale_hu-HU.json
@@ -1,4 +1,7 @@
 {
+	"packages.filter.type": "Típus",
+	"packages.alpine.repository.branches": "Ágak",
+	"packages.alpine.repository.repositories": "Tárolók",
 	"repo.pulls.merged_title_desc": "egyesítve %[1]d változás(ok) a <code>%[2]s</code>-ból <code>%[3]s</code>-ba %[4]s",
 	"repo.pulls.title_desc": "egyesíteni szeretné %[1]d változás(oka)t a(z) <code>%[2]s</code>-ból <code id=\"%[4]s\">%[3]s</code>-ba",
 	"search.milestone_kind": "Mérföldkövek keresése...",
diff --git a/options/locale_next/locale_id-ID.json b/options/locale_next/locale_id-ID.json
index 0b447adf4f..2dbd0edc2b 100644
--- a/options/locale_next/locale_id-ID.json
+++ b/options/locale_next/locale_id-ID.json
@@ -1,4 +1,7 @@
 {
+	"packages.filter.type": "Jenis",
+	"packages.alpine.repository.branches": "Cabang",
+	"packages.alpine.repository.repositories": "Repositori",
 	"repo.pulls.merged_title_desc": "commit %[1]d telah digabungkan dari <code>%[2]s</code> menjadi <code>%[3]s</code> %[4]s",
 	"repo.pulls.title_desc": "ingin menggabungkan komit %[1]d dari <code>%[2]s</code> menuju <code id=\"%[4]s\">%[3]s</code>",
 	"moderation.abuse_category.malware": "Perangkat pembahaya",
diff --git a/options/locale_next/locale_is-IS.json b/options/locale_next/locale_is-IS.json
index 78dd51eea5..f46c872aab 100644
--- a/options/locale_next/locale_is-IS.json
+++ b/options/locale_next/locale_is-IS.json
@@ -1,4 +1,24 @@
 {
+	"packages.title": "Pakkar",
+	"packages.filter.type": "Tegund",
+	"packages.filter.type.all": "Allir",
+	"packages.installation": "Uppsetning",
+	"packages.keywords": "Stikkorð",
+	"packages.details": "Nánar",
+	"packages.details.author": "Höfundur",
+	"packages.details.license": "Hugbúnaðarleyfi",
+	"packages.versions": "Útgáfur",
+	"packages.versions.view_all": "Sjá allar",
+	"packages.dependency.id": "Auðkenni",
+	"packages.dependency.version": "Útgáfa",
+	"packages.alpine.repository.branches": "Greinar",
+	"packages.alpine.repository.repositories": "Hugbúnaðarsöfn",
+	"packages.container.details.platform": "Vettvangur",
+	"packages.container.labels": "Lýsingar",
+	"packages.container.labels.key": "Lykill",
+	"packages.container.labels.value": "Gildi",
+	"packages.npm.details.tag": "Merki",
+	"packages.pypi.requires": "Þarfnast Python",
 	"repo.pulls.title_desc": "vill sameina %[1]d framlög frá <code>%[2]s</code> í <code id=\"%[4]s\">%[3]s</code>",
 	"migrate.git.description": "Flytja hugbúnaðarsafn aðeins frá Git þjónustu.",
 	"meta.last_line": " "
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index 5f431a6f87..380dbdb8dd 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Pacchetti",
+	"packages.empty": "Non ci sono ancora pacchetti.",
+	"packages.empty.documentation": "Per ulteriori informazioni sul registro dei pacchetti vedi <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentazione</a>.",
+	"packages.empty.repo": "Hai caricato un pacchetto, ma non è mostrato qui? Vai alle <a href=\"%[1]s\">impostazioni del pacchetto</a> e collegalo a questo repo.",
+	"packages.registry.documentation": "Per ulteriori informazioni sul registro %s vedi <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentazione</a>.",
+	"packages.filter.type": "Tipo",
+	"packages.filter.type.all": "Tutti",
+	"packages.filter.no_result": "Il filtro non ha prodotto risultati.",
+	"packages.filter.container.tagged": "Etichettato",
+	"packages.filter.container.untagged": "Nont etichettato",
+	"packages.published_by": "Pubblicato %[1]s di <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Pubblicato %[1]s di <a href=\"%[2]s\">%[3]s</a> in <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Per installare il pacchetto utilizzando NuGet, eseguire il seguente comando:",
+	"packages.installation": "Installazione",
+	"packages.about": "Informazioni su questo pacchetto",
+	"packages.requirements": "Requisiti",
+	"packages.dependencies": "Dipendenze",
+	"packages.keywords": "Parole Chiave",
+	"packages.details": "Dettagli",
+	"packages.details.author": "Autore",
+	"packages.details.project_site": "Sito del progetto",
+	"packages.details.repository_site": "Sito del repositorio",
+	"packages.details.documentation_site": "Sito della documentazione",
+	"packages.details.license": "Licenza",
+	"packages.assets": "Asset",
+	"packages.versions": "Versioni",
+	"packages.versions.view_all": "Vedi tutti",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Versione",
+	"packages.search_in_external_registry": "Cerca in %s",
+	"packages.alpine.registry": "Imposta questo registro aggiungendo l'URL nel tuo file <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Scarica la chiave RSA pubblica del registro nella cartella <code>/etc/apk/keys/</code> per verificare la firma dell'indice:",
+	"packages.alpine.registry.info": "scegli $ramo e $repositorio dalla lista sotto.",
+	"packages.alpine.install": "Per installare il pacchetto, eseguire il seguente comando:",
+	"packages.alpine.repository": "Informazioni sul repositorio",
+	"packages.alpine.repository.branches": "Rami",
+	"packages.alpine.repository.repositories": "Repository",
+	"packages.alpine.repository.architectures": "Architetture",
+	"packages.arch.pacman.helper.gpg": "Aggiungi il certificato a pacman:",
+	"packages.arch.pacman.repo.multi": "%s ha la stessa versione in diverse distribuzioni.",
+	"packages.arch.pacman.repo.multi.item": "Configurazione per %s",
+	"packages.arch.pacman.conf": "Aggiungi il server con la relativa distribuzione e architettura a <code>/etc/pacman.conf</code>:",
+	"packages.arch.pacman.sync": "Sincronizza il paccketto con pacman:",
+	"packages.arch.version.properties": "Proprietà della versione",
+	"packages.arch.version.description": "Descrizione",
+	"packages.arch.version.provides": "Fornisce",
+	"packages.arch.version.groups": "Gruppo",
+	"packages.arch.version.depends": "Dipende da",
+	"packages.arch.version.optdepends": "Dipende opzionalmente da",
+	"packages.arch.version.makedepends": "Dipendenze di build",
+	"packages.arch.version.checkdepends": "Dipendenze di controllo",
+	"packages.arch.version.conflicts": "Va in conflitto con",
+	"packages.arch.version.replaces": "Sostituisce",
+	"packages.arch.version.backup": "Backup",
+	"packages.cargo.registry": "Imposta il registro nel file di configurazione di Cargo (per esempio <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Per installare il pacchetto usando Cargo esegui il comando seguente:",
+	"packages.chef.registry": "Imposta questo registro nel tuo file <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "Per installare il pacchetto, eseguire il seguente comando:",
+	"packages.composer.registry": "Imposta questo registro nel tuo file <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "Per installare il pacchetto utilizzando Composer, eseguire il seguente comando:",
+	"packages.composer.dependencies": "Dipendenze",
+	"packages.composer.dependencies.development": "Dipendenze Di Sviluppo",
+	"packages.conan.registry": "Configura questo registro dalla riga di comando:",
+	"packages.conan.install": "Per installare il pacchetto usando Conan, eseguire il seguente comando:",
+	"packages.conda.registry": "Imposta questo registro come un repositorio Conda nel tuo file <code>.condarc</code>:",
+	"packages.conda.install": "Per installare il pacchetto usando conda, esegui il comando seguente:",
+	"packages.container.images.title": "Immagini",
+	"packages.container.details.type": "Tipo Immagine",
+	"packages.container.details.platform": "Piattaforma",
+	"packages.container.pull": "Tirare l'immagine dalla riga di comando:",
+	"packages.container.digest": "Digest:",
+	"packages.container.multi_arch": "SO / Architettura",
+	"packages.container.layers": "Livelli Immagine",
+	"packages.container.labels": "Etichette",
+	"packages.container.labels.key": "Chiave",
+	"packages.container.labels.value": "Valore",
+	"packages.cran.registry": "Imposta questo registro nel tuo file <code>Rprofile.site</code>:",
+	"packages.cran.install": "Per installare il pacchetto, eseguire il seguente comando:",
+	"packages.debian.registry": "Configura questo registro dalla riga di comando:",
+	"packages.debian.registry.info": "Scegli $distribuzione e $componente dalla lista sotto.",
+	"packages.debian.install": "Per installare il pacchetto, eseguire il seguente comando:",
+	"packages.debian.repository": "Informazioni sul repositorio",
+	"packages.debian.repository.distributions": "Distribuzioni",
+	"packages.debian.repository.components": "Componenti",
+	"packages.debian.repository.architectures": "Architetture",
+	"packages.generic.download": "Scarica il pacchetto dalla riga di comando:",
+	"packages.go.install": "Installa il pacchetto dalla riga di comando:",
+	"packages.helm.registry": "Configura questo registro dalla riga di comando:",
+	"packages.helm.install": "Per installare il pacchetto, eseguire il seguente comando:",
+	"packages.maven.registry": "Configura questo registro nel file <code>pom.xml</code> del tuo progetto:",
+	"packages.maven.install": "Per utilizzare il pacchetto includere i seguenti nel blocco <code>dipendenze</code> nel file <code>pom.xml</code>:",
+	"packages.maven.install2": "Esegui tramite riga di comando:",
+	"packages.maven.download": "Per scaricare la dipendenza, eseguire tramite riga di comando:",
+	"packages.nuget.registry": "Configura questo registro dalla riga di comando:",
+	"packages.nuget.install": "Per installare il pacchetto utilizzando NuGet, eseguire il seguente comando:",
+	"packages.nuget.dependency.framework": "Target Framework",
+	"packages.npm.registry": "Impostare questo registro nel file del progetto <code>.npmrc</code>:",
+	"packages.npm.install": "Per installare il pacchetto usando npm, eseguire il seguente comando:",
+	"packages.npm.install2": "o aggiungerlo al file package.json:",
+	"packages.npm.dependencies": "Dipendenze",
+	"packages.npm.dependencies.development": "Dipendenze Di Sviluppo",
+	"packages.npm.dependencies.bundle": "Dipendenze raggruppate",
+	"packages.npm.dependencies.peer": "Dipendenze Peer",
+	"packages.npm.dependencies.optional": "Dipendenze Opzionali",
+	"packages.npm.details.tag": "Tag",
+	"packages.pypi.requires": "Richiede Python",
+	"packages.pypi.install": "Per installare il pacchetto usando pip, eseguire il seguente comando:",
+	"packages.rpm.registry": "Configura questo registro dalla riga di comando:",
+	"packages.rpm.distros.redhat": "sulle distribuzione basate su RedHat",
+	"packages.rpm.distros.suse": "sulle distribuzioni basate su SUSE",
+	"packages.rpm.install": "Per installare il pacchetto, eseguire il seguente comando:",
+	"packages.rpm.repository": "Informazioni sul repositorio",
+	"packages.rpm.repository.architectures": "Architetture",
+	"packages.rpm.repository.multiple_groups": "Questo pacchetto è disponibile in molteplici gruppi.",
+	"packages.alt.registry": "Configura questo registro dalla riga di comando:",
+	"packages.alt.registry.install": "Per installare il pacchetto, esegui il comando seguente:",
+	"packages.alt.install": "Installa pacchetto",
+	"packages.alt.setup": "Aggiungi il repositorio alla lista dei repositori in rete (seleziona l'architettura necessaria al posto di \"_arch_\"):",
+	"packages.alt.repository": "Informazioni del repositorio",
+	"packages.alt.repository.architectures": "Architetture",
+	"packages.alt.repository.multiple_groups": "Questo pacchetto è disponibile per più gruppi.",
+	"packages.rubygems.install": "Per installare il pacchetto usando gem, eseguire il seguente comando:",
+	"packages.rubygems.install2": "o aggiungerlo al file Gem:",
+	"packages.rubygems.dependencies.runtime": "Dipendenze Runtime",
+	"packages.rubygems.dependencies.development": "Dipendenze Di Sviluppo",
+	"packages.rubygems.required.ruby": "Richiede la versione di Ruby",
+	"packages.rubygems.required.rubygems": "Richiede la versione RubyGem",
+	"packages.swift.registry": "Configura questo registro dalla riga di comando:",
+	"packages.swift.install": "Aggiungi il pacchetto nel tuo file <code>Package.swift</code>:",
+	"packages.swift.install2": "ed esegui il comando seguente:",
+	"packages.vagrant.install": "Per aggiungere una scatola Vagrant esegui il comando seguente:",
+	"packages.settings.link": "Collega questo pacchetto a un repository",
+	"packages.settings.link.description": "Se si collega un pacchetto a un repository, il pacchetto è elencato nell'elenco dei pacchetti del repository.",
+	"packages.settings.link.select": "Seleziona repositorio",
+	"packages.settings.link.button": "Aggiorna collegamento repositorio",
+	"packages.settings.link.success": "Il link del repository è stato aggiornato correttamente.",
+	"packages.settings.link.error": "Impossibile aggiornare il link del repository.",
+	"packages.settings.delete": "Elimina pacchetto",
+	"packages.settings.delete.description": "L'eliminazione di un pacchetto è permanente e non può essere annullata.",
+	"packages.settings.delete.notice": "Stai per eliminare %s (%s). Questa operazione è irreversibile, sei sicuro?",
+	"packages.settings.delete.success": "Il pacchetto è stato eliminato.",
+	"packages.settings.delete.error": "Impossibile eliminare il pacchetto.",
+	"packages.owner.settings.cargo.title": "Indice del registro di Cargo",
+	"packages.owner.settings.cargo.initialize": "Inizializza indice",
+	"packages.owner.settings.cargo.initialize.description": "Per utilizzare il registro Cargo è necessario un repositorio Git con un indice speciale. Utilizzando questa opzione, il repositorio verrà (ri)creato e configurato automaticamente.",
+	"packages.owner.settings.cargo.initialize.error": "Impossibile inizializzare l'indice di cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "L'indice di Cargo è stato creato correttamente.",
+	"packages.owner.settings.cargo.rebuild": "Ricostruendo l'indice",
+	"packages.owner.settings.cargo.rebuild.description": "La ricostruzione può essere utile se l'indice non è sincronizzato con i pacchetti Cargo conservati.",
+	"packages.owner.settings.cargo.rebuild.error": "Impossibile ricostruire l'indice di Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "L'indice di Cargo è stato ricostruito correttamente.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Impossibile ricostruire, nessun indice è inizializzato.",
+	"packages.owner.settings.cleanuprules.title": "Gestisci regole di pulizia",
+	"packages.owner.settings.cleanuprules.add": "Aggiungi regola di pulizia",
+	"packages.owner.settings.cleanuprules.edit": "Modifica regola di pulizia",
+	"packages.owner.settings.cleanuprules.none": "Non c'è ancora nessuna regola di pulizia.",
+	"packages.owner.settings.cleanuprules.preview": "Anteprima della regola di pulizia",
+	"packages.owner.settings.cleanuprules.preview.overview": "È prevista la rimozione di %d pacchetti.",
+	"packages.owner.settings.cleanuprules.preview.none": "La regola di pulizia non corrisponde ad alcun pacchetto.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Applica il modello a tutto il nome del pacchetto",
+	"packages.owner.settings.cleanuprules.keep.title": "Le versioni che soddisfano queste regole sono mantenute, anche se soddisfano una regola di rimozione sotto.",
+	"packages.owner.settings.cleanuprules.keep.count": "Mantieni la più recente",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Mantieni le versioni corrispondenti",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "La versione <code>latest</code> è sempre tenuta per pacchetti container.",
+	"packages.owner.settings.cleanuprules.remove.title": "Le versioni che soddisfano queste regole saranno rimosse, eccetto se la regola sopra dice di tenerle.",
+	"packages.owner.settings.cleanuprules.remove.days": "Rimuovi versioni più vecchie di",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Rimuovi versioni corrispondenti",
+	"packages.owner.settings.cleanuprules.success.update": "La regola di pulizia è stata aggiornata.",
+	"packages.owner.settings.cleanuprules.success.delete": "La regola di pulizia è stata eliminata.",
+	"packages.owner.settings.chef.title": "Registro Chef",
+	"packages.owner.settings.chef.keypair": "Genera coppia di chiavi",
+	"packages.owner.settings.chef.keypair.description": "Per autenticarsi al registro Chef è necessaria una coppia di chiavi. Se hai già generato una coppia di chiavi la generazione di una nuova coppia scarterà la vecchia.",
 	"fork.n_forks": {
 		"one": "%s biforcazioni",
 		"many": "%s biforcazioni",
diff --git a/options/locale_next/locale_ja-JP.json b/options/locale_next/locale_ja-JP.json
index 00bc49c676..d46e641da9 100644
--- a/options/locale_next/locale_ja-JP.json
+++ b/options/locale_next/locale_ja-JP.json
@@ -1,4 +1,152 @@
 {
+	"packages.title": "パッケージ",
+	"packages.empty": "パッケージはまだありません。",
+	"packages.empty.documentation": "パッケージレジストリの詳細については、 <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">ドキュメント</a> を参照してください。",
+	"packages.empty.repo": "パッケージはアップロードしたけども、ここに表示されない？ <a href=\"%[1]s\">パッケージ設定</a>を開いて、パッケージをこのリポジトリにリンクしてください。",
+	"packages.registry.documentation": "%sレジストリの詳細については、 <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">ドキュメント</a> を参照してください。",
+	"packages.filter.type": "タイプ",
+	"packages.filter.type.all": "すべて",
+	"packages.filter.no_result": "フィルタの結果、空になりました。",
+	"packages.filter.container.tagged": "タグあり",
+	"packages.filter.container.untagged": "タグなし",
+	"packages.published_by": "%[1]sに<a href=\"%[2]s\">%[3]s</a>が配布",
+	"packages.published_by_in": "%[1]sに<a href=\"%[2]s\">%[3]s</a>が<a href=\"%[4]s\"><strong>%[5]s</strong></a>で配布",
+	"packages.pub.install": "Dart を使用してパッケージをインストールするには、次のコマンドを実行します:",
+	"packages.installation": "インストール方法",
+	"packages.about": "このパッケージについて",
+	"packages.requirements": "要求事項",
+	"packages.dependencies": "依存関係",
+	"packages.keywords": "キーワード",
+	"packages.details": "詳細",
+	"packages.details.author": "著作者",
+	"packages.details.project_site": "プロジェクトサイト",
+	"packages.details.repository_site": "リポジトリサイト",
+	"packages.details.documentation_site": "ドキュメンテーションサイト",
+	"packages.details.license": "ライセンス",
+	"packages.assets": "アセット",
+	"packages.versions": "バージョン",
+	"packages.versions.view_all": "すべて表示",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "バージョン",
+	"packages.search_in_external_registry": "%s で検索",
+	"packages.alpine.registry": "あなたの <code>/etc/apk/repositories</code> ファイルにURLを追加して、このレジストリをセットアップします:",
+	"packages.alpine.registry.key": "インデックス署名の検証のため、レジストリのRSA公開鍵を <code>/etc/apk/keys/</code> フォルダにダウンロードします:",
+	"packages.alpine.registry.info": "$branch と $repository は下にあるリストから選んでください。",
+	"packages.alpine.install": "パッケージをインストールするには、次のコマンドを実行します:",
+	"packages.alpine.repository": "リポジトリ情報",
+	"packages.alpine.repository.branches": "Branches",
+	"packages.alpine.repository.repositories": "Repositories",
+	"packages.alpine.repository.architectures": "Architectures",
+	"packages.cargo.registry": "Cargo 設定ファイルでこのレジストリをセットアップします。(例 <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Cargo を使用してパッケージをインストールするには、次のコマンドを実行します:",
+	"packages.chef.registry": "あなたの <code>~/.chef/config.rb</code> ファイルに、このレジストリをセットアップします:",
+	"packages.chef.install": "パッケージをインストールするには、次のコマンドを実行します:",
+	"packages.composer.registry": "あなたの <code>~/.composer/config.json</code> ファイルに、このレジストリをセットアップします:",
+	"packages.composer.install": "Composer を使用してパッケージをインストールするには、次のコマンドを実行します:",
+	"packages.composer.dependencies": "依存関係",
+	"packages.composer.dependencies.development": "開発用依存関係",
+	"packages.conan.registry": "このレジストリをコマンドラインからセットアップします:",
+	"packages.conan.install": "Conan を使用してパッケージをインストールするには、次のコマンドを実行します:",
+	"packages.conda.registry": "あなたの <code>.condarc</code> ファイルに、このレジストリを Conda リポジトリとしてセットアップします:",
+	"packages.conda.install": "Conda を使用してパッケージをインストールするには、次のコマンドを実行します:",
+	"packages.container.details.type": "イメージタイプ",
+	"packages.container.details.platform": "プラットフォーム",
+	"packages.container.pull": "コマンドラインでイメージを取得します:",
+	"packages.container.digest": "ダイジェスト:",
+	"packages.container.multi_arch": "OS / アーキテクチャ",
+	"packages.container.layers": "イメージレイヤー",
+	"packages.container.labels": "ラベル",
+	"packages.container.labels.key": "キー",
+	"packages.container.labels.value": "値",
+	"packages.cran.registry": "あなたの <code>Rprofile.site</code> ファイルに、このレジストリをセットアップします:",
+	"packages.cran.install": "パッケージをインストールするには、次のコマンドを実行します:",
+	"packages.debian.registry": "このレジストリをコマンドラインからセットアップします:",
+	"packages.debian.registry.info": "$distribution と $component は下にあるリストから選んでください。",
+	"packages.debian.install": "パッケージをインストールするには、次のコマンドを実行します:",
+	"packages.debian.repository": "リポジトリ情報",
+	"packages.debian.repository.distributions": "Distributions",
+	"packages.debian.repository.components": "Components",
+	"packages.debian.repository.architectures": "Architectures",
+	"packages.generic.download": "コマンドラインでパッケージをダウンロードします:",
+	"packages.go.install": "コマンドラインでパッケージをインストール:",
+	"packages.helm.registry": "このレジストリをコマンドラインからセットアップします:",
+	"packages.helm.install": "パッケージをインストールするには、次のコマンドを実行します:",
+	"packages.maven.registry": "あなたのプロジェクトの <code>pom.xml</code> ファイルに、このレジストリをセットアップします:",
+	"packages.maven.install": "パッケージを使用するため <code>pom.xml</code> ファイル内の <code>dependencies</code> ブロックに以下を含めます:",
+	"packages.maven.install2": "コマンドラインで実行します:",
+	"packages.maven.download": "依存関係をダウンロードするには、コマンドラインでこれを実行します:",
+	"packages.nuget.registry": "このレジストリをコマンドラインからセットアップします:",
+	"packages.nuget.install": "NuGet を使用してパッケージをインストールするには、次のコマンドを実行します:",
+	"packages.nuget.dependency.framework": "ターゲットフレームワーク",
+	"packages.npm.registry": "あなたのプロジェクトの <code>.npmrc</code> ファイルに、このレジストリをセットアップします:",
+	"packages.npm.install": "npm を使用してパッケージをインストールするには、次のコマンドを実行します:",
+	"packages.npm.install2": "または package.json ファイルに追加します:",
+	"packages.npm.dependencies": "依存関係",
+	"packages.npm.dependencies.development": "開発用依存関係",
+	"packages.npm.dependencies.bundle": "バンドルされた依存関係",
+	"packages.npm.dependencies.peer": "Peer依存関係",
+	"packages.npm.dependencies.optional": "オプションの依存関係",
+	"packages.npm.details.tag": "タグ",
+	"packages.pypi.requires": "必要なPython",
+	"packages.pypi.install": "pip を使用してパッケージをインストールするには、次のコマンドを実行します:",
+	"packages.rpm.registry": "このレジストリをコマンドラインからセットアップします:",
+	"packages.rpm.distros.redhat": "RedHat系ディストリビューションの場合",
+	"packages.rpm.distros.suse": "SUSE系ディストリビューションの場合",
+	"packages.rpm.install": "パッケージをインストールするには、次のコマンドを実行します:",
+	"packages.rpm.repository": "リポジトリ情報",
+	"packages.rpm.repository.architectures": "Architectures",
+	"packages.rpm.repository.multiple_groups": "このパッケージは複数のグループで利用できます。",
+	"packages.rubygems.install": "gem を使用してパッケージをインストールするには、次のコマンドを実行します:",
+	"packages.rubygems.install2": "または Gemfile に追加します:",
+	"packages.rubygems.dependencies.runtime": "実行用依存関係",
+	"packages.rubygems.dependencies.development": "開発用依存関係",
+	"packages.rubygems.required.ruby": "必要なRubyバージョン",
+	"packages.rubygems.required.rubygems": "必要なRubyGemバージョン",
+	"packages.swift.registry": "このレジストリをコマンドラインからセットアップします:",
+	"packages.swift.install": "あなたの <code>Package.swift</code> ファイルにパッケージを追加します:",
+	"packages.swift.install2": "そして次のコマンドを実行します:",
+	"packages.vagrant.install": "Vagrant ボックスを追加するには、次のコマンドを実行します。",
+	"packages.settings.link": "このパッケージをリポジトリにリンク",
+	"packages.settings.link.description": "パッケージをリポジトリにリンクすると、リポジトリのパッケージリストに表示されるようになります。",
+	"packages.settings.link.select": "リポジトリを選択",
+	"packages.settings.link.button": "リポジトリのリンクを更新",
+	"packages.settings.link.success": "リポジトリのリンクが正常に更新されました。",
+	"packages.settings.link.error": "リポジトリのリンクの更新に失敗しました。",
+	"packages.settings.delete": "パッケージ削除",
+	"packages.settings.delete.description": "パッケージの削除は恒久的で元に戻すことはできません。",
+	"packages.settings.delete.notice": "%s (%s) を削除しようとしています。この操作は元に戻せません。よろしいですか？",
+	"packages.settings.delete.success": "パッケージを削除しました。",
+	"packages.settings.delete.error": "パッケージの削除に失敗しました。",
+	"packages.owner.settings.cargo.title": "Cargoレジストリ インデックス",
+	"packages.owner.settings.cargo.initialize": "インデックスを初期化",
+	"packages.owner.settings.cargo.initialize.description": "Cargoレジストリを使用するには、インデックス用の特別なgitリポジトリが必要です。 このオプションを使用するとそのリポジトリを(再)作成し、自動的に構成します。",
+	"packages.owner.settings.cargo.initialize.error": "Cargoインデックスの初期化に失敗しました: %v",
+	"packages.owner.settings.cargo.initialize.success": "Cargoインデックスは正常に作成されました。",
+	"packages.owner.settings.cargo.rebuild": "インデックスを再構築",
+	"packages.owner.settings.cargo.rebuild.description": "インデックスが格納されているCargoパッケージと同期していない場合は、再構築すると良いでしょう。",
+	"packages.owner.settings.cargo.rebuild.error": "Cargoインデックスの再構築に失敗しました: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Cargoインデックスは正常に再構築されました。",
+	"packages.owner.settings.cargo.rebuild.no_index": "再構築できません、インデックスが初期化されていません。",
+	"packages.owner.settings.cleanuprules.title": "クリーンアップルールの管理",
+	"packages.owner.settings.cleanuprules.add": "クリーンアップルールを追加",
+	"packages.owner.settings.cleanuprules.edit": "クリーンアップルールを編集",
+	"packages.owner.settings.cleanuprules.none": "クリーンアップルールはありません。 ドキュメントを参照してください。",
+	"packages.owner.settings.cleanuprules.preview": "クリーンアップルールをプレビュー",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d パッケージが削除される予定です。",
+	"packages.owner.settings.cleanuprules.preview.none": "クリーンアップルールと一致するパッケージがありません。",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "フルパッケージ名にパターンを適用",
+	"packages.owner.settings.cleanuprules.keep.title": "以下のルールにマッチするバージョンを残します。 (下にある削除ルールにマッチしていても残します)",
+	"packages.owner.settings.cleanuprules.keep.count": "最近のものを残す",
+	"packages.owner.settings.cleanuprules.keep.pattern": "マッチするバージョンを残す",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Containerパッケージの場合、<code>最新</code>バージョンは常に残します。",
+	"packages.owner.settings.cleanuprules.remove.title": "以下のルールにマッチするバージョンを削除します。 (上にあるルールが残す対象としている場合を除きます)",
+	"packages.owner.settings.cleanuprules.remove.days": "これより古いバージョンを削除する",
+	"packages.owner.settings.cleanuprules.remove.pattern": "マッチするバージョンを削除する",
+	"packages.owner.settings.cleanuprules.success.update": "クリーンアップルールが更新されました。",
+	"packages.owner.settings.cleanuprules.success.delete": "クリーンアップルールが削除されました。",
+	"packages.owner.settings.chef.title": "Chefレジストリ",
+	"packages.owner.settings.chef.keypair": "キーペアを生成",
+	"packages.owner.settings.chef.keypair.description": "Chefレジストリの認証にはキーペアが必要です。 すでにキーペアを生成していた場合、新しいキーペアを生成すると古いキーペアは破棄されます。",
 	"fork.n_forks": "%s のフォーク",
 	"stars.n_stars": "%s のスター",
 	"release.n_downloads": "%s のダウンロード",
diff --git a/options/locale_next/locale_ka.json b/options/locale_next/locale_ka.json
index e1940e1e14..d9076c6dc1 100644
--- a/options/locale_next/locale_ka.json
+++ b/options/locale_next/locale_ka.json
@@ -1,3 +1,43 @@
 {
+	"packages.title": "პაკეტები",
+	"packages.filter.type": "ტიპი",
+	"packages.filter.type.all": "ყველა",
+	"packages.filter.container.tagged": "ჭდით",
+	"packages.filter.container.untagged": "ჭდემოხსნილი",
+	"packages.installation": "დაყენება",
+	"packages.requirements": "მოთხოვნები",
+	"packages.dependencies": "დამოკიდებულებები",
+	"packages.keywords": "საკვანძო სიტყვები",
+	"packages.details": "დეტალები",
+	"packages.details.author": "ავტორი",
+	"packages.details.license": "ლიცენზია",
+	"packages.assets": "ობიექტები",
+	"packages.versions": "ვერსიები",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "ვერსია",
+	"packages.alpine.repository.branches": "ბრენჩები",
+	"packages.alpine.repository.repositories": "რეპოზიტორიები",
+	"packages.alpine.repository.architectures": "არქიტექტურები",
+	"packages.arch.version.description": "აღწერა",
+	"packages.arch.version.provides": "მოგაწვდით",
+	"packages.arch.version.groups": "ჯგუფი",
+	"packages.arch.version.depends": "დამოკიდებულია",
+	"packages.arch.version.conflicts": "კონფლიქტშია",
+	"packages.arch.version.replaces": "ანაცვლებს",
+	"packages.arch.version.backup": "მარქაფი",
+	"packages.composer.dependencies": "დამოკიდებულებები",
+	"packages.container.images.title": "ასლის ფაილები",
+	"packages.container.details.platform": "პლატფორმა",
+	"packages.container.digest": "დაიჯესტი",
+	"packages.container.labels": "ჭდეები",
+	"packages.container.labels.key": "გასაღები",
+	"packages.container.labels.value": "მნიშვნელობა",
+	"packages.debian.repository.distributions": "დისტრიბუტივები",
+	"packages.debian.repository.components": "კომპონენტები",
+	"packages.debian.repository.architectures": "არქიტექტურები",
+	"packages.npm.dependencies": "დამოკიდებულებები",
+	"packages.npm.details.tag": "ჭდე",
+	"packages.rpm.repository.architectures": "არქიტექტურები",
+	"packages.alt.repository.architectures": "არქიტექტურები",
 	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index d230feaa9c..2a265aa42a 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -1,4 +1,19 @@
 {
+	"packages.installation": "Asebded",
+	"packages.details.project_site": "Asmel Web n usenfar",
+	"packages.details.repository_site": "Asmel Web n ukufi",
+	"packages.details.documentation_site": "Asmel Web n tsemlit",
+	"packages.versions.view_all": "Wali-ten akk",
+	"packages.alpine.repository.branches": "Tiṣeḍwa",
+	"packages.alpine.repository.repositories": "Ikufan",
+	"packages.alpine.repository.architectures": "Tisegda",
+	"packages.arch.version.description": "Aglam",
+	"packages.container.images.title": "Tugniwin",
+	"packages.container.details.platform": "Tiɣerɣert",
+	"packages.debian.repository.architectures": "Tisegda",
+	"packages.rpm.repository.architectures": "Tisegda",
+	"packages.alt.repository.architectures": "Tisegda",
+	"packages.settings.link.select": "Fren akufi",
 	"relativetime.1day": "iḍelli",
 	"home.welcome.no_activity": "Ulac armud",
 	"relativetime.now": "tura",
diff --git a/options/locale_next/locale_ko-KR.json b/options/locale_next/locale_ko-KR.json
index 3aa74996b9..cd781de5e6 100644
--- a/options/locale_next/locale_ko-KR.json
+++ b/options/locale_next/locale_ko-KR.json
@@ -1,4 +1,12 @@
 {
+	"packages.filter.type": "유형",
+	"packages.details.author": "작성자",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "버전",
+	"packages.alpine.repository.branches": "브랜치",
+	"packages.alpine.repository.repositories": "저장소",
+	"packages.maven.download": "종속성을 다운로드하려면 명령줄을 통해 실행하세요:",
+	"packages.nuget.dependency.framework": "타겟 프레임워크",
 	"stars.n_stars": "%s 좋아요",
 	"repo.pulls.merged_title_desc": "님이 <code>%[2]s</code> 에서 <code>%[3]s</code> 로 %[1]d 커밋을 %[4]s 병합함",
 	"repo.pulls.title_desc": "<code>%[2]s</code> 에서 <code id=\"%[4]s\">%[3]s</code> 로 %[1]d개의 커밋들을 병합하려함",
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index e2dbaad744..486f84b286 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Pakotnes",
+	"packages.empty": "Pašlaik šeit nav nevienas pakotnes.",
+	"packages.empty.documentation": "Papildu informācija par pakotņu reģistru ir pieejama <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentācijā</a>.",
+	"packages.empty.repo": "Šeit netiek parādīta augšupielādēta pakotne? Jādodas uz <a href=\"%[1]s\">pakotņu iestatījumiem</a> un jāsasaista tā ar šo glabātavu.",
+	"packages.registry.documentation": "Vairāk informācijas par %s reģistru ir <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentācijā</a>.",
+	"packages.filter.type": "Veids",
+	"packages.filter.type.all": "Visas",
+	"packages.filter.no_result": "Norādītajām atlasīšanas vērtībām nekas neatbilst.",
+	"packages.filter.container.tagged": "Ar birku",
+	"packages.filter.container.untagged": "Bez birkas",
+	"packages.published_by": "Laida klajā <a href=\"%[2]s\">%[3]s</a> %[1]s",
+	"packages.published_by_in": "<a href=\"%[2]s\">%[3]s</a> laida klajā %[1]s <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Lai uzstādītu pakotni ar Dart, jāizpilda šī komanda:",
+	"packages.installation": "Uzstādīšana",
+	"packages.about": "Par šo pakotni",
+	"packages.requirements": "Prasības",
+	"packages.dependencies": "Atkarības",
+	"packages.keywords": "Atslēgvārdi",
+	"packages.details": "Papildu informācija",
+	"packages.details.author": "Autors",
+	"packages.details.project_site": "Projekta tīmekļvietne",
+	"packages.details.repository_site": "Glabātavas tīmekļvietne",
+	"packages.details.documentation_site": "Dokumentācijas tīmekļvietne",
+	"packages.details.license": "Licence",
+	"packages.assets": "Resursi",
+	"packages.versions": "Versijas",
+	"packages.versions.view_all": "Parādīt visas",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Versija",
+	"packages.search_in_external_registry": "Meklēt %s",
+	"packages.alpine.registry": "Iestatīt šo reģistru ar URL pievienošanu datnē <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Reģistra publiskā RSA atslēga jālejupielādē mapē <code>/etc/apk/keys/</code>, lai apliecinātu indeksa parakstu:",
+	"packages.alpine.registry.info": "No zemāk esošā saraksta jāizvēlas $branch un $repository.",
+	"packages.alpine.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
+	"packages.alpine.repository": "Glabātavas informācija",
+	"packages.alpine.repository.branches": "Zari",
+	"packages.alpine.repository.repositories": "Glabātavas",
+	"packages.alpine.repository.architectures": "Arhitektūras",
+	"packages.arch.pacman.helper.gpg": "Jāpievieno uzticēšanās sertifikāts pacman:",
+	"packages.arch.pacman.repo.multi": "%s ir tāda pati versija dažādās distribūcijās.",
+	"packages.arch.pacman.repo.multi.item": "%s konfigurācija",
+	"packages.arch.pacman.conf": "<code>/etc/pacman.conf</code> jāpievieno serveris ar atbilstošu distribūciju un arhitektūru:",
+	"packages.arch.pacman.sync": "Jāsinhronizē pakotne ar pacman:",
+	"packages.arch.version.properties": "Versijas īpašības",
+	"packages.arch.version.description": "Apraksts",
+	"packages.arch.version.provides": "Nodrošina",
+	"packages.arch.version.groups": "Kopa",
+	"packages.arch.version.depends": "Atkarības",
+	"packages.arch.version.optdepends": "Izvēles atkarības",
+	"packages.arch.version.makedepends": "Izveidot atkarības",
+	"packages.arch.version.checkdepends": "Pārbaudīt atkarības",
+	"packages.arch.version.conflicts": "Nesaderības",
+	"packages.arch.version.replaces": "Aizvieto",
+	"packages.arch.version.backup": "Rezerves kopija",
+	"packages.cargo.registry": "Iestatīt šo reģistru Cargo konfigurācijas datnē (piemēram, <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Lai uzstādītu pakotni ar Cargo, jāizpilda šī komanda:",
+	"packages.chef.registry": "Iestatīt šo reģistru datnē <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
+	"packages.composer.registry": "Iestatīt šo reģistru datnē <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "Lai uzstādīt pakotni ar Composer, jāizpilda šī komanda:",
+	"packages.composer.dependencies": "Atkarības",
+	"packages.composer.dependencies.development": "Izstrādes atkarības",
+	"packages.conan.registry": "Šis reģistra uzstādīšana komandrindā:",
+	"packages.conan.install": "Lai uzstādītu pakotni ar Conan, jāizpilda šī komanda:",
+	"packages.conda.registry": "Izveidot šo reģistru kā Conda glabātavu datnē <code>.condarc</code>:",
+	"packages.conda.install": "Lai uzstādītu pakotni ar Conda, jāizpilda šī komanda:",
+	"packages.container.images.title": "Attēli",
+	"packages.container.details.type": "Attēla veids",
+	"packages.container.details.platform": "Platforma",
+	"packages.container.pull": "Atgādāt attēlu komandrindā:",
+	"packages.container.digest": "Īssavilkums",
+	"packages.container.multi_arch": "OS / arhitektūra",
+	"packages.container.layers": "Attēla slāņi",
+	"packages.container.labels": "Iezīmes",
+	"packages.container.labels.key": "Atslēga",
+	"packages.container.labels.value": "Vērtība",
+	"packages.cran.registry": "Iestatīt šo reģistru datnē <code>Rprofile.site</code>:",
+	"packages.cran.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
+	"packages.debian.registry": "Šis reģistra uzstādīšana komandrindā:",
+	"packages.debian.registry.info": "No zemāk esošā saraksta jāizvēlas $distribution un $component.",
+	"packages.debian.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
+	"packages.debian.repository": "Glabātavas informācija",
+	"packages.debian.repository.distributions": "Distribūcijas",
+	"packages.debian.repository.components": "Komponentes",
+	"packages.debian.repository.architectures": "Arhitektūras",
+	"packages.generic.download": "Lejupielādēt pakotni, izmantojot, komandrindu:",
+	"packages.go.install": "Uzstādīt pakotni komandrindā:",
+	"packages.helm.registry": "Šī reģistra uzstādīšana komandrindā:",
+	"packages.helm.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
+	"packages.maven.registry": "Iestatīt šo reģistru sava projekta datnē <code>pom.xml</code>:",
+	"packages.maven.install": "Lai izmantotu pakotni, datnes <code>pom.xml</code> sadaļā <code>dependencies</code> jāievieto šīs rindas:",
+	"packages.maven.install2": "Jāizpilda komandrindā:",
+	"packages.maven.download": "Jāizpilda komandrindā, lai lejupielādētu šo atkarību:",
+	"packages.nuget.registry": "Šī reģistra uzstādīšana komandrindā:",
+	"packages.nuget.install": "Lai uzstādītu pakotni ar NuGet, jāizpilda šī komanda:",
+	"packages.nuget.dependency.framework": "Mērķa ietvars",
+	"packages.npm.registry": "Iestatīt šo reģistru sava projekta datnē <code>.npmrc</code>:",
+	"packages.npm.install": "Lai uzstādītu pakotni ar npm, jāizpilda šī komanda:",
+	"packages.npm.install2": "vai datnē package.json jāpievieno:",
+	"packages.npm.dependencies": "Atkarības",
+	"packages.npm.dependencies.development": "Izstrādes atkarības",
+	"packages.npm.dependencies.bundle": "Iekļautās atkarības",
+	"packages.npm.dependencies.peer": "Līdzatkarības",
+	"packages.npm.dependencies.optional": "Izvēles atkarības",
+	"packages.npm.details.tag": "Birka",
+	"packages.pypi.requires": "Nepieciešams Python",
+	"packages.pypi.install": "Lai uzstādītu pakotni ar pip, jāizpilda šī komanda:",
+	"packages.rpm.registry": "Šī reģistra uzstādīšana komandrindā:",
+	"packages.rpm.distros.redhat": "uz RedHat balstītās operētājsistēmās",
+	"packages.rpm.distros.suse": "uz SUSE balstītās operētājsistēmās",
+	"packages.rpm.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
+	"packages.rpm.repository": "Glabātavas informācija",
+	"packages.rpm.repository.architectures": "Arhitektūras",
+	"packages.rpm.repository.multiple_groups": "Šī pakotne ir pieejama vairākās kopās.",
+	"packages.alt.registry": "Šī reģistra uzstādīšana komandrindā:",
+	"packages.alt.registry.install": "Lai uzstādītu pakotni, jāizpilda šī komanda:",
+	"packages.alt.install": "Uzstādīt pakotni",
+	"packages.alt.setup": "Pievienot glabātavu savienoto glabātavu sarakstā (\"_arch_\" vietā jāizvēlas nepieciešamā arhitektūra):",
+	"packages.alt.repository": "Informācija par glabātavu",
+	"packages.alt.repository.architectures": "Arhitektūras",
+	"packages.alt.repository.multiple_groups": "Šī pakotne ir pieejama vairākās kopās.",
+	"packages.rubygems.install": "Lai uzstādītu pakotni ar gem, jāizpilda šī komanda:",
+	"packages.rubygems.install2": "vai jāpievieno tas Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Izpildlaika atkarības",
+	"packages.rubygems.dependencies.development": "Izstrādes atkarības",
+	"packages.rubygems.required.ruby": "Nepieciešamā Ruby versija",
+	"packages.rubygems.required.rubygems": "Nepieciešamā RubyGem versija",
+	"packages.swift.registry": "Šī reģistra uzstādīšana komandrindā:",
+	"packages.swift.install": "Pakotne jāpievieno datnē <code>Package.swift</code>:",
+	"packages.swift.install2": "vai jāpievieno tā Gemfile:",
+	"packages.vagrant.install": "Lai pievienotu Vagrant kasti, jāizpilda šī komanda:",
+	"packages.settings.link": "Piesaistīt šo pakotni glabātavai",
+	"packages.settings.link.description": "Ja pakotne tiek sasaistīta ar glabātavu, tā tiek attēlota glabātavas pakotņu sarakstā.",
+	"packages.settings.link.select": "Atlasīt glabātavu",
+	"packages.settings.link.button": "Atjaunināt glabātavas saiti",
+	"packages.settings.link.success": "Glabātavas saite tika sekmīgi atjaunināta.",
+	"packages.settings.link.error": "Neizdevās atjaunināt glabātavas saiti.",
+	"packages.settings.delete": "Izdzēst pakotni",
+	"packages.settings.delete.description": "Pakotne tiks neatgriezeniski izdzēsta.",
+	"packages.settings.delete.notice": "Tiks izdzēsta pakotne %s (%s). Šī darbība ir neatgriezeniska. Tiešām turpināt?",
+	"packages.settings.delete.success": "Pakotne tika izdzēsta.",
+	"packages.settings.delete.error": "Neizdevās izdzēst pakotni.",
+	"packages.owner.settings.cargo.title": "Cargo reģistra inkdess",
+	"packages.owner.settings.cargo.initialize": "Sāknēt indeksu",
+	"packages.owner.settings.cargo.initialize.description": "Ir nepieciešams īpaša indeksa Git glabātava, lai izmantotu Cargo reģistru. Šīs iespējas izmantošana (atkārtoti) izveidos glabātavu un automātiski to iestatīs.",
+	"packages.owner.settings.cargo.initialize.error": "Neizdevās sāknēt Cargo indeksu: %v",
+	"packages.owner.settings.cargo.initialize.success": "Cargo indekss tika sekmīgi izveidots.",
+	"packages.owner.settings.cargo.rebuild": "Pārbūvēt indeksu",
+	"packages.owner.settings.cargo.rebuild.description": "Pārbūvēšana var būt noderīga, ja indekss nav sinhronizēts ar saglabātajām Cargo pakotnēm.",
+	"packages.owner.settings.cargo.rebuild.error": "Neizdevās pārbūvēt Cargo indeksu: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Cargo indekss tika sekmīgi pārbūvēts.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Nevar pārbūvēt, nav sāknēts neviens indekss.",
+	"packages.owner.settings.cleanuprules.title": "Notīrīšanas kārtulas",
+	"packages.owner.settings.cleanuprules.add": "Pievienot notīrīšanas kārtulu",
+	"packages.owner.settings.cleanuprules.edit": "Labot notīrīšanas kārtulu",
+	"packages.owner.settings.cleanuprules.none": "Vēl nav pieejama neviena notīrīšanas kārtula.",
+	"packages.owner.settings.cleanuprules.preview": "Notīrīšanas kārtulas priekšskatījums",
+	"packages.owner.settings.cleanuprules.preview.overview": "Ir paredzēta %d pakotņu noņemšana.",
+	"packages.owner.settings.cleanuprules.preview.none": "Notīrīšanas kārtulai neatbilst neviena pakotne.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Pielietot paraugu visam pakotnes nosaukumam",
+	"packages.owner.settings.cleanuprules.keep.title": "Versijas, kas atbilst šīm kārtulām, tiks paturētas, pat ja tās atbildīs zemāk esošajai noņemšanas kārtulai.",
+	"packages.owner.settings.cleanuprules.keep.count": "Paturēt visjaunāko",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Paturēt versijas, kas atbilst",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Versija <code>latest</code> vienmēr tiks paturēta konteineru pakotnēm.",
+	"packages.owner.settings.cleanuprules.remove.title": "Versijas, kas atbilst šīm kārtulām, tiks noņemtas, ja vien augstāk esošā kārtula nenosaka, ka tās ir jāpatur.",
+	"packages.owner.settings.cleanuprules.remove.days": "Noņemt versijas vecākas kā",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Noņemt versijas, kas atbilst",
+	"packages.owner.settings.cleanuprules.success.update": "Notīrīšanas kārtula tika atjaunināta.",
+	"packages.owner.settings.cleanuprules.success.delete": "Notīrīšanas kārtula tika izdzēsta.",
+	"packages.owner.settings.chef.title": "Chef reģistrs",
+	"packages.owner.settings.chef.keypair": "Izveidot atslēgu pāri",
+	"packages.owner.settings.chef.keypair.description": "Pieprasījumiem, kuri tiek nosūtīti Chef reģistram, jābūt kriptogrāfiski parakstītam, kas ir autentificēšanās līdzeklis. Kad tiek izveidots atslēgu pāris, Forgejo tiek glabāta tikai publiskā atslēga. Privātā atslēga tiek sniegta, lai to izmantotu ar komandrindas rīku knife. Jauna atslēgu pāra izveidošana aizvietos iepriekšējo.",
 	"fork.n_forks": {
 		"zero": "%s atzarojumu",
 		"one": "%s atzarojums",
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 20f0f19a35..34bcad5217 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Paketen",
+	"packages.empty": "Dat gifft noch keene Paketen.",
+	"packages.empty.documentation": "För mehr Informatioonen över de Paketlist, kiek <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">de Dokumenteren</a> an.",
+	"packages.empty.repo": "Hest du een Paket upladen, aver dat word hier nich wiest? Gah to de <a href=\"%[1]s\">Paket-Instellens</a> un verbinn dat mit deesem Repo.",
+	"packages.registry.documentation": "För mehr Informatioonen över de %s-Paketlist, kiek <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">de Dokumenteren</a> an.",
+	"packages.filter.type": "Aard",
+	"packages.filter.type.all": "All",
+	"packages.filter.no_result": "Dien Filter gifft keene Resultaten.",
+	"packages.filter.container.tagged": "Markt",
+	"packages.filter.container.untagged": "Nich markt",
+	"packages.published_by": "%[1]s vun <a href=\"%[2]s\">%[3]s</a> publizeert",
+	"packages.published_by_in": "%[1]s vun <a href=\"%[2]s\">%[3]s</a> in <a href=\"%[4]s\"><strong>%[5]s</strong></a> publizeert",
+	"packages.pub.install": "Um dat Paket mit Dart to installeren, föhr deese Oorder ut:",
+	"packages.installation": "Installeren",
+	"packages.about": "Över deeses Paket",
+	"packages.requirements": "Bruukt",
+	"packages.dependencies": "Ofhangens",
+	"packages.keywords": "Slötelwoorden",
+	"packages.details": "Mehr Informatioonen",
+	"packages.details.author": "Autor",
+	"packages.details.project_site": "Projekt-Internett-Sied",
+	"packages.details.repository_site": "Repositoriums-Internett-Sied",
+	"packages.details.documentation_site": "Dokumenterens-Internett-Sied",
+	"packages.details.license": "Lizenz",
+	"packages.assets": "Objekten",
+	"packages.versions": "Versioonen",
+	"packages.versions.view_all": "All wiesen",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Versioon",
+	"packages.search_in_external_registry": "In %s söken",
+	"packages.alpine.registry": "Richt deese Paketlist in, indeem du de URL in diene <code>/etc/apk/repositories</code>-Datei inföögst:",
+	"packages.alpine.registry.key": "Laad de publiken RSA-Slötel vun de Paketlist in dat Verteeknis <code>/etc/apk/keys/</code> runner, um de Index-Unnerschrift uttowiesen:",
+	"packages.alpine.registry.info": "Köör $branch un $repository ut de List unnern ut.",
+	"packages.alpine.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
+	"packages.alpine.repository": "Repositoriums-Informatioon",
+	"packages.alpine.repository.branches": "Twiegen",
+	"packages.alpine.repository.repositories": "Repositoriums",
+	"packages.alpine.repository.architectures": "Architekturen",
+	"packages.arch.pacman.helper.gpg": "Föög dat Vertroens-Zertifikaat för Pacman hento:",
+	"packages.arch.pacman.repo.multi": "%s hett in mennig Verdeelens de sülve Versioon.",
+	"packages.arch.pacman.repo.multi.item": "Inrichten för %s",
+	"packages.arch.pacman.conf": "Föög de Server mit de verwandt Verdeelen un Architektuur to de <code>/etc/pacman.conf</code> hento:",
+	"packages.arch.pacman.sync": "Verneei dat Paket mit Pacman:",
+	"packages.arch.version.properties": "Versioon-Eegenskuppen",
+	"packages.arch.version.description": "Beschrieven",
+	"packages.arch.version.provides": "Stellt paraat",
+	"packages.arch.version.groups": "Grupp",
+	"packages.arch.version.depends": "Hangt of vun",
+	"packages.arch.version.optdepends": "Hangt nich nödig of vun",
+	"packages.arch.version.makedepends": "Bau-Ofhangens",
+	"packages.arch.version.checkdepends": "Överprüfens-Ofhangens",
+	"packages.arch.version.conflicts": "Unverdragelkheiden",
+	"packages.arch.version.replaces": "Staht liek för",
+	"packages.arch.version.backup": "Sekerheids-Kopie",
+	"packages.cargo.registry": "Richt deese Paketlist in de Cargo-Instellens-Datei in (to’n Bispööl <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Um dat Paket mit Cargo to installeren, föhr deese Oorder ut:",
+	"packages.chef.registry": "Richt deese Paketlist in diener <code>~/.chef/config.rb</code>-Datei in:",
+	"packages.chef.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
+	"packages.composer.registry": "Richt deese Paketlist in diener <code>~/.composer/config.json</code>-Datei in:",
+	"packages.composer.install": "Um dat Paket mit Composer to installeren, föhr deese Oorder ut:",
+	"packages.composer.dependencies": "Ofhangens",
+	"packages.composer.dependencies.development": "Entwicklens-Ofhangens",
+	"packages.conan.registry": "Richt deese Paketlist vun de Oorderreeg in:",
+	"packages.conan.install": "Um dat Paket mit Conan to installeren, föhr deese Oorder ut:",
+	"packages.conda.registry": "Richt deese Paketlist as een Conda-Repositorium in diener <code>~/.condarc</code>-Datei in:",
+	"packages.conda.install": "Um dat Paket mit Conda to installeren, föhr deese Oorder ut:",
+	"packages.container.images.title": "Avbillers",
+	"packages.container.details.type": "Avbill-Aard",
+	"packages.container.details.platform": "Plattfoorm",
+	"packages.container.pull": "Haal deeses Avbill vun de Oorderreeg:",
+	"packages.container.digest": "Prüüfsumm",
+	"packages.container.multi_arch": "BS / Arch",
+	"packages.container.layers": "Avbill-Schichten",
+	"packages.container.labels": "Vermarkens",
+	"packages.container.labels.key": "Slötel",
+	"packages.container.labels.value": "Weert",
+	"packages.cran.registry": "Richt deese Paketlist in diener <code>Rprofile.site</code>-Datei in:",
+	"packages.cran.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
+	"packages.debian.registry": "Richt deese Paketlist vun de Oorderreeg in:",
+	"packages.debian.registry.info": "Köör $distribution un $component ut de unnern List ut.",
+	"packages.debian.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
+	"packages.debian.repository": "Repositoriums-Informatioon",
+	"packages.debian.repository.distributions": "Verdeelens",
+	"packages.debian.repository.components": "Delen",
+	"packages.debian.repository.architectures": "Architekturen",
+	"packages.generic.download": "Laad deeses Paket vun de Oorderreeg runner:",
+	"packages.go.install": "Installeer dat Paket vun de Oorderreeg:",
+	"packages.helm.registry": "Richt deese Paketlist vun de Oorderreeg in:",
+	"packages.helm.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
+	"packages.maven.registry": "Richt deese Paketlist in diener <code>pom.xml</code>-Datei in:",
+	"packages.maven.install": "Um dat Paket to bruken, giff in de <code>dependencies</code>-Deel vun de <code>pom.xml</code>-Datei dat an:",
+	"packages.maven.install2": "Vun de Oorderreeg utföhren:",
+	"packages.maven.download": "Um de Ofhangen runnertoladen, föhr in de Oorderreeg ut:",
+	"packages.nuget.registry": "Richt deese Paketlist vun de Oorderreeg in:",
+	"packages.nuget.install": "Um dat Paket mit NuGet to installeren, föhr deese Oorder ut:",
+	"packages.nuget.dependency.framework": "Enn-Rahmwark",
+	"packages.npm.registry": "Richt deese Paketlist in de <code>.npmrc</code>-Datei vun dienem Projekt in:",
+	"packages.npm.install": "Um dat Paket mit npm to installeren, föhr deese Oorder ut:",
+	"packages.npm.install2": "of föög dat to de »package.json«-Datei hento:",
+	"packages.npm.dependencies": "Ofhangens",
+	"packages.npm.dependencies.development": "Entwicklens-Ofhangens",
+	"packages.npm.dependencies.bundle": "Mitbrocht Ofhangens",
+	"packages.npm.dependencies.peer": "Maten-Ofhangens",
+	"packages.npm.dependencies.optional": "Nich nödige Ofhangens",
+	"packages.npm.details.tag": "Mark",
+	"packages.pypi.requires": "Bruukt Python",
+	"packages.pypi.install": "Um dat Paket mit pip to installeren, föhr deese Oorder ut:",
+	"packages.rpm.registry": "Richt deese Paketlist vun de Oorderreeg in:",
+	"packages.rpm.distros.redhat": "Up Verdeelens mit RedHat as Grundlaag",
+	"packages.rpm.distros.suse": "Up Verdeelens mit SUSE as Grundlaag",
+	"packages.rpm.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
+	"packages.rpm.repository": "Repositoriums-Informatioon",
+	"packages.rpm.repository.architectures": "Architekturen",
+	"packages.rpm.repository.multiple_groups": "Deeses Paket is in mennig Gruppen verföögbaar.",
+	"packages.alt.registry": "Richt deese Paketlist vun de Oorderreeg in:",
+	"packages.alt.registry.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
+	"packages.alt.install": "Paket installeren",
+	"packages.alt.setup": "Föög een Repositorium to de List vun verbunnen Repositoriums hento (köör de nödige Architektuur in Stee vun »_arch_« ut):",
+	"packages.alt.repository": "Repositoriums-Informatioon",
+	"packages.alt.repository.architectures": "Architekturen",
+	"packages.alt.repository.multiple_groups": "Deeses Paket is in mennig Gruppen verföögbaar.",
+	"packages.rubygems.install": "Um dat Paket mit gem to installeren, föhr deese Oorder ut:",
+	"packages.rubygems.install2": "of föög dat to de »Gemfile«-Datei hento:",
+	"packages.rubygems.dependencies.runtime": "Looptied-Ofhangens",
+	"packages.rubygems.dependencies.development": "Entwicklens-Ofhangens",
+	"packages.rubygems.required.ruby": "Bruukt Ruby-Versioon",
+	"packages.rubygems.required.rubygems": "Bruukt RubyGem-Versioon",
+	"packages.swift.registry": "Richt deese Paketlist vun de Oorderreeg in:",
+	"packages.swift.install": "Föög dat Paket in diener <code>Package.swift</code>-Datei hento:",
+	"packages.swift.install2": "un föhr deese Oorder ut:",
+	"packages.vagrant.install": "Um eene Vagrant-Kist hentotofögen, föhr deese Oorder ut:",
+	"packages.settings.link": "Verbinn deeses Paket mit eenem Repositorium",
+	"packages.settings.link.description": "Wenn du een Paket mit eenem Repositorium verbinnst, word dat Paket in de Paketlist vum Repositorium wiest.",
+	"packages.settings.link.select": "Repositorium utkören",
+	"packages.settings.link.button": "Repositoriums-Verwies vernejen",
+	"packages.settings.link.success": "Repositoriums-Verwies is verneeit worden.",
+	"packages.settings.link.error": "Kunn de Repositoriums-Verwies nich vernejen.",
+	"packages.settings.delete": "Paket lösken",
+	"packages.settings.delete.description": "Een Paket to lösken is för all Tieden un kann nich torüggnohmen worden.",
+	"packages.settings.delete.notice": "Du willst %s (%s) lösken. Dat kann nich torüggnohmen worden, willst du dat würrelk?",
+	"packages.settings.delete.success": "Dat Paket is lösket worden.",
+	"packages.settings.delete.error": "Kunn dat Paket nich lösken.",
+	"packages.owner.settings.cargo.title": "Cargo-Paketlist-Index",
+	"packages.owner.settings.cargo.initialize": "Index inrichten",
+	"packages.owner.settings.cargo.initialize.description": "Een besünners Index-Git-Repositorium is nödig, um de Cargo-Paketlist to bruken. Deese Instellen word dat Repositorium (neei) maken un automatisk inrichten.",
+	"packages.owner.settings.cargo.initialize.error": "Kunn Cargo-Index nich inrichten: %v",
+	"packages.owner.settings.cargo.initialize.success": "De Cargo-Index is inricht worden.",
+	"packages.owner.settings.cargo.rebuild": "Index neei bauen",
+	"packages.owner.settings.cargo.rebuild.description": "Neeibauen kann nüttelk wesen, wenn de Index nich to de lagert Cargo-Paketen passt.",
+	"packages.owner.settings.cargo.rebuild.error": "Kunn Cargo-Index nich neei bauen: %v",
+	"packages.owner.settings.cargo.rebuild.success": "De Cargo-Index is neei baut worden.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Kann nich neei bauen, keen Index is inricht.",
+	"packages.owner.settings.cleanuprules.title": "Schoonmakens-Örders",
+	"packages.owner.settings.cleanuprules.add": "Schoonmakens-Örder hentofögen",
+	"packages.owner.settings.cleanuprules.edit": "Schoonmakens-Örder bewarken",
+	"packages.owner.settings.cleanuprules.none": "Dat gifft noch keene Schoonmakens-Örders.",
+	"packages.owner.settings.cleanuprules.preview": "Schoonmakens-Örder-Utkiek",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d Paketen sünd tum Lösken vörmarkt.",
+	"packages.owner.settings.cleanuprules.preview.none": "Schoonmakens-Örder passt up keene Paketen.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Muster up de kumplete Paketnaam anwennen",
+	"packages.owner.settings.cleanuprules.keep.title": "Versioonen, wat up deese Örders passen, worden behollt, ok wenn se up eene Löskens-Örder unnern passen.",
+	"packages.owner.settings.cleanuprules.keep.count": "De neeiste behollen",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Versioonen behollen, wat passen",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "De <code>latest</code>-Versioon word för Behälter-Paketen alltieden behollen.",
+	"packages.owner.settings.cleanuprules.remove.title": "Versioonen, wat up deese Örders passen, worden lösket, wenn dat keene Örder boven gifft, wat seggt, dat se behollt worden mutten.",
+	"packages.owner.settings.cleanuprules.remove.days": "Versioonen oller as dat lösken",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Versioonen lösken, wat passen",
+	"packages.owner.settings.cleanuprules.success.update": "Schoonmakens-Örder is verneeit worden.",
+	"packages.owner.settings.cleanuprules.success.delete": "Schoonmakens-Örder is wegdaan worden.",
+	"packages.owner.settings.chef.title": "Chef-Paketlist",
+	"packages.owner.settings.chef.keypair": "Slötelpaar maken",
+	"packages.owner.settings.chef.keypair.description": "Anfragen, wat to de Chef-Paketlist schickt worden, mutten tum Utwiesen kryptographisk unnerschreven worden. Wenn du een Slötelpaar maakst, word blots de publike Slötel up Forgejo verwahrt. De privaate Slötel word di tum Bruken mit knife geven. Wenn du een nejes Slötelpaar maakst, word dat olle överschrieven.",
 	"fork.n_forks": {
 		"one": "%s Gabel",
 		"other": "%s Gabels"
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index 2bd292a04d..b49a444030 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Pakketten",
+	"packages.empty": "Er zijn nog geen pakketten.",
+	"packages.empty.documentation": "Voor meer informatie over het pakketregister, zie <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">de documentatie</a>.",
+	"packages.empty.repo": "Did you upload a package, but it's not shown here? Ga naar <a href=\"%[1]s\">pakketinstellingen</a> en link het naar deze repo.",
+	"packages.registry.documentation": "Zie <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">de documentatie</a> voor meer informatie over de %s register.",
+	"packages.filter.type": "Type",
+	"packages.filter.type.all": "Alle",
+	"packages.filter.no_result": "Je filter heeft geen resultaten opgeleverd.",
+	"packages.filter.container.tagged": "Getagd",
+	"packages.filter.container.untagged": "Ongetagd",
+	"packages.published_by": "Gepubliceerd %[1]s door <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Gepubliceerd %[1]s door <a href=\"%[2]s\">%[3]s</a> in <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Voer het volgende commando uit om het pakket met Dart te installeren:",
+	"packages.installation": "Installatie",
+	"packages.about": "Over dit pakket",
+	"packages.requirements": "Vereisten",
+	"packages.dependencies": "Afhankelijkheden",
+	"packages.keywords": "Trefwoorden",
+	"packages.details": "Details",
+	"packages.details.author": "Auteur",
+	"packages.details.project_site": "Projectwebsite",
+	"packages.details.repository_site": "Repository website",
+	"packages.details.documentation_site": "Documentatie website",
+	"packages.details.license": "Licentie",
+	"packages.assets": "Bezittingen",
+	"packages.versions": "Versies",
+	"packages.versions.view_all": "Alles weergeven",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Versie",
+	"packages.search_in_external_registry": "Zoeken in %s",
+	"packages.alpine.registry": "Stel dit register in door de url toe te voegen aan je <code>/etc/apk/repositories</code> bestand:",
+	"packages.alpine.registry.key": "Download de openbare RSA-sleutel van het register in de map <code>/etc/apk/keys/</code> om de indexhandtekening te verifiëren:",
+	"packages.alpine.registry.info": "Kies $branch en $repository uit de onderstaande lijst.",
+	"packages.alpine.install": "Voer het volgende commando uit om het pakket te installeren:",
+	"packages.alpine.repository": "Repository informatie",
+	"packages.alpine.repository.branches": "Branches",
+	"packages.alpine.repository.repositories": "Repositories",
+	"packages.alpine.repository.architectures": "Architecturen",
+	"packages.arch.pacman.helper.gpg": "Vertrouwenscertificaat toevoegen voor pacman:",
+	"packages.arch.pacman.repo.multi": "%s heeft dezelfde versie in verschillende distributies.",
+	"packages.arch.pacman.repo.multi.item": "Configuratie voor %s",
+	"packages.arch.pacman.conf": "Voeg server met gerelateerde distributie en architectuur toe aan <code>/etc/pacman.conf</code> :",
+	"packages.arch.pacman.sync": "Synchroniseer pakket met pacman:",
+	"packages.arch.version.properties": "Versie-eigenschappen",
+	"packages.arch.version.description": "Beschrijving",
+	"packages.arch.version.provides": "Biedt",
+	"packages.arch.version.groups": "Groep",
+	"packages.arch.version.depends": "Afhankelijk van",
+	"packages.arch.version.optdepends": "Optioneel is afhankelijk van",
+	"packages.arch.version.makedepends": "Maken is afhankelijk van",
+	"packages.arch.version.checkdepends": "Controleer is afhankelijk van",
+	"packages.arch.version.conflicts": "Conflicten",
+	"packages.arch.version.replaces": "Vervangt",
+	"packages.arch.version.backup": "Back-up",
+	"packages.cargo.registry": "Stel dit register in het Cargo configuratiebestand in (bijvoorbeeld <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Voer de volgende opdracht uit om het pakket met Cargo te installeren:",
+	"packages.chef.registry": "Stel dit register in je <code>~/.chef/config.rb</code> bestand:",
+	"packages.chef.install": "Voer het volgende commando uit om het pakket te installeren:",
+	"packages.composer.registry": "Stel dit register in je <code>~/.composer/config.json</code> bestand:",
+	"packages.composer.install": "Voer de volgende opdracht uit om het pakket met Composer te installeren:",
+	"packages.composer.dependencies": "Afhankelijkheden",
+	"packages.composer.dependencies.development": "Ontwikkelings afhankelijkheden",
+	"packages.conan.registry": "Stel dit register in vanaf de terminal:",
+	"packages.conan.install": "Voer het volgende commando uit om het pakket met Conan te installeren:",
+	"packages.conda.registry": "Stel dit register in als een Conda repository in je <code>.condarc</code> bestand:",
+	"packages.conda.install": "Voer het volgende commando uit om het pakket met Conda te installeren:",
+	"packages.container.images.title": "Afbeeldingen",
+	"packages.container.details.type": "Afbeelding type",
+	"packages.container.details.platform": "Platform",
+	"packages.container.pull": "Haal de afbeelding op vanaf de terminal:",
+	"packages.container.digest": "Digest",
+	"packages.container.multi_arch": "Besturingssysteem / Arch",
+	"packages.container.layers": "Afbeelding lagen",
+	"packages.container.labels": "Labels",
+	"packages.container.labels.key": "Sleutel",
+	"packages.container.labels.value": "Waarde",
+	"packages.cran.registry": "Stel dit register in je <code>Rprofile.site</code> bestand:",
+	"packages.cran.install": "Voer het volgende commando uit om het pakket te installeren:",
+	"packages.debian.registry": "Stel dit register in vanaf de terminal:",
+	"packages.debian.registry.info": "Kies $distribution en $component uit de onderstaande lijst.",
+	"packages.debian.install": "Voer het volgende commando uit om het pakket te installeren:",
+	"packages.debian.repository": "Repository informatie",
+	"packages.debian.repository.distributions": "Distributies",
+	"packages.debian.repository.components": "Componenten",
+	"packages.debian.repository.architectures": "Architecturen",
+	"packages.generic.download": "Pakket downloaden vanaf de terminal:",
+	"packages.go.install": "Installeer het pakket vanaf de terminal:",
+	"packages.helm.registry": "Stel dit register in vanaf de terminal:",
+	"packages.helm.install": "Voer het volgende commando uit om het pakket te installeren:",
+	"packages.maven.registry": "Stel dit register in het <code>pom.xml</code> bestand van je project:",
+	"packages.maven.install": "Om het pakket te gebruiken, voeg het volgende toe aan het <code>dependencies</code> blok in het <code>pom.xml</code> bestand:",
+	"packages.maven.install2": "Uitvoeren via opdrachtregel:",
+	"packages.maven.download": "Voer de opdrachtregel uit om de dependencies te downloaden:",
+	"packages.nuget.registry": "Stel dit register in vanaf de terminal:",
+	"packages.nuget.install": "Voer het volgende commando uit om het pakket met NuGet te installeren:",
+	"packages.nuget.dependency.framework": "Target Framework",
+	"packages.npm.registry": "Stel dit register in het <code>.npmrc</code> bestand van je project:",
+	"packages.npm.install": "Voer het volgende commando uit om het pakket met npm te installeren:",
+	"packages.npm.install2": "of voeg het toe aan het package.json bestand:",
+	"packages.npm.dependencies": "Afhankelijkheden",
+	"packages.npm.dependencies.development": "Ontwikkelings afhankelijkheden",
+	"packages.npm.dependencies.bundle": "Gebundelde dependencies",
+	"packages.npm.dependencies.peer": "Peer afhankelijkheden",
+	"packages.npm.dependencies.optional": "Optionele afhankelijkheden",
+	"packages.npm.details.tag": "Label",
+	"packages.pypi.requires": "Python vereist",
+	"packages.pypi.install": "Voer het volgende commando uit om het pakket met pip te installeren:",
+	"packages.rpm.registry": "Stel dit register in vanaf de terminal:",
+	"packages.rpm.distros.redhat": "op distributies gebaseerd op RedHat",
+	"packages.rpm.distros.suse": "op SUSE gebaseerde distributies",
+	"packages.rpm.install": "Voer het volgende commando uit om het pakket te installeren:",
+	"packages.rpm.repository": "Repository informatie",
+	"packages.rpm.repository.architectures": "Architecturen",
+	"packages.rpm.repository.multiple_groups": "Dit pakket is beschikbaar in meerdere groepen.",
+	"packages.alt.registry": "Stel dit register in vanaf de opdrachtregel:",
+	"packages.alt.registry.install": "Voer het volgende commando uit om het pakket te installeren:",
+	"packages.alt.install": "Pakket installeren",
+	"packages.alt.setup": "Voeg een repository toe aan de lijst met gekoppelde repositories (kies de benodigde architectuur in plaats van \"_arch_\"):",
+	"packages.alt.repository": "Repository info",
+	"packages.alt.repository.architectures": "Architecturen",
+	"packages.alt.repository.multiple_groups": "Dit pakket is beschikbaar in meerdere groepen.",
+	"packages.rubygems.install": "Voer het volgende commando uit om het pakket met gem te installeren:",
+	"packages.rubygems.install2": "of voeg het toe aan het Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Runtime dependencies",
+	"packages.rubygems.dependencies.development": "Ontwikkelings dependencies",
+	"packages.rubygems.required.ruby": "Vereist Ruby versie",
+	"packages.rubygems.required.rubygems": "Vereist RubyGem versie",
+	"packages.swift.registry": "Stel dit register in vanaf de terminal:",
+	"packages.swift.install": "Voeg het pakket toe in je <code>Package.swift</code> bestand:",
+	"packages.swift.install2": "en voer het volgende commando uit:",
+	"packages.vagrant.install": "Om een Vagrant box toe te voegen, voer je het volgende commando uit:",
+	"packages.settings.link": "Koppel dit pakket aan een repository",
+	"packages.settings.link.description": "Als je een pakket koppelt aan een repository, dan wordt het pakket weergegeven in de pakketlijst van de repository.",
+	"packages.settings.link.select": "Repository selecteren",
+	"packages.settings.link.button": "Repository link bijwerken",
+	"packages.settings.link.success": "De koppeling naar de repository is bijgewerkt.",
+	"packages.settings.link.error": "Het is niet gelukt om de koppeling naar de repository bij te werken.",
+	"packages.settings.delete": "Pakket verwijderen",
+	"packages.settings.delete.description": "Het verwijderen van een pakket is permanent en kan niet ongedaan worden gemaakt.",
+	"packages.settings.delete.notice": "U staat op het punt om %s (%s) te verwijderen. Deze bewerking is onomkeerbaar, weet u het zeker?",
+	"packages.settings.delete.success": "Het pakket is verwijderd.",
+	"packages.settings.delete.error": "Het verwijderen van het pakket is mislukt.",
+	"packages.owner.settings.cargo.title": "Cargo register index",
+	"packages.owner.settings.cargo.initialize": "Index initialiseren",
+	"packages.owner.settings.cargo.initialize.description": "Een speciale index Git repository is nodig om het Cargo register te gebruiken. Door deze optie te gebruiken wordt de repository (opnieuw) aangemaakt en automatisch geconfigureerd.",
+	"packages.owner.settings.cargo.initialize.error": "Cargo index is niet geïnitialiseerd: %v",
+	"packages.owner.settings.cargo.initialize.success": "De Cargo index is met succes aangemaakt.",
+	"packages.owner.settings.cargo.rebuild": "Index herbouwen",
+	"packages.owner.settings.cargo.rebuild.description": "Heropbouwen kan nuttig zijn als de index niet is gesynchroniseerd met de opgeslagen Cargo pakketten.",
+	"packages.owner.settings.cargo.rebuild.error": "Mislukt om Cargo index te herbouwen: %v",
+	"packages.owner.settings.cargo.rebuild.success": "De Cargo index is met succes opnieuw opgebouwd.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Kan niet herbouwen, er is geen index geïnitialiseerd.",
+	"packages.owner.settings.cleanuprules.title": "Opschoonregels",
+	"packages.owner.settings.cleanuprules.add": "Regel voor opschonen toevoegen",
+	"packages.owner.settings.cleanuprules.edit": "Regel voor opschonen bewerken",
+	"packages.owner.settings.cleanuprules.none": "Er zijn nog geen opruimregels.",
+	"packages.owner.settings.cleanuprules.preview": "Voorbeeld opruimregel",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d pakketten zijn gepland om verwijderd te worden.",
+	"packages.owner.settings.cleanuprules.preview.none": "Opschoonregel komt niet overeen met pakketten.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Patroon toepassen op volledige pakketnaam",
+	"packages.owner.settings.cleanuprules.keep.title": "Versies die overeenkomen met deze regels worden bewaard, zelfs als ze overeenkomen met een verwijderingsregel hieronder.",
+	"packages.owner.settings.cleanuprules.keep.count": "Bewaar de meest recente",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Behoud versies die overeenkomen met",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "De <code>laatste</code> versie wordt altijd bewaard voor Container pakketten.",
+	"packages.owner.settings.cleanuprules.remove.title": "Versies die overeenkomen met deze regels worden verwijderd, tenzij een regel hierboven zegt dat ze bewaard moeten worden.",
+	"packages.owner.settings.cleanuprules.remove.days": "Verwijder versies ouder dan",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Verwijder versies die overeenkomen met",
+	"packages.owner.settings.cleanuprules.success.update": "Opruimregel is bijgewerkt.",
+	"packages.owner.settings.cleanuprules.success.delete": "Opruimregel is verwijderd.",
+	"packages.owner.settings.chef.title": "Chef register",
+	"packages.owner.settings.chef.keypair": "Genereer sleutelpaar",
+	"packages.owner.settings.chef.keypair.description": "Verzoeken die naar het Chef-register worden gestuurd, moeten cryptografisch worden ondertekend als authenticatiemiddel. Bij het genereren van een sleutelpaar wordt alleen de publieke sleutel opgeslagen in Forgejo. De privésleutel wordt aan u verstrekt voor gebruik met knife. Het genereren van een nieuw sleutelpaar overschrijft de vorige.",
 	"fork.n_forks": {
 		"one": "%s fork",
 		"other": "%s forks"
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index 2335ec76c9..1172d42911 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Pakiety",
+	"packages.empty": "Nie ma jeszcze żadnych pakietów.",
+	"packages.empty.documentation": "Więcej informacji o rejestrze przekietów znajdziesz w <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentacji</a>.",
+	"packages.empty.repo": "Czy wgrałeś pakiet, ale nie jest tutaj wyświetlany? Odwiedź <a href=\"%[1]s\">ustawienia pakietów</a> i powiąż go z tym repozytorium.",
+	"packages.registry.documentation": "Więcej informacji o rejestrze %s znajdziesz w <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentacji</a>.",
+	"packages.filter.type": "Typ",
+	"packages.filter.type.all": "Wszystko",
+	"packages.filter.no_result": "Twój filtr nie dał żadnych wyników.",
+	"packages.filter.container.tagged": "Oznaczone",
+	"packages.filter.container.untagged": "Nieoznaczone",
+	"packages.published_by": "Opublikowano %[1]s przez <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Opublikowano %[1]s przez <a href=\"%[2]s\">%[3]s</a> w <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "By zainstalować ten pakiet przy użyciu Dart, wykonaj następujące polecenie:",
+	"packages.installation": "Instalacja",
+	"packages.about": "O tym pakiecie",
+	"packages.requirements": "Wymagania",
+	"packages.dependencies": "Zależności",
+	"packages.keywords": "Słowa kluczowe",
+	"packages.details": "Szczegóły",
+	"packages.details.author": "Autor",
+	"packages.details.project_site": "Strona projektu",
+	"packages.details.repository_site": "Strona repozytorium",
+	"packages.details.documentation_site": "Strona dokumentacji",
+	"packages.details.license": "Licencja",
+	"packages.assets": "Zasoby",
+	"packages.versions": "Wersje",
+	"packages.versions.view_all": "Pokaż wszystkie",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Wersja",
+	"packages.search_in_external_registry": "Szukaj w %s",
+	"packages.alpine.registry": "Skonfiguruj ten rejestr dodając url do twojego pliku <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Pobierz klucz publiczny RSA rejestru do folderu <code>/etc/apk/keys/</code> by zweryfikować podpis indeksu:",
+	"packages.alpine.registry.info": "Wybierz $branch i $repository z listy poniżej.",
+	"packages.alpine.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
+	"packages.alpine.repository": "Informacje o repozytorium",
+	"packages.alpine.repository.branches": "Gałęzie",
+	"packages.alpine.repository.repositories": "Repozytoria",
+	"packages.alpine.repository.architectures": "Architektury",
+	"packages.arch.pacman.helper.gpg": "Dodaj certyfikat zaufania do pacmana:",
+	"packages.arch.pacman.repo.multi": "%s ma tę samą wersję co w innych dystrybucjach.",
+	"packages.arch.pacman.repo.multi.item": "Konfiguracja dla %s",
+	"packages.arch.pacman.conf": "Dodaj serwer z powiązaną dystrybucją i architekturą do <code>/etc/pacman.conf</code> :",
+	"packages.arch.pacman.sync": "Synchronizuj pakiet przy użyciu pacman:",
+	"packages.arch.version.properties": "Własności wersji",
+	"packages.arch.version.description": "Opis",
+	"packages.arch.version.provides": "Zapewnia",
+	"packages.arch.version.groups": "Grupa",
+	"packages.arch.version.depends": "Zależności",
+	"packages.arch.version.optdepends": "Opcjonalne zależności",
+	"packages.arch.version.makedepends": "Zależności budowy",
+	"packages.arch.version.checkdepends": "Zależności weryfikacji",
+	"packages.arch.version.conflicts": "Konflikty",
+	"packages.arch.version.replaces": "Zamienia",
+	"packages.arch.version.backup": "Kopia zapasowa",
+	"packages.cargo.registry": "Skonfiguruj ten rejestr w pliku konfiguracyjnym Cargo (na przykład <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "By zainstalować ten pakiet przy użyciu Cargo, wykonaj następujące polecenie:",
+	"packages.chef.registry": "Skonfiguruj ten rejestr w twoim pliku <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
+	"packages.composer.registry": "Skonfiguruj ten rejestr w twoim pliku <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "By zainstalować ten pakiet przy użyciu Composer, wykonaj następujące polecenie:",
+	"packages.composer.dependencies": "Zależności",
+	"packages.composer.dependencies.development": "Zależności programistyczne",
+	"packages.conan.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
+	"packages.conan.install": "By zainstalować ten pakiet przy użyciu Conan, wykonaj następujące polecenie:",
+	"packages.conda.registry": "Skonfiguruj ten rejestr jako repozytorium Conda w twoim pliku <code>.condarc</code>:",
+	"packages.conda.install": "By zainstalować ten pakiet przy użyciu Conda, wykonaj następujące polecenie:",
+	"packages.container.images.title": "Obrazy",
+	"packages.container.details.type": "Rodzaj obrazu",
+	"packages.container.details.platform": "Platforma",
+	"packages.container.pull": "Pobierz obraz z wiersza poleceń:",
+	"packages.container.digest": "Digest",
+	"packages.container.multi_arch": "OS / Architektura",
+	"packages.container.layers": "Warstwy obrazu",
+	"packages.container.labels": "Etykiety",
+	"packages.container.labels.key": "Klucz",
+	"packages.container.labels.value": "Wartość",
+	"packages.cran.registry": "Skonfiguruj ten rejestr w twoim pliku <code>Rprofile.site</code>:",
+	"packages.cran.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
+	"packages.debian.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
+	"packages.debian.registry.info": "Wybierz $distribution i $component z listy poniżej.",
+	"packages.debian.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
+	"packages.debian.repository": "Informacje o repozytorium",
+	"packages.debian.repository.distributions": "Dystrybucje",
+	"packages.debian.repository.components": "Komponenty",
+	"packages.debian.repository.architectures": "Architektury",
+	"packages.generic.download": "Pobierz pakiet z wiersza poleceń:",
+	"packages.go.install": "Zainstaluj pakiet z wiersza poleceń:",
+	"packages.helm.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
+	"packages.helm.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
+	"packages.maven.registry": "Skonfiguruj ten rejestr w twoim pliku projektu <code>pom.xml</code>:",
+	"packages.maven.install": "By użyć tego pakietu dołącz następującą treść w bloku <code>dependencies</code> w pliku <code>pom.xml</code>:",
+	"packages.maven.install2": "Uruchom z wiersza poleceń:",
+	"packages.maven.download": "By pobrać zależność, wykonaj w wierszu poleceń:",
+	"packages.nuget.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
+	"packages.nuget.install": "By zainstalować ten pakiet przy użyciu NuGet, wykonaj następujące polecenie:",
+	"packages.nuget.dependency.framework": "Framework Docelowy",
+	"packages.npm.registry": "Skonfiguruj ten rejestr w pliku projektu <code>.npmrc</code>:",
+	"packages.npm.install": "By zainstalować ten pakiet przy użyciu npm, wykonaj następujące polecenie:",
+	"packages.npm.install2": "lub dodaj to do pliku package.json:",
+	"packages.npm.dependencies": "Zależności",
+	"packages.npm.dependencies.development": "Zależności programistyczne",
+	"packages.npm.dependencies.bundle": "Dołączone zależności",
+	"packages.npm.dependencies.peer": "Zależności rówieśnicze",
+	"packages.npm.dependencies.optional": "Zależności opcjonalne",
+	"packages.npm.details.tag": "Znacznik",
+	"packages.pypi.requires": "Wymagany Python",
+	"packages.pypi.install": "By zainstalować ten pakiet przy użyciu pip, wykonaj następujące polecenie:",
+	"packages.rpm.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
+	"packages.rpm.distros.redhat": "na dystrybucjach opartych o RedHat",
+	"packages.rpm.distros.suse": "na dystrybucjach opartych o SUSE",
+	"packages.rpm.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
+	"packages.rpm.repository": "Informacje o repozytorium",
+	"packages.rpm.repository.architectures": "Architektury",
+	"packages.rpm.repository.multiple_groups": "Ten pakiet jest dostępny w wielu grupach.",
+	"packages.alt.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
+	"packages.alt.registry.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
+	"packages.alt.install": "Zainstaluj pakiet",
+	"packages.alt.setup": "Dodaj repozytorium do listy połączonych repozytoriów (wybierz wymaganą architekturę zamiast '_arch_'):",
+	"packages.alt.repository": "Informacje o repozytorium",
+	"packages.alt.repository.architectures": "Architektury",
+	"packages.alt.repository.multiple_groups": "Ten pakiet jest dostępny w wielu grupach.",
+	"packages.rubygems.install": "By zainstalować ten pakiet przy użyciu gem, wykonaj następujące polecenie:",
+	"packages.rubygems.install2": "lub dodaj to do Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Zależności czasu wykonywania",
+	"packages.rubygems.dependencies.development": "Zależności programistyczne",
+	"packages.rubygems.required.ruby": "Wymaga wersji Ruby",
+	"packages.rubygems.required.rubygems": "Wymaga wersji RubyGem",
+	"packages.swift.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
+	"packages.swift.install": "Dodaj ten packiet do twojego pliku <code>Package.swift</code>:",
+	"packages.swift.install2": "i wykonaj następujące polecenie:",
+	"packages.vagrant.install": "By dodać box Vagrant, wykonaj następujące polecenie:",
+	"packages.settings.link": "Połącz ten pakiet z repozytorium",
+	"packages.settings.link.description": "Jeżeli połączych pakiet z repozytorium, pakiet ten będzie widoczny na liście pakietów danego repozytorium.",
+	"packages.settings.link.select": "Wybierz Repozytorium",
+	"packages.settings.link.button": "Zaktualizuj Połączone Repozytorium",
+	"packages.settings.link.success": "Połączone repozytorium zostało zaktualizowane pomyślnie.",
+	"packages.settings.link.error": "Nie udało się zaktualizować połączonego repozytorium.",
+	"packages.settings.delete": "Usuń pakiet",
+	"packages.settings.delete.description": "Usunięcie pakietu jest operacją permanentną i nie może zostać cofnięte.",
+	"packages.settings.delete.notice": "Za moment usuniesz %s (%s). Ta operacja jest nieodwracalna, jesteś pewien(-na)?",
+	"packages.settings.delete.success": "Pakiet został usunięty.",
+	"packages.settings.delete.error": "Nie udało się usunąć pakietu.",
+	"packages.owner.settings.cargo.title": "Indeks rejestru Cargo",
+	"packages.owner.settings.cargo.initialize": "Zainicjuj indeks",
+	"packages.owner.settings.cargo.initialize.description": "Specjalny indeks repozytorium Git jest potrzebny by użyć rejestru Cargo. Wybranie tej opcji utworzy/odtworzy repozytorium i skonfiguruje jest automatycznie.",
+	"packages.owner.settings.cargo.initialize.error": "Nie udało się zainicjować indeksu Cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "Indeks Cargo został utworzony pomyślnie.",
+	"packages.owner.settings.cargo.rebuild": "Odbuduj indeks",
+	"packages.owner.settings.cargo.rebuild.description": "Odbudowanie może być przydatne gdy indeks nie jest synchronizowany z zapisanymi pakietami Cargo.",
+	"packages.owner.settings.cargo.rebuild.error": "Nie udało się odbudować indeksu Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Indeks Cargo został odbudowany pomyślnie.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Nie można odbudować, żaden indeks nie jest zainicjowany.",
+	"packages.owner.settings.cleanuprules.title": "Reguły czyszczenia",
+	"packages.owner.settings.cleanuprules.add": "Dodaj regułę czyszczenia",
+	"packages.owner.settings.cleanuprules.edit": "Edytuj regułę czyszczenia",
+	"packages.owner.settings.cleanuprules.none": "Nie ma jeszcze żadnych reguł czyszczenia.",
+	"packages.owner.settings.cleanuprules.preview": "Podgląd reguły czyszczenia",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d pakietów jest zaplanowanych do usunięcia.",
+	"packages.owner.settings.cleanuprules.preview.none": "Reguła czyszczenia nie pasuje do żadnego pakietu.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Zastosuj wzór do pełnej nazwy pakietu",
+	"packages.owner.settings.cleanuprules.keep.title": "Wersje które pasują do tych reguł są pozostawiane, nawet jeżeli pasują do reguły usunięcia niżej.",
+	"packages.owner.settings.cleanuprules.keep.count": "Pozostaw ostatnie",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Pozostaw pasujące wersje",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Wersja <code>latest</code> jest zawsze pozostawiana dla pakietów kontenerów.",
+	"packages.owner.settings.cleanuprules.remove.title": "Wersje które nie pasują do tych reguł zostaną usunięte, chyba, że reguła wcześniej każe jest pozostawić.",
+	"packages.owner.settings.cleanuprules.remove.days": "Usuń wersje starsze niż",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Usuń wersje pasujące",
+	"packages.owner.settings.cleanuprules.success.update": "Reguła czyszczenia została zaktualizowana.",
+	"packages.owner.settings.cleanuprules.success.delete": "Reguła czyszczenia została usunięta.",
+	"packages.owner.settings.chef.title": "Rejestr Chef",
+	"packages.owner.settings.chef.keypair": "Wygeneruj parę kluczy",
+	"packages.owner.settings.chef.keypair.description": "Para kluczy jest konieczna do uwierzytelnienia do rejestru Chef. Jeżeli wygenerowałeś(-aś) parę kluczy wcześniej, generowanie nowej pary kluczy porzuci starą parę kluczy.",
 	"fork.n_forks": {
 		"one": "%s fork",
 		"few": "%s forki",
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index 84a3b183b8..1c771f5194 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Pacotes",
+	"packages.empty": "Não há pacotes ainda.",
+	"packages.empty.documentation": "Para obter mais informações sobre o registro de pacotes, consulte <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">a documentação</a>.",
+	"packages.empty.repo": "Você enviou um pacote, mas ele não está aqui? Vá para <a href=\"%[1]s\">configurações do pacote</a> e vincule-o a este repositório.",
+	"packages.registry.documentation": "Para mais informações sobre o registro %s, veja <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">a documentação</a>.",
+	"packages.filter.type": "Tipo",
+	"packages.filter.type.all": "Todos",
+	"packages.filter.no_result": "Seu filtro não produziu resultados.",
+	"packages.filter.container.tagged": "Marcado",
+	"packages.filter.container.untagged": "Desmarcado",
+	"packages.published_by": "Publicado %[1]s por <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Publicado %[1]s por <a href=\"%[2]s\">%[3]s</a> em <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Para instalar o pacote usando Dart, execute o seguinte comando:",
+	"packages.installation": "Instalação",
+	"packages.about": "Sobre este pacote",
+	"packages.requirements": "Requisitos",
+	"packages.dependencies": "Dependências",
+	"packages.keywords": "Palavras-chave",
+	"packages.details": "Detalhes",
+	"packages.details.author": "Autor",
+	"packages.details.project_site": "Site do projeto",
+	"packages.details.repository_site": "Site do repositório",
+	"packages.details.documentation_site": "Site da documentação",
+	"packages.details.license": "Licença",
+	"packages.assets": "Recursos",
+	"packages.versions": "Versões",
+	"packages.versions.view_all": "Ver todas",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Versão",
+	"packages.search_in_external_registry": "Buscar em %s",
+	"packages.alpine.registry": "Configure este registro adicionando o URL no arquivo <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Baixe a chave RSA pública do registro para a pasta <code>/etc/apk/keys/</code> para verificar a assinatura do índice:",
+	"packages.alpine.registry.info": "Escolha o $branch e $repository da lista abaixo.",
+	"packages.alpine.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.alpine.repository": "Informações do repositório",
+	"packages.alpine.repository.branches": "Branches",
+	"packages.alpine.repository.repositories": "Repositórios",
+	"packages.alpine.repository.architectures": "Arquiteturas",
+	"packages.arch.pacman.helper.gpg": "Adicionar certificado de confiança para o pacman:",
+	"packages.arch.pacman.repo.multi": "%s possui a mesma versão em distribuições diferentes.",
+	"packages.arch.pacman.repo.multi.item": "Configuração para %s",
+	"packages.arch.pacman.conf": "Adicione o servidor com a distribuição e arquitetura no arquivo <code>/etc/pacman.conf</code> :",
+	"packages.arch.pacman.sync": "Sincronizar pacote com o pacman:",
+	"packages.arch.version.properties": "Propriedades da versão",
+	"packages.arch.version.description": "Descrição",
+	"packages.arch.version.provides": "Fornece",
+	"packages.arch.version.groups": "Grupo",
+	"packages.arch.version.depends": "Depende",
+	"packages.arch.version.optdepends": "Depende opcionalmente",
+	"packages.arch.version.makedepends": "Dependências do make",
+	"packages.arch.version.checkdepends": "Verificar dependências",
+	"packages.arch.version.conflicts": "Conflitos",
+	"packages.arch.version.replaces": "Substitui",
+	"packages.arch.version.backup": "Cópia de Segurança",
+	"packages.cargo.registry": "Configurar este registro no arquivo de configuração de Cargo (por exemplo <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Para instalar o pacote usando Cargo, execute o seguinte comando:",
+	"packages.chef.registry": "Configure este registro em seu arquivo <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.composer.registry": "Configure este registro em seu arquivo <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "Para instalar o pacote usando o Composer, execute o seguinte comando:",
+	"packages.composer.dependencies": "Dependências",
+	"packages.composer.dependencies.development": "Dependências de desenvolvimento",
+	"packages.conan.registry": "Configure este registro pela linha de comando:",
+	"packages.conan.install": "Para instalar o pacote usando o Conan, execute o seguinte comando:",
+	"packages.conda.registry": "Configure este registro como um repositório Conda no arquivo <code>.condarc</code>:",
+	"packages.conda.install": "Para instalar o pacote usando o Conda, execute o seguinte comando:",
+	"packages.container.images.title": "Imagens",
+	"packages.container.details.type": "Tipo de imagem",
+	"packages.container.details.platform": "Plataforma",
+	"packages.container.pull": "Puxe a imagem pela linha de comando:",
+	"packages.container.digest": "Digest",
+	"packages.container.multi_arch": "S.O. / Arquitetura",
+	"packages.container.layers": "Camadas da imagem",
+	"packages.container.labels": "Rótulos",
+	"packages.container.labels.key": "Chave",
+	"packages.container.labels.value": "Valor",
+	"packages.cran.registry": "Configure este registro no arquivo <code>Rprofile.site</code>:",
+	"packages.cran.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.debian.registry": "Configure este registro pela linha de comando:",
+	"packages.debian.registry.info": "Escolha uma $distribution e um $component da lista abaixo:",
+	"packages.debian.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.debian.repository": "Informações do repositório",
+	"packages.debian.repository.distributions": "Distribuições",
+	"packages.debian.repository.components": "Componentes",
+	"packages.debian.repository.architectures": "Arquiteturas",
+	"packages.generic.download": "Baixar pacote pela linha de comando:",
+	"packages.go.install": "Instale o pacote usando o comando:",
+	"packages.helm.registry": "Configurar este registro pela linha de comando:",
+	"packages.helm.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.maven.registry": "Configure este registro no arquivo <code>pom.xml</code> do seu projeto:",
+	"packages.maven.install": "Para usar o pacote inclua o seguinte no bloco de <code>dependencies</code> no arquivo <code>pom.xml</code>:",
+	"packages.maven.install2": "Executar via linha de comando:",
+	"packages.maven.download": "Para baixar a dependência, execute via linha de comando:",
+	"packages.nuget.registry": "Configurar este registro pela linha de comando:",
+	"packages.nuget.install": "Para instalar o pacote usando NuGet, execute o seguinte comando:",
+	"packages.nuget.dependency.framework": "Estrutura Alvo",
+	"packages.npm.registry": "Configure este registro no arquivo <code>.npmrc</code> do seu projeto:",
+	"packages.npm.install": "Para instalar o pacote usando o npm, execute o seguinte comando:",
+	"packages.npm.install2": "ou adicione-o ao arquivo package.json:",
+	"packages.npm.dependencies": "Dependências",
+	"packages.npm.dependencies.development": "Dependências de desenvolvimento",
+	"packages.npm.dependencies.bundle": "Dependências em bundle",
+	"packages.npm.dependencies.peer": "Dependências peer",
+	"packages.npm.dependencies.optional": "Dependências opcionais",
+	"packages.npm.details.tag": "Tag",
+	"packages.pypi.requires": "Requer Python",
+	"packages.pypi.install": "Para instalar o pacote usando pip, execute o seguinte comando:",
+	"packages.rpm.registry": "Configure este registro pela linha de comando:",
+	"packages.rpm.distros.redhat": "em distribuições baseadas no RedHat",
+	"packages.rpm.distros.suse": "em distribuições baseadas no SUSE",
+	"packages.rpm.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.rpm.repository": "Informações do repositório",
+	"packages.rpm.repository.architectures": "Arquiteturas",
+	"packages.rpm.repository.multiple_groups": "Este pacote está disponível em vários grupos.",
+	"packages.alt.registry": "Configurar este registro da linha de comando:",
+	"packages.alt.registry.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.alt.install": "Instalar pacote",
+	"packages.alt.setup": "Adicionar um repositório à lista de repositórios conectados (escolha a arquitetura necessária em vez de \"_arch_\"):",
+	"packages.alt.repository": "Informação do repositório",
+	"packages.alt.repository.architectures": "Arquiteturas",
+	"packages.alt.repository.multiple_groups": "Este pacote está disponível em múltiplos grupos.",
+	"packages.rubygems.install": "Para instalar o pacote usando gem, execute o seguinte comando:",
+	"packages.rubygems.install2": "ou adicione-o ao Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Dependências de tempo de execução",
+	"packages.rubygems.dependencies.development": "Dependências de desenvolvimento",
+	"packages.rubygems.required.ruby": "Requer o Ruby versão",
+	"packages.rubygems.required.rubygems": "Requer o RubyGem versão",
+	"packages.swift.registry": "Configure este registro pela linha de comando:",
+	"packages.swift.install": "Adicione o pacote em seu arquivo <code>Package.swift</code>:",
+	"packages.swift.install2": "e execute o seguinte comando:",
+	"packages.vagrant.install": "Para adicionar uma Vagrant box, execute o seguinte comando:",
+	"packages.settings.link": "Vincular este pacote a um repositório",
+	"packages.settings.link.description": "Se você vincular um pacote a um repositório, o pacote será listado na lista de pacotes do repositório.",
+	"packages.settings.link.select": "Selecionar repositório",
+	"packages.settings.link.button": "Atualizar link do repositório",
+	"packages.settings.link.success": "Link do repositório foi atualizado com sucesso.",
+	"packages.settings.link.error": "Falha ao atualizar o link do repositório.",
+	"packages.settings.delete": "Excluir o pacote",
+	"packages.settings.delete.description": "A exclusão de um pacote é permanente e não pode ser desfeita.",
+	"packages.settings.delete.notice": "Você está prestes a excluir %s (%s). Esta operação é irreversível, tem certeza?",
+	"packages.settings.delete.success": "O pacote foi excluído.",
+	"packages.settings.delete.error": "Falha ao excluir o pacote.",
+	"packages.owner.settings.cargo.title": "Índice do registro Cargo",
+	"packages.owner.settings.cargo.initialize": "Inicializar índice",
+	"packages.owner.settings.cargo.initialize.description": "É necessário um repositório Git especial de índice para usar o registro Cargo. Usar esta opção irá (re-)criar o repositório e configurá-lo automaticamente.",
+	"packages.owner.settings.cargo.initialize.error": "Falha ao inicializar índice Cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "O índice Cargo foi criado com sucesso.",
+	"packages.owner.settings.cargo.rebuild": "Reconstruir índice",
+	"packages.owner.settings.cargo.rebuild.description": "Reconstruir pode ser útil se o índice não estiver sincronizado com os pacotes do Cargo armazenados.",
+	"packages.owner.settings.cargo.rebuild.error": "Falha ao reconstruir índice Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "O índice Cargo foi reconstruído com sucesso.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Não foi possível reconstruir, não há um índice inicializado.",
+	"packages.owner.settings.cleanuprules.title": "Regras de limpeza",
+	"packages.owner.settings.cleanuprules.add": "Adicionar regra de limpeza",
+	"packages.owner.settings.cleanuprules.edit": "Editar regra de limpeza",
+	"packages.owner.settings.cleanuprules.none": "Não há regras de limpeza ainda.",
+	"packages.owner.settings.cleanuprules.preview": "Pré-visualizar regra de limpeza",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d pacotes agendados para serem removidos.",
+	"packages.owner.settings.cleanuprules.preview.none": "A regra de limpeza não corresponde a nenhum pacote.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Aplicar padrão ao nome completo do pacote",
+	"packages.owner.settings.cleanuprules.keep.title": "Versões que correspondem a estas regras são mantidas, mesmo se corresponderem a uma regra de remoção abaixo.",
+	"packages.owner.settings.cleanuprules.keep.count": "Manter o mais recente",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Manter versões correspondentes",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "A versão <code>latest</code> é sempre mantida para pacotes de Container.",
+	"packages.owner.settings.cleanuprules.remove.title": "Versões que correspondem a essas regras são removidas, a menos que uma regra acima diga para mantê-las.",
+	"packages.owner.settings.cleanuprules.remove.days": "Remover versões mais antigas que",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Remover versões correspondentes",
+	"packages.owner.settings.cleanuprules.success.update": "Regra de limpeza foi atualizada.",
+	"packages.owner.settings.cleanuprules.success.delete": "Regra de limpeza foi excluída.",
+	"packages.owner.settings.chef.title": "Registro Chef",
+	"packages.owner.settings.chef.keypair": "Gerar par de chaves",
+	"packages.owner.settings.chef.keypair.description": "Requisições enviadas ao registro Chef precisam ser criptograficamente assinadas como uma forma de autenticação. Ao gerar um par de chaves, somente a chave pública é armazenada no Forgejo. A chave privada é fornecida a você para ser usada com o knife. Gerar um novo par de chaves irá sobrescrever o anterior.",
 	"fork.n_forks": {
 		"one": "%s fork",
 		"many": "%s forks",
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index a0294a9245..46f708629d 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Pacotes",
+	"packages.empty": "Ainda não há pacotes.",
+	"packages.empty.documentation": "Para obter mais informação sobre o registo de pacotes, veja <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">a documentação</a>.",
+	"packages.empty.repo": "Carregou um pacote mas este não é apresentado aqui? Vá às <a href=\"%[1]s\">configurações do pacote</a> e ligue-o a este repositório.",
+	"packages.registry.documentation": "Para mais informação sobre o registo %s, veja <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">a documentação</a>.",
+	"packages.filter.type": "Tipo",
+	"packages.filter.type.all": "Todos",
+	"packages.filter.no_result": "O seu filtro não produziu quaisquer resultados.",
+	"packages.filter.container.tagged": "Com etiqueta",
+	"packages.filter.container.untagged": "Sem etiqueta",
+	"packages.published_by": "Publicado %[1]s por <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Publicado %[1]s por <a href=\"%[2]s\">%[3]s</a> em <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Para instalar o pacote usando o Dart, execute o seguinte comando:",
+	"packages.installation": "Instalação",
+	"packages.about": "Sobre este pacote",
+	"packages.requirements": "Requisitos",
+	"packages.dependencies": "Dependências",
+	"packages.keywords": "Palavras-chave",
+	"packages.details": "Detalhes",
+	"packages.details.author": "Autor(a)",
+	"packages.details.project_site": "Sítio web do projecto",
+	"packages.details.repository_site": "Sítio web do repositório",
+	"packages.details.documentation_site": "Sítio web da documentação",
+	"packages.details.license": "Licença",
+	"packages.assets": "Recursos",
+	"packages.versions": "Versões",
+	"packages.versions.view_all": "Ver todas",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Versão",
+	"packages.search_in_external_registry": "Procurar em %s",
+	"packages.alpine.registry": "Configure este registo adicionando o URL no seu ficheiro <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Descarregue a chave RSA pública do registo para dentro da pasta <code>/etc/apk/keys/</code> para verificar a assinatura do índice:",
+	"packages.alpine.registry.info": "Escolha $branch e $repository da lista abaixo.",
+	"packages.alpine.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.alpine.repository": "Informações do repositório",
+	"packages.alpine.repository.branches": "Ramos",
+	"packages.alpine.repository.repositories": "Repositórios",
+	"packages.alpine.repository.architectures": "Arquitecturas",
+	"packages.arch.pacman.helper.gpg": "Adicionar certificado de confiança para o pacman:",
+	"packages.arch.pacman.repo.multi": "%s tem a mesma versão em distribuições diferentes.",
+	"packages.arch.pacman.repo.multi.item": "Configurações para %s",
+	"packages.arch.pacman.conf": "Adicionar servidor com distribuição e arquitectura relacionadas a <code>/etc/pacman.conf</code> :",
+	"packages.arch.pacman.sync": "Sincronizar pacote com o pacman:",
+	"packages.arch.version.properties": "Propriedades da versão",
+	"packages.arch.version.description": "Descrição",
+	"packages.arch.version.provides": "Fornece",
+	"packages.arch.version.groups": "Grupo",
+	"packages.arch.version.depends": "Depende de",
+	"packages.arch.version.optdepends": "Depende opcionalmente",
+	"packages.arch.version.makedepends": "Dependências do make",
+	"packages.arch.version.checkdepends": "Verificar dependências",
+	"packages.arch.version.conflicts": "Conflitos",
+	"packages.arch.version.replaces": "Substitui",
+	"packages.arch.version.backup": "Cópia de segurança",
+	"packages.cargo.registry": "Configurar este registo no ficheiro de configuração do Cargo (por exemplo: <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Para instalar o pacote usando o Cargo, execute o seguinte comando:",
+	"packages.chef.registry": "Configure este registo no seu ficheiro <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.composer.registry": "Configure este registo no seu ficheiro <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "Para instalar o pacote usando o Composer, execute o seguinte comando:",
+	"packages.composer.dependencies": "Dependências",
+	"packages.composer.dependencies.development": "Dependências de desenvolvimento",
+	"packages.conan.registry": "Configurar este registo usando a linha de comandos:",
+	"packages.conan.install": "Para instalar o pacote usando o Conan, execute o seguinte comando:",
+	"packages.conda.registry": "Configure este registo como um repositório Conda no seu ficheiro <code>.condarc</code>:",
+	"packages.conda.install": "Para instalar o pacote usando o Conda, execute o seguinte comando:",
+	"packages.container.images.title": "Imagens",
+	"packages.container.details.type": "Tipo de imagem",
+	"packages.container.details.platform": "Plataforma",
+	"packages.container.pull": "Puxar a imagem usando a linha de comandos:",
+	"packages.container.digest": "Resumo",
+	"packages.container.multi_arch": "S.O. / Arquit.",
+	"packages.container.layers": "Camadas da imagem",
+	"packages.container.labels": "Rótulos",
+	"packages.container.labels.key": "Chave",
+	"packages.container.labels.value": "Valor",
+	"packages.cran.registry": "Configure este registo no seu ficheiro <code>Rprofile.site</code>:",
+	"packages.cran.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.debian.registry": "Configurar este registo usando a linha de comandos:",
+	"packages.debian.registry.info": "Escolha $distribution e $component da lista abaixo.",
+	"packages.debian.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.debian.repository": "Informações do repositório",
+	"packages.debian.repository.distributions": "Distribuições",
+	"packages.debian.repository.components": "Componentes",
+	"packages.debian.repository.architectures": "Arquitecturas",
+	"packages.generic.download": "Descarregar pacote usando a linha de comandos:",
+	"packages.go.install": "Instale o pacote a partir da linha de comandos:",
+	"packages.helm.registry": "Configurar este registo usando a linha de comandos:",
+	"packages.helm.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.maven.registry": "Configure este registo no seu ficheiro <code>pom.xml</code> do projecto:",
+	"packages.maven.install": "Para usar este pacote, inclua no bloco <code>dependencies</code> do ficheiro <code>pom.xml</code> o seguinte:",
+	"packages.maven.install2": "Executar usando a linha de comandos:",
+	"packages.maven.download": "Para descarregar a dependência, execute na linha de comandos:",
+	"packages.nuget.registry": "Configurar este registo usando a linha de comandos:",
+	"packages.nuget.install": "Para instalar o pacote usando NuGet, execute o seguinte comando:",
+	"packages.nuget.dependency.framework": "Estrutura alvo",
+	"packages.npm.registry": "Configure este registo no seu ficheiro <code>.npmrc</code> do projecto:",
+	"packages.npm.install": "Para instalar o pacote usando o npm, execute o seguinte comando:",
+	"packages.npm.install2": "ou adicione-o ao ficheiro <code>package.json</code>:",
+	"packages.npm.dependencies": "Dependências",
+	"packages.npm.dependencies.development": "Dependências de desenvolvimento",
+	"packages.npm.dependencies.bundle": "Dependências agrupadas",
+	"packages.npm.dependencies.peer": "Dependências de pares",
+	"packages.npm.dependencies.optional": "Dependências opcionais",
+	"packages.npm.details.tag": "Etiqueta",
+	"packages.pypi.requires": "Requer Python",
+	"packages.pypi.install": "Para instalar o pacote usando o pip, execute o seguinte comando:",
+	"packages.rpm.registry": "Configurar este registo usando a linha de comandos:",
+	"packages.rpm.distros.redhat": "em distribuições baseadas no RedHat",
+	"packages.rpm.distros.suse": "em distribuições baseadas no SUSE",
+	"packages.rpm.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.rpm.repository": "Informações do repositório",
+	"packages.rpm.repository.architectures": "Arquitecturas",
+	"packages.rpm.repository.multiple_groups": "Este pacote está disponível em vários grupos.",
+	"packages.alt.registry": "Configure este registo a partir da linha de comandos:",
+	"packages.alt.registry.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.alt.install": "Instalar pacote",
+	"packages.alt.setup": "Adicionar um repositório à lista de repositórios ligados (escolha a arquitetura necessária em vez de \"_arch_\"):",
+	"packages.alt.repository": "Informação do repositório",
+	"packages.alt.repository.architectures": "Arquiteturas",
+	"packages.alt.repository.multiple_groups": "Este pacote está disponível em vários grupos.",
+	"packages.rubygems.install": "Para instalar o pacote usando o gem, execute o seguinte comando:",
+	"packages.rubygems.install2": "ou adicione-o ao ficheiro <code>Gemfile</code>:",
+	"packages.rubygems.dependencies.runtime": "Dependências em tempo de execução",
+	"packages.rubygems.dependencies.development": "Dependências de desenvolvimento",
+	"packages.rubygems.required.ruby": "Requer a versão do Ruby",
+	"packages.rubygems.required.rubygems": "Requer a versão do RubyGem",
+	"packages.swift.registry": "Configurar este registo usando a linha de comandos:",
+	"packages.swift.install": "Adicione o pacote no seu ficheiro <code>Package.swift</code>:",
+	"packages.swift.install2": "e execute o seguinte comando:",
+	"packages.vagrant.install": "Para adicionar uma máquina virtual Vagrant, execute o seguinte comando:",
+	"packages.settings.link": "Vincular este pacote a um repositório",
+	"packages.settings.link.description": "Se você vincular um pacote a um repositório, o pacote será listado na lista de pacotes do repositório.",
+	"packages.settings.link.select": "Escolher repositório",
+	"packages.settings.link.button": "Modificar vínculo ao repositório",
+	"packages.settings.link.success": "O vínculo ao repositório foi modificado com sucesso.",
+	"packages.settings.link.error": "Falhou a modificação do vínculo ao repositório.",
+	"packages.settings.delete": "Eliminar pacote",
+	"packages.settings.delete.description": "Eliminar o pacote é permanente e não pode ser desfeito.",
+	"packages.settings.delete.notice": "Está prestes a eliminar %s (%s). Esta operação é irreversível. Tem a certeza?",
+	"packages.settings.delete.success": "O pacote foi eliminado.",
+	"packages.settings.delete.error": "Falhou a eliminação do pacote.",
+	"packages.owner.settings.cargo.title": "Índice do registo do Cargo",
+	"packages.owner.settings.cargo.initialize": "Inicializar índice",
+	"packages.owner.settings.cargo.initialize.description": "É necessário um repositório Git de índice especial para usar o registo Cargo. Usar esta opção irá (re-)criar o repositório e configurá-lo automaticamente.",
+	"packages.owner.settings.cargo.initialize.error": "Falhou ao inicializar o índice do Cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "O índice do Cargo foi criado com sucesso.",
+	"packages.owner.settings.cargo.rebuild": "Reconstruir índice",
+	"packages.owner.settings.cargo.rebuild.description": "Reconstruir pode ser útil se o índice não estiver sincronizado com os pacotes de Cargo armazenados.",
+	"packages.owner.settings.cargo.rebuild.error": "Falhou ao reconstruir o índice do Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "O índice do Cargo foi reconstruído com sucesso.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Não foi possível reconstruir, não há um índice inicializado.",
+	"packages.owner.settings.cleanuprules.title": "Regras de limpeza",
+	"packages.owner.settings.cleanuprules.add": "Adicionar regra de limpeza",
+	"packages.owner.settings.cleanuprules.edit": "Editar regra de limpeza",
+	"packages.owner.settings.cleanuprules.none": "Ainda não há quaisquer regras de limpeza.",
+	"packages.owner.settings.cleanuprules.preview": "Previsão da regra de limpeza",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d pacotes estão agendados para serem removidos.",
+	"packages.owner.settings.cleanuprules.preview.none": "A regra de limpeza não corresponde a nenhum pacote.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Aplicar o padrão ao nome completo do pacote",
+	"packages.owner.settings.cleanuprules.keep.title": "As versões que correspondem a estas regras serão mantidas, mesmo que correspondam à regra de remoção abaixo.",
+	"packages.owner.settings.cleanuprules.keep.count": "Manter a mais recente",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Manter as versões correspondentes",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "A <code>última</code> versão será sempre mantida para pacotes de contentor.",
+	"packages.owner.settings.cleanuprules.remove.title": "Versões que correspondam a estas regras serão removidos, a não ser que a regra acima diga para os manter.",
+	"packages.owner.settings.cleanuprules.remove.days": "Remover versões mais antigas do que",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Remover as versões correspondentes",
+	"packages.owner.settings.cleanuprules.success.update": "A regra de limpeza foi modificada.",
+	"packages.owner.settings.cleanuprules.success.delete": "A regra de limpeza foi eliminada.",
+	"packages.owner.settings.chef.title": "Registo do Chef",
+	"packages.owner.settings.chef.keypair": "Gerar par de chaves",
+	"packages.owner.settings.chef.keypair.description": "Os pedidos enviados para o registo do Chef têm de ser assinados criptograficamente como meio de autenticação. Ao gerar um par de chaves, apenas a chave pública é armazenada no Forgejo. A chave privada é-lhe fornecida para ser utilizada com o knife. A geração de um novo par de chaves substituirá o anterior.",
 	"fork.n_forks": {
 		"one": "%s derivação",
 		"many": "%s derivações",
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 534ae02a0a..2695afe532 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Пакеты",
+	"packages.empty": "Пока нет пакетов.",
+	"packages.empty.documentation": "Дополнительную информацию о реестре пакетов можно найти в <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документации</a>.",
+	"packages.empty.repo": "Вы загрузили пакет, но он здесь не отображается? Перейдите в <a href=\"%[1]s\">настройки пакета</a> и свяжите его с этим репозиторием.",
+	"packages.registry.documentation": "Для получения дополнительной информации о реестре %s смотрите <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документацию</a>.",
+	"packages.filter.type": "Тип",
+	"packages.filter.type.all": "Все",
+	"packages.filter.no_result": "Фильтр не дал результатов.",
+	"packages.filter.container.tagged": "С тегом",
+	"packages.filter.container.untagged": "Без тегов",
+	"packages.published_by": "Опубликовано %[1]s <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Опубликовано %[1]s <a href=\"%[2]s\">%[3]s</a> в <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Чтобы установить пакет с помощью Dart, выполните следующую команду:",
+	"packages.installation": "Установка",
+	"packages.about": "Об этом пакете",
+	"packages.requirements": "Требования",
+	"packages.dependencies": "Зависимости",
+	"packages.keywords": "Ключевые слова",
+	"packages.details": "Сведения",
+	"packages.details.author": "Автор",
+	"packages.details.project_site": "Веб-сайт проекта",
+	"packages.details.repository_site": "Веб-сайт репозитория",
+	"packages.details.documentation_site": "Веб-сайт документации",
+	"packages.details.license": "Лицензия",
+	"packages.assets": "Объекты",
+	"packages.versions": "Версии",
+	"packages.versions.view_all": "Показать всё",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Версия",
+	"packages.search_in_external_registry": "Найти в %s",
+	"packages.alpine.registry": "Настройте этот реестр, добавив URL в файл <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Загрузите публичный ключ RSA реестра в каталог <code>/etc/apk/keys/</code> для проверки подписи индекса:",
+	"packages.alpine.registry.info": "Выберите $branch и $repository из списка ниже.",
+	"packages.alpine.install": "Для установки пакета выполните следующую команду:",
+	"packages.alpine.repository": "О репозитории",
+	"packages.alpine.repository.branches": "Ветви",
+	"packages.alpine.repository.repositories": "Репозитории",
+	"packages.alpine.repository.architectures": "Архитектуры",
+	"packages.arch.pacman.helper.gpg": "Добавьте сертификат доверия в pacman:",
+	"packages.arch.pacman.repo.multi": "У %s имеется одна и та же версия в разных дистрибутивах.",
+	"packages.arch.pacman.repo.multi.item": "Конфигурация %s",
+	"packages.arch.pacman.conf": "Добавьте адрес с необходимым дистрибутивом и архитектурой в <code>/etc/pacman.conf</code>:",
+	"packages.arch.pacman.sync": "Синхронизируйте пакет в pacman:",
+	"packages.arch.version.properties": "Свойства версии",
+	"packages.arch.version.description": "Описание",
+	"packages.arch.version.provides": "Предоставляет",
+	"packages.arch.version.groups": "Группа",
+	"packages.arch.version.depends": "Зависит от",
+	"packages.arch.version.optdepends": "Опциональные зависимости",
+	"packages.arch.version.makedepends": "Сборочные зависимости",
+	"packages.arch.version.checkdepends": "Проверочные зависимости",
+	"packages.arch.version.conflicts": "Конфликтует с",
+	"packages.arch.version.replaces": "Заменяет",
+	"packages.arch.version.backup": "Рез. копия",
+	"packages.cargo.registry": "Настройте этот реестр в файле конфигурации Cargo (например, <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Чтобы установить пакет с помощью Cargo, выполните следующую команду:",
+	"packages.chef.registry": "Настройте этот реестр в своём файле <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "Для установки пакета выполните следующую команду:",
+	"packages.composer.registry": "Настройте этот реестр в файле <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "Чтобы установить пакет с помощью Composer, выполните следующую команду:",
+	"packages.composer.dependencies": "Зависимости",
+	"packages.composer.dependencies.development": "Зависимости для разработки",
+	"packages.conan.registry": "Добавьте реестр командой:",
+	"packages.conan.install": "Чтобы установить пакет с помощью Conan, выполните следующую команду:",
+	"packages.conda.registry": "Пропишите этот реестр в качестве репозитория Conda в своём файле <code>.condarc</code>:",
+	"packages.conda.install": "Чтобы установить пакет с помощью Conda, выполните следующую команду:",
+	"packages.container.images.title": "Образы",
+	"packages.container.details.type": "Тип образа",
+	"packages.container.details.platform": "Платформа",
+	"packages.container.pull": "Загрузите образ из командной строки:",
+	"packages.container.digest": "Отпечаток",
+	"packages.container.multi_arch": "ОС / архитектура",
+	"packages.container.layers": "Слои образа",
+	"packages.container.labels": "Метки",
+	"packages.container.labels.key": "Ключ",
+	"packages.container.labels.value": "Значение",
+	"packages.cran.registry": "Настройте этот реестр в файле <code>Rprofile.site</code>:",
+	"packages.cran.install": "Для установки пакета выполните следующую команду:",
+	"packages.debian.registry": "Добавьте реестр командой:",
+	"packages.debian.registry.info": "Выберите $distribution и $component из списка ниже.",
+	"packages.debian.install": "Для установки пакета выполните следующую команду:",
+	"packages.debian.repository": "О репозитории",
+	"packages.debian.repository.distributions": "Дистрибутивы",
+	"packages.debian.repository.components": "Компоненты",
+	"packages.debian.repository.architectures": "Архитектуры",
+	"packages.generic.download": "Скачать пакет из командной строки:",
+	"packages.go.install": "Установите пакет из командной строки:",
+	"packages.helm.registry": "Добавьте реестр командой:",
+	"packages.helm.install": "Для установки пакета выполните следующую команду:",
+	"packages.maven.registry": "Настройте реестр в файле <code>pom.xml</code> вашего проекта:",
+	"packages.maven.install": "Чтобы использовать пакет, включите в блок <code>dependencies</code> в файле <code>pom.xml</code> следующее:",
+	"packages.maven.install2": "Выполнить через командную строку:",
+	"packages.maven.download": "Чтобы скачать зависимость, запустите в командной строке:",
+	"packages.nuget.registry": "Добавьте реестр командой:",
+	"packages.nuget.install": "Чтобы установить пакет с помощью NuGet, выполните следующую команду:",
+	"packages.nuget.dependency.framework": "Целевой фреймворк",
+	"packages.npm.registry": "Настройте реестр в файле <code>.npmrc</code> вашего проекта:",
+	"packages.npm.install": "Чтобы установить пакет с помощью npm, выполните следующую команду:",
+	"packages.npm.install2": "или добавьте его в файл package.json:",
+	"packages.npm.dependencies": "Зависимости",
+	"packages.npm.dependencies.development": "Зависимости для разработки",
+	"packages.npm.dependencies.bundle": "Комплектные зависимости",
+	"packages.npm.dependencies.peer": "Одноранговые зависимости",
+	"packages.npm.dependencies.optional": "Необязательные зависимости",
+	"packages.npm.details.tag": "Тег",
+	"packages.pypi.requires": "Требуется Python",
+	"packages.pypi.install": "Чтобы установить пакет с помощью pip, выполните следующую команду:",
+	"packages.rpm.registry": "Добавьте реестр командой:",
+	"packages.rpm.distros.redhat": "на дистрибутивах семейства RedHat",
+	"packages.rpm.distros.suse": "на дистрибутивах семейства SUSE",
+	"packages.rpm.install": "Для установки пакета выполните следующую команду:",
+	"packages.rpm.repository": "О репозитории",
+	"packages.rpm.repository.architectures": "Архитектуры",
+	"packages.rpm.repository.multiple_groups": "Этот пакет доступен в нескольких группах.",
+	"packages.alt.registry": "Добавьте реестр командой:",
+	"packages.alt.registry.install": "Для установки пакета выполните следующую команду:",
+	"packages.alt.install": "Установка пакета",
+	"packages.alt.setup": "Добавьте репозиторий в свой список репозиториев (выберите подходящую архитектуру вместо «_arch_»):",
+	"packages.alt.repository": "О репозитории",
+	"packages.alt.repository.architectures": "Архитектуры",
+	"packages.alt.repository.multiple_groups": "Этот пакет доступен в нескольких группах.",
+	"packages.rubygems.install": "Чтобы установить пакет с помощью gem, выполните следующую команду:",
+	"packages.rubygems.install2": "или добавьте его в Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Зависимости времени выполнения",
+	"packages.rubygems.dependencies.development": "Зависимости для разработки",
+	"packages.rubygems.required.ruby": "Требуется версия Ruby",
+	"packages.rubygems.required.rubygems": "Требуется версия RubyGem",
+	"packages.swift.registry": "Добавьте реестр командой:",
+	"packages.swift.install": "Добавьте пакет в свой файл <code>Package.swift</code>:",
+	"packages.swift.install2": "и запустите следующую команду:",
+	"packages.vagrant.install": "Чтобы добавить бокс Vagrant, выполните следующую команду:",
+	"packages.settings.link": "Связать этот пакет с репозиторием",
+	"packages.settings.link.description": "Если связать пакет с репозиторием, он добавится в список пакетов репозитория.",
+	"packages.settings.link.select": "Выберите репозиторий",
+	"packages.settings.link.button": "Обновить ссылку на репозиторий",
+	"packages.settings.link.success": "Связь с репозиторием успешно обновлена.",
+	"packages.settings.link.error": "Не удалось обновить привязку к репозиторию.",
+	"packages.settings.delete": "Удалить пакет",
+	"packages.settings.delete.description": "Удаление пакета необратимо и не может быть отменено.",
+	"packages.settings.delete.notice": "Вы собираетесь удалить %s (%s). Эта операция необратима, вы уверены?",
+	"packages.settings.delete.success": "Пакет удалён.",
+	"packages.settings.delete.error": "Не удалось удалить пакет.",
+	"packages.owner.settings.cargo.title": "Индекс реестра Cargo",
+	"packages.owner.settings.cargo.initialize": "Инициализировать индекс",
+	"packages.owner.settings.cargo.initialize.description": "Для использования реестра Cargo необходим специальный Git-репозиторий с индексом. Эта опция (пере)создаст репозиторий и настроит его автоматически.",
+	"packages.owner.settings.cargo.initialize.error": "Не удалось инициализировать индекс Cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "Индекс Cargo успешно создан.",
+	"packages.owner.settings.cargo.rebuild": "Перестроить индекс",
+	"packages.owner.settings.cargo.rebuild.description": "Пересборка может быть полезна в случае, если индекс не синхронизирован с хранящимися пакетами Cargo.",
+	"packages.owner.settings.cargo.rebuild.error": "Не удалось перестроить индекс Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Индекс Cargo был перестроен успешно.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Невозможно выполнить пересборку. Нет инициализированного индекса.",
+	"packages.owner.settings.cleanuprules.title": "Правила очистки",
+	"packages.owner.settings.cleanuprules.add": "Добавить правило очистки",
+	"packages.owner.settings.cleanuprules.edit": "Изменить правило очистки",
+	"packages.owner.settings.cleanuprules.none": "Правил очистки пока нет.",
+	"packages.owner.settings.cleanuprules.preview": "Предпросмотр правила очистки",
+	"packages.owner.settings.cleanuprules.preview.overview": "Планируется удалить %d пакетов.",
+	"packages.owner.settings.cleanuprules.preview.none": "Правило очистки не соответствует ни одному пакету.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Применить шаблон к полному имени пакета",
+	"packages.owner.settings.cleanuprules.keep.title": "Версии, соответствующие этим правилам, сохраняются, даже если они соответствуют приведённому ниже правилу удаления.",
+	"packages.owner.settings.cleanuprules.keep.count": "Оставить последние",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Сохранять версии, совпадающие с",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Версия <code>latest</code> всегда сохраняется для пакетов контейнера.",
+	"packages.owner.settings.cleanuprules.remove.title": "Версии, соответствующие этим правилам, удаляются, если правило выше не требует хранить их.",
+	"packages.owner.settings.cleanuprules.remove.days": "Удалять версии старше, чем",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Удалять версии, совпадающие с",
+	"packages.owner.settings.cleanuprules.success.update": "Правило очистки обновлено.",
+	"packages.owner.settings.cleanuprules.success.delete": "Правило очистки удалено.",
+	"packages.owner.settings.chef.title": "Реестр Chef",
+	"packages.owner.settings.chef.keypair": "Создать пару ключей",
+	"packages.owner.settings.chef.keypair.description": "Запросы к реестру Chef заверяются криптографическими подписями для аутентификации. При создании пары ключей только публичный ключ сохраняется в базе Forgejo. Закрытый ключ, который вы получите, будет использоваться knife. Создание новой пары ключей удалит старую.",
 	"fork.n_forks": {
 		"one": "%s ответвление",
 		"few": "%s ответвления",
diff --git a/options/locale_next/locale_si-LK.json b/options/locale_next/locale_si-LK.json
index 40ffa8ccc6..becc3b2408 100644
--- a/options/locale_next/locale_si-LK.json
+++ b/options/locale_next/locale_si-LK.json
@@ -1,4 +1,7 @@
 {
+	"packages.filter.type": "වර්ගය",
+	"packages.alpine.repository.branches": "ශාඛා",
+	"packages.alpine.repository.repositories": "කෝෂ්ඨ",
 	"repo.pulls.merged_title_desc": "මර්ජ්%[1]d සිට <code>%[2]s</code> දක්වා <code>%[3]s</code> %[4]s",
 	"repo.pulls.title_desc": "%[1]d සිට <code>%[2]s</code> දක්වා <code id=\"%[4]s\">%[3]s</code>",
 	"migrate.git.description": "ඕනෑම Git සේවාවකින් පමණක් ගබඩාවක් සංක්රමණය කරන්න.",
diff --git a/options/locale_next/locale_sk-SK.json b/options/locale_next/locale_sk-SK.json
index 0c22e4ccda..190893481b 100644
--- a/options/locale_next/locale_sk-SK.json
+++ b/options/locale_next/locale_sk-SK.json
@@ -1,4 +1,6 @@
 {
+	"packages.alpine.repository.repositories": "Repozitáre",
+	"packages.container.labels": "Štítky",
 	"fork.n_forks": {
 		"one": "%s fork",
 		"few": "%s forky",
diff --git a/options/locale_next/locale_sl.json b/options/locale_next/locale_sl.json
index e1940e1e14..e948ca6b0d 100644
--- a/options/locale_next/locale_sl.json
+++ b/options/locale_next/locale_sl.json
@@ -1,3 +1,4 @@
 {
+	"packages.owner.settings.chef.keypair.description": "Za preverjanje pristnosti v registru Chef je potreben par ključev. Če ste par ključev ustvarili že prej, se pri ustvarjanju novega para ključev stari par ključev zavrže.",
 	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index bb0b1935d5..47fd0afa70 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Paket",
+	"packages.empty": "Det finns inga paket ännu.",
+	"packages.empty.documentation": "För mer information om paketregistret, se <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentationen</a>.",
+	"packages.empty.repo": "Laddade du upp ett paket men det visas inte här? Gå till <a href=\"%[1]s\">paketinställningar</a> och länka det till detta kodförråd.",
+	"packages.registry.documentation": "För mer information om %s-registret, se <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentationen</a>.",
+	"packages.filter.type": "Typ",
+	"packages.filter.type.all": "Alla",
+	"packages.filter.no_result": "Ditt filter gav inga resultat.",
+	"packages.filter.container.tagged": "Taggad",
+	"packages.filter.container.untagged": "Otaggad",
+	"packages.published_by": "Publicerad %[1]s av <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Publicerad %[1]s av <a href=\"%[2]s\">%[3]s</a> i <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "För att installera paketet med Dart, kör följande kommando:",
+	"packages.installation": "Installation",
+	"packages.about": "Om detta paket",
+	"packages.requirements": "Krav",
+	"packages.dependencies": "Beroenden",
+	"packages.keywords": "Nyckelord",
+	"packages.details": "Detaljer",
+	"packages.details.author": "Författare",
+	"packages.details.project_site": "Projektwebbplats",
+	"packages.details.repository_site": "Kodförrådswebbplats",
+	"packages.details.documentation_site": "Dokumentationswebbplats",
+	"packages.details.license": "Licens",
+	"packages.assets": "Assets",
+	"packages.versions": "Versioner",
+	"packages.versions.view_all": "Visa alla",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Version",
+	"packages.search_in_external_registry": "Sök i %s",
+	"packages.alpine.registry": "Konfigurera detta register genom att lägga till URL:en i din <code>/etc/apk/repositories</code>-fil:",
+	"packages.alpine.registry.key": "Ladda ner registrets offentliga RSA-nyckel till <code>/etc/apk/keys/</code>-mappen för att verifiera indexsignaturen:",
+	"packages.alpine.registry.info": "Välj $gren och $kodförråd från listan nedan.",
+	"packages.alpine.install": "För att installera paketet, kör följande kommando:",
+	"packages.alpine.repository": "Kodförrådsinfo",
+	"packages.alpine.repository.branches": "Brancher",
+	"packages.alpine.repository.repositories": "Utvecklingskataloger",
+	"packages.alpine.repository.architectures": "Arkitekturer",
+	"packages.arch.pacman.helper.gpg": "Lägg till förtroendecertifikat för pacman:",
+	"packages.arch.pacman.repo.multi": "%s har samma version i olika distributioner.",
+	"packages.arch.pacman.repo.multi.item": "Konfiguration för %s",
+	"packages.arch.pacman.conf": "Lägg till server med relaterad distribution och arkitektur till <code>/etc/pacman.conf</code>:",
+	"packages.arch.pacman.sync": "Synkronisera paket med pacman:",
+	"packages.arch.version.properties": "Versionsegenskaper",
+	"packages.arch.version.description": "Beskrivning",
+	"packages.arch.version.provides": "Tillhandahåller",
+	"packages.arch.version.groups": "Grupp",
+	"packages.arch.version.depends": "Beroenden",
+	"packages.arch.version.optdepends": "Valfria beroenden",
+	"packages.arch.version.makedepends": "Byggberoenden",
+	"packages.arch.version.checkdepends": "Kontrollberoenden",
+	"packages.arch.version.conflicts": "Konflikter",
+	"packages.arch.version.replaces": "Ersätter",
+	"packages.arch.version.backup": "Säkerhetskopia",
+	"packages.cargo.registry": "Konfigurera detta register i Cargo-konfigurationsfilen (till exempel <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "För att installera paketet med Cargo, kör följande kommando:",
+	"packages.chef.registry": "Konfigurera detta register i din <code>~/.chef/config.rb</code>-fil:",
+	"packages.chef.install": "För att installera paketet, kör följande kommando:",
+	"packages.composer.registry": "Konfigurera detta register i din <code>~/.composer/config.json</code>-fil:",
+	"packages.composer.install": "För att installera paketet med Composer, kör följande kommando:",
+	"packages.composer.dependencies": "Beroenden",
+	"packages.composer.dependencies.development": "Utvecklingsberoenden",
+	"packages.conan.registry": "Konfigurera detta register från kommandoraden:",
+	"packages.conan.install": "För att installera paketet med Conan, kör följande kommando:",
+	"packages.conda.registry": "Konfigurera detta register som ett Conda-kodförråd i din <code>.condarc</code>-fil:",
+	"packages.conda.install": "För att installera paketet med Conda, kör följande kommando:",
+	"packages.container.images.title": "Bilder",
+	"packages.container.details.type": "Bildtyp",
+	"packages.container.details.platform": "Plattform",
+	"packages.container.pull": "Hämta bilden från kommandoraden:",
+	"packages.container.digest": "Digest",
+	"packages.container.multi_arch": "OS / Arch",
+	"packages.container.layers": "Bildlager",
+	"packages.container.labels": "Etiketter",
+	"packages.container.labels.key": "Nyckel",
+	"packages.container.labels.value": "Värde",
+	"packages.cran.registry": "Konfigurera detta register i din <code>Rprofile.site</code>-fil:",
+	"packages.cran.install": "För att installera paketet, kör följande kommando:",
+	"packages.debian.registry": "Konfigurera detta register från kommandoraden:",
+	"packages.debian.registry.info": "Välj $distribution och $component från listan nedan.",
+	"packages.debian.install": "För att installera paketet, kör följande kommando:",
+	"packages.debian.repository": "Kodförrådsinfo",
+	"packages.debian.repository.distributions": "Distributioner",
+	"packages.debian.repository.components": "Komponenter",
+	"packages.debian.repository.architectures": "Arkitekturer",
+	"packages.generic.download": "Ladda ner paket från kommandoraden:",
+	"packages.go.install": "Installera paketet från kommandoraden:",
+	"packages.helm.registry": "Konfigurera detta register från kommandoraden:",
+	"packages.helm.install": "För att installera paketet, kör följande kommando:",
+	"packages.maven.registry": "Konfigurera detta register i ditt projekts <code>pom.xml</code>-fil:",
+	"packages.maven.install": "För att använda paketet, inkludera följande i <code>dependencies</code>-blocket i <code>pom.xml</code>-filen:",
+	"packages.maven.install2": "Kör via kommandoraden:",
+	"packages.maven.download": "För att ladda ner beroendet, kör via kommandoraden:",
+	"packages.nuget.registry": "Konfigurera detta register från kommandoraden:",
+	"packages.nuget.install": "För att installera paketet med NuGet, kör följande kommando:",
+	"packages.nuget.dependency.framework": "Målramverk",
+	"packages.npm.registry": "Konfigurera detta register i ditt projekts <code>.npmrc</code>-fil:",
+	"packages.npm.install": "För att installera paketet med npm, kör följande kommando:",
+	"packages.npm.install2": "eller lägg till det i package.json-filen:",
+	"packages.npm.dependencies": "Beroenden",
+	"packages.npm.dependencies.development": "Utvecklingsberoenden",
+	"packages.npm.dependencies.bundle": "Buntade beroenden",
+	"packages.npm.dependencies.peer": "Peer-beroenden",
+	"packages.npm.dependencies.optional": "Valfria beroenden",
+	"packages.npm.details.tag": "Tagg",
+	"packages.pypi.requires": "Kräver Python",
+	"packages.pypi.install": "För att installera paketet med pip, kör följande kommando:",
+	"packages.rpm.registry": "Konfigurera detta register från kommandoraden:",
+	"packages.rpm.distros.redhat": "på RedHat-baserade distributioner",
+	"packages.rpm.distros.suse": "på SUSE-baserade distributioner",
+	"packages.rpm.install": "För att installera paketet, kör följande kommando:",
+	"packages.rpm.repository": "Kodförrådsinfo",
+	"packages.rpm.repository.architectures": "Arkitekturer",
+	"packages.rpm.repository.multiple_groups": "Detta paket är tillgängligt i flera grupper.",
+	"packages.alt.registry": "Konfigurera detta register från kommandoraden:",
+	"packages.alt.registry.install": "För att installera paketet, kör följande kommando:",
+	"packages.alt.install": "Installera paket",
+	"packages.alt.setup": "Lägg till ett kodförråd i listan över anslutna kodförråd (välj nödvändig arkitektur istället för \"_arch_\"):",
+	"packages.alt.repository": "Kodförrådsinfo",
+	"packages.alt.repository.architectures": "Arkitekturer",
+	"packages.alt.repository.multiple_groups": "Detta paket är tillgängligt i flera grupper.",
+	"packages.rubygems.install": "För att installera paketet med gem, kör följande kommando:",
+	"packages.rubygems.install2": "eller lägg till det i Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Körtidsberoenden",
+	"packages.rubygems.dependencies.development": "Utvecklingsberoenden",
+	"packages.rubygems.required.ruby": "Kräver Ruby-version",
+	"packages.rubygems.required.rubygems": "Kräver RubyGem-version",
+	"packages.swift.registry": "Konfigurera detta register från kommandoraden:",
+	"packages.swift.install": "Lägg till paketet i din <code>Package.swift</code>-fil:",
+	"packages.swift.install2": "och kör följande kommando:",
+	"packages.vagrant.install": "För att lägga till en Vagrant-box, kör följande kommando:",
+	"packages.settings.link": "Länka detta paket till ett kodförråd",
+	"packages.settings.link.description": "Om du länkar ett paket med ett kodförråd, listas paketet i kodförrådets paketlista.",
+	"packages.settings.link.select": "Välj kodförråd",
+	"packages.settings.link.button": "Uppdatera kodförrådslänk",
+	"packages.settings.link.success": "Kodförrådslänken uppdaterades framgångsrikt.",
+	"packages.settings.link.error": "Misslyckades med att uppdatera kodförrådslänken.",
+	"packages.settings.delete": "Ta bort paket",
+	"packages.settings.delete.description": "Borttagning av ett paket är permanent och kan inte ångras.",
+	"packages.settings.delete.notice": "Du är på väg att ta bort %s (%s). Denna åtgärd är oåterkallelig, är du säker?",
+	"packages.settings.delete.success": "Paketet har tagits bort.",
+	"packages.settings.delete.error": "Misslyckades med att ta bort paketet.",
+	"packages.owner.settings.cargo.title": "Cargo-registerindex",
+	"packages.owner.settings.cargo.initialize": "Initiera index",
+	"packages.owner.settings.cargo.initialize.description": "En särskild index-Git-kodförråd behövs för att använda Cargo-registret. Att använda detta alternativ kommer att (åter)skapa kodförrådet och konfigurera den automatiskt.",
+	"packages.owner.settings.cargo.initialize.error": "Misslyckades med att initiera Cargo-index: %v",
+	"packages.owner.settings.cargo.initialize.success": "Cargo-indexet skapades framgångsrikt.",
+	"packages.owner.settings.cargo.rebuild": "Bygg om index",
+	"packages.owner.settings.cargo.rebuild.description": "Ombyggnad kan vara användbart om indexet inte är synkroniserat med de lagrade Cargo-paketen.",
+	"packages.owner.settings.cargo.rebuild.error": "Misslyckades med att bygga om Cargo-index: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Cargo-indexet byggdes om framgångsrikt.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Det går inte att bygga om, inget index är initierat.",
+	"packages.owner.settings.cleanuprules.title": "Städregler",
+	"packages.owner.settings.cleanuprules.add": "Lägg till städregel",
+	"packages.owner.settings.cleanuprules.edit": "Redigera städregel",
+	"packages.owner.settings.cleanuprules.none": "Det finns inga städregler ännu.",
+	"packages.owner.settings.cleanuprules.preview": "Förhandsgranskning av städregel",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d paket är planerade att tas bort.",
+	"packages.owner.settings.cleanuprules.preview.none": "Städregeln matchar inga paket.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Tillämpa mönster på fullständigt paketnamn",
+	"packages.owner.settings.cleanuprules.keep.title": "Versioner som matchar dessa regler behålls, även om de matchar en borttagningsregel nedan.",
+	"packages.owner.settings.cleanuprules.keep.count": "Behåll de senaste",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Behåll versioner som matchar",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Versionen <code>latest</code> behålls alltid för Container-paket.",
+	"packages.owner.settings.cleanuprules.remove.title": "Versioner som matchar dessa regler tas bort, om inte en regel ovan säger att de ska behållas.",
+	"packages.owner.settings.cleanuprules.remove.days": "Ta bort versioner äldre än",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Ta bort versioner som matchar",
+	"packages.owner.settings.cleanuprules.success.update": "Städregeln har uppdaterats.",
+	"packages.owner.settings.cleanuprules.success.delete": "Städregeln har tagits bort.",
+	"packages.owner.settings.chef.title": "Chef-register",
+	"packages.owner.settings.chef.keypair": "Generera nyckelpar",
+	"packages.owner.settings.chef.keypair.description": "Förfrågningar som skickas till Chef-registret måste vara kryptografiskt signerade som en autentiseringsmetod. När ett nyckelpar genereras lagras endast den offentliga nyckeln på Forgejo. Den privata nyckeln tillhandahålls till dig för användning med knife. Att generera ett nytt nyckelpar kommer att skriva över det tidigare.",
 	"stars.n_stars": {
 		"one": "%s stjärna",
 		"other": "%s stjärnor"
diff --git a/options/locale_next/locale_ta.json b/options/locale_next/locale_ta.json
index 60e84fe304..7de40f5eef 100644
--- a/options/locale_next/locale_ta.json
+++ b/options/locale_next/locale_ta.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "தொகுப்பு",
+	"packages.empty": "இதுவரை தொகுப்புகள் எதுவும் இல்லை.",
+	"packages.empty.documentation": "தொகுப்பு பதிவேட்டில் மேலும் தகவலுக்கு, <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">ஆவணங்கள்</a> பார்க்கவும்.",
+	"packages.empty.repo": "நீங்கள் ஒரு தொகுப்பைப் பதிவேற்றினீர்களா, ஆனால் அது இங்கே காட்டப்படவில்லையா? <a href=\"%[1]s\">தொகுப்பு அமைப்புகளுக்குச்</a> சென்று இந்த ரெப்போவுடன் இணைக்கவும்.",
+	"packages.registry.documentation": "%s பதிவேட்டில் மேலும் தகவலுக்கு, <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">ஆவணத்தை</a> பார்க்கவும்.",
+	"packages.filter.type": "வகை",
+	"packages.filter.type.all": "அனைத்தும்",
+	"packages.filter.no_result": "உங்கள் வடிகட்டி எந்த முடிவையும் தரவில்லை.",
+	"packages.filter.container.tagged": "குறியிடப்பட்டது",
+	"packages.filter.container.untagged": "குறியிடப்படாதது",
+	"packages.published_by": "%[1]s <a href=\"%[2]s\">%[3]s</a> ஆல் வெளியிடப்பட்டது",
+	"packages.published_by_in": "<a href=\"%[2]s\">%[3]s</a> மூலம் %[1]s வெளியிடப்பட்டது <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "டார்ட்டைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.installation": "நிறுவல்",
+	"packages.about": "இந்த தொகுப்பு பற்றி",
+	"packages.requirements": "தேவைகள்",
+	"packages.dependencies": "சார்புநிலைகள்",
+	"packages.keywords": "முக்கிய வார்த்தைகள்",
+	"packages.details": "விவரங்கள்",
+	"packages.details.author": "நூலாசிரியர்",
+	"packages.details.project_site": "திட்ட இணையதளம்",
+	"packages.details.repository_site": "களஞ்சிய இணையதளம்",
+	"packages.details.documentation_site": "ஆவண இணையதளம்",
+	"packages.details.license": "உரிமம்",
+	"packages.assets": "சொத்துக்கள்",
+	"packages.versions": "பதிப்புகள்",
+	"packages.versions.view_all": "அனைத்தையும் பார்க்கவும்",
+	"packages.dependency.id": "ஐடி",
+	"packages.dependency.version": "பதிப்பு",
+	"packages.search_in_external_registry": "%s இல் தேடவும்",
+	"packages.alpine.registry": "உங்கள் <code>/etc/apk/repositories</code> கோப்பில் urlஐச் சேர்ப்பதன் மூலம் இந்தப் பதிவேட்டை அமைக்கவும்:",
+	"packages.alpine.registry.key": "குறியீட்டு கையொப்பத்தைச் சரிபார்க்க, <code>/etc/apk/keys/</code> கோப்புறையில் பொது RSA விசையைப் பதிவிறக்கவும்:",
+	"packages.alpine.registry.info": "கீழே உள்ள பட்டியலில் இருந்து $கிளை மற்றும் $ களஞ்சியத்தைத் தேர்ந்தெடுக்கவும்.",
+	"packages.alpine.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.alpine.repository": "களஞ்சிய செய்தி",
+	"packages.alpine.repository.branches": "கிளைகள்",
+	"packages.alpine.repository.repositories": "களஞ்சியங்கள்",
+	"packages.alpine.repository.architectures": "கட்டமைப்புகள்",
+	"packages.arch.pacman.helper.gpg": "பேக்மேனுக்கான நம்பிக்கைச் சான்றிதழைச் சேர்க்கவும்:",
+	"packages.arch.pacman.repo.multi": "வெவ்வேறு விநியோகங்களில் %s ஒரே பதிப்பைக் கொண்டுள்ளது.",
+	"packages.arch.pacman.repo.multi.item": "%s க்கான கட்டமைப்பு",
+	"packages.arch.pacman.conf": "<code>/etc/pacman.conf</code> இல் தொடர்புடைய வழங்கல் மற்றும் கட்டமைப்புடன் சேவையகத்தைச் சேர்க்கவும்:",
+	"packages.arch.pacman.sync": "பேக்மேனுடன் தொகுப்பை ஒத்திசைக்கவும்:",
+	"packages.arch.version.properties": "பதிப்பு பண்புகள்",
+	"packages.arch.version.description": "விவரம்",
+	"packages.arch.version.provides": "வழங்குகிறது",
+	"packages.arch.version.groups": "குழு",
+	"packages.arch.version.depends": "சார்ந்துள்ளது",
+	"packages.arch.version.optdepends": "விருப்பம் சார்ந்தது",
+	"packages.arch.version.makedepends": "செய்வது சார்ந்தது",
+	"packages.arch.version.checkdepends": "காசோலை சார்ந்தது",
+	"packages.arch.version.conflicts": "மோதல்கள்",
+	"packages.arch.version.replaces": "மாற்றுகிறது",
+	"packages.arch.version.backup": "காப்புப்பிரதி",
+	"packages.cargo.registry": "சரக்கு உள்ளமைவு கோப்பில் இந்தப் பதிவேட்டை அமைக்கவும் (உதாரணமாக <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "கார்கோவைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.chef.registry": "இந்தப் பதிவேட்டை உங்கள் <code>~/.chef/config.rb</code> கோப்பில் அமைக்கவும்:",
+	"packages.chef.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.composer.registry": "இந்தப் பதிவேட்டை உங்கள் <code>~/.composer/config.json</code> கோப்பில் அமைக்கவும்:",
+	"packages.composer.install": "கம்போசரைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.composer.dependencies": "சார்புநிலைகள்",
+	"packages.composer.dependencies.development": "வளர்ச்சி சார்புகள்",
+	"packages.conan.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
+	"packages.conan.install": "கோனனைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.conda.registry": "இந்த பதிவேட்டை உங்கள் <code>.condarc</code> கோப்பில் கோண்டா களஞ்சியமாக அமைக்கவும்:",
+	"packages.conda.install": "கோண்டாவைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.container.images.title": "படங்கள்",
+	"packages.container.details.type": "பட வகை",
+	"packages.container.details.platform": "மேடை",
+	"packages.container.pull": "கட்டளை வரியிலிருந்து படத்தை இழுக்கவும்:",
+	"packages.container.digest": "செரிமானம்",
+	"packages.container.multi_arch": "OS / ஆர்ச்",
+	"packages.container.layers": "பட அடுக்குகள்",
+	"packages.container.labels": "சிட்டைகள்",
+	"packages.container.labels.key": "முக்கிய",
+	"packages.container.labels.value": "மதிப்பு",
+	"packages.cran.registry": "இந்த பதிவேட்டை உங்கள் <code>Rprofile.site</code> கோப்பில் அமைக்கவும்:",
+	"packages.cran.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.debian.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
+	"packages.debian.registry.info": "கீழே உள்ள பட்டியலில் இருந்து $distribution மற்றும் $component என்பதைத் தேர்ந்தெடுக்கவும்.",
+	"packages.debian.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.debian.repository": "களஞ்சிய செய்தி",
+	"packages.debian.repository.distributions": "விநியோகங்கள்",
+	"packages.debian.repository.components": "கூறுகள்",
+	"packages.debian.repository.architectures": "கட்டமைப்புகள்",
+	"packages.generic.download": "கட்டளை வரியிலிருந்து தொகுப்பைப் பதிவிறக்கவும்:",
+	"packages.go.install": "கட்டளை வரியிலிருந்து தொகுப்பை நிறுவவும்:",
+	"packages.helm.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
+	"packages.helm.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.maven.registry": "இந்தப் பதிவேட்டை உங்கள் திட்டப்பணி <code>pom.xml</code> கோப்பில் அமைக்கவும்:",
+	"packages.maven.install": "தொகுப்பைப் பயன்படுத்த, <code>pom.xml</code> கோப்பில் உள்ள <code>சார்புகள்</code> தொகுதியில் பின்வருவனவற்றைச் சேர்க்கவும்:",
+	"packages.maven.install2": "கட்டளை வரி வழியாக இயக்கவும்:",
+	"packages.maven.download": "சார்புநிலையைப் பதிவிறக்க, கட்டளை வரி வழியாக இயக்கவும்:",
+	"packages.nuget.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
+	"packages.nuget.install": "NuGet ஐப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.nuget.dependency.framework": "இலக்கு கட்டமைப்பு",
+	"packages.npm.registry": "இந்தப் பதிவேட்டை உங்கள் திட்டப்பணி <code>.npmrc</code> கோப்பில் அமைக்கவும்:",
+	"packages.npm.install": "npm ஐப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.npm.install2": "அல்லது pack.json கோப்பில் சேர்க்கவும்:",
+	"packages.npm.dependencies": "சார்புநிலைகள்",
+	"packages.npm.dependencies.development": "வளர்ச்சி சார்புகள்",
+	"packages.npm.dependencies.bundle": "தொகுக்கப்பட்ட சார்புகள்",
+	"packages.npm.dependencies.peer": "தம சார்புகள்",
+	"packages.npm.dependencies.optional": "விருப்ப சார்புகள்",
+	"packages.npm.details.tag": "குறிச்சொல்",
+	"packages.pypi.requires": "பைதான் தேவை",
+	"packages.pypi.install": "பிப்பைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.rpm.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
+	"packages.rpm.distros.redhat": "RedHat அடிப்படையிலான விநியோகங்களில்",
+	"packages.rpm.distros.suse": "SUSE அடிப்படையிலான விநியோகங்களில்",
+	"packages.rpm.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.rpm.repository": "களஞ்சிய செய்தி",
+	"packages.rpm.repository.architectures": "கட்டமைப்புகள்",
+	"packages.rpm.repository.multiple_groups": "இந்த தொகுப்பு பல குழுக்களில் கிடைக்கிறது.",
+	"packages.alt.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
+	"packages.alt.registry.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.alt.install": "தொகுப்பை நிறுவவும்",
+	"packages.alt.setup": "இணைக்கப்பட்ட களஞ்சியங்களின் பட்டியலில் ஒரு களஞ்சியத்தைச் சேர்க்கவும் (\"_arch_\"க்குப் பதிலாக தேவையான கட்டமைப்பைத் தேர்வு செய்யவும்):",
+	"packages.alt.repository": "களஞ்சிய செய்தி",
+	"packages.alt.repository.architectures": "கட்டமைப்புகள்",
+	"packages.alt.repository.multiple_groups": "இந்த தொகுப்பு பல குழுக்களில் கிடைக்கிறது.",
+	"packages.rubygems.install": "செம் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.rubygems.install2": "அல்லது செம்ஃபைலில் சேர்க்கவும்:",
+	"packages.rubygems.dependencies.runtime": "இயக்க நேர சார்புகள்",
+	"packages.rubygems.dependencies.development": "வளர்ச்சி சார்புகள்",
+	"packages.rubygems.required.ruby": "ரூபி பதிப்பு தேவை",
+	"packages.rubygems.required.rubygems": "ரூபிசெம் பதிப்பு தேவை",
+	"packages.swift.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
+	"packages.swift.install": "உங்கள் <code>Package.swift</code> கோப்பில் தொகுப்பைச் சேர்க்கவும்:",
+	"packages.swift.install2": "மற்றும் பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.vagrant.install": "அலைபாயும் பெட்டியைச் சேர்க்க, பின்வரும் கட்டளையை இயக்கவும்:",
+	"packages.settings.link": "இந்த தொகுப்பை ஒரு களஞ்சியத்துடன் இணைக்கவும்",
+	"packages.settings.link.description": "நீங்கள் ஒரு தொகுப்பை ஒரு களஞ்சியத்துடன் இணைத்தால், தொகுப்பு களஞ்சியத்தின் தொகுப்பு பட்டியலில் பட்டியலிடப்படும்.",
+	"packages.settings.link.select": "களஞ்சியத்தைத் தேர்ந்தெடுக்கவும்",
+	"packages.settings.link.button": "களஞ்சிய இணைப்பைப் புதுப்பிக்கவும்",
+	"packages.settings.link.success": "களஞ்சிய இணைப்பு வெற்றிகரமாக புதுப்பிக்கப்பட்டது.",
+	"packages.settings.link.error": "களஞ்சிய இணைப்பைப் புதுப்பிக்க முடியவில்லை.",
+	"packages.settings.delete": "தொகுப்பை நீக்கு",
+	"packages.settings.delete.description": "தொகுப்பை நீக்குவது நிரந்தரமானது மற்றும் செயல்தவிர்க்க முடியாது.",
+	"packages.settings.delete.notice": "நீங்கள் %s (%s) ஐ நீக்க உள்ளீர்கள். இந்த செயல்பாடு மீள முடியாதது, நீங்கள் உறுதியாக இருக்கிறீர்களா?",
+	"packages.settings.delete.success": "தொகுப்பு நீக்கப்பட்டது.",
+	"packages.settings.delete.error": "தொகுப்பை நீக்க முடியவில்லை.",
+	"packages.owner.settings.cargo.title": "சரக்கு பதிவு அட்டவணை",
+	"packages.owner.settings.cargo.initialize": "குறியீட்டை துவக்கவும்",
+	"packages.owner.settings.cargo.initialize.description": "சரக்கு பதிவேட்டைப் பயன்படுத்த ஒரு சிறப்பு குறியீட்டு Git களஞ்சியம் தேவை. இந்த விருப்பத்தை பயன்படுத்தி (மீண்டும்) களஞ்சியத்தை உருவாக்கி, தானாகவே கட்டமைக்கும்.",
+	"packages.owner.settings.cargo.initialize.error": "சரக்கு குறியீட்டை துவக்குவதில் தோல்வி: %v",
+	"packages.owner.settings.cargo.initialize.success": "சரக்கு குறியீடு வெற்றிகரமாக உருவாக்கப்பட்டது.",
+	"packages.owner.settings.cargo.rebuild": "குறியீட்டை மீண்டும் உருவாக்கவும்",
+	"packages.owner.settings.cargo.rebuild.description": "சேமிக்கப்பட்ட சரக்கு தொகுப்புகளுடன் குறியீட்டு ஒத்திசைக்கப்படாவிட்டால், மறுகட்டமைப்பு பயனுள்ளதாக இருக்கும்.",
+	"packages.owner.settings.cargo.rebuild.error": "சரக்கு குறியீட்டை மீண்டும் உருவாக்க முடியவில்லை: %v",
+	"packages.owner.settings.cargo.rebuild.success": "சரக்கு குறியீடு வெற்றிகரமாக மறுகட்டமைக்கப்பட்டது.",
+	"packages.owner.settings.cargo.rebuild.no_index": "மறுகட்டமைக்க முடியாது, எந்த குறியீடும் துவக்கப்படவில்லை.",
+	"packages.owner.settings.cleanuprules.title": "துப்புரவு விதிகள்",
+	"packages.owner.settings.cleanuprules.add": "தூய்மைப்படுத்தும் விதியைச் சேர்க்கவும்",
+	"packages.owner.settings.cleanuprules.edit": "தூய்மைப்படுத்தும் விதியைத் திருத்தவும்",
+	"packages.owner.settings.cleanuprules.none": "துப்புரவு விதிகள் எதுவும் இல்லை.",
+	"packages.owner.settings.cleanuprules.preview": "துப்புரவு விதி மாதிரிக்காட்சி",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d தொகுப்புகள் அகற்றப்பட திட்டமிடப்பட்டுள்ளன.",
+	"packages.owner.settings.cleanuprules.preview.none": "துப்புரவு விதி எந்த தொகுப்புகளுடனும் பொருந்தவில்லை.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "முழு பேக்கேச் பெயருக்கு பேட்டர்னைப் பயன்படுத்தவும்",
+	"packages.owner.settings.cleanuprules.keep.title": "கீழே உள்ள அகற்றுதல் விதியுடன் பொருந்தினாலும், இந்த விதிகளுடன் பொருந்தக்கூடிய பதிப்புகள் வைக்கப்படும்.",
+	"packages.owner.settings.cleanuprules.keep.count": "மிகச் சமீபத்தியதை வைத்திருங்கள்",
+	"packages.owner.settings.cleanuprules.keep.pattern": "பதிப்புகள் பொருத்தமாக இருக்கவும்",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "<code>சமீபத்திய</code> பதிப்பு எப்போதும் கொள்கலன் தொகுப்புகளுக்காக வைக்கப்படும்.",
+	"packages.owner.settings.cleanuprules.remove.title": "இந்த விதிகளுடன் பொருந்தக்கூடிய பதிப்புகள் அகற்றப்படும், மேலே உள்ள விதி அவற்றை வைத்திருக்கும் வரை.",
+	"packages.owner.settings.cleanuprules.remove.days": "பழைய பதிப்புகளை அகற்று",
+	"packages.owner.settings.cleanuprules.remove.pattern": "பொருந்தக்கூடிய பதிப்புகளை அகற்று",
+	"packages.owner.settings.cleanuprules.success.update": "துப்புரவு விதி புதுப்பிக்கப்பட்டது.",
+	"packages.owner.settings.cleanuprules.success.delete": "துப்புரவு விதி நீக்கப்பட்டது.",
+	"packages.owner.settings.chef.title": "சமையல்காரர் பதிவு",
+	"packages.owner.settings.chef.keypair": "முக்கிய சோடியை உருவாக்கவும்",
+	"packages.owner.settings.chef.keypair.description": "செஃப் ரெசிச்ட்ரிக்கு அனுப்பப்படும் கோரிக்கைகள் கிரிப்டோகிராஃபிக் முறையில் கையொப்பமிடப்பட வேண்டும். விசைப்பலகையை உருவாக்கும் போது, பொது விசை மட்டுமே Forgejo இல் சேமிக்கப்படும். கத்தியுடன் பயன்படுத்த தனிப்பட்ட விசை உங்களுக்கு வழங்கப்படுகிறது. புதிய விசை இணையை உருவாக்குவது முந்தையதை மேலெழுதும்.",
 	"home.welcome.no_activity": "செயல்பாடு இல்லை",
 	"home.welcome.activity_hint": "உங்கள் ஊட்டத்தில் இன்னும் எதுவும் இல்லை. நீங்கள் பார்க்கும் களஞ்சியங்களிலிருந்து உங்கள் செயல்களும் செயல்பாடுகளும் இங்கே காண்பிக்கப்படும்.",
 	"home.explore_repos": "களஞ்சியங்களை ஆராயுங்கள்",
diff --git a/options/locale_next/locale_th.json b/options/locale_next/locale_th.json
index 836559caca..954e5c4364 100644
--- a/options/locale_next/locale_th.json
+++ b/options/locale_next/locale_th.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "แพ็คเกจ",
+	"packages.empty": "ยังไม่มีแพ็คเกจ",
+	"packages.empty.documentation": "สำหรับข้อมูลเพิ่มเติมเกี่ยวกับรีจิสทรีแพ็คเกจ โปรดดู <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">เอกสารประกอบ</a>",
+	"packages.empty.repo": "คุณอัปโหลดแพ็คเกจแล้ว แต่ไม่แสดงที่นี่? ไปที่ <a href=\"%[1]s\">การตั้งค่าแพ็คเกจ</a> และเชื่อมโยงกับที่เก็บนี้",
+	"packages.registry.documentation": "สำหรับข้อมูลเพิ่มเติมเกี่ยวกับรีจิสทรี %s โปรดดู <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">เอกสารประกอบ</a>",
+	"packages.filter.type": "ประเภท",
+	"packages.filter.type.all": "ทั้งหมด",
+	"packages.filter.no_result": "ตัวกรองของคุณไม่ให้ผลลัพธ์",
+	"packages.filter.container.tagged": "ติดแท็ก",
+	"packages.filter.container.untagged": "ไม่ได้ติดแท็ก",
+	"packages.published_by": "เผยแพร่ %[1]s โดย <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "เผยแพร่ %[1]s โดย <a href=\"%[2]s\">%[3]s</a> ใน <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ Dart ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.installation": "การติดตั้ง",
+	"packages.about": "เกี่ยวกับแพ็คเกจนี้",
+	"packages.requirements": "ข้อกำหนด",
+	"packages.dependencies": "การพึ่งพา",
+	"packages.keywords": "คำสำคัญ",
+	"packages.details": "รายละเอียด",
+	"packages.details.author": "ผู้เขียน",
+	"packages.details.project_site": "เว็บไซต์โปรเจกต์",
+	"packages.details.repository_site": "เว็บไซต์ที่เก็บ",
+	"packages.details.documentation_site": "เว็บไซต์เอกสารประกอบ",
+	"packages.details.license": "ใบอนุญาต",
+	"packages.assets": "สินทรัพย์",
+	"packages.versions": "เวอร์ชัน",
+	"packages.versions.view_all": "ดูทั้งหมด",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "เวอร์ชัน",
+	"packages.search_in_external_registry": "ค้นหาใน %s",
+	"packages.alpine.registry": "ตั้งค่ารีจิสทรีนี้โดยเพิ่ม url ในไฟล์ <code>/etc/apk/repositories</code> ของคุณ:",
+	"packages.alpine.registry.key": "ดาวน์โหลดคีย์ RSA สาธารณะของรีจิสทรีลงในโฟลเดอร์ <code>/etc/apk/keys/</code> เพื่อตรวจสอบลายเซ็นดัชนี:",
+	"packages.alpine.registry.info": "เลือก $branch และ $repository จากรายการด้านล่าง",
+	"packages.alpine.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.alpine.repository": "ข้อมูลที่เก็บ",
+	"packages.alpine.repository.branches": "สาขา",
+	"packages.alpine.repository.repositories": "ที่เก็บ",
+	"packages.alpine.repository.architectures": "สถาปัตยกรรม",
+	"packages.arch.pacman.helper.gpg": "เพิ่มใบรับรองความน่าเชื่อถือสำหรับ pacman:",
+	"packages.arch.pacman.repo.multi": "%s มีเวอร์ชันเดียวกันในการแจกจ่ายที่แตกต่างกัน",
+	"packages.arch.pacman.repo.multi.item": "การกำหนดค่าสำหรับ %s",
+	"packages.arch.pacman.conf": "เพิ่มเซิร์ฟเวอร์พร้อมการแจกจ่ายและสถาปัตยกรรมที่เกี่ยวข้องไปยัง <code>/etc/pacman.conf</code>:",
+	"packages.arch.pacman.sync": "ซิงค์แพ็คเกจกับ pacman:",
+	"packages.arch.version.properties": "คุณสมบัติเวอร์ชัน",
+	"packages.arch.version.description": "คำอธิบาย",
+	"packages.arch.version.provides": "ให้",
+	"packages.arch.version.groups": "กลุ่ม",
+	"packages.arch.version.depends": "ขึ้นอยู่กับ",
+	"packages.arch.version.optdepends": "การพึ่งพาเพิ่มเติม",
+	"packages.arch.version.makedepends": "การพึ่งพาการสร้าง",
+	"packages.arch.version.checkdepends": "การพึ่งพาการตรวจสอบ",
+	"packages.arch.version.conflicts": "ขัดแย้ง",
+	"packages.arch.version.replaces": "แทนที่",
+	"packages.arch.version.backup": "สำรอง",
+	"packages.cargo.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์การกำหนดค่า Cargo (เช่น <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ Cargo ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.chef.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>~/.chef/config.rb</code> ของคุณ:",
+	"packages.chef.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.composer.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>~/.composer/config.json</code> ของคุณ:",
+	"packages.composer.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ Composer ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.composer.dependencies": "การพึ่งพา",
+	"packages.composer.dependencies.development": "การพึ่งพาการพัฒนา",
+	"packages.conan.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
+	"packages.conan.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ Conan ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.conda.registry": "ตั้งค่ารีจิสทรีนี้เป็นที่เก็บ Conda ในไฟล์ <code>.condarc</code> ของคุณ:",
+	"packages.conda.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ Conda ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.container.images.title": "รูปภาพ",
+	"packages.container.details.type": "ประเภทรูปภาพ",
+	"packages.container.details.platform": "แพลตฟอร์ม",
+	"packages.container.pull": "ดึงรูปภาพจากบรรทัดคำสั่ง:",
+	"packages.container.digest": "ไดเจสต์",
+	"packages.container.multi_arch": "OS / สถาปัตยกรรม",
+	"packages.container.layers": "เลเยอร์รูปภาพ",
+	"packages.container.labels": "ป้ายกำกับ",
+	"packages.container.labels.key": "คีย์",
+	"packages.container.labels.value": "ค่า",
+	"packages.cran.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>Rprofile.site</code> ของคุณ:",
+	"packages.cran.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.debian.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
+	"packages.debian.registry.info": "เลือก $distribution และ $component จากรายการด้านล่าง",
+	"packages.debian.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.debian.repository": "ข้อมูลที่เก็บ",
+	"packages.debian.repository.distributions": "การแจกจ่าย",
+	"packages.debian.repository.components": "ส่วนประกอบ",
+	"packages.debian.repository.architectures": "สถาปัตยกรรม",
+	"packages.generic.download": "ดาวน์โหลดแพ็คเกจจากบรรทัดคำสั่ง:",
+	"packages.go.install": "ติดตั้งแพ็คเกจจากบรรทัดคำสั่ง:",
+	"packages.helm.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
+	"packages.helm.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.maven.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>pom.xml</code> ของโปรเจกต์ของคุณ:",
+	"packages.maven.install": "หากต้องการใช้แพ็คเกจ ให้รวมสิ่งต่อไปนี้ในบล็อก <code>dependencies</code> ในไฟล์ <code>pom.xml</code>:",
+	"packages.maven.install2": "เรียกใช้ผ่านบรรทัดคำสั่ง:",
+	"packages.maven.download": "หากต้องการดาวน์โหลดการพึ่งพา ให้เรียกใช้ผ่านบรรทัดคำสั่ง:",
+	"packages.nuget.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
+	"packages.nuget.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ NuGet ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.nuget.dependency.framework": "เฟรมเวิร์กเป้าหมาย",
+	"packages.npm.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>.npmrc</code> ของโปรเจกต์ของคุณ:",
+	"packages.npm.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ npm ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.npm.install2": "หรือเพิ่มลงในไฟล์ package.json:",
+	"packages.npm.dependencies": "การพึ่งพา",
+	"packages.npm.dependencies.development": "การพึ่งพาการพัฒนา",
+	"packages.npm.dependencies.bundle": "การพึ่งพาที่รวมอยู่",
+	"packages.npm.dependencies.peer": "การพึ่งพาแบบเพียร์",
+	"packages.npm.dependencies.optional": "การพึ่งพาเพิ่มเติม",
+	"packages.npm.details.tag": "แท็ก",
+	"packages.pypi.requires": "ต้องใช้ Python",
+	"packages.pypi.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ pip ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.rpm.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
+	"packages.rpm.distros.redhat": "บนการแจกจ่ายที่ใช้ RedHat",
+	"packages.rpm.distros.suse": "บนการแจกจ่ายที่ใช้ SUSE",
+	"packages.rpm.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.rpm.repository": "ข้อมูลที่เก็บ",
+	"packages.rpm.repository.architectures": "สถาปัตยกรรม",
+	"packages.rpm.repository.multiple_groups": "แพ็คเกจนี้มีอยู่ในหลายกลุ่ม",
+	"packages.alt.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
+	"packages.alt.registry.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.alt.install": "ติดตั้งแพ็คเกจ",
+	"packages.alt.setup": "เพิ่มที่เก็บไปยังรายการที่เก็บที่เชื่อมต่อ ((เลือกสถาปัตยกรรมที่จำเป็นแทน \"_arch_\")",
+	"packages.alt.repository": "ข้อมูลที่เก็บ",
+	"packages.alt.repository.architectures": "สถาปัตยกรรม",
+	"packages.alt.repository.multiple_groups": "แพ็คเกจนี้มีอยู่ในหลายกลุ่ม",
+	"packages.rubygems.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ gem ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.rubygems.install2": "หรือเพิ่มลงใน Gemfile:",
+	"packages.rubygems.dependencies.runtime": "การพึ่งพาขณะทำงาน",
+	"packages.rubygems.dependencies.development": "การพึ่งพาการพัฒนา",
+	"packages.rubygems.required.ruby": "ต้องการ Ruby เวอร์ชัน",
+	"packages.rubygems.required.rubygems": "ต้องการ RubyGem เวอร์ชัน",
+	"packages.swift.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
+	"packages.swift.install": "เพิ่มแพ็คเกจในไฟล์ <code>Package.swift</code> ของคุณ:",
+	"packages.swift.install2": "และเรียกใช้คำสั่งต่อไปนี้:",
+	"packages.vagrant.install": "หากต้องการเพิ่ม Vagrant box ให้เรียกใช้คำสั่งต่อไปนี้:",
+	"packages.settings.link": "เชื่อมโยงแพ็คเกจนี้กับที่เก็บ",
+	"packages.settings.link.description": "หากคุณเชื่อมโยงแพ็คเกจกับที่เก็บ แพ็คเกจจะแสดงอยู่ในรายการแพ็คเกจของที่เก็บ",
+	"packages.settings.link.select": "เลือกที่เก็บ",
+	"packages.settings.link.button": "อัปเดตการเชื่อมโยงที่เก็บ",
+	"packages.settings.link.success": "อัปเดตการเชื่อมโยงที่เก็บสำเร็จแล้ว",
+	"packages.settings.link.error": "ไม่สามารถอัปเดตการเชื่อมโยงที่เก็บได้",
+	"packages.settings.delete": "ลบแพ็คเกจ",
+	"packages.settings.delete.description": "การลบแพ็คเกจเป็นการกระทำถาวรและไม่สามารถยกเลิกได้",
+	"packages.settings.delete.notice": "คุณกำลังจะลบ %s (%s) การดำเนินการนี้ไม่สามารถย้อนกลับได้ คุณแน่ใจหรือไม่?",
+	"packages.settings.delete.success": "แพ็คเกจถูกลบแล้ว",
+	"packages.settings.delete.error": "ไม่สามารถลบแพ็คเกจได้",
+	"packages.owner.settings.cargo.title": "ดัชนีรีจิสทรี Cargo",
+	"packages.owner.settings.cargo.initialize": "เริ่มต้นดัชนี",
+	"packages.owner.settings.cargo.initialize.description": "จำเป็นต้องมีที่เก็บ Git ดัชนีพิเศษเพื่อใช้รีจิสทรี Cargo การใช้ตัวเลือกนี้จะ (สร้างใหม่) ที่เก็บและกำหนดค่าโดยอัตโนมัติ",
+	"packages.owner.settings.cargo.initialize.error": "ไม่สามารถเริ่มต้นดัชนี Cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "สร้างดัชนี Cargo สำเร็จแล้ว",
+	"packages.owner.settings.cargo.rebuild": "สร้างดัชนีใหม่",
+	"packages.owner.settings.cargo.rebuild.description": "การสร้างใหม่จะมีประโยชน์หากดัชนีไม่ซิงโครไนซ์กับแพ็คเกจ Cargo ที่เก็บไว้",
+	"packages.owner.settings.cargo.rebuild.error": "ไม่สามารถสร้างดัชนี Cargo ใหม่: %v",
+	"packages.owner.settings.cargo.rebuild.success": "สร้างดัชนี Cargo ใหม่สำเร็จแล้ว",
+	"packages.owner.settings.cargo.rebuild.no_index": "ไม่สามารถสร้างใหม่ได้ ไม่มีดัชนีที่เริ่มต้น",
+	"packages.owner.settings.cleanuprules.title": "กฎการล้างข้อมูล",
+	"packages.owner.settings.cleanuprules.add": "เพิ่มกฎการล้างข้อมูล",
+	"packages.owner.settings.cleanuprules.edit": "แก้ไขกฎการล้างข้อมูล",
+	"packages.owner.settings.cleanuprules.none": "ยังไม่มีกฎการล้างข้อมูล",
+	"packages.owner.settings.cleanuprules.preview": "ตัวอย่างกฎการล้างข้อมูล",
+	"packages.owner.settings.cleanuprules.preview.overview": "มี %d แพ็คเกจที่กำหนดให้ลบ",
+	"packages.owner.settings.cleanuprules.preview.none": "กฎการล้างข้อมูลไม่ตรงกับแพ็คเกจใด ๆ",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "ใช้รูปแบบกับชื่อแพ็คเกจเต็ม",
+	"packages.owner.settings.cleanuprules.keep.title": "เวอร์ชันที่ตรงกับกฎเหล่านี้จะถูกเก็บไว้ แม้ว่าจะตรงกับกฎการลบด้านล่างก็ตาม",
+	"packages.owner.settings.cleanuprules.keep.count": "เก็บเวอร์ชันล่าสุด",
+	"packages.owner.settings.cleanuprules.keep.pattern": "เก็บเวอร์ชันที่ตรงกัน",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "เวอร์ชัน <code>latest</code> จะถูกเก็บไว้เสมอสำหรับแพ็คเกจ Container",
+	"packages.owner.settings.cleanuprules.remove.title": "เวอร์ชันที่ตรงกับกฎเหล่านี้จะถูกลบออก เว้นแต่กฎด้านบนจะระบุให้เก็บไว้",
+	"packages.owner.settings.cleanuprules.remove.days": "ลบเวอร์ชันที่เก่ากว่า",
+	"packages.owner.settings.cleanuprules.remove.pattern": "ลบเวอร์ชันที่ตรงกัน",
+	"packages.owner.settings.cleanuprules.success.update": "อัปเดตกฎการล้างข้อมูลแล้ว",
+	"packages.owner.settings.cleanuprules.success.delete": "ลบกฎการล้างข้อมูลแล้ว",
+	"packages.owner.settings.chef.title": "รีจิสทรี Chef",
+	"packages.owner.settings.chef.keypair": "สร้างคู่คีย์",
+	"packages.owner.settings.chef.keypair.description": "คำขอที่ส่งไปยังรีจิสทรี Chef จะต้องได้รับการลงนามด้วยการเข้ารหัสเพื่อเป็นการยืนยันตัวตน เมื่อสร้างคู่คีย์ จะมีเพียงคีย์สาธารณะเท่านั้นที่ถูกเก็บไว้ใน Forgejo คีย์ส่วนตัวจะถูกมอบให้คุณเพื่อใช้กับ knife การสร้างคู่คีย์ใหม่จะเขียนทับคู่คีย์ก่อนหน้า",
 	"home.welcome.no_activity": "ไม่มีกิจกรรม",
 	"home.welcome.activity_hint": "ยังไม่มีอะไรในฟีดของคุณ การดำเนินการและกิจกรรมของคุณจากที่เก็บที่คุณดูจะปรากฏที่นี่",
 	"home.explore_repos": "สำรวจที่เก็บ",
diff --git a/options/locale_next/locale_tr-TR.json b/options/locale_next/locale_tr-TR.json
index 0ce764ab81..016b299da3 100644
--- a/options/locale_next/locale_tr-TR.json
+++ b/options/locale_next/locale_tr-TR.json
@@ -1,4 +1,150 @@
 {
+	"packages.title": "Paketler",
+	"packages.empty": "Henüz hiçbir paket yok.",
+	"packages.empty.documentation": "Paket deposu hakkında daha fazla bilgi için, <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">belgeye</a> bakabilirsiniz.",
+	"packages.empty.repo": "Bir paket yüklediniz ama burada gösterilmiyor mu? <a href=\"%[1]s\">Paket ayarları</a>na gidin ve bu depoya bağlantı verin.",
+	"packages.registry.documentation": "%s kütüğü hakkında daha fazla bilgi için, <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">belgeye</a> bakabilirsiniz.",
+	"packages.filter.type": "Tür",
+	"packages.filter.type.all": "Tümü",
+	"packages.filter.no_result": "Filtreniz herhangi bir sonuç döndürmedi.",
+	"packages.filter.container.tagged": "Etiketlenmiş",
+	"packages.filter.container.untagged": "Etiketlenmemiş",
+	"packages.published_by": "%[1]s, <a href=\"%[2]s\">%[3]s</a> tarafından yayınlandı",
+	"packages.published_by_in": "%[1]s, <a href=\"%[2]s\">%[3]s</a> tarafından <a href=\"%[4]s\"><strong>%[5]s</strong></a> içerisinde yayınlanmış",
+	"packages.pub.install": "Paketi Dart ile kurmak için, şu komutu çalıştırın:",
+	"packages.installation": "Kurulum",
+	"packages.about": "Bu paket hakkında",
+	"packages.requirements": "Gereksinimler",
+	"packages.dependencies": "Bağımlılıklar",
+	"packages.keywords": "Anahtar Kelimeler",
+	"packages.details": "Ayrıntılar",
+	"packages.details.author": "Yazar",
+	"packages.details.project_site": "Proje Web Sitesi",
+	"packages.details.repository_site": "Depo Sitesi",
+	"packages.details.documentation_site": "Belge Sitesi",
+	"packages.details.license": "Lisans",
+	"packages.assets": "Varlıklar",
+	"packages.versions": "Sürümler",
+	"packages.versions.view_all": "Tümünü görüntüle",
+	"packages.dependency.id": "Kimlik",
+	"packages.dependency.version": "Sürüm",
+	"packages.alpine.registry": "Bu kütüğü, <code>/etc/apk/repositories</code> dosyanıza url'yi ekleyerek kurun:",
+	"packages.alpine.registry.key": "Kütüğün açık RSA anahtarını, indeks imzasını doğrulamak için <code>/etc/apk/keys/</code> dizinine indirin:",
+	"packages.alpine.registry.info": "Aşağıdaki listeden $branch ve $repository seçin.",
+	"packages.alpine.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
+	"packages.alpine.repository": "Depo Bilgisi",
+	"packages.alpine.repository.branches": "Dallar",
+	"packages.alpine.repository.repositories": "Depolar",
+	"packages.alpine.repository.architectures": "Mimariler",
+	"packages.cargo.registry": "Bu kütüğü Cargo yapılandırma dosyasına (örneğin <code>~/.cargo/config.toml</code>) ayarlayın:",
+	"packages.cargo.install": "Paketi Cargo kullanarak kurmak için, şu komutu çalıştırın:",
+	"packages.chef.registry": "Bu kütüğü <code>~/.chef/config.rb</code> dosyasında ayarlayın:",
+	"packages.chef.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
+	"packages.composer.registry": "Bu kütüğü <code>~/.composer/config.json</code> dosyasında ayarlayın:",
+	"packages.composer.install": "Paketi Composer ile kurmak için, şu komutu çalıştırın:",
+	"packages.composer.dependencies": "Bağımlılıklar",
+	"packages.composer.dependencies.development": "Geliştirme Bağımlılıkları",
+	"packages.conan.registry": "Bu kütüğü komut satırını kullanarak kurun:",
+	"packages.conan.install": "Conan ile paket kurmak için aşağıdaki komutu çalıştırın:",
+	"packages.conda.registry": "Bu kütüğü <code>.condarc</code> dosyasında bir Conda deposu olarak ayarlayın:",
+	"packages.conda.install": "Conda ile paket kurmak için aşağıdaki komutu çalıştırın:",
+	"packages.container.details.type": "Görüntü Türü",
+	"packages.container.details.platform": "Platform",
+	"packages.container.pull": "Görüntüyü komut satırını kullanarak çekin:",
+	"packages.container.digest": "Özet:",
+	"packages.container.multi_arch": "İşletim Sistemi / Mimari",
+	"packages.container.layers": "Görüntü Katmanları",
+	"packages.container.labels": "Etiketler",
+	"packages.container.labels.key": "Anahtar",
+	"packages.container.labels.value": "Değer",
+	"packages.cran.registry": "Bu kütüğü <code>Rprofile.site</code> dosyasında ayarlayın:",
+	"packages.cran.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
+	"packages.debian.registry": "Bu kütüğü komut satırını kullanarak kurun:",
+	"packages.debian.registry.info": "Aşağıdaki listeden $distribution ve $component seçin.",
+	"packages.debian.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
+	"packages.debian.repository": "Depo Bilgisi",
+	"packages.debian.repository.distributions": "Dağıtımlar",
+	"packages.debian.repository.components": "Bileşenler",
+	"packages.debian.repository.architectures": "Mimariler",
+	"packages.generic.download": "Paketi komut satırında indirin:",
+	"packages.go.install": "Paketi komut satırını kullanarak yükleyin:",
+	"packages.helm.registry": "Bu kütüğü komut satırını kullanarak kurun:",
+	"packages.helm.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
+	"packages.maven.registry": "Bu kütüğü projenizdeki <code>pom.xml</code> dosyasında ayarlayın:",
+	"packages.maven.install": "Paketi kullanmak için aşağıdaki <code>dependencies</code> parçasını <code>pom.xml</code> dosyasınıza ekleyin:",
+	"packages.maven.install2": "Komut satırında çalıştırın:",
+	"packages.maven.download": "Bağımlılığı indirmek için, komut satırında çalıştırın:",
+	"packages.nuget.registry": "Bu kütüğü komut satırını kullanarak kurun:",
+	"packages.nuget.install": "Paketi NuGet ile kurmak için, şu komutu çalıştırın:",
+	"packages.nuget.dependency.framework": "Hedef Çerçeve",
+	"packages.npm.registry": "Bu kütüğü projenizdeki <code>.npmrc</code> dosyasında ayarlayın:",
+	"packages.npm.install": "Paketi npm ile kurmak için, şu komutu çalıştırın:",
+	"packages.npm.install2": "veya paketi package.json dosyasına ekleyin:",
+	"packages.npm.dependencies": "Bağımlılıklar",
+	"packages.npm.dependencies.development": "Geliştirme Bağımlılıkları",
+	"packages.npm.dependencies.bundle": "Paketlenmiş Bağımlılıklar",
+	"packages.npm.dependencies.peer": "Eş Bağımlılıkları",
+	"packages.npm.dependencies.optional": "İsteğe Bağlı Bağımlılıklar",
+	"packages.npm.details.tag": "Etiket",
+	"packages.pypi.requires": "Gereken Python",
+	"packages.pypi.install": "Paketi pip ile kurmak için, şu komutu çalıştırın:",
+	"packages.rpm.registry": "Bu kütüğü komut satırını kullanarak kurun:",
+	"packages.rpm.distros.redhat": "RedHat tabanlı dağıtımlarda",
+	"packages.rpm.distros.suse": "SUSE tabanlı dağıtımlarda",
+	"packages.rpm.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
+	"packages.rpm.repository": "Depo Bilgisi",
+	"packages.rpm.repository.architectures": "Mimariler",
+	"packages.rpm.repository.multiple_groups": "Bu paket birçok grupta mevcut.",
+	"packages.rubygems.install": "Paketi gem ile kurmak için, şu komutu çalıştırın:",
+	"packages.rubygems.install2": "veya paketi Gemfile dosyasına ekleyin:",
+	"packages.rubygems.dependencies.runtime": "Çalışma Zamanı Bağımlılıkları",
+	"packages.rubygems.dependencies.development": "Geliştirme Bağımlılıkları",
+	"packages.rubygems.required.ruby": "Gereken Ruby sürümü",
+	"packages.rubygems.required.rubygems": "Gereken RubyGem sürümü",
+	"packages.swift.registry": "Bu kütüğü komut satırını kullanarak kurun:",
+	"packages.swift.install": "Paketi <code>Package.swift</code> dosyanıza ekleyin:",
+	"packages.swift.install2": "ve şu komutu çalıştırın:",
+	"packages.vagrant.install": "Vagrant paketi eklemek için aşağıdaki komutu çalıştırın:",
+	"packages.settings.link": "Bu paketi bir depoya bağlayın",
+	"packages.settings.link.description": "Eğer bir paketi bir depoya bağlarsanız, paket deponun paket listesinde listelenecektir.",
+	"packages.settings.link.select": "Depo Seç",
+	"packages.settings.link.button": "Depo Bağlantısını Güncelle",
+	"packages.settings.link.success": "Depo bağlantısı başarıyla güncellendi.",
+	"packages.settings.link.error": "Depo bağlantısı güncellenemedi.",
+	"packages.settings.delete": "Paket Sil",
+	"packages.settings.delete.description": "Bir paketi silmek kalıcıdır ve geri alınamaz.",
+	"packages.settings.delete.notice": "%s (%s) paketini silmek üzeresiniz. Bu işlem geri alınamaz, emin misiniz?",
+	"packages.settings.delete.success": "Paket silindi.",
+	"packages.settings.delete.error": "Paket silinemedi.",
+	"packages.owner.settings.cargo.title": "Cargo Kayıt Dizini",
+	"packages.owner.settings.cargo.initialize": "Dizini İlkle",
+	"packages.owner.settings.cargo.initialize.description": "Cargo kütüğünü kullanmak için özel bir Git depo indeksi gerekiyor. Bu seçeneği kullanmak depoyu (yeniden) oluşturacak ve otomatik olarak yapılandıracaktır.",
+	"packages.owner.settings.cargo.initialize.error": "Cargo dizini oluşturma başarısız oldu: %v",
+	"packages.owner.settings.cargo.initialize.success": "Cargo dizini başarıyla oluşturuldu.",
+	"packages.owner.settings.cargo.rebuild": "Dizini yeniden oluştur",
+	"packages.owner.settings.cargo.rebuild.description": "İndeks, depolanmış Cargo paketleriyle eşzamanlanmamışsa yeniden oluşturma yararlı olabilir.",
+	"packages.owner.settings.cargo.rebuild.error": "Cargo dizinini yeniden oluşturma başarısız oldu: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Cargo dizini başarıyla yeniden oluşturuldu.",
+	"packages.owner.settings.cleanuprules.title": "Temizleme Kurallarını Yönet",
+	"packages.owner.settings.cleanuprules.add": "Temizleme Kuralı Ekle",
+	"packages.owner.settings.cleanuprules.edit": "Temizleme Kuralı Düzenle",
+	"packages.owner.settings.cleanuprules.none": "Temizleme kuralı yok. Lütfen belgelere danışın.",
+	"packages.owner.settings.cleanuprules.preview": "Temizleme Kuralı Önizleme",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d paketin kaldırılması planlandı.",
+	"packages.owner.settings.cleanuprules.preview.none": "Temizleme kuralı herhangi bir paketle eşleşmiyor.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Deseni tüm paket adına uygula",
+	"packages.owner.settings.cleanuprules.keep.title": "Bu kurallara uyan sürümler, aşağıdaki bir temizleme kuralıyla eşleşseler bile saklanır.",
+	"packages.owner.settings.cleanuprules.keep.count": "En sonuncuyu sakla",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Eşleşen sürümleri sakla",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Container paketlerinde <code>en son</code> (latest) sürüm her zaman saklanır.",
+	"packages.owner.settings.cleanuprules.remove.title": "Bu kurallara uyan sürümlar, yukarıdaki bir saklama kuralıyla eşleşmiyorlarsa kaldırılırlar.",
+	"packages.owner.settings.cleanuprules.remove.days": "Şundan eski sürümleri kaldır",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Eşleşen sürümlari kaldır",
+	"packages.owner.settings.cleanuprules.success.update": "Temizleme kuralı güncellendi.",
+	"packages.owner.settings.cleanuprules.success.delete": "Temizleme kuralı silindi.",
+	"packages.owner.settings.chef.title": "Chef deposu",
+	"packages.owner.settings.chef.keypair": "Anahtar çifti üret",
+	"packages.owner.settings.chef.keypair.description": "Chef kayıt defterine gönderilen istekler kimlik doğrulama yöntemi olarak kriptografik olarak imzalanmalıdır. Bir anahtar çifti oluştururken, yalnızca genel anahtar Forgejo'da saklanır. Özel anahtar size knife ile kullanılmak üzere sağlanır. Yeni bir anahtar çifti oluşturmak öncekini geçersiz kılar.",
 	"fork.n_forks": {
 		"one": "%s çatal",
 		"other": "%s çatal"
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index 5866b0c0f5..b70bf9e9fe 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "Пакунки",
+	"packages.empty": "Пакунків поки що немає.",
+	"packages.empty.documentation": "Докладніше про реєстр пакунків читайте в <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документації</a>.",
+	"packages.empty.repo": "Ви опублікували пакунок, але він не показаний тут? Перейдіть до <a href=\"%[1]s\">налаштувань пакунка</a> і пов’яжіть його з цим репозиторієм.",
+	"packages.registry.documentation": "Докладніше про реєстр %s читайте в <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документації</a>.",
+	"packages.filter.type": "Тип",
+	"packages.filter.type.all": "Усі",
+	"packages.filter.no_result": "Ваш фільтр не видав жодних результатів.",
+	"packages.filter.container.tagged": "Відмічений",
+	"packages.filter.container.untagged": "Невідмічений",
+	"packages.published_by": "%[1]s опубліковано <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "%[1]s опубліковано <a href=\"%[2]s\">%[3]s</a> в <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Аби встановити пакунок, використовуючи Dart, виконайте команду:",
+	"packages.installation": "Установлення",
+	"packages.about": "Про цей пакунок",
+	"packages.requirements": "Вимоги",
+	"packages.dependencies": "Залежності",
+	"packages.keywords": "Ключові слова",
+	"packages.details": "Подробиці",
+	"packages.details.author": "Автор",
+	"packages.details.project_site": "Вебсторінка проєкту",
+	"packages.details.repository_site": "Вебсторінка репозиторію",
+	"packages.details.documentation_site": "Вебсторінка документації",
+	"packages.details.license": "Ліцензія",
+	"packages.assets": "Ресурси",
+	"packages.versions": "Версії",
+	"packages.versions.view_all": "Переглянути всі",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Версія",
+	"packages.search_in_external_registry": "Шукати в %s",
+	"packages.alpine.registry": "Налаштуйте цей реєстр, додавши URL у файл <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Завантажте відкритий RSA-ключ реєстру в папку <code>/etc/apk/keys/</code> для перевірки підпису індексу:",
+	"packages.alpine.registry.info": "Виберіть $branch і $repository зі списку нижче.",
+	"packages.alpine.install": "Аби встановити цей пакунок, виконайте команду:",
+	"packages.alpine.repository": "Про репозиторій",
+	"packages.alpine.repository.branches": "Гілки",
+	"packages.alpine.repository.repositories": "Репозиторії",
+	"packages.alpine.repository.architectures": "Архітектури",
+	"packages.arch.pacman.helper.gpg": "Додайте сертифікат довіреності до pacman:",
+	"packages.arch.pacman.repo.multi": "%s має одну й ту саму версію в різних дистрибутивах.",
+	"packages.arch.pacman.repo.multi.item": "Конфігурація %s",
+	"packages.arch.pacman.conf": "Додайте сервер із пов’язаним дистрибутивом та архітектурою до <code>/etc/pacman.conf</code>:",
+	"packages.arch.pacman.sync": "Синхронізуйте пакунок з pacman:",
+	"packages.arch.version.properties": "Властивості версії",
+	"packages.arch.version.description": "Опис",
+	"packages.arch.version.provides": "Надає",
+	"packages.arch.version.groups": "Група",
+	"packages.arch.version.depends": "Залежить",
+	"packages.arch.version.optdepends": "Необов’язково залежить",
+	"packages.arch.version.makedepends": "Залежності для збірки",
+	"packages.arch.version.checkdepends": "Перевірити залежності",
+	"packages.arch.version.conflicts": "Конфлікти",
+	"packages.arch.version.replaces": "Заміни",
+	"packages.arch.version.backup": "Резервне копіювання",
+	"packages.cargo.registry": "Налаштуйте цей реєстр у файлі конфігурації Cargo (наприклад, <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Аби встановити пакунок, використовуючи Cargo, виконайте команду:",
+	"packages.chef.registry": "Налаштуйте цей реєстр у файлі <code>~/.chef/config.rb</code>:",
+	"packages.chef.install": "Аби встановити пакунок, виконайте команду:",
+	"packages.composer.registry": "Налаштуйте цей реєстр у файлі <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "Аби встановити пакунок, використовуючи Composer, виконайте команду:",
+	"packages.composer.dependencies": "Залежності",
+	"packages.composer.dependencies.development": "Залежності розробки",
+	"packages.conan.registry": "Налаштуйте цей реєстр із командного рядка:",
+	"packages.conan.install": "Аби встановити пакунок, використовуючи Conan, виконайте команду:",
+	"packages.conda.registry": "Встановіть цей реєстр як репозиторій Conda у своєму файлі <code>.condarc</code>:",
+	"packages.conda.install": "Аби встановити пакунок, використовуючи Conda, виконайте команду:",
+	"packages.container.images.title": "Образи",
+	"packages.container.details.type": "Тип образу",
+	"packages.container.details.platform": "Платформа",
+	"packages.container.pull": "Завантажити образ із командного рядка:",
+	"packages.container.digest": "Контрольна сума",
+	"packages.container.multi_arch": "ОС / Архітектура",
+	"packages.container.layers": "Шари образу",
+	"packages.container.labels": "Мітки",
+	"packages.container.labels.key": "Ключ",
+	"packages.container.labels.value": "Значення",
+	"packages.cran.registry": "Налаштуйте цей реєстр у файлі <code>Rprofile.site</code>:",
+	"packages.cran.install": "Аби встановити пакунок, виконайте команду:",
+	"packages.debian.registry": "Налаштуйте цей реєстр із командного рядка:",
+	"packages.debian.registry.info": "Виберіть $distribution і $component зі списку нижче.",
+	"packages.debian.install": "Аби встановити пакунок, виконайте команду:",
+	"packages.debian.repository": "Про репозиторій",
+	"packages.debian.repository.distributions": "Дистрибутиви",
+	"packages.debian.repository.components": "Складові",
+	"packages.debian.repository.architectures": "Архітектури",
+	"packages.generic.download": "Завантажте пакунок із командного рядка:",
+	"packages.go.install": "Встановити пакунок із командного рядка:",
+	"packages.helm.registry": "Налаштуйте цей реєстр із командного рядка:",
+	"packages.helm.install": "Аби встановити пакунок, виконайте команду:",
+	"packages.maven.registry": "Налаштуйте цей реєстр у файлі <code>pom.xml</code> свого проєкту:",
+	"packages.maven.install": "Для використання пакунка включіть у блок <code>dependencies</code> у файлі <code>pom.xml</code> таке:",
+	"packages.maven.install2": "Запустити з командного рядка:",
+	"packages.maven.download": "Щоб завантажити залежність, запустіть із командного рядка:",
+	"packages.nuget.registry": "Налаштуйте цей реєстр із командного рядка:",
+	"packages.nuget.install": "Аби встановити пакунок, використовуючи NuGet, виконайте команду:",
+	"packages.nuget.dependency.framework": "Цільовий фреймворк",
+	"packages.npm.registry": "Налаштуйте цей реєстр у файлі <code>.npmrc</code> свого проєкту:",
+	"packages.npm.install": "Аби встановити пакунок, використовуючи npm, виконайте команду:",
+	"packages.npm.install2": "або додайте його у файл package.json:",
+	"packages.npm.dependencies": "Залежності",
+	"packages.npm.dependencies.development": "Залежності розробки",
+	"packages.npm.dependencies.bundle": "Пакетні залежності",
+	"packages.npm.dependencies.peer": "Однорангові залежності",
+	"packages.npm.dependencies.optional": "Необов'язкові залежності",
+	"packages.npm.details.tag": "Тег",
+	"packages.pypi.requires": "Необхідний Python",
+	"packages.pypi.install": "Аби встановити пакунок, використовуючи pip, виконайте команду:",
+	"packages.rpm.registry": "Налаштуйте цей реєстр із командного рядка:",
+	"packages.rpm.distros.redhat": "у дистрибутивах на основі RedHat",
+	"packages.rpm.distros.suse": "у дистрибутивах на основі SUSE",
+	"packages.rpm.install": "Щоб установити пакунок, виконайте команду:",
+	"packages.rpm.repository": "Про репозиторій",
+	"packages.rpm.repository.architectures": "Архітектури",
+	"packages.rpm.repository.multiple_groups": "Цей пакунок доступний у кількох групах.",
+	"packages.alt.registry": "Налаштуйте цей реєстр із командного рядка:",
+	"packages.alt.registry.install": "Щоб установити пакунок, виконайте команду:",
+	"packages.alt.install": "Встановити пакунок",
+	"packages.alt.setup": "Додайте репозиторій до списку підключених репозиторіїв (виберіть потрібну архітектуру замість «_arch_»):",
+	"packages.alt.repository": "Про репозиторій",
+	"packages.alt.repository.architectures": "Архітектури",
+	"packages.alt.repository.multiple_groups": "Цей пакунок доступний у кількох групах.",
+	"packages.rubygems.install": "Аби встановити пакунок, використовуючи gem, виконайте команду:",
+	"packages.rubygems.install2": "або додайте його у Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Залежності середовища виконання",
+	"packages.rubygems.dependencies.development": "Залежності розробки",
+	"packages.rubygems.required.ruby": "Необхідна версія Ruby",
+	"packages.rubygems.required.rubygems": "Необхідна версія RubyGem",
+	"packages.swift.registry": "Налаштуйте цей реєстр із командного рядка:",
+	"packages.swift.install": "Додайте пакунок у свій файл <code>Package.swift</code>:",
+	"packages.swift.install2": "і виконайте команду:",
+	"packages.vagrant.install": "Щоб додати скриньку Vagrant, виконайте команду:",
+	"packages.settings.link": "Пов’язати цей пакунок із репозиторієм",
+	"packages.settings.link.description": "Якщо пов’язати пакунок із репозиторієм, то його буде додано до списку пакунків цього репозиторію.",
+	"packages.settings.link.select": "Виберіть репозиторій",
+	"packages.settings.link.button": "Оновити посилання на репозиторій",
+	"packages.settings.link.success": "Посилання на репозиторій успішно оновлено.",
+	"packages.settings.link.error": "Помилка при оновленні посилання на репозиторій.",
+	"packages.settings.delete": "Видалити пакунок",
+	"packages.settings.delete.description": "Видалення пакунка є остаточним і його неможливо скасувати.",
+	"packages.settings.delete.notice": "Ви збираєтеся видалити %s (%s). Цю операцію не можна скасувати, ви впевнені?",
+	"packages.settings.delete.success": "Пакунок видалено.",
+	"packages.settings.delete.error": "Не вдалося видалити пакунок.",
+	"packages.owner.settings.cargo.title": "Індекс реєстру Cargo",
+	"packages.owner.settings.cargo.initialize": "Ініціалізувати індекс",
+	"packages.owner.settings.cargo.initialize.description": "Для реєстру Cargo потрібен спеціальний Git-репозиторій з індексом. Використання цієї опції (пере)створить репозиторій і автоматично його налаштує.",
+	"packages.owner.settings.cargo.initialize.error": "Не вдалось ініціалізувати індекс Cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "Індекс Cargo успішно створено.",
+	"packages.owner.settings.cargo.rebuild": "Перебудувати індекс",
+	"packages.owner.settings.cargo.rebuild.description": "Перебудування може бути корисним, якщо індекс не синхронізовано зі збереженими пакунками Cargo.",
+	"packages.owner.settings.cargo.rebuild.error": "Не вдалося перебудувати індекс Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Індекс Cargo успішно перебудовано.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Неможливо перебудувати, індекс не ініціалізовано.",
+	"packages.owner.settings.cleanuprules.title": "Правила очистки",
+	"packages.owner.settings.cleanuprules.add": "Додати правило очистки",
+	"packages.owner.settings.cleanuprules.edit": "Редагувати правило очистки",
+	"packages.owner.settings.cleanuprules.none": "Правил очистки ще немає.",
+	"packages.owner.settings.cleanuprules.preview": "Попередній перегляд правила очистки",
+	"packages.owner.settings.cleanuprules.preview.overview": "Заплановано видалити %d пакунків.",
+	"packages.owner.settings.cleanuprules.preview.none": "Правило очистки не відповідає жодному пакунку.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Застосувати шаблон до повної назви пакунка",
+	"packages.owner.settings.cleanuprules.keep.title": "Версії, які підпадають під ці правила, залишаться, навіть якщо вони підпадають під правило видалення нижче.",
+	"packages.owner.settings.cleanuprules.keep.count": "Залишити найновіші",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Залишити версії, що відповідають",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Версія <code>latest</code> завжди зберігається для пакунків Container.",
+	"packages.owner.settings.cleanuprules.remove.title": "Версії, які підпадають під ці правила, буде видалено, крім версій, які правило вище вимагає залишити.",
+	"packages.owner.settings.cleanuprules.remove.days": "Видалити версії старіші, ніж",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Видалити версії, що відповідають",
+	"packages.owner.settings.cleanuprules.success.update": "Правило очистки оновлено.",
+	"packages.owner.settings.cleanuprules.success.delete": "Правило очистки видалено.",
+	"packages.owner.settings.chef.title": "Реєстр Chef",
+	"packages.owner.settings.chef.keypair": "Згенерувати пару ключів",
+	"packages.owner.settings.chef.keypair.description": "Запити до реєстру Chef повинні бути криптографічно підписані як засіб автентифікації. При генерації пари ключів на Forgejo зберігається тільки відкритий ключ. Приватний ключ надається вам для використання команд knife. Генерація нової пари ключів замінить попередню.",
 	"fork.n_forks": {
 		"one": "%s форк",
 		"few": "%s форки",
diff --git a/options/locale_next/locale_vi.json b/options/locale_next/locale_vi.json
index fb49a027fa..b46340f93b 100644
--- a/options/locale_next/locale_vi.json
+++ b/options/locale_next/locale_vi.json
@@ -1,4 +1,10 @@
 {
+	"packages.filter.container.tagged": "Được gắn nhãn",
+	"packages.filter.container.untagged": "Không được gắn nhãn",
+	"packages.details.project_site": "Trang mạng dự án",
+	"packages.details.repository_site": "Trang mạng kho mã",
+	"packages.details.documentation_site": "Trang mạng tài liệu",
+	"packages.npm.details.tag": "Nhãn",
 	"fork.n_forks": "%s phân nhánh",
 	"stars.n_stars": "%s sao",
 	"moderation.abuse_category.malware": "Mã độc",
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index bbbc3d5695..8affe68a05 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "软件包",
+	"packages.empty": "还没有软件包。",
+	"packages.empty.documentation": "关于软件包注册中心的更多信息，请参阅 <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\"> 文档 </a>。",
+	"packages.empty.repo": "您上传了一个包，但没有显示在这里吗？转到 <a href=\"%[1]s\">包设置</a> 并将其链接到这个仓库中。",
+	"packages.registry.documentation": "关于 %s 注册中心的更多信息，请参阅 <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">文档</a>。",
+	"packages.filter.type": "类型",
+	"packages.filter.type.all": "所有",
+	"packages.filter.no_result": "您的过滤器没有产生任何结果。",
+	"packages.filter.container.tagged": "已加标签",
+	"packages.filter.container.untagged": "未加标签",
+	"packages.published_by": "由 <a href=\"%[2]s\">%[3]s</a> 发布于 %[1]s",
+	"packages.published_by_in": "<a href=\"%[2]s\">%[3]s</a> 于 %[1]s 发布了 <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "要使用 Dart 安装软件包，请运行以下命令：",
+	"packages.installation": "安装",
+	"packages.about": "关于这个软件包",
+	"packages.requirements": "要求",
+	"packages.dependencies": "依赖",
+	"packages.keywords": "关键词",
+	"packages.details": "详情",
+	"packages.details.author": "作者",
+	"packages.details.project_site": "项目站点",
+	"packages.details.repository_site": "仓库网站",
+	"packages.details.documentation_site": "文档站点",
+	"packages.details.license": "许可协议",
+	"packages.assets": "资源",
+	"packages.versions": "版本",
+	"packages.versions.view_all": "查看全部",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "版本",
+	"packages.search_in_external_registry": "在 %s 中搜索",
+	"packages.alpine.registry": "通过在您的 <code>/etc/apk/repositories</code> 文件中添加 URL 来设置此注册中心：",
+	"packages.alpine.registry.key": "下载注册中心公开的 RSA 密钥到 <code>/etc/apk/keys/</code> 文件夹来验证索引签名：",
+	"packages.alpine.registry.info": "从下面的列表中选择 $branch 和 $repository。",
+	"packages.alpine.install": "要安装包，请运行以下命令：",
+	"packages.alpine.repository": "仓库信息",
+	"packages.alpine.repository.branches": "分支",
+	"packages.alpine.repository.repositories": "仓库管理",
+	"packages.alpine.repository.architectures": "架构",
+	"packages.arch.pacman.helper.gpg": "为 pacman 添加信任证书：",
+	"packages.arch.pacman.repo.multi": "%s 在不同的发行版中有相同的版本。",
+	"packages.arch.pacman.repo.multi.item": "%s 的配置",
+	"packages.arch.pacman.conf": "将具有相关发行版和架构的服务器添加到 <code>/etc/pacman.conf</code> 中：",
+	"packages.arch.pacman.sync": "在 pacman 下同步软件包：",
+	"packages.arch.version.properties": "版本属性",
+	"packages.arch.version.description": "说明",
+	"packages.arch.version.provides": "提供",
+	"packages.arch.version.groups": "组",
+	"packages.arch.version.depends": "依赖",
+	"packages.arch.version.optdepends": "可选依赖",
+	"packages.arch.version.makedepends": "编译依赖",
+	"packages.arch.version.checkdepends": "检查依赖",
+	"packages.arch.version.conflicts": "冲突",
+	"packages.arch.version.replaces": "替换",
+	"packages.arch.version.backup": "备份",
+	"packages.cargo.registry": "在 Cargo 配置文件中设置此注册中心（例如：<code>~/.cargo/config.toml</code>）：",
+	"packages.cargo.install": "要使用 Cargo 安装软件包，请运行以下命令：",
+	"packages.chef.registry": "在您的 <code>~/.chef/config.rb</code> 文件中设置此注册中心：",
+	"packages.chef.install": "要安装包，请运行以下命令：",
+	"packages.composer.registry": "在您的 <code>~/.composer/config.json</code> 文件中设置此注册中心：",
+	"packages.composer.install": "要使用 Composer 安装软件包，请运行以下命令：",
+	"packages.composer.dependencies": "依赖",
+	"packages.composer.dependencies.development": "开发依赖",
+	"packages.conan.registry": "从命令行设置此注册中心：",
+	"packages.conan.install": "要使用 Conan 安装软件包，请运行以下命令：",
+	"packages.conda.registry": "在您的 <code>.condarc</code> 文件中将此注册中心设置为 Conda 仓库：",
+	"packages.conda.install": "要使用 Conda 安装软件包，请运行以下命令：",
+	"packages.container.images.title": "镜像",
+	"packages.container.details.type": "镜像类型",
+	"packages.container.details.platform": "平台",
+	"packages.container.pull": "从命令行拉取镜像：",
+	"packages.container.digest": "摘要",
+	"packages.container.multi_arch": "操作系统 / 架构",
+	"packages.container.layers": "镜像分层",
+	"packages.container.labels": "标签",
+	"packages.container.labels.key": "键",
+	"packages.container.labels.value": "值",
+	"packages.cran.registry": "在您的 <code>Rprofile.site</code> 文件中设置此注册中心：",
+	"packages.cran.install": "要安装包，请运行以下命令：",
+	"packages.debian.registry": "从命令行设置此注册中心：",
+	"packages.debian.registry.info": "从下面的列表中选择 $distribution 和 $component。",
+	"packages.debian.install": "要安装包，请运行以下命令：",
+	"packages.debian.repository": "仓库信息",
+	"packages.debian.repository.distributions": "发行版",
+	"packages.debian.repository.components": "组件",
+	"packages.debian.repository.architectures": "架构",
+	"packages.generic.download": "从命令行下载软件包：",
+	"packages.go.install": "通过命令行安装软件包：",
+	"packages.helm.registry": "从命令行设置此注册中心：",
+	"packages.helm.install": "要安装包，请运行以下命令：",
+	"packages.maven.registry": "在您项目的 <code>pom.xml</code> 文件中设置此注册中心：",
+	"packages.maven.install": "要使用这个软件包，在 <code>pom.xml</code> 文件中的 <code>依赖项</code> 块中包含以下内容：",
+	"packages.maven.install2": "通过命令行运行：",
+	"packages.maven.download": "要下载依赖项，请通过命令行运行：",
+	"packages.nuget.registry": "从命令行设置此注册中心：",
+	"packages.nuget.install": "要使用 Nuget 安装软件包，请运行以下命令：",
+	"packages.nuget.dependency.framework": "目标框架",
+	"packages.npm.registry": "在您项目的 <code>.npmrc</code> 文件中设置此注册中心：",
+	"packages.npm.install": "要使用 npm 安装软件包，请运行以下命令：",
+	"packages.npm.install2": "或将其添加到 package.json 文件：",
+	"packages.npm.dependencies": "依赖项",
+	"packages.npm.dependencies.development": "开发依赖",
+	"packages.npm.dependencies.bundle": "捆绑的依赖项",
+	"packages.npm.dependencies.peer": "同等依赖",
+	"packages.npm.dependencies.optional": "可选依赖",
+	"packages.npm.details.tag": "标签",
+	"packages.pypi.requires": "需要 Python",
+	"packages.pypi.install": "要使用 pip 安装软件包，请运行以下命令：",
+	"packages.rpm.registry": "从命令行设置此注册中心：",
+	"packages.rpm.distros.redhat": "在基于 RedHat 的发行版",
+	"packages.rpm.distros.suse": "在基于 SUSE 的发行版",
+	"packages.rpm.install": "要安装包，请运行以下命令：",
+	"packages.rpm.repository": "仓库信息",
+	"packages.rpm.repository.architectures": "架构",
+	"packages.rpm.repository.multiple_groups": "该软件包可在多个组中使用。",
+	"packages.alt.registry": "通过命令行配置此注册表：",
+	"packages.alt.registry.install": "要安装此软件包，请运行以下命令：",
+	"packages.alt.install": "安装软件包",
+	"packages.alt.setup": "添加一个仓库到连接的仓库列表（选择必要的架构而非“_arch_”）：",
+	"packages.alt.repository": "仓库信息",
+	"packages.alt.repository.architectures": "架构",
+	"packages.alt.repository.multiple_groups": "此软件包在多个组中可用。",
+	"packages.rubygems.install": "要使用 gem 安装软件包，请运行以下命令：",
+	"packages.rubygems.install2": "或将它添加到 Gemfile：",
+	"packages.rubygems.dependencies.runtime": "运行时依赖",
+	"packages.rubygems.dependencies.development": "开发依赖",
+	"packages.rubygems.required.ruby": "需要 Ruby 版本",
+	"packages.rubygems.required.rubygems": "需要 RubyGem 版本",
+	"packages.swift.registry": "从命令行设置此注册中心：",
+	"packages.swift.install": "在你的 <code>Package.swift</code>文件中添加该包：",
+	"packages.swift.install2": "并运行以下命令：",
+	"packages.vagrant.install": "若要添加一个 Vagrant box，请运行以下命令：",
+	"packages.settings.link": "将此软件包链接到仓库",
+	"packages.settings.link.description": "如果您将一个软件包与一个代码库链接起来，软件包将显示在代码库的软件包列表中。",
+	"packages.settings.link.select": "选择仓库",
+	"packages.settings.link.button": "更新仓库链接",
+	"packages.settings.link.success": "仓库链接已成功更新。",
+	"packages.settings.link.error": "更新仓库链接失败。",
+	"packages.settings.delete": "删除软件包",
+	"packages.settings.delete.description": "删除软件包是永久性的，无法撤消。",
+	"packages.settings.delete.notice": "您将要删除 %s（%s）。此操作是不可逆的，您确定吗？",
+	"packages.settings.delete.success": "软件包已被删除。",
+	"packages.settings.delete.error": "删除软件包失败。",
+	"packages.owner.settings.cargo.title": "Cargo 注册中心索引",
+	"packages.owner.settings.cargo.initialize": "初始化索引",
+	"packages.owner.settings.cargo.initialize.description": "使用 Cargo 注册中心时需要一个特殊索引的 Git 仓库。使用此选项将（重新）创建仓库并自动配置它。",
+	"packages.owner.settings.cargo.initialize.error": "初始化Cargo索引失败：%v",
+	"packages.owner.settings.cargo.initialize.success": "Cargo索引已经成功创建。",
+	"packages.owner.settings.cargo.rebuild": "重建索引",
+	"packages.owner.settings.cargo.rebuild.description": "如果索引与存储的 Cargo 包不同步，重建可能会有用。",
+	"packages.owner.settings.cargo.rebuild.error": "无法重建 Cargo 索引：%v",
+	"packages.owner.settings.cargo.rebuild.success": "Cargo 索引已成功重建。",
+	"packages.owner.settings.cargo.rebuild.no_index": "无法重建，未初始化任何索引。",
+	"packages.owner.settings.cleanuprules.title": "清理规则",
+	"packages.owner.settings.cleanuprules.add": "添加清理规则",
+	"packages.owner.settings.cleanuprules.edit": "编辑清理规则",
+	"packages.owner.settings.cleanuprules.none": "尚无清理规则。",
+	"packages.owner.settings.cleanuprules.preview": "清理规则预览",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d 个软件包计划被删除。",
+	"packages.owner.settings.cleanuprules.preview.none": "清理规则与任何软件包都不匹配。",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "应用规则到完整软件包名称",
+	"packages.owner.settings.cleanuprules.keep.title": "与这些规则相匹配的版本即使与下面的删除规则相匹配，也将予以保留。",
+	"packages.owner.settings.cleanuprules.keep.count": "保留最新的",
+	"packages.owner.settings.cleanuprules.keep.pattern": "保持版本匹配",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "容器的<code>latest</code>版本总是会被保留。",
+	"packages.owner.settings.cleanuprules.remove.title": "与这些规则相匹配的版本将被删除，除非其中存在某个保留它们的规则。",
+	"packages.owner.settings.cleanuprules.remove.days": "移除旧于天数的版本",
+	"packages.owner.settings.cleanuprules.remove.pattern": "删除匹配的版本",
+	"packages.owner.settings.cleanuprules.success.update": "清理规则已更新。",
+	"packages.owner.settings.cleanuprules.success.delete": "清理规则已删除。",
+	"packages.owner.settings.chef.title": "Chef 注册中心",
+	"packages.owner.settings.chef.keypair": "生成密钥对",
+	"packages.owner.settings.chef.keypair.description": "发送至 Chef 注册表的请求必须被密码学签名，以进行身份验证。在生成密钥对时，Forgejo仅保存公钥。私钥将被提供给您以和 knife 一同使用。生成新的密钥对将丢弃旧的密钥对。",
 	"fork.n_forks": "%s 个派生",
 	"stars.n_stars": "%s 次点赞",
 	"release.n_downloads": "%s 次下载",
diff --git a/options/locale_next/locale_zh-HK.json b/options/locale_next/locale_zh-HK.json
index a76b5a81e7..4c17108c8d 100644
--- a/options/locale_next/locale_zh-HK.json
+++ b/options/locale_next/locale_zh-HK.json
@@ -1,4 +1,8 @@
 {
+	"packages.filter.type": "認證類型",
+	"packages.alpine.repository.branches": "分支列表",
+	"packages.alpine.repository.repositories": "儲存庫管理",
+	"packages.container.labels": "標籤",
 	"repo.pulls.merged_title_desc": "於 %[4]s 將 %[1]d 次代碼提交從 <code>%[2]s</code>合併至 <code>%[3]s</code>",
 	"moderation.abuse_category.malware": "惡意程式",
 	"meta.last_line": " "
diff --git a/options/locale_next/locale_zh-TW.json b/options/locale_next/locale_zh-TW.json
index 661f207fbf..d1be2fb0f7 100644
--- a/options/locale_next/locale_zh-TW.json
+++ b/options/locale_next/locale_zh-TW.json
@@ -1,4 +1,176 @@
 {
+	"packages.title": "軟體包",
+	"packages.empty": "目前還沒有軟體包。",
+	"packages.empty.documentation": "關於軟體包註冊中心的詳情請參閱<a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">文件</a>。",
+	"packages.empty.repo": "已經上傳了一個軟體包，但是它不在這裡嗎？造訪<a href=\"%[1]s\">軟體包設定</a>並將其連結到這個儲存庫。",
+	"packages.registry.documentation": "有關 %s 註冊表的更多資訊，請參閱<a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">文件</a>。",
+	"packages.filter.type": "類型",
+	"packages.filter.type.all": "所有",
+	"packages.filter.no_result": "沒有篩選結果。",
+	"packages.filter.container.tagged": "已加標籤",
+	"packages.filter.container.untagged": "未加標籤",
+	"packages.published_by": "發布於 %[1]s 由 <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "發布於 %[1]s 由 <a href=\"%[2]s\">%[3]s</a> 在 <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "執行下列命令以使用 Dart 安裝此軟體包：",
+	"packages.installation": "安裝",
+	"packages.about": "關於此軟體包",
+	"packages.requirements": "需求",
+	"packages.dependencies": "相依性",
+	"packages.keywords": "關鍵字",
+	"packages.details": "詳情",
+	"packages.details.author": "作者",
+	"packages.details.project_site": "專案網站",
+	"packages.details.repository_site": "儲存庫網站",
+	"packages.details.documentation_site": "文件網站",
+	"packages.details.license": "授權條款",
+	"packages.assets": "檔案",
+	"packages.versions": "版本",
+	"packages.versions.view_all": "檢視全部",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "版本",
+	"packages.search_in_external_registry": "在 %s 中搜尋",
+	"packages.alpine.registry": "在您的 <code>/etc/apk/repositories</code> 檔加入下列 URL 以設定此註冊中心:",
+	"packages.alpine.registry.key": "下載註冊中心的公開 RSA 金鑰到 <code>/etc/apk/keys/</code> 資料夾來驗證索引簽署:",
+	"packages.alpine.registry.info": "從下列清單選擇 $branch 和 $repository。",
+	"packages.alpine.install": "執行下列命令安裝此軟體包：",
+	"packages.alpine.repository": "儲存庫資訊",
+	"packages.alpine.repository.branches": "分支",
+	"packages.alpine.repository.repositories": "儲存庫",
+	"packages.alpine.repository.architectures": "架構",
+	"packages.arch.pacman.helper.gpg": "為 pacman 新增信任憑證：",
+	"packages.arch.pacman.repo.multi": "%s 在不同的發行版中具有相同的版本。",
+	"packages.arch.pacman.repo.multi.item": "%s 的組態",
+	"packages.arch.pacman.conf": "將相關發行版和架構的伺服器新增至 <code>/etc/pacman.conf</code>：",
+	"packages.arch.pacman.sync": "使用 pacman 同步軟體包：",
+	"packages.arch.version.properties": "版本屬性",
+	"packages.arch.version.description": "描述",
+	"packages.arch.version.provides": "提供",
+	"packages.arch.version.groups": "群組",
+	"packages.arch.version.depends": "依賴",
+	"packages.arch.version.optdepends": "選擇性依賴",
+	"packages.arch.version.makedepends": "編譯依賴",
+	"packages.arch.version.checkdepends": "檢查依賴",
+	"packages.arch.version.conflicts": "衝突",
+	"packages.arch.version.replaces": "取代",
+	"packages.arch.version.backup": "備份",
+	"packages.cargo.registry": "在 Cargo 組態檔設定此註冊中心 (例如: <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "執行下列命令以使用 Cargo 安裝此軟體包：",
+	"packages.chef.registry": "在您的 <code>~/.chef/config.rb</code> 檔設定此註冊中心:",
+	"packages.chef.install": "執行下列命令以安裝此軟體包：",
+	"packages.composer.registry": "在您的 <code>~/.composer/config.json</code> 檔設定此註冊中心:",
+	"packages.composer.install": "執行下列命令以使用 Composer 安裝此軟體包：",
+	"packages.composer.dependencies": "相依性",
+	"packages.composer.dependencies.development": "開發相依性",
+	"packages.conan.registry": "透過下列命令設定此註冊中心:",
+	"packages.conan.install": "執行下列命令以使用 Conan 安裝此軟體包：",
+	"packages.conda.registry": "在您的 <code>.condarc</code> 檔設定此註冊中心為 Conda 存儲庫:",
+	"packages.conda.install": "執行下列命令以使用 Conda 安裝此軟體包：",
+	"packages.container.images.title": "映像檔",
+	"packages.container.details.type": "映像檔類型",
+	"packages.container.details.platform": "平台",
+	"packages.container.pull": "透過下列命令拉取映像檔：",
+	"packages.container.digest": "摘要",
+	"packages.container.multi_arch": "作業系統 / 架構",
+	"packages.container.layers": "映像檔分層",
+	"packages.container.labels": "標籤",
+	"packages.container.labels.key": "鍵",
+	"packages.container.labels.value": "值",
+	"packages.cran.registry": "在你的 <code>Rprofile.site</code> 檔案中設定此註冊表：",
+	"packages.cran.install": "執行下列命令以安裝此軟體包：",
+	"packages.debian.registry": "透過下列命令設定此註冊中心:",
+	"packages.debian.registry.info": "從下面的清單中選擇 $distribution 和 $component。",
+	"packages.debian.install": "執行下列命令以安裝此軟體包：",
+	"packages.debian.repository": "儲存庫資訊",
+	"packages.debian.repository.distributions": "發行版",
+	"packages.debian.repository.components": "元件",
+	"packages.debian.repository.architectures": "架構",
+	"packages.generic.download": "使用命令列下載軟體包：",
+	"packages.go.install": "使用命令列安裝軟體包：",
+	"packages.helm.registry": "透過下列命令設定此註冊中心:",
+	"packages.helm.install": "執行下列命令安裝以此軟體包：",
+	"packages.maven.registry": "在您專案的 <code>pom.xml</code> 檔設定此註冊中心:",
+	"packages.maven.install": "若要使用此軟體包，請在您 <code>pom.xml</code> 檔的 <code>dependencies</code> 段落加入下列內容:",
+	"packages.maven.install2": "透過下列命令執行:",
+	"packages.maven.download": "透過下列命令下載相依性：",
+	"packages.nuget.registry": "透過下列命令設定此註冊中心：",
+	"packages.nuget.install": "執行下列命令以使用 NuGet 安裝此軟體包：",
+	"packages.nuget.dependency.framework": "目標框架",
+	"packages.npm.registry": "在您專案的 <code>.npmrc</code> 檔設定此註冊中心:",
+	"packages.npm.install": "執行下列命令以使用 npm 安裝此軟體包：",
+	"packages.npm.install2": "或將它加到 package.json 檔：",
+	"packages.npm.dependencies": "相依性",
+	"packages.npm.dependencies.development": "開發相依性",
+	"packages.npm.dependencies.bundle": "已捆綁相依性",
+	"packages.npm.dependencies.peer": "同行相依性",
+	"packages.npm.dependencies.optional": "選用相依性",
+	"packages.npm.details.tag": "標籤",
+	"packages.pypi.requires": "需要 Python",
+	"packages.pypi.install": "執行下列命令以使用 pip 安裝此軟體包：",
+	"packages.rpm.registry": "透過下列命令設定此註冊中心:",
+	"packages.rpm.distros.redhat": "在基於 RedHat 的發行版上",
+	"packages.rpm.distros.suse": "在基於 SUSE 的發行版上",
+	"packages.rpm.install": "執行下列命令以安裝此軟體包：",
+	"packages.rpm.repository": "儲存庫資訊",
+	"packages.rpm.repository.architectures": "架構",
+	"packages.rpm.repository.multiple_groups": "此套件可以在多個群組中使用。",
+	"packages.alt.registry": "從命令列設定此註冊表：",
+	"packages.alt.registry.install": "若要安裝軟體包，執行以下命令：",
+	"packages.alt.install": "安裝軟體包",
+	"packages.alt.setup": "新增儲存庫至已連接的儲存庫清單（選擇必要的架構結構而非「_arch_」）：",
+	"packages.alt.repository": "儲存庫資訊",
+	"packages.alt.repository.architectures": "架構",
+	"packages.alt.repository.multiple_groups": "此軟體包在多個群組中可用。",
+	"packages.rubygems.install": "執行下列命令以使用 gem 安裝此軟體包：",
+	"packages.rubygems.install2": "或將它加到 Gemfile:",
+	"packages.rubygems.dependencies.runtime": "執行階段相依性",
+	"packages.rubygems.dependencies.development": "開發相依性",
+	"packages.rubygems.required.ruby": "需要的 Ruby 版本",
+	"packages.rubygems.required.rubygems": "需要的 RubyGem 版本",
+	"packages.swift.registry": "透過下列命令設定此註冊中心:",
+	"packages.swift.install": "將此軟體包加入您的 <code>Package.swift</code> 檔：",
+	"packages.swift.install2": "並執行下列命令：",
+	"packages.vagrant.install": "執行下列命令以新增 Vagrant box:",
+	"packages.settings.link": "連結此軟體包至儲存庫",
+	"packages.settings.link.description": "如果您將軟體包連結至儲存庫，該軟體包會顯示在儲存庫的軟體包清單。",
+	"packages.settings.link.select": "選擇儲存庫",
+	"packages.settings.link.button": "更新儲存庫連結",
+	"packages.settings.link.success": "儲存庫連結更新成功。",
+	"packages.settings.link.error": "儲存庫連結更新失敗。",
+	"packages.settings.delete": "刪除軟體包",
+	"packages.settings.delete.description": "刪除軟體包是永久且不可還原的。",
+	"packages.settings.delete.notice": "您正要刪除 %s (%s)，此動作是無法還原的，您確定嗎？",
+	"packages.settings.delete.success": "已刪除該軟體包。",
+	"packages.settings.delete.error": "軟體包刪除失敗。",
+	"packages.owner.settings.cargo.title": "Cargo Registry 索引",
+	"packages.owner.settings.cargo.initialize": "初始化索引",
+	"packages.owner.settings.cargo.initialize.description": "使用 Cargo 註冊表需要一個特殊的索引 Git 儲存庫。使用此選項將會（重新）建立儲存庫並自動配置它。",
+	"packages.owner.settings.cargo.initialize.error": "初始化 Cargo 索引失敗: %v",
+	"packages.owner.settings.cargo.initialize.success": "成功建立了 Cargo 索引。",
+	"packages.owner.settings.cargo.rebuild": "重建索引",
+	"packages.owner.settings.cargo.rebuild.description": "如果索引與儲存的 Cargo 套件不同步，重建可能會很有用。",
+	"packages.owner.settings.cargo.rebuild.error": "重建 Cargo 索引失敗: %v",
+	"packages.owner.settings.cargo.rebuild.success": "已成功重建 Cargo 索引。",
+	"packages.owner.settings.cargo.rebuild.no_index": "無法重建，未初始化任何索引。",
+	"packages.owner.settings.cleanuprules.title": "清理規則",
+	"packages.owner.settings.cleanuprules.add": "加入清理規則",
+	"packages.owner.settings.cleanuprules.edit": "編輯清理規則",
+	"packages.owner.settings.cleanuprules.none": "目前沒有任何清理規則。",
+	"packages.owner.settings.cleanuprules.preview": "預覽清理規則",
+	"packages.owner.settings.cleanuprules.preview.overview": "已排程移除 %d 個軟體包。",
+	"packages.owner.settings.cleanuprules.preview.none": "清理規則不符合任何軟體包。",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "將比對式樣套用到完整的軟體包名稱",
+	"packages.owner.settings.cleanuprules.keep.title": "符合這些規則的版本即使符合下面的刪除規則也會被保留。",
+	"packages.owner.settings.cleanuprules.keep.count": "保留最新的",
+	"packages.owner.settings.cleanuprules.keep.pattern": "保留版本的比對規則",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "總是保留 Container 軟體包的<code>最新</code>版本。",
+	"packages.owner.settings.cleanuprules.remove.title": "符合這些規則的版本將被移除，除非前述的規則要求保留它們。",
+	"packages.owner.settings.cleanuprules.remove.days": "移除早於天數的版本",
+	"packages.owner.settings.cleanuprules.remove.pattern": "移除版本的比對規則",
+	"packages.owner.settings.cleanuprules.success.update": "已更新清理規則。",
+	"packages.owner.settings.cleanuprules.success.delete": "已刪除清理規則。",
+	"packages.owner.settings.chef.title": "Chef Registry",
+	"packages.owner.settings.chef.keypair": "產生密鑰組",
+	"packages.owner.settings.chef.keypair.description": "送往 Chef 註冊表的請求必須經過加密簽署，以作為驗證身分的方式。在產生金鑰對時，只有公鑰會儲存在 Forgejo 上，私鑰則會提供給你用於 knife 工具。產生新的金鑰對將會覆蓋先前的金鑰。",
 	"fork.n_forks": "%s 個分叉",
 	"stars.n_stars": "%s 顆星星",
 	"release.n_downloads": "%s 次下載",

From 125a621f792ac803ce5fdb3822a6995d1f1431f7 Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Thu, 22 Jan 2026 16:26:18 +0100
Subject: [PATCH 203/854] feat: optimization: use fs.ReadFile (#10987)

While reviewing cpuprofiles of #10985, I noticed a bunch of slice-grows within this function.
Instead of `io.ReadAll` (which does not know the size in advance), use `fs.ReadFile`, which will perform correctly-sized allocations.

### Tests

This function is already covered by tests in `modules/assetfs/layered_test.go`

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10987
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
---
 modules/assetfs/layered.go | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/modules/assetfs/layered.go b/modules/assetfs/layered.go
index 2041f28bb1..a9b99556e2 100644
--- a/modules/assetfs/layered.go
+++ b/modules/assetfs/layered.go
@@ -7,7 +7,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io"
 	"io/fs"
 	"os"
 	"path/filepath"
@@ -97,14 +96,12 @@ func (l *LayeredFS) ReadFile(elems ...string) ([]byte, error) {
 func (l *LayeredFS) ReadLayeredFile(elems ...string) ([]byte, string, error) {
 	name := util.PathJoinRel(elems...)
 	for _, layer := range l.layers {
-		f, err := layer.Open(name)
-		if os.IsNotExist(err) {
+		bs, err := fs.ReadFile(layer, name)
+		if errors.Is(err, fs.ErrNotExist) {
 			continue
 		} else if err != nil {
 			return nil, layer.name, err
 		}
-		bs, err := io.ReadAll(f)
-		_ = f.Close()
 		return bs, layer.name, err
 	}
 	return nil, "", fs.ErrNotExist

From 2f8ae54b0f51748f1e4df16e5c1e2dbf751933b1 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Thu, 22 Jan 2026 23:38:09 +0100
Subject: [PATCH 204/854] fix(ui): tippy menu styles too broad, affecting
 switch in PR review (#10969)

The custom styles for tippy-enabled menus had too broad selectors, conflicting with styles of other .item elements in tippy boxes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10969
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 tests/e2e/repo-code.test.e2e.ts | 12 +++++
 tests/e2e/switch.test.e2e.ts    | 93 ++++++++++++++++++++-------------
 web_src/css/modules/tippy.css   | 13 +++--
 3 files changed, 80 insertions(+), 38 deletions(-)

diff --git a/tests/e2e/repo-code.test.e2e.ts b/tests/e2e/repo-code.test.e2e.ts
index 49cc210506..7f9ca147ea 100644
--- a/tests/e2e/repo-code.test.e2e.ts
+++ b/tests/e2e/repo-code.test.e2e.ts
@@ -6,6 +6,7 @@
 // templates/repo/view_file.tmpl
 // web_src/css/repo.css
 // web_src/css/repo/file-view.css
+// web_src/css/modules/tippy.css
 // web_src/js/features/repo-code.js
 // web_src/js/features/repo-unicode-escape.js
 // @watch end
@@ -153,3 +154,14 @@ test('Copy line permalink', async ({page}) => {
   const clipboardText = await page.evaluate(() => navigator.clipboard.readText());
   expect(clipboardText).toContain('README.md?display=source#L1');
 });
+
+test('Line menu styles', async ({page}) => {
+  const response = await page.goto('/user2/repo1/src/branch/master/README.md?display=source#L1');
+  expect(response?.status()).toBe(200);
+
+  await page.locator('.code-line-button').click();
+  const button = page.locator('.tippy-box .ref-in-new-issue');
+
+  await expect(button).toHaveCSS('display', 'flex');
+  await expect(button).toHaveCSS('padding', '9px 18px');
+});
diff --git a/tests/e2e/switch.test.e2e.ts b/tests/e2e/switch.test.e2e.ts
index 2a42612dc4..bc4922d198 100644
--- a/tests/e2e/switch.test.e2e.ts
+++ b/tests/e2e/switch.test.e2e.ts
@@ -8,29 +8,14 @@
 // @watch end
 
 import {expect} from '@playwright/test';
-import {test} from './utils_e2e.ts';
-
-test('Switch CSS properties', async ({browser}) => {
-  // This test doesn't need JS and runs a little faster without it
-  const context = await browser.newContext({javaScriptEnabled: false});
-  const page = await context.newPage();
+import {test, login_user} from './utils_e2e.ts';
 
+test.describe('Switch CSS properties', () => {
   const noBg = 'rgba(0, 0, 0, 0)';
   const activeBg = 'rgb(226, 226, 229)';
 
-  const normalMargin = '0px';
-  const normalPadding = '15.75px';
-
-  const specialLeftMargin = '-4px';
-  const specialPadding = '19.75px';
-
-  async function evaluateSwitchItem(page, selector, isActive, background, marginLeft, marginRight, paddingLeft, paddingRight) {
+  async function evaluateSwitchItem(page, selector, isActive, marginLeft, marginRight, paddingLeft, paddingRight, itemHeight) {
     const item = page.locator(selector);
-    if (isActive) {
-      await expect(item).toHaveClass(/active/);
-    } else {
-      await expect(item).not.toHaveClass(/active/);
-    }
     const cs = await item.evaluate((el) => {
       // In Firefox getComputedStyle is undefined if returned from evaluate
       const s = getComputedStyle(el);
@@ -42,33 +27,71 @@ test('Switch CSS properties', async ({browser}) => {
         paddingRight: s.paddingRight,
       };
     });
-    expect(cs.backgroundColor).toBe(background);
     expect(cs.marginLeft).toBe(marginLeft);
     expect(cs.marginRight).toBe(marginRight);
     expect(cs.paddingLeft).toBe(paddingLeft);
     expect(cs.paddingRight).toBe(paddingRight);
+
+    if (isActive) {
+      await expect(item).toHaveClass(/active/);
+      expect(cs.backgroundColor).toBe(activeBg);
+    } else {
+      await expect(item).not.toHaveClass(/active/);
+      expect(cs.backgroundColor).toBe(noBg);
+    }
+
+    expect((await item.boundingBox()).height).toBeCloseTo(itemHeight);
+
+    return true;
   }
 
-  await page.goto('/user2/repo1/pulls');
+  const normalMargin = '0px';
+  const normalPadding = '15.75px';
 
-  await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', true, activeBg, normalMargin, normalMargin, normalPadding, normalPadding);
-  await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, noBg, specialLeftMargin, normalMargin, specialPadding, normalPadding);
-  await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, noBg, normalMargin, normalMargin, normalPadding, normalPadding);
+  const specialLeftMargin = '-4px';
+  const specialPadding = '19.75px';
 
-  await page.goto('/user2/repo1/pulls?state=closed');
+  // Subtest for areas that can be evaluated without JS
+  test('No JS', async ({browser}) => {
+    const context = await browser.newContext({javaScriptEnabled: false});
+    const page = await context.newPage();
 
-  await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, noBg, normalMargin, specialLeftMargin, normalPadding, specialPadding);
-  await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', true, activeBg, normalMargin, normalMargin, normalPadding, normalPadding);
-  await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, noBg, specialLeftMargin, normalMargin, specialPadding, normalPadding);
+    const itemHeight = await page.evaluate(() => window.matchMedia('(pointer: coarse)').matches) ? 38 : 34;
 
-  await page.goto('/user2/repo1/pulls?state=all');
+    await page.goto('/user2/repo1/pulls');
 
-  await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, noBg, normalMargin, normalMargin, normalPadding, normalPadding);
-  await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, noBg, normalMargin, specialLeftMargin, normalPadding, specialPadding);
-  await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', true, activeBg, normalMargin, normalMargin, normalPadding, normalPadding);
+    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
+    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight)).toBeTruthy();
+    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
 
-  // E2E already runs clients with both fine and coarse pointer simulated
-  // This test will verify that coarse-related CSS is working as intended
-  const itemHeight = await page.evaluate(() => window.matchMedia('(pointer: coarse)').matches) ? 38 : 34;
-  expect((await page.locator('#issue-filters .switch > .item:nth-child(1)').boundingBox()).height).toBeCloseTo(itemHeight);
+    await page.goto('/user2/repo1/pulls?state=closed');
+
+    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, normalMargin, specialLeftMargin, normalPadding, specialPadding, itemHeight)).toBeTruthy();
+    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
+    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight)).toBeTruthy();
+
+    await page.goto('/user2/repo1/pulls?state=all');
+
+    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
+    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, normalMargin, specialLeftMargin, normalPadding, specialPadding, itemHeight)).toBeTruthy();
+    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
+  });
+
+  // Subtest for areas that can't be reached without JS
+  test('With JS', async ({browser}, workerInfo) => {
+    const context = await login_user(browser, workerInfo, 'user2');
+    const page = await context.newPage();
+
+    // Go to files tab of a reviewable pull request
+    await page.goto('/user2/repo1/pulls/5/files');
+
+    // Open review box
+    await page.locator('#review-box .js-btn-review').click();
+
+    // Markdown editor has a special rule for a shorter switch
+    const itemHeight = 28;
+
+    expect(await evaluateSwitchItem(page, '.review-box-panel .switch > .item:nth-child(1)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
+    expect(await evaluateSwitchItem(page, '.review-box-panel .switch > .item:nth-child(2)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight)).toBeTruthy();
+  });
 });
diff --git a/web_src/css/modules/tippy.css b/web_src/css/modules/tippy.css
index ebc49b6d22..de681b24b6 100644
--- a/web_src/css/modules/tippy.css
+++ b/web_src/css/modules/tippy.css
@@ -1,3 +1,8 @@
+/* Copyright 2017-2022 atomiks. All rights reserved.
+ * Copyright 2022-2024 The Gitea Authors. All rights reserved.
+ * Copyright 2024 The Forgejo Authors. All rights reserved.
+ * SPDX-License-Identifier: MIT */
+
 /* styles are based on node_modules/tippy.js/dist/tippy.css */
 
 /* class to hide tippy target elements on page load */
@@ -73,7 +78,9 @@
   fill: var(--color-menu);
 }
 
-.tippy-box[data-theme="menu"] .item {
+/* Ellipsis, overflow menus */
+
+.tippy-box[data-theme="menu"] .tippy-target > .item {
   display: flex;
   align-items: center;
   padding: 9px 18px;
@@ -82,11 +89,11 @@
   gap: 10px;
 }
 
-.tippy-box[data-theme="menu"] .item:hover {
+.tippy-box[data-theme="menu"] .tippy-target > .item:hover {
   background: var(--color-hover);
 }
 
-.tippy-box[data-theme="menu"] .item:focus {
+.tippy-box[data-theme="menu"] .tippy-target > .item:focus {
   background: var(--color-active);
 }
 

From 3855eeb6c5419d119a8e947ff2aabaabf9f56189 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 23 Jan 2026 03:52:56 +0100
Subject: [PATCH 205/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.6.0 (forgejo) (#10999)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.5.3` -> `v12.6.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.6.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.5.3/v12.6.0?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.6.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.6.0)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.5.3...v12.6.0)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1236): <!--number 1236 --><!--line 0 --><!--description ZmVhdDogYWRkICd1c2luZzogZG9ja2VyJyBhY3Rpb24gcHJlIGFuZCBwb3N0LWVudHJ5cG9pbnQgc3VwcG9ydA==-->feat: add 'using: docker' action pre and post-entrypoint support<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1287): <!--number 1287 --><!--line 0 --><!--description Zml4OiBlbGltaW5hdGUgbG9nIGRhdGEgbG9zcyBjYXVzZWQgYnkgTFhDICYgUFRZIGJ1ZmZlcg==-->fix: eliminate log data loss caused by LXC & PTY buffer<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1307): <!--number 1307 --><!--line 0 --><!--description Zml4KGpvYnBhcnNlcik6IGV2YWx1YXRpbmcgbWF0cml4IHZhbHVlcyB3aXRoaW4gcnVucy1vbiByZWZlcmVuY2VzIGZpcnN0IG1hdHJpeCB2YWx1ZSBvbmx5-->fix(jobparser): evaluating matrix values within runs-on references first matrix value only<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1312): <!--number 1312 --><!--line 0 --><!--description dGVzdDogdmVyaWZ5IHRoYXQgY29uZmlndXJhdGlvbiBpcyBsb2FkZWQgY29ycmVjdGx5-->test: verify that configuration is loaded correctly<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1315): <!--number 1315 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuNS4x-->Update <https://data.forgejo.org/forgejo/forgejo-build-publish> action to v5.5.1<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1314): <!--number 1314 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuNS4w-->Update <https://data.forgejo.org/forgejo/forgejo-build-publish> action to v5.5.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1290): <!--number 1290 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21vYnkvZ28tYXJjaGl2ZSB0byB2MC4yLjA=-->Update module github.com/moby/go-archive to v0.2.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1308): <!--number 1308 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuMQ==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.1.1<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1306): <!--number 1306 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3NpcnVwc2VuL2xvZ3J1cyB0byB2MS45LjQ=-->Update module github.com/sirupsen/logrus to v1.9.4<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1305): <!--number 1305 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMi41LjM=-->Update forgejo-runner to v12.5.3<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1304): <!--number 1304 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9mb3JnZWpvIERvY2tlciB0YWcgdG8gdjExLjAuMTA=-->Update code.forgejo.org/forgejo/forgejo Docker tag to v11.0.10<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44NC4yIiwidXBkYXRlZEluVmVyIjoiNDIuODQuMiIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10999
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 4 ++--
 go.sum | 9 ++++-----
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index 67b223ee4e..39e4282ee2 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.5.3
+	code.forgejo.org/forgejo/runner/v12 v12.6.0
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
@@ -242,7 +242,7 @@ require (
 	github.com/rhysd/actionlint v1.7.10 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/rs/xid v1.6.0 // indirect
-	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/sirupsen/logrus v1.9.4 // indirect
 	github.com/sorairolake/lzip-go v0.3.8 // indirect
 	github.com/spf13/afero v1.15.0 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
diff --git a/go.sum b/go.sum
index 55e802220f..5d053043f4 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.5.3 h1:x5dydZLjCIgusbVTJwazX3Axu7BBMxSELaXVes+bMt0=
-code.forgejo.org/forgejo/runner/v12 v12.5.3/go.mod h1:nSg+9OoDP3SQG6m6bgzOe1b8x062EwMwxp9uKXEBzfU=
+code.forgejo.org/forgejo/runner/v12 v12.6.0 h1:qs2mvrZeSqsR2sHQHO0kRTUErGrNMHHjm1qRy6EfLZY=
+code.forgejo.org/forgejo/runner/v12 v12.6.0/go.mod h1:G75xcAhTaFE++/57qcBu+Zk7B7R3kLiUz8y2IkIwUKY=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=
@@ -632,8 +632,8 @@ github.com/santhosh-tekuri/jsonschema/v6 v6.0.2/go.mod h1:JXeL+ps8p7/KNMjDQk3TCw
 github.com/serenize/snaker v0.0.0-20171204205717-a683aaf2d516/go.mod h1:Yow6lPLSAXx2ifx470yD/nUe22Dv5vBvxK/UK9UUTVs=
 github.com/sergi/go-diff v1.4.0 h1:n/SP9D5ad1fORl+llWyN+D6qoUETXNZARKjyY2/KVCw=
 github.com/sergi/go-diff v1.4.0/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4=
-github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
-github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=
+github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g=
 github.com/sorairolake/lzip-go v0.3.8 h1:j5Q2313INdTA80ureWYRhX+1K78mUXfMoPZCw/ivWik=
 github.com/sorairolake/lzip-go v0.3.8/go.mod h1:JcBqGMV0frlxwrsE9sMWXDjqn3EeVf0/54YPsw66qkU=
 github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
@@ -841,7 +841,6 @@ golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

From 8a54c5c00d000eeb9fe7c84d83cda28658db0aeb Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 23 Jan 2026 12:10:51 +0100
Subject: [PATCH 206/854] Replace code.forgejo.org/forgejo/forgejo Docker tag
 with data.forgejo.org/forgejo/forgejo (forgejo) (#11005)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11005
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index c8bac88d14..aef008b06f 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -2,7 +2,7 @@ name: Integration tests for the release process
 enable-email-notifications: true
 
 env:
-  FORGEJO_VERSION: 11.0.10 # renovate: datasource=docker depName=code.forgejo.org/forgejo/forgejo
+  FORGEJO_VERSION: 11.0.10 # renovate: datasource=docker depName=data.forgejo.org/forgejo/forgejo
 
 on:
   push:

From 03d5e515afa5a647803e4239599fed17bfdd390b Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 23 Jan 2026 12:58:47 +0100
Subject: [PATCH 207/854] Update dependency vue to v3.5.27 (forgejo) (#10998)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 114 +++++++++++++++++++++++-----------------------
 package.json      |   2 +-
 2 files changed, 58 insertions(+), 58 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c2f554ed52..b6c101e1b6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -73,7 +73,7 @@
         "tributejs": "5.1.3",
         "uint8-to-base64": "0.2.0",
         "vanilla-colorful": "0.7.2",
-        "vue": "3.5.26",
+        "vue": "3.5.27",
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
@@ -5036,22 +5036,22 @@
       }
     },
     "node_modules/@vue/compiler-core": {
-      "version": "3.5.26",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.26.tgz",
-      "integrity": "sha512-vXyI5GMfuoBCnv5ucIT7jhHKl55Y477yxP6fc4eUswjP8FG3FFVFd41eNDArR+Uk3QKn2Z85NavjaxLxOC19/w==",
+      "version": "3.5.27",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.27.tgz",
+      "integrity": "sha512-gnSBQjZA+//qDZen+6a2EdHqJ68Z7uybrMf3SPjEGgG4dicklwDVmMC1AeIHxtLVPT7sn6sH1KOO+tS6gwOUeQ==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.28.5",
-        "@vue/shared": "3.5.26",
+        "@vue/shared": "3.5.27",
         "entities": "^7.0.0",
         "estree-walker": "^2.0.2",
         "source-map-js": "^1.2.1"
       }
     },
     "node_modules/@vue/compiler-core/node_modules/entities": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.0.tgz",
-      "integrity": "sha512-FDWG5cmEYf2Z00IkYRhbFrwIwvdFKH07uV8dvNy0omp/Qb1xcyCWp2UDtcwJF4QZZvk0sLudP6/hAu42TaqVhQ==",
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.1.tgz",
+      "integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
       "license": "BSD-2-Clause",
       "engines": {
         "node": ">=0.12"
@@ -5061,26 +5061,26 @@
       }
     },
     "node_modules/@vue/compiler-dom": {
-      "version": "3.5.26",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.26.tgz",
-      "integrity": "sha512-y1Tcd3eXs834QjswshSilCBnKGeQjQXB6PqFn/1nxcQw4pmG42G8lwz+FZPAZAby6gZeHSt/8LMPfZ4Rb+Bd/A==",
+      "version": "3.5.27",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.27.tgz",
+      "integrity": "sha512-oAFea8dZgCtVVVTEC7fv3T5CbZW9BxpFzGGxC79xakTr6ooeEqmRuvQydIiDAkglZEAd09LgVf1RoDnL54fu5w==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-core": "3.5.26",
-        "@vue/shared": "3.5.26"
+        "@vue/compiler-core": "3.5.27",
+        "@vue/shared": "3.5.27"
       }
     },
     "node_modules/@vue/compiler-sfc": {
-      "version": "3.5.26",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.26.tgz",
-      "integrity": "sha512-egp69qDTSEZcf4bGOSsprUr4xI73wfrY5oRs6GSgXFTiHrWj4Y3X5Ydtip9QMqiCMCPVwLglB9GBxXtTadJ3mA==",
+      "version": "3.5.27",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.27.tgz",
+      "integrity": "sha512-sHZu9QyDPeDmN/MRoshhggVOWE5WlGFStKFwu8G52swATgSny27hJRWteKDSUUzUH+wp+bmeNbhJnEAel/auUQ==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.28.5",
-        "@vue/compiler-core": "3.5.26",
-        "@vue/compiler-dom": "3.5.26",
-        "@vue/compiler-ssr": "3.5.26",
-        "@vue/shared": "3.5.26",
+        "@vue/compiler-core": "3.5.27",
+        "@vue/compiler-dom": "3.5.27",
+        "@vue/compiler-ssr": "3.5.27",
+        "@vue/shared": "3.5.27",
         "estree-walker": "^2.0.2",
         "magic-string": "^0.30.21",
         "postcss": "^8.5.6",
@@ -5097,63 +5097,63 @@
       }
     },
     "node_modules/@vue/compiler-ssr": {
-      "version": "3.5.26",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.26.tgz",
-      "integrity": "sha512-lZT9/Y0nSIRUPVvapFJEVDbEXruZh2IYHMk2zTtEgJSlP5gVOqeWXH54xDKAaFS4rTnDeDBQUYDtxKyoW9FwDw==",
+      "version": "3.5.27",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.27.tgz",
+      "integrity": "sha512-Sj7h+JHt512fV1cTxKlYhg7qxBvack+BGncSpH+8vnN+KN95iPIcqB5rsbblX40XorP+ilO7VIKlkuu3Xq2vjw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.26",
-        "@vue/shared": "3.5.26"
+        "@vue/compiler-dom": "3.5.27",
+        "@vue/shared": "3.5.27"
       }
     },
     "node_modules/@vue/reactivity": {
-      "version": "3.5.26",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.26.tgz",
-      "integrity": "sha512-9EnYB1/DIiUYYnzlnUBgwU32NNvLp/nhxLXeWRhHUEeWNTn1ECxX8aGO7RTXeX6PPcxe3LLuNBFoJbV4QZ+CFQ==",
+      "version": "3.5.27",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.27.tgz",
+      "integrity": "sha512-vvorxn2KXfJ0nBEnj4GYshSgsyMNFnIQah/wczXlsNXt+ijhugmW+PpJ2cNPe4V6jpnBcs0MhCODKllWG+nvoQ==",
       "license": "MIT",
       "dependencies": {
-        "@vue/shared": "3.5.26"
+        "@vue/shared": "3.5.27"
       }
     },
     "node_modules/@vue/runtime-core": {
-      "version": "3.5.26",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.26.tgz",
-      "integrity": "sha512-xJWM9KH1kd201w5DvMDOwDHYhrdPTrAatn56oB/LRG4plEQeZRQLw0Bpwih9KYoqmzaxF0OKSn6swzYi84e1/Q==",
+      "version": "3.5.27",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.27.tgz",
+      "integrity": "sha512-fxVuX/fzgzeMPn/CLQecWeDIFNt3gQVhxM0rW02Tvp/YmZfXQgcTXlakq7IMutuZ/+Ogbn+K0oct9J3JZfyk3A==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.26",
-        "@vue/shared": "3.5.26"
+        "@vue/reactivity": "3.5.27",
+        "@vue/shared": "3.5.27"
       }
     },
     "node_modules/@vue/runtime-dom": {
-      "version": "3.5.26",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.26.tgz",
-      "integrity": "sha512-XLLd/+4sPC2ZkN/6+V4O4gjJu6kSDbHAChvsyWgm1oGbdSO3efvGYnm25yCjtFm/K7rrSDvSfPDgN1pHgS4VNQ==",
+      "version": "3.5.27",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.27.tgz",
+      "integrity": "sha512-/QnLslQgYqSJ5aUmb5F0z0caZPGHRB8LEAQ1s81vHFM5CBfnun63rxhvE/scVb/j3TbBuoZwkJyiLCkBluMpeg==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.26",
-        "@vue/runtime-core": "3.5.26",
-        "@vue/shared": "3.5.26",
+        "@vue/reactivity": "3.5.27",
+        "@vue/runtime-core": "3.5.27",
+        "@vue/shared": "3.5.27",
         "csstype": "^3.2.3"
       }
     },
     "node_modules/@vue/server-renderer": {
-      "version": "3.5.26",
-      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.26.tgz",
-      "integrity": "sha512-TYKLXmrwWKSodyVuO1WAubucd+1XlLg4set0YoV+Hu8Lo79mp/YMwWV5mC5FgtsDxX3qo1ONrxFaTP1OQgy1uA==",
+      "version": "3.5.27",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.27.tgz",
+      "integrity": "sha512-qOz/5thjeP1vAFc4+BY3Nr6wxyLhpeQgAE/8dDtKo6a6xdk+L4W46HDZgNmLOBUDEkFXV3G7pRiUqxjX0/2zWA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-ssr": "3.5.26",
-        "@vue/shared": "3.5.26"
+        "@vue/compiler-ssr": "3.5.27",
+        "@vue/shared": "3.5.27"
       },
       "peerDependencies": {
-        "vue": "3.5.26"
+        "vue": "3.5.27"
       }
     },
     "node_modules/@vue/shared": {
-      "version": "3.5.26",
-      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.26.tgz",
-      "integrity": "sha512-7Z6/y3uFI5PRoKeorTOSXKcDj0MSasfNNltcslbFrPpcw6aXRUALq4IfJlaTRspiWIUOEZbrpM+iQGmCOiWe4A==",
+      "version": "3.5.27",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.27.tgz",
+      "integrity": "sha512-dXr/3CgqXsJkZ0n9F3I4elY8wM9jMJpP3pvRG52r6m0tu/MsAFIe6JpXVGeNMd/D9F4hQynWT8Rfuj0bdm9kFQ==",
       "license": "MIT"
     },
     "node_modules/@vue/test-utils": {
@@ -15722,17 +15722,17 @@
       "license": "MIT"
     },
     "node_modules/vue": {
-      "version": "3.5.26",
-      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.26.tgz",
-      "integrity": "sha512-SJ/NTccVyAoNUJmkM9KUqPcYlY+u8OVL1X5EW9RIs3ch5H2uERxyyIUI4MRxVCSOiEcupX9xNGde1tL9ZKpimA==",
+      "version": "3.5.27",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.27.tgz",
+      "integrity": "sha512-aJ/UtoEyFySPBGarREmN4z6qNKpbEguYHMmXSiOGk69czc+zhs0NF6tEFrY8TZKAl8N/LYAkd4JHVd5E/AsSmw==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@vue/compiler-dom": "3.5.26",
-        "@vue/compiler-sfc": "3.5.26",
-        "@vue/runtime-dom": "3.5.26",
-        "@vue/server-renderer": "3.5.26",
-        "@vue/shared": "3.5.26"
+        "@vue/compiler-dom": "3.5.27",
+        "@vue/compiler-sfc": "3.5.27",
+        "@vue/runtime-dom": "3.5.27",
+        "@vue/server-renderer": "3.5.27",
+        "@vue/shared": "3.5.27"
       },
       "peerDependencies": {
         "typescript": "*"
diff --git a/package.json b/package.json
index e0e5515b15..e461e66cd8 100644
--- a/package.json
+++ b/package.json
@@ -72,7 +72,7 @@
     "tributejs": "5.1.3",
     "uint8-to-base64": "0.2.0",
     "vanilla-colorful": "0.7.2",
-    "vue": "3.5.26",
+    "vue": "3.5.27",
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",

From 5b2ba7a98d093b022f7f0d49116a1392ed76cbdd Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 23 Jan 2026 13:35:06 +0100
Subject: [PATCH 208/854] Update dependency mini-css-extract-plugin to v2.10.0
 (forgejo) (#10934)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10934
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b6c101e1b6..99fda1c6f1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -56,7 +56,7 @@
         "jquery": "3.7.1",
         "katex": "0.16.27",
         "mermaid": "11.12.2",
-        "mini-css-extract-plugin": "2.9.3",
+        "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.1.1",
         "pdfobject": "2.3.0",
         "postcss": "8.5.6",
@@ -11788,9 +11788,9 @@
       }
     },
     "node_modules/mini-css-extract-plugin": {
-      "version": "2.9.3",
-      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.9.3.tgz",
-      "integrity": "sha512-tRA0+PsS4kLVijnN1w9jUu5lkxBwUk9E8SbgEB5dBJqchE6pVYdawROG6uQtpmAri7tdCK9i7b1bULeVWqS6Ag==",
+      "version": "2.10.0",
+      "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.10.0.tgz",
+      "integrity": "sha512-540P2c5dYnJlyJxTaSloliZexv8rji6rY8FhQN+WF/82iHQfA23j/xtJx97L+mXOML27EqksSek/g4eK7jaL3g==",
       "license": "MIT",
       "dependencies": {
         "schema-utils": "^4.0.0",
diff --git a/package.json b/package.json
index e461e66cd8..e78bfd20b7 100644
--- a/package.json
+++ b/package.json
@@ -55,7 +55,7 @@
     "jquery": "3.7.1",
     "katex": "0.16.27",
     "mermaid": "11.12.2",
-    "mini-css-extract-plugin": "2.9.3",
+    "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.1.1",
     "pdfobject": "2.3.0",
     "postcss": "8.5.6",

From 65169068b232786ba7c91658afa99b2f7fdc579f Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 23 Jan 2026 13:36:06 +0100
Subject: [PATCH 209/854] Update dependency postcss-html to v1.8.1 (forgejo)
 (#10889)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10889
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 99fda1c6f1..e8162af833 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -111,7 +111,7 @@
         "happy-dom": "20.0.11",
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.47.0",
-        "postcss-html": "1.8.0",
+        "postcss-html": "1.8.1",
         "sharp": "0.34.5",
         "stylelint": "16.26.1",
         "stylelint-declaration-block-no-ignored-properties": "2.8.0",
@@ -12613,9 +12613,9 @@
       }
     },
     "node_modules/postcss-html": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/postcss-html/-/postcss-html-1.8.0.tgz",
-      "integrity": "sha512-5mMeb1TgLWoRKxZ0Xh9RZDfwUUIqRrcxO2uXO+Ezl1N5lqpCiSU5Gk6+1kZediBfBHFtPCdopr2UZ2SgUsKcgQ==",
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/postcss-html/-/postcss-html-1.8.1.tgz",
+      "integrity": "sha512-OLF6P7qctfAWayOhLpcVnTGqVeJzu2W3WpIYelfz2+JV5oGxfkcEvweN9U4XpeqE0P98dcD9ssusGwlF0TK0uQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index e78bfd20b7..33b7269c6a 100644
--- a/package.json
+++ b/package.json
@@ -110,7 +110,7 @@
     "happy-dom": "20.0.11",
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.47.0",
-    "postcss-html": "1.8.0",
+    "postcss-html": "1.8.1",
     "sharp": "0.34.5",
     "stylelint": "16.26.1",
     "stylelint-declaration-block-no-ignored-properties": "2.8.0",

From 0dbd533e420518deeeb8ab9f330928af46e3a0b8 Mon Sep 17 00:00:00 2001
From: Antonin Delpeuch <antonin@delpeuch.eu>
Date: Fri, 23 Jan 2026 17:16:53 +0100
Subject: [PATCH 210/854] fix(locale): tooltip for "Owner" role should not
 imply unique owner (#11004)

Forgejo organisations can have multiple owners. In issue or PR discussions, the tooltip for the "Owner" role should not imply that a repository has a single owner. Therefore, I am proposing that it says "an owner" instead of "the owner".

One choose to keep the tooltip with its current wording for repositories owned by an individual (instead of an organization), but the new tooltip remains correct even if there happens to be a single owner, and I don't think the wording difference warrants a runtime check.

#### Before (on Codeberg)
![image](https://codeberg.org/attachments/a20d80af-d93d-410b-919c-265c28921088)

#### After (on local instance)
![image](https://codeberg.org/attachments/b676e7ca-d2e6-453a-aa53-3f546e79a584)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11004
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
---
 options/locale/locale_en-US.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 5fbe63eff6..543d75a0f9 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1651,7 +1651,7 @@ issues.author = Author
 issues.author.tooltip.issue = This user is the author of this issue.
 issues.author.tooltip.pr = This user is the author of this pull request.
 issues.role.owner = Owner
-issues.role.owner_helper = This user is the owner of this repository.
+issues.role.owner_helper = This user is an owner of this repository.
 issues.role.member = Member
 issues.role.member_helper = This user is a member of the organization owning this repository.
 issues.role.collaborator = Collaborator

From c52ecd22589a35577afd3248d48a96a292f4e1d5 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 23 Jan 2026 18:38:09 +0100
Subject: [PATCH 211/854] fix: don't clobber authorized_keys file during
 installation (#10948)

This PR makes two changes.

**First**, it removes the ability for Forgejo to rewrite ssh authorized_keys during startup.  Forgejo previously checked if the application path or config file path had changed from that which is recorded in its database.  If either has changed, it would rewrite the SSH `authorized_keys` file, as those paths are embedded into that file.  The problem is that if a new installation runs the app and goes through a standard init procedure, it will clobber ~/.ssh/authorized_keys which is a disruptive mistake.

Instead, Forgejo will proceed to ssh initialization, and due to the change in #10010 the incorrect application path or config file path will result in a fatal server error that the administrator must resolve.  Disabling SSH is added as a plausible option for how to resolve that fatal error.

**Second**, the interactive install UI has been modified to detect this error before the installation proceeds.  If a user is attempting to install Forgejo with SSH, and they have an existing `~/.ssh/authorized_keys` file with keys present in it, the installation will fail with an error advising them to use a separate Forgejo user or to disable SSH.  (More options are possible to fix this problem, but these are the obvious solutions.)

![image](/attachments/69ef979e-e949-4306-a7e5-2adfb7214199)

Fixes #10942.

Manually tested.  Without the install process change, Forgejo behaves like this:
- Configure a typical end-user `~/.ssh/authorized_keys` file with normal keys
- Run through a Forgejo initialization process on a new database; run with SQLite, add a new administrator account during the init process.
- After initialization, Forgejo will restart and encounter a fatal error:
```
2026/01/20 10:11:24 routers/init.go:84:syncAppConfForGit() [I] AppPath changed from '' to '/home/mfenniak/Dev/forgejo/forgejo'
2026/01/20 10:11:24 routers/init.go:89:syncAppConfForGit() [I] CustomConf changed from '' to '/home/mfenniak/Dev/forgejo/custom/conf/app.ini'
2026/01/20 10:11:24 routers/init.go:95:syncAppConfForGit() [I] re-sync repository hooks ...
2026/01/20 10:11:24 ...er/issues/indexer.go:155:func2() [I] Issue Indexer Initialization took 9.858336ms
2026/01/20 10:11:24 modules/ssh/init.go:86:Init() [F] An unexpected ssh public key was discovered. Forgejo will shutdown to require this to be fixed. Fix by either:
Option 1: Delete the file /home/mfenniak/.ssh/authorized_keys, and Forgejo will recreate it with only expected ssh public keys.
Option 2: Permit unexpected keys by setting [server].SSH_ALLOW_UNEXPECTED_AUTHORIZED_KEYS=true in Forgejo's config file.
Option 3: If unused, disable SSH support by setting [server].DISABLE_SSH=true in Forgejo's config file.
        Unexpected key on line 1 of /home/mfenniak/.ssh/authorized_keys
        Unexpected key on line 2 of /home/mfenniak/.ssh/authorized_keys
        Unexpected key on line 3 of /home/mfenniak/.ssh/authorized_keys
        Unexpected key on line 4 of /home/mfenniak/.ssh/authorized_keys
```

With the install process change, the above error screenshot occurs instead.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10948): <!--number 10948 --><!--line 0 --><!--description ZG9uJ3QgY2xvYmJlciBhdXRob3JpemVkX2tleXMgZmlsZSBkdXJpbmcgaW5zdGFsbGF0aW9u-->don't clobber authorized_keys file during installation<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10948
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 modules/ssh/init.go                   |  4 +++-
 options/locale_next/locale_en-US.json |  2 ++
 routers/init.go                       |  5 -----
 routers/install/install.go            | 20 ++++++++++++++++++++
 4 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/modules/ssh/init.go b/modules/ssh/init.go
index 432cda0c13..ebc17de69c 100644
--- a/modules/ssh/init.go
+++ b/modules/ssh/init.go
@@ -85,7 +85,9 @@ func Init(ctx context.Context) error {
 			detailConcat := strings.Join(unexpectedKeys, "\n\t")
 			log.Fatal("An unexpected ssh public key was discovered. Forgejo will shutdown to require this to be fixed. Fix by either:\n"+
 				"Option 1: Delete the file %s, and Forgejo will recreate it with only expected ssh public keys.\n"+
-				"Option 2: Permit unexpected keys by setting [server].SSH_ALLOW_UNEXPECTED_AUTHORIZED_KEYS=true in Forgejo's config file.\n\t"+
+				"Option 2: Permit unexpected keys by setting [server].SSH_ALLOW_UNEXPECTED_AUTHORIZED_KEYS=true in Forgejo's config file.\n"+
+				"Option 3: If unused, disable SSH support by setting [server].DISABLE_SSH=true in Forgejo's config file.\n"+
+				"\t"+
 				detailConcat, filepath.Join(setting.SSH.RootPath, "authorized_keys"))
 		}
 	}
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index e1b9125e7f..7dee8fa37e 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -115,6 +115,8 @@
 	"alert.asset_load_failed": "Failed to load asset files from {path}. Please make sure the asset files can be accessed.",
 	"alert.range_error": " must be a number between %[1]s and %[2]s.",
 	"install.invalid_lfs_path": "Unable to create the LFS root at the specified path: %[1]s",
+	"install.ssh_authorized_keys_inspection_error": "Failed to inspect existing authorized_keys file: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Enabling SSH for Forgejo conflicts with the file located at %s that contains existing SSH keys. Suggestions: use a dedicated system user for Forgejo, or disable SSH.",
 	"profile.actions.tooltip": "More actions",
 	"profile.edit.link": "Edit profile",
 	"feed.atom.link": "Atom feed",
diff --git a/routers/init.go b/routers/init.go
index 7c52a6d6b6..adea646672 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -9,7 +9,6 @@ import (
 	"runtime"
 
 	"forgejo.org/models"
-	asymkey_model "forgejo.org/models/asymkey"
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/modules/cache"
 	"forgejo.org/modules/eventsource"
@@ -95,10 +94,6 @@ func syncAppConfForGit(ctx context.Context) error {
 	if updated {
 		log.Info("re-sync repository hooks ...")
 		mustInitCtx(ctx, repo_service.SyncRepositoryHooks)
-
-		log.Info("re-write ssh public keys ...")
-		mustInitCtx(ctx, asymkey_model.RewriteAllPublicKeys)
-
 		return system.AppState.Set(ctx, runtimeState)
 	}
 	return nil
diff --git a/routers/install/install.go b/routers/install/install.go
index 63a3f965f4..243f4a8f19 100644
--- a/routers/install/install.go
+++ b/routers/install/install.go
@@ -15,6 +15,7 @@ import (
 	"strings"
 	"time"
 
+	"forgejo.org/models/asymkey"
 	"forgejo.org/models/db"
 	db_install "forgejo.org/models/db/install"
 	"forgejo.org/models/gitea_migrations"
@@ -403,6 +404,25 @@ func SubmitInstall(ctx *context.Context) {
 	} else {
 		cfg.Section("server").Key("DISABLE_SSH").SetValue("false")
 		cfg.Section("server").Key("SSH_PORT").SetValue(fmt.Sprint(form.SSHPort))
+
+		sshKeyErrors, err := asymkey.InspectPublicKeys(ctx)
+		if err != nil {
+			ctx.RenderWithErr(ctx.Tr("install.ssh_authorized_keys_inspection_error", err), tplInstall, &form)
+			return
+		}
+
+		var authorizedKeysWillCauseFatalError bool
+		for _, finding := range sshKeyErrors {
+			if finding.Type == asymkey.InspectionResultUnexpectedKey {
+				// Any single finding of this type would cause `ssh.Init` to have a fatal error on Forgejo startup, so
+				// let's note it here while the install page is still usable and allow users to deal with it.
+				authorizedKeysWillCauseFatalError = true
+			}
+		}
+		if authorizedKeysWillCauseFatalError {
+			ctx.RenderWithErr(ctx.Tr("install.ssh_authorized_keys_unexpected_key", filepath.Join(setting.SSH.RootPath, "authorized_keys")), tplInstall, &form)
+			return
+		}
 	}
 
 	if form.LFSRootPath != "" {

From 2d55ad5585fadde21e6a499b1b64f3b15ecac144 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Sat, 24 Jan 2026 04:51:18 +0100
Subject: [PATCH 212/854] fix NewMockWebServer(): Headers never reached the
 http client (#11007)

Found while working on https://codeberg.org/forgejo/forgejo/pulls/10798#issuecomment-10083846: The symptom was that the go-github client never returned a `resp.After`, so I tracked down the root cause, which was that, with the mocked http server ...

Mocked headers never reached the calling client, because w.WriteHeader()
was called before the headers were set in the response.

Fix by moving w.WriteHeader() to the right place just before w.Write(),
which writes the body.

Test added which fails without the fix and succeeds with it.

### Tests

- I added test coverage for Go changes...
  - [X] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [X] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [X] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11007
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 models/unittest/mock_http.go      | 10 +++++++---
 models/unittest/mock_http_test.go | 24 ++++++++++++++++++++++++
 models/unittest/testdata/GET_%2F  |  3 +++
 3 files changed, 34 insertions(+), 3 deletions(-)
 create mode 100644 models/unittest/mock_http_test.go
 create mode 100644 models/unittest/testdata/GET_%2F

diff --git a/models/unittest/mock_http.go b/models/unittest/mock_http.go
index c2c12e55ee..3c4ddd8e27 100644
--- a/models/unittest/mock_http.go
+++ b/models/unittest/mock_http.go
@@ -91,8 +91,6 @@ func NewMockWebServer(t *testing.T, liveServerBaseURL, testDataDir string, liveM
 		fixture, err := os.ReadFile(fixturePath)
 		require.NoError(t, err, "missing mock HTTP response: "+fixturePath)
 
-		w.WriteHeader(http.StatusOK)
-
 		// replace any mention of the live HTTP service by the mocked host
 		stringFixture := strings.ReplaceAll(string(fixture), liveServerBaseURL, mockServerBaseURL)
 		if isGh {
@@ -104,10 +102,16 @@ func NewMockWebServer(t *testing.T, liveServerBaseURL, testDataDir string, liveM
 		for idx, line := range lines {
 			colonIndex := strings.Index(line, ": ")
 			if colonIndex != -1 {
-				w.Header().Set(line[0:colonIndex], line[colonIndex+2:])
+				// Because we modified the body with ReplaceAll() above, we need to
+				// remove Content-Length. w.Write() should add it back.
+				header := line[0:colonIndex]
+				if !strings.EqualFold(header, "Content-Length") {
+					w.Header().Set(line[0:colonIndex], line[colonIndex+2:])
+				}
 			} else {
 				// we reached the end of the headers (empty line), so what follows is the body
 				responseBody := strings.Join(lines[idx+1:], "\n")
+				w.WriteHeader(http.StatusOK)
 				_, err := w.Write([]byte(responseBody))
 				require.NoError(t, err, "writing the body of the HTTP response failed")
 				break
diff --git a/models/unittest/mock_http_test.go b/models/unittest/mock_http_test.go
new file mode 100644
index 0000000000..9ae4592aab
--- /dev/null
+++ b/models/unittest/mock_http_test.go
@@ -0,0 +1,24 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package unittest
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// NOTE: This is a test of the unittest helper itself
+func TestMockWebServer(t *testing.T) {
+	server := NewMockWebServer(t, "https://example.com", "testdata", false)
+	defer server.Close()
+	request, err := http.NewRequest("GET", server.URL+"/", nil)
+	require.NoError(t, err)
+	response, err := server.Client().Do(request)
+	require.NoError(t, err)
+	assert.Len(t, response.Header["Header"], 1)
+	assert.Equal(t, "value", response.Header["Header"][0])
+}
diff --git a/models/unittest/testdata/GET_%2F b/models/unittest/testdata/GET_%2F
new file mode 100644
index 0000000000..8b79a2cd25
--- /dev/null
+++ b/models/unittest/testdata/GET_%2F
@@ -0,0 +1,3 @@
+Header: value
+
+bodydata

From d996dfb476e9d1028146707fdd4850d98e8555ac Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sat, 24 Jan 2026 21:25:31 +0100
Subject: [PATCH 213/854] feat: filter action runs by Git reference (#11013)

Make it possible to filter action runs returned by `/api/v1/repos/andreas/test/actions/runs` by Git reference.

Resolves https://codeberg.org/forgejo/forgejo/issues/10874.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11013
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 models/actions/run_job_list.go             |  8 --------
 models/actions/run_list.go                 | 12 ++++++++++++
 routers/api/v1/repo/action.go              |  9 +++++++--
 templates/swagger/v1_json.tmpl             |  6 ++++++
 tests/integration/api_repo_actions_test.go |  5 +++++
 5 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/models/actions/run_job_list.go b/models/actions/run_job_list.go
index afc754f26a..cbcb4beb8e 100644
--- a/models/actions/run_job_list.go
+++ b/models/actions/run_job_list.go
@@ -54,8 +54,6 @@ type FindRunJobOptions struct {
 	CommitSHA     string
 	Statuses      []Status
 	UpdatedBefore timeutil.TimeStamp
-	Events        []string // []webhook_module.HookEventType
-	RunNumber     int64
 }
 
 func (opts FindRunJobOptions) ToConds() builder.Cond {
@@ -78,11 +76,5 @@ func (opts FindRunJobOptions) ToConds() builder.Cond {
 	if opts.UpdatedBefore > 0 {
 		cond = cond.And(builder.Lt{"updated": opts.UpdatedBefore})
 	}
-	if len(opts.Events) > 0 {
-		cond = cond.And(builder.In("event", opts.Events))
-	}
-	if opts.RunNumber > 0 {
-		cond = cond.And(builder.Eq{"`index`": opts.RunNumber})
-	}
 	return cond
 }
diff --git a/models/actions/run_list.go b/models/actions/run_list.go
index 92be510569..a450212185 100644
--- a/models/actions/run_list.go
+++ b/models/actions/run_list.go
@@ -72,6 +72,9 @@ type FindRunOptions struct {
 	TriggerEvent  webhook_module.HookEventType
 	Approved      bool // not util.OptionalBool, it works only when it's true
 	Status        []Status
+	Events        []string // []webhook_module.HookEventType
+	RunNumber     int64
+	CommitSHA     string
 }
 
 func (opts FindRunOptions) ToConds() builder.Cond {
@@ -100,6 +103,15 @@ func (opts FindRunOptions) ToConds() builder.Cond {
 	if opts.TriggerEvent != "" {
 		cond = cond.And(builder.Eq{"trigger_event": opts.TriggerEvent})
 	}
+	if len(opts.Events) > 0 {
+		cond = cond.And(builder.In("event", opts.Events))
+	}
+	if opts.RunNumber > 0 {
+		cond = cond.And(builder.Eq{"`index`": opts.RunNumber})
+	}
+	if opts.CommitSHA != "" {
+		cond = cond.And(builder.Eq{"commit_sha": opts.CommitSHA})
+	}
 	return cond
 }
 
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index 01ad2cc5aa..85726c72a1 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -882,6 +882,10 @@ func ListActionRuns(ctx *context.APIContext) {
 	//   in: query
 	//   description: Only returns workflow runs that are associated with the specified head_sha.
 	//   type: string
+	// - name: ref
+	//   in: query
+	//   description: Only return workflow runs that involve the given Git reference, for example, `refs/heads/main`.
+	//   type: string
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/ActionRunList"
@@ -901,14 +905,15 @@ func ListActionRuns(ctx *context.APIContext) {
 		}
 	}
 
-	runs, total, err := db.FindAndCount[actions_model.ActionRun](ctx, &actions_model.FindRunJobOptions{
+	runs, total, err := db.FindAndCount[actions_model.ActionRun](ctx, &actions_model.FindRunOptions{
 		ListOptions: utils.GetListOptions(ctx),
 		OwnerID:     ctx.Repo.Owner.ID,
 		RepoID:      ctx.Repo.Repository.ID,
 		Events:      ctx.FormStrings("event"),
-		Statuses:    statuses,
+		Status:      statuses,
 		RunNumber:   ctx.FormInt64("run_number"),
 		CommitSHA:   ctx.FormString("head_sha"),
+		Ref:         ctx.FormString("ref"),
 	})
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "ListActionRuns", err)
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index c8cf126b73..29d2683a5f 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -5781,6 +5781,12 @@
             "description": "Only returns workflow runs that are associated with the specified head_sha.",
             "name": "head_sha",
             "in": "query"
+          },
+          {
+            "type": "string",
+            "description": "Only return workflow runs that involve the given Git reference, for example, `refs/heads/main`.",
+            "name": "ref",
+            "in": "query"
           }
         ],
         "responses": {
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index 44d0cb2873..896eacb106 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -271,6 +271,11 @@ func TestActionsAPIGetListActionRun(t *testing.T) {
 			query:       "?head_sha=97f29ee599c373c729132a5c46a046978311e0ee",
 			expectedIDs: []int64{892, 894},
 		},
+		{
+			name:        "Search for Git reference",
+			query:       "?ref=refs/heads/main",
+			expectedIDs: []int64{892, 894},
+		},
 	}
 
 	for _, tt := range testqueries {

From 217da2ae7f3fa973415219442757ac06b7dd43f4 Mon Sep 17 00:00:00 2001
From: Shiny Nematoda <snematoda.751k2@aleeas.com>
Date: Sun, 25 Jan 2026 14:44:35 +0100
Subject: [PATCH 214/854] fix: be case-insensitive when using bleve for issue
 search (#11022)

The indexer previously used a `camelcase` filter which could be problamatic for certain queries.
This commit removes the faulty filter for bleve, matching the behaviour of the database "indexer".

closes !10997

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11022
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
---
 modules/indexer/issues/bleve/bleve.go  | 5 ++---
 modules/indexer/issues/indexer_test.go | 7 +++++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/modules/indexer/issues/bleve/bleve.go b/modules/indexer/issues/bleve/bleve.go
index a7c87c8f47..94e4ed8cc4 100644
--- a/modules/indexer/issues/bleve/bleve.go
+++ b/modules/indexer/issues/bleve/bleve.go
@@ -13,7 +13,6 @@ import (
 
 	"github.com/blevesearch/bleve/v2"
 	"github.com/blevesearch/bleve/v2/analysis/analyzer/custom"
-	"github.com/blevesearch/bleve/v2/analysis/token/camelcase"
 	"github.com/blevesearch/bleve/v2/analysis/token/lowercase"
 	"github.com/blevesearch/bleve/v2/analysis/token/unicodenorm"
 	"github.com/blevesearch/bleve/v2/analysis/tokenizer/unicode"
@@ -24,7 +23,7 @@ import (
 const (
 	issueIndexerAnalyzer      = "issueIndexer"
 	issueIndexerDocType       = "issueIndexerDocType"
-	issueIndexerLatestVersion = 5
+	issueIndexerLatestVersion = 6
 )
 
 const unicodeNormalizeName = "unicodeNormalize"
@@ -100,7 +99,7 @@ func generateIssueIndexMapping() (mapping.IndexMapping, error) {
 		"type":          custom.Name,
 		"char_filters":  []string{},
 		"tokenizer":     unicode.Name,
-		"token_filters": []string{unicodeNormalizeName, camelcase.Name, lowercase.Name},
+		"token_filters": []string{unicodeNormalizeName, lowercase.Name},
 	}); err != nil {
 		return nil, err
 	}
diff --git a/modules/indexer/issues/indexer_test.go b/modules/indexer/issues/indexer_test.go
index 99a09380e7..3a913d8e79 100644
--- a/modules/indexer/issues/indexer_test.go
+++ b/modules/indexer/issues/indexer_test.go
@@ -53,6 +53,13 @@ func searchIssueWithKeyword(t *testing.T) {
 			},
 			[]int64{2},
 		},
+		{
+			"ISSUe2", // case-insensitive search
+			&SearchOptions{
+				RepoIDs: []int64{1},
+			},
+			[]int64{2},
+		},
 		{
 			"first",
 			&SearchOptions{

From 54017ee5c4ec948c6f3c09c41fb0de1b4d252e8b Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sun, 25 Jan 2026 15:51:18 +0100
Subject: [PATCH 215/854] fix: detect renames when using diff-tree (#11038)

Regression of forgejo/forgejo!9587

`git-diff` will always find renames because it is implied by the `diff.renames` configuration option. Specify `--find-renames` to detect renames again.

Resolves forgejo/forgejo#11032

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11038
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 modules/git/repo_compare.go                   |   4 +--
 modules/git/repo_compare_test.go              |  34 ++++++++++++++++++
 modules/git/tests/repos/renames/HEAD          |   1 +
 modules/git/tests/repos/renames/config        |   6 ++++
 .../repos/renames/objects/info/commit-graph   | Bin 0 -> 1292 bytes
 .../tests/repos/renames/objects/info/packs    |   3 ++
 ...04d9ebf3e2c4620d7142f736b92d739834e2d4.idx | Bin 0 -> 1240 bytes
 ...9ebf3e2c4620d7142f736b92d739834e2d4.mtimes | Bin 0 -> 76 bytes
 ...4d9ebf3e2c4620d7142f736b92d739834e2d4.pack | Bin 0 -> 1868 bytes
 ...04d9ebf3e2c4620d7142f736b92d739834e2d4.rev | Bin 0 -> 76 bytes
 ...a94fcad36c556cd5921e8df7feff7cbbbb2.bitmap | Bin 0 -> 290 bytes
 ...cbea94fcad36c556cd5921e8df7feff7cbbbb2.idx | Bin 0 -> 1296 bytes
 ...bea94fcad36c556cd5921e8df7feff7cbbbb2.pack | Bin 0 -> 2738 bytes
 ...cbea94fcad36c556cd5921e8df7feff7cbbbb2.rev | Bin 0 -> 84 bytes
 modules/git/tests/repos/renames/packed-refs   |   2 ++
 .../tests/repos/renames/refs/heads/.gitkeep   |   0
 16 files changed, 48 insertions(+), 2 deletions(-)
 create mode 100644 modules/git/tests/repos/renames/HEAD
 create mode 100644 modules/git/tests/repos/renames/config
 create mode 100644 modules/git/tests/repos/renames/objects/info/commit-graph
 create mode 100644 modules/git/tests/repos/renames/objects/info/packs
 create mode 100644 modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.idx
 create mode 100644 modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.mtimes
 create mode 100644 modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.pack
 create mode 100644 modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.rev
 create mode 100644 modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.bitmap
 create mode 100644 modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.idx
 create mode 100644 modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.pack
 create mode 100644 modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.rev
 create mode 100644 modules/git/tests/repos/renames/packed-refs
 create mode 100644 modules/git/tests/repos/renames/refs/heads/.gitkeep

diff --git a/modules/git/repo_compare.go b/modules/git/repo_compare.go
index 98a1930ac2..f97d7b67fa 100644
--- a/modules/git/repo_compare.go
+++ b/modules/git/repo_compare.go
@@ -189,7 +189,7 @@ var (
 // `useMergebase` is specified then the merge base between `base` and `head` is
 // used to compare against `head`.
 func (repo *Repository) GetShortStat(base, head string, useMergebase bool) (numFiles, totalAdditions, totalDeletions int, err error) {
-	cmd := NewCommand(repo.Ctx, "diff-tree", "--shortstat")
+	cmd := NewCommand(repo.Ctx, "diff-tree", "--shortstat", "--find-renames")
 	if useMergebase {
 		cmd = cmd.AddArguments("--merge-base")
 	}
@@ -211,7 +211,7 @@ func (repo *Repository) GetShortStat(base, head string, useMergebase bool) (numF
 
 // GetCommitShortStat returns the number of files, total additions and total deletions the commit has.
 func (repo *Repository) GetCommitShortStat(commitID string) (numFiles, totalAdditions, totalDeletions int, err error) {
-	cmd := NewCommand(repo.Ctx, "diff-tree", "--shortstat", "--no-commit-id", "--root").AddDynamicArguments(commitID)
+	cmd := NewCommand(repo.Ctx, "diff-tree", "--shortstat", "--no-commit-id", "--root", "--find-renames").AddDynamicArguments(commitID)
 	stdout, _, err := cmd.RunStdString(&RunOpts{Dir: repo.Path})
 	if err != nil {
 		return 0, 0, 0, err
diff --git a/modules/git/repo_compare_test.go b/modules/git/repo_compare_test.go
index fcdc256112..aa8e92e0ea 100644
--- a/modules/git/repo_compare_test.go
+++ b/modules/git/repo_compare_test.go
@@ -242,6 +242,18 @@ func TestGetCommitShortStat(t *testing.T) {
 		assert.Equal(t, 6, totalAddition)
 		assert.Equal(t, 0, totalDeletions)
 	})
+
+	t.Run("Renames", func(t *testing.T) {
+		repo, err := OpenRepository(t.Context(), filepath.Join(testReposDir, "renames"))
+		require.NoError(t, err)
+		defer repo.Close()
+
+		numFiles, totalAddition, totalDeletions, err := repo.GetCommitShortStat("f667f3a24223414e3bfbe01ab6e445c703ab8e25")
+		require.NoError(t, err)
+		assert.Equal(t, 1, numFiles)
+		assert.Zero(t, totalAddition)
+		assert.Zero(t, totalDeletions)
+	})
 }
 
 func TestGetShortStat(t *testing.T) {
@@ -301,6 +313,28 @@ func TestGetShortStat(t *testing.T) {
 		assert.Zero(t, totalAdditions)
 		assert.Zero(t, totalDeletions)
 	})
+
+	t.Run("Renames", func(t *testing.T) {
+		repo, err := OpenRepository(t.Context(), filepath.Join(testReposDir, "renames"))
+		require.NoError(t, err)
+		defer repo.Close()
+
+		t.Run("Only rename", func(t *testing.T) {
+			numFiles, totalAdditions, totalDeletions, err := repo.GetShortStat("bc40f00489096a7d4090a609a6572f528e1acb76", "f667f3a24223414e3bfbe01ab6e445c703ab8e25", true)
+			require.NoError(t, err)
+			assert.Equal(t, 1, numFiles)
+			assert.Zero(t, totalAdditions)
+			assert.Zero(t, totalDeletions)
+		})
+
+		t.Run("Too much diverged", func(t *testing.T) {
+			numFiles, totalAdditions, totalDeletions, err := repo.GetShortStat("bc40f00489096a7d4090a609a6572f528e1acb76", "acdee217ada3fea6e503acfb969724cc799fc516", true)
+			require.NoError(t, err)
+			assert.Equal(t, 2, numFiles)
+			assert.Equal(t, 3, totalAdditions)
+			assert.Equal(t, 1, totalDeletions)
+		})
+	})
 }
 
 func TestGetMergeBaseSimple(t *testing.T) {
diff --git a/modules/git/tests/repos/renames/HEAD b/modules/git/tests/repos/renames/HEAD
new file mode 100644
index 0000000000..b870d82622
--- /dev/null
+++ b/modules/git/tests/repos/renames/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/main
diff --git a/modules/git/tests/repos/renames/config b/modules/git/tests/repos/renames/config
new file mode 100644
index 0000000000..4ea33d92c0
--- /dev/null
+++ b/modules/git/tests/repos/renames/config
@@ -0,0 +1,6 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
+[remote "origin"]
+	url = /home/gusted/Desktop/renames
diff --git a/modules/git/tests/repos/renames/objects/info/commit-graph b/modules/git/tests/repos/renames/objects/info/commit-graph
new file mode 100644
index 0000000000000000000000000000000000000000..383b1bc4435f71903d8db505250416b29a47d469
GIT binary patch
literal 1292
zcmZ>E5Aa}QWMT04ba7*V02d(J2f}1=advSGfwCLiT^x;|>^Be^M6&!qut!;=AuuFD
zfD!0QN-z^p|46{hKz|a%YwkS~U%U9<vZu^zeovdOa;9?rQL#M^A6Pm$vuYhCEaO}j
zt{>DVb-L_Z`sYPX%8q{4zaL0#d*XVWd3B#^g~NI~k#9=AtFzPV<<dTyY=8gtIw))l
zfCLcmWR^)>UKuXkyL7wFEB`aUL-+jBE%~D5JOv~VRl|~5CVo@zr4iqSOPr_Hh)h&H
uk#+Uu-tY=gS;Yud!vQpBJ;*>9I8pQP-vys(_t+lq>{E;0&^_hdoI?O+xmrvB

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/renames/objects/info/packs b/modules/git/tests/repos/renames/objects/info/packs
new file mode 100644
index 0000000000..226626bf64
--- /dev/null
+++ b/modules/git/tests/repos/renames/objects/info/packs
@@ -0,0 +1,3 @@
+P pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.pack
+P pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.pack
+
diff --git a/modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.idx b/modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.idx
new file mode 100644
index 0000000000000000000000000000000000000000..7e7196c5c8257b0258cfeb97c1c750018c614187
GIT binary patch
literal 1240
zcmexg;-AdGz`z8==ztL@Ko1PEn^u?^Xf_D5jN;KS7~yGv73hC#m<=e-#?rSY@>R;^
zecBgps_`FNYr5TK&wM%W^|p})WfOk=;7<4W@;@!*NFKAPfn;^p@dmTlRQU;RM;~mw
zm?e19T>1J6DW#*c{rvf-9OBep{rjKvl^?rA&ai&z_dDM(@xTHxYxh4-^u_+gERuRE
z^YBpXQ)|xOf@xo6SySHmZLzNP3eZl!T;^^Qr*%i*c{Ho!26?U5KsWIKu_X|v0r5j%
z76#^Hb`2Yro3B4VI+Da&==9xer*82KlSfy4zr6`e>J|Ic&8K2|=X0Rt+B1rk06nW<
AcK`qY

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.mtimes b/modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.mtimes
new file mode 100644
index 0000000000000000000000000000000000000000..31e93d8189b0dbc8641d7d8132566f9fe20be0e2
GIT binary patch
literal 76
zcmeYb@pWZjU|<B{%rfzpnPn1+KrDq|i$Aqtx%v9@qa#VYg-+kicIp<-FnM$(y>yAl
V8$S1r61Co(`)(T||7>%91_01T9?$>)

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.pack b/modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.pack
new file mode 100644
index 0000000000000000000000000000000000000000..880b956c0cf1fea84c70f0a3e4cc6325c9adc6a8
GIT binary patch
literal 1868
zcmV-S2ebH4K|@Ob00062000J}0(hJ=G%zqTF;NI|b@X*{W%w7fNb0G~!$Yl4tvP=S
zrhS!VO?d|Z#A*#eq5^oFGc+(TGci#Ja&`1|ab++ykgV=H-e4A+DnG&P=!1<Hvjk59
z0H$*cAhij2oF&OI4#F@D1<<{x`0P~<!2ly;XA}RXfz*~#qf$<f5aZLE*s`xgI4<4`
zA3j2Gt%3Q+6V5!`6xp>}NtpPLGz_<=91v5O@7M`Z#pYOFc|q_UBVv(24eYfwn4`HB
zcHD{1?8WMb3fUm&G+C*bYhxO|;-)hBoI-e<mD9%#t408Y;XO|=dn;k+M!Gi&rjN04
z!KUo!y?QX^>7(2zyKHinpLCW#p3)RR_Lzn-C#E6KCQOvlQ34Z@=3y4|VZv~cz_L*+
zX2cLqX@@}+voM2@J&I7|Lm^?I2tyu<A<qeP#?i-=3gbxNiEze6KLLII;4}e0hW>-w
z@PpIo&-@qtzHa*;fD(9-VFk#F-~cHIiMVgu665s$Kl35~lsWkA@10cLyn>s415Z=G
zO3v${{&E5kpuC&=Ns>--E+ty2s_h74s)$;9U`T3La?&@Wc*_~JIcied(AuGv<h;KB
z>jY36Qgv2I>fSoHz$0S3O0A<-_R%E2sGYm2K6!z+t;!O;qKnm157?sx4sAVu(>8$s
zScu}V&Un8Po<;MT7h`$S5zhVVM%7YfiPlXUwCoc+AI}%FHXBBE=$_WQu_TX$qX-~0
zncs9X+vBdO&|_W$*SlWORu<n(bTnAJA&#W6EaS7%>uz{PK{8jWd*EX;Tn0>lK6v@>
zHA!xK@ZIy#GBx)>DXBzzO0H*|qt!_L9&nmP6)NlwWy{&zvqE@O&w>e<i2z6(P@ph|
zZuC&_+*dhH_QfoU(3w!(X&5<tA4k@B-lgSv)1_gHD*sA;o$dJYgOn#g?yK$CX^HI$
z<-9$vcC_jxuD#nQl&zQe75Cw4qF|a-)$QENz!^H9dEQv^{ntB`0s#sxIZW2*T*5a#
zk9^gb<=Mcau*lUyp6sBqd9S;%FI^{B`H~H1n?);oZbIH)kbp4(a5Og>tG9~XPqy*h
ztKcZ(G@ITfqlljTsf&A;pP!>@Z^_>4^e5T6F>~%YqiXUKkpu`02m6WHMjpRA_LvTW
zYvrP4VflSHQH(^f&%-r3S!EaR1yvd*1$VJ?*Z8cB6;cHPkh{Y8(UHEvZt}T8R(kee
zY_kFvuP>jgsyTCY&`4IM{D=v5tA%wu4(me|(^MvTmjIo#P|gRTg+lb(W!hSPczU|e
zo8K6ha*Y!MO{N>vOn;-q<>Sxs@{<5R8&>v-f0|LR%6}C@;BDxMzW|pXRXv|Vc$}5f
z#}1=b0EOW_PjUAs@uh<_6NP55O*b}WN4tP+dNJ_yQ6|bRo1En*o#j7|MFEI{P7_4s
zj6gw-6(C9w4^x(-c|;?`vMim^Yyl~(PsXC10mYG2&LupNkYvUPDP7PAB7x3GD3B;g
zQHly8&1o!I=BgWkwoG%8gCBi2%}p}R#rS9Wi+<ns;}1Y^tU%Em0U3Zp0zxe7nx>xT
z;{QL(zMSe3{Py=GRl8Wg(HwBUXqM<dJoT4j00XsqIV4e(<WkJfwW>A)%!n#&?4CLi
zhf<!ROPcK^rGEIc*nCJ$Rz<mdyZ<@{)DQ1f<>{1?)heUvE&G%bbK=W%mX?W9b)nv6
z8!)_{;;`<Ks^5nRR>jwTY_16n2LonKe;#o-3+h*`f?dG%gI`1V3e2kt6UKPtQFWX8
zh(<WAG~BDnguASI_RBIp)O(pQpyTnSk(#-#E%D|Ko{^0@x<jv3%;5+OJfiulZqs9Z
z)&<DKF@ZboFn?l67F(qhFBou~tEzhI<<3uBe5-9s?ycu{g||J`*=y(OWhBwF?ce<?
z%-&7uxcJhKjwS^|H_ZWsfqGDk@UB;9`P&j6FVwtiC$8NvBK?s%!K}kD9r=%mr-r@A
zQ{`WnZH3dJL>o>{)dK^D|HQA2RN@4l9waUE8^ajn**%%KEUs>>Go#;M#3>GR`4(EX
z*G9=l;o{u3Nax#=7+|TQ3zG3Rz)lM6kuaYP<v&E1O&khcp<Um0cBsuzWO#OZ8gCEL
zM%R69DMWT>sx}6O!Z!^5Q%Kq?tBDiOzY{rLMVEmL^j;{HVoz+#?+b3`e%eX7KV5w!
zESx6Rrk}|>2K>{RG)8_Io7KF%pVytmzk}7&eK;MC={^1MHWt@1Un(fN$`*F`rjbiO
z=ayny<pwc8z4O^nPBs4wx`-cO*p8ZapoA+E!TsXOzHaUyRa2FEo5r+SvM=@7*;>C&
z?x<BY3}lzLGpt^~C&G45kLrl@^xSXKv`%<DSG{mT2c<gY^T|h>v5>}={lvgeqt$)v
zpJr4``LANIed)oz^w?ixdr<9Vj6!&vo62Z4!3qEb`T?6f1ljBJ;>2PNaYFYtxh->;
GG~(1v9;zn*

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.rev b/modules/git/tests/repos/renames/objects/pack/pack-3c04d9ebf3e2c4620d7142f736b92d739834e2d4.rev
new file mode 100644
index 0000000000000000000000000000000000000000..d2a0203abc7145a916ca5a9fda3bae29d7bb37a3
GIT binary patch
literal 76
zcmWIYbctYKU|@t|AO&VK0cmC+W&vVW8<v}|KR-H>#9Qd}-E60B@eGqkS1jlK(6n*N
SO}^#bwK({e+b`*hh3f$c2Nod!

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.bitmap b/modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.bitmap
new file mode 100644
index 0000000000000000000000000000000000000000..43debf60a79a2ca7ff06352798ed4997937845b0
GIT binary patch
literal 290
zcmZ?r4Dn@PWME}rU|_y@`qh*_Yt4>^osCp{aliik_tU#Kfy9BB35tOf7_dWW4j_##
zw*o2$QiCoR0F?t#j7V${6XXU41_vNU*YzJH0R#|R9e^x!70*D@K)?nj9e^adiX&hd
mAkjR%49tYlFmVv=G5yRf6NWcS)&`2~J@$M@{{PvhmjeL(iz2cB

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.idx b/modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.idx
new file mode 100644
index 0000000000000000000000000000000000000000..4c69d3a347ee2d1f7801fc0ae1511e2ba3ad74aa
GIT binary patch
literal 1296
zcmexg;-AdGz`z8=LlrOr9X^T?VE~FtY?v7+PEE`LG>_hx6=)|6vjN$ZV0NJXk$^dX
z{v?R?UK;UTxWsvCjmSjR6IoYZ?hUUnDoTirGyPJm?KfQ_BX@sUYi$_w;|hoMb|T-D
zd{<|u*UP1SG}-?C>-C;ln&w`sw~GZWPMg(y@_S>%f4^lb!=-zdZnt^mf97}So?p5p
zU$mU3thx6{eC^_Y%bqf?`8{pA%9+afN5%Fyd|>J1%&K*mu#9tAxPDNd)akNs>7N%l
zDLeXE|9&8~?TPDg=GA?w8$6yBb1xLrjq|y`D!S?>+p04YR>ggL8$a#U<^Nl?ml!ZG
zZ~@acmk|R4XABVc0NF)AfAav72$0WgdGYkCDSy_Q9Su7hsrcf4{rm5ycW>Ig&tcA#
UDeLtU|785xTeUT^+%qx=03kVoTL1t6

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.pack b/modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.pack
new file mode 100644
index 0000000000000000000000000000000000000000..8b808eb5f2816a26ce920911f8120d1444958c22
GIT binary patch
literal 2738
zcmV;j3QhG;K|@Ob00062000P^LwKB(lerG7MgT>7zG8Zku#Evrc~RKGW;Ga$JH`zA
zYGZ8p`Y10-mnOHmI?^f6^28VjBBZl|!wf8VmW6qSc*F}r!C;;*7!D!<7sVkLh$(yG
zVF3lt3k8?4kYzc@K+K^6VVcPhk0Crf1e(i`h}i>?y_afy0^|K!a1MT-#@EtkuLVE<
zEPtZkzT5r>U<CfiL4g%HK++6N6OXa)>t(_J-z=x{RhQt`zb9*k<pSUEL1-DS6kRXc
zPfh>=)Pc3jk|Zmol<T#o^)vloD%5)uM=`rvQmKU=Tghpis7rmv8m=QLWgGm<37~b<
zf&Wlc68PA_`e;|CkgQOaW?Gl1QD(AjXpx@8B<tgy6rwbV3iW^t^J$$qe<r|Ph-}_2
zJkG!unOW!enbjrb+)1&hi;n0=Cttmx;qWy1;6hSCED4&lbn{FZw>2GP0(fknSyUCF
zN&CR$_*4^7_;AzhHp``84O2Zl#L?r6-H2;@HoZ17MVcNHrP42<`*I1OI`)B0f-ki1
zia1eylh=pqxeVn=PP-56?_al4nO4(3UlE&e1-JVyoX*f~9;ro55doSjx#Da+@^~|p
z{KGi;5;oWKMQ%&_c41(FmPaGn-)D!KpccI%C95L5wYETC6y_-t;L|sxFJ+|Rmt@V@
zl=l^nZpivBY>#U?+mxz%DMQT+q{$QQYw((^37LD?h{985y$P_-LFg8x)tg&&Az$Bc
z>&rWT(&2-VBSnc}o+8<?mPV~PS{f-?!jgyP&zzCV@>(1MFv{H#a1`C+G$wh<krcU~
z`LSEPwK-p$G#xtB=d&>QbzBVrUN}D3<@+r4d}dX!Awbs|0ee2>*PcQrT#ToDK3u5W
z5lO38TFLMlJv7m><}A&1^Av2V7*vCn;C=N%6TS#A&5aV}-3dMn(^A<)MbyhN#JoAu
z*Z9@OCT;O!d>)*m{4ul9KZMHaZ^s<bk-xV>MgX$A+R5i2qLDmjTDb>FI~@yc7wh}`
zvNi6u_G@%!HE2$f>oHv_Uw;tbM{7F;@lP|FtNvFpL_a<;SnzlG1^m3ldm#P-X8BPu
zoI-e<mD9<tqecLQ;XO}Ldz4TVv(z1h$$$rJF2-Q*7>ePVxc~!CAEl%0vdLL~(pmn~
zh%rDID;$D2gBgNK8pkQiD=ZRHS&TCQD@i6ulFT8hk4M~2AW3<cL&(btRK!@yc&NZw
zgi0(563PW6V>V6`Nu=U=D!UO_GnsG(e)JugnwU&@{ImE)zpvZ=2Vf;p;dlx05}+Xq
zA(eJbQ%w{8|IeZ?NL7H}{+?!9jtg$q4fu}bs`uc_{N)s&K;=2RrmC7=sM(=1&1Qfp
zTPDr5=NNW33g+n~=~i%NEg#gTM%GDI_2TXQ>l83+WtG2Fwc#5fdwZhx+Ks0uR@Y-o
zvpL~w=-8o(v5GJF;d?&!Ugl3^SEHhKU$5(t0>hqP(7vqoHkyTWf<ckdbhkwIgr4oW
zmghGsGbH>lR#kHk^OjFf+gk3?wd90dX0H^GJW;>`ahwF^zHfLp^aWJ|h1lB`RaA)J
zzrFqC_W6FjW#8OvG1IGJjJuMa-qSOAP@t0DkJ`D9t%Fg$=0m|B%%~#IE7u1BlWeox
zl!Lx|$~|tG*l}YX&;B7UD-KEU;Mx?JZFPVh$$FVJ%T~_UID3r_Qd_BhixCOZWo9RR
zJIKmbKVFacP&;fJWraeN)y@V&flbpm|Mk#~z<pNlhK#y3hwJl83oj>~r7vfE8Mw(3
z+g7rKgt)h*>P1Tr$WYX^QnwV))+R`XxhX&Aw#_U-!;S6g@}!n6q2p6K<b;O(A||MF
zUo191#Q|4$)nK6C8s&FFf$zCz$SI75?%3_6O<$8S>A5@BvL<F@1h*<lzvX)4R?T)2
zyIAFmAx#%Zf>S45x`hIdW5BqGv!)68oIl%X-U}Z@-<D%(g-#%6<K$GHMXN5;8Kb=l
z!C?r+y}6i-i_T3+0Z!l@k>8K=8WN*2?eVx1LhtV9Bf2*yB@sNijj#Jcr?*Ug9F7q_
z8cJ=P3tu{=kxPNTPS(%n39}ZA^IF<Bb}1smD{FJKI_-_?d-kb$vP%TT=g~WOYVnf-
zKTmF0QU5e!y2gJMLrq)XQGWrYwNl}pKX{y#)42|#Rse<Jo~O9Im9Q_CW}>j~n+-P5
zv4dF*_yUHfk1|oZG&$ubo$`lES%UORvv|f8DV?!oUZzx)=T%12Sze_?!BQ1Pq!f9j
zkaUI3djabDfn@=HOz#gI(hn?`KkHxg`}a8i065EBNs7ft5?nAG!;t(v3@wD^|9{p~
z{b_6P+usvpRd;}=df=|B4j+U!`IjRA0j;l}0?!L#%@;~5%fpQ2c#{q8M56d9)o83|
z`B9T{&nf)S6Uw#Y#k%wVbp*)$h3p%i$3Gh1S(bSb;%>a7P0|>06Jyi(7|M|>b89v<
zgL(`19$Wn>&-|7!Aig>XV9~mL-kr^D%J_{obT!?B9BK#GlYEEYHm;MNd;6U?n%sr@
zmRBWCnT!%)P;_ESv=J~*f%&cIBfGa7Cto^xFxXAm*vL+1|4MQKmz>b`j4wGciAb85
z*fqU|N0VbyjKMPqSkLb<HdvqCJJ0n46Wbcas}^@%<>cI2>oLB?(nlB6k!xsGQTaX;
zzmvoKo0+Qom=RDblK!e(bK9sV-%YQfnh2<WwK5K9G8|Q7Zf=q+dhAk|t<8^v^0>uM
zMRGOsl~qN7fR{}hBUfx~l!d*Ltqh#5l3jUmc0FrRHH>Y>l40uA!rgB=o%?Yjob+k3
zK}89AV<RA21mYo6d!t<(5i1Pik(3LzsS2I?B~BFfOMNPDVK~L&WhT=T>X#zmhR7lw
ztnn=^1c(!!RZ>3RRmiAhldOgiAC{K#Chjovo>r<8wmQ2j&@!rc^_}{Cx?84KJ0tEJ
zogpBqJHasZQO!<vYI8KQ=Mu)TI63xb5B6?jH<#qCfk{p)R0G8+Q$=6y%*dxs^>_&g
zz|tf1*r^y_uVnD$lQKC%3X&$evEI7QX&%7~Tw|r>Oor*hm^<voYleJGR4qi04gpJ8
ze$ZZO<2Y?llO7}#<yAq{*=6y=57Dodz6-sz(iNvAa2S;B{SyH{)6{a1f0~gU>A#9W
zZZdC6GV&K~Nk;Ic0(hJ=G%zqTF;NI|b#(D{)yqv`=$WNy?zMWmSkU6MS<NTEH%9#T
zTLu8sF%C(w33!|($uSPXFc3w-KBsu}D0hGYj*!}kf6O9hS8^-`I6Xp?qnT8f*hCL*
z(TbjNCULjU`s0bK-r<=gvUwSq^p9~EE}l6=%9+G$oh_Q^dUYOZVh^lySgm+a!;2cT
zXj-DUeUwQ%i6&2*GOJaM!xsgmF<zwtc$_mdFfcPQQ3!H%bn$i7%S~Y@N{Ed!{Zg#$
zH(eqlcYj%HZ5Z=o0LefMmbwFYoC{CQNzTtrRVc|<a4X7BPtD5LQAkv9&n!_$%P&e#
zRa9_Ft<29$QAo~D$;?aFQwUFmNa%3^08m#Gi=qN}oHH~qFf%bx2y%7wb#Y}VN{Ed!
s{Zg#$H(eqlcYj%HZ5Z=o0I8e{m(k1Wl>DtW#a7K(A?V+K@Au2Qvh+qiQ2+n{

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.rev b/modules/git/tests/repos/renames/objects/pack/pack-d1cbea94fcad36c556cd5921e8df7feff7cbbbb2.rev
new file mode 100644
index 0000000000000000000000000000000000000000..44f5b3412e796ceb0dd0df30e52063cf3cb769b7
GIT binary patch
literal 84
zcmWIYbctYKU|@t|Rv^s|#B4y!1jNih3<4l|mW!ufP5HCd>}c58NW~ZT>)(Gry?fI%
YOW~b!Cu@E3x?@r->LFuwu66$v0BaB!VgLXD

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/renames/packed-refs b/modules/git/tests/repos/renames/packed-refs
new file mode 100644
index 0000000000..0688fe7613
--- /dev/null
+++ b/modules/git/tests/repos/renames/packed-refs
@@ -0,0 +1,2 @@
+# pack-refs with: peeled fully-peeled sorted 
+acdee217ada3fea6e503acfb969724cc799fc516 refs/heads/main
diff --git a/modules/git/tests/repos/renames/refs/heads/.gitkeep b/modules/git/tests/repos/renames/refs/heads/.gitkeep
new file mode 100644
index 0000000000..e69de29bb2

From 22b5dfdaf10e5f681684b5a7666ae4702f80d33d Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Sun, 25 Jan 2026 19:36:02 +0100
Subject: [PATCH 216/854] chore: use `require.Error()` over `require.Errorf()`
 (#11037)

Related to #11035, this test case used `require.Errorf()` where it could use `require.Error()` to make it clear that this is not a case of confusion with `require.ErrorContains()`

The other cases in the same function already use `require.Error()`, so this clearly looks like a consistency glitch.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11037
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 modules/storage/helper_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/storage/helper_test.go b/modules/storage/helper_test.go
index dd30c9b8ac..ae32700c09 100644
--- a/modules/storage/helper_test.go
+++ b/modules/storage/helper_test.go
@@ -40,7 +40,7 @@ func Test_discardStorage(t *testing.T) {
 			{
 				got, err := tt.URL("path", "name", nil)
 				assert.Nil(t, got)
-				require.Errorf(t, err, string(tt))
+				require.Error(t, err, string(tt))
 			}
 			{
 				err := tt.IterateObjects("", func(_ string, _ Object) error { return nil })

From 6412ee12d0d257a7284c0bdc961d23a8f1bc7513 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Sun, 25 Jan 2026 19:48:15 +0100
Subject: [PATCH 217/854] chore: `require.ErrorContains()` is intended, but
 `require.Errorf()` is used (#11035)

The two commits in this PR fix test cases which did not work as intended, because `require.Errorf()` was used where `require.ErrorContains()` was intended.

The former formats the error output by the test itself when failing, while the latter is to expect the tested error to contain some expected string.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11035
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 modules/git/repo_tag_test.go    | 4 +++-
 modules/setting/actions_test.go | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/git/repo_tag_test.go b/modules/git/repo_tag_test.go
index d88851551f..d825dbd973 100644
--- a/modules/git/repo_tag_test.go
+++ b/modules/git/repo_tag_test.go
@@ -4,6 +4,7 @@
 package git
 
 import (
+	"fmt"
 	"path/filepath"
 	"testing"
 	"time"
@@ -150,7 +151,8 @@ func TestRepository_GetAnnotatedTag(t *testing.T) {
 	// Annotated tag's name should fail
 	tag3, err := bareRepo1.GetAnnotatedTag(aTagName)
 	require.Error(t, err)
-	require.Errorf(t, err, "Length must be 40: %d", len(aTagName))
+	require.ErrorContains(t, err,
+		fmt.Sprintf("length %d has no matched object format: %s", len(aTagName), aTagName))
 	assert.Nil(t, tag3)
 
 	// Lightweight Tag should fail
diff --git a/modules/setting/actions_test.go b/modules/setting/actions_test.go
index 8320b2057b..7d32131d32 100644
--- a/modules/setting/actions_test.go
+++ b/modules/setting/actions_test.go
@@ -4,6 +4,7 @@
 package setting
 
 import (
+	"fmt"
 	"path/filepath"
 	"testing"
 
@@ -214,5 +215,6 @@ func Test_getIDTokenSettingsForActions(t *testing.T) {
 	cfg, err = NewConfigProviderFromData(iniStr)
 	require.NoError(t, err)
 	err = loadActionsFrom(cfg)
-	require.Errorf(t, err, "invalid [actions] ID_TOKEN_SIGNING_ALGORITHM %q", Actions.IDTokenSigningAlgorithm)
+	require.ErrorContains(t, err,
+		fmt.Sprintf("invalid [actions] ID_TOKEN_SIGNING_ALGORITHM: %q", Actions.IDTokenSigningAlgorithm))
 }

From 8866bf2781ac972c25d6e3d9bccc266744c005ae Mon Sep 17 00:00:00 2001
From: oidq <oidq@oidq.dev>
Date: Sun, 25 Jan 2026 23:10:56 +0100
Subject: [PATCH 218/854] fix: escape HTML tags in inline code blocks in
 description (#10897)

Fix rendering of repository descriptions containing HTML symbols inside Markdown inline code block. This patch escapes content within inline code blocks.

Resolves #10770.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10897
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oidq <oidq@oidq.dev>
Co-committed-by: oidq <oidq@oidq.dev>
---
 modules/markup/html.go               |  8 +++++-
 modules/markup/html_internal_test.go | 27 +++++++++++++++++++
 modules/markup/html_test.go          | 39 ++++++++++++++++++++++++++++
 3 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/modules/markup/html.go b/modules/markup/html.go
index a7d882b00d..7f16502d5e 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -300,7 +300,7 @@ func RenderDescriptionHTML(
 		descriptionLinkProcessor,
 		emojiShortCodeProcessor,
 		emojiProcessor,
-	}, content)
+	}, escapeInlineCodeBlocks(content))
 }
 
 // RenderEmoji for when we want to just process emoji and shortcodes
@@ -1543,3 +1543,9 @@ func optionalRepoSlugAndInstancePath(ctx *RenderContext, text *string, fullURL,
 		}
 	}
 }
+
+// escapeInlineCodeBlocks escapes HTML symbols in contents of Markdown inline code blocks
+// to prevent clashing with HTML parsing
+func escapeInlineCodeBlocks(input string) string {
+	return InlineCodeBlockRegex.ReplaceAllStringFunc(input, html.EscapeString)
+}
diff --git a/modules/markup/html_internal_test.go b/modules/markup/html_internal_test.go
index 264f31978d..570e8c5e68 100644
--- a/modules/markup/html_internal_test.go
+++ b/modules/markup/html_internal_test.go
@@ -615,3 +615,30 @@ func TestRegExp_shortLinkPattern(t *testing.T) {
 		assert.False(t, shortLinkPattern.MatchString(testCase))
 	}
 }
+
+func TestRender_escapeInlineCodeBlocks(t *testing.T) {
+	test := func(input, expected string) {
+		result := escapeInlineCodeBlocks(input)
+		assert.Equal(t, expected, result)
+	}
+	test("`<test>`",
+		"`&lt;test&gt;`")
+	test("<test>",
+		"<test>")
+	test("`<foo>` <bar> `<baz>`",
+		"`&lt;foo&gt;` <bar> `&lt;baz&gt;`")
+	test("<foo> `<bar>` <baz>",
+		"<foo> `&lt;bar&gt;` <baz>")
+	test("<foo> `<bar> <baz>",
+		"<foo> `<bar> <baz>")
+	test("<foo> `<bar>` `<baz>",
+		"<foo> `&lt;bar&gt;` `<baz>")
+	test("<foo> `<bar>` `",
+		"<foo> `&lt;bar&gt;` `")
+	test("<foo> `<bar>` ``",
+		"<foo> `&lt;bar&gt;` ``")
+	test("```",
+		"```")
+	test("``<`",
+		"``&lt;`")
+}
diff --git a/modules/markup/html_test.go b/modules/markup/html_test.go
index 2ff829e627..58e230b059 100644
--- a/modules/markup/html_test.go
+++ b/modules/markup/html_test.go
@@ -1329,3 +1329,42 @@ func TestRender_FilePreview(t *testing.T) {
 		)
 	})
 }
+
+func TestRenderDescriptionHTML(t *testing.T) {
+	defer test.MockVariableValue(&setting.AppURL, markup.TestAppURL)()
+
+	test := func(input, expected string) {
+		buffer, err := markup.RenderDescriptionHTML(&markup.RenderContext{
+			Ctx: git.DefaultContext,
+		}, input)
+		require.NoError(t, err)
+		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer))
+	}
+
+	markup.InitializeSanitizer()
+
+	test(
+		"https://www.example.com",
+		`<a href="https://www.example.com" target="_blank" rel="noopener noreferrer">https://www.example.com</a>`)
+
+	test(
+		"Example repository with `Arc`",
+		"Example repository with `Arc`")
+
+	test(
+		"Example repository with `Arc` and tools.",
+		"Example repository with `Arc` and tools.")
+
+	test(
+		"`Arc<Test>` implements",
+		"`Arc&lt;Test&gt;` implements")
+
+	test(
+		"Arc<test> is broken",
+		"Arc<test> is broken</test>")
+
+	// issue #10770
+	test(
+		"A weird alternative to `Arc<RwLock<T>>`",
+		"A weird alternative to `Arc&lt;RwLock&lt;T&gt;&gt;`")
+}

From c2859215f129bc1226ac86ed8d01311da351ab72 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 26 Jan 2026 04:15:55 +0100
Subject: [PATCH 219/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.6.2 (forgejo) (#11015)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.6.0` -> `v12.6.2` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.6.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.6.0/v12.6.2?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.6.2`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.6.2)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.6.1...v12.6.2)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1336): <!--number 1336 --><!--line 0 --><!--description Zml4OiBpbnB1dHMgY29udGFpbmluZyAnLScgZG9uJ3QgZnVuY3Rpb24gaW4gTFhDIGV4ZWN1dG9y-->fix: inputs containing '-' don't function in LXC executor<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1334): <!--number 1334 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2FscGluZSBEb2NrZXIgdGFnIHRvIHYzLjIz-->Update data.forgejo.org/oci/alpine Docker tag to v3.23<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1330): <!--number 1330 --><!--line 0 --><!--description UmVwbGFjZSBjb2RlLmZvcmdlam8ub3JnL29jaS9kb2NrZXIgRG9ja2VyIHRhZyB3aXRoIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2RvY2tlciBkaW5k-->Replace code.forgejo.org/oci/docker Docker tag with data.forgejo.org/oci/docker dind<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1322): <!--number 1322 --><!--line 0 --><!--description UmVwbGFjZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vZm9yZ2VqbyBEb2NrZXIgdGFnIHdpdGggZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8=-->Replace code.forgejo.org/forgejo/forgejo Docker tag with data.forgejo.org/forgejo/forgejo<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1325): <!--number 1325 --><!--line 0 --><!--description Rml4IHR5cG9zLCBncmFtbWFyIGlzc3VlcyBhbmQgc3BsaXQgbG9uZyBzZW50ZW5jZSBpbiBjb25maWcuZXhhbXBsZS55YW1s-->Fix typos, grammar issues and split long sentence in config.example.yaml<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1329): <!--number 1329 --><!--line 0 --><!--description UmVwbGFjZSBjb2RlLmZvcmdlam8ub3JnL29jaS9jaSBEb2NrZXIgdGFnIHdpdGggZGF0YS5mb3JnZWpvLm9yZy9vY2kvY2kgMQ==-->Replace code.forgejo.org/oci/ci Docker tag with data.forgejo.org/oci/ci 1<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1328): <!--number 1328 --><!--line 0 --><!--description UmVwbGFjZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyIERvY2tlciB0YWcgd2l0aCBkYXRhLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyIDEyLjYuMQ==-->Replace code.forgejo.org/forgejo/runner Docker tag with data.forgejo.org/forgejo/runner 12.6.1<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1327): <!--number 1327 --><!--line 0 --><!--description UmVwbGFjZSBhbHBpbmUgcGFja2FnZXMgd2l0aCBkYXRhLmZvcmdlam8ub3JnL29jaS9hbHBpbmUgbGF0ZXN0-->Replace alpine packages with data.forgejo.org/oci/alpine latest<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1323): <!--number 1323 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMi42LjE=-->Update forgejo-runner to v12.6.1<!--description-->

<!--end release-notes-assistant-->

### [`v12.6.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.6.1)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.6.0...v12.6.1)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1326): <!--number 1326 --><!--line 0 --><!--description Zml4OiBgUEFUSGAgbW9kaWZpY2F0aW9ucyBhcmUgbG9zdCBpbiBMWEMgZXhlY3V0aW9ucw==-->fix: `PATH` modifications are lost in LXC executions<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1318): <!--number 1318 --><!--line 0 --><!--description Zml4OiBzdXBwb3J0ICJjb250YWluZXIubmV0d29yazogaG9zdCIgd2hlbiB1c2luZyBqb2Igc2VydmljZXM=-->fix: support "container.network: host" when using job services<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1321): <!--number 1321 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMi42LjA=-->Update forgejo-runner to v12.6.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1311): <!--number 1311 --><!--line 0 --><!--description cmVmYWN0b3I6IHN1cHBvcnQgbXVsdGlwbGUgY2xpZW50cyBpbiBQb2xsZXIgd2l0aCBpbmRlcGVuZGVudCBmZXRjaCBpbnRlcnZhbHM=-->refactor: support multiple clients in Poller with independent fetch intervals<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44NC4yIiwidXBkYXRlZEluVmVyIjoiNDIuODQuMiIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11015
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 39e4282ee2..7d94aec801 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.6.0
+	code.forgejo.org/forgejo/runner/v12 v12.6.2
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index 5d053043f4..47e5c8e070 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.6.0 h1:qs2mvrZeSqsR2sHQHO0kRTUErGrNMHHjm1qRy6EfLZY=
-code.forgejo.org/forgejo/runner/v12 v12.6.0/go.mod h1:G75xcAhTaFE++/57qcBu+Zk7B7R3kLiUz8y2IkIwUKY=
+code.forgejo.org/forgejo/runner/v12 v12.6.2 h1:sO9lxsn3zqsXO1Yiiqtxqy9XhhNaHpASgZTbZ71zKAM=
+code.forgejo.org/forgejo/runner/v12 v12.6.2/go.mod h1:G75xcAhTaFE++/57qcBu+Zk7B7R3kLiUz8y2IkIwUKY=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=

From c41e3a014ef1c9c5751fe36611091b81ee2a9ef0 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 26 Jan 2026 06:23:26 +0100
Subject: [PATCH 220/854] Update https://data.forgejo.org/actions/setup-forgejo
 action to v3.1.3 (forgejo) (#11014)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/setup-forgejo](https://code.forgejo.org/actions/setup-forgejo) | action | patch | `v3.1.1` → `v3.1.3` |

---

### Release Notes

<details>
<summary>actions/setup-forgejo (https://data.forgejo.org/actions/setup-forgejo)</summary>

### [`v3.1.3`](https://code.forgejo.org/actions/setup-forgejo/releases/tag/v3.1.3)

[Compare Source](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.2...v3.1.3)

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/actions/setup-forgejo-->

- other
  - [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/860): <!--number 860 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjYuMg==-->Update dependency forgejo/runner to v12.6.2<!--description-->

<!--end release-notes-assistant-->

### [`v3.1.2`](https://code.forgejo.org/actions/setup-forgejo/releases/tag/v3.1.2)

[Compare Source](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.1...v3.1.2)

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/actions/setup-forgejo-->

- other
  - [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/852): <!--number 852 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjYuMQ==-->Update dependency forgejo/runner to v12.6.1<!--description-->
  - [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/846): <!--number 846 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjYuMA==-->Update dependency forgejo/runner to v12.6.0<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi44NC4yIiwidXBkYXRlZEluVmVyIjoiNDIuODQuMiIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11014
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index aef008b06f..09375463f9 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -32,7 +32,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.1
+        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.3
         with:
           user: root
           password: admin1234

From 7408bf9b1ef36311b68920d50593d967851ac68c Mon Sep 17 00:00:00 2001
From: christopher-besch <mail@chris-besch.com>
Date: Mon, 26 Jan 2026 12:03:08 +0100
Subject: [PATCH 221/854] chore: remove dead code in `WatchIfAuto` and general
 model documentation (#10880)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

I've been reading through the watch model code and found that the `isWrite` flag is dead code — it isn't used anywhere. To be honest I don't see why we should need that anyways. Therefore, I deleted it.

Also I've added some comments for the `WatchMode`. It took me quite some time to figure out why there are four options.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10880
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: christopher-besch <mail@chris-besch.com>
Co-committed-by: christopher-besch <mail@chris-besch.com>
---
 models/repo/watch.go        | 13 +++++++++++--
 models/repo/watch_test.go   | 12 ++++++------
 services/repository/push.go |  2 +-
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/models/repo/watch.go b/models/repo/watch.go
index 3fd915e1e7..ceec20fdd6 100644
--- a/models/repo/watch.go
+++ b/models/repo/watch.go
@@ -17,12 +17,20 @@ type WatchMode int8
 
 const (
 	// WatchModeNone don't watch
+	// This means there is no Watch record in the db.
+	// We never store this mode in the db and instead remove the record from the db.
+	// Furthermore, this means there is a WatchMode for all combinations of user and repo.
 	WatchModeNone WatchMode = iota // 0
 	// WatchModeNormal watch repository (from other sources)
+	// This means the user explicitly chose to watch the repo.
 	WatchModeNormal // 1
 	// WatchModeDont explicit don't auto-watch
+	// This means the user explicitly removed themselves as a watcher.
+	// Then the AutoWatchOnChanges feature doesn't make the user a watcher when they push to the repo.
 	WatchModeDont // 2
 	// WatchModeAuto watch repository (from AutoWatchOnChanges)
+	// This is used when the user pushed to the repo and setting.Service.AutoWatchOnChanges is true.
+	// That way we can differentiate people explicitly watching the repo and people only watching it because of the AutoWatchOnChanges feature.
 	WatchModeAuto // 3
 )
 
@@ -74,6 +82,7 @@ func watchRepoMode(ctx context.Context, watch Watch, mode WatchMode) (err error)
 	}
 
 	hadrec := watch.Mode != WatchModeNone
+	// WatchModeNone means there is no record in the db.
 	needsrec := mode != WatchModeNone
 	repodiff := 0
 
@@ -169,8 +178,8 @@ func GetRepoWatchers(ctx context.Context, repoID int64, opts db.ListOptions) ([]
 }
 
 // WatchIfAuto subscribes to repo if AutoWatchOnChanges is set
-func WatchIfAuto(ctx context.Context, userID, repoID int64, isWrite bool) error {
-	if !isWrite || !setting.Service.AutoWatchOnChanges {
+func WatchIfAuto(ctx context.Context, userID, repoID int64) error {
+	if !setting.Service.AutoWatchOnChanges {
 		return nil
 	}
 	watch, err := GetWatch(ctx, userID, repoID)
diff --git a/models/repo/watch_test.go b/models/repo/watch_test.go
index 698f6a5f49..ccc56ad168 100644
--- a/models/repo/watch_test.go
+++ b/models/repo/watch_test.go
@@ -74,13 +74,13 @@ func TestWatchIfAuto(t *testing.T) {
 	prevCount := repo.NumWatches
 
 	// Must not add watch
-	require.NoError(t, repo_model.WatchIfAuto(db.DefaultContext, 8, 1, true))
+	require.NoError(t, repo_model.WatchIfAuto(db.DefaultContext, 8, 1))
 	watchers, err = repo_model.GetRepoWatchers(db.DefaultContext, repo.ID, db.ListOptions{Page: 1})
 	require.NoError(t, err)
 	assert.Len(t, watchers, prevCount)
 
 	// Should not add watch
-	require.NoError(t, repo_model.WatchIfAuto(db.DefaultContext, 10, 1, true))
+	require.NoError(t, repo_model.WatchIfAuto(db.DefaultContext, 10, 1))
 	watchers, err = repo_model.GetRepoWatchers(db.DefaultContext, repo.ID, db.ListOptions{Page: 1})
 	require.NoError(t, err)
 	assert.Len(t, watchers, prevCount)
@@ -88,19 +88,19 @@ func TestWatchIfAuto(t *testing.T) {
 	setting.Service.AutoWatchOnChanges = true
 
 	// Must not add watch
-	require.NoError(t, repo_model.WatchIfAuto(db.DefaultContext, 8, 1, true))
+	require.NoError(t, repo_model.WatchIfAuto(db.DefaultContext, 8, 1))
 	watchers, err = repo_model.GetRepoWatchers(db.DefaultContext, repo.ID, db.ListOptions{Page: 1})
 	require.NoError(t, err)
 	assert.Len(t, watchers, prevCount)
 
 	// Should not add watch
-	require.NoError(t, repo_model.WatchIfAuto(db.DefaultContext, 12, 1, false))
+	// We simply don't WatchIfAuto
 	watchers, err = repo_model.GetRepoWatchers(db.DefaultContext, repo.ID, db.ListOptions{Page: 1})
 	require.NoError(t, err)
 	assert.Len(t, watchers, prevCount)
 
 	// Should add watch
-	require.NoError(t, repo_model.WatchIfAuto(db.DefaultContext, 12, 1, true))
+	require.NoError(t, repo_model.WatchIfAuto(db.DefaultContext, 12, 1))
 	watchers, err = repo_model.GetRepoWatchers(db.DefaultContext, repo.ID, db.ListOptions{Page: 1})
 	require.NoError(t, err)
 	assert.Len(t, watchers, prevCount+1)
@@ -112,7 +112,7 @@ func TestWatchIfAuto(t *testing.T) {
 	assert.Len(t, watchers, prevCount)
 
 	// Must not add watch
-	require.NoError(t, repo_model.WatchIfAuto(db.DefaultContext, 12, 1, true))
+	require.NoError(t, repo_model.WatchIfAuto(db.DefaultContext, 12, 1))
 	watchers, err = repo_model.GetRepoWatchers(db.DefaultContext, repo.ID, db.ListOptions{Page: 1})
 	require.NoError(t, err)
 	assert.Len(t, watchers, prevCount)
diff --git a/services/repository/push.go b/services/repository/push.go
index eaedd80e1f..f42b231f8b 100644
--- a/services/repository/push.go
+++ b/services/repository/push.go
@@ -271,7 +271,7 @@ func pushUpdates(optsList []*repo_module.PushUpdateOptions) error {
 			}
 
 			// Even if user delete a branch on a repository which he didn't watch, he will be watch that.
-			if err = repo_model.WatchIfAuto(ctx, opts.PusherID, repo.ID, true); err != nil {
+			if err = repo_model.WatchIfAuto(ctx, opts.PusherID, repo.ID); err != nil {
 				log.Warn("Fail to perform auto watch on user %v for repo %v: %v", opts.PusherID, repo.ID, err)
 			}
 		} else {

From 90364be84ae6c49823d4bcc16d29174d4764bd72 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 26 Jan 2026 12:09:14 +0100
Subject: [PATCH 222/854] Lock file maintenance (forgejo) (#11047)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11047
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json                  | 423 ++++++++++++++---------------
 web_src/fomantic/package-lock.json |  36 +--
 2 files changed, 228 insertions(+), 231 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e8162af833..cdd3726d93 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -176,12 +176,12 @@
       }
     },
     "node_modules/@babel/code-frame": {
-      "version": "7.27.1",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz",
-      "integrity": "sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==",
+      "version": "7.28.6",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.28.6.tgz",
+      "integrity": "sha512-JYgintcMjRiCvS8mMECzaEn+m3PfoQiyqukOMCCVQtoJGYJw8j/8LBJEiqkHLkfwCcs74E3pbAUFNg7d9VNJ+Q==",
       "license": "MIT",
       "dependencies": {
-        "@babel/helper-validator-identifier": "^7.27.1",
+        "@babel/helper-validator-identifier": "^7.28.5",
         "js-tokens": "^4.0.0",
         "picocolors": "^1.1.1"
       },
@@ -214,12 +214,12 @@
       }
     },
     "node_modules/@babel/parser": {
-      "version": "7.28.5",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.5.tgz",
-      "integrity": "sha512-KKBU1VGYR7ORr3At5HAtUQ+TV3SzRCXmA/8OdDZiLDBIZxVyzXuztPjfLd3BV1PRAQGCMWWSHYhL0F8d5uHBDQ==",
+      "version": "7.28.6",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.6.tgz",
+      "integrity": "sha512-TeR9zWR18BvbfPmGbLampPMW+uW1NZnJlRuuHso8i87QZNq2JRF9i6RgxRqtEq+wQGsS19NNTWr2duhnE49mfQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.28.5"
+        "@babel/types": "^7.28.6"
       },
       "bin": {
         "parser": "bin/babel-parser.js"
@@ -229,18 +229,18 @@
       }
     },
     "node_modules/@babel/runtime": {
-      "version": "7.28.4",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.4.tgz",
-      "integrity": "sha512-Q/N6JNWvIvPnLDvjlE1OUBLPQHH6l3CltCEsHIujp45zQUSSh8K+gHnaEX45yAT1nyngnINhvWtzN+Nb9D8RAQ==",
+      "version": "7.28.6",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.6.tgz",
+      "integrity": "sha512-05WQkdpL9COIMz4LjTxGpPNCdlpyimKppYNoJ5Di5EUObifl8t4tuLuUBBZEpoLYOmfvIWrsp9fCl0HoPRVTdA==",
       "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/types": {
-      "version": "7.28.5",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.5.tgz",
-      "integrity": "sha512-qQ5m48eI/MFLQ5PxQj4PFaprjyCTLI37ElWMmNs0K8Lk3dVeOdNpB3ks8jc7yM5CDmVC73eMVk/trk3fgmrUpA==",
+      "version": "7.28.6",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.6.tgz",
+      "integrity": "sha512-0ZrskXVEHSWIqZM/sQZ4EV3jZJXRkio/WCxaqKZP1g//CEWEPSfeZFcms4XeKBCHU0ZKnIkdJeU/kF+eRp5lBg==",
       "license": "MIT",
       "dependencies": {
         "@babel/helper-string-parser": "^7.27.1",
@@ -280,26 +280,26 @@
       }
     },
     "node_modules/@cacheable/memory/node_modules/@keyv/bigmap": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/@keyv/bigmap/-/bigmap-1.3.0.tgz",
-      "integrity": "sha512-KT01GjzV6AQD5+IYrcpoYLkCu1Jod3nau1Z7EsEuViO3TZGRacSbO9MfHmbJ1WaOXFtWLxPVj169cn2WNKPkIg==",
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/@keyv/bigmap/-/bigmap-1.3.1.tgz",
+      "integrity": "sha512-WbzE9sdmQtKy8vrNPa9BRnwZh5UF4s1KTmSK0KUVLo3eff5BlQNNWDnFOouNpKfPKDnms9xynJjsMYjMaT/aFQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "hashery": "^1.2.0",
-        "hookified": "^1.13.0"
+        "hashery": "^1.4.0",
+        "hookified": "^1.15.0"
       },
       "engines": {
         "node": ">= 18"
       },
       "peerDependencies": {
-        "keyv": "^5.5.4"
+        "keyv": "^5.6.0"
       }
     },
     "node_modules/@cacheable/memory/node_modules/keyv": {
-      "version": "5.5.5",
-      "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.5.5.tgz",
-      "integrity": "sha512-FA5LmZVF1VziNc0bIdCSA1IoSVnDCqE8HJIZZv2/W8YmoAM50+tnUgJR/gQZwEeIMleuIOnRnHA/UaZRNeV4iQ==",
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.6.0.tgz",
+      "integrity": "sha512-CYDD3SOtsHtyXeEORYRx2qBtpDJFjRTGXUtmNEMGyzYOKj1TE3tycdlho7kA1Ufx9OYWZzg52QFBGALTirzDSw==",
       "dev": true,
       "license": "MIT",
       "peer": true,
@@ -319,9 +319,9 @@
       }
     },
     "node_modules/@cacheable/utils/node_modules/keyv": {
-      "version": "5.5.5",
-      "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.5.5.tgz",
-      "integrity": "sha512-FA5LmZVF1VziNc0bIdCSA1IoSVnDCqE8HJIZZv2/W8YmoAM50+tnUgJR/gQZwEeIMleuIOnRnHA/UaZRNeV4iQ==",
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.6.0.tgz",
+      "integrity": "sha512-CYDD3SOtsHtyXeEORYRx2qBtpDJFjRTGXUtmNEMGyzYOKj1TE3tycdlho7kA1Ufx9OYWZzg52QFBGALTirzDSw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -814,9 +814,9 @@
       }
     },
     "node_modules/@csstools/css-syntax-patches-for-csstree": {
-      "version": "1.0.25",
-      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.0.25.tgz",
-      "integrity": "sha512-g0Kw9W3vjx5BEBAF8c5Fm2NcB/Fs8jJXh85aXqwEXiL+tqtOut07TWgyaGzAAfTM+gKckrrncyeGEZPcaRgm2Q==",
+      "version": "1.0.26",
+      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.0.26.tgz",
+      "integrity": "sha512-6boXK0KkzT5u5xOgF6TKB+CLq9SOpEGmkZw0g5n9/7yg85wab3UzSxB8TxhLJ31L4SGJ6BCFRw/iftTha1CJXA==",
       "dev": true,
       "funding": [
         {
@@ -828,10 +828,7 @@
           "url": "https://opencollective.com/csstools"
         }
       ],
-      "license": "MIT-0",
-      "engines": {
-        "node": ">=18"
-      }
+      "license": "MIT-0"
     },
     "node_modules/@csstools/css-tokenizer": {
       "version": "3.0.4",
@@ -2536,9 +2533,9 @@
       }
     },
     "node_modules/@lezer/lr": {
-      "version": "1.4.7",
-      "resolved": "https://registry.npmjs.org/@lezer/lr/-/lr-1.4.7.tgz",
-      "integrity": "sha512-wNIFWdSUfX9Jc6ePMzxSPVgTVB4EOfDIwLQLWASyiUdHKaMsiilj9bYiGkGQCKVodd0x6bgQCV207PILGFCF9Q==",
+      "version": "1.4.8",
+      "resolved": "https://registry.npmjs.org/@lezer/lr/-/lr-1.4.8.tgz",
+      "integrity": "sha512-bPWa0Pgx69ylNlMlPvBPryqeLYQjyJjqPx+Aupm5zydLIF3NE+6MMLT8Yi23Bd9cif9VS00aUebn+6fDIGBcDA==",
       "license": "MIT",
       "dependencies": {
         "@lezer/common": "^1.0.0"
@@ -2882,9 +2879,9 @@
       "license": "MIT"
     },
     "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.55.1.tgz",
-      "integrity": "sha512-9R0DM/ykwfGIlNu6+2U09ga0WXeZ9MRC2Ter8jnz8415VbuIykVuc6bhdrbORFZANDmTDvq26mJrEVTl8TdnDg==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.56.0.tgz",
+      "integrity": "sha512-LNKIPA5k8PF1+jAFomGe3qN3bbIgJe/IlpDBwuVjrDKrJhVWywgnJvflMt/zkbVNLFtF1+94SljYQS6e99klnw==",
       "cpu": [
         "arm"
       ],
@@ -2896,9 +2893,9 @@
       ]
     },
     "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.55.1.tgz",
-      "integrity": "sha512-eFZCb1YUqhTysgW3sj/55du5cG57S7UTNtdMjCW7LwVcj3dTTcowCsC8p7uBdzKsZYa8J7IDE8lhMI+HX1vQvg==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.56.0.tgz",
+      "integrity": "sha512-lfbVUbelYqXlYiU/HApNMJzT1E87UPGvzveGg2h0ktUNlOCxKlWuJ9jtfvs1sKHdwU4fzY7Pl8sAl49/XaEk6Q==",
       "cpu": [
         "arm64"
       ],
@@ -2910,9 +2907,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.55.1.tgz",
-      "integrity": "sha512-p3grE2PHcQm2e8PSGZdzIhCKbMCw/xi9XvMPErPhwO17vxtvCN5FEA2mSLgmKlCjHGMQTP6phuQTYWUnKewwGg==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.56.0.tgz",
+      "integrity": "sha512-EgxD1ocWfhoD6xSOeEEwyE7tDvwTgZc8Bss7wCWe+uc7wO8G34HHCUH+Q6cHqJubxIAnQzAsyUsClt0yFLu06w==",
       "cpu": [
         "arm64"
       ],
@@ -2924,9 +2921,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.55.1.tgz",
-      "integrity": "sha512-rDUjG25C9qoTm+e02Esi+aqTKSBYwVTaoS1wxcN47/Luqef57Vgp96xNANwt5npq9GDxsH7kXxNkJVEsWEOEaQ==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.56.0.tgz",
+      "integrity": "sha512-1vXe1vcMOssb/hOF8iv52A7feWW2xnu+c8BV4t1F//m9QVLTfNVpEdja5ia762j/UEJe2Z1jAmEqZAK42tVW3g==",
       "cpu": [
         "x64"
       ],
@@ -2938,9 +2935,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-arm64": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.55.1.tgz",
-      "integrity": "sha512-+JiU7Jbp5cdxekIgdte0jfcu5oqw4GCKr6i3PJTlXTCU5H5Fvtkpbs4XJHRmWNXF+hKmn4v7ogI5OQPaupJgOg==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.56.0.tgz",
+      "integrity": "sha512-bof7fbIlvqsyv/DtaXSck4VYQ9lPtoWNFCB/JY4snlFuJREXfZnm+Ej6yaCHfQvofJDXLDMTVxWscVSuQvVWUQ==",
       "cpu": [
         "arm64"
       ],
@@ -2952,9 +2949,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-x64": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.55.1.tgz",
-      "integrity": "sha512-V5xC1tOVWtLLmr3YUk2f6EJK4qksksOYiz/TCsFHu/R+woubcLWdC9nZQmwjOAbmExBIVKsm1/wKmEy4z4u4Bw==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.56.0.tgz",
+      "integrity": "sha512-KNa6lYHloW+7lTEkYGa37fpvPq+NKG/EHKM8+G/g9WDU7ls4sMqbVRV78J6LdNuVaeeK5WB9/9VAFbKxcbXKYg==",
       "cpu": [
         "x64"
       ],
@@ -2966,9 +2963,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.55.1.tgz",
-      "integrity": "sha512-Rn3n+FUk2J5VWx+ywrG/HGPTD9jXNbicRtTM11e/uorplArnXZYsVifnPPqNNP5BsO3roI4n8332ukpY/zN7rQ==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.56.0.tgz",
+      "integrity": "sha512-E8jKK87uOvLrrLN28jnAAAChNq5LeCd2mGgZF+fGF5D507WlG/Noct3lP/QzQ6MrqJ5BCKNwI9ipADB6jyiq2A==",
       "cpu": [
         "arm"
       ],
@@ -2980,9 +2977,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.55.1.tgz",
-      "integrity": "sha512-grPNWydeKtc1aEdrJDWk4opD7nFtQbMmV7769hiAaYyUKCT1faPRm2av8CX1YJsZ4TLAZcg9gTR1KvEzoLjXkg==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.56.0.tgz",
+      "integrity": "sha512-jQosa5FMYF5Z6prEpTCCmzCXz6eKr/tCBssSmQGEeozA9tkRUty/5Vx06ibaOP9RCrW1Pvb8yp3gvZhHwTDsJw==",
       "cpu": [
         "arm"
       ],
@@ -2994,9 +2991,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.55.1.tgz",
-      "integrity": "sha512-a59mwd1k6x8tXKcUxSyISiquLwB5pX+fJW9TkWU46lCqD/GRDe9uDN31jrMmVP3feI3mhAdvcCClhV8V5MhJFQ==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.56.0.tgz",
+      "integrity": "sha512-uQVoKkrC1KGEV6udrdVahASIsaF8h7iLG0U0W+Xn14ucFwi6uS539PsAr24IEF9/FoDtzMeeJXJIBo5RkbNWvQ==",
       "cpu": [
         "arm64"
       ],
@@ -3008,9 +3005,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.55.1.tgz",
-      "integrity": "sha512-puS1MEgWX5GsHSoiAsF0TYrpomdvkaXm0CofIMG5uVkP6IBV+ZO9xhC5YEN49nsgYo1DuuMquF9+7EDBVYu4uA==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.56.0.tgz",
+      "integrity": "sha512-vLZ1yJKLxhQLFKTs42RwTwa6zkGln+bnXc8ueFGMYmBTLfNu58sl5/eXyxRa2RarTkJbXl8TKPgfS6V5ijNqEA==",
       "cpu": [
         "arm64"
       ],
@@ -3022,9 +3019,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-loong64-gnu": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.55.1.tgz",
-      "integrity": "sha512-r3Wv40in+lTsULSb6nnoudVbARdOwb2u5fpeoOAZjFLznp6tDU8kd+GTHmJoqZ9lt6/Sys33KdIHUaQihFcu7g==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.56.0.tgz",
+      "integrity": "sha512-FWfHOCub564kSE3xJQLLIC/hbKqHSVxy8vY75/YHHzWvbJL7aYJkdgwD/xGfUlL5UV2SB7otapLrcCj2xnF1dg==",
       "cpu": [
         "loong64"
       ],
@@ -3036,9 +3033,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-loong64-musl": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.55.1.tgz",
-      "integrity": "sha512-MR8c0+UxAlB22Fq4R+aQSPBayvYa3+9DrwG/i1TKQXFYEaoW3B5b/rkSRIypcZDdWjWnpcvxbNaAJDcSbJU3Lw==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.56.0.tgz",
+      "integrity": "sha512-z1EkujxIh7nbrKL1lmIpqFTc/sr0u8Uk0zK/qIEFldbt6EDKWFk/pxFq3gYj4Bjn3aa9eEhYRlL3H8ZbPT1xvA==",
       "cpu": [
         "loong64"
       ],
@@ -3050,9 +3047,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-ppc64-gnu": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.55.1.tgz",
-      "integrity": "sha512-3KhoECe1BRlSYpMTeVrD4sh2Pw2xgt4jzNSZIIPLFEsnQn9gAnZagW9+VqDqAHgm1Xc77LzJOo2LdigS5qZ+gw==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.56.0.tgz",
+      "integrity": "sha512-iNFTluqgdoQC7AIE8Q34R3AuPrJGJirj5wMUErxj22deOcY7XwZRaqYmB6ZKFHoVGqRcRd0mqO+845jAibKCkw==",
       "cpu": [
         "ppc64"
       ],
@@ -3064,9 +3061,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-ppc64-musl": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.55.1.tgz",
-      "integrity": "sha512-ziR1OuZx0vdYZZ30vueNZTg73alF59DicYrPViG0NEgDVN8/Jl87zkAPu4u6VjZST2llgEUjaiNl9JM6HH1Vdw==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.56.0.tgz",
+      "integrity": "sha512-MtMeFVlD2LIKjp2sE2xM2slq3Zxf9zwVuw0jemsxvh1QOpHSsSzfNOTH9uYW9i1MXFxUSMmLpeVeUzoNOKBaWg==",
       "cpu": [
         "ppc64"
       ],
@@ -3078,9 +3075,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.55.1.tgz",
-      "integrity": "sha512-uW0Y12ih2XJRERZ4jAfKamTyIHVMPQnTZcQjme2HMVDAHY4amf5u414OqNYC+x+LzRdRcnIG1YodLrrtA8xsxw==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.56.0.tgz",
+      "integrity": "sha512-in+v6wiHdzzVhYKXIk5U74dEZHdKN9KH0Q4ANHOTvyXPG41bajYRsy7a8TPKbYPl34hU7PP7hMVHRvv/5aCSew==",
       "cpu": [
         "riscv64"
       ],
@@ -3092,9 +3089,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-musl": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.55.1.tgz",
-      "integrity": "sha512-u9yZ0jUkOED1BFrqu3BwMQoixvGHGZ+JhJNkNKY/hyoEgOwlqKb62qu+7UjbPSHYjiVy8kKJHvXKv5coH4wDeg==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.56.0.tgz",
+      "integrity": "sha512-yni2raKHB8m9NQpI9fPVwN754mn6dHQSbDTwxdr9SE0ks38DTjLMMBjrwvB5+mXrX+C0npX0CVeCUcvvvD8CNQ==",
       "cpu": [
         "riscv64"
       ],
@@ -3106,9 +3103,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.55.1.tgz",
-      "integrity": "sha512-/0PenBCmqM4ZUd0190j7J0UsQ/1nsi735iPRakO8iPciE7BQ495Y6msPzaOmvx0/pn+eJVVlZrNrSh4WSYLxNg==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.56.0.tgz",
+      "integrity": "sha512-zhLLJx9nQPu7wezbxt2ut+CI4YlXi68ndEve16tPc/iwoylWS9B3FxpLS2PkmfYgDQtosah07Mj9E0khc3Y+vQ==",
       "cpu": [
         "s390x"
       ],
@@ -3120,9 +3117,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.55.1.tgz",
-      "integrity": "sha512-a8G4wiQxQG2BAvo+gU6XrReRRqj+pLS2NGXKm8io19goR+K8lw269eTrPkSdDTALwMmJp4th2Uh0D8J9bEV1vg==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.56.0.tgz",
+      "integrity": "sha512-MVC6UDp16ZSH7x4rtuJPAEoE1RwS8N4oK9DLHy3FTEdFoUTCFVzMfJl/BVJ330C+hx8FfprA5Wqx4FhZXkj2Kw==",
       "cpu": [
         "x64"
       ],
@@ -3134,9 +3131,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.55.1.tgz",
-      "integrity": "sha512-bD+zjpFrMpP/hqkfEcnjXWHMw5BIghGisOKPj+2NaNDuVT+8Ds4mPf3XcPHuat1tz89WRL+1wbcxKY3WSbiT7w==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.56.0.tgz",
+      "integrity": "sha512-ZhGH1eA4Qv0lxaV00azCIS1ChedK0V32952Md3FtnxSqZTBTd6tgil4nZT5cU8B+SIw3PFYkvyR4FKo2oyZIHA==",
       "cpu": [
         "x64"
       ],
@@ -3148,9 +3145,9 @@
       ]
     },
     "node_modules/@rollup/rollup-openbsd-x64": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.55.1.tgz",
-      "integrity": "sha512-eLXw0dOiqE4QmvikfQ6yjgkg/xDM+MdU9YJuP4ySTibXU0oAvnEWXt7UDJmD4UkYialMfOGFPJnIHSe/kdzPxg==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.56.0.tgz",
+      "integrity": "sha512-O16XcmyDeFI9879pEcmtWvD/2nyxR9mF7Gs44lf1vGGx8Vg2DRNx11aVXBEqOQhWb92WN4z7fW/q4+2NYzCbBA==",
       "cpu": [
         "x64"
       ],
@@ -3162,9 +3159,9 @@
       ]
     },
     "node_modules/@rollup/rollup-openharmony-arm64": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.55.1.tgz",
-      "integrity": "sha512-xzm44KgEP11te3S2HCSyYf5zIzWmx3n8HDCc7EE59+lTcswEWNpvMLfd9uJvVX8LCg9QWG67Xt75AuHn4vgsXw==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.56.0.tgz",
+      "integrity": "sha512-LhN/Reh+7F3RCgQIRbgw8ZMwUwyqJM+8pXNT6IIJAqm2IdKkzpCh/V9EdgOMBKuebIrzswqy4ATlrDgiOwbRcQ==",
       "cpu": [
         "arm64"
       ],
@@ -3176,9 +3173,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.55.1.tgz",
-      "integrity": "sha512-yR6Bl3tMC/gBok5cz/Qi0xYnVbIxGx5Fcf/ca0eB6/6JwOY+SRUcJfI0OpeTpPls7f194as62thCt/2BjxYN8g==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.56.0.tgz",
+      "integrity": "sha512-kbFsOObXp3LBULg1d3JIUQMa9Kv4UitDmpS+k0tinPBz3watcUiV2/LUDMMucA6pZO3WGE27P7DsfaN54l9ing==",
       "cpu": [
         "arm64"
       ],
@@ -3190,9 +3187,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.55.1.tgz",
-      "integrity": "sha512-3fZBidchE0eY0oFZBnekYCfg+5wAB0mbpCBuofh5mZuzIU/4jIVkbESmd2dOsFNS78b53CYv3OAtwqkZZmU5nA==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.56.0.tgz",
+      "integrity": "sha512-vSSgny54D6P4vf2izbtFm/TcWYedw7f8eBrOiGGecyHyQB9q4Kqentjaj8hToe+995nob/Wv48pDqL5a62EWtg==",
       "cpu": [
         "ia32"
       ],
@@ -3204,9 +3201,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-gnu": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.55.1.tgz",
-      "integrity": "sha512-xGGY5pXj69IxKb4yv/POoocPy/qmEGhimy/FoTpTSVju3FYXUQQMFCaZZXJVidsmGxRioZAwpThl/4zX41gRKg==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.56.0.tgz",
+      "integrity": "sha512-FeCnkPCTHQJFbiGG49KjV5YGW/8b9rrXAM2Mz2kiIoktq2qsJxRD5giEMEOD2lPdgs72upzefaUvS+nc8E3UzQ==",
       "cpu": [
         "x64"
       ],
@@ -3218,9 +3215,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.55.1.tgz",
-      "integrity": "sha512-SPEpaL6DX4rmcXtnhdrQYgzQ5W2uW3SCJch88lB2zImhJRhIIK44fkUrgIV/Q8yUNfw5oyZ5vkeQsZLhCb06lw==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.56.0.tgz",
+      "integrity": "sha512-H8AE9Ur/t0+1VXujj90w0HrSOuv0Nq9r1vSZF2t5km20NTfosQsGGUXDaKdQZzwuLts7IyL1fYT4hM95TI9c4g==",
       "cpu": [
         "x64"
       ],
@@ -4227,9 +4224,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "20.19.28",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.28.tgz",
-      "integrity": "sha512-VyKBr25BuFDzBFCK5sUM6ZXiWfqgCTwTAOK8qzGV/m9FCirXYDlmczJ+d5dXBAQALGCdRRdbteKYfJ84NGEusw==",
+      "version": "20.19.30",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.30.tgz",
+      "integrity": "sha512-WJtwWJu7UdlvzEAUm484QNg5eAoq5QR08KDNx7g45Usrs2NtOPiX8ugDqmKdXkyL03rBqU5dYNYVQetEpBHq2g==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~6.21.0"
@@ -5792,9 +5789,9 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.9.14",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.14.tgz",
-      "integrity": "sha512-B0xUquLkiGLgHhpPBqvl7GWegWBUNuujQ6kXd/r1U38ElPT6Ok8KZ8e+FpUGEc2ZoRQUzq/aUnaKFc/svWUGSg==",
+      "version": "2.9.18",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.18.tgz",
+      "integrity": "sha512-e23vBV1ZLfjb9apvfPk4rHVu2ry6RIr2Wfs+O324okSidrX7pTAnEJPCh/O5BtRlr7QtZI7ktOP3vsqr7Z5XoA==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.js"
@@ -5953,23 +5950,23 @@
       }
     },
     "node_modules/cacheable": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-2.3.1.tgz",
-      "integrity": "sha512-yr+FSHWn1ZUou5LkULX/S+jhfgfnLbuKQjE40tyEd4fxGZVMbBL5ifno0J0OauykS8UiCSgHi+DV/YD+rjFxFg==",
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-2.3.2.tgz",
+      "integrity": "sha512-w+ZuRNmex9c1TR9RcsxbfTKCjSL0rh1WA5SABbrWprIHeNBdmyQLSYonlDy9gpD+63XT8DgZ/wNh1Smvc9WnJA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@cacheable/memory": "^2.0.6",
-        "@cacheable/utils": "^2.3.2",
-        "hookified": "^1.14.0",
+        "@cacheable/memory": "^2.0.7",
+        "@cacheable/utils": "^2.3.3",
+        "hookified": "^1.15.0",
         "keyv": "^5.5.5",
-        "qified": "^0.5.3"
+        "qified": "^0.6.0"
       }
     },
     "node_modules/cacheable/node_modules/keyv": {
-      "version": "5.5.5",
-      "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.5.5.tgz",
-      "integrity": "sha512-FA5LmZVF1VziNc0bIdCSA1IoSVnDCqE8HJIZZv2/W8YmoAM50+tnUgJR/gQZwEeIMleuIOnRnHA/UaZRNeV4iQ==",
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/keyv/-/keyv-5.6.0.tgz",
+      "integrity": "sha512-CYDD3SOtsHtyXeEORYRx2qBtpDJFjRTGXUtmNEMGyzYOKj1TE3tycdlho7kA1Ufx9OYWZzg52QFBGALTirzDSw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6045,9 +6042,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001764",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001764.tgz",
-      "integrity": "sha512-9JGuzl2M+vPL+pz70gtMF9sHdMFbY9FJaQBi186cHKH3pSzDvzoUJUPV6fqiKIMyXbud9ZLg4F3Yza1vJ1+93g==",
+      "version": "1.0.30001766",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001766.tgz",
+      "integrity": "sha512-4C0lfJ0/YPjJQHagaE9x2Elb69CIqEPZeG0anQt9SIvIoOH4a4uaRl73IavyO+0qZh6MDLH//DrXThEYKHkmYA==",
       "funding": [
         {
           "type": "opencollective",
@@ -6399,9 +6396,9 @@
       }
     },
     "node_modules/comment-parser": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/comment-parser/-/comment-parser-1.4.1.tgz",
-      "integrity": "sha512-buhp5kePrmda3vhc5B9t7pUQXAb2Tnd0qgpkIhPhkHXxJpiPJ11H0ZEU0oBpJ2QztSbzG/ZxMj/CHsYJqRHmyg==",
+      "version": "1.4.5",
+      "resolved": "https://registry.npmjs.org/comment-parser/-/comment-parser-1.4.5.tgz",
+      "integrity": "sha512-aRDkn3uyIlCFfk5NUA+VdwMmMsh8JGhc4hapfV4yxymHGQ3BVskMQfoXGpCo5IoBuQ9tS5iiVKhCpTcB4pW4qw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6440,13 +6437,13 @@
       }
     },
     "node_modules/core-js-compat": {
-      "version": "3.47.0",
-      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.47.0.tgz",
-      "integrity": "sha512-IGfuznZ/n7Kp9+nypamBhvwdwLsW6KC8IOaURw2doAK5e98AG3acVLdh0woOnEqCfUtS+Vu882JE4k/DAm3ItQ==",
+      "version": "3.48.0",
+      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.48.0.tgz",
+      "integrity": "sha512-OM4cAF3D6VtH/WkLtWvyNC56EZVXsZdU3iqaMG2B4WvYrlqU831pc4UtG5yp0sE9z8Y02wVN7PjW5Zf9Gt0f1Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "browserslist": "^4.28.0"
+        "browserslist": "^4.28.1"
       },
       "funding": {
         "type": "opencollective",
@@ -6927,9 +6924,9 @@
       }
     },
     "node_modules/d3-format": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/d3-format/-/d3-format-3.1.0.tgz",
-      "integrity": "sha512-YyUI6AEuY/Wpt8KWLgZHsIU86atmikuoOmCfommt0LYHiQSPjvX2AcFc38PX0CBpr2RCyZhjex+NS/LPOv6YqA==",
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/d3-format/-/d3-format-3.1.2.tgz",
+      "integrity": "sha512-AJDdYOdnyRDV5b6ArilzCPPwc1ejkHcoyFarqlPqT7zRYjhavcT3uSrqcMvsgh2CgoPbK3RCwyHaVyxYcP2Arg==",
       "license": "ISC",
       "engines": {
         "node": ">=12"
@@ -7254,9 +7251,9 @@
       }
     },
     "node_modules/decode-named-character-reference": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.2.0.tgz",
-      "integrity": "sha512-c6fcElNV6ShtZXmsgNgFFV5tVX2PaV4g+MOAkb8eXHvn6sryJBrZa9r0zV6+dtTyoCKxtDy5tyQ5ZwQuidtd+Q==",
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.3.0.tgz",
+      "integrity": "sha512-GtpQYB283KrPp6nRw50q3U9/VfOutZOe103qlN7BPP6Ad27xYnOIWv4lPzo8HCAL+mMZofJ9KEy30fq6MfaK6Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7583,9 +7580,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.267",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.267.tgz",
-      "integrity": "sha512-0Drusm6MVRXSOJpGbaSVgcQsuB4hEkMpHXaVstcPmhu5LIedxs1xNK/nIxmQIU/RPC0+1/o0AVZfBTkTNJOdUw==",
+      "version": "1.5.278",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.278.tgz",
+      "integrity": "sha512-dQ0tM1svDRQOwxnXxm+twlGTjr9Upvt8UFWAgmLsxEzFQxhbti4VwxmMjsDxVC51Zo84swW7FVCXEV+VAkhuPw==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -10845,9 +10842,9 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "version": "4.17.23",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
       "dev": true,
       "license": "MIT"
     },
@@ -13041,13 +13038,13 @@
       }
     },
     "node_modules/qified": {
-      "version": "0.5.3",
-      "resolved": "https://registry.npmjs.org/qified/-/qified-0.5.3.tgz",
-      "integrity": "sha512-kXuQdQTB6oN3KhI6V4acnBSZx8D2I4xzZvn9+wFLLFCoBNQY/sFnCW6c43OL7pOQ2HvGV4lnWIXNmgfp7cTWhQ==",
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/qified/-/qified-0.6.0.tgz",
+      "integrity": "sha512-tsSGN1x3h569ZSU1u6diwhltLyfUWDp3YbFHedapTmpBl0B3P6U3+Qptg7xu+v+1io1EwhdPyyRHYbEw0KN2FA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "hookified": "^1.13.0"
+        "hookified": "^1.14.0"
       },
       "engines": {
         "node": ">=20"
@@ -13648,9 +13645,9 @@
       }
     },
     "node_modules/seroval": {
-      "version": "1.3.2",
-      "resolved": "https://registry.npmjs.org/seroval/-/seroval-1.3.2.tgz",
-      "integrity": "sha512-RbcPH1n5cfwKrru7v7+zrZvjLurgHhGyso3HTyGtRivGWgYjbOmGuivCQaORNELjNONoK35nj28EoWul9sb1zQ==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/seroval/-/seroval-1.5.0.tgz",
+      "integrity": "sha512-OE4cvmJ1uSPrKorFIH9/w/Qwuvi/IMcGbv5RKgcJ/zjA/IohDLU6SVaxFN9FwajbP7nsX0dQqMDes1whk3y+yw==",
       "license": "MIT",
       "peer": true,
       "engines": {
@@ -13658,9 +13655,9 @@
       }
     },
     "node_modules/seroval-plugins": {
-      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/seroval-plugins/-/seroval-plugins-1.3.3.tgz",
-      "integrity": "sha512-16OL3NnUBw8JG1jBLUoZJsLnQq0n5Ua6aHalhJK4fMQkz1lqR7Osz1sA30trBtd9VUDc2NgkuRCn8+/pBwqZ+w==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/seroval-plugins/-/seroval-plugins-1.5.0.tgz",
+      "integrity": "sha512-EAHqADIQondwRZIdeW2I636zgsODzoBDwb3PT/+7TLDWyw1Dy/Xv7iGUIEXXav7usHDE9HVhOU61irI3EnyyHA==",
       "license": "MIT",
       "engines": {
         "node": ">=10"
@@ -13957,15 +13954,15 @@
       }
     },
     "node_modules/solid-js": {
-      "version": "1.9.10",
-      "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.9.10.tgz",
-      "integrity": "sha512-Coz956cos/EPDlhs6+jsdTxKuJDPT7B5SVIWgABwROyxjY7Xbr8wkzD68Et+NxnV7DLJ3nJdAC2r9InuV/4Jew==",
+      "version": "1.9.11",
+      "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.9.11.tgz",
+      "integrity": "sha512-WEJtcc5mkh/BnHA6Yrg4whlF8g6QwpmXXRg4P2ztPmcKeHHlH4+djYecBLhSpecZY2RRECXYUwIc/C2r3yzQ4Q==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
         "csstype": "^3.1.0",
-        "seroval": "~1.3.0",
-        "seroval-plugins": "~1.3.0"
+        "seroval": "~1.5.0",
+        "seroval-plugins": "~1.5.0"
       }
     },
     "node_modules/solid-transition-group": {
@@ -14426,25 +14423,25 @@
       }
     },
     "node_modules/stylelint/node_modules/file-entry-cache": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-11.1.1.tgz",
-      "integrity": "sha512-TPVFSDE7q91Dlk1xpFLvFllf8r0HyOMOlnWy7Z2HBku5H3KhIeOGInexrIeg2D64DosVB/JXkrrk6N/7Wriq4A==",
+      "version": "11.1.2",
+      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-11.1.2.tgz",
+      "integrity": "sha512-N2WFfK12gmrK1c1GXOqiAJ1tc5YE+R53zvQ+t5P8S5XhnmKYVB5eZEiLNZKDSmoG8wqqbF9EXYBBW/nef19log==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "flat-cache": "^6.1.19"
+        "flat-cache": "^6.1.20"
       }
     },
     "node_modules/stylelint/node_modules/flat-cache": {
-      "version": "6.1.19",
-      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-6.1.19.tgz",
-      "integrity": "sha512-l/K33newPTZMTGAnnzaiqSl6NnH7Namh8jBNjrgjprWxGmZUuxx/sJNIRaijOh3n7q7ESbhNZC+pvVZMFdeU4A==",
+      "version": "6.1.20",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-6.1.20.tgz",
+      "integrity": "sha512-AhHYqwvN62NVLp4lObVXGVluiABTHapoB57EyegZVmazN+hhGhLTn3uZbOofoTw4DSDvVCadzzyChXhOAvy8uQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "cacheable": "^2.2.0",
+        "cacheable": "^2.3.2",
         "flatted": "^3.3.3",
-        "hookified": "^1.13.0"
+        "hookified": "^1.15.0"
       }
     },
     "node_modules/stylelint/node_modules/ignore": {
@@ -14767,9 +14764,9 @@
       }
     },
     "node_modules/terser": {
-      "version": "5.44.1",
-      "resolved": "https://registry.npmjs.org/terser/-/terser-5.44.1.tgz",
-      "integrity": "sha512-t/R3R/n0MSwnnazuPpPNVO60LX0SKL45pyl9YlvxIdkH0Of7D5qM2EVe+yASRIlY5pZ73nclYJfNANGWPwFDZw==",
+      "version": "5.46.0",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.46.0.tgz",
+      "integrity": "sha512-jTwoImyr/QbOWFFso3YoU3ik0jBBDJ6JTOQiy/J2YxVJdZCc+5u7skhNwiOR3FQIygFqVUPHl7qbbxtjW2K3Qg==",
       "license": "BSD-2-Clause",
       "dependencies": {
         "@jridgewell/source-map": "^0.3.3",
@@ -15204,9 +15201,9 @@
       "license": "MIT"
     },
     "node_modules/ufo": {
-      "version": "1.6.2",
-      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.2.tgz",
-      "integrity": "sha512-heMioaxBcG9+Znsda5Q8sQbWnLJSl98AFDXTO80wELWEzX3hordXsTdxrIfMQoO9IY1MEnoGoPjpoKpMj+Yx0Q==",
+      "version": "1.6.3",
+      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.3.tgz",
+      "integrity": "sha512-yDJTmhydvl5lJzBmy/hyOAA0d+aqCBuwl818haVdYCRrWV84o7YyeVm4QlVHStqNrrJSTb6jKuFAVqAFsr+K3Q==",
       "license": "MIT"
     },
     "node_modules/uint8-to-base64": {
@@ -15526,9 +15523,9 @@
       }
     },
     "node_modules/vite/node_modules/rollup": {
-      "version": "4.55.1",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.55.1.tgz",
-      "integrity": "sha512-wDv/Ht1BNHB4upNbK74s9usvl7hObDnvVzknxqY/E/O3X6rW1U1rV1aENEfJ54eFZDTNo7zv1f5N4edCluH7+A==",
+      "version": "4.56.0",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.56.0.tgz",
+      "integrity": "sha512-9FwVqlgUHzbXtDg9RCMgodF3Ua4Na6Gau+Sdt9vyCN4RhHfVKX2DCHy3BjMLTDd47ITDhYAnTwGulWTblJSDLg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -15542,31 +15539,31 @@
         "npm": ">=8.0.0"
       },
       "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.55.1",
-        "@rollup/rollup-android-arm64": "4.55.1",
-        "@rollup/rollup-darwin-arm64": "4.55.1",
-        "@rollup/rollup-darwin-x64": "4.55.1",
-        "@rollup/rollup-freebsd-arm64": "4.55.1",
-        "@rollup/rollup-freebsd-x64": "4.55.1",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.55.1",
-        "@rollup/rollup-linux-arm-musleabihf": "4.55.1",
-        "@rollup/rollup-linux-arm64-gnu": "4.55.1",
-        "@rollup/rollup-linux-arm64-musl": "4.55.1",
-        "@rollup/rollup-linux-loong64-gnu": "4.55.1",
-        "@rollup/rollup-linux-loong64-musl": "4.55.1",
-        "@rollup/rollup-linux-ppc64-gnu": "4.55.1",
-        "@rollup/rollup-linux-ppc64-musl": "4.55.1",
-        "@rollup/rollup-linux-riscv64-gnu": "4.55.1",
-        "@rollup/rollup-linux-riscv64-musl": "4.55.1",
-        "@rollup/rollup-linux-s390x-gnu": "4.55.1",
-        "@rollup/rollup-linux-x64-gnu": "4.55.1",
-        "@rollup/rollup-linux-x64-musl": "4.55.1",
-        "@rollup/rollup-openbsd-x64": "4.55.1",
-        "@rollup/rollup-openharmony-arm64": "4.55.1",
-        "@rollup/rollup-win32-arm64-msvc": "4.55.1",
-        "@rollup/rollup-win32-ia32-msvc": "4.55.1",
-        "@rollup/rollup-win32-x64-gnu": "4.55.1",
-        "@rollup/rollup-win32-x64-msvc": "4.55.1",
+        "@rollup/rollup-android-arm-eabi": "4.56.0",
+        "@rollup/rollup-android-arm64": "4.56.0",
+        "@rollup/rollup-darwin-arm64": "4.56.0",
+        "@rollup/rollup-darwin-x64": "4.56.0",
+        "@rollup/rollup-freebsd-arm64": "4.56.0",
+        "@rollup/rollup-freebsd-x64": "4.56.0",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.56.0",
+        "@rollup/rollup-linux-arm-musleabihf": "4.56.0",
+        "@rollup/rollup-linux-arm64-gnu": "4.56.0",
+        "@rollup/rollup-linux-arm64-musl": "4.56.0",
+        "@rollup/rollup-linux-loong64-gnu": "4.56.0",
+        "@rollup/rollup-linux-loong64-musl": "4.56.0",
+        "@rollup/rollup-linux-ppc64-gnu": "4.56.0",
+        "@rollup/rollup-linux-ppc64-musl": "4.56.0",
+        "@rollup/rollup-linux-riscv64-gnu": "4.56.0",
+        "@rollup/rollup-linux-riscv64-musl": "4.56.0",
+        "@rollup/rollup-linux-s390x-gnu": "4.56.0",
+        "@rollup/rollup-linux-x64-gnu": "4.56.0",
+        "@rollup/rollup-linux-x64-musl": "4.56.0",
+        "@rollup/rollup-openbsd-x64": "4.56.0",
+        "@rollup/rollup-openharmony-arm64": "4.56.0",
+        "@rollup/rollup-win32-arm64-msvc": "4.56.0",
+        "@rollup/rollup-win32-ia32-msvc": "4.56.0",
+        "@rollup/rollup-win32-x64-gnu": "4.56.0",
+        "@rollup/rollup-win32-x64-msvc": "4.56.0",
         "fsevents": "~2.3.2"
       }
     },
@@ -15827,9 +15824,9 @@
       "license": "MIT"
     },
     "node_modules/watchpack": {
-      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.5.0.tgz",
-      "integrity": "sha512-e6vZvY6xboSwLz2GD36c16+O/2Z6fKvIf4pOXptw2rY9MVwE/TXc6RGqxD3I3x0a28lwBY7DE+76uTPSsBrrCA==",
+      "version": "2.5.1",
+      "resolved": "https://registry.npmjs.org/watchpack/-/watchpack-2.5.1.tgz",
+      "integrity": "sha512-Zn5uXdcFNIA1+1Ei5McRd+iRzfhENPCe7LeABkJtNulSxjma+l7ltNx55BWZkRlwRnpOgHqxnjyaDgJnNXnqzg==",
       "license": "MIT",
       "dependencies": {
         "glob-to-regexp": "^0.4.1",
@@ -16116,9 +16113,9 @@
       }
     },
     "node_modules/which-typed-array": {
-      "version": "1.1.19",
-      "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.19.tgz",
-      "integrity": "sha512-rEvr90Bck4WZt9HHFC4DJMsjvu7x+r6bImz0/BrbWb7A2djJ8hnZMrWnHo9F8ssv0OMErasDhftrfROTyqSDrw==",
+      "version": "1.1.20",
+      "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.20.tgz",
+      "integrity": "sha512-LYfpUkmqwl0h9A2HL09Mms427Q1RZWuOHsukfVcKRq9q95iQxdw0ix1JQrqbcDR9PH1QDwf5Qo8OZb5lksZ8Xg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index add2bfe691..b8f6c9e298 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -478,9 +478,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "25.0.6",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.0.6.tgz",
-      "integrity": "sha512-NNu0sjyNxpoiW3YuVFfNz7mxSQ+S4X2G28uqg2s+CzoqoQjLPsWSbsFFyztIAqt2vb8kfEAsJNepMGPTxFDx3Q==",
+      "version": "25.0.10",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.0.10.tgz",
+      "integrity": "sha512-zWW5KPngR/yvakJgGOmZ5vTBemDoSqF3AcV/LrO5u5wTWyEAVVh+IT39G4gtyAkh3CtTZs8aX/yRM82OfzHJRg==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~7.16.0"
@@ -1014,9 +1014,9 @@
       }
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.9.14",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.14.tgz",
-      "integrity": "sha512-B0xUquLkiGLgHhpPBqvl7GWegWBUNuujQ6kXd/r1U38ElPT6Ok8KZ8e+FpUGEc2ZoRQUzq/aUnaKFc/svWUGSg==",
+      "version": "2.9.18",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.18.tgz",
+      "integrity": "sha512-e23vBV1ZLfjb9apvfPk4rHVu2ry6RIr2Wfs+O324okSidrX7pTAnEJPCh/O5BtRlr7QtZI7ktOP3vsqr7Z5XoA==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.js"
@@ -1244,9 +1244,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001764",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001764.tgz",
-      "integrity": "sha512-9JGuzl2M+vPL+pz70gtMF9sHdMFbY9FJaQBi186cHKH3pSzDvzoUJUPV6fqiKIMyXbud9ZLg4F3Yza1vJ1+93g==",
+      "version": "1.0.30001766",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001766.tgz",
+      "integrity": "sha512-4C0lfJ0/YPjJQHagaE9x2Elb69CIqEPZeG0anQt9SIvIoOH4a4uaRl73IavyO+0qZh6MDLH//DrXThEYKHkmYA==",
       "funding": [
         {
           "type": "opencollective",
@@ -2000,9 +2000,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.267",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.267.tgz",
-      "integrity": "sha512-0Drusm6MVRXSOJpGbaSVgcQsuB4hEkMpHXaVstcPmhu5LIedxs1xNK/nIxmQIU/RPC0+1/o0AVZfBTkTNJOdUw==",
+      "version": "1.5.278",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.278.tgz",
+      "integrity": "sha512-dQ0tM1svDRQOwxnXxm+twlGTjr9Upvt8UFWAgmLsxEzFQxhbti4VwxmMjsDxVC51Zo84swW7FVCXEV+VAkhuPw==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -5227,9 +5227,9 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
-      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "version": "4.17.23",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
+      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
       "license": "MIT"
     },
     "node_modules/lodash._baseassign": {
@@ -5845,9 +5845,9 @@
       "license": "ISC"
     },
     "node_modules/nan": {
-      "version": "2.24.0",
-      "resolved": "https://registry.npmjs.org/nan/-/nan-2.24.0.tgz",
-      "integrity": "sha512-Vpf9qnVW1RaDkoNKFUvfxqAbtI8ncb8OJlqZ9wwpXzWPEsvsB1nvdUi6oYrHIkQ1Y/tMDnr1h4nczS0VB9Xykg==",
+      "version": "2.25.0",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.25.0.tgz",
+      "integrity": "sha512-0M90Ag7Xn5KMLLZ7zliPWP3rT90P6PN+IzVFS0VqmnPktBk3700xUVv8Ikm9EUaUE5SDWdp/BIxdENzVznpm1g==",
       "license": "MIT",
       "optional": true
     },

From 89996009b74389b895321325323b650549f0019b Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 26 Jan 2026 12:12:13 +0100
Subject: [PATCH 223/854] Update module github.com/redis/go-redis/v9 to v9.17.3
 (forgejo) (#11045)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11045
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7d94aec801..fafb1e93eb 100644
--- a/go.mod
+++ b/go.mod
@@ -87,7 +87,7 @@ require (
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/pquerna/otp v1.4.0
 	github.com/prometheus/client_golang v1.21.1
-	github.com/redis/go-redis/v9 v9.17.2
+	github.com/redis/go-redis/v9 v9.17.3
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
 	github.com/sergi/go-diff v1.4.0
diff --git a/go.sum b/go.sum
index 47e5c8e070..692a9e9cbd 100644
--- a/go.sum
+++ b/go.sum
@@ -608,8 +608,8 @@ github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ
 github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/redis/go-redis/v9 v9.17.2 h1:P2EGsA4qVIM3Pp+aPocCJ7DguDHhqrXNhVcEp4ViluI=
-github.com/redis/go-redis/v9 v9.17.2/go.mod h1:u410H11HMLoB+TP67dz8rL9s6QW2j76l0//kSOd3370=
+github.com/redis/go-redis/v9 v9.17.3 h1:fN29NdNrE17KttK5Ndf20buqfDZwGNgoUr9qjl1DQx4=
+github.com/redis/go-redis/v9 v9.17.3/go.mod h1:u410H11HMLoB+TP67dz8rL9s6QW2j76l0//kSOd3370=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rhysd/actionlint v1.7.10 h1:FL3XIEs72G4/++168vlv5FKOWMSWvWIQw1kBCadyOcM=

From 3cafb7fa6ced503113681eefb75f80bfd1104138 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Mon, 26 Jan 2026 13:12:25 +0100
Subject: [PATCH 224/854] chore(ui): change /devtest to /-/demo (#11019)

It has always been largely used for showcasing UI elements but that name didn't work too well for it.

Testing:
Some of existing tests depend on these pages, making it redundant to create extra tests.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11019
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 models/user/user.go                            |  1 -
 modules/testlogger/testlogger.go               |  2 +-
 .../web/{devtest/devtest.go => demo/demo.go}   | 10 +++++-----
 routers/web/web.go                             | 12 +++++++-----
 tailwind.config.js                             |  4 ++--
 templates/base/head_navbar.tmpl                | 10 +++++-----
 templates/{devtest => demo}/buttons.tmpl       |  2 +-
 templates/{devtest => demo}/dropdown.tmpl      |  2 +-
 templates/{devtest => demo}/fetch-action.tmpl  |  2 +-
 templates/{devtest => demo}/flex-list.tmpl     |  4 ++--
 .../{devtest => demo}/fomantic-modal.tmpl      |  2 +-
 templates/{devtest => demo}/gitea-ui.tmpl      | 10 +++++-----
 templates/{devtest => demo}/hashbox.tmpl       |  2 +-
 templates/{devtest => demo}/label.tmpl         |  4 ++--
 templates/{devtest => demo}/list.tmpl          | 10 +++++-----
 templates/{devtest => demo}/modal.tmpl         |  2 +-
 templates/{devtest => demo}/tmplerr-sub.tmpl   |  0
 templates/{devtest => demo}/tmplerr.tmpl       |  4 ++--
 tests/e2e/buttons.test.e2e.ts                  |  2 +-
 tests/e2e/dropdown.test.e2e.ts                 |  8 ++++----
 tests/e2e/modal.test.e2e.ts                    |  4 ++--
 ...vtest_error_test.go => error_pages_test.go} | 16 ++++++++--------
 tests/integration/navbar_test.go               |  6 +++---
 tests/integration/signin_test.go               | 18 ++++++++----------
 tests/integration/user_test.go                 |  1 -
 .../css/standalone/{devtest.css => demo.css}   |  0
 web_src/js/standalone/{devtest.js => demo.js}  |  0
 webpack.config.js                              |  6 +++---
 28 files changed, 71 insertions(+), 73 deletions(-)
 rename routers/web/{devtest/devtest.go => demo/demo.go} (92%)
 rename templates/{devtest => demo}/buttons.tmpl (95%)
 rename templates/{devtest => demo}/dropdown.tmpl (96%)
 rename templates/{devtest => demo}/fetch-action.tmpl (97%)
 rename templates/{devtest => demo}/flex-list.tmpl (96%)
 rename templates/{devtest => demo}/fomantic-modal.tmpl (98%)
 rename templates/{devtest => demo}/gitea-ui.tmpl (97%)
 rename templates/{devtest => demo}/hashbox.tmpl (97%)
 rename templates/{devtest => demo}/label.tmpl (91%)
 rename templates/{devtest => demo}/list.tmpl (56%)
 rename templates/{devtest => demo}/modal.tmpl (96%)
 rename templates/{devtest => demo}/tmplerr-sub.tmpl (100%)
 rename templates/{devtest => demo}/tmplerr.tmpl (75%)
 rename tests/integration/{devtest_error_test.go => error_pages_test.go} (79%)
 rename web_src/css/standalone/{devtest.css => demo.css} (100%)
 rename web_src/js/standalone/{devtest.js => demo.js} (100%)

diff --git a/models/user/user.go b/models/user/user.go
index c78d396f39..0fd8061a89 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -664,7 +664,6 @@ var (
 		"user",  // user login/activate/settings, etc
 
 		"admin",
-		"devtest",
 		"explore",
 		"issues",
 		"pulls",
diff --git a/modules/testlogger/testlogger.go b/modules/testlogger/testlogger.go
index 772ae47e71..6ced5f6780 100644
--- a/modules/testlogger/testlogger.go
+++ b/modules/testlogger/testlogger.go
@@ -367,7 +367,7 @@ var ignoredErrorMessage = []string{
 	// Test_CmdForgejo_Actions
 	`DB: No dedicated replica host defined; falling back to primary DSN for replica connections`,
 
-	// TestDevtestErrorpages
+	// TestDemoErrorPages
 	`ErrorPage() [E] Example error: Example error`,
 }
 
diff --git a/routers/web/devtest/devtest.go b/routers/web/demo/demo.go
similarity index 92%
rename from routers/web/devtest/devtest.go
rename to routers/web/demo/demo.go
index 9b5804b976..6a2256f0e0 100644
--- a/routers/web/devtest/devtest.go
+++ b/routers/web/demo/demo.go
@@ -2,7 +2,7 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package devtest
+package demo
 
 import (
 	"errors"
@@ -18,9 +18,9 @@ import (
 	"forgejo.org/services/context"
 )
 
-// List all devtest templates, they will be used for e2e tests for the UI components
+// List all demo templates, they will be used for e2e tests for the UI components
 func List(ctx *context.Context) {
-	templateNames, err := templates.AssetFS().ListFiles("devtest", true)
+	templateNames, err := templates.AssetFS().ListFiles("demo", true)
 	if err != nil {
 		ctx.ServerError("AssetFS().ListFiles", err)
 		return
@@ -33,7 +33,7 @@ func List(ctx *context.Context) {
 		}
 	}
 	ctx.Data["SubNames"] = subNames
-	ctx.HTML(http.StatusOK, "devtest/list")
+	ctx.HTML(http.StatusOK, "demo/list")
 }
 
 func FetchActionTest(ctx *context.Context) {
@@ -90,5 +90,5 @@ func Tmpl(ctx *context.Context) {
 		time.Sleep(2 * time.Second)
 	}
 
-	ctx.HTML(http.StatusOK, base.TplName("devtest"+path.Clean("/"+ctx.Params("sub"))))
+	ctx.HTML(http.StatusOK, base.TplName("demo"+path.Clean("/"+ctx.Params("sub"))))
 }
diff --git a/routers/web/web.go b/routers/web/web.go
index 16b47786d3..cd5d65b912 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -28,7 +28,7 @@ import (
 	"forgejo.org/routers/common"
 	"forgejo.org/routers/web/admin"
 	"forgejo.org/routers/web/auth"
-	"forgejo.org/routers/web/devtest"
+	"forgejo.org/routers/web/demo"
 	"forgejo.org/routers/web/events"
 	"forgejo.org/routers/web/explore"
 	"forgejo.org/routers/web/feed"
@@ -1720,10 +1720,12 @@ func registerRoutes(m *web.Route) {
 	}
 
 	if !setting.IsProd {
-		m.Any("/devtest", devtest.List)
-		m.Any("/devtest/fetch-action-test", devtest.FetchActionTest)
-		m.Any("/devtest/{sub}", devtest.Tmpl)
-		m.Get("/devtest/error/{errcode}", devtest.ErrorPage)
+		m.Group("/-", func() {
+			m.Any("/demo", demo.List)
+			m.Any("/demo/fetch-action-test", demo.FetchActionTest)
+			m.Any("/demo/{sub}", demo.Tmpl)
+			m.Get("/demo/error/{errcode}", demo.ErrorPage)
+		}, ignSignIn)
 	}
 
 	m.NotFound(func(w http.ResponseWriter, req *http.Request) {
diff --git a/tailwind.config.js b/tailwind.config.js
index 7f5058a7da..2820986b6c 100644
--- a/tailwind.config.js
+++ b/tailwind.config.js
@@ -28,8 +28,8 @@ export default {
   prefix: 'tw-',
   important: true, // the frameworks are mixed together, so tailwind needs to override other framework's styles
   content: [
-    isProduction && '!./templates/devtest/**/*',
-    isProduction && '!./web_src/js/standalone/devtest.js',
+    isProduction && '!./templates/demo/**/*',
+    isProduction && '!./web_src/js/standalone/demo.js',
     '!./templates/swagger/v1_json.tmpl',
     '!./templates/user/auth/oidc_wellknown.tmpl',
     './templates/**/*.tmpl',
diff --git a/templates/base/head_navbar.tmpl b/templates/base/head_navbar.tmpl
index e5d67556c2..0d2884d5d4 100644
--- a/templates/base/head_navbar.tmpl
+++ b/templates/base/head_navbar.tmpl
@@ -194,8 +194,8 @@
 								{{ctx.Locale.Tr "help"}}
 							</a>
 						</li>
-						{{$showDevtest := not .RunModeIsProd}}
-						{{if or .IsAdmin $showDevtest}}
+						{{$showDemo := not .RunModeIsProd}}
+						{{if or .IsAdmin $showDemo}}
 							<hr>
 						{{end}}
 						{{if .IsAdmin}}
@@ -206,11 +206,11 @@
 								</a>
 							</li>
 						{{end}}
-						{{if $showDevtest}}
+						{{if $showDemo}}
 							<li>
-								<a href="{{AppSubUrl}}/devtest">
+								<a href="{{AppSubUrl}}/-/demo">
 									{{svg "octicon-beaker"}}
-									Development pages
+									Demo pages
 								</a>
 							</li>
 						{{end}}
diff --git a/templates/devtest/buttons.tmpl b/templates/demo/buttons.tmpl
similarity index 95%
rename from templates/devtest/buttons.tmpl
rename to templates/demo/buttons.tmpl
index 909a4061a3..a775b29008 100644
--- a/templates/devtest/buttons.tmpl
+++ b/templates/demo/buttons.tmpl
@@ -1,6 +1,6 @@
 {{template "base/head" .}}
 
-<div class="page-content devtest ui container">
+<div class="page-content ui container">
 	<h1>Buttons</h1>
 
 	<p>
diff --git a/templates/devtest/dropdown.tmpl b/templates/demo/dropdown.tmpl
similarity index 96%
rename from templates/devtest/dropdown.tmpl
rename to templates/demo/dropdown.tmpl
index 9df58758d4..7776a99cad 100644
--- a/templates/devtest/dropdown.tmpl
+++ b/templates/demo/dropdown.tmpl
@@ -1,6 +1,6 @@
 {{template "base/head" .}}
 
-<div class="page-content devtest ui container">
+<div class="page-content ui container">
 	<h1>Dropdown</h1>
 	a.k.a. overflow menu, ellipsis menu
 
diff --git a/templates/devtest/fetch-action.tmpl b/templates/demo/fetch-action.tmpl
similarity index 97%
rename from templates/devtest/fetch-action.tmpl
rename to templates/demo/fetch-action.tmpl
index be15a5389f..d31044320a 100644
--- a/templates/devtest/fetch-action.tmpl
+++ b/templates/demo/fetch-action.tmpl
@@ -1,5 +1,5 @@
 {{template "base/head" .}}
-<div class="page-content devtest ui container">
+<div class="page-content ui container">
 	{{template "base/alert" .}}
 	<div>
 		<h1>link-action</h1>
diff --git a/templates/devtest/flex-list.tmpl b/templates/demo/flex-list.tmpl
similarity index 96%
rename from templates/devtest/flex-list.tmpl
rename to templates/demo/flex-list.tmpl
index 015ab1e154..e62c23fcc6 100644
--- a/templates/devtest/flex-list.tmpl
+++ b/templates/demo/flex-list.tmpl
@@ -1,6 +1,6 @@
 {{template "base/head" .}}
-<link rel="stylesheet" href="{{AssetUrlPrefix}}/css/devtest.css?v={{AssetVersion}}">
-<div class="page-content devtest">
+<link rel="stylesheet" href="{{AssetUrlPrefix}}/css/demo.css?v={{AssetVersion}}">
+<div class="page-content">
 	<div class="ui container">
 		<h1>Flex List (standalone)</h1>
 		<div class="divider"></div>
diff --git a/templates/devtest/fomantic-modal.tmpl b/templates/demo/fomantic-modal.tmpl
similarity index 98%
rename from templates/devtest/fomantic-modal.tmpl
rename to templates/demo/fomantic-modal.tmpl
index 5b94afc4f1..4d1ba0a2c4 100644
--- a/templates/devtest/fomantic-modal.tmpl
+++ b/templates/demo/fomantic-modal.tmpl
@@ -1,5 +1,5 @@
 {{template "base/head" .}}
-<div class="page-content devtest ui container">
+<div class="page-content ui container">
 	{{template "base/alert" .}}
 
 	<div id="test-modal-form-1" class="ui mini modal">
diff --git a/templates/devtest/gitea-ui.tmpl b/templates/demo/gitea-ui.tmpl
similarity index 97%
rename from templates/devtest/gitea-ui.tmpl
rename to templates/demo/gitea-ui.tmpl
index 6daf6d74c7..866298a121 100644
--- a/templates/devtest/gitea-ui.tmpl
+++ b/templates/demo/gitea-ui.tmpl
@@ -1,6 +1,6 @@
 {{template "base/head" .}}
-<link rel="stylesheet" href="{{AssetUrlPrefix}}/css/devtest.css?v={{AssetVersion}}">
-<div class="page-content devtest ui container">
+<link rel="stylesheet" href="{{AssetUrlPrefix}}/css/demo.css?v={{AssetVersion}}">
+<div class="page-content ui container">
 	<div>
 		<h1>Link</h1>
 		<div>
@@ -21,7 +21,7 @@
 			State:
 			<label><input type="checkbox" name="button-state-disabled" value="disabled">disabled</label>
 		</div>
-		<div id="devtest-button-samples">
+		<div id="demo-button-samples">
 			<ul class="button-sample-groups">
 				<li class="sample-group">
 					<h2>General purpose:</h2>
@@ -65,7 +65,7 @@
 				</li>
 			</ul>
 			<script type="module">
-				const $buttons = $('#devtest-button-samples').find('button.ui');
+				const $buttons = $('#demo-button-samples').find('button.ui');
 
 				const $buttonStyles = $('input[name*="button-style"]');
 				$buttonStyles.on('click', () => $buttonStyles.map((_ ,el) => $buttons.toggleClass(el.value, el.checked)));
@@ -315,6 +315,6 @@
 		<button class="{{if true}}tw-bg-red{{end}} tw-p-5 tw-border tw-rounded hover:tw-bg-blue active:tw-bg-yellow">Button</button>
 	</div>
 
-	<script src="{{AssetUrlPrefix}}/js/devtest.js?v={{AssetVersion}}"></script>
+	<script src="{{AssetUrlPrefix}}/js/demo.js?v={{AssetVersion}}"></script>
 </div>
 {{template "base/footer" .}}
diff --git a/templates/devtest/hashbox.tmpl b/templates/demo/hashbox.tmpl
similarity index 97%
rename from templates/devtest/hashbox.tmpl
rename to templates/demo/hashbox.tmpl
index 7321c9956d..a74a125891 100644
--- a/templates/devtest/hashbox.tmpl
+++ b/templates/demo/hashbox.tmpl
@@ -1,6 +1,6 @@
 {{template "base/head" .}}
 
-<div class="page-content devtest ui container">
+<div class="page-content ui container">
 	<h1>Hashbox (shabox)</h1>
 
 	<h2>Unsigned</h2>
diff --git a/templates/devtest/label.tmpl b/templates/demo/label.tmpl
similarity index 91%
rename from templates/devtest/label.tmpl
rename to templates/demo/label.tmpl
index c4b52a3e23..1354cc85cb 100644
--- a/templates/devtest/label.tmpl
+++ b/templates/demo/label.tmpl
@@ -1,6 +1,6 @@
 {{template "base/head" .}}
-<link rel="stylesheet" href="{{AssetUrlPrefix}}/css/devtest.css?v={{AssetVersion}}">
-<div class="page-content devtest ui container">
+<link rel="stylesheet" href="{{AssetUrlPrefix}}/css/demo.css?v={{AssetVersion}}">
+<div class="page-content ui container">
 	<div>
 		<h1>Label</h1>
 		<div class="flex-text-block tw-my-2">
diff --git a/templates/devtest/list.tmpl b/templates/demo/list.tmpl
similarity index 56%
rename from templates/devtest/list.tmpl
rename to templates/demo/list.tmpl
index 7325347454..80f9648ee8 100644
--- a/templates/devtest/list.tmpl
+++ b/templates/demo/list.tmpl
@@ -1,7 +1,7 @@
 {{template "base/head" .}}
 
 <div role="main" class="page-content ui container">
-	<h1>Development pages</h1>
+	<h1>Demo pages</h1>
 
 	<p>Various pages that may be helpful in development or testing</p>
 
@@ -9,7 +9,7 @@
 		<h2>Components</h2>
 		<ul>
 			{{range .SubNames}}
-			<li><a href="{{AppSubUrl}}/devtest/{{.}}">{{.}}</a></li>
+			<li><a href="{{AppSubUrl}}/-/demo/{{.}}">{{.}}</a></li>
 			{{end}}
 		</ul>
 	</article>
@@ -17,9 +17,9 @@
 	<article>
 		<h2>Error pages</h2>
 		<ul>
-			<li><a href="{{AppSubUrl}}/devtest/error/404">Not found</a></li>
-			<li><a href="{{AppSubUrl}}/devtest/error/413">Quota exhaustion</a></li>
-			<li><a href="{{AppSubUrl}}/devtest/error/500">Server error</a></li>
+			<li><a href="{{AppSubUrl}}/-/demo/error/404">Not found</a></li>
+			<li><a href="{{AppSubUrl}}/-/demo/error/413">Quota exhaustion</a></li>
+			<li><a href="{{AppSubUrl}}/-/demo/error/500">Server error</a></li>
 		</ul>
 	</article>
 </div>
diff --git a/templates/devtest/modal.tmpl b/templates/demo/modal.tmpl
similarity index 96%
rename from templates/devtest/modal.tmpl
rename to templates/demo/modal.tmpl
index 3e79879692..746d82b229 100644
--- a/templates/devtest/modal.tmpl
+++ b/templates/demo/modal.tmpl
@@ -1,6 +1,6 @@
 {{template "base/head" .}}
 
-<div class="page-content devtest ui container">
+<div class="page-content ui container">
 	<h1>Modals</h1>
 
 	<div class="button-sequence">
diff --git a/templates/devtest/tmplerr-sub.tmpl b/templates/demo/tmplerr-sub.tmpl
similarity index 100%
rename from templates/devtest/tmplerr-sub.tmpl
rename to templates/demo/tmplerr-sub.tmpl
diff --git a/templates/devtest/tmplerr.tmpl b/templates/demo/tmplerr.tmpl
similarity index 75%
rename from templates/devtest/tmplerr.tmpl
rename to templates/demo/tmplerr.tmpl
index dd938c895e..afc3685f21 100644
--- a/templates/devtest/tmplerr.tmpl
+++ b/templates/demo/tmplerr.tmpl
@@ -1,11 +1,11 @@
 {{template "base/head" .}}
-<div class="page-content devtest">
+<div class="page-content">
 	<div class="tw-flex">
 		<div class="tw-w-4/5">
 			hello hello hello hello hello hello hello hello hello hello
 		</div>
 		<div class="tw-w-1/5">
-			{{template "devtest/tmplerr-sub" .}}
+			{{template "demo/tmplerr-sub" .}}
 		</div>
 	</div>
 </div>
diff --git a/tests/e2e/buttons.test.e2e.ts b/tests/e2e/buttons.test.e2e.ts
index 265e432d48..89dc47821e 100644
--- a/tests/e2e/buttons.test.e2e.ts
+++ b/tests/e2e/buttons.test.e2e.ts
@@ -49,7 +49,7 @@ test('Button visuals', async ({browser}) => {
 
   const context = await browser.newContext({javaScriptEnabled: false});
   const page = await context.newPage();
-  const response = await page.goto('/devtest/buttons');
+  const response = await page.goto('/-/demo/buttons');
   expect(response?.status()).toBe(200);
 
   const transparent = 'rgba(0, 0, 0, 0)';
diff --git a/tests/e2e/dropdown.test.e2e.ts b/tests/e2e/dropdown.test.e2e.ts
index e90ea93d6b..b9390f360f 100644
--- a/tests/e2e/dropdown.test.e2e.ts
+++ b/tests/e2e/dropdown.test.e2e.ts
@@ -5,7 +5,7 @@
 // templates/shared/user/actions_menu.tmpl
 // templates/org/header.tmpl
 // templates/explore/search.tmpl
-// templates/devtest/dropdown.tmpl
+// templates/demo/dropdown.tmpl
 // web_src/js/modules/dropdown.ts
 // @watch end
 
@@ -228,12 +228,12 @@ test.describe(`Visual properties`, () => {
     expect(await inactiveItem.evaluate((el) => getComputedStyle(el).backgroundColor)).toBe('rgba(0, 0, 0, 0)');
   });
 
-  test('Devtest', async ({browser}) => {
+  test('Demo page', async ({browser}) => {
     const context = await browser.newContext({javaScriptEnabled: false});
     const page = await context.newPage();
 
-    // `/devtest` has dropdowns with various combinations of items
-    await page.goto('/devtest/dropdown');
+    // `/-/demo` has dropdowns with various combinations of items
+    await page.goto('/-/demo/dropdown');
 
     // Dropdown with just 3 items and nothing special
     await page.locator(`#dropdown-1 > summary`).click();
diff --git a/tests/e2e/modal.test.e2e.ts b/tests/e2e/modal.test.e2e.ts
index 4451b2543d..28161a2012 100644
--- a/tests/e2e/modal.test.e2e.ts
+++ b/tests/e2e/modal.test.e2e.ts
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: GPL-3.0-or-later
 
 // @watch start
-// templates/devtest/modal.tmpl
+// templates/demo/modal.tmpl
 // templates/repo/editor/edit.tmpl
 // templates/repo/editor/patch.tmpl
 // web_src/js/features/repo-editor.js
@@ -50,7 +50,7 @@ test('Dialog modal', async ({page}) => {
 
 test('Dialog modal: width', async ({page, isMobile}) => {
   // This test doesn't need JS and runs a little faster without it
-  await page.goto('/devtest/modal');
+  await page.goto('/-/demo/modal');
 
   // Open modal with short content
   const shortModal = page.locator('#short-modal');
diff --git a/tests/integration/devtest_error_test.go b/tests/integration/error_pages_test.go
similarity index 79%
rename from tests/integration/devtest_error_test.go
rename to tests/integration/error_pages_test.go
index b0148b3fd1..41c7d8e870 100644
--- a/tests/integration/devtest_error_test.go
+++ b/tests/integration/error_pages_test.go
@@ -14,11 +14,11 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-// `/devtest/error/{errcode}` provides a convenient way of testing various
+// `/-/demo/error/{errcode}` provides a convenient way of testing various
 // error pages sometimes which can be hard to reach otherwise.
 // This file is a test of various attributes on those pages.
 
-func enableDevtest() func() {
+func enableDemoPages() func() {
 	resetIsProd := test.MockVariableValue(&setting.IsProd, false)
 	resetRoutes := test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())
 	return func() {
@@ -27,13 +27,13 @@ func enableDevtest() func() {
 	}
 }
 
-func TestDevtestErrorpages(t *testing.T) {
-	defer enableDevtest()()
+func TestDemoErrorPages(t *testing.T) {
+	defer enableDemoPages()()
 
 	t.Run("Server error", func(t *testing.T) {
-		// `/devtest/error/x` returns 500 for any x by default.
+		// `/-/demo/error/x` returns 500 for any x by default.
 		// `/500` is simply for good look here
-		req := NewRequest(t, "GET", "/devtest/error/500")
+		req := NewRequest(t, "GET", "/-/demo/error/500")
 		resp := MakeRequest(t, req, http.StatusInternalServerError)
 		doc := NewHTMLParser(t, resp.Body)
 		assert.Equal(t, "500", doc.Find(".error-code").Text())
@@ -42,7 +42,7 @@ func TestDevtestErrorpages(t *testing.T) {
 
 	t.Run("Page not found",
 		func(t *testing.T) {
-			req := NewRequest(t, "GET", "/devtest/error/404").
+			req := NewRequest(t, "GET", "/-/demo/error/404").
 				// Without this header `notFoundInternal` returns plaintext error message
 				SetHeader("Accept", "text/html")
 			resp := MakeRequest(t, req, http.StatusNotFound)
@@ -53,7 +53,7 @@ func TestDevtestErrorpages(t *testing.T) {
 
 	t.Run("Quota exhaustion",
 		func(t *testing.T) {
-			req := NewRequest(t, "GET", "/devtest/error/413")
+			req := NewRequest(t, "GET", "/-/demo/error/413")
 			resp := MakeRequest(t, req, http.StatusRequestEntityTooLarge)
 			doc := NewHTMLParser(t, resp.Body)
 			assert.Equal(t, "413", doc.Find(".error-code").Text())
diff --git a/tests/integration/navbar_test.go b/tests/integration/navbar_test.go
index 03e08a4314..86f4487aef 100644
--- a/tests/integration/navbar_test.go
+++ b/tests/integration/navbar_test.go
@@ -76,7 +76,7 @@ func TestNavbarItems(t *testing.T) {
 		defer test.MockVariableValue(&setting.IsProd, false)()
 
 		page := NewHTMLParser(t, regularUser.MakeRequest(t, NewRequest(t, "GET", testPage), http.StatusOK).Body)
-		page.AssertElement(t, `details.dropdown a[href="/devtest"]`, true)
+		page.AssertElement(t, `details.dropdown a[href="/-/demo"]`, true)
 
 		testNavbarUserMenuActiveItem(t, regularUser, "/user/settings")
 		testNavbarUserMenuActiveItem(t, adminUser, "/admin")
@@ -95,7 +95,7 @@ func TestNavbarItems(t *testing.T) {
 			{`details.dropdown a[href="/notifications/subscriptions"]`, true},
 			{`details.dropdown a[href="/user/settings"]`, true},
 			{`details.dropdown a[href="/admin"]`, false},
-			{`details.dropdown a[href="/devtest"]`, false},
+			{`details.dropdown a[href="/-/demo"]`, false},
 			{`details.dropdown a[href="https://forgejo.org/docs/latest/"]`, true},
 			{`details.dropdown a[data-url="/user/logout"]`, true},
 		}
@@ -114,7 +114,7 @@ func TestNavbarItems(t *testing.T) {
 			{`details.dropdown a[href="/notifications/subscriptions"]`, true},
 			{`details.dropdown a[href="/user/settings"]`, true},
 			{`details.dropdown a[href="/admin"]`, true},
-			{`details.dropdown a[href="/devtest"]`, false},
+			{`details.dropdown a[href="/-/demo"]`, false},
 			{`details.dropdown a[href="https://forgejo.org/docs/latest/"]`, true},
 			{`details.dropdown a[data-url="/user/logout"]`, true},
 		}
diff --git a/tests/integration/signin_test.go b/tests/integration/signin_test.go
index 6db2b51aea..c9b2d6ed1c 100644
--- a/tests/integration/signin_test.go
+++ b/tests/integration/signin_test.go
@@ -171,9 +171,9 @@ func TestGlobalTwoFactorRequirement(t *testing.T) {
 			assert.Greater(t, htmlDoc.Find(".navbar-left > a.item").Length(), 1) // show the Logo, and other links
 			assert.Greater(t, htmlDoc.Find(".navbar-right details.dropdown a").Length(), 1)
 
-			// 500 page
-			reset := enableDevtest()
-			req = NewRequest(t, "GET", "/devtest/error/500")
+			// demo pages are using ignSignIn and are expected to be accessible with loginAllowed
+			reset := enableDemoPages()
+			req = NewRequest(t, "GET", "/-/demo/error/500")
 			req.Header.Add("Accept", "text/html")
 			resp = session.MakeRequest(t, req, http.StatusInternalServerError)
 			htmlDoc = NewHTMLParser(t, resp.Body)
@@ -195,14 +195,12 @@ func TestGlobalTwoFactorRequirement(t *testing.T) {
 			assert.Equal(t, 1, userLinks.Length()) // only logout link
 			assert.Equal(t, "Sign out", strings.TrimSpace(userLinks.Text()))
 
-			// 500 page
-			reset := enableDevtest()
-			req = NewRequest(t, "GET", "/devtest/error/500")
+			// demo pages are using ignSignIn and should redirect like any other pages if 2FA is required but missing
+			reset := enableDemoPages()
+			req = NewRequest(t, "GET", "/-/demo/error/500")
 			req.Header.Add("Accept", "text/html")
-			resp = session.MakeRequest(t, req, http.StatusInternalServerError)
-			htmlDoc = NewHTMLParser(t, resp.Body)
-			assert.Equal(t, 1, htmlDoc.Find(".navbar-left > a.item").Length())
-			htmlDoc.AssertElement(t, ".navbar-right", false)
+			resp = session.MakeRequest(t, req, http.StatusSeeOther)
+			assert.Equal(t, "/user/settings/security", resp.Header().Get("Location"))
 			reset()
 
 			// 2fa page
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index 50526ba65d..0109ab2435 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -117,7 +117,6 @@ func TestRenameReservedUsername(t *testing.T) {
 		"avatar",
 		"avatars",
 		"captcha",
-		"devtest",
 		"explore",
 		"favicon.ico",
 		"ghost",
diff --git a/web_src/css/standalone/devtest.css b/web_src/css/standalone/demo.css
similarity index 100%
rename from web_src/css/standalone/devtest.css
rename to web_src/css/standalone/demo.css
diff --git a/web_src/js/standalone/devtest.js b/web_src/js/standalone/demo.js
similarity index 100%
rename from web_src/js/standalone/devtest.js
rename to web_src/js/standalone/demo.js
diff --git a/webpack.config.js b/webpack.config.js
index 7f5760833e..06c46dda0b 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -132,9 +132,9 @@ export default {
       fileURLToPath(new URL('web_src/js/features/eventsource.sharedworker.js', import.meta.url)),
     ],
     ...(!isProduction && {
-      devtest: [
-        fileURLToPath(new URL('web_src/js/standalone/devtest.js', import.meta.url)),
-        fileURLToPath(new URL('web_src/css/standalone/devtest.css', import.meta.url)),
+      demo: [
+        fileURLToPath(new URL('web_src/js/standalone/demo.js', import.meta.url)),
+        fileURLToPath(new URL('web_src/css/standalone/demo.css', import.meta.url)),
       ],
     }),
     ...themes,

From fb2f666535d96b06dc4df901375defdfac0ac43d Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Mon, 26 Jan 2026 14:47:08 +0100
Subject: [PATCH 225/854] fix: Wait & retry when primary rate limit are hit for
 Github migration (#10846)

This is a successor to #10805, which simply did not work. It is also much simpler and basically a one line change to enable an existing feature in [go-github](https://github.com/google/go-github).

Fixes #10845

With this fix and #10798 in place, a migration of a repo with ~3K issues and ~1.3k pull requests finally completed successfully.

## Patch

We use SleepUntilPrimaryRateLimitResetWhenRateLimited to instruct the go-github code to wait until the retry time and retry the request when the primary rate limit gets hit.

## Test case

TestGitHubDownloadRepo() has been modified such that 403 rate limit errors are injected every 7 requests with a retry time of one second, resulting in the rate limit condition being hit twice with the current tests. The test case confirms that the migration code itself is in fact unaffected by the rate limit being hit.

## Scope

This change does not affect secondary rate limits.

If the server is restarted during the wait for the rate limit refresh, the migration likely still fails when retried, because inserts for already present database objects will be attempted.

This approach effectively puts the task's goroutine to sleep until the retry time, which implies that the respective resources stay allocated.

A better approach might be to add the necessary infrastructure to support restarts of migration tasks at a later time, but this is much more involved, because the migration state would need to be saved and/or re-created based on already pulled data. This would also require adding support for database upserts.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10846
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 assets/go-licenses.json            |  4 ++--
 go.mod                             |  2 +-
 go.sum                             |  4 ++--
 services/migrations/error.go       |  2 +-
 services/migrations/github.go      |  6 ++++--
 services/migrations/github_test.go | 33 +++++++++++++++++++++++++++++-
 6 files changed, 42 insertions(+), 9 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 4db7e9638d..80523116cc 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -695,8 +695,8 @@
     "licenseText": "Copyright (c) 2017 The Go Authors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
   {
-    "name": "github.com/google/go-github/v74/github",
-    "path": "github.com/google/go-github/v74/github/LICENSE",
+    "name": "github.com/google/go-github/v81/github",
+    "path": "github.com/google/go-github/v81/github/LICENSE",
     "licenseText": "Copyright (c) 2013 The go-github AUTHORS. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
   {
diff --git a/go.mod b/go.mod
index fafb1e93eb..21ea81336c 100644
--- a/go.mod
+++ b/go.mod
@@ -58,7 +58,7 @@ require (
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
 	github.com/golang-jwt/jwt/v5 v5.3.0
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
-	github.com/google/go-github/v74 v74.0.0
+	github.com/google/go-github/v81 v81.0.0
 	github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/feeds v1.2.0
diff --git a/go.sum b/go.sum
index 692a9e9cbd..68961f91d6 100644
--- a/go.sum
+++ b/go.sum
@@ -384,8 +384,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/google/go-github/v74 v74.0.0 h1:yZcddTUn8DPbj11GxnMrNiAnXH14gNs559AsUpNpPgM=
-github.com/google/go-github/v74 v74.0.0/go.mod h1:ubn/YdyftV80VPSI26nSJvaEsTOnsjrxG3o9kJhcyak=
+github.com/google/go-github/v81 v81.0.0 h1:hTLugQRxSLD1Yei18fk4A5eYjOGLUBKAl/VCqOfFkZc=
+github.com/google/go-github/v81 v81.0.0/go.mod h1:upyjaybucIbBIuxgJS7YLOZGziyvvJ92WX6WEBNE3sM=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/go-tpm v0.9.5 h1:ocUmnDebX54dnW+MQWGQRbdaAcJELsa6PqZhJ48KwVU=
diff --git a/services/migrations/error.go b/services/migrations/error.go
index 2dd9647d95..dee008a071 100644
--- a/services/migrations/error.go
+++ b/services/migrations/error.go
@@ -7,7 +7,7 @@ package migrations
 import (
 	"errors"
 
-	"github.com/google/go-github/v74/github"
+	"github.com/google/go-github/v81/github"
 )
 
 // ErrRepoNotCreated returns the error that repository not created
diff --git a/services/migrations/github.go b/services/migrations/github.go
index 87e8248cab..569d9c5780 100644
--- a/services/migrations/github.go
+++ b/services/migrations/github.go
@@ -20,7 +20,7 @@ import (
 	"forgejo.org/modules/proxy"
 	"forgejo.org/modules/structs"
 
-	"github.com/google/go-github/v74/github"
+	"github.com/google/go-github/v81/github"
 	"golang.org/x/oauth2"
 )
 
@@ -98,7 +98,6 @@ func NewGithubDownloaderV3(ctx context.Context, baseURL string, getPullRequests,
 		userName:        userName,
 		baseURL:         baseURL,
 		password:        password,
-		ctx:             ctx,
 		repoOwner:       repoOwner,
 		repoName:        repoName,
 		maxPerPage:      100,
@@ -106,6 +105,8 @@ func NewGithubDownloaderV3(ctx context.Context, baseURL string, getPullRequests,
 		getIssues:       getIssues,
 	}
 
+	downloader.SetContext(ctx)
+
 	if token != "" {
 		tokens := strings.Split(token, ",")
 		for _, token := range tokens {
@@ -159,6 +160,7 @@ func (g *GithubDownloaderV3) addClient(client *http.Client, baseURL string) {
 
 // SetContext set context
 func (g *GithubDownloaderV3) SetContext(ctx context.Context) {
+	ctx = context.WithValue(ctx, github.SleepUntilPrimaryRateLimitResetWhenRateLimited, true)
 	g.ctx = ctx
 }
 
diff --git a/services/migrations/github_test.go b/services/migrations/github_test.go
index 786becd420..f87d38b121 100644
--- a/services/migrations/github_test.go
+++ b/services/migrations/github_test.go
@@ -5,14 +5,18 @@
 package migrations
 
 import (
+	"net/http"
 	"os"
+	"regexp"
+	"strconv"
 	"testing"
 	"time"
 
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/log"
 	base "forgejo.org/modules/migration"
 
-	"github.com/google/go-github/v74/github"
+	"github.com/google/go-github/v81/github"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -97,6 +101,29 @@ func TestGithubDownloaderFilterComments(t *testing.T) {
 	}
 }
 
+func ratelimitInjectHandler(handler http.Handler, urlpattern *regexp.Regexp, every int) http.HandlerFunc {
+	var requestCount int
+	// because we also count the rate limit response
+	every++
+
+	return (http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		match := urlpattern.MatchString(r.URL.Path)
+		if match {
+			requestCount++
+		}
+
+		if match && requestCount%every == 0 {
+			log.Info("ratelimitInject %s", r.URL)
+			w.Header().Set("X-Ratelimit-Reset",
+				strconv.FormatInt(time.Now().Add(time.Second).Unix(), 10))
+			w.Header().Set("X-Ratelimit-Remaining", "0")
+			w.WriteHeader(http.StatusForbidden)
+		} else {
+			handler.ServeHTTP(w, r)
+		}
+	}))
+}
+
 func TestGitHubDownloadRepo(t *testing.T) {
 	GithubLimitRateRemaining = 3 // Wait at 3 remaining since we could have 3 CI in //
 
@@ -105,6 +132,10 @@ func TestGitHubDownloadRepo(t *testing.T) {
 	server := unittest.NewMockWebServer(t, "https://api.github.com", fixturePath, false)
 	defer server.Close()
 
+	urlpattern := regexp.MustCompile("test_repo/")
+
+	server.Config.Handler = ratelimitInjectHandler(server.Config.Handler, urlpattern, 7)
+
 	downloader := NewGithubDownloaderV3(t.Context(), server.URL, true, true, "", "", token, "forgejo", "test_repo")
 	err := downloader.RefreshRate()
 	require.NoError(t, err)

From b4412c22062bd1f80785e04fd3c48dfb911d1925 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Mon, 26 Jan 2026 14:47:48 +0100
Subject: [PATCH 226/854] chore: do not pass the full signing key to template
 (#10967)

A template should not get (easy) access to a full signing key to prevent accidents.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10967
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 routers/web/auth/oauth.go               |  2 +-
 routers/web/auth/oauth_test.go          | 29 +++++++++++++++++++++++++
 templates/user/auth/oidc_wellknown.tmpl |  2 +-
 3 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 739d36ddde..f925a5cbff 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -674,7 +674,7 @@ func OIDCWellKnown(ctx *context.Context) {
 		return
 	}
 
-	ctx.Data["SigningKey"] = oauth2.DefaultSigningKey
+	ctx.Data["SigningAlg"] = oauth2.DefaultSigningKey.SigningMethod().Alg()
 	ctx.Data["Issuer"] = strings.TrimSuffix(setting.AppURL, "/")
 	ctx.JSONTemplate("user/auth/oidc_wellknown")
 }
diff --git a/routers/web/auth/oauth_test.go b/routers/web/auth/oauth_test.go
index cc2020fcda..5cb6020e89 100644
--- a/routers/web/auth/oauth_test.go
+++ b/routers/web/auth/oauth_test.go
@@ -4,15 +4,22 @@
 package auth
 
 import (
+	"net/http"
+	"strings"
 	"testing"
 
 	"forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/json"
 	"forgejo.org/modules/jwtx"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/templates"
+	"forgejo.org/modules/test"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/services/auth/source/oauth2"
+	"forgejo.org/services/contexttest"
 
 	"github.com/golang-jwt/jwt/v5"
 	"github.com/stretchr/testify/assert"
@@ -86,3 +93,25 @@ func TestEncodeCodeChallenge(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, "E9Melhoa2OwvFrEMTJguCHaoeK1t8URWbuGJSstw-cM", codeChallenge)
 }
+
+func TestOIDCWellKnownDisabled(t *testing.T) {
+	ctx, resp := contexttest.MockContext(t, "/openid-configuration")
+	defer test.MockVariableValue(&setting.OAuth2.Enabled, false)()
+	OIDCWellKnown(ctx)
+	assert.Equal(t, http.StatusNotFound, resp.Code)
+}
+
+func TestOIDCWellKnownEnabled(t *testing.T) {
+	ctx, resp := contexttest.MockContext(t, "/openid-configuration", contexttest.MockContextOption{Render: templates.HTMLRenderer()})
+	err := oauth2.Init(ctx)
+	require.NoError(t, err)
+
+	OIDCWellKnown(ctx)
+	assert.Equal(t, http.StatusOK, resp.Code)
+
+	oidcjson := make(map[string]any)
+	require.NoError(t, json.Unmarshal([]byte(resp.Body.String()), &oidcjson))
+
+	assert.Equal(t, strings.TrimSuffix(setting.AppURL, "/"), oidcjson["issuer"])
+	assert.Equal(t, []any{oauth2.DefaultSigningKey.SigningMethod().Alg()}, oidcjson["id_token_signing_alg_values_supported"])
+}
diff --git a/templates/user/auth/oidc_wellknown.tmpl b/templates/user/auth/oidc_wellknown.tmpl
index d8edcae41d..a1a50abde2 100644
--- a/templates/user/auth/oidc_wellknown.tmpl
+++ b/templates/user/auth/oidc_wellknown.tmpl
@@ -10,7 +10,7 @@
         "id_token"
     ],
     "id_token_signing_alg_values_supported": [
-        "{{.SigningKey.SigningMethod.Alg | JSEscape}}"
+        "{{.SigningAlg | JSEscape}}"
     ],
     "subject_types_supported": [
         "public"

From 01fbb1499f954be4b43a7c913e51d588cc3c44eb Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Mon, 26 Jan 2026 15:00:35 +0100
Subject: [PATCH 227/854] fix: migrations/github: avoid getting the first
 issues page twice (#10798)

For the previous code with the Page attribute present in
ListCursorOptions for page 1, github would not return an "After" cursor,
such that the request for page 2 would request what effectively is the
content of page 1 a second time.

This would lead to an attempt to insert the same issues twice.

Note that this is not the only reason why this can happen with the
current code base.

We fix this particular issue by not using the Page attribute so github
does return an "After" cursor.

Fixes #10794

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10798
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 services/migrations/github.go                 | 37 ++++++-------------
 services/migrations/github_test.go            | 36 +++++++++++-------
 ...ion=asc&per_page=2&sort=created&state=all} |  0
 .../github/pagination/GET_%2Frate_limit       | 22 +++++++++++
 .../GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic | 24 ++++++++++++
 ...ion=asc&per_page=45&sort=created&state=all | 24 ++++++++++++
 ...ion=asc&per_page=45&sort=created&state=all | 24 ++++++++++++
 ...ion=asc&per_page=45&sort=created&state=all | 24 ++++++++++++
 ...ion=asc&per_page=45&sort=created&state=all | 24 ++++++++++++
 9 files changed, 176 insertions(+), 39 deletions(-)
 rename services/migrations/testdata/github/full_download/{GET_%2Frepos%2Fforgejo%2Ftest_repo%2Fissues%3Fdirection=asc&page=1&per_page=2&sort=created&state=all => GET_%2Frepos%2Fforgejo%2Ftest_repo%2Fissues%3Fdirection=asc&per_page=2&sort=created&state=all} (100%)
 create mode 100644 services/migrations/testdata/github/pagination/GET_%2Frate_limit
 create mode 100644 services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic
 create mode 100644 services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABaaHKpHDOGUReFQ%253D%253D&direction=asc&per_page=45&sort=created&state=all
 create mode 100644 services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABgogj3SDOT44Tug%253D%253D&direction=asc&per_page=45&sort=created&state=all
 create mode 100644 services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABmqckTzDO2bC8uw%253D%253D&direction=asc&per_page=45&sort=created&state=all
 create mode 100644 services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fdirection=asc&per_page=45&sort=created&state=all

diff --git a/services/migrations/github.go b/services/migrations/github.go
index 569d9c5780..04cbd690cf 100644
--- a/services/migrations/github.go
+++ b/services/migrations/github.go
@@ -432,9 +432,6 @@ func (g *GithubDownloaderV3) GetReleases() ([]*base.Release, error) {
 
 // GetIssues returns issues according start and limit
 func (g *GithubDownloaderV3) GetIssues(page, perPage int) ([]*base.Issue, bool, error) {
-	var issues []*github.Issue
-	var resp *github.Response
-	var err error
 	if perPage > g.maxPerPage {
 		perPage = g.maxPerPage
 	}
@@ -442,29 +439,17 @@ func (g *GithubDownloaderV3) GetIssues(page, perPage int) ([]*base.Issue, bool,
 	allIssues := make([]*base.Issue, 0, perPage)
 	g.waitAndPickClient()
 
-	if page == 1 {
-		issues, resp, err = g.getClient().Issues.ListByRepo(g.ctx, g.repoOwner, g.repoName, &github.IssueListByRepoOptions{
-			Sort:      "created",
-			Direction: "asc",
-			State:     "all",
-			ListCursorOptions: github.ListCursorOptions{
-				PerPage: perPage,
-				Page:    strconv.Itoa(page),
-			},
-		})
-		g.githubPagingInfo.After = resp.After
-	} else {
-		issues, resp, err = g.getClient().Issues.ListByRepo(g.ctx, g.repoOwner, g.repoName, &github.IssueListByRepoOptions{
-			Sort:      "created",
-			Direction: "asc",
-			State:     "all",
-			ListCursorOptions: github.ListCursorOptions{
-				PerPage: perPage,
-				After:   g.githubPagingInfo.After,
-			},
-		})
-		g.githubPagingInfo.After = resp.After
-	}
+	issues, resp, err := g.getClient().Issues.ListByRepo(g.ctx, g.repoOwner, g.repoName, &github.IssueListByRepoOptions{
+		Sort:      "created",
+		Direction: "asc",
+		State:     "all",
+		ListCursorOptions: github.ListCursorOptions{
+			PerPage: perPage,
+			After:   g.githubPagingInfo.After,
+		},
+	})
+
+	g.githubPagingInfo.After = resp.After
 
 	if err != nil {
 		return nil, false, fmt.Errorf("error while listing repos: %w", err)
diff --git a/services/migrations/github_test.go b/services/migrations/github_test.go
index f87d38b121..cf7c1d2958 100644
--- a/services/migrations/github_test.go
+++ b/services/migrations/github_test.go
@@ -493,12 +493,14 @@ func TestGithubMultiToken(t *testing.T) {
 func TestGithubIssuePagination(t *testing.T) {
 	GithubLimitRateRemaining = 3 // Wait at 3 remaining since we could have 3 CI in //
 
-	token := os.Getenv("GITHUB_READ_TOKEN")
-	if token == "" {
-		t.Skip()
-	}
+	token := os.Getenv("GITHUB_READ_TOKEN_NIGOROLL")
+	liveMode := token != ""
 
-	downloader := NewGithubDownloaderV3(t.Context(), "https://api.github.com", true, true, "", "", token, "galaxyproject", "galaxy")
+	fixturePath := "./testdata/github/pagination"
+	server := unittest.NewMockWebServer(t, "https://api.github.com", fixturePath, liveMode)
+	defer server.Close()
+
+	downloader := NewGithubDownloaderV3(t.Context(), server.URL, true, true, "", "", token, "nigoroll", "libvmod-dynamic")
 	downloader.SkipReactions = true
 	err := downloader.RefreshRate()
 	require.NoError(t, err)
@@ -507,18 +509,26 @@ func TestGithubIssuePagination(t *testing.T) {
 	require.NoError(t, err)
 
 	assertRepositoryEqual(t, &base.Repository{
-		Name:          "galaxy",
-		Owner:         "galaxyproject",
-		Description:   "Data intensive science for everyone.",
-		CloneURL:      "https://github.com/galaxyproject/galaxy.git",
-		OriginalURL:   "https://github.com/galaxyproject/galaxy",
-		DefaultBranch: "dev",
-		Website:       "https://galaxyproject.org",
+		Name:          "libvmod-dynamic",
+		Owner:         "nigoroll",
+		Description:   "The Varnish dns/named director continued",
+		CloneURL:      server.URL + "/nigoroll/libvmod-dynamic.git",
+		OriginalURL:   server.URL + "/nigoroll/libvmod-dynamic",
+		DefaultBranch: "master",
 	}, repo)
 
+	seen := make(map[int64]bool)
+
 	perPage := 45
 	for page := 1; page <= 250; page++ {
-		_, _, err = downloader.GetIssues(page, perPage)
+		issues, last, err := downloader.GetIssues(page, perPage)
 		require.NoError(t, err)
+		for _, issue := range issues {
+			assert.False(t, seen[issue.Number])
+			seen[issue.Number] = true
+		}
+		if last {
+			break
+		}
 	}
 }
diff --git a/services/migrations/testdata/github/full_download/GET_%2Frepos%2Fforgejo%2Ftest_repo%2Fissues%3Fdirection=asc&page=1&per_page=2&sort=created&state=all b/services/migrations/testdata/github/full_download/GET_%2Frepos%2Fforgejo%2Ftest_repo%2Fissues%3Fdirection=asc&per_page=2&sort=created&state=all
similarity index 100%
rename from services/migrations/testdata/github/full_download/GET_%2Frepos%2Fforgejo%2Ftest_repo%2Fissues%3Fdirection=asc&page=1&per_page=2&sort=created&state=all
rename to services/migrations/testdata/github/full_download/GET_%2Frepos%2Fforgejo%2Ftest_repo%2Fissues%3Fdirection=asc&per_page=2&sort=created&state=all
diff --git a/services/migrations/testdata/github/pagination/GET_%2Frate_limit b/services/migrations/testdata/github/pagination/GET_%2Frate_limit
new file mode 100644
index 0000000000..1491ff7e90
--- /dev/null
+++ b/services/migrations/testdata/github/pagination/GET_%2Frate_limit
@@ -0,0 +1,22 @@
+X-Ratelimit-Resource: core
+Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
+X-Frame-Options: deny
+X-Content-Type-Options: nosniff
+X-Xss-Protection: 0
+Content-Security-Policy: default-src 'none'
+Cache-Control: no-cache
+X-Github-Api-Version-Selected: 2022-11-28
+X-Ratelimit-Limit: 5000
+X-Ratelimit-Used: 0
+Access-Control-Allow-Origin: *
+Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
+Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
+X-Github-Media-Type: github.v3; format=json
+X-Accepted-Github-Permissions: allows_permissionless_access=true
+X-Ratelimit-Remaining: 5000
+X-Ratelimit-Reset: 1769189499
+Vary: Accept-Encoding, Accept, X-Requested-With
+Content-Type: application/json; charset=utf-8
+X-Github-Request-Id: 545E:1E338F:1CE3AD6:1995EED:6973A26A
+
+{"resources":{"core":{"limit":5000,"used":0,"remaining":5000,"reset":1769189499},"search":{"limit":30,"used":0,"remaining":30,"reset":1769185959},"graphql":{"limit":5000,"used":0,"remaining":5000,"reset":1769189499},"integration_manifest":{"limit":5000,"used":0,"remaining":5000,"reset":1769189499},"source_import":{"limit":100,"used":0,"remaining":100,"reset":1769185959},"code_scanning_upload":{"limit":5000,"used":0,"remaining":5000,"reset":1769189499},"code_scanning_autofix":{"limit":10,"used":0,"remaining":10,"reset":1769185959},"actions_runner_registration":{"limit":10000,"used":0,"remaining":10000,"reset":1769189499},"scim":{"limit":15000,"used":0,"remaining":15000,"reset":1769189499},"dependency_snapshots":{"limit":100,"used":0,"remaining":100,"reset":1769185959},"dependency_sbom":{"limit":100,"used":0,"remaining":100,"reset":1769185959},"audit_log":{"limit":1750,"used":0,"remaining":1750,"reset":1769189499},"audit_log_streaming":{"limit":15,"used":0,"remaining":15,"reset":1769189499},"code_search":{"limit":10,"used":0,"remaining":10,"reset":1769185959}},"rate":{"limit":5000,"used":0,"remaining":5000,"reset":1769189499}}
\ No newline at end of file
diff --git a/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic b/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic
new file mode 100644
index 0000000000..c50dc204a8
--- /dev/null
+++ b/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic
@@ -0,0 +1,24 @@
+X-Ratelimit-Limit: 5000
+X-Ratelimit-Reset: 1769189499
+Cache-Control: private, max-age=60, s-maxage=60
+Vary: Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With
+X-Accepted-Github-Permissions: metadata=read
+Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
+X-Content-Type-Options: nosniff
+X-Github-Request-Id: 545E:1E338F:1CE3BE0:1995FCF:6973A26B
+Etag: W/"f8dcc1a5a57a21528eb36e54740dd9b6307feb68e14c6143d8b3a5ab47c48f9e"
+Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
+Access-Control-Allow-Origin: *
+X-Xss-Protection: 0
+Content-Type: application/json; charset=utf-8
+X-Github-Media-Type: github.v3; param=scarlet-witch-preview; format=json, github.mercy-preview; param=baptiste-preview.nebula-preview; format=json
+X-Github-Api-Version-Selected: 2022-11-28
+X-Frame-Options: deny
+Content-Security-Policy: default-src 'none'
+X-Ratelimit-Remaining: 4999
+X-Ratelimit-Used: 1
+X-Ratelimit-Resource: core
+Last-Modified: Thu, 08 Jan 2026 21:08:39 GMT
+Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
+
+{"id":68390476,"node_id":"MDEwOlJlcG9zaXRvcnk2ODM5MDQ3Ng==","name":"libvmod-dynamic","full_name":"nigoroll/libvmod-dynamic","private":false,"owner":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"html_url":"https://github.com/nigoroll/libvmod-dynamic","description":"The Varnish dns/named director continued","fork":false,"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","forks_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/forks","keys_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/keys{/key_id}","collaborators_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/collaborators{/collaborator}","teams_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/teams","hooks_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/hooks","issue_events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/events{/number}","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/events","assignees_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/assignees{/user}","branches_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/branches{/branch}","tags_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/tags","blobs_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/git/blobs{/sha}","git_tags_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/git/tags{/sha}","git_refs_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/git/refs{/sha}","trees_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/git/trees{/sha}","statuses_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/statuses/{sha}","languages_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/languages","stargazers_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/stargazers","contributors_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/contributors","subscribers_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/subscribers","subscription_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/subscription","commits_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/commits{/sha}","git_commits_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/git/commits{/sha}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/comments{/number}","issue_comment_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/comments{/number}","contents_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/contents/{+path}","compare_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/compare/{base}...{head}","merges_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/merges","archive_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/{archive_format}{/ref}","downloads_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/downloads","issues_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues{/number}","pulls_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls{/number}","milestones_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/milestones{/number}","notifications_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/notifications{?since,all,participating}","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels{/name}","releases_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/releases{/id}","deployments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/deployments","created_at":"2016-09-16T15:13:13Z","updated_at":"2026-01-08T21:08:39Z","pushed_at":"2025-12-12T11:12:19Z","git_url":"git://github.com/nigoroll/libvmod-dynamic.git","ssh_url":"git@github.com:nigoroll/libvmod-dynamic.git","clone_url":"https://github.com/nigoroll/libvmod-dynamic.git","svn_url":"https://github.com/nigoroll/libvmod-dynamic","homepage":"","size":706,"stargazers_count":104,"watchers_count":104,"language":"C","has_issues":true,"has_projects":true,"has_downloads":true,"has_wiki":true,"has_pages":false,"has_discussions":false,"forks_count":38,"mirror_url":null,"archived":false,"disabled":false,"open_issues_count":3,"license":{"key":"bsd-2-clause","name":"BSD 2-Clause \"Simplified\" License","spdx_id":"BSD-2-Clause","url":"https://api.github.com/licenses/bsd-2-clause","node_id":"MDc6TGljZW5zZTQ="},"allow_forking":true,"is_template":false,"web_commit_signoff_required":false,"topics":["director","dns","varnish","varnish-cache","vmod"],"visibility":"public","forks":38,"open_issues":3,"watchers":104,"default_branch":"master","permissions":{"admin":true,"maintain":true,"push":true,"triage":true,"pull":true},"network_count":38,"subscribers_count":10}
\ No newline at end of file
diff --git a/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABaaHKpHDOGUReFQ%253D%253D&direction=asc&per_page=45&sort=created&state=all b/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABaaHKpHDOGUReFQ%253D%253D&direction=asc&per_page=45&sort=created&state=all
new file mode 100644
index 0000000000..3f5fa2799c
--- /dev/null
+++ b/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABaaHKpHDOGUReFQ%253D%253D&direction=asc&per_page=45&sort=created&state=all
@@ -0,0 +1,24 @@
+Content-Type: application/json; charset=utf-8
+Vary: Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With
+Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
+Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
+Content-Security-Policy: default-src 'none'
+X-Ratelimit-Reset: 1769189499
+X-Ratelimit-Resource: core
+Etag: W/"ed7ff15fd20853d181507588a8f6671a3f5f71f80578be1f45d7f6ecd077d147"
+Access-Control-Allow-Origin: *
+X-Frame-Options: deny
+Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
+X-Ratelimit-Limit: 5000
+X-Github-Api-Version-Selected: 2022-11-28
+X-Content-Type-Options: nosniff
+X-Xss-Protection: 0
+X-Ratelimit-Remaining: 4997
+X-Ratelimit-Used: 3
+Cache-Control: private, max-age=60, s-maxage=60
+X-Github-Media-Type: github.v3; param=squirrel-girl-preview
+Link: <https://api.github.com/repositories/68390476/issues?after=Y3Vyc29yOnYyOpLPAAABgogj3SDOT44Tug%3D%3D&direction=asc&per_page=45&sort=created&state=all>; rel="next", <https://api.github.com/repositories/68390476/issues?direction=asc&per_page=45&sort=created&state=all&before=Y3Vyc29yOnYyOpLPAAABakvt5PjOGgKiSA%3D%3D>; rel="prev"
+X-Accepted-Github-Permissions: issues=read
+X-Github-Request-Id: 545E:1E338F:1CE43FC:19966FB:6973A26C
+
+[{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/47","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/47/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/47/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/47/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/47","id":436380232,"node_id":"MDU6SXNzdWU0MzYzODAyMzI=","number":47,"title":"missing /etc/services -> test09 timeout ","user":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2019-04-23T20:40:43Z","updated_at":"2019-04-27T09:43:12Z","closed_at":"2019-04-27T09:43:12Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I'm building the master vs varnish 6.2.0 inside a debian based docker and when running the tests, test09 fails with the error below.\r\n\r\n        **** v1    0.6 vsl|          0 Error           - vmod-dynamic: vcl1 d4 127.0.0.1:http getaddrinfo -8 (Servname not supported for ai_socktype)\r\n\r\nAs i noticed the `:http` port, i went to check the container /etc/services and it didn't existed. Creating it fixed the problem.\r\n\r\nSo probably it would be better to use a number instead of port name, so this do not happen to other people trying to build this inside a container \r\n\r\nThanks\r\n\r\nfull error log:\r\n\r\n```\r\n===============================================\r\n   libvmod-dynamic trunk: src/test-suite.log\r\n===============================================\r\n\r\n# TOTAL: 14\r\n# PASS:  13\r\n# SKIP:  0\r\n# XFAIL: 0\r\n# FAIL:  1\r\n# XPASS: 0\r\n# ERROR: 0\r\n\r\n.. contents:: :depth: 2\r\n\r\nFAIL: tests/test09\r\n==================\r\n\r\n*    top   0.0 TEST ./tests/test09.vtc starting\r\n**** top   0.0 extmacro def pwd=/usr/src/libvmod-dynamic/src\r\n**** top   0.0 extmacro def vmod_dynamic=dynamic from \"/usr/src/libvmod-dynamic/src/.libs/libvmod_dynamic.so\"\r\n**** top   0.0 extmacro def localhost=127.0.0.1\r\n**** top   0.0 extmacro def bad_backend=127.0.0.1 33485\r\n**** top   0.0 extmacro def bad_ip=192.0.2.255\r\n**** top   0.0 macro def testdir=/usr/src/libvmod-dynamic/src/./tests\r\n**** top   0.0 macro def tmpdir=/tmp/vtc.18162.680e3a26\r\n**   top   0.0 === varnishtest \"Ipv4- or IPv6-only\"\r\n*    top   0.0 VTEST Ipv4- or IPv6-only\r\n**   top   0.0 === shell \"getent hosts localhost www.localhost img.localhost ||...\r\n**** top   0.0 shell_cmd|exec 2>&1 ; getent hosts localhost www.localhost img.localhost || true\r\n**** top   0.0 shell_out|::1             localhost ip6-localhost ip6-loopback\r\n**** top   0.0 shell_out|127.0.0.1       www.localhost img.localhost\r\n**** top   0.0 shell_out|127.0.0.1       www.localhost img.localhost\r\n**** top   0.0 shell_status = 0x0000\r\n**   top   0.0 === server s1 { } -start\r\n**   s1    0.0 Starting server\r\n**** s1    0.0 macro def s1_addr=127.0.0.1\r\n**** s1    0.0 macro def s1_port=41365\r\n**** s1    0.0 macro def s1_sock=127.0.0.1 41365\r\n*    s1    0.0 Listen on 127.0.0.1 41365\r\n**   top   0.0 === varnish v1 -vcl+backend {\r\n**   s1    0.0 Started on 127.0.0.1 41365 (1 iterations)\r\n**   v1    0.0 Launch\r\n***  v1    0.0 CMD: cd ${pwd} && exec varnishd  -d -n /tmp/vtc.18162.680e3a26/v1 -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p sigsegv_handler=on -p thread_pool_min=10 -p debug=+vtc_mode -a '127.0.0.1:0' -M '127.0.0.1 34053' -P /tmp/vtc.18162.680e3a26/v1/varnishd.pid \r\n***  v1    0.0 CMD: cd /usr/src/libvmod-dynamic/src && exec varnishd  -d -n /tmp/vtc.18162.680e3a26/v1 -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p sigsegv_handler=on -p thread_pool_min=10 -p debug=+vtc_mode -a '127.0.0.1:0' -M '127.0.0.1 34053' -P /tmp/vtc.18162.680e3a26/v1/varnishd.pid \r\n***  v1    0.0 PID: 18170\r\n**** v1    0.0 macro def v1_pid=18170\r\n**** v1    0.0 macro def v1_name=/tmp/vtc.18162.680e3a26/v1\r\n***  v1    0.0 debug|Debug: Version: varnish-6.2.0 revision b14a3d38dbe918ad50d3838b11aa596f42179b54\r\n***  v1    0.0 debug|Debug: Platform: Linux,5.0.9-050009-generic,x86_64,-junix,-sdefault,-sdefault,-hcritbit\r\n***  v1    0.0 debug|200 321     \r\n***  v1    0.0 debug|-----------------------------\r\n***  v1    0.0 debug|Varnish Cache CLI 1.0\r\n***  v1    0.0 debug|-----------------------------\r\n***  v1    0.0 debug|Linux,5.0.9-050009-generic,x86_64,-junix,-sdefault,-sdefault,-hcritbit\r\n***  v1    0.0 debug|varnish-6.2.0 revision b14a3d38dbe918ad50d3838b11aa596f42179b54\r\n***  v1    0.0 debug|\r\n***  v1    0.0 debug|Type 'help' for command list.\r\n***  v1    0.0 debug|Type 'quit' to close CLI session.\r\n***  v1    0.0 debug|Type 'start' to launch worker process.\r\n***  v1    0.0 debug|\r\n**** v1    0.1 CLIPOLL 1 0x1 0x0\r\n***  v1    0.1 CLI connection fd = 7\r\n***  v1    0.1 CLI RX  107\r\n**** v1    0.1 CLI RX|sxjzgcofjaexybfaeanoudglalzrweqs\r\n**** v1    0.1 CLI RX|\r\n**** v1    0.1 CLI RX|Authentication required.\r\n**** v1    0.1 CLI TX|auth a484337cbdcd04a8fb8f97602334132d9decb95eb024cba29c416958fc4e114e\r\n***  v1    0.1 CLI RX  200\r\n**** v1    0.1 CLI RX|-----------------------------\r\n**** v1    0.1 CLI RX|Varnish Cache CLI 1.0\r\n**** v1    0.1 CLI RX|-----------------------------\r\n**** v1    0.1 CLI RX|Linux,5.0.9-050009-generic,x86_64,-junix,-sdefault,-sdefault,-hcritbit\r\n**** v1    0.1 CLI RX|varnish-6.2.0 revision b14a3d38dbe918ad50d3838b11aa596f42179b54\r\n**** v1    0.1 CLI RX|\r\n**** v1    0.1 CLI RX|Type 'help' for command list.\r\n**** v1    0.1 CLI RX|Type 'quit' to close CLI session.\r\n**** v1    0.1 CLI RX|Type 'start' to launch worker process.\r\n**** v1    0.1 CLI TX|vcl.inline vcl1 << %XJEIFLH|)Xspa8P\r\n**** v1    0.1 CLI TX|vcl 4.1;\r\n**** v1    0.1 CLI TX|backend s1 { .host = \"127.0.0.1\"; .port = \"41365\"; }\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\timport dynamic from \"/usr/src/libvmod-dynamic/src/.libs/libvmod_dynamic.so\";\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tacl ipv4_only { \"0.0.0.0\"/0; }\r\n**** v1    0.1 CLI TX|\\tacl ipv6_only { \"::0\"/0; }\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tsub vcl_init {\r\n**** v1    0.1 CLI TX|\\t\\tnew d4 = dynamic.director(whitelist = ipv4_only);\r\n**** v1    0.1 CLI TX|\\t\\tnew d6 = dynamic.director(whitelist = ipv6_only);\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tsub vcl_recv {\r\n**** v1    0.1 CLI TX|\\t\\tset req.backend_hint = d4.backend(\"127.0.0.1\");\r\n**** v1    0.1 CLI TX|\\t\\tset req.backend_hint = d4.backend(\"::1\");\r\n**** v1    0.1 CLI TX|\\t\\tset req.backend_hint = d6.backend(\"127.0.0.1\");\r\n**** v1    0.1 CLI TX|\\t\\tset req.backend_hint = d6.backend(\"::1\");\r\n**** v1    0.1 CLI TX|\\t\\treturn (synth(200));\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|%XJEIFLH|)Xspa8P\r\n***  v1    0.2 vsl|No VSL chunk found (child not started ?)\r\n***  v1    0.3 CLI RX  200\r\n**** v1    0.3 CLI RX|VCL compiled.\r\n**** v1    0.3 CLI TX|vcl.use vcl1\r\n***  v1    0.3 CLI RX  200\r\n**   v1    0.3 Start\r\n**** v1    0.3 CLI TX|start\r\n***  v1    0.3 vsl|No VSL chunk found (child not started ?)\r\n***  v1    0.4 debug|Debug: Child (18184) Started\r\n***  v1    0.4 CLI RX  200\r\n***  v1    0.4 wait-running\r\n**** v1    0.4 CLI TX|status\r\n***  v1    0.4 debug|Info: Child (18184) said Child starts\r\n**** v1    0.4 vsl|          0 CLI             - Rd vcl.load \"vcl1\" vcl_vcl1.1556051154.031158/vgc.so 1auto\r\n**** v1    0.4 vsl|          0 CLI             - Wr 200 52 Loaded \"vcl_vcl1.1556051154.031158/vgc.so\" as \"vcl1\"\r\n**** v1    0.4 vsl|          0 CLI             - Rd vcl.use \"vcl1\"\r\n**** v1    0.4 vsl|          0 CLI             - Wr 200 0 \r\n**** v1    0.4 vsl|          0 CLI             - Rd start\r\n**** v1    0.4 vsl|          0 CLI             - Wr 200 0 \r\n***  v1    0.4 CLI RX  200\r\n**** v1    0.4 CLI RX|Child in state running\r\n**** v1    0.4 CLI TX|debug.listen_address\r\n***  v1    0.5 CLI RX  200\r\n**** v1    0.5 CLI RX|127.0.0.1 46781\r\n**** v1    0.5 CLI TX|debug.xid 999\r\n***  v1    0.5 CLI RX  200\r\n**** v1    0.5 CLI RX|XID is 999\r\n**** v1    0.5 CLI TX|debug.listen_address\r\n**** v1    0.5 vsl|          0 CLI             - Rd debug.listen_address \r\n**** v1    0.5 vsl|          0 CLI             - Wr 200 16 127.0.0.1 46781\r\n\r\n**** v1    0.5 vsl|          0 CLI             - Rd debug.xid 999 \r\n**** v1    0.5 vsl|          0 CLI             - Wr 200 10 XID is 999\r\n***  v1    0.6 CLI RX  200\r\n**** v1    0.6 CLI RX|127.0.0.1 46781\r\n**   v1    0.6 Listen on 127.0.0.1 46781\r\n**** v1    0.6 macro def v1_addr=127.0.0.1\r\n**** v1    0.6 macro def v1_port=46781\r\n**** v1    0.6 macro def v1_sock=127.0.0.1 46781\r\n**   top   0.6 === logexpect l4 -v v1 -g raw {expect * 0 Error \"d4 ::1:http acl...\r\n**   l4    0.6 === expect * 0 Error \"d4 ::1:http acl-mismatch\"\r\n**   top   0.6 === logexpect l6 -v v1 -g raw {expect * 0 Error \"d6 127.0.0.1:ht...\r\n**** l4    0.6 begin|\r\n***  l4    0.6 expecting| expect * 0 Error d4 ::1:http acl-mismatch\r\n**   l6    0.6 === expect * 0 Error \"d6 127.0.0.1:http acl-mismatch\"\r\n**   top   0.6 === client c1 {\r\n**   c1    0.6 Starting client\r\n**   c1    0.6 Waiting for client\r\n**** l6    0.6 begin|\r\n***  l6    0.6 expecting| expect * 0 Error d6 127.0.0.1:http acl-mismatch\r\n***  c1    0.6 Connect to 127.0.0.1 46781\r\n***  c1    0.6 connected fd 27 from 127.0.0.1 53442 to 127.0.0.1 46781\r\n**   c1    0.6 === txreq\r\n**** c1    0.6 txreq|GET / HTTP/1.1\\r\r\n**** c1    0.6 txreq|Host: 127.0.0.1\\r\r\n**** c1    0.6 txreq|\\r\r\n**   c1    0.6 === rxresp\r\n**** c1    0.6 rxhdr|HTTP/1.1 200 OK\\r\r\n**** c1    0.6 rxhdr|Date: Tue, 23 Apr 2019 20:25:54 GMT\\r\r\n**** c1    0.6 rxhdr|Server: Varnish\\r\r\n**** c1    0.6 rxhdr|X-Varnish: 1001\\r\r\n**** c1    0.6 rxhdr|Content-Type: text/html; charset=utf-8\\r\r\n**** c1    0.6 rxhdr|Retry-After: 5\\r\r\n**** c1    0.6 rxhdr|Content-Length: 227\\r\r\n**** c1    0.6 rxhdr|Accept-Ranges: bytes\\r\r\n**** c1    0.6 rxhdr|Connection: keep-alive\\r\r\n**** c1    0.6 rxhdr|\\r\r\n**** c1    0.6 rxhdrlen = 213\r\n**** c1    0.6 http[ 0] |HTTP/1.1\r\n**** c1    0.6 http[ 1] |200\r\n**** c1    0.6 http[ 2] |OK\r\n**** c1    0.6 http[ 3] |Date: Tue, 23 Apr 2019 20:25:54 GMT\r\n**** c1    0.6 http[ 4] |Server: Varnish\r\n**** c1    0.6 http[ 5] |X-Varnish: 1001\r\n**** c1    0.6 http[ 6] |Content-Type: text/html; charset=utf-8\r\n**** c1    0.6 http[ 7] |Retry-After: 5\r\n**** c1    0.6 http[ 8] |Content-Length: 227\r\n**** c1    0.6 http[ 9] |Accept-Ranges: bytes\r\n**** c1    0.6 http[10] |Connection: keep-alive\r\n**** c1    0.6 c-l|<!DOCTYPE html>\r\n**** c1    0.6 c-l|<html>\r\n**** c1    0.6 c-l|  <head>\r\n**** c1    0.6 c-l|    <title>200 OK</title>\r\n**** c1    0.6 c-l|  </head>\r\n**** c1    0.6 c-l|  <body>\r\n**** c1    0.6 c-l|    <h1>Error 200 OK</h1>\r\n**** c1    0.6 c-l|    <p>OK</p>\r\n**** c1    0.6 c-l|    <h3>Guru Meditation:</h3>\r\n**** c1    0.6 c-l|    <p>XID: 1001</p>\r\n**** c1    0.6 c-l|    <hr>\r\n**** c1    0.6 c-l|    <p>Varnish cache server</p>\r\n**** c1    0.6 c-l|  </body>\r\n**** c1    0.6 c-l|</html>\r\n**** c1    0.6 bodylen = 227\r\n**   c1    0.6 === expect resp.status == 200\r\n**** c1    0.6 EXPECT resp.status (200) == \"200\" match\r\n***  c1    0.6 closing fd 27\r\n**   c1    0.6 Ending\r\n**   top   0.6 === logexpect l4 -wait\r\n**   l4    0.6 Waiting for logexp\r\n**** v1    0.6 vsl|          0 CLI             - Rd debug.listen_address \r\n**** v1    0.6 vsl|          0 CLI             - Wr 200 16 127.0.0.1 46781\r\n\r\n**** v1    0.6 vsl|       1000 Begin           c sess 0 HTTP/1\r\n**** v1    0.6 vsl|       1000 SessOpen        c 127.0.0.1 53442 a0 127.0.0.1 46781 1556051154.473491 19\r\n**** v1    0.6 vsl|       1000 Link            c req 1001 rxreq\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d4(127.0.0.1:http) Lookup: 1556051154.473908 0.000000 0.000000\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d4(::1:http) Lookup: 1556051154.474028 0.000000 0.000000\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d6(127.0.0.1:http) Lookup: 1556051154.474126 0.000000 0.000000\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d6(::1:http) Lookup: 1556051154.474199 0.000000 0.000000\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d4(::1:http) Results: 1556051154.475055 0.001027 0.001027\r\n**** v1    0.6 vsl|          0 Error           - vmod-dynamic: vcl1 d4 ::1:http getaddrinfo -8 (Servname not supported for ai_socktype)\r\n**** v1    0.6 vsl|       1001 Begin           c req 1000 rxreq\r\n**** v1    0.6 vsl|       1001 Timestamp       c Start: 1556051154.473606 0.000000 0.000000\r\n**** v1    0.6 vsl|       1001 Timestamp       c Req: 1556051154.473606 0.000000 0.000000\r\n**** v1    0.6 vsl|       1001 VCL_use         c vcl1\r\n**** v1    0.6 vsl|       1001 ReqStart        c 127.0.0.1 53442 a0\r\n**** v1    0.6 vsl|       1001 ReqMethod       c GET\r\n**** v1    0.6 vsl|       1001 ReqURL          c /\r\n**** v1    0.6 vsl|       1001 ReqProtocol     c HTTP/1.1\r\n**** v1    0.6 vsl|       1001 ReqHeader       c Host: 127.0.0.1\r\n**** v1    0.6 vsl|       1001 ReqHeader       c X-Forwarded-For: 127.0.0.1\r\n**** v1    0.6 vsl|       1001 VCL_call        c RECV\r\n**** v1    0.6 vsl|       1001 VCL_return      c synth\r\n**** v1    0.6 vsl|       1001 VCL_call        c HASH\r\n**** v1    0.6 vsl|       1001 VCL_return      c lookup\r\n**** v1    0.6 vsl|       1001 Timestamp       c Process: 1556051154.474159 0.000553 0.000553\r\n**** v1    0.6 vsl|       1001 RespHeader      c Date: Tue, 23 Apr 2019 20:25:54 GMT\r\n**** v1    0.6 vsl|       1001 RespHeader      c Server: Varnish\r\n**** v1    0.6 vsl|       1001 RespHeader      c X-Varnish: 1001\r\n**** v1    0.6 vsl|       1001 RespProtocol    c HTTP/1.1\r\n**** v1    0.6 vsl|       1001 RespStatus      c 200\r\n**** v1    0.6 vsl|       1001 RespReason      c OK\r\n**** v1    0.6 vsl|       1001 RespReason      c OK\r\n**** v1    0.6 vsl|       1001 VCL_call        c SYNTH\r\n**** v1    0.6 vsl|       1001 RespHeader      c Content-Type: text/html; charset=utf-8\r\n**** v1    0.6 vsl|       1001 RespHeader      c Retry-After: 5\r\n**** v1    0.6 vsl|       1001 VCL_return      c deliver\r\n**** v1    0.6 vsl|       1001 RespHeader      c Content-Length: 227\r\n**** v1    0.6 vsl|       1001 Storage         c malloc Transient\r\n**** v1    0.6 vsl|       1001 Filters         c \r\n**** v1    0.6 vsl|       1001 RespHeader      c Accept-Ranges: bytes\r\n**** v1    0.6 vsl|       1001 RespHeader      c Connection: keep-alive\r\n**** v1    0.6 vsl|       1001 Timestamp       c Resp: 1556051154.475164 0.001558 0.001005\r\n**** v1    0.6 vsl|       1001 ReqAcct         c 35 0 35 213 227 440\r\n**** v1    0.6 vsl|       1001 End             c \r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d4(127.0.0.1:http) Results: 1556051154.475189 0.001281 0.001281\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d6(127.0.0.1:http) Results: 1556051154.475199 0.001073 0.001073\r\n**** v1    0.6 vsl|          0 Error           - vmod-dynamic: vcl1 d4 127.0.0.1:http getaddrinfo -8 (Servname not supported for ai_socktype)\r\n**** v1    0.6 vsl|          0 Error           - vmod-dynamic: vcl1 d6 127.0.0.1:http getaddrinfo -8 (Servname not supported for ai_socktype)\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d6(::1:http) Results: 1556051154.475218 0.001018 0.001018\r\n**** v1    0.6 vsl|          0 Error           - vmod-dynamic: vcl1 d6 ::1:http getaddrinfo -8 (Servname not supported for ai_socktype)\r\n**** v1    0.6 vsl|       1000 SessClose       c REM_CLOSE 0.003\r\n**** v1    0.6 vsl|       1000 End             c \r\n**** v1    3.4 vsl|          0 CLI             - Rd ping\r\n**** v1    3.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051157 1.0\r\n**** v1    6.4 vsl|          0 CLI             - Rd ping\r\n**** v1    6.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051160 1.0\r\n**** v1    9.4 vsl|          0 CLI             - Rd ping\r\n**** v1    9.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051163 1.0\r\n**** v1   12.5 vsl|          0 CLI             - Rd ping\r\n**** v1   12.5 vsl|          0 CLI             - Wr 200 19 PONG 1556051166 1.0\r\n**** v1   15.5 vsl|          0 CLI             - Rd ping\r\n**** v1   15.5 vsl|          0 CLI             - Wr 200 19 PONG 1556051169 1.0\r\n**** v1   18.5 vsl|          0 CLI             - Rd ping\r\n**** v1   18.5 vsl|          0 CLI             - Wr 200 19 PONG 1556051172 1.0\r\n**** v1   21.4 vsl|          0 CLI             - Rd ping\r\n**** v1   21.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051175 1.0\r\n**** v1   24.4 vsl|          0 CLI             - Rd ping\r\n**** v1   24.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051178 1.0\r\n**** v1   27.4 vsl|          0 CLI             - Rd ping\r\n**** v1   27.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051181 1.0\r\n**** v1   30.4 vsl|          0 CLI             - Rd ping\r\n**** v1   30.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051184 1.0\r\n**** v1   33.4 vsl|          0 CLI             - Rd ping\r\n**** v1   33.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051187 1.0\r\n**** v1   36.4 vsl|          0 CLI             - Rd ping\r\n**** v1   36.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051190 1.0\r\n**** v1   39.4 vsl|          0 CLI             - Rd ping\r\n**** v1   39.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051193 1.0\r\n**** v1   42.4 vsl|          0 CLI             - Rd ping\r\n**** v1   42.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051196 1.0\r\n**** v1   45.4 vsl|          0 CLI             - Rd ping\r\n**** v1   45.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051199 1.0\r\n**** v1   48.4 vsl|          0 CLI             - Rd ping\r\n**** v1   48.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051202 1.0\r\n**** v1   51.4 vsl|          0 CLI             - Rd ping\r\n**** v1   51.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051205 1.0\r\n**** v1   54.4 vsl|          0 CLI             - Rd ping\r\n**** v1   54.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051208 1.0\r\n**** v1   57.4 vsl|          0 CLI             - Rd ping\r\n**** v1   57.4 vsl|          0 CLI             - Wr 200 19 PONG 1556051211 1.0\r\n#    top  TEST ./tests/test09.vtc TIMED OUT (kill -9)\r\n#    top  TEST ./tests/test09.vtc FAILED (60.061) signal=9\r\nFAIL tests/test09.vtc (exit status: 2)\r\n\r\n============================================================================\r\nTestsuite summary for libvmod-dynamic trunk\r\n============================================================================\r\n# TOTAL: 14\r\n# PASS:  13\r\n# SKIP:  0\r\n# XFAIL: 0\r\n# FAIL:  1\r\n# XPASS: 0\r\n# ERROR: 0\r\n============================================================================\r\nSee src/test-suite.log\r\n============================================================================\r\n\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/47/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/47/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/48","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/48/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/48/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/48/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/48","id":468740958,"node_id":"MDU6SXNzdWU0Njg3NDA5NTg=","number":48,"title":"Compile error in varnish 6.0.1-1~stretch","user":{"login":"razvanphp","id":4599319,"node_id":"MDQ6VXNlcjQ1OTkzMTk=","avatar_url":"https://avatars.githubusercontent.com/u/4599319?v=4","gravatar_id":"","url":"https://api.github.com/users/razvanphp","html_url":"https://github.com/razvanphp","followers_url":"https://api.github.com/users/razvanphp/followers","following_url":"https://api.github.com/users/razvanphp/following{/other_user}","gists_url":"https://api.github.com/users/razvanphp/gists{/gist_id}","starred_url":"https://api.github.com/users/razvanphp/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/razvanphp/subscriptions","organizations_url":"https://api.github.com/users/razvanphp/orgs","repos_url":"https://api.github.com/users/razvanphp/repos","events_url":"https://api.github.com/users/razvanphp/events{/privacy}","received_events_url":"https://api.github.com/users/razvanphp/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":5,"created_at":"2019-07-16T16:05:31Z","updated_at":"2019-07-25T10:01:07Z","closed_at":"2019-07-17T09:56:52Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"We are using tag 6.0, where you backported some refactorings and we are now getting the following error:\r\n\r\n```\r\nIn file included from vmod_dynamic.c:56:0:\r\nvmod_dynamic.h:88:2: error: unknown type name ‘vtim_real’\r\n  vtim_real   deadline;\r\n  ^~~~~~~~~\r\nvmod_dynamic.h:137:2: error: unknown type name ‘vtim_real’\r\n  vtim_real   deadline;\r\n  ^~~~~~~~~\r\nvmod_dynamic.c:410:17: error: unknown type name ‘vtim_real’\r\n     void *priv, vtim_real now)\r\n                 ^~~~~~~~~\r\nvmod_dynamic.c: In function ‘dynamic_lookup_thread’:\r\nvmod_dynamic.c:474:2: error: unknown type name ‘vtim_real’\r\n  vtim_real lookup, results, update;\r\n  ^~~~~~~~~\r\nvmod_dynamic.c:498:4: error: implicit declaration of function ‘dynamic_update_domain’ [-Werror=implicit-function-declaration]\r\n    dynamic_update_domain(dom, res, res_priv, results);\r\n    ^~~~~~~~~~~~~~~~~~~~~\r\nAt top level:\r\nvmod_dynamic.c:311:1: error: ‘dynamic_add’ defined but not used [-Werror=unused-function]\r\n dynamic_add(VRT_CTX, struct dynamic_domain *dom, const struct res_info *info)\r\n ^~~~~~~~~~~\r\ncc1: all warnings being treated as errors\r\nmake[2]: *** [vmod_dynamic.lo] Error 1\r\nmake[1]: ***\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/48/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/48/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/49","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/49/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/49/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/49/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/49","id":472708206,"node_id":"MDU6SXNzdWU0NzI3MDgyMDY=","number":49,"title":"compilation issue for 6.0.3","user":{"login":"darjisanket","id":28775672,"node_id":"MDQ6VXNlcjI4Nzc1Njcy","avatar_url":"https://avatars.githubusercontent.com/u/28775672?v=4","gravatar_id":"","url":"https://api.github.com/users/darjisanket","html_url":"https://github.com/darjisanket","followers_url":"https://api.github.com/users/darjisanket/followers","following_url":"https://api.github.com/users/darjisanket/following{/other_user}","gists_url":"https://api.github.com/users/darjisanket/gists{/gist_id}","starred_url":"https://api.github.com/users/darjisanket/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/darjisanket/subscriptions","organizations_url":"https://api.github.com/users/darjisanket/orgs","repos_url":"https://api.github.com/users/darjisanket/repos","events_url":"https://api.github.com/users/darjisanket/events{/privacy}","received_events_url":"https://api.github.com/users/darjisanket/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2019-07-25T07:27:49Z","updated_at":"2019-07-25T09:45:05Z","closed_at":"2019-07-25T09:45:02Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Thanks for libvmod-dynamic it helps us to scale up/down our environment based on traffic. currently, we are using 4.1 and wanted to move to 6.0.\r\nI am using https://packagecloud.io/varnishcache/varnish60lts repo for varnish.\r\nwhile compiling, I got below compilation issues.\r\n \r\n```\r\n VMODTOOL vcc_dynamic_if.c\r\n  CC       vmod_dynamic.lo\r\n  CC       dyn_resolver_gai.lo\r\n  CC       vmod_dynamic_service.lo\r\nvmod_dynamic_service.c: In function 'service_resolve':\r\nvmod_dynamic_service.c:161:5: error: 'n' may be used uninitialized in this function [-Werror=maybe-uninitialized]\r\n  if (n == 0)\r\n     ^\r\nvmod_dynamic_service.c:166:5: error: 'w' may be used uninitialized in this function [-Werror=maybe-uninitialized]\r\n  if (w == 0) {\r\n     ^\r\ncc1: all warnings being treated as errors\r\nmake[2]: Leaving directory `/usr/redsky/src/libvmod-dynamic/src'\r\nmake[2]: *** [vmod_dynamic_service.lo] Error 1\r\nmake[1]: *** [all-recursive] Error 1\r\nmake[1]: Leaving directory `/usr/redsky/src/libvmod-dynamic'\r\nmake: *** [all] Error 2\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/49/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/49/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/50","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/50/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/50/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/50/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/50","id":484121184,"node_id":"MDExOlB1bGxSZXF1ZXN0MzEwMDY2MDM2","number":50,"title":"Add missing headers when building under FreeBSD + FreeBSD installation instructions","user":{"login":"zi0r","id":1676702,"node_id":"MDQ6VXNlcjE2NzY3MDI=","avatar_url":"https://avatars.githubusercontent.com/u/1676702?v=4","gravatar_id":"","url":"https://api.github.com/users/zi0r","html_url":"https://github.com/zi0r","followers_url":"https://api.github.com/users/zi0r/followers","following_url":"https://api.github.com/users/zi0r/following{/other_user}","gists_url":"https://api.github.com/users/zi0r/gists{/gist_id}","starred_url":"https://api.github.com/users/zi0r/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/zi0r/subscriptions","organizations_url":"https://api.github.com/users/zi0r/orgs","repos_url":"https://api.github.com/users/zi0r/repos","events_url":"https://api.github.com/users/zi0r/events{/privacy}","received_events_url":"https://api.github.com/users/zi0r/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2019-08-22T17:29:30Z","updated_at":"2019-08-23T07:54:20Z","closed_at":"2019-08-23T07:54:16Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/50","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/50","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/50.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/50.patch","merged_at":"2019-08-23T07:54:16Z"},"body":"Currently fails to build under FreeBSD 11.3 without these includes.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/50/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/50/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/51","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/51/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/51/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/51/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/51","id":503980746,"node_id":"MDU6SXNzdWU1MDM5ODA3NDY=","number":51,"title":"vmod-dynamic accepts port=0 which causes segfault","user":{"login":"lukaszlach","id":5011490,"node_id":"MDQ6VXNlcjUwMTE0OTA=","avatar_url":"https://avatars.githubusercontent.com/u/5011490?v=4","gravatar_id":"","url":"https://api.github.com/users/lukaszlach","html_url":"https://github.com/lukaszlach","followers_url":"https://api.github.com/users/lukaszlach/followers","following_url":"https://api.github.com/users/lukaszlach/following{/other_user}","gists_url":"https://api.github.com/users/lukaszlach/gists{/gist_id}","starred_url":"https://api.github.com/users/lukaszlach/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/lukaszlach/subscriptions","organizations_url":"https://api.github.com/users/lukaszlach/orgs","repos_url":"https://api.github.com/users/lukaszlach/repos","events_url":"https://api.github.com/users/lukaszlach/events{/privacy}","received_events_url":"https://api.github.com/users/lukaszlach/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":1,"created_at":"2019-10-08T11:13:28Z","updated_at":"2019-10-10T12:11:38Z","closed_at":"2019-10-10T12:11:38Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"If you define a service (for example in Consul) and do not provide the port number, SRV records return value of `0`. When vmod-dynamic tries to load such backend Varnish crashes with:\r\n\r\n```\r\nChild (24198) Panic at: Tue, 08 Oct 2019 10:45:17 GMT Wrong turn at mgt/mgt_child.c:287: Signal 11 (Segmentation fault) received at 0x10 si_code 1 version = varnish-5.2.0 revision 4c4875cbf, vrt api = 6.1 ident = Linux,3.16.0-6-amd64,x86_64,-junix,-smalloc,-smalloc,-hcritbit,epoll now = 19962215.563448 (mono), 1570531516.494987 (real)\r\n```\r\n\r\nThe issue is on this line:\r\nhttps://github.com/nigoroll/libvmod-dynamic/blob/master/src/dyn_resolver_getdns.c#L386\r\n\r\nThe internal discussion I have had about this issue ended with conslusion that if the port returned in SRV is invalid (`<= 0`), vmod should just ignore it and no try to fix it with hardcoded port `80`.\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/51/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/51/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/52","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/52/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/52/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/52/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/52","id":559811795,"node_id":"MDU6SXNzdWU1NTk4MTE3OTU=","number":52,"title":"Varnish stopped processing requests - threads waiting on vcl_mtx lock","user":{"login":"jpastuszek","id":20052,"node_id":"MDQ6VXNlcjIwMDUy","avatar_url":"https://avatars.githubusercontent.com/u/20052?v=4","gravatar_id":"","url":"https://api.github.com/users/jpastuszek","html_url":"https://github.com/jpastuszek","followers_url":"https://api.github.com/users/jpastuszek/followers","following_url":"https://api.github.com/users/jpastuszek/following{/other_user}","gists_url":"https://api.github.com/users/jpastuszek/gists{/gist_id}","starred_url":"https://api.github.com/users/jpastuszek/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/jpastuszek/subscriptions","organizations_url":"https://api.github.com/users/jpastuszek/orgs","repos_url":"https://api.github.com/users/jpastuszek/repos","events_url":"https://api.github.com/users/jpastuszek/events{/privacy}","received_events_url":"https://api.github.com/users/jpastuszek/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":2228316027,"node_id":"MDU6TGFiZWwyMjI4MzE2MDI3","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/needs%20varnish-cache","name":"needs varnish-cache","color":"006b75","default":false,"description":"needs work in varnish-cache"}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2020-02-04T15:54:47Z","updated_at":"2020-12-16T15:11:19Z","closed_at":"2020-12-16T15:11:19Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I think this was caused by a deadlock related to VMOD `dynamic` and `varnishadm` utility with Varnish v6.3 (patched).\r\n\r\nI am using VMOD dynamic with a backend that keeps rotating its IP addresses frequently. Also I monitor Varnish with a script calling `varnishadm backend.list` every few minutes.\r\n\r\nI was able to obtain a stack trace after Varnish stopped processing requests and before it got auto-restarted by manager (CLI timeout).\r\n\r\nAs far as I can tell from the trace, request processing threads got stuck on `Lck_Lock(&vcl_mtx);` call.\r\n\r\nI found two outstanding threads also involved in locking:\r\n\r\nWhat I suspect a thread running from VMOD dynamic calling into `dynamic_lookup_thread` function:\r\n```\r\n  #3  0x0000000000437e4f in Lck__Lock (lck=<optimized out>, p=p@entry=0x4c6800 <__func__.9352> \"VRT_AddDirector\", l=l@entry=192) at cache/cache_lck.c:120\r\n  #4  0x000000000045acb7 in VRT_AddDirector (ctx=ctx@entry=0x7fc5bdf01d80, m=m@entry=0x4b6980 <vbe_methods_noprobe>, priv=priv@entry=0x7fc5da5b1080, fmt=fmt@entry=0x4c1fe4 \"%s\") at cache/cache_vrt_vcl.c:192\r\n\t[WAITING A] Lck_Lock(&vcl_mtx); https://github.com/varnishcache/varnish-cache/blob/0e192d6fa1691ebe9a4a3dcb600579cd43a0c1ba/bin/varnishd/cache/cache_vrt_vcl.c#L199\r\n  #5  0x000000000041aac7 in VRT_new_backend_clustered (ctx=0x7fc5bdf01d80, vc=<optimized out>, vrt=0x7fc5bdf01e10) at cache/cache_backend.c:601\r\n\tcalled by VRT_new_backend\r\n\tsrc/vmod_dynamic.c:405 VRT_new_backend <- (dynamic_add <- dynamic_update_domain <- dynamic_lookup_thread)\r\n  dynamic_update_domain:\r\n    [LOCKED B] Lck_Lock(&dom->mtx); https://github.com/nigoroll/libvmod-dynamic/blob/71820eb7f91ad7e87755d02e522893a9e12dd55b/src/vmod_dynamic.c#L432\r\n  #6  0x00007fc62c574550 in ?? ()\r\n  #7  0x00007fc5ee1caa40 in ?? ()\r\n  #8  0x00007fc62c579f3f in ?? ()\r\n  #9  0x00007fc5bdf01ed0 in ?? ()\r\n  #10 0x00007fc62c573cdc in ?? ()\r\n  #11 0x500000024b1e9335 in ?? ()\r\n  #12 0x000000001736c622 in ?? ()\r\n  #13 0x0000000000000000 in ?? ()\r\n```\r\n\r\nWhat I suspect a thread running in response to `varnishadm backend.list` command calling `cli_backend_list` function:\r\n```\r\n  #3  0x0000000000437e4f in Lck__Lock (lck=<optimized out>, p=<optimized out>, l=<optimized out>) at cache/cache_lck.c:120\r\n\tdynamic_healthy\r\n\t[WAITING B] Lck_Lock(&dom->mtx); https://github.com/nigoroll/libvmod-dynamic/blob/71820eb7f91ad7e87755d02e522893a9e12dd55b/src/vmod_dynamic.c#L180\r\n  #4  0x00007fc62c5733e8 in ?? ()\r\n  #5  0x00007ffed88ef710 in ?? ()\r\n  #6  0x00007fd104c68cdd in __GI___clock_gettime (clock_id=<optimized out>, tp=<optimized out>) at ../sysdeps/unix/clock_gettime.c:115\r\n  #7  0x00000000004ad83e in VTIM_real () at vtim.c:152\r\n  #8  0x00007fd104027210 in ?? ()\r\n  #9  0x00000000004238f0 in ?? () at cache/cache_director.c:224\r\n  #10 0x0000000000423a66 in cli_health (d=0x7fc5df8584e0, ctx=<optimized out>) at cache/cache_director.c:308\r\n  #11 do_list (cli=<optimized out>, d=0x7fc5df8584e0, priv=0x0) at cache/cache_director.c:335\r\n  #12 0x000000000044c90c in vcl_iterdir (cli=cli@entry=0x7fd104027210, pat=0x7fc5e41cb880 \"default_reload_20200128_101739.*\", func=0x7fc5df8584f8, func@entry=0x4238f0 <do_list>, priv=priv@entry=0x7ffed88ef710, vcl=0x7fc5db2fbaa0) at cache/cache_vcl.c:275\r\n\t[LOCKED A] Lck_Lock(&vcl_mtx); https://github.com/varnishcache/varnish-cache/blob/0e192d6fa1691ebe9a4a3dcb600579cd43a0c1ba/bin/varnishd/cache/cache_vcl.c#L342\r\n  #13 0x000000000044df13 in VCL_IterDirector (cli=cli@entry=0x7fd104027210, pat=<optimized out>, func=func@entry=0x4238f0 <do_list>, priv=priv@entry=0x7ffed88ef710) at cache/cache_vcl.c:310\r\n  #14 0x000000000042328d in cli_backend_list (cli=0x7fd104027210, av=0x7fd10401d980, priv=<optimized out>) at cache/cache_director.c:439\r\n```\r\n\r\nUnfortunately the traces from VMOD are missing symbol names even though I have debug symbols installed (dynamic loading?). So what is following is a bit of a guess work.\r\n\r\nThe `cli_backend_list` call, before it can iterate backend list, acquires the `vcl_mtx` lock (https://github.com/varnishcache/varnish-cache/blob/0e192d6fa1691ebe9a4a3dcb600579cd43a0c1ba/bin/varnishd/cache/cache_vcl.c#L342), next it asks each backend for health status (for the listing) via `VRT_Healthy`, this call is forwarded to VMOD dynamic which firstly tries to acquire `dom->mtx` lock (https://github.com/nigoroll/libvmod-dynamic/blob/71820eb7f91ad7e87755d02e522893a9e12dd55b/src/vmod_dynamic.c#L180) before it can iterate dynamic sub-directors to enquire for their status.\r\nNow at the same time `dynamic_lookup_thread` wakes up to update the dynamic sub-director list from DNS results: it resolves the domain name in DNS and if IP list differs from last run it will go and acquire `dom->mtx` lock (https://github.com/nigoroll/libvmod-dynamic/blob/71820eb7f91ad7e87755d02e522893a9e12dd55b/src/vmod_dynamic.c#L432) and call into Varnish to add new backend with `VRT_new_backend` call, this call requires `vcl_mtx` locked (https://github.com/varnishcache/varnish-cache/blob/0e192d6fa1691ebe9a4a3dcb600579cd43a0c1ba/bin/varnishd/cache/cache_vrt_vcl.c#L199) for Varnish to be able to add entry to backend list which is held currently by `cli_backend_list` call chain waiting for `dom->mtx` lock leading to ABBA deadlock.\r\n\r\nWhat follows is that any time a request, that requires access to a backend, comes in Varnish will block on `vcl_mtx`.\r\nI suspect this issue has occurred few times before, but I got it mixed up with hangs related to thread scheduling that I got patched up now.\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/52/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/52/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/53","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/53/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/53/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/53/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/53","id":580546409,"node_id":"MDU6SXNzdWU1ODA1NDY0MDk=","number":53,"title":"dynamic.director not creating backends","user":{"login":"Raboo","id":1148206,"node_id":"MDQ6VXNlcjExNDgyMDY=","avatar_url":"https://avatars.githubusercontent.com/u/1148206?v=4","gravatar_id":"","url":"https://api.github.com/users/Raboo","html_url":"https://github.com/Raboo","followers_url":"https://api.github.com/users/Raboo/followers","following_url":"https://api.github.com/users/Raboo/following{/other_user}","gists_url":"https://api.github.com/users/Raboo/gists{/gist_id}","starred_url":"https://api.github.com/users/Raboo/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/Raboo/subscriptions","organizations_url":"https://api.github.com/users/Raboo/orgs","repos_url":"https://api.github.com/users/Raboo/repos","events_url":"https://api.github.com/users/Raboo/events{/privacy}","received_events_url":"https://api.github.com/users/Raboo/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":9,"created_at":"2020-03-13T11:38:44Z","updated_at":"2020-07-24T18:09:48Z","closed_at":"2020-07-24T18:09:47Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi,\r\n\r\nI am trying this vmod (and varnish) for the first time. Is there any helpful soul that can explain why only the dummy backend gets created? Am I missing something in my configuration?\r\n\r\n*opentsdb.service.consul* resolves into two SRV records that points to two nodes with weight and priority 1. TTL from DNS is 0.\r\nHowever I also tested *_test._tcp.vmod-dynamic.uplex.de* and that didn't work either.\r\n\r\n\r\n```\r\nvcl 4.1;\r\nimport dynamic;\r\n\r\nbackend dummy { .host = \"localhost\"; }\r\n\r\nprobe tsdb_probe {\r\n  .url = \"/version\";\r\n  .interval = 5s;\r\n  .timeout = 1s;\r\n  .window = 5;\r\n  .threshold = 3;\r\n  .initial = 3;\r\n}\r\n\r\nsub vcl_init {\r\n  new r = dynamic.resolver();\r\n  new d = dynamic.director(\r\n    resolver = r.use(),\r\n    probe = tsdb_probe,\r\n    ttl = 30s,\r\n    ttl_from = cfg\r\n  );\r\n  d.debug(true);\r\n}\r\n\r\nsub vcl_recv {\r\n  set req.backend_hint = d.service(\"opentsdb.service.consul\");\r\n  set client.identity = regsuball(req.url, \"&(o|ignore|png|json|html|y2?range|y2?label|y2?log|key|nokey)\\b(=[^&]*)?\", \"\");\r\n}\r\n\r\nsub vcl_hash {\r\n  hash_data(regsuball(req.url, \"&ignore\\b(=[^&]*)?\", \"\"));\r\n  if (req.http.host) {\r\n    hash_data(req.http.host);\r\n  } else {\r\n    hash_data(server.ip);\r\n  }\r\n  return (lookup);\r\n}\r\n```\r\n\r\nRunning `backend.list` in varnish debug mode. I get this output, i.e. the dummy backend. No created backend from dynamic.director().\r\n```\r\nbackend.list\r\n200 134\r\nBackend name   Admin      Probe    Health     Last change\r\nboot.dummy     healthy    0/0      healthy    Fri, 13 Mar 2020 02:13:56 GMT\r\n```\r\n\r\nI can add that doing a tcpdump when starting varnish shows me it is not even doing any DNS lookups.\r\n\r\nI tested varnish 6.3.2, but also tried 6.2.3 and 6.0.6.\r\nOn 6.3.2 I ran with libvmod-dynamic commit 71820eb7f91ad7e87755d02e522893a9e12dd55b and 88161b3018305915c9cf0d2b45f695da709275da.\r\n\r\nUpdate: add tcpdump info.\r\nUpdate: add version info.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/53/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/53/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/54","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/54/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/54/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/54/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/54","id":583553144,"node_id":"MDU6SXNzdWU1ODM1NTMxNDQ=","number":54,"title":"Difficulties compiling for Varnish 5.2 into a .deb package","user":{"login":"Thertor","id":53084078,"node_id":"MDQ6VXNlcjUzMDg0MDc4","avatar_url":"https://avatars.githubusercontent.com/u/53084078?v=4","gravatar_id":"","url":"https://api.github.com/users/Thertor","html_url":"https://github.com/Thertor","followers_url":"https://api.github.com/users/Thertor/followers","following_url":"https://api.github.com/users/Thertor/following{/other_user}","gists_url":"https://api.github.com/users/Thertor/gists{/gist_id}","starred_url":"https://api.github.com/users/Thertor/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/Thertor/subscriptions","organizations_url":"https://api.github.com/users/Thertor/orgs","repos_url":"https://api.github.com/users/Thertor/repos","events_url":"https://api.github.com/users/Thertor/events{/privacy}","received_events_url":"https://api.github.com/users/Thertor/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":7,"created_at":"2020-03-18T08:25:07Z","updated_at":"2020-03-18T10:14:56Z","closed_at":"2020-03-18T09:42:19Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi, I'm trying to compile the module from source and building it into a .deb package in ubuntu, but I'm getting errors during the last step, see below logs:\r\n\r\n```\r\nBuilding using working tree\r\nBuilding package in normal mode\r\nPurging the build dir: /home/eivind/build-area/libvmod-dynamic-5.2-1\r\nLooking for a way to retrieve the upstream tarball\r\nUpstream tarball already exists in build directory, using that\r\nBuilding the package in /home/eivind/build-area/libvmod-dynamic-5.2-1, using debuild -us -uc\r\n dpkg-buildpackage -rfakeroot -us -uc -ui\r\ndpkg-buildpackage: info: source package libvmod-dynamic\r\ndpkg-buildpackage: info: source version 5.2-1-1\r\ndpkg-buildpackage: info: source distribution bionic\r\ndpkg-buildpackage: info: source changed by Eivind Sivertsen <eivind.sivertsen@visma.com>\r\n dpkg-source --before-build libvmod-dynamic-5.2-1\r\ndpkg-buildpackage: info: host architecture amd64\r\n fakeroot debian/rules clean\r\ndh clean\r\n   dh_clean\r\n dpkg-source -b libvmod-dynamic-5.2-1\r\ndpkg-source: info: using source format '3.0 (quilt)'\r\ndpkg-source: info: building libvmod-dynamic using existing ./libvmod-dynamic_5.2-1.orig.tar.gz\r\ndpkg-source: info: building libvmod-dynamic in libvmod-dynamic_5.2-1-1.debian.tar.xz\r\ndpkg-source: info: building libvmod-dynamic in libvmod-dynamic_5.2-1-1.dsc\r\n debian/rules build\r\ndh build\r\n   dh_update_autotools_config\r\n   dh_autoreconf\r\naclocal: error: couldn't open directory '/aclocal': No such file or directory\r\nautoreconf: aclocal failed with exit status: 1\r\ndh_autoreconf: autoreconf -f -i returned exit code 1\r\ndebian/rules:18: recipe for target 'build' failed\r\nmake: *** [build] Error 2\r\ndpkg-buildpackage: error: debian/rules build subprocess returned exit status 2\r\ndebuild: fatal error at line 1152:\r\ndpkg-buildpackage -rfakeroot -us -uc -ui failed\r\nbzr: ERROR: The build failed.\r\n````","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/54/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/54/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/55","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/55/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/55/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/55/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/55","id":583788982,"node_id":"MDU6SXNzdWU1ODM3ODg5ODI=","number":55,"title":"panic when creating new backends","user":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804422,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjI=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/bug","name":"bug","color":"ee0701","default":true,"description":null},{"id":2228311103,"node_id":"MDU6TGFiZWwyMjI4MzExMTAz","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/needs%20%E2%99%A1Sponsor","name":"needs ♡Sponsor","color":"e094d3","default":false,"description":"looking for support ♥"}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":8,"created_at":"2020-03-18T14:57:01Z","updated_at":"2020-10-26T21:44:31Z","closed_at":"2020-10-14T10:00:31Z","author_association":"OWNER","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"reported by @Raboo in https://github.com/nigoroll/libvmod-dynamic/issues/53#issuecomment-600657956\r\n```\r\n# varnishadm panic.show\r\nPanic at: Wed, 18 Mar 2020 14:31:52 GMT\r\nAssert error in vbp_build_req(), cache/cache_backend_probe.c line 593:\r\n  Condition((be->hosthdr) != 0) not true.\r\nversion = varnish-6.4.0 revision 13f137934ec1cf14af66baf7896311115ee35598, vrt api = 11.0\r\nident = Linux,4.4.0-171-generic,x86_64,-junix,-smalloc,-sdefault,-hcritbit,epoll\r\nnow = 3632990.458782 (mono), 1584541911.163488 (real)\r\nBacktrace:\r\n  0x55fa88f43b85: varnishd(+0x50b85) [0x55fa88f43b85]\r\n  0x55fa88fb11e7: varnishd(VAS_Fail+0x17) [0x55fa88fb11e7]\r\n  0x55fa88f213ca: varnishd(+0x2e3ca) [0x55fa88f213ca]\r\n  0x55fa88f1ec78: varnishd(VRT_new_backend_clustered+0x2d8) [0x55fa88f1ec78]\r\n  0x7f0ee3ce3f49: ./vmod_cache/_vmod_dynamic.8464fed2571d152330aca2a8c2ba9d613da02b332f734302a48d8a6371a4998a(+0x5f49) [0x7f0ee3ce3f49]\r\n  0x7f0ef1711fa3: /lib/x86_64-linux-gnu/libpthread.so.0(+0x7fa3) [0x7f0ef1711fa3]\r\n  0x7f0ef16424cf: /lib/x86_64-linux-gnu/libc.so.6(clone+0x3f) [0x7f0ef16424cf]\r\npthread.attr = {\r\n  guard = 4096,\r\n  stack_bottom = 0x7f0ee1c48000,\r\n  stack_top = 0x7f0ee2448000,\r\n  stack_size = 8388608,\r\n}\r\nthr.req = (nil) {\r\n},\r\nthr.busyobj = (nil) {\r\n},\r\nvmods = {\r\n  dynamic = {0x7f0ef0eea070, Varnish 6.4.0 13f137934ec1cf14af66baf7896311115ee35598, 0.0},\r\n},\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/55/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/55/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/56","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/56/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/56/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/56/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/56","id":642977329,"node_id":"MDExOlB1bGxSZXF1ZXN0NDM3ODY1NjQ5","number":56,"title":"Update RPM packaging for compatibility with Varnish 6.3.2 and 6.4.0.","user":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2020-06-22T11:09:14Z","updated_at":"2020-06-23T15:50:54Z","closed_at":"2020-06-23T15:50:54Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/56","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/56","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/56.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/56.patch","merged_at":"2020-06-23T15:50:54Z"},"body":"I also pushed some tags to this fork, but I'm not sure if tags are included in a github PR. The tags go with these commitishes:\r\n2.0.0 => 71820eb7f91ad7e87755d02e522893a9e12dd55b\r\n2.1.0 => b08408a45f3d4a3c13cd2d43f8125256f5454487\r\n2.2.0 => 92ab61fd3cb73edbec30e6e754f5c9862767466d\r\nThat way, the VERSION set in AC_INIT, and set for the RPM version, matches the git tag.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/56/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/56/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/57","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/57/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/57/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/57/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/57","id":643952782,"node_id":"MDExOlB1bGxSZXF1ZXN0NDM4NjYwOTA3","number":57,"title":"Enable use of dynamic.backend() in vcl_init.","user":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2020-06-23T15:48:29Z","updated_at":"2020-06-24T09:12:52Z","closed_at":"2020-06-24T09:12:52Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/57","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/57","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/57.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/57.patch","merged_at":"2020-06-24T09:12:52Z"},"body":"I'm not sure if this is right, so I'm primarily asking for review and feedback. (But of course the PR can be merged if it is right.)\r\n\r\nThat is, I'm not sure if it's enough just to decline starting the lookup thread when `.backend()` is called in `vcl_init`, or if there are other conditions and/or invariants that might be violated.\r\n\r\nI'm also not sure if the added check in `.backend()` is strictly necessary -- load failure if the `.host` field is not set. It just doesn't make much sense to me to use `.backend()` in `vcl_init` unless you are providing a host to look up.\r\n\r\nAnd I haven't thought of a way to write a vtc test without installing another VMOD, since you need something that uses a BACKEND in `vcl_init`. I tested with this VCL using VMOD re2:\r\n```\r\nvcl 4.1;\r\n\r\nimport re2;\r\nimport dynamic;\r\n\r\nbackend fail None;\r\n\r\nsub vcl_init {\r\n        new d = dynamic.director();\r\n        d.debug(true);\r\n\r\n        new r = re2.set(literal=true, anchor=both);\r\n        r.add(\"one\", backend=d.backend(\"one.test.uplex.de\"));\r\n        r.add(\"two-a\", backend=d.backend(\"two-a.test.uplex.de\"));\r\n        r.add(\"two-b\", backend=d.backend(\"two-b.test.uplex.de\"));\r\n        r.compile();\r\n}\r\n\r\nsub vcl_recv {\r\n        set req.backend_hint = fail;\r\n        if (r.match(req.http.Domain)) {\r\n                set req.backend_hint = r.backend();\r\n        }\r\n}\r\n```\r\n\r\nBefore the change, calling `.backend()` in `vcl_init` resulted in assertion failure, since the lookup thread was started by both `dynamic_get()` (called by the method implementation) and `dynamic_start()` (called by the event handler). Obviously we wouldn't want two threads running when one is enough. But it also violated assumptions about the state enum:\r\n```\r\nDebug: Child (16913) Started\r\nError: Child (16913) not responding to CLI, killed it.\r\nCLI result = 400\r\nError: Child (16913) Pushing vcls failed:\r\nCLI communication error (hdr)\r\nDebug: Stopping Child\r\nError: Child (16913) died signal=6 (core dumped)\r\nError: Child (16913) Panic at: Tue, 23 Jun 2020 12:40:35 GMT\r\nAssert error in dynamic_start(), vmod_dynamic.c line 646:\r\n  Condition(dom->status == DYNAMIC_ST_READY) not true.\r\n```\r\nThis was because `.backend()` was called first, which started the thread and changed the state before the evnt handler ran and called `dynamic_start()`.\r\n\r\nWith the change in the PR, I get the expected result:\r\n```\r\n# varnish listening at port :8080\r\n$ curl -I -X GET -H 'Domain: one' -H 'Host: one.test.uplex.de' http://localhost:8080\r\nHTTP/1.1 302 Found\r\nDate: Tue, 23 Jun 2020 15:42:36 GMT\r\nServer: Varnish\r\nX-Varnish: 18335502\r\nLocation: https://one.test.uplex.de/\r\nContent-Length: 0\r\nX-Varnish: 32773\r\nAge: 0\r\nVia: 1.1 varnish (Varnish/6.4)\r\nConnection: keep-alive\r\n```\r\nThe redirect response to https matches the response you get for `http://one.test.uplex.de`, and the same thing happens for the `two-a` and `two-b` domains.\r\n\r\nI also see the Timestamps from VMOD dynamic as expected in the log:\r\n```\r\n$ varnishlog -g raw -q 'vxid == 0 and Timestamp' -d\r\n         0 Timestamp      - vmod-dynamic boot.d(one.test.uplex.de:http) Lookup: 1592925593.002916 0.000000 0.000000\r\n         0 Timestamp      - vmod-dynamic boot.d(two-a.test.uplex.de:http) Lookup: 1592925593.002975 0.000000 0.000000\r\n         0 Timestamp      - vmod-dynamic boot.d(two-b.test.uplex.de:http) Lookup: 1592925593.002990 0.000000 0.000000\r\n         0 Timestamp      - vmod-dynamic boot.d(one.test.uplex.de:http) Results: 1592925593.006311 0.003395 0.003395\r\n         0 Timestamp      - vmod-dynamic boot.d(one.test.uplex.de:http) Update: 1592925593.006472 0.003555 0.000160\r\n         0 Timestamp      - vmod-dynamic boot.d(two-b.test.uplex.de:http) Results: 1592925593.007160 0.004170 0.004170\r\n         0 Timestamp      - vmod-dynamic boot.d(two-b.test.uplex.de:http) Update: 1592925593.007166 0.004176 0.000006\r\n         0 Timestamp      - vmod-dynamic boot.d(two-a.test.uplex.de:http) Results: 1592925593.007333 0.004358 0.004358\r\n         0 Timestamp      - vmod-dynamic boot.d(two-a.test.uplex.de:http) Update: 1592925593.007339 0.004364 0.000006\r\n```\r\n@nigoroll have I overlooked anything? (Could it be this easy?)","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/57/reactions","total_count":1,"+1":1,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/57/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/58","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/58/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/58/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/58/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/58","id":645436170,"node_id":"MDExOlB1bGxSZXF1ZXN0NDM5OTE4NDg0","number":58,"title":"Add branch 6.3","user":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2020-06-25T10:07:19Z","updated_at":"2020-06-26T09:43:54Z","closed_at":"2020-06-26T09:43:53Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/58","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/58","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/58.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/58.patch","merged_at":null},"body":"This adds a new branch, since the most recently added test (test14.vtc) uses backend None, which was not available in Varnish 6.3. There are currently 10 vtc tests that use the `$bad_ip` macro, so we may want to change these over time on the master branch to use None.\r\n\r\nThe new branch includes a version 2.1.1, which I used for a new RPM that adds the recent new feature -- calling `.backend()` in `vcl_init`, which among other things allows the dynamic cirector to be layered with other directors. The RPM is already available at https://pkg.uplex.de.\r\n\r\n@nigoroll I tagged commit f9f4b245c8dca9b8c7ef1ecc815fa79566789bf1 as v2.1.1, but tags are not merged when github PRs are merged. So you'll probably have to do that for your github repo. I recommend that the main repo has git tags to match the version in `AC_INIT`, so that they match the RPM version numbers, and the version number created in the name of a distribution tarball. They also appear in github in the \"Release\" tab.\r\n\r\nSince there probably won't be any new Varnish 6.3.x releases, this branch will most likely be used to backport VMOD features for use with Varnish 6.3, and for new packaging, if we so choose.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/58/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/58/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/59","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/59/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/59/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/59/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/59","id":645439741,"node_id":"MDExOlB1bGxSZXF1ZXN0NDM5OTIxMTQz","number":59,"title":"Add version 2.2.1","user":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2020-06-25T10:12:42Z","updated_at":"2020-06-26T09:36:55Z","closed_at":"2020-06-26T09:36:55Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/59","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/59","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/59.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/59.patch","merged_at":"2020-06-26T09:36:54Z"},"body":"This adds version 2.2.1, which I used to build a new RPM that is compatible with Varnish 6.4.0 and adds the recent new feature (calling `.backend()` in `vcl_init`, layering dynamic with other directors). The RPM is already available at http://pkg.uplex.de.\r\n\r\n@nigoroll as with version 2.1.1 on branch 6.3, you'll probably have to apply tag v2.2.1 to commit 109a7300a1f9a128ddd79d6bddf7595770f56ee5 -- I did that in the fork, but tags are not merged with a github PR.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/59/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/59/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/60","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/60/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/60/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/60/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/60","id":656684529,"node_id":"MDU6SXNzdWU2NTY2ODQ1Mjk=","number":60,"title":"Varnish crashing because of dynamic vmod","user":{"login":"tmcevoy14","id":6459343,"node_id":"MDQ6VXNlcjY0NTkzNDM=","avatar_url":"https://avatars.githubusercontent.com/u/6459343?v=4","gravatar_id":"","url":"https://api.github.com/users/tmcevoy14","html_url":"https://github.com/tmcevoy14","followers_url":"https://api.github.com/users/tmcevoy14/followers","following_url":"https://api.github.com/users/tmcevoy14/following{/other_user}","gists_url":"https://api.github.com/users/tmcevoy14/gists{/gist_id}","starred_url":"https://api.github.com/users/tmcevoy14/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/tmcevoy14/subscriptions","organizations_url":"https://api.github.com/users/tmcevoy14/orgs","repos_url":"https://api.github.com/users/tmcevoy14/repos","events_url":"https://api.github.com/users/tmcevoy14/events{/privacy}","received_events_url":"https://api.github.com/users/tmcevoy14/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804426,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjY=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/invalid","name":"invalid","color":"e6e6e6","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2020-07-14T15:05:10Z","updated_at":"2020-07-15T10:00:39Z","closed_at":"2020-07-14T16:00:25Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"We are using the dynamic vmod (from branch 5.2) and it is frequently causing Varnish to crash. \r\n\r\nCrash logs show this:\r\n```\r\nvarnishadm panic.show\r\nPanic at: Tue, 14 Jul 2020 06:42:52 GMT\r\nAssert error in SES_Delete(), cache/cache_session.c line 546:\r\n  Condition(VTAILQ_EMPTY(&sp->privs->privs)) not true.\r\nversion = varnish-5.2.1 revision 67e562482, vrt api = 6.1\r\nident = Linux,3.10.0-1127.el7.x86_64,x86_64,-junix,-smalloc,-smalloc,-hcritbit,epoll\r\nnow = 5776089.456303 (mono), 1594708967.979804 (real)\r\nBacktrace:\r\n  0x4396da: /usr/sbin/varnishd() [0x4396da]\r\n  0x47ef02: /usr/sbin/varnishd(VAS_Fail+0x42) [0x47ef02]\r\n  0x442520: /usr/sbin/varnishd(SES_Delete+0x1f0) [0x442520]\r\n  0x459e7a: /usr/sbin/varnishd() [0x459e7a]\r\n  0x42cc61: /usr/sbin/varnishd() [0x42cc61]\r\n  0x42de19: /usr/sbin/varnishd(HSH_Unbusy+0x179) [0x42de19]\r\n  0x428d5d: /usr/sbin/varnishd() [0x428d5d]\r\n  0x45287e: /usr/sbin/varnishd() [0x45287e]\r\n  0x452d10: /usr/sbin/varnishd() [0x452d10]\r\n  0x7fa3f6ecdea5: /lib64/libpthread.so.0(+0x7ea5) [0x7fa3f6ecdea5]\r\nthread = (cache-worker)\r\nthr.req = (nil) {\r\n},\r\nthr.busyobj = 0x7f9ded9bb020 {\r\n  ws = 0x7f9ded9bb0a0 {\r\n    id = \\\"bo\\\",\r\n    {s, f, r, e} = {0x7f9ded9bd5c0, +15592, (nil), +121400},\r\n  },\r\n  retries = 0, failed = 0, flags = {do_stream, uncacheable, is_gunzip},\r\n  http_conn = 0x7f9ded9be590 {\r\n    fd = 9951 (@0x7fa0e14ef354),\r\n    doclose = REQ_CLOSE,\r\n    ws = 0x7f9ded9bb0a0 {\r\n      [Already dumped, see above]\r\n    },\r\n    {rxbuf_b, rxbuf_e} = {0x7f9ded9be5f0, 0x7f9ded9bf515},\r\n    {pipeline_b, pipeline_e} = {0x7f9ded9bf515, 0x7f9ded9c1238},\r\n    content_length = 16063,\r\n    body_status = length,\r\n    first_byte_timeout = 20.000000,\r\n    between_bytes_timeout = 20.000000,\r\n  },\r\n  filters = V1F_STRAIGHT=0\r\n  director_req = 0x7fa074ac14e0 {\r\n    vcl_name = director_web_default,\r\n    type = random {\r\n    },\r\n  },\r\n  director_resp = 0x7fa07e8ff538 {\r\n    vcl_name = web100-va2b,\r\n    type = backend {\r\n      display_name = reload_2020-07-13T032012.web100-va2b,\r\n      ipv4 = 10.40.131.200,\r\n      port = 10260,\r\n      hosthdr = web100-va2b.udsrvs.net,\r\n      health = healthy,\r\n      admin_health = probe, changed = 1594679804.904402,\r\n      n_conn = 8,\r\n    },\r\n  },\r\n  http[bereq] = 0x7f9ded9bb890 {\r\n    ws = 0x7f9ded9bb0a0 {\r\n      [Already dumped, see above]\r\n    },\r\n    hdrs {\r\n    },\r\n  },\r\n  http[beresp] = 0x7f9ded9bbf28 {\r\n    ws = 0x7f9ded9bb0a0 {\r\n      [Already dumped, see above]\r\n    },\r\n    hdrs {\r\n    },\r\n  },\r\n  objcore[fetch] = 0x7fa00125cec0 {\r\n    refcnt = 3,\r\n    flags = {pass},\r\n    exp_flags = {refd},\r\n    boc = 0x7f9dd9501640 {\r\n      refcnt = 2,\r\n      state = prep_stream,\r\n      vary = (nil),\r\n      stevedore_priv = (nil),\r\n    },\r\n    exp = {1594708967.979577, 120.000000, 10.000000, 0.000000},\r\n    objhead = 0x7fa071611860,\r\n    stevedore = 0x7fa3f60cd240 (malloc Transient) {\r\n      Simple = 0x7fa2181ea000,\r\n      Obj = 0x7fa08dacb608 {priv=0x7fa08dacb600, ptr=0x7fa2181ea000, len=3984, space=3984},\r\n      LEN = 0x0...0,\r\n      VXID = 0x0db772f0,\r\n      FLAGS = 0x00,\r\n      GZIPBITS = 0x0...0,\r\n      LASTMODIFIED = 0x41d7c354f9c00000,\r\n      VARY = {len=0, ptr=(nil)},\r\n      HEADERS = {len=3864, ptr=0x7fa2181ea078},\r\n    },\r\n  },\r\n  vcl = {\r\n    name = \\\"reload_2020-07-13T032012\\\",\r\n    busy = 11984,\r\n    discard = 0,\r\n    state = auto,\r\n    temp = warm,\r\n    conf = {\r\n      srcname = {\r\n        \\\"/etc/varnish/vcl/django.vcl\\\",\r\n        \\\"Builtin\\\",\r\n        \\\"/etc/varnish/backend_default.vcl\\\",\r\n        \\\"/etc/varnish/libraries/main.vcl\\\",\r\n        \\\"/etc/varnish/libraries/all.vcl\\\",\r\n        \\\"/etc/varnish/libraries/filters.vcl\\\",\r\n        \\\"/etc/varnish/libraries/uuid_generation.vcl\\\",\r\n        \\\"/etc/varnish/libraries/normalized_variables.vcl\\\",\r\n        \\\"/etc/varnish/libraries/request_headers.vcl\\\",\r\n        \\\"/etc/varnish/libraries/response_headers.vcl\\\",\r\n        \\\"/etc/varnish/libraries/synthetic_responses.vcl\\\",\r\n        \\\"/etc/varnish/libraries/variables/cacheable_per_path.vcl\\\",\r\n        \\\"/etc/varnish/libraries/variables/country.vcl\\\",\r\n        \\\"/etc/varnish/libraries/variables/device.vcl\\\",\r\n        \\\"/etc/varnish/libraries/variables/modern_browser.vcl\\\",\r\n        \\\"/etc/varnish/libraries/variables/language.vcl\\\",\r\n        \\\"/etc/varnish/libraries/variables/logged_in.vcl\\\",\r\n        \\\"/etc/varnish/libraries/variables/normalized_urls.vcl\\\",\r\n        \\\"/etc/varnish/libraries/variables/path.vcl\\\",\r\n        \\\"/etc/varnish/libraries/errors/5xx.vcl\\\",\r\n      },\r\n    },\r\n  },\r\n  vmods = {\r\n    std = {Varnish 5.2.1 67e562482, 0.0},\r\n    cookie = {Varnish 5.2.1 67e562482, 0.0},\r\n    header = {Varnish 5.2.1 67e562482, 0.0},\r\n    var = {Varnish 5.2.1 67e562482, 0.0},\r\n    digest = {Varnish 5.2.1 67e562482, 0.0},\r\n    uuid = {Varnish 5.2.1 67e562482, 0.0},\r\n    directors = {Varnish 5.2.1 67e562482, 0.0},\r\n    dynamic = {Varnish 5.2.1 67e562482, 0.0},\r\n  },\r\n},\r\n```\r\n\r\n**FYI:** I've obfuscated the req and res headers because they contain user specific information. \r\n\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/60/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/60/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/61","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/61/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/61/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/61/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/61","id":665296397,"node_id":"MDU6SXNzdWU2NjUyOTYzOTc=","number":61,"title":"Least connection support","user":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804424,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjQ=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/enhancement","name":"enhancement","color":"84b6eb","default":true,"description":null},{"id":2228311103,"node_id":"MDU6TGFiZWwyMjI4MzExMTAz","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/needs%20%E2%99%A1Sponsor","name":"needs ♡Sponsor","color":"e094d3","default":false,"description":"looking for support ♥"}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2020-07-24T16:59:34Z","updated_at":"2020-12-16T15:13:42Z","closed_at":"2020-12-16T15:13:42Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi\r\n\r\nFrom what i understand, we have by default round-robin backend policy... Is there any way to switch to least connections?\r\n\r\nIf one backend locks up or get overload\r\n, with round-robin, varnish will still try to deliver requests, not only overloading it more, but increasing the number of requests that may fail (when finally the healthcheck removes the bad backend) or get bad performance... with least connections, the locked one still will keep some requests, but new ones will be delivered to good backends, avoiding overloading even more the bad backend\r\n\r\nthanks","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/61/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/61/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/62","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/62/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/62/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/62/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/62","id":681916680,"node_id":"MDU6SXNzdWU2ODE5MTY2ODA=","number":62,"title":"Problem while building for varnish 6.4","user":{"login":"abresson","id":23034299,"node_id":"MDQ6VXNlcjIzMDM0Mjk5","avatar_url":"https://avatars.githubusercontent.com/u/23034299?v=4","gravatar_id":"","url":"https://api.github.com/users/abresson","html_url":"https://github.com/abresson","followers_url":"https://api.github.com/users/abresson/followers","following_url":"https://api.github.com/users/abresson/following{/other_user}","gists_url":"https://api.github.com/users/abresson/gists{/gist_id}","starred_url":"https://api.github.com/users/abresson/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/abresson/subscriptions","organizations_url":"https://api.github.com/users/abresson/orgs","repos_url":"https://api.github.com/users/abresson/repos","events_url":"https://api.github.com/users/abresson/events{/privacy}","received_events_url":"https://api.github.com/users/abresson/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2020-08-19T15:07:50Z","updated_at":"2020-08-26T15:11:19Z","closed_at":"2020-08-26T15:11:19Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I'm probably doing something wrong, but I cannot figure out what\r\n\r\nHere are some information about the steps I'm doing\r\n```\r\nvarnishd (varnish-6.4.0 revision 13f137934ec1cf14af66baf7896311115ee35598)\r\nCopyright (c) 2006 Verdens Gang AS\r\nCopyright (c) 2006-2020 Varnish Software AS\r\n```\r\n```\r\napt-cache policy varnish\r\nvarnish:\r\n  Installed: 6.4.0-1~buster\r\n  Candidate: 6.4.0-1~buster\r\n  Version table:\r\n *** 6.4.0-1~buster 500\r\n        500 https://packagecloud.io/varnishcache/varnish64/debian buster/main amd64 Packages\r\n        100 /var/lib/dpkg/status\r\n     6.1.1-1+deb10u1 500\r\n```\r\n\r\n```\r\ncat /etc/debian_version \r\n10.4\r\n```\r\n\r\n```\r\ndpkg -l |grep -E \"libgetdns-dev|automake|libvarnishapi-dev|libtool|pkg-config\"\r\nii  automake                         1:1.16.1-4                   all          Tool for generating GNU Standards-compliant Makefiles\r\nii  libgetdns-dev                    1.5.1-1                      amd64        modern asynchronous DNS API (development)\r\nii  libltdl-dev:amd64                2.4.6-9                      amd64        System independent dlopen wrapper for GNU libtool\r\nii  libltdl7:amd64                   2.4.6-9                      amd64        System independent dlopen wrapper for GNU libtool\r\nii  libtool                          2.4.6-9                      all          Generic library support script\r\nii  libvarnishapi-dev:amd64          6.1.1-1+deb10u1              amd64        development files for Varnish\r\nii  pkg-config                       0.29-6                       amd64        manage compile and link flags for libraries\r\n```\r\n\r\n```\r\ngit clone https://github.com/nigoroll/libvmod-dynamic.git\r\ngit checkout 6.4\r\n```\r\n\r\n```\r\n./autogen.sh\r\n./configure\r\n```\r\n\r\nThen I run make, and it fail..\r\n```\r\nmake\r\n\r\nmake  all-recursive\r\nmake[1]: Entering directory '/tmp/bb/libvmod-dynamic'\r\nMaking all in src\r\nmake[2]: Entering directory '/tmp/bb/libvmod-dynamic/src'\r\n  CC       vmod_dynamic.lo\r\nIn file included from vmod_dynamic.c:55:\r\ndyn_resolver.h:34:31: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token\r\n struct VPFX(dynamic_resolver) * dyn_resolver_blob(VCL_BLOB);\r\n                               ^\r\ndyn_resolver.h:51:56: error: expected ‘;’, ‘,’ or ‘)’ before ‘*’ token\r\n typedef int res_lookup_f(struct VPFX(dynamic_resolver) *r,\r\n                                                        ^\r\ndyn_resolver.h:58:56: error: expected ‘;’, ‘,’ or ‘)’ before ‘*’ token\r\n typedef int srv_lookup_f(struct VPFX(dynamic_resolver) *r,\r\n                                                        ^\r\ndyn_resolver.h:72:2: error: unknown type name ‘res_lookup_f’\r\n  res_lookup_f *lookup;\r\n  ^~~~~~~~~~~~\r\ndyn_resolver.h:76:2: error: unknown type name ‘srv_lookup_f’\r\n  srv_lookup_f *srv_lookup;\r\n  ^~~~~~~~~~~~\r\nIn file included from vmod_dynamic.c:56:\r\nvmod_dynamic.h:177:33: error: expected ‘:’, ‘,’, ‘;’, ‘}’ or ‘__attribute__’ before ‘*’ token\r\n  struct VPFX(dynamic_resolver)  *resolver_inst;\r\n                                 ^\r\nvmod_dynamic.c: In function ‘dynamic_update_domain’:\r\nvmod_dynamic.c:456:21: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n  } else if (dom->obj->ttl_from == cfg) {\r\n                     ^~\r\nvmod_dynamic.c:458:21: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n  } else if (dom->obj->ttl_from == min) {\r\n                     ^~\r\nvmod_dynamic.c:461:21: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n  } else if (dom->obj->ttl_from == max) {\r\n                     ^~\r\nIn file included from /usr/include/varnish/cache/cache.h:50,\r\n                 from vmod_dynamic.c:45:\r\nvmod_dynamic.c:465:18: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n   assert(dom->obj->ttl_from == dns);\r\n                  ^~\r\n/usr/include/varnish/vas.h:59:8: note: in definition of macro ‘assert’\r\n  if (!(e)) {       \\\r\n        ^\r\nvmod_dynamic.c: In function ‘dynamic_lookup_thread’:\r\nvmod_dynamic.c:502:26: error: ‘struct vmod_dynamic_director’ has no member named ‘resolver_inst’; did you mean ‘resolver’?\r\n   ret = res->lookup(obj->resolver_inst, dom->addr,\r\n                          ^~~~~~~~~~~~~\r\n                          resolver\r\nvmod_dynamic.c:502:9: error: called object is not a function or function pointer\r\n   ret = res->lookup(obj->resolver_inst, dom->addr,\r\n         ^~~\r\nvmod_dynamic.c: In function ‘dynamic_stop’:\r\nvmod_dynamic.c:630:2: error: implicit declaration of function ‘VRT_VCL_Allow_Discard’; did you mean ‘VRT_VSC_Alloc’? [-Werror=implicit-function-declaration]\r\n  VRT_VCL_Allow_Discard(&obj->vclref);\r\n  ^~~~~~~~~~~~~~~~~~~~~\r\n  VRT_VSC_Alloc\r\nvmod_dynamic.c: In function ‘dynamic_start’:\r\nvmod_dynamic.c:645:16: error: implicit declaration of function ‘VRT_VCL_Prevent_Discard’ [-Werror=implicit-function-declaration]\r\n  obj->vclref = VRT_VCL_Prevent_Discard(ctx, buf);\r\n                ^~~~~~~~~~~~~~~~~~~~~~~\r\nvmod_dynamic.c:645:14: error: assignment to ‘struct vclref *’ from ‘int’ makes pointer from integer without a cast [-Werror=int-conversion]\r\n  obj->vclref = VRT_VCL_Prevent_Discard(ctx, buf);\r\n              ^\r\nvmod_dynamic.c: In function ‘vmod_director__init’:\r\nvmod_dynamic.c:936:5: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n  obj->ttl_from = dynamic_ttl_parse(ttl_from_s);\r\n     ^~\r\nvmod_dynamic.c:940:8: error: ‘struct vmod_dynamic_director’ has no member named ‘resolver_inst’; did you mean ‘resolver’?\r\n   obj->resolver_inst = dyn_resolver_blob(resolver);\r\n        ^~~~~~~~~~~~~\r\n        resolver\r\nvmod_dynamic.c:940:24: error: implicit declaration of function ‘dyn_resolver_blob’; did you mean ‘vmod_resolver_use’? [-Werror=implicit-function-declaration]\r\n   obj->resolver_inst = dyn_resolver_blob(resolver);\r\n                        ^~~~~~~~~~~~~~~~~\r\n                        vmod_resolver_use\r\nvmod_dynamic.c:941:12: error: ‘struct vmod_dynamic_director’ has no member named ‘resolver_inst’; did you mean ‘resolver’?\r\n   if (obj->resolver_inst == NULL)\r\n            ^~~~~~~~~~~~~\r\n            resolver\r\nvmod_dynamic.c:945:10: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n   if (obj->ttl_from != cfg)\r\n          ^~\r\nIn file included from vmod_dynamic.c:55:\r\nvmod_dynamic.c: At top level:\r\ndyn_resolver.h:32:13: error: storage size of ‘dynamic_resolver’ isn’t known\r\n struct VPFX(dynamic_resolver);\r\n             ^~~~~~~~~~~~~~~~\r\ncc1: all warnings being treated as errors\r\nmake[2]: *** [Makefile:702: vmod_dynamic.lo] Error 1\r\nmake[2]: Leaving directory '/tmp/bb/libvmod-dynamic/src'\r\nmake[1]: *** [Makefile:494: all-recursive] Error 1\r\nmake[1]: Leaving directory '/tmp/bb/libvmod-dynamic'\r\nmake: *** [Makefile:405: all] Error 2\r\n```\r\n\r\nI have no problem compiling other modules such as xkey or curl.\r\nAny help pointing what I'm doing wrong would be much appreciated, thanks","closed_by":{"login":"abresson","id":23034299,"node_id":"MDQ6VXNlcjIzMDM0Mjk5","avatar_url":"https://avatars.githubusercontent.com/u/23034299?v=4","gravatar_id":"","url":"https://api.github.com/users/abresson","html_url":"https://github.com/abresson","followers_url":"https://api.github.com/users/abresson/followers","following_url":"https://api.github.com/users/abresson/following{/other_user}","gists_url":"https://api.github.com/users/abresson/gists{/gist_id}","starred_url":"https://api.github.com/users/abresson/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/abresson/subscriptions","organizations_url":"https://api.github.com/users/abresson/orgs","repos_url":"https://api.github.com/users/abresson/repos","events_url":"https://api.github.com/users/abresson/events{/privacy}","received_events_url":"https://api.github.com/users/abresson/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/62/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/62/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/63","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/63/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/63/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/63/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/63","id":687925709,"node_id":"MDU6SXNzdWU2ODc5MjU3MDk=","number":63,"title":"Is it possible: self-routing sharded Varnish Cache cluster with libvmod-dynamic ?","user":{"login":"abresson","id":23034299,"node_id":"MDQ6VXNlcjIzMDM0Mjk5","avatar_url":"https://avatars.githubusercontent.com/u/23034299?v=4","gravatar_id":"","url":"https://api.github.com/users/abresson","html_url":"https://github.com/abresson","followers_url":"https://api.github.com/users/abresson/followers","following_url":"https://api.github.com/users/abresson/following{/other_user}","gists_url":"https://api.github.com/users/abresson/gists{/gist_id}","starred_url":"https://api.github.com/users/abresson/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/abresson/subscriptions","organizations_url":"https://api.github.com/users/abresson/orgs","repos_url":"https://api.github.com/users/abresson/repos","events_url":"https://api.github.com/users/abresson/events{/privacy}","received_events_url":"https://api.github.com/users/abresson/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":5,"created_at":"2020-08-28T09:02:38Z","updated_at":"2024-03-18T20:26:02Z","closed_at":"2020-09-02T10:47:13Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hello,\r\n\r\nI usually (without libvmod-dynamic) use cache sharding on varnish, based on what is described here : https://info.varnish-software.com/blog/creating-self-routing-varnish-cluster\r\n\r\nWith libvmod-dynamic I'm not able to determine the varnish backend identity from which the traffic is coming from because `req.backend_hint` doesn't return the name of a specific backend, but instead the general name of the dynamic backend.\r\n\r\nHere are some vcl configuration to try to make myself clear:\r\n\r\n**Without dynamic**\r\n```\r\nbackend node1 {\r\n  .host = \"node1.example.com\";\r\n  .port = \"80\";\r\n}\r\n\r\nbackend node2 {\r\n  .host = \"node2.example.com\";\r\n  .port = \"80\";\r\n}\r\n\r\nbackend content {\r\n  .host = \"content-origin.example.com\";\r\n  .port = \"80\";\r\n}\r\n\r\nsub vcl_init\r\n{\r\n  new cluster = directors.hash();\r\n  cluster.add_backend(node1, 1);\r\n  cluster.add_backend(node2, 1);\r\n}\r\n\r\nsub vcl_recv\r\n{\r\n  set req.backend_hint = cluster.backend();\r\n  set req.http.X-shard = req.backend_hint;\r\n\r\n  if (req.http.X-shard == server.identity) {\r\n    set req.backend_hint = content;\r\n  } else {\r\n    return(pass);\r\n  }\r\n}\r\n```\r\nIn the above code, there is no problem,  req.backend_hint will be set to either node1.example.com or node2.example.com\r\n\r\n**With dynamic**\r\n\r\nLet's imagine node.example.com is a multi A DNS record with 2 varnish servers,\r\n`node.example.com  300 IN CNAME varnish1`\r\n `node.example.com  300 IN CNAME varnish2`\r\n\r\n```\r\nprobe node_probe {\r\n  .interval = 5s;\r\n  .timeout = 1s;\r\n  .window = 5;\r\n  .threshold = 3;\r\n  .initial = 3;\r\n  .request =\r\n          \"HEAD / HTTP/1.1\"\r\n          \"Host: node.example.com\"\r\n          \"Connection: close\"\r\n          \"User-Agent: Varnish node Health Probe\";\r\n\r\n}\r\n\r\nprobe content_probe {\r\n  .interval = 5s;\r\n  .timeout = 1s;\r\n  .window = 5;\r\n  .threshold = 3;\r\n  .initial = 3;\r\n  .request =\r\n          \"HEAD / HTTP/1.1\"\r\n          \"Host: content-origin.example.com\"\r\n          \"Connection: close\"\r\n          \"User-Agent: Varnish content Health Probe\";\r\n}\r\n\r\nsub vcl_init\r\n{\r\n  new d_node = dynamic.director(\r\n    probe = node_probe,\r\n    host_header = \"Host\",\r\n    port = 80,\r\n    ttl = 30s\r\n  );\r\n\r\n  new d_content= dynamic.director(\r\n    probe = content_probe,\r\n    host_header = \"Host\",\r\n    port = 80,\r\n    ttl = 30s\r\n  );\r\n\r\n  new v_cluster = directors.shard();\r\n  varnish_nodes.add_backend(d_node.backend(\"node.example.com\",\"80\"));\r\n  varnish_nodes.reconfigure();\r\n\r\n  new c_cluster = directors.round_robin();\r\n  front_nodes.add_backend(d_content.backend(\"content-origin.example.com\",\"80\"));\r\n}\r\n\r\nsub vcl_recv\r\n{\r\n  set req.backend_hint = v_cluster.backend();\r\n  set req.http.X-shard = req.backend_hint;\r\n\r\n  if (req.http.X-shard == server.identity) {\r\n    set req.backend_hint = c_cluster;\r\n  } else {\r\n    return(pass);\r\n  }\r\n}\r\n```\r\n\r\nThe above code doesn't work because `req.backend_hint = v_cluster.backend()` will be set to `v_cluster(node.example.com:80)` and not to the actual varnish backend hosts. \r\nI mean `req.http.X-shard` will be set to either `varnish2` or `varnish1` whereas `req.backend_hint`  wil always be set to  `v_cluster(node.example.com:80)`\r\n\r\nIs there any way to put hostname of the varnish wich actually catched the orign request in \r\n`req.backend_hint` ?\r\n\r\nI'm sorry if my explanation is confused, let me know if you need me to add more information to clarify.\r\n\r\nRegards,","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/63/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/63/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/64","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/64/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/64/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/64/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/64","id":720085486,"node_id":"MDU6SXNzdWU3MjAwODU0ODY=","number":64,"title":"Compilation error against Varnish 6.1.1","user":{"login":"wimsymons","id":1419117,"node_id":"MDQ6VXNlcjE0MTkxMTc=","avatar_url":"https://avatars.githubusercontent.com/u/1419117?v=4","gravatar_id":"","url":"https://api.github.com/users/wimsymons","html_url":"https://github.com/wimsymons","followers_url":"https://api.github.com/users/wimsymons/followers","following_url":"https://api.github.com/users/wimsymons/following{/other_user}","gists_url":"https://api.github.com/users/wimsymons/gists{/gist_id}","starred_url":"https://api.github.com/users/wimsymons/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/wimsymons/subscriptions","organizations_url":"https://api.github.com/users/wimsymons/orgs","repos_url":"https://api.github.com/users/wimsymons/repos","events_url":"https://api.github.com/users/wimsymons/events{/privacy}","received_events_url":"https://api.github.com/users/wimsymons/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2020-10-13T10:13:01Z","updated_at":"2020-10-14T11:21:26Z","closed_at":"2020-10-14T08:54:45Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi,\r\n\r\nI'm trying to compile the module against Varnish 6.1.1 provided by Debian 10 (Buster).\r\nAs stated in the README, I should use branch 6.2 for that.\r\n\r\nBut when I try to do so, I get these compilation errors:\r\n\r\n```\r\nmake  all-recursive\r\nmake[1]: Entering directory '/home/vagrant/libvmod-dynamic64'\r\nMaking all in src\r\nmake[2]: Entering directory '/home/vagrant/libvmod-dynamic64/src'\r\n  VMODTOOL vcc_dynamic_if.c\r\n  CC       vmod_dynamic.lo\r\nIn file included from vmod_dynamic.c:55:\r\ndyn_resolver.h:34:31: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token\r\n struct VPFX(dynamic_resolver) * dyn_resolver_blob(VCL_BLOB);\r\n                               ^\r\ndyn_resolver.h:51:56: error: expected ‘;’, ‘,’ or ‘)’ before ‘*’ token\r\n typedef int res_lookup_f(struct VPFX(dynamic_resolver) *r,\r\n                                                        ^\r\ndyn_resolver.h:58:56: error: expected ‘;’, ‘,’ or ‘)’ before ‘*’ token\r\n typedef int srv_lookup_f(struct VPFX(dynamic_resolver) *r,\r\n                                                        ^\r\ndyn_resolver.h:72:2: error: unknown type name ‘res_lookup_f’\r\n  res_lookup_f *lookup;\r\n  ^~~~~~~~~~~~\r\ndyn_resolver.h:76:2: error: unknown type name ‘srv_lookup_f’\r\n  srv_lookup_f *srv_lookup;\r\n  ^~~~~~~~~~~~\r\nIn file included from vmod_dynamic.c:56:\r\nvmod_dynamic.h:176:33: error: expected ‘:’, ‘,’, ‘;’, ‘}’ or ‘__attribute__’ before ‘*’ token\r\n  struct VPFX(dynamic_resolver)  *resolver_inst;\r\n                                 ^\r\nvmod_dynamic.c: In function ‘dynamic_update_domain’:\r\nvmod_dynamic.c:452:21: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n  } else if (dom->obj->ttl_from == cfg) {\r\n                     ^~\r\nvmod_dynamic.c:454:21: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n  } else if (dom->obj->ttl_from == min) {\r\n                     ^~\r\nvmod_dynamic.c:457:21: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n  } else if (dom->obj->ttl_from == max) {\r\n                     ^~\r\nIn file included from /usr/include/varnish/cache/cache.h:50,\r\n                 from vmod_dynamic.c:45:\r\nvmod_dynamic.c:461:18: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n   assert(dom->obj->ttl_from == dns);\r\n                  ^~\r\n/usr/include/varnish/vas.h:59:8: note: in definition of macro ‘assert’\r\n  if (!(e)) {       \\\r\n        ^\r\nvmod_dynamic.c: In function ‘dynamic_lookup_thread’:\r\nvmod_dynamic.c:498:26: error: ‘struct vmod_dynamic_director’ has no member named ‘resolver_inst’; did you mean ‘resolver’?\r\n   ret = res->lookup(obj->resolver_inst, dom->addr,\r\n                          ^~~~~~~~~~~~~\r\n                          resolver\r\nvmod_dynamic.c:498:9: error: called object is not a function or function pointer\r\n   ret = res->lookup(obj->resolver_inst, dom->addr,\r\n         ^~~\r\nvmod_dynamic.c: In function ‘vmod_director__init’:\r\nvmod_dynamic.c:932:5: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n  obj->ttl_from = dynamic_ttl_parse(ttl_from_s);\r\n     ^~\r\nvmod_dynamic.c:936:8: error: ‘struct vmod_dynamic_director’ has no member named ‘resolver_inst’; did you mean ‘resolver’?\r\n   obj->resolver_inst = dyn_resolver_blob(resolver);\r\n        ^~~~~~~~~~~~~\r\n        resolver\r\nvmod_dynamic.c:936:24: error: implicit declaration of function ‘dyn_resolver_blob’; did you mean ‘vmod_resolver_use’? [-Werror=implicit-function-declaration]\r\n   obj->resolver_inst = dyn_resolver_blob(resolver);\r\n                        ^~~~~~~~~~~~~~~~~\r\n                        vmod_resolver_use\r\nvmod_dynamic.c:937:12: error: ‘struct vmod_dynamic_director’ has no member named ‘resolver_inst’; did you mean ‘resolver’?\r\n   if (obj->resolver_inst == NULL)\r\n            ^~~~~~~~~~~~~\r\n            resolver\r\nvmod_dynamic.c:941:10: error: ‘struct vmod_dynamic_director’ has no member named ‘ttl_from’\r\n   if (obj->ttl_from != cfg)\r\n          ^~\r\nIn file included from vmod_dynamic.c:55:\r\nvmod_dynamic.c: At top level:\r\ndyn_resolver.h:32:13: error: storage size of ‘dynamic_resolver’ isn’t known\r\n struct VPFX(dynamic_resolver);\r\n             ^~~~~~~~~~~~~~~~\r\ncc1: all warnings being treated as errors\r\nmake[2]: *** [Makefile:704: vmod_dynamic.lo] Error 1\r\nmake[2]: Leaving directory '/home/vagrant/libvmod-dynamic64/src'\r\nmake[1]: *** [Makefile:497: all-recursive] Error 1\r\nmake[1]: Leaving directory '/home/vagrant/libvmod-dynamic64'\r\nmake: *** [Makefile:408: all] Error 2\r\n```\r\n\r\nSteps to reproduce on Debian Buster:\r\n```\r\nsudo apt-get install libgetdns-dev libvarnishapi-dev automake libtool python3-docutils\r\ngit clone https://github.com/nigoroll/libvmod-dynamic.git libvmod-dynamic64\r\ncd libvmod-dynamic64/\r\ngit checkout 6.2\r\n./autogen.sh\r\n./configure\r\nmake\r\n```\r\n\r\nPackage versions:\r\n```\r\nvagrant@debian-10:~/libvmod-dynamic64$ dpkg -l libvarnishapi-dev libgetdns-dev\r\nDesired=Unknown/Install/Remove/Purge/Hold\r\n| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend\r\n|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)\r\n||/ Name                    Version         Architecture Description\r\n+++-=======================-===============-============-=================================\r\nii  libgetdns-dev           1.5.1-1         amd64        modern asynchronous DNS API (development)\r\nii  libvarnishapi-dev:amd64 6.1.1-1+deb10u1 amd64        development files for Varnish\r\n```\r\n\r\nIs the 6.2 branch no longer compatible with Varnish 6.1.1?\r\n\r\nKind regards\r\n\r\nWim","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/64/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/64/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/65","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/65/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/65/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/65/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/65","id":743264836,"node_id":"MDExOlB1bGxSZXF1ZXN0NTIxMjAxMjA2","number":65,"title":"Fix for addition of struct vrt_endpoint to VRT.","user":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2020-11-15T14:10:02Z","updated_at":"2020-11-16T15:43:04Z","closed_at":"2020-11-16T15:43:04Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/65","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/65","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/65.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/65.patch","merged_at":"2020-11-16T15:43:04Z"},"body":"","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/65/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/65/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/66","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/66/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/66/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/66/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/66","id":772100619,"node_id":"MDU6SXNzdWU3NzIxMDA2MTk=","number":66,"title":"error: storage size of 'ep' isn't known","user":{"login":"ronaldploeger","id":2346952,"node_id":"MDQ6VXNlcjIzNDY5NTI=","avatar_url":"https://avatars.githubusercontent.com/u/2346952?v=4","gravatar_id":"","url":"https://api.github.com/users/ronaldploeger","html_url":"https://github.com/ronaldploeger","followers_url":"https://api.github.com/users/ronaldploeger/followers","following_url":"https://api.github.com/users/ronaldploeger/following{/other_user}","gists_url":"https://api.github.com/users/ronaldploeger/gists{/gist_id}","starred_url":"https://api.github.com/users/ronaldploeger/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ronaldploeger/subscriptions","organizations_url":"https://api.github.com/users/ronaldploeger/orgs","repos_url":"https://api.github.com/users/ronaldploeger/repos","events_url":"https://api.github.com/users/ronaldploeger/events{/privacy}","received_events_url":"https://api.github.com/users/ronaldploeger/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804426,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjY=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/invalid","name":"invalid","color":"e6e6e6","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2020-12-21T11:43:49Z","updated_at":"2021-09-15T22:55:30Z","closed_at":"2020-12-21T13:00:09Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I am building inside a docker container based on \"ubuntu:18.04\" running: \r\n\r\n```\r\nVMOD_DYNAMIC_BUILD_DEPS=\"autotools-dev \\\r\n  automake \\\r\n  libtool \\\r\n  autoconf \\\r\n  libncurses-dev \\\r\n  xsltproc \\\r\n  groff-base \\\r\n  libpcre3-dev \\\r\n  pkg-config \\\r\n  build-essential \\\r\n  python3 \\\r\n  python3-docutils \\\r\n  libjemalloc-dev \\\r\n  libreadline-dev \\\r\n  python3-sphinx \\\r\n  libcurl3-dev \\\r\n  unzip\"\r\n\r\n# Install dependencies\r\n# ------------------------------------------------------------------------------\r\napt-get update\r\napt-get install --no-install-recommends --no-install-suggests -y ${VMOD_DYNAMIC_BUILD_DEPS}\r\n\r\nunzip \"${VMOD_DYNAMIC_DOWNLOAD}\"\r\n\r\nsh autogen.sh\r\nsh configure \\\r\n  --bindir=/usr/bin \\\r\n  --sbindir=/usr/sbin \\\r\n  --sysconfdir=/etc \\\r\n  --libdir=/usr/lib\r\nmake\r\nmake install\r\n```\r\n\r\nFrom this commit https://github.com/nigoroll/libvmod-dynamic/commit/caab533a23f60c9e1227c4db241b7749841f780d on I can not build anymore but get\r\n\r\n```\r\nmake  all-recursive\r\nmake[1]: Entering directory '/tmp/docker/libvmod-dynamic-caab533a23f60c9e1227c4db241b7749841f780d'\r\nMaking all in src\r\nmake[2]: Entering directory '/tmp/docker/libvmod-dynamic-caab533a23f60c9e1227c4db241b7749841f780d/src'\r\n  VMODTOOL vcc_dynamic_if.c\r\n  CC       vmod_dynamic.lo\r\nvmod_dynamic.c: In function 'dynamic_add':\r\nvmod_dynamic.c:327:22: error: storage size of 'ep' isn't known\r\n  struct vrt_endpoint ep;\r\n                      ^~\r\nIn file included from /usr/local/include/varnish/cache/cache.h:51:0,\r\n                 from vmod_dynamic.c:45:\r\nvmod_dynamic.c:396:16: error: 'VRT_ENDPOINT_MAGIC' undeclared (first use in this function); did you mean 'VRT_BACKEND_MAGIC'?\r\n  INIT_OBJ(&ep, VRT_ENDPOINT_MAGIC);\r\n                ^\r\n/usr/local/include/varnish/miniobj.h:17:18: note: in definition of macro 'INIT_OBJ'\r\n   (to)->magic = (type_magic);    \\\r\n                  ^~~~~~~~~~\r\nvmod_dynamic.c:396:16: note: each undeclared identifier is reported only once for each function it appears in\r\n  INIT_OBJ(&ep, VRT_ENDPOINT_MAGIC);\r\n                ^\r\n/usr/local/include/varnish/miniobj.h:17:18: note: in definition of macro 'INIT_OBJ'\r\n   (to)->magic = (type_magic);    \\\r\n                  ^~~~~~~~~~\r\nvmod_dynamic.c:410:5: error: 'struct vrt_backend' has no member named 'endpoint'\r\n  vrt.endpoint = &ep;\r\n     ^\r\nvmod_dynamic.c:327:22: error: unused variable 'ep' [-Werror=unused-variable]\r\n  struct vrt_endpoint ep;\r\n                      ^~\r\ncc1: all warnings being treated as errors\r\nMakefile:689: recipe for target 'vmod_dynamic.lo' failed\r\nmake[2]: Leaving directory '/tmp/docker/libvmod-dynamic-caab533a23f60c9e1227c4db241b7749841f780d/src'\r\nmake[2]: *** [vmod_dynamic.lo] Error 1\r\nMakefile:494: recipe for target 'all-recursive' failed\r\nmake[1]: Leaving directory '/tmp/docker/libvmod-dynamic-caab533a23f60c9e1227c4db241b7749841f780d'\r\nmake[1]: *** [all-recursive] Error 1\r\nMakefile:405: recipe for target 'all' failed\r\nmake: *** [all] Error 2\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/66/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/66/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/67","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/67/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/67/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/67/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/67","id":780680903,"node_id":"MDU6SXNzdWU3ODA2ODA5MDM=","number":67,"title":"Assert error in VRT_VSC_Destroy()","user":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804422,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjI=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/bug","name":"bug","color":"ee0701","default":true,"description":null}],"state":"closed","locked":false,"assignee":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":0,"created_at":"2021-01-06T16:28:04Z","updated_at":"2021-01-07T13:50:11Z","closed_at":"2021-01-07T13:50:11Z","author_association":"OWNER","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"seen by @slimhazard\r\n```\r\nPanic at: Wed, 06 Jan 2021 13:53:13 GMT\r\nAssert error in VRT_VSC_Destroy(), common/common_vsc.c line 200:\r\n  Condition((vsg) != NULL) not true.\r\nversion = varnish-6.5.1 revision1dae23376bb5ea7a6b8e9e4b9ed95cdc9469fb64, vrt api = 12.0\r\nident = Linux,4.19.0-6-amd64,x86_64,-junix,-sdefault,-sdefault,-hcritbit,epoll\r\nnow = 486009.986834 (mono), 1609941193.760639 (real)\r\nBacktrace:\r\n  0x43f7df: /usr/sbin/varnishd() [0x43f7df]\r\n  0x4a99b5: /usr/sbin/varnishd(VAS_Fail+0x45) [0x4a99b5]\r\n  0x4644f1: /usr/sbin/varnishd() [0x4644f1]\r\n  0x7f951d5fd990: ./vmod_cache/_vmod_dynamic.99d3db6707fde818e419de5d6c0c375da7efe809681dcdc4ffcf909db540302c(vmod_event+0x470)\r\n[0x7f951d5fd990]\r\n  0x7f9519e1e726: vcl_vk8s_ing_65OeQ3N75jaW8kbTEH3frDay01MAwI8ve4hKg7.1609940320.829609/vgc.so(+0x4726)\r\n[0x7f9519e1e726]\r\n  0x44f3c8: /usr/sbin/varnishd() [0x44f3c8]\r\n  0x451113: /usr/sbin/varnishd(VCL_Poll+0x123) [0x451113]\r\n  0x4513dd: /usr/sbin/varnishd() [0x4513dd]\r\n  0x4abbca: /usr/sbin/varnishd() [0x4abbca]\r\n  0x4ac09e: /usr/sbin/varnishd(VCLS_Poll+0x35e)\r\n...\r\n```","closed_by":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/67/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/67/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/68","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/68/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/68/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/68/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/68","id":794019764,"node_id":"MDU6SXNzdWU3OTQwMTk3NjQ=","number":68,"title":"can not build on alpine:3.13","user":{"login":"raybog","id":8174876,"node_id":"MDQ6VXNlcjgxNzQ4NzY=","avatar_url":"https://avatars.githubusercontent.com/u/8174876?v=4","gravatar_id":"","url":"https://api.github.com/users/raybog","html_url":"https://github.com/raybog","followers_url":"https://api.github.com/users/raybog/followers","following_url":"https://api.github.com/users/raybog/following{/other_user}","gists_url":"https://api.github.com/users/raybog/gists{/gist_id}","starred_url":"https://api.github.com/users/raybog/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/raybog/subscriptions","organizations_url":"https://api.github.com/users/raybog/orgs","repos_url":"https://api.github.com/users/raybog/repos","events_url":"https://api.github.com/users/raybog/events{/privacy}","received_events_url":"https://api.github.com/users/raybog/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":7,"created_at":"2021-01-26T08:01:19Z","updated_at":"2021-03-16T15:48:05Z","closed_at":"2021-03-16T15:48:05Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Trying to build varnish docker on latest alpine:\r\n\r\n```\r\nFROM alpine:3.13 AS builder\r\nENV LIBVMOD_DYNAMIC_VERSION=2.3.0\r\nRUN apk --no-cache add automake autoconf libtool make curl python3 py3-sphinx py-docutils pkgconf \\\r\n                     gcc make g++ zlib-dev pcre-dev libedit-dev readline-dev libexecinfo-dev linux-headers \\\r\n                     varnish varnish-dev\r\n\r\nRUN cd /tmp && curl -sSLO https://github.com/nigoroll/libvmod-dynamic/archive/v${LIBVMOD_DYNAMIC_VERSION}.zip && \\\r\n  unzip v${LIBVMOD_DYNAMIC_VERSION}.zip && cd libvmod-dynamic-${LIBVMOD_DYNAMIC_VERSION} && \\\r\n  ./autogen.sh && ./configure && make && make install\r\n\r\n```\r\n\r\nGetting this error:\r\n\r\n```\r\n/usr/lib/gcc/x86_64-alpine-linux-musl/10.2.1/../../../../x86_64-alpine-linux-musl/bin/ld: .libs/vmod_dynamic_service.o:/tmp/libvmod-dynamic-2.3.0/src/vmod_dynamic.h:181: multiple definition of `objects'; .libs/vmod_dynamic.o:/tmp/libvmod-dynamic-2.3.0/src/vmod_dynamic.h:181: first defined here\r\ncollect2: error: ld returned 1 exit status\r\nmake[2]: Leaving directory '/tmp/libvmod-dynamic-2.3.0/src'\r\n```\r\n\r\n\r\n\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/68/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/68/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/69","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/69/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/69/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/69/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/69","id":830221383,"node_id":"MDU6SXNzdWU4MzAyMjEzODM=","number":69,"title":"Compilation error on Debian bullseye (testing)","user":{"login":"huiser","id":50897,"node_id":"MDQ6VXNlcjUwODk3","avatar_url":"https://avatars.githubusercontent.com/u/50897?v=4","gravatar_id":"","url":"https://api.github.com/users/huiser","html_url":"https://github.com/huiser","followers_url":"https://api.github.com/users/huiser/followers","following_url":"https://api.github.com/users/huiser/following{/other_user}","gists_url":"https://api.github.com/users/huiser/gists{/gist_id}","starred_url":"https://api.github.com/users/huiser/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/huiser/subscriptions","organizations_url":"https://api.github.com/users/huiser/orgs","repos_url":"https://api.github.com/users/huiser/repos","events_url":"https://api.github.com/users/huiser/events{/privacy}","received_events_url":"https://api.github.com/users/huiser/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804423,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjM=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/duplicate","name":"duplicate","color":"cccccc","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2021-03-12T15:21:26Z","updated_at":"2021-03-12T15:49:02Z","closed_at":"2021-03-12T15:48:54Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I try to compile tag v2.3.0 in a Debian bullseye docker container, but it fails with the following error:\r\n\r\n```\r\nroot@8a81ad28d485:/src/libvmod-dynamic# make \r\nmake  all-recursive\r\nmake[1]: Entering directory '/src/libvmod-dynamic'\r\nMaking all in src\r\nmake[2]: Entering directory '/src/libvmod-dynamic/src'\r\n  CCLD     libvmod_dynamic.la\r\n/usr/bin/ld: .libs/vmod_dynamic_service.o:/src/libvmod-dynamic/src/vmod_dynamic.h:181: multiple definition of `objects'; .libs/vmod_dynamic.o:/src/libvmod-dynamic/src/vmod_dynamic.h:181: first defined here\r\ncollect2: error: ld returned 1 exit status\r\nmake[2]: *** [Makefile:667: libvmod_dynamic.la] Error 1\r\nmake[2]: Leaving directory '/src/libvmod-dynamic/src'\r\nmake[1]: *** [Makefile:499: all-recursive] Error 1\r\nmake[1]: Leaving directory '/src/libvmod-dynamic'\r\nmake: *** [Makefile:410: all] Error 2\r\n```\r\n\r\nCommand to start container:\r\n```\r\ndocker run -ti --rm --name debian debian:bullseye-20210311-slim\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/69/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/69/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/70","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/70/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/70/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/70/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/70","id":833597611,"node_id":"MDU6SXNzdWU4MzM1OTc2MTE=","number":70,"title":"Assert error in VRT_SetHealth(), cache/cache_vcl_vrt.c line 223","user":{"login":"wimsymons","id":1419117,"node_id":"MDQ6VXNlcjE0MTkxMTc=","avatar_url":"https://avatars.githubusercontent.com/u/1419117?v=4","gravatar_id":"","url":"https://api.github.com/users/wimsymons","html_url":"https://github.com/wimsymons","followers_url":"https://api.github.com/users/wimsymons/followers","following_url":"https://api.github.com/users/wimsymons/following{/other_user}","gists_url":"https://api.github.com/users/wimsymons/gists{/gist_id}","starred_url":"https://api.github.com/users/wimsymons/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/wimsymons/subscriptions","organizations_url":"https://api.github.com/users/wimsymons/orgs","repos_url":"https://api.github.com/users/wimsymons/repos","events_url":"https://api.github.com/users/wimsymons/events{/privacy}","received_events_url":"https://api.github.com/users/wimsymons/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":2228311103,"node_id":"MDU6TGFiZWwyMjI4MzExMTAz","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/needs%20%E2%99%A1Sponsor","name":"needs ♡Sponsor","color":"e094d3","default":false,"description":"looking for support ♥"}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2021-03-17T09:58:35Z","updated_at":"2021-03-17T10:40:37Z","closed_at":"2021-03-17T10:40:37Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi,\r\n\r\nWe found a (concurrency?) bug, running on Varnish 6.1.1.\r\n\r\nNot sure that it is in this module, but it happened when a deploy occurred on the infrastructure behind on of the dynamic directors (AWS Beanstalk). The load balancer got new instances, thus the IP addresses changed.\r\n\r\nVarnish child dies, this is posted in the logs:\r\n```\r\nMar 16 16:04:24 ip-172-22-84-104 varnishd[19503]: Child (19522) not responding to CLI, killed it.\r\nMar 16 16:04:24 ip-172-22-84-104 varnishd[19503]: Unexpected reply from ping: 400 CLI communication error (hdr)\r\nMar 16 16:04:24 ip-172-22-84-104 varnishd[19503]: Child (19522) died signal=6\r\nMar 16 16:04:24 ip-172-22-84-104 varnishd[19503]: Child (19522) Panic at: Tue, 16 Mar 2021 16:04:24 GMT\r\n                                                  Assert error in VRT_SetHealth(), cache/cache_vcl_vrt.c line 223:\r\n                                                    Condition((d) != NULL) not true.\r\n                                                  version = varnish-6.1.1 revision efc2f6c1536cf2272e471f5cff5f145239b19460, vrt api = 8.0\r\n                                                  ident = Linux,4.19.0-14-amd64,x86_64,-junix,-smalloc,-sdefault,-hcritbit,epoll\r\n                                                  now = 714264.543532 (mono), 1615910663.806864 (real)\r\n                                                  Backtrace:\r\n                                                    0x5616f60a3d2a: /usr/sbin/varnishd(+0x4cd2a) [0x5616f60a3d2a]\r\n                                                    0x5616f610bcc3: /usr/sbin/varnishd(VAS_Fail+0x13) [0x5616f610bcc3]\r\n                                                    0x5616f60b6c0b: /usr/sbin/varnishd(VRT_SetHealth+0x6b) [0x5616f60b6c0b]\r\n                                                    0x5616f6083520: /usr/sbin/varnishd(VBP_Remove+0x60) [0x5616f6083520]\r\n                                                    0x5616f607f83e: /usr/sbin/varnishd(+0x2883e) [0x5616f607f83e]\r\n                                                    0x5616f60b69d2: /usr/sbin/varnishd(VRT_DelDirector+0x112) [0x5616f60b69d2]\r\n                                                    0x5616f6081509: /usr/sbin/varnishd(VBE_Poll+0xc9) [0x5616f6081509]\r\n                                                    0x5616f6087d0d: /usr/sbin/varnishd(+0x30d0d) [0x5616f6087d0d]\r\n                                                    0x5616f610dd02: /usr/sbin/varnishd(+0xb6d02) [0x5616f610dd02]\r\n                                                    0x5616f610e369: /usr/sbin/varnishd(VCLS_Poll+0x2e9) [0x5616f610e369]\r\n                                                  thread = (cache-main)\r\n                                                  thr.req = (nil) {\r\n                                                  },\r\n                                                  thr.busyobj = (nil) {\r\n                                                  },\r\nMar 16 16:04:24 ip-172-22-84-104 varnishd[19503]: Child cleanup complete\r\nMar 16 16:04:24 ip-172-22-84-104 varnishd[19503]: Child (30911) Started\r\nMar 16 16:04:24 ip-172-22-84-104 varnishd[19503]: Child (30911) said Child starts\r\n```\r\n\r\nSome snippets from the VCL config:\r\n```\r\nprobe dynamic_probe {\r\n  .interval = 5s;\r\n  .timeout = 5s;\r\n  .initial = 3;\r\n  .threshold = 2;\r\n  .window = 3;\r\n  .request =\r\n    \"GET /health HTTP/1.1\"\r\n    \"User-Agent: Varnish Probe\"\r\n    \"Host: localhost\"\r\n    \"Connection: close\";\r\n}\r\n\r\n...\r\n\r\nsub vcl_init {\r\n  new dynamic_director = dynamic.director(\r\n    port = \"80\",\r\n    ttl = 2m,\r\n    connect_timeout = 3s,\r\n    first_byte_timeout = 10s,\r\n    between_bytes_timeout = 5s,\r\n    probe = dynamic_probe\r\n  );\r\n}\r\n```\r\n\r\nThe libvmod-dynamic module was compiled on Thu, 15 Oct 2020 09:12:00 +0000 against the latest code now on the 6.1 branch (https://github.com/nigoroll/libvmod-dynamic/commit/4931cfd08ad6f142a9f13b064c8a5aa0723f84a1).\r\n\r\nWe need to restart the [Varnish Prometheus exporter](https://github.com/jonnenauha/prometheus_varnish_exporter) after that to send out correct metrics after that, but that's another issue.","closed_by":{"login":"wimsymons","id":1419117,"node_id":"MDQ6VXNlcjE0MTkxMTc=","avatar_url":"https://avatars.githubusercontent.com/u/1419117?v=4","gravatar_id":"","url":"https://api.github.com/users/wimsymons","html_url":"https://github.com/wimsymons","followers_url":"https://api.github.com/users/wimsymons/followers","following_url":"https://api.github.com/users/wimsymons/following{/other_user}","gists_url":"https://api.github.com/users/wimsymons/gists{/gist_id}","starred_url":"https://api.github.com/users/wimsymons/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/wimsymons/subscriptions","organizations_url":"https://api.github.com/users/wimsymons/orgs","repos_url":"https://api.github.com/users/wimsymons/repos","events_url":"https://api.github.com/users/wimsymons/events{/privacy}","received_events_url":"https://api.github.com/users/wimsymons/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/70/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/70/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/71","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/71/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/71/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/71/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/71","id":910220237,"node_id":"MDExOlB1bGxSZXF1ZXN0NjYwNjc2MTE3","number":71,"title":"Add least connections and weighted least connections balancing algorithms","user":{"login":"karlvr","id":1086005,"node_id":"MDQ6VXNlcjEwODYwMDU=","avatar_url":"https://avatars.githubusercontent.com/u/1086005?v=4","gravatar_id":"","url":"https://api.github.com/users/karlvr","html_url":"https://github.com/karlvr","followers_url":"https://api.github.com/users/karlvr/followers","following_url":"https://api.github.com/users/karlvr/following{/other_user}","gists_url":"https://api.github.com/users/karlvr/gists{/gist_id}","starred_url":"https://api.github.com/users/karlvr/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/karlvr/subscriptions","organizations_url":"https://api.github.com/users/karlvr/orgs","repos_url":"https://api.github.com/users/karlvr/repos","events_url":"https://api.github.com/users/karlvr/events{/privacy}","received_events_url":"https://api.github.com/users/karlvr/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804424,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjQ=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/enhancement","name":"enhancement","color":"84b6eb","default":true,"description":null},{"id":2228311103,"node_id":"MDU6TGFiZWwyMjI4MzExMTAz","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/needs%20%E2%99%A1Sponsor","name":"needs ♡Sponsor","color":"e094d3","default":false,"description":"looking for support ♥"},{"id":2228316027,"node_id":"MDU6TGFiZWwyMjI4MzE2MDI3","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/needs%20varnish-cache","name":"needs varnish-cache","color":"006b75","default":false,"description":"needs work in varnish-cache"}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2021-06-03T07:51:21Z","updated_at":"2023-01-05T04:40:45Z","closed_at":"2022-11-08T19:55:08Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/71","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/71","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/71.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/71.patch","merged_at":null},"body":"There is some code to tidy up in here (a x 1.25 particularly), but I am hoping to gauge your interest in merging something like this! I made these changes several years ago, and we've been running with these changes for all of that time. Although I did just port them to 6.6.\r\n\r\nLet me know and I'll work on making it beautiful with you!","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/71/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/71/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/72","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/72/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/72/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/72/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/72","id":942117663,"node_id":"MDU6SXNzdWU5NDIxMTc2NjM=","number":72,"title":"the counter main.backend-unhealthy in varnishstat dont work when use the libvmod-dynamic","user":{"login":"yeurin","id":1029571,"node_id":"MDQ6VXNlcjEwMjk1NzE=","avatar_url":"https://avatars.githubusercontent.com/u/1029571?v=4","gravatar_id":"","url":"https://api.github.com/users/yeurin","html_url":"https://github.com/yeurin","followers_url":"https://api.github.com/users/yeurin/followers","following_url":"https://api.github.com/users/yeurin/following{/other_user}","gists_url":"https://api.github.com/users/yeurin/gists{/gist_id}","starred_url":"https://api.github.com/users/yeurin/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/yeurin/subscriptions","organizations_url":"https://api.github.com/users/yeurin/orgs","repos_url":"https://api.github.com/users/yeurin/repos","events_url":"https://api.github.com/users/yeurin/events{/privacy}","received_events_url":"https://api.github.com/users/yeurin/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2021-07-12T14:21:43Z","updated_at":"2021-10-26T17:09:01Z","closed_at":"2021-10-26T17:09:01Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"hello, i'm using varnish 6.5.1, and libvmod-dynamic. and when i shut my backend define with the libvmod, varnish detect the unhealthy backend, switch to grace mode etc.. BUT, the counter MAIN.backend_unhealthy stay at 0. For information, i configured a health probe\r\n\r\nis there anything to do to correct that ?","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/72/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/72/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/73","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/73/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/73/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/73/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/73","id":998150632,"node_id":"I_kwDOBBOOTM47fpHo","number":73,"title":"`configure` doesn't read `libdir` from `varnishapi.pc`","user":{"login":"VasiliPupkin256","id":27725951,"node_id":"MDQ6VXNlcjI3NzI1OTUx","avatar_url":"https://avatars.githubusercontent.com/u/27725951?v=4","gravatar_id":"","url":"https://api.github.com/users/VasiliPupkin256","html_url":"https://github.com/VasiliPupkin256","followers_url":"https://api.github.com/users/VasiliPupkin256/followers","following_url":"https://api.github.com/users/VasiliPupkin256/following{/other_user}","gists_url":"https://api.github.com/users/VasiliPupkin256/gists{/gist_id}","starred_url":"https://api.github.com/users/VasiliPupkin256/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/VasiliPupkin256/subscriptions","organizations_url":"https://api.github.com/users/VasiliPupkin256/orgs","repos_url":"https://api.github.com/users/VasiliPupkin256/repos","events_url":"https://api.github.com/users/VasiliPupkin256/events{/privacy}","received_events_url":"https://api.github.com/users/VasiliPupkin256/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2021-09-16T12:23:11Z","updated_at":"2021-10-26T16:22:37Z","closed_at":"2021-10-26T16:22:37Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I see the variable is read in the scripts but it seems that it is only used for testing. When I run configure/make/install of the version 2.3.1 on Ubuntu 21.04 it tries to install module in `/usr/lib/varnish/vmods` instead of `/usr/lib/x86_64-linux-gnu/varnish/vmods` where it belongs on this repo. I've solved this with this hack\r\n\r\n    ./configure --without-getdns \\\r\n    --prefix=$(pkg-config --variable=prefix varnishapi) \\\r\n    --bindir=$(pkg-config --variable=bindir varnishapi) \\\r\n    --sbindir=$(pkg-config --variable=sbindir varnishapi) \\\r\n    --sysconfdir=$(pkg-config --variable=sysconfdir varnishapi) \\\r\n    --libdir=$(pkg-config --variable=libdir varnishapi)\r\n\r\nBut of course I don't like it. \r\n\r\nPS: I've tried to set `PKG_CONFIG_PATH` it doesn't change anything.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/73/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/73/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/74","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/74/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/74/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/74/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/74","id":1026076348,"node_id":"I_kwDOBBOOTM49KK68","number":74,"title":"test failing with varnish 6.6","user":{"login":"blacktek","id":42382745,"node_id":"MDQ6VXNlcjQyMzgyNzQ1","avatar_url":"https://avatars.githubusercontent.com/u/42382745?v=4","gravatar_id":"","url":"https://api.github.com/users/blacktek","html_url":"https://github.com/blacktek","followers_url":"https://api.github.com/users/blacktek/followers","following_url":"https://api.github.com/users/blacktek/following{/other_user}","gists_url":"https://api.github.com/users/blacktek/gists{/gist_id}","starred_url":"https://api.github.com/users/blacktek/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/blacktek/subscriptions","organizations_url":"https://api.github.com/users/blacktek/orgs","repos_url":"https://api.github.com/users/blacktek/repos","events_url":"https://api.github.com/users/blacktek/events{/privacy}","received_events_url":"https://api.github.com/users/blacktek/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2021-10-14T07:50:41Z","updated_at":"2021-10-26T16:12:27Z","closed_at":"2021-10-26T16:12:27Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hello,\r\n  we just installed this library on Varnish 6.6 and One of tests failed (out of 21):\r\n\r\n*** v1 CLI RX 106\r\n**** v1 CLI RX|Message from VCC-compiler:\r\n**** v1 CLI RX|Expected '{' got '+'\r\n**** v1 CLI RX|(program line 560), at\r\n**** v1 CLI RX|('<vcl.inline>' Line 7 Pos 27)\r\n**** v1 CLI RX| acl ipv4_loopback +log {\r\n**** v1 CLI RX|--------------------------#-----\r\n**** v1 CLI RX|\r\n**** v1 CLI RX|Running VCC-compiler failed, exited with 2\r\n**** v1 CLI RX|VCL compilation failed\r\n\r\n\r\n18 varnish v1 -vcl {\r\n19 import ${vmod_dynamic};\r\n20\r\n21 backend dummy { .host = \"${bad_ip}\"; .port = \"9080\"; }\r\n22\r\n23 acl ipv4_loopback +log {\r\n24 \"127/24\";\r\n25 }\r\n26\r\n27 sub vcl_init {\r\n28 new d1 = dynamic.director(\r\n29 port = \"${s1_port}\",\r\n30 whitelist = ipv4_loopback,\r\n31 domain_usage_timeout = 1s);\r\n32 d1.debug(true);\r\n33 }\r\n34\r\n35 sub vcl_recv {\r\n36 set req.backend_hint = d1.backend();\r\n37 }\r\n38 } -start\r\n\r\nCould you please make it working with Varnish 6.6?\r\n\r\nWhat are the consequences of the failed test?\r\n\r\nThank you","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/74/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/74/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/75","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/75/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/75/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/75/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/75","id":1027494200,"node_id":"I_kwDOBBOOTM49PlE4","number":75,"title":"Is \"master\" already ready for Varnish 7?","user":{"login":"ronaldploeger","id":2346952,"node_id":"MDQ6VXNlcjIzNDY5NTI=","avatar_url":"https://avatars.githubusercontent.com/u/2346952?v=4","gravatar_id":"","url":"https://api.github.com/users/ronaldploeger","html_url":"https://github.com/ronaldploeger","followers_url":"https://api.github.com/users/ronaldploeger/followers","following_url":"https://api.github.com/users/ronaldploeger/following{/other_user}","gists_url":"https://api.github.com/users/ronaldploeger/gists{/gist_id}","starred_url":"https://api.github.com/users/ronaldploeger/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ronaldploeger/subscriptions","organizations_url":"https://api.github.com/users/ronaldploeger/orgs","repos_url":"https://api.github.com/users/ronaldploeger/repos","events_url":"https://api.github.com/users/ronaldploeger/events{/privacy}","received_events_url":"https://api.github.com/users/ronaldploeger/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2021-10-15T14:19:45Z","updated_at":"2021-10-26T15:54:54Z","closed_at":"2021-10-26T15:54:54Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Is \"master\" already ready for Varnish 7.0.0?\r\n\r\nThanks and all the best,\r\nRonald","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/75/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/75/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/76","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/76/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/76/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/76/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/76","id":1044868162,"node_id":"PR_kwDOBBOOTM4uGT2M","number":76,"title":"Add the authority parameter to .director().","user":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2021-11-04T15:09:14Z","updated_at":"2023-07-07T13:59:13Z","closed_at":"2023-07-07T13:59:13Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":true,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/76","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/76","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/76.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/76.patch","merged_at":null},"body":"Previously this was always set to the value of the VRT_backend host\r\nheader. That is still the default, but with the new parameter a\r\ndifferent value may be set, or the parameter may be set to the\r\nempty string, to specify that no authority TLV should be sent.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/76/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/76/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/77","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/77/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/77/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/77/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/77","id":1045836082,"node_id":"I_kwDOBBOOTM4-VjEy","number":77,"title":"Cannot build on alpine:3.14","user":{"login":"alexpozzi","id":8307861,"node_id":"MDQ6VXNlcjgzMDc4NjE=","avatar_url":"https://avatars.githubusercontent.com/u/8307861?v=4","gravatar_id":"","url":"https://api.github.com/users/alexpozzi","html_url":"https://github.com/alexpozzi","followers_url":"https://api.github.com/users/alexpozzi/followers","following_url":"https://api.github.com/users/alexpozzi/following{/other_user}","gists_url":"https://api.github.com/users/alexpozzi/gists{/gist_id}","starred_url":"https://api.github.com/users/alexpozzi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/alexpozzi/subscriptions","organizations_url":"https://api.github.com/users/alexpozzi/orgs","repos_url":"https://api.github.com/users/alexpozzi/repos","events_url":"https://api.github.com/users/alexpozzi/events{/privacy}","received_events_url":"https://api.github.com/users/alexpozzi/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":7,"created_at":"2021-11-05T13:13:17Z","updated_at":"2021-11-08T10:32:20Z","closed_at":"2021-11-05T16:30:10Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hello,\r\nI'm trying to build this mod on alpine:3.14 (same version used by official Varnish alpine docker images) but I get the following error:\r\n```\r\n./configure: line 12848: syntax error: unexpected newline (expecting \")\")\r\nThe command '/bin/sh -c cd /tmp && curl -sSLO https://github.com/nigoroll/libvmod-dynamic/archive/v${LIBVMOD_DYNAMIC_VERSION}.zip &&   unzip v${LIBVMOD_DYNAMIC_VERSION}.zip && cd libvmod-dynamic-${LIBVMOD_DYNAMIC_VERSION} &&   ./autogen.sh && ./configure && make && make install' returned a non-zero code: 2\r\n```\r\n\r\nExample Dockerfile to reproduce the problem:\r\n```\r\nFROM alpine:3.14 AS prod\r\nENV LIBVMOD_DYNAMIC_VERSION=2.3.1\r\nRUN apk --no-cache add automake autoconf libtool make curl python3 py3-sphinx py-docutils pkgconf \\\r\n                     gcc make g++ zlib-dev pcre-dev libedit-dev readline-dev libexecinfo-dev linux-headers \\\r\n                     varnish varnish-dev\r\n\r\nRUN cd /tmp && curl -sSLO https://github.com/nigoroll/libvmod-dynamic/archive/v${LIBVMOD_DYNAMIC_VERSION}.zip && \\\r\n  unzip v${LIBVMOD_DYNAMIC_VERSION}.zip && cd libvmod-dynamic-${LIBVMOD_DYNAMIC_VERSION} && \\\r\n  ./autogen.sh && ./configure && make && make install\r\n```\r\n\r\nIs there something I'm missing?\r\nDo you have any hint on how to solve the issue?\r\n\r\nThank you!","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/77/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/77/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/78","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/78/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/78/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/78/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/78","id":1112007836,"node_id":"I_kwDOBBOOTM5CR-Sc","number":78,"title":"Deadlock on service lookup when all contexts in use","user":{"login":"jake-dog","id":20374198,"node_id":"MDQ6VXNlcjIwMzc0MTk4","avatar_url":"https://avatars.githubusercontent.com/u/20374198?v=4","gravatar_id":"","url":"https://api.github.com/users/jake-dog","html_url":"https://github.com/jake-dog","followers_url":"https://api.github.com/users/jake-dog/followers","following_url":"https://api.github.com/users/jake-dog/following{/other_user}","gists_url":"https://api.github.com/users/jake-dog/gists{/gist_id}","starred_url":"https://api.github.com/users/jake-dog/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/jake-dog/subscriptions","organizations_url":"https://api.github.com/users/jake-dog/orgs","repos_url":"https://api.github.com/users/jake-dog/repos","events_url":"https://api.github.com/users/jake-dog/events{/privacy}","received_events_url":"https://api.github.com/users/jake-dog/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":4,"created_at":"2022-01-23T22:43:48Z","updated_at":"2025-01-02T16:02:33Z","closed_at":"2022-01-24T10:07:41Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Observed on b72c723acff5b2ef46c9de8cef036cee3a380a64 (`6.0` branch).\r\n\r\nA deadlock can occur when looking up a service record with a `vmod_dynamic.resolver` that has run out of contexts (`parallel` argument to resolver constructor).  One thread will wait infinitely for a context so it may resolve the domain returned by the SRV record, and the other thread will wait infinitely for the `dom->resolve` condition to be set before it releases the context.\r\n\r\nPer the following thread stack traces: thread 957 is waiting for the condition `dom->resolve` while holding a resolver context; thread 972 is waiting for a resolver context so it can set the condition `dom->resolve`.\r\n\r\n```\r\nThread 957 (Thread 0x7fcf717ea700 (LWP 350411)):\r\n#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238\r\n#1  0x0000000000436bf6 in Lck_CondWait ()\r\n#2  0x00007fd1b4df21c9 in service_doms (prios=0x7fd1b0631080, obj=0x7fd1c341a440, ctx=0x7fcf717e9e10) at vmod_dynamic_service.c:266\r\n#3  service_update (res=0x7fd1b4ffb360 <res_getdns>, now=1642054171.002723, priv=<optimized out>, srv=0x7fd16a822300) at vmod_dynamic_service.c:424\r\n#4  service_lookup_thread (priv=0x7fd16a822300) at vmod_dynamic_service.c:496\r\n#5  0x00007fd1c405eea5 in start_thread (arg=0x7fcf717ea700) at pthread_create.c:307\r\n#6  0x00007fd1c3d879fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111\r\n\r\nThread 972 (Thread 0x7fcf6a7dc700 (LWP 350426)):\r\n#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185\r\n#1  0x00007fd1b4df5063 in dyn_getdns_get_context (r=r@entry=0x7fd1c341da80) at dyn_getdns.c:64\r\n#2  0x00007fd1b4df5f16 in getdns_lookup (r=0x7fd1c341da80, node=0x7fd1c34d5dc0 \"redacted.example.svc.cluster.local.\", service=0x7fd1c34d7120 \"42667\", priv=0x7fcf6a7dbc70) at dyn_resolver_getdns.c:183\r\n#3  0x00007fd1b4ded90e in dynamic_lookup_thread (priv=0x7fd1c35c6700) at vmod_dynamic.c:490\r\n#4  0x00007fd1c405eea5 in start_thread (arg=0x7fcf6a7dc700) at pthread_create.c:307\r\n#5  0x00007fd1c3d879fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111\r\n```\r\n\r\nThe possibility of a deadlock is the result of the context not being released until after the service is updated in the function `service_lookup_thread`.\r\n\r\n1. A resolver context is obtained\r\nhttps://github.com/nigoroll/libvmod-dynamic/blob/b72c723acff5b2ef46c9de8cef036cee3a380a64/src/vmod_dynamic_service.c#L488\r\n\r\n2. Update service, which requires condition be set by other thread(s) attaining resolver context\r\nhttps://github.com/nigoroll/libvmod-dynamic/blob/b72c723acff5b2ef46c9de8cef036cee3a380a64/src/vmod_dynamic_service.c#L496\r\n\r\n3. Release context obtained in step 1\r\nhttps://github.com/nigoroll/libvmod-dynamic/blob/b72c723acff5b2ef46c9de8cef036cee3a380a64/src/vmod_dynamic_service.c#L517\r\n\r\nTo eliminate the possibility of a deadlock the resolver context needs to be released (`res->srv_fini(&res_priv)` from [line 517](https://github.com/nigoroll/libvmod-dynamic/blob/b72c723acff5b2ef46c9de8cef036cee3a380a64/src/vmod_dynamic_service.c#L517)) prior to [locking/waiting on the `dom->resolve` condition](https://github.com/nigoroll/libvmod-dynamic/blob/b72c723acff5b2ef46c9de8cef036cee3a380a64/src/vmod_dynamic_service.c#L262-L270).  This could _probably_ be done most easily by moving the `srv_fini()` call to [line 423](https://github.com/nigoroll/libvmod-dynamic/blob/b72c723acff5b2ef46c9de8cef036cee3a380a64/src/vmod_dynamic_service.c#L423), just before the call to `service_doms()`, and adding another `srv_fini()` to handle the [`else` condition](https://github.com/nigoroll/libvmod-dynamic/blob/b72c723acff5b2ef46c9de8cef036cee3a380a64/src/vmod_dynamic_service.c#L510).\r\n\r\nA possible workaround for anyone impacted by this issue is set a larger value for `parallel` (defaut: 16) in the resolver constructor.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/78/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/78/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/79","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/79/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/79/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/79/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/79","id":1119737295,"node_id":"PR_kwDOBBOOTM4x2ouU","number":79,"title":"Declare $ABI vrt.","user":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2022-01-31T17:41:30Z","updated_at":"2022-02-02T08:19:32Z","closed_at":"2022-02-02T08:19:32Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/79","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/79","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/79.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/79.patch","merged_at":"2022-02-02T08:19:32Z"},"body":"As far as I can tell, the VMOD code conforms to VRT. @nigoroll please make your own judgment on that, I may have missed something.\r\n\r\nVRT makes like easier when there's a Varnish version update that doesn't change the VRT version -- the VMOD usually doesn't have to be updated. With $ABI strict, we have to update the VMOD even if nothing changes except the Varnish commit ID.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/79/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/79/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/80","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/80/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/80/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/80/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/80","id":1125025593,"node_id":"I_kwDOBBOOTM5DDoc5","number":80,"title":"no release works with 7.0.2","user":{"login":"gquintard","id":3776553,"node_id":"MDQ6VXNlcjM3NzY1NTM=","avatar_url":"https://avatars.githubusercontent.com/u/3776553?v=4","gravatar_id":"","url":"https://api.github.com/users/gquintard","html_url":"https://github.com/gquintard","followers_url":"https://api.github.com/users/gquintard/followers","following_url":"https://api.github.com/users/gquintard/following{/other_user}","gists_url":"https://api.github.com/users/gquintard/gists{/gist_id}","starred_url":"https://api.github.com/users/gquintard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gquintard/subscriptions","organizations_url":"https://api.github.com/users/gquintard/orgs","repos_url":"https://api.github.com/users/gquintard/repos","events_url":"https://api.github.com/users/gquintard/events{/privacy}","received_events_url":"https://api.github.com/users/gquintard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":4,"created_at":"2022-02-05T20:37:35Z","updated_at":"2022-03-01T18:23:49Z","closed_at":"2022-03-01T11:58:52Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Unless I'm mistaken, `2.5.0` is the latest tag, and has `VARNISH_PREREQ([6.6.0],[7.0.0])`, preventing it from building again `7.0.2`\r\nI can of course pick the top of master, but I'd like to package this vmod into the official `docker` image, and so having an official tag/release would be nice","closed_by":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/80/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/80/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/81","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/81/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/81/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/81/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/81","id":1142330043,"node_id":"I_kwDOBBOOTM5EFpK7","number":81,"title":"Assertion error for service with purged dynamic_domain","user":{"login":"jake-dog","id":20374198,"node_id":"MDQ6VXNlcjIwMzc0MTk4","avatar_url":"https://avatars.githubusercontent.com/u/20374198?v=4","gravatar_id":"","url":"https://api.github.com/users/jake-dog","html_url":"https://github.com/jake-dog","followers_url":"https://api.github.com/users/jake-dog/followers","following_url":"https://api.github.com/users/jake-dog/following{/other_user}","gists_url":"https://api.github.com/users/jake-dog/gists{/gist_id}","starred_url":"https://api.github.com/users/jake-dog/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/jake-dog/subscriptions","organizations_url":"https://api.github.com/users/jake-dog/orgs","repos_url":"https://api.github.com/users/jake-dog/repos","events_url":"https://api.github.com/users/jake-dog/events{/privacy}","received_events_url":"https://api.github.com/users/jake-dog/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":12,"created_at":"2022-02-18T04:28:18Z","updated_at":"2023-07-21T03:10:00Z","closed_at":"2023-07-03T15:01:52Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Observed on 5c1c68b (w/ varnish 6.0.9) and b72c723 (w/ varnish 6.0.7).\r\n\r\n```\r\nPanic at: Fri, 28 Jan 2022 04:08:36 GMT\r\nAssert error in service_resolve(), vmod_dynamic_service.c line 150:\r\n  Condition((t->dom)->magic == 0x1bfe1345) not true.\r\nversion = varnish-6.0.9 revision 3383d3d02c6ee459f20e1f46cfcb9692726a6387, vrt api = 7.1\r\nident = Linux,5.4.77-flatcar,x86_64,-junix,-smalloc,-sdefault,-hcritbit,epoll\r\nnow = 18260503.813988 (mono), 1643342916.576233 (real)\r\nBacktrace:\r\n  0x43c46e: varnishd() [0x43c46e]\r\n  0x49f272: varnishd(VAS_Fail+0x42) [0x49f272]\r\n  0x7fb8159f13da: ./vmod_cache/_vmod_dynamic.04887395d86555991e34ec9874763b01e23b00135a5367941f17a5e0076a9451(+0x83da) [0x7fb8159f13da]\r\n  0x4216a3: varnishd() [0x4216a3]\r\n  0x421d83: varnishd(VDI_GetHdr+0x33) [0x421d83]\r\n  0x42a859: varnishd() [0x42a859]\r\n  0x45a4db: varnishd() [0x45a4db]\r\n  0x45a9c0: varnishd() [0x45a9c0]\r\n  0x7fb8257d2ea5: /lib64/libpthread.so.0(+0x7ea5) [0x7fb8257d2ea5]\r\n  0x7fb8254fbb0d: /lib64/libc.so.6(clone+0x6d) [0x7fb8254fbb0d]\r\n```\r\n\r\n[Full panic output from VTC test log.](https://github.com/nigoroll/libvmod-dynamic/files/8113720/r81.log)\r\n\r\n## Reproduction steps\r\n\r\nA [gist has been created with VTC](https://gist.github.com/jake-dog/25a77e193c406bf5744005fa7a021e9d) that reproduces the panic.  Please follow the instructions inside of the gist, which includes installing and configuring dnsmasq.\r\n\r\nOther test conditions, such as changing A names in SRV responses, have also succeeded in reproducing the assertion error.\r\n\r\n## Investigation\r\n\r\nThe assertion error was not reproducible when `dynamic_domain` usage timeout checks were hardcoded out, blocking timeout purges in the [`dynamic_search`](https://github.com/nigoroll/libvmod-dynamic/blob/5c1c68b7914a10726d724ad8c60562019baa6371/src/vmod_dynamic.c#L650) function, demonstrating that the bug occurs when a `dynamic_domain` is purged while still referenced by a `dynamic_service`.\r\n\r\nThe life cycles of `dynamic_domain` structs, and the `dynamic_service` structs which reference them, are not tightly coupled.  Under specific conditions data races are possible.\r\n\r\nOne such scenario, as demonstrated in the provided VTC, involves three components:\r\n\r\n1. `dynamic_domain` structs exclusively referenced by a `dynamic_service` only have their `last_used` property updated when SRV resolve is successful ([code](https://github.com/nigoroll/libvmod-dynamic/blob/5c1c68b7914a10726d724ad8c60562019baa6371/src/vmod_dynamic_service.c#L245))\r\n2. the delay between SRV resolves is set to `obj->ttl` when the previous DNS resolve fails ([code](https://github.com/nigoroll/libvmod-dynamic/blob/5c1c68b7914a10726d724ad8c60562019baa6371/src/vmod_dynamic_service.c#L522))\r\n3. when retrieving a specific `dynamic_domain`, any active domain which doesn't match is subject to a timeout purge ([code](https://github.com/nigoroll/libvmod-dynamic/blob/5c1c68b7914a10726d724ad8c60562019baa6371/src/vmod_dynamic.c#L670))\r\n\r\nWith these components a panic can be instigated via a simple sequence of requests and DNS failures:\r\n\r\n1. Send a request for a valid `d.service` with DNS running\r\n2. Kill/block DNS\r\n3. Send several more requests to the same `d.service` from step 1 until DNS resolve timeout occurs\r\n4. Enable/unblock DNS\r\n5. Send several requests for a different `d.service` to trigger a timeout purge of the `d.service` from step 1\r\n6. Continue sending requests to the `d.service` from step 1 until panic\r\n\r\nThis sequence of lookups, and purges, looks like this (from provided VTC log):\r\n\r\n```\r\n**** v1    0.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-3.example.svc.cluster.local) Lookup: 1645503346.958248 0.000000 0.000000\r\n**** v1    0.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-3.example.svc.cluster.local) Results: 1645503346.958876 0.000628 0.000628\r\n**** v1    0.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-3.example.svc.cluster.local.:8893) Lookup: 1645503346.959250 0.000000 0.000000\r\n**** v1    0.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-3.example.svc.cluster.local.:8893) Results: 1645503346.959764 0.000514 0.000514\r\n**** v1    0.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-3.example.svc.cluster.local.:8893) Update: 1645503346.959862 0.000613 0.000099\r\n**** v1    0.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-3.example.svc.cluster.local) Update: 1645503346.959927 0.001679 0.001051\r\n**** v1    2.2 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-3.example.svc.cluster.local) Lookup: 1645503348.470227 0.000000 0.000000\r\n**** v1    7.3 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-3.example.svc.cluster.local) Results: 1645503353.475618 5.005390 5.005390\r\n**** v1    7.3 vsl|          0 Error           - vmod-dynamic: vcl1 d1 _http._tcp.p-test-3.example.svc.cluster.local getdns 902 (All queries for the name timed out)\r\n**** v1   15.8 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-2.example.svc.cluster.local) Lookup: 1645503362.042588 0.000000 0.000000\r\n**** v1   15.8 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-2.example.svc.cluster.local) Results: 1645503362.043147 0.000558 0.000558\r\n**** v1   15.8 vsl|          0 VCL_Log         - vmod-dynamic: vcl1 d1 p-test-3.example.svc.cluster.local.:8893 timeout\r\n**** v1   15.8 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-3.example.svc.cluster.local.:8893) Done: 1645503362.043266 0.000000 0.000000\r\n**** v1   15.8 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-2.example.svc.cluster.local.:8892) Lookup: 1645503362.043516 0.000000 0.000000\r\n**** v1   15.8 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-2.example.svc.cluster.local.:8892) Results: 1645503362.043797 0.000281 0.000281\r\n**** v1   15.8 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-2.example.svc.cluster.local.:8892) Update: 1645503362.043895 0.000379 0.000098\r\n**** v1   15.8 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-2.example.svc.cluster.local) Update: 1645503362.043962 0.001374 0.000815\r\n**** v1   17.3 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-2.example.svc.cluster.local) Lookup: 1645503363.554317 0.000000 0.000000\r\n**** v1   17.3 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-2.example.svc.cluster.local) Results: 1645503363.554597 0.000280 0.000280\r\n**** v1   17.3 vsl|          0 VCL_Log         - vmod-dynamic: vcl1 d1 p-test-3.example.svc.cluster.local.:8893 deleted\r\n**** v1   17.3 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-2.example.svc.cluster.local) Update: 1645503363.554614 0.000297 0.000017\r\n```\r\n\r\nNote that the service `_http._tcp.p-test-3.example.svc.cluster.local` is still active, and has not changed, but the domain it points to `p-test-3.example.svc.cluster.local` has timed out and was eventually deleted.\r\n\r\n## Solutions\r\n\r\nThough not completely without the possibility of data races, and not tested, the following should avoid the bulk of the race conditions.  Based on 5c1c68b\r\n\r\n```diff\r\ndiff --git a/src/vmod_dynamic_service.c b/src/vmod_dynamic_service.c\r\nindex 2140a2d..c77ca06 100644\r\n--- a/src/vmod_dynamic_service.c\r\n+++ b/src/vmod_dynamic_service.c\r\n@@ -521,3 +521,6 @@ service_lookup_thread(void *priv)\r\n                            res->name, ret, res->strerror(ret));\r\n-                       srv->deadline = results + obj->ttl;\r\n+                       if (obj->ttl < obj->domain_usage_tmo / 2)\r\n+                               srv->deadline = results + obj->ttl;\r\n+                       else\r\n+                               srv->deadline = results + (obj->domain_usage_tmo / 2);\r\n                        dbg_res_details(NULL, srv->obj, res, res_priv);\r\n@@ -737,2 +740,5 @@ vmod_director_service(VRT_CTX, struct VPFX(dynamic_director) *obj,\r\n        struct dynamic_service *srv;\r\n+       const struct service_prios *prios;\r\n+       const struct service_prio *p;\r\n+       const struct service_target *t;\r\n        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);\r\n@@ -750,2 +756,16 @@ vmod_director_service(VRT_CTX, struct VPFX(dynamic_director) *obj,\r\n        srv->last_used = ctx->now;\r\n+\r\n+       VRMB();\r\n+       prios = srv->prios;\r\n+\r\n+       if (prios != NULL) {\r\n+               VTAILQ_FOREACH(p, &prios->head, list) {\r\n+                       CHECK_OBJ_NOTNULL(p, SERVICE_PRIO_MAGIC);\r\n+                       VTAILQ_FOREACH(t, &p->targets, list) {\r\n+                               CHECK_OBJ_NOTNULL(t, SERVICE_TARGET_MAGIC);\r\n+                               CHECK_OBJ_NOTNULL(t->dom, DYNAMIC_DOMAIN_MAGIC);\r\n+                               t->dom->last_used = ctx->now;\r\n+                       }\r\n+               }\r\n+       }\r\n        Lck_Unlock(&obj->mtx);\r\n```\r\n\r\nThe problems with the trivial solution include:\r\n\r\n* still possibility of data races\r\n  * multiple services using a shared domain\r\n  * multiple unique services with unique domains causing thread races to purge timed out domains\r\n* pattern of SRV resolves is inconsistent and diverges from user configuration\r\n\r\nI've sent #82 introducing minimal reference counting logic to block `dynamic_domain` timeout purges while referenced by a `dynamic_service`, thus tightly coupling them.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/81/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/81/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/82","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/82/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/82/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/82/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/82","id":1142330257,"node_id":"PR_kwDOBBOOTM4zCxtc","number":82,"title":"Fixing domain purge data race","user":{"login":"jake-dog","id":20374198,"node_id":"MDQ6VXNlcjIwMzc0MTk4","avatar_url":"https://avatars.githubusercontent.com/u/20374198?v=4","gravatar_id":"","url":"https://api.github.com/users/jake-dog","html_url":"https://github.com/jake-dog","followers_url":"https://api.github.com/users/jake-dog/followers","following_url":"https://api.github.com/users/jake-dog/following{/other_user}","gists_url":"https://api.github.com/users/jake-dog/gists{/gist_id}","starred_url":"https://api.github.com/users/jake-dog/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/jake-dog/subscriptions","organizations_url":"https://api.github.com/users/jake-dog/orgs","repos_url":"https://api.github.com/users/jake-dog/repos","events_url":"https://api.github.com/users/jake-dog/events{/privacy}","received_events_url":"https://api.github.com/users/jake-dog/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2022-02-18T04:28:41Z","updated_at":"2023-07-03T15:32:58Z","closed_at":"2023-07-03T15:32:57Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/82","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/82","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/82.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/82.patch","merged_at":null},"body":"# What's new\r\n\r\n* fix #81 with a ref counter on `dynamic_domains` linked to `dynamic_services`\r\n* fix SRV resolve TTL so it isn't limited by [`0.5 * domain_usage_tmo`](https://github.com/nigoroll/libvmod-dynamic/blob/5c1c68b7914a10726d724ad8c60562019baa6371/src/vmod_dynamic_service.c#L513-L515)\r\n* fix `dynamic_domain` timeout behavior for `dynamic_domains` linked to `dynamic_services`\r\n\r\n# Why\r\n\r\nThere are several scenarios to consider when fixing #81.  A `dynamic_domain` could be linked to zero or more `dynamic_services`, and/or a `dynamic_domain` linked to `dynamic_service` could be called directly via `d.backend`.   A simple reference counter accommodates all of these possibilities, and prevents all services/domain timeout related data races.  In a word, it is bombproof.\r\n\r\nTimeout initiated purges will be blocked for all `dynamic_domain` structs referenced by `dynamic_services`.  Only after a `dynamic_service` is purged will the corresponding `dynamic_domain` ref counter(s) be decremented. \r\n\r\nWhile adding the ref counter logic I discovered two other unexpected behaviors which were linked to each other:\r\n\r\n* SRV resolve TTL is limited to `0.5 * domain_usage_tmo` or `obj->ttl` (whichever is smaller)\r\n* domains exclusively linked to services had `last_used` updated only when SRV resolve succeeded\r\n\r\nThese behaviors together formed a partially protective layer against early purge of service linked domains.  The addition of a ref counter to service linked domains removes the need for previous workarounds, fixes all early purge vulnerabilities, and makes the behavior of `d.backend` and `d.service` consistent and predictable.\r\n\r\nThis branch passed the [`r81.vtc`](https://gist.github.com/jake-dog/25a77e193c406bf5744005fa7a021e9d) test, and produces the following expected pattern of dynamic backends:\r\n\r\n```\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-3.example.svc.cluster.local) Lookup: 1645504100.142287 0.000000 0.000000\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-3.example.svc.cluster.local) Results: 1645504100.142864 0.000577 0.000577\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-3.example.svc.cluster.local.:8893) Lookup: 1645504100.143254 0.000000 0.000000\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-3.example.svc.cluster.local.:8893) Results: 1645504100.143684 0.000430 0.000430\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-3.example.svc.cluster.local.:8893) Update: 1645504100.143806 0.000552 0.000122\r\n**** v1    0.6 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-3.example.svc.cluster.local) Update: 1645504100.143882 0.001595 0.001019\r\n**** v1   15.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-2.example.svc.cluster.local) Lookup: 1645504115.210968 0.000000 0.000000\r\n**** v1   15.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-2.example.svc.cluster.local) Results: 1645504115.211497 0.000529 0.000529\r\n**** v1   15.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-2.example.svc.cluster.local.:8892) Lookup: 1645504115.211926 0.000000 0.000000\r\n**** v1   15.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-2.example.svc.cluster.local.:8892) Results: 1645504115.212421 0.000495 0.000495\r\n**** v1   15.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(p-test-2.example.svc.cluster.local.:8892) Update: 1645504115.212502 0.000576 0.000081\r\n**** v1   15.7 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-2.example.svc.cluster.local) Update: 1645504115.212528 0.001560 0.001031\r\n**** v1   18.8 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _http._tcp.p-test-2.example.svc.cluster.local) Done: 1645504118.317811 0.000000 0.000000\r\n**** v1   18.8 vsl|       1039 VCL_Log         c vmod-dynamic: vcl1 d1 _http._tcp.p-test-2.example.svc.cluster.local timeout\r\n**** v1   19.8 vsl|       1041 VCL_Log         c vmod-dynamic: vcl1 d1 _http._tcp.p-test-2.example.svc.cluster.local deleted\r\n```\r\n\r\n# Performance Considerations\r\n\r\nWhen an existing service is resolved, and no changes are made, no additional locking is necessary, however extra looping over `srv->prios` is still required to determine if refcounts changed.  Only when an existing service is resolved, and domains are removed from it, is additional locking required to decrement refcounts.\r\n\r\nAn additional loop of `srv->prios` was also added to each `d.service` call to ensure that `last_used` was updated for all linked domains, ensuring that domain timeout behavior will be consistent when the service changes or is removed.\r\n\r\nIn testing with a fairly small number of service backends (5-10), each containing only a single A record, I saw no measurable difference in CPU usage at high transaction rates (3k-5k req/s).","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/82/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/82/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/83","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/83/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/83/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/83/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/83","id":1150626937,"node_id":"I_kwDOBBOOTM5ElSx5","number":83,"title":"Unguarded use-after-free in dynamic_resolve","user":{"login":"rezan","id":1030507,"node_id":"MDQ6VXNlcjEwMzA1MDc=","avatar_url":"https://avatars.githubusercontent.com/u/1030507?v=4","gravatar_id":"","url":"https://api.github.com/users/rezan","html_url":"https://github.com/rezan","followers_url":"https://api.github.com/users/rezan/followers","following_url":"https://api.github.com/users/rezan/following{/other_user}","gists_url":"https://api.github.com/users/rezan/gists{/gist_id}","starred_url":"https://api.github.com/users/rezan/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/rezan/subscriptions","organizations_url":"https://api.github.com/users/rezan/orgs","repos_url":"https://api.github.com/users/rezan/repos","events_url":"https://api.github.com/users/rezan/events{/privacy}","received_events_url":"https://api.github.com/users/rezan/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2022-02-25T16:17:10Z","updated_at":"2023-06-30T05:38:42Z","closed_at":"2023-06-30T05:38:42Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"There is an unguarded use-after-free error [here in vmod_dynamic.c](https://github.com/nigoroll/libvmod-dynamic/blob/9666973952f62110c872d720af3dae0b85b4b597/src/vmod_dynamic.c#L160). This affects all versions of `vmod_dynamic`, potentially all the way back to 4.1. This is unguarded meaning there are no magic checks preventing this from happening or being exploited.\r\n\r\n**Cause**\r\n\r\nResolve a director while doing a plain DNS update where a backend is deleted. Note that without a magic check, this use-after-free is undetectable without extra memory checks.\r\n\r\n**Outcome**\r\n\r\nNothing, a crash/panic, or you can land on a different random backend or an attacker controlled backend.\r\n\r\n**Fix**\r\n\r\n* Add magic checks to all dynamic structs. This is how the bug was uncovered.\r\n* Move the `struct dynamic_ref *next` [dereference in question](https://github.com/nigoroll/libvmod-dynamic/blob/9666973952f62110c872d720af3dae0b85b4b597/src/vmod_dynamic.c#L160) up into the locked section. Grab a reference to the director there and return it.\r\n\r\nI will not be making a PR for this and this has not been reported anywhere else.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/83/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/83/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/84","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/84/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/84/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/84/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/84","id":1170732528,"node_id":"I_kwDOBBOOTM5Fx_Xw","number":84,"title":"A branch dedicated to 7.1?","user":{"login":"anthosz","id":14294064,"node_id":"MDQ6VXNlcjE0Mjk0MDY0","avatar_url":"https://avatars.githubusercontent.com/u/14294064?v=4","gravatar_id":"","url":"https://api.github.com/users/anthosz","html_url":"https://github.com/anthosz","followers_url":"https://api.github.com/users/anthosz/followers","following_url":"https://api.github.com/users/anthosz/following{/other_user}","gists_url":"https://api.github.com/users/anthosz/gists{/gist_id}","starred_url":"https://api.github.com/users/anthosz/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/anthosz/subscriptions","organizations_url":"https://api.github.com/users/anthosz/orgs","repos_url":"https://api.github.com/users/anthosz/repos","events_url":"https://api.github.com/users/anthosz/events{/privacy}","received_events_url":"https://api.github.com/users/anthosz/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2022-03-16T09:07:22Z","updated_at":"2022-04-07T12:42:38Z","closed_at":"2022-04-07T12:42:38Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hello,\r\n\r\nIs it planned to create a branch dedicated to 7.1 or we simply need to use master?\r\n\r\nBest regards,","closed_by":{"login":"anthosz","id":14294064,"node_id":"MDQ6VXNlcjE0Mjk0MDY0","avatar_url":"https://avatars.githubusercontent.com/u/14294064?v=4","gravatar_id":"","url":"https://api.github.com/users/anthosz","html_url":"https://github.com/anthosz","followers_url":"https://api.github.com/users/anthosz/followers","following_url":"https://api.github.com/users/anthosz/following{/other_user}","gists_url":"https://api.github.com/users/anthosz/gists{/gist_id}","starred_url":"https://api.github.com/users/anthosz/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/anthosz/subscriptions","organizations_url":"https://api.github.com/users/anthosz/orgs","repos_url":"https://api.github.com/users/anthosz/repos","events_url":"https://api.github.com/users/anthosz/events{/privacy}","received_events_url":"https://api.github.com/users/anthosz/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/84/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/84/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/85","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/85/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/85/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/85/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/85","id":1175165710,"node_id":"I_kwDOBBOOTM5GC5sO","number":85,"title":"Support for arm containers on m1 mac","user":{"login":"janosmiko","id":693558,"node_id":"MDQ6VXNlcjY5MzU1OA==","avatar_url":"https://avatars.githubusercontent.com/u/693558?v=4","gravatar_id":"","url":"https://api.github.com/users/janosmiko","html_url":"https://github.com/janosmiko","followers_url":"https://api.github.com/users/janosmiko/followers","following_url":"https://api.github.com/users/janosmiko/following{/other_user}","gists_url":"https://api.github.com/users/janosmiko/gists{/gist_id}","starred_url":"https://api.github.com/users/janosmiko/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/janosmiko/subscriptions","organizations_url":"https://api.github.com/users/janosmiko/orgs","repos_url":"https://api.github.com/users/janosmiko/repos","events_url":"https://api.github.com/users/janosmiko/events{/privacy}","received_events_url":"https://api.github.com/users/janosmiko/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2022-03-21T10:17:07Z","updated_at":"2022-04-21T10:58:40Z","closed_at":"2022-04-21T10:58:40Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi,\r\n\r\nI'm building varnish containers for amd64 and arm64 using this vmod. While it's working well on amd64 and it also works well when I'm using an arm64 linux server it's not working for desktop users using m1 mac.\r\n\r\nThey got the following error:\r\n```\r\nError:\r\nvarnish_1        | Message from VCC-compiler:\r\nvarnish_1        | Could not open VMOD dynamic\r\nvarnish_1        | \tFile name: /usr/lib/varnish/vmods/libvmod_dynamic.so\r\nvarnish_1        | \tdlerror: /usr/lib/varnish/vmods/libvmod_dynamic.so: undefined symbol: vmb_pthread\r\nvarnish_1        | ('/etc/varnish/default.vcl' Line 5 Pos 8)\r\nvarnish_1        | import dynamic;\r\nvarnish_1        | -------#######-\r\nvarnish_1        | \r\n```\r\n\r\nThe Dockerfile I'm using:\r\nhttps://github.com/rewardenv/reward/blob/main/images/varnish/debian/6.5/Dockerfile\r\n\r\n\r\nRelated issue:\r\nhttps://github.com/rewardenv/reward/issues/17","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/85/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/85/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/86","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/86/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/86/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/86/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/86","id":1187420285,"node_id":"PR_kwDOBBOOTM41XT3a","number":86,"title":"align vmb.h with the varnish version","user":{"login":"gquintard","id":3776553,"node_id":"MDQ6VXNlcjM3NzY1NTM=","avatar_url":"https://avatars.githubusercontent.com/u/3776553?v=4","gravatar_id":"","url":"https://api.github.com/users/gquintard","html_url":"https://github.com/gquintard","followers_url":"https://api.github.com/users/gquintard/followers","following_url":"https://api.github.com/users/gquintard/following{/other_user}","gists_url":"https://api.github.com/users/gquintard/gists{/gist_id}","starred_url":"https://api.github.com/users/gquintard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gquintard/subscriptions","organizations_url":"https://api.github.com/users/gquintard/orgs","repos_url":"https://api.github.com/users/gquintard/repos","events_url":"https://api.github.com/users/gquintard/events{/privacy}","received_events_url":"https://api.github.com/users/gquintard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2022-03-31T02:47:21Z","updated_at":"2022-06-07T10:02:45Z","closed_at":"2022-04-21T10:58:40Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/86","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/86","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/86.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/86.patch","merged_at":"2022-04-21T10:58:40Z"},"body":"fixes #85\r\n\r\nit shouldn't break 7.0- as the header file predates it, but I haven't tested it","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/86/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/86/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/87","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/87/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/87/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/87/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/87","id":1334710826,"node_id":"PR_kwDOBBOOTM489mU0","number":87,"title":"align vmb.h with the varnish version","user":{"login":"janosmiko","id":693558,"node_id":"MDQ6VXNlcjY5MzU1OA==","avatar_url":"https://avatars.githubusercontent.com/u/693558?v=4","gravatar_id":"","url":"https://api.github.com/users/janosmiko","html_url":"https://github.com/janosmiko","followers_url":"https://api.github.com/users/janosmiko/followers","following_url":"https://api.github.com/users/janosmiko/following{/other_user}","gists_url":"https://api.github.com/users/janosmiko/gists{/gist_id}","starred_url":"https://api.github.com/users/janosmiko/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/janosmiko/subscriptions","organizations_url":"https://api.github.com/users/janosmiko/orgs","repos_url":"https://api.github.com/users/janosmiko/repos","events_url":"https://api.github.com/users/janosmiko/events{/privacy}","received_events_url":"https://api.github.com/users/janosmiko/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2022-08-10T14:23:30Z","updated_at":"2022-08-10T14:49:54Z","closed_at":"2022-08-10T14:49:54Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/87","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/87","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/87.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/87.patch","merged_at":"2022-08-10T14:49:54Z"},"body":"I open these pull requests to apply @gquintard 's fix on ARM builds for older varnish versions.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/87/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/87/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/88","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/88/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/88/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/88/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/88","id":1334710920,"node_id":"PR_kwDOBBOOTM489mWM","number":88,"title":"align vmb.h with the varnish version","user":{"login":"janosmiko","id":693558,"node_id":"MDQ6VXNlcjY5MzU1OA==","avatar_url":"https://avatars.githubusercontent.com/u/693558?v=4","gravatar_id":"","url":"https://api.github.com/users/janosmiko","html_url":"https://github.com/janosmiko","followers_url":"https://api.github.com/users/janosmiko/followers","following_url":"https://api.github.com/users/janosmiko/following{/other_user}","gists_url":"https://api.github.com/users/janosmiko/gists{/gist_id}","starred_url":"https://api.github.com/users/janosmiko/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/janosmiko/subscriptions","organizations_url":"https://api.github.com/users/janosmiko/orgs","repos_url":"https://api.github.com/users/janosmiko/repos","events_url":"https://api.github.com/users/janosmiko/events{/privacy}","received_events_url":"https://api.github.com/users/janosmiko/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2022-08-10T14:23:35Z","updated_at":"2022-08-10T14:50:03Z","closed_at":"2022-08-10T14:50:03Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/88","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/88","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/88.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/88.patch","merged_at":"2022-08-10T14:50:03Z"},"body":"I open these pull requests to apply @gquintard 's fix on ARM builds for older varnish versions.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/88/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/88/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/89","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/89/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/89/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/89/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/89","id":1334711085,"node_id":"PR_kwDOBBOOTM489mYZ","number":89,"title":"align vmb.h with the varnish version","user":{"login":"janosmiko","id":693558,"node_id":"MDQ6VXNlcjY5MzU1OA==","avatar_url":"https://avatars.githubusercontent.com/u/693558?v=4","gravatar_id":"","url":"https://api.github.com/users/janosmiko","html_url":"https://github.com/janosmiko","followers_url":"https://api.github.com/users/janosmiko/followers","following_url":"https://api.github.com/users/janosmiko/following{/other_user}","gists_url":"https://api.github.com/users/janosmiko/gists{/gist_id}","starred_url":"https://api.github.com/users/janosmiko/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/janosmiko/subscriptions","organizations_url":"https://api.github.com/users/janosmiko/orgs","repos_url":"https://api.github.com/users/janosmiko/repos","events_url":"https://api.github.com/users/janosmiko/events{/privacy}","received_events_url":"https://api.github.com/users/janosmiko/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2022-08-10T14:23:41Z","updated_at":"2022-08-10T14:50:11Z","closed_at":"2022-08-10T14:50:11Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/89","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/89","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/89.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/89.patch","merged_at":"2022-08-10T14:50:11Z"},"body":"I open these pull requests to apply @gquintard 's fix on ARM builds for older varnish versions.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/89/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/89/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/90","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/90/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/90/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/90/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/90","id":1334711147,"node_id":"PR_kwDOBBOOTM489mZO","number":90,"title":"align vmb.h with the varnish version","user":{"login":"janosmiko","id":693558,"node_id":"MDQ6VXNlcjY5MzU1OA==","avatar_url":"https://avatars.githubusercontent.com/u/693558?v=4","gravatar_id":"","url":"https://api.github.com/users/janosmiko","html_url":"https://github.com/janosmiko","followers_url":"https://api.github.com/users/janosmiko/followers","following_url":"https://api.github.com/users/janosmiko/following{/other_user}","gists_url":"https://api.github.com/users/janosmiko/gists{/gist_id}","starred_url":"https://api.github.com/users/janosmiko/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/janosmiko/subscriptions","organizations_url":"https://api.github.com/users/janosmiko/orgs","repos_url":"https://api.github.com/users/janosmiko/repos","events_url":"https://api.github.com/users/janosmiko/events{/privacy}","received_events_url":"https://api.github.com/users/janosmiko/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2022-08-10T14:23:44Z","updated_at":"2022-08-10T14:50:19Z","closed_at":"2022-08-10T14:50:19Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/90","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/90","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/90.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/90.patch","merged_at":"2022-08-10T14:50:19Z"},"body":"I open these pull requests to apply @gquintard 's fix on ARM builds for older varnish versions.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/90/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/90/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/91","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/91/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/91/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/91/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/91","id":1334711226,"node_id":"PR_kwDOBBOOTM489maX","number":91,"title":"align vmb.h with the varnish version","user":{"login":"janosmiko","id":693558,"node_id":"MDQ6VXNlcjY5MzU1OA==","avatar_url":"https://avatars.githubusercontent.com/u/693558?v=4","gravatar_id":"","url":"https://api.github.com/users/janosmiko","html_url":"https://github.com/janosmiko","followers_url":"https://api.github.com/users/janosmiko/followers","following_url":"https://api.github.com/users/janosmiko/following{/other_user}","gists_url":"https://api.github.com/users/janosmiko/gists{/gist_id}","starred_url":"https://api.github.com/users/janosmiko/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/janosmiko/subscriptions","organizations_url":"https://api.github.com/users/janosmiko/orgs","repos_url":"https://api.github.com/users/janosmiko/repos","events_url":"https://api.github.com/users/janosmiko/events{/privacy}","received_events_url":"https://api.github.com/users/janosmiko/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2022-08-10T14:23:48Z","updated_at":"2022-08-10T14:50:26Z","closed_at":"2022-08-10T14:50:26Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/91","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/91","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/91.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/91.patch","merged_at":"2022-08-10T14:50:26Z"},"body":"I open these pull requests to apply @gquintard 's fix on ARM builds for older varnish versions.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/91/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/91/timeline","performed_via_github_app":null,"state_reason":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABgogj3SDOT44Tug%253D%253D&direction=asc&per_page=45&sort=created&state=all b/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABgogj3SDOT44Tug%253D%253D&direction=asc&per_page=45&sort=created&state=all
new file mode 100644
index 0000000000..6af7fe094a
--- /dev/null
+++ b/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABgogj3SDOT44Tug%253D%253D&direction=asc&per_page=45&sort=created&state=all
@@ -0,0 +1,24 @@
+Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
+Content-Security-Policy: default-src 'none'
+X-Ratelimit-Limit: 5000
+X-Github-Request-Id: 545E:1E338F:1CE4A84:1996CBD:6973A26D
+X-Github-Media-Type: github.v3; param=squirrel-girl-preview
+X-Content-Type-Options: nosniff
+X-Ratelimit-Remaining: 4996
+X-Ratelimit-Used: 4
+X-Ratelimit-Resource: core
+Cache-Control: private, max-age=60, s-maxage=60
+Vary: Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With
+Etag: W/"a49a1c60869efd0512ebf397fe3b38f0f0780cd1108773b389a457d5139908be"
+Access-Control-Allow-Origin: *
+Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
+Link: <https://api.github.com/repositories/68390476/issues?after=Y3Vyc29yOnYyOpLPAAABmqckTzDO2bC8uw%3D%3D&direction=asc&per_page=45&sort=created&state=all>; rel="next", <https://api.github.com/repositories/68390476/issues?direction=asc&per_page=45&sort=created&state=all&before=Y3Vyc29yOnYyOpLPAAABgogj6NjOT44T8w%3D%3D>; rel="prev"
+X-Github-Api-Version-Selected: 2022-11-28
+Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
+X-Frame-Options: deny
+X-Xss-Protection: 0
+X-Ratelimit-Reset: 1769189499
+Content-Type: application/json; charset=utf-8
+X-Accepted-Github-Permissions: issues=read
+
+[{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/92","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/92/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/92/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/92/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/92","id":1334711283,"node_id":"PR_kwDOBBOOTM489mbM","number":92,"title":"align vmb.h with the varnish version","user":{"login":"janosmiko","id":693558,"node_id":"MDQ6VXNlcjY5MzU1OA==","avatar_url":"https://avatars.githubusercontent.com/u/693558?v=4","gravatar_id":"","url":"https://api.github.com/users/janosmiko","html_url":"https://github.com/janosmiko","followers_url":"https://api.github.com/users/janosmiko/followers","following_url":"https://api.github.com/users/janosmiko/following{/other_user}","gists_url":"https://api.github.com/users/janosmiko/gists{/gist_id}","starred_url":"https://api.github.com/users/janosmiko/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/janosmiko/subscriptions","organizations_url":"https://api.github.com/users/janosmiko/orgs","repos_url":"https://api.github.com/users/janosmiko/repos","events_url":"https://api.github.com/users/janosmiko/events{/privacy}","received_events_url":"https://api.github.com/users/janosmiko/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2022-08-10T14:23:51Z","updated_at":"2022-08-10T14:50:33Z","closed_at":"2022-08-10T14:50:33Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/92","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/92","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/92.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/92.patch","merged_at":"2022-08-10T14:50:33Z"},"body":"I open these pull requests to apply @gquintard 's fix on ARM builds for older varnish versions.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/92/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/92/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/93","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/93/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/93/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/93/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/93","id":1334955060,"node_id":"PR_kwDOBBOOTM48-Zu6","number":93,"title":"Branch for 7.1","user":{"login":"janosmiko","id":693558,"node_id":"MDQ6VXNlcjY5MzU1OA==","avatar_url":"https://avatars.githubusercontent.com/u/693558?v=4","gravatar_id":"","url":"https://api.github.com/users/janosmiko","html_url":"https://github.com/janosmiko","followers_url":"https://api.github.com/users/janosmiko/followers","following_url":"https://api.github.com/users/janosmiko/following{/other_user}","gists_url":"https://api.github.com/users/janosmiko/gists{/gist_id}","starred_url":"https://api.github.com/users/janosmiko/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/janosmiko/subscriptions","organizations_url":"https://api.github.com/users/janosmiko/orgs","repos_url":"https://api.github.com/users/janosmiko/repos","events_url":"https://api.github.com/users/janosmiko/events{/privacy}","received_events_url":"https://api.github.com/users/janosmiko/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2022-08-10T17:32:13Z","updated_at":"2022-11-08T19:48:10Z","closed_at":"2022-11-08T19:48:10Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/93","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/93","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/93.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/93.patch","merged_at":null},"body":"I prepared a branch for Varnish 7.1.\r\n\r\nOn top of the regular CI-elated changes I replaced the `Lck_CondWait` functions with `Lck_CondWaitTimeout` in the `src/vmod_dynamic.c` file to be up-to-date with Varnish 7.1 (https://github.com/varnishcache/varnish-cache/blob/5424da941529503c724911d8141e6824db756f88/doc/changes.rst)","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/93/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/93/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/94","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/94/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/94/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/94/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/94","id":1410081152,"node_id":"I_kwDOBBOOTM5UDCGA","number":94,"title":"Branches 7.1 / 7.2","user":{"login":"ronaldploeger","id":2346952,"node_id":"MDQ6VXNlcjIzNDY5NTI=","avatar_url":"https://avatars.githubusercontent.com/u/2346952?v=4","gravatar_id":"","url":"https://api.github.com/users/ronaldploeger","html_url":"https://github.com/ronaldploeger","followers_url":"https://api.github.com/users/ronaldploeger/followers","following_url":"https://api.github.com/users/ronaldploeger/following{/other_user}","gists_url":"https://api.github.com/users/ronaldploeger/gists{/gist_id}","starred_url":"https://api.github.com/users/ronaldploeger/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ronaldploeger/subscriptions","organizations_url":"https://api.github.com/users/ronaldploeger/orgs","repos_url":"https://api.github.com/users/ronaldploeger/repos","events_url":"https://api.github.com/users/ronaldploeger/events{/privacy}","received_events_url":"https://api.github.com/users/ronaldploeger/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2022-10-15T07:35:36Z","updated_at":"2022-11-09T16:17:58Z","closed_at":"2022-11-08T19:49:42Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi, \r\n\r\nwill there be a branch 7.1 and 7.2 or does the branch 7.0 work correctly with those versions of varnish? \r\n\r\nThanks and best regards,\r\nRonald","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/94/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/94/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/95","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/95/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/95/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/95/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/95","id":1440805930,"node_id":"I_kwDOBBOOTM5V4PQq","number":95,"title":"Update RPM build","user":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":3,"created_at":"2022-11-08T19:47:13Z","updated_at":"2022-11-17T16:23:21Z","closed_at":"2022-11-17T16:23:21Z","author_association":"OWNER","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Ref https://github.com/nigoroll/libvmod-dynamic/pull/93/commits/e7c14cf7bbeaa51e15a2e2921629ab15c701b09d and #93 \r\n\r\nWe should update our RPM build to support 7.1 and/or 7.2\r\n","closed_by":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/95/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/95/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/96","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/96/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/96/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/96/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/96","id":1626745126,"node_id":"I_kwDOBBOOTM5g9ikm","number":96,"title":"7.3 compatibility","user":{"login":"gquintard","id":3776553,"node_id":"MDQ6VXNlcjM3NzY1NTM=","avatar_url":"https://avatars.githubusercontent.com/u/3776553?v=4","gravatar_id":"","url":"https://api.github.com/users/gquintard","html_url":"https://github.com/gquintard","followers_url":"https://api.github.com/users/gquintard/followers","following_url":"https://api.github.com/users/gquintard/following{/other_user}","gists_url":"https://api.github.com/users/gquintard/gists{/gist_id}","starred_url":"https://api.github.com/users/gquintard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gquintard/subscriptions","organizations_url":"https://api.github.com/users/gquintard/orgs","repos_url":"https://api.github.com/users/gquintard/repos","events_url":"https://api.github.com/users/gquintard/events{/privacy}","received_events_url":"https://api.github.com/users/gquintard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2023-03-16T05:25:51Z","updated_at":"2023-03-17T09:03:03Z","closed_at":"2023-03-17T05:03:27Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"hi,\r\n\r\nAs I'm sure you know, some APIs have changed in Varnish 7.3, and libvmod-dynamic doesn't compile against it. I'm opening this for visibility, and I'll try to look into it this week-end if nobody beats me to it","closed_by":{"login":"gquintard","id":3776553,"node_id":"MDQ6VXNlcjM3NzY1NTM=","avatar_url":"https://avatars.githubusercontent.com/u/3776553?v=4","gravatar_id":"","url":"https://api.github.com/users/gquintard","html_url":"https://github.com/gquintard","followers_url":"https://api.github.com/users/gquintard/followers","following_url":"https://api.github.com/users/gquintard/following{/other_user}","gists_url":"https://api.github.com/users/gquintard/gists{/gist_id}","starred_url":"https://api.github.com/users/gquintard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gquintard/subscriptions","organizations_url":"https://api.github.com/users/gquintard/orgs","repos_url":"https://api.github.com/users/gquintard/repos","events_url":"https://api.github.com/users/gquintard/events{/privacy}","received_events_url":"https://api.github.com/users/gquintard/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/96/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/96/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/97","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/97/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/97/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/97/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/97","id":1628702332,"node_id":"I_kwDOBBOOTM5hFAZ8","number":97,"title":"via.vtc failing with \"Cannot assign requested address\"","user":{"login":"gquintard","id":3776553,"node_id":"MDQ6VXNlcjM3NzY1NTM=","avatar_url":"https://avatars.githubusercontent.com/u/3776553?v=4","gravatar_id":"","url":"https://api.github.com/users/gquintard","html_url":"https://github.com/gquintard","followers_url":"https://api.github.com/users/gquintard/followers","following_url":"https://api.github.com/users/gquintard/following{/other_user}","gists_url":"https://api.github.com/users/gquintard/gists{/gist_id}","starred_url":"https://api.github.com/users/gquintard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gquintard/subscriptions","organizations_url":"https://api.github.com/users/gquintard/orgs","repos_url":"https://api.github.com/users/gquintard/repos","events_url":"https://api.github.com/users/gquintard/events{/privacy}","received_events_url":"https://api.github.com/users/gquintard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2023-03-17T05:10:25Z","updated_at":"2023-06-29T14:51:33Z","closed_at":"2023-06-29T14:51:32Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"stumbled onto this when trying to build https://github.com/varnish/docker-varnish/blob/master/fresh/debian/Dockerfile\r\n\r\ncould it be that\r\n```\r\nshell \"getent hosts localhost www.localhost img.localhost || true\"\r\n```\r\nshould actually be\r\n```\r\nfeature cmd \"getent hosts localhost www.localhost img.localhost || true\"\r\n```\r\n?\r\n\r\n```\r\nFAIL: tests/via\r\n===============\r\n\r\n**** dT    0.000\r\n*    top   TEST ./tests/via.vtc starting\r\n**** top   extmacro def pkg_version=7.3.0\r\n**** top   extmacro def pkg_branch=7.3\r\n**** top   extmacro def pwd=/tmp/module_to_build/src\r\n**** top   extmacro def date(...)\r\n**** top   extmacro def string(...)\r\n**** top   extmacro def vmod_dynamic=dynamic from \"/tmp/module_to_build/src/.libs/libvmod_dynamic.so\"\r\n**** top   extmacro def localhost=127.0.0.1\r\n**** top   extmacro def bad_backend=127.0.0.1:37455\r\n**** top   extmacro def listen_addr=127.0.0.1:0\r\n**** top   extmacro def bad_ip=192.0.2.255\r\n**** top   macro def testdir=/tmp/module_to_build/src/./tests\r\n**** top   macro def tmpdir=/tmp/vtc.31252.7c6136c4\r\n**   top   === varnishtest \"via\"\r\n*    top   VTEST via\r\n**   top   === shell \"getent hosts localhost www.localhost img.localhost ||...\r\n**** top   shell_cmd|exec 2>&1 ; getent hosts localhost www.localhost img.localhost || true\r\n**** dT    0.213\r\n**** top   shell_out|::1             localhost ip6-localhost ip6-loopback\r\n**** top   shell_status = 0x0000\r\n**   top   === server s1 {\r\n**   s1    Starting server\r\n**** s1    macro def s1_addr=127.0.0.1\r\n**** s1    macro def s1_port=41173\r\n**** s1    macro def s1_sock=127.0.0.1:41173\r\n*    s1    Listen on 127.0.0.1:41173\r\n**   top   === varnish v2 -proto PROXY -vcl {\r\n**   s1    Started on 127.0.0.1:41173 (1 iterations)\r\n**** dT    0.216\r\n**   v2    Launch\r\n***  v2    CMD: cd ${pwd} && exec varnishd  -d -n /tmp/vtc.31252.7c6136c4/v2 -i v2 -p debug=+vcl_keep -p debug=+vmod_so_keep -p debug=+vsm_keep -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -a '127.0.0.1:0',PROXY -M '127.0.0.1 45329' -P /tmp/vtc.31252.7c6136c4/v2/varnishd.pid \r\n***  v2    CMD: cd /tmp/module_to_build/src && exec varnishd  -d -n /tmp/vtc.31252.7c6136c4/v2 -i v2 -p debug=+vcl_keep -p debug=+vmod_so_keep -p debug=+vsm_keep -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -a '127.0.0.1:0',PROXY -M '127.0.0.1 45329' -P /tmp/vtc.31252.7c6136c4/v2/varnishd.pid \r\n***  v2    PID: 31281\r\n**** v2    macro def v2_pid=31281\r\n**** v2    macro def v2_name=/tmp/vtc.31252.7c6136c4/v2\r\n**** dT    0.226\r\n***  v2    debug|Debug: Version: varnish-7.3.0 revision 84d79120b6d17b11819a663a93160743f293e63f\r\n***  v2    debug|Debug: Platform: Linux,6.1.11-arch1-1,x86_64,-junix,-sdefault,-sdefault,-hcritbit\r\n***  v2    debug|200 315     \r\n***  v2    debug|-----------------------------\r\n***  v2    debug|Varnish Cache CLI 1.0\r\n***  v2    debug|-----------------------------\r\n***  v2    debug|Linux,6.1.11-arch1-1,x86_64,-junix,-sdefault,-sdefault,-hcritbit\r\n***  v2    debug|varnish-7.3.0 revision 84d79120b6d17b11819a663a93160743f293e63f\r\n***  v2    debug|\r\n***  v2    debug|Type 'help' for command list.\r\n***  v2    debug|Type 'quit' to close CLI session.\r\n***  v2    debug|Type 'start' to launch worker process.\r\n***  v2    debug|\r\n**** dT    0.325\r\n**** v2    CLIPOLL 1 0x1 0x0 0x0\r\n***  v2    CLI connection fd = 7\r\n***  v2    CLI RX  107\r\n**** v2    CLI RX|tpbjefitubonnjbuqolncwowdyrfjdyh\r\n**** v2    CLI RX|\r\n**** v2    CLI RX|Authentication required.\r\n**** v2    CLI TX|auth d37955cd96eb9ec6ae08fedc09e18c6ffcf62bd5fbc1526bc3ef40c651cb3a9b\r\n**** dT    0.326\r\n***  v2    CLI RX  200\r\n**** v2    CLI RX|-----------------------------\r\n**** v2    CLI RX|Varnish Cache CLI 1.0\r\n**** v2    CLI RX|-----------------------------\r\n**** v2    CLI RX|Linux,6.1.11-arch1-1,x86_64,-junix,-sdefault,-sdefault,-hcritbit\r\n**** v2    CLI RX|varnish-7.3.0 revision 84d79120b6d17b11819a663a93160743f293e63f\r\n**** v2    CLI RX|\r\n**** v2    CLI RX|Type 'help' for command list.\r\n**** v2    CLI RX|Type 'quit' to close CLI session.\r\n**** v2    CLI RX|Type 'start' to launch worker process.\r\n**** v2    CLI TX|vcl.inline vcl1 << %XJEIFLH|)Xspa8P\r\n**** v2    CLI TX|vcl 4.1;\r\n**** v2    CLI TX|\r\n**** v2    CLI TX|\\timport dynamic from \"/tmp/module_to_build/src/.libs/libvmod_dynamic.so\";\r\n**** v2    CLI TX|\\timport std;\r\n**** v2    CLI TX|\\timport proxy;\r\n**** v2    CLI TX|\r\n**** v2    CLI TX|\\tbackend dummy { .host = \"127.0.0.1:37455\"; }\r\n**** v2    CLI TX|\r\n**** v2    CLI TX|\\tsub vcl_init {\r\n**** v2    CLI TX|\\t\\tnew d1 = dynamic.director();\r\n**** v2    CLI TX|\\t}\r\n**** v2    CLI TX|\r\n**** v2    CLI TX|\\tsub vcl_recv {\r\n**** v2    CLI TX|\\t\\tset req.backend_hint = d1.backend(server.ip,\r\n**** v2    CLI TX|\\t\\t    std.port(server.ip));\r\n**** v2    CLI TX|\\t\\tset req.http.Authority = proxy.authority();\r\n**** v2    CLI TX|\r\n**** v2    CLI TX|\\t\\treturn (pass);\r\n**** v2    CLI TX|\\t}\r\n**** v2    CLI TX|\r\n**** v2    CLI TX|\\tsub vcl_deliver {\r\n**** v2    CLI TX|\\t\\tset resp.http.Authority = req.http.Authority;\r\n**** v2    CLI TX|\\t}\r\n**** v2    CLI TX|\r\n**** v2    CLI TX|%XJEIFLH|)Xspa8P\r\n**** dT    0.426\r\n***  v2    vsl|No VSL chunk found (child not started ?)\r\n**** dT    0.526\r\n***  v2    vsl|No VSL chunk found (child not started ?)\r\n**** dT    0.606\r\n***  v2    CLI RX  200\r\n**** v2    CLI RX|VCL compiled.\r\n**** v2    CLI TX|vcl.use vcl1\r\n***  v2    CLI RX  200\r\n**** v2    CLI RX|VCL 'vcl1' now active\r\n**   v2    Start\r\n**** v2    CLI TX|start\r\n**** dT    0.626\r\n***  v2    vsl|No VSL chunk found (child not started ?)\r\n**** dT    0.649\r\n***  v2    debug|Debug: Child (31370) Started\r\n**** dT    0.673\r\n***  v2    debug|Child launched OK\r\n**** dT    0.678\r\n***  v2    debug|Info: Child (31370) said Child starts\r\n***  v2    CLI RX  200\r\n***  v2    wait-running\r\n**** v2    CLI TX|status\r\n**** dT    0.721\r\n***  v2    CLI RX  200\r\n**** v2    CLI RX|Child in state running\r\n**** v2    CLI TX|debug.listen_address\r\n**** dT    0.727\r\n**** v2    vsl|          0 CLI             - Rd vcl.load \"vcl1\" vcl_vcl1.1679028965.187541/vgc.so 1auto\r\n**** v2    vsl|          0 CLI             - Wr 200 52 Loaded \"vcl_vcl1.1679028965.187541/vgc.so\" as \"vcl1\"\r\n**** v2    vsl|          0 CLI             - Rd vcl.use \"vcl1\"\r\n**** v2    vsl|          0 CLI             - Wr 200 0 \r\n**** v2    vsl|          0 CLI             - Rd start\r\n**** v2    vsl|          0 Debug           - sockopt: Setting SO_LINGER for a0=127.0.0.1:35713\r\n**** v2    vsl|          0 Debug           - sockopt: Setting SO_KEEPALIVE for a0=127.0.0.1:35713\r\n**** v2    vsl|          0 Debug           - sockopt: Setting SO_SNDTIMEO for a0=127.0.0.1:35713\r\n**** v2    vsl|          0 Debug           - sockopt: Setting SO_RCVTIMEO for a0=127.0.0.1:35713\r\n**** v2    vsl|          0 Debug           - sockopt: Setting TCP_NODELAY for a0=127.0.0.1:35713\r\n**** v2    vsl|          0 Debug           - sockopt: Setting TCP_KEEPIDLE for a0=127.0.0.1:35713\r\n**** v2    vsl|          0 Debug           - sockopt: Setting TCP_KEEPCNT for a0=127.0.0.1:35713\r\n**** v2    vsl|          0 Debug           - sockopt: Setting TCP_KEEPINTVL for a0=127.0.0.1:35713\r\n**** v2    vsl|          0 CLI             - Wr 200 0 \r\n**** dT    0.764\r\n***  v2    CLI RX  200\r\n**** v2    CLI RX|a0 127.0.0.1 35713\r\n**** v2    CLI TX|debug.xid 1000\r\n**** dT    0.811\r\n***  v2    CLI RX  200\r\n**** v2    CLI RX|XID is 1000 chunk 1\r\n**** v2    CLI TX|debug.listen_address\r\n**** dT    0.827\r\n**** v2    vsl|          0 CLI             - Rd debug.listen_address \r\n**** v2    vsl|          0 CLI             - Wr 200 19 a0 127.0.0.1 35713\r\n\r\n**** v2    vsl|          0 CLI             - Rd debug.xid 1000 \r\n**** v2    vsl|          0 CLI             - Wr 200 19 XID is 1000 chunk 1\r\n**** dT    0.854\r\n***  v2    CLI RX  200\r\n**** v2    CLI RX|a0 127.0.0.1 35713\r\n**   v2    Listen on 127.0.0.1 35713\r\n**** v2    macro def v2_addr=127.0.0.1\r\n**** v2    macro def v2_port=35713\r\n**** v2    macro def v2_sock=127.0.0.1:35713\r\n**** v2    macro def v2_a0_addr=127.0.0.1\r\n**** v2    macro def v2_a0_port=35713\r\n**** v2    macro def v2_a0_sock=127.0.0.1:35713\r\n**   top   === varnish v1 -vcl {\r\n**** dT    0.857\r\n**   v1    Launch\r\n***  v1    CMD: cd ${pwd} && exec varnishd  -d -n /tmp/vtc.31252.7c6136c4/v1 -i v1 -p debug=+vcl_keep -p debug=+vmod_so_keep -p debug=+vsm_keep -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -a '127.0.0.1:0' -M '127.0.0.1 33113' -P /tmp/vtc.31252.7c6136c4/v1/varnishd.pid \r\n***  v1    CMD: cd /tmp/module_to_build/src && exec varnishd  -d -n /tmp/vtc.31252.7c6136c4/v1 -i v1 -p debug=+vcl_keep -p debug=+vmod_so_keep -p debug=+vsm_keep -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -a '127.0.0.1:0' -M '127.0.0.1 33113' -P /tmp/vtc.31252.7c6136c4/v1/varnishd.pid \r\n***  v1    PID: 31413\r\n**** v1    macro def v1_pid=31413\r\n**** v1    macro def v1_name=/tmp/vtc.31252.7c6136c4/v1\r\n**** dT    0.866\r\n***  v1    debug|Debug: Version: varnish-7.3.0 revision 84d79120b6d17b11819a663a93160743f293e63f\r\n***  v1    debug|Debug: Platform: Linux,6.1.11-arch1-1,x86_64,-junix,-sdefault,-sdefault,-hcritbit\r\n***  v1    debug|200 315     \r\n***  v1    debug|-----------------------------\r\n***  v1    debug|Varnish Cache CLI 1.0\r\n***  v1    debug|-----------------------------\r\n***  v1    debug|Linux,6.1.11-arch1-1,x86_64,-junix,-sdefault,-sdefault,-hcritbit\r\n***  v1    debug|varnish-7.3.0 revision 84d79120b6d17b11819a663a93160743f293e63f\r\n***  v1    debug|\r\n***  v1    debug|Type 'help' for command list.\r\n***  v1    debug|Type 'quit' to close CLI session.\r\n***  v1    debug|Type 'start' to launch worker process.\r\n***  v1    debug|\r\n**** dT    0.927\r\n**** v2    vsl|          0 CLI             - Rd debug.listen_address \r\n**** v2    vsl|          0 CLI             - Wr 200 19 a0 127.0.0.1 35713\r\n\r\n**** dT    0.966\r\n**** v1    CLIPOLL 1 0x1 0x0 0x0\r\n***  v1    CLI connection fd = 18\r\n***  v1    CLI RX  107\r\n**** v1    CLI RX|sivrodaptpqwhiockdagcddondbmlnoq\r\n**** v1    CLI RX|\r\n**** v1    CLI RX|Authentication required.\r\n**** v1    CLI TX|auth d2c2d189e19fd9551e2913d49c42111c030d1fc301821431c9802913b9bf5307\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|-----------------------------\r\n**** v1    CLI RX|Varnish Cache CLI 1.0\r\n**** v1    CLI RX|-----------------------------\r\n**** v1    CLI RX|Linux,6.1.11-arch1-1,x86_64,-junix,-sdefault,-sdefault,-hcritbit\r\n**** v1    CLI RX|varnish-7.3.0 revision 84d79120b6d17b11819a663a93160743f293e63f\r\n**** v1    CLI RX|\r\n**** v1    CLI RX|Type 'help' for command list.\r\n**** v1    CLI RX|Type 'quit' to close CLI session.\r\n**** v1    CLI RX|Type 'start' to launch worker process.\r\n**** dT    0.967\r\n**** v1    CLI TX|vcl.inline vcl1 << %XJEIFLH|)Xspa8P\r\n**** v1    CLI TX|vcl 4.1;\r\n**** v1    CLI TX|\r\n**** v1    CLI TX|\\timport dynamic from \"/tmp/module_to_build/src/.libs/libvmod_dynamic.so\";\r\n**** v1    CLI TX|\r\n**** v1    CLI TX|\\tbackend v2 { .host = \"127.0.0.1\"; .port = \"35713\"; }\r\n**** v1    CLI TX|\r\n**** v1    CLI TX|\\tsub vcl_init {\r\n**** v1    CLI TX|\\t\\tnew d1 = dynamic.director(\r\n**** v1    CLI TX|\\t\\t    port = \"41173\",\r\n**** v1    CLI TX|\\t\\t    via = v2);\r\n**** v1    CLI TX|\\t}\r\n**** v1    CLI TX|\r\n**** v1    CLI TX|\\tsub vcl_recv {\r\n**** v1    CLI TX|\\t\\tset req.backend_hint = d1.backend(\"localhost\");\r\n**** v1    CLI TX|\\t}\r\n**** v1    CLI TX|\r\n**** v1    CLI TX|\\tsub vcl_backend_error {\r\n**** v1    CLI TX|\\t\\t# the director may resolve ::1 first\r\n**** v1    CLI TX|\\t\\treturn (retry);\r\n**** v1    CLI TX|\\t}\r\n**** v1    CLI TX|\r\n**** v1    CLI TX|%XJEIFLH|)Xspa8P\r\n**** dT    1.067\r\n***  v1    vsl|No VSL chunk found (child not started ?)\r\n**** dT    1.167\r\n***  v1    vsl|No VSL chunk found (child not started ?)\r\n**** dT    1.228\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|VCL compiled.\r\n**** v1    CLI TX|vcl.use vcl1\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|VCL 'vcl1' now active\r\n**   v1    Start\r\n**** v1    CLI TX|start\r\n**** dT    1.267\r\n***  v1    vsl|No VSL chunk found (child not started ?)\r\n**** dT    1.272\r\n***  v1    debug|Debug: Child (31486) Started\r\n**** dT    1.297\r\n***  v1    debug|Child launched OK\r\n**** dT    1.301\r\n***  v1    CLI RX  200\r\n***  v1    debug|Info: Child (31486) said Child starts\r\n***  v1    wait-running\r\n**** v1    CLI TX|status\r\n**** dT    1.344\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|Child in state running\r\n**** v1    CLI TX|debug.listen_address\r\n**** dT    1.367\r\n**** v1    vsl|          0 CLI             - Rd vcl.load \"vcl1\" vcl_vcl1.1679028965.828132/vgc.so 1auto\r\n**** v1    vsl|          0 CLI             - Wr 200 52 Loaded \"vcl_vcl1.1679028965.828132/vgc.so\" as \"vcl1\"\r\n**** v1    vsl|          0 CLI             - Rd vcl.use \"vcl1\"\r\n**** v1    vsl|          0 CLI             - Wr 200 0 \r\n**** v1    vsl|          0 CLI             - Rd start\r\n**** v1    vsl|          0 Debug           - sockopt: Setting SO_LINGER for a0=127.0.0.1:44415\r\n**** v1    vsl|          0 Debug           - sockopt: Setting SO_KEEPALIVE for a0=127.0.0.1:44415\r\n**** v1    vsl|          0 Debug           - sockopt: Setting SO_SNDTIMEO for a0=127.0.0.1:44415\r\n**** v1    vsl|          0 Debug           - sockopt: Setting SO_RCVTIMEO for a0=127.0.0.1:44415\r\n**** v1    vsl|          0 Debug           - sockopt: Setting TCP_NODELAY for a0=127.0.0.1:44415\r\n**** v1    vsl|          0 Debug           - sockopt: Setting TCP_KEEPIDLE for a0=127.0.0.1:44415\r\n**** v1    vsl|          0 Debug           - sockopt: Setting TCP_KEEPCNT for a0=127.0.0.1:44415\r\n**** v1    vsl|          0 Debug           - sockopt: Setting TCP_KEEPINTVL for a0=127.0.0.1:44415\r\n**** v1    vsl|          0 CLI             - Wr 200 0 \r\n**** dT    1.391\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|a0 127.0.0.1 44415\r\n**** v1    CLI TX|debug.xid 1000\r\n**** dT    1.434\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|XID is 1000 chunk 1\r\n**** v1    CLI TX|debug.listen_address\r\n**** dT    1.467\r\n**** v1    vsl|          0 CLI             - Rd debug.listen_address \r\n**** v1    vsl|          0 CLI             - Wr 200 19 a0 127.0.0.1 44415\r\n\r\n**** v1    vsl|          0 CLI             - Rd debug.xid 1000 \r\n**** v1    vsl|          0 CLI             - Wr 200 19 XID is 1000 chunk 1\r\n**** dT    1.477\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|a0 127.0.0.1 44415\r\n**   v1    Listen on 127.0.0.1 44415\r\n**** v1    macro def v1_addr=127.0.0.1\r\n**** v1    macro def v1_port=44415\r\n**** v1    macro def v1_sock=127.0.0.1:44415\r\n**** v1    macro def v1_a0_addr=127.0.0.1\r\n**** v1    macro def v1_a0_port=44415\r\n**** v1    macro def v1_a0_sock=127.0.0.1:44415\r\n**   top   === client c1 {\r\n**   c1    Starting client\r\n**   c1    Waiting for client\r\n**   c1    Started on 127.0.0.1:44415 (1 iterations)\r\n***  c1    Connect to 127.0.0.1:44415\r\n***  c1    connected fd 28 from 127.0.0.1 38040 to 127.0.0.1:44415\r\n**** dT    1.478\r\n**   c1    === txreq\r\n**** c1    txreq|GET / HTTP/1.1\\r\r\n**** c1    txreq|Host: 127.0.0.1\\r\r\n**** c1    txreq|\\r\r\n**   c1    === rxresp\r\n**** dT    1.480\r\n**** c1    rxhdr|HTTP/1.1 503 Backend fetch failed\\r\r\n**** c1    rxhdr|Date: Fri, 17 Mar 2023 04:56:06 GMT\\r\r\n**** c1    rxhdr|Server: Varnish\\r\r\n**** c1    rxhdr|Content-Type: text/html; charset=utf-8\\r\r\n**** c1    rxhdr|Retry-After: 5\\r\r\n**** c1    rxhdr|X-Varnish: 1001\\r\r\n**** c1    rxhdr|Authority: localhost\\r\r\n**** c1    rxhdr|Content-Length: 281\\r\r\n**** c1    rxhdr|X-Varnish: 1001\\r\r\n**** c1    rxhdr|Age: 0\\r\r\n**** c1    rxhdr|Via: 1.1 v2 (Varnish/7.3), 1.1 v1 (Varnish/7.3)\\r\r\n**** c1    rxhdr|Connection: keep-alive\\r\r\n**** c1    rxhdr|\\r\r\n**** c1    rxhdrlen = 305\r\n**** c1    http[ 0] |HTTP/1.1\r\n**** c1    http[ 1] |503\r\n**** c1    http[ 2] |Backend fetch failed\r\n**** c1    http[ 3] |Date: Fri, 17 Mar 2023 04:56:06 GMT\r\n**** c1    http[ 4] |Server: Varnish\r\n**** c1    http[ 5] |Content-Type: text/html; charset=utf-8\r\n**** c1    http[ 6] |Retry-After: 5\r\n**** c1    http[ 7] |X-Varnish: 1001\r\n**** c1    http[ 8] |Authority: localhost\r\n**** c1    http[ 9] |Content-Length: 281\r\n**** c1    http[10] |X-Varnish: 1001\r\n**** c1    http[11] |Age: 0\r\n**** c1    http[12] |Via: 1.1 v2 (Varnish/7.3), 1.1 v1 (Varnish/7.3)\r\n**** c1    http[13] |Connection: keep-alive\r\n**** c1    c-l|<!DOCTYPE html>\r\n**** c1    c-l|<html>\r\n**** c1    c-l|  <head>\r\n**** c1    c-l|    <title>503 Backend fetch failed</title>\r\n**** c1    c-l|  </head>\r\n**** c1    c-l|  <body>\r\n**** c1    c-l|    <h1>Error 503 Backend fetch failed</h1>\r\n**** c1    c-l|    <p>Backend fetch failed</p>\r\n**** c1    c-l|    <h3>Guru Meditation:</h3>\r\n**** c1    c-l|    <p>XID: 1002</p>\r\n**** c1    c-l|    <hr>\r\n**** c1    c-l|    <p>Varnish cache server</p>\r\n**** c1    c-l|  </body>\r\n**** c1    c-l|</html>\r\n**** c1    bodylen = 281\r\n**   c1    === expect resp.status == 200\r\n---- c1    EXPECT resp.status (503) == \"200\" failed\r\n*    top   RESETTING after ./tests/via.vtc\r\n**   s1    Waiting for server (4/-1)\r\n**   v2    Wait\r\n**** v2    CLI TX|panic.show\r\n**** dT    1.524\r\n***  v2    CLI RX  300\r\n**** v2    CLI RX|Child has not panicked or panic has been cleared\r\n***  v2    debug|Info: manager stopping child\r\n***  v2    debug|Debug: Stopping Child\r\n**** dT    1.528\r\n**** v2    vsl|       1000 Begin           c sess 0 PROXY\r\n**** v2    vsl|       1000 SessOpen        c 127.0.0.1 59120 a0 127.0.0.1 35713 1679028966.339887 19\r\n**** v2    vsl|       1000 Debug           c sockopt: SO_LINGER may be inherited for a0=127.0.0.1:35713\r\n**** v2    vsl|       1000 Debug           c sockopt: SO_KEEPALIVE may be inherited for a0=127.0.0.1:35713\r\n**** v2    vsl|       1000 Debug           c sockopt: SO_SNDTIMEO may be inherited for a0=127.0.0.1:35713\r\n**** v2    vsl|       1000 Debug           c sockopt: SO_RCVTIMEO may be inherited for a0=127.0.0.1:35713\r\n**** v2    vsl|       1000 Debug           c sockopt: TCP_NODELAY may be inherited for a0=127.0.0.1:35713\r\n**** v2    vsl|       1000 Debug           c sockopt: TCP_KEEPIDLE may be inherited for a0=127.0.0.1:35713\r\n**** v2    vsl|       1000 Debug           c sockopt: TCP_KEEPCNT may be inherited for a0=127.0.0.1:35713\r\n**** v2    vsl|       1000 Debug           c sockopt: TCP_KEEPINTVL may be inherited for a0=127.0.0.1:35713\r\n**** v2    vsl|       1000 Proxy           c 2 :: 0 ::1 41173\r\n**** v2    vsl|       1000 Link            c req 1001 rxreq\r\n**** v2    vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(::1:41173) Lookup: 1679028966.340034 0.000000 0.000000\r\n**** v2    vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(::1:41173) Results: 1679028966.340130 0.000096 0.000096\r\n**** v2    vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(::1:41173) Update: 1679028966.340295 0.000261 0.000165\r\n**** v2    vsl|       1002 Begin           b bereq 1001 pass\r\n**** v2    vsl|       1002 VCL_use         b vcl1\r\n**** v2    vsl|       1002 Timestamp       b Start: 1679028966.340091 0.000000 0.000000\r\n**** v2    vsl|       1002 BereqMethod     b GET\r\n**** v2    vsl|       1002 BereqURL        b /\r\n**** v2    vsl|       1002 BereqProtocol   b HTTP/1.1\r\n**** v2    vsl|       1002 BereqHeader     b Host: 127.0.0.1\r\n**** v2    vsl|       1002 BereqHeader     b Accept-Encoding: gzip\r\n**** v2    vsl|       1002 BereqHeader     b X-Varnish: 1002\r\n**** v2    vsl|       1002 BereqHeader     b X-Forwarded-For: 127.0.0.1, ::\r\n**** v2    vsl|       1002 BereqHeader     b Via: 1.1 v1 (Varnish/7.3), 1.1 v2 (Varnish/7.3)\r\n**** v2    vsl|       1002 BereqHeader     b Authority: localhost\r\n**** v2    vsl|       1002 BereqHeader     b X-Varnish: 1002\r\n**** v2    vsl|       1002 VCL_call        b BACKEND_FETCH\r\n**** v2    vsl|       1002 VCL_return      b fetch\r\n**** v2    vsl|       1002 Timestamp       b Fetch: 1679028966.340108 0.000017 0.000017\r\n**** v2    vsl|       1002 FetchError      b backend d1(::1:41173): fail errno 99 (Cannot assign requested address)\r\n**** v2    vsl|       1002 Timestamp       b Beresp: 1679028966.340422 0.000331 0.000313\r\n**** v2    vsl|       1002 Timestamp       b Error: 1679028966.340424 0.000333 0.000002\r\n**** v2    vsl|       1002 BerespProtocol  b HTTP/1.1\r\n**** v2    vsl|       1002 BerespStatus    b 503\r\n**** v2    vsl|       1002 BerespReason    b Backend fetch failed\r\n**** v2    vsl|       1002 BerespHeader    b Date: Fri, 17 Mar 2023 04:56:06 GMT\r\n**** v2    vsl|       1002 BerespHeader    b Server: Varnish\r\n**** v2    vsl|       1002 VCL_call        b BACKEND_ERROR\r\n**** v2    vsl|       1002 BerespHeader    b Content-Type: text/html; charset=utf-8\r\n**** v2    vsl|       1002 BerespHeader    b Retry-After: 5\r\n**** v2    vsl|       1002 VCL_return      b deliver\r\n**** v2    vsl|       1002 Storage         b malloc Transient\r\n**** v2    vsl|       1002 Length          b 281\r\n**** v2    vsl|       1002 BereqAcct       b 0 0 0 0 0 0\r\n**** v2    vsl|       1002 End             b \r\n**** v2    vsl|       1001 Begin           c req 1000 rxreq\r\n**** v2    vsl|       1001 Timestamp       c Start: 1679028966.339929 0.000000 0.000000\r\n**** v2    vsl|       1001 Timestamp       c Req: 1679028966.339929 0.000000 0.000000\r\n**** v2    vsl|       1001 VCL_use         c vcl1\r\n**** v2    vsl|       1001 ReqStart        c :: 0 a0\r\n**** v2    vsl|       1001 ReqMethod       c GET\r\n**** v2    vsl|       1001 ReqURL          c /\r\n**** v2    vsl|       1001 ReqProtocol     c HTTP/1.1\r\n**** v2    vsl|       1001 ReqHeader       c Host: 127.0.0.1\r\n**** v2    vsl|       1001 ReqHeader       c X-Forwarded-For: 127.0.0.1\r\n**** v2    vsl|       1001 ReqHeader       c Via: 1.1 v1 (Varnish/7.3)\r\n**** v2    vsl|       1001 ReqHeader       c Accept-Encoding: gzip\r\n**** v2    vsl|       1001 ReqHeader       c X-Varnish: 1002\r\n**** v2    vsl|       1001 ReqUnset        c X-Forwarded-For: 127.0.0.1\r\n**** v2    vsl|       1001 ReqHeader       c X-Forwarded-For: 127.0.0.1, ::\r\n**** v2    vsl|       1001 ReqUnset        c Via: 1.1 v1 (Varnish/7.3)\r\n**** v2    vsl|       1001 ReqHeader       c Via: 1.1 v1 (Varnish/7.3), 1.1 v2 (Varnish/7.3)\r\n**** v2    vsl|       1001 VCL_call        c RECV\r\n**** v2    vsl|       1001 ReqHeader       c Authority: localhost\r\n**** v2    vsl|       1001 VCL_return      c pass\r\n**** v2    vsl|       1001 VCL_call        c HASH\r\n**** v2    vsl|       1001 VCL_return      c lookup\r\n**** v2    vsl|       1001 VCL_call        c PASS\r\n**** v2    vsl|       1001 VCL_return      c fetch\r\n**** v2    vsl|       1001 Link            c bereq 1002 pass\r\n**** v2    vsl|       1001 Timestamp       c Fetch: 1679028966.340555 0.000625 0.000625\r\n**** v2    vsl|       1001 RespProtocol    c HTTP/1.1\r\n**** v2    vsl|       1001 RespStatus      c 503\r\n**** v2    vsl|       1001 RespReason      c Backend fetch failed\r\n**** v2    vsl|       1001 RespHeader      c Date: Fri, 17 Mar 2023 04:56:06 GMT\r\n**** v2    vsl|       1001 RespHeader      c Server: Varnish\r\n**** v2    vsl|       1001 RespHeader      c Content-Type: text/html; charset=utf-8\r\n**** v2    vsl|       1001 RespHeader      c Retry-After: 5\r\n**** v2    vsl|       1001 RespHeader      c X-Varnish: 1001\r\n**** v2    vsl|       1001 RespHeader      c Age: 0\r\n**** v2    vsl|       1001 RespHeader      c Via: 1.1 v2 (Varnish/7.3)\r\n**** v2    vsl|       1001 VCL_call        c DELIVER\r\n**** v2    vsl|       1001 RespHeader      c Authority: localhost\r\n**** v2    vsl|       1001 VCL_return      c deliver\r\n**** v2    vsl|       1001 Timestamp       c Process: 1679028966.340574 0.000644 0.000018\r\n**** v2    vsl|       1001 Filters         c \r\n**** v2    vsl|       1001 RespHeader      c Content-Length: 281\r\n**** v2    vsl|       1001 RespHeader      c Connection: keep-alive\r\n**** v2    vsl|       1001 Timestamp       c Resp: 1679028966.340619 0.000689 0.000045\r\n**** v2    vsl|       1001 ReqAcct         c 130 0 130 266 281 547\r\n**** v2    vsl|       1001 End             c \r\n**** v2    vsl|          0 CLI             - EOF on CLI connection, worker stops\r\n**** dT    1.567\r\n**** v1    vsl|          0 CLI             - Rd debug.listen_address \r\n**** v1    vsl|          0 CLI             - Wr 200 19 a0 127.0.0.1 44415\r\n\r\n**** v1    vsl|       1000 Begin           c sess 0 HTTP/1\r\n**** v1    vsl|       1000 SessOpen        c 127.0.0.1 38040 a0 127.0.0.1 44415 1679028966.339009 19\r\n**** v1    vsl|       1000 Debug           c sockopt: SO_LINGER may be inherited for a0=127.0.0.1:44415\r\n**** v1    vsl|       1000 Debug           c sockopt: SO_KEEPALIVE may be inherited for a0=127.0.0.1:44415\r\n**** v1    vsl|       1000 Debug           c sockopt: SO_SNDTIMEO may be inherited for a0=127.0.0.1:44415\r\n**** v1    vsl|       1000 Debug           c sockopt: SO_RCVTIMEO may be inherited for a0=127.0.0.1:44415\r\n**** v1    vsl|       1000 Debug           c sockopt: TCP_NODELAY may be inherited for a0=127.0.0.1:44415\r\n**** v1    vsl|       1000 Debug           c sockopt: TCP_KEEPIDLE may be inherited for a0=127.0.0.1:44415\r\n**** v1    vsl|       1000 Debug           c sockopt: TCP_KEEPCNT may be inherited for a0=127.0.0.1:44415\r\n**** v1    vsl|       1000 Debug           c sockopt: TCP_KEEPINTVL may be inherited for a0=127.0.0.1:44415\r\n**** v1    vsl|       1000 Link            c req 1001 rxreq\r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(localhost:41173) Lookup: 1679028966.339141 0.000000 0.000000\r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(localhost:41173) Results: 1679028966.339372 0.000231 0.000231\r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(localhost:41173) Update: 1679028966.339616 0.000475 0.000244\r\n**** v1    vsl|       1002 Begin           b bereq 1001 fetch\r\n**** v1    vsl|       1002 VCL_use         b vcl1\r\n**** v1    vsl|       1002 Timestamp       b Start: 1679028966.339237 0.000000 0.000000\r\n**** v1    vsl|       1002 BereqMethod     b GET\r\n**** v1    vsl|       1002 BereqURL        b /\r\n**** v1    vsl|       1002 BereqProtocol   b HTTP/1.1\r\n**** v1    vsl|       1002 BereqHeader     b Host: 127.0.0.1\r\n**** v1    vsl|       1002 BereqHeader     b X-Forwarded-For: 127.0.0.1\r\n**** dT    1.568\r\n**** v1    vsl|       1002 BereqHeader     b Via: 1.1 v1 (Varnish/7.3)\r\n**** v1    vsl|       1002 BereqHeader     b Accept-Encoding: gzip\r\n**** v1    vsl|       1002 BereqHeader     b X-Varnish: 1002\r\n**** v1    vsl|       1002 VCL_call        b BACKEND_FETCH\r\n**** v1    vsl|       1002 VCL_return      b fetch\r\n**** v1    vsl|       1002 Timestamp       b Fetch: 1679028966.339257 0.000019 0.000019\r\n**** v1    vsl|       1002 Timestamp       b Connected: 1679028966.339806 0.000568 0.000549\r\n**** v1    vsl|       1002 BackendOpen     b 25 d1.localhost(::1:41173) 127.0.0.1 35713 127.0.0.1 59120 connect\r\n**** v1    vsl|       1002 Timestamp       b Bereq: 1679028966.339835 0.000597 0.000028\r\n**** v1    vsl|       1002 BerespProtocol  b HTTP/1.1\r\n**** v1    vsl|       1002 BerespStatus    b 503\r\n**** v1    vsl|       1002 BerespReason    b Backend fetch failed\r\n**** v1    vsl|       1002 BerespHeader    b Date: Fri, 17 Mar 2023 04:56:06 GMT\r\n**** v1    vsl|       1002 BerespHeader    b Server: Varnish\r\n**** v1    vsl|       1002 BerespHeader    b Content-Type: text/html; charset=utf-8\r\n**** v1    vsl|       1002 BerespHeader    b Retry-After: 5\r\n**** v1    vsl|       1002 BerespHeader    b X-Varnish: 1001\r\n**** v1    vsl|       1002 BerespHeader    b Age: 0\r\n**** v1    vsl|       1002 BerespHeader    b Via: 1.1 v2 (Varnish/7.3)\r\n**** v1    vsl|       1002 BerespHeader    b Authority: localhost\r\n**** v1    vsl|       1002 BerespHeader    b Content-Length: 281\r\n**** v1    vsl|       1002 BerespHeader    b Connection: keep-alive\r\n**** v1    vsl|       1002 Timestamp       b Beresp: 1679028966.340633 0.001396 0.000798\r\n**** v1    vsl|       1002 TTL             b RFC -1 10 0 1679028966 1679028966 1679028966 0 0 cacheable\r\n**** v1    vsl|       1002 VCL_call        b BACKEND_RESPONSE\r\n**** v1    vsl|       1002 TTL             b VCL 120 10 0 1679028966 cacheable\r\n**** v1    vsl|       1002 TTL             b VCL 120 10 0 1679028966 uncacheable\r\n**** v1    vsl|       1002 VCL_return      b deliver\r\n**** v1    vsl|       1002 Timestamp       b Process: 1679028966.340654 0.001416 0.000020\r\n**** v1    vsl|       1002 Filters         b \r\n**** v1    vsl|       1002 Storage         b malloc Transient\r\n**** v1    vsl|       1002 Fetch_Body      b 3 length stream\r\n**** v1    vsl|       1002 BackendClose    b 25 d1.localhost(::1:41173) recycle\r\n**** v1    vsl|       1002 Timestamp       b BerespBody: 1679028966.350797 0.011559 0.010143\r\n**** v1    vsl|       1002 Length          b 281\r\n**** v1    vsl|       1002 BereqAcct       b 130 0 130 266 281 547\r\n**** v1    vsl|       1002 End             b \r\n**** v1    vsl|       1001 Begin           c req 1000 rxreq\r\n**** v1    vsl|       1001 Timestamp       c Start: 1679028966.339053 0.000000 0.000000\r\n**** v1    vsl|       1001 Timestamp       c Req: 1679028966.339053 0.000000 0.000000\r\n**** v1    vsl|       1001 VCL_use         c vcl1\r\n**** v1    vsl|       1001 ReqStart        c 127.0.0.1 38040 a0\r\n**** v1    vsl|       1001 ReqMethod       c GET\r\n**** v1    vsl|       1001 ReqURL          c /\r\n**** v1    vsl|       1001 ReqProtocol     c HTTP/1.1\r\n**** v1    vsl|       1001 ReqHeader       c Host: 127.0.0.1\r\n**** v1    vsl|       1001 ReqHeader       c X-Forwarded-For: 127.0.0.1\r\n**** v1    vsl|       1001 ReqHeader       c Via: 1.1 v1 (Varnish/7.3)\r\n**** v1    vsl|       1001 VCL_call        c RECV\r\n**** v1    vsl|       1001 VCL_return      c hash\r\n**** v1    vsl|       1001 VCL_call        c HASH\r\n**** v1    vsl|       1001 VCL_return      c lookup\r\n**** v1    vsl|       1001 VCL_call        c MISS\r\n**** v1    vsl|       1001 VCL_return      c fetch\r\n**** v1    vsl|       1001 Link            c bereq 1002 fetch\r\n**** v1    vsl|       1001 Timestamp       c Fetch: 1679028966.340701 0.001648 0.001648\r\n**** v1    vsl|       1001 RespProtocol    c HTTP/1.1\r\n**** v1    vsl|       1001 RespStatus      c 503\r\n**** v1    vsl|       1001 RespReason      c Backend fetch failed\r\n**** v1    vsl|       1001 RespHeader      c Date: Fri, 17 Mar 2023 04:56:06 GMT\r\n**** v1    vsl|       1001 RespHeader      c Server: Varnish\r\n**** v1    vsl|       1001 RespHeader      c Content-Type: text/html; charset=utf-8\r\n**** v1    vsl|       1001 RespHeader      c Retry-After: 5\r\n**** v1    vsl|       1001 RespHeader      c X-Varnish: 1001\r\n**** v1    vsl|       1001 RespHeader      c Via: 1.1 v2 (Varnish/7.3)\r\n**** v1    vsl|       1001 RespHeader      c Authority: localhost\r\n**** v1    vsl|       1001 RespHeader      c Content-Length: 281\r\n**** v1    vsl|       1001 RespHeader      c X-Varnish: 1001\r\n**** v1    vsl|       1001 RespHeader      c Age: 0\r\n**** v1    vsl|       1001 RespUnset       c Via: 1.1 v2 (Varnish/7.3)\r\n**** v1    vsl|       1001 RespHeader      c Via: 1.1 v2 (Varnish/7.3), 1.1 v1 (Varnish/7.3)\r\n**** v1    vsl|       1001 VCL_call        c DELIVER\r\n**** v1    vsl|       1001 VCL_return      c deliver\r\n**** v1    vsl|       1001 Timestamp       c Process: 1679028966.340725 0.001672 0.000023\r\n**** v1    vsl|       1001 Filters         c \r\n**** v1    vsl|       1001 RespHeader      c Connection: keep-alive\r\n**** v1    vsl|       1001 Timestamp       c Resp: 1679028966.350810 0.011757 0.010085\r\n**** v1    vsl|       1001 ReqAcct         c 35 0 35 305 281 586\r\n**** v1    vsl|       1001 End             c \r\n**** dT    1.624\r\n***  v2    debug|Info: Child (31370) ended\r\n***  v2    debug|Info: Child (31370) said Child dies\r\n***  v2    debug|Debug: Child cleanup complete\r\n***  v2    debug|Info: manager dies\r\n**** dT    1.625\r\n**** v2    STDOUT EOF\r\n**** dT    1.628\r\n**   v2    WAIT4 pid=31281 status=0x0000 (user 0.259649 sys 0.048448)\r\n**   v1    Wait\r\n**** v1    CLI TX|panic.show\r\n**** dT    1.671\r\n***  v1    CLI RX  300\r\n**** v1    CLI RX|Child has not panicked or panic has been cleared\r\n***  v1    debug|Info: manager stopping child\r\n***  v1    debug|Debug: Stopping Child\r\n**** dT    1.768\r\n**** v1    vsl|          0 CLI             - EOF on CLI connection, worker stops\r\n**** dT    1.771\r\n***  v1    debug|Info: Child (31486) ended\r\n***  v1    debug|Info: Child (31486) said Child dies\r\n***  v1    debug|Debug: Child cleanup complete\r\n***  v1    debug|Info: manager dies\r\n**** dT    1.772\r\n**** v1    STDOUT EOF\r\n**** dT    1.868\r\n**   v1    WAIT4 pid=31413 status=0x0000 (user 0.236578 sys 0.053338)\r\n*    top   TEST ./tests/via.vtc FAILED\r\n#    top  TEST ./tests/via.vtc FAILED (1.869) exit=2\r\nFAIL tests/via.vtc (exit status: 2)\r\n\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/97/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/97/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/98","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/98/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/98/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/98/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/98","id":1628706525,"node_id":"PR_kwDOBBOOTM5MRmCZ","number":98,"title":"shell -> feature cmd","user":{"login":"gquintard","id":3776553,"node_id":"MDQ6VXNlcjM3NzY1NTM=","avatar_url":"https://avatars.githubusercontent.com/u/3776553?v=4","gravatar_id":"","url":"https://api.github.com/users/gquintard","html_url":"https://github.com/gquintard","followers_url":"https://api.github.com/users/gquintard/followers","following_url":"https://api.github.com/users/gquintard/following{/other_user}","gists_url":"https://api.github.com/users/gquintard/gists{/gist_id}","starred_url":"https://api.github.com/users/gquintard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gquintard/subscriptions","organizations_url":"https://api.github.com/users/gquintard/orgs","repos_url":"https://api.github.com/users/gquintard/repos","events_url":"https://api.github.com/users/gquintard/events{/privacy}","received_events_url":"https://api.github.com/users/gquintard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":5,"created_at":"2023-03-17T05:15:33Z","updated_at":"2023-03-22T00:19:21Z","closed_at":"2023-03-21T18:27:53Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/98","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/98","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/98.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/98.patch","merged_at":"2023-03-21T18:27:53Z"},"body":"hopefuly, it's the correct fix for https://github.com/nigoroll/libvmod-dynamic/issues/97","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/98/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/98/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/99","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/99/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/99/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/99/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/99","id":1733615949,"node_id":"I_kwDOBBOOTM5nVOFN","number":99,"title":"Varnish 7.3","user":{"login":"ronald-sz","id":97725423,"node_id":"U_kgDOBdMr7w","avatar_url":"https://avatars.githubusercontent.com/u/97725423?v=4","gravatar_id":"","url":"https://api.github.com/users/ronald-sz","html_url":"https://github.com/ronald-sz","followers_url":"https://api.github.com/users/ronald-sz/followers","following_url":"https://api.github.com/users/ronald-sz/following{/other_user}","gists_url":"https://api.github.com/users/ronald-sz/gists{/gist_id}","starred_url":"https://api.github.com/users/ronald-sz/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ronald-sz/subscriptions","organizations_url":"https://api.github.com/users/ronald-sz/orgs","repos_url":"https://api.github.com/users/ronald-sz/repos","events_url":"https://api.github.com/users/ronald-sz/events{/privacy}","received_events_url":"https://api.github.com/users/ronald-sz/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2023-05-31T08:04:47Z","updated_at":"2023-07-04T17:34:03Z","closed_at":"2023-07-04T17:01:09Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi Nils, \r\n\r\nis master ready for Varnish 7.3? Could you please create a branch for 7.3?\r\n\r\nAll the best,\r\nRonald","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/99/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/99/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/100","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/100/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/100/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/100/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/100","id":1799293379,"node_id":"I_kwDOBBOOTM5rPwnD","number":100,"title":"Assert error in VBP_Remove()","user":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":2228316027,"node_id":"MDU6TGFiZWwyMjI4MzE2MDI3","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/needs%20varnish-cache","name":"needs varnish-cache","color":"006b75","default":false,"description":"needs work in varnish-cache"}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2023-07-11T16:16:29Z","updated_at":"2023-07-17T13:21:14Z","closed_at":"2023-07-17T13:21:14Z","author_association":"OWNER","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Seen with ad2285bb5915ceee6949f02bdca15333bdd159d5 on varnish-cache [69fe28ffd981a3714f32faa54a4c47c6c5f1753e](https://github.com/nigoroll/varnish-cache/tree/unmerged_code_20230704_185303), which is based on 48681cc872c17d339bb6ddb47304db0685e844ba:\r\n\r\n```\r\n  0x4f0dba: /opt/varnish/sbin/varnishd() [0x4f0dba]\r\nAssert error in VBP_Remove(), cache/cache_backend_probe.c line 718:\r\n  Condition(vt->heap_idx == VBH_NOIDX) not true.\r\nversion = varnish-trunk revision 69fe28ffd981a3714f32faa54a4c47c6c5f1753e, vrt api = 17.0\r\nident = Linux,3.10.0-862.14.4.el7.x86_64,x86_64,-jnone,-smalloc,-sdefault,-hcritbit,epoll\r\nnow = 146369807.049963 (mono), 1689082818.407869 (real)\r\nBacktrace:\r\n  0x44e3c2: /opt/varnish/sbin/varnishd() [0x44e3c2]\r\n  0x44eacf: /opt/varnish/sbin/varnishd() [0x44eacf]\r\n  0x4ee962: /opt/varnish/sbin/varnishd(VAS_Fail+0x53) [0x4ee962]\r\n  0x41fb40: /opt/varnish/sbin/varnishd(VBP_Remove+0x15f) [0x41fb40]\r\n  0x41bdd7: /opt/varnish/sbin/varnishd() [0x41bdd7]\r\n  0x41bf4a: /opt/varnish/sbin/varnishd() [0x41bf4a]\r\n  0x4751d6: /opt/varnish/sbin/varnishd() [0x4751d6]\r\n  0x4752fa: /opt/varnish/sbin/varnishd() [0x4752fa]\r\n  0x4755aa: /opt/varnish/sbin/varnishd(VRT_Assign_Backend+0x12b) [0x4755aa]\r\n  0x7f9d011eaded: ./vmod_cache/_vmod_dynamic.5658350bfea26ceaa0bf26746c43cfa37683f4f5a1d373819db83c01b95cee9a(+0x6ded) [0x7f9d011eaded]\r\n  0x475421: /opt/varnish/sbin/varnishd(VRT_DelDirector+0x122) [0x475421]\r\n  0x7f9d011eaa30: ./vmod_cache/_vmod_dynamic.5658350bfea26ceaa0bf26746c43cfa37683f4f5a1d373819db83c01b95cee9a(+0x6a30) [0x7f9d011eaa30]\r\n  0x7f9d011ec527: ./vmod_cache/_vmod_dynamic.5658350bfea26ceaa0bf26746c43cfa37683f4f5a1d373819db83c01b95cee9a(vmod_event+0x437) [0x7f9d011ec527]\r\n  0x7f9d115143cd: vcl_boot.1688716416.512333/vgc.so(+0xba3cd) [0x7f9d115143cd]\r\n  0x45f67d: /opt/varnish/sbin/varnishd() [0x45f67d]\r\n  0x460b0e: /opt/varnish/sbin/varnishd() [0x460b0e]\r\n  0x461d82: /opt/varnish/sbin/varnishd() [0x461d82]\r\n  0x4f049c: /opt/varnish/sbin/varnishd() [0x4f049c]\r\n  0x4f0810: /opt/varnish/sbin/varnishd() [0x4f0810]\r\n  0x4f0dba: /opt/varnish/sbin/varnishd() [0x4f0dba]\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/100/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/100/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/101","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/101/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/101/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/101/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/101","id":1800366045,"node_id":"I_kwDOBBOOTM5rT2fd","number":101,"title":"Hang & child cli timeout/quit related to VRT_Healthy","user":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2023-07-12T07:32:02Z","updated_at":"2023-07-12T08:00:09Z","closed_at":"2023-07-12T08:00:08Z","author_association":"OWNER","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Seen with aa7919e76a3184d158a4d7f1698ad8925353d4b4 on varnish-cache [unmerged_code_20230711_235413](https://github.com/nigoroll/varnish-cache/tree/unmerged_code_20230711_235413) which is based on d99f62a9c5d4c6de492abae63510555d51a53324\r\n\r\n```\r\nPanic at: Wed, 12 Jul 2023 07:18:04 GMT\r\nWrong turn at cache/cache_main.c:375:\r\nIt's time for the big quit\r\nversion = varnish-trunk revision eb42e0a09dec02915caf6b821ff531f3d684de5b, vrt api = 17.0\r\nident = Linux,3.10.0-862.14.4.el7.x86_64,x86_64,-jnone,-smalloc,-sdefault,-hcritbit,epoll\r\nnow = 146433270.810059 (mono), 1689146282.167964 (real)\r\nBacktrace:\r\n  0x44e46c: /opt/varnish/sbin/varnishd() [0x44e46c]\r\n  0x44eb79: /opt/varnish/sbin/varnishd() [0x44eb79]\r\n  0x4eec40: /opt/varnish/sbin/varnishd(VAS_Fail+0x53) [0x4eec40]\r\n  0x448264: /opt/varnish/sbin/varnishd() [0x448264]\r\n  0x7f41e457c400: /lib64/libc.so.6(+0x36400) [0x7f41e457c400]\r\n  0x7f41e491fa33: /lib64/libpthread.so.0(pthread_cond_wait+0xc3) [0x7f41e491fa33]\r\n  0x447169: /opt/varnish/sbin/varnishd(Lck_CondWaitUntil+0x141) [0x447169]\r\n  0x446f57: /opt/varnish/sbin/varnishd(Lck_CondWait+0x27) [0x446f57]\r\n  0x7f41c358cd0c: ./vmod_cache/_vmod_dynamic.29b766e616262ab0ef9252419367ce48fbf642168ba34fc382b1742a77dac5c4(+0x7d0c) [0x7f41c358cd0c]\r\n  0x42b27b: /opt/varnish/sbin/varnishd(VRT_Healthy+0x15e) [0x42b27b]\r\n  0x7f41c4fc4591: ./vmod_cache/_vmod_directors.edab1c2b46260ba7857d12e0b786d29b78460cd930959505a67272486eac4683(+0x3591) [0x7f41c4fc4591]\r\n  0x7f41c4fc4d37: ./vmod_cache/_vmod_directors.edab1c2b46260ba7857d12e0b786d29b78460cd930959505a67272486eac4683(+0x3d37) [0x7f41c4fc4d37]\r\n  0x42b6f1: /opt/varnish/sbin/varnishd() [0x42b6f1]\r\n  0x45ff11: /opt/varnish/sbin/varnishd() [0x45ff11]\r\n  0x46017b: /opt/varnish/sbin/varnishd(VCL_IterDirector+0x23e) [0x46017b]\r\n  0x42bf2c: /opt/varnish/sbin/varnishd() [0x42bf2c]\r\n  0x4f077a: /opt/varnish/sbin/varnishd() [0x4f077a]\r\n  0x4f0aee: /opt/varnish/sbin/varnishd() [0x4f0aee]\r\n  0x4f1098: /opt/varnish/sbin/varnishd() [0x4f1098]\r\n  0x4f2183: /opt/varnish/sbin/varnishd(VCLS_Poll+0x2c6) [0x4f2183]\r\n  ```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/101/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/101/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/102","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/102/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/102/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/102/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/102","id":1801475335,"node_id":"I_kwDOBBOOTM5rYFUH","number":102,"title":"Director Layering triggers domain_timeout, consequently no backend is returned","user":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804422,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjI=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/bug","name":"bug","color":"ee0701","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2023-07-12T17:49:01Z","updated_at":"2023-07-14T13:33:39Z","closed_at":"2023-07-14T13:33:39Z","author_association":"OWNER","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"When layering a dynamic director under another director, the last use is not updated and, when the domain timeout expires, the director stops returning backends (`FetchError     Director ONTOP returned no backend` with `ONTOP` being the director having configured a dynamic domain as a backend).\r\nI guess this use case makes the whole concept of a domain timeout useless, but I'll need to ponder this for a bit.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/102/reactions","total_count":1,"+1":1,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/102/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/103","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/103/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/103/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/103/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/103","id":1820210930,"node_id":"PR_kwDOBBOOTM5WU6-n","number":103,"title":"Add resolver fallback to the null resolver (getaddrinfo)","user":{"login":"delthas","id":1863865,"node_id":"MDQ6VXNlcjE4NjM4NjU=","avatar_url":"https://avatars.githubusercontent.com/u/1863865?v=4","gravatar_id":"","url":"https://api.github.com/users/delthas","html_url":"https://github.com/delthas","followers_url":"https://api.github.com/users/delthas/followers","following_url":"https://api.github.com/users/delthas/following{/other_user}","gists_url":"https://api.github.com/users/delthas/gists{/gist_id}","starred_url":"https://api.github.com/users/delthas/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/delthas/subscriptions","organizations_url":"https://api.github.com/users/delthas/orgs","repos_url":"https://api.github.com/users/delthas/repos","events_url":"https://api.github.com/users/delthas/events{/privacy}","received_events_url":"https://api.github.com/users/delthas/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"open","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2023-07-25T12:22:05Z","updated_at":"2024-01-28T19:21:27Z","closed_at":null,"author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/103","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/103","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/103.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/103.patch","merged_at":null},"body":"This enables a best-effort, two-step resolution when a resolver is configured:\r\n- if the DNS resolver returns any domain, that record is used with its corresponding TTL\r\n- otherwise, the module tries resolving the name with the default, NULL resolver, which is just a wrapper over getaddrinfo\r\n  * if the resolution succeeds, this was likely a domain in /etc/hosts or an IP literal, which was not known by the DNS server. The associated record has no TTL value and uses the default director TTL.\r\n  * if the resolution fails, this was likely a bad domain. No records are stored and a new request is made after the default director TTL, as was done previously.\r\n\r\n-----\r\n\r\nThe patch is somewhat dumb, it just wraps the resolve logic in a loop that can iterate twice. The goal was to minimize the size of `git diff -w`.\r\n\r\nThis causes the module to log Lookup & Results & Error twice in case we do the fallback attempt, which could be a nice side-effect (we can investigate a DNS error in varnishlog but see that it still succeeded). I don't have a strong opinion about this one.\r\n\r\nFeel free to amend and merge if you'd like. Otherwise I can make changes. :smile: ","closed_by":null,"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/103/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/103/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/104","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/104/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/104/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/104/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/104","id":1913624666,"node_id":"I_kwDOBBOOTM5yD5ha","number":104,"title":"implicit declaration of function 'IS_CLI'","user":{"login":"BernardRobbins","id":959230,"node_id":"MDQ6VXNlcjk1OTIzMA==","avatar_url":"https://avatars.githubusercontent.com/u/959230?v=4","gravatar_id":"","url":"https://api.github.com/users/BernardRobbins","html_url":"https://github.com/BernardRobbins","followers_url":"https://api.github.com/users/BernardRobbins/followers","following_url":"https://api.github.com/users/BernardRobbins/following{/other_user}","gists_url":"https://api.github.com/users/BernardRobbins/gists{/gist_id}","starred_url":"https://api.github.com/users/BernardRobbins/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/BernardRobbins/subscriptions","organizations_url":"https://api.github.com/users/BernardRobbins/orgs","repos_url":"https://api.github.com/users/BernardRobbins/repos","events_url":"https://api.github.com/users/BernardRobbins/events{/privacy}","received_events_url":"https://api.github.com/users/BernardRobbins/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2023-09-26T14:19:06Z","updated_at":"2023-09-26T14:29:16Z","closed_at":"2023-09-26T14:29:16Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Compiling varnish 7.3 & libvmod-dynamic-master from source on AL2023.\r\nVarnish is running fine.\r\n\r\nRunning make gives me this error:\r\n\r\n`make[2]: Entering directory '/home/ec2-user/libvmod-dynamic-master/src'\r\n  CC       vmod_dynamic.lo\r\nvmod_dynamic.c: In function 'dom_healthy':\r\nvmod_dynamic.c:319:31: error: implicit declaration of function 'IS_CLI' [-Werror=implicit-function-declaration]\r\n  319 |                 if (retval || IS_CLI())\r\n      |                               ^~~~~~\r\ncc1: all warnings being treated as errors\r\nmake[2]: *** [Makefile:708: vmod_dynamic.lo] Error 1\r\nmake[2]: Leaving directory '/home/ec2-user/libvmod-dynamic-master/src'\r\nmake[1]: *** [Makefile:500: all-recursive] Error 1\r\nmake[1]: Leaving directory '/home/ec2-user/libvmod-dynamic-master'\r\nmake: *** [Makefile:411: all] Error 2\r\n`\r\n\r\nmake -v\r\nGNU Make 4.3\r\nBuilt for x86_64-amazon-linux-gnu\r\n\r\nvarnishd -V\r\nvarnishd (varnish-7.3.0 revision 84d79120b6d17b11819a663a93160743f293e63f)\r\n\r\ngcc -v\r\ngcc version 11.4.1 20230605 (Red Hat 11.4.1-2) (GCC)","closed_by":{"login":"BernardRobbins","id":959230,"node_id":"MDQ6VXNlcjk1OTIzMA==","avatar_url":"https://avatars.githubusercontent.com/u/959230?v=4","gravatar_id":"","url":"https://api.github.com/users/BernardRobbins","html_url":"https://github.com/BernardRobbins","followers_url":"https://api.github.com/users/BernardRobbins/followers","following_url":"https://api.github.com/users/BernardRobbins/following{/other_user}","gists_url":"https://api.github.com/users/BernardRobbins/gists{/gist_id}","starred_url":"https://api.github.com/users/BernardRobbins/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/BernardRobbins/subscriptions","organizations_url":"https://api.github.com/users/BernardRobbins/orgs","repos_url":"https://api.github.com/users/BernardRobbins/repos","events_url":"https://api.github.com/users/BernardRobbins/events{/privacy}","received_events_url":"https://api.github.com/users/BernardRobbins/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/104/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/104/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/105","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/105/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/105/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/105/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/105","id":1931814034,"node_id":"I_kwDOBBOOTM5zJSSS","number":105,"title":"assertion `(dom->status == DYNAMIC_ST_STARTING)` failing sporadically","user":{"login":"kaiburjack","id":72760888,"node_id":"MDQ6VXNlcjcyNzYwODg4","avatar_url":"https://avatars.githubusercontent.com/u/72760888?v=4","gravatar_id":"","url":"https://api.github.com/users/kaiburjack","html_url":"https://github.com/kaiburjack","followers_url":"https://api.github.com/users/kaiburjack/followers","following_url":"https://api.github.com/users/kaiburjack/following{/other_user}","gists_url":"https://api.github.com/users/kaiburjack/gists{/gist_id}","starred_url":"https://api.github.com/users/kaiburjack/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/kaiburjack/subscriptions","organizations_url":"https://api.github.com/users/kaiburjack/orgs","repos_url":"https://api.github.com/users/kaiburjack/repos","events_url":"https://api.github.com/users/kaiburjack/events{/privacy}","received_events_url":"https://api.github.com/users/kaiburjack/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2023-10-08T13:53:12Z","updated_at":"2023-10-17T09:28:29Z","closed_at":"2023-10-17T09:21:42Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"## Description\r\n\r\nWe are currently evaluating Varnish as a cache behind an ingress in our Kubernetes setup.\r\nFor this, we use the varnish:7.4.1-alpine Docker image, which also contains this libvmod-dynamic module.\r\nWe then use a very simple VCL to begin with:\r\n```\r\nvcl 4.1;\r\nimport dynamic;\r\nbackend default none;\r\nsub vcl_init {\r\n  new d = dynamic.director(port = \"80\");\r\n}\r\nsub vcl_recv {\r\n  set req.backend_hint = d.backend(req.http.host);\r\n}\r\n```\r\nAs a side-note: This is also used with an Istio service mesh, so in the end Istio will determine the actual destination IP to route to after Varnish sends the request to the supposed `req.http.host` backend based on the HTTP Host/Authority header.\r\n\r\nSo far so good. Everything works well but occasionally we see this assertion failing:\r\nhttps://github.com/nigoroll/libvmod-dynamic/blob/master/src/vmod_dynamic.c#L788\r\n\r\nThis does not happen very often (only about 1 or 2 times a day), but it does happen and I wonder, why.\r\n\r\n## Initial analysis\r\n\r\nLooking at the code, the function where this assertion fails is the entrypoint function for a pthread spawned by https://github.com/nigoroll/libvmod-dynamic/blob/master/src/vmod_dynamic.c#L1012 .\r\n\r\nBefore the thread is spawned, the `dom->status` is set to the asserted `DYNAMIC_ST_STARTING;`.\r\n\r\nAnd both the writing and reading of `dom->status` are covered by a lock/mutex.\r\nAnd there is definitely a happens-before relation between the code setting `dom->status = DYNAMIC_ST_STARTING;` and the pthread function seeing the value of `dom->status`.\r\n*However* there is no guarantee that another event in `dom_event` might not set a _different_ value for `dom->status` after the processing of the `VCL_EVENT_WARM` event and the effective start of the pthread function in a separately spawned thread. Could there be maybe a `VCL_EVENT_COLD` event fired right after the `VCL_EVENT_WARM` which would set `dom->status` again to a different value, making the assertion then fail?\r\n\r\nComing to think of the actual assertion `dom->status == DYNAMIC_ST_STARTING`: What is being asserted there and why?\r\nBecause the while loop directly afterwards will also check if the condition for whether the thread should run is still true `while (dom->status <= DYNAMIC_ST_ACTIVE) {` and I think this would also cover the check of `status == DYNAMIC_ST_STARTING`, since `DYNAMIC_ST_STARTING <= DYNAMIC_ST_ACTIVE` would be true as well.\r\n\r\n## stdout/stderr output of Varnish\r\n\r\nThe following are what Varnish's container will output to stdout/stderr when the assertion fails and the child process is killed and restarted:\r\n```\r\nError: Child (254) died signal=6\r\nError: Child (254) Panic at: Sat, 07 Oct 2023 22:15:50 GMT\r\nAssert error in dom_lookup_thread(), vmod_dynamic.c line 788:\r\n  Condition(dom->status == DYNAMIC_ST_STARTING) not true.\r\nversion = varnish-7.4.1 revision d5a5aa9cc879320840ca467ddbb7df0f99c9ba0f, vrt api = 18.0\r\nident = Linux,5.15.120+,x86_64,-jnone,-smalloc,-sdefault,-hcritbit,epoll\r\nnow = 1659349.487516 (mono), 1696716950.705925 (real)\r\nBacktrace:\r\n  ip=0x5ccdac571cdf sp=0x7b10d72ae240\r\n  ip=0x5ccdac5d089b sp=0x7b10d72ae390\r\n  ip=0x7b10d75e061c sp=0x7b10d72ae3d0 <dom_lookup_thread+0x140c>\r\n  ip=0x7b10dde66285 sp=0x7b10d72aeac0 <pthread_exit+0x277>\r\nargv = {\r\n  [0] = \\\"varnishd\\\",\r\n  [1] = \\\"-F\\\",\r\n  [2] = \\\"-f\\\",\r\n  [3] = \\\"/etc/varnish/default.vcl\\\",\r\n  [4] = \\\"-a\\\",\r\n  [5] = \\\"http=:8080,HTTP\\\",\r\n  [6] = \\\"-a\\\",\r\n  [7] = \\\"proxy=:8443,PROXY\\\",\r\n  [8] = \\\"-p\\\",\r\n  [9] = \\\"feature=+http2\\\",\r\n  [10] = \\\"-s\\\",\r\n  [11] = \\\"malloc,1073741824\\\",\r\n  [12] = \\\"-n\\\",\r\n  [13] = \\\"/tmp/varnish_workdir\\\",\r\n  [14] = \\\"-t\\\",\r\n  [15] = \\\"5s\\\",\r\n  [16] = \\\"-p\\\",\r\n  [17] = \\\"default_grace=10s\\\",\r\n  [18] = \\\"-p\\\",\r\n  [19] = \\\"default_keep=0s\\\",\r\n}\r\npthread.self = 0x7b10d72aeb38\r\npthread.attr = {\r\n  guard = 8192,\r\n  stack_bottom = 0x7b10d728e000,\r\n  stack_top = 0x7b10d72aeb08,\r\n  stack_size = 133896,\r\n}\r\nthr.req = NULL\r\nthr.busyobj = NULL\r\nthr.worker = NULL\r\nvmods = {\r\n  std = {0x7b10d858cbc0, Varnish 7.4.1 d5a5aa9cc879320840ca467ddbb7df0f99c9ba0f, 0.0},\r\n  dynamic = {0x7b10d858cc30, Varnish 7.4.1 d5a5aa9cc879320840ca467ddbb7df0f99c9ba0f, 18.0},\r\n  basicauth = {0x7b10d858cca0, Varnish 7.4.1 d5a5aa9cc879320840ca467ddbb7df0f99c9ba0f, 0.0},\r\n},\r\npools = {\r\n  pool = 0x7b10d8c68c20 {\r\n    nidle = 93,\r\n    nthr = 100,\r\n    lqueue = 0\r\n  },\r\n  pool = 0x7b10d8c68d50 {\r\n    nidle = 96,\r\n    nthr = 100,\r\n    lqueue = 0\r\n  },\r\n},\r\n\r\n\r\nDebug: Child cleanup complete\r\nDebug: Child (480) Started\r\nChild launched OK\r\nInfo: Child (480) said Child starts\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/105/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/105/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/106","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/106/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/106/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/106/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/106","id":2057031869,"node_id":"I_kwDOBBOOTM56m9C9","number":106,"title":"Varnish 7.4","user":{"login":"ronald-sz","id":97725423,"node_id":"U_kgDOBdMr7w","avatar_url":"https://avatars.githubusercontent.com/u/97725423?v=4","gravatar_id":"","url":"https://api.github.com/users/ronald-sz","html_url":"https://github.com/ronald-sz","followers_url":"https://api.github.com/users/ronald-sz/followers","following_url":"https://api.github.com/users/ronald-sz/following{/other_user}","gists_url":"https://api.github.com/users/ronald-sz/gists{/gist_id}","starred_url":"https://api.github.com/users/ronald-sz/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ronald-sz/subscriptions","organizations_url":"https://api.github.com/users/ronald-sz/orgs","repos_url":"https://api.github.com/users/ronald-sz/repos","events_url":"https://api.github.com/users/ronald-sz/events{/privacy}","received_events_url":"https://api.github.com/users/ronald-sz/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2023-12-27T07:44:20Z","updated_at":"2024-01-28T19:19:35Z","closed_at":"2024-01-09T15:37:31Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi Nils,\r\n\r\nis master ready for Varnish 7.4? Could you please create a branch for 7.4?\r\n\r\nThank you and all the best,\r\nRonald","closed_by":{"login":"ronald-sz","id":97725423,"node_id":"U_kgDOBdMr7w","avatar_url":"https://avatars.githubusercontent.com/u/97725423?v=4","gravatar_id":"","url":"https://api.github.com/users/ronald-sz","html_url":"https://github.com/ronald-sz","followers_url":"https://api.github.com/users/ronald-sz/followers","following_url":"https://api.github.com/users/ronald-sz/following{/other_user}","gists_url":"https://api.github.com/users/ronald-sz/gists{/gist_id}","starred_url":"https://api.github.com/users/ronald-sz/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ronald-sz/subscriptions","organizations_url":"https://api.github.com/users/ronald-sz/orgs","repos_url":"https://api.github.com/users/ronald-sz/repos","events_url":"https://api.github.com/users/ronald-sz/events{/privacy}","received_events_url":"https://api.github.com/users/ronald-sz/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/106/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/106/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/107","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/107/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/107/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/107/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/107","id":2067347632,"node_id":"I_kwDOBBOOTM57OTiw","number":107,"title":"Assert error in dom_release(): Condition((dom->thread) == 0) not true","user":{"login":"delthas","id":1863865,"node_id":"MDQ6VXNlcjE4NjM4NjU=","avatar_url":"https://avatars.githubusercontent.com/u/1863865?v=4","gravatar_id":"","url":"https://api.github.com/users/delthas","html_url":"https://github.com/delthas","followers_url":"https://api.github.com/users/delthas/followers","following_url":"https://api.github.com/users/delthas/following{/other_user}","gists_url":"https://api.github.com/users/delthas/gists{/gist_id}","starred_url":"https://api.github.com/users/delthas/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/delthas/subscriptions","organizations_url":"https://api.github.com/users/delthas/orgs","repos_url":"https://api.github.com/users/delthas/repos","events_url":"https://api.github.com/users/delthas/events{/privacy}","received_events_url":"https://api.github.com/users/delthas/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":5,"created_at":"2024-01-05T13:24:41Z","updated_at":"2024-01-05T20:55:40Z","closed_at":"2024-01-05T20:54:53Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi,\r\n\r\n*(Following our discussion on IRC, I'm opening an issue.)*\r\n\r\nI got a panic in libvmod-dynamic after reloading Varnish (varnishreload, so loading a new VCL, using it, and discarding an older one), running https://github.com/nigoroll/libvmod-dynamic/commit/2d51da74680e849c8411bcd6d85cd53c149b3052 against Varnish 7.3.0.\r\n\r\nLooks like the panic is caused when handling a VCL_EVENT_COLD event, when releasing a dynamic director.\r\n\r\nPanic annotated with some locations:\r\n```\r\nAssert error in dom_release(), vmod_dynamic.c line 952:\r\n  Condition((dom->thread) == 0) not true.\r\nBacktrace:\r\n  0x5609d924f872: /usr/sbin/varnishd(+0x5b872) [0x5609d924f872] -> pan_ic\r\n  0x5609d92cc745: /usr/sbin/varnishd(VAS_Fail+0x45) [0x5609d92cc745]\r\n  0x7564a4065fe2: ./vmod_cache/_vmod_dynamic.29b766e616262ab0ef9252419367ce48fbf642168ba34fc382b1742a77dac5c4(+0x4fe2) [0x7564a4065fe2] -> (dom_destroy ?) -> dom_release\r\n  0x5609d927186a: /usr/sbin/varnishd(+0x7d86a) [0x5609d927186a] -> vcldir_deref\r\n  0x7564a40662fa: ./vmod_cache/_vmod_dynamic.29b766e616262ab0ef9252419367ce48fbf642168ba34fc382b1742a77dac5c4(+0x52fa) [0x7564a40662fa] (? guessed from the code) dynamic_stop -> dynamic_gc_expired -> dom_free -> VRT_DelDirector\r\n  0x7564a4069156: ./vmod_cache/_vmod_dynamic.29b766e616262ab0ef9252419367ce48fbf642168ba34fc382b1742a77dac5c4(vmod_event+0x176) [0x7564a4069156] -> vmod_event (VCL_EVENT_COLD)\r\n  0x754e303bc5b5: vcl_reload_20231121_143229_2498323.1700577149.771996/vgc.so(+0x305b5) [0x754e303bc5b5]\r\n  0x5609d925fd71: /usr/sbin/varnishd(+0x6bd71) [0x5609d925fd71] -> vcl_send_event (VCL_EVENT_COLD)\r\n  0x5609d926027d: /usr/sbin/varnishd(+0x6c27d) [0x5609d926027d] -> vcl_set_state (0)\r\n  0x5609d9261fb8: /usr/sbin/varnishd(VCL_Poll+0xe8) [0x5609d9261fb8] -> VCL_Poll\r\n```\r\n\r\nAccording to our discussion on IRC; this could have been solved by https://github.com/nigoroll/libvmod-dynamic/commit/b54c48849a0ffb940f87d641c0b13584cb21540e, but I'm running a version after that commit.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/107/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/107/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/108","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/108/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/108/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/108/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/108","id":2072231214,"node_id":"I_kwDOBBOOTM57g70u","number":108,"title":"Assert: Dynamic Backends can only be added to warm VCLs","user":{"login":"delthas","id":1863865,"node_id":"MDQ6VXNlcjE4NjM4NjU=","avatar_url":"https://avatars.githubusercontent.com/u/1863865?v=4","gravatar_id":"","url":"https://api.github.com/users/delthas","html_url":"https://github.com/delthas","followers_url":"https://api.github.com/users/delthas/followers","following_url":"https://api.github.com/users/delthas/following{/other_user}","gists_url":"https://api.github.com/users/delthas/gists{/gist_id}","starred_url":"https://api.github.com/users/delthas/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/delthas/subscriptions","organizations_url":"https://api.github.com/users/delthas/orgs","repos_url":"https://api.github.com/users/delthas/repos","events_url":"https://api.github.com/users/delthas/events{/privacy}","received_events_url":"https://api.github.com/users/delthas/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":4,"created_at":"2024-01-09T11:58:02Z","updated_at":"2024-05-27T10:40:50Z","closed_at":"2024-01-28T19:13:16Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I got the following panic in production:\r\n```\r\nWrong turn at cache/cache_vrt_vcl.c:224:\r\nDynamic Backends can only be added to warm VCLs\r\nBacktrace:\r\n  0x557c3b6a7872: /usr/sbin/varnishd(+0x5b872) [0x557c3b6a7872]\r\n  0x557c3b724745: /usr/sbin/varnishd(VAS_Fail+0x45) [0x557c3b724745]\r\n  0x557c3b6cb1e1: /usr/sbin/varnishd(VRT_AddDirector+0x3d1) [0x557c3b6cb1e1]\r\n  0x557c3b67c023: /usr/sbin/varnishd(VRT_new_backend_clustered+0x4c3) [0x557c3b67c023]\r\n  0x7fc4469918b8: ./vmod_cache/_vmod_dynamic.29b766e616262ab0ef9252419367ce48fbf642168ba34fc382b1742a77dac5c4(+0x68b8) [0x7fc4469918b8]\r\n  0x7fc45f817064: /lib/x86_64-linux-gnu/libpthread.so.0(+0x8064) [0x7fc45f817064]\r\n  0x7fc45f54c62d: /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7fc45f54c62d]\r\n```\r\nCall stack is probably: dom_lookup_thread -> dom_update -> ref_add -> VRT_new_backend -> VRT_new_backend_clustered -> VRT_AddDirector\r\n\r\nCould there possibly be a race condition between the lookup thread that could take a while to look up DNS records, then try to insert the new backends while the VCL was unloaded/set to cooling?\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/108/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/108/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/109","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/109/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/109/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/109/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/109","id":2082315931,"node_id":"I_kwDOBBOOTM58HZ6b","number":109,"title":"Assert error in ref_del(): Condition((r->dir) != NULL) not true","user":{"login":"delthas","id":1863865,"node_id":"MDQ6VXNlcjE4NjM4NjU=","avatar_url":"https://avatars.githubusercontent.com/u/1863865?v=4","gravatar_id":"","url":"https://api.github.com/users/delthas","html_url":"https://github.com/delthas","followers_url":"https://api.github.com/users/delthas/followers","following_url":"https://api.github.com/users/delthas/following{/other_user}","gists_url":"https://api.github.com/users/delthas/gists{/gist_id}","starred_url":"https://api.github.com/users/delthas/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/delthas/subscriptions","organizations_url":"https://api.github.com/users/delthas/orgs","repos_url":"https://api.github.com/users/delthas/repos","events_url":"https://api.github.com/users/delthas/events{/privacy}","received_events_url":"https://api.github.com/users/delthas/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":5,"created_at":"2024-01-15T16:03:07Z","updated_at":"2024-01-26T17:20:14Z","closed_at":"2024-01-26T17:14:29Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I found an assert with a simple minimum working example.\r\n\r\nRunning against Varnish 7.4.2, against libvmod-dynamic master.\r\n\r\n```\r\nAssert error in ref_del(), vmod_dynamic.c line 427:\r\n  Condition((r->dir) != NULL) not true.\r\nBacktrace:\r\n  ip=0x5555555c669e sp=0x7fffffffba20 <pan_ic+0x34e>\r\n  ip=0x5555556966b5 sp=0x7fffffffbbb0 <VAS_Fail+0x55>\r\n  ip=0x7fffeab0dad7 sp=0x7fffffffbc00 <ref_del+0x1b7>\r\n  ip=0x7fffeab0e120 sp=0x7fffffffbc20 <dom_destroy+0xa0>\r\n  ip=0x5555556023fa sp=0x7fffffffbc50 <vcldir_retire+0x22a>\r\n  ip=0x5555555fd863 sp=0x7fffffffbc70 <vcldir_deref+0x163>\r\n  ip=0x5555555fda2e sp=0x7fffffffbc90 <VRT_Assign_Backend+0x1be>\r\n  ip=0x7fffeaa958ac sp=0x7fffffffbcc0 <vdir_release+0xbc>\r\n  ip=0x7fffeaa98435 sp=0x7fffffffbce0 <vmod_fallback_release+0x135>\r\n  ip=0x5555555fd67c sp=0x7fffffffbd00 <VRT_DelDirector+0x19c>\r\n  ip=0x7fffeaa97a5a sp=0x7fffffffbd30 <vmod_fallback__fini+0xfa>\r\n  ip=0x7fffeaa8c3bf sp=0x7fffffffbd50 <VGC_function_vcl_synth+0x45f>\r\n  ip=0x5555555e15ad sp=0x7fffffffbd70 <vcl_send_event+0x51d>\r\n  ip=0x5555555e082f sp=0x7fffffffbdd0 <VCL_Poll+0x3bf>\r\n  ip=0x5555555e2db3 sp=0x7fffffffbe10 <vcl_cli_discard+0x3d3>\r\n  ip=0x55555569b18c sp=0x7fffffffbe50 <cls_dispatch+0x22c>\r\n  ip=0x55555569ad67 sp=0x7fffffffbe80 <cls_exec+0x3c7>\r\n  ip=0x555555699ad9 sp=0x7fffffffbee0 <cls_feed+0x589>\r\n  ip=0x5555556994bf sp=0x7fffffffbf50 <VCLS_Poll+0x3bf>\r\n  ip=0x555555592704 sp=0x7fffffffdfb0 <CLI_Run+0xf4>\r\n  ip=0x5555555c07ac sp=0x7fffffffdfe0 <child_main+0x42c>\r\n  ip=0x5555556330e9 sp=0x7fffffffe040 <mgt_launch_child+0x6b9>\r\n  ip=0x555555632a01 sp=0x7fffffffe0c0 <MCH_Start_Child+0x11>\r\n  ip=0x55555563aa60 sp=0x7fffffffe0e0 <main+0x1a40>\r\n  ip=0x7ffff7958cd0 sp=0x7fffffffe320 <__libc_init_first+0x90>\r\n  ip=0x7ffff7958d8a sp=0x7fffffffe3c0 <__libc_start_main+0x8a>\r\n  ip=0x55555557ded5 sp=0x7fffffffe410 <_start+0x25>\r\n```\r\n\r\nThis happens when discarding a VCL.\r\n\r\n---\r\n\r\nTo reproduce, here's a failing VTC (timeout, but the process actually crashes)\r\n\r\n```\r\nvarnishtest \"reload\"\r\n\r\nshell {\r\n\tcat >${tmpdir}/f1 <<-EOF\r\n\tvcl 4.1;\r\n\timport ${vmod_dynamic};\r\n\timport directors;\r\n\r\n\tbackend none none;\r\n\r\n\tsub vcl_init {\r\n\t\tnew dir = directors.fallback();\r\n\t\tnew res = dynamic.resolver();\r\n\t\tnew dyn = dynamic.director(resolver = res.use());\r\n\t\tdir.add_backend(dyn.backend(host={\"example.com\"}, port={\"80\"}) );\r\n\t}\r\n\tEOF\r\n}\r\n\r\nvarnish v1 -cliok \"vcl.load vcl1 ${tmpdir}/f1\"\r\nvarnish v1 -cliok \"vcl.use vcl1\"\r\nvarnish v1 -cliok \"start\"\r\n\r\nvarnish v1 -cliok \"vcl.load vcl2 ${tmpdir}/f1\"\r\nvarnish v1 -cliok \"vcl.use vcl2\"\r\nvarnish v1 -cliok \"vcl.discard vcl1\"\r\n\r\nvarnish v1 -cliok \"vcl.load vcl3 ${tmpdir}/f1\"\r\nvarnish v1 -cliok \"vcl.use vcl3\"\r\nvarnish v1 -cliok \"vcl.discard vcl2\"\r\n\r\nvarnish v1 -cliok \"vcl.load vcl4 ${tmpdir}/f1\"\r\nvarnish v1 -cliok \"vcl.use vcl4\"\r\nvarnish v1 -cliok \"vcl.discard vcl3\"\r\n\r\nvarnish v1 -cliok \"vcl.load vcl5 ${tmpdir}/f1\"\r\nvarnish v1 -cliok \"vcl.use vcl5\"\r\nvarnish v1 -cliok \"vcl.discard vcl4\"\r\n```\r\n\r\n---\r\n\r\nYou can't see the panic when using the VTC, so I'm instead doing:\r\n\r\ncrash.vcl:\r\n```\r\nvcl 4.1;\r\nimport dynamic from \".../libvmod-dynamic/src/.libs/libvmod_dynamic.so\";\r\nimport directors;\r\n\r\nbackend proforma none;\r\n\r\nsub vcl_init {\r\n                new dir = directors.fallback();\r\n                new res = dynamic.resolver();\r\n                new dyn = dynamic.director(resolver = res.use());\r\n                dir.add_backend(dyn.backend(host={\"example.com\"}, port={\"80\"}) );\r\n}\r\n```\r\n\r\nreload.sh:\r\n```\r\n#!/bin/bash\r\nvarnishadm vcl.load v1 crash.vcl\r\nvarnishadm vcl.use v1\r\nvarnishadm vcl.discard boot\r\nfor i in $(seq 2 100); do\r\nvarnishadm vcl.load v$i crash.vcl\r\nvarnishadm vcl.use v$i\r\nvarnishadm vcl.discard v$((i-1))\r\nsleep 0.1\r\ndone\r\n```\r\n\r\n```\r\nvarnishd -F -j none -p \"debug=+vmod_so_keep\" -a :12333 -f crash.vcl\r\nreload.sh\r\n```\r\n\r\nAnd with this I can systematically reproduce the panic and get the trace.\r\n\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/109/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/109/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/110","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/110/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/110/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/110/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/110","id":2106304036,"node_id":"I_kwDOBBOOTM59i6Yk","number":110,"title":"deadlock between lookup thread / VRT_AddDirector() and VDI_Event(..., VCL_EVENT_COLD)","user":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":6,"created_at":"2024-01-29T19:56:19Z","updated_at":"2024-02-05T23:46:49Z","closed_at":"2024-02-05T23:46:49Z","author_association":"OWNER","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"@delthas reported another issue based on a test case which I could have looked at in more detail earlier (I did not because I did not want to use `example.com`, but I really should have):\r\n\r\n(I have slightly modified the test case - @delthas, do you agree to add it?)\r\n\r\n```\r\nvarnishtest \"Reloading after creating backend in init\"\r\n\r\nfeature cmd \"getent hosts example.com\"\r\n\r\n# contributed by delthas, added with minor modifications\r\n\r\nshell {\r\n\tcat >${tmpdir}/f1 <<-EOF\r\n\tvcl 4.1;\r\n\timport ${vmod_dynamic};\r\n\timport directors;\r\n\r\n\tbackend none none;\r\n\r\n\tsub vcl_init {\r\n\t\tnew dir = directors.fallback();\r\n\t\tnew res = dynamic.resolver();\r\n\t\tnew dyn = dynamic.director(domain_usage_timeout = 0.1s, resolver = res.use());\r\n\t\tdir.add_backend(dyn.backend(host={\"example.com\"}, port={\"80\"}) );\r\n\t}\r\n\tEOF\r\n}\r\n\r\nvarnish v1 -cliok \"vcl.load vcl1 ${tmpdir}/f1\"\r\nvarnish v1 -cliok \"vcl.use vcl1\"\r\nvarnish v1 -cliok \"start\"\r\n\r\nvarnish v1 -cliok \"vcl.load vcl2 ${tmpdir}/f1\"\r\nvarnish v1 -cliok \"vcl.use vcl2\"\r\nvarnish v1 -cliok \"vcl.discard vcl1\"\r\n```\r\n\r\nthe issue here is that `VDI_Event(..., VCL_EVENT_COLD)` waits for the lookup threads to finish while holding the `vcl_mtx`, which prevents the lookup threads to ... finish:\r\n\r\n```c\r\n#5  0x00007fa9c72b0e76 in dom_event (dir=<optimized out>, ev=<optimized out>) at vmod_dynamic.c:1041\r\n#6  0x000055d6f1c1e84d in VDI_Event (d=0x7fa9c6e1e7d0, ev=VCL_EVENT_COLD) at cache/cache_director.c:277\r\n#7  0x000055d6f1c61bfc in vcl_BackendEvent (vcl=0x7fa9c6e451e0, e=VCL_EVENT_COLD) at cache/cache_vcl.c:449\r\n#8  0x000055d6f1c61068 in vcl_set_state (vcl=0x7fa9c6e451e0, state=0x7fa9c6e28390 \"0cold\", msg=0x7ffc69699e08) at cache/cache_vcl.c:597\r\n#9  0x000055d6f1c62905 in vcl_cli_state (cli=0x7fa9c6ed29d0, av=0x7fa9c6e2c580, priv=0x0) at cache/cache_vcl.c:861\r\n#10 0x000055d6f1d11f22 in cls_dispatch (cli=0x7fa9c6ed29d0, cs=0x7fa9c6e22b30, av=0x7fa9c6e2c580, ac=3) at vcli_serve.c:273\r\n#11 0x000055d6f1d11a0d in cls_exec (cfd=0x7fa9c6ed29a0, av=0x7fa9c6e2c580, ac=3) at vcli_serve.c:324\r\n#12 0x000055d6f1d108a6 in cls_feed (cfd=0x7fa9c6ed29a0, p=0x7ffc69699f94 \"\\n2.1706557731.695251/vgc.so 1auto\\no\\nloneTable\", \r\n    e=0x7ffc69699f95 \"2.1706557731.695251/vgc.so 1auto\\no\\nloneTable\") at vcli_serve.c:412\r\n#13 0x000055d6f1d1036a in VCLS_Poll (cs=0x7fa9c6e22b30, cli=0x7fa9c6ed29d0, timeout=-1) at vcli_serve.c:617\r\n#14 0x000055d6f1c18c12 in CLI_Run () at cache/cache_cli.c:110\r\n```\r\n\r\n```c\r\n#4  0x000055d6f1c40ca4 in Lck__Lock (lck=0x55d6f1db57f8 <vcl_mtx>, p=0x55d6f1d45aec \"VRT_AddDirector\", l=212) at cache/cache_lck.c:124\r\n#5  0x000055d6f1c7bfd3 in VRT_AddDirector (ctx=0x7fa9bbd7df90, m=0x55d6f1da7260 <vbe_methods_noprobe>, priv=0x7fa9ba821780, \r\n    fmt=0x55d6f1d42f7f \"%s\") at cache/cache_vrt_vcl.c:212\r\n#6  0x000055d6f1c09c4d in VRT_new_backend_clustered (ctx=0x7fa9bbd7df90, vc=0x0, vrt=0x7fa9bbd7deb0, via=0x0)\r\n    at cache/cache_backend.c:737\r\n#7  0x000055d6f1c0a632 in VRT_new_backend (ctx=0x7fa9bbd7df90, vrt=0x7fa9bbd7deb0, via=0x0) at cache/cache_backend.c:755\r\n#8  0x00007fa9c72b24b4 in ref_add (r=0x7fa9ba827720, ctx=0x7fa9bbd7df90) at vmod_dynamic.c:617\r\n#9  dom_update (now=1706557732.7551613, priv=<optimized out>, res=0x7fa9c72c2ba0 <res_getdns>, dom=0x7fa9c6e44100)\r\n    at vmod_dynamic.c:728\r\n#10 dom_lookup_thread (priv=0x7fa9c6e44100) at vmod_dynamic.c:819\r\n#11 0x00007fa9c77c9044 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442\r\n#12 0x00007fa9c784961c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81\r\n```\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/110/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/110/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/111","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/111/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/111/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/111/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/111","id":2138443008,"node_id":"I_kwDOBBOOTM5_dg0A","number":111,"title":"unit test issues tests/service/basic","user":{"login":"halittiryaki","id":29786283,"node_id":"MDQ6VXNlcjI5Nzg2Mjgz","avatar_url":"https://avatars.githubusercontent.com/u/29786283?v=4","gravatar_id":"","url":"https://api.github.com/users/halittiryaki","html_url":"https://github.com/halittiryaki","followers_url":"https://api.github.com/users/halittiryaki/followers","following_url":"https://api.github.com/users/halittiryaki/following{/other_user}","gists_url":"https://api.github.com/users/halittiryaki/gists{/gist_id}","starred_url":"https://api.github.com/users/halittiryaki/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/halittiryaki/subscriptions","organizations_url":"https://api.github.com/users/halittiryaki/orgs","repos_url":"https://api.github.com/users/halittiryaki/repos","events_url":"https://api.github.com/users/halittiryaki/events{/privacy}","received_events_url":"https://api.github.com/users/halittiryaki/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2024-02-16T11:49:12Z","updated_at":"2024-02-17T20:51:46Z","closed_at":"2024-02-17T20:51:46Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"tests/service/basic always fails. any ideas why?\r\n\r\nhere is the log output:\r\n\r\n```\r\n113.2 FAIL: tests/service/basic\r\n113.2 =========================\r\n113.2 \r\n113.2 **** dT    0.000\r\n113.2 *    top   TEST ./tests/service/basic.vtc starting\r\n113.2 **** top   extmacro def pkg_version=7.4.2\r\n113.2 **** top   extmacro def pkg_branch=7.4\r\n113.2 **** top   extmacro def pwd=/usr/src/libvmod-dynamic/src\r\n113.2 **** top   extmacro def date(...)\r\n113.2 **** top   extmacro def string(...)\r\n113.2 **** top   extmacro def vmod_dynamic=dynamic from \"/usr/src/libvmod-dynamic/src/.libs/libvmod_dynamic.so\"\r\n113.2 **** top   extmacro def localhost=127.0.0.1\r\n113.2 **** top   extmacro def bad_backend=127.0.0.1:34783\r\n113.2 **** top   extmacro def listen_addr=127.0.0.1:0\r\n113.2 **** top   extmacro def bad_ip=192.0.2.255\r\n113.2 **** top   macro def testdir=/usr/src/libvmod-dynamic/src/./tests/service\r\n113.2 **** top   macro def tmpdir=/tmp/vtc.6616.0c8774d2\r\n113.2 **** top   macro def vtcid=vtc.6616.0c8774d2\r\n113.2 **   top   === varnishtest \"service smoke test\"\r\n113.2 *    top   VTEST service smoke test\r\n113.2 **   top   === feature cmd {dig @b.root-servers.net. a.root-servers.net. >/...\r\n113.2 **** dT    0.162\r\n113.2 **   top   === varnish v1 -vcl {\r\n113.2 **** dT    0.163\r\n113.2 **   v1    Launch\r\n113.2 ***  v1    CMD: cd ${pwd} && exec varnishd  -d -n /tmp/vtc.6616.0c8774d2/v1 -i v1 -p debug=+vcl_keep -p debug=+vmod_so_keep -p debug=+vsm_keep -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug,+H2RxHdr,+H2RxBody -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -a '127.0.0.1:0' -M '127.0.0.1 32961' -P /tmp/vtc.6616.0c8774d2/v1/varnishd.pid \r\n113.2 ***  v1    CMD: cd /usr/src/libvmod-dynamic/src && exec varnishd  -d -n /tmp/vtc.6616.0c8774d2/v1 -i v1 -p debug=+vcl_keep -p debug=+vmod_so_keep -p debug=+vsm_keep -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug,+H2RxHdr,+H2RxBody -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -a '127.0.0.1:0' -M '127.0.0.1 32961' -P /tmp/vtc.6616.0c8774d2/v1/varnishd.pid \r\n113.2 ***  v1    PID: 6625\r\n113.2 **** v1    macro def v1_pid=6625\r\n113.2 **** v1    macro def v1_name=/tmp/vtc.6616.0c8774d2/v1\r\n113.2 **** dT    0.170\r\n113.2 ***  v1    debug|Debug: Version: varnish-7.4.2 revision cd1d10ab53a6f6115b2b4f3b2a1da94c1f749f80\r\n113.2 ***  v1    debug|Debug: Platform: Linux,6.1.21.2-microsoft-standard-WSL2+,x86_64,-jnone,-sdefault,-sdefault,-hcritbit\r\n113.2 ***  v1    debug|200 334     \r\n113.2 ***  v1    debug|-----------------------------\r\n113.2 ***  v1    debug|Varnish Cache CLI 1.0\r\n113.2 ***  v1    debug|-----------------------------\r\n113.2 ***  v1    debug|Linux,6.1.21.2-microsoft-standard-WSL2+,x86_64,-jnone,-sdefault,-sdefault,-hcritbit\r\n113.2 ***  v1    debug|varnish-7.4.2 revision cd1d10ab53a6f6115b2b4f3b2a1da94c1f749f80\r\n113.2 ***  v1    debug|\r\n113.2 ***  v1    debug|Type 'help' for command list.\r\n113.2 ***  v1    debug|Type 'quit' to close CLI session.\r\n113.2 ***  v1    debug|Type 'start' to launch worker process.\r\n113.2 ***  v1    debug|\r\n113.2 **** dT    0.270\r\n113.2 **** v1    CLIPOLL 1 0x1 0x0 0x0\r\n113.2 ***  v1    CLI connection fd = 5\r\n113.2 ***  v1    CLI RX  107\r\n113.2 **** v1    CLI RX|drotryltqdjwwoecnnqazieftftfdooh\r\n113.2 **** v1    CLI RX|\r\n113.2 **** v1    CLI RX|Authentication required.\r\n113.2 **** v1    CLI TX|auth b5df73e06088d59c977725d021704506e8320db5b28ea9b8bd8dd729867e78c6\r\n113.2 ***  v1    CLI RX  200\r\n113.2 **** v1    CLI RX|-----------------------------\r\n113.2 **** v1    CLI RX|Varnish Cache CLI 1.0\r\n113.2 **** v1    CLI RX|-----------------------------\r\n113.2 **** v1    CLI RX|Linux,6.1.21.2-microsoft-standard-WSL2+,x86_64,-jnone,-sdefault,-sdefault,-hcritbit\r\n113.2 **** v1    CLI RX|varnish-7.4.2 revision cd1d10ab53a6f6115b2b4f3b2a1da94c1f749f80\r\n113.2 **** v1    CLI RX|\r\n113.2 **** v1    CLI RX|Type 'help' for command list.\r\n113.2 **** v1    CLI RX|Type 'quit' to close CLI session.\r\n113.2 **** v1    CLI RX|Type 'start' to launch worker process.\r\n113.2 **** v1    CLI TX|vcl.inline vcl1 << %XJEIFLH|)Xspa8P\r\n113.2 **** v1    CLI TX|vcl 4.1;\r\n113.2 **** v1    CLI TX|\r\n113.2 **** v1    CLI TX|\\timport dynamic from \"/usr/src/libvmod-dynamic/src/.libs/libvmod_dynamic.so\";\r\n113.2 **** v1    CLI TX|\r\n113.2 **** v1    CLI TX|\\tbackend proforma none;\r\n113.2 **** v1    CLI TX|\r\n113.2 **** v1    CLI TX|\\tsub vcl_init {\r\n113.2 **** v1    CLI TX|\\t\\tnew r1 = dynamic.resolver();\r\n113.2 **** v1    CLI TX|\\t\\tnew d1 = dynamic.director(\r\n113.2 **** v1    CLI TX|\\t\\t    resolver = r1.use());\r\n113.2 **** v1    CLI TX|\\t\\td1.debug(true);\r\n113.2 **** v1    CLI TX|\\t}\r\n113.2 **** v1    CLI TX|\r\n113.2 **** v1    CLI TX|\\tsub vcl_recv {\r\n113.2 **** v1    CLI TX|\\t\\tset req.backend_hint =\r\n113.2 **** v1    CLI TX|\\t\\t    d1.service(\"_test._tcp.vmod-dynamic.uplex.de\");\r\n113.2 **** v1    CLI TX|\\t\\tset req.http.Host = \"varnish-cache.org\";\r\n113.2 **** v1    CLI TX|\\t}\r\n113.2 **** v1    CLI TX|\r\n113.2 **** v1    CLI TX|\\tsub vcl_backend_fetch {\r\n113.2 **** v1    CLI TX|\\t\\tset bereq.first_byte_timeout = 1s;\r\n113.2 **** v1    CLI TX|\\t\\tset bereq.connect_timeout = 1s;\r\n113.2 **** v1    CLI TX|\\t}\r\n113.2 **** v1    CLI TX|\r\n113.2 **** v1    CLI TX|\\tsub vcl_backend_response {\r\n113.2 **** v1    CLI TX|\\t\\tset beresp.http.backend = beresp.backend;\r\n113.2 **** v1    CLI TX|\\t}\r\n113.2 **** v1    CLI TX|\r\n113.2 **** v1    CLI TX|\\tsub vcl_backend_error {\r\n113.2 **** v1    CLI TX|\\t\\tset beresp.http.backend = beresp.backend;\r\n113.2 **** v1    CLI TX|\\t}\r\n113.2 **** v1    CLI TX|\r\n113.2 **** v1    CLI TX|%XJEIFLH|)Xspa8P\r\n113.2 **** dT    0.371\r\n113.2 ***  v1    vsl|No VSL chunk found (child not started ?)\r\n113.2 **** dT    0.471\r\n113.2 ***  v1    vsl|No VSL chunk found (child not started ?)\r\n113.2 **** dT    0.571\r\n113.2 ***  v1    vsl|No VSL chunk found (child not started ?)\r\n113.2 **** dT    0.662\r\n113.2 ***  v1    CLI RX  200\r\n113.2 **** v1    CLI RX|VCL compiled.\r\n113.2 **** v1    CLI TX|vcl.use vcl1\r\n113.2 **** dT    0.663\r\n113.2 ***  v1    CLI RX  200\r\n113.2 **** v1    CLI RX|VCL 'vcl1' now active\r\n113.2 **   v1    Start\r\n113.2 **** v1    CLI TX|start\r\n113.2 **** dT    0.671\r\n113.2 ***  v1    vsl|No VSL chunk found (child not started ?)\r\n113.2 **** dT    0.706\r\n113.2 ***  v1    debug|Debug: Child (6639) Started\r\n113.2 **** dT    0.730\r\n113.2 ***  v1    debug|Child launched OK\r\n113.2 **** dT    0.736\r\n113.2 ***  v1    CLI RX  200\r\n113.2 ***  v1    debug|Info: Child (6639) said Child starts\r\n113.2 ***  v1    wait-running\r\n113.2 **** v1    CLI TX|status\r\n113.2 **** dT    0.772\r\n113.2 **** v1    vsl|          0 CLI             - Rd vcl.load \"vcl1\" vcl_vcl1.1708082841.201980/vgc.so 1auto\r\n113.2 **** v1    vsl|          0 CLI             - Wr 200 52 Loaded \"vcl_vcl1.1708082841.201980/vgc.so\" as \"vcl1\"\r\n113.2 **** v1    vsl|          0 CLI             - Rd vcl.use \"vcl1\"\r\n113.2 **** v1    vsl|          0 CLI             - Wr 200 0 \r\n113.2 **** v1    vsl|          0 CLI             - Rd start\r\n113.2 **** v1    vsl|          0 Debug           - sockopt: Setting SO_LINGER for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|          0 Debug           - sockopt: Setting SO_KEEPALIVE for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|          0 Debug           - sockopt: Setting SO_SNDTIMEO for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|          0 Debug           - sockopt: Setting SO_RCVTIMEO for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|          0 Debug           - sockopt: Setting TCP_NODELAY for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|          0 Debug           - sockopt: Setting TCP_KEEPIDLE for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|          0 Debug           - sockopt: Setting TCP_KEEPCNT for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|          0 Debug           - sockopt: Setting TCP_KEEPINTVL for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|          0 CLI             - Wr 200 0 \r\n113.2 **** dT    0.785\r\n113.2 ***  v1    CLI RX  200\r\n113.2 **** v1    CLI RX|Child in state running\r\n113.2 **** v1    CLI TX|debug.listen_address\r\n113.2 **** dT    0.835\r\n113.2 ***  v1    CLI RX  200\r\n113.2 **** v1    CLI RX|a0 127.0.0.1 38125\r\n113.2 **** v1    CLI TX|debug.xid 1000\r\n113.2 **** dT    0.872\r\n113.2 **** v1    vsl|          0 CLI             - Rd debug.listen_address \r\n113.2 **** v1    vsl|          0 CLI             - Wr 200 19 a0 127.0.0.1 38125\r\n113.2 \r\n113.2 **** dT    0.885\r\n113.2 ***  v1    CLI RX  200\r\n113.2 **** v1    CLI RX|XID is 1000 chunk 1\r\n113.2 **** v1    CLI TX|debug.listen_address\r\n113.2 **** dT    0.935\r\n113.2 ***  v1    CLI RX  200\r\n113.2 **** v1    CLI RX|a0 127.0.0.1 38125\r\n113.2 **   v1    Listen on 127.0.0.1 38125\r\n113.2 **** v1    macro def v1_addr=127.0.0.1\r\n113.2 **** v1    macro def v1_port=38125\r\n113.2 **** v1    macro def v1_sock=127.0.0.1:38125\r\n113.2 **** v1    macro def v1_a0_addr=127.0.0.1\r\n113.2 **** v1    macro def v1_a0_port=38125\r\n113.2 **** v1    macro def v1_a0_sock=127.0.0.1:38125\r\n113.2 **   top   === varnish v1 -cli \"backend.list\"\r\n113.2 **** v1    CLI TX|backend.list\r\n113.2 **** dT    0.972\r\n113.2 **** v1    vsl|          0 CLI             - Rd debug.xid 1000 \r\n113.2 **** v1    vsl|          0 CLI             - Wr 200 19 XID is 1000 chunk 1\r\n113.2 **** v1    vsl|          0 CLI             - Rd debug.listen_address \r\n113.2 **** v1    vsl|          0 CLI             - Wr 200 19 a0 127.0.0.1 38125\r\n113.2 \r\n113.2 **** dT    0.985\r\n113.2 ***  v1    CLI RX  200\r\n113.2 **** v1    CLI RX|Backend name   Admin    Probe    Health    Last change\r\n113.2 **   v1    CLI 200 <backend.list>\r\n113.2 **   top   === client c1 {\r\n113.2 **   c1    Starting client\r\n113.2 **   c1    Waiting for client\r\n113.2 **   c1    Started on 127.0.0.1:38125 (1 iterations)\r\n113.2 ***  c1    Connect to 127.0.0.1:38125\r\n113.2 ***  c1    connected fd 15 from 127.0.0.1 55250 to 127.0.0.1:38125\r\n113.2 **   c1    === txreq\r\n113.2 **** c1    txreq|GET / HTTP/1.1\\r\r\n113.2 **** c1    txreq|Host: 127.0.0.1\\r\r\n113.2 **** c1    txreq|User-Agent: c1\\r\r\n113.2 **** c1    txreq|\\r\r\n113.2 **   c1    === rxresp\r\n113.2 **** dT    0.992\r\n113.2 **** c1    rxhdrlen = 0\r\n113.2 ---- c1    HTTP header is incomplete\r\n113.2 *    top   RESETTING after ./tests/service/basic.vtc\r\n113.2 **   v1    Wait\r\n113.2 **** v1    CLI TX|panic.show\r\n113.2 ***  v1    debug|Error: Child (6639) died signal=11\r\n113.2 **** dT    0.993\r\n113.2 ***  v1    debug|Debug: Child cleanup complete\r\n113.2 **** dT    1.035\r\n113.2 ***  v1    CLI RX  300\r\n113.2 **** v1    CLI RX|Child has not panicked or panic has been cleared\r\n113.2 ***  v1    debug|Info: manager stopping child\r\n113.2 ***  v1    debug|Info: manager dies\r\n113.2 **** dT    1.038\r\n113.2 **** v1    STDOUT EOF\r\n113.2 **** dT    1.072\r\n113.2 **** v1    vsl|          0 CLI             - Rd backend.list \r\n113.2 **** v1    vsl|          0 CLI             - Wr 200 55 Backend name   Admin    Probe    Health    Last change\r\n113.2 \r\n113.2 **** v1    vsl|       1000 Begin           c sess 0 HTTP/1\r\n113.2 **** v1    vsl|       1000 SessOpen        c 127.0.0.1 55250 a0 127.0.0.1 38125 1708082841.917190 22\r\n113.2 **** v1    vsl|       1000 Debug           c sockopt: SO_LINGER may be inherited for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|       1000 Debug           c sockopt: SO_KEEPALIVE may be inherited for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|       1000 Debug           c sockopt: SO_SNDTIMEO may be inherited for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|       1000 Debug           c sockopt: SO_RCVTIMEO may be inherited for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|       1000 Debug           c sockopt: TCP_NODELAY may be inherited for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|       1000 Debug           c sockopt: TCP_KEEPIDLE may be inherited for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|       1000 Debug           c sockopt: TCP_KEEPCNT may be inherited for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|       1000 Debug           c sockopt: TCP_KEEPINTVL may be inherited for a0=127.0.0.1:38125\r\n113.2 **** v1    vsl|       1000 Link            c req 1001 rxreq\r\n113.2 **** v1    vsl|          0 Debug           - vmod-dynamic vcl1 d1 _test._tcp.vmod-dynamic.uplex.de event 1\r\n113.2 **** v1    vsl|          0 Debug           - vmod-dynamic vcl1 d1 _test._tcp.vmod-dynamic.uplex.de event 1\r\n113.2 **** v1    vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(srv _test._tcp.vmod-dynamic.uplex.de) Lookup: 1708082841.917460 0.000000 0.000000\r\n113.2 **** v1    vsl|          0 Debug           - vmod-dynamic vcl1 d1 _test._tcp.vmod-dynamic.uplex.de wait-active\r\n113.2 **   v1    WAIT4 pid=6625 status=0x4000 (user 0.332437 sys 0.094343)\r\n113.2 *    v1    Expected exit: 0x0 signal: 0 core: 0\r\n113.2 ---- v1    Bad exit status: 0x4000 exit 0x40 signal 0 core 0\r\n113.2 *    top   failure during reset\r\n113.2 #    top  TEST ./tests/service/basic.vtc FAILED (1.073) exit=2\r\n113.2 FAIL tests/service/basic.vtc (exit status: 2)\r\n```","closed_by":{"login":"halittiryaki","id":29786283,"node_id":"MDQ6VXNlcjI5Nzg2Mjgz","avatar_url":"https://avatars.githubusercontent.com/u/29786283?v=4","gravatar_id":"","url":"https://api.github.com/users/halittiryaki","html_url":"https://github.com/halittiryaki","followers_url":"https://api.github.com/users/halittiryaki/followers","following_url":"https://api.github.com/users/halittiryaki/following{/other_user}","gists_url":"https://api.github.com/users/halittiryaki/gists{/gist_id}","starred_url":"https://api.github.com/users/halittiryaki/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/halittiryaki/subscriptions","organizations_url":"https://api.github.com/users/halittiryaki/orgs","repos_url":"https://api.github.com/users/halittiryaki/repos","events_url":"https://api.github.com/users/halittiryaki/events{/privacy}","received_events_url":"https://api.github.com/users/halittiryaki/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/111/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/111/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/112","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/112/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/112/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/112/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/112","id":2149582378,"node_id":"I_kwDOBBOOTM6AIAYq","number":112,"title":"Use after free in layer_reolad.vtc from Debug messages","user":{"login":"stevendore","id":19986241,"node_id":"MDQ6VXNlcjE5OTg2MjQx","avatar_url":"https://avatars.githubusercontent.com/u/19986241?v=4","gravatar_id":"","url":"https://api.github.com/users/stevendore","html_url":"https://github.com/stevendore","followers_url":"https://api.github.com/users/stevendore/followers","following_url":"https://api.github.com/users/stevendore/following{/other_user}","gists_url":"https://api.github.com/users/stevendore/gists{/gist_id}","starred_url":"https://api.github.com/users/stevendore/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/stevendore/subscriptions","organizations_url":"https://api.github.com/users/stevendore/orgs","repos_url":"https://api.github.com/users/stevendore/repos","events_url":"https://api.github.com/users/stevendore/events{/privacy}","received_events_url":"https://api.github.com/users/stevendore/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2024-02-22T17:40:07Z","updated_at":"2024-03-07T21:04:32Z","closed_at":"2024-03-07T21:04:32Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"When running `layer_reolad.vtc` with ASAN CFLAGS, ASAN finds a `heap-use-after-free`  in `dom_destroy()`. This is found using latest Varnish Cache and latest libvmod dynamic. The issue could be hidden by allocating the fallback director after the dynamic director, this results in the director/domain being freed in the \"right\" order.\r\n\r\nSteps to reproduce:\r\n1. Configure varnish with `--enable-asan` and then before make set enviorment vairables `ASAN_OPTIONS=abort_on_error=1,detect_odr_violation=1,detect_leaks=1,detect_stack_use_after_return=1,detect_invalid_pointer_pairs=1,handle_segv=0,handle_sigbus=0,use_sigaltstack=0,disable_coredump=0` and `LSAN_OPTIONS=abort_on_error=1,use_sigaltstack=0,suppressions=${path_to}/varnish-cache/tools/lsan.suppr`\r\n2. configure libvmod-dynamic with `CFLAGS='-fsanitize=address' ./configure` and export the same SAN options as Varnish \r\n3. run make check\r\n\r\nCollapsible VTC Log: \r\n<details>\r\n  <summary>toggle view log</summary>\r\n\r\n```\r\n\r\n**** dT    0.000\r\n*    top   TEST ./tests/layer_reload.vtc starting\r\n**** top   extmacro def pkg_version=trunk\r\n**** top   extmacro def pkg_branch=trunk\r\n**** top   extmacro def pwd=/home/swojcik/code/libvmod-dynamic/src\r\n**** top   extmacro def date(...)\r\n**** top   extmacro def string(...)\r\n**** top   extmacro def vmod_dynamic=dynamic from \"/home/swojcik/code/libvmod-dynamic/src/.libs/libvmod_dynamic.so\"\r\n**** top   extmacro def localhost=127.0.0.1\r\n**** top   extmacro def bad_backend=127.0.0.1:41381\r\n**** top   extmacro def listen_addr=127.0.0.1:0\r\n**** top   extmacro def bad_ip=192.0.2.255\r\n**** top   macro def testdir=/home/swojcik/code/libvmod-dynamic/src/./tests\r\n**** top   macro def tmpdir=/tmp/vtc.2872792.2223da65\r\n**** top   macro def vtcid=vtc.2872792.2223da65\r\n**   top   === varnishtest \"Reloading after creating backend in init\"\r\n*    top   VTEST Reloading after creating backend in init\r\n**   top   === feature cmd \"getent hosts example.com\"\r\n**** dT    0.024\r\n**   top   === shell {\r\n**** top   shell_cmd|exec 2>&1 ; \r\n**** top   shell_cmd|\\tcat >/tmp/vtc.2872792.2223da65/f1 <<-EOF\r\n**** top   shell_cmd|\\tvcl 4.1;\r\n**** top   shell_cmd|\\timport dynamic from \"/home/swojcik/code/libvmod-dynamic/src/.libs/libvmod_dynamic.so\";\r\n**** top   shell_cmd|\\timport directors;\r\n**** top   shell_cmd|\r\n**** top   shell_cmd|\\tbackend none none;\r\n**** top   shell_cmd|\r\n**** top   shell_cmd|\\tsub vcl_init {\r\n**** top   shell_cmd|\\t\\tnew dir = directors.fallback();\r\n**** top   shell_cmd|\\t\\tnew res = dynamic.resolver();\r\n**** top   shell_cmd|\\t\\tnew dyn = dynamic.director(domain_usage_timeout = 0.1s, resolver = res.use());\r\n**** top   shell_cmd|\\t\\tdir.add_backend(dyn.backend(host={\"example.com\"}, port={\"80\"}) );\r\n**** top   shell_cmd|\\t}\r\n**** top   shell_cmd|\\tEOF\r\n**** dT    0.028\r\n**** top   shell_status = 0x0000\r\n**   top   === varnish v1 -cliok \"vcl.load vcl1 ${tmpdir}/f1\"\r\n**** dT    0.033\r\n**   v1    Launch\r\n***  v1    CMD: cd ${pwd} && exec varnishd  -d -n /tmp/vtc.2872792.2223da65/v1 -i v1 -p debug=+vcl_keep -p debug=+vmod_so_keep -p debug=+vsm_keep -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug,+H2RxHdr,+H2RxBody -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -a '127.0.0.1:0' -M '127.0.0.1 38685' -P /tmp/vtc.2872792.2223da65/v1/varnishd.pid \r\n***  v1    CMD: cd /home/swojcik/code/libvmod-dynamic/src && exec varnishd  -d -n /tmp/vtc.2872792.2223da65/v1 -i v1 -p debug=+vcl_keep -p debug=+vmod_so_keep -p debug=+vsm_keep -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug,+H2RxHdr,+H2RxBody -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -a '127.0.0.1:0' -M '127.0.0.1 38685' -P /tmp/vtc.2872792.2223da65/v1/varnishd.pid \r\n**** dT    0.034\r\n***  v1    PID: 2872812\r\n**** v1    macro def v1_pid=2872812\r\n**** v1    macro def v1_name=/tmp/vtc.2872792.2223da65/v1\r\n**** dT    0.054\r\n***  v1    debug|Debug: Version: varnish-trunk revision d77da13b9baf268196075bda0808d0d2e8721470\r\n***  v1    debug|Debug: Platform: Linux,6.5.0-17-generic,x86_64,-jnone,-sdefault,-sdefault,-hcritbit\r\n***  v1    debug|200 317     \r\n***  v1    debug|-----------------------------\r\n***  v1    debug|Varnish Cache CLI 1.0\r\n***  v1    debug|-----------------------------\r\n***  v1    debug|Linux,6.5.0-17-generic,x86_64,-jnone,-sdefault,-sdefault,-hcritbit\r\n***  v1    debug|varnish-trunk revision d77da13b9baf268196075bda0808d0d2e8721470\r\n***  v1    debug|\r\n***  v1    debug|Type 'help' for command list.\r\n***  v1    debug|Type 'quit' to close CLI session.\r\n***  v1    debug|Type 'start' to launch worker process.\r\n***  v1    debug|\r\n**** dT    0.153\r\n**** v1    CLIPOLL 1 0x1 0x0 0x0\r\n***  v1    CLI connection fd = 4\r\n**** dT    0.154\r\n***  v1    CLI RX  107\r\n**** v1    CLI RX|ygvcsiionoelhdqmokrfteicbjzhrzuc\r\n**** v1    CLI RX|\r\n**** v1    CLI RX|Authentication required.\r\n**** v1    CLI TX|auth 90608ea81d2bbbfa7774fd79c416390009fbabba31979c1a26762f0a0fe266fd\r\n**** dT    0.155\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|-----------------------------\r\n**** v1    CLI RX|Varnish Cache CLI 1.0\r\n**** v1    CLI RX|-----------------------------\r\n**** v1    CLI RX|Linux,6.5.0-17-generic,x86_64,-jnone,-sdefault,-sdefault,-hcritbit\r\n**** v1    CLI RX|varnish-trunk revision d77da13b9baf268196075bda0808d0d2e8721470\r\n**** v1    CLI RX|\r\n**** v1    CLI RX|Type 'help' for command list.\r\n**** v1    CLI RX|Type 'quit' to close CLI session.\r\n**** v1    CLI RX|Type 'start' to launch worker process.\r\n**** dT    0.156\r\n**** v1    CLI TX|vcl.load vcl1 /tmp/vtc.2872792.2223da65/f1\r\n**** dT    0.256\r\n***  v1    vsl|No VSL chunk found (child not started ?)\r\n**** dT    0.356\r\n***  v1    vsl|No VSL chunk found (child not started ?)\r\n**** dT    0.456\r\n***  v1    vsl|No VSL chunk found (child not started ?)\r\n**** dT    0.556\r\n***  v1    vsl|No VSL chunk found (child not started ?)\r\n**** dT    0.657\r\n***  v1    vsl|No VSL chunk found (child not started ?)\r\n**** dT    0.757\r\n***  v1    vsl|No VSL chunk found (child not started ?)\r\n**** dT    0.832\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|Message from VCC-compiler:\r\n**** v1    CLI RX|-----------------------------------------------------\r\n**** v1    CLI RX|Suppressions used:\r\n**** v1    CLI RX|  count      bytes template\r\n**** v1    CLI RX|      2        136 HSH_config\r\n**** v1    CLI RX|      9        360 vcc_\r\n**** v1    CLI RX|-----------------------------------------------------\r\n**** v1    CLI RX|\r\n**** v1    CLI RX|Message from dlopen:\r\n**** v1    CLI RX|-----------------------------------------------------\r\n**** v1    CLI RX|Suppressions used:\r\n**** v1    CLI RX|  count      bytes template\r\n**** v1    CLI RX|      2        136 HSH_config\r\n**** v1    CLI RX|-----------------------------------------------------\r\n**** v1    CLI RX|\r\n**** v1    CLI RX|VCL compiled.\r\n**   v1    CLI 200 <vcl.load vcl1 /tmp/vtc.2872792.2223da65/f1>\r\n**   top   === varnish v1 -cliok \"vcl.use vcl1\"\r\n**** v1    CLI TX|vcl.use vcl1\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|VCL 'vcl1' now active\r\n**   v1    CLI 200 <vcl.use vcl1>\r\n**   top   === varnish v1 -cliok \"start\"\r\n**** v1    CLI TX|start\r\n**** dT    0.857\r\n***  v1    vsl|No VSL chunk found (child not started ?)\r\n**** dT    0.875\r\n***  v1    debug|Debug: Child (2872880) Started\r\n**** dT    0.900\r\n***  v1    debug|Child launched OK\r\n**** dT    0.913\r\n***  v1    CLI RX  200\r\n**   v1    CLI 200 <start>\r\n**   top   === varnish v1 -cliok \"vcl.load vcl2 ${tmpdir}/f1\"\r\n***  v1    debug|Info: Child (2872880) said Child starts\r\n**** v1    CLI TX|vcl.load vcl2 /tmp/vtc.2872792.2223da65/f1\r\n**** dT    0.957\r\n**** v1    vsl|          0 CLI             - Rd vcl.load \"vcl1\" vcl_vcl1.1708618810.078643/vgc.so 1auto\r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl1.dyn(example.com:80) Lookup: 1708618810.794116 0.000000 0.000000\r\n**** v1    vsl|          0 CLI             - Wr 200 52 Loaded \"vcl_vcl1.1708618810.078643/vgc.so\" as \"vcl1\"\r\n**** v1    vsl|          0 CLI             - Rd vcl.use \"vcl1\"\r\n**** v1    vsl|          0 CLI             - Wr 200 0 \r\n**** v1    vsl|          0 CLI             - Rd start\r\n**** v1    vsl|          0 Debug           - sockopt: Setting SO_LINGER for a0=127.0.0.1:45489\r\n**** v1    vsl|          0 Debug           - sockopt: Setting SO_KEEPALIVE for a0=127.0.0.1:45489\r\n**** v1    vsl|          0 Debug           - sockopt: Setting SO_SNDTIMEO for a0=127.0.0.1:45489\r\n**** v1    vsl|          0 Debug           - sockopt: Setting SO_RCVTIMEO for a0=127.0.0.1:45489\r\n**** v1    vsl|          0 Debug           - sockopt: Setting TCP_NODELAY for a0=127.0.0.1:45489\r\n**** v1    vsl|          0 Debug           - sockopt: Setting TCP_KEEPIDLE for a0=127.0.0.1:45489\r\n**** v1    vsl|          0 Debug           - sockopt: Setting TCP_KEEPCNT for a0=127.0.0.1:45489\r\n**** v1    vsl|          0 Debug           - sockopt: Setting TCP_KEEPINTVL for a0=127.0.0.1:45489\r\n**** v1    vsl|          0 CLI             - Wr 200 0 \r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl1.dyn(example.com:80) Results: 1708618810.802496 0.008379 0.008379\r\n**** v1    vsl|          0 Error           - vmod-dynamic vcl1 dyn example.com:80 getdns 901 (Queries for the name yielded all negative responses)\r\n**** dT    1.057\r\n**** v1    vsl|          0 VCL_Log         - vmod-dynamic vcl1 dyn example.com:80 timeout\r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl1.dyn(example.com:80) Lookup: 1708618810.881813 0.000000 0.000000\r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl1.dyn(example.com:80) Results: 1708618810.887776 0.005963 0.005963\r\n**** v1    vsl|          0 Error           - vmod-dynamic vcl1 dyn example.com:80 getdns 901 (Queries for the name yielded all negative responses)\r\n**** dT    1.568\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|Message from VCC-compiler:\r\n**** v1    CLI RX|-----------------------------------------------------\r\n**** v1    CLI RX|Suppressions used:\r\n**** v1    CLI RX|  count      bytes template\r\n**** v1    CLI RX|      2        136 HSH_config\r\n**** v1    CLI RX|      9        360 vcc_\r\n**** v1    CLI RX|-----------------------------------------------------\r\n**** v1    CLI RX|\r\n**** v1    CLI RX|Message from dlopen:\r\n**** v1    CLI RX|-----------------------------------------------------\r\n**** v1    CLI RX|Suppressions used:\r\n**** v1    CLI RX|  count      bytes template\r\n**** v1    CLI RX|      2        136 HSH_config\r\n**** v1    CLI RX|-----------------------------------------------------\r\n**** v1    CLI RX|\r\n**   v1    CLI 200 <vcl.load vcl2 /tmp/vtc.2872792.2223da65/f1>\r\n**   top   === varnish v1 -cliok \"vcl.use vcl2\"\r\n**** v1    CLI TX|vcl.use vcl2\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|VCL 'vcl2' now active\r\n**   v1    CLI 200 <vcl.use vcl2>\r\n**   top   === varnish v1 -cliok \"vcl.discard vcl1\"\r\n**** v1    CLI TX|vcl.discard vcl1\r\n**** dT    1.658\r\n**** v1    vsl|          0 CLI             - Rd vcl.load vcl2 vcl_vcl2.1708618810.794719/vgc.so 1auto\r\n**** v1    vsl|          0 CLI             - Wr 200 52 Loaded \"vcl_vcl2.1708618810.794719/vgc.so\" as \"vcl2\"\r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl2.dyn(example.com:80) Lookup: 1708618811.449167 0.000000 0.000000\r\n**** v1    vsl|          0 CLI             - Rd vcl.use vcl2\r\n**** v1    vsl|          0 CLI             - Wr 200 0 \r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl2.dyn(example.com:80) Results: 1708618811.457072 0.007905 0.007905\r\n**** v1    vsl|          0 Error           - vmod-dynamic vcl2 dyn example.com:80 getdns 901 (Queries for the name yielded all negative responses)\r\n**** v1    vsl|          0 CLI             - Rd vcl.state vcl1 0cold\r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl1.dyn(example.com:80) Done: 1708618811.494451 0.000000 0.000000\r\n**** v1    vsl|          0 VCL_Log         - vmod-dynamic vcl1 dyn example.com:80 deleted (expired)\r\n**** v1    vsl|          0 CLI             - Wr 200 0 \r\n**** v1    vsl|          0 CLI             - Rd vcl.discard vcl1\r\n**** dT    1.758\r\n**** v1    vsl|          0 VCL_Log         - vmod-dynamic vcl2 dyn example.com:80 timeout\r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl2.dyn(example.com:80) Lookup: 1708618811.542969 0.000000 0.000000\r\n**** v1    vsl|          0 Timestamp       - vmod-dynamic vcl2.dyn(example.com:80) Results: 1708618811.547853 0.004884 0.004884\r\n**** v1    vsl|          0 Error           - vmod-dynamic vcl2 dyn example.com:80 getdns 901 (Queries for the name yielded all negative responses)\r\n**** dT    2.790\r\n***  v1    debug|Error: Child (2872880) not responding to CLI, killed it.\r\n***  v1    CLI RX  200\r\n**   v1    CLI 200 <vcl.discard vcl1>\r\n*    top   RESETTING after ./tests/layer_reload.vtc\r\n**   v1    Wait\r\n**** v1    CLI TX|backend.list\r\n***  v1    debug|Info: Child (2872880) said =================================================================\r\n***  v1    debug|Info: Child (2872880) said ==2872880==ERROR: AddressSanitizer: heap-use-after-free on address 0x6120000119c4 at pc 0x7fad9b650290 bp 0x7ffe80f849a0 sp 0x7ffe80f84990\r\n***  v1    debug|Info: Child (2872880) said READ of size 4 at 0x6120000119c4 thread T0\r\n***  v1    debug|Info: Child (2872880) said     #0 0x7fad9b65028f in dom_destroy (vmod_cache/_vmod_dynamic.29b766e616262ab0ef9252419367ce48fbf642168ba34fc382b1742a77dac5c4+0x1f28f)\r\n***  v1    debug|Info: Child (2872880) said     #1 0x561c4abfd611 in vcldir_retire cache/cache_vrt_vcl.c:287\r\n***  v1    debug|Info: Child (2872880) said     #2 0x561c4abfd611 in vcldir_deref cache/cache_vrt_vcl.c:305\r\n***  v1    debug|Info: Child (2872880) said     #3 0x561c4ac00754 in VRT_Assign_Backend cache/cache_vrt_vcl.c:343\r\n***  v1    debug|Info: Child (2872880) said     #4 0x7fad998559ef in vdir_release /home/swojcik/code/varnish-cache/vmod/vmod_directors.c:99\r\n***  v1    debug|Info: Child (2872880) said     #5 0x561c4ac00420 in VRT_DelDirector cache/cache_vrt_vcl.c:321\r\n***  v1    debug|Info: Child (2872880) said     #6 0x7fad9ca2fd0b in VGC_Discard /tmp/vtc.2872792.2223da65/v1/vcl_vcl1.1708618810.078643/vgc.c:4194\r\n***  v1    debug|Info: Child (2872880) said     #7 0x7fad9ca2fd0b in VGC_Event /tmp/vtc.2872792.2223da65/v1/vcl_vcl1.1708618810.078643/vgc.c:4287\r\n***  v1    debug|Info: Child (2872880) said     #8 0x561c4abdb6e5 in vcl_send_event cache/cache_vcl.c:255\r\n***  v1    debug|Info: Child (2872880) said     #9 0x561c4abdf9e2 in VCL_Poll cache/cache_vcl.c:736\r\n***  v1    debug|Info: Child (2872880) said     #10 0x561c4abe01c4 in vcl_cli_discard cache/cache_vcl.c:903\r\n***  v1    debug|Info: Child (2872880) said     #11 0x561c4acd567f in cls_dispatch /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:273\r\n***  v1    debug|Info: Child (2872880) said     #12 0x561c4acd567f in cls_exec /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:324\r\n***  v1    debug|Info: Child (2872880) said     #13 0x561c4acd6335 in cls_feed /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:412\r\n***  v1    debug|Info: Child (2872880) said     #14 0x561c4acd6335 in VCLS_Poll /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:617\r\n***  v1    debug|Info: Child (2872880) said     #15 0x561c4ab66923 in CLI_Run cache/cache_cli.c:110\r\n***  v1    debug|Info: Child (2872880) said     #16 0x561c4abac4d9 in child_main cache/cache_main.c:467\r\n***  v1    debug|Info: Child (2872880) said     #17 0x561c4ac482df in mgt_launch_child mgt/mgt_child.c:402\r\n***  v1    debug|Info: Child (2872880) said     #18 0x561c4acd567f in cls_dispatch /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:273\r\n***  v1    debug|Info: Child (2872880) said     #19 0x561c4acd567f in cls_exec /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:324\r\n***  v1    debug|Info: Child (2872880) said     #20 0x561c4acd6335 in cls_feed /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:412\r\n***  v1    debug|Info: Child (2872880) said     #21 0x561c4acd6335 in VCLS_Poll /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:617\r\n***  v1    debug|Info: Child (2872880) said     #22 0x561c4acda316 in VEV_Once /home/swojcik/code/varnish-cache/lib/libvarnish/vev.c:466\r\n***  v1    debug|Info: Child (2872880) said     #23 0x561c4acda687 in VEV_Loop /home/swojcik/code/varnish-cache/lib/libvarnish/vev.c:354\r\n***  v1    debug|Info: Child (2872880) said     #24 0x561c4ab47691 in main mgt/mgt_main.c:995\r\n***  v1    debug|Info: Child (2872880) said     #25 0x7fadb3829d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\r\n***  v1    debug|Info: Child (2872880) said     #26 0x7fadb3829e3f in __libc_start_main_impl ../csu/libc-start.c:392\r\n***  v1    debug|Info: Child (2872880) said     #27 0x561c4ab48834 in _start (/opt/varnish/os-main-asan/sbin/varnishd+0x11f834)\r\n***  v1    debug|Info: Child (2872880) said \r\n***  v1    debug|Info: Child (2872880) said 0x6120000119c4 is located 260 bytes inside of 264-byte region [0x6120000118c0,0x6120000119c8)\r\n***  v1    debug|Info: Child (2872880) said freed by thread T0 here:\r\n***  v1    debug|Info: Child (2872880) said     #0 0x7fadb40b4537 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127\r\n***  v1    debug|Info: Child (2872880) said     #1 0x7fad9b6540ff in vmod_director__fini (vmod_cache/_vmod_dynamic.29b766e616262ab0ef9252419367ce48fbf642168ba34fc382b1742a77dac5c4+0x230ff)\r\n***  v1    debug|Info: Child (2872880) said     #2 0x7fad9ca2fcdd in VGC_Discard /tmp/vtc.2872792.2223da65/v1/vcl_vcl1.1708618810.078643/vgc.c:4186\r\n***  v1    debug|Info: Child (2872880) said     #3 0x7fad9ca2fcdd in VGC_Event /tmp/vtc.2872792.2223da65/v1/vcl_vcl1.1708618810.078643/vgc.c:4287\r\n***  v1    debug|Info: Child (2872880) said     #4 0x561c4abdb6e5 in vcl_send_event cache/cache_vcl.c:255\r\n***  v1    debug|Info: Child (2872880) said     #5 0x561c4abdf9e2 in VCL_Poll cache/cache_vcl.c:736\r\n***  v1    debug|Info: Child (2872880) said     #6 0x561c4abe01c4 in vcl_cli_discard cache/cache_vcl.c:903\r\n***  v1    debug|Info: Child (2872880) said     #7 0x561c4acd567f in cls_dispatch /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:273\r\n***  v1    debug|Info: Child (2872880) said     #8 0x561c4acd567f in cls_exec /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:324\r\n***  v1    debug|Info: Child (2872880) said     #9 0x561c4acd6335 in cls_feed /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:412\r\n***  v1    debug|Info: Child (2872880) said     #10 0x561c4acd6335 in VCLS_Poll /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:617\r\n***  v1    debug|Info: Child (2872880) said     #11 0x561c4ab66923 in CLI_Run cache/cache_cli.c:110\r\n***  v1    debug|Info: Child (2872880) said     #12 0x561c4abac4d9 in child_main cache/cache_main.c:467\r\n***  v1    debug|Info: Child (2872880) said     #13 0x561c4ac482df in mgt_launch_child mgt/mgt_child.c:402\r\n***  v1    debug|Info: Child (2872880) said     #14 0x561c4acd567f in cls_dispatch /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:273\r\n***  v1    debug|Info: Child (2872880) said     #15 0x561c4acd567f in cls_exec /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:324\r\n***  v1    debug|Info: Child (2872880) said     #16 0x561c4acd6335 in cls_feed /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:412\r\n***  v1    debug|Info: Child (2872880) said     #17 0x561c4acd6335 in VCLS_Poll /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:617\r\n***  v1    debug|Info: Child (2872880) said     #18 0x561c4acda316 in VEV_Once /home/swojcik/code/varnish-cache/lib/libvarnish/vev.c:466\r\n***  v1    debug|Info: Child (2872880) said     #19 0x561c4acda687 in VEV_Loop /home/swojcik/code/varnish-cache/lib/libvarnish/vev.c:354\r\n***  v1    debug|Info: Child (2872880) said     #20 0x561c4ab47691 in main mgt/mgt_main.c:995\r\n***  v1    debug|Info: Child (2872880) said     #21 0x7fadb3829d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\r\n***  v1    debug|Info: Child (2872880) said \r\n***  v1    debug|Info: Child (2872880) said previously allocated by thread T0 here:\r\n***  v1    debug|Info: Child (2872880) said     #0 0x7fadb40b4a57 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:154\r\n***  v1    debug|Info: Child (2872880) said     #1 0x7fad9b65293d in vmod_director__init (vmod_cache/_vmod_dynamic.29b766e616262ab0ef9252419367ce48fbf642168ba34fc382b1742a77dac5c4+0x2193d)\r\n***  v1    debug|Info: Child (2872880) said     #2 0x7fad9ca294c3 in VGC_function_vcl_init /tmp/vtc.2872792.2223da65/v1/vcl_vcl1.1708618810.078643/vgc.c:3862\r\n***  v1    debug|Info: Child (2872880) said     #3 0x561c4abdb6e5 in vcl_send_event cache/cache_vcl.c:255\r\n***  v1    debug|Info: Child (2872880) said     #4 0x561c4abdded6 in vcl_load cache/cache_vcl.c:696\r\n***  v1    debug|Info: Child (2872880) said     #5 0x561c4abdded6 in vcl_cli_load cache/cache_vcl.c:843\r\n***  v1    debug|Info: Child (2872880) said     #6 0x561c4acd567f in cls_dispatch /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:273\r\n***  v1    debug|Info: Child (2872880) said     #7 0x561c4acd567f in cls_exec /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:324\r\n***  v1    debug|Info: Child (2872880) said     #8 0x561c4acd6335 in cls_feed /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:412\r\n***  v1    debug|Info: Child (2872880) said     #9 0x561c4acd6335 in VCLS_Poll /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:617\r\n***  v1    debug|Info: Child (2872880) said     #10 0x561c4ab66923 in CLI_Run cache/cache_cli.c:110\r\n***  v1    debug|Info: Child (2872880) said     #11 0x561c4abac4d9 in child_main cache/cache_main.c:467\r\n***  v1    debug|Info: Child (2872880) said     #12 0x561c4ac482df in mgt_launch_child mgt/mgt_child.c:402\r\n***  v1    debug|Info: Child (2872880) said     #13 0x561c4acd567f in cls_dispatch /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:273\r\n***  v1    debug|Info: Child (2872880) said     #14 0x561c4acd567f in cls_exec /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:324\r\n***  v1    debug|Info: Child (2872880) said     #15 0x561c4acd6335 in cls_feed /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:412\r\n***  v1    debug|Info: Child (2872880) said     #16 0x561c4acd6335 in VCLS_Poll /home/swojcik/code/varnish-cache/lib/libvarnish/vcli_serve.c:617\r\n***  v1    debug|Info: Child (2872880) said     #17 0x561c4acda316 in VEV_Once /home/swojcik/code/varnish-cache/lib/libvarnish/vev.c:466\r\n***  v1    debug|Info: Child (2872880) said     #18 0x561c4acda687 in VEV_Loop /home/swojcik/code/varnish-cache/lib/libvarnish/vev.c:354\r\n***  v1    debug|Info: Child (2872880) said     #19 0x561c4ab47691 in main mgt/mgt_main.c:995\r\n***  v1    debug|Info: Child (2872880) said     #20 0x7fadb3829d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\r\n***  v1    debug|Info: Child (2872880) said \r\n***  v1    debug|Info: Child (2872880) said SUMMARY: AddressSanitizer: heap-use-after-free (vmod_cache/_vmod_dynamic.29b766e616262ab0ef9252419367ce48fbf642168ba34fc382b1742a77dac5c4+0x1f28f) in dom_destroy\r\n***  v1    debug|Info: Child (2872880) said Shadow bytes around the buggy address:\r\n***  v1    debug|Info: Child (2872880) said   0x0c247fffa2e0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd\r\n***  v1    debug|Info: Child (2872880) said   0x0c247fffa2f0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n***  v1    debug|Info: Child (2872880) said   0x0c247fffa300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n***  v1    debug|Info: Child (2872880) said   0x0c247fffa310: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd\r\n***  v1    debug|Info: Child (2872880) said   0x0c247fffa320: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n***  v1    debug|Info: Child (2872880) said =>0x0c247fffa330: fd fd fd fd fd fd fd fd[fd]fa fa fa fa fa fa fa\r\n***  v1    debug|Info: Child (2872880) said   0x0c247fffa340: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd\r\n***  v1    debug|Info: Child (2872880) said   0x0c247fffa350: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n***  v1    debug|Info: Child (2872880) said   0x0c247fffa360: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n***  v1    debug|Info: Child (2872880) said   0x0c247fffa370: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd\r\n***  v1    debug|Info: Child (2872880) said   0x0c247fffa380: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd\r\n***  v1    debug|Info: Child (2872880) said Shadow byte legend (one shadow byte represents 8 application bytes):\r\n***  v1    debug|Info: Child (2872880) said   Addressable:           00\r\n***  v1    debug|Info: Child (2872880) said   Partially addressable: 01 02 03 04 05 06 07 \r\n***  v1    debug|Info: Child (2872880) said   Heap left redzone:       fa\r\n***  v1    debug|Info: Child (2872880) said   Freed heap region:       fd\r\n***  v1    debug|Info: Child (2872880) said   Stack left redzone:      f1\r\n***  v1    debug|Info: Child (2872880) said   Stack mid redzone:       f2\r\n***  v1    debug|Info: Child (2872880) said   Stack right redzone:     f3\r\n***  v1    debug|Info: Child (2872880) said   Stack after return:      f5\r\n***  v1    debug|Info: Child (2872880) said   Stack use after scope:   f8\r\n***  v1    debug|Info: Child (2872880) said   Global redzone:          f9\r\n***  v1    debug|Info: Child (2872880) said   Global init order:       f6\r\n***  v1    debug|Info: Child (2872880) said   Poisoned by user:        f7\r\n***  v1    debug|Info: Child (2872880) said   Container overflow:      fc\r\n***  v1    debug|Info: Child (2872880) said   Array cookie:            ac\r\n***  v1    debug|Info: Child (2872880) said   Intra object redzone:    bb\r\n***  v1    debug|Info: Child (2872880) said   ASan internal:           fe\r\n***  v1    debug|Info: Child (2872880) said   Left alloca redzone:     ca\r\n***  v1    debug|Info: Child (2872880) said   Right alloca redzone:    cb\r\n***  v1    debug|Info: Child (2872880) said   Shadow gap:              cc\r\n***  v1    debug|Info: Child (2872880) said ==2872880==ABORTING\r\n***  v1    debug|Error: Child (2872880) died signal=6 (core dumped)\r\n***  v1    debug|Error: Child (2872880) Panic at: Thu, 22 Feb 2024 16:20:12 GMT\r\n***  v1    debug|Wrong turn at cache/cache_main.c:328:\r\n***  v1    debug|Signal 6 (Aborted) received at 0x3e8002bd630 si_code -6\r\n***  v1    debug|version = varnish-trunk revision d77da13b9baf268196075bda0808d0d2e8721470, vrt api = 18.1\r\n***  v1    debug|ident = Linux,6.5.0-17-generic,x86_64,-jnone,-sdefault,-sdefault,-hcritbit,epoll\r\n***  v1    debug|now = 324499.612377 (mono), 1708618811.590555 (real)\r\n***  v1    debug|Backtrace:\r\n***  v1    debug|  ip=0x561c4abb7dc4 sp=0x7fadafd93b10 <pan_ic+0x364>\r\n***  v1    debug|  ip=0x561c4accff78 sp=0x7fadafd93d40 <VAS_Fail+0x78>\r\n***  v1    debug|  ip=0x561c4ababb1e sp=0x7fadafd93d90 <child_signal_handler+0x1ee>\r\n***  v1    debug|  ip=0x7fadb3842520 sp=0x7fadafd94380 <__sigaction+0x50>\r\n***  v1    debug|  ip=0x7fadb38969fc sp=0x7ffe80f839d0 <pthread_kill+0x12c>\r\n***  v1    debug|  ip=0x7fadb3842476 sp=0x7ffe80f83a90 <raise+0x16>\r\n***  v1    debug|  ip=0x7fadb38287f3 sp=0x7ffe80f83aa0 <abort+0xd3>\r\n***  v1    debug|  ip=0x7fadb40d2712 sp=0x7ffe80f83be0 <_ZN11__sanitizer5AbortEv+0x32>\r\n***  v1    debug|  ip=0x7fadb40de2cc sp=0x7ffe80f83c90 <_ZN11__sanitizer3DieEv+0x4c>\r\n***  v1    debug|  ip=0x7fadb40bd77c sp=0x7ffe80f83cb0 <_ZN6__asan19ScopedInErrorReportD1Ev+0x1ac>\r\n***  v1    debug|  ip=0x7fadb40bd015 sp=0x7ffe80f83d00 <_ZN6__asan18ReportGenericErrorEmmmmbmjb+0x125>\r\n***  v1    debug|  ip=0x7fadb40bdd3b sp=0x7ffe80f84980 <__asan_report_load4+0x3b>\r\n***  v1    debug|  ip=0x7fad9b650290 sp=0x7ffe80f849b0 <dom_destroy+0x2f0>\r\n***  v1    debug|  ip=0x561c4abfd612 sp=0x7ffe80f84a50 <vcldir_deref+0x302>\r\n***  v1    debug|  ip=0x561c4ac00755 sp=0x7ffe80f84a90 <VRT_Assign_Backend+0x1b5>\r\n***  v1    debug|  ip=0x7fad998559f0 sp=0x7ffe80f84ad0 <vdir_release+0xd0>\r\n***  v1    debug|  ip=0x561c4ac00421 sp=0x7ffe80f84b20 <VRT_DelDirector+0x111>\r\n***  v1    debug|  ip=0x7fad9ca2fd0c sp=0x7ffe80f84b40 <VGC_function_vcl_backend_error+0x78c>\r\n***  v1    debug|  ip=0x561c4abdb6e6 sp=0x7ffe80f84b60 <vcl_send_event+0x406>\r\n***  v1    debug|  ip=0x561c4abdf9e3 sp=0x7ffe80f84c30 <VCL_Poll+0x3c3>\r\n***  v1    debug|  ip=0x561c4abe01c5 sp=0x7ffe80f84d10 <vcl_cli_discard+0x435>\r\n***  v1    debug|  ip=0x561c4acd5680 sp=0x7ffe80f84db0 <cls_exec+0x830>\r\n***  v1    debug|  ip=0x561c4acd6336 sp=0x7ffe80f84e20 <VCLS_Poll+0x946>\r\n***  v1    debug|  ip=0x561c4ab66924 sp=0x7ffe80f87040 <CLI_Run+0xc4>\r\n***  v1    debug|  ip=0x561c4abac4da sp=0x7ffe80f87060 <child_main+0x32a>\r\n***  v1    debug|  ip=0x561c4ac482e0 sp=0x7ffe80f871d0 <mgt_launch_child+0x680>\r\n***  v1    debug|  ip=0x561c4acd5680 sp=0x7ffe80f87310 <cls_exec+0x830>\r\n***  v1    debug|  ip=0x561c4acd6336 sp=0x7ffe80f87380 <VCLS_Poll+0x946>\r\n***  v1    debug|  ip=0x561c4acda317 sp=0x7ffe80f895a0 <VEV_Once+0x4d7>\r\n***  v1    debug|  ip=0x561c4acda688 sp=0x7ffe80f89600 <VEV_Loop+0x68>\r\n***  v1    debug|  ip=0x561c4ab47692 sp=0x7ffe80f89620 <main+0x46a2>\r\n***  v1    debug|  ip=0x7fadb3829d90 sp=0x7ffe80f899d0 <__libc_init_first+0x90>\r\n***  v1    debug|  ip=0x7fadb3829e40 sp=0x7ffe80f89a70 <__libc_start_main+0x80>\r\n***  v1    debug|  ip=0x561c4ab48835 sp=0x7ffe80f89ac0 <_start+0x25>\r\n***  v1    debug|errno = 25 (Inappropriate ioctl for device)\r\n***  v1    debug|argv = {\r\n***  v1    debug|  [0] = \\\"varnishd\\\",\r\n***  v1    debug|  [1] = \\\"-d\\\",\r\n***  v1    debug|  [2] = \\\"-n\\\",\r\n***  v1    debug|  [3] = \\\"/tmp/vtc.2872792.2223da65/v1\\\",\r\n***  v1    debug|  [4] = \\\"-i\\\",\r\n***  v1    debug|  [5] = \\\"v1\\\",\r\n***  v1    debug|  [6] = \\\"-p\\\",\r\n***  v1    debug|  [7] = \\\"debug=+vcl_keep\\\",\r\n***  v1    debug|  [8] = \\\"-p\\\",\r\n***  v1    debug|  [9] = \\\"debug=+vmod_so_keep\\\",\r\n***  v1    debug|  [10] = \\\"-p\\\",\r\n***  v1    debug|  [11] = \\\"debug=+vsm_keep\\\",\r\n***  v1    debug|  [12] = \\\"-l\\\",\r\n***  v1    debug|  [13] = \\\"2m\\\",\r\n***  v1    debug|  [14] = \\\"-p\\\",\r\n***  v1    debug|  [15] = \\\"auto_restart=off\\\",\r\n***  v1    debug|  [16] = \\\"-p\\\",\r\n***  v1    debug|  [17] = \\\"syslog_cli_traffic=off\\\",\r\n***  v1    debug|  [18] = \\\"-p\\\",\r\n***  v1    debug|  [19] = \\\"thread_pool_min=10\\\",\r\n***  v1    debug|  [20] = \\\"-p\\\",\r\n***  v1    debug|  [21] = \\\"debug=+vtc_mode\\\",\r\n***  v1    debug|  [22] = \\\"-p\\\",\r\n***  v1    debug|  [23] = \\\"vsl_mask=+Debug,+H2RxHdr,+H2RxBody\\\",\r\n***  v1    debug|  [24] = \\\"-p\\\",\r\n***  v1    debug|  [25] = \\\"h2_initial_window_size=1m\\\",\r\n***  v1    debug|  [26] = \\\"-p\\\",\r\n***  v1    debug|  [27] = \\\"h2_rx_window_low_water=64k\\\",\r\n***  v1    debug|  [28] = \\\"-a\\\",\r\n***  v1    debug|  [29] = \\\"127.0.0.1:0\\\",\r\n***  v1    debug|  [30] = \\\"-M\\\",\r\n***  v1    debug|  [31] = \\\"127.0.0.1 38685\\\",\r\n***  v1    debug|  [32] = \\\"-P\\\",\r\n***  v1    debug|  [33] = \\\"/tmp/vtc.2872792.2223da65/v1/varnishd.pid\\\",\r\n***  v1    debug|}\r\n***  v1    debug|pthread.self = 0x7fadb3ee7040\r\n***  v1    debug|pthread.name = (cache-main)\r\n***  v1    debug|pthread.attr = {\r\n***  v1    debug|  guard = 0,\r\n***  v1    debug|  stack_bottom = 0x7ffe8078d000,\r\n***  v1    debug|  stack_top = 0x7ffe80f8a000,\r\n***  v1    debug|  stack_size = 8376320,\r\n***  v1    debug|}\r\n***  v1    debug|thr.req = NULL\r\n***  v1    debug|thr.busyobj = NULL\r\n***  v1    debug|thr.worker = NULL\r\n***  v1    debug|vmods = {\r\n***  v1    debug|  dynamic = {0x60b0000005c0, Varnish trunk d77da13b9baf268196075bda0808d0d2e8721470, 18.1},\r\n***  v1    debug|  directors = {0x60b000000720, Varnish trunk d77da13b9baf268196075bda0808d0d2e8721470, 0.0},\r\n***  v1    debug|},\r\n***  v1    debug|pools = {\r\n***  v1    debug|  pool = 0x612000000040 {\r\n***  v1    debug|    nidle = 9,\r\n***  v1    debug|    nthr = 10,\r\n***  v1    debug|    lqueue = 0\r\n***  v1    debug|  },\r\n***  v1    debug|  pool = 0x6120000001c0 {\r\n***  v1    debug|    nidle = 9,\r\n***  v1    debug|    nthr = 10,\r\n***  v1    debug|    lqueue = 0\r\n***  v1    debug|  },\r\n***  v1    debug|},\r\n***  v1    debug|\r\n***  v1    debug|\r\n***  v1    debug|Debug: Child cleanup complete\r\n**** dT    2.791\r\n***  v1    CLI RX  101\r\n**** v1    CLI RX|Unknown request in manager process (child not running).\r\n**** v1    CLI RX|Type 'help' for more info.\r\n**   v1    Stop\r\n**** v1    CLI TX|stop\r\n**** dT    2.833\r\n***  v1    CLI RX  300\r\n**** v1    CLI RX|Child in state stopped\r\n***  v1    wait-stopped\r\n**** v1    CLI TX|status\r\n**** dT    2.877\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|Child in state stopped\r\n**** v1    CLI TX|panic.show\r\n**** dT    2.925\r\n***  v1    CLI RX  200\r\n**** v1    CLI RX|Panic at: Thu, 22 Feb 2024 16:20:12 GMT\r\n**** v1    CLI RX|Wrong turn at cache/cache_main.c:328:\r\n**** v1    CLI RX|Signal 6 (Aborted) received at 0x3e8002bd630 si_code -6\r\n**** v1    CLI RX|version = varnish-trunk revision d77da13b9baf268196075bda0808d0d2e8721470, vrt api = 18.1\r\n**** v1    CLI RX|ident = Linux,6.5.0-17-generic,x86_64,-jnone,-sdefault,-sdefault,-hcritbit,epoll\r\n**** v1    CLI RX|now = 324499.612377 (mono), 1708618811.590555 (real)\r\n**** v1    CLI RX|Backtrace:\r\n**** v1    CLI RX|  ip=0x561c4abb7dc4 sp=0x7fadafd93b10 <pan_ic+0x364>\r\n**** v1    CLI RX|  ip=0x561c4accff78 sp=0x7fadafd93d40 <VAS_Fail+0x78>\r\n**** v1    CLI RX|  ip=0x561c4ababb1e sp=0x7fadafd93d90 <child_signal_handler+0x1ee>\r\n**** v1    CLI RX|  ip=0x7fadb3842520 sp=0x7fadafd94380 <__sigaction+0x50>\r\n**** v1    CLI RX|  ip=0x7fadb38969fc sp=0x7ffe80f839d0 <pthread_kill+0x12c>\r\n**** v1    CLI RX|  ip=0x7fadb3842476 sp=0x7ffe80f83a90 <raise+0x16>\r\n**** v1    CLI RX|  ip=0x7fadb38287f3 sp=0x7ffe80f83aa0 <abort+0xd3>\r\n**** v1    CLI RX|  ip=0x7fadb40d2712 sp=0x7ffe80f83be0 <_ZN11__sanitizer5AbortEv+0x32>\r\n**** v1    CLI RX|  ip=0x7fadb40de2cc sp=0x7ffe80f83c90 <_ZN11__sanitizer3DieEv+0x4c>\r\n**** v1    CLI RX|  ip=0x7fadb40bd77c sp=0x7ffe80f83cb0 <_ZN6__asan19ScopedInErrorReportD1Ev+0x1ac>\r\n**** v1    CLI RX|  ip=0x7fadb40bd015 sp=0x7ffe80f83d00 <_ZN6__asan18ReportGenericErrorEmmmmbmjb+0x125>\r\n**** v1    CLI RX|  ip=0x7fadb40bdd3b sp=0x7ffe80f84980 <__asan_report_load4+0x3b>\r\n**** v1    CLI RX|  ip=0x7fad9b650290 sp=0x7ffe80f849b0 <dom_destroy+0x2f0>\r\n**** v1    CLI RX|  ip=0x561c4abfd612 sp=0x7ffe80f84a50 <vcldir_deref+0x302>\r\n**** v1    CLI RX|  ip=0x561c4ac00755 sp=0x7ffe80f84a90 <VRT_Assign_Backend+0x1b5>\r\n**** v1    CLI RX|  ip=0x7fad998559f0 sp=0x7ffe80f84ad0 <vdir_release+0xd0>\r\n**** v1    CLI RX|  ip=0x561c4ac00421 sp=0x7ffe80f84b20 <VRT_DelDirector+0x111>\r\n**** v1    CLI RX|  ip=0x7fad9ca2fd0c sp=0x7ffe80f84b40 <VGC_function_vcl_backend_error+0x78c>\r\n**** v1    CLI RX|  ip=0x561c4abdb6e6 sp=0x7ffe80f84b60 <vcl_send_event+0x406>\r\n**** v1    CLI RX|  ip=0x561c4abdf9e3 sp=0x7ffe80f84c30 <VCL_Poll+0x3c3>\r\n**** v1    CLI RX|  ip=0x561c4abe01c5 sp=0x7ffe80f84d10 <vcl_cli_discard+0x435>\r\n**** v1    CLI RX|  ip=0x561c4acd5680 sp=0x7ffe80f84db0 <cls_exec+0x830>\r\n**** v1    CLI RX|  ip=0x561c4acd6336 sp=0x7ffe80f84e20 <VCLS_Poll+0x946>\r\n**** v1    CLI RX|  ip=0x561c4ab66924 sp=0x7ffe80f87040 <CLI_Run+0xc4>\r\n**** v1    CLI RX|  ip=0x561c4abac4da sp=0x7ffe80f87060 <child_main+0x32a>\r\n**** v1    CLI RX|  ip=0x561c4ac482e0 sp=0x7ffe80f871d0 <mgt_launch_child+0x680>\r\n**** v1    CLI RX|  ip=0x561c4acd5680 sp=0x7ffe80f87310 <cls_exec+0x830>\r\n**** v1    CLI RX|  ip=0x561c4acd6336 sp=0x7ffe80f87380 <VCLS_Poll+0x946>\r\n**** v1    CLI RX|  ip=0x561c4acda317 sp=0x7ffe80f895a0 <VEV_Once+0x4d7>\r\n**** v1    CLI RX|  ip=0x561c4acda688 sp=0x7ffe80f89600 <VEV_Loop+0x68>\r\n**** v1    CLI RX|  ip=0x561c4ab47692 sp=0x7ffe80f89620 <main+0x46a2>\r\n**** v1    CLI RX|  ip=0x7fadb3829d90 sp=0x7ffe80f899d0 <__libc_init_first+0x90>\r\n**** v1    CLI RX|  ip=0x7fadb3829e40 sp=0x7ffe80f89a70 <__libc_start_main+0x80>\r\n**** v1    CLI RX|  ip=0x561c4ab48835 sp=0x7ffe80f89ac0 <_start+0x25>\r\n**** v1    CLI RX|errno = 25 (Inappropriate ioctl for device)\r\n**** v1    CLI RX|argv = {\r\n**** v1    CLI RX|  [0] = \\\"varnishd\\\",\r\n**** v1    CLI RX|  [1] = \\\"-d\\\",\r\n**** v1    CLI RX|  [2] = \\\"-n\\\",\r\n**** v1    CLI RX|  [3] = \\\"/tmp/vtc.2872792.2223da65/v1\\\",\r\n**** v1    CLI RX|  [4] = \\\"-i\\\",\r\n**** v1    CLI RX|  [5] = \\\"v1\\\",\r\n**** v1    CLI RX|  [6] = \\\"-p\\\",\r\n**** v1    CLI RX|  [7] = \\\"debug=+vcl_keep\\\",\r\n**** v1    CLI RX|  [8] = \\\"-p\\\",\r\n**** v1    CLI RX|  [9] = \\\"debug=+vmod_so_keep\\\",\r\n**** v1    CLI RX|  [10] = \\\"-p\\\",\r\n**** v1    CLI RX|  [11] = \\\"debug=+vsm_keep\\\",\r\n**** v1    CLI RX|  [12] = \\\"-l\\\",\r\n**** v1    CLI RX|  [13] = \\\"2m\\\",\r\n**** v1    CLI RX|  [14] = \\\"-p\\\",\r\n**** v1    CLI RX|  [15] = \\\"auto_restart=off\\\",\r\n**** v1    CLI RX|  [16] = \\\"-p\\\",\r\n**** v1    CLI RX|  [17] = \\\"syslog_cli_traffic=off\\\",\r\n**** v1    CLI RX|  [18] = \\\"-p\\\",\r\n**** v1    CLI RX|  [19] = \\\"thread_pool_min=10\\\",\r\n**** v1    CLI RX|  [20] = \\\"-p\\\",\r\n**** v1    CLI RX|  [21] = \\\"debug=+vtc_mode\\\",\r\n**** v1    CLI RX|  [22] = \\\"-p\\\",\r\n**** v1    CLI RX|  [23] = \\\"vsl_mask=+Debug,+H2RxHdr,+H2RxBody\\\",\r\n**** v1    CLI RX|  [24] = \\\"-p\\\",\r\n**** v1    CLI RX|  [25] = \\\"h2_initial_window_size=1m\\\",\r\n**** v1    CLI RX|  [26] = \\\"-p\\\",\r\n**** v1    CLI RX|  [27] = \\\"h2_rx_window_low_water=64k\\\",\r\n**** v1    CLI RX|  [28] = \\\"-a\\\",\r\n**** v1    CLI RX|  [29] = \\\"127.0.0.1:0\\\",\r\n**** v1    CLI RX|  [30] = \\\"-M\\\",\r\n**** v1    CLI RX|  [31] = \\\"127.0.0.1 38685\\\",\r\n**** v1    CLI RX|  [32] = \\\"-P\\\",\r\n**** v1    CLI RX|  [33] = \\\"/tmp/vtc.2872792.2223da65/v1/varnishd.pid\\\",\r\n**** v1    CLI RX|}\r\n**** v1    CLI RX|pthread.self = 0x7fadb3ee7040\r\n**** v1    CLI RX|pthread.name = (cache-main)\r\n**** v1    CLI RX|pthread.attr = {\r\n**** v1    CLI RX|  guard = 0,\r\n**** v1    CLI RX|  stack_bottom = 0x7ffe8078d000,\r\n**** v1    CLI RX|  stack_top = 0x7ffe80f8a000,\r\n**** v1    CLI RX|  stack_size = 8376320,\r\n**** v1    CLI RX|}\r\n**** v1    CLI RX|thr.req = NULL\r\n**** v1    CLI RX|thr.busyobj = NULL\r\n**** v1    CLI RX|thr.worker = NULL\r\n**** v1    CLI RX|vmods = {\r\n**** v1    CLI RX|  dynamic = {0x60b0000005c0, Varnish trunk d77da13b9baf268196075bda0808d0d2e8721470, 18.1},\r\n**** v1    CLI RX|  directors = {0x60b000000720, Varnish trunk d77da13b9baf268196075bda0808d0d2e8721470, 0.0},\r\n**** v1    CLI RX|},\r\n**** v1    CLI RX|pools = {\r\n**** v1    CLI RX|  pool = 0x612000000040 {\r\n**** v1    CLI RX|    nidle = 9,\r\n**** v1    CLI RX|    nthr = 10,\r\n**** v1    CLI RX|    lqueue = 0\r\n**** v1    CLI RX|  },\r\n**** v1    CLI RX|  pool = 0x6120000001c0 {\r\n**** v1    CLI RX|    nidle = 9,\r\n**** v1    CLI RX|    nthr = 10,\r\n**** v1    CLI RX|    lqueue = 0\r\n**** v1    CLI RX|  },\r\n**** v1    CLI RX|},\r\n**** v1    CLI RX|\r\n**** v1    CLI RX|\r\n---- v1    Unexpected panic\r\n*    top   failure during reset\r\n*    diag  0.0 2606:2800:220:1:248:1893:25c8:1946 example.com\r\n*    diag  0.0 -----------------------------------------------------\r\n*    diag  0.0 Suppressions used:\r\n*    diag  0.0   count      bytes template\r\n*    diag  0.0       7       1491 parse_string\r\n*    diag  0.0 -----------------------------------------------------\r\n*    diag  0.0 \r\n#    top  TEST ./tests/layer_reload.vtc FAILED (3.042) exit=2\r\nFAIL tests/layer_reload.vtc (exit status: 2)\r\n\r\n```\r\n</details>","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/112/reactions","total_count":1,"+1":1,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/112/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/113","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/113/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/113/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/113/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/113","id":2193407206,"node_id":"I_kwDOBBOOTM6CvLzm","number":113,"title":"7.5 release","user":{"login":"gquintard","id":3776553,"node_id":"MDQ6VXNlcjM3NzY1NTM=","avatar_url":"https://avatars.githubusercontent.com/u/3776553?v=4","gravatar_id":"","url":"https://api.github.com/users/gquintard","html_url":"https://github.com/gquintard","followers_url":"https://api.github.com/users/gquintard/followers","following_url":"https://api.github.com/users/gquintard/following{/other_user}","gists_url":"https://api.github.com/users/gquintard/gists{/gist_id}","starred_url":"https://api.github.com/users/gquintard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gquintard/subscriptions","organizations_url":"https://api.github.com/users/gquintard/orgs","repos_url":"https://api.github.com/users/gquintard/repos","events_url":"https://api.github.com/users/gquintard/events{/privacy}","received_events_url":"https://api.github.com/users/gquintard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":5,"created_at":"2024-03-18T21:45:09Z","updated_at":"2024-05-15T23:42:10Z","closed_at":"2024-04-09T15:19:21Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi!\r\n\r\ncould we get a release (or a branch, I'm not greedy) targeting 7.5 (`master` targets `trunk` at the moment)? I need it to release the `docker` images","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/113/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/113/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/114","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/114/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/114/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/114/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/114","id":2205936169,"node_id":"I_kwDOBBOOTM6De-op","number":114,"title":"Object resolver not initialized?","user":{"login":"cosimo","id":109366,"node_id":"MDQ6VXNlcjEwOTM2Ng==","avatar_url":"https://avatars.githubusercontent.com/u/109366?v=4","gravatar_id":"","url":"https://api.github.com/users/cosimo","html_url":"https://github.com/cosimo","followers_url":"https://api.github.com/users/cosimo/followers","following_url":"https://api.github.com/users/cosimo/following{/other_user}","gists_url":"https://api.github.com/users/cosimo/gists{/gist_id}","starred_url":"https://api.github.com/users/cosimo/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/cosimo/subscriptions","organizations_url":"https://api.github.com/users/cosimo/orgs","repos_url":"https://api.github.com/users/cosimo/repos","events_url":"https://api.github.com/users/cosimo/events{/privacy}","received_events_url":"https://api.github.com/users/cosimo/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":6,"created_at":"2024-03-25T14:47:12Z","updated_at":"2024-03-25T16:57:37Z","closed_at":"2024-03-25T16:57:37Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi!\r\n\r\nI'm trying to use libvmod_dynamic with varnish 7.4:\r\n* varnishcache/varnish-cache@b659b7ae62b44c05888919c5c1cd03ba6eaec681\r\n* libvmod-dynamic rev: 3697d6f195fe077fe213918b7b67f5da4efdede2\r\n\r\nThis is on Ubuntu 20.04, and I've build `libvmod_dynamic.so` using this Dockerfile: https://gist.github.com/cosimo/314e441313426a93bdfd3438059e44f9\r\n\r\nMy runtime environment is varnish 7.4.3-1~focal on Ubuntu 20.04.6 TLS x86_64 from the `https://packagecloud.io/varnishcache/varnish74/ubuntu/ focal main` debian repository.\r\n\r\nThe relevant VCL code is:\r\n\r\n```\r\nvcl 4.0;\r\nimport dynamic;\r\n\r\nbackend default none;\r\n\r\nsub vcl_init {\r\n    new r = dynamic.resolver();\r\n    new rest = dynamic.director(\r\n      port = \"80\",\r\n      resolver = r.use(),\r\n      ttl_from = dns\r\n    );\r\n}\r\n\r\nsub vcl_recv {\r\n    # `_rest._tcp.example.com` is an SRV record\r\n    set req.backend_hint = rest.backend(\"_rest._tcp.example.com\");\r\n}\r\n```\r\n\r\nWhen starting up varnish, I'm getting the following error:\r\n\r\n```\r\nMar 25 14:27:35 host varnishd[2689915]: Version: varnish-7.4.3 revision b659b7ae62b44c05888919c5c1cd03ba6eaec681\r\nMar 25 14:27:35 host varnishd[2689915]: Platform: Linux,5.15.0-1053-aws,x86_64,-junix,-smalloc,-sdefault,-hcritbit\r\nMar 25 14:27:35 host varnishd[2689915]: Child (2689931) Started\r\nMar 25 14:27:35 host varnishd[2689915]: Child launched OK\r\nMar 25 14:27:35 host varnishd[2689915]: Error: Child (2689931) Pushing vcls failed:\r\nMar 25 14:27:35 host varnishd[2689915]: VCL \"boot\" Failed initialization\r\nMar 25 14:27:35 host varnishd[2689915]: Message:\r\nMar 25 14:27:35 host varnishd[2689915]:         Object r not initialized\r\nMar 25 14:27:35 host varnishd[2689915]: Info: Child (2689931) said Child starts\r\nMar 25 14:27:35 host varnishd[2689915]: Child (2689931) Pushing vcls failed:\r\n                                                                      VCL \"boot\" Failed initialization\r\n                                                                      Message:\r\n                                                                              Object r not initialized\r\nMar 25 14:27:35 host varnishd[2689915]: Stopping Child\r\nMar 25 14:27:35 host varnishd[2689915]: Child (2689931) said Child starts\r\nMar 25 14:27:35 host varnishd[2689915]: Info: Child (2689931) said Child dies\r\nMar 25 14:27:35 host varnishd[2689915]: Info: Child (2689931) ended\r\nMar 25 14:27:35 host varnishd[2689915]: Child (2689931) said Child dies\r\nMar 25 14:27:35 host varnishd[2689915]: Child (2689931) ended\r\nMar 25 14:27:35 host varnishd[2689915]: Child cleanup complete\r\n```\r\n\r\nHave looked at the documentation in the `vmod_dynamic.vcc` but I haven't really understood the reason why the resolver object is not initialized.\r\n\r\nOther things I've noticed:\r\n- When querying `varnishadm backend.list -j` I see that the backends seem to be considered sick, as in:\r\n```\r\nroot@host:/etc/varnish# varnishadm backend.list -j\r\n[ 3, [\"backend.list\", \"-j\"], 1711378545.538,\r\n  {\r\n    \"boot.rest(_rest._tcp.example.com:(null))\": {\r\n      \"type\": \"dynamic\",\r\n      \"admin_health\": \"probe\",\r\n      \"probe_message\": [0, 0, \"sick\"],\r\n      \"last_change\": 1711378480.950\r\n    }\r\n  }\r\n]\r\n```\r\n- I can't seem to be able to use the `ttl_from = dns` option, the error message mentioned that I need to use a `resolver`, which I am indeed doing.\r\n- When running `make check` from inside the Docker container build, 1 test is failing. Here's the output I'm seeing:\r\n\r\n```\r\nPASS: tests/layer.vtc\r\nPASS: tests/r00107.vtc\r\nPASS: tests/stale_obj.vtc\r\nPASS: tests/test01.vtc\r\nPASS: tests/test02.vtc\r\nPASS: tests/test03.vtc\r\nPASS: tests/test04.vtc\r\nPASS: tests/test05.vtc\r\nPASS: tests/test06.vtc\r\nPASS: tests/test07.vtc\r\nPASS: tests/test08.vtc\r\nPASS: tests/test09.vtc\r\nPASS: tests/test10.vtc\r\nPASS: tests/test11.vtc\r\nPASS: tests/test12.vtc\r\nFAIL: tests/test13.vtc\r\nPASS: tests/test14.vtc\r\nPASS: tests/via.vtc\r\n```\r\n\r\nWould you have any guidance, or examples of usage of libvmod-dynamic? I haven't found much doing web searches or checking other repositories on github.\r\n\r\nThanks!","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/114/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/114/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/115","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/115/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/115/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/115/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/115","id":2292508729,"node_id":"I_kwDOBBOOTM6IpOg5","number":115,"title":"Unexpected behavior with new timeouts: \"zero\" timeout despite long defaults","user":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2024-05-13T11:10:43Z","updated_at":"2024-05-14T06:44:13Z","closed_at":"2024-05-14T06:43:00Z","author_association":"OWNER","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"logging an issue found by @martin-uplex\r\n\r\nUsing this dynamic director\r\n\r\n```vcl\r\nbackend sslon {\r\n   .path = \"/tmp/varnish_sslon.proxy.sock\";\r\n   .connect_timeout = 5s;\r\n   .first_byte_timeout = 20s;\r\n   .between_bytes_timeout = 20s;\r\n}\r\n\r\nsub vcl_init {\r\n   new https = dynamic.director(via = sslon, port = 443);\r\n}\r\n```\r\n\r\nwith these global timeouts\r\n```\r\nfirst_byte_timeout            300.000 [seconds]\r\nidle_send_timeout             300.000 [seconds]\r\npipe_timeout                  300.000 [seconds]\r\n```\r\n\r\nand no vcl override of timeouts leads to behavior as if a 0 timeout was configured:\r\n\r\n```\r\n--- Timestamp      Fetch: 1715591622.154104 0.008790 0.000009\r\n--- Timestamp      Connected: 1715591622.154129 0.008815 0.000025\r\n--- BackendOpen    644 https.www.site.de(X.X.X.X:443) 0.0.0.0 0 0.0.0.0 0 connect\r\n--- Timestamp      Bereq: 1715591622.154136 0.008822 0.000006\r\n--- FetchError     first byte timeout\r\n--- BackendClose   644 https.www.site.de(X.X.X.X:443) close Receive timeout\r\n--- Timestamp      Beresp: 1715591622.155162 0.009848 0.001025\r\n--- Timestamp      Error: 1715591622.155163 0.009849 0.000000 \r\n```\r\n\r\nThe workaround is to set explicit timeouts in the director.\r\n\r\nProbably related to a7059d4efab10a285c1f57f7e02bbe631cf3a649 / https://github.com/varnishcache/varnish-cache/commit/119056c4d9319155c6c6c2148519d2e8d81d5f76","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/115/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/115/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/116","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/116/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/116/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/116/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/116","id":2315307267,"node_id":"I_kwDOBBOOTM6KAMkD","number":116,"title":"Assert error in getdns_result(): Condition((rr) != 0) not true.","user":{"login":"delthas","id":1863865,"node_id":"MDQ6VXNlcjE4NjM4NjU=","avatar_url":"https://avatars.githubusercontent.com/u/1863865?v=4","gravatar_id":"","url":"https://api.github.com/users/delthas","html_url":"https://github.com/delthas","followers_url":"https://api.github.com/users/delthas/followers","following_url":"https://api.github.com/users/delthas/following{/other_user}","gists_url":"https://api.github.com/users/delthas/gists{/gist_id}","starred_url":"https://api.github.com/users/delthas/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/delthas/subscriptions","organizations_url":"https://api.github.com/users/delthas/orgs","repos_url":"https://api.github.com/users/delthas/repos","events_url":"https://api.github.com/users/delthas/events{/privacy}","received_events_url":"https://api.github.com/users/delthas/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2024-05-24T12:36:39Z","updated_at":"2024-05-27T16:32:51Z","closed_at":"2024-05-27T16:32:40Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Stressing Varnish + libvmod-dynamic with many dynamic backends (with probes), I'm sometimes getting the following panic:\r\n```\r\nAssert error in getdns_result(), dyn_resolver_getdns.c line 259:\r\n  Condition((rr) != 0) not true.\r\nBacktrace:\r\n  0x55bf1d92da92: /usr/sbin/varnishd(+0x5ba92) [0x55bf1d92da92]\r\n  0x55bf1d9aac45: /usr/sbin/varnishd(VAS_Fail+0x45) [0x55bf1d9aac45]\r\n  0x7f845e54e5ec: ./vmod_cache/_vmod_dynamic.29b766e616262ab0ef9252419367ce48fbf642168ba34fc382b1742a77dac5c4(+0xf5ec) [0x7f845e54e5ec]\r\n  0x7f845e544b65: ./vmod_cache/_vmod_dynamic.29b766e616262ab0ef9252419367ce48fbf642168ba34fc382b1742a77dac5c4(+0x5b65) [0x7f845e544b65]\r\n  0x7f84731cd064: /lib/x86_64-linux-gnu/libpthread.so.0(+0x8064) [0x7f84731cd064]\r\n  0x7f8472f0262d: /lib/x86_64-linux-gnu/libc.so.6(clone+0x6d) [0x7f8472f0262d]\r\n```\r\nThis refers to the assert here: https://github.com/nigoroll/libvmod-dynamic/blob/master/src/dyn_resolver_getdns.c#L259\r\n\r\nI can't reproduce this on my machine to debug locally, I only got this on a remote server. I think the DNS server there might be having issues; but if this is caused by some DNS server issue we should probably not panic (and instead just add no backend).\r\n\r\nFrom my understanding of the function, this can happen if `getdns_common_more_answers(state) != 0` from the beginning (or if `getdns_common_more_answers(state) == 0` and `getdns_list_get_dict(state->answers, state->answer++, &rr)` gives a NULL `rr`, not sure if that's relevant).","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/116/reactions","total_count":1,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":1,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/116/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/117","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/117/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/117/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/117/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/117","id":2318884269,"node_id":"I_kwDOBBOOTM6KN12t","number":117,"title":"Still happens: Dynamic Backends can only be added to warm VCLs","user":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804425,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjU=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/help%20wanted","name":"help wanted","color":"128A0C","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":7,"created_at":"2024-05-27T11:03:00Z","updated_at":"2024-11-14T17:58:05Z","closed_at":"2024-11-14T17:58:04Z","author_association":"OWNER","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I'm getting the same assert again, but in a slightly different way (even with the fix).\r\n\r\nThe stack is still:\r\n```\r\nWrong turn at cache/cache_vrt_vcl.c:251:\r\nDynamic Backends can only be added to warm VCLs\r\nBacktrace:\r\n  ip=0x5f26789d8ebe sp=0x70bc775fe870 <pan_ic+0x34e>\r\n  ip=0x5f2678aa5985 sp=0x70bc775fe9e0 <VAS_Fail+0x55>\r\n  ip=0x5f2678a0ee86 sp=0x70bc775fea30 <VRT_AddDirector+0x956>\r\n  ip=0x5f267899527d sp=0x70bc775feb80 <VRT_new_backend_clustered+0xc0d>\r\n  ip=0x5f2678995d22 sp=0x70bc775fec80 <VRT_new_backend+0x132>\r\n  ip=0x70bc82abfe61 sp=0x70bc775fecb0 <ref_add+0x660>\r\n  ip=0x70bc82ac0acc sp=0x70bc775ff1d0 <dom_update+0xb69>\r\n  ip=0x70bc82ac1395 sp=0x70bc775ff340 <dom_lookup_thread+0x485>\r\n  ip=0x70bc99399ded sp=0x70bc775ff450\r\n  ip=0x70bc9941d0dc sp=0x70bc775ff500\r\n```\r\n\r\nI'm stressing Varnish + libvmod-dynamic with a lot of VCL reloads. Everything usually works fine for a while (sometimes hours), until Varnish starts to loop on this error, every ~15s to ~1 minute. So, no issues for hours and then once I get this panic, it repeats every ~15s to ~1min: child crashes, child restarts, child crashes, ...\r\n\r\nHere's an excerpt of the full logs:\r\n```\r\nDebug: Child (606349) Started\r\nChild launched OK\r\nInfo: Child (606349) said Child starts\r\nError: Child (606349) not responding to CLI, killed it.\r\nError: Child (606349) not responding to CLI, killed it.\r\nError: Unexpected reply from ping: 400 CLI communication error (hdr)\r\nError: Child (606349) not responding to CLI, killed it.\r\nError: Unexpected reply from ping: 400 CLI communication error\r\nError: Child (606349) died signal=3 (core dumped)\r\nDebug: Child cleanup complete\r\nDebug: Child (645026) Started\r\nChild launched OK\r\nInfo: Child (645026) said Child starts\r\nError: Child (645026) not responding to CLI, killed it.\r\nError: Child (645026) not responding to CLI, killed it.\r\nError: Unexpected reply from ping: 400 CLI communication error\r\nError: Child (645026) died signal=6 (core dumped)\r\nError: Child (645026) Panic at: Fri, 24 May 2024 14:58:32 GMT\r\nWrong turn at cache/cache_vrt_vcl.c:251:\r\nDynamic Backends can only be added to warm VCLs\r\nBacktrace:\r\n  ip=0x6281a32f6ebe sp=0x76e6579fe870 <pan_ic+0x34e>\r\n  ip=0x6281a33c3985 sp=0x76e6579fe9e0 <VAS_Fail+0x55>\r\n  ip=0x6281a332ce86 sp=0x76e6579fea30 <VRT_AddDirector+0x956>\r\n  ip=0x6281a32b327d sp=0x76e6579feb80 <VRT_new_backend_clustered+0xc0d>\r\n  ip=0x6281a32b3d22 sp=0x76e6579fec80 <VRT_new_backend+0x132>\r\n  ip=0x76e661960e61 sp=0x76e6579fecb0 <ref_add+0x660>\r\n  ip=0x76e661961acc sp=0x76e6579ff1d0 <dom_update+0xb69>\r\n  ip=0x76e661962395 sp=0x76e6579ff340 <dom_lookup_thread+0x485>\r\n  ip=0x76e676e3aded sp=0x76e6579ff450\r\n  ip=0x76e676ebe0dc sp=0x76e6579ff500\r\nDebug: Child cleanup complete\r\nDebug: Child (649299) Started\r\nChild launched OK\r\nInfo: Child (649299) said Child starts\r\nError: Child (649299) not responding to CLI, killed it.\r\nError: Child (649299) not responding to CLI, killed it.\r\nError: Unexpected reply from ping: 400 CLI communication error\r\nError: Child (649299) died signal=6 (core dumped)\r\nError: Child (649299) Panic at: Fri, 24 May 2024 14:58:46 GMT\r\nWrong turn at cache/cache_vrt_vcl.c:251:\r\nDynamic Backends can only be added to warm VCLs\r\nBacktrace:\r\n  ip=0x6281a32f6ebe sp=0x76e654bfe870 <pan_ic+0x34e>\r\n  ip=0x6281a33c3985 sp=0x76e654bfe9e0 <VAS_Fail+0x55>\r\n  ip=0x6281a332ce86 sp=0x76e654bfea30 <VRT_AddDirector+0x956>\r\n  ip=0x6281a32b327d sp=0x76e654bfeb80 <VRT_new_backend_clustered+0xc0d>\r\n  ip=0x6281a32b3d22 sp=0x76e654bfec80 <VRT_new_backend+0x132>\r\n  ip=0x76e661686e61 sp=0x76e654bfecb0 <ref_add+0x660>\r\n  ip=0x76e661687acc sp=0x76e654bff1d0 <dom_update+0xb69>\r\n  ip=0x76e661688395 sp=0x76e654bff340 <dom_lookup_thread+0x485>\r\n  ip=0x76e676e3aded sp=0x76e654bff450\r\n  ip=0x76e676ebe0dc sp=0x76e654bff500\r\nDebug: Child cleanup complete\r\nDebug: Child (653709) Started\r\nChild launched OK\r\nInfo: Child (653709) said Child starts\r\nError: Child (653709) not responding to CLI, killed it.\r\nError: Child (653709) not responding to CLI, killed it.\r\nError: Unexpected reply from ping: 400 CLI communication error\r\nError: Child (653709) died signal=6 (core dumped)\r\nError: Child (653709) Panic at: Fri, 24 May 2024 14:59:01 GMT\r\nWrong turn at cache/cache_vrt_vcl.c:251:\r\nDynamic Backends can only be added to warm VCLs\r\nBacktrace:\r\n  ip=0x6281a32f6ebe sp=0x76e6523fe870 <pan_ic+0x34e>\r\n  ip=0x6281a33c3985 sp=0x76e6523fe9e0 <VAS_Fail+0x55>\r\n  ip=0x6281a332ce86 sp=0x76e6523fea30 <VRT_AddDirector+0x956>\r\n  ip=0x6281a32b327d sp=0x76e6523feb80 <VRT_new_backend_clustered+0xc0d>\r\n  ip=0x6281a32b3d22 sp=0x76e6523fec80 <VRT_new_backend+0x132>\r\n  ip=0x76e66099fe61 sp=0x76e6523fecb0 <ref_add+0x660>\r\n  ip=0x76e6609a0acc sp=0x76e6523ff1d0 <dom_update+0xb69>\r\n  ip=0x76e6609a1395 sp=0x76e6523ff340 <dom_lookup_thread+0x485>\r\n  ip=0x76e676e3aded sp=0x76e6523ff450\r\n  ip=0x76e676ebe0dc sp=0x76e6523ff500\r\nDebug: Child cleanup complete\r\nDebug: Child (658076) Started\r\nChild launched OK\r\nInfo: Child (658076) said Child starts\r\nError: Child (658076) not responding to CLI, killed it.\r\nError: Child (658076) not responding to CLI, killed it.\r\nError: Unexpected reply from ping: 400 CLI communication error\r\nError: Child (658076) died signal=6 (core dumped)\r\nError: Child (658076) Panic at: Fri, 24 May 2024 14:59:21 GMT\r\nWrong turn at cache/cache_vrt_vcl.c:251:\r\nDynamic Backends can only be added to warm VCLs\r\nBacktrace:\r\n  ip=0x6281a32f6ebe sp=0x76e655ffe870 <pan_ic+0x34e>\r\n  ip=0x6281a33c3985 sp=0x76e655ffe9e0 <VAS_Fail+0x55>\r\n  ip=0x6281a332ce86 sp=0x76e655ffea30 <VRT_AddDirector+0x956>\r\n  ip=0x6281a32b327d sp=0x76e655ffeb80 <VRT_new_backend_clustered+0xc0d>\r\n  ip=0x6281a32b3d22 sp=0x76e655ffec80 <VRT_new_backend+0x132>\r\n  ip=0x76e6617a5e61 sp=0x76e655ffecb0 <ref_add+0x660>\r\n  ip=0x76e6617a6acc sp=0x76e655fff1d0 <dom_update+0xb69>\r\n  ip=0x76e6617a7395 sp=0x76e655fff340 <dom_lookup_thread+0x485>\r\n  ip=0x76e676e3aded sp=0x76e655fff450\r\n  ip=0x76e676ebe0dc sp=0x76e655fff500\r\nDebug: Child cleanup complete\r\nDebug: Child (662441) Started\r\nChild launched OK\r\nInfo: Child (662441) said Child starts\r\nError: Child (662441) not responding to CLI, killed it.\r\nError: Child (662441) not responding to CLI, killed it.\r\nError: Unexpected reply from ping: 400 CLI communication error\r\nError: Child (662441) died signal=6 (core dumped)\r\nError: Child (662441) Panic at: Fri, 24 May 2024 14:59:38 GMT\r\nWrong turn at cache/cache_vrt_vcl.c:251:\r\nDynamic Backends can only be added to warm VCLs\r\nBacktrace:\r\n  ip=0x6281a32f6ebe sp=0x76e6567fe870 <pan_ic+0x34e>\r\n  ip=0x6281a33c3985 sp=0x76e6567fe9e0 <VAS_Fail+0x55>\r\n  ip=0x6281a332ce86 sp=0x76e6567fea30 <VRT_AddDirector+0x956>\r\n  ip=0x6281a32b327d sp=0x76e6567feb80 <VRT_new_backend_clustered+0xc0d>\r\n  ip=0x6281a32b3d22 sp=0x76e6567fec80 <VRT_new_backend+0x132>\r\n  ip=0x76e662eaae61 sp=0x76e6567fecb0 <ref_add+0x660>\r\n  ip=0x76e662eabacc sp=0x76e6567ff1d0 <dom_update+0xb69>\r\n  ip=0x76e662eac395 sp=0x76e6567ff340 <dom_lookup_thread+0x485>\r\n  ip=0x76e676e3aded sp=0x76e6567ff450\r\n  ip=0x76e676ebe0dc sp=0x76e6567ff500\r\nDebug: Child cleanup complete\r\n```\r\nIt continued crashing in a loop indefinitely for multiple days. I managed to attach to the process and the VCL was indeed COOL at the time of the panic.\r\n\r\n_Originally posted by @delthas in https://github.com/nigoroll/libvmod-dynamic/issues/108#issuecomment-2133195974_\r\n            ","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/117/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/117/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/118","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/118/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/118/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/118/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/118","id":2437742171,"node_id":"I_kwDOBBOOTM6RTP5b","number":118,"title":"Assert error in VRT_Assign_Backend() Condition(vdir->refcnt > 0)","user":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2024-07-30T12:39:14Z","updated_at":"2024-07-31T13:00:03Z","closed_at":"2024-07-31T13:00:03Z","author_association":"OWNER","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"https://github.com/nigoroll/libvmod-dynamic/commit/d8eea028563837e74b8d7f1467c0a8118f6cfc6d exposes what looks like a race between expiry of a newly created backend and resolution.\r\n\r\n```\r\nAssert error in VRT_Assign_Backend(), cache/cache_vrt_vcl.c line 346:\r\n  Condition(vdir->refcnt > 0) not true.\r\nversion = varnish-trunk revision c79f57fc116a958631c79e1c24f57e729df17850, vrt api = 19.1\r\nident = Linux,6.1.0-15-amd64,x86_64,-jnone,-sdefault,-sdefault,-hcritbit,epoll\r\nnow = 13523.786472 (mono), 1722337142.480783 (real)\r\nBacktrace:\r\n  ip=0x5625db174ee5 sp=0x7fea20456180 <VBT_format+0x35>\r\n  ip=0x5625db0ad0b3 sp=0x7fea204561a0 <pan_backtrace+0x33>\r\n  ip=0x5625db0acdfa sp=0x7fea204561c0 <pan_ic+0x37a>\r\n  ip=0x5625db174115 sp=0x7fea20456340 <VAS_Fail+0x55>\r\n  ip=0x5625db0e2e17 sp=0x7fea20456390 <VRT_Assign_Backend+0x2b7>\r\n  ip=0x7fea2f4111e6 sp=0x7fea204563c0 <dynamic_task_ref+0x86>\r\n  ip=0x7fea2f412d50 sp=0x7fea204563e0 <dom_resolve+0x100>\r\n  ip=0x5625db081835 sp=0x7fea20456410 <VRT_DirectorResolve+0x165>\r\n  ip=0x7fea165faf62 sp=0x7fea20456440\r\n  ip=0x5625db0e4e6c sp=0x7fea20456490 <vcl_call_method+0x61c>\r\n  ip=0x5625db0e6c70 sp=0x7fea204565d0 <VCL_synth_method+0x1e0>\r\n```\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/118/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/118/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/119","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/119/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/119/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/119/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/119","id":2472659871,"node_id":"I_kwDOBBOOTM6TYcuf","number":119,"title":"IPv6 backends remain sick - Varnish 7.4.3, vmod_dynamic 2.8.0","user":{"login":"gerhard","id":3342,"node_id":"MDQ6VXNlcjMzNDI=","avatar_url":"https://avatars.githubusercontent.com/u/3342?v=4","gravatar_id":"","url":"https://api.github.com/users/gerhard","html_url":"https://github.com/gerhard","followers_url":"https://api.github.com/users/gerhard/followers","following_url":"https://api.github.com/users/gerhard/following{/other_user}","gists_url":"https://api.github.com/users/gerhard/gists{/gist_id}","starred_url":"https://api.github.com/users/gerhard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gerhard/subscriptions","organizations_url":"https://api.github.com/users/gerhard/orgs","repos_url":"https://api.github.com/users/gerhard/repos","events_url":"https://api.github.com/users/gerhard/events{/privacy}","received_events_url":"https://api.github.com/users/gerhard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2024-08-19T07:32:03Z","updated_at":"2024-08-19T09:58:57Z","closed_at":"2024-08-19T09:58:57Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Given the following DNS records:\r\n\r\n```console\r\ndig changelog-2024-01-12.internal AAAA +short\r\nfdaa:0:4556:a7b:303:5118:aa8a:2\r\nfdaa:0:4556:a7b:303:ccc2:4a66:2\r\n```\r\n\r\nAnd the following dynamic backend config:\r\n\r\n```vcl\r\nbackend default none;\r\n\r\nprobe changelog_health {\r\n  .url = \"/health\";\r\n  .interval = 5s;\r\n  .timeout = 2s;\r\n  .window = 10;\r\n  .threshold = 5;\r\n}\r\n\r\n# Define IPv6 only ACL for the module\r\nacl ipv6_only { \"::0\"/0; }\r\n\r\n# Setup a dynamic director\r\nsub vcl_init {\r\n  new changelog = dynamic.director(\r\n    ttl = 1m,\r\n    probe = changelog_health,\r\n    first_byte_timeout = 5s,\r\n    connect_timeout = 5s,\r\n    between_bytes_timeout = 30s,\r\n    whitelist = ipv6_only\r\n  );\r\n}\r\n\r\nsub vcl_recv {\r\n  set req.backend_hint = changelog.backend(\"changelog-2024-01-12.internal\", \"4000\");\r\n}\r\n\r\n```\r\n\r\nEven though the backends are resolved correctly, they remain sick:\r\n\r\n```console\r\nvarnishadm backend.list\r\nBackend name                                         Admin  Probe  Health  Last change\r\nboot.changelog(changelog-2024-01-12.internal:4000)   probe  0/2    sick    Mon, 19 Aug 2024 07:17:07 GMT\r\nboot.changelog(fdaa:0:4556:a7b:303:5118:aa8a:2:4000) probe  0/10   sick    Mon, 19 Aug 2024 07:17:07 GMT\r\nboot.changelog(fdaa:0:4556:a7b:303:ccc2:4a66:2:4000) probe  0/10   sick    Mon, 19 Aug 2024 07:17:07 GMT\r\n```\r\n\r\nThis is what I see in `varnishlog`:\r\n\r\n```console\r\nvarnishlog -g raw -i backend_health\r\n         0 Backend_health - changelog(fdaa:0:4556:a7b:303:ccc2:4a66:2:4000) Still sick -6--X-R- 0 5 10 0.001638 0.000000 \"HTTP/1.1 400 Bad Request\"\r\n         0 Backend_health - changelog(fdaa:0:4556:a7b:303:5118:aa8a:2:4000) Still sick -6--X-R- 0 5 10 0.001533 0.000000 \"HTTP/1.1 400 Bad Request\"\r\n         0 Backend_health - changelog(fdaa:0:4556:a7b:303:5118:aa8a:2:4000) Still sick -6--X-R- 0 5 10 0.001314 0.000000 \"HTTP/1.1 400 Bad Request\"\r\n         0 Backend_health - changelog(fdaa:0:4556:a7b:303:ccc2:4a66:2:4000) Still sick -6--X-R- 0 5 10 0.001499 0.000000 \"HTTP/1.1 400 Bad Request\"\r\n...\r\n```\r\n\r\nAnd yet if I use `curl`, both these backends work:\r\n\r\n```console\r\ncurl -v6 http://[fdaa:0:4556:a7b:303:ccc2:4a66:2]:4000/health\r\n*   Trying [fdaa:0:4556:a7b:303:ccc2:4a66:2]:4000...\r\n* Connected to fdaa:0:4556:a7b:303:ccc2:4a66:2 (fdaa:0:4556:a7b:303:ccc2:4a66:2) port 4000 (#0)\r\n> GET /health HTTP/1.1\r\n> Host: [fdaa:0:4556:a7b:303:ccc2:4a66:2]:4000\r\n> User-Agent: curl/7.88.1\r\n> Accept: */*\r\n>\r\n< HTTP/1.1 200 OK\r\n< cache-control: max-age=0, private, must-revalidate\r\n< content-length: 0\r\n< date: Mon, 19 Aug 2024 07:28:15 GMT\r\n< server: Cowboy\r\n<\r\n* Connection #0 to host fdaa:0:4556:a7b:303:ccc2:4a66:2 left intact\r\n\r\ncurl -v6 http://[fdaa:0:4556:a7b:303:5118:aa8a:2]:4000/health\r\n*   Trying [fdaa:0:4556:a7b:303:5118:aa8a:2]:4000...\r\n* Connected to fdaa:0:4556:a7b:303:5118:aa8a:2 (fdaa:0:4556:a7b:303:5118:aa8a:2) port 4000 (#0)\r\n> GET /health HTTP/1.1\r\n> Host: [fdaa:0:4556:a7b:303:5118:aa8a:2]:4000\r\n> User-Agent: curl/7.88.1\r\n> Accept: */*\r\n>\r\n< HTTP/1.1 200 OK\r\n< cache-control: max-age=0, private, must-revalidate\r\n< content-length: 0\r\n< date: Mon, 19 Aug 2024 07:28:48 GMT\r\n< server: Cowboy\r\n<\r\n* Connection #0 to host fdaa:0:4556:a7b:303:5118:aa8a:2 left intact\r\n```\r\n\r\nI **think** that the backend IPv6 is not interpolated correctly - `changelog(fdaa:0:4556:a7b:303:ccc2:4a66:2:4000)` should be `changelog([fdaa:0:4556:a7b:303:ccc2:4a66:2]:4000)` but maybe the formatting is misleading me.\r\n\r\nIs there anything that I could do to debug this further?\r\n\r\n---\r\n\r\n- Varnish `7.4.3`\r\n- vmod_dynamic `2.8.0` [15e32fb](https://github.com/nigoroll/libvmod-dynamic/tree/15e32fb8cf96752c90d895b0ca31451bd05d92d9)\r\n- Deployed to Fly.io, uses [`.internal` domain](https://fly.io/docs/networking/private-networking/#fly-io-internal-dns)\r\n\r\n---\r\n\r\nFTR:\r\n- https://github.com/thechangelog/changelog.com/pull/518\r\n- https://github.com/thechangelog/pipedream/pull/1","closed_by":{"login":"gerhard","id":3342,"node_id":"MDQ6VXNlcjMzNDI=","avatar_url":"https://avatars.githubusercontent.com/u/3342?v=4","gravatar_id":"","url":"https://api.github.com/users/gerhard","html_url":"https://github.com/gerhard","followers_url":"https://api.github.com/users/gerhard/followers","following_url":"https://api.github.com/users/gerhard/following{/other_user}","gists_url":"https://api.github.com/users/gerhard/gists{/gist_id}","starred_url":"https://api.github.com/users/gerhard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gerhard/subscriptions","organizations_url":"https://api.github.com/users/gerhard/orgs","repos_url":"https://api.github.com/users/gerhard/repos","events_url":"https://api.github.com/users/gerhard/events{/privacy}","received_events_url":"https://api.github.com/users/gerhard/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/119/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/119/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/120","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/120/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/120/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/120/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/120","id":2494183718,"node_id":"I_kwDOBBOOTM6Uqjkm","number":120,"title":"Help wanted: configure dynamic backend via SRV Records","user":{"login":"am4rth","id":96725262,"node_id":"U_kgDOBcPpDg","avatar_url":"https://avatars.githubusercontent.com/u/96725262?v=4","gravatar_id":"","url":"https://api.github.com/users/am4rth","html_url":"https://github.com/am4rth","followers_url":"https://api.github.com/users/am4rth/followers","following_url":"https://api.github.com/users/am4rth/following{/other_user}","gists_url":"https://api.github.com/users/am4rth/gists{/gist_id}","starred_url":"https://api.github.com/users/am4rth/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/am4rth/subscriptions","organizations_url":"https://api.github.com/users/am4rth/orgs","repos_url":"https://api.github.com/users/am4rth/repos","events_url":"https://api.github.com/users/am4rth/events{/privacy}","received_events_url":"https://api.github.com/users/am4rth/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2024-08-29T11:34:24Z","updated_at":"2024-08-30T06:07:11Z","closed_at":"2024-08-30T06:07:11Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hello,\r\n\r\ni'm currently tring to get varnish running with dynamic backend servers provied via SRV DNS Records.\r\n\r\nResolving the domains via `host` is no problem, the following data is returned:\r\n```\r\n# host -t SRV service.namespace.local\r\nservice.namespace.localhas SRV record 1 1 32768 995a7bee76fa40b194e2b761b9dfb90a.service.namespace.local.\r\n```\r\nThis is my varnish config:\r\n```\r\nbackend default none;\r\n\r\nsub vcl_init {\r\n  new r = dynamic.resolver();\r\n  new d = dynamic.director(\r\n          resolver = r.use(),\r\n  );\r\n}\r\n\r\nsub vcl_recv {\r\n    set req.backend_hint = d.service(\"service.namespace.local\");\r\n    \r\n    # more config to come\r\n}\r\n```\r\n\r\nWhen ever I try to perform a request, the resolution via getdns seems to fail:\r\n```\r\n0 Timestamp      - vmod-dynamic boot.d(srv service.namespace.local) Lookup: 1724930480.177774 0.000000 0.000000\r\n0 Timestamp      - vmod-dynamic boot.d(srv service.namespace.local) Results: 1724930480.177919 0.000145 0.000145\r\n0 Error          - vmod-dynamic boot d service.namespace.local getdns 901 (Queries for the name yielded all negative responses)\r\n```\r\n\r\nDo I miss something? Sorry if it's a obvious problem, not as experienced in varnish config.\r\n\r\nThanks in advance!","closed_by":{"login":"am4rth","id":96725262,"node_id":"U_kgDOBcPpDg","avatar_url":"https://avatars.githubusercontent.com/u/96725262?v=4","gravatar_id":"","url":"https://api.github.com/users/am4rth","html_url":"https://github.com/am4rth","followers_url":"https://api.github.com/users/am4rth/followers","following_url":"https://api.github.com/users/am4rth/following{/other_user}","gists_url":"https://api.github.com/users/am4rth/gists{/gist_id}","starred_url":"https://api.github.com/users/am4rth/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/am4rth/subscriptions","organizations_url":"https://api.github.com/users/am4rth/orgs","repos_url":"https://api.github.com/users/am4rth/repos","events_url":"https://api.github.com/users/am4rth/events{/privacy}","received_events_url":"https://api.github.com/users/am4rth/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/120/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/120/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/121","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/121/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/121/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/121/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/121","id":2528087988,"node_id":"I_kwDOBBOOTM6Wr4-0","number":121,"title":"via_uds.vtc fails when run as root","user":{"login":"delthas","id":1863865,"node_id":"MDQ6VXNlcjE4NjM4NjU=","avatar_url":"https://avatars.githubusercontent.com/u/1863865?v=4","gravatar_id":"","url":"https://api.github.com/users/delthas","html_url":"https://github.com/delthas","followers_url":"https://api.github.com/users/delthas/followers","following_url":"https://api.github.com/users/delthas/following{/other_user}","gists_url":"https://api.github.com/users/delthas/gists{/gist_id}","starred_url":"https://api.github.com/users/delthas/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/delthas/subscriptions","organizations_url":"https://api.github.com/users/delthas/orgs","repos_url":"https://api.github.com/users/delthas/repos","events_url":"https://api.github.com/users/delthas/events{/privacy}","received_events_url":"https://api.github.com/users/delthas/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2024-09-16T10:34:16Z","updated_at":"2024-09-17T08:33:00Z","closed_at":"2024-09-17T08:33:00Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"On my build server (VM, running as root), `make check` fails because `via_uds.vtc` fails.\r\n\r\nThe cause is that `v2`, making a connection to `v1` over a UDS, fails to connect, with `FetchError      b backend d1.localhost(127.0.0.1:45103): fail errno 13 (Permission denied)`. Looking into this further I can see that the `v2.sock` is created as `root:root` but the worker processes run as `vcache`, so it is normal that the connection is denied?\r\n\r\nAdding `-arg \"-j none\"` to the `varnish` commands in the VTC makes the test pass.\r\n\r\nI've made the following reproducer MWE (a heavily trimmed down via_uds):\r\n```vtc\r\nvarnishtest \"basic uds\"\r\n\r\nserver s1 {\r\n\trxreq\r\n\ttxresp\r\n} -start\r\n\r\nvarnish v2 -arg \"-a uds=${tmpdir}/v2.sock\" -vcl+backend {\r\n} -start\r\n\r\nvarnish v1 -vcl {\r\n\tbackend v2 { .path = \"${tmpdir}/v2.sock\"; }\r\n\r\n\tsub vcl_recv {\r\n\t\tset req.backend_hint = v2;\r\n\t}\r\n} -start\r\n\r\n# Uncomment in order to examine system state\r\n# delay 20\r\n\r\nclient c1 {\r\n\ttxreq\r\n\trxresp\r\n\texpect resp.status == 200\r\n} -run\r\n```\r\n\r\nRunning these commands during the delay shows the issue:\r\n\r\n```shell\r\n# ls -lA /tmp/vtc.2754.159e675b/\r\ntotal 12\r\n-rw-r--r-- 1 root root      24 Sep 16 12:30 INFO\r\ndrwxr-xr-x 7 root varnish 4096 Sep 16 12:30 v1\r\ndrwxr-xr-x 7 root varnish 4096 Sep 16 12:30 v2\r\nsrwxr-xr-x 1 root root       0 Sep 16 12:30 v2.sock\r\n```\r\n\r\n`v2.sock` is `root:root`\r\n\r\n```shell\r\n# ps aux | grep varnishd\r\nvarnish     2878  0.0  0.1  39396 12356 pts/0    SL   12:30   0:00 varnishd -d -n /tmp/vtc.2872.33571ff0/v2 -i v2 -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug,+H2RxHdr,+H2RxBody -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -M 127.0.0.1 37205 -P /tmp/vtc.2872.33571ff0/v2/varnishd.pid -a uds=/tmp/vtc.2872.33571ff0/v2.sock\r\nvcache      2894  1.0  0.7 217572 63596 pts/0    SLl  12:30   0:00 varnishd -d -n /tmp/vtc.2872.33571ff0/v2 -i v2 -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug,+H2RxHdr,+H2RxBody -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -M 127.0.0.1 37205 -P /tmp/vtc.2872.33571ff0/v2/varnishd.pid -a uds=/tmp/vtc.2872.33571ff0/v2.sock\r\nvarnish     2933  0.5  0.1  39396 10312 pts/0    SL   12:30   0:00 varnishd -d -n /tmp/vtc.2872.33571ff0/v1 -i v1 -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug,+H2RxHdr,+H2RxBody -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -a 127.0.0.1:0 -M 127.0.0.1 33001 -P /tmp/vtc.2872.33571ff0/v1/varnishd.pid\r\nvcache      2949  2.0  0.7 217572 63568 pts/0    SLl  12:30   0:00 varnishd -d -n /tmp/vtc.2872.33571ff0/v1 -i v1 -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p thread_pool_min=10 -p debug=+vtc_mode -p vsl_mask=+Debug,+H2RxHdr,+H2RxBody -p h2_initial_window_size=1m -p h2_rx_window_low_water=64k -a 127.0.0.1:0 -M 127.0.0.1 33001 -P /tmp/vtc.2872.33571ff0/v1/varnishd.pid\r\n```\r\n\r\nMasters are `varnish`, workers are `vcache`, not `root`.\r\n\r\n---\r\n\r\n[Full original failing VTC](https://github.com/user-attachments/files/17011618/vtc.txt)\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/121/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/121/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/122","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/122/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/122/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/122/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/122","id":2529375190,"node_id":"I_kwDOBBOOTM6WwzPW","number":122,"title":"7.6 branch","user":{"login":"gquintard","id":3776553,"node_id":"MDQ6VXNlcjM3NzY1NTM=","avatar_url":"https://avatars.githubusercontent.com/u/3776553?v=4","gravatar_id":"","url":"https://api.github.com/users/gquintard","html_url":"https://github.com/gquintard","followers_url":"https://api.github.com/users/gquintard/followers","following_url":"https://api.github.com/users/gquintard/following{/other_user}","gists_url":"https://api.github.com/users/gquintard/gists{/gist_id}","starred_url":"https://api.github.com/users/gquintard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gquintard/subscriptions","organizations_url":"https://api.github.com/users/gquintard/orgs","repos_url":"https://api.github.com/users/gquintard/repos","events_url":"https://api.github.com/users/gquintard/events{/privacy}","received_events_url":"https://api.github.com/users/gquintard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2024-09-16T20:10:00Z","updated_at":"2024-11-14T18:18:22Z","closed_at":"2024-11-14T18:18:22Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"can we get a release/branch/tag that will work with an installed Varnish please 7.6.\r\n\r\nRight now I'm getting the usual:\r\n```\r\nchecking for Varnish... 7.6.0\r\nconfigure: error: Varnish version trunk or higher is required.\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/122/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/122/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/123","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/123/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/123/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/123/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/123","id":2529383907,"node_id":"PR_kwDOBBOOTM57q3Nt","number":123,"title":"require 7.6","user":{"login":"gquintard","id":3776553,"node_id":"MDQ6VXNlcjM3NzY1NTM=","avatar_url":"https://avatars.githubusercontent.com/u/3776553?v=4","gravatar_id":"","url":"https://api.github.com/users/gquintard","html_url":"https://github.com/gquintard","followers_url":"https://api.github.com/users/gquintard/followers","following_url":"https://api.github.com/users/gquintard/following{/other_user}","gists_url":"https://api.github.com/users/gquintard/gists{/gist_id}","starred_url":"https://api.github.com/users/gquintard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gquintard/subscriptions","organizations_url":"https://api.github.com/users/gquintard/orgs","repos_url":"https://api.github.com/users/gquintard/repos","events_url":"https://api.github.com/users/gquintard/events{/privacy}","received_events_url":"https://api.github.com/users/gquintard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2024-09-16T20:13:30Z","updated_at":"2024-11-14T18:18:55Z","closed_at":"2024-11-14T18:18:55Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/123","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/123","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/123.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/123.patch","merged_at":null},"body":"just opening this PR so I can find that commit in this repository to build the Docker image","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/123/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/123/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/124","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/124/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/124/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/124/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/124","id":2530432380,"node_id":"I_kwDOBBOOTM6W01V8","number":124,"title":"Add wait_timeout & wait_limit","user":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804424,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjQ=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/enhancement","name":"enhancement","color":"84b6eb","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2024-09-17T08:36:29Z","updated_at":"2024-11-14T17:42:57Z","closed_at":"2024-11-14T17:42:57Z","author_association":"OWNER","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Ref https://github.com/varnishcache/varnish-cache/pull/4030","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/124/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/124/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/125","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/125/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/125/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/125/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/125","id":2542835261,"node_id":"PR_kwDOBBOOTM58YWGF","number":125,"title":"Fix layer_probe.vtc: dynamic -> ${vmod_dynamic}","user":{"login":"delthas","id":1863865,"node_id":"MDQ6VXNlcjE4NjM4NjU=","avatar_url":"https://avatars.githubusercontent.com/u/1863865?v=4","gravatar_id":"","url":"https://api.github.com/users/delthas","html_url":"https://github.com/delthas","followers_url":"https://api.github.com/users/delthas/followers","following_url":"https://api.github.com/users/delthas/following{/other_user}","gists_url":"https://api.github.com/users/delthas/gists{/gist_id}","starred_url":"https://api.github.com/users/delthas/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/delthas/subscriptions","organizations_url":"https://api.github.com/users/delthas/orgs","repos_url":"https://api.github.com/users/delthas/repos","events_url":"https://api.github.com/users/delthas/events{/privacy}","received_events_url":"https://api.github.com/users/delthas/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2024-09-23T14:24:56Z","updated_at":"2024-09-24T09:57:53Z","closed_at":"2024-09-24T09:57:53Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/125","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/125","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/125.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/125.patch","merged_at":"2024-09-24T09:57:53Z"},"body":null,"closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/125/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/125/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/126","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/126/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/126/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/126/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/126","id":2652670463,"node_id":"I_kwDOBBOOTM6eHIn_","number":126,"title":"503 on first request for Dynamic Backends with probe","user":{"login":"ronald-sz","id":97725423,"node_id":"U_kgDOBdMr7w","avatar_url":"https://avatars.githubusercontent.com/u/97725423?v=4","gravatar_id":"","url":"https://api.github.com/users/ronald-sz","html_url":"https://github.com/ronald-sz","followers_url":"https://api.github.com/users/ronald-sz/followers","following_url":"https://api.github.com/users/ronald-sz/following{/other_user}","gists_url":"https://api.github.com/users/ronald-sz/gists{/gist_id}","starred_url":"https://api.github.com/users/ronald-sz/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ronald-sz/subscriptions","organizations_url":"https://api.github.com/users/ronald-sz/orgs","repos_url":"https://api.github.com/users/ronald-sz/repos","events_url":"https://api.github.com/users/ronald-sz/events{/privacy}","received_events_url":"https://api.github.com/users/ronald-sz/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2024-11-12T16:21:14Z","updated_at":"2024-11-12T17:06:26Z","closed_at":"2024-11-12T17:06:25Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi Nils, \r\n\r\nwe are using Varnish 7.5. \r\n\r\nAfter a fresh start of Varnish I do not see any dynamic backends when I use `backend.list` in `varnishadm`. \r\n\r\nThis seems normal and after a first request a backend is generated. I suppose this happens as soon as Varnish executes the VCL-code:\r\n\r\n`set req.backend_hint = xxx.backend(\"xxxyyyzzz\");`\r\n\r\nIf there is no probe attached to this backend then the request is answered by a 200 response. \r\n\r\nAfter adding a probe to the backend the first request gets answered by a 503 response. \r\n\r\n```\r\nprobe readyCheckDefault {\r\n  .url = \"/readyCheck\";\r\n  .timeout = 1s;\r\n  .interval = 3s;\r\n  .window = 5;\r\n  .threshold = 4;\r\n}\r\n\r\nnew xxx = dynamic.director(ttl = 10s, port = 3000, probe = readyCheckDefault);\r\n```\r\n\r\nIs this how it is supposed to work? Is this a bug? A misconfiguration on our side? \r\n\r\nThanks,\r\nRonald","closed_by":{"login":"ronald-sz","id":97725423,"node_id":"U_kgDOBdMr7w","avatar_url":"https://avatars.githubusercontent.com/u/97725423?v=4","gravatar_id":"","url":"https://api.github.com/users/ronald-sz","html_url":"https://github.com/ronald-sz","followers_url":"https://api.github.com/users/ronald-sz/followers","following_url":"https://api.github.com/users/ronald-sz/following{/other_user}","gists_url":"https://api.github.com/users/ronald-sz/gists{/gist_id}","starred_url":"https://api.github.com/users/ronald-sz/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ronald-sz/subscriptions","organizations_url":"https://api.github.com/users/ronald-sz/orgs","repos_url":"https://api.github.com/users/ronald-sz/repos","events_url":"https://api.github.com/users/ronald-sz/events{/privacy}","received_events_url":"https://api.github.com/users/ronald-sz/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/126/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/126/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/127","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/127/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/127/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/127/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/127","id":2653837938,"node_id":"PR_kwDOBBOOTM6BtTLv","number":127,"title":"Add `wait_timeout` and `wait_limit` support","user":{"login":"karlvr","id":1086005,"node_id":"MDQ6VXNlcjEwODYwMDU=","avatar_url":"https://avatars.githubusercontent.com/u/1086005?v=4","gravatar_id":"","url":"https://api.github.com/users/karlvr","html_url":"https://github.com/karlvr","followers_url":"https://api.github.com/users/karlvr/followers","following_url":"https://api.github.com/users/karlvr/following{/other_user}","gists_url":"https://api.github.com/users/karlvr/gists{/gist_id}","starred_url":"https://api.github.com/users/karlvr/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/karlvr/subscriptions","organizations_url":"https://api.github.com/users/karlvr/orgs","repos_url":"https://api.github.com/users/karlvr/repos","events_url":"https://api.github.com/users/karlvr/events{/privacy}","received_events_url":"https://api.github.com/users/karlvr/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2024-11-13T01:33:57Z","updated_at":"2024-11-14T20:27:50Z","closed_at":"2024-11-14T17:29:35Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/127","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/127","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/127.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/127.patch","merged_at":"2024-11-14T17:29:35Z"},"body":"Support the new backend parameters added in Varnish 7.6 for backend connection queuing as per https://varnish-cache.org/docs/7.6/whats-new/changes-7.6.html","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/127/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/127/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/128","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/128/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/128/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/128/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/128","id":2653848083,"node_id":"PR_kwDOBBOOTM6BtVfz","number":128,"title":"Least connections algorithm","user":{"login":"karlvr","id":1086005,"node_id":"MDQ6VXNlcjEwODYwMDU=","avatar_url":"https://avatars.githubusercontent.com/u/1086005?v=4","gravatar_id":"","url":"https://api.github.com/users/karlvr","html_url":"https://github.com/karlvr","followers_url":"https://api.github.com/users/karlvr/followers","following_url":"https://api.github.com/users/karlvr/following{/other_user}","gists_url":"https://api.github.com/users/karlvr/gists{/gist_id}","starred_url":"https://api.github.com/users/karlvr/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/karlvr/subscriptions","organizations_url":"https://api.github.com/users/karlvr/orgs","repos_url":"https://api.github.com/users/karlvr/repos","events_url":"https://api.github.com/users/karlvr/events{/privacy}","received_events_url":"https://api.github.com/users/karlvr/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804424,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjQ=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/enhancement","name":"enhancement","color":"84b6eb","default":true,"description":null},{"id":2228311103,"node_id":"MDU6TGFiZWwyMjI4MzExMTAz","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/needs%20%E2%99%A1Sponsor","name":"needs ♡Sponsor","color":"e094d3","default":false,"description":"looking for support ♥"},{"id":2228316027,"node_id":"MDU6TGFiZWwyMjI4MzE2MDI3","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/needs%20varnish-cache","name":"needs varnish-cache","color":"006b75","default":false,"description":"needs work in varnish-cache"}],"state":"open","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2024-11-13T01:39:43Z","updated_at":"2025-03-06T15:09:59Z","closed_at":null,"author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/128","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/128","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/128.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/128.patch","merged_at":null},"body":"Perhaps to reopen the conversation from #71, I have ported just the _least connections_ algorithm to the master branch. We have abandoned the weighted and slow start that complicated the previous implementation. We have been using `LEAST` in production for > 5 years. We've tried switching back to the default `RR` implementation but experience issues when one of our backends runs slowly.\r\n\r\nAs you noted in #71 it isn't a guarantee of least connections (as the connection is not reserved) however we are treating it as a heuristic, and as such it has worked really well for us.\r\n\r\nAgain, if you're interested, I am happy to work this code to get it into a shape you like. I've tried to reproduce the basic logic from `dom_find` in `dom_find_leastconn` without worrying about the `alt` behaviour as it uses `dom_find` as a fall-back anyway. I look forward to hearing your thoughts when you have the time & energy!","closed_by":null,"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/128/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/128/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/129","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/129/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/129/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/129/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/129","id":2702623880,"node_id":"I_kwDOBBOOTM6hFsSI","number":129,"title":"503 for first page load after starting Varnish, no backends listed","user":{"login":"poshaughnessy","id":151207,"node_id":"MDQ6VXNlcjE1MTIwNw==","avatar_url":"https://avatars.githubusercontent.com/u/151207?v=4","gravatar_id":"","url":"https://api.github.com/users/poshaughnessy","html_url":"https://github.com/poshaughnessy","followers_url":"https://api.github.com/users/poshaughnessy/followers","following_url":"https://api.github.com/users/poshaughnessy/following{/other_user}","gists_url":"https://api.github.com/users/poshaughnessy/gists{/gist_id}","starred_url":"https://api.github.com/users/poshaughnessy/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/poshaughnessy/subscriptions","organizations_url":"https://api.github.com/users/poshaughnessy/orgs","repos_url":"https://api.github.com/users/poshaughnessy/repos","events_url":"https://api.github.com/users/poshaughnessy/events{/privacy}","received_events_url":"https://api.github.com/users/poshaughnessy/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2024-11-28T15:59:50Z","updated_at":"2024-11-29T16:27:33Z","closed_at":"2024-11-29T16:27:05Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi. Using this vmod (v7.5) for the first time, need some help please!\r\n\r\nWhen I start Varnish up (Mac, with `sudo varnishd -F -a 127.0.0.1:80 -f $(pwd)/varnish-local.vcl -s file,/tmp,500M`) and run `sudo varnishadm backend.list`, I see an empty list of backends.\r\n\r\nAnd when I try to load the page the first time, I get a `503` error. Varnishlog says `fail errno 61 (Connection refused)`. \r\n\r\nThis happens every time I stop and restart Varnish. _After_ the first page load, then the backend does appear in the list, is shown as `healthy`, and subsequent page loads work OK.\r\n\r\nThe backend application is up the whole time and I can't think why it wouldn't be able to connect the first time. I can't see any logs for the backend application which would indicate a request coming through, for the first page load.\r\n\r\nFull varnishlog for the problematic first request:\r\n\r\n```\r\n*   << BeReq    >> 3         \r\n-   Begin          bereq 2 fetch\r\n-   VCL_use        boot\r\n-   Timestamp      Start: 1732807418.475018 0.000000 0.000000\r\n-   BereqMethod    GET\r\n-   BereqURL       /ecom/products/<obfuscated>\r\n-   BereqProtocol  HTTP/1.1\r\n-   BereqHeader    Host: localhost\r\n-   BereqHeader    sec-ch-ua: \"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\"\r\n-   BereqHeader    sec-ch-ua-mobile: ?0\r\n-   BereqHeader    sec-ch-ua-platform: \"macOS\"\r\n-   BereqHeader    Upgrade-Insecure-Requests: 1\r\n-   BereqHeader    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36\r\n-   BereqHeader    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\n-   BereqHeader    Sec-Fetch-Site: none\r\n-   BereqHeader    Sec-Fetch-Mode: navigate\r\n-   BereqHeader    Sec-Fetch-User: ?1\r\n-   BereqHeader    Sec-Fetch-Dest: document\r\n-   BereqHeader    Accept-Language: en-GB,en-US;q=0.9,en;q=0.8\r\n-   BereqHeader    X-Forwarded-For: 127.0.0.1\r\n-   BereqHeader    Via: 1.1 HO-LAR17GRWNW7J (Varnish/7.5)\r\n-   BereqHeader    X-Iso-Timestamp: Thu, 28 Nov 2024 15:23:38 GMT\r\n-   BereqHeader    X-Esi-Request: false\r\n-   BereqHeader    X-Has-Token-Session: false\r\n-   BereqHeader    Cookie: X-Has-Token-Session=false\r\n-   BereqHeader    X-Mfe-Type: page\r\n-   BereqHeader    X-Cookie-Consent-Given: false\r\n-   BereqHeader    X-Functional-Cookie-Accepted: false\r\n-   BereqHeader    X-Analytics-Cookie-Accepted: false\r\n-   BereqHeader    X-Advertising-Cookie-Accepted: false\r\n-   BereqHeader    Accept-Encoding: gzip\r\n-   BereqHeader    X-Cache: MISS\r\n-   BereqHeader    X-Varnish: 3\r\n-   VCL_call       BACKEND_FETCH\r\n-   VCL_return     fetch\r\n-   Timestamp      Fetch: 1732807418.475039 0.000020 0.000020\r\n-   FetchError     backend browse(127.0.0.1:9190): fail errno 61 (Connection refused)\r\n-   Timestamp      Beresp: 1732807418.481269 0.006250 0.006229\r\n-   Timestamp      Error: 1732807418.481271 0.006253 0.000002\r\n-   BerespProtocol HTTP/1.1\r\n-   BerespStatus   503\r\n-   BerespReason   Backend fetch failed\r\n-   BerespHeader   Date: Thu, 28 Nov 2024 15:23:38 GMT\r\n-   BerespHeader   Server: Varnish\r\n-   VCL_call       BACKEND_ERROR\r\n-   BerespHeader   X-Log-Priority: ERROR\r\n-   BerespHeader   X-Varnish-Backend: browse\r\n-   BerespHeader   Content-Type: text/html; charset=utf-8\r\n-   BerespHeader   Retry-After: 5\r\n-   VCL_return     deliver\r\n-   Storage        malloc Transient\r\n-   Length         278\r\n-   BereqAcct      0 0 0 0 0 0\r\n-   End            \r\n\r\n*   << Request  >> 2         \r\n-   Begin          req 1 rxreq\r\n-   Timestamp      Start: 1732807418.471300 0.000000 0.000000\r\n-   Timestamp      Req: 1732807418.471300 0.000000 0.000000\r\n-   VCL_use        boot\r\n-   ReqStart       127.0.0.1 50574 a0\r\n-   ReqMethod      GET\r\n-   ReqURL         /ecom/products/<obfuscated>\r\n-   ReqProtocol    HTTP/1.1\r\n-   ReqHeader      Host: localhost\r\n-   ReqHeader      Connection: keep-alive\r\n-   ReqHeader      Cache-Control: max-age=0\r\n-   ReqHeader      sec-ch-ua: \"Google Chrome\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\"\r\n-   ReqHeader      sec-ch-ua-mobile: ?0\r\n-   ReqHeader      sec-ch-ua-platform: \"macOS\"\r\n-   ReqHeader      Upgrade-Insecure-Requests: 1\r\n-   ReqHeader      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36\r\n-   ReqHeader      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\n-   ReqHeader      Sec-Fetch-Site: none\r\n-   ReqHeader      Sec-Fetch-Mode: navigate\r\n-   ReqHeader      Sec-Fetch-User: ?1\r\n-   ReqHeader      Sec-Fetch-Dest: document\r\n-   ReqHeader      Accept-Encoding: gzip, deflate, br, zstd\r\n-   ReqHeader      Accept-Language: en-GB,en-US;q=0.9,en;q=0.8\r\n-   ReqHeader      Cookie: X-Has-Token-Session=false\r\n-   ReqHeader      X-Forwarded-For: 127.0.0.1\r\n-   ReqHeader      Via: 1.1 HO-LAR17GRWNW7J (Varnish/7.5)\r\n-   VCL_call       RECV\r\n-   ReqHeader      X-Iso-Timestamp: Thu, 28 Nov 2024 15:23:38 GMT\r\n-   ReqHeader      X-Esi-Request: false\r\n-   ReqHeader      X-Has-Token-Session: false\r\n-   VCL_Log        customerId:-1\r\n-   ReqUnset       Cookie: X-Has-Token-Session=false\r\n-   ReqHeader      Cookie: X-Has-Token-Session=false\r\n-   ReqHeader      X-Mfe-Type: page\r\n-   ReqHeader      X-Cookie-Consent-Given: false\r\n-   ReqHeader      X-Functional-Cookie-Accepted: false\r\n-   ReqHeader      X-Analytics-Cookie-Accepted: false\r\n-   ReqHeader      X-Advertising-Cookie-Accepted: false\r\n-   VCL_return     hash\r\n-   ReqUnset       Accept-Encoding: gzip, deflate, br, zstd\r\n-   ReqHeader      Accept-Encoding: gzip\r\n-   VCL_call       HASH\r\n-   VCL_return     lookup\r\n-   VCL_call       MISS\r\n-   ReqHeader      X-Cache: MISS\r\n-   VCL_return     fetch\r\n-   Link           bereq 3 fetch\r\n-   Timestamp      Fetch: 1732807418.481376 0.010076 0.010076\r\n-   RespProtocol   HTTP/1.1\r\n-   RespStatus     503\r\n-   RespReason     Backend fetch failed\r\n-   RespHeader     Date: Thu, 28 Nov 2024 15:23:38 GMT\r\n-   RespHeader     Server: Varnish\r\n-   RespHeader     X-Log-Priority: ERROR\r\n-   RespHeader     X-Varnish-Backend: browse\r\n-   RespHeader     Content-Type: text/html; charset=utf-8\r\n-   RespHeader     Retry-After: 5\r\n-   RespHeader     X-Varnish: 2\r\n-   RespHeader     Age: 0\r\n-   RespHeader     Via: 1.1 HO-LAR17GRWNW7J (Varnish/7.5)\r\n-   VCL_call       DELIVER\r\n-   RespHeader     X-Proxy-Cache: MISS\r\n-   RespHeader     X-Mfe-Type: page\r\n-   RespHeader     Set-Cookie: X-Has-Token-Session=false; path=/; max-age=3600; samesite=strict; secure\r\n-   VCL_return     deliver\r\n-   Timestamp      Process: 1732807418.481394 0.010094 0.000018\r\n-   Filters        \r\n-   RespHeader     Content-Length: 278\r\n-   RespHeader     Connection: keep-alive\r\n-   Timestamp      Resp: 1732807418.481611 0.010311 0.000216\r\n-   ReqAcct        796 0 796 429 278 707\r\n-   End            \r\n```\r\n\r\nRelevant parts of the VCL:\r\n\r\n```\r\nimport dynamic;\r\n\r\n...\r\n\r\nbackend default none;\r\n\r\n...\r\n\r\nsub vcl_init {\r\n   new browse = dynamic.director(ttl = 15m, connect_timeout = 5s, first_byte_timeout = 30s, between_bytes_timeout = 10s);\r\n   # Other backends...\r\n}\r\n\r\nsub vcl_recv {\r\n\r\n  ...\r\n\r\n  if (<request matching logic here>) {\r\n      set req.backend_hint = browse.backend(\"localhost\", \"9190\");\r\n  }\r\n\r\n  ...\r\n```\r\n\r\n(I can't share the whole VCL, but could share other specific bits as needed. I could also try to make a stripped-down VCL for minimal replication if helpful?)\r\n\r\nThe behaviour I was expecting was for the backends to be initialised at startup, but I might have assumed that incorrectly - on the fly is fine, as long as the first page load can be served correctly?\r\n\r\nThanks v much in advance and for all your work on this vmod, which should be really useful for us!","closed_by":{"login":"poshaughnessy","id":151207,"node_id":"MDQ6VXNlcjE1MTIwNw==","avatar_url":"https://avatars.githubusercontent.com/u/151207?v=4","gravatar_id":"","url":"https://api.github.com/users/poshaughnessy","html_url":"https://github.com/poshaughnessy","followers_url":"https://api.github.com/users/poshaughnessy/followers","following_url":"https://api.github.com/users/poshaughnessy/following{/other_user}","gists_url":"https://api.github.com/users/poshaughnessy/gists{/gist_id}","starred_url":"https://api.github.com/users/poshaughnessy/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/poshaughnessy/subscriptions","organizations_url":"https://api.github.com/users/poshaughnessy/orgs","repos_url":"https://api.github.com/users/poshaughnessy/repos","events_url":"https://api.github.com/users/poshaughnessy/events{/privacy}","received_events_url":"https://api.github.com/users/poshaughnessy/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/129/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/129/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/130","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/130/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/130/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/130/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/130","id":2876199629,"node_id":"I_kwDOBBOOTM6rb1LN","number":130,"title":"Does HTTPS / SSL work out of the box?","user":{"login":"musabshak","id":20545913,"node_id":"MDQ6VXNlcjIwNTQ1OTEz","avatar_url":"https://avatars.githubusercontent.com/u/20545913?v=4","gravatar_id":"","url":"https://api.github.com/users/musabshak","html_url":"https://github.com/musabshak","followers_url":"https://api.github.com/users/musabshak/followers","following_url":"https://api.github.com/users/musabshak/following{/other_user}","gists_url":"https://api.github.com/users/musabshak/gists{/gist_id}","starred_url":"https://api.github.com/users/musabshak/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/musabshak/subscriptions","organizations_url":"https://api.github.com/users/musabshak/orgs","repos_url":"https://api.github.com/users/musabshak/repos","events_url":"https://api.github.com/users/musabshak/events{/privacy}","received_events_url":"https://api.github.com/users/musabshak/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804427,"node_id":"MDU6TGFiZWw0NDM4MDQ0Mjc=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/question","name":"question","color":"cc317c","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":4,"created_at":"2025-02-24T21:31:50Z","updated_at":"2025-03-05T16:20:22Z","closed_at":"2025-02-25T13:17:47Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I am trying to use `libvmod-dynamic` to point Varnish to Google Cloud Storage's S3 REST API endpoint [1]: `storage.googleapis.com`. That is, trying to use Varnish as a caching forward-proxy to GCS. I need to use this / other similar \"dynamic backend\" VMOD because `storage.googleapis.com` resolves to multiple IPV4 + IPV6 IPs, and without using this VMOD, Varnish results in an error of the form:\n\n```\nBackend host \"url2.external-backend.com\": resolves to multiple IPv4 addresses.\nOnly one address is allowed.\nPlease specify which exact address you want to use, we found these:\n\n```\n\nWhen I configure a dynamic director with port \"80\", Varnish is able to connect to GCS just fine:\n\n```\n      new d = dynamic.director(\n        port = \"80\",\n        whitelist = ipv4_only,\n        connect_timeout = 5s,\n        first_byte_timeout = 10s,\n        between_bytes_timeout = 10s,\n        ttl = 1s\n      );\n\n      set req.backend_hint = d.backend(host = \"storage.googleapis.com\");\n```\n\nBut when I switch to using \"443\" (HTTPS), Varnish is never able to connect to the GCS backend and returns errors:\n```\n-   BackendOpen    33 d(142.251.214.155:443) 142.251.214.155 443 10.0.26.45 50656 connect\n-   Timestamp      Bereq: 1740431027.316045 0.002099 0.000087\n-   FetchError     HTC eof (Unexpected end of input)\n-   BackendClose   33 d(142.251.214.155:443) close RX_BAD\n-   Timestamp      Beresp: 1740431027.318051 0.004105 0.002006\n-   Timestamp      Error: 1740431027.318055 0.004109 0.000003\n-   BerespProtocol HTTP/1.1\n-   BerespStatus   503\n-   BerespReason   Backend fetch failed\n-   BerespHeader   Date: Mon, 24 Feb 2025 21:03:47 GMT\n-   BerespHeader   Server: Varnish\n-   VCL_call       BACKEND_ERROR\n```\n\nThe motivation obviously is to use encrypted HTTPS for sending traffic over the public internet to/from GCS. \n\nDiscussion in https://github.com/nigoroll/libvmod-dynamic/pull/76 feels relevant. Any quick thoughts / pointers much appreciated. \n\nAnother similar \"dynamic backend\" VMOD (`reqwest` [2]) claims explicit support for HTTPS but I didn't see a similar claim in the `libvmod-dynamic` docs so I thought I'd quick check. Thank you!\n\n[1] https://cloud.google.com/storage/docs/interoperability\n[2] https://github.com/gquintard/vmod_reqwest\n\nimage: varnish:7.6.1","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/130/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/130/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/131","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/131/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/131/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/131/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/131","id":2900544129,"node_id":"I_kwDOBBOOTM6s4sqB","number":131,"title":"Big quit due to deadlock when destroying dynamic domains","user":{"login":"saaguero","id":2459621,"node_id":"MDQ6VXNlcjI0NTk2MjE=","avatar_url":"https://avatars.githubusercontent.com/u/2459621?v=4","gravatar_id":"","url":"https://api.github.com/users/saaguero","html_url":"https://github.com/saaguero","followers_url":"https://api.github.com/users/saaguero/followers","following_url":"https://api.github.com/users/saaguero/following{/other_user}","gists_url":"https://api.github.com/users/saaguero/gists{/gist_id}","starred_url":"https://api.github.com/users/saaguero/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/saaguero/subscriptions","organizations_url":"https://api.github.com/users/saaguero/orgs","repos_url":"https://api.github.com/users/saaguero/repos","events_url":"https://api.github.com/users/saaguero/events{/privacy}","received_events_url":"https://api.github.com/users/saaguero/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":2228316027,"node_id":"MDU6TGFiZWwyMjI4MzE2MDI3","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/needs%20varnish-cache","name":"needs varnish-cache","color":"006b75","default":false,"description":"needs work in varnish-cache"}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":10,"created_at":"2025-03-06T14:17:41Z","updated_at":"2025-12-07T16:04:48Z","closed_at":"2025-12-07T16:04:48Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"On normal operations, without much traffic, I have seen the following panic:\n\nThe way I used it is like the following (with haproxy for ssl)\n\n```vcl\nbackend sslon {\n  .path = \"/run/sslon\";\n}\n\nsub vcl_init {\n    new director = dynamic.director(\n        ttl = 10s,\n        via = sslon,\n        port = 443);\n}\n\nsub vcl_backend_fetch {\n    set bereq.backend = director.backend(regsub(bereq.http.baseUrl, \"^(https://)?(.*?)/?$\", \"\\2\"));\n    return(fetch);\n}\n```\n\n```\nPanic at: Thu, 06 Mar 2025 04:55:00 GMT\nWrong turn at cache/cache_main.c:362:\nIt's time for the big quit\nversion = varnish-7.6.1 revision c3d5882003eb87e5e93dc09fb9513ca96db3ca3c, vrt api = 20.1\nident = Linux,6.8.0-1018-aws,x86_64,-jlinux,-smalloc,-sdefault,-hcritbit,epoll\nnow = 1766693.617585 (mono), 1741236889.395595 (real)\nBacktrace:\n  0x5b09f7de0ee4: /usr/sbin/varnishd(VBT_format+0x74) [0x5b09f7de0ee4]\n  0x5b09f7d5c440: /usr/sbin/varnishd(+0x60440) [0x5b09f7d5c440]\n  0x5b09f7de047c: /usr/sbin/varnishd(VAS_Fail+0x4c) [0x5b09f7de047c]\n  0x5b09f7d568f5: /usr/sbin/varnishd(+0x5a8f5) [0x5b09f7d568f5]\n  0x7165f9245330: /lib/x86_64-linux-gnu/libc.so.6(+0x45330) [0x7165f9245330]\n  0x7165f9298d6f: /lib/x86_64-linux-gnu/libc.so.6(+0x98d6f) [0x7165f9298d6f]\n  0x7165f929e7a3: /lib/x86_64-linux-gnu/libc.so.6(+0x9e7a3) [0x7165f929e7a3]\n  0x7165ddc5373f: ./vmod_cache/_vmod_dynamic.d0c0174a306f0e14bae5c6aeac83d361e4a831b344efeef7fb0d42bc921cd477(+0x473f) [0x7165ddc5373f]\n  0x5b09f7d6c5a4: /usr/sbin/varnishd(+0x705a4) [0x5b09f7d6c5a4]\n  0x5b09f7d6da0e: /usr/sbin/varnishd(+0x71a0e) [0x5b09f7d6da0e]\n  0x5b09f7d6e6b5: /usr/sbin/varnishd(+0x726b5) [0x5b09f7d6e6b5]\n  0x5b09f7de2dcb: /usr/sbin/varnishd(+0xe6dcb) [0x5b09f7de2dcb]\n  0x5b09f7de330b: /usr/sbin/varnishd(VCLS_Poll+0x32b) [0x5b09f7de330b]\n  0x5b09f7d37d74: /usr/sbin/varnishd(CLI_Run+0x74) [0x5b09f7d37d74]\n  0x5b09f7d570aa: /usr/sbin/varnishd(child_main+0x21a) [0x5b09f7d570aa]\n  0x5b09f7da2b15: /usr/sbin/varnishd(+0xa6b15) [0x5b09f7da2b15]\n  0x5b09f7da3d5f: /usr/sbin/varnishd(MCH_Start_Child+0xf) [0x5b09f7da3d5f]\n  0x5b09f7d29b02: /usr/sbin/varnishd(main+0x26b2) [0x5b09f7d29b02]\n  0x7165f922a1ca: /lib/x86_64-linux-gnu/libc.so.6(+0x2a1ca) [0x7165f922a1ca]\n  0x7165f922a28b: /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x8b) [0x7165f922a28b]\nargv = {\n  [0] = \\\"/usr/sbin/varnishd\\\",\n  [1] = \\\"-a\\\",\n  [2] = \\\":80\\\",\n  [3] = \\\"-a\\\",\n  [4] = \\\"localhost:8443,proxy\\\",\n  [5] = \\\"-T\\\",\n  [6] = \\\"localhost:6082\\\",\n  [7] = \\\"-f\\\",\n  [8] = \\\"/etc/varnish/default.vcl\\\",\n  [9] = \\\"-s\\\",\n  [10] = \\\"malloc,7GB\\\",\n  [11] = \\\"-p\\\",\n  [12] = \\\"vsl_buffer=32KB\\\",\n  [13] = \\\"-p\\\",\n  [14] = \\\"vsl_reclen=16372b\\\",\n  [15] = \\\"-p\\\",\n  [16] = \\\"vsl_space=256MB\\\",\n  [17] = \\\"-p\\\",\n  [18] = \\\"workspace_client=4MB\\\",\n  [19] = \\\"-p\\\",\n  [20] = \\\"workspace_backend=1MB\\\",\n  [21] = \\\"-p\\\",\n  [22] = \\\"transit_buffer=1M\\\",\n  [23] = \\\"-p\\\",\n  [24] = \\\"timeout_idle=61\\\",\n  [25] = \\\"-p\\\",\n  [26] = \\\"thread_pool_min=1000\\\",\n  [27] = \\\"-p\\\",\n  [28] = \\\"thread_pool_max=2000\\\",\n  [29] = \\\"-p\\\",\n  [30] = \\\"feature=none,+vcl_req_reset\\\",\n}\npthread.self = 0x7165f99705c0\npthread.name = (cache-main)\npthread.attr = {\n  guard = 0,\n  stack_bottom = 0x7ffdd4ec8000,\n  stack_top = 0x7ffdd56c6000,\n  stack_size = 8380416,\n}\nthr.req = NULL\nthr.busyobj = NULL\nthr.worker = NULL\nvmods = {\n  uuid = {0x7165f8ad7230, Varnish 7.6.1 c3d5882003eb87e5e93dc09fb9513ca96db3ca3c, 20.1},\n  file = {0x7165f8ad72a0, Varnish 7.6.1 c3d5882003eb87e5e93dc09fb9513ca96db3ca3c, 20.1},\n  querystring = {0x7165f8ad7310, Varnish 7.6.1 c3d5882003eb87e5e93dc09fb9513ca96db3ca3c, 20.1},\n  std = {0x7165f8ad7380, Varnish 7.6.1 c3d5882003eb87e5e93dc09fb9513ca96db3ca3c, 0.0},\n  str = {0x7165f8ad7460, Varnish 7.6.1 c3d5882003eb87e5e93dc09fb9513ca96db3ca3c, 0.0},\n  dynamic = {0x7165f8ad7540, Varnish 7.6.1 c3d5882003eb87e5e93dc09fb9513ca96db3ca3c, 20.1},\n  re = {0x7165f8ad75b0, Varnish 7.6.1 c3d5882003eb87e5e93dc09fb9513ca96db3ca3c, 20.1},\n  frozen = {0x7165f8ad7620, Varnish 7.6.1 c3d5882003eb87e5e93dc09fb9513ca96db3ca3c, 0.0},\n},\npools = {\n  pool = 0x7165e5e00000 {\n    nidle = 28,\n    nthr = 2000,\n    lqueue = 1\n  },\n  pool = 0x7165e5e00140 {\n    nidle = 28,\n    nthr = 2000,\n    lqueue = 1\n  },\n},\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/131/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/131/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/132","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/132/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/132/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/132/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/132","id":2932136844,"node_id":"I_kwDOBBOOTM6uxNuM","number":132,"title":"Supporting dual stack networking (prefer IPv6)","user":{"login":"thomasklinger1234","id":39558817,"node_id":"MDQ6VXNlcjM5NTU4ODE3","avatar_url":"https://avatars.githubusercontent.com/u/39558817?v=4","gravatar_id":"","url":"https://api.github.com/users/thomasklinger1234","html_url":"https://github.com/thomasklinger1234","followers_url":"https://api.github.com/users/thomasklinger1234/followers","following_url":"https://api.github.com/users/thomasklinger1234/following{/other_user}","gists_url":"https://api.github.com/users/thomasklinger1234/gists{/gist_id}","starred_url":"https://api.github.com/users/thomasklinger1234/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/thomasklinger1234/subscriptions","organizations_url":"https://api.github.com/users/thomasklinger1234/orgs","repos_url":"https://api.github.com/users/thomasklinger1234/repos","events_url":"https://api.github.com/users/thomasklinger1234/events{/privacy}","received_events_url":"https://api.github.com/users/thomasklinger1234/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804424,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjQ=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/enhancement","name":"enhancement","color":"84b6eb","default":true,"description":null}],"state":"open","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":4,"created_at":"2025-03-19T15:02:35Z","updated_at":"2026-01-08T13:31:39Z","closed_at":null,"author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"## Summary\n\nAs a developer, I want to configure `dynamic` VMOD to support dualstack when resolving backend endpoint IPs, so I can support dual stack architectures. \n\nIs it possible to \"prefer\" IPv6 somehow before libvmod-dynamic considers returning IPv4 addresses when calling `xdynamic.backend()` without hacking around with operating system settings, `/etc/gai.conf` or network architecture. \n\nI have looked into [this](https://github.com/nigoroll/libvmod-dynamic/blob/master/src/tests/resolver/test01.vtc) VTC test but after some tests it seems that the `acl` will rule out IPv4 addresses completely from DNS resolution but I would like to support a softer fallback to ease migration and integration for our backend teams. \n\n## Background\n\nOur network architecture mandates the usage of [dual stack](https://www.juniper.net/documentation/us/en/software/junos/is-is/topics/concept/ipv6-dual-stack-understanding.html) networking, i.e. support for both IPv4 and IPv6 addresses on the same DNS name (not record). Currently, the setup is `HAProxy -> Varnish backend -> HAproxy backend -> resolve-prefer ipv6 -> origin`, so a very standard Varnish architecture but we want to switch to using `libvmod-dynamic` instead. \n\nFor example, if I want to proxy `example.com` with Varnish and libvmod-dynamic, it resolves to the following IPs\n\n```\n$ dig +short A example.com\n23.215.0.136\n23.215.0.138\n96.7.128.175\n96.7.128.198\n23.192.228.80\n23.192.228.8\n\n$ dig +short AAAA example.com\n2600:1408:ec00:36::1736:7f24\n2600:1408:ec00:36::1736:7f31\n2600:1406:3a00:21::173e:2e65\n2600:1406:3a00:21::173e:2e66\n2600:1406:bc00:53::b81e:94c8\n2600:1406:bc00:53::b81e:94ce\n```\n\nMy use case involves the following scenario:\n- If `example.com` supports IPv6 via AAAA record, those IPs should be preferred\n- If `example.com` does not support IPv6, fallback to IPv4\n\nThis is similar to HAProxy's [resolve-prefer](https://www.haproxy.com/documentation/haproxy-configuration-manual/latest/#5.2-resolve-prefer) option. \n\n## Environment\n\n- Varnish with `libvmod-dynamic` from `varnish:7.6.1` docker image\n- HAProxy configured via `sslon` to onload TLS (otherwise we would simply use the HAProxy setting)","closed_by":null,"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/132/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/132/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/133","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/133/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/133/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/133/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/133","id":2988056403,"node_id":"PR_kwDOBBOOTM6SOhdI","number":133,"title":"Migrate to VCDK","user":{"login":"cartoush","id":16189883,"node_id":"MDQ6VXNlcjE2MTg5ODgz","avatar_url":"https://avatars.githubusercontent.com/u/16189883?v=4","gravatar_id":"","url":"https://api.github.com/users/cartoush","html_url":"https://github.com/cartoush","followers_url":"https://api.github.com/users/cartoush/followers","following_url":"https://api.github.com/users/cartoush/following{/other_user}","gists_url":"https://api.github.com/users/cartoush/gists{/gist_id}","starred_url":"https://api.github.com/users/cartoush/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/cartoush/subscriptions","organizations_url":"https://api.github.com/users/cartoush/orgs","repos_url":"https://api.github.com/users/cartoush/repos","events_url":"https://api.github.com/users/cartoush/events{/privacy}","received_events_url":"https://api.github.com/users/cartoush/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2025-04-11T09:11:00Z","updated_at":"2025-07-01T13:35:34Z","closed_at":"2025-07-01T13:35:33Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/133","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/133","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/133.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/133.patch","merged_at":"2025-07-01T13:35:33Z"},"body":"Refactoring of this VMOD so that it corresponds\r\nto the schema described in https://git.sr.ht/~dridi/vcdk","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/133/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/133/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/134","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/134/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/134/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/134/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/134","id":3044768425,"node_id":"I_kwDOBBOOTM61e3qp","number":134,"title":"Varnish 7.7","user":{"login":"ronald-sz","id":97725423,"node_id":"U_kgDOBdMr7w","avatar_url":"https://avatars.githubusercontent.com/u/97725423?v=4","gravatar_id":"","url":"https://api.github.com/users/ronald-sz","html_url":"https://github.com/ronald-sz","followers_url":"https://api.github.com/users/ronald-sz/followers","following_url":"https://api.github.com/users/ronald-sz/following{/other_user}","gists_url":"https://api.github.com/users/ronald-sz/gists{/gist_id}","starred_url":"https://api.github.com/users/ronald-sz/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ronald-sz/subscriptions","organizations_url":"https://api.github.com/users/ronald-sz/orgs","repos_url":"https://api.github.com/users/ronald-sz/repos","events_url":"https://api.github.com/users/ronald-sz/events{/privacy}","received_events_url":"https://api.github.com/users/ronald-sz/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2025-05-07T05:51:40Z","updated_at":"2025-05-22T13:44:17Z","closed_at":"2025-05-21T14:58:40Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi Nils, \n\nis libvmod-dynamic ready for Varnish 7.7? If so, could we get a branch. \n\nThank you,\nRonald","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/134/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/134/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/135","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/135/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/135/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/135/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/135","id":3424025919,"node_id":"PR_kwDOBBOOTM6o9NQX","number":135,"title":"Revert \"Handle src/vmod_vcs_version.txt\"","user":{"login":"gquintard","id":3776553,"node_id":"MDQ6VXNlcjM3NzY1NTM=","avatar_url":"https://avatars.githubusercontent.com/u/3776553?v=4","gravatar_id":"","url":"https://api.github.com/users/gquintard","html_url":"https://github.com/gquintard","followers_url":"https://api.github.com/users/gquintard/followers","following_url":"https://api.github.com/users/gquintard/following{/other_user}","gists_url":"https://api.github.com/users/gquintard/gists{/gist_id}","starred_url":"https://api.github.com/users/gquintard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gquintard/subscriptions","organizations_url":"https://api.github.com/users/gquintard/orgs","repos_url":"https://api.github.com/users/gquintard/repos","events_url":"https://api.github.com/users/gquintard/events{/privacy}","received_events_url":"https://api.github.com/users/gquintard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":4,"created_at":"2025-09-16T23:23:25Z","updated_at":"2025-12-07T18:38:43Z","closed_at":"2025-12-07T15:53:32Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/135","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/135","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/135.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/135.patch","merged_at":null},"body":"This reverts commit 2b18abec24e8b51b0b316fa028ee01cad73fc533.\r\n\r\nOn 8.0, I'm getting:\r\n\r\n```\r\n/usr/bin/install -c -m 644 vmod_dynamic.vcc ./vmod_vcs_version.txt vtc/admin_health.vtc vtc/layer.vtc vtc/layer_probe.vtc vtc/layer_reload.vtc vtc/r00107.vtc vtc/stale_obj.vtc vtc/test01.vtc vtc/test02.vtc vtc/test03.vtc vtc/test04.vtc vtc/test05.vtc vtc/test06.vtc vtc/test07.vtc vtc/test08.vtc vtc/test09.vtc vtc/test10.vtc vtc/test11.vtc vtc/test12.vtc vtc/test13.vtc vtc/test14.vtc vtc/via.vtc vtc/via_uds.vtc vtc/nogetdns/resolver_init_error.vtc '/usr/share/doc/vmod-dynamic'\r\n/bin/mkdir -p '/usr/lib/varnish/vmods'\r\ninstall: can't stat './vmod_vcs_version.txt': No such file or directory\r\n```\r\n\r\n`vmod_vcs_version.txt` doesn't seem to be generated anymore, and reverting the original commit seems to do the job.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/135/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/135/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/136","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/136/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/136/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/136/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/136","id":3652238523,"node_id":"I_kwDOBBOOTM7ZsLy7","number":136,"title":"Support for Varnish 8.0.0","user":{"login":"ronald-sz","id":97725423,"node_id":"U_kgDOBdMr7w","avatar_url":"https://avatars.githubusercontent.com/u/97725423?v=4","gravatar_id":"","url":"https://api.github.com/users/ronald-sz","html_url":"https://github.com/ronald-sz","followers_url":"https://api.github.com/users/ronald-sz/followers","following_url":"https://api.github.com/users/ronald-sz/following{/other_user}","gists_url":"https://api.github.com/users/ronald-sz/gists{/gist_id}","starred_url":"https://api.github.com/users/ronald-sz/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ronald-sz/subscriptions","organizations_url":"https://api.github.com/users/ronald-sz/orgs","repos_url":"https://api.github.com/users/ronald-sz/repos","events_url":"https://api.github.com/users/ronald-sz/events{/privacy}","received_events_url":"https://api.github.com/users/ronald-sz/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2025-11-21T15:59:26Z","updated_at":"2025-12-10T15:15:49Z","closed_at":"2025-12-07T16:33:54Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi Nils, \n\nis vmod_dynamic ready for using with Varnish 8.0.0? Could we get a branch for this?\n\nThank you!","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/136/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/136/timeline","performed_via_github_app":null,"state_reason":"completed"}]
\ No newline at end of file
diff --git a/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABmqckTzDO2bC8uw%253D%253D&direction=asc&per_page=45&sort=created&state=all b/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABmqckTzDO2bC8uw%253D%253D&direction=asc&per_page=45&sort=created&state=all
new file mode 100644
index 0000000000..42a7d306dc
--- /dev/null
+++ b/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fafter=Y3Vyc29yOnYyOpLPAAABmqckTzDO2bC8uw%253D%253D&direction=asc&per_page=45&sort=created&state=all
@@ -0,0 +1,24 @@
+X-Ratelimit-Reset: 1769189499
+X-Ratelimit-Used: 5
+Link: <https://api.github.com/repositories/68390476/issues?direction=asc&per_page=45&sort=created&state=all&before=Y3Vyc29yOnYyOpLPAAABmw6cnwDO3cGf4g%3D%3D>; rel="prev"
+Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
+Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
+X-Ratelimit-Limit: 5000
+X-Github-Request-Id: 545E:1E338F:1CE503C:199716F:6973A26E
+Vary: Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With
+X-Github-Media-Type: github.v3; param=squirrel-girl-preview
+X-Frame-Options: deny
+Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
+X-Ratelimit-Resource: core
+Content-Type: application/json; charset=utf-8
+Cache-Control: private, max-age=60, s-maxage=60
+Etag: W/"c62d1ce27432411ccc529108455637a8bb6afea88b1be0bc1285beac77d2d917"
+X-Github-Api-Version-Selected: 2022-11-28
+X-Content-Type-Options: nosniff
+X-Ratelimit-Remaining: 4995
+X-Accepted-Github-Permissions: issues=read
+Access-Control-Allow-Origin: *
+X-Xss-Protection: 0
+Content-Security-Policy: default-src 'none'
+
+[{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/137","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/137/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/137/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/137/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/137","id":3720454114,"node_id":"I_kwDOBBOOTM7dwZ_i","number":137,"title":"resolver_test01.vtc is broken to the redirection","user":{"login":"gquintard","id":3776553,"node_id":"MDQ6VXNlcjM3NzY1NTM=","avatar_url":"https://avatars.githubusercontent.com/u/3776553?v=4","gravatar_id":"","url":"https://api.github.com/users/gquintard","html_url":"https://github.com/gquintard","followers_url":"https://api.github.com/users/gquintard/followers","following_url":"https://api.github.com/users/gquintard/following{/other_user}","gists_url":"https://api.github.com/users/gquintard/gists{/gist_id}","starred_url":"https://api.github.com/users/gquintard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/gquintard/subscriptions","organizations_url":"https://api.github.com/users/gquintard/orgs","repos_url":"https://api.github.com/users/gquintard/repos","events_url":"https://api.github.com/users/gquintard/events{/privacy}","received_events_url":"https://api.github.com/users/gquintard/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2025-12-11T18:11:44Z","updated_at":"2025-12-12T11:12:19Z","closed_at":"2025-12-12T11:12:19Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"https://github.com/nigoroll/libvmod-dynamic/blob/master/src/vtc/resolver/resolver_test01.vtc#L25 now gets a 301.\n\nCan we get a release soon fixing this? Until then I'll disable tests while packaging as this is blocking the docker image builds","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/137/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/137/timeline","performed_via_github_app":null,"state_reason":"completed"}]
\ No newline at end of file
diff --git a/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fdirection=asc&per_page=45&sort=created&state=all b/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fdirection=asc&per_page=45&sort=created&state=all
new file mode 100644
index 0000000000..c62ec9e6fc
--- /dev/null
+++ b/services/migrations/testdata/github/pagination/GET_%2Frepos%2Fnigoroll%2Flibvmod-dynamic%2Fissues%3Fdirection=asc&per_page=45&sort=created&state=all
@@ -0,0 +1,24 @@
+X-Ratelimit-Reset: 1769189499
+X-Ratelimit-Resource: core
+X-Github-Request-Id: 545E:1E338F:1CE3DD7:199617C:6973A26B
+Content-Type: application/json; charset=utf-8
+Etag: W/"f4096a477bafdefb5addb2cef527544dd7d154491e9fc135eec41a153aee699e"
+X-Accepted-Github-Permissions: issues=read
+X-Frame-Options: deny
+X-Xss-Protection: 0
+Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
+Content-Security-Policy: default-src 'none'
+X-Ratelimit-Remaining: 4998
+X-Ratelimit-Limit: 5000
+X-Ratelimit-Used: 2
+Cache-Control: private, max-age=60, s-maxage=60
+Vary: Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With
+Link: <https://api.github.com/repositories/68390476/issues?direction=asc&per_page=45&sort=created&state=all&after=Y3Vyc29yOnYyOpLPAAABaaHKpHDOGUReFQ%3D%3D&page=2>; rel="next"
+X-Github-Api-Version-Selected: 2022-11-28
+Access-Control-Expose-Headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
+Access-Control-Allow-Origin: *
+X-Content-Type-Options: nosniff
+X-Github-Media-Type: github.v3; param=squirrel-girl-preview
+Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
+
+[{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/1","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/1/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/1/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/1/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/1","id":179302563,"node_id":"MDU6SXNzdWUxNzkzMDI1NjM=","number":1,"title":"What changes are needed for \"make check\" to work","user":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":8,"created_at":"2016-09-26T18:27:04Z","updated_at":"2016-11-28T08:17:58Z","closed_at":"2016-10-04T15:36:24Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"You say `The test suite may not currently run without global (but minor) changes to your system.` , but make no reference on what to change for then to work.\n\nPlease add  some more info\n\nThanks\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/1/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/1/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/2","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/2/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/2/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/2/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/2","id":181296166,"node_id":"MDU6SXNzdWUxODEyOTYxNjY=","number":2,"title":"Steal packaging goodies from vmod-querystring","user":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804424,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjQ=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/enhancement","name":"enhancement","color":"84b6eb","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/milestones/1","html_url":"https://github.com/nigoroll/libvmod-dynamic/milestone/1","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/milestones/1/labels","id":2411902,"node_id":"MDk6TWlsZXN0b25lMjQxMTkwMg==","number":1,"title":"1.0","description":null,"creator":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"open_issues":0,"closed_issues":4,"state":"open","created_at":"2017-03-26T20:50:32Z","updated_at":"2019-07-13T16:40:27Z","due_on":null,"closed_at":null},"comments":3,"created_at":"2016-10-06T00:09:42Z","updated_at":"2018-09-12T15:22:07Z","closed_at":"2018-09-12T15:22:07Z","author_association":"COLLABORATOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"The current packaging was inherited from vmod-example when it still had packaging built-in. RPM packaging was maintained, but the debian stuff was left alone so I'm not even sure it works.\n\nThis module could advertise turnkey [RPM](https://github.com/Dridi/libvmod-querystring/blob/master/Makefile.am#L41-L68) and [DPKG](https://github.com/Dridi/libvmod-querystring/blob/master/Makefile.am#L70-L97) packaging directly from `make` if you have the relevant tools on your system. And that includes chroot-type builds, like for instance building for Debian Sid on a Fedora system.\n\nDebian support is still experimental in vmod-querystring, but at least it is maintained.\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/2/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/2/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/3","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/3/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/3/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/3/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/3","id":184464855,"node_id":"MDU6SXNzdWUxODQ0NjQ4NTU=","number":3,"title":"Building vmod on debian jessie with varnish 4.1.3 fails","user":{"login":"filidorwiese","id":864967,"node_id":"MDQ6VXNlcjg2NDk2Nw==","avatar_url":"https://avatars.githubusercontent.com/u/864967?v=4","gravatar_id":"","url":"https://api.github.com/users/filidorwiese","html_url":"https://github.com/filidorwiese","followers_url":"https://api.github.com/users/filidorwiese/followers","following_url":"https://api.github.com/users/filidorwiese/following{/other_user}","gists_url":"https://api.github.com/users/filidorwiese/gists{/gist_id}","starred_url":"https://api.github.com/users/filidorwiese/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/filidorwiese/subscriptions","organizations_url":"https://api.github.com/users/filidorwiese/orgs","repos_url":"https://api.github.com/users/filidorwiese/repos","events_url":"https://api.github.com/users/filidorwiese/events{/privacy}","received_events_url":"https://api.github.com/users/filidorwiese/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804424,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjQ=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/enhancement","name":"enhancement","color":"84b6eb","default":true,"description":null},{"id":443804427,"node_id":"MDU6TGFiZWw0NDM4MDQ0Mjc=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/question","name":"question","color":"cc317c","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/milestones/1","html_url":"https://github.com/nigoroll/libvmod-dynamic/milestone/1","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/milestones/1/labels","id":2411902,"node_id":"MDk6TWlsZXN0b25lMjQxMTkwMg==","number":1,"title":"1.0","description":null,"creator":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"open_issues":0,"closed_issues":4,"state":"open","created_at":"2017-03-26T20:50:32Z","updated_at":"2019-07-13T16:40:27Z","due_on":null,"closed_at":null},"comments":8,"created_at":"2016-10-21T11:36:47Z","updated_at":"2018-09-12T15:20:53Z","closed_at":"2018-09-12T15:20:53Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi! I'm trying to build libvmod-dynamic on a minimum Debian Jessie environment with Varnish 4.1.3 already installed. When trying to run autogen.sh I get this error:\n\n```\n$ /root/libvmod-dynamic/autogen.sh\n+ aclocal -I m4 -I /usr/share/aclocal\n+ libtoolize --copy --force\nlibtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, `build-aux'.\nlibtoolize: copying file `build-aux/ltmain.sh'\nlibtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4'.\nlibtoolize: copying file `m4/libtool.m4'\nlibtoolize: copying file `m4/ltoptions.m4'\nlibtoolize: copying file `m4/ltsugar.m4'\nlibtoolize: copying file `m4/ltversion.m4'\nlibtoolize: copying file `m4/lt~obsolete.m4'\n+ autoheader\n+ automake --add-missing --copy --foreign\nsrc/Makefile.am:4: error: 'vmod_LTLIBRARIES' is used but 'vmoddir' is undefined\nautomake: warnings are treated as errors\nsrc/Makefile.am:6: warning: variable 'libvmod_dynamic_la_SOURCES' is defined but no program or\nsrc/Makefile.am:6: library has 'libvmod_dynamic_la' as canonical name (possible typo)\nsrc/Makefile.am:10: warning: variable 'nodist_libvmod_dynamic_la_SOURCES' is defined but no program or\nsrc/Makefile.am:10: library has 'libvmod_dynamic_la' as canonical name (possible typo)\n```\n\nI'm probably missing something obvious. Could someone point me in the right direction?\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/3/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/3/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/4","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/4/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/4/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/4/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/4","id":185894138,"node_id":"MDU6SXNzdWUxODU4OTQxMzg=","number":4,"title":"Fetcherror no backend connection","user":{"login":"markhowells","id":3914721,"node_id":"MDQ6VXNlcjM5MTQ3MjE=","avatar_url":"https://avatars.githubusercontent.com/u/3914721?v=4","gravatar_id":"","url":"https://api.github.com/users/markhowells","html_url":"https://github.com/markhowells","followers_url":"https://api.github.com/users/markhowells/followers","following_url":"https://api.github.com/users/markhowells/following{/other_user}","gists_url":"https://api.github.com/users/markhowells/gists{/gist_id}","starred_url":"https://api.github.com/users/markhowells/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/markhowells/subscriptions","organizations_url":"https://api.github.com/users/markhowells/orgs","repos_url":"https://api.github.com/users/markhowells/repos","events_url":"https://api.github.com/users/markhowells/events{/privacy}","received_events_url":"https://api.github.com/users/markhowells/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804422,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjI=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/bug","name":"bug","color":"ee0701","default":true,"description":null}],"state":"closed","locked":false,"assignee":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":20,"created_at":"2016-10-28T10:50:32Z","updated_at":"2016-11-15T15:23:05Z","closed_at":"2016-11-15T15:23:05Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I'm trying to create a simple proxy for a site. As the details are unknown until runtime vmod_dynamic looked perfect.  However about 30% of the time i see the following in the log\n\n```\n-   VCL_call       BACKEND_FETCH\n-   VCL_return     fetch\n-   FetchError     no backend connection\n```\n\nHere's a tiny VCL that causes the problem.\n\n```\nvcl 4.0;\nimport dynamic;\nbackend default {\n    .host = \"10.0.0.1\";\n    .port = \"80\";\n}\nsub vcl_init {\n    new dynamic_dir = dynamic.director(  port=\"80\" );\n}\nsub vcl_recv {\n    set req.backend_hint = dynamic_dir.backend();\n}\nsub vcl_backend_fetch {\n    set bereq.backend = dynamic_dir.backend();\n}\n\n```\n\nAs it stands, I'd expect that to proxy any traffic that reaches it (I'm not expecting this to cache or anything yet). I've been testing using a range of sites but a simple test add the following to your hosts file on a desktop\n`<ip of your varnish> www.dalestrailseries.co.uk`\nand point your browser at http://www.dalestrailseries.co.uk \n\nAt best you'll either see a whole page or a broken page or just an error, click a sidebar link or two and it'll always break. The same issue exists with every site i've set up...  I've experimented with every timeout I can and nothing seems to change\n\nI should add that I'm totally new to Varnish - I apologise in advance if I've got the wrong end of the stick somewhere...\n\nI've attached the varnishlog\n\n[varnishlog.txt](https://github.com/nigoroll/libvmod-dynamic/files/558154/varnishlog.txt)\n","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/4/reactions","total_count":1,"+1":1,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/4/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/5","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/5/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/5/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/5/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/5","id":187436711,"node_id":"MDExOlB1bGxSZXF1ZXN0OTI0MTQ2Njk=","number":5,"title":"Avoid deadlocking when going cold.","user":{"login":"felipewd","id":547142,"node_id":"MDQ6VXNlcjU0NzE0Mg==","avatar_url":"https://avatars.githubusercontent.com/u/547142?v=4","gravatar_id":"","url":"https://api.github.com/users/felipewd","html_url":"https://github.com/felipewd","followers_url":"https://api.github.com/users/felipewd/followers","following_url":"https://api.github.com/users/felipewd/following{/other_user}","gists_url":"https://api.github.com/users/felipewd/gists{/gist_id}","starred_url":"https://api.github.com/users/felipewd/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/felipewd/subscriptions","organizations_url":"https://api.github.com/users/felipewd/orgs","repos_url":"https://api.github.com/users/felipewd/repos","events_url":"https://api.github.com/users/felipewd/events{/privacy}","received_events_url":"https://api.github.com/users/felipewd/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2016-11-04T20:58:18Z","updated_at":"2016-11-04T23:12:05Z","closed_at":"2016-11-04T23:11:58Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/5","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/5","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/5.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/5.patch","merged_at":null},"body":"When we receive a cold/discard vmod event, we do a pthread_join with\r\nobj->mtx held.\r\n\r\nThis creates the possibility for a deadlock if, at the same time we're\r\nabout to pthread_join, another thread is in dynamic_update, which tries\r\nto hold the same mutex:\r\n\r\n\r\n```\r\nvmod_event                                       thread_A\r\nobj->active = 0\r\nlock(obj->mtx)\r\n.\r\n.                                                lock(obj->mtx)   -> deadlocks\r\n.                                                .\r\npthread_join(thread_A)                           .\r\n.                                                .\r\n.                                                unlock(obj->mtx)\r\n.\r\nunlock(obj->mtx)\r\n\r\n```\r\nThe solution is after we get the DNS results, we do an early check if\r\nthe obj is still active. If it's not, just exit there and finish the\r\nthread.\r\n\r\nThis fixes https://github.com/varnishcache/varnish-cache/issues/2103","closed_by":{"login":"felipewd","id":547142,"node_id":"MDQ6VXNlcjU0NzE0Mg==","avatar_url":"https://avatars.githubusercontent.com/u/547142?v=4","gravatar_id":"","url":"https://api.github.com/users/felipewd","html_url":"https://github.com/felipewd","followers_url":"https://api.github.com/users/felipewd/followers","following_url":"https://api.github.com/users/felipewd/following{/other_user}","gists_url":"https://api.github.com/users/felipewd/gists{/gist_id}","starred_url":"https://api.github.com/users/felipewd/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/felipewd/subscriptions","organizations_url":"https://api.github.com/users/felipewd/orgs","repos_url":"https://api.github.com/users/felipewd/repos","events_url":"https://api.github.com/users/felipewd/events{/privacy}","received_events_url":"https://api.github.com/users/felipewd/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/5/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/5/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/6","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/6/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/6/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/6/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/6","id":187459577,"node_id":"MDExOlB1bGxSZXF1ZXN0OTI0MzEyNDI=","number":6,"title":"Avoid deadlocking when going cold - take 2","user":{"login":"felipewd","id":547142,"node_id":"MDQ6VXNlcjU0NzE0Mg==","avatar_url":"https://avatars.githubusercontent.com/u/547142?v=4","gravatar_id":"","url":"https://api.github.com/users/felipewd","html_url":"https://github.com/felipewd","followers_url":"https://api.github.com/users/felipewd/followers","following_url":"https://api.github.com/users/felipewd/following{/other_user}","gists_url":"https://api.github.com/users/felipewd/gists{/gist_id}","starred_url":"https://api.github.com/users/felipewd/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/felipewd/subscriptions","organizations_url":"https://api.github.com/users/felipewd/orgs","repos_url":"https://api.github.com/users/felipewd/repos","events_url":"https://api.github.com/users/felipewd/events{/privacy}","received_events_url":"https://api.github.com/users/felipewd/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2016-11-04T23:29:34Z","updated_at":"2016-11-07T15:42:22Z","closed_at":"2016-11-07T15:42:22Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/6","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/6","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/6.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/6.patch","merged_at":null},"body":"When we receive a cold/discard vmod event, we do a pthread_join with\r\nobj->mtx held.\r\n\r\nThis creates the possibility for a deadlock if, at the same time we're\r\nabout to pthread_join, another thread is in dynamic_update, which tries\r\nto hold the same mutex:\r\n\r\n```\r\nvmod_event                         thread_A\r\nobj->active = 0\r\nlock(obj->mtx)\r\n.\r\n.                                  lock(obj->mtx)       -> deadlock\r\n.                                  .\r\npthread_join(thread_A)             .\r\n.                                  .\r\n.                                  unlock(obj->mtx)\r\n.\r\nunlock(obj->mtx)\r\n\r\n```\r\nThe solution is after we get the DNS results, we do an early check if\r\nthe obj is still active. If it's not, just exit there and finish the\r\nthread.\r\n\r\nSince we're dropping the update and exiting the thread, the user can be confused if this is logged in SLT_Error or SLT_VCL_Log.\r\n\r\nThis fixes varnishcache/varnish-cache#2103","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/6/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/6/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/7","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/7/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/7/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/7/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/7","id":187761638,"node_id":"MDU6SXNzdWUxODc3NjE2Mzg=","number":7,"title":"infinite loop in dynamic_resolve","user":{"login":"felipewd","id":547142,"node_id":"MDQ6VXNlcjU0NzE0Mg==","avatar_url":"https://avatars.githubusercontent.com/u/547142?v=4","gravatar_id":"","url":"https://api.github.com/users/felipewd","html_url":"https://github.com/felipewd","followers_url":"https://api.github.com/users/felipewd/followers","following_url":"https://api.github.com/users/felipewd/following{/other_user}","gists_url":"https://api.github.com/users/felipewd/gists{/gist_id}","starred_url":"https://api.github.com/users/felipewd/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/felipewd/subscriptions","organizations_url":"https://api.github.com/users/felipewd/orgs","repos_url":"https://api.github.com/users/felipewd/repos","events_url":"https://api.github.com/users/felipewd/events{/privacy}","received_events_url":"https://api.github.com/users/felipewd/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804422,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjI=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/bug","name":"bug","color":"ee0701","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":17,"created_at":"2016-11-07T16:39:59Z","updated_at":"2018-09-12T15:19:25Z","closed_at":"2018-09-12T15:19:25Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi,\r\n\r\nWe're facing an infinite loop in dynamic_resolve:\r\n\r\n>         do {\r\n>                 if (next != NULL)\r\n>                         next = VTAILQ_NEXT(next, list);\r\n>                 if (next == NULL)\r\n>                         next = VTAILQ_FIRST(&dom->refs);\r\n>         } while (next != dom->current &&\r\n>             !next->be->dir->healthy(next->be->dir, NULL, NULL));\r\n\r\none possible cause for this is dom->current being NULL in first place.\r\n\r\nOnly one other function changes the value of dom->current and _could_ make this condition possible, it's dynamic_del:\r\n\r\n>         if (r == dom->current)\r\n>                 dom->current = VTAILQ_NEXT(r, list);\r\n\r\nSince this part of the code doesn't have the protection to go back do VTAILQ_FIRST in case NEXT is NULL.\r\n\r\nWe'll submit a patch to fix this.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/7/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/7/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/8","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/8/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/8/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/8/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/8","id":187761915,"node_id":"MDExOlB1bGxSZXF1ZXN0OTI2MTg2MDg=","number":8,"title":"Never allow a NULL reference in dom->current","user":{"login":"felipewd","id":547142,"node_id":"MDQ6VXNlcjU0NzE0Mg==","avatar_url":"https://avatars.githubusercontent.com/u/547142?v=4","gravatar_id":"","url":"https://api.github.com/users/felipewd","html_url":"https://github.com/felipewd","followers_url":"https://api.github.com/users/felipewd/followers","following_url":"https://api.github.com/users/felipewd/following{/other_user}","gists_url":"https://api.github.com/users/felipewd/gists{/gist_id}","starred_url":"https://api.github.com/users/felipewd/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/felipewd/subscriptions","organizations_url":"https://api.github.com/users/felipewd/orgs","repos_url":"https://api.github.com/users/felipewd/repos","events_url":"https://api.github.com/users/felipewd/events{/privacy}","received_events_url":"https://api.github.com/users/felipewd/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":0,"created_at":"2016-11-07T16:40:53Z","updated_at":"2016-12-01T15:02:02Z","closed_at":"2016-12-01T15:02:02Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/8","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/8","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/8.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/8.patch","merged_at":null},"body":"If dom->current is the very last position on the queue and we're going\r\nto delete it, VTAILQ_NEXT is going to be NULL. When this happens,\r\ngo back to the first element.\r\n\r\nThis fixes issue #7","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/8/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/8/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/9","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/9/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/9/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/9/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/9","id":189007684,"node_id":"MDU6SXNzdWUxODkwMDc2ODQ=","number":9,"title":"Condition(Segmentation fault by instruction at 0x8) not true","user":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804422,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjI=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/bug","name":"bug","color":"ee0701","default":true,"description":null}],"state":"closed","locked":false,"assignee":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":1,"created_at":"2016-11-14T00:40:46Z","updated_at":"2016-11-28T23:21:25Z","closed_at":"2016-11-28T23:21:25Z","author_association":"COLLABORATOR","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I managed to make Varnish panic while I was writing a test case:\r\n\r\n```\r\nvarnishtest \"debugging\"\r\n\r\nserver s1 {\r\n\trxreq\r\n\ttxresp\r\n\r\n\taccept\r\n\trxreq\r\n\ttxresp\r\n\r\n\taccept\r\n\trxreq\r\n\ttxresp\r\n} -start\r\n\r\nvarnish v1 -vcl {\r\n\timport ${vmod_dynamic};\r\n\r\n\tbackend dummy { .host = \"${bad_ip}\"; .port = \"9080\"; }\r\n\r\n\tacl ipv4_loopback {\r\n\t\t\"127/24\";\r\n\t}\r\n\r\n\tsub vcl_init {\r\n\t\tnew d1 = dynamic.director(\r\n\t\t\tport = \"${s1_port}\",\r\n\t\t\twhitelist = ipv4_loopback,\r\n\t\t\tdomain_usage_timeout = 1s);\r\n\t\td1.debug(true);\r\n\t}\r\n\r\n\tsub vcl_recv {\r\n\t\tset req.backend_hint = d1.backend();\r\n\t}\r\n} -start\r\n\r\nlogexpect l1 -v v1 -g raw {\r\n\texpect * * Debug\t\"vmod-dynamic: vcl1 d1 localhost addr 127.0.0.1\"\r\n\texpect * * VCL_acl\t\"^MATCH ipv4_loopback\"\r\n\texpect * * Debug\t\"vmod-dynamic: vcl1 d1 localhost add-backend d1(127.0.0.1)\"\r\n\texpect * * Debug\t\"vmod-dynamic: vcl1 d1 localhost ref-backend d1(127.0.0.1) (1 in total)\"\r\n\texpect * * Debug\t\"vmod-dynamic: vcl1 d1 img.localhost addr 127.0.0.1\"\r\n\texpect * * VCL_acl\t\"^MATCH ipv4_loopback\"\r\n\texpect * * Debug\t\"vmod-dynamic: vcl1 d1 img.localhost ref-backend d1(127.0.0.1) (2 in total)\"\r\n\texpect * * VCL_Log\t\"vmod-dynamic: vcl1 d1 localhost deleted\"\r\n\texpect * * Debug\t\"vmod-dynamic: vcl1 d1 localhost unref-backend d1(127.0.0.1) (1 remaining)\"\r\n} -start\r\n\r\nclient c1 {\r\n\ttxreq -hdr \"Host: localhost\"\r\n\trxresp\r\n\texpect resp.status == 200\r\n\r\n\tdelay 1.5\r\n\r\n\ttxreq -hdr \"Host: img.localhost\"\r\n\trxresp\r\n\texpect resp.status == 200\r\n\r\n\ttxreq -hdr \"Host: www.localhost\"\r\n\trxresp\r\n\texpect resp.status == 200\r\n} -run\r\n\r\nlogexpect l1 -wait\r\n```\r\n\r\nFiling it here to make sure not to forget it, it may be related to recent changes in master.","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/9/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/9/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/10","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/10/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/10/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/10/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/10","id":190753343,"node_id":"MDExOlB1bGxSZXF1ZXN0OTQ2MzkzNTI=","number":10,"title":"Fix use-after-free","user":{"login":"rnsanchez","id":87608,"node_id":"MDQ6VXNlcjg3NjA4","avatar_url":"https://avatars.githubusercontent.com/u/87608?v=4","gravatar_id":"","url":"https://api.github.com/users/rnsanchez","html_url":"https://github.com/rnsanchez","followers_url":"https://api.github.com/users/rnsanchez/followers","following_url":"https://api.github.com/users/rnsanchez/following{/other_user}","gists_url":"https://api.github.com/users/rnsanchez/gists{/gist_id}","starred_url":"https://api.github.com/users/rnsanchez/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/rnsanchez/subscriptions","organizations_url":"https://api.github.com/users/rnsanchez/orgs","repos_url":"https://api.github.com/users/rnsanchez/repos","events_url":"https://api.github.com/users/rnsanchez/events{/privacy}","received_events_url":"https://api.github.com/users/rnsanchez/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2016-11-21T15:42:48Z","updated_at":"2016-11-21T15:54:18Z","closed_at":"2016-11-21T15:46:58Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/10","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/10","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/10.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/10.patch","merged_at":"2016-11-21T15:46:58Z"},"body":"Clang's static analyzer found a use-after-free in dynamic_stop().  dom\r\npointer is passed to dynamic_free() which deallocate its contents, but\r\nupon returning from dynamic_free(), dom and its possibly-stale contents\r\nare used unguarded in VTAILQ_REMOVE(), immediately.\r\n\r\nThis use-after-free could explain the hard-to-reproduce issue #7.","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/10/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/10/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/11","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/11/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/11/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/11/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/11","id":191737172,"node_id":"MDExOlB1bGxSZXF1ZXN0OTUzMjg4OTI=","number":11,"title":"Fix #9 in two parts","user":{"login":"rnsanchez","id":87608,"node_id":"MDQ6VXNlcjg3NjA4","avatar_url":"https://avatars.githubusercontent.com/u/87608?v=4","gravatar_id":"","url":"https://api.github.com/users/rnsanchez","html_url":"https://github.com/rnsanchez","followers_url":"https://api.github.com/users/rnsanchez/followers","following_url":"https://api.github.com/users/rnsanchez/following{/other_user}","gists_url":"https://api.github.com/users/rnsanchez/gists{/gist_id}","starred_url":"https://api.github.com/users/rnsanchez/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/rnsanchez/subscriptions","organizations_url":"https://api.github.com/users/rnsanchez/orgs","repos_url":"https://api.github.com/users/rnsanchez/repos","events_url":"https://api.github.com/users/rnsanchez/events{/privacy}","received_events_url":"https://api.github.com/users/rnsanchez/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804422,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjI=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/bug","name":"bug","color":"ee0701","default":true,"description":null}],"state":"closed","locked":false,"assignee":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":8,"created_at":"2016-11-25T16:37:24Z","updated_at":"2016-11-29T10:30:31Z","closed_at":"2016-11-28T23:21:25Z","author_association":"CONTRIBUTOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/11","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/11","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/11.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/11.patch","merged_at":null},"body":"With the patches in this PR, I cannot reproduce the problem proposed in #9 anymore.\r\n\r\nThe first commit fixes three other cases of use-after-free.  While inspecting `dynamic_free()`, it is my understanding that given the opportunity, memory being accessed just after deallocation could lead to unexpected results.  By itself, this commit does not fix #9.\r\n\r\nThe second commit avoids cleaning up the `purged_domains` list in the case domain `addr` (received in `dynamic_search()`) was not found in the `active_domains` list, thus leaving `dom` uninitialized.\r\n\r\nPlease review, since this might not be a trivial change.","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/11/reactions","total_count":1,"+1":1,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/11/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/12","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/12/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/12/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/12/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/12","id":198042367,"node_id":"MDU6SXNzdWUxOTgwNDIzNjc=","number":12,"title":"assert in dynamic_free","user":{"login":"felipewd","id":547142,"node_id":"MDQ6VXNlcjU0NzE0Mg==","avatar_url":"https://avatars.githubusercontent.com/u/547142?v=4","gravatar_id":"","url":"https://api.github.com/users/felipewd","html_url":"https://github.com/felipewd","followers_url":"https://api.github.com/users/felipewd/followers","following_url":"https://api.github.com/users/felipewd/following{/other_user}","gists_url":"https://api.github.com/users/felipewd/gists{/gist_id}","starred_url":"https://api.github.com/users/felipewd/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/felipewd/subscriptions","organizations_url":"https://api.github.com/users/felipewd/orgs","repos_url":"https://api.github.com/users/felipewd/repos","events_url":"https://api.github.com/users/felipewd/events{/privacy}","received_events_url":"https://api.github.com/users/felipewd/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804422,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjI=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/bug","name":"bug","color":"ee0701","default":true,"description":null}],"state":"closed","locked":false,"assignee":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":0,"created_at":"2016-12-29T17:36:42Z","updated_at":"2017-01-02T10:56:07Z","closed_at":"2017-01-02T10:56:07Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hey @Dridi,\r\n\r\nWe caught this assert today:\r\n\r\n```\r\n\"Assert error in dynamic_free(), vmod_dynamic.c line 506:\r\n  Condition((dom->thread) == 0) not true.\r\nBacktrace:\r\n  0x43e6d0: pan_backtrace+0x1d\r\n  0x43eb27: pan_ic+0x2f3\r\n  0x7abdfedfa32e: libvmod_dynamic.so(+0x232e) [0x7abdfedfa32e]\r\n  0x7abdfedfb54b: libvmod_dynamic.so(vmod_event+0x31b) [0x7abdfedfb54b]\r\n  0x7abd29304219: vgc.so(+0x2e219) [0x7abd29304219]\r\n  0x44d354: vcl_failsafe_event+0x223\r\n  0x44d881: vcl_set_state+0x366\r\n  0x44e3de: VCL_Poll+0xb1\r\n  0x41cfba: cli_cb_before+0x6c\r\n  0x7fcd16dac0b4: libvarnish.so(+0x80b4) [0x7fcd16dac0b4]\r\n\r\n\"\r\n```\r\n","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/12/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/12/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/13","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/13/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/13/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/13/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/13","id":198042563,"node_id":"MDExOlB1bGxSZXF1ZXN0OTk2ODA0MzU=","number":13,"title":"Always set dom->thread to 0 after a pthread join.","user":{"login":"felipewd","id":547142,"node_id":"MDQ6VXNlcjU0NzE0Mg==","avatar_url":"https://avatars.githubusercontent.com/u/547142?v=4","gravatar_id":"","url":"https://api.github.com/users/felipewd","html_url":"https://github.com/felipewd","followers_url":"https://api.github.com/users/felipewd/followers","following_url":"https://api.github.com/users/felipewd/following{/other_user}","gists_url":"https://api.github.com/users/felipewd/gists{/gist_id}","starred_url":"https://api.github.com/users/felipewd/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/felipewd/subscriptions","organizations_url":"https://api.github.com/users/felipewd/orgs","repos_url":"https://api.github.com/users/felipewd/repos","events_url":"https://api.github.com/users/felipewd/events{/privacy}","received_events_url":"https://api.github.com/users/felipewd/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804424,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjQ=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/enhancement","name":"enhancement","color":"84b6eb","default":true,"description":null}],"state":"closed","locked":false,"assignee":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":4,"created_at":"2016-12-29T17:38:07Z","updated_at":"2017-01-02T23:16:17Z","closed_at":"2017-01-02T23:16:17Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/13","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/13","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/13.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/13.patch","merged_at":null},"body":"After a pthread_join we need to guarantee that dom->thread is set to 0\r\nto avoid problems in dynamic_free.\r\n\r\nTo avoid copy+paste problems, let's do this in a simple function.\r\n\r\nFixes #12 ","closed_by":{"login":"felipewd","id":547142,"node_id":"MDQ6VXNlcjU0NzE0Mg==","avatar_url":"https://avatars.githubusercontent.com/u/547142?v=4","gravatar_id":"","url":"https://api.github.com/users/felipewd","html_url":"https://github.com/felipewd","followers_url":"https://api.github.com/users/felipewd/followers","following_url":"https://api.github.com/users/felipewd/following{/other_user}","gists_url":"https://api.github.com/users/felipewd/gists{/gist_id}","starred_url":"https://api.github.com/users/felipewd/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/felipewd/subscriptions","organizations_url":"https://api.github.com/users/felipewd/orgs","repos_url":"https://api.github.com/users/felipewd/repos","events_url":"https://api.github.com/users/felipewd/events{/privacy}","received_events_url":"https://api.github.com/users/felipewd/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/13/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/13/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/14","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/14/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/14/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/14/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/14","id":200291644,"node_id":"MDU6SXNzdWUyMDAyOTE2NDQ=","number":14,"title":"Difficulty building against Varnish 5.0 on Ubuntu 16.04","user":{"login":"scottybrisbane","id":5016282,"node_id":"MDQ6VXNlcjUwMTYyODI=","avatar_url":"https://avatars.githubusercontent.com/u/5016282?v=4","gravatar_id":"","url":"https://api.github.com/users/scottybrisbane","html_url":"https://github.com/scottybrisbane","followers_url":"https://api.github.com/users/scottybrisbane/followers","following_url":"https://api.github.com/users/scottybrisbane/following{/other_user}","gists_url":"https://api.github.com/users/scottybrisbane/gists{/gist_id}","starred_url":"https://api.github.com/users/scottybrisbane/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/scottybrisbane/subscriptions","organizations_url":"https://api.github.com/users/scottybrisbane/orgs","repos_url":"https://api.github.com/users/scottybrisbane/repos","events_url":"https://api.github.com/users/scottybrisbane/events{/privacy}","received_events_url":"https://api.github.com/users/scottybrisbane/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804427,"node_id":"MDU6TGFiZWw0NDM4MDQ0Mjc=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/question","name":"question","color":"cc317c","default":true,"description":null}],"state":"closed","locked":false,"assignee":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":5,"created_at":"2017-01-12T06:50:18Z","updated_at":"2017-02-28T06:35:56Z","closed_at":"2017-02-28T06:35:56Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I'm having trouble compiling the vmod against Varnish 5.0 on a Ubuntu 16.04 machine. When running `./autogen.sh` I receive the following output:\r\n\r\n```\r\n+ aclocal -I m4 -I /usr/share/aclocal\r\n+ libtoolize --copy --force\r\nlibtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'build-aux'.\r\nlibtoolize: copying file 'build-aux/ltmain.sh'\r\nlibtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'.\r\nlibtoolize: copying file 'm4/libtool.m4'\r\nlibtoolize: copying file 'm4/ltoptions.m4'\r\nlibtoolize: copying file 'm4/ltsugar.m4'\r\nlibtoolize: copying file 'm4/ltversion.m4'\r\nlibtoolize: copying file 'm4/lt~obsolete.m4'\r\n+ autoheader\r\n+ automake --add-missing --copy --foreign\r\nconfigure.ac:11: installing 'build-aux/compile'\r\nconfigure.ac:9: installing 'build-aux/missing'\r\nsrc/Makefile.am:4: error: 'vmod_LTLIBRARIES' is used but 'vmoddir' is undefined\r\nautomake: warnings are treated as errors\r\nsrc/Makefile.am:6: warning: variable 'libvmod_dynamic_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:6: library has 'libvmod_dynamic_la' as canonical name (possible typo)\r\nsrc/Makefile.am:10: warning: variable 'nodist_libvmod_dynamic_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:10: library has 'libvmod_dynamic_la' as canonical name (possible typo)\r\n```\r\n\r\nChances are I've missed something, but could someone please point me in the right direction?","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/14/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/14/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/15","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/15/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/15/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/15/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/15","id":215410291,"node_id":"MDU6SXNzdWUyMTU0MTAyOTE=","number":15,"title":"How to see the vmod-dynamic logs","user":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":3,"created_at":"2017-03-20T12:49:48Z","updated_at":"2017-03-20T17:04:03Z","closed_at":"2017-03-20T17:04:03Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi\r\n\r\nI usually debug varnish using varnishlog, but since i added vmod-dynamic i have the problem that i do not see any log related with vmod-dynamic.\r\n\r\nhttps://github.com/nigoroll/libvmod-dynamic/blob/master/src/vmod_dynamic.vcc seems to say that it should log something, but refers no way to enable that log\r\n\r\nSo how can enable/check the vmod log? is there any vmod option that i'm unfamiliar with?\r\n\r\nThanks","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/15/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/15/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/16","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/16/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/16/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/16/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/16","id":215742988,"node_id":"MDU6SXNzdWUyMTU3NDI5ODg=","number":16,"title":"Varnish complains about \"No backends or directors found in VCL program\"","user":{"login":"otrosien","id":129439,"node_id":"MDQ6VXNlcjEyOTQzOQ==","avatar_url":"https://avatars.githubusercontent.com/u/129439?v=4","gravatar_id":"","url":"https://api.github.com/users/otrosien","html_url":"https://github.com/otrosien","followers_url":"https://api.github.com/users/otrosien/followers","following_url":"https://api.github.com/users/otrosien/following{/other_user}","gists_url":"https://api.github.com/users/otrosien/gists{/gist_id}","starred_url":"https://api.github.com/users/otrosien/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/otrosien/subscriptions","organizations_url":"https://api.github.com/users/otrosien/orgs","repos_url":"https://api.github.com/users/otrosien/repos","events_url":"https://api.github.com/users/otrosien/events{/privacy}","received_events_url":"https://api.github.com/users/otrosien/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804427,"node_id":"MDU6TGFiZWw0NDM4MDQ0Mjc=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/question","name":"question","color":"cc317c","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":11,"created_at":"2017-03-21T13:41:41Z","updated_at":"2017-03-26T19:22:43Z","closed_at":"2017-03-26T19:22:43Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I need to add a dummy backend server in order to make varnish happy. Is that intended? Is there any possible side-effect of doing so?","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/16/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/16/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/17","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/17/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/17/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/17/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/17","id":216841913,"node_id":"MDU6SXNzdWUyMTY4NDE5MTM=","number":17,"title":"max_connections","user":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804424,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjQ=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/enhancement","name":"enhancement","color":"84b6eb","default":true,"description":null}],"state":"closed","locked":false,"assignee":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/milestones/1","html_url":"https://github.com/nigoroll/libvmod-dynamic/milestone/1","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/milestones/1/labels","id":2411902,"node_id":"MDk6TWlsZXN0b25lMjQxMTkwMg==","number":1,"title":"1.0","description":null,"creator":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"open_issues":0,"closed_issues":4,"state":"open","created_at":"2017-03-26T20:50:32Z","updated_at":"2019-07-13T16:40:27Z","due_on":null,"closed_at":null},"comments":2,"created_at":"2017-03-24T16:41:53Z","updated_at":"2017-03-29T16:20:48Z","closed_at":"2017-03-29T16:20:48Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"In normal varnish, we can set the .max_connections in the backend... how to do this with libvmod-dynamic? what is the current max for libvmod-dynamic?\r\n\r\nThanks!","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/17/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/17/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/18","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/18/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/18/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/18/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/18","id":217088207,"node_id":"MDExOlB1bGxSZXF1ZXN0MTEyNjQzODA4","number":18,"title":"Test with a dedicated hosts file if possible","user":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804424,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjQ=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/enhancement","name":"enhancement","color":"84b6eb","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/milestones/1","html_url":"https://github.com/nigoroll/libvmod-dynamic/milestone/1","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/milestones/1/labels","id":2411902,"node_id":"MDk6TWlsZXN0b25lMjQxMTkwMg==","number":1,"title":"1.0","description":null,"creator":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"open_issues":0,"closed_issues":4,"state":"open","created_at":"2017-03-26T20:50:32Z","updated_at":"2019-07-13T16:40:27Z","due_on":null,"closed_at":null},"comments":4,"created_at":"2017-03-26T20:50:36Z","updated_at":"2019-07-13T16:40:27Z","closed_at":"2019-07-13T16:40:27Z","author_association":"COLLABORATOR","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/18","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/18","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/18.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/18.patch","merged_at":null},"body":"Ironically, this breaks my setup. I never needed to tweak my NSS\r\nconfiguration or add entries to /etc/hosts to resolve *.localhost\r\nto the loop-back interface.\r\n\r\nHowever, we can now guess at configure time whether the test suite\r\nis expected to work. Although there's no real guarantee because of\r\nthe huge TOCTOU race between `./configure` and `make check`.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/18/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/18/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/19","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/19/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/19/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/19/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/19","id":218275226,"node_id":"MDU6SXNzdWUyMTgyNzUyMjY=","number":19,"title":"question: is it possible to use dynamic with saintmode?","user":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804427,"node_id":"MDU6TGFiZWw0NDM4MDQ0Mjc=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/question","name":"question","color":"cc317c","default":true,"description":null},{"id":443804428,"node_id":"MDU6TGFiZWw0NDM4MDQ0Mjg=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/wontfix","name":"wontfix","color":"ffffff","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2017-03-30T17:47:03Z","updated_at":"2017-03-31T11:13:20Z","closed_at":"2017-03-31T09:50:14Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi\r\n\r\nI was looking into use saintmode for some static files, but as dynamic do not defines the backends the same way, i'm not sure if it is possible to use it or not.\r\n\r\nhttps://github.com/varnish/varnish-modules/blob/master/src/vmod_saintmode.vcc\r\n\r\nSo have you any ideia if is possible and how to use both saintmode and dynamic? \r\n\r\nthanks","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/19/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/19/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/20","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/20/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/20/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/20/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/20","id":219622749,"node_id":"MDU6SXNzdWUyMTk2MjI3NDk=","number":20,"title":"FAIL: tests/test10.vtc","user":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2017-04-05T15:25:54Z","updated_at":"2017-04-10T19:14:06Z","closed_at":"2017-04-10T17:20:13Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Trying to compile and test this on varnish 5.1.1 i get:\r\n\r\n\r\n\r\n```\r\nchecking for a BSD-compatible install... /usr/bin/install -c\r\nchecking whether build environment is sane... yes\r\nchecking for a thread-safe mkdir -p... /bin/mkdir -p\r\nchecking for gawk... no\r\nchecking for mawk... mawk\r\nchecking whether make sets $(MAKE)... yes\r\nchecking whether make supports nested variables... yes\r\nchecking whether make supports nested variables... (cached) yes\r\nchecking for style of include used by make... GNU\r\nchecking for gcc... gcc\r\nchecking whether the C compiler works... yes\r\nchecking for C compiler default output file name... a.out\r\nchecking for suffix of executables... \r\nchecking whether we are cross compiling... no\r\nchecking for suffix of object files... o\r\nchecking whether we are using the GNU C compiler... yes\r\nchecking whether gcc accepts -g... yes\r\nchecking for gcc option to accept ISO C89... none needed\r\nchecking whether gcc understands -c and -o together... yes\r\nchecking dependency style of gcc... none\r\nchecking for ar... ar\r\nchecking the archiver (ar) interface... ar\r\nchecking build system type... x86_64-pc-linux-gnu\r\nchecking host system type... x86_64-pc-linux-gnu\r\nchecking how to print strings... printf\r\nchecking for a sed that does not truncate output... /bin/sed\r\nchecking for grep that handles long lines and -e... /bin/grep\r\nchecking for egrep... /bin/grep -E\r\nchecking for fgrep... /bin/grep -F\r\nchecking for ld used by gcc... /usr/bin/ld\r\nchecking if the linker (/usr/bin/ld) is GNU ld... yes\r\nchecking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B\r\nchecking the name lister (/usr/bin/nm -B) interface... BSD nm\r\nchecking whether ln -s works... yes\r\nchecking the maximum length of command line arguments... 1572864\r\nchecking whether the shell understands some XSI constructs... yes\r\nchecking whether the shell understands \"+=\"... yes\r\nchecking how to convert x86_64-pc-linux-gnu file names to x86_64-pc-linux-gnu format... func_convert_file_noop\r\nchecking how to convert x86_64-pc-linux-gnu file names to toolchain format... func_convert_file_noop\r\nchecking for /usr/bin/ld option to reload object files... -r\r\nchecking for objdump... objdump\r\nchecking how to recognize dependent libraries... pass_all\r\nchecking for dlltool... no\r\nchecking how to associate runtime and link libraries... printf %s\\n\r\nchecking for archiver @FILE support... @\r\nchecking for strip... strip\r\nchecking for ranlib... ranlib\r\nchecking command to parse /usr/bin/nm -B output from gcc object... ok\r\nchecking for sysroot... no\r\nchecking for mt... mt\r\nchecking if mt is a manifest tool... no\r\nchecking how to run the C preprocessor... gcc -E\r\nchecking for ANSI C header files... yes\r\nchecking for sys/types.h... yes\r\nchecking for sys/stat.h... yes\r\nchecking for stdlib.h... yes\r\nchecking for string.h... yes\r\nchecking for memory.h... yes\r\nchecking for strings.h... yes\r\nchecking for inttypes.h... yes\r\nchecking for stdint.h... yes\r\nchecking for unistd.h... yes\r\nchecking for dlfcn.h... yes\r\nchecking for objdir... .libs\r\nchecking if gcc supports -fno-rtti -fno-exceptions... no\r\nchecking for gcc option to produce PIC... -fPIC -DPIC\r\nchecking if gcc PIC flag -fPIC -DPIC works... yes\r\nchecking if gcc static flag -static works... yes\r\nchecking if gcc supports -c -o file.o... yes\r\nchecking if gcc supports -c -o file.o... (cached) yes\r\nchecking whether the gcc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes\r\nchecking whether -lc should be explicitly linked in... no\r\nchecking dynamic linker characteristics... GNU/Linux ld.so\r\nchecking how to hardcode library paths into programs... immediate\r\nchecking for shl_load... no\r\nchecking for shl_load in -ldld... no\r\nchecking for dlopen... no\r\nchecking for dlopen in -ldl... yes\r\nchecking whether a program can dlopen itself... yes\r\nchecking whether a statically linked program can dlopen itself... no\r\nchecking whether stripping libraries is possible... yes\r\nchecking if libtool supports shared libraries... yes\r\nchecking whether to build shared libraries... yes\r\nchecking whether to build static libraries... no\r\nchecking for rst2man... rst2man\r\nchecking for pkg-config... /usr/bin/pkg-config\r\nchecking pkg-config is at least version 0.21... yes\r\nchecking for VARNISHAPI... yes\r\nchecking for explicit_bzero... no\r\nchecking for Varnish... 5.1.1\r\nchecking vsha256.h usability... yes\r\nchecking vsha256.h presence... yes\r\nchecking for vsha256.h... yes\r\nchecking cache/cache.h usability... yes\r\nchecking cache/cache.h presence... yes\r\nchecking for cache/cache.h... yes\r\nchecking for gcc option to accept ISO C99... -std=gnu99\r\nchecking for a Python interpreter with version >= 2.7... python\r\nchecking for python... /usr/bin/python\r\nchecking for python version... 2.7\r\nchecking for python platform... linux2\r\nchecking for python script directory... ${prefix}/lib/python2.7/dist-packages\r\nchecking for python extension module directory... ${exec_prefix}/lib/python2.7/dist-packages\r\nchecking that generated files are newer than configure... done\r\nconfigure: creating ./config.status\r\nconfig.status: creating Makefile\r\nconfig.status: creating src/Makefile\r\nconfig.status: creating config.h\r\nconfig.status: executing depfiles commands\r\nconfig.status: executing libtool commands\r\nconfigure: WARNING: unrecognized options: --disable-maintainer-mode\r\n   dh_auto_build\r\n\tmake -j1\r\nmake[1]: Entering directory '/usr/src/libvmod-dynamic'\r\nmake  all-recursive\r\nmake[2]: Entering directory '/usr/src/libvmod-dynamic'\r\nMaking all in src\r\nmake[3]: Entering directory '/usr/src/libvmod-dynamic/src'\r\n/usr/bin/python /usr/share/varnish/vmodtool.py -o vcc_dynamic_if ./vmod_dynamic.vcc\r\n/bin/bash ../libtool  --tag=CC   --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I..    -I/usr/include/varnish  -Wall -Werror -g -O2 -c -o vmod_dynamic.lo vmod_dynamic.c\r\nlibtool: compile:  gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I.. -I/usr/include/varnish -Wall -Werror -g -O2 -c vmod_dynamic.c  -fPIC -DPIC -o .libs/vmod_dynamic.o\r\n/bin/bash ../libtool  --tag=CC   --mode=compile gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I..    -I/usr/include/varnish  -Wall -Werror -g -O2 -c -o vcc_dynamic_if.lo vcc_dynamic_if.c\r\nlibtool: compile:  gcc -std=gnu99 -DHAVE_CONFIG_H -I. -I.. -I/usr/include/varnish -Wall -Werror -g -O2 -c vcc_dynamic_if.c  -fPIC -DPIC -o .libs/vcc_dynamic_if.o\r\n/bin/bash ../libtool  --tag=CC   --mode=link gcc -std=gnu99 -I/usr/include/varnish  -Wall -Werror -g -O2 -lvarnishapi  -module -export-dynamic -avoid-version -shared  -o libvmod_dynamic.la -rpath /usr/lib/varnish/vmods vmod_dynamic.lo vcc_dynamic_if.lo  \r\nlibtool: link: gcc -shared  -fPIC -DPIC  .libs/vmod_dynamic.o .libs/vcc_dynamic_if.o   -lvarnishapi  -O2   -Wl,-soname -Wl,libvmod_dynamic.so -o .libs/libvmod_dynamic.so\r\nlibtool: link: ( cd \".libs\" && rm -f \"libvmod_dynamic.la\" && ln -s \"../libvmod_dynamic.la\" \"libvmod_dynamic.la\" )\r\nrst2man vmod_dynamic.man.rst vmod_dynamic.3\r\nmake[3]: Leaving directory '/usr/src/libvmod-dynamic/src'\r\nmake[3]: Entering directory '/usr/src/libvmod-dynamic'\r\nmake[3]: Leaving directory '/usr/src/libvmod-dynamic'\r\nmake[2]: Leaving directory '/usr/src/libvmod-dynamic'\r\nmake[1]: Leaving directory '/usr/src/libvmod-dynamic'\r\n   dh_auto_test\r\n\tmake -j1 check\r\nmake[1]: Entering directory '/usr/src/libvmod-dynamic'\r\nMaking check in src\r\nmake[2]: Entering directory '/usr/src/libvmod-dynamic/src'\r\nmake  check-TESTS\r\nmake[3]: Entering directory '/usr/src/libvmod-dynamic/src'\r\nmake[4]: Entering directory '/usr/src/libvmod-dynamic/src'\r\nPASS: tests/test01.vtc\r\nPASS: tests/test02.vtc\r\nPASS: tests/test03.vtc\r\nPASS: tests/test04.vtc\r\nPASS: tests/test05.vtc\r\nPASS: tests/test06.vtc\r\nPASS: tests/test07.vtc\r\nPASS: tests/test08.vtc\r\nPASS: tests/test09.vtc\r\nFAIL: tests/test10.vtc\r\nmake[5]: Entering directory '/usr/src/libvmod-dynamic/src'\r\nmake[5]: Nothing to be done for 'all'.\r\nmake[5]: Leaving directory '/usr/src/libvmod-dynamic/src'\r\n============================================================================\r\nTestsuite summary for libvmod-dynamic 0.2\r\n============================================================================\r\n# TOTAL: 10\r\n# PASS:  9\r\n# SKIP:  0\r\n# XFAIL: 0\r\n# FAIL:  1\r\n# XPASS: 0\r\n# ERROR: 0\r\n============================================================================\r\nSee src/test-suite.log\r\n============================================================================\r\nMakefile:767: recipe for target 'test-suite.log' failed\r\nmake[4]: *** [test-suite.log] Error 1\r\nmake[4]: Leaving directory '/usr/src/libvmod-dynamic/src'\r\nMakefile:873: recipe for target 'check-TESTS' failed\r\nmake[3]: *** [check-TESTS] Error 2\r\nmake[3]: Leaving directory '/usr/src/libvmod-dynamic/src'\r\nMakefile:939: recipe for target 'check-am' failed\r\nmake[2]: *** [check-am] Error 2\r\nmake[2]: Leaving directory '/usr/src/libvmod-dynamic/src'\r\nMakefile:481: recipe for target 'check-recursive' failed\r\nmake[1]: *** [check-recursive] Error 1\r\nmake[1]: Leaving directory '/usr/src/libvmod-dynamic'\r\ndh_auto_test: make -j1 check returned exit code 2\r\ndebian/rules:12: recipe for target 'build' failed\r\nmake: *** [build] Error 2\r\n\r\n````\r\n\r\nThe log i get: \r\n```\r\n=============================================\r\n   libvmod-dynamic 0.2: src/test-suite.log\r\n=============================================\r\n\r\n# TOTAL: 10\r\n# PASS:  9\r\n# SKIP:  0\r\n# XFAIL: 0\r\n# FAIL:  1\r\n# XPASS: 0\r\n# ERROR: 0\r\n\r\n.. contents:: :depth: 2\r\n\r\nFAIL: tests/test10\r\n==================\r\n\r\n**** top   0.0 extmacro def pwd=/usr/src/libvmod-dynamic/src\r\n**** top   0.0 extmacro def vmod_dynamic=dynamic from \"/usr/src/libvmod-dynamic/src/.libs/libvmod_dynamic.so\"\r\n**** top   0.0 extmacro def localhost=127.0.0.1\r\n**** top   0.0 extmacro def bad_backend=127.0.0.1 18925\r\n**** top   0.0 extmacro def bad_ip=192.0.2.255\r\n**** top   0.0 macro def tmpdir=/tmp/vtc.12295.77019977\r\n*    top   0.0 TEST ./tests/test10.vtc starting\r\n**   top   0.0 === varnishtest \"max_connections\"\r\n*    top   0.0 TEST max_connections\r\n**   top   0.0 === barrier b1 cond 2\r\n**   top   0.0 === server s1 {\r\n**   s1    0.0 Starting server\r\n**** s1    0.0 macro def s1_addr=127.0.0.1\r\n**** s1    0.0 macro def s1_port=37297\r\n**** s1    0.0 macro def s1_sock=127.0.0.1 37297\r\n*    s1    0.0 Listen on 127.0.0.1 37297\r\n**   top   0.0 === varnish v1 -vcl+backend {\r\n**   s1    0.0 Started on 127.0.0.1 37297\r\n**   v1    0.0 Launch\r\n***  v1    0.0 CMD: cd ${pwd} && exec varnishd  -d -n /tmp/vtc.12295.77019977/v1 -l 2m,1m,- -p auto_restart=off -p syslog_cli_traffic=off -p sigsegv_handler=on -p thread_pool_min=10 -p debug=+vtc_mode -a '127.0.0.1:0' -M '127.0.0.1 21937' -P /tmp/vtc.12295.77019977/v1/varnishd.pid \r\n***  v1    0.0 CMD: cd /usr/src/libvmod-dynamic/src && exec varnishd  -d -n /tmp/vtc.12295.77019977/v1 -l 2m,1m,- -p auto_restart=off -p syslog_cli_traffic=off -p sigsegv_handler=on -p thread_pool_min=10 -p debug=+vtc_mode -a '127.0.0.1:0' -M '127.0.0.1 21937' -P /tmp/vtc.12295.77019977/v1/varnishd.pid \r\n***  v1    0.0 PID: 12301\r\n**** v1    0.0 macro def v1_pid=12301\r\n**** v1    0.0 macro def v1_name=/tmp/vtc.12295.77019977/v1\r\n***  v1    0.0 debug|Debug: Platform: Linux,4.7.0-0.bpo.1-amd64,x86_64,-junix,-smalloc,-smalloc,-hcritbit\r\n***  v1    0.0 debug|200 285     \r\n***  v1    0.0 debug|-----------------------------\r\n***  v1    0.0 debug|Varnish Cache CLI 1.0\r\n***  v1    0.0 debug|-----------------------------\r\n***  v1    0.0 debug|Linux,4.7.0-0.bpo.1-amd64,x86_64,-junix,-smalloc,-smalloc,-hcritbit\r\n***  v1    0.0 debug|varnish-5.1.1 revision de38712\r\n***  v1    0.0 debug|\r\n***  v1    0.0 debug|Type 'help' for command list.\r\n***  v1    0.0 debug|Type 'quit' to close CLI session.\r\n***  v1    0.0 debug|Type 'start' to launch worker process.\r\n***  v1    0.0 debug|\r\n**** v1    0.1 CLIPOLL 1 0x1 0x0\r\n***  v1    0.1 CLI connection fd = 10\r\n***  v1    0.1 CLI RX  107\r\n**** v1    0.1 CLI RX|stvjhhhfmktflzoagpgicdcedgmqaylg\r\n**** v1    0.1 CLI RX|\r\n**** v1    0.1 CLI RX|Authentication required.\r\n**** v1    0.1 CLI TX|auth 8c27b560d816ab69953f630bf040144ecc8919912555de6832188a04f87db7d9\r\n***  v1    0.1 CLI RX  200\r\n**** v1    0.1 CLI RX|-----------------------------\r\n**** v1    0.1 CLI RX|Varnish Cache CLI 1.0\r\n**** v1    0.1 CLI RX|-----------------------------\r\n**** v1    0.1 CLI RX|Linux,4.7.0-0.bpo.1-amd64,x86_64,-junix,-smalloc,-smalloc,-hcritbit\r\n**** v1    0.1 CLI RX|varnish-5.1.1 revision de38712\r\n**** v1    0.1 CLI RX|\r\n**** v1    0.1 CLI RX|Type 'help' for command list.\r\n**** v1    0.1 CLI RX|Type 'quit' to close CLI session.\r\n**** v1    0.1 CLI RX|Type 'start' to launch worker process.\r\n**** v1    0.1 CLI TX|vcl.inline vcl1 << %XJEIFLH|)Xspa8P\r\n**** v1    0.1 CLI TX|vcl 4.0;\r\n**** v1    0.1 CLI TX|backend s1 { .host = \"127.0.0.1\"; .port = \"37297\"; }\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\timport dynamic from \"/usr/src/libvmod-dynamic/src/.libs/libvmod_dynamic.so\";\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tsub vcl_init {\r\n**** v1    0.1 CLI TX|\\t\\tnew d1 = dynamic.director(\r\n**** v1    0.1 CLI TX|\\t\\t\\tport = \"37297\",\r\n**** v1    0.1 CLI TX|\\t\\t\\tmax_connections = 1);\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tsub vcl_recv {\r\n**** v1    0.1 CLI TX|\\t\\tset req.backend_hint = d1.backend(\"127.0.0.1\");\r\n**** v1    0.1 CLI TX|\\t\\treturn (pass);\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tsub vcl_backend_error {\r\n**** v1    0.1 CLI TX|\\t\\tset beresp.status = 429;\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|%XJEIFLH|)Xspa8P\r\n***  v1    0.3 CLI RX  200\r\n**** v1    0.3 CLI RX|VCL compiled.\r\n**** v1    0.3 CLI TX|vcl.use vcl1\r\n***  v1    0.3 CLI RX  200\r\n**   v1    0.3 Start\r\n**** v1    0.3 CLI TX|start\r\n***  v1    0.3 debug|Debug: Child (12311) Started\r\n***  v1    0.4 CLI RX  200\r\n***  v1    0.4 wait-running\r\n**** v1    0.4 CLI TX|status\r\n***  v1    0.4 debug|Info: Child (12311) said Child starts\r\n***  v1    0.4 CLI RX  200\r\n**** v1    0.4 CLI RX|Child in state running\r\n**** v1    0.4 CLI TX|debug.xid 999\r\n**** v1    0.4 vsl|          0 CLI             - Rd vcl.load \"vcl1\" vcl_vcl1.1491405606.451286077/vgc.so 1auto\r\n**** v1    0.4 vsl|          0 CLI             - Wr 200 55 Loaded \"vcl_vcl1.1491405606.451286077/vgc.so\" as \"vcl1\"\r\n**** v1    0.4 vsl|          0 CLI             - Rd vcl.use \"vcl1\"\r\n**** v1    0.4 vsl|          0 CLI             - Wr 200 0 \r\n**** v1    0.4 vsl|          0 CLI             - Rd start\r\n**** v1    0.4 vsl|          0 CLI             - Wr 200 0 \r\n***  v1    0.4 CLI RX  200\r\n**** v1    0.4 CLI RX|XID is 999\r\n**** v1    0.4 CLI TX|debug.listen_address\r\n***  v1    0.5 CLI RX  200\r\n**** v1    0.5 CLI RX|127.0.0.1 36231\r\n**   v1    0.5 Listen on 127.0.0.1 36231\r\n**** v1    0.5 macro def v1_addr=127.0.0.1\r\n**** v1    0.5 macro def v1_port=36231\r\n**** v1    0.5 macro def v1_sock=127.0.0.1 36231\r\n**   top   0.5 === client c1 {\r\n**   c1    0.5 Starting client\r\n**   top   0.5 === client c2 {\r\n**   c2    0.5 Starting client\r\n**   c2    0.5 Waiting for client\r\n***  c2    0.5 Connect to 127.0.0.1 36231\r\n***  c1    0.5 Connect to 127.0.0.1 36231\r\n***  c2    0.5 connected fd 11 from 127.0.0.1 46416 to 127.0.0.1 36231\r\n***  c1    0.5 connected fd 12 from 127.0.0.1 46418 to 127.0.0.1 36231\r\n**   c2    0.5 === txreq\r\n**** c2    0.5 txreq|GET / HTTP/1.1\\r\r\n**** c2    0.5 txreq|\\r\r\n**   c1    0.5 === txreq\r\n**   c2    0.5 === rxresp\r\n**** c1    0.5 txreq|GET / HTTP/1.1\\r\r\n**** c1    0.5 txreq|\\r\r\n**   c1    0.5 === rxresp\r\n***  s1    0.5 accepted fd 5\r\n**   s1    0.5 === rxreq\r\n**** s1    0.5 rxhdr|GET / HTTP/1.1\\r\r\n**** s1    0.5 rxhdr|X-Forwarded-For: 127.0.0.1\\r\r\n**** s1    0.5 rxhdr|X-Varnish: 1004\\r\r\n**** s1    0.5 rxhdr|\\r\r\n**** s1    0.5 rxhdrlen = 63\r\n**** s1    0.5 http[ 0] |GET\r\n**** s1    0.5 http[ 1] |/\r\n**** s1    0.5 http[ 2] |HTTP/1.1\r\n**** s1    0.5 http[ 3] |X-Forwarded-For: 127.0.0.1\r\n**** s1    0.5 http[ 4] |X-Varnish: 1004\r\n**** s1    0.5 bodylen = 0\r\n**   s1    0.5 === barrier b1 sync\r\n**** s1    0.5 Barrier(b1) wait 1 of 2\r\n**** v1    0.5 vsl|          0 CLI             - Rd debug.xid 999 \r\n**** v1    0.5 vsl|          0 CLI             - Wr 200 10 XID is 999\r\n**** v1    0.5 vsl|          0 CLI             - Rd debug.listen_address \r\n**** v1    0.5 vsl|          0 CLI             - Wr 200 16 127.0.0.1 36231\r\n\r\n**** v1    0.5 vsl|       1000 Begin           c sess 0 HTTP/1\r\n**** v1    0.5 vsl|       1000 SessOpen        c 127.0.0.1 46416 127.0.0.1:36231 127.0.0.1 36231 1491405606.804795 20\r\n**** v1    0.5 vsl|       1001 Begin           c sess 0 HTTP/1\r\n**** v1    0.5 vsl|       1001 SessOpen        c 127.0.0.1 46418 127.0.0.1:36231 127.0.0.1 36231 1491405606.804846 21\r\n**** v1    0.5 vsl|       1000 Link            c req 1002 rxreq\r\n**** v1    0.5 vsl|       1001 Link            c req 1003 rxreq\r\n**** v1    0.5 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(127.0.0.1) Lookup: 1491405606.805036 0.000000 0.000000\r\n**** v1    0.5 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(127.0.0.1) Results: 1491405606.805164 0.000128 0.000128\r\n**** v1    0.5 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(127.0.0.1) Update: 1491405606.805242 0.000206 0.000078\r\n**** v1    3.4 vsl|          0 CLI             - Rd ping\r\n**** v1    3.4 vsl|          0 CLI             - Wr 200 19 PONG 1491405609 1.0\r\n**** v1    6.4 vsl|          0 CLI             - Rd ping\r\n**** v1    6.4 vsl|          0 CLI             - Wr 200 19 PONG 1491405612 1.0\r\n**** v1    9.4 vsl|          0 CLI             - Rd ping\r\n**** v1    9.4 vsl|          0 CLI             - Wr 200 19 PONG 1491405615 1.0\r\n**** v1   12.4 vsl|          0 CLI             - Rd ping\r\n**** v1   12.4 vsl|          0 CLI             - Wr 200 19 PONG 1491405618 1.0\r\n**** v1   15.4 vsl|          0 CLI             - Rd ping\r\n**** v1   15.4 vsl|          0 CLI             - Wr 200 19 PONG 1491405621 1.0\r\n**** v1   18.4 vsl|          0 CLI             - Rd ping\r\n**** v1   18.4 vsl|          0 CLI             - Wr 200 19 PONG 1491405624 1.0\r\n**** v1   21.4 vsl|          0 CLI             - Rd ping\r\n**** v1   21.4 vsl|          0 CLI             - Wr 200 19 PONG 1491405627 1.0\r\n**** v1   24.4 vsl|          0 CLI             - Rd ping\r\n**** v1   24.4 vsl|          0 CLI             - Wr 200 19 PONG 1491405630 1.0\r\n**** v1   27.4 vsl|          0 CLI             - Rd ping\r\n**** v1   27.4 vsl|          0 CLI             - Wr 200 19 PONG 1491405633 1.0\r\n**** v1   30.4 vsl|          0 CLI             - Rd ping\r\n**** v1   30.4 vsl|          0 CLI             - Wr 200 19 PONG 1491405636 1.0\r\n---- c1   30.5 HTTP rx timeout (fd:12 30000 ms)\r\n---- c2   30.5 HTTP rx timeout (fd:11 30000 ms)\r\n*    top  30.5 RESETTING after ./tests/test10.vtc\r\n**   s1   30.5 Waiting for server (4/-1)\r\n**** s1   30.5 macro undef s1_addr\r\n**** s1   30.5 macro undef s1_port\r\n**** s1   30.5 macro undef s1_sock\r\n**   c1   30.5 Waiting for client\r\n**   v1   30.5 Wait\r\n**** v1   30.5 CLI TX|backend.list\r\n**** v1   30.5 vsl|       1005 Begin           b bereq 1003 pass\r\n**** v1   30.5 vsl|       1005 Timestamp       b Start: 1491405606.805094 0.000000 0.000000\r\n**** v1   30.5 vsl|       1005 BereqMethod     b GET\r\n**** v1   30.5 vsl|       1005 BereqURL        b /\r\n**** v1   30.5 vsl|       1005 BereqProtocol   b HTTP/1.1\r\n**** v1   30.5 vsl|       1005 BereqHeader     b X-Forwarded-For: 127.0.0.1\r\n**** v1   30.5 vsl|       1005 BereqHeader     b X-Varnish: 1005\r\n**** v1   30.5 vsl|       1005 VCL_call        b BACKEND_FETCH\r\n**** v1   30.5 vsl|       1005 VCL_return      b fetch\r\n**** v1   30.5 vsl|       1005 BackendOpen     b 24 vcl1.d1(127.0.0.1) 127.0.0.1 37297 127.0.0.1 45930\r\n**** v1   30.5 vsl|       1005 BackendStart    b 127.0.0.1 37297\r\n**** v1   30.5 vsl|       1005 Timestamp       b Bereq: 1491405606.805499 0.000405 0.000405\r\n**** v1   30.5 vsl|       1005 FetchError      b HTC status -1\r\n**** v1   30.5 vsl|       1005 BackendClose    b 24 vcl1.d1(127.0.0.1)\r\n**** v1   30.5 vsl|       1005 Timestamp       b Beresp: 1491405636.835078 30.029983 30.029578\r\n**** v1   30.5 vsl|       1005 Timestamp       b Error: 1491405636.835090 30.029996 0.000013\r\n**** v1   30.5 vsl|       1005 BerespProtocol  b HTTP/1.1\r\n**** v1   30.5 vsl|       1005 BerespStatus    b 503\r\n**** v1   30.5 vsl|       1005 BerespReason    b Service Unavailable\r\n**** v1   30.5 vsl|       1005 BerespReason    b Backend fetch failed\r\n**** v1   30.5 vsl|       1005 BerespHeader    b Date: Wed, 05 Apr 2017 15:20:36 GMT\r\n**** v1   30.5 vsl|       1005 BerespHeader    b Server: Varnish\r\n**** v1   30.5 vsl|       1005 VCL_call        b BACKEND_ERROR\r\n**** v1   30.5 vsl|       1005 BerespStatus    b 429\r\n**** v1   30.5 vsl|       1005 BerespReason    b Unknown HTTP Status\r\n**** v1   30.5 vsl|       1005 BerespHeader    b Content-Type: text/html; charset=utf-8\r\n**** v1   30.5 vsl|       1005 BerespHeader    b Retry-After: 5\r\n**** v1   30.5 vsl|       1005 VCL_return      b deliver\r\n**** v1   30.5 vsl|       1005 Storage         b malloc Transient\r\n**** v1   30.5 vsl|       1005 ObjProtocol     b HTTP/1.1\r\n**** v1   30.5 vsl|       1005 ObjStatus       b 429\r\n**** v1   30.5 vsl|       1005 ObjReason       b Unknown HTTP Status\r\n**** v1   30.5 vsl|       1005 ObjHeader       b Date: Wed, 05 Apr 2017 15:20:36 GMT\r\n**** v1   30.5 vsl|       1005 ObjHeader       b Server: Varnish\r\n**** v1   30.5 vsl|       1005 ObjHeader       b Content-Type: text/html; charset=utf-8\r\n**** v1   30.5 vsl|       1005 ObjHeader       b Retry-After: 5\r\n**** v1   30.5 vsl|       1005 Length          b 278\r\n**** v1   30.5 vsl|       1005 BereqAcct       b 63 0 63 0 0 0\r\n**** v1   30.5 vsl|       1005 End             b \r\n**** v1   30.5 vsl|       1003 Begin           c req 1001 rxreq\r\n**** v1   30.5 vsl|       1003 Timestamp       c Start: 1491405606.804885 0.000000 0.000000\r\n**** v1   30.5 vsl|       1003 Timestamp       c Req: 1491405606.804885 0.000000 0.000000\r\n**** v1   30.5 vsl|       1003 ReqStart        c 127.0.0.1 46418\r\n**** v1   30.5 vsl|       1003 ReqMethod       c GET\r\n**** v1   30.5 vsl|       1003 ReqURL          c /\r\n**** v1   30.5 vsl|       1003 ReqProtocol     c HTTP/1.1\r\n**** v1   30.5 vsl|       1003 ReqHeader       c X-Forwarded-For: 127.0.0.1\r\n**** v1   30.5 vsl|       1003 VCL_call        c RECV\r\n**** v1   30.5 vsl|       1003 VCL_return      c pass\r\n**** v1   30.5 vsl|       1003 VCL_call        c HASH\r\n**** v1   30.5 vsl|       1003 VCL_return      c lookup\r\n**** v1   30.5 vsl|       1003 VCL_call        c PASS\r\n**** v1   30.5 vsl|       1003 VCL_return      c fetch\r\n**** v1   30.5 vsl|       1003 Link            c bereq 1005 pass\r\n**** v1   30.5 vsl|       1003 Timestamp       c Fetch: 1491405636.835360 30.030474 30.030474\r\n**** v1   30.5 vsl|       1003 RespProtocol    c HTTP/1.1\r\n**** v1   30.5 vsl|       1003 RespStatus      c 429\r\n**** v1   30.5 vsl|       1003 RespReason      c Unknown HTTP Status\r\n**** v1   30.5 vsl|       1003 RespHeader      c Date: Wed, 05 Apr 2017 15:20:36 GMT\r\n**** v1   30.5 vsl|       1003 RespHeader      c Server: Varnish\r\n**** v1   30.5 vsl|       1003 RespHeader      c Content-Type: text/html; charset=utf-8\r\n**** v1   30.5 vsl|       1003 RespHeader      c Retry-After: 5\r\n**** v1   30.5 vsl|       1003 RespHeader      c X-Varnish: 1003\r\n**** v1   30.5 vsl|       1003 RespHeader      c Age: 0\r\n**** v1   30.5 vsl|       1003 RespHeader      c Via: 1.1 varnish (Varnish/5.1)\r\n**** v1   30.5 vsl|       1003 VCL_call        c DELIVER\r\n**** v1   30.5 vsl|       1003 VCL_return      c deliver\r\n**** v1   30.5 vsl|       1003 Timestamp       c Process: 1491405636.835399 30.030514 0.000039\r\n**** v1   30.5 vsl|       1003 RespHeader      c Content-Length: 278\r\n**** v1   30.5 vsl|       1003 Debug           c RES_MODE 2\r\n**** v1   30.5 vsl|       1003 RespHeader      c Connection: keep-alive\r\n**** v1   30.5 vsl|       1003 Timestamp       c Resp: 1491405636.835462 30.030577 0.000063\r\n**** v1   30.5 vsl|       1003 ReqAcct         c 18 0 18 248 278 526\r\n**** v1   30.5 vsl|       1003 End             c \r\n***  v1   30.6 CLI RX  200\r\n**** v1   30.6 CLI RX|Backend name                   Admin      Probe                Last updated\r\n**** v1   30.6 CLI RX|vcl1.s1                        probe      Healthy (no probe)   Wed, 05 Apr 2017 15:20:06 GMT\r\n**** v1   30.6 CLI RX|vcl1.d1(127.0.0.1)             probe      Healthy (no probe)   Wed, 05 Apr 2017 15:20:06 GMT\r\n***  v1   30.6 debug|Debug: Stopping Child\r\n**** v1   30.6 vsl|          0 CLI             - Rd backend.list \r\n**** v1   30.6 vsl|          0 CLI             - Wr 200 261 Backend name                   Admin      Probe                Last updated\r\nvcl1.s1                        probe      Healthy (no probe)   Wed, 05 Apr 2017 15:20:06 GMT\r\nvcl1.d1(127.0.0.1)             probe      Healthy (no probe)   Wed, 05 Apr\r\n**** v1   30.6 vsl|          0 CLI             - EOF on CLI connection, worker stops\r\n***  v1   31.6 debug|Info: Child (12311) ended\r\n***  v1   31.6 debug|Info: Child (12311) said Child dies\r\n***  v1   31.6 debug|Debug: Child cleanup complete\r\n**** v1   31.6 STDOUT poll 0x10\r\n**   v1   31.6 R 12301 Status: 0000 (u 0.164000 s 0.040000)\r\n*    top  31.6 TEST ./tests/test10.vtc FAILED\r\n#    top  TEST ./tests/test10.vtc FAILED (31.646) exit=2\r\n```","closed_by":{"login":"dridi","id":891744,"node_id":"MDQ6VXNlcjg5MTc0NA==","avatar_url":"https://avatars.githubusercontent.com/u/891744?v=4","gravatar_id":"","url":"https://api.github.com/users/dridi","html_url":"https://github.com/dridi","followers_url":"https://api.github.com/users/dridi/followers","following_url":"https://api.github.com/users/dridi/following{/other_user}","gists_url":"https://api.github.com/users/dridi/gists{/gist_id}","starred_url":"https://api.github.com/users/dridi/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/dridi/subscriptions","organizations_url":"https://api.github.com/users/dridi/orgs","repos_url":"https://api.github.com/users/dridi/repos","events_url":"https://api.github.com/users/dridi/events{/privacy}","received_events_url":"https://api.github.com/users/dridi/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/20/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/20/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/21","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/21/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/21/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/21/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/21","id":225908469,"node_id":"MDU6SXNzdWUyMjU5MDg0Njk=","number":21,"title":"Respect TTL in DNS record","user":{"login":"teohhanhui","id":548843,"node_id":"MDQ6VXNlcjU0ODg0Mw==","avatar_url":"https://avatars.githubusercontent.com/u/548843?v=4","gravatar_id":"","url":"https://api.github.com/users/teohhanhui","html_url":"https://github.com/teohhanhui","followers_url":"https://api.github.com/users/teohhanhui/followers","following_url":"https://api.github.com/users/teohhanhui/following{/other_user}","gists_url":"https://api.github.com/users/teohhanhui/gists{/gist_id}","starred_url":"https://api.github.com/users/teohhanhui/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/teohhanhui/subscriptions","organizations_url":"https://api.github.com/users/teohhanhui/orgs","repos_url":"https://api.github.com/users/teohhanhui/repos","events_url":"https://api.github.com/users/teohhanhui/events{/privacy}","received_events_url":"https://api.github.com/users/teohhanhui/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":12,"created_at":"2017-05-03T07:58:07Z","updated_at":"2019-07-13T16:46:03Z","closed_at":"2017-08-11T16:13:11Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"It'd be great if the DNS resolution can respect the TTL specified in the DNS record (as it should), and also not to apply the TTL if it resolved to no address.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/21/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/21/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/22","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/22/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/22/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/22/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/22","id":233509305,"node_id":"MDU6SXNzdWUyMzM1MDkzMDU=","number":22,"title":"m4 include issues","user":{"login":"redbox-cdn","id":7666840,"node_id":"MDQ6VXNlcjc2NjY4NDA=","avatar_url":"https://avatars.githubusercontent.com/u/7666840?v=4","gravatar_id":"","url":"https://api.github.com/users/redbox-cdn","html_url":"https://github.com/redbox-cdn","followers_url":"https://api.github.com/users/redbox-cdn/followers","following_url":"https://api.github.com/users/redbox-cdn/following{/other_user}","gists_url":"https://api.github.com/users/redbox-cdn/gists{/gist_id}","starred_url":"https://api.github.com/users/redbox-cdn/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/redbox-cdn/subscriptions","organizations_url":"https://api.github.com/users/redbox-cdn/orgs","repos_url":"https://api.github.com/users/redbox-cdn/repos","events_url":"https://api.github.com/users/redbox-cdn/events{/privacy}","received_events_url":"https://api.github.com/users/redbox-cdn/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":6,"created_at":"2017-06-05T06:57:30Z","updated_at":"2018-09-12T15:18:06Z","closed_at":"2018-09-12T15:18:06Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"hi \r\n\r\nI am facing following error. Does anyone know what is missing ?\r\n\r\n### here is my details\r\nCentos 6.7\r\nVarnish4.1.6\r\npkg-config 0.23\r\nautomake 1.12.1\r\nautoconf  2.69\r\nm4  1.4.13\r\n\r\n```\r\n./configure\r\n\r\n./configure: line 10817: PKG_PROG_PKG_CONFIG: command not found\r\n./configure: line 10818: PKG_PROG_PKG_CONFIG: command not found\r\n./configure: line 10819: PKG_PROG_PKG_CONFIG: command not found\r\n./configure: line 10820: PKG_PROG_PKG_CONFIG: command not found\r\n./configure: line 10821: PKG_PROG_PKG_CONFIG: command not found\r\n./configure: line 10822: PKG_PROG_PKG_CONFIG: command not found\r\n./configure: line 10824: syntax error near unexpected token `0.21'\r\n./configure: line 10824: `      PKG_PROG_PKG_CONFIG(0.21)'\r\n```\r\n\r\n```\r\n\r\nautogen.sh \r\n+ aclocal -I m4 -I /usr/local/varnish/share/aclocal\r\nconfigure.ac:14: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body\r\n../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...\r\n../../lib/autoconf/general.m4:2661: _AC_LINK_IFELSE is expanded from...\r\n../../lib/autoconf/general.m4:2678: AC_LINK_IFELSE is expanded from...\r\nm4/libtool.m4:1022: _LT_SYS_MODULE_PATH_AIX is expanded from...\r\nm4/libtool.m4:4161: _LT_LINKER_SHLIBS is expanded from...\r\nm4/libtool.m4:5236: _LT_LANG_C_CONFIG is expanded from...\r\nm4/libtool.m4:138: _LT_SETUP is expanded from...\r\nm4/libtool.m4:67: LT_INIT is expanded from...\r\nconfigure.ac:14: the top level\r\nconfigure.ac:14: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body\r\n../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...\r\n../../lib/autoconf/general.m4:2661: _AC_LINK_IFELSE is expanded from...\r\n../../lib/autoconf/general.m4:2678: AC_LINK_IFELSE is expanded from...\r\nm4/libtool.m4:4161: _LT_LINKER_SHLIBS is expanded from...\r\nm4/libtool.m4:5236: _LT_LANG_C_CONFIG is expanded from...\r\nm4/libtool.m4:138: _LT_SETUP is expanded from...\r\nm4/libtool.m4:67: LT_INIT is expanded from...\r\nconfigure.ac:14: the top level\r\nconfigure.ac:25: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd\r\nm4/ax_pkg_check_var.m4:10: PKG_CHECK_VAR is expanded from...\r\n/usr/local/varnish/share/aclocal/varnish.m4:36: _VARNISH_PKG_CONFIG is expanded from...\r\n/usr/local/varnish/share/aclocal/varnish.m4:255: VARNISH_PREREQ is expanded from...\r\nconfigure.ac:25: the top level\r\nconfigure.ac:28: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd\r\nm4/ax_pkg_check_var.m4:10: PKG_CHECK_VAR is expanded from...\r\nconfigure.ac:28: the top level\r\n+ libtoolize --copy --force\r\nlibtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, `build-aux'.\r\nlibtoolize: copying file `build-aux/ltmain.sh'\r\nlibtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4'.\r\nlibtoolize: copying file `m4/libtool.m4'\r\nlibtoolize: copying file `m4/ltoptions.m4'\r\nlibtoolize: copying file `m4/ltsugar.m4'\r\nlibtoolize: copying file `m4/ltversion.m4'\r\nlibtoolize: copying file `m4/lt~obsolete.m4'\r\n+ autoheader\r\nconfigure.ac:14: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body\r\n../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...\r\n../../lib/autoconf/general.m4:2661: _AC_LINK_IFELSE is expanded from...\r\n../../lib/autoconf/general.m4:2678: AC_LINK_IFELSE is expanded from...\r\nm4/libtool.m4:1022: _LT_SYS_MODULE_PATH_AIX is expanded from...\r\nm4/libtool.m4:4161: _LT_LINKER_SHLIBS is expanded from...\r\nm4/libtool.m4:5236: _LT_LANG_C_CONFIG is expanded from...\r\nm4/libtool.m4:138: _LT_SETUP is expanded from...\r\nm4/libtool.m4:67: LT_INIT is expanded from...\r\nconfigure.ac:14: the top level\r\nconfigure.ac:14: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body\r\n../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...\r\n../../lib/autoconf/general.m4:2661: _AC_LINK_IFELSE is expanded from...\r\n../../lib/autoconf/general.m4:2678: AC_LINK_IFELSE is expanded from...\r\nm4/libtool.m4:4161: _LT_LINKER_SHLIBS is expanded from...\r\nm4/libtool.m4:5236: _LT_LANG_C_CONFIG is expanded from...\r\nm4/libtool.m4:138: _LT_SETUP is expanded from...\r\nm4/libtool.m4:67: LT_INIT is expanded from...\r\nconfigure.ac:14: the top level\r\nconfigure.ac:25: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd\r\nm4/ax_pkg_check_var.m4:10: PKG_CHECK_VAR is expanded from...\r\naclocal.m4:1349: _VARNISH_PKG_CONFIG is expanded from...\r\naclocal.m4:1568: VARNISH_PREREQ is expanded from...\r\nconfigure.ac:25: the top level\r\nconfigure.ac:28: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd\r\nm4/ax_pkg_check_var.m4:10: PKG_CHECK_VAR is expanded from...\r\nconfigure.ac:28: the top level\r\n+ automake --add-missing --copy --foreign\r\nconfigure.ac:14: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body\r\n../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...\r\n../../lib/autoconf/general.m4:2661: _AC_LINK_IFELSE is expanded from...\r\n../../lib/autoconf/general.m4:2678: AC_LINK_IFELSE is expanded from...\r\nm4/libtool.m4:1022: _LT_SYS_MODULE_PATH_AIX is expanded from...\r\nm4/libtool.m4:4161: _LT_LINKER_SHLIBS is expanded from...\r\nm4/libtool.m4:5236: _LT_LANG_C_CONFIG is expanded from...\r\nm4/libtool.m4:138: _LT_SETUP is expanded from...\r\nm4/libtool.m4:67: LT_INIT is expanded from...\r\nconfigure.ac:14: the top level\r\nconfigure.ac:14: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body\r\n../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...\r\n../../lib/autoconf/general.m4:2661: _AC_LINK_IFELSE is expanded from...\r\n../../lib/autoconf/general.m4:2678: AC_LINK_IFELSE is expanded from...\r\nm4/libtool.m4:4161: _LT_LINKER_SHLIBS is expanded from...\r\nm4/libtool.m4:5236: _LT_LANG_C_CONFIG is expanded from...\r\nm4/libtool.m4:138: _LT_SETUP is expanded from...\r\nm4/libtool.m4:67: LT_INIT is expanded from...\r\nconfigure.ac:14: the top level\r\nconfigure.ac:25: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd\r\nm4/ax_pkg_check_var.m4:10: PKG_CHECK_VAR is expanded from...\r\naclocal.m4:1349: _VARNISH_PKG_CONFIG is expanded from...\r\naclocal.m4:1568: VARNISH_PREREQ is expanded from...\r\nconfigure.ac:25: the top level\r\nconfigure.ac:28: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd\r\nm4/ax_pkg_check_var.m4:10: PKG_CHECK_VAR is expanded from...\r\nconfigure.ac:28: the top level\r\n+ autoconf\r\nconfigure.ac:14: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body\r\n../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...\r\n../../lib/autoconf/general.m4:2661: _AC_LINK_IFELSE is expanded from...\r\n../../lib/autoconf/general.m4:2678: AC_LINK_IFELSE is expanded from...\r\nm4/libtool.m4:1022: _LT_SYS_MODULE_PATH_AIX is expanded from...\r\nm4/libtool.m4:4161: _LT_LINKER_SHLIBS is expanded from...\r\nm4/libtool.m4:5236: _LT_LANG_C_CONFIG is expanded from...\r\nm4/libtool.m4:138: _LT_SETUP is expanded from...\r\nm4/libtool.m4:67: LT_INIT is expanded from...\r\nconfigure.ac:14: the top level\r\nconfigure.ac:14: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body\r\n../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...\r\n../../lib/autoconf/general.m4:2661: _AC_LINK_IFELSE is expanded from...\r\n../../lib/autoconf/general.m4:2678: AC_LINK_IFELSE is expanded from...\r\nm4/libtool.m4:4161: _LT_LINKER_SHLIBS is expanded from...\r\nm4/libtool.m4:5236: _LT_LANG_C_CONFIG is expanded from...\r\nm4/libtool.m4:138: _LT_SETUP is expanded from...\r\nm4/libtool.m4:67: LT_INIT is expanded from...\r\nconfigure.ac:14: the top level\r\nconfigure.ac:25: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd\r\nm4/ax_pkg_check_var.m4:10: PKG_CHECK_VAR is expanded from...\r\naclocal.m4:1349: _VARNISH_PKG_CONFIG is expanded from...\r\naclocal.m4:1568: VARNISH_PREREQ is expanded from...\r\nconfigure.ac:25: the top level\r\nconfigure.ac:28: warning: PKG_PROG_PKG_CONFIG is m4_require'd but not m4_defun'd\r\nm4/ax_pkg_check_var.m4:10: PKG_CHECK_VAR is expanded from...\r\nconfigure.ac:28: the top level\r\n\r\n\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/22/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/22/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/23","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/23/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/23/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/23/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/23","id":247464302,"node_id":"MDU6SXNzdWUyNDc0NjQzMDI=","number":23,"title":"probe not happy with .url = \"/xxx\";","user":{"login":"razvanphp","id":4599319,"node_id":"MDQ6VXNlcjQ1OTkzMTk=","avatar_url":"https://avatars.githubusercontent.com/u/4599319?v=4","gravatar_id":"","url":"https://api.github.com/users/razvanphp","html_url":"https://github.com/razvanphp","followers_url":"https://api.github.com/users/razvanphp/followers","following_url":"https://api.github.com/users/razvanphp/following{/other_user}","gists_url":"https://api.github.com/users/razvanphp/gists{/gist_id}","starred_url":"https://api.github.com/users/razvanphp/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/razvanphp/subscriptions","organizations_url":"https://api.github.com/users/razvanphp/orgs","repos_url":"https://api.github.com/users/razvanphp/repos","events_url":"https://api.github.com/users/razvanphp/events{/privacy}","received_events_url":"https://api.github.com/users/razvanphp/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2017-08-02T17:26:56Z","updated_at":"2017-08-11T16:11:32Z","closed_at":"2017-08-11T16:11:32Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hey,\r\n\r\nFirst of all, thanks for this nice extension, it's finally allowing us to get rid of some local nginx instances and use only varnish to connect to AWS ALB directly.\r\n\r\nProblem is, we can't make the probes happy, they fail ~for some reason and I can't understand why~ because the dynamic vmod probes don't send a valid HTTP/1.1 request, more specifically, the `Host` header is missing.\r\n\r\nHere how it looks on the nginx side:\r\n```\r\n10.132.58.46 - - [02/Aug/2017:18:19:54 +0000] \"GET /ping HTTP/1.1\" 200 14 \"-\" \"curl/7.38.0\"\r\n10.132.58.46 - - [02/Aug/2017:18:19:55 +0000] \"GET /ping HTTP/1.1\" 200 14 \"-\" \"-\"\r\n10.132.58.46 - - [02/Aug/2017:18:19:54 +0000] \"GET /ping HTTP/1.1\" 400 166 \"-\" \"-\"\r\n```\r\ncurl works, normal backend works, dynamic backend probe gets 400 because:\r\n```\r\n2017/08/02 18:48:29 [info] 1784#1784: *710 client sent HTTP/1.1 request without \"Host\" header while reading client request headers, client: 10.132.58.46, server: _, request: \"GET /ping HTTP/1.1\"\r\n```\r\n\r\nSo, according to RFC 2316, section 14.23, HTTP 1.1 requests must contain a host header. If they don't, a server must reply with error 400.\r\n\r\nThis module should just put the DNS name of the backend as `Host` header, or just the IP like curl does when no server name is specified:\r\n```\r\n$ curl 10.132.17.10/ping -v\r\n* Hostname was NOT found in DNS cache\r\n*   Trying 10.132.17.10...\r\n* Connected to 10.132.17.10 (10.132.17.10) port 80 (#0)\r\n> GET /ping HTTP/1.1\r\n> User-Agent: curl/7.38.0\r\n> Host: 10.132.17.10\r\n> Accept: */*\r\n>\r\n< HTTP/1.1 200 OK\r\n```\r\n\r\nMaybe you can also check what the original varnish code for probe does. Currently the workaround is:\r\n```\r\nprobe www_probe {\r\n    .request =\r\n      \"GET /ping HTTP/1.1\"\r\n      \"Host: www.foo.bar\"\r\n      \"Connection: close\";\r\n    .timeout = 1s;\r\n    .window = 8;\r\n    .initial = 7;\r\n    .threshold = 6;\r\n    .interval = 5s;\r\n}\r\n```\r\n\r\nCheers,\r\nR","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/23/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/23/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/24","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/24/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/24/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/24/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/24","id":250079481,"node_id":"MDU6SXNzdWUyNTAwNzk0ODE=","number":24,"title":"make failed after latest commits","user":{"login":"rashidul0405","id":1697082,"node_id":"MDQ6VXNlcjE2OTcwODI=","avatar_url":"https://avatars.githubusercontent.com/u/1697082?v=4","gravatar_id":"","url":"https://api.github.com/users/rashidul0405","html_url":"https://github.com/rashidul0405","followers_url":"https://api.github.com/users/rashidul0405/followers","following_url":"https://api.github.com/users/rashidul0405/following{/other_user}","gists_url":"https://api.github.com/users/rashidul0405/gists{/gist_id}","starred_url":"https://api.github.com/users/rashidul0405/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/rashidul0405/subscriptions","organizations_url":"https://api.github.com/users/rashidul0405/orgs","repos_url":"https://api.github.com/users/rashidul0405/repos","events_url":"https://api.github.com/users/rashidul0405/events{/privacy}","received_events_url":"https://api.github.com/users/rashidul0405/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":3,"created_at":"2017-08-14T16:12:02Z","updated_at":"2017-09-05T14:51:44Z","closed_at":"2017-09-05T14:51:44Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"If I build using Apr 10, 2017 commit it works fine. \r\n\r\nHowever, current latest version produces the following error:\r\n\r\nvarnish 4.1.8\r\n\r\n```\r\nubuntu@16.04 $ make\r\nmake  all-recursive\r\nmake[1]: Entering directory '/home/ubuntu/dynamic/libvmod-dynamic'\r\nMaking all in src\r\nmake[2]: Entering directory '/home/ubuntu/dynamic/libvmod-dynamic/src'\r\n  CC       vmod_dynamic.lo\r\nIn file included from vmod_dynamic.c:47:0:\r\nvmod_dynamic.c: In function ‘dynamic_get’:\r\nvmod_dynamic.c:698:21: error: passing argument 2 of ‘Lck__New’ from incompatible pointer type [-Werror=incompatible-pointer-types]\r\n  Lck_New(&dom->mtx, lck_be);\r\n                     ^\r\n/usr/include/varnish/cache/cache.h:835:35: note: in definition of macro ‘Lck_New’\r\n #define Lck_New(a, b) Lck__New(a, b, #b)\r\n                                   ^\r\n/usr/include/varnish/cache/cache.h:828:6: note: expected ‘struct VSC_C_lck *’ but argument is of type ‘struct VSC_lck *’\r\n void Lck__New(struct lock *lck, struct VSC_C_lck *, const char *);\r\n      ^\r\nvmod_dynamic.c: In function ‘vmod_event’:\r\nvmod_dynamic.c:732:12: error: assignment from incompatible pointer type [-Werror=incompatible-pointer-types]\r\n    lck_dir = Lck_CreateClass(\"dynamic.director\");\r\n            ^\r\nvmod_dynamic.c:733:11: error: assignment from incompatible pointer type [-Werror=incompatible-pointer-types]\r\n    lck_be = Lck_CreateClass(\"dynamic.backend\");\r\n           ^\r\nvmod_dynamic.c:744:4: error: implicit declaration of function ‘Lck_DestroyClass’ [-Werror=implicit-function-declaration]\r\n    Lck_DestroyClass(&lck_dir);\r\n    ^\r\nvmod_dynamic.c: In function ‘dynamic_share_parse’:\r\nvmod_dynamic.c:782:2: error: implicit declaration of function ‘NEEDLESS’ [-Werror=implicit-function-declaration]\r\n  NEEDLESS(return(0));\r\n  ^\r\nvmod_dynamic.c:782:11: error: expected expression before ‘return’\r\n  NEEDLESS(return(0));\r\n           ^\r\nIn file included from vmod_dynamic.c:47:0:\r\nvmod_dynamic.c: In function ‘vmod_director__init’:\r\nvmod_dynamic.c:858:21: error: passing argument 2 of ‘Lck__New’ from incompatible pointer type [-Werror=incompatible-pointer-types]\r\n  Lck_New(&obj->mtx, lck_dir);\r\n                     ^\r\n/usr/include/varnish/cache/cache.h:835:35: note: in definition of macro ‘Lck_New’\r\n #define Lck_New(a, b) Lck__New(a, b, #b)\r\n                                   ^\r\n/usr/include/varnish/cache/cache.h:828:6: note: expected ‘struct VSC_C_lck *’ but argument is of type ‘struct VSC_lck *’\r\n void Lck__New(struct lock *lck, struct VSC_C_lck *, const char *);\r\n      ^\r\ncc1: all warnings being treated as errors\r\nMakefile:651: recipe for target 'vmod_dynamic.lo' failed\r\nmake[2]: *** [vmod_dynamic.lo] Error 1\r\nmake[2]: Leaving directory '/home/ubuntu/dynamic/libvmod-dynamic/src'\r\nMakefile:485: recipe for target 'all-recursive' failed\r\nmake[1]: *** [all-recursive] Error 1\r\nmake[1]: Leaving directory '/home/ubuntu/dynamic/libvmod-dynamic'\r\nMakefile:396: recipe for target 'all' failed\r\nmake: *** [all] Error 2\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/24/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/24/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/25","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/25/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/25/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/25/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/25","id":260193076,"node_id":"MDU6SXNzdWUyNjAxOTMwNzY=","number":25,"title":"5.0 branch build fails against varnish 4.1.8","user":{"login":"vStone","id":356719,"node_id":"MDQ6VXNlcjM1NjcxOQ==","avatar_url":"https://avatars.githubusercontent.com/u/356719?v=4","gravatar_id":"","url":"https://api.github.com/users/vStone","html_url":"https://github.com/vStone","followers_url":"https://api.github.com/users/vStone/followers","following_url":"https://api.github.com/users/vStone/following{/other_user}","gists_url":"https://api.github.com/users/vStone/gists{/gist_id}","starred_url":"https://api.github.com/users/vStone/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/vStone/subscriptions","organizations_url":"https://api.github.com/users/vStone/orgs","repos_url":"https://api.github.com/users/vStone/repos","events_url":"https://api.github.com/users/vStone/events{/privacy}","received_events_url":"https://api.github.com/users/vStone/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":8,"created_at":"2017-09-25T08:30:14Z","updated_at":"2017-09-26T10:30:55Z","closed_at":"2017-09-26T08:59:14Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Building branch 5.0 against varnish-4.1.8:\r\n```\r\nmake[2]: Entering directory '/home/jan/SRC/libvmod-dynamic/src'\r\n  VMODTOOL vmod_dynamic.vcc\r\nWARNING: $Event description is not included in .rst:\r\n[(162, '')]\r\n  CC       vmod_dynamic.lo\r\nvmod_dynamic.c: In function ‘dynamic_share_parse’:\r\nvmod_dynamic.c:782:2: error: implicit declaration of function ‘NEEDLESS’ [-Werror=implicit-function-declaration]\r\n  NEEDLESS(return(0));\r\n  ^\r\nvmod_dynamic.c:782:11: error: expected expression before ‘return’\r\n  NEEDLESS(return(0));\r\n           ^\r\ncc1: all warnings being treated as errors\r\nmake[2]: *** [Makefile:650: vmod_dynamic.lo] Error 1\r\n```\r\n\r\nMaybe split off a bit too late?","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/25/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/25/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/26","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/26/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/26/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/26/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/26","id":260411322,"node_id":"MDU6SXNzdWUyNjA0MTEzMjI=","number":26,"title":"PLease tag 5.2","user":{"login":"billnbell","id":25377089,"node_id":"MDQ6VXNlcjI1Mzc3MDg5","avatar_url":"https://avatars.githubusercontent.com/u/25377089?v=4","gravatar_id":"","url":"https://api.github.com/users/billnbell","html_url":"https://github.com/billnbell","followers_url":"https://api.github.com/users/billnbell/followers","following_url":"https://api.github.com/users/billnbell/following{/other_user}","gists_url":"https://api.github.com/users/billnbell/gists{/gist_id}","starred_url":"https://api.github.com/users/billnbell/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/billnbell/subscriptions","organizations_url":"https://api.github.com/users/billnbell/orgs","repos_url":"https://api.github.com/users/billnbell/repos","events_url":"https://api.github.com/users/billnbell/events{/privacy}","received_events_url":"https://api.github.com/users/billnbell/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2017-09-25T20:52:45Z","updated_at":"2017-09-26T09:02:38Z","closed_at":"2017-09-26T09:02:38Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Please tag this for 5.2. The master right now appears to work.\r\n\r\ngit fetch https://github.com/nigoroll/libvmod-dynamic.git 89f489146f129a841ec91467178b28cea57236df ","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/26/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/26/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/27","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/27/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/27/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/27/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/27","id":261899811,"node_id":"MDU6SXNzdWUyNjE4OTk4MTE=","number":27,"title":"Building issue on RHEL7 with varnish 4.1.8","user":{"login":"imanandshah","id":31092588,"node_id":"MDQ6VXNlcjMxMDkyNTg4","avatar_url":"https://avatars.githubusercontent.com/u/31092588?v=4","gravatar_id":"","url":"https://api.github.com/users/imanandshah","html_url":"https://github.com/imanandshah","followers_url":"https://api.github.com/users/imanandshah/followers","following_url":"https://api.github.com/users/imanandshah/following{/other_user}","gists_url":"https://api.github.com/users/imanandshah/gists{/gist_id}","starred_url":"https://api.github.com/users/imanandshah/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/imanandshah/subscriptions","organizations_url":"https://api.github.com/users/imanandshah/orgs","repos_url":"https://api.github.com/users/imanandshah/repos","events_url":"https://api.github.com/users/imanandshah/events{/privacy}","received_events_url":"https://api.github.com/users/imanandshah/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2017-10-01T08:06:50Z","updated_at":"2017-10-01T13:28:13Z","closed_at":"2017-10-01T13:28:13Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"\r\nI get the below error while building on a vanilla RHEL varnish 4.1.8 version. Can you help here?? \r\n\r\n\r\n> make  all-recursive\r\nmake[1]: Entering directory `/var/tmp/libvmod-dynamic'\r\nMaking all in src\r\nmake[2]: Entering directory `/var/tmp/libvmod-dynamic/src'\r\n  VMODTOOL vmod_dynamic.vcc\r\nWARNING: $Event description is not included in .rst:\r\n[(162, '')]\r\n  CC       vmod_dynamic.lo\r\nvmod_dynamic.c: In function 'dynamic_get':\r\nvmod_dynamic.c:698:2: error: passing argument 2 of 'Lck__New' from incompatible pointer type [-Werror]\r\n  Lck_New(&dom->mtx, lck_be);\r\n  ^\r\nIn file included from vmod_dynamic.c:47:0:\r\n/product/varnish/include/varnish/cache/cache.h:828:6: note: expected 'struct VSC_C_lck *' but argument is of type 'struct VSC_lck *'\r\n void Lck__New(struct lock *lck, struct VSC_C_lck *, const char *);\r\n      ^\r\nvmod_dynamic.c: In function 'vmod_event':\r\nvmod_dynamic.c:732:12: error: assignment from incompatible pointer type [-Werror]\r\n    lck_dir = Lck_CreateClass(\"dynamic.director\");\r\n            ^\r\nvmod_dynamic.c:733:11: error: assignment from incompatible pointer type [-Werror]\r\n    lck_be = Lck_CreateClass(\"dynamic.backend\");\r\n           ^\r\nvmod_dynamic.c:744:4: error: implicit declaration of function 'Lck_DestroyClass' [-Werror=implicit-function-declaration]\r\n    Lck_DestroyClass(&lck_dir);\r\n    ^\r\nvmod_dynamic.c: In function 'dynamic_share_parse':\r\nvmod_dynamic.c:782:2: error: implicit declaration of function 'NEEDLESS' [-Werror=implicit-function-declaration]\r\n  NEEDLESS(return(0));\r\n  ^\r\nvmod_dynamic.c:782:11: error: expected expression before 'return'\r\n  NEEDLESS(return(0));\r\n           ^\r\nvmod_dynamic.c: In function 'vmod_director__init':\r\nvmod_dynamic.c:858:2: error: passing argument 2 of 'Lck__New' from incompatible pointer type [-Werror]\r\n  Lck_New(&obj->mtx, lck_dir);\r\n  ^\r\nIn file included from vmod_dynamic.c:47:0:\r\n/product/varnish/include/varnish/cache/cache.h:828:6: note: expected 'struct VSC_C_lck *' but argument is of type 'struct VSC_lck *'\r\n void Lck__New(struct lock *lck, struct VSC_C_lck *, const char *);\r\n      ^\r\ncc1: all warnings being treated as errors\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/27/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/27/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/28","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/28/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/28/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/28/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/28","id":261999468,"node_id":"MDExOlB1bGxSZXF1ZXN0MTQ0MTIyNTUx","number":28,"title":"Improve debian package quality","user":{"login":"vStone","id":356719,"node_id":"MDQ6VXNlcjM1NjcxOQ==","avatar_url":"https://avatars.githubusercontent.com/u/356719?v=4","gravatar_id":"","url":"https://api.github.com/users/vStone","html_url":"https://github.com/vStone","followers_url":"https://api.github.com/users/vStone/followers","following_url":"https://api.github.com/users/vStone/following{/other_user}","gists_url":"https://api.github.com/users/vStone/gists{/gist_id}","starred_url":"https://api.github.com/users/vStone/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/vStone/subscriptions","organizations_url":"https://api.github.com/users/vStone/orgs","repos_url":"https://api.github.com/users/vStone/repos","events_url":"https://api.github.com/users/vStone/events{/privacy}","received_events_url":"https://api.github.com/users/vStone/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2017-10-02T07:16:51Z","updated_at":"2018-09-12T15:27:28Z","closed_at":"2018-09-12T15:27:27Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/28","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/28","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/28.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/28.patch","merged_at":null},"body":"Fixes all lintian (https://lintian.debian.org/manual/chapter-1.html#section-1.1) errors and fix some warnings.\r\n\r\nYou should probably double check what my changes do for the rpm build since I can't easily test that for now.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/28/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/28/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/29","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/29/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/29/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/29/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/29","id":261999621,"node_id":"MDExOlB1bGxSZXF1ZXN0MTQ0MTIyNjYx","number":29,"title":"Backport changes made to master for lintian errors and warnings","user":{"login":"vStone","id":356719,"node_id":"MDQ6VXNlcjM1NjcxOQ==","avatar_url":"https://avatars.githubusercontent.com/u/356719?v=4","gravatar_id":"","url":"https://api.github.com/users/vStone","html_url":"https://github.com/vStone","followers_url":"https://api.github.com/users/vStone/followers","following_url":"https://api.github.com/users/vStone/following{/other_user}","gists_url":"https://api.github.com/users/vStone/gists{/gist_id}","starred_url":"https://api.github.com/users/vStone/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/vStone/subscriptions","organizations_url":"https://api.github.com/users/vStone/orgs","repos_url":"https://api.github.com/users/vStone/repos","events_url":"https://api.github.com/users/vStone/events{/privacy}","received_events_url":"https://api.github.com/users/vStone/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2017-10-02T07:17:45Z","updated_at":"2018-09-12T15:26:15Z","closed_at":"2018-09-12T15:25:43Z","author_association":"NONE","active_lock_reason":null,"draft":false,"pull_request":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/pulls/29","html_url":"https://github.com/nigoroll/libvmod-dynamic/pull/29","diff_url":"https://github.com/nigoroll/libvmod-dynamic/pull/29.diff","patch_url":"https://github.com/nigoroll/libvmod-dynamic/pull/29.patch","merged_at":"2018-09-12T15:25:43Z"},"body":"","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/29/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/29/timeline","performed_via_github_app":null,"state_reason":null},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/30","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/30/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/30/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/30/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/30","id":271126401,"node_id":"MDU6SXNzdWUyNzExMjY0MDE=","number":30,"title":"make check fails","user":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2017-11-03T21:41:34Z","updated_at":"2017-11-06T18:21:21Z","closed_at":"2017-11-04T10:43:00Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi\r\n\r\nTrying to update the setup, when i build the latest version on a ubuntu 16.04 with varnish 5.1.2 and do a `make check` i get a  `FAIL: tests/test13.vtc`\r\n\r\nThe test-suite.log says this:\r\n```\r\n=============================================\r\n   libvmod-dynamic 0.2: src/test-suite.log\r\n=============================================\r\n\r\n# TOTAL: 13\r\n# PASS:  12\r\n# SKIP:  0\r\n# XFAIL: 0\r\n# FAIL:  1\r\n# XPASS: 0\r\n# ERROR: 0\r\n\r\n.. contents:: :depth: 2\r\n\r\nFAIL: tests/test13\r\n==================\r\n\r\n**** top   0.0 extmacro def pwd=/usr/src/libvmod-dynamic/src\r\n**** top   0.0 extmacro def vmod_dynamic=dynamic from \"/usr/src/libvmod-dynamic/src/.libs/libvmod_dynamic.so\"\r\n**** top   0.0 extmacro def localhost=127.0.0.1\r\n**** top   0.0 extmacro def bad_backend=127.0.0.1 20163\r\n**** top   0.0 extmacro def bad_ip=192.0.2.255\r\n**** top   0.0 macro def tmpdir=/tmp/vtc.13912.7d7acb57\r\n*    top   0.0 TEST ./tests/test13.vtc starting\r\n**   top   0.0 === varnishtest \"share = HOST and probe hostname\"\r\n*    top   0.0 TEST share = HOST and probe hostname\r\n**   top   0.0 === barrier b1 cond 2\r\n**   top   0.0 === server s1 {\r\n**   s1    0.0 Starting server\r\n**** s1    0.0 macro def s1_addr=127.0.0.1\r\n**** s1    0.0 macro def s1_port=29921\r\n**** s1    0.0 macro def s1_sock=127.0.0.1 29921\r\n*    s1    0.0 Listen on 127.0.0.1 29921\r\n**   top   0.0 === varnish v1 -arg \"-p vcc_allow_inline_c=true\" -vcl {\r\n**   s1    0.0 Started on 127.0.0.1 29921\r\n**   v1    0.0 Launch\r\n***  v1    0.0 CMD: cd ${pwd} && exec varnishd  -d -n /tmp/vtc.13912.7d7acb57/v1 -l 2m,1m,- -p auto_restart=off -p syslog_cli_traffic=off -p sigsegv_handler=on -p thread_pool_min=10 -p debug=+vtc_mode -a '127.0.0.1:0' -M '127.0.0.1 37481' -P /tmp/vtc.13912.7d7acb57/v1/varnishd.pid  -p vcc_allow_inline_c=true\r\n***  v1    0.0 CMD: cd /usr/src/libvmod-dynamic/src && exec varnishd  -d -n /tmp/vtc.13912.7d7acb57/v1 -l 2m,1m,- -p auto_restart=off -p syslog_cli_traffic=off -p sigsegv_handler=on -p thread_pool_min=10 -p debug=+vtc_mode -a '127.0.0.1:0' -M '127.0.0.1 37481' -P /tmp/vtc.13912.7d7acb57/v1/varnishd.pid  -p vcc_allow_inline_c=true\r\n***  v1    0.0 PID: 13918\r\n**** v1    0.0 macro def v1_pid=13918\r\n**** v1    0.0 macro def v1_name=/tmp/vtc.13912.7d7acb57/v1\r\n***  v1    0.0 debug|Debug: Platform: Linux,4.4.0-96-generic,x86_64,-junix,-smalloc,-smalloc,-hcritbit\r\n***  v1    0.0 debug|200 282     \r\n***  v1    0.0 debug|-----------------------------\r\n***  v1    0.0 debug|Varnish Cache CLI 1.0\r\n***  v1    0.0 debug|-----------------------------\r\n***  v1    0.0 debug|Linux,4.4.0-96-generic,x86_64,-junix,-smalloc,-smalloc,-hcritbit\r\n***  v1    0.0 debug|varnish-5.1.2 revision 6ece695\r\n***  v1    0.0 debug|\r\n***  v1    0.0 debug|Type 'help' for command list.\r\n***  v1    0.0 debug|Type 'quit' to close CLI session.\r\n***  v1    0.0 debug|Type 'start' to launch worker process.\r\n***  v1    0.0 debug|\r\n***  v1    0.1 vsl|No VSL chunk found (child not started ?)\r\n**** v1    0.1 CLIPOLL 1 0x1 0x0\r\n***  v1    0.1 CLI connection fd = 10\r\n***  v1    0.1 CLI RX  107\r\n**** v1    0.1 CLI RX|xwjyrinmibtzfxggweunpxsicelyacyp\r\n**** v1    0.1 CLI RX|\r\n**** v1    0.1 CLI RX|Authentication required.\r\n**** v1    0.1 CLI TX|auth b3647e8f5e78d945d02d2b980d6e946615c4372711fa2add9f9220eb7724937d\r\n***  v1    0.1 CLI RX  200\r\n**** v1    0.1 CLI RX|-----------------------------\r\n**** v1    0.1 CLI RX|Varnish Cache CLI 1.0\r\n**** v1    0.1 CLI RX|-----------------------------\r\n**** v1    0.1 CLI RX|Linux,4.4.0-96-generic,x86_64,-junix,-smalloc,-smalloc,-hcritbit\r\n**** v1    0.1 CLI RX|varnish-5.1.2 revision 6ece695\r\n**** v1    0.1 CLI RX|\r\n**** v1    0.1 CLI RX|Type 'help' for command list.\r\n**** v1    0.1 CLI RX|Type 'quit' to close CLI session.\r\n**** v1    0.1 CLI RX|Type 'start' to launch worker process.\r\n**** v1    0.1 CLI TX|vcl.inline vcl1 << %XJEIFLH|)Xspa8P\r\n**** v1    0.1 CLI TX|vcl 4.0;\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\timport dynamic from \"/usr/src/libvmod-dynamic/src/.libs/libvmod_dynamic.so\";\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tbackend dummy {\r\n**** v1    0.1 CLI TX|\\t    .host = \"192.0.2.255\";\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tprobe simple {\r\n**** v1    0.1 CLI TX|\\t    .initial = 3;\r\n**** v1    0.1 CLI TX|\\t    .timeout = 1s;\r\n**** v1    0.1 CLI TX|\\t    .interval = 10s;\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tsub vcl_init {\r\n**** v1    0.1 CLI TX|\\t    new d1 = dynamic.director(\r\n**** v1    0.1 CLI TX|\\t      port = \"29921\",\r\n**** v1    0.1 CLI TX|\\t      share = HOST,\r\n**** v1    0.1 CLI TX|\\t      probe = simple\r\n**** v1    0.1 CLI TX|\\t      );\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tsub vcl_recv {\r\n**** v1    0.1 CLI TX|\\t    set req.backend_hint = d1.backend();\r\n**** v1    0.1 CLI TX|\\t    unset req.http.Host;\r\n**** v1    0.1 CLI TX|\\t    # let the probe win the race for the backend\r\n**** v1    0.1 CLI TX|\\t    C{\r\n**** v1    0.1 CLI TX|\\t\\t#include <unistd.h>\r\n**** v1    0.1 CLI TX|\\t\\t(void)sleep(1);\r\n**** v1    0.1 CLI TX|\\t    }C\r\n**** v1    0.1 CLI TX|\\t    return (pass);\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tsub vcl_backend_error {\r\n**** v1    0.1 CLI TX|\\t    # the director may resolve ::1 first\r\n**** v1    0.1 CLI TX|\\t    return (retry);\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|%XJEIFLH|)Xspa8P\r\n***  v1    0.1 CLI RX  106\r\n**** v1    0.1 CLI RX|Message from C-compiler:\r\n**** v1    0.1 CLI RX|In file included from /usr/include/unistd.h:1151:0,\r\n**** v1    0.1 CLI RX|                 from vgc.c:1542:\r\n**** v1    0.1 CLI RX|/usr/include/x86_64-linux-gnu/bits/unistd.h: In function \\342\\200\\230VGC_function_vcl_recv\\342\\200\\231:\r\n**** v1    0.1 CLI RX|/usr/include/x86_64-linux-gnu/bits/unistd.h:34:1: error: nested function \\342\\200\\230read\\342\\200\\231 declared \\342\\200\\230extern\\342\\200\\231\r\n**** v1    0.1 CLI RX| read (int __fd, void *__buf, size_t __nbytes)\r\n**** v1    0.1 CLI RX| ^\r\n**** v1    0.1 CLI RX|/usr/include/x86_64-linux-gnu/bits/unistd.h:34:1: error: static declaration of \\342\\200\\230read\\342\\200\\231 follows non-static declaration\r\n**** v1    0.1 CLI RX|In file included from vgc.c:1542:0:\r\n**** v1    0.1 CLI RX|/usr/include/unistd.h:363:16: note: previous declaration of \\342\\200\\230read\\342\\200\\231 was here\r\n**** v1    0.1 CLI RX| extern ssize_t read (int __fd, void *__buf, size_t __nbytes) __wur;\r\n**** v1    0.1 CLI RX|[110 lines truncated]\r\n**** v1    0.1 CLI RX|Running C-compiler failed, exited with 1\r\n**** v1    0.1 CLI RX|VCL compilation failed\r\n---- v1    0.1 VCL compilation failed expected success\r\n*    top   0.1 RESETTING after ./tests/test13.vtc\r\n**   s1    0.1 Waiting for server (4/-1)\r\n**** s1    0.1 macro undef s1_addr\r\n**** s1    0.1 macro undef s1_port\r\n**** s1    0.1 macro undef s1_sock\r\n**   v1    0.1 Wait\r\n**** v1    0.1 CLI TX|backend.list\r\n***  v1    0.2 CLI RX  101\r\n**** v1    0.2 CLI RX|Unknown request in manager process (child not running).\r\n**** v1    0.2 CLI RX|Type 'help' for more info.\r\n**** v1    0.2 STDOUT poll 0x10\r\n**   v1    0.2 R 13918 Status: 0000 (u 0.016000 s 0.004000)\r\n***  v1    0.2 vsl|No VSL chunk found (child not started ?)\r\n*    top   0.2 TEST ./tests/test13.vtc FAILED\r\n#    top  TEST ./tests/test13.vtc FAILED (0.204) exit=2\r\n```\r\n\r\ni'm using a aws machine, with ubuntu 16.04  (fully updated), the \r\n`deb https://packagecloud.io/varnishcache/varnish5/ubuntu xenial main` and installed varnish  5.2.0-1~xenial (also tried 5.1.x with the 5.1 branch and same result)\r\n\r\nCompiling in a debian jessie machine, this works fine\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/30/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/30/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/31","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/31/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/31/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/31/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/31","id":271576264,"node_id":"MDU6SXNzdWUyNzE1NzYyNjQ=","number":31,"title":"ref-backend 3 total where 2 expected","user":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2017-11-06T18:33:47Z","updated_at":"2018-09-12T15:13:18Z","closed_at":"2018-09-12T15:13:18Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Trying to compile on a ubuntu 16.04 (same setup as #30 ), it works fine in one machine, but just deployed another machine with the same setup and that one fails in test07. Both are ubuntu 16.04 and have almost the same packages installed (the ones missing have nothing to do with network)\r\n\r\nI have tried to find why it fails, did try comparing the machines, but i'm unable to solve this. i have probably made any manual change in the original machine that i miss to port to ansible.\r\n\r\nHave you any idea what is failing here?\r\n\r\nThanks!\r\n```\r\n$ cat  src/test-suite.log \r\n=============================================\r\n   libvmod-dynamic 0.2: src/test-suite.log\r\n=============================================\r\n\r\n# TOTAL: 13\r\n# PASS:  12\r\n# SKIP:  0\r\n# XFAIL: 0\r\n# FAIL:  1\r\n# XPASS: 0\r\n# ERROR: 0\r\n\r\n.. contents:: :depth: 2\r\n\r\nFAIL: tests/test07\r\n==================\r\n\r\n**** top   0.0 extmacro def pwd=/usr/src/libvmod-dynamic/src\r\n**** top   0.0 extmacro def vmod_dynamic=dynamic from \"/usr/src/libvmod-dynamic/src/.libs/libvmod_dynamic.so\"\r\n**** top   0.0 extmacro def localhost=127.0.0.1\r\n**** top   0.0 extmacro def bad_backend=127.0.0.1 25622\r\n**** top   0.0 extmacro def bad_ip=192.0.2.255\r\n**** top   0.0 macro def tmpdir=/tmp/vtc.23481.62e33210\r\n*    top   0.0 TEST ./tests/test07.vtc starting\r\n**   top   0.0 === varnishtest \"debugging\"\r\n*    top   0.0 TEST debugging\r\n**   top   0.0 === server s1 {\r\n**   s1    0.0 Starting server\r\n**** s1    0.0 macro def s1_addr=127.0.0.1\r\n**** s1    0.0 macro def s1_port=26117\r\n**** s1    0.0 macro def s1_sock=127.0.0.1 26117\r\n*    s1    0.0 Listen on 127.0.0.1 26117\r\n**   top   0.0 === varnish v1 -vcl {\r\n**   s1    0.0 Started on 127.0.0.1 26117\r\n**   v1    0.0 Launch\r\n***  v1    0.0 CMD: cd ${pwd} && exec varnishd  -d -n /tmp/vtc.23481.62e33210/v1 -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p sigsegv_handler=on -p thread_pool_min=10 -p debug=+vtc_mode -a '127.0.0.1:0' -M '127.0.0.1 26490' -P /tmp/vtc.23481.62e33210/v1/varnishd.pid \r\n***  v1    0.0 CMD: cd /usr/src/libvmod-dynamic/src && exec varnishd  -d -n /tmp/vtc.23481.62e33210/v1 -l 2m -p auto_restart=off -p syslog_cli_traffic=off -p sigsegv_handler=on -p thread_pool_min=10 -p debug=+vtc_mode -a '127.0.0.1:0' -M '127.0.0.1 26490' -P /tmp/vtc.23481.62e33210/v1/varnishd.pid \r\n***  v1    0.0 PID: 23489\r\n**** v1    0.0 macro def v1_pid=23489\r\n**** v1    0.0 macro def v1_name=/tmp/vtc.23481.62e33210/v1\r\n***  v1    0.0 debug|Debug: Platform: Linux,4.4.0-1022-aws,x86_64,-junix,-smalloc,-smalloc,-hcritbit\r\n***  v1    0.0 debug|200 282     \r\n***  v1    0.0 debug|-----------------------------\r\n***  v1    0.0 debug|Varnish Cache CLI 1.0\r\n***  v1    0.0 debug|-----------------------------\r\n***  v1    0.0 debug|Linux,4.4.0-1022-aws,x86_64,-junix,-smalloc,-smalloc,-hcritbit\r\n***  v1    0.0 debug|varnish-5.2.0 revision 4c4875cbf\r\n***  v1    0.0 debug|\r\n***  v1    0.0 debug|Type 'help' for command list.\r\n***  v1    0.0 debug|Type 'quit' to close CLI session.\r\n***  v1    0.0 debug|Type 'start' to launch worker process.\r\n***  v1    0.0 debug|\r\n**** v1    0.1 CLIPOLL 1 0x1 0x0\r\n***  v1    0.1 CLI connection fd = 7\r\n***  v1    0.1 CLI RX  107\r\n**** v1    0.1 CLI RX|kaqnblrsztpytugbvfxgxggrykijepui\r\n**** v1    0.1 CLI RX|\r\n**** v1    0.1 CLI RX|Authentication required.\r\n**** v1    0.1 CLI TX|auth b79b104fbcce80da9117931098daae7d82ecba6a97fef9087481393c31166991\r\n***  v1    0.1 CLI RX  200\r\n**** v1    0.1 CLI RX|-----------------------------\r\n**** v1    0.1 CLI RX|Varnish Cache CLI 1.0\r\n**** v1    0.1 CLI RX|-----------------------------\r\n**** v1    0.1 CLI RX|Linux,4.4.0-1022-aws,x86_64,-junix,-smalloc,-smalloc,-hcritbit\r\n**** v1    0.1 CLI RX|varnish-5.2.0 revision 4c4875cbf\r\n**** v1    0.1 CLI RX|\r\n**** v1    0.1 CLI RX|Type 'help' for command list.\r\n**** v1    0.1 CLI RX|Type 'quit' to close CLI session.\r\n**** v1    0.1 CLI RX|Type 'start' to launch worker process.\r\n**** v1    0.1 CLI TX|vcl.inline vcl1 << %XJEIFLH|)Xspa8P\r\n**** v1    0.1 CLI TX|vcl 4.0;\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\timport dynamic from \"/usr/src/libvmod-dynamic/src/.libs/libvmod_dynamic.so\";\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tbackend dummy { .host = \"192.0.2.255\"; .port = \"9080\"; }\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tacl ipv4_loopback {\r\n**** v1    0.1 CLI TX|\\t\\t\"127/24\";\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tsub vcl_init {\r\n**** v1    0.1 CLI TX|\\t\\tnew d1 = dynamic.director(\r\n**** v1    0.1 CLI TX|\\t\\t\\tport = \"26117\",\r\n**** v1    0.1 CLI TX|\\t\\t\\twhitelist = ipv4_loopback,\r\n**** v1    0.1 CLI TX|\\t\\t\\tdomain_usage_timeout = 1s);\r\n**** v1    0.1 CLI TX|\\t\\td1.debug(true);\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|\\tsub vcl_recv {\r\n**** v1    0.1 CLI TX|\\t\\tset req.backend_hint = d1.backend();\r\n**** v1    0.1 CLI TX|\\t}\r\n**** v1    0.1 CLI TX|\r\n**** v1    0.1 CLI TX|%XJEIFLH|)Xspa8P\r\n***  v1    0.2 vsl|No VSL chunk found (child not started ?)\r\n***  v1    0.2 CLI RX  200\r\n**** v1    0.2 CLI RX|VCL compiled.\r\n**** v1    0.2 CLI TX|vcl.use vcl1\r\n***  v1    0.2 CLI RX  200\r\n**   v1    0.2 Start\r\n**** v1    0.2 CLI TX|start\r\n***  v1    0.3 debug|Debug: Child (23503) Started\r\n***  v1    0.3 CLI RX  200\r\n***  v1    0.3 wait-running\r\n**** v1    0.3 CLI TX|status\r\n***  v1    0.3 debug|Info: Child (23503) said Child starts\r\n**** v1    0.3 vsl|          0 CLI             - Rd vcl.load \"vcl1\" vcl_vcl1.1509992321.789111376/vgc.so 1auto\r\n**** v1    0.3 vsl|          0 CLI             - Wr 200 55 Loaded \"vcl_vcl1.1509992321.789111376/vgc.so\" as \"vcl1\"\r\n**** v1    0.3 vsl|          0 CLI             - Rd vcl.use \"vcl1\"\r\n**** v1    0.3 vsl|          0 CLI             - Wr 200 0 \r\n**** v1    0.3 vsl|          0 CLI             - Rd start\r\n**** v1    0.3 vsl|          0 CLI             - Wr 200 0 \r\n***  v1    0.3 CLI RX  200\r\n**** v1    0.3 CLI RX|Child in state running\r\n**** v1    0.3 CLI TX|debug.xid 999\r\n***  v1    0.4 CLI RX  200\r\n**** v1    0.4 CLI RX|XID is 999\r\n**** v1    0.4 CLI TX|debug.listen_address\r\n***  v1    0.4 CLI RX  200\r\n**** v1    0.4 CLI RX|127.0.0.1 20192\r\n**   v1    0.4 Listen on 127.0.0.1 20192\r\n**** v1    0.4 macro def v1_addr=127.0.0.1\r\n**** v1    0.4 macro def v1_port=20192\r\n**** v1    0.4 macro def v1_sock=127.0.0.1 20192\r\n**   top   0.4 === logexpect l1 -v v1 -g raw {\r\n**   l1    0.4 === expect * * Debug\t\"vmod-dynamic: vcl1 d1 localhost addr 127.0...\r\n**   l1    0.4 === expect * * VCL_acl\t\"^MATCH ipv4_loopback\"\r\n**   l1    0.4 === expect * * Debug\t\"vmod-dynamic: vcl1 d1 localhost add-backen...\r\n**   l1    0.4 === expect * * Debug\t\"vmod-dynamic: vcl1 d1 localhost ref-backen...\r\n**   l1    0.4 === expect * * Debug\t\"vmod-dynamic: vcl1 d1 img.localhost addr 1...\r\n**   l1    0.4 === expect * * VCL_acl\t\"^MATCH ipv4_loopback\"\r\n**   l1    0.4 === expect * * Debug\t\"vmod-dynamic: vcl1 d1 img.localhost ref-ba...\r\n**   l1    0.4 === expect * * VCL_Log\t\"vmod-dynamic: vcl1 d1 localhost deleted\"\r\n**   l1    0.4 === expect * * Debug\t\"vmod-dynamic: vcl1 d1 localhost unref-back...\r\n**   top   0.4 === client c1 {\r\n**   c1    0.4 Starting client\r\n**   c1    0.4 Waiting for client\r\n***  c1    0.4 Connect to 127.0.0.1 20192\r\n***  c1    0.4 connected fd 22 from 127.0.0.1 62387 to 127.0.0.1 20192\r\n**   c1    0.4 === txreq -hdr \"Host: localhost\"\r\n**** c1    0.4 txreq|GET / HTTP/1.1\\r\r\n**** c1    0.4 txreq|Host: localhost\\r\r\n**** c1    0.4 txreq|\\r\r\n**   c1    0.4 === rxresp\r\n**** l1    0.4 begin|\r\n***  l1    0.4 expecting| expect * * Debug vmod-dynamic: vcl1 d1 localhost addr 127.0.0.1\r\n***  s1    0.4 accepted fd 5 127.0.0.1 48766\r\n**   s1    0.4 === rxreq\r\n**** s1    0.4 rxhdr|GET / HTTP/1.1\\r\r\n**** s1    0.4 rxhdr|Host: localhost\\r\r\n**** s1    0.4 rxhdr|X-Forwarded-For: 127.0.0.1\\r\r\n**** s1    0.4 rxhdr|Accept-Encoding: gzip\\r\r\n**** s1    0.4 rxhdr|X-Varnish: 1002\\r\r\n**** s1    0.4 rxhdr|\\r\r\n**** s1    0.4 rxhdrlen = 103\r\n**** s1    0.4 http[ 0] |GET\r\n**** s1    0.4 http[ 1] |/\r\n**** s1    0.4 http[ 2] |HTTP/1.1\r\n**** s1    0.4 http[ 3] |Host: localhost\r\n**** s1    0.4 http[ 4] |X-Forwarded-For: 127.0.0.1\r\n**** s1    0.4 http[ 5] |Accept-Encoding: gzip\r\n**** s1    0.4 http[ 6] |X-Varnish: 1002\r\n**** s1    0.4 bodylen = 0\r\n**   s1    0.4 === txresp\r\n**** s1    0.4 txresp|HTTP/1.1 200 OK\\r\r\n**** s1    0.4 txresp|Content-Length: 0\\r\r\n**** s1    0.4 txresp|\\r\r\n**   s1    0.4 === accept\r\n**** s1    0.4 Accepting\r\n**** v1    0.4 vsl|          0 CLI             - Rd debug.xid 999 \r\n**** v1    0.4 vsl|          0 CLI             - Wr 200 10 XID is 999\r\n**** v1    0.4 vsl|          0 CLI             - Rd debug.listen_address \r\n**** v1    0.4 vsl|          0 CLI             - Wr 200 16 127.0.0.1 20192\r\n\r\n**** v1    0.4 vsl|       1000 Begin           c sess 0 HTTP/1\r\n**** v1    0.4 vsl|       1000 SessOpen        c 127.0.0.1 62387 a0 127.0.0.1 20192 1509992322.088882 23\r\n**** v1    0.4 vsl|       1000 Link            c req 1001 rxreq\r\n**** v1    0.4 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(localhost) Lookup: 1509992322.089067 0.000000 0.000000\r\n**** v1    0.4 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(localhost) Results: 1509992322.089150 0.000082 0.000082\r\n**** v1    0.4 vsl|          0 Debug           - vmod-dynamic: vcl1 d1 localhost addr 127.0.0.1\r\n**** v1    0.4 vsl|          0 VCL_acl         - MATCH ipv4_loopback \"127/24\"\r\n**** v1    0.4 vsl|          0 Debug           - vmod-dynamic: vcl1 d1 localhost add-backend d1(127.0.0.1)\r\n**** v1    0.4 vsl|          0 Debug           - vmod-dynamic: vcl1 d1 localhost ref-backend d1(127.0.0.1) (1 in total)\r\n**** v1    0.4 vsl|          0 Debug           - vmod-dynamic: vcl1 d1 localhost addr 127.0.0.1\r\n**** v1    0.4 vsl|          0 VCL_acl         - MATCH ipv4_loopback \"127/24\"\r\n**** v1    0.4 vsl|          0 Debug           - vmod-dynamic: vcl1 d1 localhost ref-backend d1(127.0.0.1) (2 in total)\r\n**** v1    0.4 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(localhost) Update: 1509992322.089274 0.000207 0.000124\r\n**** v1    0.4 vsl|          0 ExpKill         - EXP_Inbox flg=1e p=0x7f9093fb1020 e=0.000000000 f=0x0\r\n**** v1    0.4 vsl|          0 ExpKill         - EXP_When p=0x7f9093fb1020 e=1509992452.089462042 f=0x1e\r\n**** v1    0.4 vsl|          0 ExpKill         - EXP_expire p=0x7f9093fb1020 e=129.999498844 f=0x0\r\n**** l1    0.4 match|          0 Debug           - vmod-dynamic: vcl1 d1 localhost addr 127.0.0.1\r\n***  l1    0.4 expecting| expect * * VCL_acl ^MATCH ipv4_loopback\r\n**** l1    0.4 match|          0 VCL_acl         - MATCH ipv4_loopback \"127/24\"\r\n***  l1    0.4 expecting| expect * * Debug vmod-dynamic: vcl1 d1 localhost add-backend d1.127.0.0.1.\r\n**** l1    0.4 match|          0 Debug           - vmod-dynamic: vcl1 d1 localhost add-backend d1(127.0.0.1)\r\n***  l1    0.4 expecting| expect * * Debug vmod-dynamic: vcl1 d1 localhost ref-backend d1.127.0.0.1. .1 in total.\r\n**** l1    0.4 match|          0 Debug           - vmod-dynamic: vcl1 d1 localhost ref-backend d1(127.0.0.1) (1 in total)\r\n***  l1    0.4 expecting| expect * * Debug vmod-dynamic: vcl1 d1 img.localhost addr 127.0.0.1\r\n**** c1    0.4 rxhdr|HTTP/1.1 200 OK\\r\r\n**** c1    0.4 rxhdr|Content-Length: 0\\r\r\n**** c1    0.4 rxhdr|Date: Mon, 06 Nov 2017 18:18:42 GMT\\r\r\n**** c1    0.4 rxhdr|X-Varnish: 1001\\r\r\n**** c1    0.4 rxhdr|Age: 0\\r\r\n**** c1    0.4 rxhdr|Via: 1.1 varnish (Varnish/5.2)\\r\r\n**** c1    0.4 rxhdr|Accept-Ranges: bytes\\r\r\n**** c1    0.4 rxhdr|Connection: keep-alive\\r\r\n**** c1    0.4 rxhdr|\\r\r\n**** c1    0.4 rxhdrlen = 178\r\n**** c1    0.4 http[ 0] |HTTP/1.1\r\n**** c1    0.4 http[ 1] |200\r\n**** c1    0.4 http[ 2] |OK\r\n**** c1    0.4 http[ 3] |Content-Length: 0\r\n**** c1    0.4 http[ 4] |Date: Mon, 06 Nov 2017 18:18:42 GMT\r\n**** c1    0.4 http[ 5] |X-Varnish: 1001\r\n**** c1    0.4 http[ 6] |Age: 0\r\n**** c1    0.4 http[ 7] |Via: 1.1 varnish (Varnish/5.2)\r\n**** c1    0.4 http[ 8] |Accept-Ranges: bytes\r\n**** c1    0.4 http[ 9] |Connection: keep-alive\r\n**** c1    0.4 bodylen = 0\r\n**   c1    0.4 === expect resp.status == 200\r\n**** c1    0.4 EXPECT resp.status (200) == \"200\" match\r\n**   c1    0.4 === delay 1.5\r\n***  c1    0.4 delaying 1.5 second(s)\r\n**** v1    0.5 vsl|       1002 Begin           b bereq 1001 fetch\r\n**** v1    0.5 vsl|       1002 Timestamp       b Start: 1509992322.089027 0.000000 0.000000\r\n**** v1    0.5 vsl|       1002 BereqMethod     b GET\r\n**** v1    0.5 vsl|       1002 BereqURL        b /\r\n**** v1    0.5 vsl|       1002 BereqProtocol   b HTTP/1.1\r\n**** v1    0.5 vsl|       1002 BereqHeader     b Host: localhost\r\n**** v1    0.5 vsl|       1002 BereqHeader     b X-Forwarded-For: 127.0.0.1\r\n**** v1    0.5 vsl|       1002 BereqHeader     b Accept-Encoding: gzip\r\n**** v1    0.5 vsl|       1002 BereqHeader     b X-Varnish: 1002\r\n**** v1    0.5 vsl|       1002 VCL_call        b BACKEND_FETCH\r\n**** v1    0.5 vsl|       1002 VCL_return      b fetch\r\n**** v1    0.5 vsl|       1002 BackendOpen     b 26 vcl1.d1(127.0.0.1) 127.0.0.1 26117 127.0.0.1 48766\r\n**** v1    0.5 vsl|       1002 BackendStart    b 127.0.0.1 26117\r\n**** v1    0.5 vsl|       1002 Timestamp       b Bereq: 1509992322.089329 0.000302 0.000302\r\n**** v1    0.5 vsl|       1002 Timestamp       b Beresp: 1509992322.089462 0.000435 0.000134\r\n**** v1    0.5 vsl|       1002 BerespProtocol  b HTTP/1.1\r\n**** v1    0.5 vsl|       1002 BerespStatus    b 200\r\n**** v1    0.5 vsl|       1002 BerespReason    b OK\r\n**** v1    0.5 vsl|       1002 BerespHeader    b Content-Length: 0\r\n**** v1    0.5 vsl|       1002 BerespHeader    b Date: Mon, 06 Nov 2017 18:18:42 GMT\r\n**** v1    0.5 vsl|       1002 TTL             b RFC 120 10 0 1509992322 1509992322 1509992322 0 0\r\n**** v1    0.5 vsl|       1002 VCL_call        b BACKEND_RESPONSE\r\n**** v1    0.5 vsl|       1002 VCL_return      b deliver\r\n**** v1    0.5 vsl|       1002 Storage         b malloc s0\r\n**** v1    0.5 vsl|       1002 ObjProtocol     b HTTP/1.1\r\n**** v1    0.5 vsl|       1002 ObjStatus       b 200\r\n**** v1    0.5 vsl|       1002 ObjReason       b OK\r\n**** v1    0.5 vsl|       1002 ObjHeader       b Content-Length: 0\r\n**** v1    0.5 vsl|       1002 ObjHeader       b Date: Mon, 06 Nov 2017 18:18:42 GMT\r\n**** v1    0.5 vsl|       1002 Fetch_Body      b 0 none -\r\n**** v1    0.5 vsl|       1002 BackendReuse    b 26 vcl1.d1(127.0.0.1)\r\n**** v1    0.5 vsl|       1002 Timestamp       b BerespBody: 1509992322.100090 0.011063 0.010628\r\n**** v1    0.5 vsl|       1002 Length          b 0\r\n**** v1    0.5 vsl|       1002 BereqAcct       b 103 0 103 38 0 38\r\n**** v1    0.5 vsl|       1002 End             b \r\n**** v1    0.5 vsl|       1001 Begin           c req 1000 rxreq\r\n**** v1    0.5 vsl|       1001 Timestamp       c Start: 1509992322.088958 0.000000 0.000000\r\n**** v1    0.5 vsl|       1001 Timestamp       c Req: 1509992322.088958 0.000000 0.000000\r\n**** v1    0.5 vsl|       1001 ReqStart        c 127.0.0.1 62387\r\n**** v1    0.5 vsl|       1001 ReqMethod       c GET\r\n**** v1    0.5 vsl|       1001 ReqURL          c /\r\n**** v1    0.5 vsl|       1001 ReqProtocol     c HTTP/1.1\r\n**** v1    0.5 vsl|       1001 ReqHeader       c Host: localhost\r\n**** v1    0.5 vsl|       1001 ReqHeader       c X-Forwarded-For: 127.0.0.1\r\n**** v1    0.5 vsl|       1001 VCL_call        c RECV\r\n**** v1    0.5 vsl|       1001 VCL_return      c hash\r\n**** v1    0.5 vsl|       1001 VCL_call        c HASH\r\n**** v1    0.5 vsl|       1001 VCL_return      c lookup\r\n**** v1    0.5 vsl|       1001 VCL_call        c MISS\r\n**** v1    0.5 vsl|       1001 VCL_return      c fetch\r\n**** v1    0.5 vsl|       1001 Link            c bereq 1002 fetch\r\n**** v1    0.5 vsl|       1001 Timestamp       c Fetch: 1509992322.100111 0.011153 0.011153\r\n**** v1    0.5 vsl|       1001 RespProtocol    c HTTP/1.1\r\n**** v1    0.5 vsl|       1001 RespStatus      c 200\r\n**** v1    0.5 vsl|       1001 RespReason      c OK\r\n**** v1    0.5 vsl|       1001 RespHeader      c Content-Length: 0\r\n**** v1    0.5 vsl|       1001 RespHeader      c Date: Mon, 06 Nov 2017 18:18:42 GMT\r\n**** v1    0.5 vsl|       1001 RespHeader      c X-Varnish: 1001\r\n**** v1    0.5 vsl|       1001 RespHeader      c Age: 0\r\n**** v1    0.5 vsl|       1001 RespHeader      c Via: 1.1 varnish (Varnish/5.2)\r\n**** v1    0.5 vsl|       1001 VCL_call        c DELIVER\r\n**** v1    0.5 vsl|       1001 VCL_return      c deliver\r\n**** v1    0.5 vsl|       1001 Timestamp       c Process: 1509992322.100124 0.011167 0.000013\r\n**** v1    0.5 vsl|       1001 RespHeader      c Accept-Ranges: bytes\r\n**** v1    0.5 vsl|       1001 RespHeader      c Connection: keep-alive\r\n**** v1    0.5 vsl|       1001 Timestamp       c Resp: 1509992322.100143 0.011186 0.000019\r\n**** v1    0.5 vsl|       1001 ReqAcct         c 35 0 35 178 0 178\r\n**** v1    0.5 vsl|       1001 End             c \r\n**   c1    1.9 === txreq -hdr \"Host: img.localhost\"\r\n**** c1    1.9 txreq|GET / HTTP/1.1\\r\r\n**** c1    1.9 txreq|Host: img.localhost\\r\r\n**** c1    1.9 txreq|\\r\r\n**   c1    1.9 === rxresp\r\n***  s1    1.9 Accepted socket fd is 5\r\n**   s1    1.9 === rxreq\r\n**** s1    1.9 rxhdr|GET / HTTP/1.1\\r\r\n**** s1    1.9 rxhdr|Host: img.localhost\\r\r\n**** s1    1.9 rxhdr|X-Forwarded-For: 127.0.0.1\\r\r\n**** s1    1.9 rxhdr|Accept-Encoding: gzip\\r\r\n**** s1    1.9 rxhdr|X-Varnish: 1004\\r\r\n**** s1    1.9 rxhdr|\\r\r\n**** s1    1.9 rxhdrlen = 107\r\n**** s1    1.9 http[ 0] |GET\r\n**** s1    1.9 http[ 1] |/\r\n**** s1    1.9 http[ 2] |HTTP/1.1\r\n**** s1    1.9 http[ 3] |Host: img.localhost\r\n**** s1    1.9 http[ 4] |X-Forwarded-For: 127.0.0.1\r\n**** s1    1.9 http[ 5] |Accept-Encoding: gzip\r\n**** s1    1.9 http[ 6] |X-Varnish: 1004\r\n**** s1    1.9 bodylen = 0\r\n**   s1    1.9 === txresp\r\n**** s1    1.9 txresp|HTTP/1.1 200 OK\\r\r\n**** s1    1.9 txresp|Content-Length: 0\\r\r\n**** s1    1.9 txresp|\\r\r\n**   s1    1.9 === accept\r\n**** s1    1.9 Accepting\r\n**** l1    1.9 match|          0 Debug           - vmod-dynamic: vcl1 d1 img.localhost addr 127.0.0.1\r\n***  l1    1.9 expecting| expect * * VCL_acl ^MATCH ipv4_loopback\r\n**** l1    1.9 match|          0 VCL_acl         - MATCH ipv4_loopback \"127/24\"\r\n***  l1    1.9 expecting| expect * * Debug vmod-dynamic: vcl1 d1 img.localhost ref-backend d1.127.0.0.1. .2 in total.\r\n**** c1    1.9 rxhdr|HTTP/1.1 200 OK\\r\r\n**** c1    1.9 rxhdr|Content-Length: 0\\r\r\n**** c1    1.9 rxhdr|Date: Mon, 06 Nov 2017 18:18:43 GMT\\r\r\n**** c1    1.9 rxhdr|X-Varnish: 1003\\r\r\n**** c1    1.9 rxhdr|Age: 0\\r\r\n**** c1    1.9 rxhdr|Via: 1.1 varnish (Varnish/5.2)\\r\r\n**** c1    1.9 rxhdr|Accept-Ranges: bytes\\r\r\n**** c1    1.9 rxhdr|Connection: keep-alive\\r\r\n**** c1    1.9 rxhdr|\\r\r\n**** c1    1.9 rxhdrlen = 178\r\n**** c1    1.9 http[ 0] |HTTP/1.1\r\n**** c1    1.9 http[ 1] |200\r\n**** c1    1.9 http[ 2] |OK\r\n**** c1    1.9 http[ 3] |Content-Length: 0\r\n**** c1    1.9 http[ 4] |Date: Mon, 06 Nov 2017 18:18:43 GMT\r\n**** c1    1.9 http[ 5] |X-Varnish: 1003\r\n**** c1    1.9 http[ 6] |Age: 0\r\n**** c1    1.9 http[ 7] |Via: 1.1 varnish (Varnish/5.2)\r\n**** c1    1.9 http[ 8] |Accept-Ranges: bytes\r\n**** c1    1.9 http[ 9] |Connection: keep-alive\r\n**** c1    1.9 bodylen = 0\r\n**   c1    1.9 === expect resp.status == 200\r\n**** c1    1.9 EXPECT resp.status (200) == \"200\" match\r\n**   c1    1.9 === txreq -hdr \"Host: www.localhost\"\r\n**** c1    1.9 txreq|GET / HTTP/1.1\\r\r\n**** c1    1.9 txreq|Host: www.localhost\\r\r\n**** c1    1.9 txreq|\\r\r\n**   c1    1.9 === rxresp\r\n***  s1    1.9 Accepted socket fd is 5\r\n**   s1    1.9 === rxreq\r\n**** s1    1.9 rxhdr|GET / HTTP/1.1\\r\r\n**** s1    1.9 rxhdr|Host: www.localhost\\r\r\n**** s1    1.9 rxhdr|X-Forwarded-For: 127.0.0.1\\r\r\n**** s1    1.9 rxhdr|Accept-Encoding: gzip\\r\r\n**** s1    1.9 rxhdr|X-Varnish: 1006\\r\r\n**** s1    1.9 rxhdr|\\r\r\n**** s1    1.9 rxhdrlen = 107\r\n**** s1    1.9 http[ 0] |GET\r\n**** s1    1.9 http[ 1] |/\r\n**** s1    1.9 http[ 2] |HTTP/1.1\r\n**** s1    1.9 http[ 3] |Host: www.localhost\r\n**** s1    1.9 http[ 4] |X-Forwarded-For: 127.0.0.1\r\n**** s1    1.9 http[ 5] |Accept-Encoding: gzip\r\n**** s1    1.9 http[ 6] |X-Varnish: 1006\r\n**** s1    1.9 bodylen = 0\r\n**   s1    1.9 === txresp\r\n**** s1    1.9 txresp|HTTP/1.1 200 OK\\r\r\n**** s1    1.9 txresp|Content-Length: 0\\r\r\n**** s1    1.9 txresp|\\r\r\n***  s1    1.9 shutting fd 5\r\n**   s1    1.9 Ending\r\n**** c1    1.9 rxhdr|HTTP/1.1 200 OK\\r\r\n**** c1    1.9 rxhdr|Content-Length: 0\\r\r\n**** c1    1.9 rxhdr|Date: Mon, 06 Nov 2017 18:18:43 GMT\\r\r\n**** c1    1.9 rxhdr|X-Varnish: 1005\\r\r\n**** c1    1.9 rxhdr|Age: 0\\r\r\n**** c1    1.9 rxhdr|Via: 1.1 varnish (Varnish/5.2)\\r\r\n**** c1    1.9 rxhdr|Accept-Ranges: bytes\\r\r\n**** c1    1.9 rxhdr|Connection: keep-alive\\r\r\n**** c1    1.9 rxhdr|\\r\r\n**** c1    1.9 rxhdrlen = 178\r\n**** c1    1.9 http[ 0] |HTTP/1.1\r\n**** c1    1.9 http[ 1] |200\r\n**** c1    1.9 http[ 2] |OK\r\n**** c1    1.9 http[ 3] |Content-Length: 0\r\n**** c1    1.9 http[ 4] |Date: Mon, 06 Nov 2017 18:18:43 GMT\r\n**** c1    1.9 http[ 5] |X-Varnish: 1005\r\n**** c1    1.9 http[ 6] |Age: 0\r\n**** c1    1.9 http[ 7] |Via: 1.1 varnish (Varnish/5.2)\r\n**** c1    1.9 http[ 8] |Accept-Ranges: bytes\r\n**** c1    1.9 http[ 9] |Connection: keep-alive\r\n**** c1    1.9 bodylen = 0\r\n**   c1    1.9 === expect resp.status == 200\r\n**** c1    1.9 EXPECT resp.status (200) == \"200\" match\r\n***  c1    1.9 closing fd 22\r\n**   c1    1.9 Ending\r\n**   top   1.9 === logexpect l1 -wait\r\n**   l1    1.9 Waiting for logexp\r\n**** v1    2.0 vsl|       1000 Link            c req 1003 rxreq\r\n**** v1    2.0 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(localhost) Done: 1509992323.601068 0.000000 0.000000\r\n**** v1    2.0 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(img.localhost) Lookup: 1509992323.601132 0.000000 0.000000\r\n**** v1    2.0 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(img.localhost) Results: 1509992323.601148 0.000016 0.000016\r\n**** v1    2.0 vsl|          0 Debug           - vmod-dynamic: vcl1 d1 img.localhost addr 127.0.0.1\r\n**** v1    2.0 vsl|          0 VCL_acl         - MATCH ipv4_loopback \"127/24\"\r\n**** v1    2.0 vsl|          0 Debug           - vmod-dynamic: vcl1 d1 img.localhost ref-backend d1(127.0.0.1) (3 in total)\r\n**** v1    2.0 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(img.localhost) Update: 1509992323.601160 0.000028 0.000011\r\n**** v1    2.0 vsl|          0 ExpKill         - EXP_expire p=0x7f9093fb1020 e=128.488030434 f=0x0\r\n**** v1    2.0 vsl|          0 ExpKill         - EXP_Inbox flg=1e p=0x7f9093fb10c0 e=0.000000000 f=0x0\r\n**** v1    2.0 vsl|          0 ExpKill         - EXP_When p=0x7f9093fb10c0 e=1509992453.601392269 f=0x1e\r\n**** v1    2.0 vsl|          0 ExpKill         - EXP_expire p=0x7f9093fb1020 e=128.488025188 f=0x0\r\n**** v1    2.0 vsl|       1004 Begin           b bereq 1003 fetch\r\n**** v1    2.0 vsl|       1004 Timestamp       b Start: 1509992323.601037 0.000000 0.000000\r\n**** v1    2.0 vsl|       1004 BereqMethod     b GET\r\n**** v1    2.0 vsl|       1004 BereqURL        b /\r\n**** v1    2.0 vsl|       1004 BereqProtocol   b HTTP/1.1\r\n**** v1    2.0 vsl|       1004 BereqHeader     b Host: img.localhost\r\n**** v1    2.0 vsl|       1004 BereqHeader     b X-Forwarded-For: 127.0.0.1\r\n**** v1    2.0 vsl|       1004 BereqHeader     b Accept-Encoding: gzip\r\n**** v1    2.0 vsl|       1004 BereqHeader     b X-Varnish: 1004\r\n**** v1    2.0 vsl|       1004 VCL_call        b BACKEND_FETCH\r\n**** v1    2.0 vsl|       1004 VCL_return      b fetch\r\n**** v1    2.0 vsl|       1004 BackendOpen     b 26 vcl1.d1(127.0.0.1) 127.0.0.1 26117 127.0.0.1 48770\r\n**** v1    2.0 vsl|       1004 BackendStart    b 127.0.0.1 26117\r\n**** v1    2.0 vsl|       1004 Timestamp       b Bereq: 1509992323.601244 0.000207 0.000207\r\n**** v1    2.0 vsl|       1004 Timestamp       b Beresp: 1509992323.601392 0.000355 0.000148\r\n**** v1    2.0 vsl|       1004 BerespProtocol  b HTTP/1.1\r\n**** v1    2.0 vsl|       1004 BerespStatus    b 200\r\n**** v1    2.0 vsl|       1004 BerespReason    b OK\r\n**** v1    2.0 vsl|       1004 BerespHeader    b Content-Length: 0\r\n**** v1    2.0 vsl|       1004 BerespHeader    b Date: Mon, 06 Nov 2017 18:18:43 GMT\r\n**** v1    2.0 vsl|       1004 TTL             b RFC 120 10 0 1509992324 1509992324 1509992323 0 0\r\n**** v1    2.0 vsl|       1004 VCL_call        b BACKEND_RESPONSE\r\n**** v1    2.0 vsl|       1004 VCL_return      b deliver\r\n**** v1    2.0 vsl|       1004 Storage         b malloc s0\r\n**** v1    2.0 vsl|       1004 ObjProtocol     b HTTP/1.1\r\n**** v1    2.0 vsl|       1004 ObjStatus       b 200\r\n**** v1    2.0 vsl|       1004 ObjReason       b OK\r\n**** v1    2.0 vsl|       1004 ObjHeader       b Content-Length: 0\r\n**** v1    2.0 vsl|       1004 ObjHeader       b Date: Mon, 06 Nov 2017 18:18:43 GMT\r\n**** v1    2.0 vsl|       1004 Fetch_Body      b 0 none -\r\n**** v1    2.0 vsl|       1004 BackendReuse    b 26 vcl1.d1(127.0.0.1)\r\n**** v1    2.0 vsl|       1004 Timestamp       b BerespBody: 1509992323.611567 0.010530 0.010175\r\n**** v1    2.0 vsl|       1004 Length          b 0\r\n**** v1    2.0 vsl|       1004 BereqAcct       b 107 0 107 38 0 38\r\n**** v1    2.0 vsl|       1004 End             b \r\n**** v1    2.0 vsl|       1003 Begin           c req 1000 rxreq\r\n**** v1    2.0 vsl|       1003 Timestamp       c Start: 1509992323.600570 0.000000 0.000000\r\n**** v1    2.0 vsl|       1003 Timestamp       c Req: 1509992323.600570 0.000000 0.000000\r\n**** v1    2.0 vsl|       1003 ReqStart        c 127.0.0.1 62387\r\n**** v1    2.0 vsl|       1003 ReqMethod       c GET\r\n**** v1    2.0 vsl|       1003 ReqURL          c /\r\n**** v1    2.0 vsl|       1003 ReqProtocol     c HTTP/1.1\r\n**** v1    2.0 vsl|       1003 ReqHeader       c Host: img.localhost\r\n**** v1    2.0 vsl|       1003 ReqHeader       c X-Forwarded-For: 127.0.0.1\r\n**** v1    2.0 vsl|       1003 VCL_call        c RECV\r\n**** v1    2.0 vsl|       1003 VCL_Log         c vmod-dynamic: vcl1 d1 localhost timeout\r\n**** v1    2.0 vsl|       1003 VCL_return      c hash\r\n**** v1    2.0 vsl|       1003 VCL_call        c HASH\r\n**** v1    2.0 vsl|       1003 VCL_return      c lookup\r\n**** v1    2.0 vsl|       1003 VCL_call        c MISS\r\n**** v1    2.0 vsl|       1003 VCL_return      c fetch\r\n**** v1    2.0 vsl|       1003 Link            c bereq 1004 fetch\r\n**** v1    2.0 vsl|       1003 Timestamp       c Fetch: 1509992323.611600 0.011030 0.011030\r\n**** v1    2.0 vsl|       1003 RespProtocol    c HTTP/1.1\r\n**** v1    2.0 vsl|       1003 RespStatus      c 200\r\n**** v1    2.0 vsl|       1003 RespReason      c OK\r\n**** v1    2.0 vsl|       1003 RespHeader      c Content-Length: 0\r\n**** v1    2.0 vsl|       1003 RespHeader      c Date: Mon, 06 Nov 2017 18:18:43 GMT\r\n**** v1    2.0 vsl|       1003 RespHeader      c X-Varnish: 1003\r\n**** v1    2.0 vsl|       1003 RespHeader      c Age: 0\r\n**** v1    2.0 vsl|       1003 RespHeader      c Via: 1.1 varnish (Varnish/5.2)\r\n**** v1    2.0 vsl|       1003 VCL_call        c DELIVER\r\n**** v1    2.0 vsl|       1003 VCL_return      c deliver\r\n**** v1    2.0 vsl|       1003 Timestamp       c Process: 1509992323.611609 0.011038 0.000008\r\n**** v1    2.0 vsl|       1003 RespHeader      c Accept-Ranges: bytes\r\n**** v1    2.0 vsl|       1003 RespHeader      c Connection: keep-alive\r\n**** v1    2.0 vsl|       1003 Timestamp       c Resp: 1509992323.611627 0.011057 0.000019\r\n**** v1    2.0 vsl|       1003 ReqAcct         c 39 0 39 178 0 178\r\n**** v1    2.0 vsl|       1003 End             c \r\n**** v1    2.0 vsl|       1000 Link            c req 1005 rxreq\r\n**** v1    2.0 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(www.localhost) Lookup: 1509992323.611864 0.000000 0.000000\r\n**** v1    2.0 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(www.localhost) Results: 1509992323.611876 0.000013 0.000013\r\n**** v1    2.0 vsl|          0 Debug           - vmod-dynamic: vcl1 d1 www.localhost addr 127.0.0.1\r\n**** v1    2.0 vsl|          0 VCL_acl         - MATCH ipv4_loopback \"127/24\"\r\n**** v1    2.0 vsl|          0 Debug           - vmod-dynamic: vcl1 d1 www.localhost ref-backend d1(127.0.0.1) (2 in total)\r\n**** v1    2.0 vsl|          0 Timestamp       - vmod-dynamic vcl1.d1(www.localhost) Update: 1509992323.611887 0.000023 0.000010\r\n**** v1    2.0 vsl|          0 ExpKill         - EXP_expire p=0x7f9093fb1020 e=128.477345943 f=0x0\r\n**** v1    2.0 vsl|          0 ExpKill         - EXP_Inbox flg=1e p=0x7f9093fb1160 e=0.000000000 f=0x0\r\n**** v1    2.0 vsl|          0 ExpKill         - EXP_When p=0x7f9093fb1160 e=1509992453.612084389 f=0x1e\r\n**** v1    2.0 vsl|          0 ExpKill         - EXP_expire p=0x7f9093fb1020 e=128.477341175 f=0x0\r\n**** v1    2.0 vsl|       1006 Begin           b bereq 1005 fetch\r\n**** v1    2.0 vsl|       1006 Timestamp       b Start: 1509992323.611839 0.000000 0.000000\r\n**** v1    2.0 vsl|       1006 BereqMethod     b GET\r\n**** v1    2.0 vsl|       1006 BereqURL        b /\r\n**** v1    2.0 vsl|       1006 BereqProtocol   b HTTP/1.1\r\n**** v1    2.0 vsl|       1006 BereqHeader     b Host: www.localhost\r\n**** v1    2.0 vsl|       1006 BereqHeader     b X-Forwarded-For: 127.0.0.1\r\n**** v1    2.0 vsl|       1006 BereqHeader     b Accept-Encoding: gzip\r\n**** v1    2.0 vsl|       1006 BereqHeader     b X-Varnish: 1006\r\n**** v1    2.0 vsl|       1006 VCL_call        b BACKEND_FETCH\r\n**** v1    2.0 vsl|       1006 VCL_return      b fetch\r\n**** v1    2.0 vsl|       1006 BackendOpen     b 26 vcl1.d1(127.0.0.1) 127.0.0.1 26117 127.0.0.1 48772\r\n**** v1    2.0 vsl|       1006 BackendStart    b 127.0.0.1 26117\r\n**** v1    2.0 vsl|       1006 Timestamp       b Bereq: 1509992323.611935 0.000096 0.000096\r\n**** v1    2.0 vsl|       1006 Timestamp       b Beresp: 1509992323.612084 0.000245 0.000150\r\n**** v1    2.0 vsl|       1006 BerespProtocol  b HTTP/1.1\r\n**** v1    2.0 vsl|       1006 BerespStatus    b 200\r\n**** v1    2.0 vsl|       1006 BerespReason    b OK\r\n**** v1    2.0 vsl|       1006 BerespHeader    b Content-Length: 0\r\n**** v1    2.0 vsl|       1006 BerespHeader    b Date: Mon, 06 Nov 2017 18:18:43 GMT\r\n**** v1    2.0 vsl|       1006 TTL             b RFC 120 10 0 1509992324 1509992324 1509992323 0 0\r\n**** v1    2.0 vsl|       1006 VCL_call        b BACKEND_RESPONSE\r\n**** v1    2.0 vsl|       1006 VCL_return      b deliver\r\n**** v1    2.0 vsl|       1006 Storage         b malloc s0\r\n**** v1    2.0 vsl|       1006 ObjProtocol     b HTTP/1.1\r\n**** v1    2.0 vsl|       1006 ObjStatus       b 200\r\n**** v1    2.0 vsl|       1006 ObjReason       b OK\r\n**** v1    2.0 vsl|       1006 ObjHeader       b Content-Length: 0\r\n**** v1    2.0 vsl|       1006 ObjHeader       b Date: Mon, 06 Nov 2017 18:18:43 GMT\r\n**** v1    2.0 vsl|       1006 Fetch_Body      b 0 none -\r\n**** v1    2.0 vsl|       1006 BackendReuse    b 26 vcl1.d1(127.0.0.1)\r\n**** v1    2.0 vsl|       1006 Timestamp       b BerespBody: 1509992323.622266 0.010427 0.010182\r\n**** v1    2.0 vsl|       1006 Length          b 0\r\n**** v1    2.0 vsl|       1006 BereqAcct       b 107 0 107 38 0 38\r\n**** v1    2.0 vsl|       1006 End             b \r\n**** v1    2.0 vsl|       1005 Begin           c req 1000 rxreq\r\n**** v1    2.0 vsl|       1005 Timestamp       c Start: 1509992323.611790 0.000000 0.000000\r\n**** v1    2.0 vsl|       1005 Timestamp       c Req: 1509992323.611790 0.000000 0.000000\r\n**** v1    2.0 vsl|       1005 ReqStart        c 127.0.0.1 62387\r\n**** v1    2.0 vsl|       1005 ReqMethod       c GET\r\n**** v1    2.0 vsl|       1005 ReqURL          c /\r\n**** v1    2.0 vsl|       1005 ReqProtocol     c HTTP/1.1\r\n**** v1    2.0 vsl|       1005 ReqHeader       c Host: www.localhost\r\n**** v1    2.0 vsl|       1005 ReqHeader       c X-Forwarded-For: 127.0.0.1\r\n**** v1    2.0 vsl|       1005 VCL_call        c RECV\r\n**** v1    2.0 vsl|       1005 VCL_Log         c vmod-dynamic: vcl1 d1 localhost deleted\r\n**** v1    2.0 vsl|       1005 Debug           c vmod-dynamic: vcl1 d1 localhost unref-backend d1(127.0.0.1) (2 remaining)\r\n**** v1    2.0 vsl|       1005 Debug           c vmod-dynamic: vcl1 d1 localhost unref-backend d1(127.0.0.1) (1 remaining)\r\n**** v1    2.0 vsl|       1005 VCL_return      c hash\r\n**** v1    2.0 vsl|       1005 VCL_call        c HASH\r\n**** v1    2.0 vsl|       1005 VCL_return      c lookup\r\n**** v1    2.0 vsl|       1005 VCL_call        c MISS\r\n**** v1    2.0 vsl|       1005 VCL_return      c fetch\r\n**** v1    2.0 vsl|       1005 Link            c bereq 1006 fetch\r\n**** v1    2.0 vsl|       1005 Timestamp       c Fetch: 1509992323.622296 0.010506 0.010506\r\n**** v1    2.0 vsl|       1005 RespProtocol    c HTTP/1.1\r\n**** v1    2.0 vsl|       1005 RespStatus      c 200\r\n**** v1    2.0 vsl|       1005 RespReason      c OK\r\n**** v1    2.0 vsl|       1005 RespHeader      c Content-Length: 0\r\n**** v1    2.0 vsl|       1005 RespHeader      c Date: Mon, 06 Nov 2017 18:18:43 GMT\r\n**** v1    2.0 vsl|       1005 RespHeader      c X-Varnish: 1005\r\n**** v1    2.0 vsl|       1005 RespHeader      c Age: 0\r\n**** v1    2.0 vsl|       1005 RespHeader      c Via: 1.1 varnish (Varnish/5.2)\r\n**** v1    2.0 vsl|       1005 VCL_call        c DELIVER\r\n**** v1    2.0 vsl|       1005 VCL_return      c deliver\r\n**** v1    2.0 vsl|       1005 Timestamp       c Process: 1509992323.622311 0.010521 0.000015\r\n**** v1    2.0 vsl|       1005 RespHeader      c Accept-Ranges: bytes\r\n**** v1    2.0 vsl|       1005 RespHeader      c Connection: keep-alive\r\n**** v1    2.0 vsl|       1005 Timestamp       c Resp: 1509992323.622345 0.010555 0.000034\r\n**** v1    2.0 vsl|       1005 ReqAcct         c 39 0 39 178 0 178\r\n**** v1    2.0 vsl|       1005 End             c \r\n**** v1    2.0 vsl|       1000 SessClose       c REM_CLOSE 1.534\r\n**** v1    2.0 vsl|       1000 End             c \r\n**** v1    3.3 vsl|          0 CLI             - Rd ping\r\n**** v1    3.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992324 1.0\r\n**** v1    6.3 vsl|          0 CLI             - Rd ping\r\n**** v1    6.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992327 1.0\r\n**** v1    9.3 vsl|          0 CLI             - Rd ping\r\n**** v1    9.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992330 1.0\r\n**** v1   12.3 vsl|          0 CLI             - Rd ping\r\n**** v1   12.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992333 1.0\r\n**** v1   15.3 vsl|          0 CLI             - Rd ping\r\n**** v1   15.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992336 1.0\r\n**** v1   18.3 vsl|          0 CLI             - Rd ping\r\n**** v1   18.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992339 1.0\r\n**** v1   21.3 vsl|          0 CLI             - Rd ping\r\n**** v1   21.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992342 1.0\r\n**** v1   24.3 vsl|          0 CLI             - Rd ping\r\n**** v1   24.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992345 1.0\r\n**** v1   27.4 vsl|          0 CLI             - Rd ping\r\n**** v1   27.4 vsl|          0 CLI             - Wr 200 19 PONG 1509992348 1.0\r\n**** v1   30.4 vsl|          0 CLI             - Rd ping\r\n**** v1   30.4 vsl|          0 CLI             - Wr 200 19 PONG 1509992351 1.0\r\n**** v1   33.4 vsl|          0 CLI             - Rd ping\r\n**** v1   33.4 vsl|          0 CLI             - Wr 200 19 PONG 1509992354 1.0\r\n**** v1   36.4 vsl|          0 CLI             - Rd ping\r\n**** v1   36.4 vsl|          0 CLI             - Wr 200 19 PONG 1509992357 1.0\r\n**** v1   39.4 vsl|          0 CLI             - Rd ping\r\n**** v1   39.4 vsl|          0 CLI             - Wr 200 19 PONG 1509992360 1.0\r\n**** v1   42.4 vsl|          0 CLI             - Rd ping\r\n**** v1   42.4 vsl|          0 CLI             - Wr 200 19 PONG 1509992363 1.0\r\n**** v1   45.3 vsl|          0 CLI             - Rd ping\r\n**** v1   45.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992366 1.0\r\n**** v1   48.3 vsl|          0 CLI             - Rd ping\r\n**** v1   48.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992369 1.0\r\n**** v1   51.3 vsl|          0 CLI             - Rd ping\r\n**** v1   51.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992372 1.0\r\n**** v1   54.3 vsl|          0 CLI             - Rd ping\r\n**** v1   54.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992375 1.0\r\n**** v1   57.3 vsl|          0 CLI             - Rd ping\r\n**** v1   57.3 vsl|          0 CLI             - Wr 200 19 PONG 1509992378 1.0\r\n#    top  TEST ./tests/test07.vtc TIMED OUT (kill -9)\r\n#    top  TEST ./tests/test07.vtc FAILED (60.031) signal=9\r\nFAIL tests/test07.vtc (exit status: 2)\r\n\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/31/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/31/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/32","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/32/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/32/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/32/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/32","id":275660712,"node_id":"MDU6SXNzdWUyNzU2NjA3MTI=","number":32,"title":"Assert error in vca_acct(), cache/cache_acceptor.c line 497 while initailly loading the module","user":{"login":"jpastuszek","id":20052,"node_id":"MDQ6VXNlcjIwMDUy","avatar_url":"https://avatars.githubusercontent.com/u/20052?v=4","gravatar_id":"","url":"https://api.github.com/users/jpastuszek","html_url":"https://github.com/jpastuszek","followers_url":"https://api.github.com/users/jpastuszek/followers","following_url":"https://api.github.com/users/jpastuszek/following{/other_user}","gists_url":"https://api.github.com/users/jpastuszek/gists{/gist_id}","starred_url":"https://api.github.com/users/jpastuszek/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/jpastuszek/subscriptions","organizations_url":"https://api.github.com/users/jpastuszek/orgs","repos_url":"https://api.github.com/users/jpastuszek/repos","events_url":"https://api.github.com/users/jpastuszek/events{/privacy}","received_events_url":"https://api.github.com/users/jpastuszek/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2017-11-21T10:33:18Z","updated_at":"2017-11-21T14:00:37Z","closed_at":"2017-11-21T14:00:37Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I am using varnish 4.1.3.\r\nWhen loading this module into running Varnish instance it crashes on assertion an I lose my cache:\r\n```Assert error in vca_acct(), cache/cache_acceptor.c line 497:   Condition(ls->sock > 0) not true. thread = (cache-acceptor) version = varnish-4.1.3 revision 5e3b6d2 ident = Linux,4.4.16-27.56.amzn1.x86_64,x86_64,-junix,-smalloc,-smalloc,-hcritbit,epoll Backtrace:   0x432f23: varnishd() [0x432f23]   0x40efc0: varnishd(VCA_NewPool+0) [0x40efc0]   0x7f6f5ea69dc5: libpthread.so.0(+0x7dc5) [0x7f6f5ea69dc5]   0x7f6f5e796c9d: libc.so.6(clone+0x6d) [0x7f6f5e796c9d]```\r\nThis makes it difficult to introduce it to running system (cache loss).","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/32/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/32/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/33","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/33/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/33/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/33/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/33","id":291752206,"node_id":"MDU6SXNzdWUyOTE3NTIyMDY=","number":33,"title":"libvmod-dynamic only uses 3 ips from 10: add tcp query support","user":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2018-01-25T23:28:19Z","updated_at":"2019-07-13T16:47:45Z","closed_at":"2018-01-26T02:17:48Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I have a setup where i have multiple backends (10) and use consul to manage the available backend list.  Today i noticed that only a few backends (usually 3) are used, but they are always changing, on every minute, as i set `TTL= 60s`\r\n\r\n```\r\n$ while sleep 60; do varnishadm -n $HOSTNAME.live backend.list | grep _p  ; echo ; done \r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.154.202) probe      Healthy             5/5 Thu, 25 Jan 2018 23:00:06 GMT\r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.243.214) probe      Healthy             5/5 Thu, 25 Jan 2018 23:01:06 GMT\r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.249.132) probe      Healthy             5/5 Thu, 25 Jan 2018 23:01:06 GMT\r\n\r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.243.214) probe      Healthy             5/5 Thu, 25 Jan 2018 23:01:06 GMT\r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.219.96) probe      Healthy             5/5 Thu, 25 Jan 2018 23:02:06 GMT\r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.150.186) probe      Healthy             5/5 Thu, 25 Jan 2018 23:02:06 GMT\r\n\r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.249.132) probe      Healthy             5/5 Thu, 25 Jan 2018 23:03:06 GMT\r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.251.37) probe      Healthy             5/5 Thu, 25 Jan 2018 23:03:06 GMT\r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.154.202) probe      Healthy             5/5 Thu, 25 Jan 2018 23:03:06 GMT\r\n\r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.251.37) probe      Healthy             5/5 Thu, 25 Jan 2018 23:03:06 GMT\r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.161.48) probe      Healthy             5/5 Thu, 25 Jan 2018 23:04:06 GMT\r\nvcl_7da98ec3-be47-4ef6-88f6-42c0208b12e0.alice_p(172.30.209.195) probe      Healthy             5/5 Thu, 25 Jan 2018 23:04:06 GMT\r\n```\r\n\r\nA normal udp query return 3 entries:\r\n```\r\n$ host  alice-live-p.service.consul.\r\nalice-live-p.service.consul has address 172.30.209.195\r\nalice-live-p.service.consul has address 172.30.251.37\r\nalice-live-p.service.consul has address 172.30.161.48\r\n```\r\nbut using TCP query, we get the list of 10 IPs:\r\n```\r\n$ host -T  alice-live-p.service.consul.\r\nalice-live-p.service.consul has address 172.30.251.37\r\nalice-live-p.service.consul has address 172.30.219.96\r\nalice-live-p.service.consul has address 172.30.150.186\r\nalice-live-p.service.consul has address 172.30.209.195\r\nalice-live-p.service.consul has address 172.30.133.54\r\nalice-live-p.service.consul has address 172.30.154.202\r\nalice-live-p.service.consul has address 172.30.161.48\r\nalice-live-p.service.consul has address 172.30.137.218\r\nalice-live-p.service.consul has address 172.30.249.132\r\nalice-live-p.service.consul has address 172.30.243.214\r\n```\r\n\r\nSo looks like the module is using UDP for the query... i think if there is support  for TCP queries, it maybe would return the 10 IP list and use all the available backends\r\n\r\n","closed_by":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/33/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/33/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/35","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/35/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/35/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/35/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/35","id":305604786,"node_id":"MDU6SXNzdWUzMDU2MDQ3ODY=","number":35,"title":"Backend seems sick on first access","user":{"login":"ghost","id":10137,"node_id":"MDQ6VXNlcjEwMTM3","avatar_url":"https://avatars.githubusercontent.com/u/10137?v=4","gravatar_id":"","url":"https://api.github.com/users/ghost","html_url":"https://github.com/ghost","followers_url":"https://api.github.com/users/ghost/followers","following_url":"https://api.github.com/users/ghost/following{/other_user}","gists_url":"https://api.github.com/users/ghost/gists{/gist_id}","starred_url":"https://api.github.com/users/ghost/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/ghost/subscriptions","organizations_url":"https://api.github.com/users/ghost/orgs","repos_url":"https://api.github.com/users/ghost/repos","events_url":"https://api.github.com/users/ghost/events{/privacy}","received_events_url":"https://api.github.com/users/ghost/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":17,"created_at":"2018-03-15T15:36:34Z","updated_at":"2018-04-17T09:58:02Z","closed_at":"2018-03-16T16:10:07Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi.\r\n\r\nI have Varnish 5.2.1 with vmod dynamic installed from Yum Repositories on CentOS7 Server, and i'm facing this situation: after a vcl reload the first call to a site server by vmod_dynamic director give me the mainenance page, like the backend was sick, bat the backend is up and running, so simply hitting F5 gave me access to the site.\r\n\r\nMaybe a problem with the first dns lookup? Or maybe i've made some misconfiguration?\r\n\r\nWhat other info do you need to help me with this problem?\r\n\r\nBest Regard","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/35/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/35/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/36","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/36/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/36/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/36/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/36","id":307665895,"node_id":"MDU6SXNzdWUzMDc2NjU4OTU=","number":36,"title":"Difficulty building against varnish 5.2.1 for xkey vmod","user":{"login":"hardik8585","id":32997161,"node_id":"MDQ6VXNlcjMyOTk3MTYx","avatar_url":"https://avatars.githubusercontent.com/u/32997161?v=4","gravatar_id":"","url":"https://api.github.com/users/hardik8585","html_url":"https://github.com/hardik8585","followers_url":"https://api.github.com/users/hardik8585/followers","following_url":"https://api.github.com/users/hardik8585/following{/other_user}","gists_url":"https://api.github.com/users/hardik8585/gists{/gist_id}","starred_url":"https://api.github.com/users/hardik8585/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/hardik8585/subscriptions","organizations_url":"https://api.github.com/users/hardik8585/orgs","repos_url":"https://api.github.com/users/hardik8585/repos","events_url":"https://api.github.com/users/hardik8585/events{/privacy}","received_events_url":"https://api.github.com/users/hardik8585/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2018-03-22T14:25:40Z","updated_at":"2018-03-22T14:35:00Z","closed_at":"2018-03-22T14:35:00Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"./bootstrap\r\n+ mkdir -p m4\r\n+ aclocal -I m4 -I /usr/share/aclocal\r\n+ libtoolize --copy --force\r\nlibtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, `build-aux'.\r\nlibtoolize: copying file `build-aux/ltmain.sh'\r\nlibtoolize: putting macros in AC_CONFIG_MACRO_DIR, `m4'.\r\nlibtoolize: copying file `m4/libtool.m4'\r\nlibtoolize: copying file `m4/ltoptions.m4'\r\nlibtoolize: copying file `m4/ltsugar.m4'\r\nlibtoolize: copying file `m4/ltversion.m4'\r\nlibtoolize: copying file `m4/lt~obsolete.m4'\r\n+ autoheader\r\n+ automake --add-missing --copy --foreign\r\nsrc/Makefile.am:24: error: 'vmod_LTLIBRARIES' is used but 'vmoddir' is undefined\r\nsrc/Makefile.am:51: warning: variable 'libvmod_header_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:51: library has 'libvmod_header_la' as canonical name (possible typo)\r\nsrc/Makefile.am:65: warning: variable 'nodist_libvmod_xkey_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:65: library has 'libvmod_xkey_la' as canonical name (possible typo)\r\nsrc/Makefile.am:61: warning: variable 'nodist_libvmod_vsthrottle_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:61: library has 'libvmod_vsthrottle_la' as canonical name (possible typo)\r\nsrc/Makefile.am:56: warning: variable 'libvmod_xkey_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:56: library has 'libvmod_xkey_la' as canonical name (possible typo)\r\nsrc/Makefile.am:64: warning: variable 'nodist_libvmod_var_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:64: library has 'libvmod_var_la' as canonical name (possible typo)\r\nsrc/Makefile.am:53: warning: variable 'libvmod_saintmode_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:53: library has 'libvmod_saintmode_la' as canonical name (possible typo)\r\nsrc/Makefile.am:58: warning: variable 'nodist_libvmod_bodyaccess_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:58: library has 'libvmod_bodyaccess_la' as canonical name (possible typo)\r\nsrc/Makefile.am:63: warning: variable 'nodist_libvmod_tcp_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:63: library has 'libvmod_tcp_la' as canonical name (possible typo)\r\nsrc/Makefile.am:59: warning: variable 'nodist_libvmod_cookie_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:59: library has 'libvmod_cookie_la' as canonical name (possible typo)\r\nsrc/Makefile.am:62: warning: variable 'nodist_libvmod_saintmode_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:62: library has 'libvmod_saintmode_la' as canonical name (possible typo)\r\nsrc/Makefile.am:50: warning: variable 'libvmod_cookie_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:50: library has 'libvmod_cookie_la' as canonical name (possible typo)\r\nsrc/Makefile.am:55: warning: variable 'libvmod_var_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:55: library has 'libvmod_var_la' as canonical name (possible typo)\r\nsrc/Makefile.am:83: warning: variable 'nodist_libvmod_softpurge_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:83: library has 'libvmod_softpurge_la' as canonical name (possible typo)\r\nsrc/Makefile.am:60: warning: variable 'nodist_libvmod_header_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:60: library has 'libvmod_header_la' as canonical name (possible typo)\r\nsrc/Makefile.am:52: warning: variable 'libvmod_vsthrottle_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:52: library has 'libvmod_vsthrottle_la' as canonical name (possible typo)\r\nsrc/Makefile.am:49: warning: variable 'libvmod_bodyaccess_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:49: library has 'libvmod_bodyaccess_la' as canonical name (possible typo)\r\nsrc/Makefile.am:54: warning: variable 'libvmod_tcp_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:54: library has 'libvmod_tcp_la' as canonical name (possible typo)\r\nsrc/Makefile.am:82: warning: variable 'libvmod_softpurge_la_SOURCES' is defined but no program or\r\nsrc/Makefile.am:82: library has 'libvmod_softpurge_la' as canonical name (possible typo)\r\n\r\n\r\nBecause of this error, its now generating configure file.","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/36/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/36/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/37","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/37/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/37/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/37/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/37","id":308541202,"node_id":"MDU6SXNzdWUzMDg1NDEyMDI=","number":37,"title":"ABI mismatch against Varnish 6.0 - RPM package needs a bump?","user":{"login":"slawekm","id":4246560,"node_id":"MDQ6VXNlcjQyNDY1NjA=","avatar_url":"https://avatars.githubusercontent.com/u/4246560?v=4","gravatar_id":"","url":"https://api.github.com/users/slawekm","html_url":"https://github.com/slawekm","followers_url":"https://api.github.com/users/slawekm/followers","following_url":"https://api.github.com/users/slawekm/following{/other_user}","gists_url":"https://api.github.com/users/slawekm/gists{/gist_id}","starred_url":"https://api.github.com/users/slawekm/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slawekm/subscriptions","organizations_url":"https://api.github.com/users/slawekm/orgs","repos_url":"https://api.github.com/users/slawekm/repos","events_url":"https://api.github.com/users/slawekm/events{/privacy}","received_events_url":"https://api.github.com/users/slawekm/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":7,"created_at":"2018-03-26T11:55:15Z","updated_at":"2018-04-02T09:44:10Z","closed_at":"2018-04-02T09:44:10Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi, \r\n\r\nI'm getting ABI mismatch error when running against Varnish 6.0:\r\n\r\n```\r\nbash-4.2# /usr/sbin/varnish_reload_vcl\r\nLoading vcl from /etc/varnish/default.vcl\r\nCurrent running config name is boot\r\nUsing new config name reload_2018-03-26T114607\r\nMessage from VCC-compiler:\r\nIncompatible VMOD dynamic\r\n\tFile name: /usr/lib64/varnish/vmods/libvmod_dynamic.so\r\n\tABI mismatch, expected <Varnish 6.0.0 a068361dff0d25a0d85cf82a6e5fdaf315e06a7d>, got <Varnish 5.2.1 67e562482>\r\n('/etc/varnish/default.vcl' Line 60 Pos 8)\r\nimport dynamic;\r\n-------#######-\r\n\r\nRunning VCC-compiler failed, exited with 2\r\nVCL compilation failed\r\nCommand failed with error code 106\r\n```\r\n\r\n```\r\nbash-4.2# rpm -qi vmod-dynamic\r\nName        : vmod-dynamic\r\nVersion     : 0.3\r\nRelease     : 12.el7\r\nSource RPM  : vmod-dynamic-0.3-12.el7.src.rpm\r\nBuild Date  : Fri Nov 24 17:17:58 2017\r\nBuild Host  : 5f3d6e6b911d\r\n```\r\n\r\nWorks fine when I've compiled vmod from source.\r\n\r\nThanks.","closed_by":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/37/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/37/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/38","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/38/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/38/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/38/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/38","id":358483593,"node_id":"MDU6SXNzdWUzNTg0ODM1OTM=","number":38,"title":"502 when cache beresp.ttl is exhausted  ","user":{"login":"lloiacono","id":1889160,"node_id":"MDQ6VXNlcjE4ODkxNjA=","avatar_url":"https://avatars.githubusercontent.com/u/1889160?v=4","gravatar_id":"","url":"https://api.github.com/users/lloiacono","html_url":"https://github.com/lloiacono","followers_url":"https://api.github.com/users/lloiacono/followers","following_url":"https://api.github.com/users/lloiacono/following{/other_user}","gists_url":"https://api.github.com/users/lloiacono/gists{/gist_id}","starred_url":"https://api.github.com/users/lloiacono/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/lloiacono/subscriptions","organizations_url":"https://api.github.com/users/lloiacono/orgs","repos_url":"https://api.github.com/users/lloiacono/repos","events_url":"https://api.github.com/users/lloiacono/events{/privacy}","received_events_url":"https://api.github.com/users/lloiacono/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":6,"created_at":"2018-09-10T06:23:57Z","updated_at":"2018-10-11T06:48:08Z","closed_at":"2018-09-12T15:11:44Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I'm using dynamic directors with rancher and am getting a 502 error once the TTL of my cache object expires, if I try again then it works properly. I can request any URL and I would get a 200, then the page is cache for 5s (I set the TTL to 5s for testing), then after 5s I request the same URL again and I get the 502, then I request the same URL once again and it works. If I repeat the whole process I get the same results over and over.\r\n\r\nError:\r\n> HTTP/1.0 502 Bad Gateway\r\nCache-Control: no-cache\r\nContent-Type: text/html\r\nX-Via: varnish-test\r\n\r\n<html><body><h1>502 Bad Gateway</h1>\r\nThe server returned an invalid or incomplete response.\r\n</body></html>\r\n\r\nConfiguration: \r\n\r\nI have setup varnish with dynamic directors like this:\r\n\r\n```\r\nsub vcl_init {\r\n  new www_dir = dynamic.director(\r\n    port = 80,\r\n    ttl = 5m\r\n  );\r\n  www_dir.debug(true);\r\n}\r\n```\r\n\r\nAnd added the director as backend in `vcl_recv` like this:\r\n\r\n`set req.backend_hint = www_dir.backend(app);`\r\n\r\n`app` is the name of my backend service in rancher. If I dig to `app` I get something like:\r\n\r\n```\r\napp.                    1       IN      A       10.42.166.171\r\napp.                    1       IN      A       10.42.215.78\r\n```\r\n\r\nAlso in `vcl_backend_response` I've this:\r\n\r\n`set beresp.ttl = 5s;`\r\n\r\nI set the cache TTL to 5s to debug this easily.\r\n\r\nOn the varnish instance if I run this `varnishlog -g raw -q '* ~ vmod-dynamic'`, after the 502 error I see this in the logs:\r\n\r\n`Log abandoned (vsl)`\r\n`Log reacquired`\r\n\r\n\r\n\r\n","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/38/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/38/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/39","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/39/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/39/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/39/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/39","id":358557823,"node_id":"MDU6SXNzdWUzNTg1NTc4MjM=","number":39,"title":"Not able to build master","user":{"login":"lloiacono","id":1889160,"node_id":"MDQ6VXNlcjE4ODkxNjA=","avatar_url":"https://avatars.githubusercontent.com/u/1889160?v=4","gravatar_id":"","url":"https://api.github.com/users/lloiacono","html_url":"https://github.com/lloiacono","followers_url":"https://api.github.com/users/lloiacono/followers","following_url":"https://api.github.com/users/lloiacono/following{/other_user}","gists_url":"https://api.github.com/users/lloiacono/gists{/gist_id}","starred_url":"https://api.github.com/users/lloiacono/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/lloiacono/subscriptions","organizations_url":"https://api.github.com/users/lloiacono/orgs","repos_url":"https://api.github.com/users/lloiacono/repos","events_url":"https://api.github.com/users/lloiacono/events{/privacy}","received_events_url":"https://api.github.com/users/lloiacono/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2018-09-10T10:16:16Z","updated_at":"2018-09-10T10:24:48Z","closed_at":"2018-09-10T10:24:48Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I was previously using the v 0.4 tag and it was working fine. Now switched to master and I get the following error:\r\n\r\n```\r\nMaking install in src\r\nmake[1]: Entering directory '/varnish-modules/libvmod-dynamic-master/src'\r\nCC       vmod_dynamic.lo\r\nvmod_dynamic.c:105:33: error: array type has incomplete element type 'struct vdi_methods'\r\n static const struct vdi_methods vmod_dynamic_methods[1] = {{\r\n                                 ^~~~~~~~~~~~~~~~~~~~\r\nvmod_dynamic.c:106:2: error: field name not in record or union initializer\r\n  .magic = VDI_METHODS_MAGIC,\r\n  ^\r\nvmod_dynamic.c:106:2: note: (near initialization for 'vmod_dynamic_methods')\r\nvmod_dynamic.c:106:11: error: 'VDI_METHODS_MAGIC' undeclared here (not in a function)\r\n  .magic = VDI_METHODS_MAGIC,\r\n           ^~~~~~~~~~~~~~~~~\r\nvmod_dynamic.c:107:2: error: field name not in record or union initializer\r\n  .type =  \"dynamic\",\r\n  ^\r\nvmod_dynamic.c:107:2: note: (near initialization for 'vmod_dynamic_methods')\r\nvmod_dynamic.c:108:2: error: field name not in record or union initializer\r\n  .healthy = dynamic_healthy,\r\n  ^\r\nvmod_dynamic.c:108:2: note: (near initialization for 'vmod_dynamic_methods')\r\nvmod_dynamic.c:109:2: error: field name not in record or union initializer\r\n  .resolve = dynamic_resolve\r\n  ^\r\nvmod_dynamic.c:109:2: note: (near initialization for 'vmod_dynamic_methods')\r\nvmod_dynamic.c: In function 'dynamic_resolve':\r\nvmod_dynamic.c:151:5: error: too many arguments to function 'VRT_Healthy'\r\n    !VRT_Healthy(ctx, next->be->dir, NULL));\r\n     ^~~~~~~~~~~\r\nIn file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                 from vmod_dynamic.c:45:\r\n/usr/include/varnish/vrt.h:419:5: note: declared here\r\n int VRT_Healthy(VRT_CTX, VCL_BACKEND);\r\n     ^~~~~~~~~~~\r\nvmod_dynamic.c:156:7: error: too many arguments to function 'VRT_Healthy'\r\n      !VRT_Healthy(ctx, next->be->dir, NULL))\r\n       ^~~~~~~~~~~\r\nIn file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                 from vmod_dynamic.c:45:\r\n/usr/include/varnish/vrt.h:419:5: note: declared here\r\n int VRT_Healthy(VRT_CTX, VCL_BACKEND);\r\n     ^~~~~~~~~~~\r\nvmod_dynamic.c: In function 'dynamic_healthy':\r\nvmod_dynamic.c:184:12: error: too many arguments to function 'VRT_Healthy'\r\n   retval = VRT_Healthy(ctx, r->be->dir, &c);\r\n            ^~~~~~~~~~~\r\nIn file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                 from vmod_dynamic.c:45:\r\n/usr/include/varnish/vrt.h:419:5: note: declared here\r\n int VRT_Healthy(VRT_CTX, VCL_BACKEND);\r\n     ^~~~~~~~~~~\r\nvmod_dynamic.c: In function 'dynamic_del':\r\nvmod_dynamic.c:248:27: error: passing argument 2 of 'VRT_delete_backend' from incompatible pointer type [-Werror=incompatible-pointer-types]\r\n   VRT_delete_backend(ctx, &b->dir);\r\n                           ^\r\nIn file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                 from vmod_dynamic.c:45:\r\n/usr/include/varnish/vrt.h:411:6: note: expected 'struct director **' but argument is of type 'const struct director **'\r\n void VRT_delete_backend(VRT_CTX, struct director **);\r\n      ^~~~~~~~~~~~~~~~~~\r\nvmod_dynamic.c: In function 'dynamic_get':\r\nvmod_dynamic.c:708:13: error: implicit declaration of function 'VRT_AddDirector' [-Werror=implicit-function-declaration]\r\n  dom->dir = VRT_AddDirector(ctx, vmod_dynamic_methods, dom,\r\n             ^~~~~~~~~~~~~~~\r\nAt top level:\r\nvmod_dynamic.c:105:33: error: 'vmod_dynamic_methods' defined but not used [-Werror=unused-variable]\r\n static const struct vdi_methods vmod_dynamic_methods[1] = {{\r\n                                 ^~~~~~~~~~~~~~~~~~~~\r\n```\r\n\r\nMy Dockerfile is \r\n\r\n```\r\nFROM alpine:3.8\r\n\r\nRUN apk update \\\r\n    && apk add --no-cache varnish=6.0.0-r1 \\\r\n    && apk add git curl \\\r\n    && git clone https://github.com/varnish/varnish-modules.git \\\r\n    && apk add automake && apk add varnish-dev \\\r\n    && apk add autoconf && apk add libtool \\\r\n    && apk add py-docutils && apk add make \\\r\n    && cd varnish-modules/ \\\r\n    && ./bootstrap && ./configure && make && make install\r\n\r\n#\r\n# install libvmod-dynamic\r\n#\r\nENV LIBVMOD_DYNAMIC_VERSION=master\r\n\r\nRUN curl -sfL https://github.com/nigoroll/libvmod-dynamic/archive/${LIBVMOD_DYNAMIC_VERSION}.tar.gz \\\r\n        -o libvmod-dynamic-${LIBVMOD_DYNAMIC_VERSION}.tar.gz  && \\\r\n    tar -xzf libvmod-dynamic-${LIBVMOD_DYNAMIC_VERSION}.tar.gz && \\\r\n    cd libvmod-dynamic-${LIBVMOD_DYNAMIC_VERSION} && \\\r\n    ./autogen.sh && \\\r\n    ./configure && \\\r\n    make install && \\\r\n    cd .. &&  rm -rf libvmod-dynamic-${LIBVMOD_DYNAMIC_VERSION}.tar.gz \r\n\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/39/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/39/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/40","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/40/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/40/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/40/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/40","id":367386874,"node_id":"MDU6SXNzdWUzNjczODY4NzQ=","number":40,"title":"Unable to compile on Debian Stretch","user":{"login":"AdrienBigot","id":12624309,"node_id":"MDQ6VXNlcjEyNjI0MzA5","avatar_url":"https://avatars.githubusercontent.com/u/12624309?v=4","gravatar_id":"","url":"https://api.github.com/users/AdrienBigot","html_url":"https://github.com/AdrienBigot","followers_url":"https://api.github.com/users/AdrienBigot/followers","following_url":"https://api.github.com/users/AdrienBigot/following{/other_user}","gists_url":"https://api.github.com/users/AdrienBigot/gists{/gist_id}","starred_url":"https://api.github.com/users/AdrienBigot/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/AdrienBigot/subscriptions","organizations_url":"https://api.github.com/users/AdrienBigot/orgs","repos_url":"https://api.github.com/users/AdrienBigot/repos","events_url":"https://api.github.com/users/AdrienBigot/events{/privacy}","received_events_url":"https://api.github.com/users/AdrienBigot/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804423,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjM=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/duplicate","name":"duplicate","color":"cccccc","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":1,"created_at":"2018-10-05T22:23:36Z","updated_at":"2018-10-10T05:21:28Z","closed_at":"2018-10-10T05:21:21Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hello,\r\n\r\nWhen trying to build in Debian Strech I encounter these errors :\r\n\r\nmake  all-recursive\r\nmake[1]: Entering directory '/tmp/libvmod-dynamic'\r\nMaking all in src\r\nmake[2]: Entering directory '/tmp/libvmod-dynamic/src'\r\n  CC       vmod_dynamic.lo\r\nvmod_dynamic.c:105:33: error: array type has incomplete element type ‘struct vdi_methods’\r\n static const struct vdi_methods vmod_dynamic_methods[1] = {{\r\n                                 ^~~~~~~~~~~~~~~~~~~~\r\nvmod_dynamic.c:106:2: error: field name not in record or union initializer\r\n  .magic = VDI_METHODS_MAGIC,\r\n  ^\r\nvmod_dynamic.c:106:2: note: (near initialization for ‘vmod_dynamic_methods’)\r\nvmod_dynamic.c:106:11: error: ‘VDI_METHODS_MAGIC’ undeclared here (not in a function)\r\n  .magic = VDI_METHODS_MAGIC,\r\n           ^~~~~~~~~~~~~~~~~\r\nvmod_dynamic.c:107:2: error: field name not in record or union initializer\r\n  .type =  \"dynamic\",\r\n  ^\r\nvmod_dynamic.c:107:2: note: (near initialization for ‘vmod_dynamic_methods’)\r\nvmod_dynamic.c:108:2: error: field name not in record or union initializer\r\n  .healthy = dynamic_healthy,\r\n  ^\r\nvmod_dynamic.c:108:2: note: (near initialization for ‘vmod_dynamic_methods’)\r\nvmod_dynamic.c:109:2: error: field name not in record or union initializer\r\n  .resolve = dynamic_resolve\r\n  ^\r\nvmod_dynamic.c:109:2: note: (near initialization for ‘vmod_dynamic_methods’)\r\nvmod_dynamic.c: In function ‘dynamic_resolve’:\r\nvmod_dynamic.c:151:5: error: too many arguments to function ‘VRT_Healthy’\r\n    !VRT_Healthy(ctx, next->be->dir, NULL));\r\n     ^~~~~~~~~~~\r\nIn file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                 from vmod_dynamic.c:45:\r\n/usr/include/varnish/vrt.h:420:5: note: declared here\r\n int VRT_Healthy(VRT_CTX, VCL_BACKEND);\r\n     ^~~~~~~~~~~\r\nvmod_dynamic.c:156:7: error: too many arguments to function ‘VRT_Healthy’\r\n      !VRT_Healthy(ctx, next->be->dir, NULL))\r\n       ^~~~~~~~~~~\r\nIn file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                 from vmod_dynamic.c:45:\r\n/usr/include/varnish/vrt.h:420:5: note: declared here\r\n int VRT_Healthy(VRT_CTX, VCL_BACKEND);\r\n     ^~~~~~~~~~~\r\nvmod_dynamic.c: In function ‘dynamic_healthy’:\r\nvmod_dynamic.c:184:12: error: too many arguments to function ‘VRT_Healthy’\r\n   retval = VRT_Healthy(ctx, r->be->dir, &c);\r\n            ^~~~~~~~~~~\r\nIn file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                 from vmod_dynamic.c:45:\r\n/usr/include/varnish/vrt.h:420:5: note: declared here\r\n int VRT_Healthy(VRT_CTX, VCL_BACKEND);\r\n     ^~~~~~~~~~~\r\nvmod_dynamic.c: In function ‘dynamic_del’:\r\nvmod_dynamic.c:248:27: error: passing argument 2 of ‘VRT_delete_backend’ from incompatible pointer type [-Werror=incompatible-pointer-types]\r\n   VRT_delete_backend(ctx, &b->dir);\r\n                           ^\r\nIn file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                 from vmod_dynamic.c:45:\r\n/usr/include/varnish/vrt.h:412:6: note: expected ‘struct director **’ but argument is of type ‘const struct director **’\r\n void VRT_delete_backend(VRT_CTX, struct director **);\r\n      ^~~~~~~~~~~~~~~~~~\r\nvmod_dynamic.c: In function ‘dynamic_free’:\r\nvmod_dynamic.c:546:2: error: implicit declaration of function ‘VRT_DelDirector’ [-Werror=implicit-function-declaration]\r\n  VRT_DelDirector(&dom->dir);\r\n  ^~~~~~~~~~~~~~~\r\nvmod_dynamic.c: In function ‘dynamic_get’:\r\nvmod_dynamic.c:710:13: error: implicit declaration of function ‘VRT_AddDirector’ [-Werror=implicit-function-declaration]\r\n  dom->dir = VRT_AddDirector(ctx, vmod_dynamic_methods, dom,\r\n             ^~~~~~~~~~~~~~~\r\nAt top level:\r\nvmod_dynamic.c:105:33: error: ‘vmod_dynamic_methods’ defined but not used [-Werror=unused-variable]\r\n static const struct vdi_methods vmod_dynamic_methods[1] = {{\r\n                                 ^~~~~~~~~~~~~~~~~~~~\r\ncc1: all warnings being treated as errors\r\nMakefile:659: recipe for target 'vmod_dynamic.lo' failed\r\nmake[2]: *** [vmod_dynamic.lo] Error 1\r\nmake[2]: Leaving directory '/tmp/libvmod-dynamic/src'\r\nMakefile:492: recipe for target 'all-recursive' failed\r\nmake[1]: *** [all-recursive] Error 1\r\nmake[1]: Leaving directory '/tmp/libvmod-dynamic'\r\nMakefile:403: recipe for target 'all' failed\r\nmake: *** [all] Error 2\r\n\r\nThanks in advance.\r\n\r\nAdrien","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/40/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/40/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/41","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/41/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/41/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/41/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/41","id":368464148,"node_id":"MDU6SXNzdWUzNjg0NjQxNDg=","number":41,"title":"Can't install on Centos7 Varnish 6.0.1","user":{"login":"chuyenim","id":12079343,"node_id":"MDQ6VXNlcjEyMDc5MzQz","avatar_url":"https://avatars.githubusercontent.com/u/12079343?v=4","gravatar_id":"","url":"https://api.github.com/users/chuyenim","html_url":"https://github.com/chuyenim","followers_url":"https://api.github.com/users/chuyenim/followers","following_url":"https://api.github.com/users/chuyenim/following{/other_user}","gists_url":"https://api.github.com/users/chuyenim/gists{/gist_id}","starred_url":"https://api.github.com/users/chuyenim/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/chuyenim/subscriptions","organizations_url":"https://api.github.com/users/chuyenim/orgs","repos_url":"https://api.github.com/users/chuyenim/repos","events_url":"https://api.github.com/users/chuyenim/events{/privacy}","received_events_url":"https://api.github.com/users/chuyenim/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804423,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjM=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/duplicate","name":"duplicate","color":"cccccc","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":2,"created_at":"2018-10-10T02:00:20Z","updated_at":"2018-10-10T05:20:35Z","closed_at":"2018-10-10T05:19:20Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hello,\r\nI want to use this vmod on my system but when I install I got tons of errors messages:\r\nMy steps:\r\n-- Download libvmod-dynamic into directory ``/var/lib/varnish/vmods/``\r\n-- Unzip file\r\n-- ``./autogent.sh``  --> OK\r\n-- ``./configure``  --> OK\r\n-- ``make`` --> Errrors:\r\n\r\n    [root@vultr libvmod-dynamic-master]# make\r\n    make  all-recursive\r\n    make[1]: Entering directory `/var/lib/varnish/vmods/libvmod-dynamic-master'\r\n    Making all in src\r\n    make[2]: Entering directory `/var/lib/varnish/vmods/libvmod-dynamic-master/src'\r\n      CC       vmod_dynamic.lo\r\n    vmod_dynamic.c:105:33: error: array type has incomplete element type\r\n     static const struct vdi_methods vmod_dynamic_methods[1] = {{\r\n                                     ^\r\n    vmod_dynamic.c:106:2: error: field name not in record or union initializer\r\n      .magic = VDI_METHODS_MAGIC,\r\n      ^\r\n    vmod_dynamic.c:106:2: error: (near initialization for ‘vmod_dynamic_methods’)\r\n    vmod_dynamic.c:106:11: error: ‘VDI_METHODS_MAGIC’ undeclared here (not in a function)\r\n      .magic = VDI_METHODS_MAGIC,\r\n               ^\r\n    vmod_dynamic.c:107:2: error: field name not in record or union initializer\r\n      .type =  \"dynamic\",\r\n      ^\r\n    vmod_dynamic.c:107:2: error: (near initialization for ‘vmod_dynamic_methods’)\r\n    vmod_dynamic.c:108:2: error: field name not in record or union initializer\r\n      .healthy = dynamic_healthy,\r\n      ^\r\n    vmod_dynamic.c:108:2: error: (near initialization for ‘vmod_dynamic_methods’)\r\n    vmod_dynamic.c:109:2: error: field name not in record or union initializer\r\n      .resolve = dynamic_resolve\r\n      ^\r\n    vmod_dynamic.c:109:2: error: (near initialization for ‘vmod_dynamic_methods’)\r\n    vmod_dynamic.c: In function ‘dynamic_resolve’:\r\n    vmod_dynamic.c:151:4: error: too many arguments to function ‘VRT_Healthy’\r\n        !VRT_Healthy(ctx, next->be->dir, NULL));\r\n        ^\r\n    In file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                     from vmod_dynamic.c:45:\r\n    /usr/include/varnish/vrt.h:420:5: note: declared here\r\n     int VRT_Healthy(VRT_CTX, VCL_BACKEND);\r\n         ^\r\n    vmod_dynamic.c:156:6: error: too many arguments to function ‘VRT_Healthy’\r\n          !VRT_Healthy(ctx, next->be->dir, NULL))\r\n          ^\r\n    In file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                     from vmod_dynamic.c:45:\r\n    /usr/include/varnish/vrt.h:420:5: note: declared here\r\n     int VRT_Healthy(VRT_CTX, VCL_BACKEND);\r\n         ^\r\n    vmod_dynamic.c: In function ‘dynamic_healthy’:\r\n    vmod_dynamic.c:184:3: error: too many arguments to function ‘VRT_Healthy’\r\n       retval = VRT_Healthy(ctx, r->be->dir, &c);\r\n       ^\r\n    In file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                     from vmod_dynamic.c:45:\r\n    /usr/include/varnish/vrt.h:420:5: note: declared here\r\n     int VRT_Healthy(VRT_CTX, VCL_BACKEND);\r\n         ^\r\n    vmod_dynamic.c: In function ‘dynamic_del’:\r\n    vmod_dynamic.c:248:3: error: passing argument 2 of ‘VRT_delete_backend’ from incompatible pointer type [-Werror]\r\n       VRT_delete_backend(ctx, &b->dir);\r\n       ^\r\n    In file included from /usr/include/varnish/cache/cache.h:45:0,\r\n                     from vmod_dynamic.c:45:\r\n    /usr/include/varnish/vrt.h:412:6: note: expected ‘struct director **’ but argument is of type ‘const struct director **’\r\n     void VRT_delete_backend(VRT_CTX, struct director **);\r\n          ^\r\n    vmod_dynamic.c: In function ‘dynamic_free’:\r\n    vmod_dynamic.c:546:2: error: implicit declaration of function ‘VRT_DelDirector’ [-Werror=implicit-function-declaration]\r\n      VRT_DelDirector(&dom->dir);\r\n      ^\r\n    vmod_dynamic.c: In function ‘dynamic_get’:\r\n    vmod_dynamic.c:710:2: error: implicit declaration of function ‘VRT_AddDirector’ [-Werror=implicit-function-declaration]\r\n      dom->dir = VRT_AddDirector(ctx, vmod_dynamic_methods, dom,\r\n      ^\r\n    vmod_dynamic.c: At top level:\r\n    vmod_dynamic.c:105:33: error: ‘vmod_dynamic_methods’ defined but not used [-Werror=unused-variable]\r\n     static const struct vdi_methods vmod_dynamic_methods[1] = {{\r\n                                     ^\r\n    cc1: all warnings being treated as errors\r\n    make[2]: *** [vmod_dynamic.lo] Error 1\r\n    make[2]: Leaving directory `/var/lib/varnish/vmods/libvmod-dynamic-master/src'\r\n    make[1]: *** [all-recursive] Error 1\r\n    make[1]: Leaving directory `/var/lib/varnish/vmods/libvmod-dynamic-master'\r\n    make: *** [all] Error 2\r\n\r\nSoftware: Varnish 6.0.1\r\nEnvironment: Centos 7\r\n\r\nPlease give me the helps or some suggestions. Thank you","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/41/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/41/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/42","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/42/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/42/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/42/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/42","id":388773285,"node_id":"MDU6SXNzdWUzODg3NzMyODU=","number":42,"title":"Feature request: SRV support for port finding","user":{"login":"danielmotaleite","id":11890049,"node_id":"MDQ6VXNlcjExODkwMDQ5","avatar_url":"https://avatars.githubusercontent.com/u/11890049?v=4","gravatar_id":"","url":"https://api.github.com/users/danielmotaleite","html_url":"https://github.com/danielmotaleite","followers_url":"https://api.github.com/users/danielmotaleite/followers","following_url":"https://api.github.com/users/danielmotaleite/following{/other_user}","gists_url":"https://api.github.com/users/danielmotaleite/gists{/gist_id}","starred_url":"https://api.github.com/users/danielmotaleite/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/danielmotaleite/subscriptions","organizations_url":"https://api.github.com/users/danielmotaleite/orgs","repos_url":"https://api.github.com/users/danielmotaleite/repos","events_url":"https://api.github.com/users/danielmotaleite/events{/privacy}","received_events_url":"https://api.github.com/users/danielmotaleite/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":5,"created_at":"2018-12-07T18:54:05Z","updated_at":"2019-07-13T16:39:47Z","closed_at":"2019-07-13T16:39:47Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Right now we can find the backend via DNS, but the port is required to be the same for all the backends.\r\n\r\nWith docker, we start to get more and more backends with dynamic ports and to keep using static ports we need some \"load-balancers\". It would be great if we could remove those and allow varnish to find the backends AND ports using DNS SRV entries. \r\nSRV DNS entries give us not only the host/IP for the service, but also the correct port for it.\r\nConsul service discovery do this automatically and gives great flexibility to deploy and manage services\r\n\r\nExample:\r\n$ host -t SRV consul.service.consul.internal.\r\nconsul.service.consul.internal has SRV record 1 2 8300 consul-a01.node.interxion-fra6.consul.internal.\r\nconsul.service.consul.internal has SRV record 1 3 8301 consul-b01.node.interxion-fra6.consul.internal.\r\nconsul.service.consul.internal has SRV record 2 1 8302 consul-a02.node.interxion-fra6.consul.internal.\r\n\r\n\r\nA varnish backend \"consul\" would setup 3 backends for each DNS:PORT\r\n\r\nBonus:\r\nSRV could also later use the priority (1, 1, 2 above)  and then weight value (2,3 for priority 1 group, 1 for priority 2 group) to balance the load between nodes \r\n\r\nyes, i know that SRV is not as simple as simple A/CNAME DNS, but they are way more flexible and in a long run they can help a lot","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/42/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/42/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/43","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/43/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/43/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/43/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/43","id":388822767,"node_id":"MDU6SXNzdWUzODg4MjI3Njc=","number":43,"title":"Usage clarification","user":{"login":"absolutejam","id":6817942,"node_id":"MDQ6VXNlcjY4MTc5NDI=","avatar_url":"https://avatars.githubusercontent.com/u/6817942?v=4","gravatar_id":"","url":"https://api.github.com/users/absolutejam","html_url":"https://github.com/absolutejam","followers_url":"https://api.github.com/users/absolutejam/followers","following_url":"https://api.github.com/users/absolutejam/following{/other_user}","gists_url":"https://api.github.com/users/absolutejam/gists{/gist_id}","starred_url":"https://api.github.com/users/absolutejam/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/absolutejam/subscriptions","organizations_url":"https://api.github.com/users/absolutejam/orgs","repos_url":"https://api.github.com/users/absolutejam/repos","events_url":"https://api.github.com/users/absolutejam/events{/privacy}","received_events_url":"https://api.github.com/users/absolutejam/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804427,"node_id":"MDU6TGFiZWw0NDM4MDQ0Mjc=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/question","name":"question","color":"cc317c","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":7,"created_at":"2018-12-07T21:36:53Z","updated_at":"2018-12-10T13:54:13Z","closed_at":"2018-12-10T13:07:49Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hey!\r\n\r\nFirst of all, I want to apologise for posting this as I think it may be a bit outside the realm of what you expect in an issue, but I was hoping you could help clarify usage of the this director. Secondly, thanks for providing this, as all of my searches for similar functionality have been dead ends (Varnish 3, varnish-plus). I'm pretty new to Varnish as a whole, and looking to use it in a dynamic Kubernetes environment.\r\n\r\nBasically, I'm just trying to understand at what I need to facilitate the usage of this director and the limitations. As an overview, my current setup that I'm toying with is a layer of Varnish servers using the shard director to load-balance caching, and a backend 'content' layer (Nginx) for the actual content to be cached.\r\n\r\nFrom my understanding of the man page..\r\n  - I set up the director in `sub vcl_init`\r\n  - Then in `sub vcl_recv` I basically add any kind of routing logic (eg. based on `req.http.host`) *nothing out of the ordinary so far*\r\n  - And then ultimately define `set req.backend_hint = content.backend(\"mybackend\");` which declares my (dns)resolved backend.\r\n\r\nDoes this mean that I cannot now leverage a load-balanced director (as the dynamic director must resolve a hostname), and in turn must use another load-balancing service for my content nodes (ideally. with a hostname that can be resolved by this director). This obviously contrasts from the current setup of my director declaring all 4 or so backends and load-balancing, vs. the dynamic director only being able to target a single, unless there's something like DNS RR in place, which would mean another service for my setup.\r\n\r\nThanks for your time!","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/43/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/43/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/44","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/44/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/44/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/44/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/44","id":395324483,"node_id":"MDU6SXNzdWUzOTUzMjQ0ODM=","number":44,"title":"Tests failing on Varnish 6.0.2","user":{"login":"philipseidel","id":2425213,"node_id":"MDQ6VXNlcjI0MjUyMTM=","avatar_url":"https://avatars.githubusercontent.com/u/2425213?v=4","gravatar_id":"","url":"https://api.github.com/users/philipseidel","html_url":"https://github.com/philipseidel","followers_url":"https://api.github.com/users/philipseidel/followers","following_url":"https://api.github.com/users/philipseidel/following{/other_user}","gists_url":"https://api.github.com/users/philipseidel/gists{/gist_id}","starred_url":"https://api.github.com/users/philipseidel/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/philipseidel/subscriptions","organizations_url":"https://api.github.com/users/philipseidel/orgs","repos_url":"https://api.github.com/users/philipseidel/repos","events_url":"https://api.github.com/users/philipseidel/events{/privacy}","received_events_url":"https://api.github.com/users/philipseidel/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":4,"created_at":"2019-01-02T17:44:19Z","updated_at":"2019-01-03T15:26:27Z","closed_at":"2019-01-03T15:26:27Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"I am trying to build the latest `libvmod-dynamic` module based on varnish 6.0.2 and tests 03 and 13 are failing.  I am building from c48be899f1f9078b67daf406ba3188fa4ca1a5bd on the 6.0 branch.\r\n```\r\n# varnishd -V\r\nvarnishd (varnish-6.0.2 revision 0458b54db26cfbea79af45ca5c4767c7c2925a91)\r\nCopyright (c) 2006 Verdens Gang AS\r\nCopyright (c) 2006-2018 Varnish Software AS\r\n```\r\n[test-suite.log](https://github.com/nigoroll/libvmod-dynamic/files/2721431/test-suite.log)\r\n","closed_by":{"login":"slimhazard","id":6084911,"node_id":"MDQ6VXNlcjYwODQ5MTE=","avatar_url":"https://avatars.githubusercontent.com/u/6084911?v=4","gravatar_id":"","url":"https://api.github.com/users/slimhazard","html_url":"https://github.com/slimhazard","followers_url":"https://api.github.com/users/slimhazard/followers","following_url":"https://api.github.com/users/slimhazard/following{/other_user}","gists_url":"https://api.github.com/users/slimhazard/gists{/gist_id}","starred_url":"https://api.github.com/users/slimhazard/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/slimhazard/subscriptions","organizations_url":"https://api.github.com/users/slimhazard/orgs","repos_url":"https://api.github.com/users/slimhazard/repos","events_url":"https://api.github.com/users/slimhazard/events{/privacy}","received_events_url":"https://api.github.com/users/slimhazard/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/44/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/44/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/45","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/45/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/45/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/45/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/45","id":395938107,"node_id":"MDU6SXNzdWUzOTU5MzgxMDc=","number":45,"title":"Worker crashing when calling std.healthy on dynamic director","user":{"login":"b3k","id":903674,"node_id":"MDQ6VXNlcjkwMzY3NA==","avatar_url":"https://avatars.githubusercontent.com/u/903674?v=4","gravatar_id":"","url":"https://api.github.com/users/b3k","html_url":"https://github.com/b3k","followers_url":"https://api.github.com/users/b3k/followers","following_url":"https://api.github.com/users/b3k/following{/other_user}","gists_url":"https://api.github.com/users/b3k/gists{/gist_id}","starred_url":"https://api.github.com/users/b3k/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/b3k/subscriptions","organizations_url":"https://api.github.com/users/b3k/orgs","repos_url":"https://api.github.com/users/b3k/repos","events_url":"https://api.github.com/users/b3k/events{/privacy}","received_events_url":"https://api.github.com/users/b3k/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[],"state":"closed","locked":false,"assignee":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"assignees":[{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false}],"milestone":null,"comments":2,"created_at":"2019-01-04T14:09:35Z","updated_at":"2019-03-22T10:23:43Z","closed_at":"2019-03-22T10:23:43Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Hi,\r\n\r\nWe have problems with crashing worker, it works fine until cache is fresh, when it's stale then crash occures, looks like the problem is in vcl_hit():\r\n\r\n```vcl\r\nsub vcl_hit {\r\n if (obj.ttl >= 0s) {\r\n    # If object is fresh everything works\r\n    return (deliver);\r\n  }\r\n  # if object is not fresh it crash here:\r\n  if (std.healthy(req.backend_hint)) {\r\n    if (obj.ttl + 10s > 0s) {\r\n      return (deliver);\r\n    } else {\r\n      return(miss);\r\n    }\r\n  } else {\r\n      if (obj.ttl + obj.grace > 0s) {\r\n      return (deliver);\r\n    } else {\r\n      return (miss);\r\n    }\r\n  }\r\n}\r\n```\r\n\r\npanic.show dump:\r\n```\r\nPanic at: Fri, 04 Jan 2019 13:55:23 GMT                                                                                                                                                                                [301/1873]\r\nWrong turn at cache/cache_director.c:284:                                                      \r\nWrong admin health                                                \r\nversion = varnish-6.0.2 revision 0458b54db26cfbea79af45ca5c4767c7c2925a91, vrt api = 7.0\r\nident = Linux,4.14.56+,x86_64,-junix,-smalloc,-sdefault,-hcritbit,epoll                     \r\nnow = 6044301.424466 (mono), 1546610123.991261 (real)                                                                                                             \r\nBacktrace:                                                        \r\n  0x5555b6827e77: /usr/sbin/varnishd(+0x4be77) [0x5555b6827e77]                                         \r\n  0x5555b688f9d0: /usr/sbin/varnishd(VAS_Fail+0x40) [0x5555b688f9d0]                        \r\n  0x5555b680d790: /usr/sbin/varnishd(VRT_Healthy+0) [0x5555b680d790]                           \r\n  0x5555b680d7c4: /usr/sbin/varnishd(VRT_Healthy+0x34) [0x5555b680d7c4]    \r\n  0x7f1e2fc4dc47: vcl_new.1546610095.661100/vgc.so(VGC_function_vcl_hit+0x87) [0x7f1e2fc4dc47]\r\n  0x5555b683a505: /usr/sbin/varnishd(+0x5e505) [0x5555b683a505]                             \r\n  0x5555b683c4cd: /usr/sbin/varnishd(VCL_hit_method+0x5d) [0x5555b683c4cd]                     \r\n  0x5555b682be4e: /usr/sbin/varnishd(+0x4fe4e) [0x5555b682be4e]                             \r\n  0x5555b682d119: /usr/sbin/varnishd(CNT_Request+0xde9) [0x5555b682d119]    \r\n  0x5555b68526fa: /usr/sbin/varnishd(+0x766fa) [0x5555b68526fa]                                   \r\nthread = (cache-worker)                                                                                                                                                                                                          \r\nthr.req = 0x7f1e2f23e020 {                                                                                                                                                                                                       \r\n  vxid = 27, transport = HTTP/1 {                                                                                                                                                                                                \r\n    state = HTTP1::Proc                                                                                                                                                                                                          \r\n  }                                                                                                                                                                                                                              \r\n  step = R_STP_LOOKUP,                                                                                                                                                                                                           \r\n  req_body = R_BODY_NONE,\r\n  restarts = 0, esi_level = 0,\r\n  sp = 0x7f1e2f097420 {\r\n    fd = 21, vxid = 26,\r\n    t_open = 1546610123.988345,\r\n    t_idle = 1546610123.988345,\r\n    ws = 0x7f1e2f097460 {\r\n      id = \\\"ses\\\",\r\n      {s, f, r, e} = {0x7f1e2f097498, +96, (nil), +352},\r\n    },\r\n    transport = HTTP/1 {\r\n      state = HTTP1::Proc\r\n    }\r\n    client = 10.114.108.15 19332 0.0.0.0:80,\r\n  },\r\n  worker = 0x7f1e33978de0 {\r\n    ws = 0x7f1e33978e88 {\r\n      id = \\\"wrk\\\",\r\n      {s, f, r, e} = {0x7f1e339783e0, +0, (nil), +2040},\r\n    },                                                                                                                                                                                                                 [259/1873]\r\n    VCL::method = inside HIT,\r\n    VCL::return = 0x0,\r\n    VCL::methods = {RECV, HASH, HIT},\r\n  },\r\n  ws = 0x7f1e2f23e170 {\r\n    id = \\\"req\\\",\r\n    {s, f, r, e} = {0x7f1e2f2400a8, +53552, (nil), +57168},\r\n  },\r\n  http_conn = 0x7f1e2f240048 {\r\n    fd = 21 (@0x7f1e2f097444),\r\n    doclose = NULL,\r\n    ws = 0x7f1e2f23e170 {\r\n      [Already dumped, see above]\r\n    },\r\n    {rxbuf_b, rxbuf_e} = {0x7f1e2f2400a8, 0x7f1e2f2414fb},\r\n    {pipeline_b, pipeline_e} = {(nil), (nil)},\r\n    content_length = -1,\r\n    body_status = none,\r\n    first_byte_timeout = 0.000000,\r\n    between_bytes_timeout = 0.000000,\r\n  },\r\n...\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/45/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/45/timeline","performed_via_github_app":null,"state_reason":"completed"},{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/46","repository_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic","labels_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/46/labels{/name}","comments_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/46/comments","events_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/46/events","html_url":"https://github.com/nigoroll/libvmod-dynamic/issues/46","id":423910933,"node_id":"MDU6SXNzdWU0MjM5MTA5MzM=","number":46,"title":"Sometimes vmod_dynamic stops refreshing DNS","user":{"login":"garadox","id":466469,"node_id":"MDQ6VXNlcjQ2NjQ2OQ==","avatar_url":"https://avatars.githubusercontent.com/u/466469?v=4","gravatar_id":"","url":"https://api.github.com/users/garadox","html_url":"https://github.com/garadox","followers_url":"https://api.github.com/users/garadox/followers","following_url":"https://api.github.com/users/garadox/following{/other_user}","gists_url":"https://api.github.com/users/garadox/gists{/gist_id}","starred_url":"https://api.github.com/users/garadox/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/garadox/subscriptions","organizations_url":"https://api.github.com/users/garadox/orgs","repos_url":"https://api.github.com/users/garadox/repos","events_url":"https://api.github.com/users/garadox/events{/privacy}","received_events_url":"https://api.github.com/users/garadox/received_events","type":"User","user_view_type":"public","site_admin":false},"labels":[{"id":443804426,"node_id":"MDU6TGFiZWw0NDM4MDQ0MjY=","url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/labels/invalid","name":"invalid","color":"e6e6e6","default":true,"description":null}],"state":"closed","locked":false,"assignee":null,"assignees":[],"milestone":null,"comments":10,"created_at":"2019-03-21T19:46:46Z","updated_at":"2019-03-29T15:19:53Z","closed_at":"2019-03-29T15:19:07Z","author_association":"NONE","active_lock_reason":null,"sub_issues_summary":{"total":0,"completed":0,"percent_completed":0},"issue_dependencies_summary":{"blocked_by":0,"total_blocked_by":0,"blocking":0,"total_blocking":0},"body":"Even using `varnishlog -g raw -q '* ~ vmod-dynamic'` to watch logs of the DNS refresh occurring, I haven't managed to isolate a repeatable scenario where DNS stops being refreshed.\r\n\r\nWe have docker containers running centos 7 and varnish 4.1.8, and over time some of those containers will stop outputting logs for vmod-dynamic and the backend list will become stale. Eventually if undetected, the backend list has no healthy entries and varnish starts returning 503's.\r\n\r\nWe have found that killing the varnish child process or using varnishadm to reload the existing vcl is enough to fix the dns lookup and everything is good again.\r\n\r\nOne thing I will call out is that our DNS ttl is set to 10 seconds, as we're running in kubernetes and pods can go away pretty quickly.\r\n\r\nExample VCL:\r\n\r\n```\r\nvcl 4.0;\r\n\r\n    import std;\r\n    import directors;\r\n    import saintmode;\r\n    import dynamic;\r\n    import xkey;\r\n    import statsd;\r\n    import timers;\r\n    import vsthrottle;\r\n    import header;\r\n\r\n    # Default backend definition.\r\n    backend default {\r\n     .host = \"0.0.0.0\";\r\n     .port = \"80\";\r\n    }\r\n\r\n    probe default_probe {\r\n      .url = \"/test\";\r\n      .interval = 4s;\r\n      .timeout = 1s;\r\n      .window = 3;\r\n      .threshold = 2;\r\n      .initial = 2;\r\n    }\r\n\r\n    sub vcl_init {\r\n      new default_dir = dynamic.director(\r\n        port = \"5050\",\r\n        probe = default_probe,\r\n        ttl = 10s);\r\n\r\n      statsd.server( \"127.0.0.1\", \"8126\" );\r\n    }\r\n\r\n    \r\n    sub vcl_recv {\r\n      if ( req.method == \"GET\" || req.method == \"HEAD\" ) {\r\n        return(hash);\r\n      }\r\n    }\r\n\r\n    sub vcl_deliver {\r\n      if (obj.hits > 0) {\r\n        set resp.http.X-CACHE = \"hit\";\r\n      } else {\r\n        set resp.http.X-CACHE = \"miss\";\r\n      }\r\n      return (deliver);\r\n    }\r\n\r\n    sub vcl_backend_response {\r\n         set beresp.ttl = 2s;\r\n         set beresp.grace = 20s;\r\n         set beresp.keep = 2s;\r\n         if ( beresp.status == 200 || beresp.status == 400 || beresp.status == 404 ) {\r\n          # if s-maxage is not set then set some defaults\r\n          set beresp.ttl = 120s;\r\n          set beresp.grace = 2m;\r\n          set beresp.keep = 0s;\r\n         }\r\n       }\r\n       if (beresp.http.content-type ~ \"(text|json|xml|javascript)\" ) {\r\n           set beresp.do_gzip = true;\r\n       }\r\n    }\r\n\r\n    sub vcl_backend_fetch {\r\n      set bereq.backend = default_dir.backend(\"example-service\");\r\n\r\n      return (fetch);\r\n    }\r\n\r\n    sub vcl_backend_error {\r\n       set beresp.http.Content-Type = \"text/html; charset=utf-8\";\r\n       set beresp.http.Retry-After = \"5\";\r\n       synthetic( {\"<!DOCTYPE html>\r\n    <html>\r\n     <head>\r\n       <title>\"} + beresp.status + \" \" + beresp.reason + {\"</title>\r\n     </head>\r\n     <body>\r\n       <h1>Error \"} + beresp.status + \" \" + beresp.reason + {\"</h1>\r\n       <p>\"} + beresp.reason + {\"</p>\r\n       <h3>Redsky TX:</h3>\r\n       <p>X-REQUEST-ID: \"} + bereq.http.X-REQUEST-ID + {\"</p>\r\n       <hr>\r\n       <p>Redsky</p>\r\n     </body>\r\n    </html>\r\n    \"} );\r\n       return (deliver);\r\n    }\r\n\r\n```","closed_by":{"login":"nigoroll","id":1528104,"node_id":"MDQ6VXNlcjE1MjgxMDQ=","avatar_url":"https://avatars.githubusercontent.com/u/1528104?v=4","gravatar_id":"","url":"https://api.github.com/users/nigoroll","html_url":"https://github.com/nigoroll","followers_url":"https://api.github.com/users/nigoroll/followers","following_url":"https://api.github.com/users/nigoroll/following{/other_user}","gists_url":"https://api.github.com/users/nigoroll/gists{/gist_id}","starred_url":"https://api.github.com/users/nigoroll/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/nigoroll/subscriptions","organizations_url":"https://api.github.com/users/nigoroll/orgs","repos_url":"https://api.github.com/users/nigoroll/repos","events_url":"https://api.github.com/users/nigoroll/events{/privacy}","received_events_url":"https://api.github.com/users/nigoroll/received_events","type":"User","user_view_type":"public","site_admin":false},"reactions":{"url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/46/reactions","total_count":0,"+1":0,"-1":0,"laugh":0,"hooray":0,"confused":0,"heart":0,"rocket":0,"eyes":0},"timeline_url":"https://api.github.com/repos/nigoroll/libvmod-dynamic/issues/46/timeline","performed_via_github_app":null,"state_reason":"completed"}]
\ No newline at end of file

From 66d83702a34cf626f2fc90d62ae67cfae408afa5 Mon Sep 17 00:00:00 2001
From: lily <lesson085@gmail.com>
Date: Mon, 26 Jan 2026 15:30:26 +0100
Subject: [PATCH 228/854] fix(i18n): remove unneeded special cases for relative
 time (#10691)

Followup to https://codeberg.org/forgejo/forgejo/pulls/6154

en-US:

two days ago         -> 2 days ago
two weeks ago       -> 2 weeks ago
two months ago     -> 2 months ago
two years ago        -> 2 years ago

Other locales still require changes to ensure
that the relative time numbering is consistent.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10691
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: lily <lesson085@gmail.com>
Co-committed-by: lily <lesson085@gmail.com>
---
 options/locale_next/locale_en-US.json          |  4 ----
 services/context/context.go                    |  2 +-
 web_src/js/webcomponents/relative-time.js      | 12 ------------
 web_src/js/webcomponents/relative-time.test.js | 12 ++++--------
 4 files changed, 5 insertions(+), 25 deletions(-)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 7dee8fa37e..2778c44bae 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -49,13 +49,9 @@
 		"other": "%d years ago"
 	},
 	"relativetime.1day": "yesterday",
-	"relativetime.2days": "two days ago",
 	"relativetime.1week": "last week",
-	"relativetime.2weeks": "two weeks ago",
 	"relativetime.1month": "last month",
-	"relativetime.2months": "two months ago",
 	"relativetime.1year": "last year",
-	"relativetime.2years": "two years ago",
 	"repo.issues.filter_poster.hint": "Filter by the author",
 	"repo.issues.filter_assignee.hint": "Filter by assigned user",
 	"repo.issues.filter_reviewers.hint": "Filter by user who reviewed",
diff --git a/services/context/context.go b/services/context/context.go
index 6c83ca5d02..f0502b32fe 100644
--- a/services/context/context.go
+++ b/services/context/context.go
@@ -204,7 +204,7 @@ func Contexter() func(next http.Handler) http.Handler {
 				"FUTURE": ctx.Locale.TrString("relativetime.future"),
 				"NOW":    ctx.Locale.TrString("relativetime.now"),
 			}
-			for _, key := range []string{"relativetime.1day", "relativetime.1week", "relativetime.1month", "relativetime.1year", "relativetime.2days", "relativetime.2weeks", "relativetime.2months", "relativetime.2years"} {
+			for _, key := range []string{"relativetime.1day", "relativetime.1week", "relativetime.1month", "relativetime.1year"} {
 				// These keys are used for special-casing some time words. We only add keys that are actually translated, so that we
 				// can fall back to the generic pluralized time word in the correct language if the special case is untranslated.
 				if ctx.Locale.HasKey(key) {
diff --git a/web_src/js/webcomponents/relative-time.js b/web_src/js/webcomponents/relative-time.js
index c070cd6795..02bf8feffb 100644
--- a/web_src/js/webcomponents/relative-time.js
+++ b/web_src/js/webcomponents/relative-time.js
@@ -123,9 +123,6 @@ export function DoUpdateRelativeTime(object, now) {
     if (years === 1 && pageData.DATETIMESTRINGS['relativetime.1year']) {
       // Datetime is one year ago.
       object.textContent = pageData.DATETIMESTRINGS['relativetime.1year'];
-    } else if (years === 2 && pageData.DATETIMESTRINGS['relativetime.2years']) {
-      // Datetime is two year ago.
-      object.textContent = pageData.DATETIMESTRINGS['relativetime.2years'];
     } else {
       // Datetime is more than a year ago.
       object.textContent = GetPluralizedStringOrFallback('relativetime.years', years, 'year');
@@ -139,9 +136,6 @@ export function DoUpdateRelativeTime(object, now) {
     if (months === 1 && pageData.DATETIMESTRINGS['relativetime.1month']) {
       // Datetime is one month ago.
       object.textContent = pageData.DATETIMESTRINGS['relativetime.1month'];
-    } else if (months === 2 && pageData.DATETIMESTRINGS['relativetime.2months']) {
-      // Datetime is two months ago.
-      object.textContent = pageData.DATETIMESTRINGS['relativetime.2months'];
     } else {
       // Datetime is several months ago (but less than a year).
       object.textContent = GetPluralizedStringOrFallback('relativetime.months', months, 'month');
@@ -155,9 +149,6 @@ export function DoUpdateRelativeTime(object, now) {
     if (weeks === 1 && pageData.DATETIMESTRINGS['relativetime.1week']) {
       // Datetime is one week ago.
       object.textContent = pageData.DATETIMESTRINGS['relativetime.1week'];
-    } else if (weeks === 2 && pageData.DATETIMESTRINGS['relativetime.2weeks']) {
-      // Datetime is two week ago.
-      object.textContent = pageData.DATETIMESTRINGS['relativetime.2weeks'];
     } else {
       // Datetime is several weeks ago (but less than a month).
       object.textContent = GetPluralizedStringOrFallback('relativetime.weeks', weeks, 'week');
@@ -170,9 +161,6 @@ export function DoUpdateRelativeTime(object, now) {
     if (days === 1 && pageData.DATETIMESTRINGS['relativetime.1day']) {
       // Datetime is one day ago.
       object.textContent = pageData.DATETIMESTRINGS['relativetime.1day'];
-    } else if (days === 2 && pageData.DATETIMESTRINGS['relativetime.2days']) {
-      // Datetime is two days ago.
-      object.textContent = pageData.DATETIMESTRINGS['relativetime.2days'];
     } else {
       // Datetime is several days but less than a week ago.
       object.textContent = GetPluralizedStringOrFallback('relativetime.days', days, 'day');
diff --git a/web_src/js/webcomponents/relative-time.test.js b/web_src/js/webcomponents/relative-time.test.js
index 5a8e2950e0..e12fa3476b 100644
--- a/web_src/js/webcomponents/relative-time.test.js
+++ b/web_src/js/webcomponents/relative-time.test.js
@@ -9,10 +9,6 @@ test('CalculateRelativeTimes', () => {
     'relativetime.1week': 'last week',
     'relativetime.1month': 'last month',
     'relativetime.1year': 'last year',
-    'relativetime.2days': 'two days ago',
-    'relativetime.2weeks': 'two weeks ago',
-    'relativetime.2months': 'two months ago',
-    'relativetime.2years': 'two years ago',
   };
   window.config.pageData.PLURALSTRINGS_LANG = {
     'relativetime.mins': ['%d minute ago', '%d minutes ago'],
@@ -84,7 +80,7 @@ test('CalculateRelativeTimes', () => {
 
   mock.setAttribute('datetime', '2024-10-25T01:00:00+02:00');
   expect(DoUpdateRelativeTime(mock, now)).toEqual(ONE_DAY);
-  expect(mock.textContent).toEqual('two days ago');
+  expect(mock.textContent).toEqual('2 days ago');
 
   mock.setAttribute('datetime', '2024-10-21T01:00:00+02:00');
   expect(DoUpdateRelativeTime(mock, now)).toEqual(ONE_DAY);
@@ -100,7 +96,7 @@ test('CalculateRelativeTimes', () => {
 
   mock.setAttribute('datetime', '2024-10-13T01:00:00+02:00');
   expect(DoUpdateRelativeTime(mock, now)).toEqual(ONE_DAY);
-  expect(mock.textContent).toEqual('two weeks ago');
+  expect(mock.textContent).toEqual('2 weeks ago');
 
   mock.setAttribute('datetime', '2024-10-06T01:00:00+02:00');
   expect(DoUpdateRelativeTime(mock, now)).toEqual(ONE_DAY);
@@ -116,7 +112,7 @@ test('CalculateRelativeTimes', () => {
 
   mock.setAttribute('datetime', '2024-07-30T01:00:00+02:00');
   expect(DoUpdateRelativeTime(mock, now)).toEqual(ONE_DAY);
-  expect(mock.textContent).toEqual('two months ago');
+  expect(mock.textContent).toEqual('2 months ago');
 
   mock.setAttribute('datetime', '2024-05-30T01:00:00+02:00');
   expect(DoUpdateRelativeTime(mock, now)).toEqual(ONE_DAY);
@@ -152,7 +148,7 @@ test('CalculateRelativeTimes', () => {
 
   mock.setAttribute('datetime', '2022-10-20T01:00:00+10:00');
   expect(DoUpdateRelativeTime(mock, now)).toEqual(ONE_DAY);
-  expect(mock.textContent).toEqual('two years ago');
+  expect(mock.textContent).toEqual('2 years ago');
 
   mock.setAttribute('datetime', '2021-10-20T01:00:00+02:00');
   expect(DoUpdateRelativeTime(mock, now)).toEqual(ONE_DAY);

From c9f81315d6ad55c75aebb100a970ba3c517c70ed Mon Sep 17 00:00:00 2001
From: hwipl <hwipl@noreply.codeberg.org>
Date: Mon, 26 Jan 2026 18:58:39 +0100
Subject: [PATCH 229/854] feat: add `manage_password` to user disable features
 (#10541)

Forgejo supports disabling features for users with the configuration
options `USER_DISABLED_FEATURES` and `EXTERNAL_USER_DISABLE_FEATURES`.

Add `manage_password` that prevents users from configuring passwords.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10541
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: hwipl <hwipl@noreply.codeberg.org>
Co-committed-by: hwipl <hwipl@noreply.codeberg.org>
---
 custom/conf/app.example.ini             |   6 +-
 modules/setting/admin.go                |   7 +-
 routers/web/user/setting/account.go     |   5 +
 templates/user/settings/account.tmpl    |   2 +-
 tests/integration/integration_test.go   |  17 +++-
 tests/integration/user_settings_test.go | 126 ++++++++++++++++++++++++
 6 files changed, 152 insertions(+), 11 deletions(-)
 create mode 100644 tests/integration/user_settings_test.go

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 051b65dd55..6a30600a5d 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1561,15 +1561,17 @@ LEVEL = Info
 ;DEFAULT_EMAIL_NOTIFICATIONS = enabled
 ;; Send an email to all admins when a new user signs up to inform the admins about this act. Options: true, false
 ;SEND_NOTIFICATION_EMAIL_ON_NEW_USER = false
-;; Disabled features for users, could be "deletion", "manage_ssh_keys","manage_gpg_keys" more features can be disabled in future
+;; Disabled features for users, could be "deletion", "manage_ssh_keys","manage_gpg_keys", "manage_password" more features can be disabled in future
 ;; - deletion: a user cannot delete their own account
 ;; - manage_ssh_keys: a user cannot configure ssh keys
 ;; - manage_gpg_keys: a user cannot configure gpg keys
+;; - manage_password: a user cannot configure their password
 ;USER_DISABLED_FEATURES =
-;; Comma separated list of disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys`. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior.
+;; Comma separated list of disabled features ONLY if the user has an external login type (eg. LDAP, Oauth, etc.), could be `deletion`, `manage_ssh_keys`, `manage_gpg_keys`, `manage_password`. This setting is independent from `USER_DISABLED_FEATURES` and supplements its behavior.
 ;; - deletion: a user cannot delete their own account
 ;; - manage_ssh_keys: a user cannot configure ssh keys
 ;; - manage_gpg_keys: a user cannot configure gpg keys
+;; - manage_password: a user cannot configure their password
 ;;EXTERNAL_USER_DISABLE_FEATURES =
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
diff --git a/modules/setting/admin.go b/modules/setting/admin.go
index 7a1e071bac..f383a5e382 100644
--- a/modules/setting/admin.go
+++ b/modules/setting/admin.go
@@ -26,7 +26,8 @@ func loadAdminFrom(rootCfg ConfigProvider) {
 }
 
 const (
-	UserFeatureDeletion      = "deletion"
-	UserFeatureManageSSHKeys = "manage_ssh_keys"
-	UserFeatureManageGPGKeys = "manage_gpg_keys"
+	UserFeatureDeletion       = "deletion"
+	UserFeatureManageSSHKeys  = "manage_ssh_keys"
+	UserFeatureManageGPGKeys  = "manage_gpg_keys"
+	UserFeatureManagePassword = "manage_password"
 )
diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go
index 1dfcc90e35..5b0e8b4970 100644
--- a/routers/web/user/setting/account.go
+++ b/routers/web/user/setting/account.go
@@ -46,6 +46,11 @@ func Account(ctx *context.Context) {
 
 // AccountPost response for change user's password
 func AccountPost(ctx *context.Context) {
+	if user_model.IsFeatureDisabledWithLoginType(ctx.Doer, setting.UserFeatureManagePassword) {
+		ctx.NotFound("Not Found", errors.New("password is not allowed to be changed"))
+		return
+	}
+
 	form := web.GetForm(ctx).(*forms.ChangePasswordForm)
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsAccount"] = true
diff --git a/templates/user/settings/account.tmpl b/templates/user/settings/account.tmpl
index 35f1d07b60..6f81b255f1 100644
--- a/templates/user/settings/account.tmpl
+++ b/templates/user/settings/account.tmpl
@@ -4,7 +4,7 @@
 			{{ctx.Locale.Tr "settings.change_password"}}
 		</h4>
 		<div class="ui attached segment">
-			{{if or (.SignedUser.IsLocal) (.SignedUser.IsOAuth2)}}
+			{{if and (not ($.UserDisabledFeatures.Contains "manage_password")) (or (.SignedUser.IsLocal) (.SignedUser.IsOAuth2))}}
 			<form class="ui form ignore-dirty" action="{{AppSubUrl}}/user/settings/account" method="post">
 				{{template "base/disable_form_autofill"}}
 				{{if .SignedUser.IsPasswordSet}}
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index ad0b09305f..9434bffa9a 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -708,16 +708,23 @@ func VerifyJSONSchema(t testing.TB, resp *httptest.ResponseRecorder, schemaFile
 func GetHTMLTitle(t testing.TB, session *TestSession, urlStr string) string {
 	t.Helper()
 
+	doc := getHTMLDoc(t, session, urlStr, http.StatusOK)
+	return doc.Find("head title").Text()
+}
+
+// getHTMLDoc gets HTMLDoc from url with expected status. Use status
+// NoExpectedStatus to ignore status.
+func getHTMLDoc(t testing.TB, session *TestSession, urlStr string, expectedStatus int) *HTMLDoc {
+	t.Helper()
+
 	req := NewRequest(t, "GET", urlStr)
 	var resp *httptest.ResponseRecorder
 	if session == nil {
-		resp = MakeRequest(t, req, http.StatusOK)
+		resp = MakeRequest(t, req, expectedStatus)
 	} else {
-		resp = session.MakeRequest(t, req, http.StatusOK)
+		resp = session.MakeRequest(t, req, expectedStatus)
 	}
-
-	doc := NewHTMLParser(t, resp.Body)
-	return doc.Find("head title").Text()
+	return NewHTMLParser(t, resp.Body)
 }
 
 func SortMailerMessages(msgs []*mailer.Message) {
diff --git a/tests/integration/user_settings_test.go b/tests/integration/user_settings_test.go
new file mode 100644
index 0000000000..9a9e58da49
--- /dev/null
+++ b/tests/integration/user_settings_test.go
@@ -0,0 +1,126 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	"forgejo.org/modules/container"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+	"forgejo.org/tests"
+)
+
+// TestUserSettingsAccount tests the contents of a user's account settings
+// with(out) disabled user features.
+func TestUserSettingsAccount(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("all features enabled", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		doc := getHTMLDoc(t, loginUser(t, "user2"), "/user/settings/account", http.StatusOK)
+		doc.AssertElement(t, "#password", true)
+		doc.AssertElement(t, "#email", true)
+		doc.AssertElement(t, "#delete-form", true)
+	})
+
+	t.Run("password disabled", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		disabled := container.SetOf(setting.UserFeatureManagePassword)
+		defer test.MockVariableValue(&setting.Admin.UserDisabledFeatures, disabled)()
+		defer test.MockVariableValue(&setting.Admin.ExternalUserDisableFeatures, disabled)()
+
+		doc := getHTMLDoc(t, loginUser(t, "user2"), "/user/settings/account", http.StatusOK)
+		doc.AssertElement(t, "#password", false)
+		doc.AssertElement(t, "#email", true)
+		doc.AssertElement(t, "#delete-form", true)
+	})
+
+	t.Run("deletion disabled", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		disabled := container.SetOf(setting.UserFeatureDeletion)
+		defer test.MockVariableValue(&setting.Admin.UserDisabledFeatures, disabled)()
+		defer test.MockVariableValue(&setting.Admin.ExternalUserDisableFeatures, disabled)()
+
+		doc := getHTMLDoc(t, loginUser(t, "user2"), "/user/settings/account", http.StatusOK)
+		doc.AssertElement(t, "#password", true)
+		doc.AssertElement(t, "#email", true)
+		doc.AssertElement(t, "#delete-form", false)
+	})
+
+	t.Run("deletion, password disabled", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		disabled := container.SetOf(
+			setting.UserFeatureDeletion,
+			setting.UserFeatureManagePassword,
+		)
+		defer test.MockVariableValue(&setting.Admin.UserDisabledFeatures, disabled)()
+		defer test.MockVariableValue(&setting.Admin.ExternalUserDisableFeatures, disabled)()
+
+		doc := getHTMLDoc(t, loginUser(t, "user2"), "/user/settings/account", http.StatusOK)
+		doc.AssertElement(t, "#password", false)
+		doc.AssertElement(t, "#email", true)
+		doc.AssertElement(t, "#delete-form", false)
+	})
+}
+
+// TestUserSettingsUpdatePassword tests updating a user's password with(out)
+// disabled user features.
+func TestUserSettingsUpdatePassword(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("password enabled", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// changing password should work
+		session := loginUser(t, "user2")
+		req := NewRequestWithValues(t, "POST", "/user/settings/account", map[string]string{
+			"old_password": "password",
+			"password":     "password",
+			"retype":       "password",
+		})
+		session.MakeRequest(t, req, http.StatusSeeOther)
+	})
+
+	t.Run("password disabled", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		disabled := container.SetOf(setting.UserFeatureManagePassword)
+		defer test.MockVariableValue(&setting.Admin.UserDisabledFeatures, disabled)()
+		defer test.MockVariableValue(&setting.Admin.ExternalUserDisableFeatures, disabled)()
+
+		// changing password should not work
+		session := loginUser(t, "user2")
+		req := NewRequestWithValues(t, "POST", "/user/settings/account", map[string]string{
+			"old_password": "password",
+			"password":     "password",
+			"retype":       "password",
+		})
+		session.MakeRequest(t, req, http.StatusNotFound)
+	})
+}
+
+// TestUserSettingsDelete tests deleting a user with(out) disabled user
+// features.
+func TestUserSettingsDelete(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("deletion disabled", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		disabled := container.SetOf(setting.UserFeatureDeletion)
+		defer test.MockVariableValue(&setting.Admin.UserDisabledFeatures, disabled)()
+		defer test.MockVariableValue(&setting.Admin.ExternalUserDisableFeatures, disabled)()
+
+		// deleting user should not work
+		session := loginUser(t, "user2")
+		req := NewRequest(t, "POST", "/user/settings/account/delete")
+		session.MakeRequest(t, req, http.StatusNotFound)
+	})
+}

From 126e7879e35c9981a37942d30512770f708ee029 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 26 Jan 2026 22:53:03 +0100
Subject: [PATCH 230/854] Update dependency @github/text-expander-element to
 v2.9.4 (forgejo) (#10922)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10922
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 16 ++++++++--------
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index cdd3726d93..57487f7d9d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -33,7 +33,7 @@
         "@codemirror/view": "6.39.11",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
-        "@github/text-expander-element": "2.8.0",
+        "@github/text-expander-element": "2.9.4",
         "@google/model-viewer": "4.1.0",
         "@lezer/highlight": "1.2.3",
         "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
@@ -1635,13 +1635,13 @@
       "license": "MIT"
     },
     "node_modules/@github/text-expander-element": {
-      "version": "2.8.0",
-      "resolved": "https://registry.npmjs.org/@github/text-expander-element/-/text-expander-element-2.8.0.tgz",
-      "integrity": "sha512-kkS2rZ/CG8HGKblpLDQ8vcK/K7l/Jsvzi/N4ovwPAsFSOImcIbJh2MgCv9tzqE3wAm/qXlscvh3Ms4Hh1vtZvw==",
+      "version": "2.9.4",
+      "resolved": "https://registry.npmjs.org/@github/text-expander-element/-/text-expander-element-2.9.4.tgz",
+      "integrity": "sha512-+zxSlek2r0NrbFmRfymVtYhES9YU033acc/mouXUkN2bs8DaYScPucvBhwg/5d0hsEb2rIykKnkA/2xxWSqCTw==",
       "license": "MIT",
       "dependencies": {
         "@github/combobox-nav": "^2.0.2",
-        "dom-input-range": "^1.2.0"
+        "dom-input-range": "^2.0.0"
       }
     },
     "node_modules/@google/model-viewer": {
@@ -7406,9 +7406,9 @@
       "license": "MIT"
     },
     "node_modules/dom-input-range": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/dom-input-range/-/dom-input-range-1.2.0.tgz",
-      "integrity": "sha512-8HVA5Oy5Vt872S7IXsjjp6/5Hqsm5YZLhurxwwQXp80T9qVsj8/mEUH3sQlFujLLUoWfxiaThHHuJ3/q1MHVuA==",
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/dom-input-range/-/dom-input-range-2.0.1.tgz",
+      "integrity": "sha512-UMGnuQlEepIPCju5NrPe+8y52B+pRvSjIaSPW92KpukoDGSEVkI2iaCR4HxK7K6C7zmVsWE8PEjCYZaJMr3vpg==",
       "license": "MIT",
       "workspaces": [
         "demos"
diff --git a/package.json b/package.json
index 33b7269c6a..09d06d3a80 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
     "@codemirror/view": "6.39.11",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
-    "@github/text-expander-element": "2.8.0",
+    "@github/text-expander-element": "2.9.4",
     "@google/model-viewer": "4.1.0",
     "@lezer/highlight": "1.2.3",
     "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",

From d934e0c9fbe0ddfed806e415d912933fd92500ca Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Mon, 26 Jan 2026 22:55:30 +0100
Subject: [PATCH 231/854] chore: refactor signup logic (#10915)

This PR is in preparation of, but independent of, an upcoming suggestion for a feature addition:

* The first commit moves a tiny bit of logic into a separate function to prepare for extension of that logic, avoiding duplication
* The second commit moves checking for disabled registrations earlier, which, I think, has merits in terms of performance and resilience (hopefully not significant, but who knows?)
* The third commit adds simple unit tests for SignUp() and SignUpPost() to avoid the long-ish roundtrip over integration tests
*  The forth commit introduces `ctx.Data["DisableRegistrationReason"]` for the signup template to use as the reason printed if `.DisableRegistration` to prepare for other reasons to be added

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10915
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 routers/web/auth/auth.go              | 24 +++++++++++++++--------
 routers/web/auth/auth_test.go         | 28 +++++++++++++++++++++++++++
 templates/user/auth/signup_inner.tmpl |  2 +-
 3 files changed, 45 insertions(+), 9 deletions(-)

diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index 1154533c12..e9312b3060 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -386,6 +386,16 @@ func SignOut(ctx *context.Context) {
 	ctx.JSONRedirect(setting.AppSubURL + "/")
 }
 
+// check if registration is allowed and set Data for template
+func registrationDisabled(ctx *context.Context) bool {
+	if setting.Service.DisableRegistration || setting.Service.AllowOnlyExternalRegistration {
+		ctx.Data["DisableRegistration"] = true
+		ctx.Data["DisableRegistrationReason"] = ctx.Locale.Tr("auth.disable_register_prompt")
+		return true
+	}
+	return false
+}
+
 // SignUp render the register page
 func SignUp(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("sign_up")
@@ -403,8 +413,7 @@ func SignUp(ctx *context.Context) {
 
 	ctx.Data["PageIsSignUp"] = true
 
-	// Show Disabled Registration message if DisableRegistration or AllowOnlyExternalRegistration options are true
-	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration || setting.Service.AllowOnlyExternalRegistration
+	registrationDisabled(ctx)
 
 	redirectTo := ctx.FormString("redirect_to")
 	if len(redirectTo) > 0 {
@@ -416,6 +425,11 @@ func SignUp(ctx *context.Context) {
 
 // SignUpPost response for sign up information submission
 func SignUpPost(ctx *context.Context) {
+	if registrationDisabled(ctx) {
+		ctx.Error(http.StatusForbidden)
+		return
+	}
+
 	form := web.GetForm(ctx).(*forms.RegisterForm)
 	ctx.Data["Title"] = ctx.Tr("sign_up")
 
@@ -432,12 +446,6 @@ func SignUpPost(ctx *context.Context) {
 
 	ctx.Data["PageIsSignUp"] = true
 
-	// Permission denied if DisableRegistration or AllowOnlyExternalRegistration options are true
-	if setting.Service.DisableRegistration || setting.Service.AllowOnlyExternalRegistration {
-		ctx.Error(http.StatusForbidden)
-		return
-	}
-
 	if ctx.HasError() {
 		ctx.HTML(http.StatusOK, tplSignUp)
 		return
diff --git a/routers/web/auth/auth_test.go b/routers/web/auth/auth_test.go
index 7a33a3841c..3ca31cb8a6 100644
--- a/routers/web/auth/auth_test.go
+++ b/routers/web/auth/auth_test.go
@@ -8,6 +8,8 @@ import (
 	"net/url"
 	"testing"
 
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/templates"
 	"forgejo.org/modules/test"
 	"forgejo.org/services/contexttest"
 
@@ -41,3 +43,29 @@ func TestUserLogin(t *testing.T) {
 	SignIn(ctx)
 	assert.Equal(t, "/", test.RedirectURL(resp))
 }
+
+// NB: Full signup test is in tests/integration/signup_test.go
+// this is to test disabled signup
+func TestSignUpDefault(t *testing.T) {
+	ctx, resp := contexttest.MockContext(t, "/user/sign_up",
+		contexttest.MockContextOption{Render: templates.HTMLRenderer()})
+	SignUp(ctx)
+	assert.Equal(t, http.StatusOK, resp.Code)
+	assert.Contains(t, resp.Body.String(), ctx.Locale.Tr("username"))
+}
+
+func TestSignUpDisabled(t *testing.T) {
+	ctx, resp := contexttest.MockContext(t, "/user/sign_up",
+		contexttest.MockContextOption{Render: templates.HTMLRenderer()})
+	defer test.MockVariableValue(&setting.Service.DisableRegistration, true)()
+	SignUp(ctx)
+	assert.Equal(t, http.StatusOK, resp.Code)
+	assert.Contains(t, resp.Body.String(), ctx.Locale.Tr("auth.disable_register_prompt"))
+}
+
+func TestSignUpPostDisabled(t *testing.T) {
+	ctx, resp := contexttest.MockContext(t, "/user/sign_up")
+	defer test.MockVariableValue(&setting.Service.DisableRegistration, true)()
+	SignUpPost(ctx)
+	assert.Equal(t, http.StatusForbidden, resp.Code)
+}
diff --git a/templates/user/auth/signup_inner.tmpl b/templates/user/auth/signup_inner.tmpl
index f3400457a9..b9cfff4b0b 100644
--- a/templates/user/auth/signup_inner.tmpl
+++ b/templates/user/auth/signup_inner.tmpl
@@ -12,7 +12,7 @@
 			{{template "base/alert" .}}
 			{{end}}
 			{{if .DisableRegistration}}
-				<p>{{ctx.Locale.Tr "auth.disable_register_prompt"}}</p>
+				<p>{{.DisableRegistrationReason}}</p>
 			{{else}}
 				<div class="required field {{if and (.Err_UserName) (or (not .LinkAccountMode) (and .LinkAccountMode .LinkAccountModeRegister))}}error{{end}}">
 					<label for="user_name">{{ctx.Locale.Tr "username"}}</label>

From 023a894677bc2e1f348d539a1afa7554600d24cb Mon Sep 17 00:00:00 2001
From: Christoph Mewes <christoph@kubermatic.com>
Date: Mon, 26 Jan 2026 22:57:33 +0100
Subject: [PATCH 232/854] chore: fix typos throughout the codebase (#10753)

This PR fixes a number of typos throughout the entire repository. Running https://github.com/crate-ci/typos and then changing all occurrences that I naively deemed "safe enough".

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10753
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Christoph Mewes <christoph@kubermatic.com>
Co-committed-by: Christoph Mewes <christoph@kubermatic.com>
---
 cmd/hook.go                                    |  2 +-
 cmd/mailer.go                                  |  4 ++--
 models/actions/run.go                          |  6 +++---
 models/actions/task.go                         |  6 +++---
 models/actions/tasks_version.go                |  6 +++---
 .../ssh_key_object_verification_test.go        |  4 ++--
 models/db/index.go                             |  4 ++--
 models/forgejo_migrations/migrate_test.go      |  2 +-
 models/forgejo_migrations_legacy/v33.go        |  2 +-
 models/git/branch_test.go                      |  2 +-
 models/git/protected_branch_list.go            |  6 +++---
 models/gitea_migrations/migrations.go          |  4 ++--
 models/gitea_migrations/v1_11/v104.go          |  2 +-
 models/gitea_migrations/v1_11/v111.go          |  2 +-
 models/gitea_migrations/v1_15/v182.go          |  2 +-
 models/gitea_migrations/v1_21/v271.go          |  2 +-
 models/org_team.go                             |  6 +++---
 models/organization/org.go                     |  2 +-
 models/repo_transfer.go                        |  4 ++--
 models/repo_transfer_test.go                   |  6 +++---
 models/unit/unit.go                            |  4 ++--
 modules/auth/password/hash/setting.go          |  2 +-
 modules/cache/mutex_map_test.go                |  2 +-
 modules/charset/escape.go                      |  2 +-
 modules/git/diff.go                            |  8 ++++----
 modules/git/diff_compare_test.go               |  2 +-
 modules/git/diff_test.go                       |  6 +++---
 modules/git/foreachref/format.go               |  2 +-
 modules/git/repo_commit.go                     |  2 +-
 modules/keying/keying.go                       |  2 +-
 modules/setting/storage.go                     |  6 +++---
 modules/structs/issue.go                       |  2 +-
 modules/templates/util_render_test.go          |  2 +-
 modules/validation/validatable.go              |  4 ++--
 routers/api/actions/artifacts.go               |  6 +++---
 routers/api/actions/artifactsv4.go             |  6 +++---
 routers/api/v1/org/hook.go                     |  2 +-
 routers/api/v1/repo/mirror.go                  |  2 +-
 routers/common/search.go                       |  2 +-
 routers/web/org/teams.go                       |  4 ++--
 routers/web/repo/editor.go                     |  4 ++--
 routers/web/repo/issue_dependency.go           |  2 +-
 routers/web/repo/middlewares.go                |  2 +-
 routers/web/repo/patch.go                      |  6 +++---
 routers/web/repo/repo.go                       |  4 ++--
 routers/web/repo/setting/setting.go            |  2 +-
 services/actions/log_test.go                   |  2 +-
 services/actions/run.go                        |  2 +-
 services/actions/task.go                       |  6 +++---
 services/agit/agit.go                          | 12 ++++++------
 services/auth/source/ldap/source_search.go     | 12 ++++++------
 services/context/api.go                        |  2 +-
 services/doctor/lfs.go                         |  2 +-
 services/feed/action_test.go                   |  4 ++--
 services/gitdiff/gitdiff.go                    |  4 ++--
 services/issue/assignee.go                     | 18 +++++++++---------
 services/issue/issue.go                        |  6 +++---
 services/migrations/main_test.go               |  2 +-
 services/org/org.go                            |  6 +++---
 services/packages/container/blob_uploader.go   |  6 +++---
 services/pull/patch.go                         |  4 ++--
 services/pull/pull.go                          |  6 +++---
 services/remote/promote.go                     |  2 +-
 .../repository/commitstatus/commitstatus.go    |  8 ++++----
 services/repository/generate_test.go           |  6 +++---
 services/stats/stats_test.go                   |  4 ++--
 services/user/user.go                          |  4 ++--
 services/user/user_test.go                     |  2 +-
 tests/e2e/org-settings.test.e2e.ts             |  2 +-
 tests/e2e/repo-migrate.test.e2e.ts             |  2 +-
 tests/integration/api_gpg_keys_test.go         |  6 +++---
 tests/integration/api_notification_test.go     |  2 +-
 tests/integration/api_packages_test.go         |  2 +-
 tests/integration/api_push_mirror_test.go      |  2 +-
 tests/integration/api_repo_activities_test.go  |  2 +-
 tests/integration/api_repo_tags_test.go        |  2 +-
 tests/integration/api_token_test.go            |  4 ++--
 tests/integration/api_user_org_perm_test.go    | 10 +++++-----
 tests/integration/auth_token_test.go           |  4 ++--
 tests/integration/feed_user_test.go            |  4 ++--
 tests/integration/fixtures/TestFeed/action.yml |  2 +-
 tests/integration/oauth_test.go                |  4 ++--
 tests/integration/patch_status_test.go         |  8 ++++----
 ...branch_test.go => protected_branch_test.go} |  0
 tests/integration/pull_merge_test.go           |  2 +-
 tests/integration/repo_collaborator_test.go    |  6 +++---
 tests/integration/repo_commits_tags_test.go    |  2 +-
 87 files changed, 174 insertions(+), 174 deletions(-)
 rename tests/integration/{proctected_branch_test.go => protected_branch_test.go} (100%)

diff --git a/cmd/hook.go b/cmd/hook.go
index 82dcb30866..d3eb4dea89 100644
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -568,7 +568,7 @@ Forgejo or set your environment appropriately.`, "")
 	hookOptions.RefFullNames = make([]git.RefName, 0, hookBatchSize)
 
 	for {
-		// note: pktLineTypeUnknow means pktLineTypeFlush and pktLineTypeData all allowed
+		// note: pktLineTypeUnknown means pktLineTypeFlush and pktLineTypeData all allowed
 		rs, err = readPktLine(ctx, reader, pktLineTypeUnknown)
 		if err != nil {
 			return err
diff --git a/cmd/mailer.go b/cmd/mailer.go
index d05d6c849b..2576e60b58 100644
--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@@ -24,10 +24,10 @@ func runSendMail(ctx context.Context, c *cli.Command) error {
 	}
 
 	subject := c.String("title")
-	confirmSkiped := c.Bool("force")
+	confirmSkipped := c.Bool("force")
 	body := c.String("content")
 
-	if !confirmSkiped {
+	if !confirmSkipped {
 		if len(body) == 0 {
 			fmt.Print("warning: Content is empty")
 		}
diff --git a/models/actions/run.go b/models/actions/run.go
index 126a4e7e38..e500d45487 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -314,11 +314,11 @@ func GetRunsNotDoneByRepoIDAndPullRequestID(ctx context.Context, repoID, pullReq
 // The title will be cut off at 255 characters if it's longer than 255 characters.
 // We don't have to send the ActionRunNowDone notification here because there are no runs that start in a not done status.
 func InsertRun(ctx context.Context, run *ActionRun, jobs []*jobparser.SingleWorkflow) error {
-	ctx, commiter, err := db.TxContext(ctx)
+	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return err
 	}
-	defer commiter.Close()
+	defer committer.Close()
 
 	index, err := db.GetNextResourceIndex(ctx, "action_run_index", run.RepoID)
 	if err != nil {
@@ -345,7 +345,7 @@ func InsertRun(ctx context.Context, run *ActionRun, jobs []*jobparser.SingleWork
 		return err
 	}
 
-	return commiter.Commit()
+	return committer.Commit()
 }
 
 // Adds `ActionRunJob` instances from `SingleWorkflows` to an existing ActionRun.
diff --git a/models/actions/task.go b/models/actions/task.go
index 45f1643989..3cf8a3af04 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -321,11 +321,11 @@ func GetAvailableJobsForRunner(e db.Engine, runner *ActionRunner) ([]*ActionRunJ
 }
 
 func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask, bool, error) {
-	ctx, commiter, err := db.TxContext(ctx)
+	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return nil, false, err
 	}
-	defer commiter.Close()
+	defer committer.Close()
 
 	e := db.GetEngine(ctx)
 
@@ -414,7 +414,7 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask
 
 	task.Job = job
 
-	if err := commiter.Commit(); err != nil {
+	if err := committer.Commit(); err != nil {
 		return nil, false, err
 	}
 
diff --git a/models/actions/tasks_version.go b/models/actions/tasks_version.go
index a5c357888f..8678f052f0 100644
--- a/models/actions/tasks_version.go
+++ b/models/actions/tasks_version.go
@@ -73,11 +73,11 @@ func increaseTasksVersionByScope(ctx context.Context, ownerID, repoID int64) err
 }
 
 func IncreaseTaskVersion(ctx context.Context, ownerID, repoID int64) error {
-	ctx, commiter, err := db.TxContext(ctx)
+	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return err
 	}
-	defer commiter.Close()
+	defer committer.Close()
 
 	// 1. increase global
 	if err := increaseTasksVersionByScope(ctx, 0, 0); err != nil {
@@ -101,5 +101,5 @@ func IncreaseTaskVersion(ctx context.Context, ownerID, repoID int64) error {
 		}
 	}
 
-	return commiter.Commit()
+	return committer.Commit()
 }
diff --git a/models/asymkey/ssh_key_object_verification_test.go b/models/asymkey/ssh_key_object_verification_test.go
index 4bfd79d56e..27d8d66a3c 100644
--- a/models/asymkey/ssh_key_object_verification_test.go
+++ b/models/asymkey/ssh_key_object_verification_test.go
@@ -24,14 +24,14 @@ func TestParseCommitWithSSHSignature(t *testing.T) {
 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 	sshKey := unittest.AssertExistsAndLoadBean(t, &PublicKey{ID: 1000, OwnerID: 2})
 
-	t.Run("No commiter", func(t *testing.T) {
+	t.Run("No committer", func(t *testing.T) {
 		o := commitToGitObject(&git.Commit{})
 		commitVerification := ParseObjectWithSSHSignature(db.DefaultContext, &o, &user_model.User{})
 		assert.False(t, commitVerification.Verified)
 		assert.Equal(t, NoKeyFound, commitVerification.Reason)
 	})
 
-	t.Run("Commiter without keys", func(t *testing.T) {
+	t.Run("Committer without keys", func(t *testing.T) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 
 		o := commitToGitObject(&git.Commit{Committer: &git.Signature{Email: user.Email}})
diff --git a/models/db/index.go b/models/db/index.go
index c069f0febd..923576edb3 100644
--- a/models/db/index.go
+++ b/models/db/index.go
@@ -20,8 +20,8 @@ type ResourceIndex struct {
 }
 
 var (
-	// ErrResouceOutdated represents an error when request resource outdated
-	ErrResouceOutdated = errors.New("resource outdated")
+	// ErrResourceOutdated represents an error when request resource outdated
+	ErrResourceOutdated = errors.New("resource outdated")
 	// ErrGetResourceIndexFailed represents an error when resource index retries 3 times
 	ErrGetResourceIndexFailed = errors.New("get resource index failed")
 )
diff --git a/models/forgejo_migrations/migrate_test.go b/models/forgejo_migrations/migrate_test.go
index 360f6a16d5..87dea780d8 100644
--- a/models/forgejo_migrations/migrate_test.go
+++ b/models/forgejo_migrations/migrate_test.go
@@ -44,7 +44,7 @@ func TestRegisterMigration(t *testing.T) {
 		"v99b_neat_migration.go", // no leading path
 		"vb_neat_migration.go",   // no version number
 		"v12_neat_migration.go",  // no migration group letter
-		"v12a-neat-migration.go", // no undescore
+		"v12a-neat-migration.go", // no underscore
 		"v12a.go",                // no descriptive identifier
 	} {
 		t.Run(fmt.Sprintf("bad name - %s", fn), func(t *testing.T) {
diff --git a/models/forgejo_migrations_legacy/v33.go b/models/forgejo_migrations_legacy/v33.go
index ce220d8179..b29c5feeb3 100644
--- a/models/forgejo_migrations_legacy/v33.go
+++ b/models/forgejo_migrations_legacy/v33.go
@@ -52,7 +52,7 @@ func addFederatedUserActivityTables(x *xorm.Engine) {
 		FollowingUserID int64 `xorm:"NOT NULL unique(fuf_rel)"`
 	}
 
-	// Add InboxPath to FederatedUser & add index fo UserID
+	// Add InboxPath to FederatedUser & add index to UserID
 	type FederatedUser struct {
 		ID        int64 `xorm:"pk autoincr"`
 		UserID    int64 `xorm:"NOT NULL INDEX user_id"`
diff --git a/models/git/branch_test.go b/models/git/branch_test.go
index 4340e8f729..5eca70324d 100644
--- a/models/git/branch_test.go
+++ b/models/git/branch_test.go
@@ -115,7 +115,7 @@ func TestFindRenamedBranch(t *testing.T) {
 	assert.True(t, exist)
 	assert.Equal(t, "master", branch.To)
 
-	_, exist, err = git_model.FindRenamedBranch(db.DefaultContext, 1, "unknow")
+	_, exist, err = git_model.FindRenamedBranch(db.DefaultContext, 1, "unknown")
 	require.NoError(t, err)
 	assert.False(t, exist)
 }
diff --git a/models/git/protected_branch_list.go b/models/git/protected_branch_list.go
index c7a3154884..54930b7eac 100644
--- a/models/git/protected_branch_list.go
+++ b/models/git/protected_branch_list.go
@@ -50,7 +50,7 @@ func FindRepoProtectedBranchRules(ctx context.Context, repoID int64) (ProtectedB
 func FindAllMatchedBranches(ctx context.Context, repoID int64, ruleName string) ([]string, error) {
 	results := make([]string, 0, 10)
 	for page := 1; ; page++ {
-		brancheNames, err := FindBranchNames(ctx, FindBranchOptions{
+		branchNames, err := FindBranchNames(ctx, FindBranchOptions{
 			ListOptions: db.ListOptions{
 				PageSize: 100,
 				Page:     page,
@@ -63,12 +63,12 @@ func FindAllMatchedBranches(ctx context.Context, repoID int64, ruleName string)
 		}
 		rule := glob.MustCompile(ruleName)
 
-		for _, branch := range brancheNames {
+		for _, branch := range branchNames {
 			if rule.Match(branch) {
 				results = append(results, branch)
 			}
 		}
-		if len(brancheNames) < 100 {
+		if len(branchNames) < 100 {
 			break
 		}
 	}
diff --git a/models/gitea_migrations/migrations.go b/models/gitea_migrations/migrations.go
index 5d6bf0aab2..9b30f9940d 100644
--- a/models/gitea_migrations/migrations.go
+++ b/models/gitea_migrations/migrations.go
@@ -126,7 +126,7 @@ func prepareMigrationTasks() []*migration {
 
 		newMigration(102, "update migration repositories' service type", v1_11.DropColumnHeadUserNameOnPullRequest),
 		newMigration(103, "Add WhitelistDeployKeys to protected branch", v1_11.AddWhitelistDeployKeysToBranches),
-		newMigration(104, "remove unnecessary columns from label", v1_11.RemoveLabelUneededCols),
+		newMigration(104, "remove unnecessary columns from label", v1_11.RemoveLabelUnneededCols),
 		newMigration(105, "add includes_all_repositories to teams", v1_11.AddTeamIncludesAllRepositories),
 		newMigration(106, "add column `mode` to table watch", v1_11.AddModeColumnToWatch),
 		newMigration(107, "Add template options to repository", v1_11.AddTemplateToRepo),
@@ -323,7 +323,7 @@ func prepareMigrationTasks() []*migration {
 		newMigration(268, "Update Action Ref", v1_21.UpdateActionsRefIndex),
 		newMigration(269, "Drop deleted branch table", v1_21.DropDeletedBranchTable),
 		newMigration(270, "Fix PackageProperty typo", v1_21.FixPackagePropertyTypo),
-		newMigration(271, "Allow archiving labels", v1_21.AddArchivedUnixColumInLabelTable),
+		newMigration(271, "Allow archiving labels", v1_21.AddArchivedUnixColumnInLabelTable),
 		newMigration(272, "Add Version to ActionRun table", v1_21.AddVersionToActionRunTable),
 		newMigration(273, "Add Action Schedule Table", v1_21.AddActionScheduleTable),
 		newMigration(274, "Add Actions artifacts expiration date", v1_21.AddExpiredUnixColumnInActionArtifactTable),
diff --git a/models/gitea_migrations/v1_11/v104.go b/models/gitea_migrations/v1_11/v104.go
index 47cf320359..606690009d 100644
--- a/models/gitea_migrations/v1_11/v104.go
+++ b/models/gitea_migrations/v1_11/v104.go
@@ -9,7 +9,7 @@ import (
 	"xorm.io/xorm"
 )
 
-func RemoveLabelUneededCols(x *xorm.Engine) error {
+func RemoveLabelUnneededCols(x *xorm.Engine) error {
 	// Make sure the columns exist before dropping them
 	type Label struct {
 		QueryString string
diff --git a/models/gitea_migrations/v1_11/v111.go b/models/gitea_migrations/v1_11/v111.go
index 6f531e4858..fcd2ee7be3 100644
--- a/models/gitea_migrations/v1_11/v111.go
+++ b/models/gitea_migrations/v1_11/v111.go
@@ -410,7 +410,7 @@ func AddBranchProtectionCanPushAndEnableWhitelist(x *xorm.Engine) error {
 
 			official, err := isOfficialReviewer(sess, review.IssueID, reviewer)
 			if err != nil {
-				// Branch might not be proteced or other error, ignore it.
+				// Branch might not be protected or other error, ignore it.
 				continue
 			}
 			review.Official = official
diff --git a/models/gitea_migrations/v1_15/v182.go b/models/gitea_migrations/v1_15/v182.go
index f53ff11df9..069f9890cd 100644
--- a/models/gitea_migrations/v1_15/v182.go
+++ b/models/gitea_migrations/v1_15/v182.go
@@ -24,7 +24,7 @@ func AddIssueResourceIndexTable(x *xorm.Engine) error {
 		return err
 	}
 
-	// Remove data we're goint to rebuild
+	// Remove data we're going to rebuild
 	if _, err := sess.Table("issue_index").Where("1=1").Delete(&ResourceIndex{}); err != nil {
 		return err
 	}
diff --git a/models/gitea_migrations/v1_21/v271.go b/models/gitea_migrations/v1_21/v271.go
index e3ce2d4b74..38b171c323 100644
--- a/models/gitea_migrations/v1_21/v271.go
+++ b/models/gitea_migrations/v1_21/v271.go
@@ -9,7 +9,7 @@ import (
 	"xorm.io/xorm"
 )
 
-func AddArchivedUnixColumInLabelTable(x *xorm.Engine) error {
+func AddArchivedUnixColumnInLabelTable(x *xorm.Engine) error {
 	type Label struct {
 		ArchivedUnix timeutil.TimeStamp `xorm:"DEFAULT NULL"`
 	}
diff --git a/models/org_team.go b/models/org_team.go
index ecda43f0a9..de54c61745 100644
--- a/models/org_team.go
+++ b/models/org_team.go
@@ -116,7 +116,7 @@ func removeAllRepositories(ctx context.Context, t *organization.Team) (err error
 			return err
 		}
 
-		// Remove watches from all users and now unaccessible repos
+		// Remove watches from all users and now inaccessible repos
 		for _, user := range t.Members {
 			has, err := access_model.HasAccess(ctx, user.ID, repo)
 			if err != nil {
@@ -480,12 +480,12 @@ func removeTeamMember(ctx context.Context, team *organization.Team, userID int64
 			return err
 		}
 
-		// Remove watches from now unaccessible
+		// Remove watches from now inaccessible
 		if err := ReconsiderWatches(ctx, repo, userID); err != nil {
 			return err
 		}
 
-		// Remove issue assignments from now unaccessible
+		// Remove issue assignments from now inaccessible
 		if err := ReconsiderRepoIssuesAssignee(ctx, repo, userID); err != nil {
 			return err
 		}
diff --git a/models/organization/org.go b/models/organization/org.go
index 6da8886c2f..82c3e0ea67 100644
--- a/models/organization/org.go
+++ b/models/organization/org.go
@@ -191,7 +191,7 @@ func (org *Organization) IsGhost() bool {
 	return org.AsUser().IsGhost()
 }
 
-// FindOrgMembersOpts represensts find org members conditions
+// FindOrgMembersOpts represents find org members conditions
 type FindOrgMembersOpts struct {
 	db.ListOptions
 	Doer         *user_model.User
diff --git a/models/repo_transfer.go b/models/repo_transfer.go
index f515f1bcf0..8031a20964 100644
--- a/models/repo_transfer.go
+++ b/models/repo_transfer.go
@@ -175,11 +175,11 @@ func CreatePendingRepositoryTransfer(ctx context.Context, doer, newOwner *user_m
 }
 
 // GetPendingTransfers returns the pending transfers of recipient which were sent by by doer.
-func GetPendingTransferIDs(ctx context.Context, reciepientID, doerID int64) ([]int64, error) {
+func GetPendingTransferIDs(ctx context.Context, recipientID, doerID int64) ([]int64, error) {
 	pendingTransferIDs := make([]int64, 0, 8)
 	return pendingTransferIDs, db.GetEngine(ctx).Table("repo_transfer").
 		Where("doer_id = ?", doerID).
-		And("recipient_id = ?", reciepientID).
+		And("recipient_id = ?", recipientID).
 		Cols("id").
 		Find(&pendingTransferIDs)
 }
diff --git a/models/repo_transfer_test.go b/models/repo_transfer_test.go
index 7f01ac2b97..58fc63a263 100644
--- a/models/repo_transfer_test.go
+++ b/models/repo_transfer_test.go
@@ -17,10 +17,10 @@ import (
 func TestGetPendingTransferIDs(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3})
-	reciepient := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
-	pendingTransfer := unittest.AssertExistsAndLoadBean(t, &RepoTransfer{RecipientID: reciepient.ID, DoerID: doer.ID})
+	recipient := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	pendingTransfer := unittest.AssertExistsAndLoadBean(t, &RepoTransfer{RecipientID: recipient.ID, DoerID: doer.ID})
 
-	pendingTransferIDs, err := GetPendingTransferIDs(db.DefaultContext, reciepient.ID, doer.ID)
+	pendingTransferIDs, err := GetPendingTransferIDs(db.DefaultContext, recipient.ID, doer.ID)
 	require.NoError(t, err)
 	if assert.Len(t, pendingTransferIDs, 1) {
 		assert.Equal(t, pendingTransfer.ID, pendingTransferIDs[0])
diff --git a/models/unit/unit.go b/models/unit/unit.go
index 6b4f2765ee..2f8306d45f 100644
--- a/models/unit/unit.go
+++ b/models/unit/unit.go
@@ -431,7 +431,7 @@ func AllUnitKeyNames() []string {
 	return res
 }
 
-// MinUnitAccessMode returns the minial permission of the permission map
+// MinUnitAccessMode returns the minimal permission of the permission map
 func MinUnitAccessMode(unitsMap map[Type]perm.AccessMode) perm.AccessMode {
 	res := perm.AccessModeNone
 	for t, mode := range unitsMap {
@@ -440,7 +440,7 @@ func MinUnitAccessMode(unitsMap map[Type]perm.AccessMode) perm.AccessMode {
 			continue
 		}
 
-		// get the minial permission great than AccessModeNone except all are AccessModeNone
+		// get the minimal permission greater than AccessModeNone except all are AccessModeNone
 		if mode > perm.AccessModeNone && (res == perm.AccessModeNone || mode < res) {
 			res = mode
 		}
diff --git a/modules/auth/password/hash/setting.go b/modules/auth/password/hash/setting.go
index 05cd36fe3c..24d0f726c7 100644
--- a/modules/auth/password/hash/setting.go
+++ b/modules/auth/password/hash/setting.go
@@ -14,7 +14,7 @@ const DefaultHashAlgorithmName = "pbkdf2_hi"
 
 var DefaultHashAlgorithm *PasswordHashAlgorithm
 
-// aliasAlgorithNames provides a mapping between the value of PASSWORD_HASH_ALGO
+// aliasAlgorithmNames provides a mapping between the value of PASSWORD_HASH_ALGO
 // configured in the app.ini and the parameters used within the hashers internally.
 //
 // If it is necessary to change the default parameters for any hasher in future you
diff --git a/modules/cache/mutex_map_test.go b/modules/cache/mutex_map_test.go
index 324b3228d8..7dd21c2f56 100644
--- a/modules/cache/mutex_map_test.go
+++ b/modules/cache/mutex_map_test.go
@@ -57,7 +57,7 @@ func TestMutexMap_DifferentKeys(t *testing.T) {
 	done := make(chan bool, 1)
 
 	go func() {
-		// If these somehow refered to the same underlying `sync.Mutex`, because `sync.Mutex` is not re-entrant this would
+		// If these somehow referred to the same underlying `sync.Mutex`, because `sync.Mutex` is not re-entrant this would
 		// never complete.
 		unlock1 := mm.Lock("test-key-1")
 		unlock2 := mm.Lock("test-key-2")
diff --git a/modules/charset/escape.go b/modules/charset/escape.go
index 57b13c1f18..5b185b1608 100644
--- a/modules/charset/escape.go
+++ b/modules/charset/escape.go
@@ -30,7 +30,7 @@ const (
 	WikiContext escapeContext = "wiki"
 	// Rendered content (except markup), source code and blames.
 	FileviewContext escapeContext = "file-view"
-	// Commits or pull requet's diff.
+	// Commits or pull request's diff.
 	DiffContext escapeContext = "diff"
 )
 
diff --git a/modules/git/diff.go b/modules/git/diff.go
index 0ba9c60912..f745531edd 100644
--- a/modules/git/diff.go
+++ b/modules/git/diff.go
@@ -100,7 +100,7 @@ func GetRepoRawDiffForFile(repo *Repository, startCommit, endCommit string, diff
 }
 
 // ParseDiffHunkString parse the diffhunk content and return
-func ParseDiffHunkString(diffhunk string) (leftLine, leftHunk, rightLine, righHunk int) {
+func ParseDiffHunkString(diffhunk string) (leftLine, leftHunk, rightLine, rightHunk int) {
 	ss := strings.Split(diffhunk, "@@")
 	ranges := strings.Split(ss[1][1:], " ")
 	leftRange := strings.Split(ranges[0], ",")
@@ -112,14 +112,14 @@ func ParseDiffHunkString(diffhunk string) (leftLine, leftHunk, rightLine, righHu
 		rightRange := strings.Split(ranges[1], ",")
 		rightLine, _ = strconv.Atoi(rightRange[0])
 		if len(rightRange) > 1 {
-			righHunk, _ = strconv.Atoi(rightRange[1])
+			rightHunk, _ = strconv.Atoi(rightRange[1])
 		}
 	} else {
 		log.Debug("Parse line number failed: %v", diffhunk)
 		rightLine = leftLine
-		righHunk = leftHunk
+		rightHunk = leftHunk
 	}
-	return leftLine, leftHunk, rightLine, righHunk
+	return leftLine, leftHunk, rightLine, rightHunk
 }
 
 // Example: @@ -1,8 +1,9 @@ => [..., 1, 8, 1, 9]
diff --git a/modules/git/diff_compare_test.go b/modules/git/diff_compare_test.go
index 433497b5c4..34c2017b8a 100644
--- a/modules/git/diff_compare_test.go
+++ b/modules/git/diff_compare_test.go
@@ -247,7 +247,7 @@ func TestCheckIfDiffDiffers(t *testing.T) {
 		require.NoError(t, NewCommand(t.Context(), "switch", "-c", "e-2").Run(&RunOpts{Dir: tmpDir}))
 		require.NoError(t, NewCommand(t.Context(), "rebase", "main-D-2").Run(&RunOpts{Dir: tmpDir}))
 
-		// The diff changed, because it no longers shows the change made to `README`.
+		// The diff changed, because it no longer shows the change made to `README`.
 		changed, err := gitRepo.CheckIfDiffDiffers("main-D-2", "e-1", "e-2", nil)
 		require.NoError(t, err)
 		assert.False(t, changed) // This should be true.
diff --git a/modules/git/diff_test.go b/modules/git/diff_test.go
index 9130767c66..34e0695fea 100644
--- a/modules/git/diff_test.go
+++ b/modules/git/diff_test.go
@@ -30,7 +30,7 @@ index d8e4c92..19dc8ad 100644
 @@ -1,9 +1,10 @@
  --some comment
 --- some comment 5
-+--some coment 2
++--some comment 2
 +-- some comment 3
  create or replace procedure test(p1 varchar2)
  is
@@ -135,7 +135,7 @@ func TestCutDiffAroundLine(t *testing.T) {
 @@ -1,9 +1,10 @@
  --some comment
 --- some comment 5
-+--some coment 2`
++--some comment 2`
 	assert.Equal(t, expected, minusDiff)
 
 	// Handle minus diffs properly
@@ -148,7 +148,7 @@ func TestCutDiffAroundLine(t *testing.T) {
 @@ -1,9 +1,10 @@
  --some comment
 --- some comment 5
-+--some coment 2
++--some comment 2
 +-- some comment 3`
 
 	assert.Equal(t, expected, minusDiff)
diff --git a/modules/git/foreachref/format.go b/modules/git/foreachref/format.go
index 97e8ee4724..75e315ad4a 100644
--- a/modules/git/foreachref/format.go
+++ b/modules/git/foreachref/format.go
@@ -72,7 +72,7 @@ func (f Format) Parser(r io.Reader) *Parser {
 	return NewParser(r, f)
 }
 
-// hexEscaped produces hex-escpaed characters from a string. For example, "\n\0"
+// hexEscaped produces hex-escaped characters from a string. For example, "\n\0"
 // would turn into "%0a%00".
 func (f Format) hexEscaped(delim []byte) string {
 	escaped := ""
diff --git a/modules/git/repo_commit.go b/modules/git/repo_commit.go
index bd7d5e2014..0ebdb0f8a0 100644
--- a/modules/git/repo_commit.go
+++ b/modules/git/repo_commit.go
@@ -473,7 +473,7 @@ func (repo *Repository) GetCommitsFromIDs(commitIDs []string, ignoreExistence bo
 			// It's entirely possible the commit no longer exists, we only care
 			// about the status and verification. Verification is no longer possible,
 			// but getting the status is still possible with just the ID. We do have
-			// to assumme the commitID is not shortened, we cannot recover the full
+			// to assume the commitID is not shortened, we cannot recover the full
 			// commitID.
 			id, err := NewIDFromString(commitID)
 			if err == nil {
diff --git a/modules/keying/keying.go b/modules/keying/keying.go
index a1a93419b1..751fd77521 100644
--- a/modules/keying/keying.go
+++ b/modules/keying/keying.go
@@ -151,7 +151,7 @@ func ColumnAndID(column string, id int64) []byte {
 // it's not bound to a particular table. The table should be part of the context
 // that the key was derived for, in which case it binds through that. Use this
 // over `ColumnAndID` if you're encrypting data that's stored inside JSON.
-// jsonSelector must be a unambigous selector to the JSON field that stores the
+// jsonSelector must be a unambiguous selector to the JSON field that stores the
 // encrypted data.
 func ColumnAndJSONSelectorAndID(column, jsonSelector string, id int64) []byte {
 	return binary.BigEndian.AppendUint64(append(append([]byte(column), ':'), append([]byte(jsonSelector), ':')...), uint64(id))
diff --git a/modules/setting/storage.go b/modules/setting/storage.go
index 532842064c..e458300727 100644
--- a/modules/setting/storage.go
+++ b/modules/setting/storage.go
@@ -136,11 +136,11 @@ func getStorageSectionByType(rootCfg ConfigProvider, typ string) (ConfigSection,
 	targetType := targetSec.Key("STORAGE_TYPE").String()
 	if targetType == "" {
 		if !IsValidStorageType(StorageType(typ)) {
-			return nil, 0, fmt.Errorf("unknow storage type %q", typ)
+			return nil, 0, fmt.Errorf("unknown storage type %q", typ)
 		}
 		targetSec.Key("STORAGE_TYPE").SetValue(typ)
 	} else if !IsValidStorageType(StorageType(targetType)) {
-		return nil, 0, fmt.Errorf("unknow storage type %q for section storage.%v", targetType, typ)
+		return nil, 0, fmt.Errorf("unknown storage type %q for section storage.%v", targetType, typ)
 	}
 
 	return targetSec, targetSecIsTyp, nil
@@ -166,7 +166,7 @@ func getStorageTargetSection(rootCfg ConfigProvider, name, typ string, sec Confi
 		}
 	}
 
-	// check stoarge name thirdly
+	// check storage name thirdly
 	targetSec, _ := rootCfg.GetSection(storageSectionName + "." + name)
 	if targetSec != nil {
 		targetType := targetSec.Key("STORAGE_TYPE").String()
diff --git a/modules/structs/issue.go b/modules/structs/issue.go
index 7b7397dc4b..6208c28be1 100644
--- a/modules/structs/issue.go
+++ b/modules/structs/issue.go
@@ -17,7 +17,7 @@ import (
 type StateType string
 
 const (
-	// StateOpen pr is opend
+	// StateOpen pr is opened
 	StateOpen StateType = "open"
 	// StateClosed pr is closed
 	StateClosed StateType = "closed"
diff --git a/modules/templates/util_render_test.go b/modules/templates/util_render_test.go
index 3cfd572491..acf5353ca3 100644
--- a/modules/templates/util_render_test.go
+++ b/modules/templates/util_render_test.go
@@ -54,7 +54,7 @@ func TestApostrophesInMentions(t *testing.T) {
 	assert.Equal(t, template.HTML("<p><a href=\"/mention-user\" class=\"mention\" rel=\"nofollow\">@mention-user</a>&#39;s comment</p>\n"), rendered)
 }
 
-func TestNonExistantUserMention(t *testing.T) {
+func TestNonExistentUserMention(t *testing.T) {
 	rendered := RenderMarkdownToHtml(t.Context(), "@ThisUserDoesNotExist @mention-user")
 	assert.Equal(t, template.HTML("<p>@ThisUserDoesNotExist <a href=\"/mention-user\" class=\"mention\" rel=\"nofollow\">@mention-user</a></p>\n"), rendered)
 }
diff --git a/modules/validation/validatable.go b/modules/validation/validatable.go
index 7bcca03bf8..1b0d4aa382 100644
--- a/modules/validation/validatable.go
+++ b/modules/validation/validatable.go
@@ -34,9 +34,9 @@ type Validateable interface {
 }
 
 func IsValid(v Validateable) (bool, error) {
-	if valdationErrors := v.Validate(); len(valdationErrors) > 0 {
+	if validationErrors := v.Validate(); len(validationErrors) > 0 {
 		typeof := reflect.TypeOf(v)
-		errString := strings.Join(valdationErrors, "\n")
+		errString := strings.Join(validationErrors, "\n")
 		return false, ErrNotValid{fmt.Sprint(typeof, ": ", errString)}
 	}
 
diff --git a/routers/api/actions/artifacts.go b/routers/api/actions/artifacts.go
index 85a1f5f5be..cf52886baa 100644
--- a/routers/api/actions/artifacts.go
+++ b/routers/api/actions/artifacts.go
@@ -112,7 +112,7 @@ func ArtifactsRoutes(prefix string) *web.Route {
 
 	m.Group(artifactRouteBase, func() {
 		// retrieve, list and confirm artifacts
-		m.Combo("").Get(r.listArtifacts).Post(r.getUploadArtifactURL).Patch(r.comfirmUploadArtifact)
+		m.Combo("").Get(r.listArtifacts).Post(r.getUploadArtifactURL).Patch(r.confirmUploadArtifact)
 		// handle container artifacts list and download
 		m.Put("/{artifact_hash}/upload", r.uploadArtifact)
 		// handle artifacts download
@@ -310,9 +310,9 @@ func (ar artifactRoutes) uploadArtifact(ctx *ArtifactContext) {
 	})
 }
 
-// comfirmUploadArtifact confirm upload artifact.
+// confirmUploadArtifact confirm upload artifact.
 // if all chunks are uploaded, merge them to one file.
-func (ar artifactRoutes) comfirmUploadArtifact(ctx *ArtifactContext) {
+func (ar artifactRoutes) confirmUploadArtifact(ctx *ArtifactContext) {
 	_, runID, ok := validateRunID(ctx)
 	if !ok {
 		return
diff --git a/routers/api/actions/artifactsv4.go b/routers/api/actions/artifactsv4.go
index dee5f1b2f3..97da6c1735 100644
--- a/routers/api/actions/artifactsv4.go
+++ b/routers/api/actions/artifactsv4.go
@@ -271,12 +271,12 @@ func (r *artifactV4Routes) createArtifact(ctx *ArtifactContext) {
 
 	artifactName := req.Name
 
-	rententionDays := setting.Actions.ArtifactRetentionDays
+	retentionDays := setting.Actions.ArtifactRetentionDays
 	if req.ExpiresAt != nil {
-		rententionDays = int64(time.Until(req.ExpiresAt.AsTime()).Hours() / 24)
+		retentionDays = int64(time.Until(req.ExpiresAt.AsTime()).Hours() / 24)
 	}
 	// create or get artifact with name and path
-	artifact, err := actions.CreateArtifact(ctx, ctx.ActionTask, artifactName, artifactName+".zip", rententionDays)
+	artifact, err := actions.CreateArtifact(ctx, ctx.ActionTask, artifactName, artifactName+".zip", retentionDays)
 	if err != nil {
 		log.Error("Error create or get artifact: %v", err)
 		ctx.Error(http.StatusInternalServerError, "Error create or get artifact")
diff --git a/routers/api/v1/org/hook.go b/routers/api/v1/org/hook.go
index 5ddcf00233..aa0c51fa25 100644
--- a/routers/api/v1/org/hook.go
+++ b/routers/api/v1/org/hook.go
@@ -13,7 +13,7 @@ import (
 	webhook_service "forgejo.org/services/webhook"
 )
 
-// ListHooks list an organziation's webhooks
+// ListHooks list an organization's webhooks
 func ListHooks(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/hooks organization orgListHooks
 	// ---
diff --git a/routers/api/v1/repo/mirror.go b/routers/api/v1/repo/mirror.go
index 0ff8993b5a..834c1d20e3 100644
--- a/routers/api/v1/repo/mirror.go
+++ b/routers/api/v1/repo/mirror.go
@@ -357,7 +357,7 @@ func CreatePushMirror(ctx *context.APIContext, mirrorOption *api.CreatePushMirro
 	}
 
 	if mirrorOption.UseSSH && (mirrorOption.RemoteUsername != "" || mirrorOption.RemotePassword != "") {
-		ctx.Error(http.StatusBadRequest, "CreatePushMirror", "'use_ssh' is mutually exclusive with 'remote_username' and 'remote_passoword'")
+		ctx.Error(http.StatusBadRequest, "CreatePushMirror", "'use_ssh' is mutually exclusive with 'remote_username' and 'remote_password'")
 		return
 	}
 
diff --git a/routers/common/search.go b/routers/common/search.go
index 40189baee1..4cf37a006e 100644
--- a/routers/common/search.go
+++ b/routers/common/search.go
@@ -34,7 +34,7 @@ func InitCodeSearchOptions(ctx *context.Context) (opts CodeSearchOptions) {
 // Also sets the ctx.Data fields "CodeSearchMode" and "CodeSearchOptions"
 //
 // NOTE:
-// This is seperate from `InitCodeSearchOptions`
+// This is separate from `InitCodeSearchOptions`
 // since this is specific the indexer and only used
 // where git-grep is not available.
 func CodeSearchIndexerMode(ctx *context.Context) (mode code_indexer.SearchMode) {
diff --git a/routers/web/org/teams.go b/routers/web/org/teams.go
index 8e9d890a48..1785623855 100644
--- a/routers/web/org/teams.go
+++ b/routers/web/org/teams.go
@@ -313,7 +313,7 @@ func NewTeamPost(ctx *context.Context) {
 	unitPerms := getUnitPerms(ctx.Req.Form, p)
 	if p < perm.AccessModeAdmin {
 		// if p is less than admin accessmode, then it should be general accessmode,
-		// so we should calculate the minial accessmode from units accessmodes.
+		// so we should calculate the minimal accessmode from units accessmodes.
 		p = unit_model.MinUnitAccessMode(unitPerms)
 	}
 
@@ -480,7 +480,7 @@ func EditTeamPost(ctx *context.Context) {
 	unitPerms := getUnitPerms(ctx.Req.Form, newAccessMode)
 	if newAccessMode < perm.AccessModeAdmin {
 		// if newAccessMode is less than admin accessmode, then it should be general accessmode,
-		// so we should calculate the minial accessmode from units accessmodes.
+		// so we should calculate the minimal accessmode from units accessmodes.
 		newAccessMode = unit_model.MinUnitAccessMode(unitPerms)
 	}
 	isAuthChanged := false
diff --git a/routers/web/repo/editor.go b/routers/web/repo/editor.go
index ccbb3ac2eb..2948c1db3c 100644
--- a/routers/web/repo/editor.go
+++ b/routers/web/repo/editor.go
@@ -101,9 +101,9 @@ func getParentTreeFields(treePath string) (treeNames, treePaths []string) {
 }
 
 // getSelectableEmailAddresses returns which emails can be used by the user as
-// email for a Git commiter.
+// email for a Git committer.
 func getSelectableEmailAddresses(ctx *context.Context) ([]*user_model.ActivatedEmailAddress, error) {
-	// Retrieve emails that the user could use for commiter identity.
+	// Retrieve emails that the user could use for committer identity.
 	commitEmails, err := user_model.GetActivatedEmailAddresses(ctx, ctx.Doer.ID)
 	if err != nil {
 		return nil, fmt.Errorf("GetActivatedEmailAddresses: %w", err)
diff --git a/routers/web/repo/issue_dependency.go b/routers/web/repo/issue_dependency.go
index 3764a6bd7e..0d9595f2a4 100644
--- a/routers/web/repo/issue_dependency.go
+++ b/routers/web/repo/issue_dependency.go
@@ -119,7 +119,7 @@ func RemoveDependency(ctx *context.Context) {
 	case "blocking":
 		depType = issues_model.DependencyTypeBlocking
 	default:
-		ctx.Error(http.StatusBadRequest, "GetDependecyType")
+		ctx.Error(http.StatusBadRequest, "GetDependencyType")
 		return
 	}
 
diff --git a/routers/web/repo/middlewares.go b/routers/web/repo/middlewares.go
index 9aba447433..5fed4d937e 100644
--- a/routers/web/repo/middlewares.go
+++ b/routers/web/repo/middlewares.go
@@ -26,7 +26,7 @@ func SetEditorconfigIfExists(ctx *context.Context) {
 	if err != nil && !git.IsErrNotExist(err) {
 		description := fmt.Sprintf("Error while getting .editorconfig file: %v", err)
 		if err := system_model.CreateRepositoryNotice(description); err != nil {
-			ctx.ServerError("ErrCreatingReporitoryNotice", err)
+			ctx.ServerError("ErrCreatingRepositoryNotice", err)
 		}
 		return
 	}
diff --git a/routers/web/repo/patch.go b/routers/web/repo/patch.go
index 688ef19375..fe680d0ed6 100644
--- a/routers/web/repo/patch.go
+++ b/routers/web/repo/patch.go
@@ -87,7 +87,7 @@ func NewDiffPatchPost(ctx *context.Context) {
 		message += "\n\n" + form.CommitMessage
 	}
 
-	gitIdenitity := getGitIdentity(ctx, form.CommitMailID, tplPatchFile, &form)
+	gitIdentity := getGitIdentity(ctx, form.CommitMailID, tplPatchFile, &form)
 	if ctx.Written() {
 		return
 	}
@@ -98,8 +98,8 @@ func NewDiffPatchPost(ctx *context.Context) {
 		NewBranch:    branchName,
 		Message:      message,
 		Content:      strings.ReplaceAll(form.Content, "\r", ""),
-		Author:       gitIdenitity,
-		Committer:    gitIdenitity,
+		Author:       gitIdentity,
+		Committer:    gitIdentity,
 	})
 	if err != nil {
 		if git_model.IsErrBranchAlreadyExists(err) {
diff --git a/routers/web/repo/repo.go b/routers/web/repo/repo.go
index 493787ad8b..eca4c5f5e7 100644
--- a/routers/web/repo/repo.go
+++ b/routers/web/repo/repo.go
@@ -687,9 +687,9 @@ func SearchRepo(ctx *context.Context) {
 
 	ctx.SetTotalCountHeader(count)
 
-	latestCommitStatuses, err := commitstatus_service.FindReposLastestCommitStatuses(ctx, repos)
+	latestCommitStatuses, err := commitstatus_service.FindReposLatestCommitStatuses(ctx, repos)
 	if err != nil {
-		log.Error("FindReposLastestCommitStatuses: %v", err)
+		log.Error("FindReposLatestCommitStatuses: %v", err)
 		ctx.JSON(http.StatusInternalServerError, nil)
 		return
 	}
diff --git a/routers/web/repo/setting/setting.go b/routers/web/repo/setting/setting.go
index 7047af9196..f7d0348634 100644
--- a/routers/web/repo/setting/setting.go
+++ b/routers/web/repo/setting/setting.go
@@ -99,7 +99,7 @@ func SettingsCtxData(ctx *context.Context) {
 	ctx.Data["CanUseSSHMirroring"] = git.HasSSHExecutable
 }
 
-// Units show a repositorys unit settings page
+// Units show a repository's unit settings page
 func Units(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("repo.settings.units.units")
 	ctx.Data["PageIsRepoSettingsUnits"] = true
diff --git a/services/actions/log_test.go b/services/actions/log_test.go
index c6debac5c0..51fee87b51 100644
--- a/services/actions/log_test.go
+++ b/services/actions/log_test.go
@@ -65,7 +65,7 @@ func TestServicesActions_transferLingeringLogs(t *testing.T) {
 		unittest.AssertNotExistsBean(t, &dbfs_model.DbfsMeta{ID: lingeringLogID})
 	}
 
-	// third pass is happilly doing nothing
+	// third pass is happily doing nothing
 	require.NoError(t, transferLingeringLogs(t.Context(), transferLingeringLogsOpts(now)))
 
 	// verify the tasks that are not to be garbage collected are still present
diff --git a/services/actions/run.go b/services/actions/run.go
index 64228938f8..ed795f2a63 100644
--- a/services/actions/run.go
+++ b/services/actions/run.go
@@ -163,7 +163,7 @@ func checkJobWillRevisit(ctx context.Context, job *actions_model.ActionRunJob) (
 }
 
 func checkJobRunsOnStaticMatrixError(ctx context.Context, job *actions_model.ActionRunJob) (bool, error) {
-	// If a job has a `runs-on` field that references a matrix dimension like `runs-on: ${{ matrix.platorm }}`, and
+	// If a job has a `runs-on` field that references a matrix dimension like `runs-on: ${{ matrix.platform }}`, and
 	// `platform` is not part of the job's matrix at all, then it will be tagged as `HasIncompleteRunsOn` and will be
 	// blocked forever.  This only applies if the matrix is static -- that is, the job isn't also tagged
 	// `HasIncompleteMatrix` and the matrix is yet to be fully defined.
diff --git a/services/actions/task.go b/services/actions/task.go
index 7b4e32571d..bbe17ac8b3 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -195,11 +195,11 @@ func UpdateTaskByState(ctx context.Context, runnerID int64, state *runnerv1.Task
 		stepStates[v.Id] = v
 	}
 
-	ctx, commiter, err := db.TxContext(ctx)
+	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return nil, err
 	}
-	defer commiter.Close()
+	defer committer.Close()
 
 	e := db.GetEngine(ctx)
 
@@ -262,7 +262,7 @@ func UpdateTaskByState(ctx context.Context, runnerID int64, state *runnerv1.Task
 		}
 	}
 
-	if err := commiter.Commit(); err != nil {
+	if err := committer.Commit(); err != nil {
 		return nil, err
 	}
 
diff --git a/services/agit/agit.go b/services/agit/agit.go
index 8ef641629a..01fc4bc168 100644
--- a/services/agit/agit.go
+++ b/services/agit/agit.go
@@ -59,7 +59,7 @@ func ProcReceive(ctx context.Context, repo *repo_model.Repository, gitRepo *git.
 
 		// Get the anything after the refs/for/ prefix.
 		baseBranchName := opts.RefFullNames[i].ForBranchName()
-		curentTopicBranch := topicBranch
+		currentTopicBranch := topicBranch
 
 		// If the reference was given in the format of refs/for/<target-branch>/<topic-branch>,
 		// where <target-branch> and <topic-branch> can contain slashes, we need to iteratively
@@ -67,14 +67,14 @@ func ProcReceive(ctx context.Context, repo *repo_model.Repository, gitRepo *git.
 		if !gitRepo.IsBranchExist(baseBranchName) {
 			for p, v := range baseBranchName {
 				if v == '/' && gitRepo.IsBranchExist(baseBranchName[:p]) && p != len(baseBranchName)-1 {
-					curentTopicBranch = baseBranchName[p+1:]
+					currentTopicBranch = baseBranchName[p+1:]
 					baseBranchName = baseBranchName[:p]
 					break
 				}
 			}
 		}
 
-		if len(curentTopicBranch) == 0 {
+		if len(currentTopicBranch) == 0 {
 			results = append(results, private.HookProcReceiveRefResult{
 				OriginalRef: opts.RefFullNames[i],
 				OldOID:      opts.OldCommitIDs[i],
@@ -86,10 +86,10 @@ func ProcReceive(ctx context.Context, repo *repo_model.Repository, gitRepo *git.
 
 		// Include the user's name in the head branch, to avoid conflicts
 		// with other users.
-		headBranch := curentTopicBranch
+		headBranch := currentTopicBranch
 		userName := strings.ToLower(opts.UserName)
-		if !strings.HasPrefix(curentTopicBranch, userName+"/") {
-			headBranch = userName + "/" + curentTopicBranch
+		if !strings.HasPrefix(currentTopicBranch, userName+"/") {
+			headBranch = userName + "/" + currentTopicBranch
 		}
 
 		// Check if a AGit pull request already exist for this branch.
diff --git a/services/auth/source/ldap/source_search.go b/services/auth/source/ldap/source_search.go
index 4f0b55da5b..c5dba4083a 100644
--- a/services/auth/source/ldap/source_search.go
+++ b/services/auth/source/ldap/source_search.go
@@ -324,7 +324,7 @@ func (source *Source) SearchEntry(name, passwd string, directBind bool) *SearchR
 	}
 
 	isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
-	isAtributeAvatarSet := len(strings.TrimSpace(source.AttributeAvatar)) > 0
+	isAttributeAvatarSet := len(strings.TrimSpace(source.AttributeAvatar)) > 0
 
 	attribs := []string{source.AttributeUsername, source.AttributeName, source.AttributeSurname, source.AttributeMail}
 	if len(strings.TrimSpace(source.UserUID)) > 0 {
@@ -333,7 +333,7 @@ func (source *Source) SearchEntry(name, passwd string, directBind bool) *SearchR
 	if isAttributeSSHPublicKeySet {
 		attribs = append(attribs, source.AttributeSSHPublicKey)
 	}
-	if isAtributeAvatarSet {
+	if isAttributeAvatarSet {
 		attribs = append(attribs, source.AttributeAvatar)
 	}
 
@@ -375,7 +375,7 @@ func (source *Source) SearchEntry(name, passwd string, directBind bool) *SearchR
 		isRestricted = checkRestricted(l, source, userDN)
 	}
 
-	if isAtributeAvatarSet {
+	if isAttributeAvatarSet {
 		Avatar = sr.Entries[0].GetRawAttributeValue(source.AttributeAvatar)
 	}
 
@@ -442,13 +442,13 @@ func (source *Source) SearchEntries() ([]*SearchResult, error) {
 	userFilter := fmt.Sprintf(source.Filter, "*")
 
 	isAttributeSSHPublicKeySet := len(strings.TrimSpace(source.AttributeSSHPublicKey)) > 0
-	isAtributeAvatarSet := len(strings.TrimSpace(source.AttributeAvatar)) > 0
+	isAttributeAvatarSet := len(strings.TrimSpace(source.AttributeAvatar)) > 0
 
 	attribs := []string{source.AttributeUsername, source.AttributeName, source.AttributeSurname, source.AttributeMail, source.UserUID}
 	if isAttributeSSHPublicKeySet {
 		attribs = append(attribs, source.AttributeSSHPublicKey)
 	}
-	if isAtributeAvatarSet {
+	if isAttributeAvatarSet {
 		attribs = append(attribs, source.AttributeAvatar)
 	}
 
@@ -504,7 +504,7 @@ func (source *Source) SearchEntries() ([]*SearchResult, error) {
 			user.SSHPublicKey = v.GetAttributeValues(source.AttributeSSHPublicKey)
 		}
 
-		if isAtributeAvatarSet {
+		if isAttributeAvatarSet {
 			user.Avatar = v.GetRawAttributeValue(source.AttributeAvatar)
 		}
 
diff --git a/services/context/api.go b/services/context/api.go
index be8d5ae724..14708147ad 100644
--- a/services/context/api.go
+++ b/services/context/api.go
@@ -469,7 +469,7 @@ func (ctx *APIContext) IsUserRepoWriter(unitTypes []unit.Type) bool {
 
 // Returns true when the requests indicates that it accepts a Github response.
 // This should be used to return information in the way that the Github API
-// specifies it. Avoids breaking compatability with non-Github API clients.
+// specifies it. Avoids breaking compatibility with non-Github API clients.
 func (ctx *APIContext) AcceptsGithubResponse() bool {
 	return ctx.Req.Header.Get("Accept") == "application/vnd.github+json"
 }
diff --git a/services/doctor/lfs.go b/services/doctor/lfs.go
index fe858605f4..35a02b6cf0 100644
--- a/services/doctor/lfs.go
+++ b/services/doctor/lfs.go
@@ -44,7 +44,7 @@ func garbageCollectLFSCheck(ctx context.Context, logger log.Logger, autofix bool
 		OlderThan: time.Now().Add(-24 * time.Hour * 7),
 		// We don't set the UpdatedLessRecentlyThan because we want to do a full GC
 	}); err != nil {
-		logger.Error("Couldn't garabage collect LFS objects: %v", err)
+		logger.Error("Couldn't garbage collect LFS objects: %v", err)
 		return err
 	}
 
diff --git a/services/feed/action_test.go b/services/feed/action_test.go
index 51df063c52..589c554bdc 100644
--- a/services/feed/action_test.go
+++ b/services/feed/action_test.go
@@ -195,12 +195,12 @@ func TestAbbreviatedComment(t *testing.T) {
 			expected: "First line of comment",
 		},
 		{
-			name:     "before clip boundry",
+			name:     "before clip boundary",
 			input:    strings.Repeat("abc ", 50),
 			expected: strings.Repeat("abc ", 50),
 		},
 		{
-			name:     "after clip boundry",
+			name:     "after clip boundary",
 			input:    strings.Repeat("abc ", 51),
 			expected: "abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc abc…",
 		},
diff --git a/services/gitdiff/gitdiff.go b/services/gitdiff/gitdiff.go
index ae878a6b69..8226aae6ac 100644
--- a/services/gitdiff/gitdiff.go
+++ b/services/gitdiff/gitdiff.go
@@ -176,7 +176,7 @@ func (d *DiffLine) GetExpandDirection() DiffLineExpandDirection {
 }
 
 func getDiffLineSectionInfo(treePath, line string, lastLeftIdx, lastRightIdx int) *DiffLineSectionInfo {
-	leftLine, leftHunk, rightLine, righHunk := git.ParseDiffHunkString(line)
+	leftLine, leftHunk, rightLine, rightHunk := git.ParseDiffHunkString(line)
 
 	return &DiffLineSectionInfo{
 		Path:          treePath,
@@ -185,7 +185,7 @@ func getDiffLineSectionInfo(treePath, line string, lastLeftIdx, lastRightIdx int
 		LeftIdx:       leftLine,
 		RightIdx:      rightLine,
 		LeftHunkSize:  leftHunk,
-		RightHunkSize: righHunk,
+		RightHunkSize: rightHunk,
 	}
 }
 
diff --git a/services/issue/assignee.go b/services/issue/assignee.go
index a5f9c2731f..2d8700213e 100644
--- a/services/issue/assignee.go
+++ b/services/issue/assignee.go
@@ -20,10 +20,10 @@ import (
 // DeleteNotPassedAssignee deletes all assignees who aren't passed via the "assignees" array
 func DeleteNotPassedAssignee(ctx context.Context, issue *issues_model.Issue, doer *user_model.User, assignees []*user_model.User) (err error) {
 	var found bool
-	oriAssignes := make([]*user_model.User, len(issue.Assignees))
-	_ = copy(oriAssignes, issue.Assignees)
+	oriAssignees := make([]*user_model.User, len(issue.Assignees))
+	_ = copy(oriAssignees, issue.Assignees)
 
-	for _, assignee := range oriAssignes {
+	for _, assignee := range oriAssignees {
 		found = false
 		for _, alreadyAssignee := range assignees {
 			if assignee.ID == alreadyAssignee.ID {
@@ -230,12 +230,12 @@ func TeamReviewRequest(ctx context.Context, issue *issues_model.Issue, doer *use
 	return comment, teamReviewRequestNotify(ctx, issue, doer, reviewer, isAdd, comment)
 }
 
-func ReviewRequestNotify(ctx context.Context, issue *issues_model.Issue, doer *user_model.User, reviewNotifers []*ReviewRequestNotifier) {
-	for _, reviewNotifer := range reviewNotifers {
-		if reviewNotifer.Reviewer != nil {
-			notify_service.PullRequestReviewRequest(ctx, issue.Poster, issue, reviewNotifer.Reviewer, reviewNotifer.IsAdd, reviewNotifer.Comment)
-		} else if reviewNotifer.ReviewTeam != nil {
-			if err := teamReviewRequestNotify(ctx, issue, issue.Poster, reviewNotifer.ReviewTeam, reviewNotifer.IsAdd, reviewNotifer.Comment); err != nil {
+func ReviewRequestNotify(ctx context.Context, issue *issues_model.Issue, doer *user_model.User, reviewNotifiers []*ReviewRequestNotifier) {
+	for _, reviewNotifier := range reviewNotifiers {
+		if reviewNotifier.Reviewer != nil {
+			notify_service.PullRequestReviewRequest(ctx, issue.Poster, issue, reviewNotifier.Reviewer, reviewNotifier.IsAdd, reviewNotifier.Comment)
+		} else if reviewNotifier.ReviewTeam != nil {
+			if err := teamReviewRequestNotify(ctx, issue, issue.Poster, reviewNotifier.ReviewTeam, reviewNotifier.IsAdd, reviewNotifier.Comment); err != nil {
 				log.Error("teamReviewRequestNotify: %v", err)
 			}
 		}
diff --git a/services/issue/issue.go b/services/issue/issue.go
index 67ca8a436d..9dfbd903b6 100644
--- a/services/issue/issue.go
+++ b/services/issue/issue.go
@@ -85,17 +85,17 @@ func ChangeTitle(ctx context.Context, issue *issues_model.Issue, doer *user_mode
 		return err
 	}
 
-	var reviewNotifers []*ReviewRequestNotifier
+	var reviewNotifiers []*ReviewRequestNotifier
 	if issue.IsPull && issues_model.HasWorkInProgressPrefix(oldTitle) && !issues_model.HasWorkInProgressPrefix(title) {
 		var err error
-		reviewNotifers, err = PullRequestCodeOwnersReview(ctx, issue, issue.PullRequest)
+		reviewNotifiers, err = PullRequestCodeOwnersReview(ctx, issue, issue.PullRequest)
 		if err != nil {
 			log.Error("PullRequestCodeOwnersReview: %v", err)
 		}
 	}
 
 	notify_service.IssueChangeTitle(ctx, doer, issue, oldTitle)
-	ReviewRequestNotify(ctx, issue, issue.Poster, reviewNotifers)
+	ReviewRequestNotify(ctx, issue, issue.Poster, reviewNotifiers)
 
 	return nil
 }
diff --git a/services/migrations/main_test.go b/services/migrations/main_test.go
index d543bd6d9c..02282d5266 100644
--- a/services/migrations/main_test.go
+++ b/services/migrations/main_test.go
@@ -225,7 +225,7 @@ func assertRepositoryEqual(t *testing.T, expected, actual *base.Repository) {
 
 func assertReviewEqual(t *testing.T, expected, actual *base.Review) {
 	assert.Equal(t, expected.ID, actual.ID, "ID")
-	assert.Equal(t, expected.IssueIndex, actual.IssueIndex, "IsssueIndex")
+	assert.Equal(t, expected.IssueIndex, actual.IssueIndex, "IssueIndex")
 	assert.Equal(t, expected.ReviewerID, actual.ReviewerID, "ReviewerID")
 	assert.Equal(t, expected.ReviewerName, actual.ReviewerName, "ReviewerName")
 	assert.Equal(t, expected.Official, actual.Official, "Official")
diff --git a/services/org/org.go b/services/org/org.go
index b1bbe43046..ad87e0c381 100644
--- a/services/org/org.go
+++ b/services/org/org.go
@@ -20,11 +20,11 @@ import (
 
 // DeleteOrganization completely and permanently deletes everything of organization.
 func DeleteOrganization(ctx context.Context, org *org_model.Organization, purge bool) error {
-	ctx, commiter, err := db.TxContext(ctx)
+	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return err
 	}
-	defer commiter.Close()
+	defer committer.Close()
 
 	if purge {
 		err := repo_service.DeleteOwnerRepositoriesDirectly(ctx, org.AsUser())
@@ -52,7 +52,7 @@ func DeleteOrganization(ctx context.Context, org *org_model.Organization, purge
 		return fmt.Errorf("DeleteOrganization: %w", err)
 	}
 
-	if err := commiter.Commit(); err != nil {
+	if err := committer.Commit(); err != nil {
 		return err
 	}
 
diff --git a/services/packages/container/blob_uploader.go b/services/packages/container/blob_uploader.go
index ffc47f3853..61e49c2f8f 100644
--- a/services/packages/container/blob_uploader.go
+++ b/services/packages/container/blob_uploader.go
@@ -18,8 +18,8 @@ import (
 var (
 	// errWriteAfterRead occurs if Write is called after a read operation
 	errWriteAfterRead = errors.New("write is unsupported after a read operation")
-	// errOffsetMissmatch occurs if the file offset is different than the model
-	errOffsetMissmatch = errors.New("offset mismatch between file and model")
+	// errOffsetMismatch occurs if the file offset is different than the model
+	errOffsetMismatch = errors.New("offset mismatch between file and model")
 )
 
 // BlobUploader handles chunked blob uploads
@@ -77,7 +77,7 @@ func (u *BlobUploader) Append(ctx context.Context, r io.Reader) error {
 		return err
 	}
 	if offset != u.BytesReceived {
-		return errOffsetMissmatch
+		return errOffsetMismatch
 	}
 
 	n, err := io.Copy(io.MultiWriter(u.file, u.MultiHasher), r)
diff --git a/services/pull/patch.go b/services/pull/patch.go
index 89581c916b..54dcb3ce04 100644
--- a/services/pull/patch.go
+++ b/services/pull/patch.go
@@ -107,7 +107,7 @@ func (t *testPatchContext) LoadHeadRevision(ctx context.Context, pr *issues_mode
 
 // getTestPatchCtx constructs a new testpatch context for the given pull request.
 // If `onBare` is true, then the context will use the base repository that does
-// not contain a working tree. Otherwise a temprorary repository is created that
+// not contain a working tree. Otherwise a temporary repository is created that
 // contains a working tree.
 func getTestPatchCtx(ctx context.Context, pr *issues_model.PullRequest, onBare bool) (*testPatchContext, error) {
 	testPatchCtx := &testPatchContext{
@@ -419,7 +419,7 @@ func MergeTree(ctx context.Context, gitRepo *git.Repository, base, ours, theirs
 		return treeOID, git.IsErrorExitCode(gitErr, 1), nil, nil
 	}
 
-	// Remove last NULL-byte from conflicted file info, then split with NULL byte as seperator.
+	// Remove last NULL-byte from conflicted file info, then split with NULL byte as separator.
 	return treeOID, true, strings.Split(conflictedFileInfo[:len(conflictedFileInfo)-1], "\x00"), nil
 }
 
diff --git a/services/pull/pull.go b/services/pull/pull.go
index 640523db30..9cb957d021 100644
--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@@ -64,7 +64,7 @@ func NewPullRequest(ctx context.Context, repo *repo_model.Repository, issue *iss
 	}
 	defer baseGitRepo.Close()
 
-	var reviewNotifers []*issue_service.ReviewRequestNotifier
+	var reviewNotifiers []*issue_service.ReviewRequestNotifier
 	if err := db.WithTx(ctx, func(ctx context.Context) error {
 		if err := issues_model.NewPullRequest(ctx, repo, issue, labelIDs, uuids, pr); err != nil {
 			return err
@@ -124,7 +124,7 @@ func NewPullRequest(ctx context.Context, repo *repo_model.Repository, issue *iss
 		}
 
 		if !pr.IsWorkInProgress(ctx) {
-			reviewNotifers, err = issue_service.PullRequestCodeOwnersReview(ctx, issue, pr)
+			reviewNotifiers, err = issue_service.PullRequestCodeOwnersReview(ctx, issue, pr)
 			if err != nil {
 				return err
 			}
@@ -139,7 +139,7 @@ func NewPullRequest(ctx context.Context, repo *repo_model.Repository, issue *iss
 	}
 	baseGitRepo.Close() // close immediately to avoid notifications will open the repository again
 
-	issue_service.ReviewRequestNotify(ctx, issue, issue.Poster, reviewNotifers)
+	issue_service.ReviewRequestNotify(ctx, issue, issue.Poster, reviewNotifiers)
 
 	mentions, err := issues_model.FindAndUpdateIssueMentions(ctx, issue, issue.Poster, issue.Content)
 	if err != nil {
diff --git a/services/remote/promote.go b/services/remote/promote.go
index f37d00168c..7e782c8ad2 100644
--- a/services/remote/promote.go
+++ b/services/remote/promote.go
@@ -53,7 +53,7 @@ func getUsersByLoginName(ctx context.Context, name string) ([]*user_model.User,
 // The remote user has:
 //
 //	Type        UserTypeRemoteUser
-//	LogingType  Remote
+//	LoginType   Remote
 //	LoginName   set to the unique identifier of the originating authentication source
 //	LoginSource set to the Remote source that can be matched against an OAuth2 source
 //
diff --git a/services/repository/commitstatus/commitstatus.go b/services/repository/commitstatus/commitstatus.go
index 03a62d0410..23b4a6a132 100644
--- a/services/repository/commitstatus/commitstatus.go
+++ b/services/repository/commitstatus/commitstatus.go
@@ -22,8 +22,8 @@ import (
 	shared_automerge "forgejo.org/services/shared/automerge"
 )
 
-func getCacheKey(repoID int64, brancheName string) string {
-	hashBytes := sha256.Sum256([]byte(fmt.Sprintf("%d:%s", repoID, brancheName)))
+func getCacheKey(repoID int64, branchName string) string {
+	hashBytes := sha256.Sum256([]byte(fmt.Sprintf("%d:%s", repoID, branchName)))
 	return fmt.Sprintf("commit_status:%x", hashBytes)
 }
 
@@ -125,8 +125,8 @@ func CreateCommitStatus(ctx context.Context, repo *repo_model.Repository, creato
 	return nil
 }
 
-// FindReposLastestCommitStatuses loading repository default branch latest combined commit status with cache
-func FindReposLastestCommitStatuses(ctx context.Context, repos []*repo_model.Repository) ([]*git_model.CommitStatus, error) {
+// FindReposLatestCommitStatuses loading repository default branch latest combined commit status with cache
+func FindReposLatestCommitStatuses(ctx context.Context, repos []*repo_model.Repository) ([]*git_model.CommitStatus, error) {
 	if len(repos) == 0 {
 		return nil, nil
 	}
diff --git a/services/repository/generate_test.go b/services/repository/generate_test.go
index 2eb3a55e96..da937c5be5 100644
--- a/services/repository/generate_test.go
+++ b/services/repository/generate_test.go
@@ -84,10 +84,10 @@ func TestTransformers(t *testing.T) {
 
 	for i, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			tranform := defaultTransformers[i]
-			assert.Equal(t, tt.name, tranform.Name)
+			transform := defaultTransformers[i]
+			assert.Equal(t, tt.name, transform.Name)
 
-			got := tranform.Transform(input)
+			got := transform.Transform(input)
 			assert.Equal(t, tt.expected, got)
 		})
 	}
diff --git a/services/stats/stats_test.go b/services/stats/stats_test.go
index 46faf2e461..cf86eeaf10 100644
--- a/services/stats/stats_test.go
+++ b/services/stats/stats_test.go
@@ -53,8 +53,8 @@ func TestQueueUnique(t *testing.T) {
 	})
 
 	// Queue object with the same value multiple times... this test works OK with just 3 items, but with the queue
-	// processing happening in tha background it's possible that multiple invocations of the registered function can
-	// happen.  So we'll test this by queuing a large number and ensuring that recalcs occured less -- usually much
+	// processing happening in the background it's possible that multiple invocations of the registered function can
+	// happen.  So we'll test this by queuing a large number and ensuring that recalcs occurred less -- usually much
 	// less, like once or twice.
 	for range 300 {
 		safePush(t.Context(), recalcRequest{
diff --git a/services/user/user.go b/services/user/user.go
index 9cb6858f0c..020d68d432 100644
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -182,7 +182,7 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 		return err
 	}
 
-	hasPrincipialSSHKey, err := db.GetEngine(ctx).Where("owner_id = ? AND type = ?", u.ID, asymkey_model.KeyTypePrincipal).Table("public_key").Exist()
+	hasPrincipalSSHKey, err := db.GetEngine(ctx).Where("owner_id = ? AND type = ?", u.ID, asymkey_model.KeyTypePrincipal).Table("public_key").Exist()
 	if err != nil {
 		return err
 	}
@@ -322,7 +322,7 @@ func DeleteUser(ctx context.Context, u *user_model.User, purge bool) error {
 		}
 	}
 
-	if hasPrincipialSSHKey {
+	if hasPrincipalSSHKey {
 		if err = asymkey_model.RewriteAllPrincipalKeys(ctx); err != nil {
 			return err
 		}
diff --git a/services/user/user_test.go b/services/user/user_test.go
index 673377fcb7..55e2d3bd99 100644
--- a/services/user/user_test.go
+++ b/services/user/user_test.go
@@ -360,7 +360,7 @@ func TestDeleteInactiveUsers(t *testing.T) {
 	unittest.AssertExistsIf(t, false, oldUser)
 	unittest.AssertExistsIf(t, false, oldEmail)
 
-	// User not older than a minute shouldn't be deleted and their emaill address should still exist.
+	// User not older than a minute shouldn't be deleted and their email address should still exist.
 	unittest.AssertExistsIf(t, true, newUser)
 	unittest.AssertExistsIf(t, true, newEmail)
 }
diff --git a/tests/e2e/org-settings.test.e2e.ts b/tests/e2e/org-settings.test.e2e.ts
index f0e89e0343..88b17a8755 100644
--- a/tests/e2e/org-settings.test.e2e.ts
+++ b/tests/e2e/org-settings.test.e2e.ts
@@ -50,7 +50,7 @@ test('org add and remove team repositories', async ({page}) => {
   await page.getByRole('button', {name: 'Add all'}).click();
   await expect(page.locator('#addall-repos-modal')).toBeVisible();
   await screenshot(page, page.locator('#addall-repos-modal'));
-  // Addd all repositories.
+  // Add all repositories.
   await page.getByRole('button', {name: 'Yes'}).click();
 
   // Check that there are three repositories.
diff --git a/tests/e2e/repo-migrate.test.e2e.ts b/tests/e2e/repo-migrate.test.e2e.ts
index be9c200659..aba1e6e18e 100644
--- a/tests/e2e/repo-migrate.test.e2e.ts
+++ b/tests/e2e/repo-migrate.test.e2e.ts
@@ -8,7 +8,7 @@ import {screenshot} from './shared/screenshots.ts';
 
 test.use({user: 'user2'});
 
-test('Migration type seleciton screen', async ({page}) => {
+test('Migration type selection screen', async ({page}) => {
   await page.goto('/repo/migrate');
 
   // For branding purposes, it is desired that `gitea-` prefixes in SVGs are
diff --git a/tests/integration/api_gpg_keys_test.go b/tests/integration/api_gpg_keys_test.go
index cec5d45bd2..61e8e5e92d 100644
--- a/tests/integration/api_gpg_keys_test.go
+++ b/tests/integration/api_gpg_keys_test.go
@@ -72,8 +72,8 @@ func TestGPGKeys(t *testing.T) {
 			t.Run("CreateInvalidGPGKey", func(t *testing.T) {
 				testCreateInvalidGPGKey(t, tc.makeRequest, tc.token, tc.results[4])
 			})
-			t.Run("CreateNoneRegistredEmailGPGKey", func(t *testing.T) {
-				testCreateNoneRegistredEmailGPGKey(t, tc.makeRequest, tc.token, tc.results[5])
+			t.Run("CreateNoneRegisteredEmailGPGKey", func(t *testing.T) {
+				testCreateNoneRegisteredEmailGPGKey(t, tc.makeRequest, tc.token, tc.results[5])
 			})
 			t.Run("CreateValidGPGKey", func(t *testing.T) {
 				testCreateValidGPGKey(t, tc.makeRequest, tc.token, tc.results[6])
@@ -188,7 +188,7 @@ func testCreateInvalidGPGKey(t *testing.T, makeRequest makeRequestFunc, token st
 	testCreateGPGKey(t, makeRequest, token, expected, "invalid_key")
 }
 
-func testCreateNoneRegistredEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
+func testCreateNoneRegisteredEmailGPGKey(t *testing.T, makeRequest makeRequestFunc, token string, expected int) {
 	testCreateGPGKey(t, makeRequest, token, expected, `-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQENBFmGUygBCACjCNbKvMGgp0fd5vyFW9olE1CLCSyyF9gQN2hSuzmZLuAZF2Kh
diff --git a/tests/integration/api_notification_test.go b/tests/integration/api_notification_test.go
index 9f5c5394e5..01dcd839a5 100644
--- a/tests/integration/api_notification_test.go
+++ b/tests/integration/api_notification_test.go
@@ -202,7 +202,7 @@ func TestAPINotificationPUT(t *testing.T) {
 	assert.False(t, apiNL[0].Pinned)
 
 	//
-	// Now nofication ID 2 is the first in the list and is unread.
+	// Now notification ID 2 is the first in the list and is unread.
 	//
 	req = NewRequest(t, "GET", "/api/v1/notifications?all=true").
 		AddTokenAuth(token)
diff --git a/tests/integration/api_packages_test.go b/tests/integration/api_packages_test.go
index 0c616496ff..e79f977c86 100644
--- a/tests/integration/api_packages_test.go
+++ b/tests/integration/api_packages_test.go
@@ -742,7 +742,7 @@ func TestPackageWithTwoFactor(t *testing.T) {
 			return passcode
 		}()
 
-		url := fmt.Sprintf("/api/v1/packages/%s", normalUser.Name) // a public packge to test
+		url := fmt.Sprintf("/api/v1/packages/%s", normalUser.Name) // a public package to test
 		req := NewRequest(t, "GET", url)
 		if doer != nil {
 			req.AddBasicAuth(doer.Name)
diff --git a/tests/integration/api_push_mirror_test.go b/tests/integration/api_push_mirror_test.go
index 14af184048..b31c5cc766 100644
--- a/tests/integration/api_push_mirror_test.go
+++ b/tests/integration/api_push_mirror_test.go
@@ -336,7 +336,7 @@ func TestAPIPushMirrorSSH(t *testing.T) {
 
 			var apiError api.APIError
 			DecodeJSON(t, resp, &apiError)
-			assert.Equal(t, "'use_ssh' is mutually exclusive with 'remote_username' and 'remote_passoword'", apiError.Message)
+			assert.Equal(t, "'use_ssh' is mutually exclusive with 'remote_username' and 'remote_password'", apiError.Message)
 		})
 
 		t.Run("SSH not available", func(t *testing.T) {
diff --git a/tests/integration/api_repo_activities_test.go b/tests/integration/api_repo_activities_test.go
index ea966c1cfe..08e10ad79e 100644
--- a/tests/integration/api_repo_activities_test.go
+++ b/tests/integration/api_repo_activities_test.go
@@ -17,7 +17,7 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func TestAPIRepoActivitiyFeeds(t *testing.T) {
+func TestAPIRepoActivityFeeds(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
diff --git a/tests/integration/api_repo_tags_test.go b/tests/integration/api_repo_tags_test.go
index 374777f48c..c1ce91f5fd 100644
--- a/tests/integration/api_repo_tags_test.go
+++ b/tests/integration/api_repo_tags_test.go
@@ -174,7 +174,7 @@ func TestAPIRepoTagDeleteProtection(t *testing.T) {
 	require.Equal(t, "v1.1", tags[0].Name)
 
 	// Create a tag protection rule for the repo so that `user2` cannot create/remove tags, even if they have write
-	// perms to the repo... which they do becase they own it.
+	// perms to the repo... which they do because they own it.
 	req = NewRequestWithJSON(t, "POST",
 		fmt.Sprintf("/api/v1/repos/%s/%s/tag_protections", user.Name, repoName),
 		&api.CreateTagProtectionOption{
diff --git a/tests/integration/api_token_test.go b/tests/integration/api_token_test.go
index 206887ba08..2beadfacc2 100644
--- a/tests/integration/api_token_test.go
+++ b/tests/integration/api_token_test.go
@@ -535,10 +535,10 @@ func runTestCase(t *testing.T, testCase *requiredScopeTestCase, user *user_model
 			if unauthorizedLevel == auth_model.NoAccess {
 				continue
 			}
-			cateogoryUnauthorizedScopes := auth_model.GetRequiredScopes(
+			categoryUnauthorizedScopes := auth_model.GetRequiredScopes(
 				unauthorizedLevel,
 				category)
-			unauthorizedScopes = append(unauthorizedScopes, cateogoryUnauthorizedScopes...)
+			unauthorizedScopes = append(unauthorizedScopes, categoryUnauthorizedScopes...)
 		}
 
 		accessToken := createAPIAccessTokenWithoutCleanUp(t, "test-token", user, unauthorizedScopes)
diff --git a/tests/integration/api_user_org_perm_test.go b/tests/integration/api_user_org_perm_test.go
index 9a09a34087..fdc954c453 100644
--- a/tests/integration/api_user_org_perm_test.go
+++ b/tests/integration/api_user_org_perm_test.go
@@ -123,28 +123,28 @@ func TestCanReadUser(t *testing.T) {
 	})
 }
 
-func TestUnknowUser(t *testing.T) {
+func TestUnknownUser(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	session := loginUser(t, "user1")
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadOrganization)
 
-	req := NewRequest(t, "GET", "/api/v1/users/unknow/orgs/org25/permissions").
+	req := NewRequest(t, "GET", "/api/v1/users/unknown/orgs/org25/permissions").
 		AddTokenAuth(token)
 	resp := MakeRequest(t, req, http.StatusNotFound)
 
 	var apiError api.APIError
 	DecodeJSON(t, resp, &apiError)
-	assert.Equal(t, "user redirect does not exist [name: unknow]", apiError.Message)
+	assert.Equal(t, "user redirect does not exist [name: unknown]", apiError.Message)
 }
 
-func TestUnknowOrganization(t *testing.T) {
+func TestUnknownOrganization(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	session := loginUser(t, "user1")
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadOrganization)
 
-	req := NewRequest(t, "GET", "/api/v1/users/user1/orgs/unknow/permissions").
+	req := NewRequest(t, "GET", "/api/v1/users/user1/orgs/unknown/permissions").
 		AddTokenAuth(token)
 	resp := MakeRequest(t, req, http.StatusNotFound)
 	var apiError api.APIError
diff --git a/tests/integration/auth_token_test.go b/tests/integration/auth_token_test.go
index f22b966cb7..7263488b2e 100644
--- a/tests/integration/auth_token_test.go
+++ b/tests/integration/auth_token_test.go
@@ -136,8 +136,8 @@ func TestLTAExpiry(t *testing.T) {
 
 	sess := loginUserWithPasswordRemember(t, user.Name, userPassword, true)
 
-	ltaCookieValie := GetLTACookieValue(t, sess)
-	lookupKey, _, found := strings.Cut(ltaCookieValie, ":")
+	ltaCookieValue := GetLTACookieValue(t, sess)
+	lookupKey, _, found := strings.Cut(ltaCookieValue, ":")
 	assert.True(t, found)
 
 	// Ensure it's not expired.
diff --git a/tests/integration/feed_user_test.go b/tests/integration/feed_user_test.go
index c914e15f69..2bc9e99290 100644
--- a/tests/integration/feed_user_test.go
+++ b/tests/integration/feed_user_test.go
@@ -76,7 +76,7 @@ func TestFeed(t *testing.T) {
 				data := resp.Body.String()
 				assert.Contains(t, data, `<feed xmlns="http://www.w3.org/2005/Atom"`)
 				assert.Contains(t, data, "This is a very long text, so lets scream together: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
-				assert.Contains(t, data, "Well, this test is short | succient | distinct.")
+				assert.Contains(t, data, "Well, this test is short | succinct | distinct.")
 			})
 			t.Run("RSS", func(t *testing.T) {
 				defer tests.PrintCurrentTest(t)()
@@ -87,7 +87,7 @@ func TestFeed(t *testing.T) {
 				data := resp.Body.String()
 				assert.Contains(t, data, `<rss version="2.0"`)
 				assert.Contains(t, data, "This is a very long text, so lets scream together: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")
-				assert.Contains(t, data, "Well, this test is short | succient | distinct.")
+				assert.Contains(t, data, "Well, this test is short | succinct | distinct.")
 			})
 		})
 		t.Run("Branch", func(t *testing.T) {
diff --git a/tests/integration/fixtures/TestFeed/action.yml b/tests/integration/fixtures/TestFeed/action.yml
index 9b7453b4ad..160f7cb63a 100644
--- a/tests/integration/fixtures/TestFeed/action.yml
+++ b/tests/integration/fixtures/TestFeed/action.yml
@@ -15,4 +15,4 @@
   repo_id: 1 # public
   is_private: false
   created_unix: 1680454039
-  content: '["1","Well, this test is short | succient | distinct."]'
+  content: '["1","Well, this test is short | succinct | distinct."]'
diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go
index d1d5dffad5..39b3c3494f 100644
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -1479,7 +1479,7 @@ func TestSignUpViaOAuthLinking2FA(t *testing.T) {
 		assert.Equal(t, "/user/webauthn", test.RedirectURL(resp))
 	})
 
-	t.Run("Case-insenstive username", func(t *testing.T) {
+	t.Run("Case-insensitive username", func(t *testing.T) {
 		defer mockCompleteUserAuth(func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
 			return goth.User{
 				Provider: gitlabName,
@@ -1551,7 +1551,7 @@ func TestAccessTokenWithPKCE(t *testing.T) {
 		require.NoError(t, err)
 	})
 
-	t.Run("Incorrect code verfifier", func(t *testing.T) {
+	t.Run("Incorrect code verifier", func(t *testing.T) {
 		req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
 			"client_id":     "ce5a1322-42a7-11ed-b878-0242ac120002",
 			"code":          u.Query().Get("code"),
diff --git a/tests/integration/patch_status_test.go b/tests/integration/patch_status_test.go
index 7d8952067f..9ada94bfc0 100644
--- a/tests/integration/patch_status_test.go
+++ b/tests/integration/patch_status_test.go
@@ -148,8 +148,8 @@ func TestPatchStatus(t *testing.T) {
 				t.Helper()
 				var found *issues_model.PullRequest
 				assert.Eventually(t, func() bool {
-					examplar := pr
-					found = unittest.AssertExistsAndLoadBean(t, &examplar, flow)
+					exemplar := pr
+					found = unittest.AssertExistsAndLoadBean(t, &exemplar, flow)
 					return found.Status == issues_model.PullRequestStatusConflict
 				}, time.Second*30, time.Millisecond*200)
 				return found
@@ -297,7 +297,7 @@ can buy me/us a Paulaner Spezi in return.        ~sdomi, Project SERVFAIL`), 0o6
 				defer tests.PrintCurrentTest(t)()
 
 				require.NoError(t, git.NewCommand(t.Context(), "push", "fork", "HEAD:protected").Run(&git.RunOpts{Dir: dstPath}))
-				testPullCreateDirectly(t, session, repo.OwnerName, repo.Name, repo.DefaultBranch, forkRepo.OwnerName, forkRepo.Name, "protected", "accros repo protected")
+				testPullCreateDirectly(t, session, repo.OwnerName, repo.Name, repo.DefaultBranch, forkRepo.OwnerName, forkRepo.Name, "protected", "across repo protected")
 
 				test(t, unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{BaseRepoID: repo.ID, HeadRepoID: forkRepo.ID, HeadBranch: "protected"}, "flow = 0"))
 			})
@@ -339,7 +339,7 @@ can buy me/us a Paulaner Spezi in return.        ~sdomi, Project SERVFAIL`), 0o6
 				defer tests.PrintCurrentTest(t)()
 
 				require.NoError(t, git.NewCommand(t.Context(), "push", "fork", "HEAD:ancestor").Run(&git.RunOpts{Dir: dstPath}))
-				testPullCreateDirectly(t, session, repo.OwnerName, repo.Name, "protected", forkRepo.OwnerName, forkRepo.Name, "ancestor", "accros repo ancestor")
+				testPullCreateDirectly(t, session, repo.OwnerName, repo.Name, "protected", forkRepo.OwnerName, forkRepo.Name, "ancestor", "across repo ancestor")
 
 				test(t, unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{BaseRepoID: repo.ID, HeadRepoID: forkRepo.ID, HeadBranch: "ancestor"}, "flow = 0"))
 			})
diff --git a/tests/integration/proctected_branch_test.go b/tests/integration/protected_branch_test.go
similarity index 100%
rename from tests/integration/proctected_branch_test.go
rename to tests/integration/protected_branch_test.go
diff --git a/tests/integration/pull_merge_test.go b/tests/integration/pull_merge_test.go
index 2274e56b41..b12ced9073 100644
--- a/tests/integration/pull_merge_test.go
+++ b/tests/integration/pull_merge_test.go
@@ -365,7 +365,7 @@ func TestCantMergeUnrelated(t *testing.T) {
 		require.NoError(t, err)
 		sha := strings.TrimSpace(stdout.String())
 
-		_, _, err = git.NewCommand(git.DefaultContext, "update-index", "--add", "--replace", "--cacheinfo").AddDynamicArguments("100644", sha, "somewher-over-the-rainbow").RunStdString(&git.RunOpts{Dir: path})
+		_, _, err = git.NewCommand(git.DefaultContext, "update-index", "--add", "--replace", "--cacheinfo").AddDynamicArguments("100644", sha, "somewhere-over-the-rainbow").RunStdString(&git.RunOpts{Dir: path})
 		require.NoError(t, err)
 
 		treeSha, _, err := git.NewCommand(git.DefaultContext, "write-tree").RunStdString(&git.RunOpts{Dir: path})
diff --git a/tests/integration/repo_collaborator_test.go b/tests/integration/repo_collaborator_test.go
index 4ca0dad708..8d8dba060a 100644
--- a/tests/integration/repo_collaborator_test.go
+++ b/tests/integration/repo_collaborator_test.go
@@ -23,14 +23,14 @@ func TestRepoCollaborators(t *testing.T) {
 	response := session.MakeRequest(t, NewRequest(t, "GET", "/user2/repo1/settings/collaboration"), http.StatusOK)
 	page := NewHTMLParser(t, response.Body).Find(".repo-setting-content")
 
-	// Veirfy header
+	// Verify header
 	assert.Equal(t, "Collaborators", strings.TrimSpace(page.Find("h4").Text()))
 
-	// Veirfy button text
+	// Verify button text
 	page = page.Find("#repo-collab-form")
 	assert.Equal(t, "Add collaborator", strings.TrimSpace(page.Find("button.primary").Text()))
 
-	// Veirfy placeholder
+	// Verify placeholder
 	placeholder, exists := page.Find("#search-user-box input").Attr("placeholder")
 	assert.True(t, exists)
 	assert.Equal(t, "Search users…", placeholder)
diff --git a/tests/integration/repo_commits_tags_test.go b/tests/integration/repo_commits_tags_test.go
index a6797fce94..5835397074 100644
--- a/tests/integration/repo_commits_tags_test.go
+++ b/tests/integration/repo_commits_tags_test.go
@@ -51,7 +51,7 @@ func TestRepoCommitsWithTags(t *testing.T) {
 	})
 	assert.True(t, tagFound, "Should find v1.1 tag")
 
-	// 3. tags appear after the commit messsage and status indicators
+	// 3. tags appear after the commit message and status indicators
 	messageHTML, _ := messageCell.Html()
 	messageWrapperPos := strings.Index(messageHTML, "message-wrapper")
 	ellipsisButtonPos := strings.Index(messageHTML, "ellipsis-button")

From d9545c503ea332eb567b052701f273361cbb4639 Mon Sep 17 00:00:00 2001
From: christopher-besch <mail@chris-besch.com>
Date: Mon, 26 Jan 2026 22:58:22 +0100
Subject: [PATCH 233/854] fix: decrease watch count when blocking user (#10882)

Fixes #10881

Call the proper function for each repository the user watches, so adjusting the watch count can be done properly.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10882
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: christopher-besch <mail@chris-besch.com>
Co-committed-by: christopher-besch <mail@chris-besch.com>
---
 .deadcode-out               |  3 ---
 models/repo/watch.go        | 10 ++++++++--
 services/user/block_test.go |  7 +++++++
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/.deadcode-out b/.deadcode-out
index 20f13a03a1..97093ce93b 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -50,9 +50,6 @@ forgejo.org/models/organization
 forgejo.org/models/perm/access
 	GetRepoWriters
 
-forgejo.org/models/repo
-	WatchRepoMode
-
 forgejo.org/models/user
 	IsErrUserWrongType
 	IsErrExternalLoginUserAlreadyExist
diff --git a/models/repo/watch.go b/models/repo/watch.go
index ceec20fdd6..3a20880a5c 100644
--- a/models/repo/watch.go
+++ b/models/repo/watch.go
@@ -194,6 +194,12 @@ func WatchIfAuto(ctx context.Context, userID, repoID int64) error {
 
 // UnwatchRepos will unwatch the user from all given repositories.
 func UnwatchRepos(ctx context.Context, userID int64, repoIDs []int64) error {
-	_, err := db.GetEngine(ctx).Where("user_id=?", userID).In("repo_id", repoIDs).Delete(&Watch{})
-	return err
+	// Unfortunatly, we can't simply delete the Watch records because we do watcher counting in the repo relation.
+	for _, repoID := range repoIDs {
+		err := WatchRepoMode(ctx, userID, repoID, WatchModeNone)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
 }
diff --git a/services/user/block_test.go b/services/user/block_test.go
index b9f23a7cda..f23a5cf91a 100644
--- a/services/user/block_test.go
+++ b/services/user/block_test.go
@@ -48,10 +48,17 @@ func TestBlockUser(t *testing.T) {
 		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerID: doer.ID})
 		require.NoError(t, repo_model.WatchRepo(db.DefaultContext, blockedUser.ID, repo.ID, true))
 
+		repo = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerID: doer.ID})
+		oldNumWatchers := repo.NumWatches
+
 		require.NoError(t, BlockUser(db.DefaultContext, doer.ID, blockedUser.ID))
 
 		// Ensure blocked user isn't following doer's repository.
 		assert.False(t, repo_model.IsWatching(db.DefaultContext, blockedUser.ID, repo.ID))
+
+		// Ensure the watcher count was reduced by one.
+		repo = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{OwnerID: doer.ID})
+		require.Equal(t, oldNumWatchers-1, repo.NumWatches)
 	})
 
 	t.Run("Collaboration", func(t *testing.T) {

From 9f4f6d2c8241bf1fd4ea2f5b00effed3c0ab4bce Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 27 Jan 2026 01:44:14 +0100
Subject: [PATCH 234/854] Update module github.com/alecthomas/chroma/v2 to
 v2.23.1 (forgejo) (#10936)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10936
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 21ea81336c..b98dae2246 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,7 @@ require (
 	github.com/ProtonMail/go-crypto v1.3.0
 	github.com/PuerkitoBio/goquery v1.11.0
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2
-	github.com/alecthomas/chroma/v2 v2.22.0
+	github.com/alecthomas/chroma/v2 v2.23.1
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
 	github.com/blevesearch/bleve/v2 v2.5.6
 	github.com/buildkite/terminal-to-html/v3 v3.16.8
diff --git a/go.sum b/go.sum
index 68961f91d6..ffc0ef76e7 100644
--- a/go.sum
+++ b/go.sum
@@ -84,8 +84,8 @@ github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2/go.mod h1:JitQWJ8JuV4Y
 github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
 github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
 github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
-github.com/alecthomas/chroma/v2 v2.22.0 h1:PqEhf+ezz5F5owoDeOUKFzW+W3ZJDShNCaHg4sZuItI=
-github.com/alecthomas/chroma/v2 v2.22.0/go.mod h1:NqVhfBR0lte5Ouh3DcthuUCTUpDC9cxBOfyMbMQPs3o=
+github.com/alecthomas/chroma/v2 v2.23.1 h1:nv2AVZdTyClGbVQkIzlDm/rnhk1E9bU9nXwmZ/Vk/iY=
+github.com/alecthomas/chroma/v2 v2.23.1/go.mod h1:NqVhfBR0lte5Ouh3DcthuUCTUpDC9cxBOfyMbMQPs3o=
 github.com/alecthomas/repr v0.0.0-20220113201626-b1b626ac65ae/go.mod h1:2kn6fqh/zIyPLmm3ugklbEi5hg5wS435eygvNfaDQL8=
 github.com/alecthomas/repr v0.5.2 h1:SU73FTI9D1P5UNtvseffFSGmdNci/O6RsqzeXJtP0Qs=
 github.com/alecthomas/repr v0.5.2/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=

From 8c59260761bc74c1aa4eb8e6ea9257e9d0a11a79 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 27 Jan 2026 03:19:31 +0100
Subject: [PATCH 235/854] Update renovate to v42.92.4 (forgejo) (#11044)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 2463dfd467..1d29876f20 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:42.84.2
+      image: data.forgejo.org/renovate/renovate:42.92.10
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index 855498d55c..bff0ee683e 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.40.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@42.84.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@42.92.10 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From a9acd29effe5e7de622d8c21b98596ce028cd454 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 27 Jan 2026 13:59:01 +0100
Subject: [PATCH 236/854] feat: enable SQLite WAL by default (#11059)

- In order to avoid a database locked message, you either need shared
cache or WAL. Shared cache was disabled in as its deprecrated and could
cause more good than trouble. Enable WAL by default, it's only
non-desirable in very narrow and select situations (NFS filesystem
situation) and is otherwise safe as default.
- Resolves forgejo/forgejo#10900

Docs: forgejo/docs!1717
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11059
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 custom/conf/app.example.ini | 2 +-
 modules/setting/database.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 6a30600a5d..568091b058 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -362,7 +362,7 @@ RUN_USER = ; git
 DB_TYPE = sqlite3
 ;PATH= ; defaults to data/forgejo.db
 ;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
-;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
+;SQLITE_JOURNAL_MODE = WAL; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
diff --git a/modules/setting/database.go b/modules/setting/database.go
index 4edd0897d8..7b9af1598e 100644
--- a/modules/setting/database.go
+++ b/modules/setting/database.go
@@ -87,7 +87,7 @@ func loadDBSetting(rootCfg ConfigProvider) {
 
 	Database.Path = sec.Key("PATH").MustString(filepath.Join(AppDataPath, "forgejo.db"))
 	Database.Timeout = sec.Key("SQLITE_TIMEOUT").MustInt(500)
-	Database.SQLiteJournalMode = sec.Key("SQLITE_JOURNAL_MODE").MustString("")
+	Database.SQLiteJournalMode = sec.Key("SQLITE_JOURNAL_MODE").MustString("WAL")
 
 	Database.MaxIdleConns = sec.Key("MAX_IDLE_CONNS").MustInt(2)
 	if Database.Type.IsMySQL() {

From 02bb3ef7a6bce1f3b653e4e4890a017dea75f1a9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 27 Jan 2026 14:08:44 +0100
Subject: [PATCH 237/854] Update dependency globals to v17.1.0 (forgejo)
 (#11061)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11061
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 57487f7d9d..927cbddd01 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -107,7 +107,7 @@
         "eslint-plugin-vue": "10.6.2",
         "eslint-plugin-vue-scoped-css": "2.12.0",
         "eslint-plugin-wc": "3.0.2",
-        "globals": "17.0.0",
+        "globals": "17.1.0",
         "happy-dom": "20.0.11",
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.47.0",
@@ -9117,9 +9117,9 @@
       }
     },
     "node_modules/globals": {
-      "version": "17.0.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-17.0.0.tgz",
-      "integrity": "sha512-gv5BeD2EssA793rlFWVPMMCqefTlpusw6/2TbAVMy0FzcG8wKJn4O+NqJ4+XWmmwrayJgw5TzrmWjFgmz1XPqw==",
+      "version": "17.1.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-17.1.0.tgz",
+      "integrity": "sha512-8HoIcWI5fCvG5NADj4bDav+er9B9JMj2vyL2pI8D0eismKyUvPLTSs+Ln3wqhwcp306i73iyVnEKx3F6T47TGw==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/package.json b/package.json
index 09d06d3a80..bd6efce583 100644
--- a/package.json
+++ b/package.json
@@ -106,7 +106,7 @@
     "eslint-plugin-vue": "10.6.2",
     "eslint-plugin-vue-scoped-css": "2.12.0",
     "eslint-plugin-wc": "3.0.2",
-    "globals": "17.0.0",
+    "globals": "17.1.0",
     "happy-dom": "20.0.11",
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.47.0",

From c1980829757a416622c2dd07b809da3b48795de8 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 27 Jan 2026 17:10:59 +0100
Subject: [PATCH 238/854] fix: empty dynamic matrix can leave action run
 hanging incomplete (#11063)

Fixes #11030.

When a `strategy.matrix` needs to be evaluated on the output of another job, it can become evaluated into an empty set of jobs.  In this case, and assuming no other jobs in the run are active, the run should reach a settled state.  The logic to check the other jobs in the run and determine if this state has been hit needs to be explicitly added to the job emitter.

To accomplish this change, this action run state logic was extracted out of `UpdateRunJobWithoutNotification` where it could be reused.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11063
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/run.go                         |  31 +++++
 models/actions/run_job.go                     |  38 +-----
 models/actions/run_test.go                    | 119 ++++++++++++++++++
 .../action_run.yml                            |  19 +++
 .../action_run_job.yml                        |  41 ++++++
 .../action_task_output.yml                    |   5 +
 services/actions/job_emitter.go               |  13 ++
 services/actions/job_emitter_test.go          |  39 ++++++
 8 files changed, 273 insertions(+), 32 deletions(-)

diff --git a/models/actions/run.go b/models/actions/run.go
index e500d45487..f411c5d5e5 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -524,4 +524,35 @@ func UpdateRunWithoutNotification(ctx context.Context, run *ActionRun, cols ...s
 	return nil
 }
 
+// Compute the Status, Started, and Stopped fields of an ActionRun based upon the current job state within the run.
+// Returned is the [ActionRun] with modifications if necessary, a slice of column names that have been updated, or an
+// error if the calculation failed. The caller is responsible for then invoking [actions_service.UpdateRun] for an
+// update with notifications, or [actions_model.UpdateRunWithoutNotification] if notifications are already handled.
+func ComputeRunStatus(ctx context.Context, runID int64) (run *ActionRun, columns []string, err error) {
+	run, err = GetRunByID(ctx, runID)
+	if err != nil {
+		return nil, nil, err
+	}
+	jobs, err := GetRunJobsByRunID(ctx, runID)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	newStatus := AggregateJobStatus(jobs)
+	if run.Status != newStatus {
+		run.Status = newStatus
+		columns = append(columns, "status")
+	}
+	if run.Started.IsZero() && run.Status.IsRunning() {
+		run.Started = timeutil.TimeStampNow()
+		columns = append(columns, "started")
+	}
+	if run.Stopped.IsZero() && run.Status.IsDone() {
+		run.Stopped = timeutil.TimeStampNow()
+		columns = append(columns, "stopped")
+	}
+
+	return run, columns, nil
+}
+
 type ActionRunIndex db.ResourceIndex
diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index ddf622f9e9..1d70cde877 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -174,38 +174,12 @@ func UpdateRunJobWithoutNotification(ctx context.Context, job *ActionRunJob, con
 		}
 	}
 
-	{
-		// Other goroutines may aggregate the status of the run and update it too.
-		// So we need load the run and its jobs before updating the run.
-		run, err := GetRunByID(ctx, job.RunID)
-		if err != nil {
-			return 0, err
-		}
-		jobs, err := GetRunJobsByRunID(ctx, job.RunID)
-		if err != nil {
-			return 0, err
-		}
-
-		updateRequired := false
-		newStatus := AggregateJobStatus(jobs)
-		if run.Status != newStatus {
-			run.Status = newStatus
-			updateRequired = true
-		}
-		if run.Started.IsZero() && run.Status.IsRunning() {
-			run.Started = timeutil.TimeStampNow()
-			updateRequired = true
-		}
-		if run.Stopped.IsZero() && run.Status.IsDone() {
-			run.Stopped = timeutil.TimeStampNow()
-			updateRequired = true
-		}
-		if updateRequired {
-			// As the caller has to ensure the ActionRunNowDone notification is sent we can ignore doing so here.
-			if err := UpdateRunWithoutNotification(ctx, run, "status", "started", "stopped"); err != nil {
-				return 0, fmt.Errorf("update run %d: %w", run.ID, err)
-			}
-		}
+	run, columns, err := ComputeRunStatus(ctx, job.RunID)
+	if err != nil {
+		return 0, fmt.Errorf("compute run status: %w", err)
+	}
+	if err := UpdateRunWithoutNotification(ctx, run, columns...); err != nil {
+		return 0, fmt.Errorf("update run %d: %w", run.ID, err)
 	}
 
 	return affected, nil
diff --git a/models/actions/run_test.go b/models/actions/run_test.go
index 5c98f453eb..e3e2bd46ad 100644
--- a/models/actions/run_test.go
+++ b/models/actions/run_test.go
@@ -375,3 +375,122 @@ jobs:
 	// Expect job with an incomplete with to be StatusBlocked:
 	assert.Equal(t, StatusBlocked, job.Status)
 }
+
+func TestComputeRunStatus(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("no changes", func(t *testing.T) {
+		run, columns, err := ComputeRunStatus(t.Context(), 791)
+		require.NoError(t, err)
+		assert.Equal(t, StatusSuccess, run.Status)
+		assert.NotContains(t, columns, "status")
+		assert.EqualValues(t, 1683636528, run.Started)
+		assert.NotContains(t, columns, "started")
+		assert.EqualValues(t, 1683636626, run.Stopped)
+		assert.NotContains(t, columns, "stopped")
+	})
+
+	t.Run("change status", func(t *testing.T) {
+		job := unittest.AssertExistsAndLoadBean(t, &ActionRunJob{ID: 192})
+		job.Status = StatusFailure
+		affected, err := db.GetEngine(t.Context()).Cols("status").ID(job.ID).Update(job)
+		require.NoError(t, err)
+		require.EqualValues(t, 1, affected)
+
+		run, columns, err := ComputeRunStatus(t.Context(), 791)
+		require.NoError(t, err)
+		assert.Equal(t, StatusFailure, run.Status)
+		assert.Contains(t, columns, "status")
+		assert.NotContains(t, columns, "started")
+		assert.NotContains(t, columns, "stopped")
+	})
+
+	t.Run("won't change started if not running", func(t *testing.T) {
+		job := unittest.AssertExistsAndLoadBean(t, &ActionRunJob{ID: 192})
+		job.Status = StatusBlocked
+		affected, err := db.GetEngine(t.Context()).Cols("status").ID(job.ID).Update(job)
+		require.NoError(t, err)
+		require.EqualValues(t, 1, affected)
+
+		preRun := unittest.AssertExistsAndLoadBean(t, &ActionRun{ID: 791})
+		preRun.Started = 0
+		affected, err = db.GetEngine(t.Context()).Cols("started").ID(preRun.ID).Update(preRun)
+		require.NoError(t, err)
+		require.EqualValues(t, 1, affected)
+
+		run, columns, err := ComputeRunStatus(t.Context(), 791)
+		require.NoError(t, err)
+		assert.Equal(t, StatusBlocked, run.Status)
+		assert.EqualValues(t, 0, run.Started)
+		assert.Contains(t, columns, "status")
+		assert.NotContains(t, columns, "started")
+		assert.NotContains(t, columns, "stopped")
+	})
+
+	t.Run("change started", func(t *testing.T) {
+		// Need the job to be "Running" for started to appear to change
+		job := unittest.AssertExistsAndLoadBean(t, &ActionRunJob{ID: 192})
+		job.Status = StatusRunning
+		affected, err := db.GetEngine(t.Context()).Cols("status").ID(job.ID).Update(job)
+		require.NoError(t, err)
+		require.EqualValues(t, 1, affected)
+
+		preRun := unittest.AssertExistsAndLoadBean(t, &ActionRun{ID: 791})
+		preRun.Started = 0
+		affected, err = db.GetEngine(t.Context()).Cols("started").ID(preRun.ID).Update(preRun)
+		require.NoError(t, err)
+		require.EqualValues(t, 1, affected)
+
+		run, columns, err := ComputeRunStatus(t.Context(), 791)
+		require.NoError(t, err)
+		assert.Equal(t, StatusRunning, run.Status)
+		assert.NotEqualValues(t, 0, run.Started)
+		assert.Contains(t, columns, "status")
+		assert.Contains(t, columns, "started")
+		assert.NotContains(t, columns, "stopped")
+	})
+
+	t.Run("won't change stopped if not done", func(t *testing.T) {
+		job := unittest.AssertExistsAndLoadBean(t, &ActionRunJob{ID: 192})
+		job.Status = StatusRunning
+		affected, err := db.GetEngine(t.Context()).Cols("status").ID(job.ID).Update(job)
+		require.NoError(t, err)
+		require.EqualValues(t, 1, affected)
+
+		preRun := unittest.AssertExistsAndLoadBean(t, &ActionRun{ID: 791})
+		preRun.Stopped = 0
+		affected, err = db.GetEngine(t.Context()).Cols("stopped").ID(preRun.ID).Update(preRun)
+		require.NoError(t, err)
+		require.EqualValues(t, 1, affected)
+
+		run, columns, err := ComputeRunStatus(t.Context(), 791)
+		require.NoError(t, err)
+		assert.Equal(t, StatusRunning, run.Status)
+		assert.EqualValues(t, 0, run.Stopped)
+		assert.Contains(t, columns, "status")
+		assert.NotContains(t, columns, "stopped")
+	})
+
+	t.Run("change stopped", func(t *testing.T) {
+		// Need the job to be some version of Done for stopped to appear to change
+		job := unittest.AssertExistsAndLoadBean(t, &ActionRunJob{ID: 192})
+		job.Status = StatusSuccess
+		affected, err := db.GetEngine(t.Context()).Cols("status").ID(job.ID).Update(job)
+		require.NoError(t, err)
+		require.EqualValues(t, 1, affected)
+
+		preRun := unittest.AssertExistsAndLoadBean(t, &ActionRun{ID: 791})
+		preRun.Stopped = 0
+		affected, err = db.GetEngine(t.Context()).Cols("stopped").ID(preRun.ID).Update(preRun)
+		require.NoError(t, err)
+		require.EqualValues(t, 1, affected)
+
+		run, columns, err := ComputeRunStatus(t.Context(), 791)
+		require.NoError(t, err)
+		assert.Equal(t, StatusSuccess, run.Status)
+		assert.NotEqualValues(t, 0, run.Stopped)
+		assert.NotContains(t, columns, "status")
+		assert.NotContains(t, columns, "started")
+		assert.Contains(t, columns, "stopped")
+	})
+}
diff --git a/services/actions/Test_tryHandleIncompleteMatrix/action_run.yml b/services/actions/Test_tryHandleIncompleteMatrix/action_run.yml
index 06af0d3014..19ab1ccfb9 100644
--- a/services/actions/Test_tryHandleIncompleteMatrix/action_run.yml
+++ b/services/actions/Test_tryHandleIncompleteMatrix/action_run.yml
@@ -416,3 +416,22 @@
   need_approval: 0
   approved_by: 0
   concurrency_group: abc123
+-
+  id: 922
+  title: "running workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 26
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  concurrency_group: abc123
diff --git a/services/actions/Test_tryHandleIncompleteMatrix/action_run_job.yml b/services/actions/Test_tryHandleIncompleteMatrix/action_run_job.yml
index 19cb5f2d59..fabcfa26ac 100644
--- a/services/actions/Test_tryHandleIncompleteMatrix/action_run_job.yml
+++ b/services/actions/Test_tryHandleIncompleteMatrix/action_run_job.yml
@@ -852,3 +852,44 @@
   task_id: 108
   status: 1 # success
   runs_on: '["fedora"]'
+
+-
+  id: 642
+  run_id: 922
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: job2
+  attempt: 0
+  job_id: job2
+  task_id: 0
+  status: 7 # blocked
+  runs_on: '[]'
+  needs: '["job1"]'
+  workflow_payload: |
+    on:
+      push:
+        branches: [main]
+    jobs:
+      job2:
+        runs-on: default
+        strategy:
+          matrix:
+            name: ${{ fromJSON(needs.job1.outputs.empty-list) }}
+        steps:
+        - run: echo "${{ matrix.name }}"
+    incomplete_matrix: true
+-
+  id: 643
+  run_id: 922
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: job1
+  attempt: 0
+  job_id: job1
+  task_id: 110
+  status: 1 # success
+  runs_on: '["fedora"]'
diff --git a/services/actions/Test_tryHandleIncompleteMatrix/action_task_output.yml b/services/actions/Test_tryHandleIncompleteMatrix/action_task_output.yml
index 35c4676504..2f458238ad 100644
--- a/services/actions/Test_tryHandleIncompleteMatrix/action_task_output.yml
+++ b/services/actions/Test_tryHandleIncompleteMatrix/action_task_output.yml
@@ -58,3 +58,8 @@
   task_id: 109
   output_key: workflow_input
   output_value: my-workflow-input
+-
+  id: 112
+  task_id: 110
+  output_key: empty-list
+  output_value: "[]"
diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index 61e77744c9..fe3cc1b38a 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -365,6 +365,19 @@ func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.Ac
 			return fmt.Errorf("unexpected record count in delete incomplete_matrix=true job with ID %d; count = %d", blockedJob.ID, count)
 		}
 
+		// If len(newJobWorkflows) is 0, and blockedJob was the last job in this run, then the job will be complete --
+		// ComputeRunStatus will check for that state.
+		run, columns, err := actions_model.ComputeRunStatus(ctx, blockedJob.RunID)
+		if err != nil {
+			return fmt.Errorf("compute run status: %w", err)
+		}
+		if len(columns) != 0 {
+			err := UpdateRun(ctx, run, columns...)
+			if err != nil {
+				return fmt.Errorf("update run: %w", err)
+			}
+		}
+
 		return nil
 	})
 	if err != nil {
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index 754e29cc7f..caccf75434 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -13,6 +13,7 @@ import (
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/test"
+	notify_service "forgejo.org/services/notify"
 
 	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
 	"code.forgejo.org/forgejo/runner/v12/act/model"
@@ -276,6 +277,20 @@ jobs:
     steps: []
 `
 
+type callArgsActionRunNowDone struct {
+	run         *actions_model.ActionRun
+	priorStatus actions_model.Status
+	lastRun     *actions_model.ActionRun
+}
+type mockNotifier struct {
+	notify_service.NullNotifier
+	calls []*callArgsActionRunNowDone
+}
+
+func (m *mockNotifier) ActionRunNowDone(ctx context.Context, run *actions_model.ActionRun, priorStatus actions_model.Status, lastRun *actions_model.ActionRun) {
+	m.calls = append(m.calls, &callArgsActionRunNowDone{run, priorStatus, lastRun})
+}
+
 func Test_tryHandleIncompleteMatrix(t *testing.T) {
 	// Shouldn't get any decoding errors during this test -- pop them up from a log warning to a test fatal error.
 	defer test.MockVariableValue(&model.OnDecodeNodeError, func(node yaml.Node, out any, err error) {
@@ -300,6 +315,7 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 		needs                         map[string][]string
 		expectIncompleteJob           []string
 		localReusableWorkflowCallArgs *localReusableWorkflowCallArgs
+		actionRunStatusChange         actions_model.Status
 	}{
 		{
 			name:     "not incomplete",
@@ -541,12 +557,26 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 				path:      "./.forgejo/workflows/reusable.yml",
 			},
 		},
+		{
+			name:     "action run completed after expansion",
+			runJobID: 642,
+			consumed: true,
+			runJobNames: []string{
+				"job1",
+				// job2 which expanded into an empty matrix is gone
+			},
+			actionRunStatusChange: actions_model.StatusSuccess,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			defer unittest.OverrideFixtures("services/actions/Test_tryHandleIncompleteMatrix")()
 			require.NoError(t, unittest.PrepareTestDatabase())
 
+			notifier := &mockNotifier{}
+			notify_service.RegisterNotifier(notifier)
+			defer notify_service.UnregisterNotifier(notifier)
+
 			// Mock access to reusable workflows, both local and remote
 			var localReusableCalled []*localReusableWorkflowCallArgs
 			var cleanupCallCount int
@@ -596,6 +626,15 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 					// expectations are that the ActionRun has an empty PreExecutionError
 					actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: blockedJob.RunID})
 					assert.EqualValues(t, 0, actionRun.PreExecutionErrorCode, "PreExecutionError Details: %#v", actionRun.PreExecutionErrorDetails)
+					if tt.actionRunStatusChange != 0 {
+						assert.Equal(t, tt.actionRunStatusChange, actionRun.Status)
+						require.Len(t, notifier.calls, 1)
+						call := notifier.calls[0]
+						assert.Equal(t, actionRun.ID, call.run.ID)
+						assert.Nil(t, call.lastRun)
+						assert.Equal(t, actions_model.StatusRunning, call.priorStatus)
+						assert.Equal(t, tt.actionRunStatusChange, call.run.Status)
+					}
 
 					// compare jobs that exist with `runJobNames` to ensure new jobs are inserted:
 					allJobsInRun, err := db.Find[actions_model.ActionRunJob](t.Context(), actions_model.FindRunJobOptions{RunID: blockedJob.RunID})

From 5440aaea21cc863cbd511146466d7cd01db64090 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Tue, 27 Jan 2026 22:42:03 +0100
Subject: [PATCH 239/854] chore: avoid `log.Fatal()` for jwtx/signingkey
 (#11066)

The module calling `log.Fatal()` (which terminates the process) prevents the calling function to enrich the error message with vital information allowing the user to track down problematic configuration directives. Also this was impeding unit tests.

One such case is where the path to the specified key can not be created, as demonstrated in the test case. Here the error message is:

```
Error while loading or creating JWT key: Error generating private key ...: mkdir ...: permission denied
```

`log.Fatal()` is kept for `f.Close()` errors which indicate much more severe but very rare underlying issues. Handling these would require broader changes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11066
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 modules/jwtx/signingkey.go      | 5 ++---
 modules/jwtx/signingkey_test.go | 6 ++++++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/modules/jwtx/signingkey.go b/modules/jwtx/signingkey.go
index 55cc522f22..51622cd724 100644
--- a/modules/jwtx/signingkey.go
+++ b/modules/jwtx/signingkey.go
@@ -291,7 +291,7 @@ func CreateSigningKey(algorithm string, key any) (SigningKey, error) {
 func loadOrCreateAsymmetricKey(keyPath, algorithm string) (any, error) {
 	isExist, err := util.IsExist(keyPath)
 	if err != nil {
-		log.Fatal("Unable to check if %s exists. Error: %v", keyPath, err)
+		return nil, fmt.Errorf("Unable to check if %s exists. Error: %v", keyPath, err)
 	}
 	if !isExist {
 		err := func() error {
@@ -352,8 +352,7 @@ func loadOrCreateAsymmetricKey(keyPath, algorithm string) (any, error) {
 			return pem.Encode(f, privateKeyPEM)
 		}()
 		if err != nil {
-			log.Fatal("Error generating private key: %v", err)
-			return nil, err
+			return nil, fmt.Errorf("Error generating private key %s: %v", keyPath, err)
 		}
 	}
 
diff --git a/modules/jwtx/signingkey_test.go b/modules/jwtx/signingkey_test.go
index 6f5cc3f49d..0b81a03682 100644
--- a/modules/jwtx/signingkey_test.go
+++ b/modules/jwtx/signingkey_test.go
@@ -111,3 +111,9 @@ func TestLoadOrCreateAsymmetricKey(t *testing.T) {
 		assert.NotNil(t, parsedKey.(ed25519.PrivateKey))
 	})
 }
+
+func TestCannotCreatePrivateKey(t *testing.T) {
+	_, err := InitAsymmetricSigningKey("/dev/directory-does-not-exist-and-you-should-not-have-permission-to-create/privatekey.pem", "RS256")
+	require.Error(t, err)
+	require.ErrorContains(t, err, "Error generating private key")
+}

From daf2e22563bee676fb80a29f253b68804f137f43 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 27 Jan 2026 22:43:28 +0100
Subject: [PATCH 240/854] Update module github.com/meilisearch/meilisearch-go
 to v0.36.0 (forgejo) (#11062)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11062
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 assets/go-licenses.json                           | 5 -----
 go.mod                                            | 3 +--
 go.sum                                            | 6 ++----
 modules/indexer/issues/meilisearch/meilisearch.go | 2 +-
 4 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 80523116cc..fcf45b8da5 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -664,11 +664,6 @@
     "path": "github.com/gogs/go-gogs-client/LICENSE",
     "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2014 Go Git Service\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n"
   },
-  {
-    "name": "github.com/golang-jwt/jwt/v4",
-    "path": "github.com/golang-jwt/jwt/v4/LICENSE",
-    "licenseText": "Copyright (c) 2012 Dave Grijalva\nCopyright (c) 2021 golang-jwt maintainers\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n\n"
-  },
   {
     "name": "github.com/golang-jwt/jwt/v5",
     "path": "github.com/golang-jwt/jwt/v5/LICENSE",
diff --git a/go.mod b/go.mod
index b98dae2246..3f7efbbb47 100644
--- a/go.mod
+++ b/go.mod
@@ -76,7 +76,7 @@ require (
 	github.com/markbates/goth v1.80.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-sqlite3 v1.14.33
-	github.com/meilisearch/meilisearch-go v0.34.0
+	github.com/meilisearch/meilisearch-go v0.36.0
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
 	github.com/minio/minio-go/v7 v7.0.98
@@ -189,7 +189,6 @@ require (
 	github.com/go-webauthn/x v0.1.25 // indirect
 	github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
-	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
 	github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
diff --git a/go.sum b/go.sum
index ffc0ef76e7..043c41b5b6 100644
--- a/go.sum
+++ b/go.sum
@@ -340,8 +340,6 @@ github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f h1:3BSP1Tbs2djlpprl7w
 github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f/go.mod h1:Pcatq5tYkCW2Q6yrR2VRHlbHpZ/R4/7qyL1TCF7vl14=
 github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85 h1:UjoPNDAQ5JPCjlxoJd6K8ALZqSDDhk2ymieAZOVaDg0=
 github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85/go.mod h1:fR6z1Ie6rtF7kl/vBYMfgD5/G5B1blui7z426/sj2DU=
-github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
-github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
 github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
@@ -520,8 +518,8 @@ github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebG
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.14.33 h1:A5blZ5ulQo2AtayQ9/limgHEkFreKj1Dv226a1K73s0=
 github.com/mattn/go-sqlite3 v1.14.33/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
-github.com/meilisearch/meilisearch-go v0.34.0 h1:P+Ohdx4/PCxXaoI5wNi0LMwPkuiNrF/kGIzBrKYS4tw=
-github.com/meilisearch/meilisearch-go v0.34.0/go.mod h1:cUVJZ2zMqTvvwIMEEAdsWH+zrHsrLpAw6gm8Lt1MXK0=
+github.com/meilisearch/meilisearch-go v0.36.0 h1:N1etykTektXt5KPcSbhBO0d5Xx5NaKj4pJWEM7WA5dI=
+github.com/meilisearch/meilisearch-go v0.36.0/go.mod h1:HBfHzKMxcSbTOvqdfuRA/yf6Vk9IivcwKocWRuW7W78=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=
 github.com/mholt/acmez/v3 v3.1.2/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
 github.com/mholt/archives v0.1.5 h1:Fh2hl1j7VEhc6DZs2DLMgiBNChUux154a1G+2esNvzQ=
diff --git a/modules/indexer/issues/meilisearch/meilisearch.go b/modules/indexer/issues/meilisearch/meilisearch.go
index 95602d0dd0..aefe7de517 100644
--- a/modules/indexer/issues/meilisearch/meilisearch.go
+++ b/modules/indexer/issues/meilisearch/meilisearch.go
@@ -116,7 +116,7 @@ func (b *Indexer) Delete(_ context.Context, ids ...int64) error {
 	}
 
 	for _, id := range ids {
-		_, err := b.inner.Client.Index(b.inner.VersionedIndexName()).DeleteDocument(strconv.FormatInt(id, 10))
+		_, err := b.inner.Client.Index(b.inner.VersionedIndexName()).DeleteDocument(strconv.FormatInt(id, 10), nil)
 		if err != nil {
 			return err
 		}

From 37ed0605b783e44eb5f8ef6c95304b568c6342eb Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Tue, 27 Jan 2026 22:56:22 +0100
Subject: [PATCH 241/854] fix(ui): center-align emojis to neighbouring text
 (#11057)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

### Testing

1. Create issue with Emoji next to text, e.g. this is a 🐸 with no ℹ️ Information.
2. Observe that the emoji is not anymore top-aligned to the text.

(Here a test string with Forgejo’s [custom emojis](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/public/assets/img/emoji): :codeberg: test :git: :gitea: TEST :gogs: :forgejo: Test :github: :gitlab:)

- [x] checked on Chromium and Firefox on Linux (ofc) myself
- [x] checked on Firefox on MacOS, https://codeberg.org/forgejo/forgejo/pulls/11057#issuecomment-10182195

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11057
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
---
 web_src/css/markup/content.css | 1 -
 1 file changed, 1 deletion(-)

diff --git a/web_src/css/markup/content.css b/web_src/css/markup/content.css
index b22df9a402..931f33d064 100644
--- a/web_src/css/markup/content.css
+++ b/web_src/css/markup/content.css
@@ -338,7 +338,6 @@
 
 .markup .emoji {
   max-width: none;
-  vertical-align: text-top;
 }
 
 .markup span.frame {

From 12cfb4beb50255d6b0007ecb465e43daa90095ad Mon Sep 17 00:00:00 2001
From: Antonin Delpeuch <antonin@delpeuch.eu>
Date: Tue, 27 Jan 2026 23:19:34 +0100
Subject: [PATCH 242/854] fix: allow test delivery for webhooks not enabled for
 push events (#11073)

Webhooks not enabled for push events cannot be tested using the
"Test delivery" button, because the built-in test payload corresponds
to a push event and is therefore filtered out at delivery time if the
webhook isn't configured to trigger for such events.

This fixes it by delivering the payload for a push event regardless
of the webhook's configuration. This has the downside of delivering
a payload which isn't necessarily representative of what the webhook
will deliver for real, but it would be a significant effort to implement
test payloads for all possible event types. We leave this as a follow-up
improvement.

Fixes #7934.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11073
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
---
 routers/api/v1/repo/hook.go         |  3 +--
 routers/web/repo/setting/webhook.go |  2 +-
 services/webhook/webhook.go         | 26 ++++++++++++++++++
 services/webhook/webhook_test.go    | 41 +++++++++++++++++++++++++++++
 4 files changed, 69 insertions(+), 3 deletions(-)

diff --git a/routers/api/v1/repo/hook.go b/routers/api/v1/repo/hook.go
index 5d277604b8..a0e28f0685 100644
--- a/routers/api/v1/repo/hook.go
+++ b/routers/api/v1/repo/hook.go
@@ -15,7 +15,6 @@ import (
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/web"
-	webhook_module "forgejo.org/modules/webhook"
 	"forgejo.org/routers/api/v1/utils"
 	"forgejo.org/services/context"
 	"forgejo.org/services/convert"
@@ -177,7 +176,7 @@ func TestHook(ctx *context.APIContext) {
 	commit := convert.ToPayloadCommit(ctx, ctx.Repo.Repository, ctx.Repo.Commit)
 
 	commitID := ctx.Repo.Commit.ID.String()
-	if err := webhook_service.PrepareWebhook(ctx, hook, webhook_module.HookEventPush, &api.PushPayload{
+	if err := webhook_service.PrepareTestWebhook(ctx, hook, &api.PushPayload{
 		Ref:          ref,
 		Before:       commitID,
 		After:        commitID,
diff --git a/routers/web/repo/setting/webhook.go b/routers/web/repo/setting/webhook.go
index b2c0691d04..9bd4422556 100644
--- a/routers/web/repo/setting/webhook.go
+++ b/routers/web/repo/setting/webhook.go
@@ -436,7 +436,7 @@ func WebhookTest(ctx *context.Context) {
 		Pusher:       apiUser,
 		Sender:       apiUser,
 	}
-	if err := webhook_service.PrepareWebhook(ctx, w, webhook_module.HookEventPush, p); err != nil {
+	if err := webhook_service.PrepareTestWebhook(ctx, w, p); err != nil {
 		ctx.Flash.Error("PrepareWebhook: " + err.Error())
 		ctx.Status(http.StatusInternalServerError)
 	} else {
diff --git a/services/webhook/webhook.go b/services/webhook/webhook.go
index 93a863ec49..f163971d46 100644
--- a/services/webhook/webhook.go
+++ b/services/webhook/webhook.go
@@ -209,6 +209,32 @@ func PrepareWebhook(ctx context.Context, w *webhook_model.Webhook, event webhook
 	return enqueueHookTask(task.ID)
 }
 
+// PrepareTestWebhook creates a hook task for test delivery and enqueues it for processing.
+// It simulates a "push" event even though the webhook might not be enabled for that event.
+func PrepareTestWebhook(ctx context.Context, w *webhook_model.Webhook, p api.Payloader) error {
+	// Skip sending if webhooks are disabled.
+	if setting.DisableWebhooks {
+		return errors.New("webhooks are globally disabled")
+	}
+
+	payload, err := p.JSONPayload()
+	if err != nil {
+		return fmt.Errorf("JSONPayload for Test: %w", err)
+	}
+
+	task, err := webhook_model.CreateHookTask(ctx, &webhook_model.HookTask{
+		HookID:         w.ID,
+		PayloadContent: string(payload),
+		EventType:      webhook_module.HookEventPush,
+		PayloadVersion: 2,
+	})
+	if err != nil {
+		return fmt.Errorf("CreateHookTask for Test: %w", err)
+	}
+
+	return enqueueHookTask(task.ID)
+}
+
 // PrepareWebhooks adds new webhooks to task queue for given payload.
 func PrepareWebhooks(ctx context.Context, source EventSource, event webhook_module.HookEventType, p api.Payloader) error {
 	owner := source.Owner
diff --git a/services/webhook/webhook_test.go b/services/webhook/webhook_test.go
index 15cb8f620c..40aa6c7f48 100644
--- a/services/webhook/webhook_test.go
+++ b/services/webhook/webhook_test.go
@@ -5,6 +5,8 @@ package webhook
 
 import (
 	"fmt"
+	"net/http"
+	"net/http/httptest"
 	"testing"
 
 	"forgejo.org/models/db"
@@ -111,3 +113,42 @@ func TestWebhookUserMail(t *testing.T) {
 	assert.Equal(t, user.GetPlaceholderEmail(), convert.ToUser(db.DefaultContext, user, nil).Email)
 	assert.Equal(t, user.Email, convert.ToUser(db.DefaultContext, user, user).Email)
 }
+
+func TestDeliverTestPayloadWithoutPushEvent(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	done := make(chan struct{}, 1)
+	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, "/webhook", r.URL.Path)
+		w.WriteHeader(200)
+		done <- struct{}{}
+	}))
+	t.Cleanup(s.Close)
+
+	hookEvent := webhook_module.HookEvent{ChooseEvents: true, HookEvents: webhook_module.HookEvents{Release: true}}
+	hook := &webhook_model.Webhook{
+		RepoID:      3,
+		URL:         s.URL + "/webhook",
+		ContentType: webhook_model.ContentTypeJSON,
+		IsActive:    true,
+		Type:        webhook_module.GITEA,
+		HookEvent:   &hookEvent,
+	}
+	require.NoError(t, webhook_model.CreateWebhook(t.Context(), hook, ""))
+
+	// if we deliver this webhook for a push event, nothing happens because the webhook isn't configured to run on those events
+	require.NoError(t, PrepareWebhook(db.DefaultContext, hook, webhook_module.HookEventPush, &api.ReleasePayload{}))
+	unittest.AssertNotExistsBean(t, &webhook_model.HookTask{
+		HookID: hook.ID,
+	})
+
+	// but if we deliver it as a testing payload, the check on event types is bypassed
+	// (so that webhooks can be tested regardless of the event types they are enabled for)
+	// See https://codeberg.org/forgejo/forgejo/issues/7934
+	require.NoError(t, PrepareTestWebhook(db.DefaultContext, hook, &api.ReleasePayload{}))
+
+	unittest.AssertExistsAndLoadBean(t, &webhook_model.HookTask{
+		HookID:    hook.ID,
+		EventType: webhook_module.HookEventPush,
+	})
+}

From e28e872c1d2157874c42707f9659cf12a5d27ae3 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 28 Jan 2026 12:19:15 +0100
Subject: [PATCH 243/854] Update renovate to v42.93.1 (forgejo) (#11077)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11077
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 1d29876f20..7a120ca563 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:42.92.10
+      image: data.forgejo.org/renovate/renovate:42.93.1
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index bff0ee683e..60a6dd328a 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.40.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@42.92.10 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@42.93.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From 53ee80be9e76f82f2581a81dea41a657ff34f405 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 28 Jan 2026 13:08:23 +0100
Subject: [PATCH 244/854] Update module github.com/urfave/cli/v3 to v3.6.2
 (forgejo) (#10937)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10937
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 cmd/main.go      |  3 +++
 cmd/main_test.go | 10 ++++++++++
 go.mod           |  2 --
 go.sum           |  4 ++--
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/cmd/main.go b/cmd/main.go
index 65cde47884..fa26bf0a07 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -204,6 +204,9 @@ func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmd
 	for i := range subCmdWithConfig {
 		prepareSubcommandWithConfig(subCmdWithConfig[i], globalFlags)
 	}
+	for i := range subCmdStandalone {
+		subCmdStandalone[i].Flags = append(subCmdStandalone[i].Flags, cli.HelpFlag)
+	}
 	app.Commands = append(app.Commands, subCmdWithConfig...)
 	app.Commands = append(app.Commands, subCmdStandalone...)
 
diff --git a/cmd/main_test.go b/cmd/main_test.go
index 1ec3471343..e984ed10e8 100644
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -113,6 +113,16 @@ func TestCliCmd(t *testing.T) {
 			cmd: "./gitea forgejo-cli --help",
 			exp: "(subcommand help template)",
 		},
+		{
+			env: map[string]string{"GITEA_WORK_DIR": "/tmp"},
+			cmd: "./gitea cert --help",
+			exp: "(subcommand help template)",
+		},
+		{
+			env: map[string]string{"GITEA_WORK_DIR": "/tmp"},
+			cmd: "./gitea web --help",
+			exp: "(subcommand help template)",
+		},
 	}
 
 	for _, c := range cases {
diff --git a/go.mod b/go.mod
index 3f7efbbb47..51bcc8ef3f 100644
--- a/go.mod
+++ b/go.mod
@@ -274,5 +274,3 @@ replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-2024121
 replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
 
 replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.4
-
-replace github.com/urfave/cli/v3 => github.com/urfave/cli/v3 v3.5.0
diff --git a/go.sum b/go.sum
index 043c41b5b6..3772678ecb 100644
--- a/go.sum
+++ b/go.sum
@@ -660,8 +660,8 @@ github.com/tinylib/msgp v1.6.1/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77ro
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
 github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli/v3 v3.5.0 h1:qCuFMmdayTF3zmjG8TSsoBzrDqszNrklYg2x3g4MSgw=
-github.com/urfave/cli/v3 v3.5.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
+github.com/urfave/cli/v3 v3.6.2 h1:lQuqiPrZ1cIz8hz+HcrG0TNZFxU70dPZ3Yl+pSrH9A8=
+github.com/urfave/cli/v3 v3.6.2/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/valyala/fastjson v1.6.7 h1:ZE4tRy0CIkh+qDc5McjatheGX2czdn8slQjomexVpBM=
 github.com/valyala/fastjson v1.6.7/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=

From cc40a65c5d32b6c3d4821338287e95c5dd54104e Mon Sep 17 00:00:00 2001
From: Enrique Sanchez Cardoso <enriqueesanchz@gmail.com>
Date: Thu, 29 Jan 2026 01:48:46 +0100
Subject: [PATCH 245/854] feat: detailed permission denied message on push
 (#10941)

Resolves:
- #10497
- #10496
- #10499

Update the message Forgejo is showing when an user is not allowed to push to a repo:
```
remote: Forgejo: User 'username' is not allowed to push to 'branchname' in 'repo'.
remote: If you instead wanted to create a pull request to the branch 'branchname', please use:
remote: git push origin HEAD:refs/for/branchname/choose-a-descriptor
remote: You might want to replace 'origin' with the name of your Git remote if it is different from origin. You can freely choose the descriptor to set it to a topic.
remote: You can learn about creating pull requests with AGit in the docs: https://forgejo.org/docs/latest/user/agit-support/
```

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10941): <!--number 10941 --><!--line 0 --><!--description ZGV0YWlsZWQgcGVybWlzc2lvbiBkZW5pZWQgbWVzc2FnZSBvbiBwdXNo-->detailed permission denied message on push<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10941
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Enrique Sanchez Cardoso <enriqueesanchz@gmail.com>
Co-committed-by: Enrique Sanchez Cardoso <enriqueesanchz@gmail.com>
---
 routers/private/hook_pre_receive.go | 12 +++++++++++-
 tests/integration/git_push_test.go  | 23 ++++++++++++++++++++---
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/routers/private/hook_pre_receive.go b/routers/private/hook_pre_receive.go
index 217e5d817f..c6c6ad5bb0 100644
--- a/routers/private/hook_pre_receive.go
+++ b/routers/private/hook_pre_receive.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"net/http"
 	"os"
+	"strings"
 
 	"forgejo.org/models"
 	asymkey_model "forgejo.org/models/asymkey"
@@ -72,8 +73,17 @@ func (ctx *preReceiveContext) AssertCanWriteCode() bool {
 		if ctx.Written() {
 			return false
 		}
+		var sb strings.Builder
+		fmt.Fprintf(&sb, "User '%s' is not allowed to push to branch '%s' in '%s/%s'.", ctx.user.Name, ctx.branchName, ctx.Repo.Repository.OwnerName, ctx.Repo.Repository.Name)
+
+		if ctx.CanCreatePullRequest() {
+			fmt.Fprintf(&sb, "\nIf you instead wanted to create a pull request to the branch '%s', please use:", ctx.branchName)
+			fmt.Fprintf(&sb, "\ngit push origin HEAD:refs/for/%s/choose-a-descriptor", ctx.branchName)
+			sb.WriteString("\nYou might want to replace 'origin' with the name of your Git remote if it is different from origin. You can freely choose the descriptor to set it to a topic.")
+			sb.WriteString("\nYou can learn about creating pull requests with AGit in the docs: https://forgejo.org/docs/latest/user/agit-support/")
+		}
 		ctx.JSON(http.StatusForbidden, private.Response{
-			UserMsg: "User permission denied for writing.",
+			UserMsg: sb.String(),
 		})
 		return false
 	}
diff --git a/tests/integration/git_push_test.go b/tests/integration/git_push_test.go
index 61e2a65f97..bf8ad8ac12 100644
--- a/tests/integration/git_push_test.go
+++ b/tests/integration/git_push_test.go
@@ -261,14 +261,31 @@ func testOptionsGitPush(t *testing.T, u *url.URL) {
 			require.False(t, repo.IsTemplate)
 		})
 
-		// create a collaborator with write access
+		// create a collaborator user
 		collaborator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
 		u.User = url.UserPassword(collaborator.LowerName, userPassword)
 		doGitAddRemote(gitPath, "collaborator", u)(t)
+
+		t.Run("User without write access is not allowed to push", func(t *testing.T) {
+			pushLogChecker, cleanup := test.NewLogChecker("ssh", log.ERROR)
+			pushLogChecker.Filter("User 'user5' is not allowed to push to branch 'branch3' in 'user2/repo-to-push'.")
+			pushLogChecker.Filter("If you instead wanted to create a pull request to the branch 'branch3', please use:")
+			pushLogChecker.Filter("git push origin HEAD:refs/for/branch3/choose-a-descriptor")
+			pushLogChecker.Filter("You might want to replace 'origin' with the name of your Git remote if it is different from origin. You can freely choose the descriptor to set it to a topic.")
+			pushLogChecker.Filter("You can learn about creating pull requests with AGit in the docs: https://forgejo.org/docs/latest/user/agit-support/")
+			defer cleanup()
+			branchName := "branch3"
+			doGitCreateBranch(gitPath, branchName)(t)
+			doGitPushTestRepositoryFail(gitPath, "collaborator", branchName)(t)
+			pushLogFiltered, _ := pushLogChecker.Check(5 * time.Second)
+			assert.True(t, pushLogFiltered[0])
+		})
+
+		// give write access to the collaborator
 		repo_module.AddCollaborator(db.DefaultContext, repo, collaborator)
 
 		t.Run("Collaborator with write access is allowed to push", func(t *testing.T) {
-			branchName := "branch3"
+			branchName := "branch4"
 			doGitCreateBranch(gitPath, branchName)(t)
 			doGitPushTestRepository(gitPath, "collaborator", branchName)(t)
 		})
@@ -280,7 +297,7 @@ func testOptionsGitPush(t *testing.T, u *url.URL) {
 			sshLogChecker, cleanup := test.NewLogChecker("ssh", log.ERROR)
 			sshLogChecker.Filter("permission denied for changing repo settings")
 			defer cleanup()
-			branchName := "branch4"
+			branchName := "branch5"
 			doGitCreateBranch(gitPath, branchName)(t)
 			doGitPushTestRepositoryFail(gitPath, "collaborator", branchName, "-o", "repo.private=true", "-o", "repo.template=true")(t)
 			repo, err = repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, user.Name, "repo-to-push")

From fec8b9efb13c1452d5bdc019358c3b032608d1ed Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Thu, 29 Jan 2026 09:22:00 +0100
Subject: [PATCH 246/854] chore(release-notes): Forgejo v14.0.2 [skip ci]
 (#11092)

https://codeberg.org/forgejo/forgejo/milestone/47805
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11092
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/14.0.2.md | 36 +++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 release-notes-published/14.0.2.md

diff --git a/release-notes-published/14.0.2.md b/release-notes-published/14.0.2.md
new file mode 100644
index 0000000000..a0eb0ebb5a
--- /dev/null
+++ b/release-notes-published/14.0.2.md
@@ -0,0 +1,36 @@
+
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10969) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10996)): <!--number 10996 --><!--line 0 --><!--description Zml4KHVpKTogdGlwcHkgbWVudSBzdHlsZXMgdG9vIGJyb2FkLCBhZmZlY3Rpbmcgc3dpdGNoIGluIFBSIHJldmlldw==-->fix(ui): tippy menu styles too broad, affecting switch in PR review<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10964) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10970)): <!--number 10970 --><!--line 0 --><!--description Zml4KHVpKTogYWRkIG1pc3NpbmcgdHJhbnNsYXRpb24gZm9yIGNvZGUgc2VhcmNoIHdoZW4ga2V5d29yZCBpcyBlbXB0eSBzdHJpbmc=-->fix(ui): add missing translation for code search when keyword is empty string<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10939) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10950)): <!--number 10950 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBmb3JjZS1wdXNoIGxheW91dCBhbGlnbm1lbnQ=-->fix(ui): improve force-push layout alignment<!--description-->
+- Localization
+  - Updates from Codeberg Translate: [#10988](https://codeberg.org/forgejo/forgejo/pulls/10988) (backport of [#10660](https://codeberg.org/forgejo/forgejo/pulls/10660))
+- Features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11059) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11069)): <!--number 11069 --><!--line 0 --><!--description ZmVhdDogZW5hYmxlIFNRTGl0ZSBXQUwgYnkgZGVmYXVsdA==-->feat: enable SQLite WAL by default<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11073) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11074)): <!--number 11074 --><!--line 0 --><!--description Zml4OiBhbGxvdyB0ZXN0IGRlbGl2ZXJ5IGZvciB3ZWJob29rcyBub3QgZW5hYmxlZCBmb3IgcHVzaCBldmVudHM=-->fix: allow test delivery for webhooks not enabled for push events<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11063) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11072)): <!--number 11072 --><!--line 0 --><!--description Zml4OiBlbXB0eSBkeW5hbWljIG1hdHJpeCBjYW4gbGVhdmUgYWN0aW9uIHJ1biBoYW5naW5nIGluY29tcGxldGU=-->fix: empty dynamic matrix can leave action run hanging incomplete<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10882) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11060)): <!--number 11060 --><!--line 0 --><!--description Rml4IG5vdCBkZWNyZWFzaW5nIHdhdGNoIGNvdW50IHdoZW4gYmxvY2tpbmcgdXNlcg==-->Fix not decreasing watch count when blocking user<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10948) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11009)): <!--number 11009 --><!--line 0 --><!--description Zml4OiBkb24ndCBjbG9iYmVyIGF1dGhvcml6ZWRfa2V5cyBmaWxlIGR1cmluZyBpbnN0YWxsYXRpb24gKCMxMDk0OCk=-->fix: don't clobber authorized_keys file during installation (#10948)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10925) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10949)): <!--number 10949 --><!--line 0 --><!--description Zml4KGFwaSk6IGRlZmF1bHQgbmV3IHJlbGVhc2UgJ3RpdGxlJyBmaWVsZCB0byBsYWJlbCBuYW1lLCBpZiBub3QgcHJvdmlkZWQ=-->fix(api): default new release 'title' field to label name, if not provided<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10945) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10947)): <!--number 10947 --><!--line 0 --><!--description Zml4OiByZW1vdmUgaW5maW5pdGUgbG9vcCBpbiBVcGRhdGVSdW5Kb2JXaXRob3V0Tm90aWZpY2F0aW9uIHdoZW4gcnVuIGluIHRyYW5zYWN0aW9u-->fix: remove infinite loop in UpdateRunJobWithoutNotification when run in transaction<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10914) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10928)): <!--number 10928 --><!--line 0 --><!--description ZmVhdDogc3RyaXAgbmV3bGluZXMgb24gb2cgaW1hZ2UgcmVuZGVyaW5n-->feat: strip newlines on og image rendering<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10899) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10909)): <!--number 10909 --><!--line 0 --><!--description Zml4OiBkb24ndCByZXR1cm4gQWRkaXRpb25hbFRhc2tzIGZyb20gRmV0Y2hUYXNrIGlmIHRoZXJlIGlzIG5vIFRhc2s=-->fix: don't return AdditionalTasks from FetchTask if there is no Task<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10888) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10903)): <!--number 10903 --><!--line 0 --><!--description Zml4OiB1c2UgQUxURVIgVEFCTEUgaW4gU1FMaXRlIERyb3BUYWJsZUNvbHVtbnMoKSwgYWxsb3dpbmcgdW5leHBlY3RlZCBkYXRhYmFzZSBzb3VyY2VzIHRvIHdvcmsgYmV0dGVyIGluIG1pZ3JhdGlvbnM=-->fix: use ALTER TABLE in SQLite DropTableColumns(), allowing unexpected database sources to work better in migrations<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10798) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11055)): <!--number 11055 --><!--line 0 --><!--description Zml4OiBtaWdyYXRpb25zL2dpdGh1YjogYXZvaWQgZ2V0dGluZyB0aGUgZmlyc3QgaXNzdWVzIHBhZ2UgdHdpY2U=-->fix: migrations/github: avoid getting the first issues page twice<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11007) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11058)): <!--number 11058 --><!--line 0 --><!--description Zml4IE5ld01vY2tXZWJTZXJ2ZXIoKTogSGVhZGVycyBuZXZlciByZWFjaGVkIHRoZSBodHRwIGNsaWVudA==-->fix NewMockWebServer(): Headers never reached the http client<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10846) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11054)): <!--number 11054 --><!--line 0 --><!--description Zml4OiBtaWdyYXRpb25zL2dpdGh1YjogV2FpdCAmIHJldHJ5IHdoZW4gcHJpbWFyeSByYXRlIGxpbWl0IGlzIGhpdA==-->fix: migrations/github: Wait & retry when primary rate limit is hit<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11038) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11039)): <!--number 11039 --><!--line 0 --><!--description Zml4OiBkZXRlY3QgcmVuYW1lcyB3aGVuIHVzaW5nIGRpZmYtdHJlZQ==-->fix: detect renames when using diff-tree<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11001): <!--number 11001 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNi4wICh2MTQuMC9mb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.6.0 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10983): <!--number 10983 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuNS4xICh2MTQuMC9mb3JnZWpvKQ==-->Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.5.1 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10984): <!--number 10984 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9pbmZyYXN0cnVjdHVyZS9pc3N1ZS1hY3Rpb24gYWN0aW9uIHRvIHYxLjUuMCAodjE0LjAvZm9yZ2Vqbyk=-->Update https://data.forgejo.org/infrastructure/issue-action action to v1.5.0 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10893) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10906)): <!--number 10906 --><!--line 0 --><!--description Zml4OiByZXRyeSBBY3Rpb25SdW4gdXBkYXRlcyB3aGVuIG9wdGltaXN0aWMtY29uY3VycmVuY3ktY29udHJvbCBpbmRpY2F0ZXMgcmVjb3JkIGNoYW5nZWQ=-->fix: retry ActionRun updates when optimistic-concurrency-control indicates record changed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10908): <!--number 10908 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2tsYXVzcG9zdC9jb21wcmVzcyB0byB2MS4xOC4zICh2MTQuMC9mb3JnZWpvKQ==-->Update module github.com/klauspost/compress to v1.18.3 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10883) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10886)): <!--number 10886 --><!--line 0 --><!--description Y2k6IHRpZSBnbyBjYWNoZSB0byBnbyB2ZXJzaW9uIGFuZCBhZGQgYE1ha2VmaWxlYCB0byBrZXkgaGFzaA==-->ci: tie go cache to go version and add `Makefile` to key hash<!--description-->
+<!--end release-notes-assistant-->

From d8ece4596b938179f299c27149f843ef49f15347 Mon Sep 17 00:00:00 2001
From: viceice <michael.kriese@gmx.de>
Date: Thu, 29 Jan 2026 10:42:46 +0100
Subject: [PATCH 247/854] fix: "revert Update module github.com/urfave/cli/v3
 to v3.6.2 (forgejo) (#10937)" (#11095)

reverts commit 53ee80be9e76f82f2581a81dea41a657ff34f405

Again brokes cli

https://codeberg.org/forgejo/docs/actions/runs/7243/jobs/0/attempt/1

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11095
Co-authored-by: viceice <michael.kriese@gmx.de>
Co-committed-by: viceice <michael.kriese@gmx.de>
---
 cmd/main.go      |  3 ---
 cmd/main_test.go | 10 ----------
 go.mod           |  2 ++
 go.sum           |  4 ++--
 4 files changed, 4 insertions(+), 15 deletions(-)

diff --git a/cmd/main.go b/cmd/main.go
index fa26bf0a07..65cde47884 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -204,9 +204,6 @@ func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmd
 	for i := range subCmdWithConfig {
 		prepareSubcommandWithConfig(subCmdWithConfig[i], globalFlags)
 	}
-	for i := range subCmdStandalone {
-		subCmdStandalone[i].Flags = append(subCmdStandalone[i].Flags, cli.HelpFlag)
-	}
 	app.Commands = append(app.Commands, subCmdWithConfig...)
 	app.Commands = append(app.Commands, subCmdStandalone...)
 
diff --git a/cmd/main_test.go b/cmd/main_test.go
index e984ed10e8..1ec3471343 100644
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -113,16 +113,6 @@ func TestCliCmd(t *testing.T) {
 			cmd: "./gitea forgejo-cli --help",
 			exp: "(subcommand help template)",
 		},
-		{
-			env: map[string]string{"GITEA_WORK_DIR": "/tmp"},
-			cmd: "./gitea cert --help",
-			exp: "(subcommand help template)",
-		},
-		{
-			env: map[string]string{"GITEA_WORK_DIR": "/tmp"},
-			cmd: "./gitea web --help",
-			exp: "(subcommand help template)",
-		},
 	}
 
 	for _, c := range cases {
diff --git a/go.mod b/go.mod
index 51bcc8ef3f..3f7efbbb47 100644
--- a/go.mod
+++ b/go.mod
@@ -274,3 +274,5 @@ replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-2024121
 replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
 
 replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.4
+
+replace github.com/urfave/cli/v3 => github.com/urfave/cli/v3 v3.5.0
diff --git a/go.sum b/go.sum
index 3772678ecb..043c41b5b6 100644
--- a/go.sum
+++ b/go.sum
@@ -660,8 +660,8 @@ github.com/tinylib/msgp v1.6.1/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77ro
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
 github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli/v3 v3.6.2 h1:lQuqiPrZ1cIz8hz+HcrG0TNZFxU70dPZ3Yl+pSrH9A8=
-github.com/urfave/cli/v3 v3.6.2/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
+github.com/urfave/cli/v3 v3.5.0 h1:qCuFMmdayTF3zmjG8TSsoBzrDqszNrklYg2x3g4MSgw=
+github.com/urfave/cli/v3 v3.5.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/valyala/fastjson v1.6.7 h1:ZE4tRy0CIkh+qDc5McjatheGX2czdn8slQjomexVpBM=
 github.com/valyala/fastjson v1.6.7/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=

From 1fa9430c7bc38439a954dab1915e372534cded96 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 29 Jan 2026 17:36:53 +0100
Subject: [PATCH 248/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.6.3 (forgejo) (#11088)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.6.2` -> `v12.6.3` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.6.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.6.2/v12.6.3?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.6.3`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.6.3)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.6.2...v12.6.3)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1340): <!--number 1340 --><!--line 0 --><!--description ZmVhdDogdXNlIGBub2RlOmx0c2AgaW5zdGVhZCBvZiBgbm9kZToyMC1idWxsc2V5ZWAgYXMgZGVmYXVsdCBgZG9ja2VyYCBsYWJlbA==-->feat: use `node:lts` instead of `node:20-bullseye` as default `docker` label<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1317): <!--number 1317 --><!--line 0 --><!--description Zml4OiByZXZlcnQgc3dpdGNoIGZyb20gbHhjLWF0dGFjaCB0byBuc2VudGVy-->fix: revert switch from lxc-attach to nsenter<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1338): <!--number 1338 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjYuMg==-->Update dependency forgejo/runner to v12.6.2<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1331): <!--number 1331 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuMw==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.1.3<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1337): <!--number 1337 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9ydW5uZXIgRG9ja2VyIHRhZyB0byB2MTIuNi4y-->Update data.forgejo.org/forgejo/runner Docker tag to v12.6.2<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45My4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTMuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11088
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 3f7efbbb47..8aa243d29f 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.6.2
+	code.forgejo.org/forgejo/runner/v12 v12.6.3
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index 043c41b5b6..d3419b1f96 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.6.2 h1:sO9lxsn3zqsXO1Yiiqtxqy9XhhNaHpASgZTbZ71zKAM=
-code.forgejo.org/forgejo/runner/v12 v12.6.2/go.mod h1:G75xcAhTaFE++/57qcBu+Zk7B7R3kLiUz8y2IkIwUKY=
+code.forgejo.org/forgejo/runner/v12 v12.6.3 h1:5sS/v8vyB1i6rPegu4+aCPnFNMZPnl+uJGkQRS09u4k=
+code.forgejo.org/forgejo/runner/v12 v12.6.3/go.mod h1:G75xcAhTaFE++/57qcBu+Zk7B7R3kLiUz8y2IkIwUKY=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=

From 90b3352ed5cf6a17d3a48b2a353d5424d930f893 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 30 Jan 2026 07:51:18 +0100
Subject: [PATCH 249/854] Update https://data.forgejo.org/actions/cache action
 to v5.0.3 (forgejo) (#11103)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/cache](https://github.com/actions/cache) | action | patch | `v5.0.2` → `v5.0.3` |

---

### Release Notes

<details>
<summary>actions/cache (https://data.forgejo.org/actions/cache)</summary>

### [`v5.0.3`](https://github.com/actions/cache/releases/tag/v5.0.3)

[Compare Source](https://github.com/actions/cache/compare/v5.0.2...v5.0.3)

##### What's Changed

- Bump `@actions/cache` to v5.0.5 (Resolves: <https://github.com/actions/cache/security/dependabot/33>)
- Bump `@actions/core` to v2.0.3

**Full Changelog**: <https://github.com/actions/cache/compare/v5...v5.0.3>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45My4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTMuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11103
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index 7a120ca563..dd167137ac 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Load renovate repo cache
-        uses: https://data.forgejo.org/actions/cache/restore@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
+        uses: https://data.forgejo.org/actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
         with:
           path: |
             .tmp/cache/renovate/repository
@@ -70,7 +70,7 @@ jobs:
 
       - name: Save renovate repo cache
         if: always() && env.RENOVATE_DRY_RUN != 'full'
-        uses: https://data.forgejo.org/actions/cache/save@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
+        uses: https://data.forgejo.org/actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
         with:
           path: |
             .tmp/cache/renovate/repository

From 81601eab85abdd4ada2ba0cfb33ef7eaaa8e225e Mon Sep 17 00:00:00 2001
From: "Panagiotis \"Ivory\" Vasilopoulos" <git@n0toose.net>
Date: Fri, 30 Jan 2026 23:45:11 +0100
Subject: [PATCH 250/854] feat(activitypub): use structure
 `@PreferredUsername@host.tld:port` for actors (#9254)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This modifies usernames of ActivityPub accounts to use the @example@example.tld
format with an additional optional port component (e.g. @user@example.tld:42).
This allows accounts from ActivityPub servers with more relaxed username
requirements than those of Forgejo's to interact with Forgejo. Forgejo would
also follow a "de facto" standard of ActivityPub implementations.

By separating different information using @'s, we also gain future
opportunities to store more information about ActivityPub accounts internally,
so that we won't have to rely on e.g. the amount of dashes in a username as
my migration currently does.

Continuation of Aravinth's work: https://codeberg.org/forgejo/forgejo/pulls/4778

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9254
Reviewed-by: jerger <jerger@noreply.codeberg.org>
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
Co-committed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
---
 .deadcode-out                                 |   1 +
 models/db/name.go                             |  25 +++
 models/fixtures/user.yml                      |   8 +-
 .../v14a_ap-change-fedi-handle-structure.go   | 150 ++++++++++++++++++
 models/user/user.go                           |  27 +++-
 models/user/user_repository.go                |   5 +-
 models/user/user_test.go                      |  57 +++++++
 modules/forgefed/actor_person.go              |   5 +-
 modules/forgefed/actor_person_test.go         |  15 +-
 modules/validation/helpers.go                 |  23 +++
 modules/validation/helpers_test.go            | 107 +++++++++++++
 services/federation/federation_service.go     |   2 +-
 tests/integration/admin_user_test.go          |  16 +-
 13 files changed, 422 insertions(+), 19 deletions(-)
 create mode 100644 models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go

diff --git a/.deadcode-out b/.deadcode-out
index 97093ce93b..6d2c35e374 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -23,6 +23,7 @@ forgejo.org/models/db
 	DumpTables
 	GetTableNames
 	extendBeansForCascade
+	IsErrNameActivityPubInvalid
 
 forgejo.org/models/dbfs
 	file.renameTo
diff --git a/models/db/name.go b/models/db/name.go
index 29b60b2373..d456f49d9c 100644
--- a/models/db/name.go
+++ b/models/db/name.go
@@ -80,6 +80,31 @@ func (err ErrNameCharsNotAllowed) Unwrap() error {
 	return util.ErrInvalidArgument
 }
 
+// ErrNameActivityPubInvalid represents an error for usernames which cannot
+// belong to ActivityPub accounts.
+type ErrNameActivityPubInvalid struct {
+	Name string
+}
+
+// Similarly to IsErrNameCharsNotAllowed, IsErrNameActivityPubInvalid checks if
+// an error is an ErrNameActivityPubInvalid.
+func IsErrNameActivityPubInvalid(err error) bool {
+	_, ok := err.(ErrNameActivityPubInvalid)
+	return ok
+}
+
+func (err ErrNameActivityPubInvalid) Error() string {
+	return fmt.Sprintf(
+		"name is invalid [%s]: not acceptable for users from federated activitypub instances (e.g. @username@domain.example)",
+		err.Name,
+	)
+}
+
+// Unwrap unwraps this as a ErrInvalidArgument err
+func (err ErrNameActivityPubInvalid) Unwrap() error {
+	return util.ErrInvalidArgument
+}
+
 // IsUsableName checks if name is reserved or pattern of name is not allowed
 // based on given reserved names and patterns.
 // Names are exact match, patterns can be prefix or suffix match with placeholder '*'.
diff --git a/models/fixtures/user.yml b/models/fixtures/user.yml
index 4e957f30f3..17592ef330 100644
--- a/models/fixtures/user.yml
+++ b/models/fixtures/user.yml
@@ -1566,9 +1566,9 @@
 
 -
   id: 42
-  lower_name: federated-example.net
-  name: federated-example.net
-  full_name: federated
+  lower_name: "@federated@example.net"
+  name: "@federated@example.net"
+  full_name: "@federated@example.net"
   email: f73240e82-c061-41ef-b7d6-4376cb6f2e1c@example.com
   keep_email_private: false
   email_notifications_preference: enabled
@@ -1576,7 +1576,7 @@
   passwd_hash_algo: ""
   must_change_password: false
   login_source: 0
-  login_name: federated-example.net
+  login_name: "@federated@example.net"
   type: 6
   salt: ""
   max_repo_creation: -1
diff --git a/models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go b/models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go
new file mode 100644
index 0000000000..c59f778205
--- /dev/null
+++ b/models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go
@@ -0,0 +1,150 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/forgefed"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/validation"
+	user_service "forgejo.org/services/user"
+
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "use structure @PreferredUsername@host.tld:port for actors",
+		Upgrade:     changeActivityPubUsernameFormat,
+	})
+}
+
+func changeActivityPubUsernameFormat(x *xorm.Engine) error {
+	// Normally, the db.WithTx statement ensures that the database transaction (aka. all changes made
+	// by this migration) will only be committed if the SQL operations inside of the iteration
+	// (db.Iterate) don't return an error.
+	//
+	// This migration was originally authored with those cases in mind, but it was later agreed that
+	// migrations concerning Forgejo's federation-related components should not return any errors at
+	// this point in time, as federation is not considered to be stable at the moment. For more
+	// information, check the relevant discussion here:
+	// https://codeberg.org/forgejo-contrib/federation/issues/67
+	//
+	// Nevertheless, this structure involves some useful boilerplate that can be used for future
+	// migrations at a later point and has been kept as-is.
+	return db.WithTx(db.DefaultContext, func(ctx context.Context) error {
+		// The transaction is committed only if modifying all federated users is possible.
+		return db.Iterate(ctx, nil, func(ctx context.Context, federatedUser *user_model.FederatedUser) error {
+			// localUser represents the "local" representation of an ActivityPub (federated) user
+			localUser := &user_model.User{}
+			has, err := db.GetEngine(ctx).ID(federatedUser.UserID).Get(localUser)
+			if err != nil {
+				log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while getting local user (ID: %d), ignoring...: %e", federatedUser.UserID, err)
+				return nil
+			}
+
+			if !has {
+				log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: User missing for federated user: %v", federatedUser)
+				err := user_model.DeleteFederatedUser(ctx, federatedUser.UserID)
+				if err != nil {
+					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while deleting federated user (%s), ignoring...: %e", federatedUser, err)
+					return nil
+				}
+			}
+
+			if validation.IsValidActivityPubUsername(localUser.Name) {
+				log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: FederatedUser was already migrated: %v", federatedUser)
+			} else {
+				// Copied from models/forgefed/federationhost_repository.go (forgefed.GetFederationHost),
+				// minus some validation code for FederationHost which we do not otherwise manipulate here.
+				federationHost := new(forgefed.FederationHost)
+				has, err := db.GetEngine(ctx).ID(federatedUser.FederationHostID).Get(federationHost)
+				if err != nil {
+					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while looking up federation host info (for %v), ignoring...: %e", federatedUser, err)
+					return nil
+				} else if !has {
+					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Federation host for federated user missing, deleting: %v", federatedUser)
+					err := user_model.DeleteFederatedUser(ctx, federatedUser.UserID)
+					if err != nil {
+						log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while deleting federated user (%v), ignoring...: %e", federatedUser, err)
+						return nil
+					}
+
+					err = user_service.DeleteUser(ctx, localUser, true)
+					if err != nil {
+						log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while deleting user (%s), ignoring...: %v", localUser.LogString(), err)
+					}
+
+					return nil
+				}
+
+				// Take part of the username before the first dash, reconstruct the rest
+				// of it using whatever we have in FederationHost. Before this migration,
+				// usernames of ActivityPub accounts have an expected format of
+				// "username-subdomain-domain-tld-port". We don't know how many subdomains
+				// there are, but that doesn't matter. We can always get the username unless
+				// if the username of an ActivityPub account was manually changed by an admin,
+				// in which case they should either delete the account or change it back.
+				s := strings.Split(localUser.Name, "-")
+				if len(s) == 0 {
+					log.Warn(
+						"Migration[v14a_ap-change-fedi-handle-structure]: Username %s belonging to federatedUser %v does not contain any dashes, can't construct new username",
+						localUser.Name,
+						federatedUser,
+					)
+					return nil
+				}
+
+				// Were a running Forgejo instance to create a new federated account, would the port
+				// have been marked as "supplemented" (thus leading to its omission)?
+				var newUsername string
+				if (federationHost.HostPort == 443 && federationHost.HostSchema == "https") || (federationHost.HostPort == 80 && federationHost.HostSchema == "http") {
+					newUsername = fmt.Sprintf("@%s@%s", s[0], federationHost.HostFqdn)
+				} else {
+					newUsername = fmt.Sprintf("@%s@%s:%d", s[0], federationHost.HostFqdn, federationHost.HostPort)
+				}
+
+				// Implicitly assumes that there won't be a lower name unique constraint violation.
+				// Potentially a bit paranoid, but why not?
+				userThatShouldntExist := &user_model.User{}
+				lowernameTaken, err := db.GetEngine(ctx).Where("lower_name = ?", strings.ToLower(newUsername)).Table("user").Get(userThatShouldntExist)
+				if err != nil {
+					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred, skipping migration of %s: %e", localUser.LogString(), err)
+					return nil
+				}
+
+				if lowernameTaken {
+					log.Warn(
+						"Migration[v14a_ap-change-fedi-handle-structure]: New username %s for %s already taken by %s, deleting the former...",
+						newUsername,
+						localUser.LogString(),
+						userThatShouldntExist.LogString(),
+					)
+					err := user_model.DeleteFederatedUser(ctx, localUser.ID)
+					if err != nil {
+						log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while deleting federated user (%s), ignoring...: %e", localUser.LogString(), err)
+					}
+					return nil
+				}
+
+				// Safe to assume that the following operations should just work now.
+				log.Info("Migration[v14a_ap-change-fedi-handle-structure]: Updating username of %s to %s", localUser.LogString(), newUsername)
+				if _, err := db.GetEngine(ctx).ID(localUser.ID).Cols("lower_name", "name").Update(&user_model.User{
+					LowerName: strings.ToLower(newUsername),
+					Name:      newUsername,
+				}); err != nil {
+					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred when updating federated user's username (%s), ignoring...: %e", localUser.LogString(), err)
+					return nil
+				}
+			}
+
+			return nil
+		})
+	})
+}
diff --git a/models/user/user.go b/models/user/user.go
index 0fd8061a89..cc5b4abec3 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -698,6 +698,14 @@ func IsUsableUsername(name string) error {
 	return db.IsUsableName(reservedUsernames, reservedUserPatterns, name)
 }
 
+// IsActivityPubUsername returns an error if a fediverse handle (referred to as a username) cannot exist
+func IsActivityPubUsername(name string) error {
+	if !validation.IsValidActivityPubUsername(name) {
+		return db.ErrNameActivityPubInvalid{Name: name}
+	}
+	return db.IsUsableName(reservedUsernames, reservedUserPatterns, name)
+}
+
 // CreateUserOverwriteOptions are an optional options who overwrite system defaults on user creation
 type CreateUserOverwriteOptions struct {
 	KeepEmailPrivate             optional.Option[bool]
@@ -708,6 +716,7 @@ type CreateUserOverwriteOptions struct {
 	Theme                        *string
 	IsRestricted                 optional.Option[bool]
 	IsActive                     optional.Option[bool]
+	IsActivityPub                optional.Option[bool]
 }
 
 // CreateUser creates record of a new user.
@@ -722,12 +731,26 @@ func AdminCreateUser(ctx context.Context, u *User, overwriteDefault ...*CreateUs
 
 // createUser creates record of a new user.
 func createUser(ctx context.Context, u *User, createdByAdmin bool, overwriteDefault ...*CreateUserOverwriteOptions) (err error) {
-	if err = IsUsableUsername(u.Name); err != nil {
+	overwriteDefaultPresent := len(overwriteDefault) != 0 && overwriteDefault[0] != nil
+
+	// If a username is invalid as-is, check whether the username is meant
+	// for an ActivityPub account. Username constraints that belong to "foreign"
+	// ActivityPub servers, whose implementations we cannot control, are expected
+	// to be much less restrictive than those of Forgejo itself.
+	if overwriteDefaultPresent && overwriteDefault[0].IsActivityPub.Has() {
+		if err = IsActivityPubUsername(u.Name); err != nil {
+			return err
+		}
+	} else if err := IsUsableUsername(u.Name); err != nil {
 		return err
 	}
 
 	// Check if the new username can be claimed.
 	// Skip this check if done by an admin.
+	//
+	// Note: This skip should not currently cover usernames that could belong to
+	// fediverse accounts. This "defensive programming" is in place to prevent future
+	// breakage until the ActivityPub component matures more.
 	if !createdByAdmin {
 		if ok, expireTime, err := CanClaimUsername(ctx, u.Name, -1); err != nil {
 			return err
@@ -754,7 +777,7 @@ func createUser(ctx context.Context, u *User, createdByAdmin bool, overwriteDefa
 	}
 
 	// overwrite defaults if set
-	if len(overwriteDefault) != 0 && overwriteDefault[0] != nil {
+	if overwriteDefaultPresent {
 		overwrite := overwriteDefault[0]
 		if overwrite.KeepEmailPrivate.Has() {
 			u.KeepEmailPrivate = overwrite.KeepEmailPrivate.Value()
diff --git a/models/user/user_repository.go b/models/user/user_repository.go
index f1d06abe17..9692bd7304 100644
--- a/models/user/user_repository.go
+++ b/models/user/user_repository.go
@@ -23,8 +23,9 @@ func CreateFederatedUser(ctx context.Context, user *User, federatedUser *Federat
 		return err
 	}
 	overwrite := CreateUserOverwriteOptions{
-		IsActive:     optional.Some(false),
-		IsRestricted: optional.Some(false),
+		IsActive:      optional.Some(false),
+		IsRestricted:  optional.Some(false),
+		IsActivityPub: optional.Some(true),
 	}
 
 	// Begin transaction
diff --git a/models/user/user_test.go b/models/user/user_test.go
index 330a3fd563..4db253df18 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -440,6 +440,63 @@ func TestCreateUserClaimingUsername(t *testing.T) {
 	})
 }
 
+// Attempts to create a username with a fediverse-format handle, which should
+// fail (without the override IsActivityPub, which is set by CreateFederatedUser)
+func TestCreateUserPlainWithFediverseHandle(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	_, err := db.GetEngine(db.DefaultContext).NoAutoTime().Insert(&user_model.Redirect{RedirectUserID: 1, LowerName: "redirecting", CreatedUnix: timeutil.TimeStampNow()})
+	require.NoError(t, err)
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+	user.Name = "@example@example.tld"
+	user.LowerName = strings.ToLower(user.Name)
+	user.ID = 0
+	user.Email = "unique@example.com"
+
+	t.Run("Normal creation (without ActivityPub override)", func(t *testing.T) {
+		err = user_model.CreateUser(db.DefaultContext, user)
+		require.Error(t, err)
+		assert.True(t, db.IsErrNameCharsNotAllowed(err))
+	})
+
+	t.Run("Creation as admin (without ActivityPub override)", func(t *testing.T) {
+		err = user_model.AdminCreateUser(db.DefaultContext, user)
+		require.Error(t, err)
+		assert.True(t, db.IsErrNameCharsNotAllowed(err))
+	})
+
+	// Logic borrowed from CreateFederatedUser (which invokes CreateUser), but
+	// we "lend" this here to verify CreateUser's paths.
+	overwrite := user_model.CreateUserOverwriteOptions{
+		IsActive:      optional.Some(false),
+		IsRestricted:  optional.Some(false),
+		IsActivityPub: optional.Some(true),
+	}
+
+	t.Run("Normal creation (with ActivityPub override, invalid format)", func(t *testing.T) {
+		user.Name = "invalid-format-for-an-activitypub-account"
+		user.LowerName = strings.ToLower(user.Name)
+
+		err = user_model.CreateUser(db.DefaultContext, user, &overwrite)
+		require.Error(t, err)
+		assert.True(t, db.IsErrNameActivityPubInvalid(err))
+	})
+
+	t.Run("Normal creation (with ActivityPub override)", func(t *testing.T) {
+		user.Name = "@valid@example.tld"
+		user.LowerName = strings.ToLower(user.Name)
+
+		err = user_model.CreateUser(db.DefaultContext, user, &overwrite)
+		require.NoError(t, err)
+	})
+
+	// Note: We don't expect that admins are able to access any front-facing
+	// function that sets the overwrite (i.e. CreateFederatedUser), hence it
+	// has been omitted for now.
+}
+
 func TestGetUserIDsByNames(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
diff --git a/modules/forgefed/actor_person.go b/modules/forgefed/actor_person.go
index 7c43b0d7ce..72768f4815 100644
--- a/modules/forgefed/actor_person.go
+++ b/modules/forgefed/actor_person.go
@@ -71,12 +71,13 @@ func (id PersonID) AsLoginName() string {
 	return result
 }
 
+// HostSuffix returns the host part of a handle, i.e. @host.tld (if port is supplemented) or @host.tld:1234
 func (id PersonID) HostSuffix() string {
 	var result string
 	if !id.IsPortSupplemented {
-		result = fmt.Sprintf("-%s-%d", strings.ToLower(id.Host), id.HostPort)
+		result = fmt.Sprintf("@%s:%d", strings.ToLower(id.Host), id.HostPort)
 	} else {
-		result = fmt.Sprintf("-%s", strings.ToLower(id.Host))
+		result = fmt.Sprintf("@%s", strings.ToLower(id.Host))
 	}
 	return result
 }
diff --git a/modules/forgefed/actor_person_test.go b/modules/forgefed/actor_person_test.go
index a5f3ee47b1..82bd9fabc3 100644
--- a/modules/forgefed/actor_person_test.go
+++ b/modules/forgefed/actor_person_test.go
@@ -246,8 +246,19 @@ func TestForgePersonValidation(t *testing.T) {
 
 func TestAsloginName(t *testing.T) {
 	sut, _ := forgefed.NewPersonID("https://codeberg.org/api/v1/activitypub/user-id/12345", "forgejo")
-	assert.Equal(t, "12345-codeberg.org", sut.AsLoginName())
+	assert.Equal(t, "12345@codeberg.org", sut.AsLoginName())
 
 	sut, _ = forgefed.NewPersonID("https://codeberg.org:443/api/v1/activitypub/user-id/12345", "forgejo")
-	assert.Equal(t, "12345-codeberg.org-443", sut.AsLoginName())
+	assert.Equal(t, "12345@codeberg.org:443", sut.AsLoginName())
+}
+
+func TestHostSuffix(t *testing.T) {
+	sut, _ := forgefed.NewPersonID("https://codeberg.org/api/v1/activitypub/user-id/12345", "forgejo")
+	sut.Host = "forgejo.example.tld"
+	sut.HostPort = 80
+
+	// sut.IsPortSupplemented is true by default at time of writing.
+	assert.Equal(t, "@forgejo.example.tld", sut.HostSuffix())
+	sut.IsPortSupplemented = false
+	assert.Equal(t, "@forgejo.example.tld:80", sut.HostSuffix())
 }
diff --git a/modules/validation/helpers.go b/modules/validation/helpers.go
index 4b28dead03..848fb70af5 100644
--- a/modules/validation/helpers.go
+++ b/modules/validation/helpers.go
@@ -102,6 +102,21 @@ var (
 
 	// No consecutive or trailing non-alphanumeric chars, catches both cases
 	invalidUsernamePattern = regexp.MustCompile(`[-._]{2,}|[-._]$`)
+
+	// This is intended to accept any character, in any language, with accent symbols,
+	// as well as an arbitrary amount of subdomains and an optional port number defined
+	// through `:12345`.
+	//
+	// This is intended to cover username cases from distant servers in the fediverse, which
+	// can have much laxer requirements than those of Forgejo. It is not intended to check for
+	// invalid, non-standard compliant domains.
+	//
+	// For instance, the following should work:
+	// @user.όνομαß_21__@subdomain1.subdomain2.example.tld:65536
+	// @42@42.example.tld
+	// @user@example.tld:99999 (presumed to be an impossible case)
+	// @-@-.tld (also impossible)
+	validFediverseUsernamePattern = regexp.MustCompile(`^(@[\p{L}\p{M}0-9_\.\-]{1,})(@[\p{L}\p{M}0-9_\.\-]{1,})(:[1-9][0-9]{0,4})?$`)
 )
 
 // IsValidUsername checks if username is valid
@@ -114,3 +129,11 @@ func IsValidUsername(name string) bool {
 
 	return validUsernamePatternWithoutDots.MatchString(name) && !invalidUsernamePattern.MatchString(name)
 }
+
+// IsValidActivityPubUsername checks whether the username can be a valid ActivityPub handle.
+//
+// Username refers to the Forgejo user account's username for consistency, and not
+// e.g. "username" in @username@example.tld.
+func IsValidActivityPubUsername(name string) bool {
+	return validFediverseUsernamePattern.MatchString(name)
+}
diff --git a/modules/validation/helpers_test.go b/modules/validation/helpers_test.go
index 7e32184691..6bca3664e1 100644
--- a/modules/validation/helpers_test.go
+++ b/modules/validation/helpers_test.go
@@ -1,4 +1,5 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package validation
@@ -213,3 +214,109 @@ func TestIsValidUsernameBanDots(t *testing.T) {
 		})
 	}
 }
+
+func TestIsValidActivityPubUsername(t *testing.T) {
+	cases := []struct {
+		description string
+		username    string
+		valid       bool
+	}{
+		{
+			description: "Username without domain",
+			username:    "@user",
+			valid:       false,
+		},
+		{
+			description: "Username with domain",
+			username:    "@user@example.tld",
+			valid:       true,
+		},
+		{
+			description: "Numeric username with subdomain",
+			username:    "@42@42.example.tld",
+			valid:       true,
+		},
+		{
+			description: "Username with two subdomains",
+			username:    "@user@forgejo.activitypub.example.tld",
+			valid:       true,
+		},
+		{
+			description: "Username with domain and without port",
+			username:    "@user@social.example.tld:",
+			valid:       false,
+		},
+		{
+			description: "Username with domain and invalid port 0",
+			username:    "@user@social.example.tld:0",
+			valid:       false,
+		},
+		{
+			// We do not validate the port and assume that federationHost.HostPort
+			// cannot present such invalid ports. That also makes the previous case
+			// (port: 0) redundant, but it doesn't hurt.
+			description: "Username with domain and valid port",
+			username:    "@user@social.example.tld:65536",
+			valid:       true,
+		},
+		{
+			description: "Username with Latin letters and special symbols",
+			username:    "@$username$@example.tld",
+			valid:       false,
+		},
+		{
+			description: "Strictly numeric handle, domain, TLD",
+			username:    "@0123456789@0123456789.0123456789.123",
+			valid:       true,
+		},
+		{
+			description: "Handle with Latin characters and dashes",
+			username:    "@0-O@O-O.tld",
+			valid:       true,
+		},
+		// This is an impossible case, but we assume that this will never happen
+		// to begin with.
+		{
+			description: "Handle that only has dashes",
+			username:    "@-@-.-",
+			valid:       true,
+		},
+		{
+			description: "Username with a mix of Latin and non-Latin letters containing accents",
+			username:    "@usernäme.όνομαß_21__@example.tld",
+			valid:       true,
+		},
+		// Note: Our regex should accept any character, in any language and with accent symbols.
+		// The list is neither exhaustive, nor does it represent all possible cases.
+		// I chose some TLDs from https://en.wikipedia.org/wiki/Country_code_top-level_domain,
+		// although only one test case should suffice in theory. Nevertheless, to play it safe,
+		// I included four from different geographic regions whose scripts were legible using my
+		// IDE's default font to play it safe.
+		{
+			description: "Username, domain and ccTLD in Greek",
+			username:    "@ευ@ευ.ευ",
+			valid:       true,
+		},
+		{
+			description: "Username, domain and ccTLD in Georgian (Mkhedruli)",
+			username:    "@გე@გე.გე",
+			valid:       true,
+		},
+		{
+			description: "Username, domain and ccTLD of Malaysia (Arabic Jawi)",
+			username:    "@مليسيا@ລمليسيا.مليسيا",
+			valid:       true,
+		},
+		{
+			description: "Username, domain and ccTLD of China (Simplified)",
+			username:    "@中国@中国.中国",
+			valid:       true,
+		},
+	}
+
+	for _, testCase := range cases {
+		t.Run(testCase.description, func(t *testing.T) {
+			assert.Equal(t, testCase.valid, IsValidActivityPubUsername(testCase.username))
+		})
+	}
+}
diff --git a/services/federation/federation_service.go b/services/federation/federation_service.go
index 69b2379cce..d0336881a8 100644
--- a/services/federation/federation_service.go
+++ b/services/federation/federation_service.go
@@ -173,7 +173,7 @@ func fetchUserFromAP(ctx context.Context, personID fm.PersonID, federationHostID
 
 	email := fmt.Sprintf("f%v@%v", uuid.New().String(), localFqdn.Hostname())
 	loginName := personID.AsLoginName()
-	name := fmt.Sprintf("%v%v", person.PreferredUsername.String(), personID.HostSuffix())
+	name := fmt.Sprintf("@%v%v", person.PreferredUsername.String(), personID.HostSuffix())
 	fullName := person.Name.String()
 
 	if len(person.Name) == 0 {
diff --git a/tests/integration/admin_user_test.go b/tests/integration/admin_user_test.go
index 02d5898826..611a0e89c6 100644
--- a/tests/integration/admin_user_test.go
+++ b/tests/integration/admin_user_test.go
@@ -171,11 +171,11 @@ func TestSourceId(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	testUser23 := &user_model.User{
-		Name:        "ausersourceid23",
-		LoginName:   "ausersourceid23",
+		Name:        "@ausersourceid23@example.net",
+		LoginName:   "@ausersourceid23@example.net",
 		Email:       "ausersourceid23@example.com",
 		Passwd:      "ausersourceid23password",
-		Type:        user_model.UserTypeIndividual,
+		Type:        user_model.UserTypeRemoteUser,
 		LoginType:   auth_model.Plain,
 		LoginSource: 23,
 	}
@@ -184,13 +184,17 @@ func TestSourceId(t *testing.T) {
 	session := loginUser(t, "user1")
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadAdmin)
 
-	// Our new user start with 'a' so it should be the first one
+	// Historic background: The user was previously called "ausersourceid23", but the
+	// test started failing on PostgreSQL specifically because of another federated user
+	// in a fixture called @federated@example.net - this did not apply to other database
+	// engines. Said user's username began with an 'a' so that it comes up on top, so, we
+	// simply made another federated user that starts with '@a' here as an easy way out.
 	req := NewRequest(t, "GET", "/api/v1/admin/users?limit=1").AddTokenAuth(token)
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	var users []api.User
 	DecodeJSON(t, resp, &users)
 	assert.Len(t, users, 1)
-	assert.Equal(t, "ausersourceid23", users[0].UserName)
+	assert.Equal(t, "@ausersourceid23@example.net", users[0].UserName)
 
 	// Now our new user should not be in the list, because we filter by source_id 0
 	req = NewRequest(t, "GET", "/api/v1/admin/users?limit=1&source_id=0").AddTokenAuth(token)
@@ -204,7 +208,7 @@ func TestSourceId(t *testing.T) {
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	DecodeJSON(t, resp, &users)
 	assert.Len(t, users, 1)
-	assert.Equal(t, "ausersourceid23", users[0].UserName)
+	assert.Equal(t, "@ausersourceid23@example.net", users[0].UserName)
 }
 
 func TestAdminViewUsersSorted(t *testing.T) {

From dd62575d5a86d42f006909c15001ca2bee8321d5 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 31 Jan 2026 08:58:00 +0100
Subject: [PATCH 251/854] Update dependency globals to v17.2.0 (forgejo)
 (#11111)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11111
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 927cbddd01..515390e6e2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -107,7 +107,7 @@
         "eslint-plugin-vue": "10.6.2",
         "eslint-plugin-vue-scoped-css": "2.12.0",
         "eslint-plugin-wc": "3.0.2",
-        "globals": "17.1.0",
+        "globals": "17.2.0",
         "happy-dom": "20.0.11",
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.47.0",
@@ -9117,9 +9117,9 @@
       }
     },
     "node_modules/globals": {
-      "version": "17.1.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-17.1.0.tgz",
-      "integrity": "sha512-8HoIcWI5fCvG5NADj4bDav+er9B9JMj2vyL2pI8D0eismKyUvPLTSs+Ln3wqhwcp306i73iyVnEKx3F6T47TGw==",
+      "version": "17.2.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-17.2.0.tgz",
+      "integrity": "sha512-tovnCz/fEq+Ripoq+p/gN1u7l6A7wwkoBT9pRCzTHzsD/LvADIzXZdjmRymh5Ztf0DYC3Rwg5cZRYjxzBmzbWg==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/package.json b/package.json
index bd6efce583..c1654abf50 100644
--- a/package.json
+++ b/package.json
@@ -106,7 +106,7 @@
     "eslint-plugin-vue": "10.6.2",
     "eslint-plugin-vue-scoped-css": "2.12.0",
     "eslint-plugin-wc": "3.0.2",
-    "globals": "17.1.0",
+    "globals": "17.2.0",
     "happy-dom": "20.0.11",
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.47.0",

From 995244895a196ad44f7186b0a026bad41164f327 Mon Sep 17 00:00:00 2001
From: xrstf <git@xrstf.de>
Date: Sun, 1 Feb 2026 10:00:21 +0100
Subject: [PATCH 252/854] fix: use an absolute URL for compare links in atom
 feed (#10933)

This PR changes the URL format for `/compare/` links in the RSS/Atom feeds to include the full domain. This makes the links consistent with all other URLs in the feeds.

Fixes #10168.

I tested this on a local Forgejo build with a sample org and a dummy repository as per the original issue. I then fetched the feed to check:

```bash
 $ curl http://localhost:3000/helloworld.atom | grep compare
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  4194    0  4194    0     0   297k          <id>10: http://localhost:3000/helloworld/test/compare/ed4090ecc2d9dd16b184763cc476ea1b28afa560...412413fd409fc0cab446e7b59702596e1bde1816</id>
0 --    <link href="http://localhost:3000/helloworld/test/compare/ed4090ecc2d9dd16b184763cc476ea1b28afa560...412413fd409fc0cab446e7b59702596e1bde1816" rel="alternate"></link>
```

## Checklist

### AI Disclosure

I used AI to

* ask it how to run a single integration test locally because I didn't know about `make test-sqlite#XXX`.

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10933
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: xrstf <git@xrstf.de>
Co-committed-by: xrstf <git@xrstf.de>
---
 routers/web/feed/convert.go                    |  2 +-
 tests/integration/feed_user_test.go            |  2 ++
 tests/integration/fixtures/TestFeed/action.yml | 11 +++++++++++
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/routers/web/feed/convert.go b/routers/web/feed/convert.go
index 7b09c92ee5..c492b9c586 100644
--- a/routers/web/feed/convert.go
+++ b/routers/web/feed/convert.go
@@ -224,7 +224,7 @@ func feedActionsToFeedItems(ctx *context.Context, actions activities_model.Actio
 				}
 
 				if push.Len > 1 {
-					link = &feeds.Link{Href: fmt.Sprintf("%s/%s", setting.AppSubURL, push.CompareURL)}
+					link = &feeds.Link{Href: setting.AppURL + push.CompareURL}
 				} else if push.Len == 1 {
 					link = &feeds.Link{Href: fmt.Sprintf("%s/commit/%s", act.GetRepoAbsoluteLink(ctx), push.Commits[0].Sha1)}
 				}
diff --git a/tests/integration/feed_user_test.go b/tests/integration/feed_user_test.go
index 2bc9e99290..e6b8971728 100644
--- a/tests/integration/feed_user_test.go
+++ b/tests/integration/feed_user_test.go
@@ -61,6 +61,8 @@ func TestFeed(t *testing.T) {
 			err := xml.Unmarshal(resp.Body.Bytes(), &rss)
 			require.NoError(t, err)
 			assert.Contains(t, rss.Channel.Link, "/user2")
+			assert.NotEmpty(t, rss.Channel.Items)
+			assert.Regexp(t, `http://localhost:\d+/user2/repo1/compare/ed4090`, rss.Channel.Items[0].Link)
 			assert.NotEmpty(t, rss.Channel.PubDate)
 		})
 	})
diff --git a/tests/integration/fixtures/TestFeed/action.yml b/tests/integration/fixtures/TestFeed/action.yml
index 160f7cb63a..6458951e61 100644
--- a/tests/integration/fixtures/TestFeed/action.yml
+++ b/tests/integration/fixtures/TestFeed/action.yml
@@ -16,3 +16,14 @@
   is_private: false
   created_unix: 1680454039
   content: '["1","Well, this test is short | succinct | distinct."]'
+
+# a multi-commit push to validate the format of the generated compare URLs, see #10168
+- id: 1003
+  user_id: 2
+  op_type: 5 # commit repo
+  act_user_id: 2
+  comment_id: 0
+  repo_id: 1 # public
+  is_private: false
+  created_unix: 1680454039
+  content: '{"Commits":[{"Sha1":"412413fd409fc0cab446e7b59702596e1bde1816","Message":"fourth commit","AuthorEmail":"git@example.com","AuthorName":"dummy","CommitterEmail":"git@example.com","CommitterName":"dummy","Signature":null,"Verification":null,"Timestamp":"2026-01-19T22:07:22+01:00"},{"Sha1":"00a01802439eb2c0391fdfaa2c344b5e25d0b9d4","Message":"third commit","AuthorEmail":"git@example.com","AuthorName":"dummy","CommitterEmail":"git@example.com","CommitterName":"dummy","Signature":null,"Verification":null,"Timestamp":"2026-01-19T22:07:18+01:00"}],"HeadCommit":{"Sha1":"412413fd409fc0cab446e7b59702596e1bde1816","Message":"fourth commit","AuthorEmail":"git@example.com","AuthorName":"dummy","CommitterEmail":"git@example.com","CommitterName":"dummy","Signature":null,"Verification":null,"Timestamp":"2026-01-19T22:07:22+01:00"},"CompareURL":"user2/repo1/compare/ed4090ecc2d9dd16b184763cc476ea1b28afa560...412413fd409fc0cab446e7b59702596e1bde1816","Len":2}'

From 0b9b1ec045b310db8bd40fda626867d7be8da387 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 1 Feb 2026 10:57:16 +0100
Subject: [PATCH 253/854] Update module
 github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker
 to v3.6.1 (forgejo) (#11120)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 60a6dd328a..07bb6009bd 100644
--- a/Makefile
+++ b/Makefile
@@ -37,7 +37,7 @@ endif
 XGO_VERSION := go-1.21.x
 
 AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.6.0 # renovate: datasource=go
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.6.1 # renovate: datasource=go
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.9.2 # renovate: datasource=go
 GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.7.2 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.15 # renovate: datasource=go

From 283a001bb3b27bdaaa5a0c79bfe89a12cb2d3fd9 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Mon, 2 Feb 2026 23:20:41 +0100
Subject: [PATCH 254/854] fix: cancel runs pending approval when a PR is closed
 (#11134)

Fixes #11125.  When a PR is closed, cancel any action runs associated with the pull request that are not approved so that they do not remain in the Actions list as a blocked action.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11134
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 services/actions/notifier.go            |  9 +++++++
 services/actions/trust.go               | 19 ++++++++++++++
 services/actions/trust_test.go          | 14 ++++++++++
 tests/integration/actions_trust_test.go | 35 +++++++++++++++++++++++++
 4 files changed, 77 insertions(+)

diff --git a/services/actions/notifier.go b/services/actions/notifier.go
index 7b291d491b..401a64e8cb 100644
--- a/services/actions/notifier.go
+++ b/services/actions/notifier.go
@@ -138,6 +138,15 @@ func (n *actionsNotifier) IssueChangeStatus(ctx context.Context, doer *user_mode
 			WithPayload(apiPullRequest).
 			WithPullRequest(issue.PullRequest).
 			Notify(ctx)
+
+		// PR may have left unapproved runs if the author wasn't trusted, and now that it's been closed those should be
+		// cancelled.  Note that this occurs after new events are fired -- even a 'closed' event could generate a pull
+		// request run that needs to be cancelled.
+		if isClosed {
+			if err := cleanupPullRequestUnapprovedRuns(ctx, issue.RepoID, issue.PullRequest.ID); err != nil {
+				log.Error("cleanupPullRequestUnapprovedRuns: %v", err)
+			}
+		}
 		return
 	}
 	apiIssue := &api.IssuePayload{
diff --git a/services/actions/trust.go b/services/actions/trust.go
index 55d97a5756..eed411bf1b 100644
--- a/services/actions/trust.go
+++ b/services/actions/trust.go
@@ -5,6 +5,7 @@ package actions
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	actions_model "forgejo.org/models/actions"
@@ -324,3 +325,21 @@ func pullRequestApprove(ctx context.Context, doerID, repoID, pullRequestID int64
 	}
 	return nil
 }
+
+func cleanupPullRequestUnapprovedRuns(ctx context.Context, repoID, pullRequestID int64) error {
+	runs, err := actions_model.GetRunsThatNeedApprovalByRepoIDAndPullRequestID(ctx, repoID, pullRequestID)
+	if err != nil {
+		return err
+	}
+
+	errorSlice := []error{}
+	for _, run := range runs {
+		if err := CancelRun(ctx, run); err != nil {
+			errorSlice = append(errorSlice, err)
+		}
+	}
+	if len(errorSlice) > 0 {
+		return errors.Join(errorSlice...)
+	}
+	return nil
+}
diff --git a/services/actions/trust_test.go b/services/actions/trust_test.go
index d5aa08e35f..e43ab946b7 100644
--- a/services/actions/trust_test.go
+++ b/services/actions/trust_test.go
@@ -227,6 +227,20 @@ jobs:
 			assert.False(t, run.NeedApproval)
 		}
 	})
+
+	t.Run("cleanupPullRequestUnapprovedRuns", func(t *testing.T) {
+		pullRequestID := int64(534)
+		runNotApproved := createPullRequestRun(t, pullRequestID, repoID)
+
+		previousCancelledCount := unittest.GetCount(t, &actions_model.ActionRun{Status: actions_model.StatusCancelled})
+
+		require.NoError(t, cleanupPullRequestUnapprovedRuns(t.Context(), repoID, pullRequestID))
+
+		currentCancelledCount := unittest.GetCount(t, &actions_model.ActionRun{Status: actions_model.StatusCancelled})
+		assert.Equal(t, previousCancelledCount+1, currentCancelledCount)
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: runNotApproved.ID})
+		assert.Equal(t, actions_model.StatusCancelled.String(), run.Status.String())
+	})
 }
 
 func TestActionsTrust_GetPullRequestUserIsTrustedWithActions(t *testing.T) {
diff --git a/tests/integration/actions_trust_test.go b/tests/integration/actions_trust_test.go
index 651700cd26..c150bd6c2e 100644
--- a/tests/integration/actions_trust_test.go
+++ b/tests/integration/actions_trust_test.go
@@ -12,6 +12,7 @@ import (
 	"time"
 
 	actions_model "forgejo.org/models/actions"
+	auth_model "forgejo.org/models/auth"
 	issues_model "forgejo.org/models/issues"
 	repo_model "forgejo.org/models/repo"
 	unit_model "forgejo.org/models/unit"
@@ -436,3 +437,37 @@ func TestActionsPullRequestTrustPanelWIPConflicts(t *testing.T) {
 		})
 	})
 }
+
+func TestActionsPullRequestTrustCancelOnClose(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		ownerUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		regularUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+		regularSession := loginUser(t, regularUser.Name)
+		token := getTokenForLoggedInUser(t, regularSession, auth_model.AccessTokenScopeWriteIssue)
+
+		baseRepo, f := actionsTrustTestCreateBaseRepo(t, ownerUser)
+		defer f()
+
+		_, pullRequest, addFileToForkedResp := actionsTrustTestCreatePullRequestFromForkedRepo(t, ownerUser, baseRepo, regularUser)
+		prAPILink := pullRequest.Issue.APIURL(t.Context())
+
+		{
+			actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{RepoID: baseRepo.ID, CommitSHA: addFileToForkedResp.Commit.SHA})
+			assert.True(t, actionRun.NeedApproval)
+			actionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: actionRun.ID, RepoID: baseRepo.ID})
+			assert.Equal(t, actions_model.StatusBlocked, actionRunJob.Status)
+		}
+
+		req := NewRequestWithJSON(t, "PATCH", prAPILink, &structs.PullRequest{State: "closed"}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		{
+			actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{RepoID: baseRepo.ID, CommitSHA: addFileToForkedResp.Commit.SHA})
+			assert.False(t, actionRun.NeedApproval)
+			assert.Equal(t, actions_model.StatusCancelled, actionRun.Status)
+			actionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: actionRun.ID, RepoID: baseRepo.ID})
+			assert.Equal(t, actions_model.StatusCancelled, actionRunJob.Status)
+		}
+	})
+}

From eed8dfc1e7834b9797b95134ff9d354db86b9383 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 2 Feb 2026 23:57:26 +0100
Subject: [PATCH 255/854] Update module github.com/golang-jwt/jwt/v5 to v5.3.1
 (forgejo) (#11090)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11090
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8aa243d29f..d5e2b227e4 100644
--- a/go.mod
+++ b/go.mod
@@ -56,7 +56,7 @@ require (
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
-	github.com/golang-jwt/jwt/v5 v5.3.0
+	github.com/golang-jwt/jwt/v5 v5.3.1
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
 	github.com/google/go-github/v81 v81.0.0
 	github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8
diff --git a/go.sum b/go.sum
index d3419b1f96..3d4d7580ba 100644
--- a/go.sum
+++ b/go.sum
@@ -340,8 +340,8 @@ github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f h1:3BSP1Tbs2djlpprl7w
 github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f/go.mod h1:Pcatq5tYkCW2Q6yrR2VRHlbHpZ/R4/7qyL1TCF7vl14=
 github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85 h1:UjoPNDAQ5JPCjlxoJd6K8ALZqSDDhk2ymieAZOVaDg0=
 github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85/go.mod h1:fR6z1Ie6rtF7kl/vBYMfgD5/G5B1blui7z426/sj2DU=
-github.com/golang-jwt/jwt/v5 v5.3.0 h1:pv4AsKCKKZuqlgs5sUmn4x8UlGa0kEVt/puTpKx9vvo=
-github.com/golang-jwt/jwt/v5 v5.3.0/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
+github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
+github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
 github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/geo v0.0.0-20190916061304-5b978397cfec/go.mod h1:QZ0nwyI2jOfgRAoBvP+ab5aRr7c9x7lhGEJrKvBwjWI=

From 233653bf89181d3ae91d3c56023365341c1f8a43 Mon Sep 17 00:00:00 2001
From: Ori Hoch <ori@uumpa.com>
Date: Tue, 3 Feb 2026 04:11:30 +0100
Subject: [PATCH 256/854] fix searching issues by org labels via api (#11109)

fixes #9028 - when searching issues via repo api, org labels are ignored

added integration test that reproduces the bug

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11109
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Ori Hoch <ori@uumpa.com>
Co-committed-by: Ori Hoch <ori@uumpa.com>
---
 routers/api/v1/repo/issue.go        |  8 ++++++++
 tests/integration/api_issue_test.go | 28 ++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go
index 3c6c1044c6..dcafc54c0e 100644
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@@ -447,6 +447,14 @@ func ListIssues(ctx *context.APIContext) {
 			ctx.Error(http.StatusInternalServerError, "GetLabelIDsInRepoByNames", err)
 			return
 		}
+		if ctx.Repo.Owner.IsOrganization() {
+			orgLabelIDs, err := issues_model.GetLabelIDsInOrgByNames(ctx, ctx.Repo.Owner.ID, split)
+			if err != nil {
+				ctx.Error(http.StatusInternalServerError, "GetLabelIDsInOrgByNames", err)
+				return
+			}
+			labelIDs = append(labelIDs, orgLabelIDs...)
+		}
 	}
 
 	var mileIDs []int64
diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go
index 581282223d..44e07b95c8 100644
--- a/tests/integration/api_issue_test.go
+++ b/tests/integration/api_issue_test.go
@@ -125,6 +125,34 @@ func TestAPIListIssues(t *testing.T) {
 	})
 }
 
+func TestAPIListIssuesWithLabels(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3})
+	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+	issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 6, RepoID: repo.ID})
+	orgLabel := unittest.AssertExistsAndLoadBean(t, &issues_model.Label{ID: 4, OrgID: owner.ID})
+
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue, auth_model.AccessTokenScopeWriteIssue)
+
+	addLabelsURL := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/labels", owner.Name, repo.Name, issue.Index)
+	req := NewRequestWithJSON(t, "POST", addLabelsURL, &api.IssueLabelsOption{Labels: []any{orgLabel.Name}}).AddTokenAuth(token)
+	MakeRequest(t, req, http.StatusOK)
+
+	link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/issues", owner.Name, repo.Name))
+	link.RawQuery = url.Values{"state": {"all"}, "labels": {orgLabel.Name}}.Encode()
+
+	req = NewRequest(t, "GET", link.String()).AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	var apiIssues []*api.Issue
+	DecodeJSON(t, resp, &apiIssues)
+	if assert.Len(t, apiIssues, 1) {
+		assert.Equal(t, issue.ID, apiIssues[0].ID)
+	}
+}
+
 func TestAPIListIssuesPublicOnly(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From c6c77dfe342e5a2386696271a5d6de222db11130 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 3 Feb 2026 13:25:25 +0100
Subject: [PATCH 257/854] Update dependency css-loader to v7.1.3 (forgejo)
 (#11110)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11110
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 12 ++++++------
 package.json      |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 515390e6e2..3924ae0967 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -44,7 +44,7 @@
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
         "clippie": "4.1.9",
-        "css-loader": "7.0.0",
+        "css-loader": "7.1.3",
         "dayjs": "1.11.18",
         "dropzone": "6.0.0-beta.2",
         "easymde": "2.18.0",
@@ -6528,19 +6528,19 @@
       }
     },
     "node_modules/css-loader": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/css-loader/-/css-loader-7.0.0.tgz",
-      "integrity": "sha512-WrO4FVoamxt5zY9CauZjoJgXRi/LZKIk+Ta7YvpSGr5r/eMYPNp5/T9ODlMe4/1rF5DYlycG1avhV4g3A/tiAw==",
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/css-loader/-/css-loader-7.1.3.tgz",
+      "integrity": "sha512-frbERmjT0UC5lMheWpJmMilnt9GEhbZJN/heUb7/zaJYeIzj5St9HvDcfshzzOqbsS+rYpMk++2SD3vGETDSyA==",
       "license": "MIT",
       "dependencies": {
         "icss-utils": "^5.1.0",
-        "postcss": "^8.4.33",
+        "postcss": "^8.4.40",
         "postcss-modules-extract-imports": "^3.1.0",
         "postcss-modules-local-by-default": "^4.0.5",
         "postcss-modules-scope": "^3.2.0",
         "postcss-modules-values": "^4.0.0",
         "postcss-value-parser": "^4.2.0",
-        "semver": "^7.5.4"
+        "semver": "^7.6.3"
       },
       "engines": {
         "node": ">= 18.12.0"
diff --git a/package.json b/package.json
index c1654abf50..1e876da307 100644
--- a/package.json
+++ b/package.json
@@ -43,7 +43,7 @@
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",
     "clippie": "4.1.9",
-    "css-loader": "7.0.0",
+    "css-loader": "7.1.3",
     "dayjs": "1.11.18",
     "dropzone": "6.0.0-beta.2",
     "easymde": "2.18.0",

From a43ab6cee24ff48711f0b7939c1a7668fc3a9a53 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 3 Feb 2026 13:27:39 +0100
Subject: [PATCH 258/854] Update module github.com/go-enry/go-enry/v2 to v2.9.4
 (forgejo) (#11105)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11105
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d5e2b227e4..22033a6746 100644
--- a/go.mod
+++ b/go.mod
@@ -48,7 +48,7 @@ require (
 	github.com/go-chi/chi/v5 v5.2.4
 	github.com/go-chi/cors v1.2.2
 	github.com/go-co-op/gocron v1.37.0
-	github.com/go-enry/go-enry/v2 v2.9.3
+	github.com/go-enry/go-enry/v2 v2.9.4
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-openapi/spec v0.22.3
 	github.com/go-sql-driver/mysql v1.9.3
diff --git a/go.sum b/go.sum
index 3d4d7580ba..98d8e4dd98 100644
--- a/go.sum
+++ b/go.sum
@@ -269,8 +269,8 @@ github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE=
 github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=
 github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY=
-github.com/go-enry/go-enry/v2 v2.9.3 h1:sgAs50C0eDFl/NC4IGPTWQv2PsSEBULwBmdC4hkjiZY=
-github.com/go-enry/go-enry/v2 v2.9.3/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
+github.com/go-enry/go-enry/v2 v2.9.4 h1:DS4l06/NgMzYjsJ2J52wORo6UsfFDjDCwfAn7w3gG44=
+github.com/go-enry/go-enry/v2 v2.9.4/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
 github.com/go-enry/go-oniguruma v1.2.1 h1:k8aAMuJfMrqm/56SG2lV9Cfti6tC4x8673aHCcBk+eo=
 github.com/go-enry/go-oniguruma v1.2.1/go.mod h1:bWDhYP+S6xZQgiRL7wlTScFYBe023B6ilRZbCAD5Hf4=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=

From bb153f2bc04ac63cebe6026291abbe247981ea68 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 3 Feb 2026 13:29:40 +0100
Subject: [PATCH 259/854] Update dependency @vitest/eslint-plugin to v1.6.6
 (forgejo) (#11119)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 187 ++++++++++++++++++++++++++++++++++++++++++++--
 package.json      |   2 +-
 2 files changed, 182 insertions(+), 7 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3924ae0967..e76a0a5f3c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -90,7 +90,7 @@
         "@stylistic/stylelint-plugin": "4.0.0",
         "@vitejs/plugin-vue": "6.0.3",
         "@vitest/coverage-v8": "4.0.16",
-        "@vitest/eslint-plugin": "1.6.4",
+        "@vitest/eslint-plugin": "1.6.6",
         "@vue/test-utils": "2.4.6",
         "eslint": "9.39.2",
         "eslint-import-resolver-typescript": "4.4.4",
@@ -4503,6 +4503,7 @@
       "integrity": "sha512-lCLp8H1T9T7gPbEuJSnHwnSuO9mDf8mfK/Nion5mZmiEaQD9sWf9W4dfeFqRyqRjF06/kBuTmAqcs9sewM2NbQ==",
       "dev": true,
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.7.0",
         "@typescript-eslint/scope-manager": "8.50.1",
@@ -4858,14 +4859,14 @@
       }
     },
     "node_modules/@vitest/eslint-plugin": {
-      "version": "1.6.4",
-      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.6.4.tgz",
-      "integrity": "sha512-+qw32ux8HMVNrJnQOYgdjrMYmCn9vsiKnJUv5MoOg40e18WOvhWurzHdbRB3vXLfUrP7+jYyQbd6TuRhL23AkQ==",
+      "version": "1.6.6",
+      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.6.6.tgz",
+      "integrity": "sha512-bwgQxQWRtnTVzsUHK824tBmHzjV0iTx3tZaiQIYDjX3SA7TsQS8CuDVqxXrRY3FaOUMgbGavesCxI9MOfFLm7Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "^8.46.1",
-        "@typescript-eslint/utils": "^8.46.1"
+        "@typescript-eslint/scope-manager": "^8.51.0",
+        "@typescript-eslint/utils": "^8.51.0"
       },
       "engines": {
         "node": ">=18"
@@ -4884,6 +4885,180 @@
         }
       }
     },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/project-service": {
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.54.0.tgz",
+      "integrity": "sha512-YPf+rvJ1s7MyiWM4uTRhE4DvBXrEV+d8oC3P9Y2eT7S+HBS0clybdMIPnhiATi9vZOYDc7OQ1L/i6ga6NFYK/g==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/tsconfig-utils": "^8.54.0",
+        "@typescript-eslint/types": "^8.54.0",
+        "debug": "^4.4.3"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "typescript": ">=4.8.4 <6.0.0"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/scope-manager": {
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.54.0.tgz",
+      "integrity": "sha512-27rYVQku26j/PbHYcVfRPonmOlVI6gihHtXFbTdB5sb6qA0wdAQAbyXFVarQ5t4HRojIz64IV90YtsjQSSGlQg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/types": "8.54.0",
+        "@typescript-eslint/visitor-keys": "8.54.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/tsconfig-utils": {
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.54.0.tgz",
+      "integrity": "sha512-dRgOyT2hPk/JwxNMZDsIXDgyl9axdJI3ogZ2XWhBPsnZUv+hPesa5iuhdYt2gzwA9t8RE5ytOJ6xB0moV0Ujvw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "typescript": ">=4.8.4 <6.0.0"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/types": {
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.54.0.tgz",
+      "integrity": "sha512-PDUI9R1BVjqu7AUDsRBbKMtwmjWcn4J3le+5LpcFgWULN3LvHC5rkc9gCVxbrsrGmO1jfPybN5s6h4Jy+OnkAA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": {
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.54.0.tgz",
+      "integrity": "sha512-BUwcskRaPvTk6fzVWgDPdUndLjB87KYDrN5EYGetnktoeAvPtO4ONHlAZDnj5VFnUANg0Sjm7j4usBlnoVMHwA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/project-service": "8.54.0",
+        "@typescript-eslint/tsconfig-utils": "8.54.0",
+        "@typescript-eslint/types": "8.54.0",
+        "@typescript-eslint/visitor-keys": "8.54.0",
+        "debug": "^4.4.3",
+        "minimatch": "^9.0.5",
+        "semver": "^7.7.3",
+        "tinyglobby": "^0.2.15",
+        "ts-api-utils": "^2.4.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "typescript": ">=4.8.4 <6.0.0"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/utils": {
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.54.0.tgz",
+      "integrity": "sha512-9Cnda8GS57AQakvRyG0PTejJNlA2xhvyNtEVIMlDWOOeEyBkYWhGPnfrIAnqxLMTSTo6q8g12XVjjev5l1NvMA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@eslint-community/eslint-utils": "^4.9.1",
+        "@typescript-eslint/scope-manager": "8.54.0",
+        "@typescript-eslint/types": "8.54.0",
+        "@typescript-eslint/typescript-estree": "8.54.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^8.57.0 || ^9.0.0",
+        "typescript": ">=4.8.4 <6.0.0"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": {
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.54.0.tgz",
+      "integrity": "sha512-VFlhGSl4opC0bprJiItPQ1RfUhGDIBokcPwaFH4yiBCaNPeld/9VeXbiPO1cLyorQi1G1vL+ecBk1x8o1axORA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/types": "8.54.0",
+        "eslint-visitor-keys": "^4.2.1"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/brace-expansion": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
+      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/minimatch": {
+      "version": "9.0.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
+      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
     "node_modules/@vitest/expect": {
       "version": "4.0.16",
       "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.16.tgz",
diff --git a/package.json b/package.json
index 1e876da307..c98e727e97 100644
--- a/package.json
+++ b/package.json
@@ -89,7 +89,7 @@
     "@stylistic/stylelint-plugin": "4.0.0",
     "@vitejs/plugin-vue": "6.0.3",
     "@vitest/coverage-v8": "4.0.16",
-    "@vitest/eslint-plugin": "1.6.4",
+    "@vitest/eslint-plugin": "1.6.6",
     "@vue/test-utils": "2.4.6",
     "eslint": "9.39.2",
     "eslint-import-resolver-typescript": "4.4.4",

From 2f6c817ae6d745b5dc2f4c5660bdfb3e5716b6b6 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 3 Feb 2026 13:46:34 +0100
Subject: [PATCH 260/854] Update dependency @stylistic/stylelint-plugin to
 v4.0.1 (forgejo) (#11118)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e76a0a5f3c..c8a52558cf 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -87,7 +87,7 @@
         "@playwright/test": "1.57.0",
         "@stoplight/spectral-cli": "6.15.0",
         "@stylistic/eslint-plugin": "5.6.1",
-        "@stylistic/stylelint-plugin": "4.0.0",
+        "@stylistic/stylelint-plugin": "4.0.1",
         "@vitejs/plugin-vue": "6.0.3",
         "@vitest/coverage-v8": "4.0.16",
         "@vitest/eslint-plugin": "1.6.6",
@@ -3814,9 +3814,9 @@
       }
     },
     "node_modules/@stylistic/stylelint-plugin": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/@stylistic/stylelint-plugin/-/stylelint-plugin-4.0.0.tgz",
-      "integrity": "sha512-CFwt3K4Y/7bygNCLCQ8Sy4Hzgbhxq3BsNW0FIuYxl17HD3ywptm54ocyeiLVRrk5jtz1Zwks7Xr9eiZt8SWHAw==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/@stylistic/stylelint-plugin/-/stylelint-plugin-4.0.1.tgz",
+      "integrity": "sha512-jKZSZr/S/NehfgayNJI3O/JEq+W5lSeHUJNvdOebRPNFP2ZylTbAx/p5qR8scQFpiVzy1VQM9R+G0kIB62r1Pw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index c98e727e97..3f3ba94e95 100644
--- a/package.json
+++ b/package.json
@@ -86,7 +86,7 @@
     "@playwright/test": "1.57.0",
     "@stoplight/spectral-cli": "6.15.0",
     "@stylistic/eslint-plugin": "5.6.1",
-    "@stylistic/stylelint-plugin": "4.0.0",
+    "@stylistic/stylelint-plugin": "4.0.1",
     "@vitejs/plugin-vue": "6.0.3",
     "@vitest/coverage-v8": "4.0.16",
     "@vitest/eslint-plugin": "1.6.6",

From 14c0f09b5410d2fd8e3a145583e3ae57a30b2aa9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 3 Feb 2026 20:11:03 +0100
Subject: [PATCH 261/854] Update vitest monorepo to v4.0.18 (forgejo) (#11121)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/main/packages/coverage-v8#readme) ([source](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8)) | [`4.0.16` → `4.0.18`](https://renovatebot.com/diffs/npm/@vitest%2fcoverage-v8/4.0.16/4.0.18) | ![age](https://developer.mend.io/api/mc/badges/age/npm/@vitest%2fcoverage-v8/4.0.18?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@vitest%2fcoverage-v8/4.0.16/4.0.18?slim=true) |
| [vitest](https://vitest.dev) ([source](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest)) | [`4.0.16` → `4.0.18`](https://renovatebot.com/diffs/npm/vitest/4.0.16/4.0.18) | ![age](https://developer.mend.io/api/mc/badges/age/npm/vitest/4.0.18?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vitest/4.0.16/4.0.18?slim=true) |

---

### Release Notes

<details>
<summary>vitest-dev/vitest (@&#8203;vitest/coverage-v8)</summary>

### [`v4.0.18`](https://github.com/vitest-dev/vitest/releases/tag/v4.0.18)

[Compare Source](https://github.com/vitest-dev/vitest/compare/v4.0.17...v4.0.18)

#####    🚀 Experimental Features

- **experimental**: Add `onModuleRunner` hook to `worker.init`  -  by [@&#8203;sheremet-va](https://github.com/sheremet-va) in [#&#8203;9286](https://github.com/vitest-dev/vitest/issues/9286) [<samp>(ea837)</samp>](https://github.com/vitest-dev/vitest/commit/ea837de7d)

#####    🐞 Bug Fixes

- Use `meta.url` in `createRequire`  -  by [@&#8203;sheremet-va](https://github.com/sheremet-va) in [#&#8203;9441](https://github.com/vitest-dev/vitest/issues/9441) [<samp>(e0572)</samp>](https://github.com/vitest-dev/vitest/commit/e057281ca)
- **browser**: Hide injected data-testid attributes  -  by [@&#8203;sheremet-va](https://github.com/sheremet-va) in [#&#8203;9503](https://github.com/vitest-dev/vitest/issues/9503) [<samp>(f8989)</samp>](https://github.com/vitest-dev/vitest/commit/f89899cd8)
- **ui**: Process artifact attachments when generating HTML reporter  -  by [@&#8203;macarie](https://github.com/macarie) in [#&#8203;9472](https://github.com/vitest-dev/vitest/issues/9472) [<samp>(22543)</samp>](https://github.com/vitest-dev/vitest/commit/225435647)

#####     [View changes on GitHub](https://github.com/vitest-dev/vitest/compare/v4.0.17...v4.0.18)

### [`v4.0.17`](https://github.com/vitest-dev/vitest/releases/tag/v4.0.17)

[Compare Source](https://github.com/vitest-dev/vitest/compare/v4.0.16...v4.0.17)

#####    🚀 Experimental Features

- Support openTelemetry for browser mode  -  by [@&#8203;hi-ogawa](https://github.com/hi-ogawa) in [#&#8203;9180](https://github.com/vitest-dev/vitest/issues/9180) [<samp>(1ec3a)</samp>](https://github.com/vitest-dev/vitest/commit/1ec3a8b68)
- Support TRACEPARENT and TRACESTATE environment variables for OpenTelemetry context propagation  -  by [@&#8203;Copilot](https://github.com/Copilot), **hi-ogawa** and [@&#8203;hi-ogawa](https://github.com/hi-ogawa) in [#&#8203;9295](https://github.com/vitest-dev/vitest/issues/9295) [<samp>(876cb)</samp>](https://github.com/vitest-dev/vitest/commit/876cb84c2)

#####    🐞 Bug Fixes

- Improve asymmetric matcher diff readability by unwrapping container matchers  -  by [@&#8203;Copilot](https://github.com/Copilot), **sheremet-va**, **hi-ogawa** and [@&#8203;hi-ogawa](https://github.com/hi-ogawa) in [#&#8203;9330](https://github.com/vitest-dev/vitest/issues/9330) [<samp>(b2ec7)</samp>](https://github.com/vitest-dev/vitest/commit/b2ec724a8)
- Improve runner error when importing outside of test context  -  by [@&#8203;sheremet-va](https://github.com/sheremet-va) in [#&#8203;9335](https://github.com/vitest-dev/vitest/issues/9335) [<samp>(2dd3d)</samp>](https://github.com/vitest-dev/vitest/commit/2dd3dd839)
- Replace crypto.randomUUID to allow insecure environments (fix [#&#8203;9](https://github.com/vitest-dev/vitest/issues/9)…  -  by [@&#8203;plusgut](https://github.com/plusgut) in [#&#8203;9339](https://github.com/vitest-dev/vitest/issues/9339) and [#&#8203;9](https://github.com/vitest-dev/vitest/issues/9) [<samp>(e6a3f)</samp>](https://github.com/vitest-dev/vitest/commit/e6a3f8cc7)
- Handle null options in `addEventHandler` [#&#8203;9371](https://github.com/vitest-dev/vitest/issues/9371)  -  by [@&#8203;ThibautMarechal](https://github.com/ThibautMarechal) in [#&#8203;9372](https://github.com/vitest-dev/vitest/issues/9372) and [#&#8203;9371](https://github.com/vitest-dev/vitest/issues/9371) [<samp>(40841)</samp>](https://github.com/vitest-dev/vitest/commit/40841ff00)
- Typo in browser.provider error  -  by [@&#8203;deammer](https://github.com/deammer) in [#&#8203;9394](https://github.com/vitest-dev/vitest/issues/9394) [<samp>(4b67f)</samp>](https://github.com/vitest-dev/vitest/commit/4b67fc25a)
- **browser**:
  - Fix `process.env` and `import.meta.env` defines in inline project  -  by [@&#8203;hi-ogawa](https://github.com/hi-ogawa) in [#&#8203;9239](https://github.com/vitest-dev/vitest/issues/9239) [<samp>(b70c9)</samp>](https://github.com/vitest-dev/vitest/commit/b70c96121)
  - Fix upload File instance  -  by [@&#8203;hi-ogawa](https://github.com/hi-ogawa) in [#&#8203;9294](https://github.com/vitest-dev/vitest/issues/9294) [<samp>(b6778)</samp>](https://github.com/vitest-dev/vitest/commit/b67788c69)
  - Fix invalid project token for artifacts assets  -  by [@&#8203;hi-ogawa](https://github.com/hi-ogawa) in [#&#8203;9321](https://github.com/vitest-dev/vitest/issues/9321) [<samp>(caa7d)</samp>](https://github.com/vitest-dev/vitest/commit/caa7d73d4)
  - Log `ErrorEvent.message` when unhandled `ErrorEvent.error` is null  -  by [@&#8203;hi-ogawa](https://github.com/hi-ogawa) in [#&#8203;9322](https://github.com/vitest-dev/vitest/issues/9322) [<samp>(5d84e)</samp>](https://github.com/vitest-dev/vitest/commit/5d84eeb91)
  - Support `fileParallelism` on an instance  -  by [@&#8203;sheremet-va](https://github.com/sheremet-va) in [#&#8203;9328](https://github.com/vitest-dev/vitest/issues/9328) [<samp>(15006)</samp>](https://github.com/vitest-dev/vitest/commit/150065459)
- **coverage**:
  - Remove unnecessary `istanbul-lib-source-maps` usage  -  by [@&#8203;AriPerkkio](https://github.com/AriPerkkio) in [#&#8203;9344](https://github.com/vitest-dev/vitest/issues/9344) [<samp>(b0940)</samp>](https://github.com/vitest-dev/vitest/commit/b09405375)
  - Apply patch from [istanbuljs/istanbuljs#837](https://github.com/istanbuljs/istanbuljs/issues/837)  -  by [@&#8203;AriPerkkio](https://github.com/AriPerkkio) and **sapphi-red** in [#&#8203;9413](https://github.com/vitest-dev/vitest/issues/9413) and [#&#8203;837](https://github.com/vitest-dev/vitest/issues/837) [<samp>(e05ce)</samp>](https://github.com/vitest-dev/vitest/commit/e05cedbf4)
- **fsModuleCache**:
  - Don't store importers in cache  -  by [@&#8203;sheremet-va](https://github.com/sheremet-va) in [#&#8203;9422](https://github.com/vitest-dev/vitest/issues/9422) [<samp>(75136)</samp>](https://github.com/vitest-dev/vitest/commit/751364eec)
  - Add importers alongside importedModules  -  by [@&#8203;sheremet-va](https://github.com/sheremet-va) in [#&#8203;9423](https://github.com/vitest-dev/vitest/issues/9423) [<samp>(59f92)</samp>](https://github.com/vitest-dev/vitest/commit/59f92d403)
- **mocker**:
  - Fix mock transform with class  -  by [@&#8203;hi-ogawa](https://github.com/hi-ogawa) in [#&#8203;9421](https://github.com/vitest-dev/vitest/issues/9421) [<samp>(d390e)</samp>](https://github.com/vitest-dev/vitest/commit/d390eb527)
- **pool**:
  - Validate environment options when reusing the worker  -  by [@&#8203;sheremet-va](https://github.com/sheremet-va) in [#&#8203;9349](https://github.com/vitest-dev/vitest/issues/9349) [<samp>(a8a88)</samp>](https://github.com/vitest-dev/vitest/commit/a8a8836e3)
  - Handle worker start failures gracefully  -  by [@&#8203;AriPerkkio](https://github.com/AriPerkkio) in [#&#8203;9337](https://github.com/vitest-dev/vitest/issues/9337) [<samp>(200da)</samp>](https://github.com/vitest-dev/vitest/commit/200dadb32)
- **reporter**:
  - Report test module if it failed to run  -  by [@&#8203;sheremet-va](https://github.com/sheremet-va) in [#&#8203;9272](https://github.com/vitest-dev/vitest/issues/9272) [<samp>(c7888)</samp>](https://github.com/vitest-dev/vitest/commit/c78882985)
- **runner**:
  - Respect nested test.only within describe.only  -  by [@&#8203;Ujjwaljain16](https://github.com/Ujjwaljain16) in [#&#8203;9021](https://github.com/vitest-dev/vitest/issues/9021) and [#&#8203;9213](https://github.com/vitest-dev/vitest/issues/9213) [<samp>(55d5d)</samp>](https://github.com/vitest-dev/vitest/commit/55d5dad69)
- **typecheck**:
  - Improve error message when tsc outputs help text  -  by [@&#8203;Ujjwaljain16](https://github.com/Ujjwaljain16) in [#&#8203;9214](https://github.com/vitest-dev/vitest/issues/9214) [<samp>(7b10a)</samp>](https://github.com/vitest-dev/vitest/commit/7b10ab4cd)
- **ui**:
  - Detect gzip by magic numbers instead of Content-Type header in html reporter  -  by [@&#8203;Copilot](https://github.com/Copilot), **hi-ogawa** and [@&#8203;hi-ogawa](https://github.com/hi-ogawa) in [#&#8203;9278](https://github.com/vitest-dev/vitest/issues/9278) [<samp>(dd033)</samp>](https://github.com/vitest-dev/vitest/commit/dd0331632)
- **webdriverio**:
  - Fall back to WebDriver Classic [#&#8203;9244](https://github.com/vitest-dev/vitest/issues/9244)  -  by [@&#8203;JustasMonkev](https://github.com/JustasMonkev) in [#&#8203;9373](https://github.com/vitest-dev/vitest/issues/9373) and [#&#8203;9244](https://github.com/vitest-dev/vitest/issues/9244) [<samp>(c23dd)</samp>](https://github.com/vitest-dev/vitest/commit/c23dd11bd)

#####     [View changes on GitHub](https://github.com/vitest-dev/vitest/compare/v4.0.16...v4.0.17)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45My4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTMuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11121
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 116 ++++++++++++++++++++--------------------------
 package.json      |   4 +-
 2 files changed, 52 insertions(+), 68 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c8a52558cf..6f9c5a752b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -89,7 +89,7 @@
         "@stylistic/eslint-plugin": "5.6.1",
         "@stylistic/stylelint-plugin": "4.0.1",
         "@vitejs/plugin-vue": "6.0.3",
-        "@vitest/coverage-v8": "4.0.16",
+        "@vitest/coverage-v8": "4.0.18",
         "@vitest/eslint-plugin": "1.6.6",
         "@vue/test-utils": "2.4.6",
         "eslint": "9.39.2",
@@ -121,7 +121,7 @@
         "typescript": "5.9.3",
         "typescript-eslint": "8.50.1",
         "vite-string-plugin": "1.4.9",
-        "vitest": "4.0.16"
+        "vitest": "4.0.18"
       },
       "engines": {
         "node": ">= 20.0.0"
@@ -4827,18 +4827,17 @@
       }
     },
     "node_modules/@vitest/coverage-v8": {
-      "version": "4.0.16",
-      "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-4.0.16.tgz",
-      "integrity": "sha512-2rNdjEIsPRzsdu6/9Eq0AYAzYdpP6Bx9cje9tL3FE5XzXRQF1fNU9pe/1yE8fCrS0HD+fBtt6gLPh6LI57tX7A==",
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-4.0.18.tgz",
+      "integrity": "sha512-7i+N2i0+ME+2JFZhfuz7Tg/FqKtilHjGyGvoHYQ6iLV0zahbsJ9sljC9OcFcPDbhYKCet+sG8SsVqlyGvPflZg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@bcoe/v8-coverage": "^1.0.2",
-        "@vitest/utils": "4.0.16",
-        "ast-v8-to-istanbul": "^0.3.8",
+        "@vitest/utils": "4.0.18",
+        "ast-v8-to-istanbul": "^0.3.10",
         "istanbul-lib-coverage": "^3.2.2",
         "istanbul-lib-report": "^3.0.1",
-        "istanbul-lib-source-maps": "^5.0.6",
         "istanbul-reports": "^3.2.0",
         "magicast": "^0.5.1",
         "obug": "^2.1.1",
@@ -4849,8 +4848,8 @@
         "url": "https://opencollective.com/vitest"
       },
       "peerDependencies": {
-        "@vitest/browser": "4.0.16",
-        "vitest": "4.0.16"
+        "@vitest/browser": "4.0.18",
+        "vitest": "4.0.18"
       },
       "peerDependenciesMeta": {
         "@vitest/browser": {
@@ -5060,16 +5059,16 @@
       }
     },
     "node_modules/@vitest/expect": {
-      "version": "4.0.16",
-      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.16.tgz",
-      "integrity": "sha512-eshqULT2It7McaJkQGLkPjPjNph+uevROGuIMJdG3V+0BSR2w9u6J9Lwu+E8cK5TETlfou8GRijhafIMhXsimA==",
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.18.tgz",
+      "integrity": "sha512-8sCWUyckXXYvx4opfzVY03EOiYVxyNrHS5QxX3DAIi5dpJAAkyJezHCP77VMX4HKA2LDT/Jpfo8i2r5BE3GnQQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@standard-schema/spec": "^1.0.0",
         "@types/chai": "^5.2.2",
-        "@vitest/spy": "4.0.16",
-        "@vitest/utils": "4.0.16",
+        "@vitest/spy": "4.0.18",
+        "@vitest/utils": "4.0.18",
         "chai": "^6.2.1",
         "tinyrainbow": "^3.0.3"
       },
@@ -5078,13 +5077,13 @@
       }
     },
     "node_modules/@vitest/mocker": {
-      "version": "4.0.16",
-      "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.0.16.tgz",
-      "integrity": "sha512-yb6k4AZxJTB+q9ycAvsoxGn+j/po0UaPgajllBgt1PzoMAAmJGYFdDk0uCcRcxb3BrME34I6u8gHZTQlkqSZpg==",
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.0.18.tgz",
+      "integrity": "sha512-HhVd0MDnzzsgevnOWCBj5Otnzobjy5wLBe4EdeeFGv8luMsGcYqDuFRMcttKWZA5vVO8RFjexVovXvAM4JoJDQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/spy": "4.0.16",
+        "@vitest/spy": "4.0.18",
         "estree-walker": "^3.0.3",
         "magic-string": "^0.30.21"
       },
@@ -5132,9 +5131,9 @@
       }
     },
     "node_modules/@vitest/pretty-format": {
-      "version": "4.0.16",
-      "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.0.16.tgz",
-      "integrity": "sha512-eNCYNsSty9xJKi/UdVD8Ou16alu7AYiS2fCPRs0b1OdhJiV89buAXQLpTbe+X8V9L6qrs9CqyvU7OaAopJYPsA==",
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.0.18.tgz",
+      "integrity": "sha512-P24GK3GulZWC5tz87ux0m8OADrQIUVDPIjjj65vBXYG17ZeU3qD7r+MNZ1RNv4l8CGU2vtTRqixrOi9fYk/yKw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5145,13 +5144,13 @@
       }
     },
     "node_modules/@vitest/runner": {
-      "version": "4.0.16",
-      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.0.16.tgz",
-      "integrity": "sha512-VWEDm5Wv9xEo80ctjORcTQRJ539EGPB3Pb9ApvVRAY1U/WkHXmmYISqU5E79uCwcW7xYUV38gwZD+RV755fu3Q==",
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.0.18.tgz",
+      "integrity": "sha512-rpk9y12PGa22Jg6g5M3UVVnTS7+zycIGk9ZNGN+m6tZHKQb7jrP7/77WfZy13Y/EUDd52NDsLRQhYKtv7XfPQw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/utils": "4.0.16",
+        "@vitest/utils": "4.0.18",
         "pathe": "^2.0.3"
       },
       "funding": {
@@ -5159,13 +5158,13 @@
       }
     },
     "node_modules/@vitest/snapshot": {
-      "version": "4.0.16",
-      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.0.16.tgz",
-      "integrity": "sha512-sf6NcrYhYBsSYefxnry+DR8n3UV4xWZwWxYbCJUt2YdvtqzSPR7VfGrY0zsv090DAbjFZsi7ZaMi1KnSRyK1XA==",
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.0.18.tgz",
+      "integrity": "sha512-PCiV0rcl7jKQjbgYqjtakly6T1uwv/5BQ9SwBLekVg/EaYeQFPiXcgrC2Y7vDMA8dM1SUEAEV82kgSQIlXNMvA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/pretty-format": "4.0.16",
+        "@vitest/pretty-format": "4.0.18",
         "magic-string": "^0.30.21",
         "pathe": "^2.0.3"
       },
@@ -5184,9 +5183,9 @@
       }
     },
     "node_modules/@vitest/spy": {
-      "version": "4.0.16",
-      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.0.16.tgz",
-      "integrity": "sha512-4jIOWjKP0ZUaEmJm00E0cOBLU+5WE0BpeNr3XN6TEF05ltro6NJqHWxXD0kA8/Zc8Nh23AT8WQxwNG+WeROupw==",
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.0.18.tgz",
+      "integrity": "sha512-cbQt3PTSD7P2OARdVW3qWER5EGq7PHlvE+QfzSC0lbwO+xnt7+XH06ZzFjFRgzUX//JmpxrCu92VdwvEPlWSNw==",
       "dev": true,
       "license": "MIT",
       "funding": {
@@ -5194,13 +5193,13 @@
       }
     },
     "node_modules/@vitest/utils": {
-      "version": "4.0.16",
-      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.0.16.tgz",
-      "integrity": "sha512-h8z9yYhV3e1LEfaQ3zdypIrnAg/9hguReGZoS7Gl0aBG5xgA410zBqECqmaF/+RkTggRsfnzc1XaAHA6bmUufA==",
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.0.18.tgz",
+      "integrity": "sha512-msMRKLMVLWygpK3u2Hybgi4MNjcYJvwTb0Ru09+fOyCXIgT5raYP041DRRdiJiI3k/2U6SEbAETB3YtBrUkCFA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/pretty-format": "4.0.16",
+        "@vitest/pretty-format": "4.0.18",
         "tinyrainbow": "^3.0.3"
       },
       "funding": {
@@ -10425,21 +10424,6 @@
         "node": ">=10"
       }
     },
-    "node_modules/istanbul-lib-source-maps": {
-      "version": "5.0.6",
-      "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-5.0.6.tgz",
-      "integrity": "sha512-yg2d+Em4KizZC5niWhQaIomgf5WlL4vOOjZ5xGCmF8SnPE/mDWWXgvRExdcpCgh9lLRRa1/fSYp2ymmbJ1pI+A==",
-      "dev": true,
-      "license": "BSD-3-Clause",
-      "dependencies": {
-        "@jridgewell/trace-mapping": "^0.3.23",
-        "debug": "^4.1.1",
-        "istanbul-lib-coverage": "^3.0.0"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/istanbul-reports": {
       "version": "3.2.0",
       "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.2.0.tgz",
@@ -15743,20 +15727,20 @@
       }
     },
     "node_modules/vitest": {
-      "version": "4.0.16",
-      "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.0.16.tgz",
-      "integrity": "sha512-E4t7DJ9pESL6E3I8nFjPa4xGUd3PmiWDLsDztS2qXSJWfHtbQnwAWylaBvSNY48I3vr8PTqIZlyK8TE3V3CA4Q==",
+      "version": "4.0.18",
+      "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.0.18.tgz",
+      "integrity": "sha512-hOQuK7h0FGKgBAas7v0mSAsnvrIgAvWmRFjmzpJ7SwFHH3g1k2u37JtYwOwmEKhK6ZO3v9ggDBBm0La1LCK4uQ==",
       "dev": true,
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@vitest/expect": "4.0.16",
-        "@vitest/mocker": "4.0.16",
-        "@vitest/pretty-format": "4.0.16",
-        "@vitest/runner": "4.0.16",
-        "@vitest/snapshot": "4.0.16",
-        "@vitest/spy": "4.0.16",
-        "@vitest/utils": "4.0.16",
+        "@vitest/expect": "4.0.18",
+        "@vitest/mocker": "4.0.18",
+        "@vitest/pretty-format": "4.0.18",
+        "@vitest/runner": "4.0.18",
+        "@vitest/snapshot": "4.0.18",
+        "@vitest/spy": "4.0.18",
+        "@vitest/utils": "4.0.18",
         "es-module-lexer": "^1.7.0",
         "expect-type": "^1.2.2",
         "magic-string": "^0.30.21",
@@ -15784,10 +15768,10 @@
         "@edge-runtime/vm": "*",
         "@opentelemetry/api": "^1.9.0",
         "@types/node": "^20.0.0 || ^22.0.0 || >=24.0.0",
-        "@vitest/browser-playwright": "4.0.16",
-        "@vitest/browser-preview": "4.0.16",
-        "@vitest/browser-webdriverio": "4.0.16",
-        "@vitest/ui": "4.0.16",
+        "@vitest/browser-playwright": "4.0.18",
+        "@vitest/browser-preview": "4.0.18",
+        "@vitest/browser-webdriverio": "4.0.18",
+        "@vitest/ui": "4.0.18",
         "happy-dom": "*",
         "jsdom": "*"
       },
diff --git a/package.json b/package.json
index 3f3ba94e95..39179c4621 100644
--- a/package.json
+++ b/package.json
@@ -88,7 +88,7 @@
     "@stylistic/eslint-plugin": "5.6.1",
     "@stylistic/stylelint-plugin": "4.0.1",
     "@vitejs/plugin-vue": "6.0.3",
-    "@vitest/coverage-v8": "4.0.16",
+    "@vitest/coverage-v8": "4.0.18",
     "@vitest/eslint-plugin": "1.6.6",
     "@vue/test-utils": "2.4.6",
     "eslint": "9.39.2",
@@ -120,7 +120,7 @@
     "typescript": "5.9.3",
     "typescript-eslint": "8.50.1",
     "vite-string-plugin": "1.4.9",
-    "vitest": "4.0.16"
+    "vitest": "4.0.18"
   },
   "browserslist": ["defaults"],
   "scarfSettings": {

From 13b7bdc741a97d2bfa274905730224758234f53a Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 4 Feb 2026 06:53:53 +0100
Subject: [PATCH 262/854] Update dependency globals to v17.3.0 (forgejo)
 (#11147)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11147
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6f9c5a752b..d244cab71e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -107,7 +107,7 @@
         "eslint-plugin-vue": "10.6.2",
         "eslint-plugin-vue-scoped-css": "2.12.0",
         "eslint-plugin-wc": "3.0.2",
-        "globals": "17.2.0",
+        "globals": "17.3.0",
         "happy-dom": "20.0.11",
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.47.0",
@@ -9291,9 +9291,9 @@
       }
     },
     "node_modules/globals": {
-      "version": "17.2.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-17.2.0.tgz",
-      "integrity": "sha512-tovnCz/fEq+Ripoq+p/gN1u7l6A7wwkoBT9pRCzTHzsD/LvADIzXZdjmRymh5Ztf0DYC3Rwg5cZRYjxzBmzbWg==",
+      "version": "17.3.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-17.3.0.tgz",
+      "integrity": "sha512-yMqGUQVVCkD4tqjOJf3TnrvaaHDMYp4VlUSObbkIiuCPe/ofdMBFIAcBbCSRFWOnos6qRiTVStDwqPLUclaxIw==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/package.json b/package.json
index 39179c4621..49512a2d69 100644
--- a/package.json
+++ b/package.json
@@ -106,7 +106,7 @@
     "eslint-plugin-vue": "10.6.2",
     "eslint-plugin-vue-scoped-css": "2.12.0",
     "eslint-plugin-wc": "3.0.2",
-    "globals": "17.2.0",
+    "globals": "17.3.0",
     "happy-dom": "20.0.11",
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.47.0",

From 462ad7bb333e6f693733024c1449a7e0e2993749 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 4 Feb 2026 16:00:18 +0100
Subject: [PATCH 263/854] fix: don't abandon Action jobs waiting for approval
 (#11145)

On an open PR that is waiting for job approval, if jobs haven't been approved by the time the abandon timeout occurs they get marked as cancelled.  This doesn't match the expectations of abandoned jobs in my opinion, which is that they were never able to be dispatched to a runner (no matching labels), but these jobs never got a chance.  They should remain valid and blocked until approved.

Discovered while testing #11125, but unrelated to the behaviour fixed there.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11145
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/run_job_list.go                | 21 +++++++---
 .../TestCancelAbandonedJobs/action_run.yml    | 25 +++++++++++
 .../action_run_job.yml                        | 34 +++++++++++++++
 services/actions/clear_tasks.go               |  6 ++-
 services/actions/clear_tasks_test.go          | 41 +++++++++++++++++++
 5 files changed, 119 insertions(+), 8 deletions(-)
 create mode 100644 services/actions/TestCancelAbandonedJobs/action_run.yml
 create mode 100644 services/actions/TestCancelAbandonedJobs/action_run_job.yml
 create mode 100644 services/actions/clear_tasks_test.go

diff --git a/models/actions/run_job_list.go b/models/actions/run_job_list.go
index cbcb4beb8e..b32b072103 100644
--- a/models/actions/run_job_list.go
+++ b/models/actions/run_job_list.go
@@ -8,6 +8,7 @@ import (
 
 	"forgejo.org/models/db"
 	"forgejo.org/modules/container"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/timeutil"
 
 	"xorm.io/builder"
@@ -48,12 +49,13 @@ func (jobs ActionJobList) LoadAttributes(ctx context.Context, withRepo bool) err
 
 type FindRunJobOptions struct {
 	db.ListOptions
-	RunID         int64
-	RepoID        int64
-	OwnerID       int64
-	CommitSHA     string
-	Statuses      []Status
-	UpdatedBefore timeutil.TimeStamp
+	RunID            int64
+	RepoID           int64
+	OwnerID          int64
+	CommitSHA        string
+	Statuses         []Status
+	UpdatedBefore    timeutil.TimeStamp
+	RunNeedsApproval optional.Option[bool]
 }
 
 func (opts FindRunJobOptions) ToConds() builder.Cond {
@@ -76,5 +78,12 @@ func (opts FindRunJobOptions) ToConds() builder.Cond {
 	if opts.UpdatedBefore > 0 {
 		cond = cond.And(builder.Lt{"updated": opts.UpdatedBefore})
 	}
+	if opts.RunNeedsApproval.Has() {
+		cond = cond.And(builder.Exists(builder.Select("id").From("action_run", "outer_run").
+			Where(builder.Eq{
+				"outer_run.need_approval": opts.RunNeedsApproval.Value(),
+				"outer_run.id":            builder.Expr("run_id"),
+			})))
+	}
 	return cond
 }
diff --git a/services/actions/TestCancelAbandonedJobs/action_run.yml b/services/actions/TestCancelAbandonedJobs/action_run.yml
new file mode 100644
index 0000000000..809048039b
--- /dev/null
+++ b/services/actions/TestCancelAbandonedJobs/action_run.yml
@@ -0,0 +1,25 @@
+# Supporting data for Case 600 - 603
+-
+  id: 900
+  title: "running"
+  owner_id: 2
+  repo_id: 63
+  workflow_id: "running.yaml"
+  index: 4
+  trigger_event: "push"
+  is_fork_pull_request: false
+  trigger_user_id: 2
+  need_approval: false
+
+# Supporting data for Case 604
+-
+  id: 901
+  title: "running"
+  owner_id: 2
+  repo_id: 63
+  workflow_id: "running.yaml"
+  index: 5
+  trigger_event: "push"
+  is_fork_pull_request: false
+  trigger_user_id: 2
+  need_approval: true
diff --git a/services/actions/TestCancelAbandonedJobs/action_run_job.yml b/services/actions/TestCancelAbandonedJobs/action_run_job.yml
new file mode 100644
index 0000000000..f2a4f8b663
--- /dev/null
+++ b/services/actions/TestCancelAbandonedJobs/action_run_job.yml
@@ -0,0 +1,34 @@
+# Case 600 -- status waiting, too long, ready to be abandoned
+-
+  id: 600
+  run_id: 900
+  status: 5 # waiting
+  updated: 981228409
+
+# Case 601 -- status blocked, too long, ready to be abandoned
+-
+  id: 601
+  run_id: 900
+  status: 7 # blocked
+  updated: 981228409
+
+# Case 602 -- status blocked, *not* too long, not to be abandoned
+-
+  id: 602
+  run_id: 900
+  status: 7 # blocked
+  updated: 4105366009 # set to 2100-02-03 -- sorry to whoever fixes this 75 years from now
+
+# Case 603 -- status running, not to be abandoned
+-
+  id: 603
+  run_id: 900
+  status: 6 # running
+  updated: 981228409
+
+# Case 604 -- run needs approval (in action_run.yml), not to be abandoned
+-
+  id: 604
+  run_id: 901
+  status: 5 # waiting
+  updated: 981228409
diff --git a/services/actions/clear_tasks.go b/services/actions/clear_tasks.go
index c36dda55b2..507659d085 100644
--- a/services/actions/clear_tasks.go
+++ b/services/actions/clear_tasks.go
@@ -12,6 +12,7 @@ import (
 	"forgejo.org/models/db"
 	"forgejo.org/modules/actions"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/timeutil"
 )
@@ -75,8 +76,9 @@ func stopTasks(ctx context.Context, opts actions_model.FindTaskOptions) error {
 // CancelAbandonedJobs cancels the jobs which have waiting status, but haven't been picked by a runner for a long time
 func CancelAbandonedJobs(ctx context.Context) error {
 	jobs, err := db.Find[actions_model.ActionRunJob](ctx, actions_model.FindRunJobOptions{
-		Statuses:      []actions_model.Status{actions_model.StatusWaiting, actions_model.StatusBlocked},
-		UpdatedBefore: timeutil.TimeStamp(time.Now().Add(-setting.Actions.AbandonedJobTimeout).Unix()),
+		Statuses:         []actions_model.Status{actions_model.StatusWaiting, actions_model.StatusBlocked},
+		UpdatedBefore:    timeutil.TimeStamp(time.Now().Add(-setting.Actions.AbandonedJobTimeout).Unix()),
+		RunNeedsApproval: optional.Some(false),
 	})
 	if err != nil {
 		log.Warn("find abandoned tasks: %v", err)
diff --git a/services/actions/clear_tasks_test.go b/services/actions/clear_tasks_test.go
new file mode 100644
index 0000000000..ce99ce9569
--- /dev/null
+++ b/services/actions/clear_tasks_test.go
@@ -0,0 +1,41 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestCancelAbandonedJobs(t *testing.T) {
+	defer unittest.OverrideFixtures("services/actions/TestCancelAbandonedJobs")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	require.NoError(t, CancelAbandonedJobs(t.Context()))
+
+	// status waiting, too long, ready to be abandoned
+	job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 600})
+	assert.Equal(t, actions_model.StatusCancelled, job.Status)
+
+	// status blocked, too long, ready to be abandoned
+	job = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 601})
+	assert.Equal(t, actions_model.StatusCancelled, job.Status)
+
+	// status blocked, *not* too long, not to be abandoned
+	job = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 602})
+	assert.Equal(t, actions_model.StatusBlocked, job.Status)
+
+	// status running, not to be abandoned
+	job = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 603})
+	assert.Equal(t, actions_model.StatusRunning, job.Status)
+
+	// related run needs approval, not to be abandoned
+	job = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 604})
+	assert.Equal(t, actions_model.StatusWaiting, job.Status)
+}

From 3e56296108727eab775c7d82e83e167b9dc57fd1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 5 Feb 2026 11:19:46 +0100
Subject: [PATCH 264/854] Update dependency go to v1.25.7 (forgejo) (#11149)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11149
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 22033a6746..f7d81279fd 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module forgejo.org
 
 go 1.25.0
 
-toolchain go1.25.6
+toolchain go1.25.7
 
 require (
 	code.forgejo.org/f3/gof3/v3 v3.11.15

From 20c1f699bdfb5c97ea41ffab938f627de08ac901 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Thu, 5 Feb 2026 18:04:38 +0100
Subject: [PATCH 265/854] Refactor modules/jwtx: signing method resolution

golang-jwt/jwt already has a GetSigningMethod() function which we should
use to ensure that our signing methods are actually registered.

Yet we should also keep our own check against a set of allowed methods
such that we do not accidentally accept methods which we are not
prepared to support.
---
 modules/jwtx/signingkey.go | 49 +++++++++++++++++++-------------------
 1 file changed, 24 insertions(+), 25 deletions(-)

diff --git a/modules/jwtx/signingkey.go b/modules/jwtx/signingkey.go
index 51622cd724..d3652d9414 100644
--- a/modules/jwtx/signingkey.go
+++ b/modules/jwtx/signingkey.go
@@ -228,33 +228,32 @@ func (key ecdsaSigningKey) PreProcessToken(token *jwt.Token) {
 	token.Header["kid"] = key.id
 }
 
+var allowedAlgorithms = map[string]bool{
+	"HS256": true,
+	"HS384": true,
+	"HS512": true,
+
+	"RS256": true,
+	"RS384": true,
+	"RS512": true,
+
+	"ES256": true,
+	"ES384": true,
+	"ES512": true,
+	"EdDSA": true,
+}
+
+func GetSigningMethod(algorithm string) jwt.SigningMethod {
+	if !allowedAlgorithms[algorithm] {
+		return nil
+	}
+	return jwt.GetSigningMethod(algorithm)
+}
+
 // CreateSigningKey creates a signing key from an algorithm / key pair.
 func CreateSigningKey(algorithm string, key any) (SigningKey, error) {
-	var signingMethod jwt.SigningMethod
-	switch algorithm {
-	case "HS256":
-		signingMethod = jwt.SigningMethodHS256
-	case "HS384":
-		signingMethod = jwt.SigningMethodHS384
-	case "HS512":
-		signingMethod = jwt.SigningMethodHS512
-
-	case "RS256":
-		signingMethod = jwt.SigningMethodRS256
-	case "RS384":
-		signingMethod = jwt.SigningMethodRS384
-	case "RS512":
-		signingMethod = jwt.SigningMethodRS512
-
-	case "ES256":
-		signingMethod = jwt.SigningMethodES256
-	case "ES384":
-		signingMethod = jwt.SigningMethodES384
-	case "ES512":
-		signingMethod = jwt.SigningMethodES512
-	case "EdDSA":
-		signingMethod = jwt.SigningMethodEdDSA
-	default:
+	signingMethod := GetSigningMethod(algorithm)
+	if signingMethod == nil {
 		return nil, ErrInvalidAlgorithmType{algorithm}
 	}
 

From ecae2459c79b1f7839af0874f02968ed0950a348 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Thu, 5 Feb 2026 18:15:52 +0100
Subject: [PATCH 266/854] Polish modules/jwtx: key file open mode

There is no reason why we should open a key file being written
read/write, use O_WRONLY
---
 modules/jwtx/signingkey.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/jwtx/signingkey.go b/modules/jwtx/signingkey.go
index d3652d9414..6ce014ee11 100644
--- a/modules/jwtx/signingkey.go
+++ b/modules/jwtx/signingkey.go
@@ -338,7 +338,7 @@ func loadOrCreateAsymmetricKey(keyPath, algorithm string) (any, error) {
 				return err
 			}
 
-			f, err := os.OpenFile(keyPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0o600)
+			f, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
 			if err != nil {
 				return err
 			}

From f6ba8bac03da7c106fe627d58e944f311e798539 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Thu, 5 Feb 2026 18:33:41 +0100
Subject: [PATCH 267/854] Refactor modules/jwtx: Pull out key creation vs.
 loading

This patch only moves code around and splits out two functions from
loadOrCreateAsymmetricKey(). The diff is best viewed with -b to ignore
white space (indentation) changes.

This is done for two reasons:

- For future additions, we will need loadAsymmetricKey() only, without
  the create

- The doubly nested immediately invoked closure construction was not
  exactly helping clarity
---
 modules/jwtx/signingkey.go | 135 +++++++++++++++++++------------------
 1 file changed, 70 insertions(+), 65 deletions(-)

diff --git a/modules/jwtx/signingkey.go b/modules/jwtx/signingkey.go
index 6ce014ee11..9047c9d472 100644
--- a/modules/jwtx/signingkey.go
+++ b/modules/jwtx/signingkey.go
@@ -285,76 +285,65 @@ func CreateSigningKey(algorithm string, key any) (SigningKey, error) {
 	}
 }
 
-// loadOrCreateAsymmetricKey checks if the configured private key exists.
-// If it does not exist a new random key gets generated and saved on the configured path.
-func loadOrCreateAsymmetricKey(keyPath, algorithm string) (any, error) {
-	isExist, err := util.IsExist(keyPath)
-	if err != nil {
-		return nil, fmt.Errorf("Unable to check if %s exists. Error: %v", keyPath, err)
-	}
-	if !isExist {
-		err := func() error {
-			key, err := func() (any, error) {
-				switch {
-				case strings.HasPrefix(algorithm, "RS"):
-					var bits int
-					switch algorithm {
-					case "RS256":
-						bits = 2048
-					case "RS384":
-						bits = 3072
-					case "RS512":
-						bits = 4096
-					}
-					return rsa.GenerateKey(rand.Reader, bits)
-				case algorithm == "EdDSA":
-					_, pk, err := ed25519.GenerateKey(rand.Reader)
-					return pk, err
-				default:
-					var curve elliptic.Curve
-					switch algorithm {
-					case "ES256":
-						curve = elliptic.P256()
-					case "ES384":
-						curve = elliptic.P384()
-					case "ES512":
-						curve = elliptic.P521()
-					}
-					return ecdsa.GenerateKey(curve, rand.Reader)
-				}
-			}()
-			if err != nil {
-				return err
+func createAsymmetricKey(keyPath, algorithm string) error {
+	key, err := func() (any, error) {
+		switch {
+		case strings.HasPrefix(algorithm, "RS"):
+			var bits int
+			switch algorithm {
+			case "RS256":
+				bits = 2048
+			case "RS384":
+				bits = 3072
+			case "RS512":
+				bits = 4096
 			}
-
-			bytes, err := x509.MarshalPKCS8PrivateKey(key)
-			if err != nil {
-				return err
+			return rsa.GenerateKey(rand.Reader, bits)
+		case algorithm == "EdDSA":
+			_, pk, err := ed25519.GenerateKey(rand.Reader)
+			return pk, err
+		default:
+			var curve elliptic.Curve
+			switch algorithm {
+			case "ES256":
+				curve = elliptic.P256()
+			case "ES384":
+				curve = elliptic.P384()
+			case "ES512":
+				curve = elliptic.P521()
 			}
-
-			privateKeyPEM := &pem.Block{Type: "PRIVATE KEY", Bytes: bytes}
-
-			if err := os.MkdirAll(filepath.Dir(keyPath), os.ModePerm); err != nil {
-				return err
-			}
-
-			f, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
-			if err != nil {
-				return err
-			}
-			defer func() {
-				if err = f.Close(); err != nil {
-					log.Error("Close: %v", err)
-				}
-			}()
-
-			return pem.Encode(f, privateKeyPEM)
-		}()
-		if err != nil {
-			return nil, fmt.Errorf("Error generating private key %s: %v", keyPath, err)
+			return ecdsa.GenerateKey(curve, rand.Reader)
 		}
+	}()
+	if err != nil {
+		return err
 	}
 
+	bytes, err := x509.MarshalPKCS8PrivateKey(key)
+	if err != nil {
+		return err
+	}
+
+	privateKeyPEM := &pem.Block{Type: "PRIVATE KEY", Bytes: bytes}
+
+	if err := os.MkdirAll(filepath.Dir(keyPath), os.ModePerm); err != nil {
+		return err
+	}
+
+	f, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
+	if err != nil {
+		return err
+	}
+	defer func() {
+		if err = f.Close(); err != nil {
+			log.Error("Close: %v", err)
+		}
+	}()
+
+	return pem.Encode(f, privateKeyPEM)
+}
+
+func loadAsymmetricKey(keyPath string) (any, error) {
 	bytes, err := os.ReadFile(keyPath)
 	if err != nil {
 		return nil, err
@@ -370,6 +359,22 @@ func loadOrCreateAsymmetricKey(keyPath, algorithm string) (any, error) {
 	return x509.ParsePKCS8PrivateKey(block.Bytes)
 }
 
+// loadOrCreateAsymmetricKey checks if the configured private key exists.
+// If it does not exist a new random key gets generated and saved on the configured path.
+func loadOrCreateAsymmetricKey(keyPath, algorithm string) (any, error) {
+	isExist, err := util.IsExist(keyPath)
+	if err != nil {
+		return nil, fmt.Errorf("Unable to check if %s exists. Error: %v", keyPath, err)
+	}
+	if !isExist {
+		err := createAsymmetricKey(keyPath, algorithm)
+		if err != nil {
+			return nil, fmt.Errorf("Error generating private key %s: %v", keyPath, err)
+		}
+	}
+	return loadAsymmetricKey(keyPath)
+}
+
 // InitSigningKey creates a signing key from settings or creates a random key.
 func InitSigningKey(getGeneralTokenSigningSecret func() []byte, keyPath, algorithm string) (SigningKey, error) {
 	var err error

From c7d23fa6e84417e359d501cc3bca2c1dfd6eed95 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 5 Feb 2026 22:29:51 +0100
Subject: [PATCH 268/854] fix: when expanding a dynamic matrix, original
 'needs' access was lost (#11164)

Fixes #11163.  When expanding a dynamic matrix (or any other dynamic job), the references to the original `needs` of the jobs are lost.

This is manually tested, and moderately covered by an automated test.  Will follow-up with an end-to-end test after a regression run is complete.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11164
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 services/actions/job_emitter.go      | 16 +++++++++++++++-
 services/actions/job_emitter_test.go | 17 ++++++++++++-----
 2 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index fe3cc1b38a..bf4881ea04 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -324,7 +324,7 @@ func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.Ac
 		// it to be a "persistent incomplete" job with some error that needs to be reported to the user.  If the
 		// re-evaluated job has a different job ID, then it's likely an expanded job -- such as from a reusable workflow
 		// -- which could have it's own `needs` that allows it to expand into a correct job in the future.
-		jobID, _ := swf.Job()
+		jobID, job := swf.Job()
 		if jobID == blockedJob.JobID {
 			if swf.IncompleteMatrix {
 				errorCode, errorDetails := persistentIncompleteMatrixError(blockedJob, swf.IncompleteMatrixNeeds)
@@ -349,6 +349,20 @@ func tryHandleIncompleteMatrix(ctx context.Context, blockedJob *actions_model.Ac
 				return behaviourIgnoreAllJobsInRun, nil
 			}
 		}
+
+		// Original job had a `needs: ...blockedJob.Needs...`.  Even though we've now expanded that job, which would
+		// evaluate any ${{ needs.... }} reference that is required for expansion, this job could still have other
+		// reasons to require acccess to those needs variables.  We need to reinsert those `needs` into the new job so
+		// that those job's outputs and results are made available to this new job.
+		newNeeds := append(job.Needs(), blockedJob.Needs...)
+		err := job.RawNeeds.Encode(newNeeds)
+		if err != nil {
+			return behaviourError, fmt.Errorf("failure to encode newNeeds: %w", err)
+		}
+		err = swf.SetJob(jobID, job)
+		if err != nil {
+			return behaviourError, fmt.Errorf("failure to reencode updated job: %w", err)
+		}
 	}
 
 	err = db.WithTx(ctx, func(ctx context.Context) error {
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index caccf75434..6899508f37 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -326,6 +326,12 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 			runJobID:    601,
 			consumed:    true,
 			runJobNames: []string{"define-matrix", "produce-artifacts (blue)", "produce-artifacts (green)", "produce-artifacts (red)"},
+			needs: map[string][]string{
+				"define-matrix":             nil,
+				"produce-artifacts (blue)":  {"define-matrix"},
+				"produce-artifacts (green)": {"define-matrix"},
+				"produce-artifacts (red)":   {"define-matrix"},
+			},
 		},
 		{
 			name:        "needs an incomplete job",
@@ -490,8 +496,8 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 			},
 			needs: map[string][]string{
 				"define-workflow-call":    nil,
-				"inner my-workflow-input": nil,
-				"perform-workflow-call":   {"perform-workflow-call.inner_job"},
+				"inner my-workflow-input": {"define-workflow-call"},
+				"perform-workflow-call":   {"define-workflow-call", "perform-workflow-call.inner_job"},
 			},
 		},
 		// Before reusable workflow expansion, there weren't any cases where evaluating a job in the job emitter could
@@ -515,9 +521,10 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 			},
 			needs: map[string][]string{
 				"define-workflow-call":                   nil,
-				"inner define-runs-on my-workflow-input": nil,
-				"inner incomplete-job my-workflow-input": {"perform-workflow-call.define-runs-on"},
+				"inner define-runs-on my-workflow-input": {"define-workflow-call"},
+				"inner incomplete-job my-workflow-input": {"define-workflow-call", "perform-workflow-call.define-runs-on"},
 				"perform-workflow-call": {
+					"define-workflow-call",
 					"perform-workflow-call.define-runs-on",
 					"perform-workflow-call.scalar-job",
 				},
@@ -661,7 +668,7 @@ func Test_tryHandleIncompleteMatrix(t *testing.T) {
 					if tt.needs != nil {
 						for _, j := range allJobsInRun {
 							expected, ok := tt.needs[j.Name]
-							if assert.Truef(t, ok, "unable to find runsOn[%q] in test case", j.Name) {
+							if assert.Truef(t, ok, "unable to find needs[%q] in test case", j.Name) {
 								slices.Sort(j.Needs)
 								slices.Sort(expected)
 								assert.Equalf(t, expected, j.Needs, "comparing needs expectations for job %q", j.Name)

From d9df2337b0076dffc140fc272e83a6a4bf705365 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 6 Feb 2026 04:33:10 +0100
Subject: [PATCH 269/854] Update module github.com/go-chi/chi/v5 to v5.2.5
 (forgejo) (#11170)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11170
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f7d81279fd..5a6aaaff43 100644
--- a/go.mod
+++ b/go.mod
@@ -45,7 +45,7 @@ require (
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9
 	github.com/go-ap/jsonld v0.0.0-20251216162253-e38fa664ea77
-	github.com/go-chi/chi/v5 v5.2.4
+	github.com/go-chi/chi/v5 v5.2.5
 	github.com/go-chi/cors v1.2.2
 	github.com/go-co-op/gocron v1.37.0
 	github.com/go-enry/go-enry/v2 v2.9.4
diff --git a/go.sum b/go.sum
index 98d8e4dd98..6bb8f3215f 100644
--- a/go.sum
+++ b/go.sum
@@ -263,8 +263,8 @@ github.com/go-ap/jsonld v0.0.0-20251216162253-e38fa664ea77/go.mod h1:4h93IBxgfnE
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-chi/chi/v5 v5.0.1/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
-github.com/go-chi/chi/v5 v5.2.4 h1:WtFKPHwlywe8Srng8j2BhOD9312j9cGUxG1SP4V2cR4=
-github.com/go-chi/chi/v5 v5.2.4/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0=
+github.com/go-chi/chi/v5 v5.2.5 h1:Eg4myHZBjyvJmAFjFvWgrqDTXFyOzjj7YIm3L3mu6Ug=
+github.com/go-chi/chi/v5 v5.2.5/go.mod h1:X7Gx4mteadT3eDOMTsXzmI4/rwUpOwBHLpAfupzFJP0=
 github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE=
 github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=

From 7f7c2c091873ede49cc3191d67101d6dfb184081 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 6 Feb 2026 04:43:17 +0100
Subject: [PATCH 270/854] feat: show note that user has no SSH keys (#11143)

- Resolves forgejo/forgejo#11064
- Show a note similar to that of GPG keys, when a user has no SSH keys uploaded through Forgejo. The content is recognized as a comment in SSH authorized files format and ends with a newline.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11143
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 routers/web/user/home.go       |  5 +++++
 tests/integration/user_test.go | 18 ++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index 618ce3c608..a7e24d79bb 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -713,6 +713,11 @@ func ShowSSHKeys(ctx *context.Context) {
 		buf.WriteString(keys[i].OmitEmail())
 		buf.WriteString("\n")
 	}
+
+	if buf.Len() == 0 {
+		buf.WriteString("# Note: This user hasn't uploaded any SSH keys.\n")
+	}
+
 	ctx.PlainTextBytes(http.StatusOK, buf.Bytes())
 }
 
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index 0109ab2435..2eb82f1c8a 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -1237,3 +1237,21 @@ func TestActivateEmailAddress(t *testing.T) {
 	unittest.AssertNotExistsBean(t, &auth_model.AuthorizationToken{ID: authToken.ID})
 	unittest.AssertExistsAndLoadBean(t, &user_model.EmailAddress{UID: user2.ID, IsActivated: true, Email: "newemail@example.org"})
 }
+
+func TestExportUserSSHKeys(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("No exported keys", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		resp := MakeRequest(t, NewRequest(t, "GET", "/user1.keys"), http.StatusOK)
+
+		assert.Equal(t, "# Note: This user hasn't uploaded any SSH keys.\n", resp.Body.String())
+	})
+
+	t.Run("Exported key", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		resp := MakeRequest(t, NewRequest(t, "GET", "/user2.keys"), http.StatusOK)
+
+		assert.Equal(t, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWVj0fQ5N8wNc0LVNA41wDLYJ89ZIbejrPfg/avyj3u/ZohAKsQclxG4Ju0VirduBFF9EOiuxoiFBRr3xRpqzpsZtnMPkWVWb+akZwBFAx8p+jKdy4QXR/SZqbVobrGwip2UjSrri1CtBxpJikojRIZfCnDaMOyd9Jp6KkujvniFzUWdLmCPxUE9zhTaPu0JsEP7MW0m6yx7ZUhHyfss+NtqmFTaDO+QlMR7L2QkDliN2Jl3Xa3PhuWnKJfWhdAq1Cw4oraKUOmIgXLkuiuxVQ6mD3AiFupkmfqdHq6h+uHHmyQqv3gU+/sD8GbGAhf6ftqhTsXjnv1Aj4R8NoDf9BS6KRkzkeun5UisSzgtfQzjOMEiJtmrep2ZQrMGahrXa+q4VKr0aKJfm+KlLfwm/JztfsBcqQWNcTURiCFqz+fgZw0Ey/de0eyMzldYTdXXNRYCKjs9bvBK+6SSXRM7AhftfQ0ZuoW5+gtinPrnmoOaSCEJbAiEiTO/BzOHgowiM=\n", resp.Body.String())
+	})
+}

From c7f54361be9f1a09e05c11fcc7fc827b1f9c816e Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 6 Feb 2026 06:57:06 +0100
Subject: [PATCH 271/854] Update dependency forgejo/release-notes-assistant to
 v1.5.2 (forgejo) (#11169)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11169
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/release-notes-assistant-milestones.yml | 2 +-
 .forgejo/workflows/release-notes-assistant.yml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index 0a6c67dc27..34b1d8e326 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -6,7 +6,7 @@ on:
 
 env:
   RNA_WORKDIR: /srv/rna
-  RNA_VERSION: v1.5.1 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.5.2 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index 127577962f..49534b4b96 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -8,7 +8,7 @@ on:
       - labeled
 
 env:
-  RNA_VERSION: v1.5.1 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.5.2 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:

From 7ed496ea371821a05fad535a7a65bef0cfb055fd Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 6 Feb 2026 17:47:30 +0100
Subject: [PATCH 272/854] fix: reflect allowed username change in profile
 setting (#11171)

- When working forgejo/forgejo!8714 I did not touch the UI to remove the
note and `disabled` attribute. This was not intentional, and was likely
caused by me straight going for testing (as the backend code would allow
the username change).
- Slightly refactor the context to a common function, don't hard error
if `CanUserRename` fails but does default to that you cannot rename in
that case (which is the standard behavior of OAuth2 users anyway).

I already was aware that it seems !8714 wasn't working on Codeberg but someone at FOSDEM pointed it out again, thus the reason for this bug fix.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11171
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 routers/web/user/setting/profile.go           | 26 +++++----
 services/user/user.go                         | 44 +++++++++------
 templates/user/settings/profile.tmpl          |  4 +-
 .../fixtures/TestUserRename/login_source.yml  | 10 ++++
 tests/integration/user_settings_test.go       | 55 +++++++++++++++++++
 5 files changed, 110 insertions(+), 29 deletions(-)
 create mode 100644 tests/integration/fixtures/TestUserRename/login_source.yml

diff --git a/routers/web/user/setting/profile.go b/routers/web/user/setting/profile.go
index 125e387866..466fbff435 100644
--- a/routers/web/user/setting/profile.go
+++ b/routers/web/user/setting/profile.go
@@ -43,8 +43,8 @@ const (
 
 var commonPronouns = []string{"he/him", "she/her", "they/them", "it/its", "any pronouns"}
 
-// Profile render user's profile page
-func Profile(ctx *context.Context) {
+// profileContext sets common context for profile settings template.
+func profileContext(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings.profile")
 	ctx.Data["PageIsSettingsProfile"] = true
 	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()
@@ -55,20 +55,24 @@ func Profile(ctx *context.Context) {
 	ctx.Data["MaxAvatarWidth"] = setting.Avatar.MaxWidth
 	ctx.Data["MaxAvatarHeight"] = setting.Avatar.MaxHeight
 
+	canUserRename, err := user_service.CanUserRename(ctx, ctx.Doer)
+	if err != nil {
+		log.Error("CanUserRename for user[%d]: %v", ctx.Doer.ID, err)
+	}
+
+	ctx.Data["UserRenameDisabled"] = !canUserRename
+}
+
+// Profile render user's profile page
+func Profile(ctx *context.Context) {
+	profileContext(ctx)
+
 	ctx.HTML(http.StatusOK, tplSettingsProfile)
 }
 
 // ProfilePost response for change user's profile
 func ProfilePost(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("settings")
-	ctx.Data["PageIsSettingsProfile"] = true
-	ctx.Data["AllowedUserVisibilityModes"] = setting.Service.AllowedUserVisibilityModesSlice.ToVisibleTypeSlice()
-	ctx.Data["DisableGravatar"] = setting.Config().Picture.DisableGravatar.Value(ctx)
-	ctx.Data["CooldownPeriod"] = setting.Service.UsernameCooldownPeriod
-	ctx.Data["CommonPronouns"] = commonPronouns
-	ctx.Data["MaxAvatarFileSize"] = setting.Avatar.MaxFileSize
-	ctx.Data["MaxAvatarWidth"] = setting.Avatar.MaxWidth
-	ctx.Data["MaxAvatarHeight"] = setting.Avatar.MaxHeight
+	profileContext(ctx)
 
 	if ctx.HasError() {
 		ctx.HTML(http.StatusOK, tplSettingsProfile)
diff --git a/services/user/user.go b/services/user/user.go
index 020d68d432..e16ec7c754 100644
--- a/services/user/user.go
+++ b/services/user/user.go
@@ -38,35 +38,47 @@ func RenameUser(ctx context.Context, u *user_model.User, newUserName string) err
 	return renameUser(ctx, u, newUserName, false)
 }
 
-// RenameUser renames a user as an admin.
+// AdminRenameUser renames a user as an admin.
 func AdminRenameUser(ctx context.Context, u *user_model.User, newUserName string) error {
 	return renameUser(ctx, u, newUserName, true)
 }
 
+// CanUserRename returns if the given user can be renamed.
+//
+// This is merely a precondition, you likely want to use [RenameUser] or [AdminRenameUser]
+// which also takes into consideration username cooldown of a new username.
+func CanUserRename(ctx context.Context, user *user_model.User) (bool, error) {
+	// Non-local users are not allowed to change their username.
+	// Organizations can always be renamed.
+	if user.IsOrganization() || user.IsLocal() {
+		return true, nil
+	}
+
+	// If the user's authentication source is OAuth2 and that source allows for
+	// username changes then don't make a fuzz about it.
+	if !user.IsOAuth2() {
+		return false, nil
+	}
+
+	source, err := auth.GetSourceByID(ctx, user.LoginSource)
+	if err != nil {
+		return false, err
+	}
+	return source.Cfg.(*oauth2.Source).AllowUsernameChange, nil
+}
+
 func renameUser(ctx context.Context, u *user_model.User, newUserName string, doerIsAdmin bool) error {
 	if newUserName == u.Name {
 		return nil
 	}
 
-	// Non-local users are not allowed to change their username.
 	// If the doer is an admin, then allow the rename - they know better.
-	if !doerIsAdmin && !u.IsOrganization() && !u.IsLocal() {
-		// If the user's authentication source is OAuth2 and that source allows for
-		// username changes then don't make a fuzz about it.
-
-		if !u.IsOAuth2() {
-			return user_model.ErrUserIsNotLocal{
-				UID:  u.ID,
-				Name: u.Name,
-			}
-		}
-
-		source, err := auth.GetSourceByID(ctx, u.LoginSource)
+	if !doerIsAdmin {
+		canRenamed, err := CanUserRename(ctx, u)
 		if err != nil {
 			return err
 		}
-		sourceCfg := source.Cfg.(*oauth2.Source)
-		if !sourceCfg.AllowUsernameChange {
+		if !canRenamed {
 			return user_model.ErrUserIsNotLocal{
 				UID:  u.ID,
 				Name: u.Name,
diff --git a/templates/user/settings/profile.tmpl b/templates/user/settings/profile.tmpl
index d43a4d4c6e..49a349a4f1 100644
--- a/templates/user/settings/profile.tmpl
+++ b/templates/user/settings/profile.tmpl
@@ -9,8 +9,8 @@
 					<legend>{{ctx.Locale.Tr "settings.profile_desc"}}</legend>
 					<label {{if .Err_Name}}class="field error"{{end}}>
 						{{ctx.Locale.Tr "username"}}
-						<input name="name" value="{{.SignedUser.Name}}" data-name="{{.SignedUser.Name}}" autofocus required {{if or (not .SignedUser.IsLocal) .IsReverseProxy}}disabled{{end}} maxlength="40">
-						{{if or (not .SignedUser.IsLocal) .IsReverseProxy}}
+						<input name="name" value="{{.SignedUser.Name}}" data-name="{{.SignedUser.Name}}" autofocus required {{if or .UserRenameDisabled .IsReverseProxy}}disabled{{end}} maxlength="40">
+						{{if or .UserRenameDisabled .IsReverseProxy}}
 							<span class="help">{{ctx.Locale.Tr "settings.password_username_disabled"}}</span>
 						{{else}}
 							<span class="help">
diff --git a/tests/integration/fixtures/TestUserRename/login_source.yml b/tests/integration/fixtures/TestUserRename/login_source.yml
new file mode 100644
index 0000000000..1d35e4489c
--- /dev/null
+++ b/tests/integration/fixtures/TestUserRename/login_source.yml
@@ -0,0 +1,10 @@
+-
+ id: 1001
+ type: 6
+ is_active: true
+ cfg: '{"Provider":"openidConnect","AllowUsernameChange":false}'
+-
+ id: 1002
+ type: 6
+ is_active: true
+ cfg: '{"Provider":"openidConnect","AllowUsernameChange":true}'
diff --git a/tests/integration/user_settings_test.go b/tests/integration/user_settings_test.go
index 9a9e58da49..c16607a8fb 100644
--- a/tests/integration/user_settings_test.go
+++ b/tests/integration/user_settings_test.go
@@ -7,10 +7,18 @@ import (
 	"net/http"
 	"testing"
 
+	"forgejo.org/models/auth"
+	"forgejo.org/models/db"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/container"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
+	"forgejo.org/modules/translation"
 	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 // TestUserSettingsAccount tests the contents of a user's account settings
@@ -124,3 +132,50 @@ func TestUserSettingsDelete(t *testing.T) {
 		session.MakeRequest(t, req, http.StatusNotFound)
 	})
 }
+
+func TestUserRename(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestUserRename")()
+	defer tests.PrepareTestEnv(t)()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	session := loginUser(t, "user2")
+	trMsg := translation.NewLocale("en-US").Tr("settings.password_username_disabled")
+
+	test := func(t *testing.T, session *TestSession, allowed bool) {
+		t.Helper()
+
+		resp := session.MakeRequest(t, NewRequest(t, "GET", "/user/settings"), http.StatusOK)
+		if allowed {
+			assert.NotContains(t, resp.Body.String(), trMsg)
+		} else {
+			assert.Contains(t, resp.Body.String(), trMsg)
+		}
+	}
+
+	t.Run("Local", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		test(t, session, true)
+	})
+
+	t.Run("OAuth2", func(t *testing.T) {
+		user.LoginSource = 1001
+		user.LoginType = auth.OAuth2
+		_, err := db.GetEngine(t.Context()).Cols("login_source", "login_type").Update(user)
+		require.NoError(t, err)
+
+		t.Run("Not allowed", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			test(t, session, false)
+		})
+
+		user.LoginSource = 1002
+		_, err = db.GetEngine(t.Context()).Cols("login_source", "login_type").Update(user)
+		require.NoError(t, err)
+
+		t.Run("Allowed", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			test(t, session, true)
+		})
+	})
+}

From f9f72f20e5c29b4576e3f707c10a263c3b5f7f13 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 6 Feb 2026 19:49:23 +0100
Subject: [PATCH 273/854] Update renovate to v42.95.2 (forgejo) (#11129)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index dd167137ac..c06cc4fd45 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:42.93.1
+      image: data.forgejo.org/renovate/renovate:42.95.2
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index 07bb6009bd..13829677b0 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.40.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@42.93.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@42.95.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From a40e81b75597039b3ef90e2464efe7a14fc218aa Mon Sep 17 00:00:00 2001
From: xrstf <git@xrstf.de>
Date: Fri, 6 Feb 2026 20:19:00 +0100
Subject: [PATCH 274/854] ensure consistent sort order in TestFeed fixture
 (#11176)

This fixes a flake that my previous PR #10933 introduced. Since no individual feed items were previously asserted in the test, the inconsistent sort order never caused an issue before. Thanks to @mfenniak for pointing me in the right direction.

## Checklist

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11176
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: xrstf <git@xrstf.de>
Co-committed-by: xrstf <git@xrstf.de>
---
 tests/integration/fixtures/TestFeed/action.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/integration/fixtures/TestFeed/action.yml b/tests/integration/fixtures/TestFeed/action.yml
index 6458951e61..26285798ad 100644
--- a/tests/integration/fixtures/TestFeed/action.yml
+++ b/tests/integration/fixtures/TestFeed/action.yml
@@ -14,7 +14,7 @@
   comment_id: 1001
   repo_id: 1 # public
   is_private: false
-  created_unix: 1680454039
+  created_unix: 1680454040
   content: '["1","Well, this test is short | succinct | distinct."]'
 
 # a multi-commit push to validate the format of the generated compare URLs, see #10168
@@ -25,5 +25,5 @@
   comment_id: 0
   repo_id: 1 # public
   is_private: false
-  created_unix: 1680454039
+  created_unix: 1680454041
   content: '{"Commits":[{"Sha1":"412413fd409fc0cab446e7b59702596e1bde1816","Message":"fourth commit","AuthorEmail":"git@example.com","AuthorName":"dummy","CommitterEmail":"git@example.com","CommitterName":"dummy","Signature":null,"Verification":null,"Timestamp":"2026-01-19T22:07:22+01:00"},{"Sha1":"00a01802439eb2c0391fdfaa2c344b5e25d0b9d4","Message":"third commit","AuthorEmail":"git@example.com","AuthorName":"dummy","CommitterEmail":"git@example.com","CommitterName":"dummy","Signature":null,"Verification":null,"Timestamp":"2026-01-19T22:07:18+01:00"}],"HeadCommit":{"Sha1":"412413fd409fc0cab446e7b59702596e1bde1816","Message":"fourth commit","AuthorEmail":"git@example.com","AuthorName":"dummy","CommitterEmail":"git@example.com","CommitterName":"dummy","Signature":null,"Verification":null,"Timestamp":"2026-01-19T22:07:22+01:00"},"CompareURL":"user2/repo1/compare/ed4090ecc2d9dd16b184763cc476ea1b28afa560...412413fd409fc0cab446e7b59702596e1bde1816","Len":2}'

From 80161b9fd3f07297724adfbeff810b2eee43e363 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 7 Feb 2026 00:39:17 +0100
Subject: [PATCH 275/854] Update dependency @codemirror/view to v6.39.12
 (forgejo) (#11136)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11136
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d244cab71e..79e5d26dfc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -30,7 +30,7 @@
         "@codemirror/language": "6.12.1",
         "@codemirror/search": "6.6.0",
         "@codemirror/state": "6.5.4",
-        "@codemirror/view": "6.39.11",
+        "@codemirror/view": "6.39.12",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.9.4",
@@ -778,9 +778,9 @@
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.39.11",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.11.tgz",
-      "integrity": "sha512-bWdeR8gWM87l4DB/kYSF9A+dVackzDb/V56Tq7QVrQ7rn86W0rgZFtlL3g3pem6AeGcb9NQNoy3ao4WpW4h5tQ==",
+      "version": "6.39.12",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.12.tgz",
+      "integrity": "sha512-f+/VsHVn/kOA9lltk/GFzuYwVVAKmOnNjxbrhkk3tPHntFqjWeI2TbIXx006YkBkqC10wZ4NsnWXCQiFPeAISQ==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.5.0",
diff --git a/package.json b/package.json
index 49512a2d69..8d5d56565f 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "@codemirror/language": "6.12.1",
     "@codemirror/search": "6.6.0",
     "@codemirror/state": "6.5.4",
-    "@codemirror/view": "6.39.11",
+    "@codemirror/view": "6.39.12",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.9.4",

From 180bd488e1723b167105d81852ee41c5d0d010c9 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Sat, 7 Feb 2026 01:01:30 +0100
Subject: [PATCH 276/854] chore: Add `JWT()` method for convenience and clarity
 (#11067)

This slightly simplifies calling code by centralizing the common 3-liner to create a JWT from claims, signed by a key.

But more importantly, it reduces the risk of `key.PreProcessToken()` being forgotten, which will become relevant in upcoming PRs:

`key.PreProcessToken()` adds the key id to the JWT header, which is important to efficiently validate tokens when multiple validation keys are supported (that is not the case yet)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11067
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 modules/jwtx/signingkey.go           | 24 +++++++++++++++++
 modules/jwtx/signingkey_test.go      | 39 ++++++++++++++++++++++++++++
 routers/api/actions/id_token.go      |  5 +---
 services/auth/source/oauth2/token.go |  8 ++----
 4 files changed, 66 insertions(+), 10 deletions(-)

diff --git a/modules/jwtx/signingkey.go b/modules/jwtx/signingkey.go
index 9047c9d472..2aef70440d 100644
--- a/modules/jwtx/signingkey.go
+++ b/modules/jwtx/signingkey.go
@@ -34,6 +34,12 @@ func (err ErrInvalidAlgorithmType) Error() string {
 	return fmt.Sprintf("JWT signing algorithm is not supported: %s", err.Algorithm)
 }
 
+func jwtHelper(key SigningKey, claims jwt.Claims, opts ...jwt.TokenOption) (string, error) {
+	jwt := jwt.NewWithClaims(key.SigningMethod(), claims, opts...)
+	key.PreProcessToken(jwt)
+	return jwt.SignedString(key.SignKey())
+}
+
 // SigningKey represents a algorithm/key pair to sign JWTs
 type SigningKey interface {
 	IsSymmetric() bool
@@ -42,6 +48,8 @@ type SigningKey interface {
 	VerifyKey() any
 	ToJWK() (map[string]string, error)
 	PreProcessToken(*jwt.Token)
+	// convenience: jwt.NewWithClaims + PreProcessToken + SignedString
+	JWT(jwt.Claims, ...jwt.TokenOption) (string, error)
 }
 
 type hmacSigningKey struct {
@@ -74,6 +82,10 @@ func (key hmacSigningKey) ToJWK() (map[string]string, error) {
 
 func (key hmacSigningKey) PreProcessToken(*jwt.Token) {}
 
+func (key hmacSigningKey) JWT(claims jwt.Claims, opts ...jwt.TokenOption) (string, error) {
+	return jwtHelper(key, claims, opts...)
+}
+
 type rsaSigningKey struct {
 	signingMethod jwt.SigningMethod
 	key           *rsa.PrivateKey
@@ -125,6 +137,10 @@ func (key rsaSigningKey) PreProcessToken(token *jwt.Token) {
 	token.Header["kid"] = key.id
 }
 
+func (key rsaSigningKey) JWT(claims jwt.Claims, opts ...jwt.TokenOption) (string, error) {
+	return jwtHelper(key, claims, opts...)
+}
+
 type eddsaSigningKey struct {
 	signingMethod jwt.SigningMethod
 	key           ed25519.PrivateKey
@@ -176,6 +192,10 @@ func (key eddsaSigningKey) PreProcessToken(token *jwt.Token) {
 	token.Header["kid"] = key.id
 }
 
+func (key eddsaSigningKey) JWT(claims jwt.Claims, opts ...jwt.TokenOption) (string, error) {
+	return jwtHelper(key, claims, opts...)
+}
+
 type ecdsaSigningKey struct {
 	signingMethod jwt.SigningMethod
 	key           *ecdsa.PrivateKey
@@ -228,6 +248,10 @@ func (key ecdsaSigningKey) PreProcessToken(token *jwt.Token) {
 	token.Header["kid"] = key.id
 }
 
+func (key ecdsaSigningKey) JWT(claims jwt.Claims, opts ...jwt.TokenOption) (string, error) {
+	return jwtHelper(key, claims, opts...)
+}
+
 var allowedAlgorithms = map[string]bool{
 	"HS256": true,
 	"HS384": true,
diff --git a/modules/jwtx/signingkey_test.go b/modules/jwtx/signingkey_test.go
index 0b81a03682..eb30473cad 100644
--- a/modules/jwtx/signingkey_test.go
+++ b/modules/jwtx/signingkey_test.go
@@ -13,6 +13,7 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -112,6 +113,44 @@ func TestLoadOrCreateAsymmetricKey(t *testing.T) {
 	})
 }
 
+type testClaims struct {
+	Foo string `json:"Foo"`
+	jwt.RegisteredClaims
+}
+
+func TestJWTHasKid(t *testing.T) {
+	keyPath := filepath.Join(t.TempDir(), "jwt-rsa-2048.priv")
+	algorithm := "RS256"
+	key, err := InitAsymmetricSigningKey(keyPath, algorithm)
+	require.NoError(t, err)
+
+	claimsIn := testClaims{
+		Foo:              "bar",
+		RegisteredClaims: jwt.RegisteredClaims{},
+	}
+	token, err := key.JWT(&claimsIn)
+	require.NoError(t, err)
+
+	var claimsOut testClaims
+	parsed, err := jwt.ParseWithClaims(token, &claimsOut, func(valToken *jwt.Token) (any, error) {
+		assert.NotNil(t, valToken.Method)
+		assert.Equal(t, key.SigningMethod().Alg(), valToken.Method.Alg())
+		kid, ok := valToken.Header["kid"]
+		assert.True(t, ok)
+		assert.NotNil(t, kid)
+
+		return key.VerifyKey(), nil
+	})
+	require.NoError(t, err)
+	assert.NotNil(t, parsed)
+	assert.Equal(t, "bar", parsed.Claims.(*testClaims).Foo)
+	assert.Equal(t, "bar", claimsOut.Foo)
+	// dup to keyFunc above
+	kid, ok := parsed.Header["kid"]
+	assert.True(t, ok)
+	assert.NotNil(t, kid)
+}
+
 func TestCannotCreatePrivateKey(t *testing.T) {
 	_, err := InitAsymmetricSigningKey("/dev/directory-does-not-exist-and-you-should-not-have-permission-to-create/privatekey.pem", "RS256")
 	require.Error(t, err)
diff --git a/routers/api/actions/id_token.go b/routers/api/actions/id_token.go
index cd0432acb7..5eacc77fc9 100644
--- a/routers/api/actions/id_token.go
+++ b/routers/api/actions/id_token.go
@@ -131,10 +131,7 @@ func generateIDToken(ctx *IDTokenContext) {
 	claims["nbf"] = jwt.NewNumericDate(now)
 	claims["iss"] = strings.TrimSuffix(setting.AppURL, "/") + "/api/actions"
 
-	jwtToken := jwt.NewWithClaims(jwtSigningKey.SigningMethod(), claims)
-	jwtSigningKey.PreProcessToken(jwtToken)
-
-	signedToken, err := jwtToken.SignedString(jwtSigningKey.SignKey())
+	signedToken, err := jwtSigningKey.JWT(claims)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "Error signing token")
 	}
diff --git a/services/auth/source/oauth2/token.go b/services/auth/source/oauth2/token.go
index 6b5c3676aa..20efc78ab5 100644
--- a/services/auth/source/oauth2/token.go
+++ b/services/auth/source/oauth2/token.go
@@ -66,9 +66,7 @@ func ParseToken(jwtToken string, signingKey jwtx.SigningKey) (*Token, error) {
 // SignToken signs the token with the JWT secret
 func (token *Token) SignToken(signingKey jwtx.SigningKey) (string, error) {
 	token.IssuedAt = jwt.NewNumericDate(time.Now())
-	jwtToken := jwt.NewWithClaims(signingKey.SigningMethod(), token)
-	signingKey.PreProcessToken(jwtToken)
-	return jwtToken.SignedString(signingKey.SignKey())
+	return signingKey.JWT(token)
 }
 
 // OIDCToken represents an OpenID Connect id_token
@@ -96,7 +94,5 @@ type OIDCToken struct {
 // SignToken signs an id_token with the (symmetric) client secret key
 func (token *OIDCToken) SignToken(signingKey jwtx.SigningKey) (string, error) {
 	token.IssuedAt = jwt.NewNumericDate(time.Now())
-	jwtToken := jwt.NewWithClaims(signingKey.SigningMethod(), token)
-	signingKey.PreProcessToken(jwtToken)
-	return jwtToken.SignedString(signingKey.SignKey())
+	return signingKey.JWT(token)
 }

From db037fca507178feb2bd05e0bf59df7c7534116d Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 7 Feb 2026 02:06:27 +0100
Subject: [PATCH 277/854] Update dependency webpack to v5.105.0 (forgejo)
 (#11183)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11183
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 20 ++++++++++----------
 package.json      |  2 +-
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 79e5d26dfc..89c99c26c5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -77,7 +77,7 @@
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
-        "webpack": "5.104.1",
+        "webpack": "5.105.0",
         "webpack-cli": "6.0.1",
         "wrap-ansi": "9.0.2"
       },
@@ -7776,13 +7776,13 @@
       }
     },
     "node_modules/enhanced-resolve": {
-      "version": "5.18.4",
-      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.18.4.tgz",
-      "integrity": "sha512-LgQMM4WXU3QI+SYgEc2liRgznaD5ojbmY3sb8LxyguVkIg5FxdpTkvk72te2R38/TGKxH634oLxXRGY6d7AP+Q==",
+      "version": "5.19.0",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.19.0.tgz",
+      "integrity": "sha512-phv3E1Xl4tQOShqSte26C7Fl84EwUdZsyOuSSk9qtAGyyQs2s3jJzComh+Abf4g187lUUAvH+H26omrqia2aGg==",
       "license": "MIT",
       "dependencies": {
         "graceful-fs": "^4.2.4",
-        "tapable": "^2.2.0"
+        "tapable": "^2.3.0"
       },
       "engines": {
         "node": ">=10.13.0"
@@ -16002,9 +16002,9 @@
       "license": "BSD-2-Clause"
     },
     "node_modules/webpack": {
-      "version": "5.104.1",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.104.1.tgz",
-      "integrity": "sha512-Qphch25abbMNtekmEGJmeRUhLDbe+QfiWTiqpKYkpCOWY64v9eyl+KRRLmqOFA2AvKPpc9DC6+u2n76tQLBoaA==",
+      "version": "5.105.0",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.105.0.tgz",
+      "integrity": "sha512-gX/dMkRQc7QOMzgTe6KsYFM7DxeIONQSui1s0n/0xht36HvrgbxtM1xBlgx596NbpHuQU8P7QpKwrZYwUX48nw==",
       "license": "MIT",
       "peer": true,
       "dependencies": {
@@ -16018,7 +16018,7 @@
         "acorn-import-phases": "^1.0.3",
         "browserslist": "^4.28.1",
         "chrome-trace-event": "^1.0.2",
-        "enhanced-resolve": "^5.17.4",
+        "enhanced-resolve": "^5.19.0",
         "es-module-lexer": "^2.0.0",
         "eslint-scope": "5.1.1",
         "events": "^3.2.0",
@@ -16031,7 +16031,7 @@
         "schema-utils": "^4.3.3",
         "tapable": "^2.3.0",
         "terser-webpack-plugin": "^5.3.16",
-        "watchpack": "^2.4.4",
+        "watchpack": "^2.5.1",
         "webpack-sources": "^3.3.3"
       },
       "bin": {
diff --git a/package.json b/package.json
index 8d5d56565f..1060c37ce7 100644
--- a/package.json
+++ b/package.json
@@ -76,7 +76,7 @@
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",
-    "webpack": "5.104.1",
+    "webpack": "5.105.0",
     "webpack-cli": "6.0.1",
     "wrap-ansi": "9.0.2"
   },

From 70865730e67fa73582f910bf4f2e44445812856c Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Sat, 7 Feb 2026 12:58:26 +0100
Subject: [PATCH 278/854] fix(ui)!: remove squash merge committer trailer admin
 option (#11096)

fix(ui)!: Remove the instance configuration option `repository.pull-request.ADD_CO_COMMITTER_TRAILERS` (was enabled by default). It was responsible for addition of unexpected trailers to commit messages in squash merges. These trailers were `Co-authored-by: ` and `Co-committed-by: `. Both used the pull request author as value, who is also assigned as the author of the squash merge commit, which they were just repeating. Furthermore, `Co-committed-by: ` is an uncommon commit trailer, and there is only one committer for a commit. The trailers were being added by Forgejo while performing the merge, bypassing user input in the UI and weren't shown in it. See further description and more examples in [#11097](https://codeberg.org/forgejo/forgejo/issues/11097).

Closes: #11097
Closes: Codeberg/Community#2030

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11096
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
---
 custom/conf/app.example.ini   |  3 ---
 modules/setting/repository.go |  3 ---
 release-notes/11096.md        |  1 +
 services/pull/merge.go        | 35 -----------------------------------
 services/pull/merge_squash.go |  6 ------
 services/pull/merge_test.go   | 25 -------------------------
 6 files changed, 1 insertion(+), 72 deletions(-)
 create mode 100644 release-notes/11096.md

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 568091b058..b7aa3571df 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1132,9 +1132,6 @@ LEVEL = Info
 ;; If an squash commit's comment should be populated with the commit messages of the squashed commits
 ;POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES = false
 ;;
-;; Add co-authored-by and co-committed-by trailers if committer does not match author
-;ADD_CO_COMMITTER_TRAILERS = true
-;;
 ;; Retarget child pull requests to the parent pull request branch target on merge of parent pull request. It only works on merged PRs where the head and base branch target the same repo.
 ;RETARGET_CHILDREN_ON_MERGE = true
 
diff --git a/modules/setting/repository.go b/modules/setting/repository.go
index 7e774f0139..001032e3cb 100644
--- a/modules/setting/repository.go
+++ b/modules/setting/repository.go
@@ -96,7 +96,6 @@ var (
 			DefaultMergeMessageOfficialApproversOnly bool
 			DefaultUpdateStyle                       string
 			PopulateSquashCommentWithCommitMessages  bool
-			AddCoCommitterTrailers                   bool
 			RetargetChildrenOnMerge                  bool
 		} `ini:"repository.pull-request"`
 
@@ -227,7 +226,6 @@ var (
 			DefaultMergeMessageOfficialApproversOnly bool
 			DefaultUpdateStyle                       string
 			PopulateSquashCommentWithCommitMessages  bool
-			AddCoCommitterTrailers                   bool
 			RetargetChildrenOnMerge                  bool
 		}{
 			WorkInProgressPrefixes: []string{"WIP:", "[WIP]"},
@@ -243,7 +241,6 @@ var (
 			DefaultMergeMessageOfficialApproversOnly: true,
 			DefaultUpdateStyle:                       "merge",
 			PopulateSquashCommentWithCommitMessages:  false,
-			AddCoCommitterTrailers:                   true,
 			RetargetChildrenOnMerge:                  true,
 		},
 
diff --git a/release-notes/11096.md b/release-notes/11096.md
new file mode 100644
index 0000000000..6db7331bd4
--- /dev/null
+++ b/release-notes/11096.md
@@ -0,0 +1 @@
+fix(ui)!: Remove the instance configuration option `repository.pull-request.ADD_CO_COMMITTER_TRAILERS` (was enabled by default). It was responsible for addition of unexpected trailers to commit messages in squash merges. These trailers were `Co-authored-by: ` and `Co-committed-by: `. Both used the pull request author as value, who is also assigned as the author of the squash merge commit, which they were just repeating. Furthermore, `Co-committed-by: ` is an uncommon commit trailer, and there is only one committer for a commit. The trailers were being added by Forgejo while performing the merge, bypassing user input in the UI and weren't shown in it. See further description and more examples in [#11097](https://codeberg.org/forgejo/forgejo/issues/11097).
diff --git a/services/pull/merge.go b/services/pull/merge.go
index 0977623bfb..1bcd11406c 100644
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@@ -208,41 +208,6 @@ func GetDefaultMergeMessage(ctx context.Context, baseGitRepo *git.Repository, pr
 	return getMergeMessage(ctx, baseGitRepo, pr, mergeStyle, nil)
 }
 
-func AddCommitMessageTrailer(message, tailerKey, tailerValue string) string {
-	trailerLine := tailerKey + ": " + tailerValue
-	message = strings.ReplaceAll(message, "\r\n", "\n")
-	message = strings.ReplaceAll(message, "\r", "\n")
-	if strings.Contains(message, "\n"+trailerLine+"\n") || strings.HasSuffix(message, "\n"+trailerLine) {
-		return message
-	}
-
-	if !strings.HasSuffix(message, "\n") {
-		message += "\n"
-	}
-	lastNewLine := strings.LastIndexByte(message[:len(message)-1], '\n')
-	keyEnd := -1
-	if lastNewLine != -1 {
-		keyEnd = strings.IndexByte(message[lastNewLine:], ':')
-		if keyEnd != -1 {
-			keyEnd += lastNewLine
-		}
-	}
-	var lastLineKey string
-	if lastNewLine != -1 && keyEnd != -1 {
-		lastLineKey = message[lastNewLine+1 : keyEnd]
-	}
-
-	isLikelyTrailerLine := lastLineKey != "" && unicode.IsUpper(rune(lastLineKey[0])) && strings.Contains(message, "-")
-	for i := 0; isLikelyTrailerLine && i < len(lastLineKey); i++ {
-		r := rune(lastLineKey[i])
-		isLikelyTrailerLine = unicode.IsLetter(r) || unicode.IsDigit(r) || r == '-'
-	}
-	if !strings.HasSuffix(message, "\n\n") && !isLikelyTrailerLine {
-		message += "\n"
-	}
-	return message + trailerLine
-}
-
 // Merge merges pull request to base repository.
 // Caller should check PR is ready to be merged (review and status checks)
 func Merge(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.User, baseGitRepo *git.Repository, mergeStyle repo_model.MergeStyle, expectedHeadCommitID, message string, wasAutoMerged bool) error {
diff --git a/services/pull/merge_squash.go b/services/pull/merge_squash.go
index 898f4c977d..715dc7d4cb 100644
--- a/services/pull/merge_squash.go
+++ b/services/pull/merge_squash.go
@@ -11,7 +11,6 @@ import (
 	"forgejo.org/modules/container"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/log"
-	"forgejo.org/modules/setting"
 )
 
 // doMergeStyleSquash gets a commit author signature for squash commits
@@ -63,11 +62,6 @@ func doMergeStyleSquash(ctx *mergeContext, message string) error {
 		return err
 	}
 
-	if setting.Repository.PullRequest.AddCoCommitterTrailers && ctx.committer.String() != sig.String() {
-		// add trailer
-		message = AddCommitMessageTrailer(message, "Co-authored-by", sig.String())
-		message = AddCommitMessageTrailer(message, "Co-committed-by", sig.String()) // FIXME: this one should be removed, it is not really used or widely used
-	}
 	cmdCommit := git.NewCommand(ctx, "commit").
 		AddOptionFormat("--author='%s <%s>'", sig.Name, sig.Email).
 		AddOptionFormat("--message=%s", message)
diff --git a/services/pull/merge_test.go b/services/pull/merge_test.go
index 0766a46cea..62d6604c98 100644
--- a/services/pull/merge_test.go
+++ b/services/pull/merge_test.go
@@ -138,31 +138,6 @@ func Test_expandDefaultMergeMessage(t *testing.T) {
 	}
 }
 
-func TestAddCommitMessageTailer(t *testing.T) {
-	// add tailer for empty message
-	assert.Equal(t, "\n\nTest-tailer: TestValue", AddCommitMessageTrailer("", "Test-tailer", "TestValue"))
-
-	// add tailer for message without newlines
-	assert.Equal(t, "title\n\nTest-tailer: TestValue", AddCommitMessageTrailer("title", "Test-tailer", "TestValue"))
-	assert.Equal(t, "title\n\nNot tailer: xxx\n\nTest-tailer: TestValue", AddCommitMessageTrailer("title\n\nNot tailer: xxx", "Test-tailer", "TestValue"))
-	assert.Equal(t, "title\n\nNotTailer: xxx\n\nTest-tailer: TestValue", AddCommitMessageTrailer("title\n\nNotTailer: xxx", "Test-tailer", "TestValue"))
-	assert.Equal(t, "title\n\nnot-tailer: xxx\n\nTest-tailer: TestValue", AddCommitMessageTrailer("title\n\nnot-tailer: xxx", "Test-tailer", "TestValue"))
-
-	// add tailer for message with one EOL
-	assert.Equal(t, "title\n\nTest-tailer: TestValue", AddCommitMessageTrailer("title\n", "Test-tailer", "TestValue"))
-
-	// add tailer for message with two EOLs
-	assert.Equal(t, "title\n\nTest-tailer: TestValue", AddCommitMessageTrailer("title\n\n", "Test-tailer", "TestValue"))
-
-	// add tailer for message with existing tailer (won't duplicate)
-	assert.Equal(t, "title\n\nTest-tailer: TestValue", AddCommitMessageTrailer("title\n\nTest-tailer: TestValue", "Test-tailer", "TestValue"))
-	assert.Equal(t, "title\n\nTest-tailer: TestValue\n", AddCommitMessageTrailer("title\n\nTest-tailer: TestValue\n", "Test-tailer", "TestValue"))
-
-	// add tailer for message with existing tailer and different value (will append)
-	assert.Equal(t, "title\n\nTest-tailer: v1\nTest-tailer: v2", AddCommitMessageTrailer("title\n\nTest-tailer: v1", "Test-tailer", "v2"))
-	assert.Equal(t, "title\n\nTest-tailer: v1\nTest-tailer: v2", AddCommitMessageTrailer("title\n\nTest-tailer: v1\n", "Test-tailer", "v2"))
-}
-
 func prepareLoadMergeMessageTemplates(targetDir string) error {
 	for _, template := range []string{"MERGE", "REBASE", "REBASE-MERGE", "SQUASH", "MANUALLY-MERGED", "REBASE-UPDATE-ONLY"} {
 		file, err := os.Create(path.Join(targetDir, template+"_TEMPLATE.md"))

From f24a97f7198f6d2f36bd8a133d463f33011e8fc9 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 7 Feb 2026 14:36:49 +0100
Subject: [PATCH 279/854] fix: newly expanded dynamic matrix jobs can become
 stuck in a 'blocked' state (#11184)

The end-to-end tests are currently failing on v15: https://code.forgejo.org/forgejo/end-to-end/actions/runs/4900/jobs/8/attempt/1#jobstep-4-356   This is a regression from #11164.

The cause of this regression is:
- When the job emitter emits new jobs, it *now* sets their `Needs` field correctly, fixed in #11164.
- If a job has `needs` set to a non-empty array, it will start as status **blocked**: https://codeberg.org/forgejo/forgejo/src/commit/db037fca507178feb2bd05e0bf59df7c7534116d/models/actions/run.go#L369-L370

This got past manual testing and the end-to-end test run in #11164 because it is intermittent.  If the runner invokes `UpdateTask` multiple times once the status of the job is settled, then the API will invoke the job emitter multiple times -- a second run would unblock the newly blocked jobs.  Podman-based runners do this often due to a long cleanup time, and Docker-based runners (like the end-to-end test) can do it randomly depending on a race condition.

https://codeberg.org/forgejo/forgejo/src/commit/db037fca507178feb2bd05e0bf59df7c7534116d/routers/api/actions/runner/runner.go#L241-L244

The fix for this is to reinvoke the job emitter's logic whenever new jobs are created, so that their new blocked state can be reevaluated to see if it is correct or not.  This is treated cautiously by examining if new jobs are present.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
    - This will be a fix to an unreleased regression within the milestone, and so won't be user-facing.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11184
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/run_job.go                     | 16 ++++++++
 models/actions/run_job_test.go                | 20 ++++++++++
 .../Test_checkJobsOfRun/action_run.yml        | 18 +++++++++
 .../Test_checkJobsOfRun/action_run_job.yml    | 40 +++++++++++++++++++
 .../action_task_output.yml                    |  5 +++
 services/actions/job_emitter.go               | 23 ++++++++++-
 services/actions/job_emitter_test.go          | 29 ++++++++++++++
 7 files changed, 149 insertions(+), 2 deletions(-)
 create mode 100644 services/actions/Test_checkJobsOfRun/action_run.yml
 create mode 100644 services/actions/Test_checkJobsOfRun/action_run_job.yml
 create mode 100644 services/actions/Test_checkJobsOfRun/action_task_output.yml

diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index 1d70cde877..926eb9f0de 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -137,6 +137,22 @@ func GetRunJobsByRunID(ctx context.Context, runID int64) ([]*ActionRunJob, error
 	return jobs, nil
 }
 
+// Check if the ActionRun has any jobs other than those included in the jobs parameter.
+func RunHasOtherJobs(ctx context.Context, runID int64, jobs []*ActionRunJob) (bool, error) {
+	jobIDs := make([]int64, len(jobs))
+	for i, job := range jobs {
+		jobIDs[i] = job.ID
+	}
+	otherJobs, err := db.GetEngine(ctx).
+		Where("run_id = ?", runID).
+		Where(builder.NotIn("id", jobIDs)).
+		Count(&ActionRunJob{})
+	if err != nil {
+		return false, err
+	}
+	return otherJobs > 0, nil
+}
+
 // All calls to UpdateRunJobWithoutNotification that change run.Status for any run from a not done status to a done status must call the ActionRunNowDone notification channel.
 // Use the wrapper function UpdateRunJob instead.
 func UpdateRunJobWithoutNotification(ctx context.Context, job *ActionRunJob, cond builder.Cond, cols ...string) (int64, error) {
diff --git a/models/actions/run_job_test.go b/models/actions/run_job_test.go
index 7c204d4eb9..90080473c7 100644
--- a/models/actions/run_job_test.go
+++ b/models/actions/run_job_test.go
@@ -281,3 +281,23 @@ func TestActionRunJob_HasIncompleteWith(t *testing.T) {
 		})
 	}
 }
+
+func TestRunHasOtherJobs(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	jobs, err := GetRunJobsByRunID(t.Context(), 791)
+	require.NoError(t, err)
+	assert.Len(t, jobs, 1)
+
+	has, err := RunHasOtherJobs(t.Context(), 791, nil)
+	require.NoError(t, err)
+	assert.True(t, has)
+
+	has, err = RunHasOtherJobs(t.Context(), 791, []*ActionRunJob{})
+	require.NoError(t, err)
+	assert.True(t, has)
+
+	has, err = RunHasOtherJobs(t.Context(), 791, jobs)
+	require.NoError(t, err)
+	assert.False(t, has)
+}
diff --git a/services/actions/Test_checkJobsOfRun/action_run.yml b/services/actions/Test_checkJobsOfRun/action_run.yml
new file mode 100644
index 0000000000..1033fb43f8
--- /dev/null
+++ b/services/actions/Test_checkJobsOfRun/action_run.yml
@@ -0,0 +1,18 @@
+-
+  id: 900
+  title: "running workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 4
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
diff --git a/services/actions/Test_checkJobsOfRun/action_run_job.yml b/services/actions/Test_checkJobsOfRun/action_run_job.yml
new file mode 100644
index 0000000000..3ececeb458
--- /dev/null
+++ b/services/actions/Test_checkJobsOfRun/action_run_job.yml
@@ -0,0 +1,40 @@
+-
+  id: 601
+  run_id: 900
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: job_1
+  attempt: 0
+  job_id: produce-artifacts
+  task_id: 0
+  status: 7 # blocked
+  runs_on: '["fedora"]'
+  needs: '["define-matrix"]'
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      produce-artifacts:
+        name: produce-artifacts (incomplete matrix)
+        runs-on: docker
+        steps:
+          - run: echo "OK!"
+        strategy:
+          matrix:
+            color: ${{ fromJSON(needs.define-matrix.outputs.colors) }}
+    incomplete_matrix: true
+-
+  id: 602
+  run_id: 900
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: define-matrix
+  attempt: 0
+  job_id: define-matrix
+  task_id: 100
+  status: 1 # success
+  runs_on: '["fedora"]'
diff --git a/services/actions/Test_checkJobsOfRun/action_task_output.yml b/services/actions/Test_checkJobsOfRun/action_task_output.yml
new file mode 100644
index 0000000000..b678ac22a9
--- /dev/null
+++ b/services/actions/Test_checkJobsOfRun/action_task_output.yml
@@ -0,0 +1,5 @@
+-
+  id: 100
+  task_id: 100
+  output_key: colors
+  output_value: '["red", "blue", "green"]'
diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index bf4881ea04..a7f4273338 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -44,7 +44,7 @@ func jobEmitterQueueHandler(items ...*jobUpdate) []*jobUpdate {
 	ctx := graceful.GetManager().ShutdownContext()
 	var ret []*jobUpdate
 	for _, update := range items {
-		if err := checkJobsOfRun(ctx, update.RunID); err != nil {
+		if err := checkJobsOfRun(ctx, update.RunID, 0); err != nil {
 			logger.Error("checkJobsOfRun failed for RunID = %d: %v", update.RunID, err)
 			ret = append(ret, update)
 		}
@@ -52,7 +52,15 @@ func jobEmitterQueueHandler(items ...*jobUpdate) []*jobUpdate {
 	return ret
 }
 
-func checkJobsOfRun(ctx context.Context, runID int64) error {
+func checkJobsOfRun(ctx context.Context, runID int64, recursionCount int) error {
+	// Recursion happens if one job finishing causes another job to be evaluated so that it creates new jobs (eg.
+	// dynamic matrix), those new jobs need to have their 'needs' re-evaluated. Safety check here against infinite
+	// recursion -- no clear reason this should happen more than once in a check since after one recurse there aren't
+	// any actual new jobs completed, but better safe than sorry.
+	if recursionCount > 5 {
+		return fmt.Errorf("checkJobsOfRun for runID %d hit recursion limit %d", runID, recursionCount)
+	}
+
 	jobs, err := db.Find[actions_model.ActionRunJob](ctx, actions_model.FindRunJobOptions{RunID: runID})
 	if err != nil {
 		return err
@@ -107,6 +115,17 @@ func checkJobsOfRun(ctx context.Context, runID int64) error {
 		return err
 	}
 	CreateCommitStatus(ctx, jobs...)
+
+	// tryHandleIncompleteMatrix can create new jobs in this run which may initially be persisted in the DB as blocked
+	// because they have non-empty `needs`. In that case, we need to recursively run the job emitter so that new jobs
+	// are recognized as having their `needs` completed and be set as unblocked. Check if any new jobs were created and
+	// rerun the job emitter if so.
+	if hasNewJobs, err := actions_model.RunHasOtherJobs(ctx, runID, jobs); err != nil {
+		return fmt.Errorf("RunHasOtherJobs error: %w", err)
+	} else if hasNewJobs {
+		return checkJobsOfRun(ctx, runID, recursionCount+1)
+	}
+
 	return nil
 }
 
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index 6899508f37..7d5853ce1a 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -788,3 +788,32 @@ func Test_tryHandleWorkflowCallOuterJob(t *testing.T) {
 		})
 	}
 }
+
+func Test_checkJobsOfRun_ExpandsMatrixWithCorrectOutputJobStatuses(t *testing.T) {
+	defer unittest.OverrideFixtures("services/actions/Test_checkJobsOfRun")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	jobs, err := actions_model.GetRunJobsByRunID(t.Context(), 900)
+	require.NoError(t, err)
+	require.Len(t, jobs, 2)
+
+	require.NoError(t, checkJobsOfRun(t.Context(), 900, 0))
+
+	jobs, err = actions_model.GetRunJobsByRunID(t.Context(), 900)
+	require.NoError(t, err)
+	assert.Len(t, jobs, 4)
+	for _, job := range jobs {
+		switch job.Name {
+		case "define-matrix":
+			assert.Equal(t, actions_model.StatusSuccess, job.Status)
+		case "produce-artifacts (blue)":
+			fallthrough
+		case "produce-artifacts (green)":
+			fallthrough
+		case "produce-artifacts (red)":
+			assert.Equal(t, actions_model.StatusWaiting, job.Status)
+		default:
+			assert.Fail(t, "unexpected job name")
+		}
+	}
+}

From 7e4619df83b1269dc074ea2f7102b6424cbd3152 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Sat, 7 Feb 2026 19:15:14 +0100
Subject: [PATCH 280/854] feat(ui): responsive releases list (#11080)

## Changes

I've made releases list more usable on narrow viewports while trying keep the layout unchanged for desktop viewports.

To support these changes large amount of Tailwind classes were converted to regular CSS to be applied conditionally via `@media`. While it was possible to just adjust the Tailwind classes to achieve the same behavior, there's a positive effect which is that the repeating HTML of releases generated by template's range is much less verbose and contains fewer long duplicated lines of Tailwind classes.

## Preview

### Desktop

Not much changed, but the dot between tag and release name is no more.

|Before|After|
|-|-|
|![bd](/attachments/a87bf050-03ba-4035-8a0e-7ab4f6e877a2)|![2d](/attachments/e0c2e052-01c6-4078-b06e-f8ef7b803690)|

### Mobile

|Before|After|
|-|-|
|![bm](/attachments/f63a606f-f3f8-435d-8378-0979e93cf7bd)|![2m](/attachments/0cb6086d-1def-4a86-bb0e-4131e50aae3b)|

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11080
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
---
 templates/repo/release/list.tmpl       |  66 ++++----
 templates/repo/release_tag_header.tmpl |   6 +-
 tests/e2e/release.test.e2e.ts          |  43 ++++-
 tests/integration/release_test.go      |  18 +-
 tests/integration/repo_tag_test.go     |   8 +-
 web_src/css/repo.css                   |  25 ---
 web_src/css/repo/release-tag.css       | 218 +++++++++++++++++--------
 7 files changed, 243 insertions(+), 141 deletions(-)

diff --git a/templates/repo/release/list.tmpl b/templates/repo/release/list.tmpl
index 9520e5eb6c..cc9610c77c 100644
--- a/templates/repo/release/list.tmpl
+++ b/templates/repo/release/list.tmpl
@@ -7,35 +7,38 @@
 		<ul id="release-list">
 			{{range $idx, $info := .Releases}}
 				{{$release := $info.Release}}
-				<li class="ui grid">
-					<div class="ui four wide column meta">
+				{{if ne $idx 0}}
+					<div class="divider only-mobile"></div>
+				{{end}}
+				<li>
+					<div class="meta">
 						<a class="muted" href="{{if not (and $release.Sha1 ($.Permission.CanRead $.UnitTypeCode))}}#{{else}}{{$.RepoLink}}/src/tag/{{$release.TagName | PathEscapeSegments}}{{end}}" rel="nofollow">{{svg "octicon-tag" 16 "tw-mr-1"}}{{$release.TagName}}</a>
 						{{if and $release.Sha1 ($.Permission.CanRead $.UnitTypeCode)}}
 							<a class="muted tw-font-mono" href="{{$.RepoLink}}/src/commit/{{$release.Sha1}}" rel="nofollow">{{svg "octicon-git-commit" 16 "tw-mr-1"}}{{ShortSha $release.Sha1}}</a>
 							{{template "repo/branch_dropdown" dict "root" $ "release" $release}}
 						{{end}}
 					</div>
-					<div class="ui twelve wide column detail">
-						<div class="tw-flex tw-items-center tw-justify-between tw-flex-wrap tw-mb-2">
-							<h4 class="release-list-title tw-break-anywhere">
-								<a href="{{$.RepoLink}}/releases/tag/{{$release.TagName | PathEscapeSegments}}">{{$release.Title}}</a>
-								{{template "repo/commit_statuses" dict "Status" $info.CommitStatus "Statuses" $info.CommitStatuses "AdditionalClasses" "tw-flex"}}
-								{{if $release.IsDraft}}
-									<span class="ui yellow label">{{ctx.Locale.Tr "repo.release.draft"}}</span>
-								{{else if $release.IsPrerelease}}
-									<span class="ui orange label">{{ctx.Locale.Tr "repo.release.prerelease"}}</span>
-								{{else if (not $release.IsTag)}}
-									<span class="ui green label">{{ctx.Locale.Tr "repo.release.stable"}}</span>
-								{{end}}
-							</h4>
-							<div>
-								{{if and $.CanCreateRelease (not $release.IsTag)}}
-									<a class="muted" data-tooltip-content="{{ctx.Locale.Tr "repo.release.edit"}}" href="{{$.RepoLink}}/releases/edit/{{$release.TagName | PathEscapeSegments}}" rel="nofollow">
-										{{svg "octicon-pencil"}}
-									</a>
-								{{end}}
-							</div>
+					<div class="release-title-wrap">
+						<h4>
+							<a href="{{$.RepoLink}}/releases/tag/{{$release.TagName | PathEscapeSegments}}">{{$release.Title}}</a>
+							{{template "repo/commit_statuses" dict "Status" $info.CommitStatus "Statuses" $info.CommitStatuses "AdditionalClasses" "tw-flex"}}
+							{{if $release.IsDraft}}
+								<span class="ui yellow label">{{ctx.Locale.Tr "repo.release.draft"}}</span>
+							{{else if $release.IsPrerelease}}
+								<span class="ui orange label">{{ctx.Locale.Tr "repo.release.prerelease"}}</span>
+							{{else if (not $release.IsTag)}}
+								<span class="ui green label">{{ctx.Locale.Tr "repo.release.stable"}}</span>
+							{{end}}
+						</h4>
+						<div>
+							{{if and $.CanCreateRelease (not $release.IsTag)}}
+								<a class="muted" data-tooltip-content="{{ctx.Locale.Tr "repo.release.edit"}}" href="{{$.RepoLink}}/releases/edit/{{$release.TagName | PathEscapeSegments}}" rel="nofollow">
+									{{svg "octicon-pencil"}}
+								</a>
+							{{end}}
 						</div>
+					</div>
+					<div class="detail">
 						<p class="text grey">
 							<span class="author">
 							{{if $release.OriginalAuthor}}
@@ -59,15 +62,17 @@
 							{{end}}
 						</p>
 						{{template "repo/tag/verification_line" (dict "ctxData" $ "release" $release)}}
-						<div class="markup desc">
-							{{$release.RenderedNote}}
-						</div>
+						{{if $release.RenderedNote}}
+							<div class="markup desc">
+								{{$release.RenderedNote}}
+							</div>
+						{{end}}
 						{{$hasReleaseAttachment := gt (len $release.Attachments) 0}}
 						{{$hasArchiveLinks := and (not $.DisableDownloadSourceArchives) (not $release.IsDraft) (not $release.HideArchiveLinks) ($.Permission.CanRead $.UnitTypeCode)}}
 						{{if or $hasArchiveLinks $hasReleaseAttachment}}
-							<div class="divider"></div>
+							<div class="divider not-mobile"></div>
 							<details class="download" {{if eq $idx 0}}open{{end}}>
-								<summary class="tw-my-4">
+								<summary>
 									{{ctx.Locale.Tr "repo.release.downloads"}}
 								</summary>
 								<ul class="list">
@@ -76,7 +81,7 @@
 											<a class="archive-link tw-flex-1 flex-text-inline tw-font-bold" href="{{$.RepoLink}}/archive/{{$release.TagName | PathEscapeSegments}}.zip" rel="nofollow" type="application/zip">
 												{{svg "octicon-file-zip" 16 "tw-mr-1"}}{{ctx.Locale.Tr "repo.release.source_code"}} (ZIP)
 											</a>
-											<div class="tw-mr-1">
+											<div class="tw-mr-2">
 												<span class="text grey">{{ctx.Locale.TrPluralString .Release.ArchiveDownloadCount.Zip "release.n_downloads" (ctx.Locale.PrettyNumber .Release.ArchiveDownloadCount.Zip)}}</span>
 											</div>
 											<span data-tooltip-content="{{ctx.Locale.Tr "repo.release.system_generated"}}">
@@ -87,7 +92,7 @@
 											<a class="archive-link tw-flex-1 flex-text-inline tw-font-bold" href="{{$.RepoLink}}/archive/{{$release.TagName | PathEscapeSegments}}.tar.gz" rel="nofollow" type="application/gzip">
 												{{svg "octicon-file-zip" 16 "tw-mr-1"}}{{ctx.Locale.Tr "repo.release.source_code"}} (TAR.GZ)
 											</a>
-											<div class="tw-mr-1">
+											<div class="tw-mr-2">
 												<span class="text grey">{{ctx.Locale.TrPluralString .Release.ArchiveDownloadCount.TarGz "release.n_downloads" (ctx.Locale.PrettyNumber .Release.ArchiveDownloadCount.TarGz)}}</span>
 											</div>
 											<span data-tooltip-content="{{ctx.Locale.Tr "repo.release.system_generated"}}">
@@ -104,7 +109,7 @@
 												</a>
 											</li>
 										{{else}}
-											<li class="max-sm:tw-flex-col max-sm:tw-gap-2">
+											<li class="attachment">
 												<a class="tw-flex-1 flex-text-inline tw-font-bold" target="_blank" rel="nofollow" href="{{.DownloadURL}}" download>
 													{{svg "octicon-package" 16 "tw-mr-1"}}{{.Name}}
 												</a>
@@ -117,7 +122,6 @@
 								</ul>
 							</details>
 						{{end}}
-						<div class="dot"></div>
 					</div>
 				</li>
 			{{end}}
diff --git a/templates/repo/release_tag_header.tmpl b/templates/repo/release_tag_header.tmpl
index 48d6eccfe6..9044bd6043 100644
--- a/templates/repo/release_tag_header.tmpl
+++ b/templates/repo/release_tag_header.tmpl
@@ -14,15 +14,15 @@
 				{{template "shared/search/combo" dict "Value" .Keyword}}
 			</form>
 		{{end}}
-		<div class="button-sequence release-list-buttons">
+		<div class="small button-sequence release-list-buttons">
 			{{if .EnableFeed}}
-				<a class="ui small button" href="{{.RepoLink}}/{{if .PageIsTagList}}tags{{else}}releases{{end}}.rss">
+				<a class="secondary button" href="{{.RepoLink}}/{{if .PageIsTagList}}tags{{else}}releases{{end}}.rss">
 					{{svg "octicon-rss" 16}}
 					<label class="not-mobile">{{ctx.Locale.Tr "rss_feed"}}</label>
 				</a>
 			{{end}}
 			{{if and (not .PageIsTagList) .CanCreateRelease}}
-				<a class="ui small primary button" href="{{$.RepoLink}}/releases/new">
+				<a class="primary button" href="{{$.RepoLink}}/releases/new">
 					{{ctx.Locale.Tr "repo.release.new_release"}}
 				</a>
 			{{end}}
diff --git a/tests/e2e/release.test.e2e.ts b/tests/e2e/release.test.e2e.ts
index 2d51c10714..fedb1c8f1d 100644
--- a/tests/e2e/release.test.e2e.ts
+++ b/tests/e2e/release.test.e2e.ts
@@ -1,3 +1,6 @@
+// Copyright 2024-2026 The Forgejo Authors
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 // @watch start
 // models/repo/attachment.go
 // modules/structs/attachment.go
@@ -16,7 +19,7 @@ import {validate_form} from './shared/forms.ts';
 test.use({user: 'user2'});
 
 test.describe('Releases', () => {
-  test('External Release Attachments', async ({page, isMobile}) => {
+  test('External release attachments', async ({page, isMobile}) => {
     test.skip(isMobile);
 
     // Click "New release"
@@ -102,6 +105,44 @@ test.describe('Releases', () => {
     await expect(page.locator('input[name=title]')).toHaveValue('v2.0');
   });
 
+  test('UI reaction to lengthy UGC', async ({page, viewport, isMobile}) => {
+    await page.goto('/user2/repo2/releases/new');
+
+    await page.locator('input[name=tag_name]').pressSequentially('2.0');
+    await page.locator('input[name=title]').pressSequentially('v'.repeat(200));
+    await page.locator('textarea[name=content]').pressSequentially('v'.repeat(200)); // Description
+
+    // Submit form. Mobile Chrome can't press the button in Playwright (not a Forgejo
+    // bug). Work around this by pressing Enter on submit button
+    await page.getByRole('button', {name: 'Publish release'}).press('Enter');
+
+    // Check widths of UI elements
+    await page.goto('/user2/repo2/releases');
+    const release = page.locator('#release-list > li:has(a[href$="/tag/2.0"])');
+    // Release entry should be less than viewport
+    expect((await release.boundingBox()).width).toBeLessThan(viewport.width);
+    if (isMobile) {
+      const metaWidth = (await release.locator('.meta').boundingBox()).width;
+      const titleWidth = (await release.locator('.release-title-wrap').boundingBox()).width;
+      const detailsWidth = (await release.locator('.detail').boundingBox()).width;
+      // In row layout they all should be similar to the viewport length, accounting
+      // for 8px margins on each side
+      expect(metaWidth).toBeCloseTo(viewport.width - 16, 0);
+      expect(titleWidth).toBeCloseTo(viewport.width - 16, 0);
+      expect(detailsWidth).toBeCloseTo(viewport.width - 16, 0);
+      // They also should all be all same width
+      expect(metaWidth).toBe(titleWidth);
+      expect(titleWidth).toBe(detailsWidth);
+    } else {
+      // Left and right columns should be less than 25% and 75% of viewport width
+      // But on wide screens there's a lot of additional emptiness, so we can't
+      // match columns' width against the viewport, only make sure they fit
+      expect((await release.locator('.meta').boundingBox()).width).toBeLessThan(viewport.width * 0.75);
+      expect((await release.locator('.release-title-wrap').boundingBox()).width).toBeLessThan(viewport.width * 0.75);
+      expect((await release.locator('.detail').boundingBox()).width).toBeLessThan(viewport.width * 0.75);
+    }
+  });
+
   test.afterEach(async ({page}) => {
     // Delete release
     const response = await page.goto('/user2/repo2/releases/edit/2.0');
diff --git a/tests/integration/release_test.go b/tests/integration/release_test.go
index de082bda8a..483822e2ac 100644
--- a/tests/integration/release_test.go
+++ b/tests/integration/release_test.go
@@ -72,9 +72,9 @@ func checkLatestReleaseAndCount(t *testing.T, session *TestSession, repoURL, ver
 	resp := session.MakeRequest(t, req, http.StatusOK)
 
 	htmlDoc := NewHTMLParser(t, resp.Body)
-	labelText := htmlDoc.doc.Find("#release-list > li .detail .label").First().Text()
+	labelText := htmlDoc.doc.Find("#release-list > li > .release-title-wrap .label").First().Text()
 	assert.Equal(t, label, labelText)
-	titleText := htmlDoc.doc.Find("#release-list > li .detail h4 a").First().Text()
+	titleText := htmlDoc.doc.Find("#release-list > li > .release-title-wrap h4 a").First().Text()
 	assert.Equal(t, version, titleText)
 
 	// Check release count in the counter on the Release/Tag switch, as well as that the tab is highlighted
@@ -255,13 +255,13 @@ func TestViewReleaseListNoLogin(t *testing.T) {
 	rsp := MakeRequest(t, req, http.StatusOK)
 
 	htmlDoc := NewHTMLParser(t, rsp.Body)
-	releases := htmlDoc.Find("#release-list li.ui.grid")
+	releases := htmlDoc.Find("ul#release-list > li")
 	assert.Equal(t, 5, releases.Length())
 
 	links := make([]string, 0, 5)
 	commitsToMain := make([]string, 0, 5)
 	releases.Each(func(i int, s *goquery.Selection) {
-		link, exist := s.Find(".release-list-title a").Attr("href")
+		link, exist := s.Find(".release-title-wrap h4 a").Attr("href")
 		if !exist {
 			return
 		}
@@ -311,12 +311,12 @@ func TestViewReleaseListLogin(t *testing.T) {
 	rsp := session.MakeRequest(t, req, http.StatusOK)
 
 	htmlDoc := NewHTMLParser(t, rsp.Body)
-	releases := htmlDoc.Find("#release-list li.ui.grid")
+	releases := htmlDoc.Find("ul#release-list > li")
 	assert.Equal(t, 3, releases.Length())
 
 	links := make([]string, 0, 5)
 	releases.Each(func(i int, s *goquery.Selection) {
-		link, exist := s.Find(".release-list-title a").Attr("href")
+		link, exist := s.Find(".release-title-wrap h4 a").Attr("href")
 		if !exist {
 			return
 		}
@@ -342,12 +342,12 @@ func TestViewReleaseListKeyword(t *testing.T) {
 	rsp := session.MakeRequest(t, req, http.StatusOK)
 
 	htmlDoc := NewHTMLParser(t, rsp.Body)
-	releases := htmlDoc.Find("#release-list li.ui.grid")
+	releases := htmlDoc.Find("ul#release-list > li")
 	assert.Equal(t, 1, releases.Length())
 
 	links := make([]string, 0, 5)
 	releases.Each(func(i int, s *goquery.Selection) {
-		link, exist := s.Find(".release-list-title a").Attr("href")
+		link, exist := s.Find(".release-title-wrap h4 a").Attr("href")
 		if !exist {
 			return
 		}
@@ -370,7 +370,7 @@ func TestViewReleaseListKeywordNoPagination(t *testing.T) {
 	rsp := session.MakeRequest(t, req, http.StatusOK)
 
 	htmlDoc := NewHTMLParser(t, rsp.Body)
-	releases := htmlDoc.Find("#release-list li.ui.grid")
+	releases := htmlDoc.Find("ul#release-list > li")
 	assert.Equal(t, 1, releases.Length())
 
 	pagination := htmlDoc.Find("div.pagination")
diff --git a/tests/integration/repo_tag_test.go b/tests/integration/repo_tag_test.go
index 1773d9bde5..735cb73126 100644
--- a/tests/integration/repo_tag_test.go
+++ b/tests/integration/repo_tag_test.go
@@ -51,11 +51,11 @@ func TestTagViewWithoutRelease(t *testing.T) {
 	assert.False(t, releaseLink.HasClass("active"))
 
 	// Test that the title is displayed
-	releaseTitle := strings.TrimSpace(htmlDoc.Find("h4.release-list-title > a").Text())
+	releaseTitle := strings.TrimSpace(htmlDoc.Find(".release-title-wrap h4 > a").Text())
 	assert.Equal(t, "no-release", releaseTitle)
 
 	// Test that there is no "Stable" link
-	htmlDoc.AssertElement(t, "h4.release-list-title > span.ui.green.label", false)
+	htmlDoc.AssertElement(t, ".release-title-wrap h4 > span.ui.green.label", false)
 
 	// Ensure that there is no "Edit" button
 	htmlDoc.AssertElement(t, ".detail a.muted > svg.octicon-pencil", false)
@@ -148,7 +148,7 @@ func TestCreateNewTagProtected(t *testing.T) {
 			req := NewRequestf(t, "GET", "/%s/releases/tag/v-1.1", repo.FullName())
 			resp := MakeRequest(t, req, http.StatusOK)
 			htmlDoc := NewHTMLParser(t, resp.Body)
-			tagsTab := htmlDoc.Find(".release-list-title")
+			tagsTab := htmlDoc.Find(".release-title-wrap h4")
 			assert.Contains(t, tagsTab.Text(), "force update v2")
 		})
 	})
@@ -180,7 +180,7 @@ func TestSyncRepoTags(t *testing.T) {
 				req := NewRequestf(t, "GET", "/%s/releases/tag/v2", repo.FullName())
 				resp := MakeRequest(t, req, http.StatusOK)
 				htmlDoc := NewHTMLParser(t, resp.Body)
-				tagsTab := htmlDoc.Find(".release-list-title")
+				tagsTab := htmlDoc.Find(".release-title-wrap h4")
 				assert.Contains(t, tagsTab.Text(), "this is an annotated tag")
 			}
 
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index 2ead2b4797..767a6c2a2c 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -1750,31 +1750,6 @@ details.repo-search-result summary::marker {
   border-bottom: 1px solid var(--color-warning-border);
 }
 
-.repository .release-tag-name .ui.label.isSigned,
-.repository .release-list-title .ui.label.isSigned {
-  padding: 0 0.5em;
-  box-shadow: none;
-}
-
-.repository .release-tag-name .ui.label.isSigned .avatar,
-.repository .release-list-title .ui.label.isSigned .avatar {
-  margin-left: .5rem;
-}
-
-.repository .release-tag-name .ui.label.isSigned.isVerified,
-.repository .release-list-title .ui.label.isSigned.isVerified {
-  border: 1px solid var(--color-success-border);
-  background-color: var(--color-success-bg);
-  color: var(--color-success-text);
-}
-
-.repository .release-tag-name .ui.label.isSigned.isWarning,
-.repository .release-list-title .ui.label.isSigned.isWarning {
-  border: 1px solid var(--color-warning-border);
-  background-color: var(--color-warning-bg);
-  color: var(--color-warning-text);
-}
-
 .repository .segment.reactions.dropdown .menu,
 .repository .select-reaction.dropdown .menu {
   right: 0 !important;
diff --git a/web_src/css/repo/release-tag.css b/web_src/css/repo/release-tag.css
index 0d5b9d3a27..b421b13562 100644
--- a/web_src/css/repo/release-tag.css
+++ b/web_src/css/repo/release-tag.css
@@ -1,75 +1,145 @@
-.repository.releases #release-list {
-  margin-top: 12px;
-  padding-top: 12px;
-  padding-left: 0;
+#release-list {
+  margin-top: 10px; /* Overriding browser default for <ul>, same value as divider */
+  padding-left: 0; /* Unset browser default */
 }
 
-.repository.releases #release-list .release-list-title {
+#release-list > li {
+  .meta {
+    display: flex;
+    gap: 1em;
+  }
+  .detail .desc {
+    margin-block-start: 1rem;
+  }
+}
+
+/* Column layout (desktop) */
+@media (min-width: 768px) {
+  #release-list > li {
+    display: grid;
+    grid-template-columns: 25% 75%;
+    justify-content: end;
+
+    .meta {
+      grid-column: 1;
+      grid-row: 1 / span 2;
+      flex-direction: column;
+      text-align: right;
+
+      /* Align contents of meta column with release name */
+      padding-top: 11px;
+    }
+
+    .detail {
+      grid-column: 2;
+      grid-row: 2;
+      padding-block-end: 1.5rem;
+    }
+    :is(.detail, .release-title-wrap) {
+      /* Line separating columns on wide screen */
+      border-left: 1px solid var(--color-secondary);
+      padding-inline-start: 1rem;
+      margin-inline-start: 1rem;
+    }
+    .detail .download summary {
+      margin-block: 1rem;
+    }
+  }
+}
+
+/* Row layout (mobile) */
+@media (max-width: 767.98px) {
+  #release-list > li {
+    display: flex;
+    flex-direction: column;
+
+    .meta {
+      order: 1;
+      flex-direction: row;
+      align-items: center;
+      margin-block-end: 0.75rem;
+    }
+    .detail {
+      order: 2;
+    }
+    .detail .text {
+      /* Same as `summary` */
+      margin-block-end: 0.75rem;
+    }
+    .detail .download summary {
+      margin-block: 0.75rem;
+    }
+  }
+
+  .release-list-search {
+    order: 2 !important;
+  }
+  .release-list-buttons {
+    margin-left: auto;
+  }
+}
+
+#release-list .release-title-wrap {
+  display: flex;
+  flex-wrap: wrap;
+  align-items: center;
+  justify-content: space-between;
+  padding-block-end: 0.5rem;
+}
+
+#release-list .release-title-wrap h4 {
   font-size: 2rem;
   font-weight: var(--font-weight-normal);
   display: flex;
   align-items: center;
   gap: 0.25em;
   margin: 0;
-}
-
-.repository.releases #release-list > li .meta {
-  padding-top: 25px;
-  position: relative;
-  text-align: right;
-  display: flex;
-  flex-direction: column;
-  gap: 1em;
-}
-
-.repository.releases #release-list > li .detail {
-  padding-bottom: 20px;
-  border-left: 1px solid var(--color-secondary);
+  overflow-wrap: anywhere;
 }
 
 .repository.releases #release-list > li .detail .author img {
   margin-bottom: 2px; /* the legacy trick to align the avatar vertically, no better solution at the moment */
 }
 
-.repository.releases #release-list > li .detail .download .list {
+/* List of downloads */
+#release-list > li .detail .download .list {
+  /* Override <ul> default */
   padding-left: 0;
+  /* Compensate emptiness that opener provides when <details> is closed */
+  padding-block-end: 1rem;
+
+  hr {
+    height: 8px;
+    margin: 0;
+  }
+
+  li {
+    background: var(--color-light);
+    border: 1px solid var(--color-secondary);
+    border-top: none;
+    display: flex;
+    justify-content: space-between;
+    padding: 8px;
+  }
+
+  :is(li:first-child, .start-gap + hr + li) {
+    border-top: 1px solid var(--color-secondary);
+    border-top-left-radius: var(--border-radius);
+    border-top-right-radius: var(--border-radius);
+  }
+
+  :is(li:last-child, .start-gap) {
+    border-bottom: 1px solid var(--color-secondary);
+    border-bottom-left-radius: var(--border-radius);
+    border-bottom-right-radius: var(--border-radius);
+  }
 }
 
-.repository.releases #release-list > li .detail .download .list li {
-  background: var(--color-light);
-  border: 1px solid var(--color-secondary);
-  border-top: none;
-  display: flex;
-  justify-content: space-between;
-  padding: 8px;
-}
-
-.repository.releases #release-list > li .detail .download .list :is(li:first-child, .start-gap + hr + li) {
-  border-top: 1px solid var(--color-secondary);
-  border-top-left-radius: var(--border-radius);
-  border-top-right-radius: var(--border-radius);
-}
-
-.repository.releases #release-list > li .detail .download .list :is(li:last-child, .start-gap) {
-  border-bottom: 1px solid var(--color-secondary);
-  border-bottom-left-radius: var(--border-radius);
-  border-bottom-right-radius: var(--border-radius);
-}
-
-.repository.releases #release-list > li .detail .download .list hr {
-  height: 8px;
-  margin: 0;
-}
-
-.repository.releases #release-list > li .detail .dot {
-  width: 10px;
-  height: 10px;
-  background-color: var(--color-secondary-dark-3);
-  position: absolute;
-  left: -5.5px;
-  top: 30px;
-  border-radius: var(--border-radius-full);
-  border: 2.5px solid var(--color-body);
+@media (max-width: 640px) {
+  #release-list > li .detail .download .list .attachment {
+    flex-direction: column;
+    gap: 0.5rem;
+  }
 }
 
 .repository.tags #tags-table .tag {
@@ -85,10 +155,6 @@
   min-width: 500px;
 }
 
-.repository.new.release .target #tag-name {
-  margin-top: -4px;
-}
-
 .repository.new.release .target .at {
   margin-left: -5px;
   margin-right: 5px;
@@ -99,15 +165,6 @@
   padding-bottom: 10px;
 }
 
-@media (max-width: 767.98px) {
-  .release-list-search {
-    order: 2 !important;
-  }
-  .release-list-buttons {
-    margin-left: auto;
-  }
-}
-
 .repository.new.release .field .attachment_edit {
   max-width: 48em;
 }
@@ -128,3 +185,28 @@
 .ui.ui.ui.tag-label.IsRelease:hover {
   border-color: var(--color-primary-dark-1);
 }
+
+.repository .release-tag-name .ui.label.isSigned,
+.repository .release-title-wrap .ui.label.isSigned {
+  padding: 0 0.5em;
+  box-shadow: none;
+}
+
+.repository .release-tag-name .ui.label.isSigned .avatar,
+.repository .release-title-wrap .ui.label.isSigned .avatar {
+  margin-left: .5rem;
+}
+
+.repository .release-tag-name .ui.label.isSigned.isVerified,
+.repository .release-title-wrap .ui.label.isSigned.isVerified {
+  border: 1px solid var(--color-success-border);
+  background-color: var(--color-success-bg);
+  color: var(--color-success-text);
+}
+
+.repository .release-tag-name .ui.label.isSigned.isWarning,
+.repository .release-title-wrap .ui.label.isSigned.isWarning {
+  border: 1px solid var(--color-warning-border);
+  background-color: var(--color-warning-bg);
+  color: var(--color-warning-text);
+}

From 64ff61c04618497cae1f792fd6f795c8446fab0a Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 7 Feb 2026 20:07:02 +0100
Subject: [PATCH 281/854] Update https://data.forgejo.org/actions/setup-forgejo
 action to v3.1.4 (forgejo) (#11104)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/setup-forgejo](https://code.forgejo.org/actions/setup-forgejo) | action | patch | `v3.1.3` → `v3.1.4` |

---

### Release Notes

<details>
<summary>actions/setup-forgejo (https://data.forgejo.org/actions/setup-forgejo)</summary>

### [`v3.1.4`](https://code.forgejo.org/actions/setup-forgejo/releases/tag/v3.1.4)

[Compare Source](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.3...v3.1.4)

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/actions/setup-forgejo-->

- other
  - [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/869): <!--number 869 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjYuMw==-->Update dependency forgejo/runner to v12.6.3<!--description-->
  - [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/863): <!--number 863 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2FscGluZSBEb2NrZXIgdGFnIHRvIHYzLjIz-->Update data.forgejo.org/oci/alpine Docker tag to v3.23<!--description-->
  - [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/849): <!--number 849 --><!--line 0 --><!--description UmVwbGFjZSBjb2RlLmZvcmdlam8ub3JnL29jaS9kZWJpYW4gRG9ja2VyIHRhZyB3aXRoIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2RlYmlhbg==-->Replace code.forgejo.org/oci/debian Docker tag with data.forgejo.org/oci/debian<!--description-->
  - [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/848): <!--number 848 --><!--line 0 --><!--description UmVwbGFjZSBjb2RlLmZvcmdlam8ub3JnL29jaS9hbHBpbmUgRG9ja2VyIHRhZyB3aXRoIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2FscGluZQ==-->Replace code.forgejo.org/oci/alpine Docker tag with data.forgejo.org/oci/alpine<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45My4xIiwidXBkYXRlZEluVmVyIjoiNDIuOTMuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11104
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 09375463f9..a4a70f2478 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -32,7 +32,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.3
+        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.4
         with:
           user: root
           password: admin1234

From cc47a4057fb75b8f777f0f6e91e25cbe504fef29 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 7 Feb 2026 21:52:43 +0100
Subject: [PATCH 282/854] ci: introduce `semgrep` to prevent using
 `xorm.Sync()` incorrectly in new migrations (#11142)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds a CI check which detects any usage of xorm's `Sync` method that doesn't include `IgnoreDropIndices: true`, and causes an error.

`semgrep` is a semantic grep tool that allows for the relatively easy authoring of linting tools that are customized to a project's specific needs, rather than generic like `golangci` and related tools.  Although `semgrep` offers a suite of out-of-the-box rules (and a paid set of rules), neither of those are used here -- only one Forgejo-specific rule is added in `.semgrep/xorm.yaml`.

My intent with this change is to introduce the idea and infrastructure of `semgrep` with a single minimal rule.  Once in-place, this will become a tool that we can use when we recognize bad coding patterns and wish to correct them permanently, rather than relying on human code review.  While generic linting tools do this well for general patterns, this will allow Forgejo to apply domain-specific checks.  For example, in #11112, an error indicates that it might be appropriate for us to always use `.StorageEngine("InnoDB")` when using an xorm engine -- if we made that determination, it could be cemented in-place with a `semgrep` rule relatively easily.

This specific rule looks for any access for xorm's `Sync` or `SyncWithOptions` methods on the `*xorm.Engine` or `*xorm.Session`.  They are then considered errors if they don't include `IgnoreDropIndices: true`.  This is *typically* correct and safe, but can also be ignored when specifically needed.  In the `.semgrep/tests` folder, test code is added which validates that the `semgrep` rule matches the expected patterns; this self-test is run before `semgrep` runs on the PR in CI.

As a demonstration, when `IgnoreDropIndices` is removed from a migration, here's an error: https://codeberg.org/forgejo/forgejo/actions/runs/135750/jobs/12/attempt/1

```
    models/forgejo_migrations/v14b_add-action_run-preexecutionerrorcode.go
   ❯❯❱ semgrep.xorm-sync-missing-ignore-drop-indices
          xorm Sync operation may drop indices if used on an incomplete bean definition for an existing table.
          Use SyncWithOptions with IgnoreDropIndices: true instead.

           22┆ _, err := x.SyncWithOptions(xorm.SyncOptions{}, new(ActionRun))
```

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11142
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .forgejo/workflows/testing.yml                | 13 ++++++
 .semgrep/config/xorm.yaml                     | 24 ++++++++++
 .semgrep/tests/xorm.go                        | 45 +++++++++++++++++++
 models/forgejo_migrations/migrate.go          |  2 +-
 .../v14a_actions-approval-and-trust.go        |  2 +-
 .../v14a_add-forgejo-migrations-table.go      |  2 +-
 .../v14b_action-reindexing.go                 |  2 +-
 7 files changed, 86 insertions(+), 4 deletions(-)
 create mode 100644 .semgrep/config/xorm.yaml
 create mode 100644 .semgrep/tests/xorm.go

diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index 395e6c99e5..64c5dbc72d 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -301,3 +301,16 @@ jobs:
       - uses: ./.forgejo/workflows-composite/setup-env
       - run: su forgejo -c 'make deps-backend deps-tools'
       - run: su forgejo -c 'make security-check'
+  semgrep:
+    if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+    name: semgrep/ci
+    runs-on: docker
+    container:
+      image: 'data.forgejo.org/oci/semgrep:latest'
+    steps:
+      - run: apk add nodejs # required for actions/checkout
+      - uses: https://data.forgejo.org/actions/checkout@v6
+      - name: self-check semgrep rules
+        run: semgrep --test .semgrep/tests/ --config .semgrep/config/
+      - name: semgrep ci
+        run: semgrep ci --config .semgrep/config/ --metrics=off
diff --git a/.semgrep/config/xorm.yaml b/.semgrep/config/xorm.yaml
new file mode 100644
index 0000000000..057e1d3aef
--- /dev/null
+++ b/.semgrep/config/xorm.yaml
@@ -0,0 +1,24 @@
+rules:
+  - id: xorm-sync-missing-ignore-drop-indices
+    patterns:
+      - pattern-either:
+          - pattern: |
+              $X.Sync(...)
+          - pattern: |
+              $X.SyncWithOptions($OPTS, ...)
+      - pattern-not: |
+          $X.SyncWithOptions(xorm.SyncOptions{..., IgnoreDropIndices: true, ...}, ...)
+      - metavariable-type:
+          metavariable: $X
+          types:
+            - "*xorm.Engine"
+            - "*xorm.Session"
+    paths:
+      exclude:
+        - /models/gitea_migrations/**/*.go
+        - /models/forgejo_migrations_legacy/**/*.go
+    languages:
+      - go
+    message: |
+      xorm Sync operation may drop indices if used on an incomplete bean definition for an existing table. Use SyncWithOptions with IgnoreDropIndices: true instead.
+    severity: ERROR
diff --git a/.semgrep/tests/xorm.go b/.semgrep/tests/xorm.go
new file mode 100644
index 0000000000..00b86acee1
--- /dev/null
+++ b/.semgrep/tests/xorm.go
@@ -0,0 +1,45 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"io/fs"
+
+	"forgejo.org/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+type ActionUser struct {
+	ID     int64 `xorm:"pk autoincr"`
+	UserID int64 `xorm:"INDEX UNIQUE(action_user_index) REFERENCES(user, id)"`
+	RepoID int64 `xorm:"INDEX UNIQUE(action_user_index) REFERENCES(repository, id)"`
+
+	TrustedWithPullRequests bool
+
+	LastAccess timeutil.TimeStamp `xorm:"INDEX"`
+}
+
+func testSyncBad1(x *xorm.Engine) error {
+	// ruleid:xorm-sync-missing-ignore-drop-indices
+	return x.Sync(new(ActionUser))
+}
+
+func testSyncBad2(x *xorm.Engine) error {
+	// ruleid:xorm-sync-missing-ignore-drop-indices
+	_, err = x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: false}, bean)
+	return err
+}
+
+func testSyncGood1(x *xorm.Engine) error {
+	// ok:xorm-sync-missing-ignore-drop-indices
+	_, err = x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, bean)
+	return err
+}
+
+func testSyncGood2(x *fs.File) error {
+	// ok:xorm-sync-missing-ignore-drop-indices
+	_, err = x.Sync()
+	return err
+}
diff --git a/models/forgejo_migrations/migrate.go b/models/forgejo_migrations/migrate.go
index 53ab95d216..d64009db51 100644
--- a/models/forgejo_migrations/migrate.go
+++ b/models/forgejo_migrations/migrate.go
@@ -153,7 +153,7 @@ func Migrate(x *xorm.Engine, freshDB bool) error {
 
 	// Set a new clean the default mapper to GonicMapper as that is the default for .
 	x.SetMapper(names.GonicMapper{})
-	if err := x.Sync(new(ForgejoMigration)); err != nil {
+	if _, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, new(ForgejoMigration)); err != nil {
 		return fmt.Errorf("sync: %w", err)
 	}
 
diff --git a/models/forgejo_migrations/v14a_actions-approval-and-trust.go b/models/forgejo_migrations/v14a_actions-approval-and-trust.go
index 657d512548..9f6691c4f0 100644
--- a/models/forgejo_migrations/v14a_actions-approval-and-trust.go
+++ b/models/forgejo_migrations/v14a_actions-approval-and-trust.go
@@ -41,7 +41,7 @@ func v14ActionsApprovalAndTrustCreateTableActionUser(x *xorm.Engine) error {
 
 		LastAccess timeutil.TimeStamp `xorm:"INDEX"`
 	}
-	return x.Sync(new(ActionUser))
+	return x.Sync(new(ActionUser)) // nosemgrep:xorm-sync-missing-ignore-drop-indices
 }
 
 func v14ActionsApprovalAndTrustAddActionsRunFields(x *xorm.Engine) error {
diff --git a/models/forgejo_migrations/v14a_add-forgejo-migrations-table.go b/models/forgejo_migrations/v14a_add-forgejo-migrations-table.go
index f78eec8789..8f22983e80 100644
--- a/models/forgejo_migrations/v14a_add-forgejo-migrations-table.go
+++ b/models/forgejo_migrations/v14a_add-forgejo-migrations-table.go
@@ -21,5 +21,5 @@ func addForgejoMigration(x *xorm.Engine) error {
 		ID          string             `xorm:"pk"`
 		CreatedUnix timeutil.TimeStamp `xorm:"created"`
 	}
-	return x.Sync(new(ForgejoMigration))
+	return x.Sync(new(ForgejoMigration)) // nosemgrep:xorm-sync-missing-ignore-drop-indices
 }
diff --git a/models/forgejo_migrations/v14b_action-reindexing.go b/models/forgejo_migrations/v14b_action-reindexing.go
index 6b5608a5d5..83dc452191 100644
--- a/models/forgejo_migrations/v14b_action-reindexing.go
+++ b/models/forgejo_migrations/v14b_action-reindexing.go
@@ -69,5 +69,5 @@ func reworkActionIndexes(x *xorm.Engine) error {
 		return err
 	}
 
-	return x.Sync(new(v14bAction))
+	return x.Sync(new(v14bAction)) // nosemgrep:xorm-sync-missing-ignore-drop-indices
 }

From 239d7168e17d620c3b4f951b383073b187825d83 Mon Sep 17 00:00:00 2001
From: Shiny Nematoda <snematoda.751k2@aleeas.com>
Date: Sat, 7 Feb 2026 22:37:33 +0100
Subject: [PATCH 283/854] feat: support filtering for issues with multiple
 assignees (#10552)

Stores the entire list of AssigneeIDs for each issue in the indexer.
This fixes the bug where there were missing entries for issues with assignees while filtering.

Note: Will re-index all issues

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10552
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
---
 modules/indexer/issues/bleve/bleve.go          |  6 +++---
 .../issues/elasticsearch/elasticsearch.go      |  6 +++---
 modules/indexer/issues/internal/model.go       |  2 +-
 modules/indexer/issues/internal/tests/tests.go | 18 +++++++++++++-----
 .../indexer/issues/meilisearch/meilisearch.go  |  6 +++---
 modules/indexer/issues/util.go                 | 11 ++++++++++-
 6 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/modules/indexer/issues/bleve/bleve.go b/modules/indexer/issues/bleve/bleve.go
index 94e4ed8cc4..65f5b5267a 100644
--- a/modules/indexer/issues/bleve/bleve.go
+++ b/modules/indexer/issues/bleve/bleve.go
@@ -23,7 +23,7 @@ import (
 const (
 	issueIndexerAnalyzer      = "issueIndexer"
 	issueIndexerDocType       = "issueIndexerDocType"
-	issueIndexerLatestVersion = 6
+	issueIndexerLatestVersion = 7
 )
 
 const unicodeNormalizeName = "unicodeNormalize"
@@ -82,7 +82,7 @@ func generateIssueIndexMapping() (mapping.IndexMapping, error) {
 	docMapping.AddFieldMappingsAt("project_id", numberFieldMapping)
 	docMapping.AddFieldMappingsAt("project_board_id", numberFieldMapping)
 	docMapping.AddFieldMappingsAt("poster_id", numberFieldMapping)
-	docMapping.AddFieldMappingsAt("assignee_id", numberFieldMapping)
+	docMapping.AddFieldMappingsAt("assignee_ids", numberFieldMapping)
 	docMapping.AddFieldMappingsAt("mention_ids", numberFieldMapping)
 	docMapping.AddFieldMappingsAt("reviewed_ids", numberFieldMapping)
 	docMapping.AddFieldMappingsAt("review_requested_ids", numberFieldMapping)
@@ -245,7 +245,7 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 		"project_id":           options.ProjectID,
 		"project_board_id":     options.ProjectColumnID,
 		"poster_id":            options.PosterID,
-		"assignee_id":          options.AssigneeID,
+		"assignee_ids":         options.AssigneeID,
 		"mention_ids":          options.MentionID,
 		"reviewed_ids":         options.ReviewedID,
 		"review_requested_ids": options.ReviewRequestedID,
diff --git a/modules/indexer/issues/elasticsearch/elasticsearch.go b/modules/indexer/issues/elasticsearch/elasticsearch.go
index 4a5e667c14..95efdad6d3 100644
--- a/modules/indexer/issues/elasticsearch/elasticsearch.go
+++ b/modules/indexer/issues/elasticsearch/elasticsearch.go
@@ -18,7 +18,7 @@ import (
 )
 
 const (
-	issueIndexerLatestVersion = 2
+	issueIndexerLatestVersion = 3
 	// multi-match-types, currently only 2 types are used
 	// Reference: https://www.elastic.co/guide/en/elasticsearch/reference/7.0/query-dsl-multi-match-query.html#multi-match-types
 	esMultiMatchTypeBestFields   = "best_fields"
@@ -69,7 +69,7 @@ const (
 			"project_id": { "type": "long", "index": true },
 			"project_board_id": { "type": "long", "index": true },
 			"poster_id": { "type": "long", "index": true },
-			"assignee_id": { "type": "long", "index": true },
+			"assignee_ids": { "type": "long", "index": true },
 			"mention_ids": { "type": "long", "index": true },
 			"reviewed_ids": { "type": "long", "index": true },
 			"review_requested_ids": { "type": "long", "index": true },
@@ -233,7 +233,7 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 	}
 
 	if options.AssigneeID.Has() {
-		query.Must(elastic.NewTermQuery("assignee_id", options.AssigneeID.Value()))
+		query.Must(elastic.NewTermQuery("assignee_ids", options.AssigneeID.Value()))
 	}
 
 	if options.MentionID.Has() {
diff --git a/modules/indexer/issues/internal/model.go b/modules/indexer/issues/internal/model.go
index 89134dcac7..4034f6d0f9 100644
--- a/modules/indexer/issues/internal/model.go
+++ b/modules/indexer/issues/internal/model.go
@@ -30,7 +30,7 @@ type IndexerData struct {
 	ProjectID          int64              `json:"project_id"`
 	ProjectColumnID    int64              `json:"project_board_id"` // the key should be kept as project_board_id to keep compatible
 	PosterID           int64              `json:"poster_id"`
-	AssigneeID         int64              `json:"assignee_id"`
+	AssigneeIDs        []int64            `json:"assignee_ids"`
 	MentionIDs         []int64            `json:"mention_ids"`
 	ReviewedIDs        []int64            `json:"reviewed_ids"`
 	ReviewRequestedIDs []int64            `json:"review_requested_ids"`
diff --git a/modules/indexer/issues/internal/tests/tests.go b/modules/indexer/issues/internal/tests/tests.go
index 4466bf25a7..c4a453c9aa 100644
--- a/modules/indexer/issues/internal/tests/tests.go
+++ b/modules/indexer/issues/internal/tests/tests.go
@@ -461,10 +461,10 @@ var cases = []*testIndexerCase{
 		Expected: func(t *testing.T, data map[int64]*internal.IndexerData, result *internal.SearchResult) {
 			assert.Len(t, result.Hits, 5)
 			for _, v := range result.Hits {
-				assert.Equal(t, int64(1), data[v.ID].AssigneeID)
+				assert.Contains(t, data[v.ID].AssigneeIDs, int64(1))
 			}
 			assert.Equal(t, countIndexerData(data, func(v *internal.IndexerData) bool {
-				return v.AssigneeID == 1
+				return slices.Contains(v.AssigneeIDs, 1)
 			}), result.Total)
 		},
 	},
@@ -479,10 +479,10 @@ var cases = []*testIndexerCase{
 		Expected: func(t *testing.T, data map[int64]*internal.IndexerData, result *internal.SearchResult) {
 			assert.Len(t, result.Hits, 5)
 			for _, v := range result.Hits {
-				assert.Equal(t, int64(0), data[v.ID].AssigneeID)
+				assert.Equal(t, []int64{0}, data[v.ID].AssigneeIDs)
 			}
 			assert.Equal(t, countIndexerData(data, func(v *internal.IndexerData) bool {
-				return v.AssigneeID == 0
+				return slices.Contains(v.AssigneeIDs, 0)
 			}), result.Total)
 		},
 	},
@@ -840,6 +840,14 @@ func generateDefaultIndexerData() []*internal.IndexerData {
 				subscriberIDs[i] = int64(i) + 1 // SubscriberID should not be 0
 			}
 
+			assigneeIDs := make([]int64, 0, 2)
+			{
+				if issueIndex%7 == 0 { // If divisible by 7 we insert 1 too to test multiple assignees
+					assigneeIDs = append(assigneeIDs, 1)
+				}
+				assigneeIDs = append(assigneeIDs, issueIndex%10)
+			}
+
 			data = append(data, &internal.IndexerData{
 				ID:                 id,
 				Index:              issueIndex,
@@ -856,7 +864,7 @@ func generateDefaultIndexerData() []*internal.IndexerData {
 				ProjectID:          issueIndex % 5,
 				ProjectColumnID:    issueIndex % 6,
 				PosterID:           id%10 + 1, // PosterID should not be 0
-				AssigneeID:         issueIndex % 10,
+				AssigneeIDs:        assigneeIDs,
 				MentionIDs:         mentionIDs,
 				ReviewedIDs:        reviewedIDs,
 				ReviewRequestedIDs: reviewRequestedIDs,
diff --git a/modules/indexer/issues/meilisearch/meilisearch.go b/modules/indexer/issues/meilisearch/meilisearch.go
index aefe7de517..4ed854dfe6 100644
--- a/modules/indexer/issues/meilisearch/meilisearch.go
+++ b/modules/indexer/issues/meilisearch/meilisearch.go
@@ -18,7 +18,7 @@ import (
 )
 
 const (
-	issueIndexerLatestVersion = 3
+	issueIndexerLatestVersion = 4
 
 	// TODO: make this configurable if necessary
 	maxTotalHits = 10000
@@ -67,7 +67,7 @@ func NewIndexer(url, apiKey, indexerName string) *Indexer {
 			"project_id",
 			"project_board_id",
 			"poster_id",
-			"assignee_id",
+			"assignee_ids",
 			"mention_ids",
 			"reviewed_ids",
 			"review_requested_ids",
@@ -183,7 +183,7 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 	}
 
 	if options.AssigneeID.Has() {
-		query.And(inner_meilisearch.NewFilterEq("assignee_id", options.AssigneeID.Value()))
+		query.And(inner_meilisearch.NewFilterEq("assignee_ids", options.AssigneeID.Value()))
 	}
 
 	if options.MentionID.Has() {
diff --git a/modules/indexer/issues/util.go b/modules/indexer/issues/util.go
index 31b7e888c0..71ee46e235 100644
--- a/modules/indexer/issues/util.go
+++ b/modules/indexer/issues/util.go
@@ -50,6 +50,15 @@ func getIssueIndexerData(ctx context.Context, issueID int64) (*internal.IndexerD
 		labels = append(labels, label.ID)
 	}
 
+	assigneeIDs := make([]int64, 0, len(issue.Assignees))
+	if len(issue.Assignees) != 0 {
+		for _, assignee := range issue.Assignees {
+			assigneeIDs = append(assigneeIDs, assignee.ID)
+		}
+	} else {
+		assigneeIDs = append(assigneeIDs, 0)
+	}
+
 	mentionIDs, err := issues_model.GetIssueMentionIDs(ctx, issueID)
 	if err != nil {
 		return nil, false, err
@@ -108,7 +117,7 @@ func getIssueIndexerData(ctx context.Context, issueID int64) (*internal.IndexerD
 		ProjectID:          projectID,
 		ProjectColumnID:    issue.ProjectColumnID(ctx),
 		PosterID:           issue.PosterID,
-		AssigneeID:         issue.AssigneeID,
+		AssigneeIDs:        assigneeIDs,
 		MentionIDs:         mentionIDs,
 		ReviewedIDs:        reviewedIDs,
 		ReviewRequestedIDs: reviewRequestedIDs,

From 3f7859f52d78ecd219f2fa51f6820724231ad7e3 Mon Sep 17 00:00:00 2001
From: Luis <luis@adame.dev>
Date: Sun, 8 Feb 2026 00:31:31 +0100
Subject: [PATCH 284/854] feat: improve label filtering exclusion (#10702)

Adds a new button on the right side of the label's filter menu items to explicitly exclude labels.

The new button is reachable with the keyboard by using the vertical arrow keys to reach the label you want to exclude and then the horizontal arrow keys to select the exclusion button.

The new button will only be visible when hovering the menu item or reaching it with the keyboard.

Adjusted the alignment of labels when at least one label is selected so that users can clearly discern which labels are selected or not.

Resolves #3302

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10702
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Luis <luis@adame.dev>
Co-committed-by: Luis <luis@adame.dev>
---
 models/issues/label.go                        |   4 +-
 models/issues/label_test.go                   |  13 +-
 modules/templates/util_render.go              |   8 +-
 modules/templates/util_render_test.go         |   7 +-
 options/locale/locale_en-US.ini               |   1 -
 .../repo/issue/labels/label_archived.tmpl     |   2 +-
 templates/shared/label_filter.tmpl            |  18 +-
 tests/e2e/repo-issues.test.e2e.ts             |  47 +++++
 web_src/css/index.css                         |   1 +
 web_src/css/issues.css                        |  75 +++++++
 web_src/js/features/repo-issue-list.js        |   4 +-
 .../js/features/repo-issue-sidebar-list.ts    | 186 ++++++++++++++++++
 web_src/js/features/repo-issue.js             |  82 --------
 web_src/js/features/repo-issue.test.js        |  25 ++-
 web_src/js/index.js                           |   4 +-
 web_src/js/types.d.ts                         |   1 +
 16 files changed, 372 insertions(+), 106 deletions(-)
 create mode 100644 tests/e2e/repo-issues.test.e2e.ts
 create mode 100644 web_src/css/issues.css
 create mode 100644 web_src/js/features/repo-issue-sidebar-list.ts

diff --git a/models/issues/label.go b/models/issues/label.go
index 4a5c3b4bfe..29ac82cfa3 100644
--- a/models/issues/label.go
+++ b/models/issues/label.go
@@ -150,6 +150,7 @@ func (l *Label) LoadSelectedLabelsAfterClick(currentSelectedLabels []int64, curr
 	for i, curSel := range currentSelectedLabels {
 		if curSel == l.ID {
 			labelSelected = true
+			l.IsExcluded = false
 		} else if -curSel == l.ID {
 			labelSelected = true
 			l.IsExcluded = true
@@ -161,9 +162,10 @@ func (l *Label) LoadSelectedLabelsAfterClick(currentSelectedLabels []int64, curr
 		}
 	}
 
-	if !labelSelected {
+	if !labelSelected || l.IsExcluded {
 		labelQuerySlice = append(labelQuerySlice, l.ID)
 	}
+
 	l.IsSelected = labelSelected
 
 	// Sort and deduplicate the ids to avoid the crawlers asking for the
diff --git a/models/issues/label_test.go b/models/issues/label_test.go
index d3e6146fc9..f52c20e4a2 100644
--- a/models/issues/label_test.go
+++ b/models/issues/label_test.go
@@ -32,18 +32,27 @@ func TestLabel_LoadSelectedLabelsAfterClick(t *testing.T) {
 
 	// First test : with negative and scope
 	label.LoadSelectedLabelsAfterClick([]int64{1, -8}, []string{"", "scope"})
+	// Flips to positive to include after click
+	assert.Equal(t, "1,8", label.QueryString)
+	assert.True(t, label.IsSelected)
+	assert.True(t, label.IsExcluded)
+
+	// Second test : with positive and scope
+	label.LoadSelectedLabelsAfterClick([]int64{1, 8}, []string{"", "scope"})
 	assert.Equal(t, "1", label.QueryString)
 	assert.True(t, label.IsSelected)
 
-	// Second test : with duplicates
+	// Third test : with duplicates
 	label.LoadSelectedLabelsAfterClick([]int64{1, 7, 1, 7, 7}, []string{"", "scope", "", "scope", "scope"})
 	assert.Equal(t, "1,8", label.QueryString)
 	assert.False(t, label.IsSelected)
+	assert.False(t, label.IsExcluded)
 
-	// Third test : empty set
+	// Fourth test : empty set
 	label.LoadSelectedLabelsAfterClick([]int64{}, []string{})
 	assert.False(t, label.IsSelected)
 	assert.Equal(t, "8", label.QueryString)
+	assert.False(t, label.IsExcluded)
 }
 
 func TestLabel_ExclusiveScope(t *testing.T) {
diff --git a/modules/templates/util_render.go b/modules/templates/util_render.go
index bec8d5f5e3..02851ed75d 100644
--- a/modules/templates/util_render.go
+++ b/modules/templates/util_render.go
@@ -162,8 +162,8 @@ func RenderLabel(ctx *Context, label *issues_model.Label) template.HTML {
 		// Regular label
 
 		labelColor := label.Color + hex.EncodeToString([]byte{GetLabelOpacityByte(label.IsArchived())})
-		s := fmt.Sprintf("<div class='ui label %s' style='color: %s !important; background-color: %s !important;' data-tooltip-content title='%s'>%s</div>",
-			archivedCSSClass, textColor, labelColor, description, RenderEmoji(ctx, label.Name))
+		s := fmt.Sprintf("<div class='ui label %s' style='color: %s !important; background-color: %s !important;' data-tooltip-content='%s' aria-description='%s'>%s</div>",
+			archivedCSSClass, textColor, labelColor, description, description, RenderEmoji(ctx, label.Name))
 		return template.HTML(s)
 	}
 
@@ -200,11 +200,11 @@ func RenderLabel(ctx *Context, label *issues_model.Label) template.HTML {
 	scopeColor := "#" + hex.EncodeToString(scopeBytes)
 	itemColor := "#" + hex.EncodeToString(itemBytes)
 
-	s := fmt.Sprintf("<span class='ui label %s scope-parent' data-tooltip-content title='%s'>"+
+	s := fmt.Sprintf("<span class='ui label %s scope-parent' data-tooltip-content='%s' aria-description='%s'>"+
 		"<div class='ui label scope-left' style='color: %s !important; background-color: %s !important'>%s</div>"+
 		"<div class='ui label scope-right' style='color: %s !important; background-color: %s !important'>%s</div>"+
 		"</span>",
-		archivedCSSClass, description,
+		archivedCSSClass, description, description,
 		textColor, scopeColor, scopeText,
 		textColor, itemColor, itemText)
 	return template.HTML(s)
diff --git a/modules/templates/util_render_test.go b/modules/templates/util_render_test.go
index acf5353ca3..35412989e3 100644
--- a/modules/templates/util_render_test.go
+++ b/modules/templates/util_render_test.go
@@ -229,7 +229,8 @@ func TestRenderLabels(t *testing.T) {
 	rendered := RenderLabels(ctx, []*issues_model.Label{label}, "user2/repo1", false)
 	assert.Contains(t, rendered, "user2/repo1/issues?labels=1")
 	assert.Contains(t, rendered, ">label1<")
-	assert.Contains(t, rendered, "title='First label'")
+	assert.Contains(t, rendered, "data-tooltip-content='First label'")
+	assert.Contains(t, rendered, "aria-description='First label'")
 	rendered = RenderLabels(ctx, []*issues_model.Label{label}, "user2/repo1", true)
 	assert.Contains(t, rendered, "user2/repo1/pulls?labels=1")
 	assert.Contains(t, rendered, ">label1<")
@@ -241,11 +242,11 @@ func TestRenderLabels(t *testing.T) {
 	assert.Contains(t, rendered, "user2/repo1/issues?labels=11")
 	assert.Contains(t, rendered, ">  &lt;script&gt;malicious&lt;/script&gt; <")
 	assert.Contains(t, rendered, ">&#39;?&amp;<")
-	assert.Contains(t, rendered, "title='Malicious label &#39; &lt;script&gt;malicious&lt;/script&gt;'")
+	assert.Contains(t, rendered, "data-tooltip-content='Malicious label &#39; &lt;script&gt;malicious&lt;/script&gt;'")
+	assert.Contains(t, rendered, "aria-description='Malicious label &#39; &lt;script&gt;malicious&lt;/script&gt;'")
 	rendered = RenderLabels(ctx, []*issues_model.Label{labelArchived}, "user2/repo1", false)
 	assert.Contains(t, rendered, "user2/repo1/issues?labels=12")
 	assert.Contains(t, rendered, ">archived label&lt;&gt;<")
-	assert.Contains(t, rendered, "title='repo.issues.archived_label_description'")
 }
 
 func TestRenderUser(t *testing.T) {
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 543d75a0f9..00e4adb378 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1555,7 +1555,6 @@ issues.remove_ref_at = `removed reference <b>%s</b> %s`
 issues.add_ref_at = `added reference <b>%s</b> %s`
 issues.delete_branch_at = `deleted branch <b>%s</b> %s`
 issues.filter_label = Label
-issues.filter_label_exclude = Use <kbd>Alt</kbd> + <kbd>Click</kbd> to exclude labels
 issues.filter_label_no_select = All labels
 issues.filter_label_select_no_label = No label
 issues.filter_milestone = Milestone
diff --git a/templates/repo/issue/labels/label_archived.tmpl b/templates/repo/issue/labels/label_archived.tmpl
index feaf77e456..cbcf462292 100644
--- a/templates/repo/issue/labels/label_archived.tmpl
+++ b/templates/repo/issue/labels/label_archived.tmpl
@@ -1,5 +1,5 @@
 {{if .IsArchived}}
-	<span class="ui label basic small" data-tooltip-content="{{ctx.Locale.Tr "repo.issues.label_archive_tooltip"}}">
+	<span class="ui label basic small archived-label-indicator" data-tooltip-content="{{ctx.Locale.Tr "repo.issues.label_archive_tooltip"}}">
 		{{ctx.Locale.Tr "archived"}}
 	</span>
 {{end}}
diff --git a/templates/shared/label_filter.tmpl b/templates/shared/label_filter.tmpl
index 0c8d537cc7..aa9a16f531 100644
--- a/templates/shared/label_filter.tmpl
+++ b/templates/shared/label_filter.tmpl
@@ -21,7 +21,6 @@
 				</i>
 			</label>
 		</div>
-		<span class="info">{{ctx.Locale.Tr "repo.issues.filter_label_exclude"}}</span>
 		<div class="divider"></div>
 		<a rel="nofollow" class="{{if .AllLabels}}active selected {{end}}item" href="?q={{$.Keyword}}&type={{$.ViewType}}&sort={{$.SortType}}&state={{$.State}}&labels=&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_label_no_select"}}</a>
 		<a rel="nofollow" class="{{if .NoLabel}}active selected {{end}}item" href="?q={{$.Keyword}}&type={{$.ViewType}}&sort={{$.SortType}}&state={{$.State}}&labels=0&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}">{{ctx.Locale.Tr "repo.issues.filter_label_select_no_label"}}</a>
@@ -32,19 +31,22 @@
 				<div class="divider"></div>
 			{{end}}
 			{{$previousExclusiveScope = $exclusiveScope}}
-			<a rel="nofollow" class="item label-filter-item tw-flex tw-items-center" {{if .IsArchived}}data-is-archived{{end}} href="?q={{$.Keyword}}&type={{$.ViewType}}&sort={{$.SortType}}&labels={{.QueryString}}&state={{$.State}}&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}" data-label-id="{{.ID}}">
-				{{if .IsExcluded}}
-					{{svg "octicon-circle-slash"}}
-				{{else if .IsSelected}}
+			<div class="item tw-flex tw-items-center" {{if and .IsSelected (not .IsExcluded)}}data-selected{{end}}>
+				{{if and .IsSelected  (not .IsExcluded)}}
 					{{if $exclusiveScope}}
 						{{svg "octicon-dot-fill"}}
 					{{else}}
 						{{svg "octicon-check"}}
 					{{end}}
 				{{end}}
-				{{RenderLabel ctx .}}
-				<p class="tw-ml-auto">{{template "repo/issue/labels/label_archived" .}}</p>
-			</a>
+				<a rel="nofollow" class="label-filter-item tw-flex tw-items-center tw-flex-1" {{if .IsArchived}}data-is-archived{{end}} href="?q={{$.Keyword}}&type={{$.ViewType}}&sort={{$.SortType}}&labels={{.QueryString}}&state={{$.State}}&milestone={{$.MilestoneID}}&project={{$.ProjectID}}&assignee={{$.AssigneeID}}&poster={{$.PosterID}}{{if $.ShowArchivedLabels}}&archived=true{{end}}" data-label-id="{{.ID}}">
+					{{RenderLabel ctx .}}
+				</a>
+				{{template "repo/issue/labels/label_archived" .}}
+				<button type="button" data-tooltip-content="{{if .IsExcluded}}Clear exclusion{{else}}Exclude label{{end}}" class="label-exclude-item-btn {{if .IsExcluded}}active{{end}}">
+					{{svg "octicon-no-entry"}}
+				</button>
+			</div>
 		{{end}}
 	</div>
 </div>
diff --git a/tests/e2e/repo-issues.test.e2e.ts b/tests/e2e/repo-issues.test.e2e.ts
new file mode 100644
index 0000000000..b4b4c9bae4
--- /dev/null
+++ b/tests/e2e/repo-issues.test.e2e.ts
@@ -0,0 +1,47 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// @watch start
+// templates/shared/label_filter.tmpl
+// web_src/js/features/repo-issue-sidebar-list.ts
+// @watch end
+
+import {expect} from '@playwright/test';
+import {test} from './utils_e2e.ts';
+
+test.use({user: 'user2'});
+
+test('Label filter exclusion', async ({page}) => {
+  const response = await page.goto('/user2/repo1/issues');
+  expect(response?.status()).toBe(200);
+
+  await expect(
+    page.getByRole('link', {name: 'issue1'}),
+  ).toBeVisible();
+
+  // open label filter dropdown
+  await page.getByRole('combobox').filter({has: page.getByText('Label')}).click();
+
+  // exclude the label1 label attached to issue1
+  const labelOption = page
+    .getByRole('option').filter({has: page.getByText('label1')});
+  await expect(labelOption).toBeVisible();
+  await labelOption.hover();
+  await labelOption.getByRole('button', {name: 'Exclude label'}).click();
+
+  await expect(
+    page.getByRole('link', {name: 'issue1'}),
+  ).toBeHidden();
+
+  // open label filter dropdown
+  await page.getByRole('combobox').filter({has: page.getByText('Label')}).click();
+
+  // clear exclusion
+  await expect(labelOption).toBeVisible();
+  await labelOption.hover();
+  await labelOption.getByRole('button', {name: 'Clear exclusion'}).click();
+
+  await expect(
+    page.getByRole('link', {name: 'issue1'}),
+  ).toBeVisible();
+});
diff --git a/web_src/css/index.css b/web_src/css/index.css
index feb84f1cf7..cf0521399c 100644
--- a/web_src/css/index.css
+++ b/web_src/css/index.css
@@ -84,6 +84,7 @@
 @import "./review.css";
 @import "./actions.css";
 @import "./migrate.css";
+@import "./issues.css";
 
 @tailwind utilities;
 @import "./helpers.css";
diff --git a/web_src/css/issues.css b/web_src/css/issues.css
new file mode 100644
index 0000000000..28539e5eb3
--- /dev/null
+++ b/web_src/css/issues.css
@@ -0,0 +1,75 @@
+/* Copyright 2025 The Forgejo Authors. All rights reserved.
+ * SPDX-License-Identifier: GPL-3.0-or-later */
+
+.archived-label-filter:has(#archived-label-filter:not(:checked))
+[data-is-archived] {
+  display: none !important;
+}
+
+.menu .item:has(> .label-filter-item) .label-exclude-item-btn {
+  opacity: 0;
+  position: absolute;
+  right: 0;
+  height: 100%;
+  width: 40px;
+  background: none;
+  color: var(--color-secondary-dark-5);
+
+  @media (any-hover: none) {
+    opacity: 1;
+  }
+
+  &.active {
+    color: var(--color-secondary-dark-10);
+  }
+
+  &:is(:hover, :focus-visible),
+  &.selected {
+    background: var(--color-secondary);
+    color: var(--color-secondary-dark-7);
+  }
+}
+
+.ui.menu .ui.dropdown .menu > .item:has(> .label-filter-item) {
+  max-width: 288px;
+
+  @media (any-hover: none) {
+    padding-right: 50px !important;
+  }
+
+  &:hover,
+  &.selected,
+  &:has(.label-exclude-item-btn.active) {
+    padding-right: 50px !important;
+
+    .label-exclude-item-btn {
+      opacity: 1;
+    }
+  }
+}
+
+.menu:has(> .item[data-selected])
+.item:not([data-selected])
+> .label-filter-item {
+  padding-left: 27px;
+}
+
+.menu .item .label-filter-item {
+  width: 100%;
+  min-width: 0;
+}
+
+.menu .item .label-filter-item > .label {
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  overflow: hidden;
+  display: block;
+}
+
+.menu .item .archived-label-indicator {
+  margin: 0 0 0 10px !important;
+
+  @media (prefers-reduced-motion: no-preference) {
+    transition: transform 200ms ease;
+  }
+}
diff --git a/web_src/js/features/repo-issue-list.js b/web_src/js/features/repo-issue-list.js
index 92f058c4d2..a5f71034fb 100644
--- a/web_src/js/features/repo-issue-list.js
+++ b/web_src/js/features/repo-issue-list.js
@@ -220,13 +220,13 @@ function initArchivedLabelFilter() {
   const archivedElToggle = () => {
     for (const label of archivedLabels) {
       const id = label.getAttribute('data-label-id');
-      toggleElem(label, archivedLabelEl.checked || selectedLabels.includes(id));
+      toggleElem(label.closest('.item'), archivedLabelEl.checked || selectedLabels.includes(id));
     }
   };
 
   archivedElToggle();
+
   archivedLabelEl.addEventListener('change', () => {
-    archivedElToggle();
     if (archivedLabelEl.checked) {
       url.searchParams.set('archived', 'true');
     } else {
diff --git a/web_src/js/features/repo-issue-sidebar-list.ts b/web_src/js/features/repo-issue-sidebar-list.ts
new file mode 100644
index 0000000000..8e4127c58d
--- /dev/null
+++ b/web_src/js/features/repo-issue-sidebar-list.ts
@@ -0,0 +1,186 @@
+import $ from 'jquery';
+import {htmlEscape} from 'escape-goat';
+import {emojiHTML} from './emoji.js';
+
+const {appSubUrl} = window.config;
+
+export function initRepoIssueSidebarList() {
+  const repolink = $('#repolink').val();
+  const repoId = $('#repoId').val();
+  const crossRepoSearch = $('#crossRepoSearch').val() === 'true';
+  const tp = $('#type').val();
+
+  $('#new-dependency-drop-list')
+    .dropdown({
+      apiSettings: {
+        beforeSend(settings) {
+          if (!settings.urlData.query.trim()) {
+            settings.url = `${appSubUrl}/${repolink}/issues/search?q={query}&type=${tp}&sort=updated`;
+          } else if (crossRepoSearch) {
+            settings.url = `${appSubUrl}/issues/search?q={query}&priority_repo_id=${repoId}&type=${tp}&sort=relevance`;
+          } else {
+            settings.url = `${appSubUrl}/${repolink}/issues/search?q={query}&type=${tp}&sort=relevance`;
+          }
+          return settings;
+        },
+        onResponse(response: Record<string, {
+          id: string,
+          number: number,
+          title: string,
+          repository: {
+            full_name: string
+          }
+        }>) {
+          const filteredResponse = {success: true, results: []};
+          const currIssueId = $('#new-dependency-drop-list').data('issue-id');
+          // Parse the response from the api to work with our dropdown
+          for (const [_, issue] of Object.entries(response)) {
+            // Don't list current issue in the dependency list.
+            if (issue.id === currIssueId) {
+              continue;
+            }
+            filteredResponse.results.push({
+              name: `#${issue.number} ${issueTitleHTML(htmlEscape(issue.title))
+              }<div class="text small tw-break-anywhere">${htmlEscape(issue.repository.full_name)}</div>`,
+              value: issue.id,
+            });
+          }
+          return filteredResponse;
+        },
+        cache: false,
+      },
+
+      fullTextSearch: true,
+    });
+
+  $('.menu button.label-exclude-item-btn').each(function () {
+    $(this).on('click', function () {
+      const label = this.closest('.item').querySelector('a.label-filter-item');
+
+      if (!label) {
+        return;
+      }
+
+      excludeLabel(label);
+    });
+  });
+
+  // Increase surface area to include a label in the filters
+  for (const labelFilterItem of document.querySelectorAll<HTMLAnchorElement>('.menu a.label-filter-item')) {
+    const menuItem = labelFilterItem.closest('.item');
+    menuItem.addEventListener('click', (event: MouseEvent) => {
+      if (labelFilterItem === event.target || (event.target as HTMLElement).closest('.label-exclude-item-btn')) {
+        return;
+      }
+
+      labelFilterItem.click();
+    });
+  }
+
+  $('.menu .ui.dropdown.label-filter').on('keydown', (e: KeyboardEvent) => {
+    const selectedItem = document.querySelector('.menu .ui.dropdown.label-filter .menu .item.selected');
+
+    if (!selectedItem) {
+      return;
+    }
+
+    const selectedItemExcludeButton = selectedItem.querySelector('.label-exclude-item-btn');
+    const selectExcludeButton = () => selectedItemExcludeButton?.classList.add('selected');
+    const deselectExcludeButton = () => selectedItemExcludeButton?.classList.remove('selected');
+    const isExcludeButtonSelected = () => selectedItemExcludeButton?.classList.contains('selected');
+
+    if (e.key === 'Enter') {
+      const labelElement = selectedItem.querySelector<HTMLAnchorElement>('a.label-filter-item');
+
+      if (!labelElement) {
+        return;
+      }
+
+      if (isExcludeButtonSelected()) {
+        excludeLabel(labelElement);
+      } else {
+        labelElement.click();
+      }
+    }
+
+    // the menu can be navigated with or without the search input being focused
+    // therefore we check if the input is currently focused and the caret is
+    // at the end to make sure the moving the caret within the input works
+    const isOnInput = (e.target as HTMLElement).matches('input');
+    const input = e.target as HTMLInputElement;
+
+    if (e.key === 'ArrowRight' && (!isOnInput || isCaretAtEnd(input))) {
+      selectExcludeButton();
+    }
+
+    if (e.key === 'ArrowLeft') {
+      // it will deselect the exclude button before letting the user move along the focused input text
+      // so the user has to press once the left key to deselect and then another time to
+      // move the caret to the left side
+      if (isOnInput && isCaretAtEnd(input) && selectedItemExcludeButton.classList.contains('selected')) {
+        e.preventDefault();
+      }
+      deselectExcludeButton();
+    }
+
+    // when a exclude button is selected moving to the prev or next item in the menu
+    // is still possible, but the exclude button can remain selected, this makes
+    // sure to clear the selection class from the exclude buttons that are not
+    // within the currently selected menu item
+    if (e.key === 'ArrowUp' || e.key === 'ArrowDown') {
+      for (const excludeButtonSelected of document.querySelectorAll('.label-exclude-item-btn.selected')) {
+        if (!selectedItem.contains(excludeButtonSelected)) {
+          excludeButtonSelected.classList.remove('selected');
+        }
+      }
+    }
+  });
+
+  $('.ui.dropdown.label-filter, .ui.dropdown.select-label').dropdown('setting', {'hideDividers': 'empty'}).dropdown('refreshItems');
+}
+
+/**
+ * Render the issue's title.
+ * It converts emojis and code blocks syntax into their respective HTML equivalent.
+ */
+export function issueTitleHTML(title: string) {
+  return title.replaceAll(/:[-+\w]+:/g, (emoji) => emojiHTML(emoji.substring(1, emoji.length - 1)))
+    .replaceAll(/`[^`]+`/g, (code) => `<code class="inline-code-block">${code.substring(1, code.length - 1)}</code>`);
+}
+
+/**
+ * Excludes a label from filters provided by the data-label-id attribute of an element.
+ *
+ * If the label is included it will be converted to an exclusion, if its already excluded it will get removed, otherwise, if not present at all it will get excluded.
+ */
+export function excludeLabel(item: HTMLElement) {
+  const id = item.getAttribute('data-label-id');
+  const excludedId = `-${id}`;
+
+  const params = new URLSearchParams(window.location.search);
+  const labelIds = new Set((params.get('labels') ?? '').split(',').filter((id) => id.length > 0));
+
+  if (labelIds.has(id)) {
+    labelIds.delete(id);
+    labelIds.add(excludedId);
+  } else if (labelIds.has(excludedId)) {
+    labelIds.delete(excludedId);
+  } else {
+    labelIds.add(excludedId);
+  }
+
+  params.set('labels', Array.from(labelIds).join(','));
+
+  window.location.search = params.toString();
+}
+
+/**
+ * Returns true if the caret is at the end of the input even if it has content
+ */
+function isCaretAtEnd(inputElement: HTMLInputElement) {
+  const value = inputElement.value;
+  return (
+    inputElement.selectionStart === inputElement.selectionEnd &&
+    inputElement.selectionEnd === value.length
+  );
+}
diff --git a/web_src/js/features/repo-issue.js b/web_src/js/features/repo-issue.js
index 73131706cc..eb6af4d48b 100644
--- a/web_src/js/features/repo-issue.js
+++ b/web_src/js/features/repo-issue.js
@@ -8,7 +8,6 @@ import {toAbsoluteUrl} from '../utils.js';
 import {initDropzone} from './common-global.js';
 import {POST, GET} from '../modules/fetch.js';
 import {showErrorToast} from '../modules/toast.js';
-import {emojiHTML} from './emoji.js';
 
 const {appSubUrl} = window.config;
 
@@ -109,81 +108,6 @@ export function initRepoIssueDue() {
   });
 }
 
-/**
- * @param {HTMLElement} item
- */
-function excludeLabel(item) {
-  const href = item.getAttribute('href');
-  const id = item.getAttribute('data-label-id');
-
-  const regStr = `labels=((?:-?[0-9]+%2c)*)(${id})((?:%2c-?[0-9]+)*)&`;
-  const newStr = 'labels=$1-$2$3&';
-
-  window.location.assign(href.replace(new RegExp(regStr), newStr));
-}
-
-export function initRepoIssueSidebarList() {
-  const repolink = $('#repolink').val();
-  const repoId = $('#repoId').val();
-  const crossRepoSearch = $('#crossRepoSearch').val() === 'true';
-  const tp = $('#type').val();
-  $('#new-dependency-drop-list')
-    .dropdown({
-      apiSettings: {
-        beforeSend(settings) {
-          if (!settings.urlData.query.trim()) {
-            settings.url = `${appSubUrl}/${repolink}/issues/search?q={query}&type=${tp}&sort=updated`;
-          } else if (crossRepoSearch) {
-            settings.url = `${appSubUrl}/issues/search?q={query}&priority_repo_id=${repoId}&type=${tp}&sort=relevance`;
-          } else {
-            settings.url = `${appSubUrl}/${repolink}/issues/search?q={query}&type=${tp}&sort=relevance`;
-          }
-          return settings;
-        },
-        onResponse(response) {
-          const filteredResponse = {success: true, results: []};
-          const currIssueId = $('#new-dependency-drop-list').data('issue-id');
-          // Parse the response from the api to work with our dropdown
-          for (const [_, issue] of Object.entries(response)) {
-            // Don't list current issue in the dependency list.
-            if (issue.id === currIssueId) {
-              continue;
-            }
-            filteredResponse.results.push({
-              name: `#${issue.number} ${issueTitleHTML(htmlEscape(issue.title))
-              }<div class="text small tw-break-anywhere">${htmlEscape(issue.repository.full_name)}</div>`,
-              value: issue.id,
-            });
-          }
-          return filteredResponse;
-        },
-        cache: false,
-      },
-
-      fullTextSearch: true,
-    });
-
-  $('.menu a.label-filter-item').each(function () {
-    $(this).on('click', function (e) {
-      if (e.altKey) {
-        e.preventDefault();
-        excludeLabel(this);
-      }
-    });
-  });
-
-  // FIXME: this is broken, see discussion https://codeberg.org/forgejo/forgejo/pulls/8199
-  $('.menu .ui.dropdown.label-filter').on('keydown', (e) => {
-    if (e.altKey && e.keyCode === 13) {
-      const selectedItem = document.querySelector('.menu .ui.dropdown.label-filter .menu .item.selected');
-      if (selectedItem) {
-        excludeLabel(selectedItem);
-      }
-    }
-  });
-  $('.ui.dropdown.label-filter, .ui.dropdown.select-label').dropdown('setting', {'hideDividers': 'empty'}).dropdown('refreshItems');
-}
-
 export function initRepoIssueCommentDelete() {
   // Delete comment
   document.addEventListener('click', async (e) => {
@@ -801,9 +725,3 @@ export function initArchivedLabelHandler() {
     toggleElem(label, label.classList.contains('checked'));
   }
 }
-
-// Render the issue's title. It converts emojis and code blocks syntax into their respective HTML equivalent.
-export function issueTitleHTML(title) {
-  return title.replaceAll(/:[-+\w]+:/g, (emoji) => emojiHTML(emoji.substring(1, emoji.length - 1)))
-    .replaceAll(/`[^`]+`/g, (code) => `<code class="inline-code-block">${code.substring(1, code.length - 1)}</code>`);
-}
diff --git a/web_src/js/features/repo-issue.test.js b/web_src/js/features/repo-issue.test.js
index f72eb5794b..acf4ea209e 100644
--- a/web_src/js/features/repo-issue.test.js
+++ b/web_src/js/features/repo-issue.test.js
@@ -1,6 +1,6 @@
 import {vi} from 'vitest';
 
-import {issueTitleHTML} from './repo-issue.js';
+import {issueTitleHTML, excludeLabel} from './repo-issue-sidebar-list.ts';
 
 vi.mock('./comp/ComboMarkdownEditor.js', () => ({}));
 // jQuery is missing
@@ -21,3 +21,26 @@ test('Convert issue title to html', () => {
 
   expect(issueTitleHTML('issue title :+1: `code`')).toEqual(`issue title ${expected_thumbs_up} ${expected_code_block}`);
 });
+
+const getLabelsParam = () => new URLSearchParams(window.location.search).get('labels');
+
+test('Toggles label exclusion from filters', () => {
+  expect(getLabelsParam()).toEqual(null);
+
+  const element = document.createElement('div');
+  element.dataset['label-id'] = '1';
+
+  // excludes it
+  excludeLabel(element);
+  expect(getLabelsParam()).toEqual('-1');
+
+  // since it was excluded above, now it should delete it
+  excludeLabel(element);
+  expect(getLabelsParam()).toEqual('');
+
+  // if we add it manually it should swap it to an exclusion
+  window.location.search = '?labels=1';
+  expect(getLabelsParam()).toEqual('1');
+  excludeLabel(element);
+  expect(getLabelsParam()).toEqual('-1');
+});
diff --git a/web_src/js/index.js b/web_src/js/index.js
index 8701385e92..37848d2d90 100644
--- a/web_src/js/index.js
+++ b/web_src/js/index.js
@@ -30,8 +30,10 @@ import {
   initRepoIssueTimeTracking,
   initRepoIssueWipTitle,
   initRepoPullRequestAllowMaintainerEdit,
-  initRepoPullRequestReview, initRepoIssueSidebarList, initArchivedLabelHandler,
+  initRepoPullRequestReview,
+  initArchivedLabelHandler,
 } from './features/repo-issue.js';
+import {initRepoIssueSidebarList} from './features/repo-issue-sidebar-list.ts';
 import {initRepoEllipsisButton, initCommitStatuses, initCommitNotes} from './features/repo-commit.js';
 import {
   initFootLanguageMenu,
diff --git a/web_src/js/types.d.ts b/web_src/js/types.d.ts
index 5efc36762b..d464f25fe9 100644
--- a/web_src/js/types.d.ts
+++ b/web_src/js/types.d.ts
@@ -1,6 +1,7 @@
 interface Window {
   config?: {
     appUrl: string;
+    appSubUrl: string
   }
 }
 

From b11ceeecaaf1b4d8e052a606d673bd68a5365b4c Mon Sep 17 00:00:00 2001
From: fauno <fauno@noreply.codeberg.org>
Date: Sun, 8 Feb 2026 04:17:55 +0100
Subject: [PATCH 285/854] fix: only skip explicit >= 0 and leave pessimistic
 version locking intact (#11153)

Fixes #11083.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Co-authored-by: f <f@sutty.nl>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11153
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: fauno <fauno@noreply.codeberg.org>
Co-committed-by: fauno <fauno@noreply.codeberg.org>
---
 modules/packages/rubygems/metadata.go      |  6 ++++-
 modules/packages/rubygems/metadata_test.go | 27 ++++++++++++++++++++++
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/modules/packages/rubygems/metadata.go b/modules/packages/rubygems/metadata.go
index 9d3fd18f12..0091569fce 100644
--- a/modules/packages/rubygems/metadata.go
+++ b/modules/packages/rubygems/metadata.go
@@ -128,7 +128,11 @@ func (r requirement) AsVersionRequirement() []VersionRequirement {
 			continue
 		}
 		version, ok := versionInt.(string)
-		if !ok || version == "0" {
+		if !ok {
+			continue
+		}
+
+		if restriction == ">=" && version == "0" {
 			continue
 		}
 
diff --git a/modules/packages/rubygems/metadata_test.go b/modules/packages/rubygems/metadata_test.go
index cd3a5bbd10..683f8d1df8 100644
--- a/modules/packages/rubygems/metadata_test.go
+++ b/modules/packages/rubygems/metadata_test.go
@@ -87,3 +87,30 @@ yjAbmt9LsOMp8xMamFkSQ38fP5EFjdz8LA4do2C69VvqWXAJgrPbKZb58/xZXrKoW6ttW13Bhvzi
 	assert.Equal(t, "~>", rp.Metadata.DevelopmentDependencies[0].Version[0].Restriction)
 	assert.Equal(t, "5.2", rp.Metadata.DevelopmentDependencies[0].Version[0].Version)
 }
+
+func TestPessimisticVersioning(t *testing.T) {
+	content, _ := base64.StdEncoding.DecodeString(`H4sIABmkhGkCA+1WTY/TMBC9+1eYvfSU1G1ZkCxRgYTYCwcEEgcQshxnmnrXX9gO2lz2t2MnTdOy
+1YIKYoVEEimZ8WT8/GY8nqIo8BPfVt3cVtcgIr0CTekHB0JupOBRWoMM10CxgxCkliFKUXwDH9KI
+NE0RIUS0k+kJVx+HIYTx3oiUi5Igp3jcWK8pzv8g3sat9YGiAm+yYD18baUHiippaukpTm8kwEcm
+tlwmN5+/oJrHhGxJls8KsizIJSaE9k9Jxgt/QjU4MDUYIaH3fx/k69GiSziH5UrtlBQyjmtNAztE
+Gkw8tdL303AyPjJP02ZNke6L9YuLXsjiQ3QN1560GZklZexcwkZ9a6LUkBTOgwcFPCT1hqsAE9Hs
+CMCjAP5FruH2P9d/nesT+/mP8X63/sd4/w3ANQThpcuVkiLQXKq+hr0MbYxdKax1JfcIbkG0kVcq
+laBcueA2gslO9qLnzNdWsI0cbaavrdXgeJPWv43RBTqfC1tDBb4prW/mqYw2cG33b9cqFeaLxeJy
+hVKw00RD4bt697ZYlaSwRnVIQ+SpfvLMQtU2LAEQN+BZ6+UZ02A8YjzbQbCtF8DyH2f7SEeDaUDZ
+5mwPKQRtzo7+6DvTi7MhMmlC5EoxnfZZDh3qo2v7RBmiustF5njc9vFRshqVNctZyB44WI8z+8e8
+PqomP8/pKaNX5WJ2DKIBHR4BCNnD2G3uzNg9OKtyVS6foyCb3I2wG+goCofdy2T6FIVWa+47il/h
+3LbgFDv8Zogfvltjctjj4KnHQdn4YF9+B8hhV5g0CQAA`)
+	rp, err := parseMetadataFile(bytes.NewReader(content))
+	require.NoError(t, err)
+	assert.NotNil(t, rp)
+
+	assert.Len(t, rp.Metadata.RuntimeDependencies, 3)
+	assert.Equal(t, "implicit-version", rp.Metadata.RuntimeDependencies[0].Name)
+	assert.Empty(t, rp.Metadata.RuntimeDependencies[0].Version)
+	assert.Equal(t, "explicit-version", rp.Metadata.RuntimeDependencies[1].Name)
+	assert.Empty(t, rp.Metadata.RuntimeDependencies[1].Version)
+	assert.Equal(t, "explicit-pessimistic-version", rp.Metadata.RuntimeDependencies[2].Name)
+	assert.Len(t, rp.Metadata.RuntimeDependencies[2].Version, 1)
+	assert.Equal(t, "~>", rp.Metadata.RuntimeDependencies[2].Version[0].Restriction)
+	assert.Equal(t, "0", rp.Metadata.RuntimeDependencies[2].Version[0].Version)
+}

From 31965f2dd7f9b4e7141c508f039cb8b22e11a6b4 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Sun, 8 Feb 2026 23:55:30 +0100
Subject: [PATCH 286/854] chore(ui): add integration tests for footer tmpl
 logic (#11197)

Slightly related to https://codeberg.org/forgejo/forgejo/pulls/11196, but it has no tests related to the change in that PR.

Added tests because I wanted those config options be tested, but haven't found any existing tests.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11197
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 tests/integration/footer_test.go | 66 ++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 tests/integration/footer_test.go

diff --git a/tests/integration/footer_test.go b/tests/integration/footer_test.go
new file mode 100644
index 0000000000..45ff3ca426
--- /dev/null
+++ b/tests/integration/footer_test.go
@@ -0,0 +1,66 @@
+// Copyright 2026 The Forgejo Authors
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"strings"
+	"testing"
+
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+/* TestFooterContent asserts go tmpl logic of footer */
+func TestFooterContent(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	// The footer can be tested on any page, but preferably a lightweight one
+	regularPage := "/explore/organizations"
+	adminPage := "/admin"
+
+	adminUser := loginUser(t, "user1")
+	regularUser := loginUser(t, "user2")
+
+	t.Run(`Default configuration`, func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// For admins Version dubs as a link to /admin/config, for regular users
+		// it's just text
+		testFooterContent(t, regularUser, regularPage, true, true, false)
+		testFooterContent(t, adminUser, regularPage, true, true, true)
+		testFooterContent(t, adminUser, adminPage, true, true, true)
+	})
+
+	t.Run(`ShowFooterPoweredBy is disabled`, func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		defer test.MockVariableValue(&setting.Other.ShowFooterPoweredBy, false)()
+
+		testFooterContent(t, regularUser, regularPage, false, true, false)
+	})
+
+	t.Run(`ShowFooterVersion is disabled`, func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		defer test.MockVariableValue(&setting.Other.ShowFooterVersion, false)()
+
+		// ShowFooterVersion is on by default. Disabling it hides the version on
+		// all pages but not on /admin
+		testFooterContent(t, regularUser, regularPage, true, false, false)
+		testFooterContent(t, adminUser, regularPage, true, false, false)
+		testFooterContent(t, adminUser, adminPage, true, true, true)
+	})
+}
+
+// When visiting certain pages, the corresponding entry of user menu is highlighted
+func testFooterContent(t *testing.T, session *TestSession, url string, expectPoweredBy, expectVersion, expectVersionLink bool) {
+	page := NewHTMLParser(t, session.MakeRequest(t, NewRequest(t, "GET", url), http.StatusOK).Body)
+	// AssertElement will only pass if there's just one such element
+	footerLeft := page.Find("footer .left-links").Text()
+	assert.Equal(t, expectPoweredBy, strings.Contains(footerLeft, "Powered by Forgejo"))
+	assert.Equal(t, expectVersion, strings.Contains(footerLeft, "Version"))
+	page.AssertElement(t, `footer .left-links a[href="/admin/config"]`, expectVersionLink)
+}

From c2fcc6fceb743d8839d618c407ff8614a68fe161 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 9 Feb 2026 03:46:46 +0100
Subject: [PATCH 287/854] Update x/tools to v0.41.0 (forgejo) (#11203)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 Makefile | 2 +-
 go.mod   | 4 ++--
 go.sum   | 8 ++++----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index 13829677b0..08e5065426 100644
--- a/Makefile
+++ b/Makefile
@@ -45,7 +45,7 @@ SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.1 # renova
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.40.0 # renovate: datasource=go
+DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.41.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
 RENOVATE_NPM_PACKAGE ?= renovate@42.95.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
diff --git a/go.mod b/go.mod
index 5a6aaaff43..518167d362 100644
--- a/go.mod
+++ b/go.mod
@@ -256,9 +256,9 @@ require (
 	go.uber.org/zap/exp v0.3.0 // indirect
 	go.yaml.in/yaml/v4 v4.0.0-rc.3 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
-	golang.org/x/mod v0.31.0 // indirect
+	golang.org/x/mod v0.32.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
-	golang.org/x/tools v0.40.0 // indirect
+	golang.org/x/tools v0.41.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index 6bb8f3215f..d65ce858b5 100644
--- a/go.sum
+++ b/go.sum
@@ -759,8 +759,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.31.0 h1:HaW9xtz0+kOcWKwli0ZXy79Ix+UW/vOfmWI5QVd2tgI=
-golang.org/x/mod v0.31.0/go.mod h1:43JraMp9cGx1Rx3AqioxrbrhNsLl2l/iNAvuBkrezpg=
+golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
+golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -910,8 +910,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.40.0 h1:yLkxfA+Qnul4cs9QA3KnlFu0lVmd8JJfoq+E41uSutA=
-golang.org/x/tools v0.40.0/go.mod h1:Ik/tzLRlbscWpqqMRjyWYDisX8bG13FrdXp3o4Sr9lc=
+golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
+golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From 0b7ae03be21a98fa55600ecc853bf2bcfe02d998 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 9 Feb 2026 04:37:25 +0100
Subject: [PATCH 288/854] Update linters (forgejo) (#11202)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json                   | 462 ++++++++--------------------
 package.json                        |  16 +-
 tests/e2e/issue-comment.test.e2e.ts |   1 +
 tests/e2e/issue-sidebar.test.e2e.ts |   1 +
 4 files changed, 135 insertions(+), 345 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 89c99c26c5..db4b9f0f3b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -83,10 +83,10 @@
       },
       "devDependencies": {
         "@axe-core/playwright": "4.11.0",
-        "@eslint-community/eslint-plugin-eslint-comments": "4.5.0",
+        "@eslint-community/eslint-plugin-eslint-comments": "4.6.0",
         "@playwright/test": "1.57.0",
         "@stoplight/spectral-cli": "6.15.0",
-        "@stylistic/eslint-plugin": "5.6.1",
+        "@stylistic/eslint-plugin": "5.7.1",
         "@stylistic/stylelint-plugin": "4.0.1",
         "@vitejs/plugin-vue": "6.0.3",
         "@vitest/coverage-v8": "4.0.18",
@@ -98,13 +98,13 @@
         "eslint-plugin-import-x": "4.16.1",
         "eslint-plugin-no-jquery": "3.1.1",
         "eslint-plugin-no-use-extend-native": "0.7.2",
-        "eslint-plugin-playwright": "2.4.0",
+        "eslint-plugin-playwright": "2.5.1",
         "eslint-plugin-regexp": "2.10.0",
-        "eslint-plugin-sonarjs": "3.0.5",
-        "eslint-plugin-toml": "0.12.0",
+        "eslint-plugin-sonarjs": "3.0.6",
+        "eslint-plugin-toml": "0.13.1",
         "eslint-plugin-unicorn": "62.0.0",
         "eslint-plugin-vitest-globals": "1.5.0",
-        "eslint-plugin-vue": "10.6.2",
+        "eslint-plugin-vue": "10.7.0",
         "eslint-plugin-vue-scoped-css": "2.12.0",
         "eslint-plugin-wc": "3.0.2",
         "globals": "17.3.0",
@@ -116,10 +116,10 @@
         "stylelint": "16.26.1",
         "stylelint-declaration-block-no-ignored-properties": "2.8.0",
         "stylelint-declaration-strict-value": "1.10.11",
-        "stylelint-value-no-unknown-custom-properties": "6.1.0",
+        "stylelint-value-no-unknown-custom-properties": "6.1.1",
         "svgo": "4.0.0",
         "typescript": "5.9.3",
-        "typescript-eslint": "8.50.1",
+        "typescript-eslint": "8.54.0",
         "vite-string-plugin": "1.4.9",
         "vitest": "4.0.18"
       },
@@ -1390,14 +1390,14 @@
       }
     },
     "node_modules/@eslint-community/eslint-plugin-eslint-comments": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-plugin-eslint-comments/-/eslint-plugin-eslint-comments-4.5.0.tgz",
-      "integrity": "sha512-MAhuTKlr4y/CE3WYX26raZjy+I/kS2PLKSzvfmDCGrBLTFHOYwqROZdr4XwPgXwX3K9rjzMr4pSmUWGnzsUyMg==",
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-plugin-eslint-comments/-/eslint-plugin-eslint-comments-4.6.0.tgz",
+      "integrity": "sha512-2EX2bBQq1ez++xz2o9tEeEQkyvfieWgUFMH4rtJJri2q0Azvhja3hZGXsjPXs31R4fQkZDtWzNDDK2zQn5UE5g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "escape-string-regexp": "^4.0.0",
-        "ignore": "^5.2.4"
+        "ignore": "^7.0.5"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -1409,6 +1409,16 @@
         "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0 || ^9.0.0"
       }
     },
+    "node_modules/@eslint-community/eslint-plugin-eslint-comments/node_modules/ignore": {
+      "version": "7.0.5",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz",
+      "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
     "node_modules/@eslint-community/eslint-utils": {
       "version": "4.9.1",
       "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.1.tgz",
@@ -1442,9 +1452,9 @@
       }
     },
     "node_modules/@eslint-community/regexpp": {
-      "version": "4.12.1",
-      "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.12.1.tgz",
-      "integrity": "sha512-CCZCDJuduB9OUkFkY2IgppNZMi2lBQgD2qzwXkEia16cge2pijY/aXi96CJMquDMn3nJdlPV1A5KrJEXwfLNzQ==",
+      "version": "4.12.2",
+      "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.12.2.tgz",
+      "integrity": "sha512-EriSTlt5OC9/7SXkRSCAhfSxxoSUgBm33OH+IkwbdpgoqsSsUg7y3uh+IICI/Qg4BBWr3U2i39RpmycbxMq4ew==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3780,14 +3790,14 @@
       }
     },
     "node_modules/@stylistic/eslint-plugin": {
-      "version": "5.6.1",
-      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin/-/eslint-plugin-5.6.1.tgz",
-      "integrity": "sha512-JCs+MqoXfXrRPGbGmho/zGS/jMcn3ieKl/A8YImqib76C8kjgZwq5uUFzc30lJkMvcchuRn6/v8IApLxli3Jyw==",
+      "version": "5.7.1",
+      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin/-/eslint-plugin-5.7.1.tgz",
+      "integrity": "sha512-zjTUwIsEfT+k9BmXwq1QEFYsb4afBlsI1AXFyWQBgggMzwBFOuu92pGrE5OFx90IOjNl+lUbQoTG7f8S0PkOdg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@eslint-community/eslint-utils": "^4.9.0",
-        "@typescript-eslint/types": "^8.47.0",
+        "@eslint-community/eslint-utils": "^4.9.1",
+        "@typescript-eslint/types": "^8.53.1",
         "eslint-visitor-keys": "^4.2.1",
         "espree": "^10.4.0",
         "estraverse": "^5.3.0",
@@ -4276,20 +4286,20 @@
       "license": "MIT"
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.50.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.50.1.tgz",
-      "integrity": "sha512-PKhLGDq3JAg0Jk/aK890knnqduuI/Qj+udH7wCf0217IGi4gt+acgCyPVe79qoT+qKUvHMDQkwJeKW9fwl8Cyw==",
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.54.0.tgz",
+      "integrity": "sha512-hAAP5io/7csFStuOmR782YmTthKBJ9ND3WVL60hcOjvtGFb+HJxH4O5huAcmcZ9v9G8P+JETiZ/G1B8MALnWZQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@eslint-community/regexpp": "^4.10.0",
-        "@typescript-eslint/scope-manager": "8.50.1",
-        "@typescript-eslint/type-utils": "8.50.1",
-        "@typescript-eslint/utils": "8.50.1",
-        "@typescript-eslint/visitor-keys": "8.50.1",
-        "ignore": "^7.0.0",
+        "@eslint-community/regexpp": "^4.12.2",
+        "@typescript-eslint/scope-manager": "8.54.0",
+        "@typescript-eslint/type-utils": "8.54.0",
+        "@typescript-eslint/utils": "8.54.0",
+        "@typescript-eslint/visitor-keys": "8.54.0",
+        "ignore": "^7.0.5",
         "natural-compare": "^1.4.0",
-        "ts-api-utils": "^2.1.0"
+        "ts-api-utils": "^2.4.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4299,7 +4309,7 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.50.1",
+        "@typescript-eslint/parser": "^8.54.0",
         "eslint": "^8.57.0 || ^9.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
@@ -4315,18 +4325,18 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.50.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.50.1.tgz",
-      "integrity": "sha512-hM5faZwg7aVNa819m/5r7D0h0c9yC4DUlWAOvHAtISdFTc8xB86VmX5Xqabrama3wIPJ/q9RbGS1worb6JfnMg==",
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.54.0.tgz",
+      "integrity": "sha512-BtE0k6cjwjLZoZixN0t5AKP0kSzlGu7FctRXYuPAm//aaiZhmfq1JwdYpYr1brzEspYyFeF+8XF5j2VK6oalrA==",
       "dev": true,
       "license": "MIT",
       "peer": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.50.1",
-        "@typescript-eslint/types": "8.50.1",
-        "@typescript-eslint/typescript-estree": "8.50.1",
-        "@typescript-eslint/visitor-keys": "8.50.1",
-        "debug": "^4.3.4"
+        "@typescript-eslint/scope-manager": "8.54.0",
+        "@typescript-eslint/types": "8.54.0",
+        "@typescript-eslint/typescript-estree": "8.54.0",
+        "@typescript-eslint/visitor-keys": "8.54.0",
+        "debug": "^4.4.3"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4341,15 +4351,15 @@
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.50.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.50.1.tgz",
-      "integrity": "sha512-E1ur1MCVf+YiP89+o4Les/oBAVzmSbeRB0MQLfSlYtbWU17HPxZ6Bhs5iYmKZRALvEuBoXIZMOIRRc/P++Ortg==",
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.54.0.tgz",
+      "integrity": "sha512-YPf+rvJ1s7MyiWM4uTRhE4DvBXrEV+d8oC3P9Y2eT7S+HBS0clybdMIPnhiATi9vZOYDc7OQ1L/i6ga6NFYK/g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.50.1",
-        "@typescript-eslint/types": "^8.50.1",
-        "debug": "^4.3.4"
+        "@typescript-eslint/tsconfig-utils": "^8.54.0",
+        "@typescript-eslint/types": "^8.54.0",
+        "debug": "^4.4.3"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4363,14 +4373,14 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.50.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.50.1.tgz",
-      "integrity": "sha512-mfRx06Myt3T4vuoHaKi8ZWNTPdzKPNBhiblze5N50//TSHOAQQevl/aolqA/BcqqbJ88GUnLqjjcBc8EWdBcVw==",
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.54.0.tgz",
+      "integrity": "sha512-27rYVQku26j/PbHYcVfRPonmOlVI6gihHtXFbTdB5sb6qA0wdAQAbyXFVarQ5t4HRojIz64IV90YtsjQSSGlQg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.50.1",
-        "@typescript-eslint/visitor-keys": "8.50.1"
+        "@typescript-eslint/types": "8.54.0",
+        "@typescript-eslint/visitor-keys": "8.54.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4381,9 +4391,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.50.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.50.1.tgz",
-      "integrity": "sha512-ooHmotT/lCWLXi55G4mvaUF60aJa012QzvLK0Y+Mp4WdSt17QhMhWOaBWeGTFVkb2gDgBe19Cxy1elPXylslDw==",
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.54.0.tgz",
+      "integrity": "sha512-dRgOyT2hPk/JwxNMZDsIXDgyl9axdJI3ogZ2XWhBPsnZUv+hPesa5iuhdYt2gzwA9t8RE5ytOJ6xB0moV0Ujvw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4398,17 +4408,17 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.50.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.50.1.tgz",
-      "integrity": "sha512-7J3bf022QZE42tYMO6SL+6lTPKFk/WphhRPe9Tw/el+cEwzLz1Jjz2PX3GtGQVxooLDKeMVmMt7fWpYRdG5Etg==",
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.54.0.tgz",
+      "integrity": "sha512-hiLguxJWHjjwL6xMBwD903ciAwd7DmK30Y9Axs/etOkftC3ZNN9K44IuRD/EB08amu+Zw6W37x9RecLkOo3pMA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.50.1",
-        "@typescript-eslint/typescript-estree": "8.50.1",
-        "@typescript-eslint/utils": "8.50.1",
-        "debug": "^4.3.4",
-        "ts-api-utils": "^2.1.0"
+        "@typescript-eslint/types": "8.54.0",
+        "@typescript-eslint/typescript-estree": "8.54.0",
+        "@typescript-eslint/utils": "8.54.0",
+        "debug": "^4.4.3",
+        "ts-api-utils": "^2.4.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4423,9 +4433,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.50.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.50.1.tgz",
-      "integrity": "sha512-v5lFIS2feTkNyMhd7AucE/9j/4V9v5iIbpVRncjk/K0sQ6Sb+Np9fgYS/63n6nwqahHQvbmujeBL7mp07Q9mlA==",
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.54.0.tgz",
+      "integrity": "sha512-PDUI9R1BVjqu7AUDsRBbKMtwmjWcn4J3le+5LpcFgWULN3LvHC5rkc9gCVxbrsrGmO1jfPybN5s6h4Jy+OnkAA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4437,21 +4447,21 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.50.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.50.1.tgz",
-      "integrity": "sha512-woHPdW+0gj53aM+cxchymJCrh0cyS7BTIdcDxWUNsclr9VDkOSbqC13juHzxOmQ22dDkMZEpZB+3X1WpUvzgVQ==",
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.54.0.tgz",
+      "integrity": "sha512-BUwcskRaPvTk6fzVWgDPdUndLjB87KYDrN5EYGetnktoeAvPtO4ONHlAZDnj5VFnUANg0Sjm7j4usBlnoVMHwA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.50.1",
-        "@typescript-eslint/tsconfig-utils": "8.50.1",
-        "@typescript-eslint/types": "8.50.1",
-        "@typescript-eslint/visitor-keys": "8.50.1",
-        "debug": "^4.3.4",
-        "minimatch": "^9.0.4",
-        "semver": "^7.6.0",
+        "@typescript-eslint/project-service": "8.54.0",
+        "@typescript-eslint/tsconfig-utils": "8.54.0",
+        "@typescript-eslint/types": "8.54.0",
+        "@typescript-eslint/visitor-keys": "8.54.0",
+        "debug": "^4.4.3",
+        "minimatch": "^9.0.5",
+        "semver": "^7.7.3",
         "tinyglobby": "^0.2.15",
-        "ts-api-utils": "^2.1.0"
+        "ts-api-utils": "^2.4.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4498,17 +4508,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.50.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.50.1.tgz",
-      "integrity": "sha512-lCLp8H1T9T7gPbEuJSnHwnSuO9mDf8mfK/Nion5mZmiEaQD9sWf9W4dfeFqRyqRjF06/kBuTmAqcs9sewM2NbQ==",
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.54.0.tgz",
+      "integrity": "sha512-9Cnda8GS57AQakvRyG0PTejJNlA2xhvyNtEVIMlDWOOeEyBkYWhGPnfrIAnqxLMTSTo6q8g12XVjjev5l1NvMA==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
-        "@eslint-community/eslint-utils": "^4.7.0",
-        "@typescript-eslint/scope-manager": "8.50.1",
-        "@typescript-eslint/types": "8.50.1",
-        "@typescript-eslint/typescript-estree": "8.50.1"
+        "@eslint-community/eslint-utils": "^4.9.1",
+        "@typescript-eslint/scope-manager": "8.54.0",
+        "@typescript-eslint/types": "8.54.0",
+        "@typescript-eslint/typescript-estree": "8.54.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4523,13 +4532,13 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.50.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.50.1.tgz",
-      "integrity": "sha512-IrDKrw7pCRUR94zeuCSUWQ+w8JEf5ZX5jl/e6AHGSLi1/zIr0lgutfn/7JpfCey+urpgQEdrZVYzCaVVKiTwhQ==",
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.54.0.tgz",
+      "integrity": "sha512-VFlhGSl4opC0bprJiItPQ1RfUhGDIBokcPwaFH4yiBCaNPeld/9VeXbiPO1cLyorQi1G1vL+ecBk1x8o1axORA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.50.1",
+        "@typescript-eslint/types": "8.54.0",
         "eslint-visitor-keys": "^4.2.1"
       },
       "engines": {
@@ -4884,180 +4893,6 @@
         }
       }
     },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/project-service": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.54.0.tgz",
-      "integrity": "sha512-YPf+rvJ1s7MyiWM4uTRhE4DvBXrEV+d8oC3P9Y2eT7S+HBS0clybdMIPnhiATi9vZOYDc7OQ1L/i6ga6NFYK/g==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.54.0",
-        "@typescript-eslint/types": "^8.54.0",
-        "debug": "^4.4.3"
-      },
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.54.0.tgz",
-      "integrity": "sha512-27rYVQku26j/PbHYcVfRPonmOlVI6gihHtXFbTdB5sb6qA0wdAQAbyXFVarQ5t4HRojIz64IV90YtsjQSSGlQg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@typescript-eslint/types": "8.54.0",
-        "@typescript-eslint/visitor-keys": "8.54.0"
-      },
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.54.0.tgz",
-      "integrity": "sha512-dRgOyT2hPk/JwxNMZDsIXDgyl9axdJI3ogZ2XWhBPsnZUv+hPesa5iuhdYt2gzwA9t8RE5ytOJ6xB0moV0Ujvw==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/types": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.54.0.tgz",
-      "integrity": "sha512-PDUI9R1BVjqu7AUDsRBbKMtwmjWcn4J3le+5LpcFgWULN3LvHC5rkc9gCVxbrsrGmO1jfPybN5s6h4Jy+OnkAA==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.54.0.tgz",
-      "integrity": "sha512-BUwcskRaPvTk6fzVWgDPdUndLjB87KYDrN5EYGetnktoeAvPtO4ONHlAZDnj5VFnUANg0Sjm7j4usBlnoVMHwA==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@typescript-eslint/project-service": "8.54.0",
-        "@typescript-eslint/tsconfig-utils": "8.54.0",
-        "@typescript-eslint/types": "8.54.0",
-        "@typescript-eslint/visitor-keys": "8.54.0",
-        "debug": "^4.4.3",
-        "minimatch": "^9.0.5",
-        "semver": "^7.7.3",
-        "tinyglobby": "^0.2.15",
-        "ts-api-utils": "^2.4.0"
-      },
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/utils": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.54.0.tgz",
-      "integrity": "sha512-9Cnda8GS57AQakvRyG0PTejJNlA2xhvyNtEVIMlDWOOeEyBkYWhGPnfrIAnqxLMTSTo6q8g12XVjjev5l1NvMA==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.54.0",
-        "@typescript-eslint/types": "8.54.0",
-        "@typescript-eslint/typescript-estree": "8.54.0"
-      },
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "eslint": "^8.57.0 || ^9.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.54.0.tgz",
-      "integrity": "sha512-VFlhGSl4opC0bprJiItPQ1RfUhGDIBokcPwaFH4yiBCaNPeld/9VeXbiPO1cLyorQi1G1vL+ecBk1x8o1axORA==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@typescript-eslint/types": "8.54.0",
-        "eslint-visitor-keys": "^4.2.1"
-      },
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/balanced-match": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "balanced-match": "^1.0.0"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/minimatch": {
-      "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "brace-expansion": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=16 || 14 >=14.17"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/@vitest/expect": {
       "version": "4.0.18",
       "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.18.tgz",
@@ -8308,9 +8143,9 @@
       }
     },
     "node_modules/eslint-plugin-playwright": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-playwright/-/eslint-plugin-playwright-2.4.0.tgz",
-      "integrity": "sha512-MWNXfXlLfwXAjj4Z80PvCCFCXgCYy5OCHan57Z/beGrjkJ3maG1GanuGX8Ck6T6fagplBx2ZdkifxSfByftaTQ==",
+      "version": "2.5.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-playwright/-/eslint-plugin-playwright-2.5.1.tgz",
+      "integrity": "sha512-q7oqVQTTfa3VXJQ8E+ln0QttPGrs/XmSO1FjOMzQYBMYF3btih4FIrhEYh34JF184GYDmq3lJ/n7CMa49OHBvA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8359,84 +8194,37 @@
       }
     },
     "node_modules/eslint-plugin-sonarjs": {
-      "version": "3.0.5",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-sonarjs/-/eslint-plugin-sonarjs-3.0.5.tgz",
-      "integrity": "sha512-dI62Ff3zMezUToi161hs2i1HX1ie8Ia2hO0jtNBfdgRBicAG4ydy2WPt0rMTrAe3ZrlqhpAO3w1jcQEdneYoFA==",
+      "version": "3.0.6",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-sonarjs/-/eslint-plugin-sonarjs-3.0.6.tgz",
+      "integrity": "sha512-3mVUqsAUSylGfkJMj2v0aC2Cu/eUunDLm+XMjLf0uLjAZao205NWF3g6EXxcCAFO+rCZiQ6Or1WQkUcU9/sKFQ==",
       "dev": true,
       "license": "LGPL-3.0-only",
       "dependencies": {
-        "@eslint-community/regexpp": "4.12.1",
+        "@eslint-community/regexpp": "4.12.2",
         "builtin-modules": "3.3.0",
         "bytes": "3.1.2",
         "functional-red-black-tree": "1.0.1",
         "jsx-ast-utils-x": "0.1.0",
         "lodash.merge": "4.6.2",
-        "minimatch": "9.0.5",
+        "minimatch": "10.1.1",
         "scslre": "0.3.0",
-        "semver": "7.7.2",
+        "semver": "7.7.3",
         "typescript": ">=5"
       },
       "peerDependencies": {
         "eslint": "^8.0.0 || ^9.0.0"
       }
     },
-    "node_modules/eslint-plugin-sonarjs/node_modules/balanced-match": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/eslint-plugin-sonarjs/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "balanced-match": "^1.0.0"
-      }
-    },
-    "node_modules/eslint-plugin-sonarjs/node_modules/minimatch": {
-      "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "brace-expansion": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=16 || 14 >=14.17"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
-    "node_modules/eslint-plugin-sonarjs/node_modules/semver": {
-      "version": "7.7.2",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
-      "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==",
-      "dev": true,
-      "license": "ISC",
-      "bin": {
-        "semver": "bin/semver.js"
-      },
-      "engines": {
-        "node": ">=10"
-      }
-    },
     "node_modules/eslint-plugin-toml": {
-      "version": "0.12.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-toml/-/eslint-plugin-toml-0.12.0.tgz",
-      "integrity": "sha512-+/wVObA9DVhwZB1nG83D2OAQRrcQZXy+drqUnFJKymqnmbnbfg/UPmEMCKrJNcEboUGxUjYrJlgy+/Y930mURQ==",
+      "version": "0.13.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-toml/-/eslint-plugin-toml-0.13.1.tgz",
+      "integrity": "sha512-xA9Q2DY1fL5HeXzZfiP5Q+yhjHIEeWlp9locoyvn6ywRGbDEpn8hoMgsXgsf8lFimZR1yFzdS5KxPXlRoD4Mug==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "debug": "^4.1.1",
         "eslint-compat-utils": "^0.6.0",
-        "lodash": "^4.17.19",
-        "toml-eslint-parser": "^0.10.0"
+        "toml-eslint-parser": "^0.12.0"
       },
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -8505,9 +8293,9 @@
       "license": "MIT"
     },
     "node_modules/eslint-plugin-vue": {
-      "version": "10.6.2",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-vue/-/eslint-plugin-vue-10.6.2.tgz",
-      "integrity": "sha512-nA5yUs/B1KmKzvC42fyD0+l9Yd+LtEpVhWRbXuDj0e+ZURcTtyRbMDWUeJmTAh2wC6jC83raS63anNM2YT3NPw==",
+      "version": "10.7.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-vue/-/eslint-plugin-vue-10.7.0.tgz",
+      "integrity": "sha512-r2XFCK4qlo1sxEoAMIoTTX0PZAdla0JJDt1fmYiworZUX67WeEGqm+JbyAg3M+pGiJ5U6Mp5WQbontXWtIW7TA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -14565,9 +14353,9 @@
       }
     },
     "node_modules/stylelint-value-no-unknown-custom-properties": {
-      "version": "6.1.0",
-      "resolved": "https://registry.npmjs.org/stylelint-value-no-unknown-custom-properties/-/stylelint-value-no-unknown-custom-properties-6.1.0.tgz",
-      "integrity": "sha512-fzc1ckeQZAlksMRzmWuyLywSRfaF9ys04qNg8+kTstUnZT0z8ajdMLjiPKtlcm4Nc5oDZE8tPVAcfFJB6E/1/A==",
+      "version": "6.1.1",
+      "resolved": "https://registry.npmjs.org/stylelint-value-no-unknown-custom-properties/-/stylelint-value-no-unknown-custom-properties-6.1.1.tgz",
+      "integrity": "sha512-eQ1zidKD5t9zMEaskjGUY4W47lH76qMlmsDSmCAPEwtaGzB4Ls7ORTfysC1D6hamp2zFC+vN1vpQ+GFz3Tw3lw==",
       "dev": true,
       "license": "CC0-1.0",
       "dependencies": {
@@ -15131,9 +14919,9 @@
       "license": "MIT"
     },
     "node_modules/toml-eslint-parser": {
-      "version": "0.10.1",
-      "resolved": "https://registry.npmjs.org/toml-eslint-parser/-/toml-eslint-parser-0.10.1.tgz",
-      "integrity": "sha512-9mjy3frhioGIVGcwamlVlUyJ9x+WHw/TXiz9R4YOlmsIuBN43r9Dp8HZ35SF9EKjHrn3BUZj04CF+YqZ2oJ+7w==",
+      "version": "0.12.0",
+      "resolved": "https://registry.npmjs.org/toml-eslint-parser/-/toml-eslint-parser-0.12.0.tgz",
+      "integrity": "sha512-4qHgkGXl0LyFp/3aNoi6dKWuPuxFsCiDtBl5IbJljeYR57+5l3pJHJEW9xPSOu2U1drGlG82tpGqkJz/uJZ2Fw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -15323,16 +15111,16 @@
       }
     },
     "node_modules/typescript-eslint": {
-      "version": "8.50.1",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.50.1.tgz",
-      "integrity": "sha512-ytTHO+SoYSbhAH9CrYnMhiLx8To6PSSvqnvXyPUgPETCvB6eBKmTI9w6XMPS3HsBRGkwTVBX+urA8dYQx6bHfQ==",
+      "version": "8.54.0",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.54.0.tgz",
+      "integrity": "sha512-CKsJ+g53QpsNPqbzUsfKVgd3Lny4yKZ1pP4qN3jdMOg/sisIDLGyDMezycquXLE5JsEU0wp3dGNdzig0/fmSVQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.50.1",
-        "@typescript-eslint/parser": "8.50.1",
-        "@typescript-eslint/typescript-estree": "8.50.1",
-        "@typescript-eslint/utils": "8.50.1"
+        "@typescript-eslint/eslint-plugin": "8.54.0",
+        "@typescript-eslint/parser": "8.54.0",
+        "@typescript-eslint/typescript-estree": "8.54.0",
+        "@typescript-eslint/utils": "8.54.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
diff --git a/package.json b/package.json
index 1060c37ce7..6b619c60ad 100644
--- a/package.json
+++ b/package.json
@@ -82,10 +82,10 @@
   },
   "devDependencies": {
     "@axe-core/playwright": "4.11.0",
-    "@eslint-community/eslint-plugin-eslint-comments": "4.5.0",
+    "@eslint-community/eslint-plugin-eslint-comments": "4.6.0",
     "@playwright/test": "1.57.0",
     "@stoplight/spectral-cli": "6.15.0",
-    "@stylistic/eslint-plugin": "5.6.1",
+    "@stylistic/eslint-plugin": "5.7.1",
     "@stylistic/stylelint-plugin": "4.0.1",
     "@vitejs/plugin-vue": "6.0.3",
     "@vitest/coverage-v8": "4.0.18",
@@ -97,13 +97,13 @@
     "eslint-plugin-import-x": "4.16.1",
     "eslint-plugin-no-jquery": "3.1.1",
     "eslint-plugin-no-use-extend-native": "0.7.2",
-    "eslint-plugin-playwright": "2.4.0",
+    "eslint-plugin-playwright": "2.5.1",
     "eslint-plugin-regexp": "2.10.0",
-    "eslint-plugin-sonarjs": "3.0.5",
-    "eslint-plugin-toml": "0.12.0",
+    "eslint-plugin-sonarjs": "3.0.6",
+    "eslint-plugin-toml": "0.13.1",
     "eslint-plugin-unicorn": "62.0.0",
     "eslint-plugin-vitest-globals": "1.5.0",
-    "eslint-plugin-vue": "10.6.2",
+    "eslint-plugin-vue": "10.7.0",
     "eslint-plugin-vue-scoped-css": "2.12.0",
     "eslint-plugin-wc": "3.0.2",
     "globals": "17.3.0",
@@ -115,10 +115,10 @@
     "stylelint": "16.26.1",
     "stylelint-declaration-block-no-ignored-properties": "2.8.0",
     "stylelint-declaration-strict-value": "1.10.11",
-    "stylelint-value-no-unknown-custom-properties": "6.1.0",
+    "stylelint-value-no-unknown-custom-properties": "6.1.1",
     "svgo": "4.0.0",
     "typescript": "5.9.3",
-    "typescript-eslint": "8.50.1",
+    "typescript-eslint": "8.54.0",
     "vite-string-plugin": "1.4.9",
     "vitest": "4.0.18"
   },
diff --git a/tests/e2e/issue-comment.test.e2e.ts b/tests/e2e/issue-comment.test.e2e.ts
index 9477c7e210..238fc30fc0 100644
--- a/tests/e2e/issue-comment.test.e2e.ts
+++ b/tests/e2e/issue-comment.test.e2e.ts
@@ -340,6 +340,7 @@ test('Emoji suggestions', async ({page}) => {
 
 test.describe('Comment history', () => {
   let issueURL = '';
+
   test('Deleted items in comment history menu', async ({page}) => {
     const response = await page.goto('/user2/repo1/issues/new');
     expect(response?.status()).toBe(200);
diff --git a/tests/e2e/issue-sidebar.test.e2e.ts b/tests/e2e/issue-sidebar.test.e2e.ts
index 77357944a4..f025efec6a 100644
--- a/tests/e2e/issue-sidebar.test.e2e.ts
+++ b/tests/e2e/issue-sidebar.test.e2e.ts
@@ -255,6 +255,7 @@ test('New Issue: Milestone', async ({page}) => {
 
 test.describe('Dependency dropdown', () => {
   test.use({user: 'user11'});
+
   test('Issue: Dependencies', async ({page}) => {
     const response = await page.goto('/user11/dependency-test/issues/3');
     expect(response?.status()).toBe(200);

From ccf61c93bfc21c986221bd94db6d05e18b9ef0e0 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Mon, 9 Feb 2026 05:32:34 +0100
Subject: [PATCH 289/854] feat(ui): consistently use `AppVerNoMetadata` in the
 footer (#11196)

Display version without compat metadata for admins too, not just for regular users. It was confusing to some, though I don't remember who got confused.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11196
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 templates/base/footer_content.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/base/footer_content.tmpl b/templates/base/footer_content.tmpl
index 133ebac33a..8ce4fd21eb 100644
--- a/templates/base/footer_content.tmpl
+++ b/templates/base/footer_content.tmpl
@@ -6,7 +6,7 @@
 		{{if (or .ShowFooterVersion .PageIsAdmin)}}
 			{{ctx.Locale.Tr "version"}}:
 			{{if .IsAdmin}}
-				<a href="{{AppSubUrl}}/admin/config">{{AppVer}}</a>
+				<a href="{{AppSubUrl}}/admin/config">{{AppVerNoMetadata}}</a>
 			{{else}}
 				{{AppVerNoMetadata}}
 			{{end}}

From f8c7c312b84563c8791595de2af86d727250ad3a Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 9 Feb 2026 06:57:39 +0100
Subject: [PATCH 290/854] Update renovate to v43 (forgejo) (major) (#11199)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11199
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index c06cc4fd45..ed95efe559 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:42.95.2
+      image: data.forgejo.org/renovate/renovate:43.4.3
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index 08e5065426..92ff72c78d 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.41.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@42.95.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.4.3 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From baca0086d205808750eb9075bdd1028949143fe3 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 9 Feb 2026 08:00:50 +0100
Subject: [PATCH 291/854] Update dependency postcss-nesting to v14 (forgejo)
 (#11210)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11210
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 49 ++++++++++++++++++++++++++++++++++-------------
 package.json      |  2 +-
 2 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index db4b9f0f3b..98eeb234c0 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -61,7 +61,7 @@
         "pdfobject": "2.3.0",
         "postcss": "8.5.6",
         "postcss-loader": "8.2.0",
-        "postcss-nesting": "13.0.2",
+        "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
         "sortablejs": "1.15.6",
         "swagger-ui-dist": "5.31.0",
@@ -876,9 +876,9 @@
       }
     },
     "node_modules/@csstools/selector-resolve-nested": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/@csstools/selector-resolve-nested/-/selector-resolve-nested-3.1.0.tgz",
-      "integrity": "sha512-mf1LEW0tJLKfWyvn5KdDrhpxHyuxpbNwTIwOYLIvsTffeyOf85j5oIzfG0yosxDgx/sswlqBnESYUcQH0vgZ0g==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/selector-resolve-nested/-/selector-resolve-nested-4.0.0.tgz",
+      "integrity": "sha512-9vAPxmp+Dx3wQBIUwc1v7Mdisw1kbbaGqXUM8QLTgWg7SoPGYtXBsMXvsFs/0Bn5yoFhcktzxNZGNaUt0VjgjA==",
       "funding": [
         {
           "type": "github",
@@ -891,16 +891,17 @@
       ],
       "license": "MIT-0",
       "engines": {
-        "node": ">=18"
+        "node": ">=20.19.0"
       },
       "peerDependencies": {
-        "postcss-selector-parser": "^7.0.0"
+        "postcss-selector-parser": "^7.1.1"
       }
     },
     "node_modules/@csstools/selector-specificity": {
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz",
       "integrity": "sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==",
+      "dev": true,
       "funding": [
         {
           "type": "github",
@@ -12785,9 +12786,9 @@
       }
     },
     "node_modules/postcss-nesting": {
-      "version": "13.0.2",
-      "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-13.0.2.tgz",
-      "integrity": "sha512-1YCI290TX+VP0U/K/aFxzHzQWHWURL+CtHMSbex1lCdpXD1SoR2sYuxDu5aNI9lPoXpKTCggFZiDJbwylU0LEQ==",
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/postcss-nesting/-/postcss-nesting-14.0.0.tgz",
+      "integrity": "sha512-YGFOfVrjxYfeGTS5XctP1WCI5hu8Lr9SmntjfRC+iX5hCihEO+QZl9Ra+pkjqkgoVdDKvb2JccpElcowhZtzpw==",
       "funding": [
         {
           "type": "github",
@@ -12800,17 +12801,39 @@
       ],
       "license": "MIT-0",
       "dependencies": {
-        "@csstools/selector-resolve-nested": "^3.1.0",
-        "@csstools/selector-specificity": "^5.0.0",
-        "postcss-selector-parser": "^7.0.0"
+        "@csstools/selector-resolve-nested": "^4.0.0",
+        "@csstools/selector-specificity": "^6.0.0",
+        "postcss-selector-parser": "^7.1.1"
       },
       "engines": {
-        "node": ">=18"
+        "node": ">=20.19.0"
       },
       "peerDependencies": {
         "postcss": "^8.4"
       }
     },
+    "node_modules/postcss-nesting/node_modules/@csstools/selector-specificity": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-6.0.0.tgz",
+      "integrity": "sha512-4sSgl78OtOXEX/2d++8A83zHNTgwCJMaR24FvsYL7Uf/VS8HZk9PTwR51elTbGqMuwH3szLvvOXEaVnqn0Z3zA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT-0",
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "peerDependencies": {
+        "postcss-selector-parser": "^7.1.1"
+      }
+    },
     "node_modules/postcss-resolve-nested-selector": {
       "version": "0.1.6",
       "resolved": "https://registry.npmjs.org/postcss-resolve-nested-selector/-/postcss-resolve-nested-selector-0.1.6.tgz",
diff --git a/package.json b/package.json
index 6b619c60ad..ae37edc774 100644
--- a/package.json
+++ b/package.json
@@ -60,7 +60,7 @@
     "pdfobject": "2.3.0",
     "postcss": "8.5.6",
     "postcss-loader": "8.2.0",
-    "postcss-nesting": "13.0.2",
+    "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",
     "sortablejs": "1.15.6",
     "swagger-ui-dist": "5.31.0",

From dde6c607824dba288abed58cf381f2dbf0963f8c Mon Sep 17 00:00:00 2001
From: Luis <luis@adame.dev>
Date: Mon, 9 Feb 2026 15:38:14 +0100
Subject: [PATCH 292/854] fix: normalize issue title case when matching
 prefixes (#11190)

Normalizes the issue/pr title case when searching if it contains any of the wip prefixes, which are also normalized, just in case.

Fixes #11189

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11190
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Luis <luis@adame.dev>
Co-committed-by: Luis <luis@adame.dev>
---
 tests/e2e/issue-sidebar.test.e2e.ts    | 30 ++++++++++++++++++++++----
 web_src/js/features/repo-issue.js      |  6 +++++-
 web_src/js/features/repo-issue.test.js | 21 ++++++++++++++++++
 3 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/tests/e2e/issue-sidebar.test.e2e.ts b/tests/e2e/issue-sidebar.test.e2e.ts
index f025efec6a..6eb44be856 100644
--- a/tests/e2e/issue-sidebar.test.e2e.ts
+++ b/tests/e2e/issue-sidebar.test.e2e.ts
@@ -15,7 +15,7 @@ test.use({user: 'user2'});
 test.describe('Pull: Toggle WIP', () => {
   const prTitle = 'pull5';
 
-  async function toggle_wip_to({page}, should: boolean) {
+  async function toggle_wip_to({page}: {page: Page}, should: boolean) {
     await page.waitForLoadState('domcontentloaded');
     if (should) {
       await page.getByText('Still in progress?').click();
@@ -24,21 +24,28 @@ test.describe('Pull: Toggle WIP', () => {
     }
   }
 
-  async function check_wip({page}, is: boolean) {
+  async function check_wip({page}: {page: Page}, is: boolean) {
     const elemTitle = 'h1';
     const stateLabel = '.issue-state-label';
     await page.waitForLoadState('domcontentloaded');
     await expect(page.locator(elemTitle)).toContainText(prTitle);
     await expect(page.locator(elemTitle)).toContainText('#5');
+    const wipRegex = /(wip|\[WIP\])/i;
     if (is) {
-      await expect(page.locator(elemTitle)).toContainText('WIP');
+      await expect(page.locator(elemTitle)).toContainText(wipRegex);
       await expect(page.locator(stateLabel)).toContainText('Draft');
     } else {
-      await expect(page.locator(elemTitle)).not.toContainText('WIP');
+      await expect(page.locator(elemTitle)).not.toContainText(wipRegex);
       await expect(page.locator(stateLabel)).toContainText('Open');
     }
   }
 
+  async function setTitle({page}: {page: Page}, title: string) {
+    await page.locator('#issue-title-edit-show').click();
+    await page.locator('#issue-title-editor input').fill(title);
+    await page.getByText('Save').click();
+  }
+
   test.beforeEach(async ({page}) => {
     const response = await page.goto('/user2/repo1/pulls/5');
     expect(response?.status()).toBe(200); // Status OK
@@ -86,6 +93,21 @@ test.describe('Pull: Toggle WIP', () => {
     await check_wip({page}, false);
     await expect(page.locator('h1')).toContainText(maxLenStr);
   });
+
+  test('wip prefix casing', async ({page}) => {
+    await page.goto('/user2/repo1/pulls/5');
+    await setTitle({page}, `wIP:${prTitle}`);
+    await expect(page.locator('h1')).toContainText(`wIP:${prTitle}`);
+    await check_wip({page}, true);
+    await toggle_wip_to({page}, false);
+    await check_wip({page}, false);
+    await setTitle({page}, `[Wip]:${prTitle}`);
+    await expect(page.locator('h1')).toContainText(`[Wip]:${prTitle}`);
+    await check_wip({page}, true);
+    await toggle_wip_to({page}, false);
+    await check_wip({page}, false);
+    await expect(page.locator('h1')).toContainText(prTitle);
+  });
 });
 
 test('Issue: Labels', async ({page}) => {
diff --git a/web_src/js/features/repo-issue.js b/web_src/js/features/repo-issue.js
index eb6af4d48b..1d641613fd 100644
--- a/web_src/js/features/repo-issue.js
+++ b/web_src/js/features/repo-issue.js
@@ -529,6 +529,10 @@ export function initRepoIssueReferenceIssue() {
   });
 }
 
+export function findWipPrefix(string, wipPrefixes) {
+  return wipPrefixes.find((prefix) => string.toUpperCase().startsWith(prefix.toUpperCase()));
+}
+
 export function initRepoIssueWipToggle() {
   // Toggle WIP
   $('.toggle-wip a, .toggle-wip button').on('click', async (e) => {
@@ -537,7 +541,7 @@ export function initRepoIssueWipToggle() {
     const title = toggleWip.getAttribute('data-title');
     const wipPrefixes = JSON.parse(toggleWip.getAttribute('data-wip-prefixes'));
     const updateUrl = toggleWip.getAttribute('data-update-url');
-    const prefix = wipPrefixes.find((prefix) => title.startsWith(prefix));
+    const prefix = findWipPrefix(title, wipPrefixes);
 
     try {
       const params = new URLSearchParams();
diff --git a/web_src/js/features/repo-issue.test.js b/web_src/js/features/repo-issue.test.js
index acf4ea209e..cf67466507 100644
--- a/web_src/js/features/repo-issue.test.js
+++ b/web_src/js/features/repo-issue.test.js
@@ -1,6 +1,7 @@
 import {vi} from 'vitest';
 
 import {issueTitleHTML, excludeLabel} from './repo-issue-sidebar-list.ts';
+import {findWipPrefix} from './repo-issue.js';
 
 vi.mock('./comp/ComboMarkdownEditor.js', () => ({}));
 // jQuery is missing
@@ -44,3 +45,23 @@ test('Toggles label exclusion from filters', () => {
   excludeLabel(element);
   expect(getLabelsParam()).toEqual('-1');
 });
+
+test('Finds wip prefix in string', () => {
+  const wipPrefixes = ['wIp:', '[WIP]'];
+
+  expect(findWipPrefix('[wIP]', wipPrefixes)).toBe('[WIP]');
+  expect(findWipPrefix('[wip]', wipPrefixes)).toBe('[WIP]');
+  expect(findWipPrefix('[WIP]', wipPrefixes)).toBe('[WIP]');
+
+  expect(findWipPrefix('wIP:', wipPrefixes)).toBe('wIp:');
+  expect(findWipPrefix('wip:', wipPrefixes)).toBe('wIp:');
+  expect(findWipPrefix('WIP:', wipPrefixes)).toBe('wIp:');
+
+  expect(findWipPrefix('wIP:', [])).toBe(undefined);
+  expect(findWipPrefix('wIP:', [])).toBe(undefined);
+  expect(findWipPrefix('wip:', [])).toBe(undefined);
+
+  expect(findWipPrefix('wip:', ['[WIP]'])).toBe(undefined);
+  expect(findWipPrefix('WIP:', ['[WIP]'])).toBe(undefined);
+  expect(findWipPrefix('WIP:', ['[WIP]'])).toBe(undefined);
+});

From f7873ba39368e1d84f05b66aadc9a7151c02f495 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Mon, 9 Feb 2026 17:02:18 +0100
Subject: [PATCH 293/854] fix: normalize secrets consistently, display accurate
 help (#11052)

Forgejo's UI claims that whitespace is removed from the beginning and the end of the values of Forgejo Actions variables and secrets. However, that is not correct. The entered values are stored as-is. Only CRLF is replaced with LF, which is also the desired behaviour.

This PR changes the incorrect text which is also no longer displayed as placeholder but as a proper help text below the input fields. Furthermore, tests were added to verify the behaviour.

While adding tests, I discovered and fixed another inconsistency. Depending on whether secrets were managed using the UI or the HTTP API, they were treated differently. CRLF in secrets entered in the UI was correctly replaced with LF while secrets created using the HTTP API kept CRLF.

Fixes #11003.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11052
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 models/forgejo_migrations_legacy/v39.go       |   2 +-
 models/secret/secret.go                       |  24 ++-
 models/secret/secret_test.go                  |  33 ++++
 modules/structs/secret.go                     |   5 +-
 modules/structs/variable.go                   |  13 +-
 options/locale/locale_en-US.ini               |   2 -
 options/locale_next/locale_en-US.json         |   4 +
 services/secrets/secrets.go                   |   2 +-
 templates/shared/secrets/add_list.tmpl        |   8 +-
 templates/shared/variables/variable_list.tmpl |   8 +-
 templates/swagger/v1_json.tmpl                |  14 +-
 tests/integration/actions_secrets_test.go     | 174 ++++++++++++++++++
 tests/integration/actions_variables_test.go   |   6 +-
 tests/integration/api_org_secrets_test.go     |  29 ++-
 tests/integration/api_org_variables_test.go   | 137 ++++++++------
 tests/integration/api_repo_secrets_test.go    |  33 ++--
 tests/integration/api_repo_variables_test.go  | 151 +++++++++------
 tests/integration/api_user_secrets_test.go    |  28 +--
 tests/integration/api_user_variables_test.go  | 147 +++++++++------
 19 files changed, 586 insertions(+), 234 deletions(-)
 create mode 100644 tests/integration/actions_secrets_test.go

diff --git a/models/forgejo_migrations_legacy/v39.go b/models/forgejo_migrations_legacy/v39.go
index 3f0d94b6aa..616404f7eb 100644
--- a/models/forgejo_migrations_legacy/v39.go
+++ b/models/forgejo_migrations_legacy/v39.go
@@ -58,7 +58,7 @@ func MigrateActionSecretsToKeying(x *xorm.Engine) error {
 				return nil
 			}
 
-			bean.SetSecret(secretBytes)
+			bean.SetData(secretBytes)
 			_, err = sess.Cols("data").ID(bean.ID).Update(bean)
 			return err
 		})
diff --git a/models/secret/secret.go b/models/secret/secret.go
index b19199c177..de1a8d84a4 100644
--- a/models/secret/secret.go
+++ b/models/secret/secret.go
@@ -75,7 +75,7 @@ func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, dat
 			return err
 		}
 
-		secret.SetSecret(data)
+		secret.SetData(data)
 		_, err := db.GetEngine(ctx).ID(secret.ID).Cols("data").Update(secret)
 		return err
 	})
@@ -114,8 +114,19 @@ func (opts FindSecretsOptions) ToConds() builder.Cond {
 	return cond
 }
 
-func (s *Secret) SetSecret(data string) {
-	s.Data = keying.ActionSecret.Encrypt([]byte(data), keying.ColumnAndID("data", s.ID))
+func (s *Secret) SetData(data string) {
+	normalizedData := util.ReserveLineBreakForTextarea(data)
+	s.Data = keying.ActionSecret.Encrypt([]byte(normalizedData), keying.ColumnAndID("data", s.ID))
+}
+
+func (s *Secret) GetDecryptedData() (string, error) {
+	key := keying.ActionSecret
+	v, err := key.Decrypt(s.Data, keying.ColumnAndID("data", s.ID))
+	if err != nil {
+		return "", fmt.Errorf("unable to decrypt secret[id=%d,name=%q]: %w", s.ID, s.Name, err)
+	}
+
+	return string(v), nil
 }
 
 func FetchActionSecrets(ctx context.Context, ownerID, repoID int64) (map[string]string, error) {
@@ -132,14 +143,13 @@ func FetchActionSecrets(ctx context.Context, ownerID, repoID int64) (map[string]
 		return nil, err
 	}
 
-	key := keying.ActionSecret
 	for _, secret := range append(ownerSecrets, repoSecrets...) {
-		v, err := key.Decrypt(secret.Data, keying.ColumnAndID("data", secret.ID))
+		decryptedData, err := secret.GetDecryptedData()
 		if err != nil {
-			log.Error("unable to decrypt secret[id=%d,name=%q]: %v", secret.ID, secret.Name, err)
+			log.Error("%v", err)
 			return nil, err
 		}
-		secrets[secret.Name] = string(v)
+		secrets[secret.Name] = decryptedData
 	}
 
 	return secrets, nil
diff --git a/models/secret/secret_test.go b/models/secret/secret_test.go
index 50120ecfa3..e49100eb6a 100644
--- a/models/secret/secret_test.go
+++ b/models/secret/secret_test.go
@@ -90,3 +90,36 @@ func TestInsertEncryptedSecret(t *testing.T) {
 		assert.Equal(t, "some repository secret", secrets["REPO_SECRET"])
 	})
 }
+
+func TestSecretDataIsNormalized(t *testing.T) {
+	secret := Secret{ID: 494, OwnerID: 829, RepoID: 0, Name: "A_SECRET"}
+
+	secret.SetData("  \r\ndatà\t  ")
+
+	decryptedData, err := secret.GetDecryptedData()
+	require.NoError(t, err)
+	assert.Equal(t, "  \ndatà\t  ", decryptedData)
+}
+
+func TestSecretGetDecryptedData(t *testing.T) {
+	t.Run("Recovers original data", func(t *testing.T) {
+		secret := Secret{ID: 494, OwnerID: 829, RepoID: 0, Name: "A_SECRET"}
+		secret.SetData("data")
+
+		decryptedData, err := secret.GetDecryptedData()
+		require.NoError(t, err)
+		assert.Equal(t, "data", decryptedData)
+	})
+
+	t.Run("Returns error if data cannot be decrypted", func(t *testing.T) {
+		secret := Secret{ID: 494, OwnerID: 829, RepoID: 0, Name: "A_SECRET"}
+		secret.SetData("data")
+
+		// Changing the ID without updating the secret makes the secret irrecoverable.
+		secret.ID++
+
+		decryptedData, err := secret.GetDecryptedData()
+		assert.Empty(t, decryptedData)
+		assert.ErrorContains(t, err, "unable to decrypt secret[id=495,name=\"A_SECRET\"]")
+	})
+}
diff --git a/modules/structs/secret.go b/modules/structs/secret.go
index a0673ca08c..acd5c36f06 100644
--- a/modules/structs/secret.go
+++ b/modules/structs/secret.go
@@ -14,10 +14,11 @@ type Secret struct {
 	Created time.Time `json:"created_at"`
 }
 
-// CreateOrUpdateSecretOption options when creating or updating secret
+// CreateOrUpdateSecretOption defines the properties of the secret to create or update.
 // swagger:model
 type CreateOrUpdateSecretOption struct {
-	// Data of the secret to update
+	// Data of the secret. Special characters will be retained. Line endings will be normalized to LF to match the
+	// behaviour of browsers. Encode the data with Base64 if line endings should be retained.
 	//
 	// required: true
 	Data string `json:"data" binding:"Required"`
diff --git a/modules/structs/variable.go b/modules/structs/variable.go
index cc846cf0ec..c88aad5138 100644
--- a/modules/structs/variable.go
+++ b/modules/structs/variable.go
@@ -3,21 +3,24 @@
 
 package structs
 
-// CreateVariableOption the option when creating variable
+// CreateVariableOption defines the properties of the variable to create.
 // swagger:model
 type CreateVariableOption struct {
-	// Value of the variable to create
+	// Value of the variable to create. Special characters will be retained. Line endings will be normalized to LF to
+	// match the behaviour of browsers. Encode the data with Base64 if line endings should be retained.
 	//
 	// required: true
 	Value string `json:"value" binding:"Required"`
 }
 
-// UpdateVariableOption the option when updating variable
+// UpdateVariableOption defines the properties of the variable to update.
 // swagger:model
 type UpdateVariableOption struct {
-	// New name for the variable. If the field is empty, the variable name won't be updated.
+	// New name for the variable. If the field is empty, the variable name won't be updated. Forgejo will convert it to
+	// uppercase.
 	Name string `json:"name"`
-	// Value of the variable to update
+	// Value of the variable to update. Special characters will be retained. Line endings will be normalized to LF to
+	// match the behaviour of browsers. Encode the data with Base64 if line endings should be retained.
 	//
 	// required: true
 	Value string `json:"value" binding:"Required"`
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 00e4adb378..8f338f238b 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3550,8 +3550,6 @@ secrets = Secrets
 description = Secrets will be passed to certain actions and cannot be read otherwise.
 none = There are no secrets yet.
 creation = Add secret
-creation.name_placeholder = case-insensitive, alphanumeric characters or underscores only, cannot start with GITEA_ or GITHUB_
-creation.value_placeholder = Input any content. Whitespace at the start and end will be omitted.
 creation.success = The secret "%s" has been added.
 creation.failed = Failed to add secret.
 deletion = Remove secret
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 2778c44bae..c25e6beff4 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -401,6 +401,10 @@
 	"actions.workflow.incomplete_with_missing_matrix_dimension": "Unable to evaluate `with` of job %[1]s: matrix dimension %[2]s does not exist.",
 	"actions.workflow.incomplete_with_unknown_cause": "Unable to evaluate `with` of job %[1]s: unknown error.",
 	"actions.workflow.pre_execution_error": "Workflow was not executed due to an error that blocked the execution attempt.",
+	"actions.secrets.creation.name_description": "The name of a secret can only contain letters, numbers, and underscores. It cannot start with FORGEJO_, GITEA_, GITHUB_, or a number. Forgejo will automatically convert it to uppercase.",
+	"actions.secrets.creation.value_description": "The value of a secret can be any text. Special characters are retained. CRLF (Windows-style line breaks) is automatically converted to LF. Encode the value with Base64 if linebreaks should be retained.",
+	"actions.variables.mutation.name_description": "The name of a variable can only contain letters, numbers, and underscores. It cannot be named CI or start with FORGEJO_, GITEA_, GITHUB_, or a number. Forgejo will automatically convert it to uppercase.",
+	"actions.variables.mutation.value_description": "A variable's value can be any text. Special characters are retained. CRLF (Windows-style line breaks) is automatically converted to LF. Encode the value with Base64 if linebreaks should be retained.",
 	"pulse.n_active_issues": {
 		"one": "%s active issue",
 		"other": "%s active issues"
diff --git a/services/secrets/secrets.go b/services/secrets/secrets.go
index 212016cf1e..498f3b6fcc 100644
--- a/services/secrets/secrets.go
+++ b/services/secrets/secrets.go
@@ -32,7 +32,7 @@ func CreateOrUpdateSecret(ctx context.Context, ownerID, repoID int64, name, data
 		return s, true, nil
 	}
 
-	s.SetSecret(data)
+	s.SetData(data)
 	if _, err := db.GetEngine(ctx).Cols("data").ID(s.ID).Update(s); err != nil {
 		return nil, false, err
 	}
diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
index d4f3744717..2aa9534771 100644
--- a/templates/shared/secrets/add_list.tmpl
+++ b/templates/shared/secrets/add_list.tmpl
@@ -52,7 +52,7 @@
 		<span id="actions-modal-header"></span>
 	</div>
 	<form class="ui form form-fetch-action" method="post">
-		<div class="content">
+		<fieldset class="content">
 			<div class="field">
 				{{ctx.Locale.Tr "secrets.description"}}
 			</div>
@@ -63,18 +63,18 @@
 					name="name"
 					value="{{.name}}"
 					pattern="^(?!FORGEJO_|GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
-					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>
+				<p id="name-description" class="help">{{ctx.Locale.Tr "actions.secrets.creation.name_description"}}</p>
 			</div>
 			<div class="field">
 				<label for="secret-data">{{ctx.Locale.Tr "value"}}</label>
 				<textarea required
 					id="secret-data"
 					name="data"
-					placeholder="{{ctx.Locale.Tr "secrets.creation.value_placeholder"}}"
 				></textarea>
+				<p id="secret-data-description" class="help">{{ctx.Locale.Tr "actions.secrets.creation.value_description"}}</p>
 			</div>
-		</div>
+		</fieldset>
 		{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
 	</form>
 </div>
diff --git a/templates/shared/variables/variable_list.tmpl b/templates/shared/variables/variable_list.tmpl
index ac7b0afe85..82acb66d14 100644
--- a/templates/shared/variables/variable_list.tmpl
+++ b/templates/shared/variables/variable_list.tmpl
@@ -62,7 +62,7 @@
 <div class="ui small modal" id="edit-variable-modal">
 	<div class="header"></div>
 	<form class="ui form form-fetch-action" method="post">
-		<div class="content">
+		<fieldset class="content">
 			<div class="field">
 				{{ctx.Locale.Tr "actions.variables.description"}}
 			</div>
@@ -73,18 +73,18 @@
 					id="dialog-variable-name"
 					value="{{.name}}"
 					pattern="^(?!CI$)(?!FORGEJO_|GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
-					placeholder="{{ctx.Locale.Tr "secrets.creation.name_placeholder"}}"
 				>
+				<p id="name-description" class="help">{{ctx.Locale.Tr "actions.variables.mutation.name_description"}}</p>
 			</div>
 			<div class="field">
 				<label for="dialog-variable-data">{{ctx.Locale.Tr "value"}}</label>
 				<textarea required
 					name="data"
 					id="dialog-variable-data"
-					placeholder="{{ctx.Locale.Tr "secrets.creation.value_placeholder"}}"
 				></textarea>
+				<p id="data-description" class="help">{{ctx.Locale.Tr "actions.variables.mutation.value_description"}}</p>
 			</div>
-		</div>
+		</fieldset>
 		{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
 	</form>
 </div>
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 29d2683a5f..db2ca9dc13 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -24044,14 +24044,14 @@
       "x-go-package": "forgejo.org/modules/structs"
     },
     "CreateOrUpdateSecretOption": {
-      "description": "CreateOrUpdateSecretOption options when creating or updating secret",
       "type": "object",
+      "title": "CreateOrUpdateSecretOption defines the properties of the secret to create or update.",
       "required": [
         "data"
       ],
       "properties": {
         "data": {
-          "description": "Data of the secret to update",
+          "description": "Data of the secret. Special characters will be retained. Line endings will be normalized to LF to match the\nbehaviour of browsers. Encode the data with Base64 if line endings should be retained.",
           "type": "string",
           "x-go-name": "Data"
         }
@@ -24605,14 +24605,14 @@
       "x-go-package": "forgejo.org/modules/structs"
     },
     "CreateVariableOption": {
-      "description": "CreateVariableOption the option when creating variable",
       "type": "object",
+      "title": "CreateVariableOption defines the properties of the variable to create.",
       "required": [
         "value"
       ],
       "properties": {
         "value": {
-          "description": "Value of the variable to create",
+          "description": "Value of the variable to create. Special characters will be retained. Line endings will be normalized to LF to\nmatch the behaviour of browsers. Encode the data with Base64 if line endings should be retained.",
           "type": "string",
           "x-go-name": "Value"
         }
@@ -29695,19 +29695,19 @@
       "x-go-package": "forgejo.org/modules/structs"
     },
     "UpdateVariableOption": {
-      "description": "UpdateVariableOption the option when updating variable",
       "type": "object",
+      "title": "UpdateVariableOption defines the properties of the variable to update.",
       "required": [
         "value"
       ],
       "properties": {
         "name": {
-          "description": "New name for the variable. If the field is empty, the variable name won't be updated.",
+          "description": "New name for the variable. If the field is empty, the variable name won't be updated. Forgejo will convert it to\nuppercase.",
           "type": "string",
           "x-go-name": "Name"
         },
         "value": {
-          "description": "Value of the variable to update",
+          "description": "Value of the variable to update. Special characters will be retained. Line endings will be normalized to LF to\nmatch the behaviour of browsers. Encode the data with Base64 if line endings should be retained.",
           "type": "string",
           "x-go-name": "Value"
         }
diff --git a/tests/integration/actions_secrets_test.go b/tests/integration/actions_secrets_test.go
new file mode 100644
index 0000000000..0070c40555
--- /dev/null
+++ b/tests/integration/actions_secrets_test.go
@@ -0,0 +1,174 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	repo_model "forgejo.org/models/repo"
+	secret_model "forgejo.org/models/secret"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	app_context "forgejo.org/services/context"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestActionsSecretsManageUserSecrets(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	url := "/user/settings/actions/secrets"
+	session := loginUser(t, user.Name)
+
+	t.Run("Create secret", func(t *testing.T) {
+		req := NewRequestWithValues(t, "POST", url, map[string]string{
+			"name": "my_secret",
+			"data": "   \r\n\tSecrët dåtä\\   \r\n",
+		})
+		session.MakeRequest(t, req, http.StatusOK)
+
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
+		assert.NotNil(t, flashCookie)
+		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522MY_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: user.ID, RepoID: 0, Name: "MY_SECRET"})
+		assert.Equal(t, "MY_SECRET", secret.Name)
+
+		value, err := secret.GetDecryptedData()
+		require.NoError(t, err)
+		assert.Equal(t, "   \n\tSecrët dåtä\\   \n", value)
+	})
+
+	t.Run("Remove secret", func(t *testing.T) {
+		req := NewRequestWithValues(t, "POST", url, map[string]string{
+			"name": "TEST_SECRET",
+			"data": "value",
+		})
+		session.MakeRequest(t, req, http.StatusOK)
+
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
+		assert.NotNil(t, flashCookie)
+		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522TEST_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: user.ID, RepoID: 0, Name: "TEST_SECRET"})
+
+		req = NewRequest(t, "POST", fmt.Sprintf("%s/delete?id=%d", url, secret.ID))
+		session.MakeRequest(t, req, http.StatusOK)
+
+		flashCookie = session.GetCookie(app_context.CookieNameFlash)
+		assert.NotNil(t, flashCookie)
+		assert.Equal(t, "success%3DThe%2Bsecret%2Bhas%2Bbeen%2Bremoved.", flashCookie.Value)
+
+		unittest.AssertNotExistsBean(t, secret)
+	})
+}
+
+func TestActionsSecretsManageRepositorySecrets(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user.ID})
+	url := "/" + repo.FullName() + "/settings/actions/secrets"
+
+	session := loginUser(t, user.Name)
+
+	t.Run("Create secret", func(t *testing.T) {
+		req := NewRequestWithValues(t, "POST", url, map[string]string{
+			"name": "my_secret",
+			"data": "   \r\n\tSecrët dåtä\\   \r\n",
+		})
+		session.MakeRequest(t, req, http.StatusOK)
+
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
+		assert.NotNil(t, flashCookie)
+		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522MY_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: 0, RepoID: repo.ID, Name: "MY_SECRET"})
+		assert.Equal(t, "MY_SECRET", secret.Name)
+
+		value, err := secret.GetDecryptedData()
+		require.NoError(t, err)
+		assert.Equal(t, "   \n\tSecrët dåtä\\   \n", value)
+	})
+
+	t.Run("Remove secret", func(t *testing.T) {
+		req := NewRequestWithValues(t, "POST", url, map[string]string{
+			"name": "TEST_SECRET",
+			"data": "value",
+		})
+		session.MakeRequest(t, req, http.StatusOK)
+
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
+		assert.NotNil(t, flashCookie)
+		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522TEST_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: 0, RepoID: repo.ID, Name: "TEST_SECRET"})
+
+		req = NewRequest(t, "POST", fmt.Sprintf("%s/delete?id=%d", url, secret.ID))
+		session.MakeRequest(t, req, http.StatusOK)
+
+		flashCookie = session.GetCookie(app_context.CookieNameFlash)
+		assert.NotNil(t, flashCookie)
+		assert.Equal(t, "success%3DThe%2Bsecret%2Bhas%2Bbeen%2Bremoved.", flashCookie.Value)
+
+		unittest.AssertNotExistsBean(t, secret)
+	})
+}
+
+func TestActionsSecretsManageOrganizationSecrets(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
+	url := "/org/" + org.Name + "/settings/actions/secrets"
+
+	session := loginUser(t, user.Name)
+
+	t.Run("Create secret", func(t *testing.T) {
+		req := NewRequestWithValues(t, "POST", url, map[string]string{
+			"name": "my_secret",
+			"data": "   \r\n\tSecrët dåtä\\   \r\n",
+		})
+		session.MakeRequest(t, req, http.StatusOK)
+
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
+		assert.NotNil(t, flashCookie)
+		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522MY_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: org.ID, RepoID: 0, Name: "MY_SECRET"})
+		assert.Equal(t, "MY_SECRET", secret.Name)
+
+		value, err := secret.GetDecryptedData()
+		require.NoError(t, err)
+		assert.Equal(t, "   \n\tSecrët dåtä\\   \n", value)
+	})
+
+	t.Run("Remove secret", func(t *testing.T) {
+		req := NewRequestWithValues(t, "POST", url, map[string]string{
+			"name": "TEST_SECRET",
+			"data": "value",
+		})
+		session.MakeRequest(t, req, http.StatusOK)
+
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
+		assert.NotNil(t, flashCookie)
+		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522TEST_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: org.ID, RepoID: 0, Name: "TEST_SECRET"})
+
+		req = NewRequest(t, "POST", fmt.Sprintf("%s/delete?id=%d", url, secret.ID))
+		session.MakeRequest(t, req, http.StatusOK)
+
+		flashCookie = session.GetCookie(app_context.CookieNameFlash)
+		assert.NotNil(t, flashCookie)
+		assert.Equal(t, "success%3DThe%2Bsecret%2Bhas%2Bbeen%2Bremoved.", flashCookie.Value)
+
+		unittest.AssertNotExistsBean(t, secret)
+	})
+}
diff --git a/tests/integration/actions_variables_test.go b/tests/integration/actions_variables_test.go
index 81041b350c..f609361d90 100644
--- a/tests/integration/actions_variables_test.go
+++ b/tests/integration/actions_variables_test.go
@@ -53,7 +53,7 @@ func TestActionsVariablesModification(t *testing.T) {
 
 		req := NewRequestWithValues(t, "POST", baseURL+fmt.Sprintf("/%d/edit", id), map[string]string{
 			"name": "glados_quote",
-			"data": "I'm fine. Two plus two is...ten, in base four, I'm fine!",
+			"data": "   \r\n\tI'm fine. Two plus two is...ten, in base four, I'm fine!   \r\n",
 		})
 		if fail {
 			resp := sess.MakeRequest(t, req, http.StatusBadRequest)
@@ -65,6 +65,10 @@ func TestActionsVariablesModification(t *testing.T) {
 			flashCookie := sess.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Equal(t, "success%3DThe%2Bvariable%2Bhas%2Bbeen%2Bedited.", flashCookie.Value)
+
+			updatedVariable := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionVariable{ID: id})
+			assert.Equal(t, "GLADOS_QUOTE", updatedVariable.Name)
+			assert.Equal(t, "   \n\tI'm fine. Two plus two is...ten, in base four, I'm fine!   \n", updatedVariable.Data)
 		}
 
 		req = NewRequest(t, "POST", baseURL+fmt.Sprintf("/%d/delete", id))
diff --git a/tests/integration/api_org_secrets_test.go b/tests/integration/api_org_secrets_test.go
index 2a0574549d..02c4cfbc34 100644
--- a/tests/integration/api_org_secrets_test.go
+++ b/tests/integration/api_org_secrets_test.go
@@ -13,7 +13,6 @@ import (
 	org_model "forgejo.org/models/organization"
 	secret_model "forgejo.org/models/secret"
 	"forgejo.org/models/unittest"
-	"forgejo.org/modules/keying"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/tests"
 
@@ -98,10 +97,23 @@ func TestAPIOrgSecrets(t *testing.T) {
 		}
 
 		for _, c := range cases {
-			req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/orgs/%s/actions/secrets/%s", org.Name, c.Name), api.CreateOrUpdateSecretOption{
-				Data: "data",
-			}).AddTokenAuth(token)
+			url := fmt.Sprintf("/api/v1/orgs/%s/actions/secrets/%s", org.Name, c.Name)
+
+			req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
+				Data: "    \r\n\tdätå   \r\n",
+			})
+			req.AddTokenAuth(token)
 			MakeRequest(t, req, c.ExpectedStatus)
+
+			if c.ExpectedStatus < 300 {
+				secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: org.ID, Name: strings.ToUpper(c.Name)})
+
+				assert.Equal(t, strings.ToUpper(c.Name), secret.Name)
+
+				value, err := secret.GetDecryptedData()
+				require.NoError(t, err)
+				assert.Equal(t, "    \n\tdätå   \n", value)
+			}
 		}
 	})
 
@@ -115,14 +127,15 @@ func TestAPIOrgSecrets(t *testing.T) {
 		MakeRequest(t, req, http.StatusCreated)
 
 		req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
-			Data: "changed data",
-		}).AddTokenAuth(token)
+			Data: "\r\n    chåñgéd dätå\t   \r\n",
+		})
+		req.AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusNoContent)
 
 		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{Name: strings.ToUpper(name)})
-		data, err := keying.ActionSecret.Decrypt(secret.Data, keying.ColumnAndID("data", secret.ID))
+		data, err := secret.GetDecryptedData()
 		require.NoError(t, err)
-		assert.Equal(t, "changed data", string(data))
+		assert.Equal(t, "\n    chåñgéd dätå\t   \n", data)
 	})
 
 	t.Run("Delete", func(t *testing.T) {
diff --git a/tests/integration/api_org_variables_test.go b/tests/integration/api_org_variables_test.go
index f3ef009772..982c2f8fa5 100644
--- a/tests/integration/api_org_variables_test.go
+++ b/tests/integration/api_org_variables_test.go
@@ -74,20 +74,23 @@ func TestAPIOrgVariablesCreateOrganizationVariable(t *testing.T) {
 
 	for _, c := range cases {
 		requestURL := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, c.Name)
+
 		request := NewRequestWithJSON(t, "POST", requestURL, api.CreateVariableOption{
-			Value: "value" + c.Name,
+			Value: "  \tvalüé\r\n" + c.Name + "  \r\n",
 		})
 		request.AddTokenAuth(token)
 		MakeRequest(t, request, c.ExpectedStatus)
 
 		if c.ExpectedStatus < 300 {
-			request = NewRequest(t, "GET", requestURL).
-				AddTokenAuth(token)
+			request = NewRequest(t, "GET", requestURL)
+			request.AddTokenAuth(token)
 			res := MakeRequest(t, request, http.StatusOK)
+
 			variable := api.ActionVariable{}
 			DecodeJSON(t, res, &variable)
+
 			assert.Equal(t, variable.Name, c.Name)
-			assert.Equal(t, variable.Data, "value"+c.Name)
+			assert.Equal(t, variable.Data, "  \tvalüé\n"+c.Name+"  \n")
 		}
 	}
 }
@@ -108,56 +111,84 @@ func TestAPIOrgVariablesUpdateOrganizationVariable(t *testing.T) {
 
 	MakeRequest(t, request, http.StatusNoContent)
 
-	cases := []struct {
-		Name           string
-		UpdateName     string
-		ExpectedStatus int
-	}{
-		{
-			Name:           "not_found_var",
-			ExpectedStatus: http.StatusNotFound,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "1invalid",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "invalid@name",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "ci",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "forgejo_foo",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "updated_var_name",
-			ExpectedStatus: http.StatusNoContent,
-		},
-		{
-			Name:           variableName,
-			ExpectedStatus: http.StatusNotFound,
-		},
-		{
-			Name:           "updated_var_name",
-			ExpectedStatus: http.StatusNoContent,
-		},
-	}
+	t.Run("Accepts only valid names", func(t *testing.T) {
+		cases := []struct {
+			Name           string
+			UpdateName     string
+			ExpectedStatus int
+		}{
+			{
+				Name:           "not_found_var",
+				ExpectedStatus: http.StatusNotFound,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "1invalid",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "invalid@name",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "ci",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "forgejo_foo",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "updated_var_name",
+				ExpectedStatus: http.StatusNoContent,
+			},
+			{
+				Name:           variableName,
+				ExpectedStatus: http.StatusNotFound,
+			},
+			{
+				Name:           "updated_var_name",
+				ExpectedStatus: http.StatusNoContent,
+			},
+		}
 
-	for _, c := range cases {
-		url := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, c.Name)
-		request := NewRequestWithJSON(t, "PUT", url, api.UpdateVariableOption{Name: c.UpdateName, Value: "updated_val"})
-		request.AddTokenAuth(token)
-		MakeRequest(t, request, c.ExpectedStatus)
-	}
+		for _, c := range cases {
+			url := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, c.Name)
+			request := NewRequestWithJSON(t, "PUT", url, api.UpdateVariableOption{Name: c.UpdateName, Value: "updated_val"})
+			request.AddTokenAuth(token)
+			MakeRequest(t, request, c.ExpectedStatus)
+		}
+	})
+
+	t.Run("Retains special characters", func(t *testing.T) {
+		variableName := "special_characters"
+		url := fmt.Sprintf("/api/v1/orgs/%s/actions/variables/%s", org.Name, variableName)
+
+		req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{Value: "initial_value"})
+		req.AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		requestData := api.UpdateVariableOption{
+			Value: "\r\n    \tüpdåtéd\r\n   \r\n",
+		}
+		req = NewRequestWithJSON(t, "PUT", url, requestData)
+		req.AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		req = NewRequest(t, "GET", url)
+		req.AddTokenAuth(token)
+		res := MakeRequest(t, req, http.StatusOK)
+
+		variable := api.ActionVariable{}
+		DecodeJSON(t, res, &variable)
+
+		assert.Equal(t, "SPECIAL_CHARACTERS", variable.Name)
+		assert.Equal(t, "\n    \tüpdåtéd\n   \n", variable.Data)
+	})
 }
 
 func TestAPIOrgVariablesDeleteOrganizationVariable(t *testing.T) {
diff --git a/tests/integration/api_repo_secrets_test.go b/tests/integration/api_repo_secrets_test.go
index a6a59818f7..f012f3cb24 100644
--- a/tests/integration/api_repo_secrets_test.go
+++ b/tests/integration/api_repo_secrets_test.go
@@ -16,7 +16,6 @@ import (
 	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
-	"forgejo.org/modules/keying"
 	api "forgejo.org/modules/structs"
 	repo_service "forgejo.org/services/repository"
 	"forgejo.org/tests"
@@ -103,10 +102,22 @@ func TestAPIRepoSecrets(t *testing.T) {
 		}
 
 		for _, c := range cases {
-			req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), c.Name), api.CreateOrUpdateSecretOption{
-				Data: "data",
-			}).AddTokenAuth(token)
+			url := fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), c.Name)
+			req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
+				Data: "   \r\ndàtä\t   \r\n  ",
+			})
+			req.AddTokenAuth(token)
 			MakeRequest(t, req, c.ExpectedStatus)
+
+			if c.ExpectedStatus < 300 {
+				secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{RepoID: repo.ID, Name: strings.ToUpper(c.Name)})
+
+				assert.Equal(t, strings.ToUpper(c.Name), secret.Name)
+
+				value, err := secret.GetDecryptedData()
+				require.NoError(t, err)
+				assert.Equal(t, "   \ndàtä\t   \n  ", value)
+			}
 		}
 	})
 
@@ -114,20 +125,18 @@ func TestAPIRepoSecrets(t *testing.T) {
 		name := "update_repo_secret_and_test_data"
 		url := fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), name)
 
-		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
-			Data: "initial",
-		}).AddTokenAuth(token)
+		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{Data: "initial"})
+		req.AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusCreated)
 
-		req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
-			Data: "changed data",
-		}).AddTokenAuth(token)
+		req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{Data: "  \r\nchànged data\t\r\n "})
+		req.AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusNoContent)
 
 		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{Name: strings.ToUpper(name)})
-		data, err := keying.ActionSecret.Decrypt(secret.Data, keying.ColumnAndID("data", secret.ID))
+		data, err := secret.GetDecryptedData()
 		require.NoError(t, err)
-		assert.Equal(t, "changed data", string(data))
+		assert.Equal(t, "  \nchànged data\t\n ", data)
 	})
 
 	t.Run("Delete", func(t *testing.T) {
diff --git a/tests/integration/api_repo_variables_test.go b/tests/integration/api_repo_variables_test.go
index 0cc79bc423..9752ef24e2 100644
--- a/tests/integration/api_repo_variables_test.go
+++ b/tests/integration/api_repo_variables_test.go
@@ -78,19 +78,22 @@ func TestAPIRepoVariablesTestCreateRepositoryVariable(t *testing.T) {
 	}
 
 	for _, c := range cases {
-		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/actions/variables/%s", repo.FullName(), c.Name), api.CreateVariableOption{
-			Value: "value" + c.Name,
-		}).AddTokenAuth(token)
+		url := fmt.Sprintf("/api/v1/repos/%s/actions/variables/%s", repo.FullName(), c.Name)
+
+		req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{Value: "  \tvalüé\r\n" + c.Name + "  \r\n"})
+		req.AddTokenAuth(token)
 		MakeRequest(t, req, c.ExpectedStatus)
 
 		if c.ExpectedStatus < 300 {
-			req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/actions/variables/%s", repo.FullName(), c.Name)).
-				AddTokenAuth(token)
+			req = NewRequest(t, "GET", url)
+			req.AddTokenAuth(token)
 			res := MakeRequest(t, req, http.StatusOK)
+
 			variable := api.ActionVariable{}
 			DecodeJSON(t, res, &variable)
+
 			assert.Equal(t, variable.Name, c.Name)
-			assert.Equal(t, variable.Data, "value"+c.Name)
+			assert.Equal(t, variable.Data, "  \tvalüé\n"+c.Name+"  \n")
 		}
 	}
 }
@@ -105,62 +108,92 @@ func TestAPIRepoVariablesUpdateRepositoryVariable(t *testing.T) {
 
 	variableName := "test_update_var"
 	url := fmt.Sprintf("/api/v1/repos/%s/actions/variables/%s", repo.FullName(), variableName)
-	req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{
-		Value: "initial_val",
-	}).AddTokenAuth(token)
+	req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{Value: "initial_val"})
+	req.AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusNoContent)
 
-	cases := []struct {
-		Name           string
-		UpdateName     string
-		ExpectedStatus int
-	}{
-		{
-			Name:           "not_found_var",
-			ExpectedStatus: http.StatusNotFound,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "1invalid",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "invalid@name",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "ci",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "forgejo_foo",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "updated_var_name",
-			ExpectedStatus: http.StatusNoContent,
-		},
-		{
-			Name:           variableName,
-			ExpectedStatus: http.StatusNotFound,
-		},
-		{
-			Name:           "updated_var_name",
-			ExpectedStatus: http.StatusNoContent,
-		},
-	}
+	t.Run("Accepts only valid variable names", func(t *testing.T) {
+		cases := []struct {
+			Name           string
+			UpdateName     string
+			ExpectedStatus int
+		}{
+			{
+				Name:           "not_found_var",
+				ExpectedStatus: http.StatusNotFound,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "1invalid",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "invalid@name",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "ci",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "forgejo_foo",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "updated_var_name",
+				ExpectedStatus: http.StatusNoContent,
+			},
+			{
+				Name:           variableName,
+				ExpectedStatus: http.StatusNotFound,
+			},
+			{
+				Name:           "updated_var_name",
+				ExpectedStatus: http.StatusNoContent,
+			},
+		}
 
-	for _, c := range cases {
-		req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/actions/variables/%s", repo.FullName(), c.Name), api.UpdateVariableOption{
-			Name:  c.UpdateName,
-			Value: "updated_val",
-		}).AddTokenAuth(token)
-		MakeRequest(t, req, c.ExpectedStatus)
-	}
+		for _, c := range cases {
+			url := fmt.Sprintf("/api/v1/repos/%s/actions/variables/%s", repo.FullName(), c.Name)
+			requestData := api.UpdateVariableOption{
+				Name:  c.UpdateName,
+				Value: "updated_val",
+			}
+			req := NewRequestWithJSON(t, "PUT", url, requestData)
+			req.AddTokenAuth(token)
+			MakeRequest(t, req, c.ExpectedStatus)
+		}
+	})
+
+	t.Run("Retains special characters", func(t *testing.T) {
+		variableName := "special_characters"
+		url := fmt.Sprintf("/api/v1/repos/%s/actions/variables/%s", repo.FullName(), variableName)
+
+		req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{Value: "initial_value"})
+		req.AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		requestData := api.UpdateVariableOption{
+			Value: "\r\n    \tüpdåtéd\r\n   \r\n",
+		}
+		req = NewRequestWithJSON(t, "PUT", url, requestData)
+		req.AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		req = NewRequest(t, "GET", url)
+		req.AddTokenAuth(token)
+		res := MakeRequest(t, req, http.StatusOK)
+
+		variable := api.ActionVariable{}
+		DecodeJSON(t, res, &variable)
+
+		assert.Equal(t, "SPECIAL_CHARACTERS", variable.Name)
+		assert.Equal(t, "\n    \tüpdåtéd\n   \n", variable.Data)
+	})
 }
 
 func TestAPIRepoVariablesDeleteRepositoryVariable(t *testing.T) {
diff --git a/tests/integration/api_user_secrets_test.go b/tests/integration/api_user_secrets_test.go
index 5b26aa57b1..b32cf5fb19 100644
--- a/tests/integration/api_user_secrets_test.go
+++ b/tests/integration/api_user_secrets_test.go
@@ -13,7 +13,6 @@ import (
 	secret_model "forgejo.org/models/secret"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
-	"forgejo.org/modules/keying"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/tests"
 
@@ -72,10 +71,17 @@ func TestAPIUserSecrets(t *testing.T) {
 		}
 
 		for _, c := range cases {
-			req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/user/actions/secrets/%s", c.Name), api.CreateOrUpdateSecretOption{
-				Data: "data",
-			}).AddTokenAuth(token)
+			url := fmt.Sprintf("/api/v1/user/actions/secrets/%s", c.Name)
+			req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{Data: "  \r\ndàtä\t  "})
+			req.AddTokenAuth(token)
 			MakeRequest(t, req, c.ExpectedStatus)
+
+			if c.ExpectedStatus < 300 {
+				secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: user.ID, Name: strings.ToUpper(c.Name)})
+				data, err := secret.GetDecryptedData()
+				require.NoError(t, err)
+				assert.Equal(t, "  \ndàtä\t  ", data)
+			}
 		}
 	})
 
@@ -83,20 +89,18 @@ func TestAPIUserSecrets(t *testing.T) {
 		name := "update_user_secret_and_test_data"
 		url := fmt.Sprintf("/api/v1/user/actions/secrets/%s", name)
 
-		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
-			Data: "initial",
-		}).AddTokenAuth(token)
+		req := NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{Data: "initial"})
+		req.AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusCreated)
 
-		req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{
-			Data: "changed data",
-		}).AddTokenAuth(token)
+		req = NewRequestWithJSON(t, "PUT", url, api.CreateOrUpdateSecretOption{Data: "  \r\nchängéd\t  "})
+		req.AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusNoContent)
 
 		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{Name: strings.ToUpper(name)})
-		data, err := keying.ActionSecret.Decrypt(secret.Data, keying.ColumnAndID("data", secret.ID))
+		data, err := secret.GetDecryptedData()
 		require.NoError(t, err)
-		assert.Equal(t, "changed data", string(data))
+		assert.Equal(t, "  \nchängéd\t  ", data)
 	})
 
 	t.Run("Delete", func(t *testing.T) {
diff --git a/tests/integration/api_user_variables_test.go b/tests/integration/api_user_variables_test.go
index d4806031b5..d37e4324a2 100644
--- a/tests/integration/api_user_variables_test.go
+++ b/tests/integration/api_user_variables_test.go
@@ -74,19 +74,24 @@ func TestAPIUserVariablesCreateUserVariable(t *testing.T) {
 	}
 
 	for _, c := range cases {
-		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/user/actions/variables/%s", c.Name), api.CreateVariableOption{
-			Value: "value" + c.Name,
-		}).AddTokenAuth(token)
+		url := fmt.Sprintf("/api/v1/user/actions/variables/%s", c.Name)
+
+		req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{
+			Value: "  \tvalüé\r\n" + c.Name + "  \r\n",
+		})
+		req.AddTokenAuth(token)
 		MakeRequest(t, req, c.ExpectedStatus)
 
 		if c.ExpectedStatus < 300 {
-			req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/actions/variables/%s", c.Name)).
-				AddTokenAuth(token)
+			req = NewRequest(t, "GET", url)
+			req.AddTokenAuth(token)
 			res := MakeRequest(t, req, http.StatusOK)
+
 			variable := api.ActionVariable{}
 			DecodeJSON(t, res, &variable)
+
 			assert.Equal(t, variable.Name, c.Name)
-			assert.Equal(t, variable.Data, "value"+c.Name)
+			assert.Equal(t, variable.Data, "  \tvalüé\n"+c.Name+"  \n")
 		}
 	}
 }
@@ -106,57 +111,87 @@ func TestAPIUserVariablesUpdateUserVariable(t *testing.T) {
 	}).AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusNoContent)
 
-	cases := []struct {
-		Name           string
-		UpdateName     string
-		ExpectedStatus int
-	}{
-		{
-			Name:           "not_found_var",
-			ExpectedStatus: http.StatusNotFound,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "1invalid",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "invalid@name",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "ci",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "forgejo_foo",
-			ExpectedStatus: http.StatusBadRequest,
-		},
-		{
-			Name:           variableName,
-			UpdateName:     "updated_var_name",
-			ExpectedStatus: http.StatusNoContent,
-		},
-		{
-			Name:           variableName,
-			ExpectedStatus: http.StatusNotFound,
-		},
-		{
-			Name:           "updated_var_name",
-			ExpectedStatus: http.StatusNoContent,
-		},
-	}
+	t.Run("Accepts only valid names", func(t *testing.T) {
+		cases := []struct {
+			Name           string
+			UpdateName     string
+			ExpectedStatus int
+		}{
+			{
+				Name:           "not_found_var",
+				ExpectedStatus: http.StatusNotFound,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "1invalid",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "invalid@name",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "ci",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "forgejo_foo",
+				ExpectedStatus: http.StatusBadRequest,
+			},
+			{
+				Name:           variableName,
+				UpdateName:     "updated_var_name",
+				ExpectedStatus: http.StatusNoContent,
+			},
+			{
+				Name:           variableName,
+				ExpectedStatus: http.StatusNotFound,
+			},
+			{
+				Name:           "updated_var_name",
+				ExpectedStatus: http.StatusNoContent,
+			},
+		}
 
-	for _, c := range cases {
-		req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/user/actions/variables/%s", c.Name), api.UpdateVariableOption{
-			Name:  c.UpdateName,
-			Value: "updated_val",
-		}).AddTokenAuth(token)
-		MakeRequest(t, req, c.ExpectedStatus)
-	}
+		for _, c := range cases {
+			url := fmt.Sprintf("/api/v1/user/actions/variables/%s", c.Name)
+			req := NewRequestWithJSON(t, "PUT", url, api.UpdateVariableOption{
+				Name:  c.UpdateName,
+				Value: "updated_val",
+			})
+			req.AddTokenAuth(token)
+			MakeRequest(t, req, c.ExpectedStatus)
+		}
+	})
+
+	t.Run("Retains special characters", func(t *testing.T) {
+		variableName := "special_characters"
+		url := fmt.Sprintf("/api/v1/user/actions/variables/%s", variableName)
+
+		req := NewRequestWithJSON(t, "POST", url, api.CreateVariableOption{Value: "initial_value"})
+		req.AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		requestData := api.UpdateVariableOption{
+			Value: "\r\n    \tüpdåtéd\r\n   \r\n",
+		}
+		req = NewRequestWithJSON(t, "PUT", url, requestData)
+		req.AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		req = NewRequest(t, "GET", url)
+		req.AddTokenAuth(token)
+		res := MakeRequest(t, req, http.StatusOK)
+
+		variable := api.ActionVariable{}
+		DecodeJSON(t, res, &variable)
+
+		assert.Equal(t, "SPECIAL_CHARACTERS", variable.Name)
+		assert.Equal(t, "\n    \tüpdåtéd\n   \n", variable.Data)
+	})
 }
 
 func TestAPIUserVariablesDeleteUserVariable(t *testing.T) {

From 520a77f372d28569f43f585a2909320787a90ccd Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 9 Feb 2026 18:38:25 +0100
Subject: [PATCH 294/854] Update dependency eslint-plugin-regexp to v3
 (forgejo) (#11207)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 22 +++++++++++-----------
 package.json      |  2 +-
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 98eeb234c0..fb788071d3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -99,7 +99,7 @@
         "eslint-plugin-no-jquery": "3.1.1",
         "eslint-plugin-no-use-extend-native": "0.7.2",
         "eslint-plugin-playwright": "2.5.1",
-        "eslint-plugin-regexp": "2.10.0",
+        "eslint-plugin-regexp": "3.0.0",
         "eslint-plugin-sonarjs": "3.0.6",
         "eslint-plugin-toml": "0.13.1",
         "eslint-plugin-unicorn": "62.0.0",
@@ -8173,25 +8173,25 @@
       }
     },
     "node_modules/eslint-plugin-regexp": {
-      "version": "2.10.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-regexp/-/eslint-plugin-regexp-2.10.0.tgz",
-      "integrity": "sha512-ovzQT8ESVn5oOe5a7gIDPD5v9bCSjIFJu57sVPDqgPRXicQzOnYfFN21WoQBQF18vrhT5o7UMKFwJQVVjyJ0ng==",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-regexp/-/eslint-plugin-regexp-3.0.0.tgz",
+      "integrity": "sha512-iW7hgAV8NOG6E2dz+VeKpq67YLQ9jaajOKYpoOSic2/q8y9BMdXBKkSR9gcMtbqEhNQzdW41E3wWzvhp8ExYwQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@eslint-community/regexpp": "^4.11.0",
         "comment-parser": "^1.4.0",
-        "jsdoc-type-pratt-parser": "^4.0.0",
+        "jsdoc-type-pratt-parser": "^7.0.0",
         "refa": "^0.12.1",
         "regexp-ast-analysis": "^0.7.1",
         "scslre": "^0.3.0"
       },
       "engines": {
-        "node": "^18 || >=20"
+        "node": "^20.19.0 || ^22.13.0 || >=24"
       },
       "peerDependencies": {
-        "eslint": ">=8.44.0"
+        "eslint": ">=9.38.0"
       }
     },
     "node_modules/eslint-plugin-sonarjs": {
@@ -10413,13 +10413,13 @@
       }
     },
     "node_modules/jsdoc-type-pratt-parser": {
-      "version": "4.8.0",
-      "resolved": "https://registry.npmjs.org/jsdoc-type-pratt-parser/-/jsdoc-type-pratt-parser-4.8.0.tgz",
-      "integrity": "sha512-iZ8Bdb84lWRuGHamRXFyML07r21pcwBrLkHEuHgEY5UbCouBwv7ECknDRKzsQIXMiqpPymqtIf8TC/shYKB5rw==",
+      "version": "7.1.1",
+      "resolved": "https://registry.npmjs.org/jsdoc-type-pratt-parser/-/jsdoc-type-pratt-parser-7.1.1.tgz",
+      "integrity": "sha512-/2uqY7x6bsrpi3i9LVU6J89352C0rpMk0as8trXxCtvd4kPk1ke/Eyif6wqfSLvoNJqcDG9Vk4UsXgygzCt2xA==",
       "dev": true,
       "license": "MIT",
       "engines": {
-        "node": ">=12.0.0"
+        "node": ">=20.0.0"
       }
     },
     "node_modules/jsep": {
diff --git a/package.json b/package.json
index ae37edc774..2b181280ba 100644
--- a/package.json
+++ b/package.json
@@ -98,7 +98,7 @@
     "eslint-plugin-no-jquery": "3.1.1",
     "eslint-plugin-no-use-extend-native": "0.7.2",
     "eslint-plugin-playwright": "2.5.1",
-    "eslint-plugin-regexp": "2.10.0",
+    "eslint-plugin-regexp": "3.0.0",
     "eslint-plugin-sonarjs": "3.0.6",
     "eslint-plugin-toml": "0.13.1",
     "eslint-plugin-unicorn": "62.0.0",

From 79a8e92bec0889a00c0010eeee995b69e93839f1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 9 Feb 2026 18:46:35 +0100
Subject: [PATCH 295/854] Update dependency vite-string-plugin to v2 (forgejo)
 (#11213)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 13 ++++++++-----
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index fb788071d3..061131baa7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -120,7 +120,7 @@
         "svgo": "4.0.0",
         "typescript": "5.9.3",
         "typescript-eslint": "8.54.0",
-        "vite-string-plugin": "1.4.9",
+        "vite-string-plugin": "2.0.0",
         "vitest": "4.0.18"
       },
       "engines": {
@@ -15432,11 +15432,14 @@
       }
     },
     "node_modules/vite-string-plugin": {
-      "version": "1.4.9",
-      "resolved": "https://registry.npmjs.org/vite-string-plugin/-/vite-string-plugin-1.4.9.tgz",
-      "integrity": "sha512-mO7PVkMs8+FuTK9ZjBBCRSjabC9cobvUEbN2EjWtGJo6nu35SbW99bYesOh5Ho39ug/KSbT4VwM4GPC26Xk/mQ==",
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/vite-string-plugin/-/vite-string-plugin-2.0.0.tgz",
+      "integrity": "sha512-7p4aOvow1kphhZppt62A6Aj03NhUzOTiBgjHaTWDIdmtiUbjoJeVLarV52UjQNvLFC6BxJgV8r1AAwJfcxwZSQ==",
       "dev": true,
-      "license": "BSD-2-Clause"
+      "license": "BSD-2-Clause",
+      "peerDependencies": {
+        "vite": "*"
+      }
     },
     "node_modules/vite/node_modules/@types/estree": {
       "version": "1.0.8",
diff --git a/package.json b/package.json
index 2b181280ba..af933f7e3b 100644
--- a/package.json
+++ b/package.json
@@ -119,7 +119,7 @@
     "svgo": "4.0.0",
     "typescript": "5.9.3",
     "typescript-eslint": "8.54.0",
-    "vite-string-plugin": "1.4.9",
+    "vite-string-plugin": "2.0.0",
     "vitest": "4.0.18"
   },
   "browserslist": ["defaults"],

From 3a61158e1eb678bdab4f89e4a2a2b06becb16976 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 9 Feb 2026 19:59:16 +0100
Subject: [PATCH 296/854] Update dependency @codemirror/commands to v6.10.2
 (forgejo) (#11201)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11201
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 061131baa7..1e91d2a09d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
         "@citation-js/plugin-bibtex": "0.7.21",
         "@citation-js/plugin-software-formats": "0.6.2",
         "@codemirror/autocomplete": "6.20.0",
-        "@codemirror/commands": "6.10.1",
+        "@codemirror/commands": "6.10.2",
         "@codemirror/lang-cpp": "6.0.3",
         "@codemirror/lang-css": "6.3.1",
         "@codemirror/lang-go": "6.0.1",
@@ -511,9 +511,9 @@
       }
     },
     "node_modules/@codemirror/commands": {
-      "version": "6.10.1",
-      "resolved": "https://registry.npmjs.org/@codemirror/commands/-/commands-6.10.1.tgz",
-      "integrity": "sha512-uWDWFypNdQmz2y1LaNJzK7fL7TYKLeUAU0npEC685OKTF3KcQ2Vu3klIM78D7I6wGhktme0lh3CuQLv0ZCrD9Q==",
+      "version": "6.10.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/commands/-/commands-6.10.2.tgz",
+      "integrity": "sha512-vvX1fsih9HledO1c9zdotZYUZnE4xV0m6i3m25s5DIfXofuprk6cRcLUZvSk3CASUbwjQX21tOGbkY2BH8TpnQ==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/language": "^6.0.0",
diff --git a/package.json b/package.json
index af933f7e3b..b825ff9e35 100644
--- a/package.json
+++ b/package.json
@@ -9,7 +9,7 @@
     "@citation-js/plugin-bibtex": "0.7.21",
     "@citation-js/plugin-software-formats": "0.6.2",
     "@codemirror/autocomplete": "6.20.0",
-    "@codemirror/commands": "6.10.1",
+    "@codemirror/commands": "6.10.2",
     "@codemirror/lang-cpp": "6.0.3",
     "@codemirror/lang-css": "6.3.1",
     "@codemirror/lang-go": "6.0.1",

From c0cb271f1521ecbb9a49a1f268ddeaeff0b40795 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Mon, 9 Feb 2026 21:31:16 +0100
Subject: [PATCH 297/854] fix: improve SQLite "database is locked" errors by
 increasing default `SQLITE_TIMEOUT` (#11179)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As noted in https://codeberg.org/forgejo/forgejo/issues/10900#issuecomment-10339634, `TestAPICreateIssueParallel` is failing intermittently in Forgejo CI.  Based upon this intermittent failure, I've made these changes:
- Increase the parallel run of the test from 10 instances to 100, which caused this test to fail consistently and reliably on my dev workstation.  The test execution time at 100 parallel invocations is only ~4 seconds.
- Increase the default `SQLITE_TIMEOUT` from 500ms to 5s, which caused this test to succeed consistently on my dev workstation.

Is 5000ms the right setting?  🤷  On local testing, this specific test failed...
- 2500ms: failed 1/1 times
- 3000ms: failed 1/3 times
- 3500ms: failed 0/10 times

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. -- https://codeberg.org/forgejo/docs/pulls/1775
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11179
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 modules/setting/database.go         | 2 +-
 tests/integration/api_issue_test.go | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/setting/database.go b/modules/setting/database.go
index 7b9af1598e..0a5661543a 100644
--- a/modules/setting/database.go
+++ b/modules/setting/database.go
@@ -86,7 +86,7 @@ func loadDBSetting(rootCfg ConfigProvider) {
 	Database.CharsetCollation = sec.Key("CHARSET_COLLATION").String()
 
 	Database.Path = sec.Key("PATH").MustString(filepath.Join(AppDataPath, "forgejo.db"))
-	Database.Timeout = sec.Key("SQLITE_TIMEOUT").MustInt(500)
+	Database.Timeout = sec.Key("SQLITE_TIMEOUT").MustInt(5000)
 	Database.SQLiteJournalMode = sec.Key("SQLITE_JOURNAL_MODE").MustString("WAL")
 
 	Database.MaxIdleConns = sec.Key("MAX_IDLE_CONNS").MustInt(2)
diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go
index 44e07b95c8..43258562c6 100644
--- a/tests/integration/api_issue_test.go
+++ b/tests/integration/api_issue_test.go
@@ -228,7 +228,7 @@ func TestAPICreateIssueParallel(t *testing.T) {
 	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues?state=all", owner.Name, repoBefore.Name)
 
 	var wg sync.WaitGroup
-	for i := 0; i < 10; i++ {
+	for i := 0; i < 100; i++ {
 		wg.Add(1)
 		go func(parentT *testing.T, i int) {
 			parentT.Run(fmt.Sprintf("ParallelCreateIssue_%d", i), func(t *testing.T) {

From 4ce2212c9f1e1055a3957b0e7eaeb4f56f6c6d5d Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 10 Feb 2026 04:38:56 +0100
Subject: [PATCH 298/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.6.4 (forgejo) (#11222)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.6.3` -> `v12.6.4` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.6.4?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.6.3/v12.6.4?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.6.4`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.6.4)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.6.3...v12.6.4)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1231): <!--number 1231 --><!--line 0 --><!--description Zml4OiByZXNwZWN0ICJhdXRvbW91bnQiIGRvY2tlciBzZXR0aW5nIGluIG9uZS1qb2I=-->fix: respect "automount" docker setting in one-job<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1354): <!--number 1354 --><!--line 0 --><!--description Zml4OiBpbnRlcnBvbGF0ZSBqb2IgbmFtZSBhZnRlciBtYXRyaXggZXhwYW5zaW9u-->fix: interpolate job name after matrix expansion<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1333): <!--number 1333 --><!--line 0 --><!--description Zml4OiBJc29sYXRlIHN0ZXAgY29udGFpbmVycyBuZXR3b3JrIG5hbWVzcGFjZSB0byBtYXRjaCBkb2NrZXI6Ly8gYWN0aW9uIHNlbWFudGljcw==-->fix: Isolate step containers network namespace to match docker:// action semantics<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1356): <!--number 1356 --><!--line 0 --><!--description Zml4IEdldE91dGJvdW5kSXAgYXV0by1kZXRlY3Rpb24gb24gaXB2Ni1vbmx5IHN5c3RlbXM=-->fix GetOutboundIp auto-detection on ipv6-only systems<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1352): <!--number 1352 --><!--line 0 --><!--description QWxlcnQgdXNlcnMgdGhhdCBkZWZhdWx0cyBhcmUgdXNlZCB3aGVuIC0tY29uZmlnIGlzIG5vdCBwcm92aWRlZC4=-->Alert users that defaults are used when --config is not provided.<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1349): <!--number 1349 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNw==-->Update dependency go to v1.25.7<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1351): <!--number 1351 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS41LjI=-->Update dependency forgejo/release-notes-assistant to v1.5.2<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1347): <!--number 1347 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby1ydW5uZXItc2VydmljZS15cSB0byB2NC41Mi4y-->Update dependency forgejo-runner-service-yq to v4.52.2<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1344): <!--number 1344 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuNA==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.1.4<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1342): <!--number 1342 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9ydW5uZXIgRG9ja2VyIHRhZyB0byB2MTIuNi4z-->Update data.forgejo.org/forgejo/runner Docker tag to v12.6.3<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1343): <!--number 1343 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjYuMw==-->Update dependency forgejo/runner to v12.6.3<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My40LjMiLCJ1cGRhdGVkSW5WZXIiOiI0My40LjMiLCJ0YXJnZXRCcmFuY2giOiJmb3JnZWpvIiwibGFiZWxzIjpbImRlcGVuZGVuY3ktdXBncmFkZSIsInRlc3Qvbm90LW5lZWRlZCJdfQ==-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11222
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 518167d362..5aad64e1de 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.6.3
+	code.forgejo.org/forgejo/runner/v12 v12.6.4
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index d65ce858b5..fee01c6654 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.6.3 h1:5sS/v8vyB1i6rPegu4+aCPnFNMZPnl+uJGkQRS09u4k=
-code.forgejo.org/forgejo/runner/v12 v12.6.3/go.mod h1:G75xcAhTaFE++/57qcBu+Zk7B7R3kLiUz8y2IkIwUKY=
+code.forgejo.org/forgejo/runner/v12 v12.6.4 h1:nhYj2wSj5BVKxcF0bRtMt/A9iGkxHPFJiIui+T/4mrc=
+code.forgejo.org/forgejo/runner/v12 v12.6.4/go.mod h1:34ATLtcxtOgjAJiINaJvBoNJiKpL1hGn0kt+gk+zdyk=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=

From bd5685812e4e0025193096ea82f95e5e3b9aa0c8 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Tue, 10 Feb 2026 12:50:55 +0100
Subject: [PATCH 299/854] feat(ui): convert org members list to grid (#11127)

Replaces #10789

Convert the layout from flex-list helpers to a CSS-native grid. This allows to having buttons in different rows aligned to each other while keeping the layout responsive, i.e. looking good on both desktop and mobile.

### Preview (desktop)

|Before|After|
|-|-|
|![j1](/attachments/85f244bf-0538-4c5d-8300-ae4f6744e5f3)|![new1](/attachments/a23c60f7-d7a3-4cb7-abc6-657541992204)|

### Preview (mobile)

|Before|After|
|-|-|
|![g1](/attachments/32b01933-652f-47e7-b97d-e35262cbbf44)|![new2](/attachments/927fb458-632c-4699-ba8b-bcb6a73ffe3d)|

### Preview (Guest)
|Before|After|
|-|-|
|![i1](/attachments/66d0d62d-5500-4c6d-8913-aad2cf69d1ab)|![new3](/attachments/0333b14e-2952-4c5b-9051-185840167dca)|

## Testing

Automated tests were added to make sure that actions in this list are still working, and for basic template logic. No tests were added for layout because layout being correct is an abstract concept that is difficult to explain to Playwright.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11127
Reviewed-by: Antonin Delpeuch <wetneb@noreply.codeberg.org>
---
 templates/org/member/members.tmpl     | 107 +++++++++++++-------------
 tests/e2e/org-members.test.e2e.ts     |  50 ++++++++++++
 tests/integration/org_members_test.go |  48 ++++++++++++
 web_src/css/org.css                   |  52 +++++++++++++
 4 files changed, 204 insertions(+), 53 deletions(-)
 create mode 100644 tests/e2e/org-members.test.e2e.ts
 create mode 100644 tests/integration/org_members_test.go

diff --git a/templates/org/member/members.tmpl b/templates/org/member/members.tmpl
index dccf588f6a..0cbc1b5eb1 100644
--- a/templates/org/member/members.tmpl
+++ b/templates/org/member/members.tmpl
@@ -4,63 +4,64 @@
 	<div class="ui container">
 		{{template "base/alert" .}}
 
-		<div class="flex-list">
-			{{range .Members}}
+		<div class="list">
+			{{range $idx, $_ := .Members}}
+				{{if ne $idx 0}}
+					<div class="divider"></div>
+				{{end}}
 				{{$isPublic := index $.MembersIsPublicMember .ID}}
-				<div class="flex-item {{if $.PublicOnly}}tw-items-center{{end}}">
-					<div class="flex-item-leading">
-						<a href="{{.HomeLink}}">{{ctx.AvatarUtils.Avatar . 48}}</a>
-					</div>
-					<div class="flex-item-main">
-						<div class="flex-item-title">
-							{{template "shared/user/name" .}}
-							{{if not $isPublic}}
-								<span class="ui label">{{ctx.Locale.Tr "org.members.private"}}</span>
-							{{end}}
+				<a href="{{.HomeLink}}">{{ctx.AvatarUtils.Avatar . 48}}</a>
+				<div>
+					<h3>
+						{{template "shared/user/name" .}}
+						{{if not $isPublic}}
+							<span class="ui label">{{ctx.Locale.Tr "org.members.private"}}</span>
+						{{end}}
+					</h3>
+					{{if not $.PublicOnly}}
+						<div>
+							{{ctx.Locale.Tr "org.members.member_role"}}
+							<strong>{{if index $.MembersIsUserOrgOwner .ID}}{{svg "octicon-shield-lock"}} {{ctx.Locale.Tr "org.members.owner"}}{{else}}{{ctx.Locale.Tr "org.members.member"}}{{end}}</strong>
+						</div>
+						{{if $.IsOrganizationOwner}}
+						<div>
+							{{ctx.Locale.Tr "admin.users.2fa"}}
+							<strong>
+								{{if index $.MembersTwoFaStatus .ID}}
+									<span class="text green">{{svg "octicon-check"}}</span>
+								{{else}}
+									{{svg "octicon-x"}}
+								{{end}}
+							</strong>
 						</div>
-						{{if not $.PublicOnly}}
-							<div class="flex-item-body">
-								{{ctx.Locale.Tr "org.members.member_role"}}
-								<strong class="flex-text-inline">{{if index $.MembersIsUserOrgOwner .ID}}{{svg "octicon-shield-lock"}} {{ctx.Locale.Tr "org.members.owner"}}{{else}}{{ctx.Locale.Tr "org.members.member"}}{{end}}</strong>
-							</div>
-							{{if $.IsOrganizationOwner}}
-							<div class="flex-item-body">
-								{{ctx.Locale.Tr "admin.users.2fa"}}
-								<strong>
-									{{if index $.MembersTwoFaStatus .ID}}
-										<span class="text green">{{svg "octicon-check"}}</span>
-									{{else}}
-										{{svg "octicon-x"}}
-									{{end}}
-								</strong>
-							</div>
-							{{end}}
 						{{end}}
-					</div>
-					<div class="flex-item-trailing">
-						{{if or (eq $.SignedUser.ID .ID) $.IsOrganizationOwner}}
-							{{if $isPublic}}
-								<a class="ui tiny button link-action" href data-url="{{$.OrgLink}}/members/action/private?uid={{.ID}}">{{svg "octicon-eye-closed" 12 "icon"}}{{ctx.Locale.Tr "org.members.public_helper"}}</a>
-							{{else}}
-								<a class="ui tiny button link-action" href data-url="{{$.OrgLink}}/members/action/public?uid={{.ID}}">{{svg "octicon-eye" 12 "icon"}}{{ctx.Locale.Tr "org.members.private_helper"}}</a>
-							{{end}}
+					{{end}}
+				</div>
+				<div class="actions">
+					{{if or (eq $.SignedUser.ID .ID) $.IsOrganizationOwner}}
+						{{if $isPublic}}
+							<a class="small secondary button link-action" href data-url="{{$.OrgLink}}/members/action/private?uid={{.ID}}">
+								{{svg "octicon-eye-closed"}}
+								{{ctx.Locale.Tr "org.members.public_helper"}}
+							</a>
+						{{else}}
+							<a class="small secondary button link-action" href data-url="{{$.OrgLink}}/members/action/public?uid={{.ID}}">
+								{{svg "octicon-eye"}}
+								{{ctx.Locale.Tr "org.members.private_helper"}}
+							</a>
 						{{end}}
-						{{if eq $.SignedUser.ID .ID}}
-							<form>
-								<button class="ui red tiny button delete-button" data-modal-id="leave-organization"
-									data-url="{{$.OrgLink}}/members/action/leave" data-datauid="{{.ID}}"
-									data-name="{{.DisplayName}}"
-									data-data-organization-name="{{$.Org.DisplayName}}">{{ctx.Locale.Tr "org.members.leave"}}</button>
-							</form>
-						{{else if $.IsOrganizationOwner}}
-							<form>
-								<button class="ui red tiny button delete-button" data-modal-id="remove-organization-member"
-									data-url="{{$.OrgLink}}/members/action/remove" data-datauid="{{.ID}}"
-									data-name="{{.DisplayName}}"
-									data-data-organization-name="{{$.Org.DisplayName}}">{{ctx.Locale.Tr "org.members.remove"}}</button>
-							</form>
-						{{end}}
-					</div>
+					{{end}}
+					{{if eq $.SignedUser.ID .ID}}
+						<button class="small danger button delete-button" data-modal-id="leave-organization"
+							data-url="{{$.OrgLink}}/members/action/leave" data-datauid="{{.ID}}"
+							data-name="{{.DisplayName}}"
+							data-data-organization-name="{{$.Org.DisplayName}}">{{ctx.Locale.Tr "org.members.leave"}}</button>
+					{{else if $.IsOrganizationOwner}}
+						<button class="small danger button delete-button" data-modal-id="remove-organization-member"
+							data-url="{{$.OrgLink}}/members/action/remove" data-datauid="{{.ID}}"
+							data-name="{{.DisplayName}}"
+							data-data-organization-name="{{$.Org.DisplayName}}">{{ctx.Locale.Tr "org.members.remove"}}</button>
+					{{end}}
 				</div>
 			{{end}}
 		</div>
diff --git a/tests/e2e/org-members.test.e2e.ts b/tests/e2e/org-members.test.e2e.ts
new file mode 100644
index 0000000000..311ad0f7cc
--- /dev/null
+++ b/tests/e2e/org-members.test.e2e.ts
@@ -0,0 +1,50 @@
+// Copyright 2026 The Forgejo Authors
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// @watch start
+
+// @watch end
+
+import {expect} from '@playwright/test';
+import {test} from './utils_e2e.ts';
+
+test.use({user: 'user2'});
+
+test('Toggle visibility', async ({page}) => {
+  page.goto('/org/org3/members');
+
+  // Button "Make hidden" for user2's row
+  const hideUser2 = page.locator('.link-action[data-url="/org/org3/members/action/private?uid=2"]');
+  // Button "Make visible" for user2's row
+  const showUser2 = page.locator('.link-action[data-url="/org/org3/members/action/public?uid=2"]');
+
+  await expect(hideUser2).toBeVisible();
+  await expect(showUser2).toBeHidden();
+  await hideUser2.click();
+
+  // Button action was flipped
+  await expect(hideUser2).toBeHidden();
+  await expect(showUser2).toBeVisible();
+
+  // Revert for repeatability
+  await showUser2.click();
+});
+
+test('Leave org', async ({page}) => {
+  page.goto('/org/org3/members');
+
+  // Button "Leave" for user2's row
+  const leaveButton = page.locator('.delete-button[data-url="/org/org3/members/action/leave"]');
+
+  // Click the button
+  await leaveButton.click();
+
+  // A confirmation modal will appear
+  await expect(page.locator('.modal#leave-organization')).toBeVisible();
+
+  // Proceed leaving the org
+  await page.locator('.modal#leave-organization .actions button.ok').click();
+
+  // Getting error is enough to know that the correct request went though
+  await expect(page.locator('.flash-error').getByText('You cannot remove the last user from the "owners" team.')).toBeVisible();
+});
diff --git a/tests/integration/org_members_test.go b/tests/integration/org_members_test.go
new file mode 100644
index 0000000000..e51850126f
--- /dev/null
+++ b/tests/integration/org_members_test.go
@@ -0,0 +1,48 @@
+// Copyright 2026 The Forgejo Authors
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestOrgMembersPage(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	testPage := "/org/org3/members"
+
+	t.Run("Guest PoV", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		doc := NewHTMLParser(t, MakeRequest(t, NewRequest(t, "GET", testPage), http.StatusOK).Body)
+		/* No interactive buttons - though such evaluation is easy to break in rename */
+		assert.Equal(t, 0, doc.Find(".members .list .link-action").Length())
+		assert.Equal(t, 0, doc.Find(".members .list .delete-button").Length())
+	})
+
+	t.Run("Member PoV", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		session := loginUser(t, "user4") // user4 is a member of org3
+		doc := NewHTMLParser(t, session.MakeRequest(t, NewRequest(t, "GET", testPage), http.StatusOK).Body)
+		/* Interactive buttons are only available for own entry in the list */
+		assert.Equal(t, 1, doc.Find(".members .list .link-action").Length())
+		assert.Equal(t, 1, doc.Find(".members .list .delete-button").Length())
+	})
+
+	t.Run("Owner PoV", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		session := loginUser(t, "user2") // user2 owns org3
+		doc := NewHTMLParser(t, session.MakeRequest(t, NewRequest(t, "GET", testPage), http.StatusOK).Body)
+		/* Interactive buttons are available for all entries in the list (> 2) */
+		assert.Less(t, 2, doc.Find(".members .list .link-action").Length())
+		assert.Less(t, 2, doc.Find(".members .list .delete-button").Length())
+	})
+}
diff --git a/web_src/css/org.css b/web_src/css/org.css
index 024c2688f5..240ed5c98e 100644
--- a/web_src/css/org.css
+++ b/web_src/css/org.css
@@ -92,6 +92,58 @@
   margin-top: 0;
 }
 
+.page-content.organization.members .list {
+  display: grid;
+  grid-template-columns: minmax(min-content, auto) 1fr fit-content(100%) fit-content(100%);
+  color: var(--color-text-light-2);
+
+  .divider {
+    grid-column: 1 / -1;
+  }
+
+  /* Username (+display name) use header */
+  h3 {
+    margin: 0;
+    font-size: 16px;
+    font-weight: var(--font-weight-semibold);
+    color: var(--color-text);
+  }
+
+  .actions {
+    display: contents;
+  }
+
+  .link-action, .delete-button {
+    align-self: start;
+  }
+
+  a:has(img) {
+    margin-inline-end: 0.5rem;
+  }
+
+  .delete-button {
+    margin-inline-start: var(--button-spacing);
+  }
+}
+
+@media (max-width: 767.98px) {
+  .page-content.organization.members .list {
+    /* Place both buttons in one column */
+    grid-template-columns: minmax(min-content, auto) 1fr fit-content(100%);
+
+    .actions {
+      display: flex;
+      flex-direction: column;
+      gap: var(--button-spacing);
+    }
+
+    .link-action, .delete-button {
+      width: 100%;
+      margin: 0;
+    }
+  }
+}
+
 .page-content.organization .teams .item {
   padding: 10px 15px;
 }

From a53371b103f48e73de1f4e6f7760455cc61a9950 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 10 Feb 2026 15:05:13 +0100
Subject: [PATCH 300/854] Update module golang.org/x/crypto to v0.48.0
 (forgejo) (#11225)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11225
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod |  6 +++---
 go.sum | 16 ++++++++--------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/go.mod b/go.mod
index 5aad64e1de..8e2bb1b66a 100644
--- a/go.mod
+++ b/go.mod
@@ -102,13 +102,13 @@ require (
 	gitlab.com/gitlab-org/api/client-go v0.143.2
 	go.uber.org/mock v0.6.0
 	go.yaml.in/yaml/v3 v3.0.4
-	golang.org/x/crypto v0.47.0
+	golang.org/x/crypto v0.48.0
 	golang.org/x/image v0.33.0
 	golang.org/x/net v0.49.0
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.19.0
-	golang.org/x/sys v0.40.0
-	golang.org/x/text v0.33.0
+	golang.org/x/sys v0.41.0
+	golang.org/x/text v0.34.0
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
diff --git a/go.sum b/go.sum
index fee01c6654..92c5448993 100644
--- a/go.sum
+++ b/go.sum
@@ -722,8 +722,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.47.0 h1:V6e3FRj+n4dbpw86FJ8Fv7XVOql7TEwpHapKoMJ/GO8=
-golang.org/x/crypto v0.47.0/go.mod h1:ff3Y9VzzKbwSSEzWqJsJVBnWmRwRSHt/6Op5n9bQc4A=
+golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
+golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -849,8 +849,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.40.0 h1:DBZZqJ2Rkml6QMQsZywtnjnnGvHza6BTfYFWY9kjEWQ=
-golang.org/x/sys v0.40.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -860,8 +860,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.39.0 h1:RclSuaJf32jOqZz74CkPA9qFuVTX7vhLlpfj/IGWlqY=
-golang.org/x/term v0.39.0/go.mod h1:yxzUCTP/U+FzoxfdKmLaA0RV1WgE0VY7hXBwKtY/4ww=
+golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg=
+golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -875,8 +875,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.33.0 h1:B3njUFyqtHDUI5jMn1YIr5B0IE2U0qck04r6d4KPAxE=
-golang.org/x/text v0.33.0/go.mod h1:LuMebE6+rBincTi9+xWTY8TztLzKHc/9C1uBCG27+q8=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=

From 51d0188533e92a32804f3fd2dc206f1b18f890aa Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 10 Feb 2026 16:41:21 +0100
Subject: [PATCH 301/854] refactor: replace `Value()` from Option[T] with
 `Get()` & `ValueOrZeroValue()` (#11218)

`Option[T]` currently exposes a method `Value()` which is permitted to be called on an option that has a value, and an option that doesn't have a value.  This API is awkward because the behaviour if the option doesn't have a value isn't clear to the caller, and, because almost all accesses end up being `.Has()?` then `OK, use .Value()`.

`Get() (bool, T)` is added as a better replacement, which both returns whether the option has a value, and the value if present.  Most call-sites are rewritten to this form.

`ValueOrZeroValue()` is a direct replacement that has the same behaviour that `Value()` had, but describes the behaviour if the value is missing.

In addition to the current API being awkward, the core reason for this change is that `Value()` conflicts with the `Value()` function from the `driver.Valuer` interface.  If this interface was implemented, it would allow `Option[T]` to be used to represent a nullable field in an xorm bean struct (requires: https://code.forgejo.org/xorm/xorm/pulls/66).

_Note:_ changes are extensive in this PR, but are almost all changes are easy, mechanical transitions from `.Has()` to `.Get()`.  All of this work was performed by hand.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11218
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/run_job_list.go                |   4 +-
 models/actions/runner.go                      |   4 +-
 models/actions/task_list.go                   |   8 +-
 models/auth/source.go                         |   4 +-
 models/git/branch_list.go                     |   4 +-
 models/issues/comment.go                      |   8 +-
 models/issues/issue_search.go                 |  14 +-
 models/issues/issue_stats.go                  |   4 +-
 models/issues/milestone.go                    |   4 +-
 models/issues/milestone_list.go               |   4 +-
 models/issues/review_list.go                  |   4 +-
 models/issues/tracked_time.go                 |   4 +-
 models/packages/nuget/search.go               |   2 +-
 models/packages/package_version.go            |   8 +-
 models/project/project.go                     |   4 +-
 models/repo/release.go                        |  12 +-
 models/repo/repo.go                           |   4 +-
 models/repo/repo_list.go                      |  28 ++--
 models/repo/repo_list_test.go                 |  14 +-
 models/user/email_address.go                  |   8 +-
 models/user/search.go                         |  29 ++--
 models/user/user.go                           |  20 +--
 models/webhook/webhook.go                     |   4 +-
 modules/indexer/internal/bleve/query.go       |   8 +-
 modules/indexer/issues/bleve/bleve.go         |  16 +-
 modules/indexer/issues/db/options.go          |  12 +-
 .../issues/elasticsearch/elasticsearch.go     |  52 +++----
 .../indexer/issues/meilisearch/meilisearch.go |  48 +++---
 modules/optional/option.go                    |  14 +-
 modules/optional/option_test.go               |  19 ++-
 modules/optional/serialization.go             |  11 +-
 modules/setting/setting.go                    |   2 +-
 routers/api/v1/repo/issue.go                  |   2 +-
 routers/web/explore/repo.go                   |  20 +--
 routers/web/org/home.go                       |  20 +--
 routers/web/repo/issue.go                     |  10 +-
 routers/web/repo/setting/lfs.go               |   2 +-
 routers/web/repo/view.go                      |   4 +-
 routers/web/user/home.go                      |   4 +-
 routers/web/user/notification.go              |  20 +--
 routers/web/user/profile.go                   |  20 +--
 services/gitdiff/gitdiff.go                   |   4 +-
 services/user/update.go                       | 147 +++++++-----------
 services/user/update_test.go                  |  72 ++++-----
 templates/repo/issue/filter_actions.tmpl      |   4 +-
 templates/shared/repo_search.tmpl             |  10 +-
 tests/test_utils.go                           |  26 ++--
 47 files changed, 362 insertions(+), 384 deletions(-)

diff --git a/models/actions/run_job_list.go b/models/actions/run_job_list.go
index b32b072103..e7ad87239b 100644
--- a/models/actions/run_job_list.go
+++ b/models/actions/run_job_list.go
@@ -78,10 +78,10 @@ func (opts FindRunJobOptions) ToConds() builder.Cond {
 	if opts.UpdatedBefore > 0 {
 		cond = cond.And(builder.Lt{"updated": opts.UpdatedBefore})
 	}
-	if opts.RunNeedsApproval.Has() {
+	if has, value := opts.RunNeedsApproval.Get(); has {
 		cond = cond.And(builder.Exists(builder.Select("id").From("action_run", "outer_run").
 			Where(builder.Eq{
-				"outer_run.need_approval": opts.RunNeedsApproval.Value(),
+				"outer_run.need_approval": value,
 				"outer_run.id":            builder.Expr("run_id"),
 			})))
 	}
diff --git a/models/actions/runner.go b/models/actions/runner.go
index 99ae7629a8..2b5fcd77cc 100644
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@@ -212,8 +212,8 @@ func (opts FindRunnerOptions) ToConds() builder.Cond {
 		cond = cond.And(builder.Like{"name", opts.Filter})
 	}
 
-	if opts.IsOnline.Has() {
-		if opts.IsOnline.Value() {
+	if has, value := opts.IsOnline.Get(); has {
+		if value {
 			cond = cond.And(builder.Gt{"last_online": time.Now().Add(-RunnerOfflineTime).Unix()})
 		} else {
 			cond = cond.And(builder.Lte{"last_online": time.Now().Add(-RunnerOfflineTime).Unix()})
diff --git a/models/actions/task_list.go b/models/actions/task_list.go
index 712eada378..6c565410d9 100644
--- a/models/actions/task_list.go
+++ b/models/actions/task_list.go
@@ -82,11 +82,11 @@ func (opts FindTaskOptions) ToConds() builder.Cond {
 	if opts.RunnerID > 0 {
 		cond = cond.And(builder.Eq{"runner_id": opts.RunnerID})
 	}
-	if opts.LogExpired.Has() {
-		cond = cond.And(builder.Eq{"log_expired": opts.LogExpired.Value()})
+	if has, value := opts.LogExpired.Get(); has {
+		cond = cond.And(builder.Eq{"log_expired": value})
 	}
-	if opts.LogInStorage.Has() {
-		cond = cond.And(builder.Eq{"log_in_storage": opts.LogInStorage.Value()})
+	if has, value := opts.LogInStorage.Get(); has {
+		cond = cond.And(builder.Eq{"log_in_storage": value})
 	}
 	return cond
 }
diff --git a/models/auth/source.go b/models/auth/source.go
index ecd3abc39d..db566c7039 100644
--- a/models/auth/source.go
+++ b/models/auth/source.go
@@ -250,8 +250,8 @@ type FindSourcesOptions struct {
 
 func (opts FindSourcesOptions) ToConds() builder.Cond {
 	conds := builder.NewCond()
-	if opts.IsActive.Has() {
-		conds = conds.And(builder.Eq{"is_active": opts.IsActive.Value()})
+	if has, value := opts.IsActive.Get(); has {
+		conds = conds.And(builder.Eq{"is_active": value})
 	}
 	if opts.LoginType != NoType {
 		conds = conds.And(builder.Eq{"`type`": opts.LoginType})
diff --git a/models/git/branch_list.go b/models/git/branch_list.go
index 4b678f15c0..07bcff8db9 100644
--- a/models/git/branch_list.go
+++ b/models/git/branch_list.go
@@ -77,8 +77,8 @@ func (opts FindBranchOptions) ToConds() builder.Cond {
 	if len(opts.ExcludeBranchNames) > 0 {
 		cond = cond.And(builder.NotIn("name", opts.ExcludeBranchNames))
 	}
-	if opts.IsDeletedBranch.Has() {
-		cond = cond.And(builder.Eq{"is_deleted": opts.IsDeletedBranch.Value()})
+	if has, value := opts.IsDeletedBranch.Get(); has {
+		cond = cond.And(builder.Eq{"is_deleted": value})
 	}
 	if opts.Keyword != "" {
 		cond = cond.And(builder.Like{"name", opts.Keyword})
diff --git a/models/issues/comment.go b/models/issues/comment.go
index 06d35bb2d4..c0a13ef03d 100644
--- a/models/issues/comment.go
+++ b/models/issues/comment.go
@@ -1102,11 +1102,11 @@ func (opts FindCommentsOptions) ToConds() builder.Cond {
 	if len(opts.TreePath) > 0 {
 		cond = cond.And(builder.Eq{"comment.tree_path": opts.TreePath})
 	}
-	if opts.Invalidated.Has() {
-		cond = cond.And(builder.Eq{"comment.invalidated": opts.Invalidated.Value()})
+	if has, value := opts.Invalidated.Get(); has {
+		cond = cond.And(builder.Eq{"comment.invalidated": value})
 	}
-	if opts.IsPull.Has() {
-		cond = cond.And(builder.Eq{"issue.is_pull": opts.IsPull.Value()})
+	if has, value := opts.IsPull.Get(); has {
+		cond = cond.And(builder.Eq{"issue.is_pull": value})
 	}
 	return cond
 }
diff --git a/models/issues/issue_search.go b/models/issues/issue_search.go
index fbfcd3529a..a8644758ce 100644
--- a/models/issues/issue_search.go
+++ b/models/issues/issue_search.go
@@ -226,8 +226,8 @@ func applyConditions(sess *xorm.Session, opts *IssuesOptions) {
 
 	applyRepoConditions(sess, opts)
 
-	if opts.IsClosed.Has() {
-		sess.And("issue.is_closed=?", opts.IsClosed.Value())
+	if has, value := opts.IsClosed.Get(); has {
+		sess.And("issue.is_closed=?", value)
 	}
 
 	if opts.AssigneeID > 0 {
@@ -269,18 +269,18 @@ func applyConditions(sess *xorm.Session, opts *IssuesOptions) {
 
 	applyProjectColumnCondition(sess, opts)
 
-	if opts.IsPull.Has() {
-		sess.And("issue.is_pull=?", opts.IsPull.Value())
+	if has, value := opts.IsPull.Get(); has {
+		sess.And("issue.is_pull=?", value)
 	}
 
-	if opts.IsArchived.Has() {
-		sess.And(builder.Eq{"repository.is_archived": opts.IsArchived.Value()})
+	if has, value := opts.IsArchived.Get(); has {
+		sess.And(builder.Eq{"repository.is_archived": value})
 	}
 
 	applyLabelsCondition(sess, opts)
 
 	if opts.User != nil {
-		cond := issuePullAccessibleRepoCond("issue.repo_id", opts.User.ID, opts.Org, opts.Team, opts.IsPull.Value())
+		cond := issuePullAccessibleRepoCond("issue.repo_id", opts.User.ID, opts.Org, opts.Team, opts.IsPull.ValueOrZeroValue())
 		// If AllPublic was set, then also consider all issues in public
 		// repositories in addition to the private repositories the user has access
 		// to.
diff --git a/models/issues/issue_stats.go b/models/issues/issue_stats.go
index eee8760b9f..2fd2641d92 100644
--- a/models/issues/issue_stats.go
+++ b/models/issues/issue_stats.go
@@ -180,8 +180,8 @@ func applyIssuesOptions(sess *xorm.Session, opts *IssuesOptions, issueIDs []int6
 		applyReviewedCondition(sess, opts.ReviewedID)
 	}
 
-	if opts.IsPull.Has() {
-		sess.And("issue.is_pull=?", opts.IsPull.Value())
+	if has, value := opts.IsPull.Get(); has {
+		sess.And("issue.is_pull=?", value)
 	}
 
 	return sess
diff --git a/models/issues/milestone.go b/models/issues/milestone.go
index d718decb18..d5b3c2c293 100644
--- a/models/issues/milestone.go
+++ b/models/issues/milestone.go
@@ -378,8 +378,8 @@ func doRecalcMilestone(ctx context.Context, cond builder.Cond, updateTimestamp o
 					}),
 			).
 			Where(cond)
-		if updateTimestamp.Has() {
-			sess.SetExpr("updated_unix", updateTimestamp.Value()).NoAutoTime()
+		if has, value := updateTimestamp.Get(); has {
+			sess.SetExpr("updated_unix", value).NoAutoTime()
 		}
 		_, err := sess.Update(&Milestone{})
 		if err != nil {
diff --git a/models/issues/milestone_list.go b/models/issues/milestone_list.go
index e2079fb324..6ef3385f7c 100644
--- a/models/issues/milestone_list.go
+++ b/models/issues/milestone_list.go
@@ -40,8 +40,8 @@ func (opts FindMilestoneOptions) ToConds() builder.Cond {
 	if opts.RepoID != 0 {
 		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
 	}
-	if opts.IsClosed.Has() {
-		cond = cond.And(builder.Eq{"is_closed": opts.IsClosed.Value()})
+	if has, value := opts.IsClosed.Get(); has {
+		cond = cond.And(builder.Eq{"is_closed": value})
 	}
 	if opts.RepoCond != nil && opts.RepoCond.IsValid() {
 		cond = cond.And(builder.In("repo_id", builder.Select("id").From("repository").Where(opts.RepoCond)))
diff --git a/models/issues/review_list.go b/models/issues/review_list.go
index 9eca4a9b4b..04c08bc5c4 100644
--- a/models/issues/review_list.go
+++ b/models/issues/review_list.go
@@ -113,8 +113,8 @@ func (opts *FindReviewOptions) toCond() builder.Cond {
 	if opts.OfficialOnly {
 		cond = cond.And(builder.Eq{"official": true})
 	}
-	if opts.Dismissed.Has() {
-		cond = cond.And(builder.Eq{"dismissed": opts.Dismissed.Value()})
+	if has, value := opts.Dismissed.Get(); has {
+		cond = cond.And(builder.Eq{"dismissed": value})
 	}
 	return cond
 }
diff --git a/models/issues/tracked_time.go b/models/issues/tracked_time.go
index e083f6e1e8..2f050759d2 100644
--- a/models/issues/tracked_time.go
+++ b/models/issues/tracked_time.go
@@ -379,8 +379,8 @@ func getIssueTotalTrackedTimeChunk(ctx context.Context, opts *IssuesOptions, isC
 	}
 
 	session := sumSession(opts, issueIDs)
-	if isClosed.Has() {
-		session = session.And("issue.is_closed = ?", isClosed.Value())
+	if has, value := isClosed.Get(); has {
+		session = session.And("issue.is_closed = ?", value)
 	}
 	return session.SumInt(new(trackedTime), "tracked_time.time")
 }
diff --git a/models/packages/nuget/search.go b/models/packages/nuget/search.go
index af83c27c66..d609e7e894 100644
--- a/models/packages/nuget/search.go
+++ b/models/packages/nuget/search.go
@@ -55,7 +55,7 @@ func CountPackages(ctx context.Context, opts *packages_model.PackageSearchOption
 
 func toConds(opts *packages_model.PackageSearchOptions) builder.Cond {
 	var cond builder.Cond = builder.Eq{
-		"package.is_internal": opts.IsInternal.Value(),
+		"package.is_internal": opts.IsInternal.ValueOrZeroValue(),
 		"package.owner_id":    opts.OwnerID,
 		"package.type":        packages_model.TypeNuGet,
 	}
diff --git a/models/packages/package_version.go b/models/packages/package_version.go
index 87a97143f3..873f7bf9b6 100644
--- a/models/packages/package_version.go
+++ b/models/packages/package_version.go
@@ -192,9 +192,9 @@ type PackageSearchOptions struct {
 
 func (opts *PackageSearchOptions) ToConds() builder.Cond {
 	cond := builder.NewCond()
-	if opts.IsInternal.Has() {
+	if has, value := opts.IsInternal.Get(); has {
 		cond = builder.Eq{
-			"package_version.is_internal": opts.IsInternal.Value(),
+			"package_version.is_internal": value,
 		}
 	}
 
@@ -254,10 +254,10 @@ func (opts *PackageSearchOptions) ToConds() builder.Cond {
 		cond = cond.And(builder.Exists(builder.Select("package_file.id").From("package_file").Where(fileCond)))
 	}
 
-	if opts.HasFiles.Has() {
+	if has, value := opts.HasFiles.Get(); has {
 		filesCond := builder.Exists(builder.Select("package_file.id").From("package_file").Where(builder.Expr("package_file.version_id = package_version.id")))
 
-		if !opts.HasFiles.Value() {
+		if !value {
 			filesCond = builder.Not{filesCond}
 		}
 
diff --git a/models/project/project.go b/models/project/project.go
index 18c647c8ac..c095087e51 100644
--- a/models/project/project.go
+++ b/models/project/project.go
@@ -217,8 +217,8 @@ func (opts SearchOptions) ToConds() builder.Cond {
 	if opts.RepoID > 0 {
 		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
 	}
-	if opts.IsClosed.Has() {
-		cond = cond.And(builder.Eq{"is_closed": opts.IsClosed.Value()})
+	if has, value := opts.IsClosed.Get(); has {
+		cond = cond.And(builder.Eq{"is_closed": value})
 	}
 
 	if opts.Type > 0 {
diff --git a/models/repo/release.go b/models/repo/release.go
index 2310de7cb9..4efbfb352d 100644
--- a/models/repo/release.go
+++ b/models/repo/release.go
@@ -312,14 +312,14 @@ func (opts FindReleasesOptions) ToConds() builder.Cond {
 	if len(opts.TagNames) > 0 {
 		cond = cond.And(builder.In("tag_name", opts.TagNames))
 	}
-	if opts.IsPreRelease.Has() {
-		cond = cond.And(builder.Eq{"is_prerelease": opts.IsPreRelease.Value()})
+	if has, value := opts.IsPreRelease.Get(); has {
+		cond = cond.And(builder.Eq{"is_prerelease": value})
 	}
-	if opts.IsDraft.Has() {
-		cond = cond.And(builder.Eq{"is_draft": opts.IsDraft.Value()})
+	if has, value := opts.IsDraft.Get(); has {
+		cond = cond.And(builder.Eq{"is_draft": value})
 	}
-	if opts.HasSha1.Has() {
-		if opts.HasSha1.Value() {
+	if has, value := opts.HasSha1.Get(); has {
+		if value {
 			cond = cond.And(builder.Neq{"sha1": ""})
 		} else {
 			cond = cond.And(builder.Eq{"sha1": ""})
diff --git a/models/repo/repo.go b/models/repo/repo.go
index a8432c0f90..11442350dd 100644
--- a/models/repo/repo.go
+++ b/models/repo/repo.go
@@ -895,8 +895,8 @@ func CountRepositories(ctx context.Context, opts CountRepositoryOptions) (int64,
 	if opts.OwnerID > 0 {
 		sess.And("owner_id = ?", opts.OwnerID)
 	}
-	if opts.Private.Has() {
-		sess.And("is_private=?", opts.Private.Value())
+	if has, value := opts.Private.Get(); has {
+		sess.And("is_private=?", value)
 	}
 
 	count, err := sess.Count(new(Repository))
diff --git a/models/repo/repo_list.go b/models/repo/repo_list.go
index ac7d2b69e3..54f9cff007 100644
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@@ -354,12 +354,12 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 			)))
 	}
 
-	if opts.IsPrivate.Has() {
-		cond = cond.And(builder.Eq{"is_private": opts.IsPrivate.Value()})
+	if has, value := opts.IsPrivate.Get(); has {
+		cond = cond.And(builder.Eq{"is_private": value})
 	}
 
-	if opts.Template.Has() {
-		cond = cond.And(builder.Eq{"is_template": opts.Template.Value()})
+	if has, value := opts.Template.Get(); has {
+		cond = cond.And(builder.Eq{"is_template": value})
 	}
 
 	// Restrict to starred repositories
@@ -375,7 +375,7 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 	// Restrict repositories to those the OwnerID owns or contributes to as per opts.Collaborate
 	if opts.OwnerID > 0 {
 		accessCond := builder.NewCond()
-		if !opts.Collaborate.Value() {
+		if !opts.Collaborate.ValueOrZeroValue() {
 			accessCond = builder.Eq{"owner_id": opts.OwnerID}
 		}
 
@@ -467,28 +467,28 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 			Where(builder.Eq{"language": opts.Language}).And(builder.Eq{"is_primary": true})))
 	}
 
-	if opts.Fork.Has() || opts.OnlyShowRelevant {
-		if opts.OnlyShowRelevant && !opts.Fork.Has() {
+	if has, value := opts.Fork.Get(); has || opts.OnlyShowRelevant {
+		if opts.OnlyShowRelevant && !has {
 			cond = cond.And(builder.Eq{"is_fork": false})
 		} else {
-			cond = cond.And(builder.Eq{"is_fork": opts.Fork.Value()})
+			cond = cond.And(builder.Eq{"is_fork": value})
 		}
 	}
 
-	if opts.Mirror.Has() {
-		cond = cond.And(builder.Eq{"is_mirror": opts.Mirror.Value()})
+	if has, value := opts.Mirror.Get(); has {
+		cond = cond.And(builder.Eq{"is_mirror": value})
 	}
 
 	if opts.Actor != nil && opts.Actor.IsRestricted {
 		cond = cond.And(AccessibleRepositoryCondition(opts.Actor, unit.TypeInvalid))
 	}
 
-	if opts.Archived.Has() {
-		cond = cond.And(builder.Eq{"is_archived": opts.Archived.Value()})
+	if has, value := opts.Archived.Get(); has {
+		cond = cond.And(builder.Eq{"is_archived": value})
 	}
 
-	if opts.HasMilestones.Has() {
-		if opts.HasMilestones.Value() {
+	if has, value := opts.HasMilestones.Get(); has {
+		if value {
 			cond = cond.And(builder.Gt{"num_milestones": 0})
 		} else {
 			cond = cond.And(builder.Eq{"num_milestones": 0}.Or(builder.IsNull{"num_milestones"}))
diff --git a/models/repo/repo_list_test.go b/models/repo/repo_list_test.go
index 085f660f15..dda9687414 100644
--- a/models/repo/repo_list_test.go
+++ b/models/repo/repo_list_test.go
@@ -331,21 +331,21 @@ func TestSearchRepository(t *testing.T) {
 						assert.False(t, repo.IsPrivate)
 					}
 
-					if testCase.opts.Fork.Value() && testCase.opts.Mirror.Value() {
+					if testCase.opts.Fork.ValueOrZeroValue() && testCase.opts.Mirror.ValueOrZeroValue() {
 						assert.True(t, repo.IsFork && repo.IsMirror)
 					} else {
-						if testCase.opts.Fork.Has() {
-							assert.Equal(t, testCase.opts.Fork.Value(), repo.IsFork)
+						if has, value := testCase.opts.Fork.Get(); has {
+							assert.Equal(t, value, repo.IsFork)
 						}
 
-						if testCase.opts.Mirror.Has() {
-							assert.Equal(t, testCase.opts.Mirror.Value(), repo.IsMirror)
+						if has, value := testCase.opts.Mirror.Get(); has {
+							assert.Equal(t, value, repo.IsMirror)
 						}
 					}
 
 					if testCase.opts.OwnerID > 0 && !testCase.opts.AllPublic {
-						if testCase.opts.Collaborate.Has() {
-							if testCase.opts.Collaborate.Value() {
+						if has, value := testCase.opts.Collaborate.Get(); has {
+							if value {
 								assert.NotEqual(t, testCase.opts.OwnerID, repo.Owner.ID)
 							} else {
 								assert.Equal(t, testCase.opts.OwnerID, repo.Owner.ID)
diff --git a/models/user/email_address.go b/models/user/email_address.go
index a3c33ffc00..54e3c1dc19 100644
--- a/models/user/email_address.go
+++ b/models/user/email_address.go
@@ -323,12 +323,12 @@ func SearchEmails(ctx context.Context, opts *SearchEmailOptions) ([]*SearchEmail
 		))
 	}
 
-	if opts.IsPrimary.Has() {
-		cond = cond.And(builder.Eq{"email_address.is_primary": opts.IsPrimary.Value()})
+	if has, value := opts.IsPrimary.Get(); has {
+		cond = cond.And(builder.Eq{"email_address.is_primary": value})
 	}
 
-	if opts.IsActivated.Has() {
-		cond = cond.And(builder.Eq{"email_address.is_activated": opts.IsActivated.Value()})
+	if has, value := opts.IsActivated.Get(); has {
+		cond = cond.And(builder.Eq{"email_address.is_activated": value})
 	}
 
 	count, err := db.GetEngine(ctx).Join("INNER", "`user`", "`user`.id = email_address.uid").
diff --git a/models/user/search.go b/models/user/search.go
index 08cf6a14a3..25c23a3740 100644
--- a/models/user/search.go
+++ b/models/user/search.go
@@ -101,40 +101,41 @@ func (opts *SearchUserOptions) toSearchQueryBase(ctx context.Context) *xorm.Sess
 		cond = cond.And(builder.Eq{"id": opts.UID})
 	}
 
-	if opts.SourceID.Has() {
-		cond = cond.And(builder.Eq{"login_source": opts.SourceID.Value()})
+	if has, value := opts.SourceID.Get(); has {
+		cond = cond.And(builder.Eq{"login_source": value})
 	}
 	if opts.LoginName != "" {
 		cond = cond.And(builder.Eq{"login_name": opts.LoginName})
 	}
 
-	if opts.IsActive.Has() {
-		cond = cond.And(builder.Eq{"is_active": opts.IsActive.Value()})
+	if has, value := opts.IsActive.Get(); has {
+		cond = cond.And(builder.Eq{"is_active": value})
 	}
 
-	if opts.IsAdmin.Has() {
-		cond = cond.And(builder.Eq{"is_admin": opts.IsAdmin.Value()})
+	if has, value := opts.IsAdmin.Get(); has {
+		cond = cond.And(builder.Eq{"is_admin": value})
 	}
 
-	if opts.IsRestricted.Has() {
-		cond = cond.And(builder.Eq{"is_restricted": opts.IsRestricted.Value()})
+	if has, value := opts.IsRestricted.Get(); has {
+		cond = cond.And(builder.Eq{"is_restricted": value})
 	}
 
-	if opts.IsProhibitLogin.Has() {
-		cond = cond.And(builder.Eq{"prohibit_login": opts.IsProhibitLogin.Value()})
+	if has, value := opts.IsProhibitLogin.Get(); has {
+		cond = cond.And(builder.Eq{"prohibit_login": value})
 	}
 
-	if opts.AccountType.Has() {
-		cond = cond.And(builder.Eq{"type": opts.AccountType.Value()})
+	if has, value := opts.AccountType.Get(); has {
+		cond = cond.And(builder.Eq{"type": value})
 	}
 
 	e := db.GetEngine(ctx)
-	if !opts.IsTwoFactorEnabled.Has() {
+	hasTwoFactor, isTwoFactorEnabled := opts.IsTwoFactorEnabled.Get()
+	if !hasTwoFactor {
 		return e.Where(cond)
 	}
 
 	// Check if the user has two factor enabled, which is TOTP or Webauthn.
-	if opts.IsTwoFactorEnabled.Value() {
+	if isTwoFactorEnabled {
 		cond = cond.And(builder.Expr("two_factor.uid IS NOT NULL OR webauthn_credential.user_id IS NOT NULL"))
 	} else {
 		cond = cond.And(builder.Expr("two_factor.uid IS NULL AND webauthn_credential.user_id IS NULL"))
diff --git a/models/user/user.go b/models/user/user.go
index cc5b4abec3..f962c19420 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -779,14 +779,14 @@ func createUser(ctx context.Context, u *User, createdByAdmin bool, overwriteDefa
 	// overwrite defaults if set
 	if overwriteDefaultPresent {
 		overwrite := overwriteDefault[0]
-		if overwrite.KeepEmailPrivate.Has() {
-			u.KeepEmailPrivate = overwrite.KeepEmailPrivate.Value()
+		if has, value := overwrite.KeepEmailPrivate.Get(); has {
+			u.KeepEmailPrivate = value
 		}
 		if overwrite.Visibility != nil {
 			u.Visibility = *overwrite.Visibility
 		}
-		if overwrite.AllowCreateOrganization.Has() {
-			u.AllowCreateOrganization = overwrite.AllowCreateOrganization.Value()
+		if has, value := overwrite.AllowCreateOrganization.Get(); has {
+			u.AllowCreateOrganization = value
 		}
 		if overwrite.EmailNotificationsPreference != nil {
 			u.EmailNotificationsPreference = *overwrite.EmailNotificationsPreference
@@ -797,11 +797,11 @@ func createUser(ctx context.Context, u *User, createdByAdmin bool, overwriteDefa
 		if overwrite.Theme != nil {
 			u.Theme = *overwrite.Theme
 		}
-		if overwrite.IsRestricted.Has() {
-			u.IsRestricted = overwrite.IsRestricted.Value()
+		if has, value := overwrite.IsRestricted.Get(); has {
+			u.IsRestricted = value
 		}
-		if overwrite.IsActive.Has() {
-			u.IsActive = overwrite.IsActive.Value()
+		if has, value := overwrite.IsActive.Get(); has {
+			u.IsActive = value
 		}
 	}
 
@@ -917,8 +917,8 @@ func countUsers(ctx context.Context, opts *CountUserFilter) int64 {
 			cond = cond.And(builder.Gte{"last_login_unix": *opts.LastLoginSince})
 		}
 
-		if opts.IsAdmin.Has() {
-			cond = cond.And(builder.Eq{"is_admin": opts.IsAdmin.Value()})
+		if has, value := opts.IsAdmin.Get(); has {
+			cond = cond.And(builder.Eq{"is_admin": value})
 		}
 	}
 
diff --git a/models/webhook/webhook.go b/models/webhook/webhook.go
index 5147f52506..b23f3fd348 100644
--- a/models/webhook/webhook.go
+++ b/models/webhook/webhook.go
@@ -487,8 +487,8 @@ func (opts ListWebhookOptions) ToConds() builder.Cond {
 	if opts.OwnerID != 0 {
 		cond = cond.And(builder.Eq{"webhook.owner_id": opts.OwnerID})
 	}
-	if opts.IsActive.Has() {
-		cond = cond.And(builder.Eq{"webhook.is_active": opts.IsActive.Value()})
+	if has, value := opts.IsActive.Get(); has {
+		cond = cond.And(builder.Eq{"webhook.is_active": value})
 	}
 	return cond
 }
diff --git a/modules/indexer/internal/bleve/query.go b/modules/indexer/internal/bleve/query.go
index e043023671..ea56fca0f8 100644
--- a/modules/indexer/internal/bleve/query.go
+++ b/modules/indexer/internal/bleve/query.go
@@ -48,15 +48,15 @@ func BoolFieldQuery(value bool, field string) *query.BoolFieldQuery {
 func NumericRangeInclusiveQuery(min, max optional.Option[int64], field string) *query.NumericRangeQuery {
 	var minF, maxF *float64
 	var minI, maxI *bool
-	if min.Has() {
+	if has, value := min.Get(); has {
 		minF = new(float64)
-		*minF = float64(min.Value())
+		*minF = float64(value)
 		minI = new(bool)
 		*minI = true
 	}
-	if max.Has() {
+	if has, value := max.Get(); has {
 		maxF = new(float64)
-		*maxF = float64(max.Value())
+		*maxF = float64(value)
 		maxI = new(bool)
 		*maxI = true
 	}
diff --git a/modules/indexer/issues/bleve/bleve.go b/modules/indexer/issues/bleve/bleve.go
index 65f5b5267a..512788a207 100644
--- a/modules/indexer/issues/bleve/bleve.go
+++ b/modules/indexer/issues/bleve/bleve.go
@@ -195,19 +195,19 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 		filters = append(filters, bleve.NewDisjunctionQuery(repoQueries...))
 	}
 
-	if options.PriorityRepoID.Has() {
-		eq := inner_bleve.NumericEqualityQuery(options.PriorityRepoID.Value(), "repo_id")
+	if has, value := options.PriorityRepoID.Get(); has {
+		eq := inner_bleve.NumericEqualityQuery(value, "repo_id")
 		eq.SetBoost(10.0)
 		meh := bleve.NewMatchAllQuery()
 		meh.SetBoost(0)
 		q.AddShould(bleve.NewDisjunctionQuery(eq, meh))
 	}
 
-	if options.IsPull.Has() {
-		filters = append(filters, inner_bleve.BoolFieldQuery(options.IsPull.Value(), "is_pull"))
+	if has, value := options.IsPull.Get(); has {
+		filters = append(filters, inner_bleve.BoolFieldQuery(value, "is_pull"))
 	}
-	if options.IsClosed.Has() {
-		filters = append(filters, inner_bleve.BoolFieldQuery(options.IsClosed.Value(), "is_closed"))
+	if has, value := options.IsClosed.Get(); has {
+		filters = append(filters, inner_bleve.BoolFieldQuery(value, "is_closed"))
 	}
 
 	if options.NoLabelOnly {
@@ -251,8 +251,8 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 		"review_requested_ids": options.ReviewRequestedID,
 		"subscriber_ids":       options.SubscriberID,
 	} {
-		if val.Has() {
-			filters = append(filters, inner_bleve.NumericEqualityQuery(val.Value(), key))
+		if has, value := val.Get(); has {
+			filters = append(filters, inner_bleve.NumericEqualityQuery(value, key))
 		}
 	}
 
diff --git a/modules/indexer/issues/db/options.go b/modules/indexer/issues/db/options.go
index 5025d824a5..c4c05257eb 100644
--- a/modules/indexer/issues/db/options.go
+++ b/modules/indexer/issues/db/options.go
@@ -39,10 +39,10 @@ func ToDBOptions(ctx context.Context, options *internal.SearchOptions) (*issues_
 
 	// See the comment of issues_model.SearchOptions for the reason why we need to convert
 	convertID := func(id optional.Option[int64]) int64 {
-		if !id.Has() {
+		has, value := id.Get()
+		if !has {
 			return 0
 		}
-		value := id.Value()
 		if value == 0 {
 			return db.NoConditionID
 		}
@@ -69,8 +69,8 @@ func ToDBOptions(ctx context.Context, options *internal.SearchOptions) (*issues_
 		IncludeMilestones:  nil,
 		SortType:           sortType,
 		IssueIDs:           nil,
-		UpdatedAfterUnix:   options.UpdatedAfterUnix.Value(),
-		UpdatedBeforeUnix:  options.UpdatedBeforeUnix.Value(),
+		UpdatedAfterUnix:   options.UpdatedAfterUnix.ValueOrZeroValue(),
+		UpdatedBeforeUnix:  options.UpdatedBeforeUnix.ValueOrZeroValue(),
 		PriorityRepoID:     0,
 		IsArchived:         optional.None[bool](),
 		Org:                nil,
@@ -78,9 +78,9 @@ func ToDBOptions(ctx context.Context, options *internal.SearchOptions) (*issues_
 		User:               nil,
 	}
 
-	if options.PriorityRepoID.Has() {
+	if has, value := options.PriorityRepoID.Get(); has {
 		opts.SortType = "priorityrepo"
-		opts.PriorityRepoID = options.PriorityRepoID.Value()
+		opts.PriorityRepoID = value
 	}
 
 	if len(options.MilestoneIDs) == 1 && options.MilestoneIDs[0] == 0 {
diff --git a/modules/indexer/issues/elasticsearch/elasticsearch.go b/modules/indexer/issues/elasticsearch/elasticsearch.go
index 95efdad6d3..123f2a78e4 100644
--- a/modules/indexer/issues/elasticsearch/elasticsearch.go
+++ b/modules/indexer/issues/elasticsearch/elasticsearch.go
@@ -184,16 +184,16 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 		}
 		query.Must(q)
 	}
-	if options.PriorityRepoID.Has() {
-		q := elastic.NewTermQuery("repo_id", options.PriorityRepoID.Value()).Boost(10)
+	if has, value := options.PriorityRepoID.Get(); has {
+		q := elastic.NewTermQuery("repo_id", value).Boost(10)
 		query.Should(q)
 	}
 
-	if options.IsPull.Has() {
-		query.Must(elastic.NewTermQuery("is_pull", options.IsPull.Value()))
+	if has, value := options.IsPull.Get(); has {
+		query.Must(elastic.NewTermQuery("is_pull", value))
 	}
-	if options.IsClosed.Has() {
-		query.Must(elastic.NewTermQuery("is_closed", options.IsClosed.Value()))
+	if has, value := options.IsClosed.Get(); has {
+		query.Must(elastic.NewTermQuery("is_closed", value))
 	}
 
 	if options.NoLabelOnly {
@@ -221,43 +221,43 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 		query.Must(elastic.NewTermsQuery("milestone_id", toAnySlice(options.MilestoneIDs)...))
 	}
 
-	if options.ProjectID.Has() {
-		query.Must(elastic.NewTermQuery("project_id", options.ProjectID.Value()))
+	if has, value := options.ProjectID.Get(); has {
+		query.Must(elastic.NewTermQuery("project_id", value))
 	}
-	if options.ProjectColumnID.Has() {
-		query.Must(elastic.NewTermQuery("project_board_id", options.ProjectColumnID.Value()))
+	if has, value := options.ProjectColumnID.Get(); has {
+		query.Must(elastic.NewTermQuery("project_board_id", value))
 	}
 
-	if options.PosterID.Has() {
-		query.Must(elastic.NewTermQuery("poster_id", options.PosterID.Value()))
+	if has, value := options.PosterID.Get(); has {
+		query.Must(elastic.NewTermQuery("poster_id", value))
 	}
 
-	if options.AssigneeID.Has() {
-		query.Must(elastic.NewTermQuery("assignee_ids", options.AssigneeID.Value()))
+	if has, value := options.AssigneeID.Get(); has {
+		query.Must(elastic.NewTermQuery("assignee_ids", value))
 	}
 
-	if options.MentionID.Has() {
-		query.Must(elastic.NewTermQuery("mention_ids", options.MentionID.Value()))
+	if has, value := options.MentionID.Get(); has {
+		query.Must(elastic.NewTermQuery("mention_ids", value))
 	}
 
-	if options.ReviewedID.Has() {
-		query.Must(elastic.NewTermQuery("reviewed_ids", options.ReviewedID.Value()))
+	if has, value := options.ReviewedID.Get(); has {
+		query.Must(elastic.NewTermQuery("reviewed_ids", value))
 	}
-	if options.ReviewRequestedID.Has() {
-		query.Must(elastic.NewTermQuery("review_requested_ids", options.ReviewRequestedID.Value()))
+	if has, value := options.ReviewRequestedID.Get(); has {
+		query.Must(elastic.NewTermQuery("review_requested_ids", value))
 	}
 
-	if options.SubscriberID.Has() {
-		query.Must(elastic.NewTermQuery("subscriber_ids", options.SubscriberID.Value()))
+	if has, value := options.SubscriberID.Get(); has {
+		query.Must(elastic.NewTermQuery("subscriber_ids", value))
 	}
 
 	if options.UpdatedAfterUnix.Has() || options.UpdatedBeforeUnix.Has() {
 		q := elastic.NewRangeQuery("updated_unix")
-		if options.UpdatedAfterUnix.Has() {
-			q.Gte(options.UpdatedAfterUnix.Value())
+		if has, value := options.UpdatedAfterUnix.Get(); has {
+			q.Gte(value)
 		}
-		if options.UpdatedBeforeUnix.Has() {
-			q.Lte(options.UpdatedBeforeUnix.Value())
+		if has, value := options.UpdatedBeforeUnix.Get(); has {
+			q.Lte(value)
 		}
 		query.Must(q)
 	}
diff --git a/modules/indexer/issues/meilisearch/meilisearch.go b/modules/indexer/issues/meilisearch/meilisearch.go
index 4ed854dfe6..98bcf45b45 100644
--- a/modules/indexer/issues/meilisearch/meilisearch.go
+++ b/modules/indexer/issues/meilisearch/meilisearch.go
@@ -139,11 +139,11 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 		query.And(q)
 	}
 
-	if options.IsPull.Has() {
-		query.And(inner_meilisearch.NewFilterEq("is_pull", options.IsPull.Value()))
+	if has, value := options.IsPull.Get(); has {
+		query.And(inner_meilisearch.NewFilterEq("is_pull", value))
 	}
-	if options.IsClosed.Has() {
-		query.And(inner_meilisearch.NewFilterEq("is_closed", options.IsClosed.Value()))
+	if has, value := options.IsClosed.Get(); has {
+		query.And(inner_meilisearch.NewFilterEq("is_closed", value))
 	}
 
 	if options.NoLabelOnly {
@@ -171,41 +171,41 @@ func (b *Indexer) Search(ctx context.Context, options *internal.SearchOptions) (
 		query.And(inner_meilisearch.NewFilterIn("milestone_id", options.MilestoneIDs...))
 	}
 
-	if options.ProjectID.Has() {
-		query.And(inner_meilisearch.NewFilterEq("project_id", options.ProjectID.Value()))
+	if has, value := options.ProjectID.Get(); has {
+		query.And(inner_meilisearch.NewFilterEq("project_id", value))
 	}
-	if options.ProjectColumnID.Has() {
-		query.And(inner_meilisearch.NewFilterEq("project_board_id", options.ProjectColumnID.Value()))
+	if has, value := options.ProjectColumnID.Get(); has {
+		query.And(inner_meilisearch.NewFilterEq("project_board_id", value))
 	}
 
-	if options.PosterID.Has() {
-		query.And(inner_meilisearch.NewFilterEq("poster_id", options.PosterID.Value()))
+	if has, value := options.PosterID.Get(); has {
+		query.And(inner_meilisearch.NewFilterEq("poster_id", value))
 	}
 
-	if options.AssigneeID.Has() {
-		query.And(inner_meilisearch.NewFilterEq("assignee_ids", options.AssigneeID.Value()))
+	if has, value := options.AssigneeID.Get(); has {
+		query.And(inner_meilisearch.NewFilterEq("assignee_ids", value))
 	}
 
-	if options.MentionID.Has() {
-		query.And(inner_meilisearch.NewFilterEq("mention_ids", options.MentionID.Value()))
+	if has, value := options.MentionID.Get(); has {
+		query.And(inner_meilisearch.NewFilterEq("mention_ids", value))
 	}
 
-	if options.ReviewedID.Has() {
-		query.And(inner_meilisearch.NewFilterEq("reviewed_ids", options.ReviewedID.Value()))
+	if has, value := options.ReviewedID.Get(); has {
+		query.And(inner_meilisearch.NewFilterEq("reviewed_ids", value))
 	}
-	if options.ReviewRequestedID.Has() {
-		query.And(inner_meilisearch.NewFilterEq("review_requested_ids", options.ReviewRequestedID.Value()))
+	if has, value := options.ReviewRequestedID.Get(); has {
+		query.And(inner_meilisearch.NewFilterEq("review_requested_ids", value))
 	}
 
-	if options.SubscriberID.Has() {
-		query.And(inner_meilisearch.NewFilterEq("subscriber_ids", options.SubscriberID.Value()))
+	if has, value := options.SubscriberID.Get(); has {
+		query.And(inner_meilisearch.NewFilterEq("subscriber_ids", value))
 	}
 
-	if options.UpdatedAfterUnix.Has() {
-		query.And(inner_meilisearch.NewFilterGte("updated_unix", options.UpdatedAfterUnix.Value()))
+	if has, value := options.UpdatedAfterUnix.Get(); has {
+		query.And(inner_meilisearch.NewFilterGte("updated_unix", value))
 	}
-	if options.UpdatedBeforeUnix.Has() {
-		query.And(inner_meilisearch.NewFilterLte("updated_unix", options.UpdatedBeforeUnix.Value()))
+	if has, value := options.UpdatedBeforeUnix.Get(); has {
+		query.And(inner_meilisearch.NewFilterLte("updated_unix", value))
 	}
 
 	var sortBy []string
diff --git a/modules/optional/option.go b/modules/optional/option.go
index ccbad259c2..dee5126ba2 100644
--- a/modules/optional/option.go
+++ b/modules/optional/option.go
@@ -34,9 +34,17 @@ func (o Option[T]) Has() bool {
 	return o != nil
 }
 
-func (o Option[T]) Value() T {
-	var zero T
-	return o.ValueOrDefault(zero)
+func (o Option[T]) Get() (has bool, value T) {
+	if o != nil {
+		has = true
+		value = o[0]
+	}
+	return has, value
+}
+
+func (o Option[T]) ValueOrZeroValue() T {
+	var zeroValue T
+	return o.ValueOrDefault(zeroValue)
 }
 
 func (o Option[T]) ValueOrDefault(v T) T {
diff --git a/modules/optional/option_test.go b/modules/optional/option_test.go
index a674caf633..391d913aaa 100644
--- a/modules/optional/option_test.go
+++ b/modules/optional/option_test.go
@@ -14,27 +14,27 @@ import (
 func TestOption(t *testing.T) {
 	var uninitialized optional.Option[int]
 	assert.False(t, uninitialized.Has())
-	assert.Equal(t, int(0), uninitialized.Value())
+	assert.Equal(t, int(0), uninitialized.ValueOrZeroValue())
 	assert.Equal(t, int(1), uninitialized.ValueOrDefault(1))
 
 	none := optional.None[int]()
 	assert.False(t, none.Has())
-	assert.Equal(t, int(0), none.Value())
+	assert.Equal(t, int(0), none.ValueOrZeroValue())
 	assert.Equal(t, int(1), none.ValueOrDefault(1))
 
 	some := optional.Some(1)
 	assert.True(t, some.Has())
-	assert.Equal(t, int(1), some.Value())
+	assert.Equal(t, int(1), some.ValueOrZeroValue())
 	assert.Equal(t, int(1), some.ValueOrDefault(2))
 
 	noneBool := optional.None[bool]()
 	assert.False(t, noneBool.Has())
-	assert.False(t, noneBool.Value())
+	assert.False(t, noneBool.ValueOrZeroValue())
 	assert.True(t, noneBool.ValueOrDefault(true))
 
 	someBool := optional.Some(true)
 	assert.True(t, someBool.Has())
-	assert.True(t, someBool.Value())
+	assert.True(t, someBool.ValueOrZeroValue())
 	assert.True(t, someBool.ValueOrDefault(false))
 
 	var ptr *int
@@ -43,19 +43,22 @@ func TestOption(t *testing.T) {
 	int1 := 1
 	opt1 := optional.FromPtr(&int1)
 	assert.True(t, opt1.Has())
-	assert.Equal(t, int(1), opt1.Value())
+	_, v := opt1.Get()
+	assert.Equal(t, int(1), v)
 
 	assert.False(t, optional.FromNonDefault("").Has())
 
 	opt2 := optional.FromNonDefault("test")
 	assert.True(t, opt2.Has())
-	assert.Equal(t, "test", opt2.Value())
+	_, vStr := opt2.Get()
+	assert.Equal(t, "test", vStr)
 
 	assert.False(t, optional.FromNonDefault(0).Has())
 
 	opt3 := optional.FromNonDefault(1)
 	assert.True(t, opt3.Has())
-	assert.Equal(t, int(1), opt3.Value())
+	_, v = opt3.Get()
+	assert.Equal(t, int(1), v)
 }
 
 func Test_ParseBool(t *testing.T) {
diff --git a/modules/optional/serialization.go b/modules/optional/serialization.go
index 2e2ccd6786..46e20d95e8 100644
--- a/modules/optional/serialization.go
+++ b/modules/optional/serialization.go
@@ -19,11 +19,11 @@ func (o *Option[T]) UnmarshalJSON(data []byte) error {
 }
 
 func (o Option[T]) MarshalJSON() ([]byte, error) {
-	if !o.Has() {
+	has, v := o.Get()
+	if !has {
 		return []byte("null"), nil
 	}
-
-	return json.Marshal(o.Value())
+	return json.Marshal(v)
 }
 
 func (o *Option[T]) UnmarshalYAML(value *yaml.Node) error {
@@ -36,11 +36,12 @@ func (o *Option[T]) UnmarshalYAML(value *yaml.Node) error {
 }
 
 func (o Option[T]) MarshalYAML() (any, error) {
-	if !o.Has() {
+	has, v := o.Get()
+	if !has {
 		return nil, nil
 	}
 
 	value := new(yaml.Node)
-	err := value.Encode(o.Value())
+	err := value.Encode(v)
 	return value, err
 }
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index 3904e29770..fac6e54fb1 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -167,7 +167,7 @@ func loadRunModeFrom(rootCfg ConfigProvider) {
 	// The following is a purposefully undocumented option. Please do not run Forgejo as root. It will only cause future headaches.
 	// Please don't use root as a bandaid to "fix" something that is broken, instead the broken thing should instead be fixed properly.
 	unsafeAllowRunAsRoot := ConfigSectionKeyBool(rootSec, "I_AM_BEING_UNSAFE_RUNNING_AS_ROOT")
-	unsafeAllowRunAsRoot = unsafeAllowRunAsRoot || optional.ParseBool(os.Getenv("GITEA_I_AM_BEING_UNSAFE_RUNNING_AS_ROOT")).Value()
+	unsafeAllowRunAsRoot = unsafeAllowRunAsRoot || optional.ParseBool(os.Getenv("GITEA_I_AM_BEING_UNSAFE_RUNNING_AS_ROOT")).ValueOrDefault(false)
 	RunMode = os.Getenv("GITEA_RUN_MODE")
 	if RunMode == "" {
 		RunMode = rootSec.Key("RUN_MODE").MustString("prod")
diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go
index dcafc54c0e..e3b41eed81 100644
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@@ -497,7 +497,7 @@ func ListIssues(ctx *context.APIContext) {
 		isPull = optional.Some(false)
 	}
 
-	if isPull.Has() && !ctx.Repo.CanReadIssuesOrPulls(isPull.Value()) {
+	if has, value := isPull.Get(); has && !ctx.Repo.CanReadIssuesOrPulls(value) {
 		ctx.NotFound()
 		return
 	}
diff --git a/routers/web/explore/repo.go b/routers/web/explore/repo.go
index 0707420a8d..ec6ebf30d1 100644
--- a/routers/web/explore/repo.go
+++ b/routers/web/explore/repo.go
@@ -143,20 +143,20 @@ func RenderRepoSearch(ctx *context.Context, opts *RepoSearchOptions) {
 	pager.AddParam(ctx, "topic", "TopicOnly")
 	pager.AddParam(ctx, "language", "Language")
 	pager.AddParamString(relevantReposOnlyParam, fmt.Sprint(opts.OnlyShowRelevant))
-	if archived.Has() {
-		pager.AddParamString("archived", fmt.Sprint(archived.Value()))
+	if has, value := archived.Get(); has {
+		pager.AddParamString("archived", fmt.Sprint(value))
 	}
-	if fork.Has() {
-		pager.AddParamString("fork", fmt.Sprint(fork.Value()))
+	if has, value := fork.Get(); has {
+		pager.AddParamString("fork", fmt.Sprint(value))
 	}
-	if mirror.Has() {
-		pager.AddParamString("mirror", fmt.Sprint(mirror.Value()))
+	if has, value := mirror.Get(); has {
+		pager.AddParamString("mirror", fmt.Sprint(value))
 	}
-	if template.Has() {
-		pager.AddParamString("template", fmt.Sprint(template.Value()))
+	if has, value := template.Get(); has {
+		pager.AddParamString("template", fmt.Sprint(value))
 	}
-	if private.Has() {
-		pager.AddParamString("private", fmt.Sprint(private.Value()))
+	if has, value := private.Get(); has {
+		pager.AddParamString("private", fmt.Sprint(value))
 	}
 	ctx.Data["Page"] = pager
 
diff --git a/routers/web/org/home.go b/routers/web/org/home.go
index 5ca268197d..f19d9cfca7 100644
--- a/routers/web/org/home.go
+++ b/routers/web/org/home.go
@@ -148,20 +148,20 @@ func Home(ctx *context.Context) {
 	pager := context.NewPagination(int(count), setting.UI.User.RepoPagingNum, page, 5)
 	pager.SetDefaultParams(ctx)
 	pager.AddParamString("language", language)
-	if archived.Has() {
-		pager.AddParamString("archived", fmt.Sprint(archived.Value()))
+	if has, value := archived.Get(); has {
+		pager.AddParamString("archived", fmt.Sprint(value))
 	}
-	if fork.Has() {
-		pager.AddParamString("fork", fmt.Sprint(fork.Value()))
+	if has, value := fork.Get(); has {
+		pager.AddParamString("fork", fmt.Sprint(value))
 	}
-	if mirror.Has() {
-		pager.AddParamString("mirror", fmt.Sprint(mirror.Value()))
+	if has, value := mirror.Get(); has {
+		pager.AddParamString("mirror", fmt.Sprint(value))
 	}
-	if template.Has() {
-		pager.AddParamString("template", fmt.Sprint(template.Value()))
+	if has, value := template.Get(); has {
+		pager.AddParamString("template", fmt.Sprint(value))
 	}
-	if private.Has() {
-		pager.AddParamString("private", fmt.Sprint(private.Value()))
+	if has, value := private.Get(); has {
+		pager.AddParamString("private", fmt.Sprint(value))
 	}
 	ctx.Data["Page"] = pager
 
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index 9df340378d..a8a1c69ab6 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -274,7 +274,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption opt
 
 	var total int
 	switch {
-	case isShowClosed.Value():
+	case isShowClosed.ValueOrZeroValue():
 		total = int(issueStats.ClosedCount)
 	case !isShowClosed.Has():
 		total = int(issueStats.OpenCount + issueStats.ClosedCount)
@@ -321,8 +321,8 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption opt
 		// depending on the query syntax
 		isShowClosed = opts.IsClosed
 		sortType = opts.SortBy.ToIssueSort()
-		posterID = opts.PosterID.Value()
-		assigneeID = opts.AssigneeID.Value()
+		posterID = opts.PosterID.ValueOrZeroValue()
+		assigneeID = opts.AssigneeID.ValueOrZeroValue()
 	}
 
 	approvalCounts, err := issues.GetApprovalCounts(ctx)
@@ -440,7 +440,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption opt
 		return
 	}
 
-	pinned, err := issues_model.GetPinnedIssues(ctx, repo.ID, isPullOption.Value())
+	pinned, err := issues_model.GetPinnedIssues(ctx, repo.ID, isPullOption.ValueOrZeroValue())
 	if err != nil {
 		ctx.ServerError("GetPinnedIssues", err)
 		return
@@ -475,7 +475,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption opt
 	ctx.Data["Keyword"] = keyword
 	ctx.Data["IsShowClosed"] = isShowClosed
 	switch {
-	case isShowClosed.Value():
+	case isShowClosed.ValueOrZeroValue():
 		ctx.Data["State"] = "closed"
 	case !isShowClosed.Has():
 		ctx.Data["State"] = "all"
diff --git a/routers/web/repo/setting/lfs.go b/routers/web/repo/setting/lfs.go
index 9930d03e8e..235a86820b 100644
--- a/routers/web/repo/setting/lfs.go
+++ b/routers/web/repo/setting/lfs.go
@@ -190,7 +190,7 @@ func lockablesGitAttributes(gitRepo *git.Repository, lfsLocks []*git_model.LFSLo
 		if err != nil {
 			return nil, fmt.Errorf("could not CheckPath(%s): %w", lock.Path, err)
 		}
-		lockables[i] = attrs["lockable"].Bool().Value()
+		lockables[i] = attrs["lockable"].Bool().ValueOrZeroValue()
 	}
 	return lockables, nil
 }
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index 17e25d55ae..287cd1b6aa 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -679,8 +679,8 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry) {
 		if err != nil {
 			log.Error("GitAttributes(%s, %s) failed: %v", ctx.Repo.CommitID, ctx.Repo.TreePath, err)
 		} else {
-			ctx.Data["IsVendored"] = attrs["linguist-vendored"].Bool().Value()
-			ctx.Data["IsGenerated"] = attrs["linguist-generated"].Bool().Value()
+			ctx.Data["IsVendored"] = attrs["linguist-vendored"].Bool().ValueOrZeroValue()
+			ctx.Data["IsGenerated"] = attrs["linguist-generated"].Bool().ValueOrZeroValue()
 		}
 	}
 
diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index a7e24d79bb..3bd118e06c 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -680,8 +680,8 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) {
 	ctx.Data["State"] = state
 
 	ctx.SetFormString("state", state)
-	if searchOpts.AssigneeID.Has() {
-		id := strconv.FormatInt(searchOpts.AssigneeID.Value(), 10)
+	if has, value := searchOpts.AssigneeID.Get(); has {
+		id := strconv.FormatInt(value, 10)
 		ctx.SetFormString("assignee", id)
 	}
 
diff --git a/routers/web/user/notification.go b/routers/web/user/notification.go
index 0ef67eda5b..3b69e5bddf 100644
--- a/routers/web/user/notification.go
+++ b/routers/web/user/notification.go
@@ -439,20 +439,20 @@ func NotificationWatching(ctx *context.Context) {
 	// redirect to last page if request page is more than total pages
 	pager := context.NewPagination(total, setting.UI.User.RepoPagingNum, page, 5)
 	pager.SetDefaultParams(ctx)
-	if archived.Has() {
-		pager.AddParamString("archived", fmt.Sprint(archived.Value()))
+	if has, value := archived.Get(); has {
+		pager.AddParamString("archived", fmt.Sprint(value))
 	}
-	if fork.Has() {
-		pager.AddParamString("fork", fmt.Sprint(fork.Value()))
+	if has, value := fork.Get(); has {
+		pager.AddParamString("fork", fmt.Sprint(value))
 	}
-	if mirror.Has() {
-		pager.AddParamString("mirror", fmt.Sprint(mirror.Value()))
+	if has, value := mirror.Get(); has {
+		pager.AddParamString("mirror", fmt.Sprint(value))
 	}
-	if template.Has() {
-		pager.AddParamString("template", fmt.Sprint(template.Value()))
+	if has, value := template.Get(); has {
+		pager.AddParamString("template", fmt.Sprint(value))
 	}
-	if private.Has() {
-		pager.AddParamString("private", fmt.Sprint(private.Value()))
+	if has, value := private.Get(); has {
+		pager.AddParamString("private", fmt.Sprint(value))
 	}
 	ctx.Data["Page"] = pager
 
diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
index c236c66dc5..2a3893f80e 100644
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@@ -345,20 +345,20 @@ func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileDb
 	if tab == "activity" {
 		pager.AddParam(ctx, "date", "Date")
 	}
-	if archived.Has() {
-		pager.AddParamString("archived", fmt.Sprint(archived.Value()))
+	if has, value := archived.Get(); has {
+		pager.AddParamString("archived", fmt.Sprint(value))
 	}
-	if fork.Has() {
-		pager.AddParamString("fork", fmt.Sprint(fork.Value()))
+	if has, value := fork.Get(); has {
+		pager.AddParamString("fork", fmt.Sprint(value))
 	}
-	if mirror.Has() {
-		pager.AddParamString("mirror", fmt.Sprint(mirror.Value()))
+	if has, value := mirror.Get(); has {
+		pager.AddParamString("mirror", fmt.Sprint(value))
 	}
-	if template.Has() {
-		pager.AddParamString("template", fmt.Sprint(template.Value()))
+	if has, value := template.Get(); has {
+		pager.AddParamString("template", fmt.Sprint(value))
 	}
-	if private.Has() {
-		pager.AddParamString("private", fmt.Sprint(private.Value()))
+	if has, value := private.Get(); has {
+		pager.AddParamString("private", fmt.Sprint(value))
 	}
 	ctx.Data["Page"] = pager
 }
diff --git a/services/gitdiff/gitdiff.go b/services/gitdiff/gitdiff.go
index 8226aae6ac..544c664ca2 100644
--- a/services/gitdiff/gitdiff.go
+++ b/services/gitdiff/gitdiff.go
@@ -1240,11 +1240,11 @@ func GetDiffFull(ctx context.Context, gitRepo *git.Repository, opts *DiffOptions
 			log.Error("checker.CheckPath(%s) failed: %v", diffFile.Name, err)
 		} else {
 			vendored := attrs["linguist-vendored"].Bool()
-			diffFile.IsVendored = vendored.Value()
+			diffFile.IsVendored = vendored.ValueOrZeroValue()
 			gotVendor = vendored.Has()
 
 			generated := attrs["linguist-generated"].Bool()
-			diffFile.IsGenerated = generated.Value()
+			diffFile.IsGenerated = generated.ValueOrZeroValue()
 			gotGenerated = generated.Has()
 
 			diffFile.Language = cmp.Or(
diff --git a/services/user/update.go b/services/user/update.go
index 65d3992751..8b2b9cce07 100644
--- a/services/user/update.go
+++ b/services/user/update.go
@@ -46,135 +46,102 @@ type UpdateOptions struct {
 func UpdateUser(ctx context.Context, u *user_model.User, opts *UpdateOptions) error {
 	cols := make([]string, 0, 20)
 
-	if opts.KeepEmailPrivate.Has() {
-		u.KeepEmailPrivate = opts.KeepEmailPrivate.Value()
-
+	if has, value := opts.KeepEmailPrivate.Get(); has {
+		u.KeepEmailPrivate = value
 		cols = append(cols, "keep_email_private")
 	}
-
-	if opts.FullName.Has() {
-		u.FullName = opts.FullName.Value()
-
+	if has, value := opts.FullName.Get(); has {
+		u.FullName = value
 		cols = append(cols, "full_name")
 	}
-	if opts.Pronouns.Has() {
-		u.Pronouns = opts.Pronouns.Value()
-
+	if has, value := opts.Pronouns.Get(); has {
+		u.Pronouns = value
 		cols = append(cols, "pronouns")
 	}
-	if opts.Website.Has() {
-		u.Website = opts.Website.Value()
-
+	if has, value := opts.Website.Get(); has {
+		u.Website = value
 		cols = append(cols, "website")
 	}
-	if opts.Location.Has() {
-		u.Location = opts.Location.Value()
-
+	if has, value := opts.Location.Get(); has {
+		u.Location = value
 		cols = append(cols, "location")
 	}
-	if opts.Description.Has() {
-		u.Description = opts.Description.Value()
-
+	if has, value := opts.Description.Get(); has {
+		u.Description = value
 		cols = append(cols, "description")
 	}
-	if opts.Language.Has() {
-		u.Language = opts.Language.Value()
-
+	if has, value := opts.Language.Get(); has {
+		u.Language = value
 		cols = append(cols, "language")
 	}
-	if opts.Theme.Has() {
-		u.Theme = opts.Theme.Value()
-
+	if has, value := opts.Theme.Get(); has {
+		u.Theme = value
 		cols = append(cols, "theme")
 	}
-	if opts.DiffViewStyle.Has() {
-		u.DiffViewStyle = opts.DiffViewStyle.Value()
-
+	if has, value := opts.DiffViewStyle.Get(); has {
+		u.DiffViewStyle = value
 		cols = append(cols, "diff_view_style")
 	}
-	if opts.EnableRepoUnitHints.Has() {
-		u.EnableRepoUnitHints = opts.EnableRepoUnitHints.Value()
-
+	if has, value := opts.EnableRepoUnitHints.Get(); has {
+		u.EnableRepoUnitHints = value
 		cols = append(cols, "enable_repo_unit_hints")
 	}
-
-	if opts.KeepPronounsPrivate.Has() {
-		u.KeepPronounsPrivate = opts.KeepPronounsPrivate.Value()
-
+	if has, value := opts.KeepPronounsPrivate.Get(); has {
+		u.KeepPronounsPrivate = value
 		cols = append(cols, "keep_pronouns_private")
 	}
-
-	if opts.AllowGitHook.Has() {
-		u.AllowGitHook = opts.AllowGitHook.Value()
-
+	if has, value := opts.AllowGitHook.Get(); has {
+		u.AllowGitHook = value
 		cols = append(cols, "allow_git_hook")
 	}
-	if opts.AllowImportLocal.Has() {
-		u.AllowImportLocal = opts.AllowImportLocal.Value()
-
+	if has, value := opts.AllowImportLocal.Get(); has {
+		u.AllowImportLocal = value
 		cols = append(cols, "allow_import_local")
 	}
-
-	if opts.MaxRepoCreation.Has() {
-		u.MaxRepoCreation = opts.MaxRepoCreation.Value()
-
+	if has, value := opts.MaxRepoCreation.Get(); has {
+		u.MaxRepoCreation = value
 		cols = append(cols, "max_repo_creation")
 	}
-
-	if opts.IsActive.Has() {
-		u.IsActive = opts.IsActive.Value()
-
+	if has, value := opts.IsActive.Get(); has {
+		u.IsActive = value
 		cols = append(cols, "is_active")
 	}
-	if opts.IsRestricted.Has() {
-		u.IsRestricted = opts.IsRestricted.Value()
-
+	if has, value := opts.IsRestricted.Get(); has {
+		u.IsRestricted = value
 		cols = append(cols, "is_restricted")
 	}
-	if opts.IsAdmin.Has() {
-		if !opts.IsAdmin.Value() && user_model.IsLastAdminUser(ctx, u) {
+	if has, value := opts.IsAdmin.Get(); has {
+		if !value && user_model.IsLastAdminUser(ctx, u) {
 			return models.ErrDeleteLastAdminUser{UID: u.ID}
 		}
-
-		u.IsAdmin = opts.IsAdmin.Value()
-
+		u.IsAdmin = value
 		cols = append(cols, "is_admin")
 	}
-
-	if opts.Visibility.Has() {
-		if !u.IsOrganization() && !setting.Service.AllowedUserVisibilityModesSlice.IsAllowedVisibility(opts.Visibility.Value()) {
-			return fmt.Errorf("visibility mode not allowed: %s", opts.Visibility.Value().String())
+	if has, value := opts.Visibility.Get(); has {
+		if !u.IsOrganization() && !setting.Service.AllowedUserVisibilityModesSlice.IsAllowedVisibility(value) {
+			return fmt.Errorf("visibility mode not allowed: %s", value.String())
 		}
-		u.Visibility = opts.Visibility.Value()
-
+		u.Visibility = value
 		cols = append(cols, "visibility")
 	}
-	if opts.KeepActivityPrivate.Has() {
-		u.KeepActivityPrivate = opts.KeepActivityPrivate.Value()
-
+	if has, value := opts.KeepActivityPrivate.Get(); has {
+		u.KeepActivityPrivate = value
 		cols = append(cols, "keep_activity_private")
 	}
-
-	if opts.AllowCreateOrganization.Has() {
-		u.AllowCreateOrganization = opts.AllowCreateOrganization.Value()
-
+	if has, value := opts.AllowCreateOrganization.Get(); has {
+		u.AllowCreateOrganization = value
 		cols = append(cols, "allow_create_organization")
 	}
-	if opts.RepoAdminChangeTeamAccess.Has() {
-		u.RepoAdminChangeTeamAccess = opts.RepoAdminChangeTeamAccess.Value()
-
+	if has, value := opts.RepoAdminChangeTeamAccess.Get(); has {
+		u.RepoAdminChangeTeamAccess = value
 		cols = append(cols, "repo_admin_change_team_access")
 	}
-
-	if opts.EmailNotificationsPreference.Has() {
-		u.EmailNotificationsPreference = opts.EmailNotificationsPreference.Value()
-
+	if has, value := opts.EmailNotificationsPreference.Get(); has {
+		u.EmailNotificationsPreference = value
 		cols = append(cols, "email_notifications_preference")
 	}
-
 	if opts.SetLastLogin {
 		u.SetLastLogin()
-
 		cols = append(cols, "last_login_unix")
 	}
 
@@ -190,8 +157,8 @@ type UpdateAuthOptions struct {
 }
 
 func UpdateAuth(ctx context.Context, u *user_model.User, opts *UpdateAuthOptions) error {
-	if opts.LoginSource.Has() {
-		source, err := auth_model.GetSourceByID(ctx, opts.LoginSource.Value())
+	if has, value := opts.LoginSource.Get(); has {
+		source, err := auth_model.GetSourceByID(ctx, value)
 		if err != nil {
 			return err
 		}
@@ -199,12 +166,12 @@ func UpdateAuth(ctx context.Context, u *user_model.User, opts *UpdateAuthOptions
 		u.LoginType = source.Type
 		u.LoginSource = source.ID
 	}
-	if opts.LoginName.Has() {
-		u.LoginName = opts.LoginName.Value()
+	if has, value := opts.LoginName.Get(); has {
+		u.LoginName = value
 	}
 
-	if opts.Password.Has() && (u.IsLocal() || u.IsOAuth2()) {
-		password := opts.Password.Value()
+	if has, value := opts.Password.Get(); has && (u.IsLocal() || u.IsOAuth2()) {
+		password := value
 
 		if len(password) < setting.MinPasswordLength {
 			return password_module.ErrMinLength
@@ -221,11 +188,11 @@ func UpdateAuth(ctx context.Context, u *user_model.User, opts *UpdateAuthOptions
 		}
 	}
 
-	if opts.MustChangePassword.Has() {
-		u.MustChangePassword = opts.MustChangePassword.Value()
+	if has, value := opts.MustChangePassword.Get(); has {
+		u.MustChangePassword = value
 	}
-	if opts.ProhibitLogin.Has() {
-		u.ProhibitLogin = opts.ProhibitLogin.Value()
+	if has, value := opts.ProhibitLogin.Get(); has {
+		u.ProhibitLogin = value
 	}
 
 	if err := user_model.UpdateUserCols(ctx, u, "login_type", "login_source", "login_name", "passwd", "passwd_hash_algo", "salt", "must_change_password", "prohibit_login"); err != nil {
diff --git a/services/user/update_test.go b/services/user/update_test.go
index f1754b2db9..b017a88689 100644
--- a/services/user/update_test.go
+++ b/services/user/update_test.go
@@ -51,44 +51,44 @@ func TestUpdateUser(t *testing.T) {
 	}
 	require.NoError(t, UpdateUser(db.DefaultContext, user, opts))
 
-	assert.Equal(t, opts.KeepEmailPrivate.Value(), user.KeepEmailPrivate)
-	assert.Equal(t, opts.FullName.Value(), user.FullName)
-	assert.Equal(t, opts.Website.Value(), user.Website)
-	assert.Equal(t, opts.Location.Value(), user.Location)
-	assert.Equal(t, opts.Description.Value(), user.Description)
-	assert.Equal(t, opts.AllowGitHook.Value(), user.AllowGitHook)
-	assert.Equal(t, opts.AllowImportLocal.Value(), user.AllowImportLocal)
-	assert.Equal(t, opts.MaxRepoCreation.Value(), user.MaxRepoCreation)
-	assert.Equal(t, opts.IsRestricted.Value(), user.IsRestricted)
-	assert.Equal(t, opts.IsActive.Value(), user.IsActive)
-	assert.Equal(t, opts.IsAdmin.Value(), user.IsAdmin)
-	assert.Equal(t, opts.Visibility.Value(), user.Visibility)
-	assert.Equal(t, opts.KeepActivityPrivate.Value(), user.KeepActivityPrivate)
-	assert.Equal(t, opts.Language.Value(), user.Language)
-	assert.Equal(t, opts.Theme.Value(), user.Theme)
-	assert.Equal(t, opts.DiffViewStyle.Value(), user.DiffViewStyle)
-	assert.Equal(t, opts.AllowCreateOrganization.Value(), user.AllowCreateOrganization)
-	assert.Equal(t, opts.EmailNotificationsPreference.Value(), user.EmailNotificationsPreference)
+	assert.Equal(t, opts.KeepEmailPrivate.ValueOrZeroValue(), user.KeepEmailPrivate)
+	assert.Equal(t, opts.FullName.ValueOrZeroValue(), user.FullName)
+	assert.Equal(t, opts.Website.ValueOrZeroValue(), user.Website)
+	assert.Equal(t, opts.Location.ValueOrZeroValue(), user.Location)
+	assert.Equal(t, opts.Description.ValueOrZeroValue(), user.Description)
+	assert.Equal(t, opts.AllowGitHook.ValueOrZeroValue(), user.AllowGitHook)
+	assert.Equal(t, opts.AllowImportLocal.ValueOrZeroValue(), user.AllowImportLocal)
+	assert.Equal(t, opts.MaxRepoCreation.ValueOrZeroValue(), user.MaxRepoCreation)
+	assert.Equal(t, opts.IsRestricted.ValueOrZeroValue(), user.IsRestricted)
+	assert.Equal(t, opts.IsActive.ValueOrZeroValue(), user.IsActive)
+	assert.Equal(t, opts.IsAdmin.ValueOrZeroValue(), user.IsAdmin)
+	assert.Equal(t, opts.Visibility.ValueOrZeroValue(), user.Visibility)
+	assert.Equal(t, opts.KeepActivityPrivate.ValueOrZeroValue(), user.KeepActivityPrivate)
+	assert.Equal(t, opts.Language.ValueOrZeroValue(), user.Language)
+	assert.Equal(t, opts.Theme.ValueOrZeroValue(), user.Theme)
+	assert.Equal(t, opts.DiffViewStyle.ValueOrZeroValue(), user.DiffViewStyle)
+	assert.Equal(t, opts.AllowCreateOrganization.ValueOrZeroValue(), user.AllowCreateOrganization)
+	assert.Equal(t, opts.EmailNotificationsPreference.ValueOrZeroValue(), user.EmailNotificationsPreference)
 
 	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 28})
-	assert.Equal(t, opts.KeepEmailPrivate.Value(), user.KeepEmailPrivate)
-	assert.Equal(t, opts.FullName.Value(), user.FullName)
-	assert.Equal(t, opts.Website.Value(), user.Website)
-	assert.Equal(t, opts.Location.Value(), user.Location)
-	assert.Equal(t, opts.Description.Value(), user.Description)
-	assert.Equal(t, opts.AllowGitHook.Value(), user.AllowGitHook)
-	assert.Equal(t, opts.AllowImportLocal.Value(), user.AllowImportLocal)
-	assert.Equal(t, opts.MaxRepoCreation.Value(), user.MaxRepoCreation)
-	assert.Equal(t, opts.IsRestricted.Value(), user.IsRestricted)
-	assert.Equal(t, opts.IsActive.Value(), user.IsActive)
-	assert.Equal(t, opts.IsAdmin.Value(), user.IsAdmin)
-	assert.Equal(t, opts.Visibility.Value(), user.Visibility)
-	assert.Equal(t, opts.KeepActivityPrivate.Value(), user.KeepActivityPrivate)
-	assert.Equal(t, opts.Language.Value(), user.Language)
-	assert.Equal(t, opts.Theme.Value(), user.Theme)
-	assert.Equal(t, opts.DiffViewStyle.Value(), user.DiffViewStyle)
-	assert.Equal(t, opts.AllowCreateOrganization.Value(), user.AllowCreateOrganization)
-	assert.Equal(t, opts.EmailNotificationsPreference.Value(), user.EmailNotificationsPreference)
+	assert.Equal(t, opts.KeepEmailPrivate.ValueOrZeroValue(), user.KeepEmailPrivate)
+	assert.Equal(t, opts.FullName.ValueOrZeroValue(), user.FullName)
+	assert.Equal(t, opts.Website.ValueOrZeroValue(), user.Website)
+	assert.Equal(t, opts.Location.ValueOrZeroValue(), user.Location)
+	assert.Equal(t, opts.Description.ValueOrZeroValue(), user.Description)
+	assert.Equal(t, opts.AllowGitHook.ValueOrZeroValue(), user.AllowGitHook)
+	assert.Equal(t, opts.AllowImportLocal.ValueOrZeroValue(), user.AllowImportLocal)
+	assert.Equal(t, opts.MaxRepoCreation.ValueOrZeroValue(), user.MaxRepoCreation)
+	assert.Equal(t, opts.IsRestricted.ValueOrZeroValue(), user.IsRestricted)
+	assert.Equal(t, opts.IsActive.ValueOrZeroValue(), user.IsActive)
+	assert.Equal(t, opts.IsAdmin.ValueOrZeroValue(), user.IsAdmin)
+	assert.Equal(t, opts.Visibility.ValueOrZeroValue(), user.Visibility)
+	assert.Equal(t, opts.KeepActivityPrivate.ValueOrZeroValue(), user.KeepActivityPrivate)
+	assert.Equal(t, opts.Language.ValueOrZeroValue(), user.Language)
+	assert.Equal(t, opts.Theme.ValueOrZeroValue(), user.Theme)
+	assert.Equal(t, opts.DiffViewStyle.ValueOrZeroValue(), user.DiffViewStyle)
+	assert.Equal(t, opts.AllowCreateOrganization.ValueOrZeroValue(), user.AllowCreateOrganization)
+	assert.Equal(t, opts.EmailNotificationsPreference.ValueOrZeroValue(), user.EmailNotificationsPreference)
 }
 
 func TestUpdateAuth(t *testing.T) {
diff --git a/templates/repo/issue/filter_actions.tmpl b/templates/repo/issue/filter_actions.tmpl
index ea7878c47b..b92ab315ed 100644
--- a/templates/repo/issue/filter_actions.tmpl
+++ b/templates/repo/issue/filter_actions.tmpl
@@ -1,9 +1,9 @@
 <div class="ui secondary filter menu">
 	{{if not .Repository.IsArchived}}
 		<!-- Action Button -->
-		{{if and .IsShowClosed.Has .IsShowClosed.Value}}
+		{{if and .IsShowClosed.Has .IsShowClosed.ValueOrZeroValue}}
 			<button class="ui primary basic button issue-action" data-action="open" data-url="{{$.RepoLink}}/issues/status">{{ctx.Locale.Tr "repo.issues.action_open"}}</button>
-		{{else if and .IsShowClosed.Has (not .IsShowClosed.Value)}}
+		{{else if and .IsShowClosed.Has (not .IsShowClosed.ValueOrZeroValue)}}
 			<button class="ui red basic button issue-action" data-action="close" data-url="{{$.RepoLink}}/issues/status">{{ctx.Locale.Tr "repo.issues.action_close"}}</button>
 		{{end}}
 		{{if $.IsRepoAdmin}}
diff --git a/templates/shared/repo_search.tmpl b/templates/shared/repo_search.tmpl
index d08d6017ed..8ceadc95da 100644
--- a/templates/shared/repo_search.tmpl
+++ b/templates/shared/repo_search.tmpl
@@ -20,19 +20,19 @@
 			<div class="menu">
 				<label class="item"><input type="radio" name="clear-filter"> {{ctx.Locale.Tr "filter.clear"}}</label>
 				<div class="divider"></div>
-				<label class="item"><input type="radio" name="archived" {{if .IsArchived.Value}}checked{{end}} value="1"> {{ctx.Locale.Tr "filter.is_archived"}}</label>
+				<label class="item"><input type="radio" name="archived" {{if .IsArchived.ValueOrZeroValue}}checked{{end}} value="1"> {{ctx.Locale.Tr "filter.is_archived"}}</label>
 				<label class="item"><input type="radio" name="archived" {{if (not (.IsArchived.ValueOrDefault true))}}checked{{end}} value="0"> {{ctx.Locale.Tr "filter.not_archived"}}</label>
 				<div class="divider"></div>
-				<label class="item"><input type="radio" name="fork" {{if .IsFork.Value}}checked{{end}} value="1"> {{ctx.Locale.Tr "filter.is_fork"}}</label>
+				<label class="item"><input type="radio" name="fork" {{if .IsFork.ValueOrZeroValue}}checked{{end}} value="1"> {{ctx.Locale.Tr "filter.is_fork"}}</label>
 				<label class="item"><input type="radio" name="fork" {{if (not (.IsFork.ValueOrDefault true))}}checked{{end}} value="0"> {{ctx.Locale.Tr "filter.not_fork"}}</label>
 				<div class="divider"></div>
-				<label class="item"><input type="radio" name="mirror" {{if .IsMirror.Value}}checked{{end}} value="1"> {{ctx.Locale.Tr "filter.is_mirror"}}</label>
+				<label class="item"><input type="radio" name="mirror" {{if .IsMirror.ValueOrZeroValue}}checked{{end}} value="1"> {{ctx.Locale.Tr "filter.is_mirror"}}</label>
 				<label class="item"><input type="radio" name="mirror" {{if (not (.IsMirror.ValueOrDefault true))}}checked{{end}} value="0"> {{ctx.Locale.Tr "filter.not_mirror"}}</label>
 				<div class="divider"></div>
-				<label class="item"><input type="radio" name="template" {{if .IsTemplate.Value}}checked{{end}} value="1"> {{ctx.Locale.Tr "filter.is_template"}}</label>
+				<label class="item"><input type="radio" name="template" {{if .IsTemplate.ValueOrZeroValue}}checked{{end}} value="1"> {{ctx.Locale.Tr "filter.is_template"}}</label>
 				<label class="item"><input type="radio" name="template" {{if (not (.IsTemplate.ValueOrDefault true))}}checked{{end}} value="0"> {{ctx.Locale.Tr "filter.not_template"}}</label>
 				<div class="divider"></div>
-				<label class="item"><input type="radio" name="private" {{if .IsPrivate.Value}}checked{{end}} value="1"> {{ctx.Locale.Tr "filter.private"}}</label>
+				<label class="item"><input type="radio" name="private" {{if .IsPrivate.ValueOrZeroValue}}checked{{end}} value="1"> {{ctx.Locale.Tr "filter.private"}}</label>
 				<label class="item"><input type="radio" name="private" {{if (not (.IsPrivate.ValueOrDefault true))}}checked{{end}} value="0"> {{ctx.Locale.Tr "filter.public"}}</label>
 			</div>
 		</div>
diff --git a/tests/test_utils.go b/tests/test_utils.go
index 0fc9329b77..dff1c283d0 100644
--- a/tests/test_utils.go
+++ b/tests/test_utils.go
@@ -404,15 +404,15 @@ func CreateDeclarativeRepoWithOptions(t *testing.T, owner *user_model.User, opts
 	// Not using opts.Name.ValueOrDefault() here to avoid unnecessarily
 	// generating an UUID when a name is specified.
 	var repoName string
-	if opts.Name.Has() {
-		repoName = opts.Name.Value()
+	if has, value := opts.Name.Get(); has {
+		repoName = value
 	} else {
 		repoName = uuid.NewString()
 	}
 
 	var autoInit bool
-	if opts.AutoInit.Has() {
-		autoInit = opts.AutoInit.Value()
+	if has, value := opts.AutoInit.Get(); has {
+		autoInit = value
 	} else {
 		autoInit = true
 	}
@@ -426,22 +426,21 @@ func CreateDeclarativeRepoWithOptions(t *testing.T, owner *user_model.User, opts
 		License:          "WTFPL",
 		Readme:           "Default",
 		DefaultBranch:    "main",
-		IsTemplate:       opts.IsTemplate.Value(),
-		ObjectFormatName: opts.ObjectFormat.Value(),
-		IsPrivate:        opts.IsPrivate.Value(),
+		IsTemplate:       opts.IsTemplate.ValueOrZeroValue(),
+		ObjectFormatName: opts.ObjectFormat.ValueOrZeroValue(),
+		IsPrivate:        opts.IsPrivate.ValueOrZeroValue(),
 	})
 	require.NoError(t, err)
 	assert.NotEmpty(t, repo)
 
 	// Populate `enabledUnits` if we have any enabled.
 	var enabledUnits []repo_model.RepoUnit
-	if opts.EnabledUnits.Has() {
-		units := opts.EnabledUnits.Value()
+	if has, units := opts.EnabledUnits.Get(); has {
 		enabledUnits = make([]repo_model.RepoUnit, len(units))
 
 		for i, unitType := range units {
 			var config convert.Conversion
-			if cfg, ok := opts.UnitConfig.Value()[unitType]; ok {
+			if cfg, ok := opts.UnitConfig.ValueOrZeroValue()[unitType]; ok {
 				config = cfg
 			}
 			enabledUnits[i] = repo_model.RepoUnit{
@@ -460,9 +459,8 @@ func CreateDeclarativeRepoWithOptions(t *testing.T, owner *user_model.User, opts
 
 	// Add files, if any.
 	var sha string
-	if opts.Files.Has() {
+	if has, files := opts.Files.Get(); has {
 		assert.True(t, autoInit, "Files cannot be specified if AutoInit is disabled")
-		files := opts.Files.Value()
 
 		commitID, err := gitrepo.GetBranchCommitID(git.DefaultContext, repo, "main")
 		require.NoError(t, err)
@@ -493,9 +491,9 @@ func CreateDeclarativeRepoWithOptions(t *testing.T, owner *user_model.User, opts
 	}
 
 	// If there's a Wiki branch specified, create a wiki, and a default wiki page.
-	if opts.WikiBranch.Has() {
+	if has, value := opts.WikiBranch.Get(); has {
 		// Set the wiki branch in the database first
-		repo.WikiBranch = opts.WikiBranch.Value()
+		repo.WikiBranch = value
 		err := repo_model.UpdateRepositoryCols(db.DefaultContext, repo, "wiki_branch")
 		require.NoError(t, err)
 

From ec803eb2d335eb4d2de01914da3d986c700ad872 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Tue, 10 Feb 2026 18:38:05 +0100
Subject: [PATCH 302/854] Update module golang.org/x/image to v0.36.0 (forgejo)
 (#11226)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11226
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8e2bb1b66a..fa5bdec07e 100644
--- a/go.mod
+++ b/go.mod
@@ -103,7 +103,7 @@ require (
 	go.uber.org/mock v0.6.0
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.48.0
-	golang.org/x/image v0.33.0
+	golang.org/x/image v0.36.0
 	golang.org/x/net v0.49.0
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.19.0
diff --git a/go.sum b/go.sum
index 92c5448993..4a64cc0e8b 100644
--- a/go.sum
+++ b/go.sum
@@ -736,8 +736,8 @@ golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/y
 golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.33.0 h1:LXRZRnv1+zGd5XBUVRFmYEphyyKJjQjCRiOuAP3sZfQ=
-golang.org/x/image v0.33.0/go.mod h1:DD3OsTYT9chzuzTQt+zMcOlBHgfoKQb1gry8p76Y1sc=
+golang.org/x/image v0.36.0 h1:Iknbfm1afbgtwPTmHnS2gTM/6PPZfH+z2EFuOkSbqwc=
+golang.org/x/image v0.36.0/go.mod h1:YsWD2TyyGKiIX1kZlu9QfKIsQ4nAAK9bdgdrIsE7xy4=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

From 54d952ee66a00deb497eb629651b30e3599b8948 Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Wed, 11 Feb 2026 03:22:53 +0100
Subject: [PATCH 303/854] feat(ui): support additional job status selection in
 dropdown menu on Actions tab (#11156)

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

### Disclaimer

Generative AI (ChatGPT) was used to debug the e2e test, with copied code lines below threshold of originality.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11156
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
---
 models/actions/run_list.go      | 11 ++++++++--
 models/actions/run_list_test.go | 37 +++++++++++++++++++++++++++++++++
 tests/e2e/actions.test.e2e.ts   | 18 +++++++++++-----
 3 files changed, 59 insertions(+), 7 deletions(-)
 create mode 100644 models/actions/run_list_test.go

diff --git a/models/actions/run_list.go b/models/actions/run_list.go
index a450212185..b296e2f477 100644
--- a/models/actions/run_list.go
+++ b/models/actions/run_list.go
@@ -5,6 +5,7 @@ package actions
 
 import (
 	"context"
+	"slices"
 
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
@@ -13,6 +14,8 @@ import (
 	"forgejo.org/modules/translation"
 	webhook_module "forgejo.org/modules/webhook"
 
+	"golang.org/x/text/collate"
+	"golang.org/x/text/language"
 	"xorm.io/builder"
 )
 
@@ -127,14 +130,18 @@ type StatusInfo struct {
 // GetStatusInfoList returns a slice of StatusInfo
 func GetStatusInfoList(ctx context.Context, lang translation.Locale) []StatusInfo {
 	// same as those in aggregateJobStatus
-	allStatus := []Status{StatusSuccess, StatusFailure, StatusWaiting, StatusRunning}
-	statusInfoList := make([]StatusInfo, 0, 4)
+	allStatus := []Status{StatusBlocked, StatusCancelled, StatusFailure, StatusRunning, StatusSkipped, StatusSuccess, StatusWaiting}
+	statusInfoList := make([]StatusInfo, 0, 7)
 	for _, s := range allStatus {
 		statusInfoList = append(statusInfoList, StatusInfo{
 			Status:          int(s),
 			DisplayedStatus: s.LocaleString(lang),
 		})
 	}
+	collator := collate.New(language.Und, collate.IgnoreCase)
+	slices.SortFunc(statusInfoList, func(a, b StatusInfo) int {
+		return collator.CompareString(a.DisplayedStatus, b.DisplayedStatus)
+	})
 	return statusInfoList
 }
 
diff --git a/models/actions/run_list_test.go b/models/actions/run_list_test.go
new file mode 100644
index 0000000000..b3d22b5155
--- /dev/null
+++ b/models/actions/run_list_test.go
@@ -0,0 +1,37 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"testing"
+
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/translation"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestActionStatusList(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	translation.InitLocales(t.Context())
+
+	statusInfoList := GetStatusInfoList(t.Context(), translation.NewLocale("en-US"))
+	assert.Len(t, statusInfoList, 7)
+	statuses := []string{"Blocked", "Canceled", "Failure", "Running", "Skipped", "Success", "Waiting"}
+	statusInts := []int{7, 3, 2, 6, 4, 1, 5}
+	for i, statusString := range statuses {
+		assert.Equal(t, statusInfoList[i].Status, statusInts[i])
+		assert.Equal(t, statusInfoList[i].DisplayedStatus, statusString)
+	}
+
+	statusInfoList = GetStatusInfoList(t.Context(), translation.NewLocale("de-DE"))
+	assert.Len(t, statusInfoList, 7)
+	statuses = []string{"Abgebrochen", "Blockiert", "Erfolg", "Fehler", "Laufend", "Übersprungen", "Wartend"}
+	statusInts = []int{3, 7, 1, 2, 6, 4, 5}
+	for i, statusString := range statuses {
+		assert.Equal(t, statusInfoList[i].Status, statusInts[i])
+		assert.Equal(t, statusInfoList[i].DisplayedStatus, statusString)
+	}
+}
diff --git a/tests/e2e/actions.test.e2e.ts b/tests/e2e/actions.test.e2e.ts
index 2f5d09e561..8981d037d3 100644
--- a/tests/e2e/actions.test.e2e.ts
+++ b/tests/e2e/actions.test.e2e.ts
@@ -203,11 +203,19 @@ test.describe('workflow list dynamic refresh', () => {
     await page.locator('#workflow_dispatch_dropdown>button').click();
 
     // Status dropdown
-    await expect(page.getByText('Waiting')).toBeHidden();
-    await expect(page.getByText('Failure')).toBeHidden();
-    await page.locator('#status_dropdown').click();
-    await expect(page.getByText('Waiting')).toBeVisible();
-    await expect(page.getByText('Failure')).toBeVisible();
+    const dropdown = page.locator('#status_dropdown');
+    const dropdown_menu = dropdown.locator('.menu');
+    await expect(dropdown_menu).toBeHidden();
+    await dropdown.click();
+    await expect(dropdown_menu).toBeVisible();
+    await expect(dropdown_menu.getByText('All status')).toHaveAttribute('href', /&status=0$/);
+    await expect(dropdown_menu.getByText('Success')).toHaveAttribute('href', /&status=1$/);
+    await expect(dropdown_menu.getByText('Failure')).toHaveAttribute('href', /&status=2$/);
+    await expect(dropdown_menu.getByText('Waiting')).toHaveAttribute('href', /&status=5$/);
+    await expect(dropdown_menu.getByText('Running')).toHaveAttribute('href', /&status=6$/);
+    await expect(dropdown_menu.getByText('Blocked')).toHaveAttribute('href', /&status=7$/);
+    await expect(dropdown_menu.getByText('Canceled')).toHaveAttribute('href', /&status=3$/);
+    await expect(dropdown_menu.getByText('Skipped')).toHaveAttribute('href', /&status=4$/);
 
     // Actor dropdown
     await expect(page.getByText('All actors')).toBeHidden();

From 26d6b484feb9330921bc57ccffee7a71418a1736 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 11 Feb 2026 07:32:12 +0100
Subject: [PATCH 304/854] Update module golang.org/x/net to v0.50.0 (forgejo)
 (#11237)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11237
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index fa5bdec07e..b183d09e1f 100644
--- a/go.mod
+++ b/go.mod
@@ -104,7 +104,7 @@ require (
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.48.0
 	golang.org/x/image v0.36.0
-	golang.org/x/net v0.49.0
+	golang.org/x/net v0.50.0
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.19.0
 	golang.org/x/sys v0.41.0
diff --git a/go.sum b/go.sum
index 4a64cc0e8b..ed9813741c 100644
--- a/go.sum
+++ b/go.sum
@@ -791,8 +791,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o=
-golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8=
+golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
+golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 92cb4ca01998e47354cd39dce869420049a3dd93 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 11 Feb 2026 15:03:52 +0100
Subject: [PATCH 305/854] Update module github.com/mattn/go-sqlite3 to v1.14.34
 (forgejo) (#11233)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11233
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b183d09e1f..ba45321589 100644
--- a/go.mod
+++ b/go.mod
@@ -75,7 +75,7 @@ require (
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.80.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-sqlite3 v1.14.33
+	github.com/mattn/go-sqlite3 v1.14.34
 	github.com/meilisearch/meilisearch-go v0.36.0
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
diff --git a/go.sum b/go.sum
index ed9813741c..8ad6dcf9eb 100644
--- a/go.sum
+++ b/go.sum
@@ -516,8 +516,8 @@ github.com/mattn/go-runewidth v0.0.17 h1:78v8ZlW0bP43XfmAfPsdXcoNCelfMHsDmd/pkEN
 github.com/mattn/go-runewidth v0.0.17/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/mattn/go-sqlite3 v1.14.33 h1:A5blZ5ulQo2AtayQ9/limgHEkFreKj1Dv226a1K73s0=
-github.com/mattn/go-sqlite3 v1.14.33/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.34 h1:3NtcvcUnFBPsuRcno8pUtupspG/GM+9nZ88zgJcp6Zk=
+github.com/mattn/go-sqlite3 v1.14.34/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/meilisearch/meilisearch-go v0.36.0 h1:N1etykTektXt5KPcSbhBO0d5Xx5NaKj4pJWEM7WA5dI=
 github.com/meilisearch/meilisearch-go v0.36.0/go.mod h1:HBfHzKMxcSbTOvqdfuRA/yf6Vk9IivcwKocWRuW7W78=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=

From 5470fd013102ae8712d70c9b2c1f6042ef2642a1 Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Wed, 11 Feb 2026 15:34:31 +0100
Subject: [PATCH 306/854] fix(ui): make relative time consistent with other
 text when selected (#11231)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Defines new css colours for theming:
```css
--color-selection-bg: var(--color-primary-light-1);
--color-selection-fg: var(--color-white);
```
which are then used both in the `base.css` and in the relative-time shadow object.

This, is how it looks for me when selecting before and after this patch (my Browser’s accent colour used for selection is orange):

| | Before  | After  |
|---|---|---|
| Forgejo Light | ![image](/attachments/aaee443e-c921-47bd-8c9f-d7260ef2b45e) | ![image](/attachments/e3089770-d9bb-40fa-ba68-e263ac2b0a7a) |
| Forgejo Dark | ![image](/attachments/cecefff6-39b4-4b8f-977f-773c3ec65297)| ![image](/attachments/cb6f0882-ad14-4463-952a-1c71505279db) |
| Gitea Light | ![image](/attachments/cd4200fa-3a6e-47e2-a1cd-c887dd6c0fbe) | ![image](/attachments/6294af16-9cf8-4ae7-acf3-6bd35c03e070) |
| Gitea Dark | ![image](/attachments/60193699-9b37-498e-b472-f37580c20755) | ![image](/attachments/42f5d4d1-e39a-424d-a65e-edb312300867) |

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11231
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
---
 web_src/css/base.css                       | 7 ++++---
 web_src/css/themes/theme-forgejo-dark.css  | 6 ++----
 web_src/css/themes/theme-forgejo-light.css | 6 ++----
 web_src/css/themes/theme-gitea-dark.css    | 2 ++
 web_src/css/themes/theme-gitea-light.css   | 2 ++
 web_src/js/webcomponents/relative-time.js  | 1 +
 6 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/web_src/css/base.css b/web_src/css/base.css
index b6c0b9cf49..a2837cf4f6 100644
--- a/web_src/css/base.css
+++ b/web_src/css/base.css
@@ -242,9 +242,10 @@ h1.error-code {
   background: var(--color-hover);
 }
 
-::selection {
-  background: var(--color-primary-light-1);
-  color: var(--color-white);
+::selection,
+relative-time::part(relative-time)::selection {
+  background: var(--color-selection-bg);
+  color: var(--color-selection-fg);
 }
 
 ::placeholder,
diff --git a/web_src/css/themes/theme-forgejo-dark.css b/web_src/css/themes/theme-forgejo-dark.css
index 1c5466b3c8..a89666725b 100644
--- a/web_src/css/themes/theme-forgejo-dark.css
+++ b/web_src/css/themes/theme-forgejo-dark.css
@@ -276,6 +276,8 @@
   --color-highlight-fg: var(--color-primary-light-4);
   --color-highlight-bg: var(--color-primary-alpha-20);
   --color-overlay-backdrop: #080808c0;
+  --color-selection-bg: var(--steel-100);
+  --color-selection-fg: var(--color-pure-black);
   /* pattern colors for image diff */
   --checkerboard-color-1: #474747;
   --checkerboard-color-2: #313131;
@@ -338,10 +340,6 @@ i.grey.icon.icon.icon.icon {
 .ui.yellow.label.pending-label {
   color: var(--color-warning-text) !important;
 }
-::selection {
-  background: var(--steel-100) !important;
-  color: var(--color-pure-black) !important;
-}
 strong.attention-important, svg.attention-important {
   color: var(--color-violet-light);
 }
diff --git a/web_src/css/themes/theme-forgejo-light.css b/web_src/css/themes/theme-forgejo-light.css
index be94290f5c..f0d7413072 100644
--- a/web_src/css/themes/theme-forgejo-light.css
+++ b/web_src/css/themes/theme-forgejo-light.css
@@ -274,6 +274,8 @@
   --color-highlight-fg: var(--color-primary-light-4);
   --color-highlight-bg: var(--color-primary-light-6);
   --color-overlay-backdrop: #080808c0;
+  --color-selection-bg: var(--steel-450);
+  --color-selection-fg: var(--color-white);
   /* pattern colors for gradient */
   --checkerboard-color-1: #ffffff;
   --checkerboard-color-2: #e5e5e5;
@@ -309,7 +311,3 @@
   background: var(--color-warning-bg) !important;
   color: var(--color-text-dark) !important;
 }
-::selection {
-  background: var(--steel-450) !important;
-  color: var(--color-white) !important;
-}
diff --git a/web_src/css/themes/theme-gitea-dark.css b/web_src/css/themes/theme-gitea-dark.css
index 31cf57b7c9..983d1ce6e2 100644
--- a/web_src/css/themes/theme-gitea-dark.css
+++ b/web_src/css/themes/theme-gitea-dark.css
@@ -234,6 +234,8 @@
   --color-highlight-fg: #87651e;
   --color-highlight-bg: #352c1c;
   --color-overlay-backdrop: #080808c0;
+  --color-selection-bg: var(--color-primary-light-1);
+  --color-selection-fg: var(--color-white);
   /* pattern colors for image diff */
   --checkerboard-color-1: #313131;
   --checkerboard-color-2: #212121;
diff --git a/web_src/css/themes/theme-gitea-light.css b/web_src/css/themes/theme-gitea-light.css
index 74272c738e..8d88f5e204 100644
--- a/web_src/css/themes/theme-gitea-light.css
+++ b/web_src/css/themes/theme-gitea-light.css
@@ -234,6 +234,8 @@
   --color-highlight-fg: #eed200;
   --color-highlight-bg: #fffbdd;
   --color-overlay-backdrop: #080808c0;
+  --color-selection-bg: var(--color-primary-light-1);
+  --color-selection-fg: var(--color-white);
   /* pattern colors for gradient */
   --checkerboard-color-1: #ffffff;
   --checkerboard-color-2: #e5e5e5;
diff --git a/web_src/js/webcomponents/relative-time.js b/web_src/js/webcomponents/relative-time.js
index 02bf8feffb..776955623a 100644
--- a/web_src/js/webcomponents/relative-time.js
+++ b/web_src/js/webcomponents/relative-time.js
@@ -199,6 +199,7 @@ window.customElements.define('relative-time', class extends HTMLElement {
     if (!this.shadowRoot) {
       this.attachShadow({mode: 'open'});
       this.contentSpan = document.createElement('span');
+      this.contentSpan.setAttribute('part', 'relative-time');
       this.shadowRoot.append(this.contentSpan);
     }
 

From 75d67e8ef263835cdbf1a34e66c4b1bc51263e0a Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Wed, 11 Feb 2026 16:23:00 +0100
Subject: [PATCH 307/854] Update Node.js to v24.13.1 (forgejo) (#11236)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11236
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .node-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.node-version b/.node-version
index cf2efde811..f94d3c2ea9 100644
--- a/.node-version
+++ b/.node-version
@@ -1 +1 @@
-24.13.0
\ No newline at end of file
+24.13.1
\ No newline at end of file

From c01404a3734d43ad59519555fffc22cd9f16d6e2 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Wed, 11 Feb 2026 17:59:43 +0100
Subject: [PATCH 308/854] chore: remove deprecated auth methods from API docs
 (#11232)

Remove the documentation for the deprecated authentication methods Token and AccessToken. The functionality remains in place because it's still in use.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11232
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Cyborus <cyborus@disroot.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 routers/api/v1/api.go          | 12 ------------
 templates/swagger/v1_json.tmpl | 18 ------------------
 2 files changed, 30 deletions(-)

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index d428294036..b8af31fa75 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -22,8 +22,6 @@
 //
 //	Security:
 //	- BasicAuth :
-//	- Token :
-//	- AccessToken :
 //	- AuthorizationHeaderToken :
 //	- SudoParam :
 //	- SudoHeader :
@@ -32,16 +30,6 @@
 //	SecurityDefinitions:
 //	BasicAuth:
 //	     type: basic
-//	Token:
-//	     type: apiKey
-//	     name: token
-//	     in: query
-//	     description: This authentication option is deprecated for removal in Forgejo v13.0.0. Please use AuthorizationHeaderToken instead.
-//	AccessToken:
-//	     type: apiKey
-//	     name: access_token
-//	     in: query
-//	     description: This authentication option is deprecated for removal in Forgejo v13.0.0. Please use AuthorizationHeaderToken instead.
 //	AuthorizationHeaderToken:
 //	     type: apiKey
 //	     name: Authorization
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index db2ca9dc13..da3b14da92 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -31592,12 +31592,6 @@
     }
   },
   "securityDefinitions": {
-    "AccessToken": {
-      "description": "This authentication option is deprecated for removal in Forgejo v13.0.0. Please use AuthorizationHeaderToken instead.",
-      "type": "apiKey",
-      "name": "access_token",
-      "in": "query"
-    },
     "AuthorizationHeaderToken": {
       "description": "API tokens must be prepended with \"token\" followed by a space.",
       "type": "apiKey",
@@ -31624,24 +31618,12 @@
       "type": "apiKey",
       "name": "X-FORGEJO-OTP",
       "in": "header"
-    },
-    "Token": {
-      "description": "This authentication option is deprecated for removal in Forgejo v13.0.0. Please use AuthorizationHeaderToken instead.",
-      "type": "apiKey",
-      "name": "token",
-      "in": "query"
     }
   },
   "security": [
     {
       "BasicAuth": []
     },
-    {
-      "Token": []
-    },
-    {
-      "AccessToken": []
-    },
     {
       "AuthorizationHeaderToken": []
     },

From 779198404020e8f501ef3709d23e5dc8534f0ae0 Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Wed, 11 Feb 2026 18:12:29 +0100
Subject: [PATCH 309/854] fix: correct Reviewed-on URL in merge message for
 subpath deployments (#11240)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: #11238

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Co-authored-by: Diego Díez <diegodiez.ddr@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11240
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
---
 services/pull/merge.go     | 7 +------
 services/pull/pull_test.go | 7 +++++++
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/services/pull/merge.go b/services/pull/merge.go
index 1bcd11406c..1d5e82e969 100644
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@@ -7,7 +7,6 @@ package pull
 import (
 	"context"
 	"fmt"
-	"net/url"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -80,11 +79,7 @@ func getMergeMessage(ctx context.Context, baseGitRepo *git.Repository, pr *issue
 		issueReference = "!"
 	}
 
-	issueURL, err := url.JoinPath(setting.AppURL, pr.Issue.Link())
-	if err != nil {
-		return "", "", err
-	}
-	reviewedOn := fmt.Sprintf("Reviewed-on: %s", issueURL)
+	reviewedOn := fmt.Sprintf("Reviewed-on: %s", pr.Issue.HTMLURL())
 	reviewedBy := pr.GetApprovers(ctx)
 
 	body = fmt.Sprintf("%s\n%s", reviewedOn, reviewedBy)
diff --git a/services/pull/pull_test.go b/services/pull/pull_test.go
index bf5c56eda1..1b8b95c1dc 100644
--- a/services/pull/pull_test.go
+++ b/services/pull/pull_test.go
@@ -14,6 +14,7 @@ import (
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
+	"forgejo.org/modules/setting"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -57,6 +58,12 @@ func TestPullRequest_GetDefaultMergeMessage_InternalTracker(t *testing.T) {
 	mergeMessage, _, err = GetDefaultMergeMessage(db.DefaultContext, gitRepo, pr, "")
 	require.NoError(t, err)
 	assert.Equal(t, "Merge pull request 'issue3' (#3) from user2/repo1:branch2 into master", mergeMessage)
+
+	setting.AppURL = "https://example.org/suburl/"
+	setting.AppSubURL = "/suburl"
+	_, body, err = GetDefaultMergeMessage(db.DefaultContext, gitRepo, pr, "")
+	require.NoError(t, err)
+	assert.Equal(t, "Reviewed-on: https://example.org/suburl/user2/repo1/pulls/3\n", body)
 }
 
 func TestPullRequest_GetDefaultMergeMessage_ExternalTracker(t *testing.T) {

From a6e1b4fe0317c6e7cbbce9117e2589eac0a71377 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Wed, 11 Feb 2026 18:21:25 +0100
Subject: [PATCH 310/854] chore(renovate): disable major updates on stable
 branches by default (#11243)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11243
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 renovate.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/renovate.json b/renovate.json
index ec84852076..0710f111b5 100644
--- a/renovate.json
+++ b/renovate.json
@@ -145,6 +145,12 @@
       "matchDepTypes": ["indirect"],
       "enabled": false
     },
+    {
+      "description": "Disable major updates for stable branches",
+      "matchBaseBranches": ["/^v\\d+\\.\\d+\\/forgejo$/"],
+      "matchUpdateTypes": ["major"],
+      "enabled": false
+    },
     {
       "description": "Require approval for stable branches (must be last rule to override all others)",
       "matchBaseBranches": ["/^v\\d+\\.\\d+\\/forgejo$/"],

From 172bb4cefe0dfb78e131b8d19963669708c8a211 Mon Sep 17 00:00:00 2001
From: famfo <famfo@famfo.xyz>
Date: Wed, 11 Feb 2026 19:08:24 +0100
Subject: [PATCH 311/854] chore(lint): enable nilnil (#11235)

The general consensus I have gotten from past contributions is that `return nil, nil` is an
antipattern in Forgejo, especially because:

```go
val, err := Func()
if err != nil {
    return
}
val.Func()
```

can easily lead to a nil pointer dereference.

This PR merely enables the lint and ignores all currently broken files. In addition to this PR,
a tracking issue to keep track of re-enabling nilnil linting on the ignored files could be
useful.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11235
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
---
 .golangci.yml | 236 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 236 insertions(+)

diff --git a/.golangci.yml b/.golangci.yml
index aed39e3c0e..1d0dcb489f 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -25,6 +25,7 @@ linters:
     - unused
     - usetesting
     - wastedassign
+    - nilnil
   settings:
     depguard:
       rules:
@@ -113,6 +114,8 @@ linters:
       disable:
         - error-is-as
         - go-require
+    nilnil:
+      only-two: false
   exclusions:
     generated: lax
     presets:
@@ -163,6 +166,239 @@ linters:
       - linters:
           - staticcheck
         text: "(ST1005|ST1003|QF1001):"
+
+      # TODO: eventually remove this section entirely
+      - path: cmd/admin_auth_ldap_test.go
+        linters:
+          - nilnil
+      - path: cmd/admin_auth_oauth_test.go
+        linters:
+          - nilnil
+      - path: cmd/admin_auth_pam_test.go
+        linters:
+          - nilnil
+      - path: cmd/cmd.go
+        linters:
+          - nilnil
+      - path: cmd/forgejo/actions.go
+        linters:
+          - nilnil
+      - path: models/actions/run.go
+        linters:
+          - nilnil
+      - path: models/actions/task.go
+        linters:
+          - nilnil
+      - path: models/activities/action_list.go
+        linters:
+          - nilnil
+      - path: models/asymkey/gpg_key_object_verification.go
+        linters:
+          - nilnil
+      - path: models/auth/oauth2.go
+        linters:
+          - nilnil
+      - path: models/db/collation.go
+        linters:
+          - nilnil
+      - path: models/dbfs/dbfile.go
+        linters:
+          - nilnil
+      - path: models/forgefed/federationhost_repository.go
+        linters:
+          - nilnil
+      - path: models/forgejo_migrations_legacy/v32.go
+        linters:
+          - nilnil
+      - path: models/forgejo_migrations_legacy/v32_test.go
+        linters:
+          - nilnil
+      - path: models/db/context.go
+        linters:
+          - nilnil
+      - path: models/git/branch_list.go
+        linters:
+          - nilnil
+      - path: models/git/lfs_lock.go
+        linters:
+          - nilnil
+      - path: models/git/protected_branch.go
+        linters:
+          - nilnil
+      - path: models/git/protected_tag.go
+        linters:
+          - nilnil
+      - path: models/issues/issue.go
+        linters:
+          - nilnil
+      - path: models/issues/issue_xref.go
+        linters:
+          - nilnil
+      - path: models/issues/review.go
+        linters:
+          - nilnil
+      - path: models/organization/org_user.go
+        linters:
+          - nilnil
+      - path: models/quota/rule.go
+        linters:
+          - nilnil
+      - path: models/repo/archiver.go
+        linters:
+          - nilnil
+      - path: models/repo/fork.go
+        linters:
+          - nilnil
+      - path: models/repo/topic.go
+        linters:
+          - nilnil
+      - path: models/user/email_address.go
+        linters:
+          - nilnil
+      - path: models/user/list.go
+        linters:
+          - nilnil
+      - path: models/user/user.go
+        linters:
+          - nilnil
+      - path: models/repo/repo.go
+        linters:
+          - nilnil
+      - path: models/user/user_repository.go
+        linters:
+          - nilnil
+      - path: modules/git/commit.go
+        linters:
+          - nilnil
+      - path: modules/git/foreachref/parser.go
+        linters:
+          - nilnil
+      - path: modules/git/last_commit_cache.go
+        linters:
+          - nilnil
+      - path: modules/git/log_name_status.go
+        linters:
+          - nilnil
+      - path: modules/graceful/net_unix.go
+        linters:
+          - nilnil
+      - path: modules/indexer/internal/bleve/util.go
+        linters:
+          - nilnil
+      - path: modules/indexer/issues/util.go
+        linters:
+          - nilnil
+      - path: modules/optional/serialization.go
+        linters:
+          - nilnil
+      - path: modules/setting/storage.go
+        linters:
+          - nilnil
+      - path: routers/api/packages/chef/auth.go
+        linters:
+          - nilnil
+      - path: routers/api/packages/container/auth.go
+        linters:
+          - nilnil
+      - path: routers/api/packages/nuget/auth.go
+        linters:
+          - nilnil
+      - path: routers/api/packages/swift/swift.go
+        linters:
+          - nilnil
+      - path: routers/web/auth/oauth.go
+        linters:
+          - nilnil
+      - path: routers/web/repo/compare.go
+        linters:
+          - nilnil
+      - path: routers/web/repo/release.go
+        linters:
+          - nilnil
+      - path: routers/web/repo/setting/runners.go
+        linters:
+          - nilnil
+      - path: routers/web/repo/setting/secrets.go
+        linters:
+          - nilnil
+      - path: routers/web/repo/setting/variables.go
+        linters:
+          - nilnil
+      - path: services/actions/context.go
+        linters:
+          - nilnil
+      - path: services/actions/task.go
+        linters:
+          - nilnil
+      - path: services/actions/trust.go
+        linters:
+          - nilnil
+      - path: services/auth/basic.go
+        linters:
+          - nilnil
+      - path: services/auth/httpsign.go
+        linters:
+          - nilnil
+      - path: services/auth/oauth2.go
+        linters:
+          - nilnil
+      - path: services/auth/reverseproxy.go
+        linters:
+          - nilnil
+      - path: services/auth/session.go
+        linters:
+          - nilnil
+      - path: services/contexttest/context_tests.go
+        linters:
+          - nilnil
+      - path: services/gitdiff/csv.go
+        linters:
+          - nilnil
+      - path: services/issue/assignee.go
+        linters:
+          - nilnil
+      - path: routers/api/packages/conan/auth.go
+        linters:
+          - nilnil
+      - path: services/federation/signature_service.go
+        linters:
+          - nilnil
+      - path: services/issue/commit.go
+        linters:
+          - nilnil
+      - path: services/issue/issue.go
+        linters:
+          - nilnil
+      - path: services/migrations/onedev.go
+        linters:
+          - nilnil
+      - path: services/packages/cargo/index.go
+        linters:
+          - nilnil
+      - path: services/pull/check.go
+        linters:
+          - nilnil
+      - path: services/pull/comment.go
+        linters:
+          - nilnil
+      - path: services/pull/merge.go
+        linters:
+          - nilnil
+      - path: services/pull/review.go
+        linters:
+          - nilnil
+      - path: services/remote/promote.go
+        linters:
+          - nilnil
+      - path: services/repository/archiver/archiver.go
+        linters:
+          - nilnil
+      - path: services/repository/generate_repo_commit.go
+        linters:
+          - nilnil
+      - path: services/repository/repository.go
+        linters:
+          - nilnil
     paths:
       - node_modules
       - public

From 9ea9582c9b64e6766644698694add0a8268950fd Mon Sep 17 00:00:00 2001
From: wandhydrant <wandhydrant@noreply.codeberg.org>
Date: Thu, 12 Feb 2026 03:12:32 +0100
Subject: [PATCH 312/854] fix: cleanup of multi-platform container images
 (#11246)

This change fixes an issue that makes Forgejo clean up too many versions of a container package even though it should keep them according to the rules set for the package.

The issue affects multi-platform container images.
Forgejo adds a package version for each platform (for example `linux/amd64`, `linux/arm64`) in addition to the actual tag (for example `0.6.0` or `latest`).

This results in rows in the table `package_version` similar to this (unimportant columns omitted for brevity):

| **lower_version** | **created_unix** |
|---|---|
| `latest` | `1768742887`|
| `0.6.0` | `1768742886` |
| `sha256:038e...` | `1768742886` |
| `sha256:fc38...` | `1768742886` |
| `0.5.0` | `1768742864` |
| `sha256:806d...` | `1768742864` |
| `sha256:0a19...` | `1768742864` |
| `0.4.0` | `1768742848` |
| `...` | `...` |

The code assumes that the first `<keep count>` entries can be ignored and considers every entry after `<keep count>` as eligible for cleanup.
That doesn't work for multi-platform container images because, for `<keep count>=5`, it considers version `0.4.0` as eligible.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11246): <!--number 11246 --><!--line 0 --><!--description Y2xlYW51cCBvZiBtdWx0aS1wbGF0Zm9ybSBjb250YWluZXIgaW1hZ2Vz-->cleanup of multi-platform container images<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11246
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: wandhydrant <wandhydrant@noreply.codeberg.org>
Co-committed-by: wandhydrant <wandhydrant@noreply.codeberg.org>
---
 services/packages/cleanup/cleanup.go      |  11 ++-
 services/packages/cleanup/cleanup_test.go | 104 ++++++++++++++++++++++
 2 files changed, 113 insertions(+), 2 deletions(-)
 create mode 100644 services/packages/cleanup/cleanup_test.go

diff --git a/services/packages/cleanup/cleanup.go b/services/packages/cleanup/cleanup.go
index fac2e62540..3c177abca4 100644
--- a/services/packages/cleanup/cleanup.go
+++ b/services/packages/cleanup/cleanup.go
@@ -136,8 +136,9 @@ func GetCleanupTargets(ctx context.Context, pcr *packages_model.PackageCleanupRu
 		if err != nil {
 			return nil, fmt.Errorf("failure to SearchVersions for package cleanup rule: %w", err)
 		}
-		keep := min(len(pvs), pcr.KeepCount)
-		for _, pv := range pvs[keep:] {
+
+		var keep int
+		for _, pv := range pvs {
 			if pcr.Type == packages_model.TypeContainer {
 				if skip := container_service.ShouldBeSkipped(pv); skip {
 					log.Debug("Rule[%d]: keep '%s/%s' (container)", pcr.ID, p.Name, pv.Version)
@@ -145,6 +146,12 @@ func GetCleanupTargets(ctx context.Context, pcr *packages_model.PackageCleanupRu
 				}
 			}
 
+			keep++
+			if pcr.KeepCount > 0 && keep <= pcr.KeepCount {
+				log.Debug("Rule[%d]: keep '%s/%s' (count)", pcr.ID, p.Name, pv.Version)
+				continue
+			}
+
 			toMatch := pv.LowerVersion
 			if pcr.MatchFullName {
 				toMatch = p.LowerName + "/" + pv.LowerVersion
diff --git a/services/packages/cleanup/cleanup_test.go b/services/packages/cleanup/cleanup_test.go
new file mode 100644
index 0000000000..d6c0f00400
--- /dev/null
+++ b/services/packages/cleanup/cleanup_test.go
@@ -0,0 +1,104 @@
+package container
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"testing"
+	"time"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/packages"
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/timeutil"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestGetCleanupTargets(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	ctx := db.DefaultContext
+
+	createPackageCleanupRule := func(t *testing.T, keepCount, removeDays int) *packages.PackageCleanupRule {
+		t.Helper()
+
+		pcr := packages.PackageCleanupRule{
+			Enabled:    true,
+			OwnerID:    2001,
+			Type:       packages.TypeContainer,
+			KeepCount:  keepCount,
+			RemoveDays: removeDays,
+		}
+		_, err := db.GetEngine(ctx).Insert(&pcr)
+		require.NoError(t, err)
+		return &pcr
+	}
+
+	createContainerVersions := func(t *testing.T, name string, count int) {
+		t.Helper()
+
+		p := packages.Package{
+			OwnerID:   2001,
+			Name:      name,
+			LowerName: name,
+			Type:      packages.TypeContainer,
+		}
+		_, err := db.GetEngine(ctx).Insert(&p)
+		require.NoError(t, err)
+
+		for i := range count {
+			version := fmt.Sprintf("0.%d.0", i+1)
+			created := time.Now().
+				Add(-720 * time.Hour).
+				Add(time.Duration(count-i) * time.Hour * -1).
+				Unix()
+
+			// Create the package version for the amd64 variant of a multi-platform OCI image
+			platformAmd64Hash := sha256.New()
+			platformAmd64Hash.Write([]byte(version + "amd64"))
+			platformAmd64Version := "sha256:" + hex.EncodeToString(platformAmd64Hash.Sum(nil))
+			platformAmd64PackageVersion := packages.PackageVersion{
+				PackageID:    p.ID,
+				Version:      platformAmd64Version,
+				LowerVersion: platformAmd64Version,
+				CreatedUnix:  timeutil.TimeStamp(created),
+			}
+			_, err = db.GetEngine(ctx).NoAutoTime().Insert(&platformAmd64PackageVersion)
+			require.NoError(t, err)
+
+			// Create the package version for the arm64 variant of a multi-platform OCI image
+			platformArm64Hash := sha256.New()
+			platformArm64Hash.Write([]byte(version + "arm64"))
+			platformArm64Version := "sha256:" + hex.EncodeToString(platformArm64Hash.Sum(nil))
+			platformArm64PackageVersion := packages.PackageVersion{
+				PackageID:    p.ID,
+				Version:      platformArm64Version,
+				LowerVersion: platformArm64Version,
+				CreatedUnix:  timeutil.TimeStamp(created),
+			}
+			_, err = db.GetEngine(ctx).NoAutoTime().Insert(&platformArm64PackageVersion)
+			require.NoError(t, err)
+
+			// Create the package version for tagged manifest of a multi-platform OCI image
+			v := packages.PackageVersion{
+				PackageID:    p.ID,
+				Version:      version,
+				LowerVersion: version,
+				CreatedUnix:  timeutil.TimeStamp(created),
+			}
+			_, err = db.GetEngine(ctx).NoAutoTime().Insert(&v)
+			require.NoError(t, err)
+		}
+	}
+
+	t.Run("keeps the last five versions of multi-platform container images", func(t *testing.T) {
+		pcr := createPackageCleanupRule(t, 5, 7)
+		// Create versions 0.1.0 to 0.6.0
+		createContainerVersions(t, "unit/test", 6)
+		targets, err := GetCleanupTargets(ctx, pcr, true)
+		require.NoError(t, err)
+		require.Len(t, targets, 1)
+		require.Equal(t, "0.1.0", targets[0].PackageVersion.LowerVersion)
+	})
+}

From cd088f21a86c0101159697947faef2f18b1cc5d5 Mon Sep 17 00:00:00 2001
From: panc <pan0xc@foxmail.com>
Date: Fri, 13 Feb 2026 13:19:17 +0100
Subject: [PATCH 313/854] fix(ui): fix gap consistency between navbar items on
 mobile (#11262)

The navigation menu on mobile is divided into two sections, but there is no gap between them. I referred to the following code and set the gap to `gap: .35714286em`
```CSS
.ui.secondary.menu {
  margin-left: 0;
  margin-right: 0;
  gap: .35714286em;
}
```

| Before | After |
|--------|-------|
| ![image](/attachments/b3235ead-d2b2-4383-aae5-fcd7906d8414) | ![image](/attachments/5136c0c6-85ac-47b3-9a4e-ca12bc19caca) |

| Before | After |
|--------|-------|
| ![image](/attachments/f5425f2f-0a07-4127-bfab-5eb53b54df1e) | ![image](/attachments/86bdfae8-fd6d-429a-b89d-fe83acf37170) |

Another thing to note is that the dot of the stopwatch extends beyond the background.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11262
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: panc <pan0xc@foxmail.com>
Co-committed-by: panc <pan0xc@foxmail.com>
---
 web_src/css/modules/navbar.css | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web_src/css/modules/navbar.css b/web_src/css/modules/navbar.css
index ab905196a8..999938c9a5 100644
--- a/web_src/css/modules/navbar.css
+++ b/web_src/css/modules/navbar.css
@@ -78,6 +78,7 @@
   /* show items if the navbar is open */
   #navbar.navbar-menu-open {
     padding-bottom: 8px;
+    gap: .35714286em;
   }
   #navbar.navbar-menu-open,
   #navbar.navbar-menu-open .navbar-right {

From ef7acda8bed681fa07f874cdcf93c82d115d8721 Mon Sep 17 00:00:00 2001
From: Roberto Vidal <roberto.vidal@ikumene.com>
Date: Fri, 13 Feb 2026 18:04:19 +0100
Subject: [PATCH 314/854] fix: return bad request on malformed packages upload
 input (#10954)

I noticed that the wrong content type in an `/upload` request can trigger a 500, and I'm guessing it is more appropriate to return 400 instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10954
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Roberto Vidal <roberto.vidal@ikumene.com>
Co-committed-by: Roberto Vidal <roberto.vidal@ikumene.com>
---
 routers/api/packages/alpine/alpine.go           |  6 +++++-
 routers/api/packages/alt/alt.go                 |  6 +++++-
 routers/api/packages/arch/arch.go               |  6 +++++-
 routers/api/packages/conan/conan.go             |  6 +++++-
 routers/api/packages/conda/conda.go             |  6 +++++-
 routers/api/packages/cran/cran.go               |  6 +++++-
 routers/api/packages/debian/debian.go           |  6 +++++-
 routers/api/packages/generic/generic.go         |  6 +++++-
 routers/api/packages/goproxy/goproxy.go         |  6 +++++-
 routers/api/packages/helm/helm.go               |  6 +++++-
 routers/api/packages/nuget/nuget.go             |  6 +++++-
 routers/api/packages/rpm/rpm.go                 |  6 +++++-
 routers/api/packages/rubygems/rubygems.go       |  6 +++++-
 routers/api/packages/vagrant/vagrant.go         |  6 +++++-
 services/context/context_request.go             |  4 ++++
 tests/integration/api_packages_alpine_test.go   |  5 +++++
 tests/integration/api_packages_alt_test.go      |  5 +++++
 tests/integration/api_packages_arch_test.go     |  4 ++++
 tests/integration/api_packages_conan_test.go    |  5 +++++
 tests/integration/api_packages_conda_test.go    | 10 ++++++++++
 tests/integration/api_packages_cran_test.go     |  6 ++++++
 tests/integration/api_packages_debian_test.go   |  5 +++++
 tests/integration/api_packages_generic_test.go  |  5 +++++
 tests/integration/api_packages_goproxy_test.go  |  5 +++++
 tests/integration/api_packages_helm_test.go     |  5 +++++
 tests/integration/api_packages_nuget_test.go    |  5 +++++
 tests/integration/api_packages_rpm_test.go      |  5 +++++
 tests/integration/api_packages_rubygems_test.go |  9 +++++++++
 tests/integration/api_packages_vagrant_test.go  |  5 +++++
 29 files changed, 153 insertions(+), 14 deletions(-)

diff --git a/routers/api/packages/alpine/alpine.go b/routers/api/packages/alpine/alpine.go
index dc992ebb5a..d0e0c0f651 100644
--- a/routers/api/packages/alpine/alpine.go
+++ b/routers/api/packages/alpine/alpine.go
@@ -146,7 +146,11 @@ func UploadPackageFile(ctx *context.Context) {
 
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/alt/alt.go b/routers/api/packages/alt/alt.go
index a118459ce3..98c5cdd552 100644
--- a/routers/api/packages/alt/alt.go
+++ b/routers/api/packages/alt/alt.go
@@ -78,7 +78,11 @@ func GetRepositoryFile(ctx *context.Context, arch string) {
 func UploadPackageFile(ctx *context.Context) {
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/arch/arch.go b/routers/api/packages/arch/arch.go
index a45f38dd08..f177412715 100644
--- a/routers/api/packages/arch/arch.go
+++ b/routers/api/packages/arch/arch.go
@@ -64,7 +64,11 @@ func PushPackage(ctx *context.Context) {
 	defer releaser()
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/conan/conan.go b/routers/api/packages/conan/conan.go
index 927d131309..3a95a883c5 100644
--- a/routers/api/packages/conan/conan.go
+++ b/routers/api/packages/conan/conan.go
@@ -316,7 +316,11 @@ func uploadFile(ctx *context.Context, fileFilter container.Set[string], fileKey
 
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusBadRequest, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/conda/conda.go b/routers/api/packages/conda/conda.go
index 52872d2543..57db8096d4 100644
--- a/routers/api/packages/conda/conda.go
+++ b/routers/api/packages/conda/conda.go
@@ -176,7 +176,11 @@ func EnumeratePackages(ctx *context.Context) {
 func UploadPackageFile(ctx *context.Context) {
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/cran/cran.go b/routers/api/packages/cran/cran.go
index f73111278f..65408146ee 100644
--- a/routers/api/packages/cran/cran.go
+++ b/routers/api/packages/cran/cran.go
@@ -153,7 +153,11 @@ func UploadBinaryPackageFile(ctx *context.Context) {
 func uploadPackageFile(ctx *context.Context, compositeKey string, properties map[string]string) {
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusBadRequest, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/debian/debian.go b/routers/api/packages/debian/debian.go
index 49b2153724..dbab9d9ee6 100644
--- a/routers/api/packages/debian/debian.go
+++ b/routers/api/packages/debian/debian.go
@@ -129,7 +129,11 @@ func UploadPackageFile(ctx *context.Context) {
 
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/generic/generic.go b/routers/api/packages/generic/generic.go
index b84b902d2b..d61a9b4cbd 100644
--- a/routers/api/packages/generic/generic.go
+++ b/routers/api/packages/generic/generic.go
@@ -92,7 +92,11 @@ func UploadPackage(ctx *context.Context) {
 
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/goproxy/goproxy.go b/routers/api/packages/goproxy/goproxy.go
index 488850ecbf..b2a5bda177 100644
--- a/routers/api/packages/goproxy/goproxy.go
+++ b/routers/api/packages/goproxy/goproxy.go
@@ -156,7 +156,11 @@ func resolvePackage(ctx *context.Context, ownerID int64, name, version string) (
 func UploadPackage(ctx *context.Context) {
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/helm/helm.go b/routers/api/packages/helm/helm.go
index 0dfc1aeb93..b4dbc30e46 100644
--- a/routers/api/packages/helm/helm.go
+++ b/routers/api/packages/helm/helm.go
@@ -145,7 +145,11 @@ func DownloadPackageFile(ctx *context.Context) {
 func UploadPackage(ctx *context.Context) {
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/nuget/nuget.go b/routers/api/packages/nuget/nuget.go
index 254f4311c1..26b4efa2c8 100644
--- a/routers/api/packages/nuget/nuget.go
+++ b/routers/api/packages/nuget/nuget.go
@@ -606,7 +606,11 @@ func processUploadedFile(ctx *context.Context, expectedType nuget_module.Package
 
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusBadRequest, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return nil, nil, closables
 	}
 
diff --git a/routers/api/packages/rpm/rpm.go b/routers/api/packages/rpm/rpm.go
index cdbf893183..59bb1c4057 100644
--- a/routers/api/packages/rpm/rpm.go
+++ b/routers/api/packages/rpm/rpm.go
@@ -119,7 +119,11 @@ func GetRepositoryFile(ctx *context.Context) {
 func UploadPackageFile(ctx *context.Context) {
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/rubygems/rubygems.go b/routers/api/packages/rubygems/rubygems.go
index eed19467ff..e9fc58c27b 100644
--- a/routers/api/packages/rubygems/rubygems.go
+++ b/routers/api/packages/rubygems/rubygems.go
@@ -285,7 +285,11 @@ func DownloadPackageFile(ctx *context.Context) {
 func UploadPackageFile(ctx *context.Context) {
 	upload, needToClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusBadRequest, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needToClose {
diff --git a/routers/api/packages/vagrant/vagrant.go b/routers/api/packages/vagrant/vagrant.go
index 26131c2cf2..c43567fddd 100644
--- a/routers/api/packages/vagrant/vagrant.go
+++ b/routers/api/packages/vagrant/vagrant.go
@@ -151,7 +151,11 @@ func UploadPackageFile(ctx *context.Context) {
 
 	upload, needsClose, err := ctx.UploadStream()
 	if err != nil {
-		apiError(ctx, http.StatusInternalServerError, err)
+		if context.IsFormError(err) {
+			apiError(ctx, http.StatusBadRequest, err)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
 		return
 	}
 	if needsClose {
diff --git a/services/context/context_request.go b/services/context/context_request.go
index 984b9ac793..c04b7df19f 100644
--- a/services/context/context_request.go
+++ b/services/context/context_request.go
@@ -30,3 +30,7 @@ func (ctx *Context) UploadStream() (rd io.ReadCloser, needToClose bool, err erro
 	}
 	return ctx.Req.Body, false, nil
 }
+
+func IsFormError(err error) bool {
+	return err == http.ErrMissingFile || err == http.ErrMissingBoundary
+}
diff --git a/tests/integration/api_packages_alpine_test.go b/tests/integration/api_packages_alpine_test.go
index d3cf56394c..9d4d2de126 100644
--- a/tests/integration/api_packages_alpine_test.go
+++ b/tests/integration/api_packages_alpine_test.go
@@ -91,6 +91,11 @@ Djfa/2q5bH4699v++uMAAAAAAAAAAAAAAAAAAAAAAHbgA/eXQh8AKAAA`
 						AddBasicAuth(user.Name)
 					MakeRequest(t, req, http.StatusBadRequest)
 
+					req = NewRequestWithBody(t, "PUT", uploadURL, bytes.NewReader(content)).
+						AddBasicAuth(user.Name).
+						SetHeader("content-type", "multipart/form-data")
+					MakeRequest(t, req, http.StatusBadRequest)
+
 					req = NewRequestWithBody(t, "PUT", uploadURL, bytes.NewReader(content)).
 						AddBasicAuth(user.Name)
 					MakeRequest(t, req, http.StatusCreated)
diff --git a/tests/integration/api_packages_alt_test.go b/tests/integration/api_packages_alt_test.go
index 1a0ba339c6..a15accdbbd 100644
--- a/tests/integration/api_packages_alt_test.go
+++ b/tests/integration/api_packages_alt_test.go
@@ -106,6 +106,11 @@ enabled=1`,
 				req := NewRequestWithBody(t, "PUT", url, bytes.NewReader(content))
 				MakeRequest(t, req, http.StatusUnauthorized)
 
+				req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
+					AddBasicAuth(user.Name).
+					SetHeader("content-type", "multipart/form-data")
+				MakeRequest(t, req, http.StatusBadRequest)
+
 				req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
 					AddBasicAuth(user.Name)
 				MakeRequest(t, req, http.StatusCreated)
diff --git a/tests/integration/api_packages_arch_test.go b/tests/integration/api_packages_arch_test.go
index 2463fd1c8e..8b3662478b 100644
--- a/tests/integration/api_packages_arch_test.go
+++ b/tests/integration/api_packages_arch_test.go
@@ -142,6 +142,10 @@ HMhNSS1IzUsBcpJAPFAwwUXSM0u4BjoaR8EoGAWjgGQAAILFeyQADAAA
 
 			req := NewRequestWithBody(t, "PUT", groupURL, bytes.NewReader(pkgs["any"]))
 			MakeRequest(t, req, http.StatusUnauthorized)
+			req = NewRequestWithBody(t, "PUT", groupURL, bytes.NewReader(pkgs["any"])).
+				AddBasicAuth(user.Name).
+				SetHeader("content-type", "multipart/form-data")
+			MakeRequest(t, req, http.StatusBadRequest)
 
 			req = NewRequestWithBody(t, "PUT", groupURL, bytes.NewReader(pkgs["any"])).
 				AddBasicAuth(user.Name)
diff --git a/tests/integration/api_packages_conan_test.go b/tests/integration/api_packages_conan_test.go
index 02a716b671..0e4e4a75e3 100644
--- a/tests/integration/api_packages_conan_test.go
+++ b/tests/integration/api_packages_conan_test.go
@@ -117,6 +117,11 @@ func uploadConanPackageV1(t *testing.T, baseURL, token, name, version, user, cha
 	uploadURL := uploadURLs[conanfileName]
 	assert.NotEmpty(t, uploadURL)
 
+	req = NewRequestWithBody(t, "PUT", uploadURL, strings.NewReader(contentConanfile)).
+		AddTokenAuth(token).
+		SetHeader("content-type", "multipart/form-data")
+	MakeRequest(t, req, http.StatusBadRequest)
+
 	req = NewRequestWithBody(t, "PUT", uploadURL, strings.NewReader(contentConanfile)).
 		AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusCreated)
diff --git a/tests/integration/api_packages_conda_test.go b/tests/integration/api_packages_conda_test.go
index 6924968d35..7a1d88f329 100644
--- a/tests/integration/api_packages_conda_test.go
+++ b/tests/integration/api_packages_conda_test.go
@@ -67,6 +67,11 @@ func TestPackageConda(t *testing.T) {
 			req := NewRequestWithBody(t, "PUT", root+"/"+filename, bytes.NewReader(buf.Bytes()))
 			MakeRequest(t, req, http.StatusUnauthorized)
 
+			req = NewRequestWithBody(t, "PUT", root+"/"+filename, bytes.NewReader(buf.Bytes())).
+				AddBasicAuth(user.Name).
+				SetHeader("content-type", "multipart/form-data")
+			MakeRequest(t, req, http.StatusBadRequest)
+
 			req = NewRequestWithBody(t, "PUT", root+"/"+filename, bytes.NewReader(buf.Bytes())).
 				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusCreated)
@@ -108,6 +113,11 @@ func TestPackageConda(t *testing.T) {
 			req := NewRequestWithBody(t, "PUT", root+"/"+channel+"/"+filename, bytes.NewReader(buf.Bytes()))
 			MakeRequest(t, req, http.StatusUnauthorized)
 
+			req = NewRequestWithBody(t, "PUT", root+"/"+channel+"/"+filename, bytes.NewReader(buf.Bytes())).
+				AddBasicAuth(user.Name).
+				SetHeader("content-type", "multipart/form-data")
+			MakeRequest(t, req, http.StatusBadRequest)
+
 			req = NewRequestWithBody(t, "PUT", root+"/"+channel+"/"+filename, bytes.NewReader(buf.Bytes())).
 				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusCreated)
diff --git a/tests/integration/api_packages_cran_test.go b/tests/integration/api_packages_cran_test.go
index 2326d36171..29907bb74d 100644
--- a/tests/integration/api_packages_cran_test.go
+++ b/tests/integration/api_packages_cran_test.go
@@ -78,6 +78,12 @@ func TestPackageCran(t *testing.T) {
 			)).AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusBadRequest)
 
+			req = NewRequestWithBody(t, "PUT", uploadURL, createArchive(
+				"package/DESCRIPTION",
+				createDescription(packageName, packageVersion),
+			)).AddBasicAuth(user.Name).SetHeader("content-type", "multipart/form-data")
+			MakeRequest(t, req, http.StatusBadRequest)
+
 			req = NewRequestWithBody(t, "PUT", uploadURL, createArchive(
 				"package/DESCRIPTION",
 				createDescription(packageName, packageVersion),
diff --git a/tests/integration/api_packages_debian_test.go b/tests/integration/api_packages_debian_test.go
index d5d093a435..40e20aa632 100644
--- a/tests/integration/api_packages_debian_test.go
+++ b/tests/integration/api_packages_debian_test.go
@@ -98,6 +98,11 @@ func TestPackageDebian(t *testing.T) {
 								AddBasicAuth(user.Name)
 							MakeRequest(t, req, http.StatusBadRequest)
 
+							req = NewRequestWithBody(t, "PUT", uploadURL, createArchive(packageName, packageVersion, architecture)).
+								AddBasicAuth(user.Name).
+								SetHeader("content-type", "multipart/form-data")
+							MakeRequest(t, req, http.StatusBadRequest)
+
 							req = NewRequestWithBody(t, "PUT", uploadURL, createArchive(packageName, packageVersion, architecture)).
 								AddBasicAuth(user.Name)
 							MakeRequest(t, req, http.StatusCreated)
diff --git a/tests/integration/api_packages_generic_test.go b/tests/integration/api_packages_generic_test.go
index 5a3727cae5..ab65b76f15 100644
--- a/tests/integration/api_packages_generic_test.go
+++ b/tests/integration/api_packages_generic_test.go
@@ -37,6 +37,11 @@ func TestPackageGeneric(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 
 		req := NewRequestWithBody(t, "PUT", url+"/"+filename, bytes.NewReader(content)).
+			AddBasicAuth(user.Name).
+			SetHeader("content-type", "multipart/form-data")
+		MakeRequest(t, req, http.StatusBadRequest)
+
+		req = NewRequestWithBody(t, "PUT", url+"/"+filename, bytes.NewReader(content)).
 			AddBasicAuth(user.Name)
 		MakeRequest(t, req, http.StatusCreated)
 
diff --git a/tests/integration/api_packages_goproxy_test.go b/tests/integration/api_packages_goproxy_test.go
index 1b95da8650..2e3a10f239 100644
--- a/tests/integration/api_packages_goproxy_test.go
+++ b/tests/integration/api_packages_goproxy_test.go
@@ -61,6 +61,11 @@ func TestPackageGo(t *testing.T) {
 			packageName + "@" + packageVersion + "/go.mod": []byte(goModContent),
 		})
 
+		req = NewRequestWithBody(t, "PUT", url+"/upload", bytes.NewReader(content)).
+			AddBasicAuth(user.Name).
+			SetHeader("content-type", "multipart/form-data")
+		MakeRequest(t, req, http.StatusBadRequest)
+
 		req = NewRequestWithBody(t, "PUT", url+"/upload", bytes.NewReader(content)).
 			AddBasicAuth(user.Name)
 		MakeRequest(t, req, http.StatusCreated)
diff --git a/tests/integration/api_packages_helm_test.go b/tests/integration/api_packages_helm_test.go
index 922f4d1469..a4f1df892c 100644
--- a/tests/integration/api_packages_helm_test.go
+++ b/tests/integration/api_packages_helm_test.go
@@ -94,6 +94,11 @@ dependencies:
 		require.NoError(t, err)
 		assert.Equal(t, int64(len(content)), pb.Size)
 
+		req = NewRequestWithBody(t, "POST", uploadURL, bytes.NewReader(content)).
+			AddBasicAuth(user.Name).
+			SetHeader("content-type", "multipart/form-data")
+		MakeRequest(t, req, http.StatusBadRequest)
+
 		req = NewRequestWithBody(t, "POST", uploadURL, bytes.NewReader(content)).
 			AddBasicAuth(user.Name)
 		MakeRequest(t, req, http.StatusCreated)
diff --git a/tests/integration/api_packages_nuget_test.go b/tests/integration/api_packages_nuget_test.go
index 5596925d86..9db2aed60d 100644
--- a/tests/integration/api_packages_nuget_test.go
+++ b/tests/integration/api_packages_nuget_test.go
@@ -276,6 +276,11 @@ func TestPackageNuGet(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
 			req := NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
+				AddBasicAuth(user.Name).
+				SetHeader("content-type", "multipart/form-data")
+			MakeRequest(t, req, http.StatusBadRequest)
+
+			req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
 				AddBasicAuth(user.Name)
 			MakeRequest(t, req, http.StatusCreated)
 
diff --git a/tests/integration/api_packages_rpm_test.go b/tests/integration/api_packages_rpm_test.go
index 89faa7a67f..7bffd32e61 100644
--- a/tests/integration/api_packages_rpm_test.go
+++ b/tests/integration/api_packages_rpm_test.go
@@ -124,6 +124,11 @@ gpgkey=%sapi/packages/%s/rpm/repository.key`,
 				req := NewRequestWithBody(t, "PUT", url, bytes.NewReader(content))
 				MakeRequest(t, req, http.StatusUnauthorized)
 
+				req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
+					AddBasicAuth(user.Name).
+					SetHeader("content-type", "multipart/form-data")
+				MakeRequest(t, req, http.StatusBadRequest)
+
 				req = NewRequestWithBody(t, "PUT", url, bytes.NewReader(content)).
 					AddBasicAuth(user.Name)
 				MakeRequest(t, req, http.StatusCreated)
diff --git a/tests/integration/api_packages_rubygems_test.go b/tests/integration/api_packages_rubygems_test.go
index 97c2c8bb5f..30a58c33b7 100644
--- a/tests/integration/api_packages_rubygems_test.go
+++ b/tests/integration/api_packages_rubygems_test.go
@@ -369,6 +369,15 @@ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==`)
 		assert.Equal(t, "ruby", pd.Metadata.(*rubygems.Metadata).Platform)
 	})
 
+	t.Run("UploadBadRequest", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequestWithBody(t, "POST", fmt.Sprintf("%s/api/v1/gems", root), bytes.NewReader(gemContent)).
+			AddBasicAuth(user.Name).
+			SetHeader("content-type", "multipart/form-data")
+		MakeRequest(t, req, http.StatusBadRequest)
+	})
+
 	t.Run("UploadExists", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 
diff --git a/tests/integration/api_packages_vagrant_test.go b/tests/integration/api_packages_vagrant_test.go
index b9977d61c5..b780a12e62 100644
--- a/tests/integration/api_packages_vagrant_test.go
+++ b/tests/integration/api_packages_vagrant_test.go
@@ -83,6 +83,11 @@ func TestPackageVagrant(t *testing.T) {
 		req = NewRequestWithBody(t, "PUT", uploadURL, bytes.NewReader(content))
 		MakeRequest(t, req, http.StatusUnauthorized)
 
+		req = NewRequestWithBody(t, "PUT", uploadURL, bytes.NewReader(content)).
+			AddBasicAuth(user.Name).
+			SetHeader("content-type", "multipart/form-data")
+		MakeRequest(t, req, http.StatusBadRequest)
+
 		req = NewRequestWithBody(t, "PUT", uploadURL, bytes.NewReader(content)).
 			AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusCreated)

From 62ad4669f9830ad015c66c9747c86527de43ab59 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Fri, 13 Feb 2026 22:11:26 +0100
Subject: [PATCH 315/854] ci: ensure correct node version (#11280)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11280
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 .forgejo/workflows/testing.yml |  5 +++++
 package-lock.json              | 35 +---------------------------------
 2 files changed, 6 insertions(+), 34 deletions(-)

diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index 64c5dbc72d..709ab71e18 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -35,6 +35,11 @@ jobs:
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
+
+      - uses: https://data.forgejo.org/actions/setup-node@v6
+        with:
+          node-version-file: .node-version
+
       - run: make deps-frontend
       - run: make lint-frontend
       - run: make checks-frontend
diff --git a/package-lock.json b/package-lock.json
index 1e91d2a09d..538f12d1a4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -302,7 +302,6 @@
       "integrity": "sha512-CYDD3SOtsHtyXeEORYRx2qBtpDJFjRTGXUtmNEMGyzYOKj1TE3tycdlho7kA1Ufx9OYWZzg52QFBGALTirzDSw==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@keyv/serialize": "^1.1.1"
       }
@@ -372,7 +371,6 @@
       "resolved": "https://registry.npmjs.org/@citation-js/core/-/core-0.7.21.tgz",
       "integrity": "sha512-Vobv2/Yfnn6C6BVO/pvj7madQ7Mfzl83/jAWwixbemGF6ZThhGMz8++FD9hWHyHXDMYuLGa6fK68c2VsolZmTA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@citation-js/date": "^0.5.0",
         "@citation-js/name": "^0.4.2",
@@ -805,7 +803,6 @@
         }
       ],
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=18"
       },
@@ -846,7 +843,6 @@
         }
       ],
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=18"
       }
@@ -4331,7 +4327,6 @@
       "integrity": "sha512-BtE0k6cjwjLZoZixN0t5AKP0kSzlGu7FctRXYuPAm//aaiZhmfq1JwdYpYr1brzEspYyFeF+8XF5j2VK6oalrA==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@typescript-eslint/scope-manager": "8.54.0",
         "@typescript-eslint/types": "8.54.0",
@@ -5404,7 +5399,6 @@
       "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
       "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
       "license": "MIT",
-      "peer": true,
       "bin": {
         "acorn": "bin/acorn"
       },
@@ -5439,7 +5433,6 @@
       "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
       "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "fast-deep-equal": "^3.1.3",
         "fast-uri": "^3.0.1",
@@ -5884,7 +5877,6 @@
         }
       ],
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "baseline-browser-mapping": "^2.9.0",
         "caniuse-lite": "^1.0.30001759",
@@ -6142,7 +6134,6 @@
       "resolved": "https://registry.npmjs.org/chart.js/-/chart.js-4.5.1.tgz",
       "integrity": "sha512-GIjfiT9dbmHRiYi6Nl2yFCq7kkwdkp1W/lp2J99rX0yo9tgJGn3lKQATztIjb5tVtevcBtIdICNWqlq5+E8/Pw==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@kurkle/color": "^0.3.0"
       },
@@ -6181,7 +6172,6 @@
       "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-11.0.3.tgz",
       "integrity": "sha512-ci2iJH6LeIkvP9eJW6gpueU8cnZhv85ELY8w8WiFtNjMHA5ad6pQLaJo9mEly/9qUyCpvqX8/POVUTf18/HFdw==",
       "license": "Apache-2.0",
-      "peer": true,
       "dependencies": {
         "@chevrotain/cst-dts-gen": "11.0.3",
         "@chevrotain/gast": "11.0.3",
@@ -6675,7 +6665,6 @@
       "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.33.1.tgz",
       "integrity": "sha512-iJc4TwyANnOGR1OmWhsS9ayRS3s+XQ185FmuHObThD+5AeJCakAAbWv8KimMTt08xCCLNgneQwFp+JRJOr9qGQ==",
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=0.10"
       }
@@ -7079,7 +7068,6 @@
       "resolved": "https://registry.npmjs.org/d3-selection/-/d3-selection-3.0.0.tgz",
       "integrity": "sha512-fmTRWbNMmsmWq6xJV8D19U/gw/bwrHfNXxrIN+HfZgnzqTHp9jOmKMhsTUjXOJnZOdZY9Q28y4yebKzqDKlxlQ==",
       "license": "ISC",
-      "peer": true,
       "engines": {
         "node": ">=12"
       }
@@ -7239,8 +7227,7 @@
       "version": "1.11.18",
       "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.18.tgz",
       "integrity": "sha512-zFBQ7WFRvVRhKcWoUh+ZA1g2HVgUbsZm9sbddh8EC5iv93sui8DVVz1Npvz+r6meo9VKfa8NyLWBsQK1VvIKPA==",
-      "license": "MIT",
-      "peer": true
+      "license": "MIT"
     },
     "node_modules/debug": {
       "version": "4.4.3",
@@ -7932,7 +7919,6 @@
       "integrity": "sha512-LEyamqS7W5HB3ujJyvi0HQK/dtVINZvd5mAAp9eT5S/ujByGjiZLCzPcHVzuXbpJDJF/cxwHlfceVUDZ2lnSTw==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.8.0",
         "@eslint-community/regexpp": "^4.12.1",
@@ -8082,7 +8068,6 @@
       "integrity": "sha512-vPZZsiOKaBAIATpFE2uMI4w5IRwdv/FpQ+qZZMR4E+PeOcM4OeoEbqxRMnywdxP19TyB/3h6QBB0EWon7letSQ==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@typescript-eslint/types": "^8.35.0",
         "comment-parser": "^1.4.1",
@@ -9177,7 +9162,6 @@
       "integrity": "sha512-QsCdAUHAmiDeKeaNojb1OHOPF7NjcWPBR7obdu3NwH2a/oyQaLg5d0aaCy/9My6CdPChYF07dvz5chaXBGaD4g==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@types/node": "^20.0.0",
         "@types/whatwg-mimetype": "^3.0.2",
@@ -10428,7 +10412,6 @@
       "integrity": "sha512-B7qPcEVE3NVkmSJbaYxvv4cHkVW7DQsZz13pUMrfS8z8Q/BuShN+gcTXrUlPiGqM2/t/EEaI030bpxMqY8gMlw==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">= 10.16.0"
       }
@@ -12474,7 +12457,6 @@
       "integrity": "sha512-agTcKlMw/mjBWOnD6kFZttAAGHgi/Nw0CZ2o6JqWSbMlI219lAFLZZCyqByTsvVAJq5XA5H8cA6PrvBRpBWEuQ==",
       "dev": true,
       "license": "Apache-2.0",
-      "peer": true,
       "bin": {
         "playwright-core": "cli.js"
       },
@@ -12547,7 +12529,6 @@
         }
       ],
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "nanoid": "^3.3.11",
         "picocolors": "^1.1.1",
@@ -12890,7 +12871,6 @@
       "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-7.1.1.tgz",
       "integrity": "sha512-orRsuYpJVw8LdAwqqLykBj9ecS5/cRHlI5+nvTo8LcCKmzDmqVORXtOIYEEQuL9D4BxtA1lm5isAqzQZCoQ6Eg==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "cssesc": "^3.0.0",
         "util-deprecate": "^1.0.2"
@@ -13386,7 +13366,6 @@
       "integrity": "sha512-fS6iqSPZDs3dr/y7Od6y5nha8dW1YnbgtsyotCVvoFGKbERG++CVRFv1meyGDE1SNItQA8BrnCw7ScdAhRJ3XQ==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "bin": {
         "rollup": "dist/bin/rollup"
       },
@@ -13619,7 +13598,6 @@
       "resolved": "https://registry.npmjs.org/seroval/-/seroval-1.5.0.tgz",
       "integrity": "sha512-OE4cvmJ1uSPrKorFIH9/w/Qwuvi/IMcGbv5RKgcJ/zjA/IohDLU6SVaxFN9FwajbP7nsX0dQqMDes1whk3y+yw==",
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=10"
       }
@@ -13928,7 +13906,6 @@
       "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.9.11.tgz",
       "integrity": "sha512-WEJtcc5mkh/BnHA6Yrg4whlF8g6QwpmXXRg4P2ztPmcKeHHlH4+djYecBLhSpecZY2RRECXYUwIc/C2r3yzQ4Q==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "csstype": "^3.1.0",
         "seroval": "~1.5.0",
@@ -14300,7 +14277,6 @@
         }
       ],
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@csstools/css-parser-algorithms": "^3.0.5",
         "@csstools/css-syntax-patches-for-csstree": "^1.0.19",
@@ -14895,7 +14871,6 @@
       "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
       "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=12"
       },
@@ -14918,7 +14893,6 @@
       "resolved": "https://registry.npmjs.org/tippy.js/-/tippy.js-6.3.7.tgz",
       "integrity": "sha512-E1d3oP2emgJ9dRQZdf3Kkn0qJgI6ZLpyS5z6ZkY1DF3kaQaBsGZsndEpHwx+eC+tYM41HaSNvNtLx8tU57FzTQ==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@popperjs/core": "^2.9.0"
       }
@@ -15124,7 +15098,6 @@
       "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
       "devOptional": true,
       "license": "Apache-2.0",
-      "peer": true,
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
@@ -15361,7 +15334,6 @@
       "integrity": "sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "esbuild": "^0.27.0",
         "fdir": "^6.5.0",
@@ -15487,7 +15459,6 @@
       "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "engines": {
         "node": ">=12"
       },
@@ -15546,7 +15517,6 @@
       "integrity": "sha512-hOQuK7h0FGKgBAas7v0mSAsnvrIgAvWmRFjmzpJ7SwFHH3g1k2u37JtYwOwmEKhK6ZO3v9ggDBBm0La1LCK4uQ==",
       "dev": true,
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@vitest/expect": "4.0.18",
         "@vitest/mocker": "4.0.18",
@@ -15696,7 +15666,6 @@
       "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.27.tgz",
       "integrity": "sha512-aJ/UtoEyFySPBGarREmN4z6qNKpbEguYHMmXSiOGk69czc+zhs0NF6tEFrY8TZKAl8N/LYAkd4JHVd5E/AsSmw==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@vue/compiler-dom": "3.5.27",
         "@vue/compiler-sfc": "3.5.27",
@@ -15820,7 +15789,6 @@
       "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.105.0.tgz",
       "integrity": "sha512-gX/dMkRQc7QOMzgTe6KsYFM7DxeIONQSui1s0n/0xht36HvrgbxtM1xBlgx596NbpHuQU8P7QpKwrZYwUX48nw==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@types/eslint-scope": "^3.7.7",
         "@types/estree": "^1.0.8",
@@ -15869,7 +15837,6 @@
       "resolved": "https://registry.npmjs.org/webpack-cli/-/webpack-cli-6.0.1.tgz",
       "integrity": "sha512-MfwFQ6SfwinsUVi0rNJm7rHZ31GyTcpVE5pgVA3hwFRb7COD4TzjUUwhGWKfO50+xdc2MQPuEBBJoqIMGt3JDw==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "@discoveryjs/json-ext": "^0.6.1",
         "@webpack-cli/configtest": "^3.0.1",

From 89bff31287e3c1baceb057dc5705fa2defcce844 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Sat, 14 Feb 2026 14:57:44 +0100
Subject: [PATCH 316/854] fix(ui): apply navbar min-height correctly, fix
 jitter on mobile (#11274)

Replaces https://codeberg.org/forgejo/forgejo/pulls/11271

This rule was problematic and didn't quite make sense:
* the intention is to have a navbar that is 48px+1px border
* we apply `min-height:49px` to: `#navbar` with intention of making it 49px tall total, with border
* but we also apply it to `#navbar .navbar-left/right`
* elements `#navbar .navbar-left/right` become 49px tall
* their parent `#navbar` becomes 49px+1px border = 50px, overriding what was done in step 2

This height missmatch had an incompatibility with this definition for open menu inside of navbar on mobile, causing jitter when the menu is opened/closed, because it was expecting navbar body to be 48px, but due to the rule that was removed it was actually 49px.

```css
#navbar.navbar-menu-open .navbar-left .navbar-mobile-right {
	    min-height: 48px;
}
```

The fix is to only apply `min-height` to `#navbar`'s children. At least `.navbar-left` is always expected to be present unconditionally on all pages. This does make the navbar 1px shorter. If we still want a 50px navbar but without the bug let me know and I'll adjust.

### Preview by @panc

From https://codeberg.org/forgejo/forgejo/pulls/11271, also applies to this PR.

| Before | After |
|----|----|
| <video src="/attachments/515fdfc1-cb97-46af-88ac-9bb0e216a996" title="Screencast From 2026-02-13 19-56-32" controls></video> | <video src="/attachments/133d1499-4660-402d-8082-f407b3644e5c" title="Screencast From 2026-02-13 19-57-29" controls></video> |

Reported-by: panc <panc@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11274
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
---
 web_src/css/modules/navbar.css | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/web_src/css/modules/navbar.css b/web_src/css/modules/navbar.css
index 999938c9a5..a465020fd0 100644
--- a/web_src/css/modules/navbar.css
+++ b/web_src/css/modules/navbar.css
@@ -8,17 +8,12 @@
   padding: 0 10px;
 }
 
-#navbar,
-#navbar .navbar-left,
-#navbar .navbar-right {
-  min-height: 49px; /* +1px border-bottom */
-}
-
 #navbar .navbar-left,
 #navbar .navbar-right {
   margin: 0;
   display: flex;
   align-items: center;
+  min-height: 48px;
 }
 
 #navbar-logo {

From e325bfe6c3e0859e7ef0236b1b9f16ab11c9f5fe Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Date: Sat, 14 Feb 2026 22:34:09 +0100
Subject: [PATCH 317/854] fix: improve SQLite "database is locked" errors by
 increasing default `SQLITE_TIMEOUT` (take 2) (#11292)

Increase the default `SQLITE_TIMEOUT` from 500ms to 60s.

In #11179 this was bumped up to 5s.  But when that was backported to v14 in #11220, it failed consistently in CI through a couple increases, until it was bumped up further to 60s.  This PR updates the `forgejo` branch to the same so that in the future when Forgejo 15 is released, it isn't regressed.  `test-sqlite` has been failing on `forgejo` occasionally as well, so this increase is justified on this branch for this reason as well.

Putting aside the tests, I think a high value for the timeout (this 60s) is generally safer for production usage than a small timeout.  The worst case with a high timeout is a slow request when there is high write contention on the DB.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - **Will update** the documentation for the default value if approved.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Other changes without a feature or bug label
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11292): <!--number 11292 --><!--line 0 --><!--description aW1wcm92ZSBTUUxpdGUgImRhdGFiYXNlIGlzIGxvY2tlZCIgZXJyb3JzIGJ5IGluY3JlYXNpbmcgZGVmYXVsdCBgU1FMSVRFX1RJTUVPVVRgICh0YWtlIDIp-->improve SQLite "database is locked" errors by increasing default `SQLITE_TIMEOUT` (take 2)<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11292
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 modules/setting/database.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/setting/database.go b/modules/setting/database.go
index 0a5661543a..4299044d1f 100644
--- a/modules/setting/database.go
+++ b/modules/setting/database.go
@@ -86,7 +86,7 @@ func loadDBSetting(rootCfg ConfigProvider) {
 	Database.CharsetCollation = sec.Key("CHARSET_COLLATION").String()
 
 	Database.Path = sec.Key("PATH").MustString(filepath.Join(AppDataPath, "forgejo.db"))
-	Database.Timeout = sec.Key("SQLITE_TIMEOUT").MustInt(5000)
+	Database.Timeout = sec.Key("SQLITE_TIMEOUT").MustInt(60000)
 	Database.SQLiteJournalMode = sec.Key("SQLITE_JOURNAL_MODE").MustString("WAL")
 
 	Database.MaxIdleConns = sec.Key("MAX_IDLE_CONNS").MustInt(2)

From e811313298376005f4a96f8d0a17d5ca54b89804 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 14 Feb 2026 23:39:27 +0100
Subject: [PATCH 318/854] Update dependency vue to v3.5.28 (forgejo) (#11265)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 128 +++++++++++++++++++++++-----------------------
 package.json      |   2 +-
 2 files changed, 65 insertions(+), 65 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 538f12d1a4..e7ef045efb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -73,7 +73,7 @@
         "tributejs": "5.1.3",
         "uint8-to-base64": "0.2.0",
         "vanilla-colorful": "0.7.2",
-        "vue": "3.5.27",
+        "vue": "3.5.28",
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
@@ -214,12 +214,12 @@
       }
     },
     "node_modules/@babel/parser": {
-      "version": "7.28.6",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.28.6.tgz",
-      "integrity": "sha512-TeR9zWR18BvbfPmGbLampPMW+uW1NZnJlRuuHso8i87QZNq2JRF9i6RgxRqtEq+wQGsS19NNTWr2duhnE49mfQ==",
+      "version": "7.29.0",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.0.tgz",
+      "integrity": "sha512-IyDgFV5GeDUVX4YdF/3CPULtVGSXXMLh1xVIgdCgxApktqnQV0r7/8Nqthg+8YLGaAtdyIlo2qIdZrbCv4+7ww==",
       "license": "MIT",
       "dependencies": {
-        "@babel/types": "^7.28.6"
+        "@babel/types": "^7.29.0"
       },
       "bin": {
         "parser": "bin/babel-parser.js"
@@ -238,9 +238,9 @@
       }
     },
     "node_modules/@babel/types": {
-      "version": "7.28.6",
-      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.6.tgz",
-      "integrity": "sha512-0ZrskXVEHSWIqZM/sQZ4EV3jZJXRkio/WCxaqKZP1g//CEWEPSfeZFcms4XeKBCHU0ZKnIkdJeU/kF+eRp5lBg==",
+      "version": "7.29.0",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.29.0.tgz",
+      "integrity": "sha512-LwdZHpScM4Qz8Xw2iKSzS+cfglZzJGvofQICy7W7v4caru4EaAmyUuO6BGrbyQ2mYV11W0U8j5mBhd14dd3B0A==",
       "license": "MIT",
       "dependencies": {
         "@babel/helper-string-parser": "^7.27.1",
@@ -5038,14 +5038,14 @@
       }
     },
     "node_modules/@vue/compiler-core": {
-      "version": "3.5.27",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.27.tgz",
-      "integrity": "sha512-gnSBQjZA+//qDZen+6a2EdHqJ68Z7uybrMf3SPjEGgG4dicklwDVmMC1AeIHxtLVPT7sn6sH1KOO+tS6gwOUeQ==",
+      "version": "3.5.28",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.28.tgz",
+      "integrity": "sha512-kviccYxTgoE8n6OCw96BNdYlBg2GOWfBuOW4Vqwrt7mSKWKwFVvI8egdTltqRgITGPsTFYtKYfxIG8ptX2PJHQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/parser": "^7.28.5",
-        "@vue/shared": "3.5.27",
-        "entities": "^7.0.0",
+        "@babel/parser": "^7.29.0",
+        "@vue/shared": "3.5.28",
+        "entities": "^7.0.1",
         "estree-walker": "^2.0.2",
         "source-map-js": "^1.2.1"
       }
@@ -5063,26 +5063,26 @@
       }
     },
     "node_modules/@vue/compiler-dom": {
-      "version": "3.5.27",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.27.tgz",
-      "integrity": "sha512-oAFea8dZgCtVVVTEC7fv3T5CbZW9BxpFzGGxC79xakTr6ooeEqmRuvQydIiDAkglZEAd09LgVf1RoDnL54fu5w==",
+      "version": "3.5.28",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.28.tgz",
+      "integrity": "sha512-/1ZepxAb159jKR1btkefDP+J2xuWL5V3WtleRmxaT+K2Aqiek/Ab/+Ebrw2pPj0sdHO8ViAyyJWfhXXOP/+LQA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-core": "3.5.27",
-        "@vue/shared": "3.5.27"
+        "@vue/compiler-core": "3.5.28",
+        "@vue/shared": "3.5.28"
       }
     },
     "node_modules/@vue/compiler-sfc": {
-      "version": "3.5.27",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.27.tgz",
-      "integrity": "sha512-sHZu9QyDPeDmN/MRoshhggVOWE5WlGFStKFwu8G52swATgSny27hJRWteKDSUUzUH+wp+bmeNbhJnEAel/auUQ==",
+      "version": "3.5.28",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.28.tgz",
+      "integrity": "sha512-6TnKMiNkd6u6VeVDhZn/07KhEZuBSn43Wd2No5zaP5s3xm8IqFTHBj84HJah4UepSUJTro5SoqqlOY22FKY96g==",
       "license": "MIT",
       "dependencies": {
-        "@babel/parser": "^7.28.5",
-        "@vue/compiler-core": "3.5.27",
-        "@vue/compiler-dom": "3.5.27",
-        "@vue/compiler-ssr": "3.5.27",
-        "@vue/shared": "3.5.27",
+        "@babel/parser": "^7.29.0",
+        "@vue/compiler-core": "3.5.28",
+        "@vue/compiler-dom": "3.5.28",
+        "@vue/compiler-ssr": "3.5.28",
+        "@vue/shared": "3.5.28",
         "estree-walker": "^2.0.2",
         "magic-string": "^0.30.21",
         "postcss": "^8.5.6",
@@ -5099,63 +5099,63 @@
       }
     },
     "node_modules/@vue/compiler-ssr": {
-      "version": "3.5.27",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.27.tgz",
-      "integrity": "sha512-Sj7h+JHt512fV1cTxKlYhg7qxBvack+BGncSpH+8vnN+KN95iPIcqB5rsbblX40XorP+ilO7VIKlkuu3Xq2vjw==",
+      "version": "3.5.28",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.28.tgz",
+      "integrity": "sha512-JCq//9w1qmC6UGLWJX7RXzrGpKkroubey/ZFqTpvEIDJEKGgntuDMqkuWiZvzTzTA5h2qZvFBFHY7fAAa9475g==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.27",
-        "@vue/shared": "3.5.27"
+        "@vue/compiler-dom": "3.5.28",
+        "@vue/shared": "3.5.28"
       }
     },
     "node_modules/@vue/reactivity": {
-      "version": "3.5.27",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.27.tgz",
-      "integrity": "sha512-vvorxn2KXfJ0nBEnj4GYshSgsyMNFnIQah/wczXlsNXt+ijhugmW+PpJ2cNPe4V6jpnBcs0MhCODKllWG+nvoQ==",
+      "version": "3.5.28",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.28.tgz",
+      "integrity": "sha512-gr5hEsxvn+RNyu9/9o1WtdYdwDjg5FgjUSBEkZWqgTKlo/fvwZ2+8W6AfKsc9YN2k/+iHYdS9vZYAhpi10kNaw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/shared": "3.5.27"
+        "@vue/shared": "3.5.28"
       }
     },
     "node_modules/@vue/runtime-core": {
-      "version": "3.5.27",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.27.tgz",
-      "integrity": "sha512-fxVuX/fzgzeMPn/CLQecWeDIFNt3gQVhxM0rW02Tvp/YmZfXQgcTXlakq7IMutuZ/+Ogbn+K0oct9J3JZfyk3A==",
+      "version": "3.5.28",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.28.tgz",
+      "integrity": "sha512-POVHTdbgnrBBIpnbYU4y7pOMNlPn2QVxVzkvEA2pEgvzbelQq4ZOUxbp2oiyo+BOtiYlm8Q44wShHJoBvDPAjQ==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.27",
-        "@vue/shared": "3.5.27"
+        "@vue/reactivity": "3.5.28",
+        "@vue/shared": "3.5.28"
       }
     },
     "node_modules/@vue/runtime-dom": {
-      "version": "3.5.27",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.27.tgz",
-      "integrity": "sha512-/QnLslQgYqSJ5aUmb5F0z0caZPGHRB8LEAQ1s81vHFM5CBfnun63rxhvE/scVb/j3TbBuoZwkJyiLCkBluMpeg==",
+      "version": "3.5.28",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.28.tgz",
+      "integrity": "sha512-4SXxSF8SXYMuhAIkT+eBRqOkWEfPu6nhccrzrkioA6l0boiq7sp18HCOov9qWJA5HML61kW8p/cB4MmBiG9dSA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.27",
-        "@vue/runtime-core": "3.5.27",
-        "@vue/shared": "3.5.27",
+        "@vue/reactivity": "3.5.28",
+        "@vue/runtime-core": "3.5.28",
+        "@vue/shared": "3.5.28",
         "csstype": "^3.2.3"
       }
     },
     "node_modules/@vue/server-renderer": {
-      "version": "3.5.27",
-      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.27.tgz",
-      "integrity": "sha512-qOz/5thjeP1vAFc4+BY3Nr6wxyLhpeQgAE/8dDtKo6a6xdk+L4W46HDZgNmLOBUDEkFXV3G7pRiUqxjX0/2zWA==",
+      "version": "3.5.28",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.28.tgz",
+      "integrity": "sha512-pf+5ECKGj8fX95bNincbzJ6yp6nyzuLDhYZCeFxUNp8EBrQpPpQaLX3nNCp49+UbgbPun3CeVE+5CXVV1Xydfg==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-ssr": "3.5.27",
-        "@vue/shared": "3.5.27"
+        "@vue/compiler-ssr": "3.5.28",
+        "@vue/shared": "3.5.28"
       },
       "peerDependencies": {
-        "vue": "3.5.27"
+        "vue": "3.5.28"
       }
     },
     "node_modules/@vue/shared": {
-      "version": "3.5.27",
-      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.27.tgz",
-      "integrity": "sha512-dXr/3CgqXsJkZ0n9F3I4elY8wM9jMJpP3pvRG52r6m0tu/MsAFIe6JpXVGeNMd/D9F4hQynWT8Rfuj0bdm9kFQ==",
+      "version": "3.5.28",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.28.tgz",
+      "integrity": "sha512-cfWa1fCGBxrvaHRhvV3Is0MgmrbSCxYTXCSCau2I0a1Xw1N1pHAvkWCiXPRAqjvToILvguNyEwjevUqAuBQWvQ==",
       "license": "MIT"
     },
     "node_modules/@vue/test-utils": {
@@ -15662,16 +15662,16 @@
       "license": "MIT"
     },
     "node_modules/vue": {
-      "version": "3.5.27",
-      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.27.tgz",
-      "integrity": "sha512-aJ/UtoEyFySPBGarREmN4z6qNKpbEguYHMmXSiOGk69czc+zhs0NF6tEFrY8TZKAl8N/LYAkd4JHVd5E/AsSmw==",
+      "version": "3.5.28",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.28.tgz",
+      "integrity": "sha512-BRdrNfeoccSoIZeIhyPBfvWSLFP4q8J3u8Ju8Ug5vu3LdD+yTM13Sg4sKtljxozbnuMu1NB1X5HBHRYUzFocKg==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.27",
-        "@vue/compiler-sfc": "3.5.27",
-        "@vue/runtime-dom": "3.5.27",
-        "@vue/server-renderer": "3.5.27",
-        "@vue/shared": "3.5.27"
+        "@vue/compiler-dom": "3.5.28",
+        "@vue/compiler-sfc": "3.5.28",
+        "@vue/runtime-dom": "3.5.28",
+        "@vue/server-renderer": "3.5.28",
+        "@vue/shared": "3.5.28"
       },
       "peerDependencies": {
         "typescript": "*"
diff --git a/package.json b/package.json
index b825ff9e35..993d3c06ee 100644
--- a/package.json
+++ b/package.json
@@ -72,7 +72,7 @@
     "tributejs": "5.1.3",
     "uint8-to-base64": "0.2.0",
     "vanilla-colorful": "0.7.2",
-    "vue": "3.5.27",
+    "vue": "3.5.28",
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",

From 576c49c1f213334f686abd3aa28a6558ed0014bd Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 15 Feb 2026 16:22:47 +0100
Subject: [PATCH 319/854] Update dependency sortablejs to v1.15.7 (forgejo)
 (#11293)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11293
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e7ef045efb..e32dd69b37 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -63,7 +63,7 @@
         "postcss-loader": "8.2.0",
         "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
-        "sortablejs": "1.15.6",
+        "sortablejs": "1.15.7",
         "swagger-ui-dist": "5.31.0",
         "tailwindcss": "3.4.18",
         "throttle-debounce": "5.0.0",
@@ -13930,9 +13930,9 @@
       }
     },
     "node_modules/sortablejs": {
-      "version": "1.15.6",
-      "resolved": "https://registry.npmjs.org/sortablejs/-/sortablejs-1.15.6.tgz",
-      "integrity": "sha512-aNfiuwMEpfBM/CN6LY0ibyhxPfPbyFeBTYJKCvzkJ2GkUpazIt3H+QIPAMHwqQ7tMKaHz1Qj+rJJCqljnf4p3A==",
+      "version": "1.15.7",
+      "resolved": "https://registry.npmjs.org/sortablejs/-/sortablejs-1.15.7.tgz",
+      "integrity": "sha512-Kk8wLQPlS+yi1ZEf48a4+fzHa4yxjC30M/Sr2AnQu+f/MPwvvX9XjZ6OWejiz8crBsLwSq8GHqaxaET7u6ux0A==",
       "license": "MIT"
     },
     "node_modules/source-list-map": {
diff --git a/package.json b/package.json
index 993d3c06ee..ec1e8b1c66 100644
--- a/package.json
+++ b/package.json
@@ -62,7 +62,7 @@
     "postcss-loader": "8.2.0",
     "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",
-    "sortablejs": "1.15.6",
+    "sortablejs": "1.15.7",
     "swagger-ui-dist": "5.31.0",
     "tailwindcss": "3.4.18",
     "throttle-debounce": "5.0.0",

From 2253d8bf06a35a713c70f16ad31d509f6401f2c4 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 15 Feb 2026 18:02:00 +0100
Subject: [PATCH 320/854] Update dependency @codemirror/view to v6.39.14
 (forgejo) (#11251)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11251
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e32dd69b37..6836027536 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -30,7 +30,7 @@
         "@codemirror/language": "6.12.1",
         "@codemirror/search": "6.6.0",
         "@codemirror/state": "6.5.4",
-        "@codemirror/view": "6.39.12",
+        "@codemirror/view": "6.39.14",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.9.4",
@@ -776,9 +776,9 @@
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.39.12",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.12.tgz",
-      "integrity": "sha512-f+/VsHVn/kOA9lltk/GFzuYwVVAKmOnNjxbrhkk3tPHntFqjWeI2TbIXx006YkBkqC10wZ4NsnWXCQiFPeAISQ==",
+      "version": "6.39.14",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.14.tgz",
+      "integrity": "sha512-WJcvgHm/6Q7dvGT0YFv/6PSkoc36QlR0VCESS6x9tGsnF1lWLmmYxOgX3HH6v8fo6AvSLgpcs+H0Olre6MKXlg==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.5.0",
diff --git a/package.json b/package.json
index ec1e8b1c66..346632f4fd 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "@codemirror/language": "6.12.1",
     "@codemirror/search": "6.6.0",
     "@codemirror/state": "6.5.4",
-    "@codemirror/view": "6.39.12",
+    "@codemirror/view": "6.39.14",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.9.4",

From e00471b00ef0bdf3d27bd2637f494ee24c48998c Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sun, 15 Feb 2026 18:36:38 +0100
Subject: [PATCH 321/854] Update dependency webpack to v5.105.1 (forgejo)
 (#11284)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11284
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6836027536..acd19d2e3f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -77,7 +77,7 @@
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
-        "webpack": "5.105.0",
+        "webpack": "5.105.2",
         "webpack-cli": "6.0.1",
         "wrap-ansi": "9.0.2"
       },
@@ -15785,9 +15785,9 @@
       "license": "BSD-2-Clause"
     },
     "node_modules/webpack": {
-      "version": "5.105.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.105.0.tgz",
-      "integrity": "sha512-gX/dMkRQc7QOMzgTe6KsYFM7DxeIONQSui1s0n/0xht36HvrgbxtM1xBlgx596NbpHuQU8P7QpKwrZYwUX48nw==",
+      "version": "5.105.2",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.105.2.tgz",
+      "integrity": "sha512-dRXm0a2qcHPUBEzVk8uph0xWSjV/xZxenQQbLwnwP7caQCYpqG1qddwlyEkIDkYn0K8tvmcrZ+bOrzoQ3HxCDw==",
       "license": "MIT",
       "dependencies": {
         "@types/eslint-scope": "^3.7.7",
diff --git a/package.json b/package.json
index 346632f4fd..947253ef0d 100644
--- a/package.json
+++ b/package.json
@@ -76,7 +76,7 @@
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",
-    "webpack": "5.105.0",
+    "webpack": "5.105.2",
     "webpack-cli": "6.0.1",
     "wrap-ansi": "9.0.2"
   },

From d6fc66c06663388535242ad8def0b77d727e8a56 Mon Sep 17 00:00:00 2001
From: panc <pan0xc@foxmail.com>
Date: Sun, 15 Feb 2026 19:11:43 +0100
Subject: [PATCH 322/854] fix: improve alignment of icons in navbar (#11259)

Add `flex` or `inline-flex` to the direct parent element of the SVG icon in the navigation bar to make the overall alignment look better.

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11259
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: panc <pan0xc@foxmail.com>
Co-committed-by: panc <pan0xc@foxmail.com>
---
 templates/base/head_navbar.tmpl | 14 +++++++-------
 web_src/css/modules/navbar.css  | 10 ++++++++++
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/templates/base/head_navbar.tmpl b/templates/base/head_navbar.tmpl
index 0d2884d5d4..e4627451cd 100644
--- a/templates/base/head_navbar.tmpl
+++ b/templates/base/head_navbar.tmpl
@@ -14,7 +14,7 @@
 		<div class="ui secondary menu item navbar-mobile-right only-mobile">
 			{{if .IsSigned}}
 			<a id="mobile-notifications-icon" class="item tw-w-auto tw-p-2" href="{{AppSubUrl}}/notifications" data-tooltip-content="{{ctx.Locale.Tr "notifications"}}" aria-label="{{ctx.Locale.Tr "notifications"}}">
-				<div class="tw-relative">
+				<div class="notification-icon-relative">
 					{{svg "octicon-bell"}}
 					<span class="notification_count{{if not $notificationUnreadCount}} tw-hidden{{end}}">{{$notificationUnreadCount}}</span>
 				</div>
@@ -59,7 +59,7 @@
 				<summary data-tooltip-content="{{ctx.Locale.Tr "user_profile_and_more"}}">
 					{{ctx.AvatarUtils.Avatar .SignedUser 24}}
 					<span class="only-mobile tw-ml-2">{{.SignedUser.Name}}</span>
-					<span class="not-mobile">{{svg "octicon-triangle-down"}}</span>
+					<span class="not-mobile dropdown-icon">{{svg "octicon-triangle-down"}}</span>
 				</summary>
 				<div class="content">
 					<span class="header">
@@ -78,8 +78,8 @@
 			</details>
 		{{else if .IsSigned}}
 			{{if EnableTimetracking}}
-			<a class="active-stopwatch-trigger item tw-mx-0{{if not .ActiveStopwatch}} tw-hidden{{end}}" href="{{.ActiveStopwatch.IssueLink}}" title="{{ctx.Locale.Tr "active_stopwatch"}}">
-				<div class="tw-relative">
+			<a class="active-stopwatch-trigger item tw-mx-0{{if not .ActiveStopwatch}} tw-hidden{{end}}" href="{{.ActiveStopwatch.IssueLink}}" data-tippy-content="{{ctx.Locale.Tr "active_stopwatch"}}" aria-label="{{ctx.Locale.Tr "active_stopwatch"}}">
+				<div class="notification-icon-relative">
 					{{svg "octicon-stopwatch"}}
 					<span class="header-stopwatch-dot"></span>
 				</div>
@@ -113,7 +113,7 @@
 			{{end}}
 
 			<a class="item not-mobile tw-mx-0" href="{{AppSubUrl}}/notifications" data-tooltip-content="{{ctx.Locale.Tr "notifications"}}" aria-label="{{ctx.Locale.Tr "notifications"}}">
-				<div class="tw-relative">
+				<div class="notification-icon-relative">
 					{{svg "octicon-bell"}}
 					<span class="notification_count{{if not $notificationUnreadCount}} tw-hidden{{end}}">{{$notificationUnreadCount}}</span>
 				</div>
@@ -122,7 +122,7 @@
 			<details class="dropdown dir-rtl">
 				<summary data-tooltip-content="{{ctx.Locale.Tr "create_new"}}">
 					{{svg "octicon-plus"}}
-					<span class="not-mobile">{{svg "octicon-triangle-down"}}</span>
+					<span class="not-mobile dropdown-icon">{{svg "octicon-triangle-down"}}</span>
 					<span class="only-mobile">{{ctx.Locale.Tr "create_new"}}</span>
 				</summary>
 				<div class="content">
@@ -154,7 +154,7 @@
 				<summary data-tooltip-content="{{ctx.Locale.Tr "user_profile_and_more"}}">
 					{{ctx.AvatarUtils.Avatar .SignedUser 24}}
 					<span class="only-mobile tw-ml-2">{{.SignedUser.Name}}</span>
-					<span class="not-mobile">{{svg "octicon-triangle-down"}}</span>
+					<span class="not-mobile dropdown-icon">{{svg "octicon-triangle-down"}}</span>
 				</summary>
 				<div class="content">
 					<span class="header">
diff --git a/web_src/css/modules/navbar.css b/web_src/css/modules/navbar.css
index a465020fd0..0c58441dfe 100644
--- a/web_src/css/modules/navbar.css
+++ b/web_src/css/modules/navbar.css
@@ -44,6 +44,12 @@
   margin-right: 0;
 }
 
+/* icon with notification counter - positioned relative container */
+#navbar .notification-icon-relative {
+  position: relative;
+  display: flex;
+}
+
 @media (max-width: 767.98px) {
   #navbar {
     align-items: stretch;
@@ -123,6 +129,10 @@
   min-height: 38px;
 }
 
+#navbar details.dropdown .dropdown-icon {
+  display: contents;
+}
+
 #navbar a.item .notification_count {
   color: var(--color-nav-bg);
   padding: 0 3.75px;

From ba2020a33378db02e6e727df73e6abe93a734cc3 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 16 Feb 2026 05:51:18 +0100
Subject: [PATCH 323/854] Update renovate to v43.15.1 (forgejo) (#11302)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/renovate.yml | 2 +-
 Makefile                        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
index ed95efe559..b5bc5001a7 100644
--- a/.forgejo/workflows/renovate.yml
+++ b/.forgejo/workflows/renovate.yml
@@ -28,7 +28,7 @@ jobs:
 
     runs-on: docker
     container:
-      image: data.forgejo.org/renovate/renovate:43.4.3
+      image: data.forgejo.org/renovate/renovate:43.15.1
 
     steps:
       - name: Load renovate repo cache
diff --git a/Makefile b/Makefile
index 92ff72c78d..115103fcbd 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.41.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.4.3 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.15.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From 5589182c548240aab4fb1f2dc23c91e267fb2ea8 Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nilsph@noreply.codeberg.org>
Date: Mon, 16 Feb 2026 05:52:47 +0100
Subject: [PATCH 324/854] fix: honor org/user project in new issue (#9906)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously, when a project id was passed into the new issue form as a
query parameter, it wouldn’t be selected if the project belonged to the
user or organization instead of directly to the repository.

Resolves forgejo/forgejo#8489

Signed-off-by: Nils Philippsen <nils@redhat.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9906
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Co-authored-by: Nils Philippsen <nilsph@noreply.codeberg.org>
Co-committed-by: Nils Philippsen <nilsph@noreply.codeberg.org>
---
 models/fixtures/project.yml    | 18 +++++--
 models/project/project_test.go | 12 ++---
 routers/web/repo/issue.go      |  6 ++-
 routers/web/repo/issue_test.go | 89 ++++++++++++++++++++++++++++++++++
 4 files changed, 114 insertions(+), 11 deletions(-)
 create mode 100644 routers/web/repo/issue_test.go

diff --git a/models/fixtures/project.yml b/models/fixtures/project.yml
index 44d87bce04..54a3061859 100644
--- a/models/fixtures/project.yml
+++ b/models/fixtures/project.yml
@@ -42,7 +42,7 @@
   is_closed: false
   creator_id: 2
   board_type: 1
-  type: 2
+  type: 1
   created_unix: 1688973000
   updated_unix: 1688973000
 
@@ -54,7 +54,7 @@
   is_closed: false
   creator_id: 2
   board_type: 1
-  type: 2
+  type: 1
   created_unix: 1688973000
   updated_unix: 1688973000
 
@@ -66,6 +66,18 @@
   is_closed: false
   creator_id: 2
   board_type: 1
-  type: 2
+  type: 1
+  created_unix: 1688973000
+  updated_unix: 1688973000
+
+-
+  id: 7
+  title: project on org3
+  owner_id: 3
+  repo_id: 0
+  is_closed: false
+  creator_id: 2
+  board_type: 1
+  type: 1
   created_unix: 1688973000
   updated_unix: 1688973000
diff --git a/models/project/project_test.go b/models/project/project_test.go
index ab23bab0bf..b6f7c7db27 100644
--- a/models/project/project_test.go
+++ b/models/project/project_test.go
@@ -93,19 +93,19 @@ func TestProjectsSort(t *testing.T) {
 	}{
 		{
 			sortType: "default",
-			wants:    []int64{1, 3, 2, 6, 5, 4},
+			wants:    []int64{1, 3, 2, 7, 6, 5, 4},
 		},
 		{
 			sortType: "oldest",
-			wants:    []int64{4, 5, 6, 2, 3, 1},
+			wants:    []int64{4, 5, 6, 7, 2, 3, 1},
 		},
 		{
 			sortType: "recentupdate",
-			wants:    []int64{1, 3, 2, 6, 5, 4},
+			wants:    []int64{1, 3, 2, 7, 6, 5, 4},
 		},
 		{
 			sortType: "leastupdate",
-			wants:    []int64{4, 5, 6, 2, 3, 1},
+			wants:    []int64{4, 5, 6, 7, 2, 3, 1},
 		},
 	}
 
@@ -114,8 +114,8 @@ func TestProjectsSort(t *testing.T) {
 			OrderBy: GetSearchOrderByBySortType(tt.sortType),
 		})
 		require.NoError(t, err)
-		assert.Equal(t, int64(6), count)
-		if assert.Len(t, projects, 6) {
+		assert.Equal(t, int64(7), count)
+		if assert.Len(t, projects, 7) {
 			for i := range projects {
 				assert.Equal(t, tt.wants[i], projects[i].ID)
 			}
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index a8a1c69ab6..1fef838516 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -989,8 +989,10 @@ func NewIssue(ctx *context.Context) {
 		project, err := project_model.GetProjectByID(ctx, projectID)
 		if err != nil {
 			log.Error("GetProjectByID: %d: %v", projectID, err)
-		} else if project.RepoID != ctx.Repo.Repository.ID {
-			log.Error("GetProjectByID: %d: %v", projectID, fmt.Errorf("project[%d] not in repo [%d]", project.ID, ctx.Repo.Repository.ID))
+		} else if !project.CanBeAccessedByOwnerRepo(ctx.Repo.Repository.OwnerID, ctx.Repo.Repository) {
+			log.Error("GetProjectByID: %d: %v", projectID,
+				fmt.Errorf("project[%d] neither in repo[%d] nor has the same owner (project: [%d] ./. repo: [%d])",
+					project.ID, ctx.Repo.Repository.ID, project.OwnerID, ctx.Repo.Repository.OwnerID))
 		} else {
 			ctx.Data["project_id"] = projectID
 			ctx.Data["Project"] = project
diff --git a/routers/web/repo/issue_test.go b/routers/web/repo/issue_test.go
new file mode 100644
index 0000000000..3644dd131f
--- /dev/null
+++ b/routers/web/repo/issue_test.go
@@ -0,0 +1,89 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"fmt"
+	"testing"
+
+	"forgejo.org/models/unittest"
+	"forgejo.org/services/contexttest"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNewIssueValidateProject(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	for _, testCase := range []struct {
+		name      string
+		projectID int64
+		userName  string
+		userID    int64
+		repoName  string
+		repoID    int64
+		isFound   bool
+	}{
+		{
+			name:      "Project belongs to repository",
+			projectID: 1,
+			userName:  "user2",
+			userID:    2,
+			repoName:  "repo1",
+			repoID:    1,
+			isFound:   true,
+		},
+		{
+			name:      "Project belongs to user",
+			projectID: 4,
+			userName:  "user2",
+			userID:    2,
+			repoName:  "repo1",
+			repoID:    1,
+			isFound:   true,
+		},
+		{
+			name:      "Project belongs to org",
+			projectID: 7,
+			userName:  "org3",
+			userID:    3,
+			repoName:  "repo3",
+			repoID:    3,
+			isFound:   true,
+		},
+		{
+			name:      "Project neither belongs to repo nor the user",
+			projectID: 2,
+			userName:  "user2",
+			userID:    2,
+			repoName:  "repo1",
+			repoID:    1,
+			isFound:   false,
+		},
+	} {
+		t.Run(testCase.name, func(t *testing.T) {
+			ctx, _ := contexttest.MockContext(
+				t, fmt.Sprintf(
+					"/%s/%s/issues/new?project=%d",
+					testCase.userName,
+					testCase.repoName,
+					testCase.projectID,
+				),
+			)
+			contexttest.LoadUser(t, ctx, testCase.userID)
+			contexttest.LoadRepo(t, ctx, testCase.repoID)
+			contexttest.LoadGitRepo(t, ctx)
+
+			NewIssue(ctx)
+
+			if testCase.isFound {
+				assert.Equal(t, testCase.projectID, ctx.Data["project_id"])
+				assert.NotNil(t, ctx.Data["Project"])
+			} else {
+				assert.Nil(t, ctx.Data["project_id"])
+				assert.Nil(t, ctx.Data["Project"])
+			}
+		})
+	}
+}

From cf17b5fad90ecedbbee4c1059e61ff7aac3a2561 Mon Sep 17 00:00:00 2001
From: Florian Pallas <mail@fpallas.com>
Date: Mon, 16 Feb 2026 05:55:20 +0100
Subject: [PATCH 325/854] fix: correct malformed `CreateTeamOption` example
 (#11093)

The example was not a valid map, which caused issues with some openapi yaml converters.
I gave the two options proper values and also added them to the other team structs so the examples are identical.
Also sorted them as they are enumerated in the [unit model definition](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/models/unit/unit.go), which is why the diff is a bit ugly.

Fixes #9881

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11093
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Florian Pallas <mail@fpallas.com>
Co-committed-by: Florian Pallas <mail@fpallas.com>
---
 modules/structs/org_team.go    |  6 +++---
 templates/swagger/v1_json.tmpl | 17 ++++++++++++++++-
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/modules/structs/org_team.go b/modules/structs/org_team.go
index a51dcf1d19..fd83a75739 100644
--- a/modules/structs/org_team.go
+++ b/modules/structs/org_team.go
@@ -17,7 +17,7 @@ type Team struct {
 	//
 	// Deprecated: This variable should be replaced by UnitsMap and will be dropped in later versions.
 	Units []string `json:"units"`
-	// example: {"repo.code":"read","repo.issues":"write","repo.ext_issues":"none","repo.wiki":"admin","repo.pulls":"owner","repo.releases":"none","repo.projects":"none","repo.ext_wiki":"none"}
+	// example: {"repo.code":"read","repo.issues":"write","repo.ext_issues":"none","repo.pulls":"owner","repo.releases":"none","repo.wiki":"admin","repo.ext_wiki":"none","repo.projects":"none","repo.packages":"none","repo.actions":"none"}
 	UnitsMap         map[string]string `json:"units_map"`
 	CanCreateOrgRepo bool              `json:"can_create_org_repo"`
 }
@@ -34,7 +34,7 @@ type CreateTeamOption struct {
 	//
 	// Deprecated: This variable should be replaced by UnitsMap and will be dropped in later versions.
 	Units []string `json:"units"`
-	// example: {"repo.actions","repo.packages","repo.code":"read","repo.issues":"write","repo.ext_issues":"none","repo.wiki":"admin","repo.pulls":"owner","repo.releases":"none","repo.projects":"none","repo.ext_wiki":"none"}
+	// example: {"repo.code":"read","repo.issues":"write","repo.ext_issues":"none","repo.pulls":"owner","repo.releases":"none","repo.wiki":"admin","repo.ext_wiki":"none","repo.projects":"none","repo.packages":"none","repo.actions":"none"}
 	UnitsMap         map[string]string `json:"units_map"`
 	CanCreateOrgRepo bool              `json:"can_create_org_repo"`
 }
@@ -51,7 +51,7 @@ type EditTeamOption struct {
 	//
 	// Deprecated: This variable should be replaced by UnitsMap and will be dropped in later versions.
 	Units []string `json:"units"`
-	// example: {"repo.code":"read","repo.issues":"write","repo.ext_issues":"none","repo.wiki":"admin","repo.pulls":"owner","repo.releases":"none","repo.projects":"none","repo.ext_wiki":"none"}
+	// example: {"repo.code":"read","repo.issues":"write","repo.ext_issues":"none","repo.pulls":"owner","repo.releases":"none","repo.wiki":"admin","repo.ext_wiki":"none","repo.projects":"none","repo.packages":"none","repo.actions":"none"}
 	UnitsMap         map[string]string `json:"units_map"`
 	CanCreateOrgRepo *bool             `json:"can_create_org_repo"`
 }
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index da3b14da92..a82fa503f0 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -24540,7 +24540,18 @@
             "type": "string"
           },
           "x-go-name": "UnitsMap",
-          "example": "{\"repo.actions\",\"repo.packages\",\"repo.code\":\"read\",\"repo.issues\":\"write\",\"repo.ext_issues\":\"none\",\"repo.wiki\":\"admin\",\"repo.pulls\":\"owner\",\"repo.releases\":\"none\",\"repo.projects\":\"none\",\"repo.ext_wiki\":\"none\"}"
+          "example": {
+            "repo.actions": "none",
+            "repo.code": "read",
+            "repo.ext_issues": "none",
+            "repo.ext_wiki": "none",
+            "repo.issues": "write",
+            "repo.packages": "none",
+            "repo.projects": "none",
+            "repo.pulls": "owner",
+            "repo.releases": "none",
+            "repo.wiki": "admin"
+          }
         }
       },
       "x-go-package": "forgejo.org/modules/structs"
@@ -25608,10 +25619,12 @@
           },
           "x-go-name": "UnitsMap",
           "example": {
+            "repo.actions": "none",
             "repo.code": "read",
             "repo.ext_issues": "none",
             "repo.ext_wiki": "none",
             "repo.issues": "write",
+            "repo.packages": "none",
             "repo.projects": "none",
             "repo.pulls": "owner",
             "repo.releases": "none",
@@ -29350,10 +29363,12 @@
           },
           "x-go-name": "UnitsMap",
           "example": {
+            "repo.actions": "none",
             "repo.code": "read",
             "repo.ext_issues": "none",
             "repo.ext_wiki": "none",
             "repo.issues": "write",
+            "repo.packages": "none",
             "repo.projects": "none",
             "repo.pulls": "owner",
             "repo.releases": "none",

From 9767cebc428704e11dd929ee595f013276ebd8e1 Mon Sep 17 00:00:00 2001
From: famfo <famfo@famfo.xyz>
Date: Mon, 16 Feb 2026 05:55:50 +0100
Subject: [PATCH 326/854] fix: remove trailing null byte for local connection
 (#11295)

Fixes #633

I have written end-to-end tests against HAProxy in https://code.forgejo.org/forgejo/end-to-end/pulls/1578 and also written unit tests.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11295
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
---
 modules/graceful/server.go         |   3 -
 modules/proxyprotocol/conn.go      |   4 +-
 modules/proxyprotocol/conn_test.go | 112 +++++++++++++++++++++++++++++
 modules/proxyprotocol/listener.go  |   2 -
 modules/proxyprotocol/util.go      |   2 +-
 5 files changed, 116 insertions(+), 7 deletions(-)
 create mode 100644 modules/proxyprotocol/conn_test.go

diff --git a/modules/graceful/server.go b/modules/graceful/server.go
index e812117dbd..0f547a6c30 100644
--- a/modules/graceful/server.go
+++ b/modules/graceful/server.go
@@ -85,7 +85,6 @@ func (srv *Server) ListenAndServe(serve ServeFunction, useProxyProtocol bool) er
 		listener = &proxyprotocol.Listener{
 			Listener:           listener,
 			ProxyHeaderTimeout: setting.ProxyProtocolHeaderTimeout,
-			AcceptUnknown:      setting.ProxyProtocolAcceptUnknown,
 		}
 	}
 	srv.listener = listener
@@ -118,7 +117,6 @@ func (srv *Server) ListenAndServeTLSConfig(tlsConfig *tls.Config, serve ServeFun
 		listener = &proxyprotocol.Listener{
 			Listener:           listener,
 			ProxyHeaderTimeout: setting.ProxyProtocolHeaderTimeout,
-			AcceptUnknown:      setting.ProxyProtocolAcceptUnknown,
 		}
 	}
 
@@ -130,7 +128,6 @@ func (srv *Server) ListenAndServeTLSConfig(tlsConfig *tls.Config, serve ServeFun
 		listener = &proxyprotocol.Listener{
 			Listener:           listener,
 			ProxyHeaderTimeout: setting.ProxyProtocolHeaderTimeout,
-			AcceptUnknown:      setting.ProxyProtocolAcceptUnknown,
 		}
 	}
 
diff --git a/modules/proxyprotocol/conn.go b/modules/proxyprotocol/conn.go
index beac5de120..9434fa88a1 100644
--- a/modules/proxyprotocol/conn.go
+++ b/modules/proxyprotocol/conn.go
@@ -15,6 +15,7 @@ import (
 	"time"
 
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/setting"
 )
 
 var (
@@ -46,6 +47,7 @@ func NewConn(conn net.Conn, timeout time.Duration) *Conn {
 		bufReader:          bufio.NewReader(conn),
 		conn:               conn,
 		proxyHeaderTimeout: timeout,
+		acceptUnknown:      setting.ProxyProtocolAcceptUnknown,
 	}
 	return pConn
 }
@@ -456,7 +458,7 @@ func (p *Conn) readV1ProxyHeader() error {
 	// Verify the type is known
 	switch parts[1] {
 	case "UNKNOWN":
-		if !p.acceptUnknown || len(parts) != 2 {
+		if !p.acceptUnknown {
 			p.conn.Close()
 			return &ErrBadHeader{[]byte(header)}
 		}
diff --git a/modules/proxyprotocol/conn_test.go b/modules/proxyprotocol/conn_test.go
new file mode 100644
index 0000000000..39adc401a3
--- /dev/null
+++ b/modules/proxyprotocol/conn_test.go
@@ -0,0 +1,112 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package proxyprotocol_test
+
+import (
+	"io"
+	"net"
+	"testing"
+	"time"
+
+	"forgejo.org/modules/proxyprotocol"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+var v2Header = []byte{0xd, 0xa, 0xd, 0xa, 0x0, 0xd, 0xa, 0x51, 0x55, 0x49, 0x54, 0xa}
+
+func testConnection(t *testing.T, input []byte) *proxyprotocol.Conn {
+	local, remote := net.Pipe()
+	conn := proxyprotocol.NewConn(remote, 10*time.Second)
+
+	go func(t *testing.T, conn net.Conn) {
+		_, err := conn.Write(input)
+		require.NoError(t, err)
+
+		err = conn.Close()
+		require.NoError(t, err)
+	}(t, local)
+
+	return conn
+}
+
+func assertUwu(t *testing.T, conn *proxyprotocol.Conn) {
+	buf := make([]byte, 3)
+	read, err := conn.Read(buf)
+	require.NoError(t, err)
+
+	assert.Equal(t, 3, read)
+	assert.Equal(t, []byte("uwu"), buf)
+}
+
+func TestProxyProtocolParse(t *testing.T) {
+	// Basic v4/v6 TCP
+	ipv4Conn := testConnection(t, []byte("PROXY TCP4 7.3.3.1 1.3.3.7 14231 443\r\nuwu"))
+
+	assertUwu(t, ipv4Conn)
+	assert.Equal(t, "7.3.3.1:14231", ipv4Conn.RemoteAddr().String())
+	assert.Equal(t, "1.3.3.7:443", ipv4Conn.LocalAddr().String())
+
+	ipv6Conn := testConnection(t, []byte("PROXY TCP6 fe80::2 fe80::1 28512 443\r\nuwu"))
+
+	assertUwu(t, ipv6Conn)
+	assert.Equal(t, "[fe80::2]:28512", ipv6Conn.RemoteAddr().String())
+	assert.Equal(t, "[fe80::1]:443", ipv6Conn.LocalAddr().String())
+
+	ipv4Conn = testConnection(t, append(v2Header, 0x21, 0x11, 0x0, 0xc, 0x7, 0x3, 0x3, 0x1, 0x1, 0x3, 0x3, 0x7, 0xd9, 0xec, 0x1, 0xbb, 0x75, 0x77, 0x75))
+
+	assertUwu(t, ipv4Conn)
+	assert.Equal(t, "7.3.3.1:55788", ipv4Conn.RemoteAddr().String())
+	assert.Equal(t, "1.3.3.7:443", ipv4Conn.LocalAddr().String())
+
+	ipv6Conn = testConnection(t, append(v2Header, 0x21, 0x21, 0x0, 0x24, 0xfe, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfe, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0xd9, 0xec, 0x1, 0xbb, 0x75, 0x77, 0x75))
+
+	assertUwu(t, ipv6Conn)
+	assert.Equal(t, "[fe80::2]:55788", ipv6Conn.RemoteAddr().String())
+	assert.Equal(t, "[fe80::1]:443", ipv6Conn.LocalAddr().String())
+
+	// Basic unknown
+	unknownConn := testConnection(t, []byte("PROXY UNKNOWN\r\nuwu"))
+	_, err := unknownConn.Read([]byte{})
+	require.Error(t, err)
+
+	// Accept unknown protocol types
+	defer test.MockVariableValue(&setting.ProxyProtocolAcceptUnknown, true)()
+
+	unknownConn = testConnection(t, []byte("PROXY UNKNOWN\r\nuwu"))
+
+	assertUwu(t, unknownConn)
+	assert.Equal(t, "pipe", unknownConn.RemoteAddr().String())
+	assert.Equal(t, "pipe", unknownConn.LocalAddr().String())
+
+	// Discard any unknown information between "UNKNOWN" and CRLF
+
+	unknownConn = testConnection(t, []byte("PROXY UNKNOWN look, I'm hinding in an unknown protocol \\o/\r\nuwu"))
+
+	assertUwu(t, unknownConn)
+	assert.Equal(t, "pipe", unknownConn.RemoteAddr().String())
+	assert.Equal(t, "pipe", unknownConn.LocalAddr().String())
+
+	// Basic local
+	unknownConnV2 := testConnection(t, append(v2Header, 0x20, 0x0, 0x0, 0x0, 0x75, 0x77, 0x75))
+
+	assertUwu(t, unknownConnV2)
+	assert.Equal(t, "pipe", unknownConnV2.RemoteAddr().String())
+	assert.Equal(t, "pipe", unknownConnV2.LocalAddr().String())
+}
+
+func TestProxyProtocolInvalidHeader(t *testing.T) {
+	// Short prefix
+	conn := testConnection(t, []byte("PROXY\r\n"))
+	_, err := conn.Read([]byte{})
+	require.ErrorIs(t, err, io.EOF)
+
+	// Wrong prefix
+	conn = testConnection(t, []byte("PROXYv1337\r\n"))
+	_, err = conn.Read([]byte{})
+	require.ErrorContains(t, err, "Unexpected proxy header")
+}
diff --git a/modules/proxyprotocol/listener.go b/modules/proxyprotocol/listener.go
index ec85c425d3..500181cd6a 100644
--- a/modules/proxyprotocol/listener.go
+++ b/modules/proxyprotocol/listener.go
@@ -18,7 +18,6 @@ import (
 type Listener struct {
 	Listener           net.Listener
 	ProxyHeaderTimeout time.Duration
-	AcceptUnknown      bool // allow PROXY UNKNOWN
 }
 
 // Accept implements the Accept method in the Listener interface
@@ -31,7 +30,6 @@ func (p *Listener) Accept() (net.Conn, error) {
 	}
 
 	newConn := NewConn(conn, p.ProxyHeaderTimeout)
-	newConn.acceptUnknown = p.AcceptUnknown
 	return newConn, nil
 }
 
diff --git a/modules/proxyprotocol/util.go b/modules/proxyprotocol/util.go
index a280663b27..5fc89d80a9 100644
--- a/modules/proxyprotocol/util.go
+++ b/modules/proxyprotocol/util.go
@@ -5,7 +5,7 @@ package proxyprotocol
 
 import "io"
 
-var localHeader = append(v2Prefix, '\x20', '\x00', '\x00', '\x00', '\x00')
+var localHeader = append(v2Prefix, '\x20', '\x00', '\x00', '\x00')
 
 // WriteLocalHeader will write the ProxyProtocol Header for a local connection to the provided writer
 func WriteLocalHeader(w io.Writer) error {

From 9762f9ea2041d4eaf38e47415ea0692fa60cf0a7 Mon Sep 17 00:00:00 2001
From: Baptiste Daroussin <bapt@FreeBSD.org>
Date: Mon, 16 Feb 2026 05:57:01 +0100
Subject: [PATCH 327/854] fix: portable error reporting for PAM (#11296)

Linux PAM reports "Authentication Failure"
OpenPAM reports "authentication error"

This resulted in forgejo reporting error 500 on FreeBSD when pam
authentication failed.

Add a sentinel error to make this portable: ErrInvalidCredentials

Signed-off-by: Baptiste Daroussin <bapt@FreeBSD.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11296
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Baptiste Daroussin <bapt@FreeBSD.org>
Co-committed-by: Baptiste Daroussin <bapt@FreeBSD.org>
---
 modules/auth/pam/pam.go                         | 11 +++++++++++
 modules/auth/pam/pam_stub.go                    |  4 ++++
 modules/auth/pam/pam_test.go                    |  2 +-
 services/auth/source/pam/source_authenticate.go |  3 ++-
 4 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/modules/auth/pam/pam.go b/modules/auth/pam/pam.go
index a8b608e6be..a801f39a56 100644
--- a/modules/auth/pam/pam.go
+++ b/modules/auth/pam/pam.go
@@ -7,10 +7,15 @@ package pam
 
 import (
 	"errors"
+	"fmt"
 
 	"github.com/msteinert/pam/v2"
 )
 
+// ErrInvalidCredentials is returned when PAM reports an authentication
+// or account error (wrong password, unknown user, expired account, etc.).
+var ErrInvalidCredentials = errors.New("invalid PAM credentials")
+
 // Supported is true when built with PAM
 var Supported = true
 
@@ -31,10 +36,16 @@ func Auth(serviceName, userName, passwd string) (string, error) {
 	defer t.End()
 
 	if err = t.Authenticate(0); err != nil {
+		if errors.Is(err, pam.ErrAuth) || errors.Is(err, pam.ErrUserUnknown) {
+			return "", fmt.Errorf("%w: %v", ErrInvalidCredentials, err)
+		}
 		return "", err
 	}
 
 	if err = t.AcctMgmt(0); err != nil {
+		if errors.Is(err, pam.ErrAcctExpired) || errors.Is(err, pam.ErrPermDenied) {
+			return "", fmt.Errorf("%w: %v", ErrInvalidCredentials, err)
+		}
 		return "", err
 	}
 
diff --git a/modules/auth/pam/pam_stub.go b/modules/auth/pam/pam_stub.go
index 3631eeeda7..41993ed701 100644
--- a/modules/auth/pam/pam_stub.go
+++ b/modules/auth/pam/pam_stub.go
@@ -9,6 +9,10 @@ import (
 	"errors"
 )
 
+// ErrInvalidCredentials is returned when PAM reports an authentication
+// or account error (wrong password, unknown user, expired account, etc.).
+var ErrInvalidCredentials = errors.New("invalid PAM credentials")
+
 // Supported is false when built without PAM
 var Supported = false
 
diff --git a/modules/auth/pam/pam_test.go b/modules/auth/pam/pam_test.go
index e9b844e955..c155207426 100644
--- a/modules/auth/pam/pam_test.go
+++ b/modules/auth/pam/pam_test.go
@@ -15,6 +15,6 @@ import (
 func TestPamAuth(t *testing.T) {
 	result, err := Auth("gitea", "user1", "false-pwd")
 	require.Error(t, err)
-	assert.EqualError(t, err, "Authentication failure")
+	assert.ErrorIs(t, err, ErrInvalidCredentials)
 	assert.Len(t, result, 0)
 }
diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go
index 6f3ffc2d9d..8a84683d29 100644
--- a/services/auth/source/pam/source_authenticate.go
+++ b/services/auth/source/pam/source_authenticate.go
@@ -5,6 +5,7 @@ package pam
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"strings"
 
@@ -23,7 +24,7 @@ import (
 func (source *Source) Authenticate(ctx context.Context, user *user_model.User, userName, password string) (*user_model.User, error) {
 	pamLogin, err := pam.Auth(source.ServiceName, userName, password)
 	if err != nil {
-		if strings.Contains(err.Error(), "Authentication failure") {
+		if errors.Is(err, pam.ErrInvalidCredentials) {
 			return nil, user_model.ErrUserNotExist{Name: userName}
 		}
 		return nil, err

From b8a99f2eb4223381b1095f0796eae771f925efca Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Mon, 16 Feb 2026 06:40:36 +0100
Subject: [PATCH 328/854] feat: support C3 language highlighting in file editor
 (#11241)

See https://codeberg.org/Codeberg/Community/issues/2371#issuecomment-10520506
Closes: Codeberg/Community#2371

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11241
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
---
 web_src/js/features/codemirror-lang.ts | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/web_src/js/features/codemirror-lang.ts b/web_src/js/features/codemirror-lang.ts
index 729f617a3e..27b4d20a1d 100644
--- a/web_src/js/features/codemirror-lang.ts
+++ b/web_src/js/features/codemirror-lang.ts
@@ -9,6 +9,13 @@ export function languages(codemirrorLanguage: CodeMirrorLanguage): LanguageDescr
         return (await import('@codemirror/lang-cpp')).cpp();
       },
     }),
+    codemirrorLanguage.LanguageDescription.of({
+      name: 'C3',
+      extensions: ['c3'],
+      async load() {
+        return (await import('@codemirror/lang-cpp')).cpp();
+      },
+    }),
     codemirrorLanguage.LanguageDescription.of({
       name: 'C++',
       alias: ['cpp'],

From 6bf689fd75477ea69990316e39de9bca6fa14ee6 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 16 Feb 2026 06:45:57 +0100
Subject: [PATCH 329/854] Update module github.com/klauspost/compress to
 v1.18.4 (forgejo) (#11223)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11223
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ba45321589..56d51fcdb8 100644
--- a/go.mod
+++ b/go.mod
@@ -71,7 +71,7 @@ require (
 	github.com/jhillyerd/enmime/v2 v2.2.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
-	github.com/klauspost/compress v1.18.3
+	github.com/klauspost/compress v1.18.4
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.80.0
 	github.com/mattn/go-isatty v0.0.20
diff --git a/go.sum b/go.sum
index 8ad6dcf9eb..067a248e64 100644
--- a/go.sum
+++ b/go.sum
@@ -475,8 +475,8 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNU
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/compress v1.18.3 h1:9PJRvfbmTabkOX8moIpXPbMMbYN60bWImDDU7L+/6zw=
-github.com/klauspost/compress v1.18.3/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c=
+github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.11 h1:0OwqZRYI2rFrjS4kvkDnqJkKHdHaRnCm68/DY4OxRzU=

From d5c64889aac35c8b1924f3caf019291ddf15839e Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 16 Feb 2026 08:27:40 +0100
Subject: [PATCH 330/854] Update dependency asciinema-player to v3.14.15
 (forgejo) (#11318)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11318
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index acd19d2e3f..2782cf97c1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -39,7 +39,7 @@
         "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
         "@primer/octicons": "19.14.0",
         "ansi_up": "6.0.5",
-        "asciinema-player": "3.14.0",
+        "asciinema-player": "3.14.15",
         "chart.js": "4.5.1",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
@@ -5633,9 +5633,9 @@
       }
     },
     "node_modules/asciinema-player": {
-      "version": "3.14.0",
-      "resolved": "https://registry.npmjs.org/asciinema-player/-/asciinema-player-3.14.0.tgz",
-      "integrity": "sha512-44m3CpNavn8i7DSr/AeeV+rJpHpcqc/OCildCs9FAu5gnXB6XNBdbhfg6mHMG4uU3R1rxFNA3ZRTt8FMhHC48Q==",
+      "version": "3.14.15",
+      "resolved": "https://registry.npmjs.org/asciinema-player/-/asciinema-player-3.14.15.tgz",
+      "integrity": "sha512-M+6n0GXMc9X4Oaz9qOr5pfQGcmnPOW8QIBzf67eZvtSpyqiKexMA03CpP4S9ZaDuUQNQIF2RSjHl6QLgJYvJ9g==",
       "license": "Apache-2.0",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
diff --git a/package.json b/package.json
index 947253ef0d..a4d40ef6a2 100644
--- a/package.json
+++ b/package.json
@@ -38,7 +38,7 @@
     "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
     "@primer/octicons": "19.14.0",
     "ansi_up": "6.0.5",
-    "asciinema-player": "3.14.0",
+    "asciinema-player": "3.14.15",
     "chart.js": "4.5.1",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",

From fc9cf6b140fc71a762e0828d1d6f4e585cba1d32 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 16 Feb 2026 08:27:51 +0100
Subject: [PATCH 331/854] Update dependency postcss-loader to v8.2.1 (forgejo)
 (#11319)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11319
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 10 +++++-----
 package.json      |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2782cf97c1..2e7edff62b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -60,7 +60,7 @@
         "minimatch": "10.1.1",
         "pdfobject": "2.3.0",
         "postcss": "8.5.6",
-        "postcss-loader": "8.2.0",
+        "postcss-loader": "8.2.1",
         "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
         "sortablejs": "1.15.7",
@@ -12639,9 +12639,9 @@
       }
     },
     "node_modules/postcss-loader": {
-      "version": "8.2.0",
-      "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-8.2.0.tgz",
-      "integrity": "sha512-tHX+RkpsXVcc7st4dSdDGliI+r4aAQDuv+v3vFYHixb6YgjreG5AG4SEB0kDK8u2s6htqEEpKlkhSBUTvWKYnA==",
+      "version": "8.2.1",
+      "resolved": "https://registry.npmjs.org/postcss-loader/-/postcss-loader-8.2.1.tgz",
+      "integrity": "sha512-k98jtRzthjj3f76MYTs9JTpRqV1RaaMhEU0Lpw9OTmQZQdppg4B30VZ74BojuBHt3F4KyubHJoXCMUeM8Bqeow==",
       "license": "MIT",
       "dependencies": {
         "cosmiconfig": "^9.0.0",
@@ -12656,7 +12656,7 @@
         "url": "https://opencollective.com/webpack"
       },
       "peerDependencies": {
-        "@rspack/core": "0.x || 1.x",
+        "@rspack/core": "0.x || ^1.0.0 || ^2.0.0-0",
         "postcss": "^7.0.0 || ^8.0.1",
         "webpack": "^5.0.0"
       },
diff --git a/package.json b/package.json
index a4d40ef6a2..a04b538e6f 100644
--- a/package.json
+++ b/package.json
@@ -59,7 +59,7 @@
     "minimatch": "10.1.1",
     "pdfobject": "2.3.0",
     "postcss": "8.5.6",
-    "postcss-loader": "8.2.0",
+    "postcss-loader": "8.2.1",
     "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",
     "sortablejs": "1.15.7",

From 1b0be3d5b30d1bde5ce3ebb6a6b0772b7cb9f21c Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 16 Feb 2026 08:28:13 +0100
Subject: [PATCH 332/854] Update dependency eslint-plugin-unicorn to v63
 (forgejo) (#11322)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 10 ++++------
 package.json      |  2 +-
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2e7edff62b..3e4e87286a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -102,7 +102,7 @@
         "eslint-plugin-regexp": "3.0.0",
         "eslint-plugin-sonarjs": "3.0.6",
         "eslint-plugin-toml": "0.13.1",
-        "eslint-plugin-unicorn": "62.0.0",
+        "eslint-plugin-unicorn": "63.0.0",
         "eslint-plugin-vitest-globals": "1.5.0",
         "eslint-plugin-vue": "10.7.0",
         "eslint-plugin-vue-scoped-css": "2.12.0",
@@ -8223,20 +8223,18 @@
       }
     },
     "node_modules/eslint-plugin-unicorn": {
-      "version": "62.0.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-62.0.0.tgz",
-      "integrity": "sha512-HIlIkGLkvf29YEiS/ImuDZQbP12gWyx5i3C6XrRxMvVdqMroCI9qoVYCoIl17ChN+U89pn9sVwLxhIWj5nEc7g==",
+      "version": "63.0.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-unicorn/-/eslint-plugin-unicorn-63.0.0.tgz",
+      "integrity": "sha512-Iqecl9118uQEXYh7adylgEmGfkn5es3/mlQTLLkd4pXkIk9CTGrAbeUux+YljSa2ohXCBmQQ0+Ej1kZaFgcfkA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@babel/helper-validator-identifier": "^7.28.5",
         "@eslint-community/eslint-utils": "^4.9.0",
-        "@eslint/plugin-kit": "^0.4.0",
         "change-case": "^5.4.4",
         "ci-info": "^4.3.1",
         "clean-regexp": "^1.0.0",
         "core-js-compat": "^3.46.0",
-        "esquery": "^1.6.0",
         "find-up-simple": "^1.0.1",
         "globals": "^16.4.0",
         "indent-string": "^5.0.0",
diff --git a/package.json b/package.json
index a04b538e6f..24bfb69d20 100644
--- a/package.json
+++ b/package.json
@@ -101,7 +101,7 @@
     "eslint-plugin-regexp": "3.0.0",
     "eslint-plugin-sonarjs": "3.0.6",
     "eslint-plugin-toml": "0.13.1",
-    "eslint-plugin-unicorn": "62.0.0",
+    "eslint-plugin-unicorn": "63.0.0",
     "eslint-plugin-vitest-globals": "1.5.0",
     "eslint-plugin-vue": "10.7.0",
     "eslint-plugin-vue-scoped-css": "2.12.0",

From b66a76686d64d5b0b2062a9a8cc65c7bc68eac7e Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Mon, 16 Feb 2026 08:32:01 +0100
Subject: [PATCH 333/854] Update x/tools to v0.42.0 (forgejo) (#11321)

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 Makefile | 2 +-
 go.mod   | 4 ++--
 go.sum   | 8 ++++----
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Makefile b/Makefile
index 115103fcbd..aa96922bf5 100644
--- a/Makefile
+++ b/Makefile
@@ -45,7 +45,7 @@ SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.1 # renova
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.41.0 # renovate: datasource=go
+DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.42.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
 RENOVATE_NPM_PACKAGE ?= renovate@43.15.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
diff --git a/go.mod b/go.mod
index 56d51fcdb8..59f012e955 100644
--- a/go.mod
+++ b/go.mod
@@ -256,9 +256,9 @@ require (
 	go.uber.org/zap/exp v0.3.0 // indirect
 	go.yaml.in/yaml/v4 v4.0.0-rc.3 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
-	golang.org/x/mod v0.32.0 // indirect
+	golang.org/x/mod v0.33.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
-	golang.org/x/tools v0.41.0 // indirect
+	golang.org/x/tools v0.42.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index 067a248e64..daf745b019 100644
--- a/go.sum
+++ b/go.sum
@@ -759,8 +759,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.32.0 h1:9F4d3PHLljb6x//jOyokMv3eX+YDeepZSEo3mFJy93c=
-golang.org/x/mod v0.32.0/go.mod h1:SgipZ/3h2Ci89DlEtEXWUk/HteuRin+HHhN+WbNhguU=
+golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -910,8 +910,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.41.0 h1:a9b8iMweWG+S0OBnlU36rzLp20z1Rp10w+IY2czHTQc=
-golang.org/x/tools v0.41.0/go.mod h1:XSY6eDqxVNiYgezAVqqCeihT4j1U2CCsqvH3WhQpnlg=
+golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From e1cecbd276841a5762ad034a920be8c2732e295f Mon Sep 17 00:00:00 2001
From: panc <pan0xc@foxmail.com>
Date: Mon, 16 Feb 2026 12:59:14 +0100
Subject: [PATCH 334/854] fix(ui): prevent label overflow in PR CI checks on
 mobile (#11287)

fix #11266

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11287
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: panc <pan0xc@foxmail.com>
Co-committed-by: panc <pan0xc@foxmail.com>
---
 web_src/css/repo.css | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index 767a6c2a2c..c13a6ee73b 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -2675,16 +2675,8 @@ tbody.commit-list {
   gap: 8px;
 }
 
-@media (max-width: 767.98px) {
-  .commit-status-item .status-details {
-    flex-direction: column;
-    align-items: flex-end;
-    justify-content: center;
-  }
-}
-
 .commit-status-item .status-details > span {
-  padding-right: 0.5em; /* To match the alignment with the "required" label */
+  padding-right: 0.5em; /* To avoid scrollbar occlusion */
 }
 
 .search-fullname {

From 0ac16105b87daf31c555a9a7f3e75cd35b19f837 Mon Sep 17 00:00:00 2001
From: Codeberg Translate <translate@codeberg.org>
Date: Mon, 16 Feb 2026 14:30:16 +0000
Subject: [PATCH 335/854] i18n: update of translations from Codeberg Translate

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: AbelFalcon <abelfalcon@noreply.codeberg.org>
Co-authored-by: Benedikt Straub <benedikt-straub@web.de>
Co-authored-by: Benniest <benniest@noreply.codeberg.org>
Co-authored-by: Bullbagaren <bullbagaren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Co-authored-by: Edgarsons <edgarsons@noreply.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Fnurkla <fnurkla@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: IPv6 <ipv6@noreply.codeberg.org>
Co-authored-by: Lzebulon <lzebulon@noreply.codeberg.org>
Co-authored-by: Outbreak2096 <outbreak2096@noreply.codeberg.org>
Co-authored-by: Sagor Islam <sagor_islam@noreply.codeberg.org>
Co-authored-by: SomeTr <sometr@noreply.codeberg.org>
Co-authored-by: Victor E. Chocho <vechocho@noreply.codeberg.org>
Co-authored-by: Vyxie <kitakita@disroot.org>
Co-authored-by: Wuzzy <wuzzy@disroot.org>
Co-authored-by: artnay <artnay@noreply.codeberg.org>
Co-authored-by: bespinas <bespinas@noreply.codeberg.org>
Co-authored-by: butterflyoffire <butterflyoffire@noreply.codeberg.org>
Co-authored-by: daltux <daltux@noreply.codeberg.org>
Co-authored-by: dimiro1 <dimiro1@noreply.codeberg.org>
Co-authored-by: hamburger <hamburger@noreply.codeberg.org>
Co-authored-by: hanklank <hanklank@noreply.codeberg.org>
Co-authored-by: hpcfzl <hpcfzl@noreply.codeberg.org>
Co-authored-by: jimkats <jimkats@noreply.codeberg.org>
Co-authored-by: jrosh <jrosh@noreply.codeberg.org>
Co-authored-by: justbispo <justbispo@noreply.codeberg.org>
Co-authored-by: kdh8219 <kdh8219@monamo.dev>
Co-authored-by: kmpm <kmpm@noreply.codeberg.org>
Co-authored-by: lordwektabyte <lordwektabyte@users.noreply.translate.codeberg.org>
Co-authored-by: lukesnc <lukesnc@noreply.codeberg.org>
Co-authored-by: marlena <marlena@noreply.codeberg.org>
Co-authored-by: nikee <nikee@noreply.codeberg.org>
Co-authored-by: psenakdotsk <psenakdotsk@noreply.codeberg.org>
Co-authored-by: sebastiaanspeck <sebastiaanspeck@noreply.codeberg.org>
Co-authored-by: sieni <sieni@noreply.codeberg.org>
Co-authored-by: sinsky <sinsky@noreply.codeberg.org>
Co-authored-by: sinsky <sinsky@users.noreply.translate.codeberg.org>
Co-authored-by: smlxdesign <smlxdesign@noreply.codeberg.org>
Co-authored-by: stkw0 <stkw0@noreply.codeberg.org>
Co-authored-by: tace16 <tace16@noreply.codeberg.org>
Co-authored-by: thomasboom <thomasboom@noreply.codeberg.org>
Co-authored-by: vmtj <vmtj@noreply.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Co-authored-by: yeager <yeager@noreply.codeberg.org>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/el/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fil/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ja/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/kab/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/lv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nb_NO/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ta/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/tok/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ar/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/bn/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/el/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/it/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ja/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/kab/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ko/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/sl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/tok/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/zh_Hant/
Translation: Forgejo/forgejo
Translation: Forgejo/forgejo-next
---
 options/locale/locale_ar.ini          |  16 +-
 options/locale/locale_bn.ini          |  11 +-
 options/locale/locale_ca.ini          | 583 +++++++++++++++++++++++++-
 options/locale/locale_de-DE.ini       |   2 +-
 options/locale/locale_el-GR.ini       |   6 +-
 options/locale/locale_es-ES.ini       |  11 +-
 options/locale/locale_fi-FI.ini       |  23 +-
 options/locale/locale_fr-FR.ini       |   2 +-
 options/locale/locale_it-IT.ini       |   6 +-
 options/locale/locale_ja-JP.ini       | 147 +++++--
 options/locale/locale_kab.ini         | 145 +++++++
 options/locale/locale_ko-KR.ini       |   2 +-
 options/locale/locale_nds.ini         |   2 +-
 options/locale/locale_nl-NL.ini       |   2 +-
 options/locale/locale_pt-BR.ini       |  22 +-
 options/locale/locale_pt-PT.ini       |   2 +-
 options/locale/locale_ru-RU.ini       |   6 +-
 options/locale/locale_sl.ini          |   2 +-
 options/locale/locale_sv-SE.ini       |  74 ++--
 options/locale/locale_tok.ini         |   8 +
 options/locale/locale_uk-UA.ini       | 310 +++++++-------
 options/locale/locale_zh-CN.ini       | 256 +++++------
 options/locale/locale_zh-TW.ini       |   4 +-
 options/locale_next/locale_ar.json    |   4 -
 options/locale_next/locale_be.json    |   4 -
 options/locale_next/locale_bg.json    |   4 -
 options/locale_next/locale_ca.json    |  16 +-
 options/locale_next/locale_cs-CZ.json |  96 ++---
 options/locale_next/locale_da.json    |   4 -
 options/locale_next/locale_de-DE.json |  12 +-
 options/locale_next/locale_el-GR.json |  25 +-
 options/locale_next/locale_eo.json    |   4 -
 options/locale_next/locale_es-ES.json |  13 +-
 options/locale_next/locale_et.json    |   4 -
 options/locale_next/locale_fi-FI.json |   4 -
 options/locale_next/locale_fil.json   |  23 +-
 options/locale_next/locale_fr-FR.json |  13 +-
 options/locale_next/locale_ga.json    |   4 -
 options/locale_next/locale_gl.json    |   4 -
 options/locale_next/locale_he.json    |   4 -
 options/locale_next/locale_hi.json    |   4 -
 options/locale_next/locale_id-ID.json |   4 -
 options/locale_next/locale_it-IT.json |   4 -
 options/locale_next/locale_ja-JP.json |  14 +-
 options/locale_next/locale_kab.json   |  45 +-
 options/locale_next/locale_lv-LV.json |  14 +-
 options/locale_next/locale_nb_NO.json |  80 +++-
 options/locale_next/locale_nds.json   |  12 +-
 options/locale_next/locale_nl-NL.json |  67 ++-
 options/locale_next/locale_pl-PL.json |   4 -
 options/locale_next/locale_pt-BR.json |  16 +-
 options/locale_next/locale_pt-PT.json |   8 +-
 options/locale_next/locale_ru-RU.json |  78 ++--
 options/locale_next/locale_sk-SK.json |  16 +-
 options/locale_next/locale_sr-SP.json |   4 -
 options/locale_next/locale_sv-SE.json | 153 ++++---
 options/locale_next/locale_ta.json    |  29 +-
 options/locale_next/locale_th.json    |   4 -
 options/locale_next/locale_tok.json   |   7 +-
 options/locale_next/locale_tr-TR.json |   4 -
 options/locale_next/locale_uk-UA.json |  14 +-
 options/locale_next/locale_uz.json    |   4 -
 options/locale_next/locale_vi.json    |   4 -
 options/locale_next/locale_zh-CN.json |   8 +-
 options/locale_next/locale_zh-TW.json |   4 -
 65 files changed, 1745 insertions(+), 736 deletions(-)

diff --git a/options/locale/locale_ar.ini b/options/locale/locale_ar.ini
index ee7bac75a6..41bda7f325 100644
--- a/options/locale/locale_ar.ini
+++ b/options/locale/locale_ar.ini
@@ -2083,10 +2083,10 @@ variables.management = إدارة المتغيرات
 runners.task_list.repository = المستودع
 variables = المتغيرات
 variables.deletion.description = إزالة المتغيرات عملية نهائية لا يمكن التراجع عنها. أتريد الاستمرار؟
-status.failure = "فشل"
+status.failure = فشل
 runners.status.idle = خامل
 runners.task_list.done_at = تم عند
-status.running = "يعمل"
+status.running = يعمل
 runners.status.active = نشيط
 runners.status = الحالة
 runners.description = الوصف
@@ -2094,15 +2094,15 @@ runners.update_runner = حدّث التغييرات
 runners.name = الاسم
 runners.version = النسخة
 runs.status = الحالة
-status.unknown = "مجهول"
+status.unknown = مجهول
 runners.owner_type = النوع
-status.waiting = "ينتظر"
+status.waiting = ينتظر
 runners.labels = التصنيفات
 runners.status.unspecified = مجهول
 runs.commit = إيداع
-status.success = "نجح"
+status.success = نجح
 runs.empty_commit_message = (رسالة إيداع فارغة)
-status.cancelled = "ملغي"
+status.cancelled = ملغي
 runs.status_no_select = كل الحالات
 runs.scheduled = مُجدوَل
 variables.edit = عدّل المتغير
@@ -2227,8 +2227,8 @@ default_key = موقّع بالمفتاح المبدئي
 error.extract_sign = تعذّر استخراج التوقيع
 error.generate_hash = تعذّر إنشاء بصمة الإيداع
 error.no_committer_account = لا حساب مرتبط ببريد المودِع
-error.not_signed_commit = "ليس إيداعًا موقّعًا"
-error.failed_retrieval_gpg_keys = "تعذّر جلب مفتاح مرتبط بحساب المودِع"
+error.not_signed_commit = ليس إيداعًا موقّعًا
+error.failed_retrieval_gpg_keys = تعذّر جلب مفتاح مرتبط بحساب المودِع
 
 [graphs]
 component_loading = يحمّل %s...
diff --git a/options/locale/locale_bn.ini b/options/locale/locale_bn.ini
index 2155f9073c..1b90534602 100644
--- a/options/locale/locale_bn.ini
+++ b/options/locale/locale_bn.ini
@@ -1,8 +1,11 @@
 [common]
 help = সাহায্য
 dashboard = ড্যাশবোর্ড
-home = বাড়ি
-explore = দেখোণ
+home = হোম
+explore = এক্সপ্লোর
 logo = লোগো
-sign_in = সাইণ ইণ
-sign_in_or = বা
\ No newline at end of file
+sign_in = সাইন ইন
+sign_in_or = বা
+sign_out = সাইন আউট
+sign_in_with_provider = %s দিয়ে সাইন-ইন করুন
+sign_up = নিবন্ধন করুন
\ No newline at end of file
diff --git a/options/locale/locale_ca.ini b/options/locale/locale_ca.ini
index 7ae7f3b98d..baefa88c67 100644
--- a/options/locale/locale_ca.ini
+++ b/options/locale/locale_ca.ini
@@ -195,7 +195,7 @@ title = Configuració inicial
 docker_helper = Si executes Forgejo a Docker, si us plau llegeis la <a target="_blank" rel="noopener noreferrer" href="%s">documentació</a> abans de canviar qualsevol configuració.
 require_db_desc = Forgejo requereix de MySQL, PostreSQL, SQLite3 o TiDB (protocol MySQL).
 db_title = Configuració de la base de dades
-path = Ruta
+path = Camí
 sqlite_helper = Ruta al fitxer de la base de dades SQLite3. <br>Introduex la ruta absoluta si executes Forgejo com a servei.
 user = Nom d'usuari
 db_schema = Esquema
@@ -206,7 +206,7 @@ reinstall_confirm_message = Reinstaŀlar amb una base de dades existent de Forge
 no_admin_and_disable_registration = No pot deshabilitar l'autoregistre d'usuaris sense crear un compte d'administrador.
 err_admin_name_is_reserved = El nom d'usuari "Administrador" no es vàlid: està reservat
 smtp_addr = Hoste SMTP
-smtp_port = Port SMPT
+smtp_port = Port SMTP
 smtp_from = Enviar correu com a
 mailer_user = Nom d'usuari SMTP
 err_admin_name_pattern_not_allowed = El nom d'usuari de l'administrador no es vàlid: coincideix amb un patró reservat
@@ -255,7 +255,7 @@ app_slogan_helper = Escriu l'eslogan de la teva instància aquí. Deixa buit per
 repo_path = Ruta de l'arrel del repositori
 log_root_path_helper = Els arxius dels registres es s'escriuran en aquest directori.
 optional_title = Configuracions opcionals
-host = Hoste
+host = Amfitrió
 lfs_path = Ruta arreal de Git LFS
 run_user = Executar com a usuari
 domain_helper = Domini o adreça de l'hosta per al servidor.
@@ -397,7 +397,7 @@ twofa_passcode_incorrect = El codi d'accés és incorrecte. Si heu perdut el dis
 oauth_signin_tab = Vincular a un compte existent
 oauth.signin.error = Hi ha hagut un error processant la sol·licitud d'autorització. Si persisteix, poseu-vos en contacte amb l'administrador del lloc.
 disable_forgot_password_mail_admin = La recuperació de comptes només està disponible quan s'ha configurat el correu electrònic. Si us plau, configureu el correu electrònic per a habilitar la recuperació de comptes.
-non_local_account = Els usuaris no locals no poden actualitzar la seva contrasenya mitjançant l'interfície web de Forgejo.
+non_local_account = No es permet actualitzar la contrasenya dels usuaris externs (no locals) des de la pàgina web de Forgejo.
 openid_register_desc = No s'ha reconegut la URI OpenID. Vinculeu-la amb un compte nou aquí.
 openid_connect_desc = No s'ha reconegut la URI OpenID. Vinculeu-la amb un compte nou aquí.
 sign_in_openid = Accediu amb OpenID
@@ -513,7 +513,7 @@ totp_disabled.no_2fa = Ja no hi ha altres mètodes d'autenticació de doble fact
 removed_security_key.no_2fa = Ja no hi ha altres mètodes d'autenticació de doble factor configurats, per la qual cosa ja no és necessari iniciar sessió al vostre compte mitjançat autenticació de doble factor.
 reset_password = Recupereu el vostre compte
 reset_password.text = Si heu sigut vós, cliqueu el següent enllaç per recuperar el vostre compte abans de <b>%s</b>:
-totp_enrolled.text_1.has_webauthn = Heu habilitat el TOTP per al vostre compte. Això vol dir que, per a totes les futures connexions al vostre compte, podreu utilitzar el TOTP com a mètode d'autenticació en dos passos (2FA) o bé utilitzar qualsevol de les vostres claus de seguretat.
+totp_enrolled.text_1.has_webauthn = Heu activat TOTP pel vostre compte. Això vol dir que podreu usar TOTP com a mètode d'autenticació de doble factor a tots els inicis de sessió futurs al vostre compte, o bé usar qualsevol de les vostres claus de seguretat.
 issue.action.force_push = <b>%[1]s</b> ha realitzat un «force push» de <b>%[2]s</b> des de %[3]s fins a %[4]s.
 issue.action.ready_for_review = <b>@%[1]s</b> ha marcat aquesta «pull request» com a preparada per a la revisió.
 issue.in_tree_path = A %s:
@@ -554,7 +554,7 @@ last_org_owner = No podeu eliminar l'últim usuari de l'equip "propietaris". Una
 duplicate_invite_to_team = L'usuari ja ha estat convidat com a membre de l'equip.
 Biography = Biografia
 RepoName = Nom del repositori
-TeamName = Nom de l' equip
+TeamName = Nom de l'equip
 To = Nom de la branca
 NewBranchName = Nom de la nova branca
 Content = Contingut
@@ -619,6 +619,9 @@ repository_force_private = S'ha activat "Forçar privat": els repositoris privat
 2fa_auth_required = L'accés remot requereix una autenticació de doble factor.
 visit_rate_limit = S'ha sobrepassat la taxa de visita remota.
 unset_password = L'usuari no ha establert una contrasenya.
+invalid_ssh_principal = Principal invàlid: %s
+team_no_units_error = Permet l'accés a una secció del repositori com a mínim.
+unsupported_login_type = El tipus d'accés no permet eliminar el compte.
 
 [settings]
 pronouns = Pronoms
@@ -705,7 +708,7 @@ theme_desc = Aquest tema s'usarà per a la interfície web quan hàgiu iniciat s
 activated = Activat
 requires_activation = Requereix activació
 activations_pending = Activacions pendents
-can_not_add_email_activations_pending = Hi ha una activació pendent, proveu de nou en uns minuts si voleu afegir un nou correu electrònic.
+can_not_add_email_activations_pending = Hi ha una activació pendent. Si voleu afegir una nova adreça de correu electrònic, proveu-ho de nou en uns minuts.
 email_deletion = Elimina l'adreça de correu electrònic
 email_deletion_desc = Aquesta adreça de correu electrònic i la informació relacionada s'eliminaran del vostre compte. Els commits de Git fets amb ella romandran sense canvis. Continuar?
 email_deletion_success = S'ha eliminat l'adreça de correu electrònic.
@@ -907,6 +910,38 @@ user_block_yourself = No us podeu bloquejar.
 quota.applies_to_user = Les regles de quota següents s'apliquen al vostre compte
 quota.applies_to_org = Les regles de quota següents s'apliquen a aquesta organització
 quota.rule.exceeded = Sobrepassat
+manage_ssh_principals = Gestiona els Certificats de Principals SSH
+principal_desc = Aquests certificats principals d'SSH són associats al vostre compte i permeten accés complet als vostres repositoris.
+add_new_principal = Afegir principal
+ssh_principal_been_used = Aquest principal ja s'ha afegit al servidor.
+add_principal_success = S'ha afegit el certificat principal SSH "%S".
+ssh_principal_deletion = Eliminar Certificat Principal SSH
+ssh_principal_deletion_desc = Eliminar un Certificat Principal SSH revoca el seu accés al vostre compte. Continuar?
+ssh_principal_deletion_success = S'ha eliminat el principal.
+principal_state_desc = Aquest principal s'ha usat en els darrers 7 dies
+change_username_redirect_prompt.with_cooldown.one = El nom d'usuari antic estarà disponible per a tothom després d'%[1]d dia. Podeu reclamar-lo abans que passi aquest temps.
+change_username_redirect_prompt.with_cooldown.few = El nom d'usuari antic estarà disponible per a tothom després de %[1]d dies. Podeu reclamar-lo abans que passi aquest temps.
+additional_repo_units_hint_description = Mostra un suggeriment per "Habilitar-ne més" pels repositoris que no tenen habilitades totes les unitats.
+comment_type_group_lock = Estat del bloqueig
+choose_new_avatar = Escolliu un nou avatar
+primary_email = Fer-la principal
+activate_email = Enviar l'activació
+email_preference_set_success = S'ha configurat correctament la preferència de correu electrònic.
+keep_email_private_popup = La vostra adreça de correu electrònic no es mostrarà al vostre perfil i no serà la predeterminada pels commits fets mitjançat la interfície web, com ara pujades de fitxers, modificacions i commits de fusió. En el seu lloc, una adreça especial %s es pot fer servir per enllaçar commits al vostre compte. Aquesta opció no afectarà els commits ja existents.
+add_key = Afegir una clau
+gpg_key_matched_identities_long = Les identitats incrustades en aquesta clau coincideixen amb les següents adreces de correu electrònic activades per aquest usuari. Els commits coincidents amb aquestes adreces de correu electrònic es poden verificar amb aquesta clau.
+gpg_token_signature = Firma GPG blindada
+ssh_token_signature = Firma SSH blindada
+ssh_key_deletion_desc = Eliminar una clau SSH en revocarà l'accés al vostre compte. Voleu continuar?
+gpg_key_deletion_desc = Eliminar una clau GPG des-verificarà els commits firmats per ella. Voleu continuar?
+valid_until_date = Vàlid fins %s
+repo_and_org_access = Accés al repositori i a l'organització
+webauthn_delete_key = Eliminar una clau de seguretat
+webauthn_alternative_tip = Segurament voldreu configurar un mètode d'autenticació addicional.
+remove_account_link = Eliminar el compte vinculat
+email_notifications.onmention = Enviar correus electrònics només quan se us mencioni
+blocked_since = Bloquejat des de %s
+quota.sizes.assets.attachments.releases = Fitxers adjunts a la publicació
 
 [repo]
 settings.basic_settings = Configuració bàsica
@@ -1307,7 +1342,7 @@ pulls = Sol·licituds d'extracció
 project = Projectes
 org_labels_desc = Etiquetes de nivell d'organització que es poden usar amb <strong>tots els repositoris</strong> dins d'aquesta organització
 released_this = ha publicat això
-file_view_source = Veure la font
+file_view_source = Veure el codi font
 file_too_large = El fitxer és massa gran per ser mostrat.
 invisible_runes_header = `Aquest fitxer conté caràcters Unicode invisibles`
 invisible_runes_description = `Aquest fitxer conté caràcters Unicode invisibles que són indistingibles pels humans però que un ordinador pot processar de manera diferent. Si creieu que això és intencional, podeu ignorar aquest avís. Useu el botó Esc per revelar-los.`
@@ -1436,7 +1471,7 @@ issues.ref_closing_from = `<a href="%[2]s">ha fet referència a aquesta incidèn
 issues.ref_reopening_from = `<a href="%[2]s">ha fet referència a aquesta incidència en una sol·licitud d'extracció %[3]s que la reobrirà</a>, %[1]s`
 issues.author.tooltip.issue = Aquest usuari és l'autor d'aquesta incidència.
 issues.author.tooltip.pr = Aquest usuari és l'autor d'aquesta sol·licitud d'extracció.
-issues.role.owner_helper = Aquest usuari és el propietari d'aquest repositori.
+issues.role.owner_helper = Aquest usuari és un propietari d'aquest repositori.
 issues.role.member_helper = Aquest usuari és membre de la organització a la qual pertany aquest repositori.
 issues.role.collaborator_helper = S'ha convidat aquest usuari a col·laborar al repositori.
 issues.role.first_time_contributor = Col·laborador per primera vegada
@@ -1645,6 +1680,470 @@ migrate_options_lfs_endpoint.label = Punt final LFS
 migrate_options_lfs_endpoint.description = En migrar, s'intentarà utilitzar el vostre remot git per a <a target="_blank" rel="noopener noreferrer" href="%s">determinar el servidor LFS</a>. També podeu especificar un punt final personalitzat si les dades LFS del repositori són en un altre lloc.
 migrate_options_lfs_endpoint.placeholder = Si ho deixeu en blanc, el punt final derivarà de l'URL de clonació
 migrate_items_pullrequests = Pull requests
+generated_from = generat des de
+editor.update = Actualitzar %s
+diff.whitespace_ignore_at_eol = Ignorar els canvis en els espais en blanc al final de la línia
+diff.stats_desc = <strong> %d fitxers modificats</strong> amb <strong>%d afegits</strong> i <strong>%d supressions</strong>
+diff.git-notes = Notes
+diff.git-notes.add = Afegir nota
+diff.git-notes.remove-header = Eliminar nota
+diff.git-notes.remove-body = Aquesta nota no s'eliminarà.
+diff.data_not_available = El contingut del diff no és disponible
+diff.options_button = Opcions del diff
+diff.download_patch = Baixa el fitxer pedaç
+diff.download_diff = Baixa el fitxer de diff
+diff.show_split_view = Vista dividida
+diff.show_unified_view = Vista única
+diff.whitespace_show_everything = Mostrar tots els canvis
+diff.whitespace_ignore_all_whitespace = Ignora els espais en blanc quan es comparin línies
+diff.whitespace_ignore_amount_changes = Ignora els canvis en el nombre d'espais en blanc
+diff.stats_desc_file = %d canvis: %d afegits i %d supressions
+diff.bin_not_shown = No es mostra el fitxer binari.
+diff.view_file = Visualitza el fitxer
+diff.file_suppressed = S'ha suprimit el fitxer diff perquè és massa gran
+diff.file_suppressed_line_too_long = S'ha suprimit el fitxer de diff perquè una o més línies són massa llargues
+diff.too_many_files = Alguns fitxers no es mostren perquè hi ha massa modificacions de fitxers en aquest diff
+diff.show_more = Mostra'n més
+diff.load = Carrega el diff
+diff.generated = generat
+diff.comment.add_line_comment = Afegeix un comentari de línia
+diff.comment.placeholder = Fes un comentari
+diff.comment.add_single_comment = Afegeix només un comentari
+diff.comment.add_review_comment = Afegeix un comentari
+diff.comment.start_review = Comença la revisió
+diff.comment.reply = Respon
+diff.review = Acaba la revisió
+diff.review.header = Lliura la revisió
+diff.review.placeholder = Revisa el comentari
+diff.review.comment = Comentari
+diff.review.approve = Aprova
+diff.review.self_reject = Els autors de la «pull request» no en poden demanar canvis
+diff.review.reject = Demana canvis
+diff.review.self_approve = Els autors de la «pull request» no la poden aprovar
+diff.committed_by = comès per
+diff.protected = Protegit
+diff.image.side_by_side = L'un vora l'altre
+diff.image.swipe = Llisca
+diff.image.overlay = Sobreposa
+diff.show_file_tree = Mostra l'arbre de fitxers
+diff.hide_file_tree = Amaga l'arbre de fitxers
+release.releases = Publicacions
+release.detail = Detalls de la publicació
+release.tags = Etiquetes
+release.new_release = Nova publicació
+release.draft = Esborrany
+release.prerelease = Pre-publicació
+release.stable = Estable
+release.compare = Compara
+release.edit = Edita
+release.ahead.commits = <strong>%d</strong> commits
+release.ahead.target = a %s des d'aquesta publicació
+release.source_code = Codi font
+release.new_subheader = Les publicacions organitzen les versions del projecte.
+release.edit_subheader = Les publicacions organitzen les versions del projecte.
+release.tag_name = Nom de l'etiqueta
+release.target = Objectiu
+release.tag_helper = Escull una etiqueta preexistent o crea'n una.
+release.tag_helper_new = Nova etiqueta. Aquesta etiqueta es crearà des de l'objectiu.
+release.tag_helper_existing = Etiqueta preexistent.
+release.title = Nom de publicació
+release.title_empty = El títol no pot ser buit.
+release.message = Descriu aquesta publicació
+release.prerelease_desc = Marca-ho com a pre-publicació
+release.prerelease_helper = Marca aquesta publicació com a inadequada en producció.
+release.cancel = Cancel·la
+release.publish = Publica la publicació
+release.save_draft = Desa un esborrany
+release.edit_release = Actualitza la publicació
+release.delete_release = Elimina la publicació
+release.delete_tag = Elimina l'etiqueta
+release.deletion = Elimina la publicació
+release.deletion_desc = Eliminar una publicació només l'esborra de Forgejo. Això no afectarà l'etiqueta Git, el contingut del vostre repositori o la seva història. Continuar?
+release.deletion_success = La publicació s'ha suprimit.
+release.deletion_tag_desc = S'esborrarà aquesta etiqueta del repositori. El contingut del repositori i la seva història no es modificaran. Continuar?
+release.deletion_tag_success = L'etiqueta s'ha eliminat.
+release.tag_name_already_exist = Ja hi ha una publicació amb aquest nom d'etiqueta.
+release.tag_name_invalid = El nom d'etiqueta no és vàlid.
+release.tag_name_protected = El nom d'etiqueta és protegit.
+release.downloads = Baixades
+fork_repo = Bifurca el repositori
+fork_from = Bifurcar des de
+create_new_repo_command = Crea un nou repositori a la línia de comandes
+push_exist_repo = Puja un repositori ja existent des de la línia de comandes
+empty_message = Aquest repositori està buit.
+broken_message = Les dades Git d'aquest repositori no es poden llegir. Contacta amb l'administrador d'aquesta instància o suprimeix aquest repositori.
+code.desc = Accedeix al codi font, els fitxers, els commits i les branques.
+clear_ref = `Esborra la referència actual`
+filter_branch_and_tag = Filtra per branca o etiqueta
+find_tag = Cerca etiqueta
+delete_preexisting_success = S'ha suprimit els fitxers no-adoptats a %s
+author_search_tooltip = Es mostra un màxim de 30 usuaris
+summary_card_alt = Resum del repositori %s
+tree_path_not_found.commit = El camí %[1]s no existeix al commit %[2]s
+tree_path_not_found.branch = El camí %[1]s no existeix a la branca %[2]s
+tree_path_not_found.tag = El camí %[1]s no existeix a l'etiqueta %[2]s
+transfer.accept = Accepta la transferència
+transfer.accept_desc = Transfereix a "%s"
+transfer.reject = Denega la transferència
+transfer.reject_desc = Cancel·la la transferència a "%s"
+transfer.no_permission_to_accept = No teniu permisos per acceptar aquesta transferència.
+transfer.no_permission_to_reject = No teniu permisos per denegar aquesta transferència.
+template.items = Ítems de la plantilla
+template.git_content = Contingut Git (Branca predeterminada)
+template.git_hooks = Ganxos Git
+migrate_repo = Migra el repositori
+migrate.repo_desc_helper = Deixa-ho buit per importar la descripció existent
+migrate.clone_address = Migra / Clona des d'una URL
+migrate.clone_address_desc = L'URL d'HTTP(S) o de Git "clone" d'un repositori ja existent
+migrate.permission_denied = No podeu importar repositoris locals.
+migrate.invalid_local_path = El camí local és invàlid. No existeix o no és un directori.
+migrate.invalid_lfs_endpoint = El punt final LFS no és vàlid.
+migrate.failed = La migració ha fallat: %v
+migrate.migrate_items_options = Cal un testimoni d'accés per migrar els ítems addicionals
+migrated_from = Migrat des de <a href="%[1]s">%[2]s</a>
+migrated_from_fake = Migrat des de %[1]s
+migrate.migrate = Migra des de %s
+migrate.migrating = S'està migrant des de <b>%s</b> …
+migrate.migrating_failed = La migració des de <b>%s</b> ha fallat.
+migrate.migrating_failed.error = No s'ha pogut migrar: %s
+migrate.migrating_failed_no_addr = La migració ha fallat.
+migrate.migrating_git = Migrant dades Git
+migrate.migrating_topics = Migrant tòpics
+migrate.migrating_milestones = Migrant fites
+migrate.migrating_labels = Migrant etiquetes
+migrate.migrating_releases = Migrant publicacions
+migrate.migrating_issues = Migrant problemes
+migrate.migrating_pulls = Migrant «pull requests»
+migrate.cancel_migrating_title = Cancel·la la migració
+migrate.cancel_migrating_confirm = Voleu cancel·lar aquesta migració?
+mirror_from = mirall de
+forked_from = bifurcat des de
+fork_from_self = No podeu bifurcar un repositori que us pertany.
+fork_guest_user = Inicia sessió per bifurcar aquest repositori.
+watch_guest_user = Inicia sessió per vigilar aquest repositori.
+star_guest_user = Inicia sessió per destacar aquest repositori.
+subscribe.issue.guest.tooltip = Inicia sessió per subscriure't a aquest problema.
+subscribe.pull.guest.tooltip = Inicia sessió per subscriure't a aquesta «pull request».
+more_operations = Més operacions
+no_desc = Sense descripció
+quick_guide = Guia ràpida
+clone_this_repo = Clona aquest repositori
+cite_this_repo = Cita aquest repositori
+repo_gitignore_helper_desc = Escolliu de quins fitxers no s'ha de fer seguiment d'una llista de plantilles per llenguatges comuns. Els artefactes típics generats per les eines de construcció de cada llenguatge estan incloses al .gitignore de manera predeterminada.
+readme_helper_desc = Aquí podeu escriure una descripció completa del vostre projecte.
+mirror_interval = Interval de rèplica (les unitats de temps vàlides són "h", "m", "s"). 0 per desactivar la sincronització periòdica. (Interval mínim: %s)
+mirror_use_ssh.helper = Si seleccioneu aquesta opció, Forgejo replicarà el repositori mitjançant Git per SSH i us crearà una parella de claus. Heu d'assegurar-vos que la clau pública generada estigui autoritzada per publicar al repositori de destí. No podreu fer servir autenticació basada en contrasenyes.
+n_commit_one = %s commit
+n_commit_few = %s commits
+n_branch_one = Branca %s
+n_branch_few = Branques %s
+n_tag_one = Etiqueta %s
+n_tag_few = Etiquetes %s
+migrate_items_merge_requests = Sol·licituds de fusió
+migrate.github_token_desc = Podeu posar un o més testimonis separats amb comes per fer que la migració sigui més ràpida, evitant així el límit de taxa de l'API de GitHub. ATENCIÓ: Abusar aquesta funció pot anar en contra de la política de servei del proveïdor i pot comportar el bloqueig del/s vostre/s compte/s.
+migrate.clone_local_path = o el camí a un servidor local
+migrate.permission_denied_blocked = No podeu importar des d'amfitrions rebutjats, si us plau, demaneu a l'administrador que comprovi les configuracions ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS.
+n_release_one = Publicació %s
+n_release_few = Publicacions %s
+file.title = %s a %s
+file_view_rendered = Veure renderitzat
+file_view_raw = Veure cru
+editor.commit_directly_to_this_branch = Feu un commit directament a la branca <strong class="%[2]s">%[1]s</strong>.
+editor.new_branch_name = Anomena la nova branca per a aquest commit
+editor.file_already_exists = Ja hi ha un fitxer anomenat "%S" en aquest repositori.
+editor.commit_id_not_matching = El fitxer ha canviat mentre l'editaves. Fes un commit a una nova branca i llavors fusiona-la.
+editor.push_out_of_date = La pujada està desactualitzada.
+editor.commit_empty_file_header = Fes un commit d'un fitxer buit
+editor.user_no_push_to_branch = L'usuari no pot pujar a la branca
+editor.revert = Retorna %s a:
+editor.commit_email = Adreça electrònica del commit
+commits.no_commits = No hi ha commits en comú. "%s" i "%s" tenen històries completament diferents.
+commits.view_path = Veure en aquest punt de la història
+commits.view_single_diff = Veure els canvis fets en aquest fitxer introduïts en aquest commit
+commit.revert-header = Retorna: %s
+commit.revert-content = Selecciona una branca per retornar-hi:
+projects.type.basic_kanban = Kanban bàsic
+projects.column.set_default_desc = Estableix aquesta columna com a predeterminada per als problemes i pulls sense categoria
+projects.card_type.desc = Previsualització de targeta
+issues.filter_assignees = Filtrar assignats
+issues.filter_reviewers = Filtrar revisor
+issues.new.open_projects = Projectes oberts
+issues.new.open_milestone = Fites obertes
+issues.new.clear_assignees = Esborra assignats
+issues.new.no_assignees = Sense assignats
+issues.new.assign_to_me = Assigna-m'ho
+issues.new.no_reviewers = Sense revisors
+issues.edit.already_changed = No s'han pogut desar els canvis al problema. Sembla que un altre usuari n'ha modificat el contingut. Si us plau, refresqueu la pàgina i intenteu-ho un altre cop per evitar reescriure els seus canvis
+issues.choose.get_started = Començar
+issues.choose.blank_about = Crea un problema a partir de la plantilla per defecte.
+issues.choose.invalid_config = La configuració del problema té errors:
+issues.label_templates.use = Utilitza una etiqueta predeterminada
+issues.label_templates.fail_to_load_file = No s'ha pogut carregar el fitxer d'etiqueta predeterminada "%s": %v
+issues.add_label = s'ha afegit l'etiqueta %s %s
+issues.add_labels = s'han afegit les etiquetes %s %s
+issues.remove_label = s'ha esborrat l'etiqueta %s %s
+issues.remove_labels = s'han esborrat les etiquetes %s %s
+issues.add_remove_labels = s'han afegit %s etiquetes i esborrat %s %s
+issues.add_milestone_at = `s'ha afegit a la fita <b>%s</b> %s`
+issues.add_project_at = `s'ha afegit al projecte <b>%s</b> %s`
+issues.change_milestone_at = `s'ha modificat la fita des de <b>%s</b> a <b>%s</b> %s`
+issues.change_project_at = `s'ha modificat el projecte des de <b>%s</b> a <b>%s</b> %s`
+issues.remove_milestone_at = `s'ha eliminat de la fita <b>%s</b> %s`
+issues.remove_project_at = `s'ha eliminat del projecte <b>%s</b> %s`
+issues.self_assign_at = `s'ha auto-assignat aquest %s`
+issues.add_assignee_at = `va ser assignat per <b>%s</b> %s`
+issues.remove_assignee_at = `va ser desassignat per <b>%s</b> %s`
+issues.remove_self_assignment = `s'ha eliminat la seva tasca %s`
+issues.change_title_at = `s'ha canviat el títol de <b><strike>%s</strike></b> a <b>%s</b> %s`
+issues.change_ref_at = `s'ha canviat la referència de <b><strike>%s</strike></b> a <b>%s</b> %s`
+issues.remove_ref_at = `s'ha eliminat la referència <b>%s</b> %s`
+issues.add_ref_at = `s'ha afegit la referència <b>%s</b> %s`
+issues.delete_branch_at = `s'ha eliminat la branca <b>%s</b> %s`
+issues.filter_label_no_select = Totes les etiquetes
+issues.filter_label_select_no_label = Sense etiqueta
+issues.filter_milestone_none = Sense fites
+issues.filter_milestone_open = Fites obertes
+issues.filter_milestone_closed = Fites tancades
+issues.filter_project_all = Tots els projectes
+issues.filter_project_none = Sense projecte
+issues.filter_assginee_no_select = Tots els assignats
+issues.filter_assginee_no_assignee = Sense assignat
+issues.filter_poster_no_select = Tots els autors
+issues.filter_type.all_pull_requests = Totes les «pull requests»
+issues.filter_type.all_issues = Tots els problemes
+issues.filter_type.assigned_to_you = Tasques que tens assignades
+issues.filter_type.created_by_you = Creat per tu
+issues.filter_type.mentioning_you = Que et mencionen
+issues.filter_type.review_requested = S'ha demanat la revisió
+issues.filter_type.reviewed_by_you = Revisats per tu
+issues.filter_sort.relevance = Rellevància
+issues.filter_sort.recentupdate = Actualitzats recentment
+issues.filter_sort.leastupdate = Actualitzats menys recentment
+issues.filter_sort.leastcomment = Menys comentats
+issues.filter_sort.nearduedate = A prop de la data de venciment
+issues.filter_sort.farduedate = Lluny de la data de venciment
+issues.filter_sort.moststars = Més destacats
+issues.filter_sort.feweststars = Menys destacats
+issues.action_assignee_no_select = Sense assignat
+pulls.merged_by = per <a href="%[2]s">%[3]s</a> s'ha fusionat %[1]s
+issues.closed_by = per <a href="%[2]s">%[3]s</a> s'ha tancat %[1]s
+issues.context.menu = Menú de comentari
+issues.comment_pull_merged_at = s'ha fusionat el commit %[1]s a %[2]s %[3]s
+issues.comment_manually_pull_merged_at = s'ha fusionat el commit %[1]s manualment a %[2]s %[3]s
+issues.is_stale = Hi ha hagut canvis a aquest PR des de la revisió
+issues.archived_label_description = (Arxivats) %s
+editor.signoff_desc = Afegeix un "Signat per" seguit de l'autor al final del missatge del commit.
+issues.role.contributor_helper = Aquest usuari ja ha fet commits en aquest repositori.
+issues.label.filter_sort.reverse_alphabetically = Capgira-ho alfabèticament
+issues.label.filter_sort.by_size = Mida més petita
+issues.label.filter_sort.reverse_by_size = Mida més gran
+issues.num_participants_one = %d participant
+issues.num_participants_few = %d participants
+issues.tracker = Rastrejador de temps
+issues.start_tracking_short = Inicia el temporitzador
+issues.start_tracking = Inicia el rastreig de temps
+issues.start_tracking_history = `s'ha començat %s`
+issues.tracker_auto_close = El temporitzador s'aturarà automàticament quan el problema s'hagi resolt
+issues.tracking_already_started = `Ja has començat a rastrejar el temps en <a href="%s">un altre problema</a>!`
+issues.stop_tracking = Atura el temporitzador
+issues.stop_tracking_history = `s'ha aturat %s`
+issues.cancel_tracking_history = `s'ha cancel·lat el rastreig de temps %s`
+issues.add_time = Afegeix el temps manualment
+issues.del_time = Elimina aquest registre de temps
+issues.add_time_short = Afegeix temps
+issues.add_time_history = `s'ha afegit temps passat %s`
+issues.del_time_history = `s'ha eliminat temps passat %s`
+issues.add_time_sum_to_small = No s'ha introduït temps.
+issues.time_spent_from_all_authors = `Temps total: %s`
+issues.due_date = Data de venciment
+issues.push_commit_1 = s'ha afegit %d commit %s
+issues.push_commits_n = s'ha afegit %d commits %s
+issues.force_push_codes = `s'ha forçat la pujada %[1]s des de <a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s a <a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s %[6]s`
+issues.due_date_not_set = No s'ha establert una data de venciment.
+issues.due_date_added = s'ha afegit la data de venciment %s %s
+issues.due_date_modified = s'ha modificat la data de venciment de %[2]s a %[1]s %[3]s
+issues.due_date_remove = s'ha eliminat la data de venciment %s %s
+issues.due_date_invalid = La data de venciment no és vàlida o és fora de rang. Si us plau, useu el format "aaaa-mm-dd".
+issues.dependency.issue_no_dependencies = No s'han establert dependències.
+issues.dependency.no_permission_1 = No teniu permisos per llegir %d dependència
+issues.dependency.no_permission_n = No teniu permisos per llegir %d dependències
+issues.dependency.no_permission.can_remove = No teniu permisos per llegir aquesta dependència, però la podeu eliminar
+issues.dependency.add = Afegir dependència…
+issues.dependency.remove_info = Eliminar aquesta dependència
+issues.dependency.added_dependency = `s'ha afegit una nova dependència %s`
+issues.dependency.removed_dependency = `s'ha eliminat una dependència %s`
+issues.dependency.pr_closing_blockedby = No es pot tancar aquesta «pull request» perquè té els següents problemes
+issues.dependency.issue_closing_blockedby = No es pot tancar aquest problema perquè té els següents problemes
+issues.dependency.issue_close_blocks = Aquest problema bloqueja el tancament d'aquests altres problemes
+issues.dependency.pr_close_blocks = Aquesta «pull request» bloqueja el tancament d'aquests problemes
+issues.dependency.issue_close_blocked = Heu de tancar tots els problemes que en bloquegen el tancament d'aquest.
+issues.dependency.issue_batch_close_blocked = No es poden tancar tots els problemes marcats perquè el problema #%d encara té dependències obertes
+issues.dependency.pr_close_blocked = Heu de tancar tots els problemes que bloquegen aquesta «pull request» abans de fusionar-la.
+issues.dependency.blocked_by_short = Depèn de
+issues.dependency.pr_remove_text = Això eliminarà la dependència d'aquesta «pull request». Continuar?
+issues.dependency.setting = Activa les dependències per a problemes i «pull requests»
+issues.dependency.add_error_same_issue = No podeu fer que un problema depengui d'ell mateix.
+issues.dependency.add_error_dep_issue_not_exist = El problema que en depèn no existeix.
+issues.dependency.add_error_dep_not_exist = La dependència no existeix.
+issues.dependency.add_error_dep_exists = La dependència ja existeix.
+issues.dependency.add_error_cannot_create_circular = No podeu crear una dependència amb dos problemes que es bloquegen mútuament.
+issues.dependency.add_error_dep_not_same_repo = Els dos problemes han d'ésser al mateix repositori.
+issues.review.self.approval = No podeu aprovar la vostra «pull request».
+issues.review.self.rejection = No podeu sol·licitar canvis en la vostra «pull request».
+issues.review.approve = ha aprovat aquests canvis %s
+issues.review.comment = ha revisat %s
+issues.review.dismissed = ha rebutjat la revisió de %s %s
+issues.review.left_comment = ha fet un comentari
+issues.review.content.empty = Heu de fer un comentari indicant els canvis que sol·liciteu.
+issues.review.reject = canvis sol·licitats %s
+issues.review.add_review_request = ha sol·licitat una revisió de %[1]s %[2]s
+issues.review.add_review_requests = ha sol·licitat revisions de %[1]s %[2]s
+issues.review.remove_review_request = ha eliminat la sol·licitud de revisió per a %[1]s %[2]s
+issues.review.remove_review_requests = ha eliminat les sol·licituds de revisió per a %[1]s %[2]s
+issues.review.option.show_outdated_comments = Mostra els comentaris antics
+issues.review.option.hide_outdated_comments = Amaga els comentaris antics
+issues.review.show_outdated = Mostrar antics
+issues.review.hide_outdated = Amagar antics
+issues.review.show_resolved = Mostrar resolts
+issues.review.hide_resolved = Amagar resolts
+issues.review.resolve_conversation = Resol la conversa
+issues.review.un_resolve_conversation = Desfés la resolució de la conversa
+issues.review.resolved_by = ha marcat aquesta conversa com a resolta
+issues.content_history.delete_from_history = Eliminar de la història
+issues.content_history.delete_from_history_confirm = Eliminar de la història?
+issues.blocked_by_user = No podeu crear problemes en aquest repositori perquè el seu propietari us ha bloquejat.
+comment.blocked_by_user = No podeu fer comentaris perquè el propietari o autor del repositori us ha bloquejat.
+pulls.filter_branch = Filtra branca
+pulls.showing_only_single_commit = Només es mostren els canvis del commit %[1]s
+pulls.showing_specified_commit_range = Només es mostren els canvis entre %[1]s..%[2]s
+pulls.tab_files = Fitxers modificats
+pulls.title_wip_desc = `<a href="#">Comença el títol amb <strong>%s</strong></a> per evitar que la «pull request» sigui fusionada accidentalment.`
+pulls.add_prefix = Afegeix el prefix <strong>%s</strong>
+pulls.ready_for_review = A punt per revisar?
+pulls.remove_prefix = Elimina el prefix <strong>%s</strong>
+pulls.required_status_check_failed = Algunes comprovacions no han sigut satisfactòries.
+pulls.required_status_check_missing = Falten algunes comprovacions.
+pulls.wrong_commit_id = L'ID del commit ha d'ésser a la branca objectiu
+blame_prior = Veure el «blame» anterior a aquest canvi
+blame.ignore_revs = S'ignoren les revisions a <a href="%s">.git-blame-ignore-revs</a>. Fes clic <a href="%s">aquí per veure-les</a>.
+blame.ignore_revs.failed = No s'han pogut ignorar les revisions a <a href="%s">.git-blame-ignore-revs</a>.
+commit_graph = Gràfic de commits
+commit.contained_in = Aquest commit és a:
+no_eol.text = Sense EOL
+editor.commit_signed_changes = Fes un commit signat dels canvis
+editor.commit_changes = Fes un commit dels canvis
+editor.add_tmpl.filename = nom del fitxer
+editor.patch = Aplicar pedaç
+editor.patching = Aplicant el pedaç a:
+editor.cherry_pick = Triar a dit %s a:
+commit.cherry-pick = Triar a dit
+commit.cherry-pick-header = Triar a dit: %s
+commit.cherry-pick-content = Seleccioneu una branca per triar-hi:
+issues.filter_sort.mostforks = Més bifurcacions
+issues.filter_sort.fewestforks = Menys bifurcacions
+issues.label_exclusive_desc = Doneu nom a <code>l'àmbit/ítem</code> de l'etiqueta per fer-la mútuament exclusiva amb altres <code>àmbits/</code> etiquetes.
+issues.label_exclusive_warning = Qualsevol etiqueta amb àmbits conflictius s'esborrarà quan s'editin les etiquetes d'un problema o «pull request».
+issues.dependency.pr_no_dependencies = No s'ha establert cap dependència.
+issues.dependency.remove_header = Eliminar dependència
+issues.dependency.issue_remove_text = Això eliminarà la dependència d'aquest problema. Continuar?
+issues.review.remove_review_request_self = ha rebutjat la revisió %s
+issues.review.add_remove_review_requests = ha demanat la revisió a %[1]s i ha eliminat les peticions de revisió a %[2]s %[3]s
+issues.review.pending.tooltip = Actualment, la resta d'usuaris no poden veure aquest comentari. Per a publicar els comentaris pendents, selecciona "%s" -> "%s/%s/%s" més amunt.
+issues.review.outdated_description = El contingut ha canviat des que es va publicar aquest comentari
+issues.summary_card_alt = Targeta de resum d'un problema titulat "%s" al repositori %s
+pulls.edit.already_changed = No s'han pogut desar els canvis a la «pull request». Sembla que un altre usuari n'ha modificat el contingut. Si us plau, refresqueu la pàgina i intenteu-ho un altre cop per evitar reescriure els seus canvis
+pulls.viewed_files_label = s'ha revisat %[1]d / %[2]d fitxers
+pulls.still_in_progress = Encara hi treballeu?
+pulls.data_broken = Aquesta «pull request» és malmesa perquè hi falta la informació de la bifurcació.
+pulls.rebase_merge_commit_pull_request = Fes «rebase» i després el commit de fusió
+pulls.squash_merge_pull_request = Fes un «squash commit»
+pulls.rebase_conflict = La fusió ha fallat: Hi ha hagut un conflicte mentre es feia el «rebase» del commit: %[1]s. Consell: Intenteu una altra estratègia
+pulls.unrelated_histories = La fusió ha fallat: El cap (head) de la fusió i la base no tenen una història comú. Consell: Intenteu una altra estratègia
+pulls.merge_out_of_date = La fusió ha fallat: La base s'ha actualitzat mentre es generava la fusió. Consell: Torneu-ho a intentar.
+pulls.head_out_of_date = La fusió ha fallat: El cap (head) s'ha actualitzat mentre es generava la fusió. Consell: Torneu-ho a intentar.
+pulls.has_merged = Fallit: La «pull request» ja s'ha fusionat, no podeu fusionar-la de nou ni canviar la branca objectiu.
+pulls.push_rejected = La pujada ha fallat: La pujada (push) s'ha rebutjat. Revisa els ganxos Git d'aquest repositori.
+pulls.push_rejected_summary = Missatge complet del rebuig
+pulls.push_rejected_no_message = La pujada ha fallat: La pujada (push) s'ha rebutjat però no hi havia un missatge remot. Revisa els ganxos Git d'aquest repositori
+pulls.open_unmerged_pull_exists = `No podeu reobrir perquè hi ha una «pull request» pendent (#%d) amb les mateixes característiques.`
+pulls.status_checking = Hi ha algunes comprovacions pendents
+pulls.status_checks_success = Totes les comprovacions s'han resolt
+pulls.status_checks_warning = Algunes comprovacions tenen advertències
+pulls.status_checks_failure = Algunes comprovacions han fallat
+pulls.status_checks_error = Algunes comprovacions han donat errors
+pulls.status_checks_hide_all = Amaga totes les comprovacions
+pulls.status_checks_show_all = Mostra totes les comprovacions
+pulls.update_branch = Actualitza la branca fusionant
+pulls.update_branch_rebase = Actualitza la branca fent «rebase»
+pulls.update_branch_success = S'ha actualitzat la branca correctament
+pulls.update_not_allowed = No teniu permisos per actualitzar la branca
+pulls.outdated_with_base_branch = Aquesta branca està desactualitzada amb la branca base
+pulls.close = Tancar «pull request»
+pulls.closed_at = `ha tancat aquesta «pull request» %s`
+pulls.reopened_at = `ha reobert aquesta «pull request» %s`
+pulls.commit_ref_at = `ha fet referència a aquesta «pull request» des d'un commit %s`
+pulls.cmd_instruction_hint = Veure les instruccions de la línia de comandes
+pulls.cmd_instruction_merge_desc = Fusionar els canvis i actualitzar-los a Forgejo.
+pulls.cmd_instruction_merge_warning = <b>Atenció:</b> La configuració de "Detecta automàticament la fusió manual" no està activa en aquest repositori, haureu de marcar després aquesta «pull request» com a fusionada manualment.
+pulls.clear_merge_message = Neteja el missatge de fusió
+pulls.clear_merge_message_hint = Netejar el missatge de fusió només esborrarà el contingut del missatge de commit i mantindrà la firma generada de git com "Co-Authored-By …".
+pulls.reopen_failed.head_branch = La «pull request» no es pot reobrir perquè el cap (head) de la branca ja no existeix.
+pulls.reopen_failed.base_branch = La «pull request» no es pot reobrir perquè la base de la branca ja no existeix.
+pulls.rebase_merge_pull_request = Canvia de base i avança ràpid
+pulls.fast_forward_only_merge_pull_request = Només avança ràpid
+pulls.cmd_instruction_checkout_title = Canviar branca
+pulls.filter_changes_by_commit = Filtrar per commit
+pulls.cmd_instruction_checkout_desc = Des del repositori del vostre projecte, canvia a una nova branca i comprova els canvis.
+pulls.agit_explanation = Creat amb el flux de treball d'AGit. L'AGit permet que els contribuents proposin canvis amb "git push" sense crear una bifurcació o branca.
+pulls.editable = Editable
+pulls.editable_explanation = Els mantenidors poden editar aquesta «pull request». Podeu editar-la directament.
+pulls.auto_merge_button_when_succeed = (Quan les comprovacions siguin satisfactòries)
+pulls.auto_merge_when_succeed = Fusiona automàticament quan totes les comprovacions siguin satisfactòries
+pulls.auto_merge_newly_scheduled = S'ha programat la «pull request» per a ser fusionada quan totes les comprovacions siguin satisfactòries.
+pulls.auto_merge_has_pending_schedule = %[1]s ha programat aquesta «pull request» per a ser fusionada quan totes les comprovacions siguin satisfactòries %[2]s.
+pulls.auto_merge_cancel_schedule = Cancel·la la fusió automàtica
+pulls.auto_merge_not_scheduled = Aquesta «pull request» no es fusionarà automàticament.
+pulls.auto_merge_canceled_schedule = S'ha cancel·lat la fusió automàtica per a aquesta «pull request».
+pulls.auto_merge_newly_scheduled_comment = `ha programat aquesta «pull request» per a ser fusionada quan totes les comprovacions siguin satisfactòries. %[1]s`
+pulls.auto_merge_canceled_schedule_comment = `ha cancel·lat la fusió automàtica d'aquesta «pull request» quan totes les comprovacions siguin satisfactòries %[1]s`
+pulls.delete_after_merge.head_branch.is_default = La branca cap (head) que voleu eliminar és la branca predeterminada i no es pot eliminar.
+pulls.delete_after_merge.head_branch.is_protected = La branca cap (head) que voleu eliminar està protegida i no es pot eliminar.
+pulls.delete_after_merge.head_branch.insufficient_branch = No teniu permisos per eliminar la branca cap (head).
+pulls.delete.title = Eliminar aquesta «pull request»?
+pulls.delete.text = Realment voleu eliminar aquesta «pull request»? (Això eliminarà permanentment tot el contingut. Considereu millor tancar-la, si la voleu arxivar)
+pulls.recently_pushed_new_branches = Heu pujat a la branca <a href="%[3]s"><strong>%[1]s</strong></a> %[2]s
+comments.edit.already_changed = No s'han pogut desar els canvis al comentari. Sembla que un altre usuari n'ha modificat el contingut. Si us plau, refresqueu la pàgina i intenteu-ho un altre cop per evitar reescriure els seus canvis
+milestones.new = Nova fita
+milestones.closed = Tancat %s
+milestones.update_ago = Actualitzat %s
+milestones.no_due_date = Sense data de venciment
+milestones.new_subheader = Les fites us poden ajudar a organitzar els problemes i fer-ne el seguiment.
+milestones.completeness = <strong>%d%%</strong> Completat
+milestones.create = Crear fita
+milestones.due_date = Data de venciment (opcional)
+milestones.invalid_due_date_format = El format de la data de venciment ha de ser "aaaa-mm-dd".
+milestones.create_success = S'ha creat la fita "%s".
+milestones.edit = Editar fita
+milestones.edit_subheader = Les fites organitzen els problemes i en fan el seguiment.
+milestones.modify = Actualitzar fita
+milestones.edit_success = S'ha actualitzat la fita "%s".
+milestones.deletion = Eliminar fita
+milestones.deletion_desc = Eliminar una fita n'esborra tots els problemes. Continuar?
+milestones.deletion_success = S'ha eliminat la fita.
+milestones.filter_sort.name = Nom
+milestones.filter_sort.earliest_due_data = A prop de la data de venciment
+milestones.filter_sort.latest_due_date = Lluny de la data de venciment
+milestones.filter_sort.least_complete = Menys completa
+milestones.filter_sort.most_complete = Més completa
+default_branch_helper = La branca per defecte és la branca base pels pull requests i els commits.
+file_follow = Seguir symlink
+escape_control_characters = 
+commits.signed_by_untrusted_user_unmatched = Signat per un usuari no fiable que no coincideix amb qui ha fet el commit
+projects.new_subheader = Coordineu, feu el seguiment i actualitzeu la vostra feina en un sol lloc, perquè els projectes siguin transparents i compleixin els terminis.
+projects.type.bug_triage = Triatge d'errors
+projects.column.set_default = Estableix per defecte
+projects.column.assigned_to = Assignat a
+issues.filter_sort.mostcomment = Més comentat
 
 [user]
 unblock = Desbloquejar
@@ -1686,6 +2185,7 @@ public_activity.visibility_hint.admin_private = Aquesta activitat és visible pe
 public_activity.visibility_hint.self_private_profile = La vostra activitat és visible només per vós i pels administradors de la instància perquè el vostre perfil és privat. <a href="%s">Configurar</a>.
 change_avatar = Canvieu el vostre avatar…
 joined_on = S'ha unit el %s
+starred = Repositoris destacats
 
 [git.filemode]
 executable_file = Fitxer executable
@@ -1750,6 +2250,14 @@ teams.add_team_member = Afegir un membre a l'equip
 teams.invite_team_member = Convidar a %s
 teams.invite_team_member.list = Invitacions pendents
 teams.delete_team_title = Eliminar l'equip
+org_desc = Descripció
+team_desc = Descripció
+team_name = Nom de l'equip
+lower_members = membres
+members = Membres
+teams = Equips
+code = Codi
+lower_repositories = repositoris
 
 [admin]
 dashboard.cron.finished = Cron: %[1]s ha finalitzat
@@ -1761,4 +2269,59 @@ dashboard.delete_missing_repos = Suprimir tots els repositoris que no tinguin el
 dashboard.delete_missing_repos.started = S'ha iniciat la tasca per suprimir tots els repositoris que no tinguin els fitxers de Git.
 dashboard.update_mirrors = Actualitzar les rèpliques
 dashboard.archive_cleanup = Suprimir els arxius de repositori antics
-dashboard.memory_allocate_times = Assignacions de memòria
\ No newline at end of file
+dashboard.memory_allocate_times = Assignacions de memòria
+orgs.name = Nom
+orgs.teams = Equips
+repos.name = Nom
+repos.issues = Problemes
+repos.size = Mida
+auths.name = Nom
+config.db_name = Nom
+config.mailer_name = Nom
+monitor.name = Nom
+monitor.queue.name = Nom
+notices.type = Tipus
+monitor.queue.type = Tipus
+config.db_type = Tipus
+auths.type = Tipus
+packages.type = Tipus
+packages.repository = Repositori
+notices.type_1 = Repositori
+packages.size = Mida
+auths.enabled = Habilitat
+config.ssh_enabled = Habilitat
+config.lfs_enabled = Habilitat
+config.mailer_enabled = Habilitat
+config.db_host = Amfitrió
+auths.host = Amfitrió
+auths.port = Port
+config.ssh_port = Port
+users.name = Nom d'usuari
+emails.filter_sort.name = Nom d'usuari
+config.db_user = Nom d'usuari
+config.db_schema = Esquema
+config.db_ssl_mode = SSL
+config.db_path = Camí
+users.full_name = Nom complet
+users.activated = Activat
+emails.activated = Activat
+emails.filter_sort.email = Correu electrònic
+users.admin = Administrador
+users.list_status_filter.is_admin = Administrador
+notices.desc = Descripció
+packages.name = Nom
+packages.version = Versió
+orgs.members = Membres
+orgs.new_orga = Nova organització
+repositories = Repositoris
+hooks = Webhooks
+
+[actions]
+runners.name = Nom
+runners.owner_type = Tipus
+runners.task_list.repository = Repositori
+runners.task_list.commit = Commit
+runs.commit = Commit
+runners.description = Descripció
+runners.labels = Etiquetes
+runners.version = Versió
\ No newline at end of file
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 2ce02fb8bd..b61a852f76 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -1564,7 +1564,7 @@ issues.ref_reopening_from=`<a href="%[2]s">referenzierte dieses Issue aus einem
 issues.ref_from=`von %[1]s`
 issues.author=Autor
 issues.role.owner=Besitzer
-issues.role.owner_helper=Dieser Benutzer ist der Besitzer dieses Repositorys.
+issues.role.owner_helper=Dieser Benutzer ist ein Besitzer dieses Repositorys.
 issues.role.member=Mitglied
 issues.role.member_helper=Dieser Benutzer ist Mitglied der Organisation, die dieses Repository besitzt.
 issues.role.collaborator=Mitarbeiter
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index dd3dc4619e..50b5c36651 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -897,7 +897,7 @@ create_oauth2_application_button=Δημιουργία εφαρμογής
 create_oauth2_application_success=Δημιουργήσατε επιτυχώς μια νέα εφαρμογή OAuth2.
 update_oauth2_application_success=Ενημερώσατε την εφαρμογή OAuth2 επιτυχώς.
 oauth2_application_name=Όνομα εφαρμογής
-oauth2_confidential_client=Εμπιστευτικός πελάτης (client). Επιλέξτε το για εφαρμογές που διατηρούν το μυστικό κωδικό κρυφό, όπως π.χ. εφαρμογές ιστού. Μην επιλέγετε για εγγενείς εφαρμογές, συμπεριλαμβανομένων εφαρμογών επιφάνειας εργασίας και εφαρμογών για κινητά.
+oauth2_confidential_client=Εμπιστευτικός πελάτης (client). Επιλέξτε το για εφαρμογές που διατηρούν το μυστικό κωδικό κρυφό, όπως π.χ. εφαρμογές ιστού. Μην επιλέγετε για εγγενείς εφαρμογές, συμπεριλαμβανομένων εφαρμογών για υπολογιστές και για κινητά.
 oauth2_redirect_uris=URI Ανακατεύθυνσης. Χρησιμοποιήστε μια νέα γραμμή για κάθε URI.
 save_application=Αποθήκευση
 oauth2_client_id=Ταυτότητα Πελάτη
@@ -1565,7 +1565,7 @@ issues.ref_reopening_from=`<a href="%[2]s">αναφέρθηκε σε αυτό τ
 issues.ref_from=`από %[1]s`
 issues.author=Συγγραφέας
 issues.role.owner=Ιδιοκτήτης
-issues.role.owner_helper=Αυτός ο χρήστης είναι ο ιδιοκτήτης αυτού του αποθετηρίου.
+issues.role.owner_helper=Αυτός ο χρήστης είναι ένας ιδιοκτήτης αυτού του αποθετηρίου.
 issues.role.member=Μέλος
 issues.role.member_helper=Αυτός ο χρήστης είναι μέλος του οργανισμού, του οποίου ανήκει το repository.
 issues.role.collaborator=Συνεργάτης
@@ -2895,7 +2895,7 @@ teams.invite.title=Έχετε προσκληθεί να συμμετάσχετε
 teams.invite.by=Προσκλήθηκε από %s
 teams.invite.description=Παρακαλώ κάντε κλικ στον παρακάτω σύνδεσμο για συμμετοχή στην ομάδα.
 follow_blocked_user = Δεν μπορείτε να ακολουθήσετε τον οργανισμό, επειδή σας έχει αποκλείσει.
-open_dashboard = Δημιουργία πίνακα δραστηριότητας
+open_dashboard = Άνοιγμα πίνακα ελέγχου
 settings.change_orgname_redirect_prompt.with_cooldown.one = Το παλιό όνομα οργανισμού θα είναι διαθέσιμο σε όλους μετά από καθυστέρηση %[1]d ημέρας. Μπορείτε ακόμα να ανακτήσετε το παλιό όνομα κατά τη διάρκεια αυτής.
 settings.change_orgname_redirect_prompt.with_cooldown.few = Το παλιό όνομα οργανισμού θα είναι διαθέσιμο σε όλους μετά από καθυστέρηση %[1]d ημερών. Μπορείτε ακόμα να ανακτήσετε το παλιό όνομα κατά τη διάρκεια αυτής.
 
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 81835db5e8..ef6d794ffc 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -789,7 +789,7 @@ add_email_success=La nueva dirección de correo electrónico ha sido añadida.
 email_preference_set_success=La preferencia de correo electrónico se ha establecido correctamente.
 add_openid_success=La nueva dirección OpenID ha sido añadida.
 keep_email_private=Ocultar dirección de correo electrónico
-keep_email_private_popup=Su dirección de correo electrónico no se mostrará en su perfil y no será la predeterminada para las confirmaciones realizadas a través de la interfaz web, como las subidas de archivos, las ediciones y las confirmaciones de fusión. En su lugar, se utilizará una dirección especial %s para vincular las confirmaciones a tu cuenta. Esta opción no afectará a las confirmaciones existentes.
+keep_email_private_popup=La dirección de correo electrónico no se mostrará en el perfil y no será la predeterminada para las confirmaciones realizadas a través de la interfaz web, como las subidas de archivos, las ediciones y las confirmaciones de fusión. En su lugar, se utilizará una dirección especial %s para vincular las confirmaciones a la cuenta. Esta opción no afectará a las confirmaciones existentes.
 openid_desc=OpenID le permite delegar la autenticación a un proveedor externo.
 
 manage_ssh_keys=Gestionar claves SSH
@@ -1564,7 +1564,7 @@ issues.ref_reopening_from=`<a href="%[2]s">hizo referencia a esta incidencia des
 issues.ref_from=`de %[1]s`
 issues.author=Autor
 issues.role.owner=Propietario
-issues.role.owner_helper=Este usuario es el dueño de este repositorio.
+issues.role.owner_helper=Este usuario es propietario de este repositorio.
 issues.role.member=Miembro
 issues.role.member_helper=Este usuario es miembro de la organización propietaria de este repositorio.
 issues.role.collaborator=Colaborador
@@ -2289,7 +2289,7 @@ settings.packagist_api_token=Token de API
 settings.packagist_package_url=URL del paquete Packagist
 settings.deploy_keys=Claves de implementación
 settings.add_deploy_key=Añadir clave de implementación
-settings.deploy_key_desc=Las claves de implementación tienen acceso de sólo lectura al repositorio.
+settings.deploy_key_desc=Las claves de implementación pueden tener acceso de sólo lectura o lectura y escritura  al repositorio.
 settings.is_writable=Habilitar acceso de escritura
 settings.is_writable_info=Permitir que esta clave de implementación pueda hacer <strong>push</strong> a este repositorio.
 settings.no_deploy_keys=Aún no existen claves de implementación.
@@ -2743,7 +2743,7 @@ sync_fork.branch_behind_few = Esta rama está %[1]d confirmaciones detrás de %[
 migrate.repo_desc_helper = Deje vacío para importar la descripción existente
 commits.view_single_diff = Ver los cambios introducidos por la confirmación para este archivo
 issues.filter_type.all_pull_requests = Todas las solicitudes de incorporación de cambios
-issues.reaction.alt_many = %[1]s y %[2]d más reaccionaron %[3]s.
+issues.reaction.alt_many = %[1]s y %[2]d reaccionaron más que %[3]s.
 comment.blocked_by_user = No es posible comentar porque ha sido bloqueado por el dueño del repositorio o el autor.
 issues.summary_card_alt = El resumen de la incidencia titulada "%s" en el repositorio %s
 pulls.editable_explanation = Esta incorporación de cambios permite ediciones de mantenedores. Tu puedes contribuir directamente a ella.
@@ -2753,6 +2753,9 @@ settings.default_update_style_desc = El modo por defecto utilizado para actualiz
 settings.wiki_branch_rename_success = La wiki de la rama del repositorio ha sido normalizada correctamente.
 settings.wiki_branch_rename_failure = Hubo un error al normalizar el nombre de la rama de la wiki del repositorio.
 release.hide_archive_links_helper = Ocultar el archivo de código generado automáticamente de este lanzamiento. Por ejemplo, si estás subiendo el tuyo propio.
+settings.event_action_recover = Recuperar
+settings.event_action_success = Éxito
+settings.event_action_success_desc = La ejecución de la acción se ejecutó con éxito.
 
 [graphs]
 component_loading = Cargando %s…
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 5f4ca4dbc2..dba10fcfa1 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -1057,7 +1057,7 @@ desc.private=Yksityinen
 desc.public=Julkinen
 desc.template=Mallipohja
 desc.internal=Sisäinen
-desc.archived=Arkistoidut
+desc.archived=Arkistoitu
 
 template.git_hooks=Git-koukut
 template.webhooks=Webkoukut
@@ -1270,7 +1270,7 @@ issues.reopen_comment_issue=Kommentoi ja avaa uudelleen
 issues.create_comment=Kommentoi
 issues.closed_at=`sulki tämän tukipyynnön %s`
 issues.reopened_at=`avasi tämän tukipyynnön uudelleen %s`
-issues.commit_ref_at=`viittasi tähän tukipyyntöön sitoumuksesta %s`
+issues.commit_ref_at=`viittasi tähän ongelmaan kommitista %s`
 issues.author=Tekijä
 issues.role.owner=Omistaja
 issues.role.member=Jäsen
@@ -2146,7 +2146,7 @@ issues.add_label = lisäsi nimilapun %s %s
 issues.due_date_added = lisäsi eräpäivän %s %s
 issues.review.add_review_request = pyysi katselmointia käyttäjältä %[1]s %[2]s
 issues.ref_pull_from = `<a href="%[2]s">viittasi tähän vetopyyntöön %[3]s</a> %[1]s`
-pulls.commit_ref_at = `viittasi tähän vetopyyntöön sitoumuksesta %s`
+pulls.commit_ref_at = `viittasi tähän vetopyyntöön kommitista %s`
 issues.review.comment = katselmoi %s
 issues.add_labels = lisäsi nimilaput %s %s
 issues.review.add_review_requests = pyysi katselmointeja käyttäjiltä %[1]s %[2]s
@@ -2329,7 +2329,7 @@ pulls.status_checks_warning = Jotkin tarkistukset raportoivat varoituksia
 pulls.status_checks_error = Jotkin tarkistukset raportoivat virheitä
 pulls.reopened_at = `avasi tämän vetopyynnön uudelleen %s`
 pulls.auto_merge_when_succeed = Yhdistä automaatisesti kun kaikki tarkistukset onnistuvat
-signing.wont_sign.error = Tapahtui virhe tarkistettaessa, voiko sitoumus allekirjoittaa.
+signing.wont_sign.error = Tapahtui virhe tarkistettaessa, voiko kommitin allekirjoittaa.
 signing.wont_sign.twofa = Sinulla tulee olla kaksivaiheinen todennus käytössä, jotta kommitit voi allekirjoittaa.
 pulls.data_broken = Tämä vetopyyntö on rikki johtuen puuttuvasta forkkitiedosta.
 pulls.files_conflicted = Tämä vetopyyntö sisältää muutoksia, jotka ovat ristiriidassa kohdehaaran kanssa.
@@ -2569,6 +2569,17 @@ activity.title.issues_closed_from = %s sulkenut %s
 settings.protected_branch_duplicate_rule_name = Tälle joukolle haaroja on jo olemassa sääntö
 issues.filter_assginee_no_assignee = Ei käsittelijää
 issues.action_assignee_no_select = Ei käsittelijää
+issues.ref_closing_from = `<a href="%[2]s">viittasi tähän ongelmaan vetopyynnöstä %[3]s, joka sulkee ongelman</a>, %[1]s`
+issues.ref_reopening_from = `<a href="%[2]s">viittasi tähän ongelmaan vetopyynnöstä %[3]s, joka avaa ongelman uudelleen</a>, %[1]s`
+release.releases_for = Projektin %s julkaisut
+release.tags_for = Projektin %s tagit
+settings.wiki_branch_rename_success = Tietovaraston wikin haaranimi on normalisoitu onnistuneesti.
+settings.wiki_branch_rename_failure = Tietovaraston wikin haaranimen normalisointi epäonnistui.
+pulls.editable = Muokattavissa
+issues.dependency.no_permission_1 = Sinulla ei ole oikeutta lukea %d riippuvuutta
+issues.dependency.no_permission_n = Sinulla ei ole oikeutta lukea %d riippuvuutta
+issues.lock_no_reason = lukitsi ja rajoitti keskustelun avustajille %s
+commit.contained_in = Tämä kommitti sisältyy haaraan:
 
 
 
@@ -2695,6 +2706,8 @@ settings.change_orgname_redirect_prompt.with_cooldown.one = Vanha organisaation
 settings.change_orgname_redirect_prompt.with_cooldown.few = Vanha organisaation nimi on kenen tahansa saatavilla %[1]d päivän suojaamisjakson jälkeen. Voit palauttaa organisaation nimen itsellesi suojaamisjakson aikana.
 teams.all_repositories_helper = Tiimillä on pääsy kaikkiin tietovarastoihin. Tämän valitseminen <strong>lisää kaikki olemassa olevat</strong> tietovarastot tiimiin.
 settings.labels_desc = Lisää nimilappuja, joita voi käyttää tämän organisaation <strong>kaikkien tietovarastojen</strong> ongelmissa.
+teams.invite_team_member = Kutsu tiimiin %s
+teams.general_access_helper = Jäsenten oikeudet päätetään alla olevan käyttöoikeustaulun perusteella.
 
 [admin]
 dashboard=Kojelauta
@@ -3343,6 +3356,8 @@ runs.no_runs = Työnkululla ei ole vielä suorituksia.
 variables.not_found = Muuttujaa ei löytynyt.
 runs.no_workflows.help_write_access = Etkö tiedä, miten aloittaa Forgejo Actionsin käyttö? Lue <a target="_blank" rel="noopener noreferrer" href="%s">pikaopas</a> kirjoittaaksesi ensimmäisen työnkulun, sen jälkeen <a target="_blank" rel="noopener noreferrer" href="%s">määritä Forgejo-ajaja</a> suorittamaan asettamiasi töitä.
 runs.status_no_select = Kaikki tilat
+workflow.dispatch.success = Työnkulun suoritusta pyydettiin onnistuneesti.
+workflow.dispatch.trigger_found = Tällä työnkululla on <c>workflow_dispatch</c>-tapahtumaliipaisin.
 
 
 
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 6557e4d7b5..0dfafc2fb4 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -1566,7 +1566,7 @@ issues.ref_reopening_from=`<a href="%[2]s">a référencé ce ticket dans une pul
 issues.ref_from=`de %[1]s`
 issues.author=Auteur
 issues.role.owner=Propriétaire
-issues.role.owner_helper=Cet utilisateur est le propriétaire de ce dépôt.
+issues.role.owner_helper=Cet utilisateur est propriétaire de ce dépôt.
 issues.role.member=Membre
 issues.role.member_helper=Cet utilisateur est membre de l’organisation propriétaire de ce dépôt.
 issues.role.collaborator=Collaborateur
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index b9983c6422..8a20246fe0 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -786,7 +786,7 @@ ssh_helper=<strong> Hai bisogno di aiuto?</strong> Dai un'occhiata alla guida pe
 gpg_helper=<strong>Hai bisogno di aiuto?</strong> Dai un'occhiata alla guida di GitHub <a href="%s">riguardo il GPG</a>.
 key_content_ssh_placeholder=Inizia con "ssh-ed25519", "ssh-rsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "sk-ecdsa-sha2-nistp256@openssh.com", o "sk-ssh-ed25519@openssh.com"
 key_content_gpg_placeholder=Inizia con "-----BEGIN PGP PUBLIC KEY BLOCK-----"
-add_new_principal=Aggiungi Principal
+add_new_principal=Aggiungi principale
 ssh_key_been_used=Questa chiave SSH è già stata aggiunta al server.
 ssh_key_name_used=Una chiave SSH con lo stesso nome esiste già sul tuo account.
 ssh_principal_been_used=Questa chiave SSH è già stata aggiunta al server.
@@ -942,7 +942,7 @@ change_username_redirect_prompt = Il tuo vecchio nome utente sarà reindirizzato
 permissions_public_only = Solo pubblico
 profile_desc = Su di te
 email_desc = Il tuo indirizzo email principale sarà usato per inviarti notifiche, ripristino di password e, se non è stato nascosto, per le operazioni Git effettuate da web.
-add_email_confirmation_sent = Una email di conferma è stata inviata a "%s". Verifica la posta in arrivo entro %s per confermare il tuo indirizzo email.
+add_email_confirmation_sent = Una email di conferma è stata inviata a "%s". Controlla la posta in arrivo e utilizza il link fornito entro %s per verificare il tuo indirizzo email.
 hidden_comment_types_description = I tipi di commenti spuntati qui non saranno mostrati nelle pagine delle segnalazioni. Per esempio, spuntare "Etichetta" rimuove tutti i commenti "<utente> ha aggiunto/rimosso <etichetta>".
 hidden_comment_types.ref_tooltip = Commenti in cui questa segnalazione è stata citata da un'altra segnalazione/commit/…
 verify_ssh_key_success = La chiave SSH "%s" è stata verificata.
@@ -2380,7 +2380,7 @@ admin.failed_to_replace_flags = Impossibile sostituire flag del repositorio
 admin.flags_replaced = Flag del repositorio sostituite
 fork_branch = Ramo da clonare sulla derivazione
 fork_no_valid_owners = Questo repositorio non può essere derivato perché non ci sono proprietari validi.
-mirror_address_url_invalid = L'URL fornito è invalido. Devi eseguire l'escape di tutti i componenti dell'URL correttamente.
+mirror_address_url_invalid = L'URL fornito è invalido. Verifica che tutti i componenti dell'URL siano correttamente inseriti tra virgolette.
 mirror_address_protocol_invalid = L'URL fornito è invalido. Solo posizioni http(s):// o git:// possono essere usate come specchio.
 stars_remove_warning = Questo rimuoverà tutte le stelle da questo repositorio.
 blame.ignore_revs = Le revisioni in <a href="%s">.git-blame-ignore-revs</a> sono ignorate. Clicca <a href="%s">qui per bypassare</a> e vedere la vista incolpa normale.
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index d1cc477b3b..7c66d45726 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -194,6 +194,15 @@ buttons.enable_monospace_font=等幅フォントを有効にする
 buttons.disable_monospace_font=等幅フォントを無効にする
 buttons.unindent.tooltip = アイテムを1つずつネストの解除をする
 buttons.indent.tooltip = アイテムを1つずつネストする
+buttons.new_table.tooltip = テーブル追加
+table_modal.header = テーブル追加
+table_modal.placeholder.header = ヘッダー
+table_modal.label.rows = 行
+table_modal.label.columns = 列
+link_modal.header = リンク追加
+link_modal.url = Url
+link_modal.description = 説明
+link_modal.paste_reminder = ヒント: クリップボードに URL があれば、エディターに直接貼り付けてリンクを作成できます。
 
 [filter]
 string.asc=A - Z
@@ -215,6 +224,7 @@ lightweight=軽量
 lightweight_desc=Forgejo の最小動作要件は小さくて、安価な Raspberry Pi でも動きます。エネルギー消費を節約しましょう!
 license=オープンソース
 license_desc=Go get <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! 私たちと一緒にこのプロジェクトをより良くしていくために、何か<a target="_blank" rel="noopener noreferrer" href="%[2]s">貢献</a>してみませんか。 些細なことでも大丈夫! 積極的にお願いします!
+platform_desc = ForgejoはLinuxやFreeBSDなどのオープンソースOS、さまざまなCPUアーキテクチャで動作することが確認されています。お気に入りの環境を選んでください！
 
 [install]
 install=インストール
@@ -439,6 +449,7 @@ unauthorized_credentials = 資格情報が正しくないか、期限が切れ
 sign_up_button = 今すぐ登録して下さい。
 hint_login = すでにアカウントをお持ちですか? <a href="%s">今すぐサインイン!</a>
 hint_register = アカウントが必要ですか? <a href="%s">今すぐ登録してください。</a>
+use_onetime_code = ワンタイムコードを使用する
 
 [mail]
 view_it_on=%s で見る
@@ -667,6 +678,7 @@ following.title.one = フォロー中
 following.title.few = フォロー中
 followers.title.one = フォロワー
 followers.title.few = フォロワー
+public_activity.visibility_hint.self_private_profile = あなたのプロフィールは非公開のため、あなたのアクティビティはあなたとインスタンス管理者にのみ表示されます。<a href="%s">設定</a>。
 
 [settings]
 profile=プロフィール
@@ -688,7 +700,7 @@ webauthn=2要素認証 (セキュリティキー)
 public_profile=公開プロフィール
 biography_placeholder=自己紹介してください！(Markdownを使うことができます)
 location_placeholder=おおよその場所を他の人と共有
-profile_desc=あなたのプロフィールが他のユーザーにどのように表示されるかを制御します。あなたのプライマリメールアドレスは、通知、パスワードの回復、WebベースのGit操作に使用されます。
+profile_desc=あなたについて
 password_username_disabled=非ローカルユーザーのユーザー名は変更できません。詳細はサイト管理者にお問い合わせください。
 full_name=フルネーム
 website=Webサイト
@@ -749,7 +761,7 @@ manage_emails=メールアドレスの管理
 manage_themes=デフォルトテーマ
 manage_openid=OpenIDアドレス
 email_desc=プライマリメールアドレスは、通知、パスワードの回復、さらにメールアドレスを隠さない場合は、WebベースのGit操作にも使用されます。
-theme_desc=この設定がサイト全体のデフォルトのテーマとなります。
+theme_desc=このテーマは、ログイン時のWebインターフェースで使用されます。
 primary=プライマリー
 activated=アクティベート済み
 requires_activation=アクティベーションが必要
@@ -759,7 +771,7 @@ activations_pending=アクティベーション待ち
 can_not_add_email_activations_pending=保留中のアクティベーションがあります。新しいメールを追加する場合は、数分後にもう一度お試しください。
 delete_email=削除
 email_deletion=メールアドレスの削除
-email_deletion_desc=メールアドレスと関連情報をアカウントから削除します。 このメールアドレスを使ったGitのコミットはそのまま残ります。 続行しますか？
+email_deletion_desc=メールアドレスと関連情報をアカウントから削除します。 このメールアドレスを使ったGitのコミットは変更されません。 続行しますか？
 email_deletion_success=メールアドレスを削除しました。
 theme_update_success=テーマを更新しました。
 theme_update_error=選択されたテーマが存在しません。
@@ -775,7 +787,7 @@ add_email_success=新しいメールアドレスを追加しました。
 email_preference_set_success=メール設定を保存しました。
 add_openid_success=新しいOpenIDアドレスを追加しました。
 keep_email_private=メールアドレスを隠す
-keep_email_private_popup=これにより、プロフィールからメールアドレスが非表示になります。ファイルのアップロードや編集など、ウェブインターフェース経由で行われるコミットのデフォルトとして使用されなくなり、マージコミットにも使用されません。代わりに、コミットをあなたのアカウントに関連付けるために特別なアドレス%sを使用できます。このオプションを変更しても、既存のコミットには影響しないことに注意してください。
+keep_email_private_popup=メールアドレスはプロフィールページに表示されず、ファイルアップロード、編集、マージコミットなどのWeb画面で行うコミットのデフォルトメールアドレスとしても使用されません。代わりに、コミットをユーザーアカウントに関連付けるために特別なアドレス %s が使用されます。この設定は既存のコミットに影響を与えません。
 openid_desc=OpenIDを使うと外部プロバイダーに認証を委任することができます。
 
 manage_ssh_keys=SSHキーの管理
@@ -959,7 +971,7 @@ visibility=ユーザーの公開範囲
 visibility.public=パブリック
 visibility.public_tooltip=全員に表示されます
 visibility.limited=限定
-visibility.limited_tooltip=認証されたユーザーのみに表示されます
+visibility.limited_tooltip=ログインしたユーザーのみに表示されます
 visibility.private=プライベート
 visibility.private_tooltip=あなたが参加した組織のメンバーのみに表示されます
 blocked_users_none = ブロックしているユーザーはいません。
@@ -980,6 +992,30 @@ keep_activity_private.description = <a href="%s">公開アクティビティ</a>
 language.description = この言語はアカウントに保存され、ログイン後にデフォルトとして使用されます。
 language.localization_project = Forgejo をあなたの言語に翻訳するのを手伝ってください。<a href="%s">詳細はこちら</a>。
 quota = クオータ
+keep_pronouns_private = 認証されたユーザーにのみ代名詞を表示する
+keep_pronouns_private.description = これにより、ログインしていないユーザーに対して代名詞が表示されなくなります。
+regenerate_token = 再生成
+access_token_regeneration = アクセストークンを再生成する
+access_token_regeneration_desc = トークンを再生成すると、そのトークンを使用しているアプリケーションからアカウントへのアクセスが取り消されます。この操作は元に戻せません。続行しますか？
+regenerate_token_success = トークンが再生成されました。このトークンを使用するアプリケーションはアカウントにアクセスできなくなったため、新しいトークンで更新する必要があります。
+user_block_yourself = 自分自身をブロックすることはできません。
+quota.applies_to_user = あなたのアカウントには以下の制限が適用されます
+quota.applies_to_org = この組織には以下の制限が適用されます
+quota.rule.exceeded = 超過
+quota.rule.exceeded.helper = このルールのオブジェクトの合計サイズが制限を超えました。
+quota.rule.no_limit = 無制限
+quota.sizes.repos.all = リポジトリ
+quota.sizes.repos.private = プライベートリポジトリ
+quota.sizes.repos.public = 公開リポジトリ
+ssh_token_help_ssh_agent = または、SSH エージェント (SSH_AUTH_SOCK 変数が設定されている) を使用している場合:
+quota.sizes.all = 全体
+quota.sizes.assets.attachments.all = 添付ファイル
+quota.sizes.assets.attachments.issues = イシュー添付ファイル
+quota.sizes.assets.attachments.releases = リリース添付ファイル
+quota.sizes.assets.packages.all = パッケージ
+quota.sizes.wiki = Wiki
+quota.sizes.assets.artifacts = アーティファクト
+storage_overview = ストレージ設定
 
 [repo]
 new_repo_helper=リポジトリには、プロジェクトのすべてのファイルとリビジョン履歴が入ります。 すでにほかの場所でホストしていますか？ <a href="%s">リポジトリを移行</a> もどうぞ。
@@ -1027,7 +1063,7 @@ object_format_helper=リポジトリのオブジェクトフォーマット。
 readme=README
 readme_helper=READMEファイル テンプレートを選択してください
 readme_helper_desc=プロジェクトについての説明をひととおり書く場所です。
-auto_init=リポジトリの初期設定 (.gitignore、ライセンスファイル、READMEファイルの追加)
+auto_init=リポジトリの初期設定
 create_repo=リポジトリを作成
 default_branch=デフォルトブランチ
 default_branch_label=デフォルト
@@ -1039,7 +1075,7 @@ mirror_interval_invalid=ミラー間隔が不正です。
 mirror_sync_on_commit=コミットがプッシュされたときに同期
 mirror_address=クローンするURL
 mirror_address_desc=必要な資格情報は「認証」セクションに設定してください。
-mirror_address_url_invalid=入力したURLは無効です。 URLの構成要素はすべて正しくエスケープする必要があります。
+mirror_address_url_invalid=入力したURLは無効です。 URLの構成要素はすべて正しくエスケープされていることを確認してください。
 mirror_address_protocol_invalid=入力したURLは無効です。 ミラーできるのは、http(s):// または git:// からだけです。
 mirror_lfs=Large File Storage (LFS)
 mirror_lfs_desc=LFS データのミラーリングを有効にする。
@@ -1135,7 +1171,7 @@ migrate.migrate_items_options=追加の項目を移行するにはアクセス
 migrated_from=<a href="%[1]s">%[2]s</a>から移行
 migrated_from_fake=%[1]sから移行
 migrate.migrate=%s からの移行
-migrate.migrating=<b>%s</b> から移行しています ...
+migrate.migrating=<b>%s</b> から移行しています …
 migrate.migrating_failed=<b>%s</b> からの移行が失敗しました。
 migrate.migrating_failed.error=移行に失敗しました: %s
 migrate.migrating_failed_no_addr=移行に失敗しました。
@@ -1442,7 +1478,7 @@ issues.remove_ref_at=`が参照 <b>%s</b> を削除 %s`
 issues.add_ref_at=`が参照 <b>%s</b> を追加 %s`
 issues.delete_branch_at=`がブランチ <b>%[1]s</b> を削除 %[2]s`
 issues.filter_label=ラベル
-issues.filter_label_exclude=`ラベルで除外するには <code>alt</code> + <code>click/enter</code>`
+issues.filter_label_exclude=ラベルを除外するには、<kbd>Alt</kbd> + <kbd>クリック</kbd> を使用します
 issues.filter_label_no_select=すべてのラベル
 issues.filter_label_select_no_label=ラベルなし
 issues.filter_milestone=マイルストーン
@@ -1590,8 +1626,8 @@ issues.lock.notice_3=- アンロックはいつでも可能です。
 issues.unlock.notice_1=- 誰でもこのイシューにもう一度コメントできるようになります。
 issues.unlock.notice_2=- 再びロックすることはいつでも可能です。
 issues.lock.reason=ロックする理由
-issues.lock.title=このイシューの会話をロックします。
-issues.unlock.title=このイシューの会話をアンロックします。
+issues.lock.title=この会話をロックします。
+issues.unlock.title=この会話をアンロックします。
 issues.comment_on_locked=ロックされているイシューにコメントはできません。
 issues.delete=削除
 issues.delete.title=このイシューを削除しますか?
@@ -2165,7 +2201,7 @@ settings.update_githook=フックを更新
 settings.add_webhook_desc=ForgejoはターゲットURLに、指定したContent Typeで<code>POST</code>リクエストを送ります。 詳細は<a target="_blank" rel="noopener noreferrer" href="%s">Webhookガイド</a>へ。
 settings.payload_url=ターゲットURL
 settings.http_method=HTTPメソッド
-settings.content_type=POST Content Type
+settings.content_type=POST content type
 settings.secret=Secret
 settings.slack_username=ユーザー名
 settings.slack_icon_url=アイコンのURL
@@ -2258,7 +2294,7 @@ settings.packagist_api_token=API トークン
 settings.packagist_package_url=Packagist パッケージ URL
 settings.deploy_keys=デプロイキー
 settings.add_deploy_key=デプロイキーを追加
-settings.deploy_key_desc=デプロイキーには、リポジトリの読み取り専用プルアクセス権が与えられます。
+settings.deploy_key_desc=デプロイキーには、リポジトリの読み取り専用または読み取り/書き込みのアクセスを許可できます。
 settings.is_writable=書き込みアクセスも有効にする
 settings.is_writable_info=このデプロイキーでリポジトリへの<strong>プッシュ</strong>も許可します。
 settings.no_deploy_keys=デプロイキーはまだありません。
@@ -2284,14 +2320,14 @@ settings.protect_enable_merge_desc=誰でも書き込み権限があれば、こ
 settings.protect_whitelist_committers=ホワイトリストでプッシュを制限
 settings.protect_whitelist_committers_desc=ホワイトリストに登録したユーザーまたはチームにのみ、このブランチへのプッシュが許可されます。(強制プッシュ以外)
 settings.protect_whitelist_deploy_keys=プッシュ可能な書き込み権限を持つデプロイキーをホワイトリストに含める。
-settings.protect_whitelist_users=プッシュ・ホワイトリストに含むユーザー:
-settings.protect_whitelist_teams=プッシュ・ホワイトリストに含むチーム:
+settings.protect_whitelist_users=プッシュ・ホワイトリストに含むユーザー
+settings.protect_whitelist_teams=プッシュ・ホワイトリストに含むチーム
 settings.protect_merge_whitelist_committers=マージ・ホワイトリストを有効にする
 settings.protect_merge_whitelist_committers_desc=ホワイトリストに登録したユーザーまたはチームにだけ、このブランチに対するプルリクエストのマージを許可します。
-settings.protect_merge_whitelist_users=マージ・ホワイトリストに含むユーザー:
-settings.protect_merge_whitelist_teams=マージ・ホワイトリストに含むチーム:
+settings.protect_merge_whitelist_users=マージ・ホワイトリストに含むユーザー
+settings.protect_merge_whitelist_teams=マージ・ホワイトリストに含むチーム
 settings.protect_check_status_contexts=ステータスチェックを有効にする
-settings.protect_status_check_patterns=ステータスチェック パターン:
+settings.protect_status_check_patterns=ステータスチェック パターン
 settings.protect_status_check_patterns_desc=このルールの対象ブランチがマージ可能になる前に、どのステータスチェックがパスしなければならないかを、パターンで入力します。 各行にパターンを指定します。 この設定は空にできません。
 settings.protect_check_status_contexts_desc=マージの前にステータスチェックがパスしていることを必須にします。 有効にした場合、まず他のブランチにコミットをプッシュしておき、このルールの対象ブランチのステータスチェックがパスしたあとに、マージまたは直接プッシュする必要があります。 マッチするコンテキストが無い場合は、コンテキストに関係なく最後のコミットが成功している必要があります。
 settings.protect_check_status_contexts_list=この1週間に、このリポジトリに対して行われたステータスチェック
@@ -2311,7 +2347,7 @@ settings.require_signed_commits_desc=署名されていない場合、または
 settings.protect_branch_name_pattern=保護ブランチ名のパターン
 settings.protect_branch_name_pattern_desc=保護ブランチ名のパターン。書き方については <a href="%s">ドキュメント</a> を参照してください。例: main, release/**
 settings.protect_patterns=パターン
-settings.protect_protected_file_patterns=保護されるファイルのパターン (セミコロン';'で区切る):
+settings.protect_protected_file_patterns=保護されるファイルのパターン (セミコロン';'で区切る)
 settings.protect_protected_file_patterns_desc=保護されたファイルは、このブランチにファイルを追加・編集・削除する権限を持つユーザーであっても、直接変更することができなくなります。 セミコロン(';')で区切って複数のパターンを指定できます。 パターンの文法については <a href="%[1]s">%[2]s</a> を参照してください。 例: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>
 settings.protect_unprotected_file_patterns=保護しないファイルのパターン (セミコロン';'で区切る):
 settings.protect_unprotected_file_patterns_desc=保護しないファイルは、ユーザーに書き込み権限があればプッシュ制限をバイパスして直接変更できます。 セミコロン(';')で区切って複数のパターンを指定できます。 パターンの文法については <a href="%[1]s">%[2]s</a> を参照してください。 例: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>
@@ -2372,19 +2408,19 @@ settings.lfs_findcommits=コミットを検索
 settings.lfs_lfs_file_no_commits=このLFSファイルに関するコミットはありません
 settings.lfs_noattribute=このパスはデフォルトブランチでlockable属性を与えられていません
 settings.lfs_delete=LFSファイル(OID %s)の削除
-settings.lfs_delete_warning=LFSファイルを削除すると、チェックアウトのときに 'object does not exist' エラーが発生するかもしれません。 よろしいですか？
+settings.lfs_delete_warning=LFSファイルを削除すると、チェックアウトのときに "object does not exist"エラーが発生するかもしれません。 よろしいですか？
 settings.lfs_findpointerfiles=ポインタファイルを検索
 settings.lfs_locks=ロック
 settings.lfs_invalid_locking_path=不正なパス: %s
 settings.lfs_invalid_lock_directory=ディレクトリはロックできません: %s
 settings.lfs_lock_already_exists=すでにロックされています: %s
 settings.lfs_lock=ロック
-settings.lfs_lock_path=ロックするファイルパス...
+settings.lfs_lock_path=ロックするファイルパス…
 settings.lfs_locks_no_locks=ロックなし
 settings.lfs_lock_file_no_exist=ロックしたファイルがデフォルトブランチにありません
 settings.lfs_force_unlock=強制ロック解除
 settings.lfs_pointers.found=%d件のblobポインタ - 登録済 %d件、未登録 %d件 (実体ファイルなし %d件)
-settings.lfs_pointers.sha=Blob SHA
+settings.lfs_pointers.sha=Blobハッシュ
 settings.lfs_pointers.oid=OID
 settings.lfs_pointers.inRepo=Repo内
 settings.lfs_pointers.exists=実ファイルあり
@@ -2544,7 +2580,7 @@ topic.done=完了
 topic.count_prompt=選択できるのは25トピックまでです。
 topic.format_prompt=トピック名は英字または数字で始め、ダッシュ('-')やドット('.')を含めることができます。最大35文字までです。文字は小文字でなければなりません。
 
-find_file.go_to_file=ファイルへ移動
+find_file.go_to_file=ファイルを探す
 find_file.no_matching=一致するファイルが見つかりません
 
 error.csv.too_large=このファイルは大きすぎるため表示できません。
@@ -2673,9 +2709,37 @@ issues.all_title = 全て
 settings.protect_new_rule = 新しいブランチ保護ルールを作成する
 settings.discord_icon_url.exceeds_max_length = アイコンのURLは 2048 文字以下にする必要があります
 issues.new.assign_to_me = 自分に割り当て
+new_from_template = テンプレートを使用する
+new_from_template_description = このインスタンスで既存のリポジトリ テンプレートを選択して、その設定を適用できます。
+new_advanced = 詳細設定
+new_advanced_expand = クリックして展開
+auto_init_description = READMEファイルを含めてGit履歴を開始し、オプションでライセンスファイルと.gitignoreファイルも追加できます。
+archive.nocomment = リポジトリがアーカイブされているため、コメントすることはできません。
+archive.pull.noreview = このリポジトリはアーカイブされています。プルリクエストをレビューすることはできません。
+sync_fork.branch_behind_one = このブランチは %[2]s より %[1]d コミット遅れています
+sync_fork.branch_behind_few = このブランチは %[2]s より %[1]d コミット遅れています
+sync_fork.button = 同期
+issues.filter_no_results = 結果なし
+issues.filter_no_results_placeholder = 検索フィルターを調整してみてください。
+issues.filter_type.all_pull_requests = すべてのプルリクエスト
+editor.commit_email = コミットメールアドレス
+issues.filter_sort.relevance = 関連度
+issues.num_reviews_one = %d件のレビュー
+issues.num_reviews_few = %d件のレビュー
+issues.reaction.add = リアクションを追加
+comment.blocked_by_user = リポジトリの所有者または作成者によってブロックされているため、コメントすることはできません。
+pulls.sign_in_require = 新しいプル リクエストを作成するには、<a href="%s">サインイン</a>してください。
+pulls.editable_explanation = このプルリクエストはメンテナーによる編集が許可されています。直接貢献することも可能です。
+pulls.delete_after_merge.head_branch.is_default = 削除しようとしているヘッド ブランチはデフォルトのブランチであるため、削除できません。
+pulls.delete_after_merge.head_branch.is_protected = 削除しようとしているHEADブランチは保護されたブランチであるため、削除できません。
+pulls.delete_after_merge.head_branch.insufficient_branch = HEADブランチを削除する権限がありません。
+settings.default_update_style_desc = ベースブランチより遅れているプルリクエストを更新する際に使用するデフォルトの更新スタイル。
+diff.git-notes.add = ノートを追加
+diff.git-notes.remove-header = ノートを削除
+diff.git-notes.remove-body = このメモは削除されます。
 
 [graphs]
-component_loading = %s の読み込み中...
+component_loading = %s の読み込み中…
 component_loading_failed = %s を読み込めませんでした
 component_loading_info = 少し時間がかかるかもしれません…
 component_failed_to_load = 予期しないエラーが発生しました。
@@ -2720,7 +2784,7 @@ settings.permission=許可
 settings.repoadminchangeteam=リポジトリ管理者はチームのアクセス権の追加・削除が可能
 settings.visibility=表示
 settings.visibility.public=公開
-settings.visibility.limited=限定 (認証済みユーザーにのみ表示)
+settings.visibility.limited=限定 (ログインしたユーザーにのみ表示)
 settings.visibility.limited_shortname=限定
 settings.visibility.private=プライベート (組織メンバーにのみ表示)
 settings.visibility.private_shortname=プライベート
@@ -2857,7 +2921,7 @@ dashboard.update_migration_poster_id=移行する投稿者IDの更新
 dashboard.git_gc_repos=すべてのリポジトリでガベージコレクションを実行
 dashboard.resync_all_sshkeys=Forgejo SSH キーを使用して".ssh/authorized_keys"ファイルを更新します。
 dashboard.resync_all_sshprincipals=Forgejo SSH プリンシパルを使用して".ssh/authorized_principals"ファイルを更新します。
-dashboard.resync_all_hooks=すべてのリポジトリの pre-receive, update, post-receive フックを更新する
+dashboard.resync_all_hooks=すべてのリポジトリの Git フックを再同期します (pre-receive、update、post-receive、proc-receive、…)
 dashboard.reinit_missing_repos=レコードが存在するが見当たらないすべてのGitリポジトリを再初期化する
 dashboard.sync_external_users=外部ユーザーデータの同期
 dashboard.cleanup_hook_task_table=hook_taskテーブルのクリーンアップ
@@ -2961,7 +3025,7 @@ users.list_status_filter.is_2fa_enabled=2要素認証有効
 users.list_status_filter.not_2fa_enabled=2要素認証無効
 users.details=ユーザーの詳細
 
-emails.email_manage_panel=ユーザーメールアドレスの管理
+emails.email_manage_panel=ユーザーのメールアドレスを管理
 emails.primary=プライマリー
 emails.activated=アクティベート済み
 emails.filter_sort.email=メールアドレス
@@ -3058,11 +3122,11 @@ auths.smtp_auth=SMTP認証タイプ
 auths.smtphost=SMTPホスト
 auths.smtpport=SMTPポート
 auths.allowed_domains=許可するドメイン
-auths.allowed_domains_helper=すべてのドメインを許可する場合は空のままにします。 複数のドメインはカンマ(',')で区切ります。
+auths.allowed_domains_helper=すべてのドメインを許可する場合は空のままにします。 複数のドメインはカンマ(",")で区切ります。
 auths.skip_tls_verify=TLS検証を省略
 auths.force_smtps=強制的にSMTPSにする
 auths.force_smtps_helper=ポート465ではSMTPSが常に使用されます。 これを指定すると、他のポートでもSMTPSの使用を強制します。 (指定しない場合は、ホストがサポートしていればSTARTTLSが使用されます。)
-auths.helo_hostname=HELOホストネーム
+auths.helo_hostname=HELOホスト名
 auths.helo_hostname_helper=HELOで送られるホスト名。現在のホスト名で送信する場合は空白にします。
 auths.disable_helo=HELOを無効にする
 auths.pam_service_name=PAMサービス名
@@ -3122,9 +3186,9 @@ auths.unable_to_initialize_openid=OpenID Connectプロバイダーを初期化
 auths.invalid_openIdConnectAutoDiscoveryURL=無効な自動検出URLです（http://またはhttps://で始まる有効なURLでなければなりません）
 
 config.server_config=サーバー設定
-config.app_name=サイトのタイトル
+config.app_name=インスタンスのタイトル
 config.app_ver=Forgejoのバージョン
-config.app_url=ForgejoのベースURL
+config.app_url=ベースURL
 config.custom_conf=設定ファイルのパス
 config.custom_file_root_path=カスタムファイルのルートパス
 config.domain=サーバードメイン
@@ -3138,7 +3202,7 @@ config.repo_root_path=リポジトリのルートパス
 config.lfs_root_path=LFSルートパス
 config.log_file_root_path=ログの保存先パス
 config.script_type=スクリプトの種類
-config.reverse_auth_user=リバース認証ユーザー
+config.reverse_auth_user=リバースプロキシ認証ユーザー
 
 config.ssh_config=SSH設定
 config.ssh_enabled=有効
@@ -3148,7 +3212,7 @@ config.ssh_port=ポート
 config.ssh_listen_port=待受ポート
 config.ssh_root_path=ルートパス
 config.ssh_key_test_path=キーテストパス
-config.ssh_keygen_path=キージェネレータ('ssh-keygen')パス
+config.ssh_keygen_path=キージェネレータ("ssh-keygen")パス
 config.ssh_minimum_key_size_check=最小キー長のチェック
 config.ssh_minimum_key_sizes=最小キー長
 
@@ -3174,7 +3238,7 @@ config.allow_only_external_registration=外部サービスを使用した登録
 config.enable_openid_signup=OpenIDを使ったセルフ登録有効
 config.enable_openid_signin=OpenIDを使ったサインイン有効
 config.show_registration_button=登録ボタンを表示
-config.require_sign_in_view=ページ閲覧にサインインが必要
+config.require_sign_in_view=コンテンツを表示するにはサインインが必要
 config.mail_notify=メール通知有効
 config.enable_captcha=CAPTCHA有効
 config.active_code_lives=アカウント確認リンクの有効時間
@@ -3199,7 +3263,7 @@ config.mailer_enabled=有効
 config.mailer_enable_helo=HELO有効
 config.mailer_name=名称
 config.mailer_protocol=プロトコル
-config.mailer_smtp_addr=SMTPアドレス
+config.mailer_smtp_addr=SMTPホスト
 config.mailer_smtp_port=SMTPポート
 config.mailer_user=ユーザー
 config.mailer_use_sendmail=Sendmailを使う
@@ -3210,7 +3274,7 @@ config.mailer_use_dummy=Dummy
 config.test_email_placeholder=Email (例 test@example.com)
 config.send_test_mail=テストメールを送信
 config.send_test_mail_submit=送信
-config.test_mail_failed=`"%s" へのテストメール送信に失敗しました: %v`
+config.test_mail_failed="%s" へのテストメール送信に失敗しました: %v
 config.test_mail_sent=テストメールを "%s" へ送信しました。
 
 config.oauth_config=OAuth設定
@@ -3238,8 +3302,8 @@ config.enable_federated_avatar=フェデレーテッド・アバター有効
 
 config.git_config=Git設定
 config.git_disable_diff_highlight=Diffのシンタックスハイライトが無効
-config.git_max_diff_lines=最大の差分行数(1ファイルあたり)
-config.git_max_diff_line_characters=最大の差分文字数(1行あたり)
+config.git_max_diff_lines=ファイルあたりの最大差分行数
+config.git_max_diff_line_characters=1行あたりの最大差分文字数
 config.git_max_diff_files=差分を表示する最大ファイル数
 config.git_gc_args=GC引数
 config.git_migrate_timeout=移行タイムアウト
@@ -3299,7 +3363,7 @@ monitor.queue.settings.remove_all_items=すべて削除
 monitor.queue.settings.remove_all_items_done=キュー内のすべての項目を削除しました。
 
 notices.system_notice_list=システム通知
-notices.view_detail_header=通知の詳細を表示
+notices.view_detail_header=通知の詳細
 notices.operations=操作
 notices.select_all=すべて選択
 notices.deselect_all=すべて選択解除
@@ -3555,6 +3619,9 @@ workflow.dispatch.warn_input_limit = 最初の %d 個の入力のみを表示し
 runs.no_job = ワークフローには少なくとも1つのジョブが含まれている必要があります
 
 runs.expire_log_message = ログは古すぎるため消去されています。
+variables.not_found = 変数が見つかりませんでした。
+runs.no_workflows.help_no_write_access = Forgejoアクションの詳細については、<a target="_blank" rel="noopener noreferrer" href="%s">ドキュメント</a>を参照してください。
+runs.no_workflows.help_write_access = Forgejo アクションの始め方がわからない場合は、<a target="_blank" rel="noopener noreferrer" href="%s">ユーザードキュメントのクイック スタート</a>を参照して最初のワークフローを作成し、次に <a target="_blank" rel="noopener noreferrer" href="%s">Forgejo ランナーをセットアップ</a>してジョブを実行して下さい。
 
 [projects]
 type-1.display_name=個人プロジェクト
@@ -3633,7 +3700,7 @@ pulls.write = <b>書き込み:</b> プルリクエストをクローズし、ラ
 wiki.read = <b>読み取り:</b> 統合された wiki とその履歴を読み取れます。
 wiki.write = <b>書き込み:</b> 統合された Wiki 内のページを作成、更新、削除します。
 projects.read = <b>読み取り:</b> リポジトリ プロジェクト ボードにアクセスします。
-actions.read = <b>読み取り:</b> 統合された CI/CD パイプラインとそのログを表示します。
+actions.read = <b>読み取り:</b> ワークフローの実行とそのログを表示します。
 
 [translation_meta]
 test = これはテスト文字列です。Forgejo UI には表示されませんが、テスト目的で使用されます。早く済ませるために"ok"と入力するか楽しかった出来事を入力して下さい。そうすれば、完了することができます :)
diff --git a/options/locale/locale_kab.ini b/options/locale/locale_kab.ini
index cb24455f2b..ddb7d0492c 100644
--- a/options/locale/locale_kab.ini
+++ b/options/locale/locale_kab.ini
@@ -74,6 +74,8 @@ signed_in_as = D uqqin amzun d
 enable_javascript = Asmel-a Web yesra JavaScript.
 return_to_forgejo = Tuɣalin ɣer Forgejo
 twofa = Asesteb s snat n tarrayin
+filter.not_template = Mačči d timudmiwin
+admin_panel = Tadbelt n wesmel
 
 [user]
 code = Tangalt
@@ -89,6 +91,9 @@ following.title.few = Yeṭṭafaṛ
 unfollow = Ur ṭṭafar ara
 overview = Tamuɣli s umata
 settings = Iɣewwaren n useqdac
+change_avatar = Beddel avaṭar-ik…
+block_user = Sewḥel aseqdac
+activity = Armud azayez
 
 [org]
 code = Tanglat
@@ -107,6 +112,7 @@ members.member = Aɛeggal
 create_new_team = Agraw amaynut
 create_team = Snulfu-d yiwen n ugraw
 team_name = Isem n ugraw
+settings = Iɣewwaren
 
 [repo]
 release.source_code = Tangalt taɣbalut
@@ -317,6 +323,52 @@ settings.web_hook_name_msteams = Microsoft Teams
 settings.web_hook_name_larksuite_only = Lark Suite
 settings.packagist_username = Isem n useqdac n Packagist
 template_select = Fren yiwet n tmudemt
+issues.open_title = Yeldin
+issues.closed_title = Yemedlen
+settings.slack_token = Tiddest
+settings.slack_domain = Taɣult
+settings.slack_channel = Abadu
+settings.lfs = LFS
+diff.git-notes = Tizmilin
+diff.comment.reply = Efk-d tiririt
+diff.review.comment = Awennit
+new_from_template = Seqdec tamudemt
+template.items = Iferdisen n tmudemt
+use_template = Fren tamudemt-a
+size_format = %[1]s: %[2]s, %[3]s: %[4]s
+open_with_editor = Ldi s %s
+license_helper = Fren afaylu n turagt
+download_file = Sader-d afaylu
+editor.name_your_file = Efk-as isem i ufaylu-k…
+editor.delete = Kkes %s
+editor.new_branch_name_desc = Isem amaynut n tseṭṭa…
+editor.filename_is_invalid = Isem n ufaylu d arameɣtu: "%s".
+editor.fail_to_update_file_summary = Izen n tuccḍa:
+editor.add_subdir = Rnu akaram…
+projects.create = Snulfu-d asenfar
+projects.new = Asenfar amaynut
+projects.deletion = Kkes asenfar
+projects.column.set_default = Sbadu-t d amezwer
+projects.card_type.text_only = Aḍris kan
+issues.new.open_projects = Isenfaren yeldin
+issues.filter_no_results = Ulac igmaḍ
+issues.num_comments_1 = %d n uwennit
+issues.num_comments = %d n iwenniten
+issues.context.copy_link = Nɣel aseɣwen
+issues.label_deletion = Kkes tabzimt
+issues.label_modify = Ẓreg tabzimt
+issues.label_count = %d n tebzimin
+pulls.status_checks_details = Talqayt
+pulls.merge_conflict_summary = Izen n tuccḍa
+wiki.welcome = Ansuf ar uwiki.
+activity.closed_issue_label = Yemedlen
+activity.unresolved_conv_label = Ldi
+settings = Iɣewwaren
+settings.federation_settings = Iɣewwaren n tfidiralit
+settings.basic_settings = Iɣewwaren n taffa
+settings.tracker_issue_style.alphanumeric = Agmumḍin
+settings.tracker_issue_style.numeric = Umḍin
+settings.teams = Igrawen
 
 [install]
 admin_password = Awal n uɛeddi
@@ -334,6 +386,13 @@ admin_email = Tansa imayl
 install_btn_confirm = Sebded Forgejo
 admin_name = Isem n useqdac n unedbal
 confirm_password = Serggeg awal n uɛeddi
+domain = Taɣult n aqeddac
+app_url = URL n taffa
+email_title = Iɣewwaren n imayl
+smtp_addr = Asenneftaɣ n SMTP
+smtp_port = Tawwurt n SMTP
+mailer_user = Isem n useqdac SMTP
+mailer_password = Awal n uɛeddi SMTP
 
 [admin]
 notices.type_1 = Akufi
@@ -367,6 +426,32 @@ orgs.teams = Igrawen
 orgs.members = Imttekkiyen
 repos.owner = Bab-is
 config.mailer_user = Aseqdac
+users.list_status_filter.is_admin = Anedbal
+users.admin = Anedbal
+repos.size = Tiddi
+packages.owner = Bab-is
+packages.creator = Asaraw
+packages.version = Lqem
+packages.type = Tawsit
+packages.size = Tiddi
+repos.lfs_size = Tiddi LFS
+auths.search_page_size = Tiddi n usebter
+users.full_name = Isem ummid
+users.last_login = Tuqqna taneggarut
+users.auth_source = Tiɣbula n usesteb
+users.is_activated = Amiḍan-a d urmid
+auths.tips.gmail_settings = Iɣewwaren n Gmail:
+config.ssh_config = Tawila n SSH
+config.domain = Taɣult n uqeddac
+config.server_config = Tawila n uqeddac
+config.app_name = Azwel n wesmel
+config.app_ver = Lqem n Forgejo
+config.app_url = URL n taffa n Forgejo
+config.mailer_smtp_port = Tawwurt n SMTP
+config.mailer_use_sendmail = Seqdec Sendmail
+config.https_only = HTTPS kan
+config.git_config = Tawila n Git
+monitor.queue.settings.remove_all_items = Kkes-iten akk
 
 [search]
 code_kind = Nadi tangalt…
@@ -378,6 +463,8 @@ team_kind = Nadi igrawen…
 package_kind = Nadi ikemmusen…
 project_kind = Nadi isenfaren…
 branch_kind = Nadi tiseḍwa…
+type_tooltip = Tawsit n unadi
+union = Tadukli
 
 [mail]
 release.download.targz = Tangalt taɣbalut (TAR.GZ)
@@ -389,6 +476,9 @@ hi_user_x = Azul a <b>%s</b>,
 admin.new_user.user_info = Talɣut ɣef useqdac
 release.title = Azwel: %s
 register_notify = Ansuf ar %s
+view_it_on = Wali-t ɣef %s
+activate_account = Ttxil, rmed amiḍan-ik
+issue.in_tree_path = Deg %s :
 
 [editor]
 buttons.code.tooltip = Rnu tangalt
@@ -401,12 +491,14 @@ table_modal.label.rows = Izirigen
 buttons.new_table.tooltip = Rnu tafelwit
 table_modal.header = Rnu tafelwit
 buttons.link.tooltip = Rnu yiwen n useɣwen
+link_modal.header = Rnu yiwen n useɣwen
 
 [explore]
 code = Tanglat
 repos = Ikufan
 users = Iseqdacen
 organizations = Tuddsiwin
+go_to = Ddu ɣer
 
 [form]
 UserName = Isem n useqdac
@@ -421,6 +513,13 @@ TeamName = Isem n terbaɛt
 Email = Tansa imayl
 Retype = Sentem awal n uɛeddi
 FullName = Isem ummid
+AdminEmail = Imayl n unedbal
+To = Isem n tseṭṭa
+AccessToken = Tiddest n wadduf
+NewBranchName = Isem amaynut n tseṭṭa
+require_error = ` ur izmir ara ad yeqqim d ilem.`
+user_not_exist = Aseqdac-a ur yelli ara.
+team_not_exist = Agraw-a ur yelli ara.
 
 [aria]
 footer.links = Iseɣwan
@@ -438,6 +537,7 @@ install = Fessus i usebded
 my_repos = Ikufan
 show_private = Uslig
 my_orgs = Tuddsiwin
+uname_holder = Isem n useqdac neɣ tansa imayl
 
 [auth]
 openid_connect_submit = Tuqqna
@@ -448,6 +548,11 @@ forgot_password_title = Tettuḍ awal n uɛeddi
 forgot_password = Tettuḍ awal n uɛeddi?
 sign_up_button = Asnulfu n umiḍan.
 reset_password = Tiririt n umiḍan
+openid_register_title = Snulfu-d amiḍan amaynut
+sign_in_openid = Kemmel s OpenID
+active_your_account = Sermed amiḍan-ik
+account_activated = Amiḍan-a yettwarmed
+back_to_sign_in = Tuɣalin ar tuqqna
 
 [modal]
 yes = Ih
@@ -512,6 +617,44 @@ manage_themes = Asentel amezwer
 manage_openid = Tansiwin OpenID
 add_key = Rnu yiwet n tsarut
 quota.sizes.git.lfs = Git LFS
+add_new_email = Rnu tansa imayl
+add_email = Rnu tansa imayl
+manage_ssh_keys = Sefrek tisura SSH
+email_deletion = Kkes tansa imayl
+openid_deletion = Kkes tansa OpenID
+webauthn_register_key = Rnu yiwet n tsarut n tɣellist
+webauthn_delete_key = Kkes tasarut-nni n tɣellist
+ssh_gpg_keys = Tisura SSH / GPG
+profile_desc = Fell-ak·am
+full_name = Isem ummid
+pronouns = ismawen
+update_theme = Beddel asentel
+update_profile = Ẓreg amaɣnu
+update_language_not_found = Tutlayt n "%s" ur telli ara.
+update_language_success = Tettwaleqqem tutlayt.
+language.localization_project = Ɛawen-aɣ ad d-nessuqel Forgejo ɣer tutlayt-nwen! <a href="%s">Lmed ugar</a>.
+change_password = Senfel awal n uɛeddi
+update_password = Leqqem awal n uɛeddi
+retype_new_password = Serggeg tikkelt-nniḍen awal n uɛeddi amaynut
+password_incorrect = Awal-a n uɛeddi amiran d arameɣtu.
+manage_emails = Sefrek tansiwin n imayl
+primary_email = Err-itt d tansa-k tamezwarut
+theme_update_success = Yettuleqqem usentel-ik.
+theme_update_error = Asentel yettufernen ulac-it.
+activated = D urmid
+manage_gpg_keys = Sefrek tisura GPG
+add_new_principal = Rnu agejdan
+key_name = Isem n tsarut
+key_id = Asulay ID n tsarut
+ssh_key_deletion = Kkes tasarut SSH
+gpg_key_deletion = Kkes tasarut GPG
+generate_new_token = Sarew-d tiddest tamaynut
+token_name = Isem n tiddest
+generate_token = Sarew-d tiddest
+permissions_public_only = Azayez kan
+oauth2_application_name = Isem n usnas
+delete_account = Kkes amiḍan-ik
+quota.sizes.git.all = Agbur deg Git
 
 [packages]
 
@@ -525,6 +668,7 @@ type-2.display_name = Asenfar n ukufi
 
 [error]
 network_error = Tuccḍa deg uẓeṭṭa
+occurred = Tella-d tuccḍa
 
 [tool]
 days = %d n wussan
@@ -533,6 +677,7 @@ months = %d n wayyuren
 years = %d n iseggasen
 1mon = 1 n wayyur
 1y = 1 n useggas
+1d = 1 n wass
 
 [dropzone]
 remove_file = Kkes afaylu
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index bb4f82bb75..631ba20b83 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -384,7 +384,7 @@ allow_password_change=사용자에게 비밀번호 변경을 요청 (권장됨)
 reset_password_mail_sent_prompt=확인 메일이 <b>%s</b>로 전송되었습니다. 받은 편지함으로 도착한 메일을 %s 안에 확인해서 비밀번호 찾기 절차를 완료하십시오.
 active_your_account=계정 활성화
 account_activated=계정이 활성화 되었습니다
-prohibit_login = 
+prohibit_login =
 resent_limit_prompt=활성화를 위한 이메일을 이미 전송했습니다. 3분 내로 이메일을 받지 못한 경우 재시도해주세요.
 has_unconfirmed_mail=안녕하세요 %s, 이메일 주소(<b>%s</b>)가 확인되지 않았습니다. 확인 메일을 받으시지 못하겼거나 새로운 확인 메일이 필요하다면, 아래 버튼을 클릭해 재발송하실 수 있습니다.
 resend_mail=여기를 눌러 확인 메일 재전송
diff --git a/options/locale/locale_nds.ini b/options/locale/locale_nds.ini
index 891efbc387..7d85e46a9b 100644
--- a/options/locale/locale_nds.ini
+++ b/options/locale/locale_nds.ini
@@ -1424,7 +1424,7 @@ issues.ref_from = `vun %[1]s`
 issues.author = Autor
 issues.author.tooltip.pr = Deeser Bruker is de Autor vun deesem Haalvörslag.
 issues.role.owner = Eegner
-issues.role.owner_helper = Deeser Bruker is de Eegner vun deesem Repositorium.
+issues.role.owner_helper = Deeser Bruker is een Eegner vun deesem Repositorium.
 issues.role.member = Liddmaat
 issues.role.collaborator = Mitarbeider
 issues.role.first_time_contributor = Nejer Bidrager
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index d5b4bcdabc..d790980b25 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -2236,7 +2236,7 @@ issues.close = Issue sluiten
 issues.comment_pull_merged_at = commit %[1]s samengevoegd in %[2]s %[3]s
 issues.comment_manually_pull_merged_at = commit %[1]s handmatig samengevoegd in %[2]s %[3]s
 issues.author = Auteur
-issues.role.owner_helper = Deze gebruiker is de eigenaar van deze repository.
+issues.role.owner_helper = Deze gebruiker is een eigenaar van deze repository.
 issues.role.member_helper = Deze gebruiker is lid van de organisatie die eigenaar is van deze repository.
 rss.must_be_on_branch = U moet een branch geselecteerd hebben om een RSS-feed te verkrijgen.
 admin.manage_flags = Vlaggen beheren
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index 7762e34325..b9373aea21 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -1151,7 +1151,7 @@ migrate_items_wiki=Wiki
 migrate_items_milestones=Marcos
 migrate_items_labels=Etiquetas
 migrate_items_issues=Issues
-migrate_items_pullrequests=Pull requests
+migrate_items_pullrequests=Propostas de revisão
 migrate_items_merge_requests=Pedidos de merge
 migrate_items_releases=Versões
 migrate_repo=Migrar repositório
@@ -1178,7 +1178,7 @@ migrate.migrating_milestones=Migrando marcos
 migrate.migrating_labels=Migrando rótulos
 migrate.migrating_releases=Migrando releases
 migrate.migrating_issues=Migrando issues
-migrate.migrating_pulls=Migrando pull requests
+migrate.migrating_pulls=Migrando propostas de revisão
 migrate.cancel_migrating_title=Cancelar migração
 migrate.cancel_migrating_confirm=Você quer cancelar essa migração?
 
@@ -1216,7 +1216,7 @@ find_tag=Pesquisar etiqueta
 branches=Branches
 tags=Tags
 issues=Issues
-pulls=Pull requests
+pulls=Propostas de revisão
 packages=Pacotes
 actions=Ações
 labels=Etiquetas
@@ -1257,7 +1257,7 @@ symbolic_link=Link simbólico
 executable_file=Arquivo executável
 commit_graph=Gráfico de commits
 commit_graph.select=Selecionar branches
-commit_graph.hide_pr_refs=Esconder pull requests
+commit_graph.hide_pr_refs=Esconder propostas de revisão
 commit_graph.monochrome=Monocromático
 commit_graph.color=Colorido
 commit.contained_in=Esse commit está contido em:
@@ -1550,13 +1550,13 @@ issues.closed_at=`fechou esta issue %s`
 issues.reopened_at=`reabriu esta issue %s`
 issues.commit_ref_at=`citou esta issue de um commit %s`
 issues.ref_issue_from=`<a href="%[2]s">citou esta issue %[3]s</a> %[1]s`
-issues.ref_pull_from=`<a href="%[2]s">citou este pull request %[3]s</a> %[1]s`
-issues.ref_closing_from=`<a href="%[2]s">citou esta issue de um pull request %[3]s que a fechará</a> %[1]s`
-issues.ref_reopening_from=`<a href="%[2]s">citou esta issue de um pull request %[3]s que a reabrirá</a>, %[1]s`
+issues.ref_pull_from=`<a href="%[2]s">citou esta proposta de revisão %[3]s</a> %[1]s`
+issues.ref_closing_from=`<a href="%[2]s">citou esta questão a partir de uma proposta de revisão %[3]s que a fechará</a>, %[1]s`
+issues.ref_reopening_from=`<a href="%[2]s">citou esta questão de uma proposta de revisão %[3]s que a reabrirá</a>, %[1]s`
 issues.ref_from=`de %[1]s`
 issues.author=Autor
 issues.role.owner=Proprietário(a)
-issues.role.owner_helper=Este usuário é o proprietário deste repositório.
+issues.role.owner_helper=Este usuário é um proprietário deste repositório.
 issues.role.member=Membro
 issues.re_request_review=Solicitar nova revisão
 issues.is_stale=Houve alterações nessa PR desde essa revisão
@@ -2667,7 +2667,7 @@ settings.mirror_settings.pushed_repository = Repositório enviado
 settings.mirror_settings.docs.disabled_pull_mirror.instructions = Configure seu projeto para automaticamente fazer push de commits, tags e branches para outro repositório. Espelhos de pull foram desativados pelo administrador do seu site.
 settings.mirror_settings.docs.disabled_push_mirror.instructions = Configure seu projeto para automaticamente fazer pull de commits, tags e branches de outro repositório.
 settings.mirror_settings.docs.doc_link_pull_section = a seção "Fazendo pull de um repositório remoto" da documentação.
-subscribe.pull.guest.tooltip = Inicie a sessão para receber notificações deste pull request.
+subscribe.pull.guest.tooltip = Inicie a sessão para receber notificações desta proposta de revisão.
 settings.pull_mirror_sync_quota_exceeded = Cota excedida, não será feito pull das mudanças.
 settings.mirror_settings.docs.more_information_if_disabled = Saiba mais sobre espelhos de push e pull aqui:
 settings.transfer_quota_exceeded = O novo dono (%s) excedeu a cota. O repositório não foi transferido.
@@ -2747,7 +2747,7 @@ issues.reaction.alt_few = %[1]s reagiu com %[2]s.
 issues.reaction.alt_many = %[1]s e mais %[2]d reagiram com %[3]s.
 summary_card_alt = Cartão de resumo do repositório %s
 release.summary_card_alt = Cartão de resumo de um release intitulado "%s" no repositório %s
-archive.pull.noreview = Este repositório está arquivado. Não é possível revisar pull requests.
+archive.pull.noreview = Este repositório está arquivado. Não é possível revisar propostas.
 editor.commit_email = Email de commit
 commits.view_single_diff = Ver modificações neste arquivo introduzidas neste commit
 pulls.editable = Editável
@@ -2768,7 +2768,7 @@ settings.event_action_recover = Recuperar
 settings.event_action_recover_desc = A execução da Action teve sucesso após a última execução no mesmo workflow ter falhado.
 settings.event_action_success = Sucesso
 settings.event_action_success_desc = A execução da Action foi bem sucedida.
-issues.filter_type.all_pull_requests = Todos os pull requests
+issues.filter_type.all_pull_requests = Todas as propostas de revisão
 tree_path_not_found.commit = O caminho %[1]s não existe no commit %[2]s
 tree_path_not_found.branch = O caminho %[1]s não existe no branch %[2]s
 tree_path_not_found.tag = O caminho %[1]s não existe na etiqueta %[2]s
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 754ce3483f..ad059c83e3 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -1571,7 +1571,7 @@ issues.ref_reopening_from=`<a href="%[2]s">referiu esta questão a partir de um
 issues.ref_from=`de %[1]s`
 issues.author=Autor(a)
 issues.role.owner=Proprietário(a)
-issues.role.owner_helper=Este utilizador é o proprietário deste repositório.
+issues.role.owner_helper=Este utilizador é proprietário deste repositório.
 issues.role.member=Membro
 issues.role.member_helper=Este utilizador é um membro da organização que é proprietária deste repositório.
 issues.role.collaborator=Colaborador
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 5d9eadf5d2..88404107d1 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -291,7 +291,7 @@ offline_mode.description=Отключить сторонние службы до
 disable_gravatar=Отключить Gravatar
 disable_gravatar.description=Отключить Gravatar и прочие сторонние источники изображений профилей. Если у пользователя нет локально установленного изображения профиля, будет использовано изображение по умолчанию.
 federated_avatar_lookup=Федерированные изображения профилей
-federated_avatar_lookup.description=Искать изображения профилей, используя Libravatar.
+federated_avatar_lookup.description=Искать изображения профилей через Libravatar.
 disable_registration=Отключить самостоятельную регистрацию
 disable_registration.description=Только администраторы смогут создавать новые учётные записи пользователей. Отключение саморегистрации крайне рекомендовано, разве что если вы не собираетесь создать публичный сервер для всех и готовы бороться с большим количеством спама.
 allow_only_external_registration.description=Пользователи смогут создавать новые учётные записи только через добавленные сторонние службы.
@@ -2684,7 +2684,7 @@ issues.edit.already_changed = Не удалось отредактировать
 pulls.edit.already_changed = Не удалось отредактировать запрос слияния. Похоже, содержимое уже было изменено другим пользователем. Попробуйте обновить страницу и отредактировать запрос ещё раз, чтобы избежать отмены чужих изменений
 comments.edit.already_changed = Не удалось отредактировать комментарий. Похоже, он уже был изменён другим пользователем. Попробуйте обновить страницу и отредактировать его ещё раз, чтобы избежать отмены чужих изменений
 settings.federation_settings = Настройки федерации
-settings.federation_apapiurl = Федеративная ссылка на этот репозиторий. Скопируйте и вставьте её в настройки федерации другого репозитория как ссылку репозитория для отслеживания.
+settings.federation_apapiurl = Федеративная ссылка на этот репозиторий. Скопируйте и вставьте её в настройки федерации другого репозитория как ссылку отслеживаемого репозитория.
 settings.federation_following_repos = Ссылки на отслеживаемые репозитории. Разделяются с помощью «;», без пробелов.
 n_release_one = %s выпуск
 n_release_few = %s выпусков
@@ -3720,7 +3720,7 @@ filepreview.lines = Строки с %[1]d по %[2]d в %[3]s
 filepreview.truncated = Предпросмотр был обрезан
 
 [translation_meta]
-test = Wake up.
+test = Wake up
 
 [repo.permissions]
 code.write = <b>Запись:</b> отправка изменений в репозиторий, создание веток и тегов.
diff --git a/options/locale/locale_sl.ini b/options/locale/locale_sl.ini
index 48402a2d56..01dee8d695 100644
--- a/options/locale/locale_sl.ini
+++ b/options/locale/locale_sl.ini
@@ -433,7 +433,7 @@ openid_signin_desc = Vnesite svoj URI OpenID. Na primer: alice.openid.example.or
 twofa_scratch_token_incorrect = Vaša koda je napačna.
 login_userpass = Prijavite se
 oauth_signup_title = Dokončanje novega računa
-oauth_signup_submit = Celoten račun
+oauth_signup_submit = Dokončanje računa
 oauth_signin_title = Prijavite se za avtorizacijo povezanega računa
 oauth_signin_submit = Povezava z računom
 oauth.signin.error.access_denied = Zahtevek za odobritev je bil zavrnjen.
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index e916fc401a..5103932b31 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -37,7 +37,7 @@ repository=Utvecklingskatalog
 organization=Organisation
 mirror=Spegel
 new_mirror=Ny spegling
-new_fork=Ny förgrening av kodförråd
+new_fork=Ny avgrening av kodförråd
 new_project=Nytt projekt
 admin_panel=Sidadministration
 settings=inställningar
@@ -49,7 +49,7 @@ all=Alla
 sources=Källor
 mirrors=Speglar
 collaborative=Kollaborativa
-forks=Forks
+forks=Avgreningar
 
 activities=Aktiviteter
 pull_requests=Ändringsförfrågningar
@@ -70,7 +70,7 @@ disabled=Inaktiverad
 
 write=Skriv
 preview=Förhandsgranska
-loading=Laddar…
+loading=Läser in…
 
 error404=Sidan du försöker nå <strong>finns inte</strong>, <strong>har tagits bort</strong> eller så <strong>har du inte behörighet</strong> att se den.
 
@@ -90,7 +90,7 @@ logo = Logotyp
 sign_in_with_provider = Logga in med %s
 enable_javascript = Denna webbplats kräver JavaScript.
 ok = OK
-more_items = Fler saker
+more_items = Fler objekt
 webauthn_sign_in = Tryck på knappen på din säkerhetsnyckel. Om din säkerhetsnyckel inte har en knapp, dra ut den och sätt in den igen.
 new_project_column = Ny kolumn
 copy_type_unsupported = Den här filtypen kan inte kopieras
@@ -104,10 +104,10 @@ copy_url = Kopiera URL
 copy_error = Kopiering misslyckades
 copy_content = Kopiera innehåll
 webauthn_insert_key = Skriv in din säkerhetsnyckel
-webauthn_press_button = Var god tryck på knappen på din säkerhetsnyckel…
+webauthn_press_button = Vänligen tryck på knappen på din säkerhetsnyckel…
 webauthn_error = Det gick inte att läsa din säkerhetsnyckel.
 webauthn_unsupported_browser = Din webbläsare har ännu inte stöd för WebAuthn.
-webauthn_error_unknown = Ett okänt fel har inträffat. Var god försök igen.
+webauthn_error_unknown = Ett okänt fel har inträffat. Vänligen försök igen.
 webauthn_error_empty = Du måste ange ett namn för den här nyckeln.
 new_org.title = Ny organisation
 new_org.link = Ny organisation
@@ -119,9 +119,9 @@ never = Aldrig
 unknown = Okänd
 confirm_delete_artifact = Är du säker på att du vill ta bort artefakten "%s"?
 artifacts = Artefakter
-show_timestamps = Visa tidsstämpel
+show_timestamps = Visa tidsstämplar
 show_full_screen = Visa i fullskärm
-download_logs = Ladda ner loggar
+download_logs = Hämta ned loggar
 go_back = Gå tillbaka
 show_log_seconds = Visa sekunder
 rerun = Kör om
@@ -137,7 +137,7 @@ error413 = Du har använt upp din kvot.
 invalid_data = Ogiltig data: %v
 filter.not_template = Ej mallar
 copy_hash = Kopiera hash
-view = Se
+view = Visa
 copy_branch = Kopiera grennamn
 pin = Fäst
 filter.public = Publika
@@ -153,9 +153,9 @@ tracked_time_summary = Sammanfattning av spårad tid baserat på filter av ären
 toggle_menu = Växla meny
 confirm_delete_selected = Bekräfta för att ta bort alla valda objekt?
 webauthn_error_timeout = Det gick inte att läsa din nyckel innan tidsgränsen nåddes. Läs om denna sida och försök igen.
-filter.is_fork = Förgreningar
+filter.is_fork = Avgreningar
 webauthn_error_duplicated = Säkerhetsnyckeln är inte tillåten för denna begäran. Se till att nyckeln inte redan är registrerad.
-filter.not_fork = Ej förgreningar
+filter.not_fork = Ej avgreningar
 remove_label_str = Ta bort objektet "%s"
 webauthn_use_twofa = Använd en tvåfaktorskod från din telefon
 webauthn_error_insecure = WebAuthn stöder endast säkra anslutningar. För testning över HTTP kan du använda "localhost" eller "127.0.0.1"
@@ -173,8 +173,8 @@ contributions_one = bidrag
 contributions_zero = Inga bidrag
 contributions_format = {contributions} den {day} {month} {year}
 contributions_few = bidrag
-less = Mindre
-more = Mer
+less = Färre
+more = Flera
 number_of_contributions_in_the_last_12_months = %s bidrag under de senaste 12 månaderna
 
 [editor]
@@ -187,11 +187,11 @@ buttons.italic.tooltip = Lägg till kursiv text (CTRL+I / ⌘I)
 buttons.list.unordered.tooltip = Lägg till en punktlista
 buttons.list.ordered.tooltip = Lägg till en numrerad lista
 buttons.list.task.tooltip = Lägg till en uppgiftslista
-buttons.mention.tooltip = Nämn en användare eller ett team
+buttons.mention.tooltip = Nämn en användare eller ett lag
 buttons.ref.tooltip = Hänvisa till ett ärende eller en ändringsförfrågan
 buttons.new_table.tooltip = Lägg till tabell
 table_modal.header = Lägg till tabell
-table_modal.placeholder.header = Sidhuvud
+table_modal.placeholder.header = Rubrik
 table_modal.placeholder.content = Innehåll
 table_modal.label.rows = Rader
 table_modal.label.columns = Kolumner
@@ -213,7 +213,7 @@ string.desc = Ö - A
 occurred = Ett fel har inträffat
 server_internal = Internt serverfel
 network_error = Nätverksfel
-report_message = Om du tror att detta är ett fel i Forgejo, sök efter ärenden på <a href="%s" target="_blank">Codeberg</a> eller öppna ett nytt ärende om det behövs.
+report_message = Om du tror att detta är ett programfel i Forgejo, sök efter ärenden på <a href="%s" target="_blank">Codeberg</a> eller öppna ett nytt ärende om det behövs.
 not_found = Målet kunde inte hittas.
 
 [startpage]
@@ -342,7 +342,7 @@ reinstall_confirm_check_2 = Kodförråden och inställningarna kan behöva omsyn
 run_user_helper = Operativsystemets användarnamn som Forgejo körs som. Notera att denna användare måste ha tillgång till kodförrådets rotsökväg.
 enable_update_checker_helper_forgejo = Den kommer regelbundet att leta efter nya Forgejo-versioner genom att läsa av en DNS TXT-post från release.forgejo.org.
 enable_update_checker = Aktivera uppdateringskontroll
-reinstall_confirm_check_3 = Du bekräftar att du är helt säker på att denna Forgejo körs med rätt app.ini-plats och att du är säker på att du måste installera om. Du bekräftar att du förstår ovanstående risker.
+reinstall_confirm_check_3 = Du bekräftar att du är helt säker att Forgejo kör med korrekt app.ini plats och att du är säker att du behöver ominstallera. Du bekräftar att du har förstått ovanstående risker.
 env_config_keys = Miljökonfiguration
 
 [home]
@@ -390,7 +390,7 @@ allow_password_change=Kräv att användaren byter lösenord (rekommenderas)
 reset_password_mail_sent_prompt=Ett nytt bekräftelsemeddelande har skickats till <b>%s</b>. För att slutföra återställning av ditt konto, kontrollera din inkorg och gå till den bifogade länken inom de kommande %s.
 active_your_account=Aktivera ditt konto
 account_activated=Kontot har aktiverats
-prohibit_login=Kontot är avstängd
+prohibit_login=Kontot är avstängt
 resent_limit_prompt=Du har redan begärt ett aktiveringsmejl nyligen. Vänligen vänta 3 minuter och försök igen.
 has_unconfirmed_mail=Hej %s, du har en obekräftad epostaddress (<b>%s</b>). Om du inte har fått ett bekräftelsemail eller behöver ett nytt, klicka på knappen nedan.
 resend_mail=Klicka här för att skicka ditt aktiveringsmejl igen
@@ -441,7 +441,7 @@ hint_register = Behöver du ett konto? <a href="%s">Registrera ett nu.</a>
 prohibit_login_desc = Ditt konto har stängts av från att interagera med instansen. Kontakta instansadministratören för att återfå tillgång.
 password_pwned = Lösenordet du valde finns på en <a target="_blank" rel="noopener noreferrer" href="%s">lista över stulna lösenord</a> som tidigare exponerats i offentliga dataintrång. Försök igen med ett annat lösenord och överväg att ändra detta lösenord på annat håll också.
 sign_up_button = Registrera dig.
-sign_up_successful = Kontot skapades. Välkommen!
+sign_up_successful = Ditt konto har skapats. Välkommen!
 change_unconfirmed_email = Om du har fått fel e-postadress under registrering kan du ändra den nedan och ett bekräftelsemeddelande kommer skickas till den nya adressen istället.
 unauthorized_credentials = Inloggningsuppgifterna är felaktiga eller har gått ut. Försök kommandot igen eller se %s för mer information
 manual_activation_only = Kontakta webbplatsadministratören för att slutföra aktiveringen.
@@ -559,7 +559,7 @@ Content=Innehåll
 require_error=får inte vara tomt
 alpha_dash_error=` bör endast innehålla alfanumeriska tecken, bindestreck ("-") och understreck ("_").`
 alpha_dash_dot_error=` bör endast innehålla alfanumeriska tecken, bindestreck ("-"), understreck ("_") och punkter (".").`
-git_ref_name_error=måste vara ett för Git välformaterat referensnamn.
+git_ref_name_error=`måste vara ett för Git välformaterat referensnamn.`
 size_error=` måste vara av storleken %s`
 min_size_error=` måste innehålla minst %s tecken.`
 max_size_error=` får inte innehålla mer än %s tecken.`
@@ -839,7 +839,7 @@ scan_this_image=Skanna denna bild med ditt autentiseringsprogram:
 or_enter_secret=Eller skriv in följande sträng: %s
 then_enter_passcode=Och ange den lösenkod som visas i programmet:
 passcode_invalid=Koden är ogiltig. Försök igen.
-twofa_enrolled=Tvåfaktorsautentisering har aktiverats för ditt konto. Förvara din skrapkod (%s) på en säker plats eftersom den bara visas en gång!
+twofa_enrolled=Tvåfaktorsautentisering har aktiverats för ditt konto. Förvara din engångskod för återställning (%s) på en säker plats eftersom den bara visas en gång.
 
 
 manage_account_links=Länkade konton
@@ -1095,7 +1095,7 @@ template.invalid=Du måste välja minst en utvecklingskatalog för mallar
 migrate_options=Migreringsalternativ
 migrate_items=Migrationsobjekt
 migrate_items_wiki=Wiki
-migrate_items_milestones=Milstenar
+migrate_items_milestones=Milstolpar
 migrate_items_labels=Etiketter
 migrate_items_issues=Ärenden
 migrate_items_pullrequests=Ändringsförfrågningar
@@ -1150,10 +1150,10 @@ labels=Etiketter
 org_labels_desc=Etiketter på organisationsnivå som kan användas i <strong>alla utvecklingskataloger</strong> tillhörande denna organisation
 org_labels_desc_manage=hantera
 
-milestones=Milstenar
+milestones=Milstolpar
 commits=Incheckningar
 commit=Commit
-releases=Släpp
+releases=Utgåvor
 file_raw=Rå
 file_history=Historik
 file_view_raw=Visa i råformat
@@ -1257,9 +1257,9 @@ issues.new.no_projects=Inget projekt
 issues.new.open_projects=Öppna projekt
 issues.new.closed_projects=Stängda projekt
 issues.new.no_items=Inga objekt
-issues.new.milestone=Milsten
+issues.new.milestone=Milstolpe
 issues.new.no_milestone=Ingen milstolpe
-issues.new.clear_milestone=Rensa milstenar
+issues.new.clear_milestone=Rensa milstolpe
 issues.new.open_milestone=Öppna milstolpar
 issues.new.closed_milestone=Stängda milstolpar
 issues.new.assignees=Tilldelade
@@ -1296,7 +1296,7 @@ issues.delete_branch_at='tog bort grenen <b>%s</b> %s'
 issues.filter_label=Etikett
 issues.filter_label_exclude=Använd <kbd>Alt</kbd> + <kbd>klicka/enter</kbd> för att exkludera etiketter
 issues.filter_label_no_select=Alla etiketter
-issues.filter_milestone=Milsten
+issues.filter_milestone=Milstolpe
 issues.filter_project_none=Inget projekt
 issues.filter_assignee=Förvärvare
 issues.filter_assginee_no_select=Alla tilldelade
@@ -1322,8 +1322,8 @@ issues.filter_sort.fewestforks=Minst forks
 issues.action_open=Öppna
 issues.action_close=Stäng
 issues.action_label=Etikett
-issues.action_milestone=Milsten
-issues.action_milestone_no_select=Ingen Milsten
+issues.action_milestone=Milstolpe
+issues.action_milestone_no_select=Ingen milstolpe
 issues.action_assignee=Tilldelad
 issues.action_assignee_no_select=Ingen tilldelad
 issues.opened_by=öppnade %[1]s av <a href="%[2]s">%[3]s</a>
@@ -1397,7 +1397,7 @@ issues.lock.notice_3=- Du kan alltid låsa upp detta ärende senare.
 issues.unlock.notice_1=- Alla kommer kunna kommentera detta ärende en gång till.
 issues.unlock.notice_2=- Du kan alltid låsa detta ärende senare.
 issues.lock.reason=Anledningen till att låsa
-issues.lock.title=Lås konversationen för detta ärende.
+issues.lock.title=Lås konversationen
 issues.unlock.title=Lås upp konversation
 issues.comment_on_locked=Du kan inte kommentera ett låst ärende.
 issues.delete=Radera
@@ -1479,7 +1479,7 @@ issues.content_history.options=Alternativ
 pulls.desc=Aktivera pull-förfrågningar och kodgranskning.
 pulls.new=Ny ändringsförfrågan
 pulls.compare_changes=Ny ändringsförfrågan
-pulls.compare_changes_desc=Välj branchen att merga in i, och ifrån.
+pulls.compare_changes_desc=Välj gren att sammanfoga till samt gren att hämta från.
 pulls.compare_base=merga in i
 pulls.compare_compare=pulla från
 pulls.filter_branch=Filtrera gren
@@ -1525,7 +1525,7 @@ milestones.closed=Stängt %s
 milestones.no_due_date=Inget förfallodatum
 milestones.open=Öppna
 milestones.close=Stäng
-milestones.completeness=%d%% Slutförd
+milestones.completeness=<strong>%d%%</strong> Slutförd
 milestones.create=Skapa milstolpe
 milestones.title=Titel
 milestones.desc=Beskrivning
@@ -1740,7 +1740,7 @@ settings.event_header_repository=Händelser i kodförrådet
 settings.event_create=Skapa
 settings.event_create_desc=Branch eller tagg skapad.
 settings.event_delete=Ta bort
-settings.event_fork=Fork
+settings.event_fork=Avgrena
 settings.event_fork_desc=Utvecklingskatalog forkad.
 settings.event_wiki=Wiki
 settings.event_release=Release
@@ -1793,7 +1793,7 @@ settings.protect_merge_whitelist_committers_desc=Tillåt endast vitlistade anvä
 settings.protect_merge_whitelist_users=Vitlistade användare för sammanfogning
 settings.protect_merge_whitelist_teams=Vitlistade teams för sammanfogning
 settings.protect_check_status_contexts=Aktivera statuskontroller
-settings.protect_check_status_contexts_desc=Kräv godkända statuskontroller innan merge. Välj vilka statuskontroller som godkännas innan grenar kan slås samman till en gren som matchar denna regel. När aktiverad, måste committer först pushas till en annan gren, sedan mergas eller pushas direkt till en gren som matchar denna regel efter statuskontroll har har godkännts. Om inga context väljs måste den sista committen vara framgångsrik oavsett context.
+settings.protect_check_status_contexts_desc=Kräv godkända statuskontroller innan sammanfogning. Om aktiverad, måste incheckningar först skickas upp till en annan gren, sedan sammanfogas eller skickas upp direkt till en gren som matchar denna regel efter statuskontrollerna har godkännts. Om inga kontext matchar måste den sista incheckningen lyckas oavsett kontext.
 settings.protect_check_status_contexts_list=Statuskontroller funna under senaste veckan för denna utvecklingskatalog
 settings.protect_required_approvals=Godkännanden som krävs
 settings.protect_approvals_whitelist_users=Vitlistade granskare
@@ -2390,7 +2390,7 @@ pulls.closed_at = `stängde denna ändringsförfrågan %s`
 pulls.reopened_at = `återöppnade denna ändringsförfrågan %s`
 pulls.commit_ref_at = `refererade denna ändringsförfrågan från en incheckning %s`
 pulls.cmd_instruction_hint = Visa kommandoradsinstruktioner
-pulls.cmd_instruction_checkout_title = Checkout
+pulls.cmd_instruction_checkout_title = Checka ut
 pulls.cmd_instruction_checkout_desc = Från din projektkatalog, checka ut en ny gren och testa ändringarna.
 pulls.cmd_instruction_merge_title = Sammanfoga
 pulls.cmd_instruction_merge_desc = Sammanfoga ändringarna och uppdatera på Forgejo.
@@ -3500,7 +3500,7 @@ mark_as_unread=Markera som oläst
 mark_all_as_read=Markera alla som lästa
 subscriptions = Prenumerationer
 no_subscriptions = Inga prenumerationer
-watching = Watching
+watching = Bevakar
 
 [gpg]
 default_key=Signerad med standard nyckeln
@@ -3668,7 +3668,7 @@ project_kind = Sök projekt…
 search = Sök…
 type_tooltip = Söktyp
 team_kind = Sök team…
-org_kind = Sök organisationer…
+org_kind = Sök org…
 issue_kind = Sök ärenden…
 regexp_tooltip = Tolka söktermen som ett reguljärt uttryck
 code_search_unavailable = Kodsökning är för närvarande inte tillgänglig. Vänligen kontakta webbplatsadministratören.
diff --git a/options/locale/locale_tok.ini b/options/locale/locale_tok.ini
index 8b13789179..416c88d21b 100644
--- a/options/locale/locale_tok.ini
+++ b/options/locale/locale_tok.ini
@@ -1 +1,9 @@
 
+
+
+[common]
+home = open
+dashboard = ijo sin
+explore = o alasa
+help = o pana e sona
+logo = sitelen pi ilo Posejo li lon poka sewi. jan li ken ala lukin e sitelen la, ona li lukin e toki "sitelen".
\ No newline at end of file
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 5b63af7cda..c7bcbb0489 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -7,7 +7,7 @@ sign_in=Увійти
 sign_in_or=або
 sign_out=Вийти
 sign_up=Реєстрація
-link_account=Прив'язати обліковий запис
+link_account=Прив’язати обліковий запис
 register=Реєстрація
 version=Версія
 powered_by=Працює на %s
@@ -122,11 +122,11 @@ concept_system_global = Для всіх
 concept_user_individual = Для особи
 confirm_delete_selected = Точно видалити все вибране?
 value = Значення
-webauthn_insert_key = Під'єднайте ключ безпеки
+webauthn_insert_key = Під’єднайте ключ безпеки
 download_logs = Завантажити журнали
-webauthn_sign_in = Натисніть кнопку на ключі безпеки. Якщо ключ безпеки не має кнопки, від'єднайте його й під'єднайте ще раз.
+webauthn_sign_in = Натисніть кнопку на ключі безпеки. Якщо ключ безпеки не має кнопки, від’єднайте його і під’єднайте ще раз.
 webauthn_unsupported_browser = Ваш браузер наразі не підтримує WebAuthn.
-webauthn_error_insecure = WebAuthn підтримує лише захищені з'єднання. Для тестування через HTTP можете використати origin-рядок «localhost» чи «127.0.0.1»
+webauthn_error_insecure = WebAuthn підтримує лише захищені з’єднання. Для тестування через HTTP можете використати origin-рядок «localhost» чи «127.0.0.1»
 webauthn_error_timeout = Ключ не встиг зчитатись протягом відведеного терміну. Будь ласка, перезавантажте сторінку й повторіть спробу.
 locked = Заблоковано
 filter.is_template = Шаблони
@@ -173,7 +173,7 @@ more = Більше
 contributions_one = внесок
 number_of_contributions_in_the_last_12_months = %s внесків за останні 12 місяців
 contributions_zero = Нема внесків
-contributions_format = {contributions} за {month} {day}, {year}
+contributions_format = {contributions} за {day} {month} {year}
 contributions_few = внески
 
 [editor]
@@ -300,7 +300,7 @@ openid_signup.description=Увімкнути самореєстрацію кор
 enable_captcha=Увімкнути CAPTCHA при реєстрації
 enable_captcha.description=Вимагати перевірку CAPTCHA для створення облікових записів.
 require_sign_in_view=Вимагати авторизації для перегляду вмісту екземпляра
-admin_setting.description=Створювати обліковий запис адміністратора необов'язково. Перший зареєстрований користувач автоматично стає адміністратором.
+admin_setting.description=Створювати обліковий запис адміністратора необов’язково. Перший зареєстрований користувач автоматично стає адміністратором.
 admin_title=Налаштування облікового запису адміністратора
 admin_name=Ім’я адміністратора
 admin_password=Пароль
@@ -312,7 +312,7 @@ sqlite3_not_available=Ця версія Forgejo не підтримує SQLite3.
 invalid_db_setting=Налаштування бази даних є некоректними: %v
 invalid_repo_path=Помилковий шлях до кореня репозиторію: %v
 invalid_app_data_path=Некоректний шлях до даних програми: %v
-run_user_not_match=Ім'я в «Користувач, від якого запустити» не є ім'ям поточного користувача: %s → %s
+run_user_not_match=Ім’я в «Користувач, від якого запустити» не є ім’ям поточного користувача: %s → %s
 internal_token_failed=Не вдалося згенерувати внутрішній токен: %v
 secret_key_failed=Не вдалося згенерувати секретний ключ: %v
 save_config_failed=Не вдалося зберегти конфігурацію: %v
@@ -325,7 +325,7 @@ default_allow_create_organization.description=Дозволити новим ко
 default_enable_timetracking=Увімкнути відстеження часу за замовчуванням
 default_enable_timetracking.description=Дозволити використання функції відстеження часу для нових репозиторіїв за замовчуванням.
 no_reply_address=Прихований поштовий домен
-no_reply_address_helper=Доменне ім'я для користувачів із прихованою електронною адресою. Наприклад, користувач «joe» буде входити в Git як «joe@noreply.example.org», якщо для прихованого домену електронної пошти встановлено «noreply.example.org».
+no_reply_address_helper=Доменне ім’я для користувачів із прихованою електронною адресою. Наприклад, користувач «joe» буде входити в Git як «joe@noreply.example.org», якщо для прихованого домену електронної пошти встановлено «noreply.example.org».
 password_algorithm=Алгоритм хешування пароля
 config_location_hint = Ці опції налаштувань будуть збережені в:
 env_config_keys = Конфігурація середовища
@@ -345,7 +345,7 @@ invalid_password_algorithm = Недійсний алгоритм хешуван
 enable_update_checker_helper_forgejo = Наявність нових версій Forgejo періодично перевірятиметься через перевірку запису TXT DNS на release.forgejo.org.
 
 [home]
-uname_holder=Ім'я користувача або ел. пошта
+uname_holder=Ім’я користувача або ел. пошта
 switch_dashboard_context=Перемкнути контекст панелі управління
 my_repos=Репозиторії
 my_orgs=Організації
@@ -380,7 +380,7 @@ go_to = Перейти до
 create_new_account=Реєстрація облікового запису
 disable_register_prompt=Вибачте, можливість реєстрації відключена. Будь ласка, зверніться до адміністрації сайту.
 disable_register_mail=Підтвердження реєстрації електронною поштою вимкнено.
-remember_me=Запам'ятати цей пристрій
+remember_me=Запам’ятати цей пристрій
 forgot_password_title=Забули пароль
 forgot_password=Забули пароль?
 confirmation_mail_sent_prompt=Новий лист підтвердження було надіслано <b>%s</b>. Щоб завершити реєстрацію, перевірте вхідні й перейдіть за наведеним посиланням (на це маєте %s). Якщо електронну адресу вказано неправильно, ви можете ввійти і створити запит для надсилання ще одного листа підтвердження на іншу адресу.
@@ -390,8 +390,8 @@ reset_password_mail_sent_prompt=Лист підтвердження було н
 active_your_account=Активація облікового запису
 account_activated=Обліковий запис активовано
 prohibit_login=Обліковий запис призупинено
-resent_limit_prompt=Вибачте, ви вже запросили активацію по електронній пошті нещодавно. Будь ласка, зачекайте 3 хвилини, а потім спробуйте ще раз.
-has_unconfirmed_mail=Привіт %s, у вас є непідтверджена електронна адреса (<b>%s </b>). Якщо ви не отримали електронний лист із підтвердженням або вам потрібно надіслати новий, натисніть на кнопку нижче.
+resent_limit_prompt=Нещодавно ви вже запросили активацію по електронній пошті. Будь ласка, зачекайте 3 хвилини, а потім спробуйте ще раз.
+has_unconfirmed_mail=Привіт, %s! У вас є непідтверджена електронна адреса (<b>%s </b>). Якщо ви не отримали електронний лист із підтвердженням або вам потрібно надіслати новий, натисніть на кнопку нижче.
 resend_mail=Натисніть тут, щоб вислати лист активації знову
 send_reset_mail=Надіслати листа для відновлення
 reset_password=Відновлення облікового запису
@@ -410,8 +410,8 @@ oauth_signup_tab=Зареєструвати обліковий запис
 oauth_signup_title=Завершити реєстрацію
 oauth_signup_submit=Завершити
 oauth_signin_tab=Посилання на існуючий обліковий запис
-oauth_signin_title=Увійдіть, щоб авторизувати пов'язаний обліковий запис
-oauth_signin_submit=Прив'язати обліковий запис
+oauth_signin_title=Увійдіть, щоб авторизувати пов’язаний обліковий запис
+oauth_signin_submit=Прив’язати обліковий запис
 openid_connect_submit=Під’єднатися
 openid_connect_title=Підключитися до існуючого облікового запису
 openid_connect_desc=Вибраний OpenID URI невідомий. Пов’яжіть його з новим обліковим записом тут.
@@ -454,7 +454,7 @@ password_pwned = Вибраний вами пароль є у <a target="_blank"
 [mail]
 view_it_on=Переглянути на %s
 link_not_working_do_paste=Посилання не працює? Спробуйте його скопіювати та вставити у свій браузер.
-hi_user_x=Привіт <b>%s</b>,
+hi_user_x=Привіт, <b>%s</b>,
 
 activate_account=Будь ласка, активуйте ваш обліковий запис
 activate_account.text_1=Привіт, <b>%[1]s</b>, дякуємо за реєстрацію на %[2]s!
@@ -465,7 +465,7 @@ activate_email.text=Перейдіть за цим посиланням, щоб
 
 register_notify=Вітаємо у %s
 register_notify.text_1=це ваш лист для підтвердження реєстрації в %s!
-register_notify.text_2=Ви можете ввійти до свого облікового запису, використовуючи ім'я: %s
+register_notify.text_2=Ви можете ввійти до свого облікового запису, використовуючи ім’я: %s
 register_notify.text_3=Якщо цей обліковий запис було створено не вами, будь ласка, спочатку <a href="%s">встановіть свій пароль</a>.
 
 reset_password=Відновлення вашого облікового запису
@@ -473,26 +473,26 @@ reset_password.text=Перейдіть за посиланням (маєте <b>
 
 register_success=Реєстрація успішна
 
-issue_assigned.pull=@%[1]s призначив вам запит на злиття %[2]s в репозиторії %[3]s.
-issue_assigned.issue=@%[1]s призначив вам задачу %[2]s у репозиторії %[3]s.
+issue_assigned.pull=@%[1]s призначає вам запит на злиття %[2]s в репозиторії %[3]s.
+issue_assigned.issue=@%[1]s призначає вам задачу %[2]s у репозиторії %[3]s.
 
-issue.x_mentioned_you=<b>@%s</b> згадав вас:
+issue.x_mentioned_you=<b>@%s</b> згадує вас:
 issue.action.force_push=<b>%[1]s</b> примусово надсилає <b>%[2]s</b> з %[3]s до %[4]s.
 issue.action.push_1=<b>@%[1]s</b> надсилає %[3]d коміт до %[2]s
 issue.action.push_n=<b>@%[1]s</b> надсилає %[3]d комітів до %[2]s
-issue.action.close=<b>@%[1]s</b> закрито #%[2]d.
-issue.action.reopen=<b>@%[1]s</b> заново відкрив #%[2]d.
-issue.action.merge=<b>@%[1]s</b> об'єднав #%[2]d до %[3]s.
+issue.action.close=<b>@%[1]s</b> закриває #%[2]d.
+issue.action.reopen=<b>@%[1]s</b> повторно відкриває #%[2]d.
+issue.action.merge=<b>@%[1]s</b> об’єднує #%[2]d до %[3]s.
 issue.action.approve=<b>@%[1]s</b> схвалює цей запит на злиття.
-issue.action.reject=<b>@%[1]s</b> запитують зміни на цей запит на злиття.
-issue.action.review=<b>@%[1]s</b> прокоментували цей запит на злиття.
-issue.action.review_dismissed=<b>@%[1]s</b> відхилено останній відгук від %[2]s для цього запиту на злиття.
-issue.action.ready_for_review=<b>@%[1]s</b> позначили цей запит на злиття як готовий до розгляду.
-issue.action.new=<b>@%[1]s</b> створили #%[2]d.
+issue.action.reject=<b>@%[1]s</b> запитує зміни у цьому запиті на злиття.
+issue.action.review=<b>@%[1]s</b> коментує цей запит на злиття.
+issue.action.review_dismissed=<b>@%[1]s</b> відхиляє останній відгук від %[2]s для цього запиту на злиття.
+issue.action.ready_for_review=<b>@%[1]s</b> позначає цей запит на злиття як готовий до розгляду.
+issue.action.new=<b>@%[1]s</b> створює #%[2]d.
 issue.in_tree_path=В %s:
 
 release.new.subject=%s в %s випущено
-release.new.text=<b>@%[1]s</b> випустив %[2]s в %[3]s
+release.new.text=<b>@%[1]s</b> публікує випуск %[2]s в %[3]s
 release.title=Назва: %s
 release.note=Примітка:
 release.downloads=Завантаження:
@@ -504,7 +504,7 @@ repo.transfer.subject_to_you=%s бажає передати вам репози
 repo.transfer.to_you=вам
 repo.transfer.body=Щоб прийняти або відхилити передачу, перейдіть за посиланням %s або просто ігноруйте.
 
-repo.collaborator.added.subject=%s додав вас до %s в якості співавтора
+repo.collaborator.added.subject=%s додає вас до %s в якості співавтора
 repo.collaborator.added.text=Вас додано в якості співавтора репозиторію:
 primary_mail_change.subject = Ваша основна пошта була змінена
 totp_disabled.subject = TOTP було вимкнено
@@ -571,8 +571,8 @@ captcha_incorrect=Код CAPTCHA неправильний.
 password_not_match=Паролі не збігаються.
 lang_select_error=Оберіть мову з переліку.
 
-username_been_taken=Ім'я користувача вже зайнято.
-username_change_not_local_user=Нелокальні користувачі не можуть змінити своє ім'я користувача.
+username_been_taken=Ім’я користувача вже зайнято.
+username_change_not_local_user=Нелокальні користувачі не можуть змінити своє ім’я користувача.
 repo_name_been_taken=Назва репозиторію вже використовується.
 repository_files_already_exist=Файли вже існують для цього репозиторію. Зверніться до системного адміністратора.
 repository_files_already_exist.adopt=Файли вже існують для цього репозиторію і можуть бути лише прийняті.
@@ -593,7 +593,7 @@ password_digit_one=Принаймні одна цифра
 password_special_one=Принаймні один спеціальний символ (пунктуація, дужки, лапки тощо)
 enterred_invalid_repo_name=Уведена вами назва репозиторію є неправильною.
 enterred_invalid_org_name=Уведена вами назва організації є неправильною.
-enterred_invalid_owner_name=Ім'я нового власника не є дійсним.
+enterred_invalid_owner_name=Ім’я нового власника не є дійсним.
 enterred_invalid_password=Уведений вами пароль некоректний.
 user_not_exist=Даний користувач не існує.
 team_not_exist=Команда не існує.
@@ -614,7 +614,7 @@ username_error = ` може містити тільки літерно-цифр
 Description = Опис
 Pronouns = Займенники
 Biography = Про себе
-FullName = Повне ім'я
+FullName = Повне ім’я
 Website = Вебсайт
 url_error = `«%s» є недійсним посиланням.`
 To = Назва гілки
@@ -632,7 +632,7 @@ invalid_group_team_map_error = ` зіставлення недійсне: %s`
 unsupported_login_type = Цей тип входу не підтримує видалення облікового запису.
 admin_cannot_delete_self = Ви не можете видалити себе, якщо ви є адміністратором. Спочатку зніміть із себе права адміністратора.
 unset_password = Для користувача не встановлено пароль.
-username_claiming_cooldown = Це ім'я користувача не можна присвоїти, оскільки його період захисту ще не закінчився. Ім'я можна буде присвоїти %[1]s.
+username_claiming_cooldown = Це ім’я користувача не можна присвоїти, оскільки його період захисту ще не закінчився. Ім’я можна буде присвоїти %[1]s.
 email_domain_is_not_allowed = Домен адреси електронної пошти <b>%s</b> конфліктує з EMAIL_DOMAIN_ALLOWLIST або EMAIL_DOMAIN_BLOCKLIST. Перевірте, чи ви правильно вказали адресу електронної пошти.
 still_own_repo = Вашому обліковому запису належать один чи більше репозиторіїв. Спершу видаліть або передайте їх.
 org_still_own_repo = Цій організації досі належать один чи більше репозиторіїв. Спершу видаліть або передайте їх.
@@ -672,7 +672,7 @@ followers.title.one = Cтежить
 followers.title.few = Cтежать
 following.title.one = Відстежуваний
 following.title.few = Відстежувані
-form.name_reserved = Ім'я користувача «%s» зарезервовано.
+form.name_reserved = Ім’я користувача «%s» зарезервовано.
 form.name_chars_not_allowed = Ім’я користувача «%s» містить неприпустимі символи.
 public_activity.visibility_hint.self_private = Вашу діяльність бачитимете лише ви й адміністрація сервера. <a href="%s">Налаштувати</a>.
 public_activity.visibility_hint.admin_private = Цю дію видно адміністрації, зокрема вам, але користувач_ка бажає залишити її приватною.
@@ -698,8 +698,8 @@ twofa=Двофакторна автентифікація (TOTP)
 organization=Організації
 
 public_profile=Загальнодоступний профіль
-password_username_disabled=Нелокальним користувачам заборонено змінювати ім'я користувача. Щоб отримати докладнішу інформацію, зверніться до адміністраторів сайту.
-full_name=Повне ім'я
+password_username_disabled=Нелокальним користувачам заборонено змінювати ім’я користувача. Щоб отримати докладнішу інформацію, зверніться до адміністраторів сайту.
+full_name=Повне ім’я
 website=Вебсайт
 location=Місцезнаходження
 update_theme=Змінити тему
@@ -747,7 +747,7 @@ activate_email=Надіслати лист активації
 activations_pending=Активації в очікуванні
 delete_email=Видалити
 email_deletion=Видалити адресу електронної пошти
-email_deletion_desc=Цю електронну адресу та пов'язану з нею інформацію буде видалено з вашого облікового запису. Коміти Git, здійснені через цю електронну адресу, залишаться без змін. Продовжити?
+email_deletion_desc=Цю електронну адресу та пов’язану з нею інформацію буде видалено з вашого облікового запису. Коміти Git, здійснені через цю електронну адресу, залишаться без змін. Продовжити?
 email_deletion_success=Адресу електронної пошти видалено.
 theme_update_success=Тему оновлено.
 theme_update_error=Вибрана тема не існує.
@@ -770,7 +770,7 @@ manage_gpg_keys=Керування ключами GPG
 add_key=Додати ключ
 ssh_desc=Ці відкриті ключі SSH пов’язані з вашим обліковим записом. Відповідні приватні ключі дозволяють отримати повний доступ до ваших репозиторіїв. Підтверджені ключі можна використати для підтвердження комітів Git, підписаних із SSH.
 principal_desc=Ці принципали SSH-сертифікатів пов’язані з вашим обліковим записом і надають повний доступ до ваших репозиторіїв.
-gpg_desc=Ці відкриті ключі GPG пов'язані з вашим обліковим записом і використовуються для підтвердження комітів. Тримайте свої приватні ключі в безпеці, оскільки вони дозволяють підписувати коміти вашим особистим підписом.
+gpg_desc=Ці відкриті ключі GPG пов’язані з вашим обліковим записом і використовуються для підтвердження комітів. Тримайте свої приватні ключі в безпеці, оскільки вони дозволяють підписувати коміти вашим особистим підписом.
 ssh_helper=<strong>Потрібна допомога?</strong> Перегляньте посібник із <a href="%s">генерації ключів SSH</a> або виправлення <a href="%s">типових неполадок SSH</a>.
 gpg_helper=<strong>Потрібна допомога?</strong> Перегляньте посібник <a href="%s">про GPG</a>.
 key_content_ssh_placeholder=Починається з «ssh-ed25519», «ssh-rsa», «ecdsa-sha2-nistp256», «ecdsa-sha2-nistp384», «ecdsa-sha2-nistp521», «sk-ecdsa-sha2-nistp256@openssh.com» або «sk-ssh-ed25519@openssh.com»
@@ -780,7 +780,7 @@ ssh_key_been_used=Цей ключ SSH уже доданий на сервер.
 ssh_key_name_used=Ключ SSH із такою назвою вже існує у вашому обліковому записі.
 ssh_principal_been_used=Цей принципал уже доданий на сервер.
 gpg_key_id_used=Відкритий ключ GPG з таким ідентифікатором уже існує.
-gpg_no_key_email_found=Цей ключ GPG не відповідає жодній активованій поштовій адресі, яка пов'язана з вашим обліковим записом. Його все рівно можна додати, якщо ви підпишете наданий токен.
+gpg_no_key_email_found=Цей ключ GPG не відповідає жодній активованій поштовій адресі, яка пов’язана з вашим обліковим записом. Його все одно можна додати, якщо ви підпишете наданий токен.
 gpg_key_matched_identities=Відповідні отримувачі:
 gpg_key_matched_identities_long=Вбудовані ідентифікатори цього ключа збігаються з такими активованими адресами електронної пошти користувач_ки. Коміти, які відповідають цим адресам, можуть бути підтверджені цим ключем.
 gpg_key_verified=Перевірений ключ
@@ -876,15 +876,15 @@ twofa_enrolled=Для вашого облікового запису було в
 twofa_failed_get_secret=Не вдалося отримати секрет.
 
 
-manage_account_links=Пов'язані облікові записи
+manage_account_links=Пов’язані облікові записи
 manage_account_links_desc=Ці зовнішні облікові записи пов’язані з вашим обліковим записом Forgejo.
-link_account=Прив'язати обліковий запис
-remove_account_link=Видалити пов'язаний обліковий запис
-remove_account_link_desc=Видалення пов'язаного облікового запису скасує його доступ до вашого облікового запису Forgejo. Продовжити?
+link_account=Прив’язати обліковий запис
+remove_account_link=Видалити пов’язаний обліковий запис
+remove_account_link_desc=Видалення пов’язаного облікового запису скасує його доступ до вашого облікового запису Forgejo. Продовжити?
 remove_account_link_success=Пов’язаний обліковий запис видалено.
 
 
-orgs_none=Ви не є учасником будь-якої організації.
+orgs_none=Ви не є учасником жодної організації.
 
 delete_account=Видалити свій обліковий запис
 delete_prompt=Ваш обліковий запис буде остаточно видалено. Цю дію <strong>НЕМОЖЛИВО</strong> скасувати.
@@ -946,7 +946,7 @@ permissions_public_only = Тільки публічні
 select_permissions = Виберіть дозволи
 permissions_access_all = Усі (публічні, приватні й обмежені)
 create_oauth2_application_success = Ви успішно створили нову програму OAuth2.
-keep_email_private_popup = Адреса електронної пошти не буде відображатися у вашому профілі і не буде використовуватися за замовчуванням для комітів, зроблених через веб-інтерфейс, таких як завантаження файлів, редагування і об'єднання комітів. Натомість ви можете використовувати спеціальну адресу %s для прив'язки комітів до свого облікового запису. Ця опція не вплине на існуючі коміти.
+keep_email_private_popup = Адреса електронної пошти не буде відображатися у вашому профілі і не буде використовуватися за замовчуванням для комітів, зроблених через веб-інтерфейс, таких як завантаження файлів, редагування і об’єднання комітів. Натомість ви можете використовувати спеціальну адресу %s для прив’язки комітів до свого облікового запису. Ця опція не вплине на існуючі коміти.
 blocked_since = Заблокований з %s
 can_not_add_email_activations_pending = Очікується активація, спробуйте ще раз за кілька хвилин, якщо хочете додати нову адресу електронної пошти.
 ssh_signonly = SSH наразі вимкнено, тому ці ключі використовуються лише для перевірки підпису комітів.
@@ -966,9 +966,9 @@ added_on = Додано %s
 key_signature_ssh_placeholder = Починається з «-----BEGIN SSH SIGNATURE-----»
 user_block_yourself = Ви не можете заблокувати себе.
 repo_and_org_access = Доступ до репозиторію та організації
-change_username_redirect_prompt.with_cooldown.few = Старе ім'я користувача буде доступне всім після періоду захисту, який триватиме %[1]d днів. Протягом періоду захисту ви ще можете повернути собі старе ім'я.
-change_username_redirect_prompt.with_cooldown.one = Старе ім'я користувача буде доступне всім після періоду захисту, який триватиме %[1]d день. Протягом періоду захисту ви ще можете повернути собі старе ім'я.
-change_username_redirect_prompt = Старе ім'я користувача буде переспрямуванням, поки хтось не присвоїть ім'я собі.
+change_username_redirect_prompt.with_cooldown.few = Старе ім’я користувача буде доступне всім після періоду захисту, який триватиме %[1]d днів. Протягом періоду захисту ви ще можете повернути собі старе ім’я.
+change_username_redirect_prompt.with_cooldown.one = Старе ім’я користувача буде доступне всім після періоду захисту, який триватиме %[1]d день. Протягом періоду захисту ви ще можете повернути собі старе ім’я.
+change_username_redirect_prompt = Старе ім’я користувача буде переспрямуванням, поки хтось не присвоїть ім’я собі.
 comment_type_group_lock = Стан блокування
 webauthn_alternative_tip = Можливо, ви бажаєте налаштувати додатковий спосіб входу.
 user_unblock_success = Користувач_ку успішно розблоковано.
@@ -983,7 +983,7 @@ oauth2_confidential_client = Конфіденційний клієнт. Обер
 keep_pronouns_private = Показувати займенники лише авторизованим користувачам
 keep_pronouns_private.description = Ваші займенники не буде показано відвідувачам, які не ввійшли в систему.
 hidden_comment_types.ref_tooltip = Коментарі, в яких на цю задачу послалися з іншої задачі, коміту тощо
-hidden_comment_types.issue_ref_tooltip = Коментарі, в яких користувач_ка змінює гілку чи тег, пов'язані з задачею
+hidden_comment_types.issue_ref_tooltip = Коментарі, в яких користувач_ка змінює гілку чи тег, пов’язані з задачею
 comment_type_group_review_request = Запит на відгук
 access_token_desc = При обраних для токена дозволах будуть авторизовані лише відповідні <a href="%[1]s" target="_blank">API</a>-роути. Докладніше в <a href="%[2]s" target="_blank">документації</a>.
 update_oauth2_application_success = Програму OAuth2 успішно оновлено.
@@ -998,7 +998,7 @@ comment_type_group_reference = Посилання
 ssh_key_verified_long = Ключ перевірений за допомогою токена й може підтверджувати коміти з будь-яких активованих адрес електронної пошти користувач_ки.
 access_token_deletion_desc = Видалення токена скасує доступ програм, які використовують цей токен, до вашого облікового запису. Це незворотна дія. Продовжити?
 oauth2_application_locked = Forgejo попередньо реєструє деякі програми OAuth2 при запуску, якщо це увімкнено в конфігурації. Щоб запобігти неочікуваній поведінці, їх не можна редагувати чи видаляти. Докладніше — в документації OAuth2.
-quota.rule.exceeded.helper = Загальний розмір об'єктів за цим правилом перевищує квоту.
+quota.rule.exceeded.helper = Загальний розмір об’єктів за цим правилом перевищує квоту.
 quota = Квота
 quota.sizes.repos.private = Приватні репозиторії
 quota.sizes.repos.public = Публічні репозиторії
@@ -1069,7 +1069,7 @@ mirror_prune=Очистити
 mirror_prune_desc=Видалення застарілих посилань, які ви відстежуєте
 mirror_interval_invalid=Інтервал дзеркалювання є неприпустимим.
 mirror_address=Клонування з URL-адреси
-mirror_address_desc=Помістіть будь-які необхідні облікові дані у розділі Авторизація.
+mirror_address_desc=Помістіть необхідні облікові дані у розділі «Авторизація».
 mirror_lfs=Сховище великих файлів (LFS)
 mirror_lfs_desc=Активувати дзеркальне відображення даних LFS.
 mirror_lfs_endpoint=Кінцева точка LFS
@@ -1077,7 +1077,7 @@ mirror_lfs_endpoint_desc=Під час синхронізації буде ви
 mirror_last_synced=Остання синхронізація
 mirror_password_placeholder=(без змін)
 mirror_password_blank_placeholder=(відключено)
-mirror_password_help=Змініть ім'я користувача, щоб видалити збережений пароль.
+mirror_password_help=Змініть ім’я користувача, щоб видалити збережений пароль.
 watchers=Спостерігачі
 stargazers=Зацікавлені
 forks=Форки
@@ -1285,14 +1285,14 @@ commitstatus.pending=Очікування
 ext_issues=Зовнішні задачі
 projects=Проєкти
 projects.desc=Керуйте задачами та запитами злиття на дошках проєкту.
-projects.description=Опис (необов'язково)
+projects.description=Опис (необов’язково)
 projects.description_placeholder=Опис
 projects.create=Створити проєкт
 projects.title=Назва
 projects.new=Новий проєкт
 projects.new_subheader=Координуйте, відстежуйте та оновлюйте інформацію про виконувану роботу в одному місці, аби проєкти залишалися прозорими та за розкладом.
 projects.deletion=Видалити проєкт
-projects.deletion_desc=Видалення проєкту видаляє його з усіх пов'язаних задач. Продовжити?
+projects.deletion_desc=Видалення проєкту видаляє його з усіх пов’язаних задач. Продовжити?
 projects.deletion_success=Проєкт видалено.
 projects.edit=Редагувати проєкт
 projects.edit_subheader=Проєкти організовують задачі та відстежують прогрес.
@@ -1348,28 +1348,28 @@ issues.label_templates.title=Завантажити визначений наб
 issues.label_templates.info=Ще немає міток. Натисніть «Нова мітка» або використовуйте попередньо визначений набір міток:
 issues.label_templates.helper=Оберіть набір міток
 issues.label_templates.use=Використовувати набір міток
-issues.add_label=додано %s з міткою %s
-issues.add_labels=додано %s з мітками %s
-issues.remove_label=видалено %s з міткою %s
-issues.remove_labels=видалено %s з мітками %s
-issues.add_remove_labels=додано %s і видалено %s мітками %s
+issues.add_label=додає %s з міткою %s
+issues.add_labels=додає %s з мітками %s
+issues.remove_label=видаляє %s з міткою %s
+issues.remove_labels=видаляє %s з мітками %s
+issues.add_remove_labels=додає %s і видаляє %s міток %s
 issues.add_milestone_at=`додає до етапу <b>%s</b> %s`
 issues.add_project_at=`додає до проєкту <b>%s</b> %s`
-issues.change_milestone_at=`змінено етап з <b>%s</b> на <b>%s</b> %s`
+issues.change_milestone_at=`змінює етап з <b>%s</b> на <b>%s</b> %s`
 issues.change_project_at=`змінює проєкт із <b>%s</b> на <b>%s</b> %s`
-issues.remove_milestone_at=`видалено з етапу<b>%s</b> %s`
+issues.remove_milestone_at=`видаляє з етапу<b>%s</b> %s`
 issues.remove_project_at=`видаляє з проєкту <b>%s</b> %s`
 issues.deleted_milestone=`(видалено)`
 issues.deleted_project=`(видалено)`
-issues.self_assign_at=`самостійно призначений %s`
+issues.self_assign_at=`призначає собі %s`
 issues.add_assignee_at=`був призначений <b>%s</b> %s`
 issues.remove_assignee_at=`був знятий з призначення <b>%s</b> %s`
-issues.remove_self_assignment=`видалено призначення %s`
-issues.change_title_at=`змінився заголовок з <b><strike>%s</strike></b> на <b>%s</b> %s`
-issues.change_ref_at=`змінив посилання з <b><strike>%s</strike></b> на <b>%s</b> %s`
-issues.remove_ref_at=`видалив посилання <b>%s</b> %s`
-issues.add_ref_at=`додав посилання <b>%s</b> %s`
-issues.delete_branch_at=`видалена гілка <b>%s</b> %s`
+issues.remove_self_assignment=`знімає з себе призначення %s`
+issues.change_title_at=`змінює заголовок з <b><strike>%s</strike></b> на <b>%s</b> %s`
+issues.change_ref_at=`змінює посилання з <b><strike>%s</strike></b> на <b>%s</b> %s`
+issues.remove_ref_at=`видаляє посилання <b>%s</b> %s`
+issues.add_ref_at=`додає посилання <b>%s</b> %s`
+issues.delete_branch_at=`видаляє гілку <b>%s</b> %s`
 issues.filter_label=Мітка
 issues.filter_label_exclude=Використовуйте <kbd>Alt</kbd> + <kbd>клік</kbd> для виключення міток
 issues.filter_label_no_select=Усі мітки
@@ -1507,7 +1507,7 @@ issues.time_spent_from_all_authors=`Загальний витрачений ча
 issues.due_date=Термін виконання
 issues.push_commit_1=додає %d коміт %s
 issues.push_commits_n=додає %d коміти(-ів) %s
-issues.force_push_codes=`примусово залито %[1]s з <a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s до <a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s %[6]s`
+issues.force_push_codes=`примусово надсилає %[1]s з <a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s до <a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s %[6]s`
 issues.force_push_compare=Порівняти
 issues.due_date_form=рррр-мм-дд
 issues.due_date_form_edit=Редагувати
@@ -1522,8 +1522,8 @@ issues.dependency.add=Додати залежність…
 issues.dependency.cancel=Скасувати
 issues.dependency.remove=Видалити
 issues.dependency.remove_info=Видалити цю залежність
-issues.dependency.added_dependency=`додав нову залежність %s`
-issues.dependency.removed_dependency=`видалив залежність %s`
+issues.dependency.added_dependency=`додає нову залежність %s`
+issues.dependency.removed_dependency=`видаляє залежність %s`
 issues.dependency.pr_closing_blockedby=Закриття цього запиту на злиття заблоковано такими задачами
 issues.dependency.issue_closing_blockedby=Закриття цієї задачі заблоковано такими задачами
 issues.dependency.issue_close_blocks=Ця задача блокує закриття залежних задач
@@ -1548,7 +1548,7 @@ issues.review.approve=схвалює зміни %s
 issues.review.comment=надає відгук %s
 issues.review.dismissed=відхиляє відгук %s %s
 issues.review.dismissed_label=Відхилено
-issues.review.left_comment=додав коментар
+issues.review.left_comment=додає коментар
 issues.review.content.empty=Запрошуючи зміни, ви зобов’язані залишити коментар з описом бажаних змін.
 issues.review.reject=запитує зміни %s
 issues.review.wait=попросив рецензію %s
@@ -1564,7 +1564,7 @@ issues.review.show_resolved=Показати вирішене
 issues.review.hide_resolved=Приховати вирішене
 issues.review.resolve_conversation=Завершити обговорення
 issues.review.un_resolve_conversation=Поновити обговорення
-issues.review.resolved_by=позначив обговорення завершеним
+issues.review.resolved_by=позначає обговорення завершеним
 issues.reference_issue.body=Тіло
 issues.content_history.deleted=видалено
 issues.content_history.edited=відредаговано
@@ -1588,9 +1588,9 @@ pulls.filter_branch=Фільтр по гілці
 pulls.no_results=Результатів не знайдено.
 pulls.nothing_to_compare=Ці гілки однакові. Немає необхідності створювати запит на злиття.
 pulls.nothing_to_compare_and_allow_empty_pr=Гілки однакові. Цей запит на злиття буде порожнім.
-pulls.has_pull_request=`Запит злиття для цих гілок вже існує: <a href="%[1]s">%[2]s#%[3]d</a>`
+pulls.has_pull_request=`Запит на злиття для цих гілок уже існує: <a href="%[1]s">%[2]s#%[3]d</a>`
 pulls.create=Створити запит на злиття
-pulls.change_target_branch_at=`змінена цільова гілка з <b>%s</b> на <b>%s</b> %s`
+pulls.change_target_branch_at=`змінює цільову гілку з <b>%s</b> на <b>%s</b> %s`
 pulls.tab_conversation=Обговорення
 pulls.tab_commits=Коміти
 pulls.tab_files=Змінені файли
@@ -1601,7 +1601,7 @@ pulls.manually_merged=Ручне злиття
 pulls.is_closed=Запит на злиття закрито.
 pulls.title_wip_desc=`<a href="#">Почніть заголовок з <strong>%s</strong></a>, щоб запобігти випадковому злиттю запитів.`
 pulls.cannot_merge_work_in_progress=Цей запит на злиття позначений як прийнятий в опрацювання.
-pulls.still_in_progress=Все ще в процесі?
+pulls.still_in_progress=Усе ще в процесі?
 pulls.add_prefix=Додати префікс <strong>%s</strong>
 pulls.remove_prefix=Видалити префікс <strong>%s</strong>
 pulls.data_broken=Цей запит на злиття пошкоджений внаслідок видалення інформації про форк.
@@ -1609,8 +1609,8 @@ pulls.files_conflicted=Цей запит має зміни, що конфлік
 pulls.is_checking=Триває перевірка конфліктів. Оновіть сторінку дещо пізніше.
 pulls.required_status_check_failed=Деякі необхідні перевірки виконані з помилками.
 pulls.required_status_check_missing=Декілька з необхідних перевірок відсутні.
-pulls.required_status_check_administrator=Як адміністратор ви все одно можете об'єднати цей запит на злиття.
-pulls.can_auto_merge_desc=Цей запит можна об'єднати автоматично.
+pulls.required_status_check_administrator=Як адміністратор ви все одно можете об’єднати цей запит на злиття.
+pulls.can_auto_merge_desc=Цей запит можна об’єднати автоматично.
 pulls.cannot_auto_merge_desc=Цей запит на злиття не може бути злитий автоматично через конфлікти.
 pulls.cannot_auto_merge_helper=Злийте вручну для вирішення конфліктів.
 pulls.num_conflicting_files_1=%d конфліктний файл
@@ -1637,20 +1637,20 @@ pulls.merge_commit_id=ID коміту злиття
 pulls.require_signed_wont_sign=Гілка вимагає підписаних комітів, але це злиття не буде підписано
 
 pulls.invalid_merge_option=Цей параметр об’єднання не можна використовувати для цього запиту на злиття.
-pulls.merge_conflict=Не вдалося об'єднати: при об'єднанні виник конфлікт. Підказка: спробуйте іншу стратегію
+pulls.merge_conflict=Не вдалося об’єднати: при об’єднанні виник конфлікт. Підказка: спробуйте іншу стратегію
 pulls.merge_conflict_summary=Повідомлення про помилку
-pulls.rebase_conflict=Не вдалося об'єднати: виник конфлікт під час перебазування коміту: %[1]s. Підказка: спробуйте іншу стратегію
+pulls.rebase_conflict=Не вдалося об’єднати: виник конфлікт під час перебазування коміту: %[1]s. Підказка: спробуйте іншу стратегію
 pulls.rebase_conflict_summary=Повідомлення про помилку
-pulls.unrelated_histories=Не вдалося об'єднати: head та base злиття не мають спільної історії. Підказка: спробуйте іншу стратегію
-pulls.merge_out_of_date=Не вдалося об'єднати: base було оновлено, поки відбувалося об'єднання. Підказка: спробуйте знову.
+pulls.unrelated_histories=Не вдалося об’єднати: head та base злиття не мають спільної історії. Підказка: спробуйте іншу стратегію
+pulls.merge_out_of_date=Не вдалося об’єднати: base було оновлено, поки відбувалося об’єднання. Підказка: спробуйте знову.
 pulls.push_rejected_summary=Повне повідомлення про відхилення
 pulls.open_unmerged_pull_exists=`Ви не можете знову відкрити, оскільки вже існує запит на злиття (#%d) з такою ж інформацією про злиття і в очікуванні.`
 pulls.status_checking=Деякі перевірки ще не завершено
-pulls.status_checks_success=Всі перевірки були успішними
+pulls.status_checks_success=Усі перевірки завершено успішно
 pulls.status_checks_warning=Декілька перевірок завершилися з попередженнями
 pulls.status_checks_failure=Декілька перевірок не були успішними
 pulls.status_checks_error=Декілька перевірок завершилися з помилками
-pulls.status_checks_requested=Обов'язково
+pulls.status_checks_requested=Обов’язково
 pulls.status_checks_details=Подробиці
 pulls.update_branch=Оновити гілку шляхом злиття
 pulls.update_branch_rebase=Оновити гілку перебазуванням
@@ -1675,7 +1675,7 @@ milestones.completeness=<strong>%d%%</strong> завершено
 milestones.create=Створити етап
 milestones.title=Заголовок
 milestones.desc=Опис
-milestones.due_date=Термін виконання (необов'язково)
+milestones.due_date=Термін виконання (необов’язково)
 milestones.clear=Очистити
 milestones.invalid_due_date_format=Термін виконання має бути у форматі «рррр-мм-дд».
 milestones.edit=Редагувати етап
@@ -1683,7 +1683,7 @@ milestones.edit_subheader=Створюйте етапи для організа
 milestones.cancel=Скасувати
 milestones.modify=Оновити етап
 milestones.deletion=Видалити етап
-milestones.deletion_desc=Видалення етапу призведе до його видалення з усіх пов'язаних задач. Продовжити?
+milestones.deletion_desc=Видалення етапу призведе до його видалення з усіх пов’язаних задач. Продовжити?
 milestones.deletion_success=Етап успішно видалено.
 milestones.filter_sort.least_complete=Менш повне
 milestones.filter_sort.most_complete=Більш повне
@@ -1699,9 +1699,9 @@ wiki.create_first_page=Створити першу сторінку
 wiki.page=Сторінка
 wiki.filter_page=Фільтр сторінок
 wiki.new_page=Сторінка
-wiki.default_commit_message=Напишіть примітку про оновлення цієї сторінки (необов'язково).
+wiki.default_commit_message=Напишіть примітку про оновлення цієї сторінки (необов’язково).
 wiki.save_page=Зберегти сторінку
-wiki.last_commit_info=%s редагував цю сторінку %s
+wiki.last_commit_info=%s редагує цю сторінку %s
 wiki.edit_page_button=Редагувати
 wiki.new_page_button=Нова сторінка
 wiki.file_revision=Версія сторінки
@@ -2036,11 +2036,11 @@ settings.block_on_official_review_requests_desc=Об’єднання буде 
 settings.block_outdated_branch=Блокувати злиття, якщо запит на злиття застарів
 settings.block_outdated_branch_desc=Злиття буде неможливим, коли головна гілка позаду основної.
 settings.default_branch_desc=Виберіть гілку репозиторію за замовчуванням для комітів та запитів на злиття:
-settings.default_merge_style_desc=Стиль об'єднання за замовчуванням
+settings.default_merge_style_desc=Стиль об’єднання за замовчуванням
 settings.choose_branch=Оберіть гілку…
 settings.no_protected_branch=Немає захищених гілок.
 settings.edit_protected_branch=Редагувати
-settings.protected_branch_required_approvals_min=Число необхідних схвалень не може бути від'ємним.
+settings.protected_branch_required_approvals_min=Число необхідних схвалень не може бути від’ємним.
 settings.tags=Теги
 settings.tags.protection=Захист тегів
 settings.tags.protection.pattern=Шаблон тегів
@@ -2070,7 +2070,7 @@ settings.lfs_findcommits=Знайти коміти
 settings.lfs_lfs_file_no_commits=Не знайдено комітів для цього файлу LFS
 settings.lfs_noattribute=Цей шлях не має атрибута блокування в типовій гілці
 settings.lfs_delete=Видалити файл LFS з OID %s
-settings.lfs_delete_warning=Видалення файлу LFS може спричинити помилки «Об'єкт не існує» під час перевірки. Ви впевнені?
+settings.lfs_delete_warning=Видалення файлу LFS може спричинити помилки «Об’єкт не існує» під час перевірки. Ви впевнені?
 settings.lfs_findpointerfiles=Знайти файли-вказівники
 settings.lfs_locks=Блокування
 settings.lfs_invalid_locking_path=Неприпустимий шлях: %s
@@ -2102,7 +2102,7 @@ diff.options_button=Параметри порівняння
 diff.download_patch=Завантажити латку як файл .patch
 diff.download_diff=Завантажити різницю як файл .diff
 diff.show_split_view=Розділений перегляд
-diff.show_unified_view=Об'єднаний перегляд
+diff.show_unified_view=Об’єднаний перегляд
 diff.whitespace_button=Пробіли
 diff.whitespace_show_everything=Показати всі зміни
 diff.whitespace_ignore_all_whitespace=Ігнорувати пробіли, порівнюючи рядки
@@ -2261,7 +2261,7 @@ issues.filter_label_select_no_label = Без мітки
 settings.web_hook_name_msteams = Microsoft Teams
 issues.all_title = Усі
 settings.web_hook_name_packagist = Packagist
-settings.packagist_username = Ім'я користувача Packagist
+settings.packagist_username = Ім’я користувача Packagist
 settings.web_hook_name_matrix = Matrix
 issues.dependency.issue_no_dependencies = Залежностей не встановлено.
 issues.dependency.pr_no_dependencies = Залежностей не встановлено.
@@ -2284,31 +2284,31 @@ issues.role.collaborator_helper = Цього користувача запрош
 settings.add_collaborator_owner = Неможливо додати власника в якості співавтора.
 settings.protect_status_check_patterns = Шаблони перевірки стану
 issues.role.collaborator = Співавтор
-pulls.auto_merge_cancel_schedule = Скасувати автоматичне об'єднання
-issues.comment_pull_merged_at = об'єднав коміт %[1]s в %[2]s %[3]s
-settings.merge_style_desc = Стилі об'єднання
-pulls.auto_merge_when_succeed = Об'єднувати автоматично, якщо всі перевірки проходять успішно
-pulls.cmd_instruction_merge_title = Об'єднання
-settings.protect_enable_merge = Увімкнути об'єднання
-pulls.merged_success = Запит на злиття успішно об'єднано і закрито
+pulls.auto_merge_cancel_schedule = Скасувати автоматичне об’єднання
+issues.comment_pull_merged_at = об’єднує коміт %[1]s в %[2]s %[3]s
+settings.merge_style_desc = Стилі об’єднання
+pulls.auto_merge_when_succeed = Об’єднувати автоматично, якщо всі перевірки проходять успішно
+pulls.cmd_instruction_merge_title = Об’єднання
+settings.protect_enable_merge = Увімкнути об’єднання
+pulls.merged_success = Запит на злиття успішно об’єднано і закрито
 pulls.auto_merge_button_when_succeed = (Якщо перевірки проходять успішно)
-editor.commit_id_not_matching = Файл було змінено, поки ви його редагували. Зробіть коміт у нову гілку, а потім об'єднайте.
-settings.event_pull_request_merge = Об'єднання запиту на злиття
-pulls.auto_merge_canceled_schedule = Автоматичне об'єднання скасовано для цього запиту на злиття.
-pulls.auto_merge_not_scheduled = Цей запит на злиття не заплановано для автоматичного об'єднання.
+editor.commit_id_not_matching = Файл було змінено, поки ви його редагували. Зробіть коміт у нову гілку, а потім об’єднайте.
+settings.event_pull_request_merge = Об’єднання запиту на злиття
+pulls.auto_merge_canceled_schedule = Автоматичне об’єднання скасовано для цього запиту на злиття.
+pulls.auto_merge_not_scheduled = Цей запит на злиття не заплановано для автоматичного об’єднання.
 pulls.fast_forward_only_merge_pull_request = Тільки fast-forward
-pulls.merged_by = від <a href="%[2]s">%[3]s</a> об'єднано %[1]s
-issues.comment_manually_pull_merged_at = вручну об'єднав коміт %[1]s в %[2]s %[3]s
-pulls.merged_by_fake = від %[2]s об'єднано %[1]s
-pulls.clear_merge_message = Очистити повідомлення про об'єднання
-pulls.cmd_instruction_merge_desc = Об'єднайте зміни й оновіть їх на Forgejo.
-pulls.is_ancestor = Цю гілку вже включено в цільову гілку. Нічого об'єднувати.
-pulls.has_merged = Помилка: запит на злиття вже об'єднано, неможливо об'єднати знову чи змінити цільову гілку.
-pulls.head_out_of_date = Не вдалося об'єднати: head було оновлено, поки відбувалося об'єднання. Підказка: спробуйте знову.
+pulls.merged_by = від <a href="%[2]s">%[3]s</a> об’єднано %[1]s
+issues.comment_manually_pull_merged_at = вручну об’єднує коміт %[1]s в %[2]s %[3]s
+pulls.merged_by_fake = від %[2]s об’єднано %[1]s
+pulls.clear_merge_message = Очистити повідомлення про об’єднання
+pulls.cmd_instruction_merge_desc = Об’єднайте зміни й оновіть їх на Forgejo.
+pulls.is_ancestor = Цю гілку вже включено в цільову гілку. Нічого об’єднувати.
+pulls.has_merged = Помилка: запит на злиття вже об’єднано, неможливо об’єднати знову чи змінити цільову гілку.
+pulls.head_out_of_date = Не вдалося об’єднати: head було оновлено, поки відбувалося об’єднання. Підказка: спробуйте знову.
 no_eol.tooltip = У цьому файлі відсутній символ закінчення рядка (EOL) у кінці.
 settings.trust_model.committer.desc = Дійсні підписи будуть позначатися як «довірені», тільки якщо вони відповідають авторові коміту, в іншому випадку вони позначатимуться як «невідповідні». Це змусить Forgejo бути автором підписаних комітів, а фактичного автора зазначати в трейлерах «Co-authored-by» і «Co-committed-by» в описі коміту. Типовий ключ Forgejo повинен відповідати користувачу в базі даних.
-pulls.clear_merge_message_hint = Очищення повідомлення про об'єднання видалить лише вміст повідомлення коміту і збереже згенеровані git-трейлери, такі як «Co-Authored-By…».
-branch.delete_branch_has_new_commits = Гілку «%s» не можна видалити, оскільки після об'єднання було додано нові коміти.
+pulls.clear_merge_message_hint = Очищення повідомлення про об’єднання видалить лише вміст повідомлення коміту і збереже згенеровані git-трейлери, такі як «Co-Authored-By…».
+branch.delete_branch_has_new_commits = Гілку «%s» не можна видалити, оскільки після об’єднання було додано нові коміти.
 settings.graphql_url = Посилання GraphQL
 settings.packagist_api_token = Токен API
 settings.archive.text = Архівування репозиторію зробить його доступним тільки для читання. Він буде прихований з панелі управління. Ніхто (навіть ви!) не зможе робити нові коміти, створювати задачі чи запити на злиття.
@@ -2408,7 +2408,7 @@ settings.event_wiki_desc = Вікі-сторінку створено, пере
 settings.mirror_settings.push_mirror.copy_public_key = Копіювати відкритий ключ
 editor.add_tmpl.filename = назва файлу
 settings.unarchive.button = Розархівувати
-object_format = Формат об'єкта
+object_format = Формат об’єкта
 settings.archive.mirrors_unavailable = Дзеркала недоступні в архівованих репозиторіях.
 pulls.sign_in_require = <a href="%s">Увійдіть</a>, щоб створити новий запит на злиття.
 new_advanced_expand = Натисніть, щоб розгорнути
@@ -2608,7 +2608,7 @@ settings.admin_indexer_unindexed = Не індексовано
 settings.push_mirror_sync_in_progress = Триває надсилання змін до віддаленого репозиторію %s.
 settings.releases_desc = Увімкнути випуски в репозиторії
 settings.admin_code_indexer = Індексатор коду
-settings.protect_status_check_patterns_desc = Уведіть шаблони, щоб вказати, які перевірки стану повинні пройти гілки, перш ніж їх буде об'єднано у гілку, що відповідає цьому правилу. Кожен рядок визначає шаблон. Шаблони не можуть бути порожніми.
+settings.protect_status_check_patterns_desc = Уведіть шаблони, щоб вказати, які перевірки стану повинні пройти гілки, перш ніж їх буде об’єднано у гілку, що відповідає цьому правилу. Кожен рядок визначає шаблон. Шаблони не можуть бути порожніми.
 settings.add_webhook.invalid_path = Шлях не повинен містити частини «.» або «..» і не повинен бути порожнім. Він не може починатися або закінчуватися косою рискою.
 settings.matrix.access_token_helper = Рекомендується створити окремий обліковий запис Matrix. Токен доступу можна отримати у вебклієнті Element (у приватній/інкогніто вкладці): Меню користувача (вгорі ліворуч) > Усі налаштування > Допомога та про програму > Подробиці > Токен доступу (під URL-адресою «Домашній сервер»). Закрийте приватну вкладку (вихід із системи зробить токен недійсним).
 settings.protect_patterns = Шаблони
@@ -2649,18 +2649,18 @@ vendored = Сторонній
 blame.ignore_revs.failed = Не вдалося проігнорувати зміни в <a href="%s">.git-blame-ignore-revs</a>.
 blame.ignore_revs = Зміни в <a href="%s">.git-blame-ignore-revs</a> ігноруються. Натисніть <a href="%s">тут, щоб обійти це</a> і переглянути авторство у звичайному вигляді.
 editor.new_branch_name = Укажіть назву нової гілки для цього коміту
-projects.column.deletion_desc = Видалення стовпчика проєкту призведе до переміщення всіх пов'язаних із ним задач до стовпчика за замовчуванням. Продовжити?
+projects.column.deletion_desc = Видалення стовпчика проєкту призведе до переміщення всіх пов’язаних із ним задач до стовпчика за замовчуванням. Продовжити?
 signing.wont_sign.approved = Злиття не буде підписано, оскільки запит на злиття не схвалено.
 pulls.allow_edits_from_maintainers = Дозволити редагування від супроводжувачів
 pulls.showing_only_single_commit = Показано тільки зміни коміту %[1]s
 pulls.showing_specified_commit_range = Показано тільки зміни між %[1]s..%[2]s
 pulls.blocked_by_outdated_branch = Цей запит на злиття заблоковано, оскільки він застарів.
 pulls.blocked_by_changed_protected_files_n = Цей запит на злиття заблоковано, оскільки він змінює захищені файли:
-pulls.auto_merge_newly_scheduled = Заплановано об'єднати запит на злиття після успішного завершення всіх перевірок.
-pulls.auto_merge_newly_scheduled_comment = `планує автоматично об'єднати цей запит на злиття після успішного завершення всіх перевірок %[1]s`
+pulls.auto_merge_newly_scheduled = Заплановано об’єднати запит на злиття після успішного завершення всіх перевірок.
+pulls.auto_merge_newly_scheduled_comment = `планує автоматично об’єднати цей запит на злиття після успішного завершення всіх перевірок %[1]s`
 comments.edit.already_changed = Не вдається зберегти зміни. Схоже, що хтось інший уже змінив вміст коментаря. Оновіть сторінку і спробуйте відредагувати ще раз, щоб уникнути перезапису чужих змін
-pulls.auto_merge_canceled_schedule_comment = `скасовує автоматичне об'єднання цього запиту на злиття після успішного завершення всіх перевірок %[1]s`
-signing.wont_sign.pubkey = Коміт не буде підписано, оскільки у вас немає відкритого ключа, пов'язаного з вашим обліковим записом.
+pulls.auto_merge_canceled_schedule_comment = `скасовує автоматичне об’єднання цього запиту на злиття після успішного завершення всіх перевірок %[1]s`
+signing.wont_sign.pubkey = Коміт не буде підписано, оскільки у вас немає відкритого ключа, пов’язаного з вашим обліковим записом.
 signing.wont_sign.basesigned = Злиття не буде підписано, оскільки не підписано базовий коміт.
 signing.wont_sign.headsigned = Злиття не буде підписано, оскільки не підписано головний коміт.
 projects.column.new_submit = Створити стовпчик
@@ -2671,8 +2671,8 @@ projects.column.set_default_desc = Призначити цей стовпчик
 projects.column.new = Новий стовпчик
 projects.column.delete = Видалити стовпчик
 pulls.blocked_by_official_review_requests = Цей запит на злиття заблоковано, оскільки йому бракує схвалення від одного або кількох офіційних рецензентів.
-pulls.auto_merge_has_pending_schedule = %[1]s планує автоматично об'єднати цей запит на злиття після успішного завершення всіх перевірок %[2]s.
-signing.wont_sign.commitssigned = Злиття не буде підписано, оскільки всі пов'язані з ним коміти не підписані.
+pulls.auto_merge_has_pending_schedule = %[1]s планує автоматично об’єднати цей запит на злиття після успішного завершення всіх перевірок %[2]s.
+signing.wont_sign.commitssigned = Злиття не буде підписано, оскільки всі пов’язані з ним коміти не підписані.
 settings.authorization_header = Заголовок авторизації
 issues.archived_label_description = (Архівна) %s
 issues.reaction.add = Додати реакцію
@@ -2710,7 +2710,7 @@ commit.revert = Вивернути
 commit.revert-header = Вивернути: %s
 editor.revert = Вивернути %s на:
 commit.revert-content = Оберіть гілку, на яку вивернути:
-pulls.cmd_instruction_merge_warning = <b>Увага:</b> в цьому репозиторії не ввімкнено «Автовизначення ручного об'єднання», тож позначити цей запит як об'єднаний вручну вам доведеться самостійно.
+pulls.cmd_instruction_merge_warning = <b>Увага:</b> в цьому репозиторії не ввімкнено «Автовизначення ручного об’єднання», тож позначити цей запит як об’єднаний вручну вам доведеться самостійно.
 topic.format_prompt = Теми повинні починатися з літери або цифри, можуть містити дефіси («-») і крапки («.») і мати довжину до 35 символів. Дозволено використання лише малих літер.
 issues.label_archive = Архівна мітка
 editor.invalid_commit_mail = Недійсна пошта для створення коміту.
@@ -2739,7 +2739,7 @@ diff.review.self_reject = Автори запитів на злиття не м
 issues.review.remove_review_requests = видаляє запити на відгук від %[1]s %[2]s
 settings.ignore_stale_approvals_desc = Не враховувати схвалення, зроблені для старих комітів (застарілі відгуки), до кількості схвалень, які має запит на злиття. Цей параметр не діє, якщо застарілі відгуки вже відхилено.
 pulls.show_changes_since_your_last_review = Показати зміни з часу вашого останнього відгуку
-pulls.ready_for_review = Готові до рецензування?
+pulls.ready_for_review = Готовий до розгляду?
 signing.wont_sign.never = Коміти ніколи не підписуються.
 signing.wont_sign.always = Коміти завжди підписані.
 wiki.original_git_entry_tooltip = Переглянути оригінальний файл Git замість читабельного посилання.
@@ -2878,7 +2878,7 @@ teams.add_duplicate_users=Користувач уже є учасником ко
 teams.repos.none=Для команди немає доступних репозиторіїв.
 teams.members.none=У цій команді немає учасників.
 teams.specific_repositories=Конкретні репозиторії
-teams.specific_repositories_helper=Учасники матимуть доступ лише до репозиторіїв, які були явно додані до команди. Вибір цього пункту <strong>не призводить</strong> до автоматичного видалення репозиторіїв, доданих з <i>Всі репозиторії</i>.
+teams.specific_repositories_helper=Учасники матимуть доступ лише до репозиторіїв, які були явно додані до команди. Вибір цього пункту <strong>не призводить</strong> до автоматичного видалення репозиторіїв, доданих з <i>Усі репозиторії</i>.
 teams.all_repositories=Усі репозиторії
 teams.all_repositories_helper=Команда має доступ до всіх репозиторіїв. Вибір цього пункту <strong>додасть усі наявні</strong> репозиторії до команди.
 code = Код
@@ -2989,7 +2989,7 @@ dashboard.delete_old_actions.started=Розпочато видалення вс
 users.user_manage_panel=Керування обліковими записами
 users.new_account=Створити обліковий запис
 users.name=Ім’я користувача
-users.full_name=Повне ім'я
+users.full_name=Повне ім’я
 users.activated=Активовано
 users.admin=Адміністратор
 users.restricted=Обмежено
@@ -3040,8 +3040,8 @@ emails.primary=Головний
 emails.activated=Активовано
 emails.filter_sort.email=Електронна пошта
 emails.filter_sort.email_reverse=Електронна пошта (зворотна)
-emails.filter_sort.name=Ім'я користувача
-emails.filter_sort.name_reverse=Ім'я користувача (зворотне)
+emails.filter_sort.name=Ім’я користувача
+emails.filter_sort.name_reverse=Ім’я користувача (зворотне)
 emails.updated=Електронну пошту оновлено
 emails.not_updated=Не вдалось оновити адресу електронної пошти: %v
 emails.duplicate_active=Ця електронна адреса вже активна для іншого користувача.
@@ -3078,7 +3078,7 @@ systemhooks.update_webhook=Оновити системний вебхук
 
 auths.auth_manage_panel=Керування джерелами автентифікації
 auths.new=Додати джерело автентифікації
-auths.name=Ім'я
+auths.name=Ім’я
 auths.type=Тип
 auths.enabled=Увімкнено
 auths.syncenabled=Увімкнути синхронізацію користувачів
@@ -3094,7 +3094,7 @@ auths.bind_password=Пароль bind
 auths.user_base=База пошуку користувачів
 auths.user_dn=DN користувача
 auths.attribute_username=Атрибут імені користувача
-auths.attribute_username_placeholder=Залиште порожнім, щоб використовувати ім'я користувача для реєстрації.
+auths.attribute_username_placeholder=Залиште порожнім, щоб використовувати ім’я користувача для реєстрації.
 auths.attribute_name=Атрибут імені
 auths.attribute_surname=Атрибут прізвища
 auths.attribute_mail=Атрибут адреси email
@@ -3120,10 +3120,10 @@ auths.skip_tls_verify=Пропустити перевірку TLS
 auths.force_smtps=Примусово використовувати SMTPS
 auths.force_smtps_helper=SMTPS завжди використовується на порту 465. Встановіть цей прапорець для примусового використання SMTPS на інших портах. (В іншому випадку STARTTLS буде використовуватися для інших портів, якщо хост його підтримує.)
 auths.helo_hostname=Ім’я хоста HELO
-auths.helo_hostname_helper=Ім'я хоста, яке буде надіслано з HELO. Залиште порожнім, аби надсилати поточне ім'я хоста.
+auths.helo_hostname_helper=Ім’я хоста, яке буде надіслано з HELO. Залиште порожнім, аби надсилати поточне ім’я хоста.
 auths.disable_helo=Вимкнути HELO
-auths.pam_service_name=Ім'я служби PAM
-auths.pam_email_domain=Поштовий домен PAM (необов'язково)
+auths.pam_service_name=Ім’я служби PAM
+auths.pam_email_domain=Поштовий домен PAM (необов’язково)
 auths.oauth2_provider=Постачальник OAuth2
 auths.oauth2_icon_url=URL значка
 auths.oauth2_clientID=ID клієнта (ключ)
@@ -3200,7 +3200,7 @@ config.lfs_http_auth_expiry=Термін дії LFS HTTP-автентифіка
 config.db_config=Конфігурація бази даних
 config.db_type=Тип
 config.db_host=Хост
-config.db_name=Ім'я
+config.db_name=Ім’я
 config.db_user=Ім’я користувача
 config.db_schema=Схема
 config.db_ssl_mode=SSL
@@ -3234,7 +3234,7 @@ config.deliver_timeout=Тайм-аут доставки
 config.skip_tls_verify=Пропустити перевірку TLS
 
 config.mailer_enabled=Увімкнено
-config.mailer_name=Ім'я
+config.mailer_name=Ім’я
 config.mailer_smtp_port=Порт SMTP
 config.mailer_user=Користувач
 config.mailer_use_sendmail=Використовувати Sendmail
@@ -3287,7 +3287,7 @@ config.xorm_log_sql=Журнал SQL
 
 
 monitor.cron=Завдання cron
-monitor.name=Ім'я
+monitor.name=Ім’я
 monitor.schedule=Розклад
 monitor.next=Наступного разу
 monitor.previous=Попереднього разу
@@ -3370,7 +3370,7 @@ monitor.duration = Тривалість (с)
 users.reserved = Зарезервовано
 systemhooks.desc = Вебхуки автоматично сповіщають HTTP-сервер POST-запитами, коли в Forgejo відбуваються певні події. Вказані тут вебхуки спрацьовуватимуть для всіх репозиторіїв системи, тож врахуйте всі ймовірні наслідки для швидкодії. Докладніше — в <a target="_blank" rel="noopener" href="%s">посібнику з вебхуків</a>.
 dashboard.cleanup_actions = Очистити прострочені журнали й артефакти від Дій
-dashboard.gc_lfs = Виконати очистку сміття метаоб'єктів LFS
+dashboard.gc_lfs = Виконати очистку сміття метаоб’єктів LFS
 dashboard.new_version_hint = Вийшла %s версія Forgejo, ви використовуєте %s. Докладніше читайте у <a target="_blank" rel="noreferrer" href="%s">блозі</a>.
 self_check.database_collation_case_insensitive = База даних використовує зіставлення %s, яке є нечутливим до регістру. Forgejo може працювати з ним, однак можливі рідкісні випадки, коли щось працюватиме не так, як очікувалося.
 self_check.database_inconsistent_collation_columns = База даних використовує зіставлення %s, але ці стовпчики використовують невідповідні зіставлення. Це може спричинити деякі несподівані проблеми.
@@ -3448,16 +3448,16 @@ config.open_with_editor_app_help = Редактори «Відкрити в» д
 
 [action]
 create_repo=створює репозиторій <a href="%s">%s</a>
-rename_repo=репозиторій перейменовано з <code>%[1]s</code> на <a href="%[2]s">%[3]s</a>
-commit_repo=надіслав зміни (push) до <a href="%[2]s">%[3]s</a> о <a href="%[1]s">%[4]s</a>
-create_issue=`відкрив задачу <a href="%[1]s">%[3]s#%[2]s</a>`
-close_issue=`закрив задачу <a href="%[1]s">%[3]s#%[2]s</a>`
-reopen_issue=`повторно відкрив задачу <a href="%[1]s">%[3]s#%[2]s</a>`
-create_pull_request=`створив запит злиття <a href="%[1]s">%[3]s#%[2]s</a>`
-close_pull_request=`закрив запит злиття <a href="%[1]s">%[3]s#%[2]s</a>`
-reopen_pull_request=`повторно відкрив запит злиття <a href="%[1]s">%[3]s#%[2]s</a>`
-comment_issue=`прокоментував задачу <a href="%[1]s">%[3]s#%[2]s</a>`
-comment_pull=`прокоментував запит злиття <a href="%[1]s">%[3]s#%[2]s</a>`
+rename_repo=перейменовує репозиторій з <code>%[1]s</code> на <a href="%[2]s">%[3]s</a>
+commit_repo=надслає зміни (push) до <a href="%[2]s">%[3]s</a> о <a href="%[1]s">%[4]s</a>
+create_issue=`відкриває задачу <a href="%[1]s">%[3]s#%[2]s</a>`
+close_issue=`закриває задачу <a href="%[1]s">%[3]s#%[2]s</a>`
+reopen_issue=`повторно відкриває задачу <a href="%[1]s">%[3]s#%[2]s</a>`
+create_pull_request=`створює запит на злиття <a href="%[1]s">%[3]s#%[2]s</a>`
+close_pull_request=`закриває запит на злиття <a href="%[1]s">%[3]s#%[2]s</a>`
+reopen_pull_request=`повторно відкриває запит на злиття <a href="%[1]s">%[3]s#%[2]s</a>`
+comment_issue=`коментує задачу <a href="%[1]s">%[3]s#%[2]s</a>`
+comment_pull=`коментує запит на злиття <a href="%[1]s">%[3]s#%[2]s</a>`
 merge_pull_request=`приймає запит на злиття <a href="%[1]s">%[3]s#%[2]s</a>`
 transfer_repo=передає репозиторій <code>%s</code> <a href="%s">%s</a>
 push_tag=надсилає тег <a href="%[2]s">%[3]s</a> в <a href="%[1]s">%[4]s</a>
@@ -3466,18 +3466,18 @@ delete_branch=видаляє гілку <code>%[2]s</code> з <a href="%[1]s">%[
 compare_branch=Порівняти
 compare_commits=Порівняти %d комітів
 compare_commits_general=Порівняти коміти
-mirror_sync_push=синхронізував коміти в <a href="%[2]s">%[3]s</a> в <a href="%[1]s">%[4]s</a> із дзеркала
-mirror_sync_create=синхронізував нове посилання <a href="%[2]s">%[3]s</a> в <a href="%[1]s">%[4]s</a> із дзеркала
-mirror_sync_delete=синхронізовано й видалено посилання <code>%[2]s</code> на <a href="%[1]s">%[3]s</a> із дзеркала
-approve_pull_request=`схвалив <a href="%[1]s">%[3]s#%[2]s</a>`
+mirror_sync_push=синхронізує коміти в <a href="%[2]s">%[3]s</a> в <a href="%[1]s">%[4]s</a> із дзеркала
+mirror_sync_create=синхронізує нове посилання <a href="%[2]s">%[3]s</a> на <a href="%[1]s">%[4]s</a> із дзеркала
+mirror_sync_delete=синхронізує і видаляє посилання <code>%[2]s</code> на <a href="%[1]s">%[3]s</a> із дзеркала
+approve_pull_request=`схвалює <a href="%[1]s">%[3]s#%[2]s</a>`
 reject_pull_request=`пропонує зміни до <a href="%[1]s">%[3]s#%[2]s</a>`
 publish_release=`публікує випуск <a href="%[2]s">%[4]s</a> з <a href="%[1]s">%[3]s</a>`
-review_dismissed=`відхилив відгук від <b>%[4]s</b> для <a href="%[1]s">%[3]s#%[2]s</a>`
+review_dismissed=`відхиляє відгук від <b>%[4]s</b> для <a href="%[1]s">%[3]s#%[2]s</a>`
 review_dismissed_reason=Причина:
 create_branch=створює гілку <a href="%[2]s">%[3]s</a> в <a href="%[1]s">%[4]s</a>
 starred_repo=додає <a href="%[1]s">%[2]s</a> в обрані
 watched_repo=починає спостерігати за <a href="%[1]s">%[2]s</a>
-auto_merge_pull_request = `автоматично об'єднав запит на злиття <a href="%[1]s">%[3]s#%[2]s</a>`
+auto_merge_pull_request = `автоматично об’єднує запит на злиття <a href="%[1]s">%[3]s#%[2]s</a>`
 
 [tool]
 now=щойно
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index a267b3a566..8dc05c9b8b 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -218,7 +218,7 @@ server_internal = 服务器内部错误
 [startpage]
 app_desc=一款极易搭建的自助 Git 服务
 install=易安装
-install_desc=通过<a target="_blank" rel="noopener noreferrer" href="%[1]s">二进制</a>来运行；或者通过<a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a> 来运行；或者通过<a target="_blank" rel="noopener noreferrer" href="%[3]s">安装包</a> 来运行。
+install_desc=轻松使用<a target="_blank" rel="noopener noreferrer" href="%[1]s">二进制</a>、<a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a>或<a target="_blank" rel="noopener noreferrer" href="%[3]s">安装包</a>来部署。
 platform=跨平台
 platform_desc=已证实可以在 Linux 和 FreeBSD 等自由操作系统以及不同的 CPU 架构上运行 Forgejo。挑一个您喜欢的就行！
 lightweight=轻量级
@@ -269,9 +269,9 @@ domain_helper=服务器的域名或主机地址。
 ssh_port=SSH 服务器端口
 ssh_port_helper=SSH 服务器的端口号，为空则禁用它。
 http_port=HTTP 服务端口
-http_port_helper=Forgejos web 服务器将侦听的端口号。
-app_url=基础URL
-app_url_helper=用于 HTTP(S) 克隆和电子邮件通知的基础URL。
+http_port_helper=Forgejo Web 服务器将侦听的端口号。
+app_url=基础 URL
+app_url_helper=用于 HTTP(S) 克隆和电子邮件通知的基础 URL。
 log_root_path=日志路径
 log_root_path_helper=日志文件将写入此目录。
 
@@ -374,7 +374,7 @@ go_to=转到
 code=代码
 code_last_indexed_at=最后索引于 %s
 relevant_repositories_tooltip=派生的、缺少主题、图标和描述的仓库已被隐藏。
-relevant_repositories=只显示相关的仓库， <a href="%s">显示未过滤结果</a>。
+relevant_repositories=只显示相关的仓库，<a href="%s">显示未过滤结果</a>。
 
 [auth]
 create_new_account=注册帐号
@@ -426,15 +426,15 @@ openid_connect_title=连接到现有的帐户
 openid_connect_desc=所选的 OpenID URI 未知。在这里关联一个新帐户。
 openid_register_title=创建新帐户
 openid_register_desc=所选的 OpenID URI 未知。在这里关联一个新帐户。
-openid_signin_desc=输入您的OpenID地址。例如：alice.openid.example.org 或 https://openid.example.org/alice.
+openid_signin_desc=输入您的 OpenID 地址。例如：alice.openid.example.org 或 https://openid.example.org/alice.
 disable_forgot_password_mail=由于未设置电子邮件，帐户恢复被禁用。 请联系您的站点管理员。
 disable_forgot_password_mail_admin=帐户恢复仅在设置电子邮件后可用。 请设置电子邮件以启用帐户恢复。
 email_domain_blacklisted=您不能使用您的电子邮件地址注册。
-authorize_application=应用授权
+authorize_application=授权应用
 authorize_redirect_notice=如果您授权此应用，您将会被重定向到 %s。
 authorize_application_created_by=此应用由 %s 创建。
 authorize_application_description=如果您允许，它将能够读取和修改您的所有帐户信息，包括私人仓库和组织。
-authorize_title=授权 %s 访问您的帐户？
+authorize_title=授权 "%s" 访问您的帐户？
 authorization_failed=授权失败
 authorization_failed_desc=因为检测到无效请求，授权失败。请尝试联系您授权应用的管理员。
 password_pwned=此密码出现在 <a target="_blank" rel="noopener noreferrer" href="%s">被盗密码</a> 列表上并且曾经被公开。 请使用另一个密码再试一次。
@@ -532,8 +532,8 @@ removed_security_key.text_1 = 安全密钥“%[1]s”刚刚从您的账号中移
 account_security_caution.text_1 = 如果这是您，那么您可以放心地忽略这封邮件。
 
 [modal]
-yes=确认操作
-no=取消操作
+yes=是
+no=否
 confirm=确认
 cancel=取消
 modify=更新
@@ -558,8 +558,8 @@ Content=内容
 
 require_error=` 不能为空。`
 alpha_dash_error=` 应只包含字母数字、破折号（“-”）和下划线（“_”）字符。`
-alpha_dash_dot_error=` 应该只包含半角字母、数字、破折号（“-”）、下划线（“_”）和半角句号（“.”） 。`
-git_ref_name_error=` 必须是格式良好的 git 引用名称。`
+alpha_dash_dot_error=` 应该只包含半角字母、数字、连接号（“-”）、下划线（“_”）和半角句号（“.”）。`
+git_ref_name_error=` 必须是格式正确的 Git 引用名称。`
 size_error=`长度必须为 %s。`
 min_size_error=`长度最小为 %s 个字符。`
 max_size_error=`长度最大为 %s 个字符。`
@@ -635,8 +635,8 @@ AccessToken = 访问令牌
 Description = 描述
 Pronouns = 代称
 Biography = 简介
-username_claiming_cooldown = 用户名不能被认领，因为其仍处于保护期。其可以在%[1]s后被认领。
-email_domain_is_not_allowed = 用户电子邮件地址的域名<b>%s</b>与EMAIL_DOMAIN_ALLOWLIST或EMAIL_DOMAIN_BLOCKLIST冲突。请确保您正确设置了电子邮件地址。
+username_claiming_cooldown = 用户名不能被认领，因为其仍处于保护期。其可以在 %[1]s 后被认领。
+email_domain_is_not_allowed = 用户电子邮件地址的域名 <b>%s</b> 与 EMAIL_DOMAIN_ALLOWLIST 或 EMAIL_DOMAIN_BLOCKLIST 冲突。请确保您正确设置了电子邮件地址。
 
 [user]
 change_avatar=修改头像…
@@ -652,7 +652,7 @@ overview=概览
 following_few=%d 关注
 follow=关注
 unfollow=取消关注
-user_bio=简历
+user_bio=简介
 disabled_public_activity=该用户已隐藏公开活动记录。
 email_visibility.limited=所有已认证用户均可看到您的电子邮件地址
 show_on_map=在地图上显示这个位置
@@ -761,7 +761,7 @@ password_change_disabled=非本地帐户不能通过 Forgejo 的 web 界面更
 manage_emails=管理电子邮件地址
 manage_themes=默认主题
 manage_openid=OpenID 地址
-email_desc=您的主要电子邮件地址将用于通知、密码恢复，基于网页界面的Git操作（只要它不是设置为隐藏的）。
+email_desc=您的主要电子邮件地址将用于通知、密码恢复，基于网页界面的 Git 操作（只要它不是设置为隐藏的）。
 theme_desc=此主题将在您已登录时被用于网页界面。
 primary=主要
 activated=已激活
@@ -772,13 +772,13 @@ activations_pending=等待激活
 can_not_add_email_activations_pending=有一个待处理的激活请求，请稍等几分钟后再尝试添加新的电子邮件地址。
 delete_email=移除
 email_deletion=移除电子邮件地址
-email_deletion_desc=此电子邮件地址及相关信息将被删除。使用此电子邮件地址的Git提交将被保留。继续吗？
+email_deletion_desc=此电子邮件地址及相关信息将被删除。使用此电子邮件地址的 Git 提交将被保留。继续吗？
 email_deletion_success=您的电子邮件地址已被移除。
 theme_update_success=您的主题已更新。
 theme_update_error=所选主题不存在。
 openid_deletion=移除 OpenID 地址
 openid_deletion_desc=删除此 OpenID 地址将会阻止你使用它进行登录。你确定要继续吗？
-openid_deletion_success=OpenID地址已被移除。
+openid_deletion_success=已移除 OpenID 地址。
 add_new_email=添加电子邮件地址
 add_new_openid=添加新的 OpenID URI
 add_email=添加电子邮件地址
@@ -792,19 +792,19 @@ keep_email_private_popup=电子邮件地址不会显示在个人资料页面上
 openid_desc=OpenID 让你可以将认证转发到外部服务。
 
 manage_ssh_keys=管理 SSH 公钥
-manage_ssh_principals=管理SSH证书规则
+manage_ssh_principals=管理 SSH 证书主体
 manage_gpg_keys=管理 GPG 密钥
 add_key=增加密钥
 ssh_desc=这些 SSH 公钥已经关联到你的账号。相应的私钥拥有完全操作你的仓库的权限，且已验证的 SSH 密钥可以验证 SSH 签名的 Git 提交。
-principal_desc=这些SSH证书规则已关联到你的账号将允许完全访问你的所有仓库。
+principal_desc=这些已关联到你的账号的 SSH 证书主体将有你的所有仓库的完全访问权。
 gpg_desc=这些 GPG 公钥已经关联到你的账号，并用于验证您的提交。请妥善保管你的私钥，因为这些私钥可以以你的身份签名提交。
 ssh_helper=<strong>需要帮助？</strong>请查看<a href="%s">如何生成 SSH 密钥</a>或<a href="%s">常见 SSH 问题</a>寻找答案。
-gpg_helper=<strong>需要帮助吗？</strong>建议看一看 GitHub 的 <a href="%s">关于GPG</a> 的指导。
+gpg_helper=<strong>需要帮助吗？</strong>建议看一看 GitHub <a href="%s">关于 GPG</a> 的指南。
 key_content_ssh_placeholder=以“ssh-ed25519”、“ssh-rsa”、“ecdsa-sha2-nistp256”、“ecdsa-sha2-nistp384”、“ecdsa-sha2-nistp521”、“sk-ecdsa-sha2-nistp256@openssh.com” 或 “sk-ssh-ed25519@openssh.com” 开头
 key_content_gpg_placeholder=以 “-----BEGIN PGP PUBLIC KEY BLOCK-----” 开头
 add_new_principal=添加规则
 ssh_key_been_used=此 SSH 公钥已被添加到此服务器。
-ssh_key_name_used=使用相同名称的SSH公钥已存在。
+ssh_key_name_used=使用相同名称的 SSH 公钥已存在。
 ssh_principal_been_used=此规则已经加入到了服务器。
 gpg_key_id_used=具有相同 ID 的 GPG 公钥已存在。
 gpg_no_key_email_found=此 GPG 密钥与您帐户关联的任何已激活电子邮件地址均不匹配。如果您在提供的令牌上签名，它仍然可以被添加。
@@ -831,20 +831,20 @@ ssh_token_signature=增强 SSH 签名
 key_signature_ssh_placeholder=以 “-----BEGIN SSH SIGNATURE -----” 开头
 verify_ssh_key_success=SSH 公钥 %s 已通过验证。
 subkeys=子项
-key_id=键ID
+key_id=密钥 ID
 key_name=密钥名称
 key_content=密钥内容
 principal_content=内容
-add_key_success=SSH 公钥 %s 已被成功添加。
-add_gpg_key_success=GPG 密钥 %s 添加成功。
-add_principal_success=SSH证书规则 %s 添加成功。
+add_key_success=成功添加 SSH 公钥 "%s"。
+add_gpg_key_success=成功添加 GPG 密钥 "%s"。
+add_principal_success=SSH 证书主体 "%s" 添加成功。
 delete_key=删除
 ssh_key_deletion=删除 SSH 公钥
 gpg_key_deletion=删除 GPG 密钥
-ssh_principal_deletion=删除 SSH 证书规则
+ssh_principal_deletion=删除 SSH 证书主体
 ssh_key_deletion_desc=删除 SSH 公钥将取消对应的私钥对您的 Forgejo 帐户的访问权限。继续？
 gpg_key_deletion_desc=删除 GPG 公钥将无法认知使用对应私钥签名的提交，继续？
-ssh_principal_deletion_desc=删除此 SSH 证书规则将取消它对您的账户的访问权限。继续？
+ssh_principal_deletion_desc=删除此 SSH 证书主体将吊销其对您账户的访问权限。继续？
 ssh_key_deletion_success=SSH 公钥已被删除。
 gpg_key_deletion_success=GPG 密钥已被删除。
 ssh_principal_deletion_success=此规则删除成功。
@@ -906,8 +906,8 @@ oauth2_regenerate_secret_hint=您的密钥已丢失？
 oauth2_client_secret_hint=您离开或刷新此页面后将不会再显示此密钥。请确保您已保存它。
 oauth2_application_edit=编辑
 oauth2_application_create_description=OAuth2 应用允许您的第三方应用程序访问此实例的用户帐户。
-oauth2_application_remove_description=移除一个OAuth2应用将会阻止它访问此实例上的已授权用户账户。是否继续？
-oauth2_application_locked=如果配置启用，Forgejo预注册一些OAuth2应用程序。 为了防止意外的行为, 这些应用既不能编辑也不能删除。请参阅OAuth2文档以获取更多信息。
+oauth2_application_remove_description=移除 OAuth2 应用将会阻止其访问此实例上的已授权用户账户。是否继续？
+oauth2_application_locked=如果配置启用，Forgejo 预注册一些 OAuth2 应用程序。为了防止意外的行为，这些应用既不能编辑也不能删除。请参阅 OAuth2 文档以获取更多信息。
 
 authorized_oauth2_applications=已授权的 OAuth2 应用
 authorized_oauth2_applications_description=您已授予这些第三方应用程序访问您的个人 Forgejo 账户的权限。请撤销那些您不再使用的应用程序的访问权限。
@@ -1082,8 +1082,8 @@ mirror_sync = 已同步
 mirror_sync_on_commit=推送提交时同步
 mirror_address=从 URL 克隆
 mirror_address_desc=在授权框中输入必要的凭据。
-mirror_address_url_invalid=URL无效。请检查所输入URL的所有部分是否被正确地转义。
-mirror_address_protocol_invalid=提供的URL无效。只能使用http（s）://或git://地址进行镜像操作。
+mirror_address_url_invalid=URL 无效。请检查所输入 URL 的所有部分是否都已正确转义。
+mirror_address_protocol_invalid=提供的 URL 无效。只能使用 http(s):// 或 git:// 地址进行镜像操作。
 mirror_lfs=大文件存储（LFS）
 mirror_lfs_desc=镜像 LFS 数据。
 mirror_lfs_endpoint=LFS 网址
@@ -1111,7 +1111,7 @@ delete_preexisting_success=删除 %s 中未收录的文件
 blame_prior=查看此更改前的 blame
 blame.ignore_revs=忽略 <a href="%s">.git-blame-ignore-revs</a> 的修订。点击 <a href="%s">绕过</a> 并查看正常的 Blame 视图。
 blame.ignore_revs.failed=忽略 <a href="%s">.git-blame-ignore-revs</a> 版本失败。
-author_search_tooltip=最多显示30个用户
+author_search_tooltip=最多显示 30 位用户
 
 tree_path_not_found_commit=路径%[1]s 在提交 %[2]s 中不存在
 tree_path_not_found_branch=路径 %[1]s 不存在于分支 %[2]s 中
@@ -1131,9 +1131,9 @@ desc.internal=内部
 desc.archived=已存档
 desc.sha256 = SHA256
 template.items=模板选项
-template.git_content=Git数据（默认分支）
+template.git_content=Git 内容（默认分支）
 template.git_hooks=Git 钩子
-template.git_hooks_tooltip=你目前无法修改或删除被添加过的 Git Hook。仅当你信任模板仓库时才可以选择此项。
+template.git_hooks_tooltip=你目前无法修改或删除被添加过的 Git 钩子。仅当你信任模板仓库时才可以选择此项。
 template.webhooks=Web 钩子
 template.topics=主题
 template.avatar=头像
@@ -1166,7 +1166,7 @@ migrate_items_merge_requests=合并请求
 migrate_items_releases=版本发布
 migrate_repo=迁移仓库
 migrate.clone_address=从 URL 迁移/克隆
-migrate.clone_address_desc=现有仓库的 HTTP（s） 或 Git “clone” URL
+migrate.clone_address_desc=现有仓库的 HTTP(S) 或 Git “clone” URL
 migrate.github_token_desc=您可以在此填写一个或多个以逗号分隔的令牌，以规避 GitHub API 速率限制并加快迁移速度。 警告：滥用此功能可能会违反服务提供商的政策并导致您的帐户被封禁。
 migrate.clone_local_path=或服务器本地路径
 migrate.permission_denied=您没有获得导入本地仓库的权限。
@@ -1182,7 +1182,7 @@ migrate.migrating=正在从 <b>%s</b> 迁移…
 migrate.migrating_failed=从 <b>%s</b> 迁移失败。
 migrate.migrating_failed.error=迁移失败：%s
 migrate.migrating_failed_no_addr=迁移失败。
-migrate.migrating_git=迁移Git数据
+migrate.migrating_git=迁移 Git 数据
 migrate.migrating_topics=正在迁移主题
 migrate.migrating_milestones=正在迁移里程碑
 migrate.migrating_labels=正在迁移标签
@@ -1222,7 +1222,7 @@ branch=分支
 tree=目录树
 clear_ref=`清除当前引用`
 filter_branch_and_tag=过滤分支或标签
-find_tag=查找Git标签
+find_tag=查找标签
 branches=分支列表
 tags=标签列表
 issues=议题
@@ -1335,8 +1335,8 @@ editor.commit_empty_file_text=您要提交的文件是空的，继续吗？
 editor.no_changes_to_show=没有可以显示的变更。
 editor.fail_to_update_file=更新/创建文件 %s 失败。
 editor.fail_to_update_file_summary=错误信息：
-editor.push_rejected_no_message=此修改被服务器拒绝并且没有反馈消息。请检查 Git Hook。
-editor.push_rejected=此修改被服务器拒绝。请检查 Git Hook。
+editor.push_rejected_no_message=此修改被服务器拒绝且没有反馈消息。请检查 Git 钩子。
+editor.push_rejected=此修改被服务器拒绝。请检查 Git 钩子。
 editor.push_rejected_summary=详细拒绝信息：
 editor.add_subdir=添加目录…
 editor.unable_to_upload_files=上传文件至 %s 时发生错误：%v
@@ -1353,7 +1353,7 @@ commits.desc=浏览代码修改历史。
 commits.commits=次代码提交
 commits.no_commits=没有共同的提交。%s 和 %s 的历史完全不同。
 commits.nothing_to_compare=这些分支是相同的。
-commits.search.tooltip=您可以在关键词前加上前缀，如"author:", "committer:", "after:", 或"before:", 例如 "retrin author:Alice before:2019-01-13"。
+commits.search.tooltip=您可以在关键词前加上前缀 "author:"、"committer:"、"after:" 或 "before:"，例如 "revert author:Alice before:2019-01-13"。
 commits.search_all=所有分支
 commits.author=作者
 commits.message=备注
@@ -1399,7 +1399,7 @@ projects.modify=更新项目
 projects.edit_success=项目 %s 更新成功。
 projects.type.none=无
 projects.type.basic_kanban=基础看板
-projects.type.bug_triage=Bug分类看板
+projects.type.bug_triage=Bug 分类看板
 projects.template.desc=项目模板
 projects.template.desc_helper=选择一个项目模板以开始
 projects.column.edit=编辑列
@@ -1428,7 +1428,7 @@ issues.filter_reviewers=筛选评审员
 issues.new=创建议题
 issues.new.title_empty=标题不能为空
 issues.new.labels=标签
-issues.new.no_label=未选择标签
+issues.new.no_label=暂无标签
 issues.new.clear_labels=清除选中的标签
 issues.new.projects=项目
 issues.new.clear_projects=清除选中的项目
@@ -1437,14 +1437,14 @@ issues.new.open_projects=开放中的项目
 issues.new.closed_projects=已关闭的项目
 issues.new.no_items=无可选项
 issues.new.milestone=里程碑
-issues.new.no_milestone=未选择里程碑
+issues.new.no_milestone=暂无里程碑
 issues.new.clear_milestone=清除选中的里程碑
 issues.new.open_milestone=开放中的里程碑
 issues.new.closed_milestone=已关闭的里程碑
 issues.new.assignees=指派成员
 issues.new.clear_assignees=取消指派成员
 issues.new.no_assignees=未指派成员
-issues.new.no_reviewers=无评审员
+issues.new.no_reviewers=暂无评审员
 issues.choose.get_started=开始
 issues.choose.open_external_link=开启
 issues.choose.blank=默认模板
@@ -1531,7 +1531,7 @@ issues.action_assignee=指派人筛选
 issues.action_assignee_no_select=未指派
 issues.action_check=选中/取消选中
 issues.action_check_all=选中/取消选中所有项目
-issues.opened_by=由 <a href="%[2]s">%[3]s</a> 于 %[1]s创建
+issues.opened_by=由 <a href="%[2]s">%[3]s</a> 创建于 %[1]s
 pulls.merged_by=由 <a href="%[2]s">%[3]s</a> 创建，合并于 %[1]s
 pulls.merged_by_fake=由 %[2]s 创建，合并于 %[1]s
 issues.closed_by=由 <a href="%[2]s">%[3]s</a> 创建，被关闭于 %[1]s
@@ -1559,7 +1559,7 @@ issues.close_comment_issue=评论并关闭
 issues.reopen_issue=重新开放
 issues.reopen_comment_issue=重新打开并评论
 issues.create_comment=评论
-issues.closed_at=`于 %s 关闭了此议题`
+issues.closed_at=`关闭了此议题 %s`
 issues.reopened_at=`于 %s 重新打开了此议题`
 issues.commit_ref_at=`于 %s 从提交中引用了此议题`
 issues.ref_issue_from=`于 %[1]s <a href="%[2]s">引用了此议题 %[3]s</a>`
@@ -1569,7 +1569,7 @@ issues.ref_reopening_from=`于 %[1]s <a href="%[2]s">从合并请求 %[3]s 引
 issues.ref_from=`来自 %[1]s`
 issues.author=作者
 issues.role.owner=所有者
-issues.role.owner_helper=该用户是该仓库的所有者。
+issues.role.owner_helper=该用户是此仓库的所有者之一。
 issues.role.member=成员
 issues.role.member_helper=该用户是拥有该仓库的组织成员。
 issues.role.collaborator=协作者
@@ -1664,7 +1664,7 @@ issues.time_spent_from_all_authors=`总花费时间：%s`
 issues.due_date=到期时间
 issues.push_commit_1=于 %[2]s 推送了 %[1]d 个提交
 issues.push_commits_n=于 %[2]s 推送了 %[1]d 个提交
-issues.force_push_codes=`于 %[6]s 强制推送 %[1]s，从 <a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s，至 <a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s`
+issues.force_push_codes=`于 %[6]s 强制推送 %[1]s，从 <a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s 至 <a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s`
 issues.force_push_compare=比较
 issues.due_date_form=yyyy年mm月dd日
 issues.due_date_form_edit=编辑
@@ -1735,7 +1735,7 @@ issues.review.un_resolve_conversation=未解决
 issues.review.resolved_by=标记问题为已解决
 issues.reference_issue.body=内容
 issues.content_history.deleted=删除于
-issues.content_history.edited=最后编辑于
+issues.content_history.edited=编辑于
 issues.content_history.created=创建于
 issues.content_history.delete_from_history=从历史记录中删除
 issues.content_history.delete_from_history_confirm=从历史记录中删除吗？
@@ -1777,7 +1777,7 @@ pulls.create=创建合并请求
 pulls.change_target_branch_at=将目标分支从 <b>%s</b> 更改为 <b>%s</b> %s
 pulls.tab_conversation=对话
 pulls.tab_commits=代码提交
-pulls.tab_files=文件变动
+pulls.tab_files=文件更改
 pulls.reopen_to_merge=请重新创建此合并请求。
 pulls.cant_reopen_deleted_branch=无法重新打开此合并请求，因为分支已删除。
 pulls.merged=已合并
@@ -1799,7 +1799,7 @@ pulls.is_empty=此分支上的更改已经在目标分支上。这将是一个
 pulls.required_status_check_failed=一些必要的检测没有成功。
 pulls.required_status_check_missing=缺少一些必要的检测。
 pulls.required_status_check_administrator=作为管理员，您仍可合并此合并请求。
-pulls.blocked_by_approvals=此合并请求当前还没有通过审批。已获取审批数%d个，共需要审批数%d个。
+pulls.blocked_by_approvals=此合并请求尚未通过审批。已有 %d 个批准，共需 %d 个。
 pulls.blocked_by_rejection=此合并请求有官方评审员请求的更改。
 pulls.blocked_by_official_review_requests=此合并请求需要一名或多名评审员审阅批准。
 pulls.blocked_by_outdated_branch=此合并请求因过期而被阻止。
@@ -1814,8 +1814,8 @@ pulls.approve_count_1=%d 项批准
 pulls.approve_count_n=%d 项批准
 pulls.reject_count_1=%d 变更请求
 pulls.reject_count_n=%d 变更请求
-pulls.waiting_count_1=正等待 %d 人评审
-pulls.waiting_count_n=正等待 %d 人评审
+pulls.waiting_count_1=等待 %d 人评审
+pulls.waiting_count_n=等待 %d 人评审
 pulls.wrong_commit_id=提交 ID 必须是目标分支上的提交的 ID
 
 pulls.no_merge_desc=由于未启用合并选项，此合并请求无法被合并。
@@ -1859,14 +1859,14 @@ pulls.update_branch_success=分支更新成功
 pulls.update_not_allowed=您无权更新分支
 pulls.outdated_with_base_branch=此分支相比基础分支已过期
 pulls.close=关闭
-pulls.closed_at=`于 %s 关闭了此合并请求 `
+pulls.closed_at=`于 %s 关闭了此合并请求`
 pulls.reopened_at=`于 %s 重新打开了此合并请求`
 pulls.cmd_instruction_hint=查看命令行说明
 pulls.cmd_instruction_checkout_title=检出
 pulls.cmd_instruction_checkout_desc=从你的仓库中检出一个新的分支并测试变更。
 pulls.cmd_instruction_merge_title=合并
 pulls.cmd_instruction_merge_desc=合并更改并在 Forgejo 上更新。
-pulls.clear_merge_message=清除合并信息
+pulls.clear_merge_message=清除合并消息
 pulls.clear_merge_message_hint=清除合并消息只会删除提交消息内容，并保留生成的 git 附加内容，如“Co-Authored-By …”。
 
 pulls.auto_merge_button_when_succeed=（当检测成功时）
@@ -1889,7 +1889,7 @@ pulls.recently_pushed_new_branches=您已于%[2]s推送了分支 <a href="%[3]s"
 pull.deleted_branch=（已删除）：%s
 
 milestones.new=新的里程碑
-milestones.closed=于 %s关闭
+milestones.closed=关闭于 %s
 milestones.update_ago=已更新 %s
 milestones.no_due_date=暂无截止日期
 milestones.open=开放中
@@ -1965,11 +1965,11 @@ activity.navbar.contributors=贡献者
 activity.period.filter_label=周期：
 activity.period.daily=1 天
 activity.period.halfweekly=3 天
-activity.period.weekly=1周
+activity.period.weekly=1 周
 activity.period.monthly=1 个月
-activity.period.quarterly=3个月
+activity.period.quarterly=3 个月
 activity.period.semiyearly=6 个月
-activity.period.yearly=1年
+activity.period.yearly=1 年
 activity.overview=概览
 activity.merged_prs_count_1=已合并的合并请求
 activity.merged_prs_count_n=已合并的合并请求
@@ -2079,13 +2079,13 @@ settings.use_internal_wiki=使用内置百科
 settings.use_external_wiki=使用外部百科
 settings.external_wiki_url=外部百科链接
 settings.external_wiki_url_error=外部百科链接不是有效的 URL。
-settings.external_wiki_url_desc=当点击百科标签时，访问者将被重定向到外部百科系统的URL。
+settings.external_wiki_url_desc=在用户点击百科标签时，重定向至外部百科系统的 URL。
 settings.issues_desc=启用仓库议题系统
 settings.use_internal_issue_tracker=使用内置的议题系统
 settings.use_external_issue_tracker=使用外部的议题系统
 settings.external_tracker_url=外部议题系统 URL
 settings.external_tracker_url_error=外部百科链接无效。
-settings.external_tracker_url_desc=当点击议题标签时，访问者将被重定向到外部议题系统的URL。
+settings.external_tracker_url_desc=在用户点击议题标签时，重定向至外部议题系统的 URL。
 settings.tracker_url_format=外部议题系统的 URL 格式
 settings.tracker_url_format_error=外部议题追踪器链接无效。
 settings.tracker_issue_style=外部议题系统的编号格式
@@ -2136,8 +2136,8 @@ settings.transfer_abort_invalid=你不能取消不存在的代码库转移。
 settings.transfer_abort_success=成功取消了将代码库转让给 %s。
 settings.transfer_desc=您可以将仓库转移至您拥有管理员权限的帐户或组织。
 settings.transfer_in_progress=当前正在进行转让。 如果你想将此代码库转让给另一个用户，请取消它。
-settings.transfer_notices_1=- 如果将此仓库转移给其他用户, 您将失去对此仓库的访问权限。
-settings.transfer_notices_2=-如果将其转移到您（共同） 拥有的组织，您可以继续访问该仓库。
+settings.transfer_notices_1=- 若将此仓库转移给其他用户，您将失去对其的访问权限。
+settings.transfer_notices_2=- 若将其转移到您（共同）拥有的组织，您可以继续访问该仓库。
 settings.transfer_notices_3=- 如果仓库是私有的并且被转移给某个用户，那么此操作可以确保该用户至少具有读权限（以及必要时的更改权限）。
 settings.transfer_owner=新拥有者
 settings.transfer_perform=执行转让
@@ -2164,7 +2164,7 @@ settings.wiki_deletion_success=已成功删除仓库百科数据。
 settings.delete=删除本仓库
 settings.delete_desc=删除仓库是永久性的, 无法撤消。
 settings.delete_notices_1=- 此操作<strong>不可</strong>被回滚。
-settings.delete_notices_2=- 此操作将永久删除仓库 <strong>%s</strong>，包括 Git 数据、 议题、评论、百科和协作者的操作权限。
+settings.delete_notices_2=- 此操作将永久删除仓库 <strong>%s</strong>，包括 Git 数据、议题、评论、百科和协作者的操作权限。
 settings.delete_notices_fork_1=- 在此仓库删除后，它的派生仓库将变成独立仓库。
 settings.deletion_success=仓库已被删除。
 settings.update_settings_success=仓库设置已更新。
@@ -2190,28 +2190,28 @@ settings.change_team_permission_tip=团队权限设置于团队设置页面，
 settings.delete_team_tip=该团队仍有仓库, 无法删除
 settings.remove_team_success=团队访问仓库的权限已被删除。
 settings.add_webhook=添加 Web 钩子
-settings.add_webhook.invalid_channel_name=Webhook 通道名称不能为空且不能仅包含一个 # 字符。
-settings.hooks_desc=当Forgejo事件发生时，Web钩子自动发出HTTP POST请求。在 <a target="_blank" rel="noopener noreferrer" href="%s"> 指南</a> 中阅读更多内容。
+settings.add_webhook.invalid_channel_name=Web 钩子通道名称不能为空且不能仅包含一个 # 字符。
+settings.hooks_desc=当某些 Forgejo 事件发生时，Web 钩子将自动发出 HTTP POST 请求。在 <a target="_blank" rel="noopener noreferrer" href="%s">Web 钩子指南</a>阅读更多内容。
 settings.webhook_deletion=删除 Web 钩子
-settings.webhook_deletion_desc=删除 web钩子 将删除其设置和历史记录。继续？
+settings.webhook_deletion_desc=删除 Web 钩子将删除其设置和历史记录。继续？
 settings.webhook_deletion_success=Web 钩子已移除。
 settings.webhook.test_delivery=测试推送
-settings.webhook.test_delivery_desc=用假事件测试这个 web钩子。
-settings.webhook.test_delivery_desc_disabled=要用 虚假事件 测试这个Webhook，请激活它。
+settings.webhook.test_delivery_desc=使用假事件测试此 Web 钩子。
+settings.webhook.test_delivery_desc_disabled=用假事件测试这个 Web 钩子前，请先激活它。
 settings.webhook.request=请求内容
 settings.webhook.response=响应内容
 settings.webhook.headers=头信息
 settings.webhook.payload=内容
 settings.webhook.body=响应体
-settings.webhook.replay.description=重放此 webhook。
-settings.webhook.replay.description_disabled=若要重播此 WebHook，请激活它。
+settings.webhook.replay.description=重新执行此 Web 钩子。
+settings.webhook.replay.description_disabled=重新执行此 Web 钩子前，请先激活它。
 settings.webhook.delivery.success=一个事件已被添加到推送队列。可能需要过几秒钟才会显示在推送记录中。
-settings.githooks_desc=Git Hook 是 Git 本身提供的功能。您可以在下方编辑 hook 文件以设置自定义操作。
+settings.githooks_desc=Git 钩子是 Git 本身提供的功能。您可以在下方编辑 hook 文件以设置自定义操作。
 settings.githook_edit_desc=如果钩子未启动，则会显示样例文件中的内容。如果想要删除某个钩子，则提交空白文本即可。
 settings.githook_name=钩子名称
 settings.githook_content=钩子内容
 settings.update_githook=更新钩子
-settings.add_webhook_desc=Forgejo 将向目标 URL 发送具有指定内容类型的 <code>POST</code> 请求。在 <a target="_blank" rel="noopener noreferrer" href="%s">webhooks 指南</a> 中阅读更多内容。
+settings.add_webhook_desc=Forgejo 将向目标 URL 发送具有指定 Content-Type 的 <code>POST</code> 请求。在 <a target="_blank" rel="noopener noreferrer" href="%s">Web 钩子指南</a>阅读更多内容。
 settings.payload_url=目标 URL
 settings.http_method=HTTP 方法
 settings.content_type=POST 内容类型
@@ -2273,11 +2273,11 @@ settings.event_pull_request_merge=合并请求合并
 settings.event_package=软件包
 settings.event_package_desc=软件包已在仓库中被创建或删除。
 settings.branch_filter=分支过滤
-settings.branch_filter_desc=推送、创建，删除分支事件的分支白名单，使用 glob 模式匹配指定。若为空或 <code>*</code>，则将报告所有分支的事件。语法文档见 <a href="%[1]s">%[2]s</a>。示例：<code>master</code>,<code>{master,release*}</code>。
+settings.branch_filter_desc=推送事件、创建或删除分支事件的分支白名单，使用 glob 模式匹配指定。若为空或 <code>*</code>，则将报告所有分支的事件。语法文档见 <a href="%[1]s">%[2]s</a>。示例：<code>master</code>、<code>{master,release*}</code>。
 settings.authorization_header=授权标头
 settings.authorization_header_desc=当存在时将被作为授权标头包含在内。例如：%s。
 settings.active=激活
-settings.active_helper=触发事件的信息将发送到此 webhook 网址。
+settings.active_helper=将触发事件的信息发送到此 Web 钩子 URL。
 settings.add_hook_success=Web 钩子已添加。
 settings.update_webhook=更新 Web 钩子
 settings.update_hook_success=Web 钩子已更新。
@@ -2287,7 +2287,7 @@ settings.hook_type=钩子类型
 settings.slack_token=令牌
 settings.slack_domain=域名
 settings.slack_channel=频道
-settings.add_web_hook_desc=将 <a target="_blank" rel="noreferrer" href="%s">%s</a>集成到您的代码库。
+settings.add_web_hook_desc=将 <a target="_blank" rel="noreferrer" href="%s">%s</a> 集成到您的仓库。
 settings.web_hook_name_gitea=Gitea
 settings.web_hook_name_forgejo = Forgejo
 settings.web_hook_name_gogs=Gogs
@@ -2363,9 +2363,9 @@ settings.protect_branch_name_pattern=受保护的分支名称正则
 settings.protect_branch_name_pattern_desc=受保护的分支名称正则。语法请参阅<a href="%s">文档</a> 。如：main, release/**
 settings.protect_patterns=规则
 settings.protect_protected_file_patterns=受保护的文件模式（使用半角分号“;”分隔）
-settings.protect_protected_file_patterns_desc=即使用户有权添加、编辑或删除此分支中的文件，也不允许直接更改受保护的文件。 可以使用半角分号（“;”）分隔多个模式。 见<a href="%[1]s">%[2]s</a>文档了解模式语法。例如：<code>.drone.yml</code>, <code>/docs/**/*.txt</code>。
+settings.protect_protected_file_patterns_desc=即便用户有权添加、编辑或删除此分支中的文件，也不允许直接更改受保护的文件。多个匹配模式使用半角分号（";"）分隔。查阅 <a href="%[1]s">%[2]s</a> 文档了解匹配模式语法。例如：<code>.drone.yml</code>、<code>/docs/**/*.txt</code>。
 settings.protect_unprotected_file_patterns=不受保护的文件模式（使用半角分号“;”分隔）
-settings.protect_unprotected_file_patterns_desc=在用户有写权限的情况下允许绕过限制，直接修改设为不保护的文件。如有多个匹配模式，则可用半角分号（“;”）分隔开。见 <a href="%[1]s">%[2]s</a> 的文档以了解匹配模式的格式。例子：<code>.drone.yml</code>、<code>/docs/**/*.txt</code>。
+settings.protect_unprotected_file_patterns_desc=在用户有写权限的情况下允许绕过限制，直接修改设为不保护的文件。多个匹配模式可以使用半角分号（“;”）分隔。查阅 <a href="%[1]s">%[2]s</a> 文档了解匹配模式语法。例子：<code>.drone.yml</code>, <code>/docs/**/*.txt</code>。
 settings.update_protect_branch_success=分支保护规则 %s 更新成功。
 settings.remove_protected_branch_success=移除分支保护规则"%s"成功。
 settings.remove_protected_branch_failed=移除分支保护规则"%s"失败。
@@ -2387,20 +2387,20 @@ settings.protected_branch_required_rule_name=必须填写规则名称
 settings.protected_branch_duplicate_rule_name=这些分支已设有规则
 settings.protected_branch_required_approvals_min=所需的审批数不能为负数。
 settings.tags=标签
-settings.tags.protection=Git标签保护
-settings.tags.protection.pattern=Git标签模式
+settings.tags.protection=标签保护
+settings.tags.protection.pattern=标签模式
 settings.tags.protection.allowed=允许列表
 settings.tags.protection.allowed.users=允许的账号
 settings.tags.protection.allowed.teams=允许的团队
 settings.tags.protection.allowed.noone=无
 settings.tags.protection.create=添加规则
-settings.tags.protection.none=没有Git标签受到保护。
-settings.tags.protection.pattern.description=你可以使用单个名称或 glob 模式匹配或正则表达式来匹配多个标签。了解详情请访问 <a target="_blank" rel="noopener" href="%s">受保护Git标签指南</a>。
+settings.tags.protection.none=没有受保护的标签。
+settings.tags.protection.pattern.description=你可以使用单个名称、glob 模式匹配或正则表达式来匹配多个标签。了解详情请访问 <a target="_blank" rel="noopener" href="%s">受保护标签指南</a>。
 settings.bot_token=机器人令牌
 settings.chat_id=聊天 ID
 settings.thread_id=线程 ID
 settings.matrix.homeserver_url=主服务器网址
-settings.matrix.room_id=房间ID
+settings.matrix.room_id=房间 ID
 settings.matrix.message_type=消息类型
 settings.archive.button=存档仓库
 settings.archive.header=存档此仓库
@@ -2506,7 +2506,7 @@ diff.hide_file_tree=隐藏文件树
 releases.desc=跟踪项目版本和下载。
 release.releases=版本发布
 release.detail=发布详情
-release.tags=Git标签
+release.tags=标签
 release.new_release=发布新版
 release.draft=草稿
 release.prerelease=预发行
@@ -2537,12 +2537,12 @@ release.delete_release=删除发布
 release.delete_tag=删除标签
 release.deletion=删除发布
 release.deletion_desc=删除版本发布只会从 Forgejo 中移除。这不会影响 Git 的标签以及您仓库的内容和历史。是否继续？
-release.deletion_success=Release已被删除。
-release.deletion_tag_desc=将从仓库中删除此 Git标签。仓库内容和历史记录保持不变。继续吗？
+release.deletion_success=已删除此版本发布。
+release.deletion_tag_desc=将从仓库中删除此标签，仓库内容和历史记录将保持不变。继续吗？
 release.deletion_tag_success=该 Git 标签已被删除。
 release.tag_name_already_exist=使用此标签名称的发布版本已经存在。
 release.tag_name_invalid=标签名称无效。
-release.tag_name_protected=Git标签名称已受保护。
+release.tag_name_protected=标签名称受到保护。
 release.tag_already_exist=此 Git 标签已存在。
 release.downloads=下载附件
 release.add_tag_msg=使用发布的标题和内容作为标签消息。
@@ -2605,7 +2605,7 @@ error.csv.invalid_field_count=无法渲染此文件，因为它在第 %d 行中
 admin.enabled_flags = 该仓库启用的标志：
 admin.flags_replaced = 仓库标志已被替换
 admin.update_flags = 更新标志
-rss.must_be_on_branch = 您必须处于一个分支上才能拥有一个RSS订阅源。
+rss.must_be_on_branch = 只有在分支上才能有 RSS 订阅源。
 admin.manage_flags = 管理标志
 admin.failed_to_replace_flags = 替换仓库标志失败
 issues.blocked_by_user = 由于你已被仓库所有者屏蔽，你无法在此仓库创建议题。
@@ -2685,9 +2685,9 @@ pulls.edit.already_changed = 无法保存对合并请求的更改。内容似乎
 comments.edit.already_changed = 无法保存对评论的更改。内容似乎已经被另一个用户修改了，为了防止修改被覆盖，请刷新页面后再次尝试编辑
 subscribe.issue.guest.tooltip = 登录以订阅议题。
 subscribe.pull.guest.tooltip = 登录以订阅此合并请求。
-settings.federation_following_repos = 关注的仓库URL地址，多个地址以 “;” 分隔，不需要前后空格。
+settings.federation_following_repos = 关注的仓库 URL 地址。以 ";" 分隔，不需要空格。
 settings.federation_settings = 邦联设置
-settings.federation_apapiurl = 此仓库的邦联URL地址。将其作为关注的仓库URL地址填写到另一个仓库的邦联设置中。
+settings.federation_apapiurl = 此仓库的联邦 URL 地址。将其作为关注的仓库 URL 地址填写到另一个仓库的联邦设置中。
 settings.federation_not_enabled = 当前实例未启用邦联功能。
 issues.author.tooltip.issue = 此用户是本议题的作者。
 issues.author.tooltip.pr = 此用户是此合并请求的作者。
@@ -2737,7 +2737,7 @@ new_from_template = 使用模板
 new_from_template_description = 您可以选择此实例上现有仓库模板并应用其设置。
 new_advanced = 高级设置
 new_advanced_expand = 单击展开
-auto_init_description = 以一个自述文件、可选的许可证与 .gitignore 文件开始Git历史。
+auto_init_description = 以自述文件、可选的许可证和 .gitignore 文件开启 Git 历史。
 issues.reaction.add = 添加回应
 issues.reaction.alt_few = %[1]s 回应了 %[2]s。
 issues.reaction.alt_many = %[1]s 和另外 %[2]d 人回应了 %[3]s。
@@ -2762,19 +2762,19 @@ sync_fork.branch_behind_one = 此分支落后于 %[2]s %[1]d 个提交
 sync_fork.branch_behind_few = 此分支落后于 %[2]s %[1]d 个提交
 settings.event_action_failure = 失败
 settings.event_action_recover = 恢复
-settings.event_action_recover_desc = Action运行在同一工作流上次失败后成功。
+settings.event_action_recover_desc = Action 运行在同一工作流上次失败后成功。
 settings.event_action_success = 成功
-settings.event_action_success_desc = Action运行以成功结束。
-settings.event_action_failure_desc = Action运行以失败结束。
-settings.event_header_action = Action运行事件
+settings.event_action_success_desc = Action 运行以成功结束。
+settings.event_action_failure_desc = Action 运行以失败结束。
+settings.event_header_action = Action 运行事件
 issues.filter_type.all_pull_requests = 所有合并请求
 tree_path_not_found.commit = 路径 %[1]s 在提交 %[2]s 中不存在
 tree_path_not_found.branch = 路径 %[1]s 在分支 %[2]s 中不存在
 tree_path_not_found.tag = 路径 %[1]s 在标签 %[2]s 中不存在
 
 [graphs]
-component_loading=正在加载%s…
-component_loading_failed=无法加载%s
+component_loading=正在加载 %s…
+component_loading_failed=无法加载 %s
 component_loading_info=这可能需要一点时间…
 component_failed_to_load=意外的错误发生了。
 contributors.what=贡献
@@ -2943,28 +2943,28 @@ dashboard.cron.error=任务中的错误：%s：%[3]s
 dashboard.cron.finished=任务：%[1]s 已经完成
 dashboard.delete_inactive_accounts=删除所有未激活的帐户
 dashboard.delete_inactive_accounts.started=删除所有未激活的账户任务已启动。
-dashboard.delete_repo_archives=删除所有仓库的存档（ZIP、 TAR.GZ 等…）
+dashboard.delete_repo_archives=删除所有仓库的存档（ZIP、TAR.GZ等）
 dashboard.delete_repo_archives.started=删除所有仓库存档任务已启动。
 dashboard.delete_missing_repos=删除所有丢失 Git 文件的仓库
 dashboard.delete_missing_repos.started=删除所有丢失 Git 文件的仓库任务已启动。
 dashboard.delete_generated_repository_avatars=删除生成的仓库头像
 dashboard.sync_repo_branches=将缺少的分支从 Git 数据同步到数据库
-dashboard.sync_repo_tags = 将 git 数据中的标签同步到数据库
+dashboard.sync_repo_tags = 同步 Git 数据中的标签至数据库
 dashboard.update_mirrors=更新镜像仓库
 dashboard.repo_health_check=对所有仓库健康检查
 dashboard.check_repo_stats=检查所有仓库统计
 dashboard.archive_cleanup=删除旧的仓库存档
 dashboard.deleted_branches_cleanup=清理已删除的分支
-dashboard.update_migration_poster_id=更新迁移的发表者ID
+dashboard.update_migration_poster_id=更新迁移的发布者 ID
 dashboard.git_gc_repos=对仓库进行垃圾回收
 dashboard.resync_all_sshkeys=使用 Forgejo 的 SSH 密钥更新“.ssh/authorized_keys”文件。
 dashboard.resync_all_sshprincipals=使用 Forgejo 的 SSH 规则更新“.ssh/authorized_principals”文件。
-dashboard.resync_all_hooks=重新同步所有仓库的 pre-receive、update、 post-receive、proc-receive 等钩子
+dashboard.resync_all_hooks=重新同步所有仓库的 Git 钩子（pre-receive、update、post-receive、proc-receive 等）
 dashboard.reinit_missing_repos=重新初始化所有丢失的 Git 仓库存在的记录
 dashboard.sync_external_users=同步外部用户数据
 dashboard.cleanup_hook_task_table=清理 hook_task 表
 dashboard.cleanup_packages=清理过期的软件包
-dashboard.cleanup_actions=清理过期的Actions日志和制品
+dashboard.cleanup_actions=清理过期的 Actions 日志和制品
 dashboard.server_uptime=服务运行时间
 dashboard.current_goroutine=当前 Goroutines 数量
 dashboard.current_memory_usage=当前内存使用量
@@ -3037,7 +3037,7 @@ users.prohibit_login=已暂停账号
 users.is_admin=管理员账号
 users.is_restricted=受限账号
 users.allow_git_hook=允许创建 Git 钩子
-users.allow_git_hook_tooltip=Git 钩子将会被以操作系统用户运行，将会拥有同样的主机访问权限。因此，拥有此特殊的Git 钩子权限将能够访问合修改所有的 Forgejo 仓库或者Forgejo的数据库。同时也能获得Forgejo的管理员权限。
+users.allow_git_hook_tooltip=Git 钩子将以运行 Forgejo 的操作系统用户的身份执行，并拥有同等级别的主机访问权限。因此，拥有这种特殊 Git 钩子权限的用户可以访问和修改所有 Forgejo 仓库以及 Forgejo 使用的数据库。这使得他们也能够借此获取 Forgejo 管理员权限。
 users.allow_import_local=允许导入本地仓库
 users.allow_create_organization=允许创建组织
 users.update_profile=更新帐户
@@ -3107,13 +3107,13 @@ packages.repository=仓库
 packages.size=大小
 packages.published=已发布
 
-defaulthooks=默认Web钩子
+defaulthooks=默认 Web 钩子
 defaulthooks.desc=当某些 Forgejo 事件触发时，Web 钩子自动向服务器发出 HTTP POST 请求。这里定义的 Web 钩子是默认配置，将被复制到所有新的仓库中。详情请访问 <a target="_blank" rel="noopener" href="%s">Web 钩子指南</a>。
-defaulthooks.add_webhook=添加默认Web 钩子
-defaulthooks.update_webhook=更新默认 Web 钩子
+defaulthooks.add_webhook=添加默认 Web 钩子
+defaulthooks.update_webhook=更新默认 Web 钩子
 
 systemhooks=系统 Web 钩子
-systemhooks.desc=当某些 Forgejo 事件触发时，Web 钩子自动向服务器发出HTTP POST请求。这里定义的 Web 钩子将作用于系统上的所有仓库，所以请考虑这可能带来的任何性能影响。了解详情请访问 <a target="_blank" rel="noopener" href="%s">Web 钩子指南</a>。
+systemhooks.desc=当某些 Forgejo 事件触发时，Web 钩子自动向服务器发出 HTTP POST 请求。这里定义的 Web 钩子将作用于系统上的所有仓库，所以请考虑这可能带来的任何性能影响。了解详情请访问 <a target="_blank" rel="noopener" href="%s">Web 钩子指南</a>。
 systemhooks.add_webhook=添加系统 Web 钩子
 systemhooks.update_webhook=更新系统 Web 钩子
 
@@ -3135,11 +3135,11 @@ auths.bind_password=绑定密码
 auths.user_base=用户搜索基准
 auths.user_dn=用户 DN
 auths.attribute_username=用户名属性
-auths.attribute_username_placeholder=置空将使用Forgejo的用户名。
+auths.attribute_username_placeholder=留空以使用 Forgejo 中输入的的用户名。
 auths.attribute_name=名字属性
 auths.attribute_surname=姓氏属性
 auths.attribute_mail=电子邮件地址属性
-auths.attribute_ssh_public_key=SSH公钥属性
+auths.attribute_ssh_public_key=SSH 公钥属性
 auths.attribute_avatar=头像属性
 auths.attributes_in_bind=从 bind DN 中拉取属性信息
 auths.allow_deactivate_all=允许在搜索结果为空时停用所有用户
@@ -3172,7 +3172,7 @@ auths.pam_service_name=PAM 服务名称
 auths.pam_email_domain=PAM 电子邮件域（可选）
 auths.oauth2_provider=OAuth2 提供程序
 auths.oauth2_icon_url=图标 URL
-auths.oauth2_clientID=客户端 ID （键）
+auths.oauth2_clientID=客户端 ID（密钥）
 auths.oauth2_clientSecret=客户端密钥
 auths.openIdConnectAutoDiscoveryURL=OpenID 连接自动发现 URL
 auths.oauth2_use_custom_url=使用自定义的 URL 而不是默认的 URL
@@ -3197,17 +3197,17 @@ auths.tips=帮助提示
 auths.tips.oauth2.general=OAuth2 认证
 auths.tips.oauth2.general.tip=当注册新的 OAuth2 身份验证时，回调/重定向 URL 应该是：
 auths.tip.oauth2_provider=OAuth2 提供程序
-auths.tip.bitbucket=`在 %s
-auths.tip.nextcloud=使用菜单“设置->安全->OAuth 2.0客户端”在您的实例上注册一个新的 OAuth 客户端
+auths.tip.bitbucket=在 %s 注册新的 OAuth 客户端，并添加“账户”—“读取”权限
+auths.tip.nextcloud=在您的实例上使用菜单“设置 -> 安全 -> OAuth 2.0 客户端”注册新的 OAuth 客户端
 auths.tip.dropbox=在 %s 上创建一个新的应用程序
 auths.tip.facebook=`在 %s 注册一个新的应用，并添加产品"Facebook 登录"`
 auths.tip.github=在 %s 注册一个 OAuth 应用程序
 auths.tip.google_plus=从谷歌 API 控制台（%s） 获得 OAuth2 客户端凭据
-auths.tip.openid_connect=使用 OpenID 连接发现 URL（<server>/.well-known/openid-configuration） 来指定终点
+auths.tip.openid_connect=使用 OpenID Connect 发现 URL（<server>/.well-known/openid-configuration）指定端点
 auths.tip.twitter=前往 %s，创建一个应用程序并确保启用了“允许此应用程序用于使用 Twitter 登录”选项
 auths.tip.discord=在 %s 上注册新应用程序
 auths.tip.gitea=注册一个新的 OAuth2 应用程序。可以访问 %s 查看帮助
-auths.tip.yandex=在 %s 上创建一个新的应用程序。在“ Yandex.Passport API”这部分中选择以下权限：“访问电子邮件地址（Access to email address）”，“访问用户头像（Access to user avatar）”和“访问用户名，名字和姓氏，性别（Access to username, first name and surname, genderAccess to username, first name and surname, gender）”
+auths.tip.yandex=在 %s 上创建一个新的应用程序。在“Yandex.Passport API”这部分中选择以下权限：“访问电子邮件地址（Access to email address）”，“访问用户头像（Access to user avatar）”和“访问用户名，名字和姓氏，性别（Access to username, first name and surname, gender）”
 auths.tip.mastodon=输入您想要认证的 mastodon 实例的自定义 URL（或使用默认值）
 auths.edit=修改认证源
 auths.activated=该认证源已经启用
@@ -3227,7 +3227,7 @@ auths.invalid_openIdConnectAutoDiscoveryURL=无效的 Auto Discovery URL（这
 config.server_config=服务器配置
 config.app_name=实例名称
 config.app_ver=Forgejo 版本
-config.app_url=基本 URL
+config.app_url=基础 URL
 config.custom_conf=配置文件路径
 config.custom_file_root_path=自定义文件根路径
 config.domain=服务器域名
@@ -3299,7 +3299,7 @@ config.skip_tls_verify=跳过 TLS 验证
 
 config.mailer_config=邮件配置
 config.mailer_enabled=启用服务
-config.mailer_enable_helo=启用HELO
+config.mailer_enable_helo=启用 HELO
 config.mailer_name=任务名称
 config.mailer_protocol=协议
 config.mailer_smtp_addr=SMTP 地址
@@ -3417,8 +3417,8 @@ notices.op=操作
 notices.delete_success=系统通知已被删除。
 self_check.no_problem_found=尚未发现问题。
 self_check.database_collation_mismatch=期望数据库使用的校验方式：%s
-self_check.database_collation_case_insensitive=数据库正在使用排序规则%s，这是一个不敏感的排序规则。虽然Forgejo可以与其一同工作，但可能有一些罕见的情况存在问题。
-self_check.database_inconsistent_collation_columns=数据库正在使用%s的排序规则，但是这些列使用了不匹配的排序规则。这可能会造成一些意外问题。
+self_check.database_collation_case_insensitive=数据库正在使用排序规则 %s，这是一个不敏感的排序规则。虽然 Forgejo 可以与其一同工作，但可能有一些罕见的情况存在问题。
+self_check.database_inconsistent_collation_columns=数据库正在使用 %s 排序规则，但是这些列使用了不匹配的排序规则，可能会造成一些意外问题。
 self_check.database_fix_mysql=对于 MySQL/MariaDB 用户，您可以使用“forgejo doctor convert”命令来修复排序规则问题，或者您也可以手动通过“ALTER ... COLLATE ...” SQL 修复该问题。
 auths.tips.gmail_settings = Gmail 设置：
 auths.tip.gitlab_new = 在 %s 上注册新应用
@@ -3497,7 +3497,7 @@ raw_seconds=秒
 raw_minutes=分钟
 
 [dropzone]
-default_message=拖放文件或点击此处上传。
+default_message=拖放文件或点击此处上传
 invalid_input_type=您不能上传该类型的文件。
 file_too_big=文件体积（{{filesize}} MB）超过了最大允许体积（{{maxFilesize}} MB）。
 remove_file=移除文件
@@ -3524,8 +3524,8 @@ error.no_committer_account=没有帐户链接到提交者的电子邮件
 error.no_gpg_keys_found=找不到此签名对应的密钥
 error.not_signed_commit=提交未签名
 error.failed_retrieval_gpg_keys=找不到任何与该提交者账号相关的密钥
-error.probable_bad_signature=警告！虽然数据库中有一个此ID对应的密钥，但这个密钥不能验证此提交！该提交可疑。
-error.probable_bad_default_signature=警告！虽然默认密钥拥有此ID，但不能验证此提交！该提交可疑。
+error.probable_bad_signature=警告！尽管数据库中有此 ID 对应的密钥，但此提交未通过验证！此提交是可疑的。
+error.probable_bad_default_signature=警告！尽管默认密钥具有此 ID，但此提交未通过验证！此提交是可疑的。
 
 [units]
 unit=单元
@@ -3536,7 +3536,7 @@ error.unit_not_allowed=您没有权限访问此仓库单元。
 desc=管理仓库软件包。
 conan.details.repository=仓库
 owner.settings.cleanuprules.enabled=启用
-owner.settings.cleanuprules.keep.count.1=每个软件包1个版本
+owner.settings.cleanuprules.keep.count.1=每个软件包 1 个版本
 owner.settings.cleanuprules.keep.count.n=每个软件包 %d 个版本
 
 [secrets]
@@ -3550,7 +3550,7 @@ creation.success=您的密钥 '%s' 添加成功。
 creation.failed=添加密钥失败。
 deletion=删除密钥
 deletion.description=删除密钥是永久性的，无法撤消。继续吗？
-deletion.success=此Secret已被删除。
+deletion.success=已删除此机密。
 deletion.failed=删除密钥失败。
 management=密钥管理
 
@@ -3561,7 +3561,7 @@ unit.desc=使用 Forgejo Actions 管理集成的 CI/CD 管道。
 
 status.unknown=未知
 status.waiting=等待中
-status.running=正在运行
+status.running=运行中
 status.success=成功
 status.failure=失败
 status.cancelled=已取消
@@ -3654,8 +3654,8 @@ workflow.dispatch.run = 运行工作流
 workflow.dispatch.success = 已成功请求工作流运行。
 workflow.dispatch.input_required = 需要输入“%s”的值。
 runs.expire_log_message = 已清除日志，因为它们太旧了。
-runs.no_workflows.help_write_access = 不知道如何上手 Forgejo Actions？查看<a target="_blank" rel="noopener noreferrer" href="%s">用户文档的快速上手部分</a>来编写你的第一个工作流，然后<a target="_blank" rel="noopener noreferrer" href="%s">配置一个Forgejo运行器</a>来运行你的任务。
-runs.no_workflows.help_no_write_access = 欲了解关于Forgejo Actions的更多信息，请参见<a target="_blank" rel="noopener noreferrer" href="%s">文档</a>。
+runs.no_workflows.help_write_access = 不知道如何上手 Forgejo Actions？查看<a target="_blank" rel="noopener noreferrer" href="%s">用户文档的快速上手部分</a>来编写你的第一个工作流，然后<a target="_blank" rel="noopener noreferrer" href="%s">配置一个 Forgejo 运行器</a>来运行你的任务。
+runs.no_workflows.help_no_write_access = 欲了解关于 Forgejo Actions 的更多信息，请参见<a target="_blank" rel="noopener noreferrer" href="%s">文档</a>。
 variables.not_found = 找不到变量。
 
 [projects]
@@ -3665,7 +3665,7 @@ type-3.display_name=组织项目
 deleted.display_name = 已删除项目
 
 [git.filemode]
-changed_filemode=%[1]s -> %[2]s
+changed_filemode=%[1]s → %[2]s
 directory=目录
 normal_file=普通文件
 executable_file=可执行文件
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index 1ccf2cb5f8..2de1668d86 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -16,7 +16,7 @@ page=頁面
 template=模板
 language=語言
 notifications=通知
-active_stopwatch=啟動的時間追蹤器
+active_stopwatch=使用中的時間追蹤器
 create_new=建立…
 user_profile_and_more=個人資料和設定…
 signed_in_as=已登入為
@@ -2166,7 +2166,7 @@ settings.packagist_api_token=API 符記
 settings.packagist_package_url=Packagist 軟體包 URL
 settings.deploy_keys=部署金鑰
 settings.add_deploy_key=新增部署金鑰
-settings.deploy_key_desc=部署金鑰具有唯讀權限，可拉取此儲存庫。
+settings.deploy_key_desc=部署金鑰可具有唯讀或讀寫權限，可拉取此儲存庫。
 settings.is_writable=啟用寫入權限
 settings.is_writable_info=允許此部署金鑰<strong>推送</strong>至儲存庫。
 settings.no_deploy_keys=沒有任何部屬金鑰。
diff --git a/options/locale_next/locale_ar.json b/options/locale_next/locale_ar.json
index e019476c93..cd2a0fdb82 100644
--- a/options/locale_next/locale_ar.json
+++ b/options/locale_next/locale_ar.json
@@ -58,7 +58,6 @@
 	"moderation.abuse_category.malware": "برمجية خبيثة",
 	"relativetime.now": "الآن",
 	"relativetime.1month": "الشهر الفائت",
-	"relativetime.2weeks": "منذ أسبوعين",
 	"search.milestone_kind": "معالم البحث…",
 	"moderation.abuse_category.other_violations": "انتهاكات أخرى لقواعد المنصة",
 	"repo.issue_indexer.title": "مفهرس الإبلاغات",
@@ -75,10 +74,7 @@
 	"relativetime.1day": "الأمس",
 	"followers.outgoing.list.none": "لا يتابع %s أي شخص.",
 	"relativetime.1week": "أخر أسبوع",
-	"relativetime.2days": "منذ يومين",
-	"relativetime.2months": "منذ شهرين",
 	"relativetime.1year": "السنة الفائتة",
-	"relativetime.2years": "منذ سنتين",
 	"repo.form.cannot_create": "بلغت جميع المساحات التي يمكنك إنشاء مستودعات بها حدها.",
 	"alert.asset_load_failed": "تعذّر تحميل ملفات الأصول من {path}. تأكد من أن الملفات متاحة للوصول.",
 	"settings.visibility.description": "رؤية ملفك الشخصي تؤثر في قدرة الآخرين على الوصول إلى مستودعاتك غير الخاصة. <a href=\"%s\" target=\"_blank\">اعرف المزيد</a>",
diff --git a/options/locale_next/locale_be.json b/options/locale_next/locale_be.json
index a7fe15e0b1..a3723780f6 100644
--- a/options/locale_next/locale_be.json
+++ b/options/locale_next/locale_be.json
@@ -59,13 +59,9 @@
 		"many": "%d месяцаў таму"
 	},
 	"relativetime.1day": "учора",
-	"relativetime.2days": "два дні таму",
 	"relativetime.1week": "на мінулай тыдні",
-	"relativetime.2weeks": "два тыдні таму",
 	"relativetime.1month": "у мінулым месяцы",
-	"relativetime.2months": "два месяцы таму",
 	"relativetime.1year": "у мінулым годзе",
-	"relativetime.2years": "два гады таму",
 	"repo.issues.filter_poster.hint": "Фільтраваць па аўтары",
 	"repo.issues.filter_assignee.hint": "Фільтраваць па прызначаным карыстальніку",
 	"repo.issues.filter_reviewers.hint": "Фільтраваць па карыстальніку, які праверыў",
diff --git a/options/locale_next/locale_bg.json b/options/locale_next/locale_bg.json
index e807d5aa05..365ec2c23d 100644
--- a/options/locale_next/locale_bg.json
+++ b/options/locale_next/locale_bg.json
@@ -179,7 +179,6 @@
 	"mail.actions.run_info_trigger": "Задействано поради: %[1]s от: %[2]s",
 	"meta.last_line": "В България расте най-старото дърво в страната, Байкушевата мура, на възраст над 1300 години.",
 	"relativetime.1day": "вчера",
-	"relativetime.2months": "преди два месеца",
 	"home.explore_repos": "Разглеждане на хранилища",
 	"home.explore_users": "Разглеждане на потребители",
 	"home.explore_orgs": "Разглеждане на организации",
@@ -217,11 +216,8 @@
 	"followers.outgoing.list.self.none": "Не следвате никого.",
 	"followers.outgoing.list.none": "%s не следва никого.",
 	"relativetime.future": "в бъдеще",
-	"relativetime.2days": "преди два дни",
 	"relativetime.1week": "миналата седмица",
-	"relativetime.2weeks": "преди две седмици",
 	"relativetime.1month": "миналия месец",
-	"relativetime.2years": "преди две години",
 	"moderation.report_abuse_form.header": "Докладване на злоупотреба до администратора",
 	"moderation.abuse_category.malware": "Зловреден софтуер",
 	"moderation.abuse_category.other_violations": "Други нарушения на правилата на платформата",
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index 8a227a626a..0725a69519 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -51,13 +51,9 @@
 	"followers.outgoing.list.none": "%s no està seguint ningú.",
 	"relativetime.now": "ara",
 	"relativetime.1day": "ahir",
-	"relativetime.2days": "fa dos dies",
 	"relativetime.1week": "la setmana passada",
-	"relativetime.2weeks": "fa dues setmanes",
 	"relativetime.1month": "el mes passat",
-	"relativetime.2months": "fa dos mesos",
 	"relativetime.1year": "l'any passat",
-	"relativetime.2years": "fa dos anys",
 	"repo.form.cannot_create": "Tots els espais en els quals podeu crear repositoris han arribat al límit de repositoris.",
 	"migrate.form.error.url_credentials": "La URL conté credencials, poseu-los en els camps respectius de nom d'usuari i contrasenya",
 	"migrate.github.description": "Migrar dades de github.com o d'un servidor GitHub Enterprise.",
@@ -243,5 +239,15 @@
 	"actions.workflow.incomplete_runson_missing_output": "No s'ha pogut avaluar `runs-on` del treball %[1]s: el treball %[2]s no té una sortida %[3]s.",
 	"actions.workflow.incomplete_runson_missing_matrix_dimension": "No s'ha pogut avaluar `runs-on` del treball %[1]s: la mida de la matriu %[2]s no existeix.",
 	"actions.workflow.incomplete_runson_unknown_cause": "No s'ha pogut avaluar `runs-on` del treball %[1]s: error desconegut.",
-	"admin.auths.oauth2_quota_group_map_removal": "Elimina els usuaris dels grups de quotes sincronitzats si l'usuari no pertany al grup corresponent."
+	"admin.auths.oauth2_quota_group_map_removal": "Elimina els usuaris dels grups de quotes sincronitzats si l'usuari no pertany al grup corresponent.",
+	"packages.filter.type": "Tipus",
+	"packages.filter.type.all": "Tot",
+	"packages.arch.version.description": "Descripció",
+	"packages.container.labels": "Etiquetes",
+	"packages.dependency.version": "Versió",
+	"packages.alpine.repository.repositories": "Repositoris",
+	"packages.alpine.repository.architectures": "Arquitectures",
+	"packages.debian.repository.architectures": "Arquitectures",
+	"packages.rpm.repository.architectures": "Arquitectures",
+	"packages.alt.repository.architectures": "Arquitectures"
 }
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 00091a7192..8083da30a5 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -9,8 +9,8 @@
 	"packages.filter.no_result": "Váš filtr nepřinesl žádné výsledky.",
 	"packages.filter.container.tagged": "Označeno",
 	"packages.filter.container.untagged": "Neoznačeno",
-	"packages.published_by": "Zveřejněno %[1]s od <a href=\"%[2]s\">%[3]s</a>",
-	"packages.published_by_in": "Zveřejněno %[1]s od <a href=\"%[2]s\">%[3]s</a> v <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.published_by": "Zveřejněno %[1]s uživatelem <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Zveřejněno %[1]s uživatelem <a href=\"%[2]s\">%[3]s</a> v <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
 	"packages.pub.install": "Chcete-li nainstalovat balíček pomocí Dart, spusťte následující příkaz:",
 	"packages.installation": "Instalace",
 	"packages.about": "O tomto balíčku",
@@ -29,7 +29,7 @@
 	"packages.dependency.id": "ID",
 	"packages.dependency.version": "Verze",
 	"packages.search_in_external_registry": "Hledat v %s",
-	"packages.alpine.registry": "Nastavte tento registr přidáním URL do <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry": "Nastavte tento registr přidáním adresy URL do souboru <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Stáhněte si veřejný RSA klíč registru do složky <code>/etc/apk/keys/</code> pro ověření podpisu indexu:",
 	"packages.alpine.registry.info": "Vyberte $branch a $repository ze seznamu níže.",
 	"packages.alpine.install": "Pro instalaci balíčku spusťte následující příkaz:",
@@ -54,23 +54,23 @@
 	"packages.arch.version.replaces": "Nahrazuje",
 	"packages.arch.version.backup": "Záloha",
 	"packages.cargo.registry": "Nastavte tento registr v konfiguračním souboru Cargo (například <code>~/.cargo/config.toml</code>):",
-	"packages.cargo.install": "Chcete-li nainstalovat balíček pomocí Cargo, spusťte následující příkaz:",
+	"packages.cargo.install": "Pro instalaci balíčku pomocí nástroje Cargo spusťte následující příkaz:",
 	"packages.chef.registry": "Nastavit tento registr v souboru <code>~/.chef/config.rb</code>:",
 	"packages.chef.install": "Pro instalaci balíčku spusťte následující příkaz:",
 	"packages.composer.registry": "Nastavit tento registr v souboru <code>~/.composer/config.json</code>:",
-	"packages.composer.install": "Pro instalaci balíčku pomocí Compposer spusťte následující příkaz:",
+	"packages.composer.install": "Pro instalaci balíčku pomocí nástroje Composer spusťte následující příkaz:",
 	"packages.composer.dependencies": "Závislosti",
 	"packages.composer.dependencies.development": "Vývojové závislosti",
 	"packages.conan.registry": "Nastavte tento registr z příkazového řádku:",
-	"packages.conan.install": "Pro instalaci balíčku pomocí Conan spusťte následující příkaz:",
-	"packages.conda.registry": "Nastavte tento registr jako Conda repozitář ve vašem <code>.condarc</code>:",
-	"packages.conda.install": "Pro instalaci balíčku pomocí Conda spusťte následující příkaz:",
-	"packages.container.images.title": "Obrázky",
+	"packages.conan.install": "Pro instalaci balíčku pomocí nástroje Conan spusťte následující příkaz:",
+	"packages.conda.registry": "Nastavte tento registr jako repozitář Conda ve vašem souboru <code>.condarc</code>:",
+	"packages.conda.install": "Pro instalaci balíčku pomocí nástroje Conda spusťte následující příkaz:",
+	"packages.container.images.title": "Obrazy",
 	"packages.container.details.type": "Typ obrazu",
 	"packages.container.details.platform": "Platforma",
 	"packages.container.pull": "Stáhnout obraz z příkazové řádky:",
 	"packages.container.digest": "Výběr",
-	"packages.container.multi_arch": "OS/architektura",
+	"packages.container.multi_arch": "OS / architektura",
 	"packages.container.layers": "Vrstvy obrazu",
 	"packages.container.labels": "Štítky",
 	"packages.container.labels.key": "Klíč",
@@ -84,18 +84,18 @@
 	"packages.debian.repository.distributions": "Distribuce",
 	"packages.debian.repository.components": "Komponenty",
 	"packages.debian.repository.architectures": "Architektury",
-	"packages.generic.download": "Stáhnout balíček z příkazové řádky:",
-	"packages.go.install": "Nainstalovat balíček z příkazové řádky:",
+	"packages.generic.download": "Stáhněte balíček z příkazové řádky:",
+	"packages.go.install": "Nainstalujte balíček z příkazové řádky:",
 	"packages.helm.registry": "Nastavte tento registr z příkazového řádku:",
 	"packages.helm.install": "Pro instalaci balíčku spusťte následující příkaz:",
-	"packages.maven.registry": "Nastavte tento registr ve vašem projektu <code>pom.xml</code> souboru:",
-	"packages.maven.install": "Pro použití balíčku uveďte následující v bloku <code>dependencies</code> v souboru <code>pom.xml</code>:",
-	"packages.maven.install2": "Spustit pomocí příkazové řádky:",
-	"packages.maven.download": "Chcete-li stáhnout závislost, spusťte přes příkazový řádek:",
+	"packages.maven.registry": "Nastavte tento registr v souboru <code>pom.xml</code> vašeho projektu:",
+	"packages.maven.install": "Pro použití balíčku přidejte následující do bloku <code>dependencies</code> v souboru <code>pom.xml</code>:",
+	"packages.maven.install2": "Spusťte pomocí příkazové řádky:",
+	"packages.maven.download": "Pro stáhnutí závislosti spusťte následující příkaz v příkazovém řádku:",
 	"packages.nuget.registry": "Nastavte tento registr z příkazového řádku:",
-	"packages.nuget.install": "Chcete-li nainstalovat balíček pomocí NuGet, spusťte následující příkaz:",
-	"packages.nuget.dependency.framework": "Cílový Framework",
-	"packages.npm.registry": "Nastavte tento registr ve vašem projektu v souboru <code>.npmrc</code>:",
+	"packages.nuget.install": "Pro instalaci balíčku pomocí NuGet spusťte následující příkaz:",
+	"packages.nuget.dependency.framework": "Cílový framework",
+	"packages.npm.registry": "Nastavte tento registr v souboru <code>.npmrc</code> ve vašem projektu:",
 	"packages.npm.install": "Pro instalaci balíčku pomocí npm spusťte následující příkaz:",
 	"packages.npm.install2": "nebo ho přidejte do souboru package.json:",
 	"packages.npm.dependencies": "Závislosti",
@@ -107,13 +107,13 @@
 	"packages.pypi.requires": "Vyžaduje Python",
 	"packages.pypi.install": "Pro instalaci balíčku pomocí pip spusťte následující příkaz:",
 	"packages.rpm.registry": "Nastavte tento registr z příkazového řádku:",
-	"packages.rpm.distros.redhat": "na distribuce založené na RedHat",
-	"packages.rpm.distros.suse": "na distribuce založené na SUSE",
+	"packages.rpm.distros.redhat": "na distribucích založených na RedHat",
+	"packages.rpm.distros.suse": "na distribucích založených na SUSE",
 	"packages.rpm.install": "Pro instalaci balíčku spusťte následující příkaz:",
 	"packages.rpm.repository": "Informace o repozitáři",
 	"packages.rpm.repository.architectures": "Architektury",
 	"packages.rpm.repository.multiple_groups": "Tento balíček je dostupný v několika skupinách.",
-	"packages.alt.registry": "Nastavit tento registr z příkazové řádky:",
+	"packages.alt.registry": "Nastavte tento registr z příkazového řádku:",
 	"packages.alt.registry.install": "Pro instalaci balíčku spusťte následující příkaz:",
 	"packages.alt.install": "Instalovat balíček",
 	"packages.alt.setup": "Přidejte repozitář do seznamu připojených repozitářů (místo „_arch_“ zvolte potřebnou architekturu):",
@@ -127,47 +127,47 @@
 	"packages.rubygems.required.ruby": "Vyžaduje verzi Ruby",
 	"packages.rubygems.required.rubygems": "Vyžaduje verzi RubyGem",
 	"packages.swift.registry": "Nastavte tento registr z příkazového řádku:",
-	"packages.swift.install": "Přidejte balíček do svého <code>Package.swift</code> souboru:",
-	"packages.swift.install2": "a spustit následující příkaz:",
+	"packages.swift.install": "Přidejte balíček do svého souboru <code>Package.swift</code>:",
+	"packages.swift.install2": "a spusťte následující příkaz:",
 	"packages.vagrant.install": "Pro přidání Vagrant box spusťte následující příkaz:",
 	"packages.settings.link": "Propojit tento balíček s repozitářem",
-	"packages.settings.link.description": "Pokud propojíte balíček s repozitářem, je tento balíček uveden v seznamu balíčků repozitáře.",
+	"packages.settings.link.description": "Pokud propojíte balíček s repozitářem, bude tento balíček uveden v seznamu balíčků repozitáře.",
 	"packages.settings.link.select": "Vybrat repozitář",
-	"packages.settings.link.button": "Aktualizovat odkaz na repozitář",
-	"packages.settings.link.success": "Odkaz na repozitář byl úspěšně aktualizován.",
-	"packages.settings.link.error": "Nepodařilo se aktualizovat odkaz na repozitář.",
+	"packages.settings.link.button": "Aktualizovat propojení s repozitářem",
+	"packages.settings.link.success": "Propojení s repozitářem bylo úspěšně aktualizováno.",
+	"packages.settings.link.error": "Nepodařilo se aktualizovat propojení s repozitářem.",
 	"packages.settings.delete": "Odstranit balíček",
-	"packages.settings.delete.description": "Smazání balíčku je trvalé a nelze ho vrátit zpět.",
+	"packages.settings.delete.description": "Odstranění balíčku je trvalé a nelze ho vrátit zpět.",
 	"packages.settings.delete.notice": "Chystáte se odstranit %s (%s). Tato operace je nevratná, jste si jisti?",
 	"packages.settings.delete.success": "Balíček byl odstraněn.",
 	"packages.settings.delete.error": "Nepodařilo se odstranit balíček.",
 	"packages.owner.settings.cargo.title": "Index registru Cargo",
 	"packages.owner.settings.cargo.initialize": "Inicializovat index",
-	"packages.owner.settings.cargo.initialize.description": "Pro použití registru Cargo je zapotřebí speciální index Git. Použití této možnosti (znovu) vytvoří repozitář a automaticky jej nastaví.",
-	"packages.owner.settings.cargo.initialize.error": "Nepodařilo se inicializovat Cargo index: %v",
+	"packages.owner.settings.cargo.initialize.description": "Pro použití registru Cargo je zapotřebí speciální indexový Git repozitář. Použití této možnosti (znovu) vytvoří repozitář a automaticky jej nastaví.",
+	"packages.owner.settings.cargo.initialize.error": "Nepodařilo se inicializovat index Cargo: %v",
 	"packages.owner.settings.cargo.initialize.success": "Index Cargo byl úspěšně vytvořen.",
-	"packages.owner.settings.cargo.rebuild": "Znovu vytvořit index",
+	"packages.owner.settings.cargo.rebuild": "Znovu sestavit index",
 	"packages.owner.settings.cargo.rebuild.description": "Opětovné sestavení může být užitečné, pokud není index synchronizován s uloženými balíčky Cargo.",
-	"packages.owner.settings.cargo.rebuild.error": "Obnovení Cargo indexu se nezdařilo: %v",
+	"packages.owner.settings.cargo.rebuild.error": "Obnovení indexu Cargo se nezdařilo: %v",
 	"packages.owner.settings.cargo.rebuild.success": "Index Cargo byl úspěšně znovu sestaven.",
 	"packages.owner.settings.cargo.rebuild.no_index": "Opětovné vytvoření selhalo, nebyl inicializován žádný index.",
 	"packages.owner.settings.cleanuprules.title": "Pravidla čištění",
 	"packages.owner.settings.cleanuprules.add": "Přidat pravidlo pro čištění",
-	"packages.owner.settings.cleanuprules.edit": "Upravit pravidlo pro čištění",
+	"packages.owner.settings.cleanuprules.edit": "Upravit pravidlo čištění",
 	"packages.owner.settings.cleanuprules.none": "Zatím nejsou k dispozici žádná pravidla čištění.",
-	"packages.owner.settings.cleanuprules.preview": "Náhled pravidla pro čištění",
-	"packages.owner.settings.cleanuprules.preview.overview": "%d balíčků má být odstraněno.",
-	"packages.owner.settings.cleanuprules.preview.none": "Pravidlo čištění neodpovídá žádným balíčkům.",
+	"packages.owner.settings.cleanuprules.preview": "Náhled pravidla čištění",
+	"packages.owner.settings.cleanuprules.preview.overview": "Je plánováno odstranění %d balíčků.",
+	"packages.owner.settings.cleanuprules.preview.none": "Pravidlu čištění neodpovídají žádné balíčky.",
 	"packages.owner.settings.cleanuprules.pattern_full_match": "Použít vzor na úplný název balíčku",
 	"packages.owner.settings.cleanuprules.keep.title": "Verze, které odpovídají těmto pravidlům, jsou zachovány, i když odpovídají níže uvedenému pravidlu pro odstranění.",
 	"packages.owner.settings.cleanuprules.keep.count": "Zachovat nejnovější",
 	"packages.owner.settings.cleanuprules.keep.pattern": "Ponechat odpovídající verze",
-	"packages.owner.settings.cleanuprules.keep.pattern.container": "U balíčků Container je vždy zachována <code>nejnovější</code> verze.",
-	"packages.owner.settings.cleanuprules.remove.title": "Verze, které odpovídají těmto pravidlům, jsou odstraněny, pokud výše uvedené pravidlo neukládá jejich zachování.",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "U balíčků Container je vždy zachována nejnovější (<code>latest</code>) verze.",
+	"packages.owner.settings.cleanuprules.remove.title": "Verze, které odpovídají těmto pravidlům, budou odstraněny, pokud výše uvedené pravidlo neukládá jejich zachování.",
 	"packages.owner.settings.cleanuprules.remove.days": "Odstranit verze starší než",
-	"packages.owner.settings.cleanuprules.remove.pattern": "Odstranit odpovídající verze",
-	"packages.owner.settings.cleanuprules.success.update": "Pravidlo pro čištění bylo aktualizováno.",
-	"packages.owner.settings.cleanuprules.success.delete": "Pravidlo pro čištění bylo odstraněno.",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Odstranit verze odpovídající",
+	"packages.owner.settings.cleanuprules.success.update": "Pravidlo čištění bylo aktualizováno.",
+	"packages.owner.settings.cleanuprules.success.delete": "Pravidlo čištění bylo odstraněno.",
 	"packages.owner.settings.chef.title": "Registr Chef",
 	"packages.owner.settings.chef.keypair": "Generovat pár klíčů",
 	"packages.owner.settings.chef.keypair.description": "Žádosti odeslané do registru Chef musí být kryptograficky podepsané jako způsob ověření. Při generování páru klíčů je ve službě Forgejo uložen pouze veřejný klíč. Soukromý klíč je poskytnut vám, abyste jej mohli použít s programem knife. Vygenerováním nového páru klíčů přepíšete ten předchozí.",
@@ -226,13 +226,9 @@
 		"other": "před %d lety"
 	},
 	"relativetime.1day": "včera",
-	"relativetime.2days": "před dvěma dny",
 	"relativetime.1week": "minulý týden",
-	"relativetime.2weeks": "před dvěma týdny",
 	"relativetime.1month": "minulý měsíc",
-	"relativetime.2months": "před dvěma měsíci",
 	"relativetime.1year": "minulý rok",
-	"relativetime.2years": "před dvěma lety",
 	"relativetime.weeks": {
 		"one": "před %d týdnem",
 		"few": "před %d týdny",
@@ -444,5 +440,11 @@
 	"editor.toggle_case": "Přepnout rozlišování velikosti písmen",
 	"editor.toggle_regex": "Přepnout používání regulárních výrazů",
 	"editor.toggle_whole_word": "Přepnout shodu s celými slovy",
-	"repo.view.gitmodules_too_large": "Soubor .gitmodules je příliš velký a bude ignorován (např. při voláních API)"
+	"repo.view.gitmodules_too_large": "Soubor .gitmodules je příliš velký a bude ignorován (např. při voláních API)",
+	"install.ssh_authorized_keys_inspection_error": "Nepodařilo se projít existující soubor authorized_keys: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Povolení SSH pro Forgejo je v konfliktu se souborem umístěným v %s, který obsahuje existující klíče SSH. Návrhy: použijte pro Forgejo vyhrazeného systémového uživatele nebo SSH deaktivujte.",
+	"actions.secrets.creation.name_description": "Název tajného klíče může obsahovat pouze písmena, čísla a podtržítka. Nesmí začínat textem FORGEJO_, GITEA_, GITHUB_ nebo číslem. Forgejo jej automaticky převede na velká písmena.",
+	"actions.secrets.creation.value_description": "Hodnota tajného klíče může být jakýkoli text. Speciální znaky zůstanou zachovány. CRLF (zakončení řádků ve stylu Windows) budou automaticky převedeny na LF. Zakódujte hodnotu pomocí Base64, pokud chcete zachovat zakončení řádků.",
+	"actions.variables.mutation.name_description": "Název proměnné může obsahovat pouze písmena, čísla a podtržítka. Nesmí mít název CI nebo začínat textem FORGEJO_, GITEA_, GITHUB_ nebo číslem. Forgejo jej automaticky převede na velká písmena.",
+	"actions.variables.mutation.value_description": "Hodnota proměnné může být jakýkoli text. Speciální znaky zůstanou zachovány. CRLF (zakončení řádků ve stylu Windows) budou automaticky převedeny na LF. Zakódujte hodnotu pomocí Base64, pokud chcete zachovat zakončení řádků."
 }
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index 116c2dc794..eac39ebc00 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -234,19 +234,15 @@
 	},
 	"relativetime.1day": "i går",
 	"relativetime.1week": "sidste uge",
-	"relativetime.2weeks": "2 uger siden",
-	"relativetime.2months": "2 måneder siden",
 	"relativetime.1year": "sidste år",
 	"relativetime.weeks": {
 		"one": "%d uge siden",
 		"other": "%d uger siden"
 	},
-	"relativetime.2years": "2 år siden",
 	"relativetime.years": {
 		"one": "%d år siden",
 		"other": "%d år siden"
 	},
-	"relativetime.2days": "2 dage siden",
 	"relativetime.1month": "sidste måned",
 	"repo.form.cannot_create": "Alle områder, hvor du kan oprette depoter, har nået grænsen for antal depoter.",
 	"repo.issue_indexer.title": "Problemindekser",
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 02571c2ecb..27a4b1cc1a 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -233,20 +233,16 @@
 	},
 	"relativetime.1week": "letzte Woche",
 	"relativetime.1month": "letzten Monat",
-	"relativetime.2months": "vor zwei Monaten",
 	"relativetime.1year": "letztes Jahr",
-	"relativetime.2years": "vor zwei Jahren",
 	"relativetime.1day": "gestern",
 	"relativetime.weeks": {
 		"one": "vor %d Woche",
 		"other": "vor %d Wochen"
 	},
-	"relativetime.2weeks": "vor zwei Wochen",
 	"relativetime.mins": {
 		"one": "vor %d Minute",
 		"other": "vor %d Minuten"
 	},
-	"relativetime.2days": "vorgestern",
 	"relativetime.future": "in der Zukunft",
 	"admin.config.moderation_config": "Moderations-Konfiguration",
 	"moderation.report_abuse": "Missbrauch melden",
@@ -429,5 +425,11 @@
 	"editor.find_previous": "Vorheriger Treffer",
 	"editor.find_next": "Nächster Treffer",
 	"editor.toggle_whole_word": "Treffer auf ganze Wörter umschalten",
-	"repo.view.gitmodules_too_large": "Die .gitmodules-Datei ist zu groß und wird ignoriert (zum Beispiel für API-Aufrufe)"
+	"repo.view.gitmodules_too_large": "Die .gitmodules-Datei ist zu groß und wird ignoriert (zum Beispiel für API-Aufrufe)",
+	"install.ssh_authorized_keys_inspection_error": "Existierende authorized_keys-Datei konnte nicht untersucht werden: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Die Aktivierung von SSH für Forgejo steht im Konflikt mit der Datei, die sich bei %s befindet und existierende SSH-Keys enthält. Vorschlag: Benutzen Sie einen eigenen Systembenutzer für Forgejo oder deaktivieren Sie SSH.",
+	"actions.secrets.creation.name_description": "Der Name eines Geheimnisses darf nur Buchstaben, Ziffern und Unterstriche enthalten. Es darf nicht mit „FORGEJO_“, „GITEA_“, „GITHUB_“ oder einer Zahl anfangen. Forgejo wird es automatisch in Großbuchstaben umwandeln.",
+	"actions.secrets.creation.value_description": "Der Wert eines Geheimnisses kann jeder Text sein. Sonderzeichen werden beibehalten. CRLF (Zeilenumbrüche im Windows-Stil) werden automatisch zu LF konvertiert. Kodieren Sie den Wert mit Base64, falls Zeilenumbrüche beibehalten werden sollen.",
+	"actions.variables.mutation.name_description": "Der Name einer Variable kann nur Buchstaben, Ziffern und Unterstriche enthalten. Er darf nicht „CI“ lauten oder mit „FORGEJO_“, „GITEA_“, „GITHUB_“ oder einer Zahl beginnen. Forgejo wird ihn automatisch zu Großbuchstaben umwandeln.",
+	"actions.variables.mutation.value_description": "Der Wert einer Variablen kann jeder Text sein. Sonderzeichen werden beibehalten. CRLF (Zeilenumbrüche im Windows-Stil) werden automatisch zu LF konvertiert. Kodieren Sie den Wert mit Base64, falls Zeilenumbrüche beibehalten werden sollen."
 }
diff --git a/options/locale_next/locale_el-GR.json b/options/locale_next/locale_el-GR.json
index d4813225ae..806378fb9f 100644
--- a/options/locale_next/locale_el-GR.json
+++ b/options/locale_next/locale_el-GR.json
@@ -224,12 +224,9 @@
 	"followers.incoming.list.self.none": "Καμία παρακολούθηση στο προφίλ σας.",
 	"followers.incoming.list.none": "Κανείς δεν ακολουθεί αυτό το χρήστη.",
 	"followers.outgoing.list.none": "Ο χρήστης %s δεν ακολουθεί κανέναν.",
-	"relativetime.2days": "πριν από δύο μέρες",
 	"relativetime.1week": "την προηγούμενη εβδομάδα",
-	"relativetime.2weeks": "πριν από δύο εβδομάδες",
 	"relativetime.1month": "τον προηγούμενο μήνα",
 	"relativetime.1year": "πέρυσι",
-	"relativetime.2years": "πριν από δύο έτη",
 	"compare.branches.title": "Σύγκριση κλάδων",
 	"repo.commit.load_tags_failed": "Αποτυχία ανάκτησης ετικετών λόγω εσωτερικού σφάλματος",
 	"admin.auths.allow_username_change": "Επιτρέπεται η αλλαγή ονόματος χρήστη",
@@ -265,7 +262,6 @@
 	"editor.textarea.tab_hint": "Η γραμμή είναι ήδη στοιχισμένη. Πατήστε <kbd>Tab</kbd> ξανά ή <kbd>Escape</kbd> για να βγείτε από το συντάκτη.",
 	"repo.settings.push_mirror.branch_filter.description": "Κλάδοι που θα καθρεφτιστούν. Αφήστε κενό για να καθρεφτίζονται όλοι οι κλάδοι. Δείτε τη <a href=\"%[1]s\">τεκμηρίωση του %[2]s</a> για τη σύνταξη. Παράδειγμα: <code>main, release/*</code>",
 	"relativetime.1day": "χθες",
-	"relativetime.2months": "πριν από δύο μήνες",
 	"error.must_enable_2fa": "Αυτή η εγκατάσταση Forgejo απαιτεί από τους χρήστες να ορίσουν τη ταυτοποίηση δύο-παραγόντων πριν αποκτήσουν πρόσβαση στο λογαριασμό τους. Ενεργοποιήστε τη στο: %s",
 	"user.ghost.tooltip": "Ο χρήστης έχει διαγραφεί ή δεν μπορεί να βρεθεί.",
 	"settings.twofa_reenroll.description": "Ορίστε ξανά την ταυτοποίηση δύο παραγόντων",
@@ -364,5 +360,24 @@
 	"moderation.action.account.suspend": "Αναστολή λογαριασμού",
 	"moderation.action.repo.delete": "Διαγραφή αποθετηρίου",
 	"moderation.action.issue.delete": "Διαγραφή ζητήματος",
-	"keys.verify.token.hint": "Το διακριτικό είναι έγκυρο μόνο για 1 λεπτό. <a href=\"%[1]s\">Λάβετε ένα καινούργιο εάν έχει λήξει</a>."
+	"keys.verify.token.hint": "Το διακριτικό είναι έγκυρο μόνο για 1 λεπτό. <a href=\"%[1]s\">Λάβετε ένα καινούργιο εάν έχει λήξει</a>.",
+	"repo.issues.filter_sort.hint": "Ταξινόμηση κατά: δημιουργήθηκε/σχόλια/ενημερώθηκε/διορία",
+	"editor.search": "Αναζήτηση",
+	"editor.find_previous": "Προηγούμενη εύρεση",
+	"editor.find_next": "Επόμενη εύρεση",
+	"editor.replace": "Αντικατάσταση",
+	"editor.replace_all": "Αντικατάσταση όλων",
+	"moderation.users.cannot_suspend_admins": "Οι χρήστες με δικαιώματα διαχειριστή δεν μπορούν να ανασταλούν.",
+	"moderation.users.cannot_suspend_self": "Δεν μπορείτε να αναστείλετε τον εαυτό σας.",
+	"moderation.users.cannot_suspend_org": "Οι οργανισμοί δεν μπορούν να ανασταλούν.",
+	"moderation.users.already_suspended": "Ο λογαριασμός χρήστη είναι ήδη σε αναστολή.",
+	"moderation.users.suspend_success": "Ο λογαριασμός χρήστη έχει ανασταλεί.",
+	"moderation.users.cannot_delete_admins": "Οι χρήστες με δικαιώματα διαχειριστή δεν μπορούν να διαγραφούν.",
+	"moderation.issue.deletion_success": "Το ζήτημα έχει διαγραφεί.",
+	"moderation.comment.deletion_success": "Το σχόλιο έχει διαγραφεί.",
+	"admin.dashboard.actions_action_user": "Ανακαλέσετε την εμπιστοσύνη του Forgejo Actions για ανενεργούς χρήστες",
+	"admin.dashboard.transfer_lingering_logs": "Μεταβιβάστε τις καταγραφές ενεργειών για τις ολοκληρωμένες εργασίες ενεργειών από τη βάση δεδομένων στον αποθηκευτικό χώρο",
+	"migrate.pagure.private_issues.summary": "Ιδιωτικά Ζητήματα (Προαιρετικό)",
+	"teams.add_all_repos.modal.header": "Προσθήκη όλων των αποθετηρίων",
+	"teams.remove_all_repos.modal.header": "Αφαίρεση όλων των αποθετηρίων"
 }
diff --git a/options/locale_next/locale_eo.json b/options/locale_next/locale_eo.json
index edb35eea9f..20d9f4515c 100644
--- a/options/locale_next/locale_eo.json
+++ b/options/locale_next/locale_eo.json
@@ -40,13 +40,9 @@
 		"other": "antaŭ %d jaroj"
 	},
 	"relativetime.1day": "hieraŭ",
-	"relativetime.2days": "antaŭ du tagoj",
 	"relativetime.1week": "je lasta semajno",
-	"relativetime.2weeks": "antaŭ du semajnoj",
 	"relativetime.1month": "je lasta monato",
-	"relativetime.2months": "antaŭ du monatoj",
 	"relativetime.1year": "je lasta jaro",
-	"relativetime.2years": "antaŭ du jaroj",
 	"migrate.github.description": "Migrigi datumojn el github.com aŭ Github Enterprise server.",
 	"migrate.git.description": "Migrigi nur deponejon el ajna Git servilo.",
 	"migrate.gitea.description": "Migrigi datumojn el gitea.com aŭ aliaj Gitea instancoj.",
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index 152553c2e3..ef9ea8e9d2 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -218,9 +218,7 @@
 	"home.explore_orgs": "Explorar organizaciones",
 	"moderation.abuse_category.malware": "Malware",
 	"relativetime.1day": "ayer",
-	"relativetime.2months": "hace dos meses",
 	"relativetime.1year": "el año pasado",
-	"relativetime.2years": "hace dos años",
 	"repo.form.cannot_create": "Todos los espacios en los que puedes crear repositorios llegaron al límite de repositorios.",
 	"stars.list.none": "Nadie le ha dado una estrella a este repo.",
 	"watch.list.none": "Nadie está observando este repo.",
@@ -229,7 +227,6 @@
 	"followers.outgoing.list.self.none": "No estás siguiendo a nadie.",
 	"followers.outgoing.list.none": "%s no sigue a nadie.",
 	"relativetime.1week": "la semana pasada",
-	"relativetime.2weeks": "hace dos semanas",
 	"relativetime.1month": "el mes pasado",
 	"alert.asset_load_failed": "Error al cargar recursos desde {path}. Por favor, asegúrate de que se puede acceder a los recursos.",
 	"install.invalid_lfs_path": "Imposible crear la raíz LFS en la ruta indicada: %[1]s",
@@ -274,7 +271,6 @@
 	"moderation.report_abuse_form.already_reported": "Ya has reportado este contenido",
 	"moderation.abuse_category": "Categoría",
 	"repo.issue_indexer.title": "Índice de incidencias",
-	"relativetime.2days": "hace dos días",
 	"moderation.abuse_category.illegal_content": "Contenido ilegal",
 	"repo.settings.push_mirror.branch_filter.description": "Ramas a seguir. Deje en blanco para seguir todas las ramas. Consulte la <a href=\"%[1]s\">%[2]s documentation</a> de la sintaxis. Ejemplos: <code>main, release/*</code>",
 	"moderation.reporting_failed": "No fue posible enviar el nuevo reporte de abuso: %v",
@@ -310,5 +306,12 @@
 		"one": "%s pull request activa",
 		"many": "%s pull requests activas",
 		"other": ""
-	}
+	},
+	"repo.issues.filter_assignee.hint": "Filtrar por usuario asignado",
+	"repo.issues.filter_reviewers.hint": "Filtrar por usuario revisor",
+	"repo.issues.filter_mention.hint": "Filtrar por usuario mencionado",
+	"repo.issues.filter_modified.hint": "Filtrar por fecha de última modificación",
+	"repo.issues.filter_poster.hint": "Filtrar por autor",
+	"repo.issues.filter_sort.hint": "Ordenar por: creación/comentarios/actualización/fecha límite",
+	"issues.updated": "actualizado %s"
 }
diff --git a/options/locale_next/locale_et.json b/options/locale_next/locale_et.json
index e2dc9f88d7..884f7da179 100644
--- a/options/locale_next/locale_et.json
+++ b/options/locale_next/locale_et.json
@@ -5,16 +5,12 @@
 		"other": "%s tärni"
 	},
 	"search.milestone_kind": "Otsi verstaposte…",
-	"relativetime.2years": "kaks aastat tagasi",
 	"error.not_found.title": "Lehte ei leidu",
 	"themes.names.forgejo-light": "Forgejo hele kujundus",
 	"themes.names.forgejo-dark": "Forgejo tume kujundus",
 	"themes.names.forgejo-auto": "Forgejo (süsteemi kujundus)",
-	"relativetime.2days": "kaks päeva tagasi",
 	"relativetime.1week": "eelmisel nädalal",
-	"relativetime.2weeks": "kaks nädalat tagasi",
 	"relativetime.1month": "eelmisel kuul",
-	"relativetime.2months": "kaks kuud tagasi",
 	"relativetime.months": {
 		"one": "%d kuu tagasi",
 		"other": "%d kuud tagasi"
diff --git a/options/locale_next/locale_fi-FI.json b/options/locale_next/locale_fi-FI.json
index f99322eef5..3482591965 100644
--- a/options/locale_next/locale_fi-FI.json
+++ b/options/locale_next/locale_fi-FI.json
@@ -202,11 +202,8 @@
 		"other": "%d vuotta sitten"
 	},
 	"relativetime.1day": "eilen",
-	"relativetime.2days": "kaksi päivää sitten",
 	"relativetime.1week": "viime viikolla",
-	"relativetime.2weeks": "kaksi viikkoa sitten",
 	"relativetime.1year": "viime vuonna",
-	"relativetime.2years": "kaksi vuotta sitten",
 	"relativetime.hours": {
 		"one": "%d tunti sitten",
 		"other": "%d tuntia sitten"
@@ -222,7 +219,6 @@
 		"other": "%d viikkoa sitten"
 	},
 	"meta.last_line": "Thank you for translating Forgejo! Päivitä tämä käännös, jos luet tämän viestin.",
-	"relativetime.2months": "kaksi kuukautta sitten",
 	"mail.actions.successful_run_after_failure_subject": "Työnkulku %[1]s palautettu tietovarastoon %[2]s",
 	"mail.actions.successful_run_after_failure": "Työnkulku %[1]s palautettu tietovarastoon %[2]s",
 	"mail.actions.run_info_cur_status": "Tämän juoksun tila: %[1]s (juuri päivitetty %[2]s:sta)",
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 9928fd0c93..379bf49760 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -168,7 +168,7 @@
 	"packages.owner.settings.cleanuprules.remove.pattern": "Tanggalin ang mga bersyon na tumutugma sa",
 	"packages.owner.settings.cleanuprules.success.update": "Na-update na cleanup rule.",
 	"packages.owner.settings.cleanuprules.success.delete": "Nabura na ang cleanup rule.",
-	"packages.owner.settings.chef.title": "Chef registry",
+	"packages.owner.settings.chef.title": "Registry ng Chef",
 	"packages.owner.settings.chef.keypair": "Gumawa ng key pair",
 	"packages.owner.settings.chef.keypair.description": "Ang mga hiling na pinapadala sa Chef registry ay dapat na cryptographically na nakalagda bilang paraan ng authentication. Kapag nag-ge-generate ng isang keypair, ang pampublikong key lamang ang iniimbak ng Forgejo. Ang pribadong key ay binibigay sa iyo na gagamitin sa knife. Ang pag-generate ng bagong keypair i io-overwrite ang luma.",
 	"fork.n_forks": {
@@ -230,12 +230,8 @@
 		"one": "%d taon ang nakalipas",
 		"other": "%d (na) taon ang nakalipas"
 	},
-	"relativetime.2days": "2 araw ang nakalipas",
-	"relativetime.2weeks": "2 linggo ang nakalipas",
-	"relativetime.2months": "2 buwan ang nakalipas",
 	"relativetime.1week": "nakaraang linggo",
 	"relativetime.future": "sa kinabukasan",
-	"relativetime.2years": "2 taon ang nakalipas",
 	"relativetime.1day": "kahapon",
 	"relativetime.hours": {
 		"one": "%d oras ang nakalipas",
@@ -420,5 +416,20 @@
 	"pulls.manual_merge.helpder.description": "Gamitin ang mensahe na ito kapag kukumpletuhin nang manwal ang pagsasama.",
 	"pulls.manual_merge.commit.title": "Title ng merge commit",
 	"pulls.manual_merge.commit.body": "Nilalaman ng merge commit",
-	"pulls.manual_merge.copy.button": "Kopyahin ang mensahe ng merge commit"
+	"pulls.manual_merge.copy.button": "Kopyahin ang mensahe ng merge commit",
+	"repo.view.gitmodules_too_large": "Masyadong malaki ang .gitmodules file at hindi ito papansinin (hal. para sa API call)",
+	"install.ssh_authorized_keys_inspection_error": "Nabigong suriin ang umiiral na authroized_keys file: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Sumasalungat sa file na nakalagay sa %s ng mga umiiral na SSH key ang pag-enable ng SSH para sa Forgejo. Mga mungkahi: gumamit ng dedikadong system user para sa Forgejo, o I-disable ang SSH.",
+	"actions.secrets.creation.name_description": "Maaari lamang maglaman ng mga letra, numero, at underscore ang pangalan. Hindi maaaring magsimula sa FORGEJO_, GITEA_, GITHUB_, o isang numero. Awtomatikong iko-convert ng Forgejo sa uppercase.",
+	"actions.secrets.creation.value_description": "Maaaring anumang teksto ang value ng sikreto. Pinapanatili ang mga espesyal na karakter. Awtomatikong kino-convert ang mga CRLF (Windows-style na line break) sa LF. I-encode ang value sa Base64 kung dapat panatilihin ang mga line break.",
+	"actions.variables.mutation.name_description": "Maaari lamang maglaman ng mga letra, numero, at underscore ang pangalan ng variable. Hindi maaaring magsimula sa FORGEJO_, GITEA_, GITHUB_, o isang numero. Awtomatikong iko-convert ng Forgejo sa uppercase.",
+	"actions.variables.mutation.value_description": "Maaaring anumang teksto ang value ng variable. Pinapanatili ang mga espesyal na karakter. Awtomatikong kino-convert ang mga CRLF (Windows-style na line break) sa LF. I-encode ang value sa Base64 kung dapat panatilihin ang mga line break.",
+	"editor.search": "Maghanap",
+	"editor.find_previous": "Nakaraang hanap",
+	"editor.find_next": "Susunod na hanap",
+	"editor.replace": "Palitan",
+	"editor.replace_all": "Palitan lahat",
+	"editor.toggle_case": "I-toggle ang case sensitivity",
+	"editor.toggle_regex": "I-toggle ang paggamit ng mga regular na ekspresyon",
+	"editor.toggle_whole_word": "I-toggle ang pagtugma ng mga buong salita"
 }
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index b352790a8b..c742f5f621 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -226,12 +226,8 @@
 		"other": "il y a %d ans"
 	},
 	"relativetime.1day": "hier",
-	"relativetime.2days": "il y a 2 jours",
 	"relativetime.1week": "la semaine dernière",
-	"relativetime.2weeks": "il y a 2 semaines",
-	"relativetime.2months": "il y a 2 mois",
 	"relativetime.1year": "l'année dernière",
-	"relativetime.2years": "il y a 2 ans",
 	"themes.names.forgejo-light": "Forgejo clair",
 	"themes.names.forgejo-dark": "Forgejo sombre",
 	"themes.names.forgejo-auto": "Forgejo (suivre le thème du système)",
@@ -431,5 +427,12 @@
 	"repo.view.gitmodules_too_large": "Le fichier .gitmodules est trop volumineux et sera ignoré (lors des appels API par exemple)",
 	"search.fuzzy": "Approximative",
 	"pulls.manual_merge.commit.title": "Titre de la fusion de commit",
-	"pulls.manual_merge.commit.body": "Contenue de la fusion de commit"
+	"pulls.manual_merge.commit.body": "Contenue de la fusion de commit",
+	"install.ssh_authorized_keys_inspection_error": "Échec de l'inspection du fichier authorized_keys existant : %v",
+	"install.ssh_authorized_keys_unexpected_key": "Activer SSH pour Forgejo est en conflit avec le fichier situé à %s qui contient les clés SSH existantes. Suggestions : utilisez un utilisateur dédié du système pour Forgejo ou désactivez SSH.",
+	"admin.dashboard.actions_action_user": "Révoquer les Actions Forgejo autorisé pour les utilisateurs inactifs",
+	"actions.secrets.creation.name_description": "Le nom d'un secret ne peut contenir que des lettres, nombres, ou `_`. Il ne peut pas commencer par FORGEJO_, GITEA_, GITHUB_, ou un nombre. Forgejo le convertira automatiquement en majuscules.",
+	"actions.secrets.creation.value_description": "La valeur d'un secret peut être n'importe quel texte. Les caractères spéciaux sont conservés. Les CRLF (saut de ligne au format Microsoft) sont automatiquement convertis en LF. Encodez la valeur en Base64 si les sauts de ligne doivent être conservés.",
+	"actions.variables.mutation.name_description": "Le nom d'une variable ne peut contenir que des lettres, nombres, ou `_`. Il ne peut pas être nommé CI ou commencer par FORGEJO_, GITEA_, GITHUB_, ou un nombre. Forgejo le convertira automatiquement en majuscules.",
+	"actions.variables.mutation.value_description": "La valeur d'une variable peut être n'importe quel texte. Les caractères spéciaux sont conservés. Les CRLF (saut de ligne au format Microsoft) sont automatiquement convertis en LF. Encodez la valeur en Base64 si les sauts de ligne doivent être conservés."
 }
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index 6b0a3b0b80..8ddb8eca39 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -240,13 +240,9 @@
 		"other": "%d blianta ó shin"
 	},
 	"relativetime.1day": "inné",
-	"relativetime.2days": "dhá lá ó shin",
 	"relativetime.1week": "an tseachtain seo caite",
-	"relativetime.2weeks": "coicís ó shin",
 	"relativetime.1month": "an mhí seo caite",
-	"relativetime.2months": "dhá mhí ó shin",
 	"relativetime.1year": "anuraidh",
-	"relativetime.2years": "dhá bhliain ó shin",
 	"repo.issues.filter_poster.hint": "Scag de réir an údair",
 	"repo.issues.filter_assignee.hint": "Scag de réir úsáideora sannta",
 	"repo.issues.filter_reviewers.hint": "Scag de réir úsáideora a rinne athbhreithniú",
diff --git a/options/locale_next/locale_gl.json b/options/locale_next/locale_gl.json
index 9e3ea4c99e..1ab14bedc5 100644
--- a/options/locale_next/locale_gl.json
+++ b/options/locale_next/locale_gl.json
@@ -5,13 +5,9 @@
 	"followers.outgoing.list.self.none": "Non esas seguindo a ninguén.",
 	"followers.outgoing.list.none": "%s non está seguindo a ninguén.",
 	"relativetime.1day": "onte",
-	"relativetime.2days": "hai dous días",
 	"relativetime.1week": "a semana pasada",
-	"relativetime.2weeks": "hai dúas semanas",
 	"relativetime.1month": "hai un mes",
-	"relativetime.2months": "hai dous meses",
 	"relativetime.1year": "hai un ano",
-	"relativetime.2years": "hai dous anos",
 	"relativetime.mins": {
 		"one": "hai %d minuto",
 		"other": "hai %d minutos"
diff --git a/options/locale_next/locale_he.json b/options/locale_next/locale_he.json
index 0380200a58..c06efd2497 100644
--- a/options/locale_next/locale_he.json
+++ b/options/locale_next/locale_he.json
@@ -58,13 +58,9 @@
 		"other": "לפני %d שנים"
 	},
 	"relativetime.1day": "אתמול",
-	"relativetime.2days": "לפני יומיים",
 	"relativetime.1week": "בשבוע שעבר",
-	"relativetime.2weeks": "לפני שבועיים",
 	"relativetime.1month": "בחודש שעבר",
-	"relativetime.2months": "לפני חודשיים",
 	"relativetime.1year": "בשנה שעברה",
-	"relativetime.2years": "לפני שנתיים",
 	"repo.issues.filter_poster.hint": "סנן לפי המחבר",
 	"repo.issues.filter_assignee.hint": "סנן לפי המשתמש האחראי",
 	"repo.issues.filter_reviewers.hint": "סנן לפי המשתמש שערך ביקורת",
diff --git a/options/locale_next/locale_hi.json b/options/locale_next/locale_hi.json
index 7abcc87b82..79b6fdeb42 100644
--- a/options/locale_next/locale_hi.json
+++ b/options/locale_next/locale_hi.json
@@ -7,7 +7,6 @@
 		"one": "%s सितारा",
 		"other": "%s सितारे"
 	},
-	"relativetime.2days": "दो दिन पहले",
 	"relativetime.1day": "कल",
 	"repo.form.cannot_create": "वो जगह जहाँ पे रिपॉजिटरी रखीं जातीं हैं वहां जगह ख़त्म",
 	"moderation.abuse_category.other_violations": "प्लेटफार्म का कोई रूल तोडा हैं",
@@ -25,11 +24,8 @@
 	"followers.outgoing.list.self.none": "आप किसी को फॉलो ही नहीं कर रहे",
 	"followers.outgoing.list.none": "%s किसी को फॉलो नहीं कर रहे",
 	"relativetime.1week": "पिछले हफ्ते",
-	"relativetime.2weeks": "दो हफ्ते पहले",
 	"relativetime.1month": "पिछले महीने",
-	"relativetime.2months": "दो महीने पहले",
 	"relativetime.1year": "पिछले साल",
-	"relativetime.2years": "दो साल पहले",
 	"alert.asset_load_failed": "एसेट फाइल लोड नहीं हो पायी (path) ये पक्का करें की एसेट फाइल एक्सेस हो सकती है",
 	"alert.range_error": " एक अंक %d और %d के बीच में",
 	"search.milestone_kind": "माइलस्टोन ढूंढें…",
diff --git a/options/locale_next/locale_id-ID.json b/options/locale_next/locale_id-ID.json
index 2dbd0edc2b..2008c2584a 100644
--- a/options/locale_next/locale_id-ID.json
+++ b/options/locale_next/locale_id-ID.json
@@ -27,13 +27,9 @@
 	"relativetime.months": "%d bulan yang lalu",
 	"relativetime.years": "%d tahun yang lalu",
 	"relativetime.1day": "kemarin",
-	"relativetime.2days": "dua hari yang lalu",
 	"relativetime.1week": "minggu lalu",
-	"relativetime.2weeks": "dua minggu yang lalu",
 	"relativetime.1month": "bulan lalu",
-	"relativetime.2months": "dua bulan yang lalu",
 	"relativetime.1year": "tahun lalu",
-	"relativetime.2years": "dua tahun yang lalu",
 	"repo.pulls.already_merged": "Penggabungan (merge) gagal: Permintaan pull (pull request) ini sudah digabungkan.",
 	"repo.pulls.maintainers_can_edit": "Pengelola dapat mengedit permintaan pull ini.",
 	"repo.pulls.maintainers_cannot_edit": "Pengelola tidak dapat mengedit permintaan pull ini.",
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index 380dbdb8dd..7c61ebf507 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -219,7 +219,6 @@
 		"many": "%d ore fa",
 		"other": "%d ore fa"
 	},
-	"relativetime.2years": "due anni fa",
 	"relativetime.now": "adesso",
 	"relativetime.weeks": {
 		"one": "una settimana fa",
@@ -258,11 +257,8 @@
 	"followers.incoming.list.none": "Nessuno sta seguendo questo utente.",
 	"followers.outgoing.list.self.none": "Non segui nessuno.",
 	"followers.outgoing.list.none": "%s non sta seguendo nessuno.",
-	"relativetime.2days": "due giorni fa",
-	"relativetime.2weeks": "due settimane fa",
 	"relativetime.1week": "la settimana scorsa",
 	"relativetime.1month": "il mese scorso",
-	"relativetime.2months": "due mesi fa",
 	"relativetime.1year": "l'anno scorso",
 	"moderation.report_abuse_form.header": "Segnala abuso all'amministratore",
 	"moderation.report_abuse_form.details": "Questo modulo dovrebbe essere utilizzato per segnalare utenti che creano profili, repositori, segnalazioni o commenti spam o che si comportano in modo non adeguato.",
diff --git a/options/locale_next/locale_ja-JP.json b/options/locale_next/locale_ja-JP.json
index d46e641da9..3dcfd6db11 100644
--- a/options/locale_next/locale_ja-JP.json
+++ b/options/locale_next/locale_ja-JP.json
@@ -147,8 +147,8 @@
 	"packages.owner.settings.chef.title": "Chefレジストリ",
 	"packages.owner.settings.chef.keypair": "キーペアを生成",
 	"packages.owner.settings.chef.keypair.description": "Chefレジストリの認証にはキーペアが必要です。 すでにキーペアを生成していた場合、新しいキーペアを生成すると古いキーペアは破棄されます。",
-	"fork.n_forks": "%s のフォーク",
-	"stars.n_stars": "%s のスター",
+	"fork.n_forks": "%sのフォーク",
+	"stars.n_stars": "%sのスター",
 	"release.n_downloads": "%s のダウンロード",
 	"repo.pulls.merged_title_desc": "が %[1]d 個のコミットを <code>%[2]s</code> から <code>%[3]s</code> へマージ %[4]s",
 	"repo.pulls.title_desc": "が <code>%[2]s</code> から <code id=\"%[4]s\">%[3]s</code> への %[1]d コミットのマージを希望しています",
@@ -165,5 +165,13 @@
 	"migrate.forgejo.description": "codeberg.orgまたは他のインスタンスからデータを移行する。",
 	"pulse.n_active_issues": "%s件のアクティブなイシュー",
 	"pulse.n_active_prs": "%s件のアクティブなプルリクエスト",
-	"meta.last_line": " "
+	"meta.last_line": " ",
+	"home.welcome.no_activity": "活動はありません",
+	"home.welcome.activity_hint": "あなたのフィードにはまだ何もありません。行動と見ているリポジトリの活動がここに見えます。",
+	"home.explore_repos": "リポジトリを探索する",
+	"home.explore_users": "ユーザーを探索する",
+	"home.explore_orgs": "組織を探索する",
+	"stars.list.none": "このリポを誰もスターしなかった。",
+	"watch.list.none": "このリポを誰も見ていない。",
+	"watch.n_watchers": "%s人のウォッチャー"
 }
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index 2a265aa42a..7f843e86ca 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -38,9 +38,6 @@
 	"keys.gpg.link": "Tisura GPG",
 	"admin.config.security": "Tawila n tɣellist",
 	"admin.config.global_2fa_requirement.all": "Akk iseqdacen",
-	"relativetime.2days": "sin n wussan aya",
-	"relativetime.2months": "sin n wayyuren aya",
-	"relativetime.2years": "sin n iseggasen aya",
 	"error.not_found.title": "Asebtar ulac-it",
 	"moderation.abuse_category.placeholder": "Fren taggayt",
 	"migrate.pagure.project_url": "Tansa URL n usenfar Pagure",
@@ -65,5 +62,45 @@
 		"one": "%d n useggas aya",
 		"other": "%d n iseggasen aya"
 	},
-	"meta.last_line": " "
+	"meta.last_line": " ",
+	"moderation.action.account.delete": "Kkes amiḍan",
+	"moderation.action.comment.delete": "Kkes awennit",
+	"moderation.unknown_action": "Tigawt tarussint",
+	"editor.replace_all": "Semselsi-iten akk",
+	"editor.search": "Nadi",
+	"editor.replace": "Semselsi",
+	"packages.title": "Ikemmusen",
+	"packages.filter.type": "Tawsit",
+	"packages.filter.type.all": "Akk",
+	"packages.details": "Talqayt",
+	"packages.details.author": "Ameskar",
+	"packages.details.license": "Turagt",
+	"packages.versions": "Ileqman",
+	"packages.dependency.id": "Asulay ID",
+	"packages.dependency.version": "Lqem",
+	"packages.arch.version.backup": "Aḥraz",
+	"packages.container.labels.key": "Tasarut",
+	"packages.container.labels.value": "Azal",
+	"moderation.submit_report": "Ceyyeɛ aneqqis",
+	"packages.container.details.type": "Anaw n tugna",
+	"packages.debian.repository": "Talɣut ɣef ukufi",
+	"packages.rpm.repository": "Talɣut ɣef ukufi",
+	"packages.alt.install": "Sbedd akemmus",
+	"packages.alt.repository": "Talɣut ɣef ukufi",
+	"teams.add_all_repos.modal.header": "Rnu ikufiyen akk-nsen",
+	"teams.remove_all_repos.modal.header": "Kkes akk ikufan",
+	"packages.search_in_external_registry": "Nadi deg %s",
+	"packages.arch.pacman.repo.multi.item": "Tawila i %s",
+	"packages.container.multi_arch": "AW / Arch",
+	"release.n_downloads": {
+		"one": "%s n usadar",
+		"other": "%s n isadaren"
+	},
+	"packages.about": "Ɣef ukemmus-a",
+	"packages.owner.settings.chef.keypair": "Sarew-d tayuga n tsura",
+	"relativetime.hours": {
+		"one": "%d n wesrag aya",
+		"other": "%d n yesragen aya"
+	},
+	"packages.settings.delete": "Kkes akemmus"
 }
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 486f84b286..83b721831a 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -6,7 +6,7 @@
 	"packages.registry.documentation": "Vairāk informācijas par %s reģistru ir <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentācijā</a>.",
 	"packages.filter.type": "Veids",
 	"packages.filter.type.all": "Visas",
-	"packages.filter.no_result": "Norādītajām atlasīšanas vērtībām nekas neatbilst.",
+	"packages.filter.no_result": "Atsijātājs neko neatrada.",
 	"packages.filter.container.tagged": "Ar birku",
 	"packages.filter.container.untagged": "Bez birkas",
 	"packages.published_by": "Laida klajā <a href=\"%[2]s\">%[3]s</a> %[1]s",
@@ -17,7 +17,7 @@
 	"packages.requirements": "Prasības",
 	"packages.dependencies": "Atkarības",
 	"packages.keywords": "Atslēgvārdi",
-	"packages.details": "Papildu informācija",
+	"packages.details": "Informācija",
 	"packages.details.author": "Autors",
 	"packages.details.project_site": "Projekta tīmekļvietne",
 	"packages.details.repository_site": "Glabātavas tīmekļvietne",
@@ -46,7 +46,7 @@
 	"packages.arch.version.description": "Apraksts",
 	"packages.arch.version.provides": "Nodrošina",
 	"packages.arch.version.groups": "Kopa",
-	"packages.arch.version.depends": "Atkarības",
+	"packages.arch.version.depends": "Atkarīga no",
 	"packages.arch.version.optdepends": "Izvēles atkarības",
 	"packages.arch.version.makedepends": "Izveidot atkarības",
 	"packages.arch.version.checkdepends": "Pārbaudīt atkarības",
@@ -236,12 +236,8 @@
 		"other": "pirms %d mēnešiem"
 	},
 	"relativetime.1day": "vakar",
-	"relativetime.2days": "pirms divām dienām",
 	"relativetime.1week": "iepriekšējā nedēļā",
-	"relativetime.2weeks": "pirms divām nedēļām",
-	"relativetime.2months": "pirms diviem mēnešiem",
 	"relativetime.1year": "iepriekšējā gadā",
-	"relativetime.2years": "pirms diviem gadiem",
 	"relativetime.years": {
 		"zero": "pirms %d gadiem",
 		"one": "pirms %d gada",
@@ -444,5 +440,7 @@
 	"editor.toggle_case": "Pārslēgt reģistrjutīgumu",
 	"editor.toggle_regex": "Pārslēgt regulāro izteiksmju izmantošanu",
 	"editor.toggle_whole_word": "Pārslēgt atbilstību veseliem vārdiem",
-	"repo.view.gitmodules_too_large": "Datne .gitmodules ir pārāk liela un netiks ņemta vērā (piemēram, API izsaukumos)"
+	"repo.view.gitmodules_too_large": "Datne .gitmodules ir pārāk liela un netiks ņemta vērā (piemēram, API izsaukumos)",
+	"install.ssh_authorized_keys_inspection_error": "Neizdevās pārbaudīt esošu authorized_keys datni: %v",
+	"install.ssh_authorized_keys_unexpected_key": "SSH iespējošana Forgejo nesader ar datni, kas atrodas %s, kas satur esošas SSH atslēgas. Ieteikumi: Forgejo vajadzībām izmantot atsevišķu sistēmas lietotāju vai atspējot SSH."
 }
diff --git a/options/locale_next/locale_nb_NO.json b/options/locale_next/locale_nb_NO.json
index 496e8714ce..f7e1cbaf4d 100644
--- a/options/locale_next/locale_nb_NO.json
+++ b/options/locale_next/locale_nb_NO.json
@@ -20,13 +20,9 @@
 	"followers.incoming.list.none": "Ingen følger denne brukeren.",
 	"followers.outgoing.list.self.none": "Du følger ikke noen.",
 	"followers.outgoing.list.none": "%s følger ikke noen.",
-	"relativetime.2days": "to dager siden",
 	"relativetime.1week": "forrige uke",
-	"relativetime.2weeks": "to uker siden",
 	"relativetime.1month": "forrige måned",
-	"relativetime.2months": "to måneder siden",
 	"relativetime.1year": "i fjor",
-	"relativetime.2years": "to år siden",
 	"alert.asset_load_failed": "Kunne ikke laste inn ressursfiler fra {path}. Sørg for at ressursfilene er tilgjengelige.",
 	"search.milestone_kind": "Søker i milepæler…",
 	"home.welcome.no_activity": "Ingen aktivitet",
@@ -66,7 +62,7 @@
 	"incorrect_root_url": "Denne Forgejo instansen er konfigurert til å bruke \"%s\". Du bruker Forgejo via en annen URL, noe som kan forårsake at deler av applikasjonen ikke fungerer. Den kanoniske URL-en styres av Forgejo-administratorer via innstillingen ROOT_URL i app.ini-filen.",
 	"mail.actions.run_info_trigger": "Startet på grunn av: %[1]s by: %[2]s",
 	"admin.dashboard.cleanup_offline_runners": "Rydd opp offline runners",
-	"settings.visibility.description": "Profilens synlighet påvirker andres mulighet til å få tilgang til dine ikke-private repositorier. <a href=\"%s\" target=\"_blank\">Les mer</a>",
+	"settings.visibility.description": "Profilens synlighet påvirker andres mulighet til å få tilgang til dine ikke-private repositorier. <a href=\"%s\" target=\"_blank\">Les mer</a>.",
 	"profile.actions.tooltip": "Flere handlinger",
 	"profile.edit.link": "Rediger profil",
 	"relativetime.days": {
@@ -129,5 +125,77 @@
 	"repo.pulls.poster_trust_deny": "Avslå",
 	"repo.pulls.poster_trust_deny.tooltip": "Workflow-ene som venter på godkjenning vil være avslått.",
 	"repo.pulls.poster_trust_once": "Godta én gang",
-	"repo.pulls.poster_trust_once.tooltip": "Workflow-ene kjørt av `pull_request`event vil kjøre på denne commit-en, men vil trenge godkjenning for fremtidige commit-er som blir tilsatt til denne pull requesten."
+	"repo.pulls.poster_trust_once.tooltip": "Workflow-ene kjørt av `pull_request`event vil kjøre på denne commit-en, men vil trenge godkjenning for fremtidige commit-er som blir tilsatt til denne pull requesten.",
+	"issues.updated": "oppdaterte %s",
+	"repo.pulls.poster_trust_always": "Tilatt alltid",
+	"repo.pulls.poster_trust_always.tooltip": "Workflow som blei startet av en `pull_request` event blir kjørt på denne commiten og det vil ikke være nødvendig å manuelt tilatte runs fra denne pull requesten eller fremtidige pull requester av den samme brukeren.",
+	"repo.pulls.poster_trust_revoke": "Fradra",
+	"repo.pulls.poster_trust_revoke.tooltip": "Forfatteren av denne pull requesten er ikke lenger klarert til å kjøre workflow som blir kjørt av en `pull_request` event, hver run må bli manuelt bekreftet.",
+	"repo.pulls.already_merged": "Fusjonering feilet: Denne pull requesten har allerede blitt fusjonert.",
+	"repo.pulls.maintainers_can_edit": "Eierne kan endre på denne pull requesten.",
+	"repo.pulls.maintainers_cannot_edit": "Eiere kan ikke endre på denne pull requesten.",
+	"repo.view.gitmodules_too_large": ".gitmodules-filen er for stor og vil bli ignorert (f.eks. av API tilkallinger)",
+	"migrate.form.error.url_credentials": "URL-en inneholder brukerdata, putt de separat i brukernavn- og passordfeltet",
+	"migrate.github.description": "Migrer data fra github.com eller GitHub Enterprise server.",
+	"migrate.git.description": "Migrer en repository fra hvilken som helst Git-service.",
+	"migrate.gitea.description": "Migrer data fra gitea.com eller andre Gitea instanser.",
+	"migrate.gitlab.description": "Migrer data fra gitlab.com eller andre GitLab instanser.",
+	"migrate.gogs.description": "Migrer data fra notabug.org eller andre Gogs instanser.",
+	"migrate.onedev.description": "Migrer data fra code.onedev.io eller andre OneDev instanser.",
+	"migrate.gitbucket.description": "Migrer data fra GitBucket instanser.",
+	"migrate.codebase.description": "Migrer data fra codebasehq.com.",
+	"migrate.forgejo.description": "Migrer data fra codeberg.org eller andre Forgejo instanser.",
+	"search.syntax": "Søkesyntaks",
+	"search.fuzzy": "Fuzzy",
+	"search.fuzzy_tooltip": "Inkluder resultater som er omtrent like søkeordet",
+	"repo.settings.push_mirror.branch_filter.label": "Branch filter (valgfritt)",
+	"repo.settings.push_mirror.branch_filter.description": "Brancher kan bli speilet. La være tom for å speile alle brancher. Se <a href=\"%[1]s\">%[2]s dokumentasjon</a> for syntaks. Eks.: <code>main, release/*</code>",
+	"warning.repository.out_of_sync": "Databasen representasjon av denne repositorien er usynkronisert. Hvis denne varslen vises fremdeles etter at du har pushet en ny commit, kontakt administratoren.",
+	"install.ssh_authorized_keys_inspection_error": "Feilet mens sjekket eksisterende authorized_keys fil: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Ved å skru på SSH på Forgejo konflikterer det med plassering til filen i %s som inneholder SSH-nøklene. Tips: bruk en dedikert systembruker for Forgejo, eller skru av SSH.",
+	"keys.verify.token.hint": "Tokenen er gyldig kun i ett minutt. <a href=\"%[1]s\">Få ny hvis gjeldende utløpte</a>.",
+	"admin.moderation.moderation_reports": "Moderasjonsrapporter",
+	"admin.moderation.reports": "Rapporter",
+	"admin.moderation.no_open_reports": "Det er ingen åpne rapporter per nå.",
+	"admin.moderation.deleted_content_ref": "Rapportert innhold med type %[1]v og id %[2]d eksisterer ikke lenger",
+	"moderation.report.mark_as_handled": "Merk som løst",
+	"moderation.report.mark_as_ignored": "Merk som ignorert",
+	"moderation.action.account.delete": "Slett konto",
+	"moderation.action.account.suspend": "Suspender konto",
+	"moderation.action.repo.delete": "Slett repository",
+	"moderation.action.issue.delete": "Slett issue",
+	"moderation.action.comment.delete": "Slett kommentar",
+	"moderation.unknown_action": "Ukjent handling",
+	"moderation.users.cannot_suspend_self": "Du kan ikke suspendere deg selv.",
+	"moderation.users.cannot_suspend_admins": "Brukere med administrator privilegier kan ikke blir suspendert.",
+	"moderation.users.cannot_suspend_org": "Organisasjoner kan ikke blir suspendert.",
+	"moderation.users.already_suspended": "Bruker konto er allerede suspendert.",
+	"moderation.users.suspend_success": "Denne bruker kontoen har blitt suspendert.",
+	"moderation.users.cannot_delete_admins": "Brukere med administrator privilegier kan ikke blir slettet.",
+	"moderation.issue.deletion_success": "Issuen blei slettet.",
+	"moderation.comment.deletion_success": "Kommentaren har blitt slettet.",
+	"mail.actions.run_info_sha": "Commit: %[1]s",
+	"mail.issue.action.close_by_commit": "%[1]s lukket %[2]s i commit %[3]s.",
+	"discussion.sidebar.reference": "Referanse",
+	"admin.auths.allow_username_change": "Tilatt endring av brukernavn",
+	"admin.auths.allow_username_change.description": "Tillatt brukere å endre sitt brukernavn i profilinnstilinger",
+	"admin.dashboard.remove_resolved_reports": "Slett ferdigbehandlet rapporter",
+	"admin.dashboard.actions_action_user": "Fradra Forgejo Actions klarering for inaktive brukere",
+	"admin.dashboard.transfer_lingering_logs": "Flytt actions logger av ferdige actionsjobber fra databasen til storage",
+	"admin.config.security": "Sikkerhetskonfigurering",
+	"admin.config.global_2fa_requirement.title": "Global påbud av to-faktor autentifisering",
+	"admin.config.global_2fa_requirement.none": "Nei",
+	"admin.config.global_2fa_requirement.all": "Alle brukere",
+	"admin.config.global_2fa_requirement.admin": "Administratorer",
+	"settings.twofa_unroll_unavailable": "To-faktor autentifisering er påbud for din konto og kan ikke bli skrudd av.",
+	"settings.twofa_reenroll": "Sette opp to-faktor autentifisering på nytt",
+	"settings.twofa_reenroll.description": "Sette opp din to-faktor autentifisering på nytt",
+	"settings.must_enable_2fa": "Denne Forgejo instansen påbyr bruker om å skru på to-faktor autentifisering før de kan få tilgang til sine kontoer.",
+	"error.must_enable_2fa": "Denne Forgejo instansen påbyr bruker om å skru på to-faktor autentifisering før de kan få tilgang til sine kontoer. Skru på i: %s",
+	"user.ghost.tooltip": "Denne brukeren har blitt slettet, eller kan ikke matches.",
+	"repo.commit.load_tags_failed": "Lasting av tagger feilet pga. intern feil",
+	"compare.branches.title": "Sammenlign branches",
+	"migrate.pagure.description": "Migrer data fra pagure.io eller andre Pagure instanser.",
+	"migrate.pagure.incorrect_url": "Ugyldig kilde-repository URL blei oppgitt",
+	"migrate.pagure.project_url": "Pagure prosjekt URL"
 }
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 34bcad5217..49a69cf7c8 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -238,16 +238,12 @@
 	},
 	"relativetime.1day": "güstern",
 	"relativetime.1week": "leste Week",
-	"relativetime.2weeks": "vörleste Week",
 	"relativetime.1month": "lesten Maant",
-	"relativetime.2months": "vörlesten Maant",
 	"relativetime.1year": "lestes Jahr",
-	"relativetime.2years": "vörlestes Jahr",
 	"relativetime.days": {
 		"one": "vör %d Dag",
 		"other": "vör %d Dagen"
 	},
-	"relativetime.2days": "vörgüstern",
 	"moderation.report_abuse": "Missbruuk mellen",
 	"moderation.report_content": "Inholl mellen",
 	"moderation.report_abuse_form.invalid": "Ungültige Argumenten",
@@ -429,5 +425,11 @@
 	"editor.toggle_case": "Grot- un Kleenschrievens minnachten an- of utknipsen",
 	"editor.toggle_regex": "Regel-Utdrücken bruken an- of utknipsen",
 	"editor.toggle_whole_word": "Hele Woorden söken an- of utknipsen",
-	"repo.view.gitmodules_too_large": "De .gitmodules-Datei is to grot un word minnacht (to’n Bispööl för API-Upropen)"
+	"repo.view.gitmodules_too_large": "De .gitmodules-Datei is to grot un word minnacht (to’n Bispööl för API-Upropen)",
+	"install.ssh_authorized_keys_inspection_error": "Kunn bestahn authorized_keys-Datei nich nakieken: %v",
+	"install.ssh_authorized_keys_unexpected_key": "SSH för Forgejo antoknipsen is nich verdragelk mit de Datei unner %s, waar bestahn SSH-Slötels drinstahn. Vörslaag: Bruuk eenen Systeem-Bruker blots för Forgejo, of knips SSH ut.",
+	"actions.secrets.creation.name_description": "De Naam vun eenem Geheemst kann blots Bookstaven, Tahlen un Unnerstreken enthollen. ’t kann nich mit FORGEJO_, GITEA_, GITHUB_ of eener Tahl begünnen. Forgejo word de Naam automatisk in Grotbookstavens umwanneln.",
+	"actions.variables.mutation.name_description": "De Naam vun eener Variaabel kann blots Bookstaven, Tahlen un Unnerstreken enthollen. ’t kann nich CI heten of mit FORGEJO_, GITEA_, GITHUB_ of eener Tahl begünnen. Forgejo word de Naam automatisk in Grotbookstavens umwanneln.",
+	"actions.secrets.creation.value_description": "De Weert vun eenem Geheemst kann elkeen Text wesen. Besünnere Tekens worden behollen. CRLF (Riegenennen na Windows-Aard) worden automatisk in LF umwannelt. Kodeer de Weert mit Base64, wenn Riegenennen behollen worden sallen.",
+	"actions.variables.mutation.value_description": "De Weert vun eener Variaabel kann elkeen Text wesen. Besünnere Tekens worden behollen. CRLF (Riegenennen na Windows-Aard) worden automatisk in LF umwannelt. Kodeer de Weert mit Base64, wenn Riegenennen behollen worden sallen."
 }
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index b49a444030..89eb964402 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -232,13 +232,9 @@
 	"moderation.report_remarks.placeholder": "Geef a.u.b. wat details betreffende het misbruik dat u meldt.",
 	"followers.outgoing.list.none": "%s volgt niemand.",
 	"relativetime.1day": "gisteren",
-	"relativetime.2days": "twee dagen geleden",
 	"relativetime.1week": "vorige week",
-	"relativetime.2weeks": "twee weken geleden",
 	"relativetime.1month": "vorige maand",
-	"relativetime.2months": "twee maanden geleden",
 	"relativetime.1year": "vorig jaar",
-	"relativetime.2years": "twee jaar geleden",
 	"moderation.abuse_category.illegal_content": "Illegale content",
 	"moderation.abuse_category.other_violations": "Andere overtreding van platformregels",
 	"moderation.report_remarks": "Opmerkingen",
@@ -374,5 +370,66 @@
 		"other": "Wachten op een runner met de volgende labels: %s"
 	},
 	"keys.verify.token.hint": "De token is slechts 1 minuut geldig. <a href=\"%[1]s\">Krijg een nieuwe als deze verlopen is</a>.",
-	"repo.issues.filter_poster.hint": "Filter op auteur"
+	"repo.issues.filter_poster.hint": "Filter op auteur",
+	"repo.issues.filter_assignee.hint": "Filter op toegewezen gebruiker",
+	"issues.updated": "bijgewerkt %s",
+	"repo.issues.filter_mention.hint": "Filteren op genoemde gebruiker",
+	"repo.issues.filter_reviewers.hint": "Filteren op gebruiker die beoordeelde",
+	"repo.issues.filter_modified.hint": "Filteren op laatst gewijzigde datum",
+	"repo.issues.filter_sort.hint": "Sorteer op: aangemaakt/reacties/updated/deadline",
+	"repo.view.gitmodules_too_large": "Het .gitmodules-bestand is te groot en wordt genegeerd (bijvoorbeeld bij API-aanroepen)",
+	"search.syntax": "Syntaxis zoeken",
+	"search.fuzzy": "Fuzzy",
+	"search.fuzzy_tooltip": "Resultaten opnemen is een benaderende overeenkomst met de zoekterm",
+	"install.ssh_authorized_keys_inspection_error": "Kon bestaand authorized_keys-bestand niet inspecteren: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Het inschakelen van SSH voor Forgejo veroorzaakt conflicten met het bestand in %s dat bestaande SSH-sleutels bevat. Suggesties: gebruik een speciale systeemgebruiker voor Forgejo of schakel SSH uit.",
+	"moderation.report.mark_as_handled": "Markeren als behandeld",
+	"moderation.report.mark_as_ignored": "Markeren als genegeerd",
+	"moderation.action.account.delete": "Account verwijderen",
+	"moderation.action.account.suspend": "Account opgeschort",
+	"moderation.action.repo.delete": "Verwijder repository",
+	"moderation.action.issue.delete": "Verwijder issue",
+	"moderation.action.comment.delete": "Verwijder reactie",
+	"moderation.unknown_action": "Onbekende actie",
+	"moderation.users.cannot_suspend_self": "Je kunt jezelf niet schorsen.",
+	"moderation.users.cannot_suspend_admins": "Gebruikers met beheerdersrechten kunnen niet worden geschorst.",
+	"moderation.users.cannot_suspend_org": "Organisaties kunnen niet worden geschorst.",
+	"moderation.users.already_suspended": "Gebruikersaccount is al opgeschort.",
+	"moderation.users.suspend_success": "Het gebruikersaccount is opgeschort.",
+	"moderation.users.cannot_delete_admins": "Gebruikers met beheerdersrechten kunnen niet worden verwijderd.",
+	"moderation.issue.deletion_success": "De issue is verwijderd.",
+	"moderation.comment.deletion_success": "De reactie is verwijderd.",
+	"admin.dashboard.transfer_lingering_logs": "Overdrachtsactielogboeken van voltooide actietaken van de database naar opslag",
+	"actions.workflow.persistent_incomplete_matrix": "Kan `strategy.matrix` van taak %[1]s niet evalueren vanwege een ongeldige `needs`-uitdrukking. Deze verwijst mogelijk naar een taak die niet in de ‘needs’-lijst (%[2]s) staat, of naar een uitvoer die niet bestaat in een van die taken.",
+	"actions.workflow.incomplete_matrix_missing_job": "Kan `strategy.matrix` van taak %[1]s niet evalueren: taak %[2]s staat niet in de `needs`-lijst van taak %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Kan `strategy.matrix` van taak %[1]s niet evalueren: taak %[2]s mist uitvoer %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Kan `strategy.matrix` van taak %[1]s niet evalueren: onbekende fout.",
+	"actions.workflow.incomplete_runson_missing_job": "Kan `runs-on` van taak %[1]s niet evalueren: taak %[2]s staat niet in de `needs`-lijst van taak %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Kan `runs-on` van taak %[1]s niet evalueren: taak %[2]s mist uitvoer %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Kan `runs-on` van taak %[1]s niet evalueren: matrixdimensie %[2]s bestaat niet.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Kan `runs-on` van taak %[1]s niet evalueren: onbekende fout.",
+	"actions.workflow.incomplete_with_missing_job": "Kan `with` van taak %[1]s niet evalueren: taak %[2]s staat niet in de `needs`-lijst van taak %[1]s (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "Kan `with` van taak %[1]s niet evalueren: taak %[2]s mist uitvoer %[3]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Kan `with` van taak %[1]s niet evalueren: matrixdimensie %[2]s bestaat niet.",
+	"actions.workflow.incomplete_with_unknown_cause": "Kan `with` van taak %[1]s niet evalueren: onbekende fout.",
+	"actions.secrets.creation.name_description": "De naam van een geheim mag alleen letters, cijfers en onderstrepingstekens bevatten. De naam mag niet beginnen met FORGEJO_, GITEA_, GITHUB_ of een cijfer. Forgejo zet de naam automatisch om in hoofdletters.",
+	"actions.secrets.creation.value_description": "De waarde van een geheim kan elke tekst zijn. Speciale tekens blijven behouden. CRLF (regeleinden in Windows-stijl) worden automatisch geconverteerd naar LF. Codeer de waarde met Base64 als regeleinden behouden moeten blijven.",
+	"actions.variables.mutation.name_description": "De naam van een variabele mag alleen letters, cijfers en onderstrepingstekens bevatten. De naam mag niet CI zijn en mag niet beginnen met FORGEJO_, GITEA_, GITHUB_ of een cijfer. Forgejo zet de naam automatisch om in hoofdletters.",
+	"actions.variables.mutation.value_description": "De waarde van een variabele kan elke tekst zijn. Speciale tekens blijven behouden. CRLF (regeleinden in Windows-stijl) worden automatisch geconverteerd naar LF. Codeer de waarde met Base64 als regeleinden behouden moeten blijven.",
+	"pulls.manual_merge.helper": "Handmatige merge assistent",
+	"pulls.manual_merge.helpder.description": "Gebruik dit bericht voor het samenvoegen van commits wanneer u de merge handmatig voltooit.",
+	"pulls.manual_merge.commit.title": "Titel van samenvoegingscommit",
+	"pulls.manual_merge.commit.body": "Inhoud van samenvoegingscommit",
+	"pulls.manual_merge.copy.button": "Samenvoegingscommit bericht kopiëren",
+	"admin.auths.oauth2_quota_group_claim_name": "Claimnaam die groepsnamen voor deze bron opgeeft die moeten worden gebruikt voor quotabeheer. (Optioneel)",
+	"admin.auths.oauth2_quota_group_map": "Koppel geclaimde groepen aan quotagroepen. (Optioneel - vereist bovenstaande claimnaam)",
+	"admin.auths.oauth2_quota_group_map_removal": "Verwijder gebruikers uit gesynchroniseerde quotagroepen als de gebruiker niet tot de betreffende groep behoort.",
+	"editor.search": "Zoek",
+	"editor.find_previous": "Vorige vondst",
+	"editor.find_next": "Volgende vondst",
+	"editor.replace": "Vervangen",
+	"editor.replace_all": "Vervang alles",
+	"editor.toggle_case": "Hoofdlettergevoeligheid in- of uitschakelen",
+	"editor.toggle_regex": "Schakelen met behulp van reguliere expressies",
+	"editor.toggle_whole_word": "Schakel het matchen van hele woorden in of uit"
 }
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index 1172d42911..e12eac60db 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -251,13 +251,9 @@
 		"many": "%d lat temu"
 	},
 	"relativetime.1day": "wczoraj",
-	"relativetime.2days": "2 dni temu",
 	"relativetime.1week": "w zeszłym tygodniu",
-	"relativetime.2weeks": "2 tygodnie temu",
 	"relativetime.1month": "w zeszłym miesiącu",
-	"relativetime.2months": "2 miesiące temu",
 	"relativetime.1year": "w zeszłym roku",
-	"relativetime.2years": "2 lata temu",
 	"repo.pulls.already_merged": "Merge zawiódł: Ten pull request został już scalony.",
 	"repo.form.cannot_create": "Wszystkie miejsca gdzie możesz tworzyć repozytoria osiągnęły limit repozytoriów.",
 	"keys.gpg.link": "klucze GPG",
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index 1c771f5194..c07ea2a462 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -246,18 +246,14 @@
 		"other": "%d anos atrás"
 	},
 	"relativetime.1day": "ontem",
-	"relativetime.2days": "dois dias atrás",
 	"relativetime.1week": "semana passada",
 	"relativetime.1month": "mês passado",
-	"relativetime.2months": "dois meses atrás",
 	"relativetime.1year": "ano passado",
-	"relativetime.2years": "dois anos atrás",
 	"relativetime.hours": {
 		"one": "%d hora atrás",
 		"many": "%d horas atrás",
 		"other": "%d horas atrás"
 	},
-	"relativetime.2weeks": "duas semanas atrás",
 	"relativetime.now": "agora",
 	"moderation.reported_thank_you": "Agradecemos pela sua denúncia. A administração foi notificada.",
 	"moderation.report_content": "Denunciar conteúdo",
@@ -423,5 +419,15 @@
 	"actions.workflow.incomplete_runson_missing_job": "Não foi possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não está na lista `needs` do trabalho %[1]s (%[3]s).",
 	"actions.workflow.incomplete_runson_missing_output": "Não é possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não tem uma saída %[3]s.",
 	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Não é possível avaliar `runs-on` do trabalho %[1]s: a dimensão da matriz %[2]s não existe.",
-	"actions.workflow.incomplete_runson_unknown_cause": "Não é possível avaliar `runs-on` do trabalho %[1]s: erro desconhecido."
+	"actions.workflow.incomplete_runson_unknown_cause": "Não é possível avaliar `runs-on` do trabalho %[1]s: erro desconhecido.",
+	"repo.view.gitmodules_too_large": "O arquivo .gitmodules é muito grande e portanto será ignorado (em chamadas de API nesta instância)",
+	"search.fuzzy_tooltip": "Incluir resultados que sejam uma correspondência aproximada ao termo de busca",
+	"install.ssh_authorized_keys_inspection_error": "Falha ao inspecionar o arquivo authorized_keys existente: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Habilitar SSH para o Forgejo conflita com o arquivo localizado em %s que contém chaves SSH existentes. Sugestões: use um usuário de sistema dedicado para o Forgejo ou desabilite o SSH.",
+	"issues.updated": "%s atualizado",
+	"search.fuzzy": "Difusa",
+	"actions.workflow.incomplete_with_missing_job": "Não é possível avaliar `with` do trabalho %[1]s: o trabalho %[2]s não está na lista de `needs` do trabalho %[1]s (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "Não é possível avaliar `with` do trabalho %[1]s: falta o resultado %[3]s no trabalho %[2]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Não é possível avaliar `with` do trabalho %[1]s: a dimensão da matriz %[2]s não existe.",
+	"actions.workflow.incomplete_with_unknown_cause": "Não é possível avaliar `with` do trabalho %[1]s: erro desconhecido."
 }
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index 46f708629d..4f53587182 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -241,12 +241,8 @@
 		"many": "%d anos atrás",
 		"other": "%d anos atrás"
 	},
-	"relativetime.2days": "dois dias atrás",
-	"relativetime.2weeks": "duas semanas atrás",
 	"relativetime.1month": "mês passado",
-	"relativetime.2months": "dois meses atrás",
 	"relativetime.1year": "ano passado",
-	"relativetime.2years": "dois anos atrás",
 	"relativetime.days": {
 		"one": "%d dia atrás",
 		"many": "%d dias atrás",
@@ -444,5 +440,7 @@
 	"editor.toggle_case": "Ativar/desativar a diferenciação de maiúsculas e minúsculas",
 	"editor.toggle_regex": "Ativar/desativar o uso de expressões regulares",
 	"editor.toggle_whole_word": "Ativar/desativar correspondência de palavras inteiras",
-	"repo.view.gitmodules_too_large": "O ficheiro .gitmodules é demasiado grande e será ignorado (por exemplo, em chamadas API)"
+	"repo.view.gitmodules_too_large": "O ficheiro .gitmodules é demasiado grande e será ignorado (por exemplo, em chamadas API)",
+	"install.ssh_authorized_keys_inspection_error": "Falha ao inspecionar o ficheiro authorized_keys existente: %v",
+	"install.ssh_authorized_keys_unexpected_key": "A ativação do SSH para o Forgejo entra em conflito com o ficheiro localizado em %s que contém chaves SSH existentes. Sugestões: use um utilizador de sistema dedicado para o Forgejo ou desative o SSH."
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 2695afe532..29e0265e7e 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -1,16 +1,16 @@
 {
 	"packages.title": "Пакеты",
 	"packages.empty": "Пока нет пакетов.",
-	"packages.empty.documentation": "Дополнительную информацию о реестре пакетов можно найти в <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документации</a>.",
-	"packages.empty.repo": "Вы загрузили пакет, но он здесь не отображается? Перейдите в <a href=\"%[1]s\">настройки пакета</a> и свяжите его с этим репозиторием.",
-	"packages.registry.documentation": "Для получения дополнительной информации о реестре %s смотрите <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документацию</a>.",
+	"packages.empty.documentation": "Дополнительную информацию о реестре пакетов можно узнать в <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документации</a>.",
+	"packages.empty.repo": "Загрузили пакет, но его здесь нет? Перейдите в <a href=\"%[1]s\">настройки пакета</a> и привяжите его к этому репозиторию.",
+	"packages.registry.documentation": "Дополнительную информацию о реестре %s можно узнать в <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документации</a>.",
 	"packages.filter.type": "Тип",
 	"packages.filter.type.all": "Все",
 	"packages.filter.no_result": "Фильтр не дал результатов.",
 	"packages.filter.container.tagged": "С тегом",
 	"packages.filter.container.untagged": "Без тегов",
-	"packages.published_by": "Опубликовано %[1]s <a href=\"%[2]s\">%[3]s</a>",
-	"packages.published_by_in": "Опубликовано %[1]s <a href=\"%[2]s\">%[3]s</a> в <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.published_by": "Опубликован %[1]s <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Опубликован %[1]s <a href=\"%[2]s\">%[3]s</a> в <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
 	"packages.pub.install": "Чтобы установить пакет с помощью Dart, выполните следующую команду:",
 	"packages.installation": "Установка",
 	"packages.about": "Об этом пакете",
@@ -25,8 +25,8 @@
 	"packages.details.license": "Лицензия",
 	"packages.assets": "Объекты",
 	"packages.versions": "Версии",
-	"packages.versions.view_all": "Показать всё",
-	"packages.dependency.id": "ID",
+	"packages.versions.view_all": "Показать все",
+	"packages.dependency.id": "ИД",
 	"packages.dependency.version": "Версия",
 	"packages.search_in_external_registry": "Найти в %s",
 	"packages.alpine.registry": "Настройте этот реестр, добавив URL в файл <code>/etc/apk/repositories</code>:",
@@ -38,7 +38,7 @@
 	"packages.alpine.repository.repositories": "Репозитории",
 	"packages.alpine.repository.architectures": "Архитектуры",
 	"packages.arch.pacman.helper.gpg": "Добавьте сертификат доверия в pacman:",
-	"packages.arch.pacman.repo.multi": "У %s имеется одна и та же версия в разных дистрибутивах.",
+	"packages.arch.pacman.repo.multi": "У %s одинаковая версия для разных дистрибутивов.",
 	"packages.arch.pacman.repo.multi.item": "Конфигурация %s",
 	"packages.arch.pacman.conf": "Добавьте адрес с необходимым дистрибутивом и архитектурой в <code>/etc/pacman.conf</code>:",
 	"packages.arch.pacman.sync": "Синхронизируйте пакет в pacman:",
@@ -46,8 +46,8 @@
 	"packages.arch.version.description": "Описание",
 	"packages.arch.version.provides": "Предоставляет",
 	"packages.arch.version.groups": "Группа",
-	"packages.arch.version.depends": "Зависит от",
-	"packages.arch.version.optdepends": "Опциональные зависимости",
+	"packages.arch.version.depends": "Зависит на",
+	"packages.arch.version.optdepends": "Необязательные зависимости",
 	"packages.arch.version.makedepends": "Сборочные зависимости",
 	"packages.arch.version.checkdepends": "Проверочные зависимости",
 	"packages.arch.version.conflicts": "Конфликтует с",
@@ -84,14 +84,14 @@
 	"packages.debian.repository.distributions": "Дистрибутивы",
 	"packages.debian.repository.components": "Компоненты",
 	"packages.debian.repository.architectures": "Архитектуры",
-	"packages.generic.download": "Скачать пакет из командной строки:",
-	"packages.go.install": "Установите пакет из командной строки:",
+	"packages.generic.download": "Скачайте пакет командой ниже:",
+	"packages.go.install": "Установите пакет командой ниже:",
 	"packages.helm.registry": "Добавьте реестр командой:",
 	"packages.helm.install": "Для установки пакета выполните следующую команду:",
 	"packages.maven.registry": "Настройте реестр в файле <code>pom.xml</code> вашего проекта:",
 	"packages.maven.install": "Чтобы использовать пакет, включите в блок <code>dependencies</code> в файле <code>pom.xml</code> следующее:",
-	"packages.maven.install2": "Выполнить через командную строку:",
-	"packages.maven.download": "Чтобы скачать зависимость, запустите в командной строке:",
+	"packages.maven.install2": "Запустите командой ниже:",
+	"packages.maven.download": "Чтобы скачать зависимость, выполните в командной строке:",
 	"packages.nuget.registry": "Добавьте реестр командой:",
 	"packages.nuget.install": "Чтобы установить пакет с помощью NuGet, выполните следующую команду:",
 	"packages.nuget.dependency.framework": "Целевой фреймворк",
@@ -100,7 +100,7 @@
 	"packages.npm.install2": "или добавьте его в файл package.json:",
 	"packages.npm.dependencies": "Зависимости",
 	"packages.npm.dependencies.development": "Зависимости для разработки",
-	"packages.npm.dependencies.bundle": "Комплектные зависимости",
+	"packages.npm.dependencies.bundle": "Комплектуемые зависимости",
 	"packages.npm.dependencies.peer": "Одноранговые зависимости",
 	"packages.npm.dependencies.optional": "Необязательные зависимости",
 	"packages.npm.details.tag": "Тег",
@@ -128,29 +128,29 @@
 	"packages.rubygems.required.rubygems": "Требуется версия RubyGem",
 	"packages.swift.registry": "Добавьте реестр командой:",
 	"packages.swift.install": "Добавьте пакет в свой файл <code>Package.swift</code>:",
-	"packages.swift.install2": "и запустите следующую команду:",
+	"packages.swift.install2": "и выполните следующую команду:",
 	"packages.vagrant.install": "Чтобы добавить бокс Vagrant, выполните следующую команду:",
 	"packages.settings.link": "Связать этот пакет с репозиторием",
-	"packages.settings.link.description": "Если связать пакет с репозиторием, он добавится в список пакетов репозитория.",
+	"packages.settings.link.description": "Если связать пакет с репозиторием, он будет добавлен в список пакетов репозитория.",
 	"packages.settings.link.select": "Выберите репозиторий",
 	"packages.settings.link.button": "Обновить ссылку на репозиторий",
-	"packages.settings.link.success": "Связь с репозиторием успешно обновлена.",
+	"packages.settings.link.success": "Привязка к репозиторию успешно обновлена.",
 	"packages.settings.link.error": "Не удалось обновить привязку к репозиторию.",
 	"packages.settings.delete": "Удалить пакет",
 	"packages.settings.delete.description": "Удаление пакета необратимо и не может быть отменено.",
-	"packages.settings.delete.notice": "Вы собираетесь удалить %s (%s). Эта операция необратима, вы уверены?",
-	"packages.settings.delete.success": "Пакет удалён.",
+	"packages.settings.delete.notice": "Вы собираетесь удалить %s (%s). Эта операция необратима. Вы уверены?",
+	"packages.settings.delete.success": "Пакет был удалён.",
 	"packages.settings.delete.error": "Не удалось удалить пакет.",
 	"packages.owner.settings.cargo.title": "Индекс реестра Cargo",
 	"packages.owner.settings.cargo.initialize": "Инициализировать индекс",
 	"packages.owner.settings.cargo.initialize.description": "Для использования реестра Cargo необходим специальный Git-репозиторий с индексом. Эта опция (пере)создаст репозиторий и настроит его автоматически.",
 	"packages.owner.settings.cargo.initialize.error": "Не удалось инициализировать индекс Cargo: %v",
-	"packages.owner.settings.cargo.initialize.success": "Индекс Cargo успешно создан.",
-	"packages.owner.settings.cargo.rebuild": "Перестроить индекс",
-	"packages.owner.settings.cargo.rebuild.description": "Пересборка может быть полезна в случае, если индекс не синхронизирован с хранящимися пакетами Cargo.",
-	"packages.owner.settings.cargo.rebuild.error": "Не удалось перестроить индекс Cargo: %v",
-	"packages.owner.settings.cargo.rebuild.success": "Индекс Cargo был перестроен успешно.",
-	"packages.owner.settings.cargo.rebuild.no_index": "Невозможно выполнить пересборку. Нет инициализированного индекса.",
+	"packages.owner.settings.cargo.initialize.success": "Индекс Cargo был создан успешно.",
+	"packages.owner.settings.cargo.rebuild": "Пересобрать индекс",
+	"packages.owner.settings.cargo.rebuild.description": "Пересборка может быть полезна если индекс не синхронизирован с хранимыми пакетами Cargo.",
+	"packages.owner.settings.cargo.rebuild.error": "Не удалось пересобрать индекс Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Индекс Cargo был пересобран успешно.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Невозможно выполнить пересборку: индекс не инициализирован.",
 	"packages.owner.settings.cleanuprules.title": "Правила очистки",
 	"packages.owner.settings.cleanuprules.add": "Добавить правило очистки",
 	"packages.owner.settings.cleanuprules.edit": "Изменить правило очистки",
@@ -158,16 +158,16 @@
 	"packages.owner.settings.cleanuprules.preview": "Предпросмотр правила очистки",
 	"packages.owner.settings.cleanuprules.preview.overview": "Планируется удалить %d пакетов.",
 	"packages.owner.settings.cleanuprules.preview.none": "Правило очистки не соответствует ни одному пакету.",
-	"packages.owner.settings.cleanuprules.pattern_full_match": "Применить шаблон к полному имени пакета",
-	"packages.owner.settings.cleanuprules.keep.title": "Версии, соответствующие этим правилам, сохраняются, даже если они соответствуют приведённому ниже правилу удаления.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Применять шаблон к полному имени пакета",
+	"packages.owner.settings.cleanuprules.keep.title": "Версии, соответствующие этим правилам, будут сохранены, даже если они соответствуют правилу удаления ниже.",
 	"packages.owner.settings.cleanuprules.keep.count": "Оставить последние",
 	"packages.owner.settings.cleanuprules.keep.pattern": "Сохранять версии, совпадающие с",
-	"packages.owner.settings.cleanuprules.keep.pattern.container": "Версия <code>latest</code> всегда сохраняется для пакетов контейнера.",
-	"packages.owner.settings.cleanuprules.remove.title": "Версии, соответствующие этим правилам, удаляются, если правило выше не требует хранить их.",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Версия <code>latest</code> всегда сохраняется для пакетов контейнеров.",
+	"packages.owner.settings.cleanuprules.remove.title": "Версии, соответствующие этим правилам, будут удалены, если правило выше не требует сохранять их.",
 	"packages.owner.settings.cleanuprules.remove.days": "Удалять версии старше, чем",
 	"packages.owner.settings.cleanuprules.remove.pattern": "Удалять версии, совпадающие с",
-	"packages.owner.settings.cleanuprules.success.update": "Правило очистки обновлено.",
-	"packages.owner.settings.cleanuprules.success.delete": "Правило очистки удалено.",
+	"packages.owner.settings.cleanuprules.success.update": "Правило очистки было обновлено.",
+	"packages.owner.settings.cleanuprules.success.delete": "Правило очистки было удалено.",
 	"packages.owner.settings.chef.title": "Реестр Chef",
 	"packages.owner.settings.chef.keypair": "Создать пару ключей",
 	"packages.owner.settings.chef.keypair.description": "Запросы к реестру Chef заверяются криптографическими подписями для аутентификации. При создании пары ключей только публичный ключ сохраняется в базе Forgejo. Закрытый ключ, который вы получите, будет использоваться knife. Создание новой пары ключей удалит старую.",
@@ -210,7 +210,7 @@
 	"alert.asset_load_failed": "Не удалось получить ресурсы из {path}. Убедитесь, что файлы ресурсов доступны.",
 	"install.invalid_lfs_path": "Не удалось расположить корень LFS по указанному пути: %[1]s",
 	"alert.range_error": " - число должно быть в диапазоне от %[1]s-%[2]s.",
-	"meta.last_line": "This magic string will cause Codeberg Translate to create a new pull request in **the** Forgejo repository. Hi",
+	"meta.last_line": "This magic string will cause Codeberg Translate to create a new pull request in **the** Forgejo repository. Hi.",
 	"mail.actions.not_successful_run_subject": "Провал раб. потока %[1]s в репозитории %[2]s",
 	"mail.actions.successful_run_after_failure_subject": "Возобновление раб. потока %[1]s в репозитории %[2]s",
 	"mail.actions.run_info_trigger": "Причина срабатывания: %[1]s by: %[2]s",
@@ -247,12 +247,8 @@
 		"many": "%d лет назад"
 	},
 	"relativetime.1day": "вчера",
-	"relativetime.2weeks": "две недели назад",
-	"relativetime.2months": "два месяца назад",
 	"relativetime.1month": "в прошлом месяце",
 	"relativetime.1week": "на прошлой неделе",
-	"relativetime.2days": "позавчера",
-	"relativetime.2years": "два года назад",
 	"relativetime.months": {
 		"one": "%d месяц назад",
 		"few": "%d месяца назад",
@@ -444,5 +440,11 @@
 	"editor.toggle_case": "Изменить чувствительность к регистру",
 	"editor.toggle_regex": "Изменить использование рег. выражений",
 	"editor.toggle_whole_word": "Изменить поиск целых слов",
-	"repo.view.gitmodules_too_large": "Файл .gitmodules слишком большой и будет игнорироваться (например, при вызовах API)"
+	"repo.view.gitmodules_too_large": "Файл .gitmodules слишком большой и будет игнорироваться (например, при вызовах API)",
+	"install.ssh_authorized_keys_unexpected_key": "Использование SSH конфликтует с файлом %s, уже содержащим ключи SSH. Возможные действия: добавьте в системе отдельного пользователя для Forgejo или выключите SSH в Forgejo.",
+	"install.ssh_authorized_keys_inspection_error": "Не удалось проверить файл authorized_keys: %v",
+	"actions.secrets.creation.name_description": "Название секрета может содержать только буквы, цифры и нижние подчёркивания. Оно не может начинаться на FORGEJO_, GITEA_, GITHUB_, или на цифру. Оно будет сохранено в верхнем регистре.",
+	"actions.secrets.creation.value_description": "Значение секрета может содержать любой текст. Спец. символы сохраняются. Переносы строк в формате CRLF (как в Windows) будут конвертированы в LF. При необходимости сохранить переносы строк храните значение в Base64.",
+	"actions.variables.mutation.name_description": "Название переменной может содержать только буквы, цифры и нижние подчёркивания. Оно не может начинаться на FORGEJO_, GITEA_, GITHUB_, или на цифру, или быть равным «CI». Оно будет сохранено в верхнем регистре.",
+	"actions.variables.mutation.value_description": "Значение переменной может содержать любой текст. Спец. символы сохраняются. Переносы строк в формате CRLF (как в Windows) будут конвертированы в LF. При необходимости сохранить переносы строк храните значение в Base64."
 }
diff --git a/options/locale_next/locale_sk-SK.json b/options/locale_next/locale_sk-SK.json
index 190893481b..befef392a7 100644
--- a/options/locale_next/locale_sk-SK.json
+++ b/options/locale_next/locale_sk-SK.json
@@ -28,7 +28,6 @@
 	"relativetime.now": "teraz",
 	"relativetime.future": "v budúcnosti",
 	"relativetime.1week": "posledný týždeň",
-	"relativetime.2months": "pred dvoma mesiacmi",
 	"relativetime.days": {
 		"one": "pred %d dňom",
 		"few": "pred %d dňami",
@@ -40,7 +39,6 @@
 	"followers.incoming.list.none": "Nikto nesleduje tohoto užívateľa.",
 	"followers.outgoing.list.self.none": "Nikoho nesledujete.",
 	"followers.outgoing.list.none": "%s nesleduje nikoho.",
-	"relativetime.2weeks": "pred dvoma týždňami",
 	"relativetime.1month": "posledný mesiac",
 	"relativetime.months": {
 		"one": "pred %d mesiacom",
@@ -57,7 +55,6 @@
 		"few": "pred %d týždňami",
 		"other": "pred %d týždňami"
 	},
-	"relativetime.2days": "pred dvoma dňami",
 	"relativetime.1day": "včera",
 	"relativetime.mins": {
 		"one": "pred %d minútou",
@@ -70,7 +67,6 @@
 		"other": "pred %d hodinami"
 	},
 	"relativetime.1year": "minulý rok",
-	"relativetime.2years": "pred dvoma rokmi",
 	"repo.form.cannot_create": "Všetky priestory, v ktorých môžete vytvárať repozitáre, dosiahli svoj limit.",
 	"repo.issue_indexer.title": "Indexovanie problémov",
 	"editor.textarea.shift_tab_hint": "V tomto riadku nie je žiadne odsadenie. Pre opustenie editoru stlačte znovu <kbd>Shift</kbd> + <kbd>Tab</kbd> alebo <kbd>Escape</kbd>.",
@@ -158,5 +154,15 @@
 	"migrate.pagure.description": "Migrujte dáta z pagure.io alebo iných inštancií Pagure.",
 	"migrate.pagure.incorrect_url": "Bola zadaná nesprávna URL adresa zdrojového repozitáru",
 	"migrate.pagure.project_url": "URL adresa projektu Pagure",
-	"migrate.pagure.token_label": "Token"
+	"migrate.pagure.token_label": "Token",
+	"watch.n_watchers": {
+		"one": "sledovateľ",
+		"few": "sledovatelia",
+		"other": "sledovateľov"
+	},
+	"repo.issues.filter_poster.hint": "Filtrovať podľa autora",
+	"repo.issues.filter_mention.hint": "Filtrovať podľa spomenutého použivateľa",
+	"repo.issues.filter_modified.hint": "Filtrovať podľa dátumu poslednej úpravy",
+	"repo.issues.filter_assignee.hint": "Filtrovať podľa priradeného používateľa",
+	"issues.updated": "aktualizované %s"
 }
diff --git a/options/locale_next/locale_sr-SP.json b/options/locale_next/locale_sr-SP.json
index 7320dae376..50ea93a10c 100644
--- a/options/locale_next/locale_sr-SP.json
+++ b/options/locale_next/locale_sr-SP.json
@@ -59,13 +59,9 @@
 		"other": "пре %d година"
 	},
 	"relativetime.1day": "јуче",
-	"relativetime.2days": "пре два дана",
 	"relativetime.1week": "прошле седмице",
-	"relativetime.2weeks": "пре две седмице",
 	"relativetime.1month": "прошлог месеца",
-	"relativetime.2months": "пре два месеца",
 	"relativetime.1year": "прошле године",
-	"relativetime.2years": "шре две године",
 	"repo.form.cannot_create": "Сви простори у којима можете створити репозиторијум су достигли ограничење броја репозиторијума.",
 	"migrate.form.error.url_credentials": "УРЛ садржава податке за пријаву, молимо да унесете корисничко име и лозинку у одговарајућа поља",
 	"migrate.github.description": "Пренесите податке са \"github.com\" или \"GitHub Enterprise\" сервера.",
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index 47fd0afa70..1ff0066955 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -23,7 +23,7 @@
 	"packages.details.repository_site": "Kodförrådswebbplats",
 	"packages.details.documentation_site": "Dokumentationswebbplats",
 	"packages.details.license": "Licens",
-	"packages.assets": "Assets",
+	"packages.assets": "Resurser",
 	"packages.versions": "Versioner",
 	"packages.versions.view_all": "Visa alla",
 	"packages.dependency.id": "ID",
@@ -70,7 +70,7 @@
 	"packages.container.details.platform": "Plattform",
 	"packages.container.pull": "Hämta bilden från kommandoraden:",
 	"packages.container.digest": "Digest",
-	"packages.container.multi_arch": "OS / Arch",
+	"packages.container.multi_arch": "OS / Ark",
 	"packages.container.layers": "Bildlager",
 	"packages.container.labels": "Etiketter",
 	"packages.container.labels.key": "Nyckel",
@@ -184,23 +184,22 @@
 		"other": "vill sammanfoga %[1]d incheckningar från <code>s[2]s</code> in i <code id=\"%[4]s\">%[3]s</code>"
 	},
 	"search.milestone_kind": "Sök milstolpar…",
-	"mail.actions.not_successful_run_subject": "Arbetsflödet %[1]s misslyckades i förrådet %[2]s",
+	"mail.actions.not_successful_run_subject": "Arbetsflödet %[1]s misslyckades i kodförrådet %[2]s",
 	"discussion.locked": "Denna diskussion har låsts. Kommentarer är begränsade till bidragsgivare.",
 	"relativetime.now": "nu",
 	"relativetime.1day": "igår",
-	"relativetime.2days": "för två dagar sedan",
 	"relativetime.days": {
 		"one": "%d dag sedan",
 		"other": "%d dagar sedan"
 	},
-	"admin.dashboard.cleanup_offline_runners": "Städa upp offline runners",
-	"repo.issue_indexer.title": "Indexerare för utgåvor",
-	"moderation.reported_thank_you": "Tack för din rapport. Administrationen har gjorts uppmärksam på det.",
+	"admin.dashboard.cleanup_offline_runners": "Städa upp ej uppkopplade körare",
+	"repo.issue_indexer.title": "ärendeindexerare",
+	"moderation.reported_thank_you": "Tack för din rapport. Administrationen har meddelats.",
 	"themes.names.forgejo-light": "Forgejo ljus",
 	"themes.names.forgejo-dark": "Forgejo mörk",
-	"themes.names.forgejo-auto": "Forgejo (följ systemets tema)",
+	"themes.names.forgejo-auto": "Forgejo (använd systemtemat)",
 	"moderation.submit_report": "Skicka in rapport",
-	"moderation.reporting_failed": "Det gick inte att skicka in den nya övergreppsrapporten: %v",
+	"moderation.reporting_failed": "Det gick inte att skicka in den nya missbruksrapporten: %v",
 	"mail.actions.run_info_cur_status": "Status för denna körning: %[1]s (just uppdaterad från %[2]s)",
 	"mail.actions.run_info_previous_status": "Status för föregående körning: %[1]s",
 	"mail.actions.run_info_trigger": "Utlöses på grund av: %[1]s av: %[2]s",
@@ -208,34 +207,31 @@
 	"install.invalid_lfs_path": "Det gick inte att skapa LFS-roten på den angivna sökvägen: %[1]s",
 	"alert.range_error": " måste vara ett tal mellan %[1]s och %[2]s.",
 	"stars.list.none": "Ingen har stjärnmarkerat detta förråd.",
-	"watch.list.none": "Ingen tittar på det här förrådet.",
+	"watch.list.none": "Ingen följer det här kodförrådet.",
 	"followers.incoming.list.self.none": "Ingen följer din profil.",
 	"followers.incoming.list.none": "Ingen följer den här användaren.",
 	"followers.outgoing.list.self.none": "Du följer inte någon.",
 	"followers.outgoing.list.none": "%s följer inte någon.",
 	"relativetime.future": "i framtiden",
 	"relativetime.1week": "förra veckan",
-	"relativetime.2weeks": "för två veckor sedan",
 	"relativetime.1month": "senaste månaden",
-	"relativetime.2months": "för två månader sedan",
 	"relativetime.1year": "förra året",
-	"relativetime.2years": "för två år sedan",
-	"repo.form.cannot_create": "Alla utrymmen där du kan skapa förråd har nått gränsen för antal förråd.",
-	"incorrect_root_url": "Denna Forgejo-instans är konfigurerad att serveras på \"%s\". Du tittar för närvarande på Forgejo via en annan URL, vilket kan leda till att delar av applikationen bryts. Den kanoniska webbadressen styrs av Forgejo-administratörer via inställningen ROOT_URL i app.ini.",
+	"repo.form.cannot_create": "Alla utrymmen där du kan skapa kodförråd har nått gränsen för antalet kodförråd.",
+	"incorrect_root_url": "Denna Forgejo-instans är konfigurerad att serveras på \"%s\". Du tittar för närvarande på Forgejo via en annan URL, vilket kan leda till att delar av applikationen inte fungerar. Den kanoniska webbadressen styrs av Forgejo-administratörer via inställningen ROOT_URL i app.ini.",
 	"error.not_found.title": "Sidan hittades inte",
 	"moderation.abuse_category.illegal_content": "Olagligt innehåll",
 	"moderation.abuse_category.other_violations": "Andra överträdelser av plattformsreglerna",
 	"moderation.report_remarks": "Anmärkningar",
-	"moderation.report_remarks.placeholder": "Ge några detaljer om det övergrepp som du rapporterar.",
+	"moderation.report_remarks.placeholder": "Beskriv några detaljer om det missbruk som du rapporterar.",
 	"mail.actions.successful_run_after_failure_subject": "Arbetsflöde %[1]s återställdes i förrådet %[2]s",
-	"mail.actions.successful_run_after_failure": "Arbetsflöde %[1]s återställdes i förrådet %[2]s",
-	"mail.actions.not_successful_run": "Arbetsflödet %[1]s misslyckades i förrådet %[2]s",
+	"mail.actions.successful_run_after_failure": "Arbetsflöde %[1]s återställdes i kodförrådet %[2]s",
+	"mail.actions.not_successful_run": "Arbetsflödet %[1]s misslyckades i kodförrådet %[2]s",
 	"editor.textarea.shift_tab_hint": "Ingen indragning på den här raden. Tryck på <kbd>Shift</kbd> + <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> för att lämna redigeringsläget.",
-	"meta.last_line": "Daniel Nylander heter jag och har översatt Forgejo. Mer information om mig på https://www.danielnylander.se",
+	"meta.last_line": "Tack för ditt bidrag till översättningen av Forgejo! Denna sträng visas inte för slutanvändare utan används internt för administrationsändamål. Det går bra att ersätta denna text med en intressant kuriosa.",
 	"editor.textarea.tab_hint": "Raden är redan indragen. Tryck på <kbd>Tab</kbd> igen eller <kbd>Escape</kbd> för att lämna redigeringsläget.",
 	"home.welcome.no_activity": "Ingen aktivitet",
-	"home.welcome.activity_hint": "Det finns inget i ditt flöde ännu. Dina åtgärder och aktivitet från förråd som du bevakar kommer att visas här.",
-	"home.explore_repos": "Utforska förråd",
+	"home.welcome.activity_hint": "Det finns inget i ditt flöde ännu. Dina åtgärder och aktiviteter från kodförråd som du bevakar kommer att visas här.",
+	"home.explore_repos": "Utforska kodförråd",
 	"home.explore_users": "Utforska användare",
 	"home.explore_orgs": "Utforska organisationer",
 	"relativetime.mins": {
@@ -258,20 +254,20 @@
 		"one": "%d år sedan",
 		"other": "%d år sedan"
 	},
-	"admin.config.moderation_config": "Konfiguration av moderering",
+	"admin.config.moderation_config": "Modereringsinställningar",
 	"moderation.report_abuse": "Rapportera missbruk",
 	"moderation.report_content": "Rapportera innehåll",
 	"moderation.report_abuse_form.header": "Rapportera missbruk till administratör",
-	"moderation.report_abuse_form.details": "Detta formulär ska användas för att rapportera användare som skapar skräpprofiler, förråd, problem, kommentarer eller beter sig olämpligt.",
+	"moderation.report_abuse_form.details": "Detta formulär används för att rapportera användare som skapar skräpprofiler, kodörråd, ärenden, kommentarer eller beter sig olämpligt.",
 	"moderation.report_abuse_form.invalid": "Ogiltiga argument",
 	"moderation.report_abuse_form.already_reported": "Du har redan rapporterat detta innehåll",
 	"moderation.abuse_category": "Kategori",
 	"moderation.abuse_category.placeholder": "Välj en kategori",
-	"moderation.abuse_category.spam": "Skräppost",
+	"moderation.abuse_category.spam": "Skräp",
 	"moderation.abuse_category.malware": "Skadlig kod",
 	"settings.visibility.description": "Profilens synlighet påverkar andras möjlighet att komma åt dina icke-privata förråd. <a href=\"%s\" target=\"_blank\">Läs mer</a>.",
-	"avatar.constraints_hint": "Anpassade avatarer får inte vara större än %[1] eller %[2]dx%[3] bildpunkter",
-	"og.repo.summary_card.alt_description": "Sammanfattningskort för arkivet %[1]s, beskrivet som: %[2]s",
+	"avatar.constraints_hint": "Anpassade profilbilder får inte vara större än %[1] eller %[2]dx%[3] bildpunkter",
+	"og.repo.summary_card.alt_description": "Sammanfattningskort för kodförrådet %[1]s, beskrivet som: %[2]s",
 	"profile.actions.tooltip": "Fler åtgärder",
 	"keys.gpg.link": "GPG-nycklar",
 	"profile.edit.link": "Redigera profil",
@@ -279,7 +275,7 @@
 	"repo.diff.commit.next-short": "Nästa",
 	"repo.diff.commit.previous-short": "Föreg",
 	"feed.atom.link": "Atom-flöde",
-	"repo.pulls.already_merged": "Sammanfogning misslyckades: Denna pulka förfrågning har redan blivit sammanfogad.",
+	"repo.pulls.already_merged": "Sammanfogning misslyckades: Denna ändringsbegäran har redan sammanfogats.",
 	"pulse.n_active_issues": {
 		"one": "%s aktivt ärende",
 		"other": "%s aktiva ärenden"
@@ -289,7 +285,7 @@
 		"other": "%s aktiva pull-förfrågningar"
 	},
 	"migrate.form.error.url_credentials": "URL:en innehåller inloggningsuppgifter, sätt dem i respektive användarnamn- och lösenordsfält",
-	"migrate.git.description": "Migrera endast utvecklingskatalogen från vilken Git-tjänst som helst.",
+	"migrate.git.description": "Migrera ett kodförråd från en Git-tjänst.",
 	"migrate.gitea.description": "Migrera data från gitea.com eller andra Gitea-instanser.",
 	"migrate.gitlab.description": "Migrera data från gitlab.com eller annan GitLab-instans.",
 	"migrate.gogs.description": "Migrera data från notabug.org eller annan Gogs-instans.",
@@ -299,7 +295,7 @@
 	"migrate.forgejo.description": "Migrera data från codeberg.org eller annan Forgejo-instans.",
 	"repo.settings.push_mirror.branch_filter.label": "Grenfilter (frivilligt)",
 	"repo.settings.push_mirror.branch_filter.description": "Grenar att speglas. Lämna tom för att spegla alla grenar. Se <a href=\"%[1]s\">%[2]s dokumentation</a> för syntax. Exempel: <code>main, release/*</code>",
-	"admin.moderation.moderation_reports": "Moderationsrapporter",
+	"admin.moderation.moderation_reports": "Modereringsrapporter",
 	"admin.moderation.reports": "Rapporter",
 	"admin.moderation.no_open_reports": "Det finns för tillfället inga öppna rapporter.",
 	"mail.actions.run_info_sha": "Commit: %[1]s",
@@ -313,9 +309,9 @@
 	"admin.config.global_2fa_requirement.all": "Alla användare",
 	"admin.config.global_2fa_requirement.admin": "Administratörer",
 	"settings.twofa_unroll_unavailable": "Tvåfaktorsautentisering krävs för ditt konto och kan inte inaktiveras.",
-	"settings.must_enable_2fa": "Denna Forgejo-instans kräver användare att aktivera tvåfaktorsautentisering innan de kan komma at deras konto.",
-	"error.must_enable_2fa": "Denna Forgejo-instans kräver användare att aktivera tvåfaktorsautentisering innan de kan komma åt deras konto. Aktivera det på: %s",
-	"repo.commit.load_tags_failed": "Laddning av taggar misslyckades på grund av internt fel",
+	"settings.must_enable_2fa": "Denna Forgejo-instans kräver att användare aktiverar tvåfaktorsautentisering för att kunna komma åt sitt konto.",
+	"error.must_enable_2fa": "Denna Forgejo-instans kräver att användare aktiverar tvåfaktorsautentisering för att kunna komma åt sina konton. Aktivera det på: %s",
+	"repo.commit.load_tags_failed": "Insläsning av taggar misslyckades på grund av internt fel",
 	"compare.branches.title": "Jämför grenar",
 	"migrate.pagure.description": "Migrera data från pagure.io eller andra Pagure-instanser.",
 	"migrate.pagure.project_url": "Pagure projekt-URL",
@@ -323,35 +319,35 @@
 	"migrate.pagure.token_label": "Pagure API-token",
 	"actions.runs.run_attempt_label": "Kör försök #%[1]s (%[2]s)",
 	"migrate.github.description": "Migrera data från github.com eller GitHub Enterprise server.",
-	"repo.pulls.maintainers_can_edit": "Underhållsansvariga kan redigera denna pull-begäran.",
-	"repo.pulls.maintainers_cannot_edit": "Underhållsansvariga kan inte redigera denna pull-begäran.",
-	"mail.issue.action.close_by_commit": "%[1]s stängde %[2]s i commit %[3]s.",
-	"user.ghost.tooltip": "Denna användare har tagits bort eller kan inte matchas.",
+	"repo.pulls.maintainers_can_edit": "Förvaltare kan redigera denna ändringsbegäran.",
+	"repo.pulls.maintainers_cannot_edit": "Förvaltare kan inte redigera denna ändringsbegäran.",
+	"mail.issue.action.close_by_commit": "%[1]s stängde %[2]s i incheckning %[3]s.",
+	"user.ghost.tooltip": "Denna användare har blivit borttagen, eller kan inte hittas.",
 	"migrate.pagure.private_issues.summary": "Privata ärenden (valfritt)",
 	"release.n_downloads": {
 		"one": "%s nedladdning",
 		"other": "%s nedladdningar"
 	},
-	"actions.runs.view_most_recent_run": "Visa senaste körning",
+	"actions.runs.view_most_recent_run": "Visa senaste körningen",
 	"actions.workflow.job_parsing_error": "Kunde inte tolka jobb i arbetsflöde: %v",
 	"actions.workflow.pre_execution_error": "Arbetsflödet kördes inte på grund av ett fel som blockerade körningsförsöket.",
-	"warning.repository.out_of_sync": "Databasrepresentationen av detta arkiv är inte synkroniserad. Om denna varning fortfarande visas efter att du har skickat en commit till detta arkiv, kontakta administratören.",
+	"warning.repository.out_of_sync": "Databasrepresentationen av detta arkiv är inte synkroniserad. Om denna varning fortfarande visas efter att du har skickat en incheckning till detta arkiv, kontakta administratören.",
 	"admin.moderation.deleted_content_ref": "Rapporterat innehåll med typ %[1]v och id %[2]d finns inte längre",
 	"settings.twofa_reenroll": "Registrera om tvåfaktorsautentisering",
 	"settings.twofa_reenroll.description": "Registrera om din tvåfaktorsautentisering",
-	"migrate.pagure.incorrect_url": "Felaktig URL till källarkivet har angetts",
+	"migrate.pagure.incorrect_url": "Felaktig URL för kodförråd",
 	"migrate.pagure.private_issues.description": "Denna funktion är utformad för att skapa ett andra arkiv som endast innehåller privata ärenden från ditt Pagure-projekt för arkiveringsändamål. Utför först en normal migrering (utan token) för att importera allt publika innehåll. Om du har privata ärenden som du vill bevara skapar du sedan ett separat arkiv med hjälp av denna token-option för att arkivera dessa privata ärenden.",
-	"migrate.pagure.private_issues.warning": "Se till att ställa in synligheten för arkivet ovan till Privat om du använder API-nyckeln för att importera privata ärenden. Detta förhindrar att privat innehåll av misstag exponeras i ett publikt arkiv.",
+	"migrate.pagure.private_issues.warning": "Se till att ställa in synligheten för kodförrådet ovan till Privat om du använder API-nyckeln för att importera privata ärenden. Detta förhindrar att privat innehåll av misstag exponeras i ett publikt kodförråd.",
 	"migrate.pagure.token.placeholder": "Endast för att skapa privata ärendearkiv",
 	"actions.runs.viewing_out_of_date_run": "Du tittar på en föråldrad körning av detta jobb som utfördes %[1]s.",
 	"actions.workflow.event_detection_error": "Det går inte att tolka stödda händelser i arbetsflödet: %v",
 	"repo.pulls.poster_manage_approval": "Hantera godkännande",
-	"repo.issues.filter_poster.hint": "Filtrera efter upphovsperson",
+	"repo.issues.filter_poster.hint": "Filtrera efter författare",
 	"repo.issues.filter_assignee.hint": "Filtrera efter tilldelad användare",
 	"repo.issues.filter_reviewers.hint": "Filtrera efter användare som granskat",
 	"repo.issues.filter_mention.hint": "Filtrera efter nämnd användare",
 	"repo.issues.filter_modified.hint": "Filtrera efter senaste ändringsdatum",
-	"repo.pulls.poster_requires_approval.tooltip": "Upphovspersonen till denna pull-begäran är inte godkänd för att köra arbetsflöden som utlöses av en pull-begäran som skapats från ett förgrenat arkiv eller med AGit. Arbetsflöden som utlöses av en `pull_request`-händelse kommer inte att köras förrän de har godkänts.",
+	"repo.pulls.poster_requires_approval.tooltip": "Författaren av denna ändringsbegäran är inte godkänd för att köra arbetsflöden som utlöses av en ändringsbegäran skapad från ett avgrenat arkiv eller med AGit. Arbetsflöden som utlöses av en `pull_request`-händelse kommer inte att köras förrän de har godkänts.",
 	"repo.pulls.poster_trust_deny": "Neka",
 	"repo.pulls.poster_trust_deny.tooltip": "Arbetsflöden som väntar på godkännande kommer att avbrytas.",
 	"repo.pulls.poster_trust_once": "Godkänn en gång",
@@ -364,35 +360,76 @@
 	"teams.remove_all_repos.modal.header": "Ta bort alla arkiv",
 	"admin.auths.oauth2_quota_group_map_removal": "Ta bort användare från synkroniserade kvotgrupper om användaren inte tillhör motsvarande grupp.",
 	"issues.updated": "uppdaterade %s",
-	"repo.pulls.poster_requires_approval": "Vissa arbetsflöden <a href=\"%[1]s\">väntar på att bli granskade.</a>",
-	"repo.pulls.poster_is_trusted": "Upphovspersonen till denna pull-begäran är <a href=\"%[1]s\">alltid godkänd för att köra arbetsflöden.</a>",
-	"repo.pulls.poster_is_trusted.tooltip": "Upphovspersonen till denna pull-begäran är specifikt godkänd för att köra arbetsflöden som utlöses av en `pull_request`-händelser.",
+	"repo.pulls.poster_requires_approval": "Några arbetsflöden <a href=\"%[1]s\">väntar på att bli undersökta.</a>",
+	"repo.pulls.poster_is_trusted": "Författaren till denna ändringsbegäran är <a href=\"%[1]s\">alltid godkänd för att köra arbetsflöden.</a>",
+	"repo.pulls.poster_is_trusted.tooltip": "Författaren till denna ändringsbegäran är specifikt godkänd för att köra arbetsflöden som utlöses av `pull_request`-händelser.",
 	"search.fuzzy_tooltip": "Inkludera resultat som ungefärligt matchar söktermen",
 	"search.fuzzy": "Ungefärlig",
 	"fork.n_forks": {
-		"one": "%s gaffling",
-		"other": "%s gafflingar"
+		"one": "%s avgrening",
+		"other": "%s avgreningar"
 	},
 	"watch.n_watchers": {
-		"one": "%s bevakning",
-		"other": "%s bevakningar"
+		"one": "%s följare",
+		"other": "%s följare"
 	},
-	"repo.issues.filter_sort.hint": "Sortera utifrån: skapad/kommentarer/uppdaterad/deadline",
-	"repo.pulls.poster_trust_once.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer köra denna commit men kommer behöva godkännas för framtida commits pushade till den här pull-begäran.",
-	"repo.pulls.poster_trust_always.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer köra denna commit och kommer inte behöva godkännas för den här eller framtida pull-begäran från samma användare.",
-	"repo.pulls.poster_trust_revoke.tooltip": "Upphovspersonen för den här pull-begäran kommer inte längre vara godkänd för att köra arbetsflöden som utlösts av en `pull_request`-begäran, så att varje körning måste bli godkänd manuellt.",
-	"search.syntax": "Syntax för sökning",
-	"keys.verify.token.hint": "Den här token är bara giltig i 1 minut <a href=\"%[1]s\">Skaffa en ny om den har gått ut</a>.",
+	"repo.issues.filter_sort.hint": "Sortera utifrån: skapad/kommentarer/uppdaterad/slutdatum",
+	"repo.pulls.poster_trust_once.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer att köra för denna incheckning men kommer att behöva godkännas för alla framtida incheckningar uppskickade till denna ändringsbegäran.",
+	"repo.pulls.poster_trust_always.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer köra för denna incheckning och kommer inte att behöva godkännas för den här eller framtida ändringsbegäran från samma användare.",
+	"repo.pulls.poster_trust_revoke.tooltip": "Författaren av denna ändringsbegäran kommer inte längre vara godkänd för att köra arbetsflöden som utlösts av en `pull_request`-begäran, varje körning måste godkännas manuellt.",
+	"search.syntax": "Söksyntax",
+	"keys.verify.token.hint": "Denna token är bara giltig i 1 minut <a href=\"%[1]s\">Skaffa en ny om den har gått ut</a>.",
 	"moderation.report.mark_as_handled": "Markera som hanterad",
 	"moderation.report.mark_as_ignored": "Markera som ignorerad",
 	"moderation.action.account.delete": "Radera kontot",
 	"moderation.action.account.suspend": "Stäng av kontot",
-	"moderation.action.repo.delete": "Radera källförrådet",
+	"moderation.action.repo.delete": "Radera kodförrådet",
 	"moderation.action.issue.delete": "Radera ärende",
 	"moderation.action.comment.delete": "Radera kommentar",
 	"moderation.unknown_action": "Okänd åtgärd",
 	"moderation.users.cannot_suspend_self": "Du kan inte stänga av dig själv.",
-	"moderation.users.cannot_suspend_admins": "Användare med administrativ åtkomst kan inte bli avstängda.",
+	"moderation.users.cannot_suspend_admins": "Användare med administrativa rättigheter kan inte bli avstängda.",
 	"moderation.users.cannot_suspend_org": "Organisationer kan inte bli avstängda.",
-	"moderation.users.already_suspended": "Användarkontot är redan avstängt."
+	"moderation.users.already_suspended": "Användarkontot är redan avstängt.",
+	"actions.status.diagnostics.waiting": {
+		"one": "Väntar på en körare med följande etikett: %s",
+		"other": "Väntar på en körare med följande etiketter: %s"
+	},
+	"repo.view.gitmodules_too_large": ".gitmodules-filen är för stor och kommer därför att ignoreras (till exempel vid anrop via API)",
+	"install.ssh_authorized_keys_inspection_error": "Misslyckades med att inspektera befintlig authorized_keys-fil: %v",
+	"install.ssh_authorized_keys_unexpected_key": "SSH-aktivering för Forgejo krockar med den befintliga nyckelfilen på %s som innehåller existerande SSH-nycklar. Förslag: använd en egen systemanvändare för Forgejo eller inaktivera SSH.",
+	"moderation.users.suspend_success": "Användarkontot har inaktiverats.",
+	"moderation.users.cannot_delete_admins": "Det går inte att radera användare med administrationsrättigheter.",
+	"moderation.issue.deletion_success": "Ärendet har tagits bort.",
+	"moderation.comment.deletion_success": "Kommentaren har tagits bort.",
+	"actions.workflow.incomplete_matrix_missing_job": "Misslyckades med att läsa `strategy.matrix` för jobb %[1]s: jobb %[1]s saknar jobb %[2]s i sin `needs`-lista (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Misslyckades med att utvärdera `strategy.matrix` för jobb %[1]s: utdata %[3]s saknas från jobb %[2]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Misslyckades med att utvärdera `strategy.matrix` för jobb %[1]s: okänt fel uppstod.",
+	"actions.workflow.incomplete_runson_missing_job": "Misslyckades med att utvärdera `runs-on` för jobb %[1]s: jobb %[2]s saknas i `needs`-listan för jobb %[1]s (referens: %[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Misslyckades med att utvärdera `runs-on` för jobb %[1]s: utdata %[3]s saknas från jobb %[2]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Misslyckades med att utvärdera `runs-on` för jobb %[1]s: matrisdimension %[2]s saknas.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Misslyckades med att utvärdera `runs-on` för jobb %[1]s: okänt fel.",
+	"actions.workflow.incomplete_with_missing_job": "Misslyckades med att utvärdera `with` för jobb %[1]s: jobb %[2]s finns inte i `needs`-listan för jobb %[1]s (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "Misslyckades med att utvärdera `with` för jobb %[1]s: jobb %[2]s saknar utdatan %[3]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Misslyckades med att utvärdera `with` för jobb %[1]s: matrisdimensionen %[2]s existerar inte.",
+	"actions.workflow.incomplete_with_unknown_cause": "Misslyckades med att utvärdera `with` för jobb %s: okänt fel.",
+	"actions.secrets.creation.name_description": "Namnet på en hemlighet kan endast innehålla bokstäver, siffror och understreck. Det får inte börja med FORGEJO_, GITEA_, GITHUB_ eller en siffra. Forgejo kommer automatiskt att omvandla namnet till versaler.",
+	"actions.secrets.creation.value_description": "Värdet på en hemlighet kan vara vilken text som helst. Specialtecken bevaras. CRLF (Windows-radbrytningar) konverteras automatiskt till LF. Koda värdet med Base64 om radbrytningar ska bevaras.",
+	"actions.variables.mutation.name_description": "Namnet på en variabel kan endast innehålla bokstäver, siffror och understreck. Det kan inte döpas till CI eller börja med FORGEJO_, GITEA_, GITHUB_ eller en siffra. Forgejo kommer automatiskt att omvandla namnet till versaler.",
+	"actions.variables.mutation.value_description": "En variabels värde kan bestå av valfri text. Specialtecken bevaras. CRLF (radbrytningar i Windows-stil) konverteras automatiskt till LF. Koda värdet med Base64 om radbrytningarna behöver bibehållas.",
+	"pulls.manual_merge.helper": "Manuell sammanfogningshjälp",
+	"pulls.manual_merge.helpder.description": "Använd detta sammanfogningsmeddelande när sammanfogningen slutförs manuellt.",
+	"pulls.manual_merge.commit.title": "Rubrik för sammanfogningsincheckningen",
+	"pulls.manual_merge.commit.body": "Innehåll för sammanfogningsincheckningen",
+	"pulls.manual_merge.copy.button": "Kopiera sammanfogningens incheckningsmeddelande",
+	"admin.auths.oauth2_quota_group_claim_name": "Namn på anspråk (claim) som tillhandahåller gruppnamn för denna källa, att användas för kvothantering. (Valfritt)",
+	"admin.auths.oauth2_quota_group_map": "Mappa grupper från 'claim' till kvotgrupper. (Valfritt – kräver 'claim'-namn ovan)",
+	"editor.search": "Sök",
+	"editor.find_previous": "Föregående",
+	"editor.find_next": "Nästa",
+	"editor.replace": "Ersätt",
+	"editor.replace_all": "Ersätta alla",
+	"editor.toggle_case": "Växla skiftlägeskänslighet",
+	"editor.toggle_regex": "Använd reguljära uttryck",
+	"editor.toggle_whole_word": "Matcha hela ord"
 }
diff --git a/options/locale_next/locale_ta.json b/options/locale_next/locale_ta.json
index 7de40f5eef..e222f62a61 100644
--- a/options/locale_next/locale_ta.json
+++ b/options/locale_next/locale_ta.json
@@ -221,13 +221,9 @@
 		"other": "%d ஆண்டுகளுக்கு முன்பு"
 	},
 	"relativetime.1day": "நேற்று",
-	"relativetime.2days": "இரண்டு நாட்களுக்கு முன்பு",
 	"relativetime.1week": "கடந்த வாரம்",
-	"relativetime.2weeks": "இரண்டு வாரங்களுக்கு முன்பு",
 	"relativetime.1month": "கடந்த மாதம்",
-	"relativetime.2months": "இரண்டு மாதங்களுக்கு முன்பு",
 	"relativetime.1year": "கடந்த ஆண்டு",
-	"relativetime.2years": "இரண்டு ஆண்டுகளுக்கு முன்பு",
 	"repo.pulls.already_merged": "ஒன்றிணைக்க முடியவில்லை: இந்த இழுத்தல் கோரிக்கை ஏற்கனவே ஒன்றிணைக்கப்பட்டுள்ளது.",
 	"repo.pulls.merged_title_desc": {
 		"one": "%[1]d கமிட் <code>%[2]s</code> இலிருந்து <code>%[3]s</code> %[4]s இல் இணைக்கப்பட்டது",
@@ -408,5 +404,28 @@
 	"actions.workflow.incomplete_runson_unknown_cause": "%[1]s வேலையின் `ரன்-ஆன்` என்பதை மதிப்பிட முடியவில்லை: தெரியாத பிழை.",
 	"admin.auths.oauth2_quota_group_claim_name": "இந்த மூலத்திற்கான குழுப் பெயர்களை வழங்குவதற்கான உரிமைகோரல் பெயர் ஒதுக்கீடு மேலாண்மைக்கு பயன்படுத்தப்படும். (விரும்பினால்)",
 	"admin.auths.oauth2_quota_group_map": "மேப் உரிமைகோரப்பட்ட குழுக்களுக்கு ஒதுக்கப்பட்ட குழுக்களுக்கு. (விரும்பினால் - மேலே உள்ள உரிமைகோரல் பெயர் தேவை)",
-	"admin.auths.oauth2_quota_group_map_removal": "பயனர் தொடர்புடைய குழுவில் இல்லை என்றால், ஒத்திசைக்கப்பட்ட கோட்டா குழுக்களில் இருந்து பயனர்களை அகற்றவும்."
+	"admin.auths.oauth2_quota_group_map_removal": "பயனர் தொடர்புடைய குழுவில் இல்லை என்றால், ஒத்திசைக்கப்பட்ட கோட்டா குழுக்களில் இருந்து பயனர்களை அகற்றவும்.",
+	"issues.updated": "புதுப்பிக்கப்பட்டது %s",
+	"repo.view.gitmodules_too_large": ".gitmodules கோப்பு மிகவும் பெரியது மற்றும் புறக்கணிக்கப்படும் (உதாரணமாக பநிஇ அழைப்புகளில்)",
+	"search.fuzzy": "தெளிவற்ற",
+	"search.fuzzy_tooltip": "முடிவுகளைச் சேர்த்தல் என்பது தேடல் சொல்லுடன் தோராயமான பொருத்தமாகும்",
+	"install.ssh_authorized_keys_inspection_error": "ஏற்கனவே உள்ள authorized_keys கோப்பை ஆய்வு செய்ய முடியவில்லை: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Forgejo க்கு பாஓடு ஐ இயக்குவது ஏற்கனவே உள்ள பாஓடு விசைகளைக் கொண்ட %s இல் உள்ள கோப்புடன் முரண்படுகிறது. பரிந்துரைகள்: Forgejo க்கான பிரத்யேக கணினி பயனரைப் பயன்படுத்தவும் அல்லது பாஓடு ஐ முடக்கவும்.",
+	"actions.workflow.incomplete_with_missing_job": "%[1]s வேலையின் `உடன்` மதிப்பிட முடியவில்லை: வேலை %[2]s வேலை %[1]s (%[3]s) இன் `தேவைகள்` பட்டியலில் இல்லை.",
+	"actions.workflow.incomplete_with_missing_output": "%[1]s வேலையின் `உடன்` என்பதை மதிப்பிட முடியவில்லை: வேலை %[2]s இல் %[3]s வெளியீடு இல்லை.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "வேலை %[1]s `உடன்` மதிப்பிட முடியவில்லை: மேட்ரிக்ச் பரிமாணம் %[2]s இல்லை.",
+	"actions.workflow.incomplete_with_unknown_cause": "வேலை %[1] இன் `உடன்` மதிப்பிட முடியவில்லை: அறியப்படாத பிழை.",
+	"pulls.manual_merge.helper": "கைமுறையாக ஒன்றிணைக்கும் உதவியாளர்",
+	"pulls.manual_merge.helpder.description": "ஒன்றிணைப்பை கைமுறையாக முடிக்கும்போது இந்த ஒன்றிணைப்பு உறுதி செய்தியைப் பயன்படுத்தவும்.",
+	"pulls.manual_merge.commit.title": "உறுதி தலைப்பை இணைக்கவும்",
+	"pulls.manual_merge.commit.body": "உறுதி உடலை இணைக்கவும்",
+	"pulls.manual_merge.copy.button": "ஒன்றிணைக்கும் உறுதி செய்தியை நகலெடுக்கவும்",
+	"editor.search": "தேடல்",
+	"editor.find_previous": "முந்தைய கண்டுபிடிப்பு",
+	"editor.find_next": "அடுத்த கண்டுபிடிப்பு",
+	"editor.replace": "மாற்றவும்",
+	"editor.replace_all": "அனைத்தையும் மாற்றவும்",
+	"editor.toggle_case": "கேச் உணர்திறனை நிலைமாற்று",
+	"editor.toggle_regex": "வழக்கமான வெளிப்பாடுகளைப் பயன்படுத்தி மாறவும்",
+	"editor.toggle_whole_word": "முழு வார்த்தைகளையும் பொருத்த நிலைமாற்று"
 }
diff --git a/options/locale_next/locale_th.json b/options/locale_next/locale_th.json
index 954e5c4364..539731fb6b 100644
--- a/options/locale_next/locale_th.json
+++ b/options/locale_next/locale_th.json
@@ -194,13 +194,9 @@
 	"relativetime.months": "%d เดือนที่แล้ว",
 	"relativetime.years": "%d ปีที่แล้ว",
 	"relativetime.1day": "เมื่อวาน",
-	"relativetime.2days": "สองวันที่แล้ว",
 	"relativetime.1week": "สัปดาห์ที่แล้ว",
-	"relativetime.2weeks": "สองสัปดาห์ที่แล้ว",
 	"relativetime.1month": "เดือนที่แล้ว",
-	"relativetime.2months": "สองเดือนที่แล้ว",
 	"relativetime.1year": "ปีที่แล้ว",
-	"relativetime.2years": "สองปีที่แล้ว",
 	"repo.pulls.already_merged": "การรวมล้มเหลว: คำขอดึงนี้ถูกรวมไปแล้ว",
 	"repo.pulls.merged_title_desc": "รวม %[1]d คอมมิตจาก <code>%[2]s</code> ไปยัง <code>%[3]s</code> %[4]s",
 	"repo.pulls.title_desc": "ต้องการรวม %[1]d คอมมิตจาก <code>%[2]s</code> ไปยัง <code id=\"%[4]s\">%[3]s</code>",
diff --git a/options/locale_next/locale_tok.json b/options/locale_next/locale_tok.json
index e1940e1e14..344a8c4f55 100644
--- a/options/locale_next/locale_tok.json
+++ b/options/locale_next/locale_tok.json
@@ -1,3 +1,8 @@
 {
-	"meta.last_line": " "
+	"meta.last_line": " ",
+	"home.welcome.no_activity": "ijo sin ala li lon",
+	"home.welcome.activity_hint": "sina pali la sona pali li lon ni.",
+	"home.explore_repos": "o alasa e poki",
+	"home.explore_users": "o alasa e jan",
+	"home.explore_orgs": "o alasa e kulupu"
 }
diff --git a/options/locale_next/locale_tr-TR.json b/options/locale_next/locale_tr-TR.json
index 016b299da3..ae26ae6fd4 100644
--- a/options/locale_next/locale_tr-TR.json
+++ b/options/locale_next/locale_tr-TR.json
@@ -193,13 +193,9 @@
 	"relativetime.now": "şimdi",
 	"relativetime.future": "gelecekte",
 	"relativetime.1day": "dün",
-	"relativetime.2days": "evvelsi gün",
 	"relativetime.1week": "geçen hafta",
-	"relativetime.2weeks": "iki hafta önce",
 	"relativetime.1month": "geçen ay",
-	"relativetime.2months": "iki ay önce",
 	"relativetime.1year": "geçen yıl",
-	"relativetime.2years": "iki yıl önce",
 	"repo.pulls.already_merged": "Birleştirme başarısız: Bu birleştirme isteği zaten birleştirilmiş.",
 	"repo.pulls.maintainers_can_edit": "Bakımcılar bu birleştirme isteğini düzenleyebilirler.",
 	"repo.pulls.maintainers_cannot_edit": "Bakımcılar bu birleştirme isteğini düzenleyemezler.",
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index b70bf9e9fe..c96f3fde16 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -102,7 +102,7 @@
 	"packages.npm.dependencies.development": "Залежності розробки",
 	"packages.npm.dependencies.bundle": "Пакетні залежності",
 	"packages.npm.dependencies.peer": "Однорангові залежності",
-	"packages.npm.dependencies.optional": "Необов'язкові залежності",
+	"packages.npm.dependencies.optional": "Необов’язкові залежності",
 	"packages.npm.details.tag": "Тег",
 	"packages.pypi.requires": "Необхідний Python",
 	"packages.pypi.install": "Аби встановити пакунок, використовуючи pip, виконайте команду:",
@@ -231,13 +231,9 @@
 	},
 	"relativetime.1day": "учора",
 	"relativetime.1week": "минулого тижня",
-	"relativetime.2weeks": "два тижні тому",
 	"relativetime.1month": "минулого місяця",
 	"relativetime.1year": "минулого року",
-	"relativetime.2years": "два роки тому",
-	"relativetime.2months": "два місяці тому",
 	"relativetime.now": "щойно",
-	"relativetime.2days": "два дні тому",
 	"relativetime.future": "у майбутньому",
 	"relativetime.weeks": {
 		"one": "%d тиждень тому",
@@ -444,5 +440,11 @@
 	"pulls.manual_merge.commit.title": "Заголовок коміту злиття",
 	"pulls.manual_merge.commit.body": "Тіло коміту злиття",
 	"pulls.manual_merge.copy.button": "Копіювати повідомлення коміту злиття",
-	"repo.view.gitmodules_too_large": "Файл .gitmodules занадто великий і буде проігнорований (наприклад, при викликах API)"
+	"repo.view.gitmodules_too_large": "Файл .gitmodules занадто великий і буде проігнорований (наприклад, при викликах API)",
+	"install.ssh_authorized_keys_inspection_error": "Не вдалося перевірити наявний файл authorized_keys: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Увімкнення SSH для Forgejo конфліктує з файлом, розташованим за адресою %s, який містить існуючі ключі SSH. Підказка: використовуйте для Forgejo спеціального системного користувача або вимкніть SSH.",
+	"actions.secrets.creation.name_description": "Ім’я секрету може містити тільки літери, цифри та підкреслення. Не може починатися з FORGEJO_, GITEA_, GITHUB_ або цифри. Forgejo автоматично переводить його у верхній регістр.",
+	"actions.variables.mutation.name_description": "Ім’я змінної може містити лише літери, цифри та підкреслення. Не можна називати змінну CI або починати ім’я з FORGEJO_, GITEA_, GITHUB_ чи цифри. Forgejo автоматично переводить його у верхній регістр.",
+	"actions.secrets.creation.value_description": "Значенням секрету може бути будь-який текст. Спеціальні символи зберігаються. CRLF (розриви рядків у форматі Windows) автоматично замінюються на LF. Якщо розриви рядків потрібно зберегти, закодуйте значення за допомогою Base64.",
+	"actions.variables.mutation.value_description": "Значенням змінної може бути будь-який текст. Спеціальні символи зберігаються. CRLF (розриви рядків у форматі Windows) автоматично замінюються на LF. Якщо розриви рядків потрібно зберегти, закодуйте значення за допомогою Base64."
 }
diff --git a/options/locale_next/locale_uz.json b/options/locale_next/locale_uz.json
index 2aeab4207b..21fc022cd5 100644
--- a/options/locale_next/locale_uz.json
+++ b/options/locale_next/locale_uz.json
@@ -35,13 +35,9 @@
 		"other": "%d yil oldin."
 	},
 	"relativetime.1day": "kecha",
-	"relativetime.2days": "2 kun oldin",
 	"relativetime.1week": "oxirgi hafta",
-	"relativetime.2weeks": "ikki hafta oldin",
 	"relativetime.1month": "oxirgi oy",
-	"relativetime.2months": "ikki oy oldin",
 	"relativetime.1year": "oxirgi yil",
-	"relativetime.2years": "ikki yil oldin",
 	"search.syntax": "Qidiruv sintaksisi",
 	"repo.settings.push_mirror.branch_filter.label": "Branch filteri (ixtiyoriy)",
 	"meta.last_line": " "
diff --git a/options/locale_next/locale_vi.json b/options/locale_next/locale_vi.json
index b46340f93b..dee83ccaa0 100644
--- a/options/locale_next/locale_vi.json
+++ b/options/locale_next/locale_vi.json
@@ -24,13 +24,9 @@
 	"relativetime.months": "%d tháng trước",
 	"relativetime.years": "%d năm trước",
 	"relativetime.1day": "hôm qua",
-	"relativetime.2days": "hôm kia",
 	"relativetime.1week": "tuần trước",
-	"relativetime.2weeks": "hai tuần trước",
 	"relativetime.1month": "tháng trước",
-	"relativetime.2months": "hai tháng trước",
 	"relativetime.1year": "năm ngoái",
-	"relativetime.2years": "hai năm trước",
 	"migrate.form.error.url_credentials": "URL có chứa thông tin đăng nhập, điền chúng vào các ô tên người dùng và mật khẩu tương ứng",
 	"migrate.github.description": "Nhập dữ liệu từ github.com hoặc máy chủ GitHub Enterprise.",
 	"migrate.git.description": "Chỉ nhập kho mã từ dịch vụ Git bất kì.",
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index 8affe68a05..3af38a6099 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -206,14 +206,10 @@
 	"relativetime.months": "%d 个月前",
 	"relativetime.years": "%d 年前",
 	"relativetime.1day": "昨天",
-	"relativetime.2days": "两天前",
 	"relativetime.1week": "上周",
 	"relativetime.1month": "上个月",
-	"relativetime.2months": "两个月前",
 	"relativetime.1year": "去年",
-	"relativetime.2years": "两年前",
 	"relativetime.now": "现在",
-	"relativetime.2weeks": "两周前",
 	"relativetime.days": "%d 天前",
 	"moderation.report_abuse_form.details": "此表单用于举报创建垃圾个人信息、仓库、议题、评论或行为不当的用户。",
 	"admin.config.moderation_config": "审核配置",
@@ -384,5 +380,7 @@
 	"editor.toggle_case": "切换大小写敏感",
 	"editor.toggle_regex": "切换正则表达式",
 	"editor.toggle_whole_word": "切换全词匹配",
-	"repo.view.gitmodules_too_large": ".gitmodules 因太大而被（API等）忽略"
+	"repo.view.gitmodules_too_large": ".gitmodules 因太大而被（API等）忽略",
+	"install.ssh_authorized_keys_inspection_error": "无法检查已存在的 authorized_keys 文件：%v",
+	"install.ssh_authorized_keys_unexpected_key": "为 Forgejo 启用 SSH 与位于 %s 的文件冲突，该文件包含已存在的 SSH 密钥。建议：为 Forgejo 使用独立的系统用户或禁用 SSH。"
 }
diff --git a/options/locale_next/locale_zh-TW.json b/options/locale_next/locale_zh-TW.json
index d1be2fb0f7..00ca6f6685 100644
--- a/options/locale_next/locale_zh-TW.json
+++ b/options/locale_next/locale_zh-TW.json
@@ -217,13 +217,9 @@
 	"relativetime.months": "%d 個月前",
 	"relativetime.years": "%d 年前",
 	"relativetime.1day": "昨天",
-	"relativetime.2days": "兩天前",
 	"relativetime.1week": "上週",
-	"relativetime.2weeks": "兩週前",
 	"relativetime.1month": "上個月",
-	"relativetime.2months": "兩個月前",
 	"relativetime.1year": "去年",
-	"relativetime.2years": "兩年前",
 	"moderation.abuse_category.other_violations": "其他違反平台規則的行為",
 	"mail.actions.not_successful_run_subject": "儲存庫 %[2]s 中的工作流程 %[1]s 已失敗",
 	"mail.actions.successful_run_after_failure": "儲存庫 %[2]s 中的工作流程 %[1]s 已恢復",

From b085be779c17bc30318d304d952893f4b4958af5 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Mon, 16 Feb 2026 17:38:56 +0100
Subject: [PATCH 336/854] i18n(*): migrate 92 strings to json (#11325)

Previous migration: https://codeberg.org/forgejo/forgejo/pulls/10979

The white holes in between the red diff lines of the INI files aren't a migration bug: they are orphan strings that weren't cleaned up yet from those files.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11325
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 options/locale/locale_ar.ini              |  66 --------------
 options/locale/locale_bg.ini              |  46 ----------
 options/locale/locale_ca.ini              |  10 +--
 options/locale/locale_cs-CZ.ini           |  96 ---------------------
 options/locale/locale_da.ini              |  92 --------------------
 options/locale/locale_de-DE.ini           |  96 ---------------------
 options/locale/locale_el-GR.ini           |  95 --------------------
 options/locale/locale_en-US.ini           |  95 --------------------
 options/locale/locale_es-ES.ini           |  94 +-------------------
 options/locale/locale_fa-IR.ini           |  31 -------
 options/locale/locale_fi-FI.ini           |  86 -------------------
 options/locale/locale_fil.ini             |  92 --------------------
 options/locale/locale_fr-FR.ini           |  95 --------------------
 options/locale/locale_ga-IE.ini           |  70 ---------------
 options/locale/locale_hu-HU.ini           |  27 ------
 options/locale/locale_id-ID.ini           |  34 --------
 options/locale/locale_is-IS.ini           |  18 ----
 options/locale/locale_it-IT.ini           |  93 --------------------
 options/locale/locale_ja-JP.ini           |  96 ---------------------
 options/locale/locale_ka.ini              |  43 ----------
 options/locale/locale_kab.ini             |   4 -
 options/locale/locale_ko-KR.ini           |  32 +------
 options/locale/locale_lv-LV.ini           |  95 --------------------
 options/locale/locale_nds.ini             |  92 --------------------
 options/locale/locale_nl-NL.ini           |  93 --------------------
 options/locale/locale_pl-PL.ini           |  95 +-------------------
 options/locale/locale_pt-BR.ini           |  97 ---------------------
 options/locale/locale_pt-PT.ini           |  95 --------------------
 options/locale/locale_ru-RU.ini           |  95 --------------------
 options/locale/locale_si-LK.ini           |  19 ----
 options/locale/locale_sk-SK.ini           |   7 --
 options/locale/locale_sl.ini              |   3 +-
 options/locale/locale_sr-SP.ini           |   1 -
 options/locale/locale_sv-SE.ini           |  93 --------------------
 options/locale/locale_ta.ini              |  92 --------------------
 options/locale/locale_th.ini              |  92 --------------------
 options/locale/locale_tr-TR.ini           |  96 +--------------------
 options/locale/locale_uk-UA.ini           |  96 ---------------------
 options/locale/locale_vi.ini              |   1 -
 options/locale/locale_zh-CN.ini           |  95 --------------------
 options/locale/locale_zh-HK.ini           |  22 -----
 options/locale/locale_zh-TW.ini           |  95 --------------------
 options/locale_next/locale_ar.json        |  66 ++++++++++++++
 options/locale_next/locale_bg.json        |  45 ++++++++++
 options/locale_next/locale_ca.json        |   8 ++
 options/locale_next/locale_cs-CZ.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_da.json        |  92 ++++++++++++++++++++
 options/locale_next/locale_de-DE.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_el-GR.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_en-US.json     | 100 +++++++++++++++++++++-
 options/locale_next/locale_es-ES.json     |  89 +++++++++++++++++++
 options/locale_next/locale_fa-IR.json     |  30 +++++++
 options/locale_next/locale_fi-FI.json     |  85 ++++++++++++++++++
 options/locale_next/locale_fil.json       |  92 ++++++++++++++++++++
 options/locale_next/locale_fr-FR.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_ga.json        |  70 +++++++++++++++
 options/locale_next/locale_hu-HU.json     |  23 +++++
 options/locale_next/locale_id-ID.json     |  29 +++++++
 options/locale_next/locale_is-IS.json     |  14 +++
 options/locale_next/locale_it-IT.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_ja-JP.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_ka.json        |  43 ++++++++++
 options/locale_next/locale_kab.json       |   4 +
 options/locale_next/locale_ko-KR.json     |  26 ++++++
 options/locale_next/locale_lv-LV.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_nds.json       |  92 ++++++++++++++++++++
 options/locale_next/locale_nl-NL.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_pl-PL.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_pt-BR.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_pt-PT.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_ru-RU.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_si-LK.json     |  15 ++++
 options/locale_next/locale_sk-SK.json     |   3 +
 options/locale_next/locale_sl.json        |   1 +
 options/locale_next/locale_sr-SP.json     |   1 +
 options/locale_next/locale_sv-SE.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_ta.json        |  92 ++++++++++++++++++++
 options/locale_next/locale_th.json        |  92 ++++++++++++++++++++
 options/locale_next/locale_tr-TR.json     |  91 ++++++++++++++++++++
 options/locale_next/locale_uk-UA.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_vi.json        |   1 +
 options/locale_next/locale_zh-CN.json     |  92 ++++++++++++++++++++
 options/locale_next/locale_zh-HK.json     |  18 ++++
 options/locale_next/locale_zh-TW.json     |  92 ++++++++++++++++++++
 routers/web/repo/actions/actions.go       |   2 +-
 routers/web/shared/actions/runners.go     |  10 +--
 templates/shared/actions/runner_edit.tmpl |   8 +-
 templates/shared/actions/runner_list.tmpl |   2 +-
 88 files changed, 2707 insertions(+), 2794 deletions(-)

diff --git a/options/locale/locale_ar.ini b/options/locale/locale_ar.ini
index 41bda7f325..a92baa3307 100644
--- a/options/locale/locale_ar.ini
+++ b/options/locale/locale_ar.ini
@@ -2072,39 +2072,11 @@ code_last_indexed_at = فُهرس آخر مرة %s
 [actions]
 variables.none = لا توجد متغيرات بعد.
 variables.deletion = أزل المتغير
-runners.task_list.run = شغّل
-runners.task_list.status = الحالة
-runners.task_list.no_tasks = لا توجد مهام بعد.
 variables.creation = أضف متغيرا
-runners.runner_title = مشغّل
-runners.task_list.commit = الإيداع
-runners.task_list = المهام الأخيرة على هذا المشغّل
 variables.management = إدارة المتغيرات
-runners.task_list.repository = المستودع
 variables = المتغيرات
 variables.deletion.description = إزالة المتغيرات عملية نهائية لا يمكن التراجع عنها. أتريد الاستمرار؟
-status.failure = فشل
-runners.status.idle = خامل
-runners.task_list.done_at = تم عند
-status.running = يعمل
-runners.status.active = نشيط
-runners.status = الحالة
-runners.description = الوصف
-runners.update_runner = حدّث التغييرات
-runners.name = الاسم
-runners.version = النسخة
-runs.status = الحالة
-status.unknown = مجهول
-runners.owner_type = النوع
-status.waiting = ينتظر
-runners.labels = التصنيفات
-runners.status.unspecified = مجهول
-runs.commit = إيداع
-status.success = نجح
 runs.empty_commit_message = (رسالة إيداع فارغة)
-status.cancelled = ملغي
-runs.status_no_select = كل الحالات
-runs.scheduled = مُجدوَل
 variables.edit = عدّل المتغير
 variables.update.success = عُدِّل المتغير.
 variables.update.failed = فشل تعديل المتغير.
@@ -2113,26 +2085,7 @@ variables.creation.failed = فشل إضافة المتغير.
 variables.creation.success = تم إضافة المتغير "%s".
 variables.deletion.success = تم حذف المتغير.
 variables.id_not_exist = المتغير ذو المعرّف %d ليس موجودا.
-actions = الإجراءات
 unit.desc = أدر الإجراءات
-status.skipped = متخطى
-runners = المشغلون
-runners.runner_manage_panel = إدارة المشغلين
-runners.new = أنشئ مشغلا جديدا
-runners.new_notice = كيف تبدأ مشغلا (بالإنجليزية)
-runners.id = المعرّف
-runners.last_online = آخر مرة كان متصلا
-runners.none = لا مشغّل متاح
-runners.status.offline = غير متصل
-runs.pushed_by = دفعه
-runs.no_matching_online_runner_helper = لا يوجد
-runners.edit_runner = عدّل المشغّل
-runners.update_runner_success = نجح تحديث المشغّل
-runners.update_runner_failed = تعذر تحديث المشغّل
-runners.delete_runner = احذف هذا المشغّل
-runners.delete_runner_success = نجح حذف المشغّل
-runners.delete_runner_failed = تعذر حذف المشغّل
-runners.delete_runner_header = تأكيد حذف هذا المشغّل
 variables.description = تمرر المتغيرات إلى إجراءات معينة ولا يمكن قراءتها بطريقة أخرى.
 
 [modal]
@@ -2155,21 +2108,8 @@ changed_filemode = %[1]s → %[2]s
 symbolic_link = رابط رمزي
 
 [dropzone]
-invalid_input_type = لا يمكنك رفع ملفات من هذا النوع.
-default_message = اسحب الملفات أو اضغط هنا لرفعها.
-file_too_big = حجم الملف ({{filesize}} مب) يتعدى الحد الأقصى ({{maxFilesize}} مب).
-remove_file = أزل الملف
 
 [notification]
-notifications = الإشعارات
-unread = إلغِ القراءة
-pin = ثبت التنبية
-mark_as_unread = علّم كغير مقروء
-no_read = لا يوجد تنبيهات مقروءه.
-mark_as_read = علّم كمقروء
-read = اقرأ
-no_unread = لا يوجد تنبيهات غير مقروءه.
-mark_all_as_read = علّم الكل كمقروء
 
 [tool]
 hours = %d ساعات
@@ -2223,12 +2163,6 @@ error.no_unit_allowed_repo = ليس مسموحا لك الوصول إلى أي 
 error.unit_not_allowed = ليس مسموحا لك الوصول إلى هذا القسم في المستودع.
 
 [gpg]
-default_key = موقّع بالمفتاح المبدئي
-error.extract_sign = تعذّر استخراج التوقيع
-error.generate_hash = تعذّر إنشاء بصمة الإيداع
-error.no_committer_account = لا حساب مرتبط ببريد المودِع
-error.not_signed_commit = ليس إيداعًا موقّعًا
-error.failed_retrieval_gpg_keys = تعذّر جلب مفتاح مرتبط بحساب المودِع
 
 [graphs]
 component_loading = يحمّل %s...
diff --git a/options/locale/locale_bg.ini b/options/locale/locale_bg.ini
index 96f34afaca..934c1508bc 100644
--- a/options/locale/locale_bg.ini
+++ b/options/locale/locale_bg.ini
@@ -2231,18 +2231,6 @@ platform_desc = Forgejo работи на свободни операционн
 license_desc = Вземете <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Присъединете се към нас, <a target="_blank" rel="noopener noreferrer" href="%[2]s">допринасяйки</a>, за да направите този проект още по-добър. Не се колебайте да сътрудничите!
 
 [notification]
-subscriptions = Абонаменти
-unread = Непрочетени
-no_subscriptions = Няма абонаменти
-mark_as_unread = Отбелязване като непрочетено
-no_read = Няма прочетени известия.
-mark_as_read = Отбелязване като прочетено
-notifications = Известия
-read = Прочетени
-watching = Наблюдавани
-no_unread = Няма непрочетени известия.
-mark_all_as_read = Отбелязване на всички като прочетени
-pin = Закачване на известието
 
 [explore]
 go_to = Отиване към
@@ -2255,10 +2243,7 @@ relevant_repositories = Показани са само подходящи хра
 relevant_repositories_tooltip = Хранилищата, които са разклонения или нямат тема, икона или описание, са скрити.
 
 [actions]
-runners.version = Версия
 variables = Променливи
-runners.labels = Етикети
-actions = Действия
 variables.none = Все още няма променливи.
 variables.creation.failed = Неуспешно добавяне на променлива.
 variables.update.failed = Неуспешно редактиране на променлива.
@@ -2269,20 +2254,10 @@ variables.deletion = Премахване на променливата
 variables.update.success = Променливата е редактирана.
 variables.creation = Добавяне на променлива
 variables.deletion.failed = Неуспешно премахване на променлива.
-runners.task_list.repository = Хранилище
-runners.description = Описание
 runs.no_workflows.help_no_write_access = За да научите повече за Forgejo Actions, вижте <a target="_blank" rel="noopener noreferrer" href="%s">документацията</a>.
 variables.management = Управление на променливи
 variables.not_found = Променливата не е открита.
 variables.id_not_exist = Променлива с идентификатор %d не съществува.
-runners.owner_type = Тип
-status.cancelled = Отменено
-status.running = Изпълнява се
-status.success = Успешно
-status.waiting = Изчаква се
-status.unknown = Неизвестно
-status.failure = Неуспешно
-status.skipped = Пропуснато
 unit.desc = Управление на интегрирани CI/CD pipelines с Forgejo Actions.
 
 [heatmap]
@@ -2304,10 +2279,6 @@ submodule = Подмодул
 
 
 [dropzone]
-default_message = Пуснете файлове тук или щракнете, за качване.
-remove_file = Премахване на файла
-file_too_big = Размерът на файла ({{filesize}} MB) надвишава максималния размер от ({{maxFilesize}} MB).
-invalid_input_type = Не можете да качвате файлове от този тип.
 
 [graphs]
 component_loading_failed = Неуспешно зареждане на %s
@@ -2354,29 +2325,12 @@ filepreview.lines = Редове от %[1]d до %[2]d в %[3]s
 filepreview.line = Ред %[1]d в %[2]s
 
 [munits.data]
-b = Б
-kib = КиБ
-mib = МиБ
-gib = ГиБ
-tib = ТиБ
-pib = ПиБ
-eib = ЕиБ
-
 
 [translation_meta]
 test = окей
 
 
 [gpg]
-default_key = Подписано с ключ по подразбиране
-error.no_gpg_keys_found = Не е намерен известен ключ за този подпис в базата данни
-error.not_signed_commit = Не е подписано подаване
-error.generate_hash = Неуспешно генериране на хеш на подаването
-error.extract_sign = Неуспешно извличане на подпис
-error.probable_bad_signature = ВНИМАНИЕ! Въпреки че има ключ с това ID в базата данни, той не потвърждава това подаване! Това подаване е ПОДОЗРИТЕЛНО.
-error.failed_retrieval_gpg_keys = Неуспешно извличане на ключ, свързан с акаунта на подаващия
-error.probable_bad_default_signature = ВНИМАНИЕ! Въпреки че ключът по подразбиране има това ID, той не потвърждава това подаване! Това подаване е ПОДОЗРИТЕЛНО.
-error.no_committer_account = Няма акаунт, свързан с адреса за ел. поща на подаващия
 
 [repo.permissions]
 projects.read = <b>Четене:</b> Достъп до проектните табла на хранилището.
diff --git a/options/locale/locale_ca.ini b/options/locale/locale_ca.ini
index baefa88c67..473583df29 100644
--- a/options/locale/locale_ca.ini
+++ b/options/locale/locale_ca.ini
@@ -2316,12 +2316,4 @@ orgs.new_orga = Nova organització
 repositories = Repositoris
 hooks = Webhooks
 
-[actions]
-runners.name = Nom
-runners.owner_type = Tipus
-runners.task_list.repository = Repositori
-runners.task_list.commit = Commit
-runs.commit = Commit
-runners.description = Descripció
-runners.labels = Etiquetes
-runners.version = Versió
\ No newline at end of file
+[actions]
\ No newline at end of file
diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 3a0e3d564f..134877487e 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -3497,35 +3497,10 @@ raw_seconds=sekund
 raw_minutes=minut
 
 [dropzone]
-default_message=Přetáhněte soubory nebo klikněte sem pro nahrání.
-invalid_input_type=Nemůžete nahrávat soubory tohoto typu.
-file_too_big=Velikost souboru ({{filesize}} MB) je vyšší než maximální velikost ({{maxFilesize}} MB).
-remove_file=Smazat soubor
 
 [notification]
-notifications=Oznámení
-unread=Nepřečtené
-read=Přečtené
-no_unread=Žádná nepřečtená oznámení.
-no_read=Žádná přečtená oznámení.
-pin=Připnout upozornění
-mark_as_read=Označit jako přečtené
-mark_as_unread=Označit jako nepřečtené
-mark_all_as_read=Označit vše jako přečtené
-subscriptions=Odběry
-watching=Sledované
-no_subscriptions=Žádné odběry
 
 [gpg]
-default_key=Podepsáno výchozím klíčem
-error.extract_sign=Selhalo získání podpisu
-error.generate_hash=Selhalo vygenerování hashe revize
-error.no_committer_account=Žádný účet není propojen s e-mailovou adresou přispěvatele
-error.no_gpg_keys_found=V databázi nebyl nalezen žádný známý klíč pro tento podpis
-error.not_signed_commit=Nepodepsaná revize
-error.failed_retrieval_gpg_keys=Nepodařilo se získat žádný klíč propojený s účtem přispěvatele
-error.probable_bad_signature=VAROVÁNÍ! Přestože v databázi existuje klíč s tímto ID, tato revize jím není ověřena! Tato revize je PODEZŘELÁ.
-error.probable_bad_default_signature=VAROVÁNÍ! Přestože má výchozí klíč toto ID, tato revize jím není ověřena! Tato revize je PODEZŘELÁ.
 
 [units]
 unit=Jednotka
@@ -3555,64 +3530,8 @@ deletion.failed=Nepodařilo se odstranit tajný klíč.
 management=Správa tajných klíčů
 
 [actions]
-actions=Akce
-
 unit.desc=Spravovat integrované pipeliny CI/CD pomocí funkce Forgejo Actions.
 
-status.unknown=Neznámý
-status.waiting=Čekání
-status.running=Probíhá
-status.success=Úspěch
-status.failure=Chyba
-status.cancelled=Zrušeno
-status.skipped=Přeskočeno
-status.blocked=Blokováno
-
-runners.new=Vytvořit nový runner
-runners.new_notice=Jak spustit runner
-runners.status=Status
-runners.id=ID
-runners.name=Název
-runners.owner_type=Typ
-runners.description=Popis
-runners.labels=Štítky
-runners.last_online=Naposledy online
-runners.runner_title=Runner
-runners.task_list=Nedávné úlohy na tomto runneru
-runners.task_list.no_tasks=Zatím zde nejsou žádné úlohy.
-runners.task_list.run=Spustit
-runners.task_list.status=Status
-runners.task_list.repository=Repozitář
-runners.task_list.commit=Revize
-runners.task_list.done_at=Dokončeno v
-runners.edit_runner=Upravit Runner
-runners.update_runner=Aktualizovat změny
-runners.update_runner_success=Runner byl úspěšně aktualizován
-runners.update_runner_failed=Aktualizace runneru se nezdařila
-runners.delete_runner=Odstranit tento runner
-runners.delete_runner_success=Runner byl úspěšně odstraněn
-runners.delete_runner_failed=Odstranění runneru selhalo
-runners.delete_runner_header=Potvrdit odstranění tohoto runneru
-runners.delete_runner_notice=Pokud na tomto runneru běží úloha, bude ukončena a označena jako neúspěšná. Může dojít k přerušení vytváření workflow.
-runners.status.unspecified=Neznámý
-runners.status.idle=Nečinný
-runners.status.active=Aktivní
-runners.status.offline=Offline
-runners.version=Verze
-runners.reset_registration_token=Resetovat registrační token
-runners.reset_registration_token_success=Registrační token runneru byl úspěšně obnoven
-
-runs.all_workflows=Všechny workflowy
-runs.commit=Revize
-runs.scheduled=Naplánováno
-runs.invalid_workflow_helper=Konfigurační soubor pracovního postupu je neplatný. Zkontrolujte prosím konfigurační soubor: %s
-runs.no_matching_online_runner_helper=Žádný odpovídající online runner s popiskem: %s
-runs.actor=Aktér
-runs.status=Status
-runs.actors_no_select=Všichni aktéři
-runs.status_no_select=Všechny stavy
-runs.no_results=Nebyly nalezeny žádné výsledky.
-runs.no_workflows=Zatím nebyly vytvořeny žádné pracovní postupy.
 runs.no_runs=Pracovní postup zatím nebyl spuštěn.
 runs.empty_commit_message=(prázdná zpráva revize)
 
@@ -3638,14 +3557,7 @@ variables.creation.failed=Přidání proměnné se nezdařilo.
 variables.creation.success=Proměnná „%s“ byla přidána.
 variables.update.failed=Úprava proměnné se nezdařila.
 variables.update.success=Proměnná byla upravena.
-runners.none = Nejsou dostupné žádné runnery
-runs.workflow = Workflow
-runners = Runnery
-runs.pushed_by = pushnuta uživatelem
 need_approval_desc = Potřebovat schválení pro spouštění workflowů pro žádosti o sloučení forků.
-runners.runner_manage_panel = Správa runnerů
-runs.no_job_without_needs = Workflow musí obsahovat alespoň jednu práci bez závislostí.
-runs.no_job = Workflow musí obsahovat alespoň jednu úlohu
 workflow.dispatch.use_from = Použít workflow z
 workflow.dispatch.run = Spustit workflow
 workflow.dispatch.input_required = Vyžadovaná hodnota pro vstup „%s“.
@@ -3707,14 +3619,6 @@ filepreview.line = Řádek %[1]d v souboru %[2]s
 filepreview.truncated = Náhled byl zkrácen
 
 [munits.data]
-b = B
-kib = KiB
-mib = MiB
-gib = GiB
-tib = TiB
-pib = PiB
-eib = EiB
-
 
 [translation_meta]
 test = diky vsem za pomoc :)
diff --git a/options/locale/locale_da.ini b/options/locale/locale_da.ini
index 75164efc9a..cbfc0a1550 100644
--- a/options/locale/locale_da.ini
+++ b/options/locale/locale_da.ini
@@ -2701,18 +2701,6 @@ settings.event_action_recover = Gendan
 issues.filter_type.all_pull_requests = Alle pull-anmodninger
 
 [notification]
-watching = Overvåger
-read = Læs
-notifications = Notifikationer
-no_unread = Ingen ulæste notifikationer.
-unread = Ulæst
-mark_as_read = Markér som læst
-no_read = Ingen læste notifikationer.
-mark_all_as_read = Markér alle som læste
-mark_as_unread = Markér som ulæst
-subscriptions = Abonnementer
-no_subscriptions = Ingen abonnementer
-pin = Fastgør notifikation
 
 [action]
 watched_repo = begyndte at overvåge <a href="%[1]s">%[2]s</a>
@@ -3384,56 +3372,16 @@ owner.settings.cleanuprules.keep.count.1 = 1 version pr. pakke
 owner.settings.cleanuprules.keep.count.n = %d versioner pr. pakke
 
 [actions]
-runners.description = Beskrivelse
-runners.labels = Etiketter
-runners.name = Navn
-runners.task_list.repository = Depot
-runners.status.active = Aktiv
-runners.status.offline = Offline
-runners.version = Version
-runners.owner_type = Type
-runners = Runners
 unit.desc = Administrer integrerede CI/CD-pipelines med Forgejo Actions.
-status.unknown = Ukendt
-runners.runner_title = Runner
-runners.task_list = Seneste opgaver på denne løber
-runners.task_list.run = Kør
-runners.task_list.commit = Commit
-runners.edit_runner = Rediger Runner
-runs.commit = Commit
-runs.scheduled = Planlagt
-runs.pushed_by = pushed af
-status.running = Kører
-status.waiting = Venter
-runners.new_notice = Hvordan man starter en runner
-status.success = Succes
 variables.not_found = Variablen kunne ikke findes.
-runs.workflow = Arbejdsgang
-runners.last_online = Sidste online tid
-runners.task_list.done_at = Udført kl
-runners.update_runner = Opdater ændringer
-runners.update_runner_success = Runner blev opdateret
-runners.update_runner_failed = Løberen kunne ikke opdateres
-runners.delete_runner_failed = Runner kunne ikke slettes
-runners.delete_runner_header = Bekræft for at slette denne runner
-runners.status.idle = Tomgang
-runs.no_job_without_needs = Arbejdsgangen skal indeholde mindst ét job uden afhængigheder.
-runs.no_job = Arbejdsgangen skal indeholde mindst ét job
-runs.no_results = Ingen resultater matchede.
-runs.no_workflows = Der er endnu ingen arbejdsgange.
 workflow.enable = Aktiver arbejdsgang
 workflow.enable_success = Arbejdsgangen "%s" blev aktiveret.
 variables.none = Der er ingen variabler endnu.
 variables.edit = Rediger variabel
 variables.deletion.success = Variablen er blevet fjernet.
 variables.creation.failed = Kunne ikke tilføje variabel.
-runners.delete_runner_notice = Hvis en opgave kører på denne runner, vil den blive afsluttet og markeret som mislykket. Det kan bryde bygningens arbejdsgang.
 runs.no_workflows.help_write_access = Ved du ikke, hvordan du starter med Forgejo Actions? Tjek <a target="_blank" rel="noopener noreferrer" href="%s">hurtigstarten i brugerdokumentationen</a> for at skrive dit første workflow, og <a target="_blank" rel="noopener noreferrer" href="%s">opsæt en Forgejo-løber</a> til at udføre dine opgaver.
-runners.delete_runner_success = Runner blev slettet
 variables.update.success = Variablen er blevet redigeret.
-status.cancelled = Annulleret
-status.skipped = Oversprunget
-status.blocked = Blokeret
 workflow.disable_success = Arbejdsgangen "%s" blev deaktiveret.
 workflow.disable = Deaktiver arbejdsgang
 workflow.dispatch.use_from = Brug arbejdsgangen fra
@@ -3445,24 +3393,9 @@ workflow.dispatch.input_required = Kræv værdi for input "%s".
 workflow.dispatch.invalid_input_type = Ugyldig inputtype "%s".
 variables.creation = Tilføj variabel
 need_approval_desc = Har brug for godkendelse for at køre arbejdsgange for fork pull-anmodning.
-runners.delete_runner = Slet denne runner
-runners.status.unspecified = Ukendt
-runners.reset_registration_token_success = Runner registreringstoken blev nulstillet
-runs.all_workflows = Alle arbejdsgange
-runners.reset_registration_token = Nulstil registreringstoken
 runs.empty_commit_message = (tom commit besked)
 runs.expire_log_message = Logfiler er blevet renset, fordi de var for gamle.
 variables = Variabler
-runs.actor = Aktør
-actions = Handlinger
-runners.status = Status
-runners.task_list.status = Status
-runners.id = ID
-runners.task_list.no_tasks = Der er ingen opgave endnu.
-runs.status = Status
-runs.actors_no_select = Alle aktører
-runs.status_no_select = Alle status
-runners.none = Ingen runners tilgængelige
 variables.management = Administrer variabler
 variables.creation.success = Variablen "%s" er blevet tilføjet.
 variables.update.failed = Variablen kunne ikke redigeres.
@@ -3472,12 +3405,7 @@ variables.id_not_exist = Variabel med ID %d findes ikke.
 variables.deletion.description = Fjernelse af en variabel er permanent og kan ikke fortrydes. Vil du fortsætte?
 variables.description = Variabler vil blive videregivet til visse handlinger og kan ikke læses på anden vis.
 variables.deletion.failed = Variablen kunne ikke fjernes.
-runs.no_matching_online_runner_helper = Ingen matchende online-runner med etiket: %s
-runners.runner_manage_panel = Administrer runners
-runners.new = Opret ny runner
 workflow.dispatch.run = Kør arbejdsgang
-runs.invalid_workflow_helper = Workflow-konfigurationsfilen er ugyldig. Tjek venligst din konfigurationsfil: %s
-status.failure = Fiasko
 runs.no_runs = Workflowet har ingen kørsler endnu.
 
 [tool]
@@ -3545,30 +3473,10 @@ none = Der er ingen hemmeligheder endnu.
 creation.failed = Kunne ikke tilføje hemmelighed.
 
 [dropzone]
-invalid_input_type = Filer af denne type må ikke uploades.
-remove_file = Fjern fil
-default_message = Slip filer eller klik her for at uploade.
-file_too_big = Filstørrelsen ({{filesize}} MB) overstiger den maksimale størrelse på ({{maxFilesize}} MB).
 
 [gpg]
-default_key = Underskrevet med standardnøglen
-error.generate_hash = Kunne ikke generere hash af commit
-error.no_committer_account = Ingen konto knyttet til committers e-mailadresse
-error.probable_bad_default_signature = ADVARSEL! Selvom standardnøglen har dette ID, bekræfter den ikke denne commit! Denne commit er MISTÆNLIG.
-error.no_gpg_keys_found = Ingen kendt nøgle fundet for denne signatur i databasen
-error.not_signed_commit = Ikke en underskrevet commit
-error.failed_retrieval_gpg_keys = Kunne ikke hente nogen nøgle knyttet til committerens konto
-error.probable_bad_signature = ADVARSEL! Selvom der er en nøgle med dette ID i databasen, bekræfter den ikke denne commit! Denne commit er MISTÆNLIG.
-error.extract_sign = Kunne ikke udtrække signatur
 
 [munits.data]
-kib = KiB
-b = B
-pib = PiB
-mib = MiB
-tib = TiB
-eib = EiB
-gib = GiB
 
 [units]
 error.no_unit_allowed_repo = Du har ikke tilladelse til at få adgang til nogen sektion af dette depot.
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index b61a852f76..f316cb55c9 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -3497,35 +3497,10 @@ raw_seconds=Sekunden
 raw_minutes=Minuten
 
 [dropzone]
-default_message=Zum Hochladen hier klicken oder Datei ablegen.
-invalid_input_type=Dateien dieses Dateityps können nicht hochgeladen werden.
-file_too_big=Dateigröße ({{filesize}} MB) überschreitet die Maximalgröße ({{maxFilesize}} MB).
-remove_file=Datei entfernen
 
 [notification]
-notifications=Nachrichten
-unread=Ungelesen
-read=Gelesen
-no_unread=Keine ungelesenen Benachrichtigungen.
-no_read=Keine gelesenen Benachrichtigungen.
-pin=Benachrichtigung pinnen
-mark_as_read=Als gelesen markieren
-mark_as_unread=Als ungelesen markieren
-mark_all_as_read=Alle als gelesen markieren
-subscriptions=Abonnements
-watching=Beobachtet
-no_subscriptions=Keine Abonnements
 
 [gpg]
-default_key=Mit Standardschlüssel signiert
-error.extract_sign=Die Signatur konnte nicht extrahiert werden
-error.generate_hash=Es konnte kein Hash vom Commit generiert werden
-error.no_committer_account=Es ist kein Account mit der E-Mail-Adresse des Committers verbunden
-error.no_gpg_keys_found=Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden
-error.not_signed_commit=Kein signierter Commit
-error.failed_retrieval_gpg_keys=Fehler beim Abrufen eines Schlüssels des Committer-Kontos
-error.probable_bad_signature=WARNHINWEIS! Obwohl ein Schlüssel mit dieser ID in der Datenbank existiert, verifiziert er nicht diesen Commit! Dieser Commit ist VERDÄCHTIG.
-error.probable_bad_default_signature=WARNHINWEIS! Obwohl der Standardschlüssel diese ID hat, verifiziert er nicht diesen Commit! Dieser Commit ist VERDÄCHTIG.
 
 [units]
 unit=Einheit
@@ -3555,66 +3530,8 @@ deletion.failed=Geheimnis konnte nicht entfernt werden.
 management=Geheimnisse verwalten
 
 [actions]
-actions=Actions
-
 unit.desc=Integrierte CI/CD-Pipelines mit Forgejo-Actions verwalten.
 
-status.unknown=Unbekannt
-status.waiting=Wartend
-status.running=Laufend
-status.success=Erfolg
-status.failure=Fehler
-status.cancelled=Abgebrochen
-status.skipped=Übersprungen
-status.blocked=Blockiert
-
-runners=Runner
-runners.runner_manage_panel=Runner verwalten
-runners.new=Neuen Runner erstellen
-runners.new_notice=Wie man einen Runner startet
-runners.status=Status
-runners.id=ID
-runners.name=Name
-runners.owner_type=Typ
-runners.description=Beschreibung
-runners.labels=Labels
-runners.last_online=Letzte Online-Zeit
-runners.runner_title=Runner
-runners.task_list=Letzte Aufgaben dieses Runners
-runners.task_list.no_tasks=Es gibt noch keine Aufgabe.
-runners.task_list.run=Ausführen
-runners.task_list.status=Status
-runners.task_list.repository=Repository
-runners.task_list.commit=Commit
-runners.task_list.done_at=Fertig um
-runners.edit_runner=Runner bearbeiten
-runners.update_runner=Änderungen anwenden
-runners.update_runner_success=Runner erfolgreich aktualisiert
-runners.update_runner_failed=Der Runner konnte nicht aktualisiert werden
-runners.delete_runner=Diesen Runner löschen
-runners.delete_runner_success=Runner erfolgreich gelöscht
-runners.delete_runner_failed=Der Runner konnte nicht gelöscht werden
-runners.delete_runner_header=Bestätigen, um diesen Runner zu löschen
-runners.delete_runner_notice=Wenn eine Aufgabe auf diesem Runner ausgeführt wird, wird sie beendet und als fehlgeschlagen markiert. Dies könnte Workflows zerstören.
-runners.none=Keine Runner verfügbar
-runners.status.unspecified=Unbekannt
-runners.status.idle=Inaktiv
-runners.status.active=Aktiv
-runners.status.offline=Offline
-runners.version=Version
-runners.reset_registration_token=Registrierungs-Token zurücksetzen
-runners.reset_registration_token_success=Runner-Registrierungstoken erfolgreich zurückgesetzt
-
-runs.all_workflows=Alle Workflows
-runs.commit=Commit
-runs.scheduled=Geplant
-runs.pushed_by=gepusht von
-runs.invalid_workflow_helper=Die Workflow-Konfigurationsdatei ist ungültig. Bitte überprüfe deine Konfigurationsdatei: %s
-runs.actor=Initiator
-runs.status=Status
-runs.actors_no_select=Alle Initiatoren
-runs.status_no_select=Alle Status
-runs.no_results=Keine passenden Ergebnisse gefunden.
 runs.no_runs=Der Workflow hat noch keine Ausführungen.
 
 workflow.disable=Workflow deaktivieren
@@ -3639,13 +3556,8 @@ variables.creation.failed=Fehler beim Hinzufügen der Variable.
 variables.creation.success=Die Variable „%s“ wurde hinzugefügt.
 variables.update.failed=Fehler beim Bearbeiten der Variable.
 variables.update.success=Die Variable wurde bearbeitet.
-runs.no_matching_online_runner_helper = Es existiert kein passender Online-Runner mit dem Label: %s
-runs.no_workflows = Es existieren noch keine Workflows.
 runs.empty_commit_message = (leere Commit-Nachricht)
 variables.id_not_exist = Variable mit ID %d existiert nicht.
-runs.workflow = Workflow
-runs.no_job_without_needs = Der Workflow muss mindestens einen Job ohne Abhängigkeiten enthalten.
-runs.no_job = Der Workflow muss mindestens einen Job enthalten
 workflow.dispatch.use_from = Workflow benutzen von
 workflow.dispatch.run = Workflow ausführen
 workflow.dispatch.input_required = Wert für Eingabe „%s“ erfordern.
@@ -3707,14 +3619,6 @@ filepreview.truncated = Vorschau wurde gekürzt
 filepreview.lines = Zeilen %[1]d bis %[2]d in %[3]s
 
 [munits.data]
-gib = GiB
-b = B
-kib = KiB
-tib = TiB
-pib = PiB
-mib = MiB
-eib = EiB
-
 
 [translation_meta]
 test = ok
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 50b5c36651..333d158c5b 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -3496,35 +3496,10 @@ raw_seconds=δευτερόλεπτα
 raw_minutes=λεπτά
 
 [dropzone]
-default_message=Σύρετε αρχεία ή κάντε κλικ εδώ για να τα ανεβάσετε.
-invalid_input_type=Δεν μπορείτε να ανεβάσετε αρχεία αυτού του τύπου.
-file_too_big=Το μέγεθος αρχείου ({{filesize}} MB) υπερβαίνει το μέγιστο μέγεθος ({{maxFilesize}} MB).
-remove_file=Αφαίρεση αρχείου
 
 [notification]
-notifications=Ειδοποιήσεις
-unread=Μη αναγνωσμένες
-read=Αναγνωσμένες
-no_unread=Καμία μη αναγνωσμένη ειδοποίηση.
-no_read=Δεν υπάρχουν αναγνωσμένες ειδοποιήσεις.
-pin=Καρφίτσωμα ειδοποίησης
-mark_as_read=Σήμανση ως αναγνωσμένη
-mark_as_unread=Σήμανση ως μη αναγνωσμένη
-mark_all_as_read=Σήμανση όλων ως αναγνωσμένες
-subscriptions=Συνδρομές
-watching=Παρακολούθηση
-no_subscriptions=Καμία συνδρομή
 
 [gpg]
-default_key=Υπογραφή με το προεπιλεγμένο κλειδί
-error.extract_sign=Αποτυχία εξαγωγής υπογραφής
-error.generate_hash=Αποτυχία δημιουργίας hash της υποβολής
-error.no_committer_account=Δεν υπάρχει λογαριασμός που συσχετίζεται με τη διεύθυνση email του υποβάλλοντα
-error.no_gpg_keys_found=Δεν βρέθηκε γνωστό κλειδί για αυτήν την υπογραφή στη βάση δεδομένων
-error.not_signed_commit=Η υποβολή δεν είναι υπογεγραμμένη
-error.failed_retrieval_gpg_keys=Αποτυχία ανάκτησης κλειδιού που είναι συνδεδεμένο στο λογαριασμό του υποβάλλοντα
-error.probable_bad_signature=ΠΡΟΣΟΧΗ! Αν και υπάρχει ένα κλειδί με αυτό το ID στη βάση δεδομένων δεν επαληθεύει αυτή την υποβολή! Αυτή η υποβολή είναι ΥΠΟΠΤΗ.
-error.probable_bad_default_signature=ΠΡΟΣΟΧΗ! Αν και το προεπιλεγμένο κλειδί έχει αυτό το ID, δεν επαληθεύει αυτή την υποβολή! Αυτή η υποβολή είναι ΥΠΟΠΤΗ.
 
 [units]
 unit=Μονάδα
@@ -3554,68 +3529,8 @@ deletion.failed=Αποτυχία αφαίρεσης μυστικού.
 management=Διαχείριση μυστικών
 
 [actions]
-actions=Actions
-
 unit.desc=Διαχείριση δράσεων
 
-status.unknown=Απροσδιόριστη
-status.waiting=Σε αναμονή
-status.running=Σε εκτέλεση
-status.success=Επιτυχία
-status.failure=Αποτυχία
-status.cancelled=Ακυρώθηκε
-status.skipped=Παρακάμφθηκε
-status.blocked=Αποκλείστηκε
-
-runners=Εκτελεστές
-runners.runner_manage_panel=Διαχείριση εκτελεστών
-runners.new=Δημιουργία νέου εκτελεστή
-runners.new_notice=Πώς να ξεκινήσετε έναν εκτελεστή
-runners.status=Κατάσταση
-runners.id=ID
-runners.name=Όνομα
-runners.owner_type=Τύπος
-runners.description=Περιγραφή
-runners.labels=Ετικέτες
-runners.last_online=Τελευταία ώρα σύνδεσης
-runners.runner_title=Εκτελεστής
-runners.task_list=Πρόσφατες εργασίες στον εκτελεστή
-runners.task_list.no_tasks=Δεν υπάρχει καμία εργασία ακόμα.
-runners.task_list.run=Εκτέλεση
-runners.task_list.status=Κατάσταση
-runners.task_list.repository=Αποθετήριο
-runners.task_list.commit=Υποβολή
-runners.task_list.done_at=Έτοιμο στις
-runners.edit_runner=Επεξεργασία Εκτελεστή
-runners.update_runner=Ενημέρωση αλλαγών
-runners.update_runner_success=Ο εκτελεστής ενημερώθηκε επιτυχώς
-runners.update_runner_failed=Αποτυχία ενημέρωσης εκτελεστή
-runners.delete_runner=Διαγραφή του εκτελεστή
-runners.delete_runner_success=Ο εκτελεστής διαγράφηκε επιτυχώς
-runners.delete_runner_failed=Αποτυχία διαγραφής εκτελεστή
-runners.delete_runner_header=Επιβεβαιώστε για τη διαγραφή του εκτελεστή
-runners.delete_runner_notice=Αν μια εργασία εκτελείται σε αυτόν τον εκτελεστή, θα τερματιστεί και θα επισημανθεί ως αποτυχημένη. Μπορεί να χαλάσει τη ροή εργασίας του χτισίματος.
-runners.none=Δεν υπάρχουν διαθέσιμοι εκτελεστές
-runners.status.unspecified=Άγνωστη
-runners.status.idle=Αδρανής
-runners.status.active=Ενεργό
-runners.status.offline=Χωρίς Σύνδεση
-runners.version=Έκδοση
-runners.reset_registration_token=Επαναφορά διακριτικού εγγραφής
-runners.reset_registration_token_success=Επιτυχής επανέκδοση διακριτικού εγγραφής του εκτελεστή
-
-runs.all_workflows=Όλες οι ροές εργασίας
-runs.commit=Υποβολή
-runs.scheduled=Προγραμματισμένα
-runs.pushed_by=ωθήθηκε από
-runs.invalid_workflow_helper=Το αρχείο ροής εργασίας δεν είναι έγκυρο. Ελέγξτε το αρχείο σας: %s
-runs.no_matching_online_runner_helper=Κανένας δικτυακός δρομέας με ετικέτα: %s
-runs.actor=Φορέας
-runs.status=Κατάσταση
-runs.actors_no_select=Όλοι οι φορείς
-runs.status_no_select=Όλες οι καταστάσεις
-runs.no_results=Δεν βρέθηκαν αποτελέσματα.
-runs.no_workflows=Δεν υπάρχουν ροές εργασίας ακόμα.
 runs.no_runs=Η ροή εργασίας δεν έχει τρέξει ακόμα.
 runs.empty_commit_message=(κενό μήνυμα υποβολής)
 
@@ -3642,9 +3557,6 @@ variables.creation.success=Η μεταβλητή «%s» προστέθηκε.
 variables.update.failed=Αποτυχία επεξεργασίας μεταβλητής.
 variables.update.success=Η μεταβλητή έχει τροποποιηθεί.
 variables.id_not_exist = Η μεταβλητή με id %d δεν υπάρχει.
-runs.workflow = Ροή εργασίας
-runs.no_job_without_needs = Η ροή εργασίας πρέπει να περιέχει τουλάχιστον ένα έργο που δεν εξαρτάται από κάποιο άλλο έργο.
-runs.no_job = Η ροή εργασιών πρέπει να περιέχει τουλάχιστον μία εργασία (job)
 workflow.dispatch.trigger_found = Αυτή η ροή εργασίας έχει ένα «event trigger» <c>workflow_dispatch</c>.
 workflow.dispatch.success = Η εκτέλεση της ροής εργασίας αιτήθηκε επιτυχώς.
 workflow.dispatch.input_required = Απαιτείται τιμή για την είσοδο «%s».
@@ -3701,13 +3613,6 @@ regexp = Κανονική Έκφραση
 regexp_tooltip = Ερμηνεία του όρου αναζήτησης ως κανονική έκφραση
 
 [munits.data]
-mib = MiB
-gib = GiB
-tib = TiB
-pib = PiB
-eib = EiB
-b = B
-kib = KiB
 
 [markup]
 filepreview.line = Γραμμή %[1]d στο αρχείο %[2]s
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 8f338f238b..a72ddb6116 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3498,44 +3498,12 @@ raw_seconds = seconds
 raw_minutes = minutes
 
 [munits.data]
-b = B
-kib = KiB
-mib = MiB
-gib = GiB
-tib = TiB
-pib = PiB
-eib = EiB
 
 [dropzone]
-default_message = Drop files or click here to upload.
-invalid_input_type = You cannot upload files of this type.
-file_too_big = File size ({{filesize}} MB) exceeds the maximum size of ({{maxFilesize}} MB).
-remove_file = Remove file
 
 [notification]
-notifications = Notifications
-unread = Unread
-read = Read
-no_unread = No unread notifications.
-no_read = No read notifications.
-pin = Pin notification
-mark_as_read = Mark as read
-mark_as_unread = Mark as unread
-mark_all_as_read = Mark all as read
-subscriptions = Subscriptions
-watching = Watching
-no_subscriptions = No subscriptions
 
 [gpg]
-default_key=Signed with default key
-error.extract_sign = Failed to extract signature
-error.generate_hash = Failed to generate hash of commit
-error.no_committer_account = No account linked to committer's email address
-error.no_gpg_keys_found = No known key found for this signature in database
-error.not_signed_commit = Not a signed commit
-error.failed_retrieval_gpg_keys = Failed to retrieve any key attached to the committer's account
-error.probable_bad_signature = WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
-error.probable_bad_default_signature = WARNING! Although the default key has this ID it does not verify this commit! This commit is SUSPICIOUS.
 
 [units]
 unit = Unit
@@ -3559,69 +3527,6 @@ deletion.failed = Failed to remove secret.
 management = Manage secrets
 
 [actions]
-actions = Actions
-
-status.unknown = Unknown
-status.waiting = Waiting
-status.running = Running
-status.success = Success
-status.failure = Failure
-status.cancelled = Canceled
-status.skipped = Skipped
-status.blocked = Blocked
-
-runners = Runners
-runners.runner_manage_panel = Manage runners
-runners.new = Create new runner
-runners.new_notice = How to start a runner
-runners.status = Status
-runners.id = ID
-runners.name = Name
-runners.owner_type = Type
-runners.description = Description
-runners.labels = Labels
-runners.last_online = Last online time
-runners.runner_title = Runner
-runners.task_list = Recent tasks on this runner
-runners.task_list.no_tasks = There is no task yet.
-runners.task_list.run = Run
-runners.task_list.status = Status
-runners.task_list.repository = Repository
-runners.task_list.commit = Commit
-runners.task_list.done_at = Done at
-runners.edit_runner = Edit Runner
-runners.update_runner = Update changes
-runners.update_runner_success = Runner updated successfully
-runners.update_runner_failed = Failed to update runner
-runners.delete_runner = Delete this runner
-runners.delete_runner_success = Runner deleted successfully
-runners.delete_runner_failed = Failed to delete runner
-runners.delete_runner_header = Confirm to delete this runner
-runners.delete_runner_notice = If a task is running on this runner, it will be terminated and marked as failed. It may break building workflow.
-runners.none = No runners available
-runners.status.unspecified = Unknown
-runners.status.idle = Idle
-runners.status.active = Active
-runners.status.offline = Offline
-runners.version = Version
-runners.reset_registration_token = Reset registration token
-runners.reset_registration_token_success = Runner registration token reset successfully
-
-runs.all_workflows = All workflows
-runs.commit = Commit
-runs.scheduled = Scheduled
-runs.pushed_by = pushed by
-runs.workflow = Workflow
-runs.invalid_workflow_helper = Workflow config file is invalid. Please check your config file: %s
-runs.no_matching_online_runner_helper = No matching online runner with label: %s
-runs.no_job_without_needs = The workflow must contain at least one job without dependencies.
-runs.no_job = The workflow must contain at least one job
-runs.actor = Actor
-runs.status = Status
-runs.actors_no_select = All actors
-runs.status_no_select = All status
-runs.no_results = No results matched.
-runs.no_workflows = There are no workflows yet.
 runs.no_workflows.help_write_access = Don't know how to start with Forgejo Actions? Check out the <a target="_blank" rel="noopener noreferrer" href="%s">quick start in the user documentation</a> to write your first workflow, then <a target="_blank" rel="noopener noreferrer" href="%s">set up a Forgejo runner</a> to execute your jobs.
 runs.no_workflows.help_no_write_access = To learn about Forgejo Actions, see <a target="_blank" rel="noopener noreferrer" href="%s">the documentation</a>.
 runs.no_runs = The workflow has no runs yet.
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index ef6d794ffc..b46ed98325 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -3468,35 +3468,10 @@ raw_seconds=segundos
 raw_minutes=minutos
 
 [dropzone]
-default_message=Suelte archivos o haga clic aquí para subir.
-invalid_input_type=No puede subir archivos de este tipo.
-file_too_big=El tamaño del archivo ({{filesize}} MB) excede el tamaño máximo de ({{maxFilesize}} MB).
-remove_file=Eliminar archivo
 
 [notification]
-notifications=Notificaciones
-unread=Sin leer
-read=Leídas
-no_unread=No tiene notificaciones sin leer.
-no_read=No hay notificaciones.
-pin=Fijar notificación
-mark_as_read=Marcar como leído
-mark_as_unread=Marcar como no leído
-mark_all_as_read=Marcar todo como leído
-subscriptions=Suscripciones
-watching=Siguiendo
-no_subscriptions=Sin suscripciones
 
 [gpg]
-default_key=Firmado con clave predeterminada
-error.extract_sign=Error al extraer la firma
-error.generate_hash=Error al generar hash of commit
-error.no_committer_account=Ninguna cuenta vinculada a la dirección de correo electrónico del committer
-error.no_gpg_keys_found=No se encontró ninguna clave conocida en la base de datos para esta firma
-error.not_signed_commit=No es un commit firmado
-error.failed_retrieval_gpg_keys=No se pudo recuperar cualquier clave adjunta a la cuenta del committer
-error.probable_bad_signature=¡ADVERTENCIA! ¡Hay una clave con este ID en la base de datos, pero esa clave no verifica este commit! Este commit es SOSPECHOSO.
-error.probable_bad_default_signature=¡ADVERTENCIA! ¡La clave por defecto tiene este ID pero esa clave no verifica este commit! Este commit es SOSPECHOSO.
 
 [units]
 unit=Unidad
@@ -3526,66 +3501,8 @@ deletion.failed=Error al eliminar secreto.
 management=Gestión de secretos
 
 [actions]
-actions=Acciones
-
 unit.desc=Gestione procesos CI/CD integrados con Forgejo Actions.
 
-status.unknown=Desconocido
-status.waiting=Esperando
-status.running=Corriendo
-status.success=Éxito
-status.failure=Fallo
-status.cancelled=Cancelado
-status.skipped=Saltado
-status.blocked=Bloqueado
-
-runners=Nodos
-runners.runner_manage_panel=Gestión de nodos
-runners.new=Crear nuevo nodo
-runners.new_notice=Cómo iniciar un nodo
-runners.status=Estado
-runners.id=Id.
-runners.name=Nombre
-runners.owner_type=Tipo
-runners.description=Descripción
-runners.labels=Etiquetas
-runners.last_online=Última hora en línea
-runners.runner_title=Nodo
-runners.task_list=Tareas recientes en este nodo
-runners.task_list.no_tasks=Todavía no hay tarea.
-runners.task_list.run=Ejecutar
-runners.task_list.status=Estado
-runners.task_list.repository=Repositorio
-runners.task_list.commit=Confirmación
-runners.task_list.done_at=Hecho en
-runners.edit_runner=Editar nodo
-runners.update_runner=Actualizar cambios
-runners.update_runner_success=Nodo actualizado correctamente
-runners.update_runner_failed=Fallo al actualizar el nodo
-runners.delete_runner=Eliminar este nodo
-runners.delete_runner_success=Nodo eliminado con éxito
-runners.delete_runner_failed=Fallo al eliminar el nodo
-runners.delete_runner_header=Confirma para eliminar el nodo
-runners.delete_runner_notice=Si una tarea se está ejecutando en este nodo, se terminará y marcará como fallida. Puede romper el flujo de trabajo en curso.
-runners.none=No hay nodos disponibles
-runners.status.unspecified=Desconocido
-runners.status.idle=Inactivo
-runners.status.active=Activo
-runners.status.offline=Desconectado
-runners.version=Versión
-runners.reset_registration_token=Restablecer token de registro
-runners.reset_registration_token_success=Se ha restablecido correctamente el token de registro del nodo
-
-runs.all_workflows=Todos los flujos de trabajo
-runs.commit=Commit
-runs.scheduled=Programado
-runs.pushed_by=push enviado por
-runs.invalid_workflow_helper=El archivo de configuración del trabajo no es válido. Revisa tu archivo de configuración: %s
-runs.actor=Actor
-runs.status=Estado
-runs.actors_no_select=Todos los actores
-runs.status_no_select=Todo el estado
-runs.no_results=No hay resultados coincidentes.
 runs.no_runs=El flujo de trabajo no tiene ejecuciones todavía.
 
 workflow.disable=Desactivar flujo de trabajo
@@ -3613,11 +3530,9 @@ variables.update.success=La variable ha sido editada.
 variables.id_not_exist = Variable con id %d no existe.
 runs.empty_commit_message = (mensaje de commit vacío)
 runs.expire_log_message = Los registros han sido eliminados porque eran demasiado antiguos.
-runs.workflow = Flujo de trabajo
 workflow.dispatch.run = Correr flujo de trabajo
 workflow.dispatch.use_from = Usar el flujo de trabajo de
 workflow.dispatch.invalid_input_type = Tipo de entrada inválida "%s".
-runs.no_workflows = Aún no hay flujos de trabajo.
 workflow.dispatch.success = La ejecución del flujo de trabajo se ha solicitado correctamente.
 variables.not_found = No se ha encontrado la variable.
 workflow.dispatch.input_required = Se requiere valor para la entrada "%s".
@@ -3691,11 +3606,4 @@ issues.write = <b>Escritura:</b> Cerrar incidencias y gestion de metadatos como
 packages.write = <b>Escritura:</b> Publicar y eliminar paquetes asignados al repositorio.
 
 
-[munits.data]
-eib = EiB
-gib = GiB
-pib = PiB
-kib = KiB
-tib = TiB
-mib = MiB
-b = B
\ No newline at end of file
+[munits.data]
\ No newline at end of file
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index 85487dfb23..64639e80a1 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -2548,32 +2548,10 @@ raw_seconds=ثانیه
 raw_minutes=دقیقه
 
 [dropzone]
-default_message=فایل را در این محل رها کنید یا دکمه ی آپلود یا بارگزاری را فشار دهید.
-invalid_input_type=شما قادر به ارسال فایل های از این نوع نیستید.
-file_too_big=حجم فایل ({{filesize}} MB) بیش از حداکثر مجاز است ({{maxFilesize}} مگابایت).
-remove_file=حذف پرونده
 
 [notification]
-notifications=اعلان‌ها
-unread=خوانده نشده
-read=خواندن
-no_unread=اعلان خوانده نشده‌ای موجود نیست.
-no_read=اعلان خوانده شده‌ای موجود نیست.
-pin=سنجاق کردن اعلان
-mark_as_read=علامتگذاری بعنوان خوانده شده
-mark_as_unread=علامتگذاری بعنوان خوانده نشده
-mark_all_as_read=علامت همه به عنوان خوانده شده
 
 [gpg]
-default_key=ثبت شده با کلید پیش فرض
-error.extract_sign=خطا در استخراج امضا
-error.generate_hash=خطا در ساختن هش کامیت
-error.no_committer_account=هیچ ایمیلی به حساب کاربری صاحب کامیت پیونده داده نشده است
-error.no_gpg_keys_found=هیچ کلید شناخته شده ای برای این امضا در پایگاه داده ها یافت نشد
-error.not_signed_commit=هیچ کامیتی تکلیف نشده است
-error.failed_retrieval_gpg_keys=بازیابی هر کلیدی که به حساب کاربری کامیت دهنده پیوست شده بود ناموفق بود
-error.probable_bad_signature=هشدار! اگرچه اینجا یک کلید با ID در پایگاه داده است این کامیت تایید نشده است! این کامیت مشـــکــــوک است.
-error.probable_bad_default_signature=هشدار! اگرچه اینجا یک کلید پیش فرض با ID است این اما کامیت تایید نشده است! این کامیت مشـــکــــوک است.
 
 [units]
 error.no_unit_allowed_repo=شما اجازه دسترسی به هیچ قسمت از این مخزن را ندارید.
@@ -2586,15 +2564,6 @@ owner.settings.cleanuprules.enabled=فعال شده
 [secrets]
 
 [actions]
-runners.name=نام
-runners.owner_type=نوع
-runners.description=شرح
-runners.task_list.run=اجرا
-runners.task_list.repository=مخزن
-runners.task_list.commit=کامیت
-runners.status.active=فعال
-
-runs.commit=کامیت
 variables.edit = تغییر متغیر
 variables.deletion.success = متغیر حذف شد.
 variables.deletion = حذف متغیر
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index dba10fcfa1..f99f1bf9db 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -3206,35 +3206,10 @@ raw_seconds=sekuntia
 raw_minutes=minuuttia
 
 [dropzone]
-default_message=Pudota tiedostot tähän tai napsauta tästä lähettääksesi tiedoston.
-invalid_input_type=Tätä tyyppiä olevia tiedostoja ei voi lähettää.
-remove_file=Poista tiedosto
-file_too_big = Tiedoston koko ({{filesize}} Mt) ylittää enimmäisrajan ({{maxFilesize}} Mt).
 
 [notification]
-notifications=Ilmoitukset
-unread=Lukematon
-read=Luettu
-no_unread=Ei lukemattomia ilmoituksia.
-no_read=Ei luettuja ilmoituksia.
-pin=Kiinnitä ilmoitus
-mark_as_read=Merkitse luetuksi
-mark_as_unread=Merkitse lukemattomaksi
-mark_all_as_read=Merkitse kaikki luetuiksi
-watching = Tarkkaillaan
-no_subscriptions = Ei tilauksia
-subscriptions = Tilaukset
 
 [gpg]
-error.no_committer_account=Kommitin tekijän sähköpostiosoitteeseen ei ole linkitetty tiliä
-error.not_signed_commit=Kommitti ei ole allekirjoitettu
-error.extract_sign = Allekirjoituksen purkaminen epäonnistui
-default_key = Allekirjoitettu oletusavaimella
-error.failed_retrieval_gpg_keys = Ei saatu yhtäkään kommitin tekijän tiliin liitettyä avainta
-error.generate_hash = Kommitin tiivisteen luominen epäonnistui
-error.probable_bad_signature = VAROITUS! Vaikka tietokannassa on avain tällä ID-tunnistella, se ei vahvista tätä kommittia! Tämä kommitti on EPÄILYTTÄVÄ.
-error.probable_bad_default_signature = VAROITUS! Vaikka oletusavaimella on tämä ID-tunniste, se ei vahvista tätä kommittia! Tämä kommitti on EPÄILYTTÄVÄ.
-error.no_gpg_keys_found = Tälle allekirjoitukselle ei löytynyt tunnettua avainta tietokannasta
 
 [units]
 unit = Yksikkö
@@ -3264,65 +3239,18 @@ creation.name_placeholder = kirjoinkoolla ei merkitystä, vain aakkosnumeerisia
 creation.value_placeholder = Syötä mitä tahansa sisältöä. Tyhjätila alussa ja lopussa jätetään huomiotta.
 
 [actions]
-runners.name=Nimi
-runners.owner_type=Tyyppi
-runners.description=Kuvaus
-runners.task_list.run=Suorita
-runners.task_list.repository=Tietovarasto
-runners.task_list.commit=Kommitti
-
-runs.commit=Kommitti
-status.success = Onnistunut
-status.unknown = Tuntematon
-status.waiting = Odotustilassa
-status.running = Käynnissä
-status.blocked = Estetty
-status.failure = Epäonnistunut
-status.cancelled = Peruttu
-status.skipped = Ohitettu
-runners.none = Testinajajia ei saatavilla
-runners.status.unspecified = Tuntematon
-runners.update_runner = Päivitä muutokset
-runners.edit_runner = Muokkaa testinajajaa
-runners.update_runner_success = Testinajaja päivitetty onnistuneesti
-runners.delete_runner_success = Testinajaja poistettu onnistuneesti
-runners.reset_registration_token = Uudelleenaseta rekisteröintipoletti
-runs.scheduled = Ajastettu
-runs.status = Tila
 runs.empty_commit_message = (tyhjä kommittiviesti)
 variables.deletion = Poista muuttuja
-runners.new_notice = Testinajajan aloitusohjeet
 workflow.dispatch.input_required = Arvo syötteelle "%s" vaadittu.
-runners.status.active = Aktiivinen
 variables.description = Muuttujat asetetaan tietyille toiminnoille eikä niitä voida lukea muutoin.
-runners.labels = Nimilaput
-runners.delete_runner_failed = Testinajajan poisto epäonnistui
-runners.delete_runner_header = Varmista testinajajan poisto
-runners.task_list.status = Tila
-runners.reset_registration_token_success = Testiajajan rekisteröintipoletti asetettu uudelleen onnistuneesti
 variables.none = Ei muuttujia vielä.
-runners.id = Tunniste
-runners.status = Tila
-runners.task_list = Ajajan viimeisimmät tehtävät
-runners.task_list.no_tasks = Tehtäviä ei ole vielä määritelty.
-runners.last_online = Viimeisin käynnissäoloajankohta
-runners.runner_title = Testinajaja
-runners.task_list.done_at = Valmistunut ajankohtana
-runs.no_matching_online_runner_helper = Testiajajaa nimilapulla %s ei löytynyt
-runs.no_results = Ei tuloksia.
-runners.delete_runner = Poista testinajaja
 variables.deletion.description = Muuttujan poistaminen on lopullista, eikä sitä voi perua. Jatketaanko?
 workflow.dispatch.invalid_input_type = Syötetyyppi "%s" ei kelpaa.
 workflow.dispatch.warn_input_limit = Näytetään vain ensimmäiset %d syötettä.
-runners.runner_manage_panel = Hallinnoi testinajajia
 variables = Muuttujat
 variables.management = Hallitse muuttujia
 variables.creation = Lisää muuttuja
-runners.new = Luo uusi testinajaja
-runners.version = Versio
 runs.expire_log_message = Lokitiedostot on tyhjätty vanhenemisen vuoksi.
-runners.delete_runner_notice = Jos tehtävä on käynnissä tällä testinajajalla, se lopetetaan ja merkitään epäonnistuneeksi. Se voi rikkoa koonnin työnkulun.
-runners.update_runner_failed = Testinajajan päivitys epäonnistui
 variables.deletion.success = Muuttuja poistettu.
 variables.edit = Muokkaa muuttujaa
 variables.creation.success = Muuttuja "%s" lisätty.
@@ -3331,31 +3259,17 @@ variables.creation.failed = Muuttujan lisäys epäonnistui.
 variables.update.failed = Muuttujan muokkaus epäonnistui.
 variables.update.success = Muuttuja muokattu.
 variables.id_not_exist = Muuttujaa tunnisteella %d ei ole olemassa.
-runs.all_workflows = Kaikki työnkulut
 workflow.dispatch.run = Suorita työnkulku
 workflow.enable = Ota työnkulku käyttöön
-runs.no_workflows = Ei työnkulkuja vielä.
-runs.actors_no_select = Kaikki toimijat
-runs.workflow = Työnkulku
 workflow.enable_success = Työnkulku "%s" on otettu käyttöön.
 workflow.disabled = Työnkulku on poistettu käytöstä.
-runs.actor = Toimija
 workflow.disable = Poista työnkulku käytöstä
 workflow.disable_success = Työnkulku "%s" on poistettu käytöstä.
-runs.no_job = Työnkulun tulee sisältää vähintään yksi työ
-runs.invalid_workflow_helper = Työnkulun asetustiedosto on virheellinen. Tarkista asetustiedosto: %s
-runners = Ajajat
-actions = Actions
 unit.desc = Hallitse integroituja CI-/CD-putkia Forgejo Actionsia hyödyntäen.
-runs.pushed_by = työntänyt
 runs.no_workflows.help_no_write_access = Lisätietoja Forgejo Actionsista on saatavilla <a target="_blank" rel="noopener noreferrer" href="%s">dokumentaatiosta</a>.
-runners.status.idle = Jouten
-runners.status.offline = Ei-verkkotilassa
-runs.no_job_without_needs = Työnkulun tulee sisältää vähintään yksi työ ilman riippuvuuksia.
 runs.no_runs = Työnkululla ei ole vielä suorituksia.
 variables.not_found = Muuttujaa ei löytynyt.
 runs.no_workflows.help_write_access = Etkö tiedä, miten aloittaa Forgejo Actionsin käyttö? Lue <a target="_blank" rel="noopener noreferrer" href="%s">pikaopas</a> kirjoittaaksesi ensimmäisen työnkulun, sen jälkeen <a target="_blank" rel="noopener noreferrer" href="%s">määritä Forgejo-ajaja</a> suorittamaan asettamiasi töitä.
-runs.status_no_select = Kaikki tilat
 workflow.dispatch.success = Työnkulun suoritusta pyydettiin onnistuneesti.
 workflow.dispatch.trigger_found = Tällä työnkululla on <c>workflow_dispatch</c>-tapahtumaliipaisin.
 
diff --git a/options/locale/locale_fil.ini b/options/locale/locale_fil.ini
index 3b6acd30a9..09ffef443b 100644
--- a/options/locale/locale_fil.ini
+++ b/options/locale/locale_fil.ini
@@ -3342,91 +3342,31 @@ owner.settings.cleanuprules.keep.count.1 = 1 bersyon kada package
 owner.settings.cleanuprules.enabled = Naka-enable
 
 [actions]
-runners.last_online = Huling oras na online
-status.waiting = Hinihintay
-runners.task_list.run = Patakbuhin
-runners.description = Paglalarawan
-runners.owner_type = Uri
-runners.name = Pangalan
-status.success = Tagumpay
-runs.pushed_by = itinulak ni/ng
-runners.status = Katayuan
-status.failure = Nabigo
-actions = Mga Aksyon
-runs.no_job = Ang workflow ay dapat maglaman ng hindi bababa sa isang trabaho
-runners = Mga Runner
-runs.commit = Commit
 workflow.dispatch.trigger_found = Mayroong <c>workflow_dispatch</c> na trigger ang workflow na ito.
 unit.desc = Ipamahala ang mga pinag-sasamang CI/CD pipeline sa pamamagitan ng Forgejo Actions.
-runners.edit_runner = Baguhin ang Runner
-runners.update_runner = I-update ang mga pagbabago
 variables.update.failed = Nabigong baguhin ang variable.
 variables.update.success = Nabago na ang variable.
-runs.no_results = Walang mga tumugmang resulta.
-runners.delete_runner_success = Matagumpay na nabura ang runner
-runs.all_workflows = Lahat ng mga workflow
-runs.scheduled = Naka-iskedyul
-runs.workflow = Workflow
 variables.edit = Baguhin ang Variable
 workflow.enable = I-enable ang workflow
 workflow.disabled = Naka-disable ang workflow.
 need_approval_desc = Kailangan ng pag-apruba para tumakbo ng mga workflow para sa fork na hiling sa paghila.
 variables = Mga variable
-runners.status.active = Aktibo
-runners.version = Bersyon
-status.unknown = Hindi alam
-runs.invalid_workflow_helper = Hindi wasto ang workflow config file. Pakisuri ang iyong config file: %s
-runs.actors_no_select = Lahat ng mga actor
-runners.runner_title = Runner
-runners.task_list = Mga kamakailang trabaho sa runner na ito
-runners.task_list.no_tasks = Wala pang mga trabaho sa ngayon.
-runners.labels = Mga label
-runs.no_matching_online_runner_helper = Walang tumutugmang online runner na may label: %s
-runs.status = Status
-runs.no_workflows = Wala pang mga workflow sa ngayon.
 runs.no_runs = Wala pang mga pagtatakbo ang workflow na ito sa ngayon.
 variables.creation = Magdagdag ng variable
 variables.none = Wala pang mga variable sa ngayon.
 variables.deletion = Tanggalin ang variable
 variables.deletion.description = Permanente ang pagtanggal ng isang variable at hindi ito mababalik. Magpatuloy?
-status.running = Tumatakbo
-runners.new_notice = Paano magsimula ng runner
-runners.update_runner_success = Matagumpay na na-update ang runner
-runners.delete_runner_notice = Kapag may trabaho na tumatakbo sa runner na ito, titigilan ito at mamarkahan bilang nabigo. Maaaring sirain ang building workflow.
-runners.none = Walang mga available na runner
-runs.status_no_select = Lahat ng status
 runs.empty_commit_message = (walang laman na mensahe ng commit)
 workflow.enable_success = Matagumpay na na-enable ang workflow na "%s".
 workflow.dispatch.run = Patakbuhin ang workflow
 workflow.dispatch.success = Matagumpay na nahiling ang pagtakbo ng workflow.
 variables.management = Ipamahala ang mga variable
 variables.deletion.failed = Nabigong tanggalin ang variable.
-runners.status.unspecified = Hindi alam
-runs.no_job_without_needs = Ang workflow ay dapat maglaman ng hindi bababa sa isang trabaho na walang dependencies.
 workflow.disable = I-disable ang workflow
 workflow.disable_success = Matagumpay na na-disable ang workflow na "%s".
-runners.task_list.repository = Repositoryo
-status.skipped = Nilaktawan
-runners.runner_manage_panel = Ipamahala ang mga runner
-runners.new = Gumawa ng bagong runner
 variables.creation.failed = Nabigong idagdag ang variable.
-runners.id = ID
-runs.actor = Actor
-runners.update_runner_failed = Nabigong i-update ang runner
-runners.delete_runner = Burahin ang runner na ito
-runners.delete_runner_failed = Nabigong burahin ang runner
-runners.delete_runner_header = Kumpirmahin na burahin ang runner
-status.blocked = Naharang
-status.cancelled = Kinansela
-runners.task_list.status = Status
-runners.status.idle = Idle
 workflow.dispatch.use_from = Gamitin ang workflow mula sa
-runners.reset_registration_token = I-reset ang token ng pagrehistro
-runners.status.offline = Offline
 workflow.dispatch.invalid_input_type = Hindi wastong input type "%s".
-runners.task_list.commit = Commit
-runners.task_list.done_at = Natapos sa
-runners.reset_registration_token_success = Matagumpay na na-reset ang token ng pagrehistro ng runner
 workflow.dispatch.input_required = Kumailangan ng value para sa input na "%s".
 workflow.dispatch.warn_input_limit = Pinapakita lamang ang unang %d na mga input.
 variables.description = Ipapasa ang mga variable sa ilang mga aksyon at hindi mababasa kung hindi man.
@@ -3492,38 +3432,10 @@ raw_seconds = segundo
 raw_minutes = minuto
 
 [munits.data]
-mib = MiB
-gib = GiB
-b = B
-kib = KiB
-tib = TiB
-pib = PiB
-eib = EiB
 
 [gpg]
-error.not_signed_commit = Hindi isang naka-sign na commit
-error.probable_bad_signature = BABALA! Bagaman na may key na may ID na ito sa database hindi nito pinapatunayan ang commit na ito! Ang commit na ito ay KAHINA-HINALA.
-error.extract_sign = Nabigong i-extract ang signature
-error.no_committer_account = Walang account na naka-link sa email address ng committer
-error.no_gpg_keys_found = Walang kilalang key na nahanap para sa signature na ito sa database
-default_key = Naka-sign gamit ang default key
-error.generate_hash = Nabigong i-generate ang hash ng commit
-error.failed_retrieval_gpg_keys = Nabigong kumuha ng anumang key na naka-attach sa account ng committer
-error.probable_bad_default_signature = BABALA! Bagaman na ang default key ay may ID na ito hindi nito pinapatunayan ang commit na ito! Ang commit na ito ay KAHINA-HINALA.
 
 [notification]
-unread = Hindi nabasa
-read = Nabasa
-no_unread = Walang mga hindi nabasang notification.
-notifications = Mga abiso
-no_read = Walang mga nabasang notification.
-pin = I-pin ang notification
-mark_as_read = Markahan bilang nabasa
-mark_as_unread = Markahan bilang hindi nabasa
-subscriptions = Mga subscription
-watching = Pinapanood
-no_subscriptions = Walang mga subscription
-mark_all_as_read = Markahan lahat bilang nabasa
 
 [units]
 error.no_unit_allowed_repo = Hindi ka pinapayagang ma-access ang anumang seksyon ng repositoryong ito.
@@ -3531,10 +3443,6 @@ unit = Yunit
 error.unit_not_allowed = Hindi ka pinapayagang ma-access ang seksyon ng repositoryong ito.
 
 [dropzone]
-default_message = I-drop ang mga file o mag-click dito para mag-upload.
-invalid_input_type = Hindi ka maaaring mag-upload ng mga file sa uri na ito.
-file_too_big = Ang laki ng file ({{filesize}}) MB) ay lumalagpas sa pinakamataas na size na ({{maxFilesize}} MB).
-remove_file = Tanggalin ang file
 
 [secrets]
 creation.success = Naidagdag na ang lihim na "%s".
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 0dfafc2fb4..ab5f380e78 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -3494,35 +3494,10 @@ raw_seconds=secondes
 raw_minutes=minutes
 
 [dropzone]
-default_message=Déposez les fichiers ou cliquez ici pour téléverser.
-invalid_input_type=Vous ne pouvez pas téléverser des fichiers de ce type.
-file_too_big=La taille du fichier ({{filesize}} Mo) dépasse la taille maximale ({{maxFilesize}} Mo).
-remove_file=Supprimer le fichier
 
 [notification]
-notifications=Notifications
-unread=Non lue(s)
-read=Lue(s)
-no_unread=Aucune notification non lue.
-no_read=Aucune notification lue.
-pin=Épingler la notification
-mark_as_read=Marquer comme lu
-mark_as_unread=Marquer comme non lue
-mark_all_as_read=Tout marquer comme lu
-subscriptions=Abonnements
-watching=Suivi
-no_subscriptions=Pas d'abonnements
 
 [gpg]
-default_key=Signé avec la clé par défaut
-error.extract_sign=Impossible d'extraire la signature
-error.generate_hash=Impossible de générer la chaine de hachage de la révision
-error.no_committer_account=Aucun compte lié à l'adresse e-mail de l'auteur
-error.no_gpg_keys_found=Aucune clé n'a été trouvée pour cette signature dans la base de données
-error.not_signed_commit=Révision non signée
-error.failed_retrieval_gpg_keys=Impossible de récupérer la clé liée au compte de l'auteur
-error.probable_bad_signature=AVERTISSEMENT ! Bien qu'il y ait une clé avec cet ID dans la base de données, il ne vérifie pas ce commit ! Ce commit est SUSPECT.
-error.probable_bad_default_signature=AVERTISSEMENT ! Bien que la clé par défaut ait cet ID, elle ne vérifie pas ce commit ! Ce commit est SUSPECT.
 
 [units]
 unit=Unité
@@ -3552,68 +3527,8 @@ deletion.failed=Impossible de supprimer le secret.
 management=Gestion des secrets
 
 [actions]
-actions=Actions
-
 unit.desc=Gérer l'intégration continue avec Forgejo Actions.
 
-status.unknown=Inconnu
-status.waiting=En attente
-status.running=En cours d'exécution
-status.success=Succès
-status.failure=Échec
-status.cancelled=Annulé
-status.skipped=Ignoré
-status.blocked=Bloqué
-
-runners=Exécuteurs
-runners.runner_manage_panel=Gestion des exécuteurs
-runners.new=Créer un nouvel exécuteur
-runners.new_notice=Comment démarrer un exécuteur
-runners.status=Statut
-runners.id=ID
-runners.name=Nom
-runners.owner_type=Type
-runners.description=Description
-runners.labels=Labels
-runners.last_online=Dernière fois en ligne
-runners.runner_title=Exécuteur
-runners.task_list=Tâches récentes sur cet exécuteur
-runners.task_list.no_tasks=Il n'y a pas de tâche ici.
-runners.task_list.run=Exécuter
-runners.task_list.status=Statut
-runners.task_list.repository=Dépôt
-runners.task_list.commit=Révision
-runners.task_list.done_at=Fait à
-runners.edit_runner=Éditer l'Exécuteur
-runners.update_runner=Appliquer les modifications
-runners.update_runner_success=Exécuteur mis à jour avec succès
-runners.update_runner_failed=Impossible d'actualiser l'Exécuteur
-runners.delete_runner=Supprimer cet exécuteur
-runners.delete_runner_success=Exécuteur supprimé avec succès
-runners.delete_runner_failed=Impossible de supprimer l'Exécuteur
-runners.delete_runner_header=Confirmer la suppression de cet exécuteur
-runners.delete_runner_notice=Si une tâche est en cours sur cet exécuteur, elle sera terminée et marquée comme échouée. Cela risque d’interrompre le flux de travail.
-runners.none=Aucun exécuteur disponible
-runners.status.unspecified=Inconnu
-runners.status.idle=Inactif
-runners.status.active=Actif
-runners.status.offline=Hors-ligne
-runners.version=Version
-runners.reset_registration_token=Réinitialiser le jeton d'enregistrement
-runners.reset_registration_token_success=Le jeton d’inscription de l’exécuteur a été réinitialisé avec succès
-
-runs.all_workflows=Tous les workflows
-runs.commit=Révision
-runs.scheduled=Planifié
-runs.pushed_by=soumis par
-runs.invalid_workflow_helper=La configuration du flux de travail est invalide. Veuillez vérifier votre fichier %s
-runs.no_matching_online_runner_helper=Aucun exécuteur en ligne correspondant au libellé %s
-runs.actor=Acteur
-runs.status=Statut
-runs.actors_no_select=Tous les acteurs
-runs.status_no_select=Touts les statuts
-runs.no_results=Aucun résultat correspondant.
-runs.no_workflows=Il n'y a pas encore de workflows.
 runs.no_runs=Le flux de travail n'a pas encore d'exécution.
 runs.empty_commit_message=(message de révision vide)
 
@@ -3640,10 +3555,7 @@ variables.creation.failed=Impossible d'ajouter la variable.
 variables.creation.success=La variable « %s » a été ajoutée.
 variables.update.failed=Impossible d’éditer la variable.
 variables.update.success=La variable a bien été modifiée.
-runs.workflow = Workflow
-runs.no_job_without_needs = Le workflow doit contenir au moins une tâche sans dépendances.
 workflow.dispatch.use_from = Utiliser un workflow depuis
-runs.no_job = Le workflow doit au moins contenir une tâche
 workflow.dispatch.trigger_found = Ce workflow a un déclencheur d'événement <c>workflow_dispatch</c>.
 workflow.dispatch.run = Exécuter le workflow
 workflow.dispatch.success = L'exécution du workflow a bien été demandée.
@@ -3700,13 +3612,6 @@ regexp = RegExp
 
 
 [munits.data]
-b = o
-mib = Mio
-kib = Kio
-gib = Gio
-tib = Tio
-pib = Pio
-eib = Eio
 
 [markup]
 filepreview.line = Ligne %[1]d dans %[2]s
diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini
index 33311205b9..27e61dd0ac 100644
--- a/options/locale/locale_ga-IE.ini
+++ b/options/locale/locale_ga-IE.ini
@@ -2730,30 +2730,10 @@ raw_seconds = soicind
 raw_minutes = nóiméad
 
 [dropzone]
-default_message = Scaoil comhaid nó cliceáil anseo chun iad a uaslódáil.
-invalid_input_type = Ní féidir leat comhaid den chineál seo a uaslódáil.
-file_too_big = Sáraíonn méid comhaid ({{filesize}} MB) an t-uasmhéid de ({{maxFilesize}} MB).
-remove_file = Bain an comhad
 
 [notification]
-notifications = Fógraí
-unread = Gan léamh
-read = Léigh
-no_unread = Gan aon fhógraí neamh-léite.
-no_read = Gan aon fhógraí léite.
-pin = Fógra bioráin
-mark_as_read = Marcáil mar léite
-mark_as_unread = Marcáil mar neamh-léite
-mark_all_as_read = Marcáil gach ceann mar léite
-subscriptions = Síntiúis
-watching = Ag féachaint
-no_subscriptions = Gan síntiúis
 
 [gpg]
-default_key = Sínithe leis an eochair réamhshocraithe
-error.extract_sign = Theip ar an síniú a bhaint
-error.generate_hash = Theip ar hash gealltanas a ghiniúint
-error.no_committer_account = Níl aon chuntas nasctha le seoladh ríomhphoist an tiomnóra
 
 [units]
 unit = Aonad
@@ -2782,56 +2762,6 @@ deletion.success = Tá an rún bainte.
 deletion.failed = Theip ar rún a bhaint.
 
 [actions]
-actions = Gníomhartha
-runners = Reathaitheoirí
-runners.new = Cruthaigh reathaí nua
-runners.new_notice = Conas reathaí a thosú
-runners.status = Stádas
-runners.id = ID
-runners.name = Ainm
-runners.owner_type = Cineál
-runners.description = Cur síos
-runners.labels = Lipéid
-runners.last_online = Am Ar Líne Deiridh
-runners.runner_title = Reathaí
-runners.task_list = Tascanna le déanaí ar an reathaí seo
-runners.task_list.no_tasks = Níl aon tasc ann fós.
-runners.task_list.run = Rith
-runners.task_list.status = Stádas
-runners.task_list.repository = Stóras
-runners.task_list.commit = Tiomantas
-runners.task_list.done_at = Déanta ag
-runners.edit_runner = Cuir Reathaí in Eagar
-runners.update_runner = Nuashonrú Athruithe
-runners.update_runner_success = Nuashonraíodh an Reathaí
-runners.update_runner_failed = Theip ar an reathaí a nuashonrú
-runners.delete_runner = Scrios an reathaí seo
-runners.delete_runner_success = Scriosadh an reathaí go rathúil
-runners.delete_runner_failed = Theip ar an reathaí a scriosadh
-runners.delete_runner_header = Deimhnigh an reathaí seo a scriosadh
-runners.delete_runner_notice = Má tá tasc ar siúl ar an reathaí seo, cuirfear deireadh leis agus marcáil mar theip. Féadfaidh sé sreabhadh oibre tógála a bhriseadh.
-runners.none = Níl aon reathaí ar fáil
-runners.status.unspecified = Anaithnid
-runners.status.idle = Díomhaoin
-runners.status.active = Gníomhach
-runners.status.offline = As líne
-runners.version = Leagan
-runners.reset_registration_token = Athshocraigh comhartha clár
-runners.reset_registration_token_success = D'éirigh le hathshocrú comhartha clárúcháin an dara háit
-runs.all_workflows = Gach Sreafaí Oibre
-runs.commit = Tiomantas
-runs.scheduled = Sceidealaithe
-runs.pushed_by = bhrú ag
-runs.invalid_workflow_helper = Tá comhad cumraíochta sreabhadh oibre nebhailí. Seiceáil do chomhad cumraithe le do thoil: %s
-runs.no_matching_online_runner_helper = Gan aon reathaí ar líne a mheaitseáil le lipéad: %s
-runs.no_job_without_needs = Caithfidh post amháin ar a laghad a bheith sa sreabhadh oibre gan spleáchas.
-runs.no_job = Caithfidh post amháin ar a laghad a bheith sa sreabhadh oibre
-runs.actor = Aisteoir
-runs.status = Stádas
-runs.actors_no_select = Gach aisteoir
-runs.status_no_select = Gach stádas
-runs.no_results = Níor mheaitseáil aon torthaí.
-runs.no_workflows = Níl aon sreafaí oibre ann fós.
 runs.no_runs = Níl aon rith ag an sreabhadh oibre fós.
 runs.empty_commit_message = (teachtaireacht tiomantas folamh)
 runs.expire_log_message = Glanadh logaí toisc go raibh siad ró-sean.
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index 442e41ef8c..6810f20c1e 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -1635,25 +1635,10 @@ raw_seconds=másodperc
 raw_minutes=perc
 
 [dropzone]
-file_too_big=A fájl mérete ({{filesize}} MB) meghaladja a maximális méretet ({{maxFilesize}} MB).
-remove_file=Fájl eltávolítása
 
 [notification]
-notifications=Értesítések
-unread=Olvasatlan
-read=Olvasott
-no_unread=Nincsenek olvasatlan értesítések.
-no_read=Nincsenek olvasott értesítések.
-pin=Értesítés kitűzése
-mark_as_read=Megjelölés olvasottként
-mark_as_unread=Megjelölés olvasatlanként
-mark_all_as_read=Összes üzenet megjelölése olvasottként
 
 [gpg]
-error.extract_sign=Nem sikerült kinyerni az aláírást
-error.generate_hash=Nem sikerült létrehozni a commitot azonosító hash-t
-error.no_gpg_keys_found=Nem található kulcs ehhez az aláíráshoz az adatbázisban
-error.not_signed_commit=Nem aláírt commit
 
 [units]
 
@@ -1664,18 +1649,6 @@ owner.settings.cleanuprules.enabled=Engedélyezett
 [secrets]
 
 [actions]
-runners.name=Név
-runners.owner_type=Típus
-runners.description=Leírás
-runners.task_list.run=Futtatás
-runners.task_list.repository=Tároló
-runners.task_list.commit=Commit
-runners.status.active=Aktív
-
-runs.commit=Commit
-
-
-
 
 [projects]
 
diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini
index f3ccbc0e8b..18ec4df928 100644
--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@@ -1326,25 +1326,10 @@ raw_seconds=detik
 raw_minutes=menit
 
 [dropzone]
-default_message=Jatuhkan berkas disini atau klik untuk mengunggah.
-invalid_input_type=Anda tidak bisa mengunggah berkas jenis ini.
-file_too_big=Ukuran berkas ({{filesize}} MB) melebihi ukuran maksimum ({{maxFilesize}} MB).
-remove_file=Hilangkan berkas
 
 [notification]
-notifications=Notifikasi
-unread=Belum dibaca
-read=Dibaca
-pin=Pemberitahuan Pin
-mark_as_read=Tandai sebagai membaca
-mark_as_unread=Tandai sebagai belum dibaca
-mark_all_as_read=Tandai semua sudah dibaca
 
 [gpg]
-error.extract_sign=Gagal untuk mengambil tanda tangan
-error.generate_hash=Gagal untuk menghasilkan hash komit
-error.no_gpg_keys_found=Tidak diketahui kunci yang ditemukan di database signature
-error.not_signed_commit=Bukan melakukan yang ditandatangani
 
 [units]
 error.no_unit_allowed_repo=Anda tidak diijinkan untuk melihat semua unit dari repositori ini.
@@ -1357,25 +1342,6 @@ owner.settings.cleanuprules.enabled=Aktif
 [secrets]
 
 [actions]
-runners.name=Nama
-runners.owner_type=Jenis
-runners.description=Deskripsi
-runners.task_list.run=Lari
-runners.task_list.repository=Repositori
-runners.task_list.commit=Memperbuat
-
-runs.commit=Memperbuat
-
-
-
-
-runs.no_matching_online_runner_helper = Tidak ada runner online yang cocok dengan label: %s
-runs.actor = Aktor
-runs.status = Status
-runs.actors_no_select = Semua aktor
-runs.status_no_select = Semua status
-runs.no_results = Tidak ada hasil yang cocok.
-runs.no_workflows = Belum ada alur kerja.
 runs.no_runs = Alur kerja belum berjalan.
 runs.empty_commit_message = (pesan commit kosong)
 workflow.disable = Nonaktifkan Alur Kerja
diff --git a/options/locale/locale_is-IS.ini b/options/locale/locale_is-IS.ini
index 24c8be3685..41d35e2738 100644
--- a/options/locale/locale_is-IS.ini
+++ b/options/locale/locale_is-IS.ini
@@ -1272,9 +1272,6 @@ raw_minutes=mínútur
 [dropzone]
 
 [notification]
-notifications=Tilkynningar
-unread=Ólesnar
-read=Lesnar
 
 [gpg]
 
@@ -1286,21 +1283,6 @@ conan.details.repository=Hugbúnaðarsafn
 [secrets]
 
 [actions]
-runners.id=Auðkenni
-runners.name=Heiti
-runners.owner_type=Tegund
-runners.description=Lýsing
-runners.labels=Lýsingar
-runners.task_list.run=Keyra
-runners.task_list.repository=Hugbúnaðarsafn
-runners.task_list.commit=Framlag
-runners.status.active=Virkt
-runners.version=Útgáfa
-
-runs.commit=Framlag
-
-
-
 
 [projects]
 
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index 8a20246fe0..e17c1e91dd 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -3497,35 +3497,10 @@ raw_seconds=secondi
 raw_minutes=minuti
 
 [dropzone]
-default_message=Trascina i file o clicca qui per caricare.
-invalid_input_type=Non è possibile caricare file di questo tipo.
-file_too_big=La dimensione del file ({{filesize}} MB) supera la dimensione massima ({{maxFilesize}} MB).
-remove_file=Rimuovi file
 
 [notification]
-notifications=Notifiche
-unread=Non lette
-read=Lette
-no_unread=Nessuna notifica da leggere.
-no_read=Nessuna notifica letta.
-pin=Appunta notifica
-mark_as_read=Segna come letto
-mark_as_unread=Segna come non letto
-mark_all_as_read=Segna tutti come letti
-subscriptions = Sottoscrizioni
-watching = Osservando
-no_subscriptions = Nessuna iscrizione
 
 [gpg]
-default_key=Firmato con la chiave predefinita
-error.extract_sign=Impossibile ricavare la firma
-error.generate_hash=Impossibile generare hash del commit
-error.no_committer_account=Nessun account collegato all'indirizzo email del committer
-error.no_gpg_keys_found=Non sono state trovate chiavi note per questa firma nel database
-error.not_signed_commit=Commit non firmato
-error.failed_retrieval_gpg_keys=Impossibile recuperare le chiavi associate al profilo dell'autore del commit
-error.probable_bad_signature=ATTENZIONE! Anche se esiste una chiave con questo ID nel database, essa non verifica questo commit! Questo commit è SOSPETTO.
-error.probable_bad_default_signature=ATTENZIONE! Anche se la chiave predefinita ha questo ID essa non verifica questo commit! Questo commit è SOSPETTO.
 
 [units]
 unit=Unità
@@ -3555,66 +3530,9 @@ creation.success = Il segreto "%s" è stato aggiungo.
 deletion.success = Il segreto è stato rimosso.
 
 [actions]
-runners.id=ID
-runners.name=Nome
-runners.owner_type=Tipo
-runners.description=Descrizione
-runners.labels=Etichette
-runners.task_list.run=Esegui
-runners.task_list.repository=Repository
-runners.task_list.commit=Commit
-runners.status.active=Attivo
-runners.version=Versione
-
-runs.commit=Commit
-status.unknown = Sconosciuto
-status.waiting = In attesa
-status.success = Successo
-runners.task_list.status = Stato
 variables = Variabili
-runs.workflow = Workflow
-runs.actor = Attore
-runs.status = Stato
-runners.status.idle = Inattivo
-status.cancelled = Annullato
-status.skipped = Saltato
-status.blocked = Bloccato
-runners = Esecutori
-runners.status.unspecified = Sconosciuto
-runners.status.offline = Offline
-runs.scheduled = Pianificato
 unit.desc = Gestisci azioni
-runners.runner_manage_panel = Gestisci esecutori
-actions = Azioni
-status.running = In corso
-status.failure = Errore
-runners.status = Stato
-runners.runner_title = Esecutore
-runners.delete_runner_success = Esecutore eliminato correttamente
-runs.no_results = Nessun risultato trovato.
 workflow.enable = Abilita flusso di lavoro
-runs.no_workflows = Non ci sono ancora flussi di lavoro.
-runs.status_no_select = Tutti gli stati
-runs.actors_no_select = Tutti gli agenti
-runs.no_matching_online_runner_helper = Nessun esecutore online corrispondente con etichetta: %s
-runs.invalid_workflow_helper = Il file di configurazione del flusso di lavoro è invalido. Controlla il tuo file di configurazione: %s
-runs.pushed_by = immesso da
-runs.all_workflows = Tutti i flussi di lavoro
-runners.reset_registration_token_success = Reimpostazione del token di registrazione dell'esecutore fallita
-runners.reset_registration_token = Reimposta token di registrazione
-runners.none = Nessun esecutore disponibile
-runners.delete_runner_header = Conferma l'eliminazione di questo esecutore
-runners.delete_runner_failed = Impossibile eliminare l'esecutore
-runners.delete_runner = Elimina questo esecutore
-runners.update_runner_failed = Impossibile aggiornare l'esecutore
-runners.update_runner_success = Esecutore aggiornato correttamente
-runners.update_runner = Aggiorna cambiamenti
-runners.edit_runner = Modifica esecutore
-runners.task_list.done_at = Eseguito
-runners.task_list.no_tasks = Non c'è ancora nessuna attività.
-runners.last_online = Ultima volta online
-runners.new_notice = Come avviare un esecutore
-runners.new = Crea un nuovo esecutore
 variables.update.success = La variabile è stata modificata.
 variables.update.failed = Impossibile modificare la variabile.
 variables.creation.failed = Errore nell'aggiunta della variabile.
@@ -3636,16 +3554,12 @@ runs.no_runs = Il flusso di lavoro non è stato ancora eseguito.
 variables.creation.success = La variabile "%s" è stata aggiunta.
 variables.description = Le variabili saranno passate a determinate azioni e non possono essere lette altrimenti.
 need_approval_desc = È necessaria l'approvazione per eseguire flussi di lavoro per richieste di modifica da biforcazioni.
-runners.delete_runner_notice = Se un'attività è in esecuzione su questo esecutore sarà terminata ed etichettata fallito. Potrebbe rompere flussi di lavoro di costruzione.
-runners.task_list = Attività recenti su questo esecutore
-runs.no_job_without_needs = Il flusso di lavoro deve contenere almeno un incarico senza dipendenze.
 workflow.dispatch.trigger_found = Questo flusso di lavoro ha un rilevatore di eventi <c>workflow_dispatch</c>.
 workflow.dispatch.run = Esegui flusso di lavoro
 workflow.dispatch.success = L'esecuzione del flusso di lavoro è stata richiesta con successo.
 workflow.dispatch.input_required = Richiedi valore per l'ingresso "%s".
 workflow.dispatch.invalid_input_type = Tipo ingresso "%s" non valido.
 workflow.dispatch.warn_input_limit = Visualizzati solo i primi %d ingressi.
-runs.no_job = Il flusso di lavoro deve contenere almeno un incarico
 workflow.dispatch.use_from = Usa flusso di lavoro da
 variables.not_found = Non è stato possibile trovare la variabile.
 runs.expire_log_message = I log sono stati eliminati in quanto troppo vecchi.
@@ -3699,13 +3613,6 @@ union_tooltip = Include i risultati che combaciano con una qualsiasi delle parol
 union = Parole chiavi
 
 [munits.data]
-gib = GiB
-tib = TiB
-pib = PiB
-kib = KiB
-mib = MiB
-eib = EiB
-b = B
 
 [markup]
 filepreview.lines = Linee da %[1]d a %[2]d in %[3]s
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 7c66d45726..89da29c8a4 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -3461,35 +3461,10 @@ raw_seconds=秒
 raw_minutes=分
 
 [dropzone]
-default_message=ここにファイルをドロップまたはクリックしてアップロードします。
-invalid_input_type=この種類のファイルはアップロードできません。
-file_too_big=アップロードされたファイルのサイズ ({{filesize}} MB) が最大サイズ ({{maxFilesize}} MB) を超えています。
-remove_file=ファイル削除
 
 [notification]
-notifications=通知
-unread=未読
-read=既読
-no_unread=未読の通知はありません。
-no_read=既読の通知はありません。
-pin=通知をピン留め
-mark_as_read=既読にする
-mark_as_unread=未読にする
-mark_all_as_read=すべて既読にする
-subscriptions=購読
-watching=ウォッチ中
-no_subscriptions=購読しているものはありません
 
 [gpg]
-default_key=デフォルト鍵で署名
-error.extract_sign=署名の抽出に失敗しました
-error.generate_hash=コミットのハッシュ生成に失敗しました
-error.no_committer_account=コミッターのメールアドレスに対応するアカウントが存在しません
-error.no_gpg_keys_found=この署名に対応する既知のキーがデータベースに存在しません
-error.not_signed_commit=署名されたコミットではありません
-error.failed_retrieval_gpg_keys=コミッターのアカウントに登録されたキーを取得できませんでした
-error.probable_bad_signature=警告! このIDの鍵はデータベースに登録されていますが、その鍵でコミットの検証が通りません! これは疑わしいコミットです。
-error.probable_bad_default_signature=警告! これはデフォルト鍵のIDですが、デフォルト鍵ではコミットの検証が通りません! これは疑わしいコミットです。
 
 [units]
 unit=ユニット
@@ -3519,68 +3494,8 @@ deletion.failed=シークレットの削除に失敗しました。
 management=シークレット管理
 
 [actions]
-actions=Actions
-
 unit.desc=Actionsの管理
 
-status.unknown=不明
-status.waiting=待機中
-status.running=実行中
-status.success=成功
-status.failure=失敗
-status.cancelled=キャンセル
-status.skipped=スキップ
-status.blocked=ブロックされた
-
-runners=ランナー
-runners.runner_manage_panel=ランナーの管理
-runners.new=新しいランナーを作成
-runners.new_notice=ランナーの開始方法
-runners.status=ステータス
-runners.id=ID
-runners.name=名称
-runners.owner_type=タイプ
-runners.description=説明
-runners.labels=ラベル
-runners.last_online=最終オンライン時刻
-runners.runner_title=ランナー
-runners.task_list=このランナーの最近のタスク
-runners.task_list.no_tasks=タスクはまだありません。
-runners.task_list.run=実行
-runners.task_list.status=ステータス
-runners.task_list.repository=リポジトリ
-runners.task_list.commit=コミット
-runners.task_list.done_at=終了時刻
-runners.edit_runner=ランナーの編集
-runners.update_runner=変更を保存
-runners.update_runner_success=ランナーを更新しました
-runners.update_runner_failed=ランナーの更新に失敗しました
-runners.delete_runner=このランナーを削除
-runners.delete_runner_success=ランナーを削除しました
-runners.delete_runner_failed=ランナーの削除に失敗しました
-runners.delete_runner_header=ランナー削除の確認
-runners.delete_runner_notice=このランナーでタスクが実行されている場合、タスクは停止され失敗扱いとなります。 それによりビルドワークフローが途中で終了することになるかもしれません。
-runners.none=利用可能なランナーはありません
-runners.status.unspecified=不明
-runners.status.idle=アイドル
-runners.status.active=稼働中
-runners.status.offline=オフライン
-runners.version=バージョン
-runners.reset_registration_token=登録トークンをリセット
-runners.reset_registration_token_success=ランナー登録トークンをリセットしました
-
-runs.all_workflows=すべてのワークフロー
-runs.commit=コミット
-runs.scheduled=スケジュール済み
-runs.pushed_by=pushed by
-runs.invalid_workflow_helper=ワークフロー設定ファイルは無効です。あなたの設定ファイルを確認してください: %s
-runs.no_matching_online_runner_helper=ラベルに一致するオンラインのランナーが見つかりません: %s
-runs.actor=アクター
-runs.status=ステータス
-runs.actors_no_select=すべてのアクター
-runs.status_no_select=すべてのステータス
-runs.no_results=一致する結果はありません。
-runs.no_workflows=ワークフローはまだありません。
 runs.no_runs=ワークフローはまだ実行されていません。
 runs.empty_commit_message=(空のコミットメッセージ)
 
@@ -3607,8 +3522,6 @@ variables.creation.success=変数 "%s" を追加しました。
 variables.update.failed=変数を更新できませんでした。
 variables.update.success=変数を更新しました。
 variables.id_not_exist = idが%dの変数は存在しません。
-runs.workflow = ワークフロー
-runs.no_job_without_needs = ワークフローには、依存関係のないジョブが少なくとも 1 つ含まれている必要があります。
 workflow.dispatch.run = ワークフローを実行
 workflow.dispatch.success = ワークフローの実行が正常にリクエストされました。
 workflow.dispatch.trigger_found = このワークフローには <c>workflow_dispatch</c> イベントトリガーがあります。
@@ -3616,8 +3529,6 @@ workflow.dispatch.use_from = ワークフローを使用する
 workflow.dispatch.input_required = 入力 "%s" に値が必要です。
 workflow.dispatch.invalid_input_type = 入力タイプ「%s」が無効です。
 workflow.dispatch.warn_input_limit = 最初の %d 個の入力のみを表示します。
-runs.no_job = ワークフローには少なくとも1つのジョブが含まれている必要があります
-
 runs.expire_log_message = ログは古すぎるため消去されています。
 variables.not_found = 変数が見つかりませんでした。
 runs.no_workflows.help_no_write_access = Forgejoアクションの詳細については、<a target="_blank" rel="noopener noreferrer" href="%s">ドキュメント</a>を参照してください。
@@ -3669,13 +3580,6 @@ union = フレーズ一致
 
 
 [munits.data]
-pib = PiB
-tib = TiB
-eib = EiB
-kib = KiB
-mib = MiB
-gib = GiB
-b = B
 
 [markup]
 filepreview.lines = %[3]s の %[1]d 行目から %[2]d 行目
diff --git a/options/locale/locale_ka.ini b/options/locale/locale_ka.ini
index d3be81a718..8e47c125b8 100644
--- a/options/locale/locale_ka.ini
+++ b/options/locale/locale_ka.ini
@@ -729,20 +729,8 @@ raw_minutes = წუთი
 future = მომავალში
 
 [munits.data]
-b = ბ
-kib = კიბ
-mib = მიბ
-gib = გიბ
-tib = ტიბ
-pib = პიბ
-eib = ეიბ
 
 [notification]
-notifications = გაფრთხილებები
-read = წაკითხვა
-subscriptions = გამოწერები
-watching = უყურებთ
-unread = წაკითხულობის გაუქმება
 
 [units]
 unit = ერთეული
@@ -755,38 +743,7 @@ owner.settings.cleanuprules.enabled = ჩართულია
 secrets = საიდუმლოები
 
 [actions]
-actions = ქმედებები
-status.unknown = უცნობი
-status.waiting = ველოდები
-status.running = მიმდინარეობს შესრულება
-status.success = წარმატება
-status.failure = ჩავარდნა
-status.cancelled = გაუქმებულია
-status.skipped = გამოტოვებულია
-status.blocked = დაბლოკილია
-runners = გამსვებები
-runners.status = სტატუსი
-runners.id = ID
-runners.owner_type = ტიპი
-runners.description = აღწერა
-runners.labels = ჭდეები
-runners.runner_title = გამშვები
-runners.task_list.run = გაშვება
-runners.task_list.status = სტატუსი
-runners.task_list.repository = რეპოზიტორია
-runners.task_list.commit = კომიტი
-runners.status.unspecified = უცნობი
-runners.status.idle = უქმე
-runners.status.active = აქტიურია
-runners.status.offline = ქსელგარეშე
-runners.version = ვერსია
-runs.commit = კომიტი
-runs.scheduled = დაგეგმილია
-runs.workflow = შრომის პროცესი
-runs.actor = ავტორი
-runs.status = სტატუსი
 variables = ცვლადები
-runners.name = სახელი
 
 [git.filemode]
 directory = საქაღალდე
diff --git a/options/locale/locale_kab.ini b/options/locale/locale_kab.ini
index ddb7d0492c..605a69e2dc 100644
--- a/options/locale/locale_kab.ini
+++ b/options/locale/locale_kab.ini
@@ -659,9 +659,6 @@ quota.sizes.git.all = Agbur deg Git
 [packages]
 
 [actions]
-runners.description = Aglam
-runners.name = Isem
-runners.task_list.repository = Akufi
 
 [projects]
 type-2.display_name = Asenfar n ukufi
@@ -680,7 +677,6 @@ years = %d n iseggasen
 1d = 1 n wass
 
 [dropzone]
-remove_file = Kkes afaylu
 
 [filter]
 string.asc = A - Z
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index 631ba20b83..a57a116020 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -384,7 +384,7 @@ allow_password_change=사용자에게 비밀번호 변경을 요청 (권장됨)
 reset_password_mail_sent_prompt=확인 메일이 <b>%s</b>로 전송되었습니다. 받은 편지함으로 도착한 메일을 %s 안에 확인해서 비밀번호 찾기 절차를 완료하십시오.
 active_your_account=계정 활성화
 account_activated=계정이 활성화 되었습니다
-prohibit_login =
+prohibit_login = 
 resent_limit_prompt=활성화를 위한 이메일을 이미 전송했습니다. 3분 내로 이메일을 받지 못한 경우 재시도해주세요.
 has_unconfirmed_mail=안녕하세요 %s, 이메일 주소(<b>%s</b>)가 확인되지 않았습니다. 확인 메일을 받으시지 못하겼거나 새로운 확인 메일이 필요하다면, 아래 버튼을 클릭해 재발송하실 수 있습니다.
 resend_mail=여기를 눌러 확인 메일 재전송
@@ -1781,28 +1781,10 @@ raw_seconds=초
 raw_minutes=분
 
 [dropzone]
-invalid_input_type=이 형식의 파일을 업로드할 수 없습니다.
-file_too_big=파일 크기({{filesize}} MB) 가 최대 크기({{maxFilesize}} MB) 를 초과합니다.
-remove_file=파일 제거
 
 [notification]
-notifications=알림
-unread=읽지 않음
-read=읽음
-no_unread=읽지 않은 알림이 없습니다.
-no_read=알림이 없습니다.
-pin=알림 고정
-mark_as_read=읽음으로 표시
-mark_as_unread=읽지 않음으로 표시
-mark_all_as_read=모두 읽음으로 표시
-subscriptions = 구독한 알림
-no_subscriptions = 알림이 없음
-watching = 주시중
 
 [gpg]
-error.extract_sign=서명 추출에 실패
-error.generate_hash=커밋의 해시 생성에 실패
-error.not_signed_commit=서명되지 않은 커밋
 
 [units]
 error.no_unit_allowed_repo=이 저장소의 어떤 섹션에도 접근할 수 없습니다.
@@ -1815,18 +1797,6 @@ owner.settings.cleanuprules.enabled=활성화됨
 [secrets]
 
 [actions]
-runners.name=이름
-runners.owner_type=유형
-runners.description=설명
-runners.task_list.run=실행
-runners.task_list.repository=저장소
-runners.task_list.commit=커밋
-runners.status.active=사용
-
-runs.commit=커밋
-
-
-
 
 [projects]
 
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index 85dadcf1b3..4ffc1d37a7 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -3500,35 +3500,10 @@ raw_seconds=sekundes
 raw_minutes=minūtes
 
 [dropzone]
-default_message=Ievilkt datnes vai klikšķināt šeit, lai augšupielādētu.
-invalid_input_type=Šī veida datnes nevar augšupielādēt.
-file_too_big=Datnes izmērs ({{filesize}} MB) pārsniedz pieļaujamo izmēru ({{maxFilesize}} MB).
-remove_file=Noņemt datni
 
 [notification]
-notifications=Paziņojumi
-unread=Neizlasītie
-read=Izlasītie
-no_unread=Nav neizlasītu paziņojumu.
-no_read=Nav izlasītu paziņojumu.
-pin=Piespraust paziņojumu
-mark_as_read=Atzīmēt kā izlasītu
-mark_as_unread=Atzīmēt kā neizlasītu
-mark_all_as_read=Atzīmēt visus kā izlasītus
-subscriptions=Abonementi
-watching=Skatās
-no_subscriptions=Nav abonementu
 
 [gpg]
-default_key=Parakstīts ar noklusējuma atslēgu
-error.extract_sign=Neizdevās izgūt parakstu
-error.generate_hash=Neizdevās izveidot iesūtījuma jaucējkodu
-error.no_committer_account=Iesūtītāja e-pasta adrese nav piesaistīta nevienam kontam
-error.no_gpg_keys_found=Šim parakstam datubāzē netika atrasta zināma atslēga
-error.not_signed_commit=Nav parakstīts iesūtījums
-error.failed_retrieval_gpg_keys=Neizdevās iegūt nevienu iesūtītāja kontam piesaistītu atslēgu
-error.probable_bad_signature=UZMANĪBU! Lai arī datubāzē ir atslēga ar šādu identifikatoru, tā neapliecina šo iesūtījumu. Šis iesūtījums ir AIZDOMĪGS.
-error.probable_bad_default_signature=UZMANĪBU! Lai arī noklusējuma atslēgai ir šis identifikators, tas neapliecina šo iesūtījumu. Šis iesūtījums ir AIZDOMĪGS.
 
 [units]
 unit=Vienība
@@ -3558,68 +3533,8 @@ deletion.failed=Neizdevās noņemt noslēpumu.
 management=Pārvaldīt noslēpumus
 
 [actions]
-actions=Darbības
-
 unit.desc=Iebūvēto CI/CD cauruļvadu pārvaldīšana ar Forgejo Actions.
 
-status.unknown=Nezināms
-status.waiting=Gaida
-status.running=Izpildās
-status.success=Sekmīgi
-status.failure=Nesekmīgi
-status.cancelled=Atcelts
-status.skipped=Izlaists
-status.blocked=Aizturēts
-
-runners=Izpildītāji
-runners.runner_manage_panel=Pārvaldīt izpildītājus
-runners.new=Izveidot jaunu izpildītāju
-runners.new_notice=Kā uzstādīt izpildītāju
-runners.status=Stāvoklis
-runners.id=ID
-runners.name=Nosaukums
-runners.owner_type=Veids
-runners.description=Apraksts
-runners.labels=Iezīmes
-runners.last_online=Pēdējo reizi tiešsaistē
-runners.runner_title=Izpildītājs
-runners.task_list=Pēdējās darbības, kas izpildītas
-runners.task_list.no_tasks=Vēl nav uzdevumu.
-runners.task_list.run=Izpildījums
-runners.task_list.status=Stāvoklis
-runners.task_list.repository=Glabātava
-runners.task_list.commit=Iesūtījums
-runners.task_list.done_at=Pabeigts
-runners.edit_runner=Labot izpildītāju
-runners.update_runner=Atjaunināt izmaiņas
-runners.update_runner_success=Izpildītājs sekmīgi atjaunināts
-runners.update_runner_failed=Neizdevās atjaunināt izpildītāju
-runners.delete_runner=Dzēst izpildītāju
-runners.delete_runner_success=Izpildītājs sekmīgi izdzēsts
-runners.delete_runner_failed=Neizdevās izdzēst izpildītāju
-runners.delete_runner_header=Apstiprināt izpildītāja izdzēšanu
-runners.delete_runner_notice=Ja šis izpildītājs veic kādus uzdevumus, tad tie tiks apturēti un atzīmēti kā neizdevušies. Tas var sabojāt būvēšanas darbplūsmas.
-runners.none=Nav pieejami izpildītāji
-runners.status.unspecified=Nezināms
-runners.status.idle=Dīkstāvē
-runners.status.active=Darbojas
-runners.status.offline=Bezsaistē
-runners.version=Versija
-runners.reset_registration_token=Atiestatīt reģistrācijas pilnvaru
-runners.reset_registration_token_success=Izpildītāja reģistrācijas pilnvara tika sekmīgi atiestatīta
-
-runs.all_workflows=Visas darbplūsmas
-runs.commit=Iesūtījumu
-runs.scheduled=Ieplānots
-runs.pushed_by=aizgādāja
-runs.invalid_workflow_helper=Darbplūsmas konfigurācijas datne ir nederīga. Lūgums pārbaudīt konfigurācijas datni: %s
-runs.no_matching_online_runner_helper=Nav tiešsaistē esošu izpildītāju, kas atbilstu iezīmei: %s
-runs.actor=Izraisītājs
-runs.status=Stāvoklis
-runs.actors_no_select=Visi izraisītāji
-runs.status_no_select=Visi stāvokļi
-runs.no_results=Netika atrasts nekas atbilstošs.
-runs.no_workflows=Vēl nav nevienas darbplūsmas.
 runs.no_runs=Darbplūsmai vēl nav nevienas izpildes.
 runs.empty_commit_message=(tukšs iesūtījuma ziņojums)
 
@@ -3650,12 +3565,9 @@ workflow.dispatch.invalid_input_type = Nederīgs ievades mainīgā veids "%s".
 workflow.dispatch.run = Izpildīt darbplūsmu
 workflow.dispatch.success = Darbplūsmas izpildīšana tika sekmīgi pieprasīta.
 workflow.dispatch.use_from = Izmantot darbplūsmu no
-runs.workflow = Darbplūsma
-runs.no_job_without_needs = Darbplūsmā ir jābūt vismaz vienam darbam bez atkarībām.
 workflow.dispatch.input_required = Nepieciešama vērtība ievades mainīgajam "%s".
 runs.expire_log_message = Žurnāli tika iztīrīti, jo tie bija pārāk veci.
 runs.no_workflows.help_no_write_access = Lai uzzinātu par Forgejo Acties, jāieskatās <a target="_blank" rel="noopener noreferrer" href="%s">dokumentācijā</a>.
-runs.no_job = Darbplūsmā ir jābūt vismaz vienam darbam
 runs.no_workflows.help_write_access = Nav skaidrs, kā sākt izmantot Forgejo Actions? Jāieskatās <a target="_blank" rel="noopener noreferrer" href="%s">ātrajā ievadā lietotāja dokumentācijā</a>, lai uzrakstītu savu pirmo darbplūsmu, tad <a target="_blank" rel="noopener noreferrer" href="%s">jāiestata Forgejo izpildītājs</a>, lai izpildītu savus darbus.
 workflow.dispatch.warn_input_limit = Attēlo tikai pirmos %d ievades mainīgos.
 workflow.dispatch.trigger_found = Šai darbplūsmai ir <c>workflow_dispatch</c> notikuma izraisītājs.
@@ -3726,13 +3638,6 @@ projects.read = <b>Lasīt</b>: piekļūt glabātavas projektu dēļiem.
 
 
 [munits.data]
-mib = MiB
-pib = PiB
-gib = GiB
-tib = TiB
-kib = KiB
-eib = EiB
-b = B
 
 [markup]
 filepreview.line = %[1]d. rinda %[2]s
diff --git a/options/locale/locale_nds.ini b/options/locale/locale_nds.ini
index 7d85e46a9b..beb7f8ac67 100644
--- a/options/locale/locale_nds.ini
+++ b/options/locale/locale_nds.ini
@@ -3300,44 +3300,12 @@ now = nu
 1h = 1 Stünn
 
 [munits.data]
-b = B
-kib = KiB
-mib = MiB
-gib = GiB
-tib = TiB
-pib = PiB
-eib = EiB
 
 [dropzone]
-default_message = Laat Dateien hier fallen of klick hier tum Upladen.
-invalid_input_type = Du kannst deese Aard vun Dateien nich upladen.
-file_too_big = Dateigrött ({{filesize}} MB) is boven de hoogste Dateigrött vun {{maxFilesize}} MB.
-remove_file = Datei wegdoon
 
 [notification]
-notifications = Narichtens
-unread = Nich lesen
-read = Lesen
-no_unread = Keene nejen Narichtens.
-no_read = Keene lesen Narichtens.
-pin = Naricht faststeken
-mark_as_read = As lesen markeren
-mark_as_unread = As nich lesen markeren
-mark_all_as_read = All as lesen markeren
-subscriptions = Abonneerens
-watching = Beluren
-no_subscriptions = Nix abonneert
 
 [gpg]
-default_key = Mit normaalem Slötel unnerschrieven
-error.extract_sign = Kunn Unnerschrift nich uttrecken
-error.generate_hash = Kunn Prüfsumm vum Kommitteren nich bereken
-error.no_committer_account = Keen Konto mit de Kommitterer-E-Mail-Adress verbunnen
-error.no_gpg_keys_found = Keen bekannter Slötel för deese Unnerschrift in de Datenbank funnen
-error.not_signed_commit = Kommitteren is nich unnerschrieven
-error.failed_retrieval_gpg_keys = Kunn keenen Slötel halen, wat mit de Konto vum Kommitterer verbunnen is
-error.probable_bad_signature = WAHRSCHAU! Ofschoonst een Slötel mit deeser ID in de Datenbank is, wiest dat deeses Kommitteren nich ut! Deeses Kommitteren is VERDÄCHTIG.
-error.probable_bad_default_signature = WAHRSCHAU! Ofschoonst de normaal-Slötel deese ID hett, wiest dat deeses Kommitteren nich ut! Deeses Kommitteren is VERDÄCHTIG.
 
 [install]
 install = Installeren
@@ -3483,61 +3451,6 @@ deletion.description = Een Geheemst wegtodoon is för all Tieden un kann nich to
 creation.name_placeholder = Blots alphanumerisk Bookstavens (’t word nich tüsken Groot- un Kleenbookstavens unnerscheden) un Unnerstrekens; kann nich mit GITEA_ of GITHUB_ begünnen
 
 [actions]
-actions = Aktioonen
-status.unknown = Unbekannt
-status.waiting = Wacht
-status.running = Löppt
-status.success = Daankregen
-status.failure = Fehlslagen
-status.cancelled = Ofbroken
-status.skipped = Översprungen
-runners = Lopers
-runners.runner_manage_panel = Lopers verwalten
-runners.new = Nejen Loper maken
-runners.new_notice = Wo man eenen Loper start
-runners.status = Tostand
-runners.id = ID
-runners.name = Naam
-runners.owner_type = Aard
-runners.description = Beschrieven
-runners.labels = Vermarkens
-runners.runner_title = Loper
-runners.task_list = Leste Upgaven up deesem Loper
-runners.task_list.no_tasks = Dat gifft noch keene Upgaav.
-runners.task_list.run = Utföhren
-runners.task_list.status = Tostand
-runners.task_list.repository = Repositorium
-runners.task_list.commit = Kommitteren
-runners.task_list.done_at = Daan um
-runners.edit_runner = Loper bewarken
-runners.update_runner_success = Loper verneeit
-runners.update_runner_failed = Kunn Loper nich vernejen
-runners.delete_runner = Deesen Loper wegdoon
-runners.delete_runner_success = Loper wegdaan
-runners.delete_runner_failed = Kunn Loper nich wegdoon
-runners.delete_runner_header = Wies ut, dat du deesen Loper wegdoon willst
-runners.none = Keene Lopers verföögbaar
-runners.status.unspecified = Unbekannt
-runners.status.idle = Nix to doon
-runners.status.active = Aktiiv
-runners.status.offline = Nich verbunnen
-runners.version = Versioon
-runners.reset_registration_token = Registrerens-Teken torüggsetten
-runners.reset_registration_token_success = Loper-Registrerens-Teken torüggsett
-runs.all_workflows = All Warkwiesen
-runs.commit = Kommitteren
-runs.scheduled = Na Tiedplaan
-runs.pushed_by = schuven vun
-runs.workflow = Warkwies
-runs.invalid_workflow_helper = Warkwies-Instellens-Datei is ungültig. Bidde kiek diene Instellens-Datei na: %s
-runs.no_matching_online_runner_helper = Keen verbunnen Loper, wat passt, mit de Vermark funnen: %s
-runs.no_job = De Warkwies mutt tominnst eene Upgaav enthollen
-runs.actor = Aktöör
-runs.status = Tostand
-runs.actors_no_select = All Aktören
-runs.status_no_select = All Tostanden
-runs.no_results = Keene Resultaten passen.
-runs.no_workflows = Dat gifft noch keene Warkwiesens.
 runs.no_runs = Deese Warkwies is noch nich utföhrt worden.
 runs.empty_commit_message = (lege Kommitterens-Naricht)
 runs.expire_log_message = Utgaav is wegdaan worden, denn se weer to oll.
@@ -3566,12 +3479,7 @@ variables.update.success = De Variaabel is bewarkt worden.
 workflow.disable = Warkwies utknipsen
 variables.creation = Variaabel hentofögen
 variables.update.failed = Kunn Variaabel nich bewarken.
-status.blocked = Blockeert
-runners.delete_runner_notice = Wenn eene Upgaav up deesem Loper löppt, word se ofbroken un as fehlslagen markeert. Dat kann Bau-Warkwiesen stören.
-runners.last_online = Tolest verbunnen
-runners.update_runner = Ännerns vernejen
 workflow.disable_success = Warkwies »%s« is utknipst worden.
-runs.no_job_without_needs = De Warkwies mutt tominnst eene Upgaav sünner Ofhangen enthollen.
 workflow.dispatch.success = Warkwies-Utföhren is vörmarkt worden.
 variables.deletion.description = Eene Variaabel wegtodoon is för all Tieden un kann nich torüggnohmen worden. Wiedermaken?
 unit.desc = Verwalt integreerte CI-/CD-Affolgens mit Forgejo-Aktioonen.
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index d790980b25..998221c0a0 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -3493,35 +3493,10 @@ raw_seconds=seconden
 raw_minutes=minuten
 
 [dropzone]
-default_message=Sleep bestanden hier heen of klik om te uploaden.
-invalid_input_type=U kunt geen bestanden van dit type uploaden.
-file_too_big=Bestandsgrootte ({{filesize}} MB) overschrijdt de maximale grootte ({{maxFilesize}} MB).
-remove_file=Verwijder bestand
 
 [notification]
-notifications=Notificaties
-unread=Ongelezen
-read=Gelezen
-no_unread=Geen ongelezen meldingen.
-no_read=Geen gelezen meldingen.
-pin=Pin melding
-mark_as_read=Markeer als gelezen
-mark_as_unread=Markeer als ongelezen
-mark_all_as_read=Markeer alles als gelezen
-no_subscriptions = Geen abonnementen
-subscriptions = Abonnementen
-watching = Kijken naar
 
 [gpg]
-default_key=Ondertekend met standaard sleutel
-error.extract_sign=Handtekening uitpakken mislukt
-error.generate_hash=Genereren van commit hash mislukt
-error.no_committer_account=Geen account gekoppeld aan het e-mailadres van de committer
-error.no_gpg_keys_found=Geen bekende sleutel gevonden voor deze handtekening in de database
-error.not_signed_commit=Geen ondertekende commit
-error.probable_bad_default_signature=WAARSCHUWING! Hoewel de standaard sleutel dit ID heeft, is deze commit niet geverifieerd! Deze commit is VERDACHT.
-error.failed_retrieval_gpg_keys = Kan geen sleutel ophalen die gekoppeld is aan de account van de committer
-error.probable_bad_signature = WAARSCHUWING! Hoewel er een sleutel met dit ID in de database zit, verifieert het deze commit niet! Deze commit is VERDACHT.
 
 [units]
 error.no_unit_allowed_repo=U heeft geen toegang tot een enkele sectie van deze repository.
@@ -3551,56 +3526,7 @@ creation.name_placeholder = hoofdlettergevoelig, alleen alfanumerieke tekens of
 deletion.failed = Mislukt om geheim te verwijderen.
 
 [actions]
-runners.name=Naam
-runners.owner_type=Type
-runners.description=Omschrijving
-runners.task_list.run=Uitvoeren
-runners.task_list.repository=Opslagplaats
-runners.task_list.commit=Commit
-runners.status.active=Actief
-
-runs.commit=Commit
 variables.update.failed = Mislukt bij het bewerken van variabele.
-status.cancelled = Geannuleerd
-status.skipped = Overgeslagen
-status.blocked = Geblokkeerd
-runners.status = Status
-runners.task_list.no_tasks = Er is nog geen taak.
-runners.labels = Labels
-runners.last_online = Laatste online tijd
-runners.task_list.status = Status
-runners.task_list.done_at = Gedaan op
-runners.id = ID
-runs.actor = Acteur
-actions = Actions
-status.unknown = Onbekend
-status.waiting = Wachten
-status.running = Bezig
-status.success = Succes
-status.failure = Mislukking
-runners = Runners
-runners.new = Nieuwe runner aanmaken
-runners.new_notice = Hoe moet je een runner starten
-runners.runner_title = Runner
-runners.edit_runner = Runner bewerken
-runners.update_runner = Wijzigingen bijwerken
-runners.update_runner_success = Runner succesvol bijgewerkt
-runners.update_runner_failed = Mislukt om runner bij te werken
-runners.delete_runner = Verwijder deze runner
-runners.delete_runner_failed = Het verwijderen van de runner is mislukt
-runners.delete_runner_header = Bevestigen om deze runner te verwijderen
-runners.none = Geen runners beschikbaar
-runners.status.unspecified = Onbekend
-runners.status.idle = Inactief
-runners.status.offline = Offline
-runners.version = Versie
-runners.reset_registration_token = Registratie token resetten
-runners.reset_registration_token_success = Runner registratie token met succes gereset
-runs.all_workflows = Alle workflows
-runs.scheduled = Gepland
-runs.pushed_by = gepusht door
-runs.invalid_workflow_helper = Workflow config bestand is ongeldig. Controleer uw configuratiebestand: %s
-runners.runner_manage_panel = Runners beheer
 runs.no_runs = De workflow heeft nog geen runs.
 runs.empty_commit_message = (leeg commit bericht)
 workflow.disable = Workflow uitschakelen
@@ -3620,22 +3546,10 @@ variables.deletion.success = De variabele is verwijderd.
 variables.creation.failed = Mislukt om variable toe te voegen.
 variables.creation.success = De variabele "%s" is toegevoegd.
 variables.update.success = De variabele is bewerkt.
-runs.status = Status
-runs.actors_no_select = Alle acteurs
-runs.status_no_select = Alle statussen
-runs.no_results = Geen resultaten gevonden.
-runs.no_workflows = Er zijn nog geen workflows.
 unit.desc = Beheer geïntegreerde CI/CD-pijplijnen met Forgejo Actions.
 workflow.disable_success = Workflow "%s" is succesvol uitgeschakeld.
 variables.none = Er zijn nog geen variabelen.
-runners.task_list = Recente taken op deze runner
-runners.delete_runner_notice = Als er een taak op deze runner draait, wordt deze beëindigd en gemarkeerd als mislukt. Dit kan het bouwen van de workflow onderbreken.
 variables.description = Variabelen worden doorgegeven aan bepaalde acties en kunnen anders niet worden gelezen.
-runners.delete_runner_success = Runner succesvol verwijderd
-runs.no_matching_online_runner_helper = Geen overeenkomende online runner met label: %s
-runs.workflow = Workflow
-runs.no_job_without_needs = De workflow moet ten minste één taak zonder afhankelijkheden bevatten.
-runs.no_job = De workflow moet minimaal één job bevatten
 workflow.dispatch.trigger_found = Deze workflow heeft een <c>workflow_dispatch</c> event trigger.
 workflow.dispatch.success = Workflow-run is met succes aangevraagd.
 workflow.dispatch.use_from = Gebruik workflow van
@@ -3695,13 +3609,6 @@ regexp_tooltip = Interpreteer de zoekterm als een reguliere expressie
 regexp = RegExp
 
 [munits.data]
-b = B
-kib = KiB
-mib = MiB
-gib = GiB
-tib = TiB
-eib = EiB
-pib = PiB
 
 [markup]
 filepreview.line = Lijn %[1]d in %[2]s
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index 1e195970eb..2a6ce16fc1 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -3470,35 +3470,10 @@ raw_seconds=sekund
 raw_minutes=minut
 
 [dropzone]
-default_message=Upuść pliki tutaj lub kliknij, aby przesłać.
-invalid_input_type=Nie można przesłać plików tego typu.
-file_too_big=Rozmiar pliku ({{filesize}} MB) przekracza maksymalny rozmiar ({{maxFilesize}} MB).
-remove_file=Usuń plik
 
 [notification]
-notifications=Powiadomienia
-unread=Nieprzeczytane
-read=Przeczytane
-no_unread=Brak nieprzeczytanych powiadomień.
-no_read=Brak przeczytanych powiadomień.
-pin=Przypnij powiadomienie
-mark_as_read=Oznacz jako przeczytane
-mark_as_unread=Oznacz jak nieprzeczytane
-mark_all_as_read=Oznacz wszystkie jako przeczytane
-subscriptions = Subskrypcje
-no_subscriptions = Brak subskrypcji
-watching = Obserwowane
 
 [gpg]
-default_key=Podpisano domyślnym kluczem
-error.extract_sign=Nie udało się wyłuskać podpisu
-error.generate_hash=Nie udało się wygenerować skrótu dla commitu
-error.no_committer_account=Brak konta powiązanego z adresem e-mail autora
-error.no_gpg_keys_found=Nie znaleziono w bazie danych klucza dla tego podpisu
-error.not_signed_commit=Commit niepodpisany
-error.failed_retrieval_gpg_keys=Nie udało się uzyskać żadnego klucza powiązanego z kontem autora
-error.probable_bad_signature=OSTRZEŻENIE! Pomimo istnienia klucza z takim ID w bazie, nie weryfikuje on tego commita! Ten commit jest PODEJRZANY.
-error.probable_bad_default_signature=OSTRZEŻENIE! Pomimo, że domyślny klucz posiada to ID, nie weryfikuje on tego commita! Ten commit jest PODEJRZANY.
 
 [units]
 error.no_unit_allowed_repo=Nie masz uprawnień do żadnej sekcji tego repozytorium.
@@ -3528,34 +3503,7 @@ management = Zarządzaj sekretami
 deletion.failed = Nie udało się usunąć sekretu.
 
 [actions]
-runners.name=Nazwa
-runners.owner_type=Typ
-runners.description=Opis
-runners.task_list.run=Uruchom
-runners.task_list.repository=Repozytorium
-runners.task_list.commit=Commit
-runners.status.active=Aktywne
-
-runs.commit=Commit
-status.skipped = Pominięto
-runs.status = Status
-status.waiting = Oczekiwanie
-status.unknown = Nieznane
-runs.scheduled = Zaplanowane
-runners.id = ID
-status.failure = Niepowodzenie
-status.cancelled = Anulowano
-runners.status = Status
-runners.status.unspecified = Nieznane
-runners.status.idle = Bezczynne
 variables = Zmienne
-status.success = Sukces
-runs.actor = Aktor
-runners.status.offline = Offline
-runners.version = Wersja
-runners.task_list.status = Status
-runners.labels = Etykiety
-status.blocked = Zablokowano
 variables.id_not_exist = Zmienna o ID %d nie istnieje.
 variables.edit = Edytuj Zmienną
 variables.update.failed = Nie udało się zmienić zmiennej.
@@ -3565,44 +3513,18 @@ variables.deletion.success = Zmienna została usunięta.
 variables.update.success = Zmienna została zmieniona.
 variables.deletion.failed = Nie udało się usunąć zmiennej.
 runs.no_workflows.help_write_access = Nie wiesz jak zacząć z Forgejo Actions? Sprawdź <a target="_blank" rel="noopener noreferrer" href="%s">szybki start w dokumentacji użytkownika</a> i napisz swój pierwszy proces pracy, a następnie <a target="_blank" rel="noopener noreferrer" href="%s">skonfiguruj runnera Forgejo</a> by wykonywał twoje zadania.
-runners.reset_registration_token = Resetuj token rejestracji
-runners.reset_registration_token_success = Rejestracja tokenu resetu runnera pomyślna
-runners.none = Brak dostępnych runnerów
-runners.delete_runner_notice = Jeżeli zadanie nadal jest wykonywane przez ten runner, zostanie ono zakończone i oznaczone jako niepowodzenie. Może to przerwać proces pracy.
 variables.deletion.description = Usunięcie zmiennej jest permanentne i nie może zostać cofnięte. Kontynuować?
 variables.deletion = Usuń zmienną
-runners.delete_runner_failed = Nie udało się usunąć runnera
-runs.no_results = Brak pasujących wyników.
-runners.update_runner = Aktualizuj zmiany
-runners.new_notice = Jak uruchomić runner
 variables.management = Zarządzaj zmiennymi
-runners.task_list.no_tasks = Nie ma jeszcze zadań.
-runners.task_list = Ostatnie zadania w tym runnerze
-runners.update_runner_success = Runner zaktualizowany pomyślnie
-runners.update_runner_failed = Nie udało się zaktualizować runnera
 runs.expire_log_message = Logi zostały oczyszczone ponieważ były za stare.
 variables.none = Nie ma jeszcze zmiennych.
 runs.empty_commit_message = (pusta wiadomość commita)
 variables.creation = Dodaj zmienną
-runners = Runnery
-actions = Akcje
-runners.last_online = Ostatni czas online
-runners.runner_title = Runner
-runners.delete_runner = Usuń ten runner
-runners.delete_runner_success = Runner usunięty pomyślnie
-runners.delete_runner_header = Potwierdź usunięcie tego runnera
 runs.no_workflows.help_no_write_access = By dowiedzieć się o Forgejo Actions, zobacz <a target="_blank" rel="noopener noreferrer" href="%s">dokumentację</a>.
-runners.edit_runner = Edytuj Runnera
 variables.description = Zmienne będą przekazane pewnym akcjom, nie mogą być odczytane inaczej.
-runners.runner_manage_panel = Zarządzaj runnerami
-runners.new = Utwórz nowy runner
-runs.no_matching_online_runner_helper = Brak pasujących runnerów online z etykietą: %s
 workflow.disable = Wyłącz proces pracy
 unit.desc = Zarządzaj zintegrowanymi procesami CI/CD z Forgejo Actions.
-runs.all_workflows = Wszystkie procesy prac
 variables.not_found = Nie udało się znaleźć zmiennej.
-runs.invalid_workflow_helper = Plik konfiguracyjny procesu pracy jest nieprawidłowy. Proszę sprawdź swój plik konfiguracyjny: %s
-runs.no_workflows = Nie ma jeszcze żadnych procesów pracy.
 runs.no_runs = Ten proces pracy nie ma jeszcze uruchomień.
 workflow.dispatch.use_from = Wykorzystaj proces pracy z
 workflow.disabled = Proces pracy jest wyłączony.
@@ -3610,15 +3532,7 @@ workflow.enable_success = Proces pracy "%s" włączony pomyślnie.
 workflow.enable = Włącz proces pracy
 workflow.disable_success = Proces pracy "%s" wyłączony pomyślnie.
 workflow.dispatch.run = Uruchom proces pracy
-runs.no_job = Proces pracy musi posiadać chociaż jedno zadanie
-runs.no_job_without_needs = Proces pracy musi zawierać chociaż jedno zadanie bez zależności.
-status.running = Uruchomione
-runs.workflow = Proces pracy
-runners.task_list.done_at = Ukończone W
 need_approval_desc = Potrzebne zatwierdzenie by móc uruchamiać procesy pracy dla pull requestów forków.
-runs.pushed_by = wypchnięty przez
-runs.status_no_select = Wszystkie stany
-runs.actors_no_select = Wszyscy aktorzy
 workflow.dispatch.success = Proces pracy został pomyślnie zażądany.
 workflow.dispatch.invalid_input_type = Nieprawidłowy typ danych wejścia "%s".
 workflow.dispatch.input_required = Wymagaj wartości dla danych wejścia "%s".
@@ -3700,11 +3614,4 @@ ext_wiki = Dostęp do linku kierującego do zewnętrznej wiki. Uprawnienia są z
 actions.write = <b>Zapis:</b> Ręczne wywołanie, restart, anulowanie lub zatwierdzenie oczekujących procesów CI/CD.
 actions.read = <b>Odczyt:</b> Podgląd zintegrowanych procesów CI/CD i ich logów.
 
-[munits.data]
-eib = EiB
-pib = PiB
-tib = TiB
-gib = GiB
-b = B
-kib = KiB
-mib = MiB
\ No newline at end of file
+[munits.data]
\ No newline at end of file
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index b9373aea21..ca4fa9d24d 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -3500,35 +3500,10 @@ raw_seconds=segundos
 raw_minutes=minutos
 
 [dropzone]
-default_message=Arraste e solte arquivos aqui, ou clique para selecioná-los.
-invalid_input_type=Você não pode enviar arquivos deste tipo.
-file_too_big=Tamanho de arquivo ({{filesize}} MB) excede o máximo de ({{maxFilesize}} MB).
-remove_file=Remover arquivo
 
 [notification]
-notifications=Notificações
-unread=Não lidas
-read=Lidas
-no_unread=Nenhuma notificação não lida.
-no_read=Nenhuma notificação lida.
-pin=Fixar notificação
-mark_as_read=Marcar como lida
-mark_as_unread=Marcar como não lida
-mark_all_as_read=Marcar todas como lidas
-subscriptions=Inscrições
-watching=Observando
-no_subscriptions=Nenhuma inscrição
 
 [gpg]
-default_key=Assinado com a chave padrão
-error.extract_sign=Falha ao extrair assinatura
-error.generate_hash=Falha ao gerar hash de commit
-error.no_committer_account=Nenhuma conta vinculada ao e-mail do autor do commit
-error.no_gpg_keys_found=Nenhuma chave conhecida encontrada para esta assinatura no banco de dados
-error.not_signed_commit=Não é um commit assinado
-error.failed_retrieval_gpg_keys=Falha ao obter qualquer chave anexada à conta do autor do commit
-error.probable_bad_signature=ATENÇÃO! Embora exista uma chave com este ID no banco de dados, ela não verifica este commit! Este commit é SUSPEITO.
-error.probable_bad_default_signature=ATENÇÃO! Embora a chave padrão tenha este ID, ela não verifica este commit! Este commit é SUSPEITO.
 
 [units]
 unit=Unidade
@@ -3558,98 +3533,33 @@ deletion.failed=Falha ao excluir segredo.
 management=Gerenciamento de segredos
 
 [actions]
-actions=Ações
-
 unit.desc=Gerenciar pipelines integradas de CI/CD com Forgejo Actions.
 
-status.unknown=Desconhecido
-status.waiting=Aguardando
-status.running=Executando
-status.success=Sucesso
-status.failure=Falha
-status.cancelled=Cancelada
-status.skipped=Ignorada
-status.blocked=Bloqueada
-
-runners=Runners
-runners.runner_manage_panel=Gerenciar runners
-runners.new=Criar novo runner
-runners.new_notice=Como iniciar um runner
-runners.status=Estado
-runners.id=ID
-runners.name=Nome
-runners.owner_type=Tipo
-runners.description=Descrição
-runners.labels=Rótulos
-runners.last_online=Última vez online
-runners.runner_title=Runner
-runners.task_list=Tarefas recentes neste runner
-runners.task_list.no_tasks=Ainda não há nenhuma tarefa.
-runners.task_list.run=Executar
-runners.task_list.status=Estado
-runners.task_list.repository=Repositório
-runners.task_list.commit=Commit
-runners.task_list.done_at=Realizada em
-runners.edit_runner=Editar Runner
-runners.update_runner=Salvar alterações
-runners.update_runner_success=Runner atualizado com sucesso
-runners.update_runner_failed=Falha ao atualizar runner
-runners.delete_runner=Deletar esse runner
-runners.delete_runner_success=Runner excluído com sucesso
-runners.delete_runner_failed=Falha ao excluir runner
-runners.delete_runner_header=Confirme para excluir este runner
-runners.delete_runner_notice=Se uma tarefa estiver sendo executada neste runner, ela será encerrada e marcada como falha. Pode quebrar o workflow de construção.
-runners.none=Nenhum runner disponível
-runners.status.unspecified=Desconhecido
-runners.status.idle=Inativo
-runners.status.active=Ativo
-runners.status.offline=Offline
-runners.version=Versão
-runners.reset_registration_token_success=Token de registro de runner redefinido com sucesso
-
-runs.all_workflows=Todos os workflows
-runs.commit=Commit
-runs.pushed_by=push feito por
-runs.invalid_workflow_helper=O arquivo de configuração do workflow é inválido. Por favor, verifique seu arquivo de configuração: %s
-runs.status=Status
-
-
 need_approval_desc=Precisa de aprovação para executar workflows para pull request do fork.
 variables.edit = Editar variável
 variables.deletion.success = A variável foi removida.
 variables.creation.success = A variável "%s" foi adicionada.
 variables.update.success = A variável foi editada.
-runners.reset_registration_token = Resetar token de registro
-runs.scheduled = Programadas
 variables.creation = Adicionar variável
 variables.deletion = Remover variável
 variables.management = Gerenciar variáveis
-runs.actors_no_select = Todos os atores
 variables.none = Ainda não há variáveis.
 variables.update.failed = Falha ao editar a variável.
-runs.actor = Ator
-runs.status_no_select = Todos os estados
 runs.empty_commit_message = (mensagem de commit vazia)
 variables = Variáveis
 variables.id_not_exist = A variável com o ID %d não existe.
 variables.deletion.failed = Falha ao remover a variável.
 variables.creation.failed = Falha ao adicionar a variável.
-runs.no_results = Nenhum resultado.
 variables.description = As variáveis serão passadas para certas Actions e não poderão ser lidas de outra forma.
 workflow.dispatch.trigger_found = Este workflow tem um disparador de evento <c>workflow_dispatch</c>.
 workflow.dispatch.run = Executar workflow
 runs.no_runs = O workflow ainda não foi executado.
 workflow.dispatch.warn_input_limit = Exibindo apenas as %d primeiras entradas.
-runs.no_matching_online_runner_helper = Nenhum runner online encontrado com o rótulo: %s
 workflow.disabled = Workflow está desativado.
 workflow.dispatch.use_from = Usar workflow de
-runs.no_job = O workflow precisa conter pelo menos um trabalho
 workflow.disable_success = Workflow "%s" desativado com sucesso.
 workflow.enable = Ativar workflow
 workflow.disable = Desabilitar workflow
-runs.no_workflows = Não há workflows ainda.
-runs.no_job_without_needs = O workflow deve conter pelo menos um trabalho sem dependências.
-runs.workflow = Workflow
 workflow.enable_success = Workflow "%s" ativado com sucesso.
 workflow.dispatch.success = Execução do workflow solicitada com sucesso.
 workflow.dispatch.input_required = Exigir um valor para a entrada "%s".
@@ -3705,13 +3615,6 @@ regexp_tooltip = Interpretar o termo de busca como uma expressão regular
 regexp = ExpReg
 
 [munits.data]
-b = B
-kib = KiB
-mib = MiB
-gib = GiB
-tib = TiB
-pib = PiB
-eib = EiB
 
 [markup]
 filepreview.line = Linha %[1]d em %[2]s
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index ad059c83e3..accee87cfa 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -3497,35 +3497,10 @@ raw_seconds=segundos
 raw_minutes=minutos
 
 [dropzone]
-default_message=Largue os ficheiros aqui ou clique aqui para os carregar.
-invalid_input_type=Não pode carregar ficheiros deste tipo.
-file_too_big=O tamanho do ficheiro ({{filesize}} MB) excede o tamanho máximo de ({{maxFilesize}} MB).
-remove_file=Remover ficheiro
 
 [notification]
-notifications=Notificações
-unread=Por ler
-read=Lidas
-no_unread=Sem notificações por ler.
-no_read=Sem notificações lidas.
-pin=Fixar notificação
-mark_as_read=Marcar como lida
-mark_as_unread=Marcar como não lida
-mark_all_as_read=Marcar todas como lidas
-subscriptions=Subscrições
-watching=Vigiando
-no_subscriptions=Sem subscrições
 
 [gpg]
-default_key=Assinado com a chave padrão
-error.extract_sign=Falhou ao extrair a assinatura
-error.generate_hash=Falhou ao gerar o <i>hash</i> do cometimento
-error.no_committer_account=Não existe qualquer conta ligada ao endereço de email de quem cometeu
-error.no_gpg_keys_found=Não foi encontrada uma chave conhecida para esta assinatura, na base de dados
-error.not_signed_commit=Não é um cometimento assinado
-error.failed_retrieval_gpg_keys=Falhou ao obter uma chave ligada à conta de quem cometeu
-error.probable_bad_signature=AVISO! Embora exista uma chave com este ID na base de dados, ela não valida este cometimento! Este cometimento é SUSPEITO.
-error.probable_bad_default_signature=AVISO! Embora a chave padrão tenha este ID, ela não valida este cometimento! Este cometimento é SUSPEITO.
 
 [units]
 unit=Unidade
@@ -3555,68 +3530,8 @@ deletion.failed=Falhou ao remover o segredo.
 management=Gerir segredos
 
 [actions]
-actions=Operações
-
 unit.desc=Gerir sequências CI/CD integradas com Forgejo Actions.
 
-status.unknown=Desconhecido
-status.waiting=Aguardando
-status.running=Em execução
-status.success=Sucesso
-status.failure=Falha
-status.cancelled=Cancelado
-status.skipped=Ignorado
-status.blocked=Bloqueado
-
-runners=Executores
-runners.runner_manage_panel=Gerir executores
-runners.new=Criar um novo executor
-runners.new_notice=Como iniciar um executor
-runners.status=Estado
-runners.id=ID
-runners.name=Nome
-runners.owner_type=Tipo
-runners.description=Descrição
-runners.labels=Rótulos
-runners.last_online=Última vez que esteve ligado
-runners.runner_title=Executor
-runners.task_list=Tarefas recentes deste executor
-runners.task_list.no_tasks=Ainda não há tarefas.
-runners.task_list.run=Executar
-runners.task_list.status=Estado
-runners.task_list.repository=Repositório
-runners.task_list.commit=Cometimento
-runners.task_list.done_at=Feito em
-runners.edit_runner=Editar executor
-runners.update_runner=Guardar alterações
-runners.update_runner_success=O executor foi modificado com sucesso
-runners.update_runner_failed=Falhou ao modificar o executor
-runners.delete_runner=Eliminar este executor
-runners.delete_runner_success=O executor foi eliminado com sucesso
-runners.delete_runner_failed=Falhou ao eliminar o executor
-runners.delete_runner_header=Confirme que quer eliminar este executor
-runners.delete_runner_notice=Se uma tarefa estiver a correr neste executor, será terminada e marcada como tendo falhado. Isso poderá quebrar a sequência de trabalho de construção.
-runners.none=Não há executores disponíveis
-runners.status.unspecified=Desconhecido
-runners.status.idle=Parado
-runners.status.active=Em funcionamento
-runners.status.offline=Desconectado
-runners.version=Versão
-runners.reset_registration_token=Repor código de registo
-runners.reset_registration_token_success=O código de incrição do executor foi reposto com sucesso
-
-runs.all_workflows=Todas as sequências de trabalho
-runs.commit=Cometimento
-runs.scheduled=Agendadas
-runs.pushed_by=enviado por
-runs.invalid_workflow_helper=O ficheiro de configuração da sequência de trabalho é inválido. Verifique o seu ficheiro de configuração: %s
-runs.no_matching_online_runner_helper=Não existem executores ligados que tenham o rótulo %s
-runs.actor=Interveniente
-runs.status=Estado
-runs.actors_no_select=Todos os intervenientes
-runs.status_no_select=Todos os estados
-runs.no_results=Nenhum resultado obtido.
-runs.no_workflows=Ainda não há sequências de trabalho.
 runs.no_runs=A sequência de trabalho ainda não foi executada.
 runs.empty_commit_message=(mensagem de cometimento vazia)
 
@@ -3643,9 +3558,6 @@ variables.creation.failed=Falha ao adicionar a variável.
 variables.creation.success=A variável "%s" foi adicionada.
 variables.update.failed=Falha ao editar a variável.
 variables.update.success=A variável foi editada.
-runs.no_job_without_needs = A sequência de trabalho tem de conter pelo menos um trabalho sem dependências.
-runs.workflow = Sequência de trabalho
-runs.no_job = A sequência de trabalho tem de conter pelo menos um trabalho
 workflow.dispatch.use_from = Usar sequência de trabalho de
 workflow.dispatch.run = Executar sequência de trabalho
 workflow.dispatch.input_required = Exigir valor para a entrada "%s".
@@ -3702,13 +3614,6 @@ regexp_tooltip = Interpreta o termo de pesquisa como uma expressão regular
 regexp = ExpReg
 
 [munits.data]
-kib = KiB
-mib = MiB
-gib = GiB
-tib = TiB
-pib = PiB
-eib = EiB
-b = B
 
 [markup]
 filepreview.lines = Linhas %[1]d até %[2]d em %[3]s
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 88404107d1..d98d094b0e 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -3500,44 +3500,12 @@ raw_seconds=секунд
 raw_minutes=минут
 
 [munits.data]
-b = Б
-kib = КиБ
-mib = МиБ
-gib = ГиБ
-tib = ТиБ
-pib = ПиБ
-eib = ЭиБ
 
 [dropzone]
-default_message=Перетащите сюда файлы или нажмите для загрузки.
-invalid_input_type=Вы не можете загружать файлы этого типа.
-file_too_big=Размер файла ({{filesize}} МБ) больше чем максимальный размер ({{maxFilesize}} МБ).
-remove_file=Удалить файл
 
 [notification]
-notifications=Уведомления
-unread=Непросмотренные
-read=Просмотренные
-no_unread=У вас нет непросмотренных уведомлений.
-no_read=У вас нет просмотренных уведомлений.
-pin=Прикрепить уведомление
-mark_as_read=Отметить как просмотренное
-mark_as_unread=Пометить как непросмотренное
-mark_all_as_read=Пометить все как просмотренные
-subscriptions=Подписки
-watching=Наблюдение
-no_subscriptions=Нет подписок
 
 [gpg]
-default_key=Подписано ключом по умолчанию
-error.extract_sign=Не удалось извлечь подпись
-error.generate_hash=Не удалось создать хеш коммита
-error.no_committer_account=Учётная запись с эл. почтой автора этого коммита не найдена
-error.no_gpg_keys_found=Не найден ключ, соответствующий данной подписи
-error.not_signed_commit=Неподписанный коммит
-error.failed_retrieval_gpg_keys=Не удалось получить ни одного ключа GPG автора коммита
-error.probable_bad_signature=ВНИМАНИЕ! Хоть в базе данных есть ключ с этим идентификатором, он не заверяет этот коммит! Этот коммит ПОДОЗРИТЕЛЬНЫЙ.
-error.probable_bad_default_signature=ВНИМАНИЕ! Хоть ключ по умолчанию имеет этот идентификатор, он не заверяет этот коммит! Этот коммит ПОДОЗРИТЕЛЬНЫЙ.
 
 [units]
 unit=Элемент
@@ -3567,66 +3535,8 @@ deletion.failed=Не удалось удалить секрет.
 management=Управление секретами
 
 [actions]
-actions=Действия
-
 unit.desc=Управление встроенными конвейерами CI/CD с Действиями Forgejo.
 
-status.unknown=Неизвестно
-status.waiting=Ожидает
-status.running=Запущено
-status.success=Успех
-status.failure=Неудача
-status.cancelled=Отменено
-status.skipped=Пропущен
-status.blocked=Заблокировано
-
-runners=Исполнители
-runners.runner_manage_panel=Управление исполнителями
-runners.new=Создать новый исполнитель
-runners.new_notice=Как запустить исполнитель
-runners.status=Состояние
-runners.id=ID
-runners.name=Название
-runners.owner_type=Тип
-runners.description=Описание
-runners.labels=Метки
-runners.last_online=Был в сети
-runners.runner_title=Исполнитель
-runners.task_list=Недавние задания исполнителя
-runners.task_list.no_tasks=Задания пока нет.
-runners.task_list.run=Запуск
-runners.task_list.status=Состояние
-runners.task_list.repository=Репозиторий
-runners.task_list.commit=Коммит
-runners.task_list.done_at=Завершено
-runners.edit_runner=Изменить исполнитель
-runners.update_runner=Обновить изменения
-runners.update_runner_success=Исполнитель успешно обновлён
-runners.update_runner_failed=Не удалось обновить исполнитель
-runners.delete_runner=Удалить этот исполнитель
-runners.delete_runner_success=Исполнитель успешно удалён
-runners.delete_runner_failed=Не удалось удалить исполнитель
-runners.delete_runner_header=Подтвердите удаление исполнителя
-runners.delete_runner_notice=Если на этом исполнителе выполняется задание, оно будет завершено и помечено как неудачное. Это может нарушить рабочий поток при сборке.
-runners.none=Нет доступных исполнителей
-runners.status.unspecified=Неизвестно
-runners.status.idle=Простаивает
-runners.status.active=Активный
-runners.status.offline=Недоступен
-runners.version=Версия
-runners.reset_registration_token=Сброс токена регистрации
-runners.reset_registration_token_success=Токен регистрации исполнителя успешно сброшен
-
-runs.all_workflows=Все рабочие потоки
-runs.commit=коммит
-runs.scheduled=Запланировано
-runs.pushed_by=отправлен
-runs.invalid_workflow_helper=Файл конфигурации рабочего потока некорректен. Пожалуйста, проверьте конфигурационный файл: %s
-runs.actor=Автор
-runs.status=Состояние
-runs.actors_no_select=Все авторы
-runs.no_results=Ничего не найдено.
-runs.no_workflows=Пока нет рабочих потоков.
 runs.no_runs=Рабочий поток ещё не запускался.
 runs.empty_commit_message=(пустое сообщение коммита)
 
@@ -3653,11 +3563,6 @@ variables.creation.success=Переменная «%s» добавлена.
 variables.update.failed=Не удалось изменить переменную.
 variables.update.success=Переменная изменена.
 variables.id_not_exist = Переменная с идентификатором %d не существует.
-runs.workflow = Рабочий поток
-runs.status_no_select = Любое состояние
-runs.no_matching_online_runner_helper = Нет работающего исполнителя с меткой: %s
-runs.no_job_without_needs = Рабочий поток должен содержать хотя бы одну задачу без зависимостей.
-runs.no_job = Рабочий поток должен включать хотя бы одну задачу
 workflow.dispatch.trigger_found = Этот рабочий поток срабатывает на события <c>workflow_dispatch</c>.
 workflow.dispatch.use_from = Использовать рабочий поток из
 workflow.dispatch.run = Выполнить рабочий поток
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index e9c7b0cb0e..df801ec30a 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -2396,15 +2396,8 @@ raw_seconds=තත්පර
 raw_minutes=විනාඩි
 
 [dropzone]
-default_message=ගොනු දමන්න හෝ උඩුගත කිරීමට මෙතැන ඔබන්න.
-remove_file=ගොනුව ඉවත් කරන්න
 
 [notification]
-notifications=දැනුම්දීම්
-unread=නොකියවූ
-read=කියවූ
-no_unread=නොකියවූ දැනුම්දීම් නැත.
-no_read=කියවූ දැනුම්දීම් නැත.
 
 [gpg]
 
@@ -2417,18 +2410,6 @@ owner.settings.cleanuprules.enabled=සබල කර ඇත
 [secrets]
 
 [actions]
-runners.name=නම
-runners.owner_type=වර්ගය
-runners.description=සවිස්තරය
-runners.task_list.run=ධාවනය
-runners.task_list.repository=කෝෂ්ඨය
-runners.task_list.commit=කැප
-runners.status.active=ක්රියාකාරී
-
-runs.commit=කැප
-
-
-
 
 [projects]
 
diff --git a/options/locale/locale_sk-SK.ini b/options/locale/locale_sk-SK.ini
index 64476156d0..e2be661dcf 100644
--- a/options/locale/locale_sk-SK.ini
+++ b/options/locale/locale_sk-SK.ini
@@ -1387,8 +1387,6 @@ review_dismissed=`odmietnutá revízia od <b>%[4]s</b> pre <a href="%[1]s">%[3]s
 [notification]
 
 [gpg]
-error.no_committer_account=Žiadny účet nie je prepojený s e-mailovou adresou prispievateľa
-error.not_signed_commit=Nie je podpísaný commit
 
 [units]
 
@@ -1399,11 +1397,6 @@ owner.settings.cleanuprules.enabled=Povolené
 [secrets]
 
 [actions]
-runners.labels=Štítky
-
-
-
-
 
 [projects]
 
diff --git a/options/locale/locale_sl.ini b/options/locale/locale_sl.ini
index 01dee8d695..ec58b597df 100644
--- a/options/locale/locale_sl.ini
+++ b/options/locale/locale_sl.ini
@@ -640,5 +640,4 @@ code = Koda
 
 [packages]
 
-[actions]
-runners.runner_manage_panel = Upravljanje tekačev
\ No newline at end of file
+[actions]
\ No newline at end of file
diff --git a/options/locale/locale_sr-SP.ini b/options/locale/locale_sr-SP.ini
index 6775d8171c..d55a963222 100644
--- a/options/locale/locale_sr-SP.ini
+++ b/options/locale/locale_sr-SP.ini
@@ -754,7 +754,6 @@ raw_seconds=секунди
 raw_minutes=минута
 
 [dropzone]
-remove_file=Уклони датотеку
 
 [notification]
 
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 5103932b31..aac4c3f1d5 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -3483,35 +3483,10 @@ raw_seconds=sekunder
 raw_minutes=minuter
 
 [dropzone]
-default_message=Släpp filer här eller klicka för att ladda upp.
-invalid_input_type=Du kan inte ladda upp filer av denna typen.
-file_too_big=Filstorleken ({{filesize}} MB) överskrider maxstorleken ({{maxFilesize}} MB).
-remove_file=Ta bort fil
 
 [notification]
-notifications=Notiser
-unread=Olästa
-read=Lästa
-no_unread=Inga olästa notifikationer.
-no_read=Inga lästa notifikationer.
-pin=Pinna notifiering
-mark_as_read=Markera som läst
-mark_as_unread=Markera som oläst
-mark_all_as_read=Markera alla som lästa
-subscriptions = Prenumerationer
-no_subscriptions = Inga prenumerationer
-watching = Bevakar
 
 [gpg]
-default_key=Signerad med standard nyckeln
-error.extract_sign=Det gick inte att extrahera signatur
-error.generate_hash=Misslyckades att generera hashsumma av commiten
-error.no_committer_account=Inget konto är kopplat till bidragsgivarens mejladress
-error.no_gpg_keys_found=Ingen känd nyckel hittad för denna signatur i databasen
-error.not_signed_commit=Inte en signerad incheckning
-error.failed_retrieval_gpg_keys=Det gick inte att hämta någon nyckel kopplad till bidragsgivarens konto
-error.probable_bad_signature=VARNING! Även om det finns en nyckel med detta ID i databasen så verifierar det inte incheckningen! Denna incheckning är MISSTÄNKT.
-error.probable_bad_default_signature=VARNING! Även om standardnyckeln har detta ID så verifierar det inte incheckningen! Denna incheckning är MISSTÄNKT.
 
 [units]
 error.no_unit_allowed_repo=Du tillåts inte åtkomst till någon del av denna utvecklingskatalog.
@@ -3540,72 +3515,11 @@ deletion.success = Hemligheten har tagits bort.
 deletion.failed = Misslyckades med att ta bort hemlighet.
 
 [actions]
-runners.name=Namn
-runners.owner_type=Typ
-runners.description=Beskrivning
-runners.task_list.run=Kör
-runners.task_list.repository=Utvecklingskatalog
-runners.task_list.commit=Commit
-runners.status.active=Aktiv
-
-runs.commit=Commit
-status.unknown = Okänd
-status.waiting = Väntar
-runners.status = Status
-runners.id = ID
-runners.labels = Etiketter
-runners.task_list.status = Status
-runners.status.unspecified = Okänd
-runners.status.offline = Offline
-runners.version = Version
-runs.status = Status
 variables = Variabler
-runners.update_runner = Uppdatera ändringar
 variables.management = Hantera variabler
 variables.creation = Lägg till variabel
 variables.deletion = Ta bort variabel
 variables.edit = Redigera variabel
-actions = Actions
-status.running = Körs
-status.success = Lyckad
-status.failure = Misslyckad
-status.cancelled = Avbruten
-status.skipped = Överhoppad
-status.blocked = Blockerad
-runners = Körare
-runners.runner_manage_panel = Hantera körare
-runners.new = Skapa ny körare
-runners.new_notice = Hur man startar en körare
-runners.last_online = Senast online
-runners.runner_title = Körare
-runners.task_list = Senaste uppgifter på denna körare
-runners.task_list.no_tasks = Det finns ingen uppgift ännu.
-runners.task_list.done_at = Klar
-runners.edit_runner = Redigera körare
-runners.update_runner_success = Körare uppdaterad framgångsrikt
-runners.update_runner_failed = Misslyckades med att uppdatera körare
-runners.delete_runner = Ta bort denna körare
-runners.delete_runner_success = Körare borttagen framgångsrikt
-runners.delete_runner_failed = Misslyckades med att ta bort körare
-runners.delete_runner_header = Bekräfta för att ta bort denna körare
-runners.delete_runner_notice = Om en uppgift körs på denna körare kommer den att avbrytas och markeras som misslyckad. Det kan bryta byggarbetsflödet.
-runners.none = Inga körare tillgängliga
-runners.status.idle = Inaktiv
-runners.reset_registration_token = Återställ registreringstoken
-runners.reset_registration_token_success = Körarens registreringstoken återställd framgångsrikt
-runs.all_workflows = Alla arbetsflöden
-runs.scheduled = Schemalagd
-runs.pushed_by = skickad av
-runs.workflow = Arbetsflöde
-runs.invalid_workflow_helper = Arbetsflödets konfigurationsfil är ogiltig. Kontrollera din konfigurationsfil: %s
-runs.no_matching_online_runner_helper = Ingen matchande körare online med etikett: %s
-runs.no_job_without_needs = Arbetsflödet måste innehålla minst ett jobb utan beroenden.
-runs.no_job = Arbetsflödet måste innehålla minst ett jobb
-runs.actor = Aktör
-runs.actors_no_select = Alla aktörer
-runs.status_no_select = Alla statusar
-runs.no_results = Inga resultat matchade.
-runs.no_workflows = Det finns inga arbetsflöden ännu.
 runs.no_workflows.help_write_access = Vet du inte hur du kommer igång med Forgejo Actions? Se <a target="_blank" rel="noopener noreferrer" href="%s">snabbstarten i användardokumentationen</a> för att skriva ditt första arbetsflöde, sedan <a target="_blank" rel="noopener noreferrer" href="%s">konfigurera en Forgejo-körare</a> för att köra dina jobb.
 runs.no_workflows.help_no_write_access = För att lära dig om Forgejo Actions, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
 runs.no_runs = Arbetsflödet har inga körningar ännu.
@@ -3686,13 +3600,6 @@ keyword_search_unavailable = Sökning på nyckelord är för närvarande inte ti
 test = Det här är en teststräng. Den visas inte i Forgejo UI men används vid testtillfälle. Vänligen skriv in "ok" för att spara tid (eller en intressant fakta du själv väljer) för att nå upp till 100% komplett :)
 
 [munits.data]
-b = B
-kib = KiB
-mib = MiB
-gib = GiB
-tib = TiB
-pib = PiB
-eib = EiB
 
 [repo.permissions]
 code.read = <b>Läs:</b> Åtkomst och klona koden i kodförrådet.
diff --git a/options/locale/locale_ta.ini b/options/locale/locale_ta.ini
index c76bd2ffd4..a4874f6c48 100644
--- a/options/locale/locale_ta.ini
+++ b/options/locale/locale_ta.ini
@@ -3336,44 +3336,12 @@ raw_seconds = நொடிகள்
 raw_minutes = நிமிடங்கள்
 
 [munits.data]
-b = பி
-kib = கிபி
-mib = MiB
-gib = சிபி
-tib = டிபி
-pib = PiB
-eib = EiB
 
 [dropzone]
-default_message = கோப்புகளை கைவிடவும் அல்லது பதிவேற்ற இங்கே சொடுக்கு செய்யவும்.
-invalid_input_type = இந்த வகை கோப்புகளை நீங்கள் பதிவேற்ற முடியாது.
-file_too_big = கோப்பு அளவு ({{filesize}} MB) அதிகபட்ச அளவு ({{maxFilesize}} MB) ஐ விட அதிகமாக உள்ளது.
-remove_file = கோப்பை அகற்று
 
 [notification]
-notifications = அறிவிப்புகள்
-unread = படிக்காதது
-read = படிக்கவும்
-no_unread = படிக்காத அறிவிப்புகள் இல்லை.
-no_read = வாசிப்பு அறிவிப்புகள் இல்லை.
-pin = பின் அறிவிப்பு
-mark_as_read = படித்ததாகக் குறி
-mark_as_unread = படிக்காததாகக் குறிக்கவும்
-mark_all_as_read = அனைத்தையும் படித்ததாகக் குறிக்கவும்
-subscriptions = சந்தாக்கள்
-watching = பார்க்கிறேன்
-no_subscriptions = சந்தாக்கள் இல்லை
 
 [gpg]
-default_key = இயல்புநிலை விசையுடன் கையொப்பமிடப்பட்டது
-error.extract_sign = கையொப்பத்தைப் பிரித்தெடுக்க முடியவில்லை
-error.generate_hash = உறுதியின் ஆச் உருவாக்க முடியவில்லை
-error.no_committer_account = பொறுப்பாளரின் மின்னஞ்சல் முகவரியுடன் எந்தக் கணக்கும் இணைக்கப்படவில்லை
-error.no_gpg_keys_found = தரவுத்தளத்தில் இந்த கையொப்பத்திற்கான அறியப்பட்ட விசை எதுவும் இல்லை
-error.not_signed_commit = கையெழுத்திட்ட உறுதிமொழி அல்ல
-error.failed_retrieval_gpg_keys = பொறுப்பாளரின் கணக்கில் இணைக்கப்பட்ட எந்த விசையையும் மீட்டெடுப்பதில் தோல்வி
-error.probable_bad_signature = எச்சரிக்கை! தரவுத்தளத்தில் இந்த ஐடியுடன் ஒரு விசை இருந்தாலும், இந்த உறுதிமொழியை அது சரிபார்க்கவில்லை! இந்த உறுதிப்பாடு சந்தேகத்திற்குரியது.
-error.probable_bad_default_signature = எச்சரிக்கை! இயல்புநிலை விசையில் இந்த அடையாளம் இருந்தாலும், இந்த உறுதிமொழியை அது சரிபார்க்கவில்லை! இந்த உறுதிப்பாடு சந்தேகத்திற்குரியது.
 
 [units]
 unit = அலகு
@@ -3399,66 +3367,6 @@ deletion.failed = ரகசியத்தை அகற்ற முடியவ
 management = இரகசியங்களை நிர்வகிக்கவும்
 
 [actions]
-actions = செயல்கள்
-status.unknown = தெரியவில்லை
-status.waiting = காத்திருக்கிறது
-status.running = ஓடுகிறது
-status.success = செய்
-status.failure = தோல்வி
-status.cancelled = ரத்து செய்யப்பட்டது
-status.skipped = தவிர்க்கப்பட்டது
-status.blocked = தடுக்கப்பட்டது
-runners = ஓடுபவர்கள்
-runners.runner_manage_panel = ஓட்டப்பந்தய வீரர்களை நிர்வகிக்கவும்
-runners.new = புதிய ரன்னர் உருவாக்கவும்
-runners.new_notice = ஒரு ஓட்டப்பந்தய வீரரை எவ்வாறு தொடங்குவது
-runners.status = நிலை
-runners.id = ஐடி
-runners.name = பெயர்
-runners.owner_type = வகை
-runners.description = விவரம்
-runners.labels = சிட்டைகள்
-runners.last_online = கடைசி நிகழ்நிலை நேரம்
-runners.runner_title = ஓடுபவர்
-runners.task_list = இந்த ரன்னரின் அண்மைக் கால பணிகள்
-runners.task_list.no_tasks = இதுவரை எந்த பணியும் இல்லை.
-runners.task_list.run = ஓடு
-runners.task_list.status = நிலை
-runners.task_list.repository = களஞ்சியம்
-runners.task_list.commit = உறுதி
-runners.task_list.done_at = மணிக்கு முடிந்தது
-runners.edit_runner = திருத்து ரன்னர்
-runners.update_runner = மாற்றங்களைப் புதுப்பிக்கவும்
-runners.update_runner_success = ரன்னர் வெற்றிகரமாக புதுப்பிக்கப்பட்டது
-runners.update_runner_failed = ரன்னரைப் புதுப்பிக்க முடியவில்லை
-runners.delete_runner = இந்த ரன்னரை நீக்கு
-runners.delete_runner_success = ரன்னர் வெற்றிகரமாக நீக்கப்பட்டது
-runners.delete_runner_failed = ரன்னரை நீக்க முடியவில்லை
-runners.delete_runner_header = இந்த ரன்னரை நீக்குவதை உறுதிப்படுத்தவும்
-runners.delete_runner_notice = இந்த ரன்னரில் ஒரு பணி இயங்கினால், அது நிறுத்தப்பட்டு தோல்வியடைந்ததாகக் குறிக்கப்படும். இது கட்டுமான பணியை உடைக்கக்கூடும்.
-runners.none = ஓட்டப்பந்தய வீரர்கள் இல்லை
-runners.status.unspecified = தெரியவில்லை
-runners.status.idle = நிலையிக்கம்
-runners.status.active = செயலில்
-runners.status.offline = இணையமில்லாமல்
-runners.version = பதிப்பு
-runners.reset_registration_token = பதிவு கிள்ளாக்கை மீட்டமைக்கவும்
-runners.reset_registration_token_success = ரன்னர் பதிவு கிள்ளாக்கு வெற்றிகரமாக மீட்டமைக்கப்பட்டது
-runs.all_workflows = அனைத்து பணிப்பாய்வுகளும்
-runs.commit = உறுதி
-runs.scheduled = திட்டமிடப்பட்டது
-runs.pushed_by = மூலம் தள்ளப்பட்டது
-runs.workflow = பணிப்பாய்வு
-runs.invalid_workflow_helper = பணிப்பாய்வு கட்டமைப்பு கோப்பு தவறானது. உங்கள் கட்டமைப்பு கோப்பை சரிபார்க்கவும்: %s
-runs.no_matching_online_runner_helper = லேபிளுடன் பொருந்தக்கூடிய நிகழ்நிலை ரன்னர் இல்லை: %s
-runs.no_job_without_needs = பணிப்பாய்வு சார்புகள் இல்லாமல் குறைந்தபட்சம் ஒரு வேலையைக் கொண்டிருக்க வேண்டும்.
-runs.no_job = பணிப்பாய்வு குறைந்தது ஒரு வேலையையாவது கொண்டிருக்க வேண்டும்
-runs.actor = நடிகர்
-runs.status = நிலை
-runs.actors_no_select = அனைத்து நடிகர்களும்
-runs.status_no_select = அனைத்து நிலை
-runs.no_results = எந்த முடிவுகளும் பொருந்தவில்லை.
-runs.no_workflows = இதுவரை பணிப்பாய்வு இல்லை.
 runs.no_workflows.help_write_access = Forgejo செயல்களை எப்படி தொடங்குவது என்று தெரியவில்லையா? உங்கள் முதல் பணிப்பாய்வுகளை எழுத, <a target="_blank" rel="noopener noreferrer" href="%s">பயனர் ஆவணத்தில் விரைவான தொடக்கத்தைப்</a> பார்க்கவும், பின்னர் உங்கள் வேலையைச் செய்ய <a target="_blank" rel="noopener noreferrer" href="%s">ஒரு Forgejo ரன்னர் அமைக்கவும்</a>.
 runs.no_workflows.help_no_write_access = Forgejo செயல்கள் பற்றி அறிய, <a target="_blank" rel="noopener noreferrer" href="%s">ஆவணங்களை</a> பார்க்கவும்.
 runs.no_runs = பணிப்பாய்வு இன்னும் இயங்கவில்லை.
diff --git a/options/locale/locale_th.ini b/options/locale/locale_th.ini
index 19b0370f28..de5c22ccc5 100644
--- a/options/locale/locale_th.ini
+++ b/options/locale/locale_th.ini
@@ -3336,44 +3336,12 @@ raw_seconds = วินาที
 raw_minutes = นาที
 
 [munits.data]
-b = B
-kib = KiB
-mib = MiB
-gib = GiB
-tib = TiB
-pib = PiB
-eib = EiB
 
 [dropzone]
-default_message = วางไฟล์หรือคลิกที่นี่เพื่ออัปโหลด
-invalid_input_type = คุณไม่สามารถอัปโหลดไฟล์ประเภทนี้ได้
-file_too_big = ขนาดไฟล์ ({{filesize}} MB) เกินขนาดสูงสุด ({{maxFilesize}} MB)
-remove_file = ลบไฟล์
 
 [notification]
-notifications = การแจ้งเตือน
-unread = ยังไม่ได้อ่าน
-read = อ่านแล้ว
-no_unread = ไม่มีการแจ้งเตือนที่ยังไม่ได้อ่าน
-no_read = ไม่มีการแจ้งเตือนที่อ่านแล้ว
-pin = ปักหมุดการแจ้งเตือน
-mark_as_read = ทำเครื่องหมายว่าอ่านแล้ว
-mark_as_unread = ทำเครื่องหมายว่ายังไม่ได้อ่าน
-mark_all_as_read = ทำเครื่องหมายทั้งหมดว่าอ่านแล้ว
-subscriptions = การสมัครรับข้อมูล
-watching = กำลังดู
-no_subscriptions = ไม่มีการสมัครรับข้อมูล
 
 [gpg]
-default_key = ลงนามด้วยคีย์เริ่มต้น
-error.extract_sign = ไม่สามารถแยกข้อมูลลายเซ็นได้
-error.generate_hash = ไม่สามารถสร้างแฮชของคอมมิตได้
-error.no_committer_account = ไม่มีบัญชีที่เชื่อมโยงกับที่อยู่อีเมลของผู้คอมมิต
-error.no_gpg_keys_found = ไม่พบคีย์ที่รู้จักสำหรับลายเซ็นนี้ในฐานข้อมูล
-error.not_signed_commit = ไม่ใช่คอมมิตที่ลงนามแล้ว
-error.failed_retrieval_gpg_keys = ไม่สามารถดึงคีย์ใด ๆ ที่แนบมากับบัญชีของผู้คอมมิตได้
-error.probable_bad_signature = คำเตือน! แม้ว่าจะมีคีย์ที่มี ID นี้ในฐานข้อมูล แต่ก็ไม่ได้ยืนยันคอมมิตนี้! คอมมิตนี้น่าสงสัย
-error.probable_bad_default_signature = คำเตือน! แม้ว่าคีย์เริ่มต้นจะมี ID นี้ แต่ก็ไม่ได้ยืนยันคอมมิตนี้! คอมมิตนี้น่าสงสัย
 
 [units]
 unit = หน่วย
@@ -3399,66 +3367,6 @@ deletion.failed = ไม่สามารถลบข้อมูลลับ
 management = จัดการข้อมูลลับ
 
 [actions]
-actions = การดำเนินการ
-status.unknown = ไม่ทราบ
-status.waiting = กำลังรอ
-status.running = กำลังทำงาน
-status.success = สำเร็จ
-status.failure = ล้มเหลว
-status.cancelled = ยกเลิกแล้ว
-status.skipped = ข้ามไป
-status.blocked = ถูกบล็อก
-runners = Runners
-runners.runner_manage_panel = จัดการ Runners
-runners.new = สร้าง Runner ใหม่
-runners.new_notice = วิธีการเริ่ม Runner
-runners.status = สถานะ
-runners.id = ID
-runners.name = ชื่อ
-runners.owner_type = ประเภท
-runners.description = คำอธิบาย
-runners.labels = ป้ายกำกับ
-runners.last_online = เวลาออนไลน์ล่าสุด
-runners.runner_title = Runner
-runners.task_list = งานล่าสุดบน Runner นี้
-runners.task_list.no_tasks = ยังไม่มีงาน
-runners.task_list.run = เรียกใช้
-runners.task_list.status = สถานะ
-runners.task_list.repository = ที่เก็บ
-runners.task_list.commit = คอมมิต
-runners.task_list.done_at = เสร็จสิ้นเมื่อ
-runners.edit_runner = แก้ไข Runner
-runners.update_runner = อัปเดตการเปลี่ยนแปลง
-runners.update_runner_success = อัปเดต Runner สำเร็จแล้ว
-runners.update_runner_failed = ไม่สามารถอัปเดต Runner ได้
-runners.delete_runner = ลบ Runner นี้
-runners.delete_runner_success = ลบ Runner สำเร็จแล้ว
-runners.delete_runner_failed = ไม่สามารถลบ Runner ได้
-runners.delete_runner_header = ยืนยันที่จะลบ Runner นี้
-runners.delete_runner_notice = หากมีงานกำลังทำงานบน Runner นี้ งานนั้นจะถูกยกเลิกและทำเครื่องหมายว่าล้มเหลว อาจทำให้เวิร์กโฟลว์การสร้างเสียหายได้
-runners.none = ไม่มี Runner ที่พร้อมใช้งาน
-runners.status.unspecified = ไม่ทราบ
-runners.status.idle = ว่าง
-runners.status.active = ใช้งานอยู่
-runners.status.offline = ออฟไลน์
-runners.version = เวอร์ชัน
-runners.reset_registration_token = รีเซ็ตโทเค็นการลงทะเบียน
-runners.reset_registration_token_success = รีเซ็ตโทเค็นการลงทะเบียน Runner สำเร็จแล้ว
-runs.all_workflows = เวิร์กโฟลว์ทั้งหมด
-runs.commit = คอมมิต
-runs.scheduled = กำหนดเวลาแล้ว
-runs.pushed_by = พุชโดย
-runs.workflow = เวิร์กโฟลว์
-runs.invalid_workflow_helper = ไฟล์การกำหนดค่าเวิร์กโฟลว์ไม่ถูกต้อง โปรดตรวจสอบไฟล์การกำหนดค่าของคุณ: %s
-runs.no_matching_online_runner_helper = ไม่มี Runner ออนไลน์ที่ตรงกันพร้อมป้ายกำกับ: %s
-runs.no_job_without_needs = เวิร์กโฟลว์ต้องมีงานอย่างน้อยหนึ่งงานที่ไม่มีการพึ่งพา
-runs.no_job = เวิร์กโฟลว์ต้องมีงานอย่างน้อยหนึ่งงาน
-runs.actor = ผู้ดำเนินการ
-runs.status = สถานะ
-runs.actors_no_select = ผู้ดำเนินการทั้งหมด
-runs.status_no_select = สถานะทั้งหมด
-runs.no_results = ไม่พบผลลัพธ์ที่ตรงกัน
-runs.no_workflows = ยังไม่มีเวิร์กโฟลว์
 runs.no_workflows.help_write_access = ไม่แน่ใจว่าจะเริ่มต้นกับ Forgejo Actions อย่างไร? ตรวจสอบ <a target="_blank" rel="noopener noreferrer" href="%s">คู่มือเริ่มต้นฉบับย่อในเอกสารประกอบสำหรับผู้ใช้</a> เพื่อเขียนเวิร์กโฟlว์แรกของคุณ จากนั้น <a target="_blank" rel="noopener noreferrer" href="%s">ตั้งค่า Forgejo runner</a> เพื่อดำเนินงานของคุณ
 runs.no_workflows.help_no_write_access = หากต้องการเรียนรู้เกี่ยวกับ Forgejo Actions โปรดดู <a target="_blank" rel="noopener noreferrer" href="%s">เอกสารประกอบ</a>
 runs.no_runs = เวิร์กโฟลว์ยังไม่มีการเรียกใช้
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index 65293727b5..1622c29942 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -3411,35 +3411,10 @@ raw_seconds=saniyeler
 raw_minutes=dakikalar
 
 [dropzone]
-default_message=Dosyaları buraya bırakın veya yüklemek için tıklayın.
-invalid_input_type=Bu tür dosyaları yükleyemezsiniz.
-file_too_big=Dosya boyutu ({{filesize}} MB) maksimum boyutu ({{maxFilesize}} MB) aşıyor.
-remove_file=Dosya Kaldır
 
 [notification]
-notifications=Bildirimler
-unread=Okunmamış
-read=Okunmuş
-no_unread=Okunmamış bildirim yok.
-no_read=Okunmuş bildirim yok.
-pin=Pin bildirimi
-mark_as_read=Okundu olarak işaretle
-mark_as_unread=Okunmadı olarak işaretle
-mark_all_as_read=Tümünü okundu olarak işaretle
-subscriptions=Abonelikler
-watching=İzleniyor
-no_subscriptions=Abonelik yok
 
 [gpg]
-default_key=Varsayılan anahtarla imzalanmış
-error.extract_sign=İmza çıkarılamadı
-error.generate_hash=İşlemenin sağlama kodu oluşturulamadı
-error.no_committer_account=İşleyicinin e-posta adresine bağlı hesap yok
-error.no_gpg_keys_found=Veri tabanında bu imza için bilinen anahtar bulunamadı
-error.not_signed_commit=İmzalı bir işleme değil
-error.failed_retrieval_gpg_keys=İşleyicin hesabına bağlı herhangi bir anahtar alınamadı
-error.probable_bad_signature=UYARI! Veritabanında bu kimliğe sahip bir anahtar olmasına rağmen, bu işlemeyi doğrulamaz! Bu işleme ŞÜPHELİDİR.
-error.probable_bad_default_signature=UYARI! Varsayılan anahtarın bu kimliği olmasına rağmen, bu işlemeyi doğrulamaz! Bu işleme ŞÜPHELİDİR.
 
 [units]
 unit=Birim
@@ -3469,68 +3444,8 @@ deletion.failed=Gizlilik kaldırılamadı.
 management=Gizlilik Yönetimi
 
 [actions]
-actions=İşlemler
-
 unit.desc=İşlemleri yönet
 
-status.unknown=Bilinmiyor
-status.waiting=Bekleniyor
-status.running=Çalışıyor
-status.success=Başarılı
-status.failure=Başarısız
-status.cancelled=İptal edildi
-status.skipped=Atlandı
-status.blocked=Engellendi
-
-runners=Çalıştırıcılar
-runners.runner_manage_panel=Çalıştırıcı Yönetimi
-runners.new=Yeni çalıştırıcı oluştur
-runners.new_notice=Bir çalıştırıcı nasıl başlatılır
-runners.status=Durum
-runners.id=Kimlik
-runners.name=İsim
-runners.owner_type=Tür
-runners.description=Açıklama
-runners.labels=Etiketler
-runners.last_online=Son Görülme Zamanı
-runners.runner_title=Çalıştırıcı
-runners.task_list=Bu çalıştırıcıdaki son görevler
-runners.task_list.no_tasks=Henüz bir görev yok.
-runners.task_list.run=Çalıştır
-runners.task_list.status=Durum
-runners.task_list.repository=Depo
-runners.task_list.commit=İşle
-runners.task_list.done_at=Tamamlanma zamanı
-runners.edit_runner=Çalıştırıcıyı Düzenle
-runners.update_runner=Değişiklikleri güncelle
-runners.update_runner_success=Çalıştırıcı başarıyla güncellendi
-runners.update_runner_failed=Çalıştırıcı güncellenemedi
-runners.delete_runner=Bu çalıştırıcıyı sil
-runners.delete_runner_success=Çalıştırıcı başarıyla silindi
-runners.delete_runner_failed=Çalıştırıcı silinemedi
-runners.delete_runner_header=Çalıştırıcıyı silmeyi onaylayın
-runners.delete_runner_notice=Eğer bu çalıştırıcıda bir görev çalışıyorsa, sonlandırılacak ve başarısız olarak işaretlenecek. Yapım iş akışını bozabilir.
-runners.none=Hiç çalıştırıcı yok
-runners.status.unspecified=Bilinmiyor
-runners.status.idle=Boşta
-runners.status.active=Etkin
-runners.status.offline=Çevrimdışı
-runners.version=Sürüm
-runners.reset_registration_token=Kayıt tokenini sıfırla
-runners.reset_registration_token_success=Çalıştırıcı kayıt belirteci başarıyla sıfırlandı
-
-runs.all_workflows=Tüm İş Akışları
-runs.commit=İşle
-runs.scheduled=Zamanlanmış
-runs.pushed_by=iten
-runs.invalid_workflow_helper=İş akışı yapılandırma dosyası geçersiz. Lütfen yapılandırma dosyanızı denetleyin: %s
-runs.no_matching_online_runner_helper=Şu etiket ile eşleşen çevrimiçi çalıştırıcı bulunamadı: %s
-runs.actor=Aktör
-runs.status=Durum
-runs.actors_no_select=Tüm aktörler
-runs.status_no_select=Tüm durumlar
-runs.no_results=Eşleşen sonuç yok.
-runs.no_workflows=Henüz hiç bir iş akışı yok.
 runs.no_runs=İş akışı henüz hiç çalıştırılmadı.
 runs.empty_commit_message=(boş işleme iletisi)
 
@@ -3557,8 +3472,6 @@ variables.creation.success=`"%s" değişkeni eklendi.`
 variables.update.failed=Değişken düzenlenemedi.
 variables.update.success=Değişken düzenlendi.
 variables.id_not_exist = %d kimlikli değişken mevcut değil.
-runs.no_job_without_needs = İş akışı en azından bağımlılığı olmayan bir görev içermelidir.
-runs.no_job = İş akışı en azından bir görev içermelidir
 runs.expire_log_message = Günlükler, çok eski oldukları için temizlendiler.
 
 [projects]
@@ -3605,11 +3518,4 @@ regexp_tooltip = Arama terimini düzenli ifade olarak yorumla
 union = Anahtar sözcük
 
 
-[munits.data]
-tib = TiB
-kib = KiB
-pib = PiB
-mib = MiB
-b = B
-gib = GiB
-eib = EiB
\ No newline at end of file
+[munits.data]
\ No newline at end of file
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index c7bcbb0489..41f689e93d 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -3500,35 +3500,10 @@ raw_seconds=секунд
 raw_minutes=хвилин
 
 [dropzone]
-default_message=Перетягніть файли або натисніть тут, щоб завантажити.
-invalid_input_type=Ви не можете завантажувати файли цього типу.
-file_too_big=Розмір файлу ({{filesize}} МБ) перевищує максимальний розмір ({{maxFilesize}} МБ).
-remove_file=Видалити файл
 
 [notification]
-notifications=Сповіщення
-unread=Непрочитані
-read=Прочитані
-no_unread=Немає непрочитаних сповіщень.
-no_read=Немає прочитаних сповіщень.
-pin=Прикріпити сповіщення
-mark_as_read=Позначити як прочитане
-mark_as_unread=Позначити як непрочитане
-mark_all_as_read=Позначити всі як прочитані
-subscriptions = Підписки
-watching = Спостереження
-no_subscriptions = Немає підписок
 
 [gpg]
-default_key=Підписано типовим ключем
-error.extract_sign=Не вдалося витягти підпис
-error.generate_hash=Не вдалося згенерувати хеш коміту
-error.no_committer_account=Електронна пошта автора не пов’язана із жодним обліковим записом
-error.no_gpg_keys_found=Не вдалося знайти GPG-ключ, що відповідає даному підпису
-error.not_signed_commit=Непідписаний коміт
-error.failed_retrieval_gpg_keys=Не вдалось отримати ключ, пов’язаний з обліковим записом комітера
-error.probable_bad_signature=УВАГА! Хоча ключ із таким ID і є в базі, коміт неможливо ним перевірити! Цей коміт ПІДОЗРІЛИЙ.
-error.probable_bad_default_signature=УВАГА! Хоча типовий ключ має цей ID, коміт неможливо ним перевірити! Цей коміт ПІДОЗРІЛИЙ.
 
 [units]
 error.no_unit_allowed_repo=У вас немає доступу до жодного розділу цього репозиторію.
@@ -3558,36 +3533,16 @@ creation.value_placeholder = Уведіть довільний вміст. Пр
 description = Секрети передаються певним діям і не можуть бути прочитані інакше.
 
 [actions]
-runners.name=Назва
-runners.owner_type=Тип
-runners.description=Опис
-runners.task_list.run=Запустити
-runners.task_list.repository=Репозиторій
-runners.task_list.commit=Коміт
-runners.status.active=Активний
-
-runs.commit=Коміт
 variables.update.failed = Не вдалося змінити змінну.
 variables.update.success = Змінну змінено.
 variables.creation = Додати змінну
 variables.none = Змінних ще немає.
 variables.deletion = Видалити змінну
 variables = Змінні
-runs.scheduled = Заплановано
-actions = Дії
 variables.deletion.success = Змінну видалено.
-runners.id = ID
-runners.update_runner = Оновити зміни
 variables.creation.failed = Не вдалося додати змінну.
 variables.deletion.failed = Не вдалося видалити змінну.
-status.waiting = Очікує
 variables.creation.success = Змінну «%s» додано.
-runners.labels = Мітки
-status.unknown = Невідомо
-runners.task_list.no_tasks = Завдань поки що немає.
-runners.version = Версія
-status.blocked = Заблоковано
-status.cancelled = Скасовано
 variables.description = Змінні передаються певним діям і не можуть бути прочитані інакше.
 variables.deletion.description = Видалення змінної є остаточним і його неможливо скасувати. Продовжити?
 variables.management = Керування змінними
@@ -3595,68 +3550,24 @@ variables.id_not_exist = Змінної з ідентифікатором %d н
 variables.edit = Редагувати змінну
 runs.expire_log_message = Журнали очищено, тому що вони були занадто старі.
 runs.empty_commit_message = (порожнє повідомлення коміту)
-runners.status.unspecified = Невідомо
-runs.status_no_select = Усі стани
-runs.status = Стан
-runners.task_list.status = Стан
-runners.status = Стан
-runners.reset_registration_token = Скинути токен реєстрації
 workflow.enable_success = Робочий потік «%s» успішно ввімкнено.
-runs.workflow = Робочий потік
 workflow.disable = Вимкнути робочий потік
 workflow.disable_success = Робочий потік «%s» успішно вимкнено.
 workflow.disabled = Робочий потік вимкнено.
 workflow.enable = Увімкнути робочий потік
-runs.no_workflows = Робочих потоків ще немає.
-runs.all_workflows = Усі робочі потоки
-runs.no_results = Не знайдено відповідних результатів.
-status.failure = Помилка
-status.running = Працює
-status.success = Успіх
-status.skipped = Пропущено
 need_approval_desc = Потрібне схвалення для запуску робочих потоків для запиту на злиття.
 variables.not_found = Не вдалося знайти змінну.
-runners.task_list.done_at = Завершено
-runners.last_online = Востаннє в мережі
 runs.no_workflows.help_no_write_access = Щоб дізнатися більше про Дії Forgejo, читайте <a target="_blank" rel="noopener noreferrer" href="%s">документацію</a>.
 runs.no_workflows.help_write_access = Не знаєте, як почати роботу з Діями Forgejo? Перегляньте <a target="_blank" rel="noopener noreferrer" href="%s">посібник для початківців у документації</a>, щоб написати свій перший робочий потік, а потім <a target="_blank" rel="noopener noreferrer" href="%s">налаштуйте ранер Forgejo</a> для виконання завдань.
 unit.desc = Керування вбудованими конвеєрами CI/CD з Діями Forgejo.
-runners.delete_runner_failed = Не вдалося видалити ранер
-runners.new_notice = Як запустити ранер
-runners.update_runner_failed = Не вдалось оновити ранер
-runners.delete_runner_success = Ранер успішно видалено
-runners.none = Немає доступних ранерів
-runners.delete_runner_notice = Якщо на цьому ранері виконується завдання, його буде завершено і позначено як невдале. Це може порушити робочий потік збірки.
 workflow.dispatch.run = Запустити робочий потік
-runners.edit_runner = Редагувати ранер
 runs.no_runs = Робочий потік ще не запускався.
-runners = Ранери
-runners.runner_manage_panel = Керування ранерами
 workflow.dispatch.success = Запит на запуск робочого потоку успішно створено.
-runs.no_matching_online_runner_helper = Не знайдено ранера в мережі з міткою: %s
-runners.reset_registration_token_success = Токен реєстрації ранера успішно скинуто
-runners.new = Створити новий ранер
-runners.delete_runner = Видалити цей ранер
-runners.runner_title = Ранер
-runners.task_list = Нещодавні завдання ранера
-runners.update_runner_success = Ранер оновлено
-runners.delete_runner_header = Підтвердіть видалення ранера
-runners.status.offline = Неактивний
-runners.status.idle = Простоює
-runs.invalid_workflow_helper = Недійсний файл конфігурації робочого потоку. Будь ласка, перевірте файл конфігурації: %s
-runs.no_job = Робочий потік повинен містити принаймні одне завдання
 workflow.dispatch.use_from = Використати робочий потік із
-runs.no_job_without_needs = Робочий потік повинен містити принаймні одне завдання без залежностей.
 workflow.dispatch.trigger_found = Цей робочий потік спрацьовує на події <c>workflow_dispatch</c>.
-runs.actor = Автор
-runs.actors_no_select = Усі автори
 workflow.dispatch.input_required = Вимагати значення для поля «%s».
 workflow.dispatch.invalid_input_type = Недійсний тип поля «%s».
 workflow.dispatch.warn_input_limit = Показано тільки перші %d полів.
-runs.pushed_by = надіслано
-
-
-
 
 [projects]
 type-3.display_name = Проєкт організації
@@ -3730,10 +3641,3 @@ projects.read = <b>Читання:</b> доступ до проєктів реп
 code.write = <b>Запис:</b> виконувати push у репозиторій, створювати гілки і теги.
 
 [munits.data]
-pib = ПіБ
-eib = ЕіБ
-kib = КіБ
-mib = МіБ
-gib = ГіБ
-tib = ТіБ
-b = Б
diff --git a/options/locale/locale_vi.ini b/options/locale/locale_vi.ini
index 1e0feb2137..d76007c48e 100644
--- a/options/locale/locale_vi.ini
+++ b/options/locale/locale_vi.ini
@@ -1495,7 +1495,6 @@ teams.admin_permission_desc = Nhóm này cấp quyền <strong>Quản trị</str
 [packages]
 
 [actions]
-runs.pushed_by = đẩy bởi
 
 [filter]
 string.asc = A - Z
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 8dc05c9b8b..13fd65a128 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -3497,35 +3497,10 @@ raw_seconds=秒
 raw_minutes=分钟
 
 [dropzone]
-default_message=拖放文件或点击此处上传
-invalid_input_type=您不能上传该类型的文件。
-file_too_big=文件体积（{{filesize}} MB）超过了最大允许体积（{{maxFilesize}} MB）。
-remove_file=移除文件
 
 [notification]
-notifications=通知
-unread=未读
-read=已读
-no_unread=没有未读通知。
-no_read=没有已读通知。
-pin=Pin 通知
-mark_as_read=标记为已读
-mark_as_unread=标记为未读
-mark_all_as_read=全部标记为已读
-subscriptions=订阅
-watching=关注
-no_subscriptions=无订阅
 
 [gpg]
-default_key=使用默认密钥签名
-error.extract_sign=无法提取签名
-error.generate_hash=无法生成提交的哈希
-error.no_committer_account=没有帐户链接到提交者的电子邮件
-error.no_gpg_keys_found=找不到此签名对应的密钥
-error.not_signed_commit=提交未签名
-error.failed_retrieval_gpg_keys=找不到任何与该提交者账号相关的密钥
-error.probable_bad_signature=警告！尽管数据库中有此 ID 对应的密钥，但此提交未通过验证！此提交是可疑的。
-error.probable_bad_default_signature=警告！尽管默认密钥具有此 ID，但此提交未通过验证！此提交是可疑的。
 
 [units]
 unit=单元
@@ -3555,68 +3530,8 @@ deletion.failed=删除密钥失败。
 management=密钥管理
 
 [actions]
-actions=Actions
-
 unit.desc=使用 Forgejo Actions 管理集成的 CI/CD 管道。
 
-status.unknown=未知
-status.waiting=等待中
-status.running=运行中
-status.success=成功
-status.failure=失败
-status.cancelled=已取消
-status.skipped=已忽略
-status.blocked=阻塞中
-
-runners=运行器
-runners.runner_manage_panel=管理运行器
-runners.new=创建新运行器
-runners.new_notice=如何启动一个运行器
-runners.status=状态
-runners.id=ID
-runners.name=名称
-runners.owner_type=类型
-runners.description=组织描述
-runners.labels=标签
-runners.last_online=上次在线时间
-runners.runner_title=运行器
-runners.task_list=最近在此运行器上的任务
-runners.task_list.no_tasks=还没有任务。
-runners.task_list.run=执行
-runners.task_list.status=状态
-runners.task_list.repository=仓库
-runners.task_list.commit=提交
-runners.task_list.done_at=完成于
-runners.edit_runner=编辑运行器
-runners.update_runner=更新更改
-runners.update_runner_success=运行器更新成功
-runners.update_runner_failed=更新运行器失败
-runners.delete_runner=删除运行器
-runners.delete_runner_success=运行器删除成功
-runners.delete_runner_failed=删除运行器失败
-runners.delete_runner_header=确认要删除此运行器
-runners.delete_runner_notice=如果有任务正在此运行器上运行，它将被终止并标记为失败。这可能会中断正在构建的工作流。
-runners.none=无可用的运行器
-runners.status.unspecified=未知
-runners.status.idle=空闲
-runners.status.active=激活
-runners.status.offline=离线
-runners.version=版本
-runners.reset_registration_token=重置注册令牌
-runners.reset_registration_token_success=成功重置运行器注册令牌
-
-runs.all_workflows=所有工作流
-runs.commit=提交
-runs.scheduled=已计划的
-runs.pushed_by=推送者
-runs.invalid_workflow_helper=工作流配置文件无效。请检查您的配置文件：%s
-runs.no_matching_online_runner_helper=没有匹配标签的在线运行器：%s
-runs.actor=操作者
-runs.status=状态
-runs.actors_no_select=所有操作者
-runs.status_no_select=所有状态
-runs.no_results=没有匹配的结果。
-runs.no_workflows=目前还没有工作流。
 runs.no_runs=工作流尚未运行过。
 runs.empty_commit_message=（空白的提交消息）
 
@@ -3643,9 +3558,6 @@ variables.creation.failed=添加变量失败。
 variables.creation.success=变量 “%s” 添加成功。
 variables.update.failed=编辑变量失败。
 variables.update.success=该变量已被编辑。
-runs.workflow = 工作流
-runs.no_job_without_needs = 工作流必须至少包含一组没有依赖的作业。
-runs.no_job = 工作流必须至少包含一个作业
 workflow.dispatch.trigger_found = 此工作流有 <c>workflow_dispatch</c> 事件触发器。
 workflow.dispatch.use_from = 使用工作流
 workflow.dispatch.invalid_input_type = 输入类型“%s”无效。
@@ -3703,13 +3615,6 @@ regexp_tooltip = 将搜索内容解释为正则表达式
 
 
 [munits.data]
-pib = PiB
-gib = GiB
-tib = TiB
-eib = EiB
-b = B
-kib = KiB
-mib = MiB
 
 [markup]
 filepreview.line = %[2]s 中的第 %[1]d 行
diff --git a/options/locale/locale_zh-HK.ini b/options/locale/locale_zh-HK.ini
index 771d1c3112..dcec0908ef 100644
--- a/options/locale/locale_zh-HK.ini
+++ b/options/locale/locale_zh-HK.ini
@@ -1066,22 +1066,10 @@ raw_seconds=秒
 raw_minutes=分鐘
 
 [dropzone]
-file_too_big=檔案大小({{filesize}} MB) 超過了最大允許大小({{maxFilesize}} MB)
-remove_file=移除文件
 
 [notification]
-notifications=訊息
-unread=未讀
-read=已讀
-pin=固定通知
-mark_as_read=標記為已讀
-mark_as_unread=標記為未讀
 
 [gpg]
-error.extract_sign=無法提取簽署
-error.generate_hash=無法產生提交的雜湊值
-error.no_gpg_keys_found=沒有發現已知的金鑰在資料庫的簽署中
-error.not_signed_commit=未簽名的提交
 
 [units]
 
@@ -1092,16 +1080,6 @@ owner.settings.cleanuprules.enabled=已啟用
 [secrets]
 
 [actions]
-runners.name=組織名稱
-runners.owner_type=認證類型
-runners.description=組織描述
-runners.task_list.run=執行
-runners.task_list.repository=儲存庫
-runners.labels = 標籤
-
-
-
-
 
 [projects]
 
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index 2de1668d86..44a89006fb 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -3497,35 +3497,10 @@ raw_seconds=秒
 raw_minutes=分鐘
 
 [dropzone]
-default_message=拖放檔案或是點擊此處上傳。
-invalid_input_type=您無法上傳此類型的檔案。
-file_too_big=檔案大小（{{filesize}} MB）超過了最大允許大小（{{maxFilesize}} MB）。
-remove_file=移除文件
 
 [notification]
-notifications=通知
-unread=未讀
-read=已讀
-no_unread=沒有未讀通知。
-no_read=沒有已讀通知。
-pin=固定通知
-mark_as_read=標記為已讀
-mark_as_unread=標記為未讀
-mark_all_as_read=標記所有為已讀
-subscriptions=訂閱
-watching=正在關注
-no_subscriptions=沒有訂閱
 
 [gpg]
-default_key=使用預設金鑰簽署
-error.extract_sign=無法提取簽署
-error.generate_hash=無法產生提交的雜湊值
-error.no_committer_account=提交者的電子信箱沒有連結到任何帳號
-error.no_gpg_keys_found=資料庫中找不到此簽署所對應的金鑰
-error.not_signed_commit=未簽署的提交
-error.failed_retrieval_gpg_keys=找不到任何與該提交者帳號相關的金鑰
-error.probable_bad_signature=警告！雖然資料庫中有此 ID 的金鑰，但此提交未通過它的驗證！此提交是有疑慮的。
-error.probable_bad_default_signature=警告！雖然預設金鑰擁有此 ID，但此提交未通過它的驗證！此提交是有疑慮的。
 
 [units]
 unit=單元
@@ -3555,57 +3530,8 @@ deletion.failed=移除 Secret 失敗。
 management = 管理秘密
 
 [actions]
-actions=Actions
-
 unit.desc=使用 Forgejo Actions 管理整合的 CI/CD 管道。
 
-status.unknown=未知的
-status.waiting=等待中
-status.running=執行中
-status.success=成功
-status.failure=失敗
-status.skipped=已略過
-status.blocked=已阻止
-
-runners=Runner
-runners.runner_manage_panel=管理 Runner
-runners.new=建立 Runner
-runners.new_notice=如何啟動 Runner
-runners.status=狀態
-runners.id=ID
-runners.name=名稱
-runners.owner_type=類型
-runners.description=描述
-runners.labels=標籤
-runners.last_online=最後上線時間
-runners.runner_title=Runner
-runners.task_list=最近在此 Runner 上的任務
-runners.task_list.run=執行
-runners.task_list.status=狀態
-runners.task_list.repository=儲存庫
-runners.task_list.commit=提交
-runners.task_list.done_at=完成於
-runners.edit_runner=編輯 Runner
-runners.update_runner=更新變更
-runners.update_runner_success=更新 Runner 成功
-runners.update_runner_failed=更新 Runner 失敗
-runners.delete_runner=刪除此 Runner
-runners.delete_runner_success=刪除 Runner 成功
-runners.delete_runner_failed=刪除 Runner 失敗
-runners.delete_runner_header=確認刪除此 Runner
-runners.delete_runner_notice=如果有任務正在此 Runner 上執行，它可能會被中止並標記為失敗，這可能會打斷建置工作流程。
-runners.none=沒有可用的 Runner
-runners.status.unspecified=未知
-runners.status.idle=閒置
-runners.status.active=啟用
-runners.status.offline=離線
-runners.version=版本
-runners.reset_registration_token_success=成功重設了 Runner 註冊符記
-
-runs.all_workflows=所有工作流程
-runs.commit=提交
-runs.invalid_workflow_helper=工作流程設定檔無效。請檢查您的設定檔：%s
-runs.status=狀態
 runs.no_runs=工作流程沒有執行過。
 
 workflow.disable=停用工作流程
@@ -3629,29 +3555,15 @@ variables.deletion = 刪除變數
 variables.deletion.description = 刪除變數是永久且不可取消的。要繼續嗎？
 variables.creation.success = 已新增變數 「%s」。
 variables.update.failed = 編輯變數失敗。
-runs.no_results = 沒有相符的結果。
-runs.no_workflows = 目前沒有任何工作流程。
-runs.pushed_by = 推送者
-runs.status_no_select = 所有狀態
-runs.scheduled = 已排程
 runs.empty_commit_message = （空白的提交訊息）
-runners.task_list.no_tasks = 目前沒有任何工作。
 workflow.disabled = 工作流程已被停用。
-status.cancelled = 已取消
-runs.workflow = 工作流程
-runs.actors_no_select = 所有操作者
-runs.actor = 操作者
 workflow.dispatch.input_required = 需要輸入「%s」的值。
 workflow.dispatch.run = 執行工作流程
 workflow.dispatch.trigger_found = 此工作流程有一個 <c>workflow_dispatch</c> 事件觸發器。
 workflow.dispatch.invalid_input_type = 無效的輸入類型「%s」。
 workflow.dispatch.warn_input_limit = 僅顯示前 %d 個輸入。
-runs.no_job = 工作流程必須包含至少一項作業
 runs.expire_log_message = 日誌已被清除，因為它們太舊了。
-runs.no_job_without_needs = 工作流程必須包含至少一項沒有依賴性的作業。
-runs.no_matching_online_runner_helper = 沒有在線的執行器且匹配標籤：%s
 workflow.dispatch.success = 已成功請求工作流程運行。
-runners.reset_registration_token = 重置註冊符記
 workflow.dispatch.use_from = 使用工作流程自
 runs.no_workflows.help_no_write_access = 要了解 Forgejo Actions，請參閱<a target="_blank" rel="noopener noreferrer" href="%s">文件</a>。
 runs.no_workflows.help_write_access = 不知道如何開始使用 Forgejo Actions？查看<a target="_blank" rel="noopener noreferrer" href="%s">使用者文件中的快速入門</a>來編寫你的第一個工作流程，然後<a target="_blank" rel="noopener noreferrer" href="%s">設定 Forgejo Runner</a>來執行你的工作。
@@ -3702,13 +3614,6 @@ union = 關鍵字
 union_tooltip = 包含與任何空格分隔的關鍵字相符的結果
 
 [munits.data]
-eib = EiB
-b = B
-kib = KiB
-mib = MiB
-gib = GiB
-tib = TiB
-pib = PiB
 
 [markup]
 filepreview.truncated = 預覽已被截斷
diff --git a/options/locale_next/locale_ar.json b/options/locale_next/locale_ar.json
index cd2a0fdb82..2c2ff1ec5f 100644
--- a/options/locale_next/locale_ar.json
+++ b/options/locale_next/locale_ar.json
@@ -1,4 +1,70 @@
 {
+	"actions.actions": "الإجراءات",
+	"actions.status.unknown": "مجهول",
+	"actions.status.waiting": "ينتظر",
+	"actions.status.running": "يعمل",
+	"actions.status.success": "نجح",
+	"actions.status.failure": "فشل",
+	"actions.status.cancelled": "ملغي",
+	"actions.status.skipped": "متخطى",
+	"actions.runners": "المشغلون",
+	"actions.runners.runner_manage_panel": "إدارة المشغلين",
+	"actions.runners.new": "أنشئ مشغلا جديدا",
+	"actions.runners.new_notice": "كيف تبدأ مشغلا (بالإنجليزية)",
+	"actions.runners.status": "الحالة",
+	"actions.runners.status.unspecified": "مجهول",
+	"actions.runners.status.idle": "خامل",
+	"actions.runners.status.active": "نشيط",
+	"actions.runners.status.offline": "غير متصل",
+	"actions.runners.id": "المعرّف",
+	"actions.runners.name": "الاسم",
+	"actions.runners.owner_type": "النوع",
+	"actions.runners.description": "الوصف",
+	"actions.runners.labels": "التصنيفات",
+	"actions.runners.last_online": "آخر مرة كان متصلا",
+	"actions.runners.runner_title": "مشغّل",
+	"actions.runners.task_list": "المهام الأخيرة على هذا المشغّل",
+	"actions.runners.task_list.no_tasks": "لا توجد مهام بعد.",
+	"actions.runners.task_list.run": "شغّل",
+	"actions.runners.task_list.status": "الحالة",
+	"actions.runners.task_list.repository": "المستودع",
+	"actions.runners.task_list.commit": "الإيداع",
+	"actions.runners.task_list.done_at": "تم عند",
+	"actions.runners.edit_runner": "عدّل المشغّل",
+	"actions.runners.update_runner.button": "حدّث التغييرات",
+	"actions.runners.update_runner.success": "نجح تحديث المشغّل",
+	"actions.runners.update_runner.failed": "تعذر تحديث المشغّل",
+	"actions.runners.delete_runner.button": "احذف هذا المشغّل",
+	"actions.runners.delete_runner.success": "نجح حذف المشغّل",
+	"actions.runners.delete_runner.failed": "تعذر حذف المشغّل",
+	"actions.runners.delete_runner.header": "تأكيد حذف هذا المشغّل",
+	"actions.runners.none": "لا مشغّل متاح",
+	"actions.runners.version": "النسخة",
+	"actions.runs.commit": "إيداع",
+	"actions.runs.scheduled": "مُجدوَل",
+	"actions.runs.pushed_by": "دفعه",
+	"actions.runs.no_matching_online_runner.helper": "لا يوجد",
+	"actions.runs.status": "الحالة",
+	"actions.runs.status_no_select": "كل الحالات",
+	"gpg.default_key": "موقّع بالمفتاح المبدئي",
+	"gpg.error.extract_sign": "تعذّر استخراج التوقيع",
+	"gpg.error.generate_hash": "تعذّر إنشاء بصمة الإيداع",
+	"gpg.error.no_committer_account": "لا حساب مرتبط ببريد المودِع",
+	"gpg.error.not_signed_commit": "ليس إيداعًا موقّعًا",
+	"gpg.error.failed_retrieval_gpg_keys": "تعذّر جلب مفتاح مرتبط بحساب المودِع",
+	"notification.notifications": "الإشعارات",
+	"notification.unread": "إلغِ القراءة",
+	"notification.read": "اقرأ",
+	"notification.no_unread": "لا يوجد تنبيهات غير مقروءه.",
+	"notification.no_read": "لا يوجد تنبيهات مقروءه.",
+	"notification.pin": "ثبت التنبية",
+	"notification.mark_as_read": "علّم كمقروء",
+	"notification.mark_as_unread": "علّم كغير مقروء",
+	"notification.mark_all_as_read": "علّم الكل كمقروء",
+	"dropzone.default_message": "اسحب الملفات أو اضغط هنا لرفعها.",
+	"dropzone.invalid_input_type": "لا يمكنك رفع ملفات من هذا النوع.",
+	"dropzone.file_too_big": "حجم الملف ({{filesize}} مب) يتعدى الحد الأقصى ({{maxFilesize}} مب).",
+	"dropzone.remove_file": "أزل الملف",
 	"packages.title": "حزم",
 	"packages.empty": "لا يوجد حزم بعد.",
 	"packages.filter.type": "النوع",
diff --git a/options/locale_next/locale_bg.json b/options/locale_next/locale_bg.json
index 365ec2c23d..e97ff261ba 100644
--- a/options/locale_next/locale_bg.json
+++ b/options/locale_next/locale_bg.json
@@ -1,4 +1,49 @@
 {
+	"actions.actions": "Действия",
+	"actions.status.unknown": "Неизвестно",
+	"actions.status.waiting": "Изчаква се",
+	"actions.status.running": "Изпълнява се",
+	"actions.status.success": "Успешно",
+	"actions.status.failure": "Неуспешно",
+	"actions.status.cancelled": "Отменено",
+	"actions.status.skipped": "Пропуснато",
+	"actions.runners.owner_type": "Тип",
+	"actions.runners.description": "Описание",
+	"actions.runners.labels": "Етикети",
+	"actions.runners.task_list.repository": "Хранилище",
+	"actions.runners.version": "Версия",
+	"gpg.default_key": "Подписано с ключ по подразбиране",
+	"gpg.error.extract_sign": "Неуспешно извличане на подпис",
+	"gpg.error.generate_hash": "Неуспешно генериране на хеш на подаването",
+	"gpg.error.no_committer_account": "Няма акаунт, свързан с адреса за ел. поща на подаващия",
+	"gpg.error.no_gpg_keys_found": "Не е намерен известен ключ за този подпис в базата данни",
+	"gpg.error.not_signed_commit": "Не е подписано подаване",
+	"gpg.error.failed_retrieval_gpg_keys": "Неуспешно извличане на ключ, свързан с акаунта на подаващия",
+	"gpg.error.probable_bad_signature": "ВНИМАНИЕ! Въпреки че има ключ с това ID в базата данни, той не потвърждава това подаване! Това подаване е ПОДОЗРИТЕЛНО.",
+	"gpg.error.probable_bad_default_signature": "ВНИМАНИЕ! Въпреки че ключът по подразбиране има това ID, той не потвърждава това подаване! Това подаване е ПОДОЗРИТЕЛНО.",
+	"notification.notifications": "Известия",
+	"notification.unread": "Непрочетени",
+	"notification.read": "Прочетени",
+	"notification.no_unread": "Няма непрочетени известия.",
+	"notification.no_read": "Няма прочетени известия.",
+	"notification.pin": "Закачване на известието",
+	"notification.mark_as_read": "Отбелязване като прочетено",
+	"notification.mark_as_unread": "Отбелязване като непрочетено",
+	"notification.mark_all_as_read": "Отбелязване на всички като прочетени",
+	"notification.subscriptions": "Абонаменти",
+	"notification.watching": "Наблюдавани",
+	"notification.no_subscriptions": "Няма абонаменти",
+	"dropzone.default_message": "Пуснете файлове тук или щракнете, за качване.",
+	"dropzone.invalid_input_type": "Не можете да качвате файлове от този тип.",
+	"dropzone.file_too_big": "Размерът на файла ({{filesize}} MB) надвишава максималния размер от ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Премахване на файла",
+	"munits.data.b": "Б",
+	"munits.data.kib": "КиБ",
+	"munits.data.mib": "МиБ",
+	"munits.data.gib": "ГиБ",
+	"munits.data.tib": "ТиБ",
+	"munits.data.pib": "ПиБ",
+	"munits.data.eib": "ЕиБ",
 	"packages.title": "Пакети",
 	"packages.empty": "Все още няма пакети.",
 	"packages.empty.documentation": "За повече информация относно регистъра на пакетите вижте <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документацията</a>.",
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index 0725a69519..7383314347 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -172,7 +172,15 @@
 	"migrate.pagure.token.placeholder": "Només per crear un arxiu d'incidències privades",
 	"actions.runs.viewing_out_of_date_run": "Esteu veient una execució desactualitzada d'aquesta tasca que va ser executada %[1]s.",
 	"actions.runs.view_most_recent_run": "Veure l'execució més recent",
+	"actions.runs.commit": "Commit",
 	"actions.workflow.pre_execution_error": "No s'ha executat el flux de treball degut a un error que ha bloquejat l'intent d'execució.",
+	"actions.runners.name": "Nom",
+	"actions.runners.owner_type": "Tipus",
+	"actions.runners.description": "Descripció",
+	"actions.runners.labels": "Etiquetes",
+	"actions.runners.task_list.repository": "Repositori",
+	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.version": "Versió",
 	"relativetime.future": "en el futur",
 	"migrate.pagure.private_issues.warning": "Assegureu-vos de configurar la visibilitat del repositori com a privada si esteu usant la clau API per importar incidències privades. Això evitarà exposar accidentalment el contingut privat en un repositori públic.",
 	"actions.runs.run_attempt_label": "Intent d'execució #%[1]s (%[2]s)",
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 8083da30a5..029cbe55ab 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Podepsáno výchozím klíčem",
+	"gpg.error.extract_sign": "Selhalo získání podpisu",
+	"gpg.error.generate_hash": "Selhalo vygenerování hashe revize",
+	"gpg.error.no_committer_account": "Žádný účet není propojen s e-mailovou adresou přispěvatele",
+	"gpg.error.no_gpg_keys_found": "V databázi nebyl nalezen žádný známý klíč pro tento podpis",
+	"gpg.error.not_signed_commit": "Nepodepsaná revize",
+	"gpg.error.failed_retrieval_gpg_keys": "Nepodařilo se získat žádný klíč propojený s účtem přispěvatele",
+	"gpg.error.probable_bad_signature": "VAROVÁNÍ! Přestože v databázi existuje klíč s tímto ID, tato revize jím není ověřena! Tato revize je PODEZŘELÁ.",
+	"gpg.error.probable_bad_default_signature": "VAROVÁNÍ! Přestože má výchozí klíč toto ID, tato revize jím není ověřena! Tato revize je PODEZŘELÁ.",
+	"notification.notifications": "Oznámení",
+	"notification.unread": "Nepřečtené",
+	"notification.read": "Přečtené",
+	"notification.no_unread": "Žádná nepřečtená oznámení.",
+	"notification.no_read": "Žádná přečtená oznámení.",
+	"notification.pin": "Připnout upozornění",
+	"notification.mark_as_read": "Označit jako přečtené",
+	"notification.mark_as_unread": "Označit jako nepřečtené",
+	"notification.mark_all_as_read": "Označit vše jako přečtené",
+	"notification.subscriptions": "Odběry",
+	"notification.watching": "Sledované",
+	"notification.no_subscriptions": "Žádné odběry",
+	"dropzone.default_message": "Přetáhněte soubory nebo klikněte sem pro nahrání.",
+	"dropzone.invalid_input_type": "Nemůžete nahrávat soubory tohoto typu.",
+	"dropzone.file_too_big": "Velikost souboru ({{filesize}} MB) je vyšší než maximální velikost ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Smazat soubor",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Balíčky",
 	"packages.empty": "Zatím zde nejsou žádné balíčky.",
 	"packages.empty.documentation": "Další informace o registru balíčků naleznete v <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentaci</a>.",
@@ -338,6 +370,58 @@
 	"actions.runs.viewing_out_of_date_run": "Prohlížíte si zastaralý běh této úlohy, který byl spuštěn %[1]s.",
 	"actions.runs.run_attempt_label": "Pokus o běh #%[1]s (%[2]s)",
 	"actions.runs.view_most_recent_run": "Zobrazit nejnovější běh",
+	"actions.runs.all_workflows": "Všechny workflowy",
+	"actions.runs.commit": "Revize",
+	"actions.runs.scheduled": "Naplánováno",
+	"actions.runs.pushed_by": "pushnuta uživatelem",
+	"actions.runs.workflow": "Workflow",
+	"actions.runs.invalid_workflow_helper": "Konfigurační soubor pracovního postupu je neplatný. Zkontrolujte prosím konfigurační soubor: %s",
+	"actions.runs.no_matching_online_runner.helper": "Žádný odpovídající online runner s popiskem: %s",
+	"actions.runs.no_job_without_needs": "Workflow musí obsahovat alespoň jednu práci bez závislostí.",
+	"actions.runs.no_job": "Workflow musí obsahovat alespoň jednu úlohu",
+	"actions.runs.actor": "Aktér",
+	"actions.runs.status": "Status",
+	"actions.runs.actors_no_select": "Všichni aktéři",
+	"actions.runs.status_no_select": "Všechny stavy",
+	"actions.runs.no_results": "Nebyly nalezeny žádné výsledky.",
+	"actions.runs.no_workflows": "Zatím nebyly vytvořeny žádné pracovní postupy.",
+	"actions.actions": "Akce",
+	"actions.runners": "Runnery",
+	"actions.runners.runner_manage_panel": "Správa runnerů",
+	"actions.runners.new": "Vytvořit nový runner",
+	"actions.runners.new_notice": "Jak spustit runner",
+	"actions.runners.status": "Status",
+	"actions.runners.status.unspecified": "Neznámý",
+	"actions.runners.status.idle": "Nečinný",
+	"actions.runners.status.active": "Aktivní",
+	"actions.runners.status.offline": "Offline",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Název",
+	"actions.runners.owner_type": "Typ",
+	"actions.runners.description": "Popis",
+	"actions.runners.labels": "Štítky",
+	"actions.runners.last_online": "Naposledy online",
+	"actions.runners.runner_title": "Runner",
+	"actions.runners.task_list": "Nedávné úlohy na tomto runneru",
+	"actions.runners.task_list.no_tasks": "Zatím zde nejsou žádné úlohy.",
+	"actions.runners.task_list.run": "Spustit",
+	"actions.runners.task_list.status": "Status",
+	"actions.runners.task_list.repository": "Repozitář",
+	"actions.runners.task_list.commit": "Revize",
+	"actions.runners.task_list.done_at": "Dokončeno v",
+	"actions.runners.edit_runner": "Upravit Runner",
+	"actions.runners.update_runner.button": "Aktualizovat změny",
+	"actions.runners.update_runner.success": "Runner byl úspěšně aktualizován",
+	"actions.runners.update_runner.failed": "Aktualizace runneru se nezdařila",
+	"actions.runners.delete_runner.button": "Odstranit tento runner",
+	"actions.runners.delete_runner.success": "Runner byl úspěšně odstraněn",
+	"actions.runners.delete_runner.failed": "Odstranění runneru selhalo",
+	"actions.runners.delete_runner.header": "Potvrdit odstranění tohoto runneru",
+	"actions.runners.delete_runner.notice": "Pokud na tomto runneru běží úloha, bude ukončena a označena jako neúspěšná. Může dojít k přerušení vytváření workflow.",
+	"actions.runners.none": "Nejsou dostupné žádné runnery",
+	"actions.runners.version": "Verze",
+	"actions.runners.reset_registration_token.button": "Resetovat registrační token",
+	"actions.runners.reset_registration_token.success": "Registrační token runneru byl úspěšně obnoven",
 	"pulse.n_active_issues": {
 		"one": "%s aktivní problém",
 		"few": "%s aktivní problémy",
@@ -384,6 +468,14 @@
 		"few": "Čekání na runner s následujícími štítky: %s",
 		"other": "Čekání na runner s následujícími štítky: %s"
 	},
+	"actions.status.unknown": "Neznámý",
+	"actions.status.waiting": "Čekání",
+	"actions.status.running": "Probíhá",
+	"actions.status.success": "Úspěch",
+	"actions.status.failure": "Chyba",
+	"actions.status.cancelled": "Zrušeno",
+	"actions.status.skipped": "Přeskočeno",
+	"actions.status.blocked": "Blokováno",
 	"keys.verify.token.hint": "Token je platný pouze 1 minutu. <a href=\"%[1]s\">Pokud vypršel, požádejte si o nový</a>.",
 	"admin.dashboard.transfer_lingering_logs": "Převést protokoly dokončených úloh akcí z databáze do úložiště",
 	"repo.issues.filter_poster.hint": "Filtrovat podle autora",
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index eac39ebc00..0bbff127e2 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -1,4 +1,96 @@
 {
+	"actions.actions": "Handlinger",
+	"actions.status.unknown": "Ukendt",
+	"actions.status.waiting": "Venter",
+	"actions.status.running": "Kører",
+	"actions.status.success": "Succes",
+	"actions.status.failure": "Fiasko",
+	"actions.status.cancelled": "Annulleret",
+	"actions.status.skipped": "Oversprunget",
+	"actions.status.blocked": "Blokeret",
+	"actions.runners": "Runners",
+	"actions.runners.runner_manage_panel": "Administrer runners",
+	"actions.runners.new": "Opret ny runner",
+	"actions.runners.new_notice": "Hvordan man starter en runner",
+	"actions.runners.status": "Status",
+	"actions.runners.status.unspecified": "Ukendt",
+	"actions.runners.status.idle": "Tomgang",
+	"actions.runners.status.active": "Aktiv",
+	"actions.runners.status.offline": "Offline",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Navn",
+	"actions.runners.owner_type": "Type",
+	"actions.runners.description": "Beskrivelse",
+	"actions.runners.labels": "Etiketter",
+	"actions.runners.last_online": "Sidste online tid",
+	"actions.runners.runner_title": "Runner",
+	"actions.runners.task_list": "Seneste opgaver på denne løber",
+	"actions.runners.task_list.no_tasks": "Der er ingen opgave endnu.",
+	"actions.runners.task_list.run": "Kør",
+	"actions.runners.task_list.status": "Status",
+	"actions.runners.task_list.repository": "Depot",
+	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.task_list.done_at": "Udført kl",
+	"actions.runners.edit_runner": "Rediger Runner",
+	"actions.runners.update_runner.button": "Opdater ændringer",
+	"actions.runners.update_runner.success": "Runner blev opdateret",
+	"actions.runners.update_runner.failed": "Løberen kunne ikke opdateres",
+	"actions.runners.delete_runner.button": "Slet denne runner",
+	"actions.runners.delete_runner.success": "Runner blev slettet",
+	"actions.runners.delete_runner.failed": "Runner kunne ikke slettes",
+	"actions.runners.delete_runner.header": "Bekræft for at slette denne runner",
+	"actions.runners.delete_runner.notice": "Hvis en opgave kører på denne runner, vil den blive afsluttet og markeret som mislykket. Det kan bryde bygningens arbejdsgang.",
+	"actions.runners.none": "Ingen runners tilgængelige",
+	"actions.runners.version": "Version",
+	"actions.runners.reset_registration_token.button": "Nulstil registreringstoken",
+	"actions.runners.reset_registration_token.success": "Runner registreringstoken blev nulstillet",
+	"actions.runs.all_workflows": "Alle arbejdsgange",
+	"actions.runs.commit": "Commit",
+	"actions.runs.scheduled": "Planlagt",
+	"actions.runs.pushed_by": "pushed af",
+	"actions.runs.workflow": "Arbejdsgang",
+	"actions.runs.invalid_workflow_helper": "Workflow-konfigurationsfilen er ugyldig. Tjek venligst din konfigurationsfil: %s",
+	"actions.runs.no_matching_online_runner.helper": "Ingen matchende online-runner med etiket: %s",
+	"actions.runs.no_job_without_needs": "Arbejdsgangen skal indeholde mindst ét job uden afhængigheder.",
+	"actions.runs.no_job": "Arbejdsgangen skal indeholde mindst ét job",
+	"actions.runs.actor": "Aktør",
+	"actions.runs.status": "Status",
+	"actions.runs.actors_no_select": "Alle aktører",
+	"actions.runs.status_no_select": "Alle status",
+	"actions.runs.no_results": "Ingen resultater matchede.",
+	"actions.runs.no_workflows": "Der er endnu ingen arbejdsgange.",
+	"gpg.default_key": "Underskrevet med standardnøglen",
+	"gpg.error.extract_sign": "Kunne ikke udtrække signatur",
+	"gpg.error.generate_hash": "Kunne ikke generere hash af commit",
+	"gpg.error.no_committer_account": "Ingen konto knyttet til committers e-mailadresse",
+	"gpg.error.no_gpg_keys_found": "Ingen kendt nøgle fundet for denne signatur i databasen",
+	"gpg.error.not_signed_commit": "Ikke en underskrevet commit",
+	"gpg.error.failed_retrieval_gpg_keys": "Kunne ikke hente nogen nøgle knyttet til committerens konto",
+	"gpg.error.probable_bad_signature": "ADVARSEL! Selvom der er en nøgle med dette ID i databasen, bekræfter den ikke denne commit! Denne commit er MISTÆNLIG.",
+	"gpg.error.probable_bad_default_signature": "ADVARSEL! Selvom standardnøglen har dette ID, bekræfter den ikke denne commit! Denne commit er MISTÆNLIG.",
+	"notification.notifications": "Notifikationer",
+	"notification.unread": "Ulæst",
+	"notification.read": "Læs",
+	"notification.no_unread": "Ingen ulæste notifikationer.",
+	"notification.no_read": "Ingen læste notifikationer.",
+	"notification.pin": "Fastgør notifikation",
+	"notification.mark_as_read": "Markér som læst",
+	"notification.mark_as_unread": "Markér som ulæst",
+	"notification.mark_all_as_read": "Markér alle som læste",
+	"notification.subscriptions": "Abonnementer",
+	"notification.watching": "Overvåger",
+	"notification.no_subscriptions": "Ingen abonnementer",
+	"dropzone.default_message": "Slip filer eller klik her for at uploade.",
+	"dropzone.invalid_input_type": "Filer af denne type må ikke uploades.",
+	"dropzone.file_too_big": "Filstørrelsen ({{filesize}} MB) overstiger den maksimale størrelse på ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Fjern fil",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Pakker",
 	"packages.empty": "Der er ingen pakker endnu.",
 	"packages.empty.documentation": "For mere information om pakkeregistret, se <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentationen</a>.",
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 27a4b1cc1a..48cf6545c2 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Mit Standardschlüssel signiert",
+	"gpg.error.extract_sign": "Die Signatur konnte nicht extrahiert werden",
+	"gpg.error.generate_hash": "Es konnte kein Hash vom Commit generiert werden",
+	"gpg.error.no_committer_account": "Es ist kein Account mit der E-Mail-Adresse des Committers verbunden",
+	"gpg.error.no_gpg_keys_found": "Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden",
+	"gpg.error.not_signed_commit": "Kein signierter Commit",
+	"gpg.error.failed_retrieval_gpg_keys": "Fehler beim Abrufen eines Schlüssels des Committer-Kontos",
+	"gpg.error.probable_bad_signature": "WARNHINWEIS! Obwohl ein Schlüssel mit dieser ID in der Datenbank existiert, verifiziert er nicht diesen Commit! Dieser Commit ist VERDÄCHTIG.",
+	"gpg.error.probable_bad_default_signature": "WARNHINWEIS! Obwohl der Standardschlüssel diese ID hat, verifiziert er nicht diesen Commit! Dieser Commit ist VERDÄCHTIG.",
+	"notification.notifications": "Nachrichten",
+	"notification.unread": "Ungelesen",
+	"notification.read": "Gelesen",
+	"notification.no_unread": "Keine ungelesenen Benachrichtigungen.",
+	"notification.no_read": "Keine gelesenen Benachrichtigungen.",
+	"notification.pin": "Benachrichtigung pinnen",
+	"notification.mark_as_read": "Als gelesen markieren",
+	"notification.mark_as_unread": "Als ungelesen markieren",
+	"notification.mark_all_as_read": "Alle als gelesen markieren",
+	"notification.subscriptions": "Abonnements",
+	"notification.watching": "Beobachtet",
+	"notification.no_subscriptions": "Keine Abonnements",
+	"dropzone.default_message": "Zum Hochladen hier klicken oder Datei ablegen.",
+	"dropzone.invalid_input_type": "Dateien dieses Dateityps können nicht hochgeladen werden.",
+	"dropzone.file_too_big": "Dateigröße ({{filesize}} MB) überschreitet die Maximalgröße ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Datei entfernen",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Pakete",
 	"packages.empty": "Noch keine Pakete vorhanden.",
 	"packages.empty.documentation": "Weitere Informationen zur Paket-Registry findest du in der <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">Dokumentation</a>.",
@@ -326,6 +358,58 @@
 	"actions.runs.view_most_recent_run": "Letzten Run betrachten",
 	"actions.runs.viewing_out_of_date_run": "Sie sehen einen veralteten Run dieses Jobs, der %[1]s ausgeführt wurde.",
 	"actions.runs.run_attempt_label": "Run-Versuch #%[1]s (%[2]s)",
+	"actions.runs.all_workflows": "Alle Workflows",
+	"actions.runs.commit": "Commit",
+	"actions.runs.scheduled": "Geplant",
+	"actions.runs.pushed_by": "gepusht von",
+	"actions.runs.workflow": "Workflow",
+	"actions.runs.invalid_workflow_helper": "Die Workflow-Konfigurationsdatei ist ungültig. Bitte überprüfe deine Konfigurationsdatei: %s",
+	"actions.runs.no_matching_online_runner.helper": "Es existiert kein passender Online-Runner mit dem Label: %s",
+	"actions.runs.no_job_without_needs": "Der Workflow muss mindestens einen Job ohne Abhängigkeiten enthalten.",
+	"actions.runs.no_job": "Der Workflow muss mindestens einen Job enthalten",
+	"actions.runs.actor": "Initiator",
+	"actions.runs.status": "Status",
+	"actions.runs.actors_no_select": "Alle Initiatoren",
+	"actions.runs.status_no_select": "Alle Status",
+	"actions.runs.no_results": "Keine passenden Ergebnisse gefunden.",
+	"actions.runs.no_workflows": "Es existieren noch keine Workflows.",
+	"actions.actions": "Actions",
+	"actions.runners": "Runner",
+	"actions.runners.runner_manage_panel": "Runner verwalten",
+	"actions.runners.new": "Neuen Runner erstellen",
+	"actions.runners.new_notice": "Wie man einen Runner startet",
+	"actions.runners.status": "Status",
+	"actions.runners.status.unspecified": "Unbekannt",
+	"actions.runners.status.idle": "Inaktiv",
+	"actions.runners.status.active": "Aktiv",
+	"actions.runners.status.offline": "Offline",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Name",
+	"actions.runners.owner_type": "Typ",
+	"actions.runners.description": "Beschreibung",
+	"actions.runners.labels": "Labels",
+	"actions.runners.last_online": "Letzte Online-Zeit",
+	"actions.runners.runner_title": "Runner",
+	"actions.runners.task_list": "Letzte Aufgaben dieses Runners",
+	"actions.runners.task_list.no_tasks": "Es gibt noch keine Aufgabe.",
+	"actions.runners.task_list.run": "Ausführen",
+	"actions.runners.task_list.status": "Status",
+	"actions.runners.task_list.repository": "Repository",
+	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.task_list.done_at": "Fertig um",
+	"actions.runners.edit_runner": "Runner bearbeiten",
+	"actions.runners.update_runner.button": "Änderungen anwenden",
+	"actions.runners.update_runner.success": "Runner erfolgreich aktualisiert",
+	"actions.runners.update_runner.failed": "Der Runner konnte nicht aktualisiert werden",
+	"actions.runners.delete_runner.button": "Diesen Runner löschen",
+	"actions.runners.delete_runner.success": "Runner erfolgreich gelöscht",
+	"actions.runners.delete_runner.failed": "Der Runner konnte nicht gelöscht werden",
+	"actions.runners.delete_runner.header": "Bestätigen, um diesen Runner zu löschen",
+	"actions.runners.delete_runner.notice": "Wenn eine Aufgabe auf diesem Runner ausgeführt wird, wird sie beendet und als fehlgeschlagen markiert. Dies könnte Workflows zerstören.",
+	"actions.runners.none": "Keine Runner verfügbar",
+	"actions.runners.version": "Version",
+	"actions.runners.reset_registration_token.button": "Registrierungs-Token zurücksetzen",
+	"actions.runners.reset_registration_token.success": "Runner-Registrierungstoken erfolgreich zurückgesetzt",
 	"migrate.form.error.url_credentials": "Die URL enthält Anmeldedaten; diese sollten in das jeweilige Benutzername- und Passwortfeld eingetragen werden",
 	"repo.pulls.maintainers_can_edit": "Maintainer können diesen Pull-Request bearbeiten.",
 	"repo.pulls.maintainers_cannot_edit": "Maintainer können diesen Pull-Request nicht bearbeiten.",
@@ -369,6 +453,14 @@
 		"one": "Warte auf einen Runner mit dem folgenden Label: %s",
 		"other": "Warte auf einen Runner mit den folgenden Labels: %s"
 	},
+	"actions.status.unknown": "Unbekannt",
+	"actions.status.waiting": "Wartend",
+	"actions.status.running": "Laufend",
+	"actions.status.success": "Erfolg",
+	"actions.status.failure": "Fehler",
+	"actions.status.cancelled": "Abgebrochen",
+	"actions.status.skipped": "Übersprungen",
+	"actions.status.blocked": "Blockiert",
 	"keys.verify.token.hint": "Der Token ist nur für 1 Minute gültig. <a href=\"%[1]s\">Hol dir einen neuen, falls er abgelaufen ist</a>.",
 	"repo.issues.filter_poster.hint": "Nach Autor filtern",
 	"repo.issues.filter_assignee.hint": "Nach zugewiesenem Benutzer filtern",
diff --git a/options/locale_next/locale_el-GR.json b/options/locale_next/locale_el-GR.json
index 806378fb9f..2b3bdb20d4 100644
--- a/options/locale_next/locale_el-GR.json
+++ b/options/locale_next/locale_el-GR.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Υπογραφή με το προεπιλεγμένο κλειδί",
+	"gpg.error.extract_sign": "Αποτυχία εξαγωγής υπογραφής",
+	"gpg.error.generate_hash": "Αποτυχία δημιουργίας hash της υποβολής",
+	"gpg.error.no_committer_account": "Δεν υπάρχει λογαριασμός που συσχετίζεται με τη διεύθυνση email του υποβάλλοντα",
+	"gpg.error.no_gpg_keys_found": "Δεν βρέθηκε γνωστό κλειδί για αυτήν την υπογραφή στη βάση δεδομένων",
+	"gpg.error.not_signed_commit": "Η υποβολή δεν είναι υπογεγραμμένη",
+	"gpg.error.failed_retrieval_gpg_keys": "Αποτυχία ανάκτησης κλειδιού που είναι συνδεδεμένο στο λογαριασμό του υποβάλλοντα",
+	"gpg.error.probable_bad_signature": "ΠΡΟΣΟΧΗ! Αν και υπάρχει ένα κλειδί με αυτό το ID στη βάση δεδομένων δεν επαληθεύει αυτή την υποβολή! Αυτή η υποβολή είναι ΥΠΟΠΤΗ.",
+	"gpg.error.probable_bad_default_signature": "ΠΡΟΣΟΧΗ! Αν και το προεπιλεγμένο κλειδί έχει αυτό το ID, δεν επαληθεύει αυτή την υποβολή! Αυτή η υποβολή είναι ΥΠΟΠΤΗ.",
+	"notification.notifications": "Ειδοποιήσεις",
+	"notification.unread": "Μη αναγνωσμένες",
+	"notification.read": "Αναγνωσμένες",
+	"notification.no_unread": "Καμία μη αναγνωσμένη ειδοποίηση.",
+	"notification.no_read": "Δεν υπάρχουν αναγνωσμένες ειδοποιήσεις.",
+	"notification.pin": "Καρφίτσωμα ειδοποίησης",
+	"notification.mark_as_read": "Σήμανση ως αναγνωσμένη",
+	"notification.mark_as_unread": "Σήμανση ως μη αναγνωσμένη",
+	"notification.mark_all_as_read": "Σήμανση όλων ως αναγνωσμένες",
+	"notification.subscriptions": "Συνδρομές",
+	"notification.watching": "Παρακολούθηση",
+	"notification.no_subscriptions": "Καμία συνδρομή",
+	"dropzone.default_message": "Σύρετε αρχεία ή κάντε κλικ εδώ για να τα ανεβάσετε.",
+	"dropzone.invalid_input_type": "Δεν μπορείτε να ανεβάσετε αρχεία αυτού του τύπου.",
+	"dropzone.file_too_big": "Το μέγεθος αρχείου ({{filesize}} MB) υπερβαίνει το μέγιστο μέγεθος ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Αφαίρεση αρχείου",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Πακέτα",
 	"packages.empty": "Δεν υπάρχουν πακέτα ακόμα.",
 	"packages.empty.documentation": "Για περισσότερες πληροφορίες σχετικά με το μητρώο πακέτων, συμβουλευτείτε <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">τον οδηγό</a>.",
@@ -327,6 +359,66 @@
 	"actions.runs.run_attempt_label": "Προσπάθεια εκτέλεσης #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Εμφανίζεται μια παρωχημένη εκτέλεση αυτής της εργασίας που έτρεξε %[1]s.",
 	"actions.runs.view_most_recent_run": "Εμφάνιση της πιο πρόσφατης εκτέλεσης",
+	"actions.runs.all_workflows": "Όλες οι ροές εργασίας",
+	"actions.runs.commit": "Υποβολή",
+	"actions.runs.scheduled": "Προγραμματισμένα",
+	"actions.runs.pushed_by": "ωθήθηκε από",
+	"actions.runs.workflow": "Ροή εργασίας",
+	"actions.runs.invalid_workflow_helper": "Το αρχείο ροής εργασίας δεν είναι έγκυρο. Ελέγξτε το αρχείο σας: %s",
+	"actions.runs.no_matching_online_runner.helper": "Κανένας δικτυακός δρομέας με ετικέτα: %s",
+	"actions.runs.no_job_without_needs": "Η ροή εργασίας πρέπει να περιέχει τουλάχιστον ένα έργο που δεν εξαρτάται από κάποιο άλλο έργο.",
+	"actions.runs.no_job": "Η ροή εργασιών πρέπει να περιέχει τουλάχιστον μία εργασία (job)",
+	"actions.runs.actor": "Φορέας",
+	"actions.runs.status": "Κατάσταση",
+	"actions.runs.actors_no_select": "Όλοι οι φορείς",
+	"actions.runs.status_no_select": "Όλες οι καταστάσεις",
+	"actions.runs.no_results": "Δεν βρέθηκαν αποτελέσματα.",
+	"actions.runs.no_workflows": "Δεν υπάρχουν ροές εργασίας ακόμα.",
+	"actions.actions": "Actions",
+	"actions.status.unknown": "Απροσδιόριστη",
+	"actions.status.waiting": "Σε αναμονή",
+	"actions.status.running": "Σε εκτέλεση",
+	"actions.status.success": "Επιτυχία",
+	"actions.status.failure": "Αποτυχία",
+	"actions.status.cancelled": "Ακυρώθηκε",
+	"actions.status.skipped": "Παρακάμφθηκε",
+	"actions.status.blocked": "Αποκλείστηκε",
+	"actions.runners": "Εκτελεστές",
+	"actions.runners.runner_manage_panel": "Διαχείριση εκτελεστών",
+	"actions.runners.new": "Δημιουργία νέου εκτελεστή",
+	"actions.runners.new_notice": "Πώς να ξεκινήσετε έναν εκτελεστή",
+	"actions.runners.status": "Κατάσταση",
+	"actions.runners.status.unspecified": "Άγνωστη",
+	"actions.runners.status.idle": "Αδρανής",
+	"actions.runners.status.active": "Ενεργό",
+	"actions.runners.status.offline": "Χωρίς Σύνδεση",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Όνομα",
+	"actions.runners.owner_type": "Τύπος",
+	"actions.runners.description": "Περιγραφή",
+	"actions.runners.labels": "Ετικέτες",
+	"actions.runners.last_online": "Τελευταία ώρα σύνδεσης",
+	"actions.runners.runner_title": "Εκτελεστής",
+	"actions.runners.task_list": "Πρόσφατες εργασίες στον εκτελεστή",
+	"actions.runners.task_list.no_tasks": "Δεν υπάρχει καμία εργασία ακόμα.",
+	"actions.runners.task_list.run": "Εκτέλεση",
+	"actions.runners.task_list.status": "Κατάσταση",
+	"actions.runners.task_list.repository": "Αποθετήριο",
+	"actions.runners.task_list.commit": "Υποβολή",
+	"actions.runners.task_list.done_at": "Έτοιμο στις",
+	"actions.runners.edit_runner": "Επεξεργασία Εκτελεστή",
+	"actions.runners.update_runner.button": "Ενημέρωση αλλαγών",
+	"actions.runners.update_runner.success": "Ο εκτελεστής ενημερώθηκε επιτυχώς",
+	"actions.runners.update_runner.failed": "Αποτυχία ενημέρωσης εκτελεστή",
+	"actions.runners.delete_runner.button": "Διαγραφή του εκτελεστή",
+	"actions.runners.delete_runner.success": "Ο εκτελεστής διαγράφηκε επιτυχώς",
+	"actions.runners.delete_runner.failed": "Αποτυχία διαγραφής εκτελεστή",
+	"actions.runners.delete_runner.header": "Επιβεβαιώστε για τη διαγραφή του εκτελεστή",
+	"actions.runners.delete_runner.notice": "Αν μια εργασία εκτελείται σε αυτόν τον εκτελεστή, θα τερματιστεί και θα επισημανθεί ως αποτυχημένη. Μπορεί να χαλάσει τη ροή εργασίας του χτισίματος.",
+	"actions.runners.none": "Δεν υπάρχουν διαθέσιμοι εκτελεστές",
+	"actions.runners.version": "Έκδοση",
+	"actions.runners.reset_registration_token.button": "Επαναφορά διακριτικού εγγραφής",
+	"actions.runners.reset_registration_token.success": "Επιτυχής επανέκδοση διακριτικού εγγραφής του εκτελεστή",
 	"pulse.n_active_issues": {
 		"one": "%s ενεργό ζήτημα",
 		"other": "%s ενεργά ζητήματα"
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index c25e6beff4..624492d532 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -207,10 +207,38 @@
 		"one": "%s download",
 		"other": "%s downloads"
 	},
-	"actions.status.diagnostics.waiting": {
-		"one": "Waiting for a runner with the following label: %s",
-		"other": "Waiting for a runner with the following labels: %s"
-	},
+	"gpg.default_key": "Signed with default key",
+	"gpg.error.extract_sign": "Failed to extract signature",
+	"gpg.error.generate_hash": "Failed to generate hash of commit",
+	"gpg.error.no_committer_account": "No account linked to committer's email address",
+	"gpg.error.no_gpg_keys_found": "No known key found for this signature in database",
+	"gpg.error.not_signed_commit": "Not a signed commit",
+	"gpg.error.failed_retrieval_gpg_keys": "Failed to retrieve any key attached to the committer's account",
+	"gpg.error.probable_bad_signature": "WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.",
+	"gpg.error.probable_bad_default_signature": "WARNING! Although the default key has this ID it does not verify this commit! This commit is SUSPICIOUS.",
+	"notification.notifications": "Notifications",
+	"notification.unread": "Unread",
+	"notification.read": "Read",
+	"notification.no_unread": "No unread notifications.",
+	"notification.no_read": "No read notifications.",
+	"notification.pin": "Pin notification",
+	"notification.mark_as_read": "Mark as read",
+	"notification.mark_as_unread": "Mark as unread",
+	"notification.mark_all_as_read": "Mark all as read",
+	"notification.subscriptions": "Subscriptions",
+	"notification.watching": "Watching",
+	"notification.no_subscriptions": "No subscriptions",
+	"dropzone.default_message": "Drop files or click here to upload.",
+	"dropzone.invalid_input_type": "You cannot upload files of this type.",
+	"dropzone.file_too_big": "File size ({{filesize}} MB) exceeds the maximum size of ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Remove file",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Packages",
 	"packages.empty": "There are no packages yet.",
 	"packages.empty.documentation": "For more information on the package registry, see <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">the documentation</a>.",
@@ -383,9 +411,73 @@
 	"packages.owner.settings.chef.title": "Chef registry",
 	"packages.owner.settings.chef.keypair": "Generate key pair",
 	"packages.owner.settings.chef.keypair.description": "Requests sent to the Chef registry must be cryptographically signed as a means of authentication. When generating a keypair, only the public key is stored on Forgejo. The private key is provided to you to be used with knife. Generating a new keypair will overwrite the previous one.",
+	"actions.status.diagnostics.waiting": {
+		"one": "Waiting for a runner with the following label: %s",
+		"other": "Waiting for a runner with the following labels: %s"
+	},
+	"actions.status.unknown": "Unknown",
+	"actions.status.waiting": "Waiting",
+	"actions.status.running": "Running",
+	"actions.status.success": "Success",
+	"actions.status.failure": "Failure",
+	"actions.status.cancelled": "Canceled",
+	"actions.status.skipped": "Skipped",
+	"actions.status.blocked": "Blocked",
+	"actions.actions": "Actions",
+	"actions.runners": "Runners",
+	"actions.runners.runner_manage_panel": "Manage runners",
+	"actions.runners.new": "Create new runner",
+	"actions.runners.new_notice": "How to start a runner",
+	"actions.runners.status": "Status",
+	"actions.runners.status.unspecified": "Unknown",
+	"actions.runners.status.idle": "Idle",
+	"actions.runners.status.active": "Active",
+	"actions.runners.status.offline": "Offline",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Name",
+	"actions.runners.owner_type": "Type",
+	"actions.runners.description": "Description",
+	"actions.runners.labels": "Labels",
+	"actions.runners.last_online": "Last online time",
+	"actions.runners.runner_title": "Runner",
+	"actions.runners.task_list": "Recent tasks on this runner",
+	"actions.runners.task_list.no_tasks": "There is no task yet.",
+	"actions.runners.task_list.run": "Run",
+	"actions.runners.task_list.status": "Status",
+	"actions.runners.task_list.repository": "Repository",
+	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.task_list.done_at": "Done at",
+	"actions.runners.edit_runner": "Edit Runner",
+	"actions.runners.update_runner.button": "Update changes",
+	"actions.runners.update_runner.success": "Runner updated successfully",
+	"actions.runners.update_runner.failed": "Failed to update runner",
+	"actions.runners.delete_runner.button": "Delete this runner",
+	"actions.runners.delete_runner.success": "Runner deleted successfully",
+	"actions.runners.delete_runner.failed": "Failed to delete runner",
+	"actions.runners.delete_runner.header": "Confirm to delete this runner",
+	"actions.runners.delete_runner.notice": "If a task is running on this runner, it will be terminated and marked as failed. It may break building workflow.",
+	"actions.runners.none": "No runners available",
+	"actions.runners.version": "Version",
+	"actions.runners.reset_registration_token.button": "Reset registration token",
+	"actions.runners.reset_registration_token.success": "Runner registration token reset successfully",
 	"actions.runs.run_attempt_label": "Run attempt #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "You are viewing an out-of-date run of this job that was executed %[1]s.",
 	"actions.runs.view_most_recent_run": "View most recent run",
+	"actions.runs.all_workflows": "All workflows",
+	"actions.runs.commit": "Commit",
+	"actions.runs.scheduled": "Scheduled",
+	"actions.runs.pushed_by": "pushed by",
+	"actions.runs.workflow": "Workflow",
+	"actions.runs.invalid_workflow_helper": "Workflow config file is invalid. Please check your config file: %s",
+	"actions.runs.no_matching_online_runner.helper": "No matching online runner with label: %s",
+	"actions.runs.no_job_without_needs": "The workflow must contain at least one job without dependencies.",
+	"actions.runs.no_job": "The workflow must contain at least one job",
+	"actions.runs.actor": "Actor",
+	"actions.runs.status": "Status",
+	"actions.runs.actors_no_select": "All actors",
+	"actions.runs.status_no_select": "All status",
+	"actions.runs.no_results": "No results matched.",
+	"actions.runs.no_workflows": "There are no workflows yet.",
 	"actions.workflow.job_parsing_error": "Unable to parse jobs in workflow: %v",
 	"actions.workflow.event_detection_error": "Unable to parse supported events in workflow: %v",
 	"actions.workflow.persistent_incomplete_matrix": "Unable to evaluate `strategy.matrix` of job %[1]s due to a `needs` expression that was invalid. It may reference a job that is not in it's 'needs' list (%[2]s), or an output that doesn't exist on one of those jobs.",
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index ef9ea8e9d2..686478e9d5 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -1,4 +1,93 @@
 {
+	"actions.actions": "Acciones",
+	"actions.status.unknown": "Desconocido",
+	"actions.status.waiting": "Esperando",
+	"actions.status.running": "Corriendo",
+	"actions.status.success": "Éxito",
+	"actions.status.failure": "Fallo",
+	"actions.status.cancelled": "Cancelado",
+	"actions.status.skipped": "Saltado",
+	"actions.status.blocked": "Bloqueado",
+	"actions.runners": "Nodos",
+	"actions.runners.runner_manage_panel": "Gestión de nodos",
+	"actions.runners.new": "Crear nuevo nodo",
+	"actions.runners.new_notice": "Cómo iniciar un nodo",
+	"actions.runners.status": "Estado",
+	"actions.runners.status.unspecified": "Desconocido",
+	"actions.runners.status.idle": "Inactivo",
+	"actions.runners.status.active": "Activo",
+	"actions.runners.status.offline": "Desconectado",
+	"actions.runners.id": "Id.",
+	"actions.runners.name": "Nombre",
+	"actions.runners.owner_type": "Tipo",
+	"actions.runners.description": "Descripción",
+	"actions.runners.labels": "Etiquetas",
+	"actions.runners.last_online": "Última hora en línea",
+	"actions.runners.runner_title": "Nodo",
+	"actions.runners.task_list": "Tareas recientes en este nodo",
+	"actions.runners.task_list.no_tasks": "Todavía no hay tarea.",
+	"actions.runners.task_list.run": "Ejecutar",
+	"actions.runners.task_list.status": "Estado",
+	"actions.runners.task_list.repository": "Repositorio",
+	"actions.runners.task_list.commit": "Confirmación",
+	"actions.runners.task_list.done_at": "Hecho en",
+	"actions.runners.edit_runner": "Editar nodo",
+	"actions.runners.update_runner.button": "Actualizar cambios",
+	"actions.runners.update_runner.success": "Nodo actualizado correctamente",
+	"actions.runners.update_runner.failed": "Fallo al actualizar el nodo",
+	"actions.runners.delete_runner.button": "Eliminar este nodo",
+	"actions.runners.delete_runner.success": "Nodo eliminado con éxito",
+	"actions.runners.delete_runner.failed": "Fallo al eliminar el nodo",
+	"actions.runners.delete_runner.header": "Confirma para eliminar el nodo",
+	"actions.runners.delete_runner.notice": "Si una tarea se está ejecutando en este nodo, se terminará y marcará como fallida. Puede romper el flujo de trabajo en curso.",
+	"actions.runners.none": "No hay nodos disponibles",
+	"actions.runners.version": "Versión",
+	"actions.runners.reset_registration_token.button": "Restablecer token de registro",
+	"actions.runners.reset_registration_token.success": "Se ha restablecido correctamente el token de registro del nodo",
+	"actions.runs.all_workflows": "Todos los flujos de trabajo",
+	"actions.runs.commit": "Commit",
+	"actions.runs.scheduled": "Programado",
+	"actions.runs.pushed_by": "push enviado por",
+	"actions.runs.workflow": "Flujo de trabajo",
+	"actions.runs.invalid_workflow_helper": "El archivo de configuración del trabajo no es válido. Revisa tu archivo de configuración: %s",
+	"actions.runs.actor": "Actor",
+	"actions.runs.status": "Estado",
+	"actions.runs.actors_no_select": "Todos los actores",
+	"actions.runs.status_no_select": "Todo el estado",
+	"actions.runs.no_results": "No hay resultados coincidentes.",
+	"actions.runs.no_workflows": "Aún no hay flujos de trabajo.",
+	"gpg.default_key": "Firmado con clave predeterminada",
+	"gpg.error.extract_sign": "Error al extraer la firma",
+	"gpg.error.generate_hash": "Error al generar hash of commit",
+	"gpg.error.no_committer_account": "Ninguna cuenta vinculada a la dirección de correo electrónico del committer",
+	"gpg.error.no_gpg_keys_found": "No se encontró ninguna clave conocida en la base de datos para esta firma",
+	"gpg.error.not_signed_commit": "No es un commit firmado",
+	"gpg.error.failed_retrieval_gpg_keys": "No se pudo recuperar cualquier clave adjunta a la cuenta del committer",
+	"gpg.error.probable_bad_signature": "¡ADVERTENCIA! ¡Hay una clave con este ID en la base de datos, pero esa clave no verifica este commit! Este commit es SOSPECHOSO.",
+	"gpg.error.probable_bad_default_signature": "¡ADVERTENCIA! ¡La clave por defecto tiene este ID pero esa clave no verifica este commit! Este commit es SOSPECHOSO.",
+	"notification.notifications": "Notificaciones",
+	"notification.unread": "Sin leer",
+	"notification.read": "Leídas",
+	"notification.no_unread": "No tiene notificaciones sin leer.",
+	"notification.no_read": "No hay notificaciones.",
+	"notification.pin": "Fijar notificación",
+	"notification.mark_as_read": "Marcar como leído",
+	"notification.mark_as_unread": "Marcar como no leído",
+	"notification.mark_all_as_read": "Marcar todo como leído",
+	"notification.subscriptions": "Suscripciones",
+	"notification.watching": "Siguiendo",
+	"notification.no_subscriptions": "Sin suscripciones",
+	"dropzone.default_message": "Suelte archivos o haga clic aquí para subir.",
+	"dropzone.invalid_input_type": "No puede subir archivos de este tipo.",
+	"dropzone.file_too_big": "El tamaño del archivo ({{filesize}} MB) excede el tamaño máximo de ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Eliminar archivo",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Paquetes",
 	"packages.empty": "Todavía no hay paquetes.",
 	"packages.empty.documentation": "Para más información sobre el registro de paquetes, consulte <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentación</a>.",
diff --git a/options/locale_next/locale_fa-IR.json b/options/locale_next/locale_fa-IR.json
index b11c0843ab..6f1e2c8794 100644
--- a/options/locale_next/locale_fa-IR.json
+++ b/options/locale_next/locale_fa-IR.json
@@ -1,4 +1,34 @@
 {
+	"actions.runners.name": "نام",
+	"actions.runners.owner_type": "نوع",
+	"actions.runners.description": "شرح",
+	"actions.runners.task_list.run": "اجرا",
+	"actions.runners.task_list.repository": "مخزن",
+	"actions.runners.task_list.commit": "کامیت",
+	"actions.runners.status.active": "فعال",
+	"actions.runs.commit": "کامیت",
+	"gpg.default_key": "ثبت شده با کلید پیش فرض",
+	"gpg.error.extract_sign": "خطا در استخراج امضا",
+	"gpg.error.generate_hash": "خطا در ساختن هش کامیت",
+	"gpg.error.no_committer_account": "هیچ ایمیلی به حساب کاربری صاحب کامیت پیونده داده نشده است",
+	"gpg.error.no_gpg_keys_found": "هیچ کلید شناخته شده ای برای این امضا در پایگاه داده ها یافت نشد",
+	"gpg.error.not_signed_commit": "هیچ کامیتی تکلیف نشده است",
+	"gpg.error.failed_retrieval_gpg_keys": "بازیابی هر کلیدی که به حساب کاربری کامیت دهنده پیوست شده بود ناموفق بود",
+	"gpg.error.probable_bad_signature": "هشدار! اگرچه اینجا یک کلید با ID در پایگاه داده است این کامیت تایید نشده است! این کامیت مشـــکــــوک است.",
+	"gpg.error.probable_bad_default_signature": "هشدار! اگرچه اینجا یک کلید پیش فرض با ID است این اما کامیت تایید نشده است! این کامیت مشـــکــــوک است.",
+	"notification.notifications": "اعلان‌ها",
+	"notification.unread": "خوانده نشده",
+	"notification.read": "خواندن",
+	"notification.no_unread": "اعلان خوانده نشده‌ای موجود نیست.",
+	"notification.no_read": "اعلان خوانده شده‌ای موجود نیست.",
+	"notification.pin": "سنجاق کردن اعلان",
+	"notification.mark_as_read": "علامتگذاری بعنوان خوانده شده",
+	"notification.mark_as_unread": "علامتگذاری بعنوان خوانده نشده",
+	"notification.mark_all_as_read": "علامت همه به عنوان خوانده شده",
+	"dropzone.default_message": "فایل را در این محل رها کنید یا دکمه ی آپلود یا بارگزاری را فشار دهید.",
+	"dropzone.invalid_input_type": "شما قادر به ارسال فایل های از این نوع نیستید.",
+	"dropzone.file_too_big": "حجم فایل ({{filesize}} MB) بیش از حداکثر مجاز است ({{maxFilesize}} مگابایت).",
+	"dropzone.remove_file": "حذف پرونده",
 	"packages.filter.type": "نوع",
 	"packages.alpine.repository.branches": "شاخه‎ها",
 	"packages.alpine.repository.repositories": "مخازن",
diff --git a/options/locale_next/locale_fi-FI.json b/options/locale_next/locale_fi-FI.json
index 3482591965..70d360726d 100644
--- a/options/locale_next/locale_fi-FI.json
+++ b/options/locale_next/locale_fi-FI.json
@@ -1,4 +1,29 @@
 {
+	"gpg.default_key": "Allekirjoitettu oletusavaimella",
+	"gpg.error.extract_sign": "Allekirjoituksen purkaminen epäonnistui",
+	"gpg.error.generate_hash": "Kommitin tiivisteen luominen epäonnistui",
+	"gpg.error.no_committer_account": "Kommitin tekijän sähköpostiosoitteeseen ei ole linkitetty tiliä",
+	"gpg.error.no_gpg_keys_found": "Tälle allekirjoitukselle ei löytynyt tunnettua avainta tietokannasta",
+	"gpg.error.not_signed_commit": "Kommitti ei ole allekirjoitettu",
+	"gpg.error.failed_retrieval_gpg_keys": "Ei saatu yhtäkään kommitin tekijän tiliin liitettyä avainta",
+	"gpg.error.probable_bad_signature": "VAROITUS! Vaikka tietokannassa on avain tällä ID-tunnistella, se ei vahvista tätä kommittia! Tämä kommitti on EPÄILYTTÄVÄ.",
+	"gpg.error.probable_bad_default_signature": "VAROITUS! Vaikka oletusavaimella on tämä ID-tunniste, se ei vahvista tätä kommittia! Tämä kommitti on EPÄILYTTÄVÄ.",
+	"notification.notifications": "Ilmoitukset",
+	"notification.unread": "Lukematon",
+	"notification.read": "Luettu",
+	"notification.no_unread": "Ei lukemattomia ilmoituksia.",
+	"notification.no_read": "Ei luettuja ilmoituksia.",
+	"notification.pin": "Kiinnitä ilmoitus",
+	"notification.mark_as_read": "Merkitse luetuksi",
+	"notification.mark_as_unread": "Merkitse lukemattomaksi",
+	"notification.mark_all_as_read": "Merkitse kaikki luetuiksi",
+	"notification.subscriptions": "Tilaukset",
+	"notification.watching": "Tarkkaillaan",
+	"notification.no_subscriptions": "Ei tilauksia",
+	"dropzone.default_message": "Pudota tiedostot tähän tai napsauta tästä lähettääksesi tiedoston.",
+	"dropzone.invalid_input_type": "Tätä tyyppiä olevia tiedostoja ei voi lähettää.",
+	"dropzone.file_too_big": "Tiedoston koko ({{filesize}} Mt) ylittää enimmäisrajan ({{maxFilesize}} Mt).",
+	"dropzone.remove_file": "Poista tiedosto",
 	"packages.title": "Paketit",
 	"packages.empty": "Täällä ei vielä ole paketteja.",
 	"packages.empty.documentation": "Lisätietoja pakettirekisteristä on saatavilla <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentaatiossa</a>.",
@@ -292,6 +317,66 @@
 	"avatar.constraints_hint": "Mukautettu profiilikuva voi olla kooltaan enintään %[1]s tai enintään %[2]dx%[3]d pikseliä",
 	"repo.commit.load_tags_failed": "Tagien lataaminen epäonnistui sisäisen virheen vuoksi",
 	"actions.runs.run_attempt_label": "Suoritusyritys #%[1]s (%[2]s)",
+	"actions.runs.all_workflows": "Kaikki työnkulut",
+	"actions.runs.commit": "Kommitti",
+	"actions.runs.scheduled": "Ajastettu",
+	"actions.runs.pushed_by": "työntänyt",
+	"actions.runs.workflow": "Työnkulku",
+	"actions.runs.invalid_workflow_helper": "Työnkulun asetustiedosto on virheellinen. Tarkista asetustiedosto: %s",
+	"actions.runs.no_matching_online_runner.helper": "Testiajajaa nimilapulla %s ei löytynyt",
+	"actions.runs.no_job_without_needs": "Työnkulun tulee sisältää vähintään yksi työ ilman riippuvuuksia.",
+	"actions.runs.no_job": "Työnkulun tulee sisältää vähintään yksi työ",
+	"actions.runs.actor": "Toimija",
+	"actions.runs.status": "Tila",
+	"actions.runs.actors_no_select": "Kaikki toimijat",
+	"actions.runs.status_no_select": "Kaikki tilat",
+	"actions.runs.no_results": "Ei tuloksia.",
+	"actions.runs.no_workflows": "Ei työnkulkuja vielä.",
+	"actions.actions": "Actions",
+	"actions.status.unknown": "Tuntematon",
+	"actions.status.waiting": "Odotustilassa",
+	"actions.status.running": "Käynnissä",
+	"actions.status.success": "Onnistunut",
+	"actions.status.failure": "Epäonnistunut",
+	"actions.status.cancelled": "Peruttu",
+	"actions.status.skipped": "Ohitettu",
+	"actions.status.blocked": "Estetty",
+	"actions.runners": "Ajajat",
+	"actions.runners.runner_manage_panel": "Hallinnoi testinajajia",
+	"actions.runners.new": "Luo uusi testinajaja",
+	"actions.runners.new_notice": "Testinajajan aloitusohjeet",
+	"actions.runners.status": "Tila",
+	"actions.runners.status.unspecified": "Tuntematon",
+	"actions.runners.status.idle": "Jouten",
+	"actions.runners.status.active": "Aktiivinen",
+	"actions.runners.status.offline": "Ei-verkkotilassa",
+	"actions.runners.id": "Tunniste",
+	"actions.runners.name": "Nimi",
+	"actions.runners.owner_type": "Tyyppi",
+	"actions.runners.description": "Kuvaus",
+	"actions.runners.labels": "Nimilaput",
+	"actions.runners.last_online": "Viimeisin käynnissäoloajankohta",
+	"actions.runners.runner_title": "Testinajaja",
+	"actions.runners.task_list": "Ajajan viimeisimmät tehtävät",
+	"actions.runners.task_list.no_tasks": "Tehtäviä ei ole vielä määritelty.",
+	"actions.runners.task_list.run": "Suorita",
+	"actions.runners.task_list.status": "Tila",
+	"actions.runners.task_list.repository": "Tietovarasto",
+	"actions.runners.task_list.commit": "Kommitti",
+	"actions.runners.task_list.done_at": "Valmistunut ajankohtana",
+	"actions.runners.edit_runner": "Muokkaa testinajajaa",
+	"actions.runners.update_runner.button": "Päivitä muutokset",
+	"actions.runners.update_runner.success": "Testinajaja päivitetty onnistuneesti",
+	"actions.runners.update_runner.failed": "Testinajajan päivitys epäonnistui",
+	"actions.runners.delete_runner.button": "Poista testinajaja",
+	"actions.runners.delete_runner.success": "Testinajaja poistettu onnistuneesti",
+	"actions.runners.delete_runner.failed": "Testinajajan poisto epäonnistui",
+	"actions.runners.delete_runner.header": "Varmista testinajajan poisto",
+	"actions.runners.delete_runner.notice": "Jos tehtävä on käynnissä tällä testinajajalla, se lopetetaan ja merkitään epäonnistuneeksi. Se voi rikkoa koonnin työnkulun.",
+	"actions.runners.none": "Testinajajia ei saatavilla",
+	"actions.runners.version": "Versio",
+	"actions.runners.reset_registration_token.button": "Uudelleenaseta rekisteröintipoletti",
+	"actions.runners.reset_registration_token.success": "Testiajajan rekisteröintipoletti asetettu uudelleen onnistuneesti",
 	"migrate.pagure.description": "Tee migraatio pagure.io:sta tai muista Pagure-instansseista.",
 	"pulse.n_active_issues": {
 		"one": "%s aktiivinen ongelma",
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 379bf49760..510a964847 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Naka-sign gamit ang default key",
+	"gpg.error.extract_sign": "Nabigong i-extract ang signature",
+	"gpg.error.generate_hash": "Nabigong i-generate ang hash ng commit",
+	"gpg.error.no_committer_account": "Walang account na naka-link sa email address ng committer",
+	"gpg.error.no_gpg_keys_found": "Walang kilalang key na nahanap para sa signature na ito sa database",
+	"gpg.error.not_signed_commit": "Hindi isang naka-sign na commit",
+	"gpg.error.failed_retrieval_gpg_keys": "Nabigong kumuha ng anumang key na naka-attach sa account ng committer",
+	"gpg.error.probable_bad_signature": "BABALA! Bagaman na may key na may ID na ito sa database hindi nito pinapatunayan ang commit na ito! Ang commit na ito ay KAHINA-HINALA.",
+	"gpg.error.probable_bad_default_signature": "BABALA! Bagaman na ang default key ay may ID na ito hindi nito pinapatunayan ang commit na ito! Ang commit na ito ay KAHINA-HINALA.",
+	"notification.notifications": "Mga abiso",
+	"notification.unread": "Hindi nabasa",
+	"notification.read": "Nabasa",
+	"notification.no_unread": "Walang mga hindi nabasang notification.",
+	"notification.no_read": "Walang mga nabasang notification.",
+	"notification.pin": "I-pin ang notification",
+	"notification.mark_as_read": "Markahan bilang nabasa",
+	"notification.mark_as_unread": "Markahan bilang hindi nabasa",
+	"notification.mark_all_as_read": "Markahan lahat bilang nabasa",
+	"notification.subscriptions": "Mga subscription",
+	"notification.watching": "Pinapanood",
+	"notification.no_subscriptions": "Walang mga subscription",
+	"dropzone.default_message": "I-drop ang mga file o mag-click dito para mag-upload.",
+	"dropzone.invalid_input_type": "Hindi ka maaaring mag-upload ng mga file sa uri na ito.",
+	"dropzone.file_too_big": "Ang laki ng file ({{filesize}}) MB) ay lumalagpas sa pinakamataas na size na ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Tanggalin ang file",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Mga package",
 	"packages.empty": "Wala pang anumang mga package.",
 	"packages.empty.documentation": "Para sa higit pang impormasyon sa package registry, tignan ang <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentasyon</a>.",
@@ -327,6 +359,58 @@
 	"actions.runs.viewing_out_of_date_run": "Tumitingin ka sa isang hindi napapanahong paktabo ng trabahong ito na na-execute %[1]s.",
 	"actions.runs.view_most_recent_run": "Tignan ang pinakabagong pagtakbo",
 	"actions.runs.run_attempt_label": "Tangka sa pagtakbo #%[1]s (%[2]s)",
+	"actions.runs.all_workflows": "Lahat ng mga workflow",
+	"actions.runs.commit": "Commit",
+	"actions.runs.scheduled": "Naka-iskedyul",
+	"actions.runs.pushed_by": "itinulak ni/ng",
+	"actions.runs.workflow": "Workflow",
+	"actions.runs.invalid_workflow_helper": "Hindi wasto ang workflow config file. Pakisuri ang iyong config file: %s",
+	"actions.runs.no_matching_online_runner.helper": "Walang tumutugmang online runner na may label: %s",
+	"actions.runs.no_job_without_needs": "Ang workflow ay dapat maglaman ng hindi bababa sa isang trabaho na walang dependencies.",
+	"actions.runs.no_job": "Ang workflow ay dapat maglaman ng hindi bababa sa isang trabaho",
+	"actions.runs.actor": "Actor",
+	"actions.runs.status": "Status",
+	"actions.runs.actors_no_select": "Lahat ng mga actor",
+	"actions.runs.status_no_select": "Lahat ng status",
+	"actions.runs.no_results": "Walang mga tumugmang resulta.",
+	"actions.runs.no_workflows": "Wala pang mga workflow sa ngayon.",
+	"actions.actions": "Mga Aksyon",
+	"actions.runners": "Mga Runner",
+	"actions.runners.runner_manage_panel": "Ipamahala ang mga runner",
+	"actions.runners.new": "Gumawa ng bagong runner",
+	"actions.runners.new_notice": "Paano magsimula ng runner",
+	"actions.runners.status": "Katayuan",
+	"actions.runners.status.unspecified": "Hindi alam",
+	"actions.runners.status.idle": "Idle",
+	"actions.runners.status.active": "Aktibo",
+	"actions.runners.status.offline": "Offline",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Pangalan",
+	"actions.runners.owner_type": "Uri",
+	"actions.runners.description": "Paglalarawan",
+	"actions.runners.labels": "Mga label",
+	"actions.runners.last_online": "Huling oras na online",
+	"actions.runners.runner_title": "Runner",
+	"actions.runners.task_list": "Mga kamakailang trabaho sa runner na ito",
+	"actions.runners.task_list.no_tasks": "Wala pang mga trabaho sa ngayon.",
+	"actions.runners.task_list.run": "Patakbuhin",
+	"actions.runners.task_list.status": "Status",
+	"actions.runners.task_list.repository": "Repositoryo",
+	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.task_list.done_at": "Natapos sa",
+	"actions.runners.edit_runner": "Baguhin ang Runner",
+	"actions.runners.update_runner.button": "I-update ang mga pagbabago",
+	"actions.runners.update_runner.success": "Matagumpay na na-update ang runner",
+	"actions.runners.update_runner.failed": "Nabigong i-update ang runner",
+	"actions.runners.delete_runner.button": "Burahin ang runner na ito",
+	"actions.runners.delete_runner.success": "Matagumpay na nabura ang runner",
+	"actions.runners.delete_runner.failed": "Nabigong burahin ang runner",
+	"actions.runners.delete_runner.header": "Kumpirmahin na burahin ang runner",
+	"actions.runners.delete_runner.notice": "Kapag may trabaho na tumatakbo sa runner na ito, titigilan ito at mamarkahan bilang nabigo. Maaaring sirain ang building workflow.",
+	"actions.runners.none": "Walang mga available na runner",
+	"actions.runners.version": "Bersyon",
+	"actions.runners.reset_registration_token.button": "I-reset ang token ng pagrehistro",
+	"actions.runners.reset_registration_token.success": "Matagumpay na na-reset ang token ng pagrehistro ng runner",
 	"pulse.n_active_issues": {
 		"one": "%s aktibong isyu",
 		"other": "%s mga aktibong isyu"
@@ -376,6 +460,14 @@
 		"one": "Naghihintay ng runner na may sumusunod na label: %s",
 		"other": "Naghihintay ng runner na may sumusunod na mga label: %s"
 	},
+	"actions.status.unknown": "Hindi alam",
+	"actions.status.waiting": "Hinihintay",
+	"actions.status.running": "Tumatakbo",
+	"actions.status.success": "Tagumpay",
+	"actions.status.failure": "Nabigo",
+	"actions.status.cancelled": "Kinansela",
+	"actions.status.skipped": "Nilaktawan",
+	"actions.status.blocked": "Naharang",
 	"teams.add_all_repos.modal.header": "Idagdag ang lahat ng mga repositoryo",
 	"teams.remove_all_repos.modal.header": "Tanggalin ang lahat ng mga repositoryo",
 	"issues.updated": "binago %s",
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index c742f5f621..7c84a9f01e 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Signé avec la clé par défaut",
+	"gpg.error.extract_sign": "Impossible d'extraire la signature",
+	"gpg.error.generate_hash": "Impossible de générer la chaine de hachage de la révision",
+	"gpg.error.no_committer_account": "Aucun compte lié à l'adresse e-mail de l'auteur",
+	"gpg.error.no_gpg_keys_found": "Aucune clé n'a été trouvée pour cette signature dans la base de données",
+	"gpg.error.not_signed_commit": "Révision non signée",
+	"gpg.error.failed_retrieval_gpg_keys": "Impossible de récupérer la clé liée au compte de l'auteur",
+	"gpg.error.probable_bad_signature": "AVERTISSEMENT ! Bien qu'il y ait une clé avec cet ID dans la base de données, il ne vérifie pas ce commit ! Ce commit est SUSPECT.",
+	"gpg.error.probable_bad_default_signature": "AVERTISSEMENT ! Bien que la clé par défaut ait cet ID, elle ne vérifie pas ce commit ! Ce commit est SUSPECT.",
+	"notification.notifications": "Notifications",
+	"notification.unread": "Non lue(s)",
+	"notification.read": "Lue(s)",
+	"notification.no_unread": "Aucune notification non lue.",
+	"notification.no_read": "Aucune notification lue.",
+	"notification.pin": "Épingler la notification",
+	"notification.mark_as_read": "Marquer comme lu",
+	"notification.mark_as_unread": "Marquer comme non lue",
+	"notification.mark_all_as_read": "Tout marquer comme lu",
+	"notification.subscriptions": "Abonnements",
+	"notification.watching": "Suivi",
+	"notification.no_subscriptions": "Pas d'abonnements",
+	"dropzone.default_message": "Déposez les fichiers ou cliquez ici pour téléverser.",
+	"dropzone.invalid_input_type": "Vous ne pouvez pas téléverser des fichiers de ce type.",
+	"dropzone.file_too_big": "La taille du fichier ({{filesize}} Mo) dépasse la taille maximale ({{maxFilesize}} Mo).",
+	"dropzone.remove_file": "Supprimer le fichier",
+	"munits.data.b": "o",
+	"munits.data.kib": "Kio",
+	"munits.data.mib": "Mio",
+	"munits.data.gib": "Gio",
+	"munits.data.tib": "Tio",
+	"munits.data.pib": "Pio",
+	"munits.data.eib": "Eio",
 	"packages.title": "Paquets",
 	"packages.empty": "Il n'y pas de paquet pour le moment.",
 	"packages.empty.documentation": "Pour plus d'informations sur le registre de paquets, voir <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentation</a>.",
@@ -333,6 +365,58 @@
 	"actions.runs.view_most_recent_run": "Voir l'exécution la plus récente",
 	"actions.runs.viewing_out_of_date_run": "Vous consultez une exécution obsolète de cette tâche qui a été lancée le %[1]s.",
 	"actions.runs.run_attempt_label": "Tentative d'exécution #%[1]s (%[2]s)",
+	"actions.runs.all_workflows": "Tous les workflows",
+	"actions.runs.commit": "Révision",
+	"actions.runs.scheduled": "Planifié",
+	"actions.runs.pushed_by": "soumis par",
+	"actions.runs.workflow": "Workflow",
+	"actions.runs.invalid_workflow_helper": "La configuration du flux de travail est invalide. Veuillez vérifier votre fichier %s",
+	"actions.runs.no_matching_online_runner.helper": "Aucun exécuteur en ligne correspondant au libellé %s",
+	"actions.runs.no_job_without_needs": "Le workflow doit contenir au moins une tâche sans dépendances.",
+	"actions.runs.no_job": "Le workflow doit au moins contenir une tâche",
+	"actions.runs.actor": "Acteur",
+	"actions.runs.status": "Statut",
+	"actions.runs.actors_no_select": "Tous les acteurs",
+	"actions.runs.status_no_select": "Touts les statuts",
+	"actions.runs.no_results": "Aucun résultat correspondant.",
+	"actions.runs.no_workflows": "Il n'y a pas encore de workflows.",
+	"actions.actions": "Actions",
+	"actions.runners": "Exécuteurs",
+	"actions.runners.runner_manage_panel": "Gestion des exécuteurs",
+	"actions.runners.new": "Créer un nouvel exécuteur",
+	"actions.runners.new_notice": "Comment démarrer un exécuteur",
+	"actions.runners.status": "Statut",
+	"actions.runners.status.unspecified": "Inconnu",
+	"actions.runners.status.idle": "Inactif",
+	"actions.runners.status.active": "Actif",
+	"actions.runners.status.offline": "Hors-ligne",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Nom",
+	"actions.runners.owner_type": "Type",
+	"actions.runners.description": "Description",
+	"actions.runners.labels": "Labels",
+	"actions.runners.last_online": "Dernière fois en ligne",
+	"actions.runners.runner_title": "Exécuteur",
+	"actions.runners.task_list": "Tâches récentes sur cet exécuteur",
+	"actions.runners.task_list.no_tasks": "Il n'y a pas de tâche ici.",
+	"actions.runners.task_list.run": "Exécuter",
+	"actions.runners.task_list.status": "Statut",
+	"actions.runners.task_list.repository": "Dépôt",
+	"actions.runners.task_list.commit": "Révision",
+	"actions.runners.task_list.done_at": "Fait à",
+	"actions.runners.edit_runner": "Éditer l'Exécuteur",
+	"actions.runners.update_runner.button": "Appliquer les modifications",
+	"actions.runners.update_runner.success": "Exécuteur mis à jour avec succès",
+	"actions.runners.update_runner.failed": "Impossible d'actualiser l'Exécuteur",
+	"actions.runners.delete_runner.button": "Supprimer cet exécuteur",
+	"actions.runners.delete_runner.success": "Exécuteur supprimé avec succès",
+	"actions.runners.delete_runner.failed": "Impossible de supprimer l'Exécuteur",
+	"actions.runners.delete_runner.header": "Confirmer la suppression de cet exécuteur",
+	"actions.runners.delete_runner.notice": "Si une tâche est en cours sur cet exécuteur, elle sera terminée et marquée comme échouée. Cela risque d’interrompre le flux de travail.",
+	"actions.runners.none": "Aucun exécuteur disponible",
+	"actions.runners.version": "Version",
+	"actions.runners.reset_registration_token.button": "Réinitialiser le jeton d'enregistrement",
+	"actions.runners.reset_registration_token.success": "Le jeton d’inscription de l’exécuteur a été réinitialisé avec succès",
 	"migrate.pagure.description": "Migrer les données depuis pagure.io ou d'autres instances Pagure.",
 	"migrate.pagure.incorrect_url": "L'URL du dépôt source fournie est incorrecte",
 	"migrate.pagure.project_url": "URL du projet Pagure",
@@ -390,6 +474,14 @@
 		"many": "Attente d'un exécuteur avec les étiquettes suivantes : %s",
 		"other": ""
 	},
+	"actions.status.unknown": "Inconnu",
+	"actions.status.waiting": "En attente",
+	"actions.status.running": "En cours d'exécution",
+	"actions.status.success": "Succès",
+	"actions.status.failure": "Échec",
+	"actions.status.cancelled": "Annulé",
+	"actions.status.skipped": "Ignoré",
+	"actions.status.blocked": "Bloqué",
 	"moderation.report.mark_as_ignored": "Marquer comme ignoré",
 	"moderation.action.account.delete": "Supprimer le compte",
 	"moderation.action.account.suspend": "Suspendre le compte",
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index 8ddb8eca39..a9115c127d 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -1,4 +1,24 @@
 {
+	"gpg.default_key": "Sínithe leis an eochair réamhshocraithe",
+	"gpg.error.extract_sign": "Theip ar an síniú a bhaint",
+	"gpg.error.generate_hash": "Theip ar hash gealltanas a ghiniúint",
+	"gpg.error.no_committer_account": "Níl aon chuntas nasctha le seoladh ríomhphoist an tiomnóra",
+	"notification.notifications": "Fógraí",
+	"notification.unread": "Gan léamh",
+	"notification.read": "Léigh",
+	"notification.no_unread": "Gan aon fhógraí neamh-léite.",
+	"notification.no_read": "Gan aon fhógraí léite.",
+	"notification.pin": "Fógra bioráin",
+	"notification.mark_as_read": "Marcáil mar léite",
+	"notification.mark_as_unread": "Marcáil mar neamh-léite",
+	"notification.mark_all_as_read": "Marcáil gach ceann mar léite",
+	"notification.subscriptions": "Síntiúis",
+	"notification.watching": "Ag féachaint",
+	"notification.no_subscriptions": "Gan síntiúis",
+	"dropzone.default_message": "Scaoil comhaid nó cliceáil anseo chun iad a uaslódáil.",
+	"dropzone.invalid_input_type": "Ní féidir leat comhaid den chineál seo a uaslódáil.",
+	"dropzone.file_too_big": "Sáraíonn méid comhaid ({{filesize}} MB) an t-uasmhéid de ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Bain an comhad",
 	"packages.title": "Pacáistí",
 	"packages.empty": "Níl aon phacáistí ann fós.",
 	"packages.empty.documentation": "Le haghaidh tuilleadh eolais ar chlárlann na bpacáistí, féach ar <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">na doiciméid</a>.",
@@ -408,6 +428,20 @@
 	"actions.runs.run_attempt_label": "Iarracht rith #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Tá tú ag féachaint ar rith atá as dáta den phost seo a cuireadh i gcrích %[1]s.",
 	"actions.runs.view_most_recent_run": "Féach ar an rith is déanaí",
+	"actions.runs.all_workflows": "Gach Sreafaí Oibre",
+	"actions.runs.commit": "Tiomantas",
+	"actions.runs.scheduled": "Sceidealaithe",
+	"actions.runs.pushed_by": "bhrú ag",
+	"actions.runs.invalid_workflow_helper": "Tá comhad cumraíochta sreabhadh oibre nebhailí. Seiceáil do chomhad cumraithe le do thoil: %s",
+	"actions.runs.no_matching_online_runner.helper": "Gan aon reathaí ar líne a mheaitseáil le lipéad: %s",
+	"actions.runs.no_job_without_needs": "Caithfidh post amháin ar a laghad a bheith sa sreabhadh oibre gan spleáchas.",
+	"actions.runs.no_job": "Caithfidh post amháin ar a laghad a bheith sa sreabhadh oibre",
+	"actions.runs.actor": "Aisteoir",
+	"actions.runs.status": "Stádas",
+	"actions.runs.actors_no_select": "Gach aisteoir",
+	"actions.runs.status_no_select": "Gach stádas",
+	"actions.runs.no_results": "Níor mheaitseáil aon torthaí.",
+	"actions.runs.no_workflows": "Níl aon sreafaí oibre ann fós.",
 	"actions.workflow.job_parsing_error": "Ní féidir poist a pharsáil sa sreabhadh oibre: %v",
 	"actions.workflow.event_detection_error": "Ní féidir imeachtaí tacaithe a pharsáil sa sreabhadh oibre: %v",
 	"actions.workflow.persistent_incomplete_matrix": "Ní féidir `strategy.matrix` den phost %[1]s a mheas mar gheall ar léiriú `needs` a bhí neamhbhailí. D’fhéadfadh sé tagairt a dhéanamh do phost nach bhfuil ina liosta 'needs' (%[2]s), nó d’aschur nach bhfuil ann ar cheann de na poist sin.",
@@ -423,6 +457,42 @@
 	"actions.workflow.incomplete_with_missing_matrix_dimension": "Ní féidir `le` den phost %[1]s a mheas: níl toise maitrís %[2]s ann.",
 	"actions.workflow.incomplete_with_unknown_cause": "Ní féidir `le` den phost %[1]s a mheas: earráid anaithnid.",
 	"actions.workflow.pre_execution_error": "Níor cuireadh an sreabhadh oibre i gcrích mar gheall ar earráid a chuir bac ar an iarracht forghníomhaithe.",
+	"actions.actions": "Gníomhartha",
+	"actions.runners": "Reathaitheoirí",
+	"actions.runners.new": "Cruthaigh reathaí nua",
+	"actions.runners.new_notice": "Conas reathaí a thosú",
+	"actions.runners.status": "Stádas",
+	"actions.runners.status.unspecified": "Anaithnid",
+	"actions.runners.status.idle": "Díomhaoin",
+	"actions.runners.status.active": "Gníomhach",
+	"actions.runners.status.offline": "As líne",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Ainm",
+	"actions.runners.owner_type": "Cineál",
+	"actions.runners.description": "Cur síos",
+	"actions.runners.labels": "Lipéid",
+	"actions.runners.last_online": "Am Ar Líne Deiridh",
+	"actions.runners.runner_title": "Reathaí",
+	"actions.runners.task_list": "Tascanna le déanaí ar an reathaí seo",
+	"actions.runners.task_list.no_tasks": "Níl aon tasc ann fós.",
+	"actions.runners.task_list.run": "Rith",
+	"actions.runners.task_list.status": "Stádas",
+	"actions.runners.task_list.repository": "Stóras",
+	"actions.runners.task_list.commit": "Tiomantas",
+	"actions.runners.task_list.done_at": "Déanta ag",
+	"actions.runners.edit_runner": "Cuir Reathaí in Eagar",
+	"actions.runners.update_runner.button": "Nuashonrú Athruithe",
+	"actions.runners.update_runner.success": "Nuashonraíodh an Reathaí",
+	"actions.runners.update_runner.failed": "Theip ar an reathaí a nuashonrú",
+	"actions.runners.delete_runner.button": "Scrios an reathaí seo",
+	"actions.runners.delete_runner.success": "Scriosadh an reathaí go rathúil",
+	"actions.runners.delete_runner.failed": "Theip ar an reathaí a scriosadh",
+	"actions.runners.delete_runner.header": "Deimhnigh an reathaí seo a scriosadh",
+	"actions.runners.delete_runner.notice": "Má tá tasc ar siúl ar an reathaí seo, cuirfear deireadh leis agus marcáil mar theip. Féadfaidh sé sreabhadh oibre tógála a bhriseadh.",
+	"actions.runners.none": "Níl aon reathaí ar fáil",
+	"actions.runners.version": "Leagan",
+	"actions.runners.reset_registration_token.button": "Athshocraigh comhartha clár",
+	"actions.runners.reset_registration_token.success": "D'éirigh le hathshocrú comhartha clárúcháin an dara háit",
 	"teams.add_all_repos.modal.header": "Cuir na stórais uile leis",
 	"teams.remove_all_repos.modal.header": "Bain na stórais uile",
 	"pulls.manual_merge.helper": "Cúntóir cumasc láimhe",
diff --git a/options/locale_next/locale_hu-HU.json b/options/locale_next/locale_hu-HU.json
index 27f47f82c5..fc1dbc01f7 100644
--- a/options/locale_next/locale_hu-HU.json
+++ b/options/locale_next/locale_hu-HU.json
@@ -1,4 +1,27 @@
 {
+	"actions.runners.name": "Név",
+	"actions.runners.owner_type": "Típus",
+	"actions.runners.description": "Leírás",
+	"actions.runners.task_list.run": "Futtatás",
+	"actions.runners.task_list.repository": "Tároló",
+	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.status.active": "Aktív",
+	"actions.runs.commit": "Commit",
+	"gpg.error.extract_sign": "Nem sikerült kinyerni az aláírást",
+	"gpg.error.generate_hash": "Nem sikerült létrehozni a commitot azonosító hash-t",
+	"gpg.error.no_gpg_keys_found": "Nem található kulcs ehhez az aláíráshoz az adatbázisban",
+	"gpg.error.not_signed_commit": "Nem aláírt commit",
+	"notification.notifications": "Értesítések",
+	"notification.unread": "Olvasatlan",
+	"notification.read": "Olvasott",
+	"notification.no_unread": "Nincsenek olvasatlan értesítések.",
+	"notification.no_read": "Nincsenek olvasott értesítések.",
+	"notification.pin": "Értesítés kitűzése",
+	"notification.mark_as_read": "Megjelölés olvasottként",
+	"notification.mark_as_unread": "Megjelölés olvasatlanként",
+	"notification.mark_all_as_read": "Összes üzenet megjelölése olvasottként",
+	"dropzone.file_too_big": "A fájl mérete ({{filesize}} MB) meghaladja a maximális méretet ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Fájl eltávolítása",
 	"packages.filter.type": "Típus",
 	"packages.alpine.repository.branches": "Ágak",
 	"packages.alpine.repository.repositories": "Tárolók",
diff --git a/options/locale_next/locale_id-ID.json b/options/locale_next/locale_id-ID.json
index 2008c2584a..8923bb149d 100644
--- a/options/locale_next/locale_id-ID.json
+++ b/options/locale_next/locale_id-ID.json
@@ -1,4 +1,19 @@
 {
+	"gpg.error.extract_sign": "Gagal untuk mengambil tanda tangan",
+	"gpg.error.generate_hash": "Gagal untuk menghasilkan hash komit",
+	"gpg.error.no_gpg_keys_found": "Tidak diketahui kunci yang ditemukan di database signature",
+	"gpg.error.not_signed_commit": "Bukan melakukan yang ditandatangani",
+	"notification.notifications": "Notifikasi",
+	"notification.unread": "Belum dibaca",
+	"notification.read": "Dibaca",
+	"notification.pin": "Pemberitahuan Pin",
+	"notification.mark_as_read": "Tandai sebagai membaca",
+	"notification.mark_as_unread": "Tandai sebagai belum dibaca",
+	"notification.mark_all_as_read": "Tandai semua sudah dibaca",
+	"dropzone.default_message": "Jatuhkan berkas disini atau klik untuk mengunggah.",
+	"dropzone.invalid_input_type": "Anda tidak bisa mengunggah berkas jenis ini.",
+	"dropzone.file_too_big": "Ukuran berkas ({{filesize}} MB) melebihi ukuran maksimum ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Hilangkan berkas",
 	"packages.filter.type": "Jenis",
 	"packages.alpine.repository.branches": "Cabang",
 	"packages.alpine.repository.repositories": "Repositori",
@@ -130,8 +145,22 @@
 	"actions.runs.run_attempt_label": "Upaya eksekusi #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Anda sedang melihat hasil eksekusi yang sudah kadaluwarsa dari tugas ini yang dijalankan pada %[1]s.",
 	"actions.runs.view_most_recent_run": "Lihat hasil terbaru",
+	"actions.runs.commit": "Memperbuat",
+	"actions.runs.no_matching_online_runner.helper": "Tidak ada runner online yang cocok dengan label: %s",
+	"actions.runs.actor": "Aktor",
+	"actions.runs.status": "Status",
+	"actions.runs.actors_no_select": "Semua aktor",
+	"actions.runs.status_no_select": "Semua status",
+	"actions.runs.no_results": "Tidak ada hasil yang cocok.",
+	"actions.runs.no_workflows": "Belum ada alur kerja.",
 	"actions.workflow.job_parsing_error": "Tidak dapat memproses pekerjaan dalam alur kerja: %v",
 	"actions.workflow.event_detection_error": "Tidak dapat memproses peristiwa yang didukung dalam alur kerja: %v",
 	"actions.workflow.pre_execution_error": "Alur kerja tidak dijalankan karena terjadi kesalahan yang menghalangi upaya eksekusi.",
+	"actions.runners.name": "Nama",
+	"actions.runners.owner_type": "Jenis",
+	"actions.runners.description": "Deskripsi",
+	"actions.runners.task_list.run": "Lari",
+	"actions.runners.task_list.repository": "Repositori",
+	"actions.runners.task_list.commit": "Memperbuat",
 	"meta.last_line": "Terima kasih telah menerjemahkan Forgejo! Baris ini tidak terlihat oleh pengguna, tetapi memiliki fungsi lain dalam manajemen terjemahan. Anda dapat menambahkan fakta menarik dalam terjemahan alih-alih menerjemahkannya."
 }
diff --git a/options/locale_next/locale_is-IS.json b/options/locale_next/locale_is-IS.json
index f46c872aab..fe44a7ee44 100644
--- a/options/locale_next/locale_is-IS.json
+++ b/options/locale_next/locale_is-IS.json
@@ -1,4 +1,18 @@
 {
+	"actions.runners.id": "Auðkenni",
+	"actions.runners.name": "Heiti",
+	"actions.runners.owner_type": "Tegund",
+	"actions.runners.description": "Lýsing",
+	"actions.runners.labels": "Lýsingar",
+	"actions.runners.task_list.run": "Keyra",
+	"actions.runners.task_list.repository": "Hugbúnaðarsafn",
+	"actions.runners.task_list.commit": "Framlag",
+	"actions.runners.status.active": "Virkt",
+	"actions.runners.version": "Útgáfa",
+	"actions.runs.commit": "Framlag",
+	"notification.notifications": "Tilkynningar",
+	"notification.unread": "Ólesnar",
+	"notification.read": "Lesnar",
 	"packages.title": "Pakkar",
 	"packages.filter.type": "Tegund",
 	"packages.filter.type.all": "Allir",
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index 7c61ebf507..4aee4ef125 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Firmato con la chiave predefinita",
+	"gpg.error.extract_sign": "Impossibile ricavare la firma",
+	"gpg.error.generate_hash": "Impossibile generare hash del commit",
+	"gpg.error.no_committer_account": "Nessun account collegato all'indirizzo email del committer",
+	"gpg.error.no_gpg_keys_found": "Non sono state trovate chiavi note per questa firma nel database",
+	"gpg.error.not_signed_commit": "Commit non firmato",
+	"gpg.error.failed_retrieval_gpg_keys": "Impossibile recuperare le chiavi associate al profilo dell'autore del commit",
+	"gpg.error.probable_bad_signature": "ATTENZIONE! Anche se esiste una chiave con questo ID nel database, essa non verifica questo commit! Questo commit è SOSPETTO.",
+	"gpg.error.probable_bad_default_signature": "ATTENZIONE! Anche se la chiave predefinita ha questo ID essa non verifica questo commit! Questo commit è SOSPETTO.",
+	"notification.notifications": "Notifiche",
+	"notification.unread": "Non lette",
+	"notification.read": "Lette",
+	"notification.no_unread": "Nessuna notifica da leggere.",
+	"notification.no_read": "Nessuna notifica letta.",
+	"notification.pin": "Appunta notifica",
+	"notification.mark_as_read": "Segna come letto",
+	"notification.mark_as_unread": "Segna come non letto",
+	"notification.mark_all_as_read": "Segna tutti come letti",
+	"notification.subscriptions": "Sottoscrizioni",
+	"notification.watching": "Osservando",
+	"notification.no_subscriptions": "Nessuna iscrizione",
+	"dropzone.default_message": "Trascina i file o clicca qui per caricare.",
+	"dropzone.invalid_input_type": "Non è possibile caricare file di questo tipo.",
+	"dropzone.file_too_big": "La dimensione del file ({{filesize}} MB) supera la dimensione massima ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Rimuovi file",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Pacchetti",
 	"packages.empty": "Non ci sono ancora pacchetti.",
 	"packages.empty.documentation": "Per ulteriori informazioni sul registro dei pacchetti vedi <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentazione</a>.",
@@ -323,6 +355,66 @@
 	"actions.runs.run_attempt_label": "Esegui tentativo #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Stai visualizzando un'esecuzione obsoleta di questo lavoro che è stata eseguita il %[1]s.",
 	"actions.runs.view_most_recent_run": "Visualizza l'esecuzione più recente",
+	"actions.runs.all_workflows": "Tutti i flussi di lavoro",
+	"actions.runs.commit": "Commit",
+	"actions.runs.scheduled": "Pianificato",
+	"actions.runs.pushed_by": "immesso da",
+	"actions.runs.workflow": "Workflow",
+	"actions.runs.invalid_workflow_helper": "Il file di configurazione del flusso di lavoro è invalido. Controlla il tuo file di configurazione: %s",
+	"actions.runs.no_matching_online_runner.helper": "Nessun esecutore online corrispondente con etichetta: %s",
+	"actions.runs.no_job_without_needs": "Il flusso di lavoro deve contenere almeno un incarico senza dipendenze.",
+	"actions.runs.no_job": "Il flusso di lavoro deve contenere almeno un incarico",
+	"actions.runs.actor": "Attore",
+	"actions.runs.status": "Stato",
+	"actions.runs.actors_no_select": "Tutti gli agenti",
+	"actions.runs.status_no_select": "Tutti gli stati",
+	"actions.runs.no_results": "Nessun risultato trovato.",
+	"actions.runs.no_workflows": "Non ci sono ancora flussi di lavoro.",
+	"actions.actions": "Azioni",
+	"actions.status.unknown": "Sconosciuto",
+	"actions.status.waiting": "In attesa",
+	"actions.status.running": "In corso",
+	"actions.status.success": "Successo",
+	"actions.status.failure": "Errore",
+	"actions.status.cancelled": "Annullato",
+	"actions.status.skipped": "Saltato",
+	"actions.status.blocked": "Bloccato",
+	"actions.runners": "Esecutori",
+	"actions.runners.runner_manage_panel": "Gestisci esecutori",
+	"actions.runners.new": "Crea un nuovo esecutore",
+	"actions.runners.new_notice": "Come avviare un esecutore",
+	"actions.runners.status": "Stato",
+	"actions.runners.status.unspecified": "Sconosciuto",
+	"actions.runners.status.idle": "Inattivo",
+	"actions.runners.status.active": "Attivo",
+	"actions.runners.status.offline": "Offline",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Nome",
+	"actions.runners.owner_type": "Tipo",
+	"actions.runners.description": "Descrizione",
+	"actions.runners.labels": "Etichette",
+	"actions.runners.last_online": "Ultima volta online",
+	"actions.runners.runner_title": "Esecutore",
+	"actions.runners.task_list": "Attività recenti su questo esecutore",
+	"actions.runners.task_list.no_tasks": "Non c'è ancora nessuna attività.",
+	"actions.runners.task_list.run": "Esegui",
+	"actions.runners.task_list.status": "Stato",
+	"actions.runners.task_list.repository": "Repository",
+	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.task_list.done_at": "Eseguito",
+	"actions.runners.edit_runner": "Modifica esecutore",
+	"actions.runners.update_runner.button": "Aggiorna cambiamenti",
+	"actions.runners.update_runner.success": "Esecutore aggiornato correttamente",
+	"actions.runners.update_runner.failed": "Impossibile aggiornare l'esecutore",
+	"actions.runners.delete_runner.button": "Elimina questo esecutore",
+	"actions.runners.delete_runner.success": "Esecutore eliminato correttamente",
+	"actions.runners.delete_runner.failed": "Impossibile eliminare l'esecutore",
+	"actions.runners.delete_runner.header": "Conferma l'eliminazione di questo esecutore",
+	"actions.runners.delete_runner.notice": "Se un'attività è in esecuzione su questo esecutore sarà terminata ed etichettata fallito. Potrebbe rompere flussi di lavoro di costruzione.",
+	"actions.runners.none": "Nessun esecutore disponibile",
+	"actions.runners.version": "Versione",
+	"actions.runners.reset_registration_token.button": "Reimposta token di registrazione",
+	"actions.runners.reset_registration_token.success": "Reimpostazione del token di registrazione dell'esecutore fallita",
 	"settings.visibility.description": "La visibilità del profilo influisce sulla capacità degli altri di accedere ai tuoi repository non privati. <a href=\"%s\" target=\"_blank\">Scopri di più</a>.",
 	"error.must_enable_2fa": "Questa istanza Forgejo richiede che gli utenti attivino la verifica in due passaggi prima di poter accedere ai propri account. Attivala su: %s",
 	"migrate.pagure.token_label": "Token API Pagure",
diff --git a/options/locale_next/locale_ja-JP.json b/options/locale_next/locale_ja-JP.json
index 3dcfd6db11..1afbaa5254 100644
--- a/options/locale_next/locale_ja-JP.json
+++ b/options/locale_next/locale_ja-JP.json
@@ -1,4 +1,96 @@
 {
+	"actions.actions": "Actions",
+	"actions.status.unknown": "不明",
+	"actions.status.waiting": "待機中",
+	"actions.status.running": "実行中",
+	"actions.status.success": "成功",
+	"actions.status.failure": "失敗",
+	"actions.status.cancelled": "キャンセル",
+	"actions.status.skipped": "スキップ",
+	"actions.status.blocked": "ブロックされた",
+	"actions.runners": "ランナー",
+	"actions.runners.runner_manage_panel": "ランナーの管理",
+	"actions.runners.new": "新しいランナーを作成",
+	"actions.runners.new_notice": "ランナーの開始方法",
+	"actions.runners.status": "ステータス",
+	"actions.runners.status.unspecified": "不明",
+	"actions.runners.status.idle": "アイドル",
+	"actions.runners.status.active": "稼働中",
+	"actions.runners.status.offline": "オフライン",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "名称",
+	"actions.runners.owner_type": "タイプ",
+	"actions.runners.description": "説明",
+	"actions.runners.labels": "ラベル",
+	"actions.runners.last_online": "最終オンライン時刻",
+	"actions.runners.runner_title": "ランナー",
+	"actions.runners.task_list": "このランナーの最近のタスク",
+	"actions.runners.task_list.no_tasks": "タスクはまだありません。",
+	"actions.runners.task_list.run": "実行",
+	"actions.runners.task_list.status": "ステータス",
+	"actions.runners.task_list.repository": "リポジトリ",
+	"actions.runners.task_list.commit": "コミット",
+	"actions.runners.task_list.done_at": "終了時刻",
+	"actions.runners.edit_runner": "ランナーの編集",
+	"actions.runners.update_runner.button": "変更を保存",
+	"actions.runners.update_runner.success": "ランナーを更新しました",
+	"actions.runners.update_runner.failed": "ランナーの更新に失敗しました",
+	"actions.runners.delete_runner.button": "このランナーを削除",
+	"actions.runners.delete_runner.success": "ランナーを削除しました",
+	"actions.runners.delete_runner.failed": "ランナーの削除に失敗しました",
+	"actions.runners.delete_runner.header": "ランナー削除の確認",
+	"actions.runners.delete_runner.notice": "このランナーでタスクが実行されている場合、タスクは停止され失敗扱いとなります。 それによりビルドワークフローが途中で終了することになるかもしれません。",
+	"actions.runners.none": "利用可能なランナーはありません",
+	"actions.runners.version": "バージョン",
+	"actions.runners.reset_registration_token.button": "登録トークンをリセット",
+	"actions.runners.reset_registration_token.success": "ランナー登録トークンをリセットしました",
+	"actions.runs.all_workflows": "すべてのワークフロー",
+	"actions.runs.commit": "コミット",
+	"actions.runs.scheduled": "スケジュール済み",
+	"actions.runs.pushed_by": "pushed by",
+	"actions.runs.workflow": "ワークフロー",
+	"actions.runs.invalid_workflow_helper": "ワークフロー設定ファイルは無効です。あなたの設定ファイルを確認してください: %s",
+	"actions.runs.no_matching_online_runner.helper": "ラベルに一致するオンラインのランナーが見つかりません: %s",
+	"actions.runs.no_job_without_needs": "ワークフローには、依存関係のないジョブが少なくとも 1 つ含まれている必要があります。",
+	"actions.runs.no_job": "ワークフローには少なくとも1つのジョブが含まれている必要があります",
+	"actions.runs.actor": "アクター",
+	"actions.runs.status": "ステータス",
+	"actions.runs.actors_no_select": "すべてのアクター",
+	"actions.runs.status_no_select": "すべてのステータス",
+	"actions.runs.no_results": "一致する結果はありません。",
+	"actions.runs.no_workflows": "ワークフローはまだありません。",
+	"gpg.default_key": "デフォルト鍵で署名",
+	"gpg.error.extract_sign": "署名の抽出に失敗しました",
+	"gpg.error.generate_hash": "コミットのハッシュ生成に失敗しました",
+	"gpg.error.no_committer_account": "コミッターのメールアドレスに対応するアカウントが存在しません",
+	"gpg.error.no_gpg_keys_found": "この署名に対応する既知のキーがデータベースに存在しません",
+	"gpg.error.not_signed_commit": "署名されたコミットではありません",
+	"gpg.error.failed_retrieval_gpg_keys": "コミッターのアカウントに登録されたキーを取得できませんでした",
+	"gpg.error.probable_bad_signature": "警告! このIDの鍵はデータベースに登録されていますが、その鍵でコミットの検証が通りません! これは疑わしいコミットです。",
+	"gpg.error.probable_bad_default_signature": "警告! これはデフォルト鍵のIDですが、デフォルト鍵ではコミットの検証が通りません! これは疑わしいコミットです。",
+	"notification.notifications": "通知",
+	"notification.unread": "未読",
+	"notification.read": "既読",
+	"notification.no_unread": "未読の通知はありません。",
+	"notification.no_read": "既読の通知はありません。",
+	"notification.pin": "通知をピン留め",
+	"notification.mark_as_read": "既読にする",
+	"notification.mark_as_unread": "未読にする",
+	"notification.mark_all_as_read": "すべて既読にする",
+	"notification.subscriptions": "購読",
+	"notification.watching": "ウォッチ中",
+	"notification.no_subscriptions": "購読しているものはありません",
+	"dropzone.default_message": "ここにファイルをドロップまたはクリックしてアップロードします。",
+	"dropzone.invalid_input_type": "この種類のファイルはアップロードできません。",
+	"dropzone.file_too_big": "アップロードされたファイルのサイズ ({{filesize}} MB) が最大サイズ ({{maxFilesize}} MB) を超えています。",
+	"dropzone.remove_file": "ファイル削除",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "パッケージ",
 	"packages.empty": "パッケージはまだありません。",
 	"packages.empty.documentation": "パッケージレジストリの詳細については、 <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">ドキュメント</a> を参照してください。",
diff --git a/options/locale_next/locale_ka.json b/options/locale_next/locale_ka.json
index d9076c6dc1..8c6ee7e247 100644
--- a/options/locale_next/locale_ka.json
+++ b/options/locale_next/locale_ka.json
@@ -1,4 +1,47 @@
 {
+	"actions.actions": "ქმედებები",
+	"actions.status.unknown": "უცნობი",
+	"actions.status.waiting": "ველოდები",
+	"actions.status.running": "მიმდინარეობს შესრულება",
+	"actions.status.success": "წარმატება",
+	"actions.status.failure": "ჩავარდნა",
+	"actions.status.cancelled": "გაუქმებულია",
+	"actions.status.skipped": "გამოტოვებულია",
+	"actions.status.blocked": "დაბლოკილია",
+	"actions.runners": "გამსვებები",
+	"actions.runners.status": "სტატუსი",
+	"actions.runners.status.unspecified": "უცნობი",
+	"actions.runners.status.idle": "უქმე",
+	"actions.runners.status.active": "აქტიურია",
+	"actions.runners.status.offline": "ქსელგარეშე",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "სახელი",
+	"actions.runners.owner_type": "ტიპი",
+	"actions.runners.description": "აღწერა",
+	"actions.runners.labels": "ჭდეები",
+	"actions.runners.runner_title": "გამშვები",
+	"actions.runners.task_list.run": "გაშვება",
+	"actions.runners.task_list.status": "სტატუსი",
+	"actions.runners.task_list.repository": "რეპოზიტორია",
+	"actions.runners.task_list.commit": "კომიტი",
+	"actions.runners.version": "ვერსია",
+	"actions.runs.commit": "კომიტი",
+	"actions.runs.scheduled": "დაგეგმილია",
+	"actions.runs.workflow": "შრომის პროცესი",
+	"actions.runs.actor": "ავტორი",
+	"actions.runs.status": "სტატუსი",
+	"notification.notifications": "გაფრთხილებები",
+	"notification.unread": "წაკითხულობის გაუქმება",
+	"notification.read": "წაკითხვა",
+	"notification.subscriptions": "გამოწერები",
+	"notification.watching": "უყურებთ",
+	"munits.data.b": "ბ",
+	"munits.data.kib": "კიბ",
+	"munits.data.mib": "მიბ",
+	"munits.data.gib": "გიბ",
+	"munits.data.tib": "ტიბ",
+	"munits.data.pib": "პიბ",
+	"munits.data.eib": "ეიბ",
 	"packages.title": "პაკეტები",
 	"packages.filter.type": "ტიპი",
 	"packages.filter.type.all": "ყველა",
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index 7f843e86ca..97c9f6f06e 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -1,4 +1,8 @@
 {
+	"actions.runners.name": "Isem",
+	"actions.runners.description": "Aglam",
+	"actions.runners.task_list.repository": "Akufi",
+	"dropzone.remove_file": "Kkes afaylu",
 	"packages.installation": "Asebded",
 	"packages.details.project_site": "Asmel Web n usenfar",
 	"packages.details.repository_site": "Asmel Web n ukufi",
diff --git a/options/locale_next/locale_ko-KR.json b/options/locale_next/locale_ko-KR.json
index cd781de5e6..052730a299 100644
--- a/options/locale_next/locale_ko-KR.json
+++ b/options/locale_next/locale_ko-KR.json
@@ -1,4 +1,30 @@
 {
+	"actions.runners.name": "이름",
+	"actions.runners.owner_type": "유형",
+	"actions.runners.description": "설명",
+	"actions.runners.task_list.run": "실행",
+	"actions.runners.task_list.repository": "저장소",
+	"actions.runners.task_list.commit": "커밋",
+	"actions.runners.status.active": "사용",
+	"actions.runs.commit": "커밋",
+	"gpg.error.extract_sign": "서명 추출에 실패",
+	"gpg.error.generate_hash": "커밋의 해시 생성에 실패",
+	"gpg.error.not_signed_commit": "서명되지 않은 커밋",
+	"notification.notifications": "알림",
+	"notification.unread": "읽지 않음",
+	"notification.read": "읽음",
+	"notification.no_unread": "읽지 않은 알림이 없습니다.",
+	"notification.no_read": "알림이 없습니다.",
+	"notification.pin": "알림 고정",
+	"notification.mark_as_read": "읽음으로 표시",
+	"notification.mark_as_unread": "읽지 않음으로 표시",
+	"notification.mark_all_as_read": "모두 읽음으로 표시",
+	"notification.subscriptions": "구독한 알림",
+	"notification.watching": "주시중",
+	"notification.no_subscriptions": "알림이 없음",
+	"dropzone.invalid_input_type": "이 형식의 파일을 업로드할 수 없습니다.",
+	"dropzone.file_too_big": "파일 크기({{filesize}} MB) 가 최대 크기({{maxFilesize}} MB) 를 초과합니다.",
+	"dropzone.remove_file": "파일 제거",
 	"packages.filter.type": "유형",
 	"packages.details.author": "작성자",
 	"packages.dependency.id": "ID",
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 83b721831a..27fa4452bf 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Parakstīts ar noklusējuma atslēgu",
+	"gpg.error.extract_sign": "Neizdevās izgūt parakstu",
+	"gpg.error.generate_hash": "Neizdevās izveidot iesūtījuma jaucējkodu",
+	"gpg.error.no_committer_account": "Iesūtītāja e-pasta adrese nav piesaistīta nevienam kontam",
+	"gpg.error.no_gpg_keys_found": "Šim parakstam datubāzē netika atrasta zināma atslēga",
+	"gpg.error.not_signed_commit": "Nav parakstīts iesūtījums",
+	"gpg.error.failed_retrieval_gpg_keys": "Neizdevās iegūt nevienu iesūtītāja kontam piesaistītu atslēgu",
+	"gpg.error.probable_bad_signature": "UZMANĪBU! Lai arī datubāzē ir atslēga ar šādu identifikatoru, tā neapliecina šo iesūtījumu. Šis iesūtījums ir AIZDOMĪGS.",
+	"gpg.error.probable_bad_default_signature": "UZMANĪBU! Lai arī noklusējuma atslēgai ir šis identifikators, tas neapliecina šo iesūtījumu. Šis iesūtījums ir AIZDOMĪGS.",
+	"notification.notifications": "Paziņojumi",
+	"notification.unread": "Neizlasītie",
+	"notification.read": "Izlasītie",
+	"notification.no_unread": "Nav neizlasītu paziņojumu.",
+	"notification.no_read": "Nav izlasītu paziņojumu.",
+	"notification.pin": "Piespraust paziņojumu",
+	"notification.mark_as_read": "Atzīmēt kā izlasītu",
+	"notification.mark_as_unread": "Atzīmēt kā neizlasītu",
+	"notification.mark_all_as_read": "Atzīmēt visus kā izlasītus",
+	"notification.subscriptions": "Abonementi",
+	"notification.watching": "Skatās",
+	"notification.no_subscriptions": "Nav abonementu",
+	"dropzone.default_message": "Ievilkt datnes vai klikšķināt šeit, lai augšupielādētu.",
+	"dropzone.invalid_input_type": "Šī veida datnes nevar augšupielādēt.",
+	"dropzone.file_too_big": "Datnes izmērs ({{filesize}} MB) pārsniedz pieļaujamo izmēru ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Noņemt datni",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Pakotnes",
 	"packages.empty": "Pašlaik šeit nav nevienas pakotnes.",
 	"packages.empty.documentation": "Papildu informācija par pakotņu reģistru ir pieejama <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentācijā</a>.",
@@ -338,6 +370,58 @@
 	"actions.runs.view_most_recent_run": "Apskatīt visnesenāko palaišanu",
 	"actions.runs.run_attempt_label": "Palaišanas mēģinājums #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Tu skati novecojušu šī darba palaišanu, kas tika izpildīta %[1]s.",
+	"actions.runs.all_workflows": "Visas darbplūsmas",
+	"actions.runs.commit": "Iesūtījumu",
+	"actions.runs.scheduled": "Ieplānots",
+	"actions.runs.pushed_by": "aizgādāja",
+	"actions.runs.workflow": "Darbplūsma",
+	"actions.runs.invalid_workflow_helper": "Darbplūsmas konfigurācijas datne ir nederīga. Lūgums pārbaudīt konfigurācijas datni: %s",
+	"actions.runs.no_matching_online_runner.helper": "Nav tiešsaistē esošu izpildītāju, kas atbilstu iezīmei: %s",
+	"actions.runs.no_job_without_needs": "Darbplūsmā ir jābūt vismaz vienam darbam bez atkarībām.",
+	"actions.runs.no_job": "Darbplūsmā ir jābūt vismaz vienam darbam",
+	"actions.runs.actor": "Izraisītājs",
+	"actions.runs.status": "Stāvoklis",
+	"actions.runs.actors_no_select": "Visi izraisītāji",
+	"actions.runs.status_no_select": "Visi stāvokļi",
+	"actions.runs.no_results": "Netika atrasts nekas atbilstošs.",
+	"actions.runs.no_workflows": "Vēl nav nevienas darbplūsmas.",
+	"actions.actions": "Darbības",
+	"actions.runners": "Izpildītāji",
+	"actions.runners.runner_manage_panel": "Pārvaldīt izpildītājus",
+	"actions.runners.new": "Izveidot jaunu izpildītāju",
+	"actions.runners.new_notice": "Kā uzstādīt izpildītāju",
+	"actions.runners.status": "Stāvoklis",
+	"actions.runners.status.unspecified": "Nezināms",
+	"actions.runners.status.idle": "Dīkstāvē",
+	"actions.runners.status.active": "Darbojas",
+	"actions.runners.status.offline": "Bezsaistē",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Nosaukums",
+	"actions.runners.owner_type": "Veids",
+	"actions.runners.description": "Apraksts",
+	"actions.runners.labels": "Iezīmes",
+	"actions.runners.last_online": "Pēdējo reizi tiešsaistē",
+	"actions.runners.runner_title": "Izpildītājs",
+	"actions.runners.task_list": "Pēdējās darbības, kas izpildītas",
+	"actions.runners.task_list.no_tasks": "Vēl nav uzdevumu.",
+	"actions.runners.task_list.run": "Izpildījums",
+	"actions.runners.task_list.status": "Stāvoklis",
+	"actions.runners.task_list.repository": "Glabātava",
+	"actions.runners.task_list.commit": "Iesūtījums",
+	"actions.runners.task_list.done_at": "Pabeigts",
+	"actions.runners.edit_runner": "Labot izpildītāju",
+	"actions.runners.update_runner.button": "Atjaunināt izmaiņas",
+	"actions.runners.update_runner.success": "Izpildītājs sekmīgi atjaunināts",
+	"actions.runners.update_runner.failed": "Neizdevās atjaunināt izpildītāju",
+	"actions.runners.delete_runner.button": "Dzēst izpildītāju",
+	"actions.runners.delete_runner.success": "Izpildītājs sekmīgi izdzēsts",
+	"actions.runners.delete_runner.failed": "Neizdevās izdzēst izpildītāju",
+	"actions.runners.delete_runner.header": "Apstiprināt izpildītāja izdzēšanu",
+	"actions.runners.delete_runner.notice": "Ja šis izpildītājs veic kādus uzdevumus, tad tie tiks apturēti un atzīmēti kā neizdevušies. Tas var sabojāt būvēšanas darbplūsmas.",
+	"actions.runners.none": "Nav pieejami izpildītāji",
+	"actions.runners.version": "Versija",
+	"actions.runners.reset_registration_token.button": "Atiestatīt reģistrācijas pilnvaru",
+	"actions.runners.reset_registration_token.success": "Izpildītāja reģistrācijas pilnvara tika sekmīgi atiestatīta",
 	"repo.pulls.maintainers_can_edit": "Uzturētāji var labot šo izmaiņu pieprasījumu.",
 	"repo.pulls.maintainers_cannot_edit": "Uzturētāji nevar labot šo izmaiņu pieprasījumu.",
 	"pulse.n_active_issues": {
@@ -384,6 +468,14 @@
 		"one": "Gaida uz izpildītāju ar šādām iezīmēm: %s",
 		"other": "Gaida uz izpildītāju ar šādām iezīmēm: %s"
 	},
+	"actions.status.unknown": "Nezināms",
+	"actions.status.waiting": "Gaida",
+	"actions.status.running": "Izpildās",
+	"actions.status.success": "Sekmīgi",
+	"actions.status.failure": "Nesekmīgi",
+	"actions.status.cancelled": "Atcelts",
+	"actions.status.skipped": "Izlaists",
+	"actions.status.blocked": "Aizturēts",
 	"keys.verify.token.hint": "Pilnvara ir derīga tikai 1 minūti. <a href=\"%[1]s\">Iegūt jaunu</a>, ja pašreizējā ir beigusies.",
 	"admin.dashboard.transfer_lingering_logs": "Pārcelt pabeigto darbību uzdevumu darbību žurnālus no datubāzes uz krātuvi",
 	"repo.issues.filter_poster.hint": "Atlasīt pēc izveidotāja",
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 49a69cf7c8..6f26c757f7 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Mit normaalem Slötel unnerschrieven",
+	"gpg.error.extract_sign": "Kunn Unnerschrift nich uttrecken",
+	"gpg.error.generate_hash": "Kunn Prüfsumm vum Kommitteren nich bereken",
+	"gpg.error.no_committer_account": "Keen Konto mit de Kommitterer-E-Mail-Adress verbunnen",
+	"gpg.error.no_gpg_keys_found": "Keen bekannter Slötel för deese Unnerschrift in de Datenbank funnen",
+	"gpg.error.not_signed_commit": "Kommitteren is nich unnerschrieven",
+	"gpg.error.failed_retrieval_gpg_keys": "Kunn keenen Slötel halen, wat mit de Konto vum Kommitterer verbunnen is",
+	"gpg.error.probable_bad_signature": "WAHRSCHAU! Ofschoonst een Slötel mit deeser ID in de Datenbank is, wiest dat deeses Kommitteren nich ut! Deeses Kommitteren is VERDÄCHTIG.",
+	"gpg.error.probable_bad_default_signature": "WAHRSCHAU! Ofschoonst de normaal-Slötel deese ID hett, wiest dat deeses Kommitteren nich ut! Deeses Kommitteren is VERDÄCHTIG.",
+	"notification.notifications": "Narichtens",
+	"notification.unread": "Nich lesen",
+	"notification.read": "Lesen",
+	"notification.no_unread": "Keene nejen Narichtens.",
+	"notification.no_read": "Keene lesen Narichtens.",
+	"notification.pin": "Naricht faststeken",
+	"notification.mark_as_read": "As lesen markeren",
+	"notification.mark_as_unread": "As nich lesen markeren",
+	"notification.mark_all_as_read": "All as lesen markeren",
+	"notification.subscriptions": "Abonneerens",
+	"notification.watching": "Beluren",
+	"notification.no_subscriptions": "Nix abonneert",
+	"dropzone.default_message": "Laat Dateien hier fallen of klick hier tum Upladen.",
+	"dropzone.invalid_input_type": "Du kannst deese Aard vun Dateien nich upladen.",
+	"dropzone.file_too_big": "Dateigrött ({{filesize}} MB) is boven de hoogste Dateigrött vun {{maxFilesize}} MB.",
+	"dropzone.remove_file": "Datei wegdoon",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Paketen",
 	"packages.empty": "Dat gifft noch keene Paketen.",
 	"packages.empty.documentation": "För mehr Informatioonen över de Paketlist, kiek <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">de Dokumenteren</a> an.",
@@ -327,6 +359,58 @@
 	"actions.runs.viewing_out_of_date_run": "Du bekiekst eenen verollten Loop vun deeser Upgaav, wat %[1]s utföhrt worden is.",
 	"actions.runs.view_most_recent_run": "Neeisten Loop ankieken",
 	"actions.runs.run_attempt_label": "Loop-Versöök #%[1]s (%[2]s)",
+	"actions.runs.all_workflows": "All Warkwiesen",
+	"actions.runs.commit": "Kommitteren",
+	"actions.runs.scheduled": "Na Tiedplaan",
+	"actions.runs.pushed_by": "schuven vun",
+	"actions.runs.workflow": "Warkwies",
+	"actions.runs.invalid_workflow_helper": "Warkwies-Instellens-Datei is ungültig. Bidde kiek diene Instellens-Datei na: %s",
+	"actions.runs.no_matching_online_runner.helper": "Keen verbunnen Loper, wat passt, mit de Vermark funnen: %s",
+	"actions.runs.no_job_without_needs": "De Warkwies mutt tominnst eene Upgaav sünner Ofhangen enthollen.",
+	"actions.runs.no_job": "De Warkwies mutt tominnst eene Upgaav enthollen",
+	"actions.runs.actor": "Aktöör",
+	"actions.runs.status": "Tostand",
+	"actions.runs.actors_no_select": "All Aktören",
+	"actions.runs.status_no_select": "All Tostanden",
+	"actions.runs.no_results": "Keene Resultaten passen.",
+	"actions.runs.no_workflows": "Dat gifft noch keene Warkwiesens.",
+	"actions.actions": "Aktioonen",
+	"actions.runners": "Lopers",
+	"actions.runners.runner_manage_panel": "Lopers verwalten",
+	"actions.runners.new": "Nejen Loper maken",
+	"actions.runners.new_notice": "Wo man eenen Loper start",
+	"actions.runners.status": "Tostand",
+	"actions.runners.status.unspecified": "Unbekannt",
+	"actions.runners.status.idle": "Nix to doon",
+	"actions.runners.status.active": "Aktiiv",
+	"actions.runners.status.offline": "Nich verbunnen",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Naam",
+	"actions.runners.owner_type": "Aard",
+	"actions.runners.description": "Beschrieven",
+	"actions.runners.labels": "Vermarkens",
+	"actions.runners.last_online": "Tolest verbunnen",
+	"actions.runners.runner_title": "Loper",
+	"actions.runners.task_list": "Leste Upgaven up deesem Loper",
+	"actions.runners.task_list.no_tasks": "Dat gifft noch keene Upgaav.",
+	"actions.runners.task_list.run": "Utföhren",
+	"actions.runners.task_list.status": "Tostand",
+	"actions.runners.task_list.repository": "Repositorium",
+	"actions.runners.task_list.commit": "Kommitteren",
+	"actions.runners.task_list.done_at": "Daan um",
+	"actions.runners.edit_runner": "Loper bewarken",
+	"actions.runners.update_runner.button": "Ännerns vernejen",
+	"actions.runners.update_runner.success": "Loper verneeit",
+	"actions.runners.update_runner.failed": "Kunn Loper nich vernejen",
+	"actions.runners.delete_runner.button": "Deesen Loper wegdoon",
+	"actions.runners.delete_runner.success": "Loper wegdaan",
+	"actions.runners.delete_runner.failed": "Kunn Loper nich wegdoon",
+	"actions.runners.delete_runner.header": "Wies ut, dat du deesen Loper wegdoon willst",
+	"actions.runners.delete_runner.notice": "Wenn eene Upgaav up deesem Loper löppt, word se ofbroken un as fehlslagen markeert. Dat kann Bau-Warkwiesen stören.",
+	"actions.runners.none": "Keene Lopers verföögbaar",
+	"actions.runners.version": "Versioon",
+	"actions.runners.reset_registration_token.button": "Registrerens-Teken torüggsetten",
+	"actions.runners.reset_registration_token.success": "Loper-Registrerens-Teken torüggsett",
 	"repo.pulls.maintainers_can_edit": "Liddmaten könen deesen Haalvörslag bewarken.",
 	"repo.pulls.maintainers_cannot_edit": "Liddmaten könen deesen Haalvörslag nich bewarken.",
 	"pulse.n_active_issues": {
@@ -369,6 +453,14 @@
 		"one": "Wacht up eenen Loper mit deesem Vermark: %s",
 		"other": "Wacht up eenen Loper mit deesen Vermarkens: %s"
 	},
+	"actions.status.unknown": "Unbekannt",
+	"actions.status.waiting": "Wacht",
+	"actions.status.running": "Löppt",
+	"actions.status.success": "Daankregen",
+	"actions.status.failure": "Fehlslagen",
+	"actions.status.cancelled": "Ofbroken",
+	"actions.status.skipped": "Översprungen",
+	"actions.status.blocked": "Blockeert",
 	"keys.verify.token.hint": "Deeses Teken gellt blots 1 Menüüt. <a href=\"%[1]s\">Haal een nejes, wenn ’t avlopen is</a>.",
 	"admin.dashboard.transfer_lingering_logs": "Aktioons-Utgaven vun ofsloten Aktioons-Upgaven vun de Datenbank in de Spieker överdragen",
 	"repo.issues.filter_poster.hint": "Na Autor filtern",
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index 89eb964402..801ac2b29d 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Ondertekend met standaard sleutel",
+	"gpg.error.extract_sign": "Handtekening uitpakken mislukt",
+	"gpg.error.generate_hash": "Genereren van commit hash mislukt",
+	"gpg.error.no_committer_account": "Geen account gekoppeld aan het e-mailadres van de committer",
+	"gpg.error.no_gpg_keys_found": "Geen bekende sleutel gevonden voor deze handtekening in de database",
+	"gpg.error.not_signed_commit": "Geen ondertekende commit",
+	"gpg.error.failed_retrieval_gpg_keys": "Kan geen sleutel ophalen die gekoppeld is aan de account van de committer",
+	"gpg.error.probable_bad_signature": "WAARSCHUWING! Hoewel er een sleutel met dit ID in de database zit, verifieert het deze commit niet! Deze commit is VERDACHT.",
+	"gpg.error.probable_bad_default_signature": "WAARSCHUWING! Hoewel de standaard sleutel dit ID heeft, is deze commit niet geverifieerd! Deze commit is VERDACHT.",
+	"notification.notifications": "Notificaties",
+	"notification.unread": "Ongelezen",
+	"notification.read": "Gelezen",
+	"notification.no_unread": "Geen ongelezen meldingen.",
+	"notification.no_read": "Geen gelezen meldingen.",
+	"notification.pin": "Pin melding",
+	"notification.mark_as_read": "Markeer als gelezen",
+	"notification.mark_as_unread": "Markeer als ongelezen",
+	"notification.mark_all_as_read": "Markeer alles als gelezen",
+	"notification.subscriptions": "Abonnementen",
+	"notification.watching": "Kijken naar",
+	"notification.no_subscriptions": "Geen abonnementen",
+	"dropzone.default_message": "Sleep bestanden hier heen of klik om te uploaden.",
+	"dropzone.invalid_input_type": "U kunt geen bestanden van dit type uploaden.",
+	"dropzone.file_too_big": "Bestandsgrootte ({{filesize}} MB) overschrijdt de maximale grootte ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Verwijder bestand",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Pakketten",
 	"packages.empty": "Er zijn nog geen pakketten.",
 	"packages.empty.documentation": "Voor meer informatie over het pakketregister, zie <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">de documentatie</a>.",
@@ -327,6 +359,58 @@
 	"actions.runs.view_most_recent_run": "Bekijk de meest recente run",
 	"actions.runs.run_attempt_label": "Uitvoerpoging #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "U bekijkt een verouderde uitvoer van deze opdracht die %[1]s is uitgevoerd.",
+	"actions.runs.all_workflows": "Alle workflows",
+	"actions.runs.commit": "Commit",
+	"actions.runs.scheduled": "Gepland",
+	"actions.runs.pushed_by": "gepusht door",
+	"actions.runs.workflow": "Workflow",
+	"actions.runs.invalid_workflow_helper": "Workflow config bestand is ongeldig. Controleer uw configuratiebestand: %s",
+	"actions.runs.no_matching_online_runner.helper": "Geen overeenkomende online runner met label: %s",
+	"actions.runs.no_job_without_needs": "De workflow moet ten minste één taak zonder afhankelijkheden bevatten.",
+	"actions.runs.no_job": "De workflow moet minimaal één job bevatten",
+	"actions.runs.actor": "Acteur",
+	"actions.runs.status": "Status",
+	"actions.runs.actors_no_select": "Alle acteurs",
+	"actions.runs.status_no_select": "Alle statussen",
+	"actions.runs.no_results": "Geen resultaten gevonden.",
+	"actions.runs.no_workflows": "Er zijn nog geen workflows.",
+	"actions.actions": "Actions",
+	"actions.runners": "Runners",
+	"actions.runners.runner_manage_panel": "Runners beheer",
+	"actions.runners.new": "Nieuwe runner aanmaken",
+	"actions.runners.new_notice": "Hoe moet je een runner starten",
+	"actions.runners.status": "Status",
+	"actions.runners.status.unspecified": "Onbekend",
+	"actions.runners.status.idle": "Inactief",
+	"actions.runners.status.active": "Actief",
+	"actions.runners.status.offline": "Offline",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Naam",
+	"actions.runners.owner_type": "Type",
+	"actions.runners.description": "Omschrijving",
+	"actions.runners.labels": "Labels",
+	"actions.runners.last_online": "Laatste online tijd",
+	"actions.runners.runner_title": "Runner",
+	"actions.runners.task_list": "Recente taken op deze runner",
+	"actions.runners.task_list.no_tasks": "Er is nog geen taak.",
+	"actions.runners.task_list.run": "Uitvoeren",
+	"actions.runners.task_list.status": "Status",
+	"actions.runners.task_list.repository": "Opslagplaats",
+	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.task_list.done_at": "Gedaan op",
+	"actions.runners.edit_runner": "Runner bewerken",
+	"actions.runners.update_runner.button": "Wijzigingen bijwerken",
+	"actions.runners.update_runner.success": "Runner succesvol bijgewerkt",
+	"actions.runners.update_runner.failed": "Mislukt om runner bij te werken",
+	"actions.runners.delete_runner.button": "Verwijder deze runner",
+	"actions.runners.delete_runner.success": "Runner succesvol verwijderd",
+	"actions.runners.delete_runner.failed": "Het verwijderen van de runner is mislukt",
+	"actions.runners.delete_runner.header": "Bevestigen om deze runner te verwijderen",
+	"actions.runners.delete_runner.notice": "Als er een taak op deze runner draait, wordt deze beëindigd en gemarkeerd als mislukt. Dit kan het bouwen van de workflow onderbreken.",
+	"actions.runners.none": "Geen runners beschikbaar",
+	"actions.runners.version": "Versie",
+	"actions.runners.reset_registration_token.button": "Registratie token resetten",
+	"actions.runners.reset_registration_token.success": "Runner registratie token met succes gereset",
 	"repo.pulls.maintainers_can_edit": "Maintainers kan deze pull request bewerken.",
 	"repo.pulls.maintainers_cannot_edit": "Maintainers kunnen deze pull request niet bewerken.",
 	"pulse.n_active_issues": {
@@ -369,6 +453,14 @@
 		"one": "Wachten op een runner met het volgende label: %s",
 		"other": "Wachten op een runner met de volgende labels: %s"
 	},
+	"actions.status.unknown": "Onbekend",
+	"actions.status.waiting": "Wachten",
+	"actions.status.running": "Bezig",
+	"actions.status.success": "Succes",
+	"actions.status.failure": "Mislukking",
+	"actions.status.cancelled": "Geannuleerd",
+	"actions.status.skipped": "Overgeslagen",
+	"actions.status.blocked": "Geblokkeerd",
 	"keys.verify.token.hint": "De token is slechts 1 minuut geldig. <a href=\"%[1]s\">Krijg een nieuwe als deze verlopen is</a>.",
 	"repo.issues.filter_poster.hint": "Filter op auteur",
 	"repo.issues.filter_assignee.hint": "Filter op toegewezen gebruiker",
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index e12eac60db..2b65650060 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Podpisano domyślnym kluczem",
+	"gpg.error.extract_sign": "Nie udało się wyłuskać podpisu",
+	"gpg.error.generate_hash": "Nie udało się wygenerować skrótu dla commitu",
+	"gpg.error.no_committer_account": "Brak konta powiązanego z adresem e-mail autora",
+	"gpg.error.no_gpg_keys_found": "Nie znaleziono w bazie danych klucza dla tego podpisu",
+	"gpg.error.not_signed_commit": "Commit niepodpisany",
+	"gpg.error.failed_retrieval_gpg_keys": "Nie udało się uzyskać żadnego klucza powiązanego z kontem autora",
+	"gpg.error.probable_bad_signature": "OSTRZEŻENIE! Pomimo istnienia klucza z takim ID w bazie, nie weryfikuje on tego commita! Ten commit jest PODEJRZANY.",
+	"gpg.error.probable_bad_default_signature": "OSTRZEŻENIE! Pomimo, że domyślny klucz posiada to ID, nie weryfikuje on tego commita! Ten commit jest PODEJRZANY.",
+	"notification.notifications": "Powiadomienia",
+	"notification.unread": "Nieprzeczytane",
+	"notification.read": "Przeczytane",
+	"notification.no_unread": "Brak nieprzeczytanych powiadomień.",
+	"notification.no_read": "Brak przeczytanych powiadomień.",
+	"notification.pin": "Przypnij powiadomienie",
+	"notification.mark_as_read": "Oznacz jako przeczytane",
+	"notification.mark_as_unread": "Oznacz jak nieprzeczytane",
+	"notification.mark_all_as_read": "Oznacz wszystkie jako przeczytane",
+	"notification.subscriptions": "Subskrypcje",
+	"notification.watching": "Obserwowane",
+	"notification.no_subscriptions": "Brak subskrypcji",
+	"dropzone.default_message": "Upuść pliki tutaj lub kliknij, aby przesłać.",
+	"dropzone.invalid_input_type": "Nie można przesłać plików tego typu.",
+	"dropzone.file_too_big": "Rozmiar pliku ({{filesize}} MB) przekracza maksymalny rozmiar ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Usuń plik",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Pakiety",
 	"packages.empty": "Nie ma jeszcze żadnych pakietów.",
 	"packages.empty.documentation": "Więcej informacji o rejestrze przekietów znajdziesz w <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentacji</a>.",
@@ -340,6 +372,43 @@
 	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Nie można ocenić `runs-on` zadania %[1]s: wymiar macierzy %[2]s nie istnieje.",
 	"actions.workflow.incomplete_runson_unknown_cause": "Nie można ocenić `runs-on` zadania %[1]s: nieznany błąd.",
 	"actions.workflow.pre_execution_error": "Workflow nie został uruchomiony z powodu błędu, który zablokował próbę jego wykonania.",
+	"actions.actions": "Akcje",
+	"actions.runners": "Runnery",
+	"actions.runners.runner_manage_panel": "Zarządzaj runnerami",
+	"actions.runners.new": "Utwórz nowy runner",
+	"actions.runners.new_notice": "Jak uruchomić runner",
+	"actions.runners.status": "Status",
+	"actions.runners.status.unspecified": "Nieznane",
+	"actions.runners.status.idle": "Bezczynne",
+	"actions.runners.status.active": "Aktywne",
+	"actions.runners.status.offline": "Offline",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Nazwa",
+	"actions.runners.owner_type": "Typ",
+	"actions.runners.description": "Opis",
+	"actions.runners.labels": "Etykiety",
+	"actions.runners.last_online": "Ostatni czas online",
+	"actions.runners.runner_title": "Runner",
+	"actions.runners.task_list": "Ostatnie zadania w tym runnerze",
+	"actions.runners.task_list.no_tasks": "Nie ma jeszcze zadań.",
+	"actions.runners.task_list.run": "Uruchom",
+	"actions.runners.task_list.status": "Status",
+	"actions.runners.task_list.repository": "Repozytorium",
+	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.task_list.done_at": "Ukończone W",
+	"actions.runners.edit_runner": "Edytuj Runnera",
+	"actions.runners.update_runner.button": "Aktualizuj zmiany",
+	"actions.runners.update_runner.success": "Runner zaktualizowany pomyślnie",
+	"actions.runners.update_runner.failed": "Nie udało się zaktualizować runnera",
+	"actions.runners.delete_runner.button": "Usuń ten runner",
+	"actions.runners.delete_runner.success": "Runner usunięty pomyślnie",
+	"actions.runners.delete_runner.failed": "Nie udało się usunąć runnera",
+	"actions.runners.delete_runner.header": "Potwierdź usunięcie tego runnera",
+	"actions.runners.delete_runner.notice": "Jeżeli zadanie nadal jest wykonywane przez ten runner, zostanie ono zakończone i oznaczone jako niepowodzenie. Może to przerwać proces pracy.",
+	"actions.runners.none": "Brak dostępnych runnerów",
+	"actions.runners.version": "Wersja",
+	"actions.runners.reset_registration_token.button": "Resetuj token rejestracji",
+	"actions.runners.reset_registration_token.success": "Rejestracja tokenu resetu runnera pomyślna",
 	"mail.actions.run_info_cur_status": "Stan tego uruchomienia: %[1]s (dopiero zmieniony z %[2]s)",
 	"mail.actions.run_info_previous_status": "Stan poprzedniego uruchomienia: %[1]s",
 	"mail.actions.run_info_trigger": "Wyzwolony ponieważ: %[1]s przez: %[2]s",
@@ -382,6 +451,14 @@
 		"few": "Oczekiwanie na runnery z następującą etykietą: %s",
 		"many": "Oczekiwanie na runnery z następującą etykietą: %s"
 	},
+	"actions.status.unknown": "Nieznane",
+	"actions.status.waiting": "Oczekiwanie",
+	"actions.status.running": "Uruchomione",
+	"actions.status.success": "Sukces",
+	"actions.status.failure": "Niepowodzenie",
+	"actions.status.cancelled": "Anulowano",
+	"actions.status.skipped": "Pominięto",
+	"actions.status.blocked": "Zablokowano",
 	"repo.pulls.poster_trust_deny": "Odmów",
 	"repo.pulls.poster_trust_once": "Zezwól jednokrotnie",
 	"repo.pulls.poster_trust_always": "Zawsze zezwalaj",
@@ -401,5 +478,20 @@
 	"migrate.pagure.private_issues.summary": "Prywatne zgłoszenia (opcjonalne)",
 	"actions.runs.view_most_recent_run": "Pokaż ostatnie uruchomienie",
 	"actions.runs.run_attempt_label": "Próba uruchomienia #%[1]s (%[2]s)",
+	"actions.runs.all_workflows": "Wszystkie procesy prac",
+	"actions.runs.commit": "Commit",
+	"actions.runs.scheduled": "Zaplanowane",
+	"actions.runs.pushed_by": "wypchnięty przez",
+	"actions.runs.workflow": "Proces pracy",
+	"actions.runs.invalid_workflow_helper": "Plik konfiguracyjny procesu pracy jest nieprawidłowy. Proszę sprawdź swój plik konfiguracyjny: %s",
+	"actions.runs.no_matching_online_runner.helper": "Brak pasujących runnerów online z etykietą: %s",
+	"actions.runs.no_job_without_needs": "Proces pracy musi zawierać chociaż jedno zadanie bez zależności.",
+	"actions.runs.no_job": "Proces pracy musi posiadać chociaż jedno zadanie",
+	"actions.runs.actor": "Aktor",
+	"actions.runs.status": "Status",
+	"actions.runs.actors_no_select": "Wszyscy aktorzy",
+	"actions.runs.status_no_select": "Wszystkie stany",
+	"actions.runs.no_results": "Brak pasujących wyników.",
+	"actions.runs.no_workflows": "Nie ma jeszcze żadnych procesów pracy.",
 	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index c07ea2a462..2bbd2c7aa1 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Assinado com a chave padrão",
+	"gpg.error.extract_sign": "Falha ao extrair assinatura",
+	"gpg.error.generate_hash": "Falha ao gerar hash de commit",
+	"gpg.error.no_committer_account": "Nenhuma conta vinculada ao e-mail do autor do commit",
+	"gpg.error.no_gpg_keys_found": "Nenhuma chave conhecida encontrada para esta assinatura no banco de dados",
+	"gpg.error.not_signed_commit": "Não é um commit assinado",
+	"gpg.error.failed_retrieval_gpg_keys": "Falha ao obter qualquer chave anexada à conta do autor do commit",
+	"gpg.error.probable_bad_signature": "ATENÇÃO! Embora exista uma chave com este ID no banco de dados, ela não verifica este commit! Este commit é SUSPEITO.",
+	"gpg.error.probable_bad_default_signature": "ATENÇÃO! Embora a chave padrão tenha este ID, ela não verifica este commit! Este commit é SUSPEITO.",
+	"notification.notifications": "Notificações",
+	"notification.unread": "Não lidas",
+	"notification.read": "Lidas",
+	"notification.no_unread": "Nenhuma notificação não lida.",
+	"notification.no_read": "Nenhuma notificação lida.",
+	"notification.pin": "Fixar notificação",
+	"notification.mark_as_read": "Marcar como lida",
+	"notification.mark_as_unread": "Marcar como não lida",
+	"notification.mark_all_as_read": "Marcar todas como lidas",
+	"notification.subscriptions": "Inscrições",
+	"notification.watching": "Observando",
+	"notification.no_subscriptions": "Nenhuma inscrição",
+	"dropzone.default_message": "Arraste e solte arquivos aqui, ou clique para selecioná-los.",
+	"dropzone.invalid_input_type": "Você não pode enviar arquivos deste tipo.",
+	"dropzone.file_too_big": "Tamanho de arquivo ({{filesize}} MB) excede o máximo de ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Remover arquivo",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Pacotes",
 	"packages.empty": "Não há pacotes ainda.",
 	"packages.empty.documentation": "Para obter mais informações sobre o registro de pacotes, consulte <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">a documentação</a>.",
@@ -338,6 +370,58 @@
 	"actions.runs.viewing_out_of_date_run": "Você está visualizando uma execução desatualizada deste trabalho que foi executada %[1]s.",
 	"actions.runs.view_most_recent_run": "Ver execução mais recente",
 	"actions.runs.run_attempt_label": "Tentativa de execução #%[1]s (%[2]s)",
+	"actions.runs.all_workflows": "Todos os workflows",
+	"actions.runs.commit": "Commit",
+	"actions.runs.scheduled": "Programadas",
+	"actions.runs.pushed_by": "push feito por",
+	"actions.runs.workflow": "Workflow",
+	"actions.runs.invalid_workflow_helper": "O arquivo de configuração do workflow é inválido. Por favor, verifique seu arquivo de configuração: %s",
+	"actions.runs.no_matching_online_runner.helper": "Nenhum runner online encontrado com o rótulo: %s",
+	"actions.runs.no_job_without_needs": "O workflow deve conter pelo menos um trabalho sem dependências.",
+	"actions.runs.no_job": "O workflow precisa conter pelo menos um trabalho",
+	"actions.runs.actor": "Ator",
+	"actions.runs.status": "Status",
+	"actions.runs.actors_no_select": "Todos os atores",
+	"actions.runs.status_no_select": "Todos os estados",
+	"actions.runs.no_results": "Nenhum resultado.",
+	"actions.runs.no_workflows": "Não há workflows ainda.",
+	"actions.actions": "Ações",
+	"actions.runners": "Runners",
+	"actions.runners.runner_manage_panel": "Gerenciar runners",
+	"actions.runners.new": "Criar novo runner",
+	"actions.runners.new_notice": "Como iniciar um runner",
+	"actions.runners.status": "Estado",
+	"actions.runners.status.unspecified": "Desconhecido",
+	"actions.runners.status.idle": "Inativo",
+	"actions.runners.status.active": "Ativo",
+	"actions.runners.status.offline": "Offline",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Nome",
+	"actions.runners.owner_type": "Tipo",
+	"actions.runners.description": "Descrição",
+	"actions.runners.labels": "Rótulos",
+	"actions.runners.last_online": "Última vez online",
+	"actions.runners.runner_title": "Runner",
+	"actions.runners.task_list": "Tarefas recentes neste runner",
+	"actions.runners.task_list.no_tasks": "Ainda não há nenhuma tarefa.",
+	"actions.runners.task_list.run": "Executar",
+	"actions.runners.task_list.status": "Estado",
+	"actions.runners.task_list.repository": "Repositório",
+	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.task_list.done_at": "Realizada em",
+	"actions.runners.edit_runner": "Editar Runner",
+	"actions.runners.update_runner.button": "Salvar alterações",
+	"actions.runners.update_runner.success": "Runner atualizado com sucesso",
+	"actions.runners.update_runner.failed": "Falha ao atualizar runner",
+	"actions.runners.delete_runner.button": "Deletar esse runner",
+	"actions.runners.delete_runner.success": "Runner excluído com sucesso",
+	"actions.runners.delete_runner.failed": "Falha ao excluir runner",
+	"actions.runners.delete_runner.header": "Confirme para excluir este runner",
+	"actions.runners.delete_runner.notice": "Se uma tarefa estiver sendo executada neste runner, ela será encerrada e marcada como falha. Pode quebrar o workflow de construção.",
+	"actions.runners.none": "Nenhum runner disponível",
+	"actions.runners.version": "Versão",
+	"actions.runners.reset_registration_token.button": "Resetar token de registro",
+	"actions.runners.reset_registration_token.success": "Token de registro de runner redefinido com sucesso",
 	"repo.pulls.maintainers_can_edit": "Mantenedores podem editar este pull request.",
 	"repo.pulls.maintainers_cannot_edit": "Mantenedores não podem editar este pull request.",
 	"pulse.n_active_issues": {
@@ -384,6 +468,14 @@
 		"many": "Esperando por um runner com os seguintes rótulos: %s",
 		"other": "Esperando por um runner com os seguintes rótulos: %s"
 	},
+	"actions.status.unknown": "Desconhecido",
+	"actions.status.waiting": "Aguardando",
+	"actions.status.running": "Executando",
+	"actions.status.success": "Sucesso",
+	"actions.status.failure": "Falha",
+	"actions.status.cancelled": "Cancelada",
+	"actions.status.skipped": "Ignorada",
+	"actions.status.blocked": "Bloqueada",
 	"keys.verify.token.hint": "Esse token é válido apenas por 1 minuto. <a href=\"%[1]s\">Obtenha um novo se ele expirou</a>.",
 	"repo.issues.filter_poster.hint": "Filtrar por autor",
 	"repo.issues.filter_assignee.hint": "Filtrar por usuário atribuído",
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index 4f53587182..4f24bf9ccc 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Assinado com a chave padrão",
+	"gpg.error.extract_sign": "Falhou ao extrair a assinatura",
+	"gpg.error.generate_hash": "Falhou ao gerar o <i>hash</i> do cometimento",
+	"gpg.error.no_committer_account": "Não existe qualquer conta ligada ao endereço de email de quem cometeu",
+	"gpg.error.no_gpg_keys_found": "Não foi encontrada uma chave conhecida para esta assinatura, na base de dados",
+	"gpg.error.not_signed_commit": "Não é um cometimento assinado",
+	"gpg.error.failed_retrieval_gpg_keys": "Falhou ao obter uma chave ligada à conta de quem cometeu",
+	"gpg.error.probable_bad_signature": "AVISO! Embora exista uma chave com este ID na base de dados, ela não valida este cometimento! Este cometimento é SUSPEITO.",
+	"gpg.error.probable_bad_default_signature": "AVISO! Embora a chave padrão tenha este ID, ela não valida este cometimento! Este cometimento é SUSPEITO.",
+	"notification.notifications": "Notificações",
+	"notification.unread": "Por ler",
+	"notification.read": "Lidas",
+	"notification.no_unread": "Sem notificações por ler.",
+	"notification.no_read": "Sem notificações lidas.",
+	"notification.pin": "Fixar notificação",
+	"notification.mark_as_read": "Marcar como lida",
+	"notification.mark_as_unread": "Marcar como não lida",
+	"notification.mark_all_as_read": "Marcar todas como lidas",
+	"notification.subscriptions": "Subscrições",
+	"notification.watching": "Vigiando",
+	"notification.no_subscriptions": "Sem subscrições",
+	"dropzone.default_message": "Largue os ficheiros aqui ou clique aqui para os carregar.",
+	"dropzone.invalid_input_type": "Não pode carregar ficheiros deste tipo.",
+	"dropzone.file_too_big": "O tamanho do ficheiro ({{filesize}} MB) excede o tamanho máximo de ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Remover ficheiro",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Pacotes",
 	"packages.empty": "Ainda não há pacotes.",
 	"packages.empty.documentation": "Para obter mais informação sobre o registo de pacotes, veja <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">a documentação</a>.",
@@ -338,6 +370,58 @@
 	"actions.runs.run_attempt_label": "Tentativa de execução #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Está a visualizar uma execução desatualizada deste trabalho que foi executado %[1]s.",
 	"actions.runs.view_most_recent_run": "Ver execução mais recente",
+	"actions.runs.all_workflows": "Todas as sequências de trabalho",
+	"actions.runs.commit": "Cometimento",
+	"actions.runs.scheduled": "Agendadas",
+	"actions.runs.pushed_by": "enviado por",
+	"actions.runs.workflow": "Sequência de trabalho",
+	"actions.runs.invalid_workflow_helper": "O ficheiro de configuração da sequência de trabalho é inválido. Verifique o seu ficheiro de configuração: %s",
+	"actions.runs.no_matching_online_runner.helper": "Não existem executores ligados que tenham o rótulo %s",
+	"actions.runs.no_job_without_needs": "A sequência de trabalho tem de conter pelo menos um trabalho sem dependências.",
+	"actions.runs.no_job": "A sequência de trabalho tem de conter pelo menos um trabalho",
+	"actions.runs.actor": "Interveniente",
+	"actions.runs.status": "Estado",
+	"actions.runs.actors_no_select": "Todos os intervenientes",
+	"actions.runs.status_no_select": "Todos os estados",
+	"actions.runs.no_results": "Nenhum resultado obtido.",
+	"actions.runs.no_workflows": "Ainda não há sequências de trabalho.",
+	"actions.actions": "Operações",
+	"actions.runners": "Executores",
+	"actions.runners.runner_manage_panel": "Gerir executores",
+	"actions.runners.new": "Criar um novo executor",
+	"actions.runners.new_notice": "Como iniciar um executor",
+	"actions.runners.status": "Estado",
+	"actions.runners.status.unspecified": "Desconhecido",
+	"actions.runners.status.idle": "Parado",
+	"actions.runners.status.active": "Em funcionamento",
+	"actions.runners.status.offline": "Desconectado",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Nome",
+	"actions.runners.owner_type": "Tipo",
+	"actions.runners.description": "Descrição",
+	"actions.runners.labels": "Rótulos",
+	"actions.runners.last_online": "Última vez que esteve ligado",
+	"actions.runners.runner_title": "Executor",
+	"actions.runners.task_list": "Tarefas recentes deste executor",
+	"actions.runners.task_list.no_tasks": "Ainda não há tarefas.",
+	"actions.runners.task_list.run": "Executar",
+	"actions.runners.task_list.status": "Estado",
+	"actions.runners.task_list.repository": "Repositório",
+	"actions.runners.task_list.commit": "Cometimento",
+	"actions.runners.task_list.done_at": "Feito em",
+	"actions.runners.edit_runner": "Editar executor",
+	"actions.runners.update_runner.button": "Guardar alterações",
+	"actions.runners.update_runner.success": "O executor foi modificado com sucesso",
+	"actions.runners.update_runner.failed": "Falhou ao modificar o executor",
+	"actions.runners.delete_runner.button": "Eliminar este executor",
+	"actions.runners.delete_runner.success": "O executor foi eliminado com sucesso",
+	"actions.runners.delete_runner.failed": "Falhou ao eliminar o executor",
+	"actions.runners.delete_runner.header": "Confirme que quer eliminar este executor",
+	"actions.runners.delete_runner.notice": "Se uma tarefa estiver a correr neste executor, será terminada e marcada como tendo falhado. Isso poderá quebrar a sequência de trabalho de construção.",
+	"actions.runners.none": "Não há executores disponíveis",
+	"actions.runners.version": "Versão",
+	"actions.runners.reset_registration_token.button": "Repor código de registo",
+	"actions.runners.reset_registration_token.success": "O código de incrição do executor foi reposto com sucesso",
 	"pulse.n_active_issues": {
 		"one": "%s questão vigente",
 		"many": "%s questões vigentes",
@@ -385,6 +469,14 @@
 		"many": "Aguardando por um executor com os seguintes rótulos: %s",
 		"other": "Aguardando por um executor com os seguintes rótulos: %s"
 	},
+	"actions.status.unknown": "Desconhecido",
+	"actions.status.waiting": "Aguardando",
+	"actions.status.running": "Em execução",
+	"actions.status.success": "Sucesso",
+	"actions.status.failure": "Falha",
+	"actions.status.cancelled": "Cancelado",
+	"actions.status.skipped": "Ignorado",
+	"actions.status.blocked": "Bloqueado",
 	"repo.issues.filter_poster.hint": "Filtrar pelo autor",
 	"repo.issues.filter_assignee.hint": "Filtrar por utilizador atribuído",
 	"repo.issues.filter_reviewers.hint": "Filtrar por utilizador que reviu",
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 29e0265e7e..eb576c5f38 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Подписано ключом по умолчанию",
+	"gpg.error.extract_sign": "Не удалось извлечь подпись",
+	"gpg.error.generate_hash": "Не удалось создать хеш коммита",
+	"gpg.error.no_committer_account": "Учётная запись с эл. почтой автора этого коммита не найдена",
+	"gpg.error.no_gpg_keys_found": "Не найден ключ, соответствующий данной подписи",
+	"gpg.error.not_signed_commit": "Неподписанный коммит",
+	"gpg.error.failed_retrieval_gpg_keys": "Не удалось получить ни одного ключа GPG автора коммита",
+	"gpg.error.probable_bad_signature": "ВНИМАНИЕ! Хоть в базе данных есть ключ с этим идентификатором, он не заверяет этот коммит! Этот коммит ПОДОЗРИТЕЛЬНЫЙ.",
+	"gpg.error.probable_bad_default_signature": "ВНИМАНИЕ! Хоть ключ по умолчанию имеет этот идентификатор, он не заверяет этот коммит! Этот коммит ПОДОЗРИТЕЛЬНЫЙ.",
+	"notification.notifications": "Уведомления",
+	"notification.unread": "Непросмотренные",
+	"notification.read": "Просмотренные",
+	"notification.no_unread": "У вас нет непросмотренных уведомлений.",
+	"notification.no_read": "У вас нет просмотренных уведомлений.",
+	"notification.pin": "Прикрепить уведомление",
+	"notification.mark_as_read": "Отметить как просмотренное",
+	"notification.mark_as_unread": "Пометить как непросмотренное",
+	"notification.mark_all_as_read": "Пометить все как просмотренные",
+	"notification.subscriptions": "Подписки",
+	"notification.watching": "Наблюдение",
+	"notification.no_subscriptions": "Нет подписок",
+	"dropzone.default_message": "Перетащите сюда файлы или нажмите для загрузки.",
+	"dropzone.invalid_input_type": "Вы не можете загружать файлы этого типа.",
+	"dropzone.file_too_big": "Размер файла ({{filesize}} МБ) больше чем максимальный размер ({{maxFilesize}} МБ).",
+	"dropzone.remove_file": "Удалить файл",
+	"munits.data.b": "Б",
+	"munits.data.kib": "КиБ",
+	"munits.data.mib": "МиБ",
+	"munits.data.gib": "ГиБ",
+	"munits.data.tib": "ТиБ",
+	"munits.data.pib": "ПиБ",
+	"munits.data.eib": "ЭиБ",
 	"packages.title": "Пакеты",
 	"packages.empty": "Пока нет пакетов.",
 	"packages.empty.documentation": "Дополнительную информацию о реестре пакетов можно узнать в <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документации</a>.",
@@ -338,6 +370,58 @@
 	"actions.runs.run_attempt_label": "Попытка №%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Это устаревший результат. Задание было выполнено %[1]s.",
 	"actions.runs.view_most_recent_run": "Перейти к актуальному",
+	"actions.runs.all_workflows": "Все рабочие потоки",
+	"actions.runs.commit": "коммит",
+	"actions.runs.scheduled": "Запланировано",
+	"actions.runs.pushed_by": "отправлен",
+	"actions.runs.workflow": "Рабочий поток",
+	"actions.runs.invalid_workflow_helper": "Файл конфигурации рабочего потока некорректен. Пожалуйста, проверьте конфигурационный файл: %s",
+	"actions.runs.no_matching_online_runner.helper": "Нет работающего исполнителя с меткой: %s",
+	"actions.runs.no_job_without_needs": "Рабочий поток должен содержать хотя бы одну задачу без зависимостей.",
+	"actions.runs.no_job": "Рабочий поток должен включать хотя бы одну задачу",
+	"actions.runs.actor": "Автор",
+	"actions.runs.status": "Состояние",
+	"actions.runs.actors_no_select": "Все авторы",
+	"actions.runs.status_no_select": "Любое состояние",
+	"actions.runs.no_results": "Ничего не найдено.",
+	"actions.runs.no_workflows": "Пока нет рабочих потоков.",
+	"actions.actions": "Действия",
+	"actions.runners": "Исполнители",
+	"actions.runners.runner_manage_panel": "Управление исполнителями",
+	"actions.runners.new": "Создать новый исполнитель",
+	"actions.runners.new_notice": "Как запустить исполнитель",
+	"actions.runners.status": "Состояние",
+	"actions.runners.status.unspecified": "Неизвестно",
+	"actions.runners.status.idle": "Простаивает",
+	"actions.runners.status.active": "Активный",
+	"actions.runners.status.offline": "Недоступен",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Название",
+	"actions.runners.owner_type": "Тип",
+	"actions.runners.description": "Описание",
+	"actions.runners.labels": "Метки",
+	"actions.runners.last_online": "Был в сети",
+	"actions.runners.runner_title": "Исполнитель",
+	"actions.runners.task_list": "Недавние задания исполнителя",
+	"actions.runners.task_list.no_tasks": "Задания пока нет.",
+	"actions.runners.task_list.run": "Запуск",
+	"actions.runners.task_list.status": "Состояние",
+	"actions.runners.task_list.repository": "Репозиторий",
+	"actions.runners.task_list.commit": "Коммит",
+	"actions.runners.task_list.done_at": "Завершено",
+	"actions.runners.edit_runner": "Изменить исполнитель",
+	"actions.runners.update_runner.button": "Обновить изменения",
+	"actions.runners.update_runner.success": "Исполнитель успешно обновлён",
+	"actions.runners.update_runner.failed": "Не удалось обновить исполнитель",
+	"actions.runners.delete_runner.button": "Удалить этот исполнитель",
+	"actions.runners.delete_runner.success": "Исполнитель успешно удалён",
+	"actions.runners.delete_runner.failed": "Не удалось удалить исполнитель",
+	"actions.runners.delete_runner.header": "Подтвердите удаление исполнителя",
+	"actions.runners.delete_runner.notice": "Если на этом исполнителе выполняется задание, оно будет завершено и помечено как неудачное. Это может нарушить рабочий поток при сборке.",
+	"actions.runners.none": "Нет доступных исполнителей",
+	"actions.runners.version": "Версия",
+	"actions.runners.reset_registration_token.button": "Сброс токена регистрации",
+	"actions.runners.reset_registration_token.success": "Токен регистрации исполнителя успешно сброшен",
 	"repo.pulls.maintainers_can_edit": "Сопровождающие могут вносить правки.",
 	"repo.pulls.maintainers_cannot_edit": "Сопровождающие не могут вносить правки.",
 	"pulse.n_active_issues": {
@@ -382,6 +466,14 @@
 		"few": "Ожидается исполнитель, имеющий одну из меток: %s",
 		"many": "Ожидается исполнитель, имеющий одну из меток: %s"
 	},
+	"actions.status.unknown": "Неизвестно",
+	"actions.status.waiting": "Ожидает",
+	"actions.status.running": "Запущено",
+	"actions.status.success": "Успех",
+	"actions.status.failure": "Неудача",
+	"actions.status.cancelled": "Отменено",
+	"actions.status.skipped": "Пропущен",
+	"actions.status.blocked": "Заблокировано",
 	"repo.pulls.poster_manage_approval": "Управление одобрением",
 	"repo.pulls.poster_trust_revoke.tooltip": "Автор запроса на слияние больше не будет доверятся для запуска раб. потоков, срабатывающих для событий `pull_request`. Каждый запуск потребует одобрения.",
 	"repo.pulls.poster_trust_always.tooltip": "Этот раб. поток будет выполнен. Последующие раб. потоки, срабатывающие по событию `pull_request` в запросах на слияние от этого пользователя, будут запускаться без одобрения.",
diff --git a/options/locale_next/locale_si-LK.json b/options/locale_next/locale_si-LK.json
index becc3b2408..9c847c6f1c 100644
--- a/options/locale_next/locale_si-LK.json
+++ b/options/locale_next/locale_si-LK.json
@@ -1,4 +1,19 @@
 {
+	"actions.runners.name": "නම",
+	"actions.runners.owner_type": "වර්ගය",
+	"actions.runners.description": "සවිස්තරය",
+	"actions.runners.task_list.run": "ධාවනය",
+	"actions.runners.task_list.repository": "කෝෂ්ඨය",
+	"actions.runners.task_list.commit": "කැප",
+	"actions.runners.status.active": "ක්රියාකාරී",
+	"actions.runs.commit": "කැප",
+	"notification.notifications": "දැනුම්දීම්",
+	"notification.unread": "නොකියවූ",
+	"notification.read": "කියවූ",
+	"notification.no_unread": "නොකියවූ දැනුම්දීම් නැත.",
+	"notification.no_read": "කියවූ දැනුම්දීම් නැත.",
+	"dropzone.default_message": "ගොනු දමන්න හෝ උඩුගත කිරීමට මෙතැන ඔබන්න.",
+	"dropzone.remove_file": "ගොනුව ඉවත් කරන්න",
 	"packages.filter.type": "වර්ගය",
 	"packages.alpine.repository.branches": "ශාඛා",
 	"packages.alpine.repository.repositories": "කෝෂ්ඨ",
diff --git a/options/locale_next/locale_sk-SK.json b/options/locale_next/locale_sk-SK.json
index befef392a7..2844fd9645 100644
--- a/options/locale_next/locale_sk-SK.json
+++ b/options/locale_next/locale_sk-SK.json
@@ -1,4 +1,7 @@
 {
+	"actions.runners.labels": "Štítky",
+	"gpg.error.no_committer_account": "Žiadny účet nie je prepojený s e-mailovou adresou prispievateľa",
+	"gpg.error.not_signed_commit": "Nie je podpísaný commit",
 	"packages.alpine.repository.repositories": "Repozitáre",
 	"packages.container.labels": "Štítky",
 	"fork.n_forks": {
diff --git a/options/locale_next/locale_sl.json b/options/locale_next/locale_sl.json
index e948ca6b0d..0fcc19880f 100644
--- a/options/locale_next/locale_sl.json
+++ b/options/locale_next/locale_sl.json
@@ -1,4 +1,5 @@
 {
+	"actions.runners.runner_manage_panel": "Upravljanje tekačev",
 	"packages.owner.settings.chef.keypair.description": "Za preverjanje pristnosti v registru Chef je potreben par ključev. Če ste par ključev ustvarili že prej, se pri ustvarjanju novega para ključev stari par ključev zavrže.",
 	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_sr-SP.json b/options/locale_next/locale_sr-SP.json
index 50ea93a10c..1ec60d3df7 100644
--- a/options/locale_next/locale_sr-SP.json
+++ b/options/locale_next/locale_sr-SP.json
@@ -1,4 +1,5 @@
 {
+	"dropzone.remove_file": "Уклони датотеку",
 	"moderation.abuse_category.malware": "Малвер",
 	"home.welcome.no_activity": "Без активности",
 	"home.welcome.activity_hint": "Нема још ничега у вашем фиду. Ваше активности као и активности из репозиторијума које Ви пратите ће овде бити показивати.",
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index 1ff0066955..f18a357245 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Signerad med standard nyckeln",
+	"gpg.error.extract_sign": "Det gick inte att extrahera signatur",
+	"gpg.error.generate_hash": "Misslyckades att generera hashsumma av commiten",
+	"gpg.error.no_committer_account": "Inget konto är kopplat till bidragsgivarens mejladress",
+	"gpg.error.no_gpg_keys_found": "Ingen känd nyckel hittad för denna signatur i databasen",
+	"gpg.error.not_signed_commit": "Inte en signerad incheckning",
+	"gpg.error.failed_retrieval_gpg_keys": "Det gick inte att hämta någon nyckel kopplad till bidragsgivarens konto",
+	"gpg.error.probable_bad_signature": "VARNING! Även om det finns en nyckel med detta ID i databasen så verifierar det inte incheckningen! Denna incheckning är MISSTÄNKT.",
+	"gpg.error.probable_bad_default_signature": "VARNING! Även om standardnyckeln har detta ID så verifierar det inte incheckningen! Denna incheckning är MISSTÄNKT.",
+	"notification.notifications": "Notiser",
+	"notification.unread": "Olästa",
+	"notification.read": "Lästa",
+	"notification.no_unread": "Inga olästa notifikationer.",
+	"notification.no_read": "Inga lästa notifikationer.",
+	"notification.pin": "Pinna notifiering",
+	"notification.mark_as_read": "Markera som läst",
+	"notification.mark_as_unread": "Markera som oläst",
+	"notification.mark_all_as_read": "Markera alla som lästa",
+	"notification.subscriptions": "Prenumerationer",
+	"notification.watching": "Bevakar",
+	"notification.no_subscriptions": "Inga prenumerationer",
+	"dropzone.default_message": "Släpp filer här eller klicka för att ladda upp.",
+	"dropzone.invalid_input_type": "Du kan inte ladda upp filer av denna typen.",
+	"dropzone.file_too_big": "Filstorleken ({{filesize}} MB) överskrider maxstorleken ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Ta bort fil",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Paket",
 	"packages.empty": "Det finns inga paket ännu.",
 	"packages.empty.documentation": "För mer information om paketregistret, se <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentationen</a>.",
@@ -318,6 +350,58 @@
 	"migrate.pagure.project_example": "Pagure-projektets URL, t.ex. https://pagure.io/pagure",
 	"migrate.pagure.token_label": "Pagure API-token",
 	"actions.runs.run_attempt_label": "Kör försök #%[1]s (%[2]s)",
+	"actions.runs.all_workflows": "Alla arbetsflöden",
+	"actions.runs.commit": "Commit",
+	"actions.runs.scheduled": "Schemalagd",
+	"actions.runs.pushed_by": "skickad av",
+	"actions.runs.workflow": "Arbetsflöde",
+	"actions.runs.invalid_workflow_helper": "Arbetsflödets konfigurationsfil är ogiltig. Kontrollera din konfigurationsfil: %s",
+	"actions.runs.no_matching_online_runner.helper": "Ingen matchande körare online med etikett: %s",
+	"actions.runs.no_job_without_needs": "Arbetsflödet måste innehålla minst ett jobb utan beroenden.",
+	"actions.runs.no_job": "Arbetsflödet måste innehålla minst ett jobb",
+	"actions.runs.actor": "Aktör",
+	"actions.runs.status": "Status",
+	"actions.runs.actors_no_select": "Alla aktörer",
+	"actions.runs.status_no_select": "Alla statusar",
+	"actions.runs.no_results": "Inga resultat matchade.",
+	"actions.runs.no_workflows": "Det finns inga arbetsflöden ännu.",
+	"actions.actions": "Actions",
+	"actions.runners": "Körare",
+	"actions.runners.runner_manage_panel": "Hantera körare",
+	"actions.runners.new": "Skapa ny körare",
+	"actions.runners.new_notice": "Hur man startar en körare",
+	"actions.runners.status": "Status",
+	"actions.runners.status.unspecified": "Okänd",
+	"actions.runners.status.idle": "Inaktiv",
+	"actions.runners.status.active": "Aktiv",
+	"actions.runners.status.offline": "Offline",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Namn",
+	"actions.runners.owner_type": "Typ",
+	"actions.runners.description": "Beskrivning",
+	"actions.runners.labels": "Etiketter",
+	"actions.runners.last_online": "Senast online",
+	"actions.runners.runner_title": "Körare",
+	"actions.runners.task_list": "Senaste uppgifter på denna körare",
+	"actions.runners.task_list.no_tasks": "Det finns ingen uppgift ännu.",
+	"actions.runners.task_list.run": "Kör",
+	"actions.runners.task_list.status": "Status",
+	"actions.runners.task_list.repository": "Utvecklingskatalog",
+	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.task_list.done_at": "Klar",
+	"actions.runners.edit_runner": "Redigera körare",
+	"actions.runners.update_runner.button": "Uppdatera ändringar",
+	"actions.runners.update_runner.success": "Körare uppdaterad framgångsrikt",
+	"actions.runners.update_runner.failed": "Misslyckades med att uppdatera körare",
+	"actions.runners.delete_runner.button": "Ta bort denna körare",
+	"actions.runners.delete_runner.success": "Körare borttagen framgångsrikt",
+	"actions.runners.delete_runner.failed": "Misslyckades med att ta bort körare",
+	"actions.runners.delete_runner.header": "Bekräfta för att ta bort denna körare",
+	"actions.runners.delete_runner.notice": "Om en uppgift körs på denna körare kommer den att avbrytas och markeras som misslyckad. Det kan bryta byggarbetsflödet.",
+	"actions.runners.none": "Inga körare tillgängliga",
+	"actions.runners.version": "Version",
+	"actions.runners.reset_registration_token.button": "Återställ registreringstoken",
+	"actions.runners.reset_registration_token.success": "Körarens registreringstoken återställd framgångsrikt",
 	"migrate.github.description": "Migrera data från github.com eller GitHub Enterprise server.",
 	"repo.pulls.maintainers_can_edit": "Förvaltare kan redigera denna ändringsbegäran.",
 	"repo.pulls.maintainers_cannot_edit": "Förvaltare kan inte redigera denna ändringsbegäran.",
@@ -395,6 +479,14 @@
 		"one": "Väntar på en körare med följande etikett: %s",
 		"other": "Väntar på en körare med följande etiketter: %s"
 	},
+	"actions.status.unknown": "Okänd",
+	"actions.status.waiting": "Väntar",
+	"actions.status.running": "Körs",
+	"actions.status.success": "Lyckad",
+	"actions.status.failure": "Misslyckad",
+	"actions.status.cancelled": "Avbruten",
+	"actions.status.skipped": "Överhoppad",
+	"actions.status.blocked": "Blockerad",
 	"repo.view.gitmodules_too_large": ".gitmodules-filen är för stor och kommer därför att ignoreras (till exempel vid anrop via API)",
 	"install.ssh_authorized_keys_inspection_error": "Misslyckades med att inspektera befintlig authorized_keys-fil: %v",
 	"install.ssh_authorized_keys_unexpected_key": "SSH-aktivering för Forgejo krockar med den befintliga nyckelfilen på %s som innehåller existerande SSH-nycklar. Förslag: använd en egen systemanvändare för Forgejo eller inaktivera SSH.",
diff --git a/options/locale_next/locale_ta.json b/options/locale_next/locale_ta.json
index e222f62a61..2d7adc48f6 100644
--- a/options/locale_next/locale_ta.json
+++ b/options/locale_next/locale_ta.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "இயல்புநிலை விசையுடன் கையொப்பமிடப்பட்டது",
+	"gpg.error.extract_sign": "கையொப்பத்தைப் பிரித்தெடுக்க முடியவில்லை",
+	"gpg.error.generate_hash": "உறுதியின் ஆச் உருவாக்க முடியவில்லை",
+	"gpg.error.no_committer_account": "பொறுப்பாளரின் மின்னஞ்சல் முகவரியுடன் எந்தக் கணக்கும் இணைக்கப்படவில்லை",
+	"gpg.error.no_gpg_keys_found": "தரவுத்தளத்தில் இந்த கையொப்பத்திற்கான அறியப்பட்ட விசை எதுவும் இல்லை",
+	"gpg.error.not_signed_commit": "கையெழுத்திட்ட உறுதிமொழி அல்ல",
+	"gpg.error.failed_retrieval_gpg_keys": "பொறுப்பாளரின் கணக்கில் இணைக்கப்பட்ட எந்த விசையையும் மீட்டெடுப்பதில் தோல்வி",
+	"gpg.error.probable_bad_signature": "எச்சரிக்கை! தரவுத்தளத்தில் இந்த ஐடியுடன் ஒரு விசை இருந்தாலும், இந்த உறுதிமொழியை அது சரிபார்க்கவில்லை! இந்த உறுதிப்பாடு சந்தேகத்திற்குரியது.",
+	"gpg.error.probable_bad_default_signature": "எச்சரிக்கை! இயல்புநிலை விசையில் இந்த அடையாளம் இருந்தாலும், இந்த உறுதிமொழியை அது சரிபார்க்கவில்லை! இந்த உறுதிப்பாடு சந்தேகத்திற்குரியது.",
+	"notification.notifications": "அறிவிப்புகள்",
+	"notification.unread": "படிக்காதது",
+	"notification.read": "படிக்கவும்",
+	"notification.no_unread": "படிக்காத அறிவிப்புகள் இல்லை.",
+	"notification.no_read": "வாசிப்பு அறிவிப்புகள் இல்லை.",
+	"notification.pin": "பின் அறிவிப்பு",
+	"notification.mark_as_read": "படித்ததாகக் குறி",
+	"notification.mark_as_unread": "படிக்காததாகக் குறிக்கவும்",
+	"notification.mark_all_as_read": "அனைத்தையும் படித்ததாகக் குறிக்கவும்",
+	"notification.subscriptions": "சந்தாக்கள்",
+	"notification.watching": "பார்க்கிறேன்",
+	"notification.no_subscriptions": "சந்தாக்கள் இல்லை",
+	"dropzone.default_message": "கோப்புகளை கைவிடவும் அல்லது பதிவேற்ற இங்கே சொடுக்கு செய்யவும்.",
+	"dropzone.invalid_input_type": "இந்த வகை கோப்புகளை நீங்கள் பதிவேற்ற முடியாது.",
+	"dropzone.file_too_big": "கோப்பு அளவு ({{filesize}} MB) அதிகபட்ச அளவு ({{maxFilesize}} MB) ஐ விட அதிகமாக உள்ளது.",
+	"dropzone.remove_file": "கோப்பை அகற்று",
+	"munits.data.b": "பி",
+	"munits.data.kib": "கிபி",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "சிபி",
+	"munits.data.tib": "டிபி",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "தொகுப்பு",
 	"packages.empty": "இதுவரை தொகுப்புகள் எதுவும் இல்லை.",
 	"packages.empty.documentation": "தொகுப்பு பதிவேட்டில் மேலும் தகவலுக்கு, <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">ஆவணங்கள்</a> பார்க்கவும்.",
@@ -337,9 +369,61 @@
 	"actions.runs.run_attempt_label": "இயக்க முயற்சி #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "%[1]s செயல்படுத்தப்பட்ட இந்த வேலையின் காலாவதியான ஓட்டத்தை நீங்கள் பார்க்கிறீர்கள்.",
 	"actions.runs.view_most_recent_run": "அண்மைக் கால ஓட்டத்தைக் காண்க",
+	"actions.runs.all_workflows": "அனைத்து பணிப்பாய்வுகளும்",
+	"actions.runs.commit": "உறுதி",
+	"actions.runs.scheduled": "திட்டமிடப்பட்டது",
+	"actions.runs.pushed_by": "மூலம் தள்ளப்பட்டது",
+	"actions.runs.workflow": "பணிப்பாய்வு",
+	"actions.runs.invalid_workflow_helper": "பணிப்பாய்வு கட்டமைப்பு கோப்பு தவறானது. உங்கள் கட்டமைப்பு கோப்பை சரிபார்க்கவும்: %s",
+	"actions.runs.no_matching_online_runner.helper": "லேபிளுடன் பொருந்தக்கூடிய நிகழ்நிலை ரன்னர் இல்லை: %s",
+	"actions.runs.no_job_without_needs": "பணிப்பாய்வு சார்புகள் இல்லாமல் குறைந்தபட்சம் ஒரு வேலையைக் கொண்டிருக்க வேண்டும்.",
+	"actions.runs.no_job": "பணிப்பாய்வு குறைந்தது ஒரு வேலையையாவது கொண்டிருக்க வேண்டும்",
+	"actions.runs.actor": "நடிகர்",
+	"actions.runs.status": "நிலை",
+	"actions.runs.actors_no_select": "அனைத்து நடிகர்களும்",
+	"actions.runs.status_no_select": "அனைத்து நிலை",
+	"actions.runs.no_results": "எந்த முடிவுகளும் பொருந்தவில்லை.",
+	"actions.runs.no_workflows": "இதுவரை பணிப்பாய்வு இல்லை.",
 	"actions.workflow.job_parsing_error": "பணிப்பாய்வுகளில் வேலைகளை அலச முடியவில்லை: %v",
 	"actions.workflow.event_detection_error": "பணிப்பாய்வுகளில் ஆதரிக்கப்படும் நிகழ்வுகளை அலச முடியவில்லை: %v",
 	"actions.workflow.pre_execution_error": "செயல்படுத்தும் முயற்சியைத் தடுத்த பிழையின் காரணமாக பணிப்பாய்வு செயல்படுத்தப்படவில்லை.",
+	"actions.actions": "செயல்கள்",
+	"actions.runners": "ஓடுபவர்கள்",
+	"actions.runners.runner_manage_panel": "ஓட்டப்பந்தய வீரர்களை நிர்வகிக்கவும்",
+	"actions.runners.new": "புதிய ரன்னர் உருவாக்கவும்",
+	"actions.runners.new_notice": "ஒரு ஓட்டப்பந்தய வீரரை எவ்வாறு தொடங்குவது",
+	"actions.runners.status": "நிலை",
+	"actions.runners.status.unspecified": "தெரியவில்லை",
+	"actions.runners.status.idle": "நிலையிக்கம்",
+	"actions.runners.status.active": "செயலில்",
+	"actions.runners.status.offline": "இணையமில்லாமல்",
+	"actions.runners.id": "ஐடி",
+	"actions.runners.name": "பெயர்",
+	"actions.runners.owner_type": "வகை",
+	"actions.runners.description": "விவரம்",
+	"actions.runners.labels": "சிட்டைகள்",
+	"actions.runners.last_online": "கடைசி நிகழ்நிலை நேரம்",
+	"actions.runners.runner_title": "ஓடுபவர்",
+	"actions.runners.task_list": "இந்த ரன்னரின் அண்மைக் கால பணிகள்",
+	"actions.runners.task_list.no_tasks": "இதுவரை எந்த பணியும் இல்லை.",
+	"actions.runners.task_list.run": "ஓடு",
+	"actions.runners.task_list.status": "நிலை",
+	"actions.runners.task_list.repository": "களஞ்சியம்",
+	"actions.runners.task_list.commit": "உறுதி",
+	"actions.runners.task_list.done_at": "மணிக்கு முடிந்தது",
+	"actions.runners.edit_runner": "திருத்து ரன்னர்",
+	"actions.runners.update_runner.button": "மாற்றங்களைப் புதுப்பிக்கவும்",
+	"actions.runners.update_runner.success": "ரன்னர் வெற்றிகரமாக புதுப்பிக்கப்பட்டது",
+	"actions.runners.update_runner.failed": "ரன்னரைப் புதுப்பிக்க முடியவில்லை",
+	"actions.runners.delete_runner.button": "இந்த ரன்னரை நீக்கு",
+	"actions.runners.delete_runner.success": "ரன்னர் வெற்றிகரமாக நீக்கப்பட்டது",
+	"actions.runners.delete_runner.failed": "ரன்னரை நீக்க முடியவில்லை",
+	"actions.runners.delete_runner.header": "இந்த ரன்னரை நீக்குவதை உறுதிப்படுத்தவும்",
+	"actions.runners.delete_runner.notice": "இந்த ரன்னரில் ஒரு பணி இயங்கினால், அது நிறுத்தப்பட்டு தோல்வியடைந்ததாகக் குறிக்கப்படும். இது கட்டுமான பணியை உடைக்கக்கூடும்.",
+	"actions.runners.none": "ஓட்டப்பந்தய வீரர்கள் இல்லை",
+	"actions.runners.version": "பதிப்பு",
+	"actions.runners.reset_registration_token.button": "பதிவு கிள்ளாக்கை மீட்டமைக்கவும்",
+	"actions.runners.reset_registration_token.success": "ரன்னர் பதிவு கிள்ளாக்கு வெற்றிகரமாக மீட்டமைக்கப்பட்டது",
 	"pulse.n_active_issues": {
 		"one": "%s செயலில் உள்ள சிக்கல்",
 		"other": "%s செயலில் உள்ள சிக்கல்கள்"
@@ -378,6 +462,14 @@
 		"one": "பின்வரும் லேபிளுடன் ரன்னருக்காகக் காத்திருக்கிறது: %s",
 		"other": "பின்வரும் லேபிள்களுடன் ரன்னருக்காகக் காத்திருக்கிறது: %s"
 	},
+	"actions.status.unknown": "தெரியவில்லை",
+	"actions.status.waiting": "காத்திருக்கிறது",
+	"actions.status.running": "ஓடுகிறது",
+	"actions.status.success": "செய்",
+	"actions.status.failure": "தோல்வி",
+	"actions.status.cancelled": "ரத்து செய்யப்பட்டது",
+	"actions.status.skipped": "தவிர்க்கப்பட்டது",
+	"actions.status.blocked": "தடுக்கப்பட்டது",
 	"actions.workflow.persistent_incomplete_matrix": "தவறான ஒரு `தேவைகள்` வெளிப்பாடு காரணமாக %[1]s வேலையின் `strategy.matrix` ஐ மதிப்பிட முடியவில்லை. இது அதன் 'தேவைகள்' பட்டியலில் (%[2]s) இல்லாத வேலையைக் குறிப்பிடலாம் அல்லது அந்த வேலைகளில் ஒன்றில் இல்லாத வெளியீட்டைக் குறிப்பிடலாம்.",
 	"moderation.report.mark_as_handled": "கையாளப்பட்டதாகக் குறிக்கவும்",
 	"moderation.report.mark_as_ignored": "புறக்கணிக்கப்பட்டதாகக் குறிக்கவும்",
diff --git a/options/locale_next/locale_th.json b/options/locale_next/locale_th.json
index 539731fb6b..c6896c6af8 100644
--- a/options/locale_next/locale_th.json
+++ b/options/locale_next/locale_th.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "ลงนามด้วยคีย์เริ่มต้น",
+	"gpg.error.extract_sign": "ไม่สามารถแยกข้อมูลลายเซ็นได้",
+	"gpg.error.generate_hash": "ไม่สามารถสร้างแฮชของคอมมิตได้",
+	"gpg.error.no_committer_account": "ไม่มีบัญชีที่เชื่อมโยงกับที่อยู่อีเมลของผู้คอมมิต",
+	"gpg.error.no_gpg_keys_found": "ไม่พบคีย์ที่รู้จักสำหรับลายเซ็นนี้ในฐานข้อมูล",
+	"gpg.error.not_signed_commit": "ไม่ใช่คอมมิตที่ลงนามแล้ว",
+	"gpg.error.failed_retrieval_gpg_keys": "ไม่สามารถดึงคีย์ใด ๆ ที่แนบมากับบัญชีของผู้คอมมิตได้",
+	"gpg.error.probable_bad_signature": "คำเตือน! แม้ว่าจะมีคีย์ที่มี ID นี้ในฐานข้อมูล แต่ก็ไม่ได้ยืนยันคอมมิตนี้! คอมมิตนี้น่าสงสัย",
+	"gpg.error.probable_bad_default_signature": "คำเตือน! แม้ว่าคีย์เริ่มต้นจะมี ID นี้ แต่ก็ไม่ได้ยืนยันคอมมิตนี้! คอมมิตนี้น่าสงสัย",
+	"notification.notifications": "การแจ้งเตือน",
+	"notification.unread": "ยังไม่ได้อ่าน",
+	"notification.read": "อ่านแล้ว",
+	"notification.no_unread": "ไม่มีการแจ้งเตือนที่ยังไม่ได้อ่าน",
+	"notification.no_read": "ไม่มีการแจ้งเตือนที่อ่านแล้ว",
+	"notification.pin": "ปักหมุดการแจ้งเตือน",
+	"notification.mark_as_read": "ทำเครื่องหมายว่าอ่านแล้ว",
+	"notification.mark_as_unread": "ทำเครื่องหมายว่ายังไม่ได้อ่าน",
+	"notification.mark_all_as_read": "ทำเครื่องหมายทั้งหมดว่าอ่านแล้ว",
+	"notification.subscriptions": "การสมัครรับข้อมูล",
+	"notification.watching": "กำลังดู",
+	"notification.no_subscriptions": "ไม่มีการสมัครรับข้อมูล",
+	"dropzone.default_message": "วางไฟล์หรือคลิกที่นี่เพื่ออัปโหลด",
+	"dropzone.invalid_input_type": "คุณไม่สามารถอัปโหลดไฟล์ประเภทนี้ได้",
+	"dropzone.file_too_big": "ขนาดไฟล์ ({{filesize}} MB) เกินขนาดสูงสุด ({{maxFilesize}} MB)",
+	"dropzone.remove_file": "ลบไฟล์",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "แพ็คเกจ",
 	"packages.empty": "ยังไม่มีแพ็คเกจ",
 	"packages.empty.documentation": "สำหรับข้อมูลเพิ่มเติมเกี่ยวกับรีจิสทรีแพ็คเกจ โปรดดู <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">เอกสารประกอบ</a>",
@@ -301,9 +333,69 @@
 	"actions.runs.run_attempt_label": "พยายามรันครั้งที่ #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "คุณกำลังดูการรันงานนี้ที่ล้าสมัยซึ่งดำเนินการเมื่อ %[1]s",
 	"actions.runs.view_most_recent_run": "ดูการรันล่าสุด",
+	"actions.runs.all_workflows": "เวิร์กโฟลว์ทั้งหมด",
+	"actions.runs.commit": "คอมมิต",
+	"actions.runs.scheduled": "กำหนดเวลาแล้ว",
+	"actions.runs.pushed_by": "พุชโดย",
+	"actions.runs.workflow": "เวิร์กโฟลว์",
+	"actions.runs.invalid_workflow_helper": "ไฟล์การกำหนดค่าเวิร์กโฟลว์ไม่ถูกต้อง โปรดตรวจสอบไฟล์การกำหนดค่าของคุณ: %s",
+	"actions.runs.no_matching_online_runner.helper": "ไม่มี Runner ออนไลน์ที่ตรงกันพร้อมป้ายกำกับ: %s",
+	"actions.runs.no_job_without_needs": "เวิร์กโฟลว์ต้องมีงานอย่างน้อยหนึ่งงานที่ไม่มีการพึ่งพา",
+	"actions.runs.no_job": "เวิร์กโฟลว์ต้องมีงานอย่างน้อยหนึ่งงาน",
+	"actions.runs.actor": "ผู้ดำเนินการ",
+	"actions.runs.status": "สถานะ",
+	"actions.runs.actors_no_select": "ผู้ดำเนินการทั้งหมด",
+	"actions.runs.status_no_select": "สถานะทั้งหมด",
+	"actions.runs.no_results": "ไม่พบผลลัพธ์ที่ตรงกัน",
+	"actions.runs.no_workflows": "ยังไม่มีเวิร์กโฟลว์",
 	"actions.workflow.job_parsing_error": "ไม่สามารถแยกวิเคราะห์งานในเวิร์กโฟลว์ได้: %v",
 	"actions.workflow.event_detection_error": "ไม่สามารถแยกวิเคราะห์เหตุการณ์ที่รองรับในเวิร์กโฟลว์ได้: %v",
 	"actions.workflow.pre_execution_error": "เวิร์กโฟลว์ไม่ถูกดำเนินการเนื่องจากมีข้อผิดพลาดที่ขัดขวางความพยายามในการดำเนินการ",
+	"actions.actions": "การดำเนินการ",
+	"actions.status.unknown": "ไม่ทราบ",
+	"actions.status.waiting": "กำลังรอ",
+	"actions.status.running": "กำลังทำงาน",
+	"actions.status.success": "สำเร็จ",
+	"actions.status.failure": "ล้มเหลว",
+	"actions.status.cancelled": "ยกเลิกแล้ว",
+	"actions.status.skipped": "ข้ามไป",
+	"actions.status.blocked": "ถูกบล็อก",
+	"actions.runners": "Runners",
+	"actions.runners.runner_manage_panel": "จัดการ Runners",
+	"actions.runners.new": "สร้าง Runner ใหม่",
+	"actions.runners.new_notice": "วิธีการเริ่ม Runner",
+	"actions.runners.status": "สถานะ",
+	"actions.runners.status.unspecified": "ไม่ทราบ",
+	"actions.runners.status.idle": "ว่าง",
+	"actions.runners.status.active": "ใช้งานอยู่",
+	"actions.runners.status.offline": "ออฟไลน์",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "ชื่อ",
+	"actions.runners.owner_type": "ประเภท",
+	"actions.runners.description": "คำอธิบาย",
+	"actions.runners.labels": "ป้ายกำกับ",
+	"actions.runners.last_online": "เวลาออนไลน์ล่าสุด",
+	"actions.runners.runner_title": "Runner",
+	"actions.runners.task_list": "งานล่าสุดบน Runner นี้",
+	"actions.runners.task_list.no_tasks": "ยังไม่มีงาน",
+	"actions.runners.task_list.run": "เรียกใช้",
+	"actions.runners.task_list.status": "สถานะ",
+	"actions.runners.task_list.repository": "ที่เก็บ",
+	"actions.runners.task_list.commit": "คอมมิต",
+	"actions.runners.task_list.done_at": "เสร็จสิ้นเมื่อ",
+	"actions.runners.edit_runner": "แก้ไข Runner",
+	"actions.runners.update_runner.button": "อัปเดตการเปลี่ยนแปลง",
+	"actions.runners.update_runner.success": "อัปเดต Runner สำเร็จแล้ว",
+	"actions.runners.update_runner.failed": "ไม่สามารถอัปเดต Runner ได้",
+	"actions.runners.delete_runner.button": "ลบ Runner นี้",
+	"actions.runners.delete_runner.success": "ลบ Runner สำเร็จแล้ว",
+	"actions.runners.delete_runner.failed": "ไม่สามารถลบ Runner ได้",
+	"actions.runners.delete_runner.header": "ยืนยันที่จะลบ Runner นี้",
+	"actions.runners.delete_runner.notice": "หากมีงานกำลังทำงานบน Runner นี้ งานนั้นจะถูกยกเลิกและทำเครื่องหมายว่าล้มเหลว อาจทำให้เวิร์กโฟลว์การสร้างเสียหายได้",
+	"actions.runners.none": "ไม่มี Runner ที่พร้อมใช้งาน",
+	"actions.runners.version": "เวอร์ชัน",
+	"actions.runners.reset_registration_token.button": "รีเซ็ตโทเค็นการลงทะเบียน",
+	"actions.runners.reset_registration_token.success": "รีเซ็ตโทเค็นการลงทะเบียน Runner สำเร็จแล้ว",
 	"pulse.n_active_issues": "%s ปัญหาที่ใช้งานอยู่",
 	"pulse.n_active_prs": "%s คำขอดึงที่ใช้งานอยู่",
 	"meta.last_line": "ขอบคุณที่แปล Forgejo! บรรทัดนี้ผู้ใช้จะไม่เห็น แต่มีวัตถุประสงค์อื่นในการจัดการการแปล คุณสามารถใส่ข้อเท็จจริงสนุกๆ ในการแปลแทนการแปลก็ได้",
diff --git a/options/locale_next/locale_tr-TR.json b/options/locale_next/locale_tr-TR.json
index ae26ae6fd4..b291b41c76 100644
--- a/options/locale_next/locale_tr-TR.json
+++ b/options/locale_next/locale_tr-TR.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Varsayılan anahtarla imzalanmış",
+	"gpg.error.extract_sign": "İmza çıkarılamadı",
+	"gpg.error.generate_hash": "İşlemenin sağlama kodu oluşturulamadı",
+	"gpg.error.no_committer_account": "İşleyicinin e-posta adresine bağlı hesap yok",
+	"gpg.error.no_gpg_keys_found": "Veri tabanında bu imza için bilinen anahtar bulunamadı",
+	"gpg.error.not_signed_commit": "İmzalı bir işleme değil",
+	"gpg.error.failed_retrieval_gpg_keys": "İşleyicin hesabına bağlı herhangi bir anahtar alınamadı",
+	"gpg.error.probable_bad_signature": "UYARI! Veritabanında bu kimliğe sahip bir anahtar olmasına rağmen, bu işlemeyi doğrulamaz! Bu işleme ŞÜPHELİDİR.",
+	"gpg.error.probable_bad_default_signature": "UYARI! Varsayılan anahtarın bu kimliği olmasına rağmen, bu işlemeyi doğrulamaz! Bu işleme ŞÜPHELİDİR.",
+	"notification.notifications": "Bildirimler",
+	"notification.unread": "Okunmamış",
+	"notification.read": "Okunmuş",
+	"notification.no_unread": "Okunmamış bildirim yok.",
+	"notification.no_read": "Okunmuş bildirim yok.",
+	"notification.pin": "Pin bildirimi",
+	"notification.mark_as_read": "Okundu olarak işaretle",
+	"notification.mark_as_unread": "Okunmadı olarak işaretle",
+	"notification.mark_all_as_read": "Tümünü okundu olarak işaretle",
+	"notification.subscriptions": "Abonelikler",
+	"notification.watching": "İzleniyor",
+	"notification.no_subscriptions": "Abonelik yok",
+	"dropzone.default_message": "Dosyaları buraya bırakın veya yüklemek için tıklayın.",
+	"dropzone.invalid_input_type": "Bu tür dosyaları yükleyemezsiniz.",
+	"dropzone.file_too_big": "Dosya boyutu ({{filesize}} MB) maksimum boyutu ({{maxFilesize}} MB) aşıyor.",
+	"dropzone.remove_file": "Dosya Kaldır",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "Paketler",
 	"packages.empty": "Henüz hiçbir paket yok.",
 	"packages.empty.documentation": "Paket deposu hakkında daha fazla bilgi için, <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">belgeye</a> bakabilirsiniz.",
@@ -319,9 +351,68 @@
 	"actions.runs.run_attempt_label": "Çalıştırma girişimi #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Bu işin %[1]s çalışmış olan eski bir çalıştırmasını görüntülüyorsun.",
 	"actions.runs.view_most_recent_run": "En yeni çalıştırmayı görüntüle",
+	"actions.runs.all_workflows": "Tüm İş Akışları",
+	"actions.runs.commit": "İşle",
+	"actions.runs.scheduled": "Zamanlanmış",
+	"actions.runs.pushed_by": "iten",
+	"actions.runs.invalid_workflow_helper": "İş akışı yapılandırma dosyası geçersiz. Lütfen yapılandırma dosyanızı denetleyin: %s",
+	"actions.runs.no_matching_online_runner.helper": "Şu etiket ile eşleşen çevrimiçi çalıştırıcı bulunamadı: %s",
+	"actions.runs.no_job_without_needs": "İş akışı en azından bağımlılığı olmayan bir görev içermelidir.",
+	"actions.runs.no_job": "İş akışı en azından bir görev içermelidir",
+	"actions.runs.actor": "Aktör",
+	"actions.runs.status": "Durum",
+	"actions.runs.actors_no_select": "Tüm aktörler",
+	"actions.runs.status_no_select": "Tüm durumlar",
+	"actions.runs.no_results": "Eşleşen sonuç yok.",
+	"actions.runs.no_workflows": "Henüz hiç bir iş akışı yok.",
 	"actions.workflow.job_parsing_error": "İş akışındaki işler ayrıştırılamadı: %v",
 	"actions.workflow.event_detection_error": "İş akışındaki desteklenen etkinlikler ayrıştırılamadı: %v",
 	"actions.workflow.pre_execution_error": "Çalıştırma girişimini durduran bir hata sebebiyle iş akışı çalıştırılamadı.",
+	"actions.actions": "İşlemler",
+	"actions.status.unknown": "Bilinmiyor",
+	"actions.status.waiting": "Bekleniyor",
+	"actions.status.running": "Çalışıyor",
+	"actions.status.success": "Başarılı",
+	"actions.status.failure": "Başarısız",
+	"actions.status.cancelled": "İptal edildi",
+	"actions.status.skipped": "Atlandı",
+	"actions.status.blocked": "Engellendi",
+	"actions.runners": "Çalıştırıcılar",
+	"actions.runners.runner_manage_panel": "Çalıştırıcı Yönetimi",
+	"actions.runners.new": "Yeni çalıştırıcı oluştur",
+	"actions.runners.new_notice": "Bir çalıştırıcı nasıl başlatılır",
+	"actions.runners.status": "Durum",
+	"actions.runners.status.unspecified": "Bilinmiyor",
+	"actions.runners.status.idle": "Boşta",
+	"actions.runners.status.active": "Etkin",
+	"actions.runners.status.offline": "Çevrimdışı",
+	"actions.runners.id": "Kimlik",
+	"actions.runners.name": "İsim",
+	"actions.runners.owner_type": "Tür",
+	"actions.runners.description": "Açıklama",
+	"actions.runners.labels": "Etiketler",
+	"actions.runners.last_online": "Son Görülme Zamanı",
+	"actions.runners.runner_title": "Çalıştırıcı",
+	"actions.runners.task_list": "Bu çalıştırıcıdaki son görevler",
+	"actions.runners.task_list.no_tasks": "Henüz bir görev yok.",
+	"actions.runners.task_list.run": "Çalıştır",
+	"actions.runners.task_list.status": "Durum",
+	"actions.runners.task_list.repository": "Depo",
+	"actions.runners.task_list.commit": "İşle",
+	"actions.runners.task_list.done_at": "Tamamlanma zamanı",
+	"actions.runners.edit_runner": "Çalıştırıcıyı Düzenle",
+	"actions.runners.update_runner.button": "Değişiklikleri güncelle",
+	"actions.runners.update_runner.success": "Çalıştırıcı başarıyla güncellendi",
+	"actions.runners.update_runner.failed": "Çalıştırıcı güncellenemedi",
+	"actions.runners.delete_runner.button": "Bu çalıştırıcıyı sil",
+	"actions.runners.delete_runner.success": "Çalıştırıcı başarıyla silindi",
+	"actions.runners.delete_runner.failed": "Çalıştırıcı silinemedi",
+	"actions.runners.delete_runner.header": "Çalıştırıcıyı silmeyi onaylayın",
+	"actions.runners.delete_runner.notice": "Eğer bu çalıştırıcıda bir görev çalışıyorsa, sonlandırılacak ve başarısız olarak işaretlenecek. Yapım iş akışını bozabilir.",
+	"actions.runners.none": "Hiç çalıştırıcı yok",
+	"actions.runners.version": "Sürüm",
+	"actions.runners.reset_registration_token.button": "Kayıt tokenini sıfırla",
+	"actions.runners.reset_registration_token.success": "Çalıştırıcı kayıt belirteci başarıyla sıfırlandı",
 	"teams.add_all_repos.modal.header": "Tüm depoları ekle",
 	"teams.remove_all_repos.modal.header": "Tüm depoları kaldır",
 	"meta.last_line": "Steve Jobs ile Nejat İşler'in kardeş olduğunu biliyor muydunuz."
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index c96f3fde16..97898ff3cb 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "Підписано типовим ключем",
+	"gpg.error.extract_sign": "Не вдалося витягти підпис",
+	"gpg.error.generate_hash": "Не вдалося згенерувати хеш коміту",
+	"gpg.error.no_committer_account": "Електронна пошта автора не пов’язана із жодним обліковим записом",
+	"gpg.error.no_gpg_keys_found": "Не вдалося знайти GPG-ключ, що відповідає даному підпису",
+	"gpg.error.not_signed_commit": "Непідписаний коміт",
+	"gpg.error.failed_retrieval_gpg_keys": "Не вдалось отримати ключ, пов’язаний з обліковим записом комітера",
+	"gpg.error.probable_bad_signature": "УВАГА! Хоча ключ із таким ID і є в базі, коміт неможливо ним перевірити! Цей коміт ПІДОЗРІЛИЙ.",
+	"gpg.error.probable_bad_default_signature": "УВАГА! Хоча типовий ключ має цей ID, коміт неможливо ним перевірити! Цей коміт ПІДОЗРІЛИЙ.",
+	"notification.notifications": "Сповіщення",
+	"notification.unread": "Непрочитані",
+	"notification.read": "Прочитані",
+	"notification.no_unread": "Немає непрочитаних сповіщень.",
+	"notification.no_read": "Немає прочитаних сповіщень.",
+	"notification.pin": "Прикріпити сповіщення",
+	"notification.mark_as_read": "Позначити як прочитане",
+	"notification.mark_as_unread": "Позначити як непрочитане",
+	"notification.mark_all_as_read": "Позначити всі як прочитані",
+	"notification.subscriptions": "Підписки",
+	"notification.watching": "Спостереження",
+	"notification.no_subscriptions": "Немає підписок",
+	"dropzone.default_message": "Перетягніть файли або натисніть тут, щоб завантажити.",
+	"dropzone.invalid_input_type": "Ви не можете завантажувати файли цього типу.",
+	"dropzone.file_too_big": "Розмір файлу ({{filesize}} МБ) перевищує максимальний розмір ({{maxFilesize}} МБ).",
+	"dropzone.remove_file": "Видалити файл",
+	"munits.data.b": "Б",
+	"munits.data.kib": "КіБ",
+	"munits.data.mib": "МіБ",
+	"munits.data.gib": "ГіБ",
+	"munits.data.tib": "ТіБ",
+	"munits.data.pib": "ПіБ",
+	"munits.data.eib": "ЕіБ",
 	"packages.title": "Пакунки",
 	"packages.empty": "Пакунків поки що немає.",
 	"packages.empty.documentation": "Докладніше про реєстр пакунків читайте в <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">документації</a>.",
@@ -338,6 +370,58 @@
 	"actions.runs.run_attempt_label": "Спроба запуску №%[1]s (%[2]s)",
 	"actions.runs.view_most_recent_run": "Переглянути останній запуск",
 	"actions.runs.viewing_out_of_date_run": "Ви переглядаєте застарілий запуск цього завдання, який було виконано %[1]s.",
+	"actions.runs.all_workflows": "Усі робочі потоки",
+	"actions.runs.commit": "Коміт",
+	"actions.runs.scheduled": "Заплановано",
+	"actions.runs.pushed_by": "надіслано",
+	"actions.runs.workflow": "Робочий потік",
+	"actions.runs.invalid_workflow_helper": "Недійсний файл конфігурації робочого потоку. Будь ласка, перевірте файл конфігурації: %s",
+	"actions.runs.no_matching_online_runner.helper": "Не знайдено ранера в мережі з міткою: %s",
+	"actions.runs.no_job_without_needs": "Робочий потік повинен містити принаймні одне завдання без залежностей.",
+	"actions.runs.no_job": "Робочий потік повинен містити принаймні одне завдання",
+	"actions.runs.actor": "Автор",
+	"actions.runs.status": "Стан",
+	"actions.runs.actors_no_select": "Усі автори",
+	"actions.runs.status_no_select": "Усі стани",
+	"actions.runs.no_results": "Не знайдено відповідних результатів.",
+	"actions.runs.no_workflows": "Робочих потоків ще немає.",
+	"actions.actions": "Дії",
+	"actions.runners": "Ранери",
+	"actions.runners.runner_manage_panel": "Керування ранерами",
+	"actions.runners.new": "Створити новий ранер",
+	"actions.runners.new_notice": "Як запустити ранер",
+	"actions.runners.status": "Стан",
+	"actions.runners.status.unspecified": "Невідомо",
+	"actions.runners.status.idle": "Простоює",
+	"actions.runners.status.active": "Активний",
+	"actions.runners.status.offline": "Неактивний",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "Назва",
+	"actions.runners.owner_type": "Тип",
+	"actions.runners.description": "Опис",
+	"actions.runners.labels": "Мітки",
+	"actions.runners.last_online": "Востаннє в мережі",
+	"actions.runners.runner_title": "Ранер",
+	"actions.runners.task_list": "Нещодавні завдання ранера",
+	"actions.runners.task_list.no_tasks": "Завдань поки що немає.",
+	"actions.runners.task_list.run": "Запустити",
+	"actions.runners.task_list.status": "Стан",
+	"actions.runners.task_list.repository": "Репозиторій",
+	"actions.runners.task_list.commit": "Коміт",
+	"actions.runners.task_list.done_at": "Завершено",
+	"actions.runners.edit_runner": "Редагувати ранер",
+	"actions.runners.update_runner.button": "Оновити зміни",
+	"actions.runners.update_runner.success": "Ранер оновлено",
+	"actions.runners.update_runner.failed": "Не вдалось оновити ранер",
+	"actions.runners.delete_runner.button": "Видалити цей ранер",
+	"actions.runners.delete_runner.success": "Ранер успішно видалено",
+	"actions.runners.delete_runner.failed": "Не вдалося видалити ранер",
+	"actions.runners.delete_runner.header": "Підтвердіть видалення ранера",
+	"actions.runners.delete_runner.notice": "Якщо на цьому ранері виконується завдання, його буде завершено і позначено як невдале. Це може порушити робочий потік збірки.",
+	"actions.runners.none": "Немає доступних ранерів",
+	"actions.runners.version": "Версія",
+	"actions.runners.reset_registration_token.button": "Скинути токен реєстрації",
+	"actions.runners.reset_registration_token.success": "Токен реєстрації ранера успішно скинуто",
 	"repo.pulls.maintainers_can_edit": "Супроводжувачі можуть редагувати цей запит на злиття.",
 	"repo.pulls.maintainers_cannot_edit": "Супроводжувачі не можуть редагувати цей запит на злиття.",
 	"pulse.n_active_issues": {
@@ -384,6 +468,14 @@
 		"few": "Очікування ранера з мітками: %s",
 		"many": "Очікування ранера з мітками: %s"
 	},
+	"actions.status.unknown": "Невідомо",
+	"actions.status.waiting": "Очікує",
+	"actions.status.running": "Працює",
+	"actions.status.success": "Успіх",
+	"actions.status.failure": "Помилка",
+	"actions.status.cancelled": "Скасовано",
+	"actions.status.skipped": "Пропущено",
+	"actions.status.blocked": "Заблоковано",
 	"keys.verify.token.hint": "Токен дійсний лише протягом 1 хвилини. <a href=\"%[1]s\">Отримайте новий, якщо термін дії закінчився</a>.",
 	"admin.dashboard.transfer_lingering_logs": "Перемістити журнали виконаних завдань із бази даних до сховища",
 	"search.syntax": "Синтаксис пошуку",
diff --git a/options/locale_next/locale_vi.json b/options/locale_next/locale_vi.json
index dee83ccaa0..2c6e780df1 100644
--- a/options/locale_next/locale_vi.json
+++ b/options/locale_next/locale_vi.json
@@ -118,6 +118,7 @@
 	"actions.runs.run_attempt_label": "Lần chạy #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Bạn đang xem một lần chạy lỗi thời của công việc này mà đã chạy %[1]s.",
 	"actions.runs.view_most_recent_run": "Xem lần chạy gần đây nhất",
+	"actions.runs.pushed_by": "đẩy bởi",
 	"meta.last_line": "\"xóa thần tượng\"",
 	"home.welcome.activity_hint": "Hiện chưa có gì trên bảng tin của bạn cả. Những hành động của bạn và hoạt động từ kho mã mà bạn theo dõi sẽ xuất hiện ở đây."
 }
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index 3af38a6099..f9a330d439 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -1,4 +1,36 @@
 {
+	"gpg.default_key": "使用默认密钥签名",
+	"gpg.error.extract_sign": "无法提取签名",
+	"gpg.error.generate_hash": "无法生成提交的哈希",
+	"gpg.error.no_committer_account": "没有帐户链接到提交者的电子邮件",
+	"gpg.error.no_gpg_keys_found": "找不到此签名对应的密钥",
+	"gpg.error.not_signed_commit": "提交未签名",
+	"gpg.error.failed_retrieval_gpg_keys": "找不到任何与该提交者账号相关的密钥",
+	"gpg.error.probable_bad_signature": "警告！尽管数据库中有此 ID 对应的密钥，但此提交未通过验证！此提交是可疑的。",
+	"gpg.error.probable_bad_default_signature": "警告！尽管默认密钥具有此 ID，但此提交未通过验证！此提交是可疑的。",
+	"notification.notifications": "通知",
+	"notification.unread": "未读",
+	"notification.read": "已读",
+	"notification.no_unread": "没有未读通知。",
+	"notification.no_read": "没有已读通知。",
+	"notification.pin": "Pin 通知",
+	"notification.mark_as_read": "标记为已读",
+	"notification.mark_as_unread": "标记为未读",
+	"notification.mark_all_as_read": "全部标记为已读",
+	"notification.subscriptions": "订阅",
+	"notification.watching": "关注",
+	"notification.no_subscriptions": "无订阅",
+	"dropzone.default_message": "拖放文件或点击此处上传",
+	"dropzone.invalid_input_type": "您不能上传该类型的文件。",
+	"dropzone.file_too_big": "文件体积（{{filesize}} MB）超过了最大允许体积（{{maxFilesize}} MB）。",
+	"dropzone.remove_file": "移除文件",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "软件包",
 	"packages.empty": "还没有软件包。",
 	"packages.empty.documentation": "关于软件包注册中心的更多信息，请参阅 <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\"> 文档 </a>。",
@@ -294,6 +326,58 @@
 	"actions.runs.view_most_recent_run": "查看最新运行",
 	"actions.runs.run_attempt_label": "运行尝试 #%[1]s（%[2]s）",
 	"actions.runs.viewing_out_of_date_run": "您正在查看于 %[1]s 执行的过期运行。",
+	"actions.runs.all_workflows": "所有工作流",
+	"actions.runs.commit": "提交",
+	"actions.runs.scheduled": "已计划的",
+	"actions.runs.pushed_by": "推送者",
+	"actions.runs.workflow": "工作流",
+	"actions.runs.invalid_workflow_helper": "工作流配置文件无效。请检查您的配置文件：%s",
+	"actions.runs.no_matching_online_runner.helper": "没有匹配标签的在线运行器：%s",
+	"actions.runs.no_job_without_needs": "工作流必须至少包含一组没有依赖的作业。",
+	"actions.runs.no_job": "工作流必须至少包含一个作业",
+	"actions.runs.actor": "操作者",
+	"actions.runs.status": "状态",
+	"actions.runs.actors_no_select": "所有操作者",
+	"actions.runs.status_no_select": "所有状态",
+	"actions.runs.no_results": "没有匹配的结果。",
+	"actions.runs.no_workflows": "目前还没有工作流。",
+	"actions.actions": "Actions",
+	"actions.runners": "运行器",
+	"actions.runners.runner_manage_panel": "管理运行器",
+	"actions.runners.new": "创建新运行器",
+	"actions.runners.new_notice": "如何启动一个运行器",
+	"actions.runners.status": "状态",
+	"actions.runners.status.unspecified": "未知",
+	"actions.runners.status.idle": "空闲",
+	"actions.runners.status.active": "激活",
+	"actions.runners.status.offline": "离线",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "名称",
+	"actions.runners.owner_type": "类型",
+	"actions.runners.description": "组织描述",
+	"actions.runners.labels": "标签",
+	"actions.runners.last_online": "上次在线时间",
+	"actions.runners.runner_title": "运行器",
+	"actions.runners.task_list": "最近在此运行器上的任务",
+	"actions.runners.task_list.no_tasks": "还没有任务。",
+	"actions.runners.task_list.run": "执行",
+	"actions.runners.task_list.status": "状态",
+	"actions.runners.task_list.repository": "仓库",
+	"actions.runners.task_list.commit": "提交",
+	"actions.runners.task_list.done_at": "完成于",
+	"actions.runners.edit_runner": "编辑运行器",
+	"actions.runners.update_runner.button": "更新更改",
+	"actions.runners.update_runner.success": "运行器更新成功",
+	"actions.runners.update_runner.failed": "更新运行器失败",
+	"actions.runners.delete_runner.button": "删除运行器",
+	"actions.runners.delete_runner.success": "运行器删除成功",
+	"actions.runners.delete_runner.failed": "删除运行器失败",
+	"actions.runners.delete_runner.header": "确认要删除此运行器",
+	"actions.runners.delete_runner.notice": "如果有任务正在此运行器上运行，它将被终止并标记为失败。这可能会中断正在构建的工作流。",
+	"actions.runners.none": "无可用的运行器",
+	"actions.runners.version": "版本",
+	"actions.runners.reset_registration_token.button": "重置注册令牌",
+	"actions.runners.reset_registration_token.success": "成功重置运行器注册令牌",
 	"pulse.n_active_issues": "%s 项活动的议题",
 	"pulse.n_active_prs": "%s 个活跃的合并请求",
 	"repo.pulls.maintainers_can_edit": "维护者可以编辑此合并请求。",
@@ -328,6 +412,14 @@
 	"admin.dashboard.actions_action_user": "撤销不活跃用户的Forgejo Actions信任",
 	"admin.dashboard.transfer_lingering_logs": "将已完成的actions任务的日志从数据库转移到硬盘",
 	"actions.status.diagnostics.waiting": "等待带有以下标签的运行器：%s",
+	"actions.status.unknown": "未知",
+	"actions.status.waiting": "等待中",
+	"actions.status.running": "运行中",
+	"actions.status.success": "成功",
+	"actions.status.failure": "失败",
+	"actions.status.cancelled": "已取消",
+	"actions.status.skipped": "已忽略",
+	"actions.status.blocked": "阻塞中",
 	"repo.pulls.poster_trust_once.tooltip": "由`pull_request`事件触发的工作流会基于此提交运行，但仍需批准。",
 	"repo.pulls.poster_trust_always": "始终批准",
 	"repo.pulls.poster_trust_always.tooltip": "由`pull_request`事件触发的工作流会基于此提交运行，且来自此合并请求或同一用户的其他合并请求的运行不需要批准。",
diff --git a/options/locale_next/locale_zh-HK.json b/options/locale_next/locale_zh-HK.json
index 4c17108c8d..f8a63b7403 100644
--- a/options/locale_next/locale_zh-HK.json
+++ b/options/locale_next/locale_zh-HK.json
@@ -1,4 +1,22 @@
 {
+	"actions.runners.name": "組織名稱",
+	"actions.runners.owner_type": "認證類型",
+	"actions.runners.description": "組織描述",
+	"actions.runners.labels": "標籤",
+	"actions.runners.task_list.run": "執行",
+	"actions.runners.task_list.repository": "儲存庫",
+	"gpg.error.extract_sign": "無法提取簽署",
+	"gpg.error.generate_hash": "無法產生提交的雜湊值",
+	"gpg.error.no_gpg_keys_found": "沒有發現已知的金鑰在資料庫的簽署中",
+	"gpg.error.not_signed_commit": "未簽名的提交",
+	"notification.notifications": "訊息",
+	"notification.unread": "未讀",
+	"notification.read": "已讀",
+	"notification.pin": "固定通知",
+	"notification.mark_as_read": "標記為已讀",
+	"notification.mark_as_unread": "標記為未讀",
+	"dropzone.file_too_big": "檔案大小({{filesize}} MB) 超過了最大允許大小({{maxFilesize}} MB)",
+	"dropzone.remove_file": "移除文件",
 	"packages.filter.type": "認證類型",
 	"packages.alpine.repository.branches": "分支列表",
 	"packages.alpine.repository.repositories": "儲存庫管理",
diff --git a/options/locale_next/locale_zh-TW.json b/options/locale_next/locale_zh-TW.json
index 00ca6f6685..27ee7633a4 100644
--- a/options/locale_next/locale_zh-TW.json
+++ b/options/locale_next/locale_zh-TW.json
@@ -1,4 +1,96 @@
 {
+	"actions.actions": "Actions",
+	"actions.status.unknown": "未知的",
+	"actions.status.waiting": "等待中",
+	"actions.status.running": "執行中",
+	"actions.status.success": "成功",
+	"actions.status.failure": "失敗",
+	"actions.status.cancelled": "已取消",
+	"actions.status.skipped": "已略過",
+	"actions.status.blocked": "已阻止",
+	"actions.runners": "Runner",
+	"actions.runners.runner_manage_panel": "管理 Runner",
+	"actions.runners.new": "建立 Runner",
+	"actions.runners.new_notice": "如何啟動 Runner",
+	"actions.runners.status": "狀態",
+	"actions.runners.status.unspecified": "未知",
+	"actions.runners.status.idle": "閒置",
+	"actions.runners.status.active": "啟用",
+	"actions.runners.status.offline": "離線",
+	"actions.runners.id": "ID",
+	"actions.runners.name": "名稱",
+	"actions.runners.owner_type": "類型",
+	"actions.runners.description": "描述",
+	"actions.runners.labels": "標籤",
+	"actions.runners.last_online": "最後上線時間",
+	"actions.runners.runner_title": "Runner",
+	"actions.runners.task_list": "最近在此 Runner 上的任務",
+	"actions.runners.task_list.no_tasks": "目前沒有任何工作。",
+	"actions.runners.task_list.run": "執行",
+	"actions.runners.task_list.status": "狀態",
+	"actions.runners.task_list.repository": "儲存庫",
+	"actions.runners.task_list.commit": "提交",
+	"actions.runners.task_list.done_at": "完成於",
+	"actions.runners.edit_runner": "編輯 Runner",
+	"actions.runners.update_runner.button": "更新變更",
+	"actions.runners.update_runner.success": "更新 Runner 成功",
+	"actions.runners.update_runner.failed": "更新 Runner 失敗",
+	"actions.runners.delete_runner.button": "刪除此 Runner",
+	"actions.runners.delete_runner.success": "刪除 Runner 成功",
+	"actions.runners.delete_runner.failed": "刪除 Runner 失敗",
+	"actions.runners.delete_runner.header": "確認刪除此 Runner",
+	"actions.runners.delete_runner.notice": "如果有任務正在此 Runner 上執行，它可能會被中止並標記為失敗，這可能會打斷建置工作流程。",
+	"actions.runners.none": "沒有可用的 Runner",
+	"actions.runners.version": "版本",
+	"actions.runners.reset_registration_token.button": "重置註冊符記",
+	"actions.runners.reset_registration_token.success": "成功重設了 Runner 註冊符記",
+	"actions.runs.all_workflows": "所有工作流程",
+	"actions.runs.commit": "提交",
+	"actions.runs.scheduled": "已排程",
+	"actions.runs.pushed_by": "推送者",
+	"actions.runs.workflow": "工作流程",
+	"actions.runs.invalid_workflow_helper": "工作流程設定檔無效。請檢查您的設定檔：%s",
+	"actions.runs.no_matching_online_runner.helper": "沒有在線的執行器且匹配標籤：%s",
+	"actions.runs.no_job_without_needs": "工作流程必須包含至少一項沒有依賴性的作業。",
+	"actions.runs.no_job": "工作流程必須包含至少一項作業",
+	"actions.runs.actor": "操作者",
+	"actions.runs.status": "狀態",
+	"actions.runs.actors_no_select": "所有操作者",
+	"actions.runs.status_no_select": "所有狀態",
+	"actions.runs.no_results": "沒有相符的結果。",
+	"actions.runs.no_workflows": "目前沒有任何工作流程。",
+	"gpg.default_key": "使用預設金鑰簽署",
+	"gpg.error.extract_sign": "無法提取簽署",
+	"gpg.error.generate_hash": "無法產生提交的雜湊值",
+	"gpg.error.no_committer_account": "提交者的電子信箱沒有連結到任何帳號",
+	"gpg.error.no_gpg_keys_found": "資料庫中找不到此簽署所對應的金鑰",
+	"gpg.error.not_signed_commit": "未簽署的提交",
+	"gpg.error.failed_retrieval_gpg_keys": "找不到任何與該提交者帳號相關的金鑰",
+	"gpg.error.probable_bad_signature": "警告！雖然資料庫中有此 ID 的金鑰，但此提交未通過它的驗證！此提交是有疑慮的。",
+	"gpg.error.probable_bad_default_signature": "警告！雖然預設金鑰擁有此 ID，但此提交未通過它的驗證！此提交是有疑慮的。",
+	"notification.notifications": "通知",
+	"notification.unread": "未讀",
+	"notification.read": "已讀",
+	"notification.no_unread": "沒有未讀通知。",
+	"notification.no_read": "沒有已讀通知。",
+	"notification.pin": "固定通知",
+	"notification.mark_as_read": "標記為已讀",
+	"notification.mark_as_unread": "標記為未讀",
+	"notification.mark_all_as_read": "標記所有為已讀",
+	"notification.subscriptions": "訂閱",
+	"notification.watching": "正在關注",
+	"notification.no_subscriptions": "沒有訂閱",
+	"dropzone.default_message": "拖放檔案或是點擊此處上傳。",
+	"dropzone.invalid_input_type": "您無法上傳此類型的檔案。",
+	"dropzone.file_too_big": "檔案大小（{{filesize}} MB）超過了最大允許大小（{{maxFilesize}} MB）。",
+	"dropzone.remove_file": "移除文件",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
 	"packages.title": "軟體包",
 	"packages.empty": "目前還沒有軟體包。",
 	"packages.empty.documentation": "關於軟體包註冊中心的詳情請參閱<a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">文件</a>。",
diff --git a/routers/web/repo/actions/actions.go b/routers/web/repo/actions/actions.go
index 55e70bf5de..63098b62b6 100644
--- a/routers/web/repo/actions/actions.go
+++ b/routers/web/repo/actions/actions.go
@@ -138,7 +138,7 @@ func List(ctx *context.Context) {
 						continue
 					}
 					if !allRunnerLabels.Contains(ro) {
-						workflow.ErrMsg = ctx.Locale.TrString("actions.runs.no_matching_online_runner_helper", ro)
+						workflow.ErrMsg = ctx.Locale.TrString("actions.runs.no_matching_online_runner.helper", ro)
 						break
 					}
 				}
diff --git a/routers/web/shared/actions/runners.go b/routers/web/shared/actions/runners.go
index 2ab6b2dadd..1b77fb1597 100644
--- a/routers/web/shared/actions/runners.go
+++ b/routers/web/shared/actions/runners.go
@@ -117,14 +117,14 @@ func RunnerDetailsEditPost(ctx *context.Context, runnerID, ownerID, repoID int64
 	err = actions_model.UpdateRunner(ctx, runner, "description")
 	if err != nil {
 		log.Warn("RunnerDetailsEditPost.UpdateRunner failed: %v, url: %s", err, ctx.Req.URL)
-		ctx.Flash.Warning(ctx.Tr("actions.runners.update_runner_failed"))
+		ctx.Flash.Warning(ctx.Tr("actions.runners.update_runner.failed"))
 		ctx.Redirect(redirectTo)
 		return
 	}
 
 	log.Debug("RunnerDetailsEditPost success: %s", ctx.Req.URL)
 
-	ctx.Flash.Success(ctx.Tr("actions.runners.update_runner_success"))
+	ctx.Flash.Success(ctx.Tr("actions.runners.update_runner.success"))
 	ctx.Redirect(redirectTo)
 }
 
@@ -136,7 +136,7 @@ func RunnerResetRegistrationToken(ctx *context.Context, ownerID, repoID int64, r
 		return
 	}
 
-	ctx.Flash.Success(ctx.Tr("actions.runners.reset_registration_token_success"))
+	ctx.Flash.Success(ctx.Tr("actions.runners.reset_registration_token.success"))
 	ctx.Redirect(redirectTo)
 }
 
@@ -157,7 +157,7 @@ func RunnerDeletePost(ctx *context.Context, runnerID, ownerID, repoID int64,
 
 	if err := actions_model.DeleteRunner(ctx, runner); err != nil {
 		log.Warn("DeleteRunnerPost.UpdateRunner failed: %v, url: %s", err, ctx.Req.URL)
-		ctx.Flash.Warning(ctx.Tr("actions.runners.delete_runner_failed"))
+		ctx.Flash.Warning(ctx.Tr("actions.runners.delete_runner.failed"))
 
 		ctx.JSONRedirect(failedRedirectTo)
 		return
@@ -165,7 +165,7 @@ func RunnerDeletePost(ctx *context.Context, runnerID, ownerID, repoID int64,
 
 	log.Info("DeleteRunnerPost success: %s", ctx.Req.URL)
 
-	ctx.Flash.Success(ctx.Tr("actions.runners.delete_runner_success"))
+	ctx.Flash.Success(ctx.Tr("actions.runners.delete_runner.success"))
 
 	ctx.JSONRedirect(successRedirectTo)
 }
diff --git a/templates/shared/actions/runner_edit.tmpl b/templates/shared/actions/runner_edit.tmpl
index 662723cd56..66e419c520 100644
--- a/templates/shared/actions/runner_edit.tmpl
+++ b/templates/shared/actions/runner_edit.tmpl
@@ -38,9 +38,9 @@
 			<div class="divider"></div>
 
 			<div class="field">
-				<button class="ui primary button" data-url="{{.Link}}">{{ctx.Locale.Tr "actions.runners.update_runner"}}</button>
+				<button class="ui primary button" data-url="{{.Link}}">{{ctx.Locale.Tr "actions.runners.update_runner.button"}}</button>
 				<button class="ui red button delete-button" data-url="{{.Link}}/delete" data-modal-id="runner-delete-modal">
-					{{ctx.Locale.Tr "actions.runners.delete_runner"}}</button>
+					{{ctx.Locale.Tr "actions.runners.delete_runner.button"}}</button>
 			</div>
 		</form>
 	</div>
@@ -85,10 +85,10 @@
 	<div class="ui g-modal-confirm delete modal" id="runner-delete-modal">
 		<div class="header">
 			{{svg "octicon-trash"}}
-			{{ctx.Locale.Tr "actions.runners.delete_runner_header"}}
+			{{ctx.Locale.Tr "actions.runners.delete_runner.header"}}
 		</div>
 		<div class="content">
-			<p>{{ctx.Locale.Tr "actions.runners.delete_runner_notice"}}</p>
+			<p>{{ctx.Locale.Tr "actions.runners.delete_runner.notice"}}</p>
 		</div>
 		{{template "base/modal_actions_confirm" .}}
 	</div>
diff --git a/templates/shared/actions/runner_list.tmpl b/templates/shared/actions/runner_list.tmpl
index 5bc61f4f64..ea28a7692f 100644
--- a/templates/shared/actions/runner_list.tmpl
+++ b/templates/shared/actions/runner_list.tmpl
@@ -24,7 +24,7 @@
 					</div>
 					<div class="divider"></div>
 					<div class="item">
-						<a href="{{$.Link}}/reset_registration_token">{{ctx.Locale.Tr "actions.runners.reset_registration_token"}}</a>
+						<a href="{{$.Link}}/reset_registration_token">{{ctx.Locale.Tr "actions.runners.reset_registration_token.button"}}</a>
 					</div>
 				</div>
 			</div>

From 5b6bbabd74cf513ef71216d81d13f54b5d736ba8 Mon Sep 17 00:00:00 2001
From: Manuel Ganter <manuel.ganter@think-ahead.tech>
Date: Mon, 16 Feb 2026 18:56:56 +0100
Subject: [PATCH 337/854] feat: implement ephemeral runners (#9962)

As described in [this comment](https://gitea.com/gitea/act_runner/issues/19#issuecomment-739221) one-job runners are not secure when running in host mode. We implemented a routine preventing runner tokens from receiving a second job in order to render a potentially compromised token useless. Also we implemented a routine that removes finished runners as soon as possible.

Big thanks to [ChristopherHX](https://github.com/ChristopherHX) who did all the work for gitea!

Rel: #9407

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9962
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Manuel Ganter <manuel.ganter@think-ahead.tech>
Co-committed-by: Manuel Ganter <manuel.ganter@think-ahead.tech>
---
 cmd/forgejo/actions.go                        |   8 +-
 models/actions/forgejo.go                     |   5 +-
 models/actions/forgejo_test.go                |  26 ++-
 models/actions/runner.go                      |   2 +
 models/actions/task.go                        |   4 +
 .../v15b_add-ephemeral_runner.go              |  24 +++
 modules/structs/repo_actions.go               |   2 +
 modules/structs/runner.go                     |  12 +-
 routers/api/actions/runner/runner.go          |  35 ++--
 routers/api/v1/shared/runners.go              |   8 +-
 services/actions/cleanup.go                   |  58 +++++-
 services/actions/cleanup_test.go              |  75 ++++++++
 services/actions/task.go                      |  25 +++
 services/convert/convert.go                   |   1 +
 services/repository/delete.go                 |   8 +
 templates/swagger/v1_json.tmpl                |  14 ++
 tests/integration/actions_job_test.go         | 124 +++++++++++++
 tests/integration/actions_runner_test.go      |  37 +++-
 tests/integration/api_admin_actions_test.go   |  56 ++++++
 tests/integration/api_org_actions_test.go     |  59 +++++-
 tests/integration/api_repo_actions_test.go    |  60 ++++++-
 tests/integration/api_user_actions_test.go    |  59 +++++-
 .../ephemeral_actions_runner_deletion_test.go | 170 ++++++++++++++++++
 .../action_runner.yml                         |  12 +-
 .../action_runner.yml                         |  10 ++
 .../action_runner.yml                         |  10 ++
 .../action_runner.yml                         |  10 ++
 .../TestEphemeralRunner/action_run.yml        |  61 +++++++
 .../TestEphemeralRunner/action_run_job.yml    |  46 +++++
 .../TestEphemeralRunner/action_runner.yml     |  75 ++++++++
 .../TestEphemeralRunner/action_task.yml       |  41 +++++
 .../TestEphemeralRunner/repo_unit.yml         |   6 +
 .../TestEphemeralRunner/repository.yml        |  28 +++
 33 files changed, 1130 insertions(+), 41 deletions(-)
 create mode 100644 models/forgejo_migrations/v15b_add-ephemeral_runner.go
 create mode 100644 tests/integration/ephemeral_actions_runner_deletion_test.go
 create mode 100644 tests/integration/fixtures/TestEphemeralRunner/action_run.yml
 create mode 100644 tests/integration/fixtures/TestEphemeralRunner/action_run_job.yml
 create mode 100644 tests/integration/fixtures/TestEphemeralRunner/action_runner.yml
 create mode 100644 tests/integration/fixtures/TestEphemeralRunner/action_task.yml
 create mode 100644 tests/integration/fixtures/TestEphemeralRunner/repo_unit.yml
 create mode 100644 tests/integration/fixtures/TestEphemeralRunner/repository.yml

diff --git a/cmd/forgejo/actions.go b/cmd/forgejo/actions.go
index f520924c20..309b9801cb 100644
--- a/cmd/forgejo/actions.go
+++ b/cmd/forgejo/actions.go
@@ -102,6 +102,11 @@ func SubcmdActionsRegister(ctx context.Context) *cli.Command {
 				Value: "",
 				Usage: "version of the runner (not required since v1.21)",
 			},
+			&cli.BoolFlag{
+				Name:  "ephemeral",
+				Value: false,
+				Usage: "instruct Forgejo to permanently unregister this runner after it has run one job",
+			},
 		},
 	}
 }
@@ -172,6 +177,7 @@ func RunRegister(ctx context.Context, cli *cli.Command) error {
 	scope := cli.String("scope")
 	name := cli.String("name")
 	version := cli.String("version")
+	ephemeral := cli.Bool("ephemeral")
 	labels, err := getLabels(cli)
 	if err != nil {
 		return err
@@ -199,7 +205,7 @@ func RunRegister(ctx context.Context, cli *cli.Command) error {
 		return err
 	}
 
-	runner, err := actions_model.RegisterRunner(ctx, owner, repo, secret, labels, name, version)
+	runner, err := actions_model.RegisterRunner(ctx, owner, repo, secret, labels, name, version, ephemeral)
 	if err != nil {
 		return fmt.Errorf("error while registering runner: %v", err)
 	}
diff --git a/models/actions/forgejo.go b/models/actions/forgejo.go
index ce3f8b0c8b..a55066fe3a 100644
--- a/models/actions/forgejo.go
+++ b/models/actions/forgejo.go
@@ -14,7 +14,7 @@ import (
 	gouuid "github.com/google/uuid"
 )
 
-func RegisterRunner(ctx context.Context, ownerID, repoID int64, token string, labels *[]string, name, version string) (*ActionRunner, error) {
+func RegisterRunner(ctx context.Context, ownerID, repoID int64, token string, labels *[]string, name, version string, ephemeral bool) (*ActionRunner, error) {
 	uuid, err := gouuid.FromBytes([]byte(token[:16]))
 	if err != nil {
 		return nil, fmt.Errorf("gouuid.FromBytes %v", err)
@@ -60,11 +60,12 @@ func RegisterRunner(ctx context.Context, ownerID, repoID int64, token string, la
 	//
 	name, _ = util.SplitStringAtByteN(name, 255)
 
-	cols := []string{"name", "owner_id", "repo_id", "version"}
+	cols := []string{"name", "owner_id", "repo_id", "version", "ephemeral"}
 	runner.Name = name
 	runner.OwnerID = ownerID
 	runner.RepoID = repoID
 	runner.Version = version
+	runner.Ephemeral = ephemeral
 	if labels != nil {
 		runner.AgentLabels = *labels
 		cols = append(cols, "agent_labels")
diff --git a/models/actions/forgejo_test.go b/models/actions/forgejo_test.go
index 5702068c1b..2170b0927a 100644
--- a/models/actions/forgejo_test.go
+++ b/models/actions/forgejo_test.go
@@ -22,9 +22,11 @@ func TestActions_RegisterRunner_Token(t *testing.T) {
 	labels := []string{}
 	name := "runner"
 	version := "v1.2.3"
-	runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, &labels, name, version)
+	ephemeral := true
+	runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, &labels, name, version, ephemeral)
 	require.NoError(t, err)
 	assert.Equal(t, name, runner.Name)
+	assert.True(t, runner.Ephemeral)
 
 	assert.Equal(t, 1, subtle.ConstantTimeCompare([]byte(runner.TokenHash), []byte(auth_model.HashToken(token, runner.TokenSalt))), "the token cannot be verified with the same method as routers/api/actions/runner/interceptor.go as of 8228751c55d6a4263f0fec2932ca16181c09c97d")
 }
@@ -44,7 +46,7 @@ func TestActions_RegisterRunner_TokenUpdate(t *testing.T) {
 		"the initial token should match the runner's secret",
 	)
 
-	RegisterRunner(db.DefaultContext, before.OwnerID, before.RepoID, newToken, nil, before.Name, before.Version)
+	RegisterRunner(db.DefaultContext, before.OwnerID, before.RepoID, newToken, nil, before.Name, before.Version, false)
 
 	after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
 
@@ -66,10 +68,11 @@ func TestActions_RegisterRunner_CreateWithLabels(t *testing.T) {
 	token := "0123456789012345678901234567890123456789"
 	name := "runner"
 	version := "v1.2.3"
+	ephemeral := true
 	labels := []string{"woop", "doop"}
 	labelsCopy := labels // labels may be affected by the tested function so we copy them
 
-	runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, &labels, name, version)
+	runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, &labels, name, version, ephemeral)
 	require.NoError(t, err)
 
 	// Check that the returned record has been updated, except for the labels
@@ -78,6 +81,7 @@ func TestActions_RegisterRunner_CreateWithLabels(t *testing.T) {
 	assert.Equal(t, name, runner.Name)
 	assert.Equal(t, version, runner.Version)
 	assert.Equal(t, labelsCopy, runner.AgentLabels)
+	assert.Equal(t, ephemeral, runner.Ephemeral)
 
 	// Check that whatever is in the DB has been updated, except for the labels
 	after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: runner.ID})
@@ -86,6 +90,7 @@ func TestActions_RegisterRunner_CreateWithLabels(t *testing.T) {
 	assert.Equal(t, name, after.Name)
 	assert.Equal(t, version, after.Version)
 	assert.Equal(t, labelsCopy, after.AgentLabels)
+	assert.Equal(t, ephemeral, after.Ephemeral)
 }
 
 func TestActions_RegisterRunner_CreateWithoutLabels(t *testing.T) {
@@ -95,8 +100,9 @@ func TestActions_RegisterRunner_CreateWithoutLabels(t *testing.T) {
 	token := "0123456789012345678901234567890123456789"
 	name := "runner"
 	version := "v1.2.3"
+	ephemeral := true
 
-	runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, nil, name, version)
+	runner, err := RegisterRunner(db.DefaultContext, ownerID, repoID, token, nil, name, version, ephemeral)
 	require.NoError(t, err)
 
 	// Check that the returned record has been updated, except for the labels
@@ -105,6 +111,7 @@ func TestActions_RegisterRunner_CreateWithoutLabels(t *testing.T) {
 	assert.Equal(t, name, runner.Name)
 	assert.Equal(t, version, runner.Version)
 	assert.Equal(t, []string{}, runner.AgentLabels)
+	assert.Equal(t, ephemeral, runner.Ephemeral)
 
 	// Check that whatever is in the DB has been updated, except for the labels
 	after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: runner.ID})
@@ -113,6 +120,7 @@ func TestActions_RegisterRunner_CreateWithoutLabels(t *testing.T) {
 	assert.Equal(t, name, after.Name)
 	assert.Equal(t, version, after.Version)
 	assert.Equal(t, []string{}, after.AgentLabels)
+	assert.Equal(t, ephemeral, after.Ephemeral)
 }
 
 func TestActions_RegisterRunner_UpdateWithLabels(t *testing.T) {
@@ -125,10 +133,11 @@ func TestActions_RegisterRunner_UpdateWithLabels(t *testing.T) {
 	newRepoID := int64(1)
 	newName := "rennur"
 	newVersion := "v4.5.6"
+	ephemeral := true
 	newLabels := []string{"warp", "darp"}
 	labelsCopy := newLabels // labels may be affected by the tested function so we copy them
 
-	runner, err := RegisterRunner(db.DefaultContext, newOwnerID, newRepoID, token, &newLabels, newName, newVersion)
+	runner, err := RegisterRunner(db.DefaultContext, newOwnerID, newRepoID, token, &newLabels, newName, newVersion, ephemeral)
 	require.NoError(t, err)
 
 	// Check that the returned record has been updated
@@ -137,6 +146,7 @@ func TestActions_RegisterRunner_UpdateWithLabels(t *testing.T) {
 	assert.Equal(t, newName, runner.Name)
 	assert.Equal(t, newVersion, runner.Version)
 	assert.Equal(t, labelsCopy, runner.AgentLabels)
+	assert.Equal(t, ephemeral, runner.Ephemeral)
 
 	// Check that whatever is in the DB has been updated
 	after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
@@ -145,6 +155,7 @@ func TestActions_RegisterRunner_UpdateWithLabels(t *testing.T) {
 	assert.Equal(t, newName, after.Name)
 	assert.Equal(t, newVersion, after.Version)
 	assert.Equal(t, labelsCopy, after.AgentLabels)
+	assert.Equal(t, ephemeral, after.Ephemeral)
 }
 
 func TestActions_RegisterRunner_UpdateWithoutLabels(t *testing.T) {
@@ -157,8 +168,9 @@ func TestActions_RegisterRunner_UpdateWithoutLabels(t *testing.T) {
 	newRepoID := int64(1)
 	newName := "rennur"
 	newVersion := "v4.5.6"
+	ephemeral := true
 
-	runner, err := RegisterRunner(db.DefaultContext, newOwnerID, newRepoID, token, nil, newName, newVersion)
+	runner, err := RegisterRunner(db.DefaultContext, newOwnerID, newRepoID, token, nil, newName, newVersion, ephemeral)
 	require.NoError(t, err)
 
 	// Check that the returned record has been updated, except for the labels
@@ -167,6 +179,7 @@ func TestActions_RegisterRunner_UpdateWithoutLabels(t *testing.T) {
 	assert.Equal(t, newName, runner.Name)
 	assert.Equal(t, newVersion, runner.Version)
 	assert.Equal(t, before.AgentLabels, runner.AgentLabels)
+	assert.Equal(t, ephemeral, runner.Ephemeral)
 
 	// Check that whatever is in the DB has been updated, except for the labels
 	after := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: recordID})
@@ -175,4 +188,5 @@ func TestActions_RegisterRunner_UpdateWithoutLabels(t *testing.T) {
 	assert.Equal(t, newName, after.Name)
 	assert.Equal(t, newVersion, after.Version)
 	assert.Equal(t, before.AgentLabels, after.AgentLabels)
+	assert.Equal(t, ephemeral, after.Ephemeral)
 }
diff --git a/models/actions/runner.go b/models/actions/runner.go
index 2b5fcd77cc..3761cb6ccf 100644
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@@ -61,6 +61,8 @@ type ActionRunner struct {
 
 	// Store labels defined in state file (default: .runner file) of `act_runner`
 	AgentLabels []string `xorm:"TEXT"`
+	// Store if this is a runner that only ever get one single job assigned
+	Ephemeral bool `xorm:"ephemeral NOT NULL DEFAULT false"`
 
 	Created timeutil.TimeStamp `xorm:"created"`
 	Updated timeutil.TimeStamp `xorm:"updated"`
diff --git a/models/actions/task.go b/models/actions/task.go
index 3cf8a3af04..b0e6bb0f15 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -174,6 +174,10 @@ func GetTaskByID(ctx context.Context, id int64) (*ActionTask, error) {
 	return &task, nil
 }
 
+func HasTaskForRunner(ctx context.Context, runnerID int64) (bool, error) {
+	return db.GetEngine(ctx).Where("runner_id = ?", runnerID).Exist(&ActionTask{})
+}
+
 func GetTaskByJobAttempt(ctx context.Context, jobID, attempt int64) (*ActionTask, error) {
 	var task ActionTask
 	has, err := db.GetEngine(ctx).Where("job_id=?", jobID).Where("attempt=?", attempt).Get(&task)
diff --git a/models/forgejo_migrations/v15b_add-ephemeral_runner.go b/models/forgejo_migrations/v15b_add-ephemeral_runner.go
new file mode 100644
index 0000000000..746763aa66
--- /dev/null
+++ b/models/forgejo_migrations/v15b_add-ephemeral_runner.go
@@ -0,0 +1,24 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add ephemeral to action_runner",
+		Upgrade:     addRunnerEphemeralField,
+	})
+}
+
+func addRunnerEphemeralField(x *xorm.Engine) error {
+	type ActionRunner struct {
+		Ephemeral bool `xorm:"ephemeral NOT NULL DEFAULT false"`
+	}
+
+	_, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, new(ActionRunner))
+	return err
+}
diff --git a/modules/structs/repo_actions.go b/modules/structs/repo_actions.go
index 69e616eed9..324ea474fd 100644
--- a/modules/structs/repo_actions.go
+++ b/modules/structs/repo_actions.go
@@ -80,4 +80,6 @@ type ActionRunner struct {
 	Labels []string `json:"labels"`
 	// Description provides optional details about this runner.
 	Description string `json:"description"`
+	// Indicates if runner is ephemeral runner
+	Ephemeral bool `json:"ephemeral"`
 }
diff --git a/modules/structs/runner.go b/modules/structs/runner.go
index e744355b30..cecbb72400 100644
--- a/modules/structs/runner.go
+++ b/modules/structs/runner.go
@@ -15,12 +15,18 @@ type RegisterRunnerOptions struct {
 	//
 	// required: false
 	Description string `json:"description"`
+
+	// Register as ephemeral runner https://forgejo.org/docs/latest/admin/actions/security/#ephemeral-runner
+	//
+	// required: false
+	Ephemeral bool `json:"ephemeral"`
 }
 
 // RegisterRunnerResponse contains the details of the just registered runner.
 // swagger:model
 type RegisterRunnerResponse struct {
-	ID    int64  `json:"id" binding:"Required"`
-	UUID  string `json:"uuid" binding:"Required"`
-	Token string `json:"token" binding:"Required"`
+	ID        int64  `json:"id" binding:"Required"`
+	UUID      string `json:"uuid" binding:"Required"`
+	Token     string `json:"token" binding:"Required"`
+	Ephemeral bool   `json:"ephemeral" binding:"Required"`
 }
diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go
index ed48ee320b..e0bd8f3d8d 100644
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -79,6 +79,7 @@ func (s *Service) Register(
 		RepoID:      runnerToken.RepoID,
 		Version:     req.Msg.Version,
 		AgentLabels: labels,
+		Ephemeral:   req.Msg.Ephemeral,
 	}
 	runner.GenerateToken()
 
@@ -95,12 +96,13 @@ func (s *Service) Register(
 
 	res := connect.NewResponse(&runnerv1.RegisterResponse{
 		Runner: &runnerv1.Runner{
-			Id:      runner.ID,
-			Uuid:    runner.UUID,
-			Token:   runner.Token,
-			Name:    runner.Name,
-			Version: runner.Version,
-			Labels:  runner.AgentLabels,
+			Id:        runner.ID,
+			Uuid:      runner.UUID,
+			Token:     runner.Token,
+			Name:      runner.Name,
+			Version:   runner.Version,
+			Labels:    runner.AgentLabels,
+			Ephemeral: runner.Ephemeral,
 		},
 	})
 
@@ -120,12 +122,13 @@ func (s *Service) Declare(
 
 	return connect.NewResponse(&runnerv1.DeclareResponse{
 		Runner: &runnerv1.Runner{
-			Id:      runner.ID,
-			Uuid:    runner.UUID,
-			Token:   runner.Token,
-			Name:    runner.Name,
-			Version: runner.Version,
-			Labels:  runner.AgentLabels,
+			Id:        runner.ID,
+			Uuid:      runner.UUID,
+			Token:     runner.Token,
+			Name:      runner.Name,
+			Version:   runner.Version,
+			Labels:    runner.AgentLabels,
+			Ephemeral: runner.Ephemeral,
 		},
 	}), nil
 }
@@ -251,6 +254,14 @@ func (s *Service) UpdateTask(
 				return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("fail to increase task version: %w", err))
 			}
 		}
+
+		if runner.Ephemeral {
+			err := actions_model.DeleteRunner(ctx, runner)
+			if err != nil {
+				log.Error("failed to delete ephemeral runner %v, %w", task.RunnerID, err)
+				return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("failed to delete ephemeral runner %v, %w", task.RunnerID, err))
+			}
+		}
 	}
 
 	return connect.NewResponse(&runnerv1.UpdateTaskResponse{
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index ecfbbcda69..ad470215e9 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -162,6 +162,7 @@ func RegisterRunner(ctx *context.APIContext, ownerID, repoID int64) {
 		OwnerID:     ownerID,
 		RepoID:      repoID,
 		Description: options.Description,
+		Ephemeral:   options.Ephemeral,
 	}
 	runner.GenerateToken()
 	if err := actions_model.CreateRunner(ctx, runner); err != nil {
@@ -169,9 +170,10 @@ func RegisterRunner(ctx *context.APIContext, ownerID, repoID int64) {
 	}
 
 	response := &structs.RegisterRunnerResponse{
-		ID:    runner.ID,
-		UUID:  runner.UUID,
-		Token: runner.Token,
+		ID:        runner.ID,
+		UUID:      runner.UUID,
+		Token:     runner.Token,
+		Ephemeral: runner.Ephemeral,
 	}
 	ctx.JSON(http.StatusCreated, response)
 }
diff --git a/services/actions/cleanup.go b/services/actions/cleanup.go
index 918be0f185..d1603a4808 100644
--- a/services/actions/cleanup.go
+++ b/services/actions/cleanup.go
@@ -11,23 +11,31 @@ import (
 	"time"
 
 	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/db"
 	actions_module "forgejo.org/modules/actions"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/storage"
 	"forgejo.org/modules/timeutil"
+
+	"xorm.io/builder"
 )
 
-// Cleanup removes expired actions logs, data and artifacts
+// Cleanup removes expired actions logs, data, artifacts and used ephemeral runners
 func Cleanup(ctx context.Context) error {
 	// clean up expired artifacts
 	if err := CleanupArtifacts(ctx); err != nil {
-		return fmt.Errorf("cleanup artifacts: %w", err)
+		return fmt.Errorf("failed to clean up artifacts: %w", err)
 	}
 
 	// clean up old logs
 	if err := CleanupLogs(ctx); err != nil {
-		return fmt.Errorf("cleanup logs: %w", err)
+		return fmt.Errorf("failed to clean up logs: %w", err)
+	}
+
+	// clean up old ephemeral runners
+	if err := CleanupEphemeralRunners(ctx); err != nil {
+		return fmt.Errorf("failed to clean up old ephemeral runners: %w", err)
 	}
 
 	return nil
@@ -127,6 +135,50 @@ func CleanupLogs(ctx context.Context) error {
 	return nil
 }
 
+// CleanupEphemeralRunners removes used ephemeral runners which are no longer able to process jobs
+func CleanupEphemeralRunners(ctx context.Context) error {
+	var ids []int
+	err := db.GetEngine(ctx).
+		Table("`action_runner`").
+		Select("DISTINCT `action_runner`.id").
+		Join("INNER", "`action_task`", "`action_task`.`runner_id` = `action_runner`.`id`").
+		Where(builder.Eq{"`action_runner`.`ephemeral`": true}).
+		And(builder.In("`action_task`.`status`", actions_model.DoneStatuses())).
+		Find(&ids)
+	if err != nil {
+		return fmt.Errorf("failed to find ephemeral runners: %w", err)
+	}
+
+	res, err := db.GetEngine(ctx).
+		In("id", ids).
+		Delete(&actions_model.ActionRunner{})
+	if err != nil {
+		return fmt.Errorf("failed to delete ephemeral runners: %w", err)
+	}
+
+	log.Info("Removed %d ephemeral runners", res)
+	return nil
+}
+
+// CleanupEphemeralRunnersByPickedTaskOfRepo removes all ephemeral runners that have active/finished tasks on the given repository
+func CleanupEphemeralRunnersByPickedTaskOfRepo(ctx context.Context, repoID int64) error {
+	subQuery := builder.Select("`action_runner`.id").
+		From(builder.Select("*").From("`action_runner`"), "`action_runner`"). // mysql needs this redundant subquery
+		Join("INNER", "`action_task`", "`action_task`.`runner_id` = `action_runner`.`id`").
+		Where(builder.And(builder.Eq{"`action_runner`.`ephemeral`": true}, builder.Eq{"`action_task`.`repo_id`": repoID}))
+	b := builder.Delete(builder.In("id", subQuery)).From("`action_runner`")
+	res, err := db.GetEngine(ctx).Exec(b)
+	if err != nil {
+		return fmt.Errorf("find runners: %w", err)
+	}
+	affected, err := res.RowsAffected()
+	if err != nil {
+		return err
+	}
+	log.Info("Removed %d runners", affected)
+	return nil
+}
+
 // CleanupOfflineRunners removes offline runners
 func CleanupOfflineRunners(ctx context.Context, duration time.Duration, globalOnly bool) error {
 	olderThan := timeutil.TimeStampNow().AddDuration(-duration)
diff --git a/services/actions/cleanup_test.go b/services/actions/cleanup_test.go
index 4a847ced23..b7f3e8a842 100644
--- a/services/actions/cleanup_test.go
+++ b/services/actions/cleanup_test.go
@@ -29,3 +29,78 @@ func TestCleanup(t *testing.T) {
 		assert.Nil(t, task.LogIndexes)
 	})
 }
+
+func TestCleanupEphemeralRunners(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("Deletes ephemeral runner with successful task", func(t *testing.T) {
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionRunner{ID: 2001, UUID: "2001-uuid", TokenHash: "2001-hash", Ephemeral: true})
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionTask{ID: 2001, RunnerID: 2001, TokenHash: "task-2001-hash", Status: actions_model.StatusSuccess})
+
+		require.NoError(t, CleanupEphemeralRunners(db.DefaultContext))
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunner{ID: 2001})
+	})
+
+	t.Run("Deletes ephemeral runner with failed task", func(t *testing.T) {
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionRunner{ID: 2002, UUID: "2002-uuid", TokenHash: "2002-hash", Ephemeral: true})
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionTask{ID: 2002, RunnerID: 2002, TokenHash: "task-2002-hash", Status: actions_model.StatusFailure})
+
+		require.NoError(t, CleanupEphemeralRunners(db.DefaultContext))
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunner{ID: 2002})
+	})
+
+	t.Run("Deletes ephemeral runner with cancelled task", func(t *testing.T) {
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionRunner{ID: 2003, UUID: "2003-uuid", TokenHash: "2003-hash", Ephemeral: true})
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionTask{ID: 2003, RunnerID: 2003, TokenHash: "task-2003-hash", Status: actions_model.StatusCancelled})
+
+		require.NoError(t, CleanupEphemeralRunners(db.DefaultContext))
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunner{ID: 2003})
+	})
+
+	t.Run("Deletes ephemeral runner with skipped task", func(t *testing.T) {
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionRunner{ID: 2004, UUID: "2004-uuid", TokenHash: "2004-hash", Ephemeral: true})
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionTask{ID: 2004, RunnerID: 2004, TokenHash: "task-2004-hash", Status: actions_model.StatusSkipped})
+
+		require.NoError(t, CleanupEphemeralRunners(db.DefaultContext))
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunner{ID: 2004})
+	})
+
+	t.Run("Keeps ephemeral runner with running task", func(t *testing.T) {
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionRunner{ID: 2005, UUID: "2005-uuid", TokenHash: "2005-hash", Ephemeral: true})
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionTask{ID: 2005, RunnerID: 2005, TokenHash: "task-2005-hash", Status: actions_model.StatusRunning})
+
+		require.NoError(t, CleanupEphemeralRunners(db.DefaultContext))
+
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 2005})
+	})
+
+	t.Run("Keeps ephemeral runner with waiting task", func(t *testing.T) {
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionRunner{ID: 2006, UUID: "2006-uuid", TokenHash: "2006-hash", Ephemeral: true})
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionTask{ID: 2006, RunnerID: 2006, TokenHash: "task-2006-hash", Status: actions_model.StatusWaiting})
+
+		require.NoError(t, CleanupEphemeralRunners(db.DefaultContext))
+
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 2006})
+	})
+
+	t.Run("Keeps ephemeral runner with no tasks", func(t *testing.T) {
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionRunner{ID: 2007, UUID: "2007-uuid", TokenHash: "2007-hash", Ephemeral: true})
+
+		require.NoError(t, CleanupEphemeralRunners(db.DefaultContext))
+
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 2007})
+	})
+
+	t.Run("Keeps non-ephemeral runner with completed task", func(t *testing.T) {
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionRunner{ID: 2008, UUID: "2008-uuid", TokenHash: "2008-hash", Ephemeral: false})
+		unittest.AssertSuccessfulInsert(t, &actions_model.ActionTask{ID: 2008, RunnerID: 2008, TokenHash: "task-2008-hash", Status: actions_model.StatusSuccess})
+
+		require.NoError(t, CleanupEphemeralRunners(db.DefaultContext))
+
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 2008})
+	})
+}
diff --git a/services/actions/task.go b/services/actions/task.go
index bbe17ac8b3..34b838f2a3 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -26,6 +26,19 @@ func PickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv
 		job  *actions_model.ActionRunJob
 	)
 
+	if runner.Ephemeral {
+		hasRunnerAssignedTask, err := actions_model.HasTaskForRunner(ctx, runner.ID)
+		// Let the runner retry the request, do not allow to proceed
+		if err != nil {
+			return nil, false, err
+		}
+
+		// if runner has task, dont assign new task
+		if hasRunnerAssignedTask {
+			return nil, false, nil
+		}
+	}
+
 	if err := db.WithTx(ctx, func(ctx context.Context) error {
 		t, ok, err := actions_model.CreateTaskForRunner(ctx, runner)
 		if err != nil {
@@ -166,6 +179,18 @@ func StopTask(ctx context.Context, taskID int64, status actions_model.Status) er
 		return err
 	}
 
+	runner := &actions_model.ActionRunner{}
+	if _, err := e.ID(task.RunnerID).Get(runner); err != nil {
+		return fmt.Errorf("failed to find runner assigned to task")
+	}
+
+	if runner.Ephemeral {
+		err := actions_model.DeleteRunner(ctx, runner)
+		if err != nil {
+			return fmt.Errorf("failed to remove ephemeral runner from stopped task: %w", err)
+		}
+	}
+
 	if err := task.LoadAttributes(ctx); err != nil {
 		return err
 	}
diff --git a/services/convert/convert.go b/services/convert/convert.go
index 00e1742178..65fa701ffe 100644
--- a/services/convert/convert.go
+++ b/services/convert/convert.go
@@ -547,6 +547,7 @@ func ToActionRunner(runner *actions_model.ActionRunner) (api.ActionRunner, error
 		Version:     runner.Version,
 		Status:      status.String(),
 		Labels:      runner.AgentLabels,
+		Ephemeral:   runner.Ephemeral,
 	}
 
 	return actionRunner, nil
diff --git a/services/repository/delete.go b/services/repository/delete.go
index 9eca085da3..ebebdef3f1 100644
--- a/services/repository/delete.go
+++ b/services/repository/delete.go
@@ -30,6 +30,7 @@ import (
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/storage"
+	actions_service "forgejo.org/services/actions"
 	federation_service "forgejo.org/services/federation"
 
 	"xorm.io/builder"
@@ -145,6 +146,13 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
 		}
 	}
 
+	// CleanupEphemeralRunnersByPickedTaskOfRepo deletes ephemeral global/org/user that have started any task of this repo, as they cannot pick a second task
+	// This method will delete affected ephemeral global/org/user runners
+	// &actions_model.ActionRunner{RepoID: repoID} does only handle ephemeral repository runners
+	if err := actions_service.CleanupEphemeralRunnersByPickedTaskOfRepo(ctx, repoID); err != nil {
+		return fmt.Errorf("cleanupEphemeralRunners: %w", err)
+	}
+
 	if err := db.DeleteBeans(ctx,
 		&access_model.Access{RepoID: repo.ID},
 		&activities_model.Action{RepoID: repo.ID},
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index a82fa503f0..976c25afa7 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -22371,6 +22371,11 @@
           "type": "string",
           "x-go-name": "Description"
         },
+        "ephemeral": {
+          "description": "Indicates if runner is ephemeral runner",
+          "type": "boolean",
+          "x-go-name": "Ephemeral"
+        },
         "id": {
           "description": "ID uniquely identifies this runner.",
           "type": "integer",
@@ -28516,6 +28521,11 @@
           "type": "string",
           "x-go-name": "Description"
         },
+        "ephemeral": {
+          "description": "Register as ephemeral runner https://forgejo.org/docs/latest/admin/actions/security/#ephemeral-runner",
+          "type": "boolean",
+          "x-go-name": "Ephemeral"
+        },
         "name": {
           "description": "Name of the runner to register. The name of the runner does not have to be unique.",
           "type": "string",
@@ -28528,6 +28538,10 @@
       "type": "object",
       "title": "RegisterRunnerResponse contains the details of the just registered runner.",
       "properties": {
+        "ephemeral": {
+          "type": "boolean",
+          "x-go-name": "Ephemeral"
+        },
         "id": {
           "type": "integer",
           "format": "int64",
diff --git a/tests/integration/actions_job_test.go b/tests/integration/actions_job_test.go
index 91c61fe258..d252d122a0 100644
--- a/tests/integration/actions_job_test.go
+++ b/tests/integration/actions_job_test.go
@@ -22,8 +22,10 @@ import (
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
+	actions_service "forgejo.org/services/actions"
 
 	runnerv1 "code.forgejo.org/forgejo/actions-proto/runner/v1"
+	"connectrpc.com/connect"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -606,6 +608,128 @@ jobs:
 	})
 }
 
+func TestActionsEphemeral(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		t.Skip()
+	}
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		user2Session := loginUser(t, user2.Name)
+		user2Token := getTokenForLoggedInUser(t, user2Session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
+
+		apiBaseRepo := createActionsTestRepo(t, user2Token, "actions-gitea-context", false)
+		baseRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiBaseRepo.ID})
+		user2APICtx := NewAPITestContext(t, baseRepo.OwnerName, baseRepo.Name, auth_model.AccessTokenScopeWriteRepository)
+
+		runner := newMockRunner()
+		runner.registerAsEphemeralRepoRunner(t, baseRepo.OwnerName, baseRepo.Name, "mock-runner", []string{"ubuntu-latest"})
+
+		// verify CleanupEphemeralRunners does not remove this runner
+		err := actions_service.CleanupEphemeralRunners(t.Context())
+		require.NoError(t, err)
+
+		// init the workflow
+		wfTreePath := ".gitea/workflows/pull.yml"
+		wfFileContent := `name: Pull Request
+on: pull_request
+jobs:
+  wf1-job:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo 'test the pull'
+  wf2-job:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo 'test the pull'
+`
+		opts := getWorkflowCreateFileOptions(user2, baseRepo.DefaultBranch, fmt.Sprintf("create %s", wfTreePath), wfFileContent)
+		createWorkflowFile(t, user2Token, baseRepo.OwnerName, baseRepo.Name, wfTreePath, opts)
+		// user2 creates a pull request
+		doAPICreateFile(user2APICtx, "user2-patch.txt", &api.CreateFileOptions{
+			FileOptions: api.FileOptions{
+				NewBranchName: "user2/patch-1",
+				Message:       "create user2-patch.txt",
+				Author: api.Identity{
+					Name:  user2.Name,
+					Email: user2.Email,
+				},
+				Committer: api.Identity{
+					Name:  user2.Name,
+					Email: user2.Email,
+				},
+				Dates: api.CommitDateOptions{
+					Author:    time.Now(),
+					Committer: time.Now(),
+				},
+			},
+			ContentBase64: base64.StdEncoding.EncodeToString([]byte("user2-fix")),
+		})(t)
+		_, err = doAPICreatePullRequest(user2APICtx, baseRepo.OwnerName, baseRepo.Name, baseRepo.DefaultBranch, "user2/patch-1")(t)
+		require.NoError(t, err)
+		task := runner.fetchTask(t)
+		actionTask := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: task.Id})
+		actionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: actionTask.JobID})
+		actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: actionRunJob.RunID})
+		require.NoError(t, actionRun.LoadAttributes(t.Context()))
+
+		runEvent := map[string]any{}
+		require.NoError(t, json.Unmarshal([]byte(actionRun.EventPayload), &runEvent))
+
+		// verify CleanupEphemeralRunners does not remove this runner
+		err = actions_service.CleanupEphemeralRunners(t.Context())
+		require.NoError(t, err)
+
+		resp, err := runner.client.runnerServiceClient.FetchTask(t.Context(), connect.NewRequest(&runnerv1.FetchTaskRequest{
+			TasksVersion: 0,
+		}))
+		require.NoError(t, err)
+		assert.Nil(t, resp.Msg.Task)
+
+		// verify CleanupEphemeralRunners does not remove this runner
+		err = actions_service.CleanupEphemeralRunners(t.Context())
+		require.NoError(t, err)
+
+		runner.client.runnerServiceClient.UpdateTask(t.Context(), connect.NewRequest(&runnerv1.UpdateTaskRequest{
+			State: &runnerv1.TaskState{
+				Id:     actionTask.ID,
+				Result: runnerv1.Result_RESULT_SUCCESS,
+			},
+		}))
+		resp, err = runner.client.runnerServiceClient.FetchTask(t.Context(), connect.NewRequest(&runnerv1.FetchTaskRequest{
+			TasksVersion: 0,
+		}))
+		require.Error(t, err)
+		assert.Nil(t, resp)
+
+		// create an runner that picks a job and get force cancelled
+		runnerToBeRemoved := newMockRunner()
+		runnerToBeRemoved.registerAsEphemeralRepoRunner(t, baseRepo.OwnerName, baseRepo.Name, "mock-runner-to-be-removed", []string{"ubuntu-latest"})
+
+		taskToStopAPIObj := runnerToBeRemoved.fetchTask(t)
+
+		taskToStop := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: taskToStopAPIObj.Id})
+
+		// verify CleanupEphemeralRunners does not remove the custom crafted runner
+		err = actions_service.CleanupEphemeralRunners(t.Context())
+		require.NoError(t, err)
+
+		runnerToRemove := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: taskToStop.RunnerID})
+
+		err = actions_service.StopTask(t.Context(), taskToStop.ID, actions_model.StatusFailure)
+		require.NoError(t, err)
+
+		// verify CleanupEphemeralRunners does remove the custom crafted runner
+		err = actions_service.CleanupEphemeralRunners(t.Context())
+		require.NoError(t, err)
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunner{ID: runnerToRemove.ID})
+
+		// this cleanup is required to allow further tests to pass
+		doAPIDeleteRepository(user2APICtx)(t)
+	})
+}
+
 func createActionsTestRepo(t *testing.T, authToken, repoName string, isPrivate bool) *api.Repository {
 	req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos", &api.CreateRepoOption{
 		Name:          repoName,
diff --git a/tests/integration/actions_runner_test.go b/tests/integration/actions_runner_test.go
index 83e544464e..22191020dc 100644
--- a/tests/integration/actions_runner_test.go
+++ b/tests/integration/actions_runner_test.go
@@ -72,10 +72,24 @@ func (r *mockRunner) doPing(t *testing.T) {
 func (r *mockRunner) doRegister(t *testing.T, name, token string, labels []string) {
 	r.doPing(t)
 	resp, err := r.client.runnerServiceClient.Register(t.Context(), connect.NewRequest(&runnerv1.RegisterRequest{
-		Name:    name,
-		Token:   token,
-		Version: "mock-runner-version",
-		Labels:  labels,
+		Name:      name,
+		Token:     token,
+		Version:   "mock-runner-version",
+		Labels:    labels,
+		Ephemeral: false,
+	}))
+	require.NoError(t, err)
+	r.client = newMockRunnerClient(resp.Msg.Runner.Uuid, resp.Msg.Runner.Token)
+}
+
+func (r *mockRunner) doRegisterEphemeral(t *testing.T, name, token string, labels []string) {
+	r.doPing(t)
+	resp, err := r.client.runnerServiceClient.Register(t.Context(), connect.NewRequest(&runnerv1.RegisterRequest{
+		Name:      name,
+		Token:     token,
+		Version:   "mock-runner-version",
+		Labels:    labels,
+		Ephemeral: true,
 	}))
 	require.NoError(t, err)
 	r.client = newMockRunnerClient(resp.Msg.Runner.Uuid, resp.Msg.Runner.Token)
@@ -96,6 +110,21 @@ func (r *mockRunner) registerAsRepoRunner(t *testing.T, ownerName, repoName, run
 	r.doRegister(t, runnerName, registrationToken.Token, labels)
 }
 
+func (r *mockRunner) registerAsEphemeralRepoRunner(t *testing.T, ownerName, repoName, runnerName string, labels []string) {
+	if !setting.Database.Type.IsSQLite3() {
+		assert.FailNow(t, "registering a mock runner when using a database other than SQLite leaves leftovers")
+	}
+	session := loginUser(t, ownerName)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+	req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners/registration-token", ownerName, repoName)).AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var registrationToken struct {
+		Token string `json:"token"`
+	}
+	DecodeJSON(t, resp, &registrationToken)
+	r.doRegisterEphemeral(t, runnerName, registrationToken.Token, labels)
+}
+
 func (r *mockRunner) maybeFetchTask(t *testing.T) *runnerv1.Task {
 	resp, err := r.client.runnerServiceClient.FetchTask(t.Context(), connect.NewRequest(&runnerv1.FetchTaskRequest{
 		TasksVersion: r.lastTasksVersion,
diff --git a/tests/integration/api_admin_actions_test.go b/tests/integration/api_admin_actions_test.go
index 10e4660caa..02644401fd 100644
--- a/tests/integration/api_admin_actions_test.go
+++ b/tests/integration/api_admin_actions_test.go
@@ -226,12 +226,25 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 			Labels:      []string{"fedora"},
 			Status:      "offline",
 		}
+		runnerFive := &api.ActionRunner{
+			ID:          130795,
+			UUID:        "16ca1a5c-8024-41f1-be31-e55830263cc6",
+			Name:        "runner-5-ephemeral",
+			Version:     "1.0.0",
+			OwnerID:     0,
+			RepoID:      0,
+			Description: "An ephemeral runner",
+			Labels:      []string{"ephemeral-label"},
+			Status:      "offline",
+			Ephemeral:   true,
+		}
 
 		// There are more runners in the result that originate from the global fixtures. The test ignores them to limit
 		// the impact of unrelated changes.
 		assert.Contains(t, runners, runnerOne)
 		assert.Contains(t, runners, runnerTwo)
 		assert.Contains(t, runners, runnerThree)
+		assert.Contains(t, runners, runnerFive)
 	})
 
 	t.Run("Get runners paginated", func(t *testing.T) {
@@ -293,6 +306,30 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		assert.Equal(t, runnerFour, runner)
 	})
 
+	t.Run("Get ephemeral runner", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners/130795")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runner *api.ActionRunner
+		DecodeJSON(t, response, &runner)
+
+		expectedRunner := &api.ActionRunner{
+			ID:          130795,
+			UUID:        "16ca1a5c-8024-41f1-be31-e55830263cc6",
+			Name:        "runner-5-ephemeral",
+			Version:     "1.0.0",
+			OwnerID:     0,
+			RepoID:      0,
+			Description: "An ephemeral runner",
+			Labels:      []string{"ephemeral-label"},
+			Status:      "offline",
+			Ephemeral:   true,
+		}
+
+		assert.Equal(t, expectedRunner, runner)
+	})
+
 	t.Run("Delete global runner", func(t *testing.T) {
 		url := "/api/v1/admin/actions/runners/130791"
 
@@ -339,6 +376,7 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		assert.Positive(t, registerRunnerResponse.ID)
 		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
 		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
+		assert.False(t, registerRunnerResponse.Ephemeral)
 
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
@@ -351,6 +389,24 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		assert.Empty(t, registeredRunner.Version)
 		assert.NotEmpty(t, registeredRunner.TokenHash)
 		assert.NotEmpty(t, registeredRunner.TokenSalt)
+		assert.False(t, registeredRunner.Ephemeral)
+	})
+
+	t.Run("Register ephemeral runner", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "ephemeral-runner", Description: "Ephemeral runner", Ephemeral: true}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/admin/actions/runners", options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		assert.True(t, registerRunnerResponse.Ephemeral)
+
+		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
+		assert.True(t, registeredRunner.Ephemeral)
 	})
 
 	t.Run("Runner registration does not update runner with identical name", func(t *testing.T) {
diff --git a/tests/integration/api_org_actions_test.go b/tests/integration/api_org_actions_test.go
index c29798d03c..f21723a751 100644
--- a/tests/integration/api_org_actions_test.go
+++ b/tests/integration/api_org_actions_test.go
@@ -117,7 +117,7 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
 
-		assert.Equal(t, "2", response.Header().Get("X-Total-Count"))
+		assert.Equal(t, "3", response.Header().Get("X-Total-Count"))
 
 		var runners []*api.ActionRunner
 		DecodeJSON(t, response, &runners)
@@ -144,8 +144,20 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 			Labels:      []string{"fedora"},
 			Status:      "offline",
 		}
+		runnerFive := &api.ActionRunner{
+			ID:          655695,
+			UUID:        "0851ed0a-f0af-4a01-9b98-fc9bf9c1d332",
+			Name:        "runner-5-ephemeral",
+			Version:     "1.0.0",
+			OwnerID:     3,
+			RepoID:      0,
+			Description: "An ephemeral runner",
+			Labels:      []string{"ephemeral-label"},
+			Status:      "offline",
+			Ephemeral:   true,
+		}
 
-		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
+		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree, runnerFive}, runners)
 	})
 
 	t.Run("Get runners paginated", func(t *testing.T) {
@@ -184,6 +196,30 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		assert.Equal(t, runnerOne, runner)
 	})
 
+	t.Run("Get ephemeral runner", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners/655695")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runner *api.ActionRunner
+		DecodeJSON(t, response, &runner)
+
+		expectedRunner := &api.ActionRunner{
+			ID:          655695,
+			UUID:        "0851ed0a-f0af-4a01-9b98-fc9bf9c1d332",
+			Name:        "runner-5-ephemeral",
+			Version:     "1.0.0",
+			OwnerID:     3,
+			RepoID:      0,
+			Description: "An ephemeral runner",
+			Labels:      []string{"ephemeral-label"},
+			Status:      "offline",
+			Ephemeral:   true,
+		}
+
+		assert.Equal(t, expectedRunner, runner)
+	})
+
 	t.Run("Delete runner", func(t *testing.T) {
 		url := "/api/v1/orgs/org3/actions/runners/655691"
 
@@ -214,6 +250,7 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		assert.Positive(t, registerRunnerResponse.ID)
 		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
 		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
+		assert.False(t, registerRunnerResponse.Ephemeral)
 
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
@@ -226,6 +263,24 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		assert.Empty(t, registeredRunner.Version)
 		assert.NotEmpty(t, registeredRunner.TokenHash)
 		assert.NotEmpty(t, registeredRunner.TokenSalt)
+		assert.False(t, registeredRunner.Ephemeral)
+	})
+
+	t.Run("Register ephemeral runner", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "ephemeral-runner", Description: "Ephemeral runner", Ephemeral: true}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/orgs/org3/actions/runners", options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		assert.True(t, registerRunnerResponse.Ephemeral)
+
+		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
+		assert.True(t, registeredRunner.Ephemeral)
 	})
 
 	t.Run("Runner registration does not update runner with identical name", func(t *testing.T) {
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index 896eacb106..35cbc5d864 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -398,7 +398,7 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
 
-		assert.Equal(t, "2", response.Header().Get("X-Total-Count"))
+		assert.Equal(t, "3", response.Header().Get("X-Total-Count"))
 
 		var runners []*api.ActionRunner
 		DecodeJSON(t, response, &runners)
@@ -425,8 +425,20 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 			Labels:      []string{"fedora"},
 			Status:      "offline",
 		}
+		runnerFive := &api.ActionRunner{
+			ID:          899255,
+			UUID:        "96639646-67b2-4bcb-9142-fde1ab8498cf",
+			Name:        "runner-5-repository-ephemeral",
+			Version:     "1.0.0",
+			OwnerID:     0,
+			RepoID:      62,
+			Description: "An ephemeral runner",
+			Labels:      []string{"ephemeral-label"},
+			Status:      "offline",
+			Ephemeral:   true,
+		}
 
-		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
+		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree, runnerFive}, runners)
 	})
 
 	t.Run("Get runners paginated", func(t *testing.T) {
@@ -465,6 +477,30 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		assert.Equal(t, runnerOne, runner)
 	})
 
+	t.Run("Get ephemeral runner", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners/899255")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runner *api.ActionRunner
+		DecodeJSON(t, response, &runner)
+
+		expectedRunner := &api.ActionRunner{
+			ID:          899255,
+			UUID:        "96639646-67b2-4bcb-9142-fde1ab8498cf",
+			Name:        "runner-5-repository-ephemeral",
+			Version:     "1.0.0",
+			OwnerID:     0,
+			RepoID:      62,
+			Description: "An ephemeral runner",
+			Labels:      []string{"ephemeral-label"},
+			Status:      "offline",
+			Ephemeral:   true,
+		}
+
+		assert.Equal(t, expectedRunner, runner)
+	})
+
 	t.Run("Delete runner", func(t *testing.T) {
 		url := "/api/v1/repos/user2/test_workflows/actions/runners/899253"
 
@@ -496,6 +532,7 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		assert.Positive(t, registerRunnerResponse.ID)
 		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
 		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
+		assert.False(t, registerRunnerResponse.Ephemeral)
 
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
@@ -508,6 +545,25 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		assert.Empty(t, registeredRunner.Version)
 		assert.NotEmpty(t, registeredRunner.TokenHash)
 		assert.NotEmpty(t, registeredRunner.TokenSalt)
+		assert.False(t, registeredRunner.Ephemeral)
+	})
+
+	t.Run("Register ephemeral runner", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "ephemeral-runner", Description: "Ephemeral runner", Ephemeral: true}
+
+		requestURL := fmt.Sprintf("/api/v1/repos/%s/%s/actions/runners", repo1.OwnerName, repo1.Name)
+		request := NewRequestWithJSON(t, "POST", requestURL, options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		assert.True(t, registerRunnerResponse.Ephemeral)
+
+		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
+		assert.True(t, registeredRunner.Ephemeral)
 	})
 
 	t.Run("Runner registration does not update runner with identical name", func(t *testing.T) {
diff --git a/tests/integration/api_user_actions_test.go b/tests/integration/api_user_actions_test.go
index 73a4060c0c..bdb763d5b2 100644
--- a/tests/integration/api_user_actions_test.go
+++ b/tests/integration/api_user_actions_test.go
@@ -115,7 +115,7 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		request.AddTokenAuth(readToken)
 		response := MakeRequest(t, request, http.StatusOK)
 
-		assert.Equal(t, "2", response.Header().Get("X-Total-Count"))
+		assert.Equal(t, "3", response.Header().Get("X-Total-Count"))
 
 		var runners []*api.ActionRunner
 		DecodeJSON(t, response, &runners)
@@ -142,8 +142,20 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 			Labels:      []string{"fedora"},
 			Status:      "offline",
 		}
+		runnerFive := &api.ActionRunner{
+			ID:          71305,
+			UUID:        "3ca04a95-3e75-4e48-8b7a-63427ebcf3b8",
+			Name:        "runner-5-user-ephemeral",
+			Version:     "1.0.0",
+			OwnerID:     2,
+			RepoID:      0,
+			Description: "An ephemeral runner",
+			Labels:      []string{"ephemeral-label"},
+			Status:      "offline",
+			Ephemeral:   true,
+		}
 
-		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree}, runners)
+		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree, runnerFive}, runners)
 	})
 
 	t.Run("Get runners paginated", func(t *testing.T) {
@@ -182,6 +194,30 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		assert.Equal(t, runnerThree, runner)
 	})
 
+	t.Run("Get ephemeral runner", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/user/actions/runners/71305")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runner *api.ActionRunner
+		DecodeJSON(t, response, &runner)
+
+		expectedRunner := &api.ActionRunner{
+			ID:          71305,
+			UUID:        "3ca04a95-3e75-4e48-8b7a-63427ebcf3b8",
+			Name:        "runner-5-user-ephemeral",
+			Version:     "1.0.0",
+			OwnerID:     2,
+			RepoID:      0,
+			Description: "An ephemeral runner",
+			Labels:      []string{"ephemeral-label"},
+			Status:      "offline",
+			Ephemeral:   true,
+		}
+
+		assert.Equal(t, expectedRunner, runner)
+	})
+
 	t.Run("Delete runner", func(t *testing.T) {
 		url := "/api/v1/user/actions/runners/71303"
 
@@ -212,6 +248,7 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		assert.Positive(t, registerRunnerResponse.ID)
 		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
 		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
+		assert.False(t, registerRunnerResponse.Ephemeral)
 
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
@@ -224,6 +261,24 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		assert.Empty(t, registeredRunner.Version)
 		assert.NotEmpty(t, registeredRunner.TokenHash)
 		assert.NotEmpty(t, registeredRunner.TokenSalt)
+		assert.False(t, registeredRunner.Ephemeral)
+	})
+
+	t.Run("Register ephemeral runner", func(t *testing.T) {
+		options := api.RegisterRunnerOptions{Name: "ephemeral-runner", Description: "Ephemeral runner", Ephemeral: true}
+
+		request := NewRequestWithJSON(t, "POST", "/api/v1/user/actions/runners", options)
+		request.AddTokenAuth(writeToken)
+		response := MakeRequest(t, request, http.StatusCreated)
+
+		var registerRunnerResponse *api.RegisterRunnerResponse
+		DecodeJSON(t, response, &registerRunnerResponse)
+
+		assert.True(t, registerRunnerResponse.Ephemeral)
+
+		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
+		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
+		assert.True(t, registeredRunner.Ephemeral)
 	})
 
 	t.Run("Runner registration does not update runner with identical name", func(t *testing.T) {
diff --git a/tests/integration/ephemeral_actions_runner_deletion_test.go b/tests/integration/ephemeral_actions_runner_deletion_test.go
new file mode 100644
index 0000000000..9e995c4864
--- /dev/null
+++ b/tests/integration/ephemeral_actions_runner_deletion_test.go
@@ -0,0 +1,170 @@
+// Copyright 2025 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"context"
+	"net/url"
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	org_model "forgejo.org/models/organization"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/util"
+	actions_service "forgejo.org/services/actions"
+	org_service "forgejo.org/services/org"
+	repo_service "forgejo.org/services/repository"
+	user_service "forgejo.org/services/user"
+
+	runnerv1 "code.forgejo.org/forgejo/actions-proto/runner/v1"
+	"connectrpc.com/connect"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// Test that the ephemeral runner is deleted when the task is finished
+func TestEphemeralRunnerDeletionByTaskCompletion(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		t.Skip()
+	}
+
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestEphemeralRunner")()
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		// Verify runner exists before the test
+		runner, err := actions_model.GetRunnerByID(context.Background(), 10000008)
+		require.NoError(t, err)
+		require.NotNil(t, runner)
+		require.True(t, runner.Ephemeral, "runner should be ephemeral")
+
+		// Verify task exists and is running
+		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 10054})
+		assert.Equal(t, actions_model.StatusRunning, task.Status)
+		assert.Equal(t, int64(10000008), task.RunnerID)
+
+		// Token can be found in models/fixtures/action_runner.yml with id: 10000008
+		runnerClient := newMockRunnerClient(
+			runner.UUID,
+			"mysuuupersecrettoekn",
+		)
+
+		// Finish the Task
+		resp, err := runnerClient.runnerServiceClient.UpdateTask(
+			context.Background(),
+			connect.NewRequest(&runnerv1.UpdateTaskRequest{
+				State: &runnerv1.TaskState{
+					Id:     task.ID,
+					Result: runnerv1.Result_RESULT_SUCCESS,
+				},
+			}),
+		)
+		require.NoError(t, err)
+		require.NotNil(t, resp)
+		assert.Equal(t, runnerv1.Result_RESULT_SUCCESS, resp.Msg.State.Result)
+
+		// Expect the ephemeral runner has been deleted
+		_, err = actions_model.GetRunnerByID(context.Background(), 10000008)
+		assert.ErrorIs(t, err, util.ErrNotExist, "ephemeral runner should be deleted after task completion")
+	})
+}
+
+func TestEphemeralRunnerDeletedByTaskZombieCleanup(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		t.Skip()
+	}
+
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestEphemeralRunner")()
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		// Verify runner exists before the test
+		runner, err := actions_model.GetRunnerByID(context.Background(), 10000011)
+		require.NoError(t, err)
+		require.NotNil(t, runner)
+		require.True(t, runner.Ephemeral, "runner should be ephemeral")
+
+		// Verify zombie task exists and is running
+		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 10055})
+		assert.Equal(t, actions_model.StatusRunning, task.Status)
+		assert.Equal(t, int64(10000011), task.RunnerID)
+
+		// Run zombie task cleanup
+		err = actions_service.StopZombieTasks(context.Background())
+		require.NoError(t, err)
+
+		// Expect the ephemeral runner has been deleted
+		_, err = actions_model.GetRunnerByID(context.Background(), 10000011)
+		assert.ErrorIs(t, err, util.ErrNotExist, "ephemeral runner should be deleted after zombie task cleanup")
+	})
+}
+
+func TestEphemeralRunnerDeletionOnRepositoryDeletion(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		t.Skip()
+	}
+
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestEphemeralRunner")()
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		runner, err := actions_model.GetRunnerByID(t.Context(), 10000008)
+		require.NoError(t, err)
+		assert.Equal(t, int64(0), runner.OwnerID, "runner should not start in user scope")
+		assert.NotEqual(t, int64(0), runner.RepoID, "runner should start in repo scope")
+
+		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 10054})
+		assert.Equal(t, actions_model.StatusRunning, task.Status)
+
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+		err = repo_service.DeleteRepositoryDirectly(t.Context(), user, task.RepoID, true)
+		require.NoError(t, err)
+
+		_, err = actions_model.GetRunnerByID(t.Context(), 10000008)
+		assert.ErrorIs(t, err, util.ErrNotExist)
+	})
+}
+
+// Test that the ephemeral runner is deleted when a user is deleted
+func TestEphemeralRunnerDeletionOnUserDeletion(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		t.Skip()
+	}
+
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestEphemeralRunner")()
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		runner, err := actions_model.GetRunnerByID(t.Context(), 10000012)
+		require.NoError(t, err)
+		assert.NotEqual(t, int64(0), runner.OwnerID, "runner should start in user scope")
+		assert.Equal(t, int64(0), runner.RepoID, "runner should not start in repo scope")
+
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		err = user_service.DeleteUser(t.Context(), user, true)
+		require.NoError(t, err)
+
+		unittest.AssertNotExistsBean(t, runner)
+	})
+}
+
+// Test that the ephemeral runner is deleted when an organization is deleted
+func TestEphemeralRunnerDeletionOnOrgDeletion(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		t.Skip()
+	}
+
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestEphemeralRunner")()
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		runner, err := actions_model.GetRunnerByID(t.Context(), 10000013)
+		require.NoError(t, err)
+		assert.NotEqual(t, int64(0), runner.OwnerID, "runner should start in org scope")
+		assert.Equal(t, int64(0), runner.RepoID, "runner should not start in repo scope")
+
+		org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{ID: runner.OwnerID})
+		err = org_service.DeleteOrganization(t.Context(), org, true)
+		require.NoError(t, err)
+
+		unittest.AssertNotExistsBean(t, runner)
+	})
+}
diff --git a/tests/integration/fixtures/TestAPIGlobalActionsRunnerOperations/action_runner.yml b/tests/integration/fixtures/TestAPIGlobalActionsRunnerOperations/action_runner.yml
index ef16984be0..3054b236fb 100644
--- a/tests/integration/fixtures/TestAPIGlobalActionsRunnerOperations/action_runner.yml
+++ b/tests/integration/fixtures/TestAPIGlobalActionsRunnerOperations/action_runner.yml
@@ -33,4 +33,14 @@
   repo_id: 62
   description: ""
   agent_labels: ["nixos"]
-  deleted: 0
\ No newline at end of file
+  deleted: 0
+- id: 130795
+  uuid: "16ca1a5c-8024-41f1-be31-e55830263cc6"
+  name: "runner-5-ephemeral"
+  version: "1.0.0"
+  owner_id: 0
+  repo_id: 0
+  description: "An ephemeral runner"
+  agent_labels: ["ephemeral-label"]
+  ephemeral: true
+  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIOrgActionsRunnerOperations/action_runner.yml b/tests/integration/fixtures/TestAPIOrgActionsRunnerOperations/action_runner.yml
index f39cac24be..c469099e03 100644
--- a/tests/integration/fixtures/TestAPIOrgActionsRunnerOperations/action_runner.yml
+++ b/tests/integration/fixtures/TestAPIOrgActionsRunnerOperations/action_runner.yml
@@ -34,3 +34,13 @@
   description: ""
   agent_labels: []
   deleted: 0
+- id: 655695
+  uuid: "0851ed0a-f0af-4a01-9b98-fc9bf9c1d332"
+  name: "runner-5-ephemeral"
+  version: "1.0.0"
+  owner_id: 3
+  repo_id: 0
+  description: "An ephemeral runner"
+  agent_labels: ["ephemeral-label"]
+  ephemeral: true
+  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIRepoActionsRunnerOperations/action_runner.yml b/tests/integration/fixtures/TestAPIRepoActionsRunnerOperations/action_runner.yml
index 1f1edb919e..808448d772 100644
--- a/tests/integration/fixtures/TestAPIRepoActionsRunnerOperations/action_runner.yml
+++ b/tests/integration/fixtures/TestAPIRepoActionsRunnerOperations/action_runner.yml
@@ -34,3 +34,13 @@
   description: ""
   agent_labels: []
   deleted: 0
+- id: 899255
+  uuid: "96639646-67b2-4bcb-9142-fde1ab8498cf"
+  name: "runner-5-repository-ephemeral"
+  version: "1.0.0"
+  owner_id: 0
+  repo_id: 62
+  description: "An ephemeral runner"
+  agent_labels: ["ephemeral-label"]
+  ephemeral: true
+  deleted: 0
diff --git a/tests/integration/fixtures/TestAPIUserActionsRunnerOperations/action_runner.yml b/tests/integration/fixtures/TestAPIUserActionsRunnerOperations/action_runner.yml
index be6ace174f..3bafcc4546 100644
--- a/tests/integration/fixtures/TestAPIUserActionsRunnerOperations/action_runner.yml
+++ b/tests/integration/fixtures/TestAPIUserActionsRunnerOperations/action_runner.yml
@@ -34,3 +34,13 @@
   description: ""
   agent_labels: []
   deleted: 0
+- id: 71305
+  uuid: "3ca04a95-3e75-4e48-8b7a-63427ebcf3b8"
+  name: "runner-5-user-ephemeral"
+  version: "1.0.0"
+  owner_id: 2
+  repo_id: 0
+  description: "An ephemeral runner"
+  agent_labels: ["ephemeral-label"]
+  ephemeral: true
+  deleted: 0
diff --git a/tests/integration/fixtures/TestEphemeralRunner/action_run.yml b/tests/integration/fixtures/TestEphemeralRunner/action_run.yml
new file mode 100644
index 0000000000..0ea5927b5c
--- /dev/null
+++ b/tests/integration/fixtures/TestEphemeralRunner/action_run.yml
@@ -0,0 +1,61 @@
+-
+  id: 10895
+  title: "running workflow_dispatch run"
+  repo_id: 64
+  owner_id: 3
+  workflow_id: "running.yaml"
+  index: 3
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "c2d72f548424103f01ee1dc02889c1e2bff816b0"
+  event: "workflow_dispatch"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  event_payload: '{}'
+
+-
+  id: 10896
+  title: "running workflow_dispatch run"
+  repo_id: 64
+  owner_id: 3
+  workflow_id: "running.yaml"
+  index: 4
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "c2d72f548424103f01ee1dc02889c1e2bff816b0"
+  event: "workflow_dispatch"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
+  event_payload: '{}'
+
+-
+  id: 10897
+  title: "waiting workflow for user runner scope test"
+  repo_id: 64
+  owner_id: 10
+  workflow_id: "waiting.yaml"
+  index: 5
+  trigger_user_id: 10
+  ref: "refs/heads/main"
+  commit_sha: "c2d72f548424103f01ee1dc02889c1e2bff816b0"
+  event: "push"
+  is_fork_pull_request: 0
+  status: 5 # waiting
+  started: 0
+  created: 1683636108
+  updated: 1683636108
+  need_approval: 0
+  approved_by: 0
+  event_payload: '{"head_commit":{"id":"c2d72f548424103f01ee1dc02889c1e2bff816b0"}}'
diff --git a/tests/integration/fixtures/TestEphemeralRunner/action_run_job.yml b/tests/integration/fixtures/TestEphemeralRunner/action_run_job.yml
new file mode 100644
index 0000000000..7b834cfbab
--- /dev/null
+++ b/tests/integration/fixtures/TestEphemeralRunner/action_run_job.yml
@@ -0,0 +1,46 @@
+-
+  id: 10398
+  run_id: 10895
+  repo_id: 64
+  owner_id: 3
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: 0
+  name: job_3
+  attempt: 1
+  job_id: job_3
+  runs_on: '["fedora"]'
+  task_id: 10054
+  status: 6
+  started: 1683636528
+  stopped: 1683636626
+-
+  id: 10399
+  run_id: 10896
+  repo_id: 64
+  owner_id: 3
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: 0
+  name: job_3
+  runs_on: '["fedora"]'
+  attempt: 1
+  job_id: job_3
+  task_id: 10055
+  status: 6
+  started: 1683636528
+  stopped: 1683636626
+-
+  id: 10401
+  run_id: 10897
+  repo_id: 64
+  owner_id: 10
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: 0
+  name: job_for_ephemeral_runner_test
+  attempt: 0
+  job_id: job_ephemeral_test
+  task_id: 0
+  status: 5
+  runs_on: '["job_for_org_runner_scope_test"]'
+  workflow_payload: '{"jobs":{"job_ephemeral_test":{"runs-on":["job_for_org_runner_scope_test"],"steps":[{"run":"echo test"}]}}}'
+  started: 0
+  stopped: 0
diff --git a/tests/integration/fixtures/TestEphemeralRunner/action_runner.yml b/tests/integration/fixtures/TestEphemeralRunner/action_runner.yml
new file mode 100644
index 0000000000..ed86f5d47d
--- /dev/null
+++ b/tests/integration/fixtures/TestEphemeralRunner/action_runner.yml
@@ -0,0 +1,75 @@
+-
+  id: 10000008
+  name: ephemeral_runner_to_be_deleted
+  uuid: 3FF231BD-FBB7-4E4B-9602-E6F28363EF20
+  token_hash: e379fa0089b8829085497fd5231f170f4e5ab44fa3dc7c4e2b5b5ce72e01fab2930d9e2ea3a65183f2db93c00e3a3dc9cae2
+  token_salt: saltysaltsalt
+  # token: mysuuupersecrettoekn
+  ephemeral: true
+  version: "1.0.0"
+  owner_id: 0
+  repo_id: 64
+  description: "This runner is going to be deleted"
+  agent_labels: '["job_for_org_runner_scope_test"]'
+- # ephemeral org runner for scope change test
+  id: 10000010
+  name: ephemeral_org_runner_for_scope_test
+  uuid: a1b2c3d4-e5f6-4a5b-8c9d-0e1f2a3b4c5d
+  token_hash: c0ff52ff7e163e2bd7ed8654858d4532b7852f767347c413b50deed646886e3255d56f232785cab6bdc1eb667707eaa1e70e
+  token_salt: saltysaltsalt
+  # token: 379fa0089b8829085497fd5231f170f4e
+  ephemeral: true
+  version: "1.0.0"
+  owner_id: 10
+  repo_id: 0
+  description: "Ephemeral org runner for testing scope change"
+  agent_labels: '["job_for_org_runner_scope_test"]'
+  created: 1716104432
+  updated: 1716104432
+  deleted: ~
+- # ephemeral runner for zombie task test
+  id: 10000011
+  name: ephemeral_runner_for_zombie_test
+  uuid: b2c3d4e5-f6a7-5b6c-9d0e-1f2a3b4c5d6e
+  token_hash: notvalid
+  token_salt: notvalid
+  ephemeral: true
+  version: "1.0.0"
+  owner_id: 0
+  repo_id: 64
+  description: "Ephemeral runner for testing zombie cleanup"
+  agent_labels: '["zombie-test"]'
+  created: 1716104432
+  updated: 1716104432
+  deleted: ~
+- # ephemeral user-scoped runner for user deletion test
+  id: 10000012
+  name: ephemeral_user_runner_for_deletion_test
+  uuid: c3d4e5f6-a7b8-6c7d-0e1f-2a3b4c5d6e7f
+  token_hash: f480ga1190c9930196508ge6342g271g5f6bc56c878458d524c61feff757f8746166e67c343896dbc7cde2fc778808fbb2f81
+  token_salt: saltysaltsalt
+  # token: userdeletiontoken123456
+  ephemeral: true
+  version: "1.0.0"
+  owner_id: 2
+  repo_id: 0
+  description: "Ephemeral user runner for testing user deletion"
+  agent_labels: '["user-deletion-test"]'
+  created: 1716104432
+  updated: 1716104432
+  deleted: ~
+- id: 10000013
+  name: ephemeral_org_runner_for_deletion_test
+  uuid: d4e5f6a7-b8c9-7d8e-1f2a-3b4c5d6e7f8a
+  token_hash: fix-the-hash-if-you-want-to-use-runner-api
+  token_salt: saltysaltsalt
+  # token: orgdeletiontoken123456
+  ephemeral: true
+  version: "1.0.0"
+  owner_id: 3
+  repo_id: 0
+  description: "Ephemeral org runner for testing org deletion"
+  agent_labels: '["org-deletion-test"]'
+  created: 1716104432
+  updated: 1716104432
+  deleted: ~
diff --git a/tests/integration/fixtures/TestEphemeralRunner/action_task.yml b/tests/integration/fixtures/TestEphemeralRunner/action_task.yml
new file mode 100644
index 0000000000..2352df3ecd
--- /dev/null
+++ b/tests/integration/fixtures/TestEphemeralRunner/action_task.yml
@@ -0,0 +1,41 @@
+-
+  id: 10054
+  job_id: 10398
+  attempt: 1
+  runner_id: 10000008
+  status: 6 # running
+  started: 1683636528
+  stopped: 1683636626
+  repo_id: 64
+  owner_id: 3
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: 0
+  token_hash: f8d3962425466b6709b9ac51446f93260c54afe8e7b6d3686e34f991fb8a8953822b0deed86fe41a103f34bc48dbc4784222
+  token_salt: ffffffffff
+  token_last_eight: ffffffff
+  log_filename: artifact-test2/2f/47.log
+  log_in_storage: 1
+  log_length: 707
+  log_size: 90179
+  log_expired: 0
+-
+  id: 10055
+  job_id: 10399
+  attempt: 1
+  runner_id: 10000011
+  status: 6 # running
+  started: 946684810
+  stopped: 0
+  repo_id: 64
+  owner_id: 3
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: 0
+  token_hash: a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0
+  token_salt: zombietask
+  token_last_eight: zombietk
+  log_filename: zombie-task/55.log
+  log_in_storage: 0
+  log_length: 100
+  log_size: 1000
+  log_expired: 0
+  updated: 946684810
diff --git a/tests/integration/fixtures/TestEphemeralRunner/repo_unit.yml b/tests/integration/fixtures/TestEphemeralRunner/repo_unit.yml
new file mode 100644
index 0000000000..4f219cb25a
--- /dev/null
+++ b/tests/integration/fixtures/TestEphemeralRunner/repo_unit.yml
@@ -0,0 +1,6 @@
+-
+  id: 121
+  repo_id: 64
+  type: 10
+  config: "{}"
+  created_unix: 946684810
diff --git a/tests/integration/fixtures/TestEphemeralRunner/repository.yml b/tests/integration/fixtures/TestEphemeralRunner/repository.yml
new file mode 100644
index 0000000000..dbd9c12460
--- /dev/null
+++ b/tests/integration/fixtures/TestEphemeralRunner/repository.yml
@@ -0,0 +1,28 @@
+
+-
+  id: 64
+  owner_id: 10
+  owner_name: user10
+  lower_name: test_ephemeral_runner
+  name: test_ephemeral_runner
+  default_branch: main
+  num_watches: 0
+  num_stars: 0
+  num_forks: 0
+  num_milestones: 0
+  num_closed_milestones: 0
+  num_projects: 0
+  num_closed_projects: 0
+  is_private: false
+  is_empty: false
+  is_archived: false
+  is_mirror: false
+  status: 0
+  is_fork: false
+  fork_id: 0
+  is_template: false
+  template_id: 0
+  size: 0
+  is_fsck_enabled: true
+  close_issues_via_commit_in_any_branch: false
+  topics: '[]'

From 32c6f64f395fc53c781e10a68ad4c0f813130240 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Mon, 16 Feb 2026 23:03:19 +0100
Subject: [PATCH 338/854] fix(e2e): use empty user for overflow menu test
 (#11337)

Potentially fixes one of the E2E failures that started to occur lately where the last tab (Starred repos) can overflow on user2's profile on CI.

Replaced the user by the one that has no counters on the tabs.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11337
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 tests/e2e/right-settings-button.test.e2e.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/e2e/right-settings-button.test.e2e.ts b/tests/e2e/right-settings-button.test.e2e.ts
index 8daeddacf2..1e19fdae8c 100644
--- a/tests/e2e/right-settings-button.test.e2e.ts
+++ b/tests/e2e/right-settings-button.test.e2e.ts
@@ -50,7 +50,7 @@ test.describe('desktop viewport, unauthenticated', () => {
   test.use({viewport: {width: 1920, height: 300}});
 
   test('User overview overflow menu should not be influenced', async ({page}) => {
-    await page.goto('/user2');
+    await page.goto('/user8');
 
     await expect(page.locator('.overflow-menu-items>#settings-btn')).toHaveCount(0);
 

From f8a8dd2c2931acccccea077fae549273c119de46 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Tue, 17 Feb 2026 00:52:56 +0100
Subject: [PATCH 339/854] chore: remove `_old_uid` hack (#11277)

The virtual session code creates an in-memory session, and only upon release does it copy it to the actual session store. This makes a lot of sense to avoid operations on session stores with potentially high cost for I/O.

This commit removes a weird hack used in this code: virtual sessions were always created with an _old_uid=0 key/value pair, which was taken into account when checking if the session needed to be persisted.

As I could not find _any_ use of _old_uid in the code base, this looks like something worth removing.

The first ever mention of _old_uid is b33f7f792bf3a1a1e54639db94cc80b84f68ebfd and even there it is part of a
newly added file with no additional information. So likely code copied over from another project?

- no tests to add, remove or change
- not relevant for documentation
- not relevant for release notes

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11277
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 modules/session/virtual.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/modules/session/virtual.go b/modules/session/virtual.go
index 1c3e1c778b..1986ba64ad 100644
--- a/modules/session/virtual.go
+++ b/modules/session/virtual.go
@@ -64,7 +64,6 @@ func (o *VirtualSessionProvider) Read(sid string) (session.RawStore, error) {
 		return o.provider.Read(sid)
 	}
 	kv := make(map[any]any)
-	kv["_old_uid"] = "0"
 	return NewVirtualStore(o, sid, kv), nil
 }
 
@@ -159,7 +158,7 @@ func (s *VirtualStore) Release() error {
 	// Now need to lock the provider
 	s.p.lock.Lock()
 	defer s.p.lock.Unlock()
-	if oldUID, ok := s.data["_old_uid"]; (ok && (oldUID != "0" || len(s.data) > 1)) || (!ok && len(s.data) > 0) {
+	if len(s.data) > 0 {
 		// Now ensure that we don't exist!
 		realProvider := s.p.provider
 

From d4de6a4e5c6fd9150c781ee09e3d841d7ad2fd08 Mon Sep 17 00:00:00 2001
From: limiting-factor <limiting-factor@posteo.com>
Date: Tue, 17 Feb 2026 02:39:46 +0100
Subject: [PATCH 340/854] fix: UserTypeRemoteUser is an eligible organization
 member (#11326)

A [safeguard][0] was added to ensure a team member is not an organization. A [discussion][1] concluded that remote users should not yet be allowed to be team members, at least until it is implemented (by F3 or ActivityPub).

As [gof3 v3.11.25][2] has support for [teams][3], remote users need to be added as an eligible team member, otherwise compliance tests for the Forgejo internal driver [implementation][4] fail.

The IsUserByID function is renamed to IsAnEligibleTeamMemberByID to clarify its purpose. The TestIsUserConsistency is removed because the IsUser function is used in [an entirely different context][5] and there is no reason to ensure both are consistent. A unit test is added for IsAnEligibleTeamMemberByID as a replacement and also verifies organizations are not considered eligible.

[0]: https://codeberg.org/forgejo/forgejo/pulls/9757
[1]: https://codeberg.org/forgejo/forgejo/pulls/9757#issuecomment-7802255
[2]: https://code.forgejo.org/f3/gof3/releases/tag/v3.11.25
[3]: https://code.forgejo.org/f3/gof3/pulls/484/files
[4]: https://code.forgejo.org/forgefriends/forgefriends/commit/9c565a9b37ec88d1d6591289784ac003056e5b4d#diff-241521b6ebc5a1da660421daea23da1dd1086158
[5]: https://codeberg.org/forgejo/forgejo/src/commit/b66a76686d64d5b0b2062a9a8cc65c7bc68eac7e/routers/api/v1/api.go#L299-L308

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11326
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: limiting-factor <limiting-factor@posteo.com>
Co-committed-by: limiting-factor <limiting-factor@posteo.com>
---
 models/organization/org.go           |  4 +--
 models/organization/org_user.go      |  9 +++++++
 models/organization/org_user_test.go | 38 ++++++++++++++++++++++++++++
 models/user/user.go                  |  9 -------
 models/user/user_test.go             | 17 -------------
 5 files changed, 49 insertions(+), 28 deletions(-)

diff --git a/models/organization/org.go b/models/organization/org.go
index 82c3e0ea67..b6a7e8d1a0 100644
--- a/models/organization/org.go
+++ b/models/organization/org.go
@@ -510,10 +510,10 @@ func ChangeOrgUserStatus(ctx context.Context, orgID, uid int64, public bool) err
 
 // AddOrgUser adds new user to given organization.
 func AddOrgUser(ctx context.Context, orgID, uid int64) error {
-	isUser, err := user_model.IsUserByID(ctx, uid)
+	eligible, err := IsAnEligibleTeamMemberByID(ctx, uid)
 	if err != nil {
 		return err
-	} else if !isUser {
+	} else if !eligible {
 		return user_model.ErrUserWrongType{UID: uid}
 	}
 
diff --git a/models/organization/org_user.go b/models/organization/org_user.go
index 81671c5cf5..4c84fccbf3 100644
--- a/models/organization/org_user.go
+++ b/models/organization/org_user.go
@@ -112,6 +112,15 @@ func IsUserOrgOwner(ctx context.Context, users user_model.UserList, orgID int64)
 	return results
 }
 
+// Returns true if the given user ID is allowed to be a team member
+func IsAnEligibleTeamMemberByID(ctx context.Context, uid int64) (bool, error) {
+	return db.GetEngine(ctx).
+		Where("id=?", uid).
+		In("type", user_model.UserTypeIndividual, user_model.UserTypeBot, user_model.UserTypeRemoteUser).
+		Table("user").
+		Exist()
+}
+
 func loadOrganizationOwners(ctx context.Context, users user_model.UserList, orgID int64) (map[int64]*TeamUser, error) {
 	if len(users) == 0 {
 		return nil, nil
diff --git a/models/organization/org_user_test.go b/models/organization/org_user_test.go
index 4011e5df88..670a641214 100644
--- a/models/organization/org_user_test.go
+++ b/models/organization/org_user_test.go
@@ -162,3 +162,41 @@ func TestAddOrgUser(t *testing.T) {
 
 	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
 }
+
+func TestIsAnEligibleTeamMemberByID(t *testing.T) {
+	defer unittest.OverrideFixtures("models/user/fixtures/")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	for _, testCase := range []struct {
+		name     string
+		id       int64
+		eligible bool
+	}{
+		{
+			name:     "Regular user",
+			id:       1,
+			eligible: true,
+		},
+		{
+			name:     "Bot user",
+			id:       1042,
+			eligible: true,
+		},
+		{
+			name:     "Organization",
+			id:       3,
+			eligible: false,
+		},
+		{
+			name:     "F3 Remote user",
+			id:       1041,
+			eligible: true,
+		},
+	} {
+		t.Run(testCase.name, func(t *testing.T) {
+			eligible, err := organization.IsAnEligibleTeamMemberByID(t.Context(), testCase.id)
+			require.NoError(t, err)
+			assert.Equal(t, testCase.eligible, eligible)
+		})
+	}
+}
diff --git a/models/user/user.go b/models/user/user.go
index f962c19420..7e2101d7cc 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -464,15 +464,6 @@ func (u *User) IsUser() bool {
 	return u.Type == UserTypeIndividual || u.Type == UserTypeBot
 }
 
-// Returns true if the given user ID belongs to an actual user, not an organization
-func IsUserByID(ctx context.Context, uid int64) (bool, error) {
-	return db.GetEngine(ctx).
-		Where("id=?", uid).
-		In("type", UserTypeIndividual, UserTypeBot).
-		Table("user").
-		Exist()
-}
-
 // IsBot returns whether or not the user is of type bot
 func (u *User) IsBot() bool {
 	return u.Type == UserTypeBot
diff --git a/models/user/user_test.go b/models/user/user_test.go
index 4db253df18..d1af3a750f 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -1113,20 +1113,3 @@ func TestGetUserByEmailSimple(t *testing.T) {
 		assert.Nil(t, u)
 	})
 }
-
-func TestIsUserConsistency(t *testing.T) {
-	defer unittest.OverrideFixtures("models/user/fixtures/")()
-	require.NoError(t, unittest.PrepareTestDatabase())
-
-	test := func(userID int64) {
-		user, err := user_model.GetUserByID(t.Context(), userID)
-		require.NoError(t, err)
-		isUser, err := user_model.IsUserByID(t.Context(), userID)
-		require.NoError(t, err)
-		assert.Equal(t, user.IsUser(), isUser)
-	}
-
-	test(1)
-	test(1041)
-	test(1042)
-}

From a81fc2a29048dad1930bd0e6a70ded82724772b0 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Tue, 17 Feb 2026 02:41:40 +0100
Subject: [PATCH 341/854] chore: move backend-checks CI checks to Makefile:
 `make pr-go` (#11053)

This is to have a simple and consistent make target for developers to locally run the checks which the CI will also run. The goal is to avoid wasting review cycles on CI failures.

To have a single source of truth, the CI is adjusted to call the same make target. Additional checks should no longer be added to the CI workflow, but rather to the makefile.

The pull request template is adjusted to remind of running this make target.

CI output is improved by using a simple bash script which uses sed to add `##[group]` tags to "make --debug=b" output and filter out messages which usually do not contribute to understanding. While this approach has limits and depends on the specific debug output format of GNU make, it avoids adjusting the makefile itself for additional CI beautification, contributing to maintainability.

- no tests needed (this is purely a build change)
- docs: hint added to PR template
- no release notes needed

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11053
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 .forgejo/pull_request_template.md | 11 ++++++++++-
 .forgejo/workflows/testing.yml    |  6 ++++--
 Makefile                          |  5 +++++
 tools/cimake.sh                   | 19 +++++++++++++++++++
 4 files changed, 38 insertions(+), 3 deletions(-)
 create mode 100755 tools/cimake.sh

diff --git a/.forgejo/pull_request_template.md b/.forgejo/pull_request_template.md
index a0f74ae31d..44c28e333e 100644
--- a/.forgejo/pull_request_template.md
+++ b/.forgejo/pull_request_template.md
@@ -12,11 +12,20 @@ labels:
 
 The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
 
-### Tests
+### Tests for Go changes
+
+(can be removed for JavaScript changes)
 
 - I added test coverage for Go changes...
   - [ ] in their respective `*_test.go` for unit tests.
   - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
+- I ran...
+  - [ ] `make pr-go` before pushing
+
+### Tests for JavaScript changes
+
+(can be removed for Go changes)
+
 - I added test coverage for JavaScript changes...
   - [ ] in `web_src/js/*.test.js` if it can be unit tested.
   - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index 709ab71e18..f9cce74258 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -24,8 +24,10 @@ jobs:
           EOF
       - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
-      - run: su forgejo -c 'make deps-backend deps-tools'
-      - run: su forgejo -c 'make --always-make -j$(nproc) lint-backend tidy-check swagger-check lint-swagger fmt-check swagger-validate' # ensure the "go-licenses" make target runs
+      # DO NOT add checks here, but rather in the makefile
+      - run: su forgejo -c './tools/cimake.sh pr-go'
+      # this will re-run the backend target also contained in pr-go, but
+      # a re-build is insignificant
       - uses: ./.forgejo/workflows-composite/build-backend
   frontend-checks:
     if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
diff --git a/Makefile b/Makefile
index aa96922bf5..99670829bb 100644
--- a/Makefile
+++ b/Makefile
@@ -520,6 +520,11 @@ security-check:
 tsc: node_modules
 	npx tsc --noEmit
 
+# target for PRs to be pushed. Mandatory to succeed in CI
+.PHONY: pr-go
+pr-go: deps-backend deps-tools lint-backend tidy-check swagger-check lint-swagger fmt-check swagger-validate
+	TAGS=bindata $(MAKE) backend
+
 ###
 # Development and testing targets
 ###
diff --git a/tools/cimake.sh b/tools/cimake.sh
new file mode 100755
index 0000000000..438745e32e
--- /dev/null
+++ b/tools/cimake.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# GNU make wrapper for invocation from ci to generate grouping of output
+
+# pipefail: fail if make fails, because sed will not
+set -euo pipefail
+
+script='
+  /^ *Prerequisite .* is newer than target /d;
+  /^ * File .* does not exist/d;
+  /^ *Must remake target/ s:^ *Must remake target:\#\#[group]:;
+  /^ *Successfully remade target/ s:^ *Successfully remade target file:\#\#[endgroup]:;
+  '
+
+echo 'NOTICE: This is post-processed make output with some messages suppressed'
+echo
+
+# -O is important to not mix up output for parallel makes
+exec make --debug=b -O -j$(nproc) "$@" 2>&1 | sed -u -e "${script}"

From f8bee35e7717e33a8dc122b038dd6335a198449c Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Tue, 17 Feb 2026 04:28:27 +0100
Subject: [PATCH 342/854] fix(i18n): unhardcode label exclusion tooltips
 (#11333)

Followup to #10702 where two new strings were hardcoded in the template.

## Changes

- added as translatable strings
- made the template use a variable to avoid making it a long unreadable
- an unrelated change where tests related to this area of the template are moved to a separate file
    - they were created in Forgejo: c92b4b12c84bc53dff4bb3a47b90cb8acef3493e, 192177fc88169a394fd194f1046b7fe8e6210901

## Testing

Testing translations of all individual strings is considered not needed.

Added test for tmpl logic which was missing and that I've touched.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11333
Reviewed-by: Luis Adame <luisadame@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 options/locale_next/locale_en-US.json        |   2 +
 templates/shared/label_filter.tmpl           |   7 +-
 tests/integration/issue_list_filters_test.go | 360 +++++++++++++++++++
 tests/integration/repo_test.go               | 329 -----------------
 4 files changed, 368 insertions(+), 330 deletions(-)
 create mode 100644 tests/integration/issue_list_filters_test.go

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 624492d532..f8162be167 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -59,6 +59,8 @@
 	"repo.issues.filter_modified.hint": "Filter by last modified date",
 	"repo.issues.filter_sort.hint": "Sort by: created/comments/updated/deadline",
 	"issues.updated": "updated %s",
+	"issues.filters.labels.exclude": "Exclude label",
+	"issues.filters.labels.unexclude": "Clear exclusion",
 	"repo.pulls.poster_manage_approval": "Manage approval",
 	"repo.pulls.poster_requires_approval": "Some workflows are <a href=\"%[1]s\">waiting to be reviewed.</a>",
 	"repo.pulls.poster_requires_approval.tooltip": "The author of this pull request is not trusted to run workflows triggered by a pull request created from a forked repository or with AGit. The workflows triggered by a `pull_request` event will not run until they are approved.",
diff --git a/templates/shared/label_filter.tmpl b/templates/shared/label_filter.tmpl
index aa9a16f531..1a086a2395 100644
--- a/templates/shared/label_filter.tmpl
+++ b/templates/shared/label_filter.tmpl
@@ -43,7 +43,12 @@
 					{{RenderLabel ctx .}}
 				</a>
 				{{template "repo/issue/labels/label_archived" .}}
-				<button type="button" data-tooltip-content="{{if .IsExcluded}}Clear exclusion{{else}}Exclude label{{end}}" class="label-exclude-item-btn {{if .IsExcluded}}active{{end}}">
+
+				{{$exclusionTooltip := ctx.Locale.TrString "issues.filters.labels.exclude"}}
+				{{if .IsExcluded}}
+					{{$exclusionTooltip = ctx.Locale.TrString "issues.filters.labels.unexclude"}}
+				{{end}}
+				<button type="button" data-tooltip-content="{{$exclusionTooltip}}" class="label-exclude-item-btn {{if .IsExcluded}}active{{end}}">
 					{{svg "octicon-no-entry"}}
 				</button>
 			</div>
diff --git a/tests/integration/issue_list_filters_test.go b/tests/integration/issue_list_filters_test.go
new file mode 100644
index 0000000000..35a1891665
--- /dev/null
+++ b/tests/integration/issue_list_filters_test.go
@@ -0,0 +1,360 @@
+// Copyright 2024 The Forgejo Authors
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	"forgejo.org/modules/translation"
+	"forgejo.org/tests"
+
+	"github.com/PuerkitoBio/goquery"
+	"github.com/stretchr/testify/assert"
+)
+
+// Tests for contents of pages .../issues and .../pulls
+
+func TestIssueFilterLabels(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Exclusion tooltips", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		url := "/user2/repo1/issues?labels=-2"
+		page := NewHTMLParser(t, MakeRequest(t, NewRequest(t, "GET", url), http.StatusOK).Body)
+
+		page.AssertElement(t, ".label-filter .menu .item:has(a[data-label-id='1']) button[data-tooltip-content='Exclude label']", true)
+		page.AssertElement(t, ".label-filter .menu .item:has(a[data-label-id='2']) button[data-tooltip-content='Clear exclusion']", true)
+	})
+}
+
+func TestIssueSorting(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Dropdown content", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		assert.Equal(t,
+			9,
+			htmlDoc.Find(`.list-header-sort .menu a`).Length(),
+			"Wrong amount of sort options in dropdown")
+
+		menuItemsHTML := htmlDoc.Find(`.list-header-sort .menu`).Text()
+		locale := translation.NewLocale("en-US")
+		for _, key := range []string{
+			"relevance",
+			"latest",
+			"oldest",
+			"recentupdate",
+			"leastupdate",
+			"mostcomment",
+			"leastcomment",
+			"nearduedate",
+			"farduedate",
+		} {
+			assert.Contains(t,
+				menuItemsHTML,
+				locale.Tr("repo.issues.filter_sort."+key),
+				"Sort option %s ('%s') not found in dropdown", key, locale.Tr("repo.issues.filter_sort."+key))
+		}
+	})
+}
+
+func TestIssueFilterLinks(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("No filters", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=&")
+			assert.Contains(t, href, "&type=")
+			assert.Contains(t, href, "&sort=")
+			assert.Contains(t, href, "&state=")
+			assert.Contains(t, href, "&labels=")
+			assert.Contains(t, href, "&milestone=")
+			assert.Contains(t, href, "&project=")
+			assert.Contains(t, href, "&assignee=")
+			assert.Contains(t, href, "&poster=")
+		})
+		assert.True(t, called)
+	})
+
+	t.Run("Keyword", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues?q=search-on-this")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=search-on-this")
+			assert.Contains(t, href, "&type=")
+			assert.Contains(t, href, "&sort=")
+			assert.Contains(t, href, "&state=")
+			assert.Contains(t, href, "&labels=")
+			assert.Contains(t, href, "&milestone=")
+			assert.Contains(t, href, "&project=")
+			assert.Contains(t, href, "&assignee=")
+			assert.Contains(t, href, "&poster=")
+		})
+		assert.True(t, called)
+	})
+
+	t.Run("Sort", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues?sort=oldest")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-sort a)").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=&")
+			assert.Contains(t, href, "&type=")
+			assert.Contains(t, href, "&sort=oldest")
+			assert.Contains(t, href, "&state=")
+			assert.Contains(t, href, "&labels=")
+			assert.Contains(t, href, "&milestone=")
+			assert.Contains(t, href, "&project=")
+			assert.Contains(t, href, "&assignee=")
+			assert.Contains(t, href, "&poster=")
+		})
+		assert.True(t, called)
+	})
+
+	t.Run("Type", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues?type=assigned")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-type a)").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=&")
+			assert.Contains(t, href, "&type=assigned")
+			assert.Contains(t, href, "&sort=")
+			assert.Contains(t, href, "&state=")
+			assert.Contains(t, href, "&labels=")
+			assert.Contains(t, href, "&milestone=")
+			assert.Contains(t, href, "&project=")
+			assert.Contains(t, href, "&assignee=")
+			assert.Contains(t, href, "&poster=")
+		})
+		assert.True(t, called)
+	})
+
+	t.Run("State", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues?state=closed")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']:not(.issue-list-toolbar-left a)").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=&")
+			assert.Contains(t, href, "&type=")
+			assert.Contains(t, href, "&sort=")
+			assert.Contains(t, href, "&state=closed")
+			assert.Contains(t, href, "&labels=")
+			assert.Contains(t, href, "&milestone=")
+			assert.Contains(t, href, "&project=")
+			assert.Contains(t, href, "&assignee=")
+			assert.Contains(t, href, "&poster=")
+		})
+		assert.True(t, called)
+	})
+
+	t.Run("Milestone", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues?milestone=1")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-milestone a)").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=&")
+			assert.Contains(t, href, "&type=")
+			assert.Contains(t, href, "&sort=")
+			assert.Contains(t, href, "&state=")
+			assert.Contains(t, href, "&labels=")
+			assert.Contains(t, href, "&milestone=1")
+			assert.Contains(t, href, "&project=")
+			assert.Contains(t, href, "&assignee=")
+			assert.Contains(t, href, "&poster=")
+		})
+		assert.True(t, called)
+	})
+
+	t.Run("Milestone", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues?milestone=1")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-milestone a)").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=&")
+			assert.Contains(t, href, "&type=")
+			assert.Contains(t, href, "&sort=")
+			assert.Contains(t, href, "&state=")
+			assert.Contains(t, href, "&labels=")
+			assert.Contains(t, href, "&milestone=1")
+			assert.Contains(t, href, "&project=")
+			assert.Contains(t, href, "&assignee=")
+			assert.Contains(t, href, "&poster=")
+		})
+		assert.True(t, called)
+	})
+
+	t.Run("Project", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues?project=1")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-project a)").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=&")
+			assert.Contains(t, href, "&type=")
+			assert.Contains(t, href, "&sort=")
+			assert.Contains(t, href, "&state=")
+			assert.Contains(t, href, "&labels=")
+			assert.Contains(t, href, "&milestone=")
+			assert.Contains(t, href, "&project=1")
+			assert.Contains(t, href, "&assignee=")
+			assert.Contains(t, href, "&poster=")
+		})
+		assert.True(t, called)
+	})
+
+	t.Run("Assignee", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues?assignee=1")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-assignee a)").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=&")
+			assert.Contains(t, href, "&type=")
+			assert.Contains(t, href, "&sort=")
+			assert.Contains(t, href, "&state=")
+			assert.Contains(t, href, "&labels=")
+			assert.Contains(t, href, "&milestone=")
+			assert.Contains(t, href, "&project=")
+			assert.Contains(t, href, "&assignee=1")
+			assert.Contains(t, href, "&poster=")
+		})
+		assert.True(t, called)
+	})
+
+	t.Run("Poster", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues?poster=1")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-poster a)").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=&")
+			assert.Contains(t, href, "&type=")
+			assert.Contains(t, href, "&sort=")
+			assert.Contains(t, href, "&state=")
+			assert.Contains(t, href, "&labels=")
+			assert.Contains(t, href, "&milestone=")
+			assert.Contains(t, href, "&project=")
+			assert.Contains(t, href, "&assignee=")
+			assert.Contains(t, href, "&poster=1")
+		})
+		assert.True(t, called)
+	})
+
+	t.Run("Labels", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues?labels=1")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']:not(.label-filter a)").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=&")
+			assert.Contains(t, href, "&type=")
+			assert.Contains(t, href, "&sort=")
+			assert.Contains(t, href, "&state=")
+			assert.Contains(t, href, "&labels=1")
+			assert.Contains(t, href, "&milestone=")
+			assert.Contains(t, href, "&project=")
+			assert.Contains(t, href, "&assignee=")
+			assert.Contains(t, href, "&poster=")
+		})
+		assert.True(t, called)
+	})
+
+	t.Run("Archived labels", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", "/user2/repo1/issues?archived=true")
+		resp := MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+
+		called := false
+		htmlDoc.Find("#issue-filters a[href^='?']").Each(func(_ int, s *goquery.Selection) {
+			called = true
+			href, _ := s.Attr("href")
+			assert.Contains(t, href, "?q=&")
+			assert.Contains(t, href, "&type=")
+			assert.Contains(t, href, "&sort=")
+			assert.Contains(t, href, "&state=")
+			assert.Contains(t, href, "&labels=")
+			assert.Contains(t, href, "&milestone=")
+			assert.Contains(t, href, "&project=")
+			assert.Contains(t, href, "&assignee=")
+			assert.Contains(t, href, "&poster=")
+			assert.Contains(t, href, "&archived=true")
+		})
+		assert.True(t, called)
+	})
+}
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index c7bfad32bd..1b4a574f13 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -1219,335 +1219,6 @@ func TestFileHistoryPager(t *testing.T) {
 	})
 }
 
-func TestRepoIssueSorting(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	t.Run("Dropdown content", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		assert.Equal(t,
-			9,
-			htmlDoc.Find(`.list-header-sort .menu a`).Length(),
-			"Wrong amount of sort options in dropdown")
-
-		menuItemsHTML := htmlDoc.Find(`.list-header-sort .menu`).Text()
-		locale := translation.NewLocale("en-US")
-		for _, key := range []string{
-			"relevance",
-			"latest",
-			"oldest",
-			"recentupdate",
-			"leastupdate",
-			"mostcomment",
-			"leastcomment",
-			"nearduedate",
-			"farduedate",
-		} {
-			assert.Contains(t,
-				menuItemsHTML,
-				locale.Tr("repo.issues.filter_sort."+key),
-				"Sort option %s ('%s') not found in dropdown", key, locale.Tr("repo.issues.filter_sort."+key))
-		}
-	})
-}
-
-func TestRepoIssueFilterLinks(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-
-	t.Run("No filters", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=&")
-			assert.Contains(t, href, "&type=")
-			assert.Contains(t, href, "&sort=")
-			assert.Contains(t, href, "&state=")
-			assert.Contains(t, href, "&labels=")
-			assert.Contains(t, href, "&milestone=")
-			assert.Contains(t, href, "&project=")
-			assert.Contains(t, href, "&assignee=")
-			assert.Contains(t, href, "&poster=")
-		})
-		assert.True(t, called)
-	})
-
-	t.Run("Keyword", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues?q=search-on-this")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=search-on-this")
-			assert.Contains(t, href, "&type=")
-			assert.Contains(t, href, "&sort=")
-			assert.Contains(t, href, "&state=")
-			assert.Contains(t, href, "&labels=")
-			assert.Contains(t, href, "&milestone=")
-			assert.Contains(t, href, "&project=")
-			assert.Contains(t, href, "&assignee=")
-			assert.Contains(t, href, "&poster=")
-		})
-		assert.True(t, called)
-	})
-
-	t.Run("Sort", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues?sort=oldest")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-sort a)").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=&")
-			assert.Contains(t, href, "&type=")
-			assert.Contains(t, href, "&sort=oldest")
-			assert.Contains(t, href, "&state=")
-			assert.Contains(t, href, "&labels=")
-			assert.Contains(t, href, "&milestone=")
-			assert.Contains(t, href, "&project=")
-			assert.Contains(t, href, "&assignee=")
-			assert.Contains(t, href, "&poster=")
-		})
-		assert.True(t, called)
-	})
-
-	t.Run("Type", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues?type=assigned")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-type a)").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=&")
-			assert.Contains(t, href, "&type=assigned")
-			assert.Contains(t, href, "&sort=")
-			assert.Contains(t, href, "&state=")
-			assert.Contains(t, href, "&labels=")
-			assert.Contains(t, href, "&milestone=")
-			assert.Contains(t, href, "&project=")
-			assert.Contains(t, href, "&assignee=")
-			assert.Contains(t, href, "&poster=")
-		})
-		assert.True(t, called)
-	})
-
-	t.Run("State", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues?state=closed")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']:not(.issue-list-toolbar-left a)").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=&")
-			assert.Contains(t, href, "&type=")
-			assert.Contains(t, href, "&sort=")
-			assert.Contains(t, href, "&state=closed")
-			assert.Contains(t, href, "&labels=")
-			assert.Contains(t, href, "&milestone=")
-			assert.Contains(t, href, "&project=")
-			assert.Contains(t, href, "&assignee=")
-			assert.Contains(t, href, "&poster=")
-		})
-		assert.True(t, called)
-	})
-
-	t.Run("Milestone", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues?milestone=1")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-milestone a)").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=&")
-			assert.Contains(t, href, "&type=")
-			assert.Contains(t, href, "&sort=")
-			assert.Contains(t, href, "&state=")
-			assert.Contains(t, href, "&labels=")
-			assert.Contains(t, href, "&milestone=1")
-			assert.Contains(t, href, "&project=")
-			assert.Contains(t, href, "&assignee=")
-			assert.Contains(t, href, "&poster=")
-		})
-		assert.True(t, called)
-	})
-
-	t.Run("Milestone", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues?milestone=1")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-milestone a)").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=&")
-			assert.Contains(t, href, "&type=")
-			assert.Contains(t, href, "&sort=")
-			assert.Contains(t, href, "&state=")
-			assert.Contains(t, href, "&labels=")
-			assert.Contains(t, href, "&milestone=1")
-			assert.Contains(t, href, "&project=")
-			assert.Contains(t, href, "&assignee=")
-			assert.Contains(t, href, "&poster=")
-		})
-		assert.True(t, called)
-	})
-
-	t.Run("Project", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues?project=1")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-project a)").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=&")
-			assert.Contains(t, href, "&type=")
-			assert.Contains(t, href, "&sort=")
-			assert.Contains(t, href, "&state=")
-			assert.Contains(t, href, "&labels=")
-			assert.Contains(t, href, "&milestone=")
-			assert.Contains(t, href, "&project=1")
-			assert.Contains(t, href, "&assignee=")
-			assert.Contains(t, href, "&poster=")
-		})
-		assert.True(t, called)
-	})
-
-	t.Run("Assignee", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues?assignee=1")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-assignee a)").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=&")
-			assert.Contains(t, href, "&type=")
-			assert.Contains(t, href, "&sort=")
-			assert.Contains(t, href, "&state=")
-			assert.Contains(t, href, "&labels=")
-			assert.Contains(t, href, "&milestone=")
-			assert.Contains(t, href, "&project=")
-			assert.Contains(t, href, "&assignee=1")
-			assert.Contains(t, href, "&poster=")
-		})
-		assert.True(t, called)
-	})
-
-	t.Run("Poster", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues?poster=1")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']:not(.list-header-poster a)").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=&")
-			assert.Contains(t, href, "&type=")
-			assert.Contains(t, href, "&sort=")
-			assert.Contains(t, href, "&state=")
-			assert.Contains(t, href, "&labels=")
-			assert.Contains(t, href, "&milestone=")
-			assert.Contains(t, href, "&project=")
-			assert.Contains(t, href, "&assignee=")
-			assert.Contains(t, href, "&poster=1")
-		})
-		assert.True(t, called)
-	})
-
-	t.Run("Labels", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues?labels=1")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']:not(.label-filter a)").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=&")
-			assert.Contains(t, href, "&type=")
-			assert.Contains(t, href, "&sort=")
-			assert.Contains(t, href, "&state=")
-			assert.Contains(t, href, "&labels=1")
-			assert.Contains(t, href, "&milestone=")
-			assert.Contains(t, href, "&project=")
-			assert.Contains(t, href, "&assignee=")
-			assert.Contains(t, href, "&poster=")
-		})
-		assert.True(t, called)
-	})
-
-	t.Run("Archived labels", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
-
-		req := NewRequest(t, "GET", "/user2/repo1/issues?archived=true")
-		resp := MakeRequest(t, req, http.StatusOK)
-		htmlDoc := NewHTMLParser(t, resp.Body)
-
-		called := false
-		htmlDoc.Find("#issue-filters a[href^='?']").Each(func(_ int, s *goquery.Selection) {
-			called = true
-			href, _ := s.Attr("href")
-			assert.Contains(t, href, "?q=&")
-			assert.Contains(t, href, "&type=")
-			assert.Contains(t, href, "&sort=")
-			assert.Contains(t, href, "&state=")
-			assert.Contains(t, href, "&labels=")
-			assert.Contains(t, href, "&milestone=")
-			assert.Contains(t, href, "&project=")
-			assert.Contains(t, href, "&assignee=")
-			assert.Contains(t, href, "&poster=")
-			assert.Contains(t, href, "&archived=true")
-		})
-		assert.True(t, called)
-	})
-}
-
 func TestRepoSubmoduleView(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

From 149f9a9ba952865823b377112c172aad5bc52df1 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Wed, 18 Feb 2026 04:06:15 +0100
Subject: [PATCH 343/854] fix(ui): improve a few English strings (#11343)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11343
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
---
 options/locale_next/locale_en-US.json | 18 +++++++++---------
 tests/integration/runner_test.go      |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index f8162be167..b4e271824a 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -62,9 +62,9 @@
 	"issues.filters.labels.exclude": "Exclude label",
 	"issues.filters.labels.unexclude": "Clear exclusion",
 	"repo.pulls.poster_manage_approval": "Manage approval",
-	"repo.pulls.poster_requires_approval": "Some workflows are <a href=\"%[1]s\">waiting to be reviewed.</a>",
+	"repo.pulls.poster_requires_approval": "Some workflows are <a href=\"%[1]s\">waiting to be reviewed</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "The author of this pull request is not trusted to run workflows triggered by a pull request created from a forked repository or with AGit. The workflows triggered by a `pull_request` event will not run until they are approved.",
-	"repo.pulls.poster_is_trusted": "The author of this pull request is <a href=\"%[1]s\">always trusted to run workflows.</a>",
+	"repo.pulls.poster_is_trusted": "The author of this pull request is <a href=\"%[1]s\">always trusted to run workflows</a>.",
 	"repo.pulls.poster_is_trusted.tooltip": "The author of this pull request is explicitly trusted to run workflows triggered by `pull_request` events.",
 	"repo.pulls.poster_trust_deny": "Deny",
 	"repo.pulls.poster_trust_deny.tooltip": "The workflows waiting approval will be canceled.",
@@ -229,9 +229,9 @@
 	"notification.mark_all_as_read": "Mark all as read",
 	"notification.subscriptions": "Subscriptions",
 	"notification.watching": "Watching",
-	"notification.no_subscriptions": "No subscriptions",
+	"notification.no_subscriptions": "You have no subscriptions.",
 	"dropzone.default_message": "Drop files or click here to upload.",
-	"dropzone.invalid_input_type": "You cannot upload files of this type.",
+	"dropzone.invalid_input_type": "Files of this type cannot be uploaded.",
 	"dropzone.file_too_big": "File size ({{filesize}} MB) exceeds the maximum size of ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Remove file",
 	"munits.data.b": "B",
@@ -443,16 +443,16 @@
 	"actions.runners.last_online": "Last online time",
 	"actions.runners.runner_title": "Runner",
 	"actions.runners.task_list": "Recent tasks on this runner",
-	"actions.runners.task_list.no_tasks": "There is no task yet.",
+	"actions.runners.task_list.no_tasks": "There are no tasks yet.",
 	"actions.runners.task_list.run": "Run",
 	"actions.runners.task_list.status": "Status",
 	"actions.runners.task_list.repository": "Repository",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Done at",
-	"actions.runners.edit_runner": "Edit Runner",
-	"actions.runners.update_runner.button": "Update changes",
-	"actions.runners.update_runner.success": "Runner updated successfully",
-	"actions.runners.update_runner.failed": "Failed to update runner",
+	"actions.runners.edit_runner": "Edit runner",
+	"actions.runners.update_runner.button": "Save changes",
+	"actions.runners.update_runner.success": "Runner edited successfully",
+	"actions.runners.update_runner.failed": "Failed to edit runner",
 	"actions.runners.delete_runner.button": "Delete this runner",
 	"actions.runners.delete_runner.success": "Runner deleted successfully",
 	"actions.runners.delete_runner.failed": "Failed to delete runner",
diff --git a/tests/integration/runner_test.go b/tests/integration/runner_test.go
index 3379331e84..df88458acd 100644
--- a/tests/integration/runner_test.go
+++ b/tests/integration/runner_test.go
@@ -56,7 +56,7 @@ func TestRunnerModification(t *testing.T) {
 			sess.MakeRequest(t, req, http.StatusSeeOther)
 			flashCookie := sess.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
-			assert.Equal(t, "success%3DRunner%2Bupdated%2Bsuccessfully", flashCookie.Value)
+			assert.Equal(t, "success%3DRunner%2Bedited%2Bsuccessfully", flashCookie.Value)
 		}
 
 		req = NewRequest(t, "POST", baseURL+fmt.Sprintf("/%d/delete", id))

From 8c2bb0f65bf0ecfe6059e240135644601891c9a8 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Wed, 18 Feb 2026 04:07:14 +0100
Subject: [PATCH 344/854] chore(i18n): deduplicate common packages related
 strings (#11345)

Our package registries types have many things in common, so they have many shared strings like
```json
"packages.installation": "Installation",
```

but not all and not consistently. For example, some packages duplicate these strings:
```json
"packages.*.install": "To install the package, run the following command:",
"packages.*.registry": "Setup this registry from the command line:",
"packages.*.repository": "Repository info",
"packages.*.dependencies": "Dependencies",
```

while other packages have them customized:
```json
"packages.cargo.install": "To install the package using Cargo, run the following command:",
"packages.composer.install": "To install the package using Composer, run the following command:",
"packages.conan.install": "To install the package using Conan, run the following command:",
"packages.conda.install": "To install the package using Conda, run the following command:",
```

While it's ok for them to have custom strings, I don't see need to duplicate the same generic strings. Even though Weblate provides tools to simplify maintenance of duplicated strings, our files still end up being bloated.

In this PR I deduplicated the strings listed above under a `common` key. There already was a generic shared string for Dependencies, that I just re-used.

Also fixed strings in Arch packages, which were saying Depends with meaning of Dependencies.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11345
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 options/locale_next/locale_en-US.json   | 30 +++++--------------------
 templates/package/content/alpine.tmpl   |  4 ++--
 templates/package/content/alt.tmpl      |  6 ++---
 templates/package/content/arch.tmpl     |  2 +-
 templates/package/content/chef.tmpl     |  2 +-
 templates/package/content/composer.tmpl |  2 +-
 templates/package/content/conan.tmpl    |  2 +-
 templates/package/content/cran.tmpl     |  2 +-
 templates/package/content/debian.tmpl   |  6 ++---
 templates/package/content/helm.tmpl     |  4 ++--
 templates/package/content/npm.tmpl      |  2 +-
 templates/package/content/nuget.tmpl    |  2 +-
 templates/package/content/rpm.tmpl      |  6 ++---
 templates/package/content/swift.tmpl    |  2 +-
 14 files changed, 27 insertions(+), 45 deletions(-)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index b4e271824a..8127dbf4b9 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -271,11 +271,12 @@
 	"packages.dependency.id": "ID",
 	"packages.dependency.version": "Version",
 	"packages.search_in_external_registry": "Search in %s",
+	"packages.common.install": "To install the package, run the following command:",
+	"packages.common.registry": "Setup this registry from the command line:",
+	"packages.common.repository": "Repository info",
 	"packages.alpine.registry": "Setup this registry by adding the url in your <code>/etc/apk/repositories</code> file:",
 	"packages.alpine.registry.key": "Download the registry public RSA key into the <code>/etc/apk/keys/</code> folder to verify the index signature:",
 	"packages.alpine.registry.info": "Choose $branch and $repository from the list below.",
-	"packages.alpine.install": "To install the package, run the following command:",
-	"packages.alpine.repository": "Repository info",
 	"packages.alpine.repository.branches": "Branches",
 	"packages.alpine.repository.repositories": "Repositories",
 	"packages.alpine.repository.architectures": "Architectures",
@@ -288,22 +289,18 @@
 	"packages.arch.version.description": "Description",
 	"packages.arch.version.provides": "Provides",
 	"packages.arch.version.groups": "Group",
-	"packages.arch.version.depends": "Depends",
-	"packages.arch.version.optdepends": "Optional depends",
-	"packages.arch.version.makedepends": "Make depends",
-	"packages.arch.version.checkdepends": "Check depends",
+	"packages.arch.version.optdepends": "Optional dependencies",
+	"packages.arch.version.makedepends": "Make dependencies",
+	"packages.arch.version.checkdepends": "Check dependencies",
 	"packages.arch.version.conflicts": "Conflicts",
 	"packages.arch.version.replaces": "Replaces",
 	"packages.arch.version.backup": "Backup",
 	"packages.cargo.registry": "Setup this registry in the Cargo configuration file (for example <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "To install the package using Cargo, run the following command:",
 	"packages.chef.registry": "Setup this registry in your <code>~/.chef/config.rb</code> file:",
-	"packages.chef.install": "To install the package, run the following command:",
 	"packages.composer.registry": "Setup this registry in your <code>~/.composer/config.json</code> file:",
 	"packages.composer.install": "To install the package using Composer, run the following command:",
-	"packages.composer.dependencies": "Dependencies",
 	"packages.composer.dependencies.development": "Development dependencies",
-	"packages.conan.registry": "Setup this registry from the command line:",
 	"packages.conan.install": "To install the package using Conan, run the following command:",
 	"packages.conda.registry": "Setup this registry as a Conda repository in your <code>.condarc</code> file:",
 	"packages.conda.install": "To install the package using Conda, run the following command:",
@@ -318,29 +315,21 @@
 	"packages.container.labels.key": "Key",
 	"packages.container.labels.value": "Value",
 	"packages.cran.registry": "Setup this registry in your <code>Rprofile.site</code> file:",
-	"packages.cran.install": "To install the package, run the following command:",
-	"packages.debian.registry": "Setup this registry from the command line:",
 	"packages.debian.registry.info": "Choose $distribution and $component from the list below.",
-	"packages.debian.install": "To install the package, run the following command:",
-	"packages.debian.repository": "Repository info",
 	"packages.debian.repository.distributions": "Distributions",
 	"packages.debian.repository.components": "Components",
 	"packages.debian.repository.architectures": "Architectures",
 	"packages.generic.download": "Download package from the command line:",
 	"packages.go.install": "Install the package from the command line:",
-	"packages.helm.registry": "Setup this registry from the command line:",
-	"packages.helm.install": "To install the package, run the following command:",
 	"packages.maven.registry": "Setup this registry in your project <code>pom.xml</code> file:",
 	"packages.maven.install": "To use the package include the following in the <code>dependencies</code> block in the <code>pom.xml</code> file:",
 	"packages.maven.install2": "Run via command line:",
 	"packages.maven.download": "To download the dependency, run via command line:",
-	"packages.nuget.registry": "Setup this registry from the command line:",
 	"packages.nuget.install": "To install the package using NuGet, run the following command:",
 	"packages.nuget.dependency.framework": "Target Framework",
 	"packages.npm.registry": "Setup this registry in your project <code>.npmrc</code> file:",
 	"packages.npm.install": "To install the package using npm, run the following command:",
 	"packages.npm.install2": "or add it to the package.json file:",
-	"packages.npm.dependencies": "Dependencies",
 	"packages.npm.dependencies.development": "Development dependencies",
 	"packages.npm.dependencies.bundle": "Bundled dependencies",
 	"packages.npm.dependencies.peer": "Peer dependencies",
@@ -348,18 +337,12 @@
 	"packages.npm.details.tag": "Tag",
 	"packages.pypi.requires": "Requires Python",
 	"packages.pypi.install": "To install the package using pip, run the following command:",
-	"packages.rpm.registry": "Setup this registry from the command line:",
 	"packages.rpm.distros.redhat": "on RedHat based distributions",
 	"packages.rpm.distros.suse": "on SUSE based distributions",
-	"packages.rpm.install": "To install the package, run the following command:",
-	"packages.rpm.repository": "Repository info",
 	"packages.rpm.repository.architectures": "Architectures",
 	"packages.rpm.repository.multiple_groups": "This package is available in multiple groups.",
-	"packages.alt.registry": "Setup this registry from the command line:",
-	"packages.alt.registry.install": "To install the package, run the following command:",
 	"packages.alt.install": "Install package",
 	"packages.alt.setup": "Add a repository to the list of connected repositories (choose the necessary architecture instead of \"_arch_\"):",
-	"packages.alt.repository": "Repository info",
 	"packages.alt.repository.architectures": "Architectures",
 	"packages.alt.repository.multiple_groups": "This package is available in multiple groups.",
 	"packages.rubygems.install": "To install the package using gem, run the following command:",
@@ -368,7 +351,6 @@
 	"packages.rubygems.dependencies.development": "Development dependencies",
 	"packages.rubygems.required.ruby": "Requires Ruby version",
 	"packages.rubygems.required.rubygems": "Requires RubyGem version",
-	"packages.swift.registry": "Setup this registry from the command line:",
 	"packages.swift.install": "Add the package in your <code>Package.swift</code> file:",
 	"packages.swift.install2": "and run the following command:",
 	"packages.vagrant.install": "To add a Vagrant box, run the following command:",
diff --git a/templates/package/content/alpine.tmpl b/templates/package/content/alpine.tmpl
index 8914006ff0..a4a516166b 100644
--- a/templates/package/content/alpine.tmpl
+++ b/templates/package/content/alpine.tmpl
@@ -12,7 +12,7 @@
 				<div class="markup"><pre class="code-block"><code>curl -JO <origin-url data-url="{{AppSubUrl}}/api/packages/{{$.PackageDescriptor.Owner.Name}}/alpine/key"></origin-url></code></pre></div>
 			</div>
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.alpine.install"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.install"}}</label>
 				<div class="markup">
 					<pre class="code-block"><code>sudo apk add {{$.PackageDescriptor.Package.Name}}={{$.PackageDescriptor.Version.Version}}</code></pre>
 				</div>
@@ -23,7 +23,7 @@
 		</div>
 	</div>
 
-	<h4 class="ui top attached header">{{ctx.Locale.Tr "packages.alpine.repository"}}</h4>
+	<h4 class="ui top attached header">{{ctx.Locale.Tr "packages.common.repository"}}</h4>
 	<div class="ui attached segment">
 		<table class="ui single line very basic table">
 			<tbody>
diff --git a/templates/package/content/alt.tmpl b/templates/package/content/alt.tmpl
index 0a5c328e6d..5f74fb704e 100644
--- a/templates/package/content/alt.tmpl
+++ b/templates/package/content/alt.tmpl
@@ -3,7 +3,7 @@
 	<div class="ui attached segment">
 		<div class="ui form">
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.alt.registry"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.registry"}}</label>
 				<div class="markup"><pre class="code-block"><code>{{- if gt (len .Groups) 1 -}}
 # {{ctx.Locale.Tr "packages.alt.repository.multiple_groups"}}
 
@@ -18,7 +18,7 @@ apt-repo add rpm <origin-url data-url="{{AppSubUrl}}/api/packages/{{$.PackageDes
 			<div class="field">
 				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.alt.install"}}</label>
 				<div class="markup">
-					<pre class="code-block"><code># {{ctx.Locale.Tr "packages.alt.registry.install"}}
+					<pre class="code-block"><code># {{ctx.Locale.Tr "packages.common.install"}}
 apt-get update
 apt-get install {{$.PackageDescriptor.Package.Name}}</code></pre>
 				</div>
@@ -29,7 +29,7 @@ apt-get install {{$.PackageDescriptor.Package.Name}}</code></pre>
 		</div>
 	</div>
 
-	<h4 class="ui top attached header">{{ctx.Locale.Tr "packages.alt.repository"}}</h4>
+	<h4 class="ui top attached header">{{ctx.Locale.Tr "packages.common.repository"}}</h4>
 	<div class="ui attached segment">
 		<table class="ui single line very basic table">
 			<tbody>
diff --git a/templates/package/content/arch.tmpl b/templates/package/content/arch.tmpl
index 6a041d323b..b3d4094528 100644
--- a/templates/package/content/arch.tmpl
+++ b/templates/package/content/arch.tmpl
@@ -77,7 +77,7 @@ Server = <origin-url data-url="{{AppSubUrl}}/api/packages/{{$.PackageDescriptor.
 			{{if .PackageDescriptor.Metadata.Depends}}
 			<tr>
 				<td class="collapsing">
-					<h5>{{ctx.Locale.Tr "packages.arch.version.depends"}}</h5>
+					<h5>{{ctx.Locale.Tr "packages.dependencies"}}</h5>
 				</td>
 				<td>{{StringUtils.Join $.PackageDescriptor.Metadata.Depends ", "}}</td>
 			</tr>
diff --git a/templates/package/content/chef.tmpl b/templates/package/content/chef.tmpl
index d39164b90b..9d91c30833 100644
--- a/templates/package/content/chef.tmpl
+++ b/templates/package/content/chef.tmpl
@@ -7,7 +7,7 @@
 				<div class="markup"><pre class="code-block"><code>knife[:supermarket_site] = '<origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/chef"></origin-url>'</code></pre></div>
 			</div>
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.chef.install"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.install"}}</label>
 				<div class="markup"><pre class="code-block"><code>knife supermarket install {{.PackageDescriptor.Package.Name}} {{.PackageDescriptor.Version.Version}}</code></pre></div>
 			</div>
 			<div class="field">
diff --git a/templates/package/content/composer.tmpl b/templates/package/content/composer.tmpl
index 73ab3ac7cc..2439f6434a 100644
--- a/templates/package/content/composer.tmpl
+++ b/templates/package/content/composer.tmpl
@@ -33,7 +33,7 @@
 		<h4 class="ui top attached header">{{ctx.Locale.Tr "packages.dependencies"}}</h4>
 		<div class="ui attached segment">
 			<div class="ui list">
-				{{template "package/content/composer_dependencies" dict "root" $ "dependencies" .PackageDescriptor.Metadata.Require "title" (ctx.Locale.Tr "packages.composer.dependencies")}}
+				{{template "package/content/composer_dependencies" dict "root" $ "dependencies" .PackageDescriptor.Metadata.Require "title" (ctx.Locale.Tr "packages.dependencies")}}
 				{{template "package/content/composer_dependencies" dict "root" $ "dependencies" .PackageDescriptor.Metadata.RequireDev "title" (ctx.Locale.Tr "packages.composer.dependencies.development")}}
 			</div>
 		</div>
diff --git a/templates/package/content/conan.tmpl b/templates/package/content/conan.tmpl
index 8ebc258e31..8553ff3ef7 100644
--- a/templates/package/content/conan.tmpl
+++ b/templates/package/content/conan.tmpl
@@ -3,7 +3,7 @@
 	<div class="ui attached segment">
 		<div class="ui form">
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.conan.registry"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.registry"}}</label>
 				<div class="markup"><pre class="code-block"><code>conan remote add forgejo <origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/conan"></origin-url></code></pre></div>
 			</div>
 			<div class="field">
diff --git a/templates/package/content/cran.tmpl b/templates/package/content/cran.tmpl
index df7a48c3d6..f761618f22 100644
--- a/templates/package/content/cran.tmpl
+++ b/templates/package/content/cran.tmpl
@@ -7,7 +7,7 @@
 				<div class="markup"><pre class="code-block"><code>options("repos" = c(getOption("repos"), c(forgejo="<origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/cran"></origin-url>")))</code></pre></div>
 			</div>
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.cran.install"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.install"}}</label>
 				<div class="markup"><pre class="code-block"><code>install.packages("{{.PackageDescriptor.Package.Name}}")</code></pre></div>
 			</div>
 			<div class="field">
diff --git a/templates/package/content/debian.tmpl b/templates/package/content/debian.tmpl
index 782ac1c8b3..f3ca23a6fe 100644
--- a/templates/package/content/debian.tmpl
+++ b/templates/package/content/debian.tmpl
@@ -3,14 +3,14 @@
 	<div class="ui attached segment">
 		<div class="ui form">
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.debian.registry"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.registry"}}</label>
 				<div class="markup"><pre class="code-block"><code>sudo curl <origin-url data-url="{{AppSubUrl}}/api/packages/{{$.PackageDescriptor.Owner.Name}}/debian/repository.key"></origin-url> -o /etc/apt/keyrings/forgejo-{{$.PackageDescriptor.Owner.Name}}.asc
 echo "deb [signed-by=/etc/apt/keyrings/forgejo-{{$.PackageDescriptor.Owner.Name}}.asc] <origin-url data-url="{{AppSubUrl}}/api/packages/{{$.PackageDescriptor.Owner.Name}}/debian"></origin-url> $distribution $component" | sudo tee -a /etc/apt/sources.list.d/forgejo.list
 sudo apt update</code></pre></div>
 				<p>{{ctx.Locale.Tr "packages.debian.registry.info"}}</p>
 			</div>
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.debian.install"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.install"}}</label>
 				<div class="markup">
 					<pre class="code-block"><code>sudo apt install {{$.PackageDescriptor.Package.Name}}={{$.PackageDescriptor.Version.Version}}</code></pre>
 				</div>
@@ -21,7 +21,7 @@ sudo apt update</code></pre></div>
 		</div>
 	</div>
 
-	<h4 class="ui top attached header">{{ctx.Locale.Tr "packages.debian.repository"}}</h4>
+	<h4 class="ui top attached header">{{ctx.Locale.Tr "packages.common.repository"}}</h4>
 	<div class="ui attached segment">
 		<table class="ui single line very basic table">
 			<tbody>
diff --git a/templates/package/content/helm.tmpl b/templates/package/content/helm.tmpl
index 9d8555597e..4fceff4f72 100644
--- a/templates/package/content/helm.tmpl
+++ b/templates/package/content/helm.tmpl
@@ -3,12 +3,12 @@
 	<div class="ui attached segment">
 		<div class="ui form">
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.helm.registry"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.registry"}}</label>
 				<div class="markup"><pre class="code-block"><code>helm repo add {{AppDomain}} <origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/helm"></origin-url>
 helm repo update</code></pre></div>
 			</div>
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.helm.install"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.install"}}</label>
 				<div class="markup"><pre class="code-block"><code>helm install {{.PackageDescriptor.Package.Name}} {{AppDomain}}/{{.PackageDescriptor.Package.Name}}</code></pre></div>
 			</div>
 			<div class="field">
diff --git a/templates/package/content/npm.tmpl b/templates/package/content/npm.tmpl
index 1ffbd199e3..3c2e1afb9a 100644
--- a/templates/package/content/npm.tmpl
+++ b/templates/package/content/npm.tmpl
@@ -37,7 +37,7 @@
 		<h4 class="ui top attached header">{{ctx.Locale.Tr "packages.dependencies"}}</h4>
 		<div class="ui attached segment">
 			<div class="ui list">
-				{{template "package/content/npm_dependencies" dict "root" $ "dependencies" .PackageDescriptor.Metadata.Dependencies "title" (ctx.Locale.Tr "packages.npm.dependencies")}}
+				{{template "package/content/npm_dependencies" dict "root" $ "dependencies" .PackageDescriptor.Metadata.Dependencies "title" (ctx.Locale.Tr "packages.dependencies")}}
 				{{template "package/content/npm_dependencies" dict "root" $ "dependencies" .PackageDescriptor.Metadata.DevelopmentDependencies "title" (ctx.Locale.Tr "packages.npm.dependencies.development")}}
 				{{template "package/content/npm_dependencies" dict "root" $ "dependencies" .PackageDescriptor.Metadata.PeerDependencies "title" (ctx.Locale.Tr "packages.npm.dependencies.peer")}}
 				{{template "package/content/npm_dependencies" dict "root" $ "dependencies" .PackageDescriptor.Metadata.OptionalDependencies "title" (ctx.Locale.Tr "packages.npm.dependencies.optional")}}
diff --git a/templates/package/content/nuget.tmpl b/templates/package/content/nuget.tmpl
index c8568845f1..96ceb9d2b2 100644
--- a/templates/package/content/nuget.tmpl
+++ b/templates/package/content/nuget.tmpl
@@ -3,7 +3,7 @@
 	<div class="ui attached segment">
 		<div class="ui form">
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.nuget.registry"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.registry"}}</label>
 				<div class="markup"><pre class="code-block"><code>dotnet nuget add source --name {{.PackageDescriptor.Owner.Name}} --username your_username --password your_token <origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/nuget/index.json"></origin-url></code></pre></div>
 			</div>
 			<div class="field">
diff --git a/templates/package/content/rpm.tmpl b/templates/package/content/rpm.tmpl
index f5d56623ac..8d79b3f24e 100644
--- a/templates/package/content/rpm.tmpl
+++ b/templates/package/content/rpm.tmpl
@@ -3,7 +3,7 @@
 	<div class="ui attached segment">
 		<div class="ui form">
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.rpm.registry"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.registry"}}</label>
 				<div class="markup"><pre class="code-block"><code>{{- if gt (len .Groups) 1 -}}
 # {{ctx.Locale.Tr "packages.rpm.repository.multiple_groups"}}
 
@@ -21,7 +21,7 @@ zypper addrepo <origin-url data-url="{{AppSubUrl}}/api/packages/{{$.PackageDescr
 {{- end}}</code></pre></div>
 			</div>
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.rpm.install"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.install"}}</label>
 				<div class="markup">
 					<pre class="code-block"><code># {{ctx.Locale.Tr "packages.rpm.distros.redhat"}}
 dnf install {{$.PackageDescriptor.Package.Name}}
@@ -36,7 +36,7 @@ zypper install {{$.PackageDescriptor.Package.Name}}</code></pre>
 		</div>
 	</div>
 
-	<h4 class="ui top attached header">{{ctx.Locale.Tr "packages.rpm.repository"}}</h4>
+	<h4 class="ui top attached header">{{ctx.Locale.Tr "packages.common.repository"}}</h4>
 	<div class="ui attached segment">
 		<table class="ui single line very basic table">
 			<tbody>
diff --git a/templates/package/content/swift.tmpl b/templates/package/content/swift.tmpl
index 68db444883..25c558dd2f 100644
--- a/templates/package/content/swift.tmpl
+++ b/templates/package/content/swift.tmpl
@@ -3,7 +3,7 @@
 	<div class="ui attached segment">
 		<div class="ui form">
 			<div class="field">
-				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.swift.registry"}}</label>
+				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.common.registry"}}</label>
 				<div class="markup"><pre class="code-block"><code>swift package-registry set <origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/swift"></origin-url></code></pre></div>
 			</div>
 			<div class="field">

From 73b96a41bcbbeb1dfdf91b553ad069f71850a61a Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Wed, 18 Feb 2026 16:49:44 +0100
Subject: [PATCH 345/854] chore: remove field ephemeral from runner
 registration response (#11350)

Remove the field `ephemeral` from the response to runner registration requests made using the HTTP API (POST to `/repos/{owner}/{repo}/actions/runners` and friends) that was introduced with https://codeberg.org/forgejo/forgejo/pulls/9962. The client already knows that it requested an ephemeral runner. Therefore, the information is redundant.

It can be included again should a compelling use case arise.

This part of the HTTP API hasn't been released yet. Therefore, it is safe to remove the field.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11350
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 modules/structs/runner.go                   | 7 +++----
 routers/api/v1/shared/runners.go            | 7 +++----
 templates/swagger/v1_json.tmpl              | 4 ----
 tests/integration/api_admin_actions_test.go | 3 ---
 tests/integration/api_org_actions_test.go   | 3 ---
 tests/integration/api_repo_actions_test.go  | 3 ---
 tests/integration/api_user_actions_test.go  | 3 ---
 7 files changed, 6 insertions(+), 24 deletions(-)

diff --git a/modules/structs/runner.go b/modules/structs/runner.go
index cecbb72400..5ac88f0488 100644
--- a/modules/structs/runner.go
+++ b/modules/structs/runner.go
@@ -25,8 +25,7 @@ type RegisterRunnerOptions struct {
 // RegisterRunnerResponse contains the details of the just registered runner.
 // swagger:model
 type RegisterRunnerResponse struct {
-	ID        int64  `json:"id" binding:"Required"`
-	UUID      string `json:"uuid" binding:"Required"`
-	Token     string `json:"token" binding:"Required"`
-	Ephemeral bool   `json:"ephemeral" binding:"Required"`
+	ID    int64  `json:"id" binding:"Required"`
+	UUID  string `json:"uuid" binding:"Required"`
+	Token string `json:"token" binding:"Required"`
 }
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index ad470215e9..a96a10ad30 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -170,10 +170,9 @@ func RegisterRunner(ctx *context.APIContext, ownerID, repoID int64) {
 	}
 
 	response := &structs.RegisterRunnerResponse{
-		ID:        runner.ID,
-		UUID:      runner.UUID,
-		Token:     runner.Token,
-		Ephemeral: runner.Ephemeral,
+		ID:    runner.ID,
+		UUID:  runner.UUID,
+		Token: runner.Token,
 	}
 	ctx.JSON(http.StatusCreated, response)
 }
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 976c25afa7..7e83814a2d 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -28538,10 +28538,6 @@
       "type": "object",
       "title": "RegisterRunnerResponse contains the details of the just registered runner.",
       "properties": {
-        "ephemeral": {
-          "type": "boolean",
-          "x-go-name": "Ephemeral"
-        },
         "id": {
           "type": "integer",
           "format": "int64",
diff --git a/tests/integration/api_admin_actions_test.go b/tests/integration/api_admin_actions_test.go
index 02644401fd..c935d352f9 100644
--- a/tests/integration/api_admin_actions_test.go
+++ b/tests/integration/api_admin_actions_test.go
@@ -376,7 +376,6 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		assert.Positive(t, registerRunnerResponse.ID)
 		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
 		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
-		assert.False(t, registerRunnerResponse.Ephemeral)
 
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
@@ -402,8 +401,6 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		var registerRunnerResponse *api.RegisterRunnerResponse
 		DecodeJSON(t, response, &registerRunnerResponse)
 
-		assert.True(t, registerRunnerResponse.Ephemeral)
-
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
 		assert.True(t, registeredRunner.Ephemeral)
diff --git a/tests/integration/api_org_actions_test.go b/tests/integration/api_org_actions_test.go
index f21723a751..35183306c2 100644
--- a/tests/integration/api_org_actions_test.go
+++ b/tests/integration/api_org_actions_test.go
@@ -250,7 +250,6 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		assert.Positive(t, registerRunnerResponse.ID)
 		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
 		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
-		assert.False(t, registerRunnerResponse.Ephemeral)
 
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
@@ -276,8 +275,6 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		var registerRunnerResponse *api.RegisterRunnerResponse
 		DecodeJSON(t, response, &registerRunnerResponse)
 
-		assert.True(t, registerRunnerResponse.Ephemeral)
-
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
 		assert.True(t, registeredRunner.Ephemeral)
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index 35cbc5d864..dfe33379d4 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -532,7 +532,6 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		assert.Positive(t, registerRunnerResponse.ID)
 		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
 		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
-		assert.False(t, registerRunnerResponse.Ephemeral)
 
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
@@ -559,8 +558,6 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		var registerRunnerResponse *api.RegisterRunnerResponse
 		DecodeJSON(t, response, &registerRunnerResponse)
 
-		assert.True(t, registerRunnerResponse.Ephemeral)
-
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
 		assert.True(t, registeredRunner.Ephemeral)
diff --git a/tests/integration/api_user_actions_test.go b/tests/integration/api_user_actions_test.go
index bdb763d5b2..304004659c 100644
--- a/tests/integration/api_user_actions_test.go
+++ b/tests/integration/api_user_actions_test.go
@@ -248,7 +248,6 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		assert.Positive(t, registerRunnerResponse.ID)
 		assert.Equal(t, gouuid.Version(4), gouuid.MustParse(registerRunnerResponse.UUID).Version())
 		assert.Regexp(t, "(?i)^[0-9a-f]{40}$", registerRunnerResponse.Token)
-		assert.False(t, registerRunnerResponse.Ephemeral)
 
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.ID, registeredRunner.ID)
@@ -274,8 +273,6 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		var registerRunnerResponse *api.RegisterRunnerResponse
 		DecodeJSON(t, response, &registerRunnerResponse)
 
-		assert.True(t, registerRunnerResponse.Ephemeral)
-
 		registeredRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{UUID: registerRunnerResponse.UUID})
 		assert.Equal(t, registerRunnerResponse.UUID, registeredRunner.UUID)
 		assert.True(t, registeredRunner.Ephemeral)

From a72d2c07cfca03b55371089de6aa230d8c951fa0 Mon Sep 17 00:00:00 2001
From: xtex <xtexchooser@duck.com>
Date: Wed, 18 Feb 2026 18:58:16 +0100
Subject: [PATCH 346/854] feat(ui): enable text auto-spacing (#11340)

See #11020

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11340
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Co-committed-by: xtex <xtexchooser@duck.com>
---
 web_src/css/base.css | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/web_src/css/base.css b/web_src/css/base.css
index a2837cf4f6..d023699a9d 100644
--- a/web_src/css/base.css
+++ b/web_src/css/base.css
@@ -76,6 +76,8 @@ body {
   flex-direction: column;
   overflow-x: visible;
   overflow-wrap: break-word;
+  text-autospace: normal;
+  text-spacing-trim: normal;
 }
 
 textarea {
@@ -89,6 +91,16 @@ samp {
   font-family: var(--fonts-monospace);
 }
 
+pre,
+code,
+kbd,
+samp,
+tt {
+  text-spacing: none;
+  text-autospace: initial;
+  text-spacing-trim: initial;
+}
+
 pre,
 code,
 kbd,

From 922ecda81f7064a06ad63639f455943a3fc85ed6 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 19 Feb 2026 04:23:56 +0100
Subject: [PATCH 347/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.7.0 (forgejo) (#11363)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.6.4` -> `v12.7.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.7.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.6.4/v12.7.0?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.7.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.7.0)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.6.4...v12.7.0)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1383): <!--number 1383 --><!--line 0 --><!--description ZmVhdDogaW50cm9kdWNlIHNlY3JldCBVUkxzIHRvIHJ1bm5lciBjb25maWd1cmF0aW9u-->feat: introduce secret URLs to runner configuration<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1380): <!--number 1380 --><!--line 0 --><!--description ZmVhdDogYWxsb3cgY29uZmlnIGBzZXJ2ZXIuY29ubmVjdGlvbnNgIGNvbmZpZyB0byBwb2xsIG11bHRpcGxlIEZvcmdlam8gc2VydmVycyBzaW11bHRhbmVvdXNseQ==-->feat: allow config `server.connections` config to poll multiple Forgejo servers simultaneously<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1378): <!--number 1378 --><!--line 0 --><!--description ZmVhdDogYWRkIGNvbm5lY3Rpb25zIHRvIFJ1bm5lciBjb25maWd1cmF0aW9u-->feat: add connections to Runner configuration<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1381): <!--number 1381 --><!--line 0 --><!--description Zml4OiBkbyBub3QgZW1pdCB3YXJuaW5ncyBpZiBtYXhfcmV0cmllcywgaW5pdGlhbF9kZWxheSBhcmUgYWJzZW50-->fix: do not emit warnings if max\_retries, initial\_delay are absent<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1375): <!--number 1375 --><!--line 0 --><!--description Zml4OiBlbnN1cmUgbG9nIGJ1ZmZlciBmbHVzaCBldmVuIGlmIGEgY29tbWFuZCBlcnJvciBvY2N1cnMgaW4gaG9zdCAmIGx4YyBleGVjdXRvcg==-->fix: ensure log buffer flush even if a command error occurs in host & lxc executor<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1371): <!--number 1371 --><!--line 0 --><!--description Zml4OiBraWxsIGNvbnRhaW5lcnMgZXhwbGljaXRseSwgbWFrZSBQb2RtYW4gYmVoYXZlIGxpa2UgRG9ja2Vy-->fix: kill containers explicitly, make Podman behave like Docker<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1367): <!--number 1367 --><!--line 0 --><!--description Zml4OiBwcmVtYXR1cmUgdGFzayBjb21wbGV0aW9uIHdoZW4gY2hhaW5pbmcgbXVsdGlwbGUgcmV1c2FibGUgd29ya2Zsb3dz-->fix: premature task completion when chaining multiple reusable workflows<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1359): <!--number 1359 --><!--line 0 --><!--description Zml4OiBwZXJtaXQgbGFyZ2VyIHNpbmdsZS1saW5lIG91dHB1dCBzaXplcyB0byBiZSBwYXJzZWQgZnJvbSBGT1JHRUpPX09VVFBVVCBmaWxl-->fix: permit larger single-line output sizes to be parsed from FORGEJO\_OUTPUT file<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1385): <!--number 1385 --><!--line 0 --><!--description cmVmYWN0b3I6IGludHJvZHVjZSBTdHJpbmcoKSBmb3IgTGFiZWw=-->refactor: introduce String() for Label<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1122): <!--number 1122 --><!--line 0 --><!--description aW50cm9kdWNpbmcgZXBoZW1lcmFsLXJ1bm5lcnM=-->introducing ephemeral-runners<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1377): <!--number 1377 --><!--line 0 --><!--description cmVmYWN0b3I6IHNlcGFyYXRlIENvbmZpZyBmcm9tIG9uLWRpc2sgZm9ybWF0-->refactor: separate Config from on-disk format<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1348): <!--number 1348 --><!--line 0 --><!--description dGVzdDogcnVuIGludGVncmF0aW9uIHRlc3RzIHdpdGggcm9vdGxlc3MgUG9kbWFu-->test: run integration tests with rootless Podman<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1364): <!--number 1364 --><!--line 0 --><!--description UHJlYWxsb2NhdGUgc3BhY2UgZm9yIHZhcmlhYmxlcyBpbiBydW5fY29udGV4dA==-->Preallocate space for variables in run\_context<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1373): <!--number 1373 --><!--line 0 --><!--description cmVmYWN0b3I6IHB1bGwgY2FjaGUgc2VydmVyIG1hbmFnZW1lbnQgb3V0IG9mIHJ1bm5lcg==-->refactor: pull cache server management out of runner<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1370): <!--number 1370 --><!--line 0 --><!--description dGVzdDogc2ltcGxpZnkgdGVzdCBvZiBzZXJ2aWNlIGhlYWx0aCBjaGVja3M=-->test: simplify test of service health checks<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1372): <!--number 1372 --><!--line 0 --><!--description cmVmYWN0b3I6IGFkZCAxLXRvLTEgY2xpZW50LXRvLXJ1bm5lciByZWxhdGlvbnNoaXAgaW50byBwb2xsZXI=-->refactor: add 1-to-1 client-to-runner relationship into poller<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1365): <!--number 1365 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTYuNQ==-->Update module github.com/go-git/go-git/v5 to v5.16.5<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1366): <!--number 1366 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvdGVybSB0byB2MC40MC4w-->Update module golang.org/x/term to v0.40.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1363): <!--number 1363 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvc3lzIHRvIHYwLjQxLjA=-->Update module golang.org/x/sys to v0.41.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1361): <!--number 1361 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9ydW5uZXIgRG9ja2VyIHRhZyB0byB2MTIuNi40-->Update data.forgejo.org/forgejo/runner Docker tag to v12.6.4<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1362): <!--number 1362 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjYuNA==-->Update dependency forgejo/runner to v12.6.4<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNS4xIiwidXBkYXRlZEluVmVyIjoiNDMuMTUuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11363
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 59f012e955..b1df258019 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.6.4
+	code.forgejo.org/forgejo/runner/v12 v12.7.0
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
@@ -175,7 +175,7 @@ require (
 	github.com/go-fed/httpsig v1.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.6.2 // indirect
-	github.com/go-git/go-git/v5 v5.16.4 // indirect
+	github.com/go-git/go-git/v5 v5.16.5 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-openapi/jsonpointer v0.22.4 // indirect
 	github.com/go-openapi/jsonreference v0.21.4 // indirect
diff --git a/go.sum b/go.sum
index daf745b019..6249342e01 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.6.4 h1:nhYj2wSj5BVKxcF0bRtMt/A9iGkxHPFJiIui+T/4mrc=
-code.forgejo.org/forgejo/runner/v12 v12.6.4/go.mod h1:34ATLtcxtOgjAJiINaJvBoNJiKpL1hGn0kt+gk+zdyk=
+code.forgejo.org/forgejo/runner/v12 v12.7.0 h1:yQWcSe6LQsb0a1iYAoxTXuquGW4cQNehy7870/fEmO0=
+code.forgejo.org/forgejo/runner/v12 v12.7.0/go.mod h1:es/tNTXl1C2tUYyoIwpe7tUL+5NUH58fSfGxUZ0Zloo=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=
@@ -284,8 +284,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
 github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
-github.com/go-git/go-git/v5 v5.16.4 h1:7ajIEZHZJULcyJebDLo99bGgS0jRrOxzZG4uCk2Yb2Y=
-github.com/go-git/go-git/v5 v5.16.4/go.mod h1:4Ge4alE/5gPs30F2H1esi2gPd69R0C39lolkucHBOp8=
+github.com/go-git/go-git/v5 v5.16.5 h1:mdkuqblwr57kVfXri5TTH+nMFLNUxIj9Z7F5ykFbw5s=
+github.com/go-git/go-git/v5 v5.16.5/go.mod h1:QOMLpNf1qxuSY4StA/ArOdfFR2TrKEjJiye2kel2m+M=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=

From 515b27707ee1a13234dc3d58620b11ea9b3ce6c2 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 19 Feb 2026 06:52:59 +0100
Subject: [PATCH 348/854] Update https://data.forgejo.org/actions/setup-forgejo
 action to v3.1.6 (forgejo) (#11359)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11359
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index a4a70f2478..a173a4f172 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -32,7 +32,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.4
+        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.6
         with:
           user: root
           password: admin1234

From 45db3c98a3d7c9c220f635f7d46e67d488030356 Mon Sep 17 00:00:00 2001
From: Antonin Delpeuch <antonin@delpeuch.eu>
Date: Fri, 20 Feb 2026 03:11:29 +0100
Subject: [PATCH 349/854] feat: link CI job to its defining workflow file
 (#11216)

Fixes #11036.

This adds a link from a CI run to the file that its workflow was taken from.

| Before | After |
|---------|---------|
| ![screenshot](/attachments/49741492-c98b-4a9a-b8bf-f6628698e008) | ![image](/attachments/8ec7dd76-d4ba-4f58-a63a-dd7886e16aae) |

Before:
* the `test.yml` link points to the list of other runs (`/org123/repo2/actions?workflow=test.yml`)

After:
* the `test.yml` link points to the workflow definition (`/org123/repo2/src/commit/55b048363c8cfa7d9e8b5cade5c75681bd0c7328/.forgejo/workflows/test.yml`)
* the `all runs` link points to the list of other runs (`/org123/repo2/actions?workflow=test.yml`)

I have tried to retain the existing link to the list of workflow runs (moving it to a separate link), but I am not sure if this link should be retained at all and if so how.

## Checklist

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11216): <!--number 11216 --><!--line 0 --><!--description bGluayBDSSBqb2IgdG8gaXRzIGRlZmluaW5nIHdvcmtmbG93IGZpbGU=-->link CI job to its defining workflow file<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11216
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
---
 models/actions/run.go                        | 8 ++++++++
 models/actions/run_test.go                   | 8 ++++++++
 options/locale_next/locale_en-US.json        | 1 +
 routers/web/repo/actions/view.go             | 3 +++
 routers/web/repo/actions/view_test.go        | 1 +
 templates/repo/actions/view.tmpl             | 1 +
 tests/e2e/actions.test.e2e.ts                | 8 ++++++++
 tests/integration/actions_view_test.go       | 4 ++--
 web_src/js/components/RepoActionView.test.js | 1 +
 web_src/js/components/RepoActionView.vue     | 7 ++++++-
 web_src/js/features/repo-action-view.ts      | 1 +
 11 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/models/actions/run.go b/models/actions/run.go
index f411c5d5e5..c4e4a40eb2 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -104,6 +104,14 @@ func (run *ActionRun) Link() string {
 	return fmt.Sprintf("%s/actions/runs/%d", run.Repo.Link(), run.Index)
 }
 
+// WorkflowPath returns the path in the git repo to the workflow file that this run was based on
+func (run *ActionRun) WorkflowPath() string {
+	if run.WorkflowDirectory == "" {
+		return run.WorkflowID
+	}
+	return run.WorkflowDirectory + "/" + run.WorkflowID
+}
+
 // RefLink return the url of run's ref
 func (run *ActionRun) RefLink() string {
 	refName := git.RefName(run.Ref)
diff --git a/models/actions/run_test.go b/models/actions/run_test.go
index e3e2bd46ad..f027512c75 100644
--- a/models/actions/run_test.go
+++ b/models/actions/run_test.go
@@ -45,6 +45,14 @@ func TestSetDefaultConcurrencyGroup(t *testing.T) {
 	assert.Equal(t, "refs/heads/main_testing_pull_request__auto", run.ConcurrencyGroup)
 }
 
+func TestGetWorkflowPath(t *testing.T) {
+	run := ActionRun{
+		WorkflowID:        "ci.yml",
+		WorkflowDirectory: ".some/path/to/workflows",
+	}
+	assert.Equal(t, ".some/path/to/workflows/ci.yml", run.WorkflowPath())
+}
+
 func TestRepoNumOpenActions(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	err := cache.Init()
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 8127dbf4b9..9bd18cd565 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -462,6 +462,7 @@
 	"actions.runs.status_no_select": "All status",
 	"actions.runs.no_results": "No results matched.",
 	"actions.runs.no_workflows": "There are no workflows yet.",
+	"actions.runs.all_runs_link": "all runs",
 	"actions.workflow.job_parsing_error": "Unable to parse jobs in workflow: %v",
 	"actions.workflow.event_detection_error": "Unable to parse supported events in workflow: %v",
 	"actions.workflow.persistent_incomplete_matrix": "Unable to evaluate `strategy.matrix` of job %[1]s due to a `needs` expression that was invalid. It may reference a job that is not in it's 'needs' list (%[2]s), or an output that doesn't exist on one of those jobs.",
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index 68466ee848..caa35d37be 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -82,6 +82,7 @@ func View(ctx *app_context.Context) {
 	ctx.Data["AttemptNumber"] = attemptNumber
 	ctx.Data["WorkflowName"] = workflowName
 	ctx.Data["WorkflowURL"] = ctx.Repo.RepoLink + "/actions?workflow=" + workflowName
+	ctx.Data["WorkflowSourceURL"] = ctx.Repo.RepoLink + "/src/commit/" + job.Run.CommitSHA + "/" + job.Run.WorkflowPath()
 
 	viewResponse := getViewResponse(ctx, &ViewRequest{}, runIndex, jobIndex, attemptNumber)
 	if ctx.Written() {
@@ -205,6 +206,7 @@ type ViewCommit struct {
 	LocaleCommit   string     `json:"localeCommit"`
 	LocalePushedBy string     `json:"localePushedBy"`
 	LocaleWorkflow string     `json:"localeWorkflow"`
+	LocaleAllRuns  string     `json:"localeAllRuns"`
 	ShortSha       string     `json:"shortSHA"`
 	Link           string     `json:"link"`
 	Pusher         ViewUser   `json:"pusher"`
@@ -333,6 +335,7 @@ func getViewResponse(ctx *app_context.Context, req *ViewRequest, runIndex, jobIn
 		LocaleCommit:   ctx.Locale.TrString("actions.runs.commit"),
 		LocalePushedBy: ctx.Locale.TrString("actions.runs.pushed_by"),
 		LocaleWorkflow: ctx.Locale.TrString("actions.runs.workflow"),
+		LocaleAllRuns:  ctx.Locale.TrString("actions.runs.all_runs_link"),
 		ShortSha:       base.ShortSha(run.CommitSHA),
 		Link:           fmt.Sprintf("%s/commit/%s", run.Repo.Link(), run.CommitSHA),
 		Pusher:         pusher,
diff --git a/routers/web/repo/actions/view_test.go b/routers/web/repo/actions/view_test.go
index 48ebdf4cdc..c636570c7e 100644
--- a/routers/web/repo/actions/view_test.go
+++ b/routers/web/repo/actions/view_test.go
@@ -168,6 +168,7 @@ func baseExpectedViewResponse() *ViewResponse {
 					LocaleCommit:   "actions.runs.commit",
 					LocalePushedBy: "actions.runs.pushed_by",
 					LocaleWorkflow: "actions.runs.workflow",
+					LocaleAllRuns:  "actions.runs.all_runs_link",
 					ShortSha:       "c2d72f5484",
 					Link:           "/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0",
 					Pusher: ViewUser{
diff --git a/templates/repo/actions/view.tmpl b/templates/repo/actions/view.tmpl
index 6adc91417c..04aced83d1 100644
--- a/templates/repo/actions/view.tmpl
+++ b/templates/repo/actions/view.tmpl
@@ -10,6 +10,7 @@
 		data-actions-url="{{.ActionsURL}}"
 		data-workflow-name="{{.WorkflowName}}"
 		data-workflow-url="{{.WorkflowURL}}"
+		data-workflow-source-url="{{.WorkflowSourceURL}}"
 		data-initial-post-response="{{.InitialData}}"
 		data-initial-artifacts-response="{{.InitialArtifactsData}}"
 		data-locale-approve="{{ctx.Locale.Tr "repo.pulls.poster_manage_approval"}}"
diff --git a/tests/e2e/actions.test.e2e.ts b/tests/e2e/actions.test.e2e.ts
index 8981d037d3..97af63dd54 100644
--- a/tests/e2e/actions.test.e2e.ts
+++ b/tests/e2e/actions.test.e2e.ts
@@ -126,6 +126,14 @@ test('workflow dispatch box not available for unauthenticated users', async ({pa
   await screenshot(page, page.locator('div.ui.container').filter({hasText: 'All workflows'}));
 });
 
+test('job run links to its defining file and all other runs from the same file', async ({page}) => {
+  await page.goto('/user2/test_workflows/actions/runs/1');
+  await expect(page.locator('.action-summary a').getByText('test-dispatch.yml', {exact: true}))
+    .toHaveAttribute('href', '/user2/test_workflows/src/commit/774f93df12d14931ea93259ae93418da4482fcc1/.forgejo/workflows/test-dispatch.yml');
+  await expect(page.locator('.action-summary a').getByText('all runs', {exact: true}))
+    .toHaveAttribute('href', '/user2/test_workflows/actions?workflow=test-dispatch.yml');
+});
+
 async function completeDynamicRefresh(page: Page) {
   // Ensure that the reloading indicator isn't active, indicating that dynamic refresh is done.
   await expect(page.locator('#reloading-indicator')).not.toHaveClass(/(^|\s)is-loading(\s|$)/);
diff --git a/tests/integration/actions_view_test.go b/tests/integration/actions_view_test.go
index b3f40f17ff..6314ce1e4f 100644
--- a/tests/integration/actions_view_test.go
+++ b/tests/integration/actions_view_test.go
@@ -153,7 +153,7 @@ func TestActionViewsView(t *testing.T) {
 		re = regexp.MustCompile(pattern)
 		actualClean = re.ReplaceAllString(actualClean, `"time_since_started_html":"_time_"`)
 
-		return assert.JSONEq(t, "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/187\",\"title\":\"update actions\",\"titleHTML\":\"update actions\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":true,\"jobs\":[{\"id\":192,\"name\":\"job_2\",\"status\":\"success\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeCommit\":\"Commit\",\"localePushedBy\":\"pushed by\",\"localeWorkflow\":\"Workflow\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Success\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"success\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"success\"}],\"allAttempts\":[{\"number\":3,\"time_since_started_html\":\"_time_\",\"status\":\"running\",\"status_diagnostics\":[\"Running\"]},{\"number\":2,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]},{\"number\":1,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]}]}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
+		return assert.JSONEq(t, "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/187\",\"title\":\"update actions\",\"titleHTML\":\"update actions\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":true,\"jobs\":[{\"id\":192,\"name\":\"job_2\",\"status\":\"success\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeCommit\":\"Commit\",\"localePushedBy\":\"pushed by\",\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Success\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"success\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"success\"}],\"allAttempts\":[{\"number\":3,\"time_since_started_html\":\"_time_\",\"status\":\"running\",\"status_diagnostics\":[\"Running\"]},{\"number\":2,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]},{\"number\":1,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]}]}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
 	})
 	htmlDoc.AssertAttrEqual(t, selector, "data-initial-artifacts-response", "{\"artifacts\":[{\"name\":\"multi-file-download\",\"size\":2048,\"status\":\"completed\"}]}\n")
 }
@@ -185,7 +185,7 @@ func TestActionViewsViewAttemptOutOfRange(t *testing.T) {
 		re = regexp.MustCompile(pattern)
 		actualClean = re.ReplaceAllString(actualClean, `"time_since_started_html":"_time_"`)
 
-		return assert.JSONEq(t, "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/190\",\"title\":\"job output\",\"titleHTML\":\"job output\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":false,\"jobs\":[{\"id\":396,\"name\":\"job_2\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeCommit\":\"Commit\",\"localePushedBy\":\"pushed by\",\"localeWorkflow\":\"Workflow\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"test\",\"link\":\"/user5/repo4/src/branch/test\",\"isDeleted\":true}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Waiting for a runner with the following label: fedora\"],\"steps\":[],\"allAttempts\":null}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
+		return assert.JSONEq(t, "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/190\",\"title\":\"job output\",\"titleHTML\":\"job output\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":false,\"jobs\":[{\"id\":396,\"name\":\"job_2\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeCommit\":\"Commit\",\"localePushedBy\":\"pushed by\",\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"test\",\"link\":\"/user5/repo4/src/branch/test\",\"isDeleted\":true}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Waiting for a runner with the following label: fedora\"],\"steps\":[],\"allAttempts\":null}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
 	})
 	htmlDoc.AssertAttrEqual(t, selector, "data-initial-artifacts-response", "{\"artifacts\":[]}\n")
 }
diff --git a/web_src/js/components/RepoActionView.test.js b/web_src/js/components/RepoActionView.test.js
index db6c4035e8..12c201916f 100644
--- a/web_src/js/components/RepoActionView.test.js
+++ b/web_src/js/components/RepoActionView.test.js
@@ -65,6 +65,7 @@ const defaultTestProps = {
   locale: testLocale,
   workflowName: 'workflow name',
   workflowURL: 'https://example.com/example-org/example-repo/actions?workflow=test.yml',
+  workflowSourceURL: 'https://example.com/example-org/example-repo/src/commit/023babec384/.forgejo/workflows/test.yml',
 };
 
 test('load multiple steps on a finished action', async () => {
diff --git a/web_src/js/components/RepoActionView.vue b/web_src/js/components/RepoActionView.vue
index 9e9fe81ab8..3b44cee907 100644
--- a/web_src/js/components/RepoActionView.vue
+++ b/web_src/js/components/RepoActionView.vue
@@ -49,6 +49,10 @@ export default {
       type: String,
       required: true,
     },
+    workflowSourceURL: {
+      type: String,
+      required: true,
+    },
     locale: {
       type: Object,
       required: true,
@@ -96,6 +100,7 @@ export default {
           localeCommit: '',
           localePushedBy: '',
           localeWorkflow: '',
+          localeAllRuns: '',
           shortSHA: '',
           link: '',
           pusher: {
@@ -488,7 +493,7 @@ export default {
       </div>
       <div class="action-summary">
         {{ run.commit.localeWorkflow }}
-        <a class="muted" :href="workflowURL">{{ workflowName }}</a>
+        <a class="muted" :href="workflowSourceURL">{{ workflowName }}</a> <span>(<a class="muted" :href="workflowURL">{{ run.commit.localeAllRuns }}</a>)</span>
       </div>
       <div class="ui error message pre-execution-error" v-if="run.preExecutionError">
         <div class="header">
diff --git a/web_src/js/features/repo-action-view.ts b/web_src/js/features/repo-action-view.ts
index a85ec4e01a..946927bf06 100644
--- a/web_src/js/features/repo-action-view.ts
+++ b/web_src/js/features/repo-action-view.ts
@@ -24,6 +24,7 @@ export async function initRepositoryActionView() {
     actionsURL: el.getAttribute('data-actions-url'),
     workflowName: el.getAttribute('data-workflow-name'),
     workflowURL: el.getAttribute('data-workflow-url'),
+    workflowSourceURL: el.getAttribute('data-workflow-source-url'),
     locale: {
       approve: el.getAttribute('data-locale-approve'),
       cancel: el.getAttribute('data-locale-cancel'),

From 87a06633ea275ab6027acde5c7d9a79fef7d1b70 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Fri, 20 Feb 2026 08:11:14 +0100
Subject: [PATCH 350/854] Update dependency forgejo/release-notes-assistant to
 v1.6.0 (forgejo) (#11376)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11376
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/release-notes-assistant-milestones.yml | 2 +-
 .forgejo/workflows/release-notes-assistant.yml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index 34b1d8e326..988dc2bf87 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -6,7 +6,7 @@ on:
 
 env:
   RNA_WORKDIR: /srv/rna
-  RNA_VERSION: v1.5.2 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.6.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index 49534b4b96..8a0dc8617b 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -8,7 +8,7 @@ on:
       - labeled
 
 env:
-  RNA_VERSION: v1.5.2 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.6.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:

From 9f3ab71647a87e1075493f0d6fde4615b1e4361b Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 21 Feb 2026 11:39:31 +0100
Subject: [PATCH 351/854] Replace Node.js with data.forgejo.org/oci/node
 24-trixie (forgejo) (#11384)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11384
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 .forgejo/workflows/backport.yml                  |  2 +-
 .forgejo/workflows/cascade-setup-end-to-end.yml  |  2 +-
 .../workflows/forgejo-integration-cleanup.yml    |  2 +-
 .forgejo/workflows/merge-requirements.yml        |  2 +-
 .forgejo/workflows/mirror.yml                    |  2 +-
 .forgejo/workflows/testing-integration.yml       |  6 +++---
 .forgejo/workflows/testing.yml                   | 16 ++++++++--------
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.forgejo/workflows/backport.yml b/.forgejo/workflows/backport.yml
index 56956c4641..60dbc72006 100644
--- a/.forgejo/workflows/backport.yml
+++ b/.forgejo/workflows/backport.yml
@@ -40,7 +40,7 @@ jobs:
       )
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
     steps:
       - name: event info
         run: |
diff --git a/.forgejo/workflows/cascade-setup-end-to-end.yml b/.forgejo/workflows/cascade-setup-end-to-end.yml
index 36b464d9f3..1686c301f0 100644
--- a/.forgejo/workflows/cascade-setup-end-to-end.yml
+++ b/.forgejo/workflows/cascade-setup-end-to-end.yml
@@ -35,7 +35,7 @@ jobs:
       )
     runs-on: docker
     container:
-      image: data.forgejo.org/oci/node:24-bookworm
+      image: data.forgejo.org/oci/node:24-trixie
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
         with:
diff --git a/.forgejo/workflows/forgejo-integration-cleanup.yml b/.forgejo/workflows/forgejo-integration-cleanup.yml
index 63a5632bfa..1629044cfc 100644
--- a/.forgejo/workflows/forgejo-integration-cleanup.yml
+++ b/.forgejo/workflows/forgejo-integration-cleanup.yml
@@ -9,7 +9,7 @@ jobs:
     if: vars.ROLE == 'forgejo-integration'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
     steps:
 
       - name: apt install curl jq
diff --git a/.forgejo/workflows/merge-requirements.yml b/.forgejo/workflows/merge-requirements.yml
index 2e4d84b54e..7128d59b00 100644
--- a/.forgejo/workflows/merge-requirements.yml
+++ b/.forgejo/workflows/merge-requirements.yml
@@ -17,7 +17,7 @@ jobs:
       vars.ROLE == 'forgejo-coding' && forge.event.pull_request.head.repo.full_name != 'forgejo-cascading-pr/forgejo'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
     steps:
       - name: Debug output
         run: |
diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml
index 29aa73dceb..7e79c0dae0 100644
--- a/.forgejo/workflows/mirror.yml
+++ b/.forgejo/workflows/mirror.yml
@@ -11,7 +11,7 @@ jobs:
     if: ${{ secrets.MIRROR_TOKEN != '' }}
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
     steps:
       - name: git push {v*/,}forgejo
         run: |
diff --git a/.forgejo/workflows/testing-integration.yml b/.forgejo/workflows/testing-integration.yml
index 85351af08c..35caa2eecd 100644
--- a/.forgejo/workflows/testing-integration.yml
+++ b/.forgejo/workflows/testing-integration.yml
@@ -31,7 +31,7 @@ jobs:
     if: vars.ROLE == 'forgejo-integration'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
@@ -50,7 +50,7 @@ jobs:
     if: vars.ROLE == 'forgejo-integration'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
@@ -75,7 +75,7 @@ jobs:
       matrix:
         version: ['10.6', '11.8']
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     services:
       mysql:
diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index f9cce74258..e601fe30b5 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -14,7 +14,7 @@ jobs:
     if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - name: event info
@@ -33,7 +33,7 @@ jobs:
     if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
@@ -68,7 +68,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     services:
       elasticsearch:
@@ -158,7 +158,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks, test-unit]
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     name: ${{ format('test-remote-cacher ({0})', matrix.cacher.name) }}
     strategy:
@@ -202,7 +202,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     services:
       mysql:
@@ -233,7 +233,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     services:
       minio:
@@ -273,7 +273,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
@@ -301,7 +301,7 @@ jobs:
       - test-remote-cacher
       - test-unit
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6

From 9df957ec16d17503142a80399ab5f351ccc725b8 Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Sat, 21 Feb 2026 11:40:45 +0100
Subject: [PATCH 352/854] Update dependency minimatch to v10.2.1 (forgejo)
 (#11388)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11388
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 88 ++++++++++++++++++++++++++++++++++++++++++++---
 package.json      |  2 +-
 2 files changed, 84 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3e4e87286a..3f60a489a2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -57,7 +57,7 @@
         "katex": "0.16.27",
         "mermaid": "11.12.2",
         "mini-css-extract-plugin": "2.10.0",
-        "minimatch": "10.1.1",
+        "minimatch": "10.2.1",
         "pdfobject": "2.3.0",
         "postcss": "8.5.6",
         "postcss-loader": "8.2.1",
@@ -2230,6 +2230,7 @@
       "version": "4.0.1",
       "resolved": "https://registry.npmjs.org/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz",
       "integrity": "sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==",
+      "dev": true,
       "license": "MIT",
       "engines": {
         "node": "20 || >=22"
@@ -2239,6 +2240,7 @@
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/@isaacs/brace-expansion/-/brace-expansion-5.0.0.tgz",
       "integrity": "sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==",
+      "dev": true,
       "license": "MIT",
       "dependencies": {
         "@isaacs/balanced-match": "^4.0.1"
@@ -8201,6 +8203,22 @@
         "eslint": "^8.0.0 || ^9.0.0"
       }
     },
+    "node_modules/eslint-plugin-sonarjs/node_modules/minimatch": {
+      "version": "10.1.1",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.1.tgz",
+      "integrity": "sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "@isaacs/brace-expansion": "^5.0.0"
+      },
+      "engines": {
+        "node": "20 || >=22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
     "node_modules/eslint-plugin-toml": {
       "version": "0.13.1",
       "resolved": "https://registry.npmjs.org/eslint-plugin-toml/-/eslint-plugin-toml-0.13.1.tgz",
@@ -10955,6 +10973,29 @@
         "node": ">=20"
       }
     },
+    "node_modules/markdownlint-cli/node_modules/balanced-match": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.3.tgz",
+      "integrity": "sha512-1pHv8LX9CpKut1Zp4EXey7Z8OfH11ONNH6Dhi2WDUt31VVZFXZzKwXcysBgqSumFCmR+0dqjMK5v5JiFHzi0+g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
+    "node_modules/markdownlint-cli/node_modules/brace-expansion": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.2.tgz",
+      "integrity": "sha512-Pdk8c9poy+YhOgVWw1JNN22/HcivgKWwpxKq04M/jTmHyCZn12WPJebZxdjSa5TmBqISrUSgNYU3eRORljfCCw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^4.0.2"
+      },
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
     "node_modules/markdownlint-cli/node_modules/commander": {
       "version": "14.0.2",
       "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.2.tgz",
@@ -10982,6 +11023,22 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/markdownlint-cli/node_modules/minimatch": {
+      "version": "10.1.3",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.3.tgz",
+      "integrity": "sha512-IF6URNyBX7Z6XfvjpaNy5meRxPZiIf2OqtOoSLs+hLJ9pJAScnM1RjrFcbCaD85y42KcI+oZmKjFIJKYDFjQfg==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "brace-expansion": "^5.0.2"
+      },
+      "engines": {
+        "node": "20 || >=22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
     "node_modules/markdownlint/node_modules/ansi-regex": {
       "version": "6.2.2",
       "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
@@ -11734,12 +11791,12 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "10.1.1",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.1.tgz",
-      "integrity": "sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==",
+      "version": "10.2.1",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.1.tgz",
+      "integrity": "sha512-MClCe8IL5nRRmawL6ib/eT4oLyeKMGCghibcDWK+J0hh0Q8kqSdia6BvbRMVk6mPa6WqUa5uR2oxt6C5jd533A==",
       "license": "BlueOak-1.0.0",
       "dependencies": {
-        "@isaacs/brace-expansion": "^5.0.0"
+        "brace-expansion": "^5.0.2"
       },
       "engines": {
         "node": "20 || >=22"
@@ -11748,6 +11805,27 @@
         "url": "https://github.com/sponsors/isaacs"
       }
     },
+    "node_modules/minimatch/node_modules/balanced-match": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.3.tgz",
+      "integrity": "sha512-1pHv8LX9CpKut1Zp4EXey7Z8OfH11ONNH6Dhi2WDUt31VVZFXZzKwXcysBgqSumFCmR+0dqjMK5v5JiFHzi0+g==",
+      "license": "MIT",
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
+    "node_modules/minimatch/node_modules/brace-expansion": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.2.tgz",
+      "integrity": "sha512-Pdk8c9poy+YhOgVWw1JNN22/HcivgKWwpxKq04M/jTmHyCZn12WPJebZxdjSa5TmBqISrUSgNYU3eRORljfCCw==",
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^4.0.2"
+      },
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
     "node_modules/minimist": {
       "version": "1.2.8",
       "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
diff --git a/package.json b/package.json
index 24bfb69d20..733ffaa36e 100644
--- a/package.json
+++ b/package.json
@@ -56,7 +56,7 @@
     "katex": "0.16.27",
     "mermaid": "11.12.2",
     "mini-css-extract-plugin": "2.10.0",
-    "minimatch": "10.1.1",
+    "minimatch": "10.2.1",
     "pdfobject": "2.3.0",
     "postcss": "8.5.6",
     "postcss-loader": "8.2.1",

From 8776ee2491a3be4b0ddff9171d0a157766304c0a Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Sat, 21 Feb 2026 14:47:55 +0100
Subject: [PATCH 353/854] chore(renovate): prepare for operator (#11392)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11392
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 renovate.json => .forgejo/renovate.json |  0
 .forgejo/workflows/renovate.yml         | 79 -------------------------
 Makefile                                |  2 +-
 3 files changed, 1 insertion(+), 80 deletions(-)
 rename renovate.json => .forgejo/renovate.json (100%)
 delete mode 100644 .forgejo/workflows/renovate.yml

diff --git a/renovate.json b/.forgejo/renovate.json
similarity index 100%
rename from renovate.json
rename to .forgejo/renovate.json
diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
deleted file mode 100644
index b5bc5001a7..0000000000
--- a/.forgejo/workflows/renovate.yml
+++ /dev/null
@@ -1,79 +0,0 @@
-#
-# Runs every 2 hours, but Renovate is limited to create new PR before 4am.
-# See renovate.json for more settings.
-# Automerge is enabled for Renovate PR's but need to be approved before.
-#
-name: renovate
-
-on:
-  push:
-    branches:
-      - renovate/** # self-test updates
-    paths:
-      - .forgejo/workflows/renovate.yml
-  schedule:
-    - cron: '0 0/2 * * *'
-  workflow_dispatch:
-
-env:
-  RENOVATE_DRY_RUN: ${{ (github.event_name != 'schedule' && github.ref_name != github.event.repository.default_branch) && 'full' || '' }}
-  RENOVATE_REPOSITORIES: ${{ github.repository }}
-  # fix because 10.0.0-58-7e1df53+gitea-1.22.0 < 10.0.0 for semver
-  # and codeberg api returns such versions from `git describe --tags`
-  # RENOVATE_X_PLATFORM_VERSION: 10.0.0+gitea-1.22.0 currently not needed
-
-jobs:
-  renovate:
-    if: vars.ROLE == 'forgejo-coding' && secrets.RENOVATE_TOKEN != ''
-
-    runs-on: docker
-    container:
-      image: data.forgejo.org/renovate/renovate:43.15.1
-
-    steps:
-      - name: Load renovate repo cache
-        uses: https://data.forgejo.org/actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
-        with:
-          path: |
-            .tmp/cache/renovate/repository
-            .tmp/cache/renovate/renovate-cache-sqlite
-            .tmp/osv
-          key: repo-cache-${{ github.run_id }}
-          restore-keys: |
-            repo-cache-
-
-      - name: Run renovate
-        run: renovate
-        env:
-          GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
-          LOG_LEVEL: debug
-          RENOVATE_BASE_DIR: ${{ github.workspace }}/.tmp
-          RENOVATE_ENDPOINT: ${{ github.server_url }}
-          RENOVATE_PLATFORM: forgejo
-          RENOVATE_REPOSITORY_CACHE: 'enabled'
-          RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
-          RENOVATE_GIT_AUTHOR: 'Renovate Bot <forgejo-renovate-action@forgejo.org>'
-          RENOVATE_CONFIG_FILE_NAMES: '[".forgejo/renovate.json"]'
-
-          RENOVATE_X_SQLITE_PACKAGE_CACHE: true
-
-          GIT_AUTHOR_NAME: 'Renovate Bot'
-          GIT_AUTHOR_EMAIL: 'forgejo-renovate-action@forgejo.org'
-          GIT_COMMITTER_NAME: 'Renovate Bot'
-          GIT_COMMITTER_EMAIL: 'forgejo-renovate-action@forgejo.org'
-
-          OSV_OFFLINE_ROOT_DIR: ${{ github.workspace }}/.tmp/osv
-
-          # use direct connection for these domains for renovate go datasource instead of the go proxy
-          # allows faster lookups
-          GONOPROXY: code.forgejo.org
-
-      - name: Save renovate repo cache
-        if: always() && env.RENOVATE_DRY_RUN != 'full'
-        uses: https://data.forgejo.org/actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
-        with:
-          path: |
-            .tmp/cache/renovate/repository
-            .tmp/cache/renovate/renovate-cache-sqlite
-            .tmp/osv
-          key: repo-cache-${{ github.run_id }}
diff --git a/Makefile b/Makefile
index 99670829bb..b642156c23 100644
--- a/Makefile
+++ b/Makefile
@@ -465,7 +465,7 @@ lint-swagger: node_modules
 
 .PHONY: lint-renovate
 lint-renovate: node_modules
-	npx --yes --package $(RENOVATE_NPM_PACKAGE) -- renovate-config-validator > .lint-renovate 2>&1 || true
+	npx --yes --package $(RENOVATE_NPM_PACKAGE) -- renovate-config-validator --no-global .forgejo/renovate.json > .lint-renovate 2>&1 || true
 	@if grep --quiet --extended-regexp -e '^( ERROR:)' .lint-renovate ; then cat .lint-renovate ; rm .lint-renovate ; exit 1 ; fi
 	@rm .lint-renovate
 

From d4951968f0abbee8c614acec648240c4b25e7ec7 Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Sun, 22 Feb 2026 05:11:22 +0100
Subject: [PATCH 354/854] fix: ensure actions logs are transferred when a task
 is done (#10008)

Logs moving out of the database to the filesystem (actions_module.TransferLogsAndUpdateLogInStorage)
did not happen in the following cases:

- the runner does not send an UpdateLog message with NoMore == true
- StopTask is called (canceling from the web.UI, canceling a scheduled
  task)

This is fixed by consistently calling actions_service.TransferLogsAndUpdateLogInStorage when
a task is completed by:

- UpdateTaskByState if it concludes with Status.IsDone
- StopTask

Test coverage exists at:

- TestActionsDownloadTaskLogs
  will fail if UpdateTaskByState does not call TransferLogsAndUpdateLogInStorage when
  when task.Status.IsDone()
  stat .../tests/integration/gitea-integration-sqlite/data/actions_log/user2/actions-download-task-logs/48/72.log.zst: no such file or directory
- TestActionNowDoneNotification
  will fail if StopTask returns on error when calling TransferLogsAndUpdateLogInStorage
  Error Trace:	.../tests/integration/actions_run_now_done_notification_test.go:142

Refs https://codeberg.org/forgejo/forgejo/issues/9999

---

Note on backporting: it cannot be easily backported to v11.0 because it would require a more involved backport to untangle circular dependencies. It is also not essential in the context of https://codeberg.org/forgejo/forgejo/issues/9999 for instances being polluted by logs that stay in the database. The new [cron job](https://codeberg.org/forgejo/forgejo/pulls/10009) that disposes of them will take care of those daily and they will not be growing the database indefinitely.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10008): <!--number 10008 --><!--line 0 --><!--description ZW5zdXJlIGFjdGlvbnMgbG9ncyBhcmUgdHJhbnNmZXJyZWQgd2hlbiBhIHRhc2sgaXMgZG9uZQ==-->ensure actions logs are transferred when a task is done<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10008
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
---
 routers/api/actions/runner/runner.go | 14 +-------------
 services/actions/clear_tasks.go      | 13 -------------
 services/actions/task.go             |  8 +++++++-
 3 files changed, 8 insertions(+), 27 deletions(-)

diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go
index e0bd8f3d8d..b36284e604 100644
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -312,21 +312,9 @@ func (s *Service) UpdateLog(
 
 	res.Msg.AckIndex = task.LogLength
 
-	var remove func()
-	if req.Msg.NoMore {
-		task.LogInStorage = true
-		remove, err = actions.TransferLogs(ctx, task.LogFilename)
-		if err != nil {
-			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("transfer logs: %w", err))
-		}
-	}
-
-	if err := actions_model.UpdateTask(ctx, task, "log_indexes", "log_length", "log_size", "log_in_storage"); err != nil {
+	if err := actions_model.UpdateTask(ctx, task, "log_indexes", "log_length", "log_size"); err != nil {
 		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("update task: %w", err))
 	}
-	if remove != nil {
-		remove()
-	}
 
 	return res, nil
 }
diff --git a/services/actions/clear_tasks.go b/services/actions/clear_tasks.go
index 507659d085..d597ad313b 100644
--- a/services/actions/clear_tasks.go
+++ b/services/actions/clear_tasks.go
@@ -10,7 +10,6 @@ import (
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
-	"forgejo.org/modules/actions"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
@@ -54,18 +53,6 @@ func stopTasks(ctx context.Context, opts actions_model.FindTaskOptions) error {
 			log.Warn("Cannot stop task %v: %v", task.ID, err)
 			continue
 		}
-
-		remove, err := actions.TransferLogs(ctx, task.LogFilename)
-		if err != nil {
-			log.Warn("Cannot transfer logs of task %v: %v", task.ID, err)
-			continue
-		}
-		task.LogInStorage = true
-		if err := actions_model.UpdateTask(ctx, task, "log_in_storage"); err != nil {
-			log.Warn("Cannot update task %v: %v", task.ID, err)
-			continue
-		}
-		remove()
 	}
 
 	CreateCommitStatus(ctx, jobs...)
diff --git a/services/actions/task.go b/services/actions/task.go
index 34b838f2a3..ddc35d6921 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -208,7 +208,7 @@ func StopTask(ctx context.Context, taskID int64, status actions_model.Status) er
 		}
 	}
 
-	return nil
+	return TransferLogsAndUpdateLogInStorage(ctx, task)
 }
 
 // UpdateTaskByState updates the task by the state.
@@ -264,6 +264,12 @@ func UpdateTaskByState(ctx context.Context, runnerID int64, state *runnerv1.Task
 		}
 	}
 
+	if task.Status.IsDone() {
+		if err := TransferLogsAndUpdateLogInStorage(ctx, task); err != nil {
+			return nil, err
+		}
+	}
+
 	if err := task.LoadAttributes(ctx); err != nil {
 		return nil, err
 	}

From 5486bfa535b8b87858141a84698560a0d5cf01b9 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 22 Feb 2026 22:31:04 +0100
Subject: [PATCH 355/854] Revert "Replace Node.js with
 data.forgejo.org/oci/node 24-trixie (forgejo) (#11384)" (#11406)

This reverts commit 9f3ab71647a87e1075493f0d6fde4615b1e4361b.

cascade-setup-end-to-end no longer works after this was merged: https://codeberg.org/forgejo/forgejo/actions/runs/140733/jobs/0/attempt/2

```
/var/run/act/actions/69/9e734ffd2a2ec8ed9c2f818ed272523f52007304147edf2d7efae8d6e0c3a5/cascading-pr.sh:26: repo_curl:  forgejo-curl.sh api_json https://codeberg.org/api/v1/repos/forgejo/forgejo/pulls/11401
curl: option -H: error encountered when reading a file
curl: try 'curl --help' or 'curl --manual' for more information
/var/run/act/actions/69/9e734ffd2a2ec8ed9c2f818ed272523f52007304147edf2d7efae8d6e0c3a5/cascading-pr.sh:1: pr_get_origin:  rm -fr /tmp/tmp.nZPEP759PH
fail /var/run/act/actions/69/9e734ffd2a2ec8ed9c2f818ed272523f52007304147edf2d7efae8d6e0c3a5/cascading-pr.sh
```

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11406
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .forgejo/workflows/backport.yml                  |  2 +-
 .forgejo/workflows/cascade-setup-end-to-end.yml  |  2 +-
 .../workflows/forgejo-integration-cleanup.yml    |  2 +-
 .forgejo/workflows/merge-requirements.yml        |  2 +-
 .forgejo/workflows/mirror.yml                    |  2 +-
 .forgejo/workflows/testing-integration.yml       |  6 +++---
 .forgejo/workflows/testing.yml                   | 16 ++++++++--------
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/.forgejo/workflows/backport.yml b/.forgejo/workflows/backport.yml
index 60dbc72006..56956c4641 100644
--- a/.forgejo/workflows/backport.yml
+++ b/.forgejo/workflows/backport.yml
@@ -40,7 +40,7 @@ jobs:
       )
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
     steps:
       - name: event info
         run: |
diff --git a/.forgejo/workflows/cascade-setup-end-to-end.yml b/.forgejo/workflows/cascade-setup-end-to-end.yml
index 1686c301f0..36b464d9f3 100644
--- a/.forgejo/workflows/cascade-setup-end-to-end.yml
+++ b/.forgejo/workflows/cascade-setup-end-to-end.yml
@@ -35,7 +35,7 @@ jobs:
       )
     runs-on: docker
     container:
-      image: data.forgejo.org/oci/node:24-trixie
+      image: data.forgejo.org/oci/node:24-bookworm
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
         with:
diff --git a/.forgejo/workflows/forgejo-integration-cleanup.yml b/.forgejo/workflows/forgejo-integration-cleanup.yml
index 1629044cfc..63a5632bfa 100644
--- a/.forgejo/workflows/forgejo-integration-cleanup.yml
+++ b/.forgejo/workflows/forgejo-integration-cleanup.yml
@@ -9,7 +9,7 @@ jobs:
     if: vars.ROLE == 'forgejo-integration'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
     steps:
 
       - name: apt install curl jq
diff --git a/.forgejo/workflows/merge-requirements.yml b/.forgejo/workflows/merge-requirements.yml
index 7128d59b00..2e4d84b54e 100644
--- a/.forgejo/workflows/merge-requirements.yml
+++ b/.forgejo/workflows/merge-requirements.yml
@@ -17,7 +17,7 @@ jobs:
       vars.ROLE == 'forgejo-coding' && forge.event.pull_request.head.repo.full_name != 'forgejo-cascading-pr/forgejo'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
     steps:
       - name: Debug output
         run: |
diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml
index 7e79c0dae0..29aa73dceb 100644
--- a/.forgejo/workflows/mirror.yml
+++ b/.forgejo/workflows/mirror.yml
@@ -11,7 +11,7 @@ jobs:
     if: ${{ secrets.MIRROR_TOKEN != '' }}
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
     steps:
       - name: git push {v*/,}forgejo
         run: |
diff --git a/.forgejo/workflows/testing-integration.yml b/.forgejo/workflows/testing-integration.yml
index 35caa2eecd..85351af08c 100644
--- a/.forgejo/workflows/testing-integration.yml
+++ b/.forgejo/workflows/testing-integration.yml
@@ -31,7 +31,7 @@ jobs:
     if: vars.ROLE == 'forgejo-integration'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
@@ -50,7 +50,7 @@ jobs:
     if: vars.ROLE == 'forgejo-integration'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
@@ -75,7 +75,7 @@ jobs:
       matrix:
         version: ['10.6', '11.8']
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     services:
       mysql:
diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index e601fe30b5..f9cce74258 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -14,7 +14,7 @@ jobs:
     if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - name: event info
@@ -33,7 +33,7 @@ jobs:
     if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
@@ -68,7 +68,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     services:
       elasticsearch:
@@ -158,7 +158,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks, test-unit]
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     name: ${{ format('test-remote-cacher ({0})', matrix.cacher.name) }}
     strategy:
@@ -202,7 +202,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     services:
       mysql:
@@ -233,7 +233,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     services:
       minio:
@@ -273,7 +273,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
@@ -301,7 +301,7 @@ jobs:
       - test-remote-cacher
       - test-unit
     container:
-      image: 'data.forgejo.org/oci/node:24-trixie'
+      image: 'data.forgejo.org/oci/node:24-bookworm'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6

From 0ae62353862472ebd6bb2bdb44a8cc8354e89c27 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 22 Feb 2026 23:24:38 +0100
Subject: [PATCH 356/854] fix: allow Actions runner to recover tasks lost
 during fetching from intermittent errors (#11401)

Probably fixes (or improves, at least) https://code.forgejo.org/forgejo/runner/issues/1391, paired with the runner implementation https://code.forgejo.org/forgejo/runner/pulls/1393.

When the FetchTask() API is invoked to create a task, unpreventable environmental errors may occur; for example, network disconnects and timeouts. It's possible that these errors occur after the server-side has assigned a task to the runner during the API call, in which case the error would cause that task to be lost between the two systems -- the server will think it's assigned to the runner, and the runner never received it.  This can cause jobs to appear stuck at "Set up job".

The solution implemented here is idempotency in the FetchTask() API call, which means that the "same" FetchTask() API call is expected to return the same values. Specifically, the runner creates a unique identifier which is transmitted to the server as a header `x-runner-request-key` with each FetchTask() invocation which defines the sameness of the call, and the runner retains the value until the API call receives a successful response. The server implementation returns the same tasks back if a second (or Nth) call is received with the same `x-runner-request-key` header.  In order to accomplish this is records the `x-runner-request-key` value that is used with each request that assigns tasks.

As a complication, the Forgejo server is unable to return the same `${{ secrets.forgejo_token }}` for the task because the server stores that value in a one-way hash in the database.  To resolve this, the server regenerates the token when retrieving tasks for a second time.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11401
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .../action_task.yml                           |  36 ++++++
 models/actions/task.go                        |  30 ++++-
 models/actions/task_test.go                   |  23 ++++
 .../v15b_add-runner_request_key.go            |  24 ++++
 routers/api/actions/runner/interceptor.go     |  22 +++-
 routers/api/actions/runner/runner.go          |  28 ++++-
 services/actions/task.go                      |  59 +++++++++-
 tests/integration/actions_fetch_task_test.go  | 104 ++++++++++++++++++
 tests/integration/actions_runner_test.go      |  22 +++-
 9 files changed, 337 insertions(+), 11 deletions(-)
 create mode 100644 models/actions/TestActionTask_GetTasksByRunnerRequestKey/action_task.yml
 create mode 100644 models/forgejo_migrations/v15b_add-runner_request_key.go

diff --git a/models/actions/TestActionTask_GetTasksByRunnerRequestKey/action_task.yml b/models/actions/TestActionTask_GetTasksByRunnerRequestKey/action_task.yml
new file mode 100644
index 0000000000..2d6ce501ab
--- /dev/null
+++ b/models/actions/TestActionTask_GetTasksByRunnerRequestKey/action_task.yml
@@ -0,0 +1,36 @@
+-
+  id: 100
+  attempt: 3
+  runner_id: 12345678
+  status: 5 # StatusWaiting
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: false
+  token_hash: a1
+  token_salt: eeeeeeee
+  token_last_eight: eeeeeeee
+  log_filename: artifact-test2/2f/47.log
+  log_in_storage: true
+  log_length: 707
+  log_size: 90179
+  log_expired: false
+  runner_request_key: 0a7e017d-4201-4b34-8cf4-de0f431893a4
+-
+  id: 101
+  attempt: 3
+  runner_id: 12345678
+  status: 5 # StatusWaiting
+  repo_id: 4
+  owner_id: 1
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: false
+  token_hash: a2
+  token_salt: eeeeeeee
+  token_last_eight: eeeeeeee
+  log_filename: artifact-test2/2f/47.log
+  log_in_storage: true
+  log_length: 707
+  log_size: 90179
+  log_expired: false
+  runner_request_key: 0a7e017d-4201-4b34-8cf4-de0f431893a4
diff --git a/models/actions/task.go b/models/actions/task.go
index b0e6bb0f15..f67b5e58e1 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -29,7 +29,7 @@ type ActionTask struct {
 	Job      *ActionRunJob     `xorm:"-"`
 	Steps    []*ActionTaskStep `xorm:"-"`
 	Attempt  int64
-	RunnerID int64              `xorm:"index"`
+	RunnerID int64              `xorm:"index index(request_key)"`
 	Status   Status             `xorm:"index"`
 	Started  timeutil.TimeStamp `xorm:"index"`
 	Stopped  timeutil.TimeStamp `xorm:"index(stopped_log_expired)"`
@@ -51,6 +51,15 @@ type ActionTask struct {
 	LogIndexes   LogIndexes `xorm:"LONGBLOB"`                   // line number to offset
 	LogExpired   bool       `xorm:"index(stopped_log_expired)"` // files that are too old will be deleted
 
+	// When the FetchTask() API is invoked to create a task, unpreventable environmental errors may occur; for example,
+	// network disconnects and timeouts. If that API call has a unique identifier associated with it, it is stored in
+	// RunnerRequestKey. This allows the API call to be implemented idempotently using this state: if one API call
+	// assigns a task to a runner and a second API call is received from the same runner with the same request key, the
+	// existing assigned tasks can be returned.
+	//
+	// Indexed for an efficient search on runner_id=? AND runner_request_key=?.
+	RunnerRequestKey string `xorm:"index(request_key)"`
+
 	Created timeutil.TimeStamp `xorm:"created"`
 	Updated timeutil.TimeStamp `xorm:"updated index"`
 }
@@ -147,6 +156,11 @@ func (task *ActionTask) GenerateToken() {
 	task.Token, task.TokenSalt, task.TokenHash, task.TokenLastEight = generateSaltedToken()
 }
 
+// After using GenerateToken, UpdateToken can be used to update the database record affecting the same columns.
+func (task *ActionTask) UpdateToken(ctx context.Context) error {
+	return UpdateTask(ctx, task, "token_hash", "token_salt", "token_last_eight")
+}
+
 // Retrieve all the attempts from the same job as the target `ActionTask`.  Limited fields are queried to avoid loading
 // the LogIndexes blob when not needed.
 func (task *ActionTask) GetAllAttempts(ctx context.Context) ([]*ActionTask, error) {
@@ -242,6 +256,15 @@ func GetRunningTaskByToken(ctx context.Context, token string) (*ActionTask, erro
 	return nil, errNotExist
 }
 
+func GetTasksByRunnerRequestKey(ctx context.Context, runner *ActionRunner, requestKey string) ([]*ActionTask, error) {
+	var tasks []*ActionTask
+	err := db.GetEngine(ctx).Where("runner_id = ? AND runner_request_key = ?", runner.ID, requestKey).Find(&tasks)
+	if err != nil {
+		return nil, err
+	}
+	return tasks, nil
+}
+
 func getConcurrencyCondition() builder.Cond {
 	concurrencyCond := builder.NewCond()
 
@@ -324,7 +347,7 @@ func GetAvailableJobsForRunner(e db.Engine, runner *ActionRunner) ([]*ActionRunJ
 	return jobs, nil
 }
 
-func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask, bool, error) {
+func CreateTaskForRunner(ctx context.Context, runner *ActionRunner, requestKey *string) (*ActionTask, bool, error) {
 	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return nil, false, err
@@ -370,6 +393,9 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner) (*ActionTask
 		CommitSHA:         job.CommitSHA,
 		IsForkPullRequest: job.IsForkPullRequest,
 	}
+	if requestKey != nil {
+		task.RunnerRequestKey = *requestKey
+	}
 	task.GenerateToken()
 
 	var workflowJob *jobparser.Job
diff --git a/models/actions/task_test.go b/models/actions/task_test.go
index 08006e6b7b..7969f52e73 100644
--- a/models/actions/task_test.go
+++ b/models/actions/task_test.go
@@ -76,3 +76,26 @@ func TestActionTask_CreatePlaceholderTask(t *testing.T) {
 	}
 	assert.Equal(t, map[string]string{"output1": "value1", "output2": "value2"}, finalOutputs)
 }
+
+func TestActionTask_GetTasksByRunnerRequestKey(t *testing.T) {
+	defer unittest.OverrideFixtures("models/actions/TestActionTask_GetTasksByRunnerRequestKey")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	runner := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: 12345678})
+
+	// not matching runner_request_key
+	tasks, err := GetTasksByRunnerRequestKey(t.Context(), runner, "22288392-2c70-4125-bb01-c7da79fa280c")
+	require.NoError(t, err)
+	assert.Empty(t, tasks)
+
+	// matching both runner_id and runner_request_key
+	tasks, err = GetTasksByRunnerRequestKey(t.Context(), runner, "0a7e017d-4201-4b34-8cf4-de0f431893a4")
+	require.NoError(t, err)
+	assert.Len(t, tasks, 2)
+
+	// not matching runner_id
+	runner = unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: 10000001})
+	tasks, err = GetTasksByRunnerRequestKey(t.Context(), runner, "0a7e017d-4201-4b34-8cf4-de0f431893a4")
+	require.NoError(t, err)
+	assert.Empty(t, tasks)
+}
diff --git a/models/forgejo_migrations/v15b_add-runner_request_key.go b/models/forgejo_migrations/v15b_add-runner_request_key.go
new file mode 100644
index 0000000000..fb8150469b
--- /dev/null
+++ b/models/forgejo_migrations/v15b_add-runner_request_key.go
@@ -0,0 +1,24 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add runner_request_key to action_task",
+		Upgrade:     addActionTaskRunnerRequestKey,
+	})
+}
+
+func addActionTaskRunnerRequestKey(x *xorm.Engine) error {
+	type ActionTask struct {
+		RunnerID         int64  `xorm:"index index(request_key)"`
+		RunnerRequestKey string `xorm:"index(request_key)"`
+	}
+	_, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, new(ActionTask))
+	return err
+}
diff --git a/routers/api/actions/runner/interceptor.go b/routers/api/actions/runner/interceptor.go
index be83af6997..b293ed5d66 100644
--- a/routers/api/actions/runner/interceptor.go
+++ b/routers/api/actions/runner/interceptor.go
@@ -19,8 +19,9 @@ import (
 )
 
 const (
-	uuidHeaderKey  = "x-runner-uuid"
-	tokenHeaderKey = "x-runner-token"
+	uuidHeaderKey       = "x-runner-uuid"
+	tokenHeaderKey      = "x-runner-token"
+	requestKeyHeaderKey = "x-runner-request-key"
 )
 
 var withRunner = connect.WithInterceptors(connect.UnaryInterceptorFunc(func(unaryFunc connect.UnaryFunc) connect.UnaryFunc {
@@ -54,6 +55,12 @@ var withRunner = connect.WithInterceptors(connect.UnaryInterceptorFunc(func(unar
 		}
 
 		ctx = context.WithValue(ctx, runnerCtxKey{}, runner)
+
+		requestKey := request.Header().Get(requestKeyHeaderKey)
+		if requestKey != "" {
+			ctx = context.WithValue(ctx, runnerRequestKeyCtxKey{}, requestKey)
+		}
+
 		return unaryFunc(ctx, request)
 	}
 }))
@@ -76,3 +83,14 @@ func GetRunner(ctx context.Context) *actions_model.ActionRunner {
 	}
 	return nil
 }
+
+type runnerRequestKeyCtxKey struct{}
+
+func getRequestKey(ctx context.Context) *string {
+	if v := ctx.Value(runnerRequestKeyCtxKey{}); v != nil {
+		if r, ok := v.(string); ok {
+			return &r
+		}
+	}
+	return nil
+}
diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go
index b36284e604..e079aa8de8 100644
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -140,6 +140,30 @@ func (s *Service) FetchTask(
 ) (*connect.Response[runnerv1.FetchTaskResponse], error) {
 	runner := GetRunner(ctx)
 
+	requestKey := getRequestKey(ctx)
+	if requestKey != nil {
+		// Search for previous tasks is based upon both the runner and the request key in order to reduce the security
+		// risk. If a request key is leaked (eg. it appears in a log file, log file gets published in a bug report) it
+		// could be used indefinitely to retrieve the associated task(s), so requiring the correctly authenticated
+		// runner reduces that risk.
+		recoveredTasks, err := actions_model.GetTasksByRunnerRequestKey(ctx, runner, *requestKey)
+		if err != nil {
+			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("query by request key failed: %w", err))
+		} else if len(recoveredTasks) > 0 {
+			// Recovered tasks from a repeat request key
+			tasks, err := actions_service.RecoverTasks(ctx, recoveredTasks)
+			if err != nil {
+				return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("recover tasks failed: %w", err))
+			}
+			resp := &runnerv1.FetchTaskResponse{
+				Task:            tasks[0],
+				TasksVersion:    0,
+				AdditionalTasks: tasks[1:],
+			}
+			return connect.NewResponse(resp), nil
+		}
+	}
+
 	var task *runnerv1.Task
 	tasksVersion := req.Msg.TasksVersion // task version from runner
 	latestVersion, err := actions_model.GetTasksVersionByScope(ctx, runner.OwnerID, runner.RepoID)
@@ -160,7 +184,7 @@ func (s *Service) FetchTask(
 		// if the task version in request is not equal to the version in db,
 		// it means there may still be some tasks not be assigned.
 		// try to pick a task for the runner that send the request.
-		if t, ok, err := actions_service.PickTask(ctx, runner); err != nil {
+		if t, ok, err := actions_service.PickTask(ctx, runner, requestKey); err != nil {
 			log.Error("pick task failed: %v", err)
 			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("pick task: %w", err))
 		} else if ok {
@@ -169,7 +193,7 @@ func (s *Service) FetchTask(
 			taskCapacity := req.Msg.GetTaskCapacity()
 			taskCapacity-- // remove 1 for the task already fetched as `task`
 			for taskCapacity > 0 {
-				if t, ok, err := actions_service.PickTask(ctx, runner); err != nil {
+				if t, ok, err := actions_service.PickTask(ctx, runner, requestKey); err != nil {
 					// Don't return an error to the client/runner -- we've already assigned one-or-more tasks to the runner
 					// and if we don't return them, they can't be picked up by another runner and will become zombie tasks.
 					// Log the error and return the tasks we've assigned so far.
diff --git a/services/actions/task.go b/services/actions/task.go
index ddc35d6921..141678549c 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -20,7 +20,7 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
-func PickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv1.Task, bool, error) {
+func PickTask(ctx context.Context, runner *actions_model.ActionRunner, requestKey *string) (*runnerv1.Task, bool, error) {
 	var (
 		task *runnerv1.Task
 		job  *actions_model.ActionRunJob
@@ -40,7 +40,7 @@ func PickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv
 	}
 
 	if err := db.WithTx(ctx, func(ctx context.Context) error {
-		t, ok, err := actions_model.CreateTaskForRunner(ctx, runner)
+		t, ok, err := actions_model.CreateTaskForRunner(ctx, runner, requestKey)
 		if err != nil {
 			return fmt.Errorf("CreateTaskForRunner: %w", err)
 		}
@@ -96,6 +96,61 @@ func PickTask(ctx context.Context, runner *actions_model.ActionRunner) (*runnerv
 	return task, true, nil
 }
 
+func RecoverTasks(ctx context.Context, tasks []*actions_model.ActionTask) ([]*runnerv1.Task, error) {
+	retval := make([]*runnerv1.Task, len(tasks))
+
+	err := db.WithTx(ctx, func(ctx context.Context) error {
+		for i, t := range tasks {
+			// `Token` is stored in the database w/ a one-way hash, so we can't recover it from the original.  Instead
+			// we generate a new token to create usable runnerv1.Task objects.
+			t.GenerateToken()
+			if err := t.UpdateToken(ctx); err != nil {
+				return fmt.Errorf("UpdateTask failed: %w", err)
+			}
+
+			if err := t.LoadAttributes(ctx); err != nil {
+				return fmt.Errorf("task LoadAttributes: %w", err)
+			}
+			job := t.Job
+
+			secrets, err := getSecretsOfTask(ctx, t)
+			if err != nil {
+				return fmt.Errorf("GetSecretsOfTask: %w", err)
+			}
+
+			vars, err := actions_model.GetVariablesOfRun(ctx, t.Job.Run)
+			if err != nil {
+				return fmt.Errorf("GetVariablesOfRun: %w", err)
+			}
+
+			needs, err := findTaskNeeds(ctx, job)
+			if err != nil {
+				return fmt.Errorf("findTaskNeeds: %w", err)
+			}
+
+			taskContext, err := generateTaskContext(t)
+			if err != nil {
+				return fmt.Errorf("generateTaskContext: %w", err)
+			}
+
+			retval[i] = &runnerv1.Task{
+				Id:              t.ID,
+				WorkflowPayload: t.Job.WorkflowPayload,
+				Context:         taskContext,
+				Secrets:         secrets,
+				Vars:            vars,
+				Needs:           needs,
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return retval, nil
+}
+
 func generateTaskContext(t *actions_model.ActionTask) (*structpb.Struct, error) {
 	run := t.Job.Run
 	gitCtx, err := GenerateGiteaContext(run, t.Job)
diff --git a/tests/integration/actions_fetch_task_test.go b/tests/integration/actions_fetch_task_test.go
index 7416896be4..95502b7424 100644
--- a/tests/integration/actions_fetch_task_test.go
+++ b/tests/integration/actions_fetch_task_test.go
@@ -8,10 +8,12 @@ import (
 	"strings"
 	"testing"
 
+	actions_model "forgejo.org/models/actions"
 	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/util"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
@@ -87,3 +89,105 @@ jobs:
 		assert.Contains(t, string(addt[0].GetWorkflowPayload()), "name: job1 (a, a, d)")
 	})
 }
+
+func TestActionFetchTask_Idempotent(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		// mock repo runner only supported on SQLite testing
+		t.Skip()
+	}
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		// create the repo
+		repo, _, f := tests.CreateDeclarativeRepo(t, user2, "repo-many-tasks",
+			[]unit_model.Type{unit_model.TypeActions}, nil,
+			[]*files_service.ChangeRepoFile{
+				{
+					Operation: "create",
+					TreePath:  ".forgejo/workflows/matrix.yml",
+					ContentReader: strings.NewReader(`
+on:
+  push:
+jobs:
+  job1:
+    strategy:
+      matrix:
+        d1: [a, b]
+    runs-on: ubuntu-latest
+    steps:
+      - run: sleep 2
+`),
+				},
+			},
+		)
+		defer f()
+
+		runner := newMockRunner()
+		runner.registerAsRepoRunner(t, user2.Name, repo.Name, "mock-runner", []string{"ubuntu-latest"})
+
+		runner.setRequestKey("4b518ff2-00c6-4c22-ba05-77d5b597c2b4")
+
+		// First request that fetches a task:
+		task1 := runner.fetchTask(t)
+		require.NotNil(t, task1)
+		assert.Contains(t, string(task1.GetWorkflowPayload()), "name: job1")
+		{
+			// Base assumption, the FORGEJO_TOKEN secret can be identified... this is typical but we'll verify that it
+			// doesn't work after the idempotent fetch.
+			taskTokenTest, err := actions_model.GetRunningTaskByToken(t.Context(), task1.Secrets["FORGEJO_TOKEN"])
+			require.NoError(t, err)
+			assert.Equal(t, task1.Id, taskTokenTest.ID)
+		}
+
+		// Having retrieved a task... if we sent a fetchTask call with the same requestKey then we expect to get the
+		// same task again:
+		task1fetchedAgain := runner.fetchTask(t)
+		require.NotNil(t, task1fetchedAgain)
+		assert.Contains(t, string(task1fetchedAgain.GetWorkflowPayload()), "name: job1")
+
+		assert.Equal(t, task1.Id, task1fetchedAgain.Id)
+		assert.Equal(t, task1.WorkflowPayload, task1fetchedAgain.WorkflowPayload)
+		m1 := task1.Context.AsMap()
+		m1fetchedAgain := task1fetchedAgain.Context.AsMap()
+		for k, v1 := range m1 {
+			v2 := m1fetchedAgain[k]
+			// "token" isn't expected to be the same as it is regenerated on recovery from idempotent fetch.  But it is
+			// expected to be present, so we test for equal length.  "gitea_runtime_token" is a signed JWT which can
+			// change between invocations based upon precise timestamps used, and so similarly should be validated to be
+			// present not necessarily identical.
+			if k == "token" || k == "gitea_runtime_token" {
+				assert.Len(t, v1.(string), len(v2.(string)))
+			} else {
+				assert.EqualValues(t, v1, v2, "context[%q]", k)
+			}
+		}
+		for k, v1 := range task1.Secrets {
+			v2 := task1fetchedAgain.Secrets[k]
+			if k == "FORGEJO_TOKEN" || k == "GITEA_TOKEN" || k == "GITHUB_TOKEN" {
+				// token isn't expected to be the same... but should be present.
+				assert.Len(t, v1, len(v2))
+			} else {
+				assert.Equal(t, v1, v2, "secret[%q]", k)
+			}
+		}
+		assert.Equal(t, task1.Needs, task1fetchedAgain.Needs)
+		assert.Equal(t, task1.Vars, task1fetchedAgain.Vars)
+
+		{
+			// Original FORGEJO_TOKEN should not be usable anymore.
+			_, err := actions_model.GetRunningTaskByToken(t.Context(), task1.Secrets["FORGEJO_TOKEN"])
+			require.ErrorIs(t, err, util.ErrNotExist)
+			// New FORGEJO_TOKEN should be usable.
+			taskTokenTest, err := actions_model.GetRunningTaskByToken(t.Context(), task1fetchedAgain.Secrets["FORGEJO_TOKEN"])
+			require.NoError(t, err)
+			assert.Equal(t, task1fetchedAgain.Id, taskTokenTest.ID)
+		}
+
+		// But now if we change the request key, we don't expect to get the same task anymore:
+		runner.setRequestKey("6d47d5f3-eaa2-449f-9040-8b20287401b3")
+		task2 := runner.fetchTask(t)
+		require.NotNil(t, task2)
+		assert.NotEqual(t, task1.Id, task2.Id)
+	})
+}
diff --git a/tests/integration/actions_runner_test.go b/tests/integration/actions_runner_test.go
index 22191020dc..70784c1f64 100644
--- a/tests/integration/actions_runner_test.go
+++ b/tests/integration/actions_runner_test.go
@@ -25,6 +25,7 @@ import (
 
 type mockRunner struct {
 	client           *mockRunnerClient
+	uuid, token      string
 	lastTasksVersion int64
 }
 
@@ -38,7 +39,7 @@ func newMockRunner() *mockRunner {
 	return &mockRunner{client: client}
 }
 
-func newMockRunnerClient(uuid, token string) *mockRunnerClient {
+func newMockRunnerClientWithRequestKey(uuid, token, requestKey string) *mockRunnerClient {
 	baseURL := fmt.Sprintf("%sapi/actions", setting.AppURL)
 
 	opt := connect.WithInterceptors(connect.UnaryInterceptorFunc(func(next connect.UnaryFunc) connect.UnaryFunc {
@@ -49,6 +50,9 @@ func newMockRunnerClient(uuid, token string) *mockRunnerClient {
 			if token != "" {
 				req.Header().Set("x-runner-token", token)
 			}
+			if requestKey != "" {
+				req.Header().Set("x-runner-request-key", requestKey)
+			}
 			return next(ctx, req)
 		}
 	}))
@@ -61,6 +65,10 @@ func newMockRunnerClient(uuid, token string) *mockRunnerClient {
 	return client
 }
 
+func newMockRunnerClient(uuid, token string) *mockRunnerClient {
+	return newMockRunnerClientWithRequestKey(uuid, token, "")
+}
+
 func (r *mockRunner) doPing(t *testing.T) {
 	resp, err := r.client.pingServiceClient.Ping(t.Context(), connect.NewRequest(&pingv1.PingRequest{
 		Data: "mock-runner",
@@ -79,7 +87,9 @@ func (r *mockRunner) doRegister(t *testing.T, name, token string, labels []strin
 		Ephemeral: false,
 	}))
 	require.NoError(t, err)
-	r.client = newMockRunnerClient(resp.Msg.Runner.Uuid, resp.Msg.Runner.Token)
+	r.uuid = resp.Msg.Runner.Uuid
+	r.token = resp.Msg.Runner.Token
+	r.client = newMockRunnerClient(r.uuid, r.token)
 }
 
 func (r *mockRunner) doRegisterEphemeral(t *testing.T, name, token string, labels []string) {
@@ -92,7 +102,13 @@ func (r *mockRunner) doRegisterEphemeral(t *testing.T, name, token string, label
 		Ephemeral: true,
 	}))
 	require.NoError(t, err)
-	r.client = newMockRunnerClient(resp.Msg.Runner.Uuid, resp.Msg.Runner.Token)
+	r.uuid = resp.Msg.Runner.Uuid
+	r.token = resp.Msg.Runner.Token
+	r.client = newMockRunnerClient(r.uuid, r.token)
+}
+
+func (r *mockRunner) setRequestKey(requestKey string) {
+	r.client = newMockRunnerClientWithRequestKey(r.uuid, r.token, requestKey)
 }
 
 func (r *mockRunner) registerAsRepoRunner(t *testing.T, ownerName, repoName, runnerName string, labels []string) {

From f9a22b335e80bccd5e224c492ecb512c06dcc805 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Mon, 23 Feb 2026 06:03:23 +0100
Subject: [PATCH 357/854] fix(ui): hardcode sort options in search syntax hint,
 improve look (#11381)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Followup to https://codeberg.org/forgejo/forgejo/pulls/9109

Fix issue reported by @mahlzahn that the string was confusing translators and they translated the part that wasn't meant to be translated.
Part of this fix was to replace custom IterWithTr with simple dict iteration to allow for placeholders in strings.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11381
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
---
 build/lint-locale-usage/handle-tmpl.go    |  6 ------
 modules/translation/translation.go        | 11 -----------
 options/locale_next/locale_en-US.json     |  2 +-
 templates/shared/search/issue/syntax.tmpl | 24 +++++++++++------------
 4 files changed, 13 insertions(+), 30 deletions(-)

diff --git a/build/lint-locale-usage/handle-tmpl.go b/build/lint-locale-usage/handle-tmpl.go
index e8d4832f9d..8d03291205 100644
--- a/build/lint-locale-usage/handle-tmpl.go
+++ b/build/lint-locale-usage/handle-tmpl.go
@@ -73,12 +73,6 @@ func (handler Handler) handleTemplateNode(fset *token.FileSet, node tmplParser.N
 			funcname = nodeVar.Ident[2]
 		}
 
-		if funcname == "IterWithTr" {
-			for i := 2; i < len(nodeCommand.Args); i += 2 {
-				handler.handleTemplateMsgid(fset, nodeCommand.Args[i])
-			}
-		}
-
 		var gotUnexpectedInvoke *int
 		ltf, ok := handler.LocaleTrFunctions[funcname]
 		if !ok {
diff --git a/modules/translation/translation.go b/modules/translation/translation.go
index fdd71fe608..f2d77ac340 100644
--- a/modules/translation/translation.go
+++ b/modules/translation/translation.go
@@ -7,7 +7,6 @@ package translation
 import (
 	"context"
 	"html/template"
-	"iter"
 	"sort"
 	"strings"
 	"sync"
@@ -329,16 +328,6 @@ func (l *locale) PrettyNumber(v any) string {
 	return l.msgPrinter.Sprintf("%v", number.Decimal(v))
 }
 
-func (l *locale) IterWithTr(kvs ...string) iter.Seq2[string, template.HTML] {
-	return func(yield func(string, template.HTML) bool) {
-		for i := 0; i < len(kvs); i += 2 {
-			if !yield(kvs[i], l.TrHTML(kvs[i+1])) {
-				return
-			}
-		}
-	}
-}
-
 func GetPluralRule(l Locale) int {
 	return GetPluralRuleImpl(l.Language())
 }
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 9bd18cd565..9047ca393c 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -57,7 +57,7 @@
 	"repo.issues.filter_reviewers.hint": "Filter by user who reviewed",
 	"repo.issues.filter_mention.hint": "Filter by mentioned user",
 	"repo.issues.filter_modified.hint": "Filter by last modified date",
-	"repo.issues.filter_sort.hint": "Sort by: created/comments/updated/deadline",
+	"repo.issues.filter_sort.hint_with_placeholder": "Sort by: %s",
 	"issues.updated": "updated %s",
 	"issues.filters.labels.exclude": "Exclude label",
 	"issues.filters.labels.unexclude": "Clear exclusion",
diff --git a/templates/shared/search/issue/syntax.tmpl b/templates/shared/search/issue/syntax.tmpl
index 737f386b1b..76e6ef2638 100644
--- a/templates/shared/search/issue/syntax.tmpl
+++ b/templates/shared/search/issue/syntax.tmpl
@@ -6,26 +6,26 @@
 			<table class="tw-table-auto">
 				<tbody>
 					{{range $filter, $tr :=
-						ctx.Locale.IterWithTr
-							"is:open" "repo.issues.open_title"
-							"is:closed" "repo.issues.closed_title"
-							"is:all" "repo.issues.all_title"
-							"author:<username>" "repo.issues.filter_poster.hint"
-							"assignee:<username>" "repo.issues.filter_assignee.hint"
-							"review:<username>" "repo.issues.filter_reviewers.hint"
-							"mentions:<username>" "repo.issues.filter_mention.hint"
-							"sort:<by>:[asc|desc]" "repo.issues.filter_sort.hint"
-							"modified:[>|<]<date>" "repo.issues.filter_modified.hint"}}
+						dict
+							"is:open" (ctx.Locale.TrString "repo.issues.open_title")
+							"is:closed" (ctx.Locale.TrString "repo.issues.closed_title")
+							"is:all" (ctx.Locale.TrString "repo.issues.all_title")
+							"author:<username>" (ctx.Locale.TrString "repo.issues.filter_poster.hint")
+							"assignee:<username>" (ctx.Locale.TrString "repo.issues.filter_assignee.hint")
+							"review:<username>" (ctx.Locale.TrString "repo.issues.filter_reviewers.hint")
+							"mentions:<username>" (ctx.Locale.TrString "repo.issues.filter_mention.hint")
+							"sort:<by>:[asc|desc]" (ctx.Locale.Tr "repo.issues.filter_sort.hint_with_placeholder" (HTMLFormat "<code>created|comments|updated|deadline</code>"))
+							"modified:[>|<]<date>" (ctx.Locale.TrString "repo.issues.filter_modified.hint")}}
 						<tr>
 							<th class="tw-p-2"><code>{{$filter}}</code></th>
-							<td class="tw-p-2">{{$tr | SafeHTML}}</td>
+							<td class="tw-p-2">{{$tr}}</td>
 						</tr>
 					{{end}}
 				</tbody>
 			</table>
 		</div>
 		<footer class="actions">
-				<button class="ui button icon cancel">{{ctx.Locale.Tr "settings.cancel"}}</button>
+			<button class="secondary button cancel">{{ctx.Locale.Tr "settings.cancel"}}</button>
 		</footer>
 	</article>
 </dialog>

From 8531c059f6c0ac95b385b9e84f5248ae0aba64cb Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 23 Feb 2026 06:54:58 +0100
Subject: [PATCH 358/854] Update renovate Docker tag to v43.31.1 (forgejo)
 (#11409)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index b642156c23..27c2059ee9 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasour
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.42.0 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.15.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.31.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From a4821c2bf99535456980c0d20c6e514f70e57092 Mon Sep 17 00:00:00 2001
From: panc <pan0xc@foxmail.com>
Date: Tue, 24 Feb 2026 04:21:59 +0100
Subject: [PATCH 359/854] fix(ui): update sort dropdown structure for
 consistency across templates (#11423)

Main modified pages  `/milestones`, `/issues`, `/pulls` and `/user/repo/projects`
| Before | After |
|----|----|
| ![image](/attachments/0cbb14b9-2231-4a91-917b-1304663dbc2a) | ![image](/attachments/2dd5c3d2-a531-450b-a602-14355d9af2a6) |

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11423
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: panc <pan0xc@foxmail.com>
Co-committed-by: panc <pan0xc@foxmail.com>
---
 templates/projects/list.tmpl             |  4 +++-
 templates/user/dashboard/issues.tmpl     |  4 ++--
 templates/user/dashboard/milestones.tmpl | 12 +++++++-----
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/templates/projects/list.tmpl b/templates/projects/list.tmpl
index 8211ffed9d..12d75ce9f6 100644
--- a/templates/projects/list.tmpl
+++ b/templates/projects/list.tmpl
@@ -23,7 +23,8 @@
 		{{template "shared/search/combo" dict "Value" .Keyword "Placeholder" (ctx.Locale.Tr "search.project_kind")}}
 	</form>
 	<!-- Sort -->
-	<div class="list-header-sort ui dropdown type jump item">
+	<div class="ui secondary menu tw-mt-0">
+		<div class="list-header-sort ui dropdown type jump item">
 		<span class="text">
 			{{ctx.Locale.Tr "repo.issues.filter_sort"}}
 		</span>
@@ -34,6 +35,7 @@
 			<a class="{{if eq .SortType "leastupdate"}}active {{end}}item" href="?q={{$.Keyword}}&sort=leastupdate&state={{$.State}}">{{ctx.Locale.Tr "repo.issues.filter_sort.leastupdate"}}</a>
 		</div>
 	</div>
+	</div>
 </div>
 
 <div class="milestone-list">
diff --git a/templates/user/dashboard/issues.tmpl b/templates/user/dashboard/issues.tmpl
index 4b931cd981..5ebeac9d14 100644
--- a/templates/user/dashboard/issues.tmpl
+++ b/templates/user/dashboard/issues.tmpl
@@ -41,8 +41,8 @@
 				<div class="list-header ui dropdown type jump item">
 					<span class="text tw-whitespace-nowrap">
 						{{ctx.Locale.Tr "repo.issues.filter_type"}}
-						{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 					</span>
+					{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 					<div class="ui menu">
 						<a class="{{if eq .ViewType "created_by"}}active{{end}} item" href="?type=created_by&sort={{$.SortType}}&state={{.State}}&q={{$.Keyword}}">
 							<div class="ui circular mini label tw-ml-0">{{CountFmt .IssueStats.CreateCount}}</div>
@@ -76,8 +76,8 @@
 				<div class="list-header-sort ui dropdown type jump item">
 					<span class="text tw-whitespace-nowrap">
 						{{ctx.Locale.Tr "repo.issues.filter_sort"}}
-						{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 					</span>
+					{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 					<div class="menu">
 						{{$keyword := StringUtils.RemoveAllPrefix $.Keyword "sort:"}}
 						{{$o := .}}
diff --git a/templates/user/dashboard/milestones.tmpl b/templates/user/dashboard/milestones.tmpl
index 67111c6d38..713d5413a4 100644
--- a/templates/user/dashboard/milestones.tmpl
+++ b/templates/user/dashboard/milestones.tmpl
@@ -53,11 +53,12 @@
 						{{template "shared/search/combo" dict "Value" $.Keyword}}
 					</form>
 					<!-- Sort -->
-					<div class="list-header-sort ui dropdown type jump item">
-						<span class="text">
-							{{ctx.Locale.Tr "repo.issues.filter_sort"}}
-						</span>
-						{{svg "octicon-triangle-down" 14 "dropdown icon"}}
+					<div class="ui secondary menu tw-mt-0">
+						<div class="list-header-sort ui dropdown type jump item">
+							<span class="text">
+								{{ctx.Locale.Tr "repo.issues.filter_sort"}}
+							</span>
+							{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 						<div class="menu">
 							<a class="{{if or (eq .SortType "closestduedate") (not .SortType)}}active {{end}}item" href="?repos=[{{range $.RepoIDs}}{{.}}%2C{{end}}]&sort=closestduedate&state={{$.State}}&q={{$.Keyword}}">{{ctx.Locale.Tr "repo.milestones.filter_sort.earliest_due_data"}}</a>
 							<a class="{{if eq .SortType "furthestduedate"}}active {{end}}item" href="?repos=[{{range $.RepoIDs}}{{.}}%2C{{end}}]&sort=furthestduedate&state={{$.State}}&q={{$.Keyword}}">{{ctx.Locale.Tr "repo.milestones.filter_sort.latest_due_date"}}</a>
@@ -68,6 +69,7 @@
 							<a class="{{if eq .SortType "name"}}active {{end}}item" href="?repos=[{{range $.RepoIDs}}{{.}}%2C{{end}}]&sort=name&state={{$.State}}&q={{$.Keyword}}">{{ctx.Locale.Tr "repo.milestones.filter_sort.name"}}</a>
 						</div>
 					</div>
+					</div>
 				</div>
 				<div class="milestone-list">
 					{{range .Milestones}}

From 2d4a3e56580d2d939f1eee7e5047b82a9959d42e Mon Sep 17 00:00:00 2001
From: Myers Carpenter <myers@maski.org>
Date: Fri, 27 Feb 2026 16:25:20 +0100
Subject: [PATCH 360/854] fix(models): deduplicate project sorting values and
 add unique constraints (#11334)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Project columns and cards use a sorting field for ordering, but nothing prevents duplicate values from being inserted. This causes unpredictable ordering and makes swap-based reordering unsafe. Additionally, the same issue can be added to a project multiple times, which shouldn't be possible.

This PR adds a migration to clean up existing data and enforce three unique constraints:
- (project_id, sorting) on project_board — one sorting value per column per project
- (project_id, issue_id) on project_issue — one card per issue per project
- (project_board_id, sorting) on project_issue — one sorting value per card per column

The migration deduplicates existing rows and reassigns sequential sorting values before adding the constraints.

Changes

- Migration: fix duplicate sorting values in project_board and project_issue, remove duplicate (project_id, issue_id) rows, add three unique constraints
- MoveColumnsOnProject: two-phase swap (negate then set) to avoid constraint collisions
- MoveIssuesOnProjectColumn: three-phase approach with duplicate validation and sorted lock ordering
- UpdateColumn: always persist sorting field (allows setting to 0)
- GetDefaultColumn: query max sorting before auto-creating
- createDefaultColumnsForProject: explicit sequential sorting
- changeProjectStatus: only set ClosedDateUnix when closing

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11334
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Myers Carpenter <myers@maski.org>
Co-committed-by: Myers Carpenter <myers@maski.org>
---
 .../PrivateIssueProjects/project_board.yml    |   2 +
 .../PrivateIssueProjects/project_issue.yml    |   4 +
 .../TestPrivateRepoProjects/project_board.yml |   1 +
 .../TestPrivateRepoProjects/project_issue.yml |   2 +
 models/fixtures/project_board.yml             |   9 +
 models/fixtures/project_issue.yml             |   4 +
 ..._fix-project-sorting-unique-constraints.go | 218 ++++++++++++++++++
 .../project_board.yml                         |   3 +
 models/project/column.go                      |  69 ++++--
 models/project/column_test.go                 |  59 ++++-
 models/project/issue.go                       |  79 ++++++-
 models/project/issue_test.go                  | 149 ++++++++++++
 12 files changed, 574 insertions(+), 25 deletions(-)
 create mode 100644 models/forgejo_migrations/v15c_fix-project-sorting-unique-constraints.go
 create mode 100644 models/project/issue_test.go

diff --git a/models/fixtures/PrivateIssueProjects/project_board.yml b/models/fixtures/PrivateIssueProjects/project_board.yml
index 3f1fe1e705..a1c257dacc 100644
--- a/models/fixtures/PrivateIssueProjects/project_board.yml
+++ b/models/fixtures/PrivateIssueProjects/project_board.yml
@@ -4,6 +4,7 @@
   title: Triage
   creator_id: 2
   default: true
+  sorting: 0
   created_unix: 1738000000
   updated_unix: 1738000000
 
@@ -13,5 +14,6 @@
   title: Triage
   creator_id: 2
   default: true
+  sorting: 0
   created_unix: 1738000000
   updated_unix: 1738000000
diff --git a/models/fixtures/PrivateIssueProjects/project_issue.yml b/models/fixtures/PrivateIssueProjects/project_issue.yml
index 0245fb47f3..edbaa9640b 100644
--- a/models/fixtures/PrivateIssueProjects/project_issue.yml
+++ b/models/fixtures/PrivateIssueProjects/project_issue.yml
@@ -3,21 +3,25 @@
   issue_id: 6
   project_id: 1001
   project_board_id: 1001
+  sorting: 1
 
 -
   id: 1002
   issue_id: 7
   project_id: 1002
   project_board_id: 1002
+  sorting: 0
 
 -
   id: 1003
   issue_id: 16
   project_id: 1001
   project_board_id: 1001
+  sorting: 0
 
 -
   id: 1004
   issue_id: 1
   project_id: 1002
   project_board_id: 1002
+  sorting: 1
diff --git a/models/fixtures/TestPrivateRepoProjects/project_board.yml b/models/fixtures/TestPrivateRepoProjects/project_board.yml
index 9829cf7e27..68121387b9 100644
--- a/models/fixtures/TestPrivateRepoProjects/project_board.yml
+++ b/models/fixtures/TestPrivateRepoProjects/project_board.yml
@@ -4,5 +4,6 @@
   title: Triage
   creator_id: 2
   default: true
+  sorting: 0
   created_unix: 1738000000
   updated_unix: 1738000000
diff --git a/models/fixtures/TestPrivateRepoProjects/project_issue.yml b/models/fixtures/TestPrivateRepoProjects/project_issue.yml
index 3e8c1dca9e..aa3082af27 100644
--- a/models/fixtures/TestPrivateRepoProjects/project_issue.yml
+++ b/models/fixtures/TestPrivateRepoProjects/project_issue.yml
@@ -3,9 +3,11 @@
   issue_id: 6
   project_id: 1001
   project_board_id: 1001
+  sorting: 1
 
 -
   id: 1002
   issue_id: 15
   project_id: 1001
   project_board_id: 1001
+  sorting: 0
diff --git a/models/fixtures/project_board.yml b/models/fixtures/project_board.yml
index 3293dea6ed..e205c01a21 100644
--- a/models/fixtures/project_board.yml
+++ b/models/fixtures/project_board.yml
@@ -4,6 +4,7 @@
   title: To Do
   creator_id: 2
   default: true
+  sorting: 0
   created_unix: 1588117528
   updated_unix: 1588117528
 
@@ -12,6 +13,7 @@
   project_id: 1
   title: In Progress
   creator_id: 2
+  sorting: 1
   created_unix: 1588117528
   updated_unix: 1588117528
 
@@ -20,6 +22,7 @@
   project_id: 1
   title: Done
   creator_id: 2
+  sorting: 2
   created_unix: 1588117528
   updated_unix: 1588117528
 
@@ -28,6 +31,7 @@
   project_id: 4
   title: Done
   creator_id: 2
+  sorting: 0
   created_unix: 1588117528
   updated_unix: 1588117528
 
@@ -37,6 +41,7 @@
   title: Backlog
   creator_id: 2
   default: true
+  sorting: 0
   created_unix: 1588117528
   updated_unix: 1588117528
 
@@ -46,6 +51,7 @@
   title: Backlog
   creator_id: 2
   default: true
+  sorting: 1
   created_unix: 1588117528
   updated_unix: 1588117528
 
@@ -55,6 +61,7 @@
   title: Done
   creator_id: 2
   default: false
+  sorting: 0
   created_unix: 1588117528
   updated_unix: 1588117528
 
@@ -64,6 +71,7 @@
   title: Backlog
   creator_id: 2
   default: true
+  sorting: 0
   created_unix: 1588117528
   updated_unix: 1588117528
 
@@ -73,5 +81,6 @@
   title: Uncategorized
   creator_id: 2
   default: true
+  sorting: 1
   created_unix: 1588117528
   updated_unix: 1588117528
diff --git a/models/fixtures/project_issue.yml b/models/fixtures/project_issue.yml
index b1af05908a..61ad79cd3e 100644
--- a/models/fixtures/project_issue.yml
+++ b/models/fixtures/project_issue.yml
@@ -3,21 +3,25 @@
   issue_id: 1
   project_id: 1
   project_board_id: 1
+  sorting: 0
 
 -
   id: 2
   issue_id: 2
   project_id: 1
   project_board_id: 0 # no board assigned
+  sorting: 0
 
 -
   id: 3
   issue_id: 3
   project_id: 1
   project_board_id: 2
+  sorting: 0
 
 -
   id: 4
   issue_id: 5
   project_id: 1
   project_board_id: 3
+  sorting: 0
diff --git a/models/forgejo_migrations/v15c_fix-project-sorting-unique-constraints.go b/models/forgejo_migrations/v15c_fix-project-sorting-unique-constraints.go
new file mode 100644
index 0000000000..9fc28d523c
--- /dev/null
+++ b/models/forgejo_migrations/v15c_fix-project-sorting-unique-constraints.go
@@ -0,0 +1,218 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"fmt"
+
+	"forgejo.org/models/gitea_migrations/base"
+	"forgejo.org/modules/setting"
+
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "Fix duplicate project sorting values and add unique constraints",
+		Upgrade:     fixProjectSortingUniqueConstraints,
+	})
+}
+
+func fixProjectSortingUniqueConstraints(x *xorm.Engine) error {
+	// Step 1: Fix existing duplicates in project_issue (cards)
+	// Reassign sequential sorting values within each column
+	if err := fixProjectIssueDuplicates(x); err != nil {
+		return err
+	}
+
+	// Step 2: Fix existing duplicates in project_board (columns)
+	// Reassign sequential sorting values within each project
+	if err := fixProjectBoardDuplicates(x); err != nil {
+		return err
+	}
+
+	// Step 3: Remove duplicate (project_id, issue_id) rows keeping the lowest id
+	if err := fixProjectIssueDuplicateAssignments(x); err != nil {
+		return err
+	}
+
+	// Step 4: Add unique constraints (idempotent — skip if already exists)
+	if err := createUniqueIndexIfNotExists(x, "project_issue", "UQE_project_issue_column_sorting", "project_board_id, sorting"); err != nil {
+		return err
+	}
+	if err := createUniqueIndexIfNotExists(x, "project_issue", "UQE_project_issue_project_issue", "project_id, issue_id"); err != nil {
+		return err
+	}
+	if err := createUniqueIndexIfNotExists(x, "project_board", "UQE_project_board_project_sorting", "project_id, sorting"); err != nil {
+		return err
+	}
+
+	// Step 5: Enforce NOT NULL on project_issue columns.
+	// The struct tags declare NOT NULL but the DB may not enforce it.
+	// On SQLite, RecreateTables rebuilds the table with NOT NULL and unique constraints.
+	return enforceProjectIssueNotNull(x)
+}
+
+func createUniqueIndexIfNotExists(x *xorm.Engine, tableName, indexName, columns string) error {
+	exists, err := indexExists(x, tableName, indexName)
+	if err != nil {
+		return err
+	}
+	if exists {
+		return nil
+	}
+	_, err = x.Exec(fmt.Sprintf("CREATE UNIQUE INDEX %s ON %s (%s)", indexName, tableName, columns))
+	return err
+}
+
+func fixProjectIssueDuplicates(x *xorm.Engine) error {
+	switch {
+	case setting.Database.Type.IsSQLite3():
+		// SQLite: Use UPDATE with subquery
+		_, err := x.Exec(`
+			UPDATE project_issue SET sorting = (
+				SELECT new_sort FROM (
+					SELECT id, ROW_NUMBER() OVER (PARTITION BY project_board_id ORDER BY sorting, id) - 1 as new_sort
+					FROM project_issue
+				) ranked WHERE ranked.id = project_issue.id
+			)
+		`)
+		return err
+
+	case setting.Database.Type.IsPostgreSQL():
+		// PostgreSQL: Use UPDATE FROM with subquery
+		_, err := x.Exec(`
+			UPDATE project_issue pi SET sorting = ranked.new_sort
+			FROM (
+				SELECT id, ROW_NUMBER() OVER (PARTITION BY project_board_id ORDER BY sorting, id) - 1 as new_sort
+				FROM project_issue
+			) ranked
+			WHERE pi.id = ranked.id
+		`)
+		return err
+
+	case setting.Database.Type.IsMySQL():
+		// MySQL: Use UPDATE with JOIN
+		_, err := x.Exec(`
+			UPDATE project_issue pi
+			INNER JOIN (
+				SELECT id, ROW_NUMBER() OVER (PARTITION BY project_board_id ORDER BY sorting, id) - 1 as new_sort
+				FROM project_issue
+			) ranked ON pi.id = ranked.id
+			SET pi.sorting = ranked.new_sort
+		`)
+		return err
+
+	default:
+		return fmt.Errorf("unsupported db dialect type %v", x.Dialect().URI().DBType)
+	}
+}
+
+func fixProjectBoardDuplicates(x *xorm.Engine) error {
+	switch {
+	case setting.Database.Type.IsSQLite3():
+		// SQLite: Use UPDATE with subquery
+		_, err := x.Exec(`
+			UPDATE project_board SET sorting = (
+				SELECT new_sort FROM (
+					SELECT id, ROW_NUMBER() OVER (PARTITION BY project_id ORDER BY sorting, id) - 1 as new_sort
+					FROM project_board
+				) ranked WHERE ranked.id = project_board.id
+			)
+		`)
+		return err
+
+	case setting.Database.Type.IsPostgreSQL():
+		// PostgreSQL: Use UPDATE FROM with subquery
+		_, err := x.Exec(`
+			UPDATE project_board pb SET sorting = ranked.new_sort
+			FROM (
+				SELECT id, ROW_NUMBER() OVER (PARTITION BY project_id ORDER BY sorting, id) - 1 as new_sort
+				FROM project_board
+			) ranked
+			WHERE pb.id = ranked.id
+		`)
+		return err
+
+	case setting.Database.Type.IsMySQL():
+		// MySQL: Use UPDATE with JOIN
+		_, err := x.Exec(`
+			UPDATE project_board pb
+			INNER JOIN (
+				SELECT id, ROW_NUMBER() OVER (PARTITION BY project_id ORDER BY sorting, id) - 1 as new_sort
+				FROM project_board
+			) ranked ON pb.id = ranked.id
+			SET pb.sorting = ranked.new_sort
+		`)
+		return err
+
+	default:
+		return fmt.Errorf("unsupported db dialect type %v", x.Dialect().URI().DBType)
+	}
+}
+
+func enforceProjectIssueNotNull(x *xorm.Engine) error {
+	switch {
+	case setting.Database.Type.IsSQLite3():
+		type ProjectIssue struct {
+			ID              int64 `xorm:"pk autoincr"`
+			IssueID         int64 `xorm:"INDEX NOT NULL unique(project_issue)"`
+			ProjectID       int64 `xorm:"INDEX NOT NULL unique(project_issue)"`
+			ProjectColumnID int64 `xorm:"'project_board_id' INDEX NOT NULL unique(column_sorting)"`
+			Sorting         int64 `xorm:"NOT NULL DEFAULT 0 unique(column_sorting)"`
+		}
+		return base.RecreateTables(new(ProjectIssue))(x)
+
+	case setting.Database.Type.IsPostgreSQL():
+		for _, col := range []string{"issue_id", "project_id", "project_board_id"} {
+			if _, err := x.Exec(fmt.Sprintf("ALTER TABLE project_issue ALTER COLUMN %s SET NOT NULL", col)); err != nil {
+				return err
+			}
+		}
+		return nil
+
+	case setting.Database.Type.IsMySQL():
+		for _, col := range []string{"issue_id", "project_id", "project_board_id"} {
+			if _, err := x.Exec(fmt.Sprintf("ALTER TABLE project_issue MODIFY COLUMN %s BIGINT NOT NULL", col)); err != nil {
+				return err
+			}
+		}
+		return nil
+
+	default:
+		return fmt.Errorf("unsupported db dialect type %v", x.Dialect().URI().DBType)
+	}
+}
+
+// fixProjectIssueDuplicateAssignments removes duplicate (project_id, issue_id) rows,
+// keeping only the row with the lowest id for each pair.
+func fixProjectIssueDuplicateAssignments(x *xorm.Engine) error {
+	switch {
+	case setting.Database.Type.IsSQLite3():
+		_, err := x.Exec(`
+			DELETE FROM project_issue WHERE id NOT IN (
+				SELECT MIN(id) FROM project_issue GROUP BY project_id, issue_id
+			)
+		`)
+		return err
+
+	case setting.Database.Type.IsPostgreSQL():
+		_, err := x.Exec(`
+			DELETE FROM project_issue pi USING project_issue pi2
+			WHERE pi.project_id = pi2.project_id AND pi.issue_id = pi2.issue_id AND pi.id > pi2.id
+		`)
+		return err
+
+	case setting.Database.Type.IsMySQL():
+		_, err := x.Exec(`
+			DELETE pi FROM project_issue pi
+			INNER JOIN project_issue pi2
+			ON pi.project_id = pi2.project_id AND pi.issue_id = pi2.issue_id AND pi.id > pi2.id
+		`)
+		return err
+
+	default:
+		return fmt.Errorf("unsupported db dialect type %v", x.Dialect().URI().DBType)
+	}
+}
diff --git a/models/gitea_migrations/fixtures/Test_CheckProjectColumnsConsistency/project_board.yml b/models/gitea_migrations/fixtures/Test_CheckProjectColumnsConsistency/project_board.yml
index 2e1b1c7eee..d7eab38185 100644
--- a/models/gitea_migrations/fixtures/Test_CheckProjectColumnsConsistency/project_board.yml
+++ b/models/gitea_migrations/fixtures/Test_CheckProjectColumnsConsistency/project_board.yml
@@ -4,6 +4,7 @@
   title: Done
   creator_id: 2
   default: false
+  sorting: 1
   created_unix: 1588117528
   updated_unix: 1588117528
 
@@ -13,6 +14,7 @@
   title: Backlog
   creator_id: 2
   default: true
+  sorting: 0
   created_unix: 1588117528
   updated_unix: 1588117528
 
@@ -22,5 +24,6 @@
   title: Uncategorized
   creator_id: 2
   default: true
+  sorting: 1
   created_unix: 1588117528
   updated_unix: 1588117528
diff --git a/models/project/column.go b/models/project/column.go
index 20de39357b..858a531bfc 100644
--- a/models/project/column.go
+++ b/models/project/column.go
@@ -10,6 +10,7 @@ import (
 	"regexp"
 
 	"forgejo.org/models/db"
+	"forgejo.org/modules/container"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
@@ -42,10 +43,10 @@ type Column struct {
 	ID      int64 `xorm:"pk autoincr"`
 	Title   string
 	Default bool   `xorm:"NOT NULL DEFAULT false"` // issues not assigned to a specific column will be assigned to this column
-	Sorting int8   `xorm:"NOT NULL DEFAULT 0"`
+	Sorting int8   `xorm:"NOT NULL DEFAULT 0 unique(project_sorting)"`
 	Color   string `xorm:"VARCHAR(7)"`
 
-	ProjectID int64 `xorm:"INDEX NOT NULL"`
+	ProjectID int64 `xorm:"INDEX NOT NULL unique(project_sorting)"`
 	CreatorID int64 `xorm:"NOT NULL"`
 
 	CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
@@ -103,8 +104,9 @@ func createDefaultColumnsForProject(ctx context.Context, project *Project) error
 			Title:       "Backlog",
 			ProjectID:   project.ID,
 			Default:     true,
+			Sorting:     0,
 		}
-		if err := db.Insert(ctx, column); err != nil {
+		if err := db.Insert(ctx, &column); err != nil {
 			return err
 		}
 
@@ -113,12 +115,13 @@ func createDefaultColumnsForProject(ctx context.Context, project *Project) error
 		}
 
 		columns := make([]Column, 0, len(items))
-		for _, v := range items {
+		for i, v := range items {
 			columns = append(columns, Column{
 				CreatedUnix: timeutil.TimeStampNow(),
 				CreatorID:   project.CreatorID,
 				Title:       v,
 				ProjectID:   project.ID,
+				Sorting:     int8(i + 1),
 			})
 		}
 
@@ -215,9 +218,7 @@ func GetColumn(ctx context.Context, columnID int64) (*Column, error) {
 func UpdateColumn(ctx context.Context, column *Column) error {
 	var fieldToUpdate []string
 
-	if column.Sorting != 0 {
-		fieldToUpdate = append(fieldToUpdate, "sorting")
-	}
+	fieldToUpdate = append(fieldToUpdate, "sorting")
 
 	if column.Title != "" {
 		fieldToUpdate = append(fieldToUpdate, "title")
@@ -257,12 +258,22 @@ func (p *Project) GetDefaultColumn(ctx context.Context) (*Column, error) {
 		return &column, nil
 	}
 
-	// create a default column if none is found
+	// create a default column if none is found, using the next available sorting value
+	res := struct {
+		MaxSorting  int64
+		ColumnCount int64
+	}{}
+	if _, err := db.GetEngine(ctx).Select("max(sorting) as max_sorting, count(*) as column_count").
+		Table("project_board").Where("project_id=?", p.ID).Get(&res); err != nil {
+		return nil, err
+	}
+
 	column = Column{
 		ProjectID: p.ID,
 		Default:   true,
 		Title:     "Uncategorized",
 		CreatorID: p.CreatorID,
+		Sorting:   int8(util.Iif(res.ColumnCount > 0, res.MaxSorting+1, 0)),
 	}
 	if _, err := db.GetEngine(ctx).Insert(&column); err != nil {
 		return nil, err
@@ -305,27 +316,59 @@ func GetColumnsByIDs(ctx context.Context, projectID int64, columnsIDs []int64) (
 	return columns, nil
 }
 
-// MoveColumnsOnProject sorts columns in a project
+// MoveColumnsOnProject sorts columns in a project using a two-phase approach
+// to avoid unique constraint collisions during swap operations.
+// All columns in the project must be included in the sortedColumnIDs map.
 func MoveColumnsOnProject(ctx context.Context, project *Project, sortedColumnIDs map[int64]int64) error {
 	return db.WithTx(ctx, func(ctx context.Context) error {
 		sess := db.GetEngine(ctx)
+
+		// Validate no duplicate column IDs in map values
+		columnIDSet := make(container.Set[int64], len(sortedColumnIDs))
+		for _, columnID := range sortedColumnIDs {
+			if !columnIDSet.Add(columnID) {
+				return errors.New("duplicate column ID in reorder request")
+			}
+		}
+
+		// Validate all columns exist and belong to this project
+		allColumns, err := project.GetColumns(ctx)
+		if err != nil {
+			return err
+		}
+		if len(allColumns) != len(sortedColumnIDs) {
+			return errors.New("all columns in the project must be included in the reorder request")
+		}
+
 		columnIDs := util.ValuesOfMap(sortedColumnIDs)
 		movedColumns, err := GetColumnsByIDs(ctx, project.ID, columnIDs)
 		if err != nil {
 			return err
 		}
 		if len(movedColumns) != len(sortedColumnIDs) {
-			return errors.New("some columns do not exist")
+			return errors.New("some columns do not exist in this project")
 		}
 
+		// Build reverse map: columnID → target sorting
+		targetSortingByColumn := make(map[int64]int64, len(sortedColumnIDs))
+		for sorting, columnID := range sortedColumnIDs {
+			targetSortingByColumn[columnID] = sorting
+		}
+
+		// Phase 1: negate using target sorting values (guaranteed unique since
+		// they are map keys) to avoid unique constraint collisions during swap
 		for _, column := range movedColumns {
-			if column.ProjectID != project.ID {
-				return fmt.Errorf("column[%d]'s projectID is not equal to project's ID [%d]", column.ProjectID, project.ID)
+			targetSorting := targetSortingByColumn[column.ID]
+			if _, err := sess.Exec("UPDATE `project_board` SET sorting=? WHERE id=?",
+				-(targetSorting + 1), column.ID); err != nil {
+				return err
 			}
 		}
 
+		// Phase 2: set final values
 		for sorting, columnID := range sortedColumnIDs {
-			if _, err := sess.Exec("UPDATE `project_board` SET sorting=? WHERE id=?", sorting, columnID); err != nil {
+			if _, err := sess.Exec("UPDATE `project_board` SET sorting=? WHERE id=?",
+				sorting, columnID); err != nil {
 				return err
 			}
 		}
diff --git a/models/project/column_test.go b/models/project/column_test.go
index 4fc452df33..aef7a6f9d4 100644
--- a/models/project/column_test.go
+++ b/models/project/column_test.go
@@ -84,9 +84,9 @@ func Test_MoveColumnsOnProject(t *testing.T) {
 	columns, err := project1.GetColumns(db.DefaultContext)
 	require.NoError(t, err)
 	assert.Len(t, columns, 3)
-	assert.EqualValues(t, 0, columns[0].Sorting) // even if there is no default sorting, the code should also work
-	assert.EqualValues(t, 0, columns[1].Sorting)
-	assert.EqualValues(t, 0, columns[2].Sorting)
+	assert.EqualValues(t, 0, columns[0].Sorting)
+	assert.EqualValues(t, 1, columns[1].Sorting)
+	assert.EqualValues(t, 2, columns[2].Sorting)
 
 	err = MoveColumnsOnProject(db.DefaultContext, project1, map[int64]int64{
 		0: columns[1].ID,
@@ -103,6 +103,59 @@ func Test_MoveColumnsOnProject(t *testing.T) {
 	assert.Equal(t, columns[0].ID, columnsAfter[2].ID)
 }
 
+func TestMoveColumnsOnProjectSwap(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	project1 := unittest.AssertExistsAndLoadBean(t, &Project{ID: 1})
+	columns, err := project1.GetColumns(db.DefaultContext)
+	require.NoError(t, err)
+	require.Len(t, columns, 3)
+
+	// First give them distinct positions
+	err = MoveColumnsOnProject(db.DefaultContext, project1, map[int64]int64{
+		0: columns[0].ID,
+		1: columns[1].ID,
+		2: columns[2].ID,
+	})
+	require.NoError(t, err)
+
+	// Now swap columns 0 and 1 (would collide under single-phase update)
+	err = MoveColumnsOnProject(db.DefaultContext, project1, map[int64]int64{
+		0: columns[1].ID,
+		1: columns[0].ID,
+		2: columns[2].ID,
+	})
+	require.NoError(t, err)
+
+	columnsAfter, err := project1.GetColumns(db.DefaultContext)
+	require.NoError(t, err)
+	assert.Len(t, columnsAfter, 3)
+	assert.Equal(t, columns[1].ID, columnsAfter[0].ID)
+	assert.Equal(t, columns[0].ID, columnsAfter[1].ID)
+	assert.Equal(t, columns[2].ID, columnsAfter[2].ID)
+}
+
+func TestUpdateColumnSortingZero(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	column := unittest.AssertExistsAndLoadBean(t, &Column{ID: 1})
+	column.Sorting = 5
+	require.NoError(t, UpdateColumn(db.DefaultContext, column))
+
+	// Verify it was set to 5
+	updated, err := GetColumn(db.DefaultContext, column.ID)
+	require.NoError(t, err)
+	assert.Equal(t, int8(5), updated.Sorting)
+
+	// Now set it back to 0
+	column.Sorting = 0
+	require.NoError(t, UpdateColumn(db.DefaultContext, column))
+
+	updated, err = GetColumn(db.DefaultContext, column.ID)
+	require.NoError(t, err)
+	assert.Equal(t, int8(0), updated.Sorting)
+}
+
 func Test_NewColumn(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
diff --git a/models/project/issue.go b/models/project/issue.go
index d404033446..41caac991a 100644
--- a/models/project/issue.go
+++ b/models/project/issue.go
@@ -6,6 +6,7 @@ package project
 import (
 	"context"
 	"errors"
+	"slices"
 
 	"forgejo.org/models/db"
 	"forgejo.org/modules/log"
@@ -15,14 +16,14 @@ import (
 // ProjectIssue saves relation from issue to a project
 type ProjectIssue struct { //revive:disable-line:exported
 	ID        int64 `xorm:"pk autoincr"`
-	IssueID   int64 `xorm:"INDEX"`
-	ProjectID int64 `xorm:"INDEX"`
+	IssueID   int64 `xorm:"INDEX NOT NULL unique(project_issue)"`
+	ProjectID int64 `xorm:"INDEX NOT NULL unique(project_issue)"`
 
 	// ProjectColumnID should not be zero since 1.22. If it's zero, the issue will not be displayed on UI and it might result in errors.
-	ProjectColumnID int64 `xorm:"'project_board_id' INDEX"`
+	ProjectColumnID int64 `xorm:"'project_board_id' INDEX NOT NULL unique(column_sorting)"`
 
 	// the sorting order on the column
-	Sorting int64 `xorm:"NOT NULL DEFAULT 0"`
+	Sorting int64 `xorm:"NOT NULL DEFAULT 0 unique(column_sorting)"`
 }
 
 func init() {
@@ -62,26 +63,86 @@ func (p *Project) NumOpenIssues(ctx context.Context) int {
 	return int(c)
 }
 
-// MoveIssuesOnProjectColumn moves or keeps issues in a column and sorts them inside that column
+// MoveIssuesOnProjectColumn moves or keeps issues in a column and sorts them inside that column.
+// The sortedIssueIDs map keys are sorting positions and values are issue IDs.
+// Cards not in the map that already exist in the target column are shifted to
+// positions after the highest requested sorting value.
 func MoveIssuesOnProjectColumn(ctx context.Context, column *Column, sortedIssueIDs map[int64]int64) error {
+	if len(sortedIssueIDs) == 0 {
+		return nil
+	}
 	return db.WithTx(ctx, func(ctx context.Context) error {
 		sess := db.GetEngine(ctx)
 		issueIDs := util.ValuesOfMap(sortedIssueIDs)
 
-		count, err := sess.Table(new(ProjectIssue)).Where("project_id=?", column.ProjectID).In("issue_id", issueIDs).Count()
+		// Build reverse map: issueID → sorting and validate no duplicate issue IDs
+		sortingByIssue := make(map[int64]int64, len(sortedIssueIDs))
+		for sorting, issueID := range sortedIssueIDs {
+			sortingByIssue[issueID] = sorting
+		}
+		if len(sortingByIssue) != len(sortedIssueIDs) {
+			return errors.New("duplicate issue IDs in reorder request")
+		}
+
+		// Validate all issues exist and belong to this project
+		count, err := sess.Table(new(ProjectIssue)).
+			Where("project_id=?", column.ProjectID).
+			In("issue_id", issueIDs).Count()
 		if err != nil {
 			return err
 		}
 		if int(count) != len(sortedIssueIDs) {
-			return errors.New("all issues have to be added to a project first")
+			return errors.New("all issues must belong to the specified project")
 		}
 
-		for sorting, issueID := range sortedIssueIDs {
-			_, err = sess.Exec("UPDATE `project_issue` SET project_board_id=?, sorting=? WHERE issue_id=?", column.ID, sorting, issueID)
+		// Sort issue IDs to ensure consistent lock ordering across concurrent transactions.
+		// This prevents deadlocks when multiple transactions update overlapping rows.
+		slices.Sort(issueIDs)
+
+		// Phase 1: Negate sorting for ALL cards currently in the target column
+		// to free up all positive sorting positions. This prevents collisions
+		// when moved cards are assigned their final positions.
+		if _, err := sess.Exec("UPDATE `project_issue` SET sorting = -(sorting + 1) WHERE project_board_id=? AND sorting >= 0",
+			column.ID); err != nil {
+			return err
+		}
+
+		// Phase 2: Move the specified cards to the target column with their
+		// final sorting values. Since all existing cards in the column now have
+		// negative sorting, there are no collisions.
+		for _, issueID := range issueIDs {
+			_, err := sess.Exec("UPDATE `project_issue` SET project_board_id=?, sorting=? WHERE project_id=? AND issue_id=?",
+				column.ID, sortingByIssue[issueID], column.ProjectID, issueID)
 			if err != nil {
 				return err
 			}
 		}
+
+		// Phase 3: Re-pack any remaining cards in the column that still have
+		// negative sorting (these are pre-existing cards NOT in the move set).
+		// Assign them positions after the highest requested sorting value.
+		var maxSorting int64
+		for sorting := range sortedIssueIDs {
+			if sorting > maxSorting {
+				maxSorting = sorting
+			}
+		}
+
+		var remainingCards []ProjectIssue
+		if err := sess.Where("project_board_id=? AND sorting < 0", column.ID).
+			OrderBy("sorting DESC"). // original order was -(original+1), so DESC gives ascending original order
+			Find(&remainingCards); err != nil {
+			return err
+		}
+		nextSorting := maxSorting + 1
+		for _, card := range remainingCards {
+			if _, err := sess.Exec("UPDATE `project_issue` SET sorting=? WHERE id=?",
+				nextSorting, card.ID); err != nil {
+				return err
+			}
+			nextSorting++
+		}
+
 		return nil
 	})
 }
diff --git a/models/project/issue_test.go b/models/project/issue_test.go
new file mode 100644
index 0000000000..95a10182d3
--- /dev/null
+++ b/models/project/issue_test.go
@@ -0,0 +1,149 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package project
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestMoveIssuesOnProjectColumn(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	// Get column 1 which belongs to project 1 and has issue 1
+	column := unittest.AssertExistsAndLoadBean(t, &Column{ID: 1})
+	require.Equal(t, int64(1), column.ProjectID)
+
+	t.Run("Success", func(t *testing.T) {
+		// Issue 1 is in column 1 (from fixtures)
+		sortedIssueIDs := map[int64]int64{
+			0: 1, // sorting position 0 -> issue_id 1
+		}
+		err := MoveIssuesOnProjectColumn(db.DefaultContext, column, sortedIssueIDs)
+		require.NoError(t, err)
+
+		// Verify the sorting was updated using direct DB query
+		var card ProjectIssue
+		has, err := db.GetEngine(db.DefaultContext).Where("project_id=? AND issue_id=?", column.ProjectID, 1).Get(&card)
+		require.NoError(t, err)
+		require.True(t, has)
+		assert.Equal(t, int64(0), card.Sorting)
+	})
+
+	t.Run("MoveIssueFromDifferentColumn", func(t *testing.T) {
+		// Issue 3 is in column 2, not column 1 — but same project, so cross-column move should succeed
+		sortedIssueIDs := map[int64]int64{
+			0: 3,
+		}
+		err := MoveIssuesOnProjectColumn(db.DefaultContext, column, sortedIssueIDs)
+		require.NoError(t, err)
+
+		// Verify the card was moved to column 1 and sorting updated
+		var card ProjectIssue
+		has, err := db.GetEngine(db.DefaultContext).Where("project_id=? AND issue_id=?", column.ProjectID, 3).Get(&card)
+		require.NoError(t, err)
+		require.True(t, has)
+		assert.Equal(t, column.ID, card.ProjectColumnID)
+		assert.Equal(t, int64(0), card.Sorting)
+	})
+
+	t.Run("ErrorIssueNotInProject", func(t *testing.T) {
+		// Issue 999 doesn't exist
+		sortedIssueIDs := map[int64]int64{
+			0: 999,
+		}
+		err := MoveIssuesOnProjectColumn(db.DefaultContext, column, sortedIssueIDs)
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "all issues must belong to the specified project")
+	})
+}
+
+func TestMoveIssuesOnProjectColumnSwap(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	column := unittest.AssertExistsAndLoadBean(t, &Column{ID: 1})
+
+	// Setup: insert two cards at distinct positions using direct DB inserts
+	card1 := &ProjectIssue{
+		IssueID:         14,
+		ProjectID:       1,
+		ProjectColumnID: column.ID,
+		Sorting:         10,
+	}
+	card2 := &ProjectIssue{
+		IssueID:         15,
+		ProjectID:       1,
+		ProjectColumnID: column.ID,
+		Sorting:         11,
+	}
+	_, err := db.GetEngine(db.DefaultContext).Insert(card1)
+	require.NoError(t, err)
+	_, err = db.GetEngine(db.DefaultContext).Insert(card2)
+	require.NoError(t, err)
+
+	// Swap them: card at 10→11, card at 11→10
+	sortedIssueIDs := map[int64]int64{
+		11: 14, // issue 14 goes to position 11
+		10: 15, // issue 15 goes to position 10
+	}
+	err = MoveIssuesOnProjectColumn(db.DefaultContext, column, sortedIssueIDs)
+	require.NoError(t, err)
+
+	var resultCard14 ProjectIssue
+	has, err := db.GetEngine(db.DefaultContext).Where("project_id=? AND issue_id=?", 1, 14).Get(&resultCard14)
+	require.NoError(t, err)
+	require.True(t, has)
+	assert.Equal(t, int64(11), resultCard14.Sorting)
+
+	var resultCard15 ProjectIssue
+	has, err = db.GetEngine(db.DefaultContext).Where("project_id=? AND issue_id=?", 1, 15).Get(&resultCard15)
+	require.NoError(t, err)
+	require.True(t, has)
+	assert.Equal(t, int64(10), resultCard15.Sorting)
+}
+
+func TestMoveIssuesOnProjectColumnEmptyMap(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	column := unittest.AssertExistsAndLoadBean(t, &Column{ID: 1})
+	err := MoveIssuesOnProjectColumn(db.DefaultContext, column, map[int64]int64{})
+	require.NoError(t, err) // empty map should be a no-op
+}
+
+func TestMoveIssuesOnProjectColumnDuplicateIssueIDs(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	column := unittest.AssertExistsAndLoadBean(t, &Column{ID: 1})
+	err := MoveIssuesOnProjectColumn(db.DefaultContext, column, map[int64]int64{
+		0: 1,
+		1: 1, // duplicate issue ID
+	})
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "duplicate issue IDs")
+}
+
+func TestMoveIssuesToAnotherColumnErrorPaths(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("DifferentProject", func(t *testing.T) {
+		col1 := unittest.AssertExistsAndLoadBean(t, &Column{ID: 1, ProjectID: 1})
+		col5 := unittest.AssertExistsAndLoadBean(t, &Column{ID: 5, ProjectID: 2})
+
+		err := col1.moveIssuesToAnotherColumn(db.DefaultContext, col5)
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "columns have to be in the same project")
+	})
+
+	t.Run("SameColumnIsNoOp", func(t *testing.T) {
+		col1 := unittest.AssertExistsAndLoadBean(t, &Column{ID: 1, ProjectID: 1})
+
+		err := col1.moveIssuesToAnotherColumn(db.DefaultContext, col1)
+		require.NoError(t, err)
+	})
+}

From a1eff6f0dc5060e058278d162ce423ddff03c491 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 15 Feb 2026 10:57:25 -0700
Subject: [PATCH 361/854] feat: backend DB model for fine-grained repo access
 tokens

---
 .deadcode-out                                 |  1 +
 cmd/admin_user_create.go                      | 10 ++++-
 cmd/admin_user_generate_access_token.go       |  4 ++
 .../access_token_resource_repo.yml            |  9 ++++
 models/auth/access_token.go                   |  2 +
 models/auth/access_token_resource.go          | 36 ++++++++++++++++
 models/auth/access_token_resource_test.go     | 41 +++++++++++++++++++
 .../v15b_add-access_token-owned-repos.go      | 23 +++++++++++
 .../v15b_add-access_token_resource.go         | 29 +++++++++++++
 modules/activitypub/main_test.go              |  2 +
 .../indexer/issues/internal/qstring_test.go   |  2 +
 routers/api/v1/user/app.go                    |  4 ++
 routers/web/user/setting/applications.go      |  4 ++
 13 files changed, 166 insertions(+), 1 deletion(-)
 create mode 100644 models/auth/TestGetRepositoriesAccessibleWithToken/access_token_resource_repo.yml
 create mode 100644 models/auth/access_token_resource.go
 create mode 100644 models/auth/access_token_resource_test.go
 create mode 100644 models/forgejo_migrations/v15b_add-access_token-owned-repos.go
 create mode 100644 models/forgejo_migrations/v15b_add-access_token_resource.go

diff --git a/.deadcode-out b/.deadcode-out
index 6d2c35e374..790e47fb4c 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -14,6 +14,7 @@ forgejo.org/models
 	IsErrMergeDivergingFastForwardOnly
 
 forgejo.org/models/auth
+	GetRepositoriesAccessibleWithToken
 	WebAuthnCredentials
 
 forgejo.org/models/db
diff --git a/cmd/admin_user_create.go b/cmd/admin_user_create.go
index e3800bdb59..2881091589 100644
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@@ -205,7 +205,15 @@ func runCreateUser(ctx context.Context, c *cli.Command) error {
 
 	// create the access token
 	if accessTokenScope != "" {
-		t := &auth_model.AccessToken{Name: accessTokenName, UID: u.ID, Scope: accessTokenScope}
+		t := &auth_model.AccessToken{
+			Name:  accessTokenName,
+			UID:   u.ID,
+			Scope: accessTokenScope,
+
+			// maintain legacy behaviour until new CLI options are added -- token has access to all resources, is not
+			// fine-grained
+			ResourceAllRepos: true,
+		}
 		if err := auth_model.NewAccessToken(ctx, t); err != nil {
 			return err
 		}
diff --git a/cmd/admin_user_generate_access_token.go b/cmd/admin_user_generate_access_token.go
index 0a3a7fa89d..8b1d14f946 100644
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@@ -86,6 +86,10 @@ func runGenerateAccessToken(ctx context.Context, c *cli.Command) error {
 	}
 	t.Scope = accessTokenScope
 
+	// maintain legacy behaviour until new CLI options are added -- token has access to all resources, is not
+	// fine-grained
+	t.ResourceAllRepos = true
+
 	// create the token
 	if err := auth_model.NewAccessToken(ctx, t); err != nil {
 		return err
diff --git a/models/auth/TestGetRepositoriesAccessibleWithToken/access_token_resource_repo.yml b/models/auth/TestGetRepositoriesAccessibleWithToken/access_token_resource_repo.yml
new file mode 100644
index 0000000000..e3266a8c91
--- /dev/null
+++ b/models/auth/TestGetRepositoriesAccessibleWithToken/access_token_resource_repo.yml
@@ -0,0 +1,9 @@
+- token_id: 3
+  repo_id: 1
+  created_unix: 1772158384
+- token_id: 3
+  repo_id: 2
+  created_unix: 1772158384
+- token_id: 3
+  repo_id: 3
+  created_unix: 1772158384
diff --git a/models/auth/access_token.go b/models/auth/access_token.go
index ceade7dbad..85b89055e1 100644
--- a/models/auth/access_token.go
+++ b/models/auth/access_token.go
@@ -73,6 +73,8 @@ type AccessToken struct {
 	UpdatedUnix       timeutil.TimeStamp `xorm:"INDEX updated"`
 	HasRecentActivity bool               `xorm:"-"`
 	HasUsed           bool               `xorm:"-"`
+
+	ResourceAllRepos bool `xorm:"NOT NULL DEFAULT TRUE"` // flag for whether AccessTokenResourceRepo instances will limit the resources this access token can access (false) or won't limit them (true).
 }
 
 // AfterLoad is invoked from XORM after setting the values of all fields of this object.
diff --git a/models/auth/access_token_resource.go b/models/auth/access_token_resource.go
new file mode 100644
index 0000000000..1e29ac4765
--- /dev/null
+++ b/models/auth/access_token_resource.go
@@ -0,0 +1,36 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package auth
+
+import (
+	"context"
+
+	"forgejo.org/models/db"
+	"forgejo.org/modules/timeutil"
+)
+
+// Represents a many-to-many join table which indicates specific repositories (RepoID) that can be accessed by an access
+// token (TokenID).  An access token's ResourceAllRepos field must be false for records in this table to become active.
+type AccessTokenResourceRepo struct {
+	ID      int64 `xorm:"pk autoincr"`
+	TokenID int64 `xorm:"NOT NULL REFERENCES(access_token, id)"` // needs to be shortened from "AccessTokenID" for the index to fit MySQL table identifier length restrictions
+	RepoID  int64 `xorm:"NOT NULL REFERENCES(repository, id)"`
+
+	CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"`
+}
+
+func init() {
+	db.RegisterModel(new(AccessTokenResourceRepo))
+}
+
+func GetRepositoriesAccessibleWithToken(ctx context.Context, accessTokenID int64) ([]*AccessTokenResourceRepo, error) {
+	var resources []*AccessTokenResourceRepo
+	err := db.GetEngine(ctx).
+		Where("token_id = ?", accessTokenID).
+		Find(&resources)
+	if err != nil {
+		return nil, err
+	}
+	return resources, nil
+}
diff --git a/models/auth/access_token_resource_test.go b/models/auth/access_token_resource_test.go
new file mode 100644
index 0000000000..722dcc070d
--- /dev/null
+++ b/models/auth/access_token_resource_test.go
@@ -0,0 +1,41 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package auth_test
+
+import (
+	"testing"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGetRepositoriesAccessibleWithToken(t *testing.T) {
+	defer unittest.OverrideFixtures("models/auth/TestGetRepositoriesAccessibleWithToken")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("No Resources", func(t *testing.T) {
+		resources, err := auth_model.GetRepositoriesAccessibleWithToken(db.DefaultContext, 999)
+		require.NoError(t, err)
+		assert.Empty(t, resources)
+	})
+
+	t.Run("Has Resources", func(t *testing.T) {
+		resources, err := auth_model.GetRepositoriesAccessibleWithToken(db.DefaultContext, 3)
+		require.NoError(t, err)
+		require.Len(t, resources, 3)
+
+		// Verify all expected repo IDs are present
+		repoIDs := make([]int64, len(resources))
+		for i, res := range resources {
+			repoIDs[i] = res.RepoID
+		}
+		assert.Contains(t, repoIDs, int64(1))
+		assert.Contains(t, repoIDs, int64(2))
+		assert.Contains(t, repoIDs, int64(3))
+	})
+}
diff --git a/models/forgejo_migrations/v15b_add-access_token-owned-repos.go b/models/forgejo_migrations/v15b_add-access_token-owned-repos.go
new file mode 100644
index 0000000000..dd96c55c05
--- /dev/null
+++ b/models/forgejo_migrations/v15b_add-access_token-owned-repos.go
@@ -0,0 +1,23 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add resource_all_owned_repositories to table access_token",
+		Upgrade:     addAllOwnedRepositoriesToAccessToken,
+	})
+}
+
+func addAllOwnedRepositoriesToAccessToken(x *xorm.Engine) error {
+	type AccessToken struct {
+		ResourceAllRepos bool `xorm:"NOT NULL DEFAULT TRUE"`
+	}
+	_, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, new(AccessToken))
+	return err
+}
diff --git a/models/forgejo_migrations/v15b_add-access_token_resource.go b/models/forgejo_migrations/v15b_add-access_token_resource.go
new file mode 100644
index 0000000000..2e4afbcd43
--- /dev/null
+++ b/models/forgejo_migrations/v15b_add-access_token_resource.go
@@ -0,0 +1,29 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"forgejo.org/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add access_token_resource table",
+		Upgrade:     addAccessTokenResource,
+	})
+}
+
+func addAccessTokenResource(x *xorm.Engine) error {
+	type AccessTokenResourceRepo struct {
+		ID      int64 `xorm:"pk autoincr"`
+		TokenID int64 `xorm:"NOT NULL REFERENCES(access_token, id)"` // needs to be shortened from "AccessTokenID" for the index to fit MySQL table identifier length restrictions
+		RepoID  int64 `xorm:"NOT NULL REFERENCES(repository, id)"`
+
+		CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"`
+	}
+	_, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, new(AccessTokenResourceRepo))
+	return err
+}
diff --git a/modules/activitypub/main_test.go b/modules/activitypub/main_test.go
index a3f173f408..3f1a1b3562 100644
--- a/modules/activitypub/main_test.go
+++ b/modules/activitypub/main_test.go
@@ -7,6 +7,8 @@ import (
 	"testing"
 
 	"forgejo.org/models/unittest"
+
+	_ "forgejo.org/modules/testimport"
 )
 
 func TestMain(m *testing.M) {
diff --git a/modules/indexer/issues/internal/qstring_test.go b/modules/indexer/issues/internal/qstring_test.go
index 2ad924076f..66c8a66ca3 100644
--- a/modules/indexer/issues/internal/qstring_test.go
+++ b/modules/indexer/issues/internal/qstring_test.go
@@ -11,6 +11,8 @@ import (
 	"forgejo.org/models/user"
 	"forgejo.org/modules/optional"
 
+	_ "forgejo.org/modules/testimport"
+
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go
index d65d082e6d..a75c389a34 100644
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -128,6 +128,10 @@ func CreateAccessToken(ctx *context.APIContext) {
 	}
 	t.Scope = scope
 
+	// maintain legacy behaviour until new API options are added -- token has access to all resources, is not
+	// fine-grained
+	t.ResourceAllRepos = true
+
 	if err := auth_model.NewAccessToken(ctx, t); err != nil {
 		ctx.Error(http.StatusInternalServerError, "NewAccessToken", err)
 		return
diff --git a/routers/web/user/setting/applications.go b/routers/web/user/setting/applications.go
index e73239b79b..359f0c1dce 100644
--- a/routers/web/user/setting/applications.go
+++ b/routers/web/user/setting/applications.go
@@ -56,6 +56,10 @@ func ApplicationsPost(ctx *context.Context) {
 		UID:   ctx.Doer.ID,
 		Name:  form.Name,
 		Scope: scope,
+
+		// maintain legacy behaviour until new UI options are added -- token has access to all resources, is not
+		// fine-grained
+		ResourceAllRepos: true,
 	}
 
 	exist, err := auth_model.AccessTokenByNameExists(ctx, t)

From 44c18465b560dd426cb03630803fc8bd1bd9c520 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 15 Feb 2026 10:58:52 -0700
Subject: [PATCH 362/854] feat: services/authz package for evaluating
 fine-grained access token

---
 .../access_token.yml                          |  31 +++++
 .../access_token_resource_repo.yml            |   5 +
 services/authz/access_token.go                |  28 +++++
 services/authz/access_token_test.go           |  46 +++++++
 services/authz/all_access_reducer.go          |  29 +++++
 services/authz/all_access_reducer_test.go     |  49 ++++++++
 services/authz/authorization_reducer.go       |  39 ++++++
 services/authz/main_test.go                   |  14 +++
 services/authz/public_repos_reducer.go        |  46 +++++++
 services/authz/public_repos_reducer_test.go   |  73 +++++++++++
 services/authz/specific_repos_reducer.go      |  73 +++++++++++
 services/authz/specific_repos_reducer_test.go | 117 ++++++++++++++++++
 12 files changed, 550 insertions(+)
 create mode 100644 services/authz/TestGetAuthorizationReducerForAccessToken/access_token.yml
 create mode 100644 services/authz/TestGetAuthorizationReducerForAccessToken/access_token_resource_repo.yml
 create mode 100644 services/authz/access_token.go
 create mode 100644 services/authz/access_token_test.go
 create mode 100644 services/authz/all_access_reducer.go
 create mode 100644 services/authz/all_access_reducer_test.go
 create mode 100644 services/authz/authorization_reducer.go
 create mode 100644 services/authz/main_test.go
 create mode 100644 services/authz/public_repos_reducer.go
 create mode 100644 services/authz/public_repos_reducer_test.go
 create mode 100644 services/authz/specific_repos_reducer.go
 create mode 100644 services/authz/specific_repos_reducer_test.go

diff --git a/services/authz/TestGetAuthorizationReducerForAccessToken/access_token.yml b/services/authz/TestGetAuthorizationReducerForAccessToken/access_token.yml
new file mode 100644
index 0000000000..2def7e648e
--- /dev/null
+++ b/services/authz/TestGetAuthorizationReducerForAccessToken/access_token.yml
@@ -0,0 +1,31 @@
+-
+  id: 5
+  uid: 2
+  name: Unrestricted Token
+  token_hash: a6d404048048812d9e911d93aefbe94fc768d4876fdf75e3bef0bdc67828e0af422846d3056f2f25ec35c51dc92075685ec5
+  token_salt: 99ArgXKlQQ
+  token_last_eight: 69d28c91
+  created_unix: 946687980
+  updated_unix: 946687980
+  resource_all_repos: true
+-
+  id: 6
+  uid: 2
+  name: Public Resources Only Token
+  token_hash: b6d404048048812d9e911d93aefbe94fc768d4876fdf75e3bef0bdc67828e0af422846d3056f2f25ec35c51dc92075685ec5
+  token_salt: 99ArgXKlQQ
+  token_last_eight: 69d28c91
+  created_unix: 946687980
+  updated_unix: 946687980
+  scope: public-only,read:activitypub
+  resource_all_repos: true
+-
+  id: 7
+  uid: 2
+  name: Specific Repos Only Token
+  token_hash: c6d404048048812d9e911d93aefbe94fc768d4876fdf75e3bef0bdc67828e0af422846d3056f2f25ec35c51dc92075685ec5
+  token_salt: 99ArgXKlQQ
+  token_last_eight: 69d28c91
+  created_unix: 946687980
+  updated_unix: 946687980
+  resource_all_repos: false
diff --git a/services/authz/TestGetAuthorizationReducerForAccessToken/access_token_resource_repo.yml b/services/authz/TestGetAuthorizationReducerForAccessToken/access_token_resource_repo.yml
new file mode 100644
index 0000000000..29e6ab2c77
--- /dev/null
+++ b/services/authz/TestGetAuthorizationReducerForAccessToken/access_token_resource_repo.yml
@@ -0,0 +1,5 @@
+-
+  id: 1
+  token_id: 7
+  repo_id: 1
+  created_unix: 1772158384
diff --git a/services/authz/access_token.go b/services/authz/access_token.go
new file mode 100644
index 0000000000..1d7b09e91e
--- /dev/null
+++ b/services/authz/access_token.go
@@ -0,0 +1,28 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"context"
+	"fmt"
+
+	auth_model "forgejo.org/models/auth"
+)
+
+func GetAuthorizationReducerForAccessToken(ctx context.Context, token *auth_model.AccessToken) (AuthorizationReducer, error) {
+	if token.ResourceAllRepos {
+		if publicOnly, err := token.Scope.PublicOnly(); err != nil {
+			return nil, fmt.Errorf("PublicOnly: %w", err)
+		} else if publicOnly {
+			return &PublicReposAuthorizationReducer{}, nil
+		}
+		return &AllAccessAuthorizationReducer{}, nil
+	}
+
+	repos, err := auth_model.GetRepositoriesAccessibleWithToken(ctx, token.ID)
+	if err != nil {
+		return nil, fmt.Errorf("GetRepositoriesAccessibleWithToken: %w", err)
+	}
+	return &SpecificReposAuthorizationReducer{resourceRepos: repos}, nil
+}
diff --git a/services/authz/access_token_test.go b/services/authz/access_token_test.go
new file mode 100644
index 0000000000..d037add76f
--- /dev/null
+++ b/services/authz/access_token_test.go
@@ -0,0 +1,46 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"testing"
+
+	"forgejo.org/models/auth"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGetAuthorizationReducerForAccessToken(t *testing.T) {
+	defer unittest.OverrideFixtures("services/authz/TestGetAuthorizationReducerForAccessToken")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("all access", func(t *testing.T) {
+		token := unittest.AssertExistsAndLoadBean(t, &auth.AccessToken{ID: 5})
+		reducer, err := GetAuthorizationReducerForAccessToken(t.Context(), token)
+		require.NoError(t, err)
+		assert.IsType(t, &AllAccessAuthorizationReducer{}, reducer)
+	})
+
+	t.Run("public resources only", func(t *testing.T) {
+		token := unittest.AssertExistsAndLoadBean(t, &auth.AccessToken{ID: 6})
+		reducer, err := GetAuthorizationReducerForAccessToken(t.Context(), token)
+		require.NoError(t, err)
+		assert.IsType(t, &PublicReposAuthorizationReducer{}, reducer)
+	})
+
+	t.Run("specific repos only", func(t *testing.T) {
+		token := unittest.AssertExistsAndLoadBean(t, &auth.AccessToken{ID: 7})
+		reducer, err := GetAuthorizationReducerForAccessToken(t.Context(), token)
+		require.NoError(t, err)
+
+		specific, ok := reducer.(*SpecificReposAuthorizationReducer)
+		require.True(t, ok)
+		require.NotNil(t, specific)
+
+		require.Len(t, specific.resourceRepos, 1)
+		assert.EqualValues(t, 1, specific.resourceRepos[0].RepoID)
+	})
+}
diff --git a/services/authz/all_access_reducer.go b/services/authz/all_access_reducer.go
new file mode 100644
index 0000000000..8a4590f285
--- /dev/null
+++ b/services/authz/all_access_reducer.go
@@ -0,0 +1,29 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"context"
+
+	"forgejo.org/models/perm"
+	repo_model "forgejo.org/models/repo"
+
+	"xorm.io/builder"
+)
+
+// Implementation of [AuthorizationReducer] that does no authorization reduction, allowing normal access to all
+// resources.
+type AllAccessAuthorizationReducer struct{}
+
+func (*AllAccessAuthorizationReducer) ReduceRepoAccess(ctx context.Context, repo *repo_model.Repository, accessMode perm.AccessMode) (perm.AccessMode, error) {
+	return accessMode, nil
+}
+
+func (*AllAccessAuthorizationReducer) RepoFilter(accessMode perm.AccessMode) builder.Cond {
+	return builder.NewCond() // invalid cond should be excluded and cause no filtering
+}
+
+func (*AllAccessAuthorizationReducer) AllowAdminOverride() bool {
+	return true
+}
diff --git a/services/authz/all_access_reducer_test.go b/services/authz/all_access_reducer_test.go
new file mode 100644
index 0000000000..84c1b1c1ac
--- /dev/null
+++ b/services/authz/all_access_reducer_test.go
@@ -0,0 +1,49 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/perm"
+	"forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAllAccessAuthorizationReducer(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	reducer := &AllAccessAuthorizationReducer{}
+
+	t.Run("ReduceRepoAccess no changes", func(t *testing.T) {
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 1})
+		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite, perm.AccessModeRead} {
+			p1, err := reducer.ReduceRepoAccess(t.Context(), repo1, am)
+			require.NoError(t, err)
+			assert.Equal(t, am, p1)
+		}
+	})
+
+	t.Run("RepoFilter no restrictions", func(t *testing.T) {
+		numRepos, err := db.GetEngine(t.Context()).Table(&repo.Repository{}).Count()
+		require.NoError(t, err)
+
+		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite, perm.AccessModeRead} {
+			cond := reducer.RepoFilter(am)
+
+			var rows []*repo.Repository
+			err := db.GetEngine(t.Context()).Table(&repo.Repository{}).Where(cond).OrderBy("id").Cols("id", "owner_id", "is_private").Find(&rows)
+			require.NoError(t, err)
+			assert.Len(t, rows, int(numRepos))
+		}
+	})
+
+	t.Run("AllowAdminOverride is true", func(t *testing.T) {
+		assert.True(t, reducer.AllowAdminOverride())
+	})
+}
diff --git a/services/authz/authorization_reducer.go b/services/authz/authorization_reducer.go
new file mode 100644
index 0000000000..0152daf890
--- /dev/null
+++ b/services/authz/authorization_reducer.go
@@ -0,0 +1,39 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"context"
+
+	"forgejo.org/models/perm"
+	repo_model "forgejo.org/models/repo"
+
+	"xorm.io/builder"
+)
+
+// Defines an API for reducing available permissions to specific resources.  Typically associated with a fine-grained
+// access tokens and provides methods to reduce authorization that the access token provides down to specific resources.
+type AuthorizationReducer interface {
+	// Given a repository and an accessMode, ReduceRepoAccess will return a new, possibly reduced, AccessMode that
+	// reflects the actual access that is currently permitted.  For example, when using a fine-grained access token that
+	// only grants write access to one target repository, `ReduceRepoAccess(target, AccessModeWrite)` would return
+	// `AccessModeWrite`, and `ReduceRepoAccess(other-repo, AccessModeWrite)` would return a lesser access mode,
+	// restricting access to other repositories.
+	ReduceRepoAccess(ctx context.Context, repo *repo_model.Repository, accessMode perm.AccessMode) (perm.AccessMode, error)
+
+	// If querying the repository table, apply this condition to return only repositories that the restriction will
+	// allow the target access mode (or higher).  For example, when using a fine-grained access token that only grants
+	// write access to one target repository, `RepoFilter(AccessModeWrite)` would return a filter that only returns that
+	// single repository, while `RepoFilter(AccessModeRead)` would return a filter that includes all public repositories
+	// and the target repository.
+	RepoFilter(accessMode perm.AccessMode) builder.Cond
+
+	// Controls whether the presence of an authorization reducer will prevent administrators from overriding permission
+	// checks. Typically site administrators and repo administrators are exempted from permission checks, but if an
+	// authorization reducer is present then it may be intended for its restrictions to apply even to administrators.
+	//
+	// `true` allows the typical case where administrators *can* override permissions. `false` disables administrator
+	// overrides of permission checks.
+	AllowAdminOverride() bool
+}
diff --git a/services/authz/main_test.go b/services/authz/main_test.go
new file mode 100644
index 0000000000..3412b080cd
--- /dev/null
+++ b/services/authz/main_test.go
@@ -0,0 +1,14 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"testing"
+
+	"forgejo.org/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m)
+}
diff --git a/services/authz/public_repos_reducer.go b/services/authz/public_repos_reducer.go
new file mode 100644
index 0000000000..ce603cb569
--- /dev/null
+++ b/services/authz/public_repos_reducer.go
@@ -0,0 +1,46 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"context"
+	"fmt"
+
+	"forgejo.org/models/perm"
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/modules/structs"
+
+	"xorm.io/builder"
+)
+
+// Grants access only to public repositories.  Does not change the level of access for any public repos.
+type PublicReposAuthorizationReducer struct{}
+
+func (*PublicReposAuthorizationReducer) ReduceRepoAccess(ctx context.Context, repo *repo_model.Repository, accessMode perm.AccessMode) (perm.AccessMode, error) {
+	if err := repo.LoadOwner(ctx); err != nil {
+		return 0, fmt.Errorf("failed to LoadOwner during ReduceRepoAccess: %w", err)
+	}
+
+	// Fine-grained access tokens remove access to any private repositories, or repository owned by non-public users,
+	// that aren't listed in their resource list.
+	if !repo.Owner.Visibility.IsPublic() || repo.IsPrivate {
+		return perm.AccessModeNone, nil
+	}
+
+	return accessMode, nil
+}
+
+func (*PublicReposAuthorizationReducer) RepoFilter(accessMode perm.AccessMode) builder.Cond {
+	// Regardless of access mode, allow access only to non-private repositories, that aren't in a private or limited
+	// organization.
+	return builder.And(
+		builder.Eq{"is_private": false},
+		builder.NotIn("owner_id", builder.Select("id").From("`user`").Where(
+			builder.Or(builder.Eq{"visibility": structs.VisibleTypeLimited}, builder.Eq{"visibility": structs.VisibleTypePrivate}),
+		)))
+}
+
+func (*PublicReposAuthorizationReducer) AllowAdminOverride() bool {
+	return false
+}
diff --git a/services/authz/public_repos_reducer_test.go b/services/authz/public_repos_reducer_test.go
new file mode 100644
index 0000000000..5e72566253
--- /dev/null
+++ b/services/authz/public_repos_reducer_test.go
@@ -0,0 +1,73 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/perm"
+	"forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPublicReposAuthorizationReducer(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	reducer := &PublicReposAuthorizationReducer{}
+
+	t.Run("ReduceRepoAccess unrestricted on public repos", func(t *testing.T) {
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 1})
+		repo4 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 4})
+		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite, perm.AccessModeRead} {
+			p1, err := reducer.ReduceRepoAccess(t.Context(), repo1, am)
+			require.NoError(t, err)
+			assert.Equal(t, am, p1)
+			p4, err := reducer.ReduceRepoAccess(t.Context(), repo4, am)
+			require.NoError(t, err)
+			assert.Equal(t, am, p4)
+		}
+	})
+
+	t.Run("ReduceRepoAccess restricted to None on private repos", func(t *testing.T) {
+		// private repo
+		repo3 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 3})
+
+		// public repo on a limited-visibility org
+		repo38 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 38})
+
+		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite, perm.AccessModeRead} {
+			p3, err := reducer.ReduceRepoAccess(t.Context(), repo3, am)
+			require.NoError(t, err)
+			assert.Equal(t, perm.AccessModeNone, p3)
+
+			p38, err := reducer.ReduceRepoAccess(t.Context(), repo38, am)
+			require.NoError(t, err)
+			assert.Equal(t, perm.AccessModeNone, p38)
+		}
+	})
+
+	t.Run("RepoFilter unrestricted access only permitted to public repos", func(t *testing.T) {
+		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite, perm.AccessModeRead} {
+			cond := reducer.RepoFilter(am)
+
+			var rows []*repo.Repository
+			err := db.GetEngine(t.Context()).Table(&repo.Repository{}).Where(cond).OrderBy("id").Cols("id", "owner_id", "is_private").Find(&rows)
+			require.NoError(t, err)
+			assert.NotEmpty(t, rows)
+			for _, repo := range rows {
+				assert.False(t, repo.IsPrivate)
+				require.NoError(t, repo.LoadOwner(t.Context()))
+				assert.True(t, repo.Owner.Visibility.IsPublic())
+			}
+		}
+	})
+
+	t.Run("AllowAdminOverride is false", func(t *testing.T) {
+		assert.False(t, reducer.AllowAdminOverride())
+	})
+}
diff --git a/services/authz/specific_repos_reducer.go b/services/authz/specific_repos_reducer.go
new file mode 100644
index 0000000000..e9c6f6d7c5
--- /dev/null
+++ b/services/authz/specific_repos_reducer.go
@@ -0,0 +1,73 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"context"
+	"fmt"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/perm"
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/modules/structs"
+
+	"xorm.io/builder"
+)
+
+// For specific repositories listed in [AccessTokenResourceRepo] models, all access is permitted.  For public
+// repositories that aren't listed among the specific repos, read-only access is permitted.  For all other repos, no
+// access is permitted.
+type SpecificReposAuthorizationReducer struct {
+	resourceRepos []*auth_model.AccessTokenResourceRepo
+}
+
+func (r *SpecificReposAuthorizationReducer) ReduceRepoAccess(ctx context.Context, repo *repo_model.Repository, accessMode perm.AccessMode) (perm.AccessMode, error) {
+	for _, tokenRepo := range r.resourceRepos {
+		if tokenRepo.RepoID == repo.ID {
+			// No restrictions as this repo is within the scope of the access token.
+			return accessMode, nil
+		}
+	}
+
+	if err := repo.LoadOwner(ctx); err != nil {
+		return 0, fmt.Errorf("failed to LoadOwner during ReduceRepoAccess: %w", err)
+	}
+
+	// Fine-grained access tokens remove access to any private repositories, or repository owned by non-public users,
+	// that aren't listed in their resource list.
+	if !repo.Owner.Visibility.IsPublic() || repo.IsPrivate {
+		return perm.AccessModeNone, nil
+	}
+
+	// Public repos will be reduced to read access.
+	return min(accessMode, perm.AccessModeRead), nil
+}
+
+func (r *SpecificReposAuthorizationReducer) RepoFilter(accessMode perm.AccessMode) builder.Cond {
+	repoIDs := make([]int64, len(r.resourceRepos))
+	for i, tokenRepo := range r.resourceRepos {
+		repoIDs[i] = tokenRepo.RepoID
+	}
+	targetRepos := builder.In("repository.id", repoIDs)
+
+	// If requesting anything higher than read access, it will only be available for repos within the scope of the
+	// access token.
+	if accessMode > perm.AccessModeRead {
+		return targetRepos
+	}
+
+	// For read access, we should be able to see all non-private repositories that aren't in a private or limited
+	// organisation.
+	return builder.Or(
+		targetRepos,
+		builder.And(
+			builder.Eq{"repository.is_private": false},
+			builder.NotIn("repository.owner_id", builder.Select("id").From("`user`").Where(
+				builder.Or(builder.Eq{"visibility": structs.VisibleTypeLimited}, builder.Eq{"visibility": structs.VisibleTypePrivate}),
+			))))
+}
+
+func (*SpecificReposAuthorizationReducer) AllowAdminOverride() bool {
+	return false
+}
diff --git a/services/authz/specific_repos_reducer_test.go b/services/authz/specific_repos_reducer_test.go
new file mode 100644
index 0000000000..e99c8515a6
--- /dev/null
+++ b/services/authz/specific_repos_reducer_test.go
@@ -0,0 +1,117 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"testing"
+
+	"forgejo.org/models/auth"
+	"forgejo.org/models/db"
+	"forgejo.org/models/perm"
+	"forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSpecificReposAuthorizationReducer(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	reducer := &SpecificReposAuthorizationReducer{
+		resourceRepos: []*auth.AccessTokenResourceRepo{
+			{
+				RepoID: 1,
+			},
+			{
+				RepoID: 2,
+			},
+		},
+	}
+
+	t.Run("ReduceRepoAccess unrestricted on targeted repos", func(t *testing.T) {
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 1})
+		repo2 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 2})
+		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite, perm.AccessModeRead} {
+			p1, err := reducer.ReduceRepoAccess(t.Context(), repo1, am)
+			require.NoError(t, err)
+			assert.Equal(t, am, p1)
+			p2, err := reducer.ReduceRepoAccess(t.Context(), repo2, am)
+			require.NoError(t, err)
+			assert.Equal(t, am, p2)
+		}
+	})
+
+	t.Run("ReduceRepoAccess restricted to None on private repos", func(t *testing.T) {
+		// private repo
+		repo3 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 3})
+
+		// public repo on a limited-visibility org
+		repo38 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 38})
+
+		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite, perm.AccessModeRead} {
+			p3, err := reducer.ReduceRepoAccess(t.Context(), repo3, am)
+			require.NoError(t, err)
+			assert.Equal(t, perm.AccessModeNone, p3)
+
+			p38, err := reducer.ReduceRepoAccess(t.Context(), repo38, am)
+			require.NoError(t, err)
+			assert.Equal(t, perm.AccessModeNone, p38)
+		}
+	})
+
+	t.Run("ReduceRepoAccess restricted to Read on public repos", func(t *testing.T) {
+		// public repo
+		repo4 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 4})
+
+		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite, perm.AccessModeRead} {
+			p3, err := reducer.ReduceRepoAccess(t.Context(), repo4, am)
+			require.NoError(t, err)
+			assert.Equal(t, perm.AccessModeRead, p3)
+		}
+
+		// don't elevate AccessModeNone to AccessModeRead:
+		p3, err := reducer.ReduceRepoAccess(t.Context(), repo4, perm.AccessModeNone)
+		require.NoError(t, err)
+		assert.Equal(t, perm.AccessModeNone, p3)
+	})
+
+	t.Run("RepoFilter >write access only permitted to targeted repos", func(t *testing.T) {
+		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite} {
+			cond := reducer.RepoFilter(am)
+
+			var repoIDs []int64
+			err := db.GetEngine(t.Context()).Table(&repo.Repository{}).Where(cond).OrderBy("id").Cols("id").Find(&repoIDs)
+			require.NoError(t, err)
+
+			assert.Len(t, repoIDs, 2)
+			assert.EqualValues(t, 1, repoIDs[0])
+			assert.EqualValues(t, 2, repoIDs[1])
+		}
+	})
+
+	t.Run("RepoFilter read access only permitted to target repos & public repos", func(t *testing.T) {
+		cond := reducer.RepoFilter(perm.AccessModeRead)
+
+		var rows []*repo.Repository
+		err := db.GetEngine(t.Context()).Table(&repo.Repository{}).Where(cond).OrderBy("id").Cols("id", "owner_id", "is_private").Find(&rows)
+		require.NoError(t, err)
+
+		// Both target repos should be returned:
+		assert.EqualValues(t, 1, rows[0].ID)
+		assert.EqualValues(t, 2, rows[1].ID)
+
+		// And there should be more return values, all of which appear as public repos:
+		assert.Greater(t, len(rows), 2)
+		for _, repo := range rows[2:] {
+			assert.False(t, repo.IsPrivate)
+			require.NoError(t, repo.LoadOwner(t.Context()))
+			assert.True(t, repo.Owner.Visibility.IsPublic())
+		}
+	})
+
+	t.Run("AllowAdminOverride is false", func(t *testing.T) {
+		assert.False(t, reducer.AllowAdminOverride())
+	})
+}

From 635f13a07e0976ad37e9a1358fed98b2e8860450 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 15 Feb 2026 13:06:19 -0700
Subject: [PATCH 363/854] feat: add APIContext.Reducer computed from access
 token

---
 .deadcode-out                                 |   1 -
 routers/api/shared/middleware.go              |   5 +
 routers/api/shared/middleware_test.go         |  68 +++++
 .../TestTokenRequiresScopes/access_token.yml  |  38 +++
 routers/api/v1/api.go                         |  15 +
 routers/api/v1/api_test.go                    | 266 ++++++++++++++++++
 routers/api/v1/main_test.go                   |  14 +
 services/auth/basic.go                        |   9 +
 services/auth/oauth2.go                       |   9 +
 services/context/api.go                       |   2 +
 10 files changed, 426 insertions(+), 1 deletion(-)
 create mode 100644 routers/api/shared/middleware_test.go
 create mode 100644 routers/api/v1/TestTokenRequiresScopes/access_token.yml
 create mode 100644 routers/api/v1/api_test.go
 create mode 100644 routers/api/v1/main_test.go

diff --git a/.deadcode-out b/.deadcode-out
index 790e47fb4c..6d2c35e374 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -14,7 +14,6 @@ forgejo.org/models
 	IsErrMergeDivergingFastForwardOnly
 
 forgejo.org/models/auth
-	GetRepositoriesAccessibleWithToken
 	WebAuthnCredentials
 
 forgejo.org/models/db
diff --git a/routers/api/shared/middleware.go b/routers/api/shared/middleware.go
index 59d9f28d60..efd252728e 100644
--- a/routers/api/shared/middleware.go
+++ b/routers/api/shared/middleware.go
@@ -12,6 +12,7 @@ import (
 	"forgejo.org/modules/setting"
 	"forgejo.org/routers/common"
 	"forgejo.org/services/auth"
+	"forgejo.org/services/authz"
 	"forgejo.org/services/context"
 
 	"github.com/go-chi/cors"
@@ -64,6 +65,10 @@ func apiAuth(authMethod auth.Method) func(*context.APIContext) {
 		ctx.Doer = ar.Doer
 		ctx.IsSigned = ar.Doer != nil
 		ctx.IsBasicAuth = ar.IsBasicAuth
+		if ctx.Reducer == nil {
+			// Ensure ctx.Reducer isn't nil, but has no impact:
+			ctx.Reducer = &authz.AllAccessAuthorizationReducer{}
+		}
 	}
 }
 
diff --git a/routers/api/shared/middleware_test.go b/routers/api/shared/middleware_test.go
new file mode 100644
index 0000000000..3c5fc4d00d
--- /dev/null
+++ b/routers/api/shared/middleware_test.go
@@ -0,0 +1,68 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package shared
+
+import (
+	"bytes"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/web"
+	"forgejo.org/routers/common"
+	"forgejo.org/services/authz"
+	"forgejo.org/services/context"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestReducer(t *testing.T) {
+	makeRecorder := func() *httptest.ResponseRecorder {
+		buff := bytes.NewBufferString("")
+		recorder := httptest.NewRecorder()
+		recorder.Body = buff
+		return recorder
+	}
+
+	r := web.NewRoute()
+	r.Use(common.ProtocolMiddlewares()...)
+	r.Use(Middlewares()...)
+
+	type ReducerInfo struct {
+		IsSigned    bool
+		IsNil       bool
+		IsAllAccess bool
+	}
+
+	r.Get("/api/test", func(ctx *context.APIContext) {
+		retval := ReducerInfo{
+			IsSigned: ctx.IsSigned,
+			IsNil:    ctx.Reducer == nil,
+		}
+
+		_, isAllAccess := ctx.Reducer.(*authz.AllAccessAuthorizationReducer)
+		retval.IsAllAccess = isAllAccess
+
+		ctx.JSON(http.StatusOK, retval)
+	})
+
+	// shared middleware ensures that `APIContext.Reducer` is not nil, and so that's the only test required in this
+	// package's scope -- an anonymous request and `Reducer` is not nil:
+	t.Run("anonymous", func(t *testing.T) {
+		recorder := makeRecorder()
+		req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+		require.NoError(t, err)
+		r.ServeHTTP(recorder, req)
+		assert.Equal(t, http.StatusOK, recorder.Code)
+
+		var reducerInfo ReducerInfo
+		require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+		assert.False(t, reducerInfo.IsSigned)
+		assert.False(t, reducerInfo.IsNil)
+		assert.True(t, reducerInfo.IsAllAccess)
+	})
+}
diff --git a/routers/api/v1/TestTokenRequiresScopes/access_token.yml b/routers/api/v1/TestTokenRequiresScopes/access_token.yml
new file mode 100644
index 0000000000..ee29bc4959
--- /dev/null
+++ b/routers/api/v1/TestTokenRequiresScopes/access_token.yml
@@ -0,0 +1,38 @@
+-
+  id: 6
+  uid: 2
+  name: Unrestricted Token
+  # token: 4a0c970da8bf58408a8c22264b2ac1ff47dadcce
+  token_hash: e26d1456df98b47394c9e8750023e690426e0209de1f719edd4b852651fb69fb349e15f6d42912a0899d055dc7e595be077a
+  token_salt: XKbbVcQbz-ahT8LQfXB5C_
+  token_last_eight: 47dadcce
+  created_unix: 946687980
+  updated_unix: 946687980
+  scope: write:repository
+  resource_all_repos: true
+
+-
+  id: 7
+  uid: 2
+  name: Public Resources Only Token
+  # token: 83909b5b978acc5620ae0c7b0e55b548da2e26b5
+  token_hash: 211bc49d6c48a1f553d5f4400d903f20280ec3851a06f0e300253c042beb608191a8bcd52cb5d230a9096bbb9494b9d4cabf
+  token_salt: AD89WTwe8hCHGEUF7AG8BO
+  token_last_eight: da2e26b5
+  created_unix: 946687980
+  updated_unix: 946687980
+  scope: public-only,write:repository
+  resource_all_repos: true
+
+-
+  id: 8
+  uid: 2
+  name: Specific Repos Only Token
+  # token: 46088605ec804b43ebd15cef1b3f210c31b066dd
+  token_hash: cd2739ac5894f25f0fd0e4b93e92b382d7bde82b09b791fa8aed6a514f8ffa9fda90fdb943c56f7b2eac78c9fd484ab3ecdf
+  token_salt: IhB81EQbYWHsVJGEGx587X
+  token_last_eight: 31b066dd
+  created_unix: 946687980
+  updated_unix: 946687980
+  scope: write:repository
+  resource_all_repos: false
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index b8af31fa75..dbeb916ca6 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -86,6 +86,7 @@ import (
 	"forgejo.org/routers/api/v1/user"
 	"forgejo.org/services/actions"
 	"forgejo.org/services/auth"
+	"forgejo.org/services/authz"
 	"forgejo.org/services/context"
 	"forgejo.org/services/forms"
 	redirect_service "forgejo.org/services/redirect"
@@ -365,6 +366,20 @@ func tokenRequiresScopes(requiredScopeCategories ...auth_model.AccessTokenScopeC
 
 		// assign to true so that those searching should only filter public repositories/users/organizations
 		ctx.PublicOnly = publicOnly
+
+		reducer, ok := ctx.Data["ApiTokenReducer"].(authz.AuthorizationReducer)
+		if ok {
+			ctx.Reducer = reducer
+		} else {
+			// No "ApiTokenReducer" will be populated if the auth method wasn't an PAT.  In this case, we populate
+			// `ctx.Reducer` so no nil checks are needed, and we respect the scope `PublicOnly()` so that it it's safe
+			// to just rely on `ctx.Reducer` to account for public-only access:
+			if ctx.PublicOnly {
+				ctx.Reducer = &authz.PublicReposAuthorizationReducer{}
+			} else {
+				ctx.Reducer = &authz.AllAccessAuthorizationReducer{}
+			}
+		}
 	}
 }
 
diff --git a/routers/api/v1/api_test.go b/routers/api/v1/api_test.go
new file mode 100644
index 0000000000..4b6ae948f3
--- /dev/null
+++ b/routers/api/v1/api_test.go
@@ -0,0 +1,266 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package v1
+
+import (
+	"bytes"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/jwtx"
+	"forgejo.org/modules/test"
+	"forgejo.org/modules/web"
+	"forgejo.org/routers/api/shared"
+	"forgejo.org/routers/common"
+	"forgejo.org/services/auth/source/oauth2"
+	"forgejo.org/services/authz"
+	"forgejo.org/services/context"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestTokenRequiresScopes(t *testing.T) {
+	defer unittest.OverrideFixtures("routers/api/v1/TestTokenRequiresScopes")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	makeRecorder := func() *httptest.ResponseRecorder {
+		buff := bytes.NewBufferString("")
+		recorder := httptest.NewRecorder()
+		recorder.Body = buff
+		return recorder
+	}
+
+	r := web.NewRoute()
+	r.Use(common.ProtocolMiddlewares()...)
+	r.Use(shared.Middlewares()...)
+
+	type ReducerInfo struct {
+		IsSigned         bool
+		IsNil            bool
+		IsAllAccess      bool
+		IsPublicAccess   bool
+		IsSpecificAccess bool
+	}
+
+	r.Get("/api/test", tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository), func(ctx *context.APIContext) {
+		retval := ReducerInfo{
+			IsSigned: ctx.IsSigned,
+			IsNil:    ctx.Reducer == nil,
+		}
+
+		_, isAllAccess := ctx.Reducer.(*authz.AllAccessAuthorizationReducer)
+		retval.IsAllAccess = isAllAccess
+
+		_, isPublicAccess := ctx.Reducer.(*authz.PublicReposAuthorizationReducer)
+		retval.IsPublicAccess = isPublicAccess
+
+		_, isSpecificAccess := ctx.Reducer.(*authz.SpecificReposAuthorizationReducer)
+		retval.IsSpecificAccess = isSpecificAccess
+
+		ctx.JSON(http.StatusOK, retval)
+	})
+
+	t.Run("Basic Auth w/ PAT", func(t *testing.T) {
+		t.Run("unrestricted access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.SetBasicAuth("token", "4a0c970da8bf58408a8c22264b2ac1ff47dadcce")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.True(t, reducerInfo.IsAllAccess)
+			assert.False(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
+
+		t.Run("public-only access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.SetBasicAuth("token", "83909b5b978acc5620ae0c7b0e55b548da2e26b5")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.False(t, reducerInfo.IsAllAccess)
+			assert.True(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
+
+		t.Run("specific-repo access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.SetBasicAuth("token", "46088605ec804b43ebd15cef1b3f210c31b066dd")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.False(t, reducerInfo.IsAllAccess)
+			assert.False(t, reducerInfo.IsPublicAccess)
+			assert.True(t, reducerInfo.IsSpecificAccess)
+		})
+	})
+
+	t.Run("Token Auth", func(t *testing.T) {
+		t.Run("unrestricted access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.Header.Set("Authorization", "token 4a0c970da8bf58408a8c22264b2ac1ff47dadcce")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.True(t, reducerInfo.IsAllAccess)
+			assert.False(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
+
+		t.Run("public-only access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.Header.Set("Authorization", "token 83909b5b978acc5620ae0c7b0e55b548da2e26b5")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.False(t, reducerInfo.IsAllAccess)
+			assert.True(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
+
+		t.Run("specific-repo access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.Header.Set("Authorization", "token 46088605ec804b43ebd15cef1b3f210c31b066dd")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.False(t, reducerInfo.IsAllAccess)
+			assert.False(t, reducerInfo.IsPublicAccess)
+			assert.True(t, reducerInfo.IsSpecificAccess)
+		})
+	})
+
+	t.Run("OAuth", func(t *testing.T) {
+		signingKey, err := jwtx.CreateSigningKey("HS256", make([]byte, 32))
+		require.NoError(t, err)
+		defer test.MockVariableValue(&oauth2.DefaultSigningKey, signingKey)()
+
+		t.Run("unrestricted grant", func(t *testing.T) {
+			grant := &auth_model.OAuth2Grant{
+				UserID:        2,
+				ApplicationID: 100, // fake, but required here for unique constraint
+				Scope:         "write:repository",
+			}
+			_, err = db.GetEngine(t.Context()).Insert(grant)
+			require.NoError(t, err)
+
+			token := oauth2.Token{
+				GrantID: grant.ID,
+				Type:    oauth2.TypeAccessToken,
+				Counter: 100,
+				RegisteredClaims: jwt.RegisteredClaims{
+					IssuedAt:  jwt.NewNumericDate(time.Now().Add(-1 * time.Hour)),
+					ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
+				},
+			}
+			signed, err := token.SignToken(oauth2.DefaultSigningKey)
+			require.NoError(t, err)
+
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.Header.Set("Authorization", fmt.Sprintf("bearer %s", signed))
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.True(t, reducerInfo.IsAllAccess)
+			assert.False(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
+
+		t.Run("public-only grant", func(t *testing.T) {
+			grant := &auth_model.OAuth2Grant{
+				UserID:        2,
+				ApplicationID: 101, // fake, but required here for unique constraint
+				Scope:         "write:repository public-only",
+			}
+			_, err = db.GetEngine(t.Context()).Insert(grant)
+			require.NoError(t, err)
+
+			token := oauth2.Token{
+				GrantID: grant.ID,
+				Type:    oauth2.TypeAccessToken,
+				Counter: 100,
+				RegisteredClaims: jwt.RegisteredClaims{
+					IssuedAt:  jwt.NewNumericDate(time.Now().Add(-1 * time.Hour)),
+					ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
+				},
+			}
+			signed, err := token.SignToken(oauth2.DefaultSigningKey)
+			require.NoError(t, err)
+
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.Header.Set("Authorization", fmt.Sprintf("bearer %s", signed))
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.False(t, reducerInfo.IsAllAccess)
+			assert.True(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
+	})
+}
diff --git a/routers/api/v1/main_test.go b/routers/api/v1/main_test.go
new file mode 100644
index 0000000000..7553b68bfd
--- /dev/null
+++ b/routers/api/v1/main_test.go
@@ -0,0 +1,14 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package v1
+
+import (
+	"testing"
+
+	"forgejo.org/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m)
+}
diff --git a/services/auth/basic.go b/services/auth/basic.go
index f117494762..4125c914a9 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -17,6 +17,7 @@ import (
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web/middleware"
+	"forgejo.org/services/authz"
 )
 
 // Ensure the struct implements the interface.
@@ -102,6 +103,14 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 
 		store.GetData()["IsApiToken"] = true
 		store.GetData()["ApiTokenScope"] = token.Scope
+
+		reducer, err := authz.GetAuthorizationReducerForAccessToken(req.Context(), token)
+		if err != nil {
+			log.Error("authz.GetAuthorizationReducerForAccessToken: %v", err)
+			return nil, err
+		}
+		store.GetData()["ApiTokenReducer"] = reducer
+
 		return u, nil
 	} else if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
 		log.Error("GetAccessTokenBySha: %v", err)
diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go
index eb1dffa32a..1c1809b092 100644
--- a/services/auth/oauth2.go
+++ b/services/auth/oauth2.go
@@ -20,6 +20,7 @@ import (
 	"forgejo.org/modules/web/middleware"
 	"forgejo.org/services/actions"
 	"forgejo.org/services/auth/source/oauth2"
+	"forgejo.org/services/authz"
 )
 
 // Ensure the struct implements the interface.
@@ -200,6 +201,14 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat
 	}
 	store.GetData()["IsApiToken"] = true
 	store.GetData()["ApiTokenScope"] = t.Scope
+
+	reducer, err := authz.GetAuthorizationReducerForAccessToken(ctx, t)
+	if err != nil {
+		log.Error("authz.GetAuthorizationReducerForAccessToken: %v", err)
+		return 0, err
+	}
+	store.GetData()["ApiTokenReducer"] = reducer
+
 	return t.UID, nil
 }
 
diff --git a/services/context/api.go b/services/context/api.go
index 14708147ad..27458f3768 100644
--- a/services/context/api.go
+++ b/services/context/api.go
@@ -24,6 +24,7 @@ import (
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/web"
 	web_types "forgejo.org/modules/web/types"
+	"forgejo.org/services/authz"
 
 	"code.forgejo.org/go-chi/cache"
 )
@@ -47,6 +48,7 @@ type APIContext struct {
 	QuotaGroup *quota_model.Group
 	QuotaRule  *quota_model.Rule
 	PublicOnly bool // Whether the request is for a public endpoint
+	Reducer    authz.AuthorizationReducer
 }
 
 func init() {

From 2f19237a143e7015f5037ac55cab87e48ca4e24c Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 15 Feb 2026 13:35:00 -0700
Subject: [PATCH 364/854] feat: add GetUserRepoPermissionWithReducer

---
 .deadcode-out                                |  1 +
 assets/go-licenses.json                      |  5 +
 go.mod                                       |  1 +
 models/perm/access/repo_permission.go        | 24 ++++-
 models/perm/access/repo_permission_test.go   | 74 +++++++++++++++
 services/authz/authorization_reducer_mock.go | 99 ++++++++++++++++++++
 6 files changed, 203 insertions(+), 1 deletion(-)
 create mode 100644 services/authz/authorization_reducer_mock.go

diff --git a/.deadcode-out b/.deadcode-out
index 6d2c35e374..b347989b6b 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -49,6 +49,7 @@ forgejo.org/models/organization
 	SearchMembersOptions.ToConds
 
 forgejo.org/models/perm/access
+	GetUserRepoPermissionWithReducer
 	GetRepoWriters
 
 forgejo.org/models/user
diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index fcf45b8da5..cca9ba355f 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -1124,6 +1124,11 @@
     "path": "github.com/ssor/bom/LICENSE",
     "licenseText": "MIT License\n\nCopyright (c) 2017 Asher\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
   },
+  {
+    "name": "github.com/stretchr/objx",
+    "path": "github.com/stretchr/objx/LICENSE",
+    "licenseText": "The MIT License\n\nCopyright (c) 2014 Stretchr, Inc.\nCopyright (c) 2017-2018 objx contributors\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
+  },
   {
     "name": "github.com/stretchr/testify",
     "path": "github.com/stretchr/testify/LICENSE",
diff --git a/go.mod b/go.mod
index b1df258019..b33cec2635 100644
--- a/go.mod
+++ b/go.mod
@@ -245,6 +245,7 @@ require (
 	github.com/sorairolake/lzip-go v0.3.8 // indirect
 	github.com/spf13/afero v1.15.0 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
+	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/tinylib/msgp v1.6.1 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/zeebo/assert v1.3.0 // indirect
diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index f7daf38e5c..22639d1e42 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -15,6 +15,7 @@ import (
 	"forgejo.org/models/unit"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
+	"forgejo.org/services/authz"
 )
 
 // Permission contains all the permissions related variables to a repository for a user
@@ -164,7 +165,28 @@ func GetActionRepoPermission(ctx context.Context, repo *repo_model.Repository, t
 	return GetUserRepoPermission(ctx, repo, user_model.NewActionsUser())
 }
 
-// GetUserRepoPermission returns the user permissions to the repository
+// GetUserRepoPermission returns the user permissions to the repository, where the user's permissions may be
+// artificially restricted by a an authorization reducer.
+func GetUserRepoPermissionWithReducer(ctx context.Context, repo *repo_model.Repository, user *user_model.User, reducer authz.AuthorizationReducer) (Permission, error) {
+	perm, err := GetUserRepoPermission(ctx, repo, user)
+	if err != nil {
+		return perm, err
+	}
+	perm.AccessMode, err = reducer.ReduceRepoAccess(ctx, repo, perm.AccessMode)
+	if err != nil {
+		return perm, fmt.Errorf("failure in ReduceRepoAccess: %w", err)
+	}
+	for unit, currentAccessMode := range perm.UnitsMode {
+		reduced, err := reducer.ReduceRepoAccess(ctx, repo, currentAccessMode)
+		if err != nil {
+			return perm, fmt.Errorf("failure in ReduceRepoAccess: %w", err)
+		}
+		perm.UnitsMode[unit] = reduced
+	}
+	return perm, nil
+}
+
+// GetUserRepoPermission returns the user permissions to the repository.
 func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (Permission, error) {
 	var perm Permission
 	if log.IsTrace() {
diff --git a/models/perm/access/repo_permission_test.go b/models/perm/access/repo_permission_test.go
index 55bc975421..303605047f 100644
--- a/models/perm/access/repo_permission_test.go
+++ b/models/perm/access/repo_permission_test.go
@@ -8,9 +8,13 @@ import (
 	perm_model "forgejo.org/models/perm"
 	"forgejo.org/models/perm/access"
 	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/services/authz"
 
 	"github.com/stretchr/testify/assert"
+	mock "github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 )
 
@@ -76,3 +80,73 @@ func TestActionTaskNoAccessPrivateRepo(t *testing.T) {
 	require.NoError(t, err)
 	assertAccess(t, perm_model.AccessModeNone, &perm)
 }
+
+func TestGetUserRepoPermissionWithReducer(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("no unit-level overrides", func(t *testing.T) {
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+		// Baseline check that without a reducer, we get AccessModeOwner...
+		permWithoutReducer, err := access.GetUserRepoPermission(t.Context(), repo, user)
+		require.NoError(t, err)
+		require.NotNil(t, permWithoutReducer)
+		assert.True(t, permWithoutReducer.IsOwner())
+		assert.True(t, permWithoutReducer.IsAdmin())
+		assert.True(t, permWithoutReducer.HasAccess())
+		assert.True(t, permWithoutReducer.CanWrite(unit.TypeIssues))
+
+		reducer := authz.NewMockAuthorizationReducer(t)
+		reducer.On(
+			"ReduceRepoAccess",
+			mock.Anything, // context
+			mock.MatchedBy(func(repo *repo_model.Repository) bool { // repo
+				return repo.ID == 1
+			}),
+			perm_model.AccessModeOwner, // incoming access mode
+		).Return(perm_model.AccessModeNone, nil)
+
+		permWithReducer, err := access.GetUserRepoPermissionWithReducer(t.Context(), repo, user, reducer)
+		require.NoError(t, err)
+		require.NotNil(t, permWithReducer)
+		assert.False(t, permWithReducer.IsOwner())
+		assert.False(t, permWithReducer.IsAdmin())
+		assert.False(t, permWithReducer.HasAccess())
+		assert.False(t, permWithReducer.CanWrite(unit.TypeIssues))
+	})
+
+	t.Run("team unit-level overrides", func(t *testing.T) {
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 15})
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 32})
+
+		// Baseline check that without a reducer, we get mixed access for different units...
+		permWithoutReducer, err := access.GetUserRepoPermission(t.Context(), repo, user)
+		require.NoError(t, err)
+		require.NotNil(t, permWithoutReducer)
+		require.NotEmpty(t, permWithoutReducer.UnitsMode) // unit-specific access modes loaded
+		assert.True(t, permWithoutReducer.CanRead(unit.TypeCode))
+		assert.False(t, permWithoutReducer.CanWrite(unit.TypeCode))
+		assert.True(t, permWithoutReducer.CanRead(unit.TypeIssues))
+		assert.True(t, permWithoutReducer.CanWrite(unit.TypeIssues))
+
+		reducer := authz.NewMockAuthorizationReducer(t)
+		reducer.On(
+			"ReduceRepoAccess",
+			mock.Anything, // context
+			mock.MatchedBy(func(repo *repo_model.Repository) bool { // repo
+				return repo.ID == 32
+			}),
+			mock.Anything, // incoming access mode - will vary for each unit
+		).Return(perm_model.AccessModeRead, nil)
+
+		permWithReducer, err := access.GetUserRepoPermissionWithReducer(t.Context(), repo, user, reducer)
+		require.NoError(t, err)
+		require.NotNil(t, permWithReducer)
+		require.NotEmpty(t, permWithReducer.UnitsMode) // unit-specific access modes loaded
+		assert.True(t, permWithReducer.CanRead(unit.TypeCode))
+		assert.False(t, permWithReducer.CanWrite(unit.TypeCode))
+		assert.True(t, permWithReducer.CanRead(unit.TypeIssues))
+		assert.False(t, permWithReducer.CanWrite(unit.TypeIssues))
+	})
+}
diff --git a/services/authz/authorization_reducer_mock.go b/services/authz/authorization_reducer_mock.go
new file mode 100644
index 0000000000..27e90b24a4
--- /dev/null
+++ b/services/authz/authorization_reducer_mock.go
@@ -0,0 +1,99 @@
+// Code generated by mockery v2.53.5. DO NOT EDIT.
+
+package authz
+
+import (
+	context "context"
+
+	"forgejo.org/models/perm"
+	repo_model "forgejo.org/models/repo"
+
+	mock "github.com/stretchr/testify/mock"
+	"xorm.io/builder"
+)
+
+// MockAuthorizationReducer is an autogenerated mock type for the AuthorizationReducer type
+type MockAuthorizationReducer struct {
+	mock.Mock
+}
+
+// AllowAdminOverride provides a mock function with no fields
+func (_m *MockAuthorizationReducer) AllowAdminOverride() bool {
+	ret := _m.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for AllowAdminOverride")
+	}
+
+	var r0 bool
+	if rf, ok := ret.Get(0).(func() bool); ok {
+		r0 = rf()
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+
+	return r0
+}
+
+// ReduceRepoAccess provides a mock function with given fields: ctx, repo, accessMode
+func (_m *MockAuthorizationReducer) ReduceRepoAccess(ctx context.Context, repo *repo_model.Repository, accessMode perm.AccessMode) (perm.AccessMode, error) {
+	ret := _m.Called(ctx, repo, accessMode)
+
+	if len(ret) == 0 {
+		panic("no return value specified for ReduceRepoAccess")
+	}
+
+	var r0 perm.AccessMode
+	var r1 error
+	if rf, ok := ret.Get(0).(func(context.Context, *repo_model.Repository, perm.AccessMode) (perm.AccessMode, error)); ok {
+		return rf(ctx, repo, accessMode)
+	}
+	if rf, ok := ret.Get(0).(func(context.Context, *repo_model.Repository, perm.AccessMode) perm.AccessMode); ok {
+		r0 = rf(ctx, repo, accessMode)
+	} else {
+		r0 = ret.Get(0).(perm.AccessMode)
+	}
+
+	if rf, ok := ret.Get(1).(func(context.Context, *repo_model.Repository, perm.AccessMode) error); ok {
+		r1 = rf(ctx, repo, accessMode)
+	} else {
+		r1 = ret.Error(1)
+	}
+
+	return r0, r1
+}
+
+// RepoFilter provides a mock function with given fields: accessMode
+func (_m *MockAuthorizationReducer) RepoFilter(accessMode perm.AccessMode) builder.Cond {
+	ret := _m.Called(accessMode)
+
+	if len(ret) == 0 {
+		panic("no return value specified for RepoFilter")
+	}
+
+	var r0 builder.Cond
+	if rf, ok := ret.Get(0).(func(perm.AccessMode) builder.Cond); ok {
+		r0 = rf(accessMode)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(builder.Cond)
+		}
+	}
+
+	return r0
+}
+
+// NewMockAuthorizationReducer creates a new instance of MockAuthorizationReducer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewMockAuthorizationReducer(t interface {
+	mock.TestingT
+	Cleanup(func())
+},
+) *MockAuthorizationReducer {
+	mock := &MockAuthorizationReducer{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}

From ccf5a96bb6b168b835b86ddc4bf237360637e0fc Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 17 Feb 2026 15:32:16 -0700
Subject: [PATCH 365/854] test: add integration test utility for fine-grained
 tokens

---
 tests/integration/integration_test.go | 37 +++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index 9434bffa9a..6141ceedd2 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -509,6 +509,43 @@ func createApplicationSettingsToken(t testing.TB, session *TestSession, name str
 	}
 }
 
+// TODO: currently this is implemented with direct DB access, which is somewhat against the grain for the integration
+// tests.  But fine-grained repo access tokens don't currently have an API or Web UI to create or manage them.  This
+// should be reimplemented when one of those alternatives lands.
+//
+//nolint:unused // Will be used in the near future.
+func createFineGrainedRepoAccessToken(t testing.TB, username string, scopes []auth.AccessTokenScope, repoIDs []int64) string {
+	user, err := user_model.GetUserByName(t.Context(), username)
+	require.NoError(t, err)
+
+	scopesStr := make([]string, len(scopes))
+	for i := range scopes {
+		scopesStr[i] = string(scopes[i])
+	}
+	scope, err := auth.AccessTokenScope(strings.Join(scopesStr, ",")).Normalize()
+	require.NoError(t, err)
+
+	token := &auth.AccessToken{
+		UID:              user.ID,
+		Name:             "integration test token",
+		Scope:            scope,
+		ResourceAllRepos: false,
+	}
+	err = auth.NewAccessToken(t.Context(), token)
+	require.NoError(t, err)
+
+	for _, id := range repoIDs {
+		resource := &auth.AccessTokenResourceRepo{
+			TokenID: token.ID,
+			RepoID:  id,
+		}
+		_, err = db.GetEngine(t.Context()).Insert(resource)
+		require.NoError(t, err)
+	}
+
+	return token.Token
+}
+
 // assertAccessToken retrieves a token from "/user/settings/applications" and returns it.
 // It will also assert that the page contains a token.
 func assertAccessToken(t testing.TB, session *TestSession) string {

From 9c8ae0622f9e76662b90159eb1a058b0aa438d55 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 28 Feb 2026 02:11:18 +0100
Subject: [PATCH 366/854] Update dependency minimatch to v10.2.3 [SECURITY]
 (forgejo) (#11441)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11441
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 26 +++++++++++++-------------
 package.json      |  2 +-
 2 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3f60a489a2..7c747b635c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -57,7 +57,7 @@
         "katex": "0.16.27",
         "mermaid": "11.12.2",
         "mini-css-extract-plugin": "2.10.0",
-        "minimatch": "10.2.1",
+        "minimatch": "10.2.3",
         "pdfobject": "2.3.0",
         "postcss": "8.5.6",
         "postcss-loader": "8.2.1",
@@ -11791,39 +11791,39 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "10.2.1",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.1.tgz",
-      "integrity": "sha512-MClCe8IL5nRRmawL6ib/eT4oLyeKMGCghibcDWK+J0hh0Q8kqSdia6BvbRMVk6mPa6WqUa5uR2oxt6C5jd533A==",
+      "version": "10.2.3",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.3.tgz",
+      "integrity": "sha512-Rwi3pnapEqirPSbWbrZaa6N3nmqq4Xer/2XooiOKyV3q12ML06f7MOuc5DVH8ONZIFhwIYQ3yzPH4nt7iWHaTg==",
       "license": "BlueOak-1.0.0",
       "dependencies": {
         "brace-expansion": "^5.0.2"
       },
       "engines": {
-        "node": "20 || >=22"
+        "node": "18 || 20 || >=22"
       },
       "funding": {
         "url": "https://github.com/sponsors/isaacs"
       }
     },
     "node_modules/minimatch/node_modules/balanced-match": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.3.tgz",
-      "integrity": "sha512-1pHv8LX9CpKut1Zp4EXey7Z8OfH11ONNH6Dhi2WDUt31VVZFXZzKwXcysBgqSumFCmR+0dqjMK5v5JiFHzi0+g==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
+      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
       "license": "MIT",
       "engines": {
-        "node": "20 || >=22"
+        "node": "18 || 20 || >=22"
       }
     },
     "node_modules/minimatch/node_modules/brace-expansion": {
-      "version": "5.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.2.tgz",
-      "integrity": "sha512-Pdk8c9poy+YhOgVWw1JNN22/HcivgKWwpxKq04M/jTmHyCZn12WPJebZxdjSa5TmBqISrUSgNYU3eRORljfCCw==",
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
+      "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^4.0.2"
       },
       "engines": {
-        "node": "20 || >=22"
+        "node": "18 || 20 || >=22"
       }
     },
     "node_modules/minimist": {
diff --git a/package.json b/package.json
index 733ffaa36e..8587455187 100644
--- a/package.json
+++ b/package.json
@@ -56,7 +56,7 @@
     "katex": "0.16.27",
     "mermaid": "11.12.2",
     "mini-css-extract-plugin": "2.10.0",
-    "minimatch": "10.2.1",
+    "minimatch": "10.2.3",
     "pdfobject": "2.3.0",
     "postcss": "8.5.6",
     "postcss-loader": "8.2.1",

From f21955caa52abcde4a2439cfaa3c62352a85517a Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 28 Feb 2026 18:00:23 +0100
Subject: [PATCH 367/854] feat: implement repo-specific access tokens in git
 operations (#11452)

Repository-specific personal access tokens will allow a user's access tokens to be restricted to accessing zero-or-more specific repositories.  Currently they can be configured as "All", or "Public only", and this project will add a third configuration option allowing specific repositories.

This PR is part of a series (#11311), and builds on the infrastructure work in #11434.  In this PR, repository-specific access tokens are implemented in `CheckRepoScopedToken`, which is a specific codepath used by git operations to check the permissions of an access token.

For larger context on the usage and future incoming work, the description of #11311 can be referenced.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
    - As repo-specific access tokens are not exposed to end-users, this PR does not require release notes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11452
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 services/context/permission.go        | 25 ++++++++++
 tests/integration/git_test.go         | 66 +++++++++++++++++++++++++++
 tests/integration/integration_test.go |  2 -
 3 files changed, 91 insertions(+), 2 deletions(-)

diff --git a/services/context/permission.go b/services/context/permission.go
index 483758141c..b1d02f135c 100644
--- a/services/context/permission.go
+++ b/services/context/permission.go
@@ -7,9 +7,11 @@ import (
 	"net/http"
 
 	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/perm"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unit"
 	"forgejo.org/modules/log"
+	"forgejo.org/services/authz"
 )
 
 // RequireRepoAdmin returns a middleware for requiring repository admin permission
@@ -159,4 +161,27 @@ func CheckRepoScopedToken(ctx *Context, repo *repo_model.Repository, level auth_
 			return
 		}
 	}
+
+	reducer, ok := ctx.Data["ApiTokenReducer"].(authz.AuthorizationReducer)
+	if ok {
+		var accessMode perm.AccessMode
+		switch level {
+		case auth_model.Read:
+			accessMode = perm.AccessModeRead
+		case auth_model.Write:
+			accessMode = perm.AccessModeWrite
+		case auth_model.NoAccess:
+			fallthrough
+		default:
+			accessMode = perm.AccessModeNone
+		}
+		actualAccessMode, err := reducer.ReduceRepoAccess(ctx, repo, accessMode)
+		if err != nil {
+			ctx.ServerError("HasScope", err)
+			return
+		} else if actualAccessMode != accessMode {
+			ctx.Error(http.StatusForbidden)
+			return
+		}
+	}
 }
diff --git a/tests/integration/git_test.go b/tests/integration/git_test.go
index 2a68f22f93..f61338e4ee 100644
--- a/tests/integration/git_test.go
+++ b/tests/integration/git_test.go
@@ -1265,3 +1265,69 @@ func doTestPushMessages(ctx APITestContext, u *url.URL, objectFormat git.ObjectF
 		doAPIDeleteRepository(ctx)(t)
 	}
 }
+
+// Cloning a git repo uses CheckRepoScopedToken to validate a PAT; here we run that through all variations of access
+// token resource access.
+func TestCloneAccessTokenResources(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		t.Run("all access token", func(t *testing.T) {
+			session := loginUser(t, "user2")
+			allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+			u.User = url.UserPassword("token", allToken)
+
+			t.Run("allowed public repo1", func(t *testing.T) {
+				u.Path = "/user2/repo1.git"
+				doGitClone(t.TempDir(), u)(t)
+			})
+			t.Run("allowed private repo2", func(t *testing.T) {
+				u.Path = "/user2/repo2.git"
+				require.NoError(t, git.CloneWithArgs(t.Context(), git.AllowLFSFiltersArgs(), u.String(), t.TempDir(), git.CloneRepoOptions{}))
+			})
+			// repo16 is a second repo used in fine-grain testing below, so we include it in other tests as a baseline
+			t.Run("allowed private repo16", func(t *testing.T) {
+				u.Path = "/user2/repo16.git"
+				require.NoError(t, git.CloneWithArgs(t.Context(), git.AllowLFSFiltersArgs(), u.String(), t.TempDir(), git.CloneRepoOptions{}))
+			})
+		})
+
+		t.Run("public-only access token", func(t *testing.T) {
+			session := loginUser(t, "user2")
+			publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadRepository)
+			u.User = url.UserPassword("token", publicOnlyToken)
+
+			t.Run("allowed public repo1", func(t *testing.T) {
+				u.Path = "/user2/repo1.git"
+				doGitClone(t.TempDir(), u)(t)
+			})
+			t.Run("denied private repo2", func(t *testing.T) {
+				u.Path = "/user2/repo2.git"
+				doGitCloneFail(u)(t)
+			})
+			t.Run("denied private repo16", func(t *testing.T) {
+				u.Path = "/user2/repo16.git"
+				doGitCloneFail(u)(t)
+			})
+		})
+
+		t.Run("specific repo access token", func(t *testing.T) {
+			repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+				[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadRepository},
+				[]int64{2},
+			)
+			u.User = url.UserPassword("token", repo2OnlyToken)
+
+			t.Run("allowed public repo1", func(t *testing.T) {
+				u.Path = "/user2/repo1.git"
+				doGitClone(t.TempDir(), u)(t)
+			})
+			t.Run("allowed inside fine-grain repo2", func(t *testing.T) {
+				u.Path = "/user2/repo2.git"
+				require.NoError(t, git.CloneWithArgs(t.Context(), git.AllowLFSFiltersArgs(), u.String(), t.TempDir(), git.CloneRepoOptions{}))
+			})
+			t.Run("denied private outside fine-grain repo16", func(t *testing.T) {
+				u.Path = "/user2/repo16.git"
+				doGitCloneFail(u)(t)
+			})
+		})
+	})
+}
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index 6141ceedd2..de915b3cbf 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -512,8 +512,6 @@ func createApplicationSettingsToken(t testing.TB, session *TestSession, name str
 // TODO: currently this is implemented with direct DB access, which is somewhat against the grain for the integration
 // tests.  But fine-grained repo access tokens don't currently have an API or Web UI to create or manage them.  This
 // should be reimplemented when one of those alternatives lands.
-//
-//nolint:unused // Will be used in the near future.
 func createFineGrainedRepoAccessToken(t testing.TB, username string, scopes []auth.AccessTokenScope, repoIDs []int64) string {
 	user, err := user_model.GetUserByName(t.Context(), username)
 	require.NoError(t, err)

From 48da8f9888a46f4d3bb1981da50bc2b8f0fcfda2 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 28 Feb 2026 19:47:06 +0100
Subject: [PATCH 368/854] feat: implement repo-specific access tokens broadly
 for universal API permission checks (#11437)

Repository-specific personal access tokens will allow a user's access tokens to be restricted to accessing zero-or-more specific repositories.  Currently they can be configured as "All", or "Public only", and this project will add a third configuration option allowing specific repositories.

This PR is part of a series (#11311), and builds on the infrastructure work in #11434.  In this PR, repository-specific access tokens are implemented on the universal permission checks performed by the API middleware, affecting ~182 API endpoints that perform permission checks based upon repositories referenced in their API path (eg. `/v1/api/repos/{owner}/{repo}/...`).

**Breaking change:** API access with a public-only access token would previously return a `403 Forbidden` error when attempting to access a private repository where the repository is on the API path.  As part of incorporating the public-only logic into the centralized permission check, these APIs will now return `404 Not Found` instead, consistent with how repository-specific access tokens, and other permissions checks, are implemented in order to reduce the risk of data probing through error messages.

For larger context on the usage and future incoming work, the description of #11311 can be referenced.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
    - As there is no end-user accessibility to create repo-specific access tokens, this functionality will not be accessible to end-users yet.  But the breaking change in error APIs for public-only access tokens will be visible to end-users.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Breaking features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11437): <!--number 11437 --><!--line 0 --><!--description aW1wbGVtZW50IHJlcG8tc3BlY2lmaWMgYWNjZXNzIHRva2VucyBicm9hZGx5IGZvciB1bml2ZXJzYWwgQVBJIHBlcm1pc3Npb24gY2hlY2tzLiAgKipCcmVha2luZzoqKiBBUEkgYWNjZXNzIHdpdGggYSBwdWJsaWMtb25seSBhY2Nlc3MgdG9rZW4gd291bGQgcHJldmlvdXNseSByZXR1cm4gYSBgNDAzIEZvcmJpZGRlbmAgZXJyb3Igd2hlbiBhdHRlbXB0aW5nIHRvIGFjY2VzcyBhIHByaXZhdGUgcmVwb3NpdG9yeSB3aGVyZSB0aGUgcmVwb3NpdG9yeSBpcyBvbiB0aGUgQVBJIHBhdGguICBBcyBwYXJ0IG9mIGluY29ycG9yYXRpbmcgdGhlIHB1YmxpYy1vbmx5IGxvZ2ljIGludG8gdGhlIGNlbnRyYWxpemVkIHBlcm1pc3Npb24gY2hlY2ssIHRoZXNlIEFQSXMgd2lsbCBub3cgcmV0dXJuIGA0MDQgTm90IEZvdW5kYCBpbnN0ZWFkLCBjb25zaXN0ZW50IHdpdGggaG93IG1vc3QgcGVybWlzc2lvbiBjaGVja3MgYXJlIGltcGxlbWVudGVkIGluIG9yZGVyIHRvIHJlZHVjZSB0aGUgcmlzayBvZiBkYXRhIHByb2JpbmcgdGhyb3VnaCBlcnJvciBtZXNzYWdlcy4=-->implement repo-specific access tokens broadly for universal API permission checks.  **Breaking:** API access with a public-only access token would previously return a `403 Forbidden` error when attempting to access a private repository where the repository is on the API path.  As part of incorporating the public-only logic into the centralized permission check, these APIs will now return `404 Not Found` instead, consistent with how most permission checks are implemented in order to reduce the risk of data probing through error messages.<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11437
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .deadcode-out                             |  1 -
 release-notes/11437.md                    |  1 +
 routers/api/v1/api.go                     |  4 +-
 tests/integration/api_issue_test.go       |  2 +-
 tests/integration/api_repo_branch_test.go |  8 +--
 tests/integration/api_repo_test.go        | 77 +++++++++++++++++++++++
 6 files changed, 85 insertions(+), 8 deletions(-)
 create mode 100644 release-notes/11437.md

diff --git a/.deadcode-out b/.deadcode-out
index b347989b6b..6d2c35e374 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -49,7 +49,6 @@ forgejo.org/models/organization
 	SearchMembersOptions.ToConds
 
 forgejo.org/models/perm/access
-	GetUserRepoPermissionWithReducer
 	GetRepoWriters
 
 forgejo.org/models/user
diff --git a/release-notes/11437.md b/release-notes/11437.md
new file mode 100644
index 0000000000..a23942d486
--- /dev/null
+++ b/release-notes/11437.md
@@ -0,0 +1 @@
+feat: implement repo-specific access tokens broadly for universal API permission checks.  **Breaking:** API access with a public-only access token would previously return a `403 Forbidden` error when attempting to access a private repository where the repository is on the API path.  As part of incorporating the public-only logic into the centralized permission check, these APIs will now return `404 Not Found` instead, consistent with how most permission checks are implemented in order to reduce the risk of data probing through error messages.
\ No newline at end of file
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index dbeb916ca6..b680dd50ac 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -209,9 +209,9 @@ func repoAssignment() func(ctx *context.APIContext) {
 				ctx.Repo.UnitsMode[u.Type] = ctx.Repo.AccessMode
 			}
 		} else {
-			ctx.Repo.Permission, err = access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+			ctx.Repo.Permission, err = access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
 			if err != nil {
-				ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
+				ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
 				return
 			}
 		}
diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go
index 43258562c6..554155e5f7 100644
--- a/tests/integration/api_issue_test.go
+++ b/tests/integration/api_issue_test.go
@@ -178,7 +178,7 @@ func TestAPIListIssuesPublicOnly(t *testing.T) {
 
 	publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue, auth_model.AccessTokenScopePublicOnly)
 	req = NewRequest(t, "GET", link.String()).AddTokenAuth(publicOnlyToken)
-	MakeRequest(t, req, http.StatusForbidden)
+	MakeRequest(t, req, http.StatusNotFound)
 }
 
 func TestAPICreateIssue(t *testing.T) {
diff --git a/tests/integration/api_repo_branch_test.go b/tests/integration/api_repo_branch_test.go
index a80ced6f12..dd378dc23c 100644
--- a/tests/integration/api_repo_branch_test.go
+++ b/tests/integration/api_repo_branch_test.go
@@ -33,7 +33,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) {
 		// public only token should be forbidden
 		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteRepository)
 		link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches", repo3.Name)) // a plain repo
-		MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden)
+		MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(publicOnlyToken), http.StatusNotFound)
 
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
 		resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK)
@@ -47,7 +47,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) {
 		assert.Equal(t, "master", branches[1].Name)
 
 		link2, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch", repo3.Name))
-		MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden)
+		MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(publicOnlyToken), http.StatusNotFound)
 
 		resp = MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(token), http.StatusOK)
 		bs, err = io.ReadAll(resp.Body)
@@ -56,7 +56,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) {
 		require.NoError(t, json.Unmarshal(bs, &branch))
 		assert.Equal(t, "test_branch", branch.Name)
 
-		MakeRequest(t, NewRequest(t, "POST", link.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden)
+		MakeRequest(t, NewRequest(t, "POST", link.String()).AddTokenAuth(publicOnlyToken), http.StatusNotFound)
 
 		req := NewRequest(t, "POST", link.String()).AddTokenAuth(token)
 		req.Header.Add("Content-Type", "application/json")
@@ -82,7 +82,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) {
 
 		link3, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch2", repo3.Name))
 		MakeRequest(t, NewRequest(t, "DELETE", link3.String()), http.StatusNotFound)
-		MakeRequest(t, NewRequest(t, "DELETE", link3.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden)
+		MakeRequest(t, NewRequest(t, "DELETE", link3.String()).AddTokenAuth(publicOnlyToken), http.StatusNotFound)
 
 		MakeRequest(t, NewRequest(t, "DELETE", link3.String()).AddTokenAuth(token), http.StatusNoContent)
 		require.NoError(t, err)
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index 3dd79c8ebe..03d70e0fd6 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -289,6 +289,83 @@ func TestAPIViewRepo(t *testing.T) {
 	assert.Equal(t, 1, repo.Stars)
 }
 
+// `/repos/{username}/{reponame}` uses repoAssignment() middleware -- this test runs that middleware through all
+// variations of access token resource access.
+func TestAPIViewRepoAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	var repo api.Repository
+
+	t.Run("all access token", func(t *testing.T) {
+		session := loginUser(t, "user2")
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+
+		t.Run("allowed public repo1", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1").AddTokenAuth(allToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.False(t, repo.Private)
+		})
+		t.Run("allowed private repo2", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo2").AddTokenAuth(allToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.True(t, repo.Private)
+		})
+		// repo16 is a second repo used in fine-grain testing below, so we include it in other tests as a baseline
+		t.Run("allowed private repo16", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16").AddTokenAuth(allToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.True(t, repo.Private)
+		})
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		session := loginUser(t, "user2")
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadRepository)
+
+		t.Run("allowed public repo1", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1").AddTokenAuth(publicOnlyToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.False(t, repo.Private)
+		})
+		t.Run("denied private repo2", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo2").AddTokenAuth(publicOnlyToken)
+			MakeRequest(t, req, http.StatusNotFound)
+		})
+		t.Run("denied private repo16", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16").AddTokenAuth(publicOnlyToken)
+			MakeRequest(t, req, http.StatusNotFound)
+		})
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadRepository},
+			[]int64{2},
+		)
+
+		t.Run("allowed public repo1", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo1").AddTokenAuth(repo2OnlyToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.False(t, repo.Private)
+		})
+		t.Run("allowed inside fine-grain repo2", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo2").AddTokenAuth(repo2OnlyToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.True(t, repo.Private)
+		})
+		t.Run("denied private outside fine-grain repo16", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/repos/user2/repo16").AddTokenAuth(repo2OnlyToken)
+			MakeRequest(t, req, http.StatusNotFound)
+		})
+	})
+}
+
 // Validate that private information on the user profile isn't exposed by way of being an owner of a public repository.
 func TestAPIViewRepoOwnerSettings(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()

From 77282e9ca10aaf5a1d30c0873daaa4ae1dde25d4 Mon Sep 17 00:00:00 2001
From: Codeberg Translate <translate@codeberg.org>
Date: Sun, 1 Mar 2026 08:04:28 +0000
Subject: [PATCH 369/854] i18n: update of translations from Codeberg Translate

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Benedikt Straub <benedikt-straub@web.de>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Co-authored-by: Edgarsons <edgarsons@noreply.codeberg.org>
Co-authored-by: Fjuro <fjuro@noreply.codeberg.org>
Co-authored-by: Laquin <laquin@noreply.codeberg.org>
Co-authored-by: Salif Mehmed <mail@salif.eu>
Co-authored-by: SomeTr <sometr@noreply.codeberg.org>
Co-authored-by: Tamil <tamil@noreply.codeberg.org>
Co-authored-by: Vaibhav Sunder <vaibhavswire@gmail.com>
Co-authored-by: Vyxie <kitakita@disroot.org>
Co-authored-by: daltux <daltux@noreply.codeberg.org>
Co-authored-by: hanklank <hanklank@noreply.codeberg.org>
Co-authored-by: hasecilu <hasecilu@noreply.codeberg.org>
Co-authored-by: jimkats <jimkats@noreply.codeberg.org>
Co-authored-by: jlsun <jlsun@noreply.codeberg.org>
Co-authored-by: justbispo <justbispo@noreply.codeberg.org>
Co-authored-by: lanticy <lanticy@noreply.codeberg.org>
Co-authored-by: mahlzahn <mahlzahn@posteo.de>
Co-authored-by: vmtj <vmtj@noreply.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/bg/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/el/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fil/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/it/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/lv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ta/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hant/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hant_HK/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/bg/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/el/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/hi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/zh_Hant/
Translation: Forgejo/forgejo
Translation: Forgejo/forgejo-next
---
 options/locale/locale_bg.ini          |  230 ++-
 options/locale/locale_ca.ini          |  109 +-
 options/locale/locale_el-GR.ini       |    4 +-
 options/locale/locale_es-ES.ini       |    4 +-
 options/locale/locale_hi.ini          |    3 +
 options/locale/locale_pt-BR.ini       |   32 +-
 options/locale/locale_sv-SE.ini       |  354 ++---
 options/locale/locale_uk-UA.ini       |    4 +-
 options/locale/locale_zh-CN.ini       | 1878 ++++++++++++-------------
 options/locale/locale_zh-TW.ini       |    1 +
 options/locale_next/locale_ar.json    |    1 -
 options/locale_next/locale_be.json    |    1 -
 options/locale_next/locale_bg.json    |   65 +-
 options/locale_next/locale_ca.json    |    1 -
 options/locale_next/locale_cs-CZ.json |   45 +-
 options/locale_next/locale_da.json    |   21 -
 options/locale_next/locale_de-DE.json |   47 +-
 options/locale_next/locale_el-GR.json |   28 +-
 options/locale_next/locale_es-ES.json |   64 +-
 options/locale_next/locale_fi-FI.json |   21 -
 options/locale_next/locale_fil.json   |   55 +-
 options/locale_next/locale_fr-FR.json |   22 -
 options/locale_next/locale_ga.json    |   18 -
 options/locale_next/locale_it-IT.json |   26 +-
 options/locale_next/locale_ja-JP.json |   17 -
 options/locale_next/locale_ka.json    |    3 -
 options/locale_next/locale_kab.json   |    3 -
 options/locale_next/locale_lv-LV.json |   56 +-
 options/locale_next/locale_nb_NO.json |    1 -
 options/locale_next/locale_nds.json   |   47 +-
 options/locale_next/locale_nl-NL.json |   22 -
 options/locale_next/locale_pl-PL.json |   22 -
 options/locale_next/locale_pt-BR.json |   27 +-
 options/locale_next/locale_pt-PT.json |   45 +-
 options/locale_next/locale_ru-RU.json |   75 +-
 options/locale_next/locale_sv-SE.json |   57 +-
 options/locale_next/locale_ta.json    |   59 +-
 options/locale_next/locale_th.json    |   21 -
 options/locale_next/locale_tr-TR.json |   17 -
 options/locale_next/locale_uk-UA.json |   55 +-
 options/locale_next/locale_zh-CN.json |  379 +++--
 options/locale_next/locale_zh-HK.json |    4 +-
 options/locale_next/locale_zh-TW.json |   36 +-
 43 files changed, 1956 insertions(+), 2024 deletions(-)

diff --git a/options/locale/locale_bg.ini b/options/locale/locale_bg.ini
index 934c1508bc..dbb5a5e65f 100644
--- a/options/locale/locale_bg.ini
+++ b/options/locale/locale_bg.ini
@@ -140,6 +140,8 @@ tracked_time_summary = Обобщение на проследеното врем
 active_stopwatch = Активен тракер за време
 access_token = Токен за достъп
 passcode = Паскод
+rerun_all = Повторно изпълнение на всички задания
+download_logs = Изтегляне на дневниците
 
 [settings]
 ui = Тема
@@ -382,6 +384,88 @@ quota.sizes.wiki = Уики
 quota.sizes.all = Всички
 quota.sizes.repos.all = Хранилища
 quota.sizes.assets.attachments.issues = Прикачени файлове към задачи
+openid_deletion = Премахване на OpenID адрес
+openid_deletion_desc = Премахването на този OpenID адрес от вашия акаунт ще ви попречи да влизате с него. Продължаване?
+openid_deletion_success = OpenID адресът е премахнат.
+add_new_openid = Добавяне на нов OpenID URI
+add_openid = Добавяне на OpenID URI
+add_openid_success = Новият OpenID адрес е добавен.
+openid_desc = OpenID ви позволява да делегирате удостоверяването на външен доставчик.
+ssh_desc = Тези публични SSH ключове са свързани с вашия акаунт. Съответните частни ключове позволяват пълен достъп до вашите хранилища. SSH ключове, които са потвърдени, могат да се използват за проверка на SSH-подписани Git подавания.
+principal_desc = Тези SSH certificate principals са свързани с вашия акаунт и позволяват пълен достъп до вашите хранилища.
+gpg_desc = Тези публични GPG ключове са свързани с вашия акаунт и се използват за потвърждаване на вашите подавания. Пазете частните си ключове в безопасност, тъй като те позволяват подписване на подавания с вашата самоличност.
+add_new_principal = Добавяне на principal
+ssh_principal_been_used = Този principal вече е добавен към сървъра.
+gpg_no_key_email_found = Този GPG ключ не съвпада с нито един активиран адрес за ел. поща, свързан с вашия акаунт. Той все пак може да бъде добавен, ако подпишете предоставения токен.
+gpg_key_matched_identities = Съвпадащи самоличности:
+gpg_key_matched_identities_long = Вградените самоличности в този ключ съвпадат със следните активирани адреси за ел. поща на този потребител. Подавания, които съвпадат с тези адреси, могат да бъдат проверени с този ключ.
+gpg_key_verified = Потвърден ключ
+gpg_key_verified_long = Ключът е потвърден с токен и може да се използва за проверка на подавания, които съвпадат с активирани адреси за ел. поща на този потребител, в допълнение към всички съвпадащи самоличности за този ключ.
+gpg_key_verify = Потвърждаване
+gpg_invalid_token_signature = Предоставените GPG ключ, подпис и токен не съвпадат или токенът е изтекъл.
+gpg_token_required = Трябва да предоставите подпис за токена по-долу
+gpg_token = Токен
+gpg_token_help = Можете да генерирате подпис чрез:
+gpg_token_signature = Брониран (Armored) GPG подпис
+verify_gpg_key_success = GPG ключът „%s“ е потвърден.
+ssh_key_verified = Потвърден ключ
+ssh_key_verified_long = Ключът е потвърден с токен и може да се използва за проверка на подавания, които съвпадат с активирани адреси за ел. поща на този потребител.
+ssh_key_verify = Потвърждаване
+ssh_invalid_token_signature = Предоставените SSH ключ, подпис или токен не съвпадат, или токенът е изтекъл.
+ssh_token_required = Трябва да предоставите подпис за токена по-долу
+ssh_token = Токен
+ssh_token_help = Можете да генерирате подпис чрез:
+ssh_token_help_ssh_agent = или ако използвате SSH агент (със зададена променлива SSH_AUTH_SOCK):
+ssh_token_signature = Брониран (Armored) SSH подпис
+verify_ssh_key_success = SSH ключът „%s“ е потвърден.
+subkeys = Подключове
+add_principal_success = SSH certificate principal „%s“ е добавен.
+ssh_principal_deletion = Премахване на SSH Certificate Principal
+ssh_key_deletion_desc = Премахването на SSH ключ отнема достъпа му до вашия акаунт. Продължаване?
+gpg_key_deletion_desc = Премахването на GPG ключ премахва потвърждението на подаванията, подписани от него. Продължаване?
+ssh_principal_deletion_desc = Премахването на SSH Certificate Principal отнема достъпа му до вашия акаунт. Продължаване?
+ssh_principal_deletion_success = Този principal е премахнат.
+token_state_desc = Този токен е използван през последните 7 дни
+principal_state_desc = Този principal е използван през последните 7 дни
+ssh_signonly = В момента SSH е изключен, затова тези ключове се използват само за проверка на подписи на подавания.
+manage_access_token = Токени за достъп
+generate_new_token = Генериране на нов токен
+tokens_desc = Тези токени дават достъп до вашия акаунт чрез Forgejo API.
+token_name = Име на токена
+generate_token = Генериране на токен
+generate_token_success = Новият ви токен е генериран. Копирайте го сега, тъй като няма да бъде показан отново.
+access_token_deletion = Изтриване на токен за достъп
+access_token_deletion_desc = Изтриването на токен ще отнеме достъпа до вашия акаунт за приложенията, които го използват. Това не може да бъде отменено. Продължаване?
+delete_token_success = Токенът е изтрит. Приложенията, които го използват, вече нямат достъп до вашия акаунт.
+regenerate_token = Повторно генериране
+access_token_regeneration = Повторно генериране на токен за достъп
+access_token_regeneration_desc = Повторното генериране на токен ще отнеме достъпа до вашия акаунт за приложенията, които го използват. Това не може да бъде отменено. Продължаване?
+regenerate_token_success = Токенът е генериран повторно. Приложенията, които го използват, вече нямат достъп до вашия акаунт и трябва да бъдат обновени с новия токен.
+select_permissions = Избор на разрешения
+at_least_one_permission = Трябва да изберете поне едно разрешение, за да създадете токен
+access_token_desc = Избраните разрешения на токена ограничават упълномощаването само до съответните <a href="%[1]s" target="_blank">API</a> маршрути. Прочетете <a href="%[2]s" target="_blank">документацията</a> за повече информация.
+oauth2_confidential_client = Поверителен клиент. Изберете за приложения, които пазят тайната поверителна, като например уеб приложения. Не избирайте за нейтив приложения (настолни и мобилни).
+oauth2_redirect_uris = URI за пренасочване. Моля, използвайте нов ред за всеки URI.
+oauth2_client_id = ID на клиента
+oauth2_client_secret = Тайна на клиента
+oauth2_regenerate_secret = Повторно генериране на тайна
+oauth2_regenerate_secret_hint = Загубили сте тайната си?
+oauth2_application_create_description = OAuth2 приложенията дават достъп на вашето външно приложение до потребителски акаунти в тази инстанция.
+oauth2_application_remove_description = Премахването на OAuth2 приложение ще му попречи да осъществява достъп до упълномощени потребителски акаунти в тази инстанция. Продължаване?
+oauth2_application_locked = Forgejo предварително регистрира някои OAuth2 приложения при стартиране, ако е включено в конфигурацията. За да се предотврати неочаквано поведение, те не могат да бъдат нито редактирани, нито премахнати. Моля, вижте документацията на OAuth2 за повече информация.
+authorized_oauth2_applications_description = Предоставили сте достъп до личния си акаунт във Forgejo на тези външни приложения. Моля, отнемете достъпа за приложения, които вече не използвате.
+twofa_scratch_token_regenerate = Повторно генериране на ключ за еднократно възстановяване
+twofa_scratch_token_regenerated = Вашият ключ за еднократно възстановяване вече е %s. Съхранете го на сигурно място, тъй като няма да бъде показан отново.
+or_enter_secret = Или въведете тайната: %s
+then_enter_passcode = И въведете паскода, показан в приложението:
+passcode_invalid = Паскодът е неправилен. Опитайте отново.
+twofa_enrolled = Вашият акаунт беше успешно включен. Съхранете ключа си за еднократно възстановяване (%s) на сигурно място, тъй като няма да бъде показан отново.
+twofa_failed_get_secret = Неуспешно получаване на тайната.
+webauthn_desc = Ключовете за сигурност са хардуерни устройства, съдържащи криптографски ключове. Те могат да се използват за двуфакторно удостоверяване. Ключовете за сигурност трябва да поддържат стандарта <a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a>.
+manage_account_links_desc = Тези външни акаунти са свързани към вашия акаунт във Forgejo.
+remove_account_link_desc = Премахването на свързан акаунт ще отнеме достъпа му до вашия акаунт във Forgejo. Продължаване?
+remove_account_link_success = Свързаният акаунт е премахнат.
+delete_with_all_comments = Вашият акаунт е създаден преди по-малко от %s. За да се избегнат коментари-призраци, всички коментари към задачи/заявки за сливане ще бъдат изтрити заедно с него.
 
 [packages]
 conan.details.repository = Хранилище
@@ -684,7 +768,7 @@ issues.filter_poster = Автор
 issues.commented_at = `коментира <a href="#%s">%s</a>`
 settings.transfer_desc = Прехвърлете това хранилище на потребител или на организация, за които имате администраторски права.
 settings.archive.button = Архивиране на хранилището
-issues.role.owner_helper = Този потребител е притежателят на това хранилище.
+issues.role.owner_helper = Този потребител е притежател на това хранилище.
 settings.delete_notices_2 = - Тази операция ще изтрие перманентно хранилището <strong>%s</strong>, включително кода, задачите, коментарите, данните на уикито и настройките за сътрудници.
 settings.admin_settings = Администраторски настройки
 issues.role.owner = Притежател
@@ -1057,7 +1141,7 @@ diff.file_byte_size = Размер
 branch.create_success = Клонът „%s“ е създаден.
 branch.deletion_success = Клонът „%s“ е изтрит.
 branch.deletion_failed = Неуспешно изтриване на клона „%s“.
-branch.rename_branch_to = Преименуване от „%s“ на:
+branch.rename_branch_to = Преименуване на клона „%s“.
 settings.web_hook_name_msteams = Microsoft Teams
 settings.web_hook_name_dingtalk = DingTalk
 branch.renamed = Клонът %s е преименуван на %s.
@@ -1196,7 +1280,7 @@ issues.review.resolve_conversation = Решаване на обсъжданет
 diff.comment.markdown_info = Поддържа се стилизиране с Маркдаун.
 diff.file_suppressed = Разликите във файла са потиснати, защото са твърде много
 pulls.reject_count_n = %d поискани промени
-settings.pulls.default_allow_edits_from_maintainers = Позволяване на редакции от поддържащите по подразбиране
+settings.pulls.default_allow_edits_from_maintainers = Позволяване по подразбиране на редакции от поддържащите
 fork_branch = Клон за клониране в разклонението
 issues.review.resolved_by = отбеляза това обсъждане като решено
 issues.role.member = Участник
@@ -1326,7 +1410,7 @@ new_advanced = Разширени настройки
 new_from_template = Използване на шаблон
 new_from_template_description = Можете да изберете съществуващо шаблонно хранилище в тази инстанция и да приложите неговите настройки.
 settings.event_pull_request_comment = Коментари
-repo_gitignore_helper_desc = Изберете кои файлове да не се проследяват от списък с шаблони за обичайните езици. Типичните артефакти, генерирани от инструментите за изграждане, са включени в .gitignore по подразбиране.
+repo_gitignore_helper_desc = Изберете кои файлове да не се проследяват от списък с шаблони за обичайните езици. Типичните артефакти, генерирани от инструментите за изграждане, са включени по подразбиране в .gitignore.
 object_format_helper = Формат на обектите на хранилището. Не може да се променя по-късно. SHA1 е най-съвместим.
 issues.num_reviews_one = %d рецензия
 settings.event_pull_request = Изменение
@@ -1500,7 +1584,7 @@ commits.signed_by_untrusted_user = Подписано от недоверен п
 commits.signed_by_untrusted_user_unmatched = Подписано от недоверен потребител, който не съвпада с подаващия
 issues.lock.notice_1 = - Други потребители не могат да добавят нови коментари към тази задача.
 issues.unlock.notice_2 = - Винаги можете да заключите тази задача отново в бъдеще.
-issues.unlock.title = Отключване на обсъждането по тази задача.
+issues.unlock.title = Отключване на обсъждането
 issues.dependency.no_permission_1 = Нямате разрешение да прочетете %d зависимост
 issues.reopen.blocked_by_user = Не можете да отворите наново тази задача, защото сте блокирани от притежателя на хранилището или от автора на тази задача.
 compare.compare_base = основа
@@ -1582,7 +1666,7 @@ mirror_address_url_invalid = Предоставеният URL е невалид
 template.git_content = Git съдържание (стандартен клон)
 ambiguous_runes_description = `Този файл съдържа Уникод знаци, които могат да бъдат объркани с други знаци. Ако смятате, че това е умишлено, можете спокойно да пренебрегнете това предупреждение. Използвайте бутона „Екраниране“, за да ги разкриете.`
 issues.lock.notice_3 = - Винаги можете да отключите тази задача отново в бъдеще.
-issues.lock.title = Заключване на обсъждането по тази задача.
+issues.lock.title = Заключване на обсъждането
 issues.dependency.issue_batch_close_blocked = Не могат да бъдат затворени групово избраните задачи, защото задача #%d все още има отворени зависимости
 issues.dependency.add_error_cannot_create_circular = Не можете да създадете зависимост с две задачи, които се блокират взаимно.
 issues.review.add_review_requests = поиска рецензии от %[1]s %[2]s
@@ -1655,6 +1739,92 @@ diff.image.side_by_side = Едно до друго
 release.summary_card_alt = Карта с обобщение на издание със заглавие „%s“ в хранилище %s
 release.asset_external_url = Външен URL адрес
 error.csv.too_large = Не може да се визуализира този файл, защото е твърде голям.
+pulls.cmd_instruction_checkout_title = Изтегляне
+pulls.cmd_instruction_merge_title = Сливане
+commit.cherry-pick = Отбиране
+settings.pulls.ignore_whitespace = Игнориране на празните знаци при конфликти
+settings.pulls.enable_autodetect_manual_merge = Включване на автоматично откриване на ръчно сливане (Бележка: В някои специални случаи може да възникнат грешни преценки)
+settings.pulls.allow_rebase_update = Включване на обновяването на клон на заявка за сливане чрез пребазиране
+settings.pulls.default_delete_branch_after_merge = Изтриване по подразбиране на клона на заявката за сливане след сливане
+settings.admin_code_indexer = Индексатор на код
+settings.admin_stats_indexer = Индексатор на статистика на кода
+settings.admin_indexer_commit_sha = Последно индексирано подаване
+settings.admin_indexer_unindexed = Неиндексирано
+settings.reindex_button = Добавяне към опашката за преиндексиране
+settings.reindex_requested = Поискано преиндексиране
+settings.admin_enable_close_issues_via_commit_in_any_branch = Затваряне на задача чрез подаване, направено в клон, различен от стандартния
+settings.new_owner_has_same_repo = Новият притежател вече има хранилище със същото име. Моля, изберете друго име.
+settings.new_owner_blocked_doer = Новият притежател ви е блокирал.
+settings.convert = Преобразуване в обикновено хранилище
+settings.convert_fork = Преобразуване в обикновено хранилище
+settings.convert_fork_confirm = Преобразуване на хранилището
+settings.transfer.rejected = Прехвърлянето на хранилището е отхвърлено.
+settings.transfer.success = Прехвърлянето на хранилището е успешно.
+settings.transfer_abort = Отказ от прехвърлянето
+settings.transfer_abort_invalid = Не можете да отмените несъществуващо прехвърляне на хранилище.
+settings.transfer_abort_success = Прехвърлянето на хранилището към %s е успешно отменено.
+settings.transfer_in_progress = В момента има текущо прехвърляне. Моля, отменете го, ако искате да прехвърлите това хранилище на друг потребител.
+settings.transfer_notices_1 = - Ще загубите достъп до хранилището, ако го прехвърлите на индивидуален потребител.
+settings.transfer_notices_2 = - Ще запазите достъп до хранилището, ако го прехвърлите на организация, която (съ)притежавате.
+settings.transfer_notices_3 = - Ако хранилището е частно и се прехвърля на индивидуален потребител, това действие гарантира, че потребителят има поне разрешение за четене (и променя разрешенията, ако е необходимо).
+settings.transfer_perform = Извършване на прехвърлянето
+settings.transfer_started = Това хранилище е отбелязано за прехвърляне и очаква потвърждение от „%s“
+settings.transfer_succeed = Хранилището е прехвърлено.
+settings.transfer_quota_exceeded = Новият притежател (%s) е надвишил квотата си. Хранилището не е прехвърлено.
+settings.wiki_rename_branch_main = Нормализиране на името на клона на уикито
+settings.wiki_rename_branch_main_desc = Преименуване на клона, използван вътрешно от уикито, на „%s“. Тази промяна е перманентна и не може да бъде отменена.
+settings.wiki_rename_branch_main_notices_1 = Тази операция <strong>НЕ МОЖЕ</strong> да бъде отменена.
+settings.wiki_branch_rename_success = Името на клона на уикито на хранилището е нормализирано успешно.
+settings.wiki_branch_rename_failure = Неуспешно нормализиране на името на клона на уикито на хранилището.
+settings.update_settings_no_unit = Хранилището трябва да позволява поне някакъв вид взаимодействие.
+settings.change_team_access_not_allowed = Промяната на достъпа на екипа до хранилището е ограничена до притежателя на организацията
+settings.team_not_in_organization = Екипът не е в същата организация като хранилището
+settings.add_team_success = Екипът вече има достъп до хранилището.
+settings.change_team_permission_tip = Разрешението на екипа се задава на страницата с настройки на екипа и не може да се променя за отделно хранилище
+settings.delete_team_tip = Този екип има достъп до всички хранилища и не може да бъде премахнат
+settings.remove_team_success = Достъпът на екипа до хранилището е премахнат.
+settings.add_webhook.invalid_channel_name = Името на канала на уеб-куката не може да бъде празно и не може да съдържа само знак #.
+settings.add_webhook.invalid_path = Пътят не трябва да съдържа част, която е „.“ или „..“ или празен низ. Той не може да започва или завършва с наклонена черта.
+settings.hooks_desc = Уеб-куките автоматично правят HTTP POST заявки към сървър, когато се задействат определени събития във Forgejo. Прочетете повече в <a target="_blank" rel="noopener noreferrer" href="%s">ръководството за уеб-куки</a>.
+settings.webhook_deletion = Премахване на уеб-кука
+settings.webhook_deletion_desc = Премахването на уеб-кука изтрива нейните настройки и историята на доставките. Продължаване?
+settings.webhook_deletion_success = Уеб-куката е премахната.
+settings.webhook.test_delivery = Тестване на доставката
+settings.webhook.test_delivery_desc = Тествайте тази уеб-кука с фалшиво събитие.
+settings.webhook.test_delivery_desc_disabled = За да тествате тази уеб-кука с фалшиво събитие, я активирайте.
+settings.webhook.replay.description = Повторно изпълнение на тази уеб-кука.
+settings.webhook.replay.description_disabled = За да изпълните повторно тази уеб-кука, я активирайте.
+settings.webhook.delivery.success = Събитие е добавено към опашката за доставка. Може да отнеме няколко секунди, преди да се появи в историята на доставките.
+settings.githooks_desc = Git куките се задвижват от самия Git. Можете да редактирате файловете с куки по-долу, за да настроите персонализирани операции.
+settings.githook_edit_desc = Ако куката е неактивна, ще бъде представено примерно съдържание. Оставянето на съдържанието с празна стойност ще изключи тази кука.
+settings.githook_name = Име на куката
+settings.githook_content = Съдържание на куката
+settings.update_githook = Обновяване на куката
+settings.add_webhook_desc = Forgejo ще изпраща <code>POST</code> заявки с определен Content-Type до целевия URL адрес. Прочетете повече в <a target="_blank" rel="noopener noreferrer" href="%s">ръководството за уеб-куки</a>.
+settings.payload_url = Целеви URL адрес
+settings.secret = Тайна
+settings.branches.switch_default_branch = Превключване на стандартния клон
+settings.branches.add_new_rule = Добавяне на ново правило
+settings.protected_branch.save_rule = Запазване на правилото
+settings.protected_branch.delete_rule = Изтриване на правилото
+settings.protect_disable_push = Изключване на изтласкването
+settings.protect_disable_push_desc = Към този клон няма да бъде разрешено никакво изтласкване.
+settings.protect_enable_push = Включване на изтласкването
+settings.protect_enable_push_desc = Всеки с достъп за писане ще има право да изтласква към този клон (но не и принудително изтласкване).
+settings.protect_enable_merge = Включване на сливането
+settings.protect_enable_merge_desc = Всеки с достъп за писане ще има право да слива заявки за сливане в този клон.
+settings.require_signed_commits = Изискване на подписани подавания
+settings.require_signed_commits_desc = Отхвърляне на изтласквания към този клон, ако те са неподписани или не могат да бъдат потвърдени.
+settings.enforce_on_admins = Принудително прилагане на това правило за администраторите на хранилището
+settings.enforce_on_admins_desc = Администраторите на хранилището не могат да заобикалят това правило.
+settings.merge_style_desc = Стилове на сливане
+settings.default_merge_style_desc = Стил на сливане по подразбиране
+settings.choose_branch = Изберете клон…
+settings.edit_protected_branch = Редактиране
+settings.chat_id = ID на чата
+settings.thread_id = ID на нишката
+settings.matrix.room_id = ID на стаята
+settings.matrix.message_type = Тип съобщение
 
 [modal]
 confirm = Потвърждаване
@@ -1689,6 +1859,7 @@ link_modal.header = Добавяне на връзка
 buttons.indent.tooltip = Вмъкване на елементи с едно ниво
 buttons.unindent.tooltip = Изваждане на елементи с едно ниво
 link_modal.paste_reminder = Подсказка: С URL адрес в клипборда можете да поставите директно в редактора, за да създадете връзка.
+link_modal.url = Адрес
 
 [org]
 teams.write_access = Писане
@@ -1831,7 +2002,7 @@ docker_helper = Ако стартирате Forgejo в Docker, моля, про
 sqlite_helper = Път на файла за SQLite3 базата данни.<br>Въведете абсолютен път, ако стартирате Forgejo като service.
 err_empty_admin_email = Администраторският адрес за ел. поща не може да бъде празен.
 password_algorithm = Алгоритъм за хеш. на паролите
-default_keep_email_private = Скриване на адресите за ел. поща по подразбиране
+default_keep_email_private = Скриване по подразбиране на адресите за ел. поща
 invalid_password_algorithm = Невалиден алгоритъм за хеш. на паролите
 err_admin_name_is_reserved = Потребителското име на администратора е невалидно, потребителското име е резервирано
 err_admin_name_pattern_not_allowed = Потребителското име на администратора е невалидно, потребителското име съответства с резервиран шаблон
@@ -1900,6 +2071,17 @@ reply = или отговорете директно на това ел. пис
 reset_password.text = Ако това сте вие, моля, щракнете върху следната връзка, за да възстановите акаунта си в рамките на <b>%s</b>:
 primary_mail_change.subject = Основният ви адрес за ел. поща е променен
 account_security_caution.text_2 = Ако това не сте били вие, акаунтът ви е компрометиран. Моля, свържете се с администраторите на този сайт.
+totp_disabled.subject = TOTP е изключен
+totp_disabled.text_1 = Еднократната парола, базирана на време (TOTP), за вашия акаунт току-що беше изключена.
+totp_disabled.no_2fa = Вече няма конфигурирани други 2FA методи, което означава, че вече не е необходимо да влизате в акаунта си с 2FA.
+removed_security_key.subject = Ключ за сигурност беше премахнат
+removed_security_key.text_1 = Ключът за сигурност „%[1]s“ току-що беше премахнат от вашия акаунт.
+removed_security_key.no_2fa = Вече няма конфигурирани други 2FA методи, което означава, че вече не е необходимо да влизате в акаунта си с 2FA.
+totp_enrolled.subject = Активирахте TOTP като метод за 2FA
+totp_enrolled.text_1.no_webauthn = Току-що включихте TOTP за вашия акаунт. Това означава, че за всички бъдещи влизания във вашия акаунт трябва да използвате TOTP като 2FA метод.
+totp_enrolled.text_1.has_webauthn = Току-що включихте TOTP за вашия акаунт. Това означава, че за всички бъдещи влизания във вашия акаунт можете да използвате TOTP като 2FA метод или някой от вашите ключове за сигурност.
+issue.action.review_dismissed = <b>@%[1]s</b> отхвърли последната рецензия от %[2]s за тази заявка за сливане.
+repo.transfer.to_you = вас
 
 [user]
 joined_on = Присъединени на %s
@@ -2037,6 +2219,7 @@ total = Общо: %d
 config.db_type = Тип
 monitor.queue.type = Тип
 notices.type = Тип
+users.prohibit_login = Замразен акаунт
 
 [error]
 not_found = Целта не може да бъде намерена.
@@ -2125,6 +2308,17 @@ repository_files_already_exist.delete = Вече съществуват файл
 invalid_gpg_key = Не може да се потвърди вашият GPG ключ: %s
 git_ref_name_error = ` трябва да е правилно форматирано име на Git препратка.`
 last_org_owner = Не можете да премахнете последния потребител от екипа на „притежателите“. Трябва да има поне един притежател за организация.
+AccessToken = Токен за достъп
+CommitChoice = Избор на подаване
+username_claiming_cooldown = Потребителското име не може да бъде взето, тъй като периодът му на изчакване все още не е приключил. То може да бъде взето на %[1]s.
+repository_force_private = Принудително Частни е включено: частните хранилища не могат да станат публични.
+repository_files_already_exist.adopt = Вече съществуват файлове за това хранилище и те могат само да бъдат осиновени.
+repository_files_already_exist.adopt_or_delete = Вече съществуват файлове за това хранилище. Или ги осиновете, или ги изтрийте.
+visit_rate_limit = Отдалеченото посещение достигна ограничението на честотата.
+2fa_auth_required = Отдалеченото посещение изисква двуфакторно удостоверяване.
+unset_password = Влезлият потребител не е задал паролата.
+unsupported_login_type = Този тип влизане не се поддържа за изтриване на акаунт.
+invalid_ssh_principal = Невалиден principal: %s
 
 [action]
 close_issue = `затвори задача <a href="%[1]s">%[3]s#%[2]s</a>`
@@ -2212,6 +2406,27 @@ change_unconfirmed_email_error = Неуспешна промяна на адре
 resend_mail = Щракнете тук, за повторно изпращане на ел. писмо за активация
 change_unconfirmed_email_summary = Промяна на адреса, на който се изпраща ел. писмо за активация.
 change_unconfirmed_email = Ако сте въвели грешен адрес за ел. поща по време на регистрацията, можете да го промените по-долу и потвърждение ще бъде изпратено на новия адрес.
+prohibit_login = Акаунтът е замразен
+prohibit_login_desc = Вашият акаунт е замразен и не може да взаимодейства с инстанцията. Свържете се с администратора, за да възстановите достъпа си.
+non_local_account = Нелокални потребители не могат да обновяват паролата си чрез уеб интерфейса на Forgejo.
+unauthorized_credentials = Идентификационните данни са неправилни или са изтекли. Опитайте отново командата си или вижте %s за повече информация
+twofa_passcode_incorrect = Вашият код за достъп (паскод) е неправилен. Ако сте изгубили устройството си, използвайте резервния си код, за да влезете.
+oauth_signup_tab = Регистриране на нов акаунт
+oauth_signup_title = Завършване на новия акаунт
+oauth_signup_submit = Завършване на акаунта
+oauth_signin_tab = Свързване към съществуващ акаунт
+oauth_signin_title = Влезте, за да упълномощите свързания акаунт
+oauth_signin_submit = Свързване на акаунт
+oauth.signin.error = Възникна грешка при обработката на заявката за упълномощаване. Ако тази грешка продължава, моля, свържете се с администратора на сайта.
+oauth.signin.error.access_denied = Заявката за упълномощаване беше отхвърлена.
+oauth.signin.error.temporarily_unavailable = Упълномощаването е неуспешно, защото сървърът за удостоверяване е временно недостъпен. Моля, опитайте отново по-късно.
+openid_connect_title = Свързване към съществуващ акаунт
+openid_connect_desc = Избраният OpenID URI е неизвестен. Свържете го с нов акаунт тук.
+openid_register_desc = Избраният OpenID URI е неизвестен. Свържете го с нов акаунт тук.
+disable_forgot_password_mail = Възстановяването на акаунта е изключено, защото няма зададена ел. поща. Моля, свържете се с вашия администратор на сайта.
+disable_forgot_password_mail_admin = Възстановяването на акаунта е налично само когато е зададена ел. поща. Моля, задайте ел. поща, за да включите възстановяването на акаунта.
+email_domain_blacklisted = Не можете да се регистрирате с вашия адрес за ел. поща.
+authorization_failed_desc = Упълномощаването е неуспешно, защото открихме невалидна заявка. Моля, свържете се с поддържащия приложението, което се опитахте да упълномощите.
 
 [aria]
 footer.software = Относно този софтуер
@@ -2319,6 +2534,7 @@ keyword_search_unavailable = Търсенето по ключова дума в
 union_tooltip = Включване на резултати, които съвпадат с някоя от ключовите думи, разделени с интервал
 union = Обединение
 type_tooltip = Тип търсене
+runner_kind = Търсене на изпълнители…
 
 [markup]
 filepreview.lines = Редове от %[1]d до %[2]d в %[3]s
diff --git a/options/locale/locale_ca.ini b/options/locale/locale_ca.ini
index 473583df29..3e3907ecc2 100644
--- a/options/locale/locale_ca.ini
+++ b/options/locale/locale_ca.ini
@@ -2137,13 +2137,120 @@ milestones.filter_sort.least_complete = Menys completa
 milestones.filter_sort.most_complete = Més completa
 default_branch_helper = La branca per defecte és la branca base pels pull requests i els commits.
 file_follow = Seguir symlink
-escape_control_characters = 
+escape_control_characters =
 commits.signed_by_untrusted_user_unmatched = Signat per un usuari no fiable que no coincideix amb qui ha fet el commit
 projects.new_subheader = Coordineu, feu el seguiment i actualitzeu la vostra feina en un sol lloc, perquè els projectes siguin transparents i compleixin els terminis.
 projects.type.bug_triage = Triatge d'errors
 projects.column.set_default = Estableix per defecte
 projects.column.assigned_to = Assignat a
 issues.filter_sort.mostcomment = Més comentat
+signing.wont_sign.parentsigned = El commit no se signarà perquè el commit pare no està signat.
+signing.wont_sign.headsigned = La fusió no se signarà perquè el commit cap (head) no està signat.
+wiki.create_first_page = Crea la primera pàgina
+wiki.filter_page = Filtrar pàgina
+wiki.search = Cercar wiki
+activity.navbar.code_frequency = Freqüència del codi
+activity.no_git_activity = No hi ha hagut activitat de commits en aquest període.
+activity.git_stats_exclude_merges = Excloent les fusions,
+activity.git_stats_push_to_branch = a %s i
+activity.git_stats_on_default_branch = En %s,
+activity.commit = Activitat de commits
+settings.federation_following_repos = URLs dels repositoris següents. Separats per ";" i sense espais.
+settings.mirror_settings = Emmiralla la configuració
+settings.mirror_settings.docs.disabled_push_mirror.instructions = Configureu el projecte per baixar commits, etiquetes i branques automàticament des d'un altre repositori.
+settings.mirror_settings.docs.disabled_push_mirror.pull_mirror_warning = De moment, això només es pot fer en el menú "Nova Migració". Per a més informació, consulteu:
+settings.mirror_settings.docs.disabled_push_mirror.info = L'administrador del vostre lloc ha desactivat la pujada de miralls.
+settings.mirror_settings.docs.no_new_mirrors = El vostre repositori emmiralla els canvis d'un altre repositori. Si us plau, tingueu en compte que no podeu crear més miralls de moment.
+settings.mirror_settings.docs.can_still_use = Malgrat que no podeu modificar o crear nous miralls, encara podeu usar el mirall existent.
+settings.mirror_settings.docs.pull_mirror_instructions = Per configurar un mirall de baixada, consulteu:
+settings.mirror_settings.docs.more_information_if_disabled = Aquí trobareu més informació sobre els miralls de pujada i baixada:
+settings.mirror_settings.docs.doc_link_title = Com emmirallo repositoris?
+settings.mirror_settings.docs.doc_link_pull_section = la secció "Baixar des d'un repositori remot" ("Pulling from a remote repository") a la documentació.
+settings.mirror_settings.docs.pulling_remote_title = Baixar des d'un repositori remot
+settings.mirror_settings.mirrored_repository = Repositori emmirallat
+settings.mirror_settings.pushed_repository = Repositori pujat
+settings.mirror_settings.direction.pull = Baixar
+settings.mirror_settings.push_mirror.none = No s'ha configurat cap mirall de pujada
+settings.mirror_settings.push_mirror.remote_url = URL del repositori Git remot
+settings.mirror_settings.push_mirror.add = Afegir un mirall de pujada
+settings.mirror_settings.push_mirror.edit_sync_time = Editar l'interval de sincronització del mirall
+settings.mirror_settings.push_mirror.none_ssh = Cap
+settings.units.add_more = Activa més
+settings.pull_mirror_sync_in_progress = Baixant canvis del remot %s.
+settings.pull_mirror_sync_quota_exceeded = S'ha superat la quota. No es baixen els canvis.
+settings.push_mirror_sync_in_progress = Pujant canvis al remot %s.
+settings.update_settings = Desar configuració
+settings.update_mirror_settings = Actualitzar la configuració del mirall
+settings.branches.add_new_rule = Afegir una nova regla
+settings.wiki_desc = Activar la wiki del repositori
+settings.wiki_globally_editable = Permet a tothom editar la wiki
+settings.use_internal_wiki = Usar la wiki pròpia
+settings.use_external_wiki = Usar una wiki externa
+settings.external_wiki_url = URL de la wiki externa
+settings.external_wiki_url_error = L'URL de la wiki externa no és vàlida.
+settings.external_wiki_url_desc = Els visitants es redirigiran a l'URL de la wiki externa quan facin clic a la pestanya wiki.
+settings.enable_timetracker = Activar el seguiment de temps
+settings.pulls_desc = Activar les «pull requests» del repositori
+settings.pulls.enable_autodetect_manual_merge = Activar la detecció automàtica de les fusions manuals (Nota: En alguns casos, la detecció es pot equivocar)
+settings.projects_desc = Activar els projectes del repositori
+settings.actions_desc = Activar la «pipeline» CI/CD integrada amb Forgejo Actions
+settings.admin_enable_health_check = Activar les comprovacions de salut del repositori (git fsck)
+settings.reindex_button = Afegir per reindexar la cua
+settings.convert_desc = Podeu convertir aquest mirall en un repositori normal. Aquesta acció no es pot desfer.
+settings.convert_notices_1 = Aquesta operació convertirà el mirall en un repositori normal i no es pot desfer.
+settings.convert_succeed = El mirall s'ha convertit en un repositori normal.
+settings.convert_fork = Convertir a un repositori normal
+settings.convert_fork_desc = Podeu convertir aquesta bifurcació en un repositori normal. Aquesta acció no es pot desfer.
+settings.convert_fork_notices_1 = Aquesta operació convertirà la bifurcació en un repositori normal i no es pot desfer.
+settings.convert_fork_succeed = La bifurcació s'ha convertit en un repositori normal.
+settings.transfer_in_progress = Hi ha una transferència en procés. Si us plau, cancel·leu-la si voleu transferir aquest repositori a un altre usuari.
+settings.transfer_quota_exceeded = El nou propietari (%s) ha superat la quota. El repositori no s'ha transferit.
+settings.signing_settings = Configuració de la verificació de signatures
+settings.trust_model = Model de confiança de signatures
+settings.trust_model.default = Model de confiança per defecte
+settings.trust_model.default.desc = Usar el model de confiança per defecte del repositori per a aquesta instal·lació.
+settings.wiki_rename_branch_main = Normalitzar el nom de branca de la wiki
+settings.wiki_rename_branch_main_desc = Reanomena la branca interna de la wiki a "%s". Aquest canvi és permanent i no es pot desfer.
+settings.wiki_rename_branch_main_notices_1 = Aquesta operació <strong>NO</strong> es pot desfer.
+settings.wiki_branch_rename_success = El nom de branca de la wiki del repositori s'ha normalitzat correctament.
+settings.wiki_branch_rename_failure = No s'ha pogut normalitzar el nom de branca de la wiki del repositori.
+settings.confirm_wiki_branch_rename = Reanomenar la branca de la wiki
+settings.wiki_delete = Eliminar les dades de la wiki
+settings.wiki_delete_desc = Eliminar les dades de la wiki del repositori és una acció permanent i no es pot desfer.
+settings.wiki_delete_notices_1 = - Això eliminarà permanentment i desactivarà la wiki del repositori %s.
+settings.confirm_wiki_delete = Eliminar les dades de la wiki
+settings.wiki_deletion_success = Les dades de la wiki del repositori s'han eliminat.
+settings.delete = Eliminar aquest repositori
+settings.delete_desc = Eliminar un repositori és permanent i no es pot desfer.
+settings.delete_notices_1 = - Aquesta operació <strong>NO</strong> es pot desfer.
+settings.delete_notices_2 = - Aquesta operació eliminarà permanentment el repositori <strong>%s</strong>, incloent el codi, les incidències, els comentaris, la wiki i les configuracions dels col·laboradors.
+settings.delete_notices_fork_1 = - Les bifurcacions d'aquest repositori esdevindran independents després de l'eliminació.
+settings.deletion_success = El repositori s'ha eliminat.
+settings.update_settings_success = S'ha actualitzat la configuració del repositori.
+settings.update_settings_no_unit = El repositori hauria de permetre algun tipus d'interacció.
+settings.confirm_delete = Eliminar repositori
+settings.add_collaborator = Afegir col·laborador
+settings.add_collaborator_success = El col·laborador s'ha afegit.
+settings.add_collaborator_inactive_user = No podeu afegir un usuari inactiu com a col·laborador.
+settings.add_collaborator_owner = No podeu afegir un propietari com a col·laborador.
+settings.add_collaborator_duplicate = Aquesta col·laborador ja està afegit al repositori.
+settings.add_collaborator_blocked_our = No podeu afegir aquest col·laborador perquè el propietari del repositori l'ha bloquejat.
+settings.add_collaborator_blocked_them = No podeu afegir aquest col·laborador perquè ha bloquejat el propietari del repositori.
+settings.collaborator_deletion = Suprimir col·laborador
+settings.collaborator_deletion_desc = Suprimir un col·laborador en traurà l'accés al repositori. Continuar?
+settings.remove_collaborator_success = El col·laborador s'ha suprimit.
+settings.org_not_allowed_to_be_collaborator = No podeu afegir una organització com a col·laborador.
+settings.change_team_access_not_allowed = Només el propietari de l'organització pot canviar l'accés d'equip en aquest repositori
+settings.team_not_in_organization = L'equip no és en la mateixa organització que el repositori
+settings.add_team_duplicate = L'equip ja té el repositori
+settings.add_team_success = L'equip ara tindrà accés al repositori.
+settings.change_team_permission_tip = Els permisos de l'equip es configuren a la pàgina de l'equip i no es poden canviar individualment per repositori
+settings.add_webhook = Afegir webhook
+settings.add_webhook.invalid_channel_name = El nom del canal webhook no pot ser buit i no pot contenir només un #.
+settings.add_webhook.invalid_path = El camí no pot contenir ".", ".." o una cadena buida. Tampoc pot començar o acabar amb una barra "/".
+settings.webhook_deletion = Eliminar webhook
+settings.webhook_deletion_desc = Eliminar un webhook n'elimina la configuració i la història de lliurament. Continuar?
+settings.webhook_deletion_success = S'ha eliminat el webhook.
 
 [user]
 unblock = Desbloquejar
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 333d158c5b..4b41a76810 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -2401,7 +2401,7 @@ settings.archive.tagsettings_unavailable=Οι ρυθμίσεις ετικέτα
 settings.unarchive.button=Αναίρεση αρχειοθέτησης αποθετηρίου
 settings.unarchive.header=Απο-Αρχειοθέτηση του αποθετηρίου
 settings.unarchive.text=Η απο-αρχειοθέτηση του αποθετηρίου θα αποκαταστήσει την ικανότητά του να λαμβάνει υποβολές και ωθήσεις, καθώς και νέα ζητήματα και pull-requests.
-settings.unarchive.success=Το repository απο-αρχειοθετήθηκε με επιτυχία.
+settings.unarchive.success=Το αποθετήριο απο-αρχειοθετήθηκε με επιτυχία.
 settings.unarchive.error=Παρουσιάστηκε σφάλμα κατά την προσπάθεια απο-αρχειοθέτησης του αποθετηρίου. Δείτε τις καταγραφές για περισσότερες λεπτομέρειες.
 settings.update_avatar_success=Η εικόνα του αποθετηρίου έχει ενημερωθεί.
 settings.lfs=LFS
@@ -2673,7 +2673,7 @@ issues.author.tooltip.pr = Αυτό το pull request δημιουργήθηκε
 settings.federation_settings = Ρυθμίσεις διαλειτουργικότητας
 settings.federation_apapiurl = Το Federation URL (διαλειτουργικότητας) του αποθετηρίου. Αντιγράψτε το στις ρυθμίσεις διαλειτουργικότητας ενός άλλου αποθετηρίου ως το URL ενός Ακολουθούμενου Αποθετηρίου.
 form.string_too_long = Το κείμενο είναι μεγαλύτερο από %d χαρακτήρες.
-release.hide_archive_links = Απόκρυψη αυτόματα δημιουργημένων archive
+release.hide_archive_links = Απόκρυψη αυτόματα δημιουργημένων αρχείων λήψης
 settings.graphql_url = URL του GraphQL
 issues.edit.already_changed = Δεν ήταν δυνατή η αποθήκευση των αλλαγών στο ζήτημα αυτό, επειδή το περιεχόμενο έχει ήδη αλλαχθεί από κάποιον άλλο χρήστη. Για να μην χαθούν οι αλλαγές του, ανανεώστε την σελίδα και προσπαθήστε να το επεξεργαστείτε ξανά
 project = Έργα
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index b46ed98325..276b0f8a1e 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -2289,7 +2289,7 @@ settings.packagist_api_token=Token de API
 settings.packagist_package_url=URL del paquete Packagist
 settings.deploy_keys=Claves de implementación
 settings.add_deploy_key=Añadir clave de implementación
-settings.deploy_key_desc=Las claves de implementación pueden tener acceso de sólo lectura o lectura y escritura  al repositorio.
+settings.deploy_key_desc=Las claves de implementación pueden tener acceso de solo lectura o lectura y escritura al repositorio.
 settings.is_writable=Habilitar acceso de escritura
 settings.is_writable_info=Permitir que esta clave de implementación pueda hacer <strong>push</strong> a este repositorio.
 settings.no_deploy_keys=Aún no existen claves de implementación.
@@ -3015,7 +3015,7 @@ users.edit_account=Editar cuenta de usuario
 users.max_repo_creation=Número máximo de repositorios
 users.max_repo_creation_desc=(Introduzca -1 para usar el límite por defecto global.)
 users.is_activated=Cuenta de usuario activada
-users.prohibit_login=Suspender cuenta
+users.prohibit_login=Cuenta suspendida
 users.is_admin=Cuenta adminstrador
 users.is_restricted=Cuenta restringida
 users.allow_git_hook=Puede crear Git hooks
diff --git a/options/locale/locale_hi.ini b/options/locale/locale_hi.ini
index 297f131b87..10a759689e 100644
--- a/options/locale/locale_hi.ini
+++ b/options/locale/locale_hi.ini
@@ -289,6 +289,9 @@ sign_up_button = अभी रजिस्टर करें।
 sign_up_successful = अकाउंट बन गया है। स्वागत!
 back_to_sign_in = sign in में फिर से जाएं
 sign_in_openid = OpenID के साथ आगे बढ़ें
+confirmation_mail_sent_prompt = एक नया कन्फर्मेशन ईमेल आपको भेजा गया है, <b>%s</b>। पंजीकरण पुख्ता करने के लिए अपना ईमेल इनबॉक्स चेक करें और वहां ईमेल से आगे बढ़ें %s। अगर ईमेल गलत हो गया तो आप फिर से लॉग इन करके फिरसे सही ईमेल पर पुख्ता कर सकते हैं।
+must_change_password = अपना पासवर्ड अपडेट करें
+allow_password_change = ये ज़रूरी है की ईमेल पासवर्ड अपडेट करें
 
 [mail]
 link_not_working_do_paste = क्या कड़ी चल नहीं पाई? उसे कॉपी करके URL बार में जोड़ें।
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index ca4fa9d24d..5b0a9e5ace 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -1677,7 +1677,7 @@ issues.dependency.blocked_by_short=Depende de
 issues.dependency.remove_header=Remover dependência
 issues.dependency.issue_remove_text=Isto removerá a dependência desta issue. Continuar?
 issues.dependency.pr_remove_text=Isto removerá a dependência deste pull request. Continuar?
-issues.dependency.setting=Habilitar dependências para issues e pull requests
+issues.dependency.setting=Habilitar dependências para questões e propostas de revisão
 issues.dependency.add_error_same_issue=Você não pode fazer uma issue depender de si mesma.
 issues.dependency.add_error_dep_issue_not_exist=Issue dependente não existe.
 issues.dependency.add_error_dep_not_exist=Dependência não existe.
@@ -1722,9 +1722,9 @@ compare.compare_base=base
 compare.compare_head=comparar
 
 pulls.desc=Habilitar pull requests e revisões de código.
-pulls.new=Novo pull request
-pulls.view=Ver pull request
-pulls.compare_changes=Novo pull request
+pulls.new=Nova solicitação de revisão
+pulls.view=Ver proposta de revisão
+pulls.compare_changes=Nova proposta de revisão
 pulls.allow_edits_from_maintainers=Permitir edições de mantenedores
 pulls.allow_edits_from_maintainers_desc=Usuários com acesso de gravação para o branch base também podem fazer push para este branch
 pulls.allow_edits_from_maintainers_err=Falha na atualização
@@ -1750,7 +1750,7 @@ pulls.filter_changes_by_commit=Filtrar por commit
 pulls.nothing_to_compare=Estes branches são iguais. Não há nenhuma necessidade para criar um pull request.
 pulls.nothing_to_compare_and_allow_empty_pr=Estes branches são iguais. Este PR ficará vazio.
 pulls.has_pull_request=`Um pull request entre esses branches já existe: <a href="%[1]s">%[2]s#%[3]d</a>`
-pulls.create=Criar pull request
+pulls.create=Criar proposta de revisão
 pulls.change_target_branch_at=`mudou o branch de destino de <b>%s</b> para <b>%s</b> %s`
 pulls.tab_conversation=Conversação
 pulls.tab_commits=Commits
@@ -1776,12 +1776,12 @@ pulls.is_empty=As alterações neste branch já estão no branch de destino. Est
 pulls.required_status_check_failed=Algumas verificações necessárias não foram bem sucedidas.
 pulls.required_status_check_missing=Estão faltando algumas verificações necessárias.
 pulls.required_status_check_administrator=Como administrador, você ainda pode aplicar o merge deste pull request.
-pulls.blocked_by_approvals=Este pull request ainda não tem aprovações suficientes. %d de %d aprovações concedidas.
-pulls.blocked_by_rejection=Este pull request tem alterações solicitadas por um revisor oficial.
-pulls.blocked_by_official_review_requests=Este pull request está bloqueado porque falta aprovação de um ou mais revisores oficiais.
-pulls.blocked_by_outdated_branch=Este pull request está bloqueado porque está desatualizado.
-pulls.blocked_by_changed_protected_files_1=Este pull request está bloqueado porque altera um arquivo protegido:
-pulls.blocked_by_changed_protected_files_n=Este pull request está bloqueado porque altera arquivos protegidos:
+pulls.blocked_by_approvals=Esta proposta de requisição ainda não tem aprovações suficientes. %d de %d aprovações concedidas.
+pulls.blocked_by_rejection=Esta proposta de revisão tem alterações solicitadas por um revisor oficial.
+pulls.blocked_by_official_review_requests=Esta proposta de revisão está bloqueada por faltar aprovação de um ou mais revisores oficiais.
+pulls.blocked_by_outdated_branch=Esta proposta de revisão está bloqueada por ter sido superada.
+pulls.blocked_by_changed_protected_files_1=Esta proposta de revisão está bloqueada porque altera um arquivo protegido:
+pulls.blocked_by_changed_protected_files_n=Esta proposta de revisão está bloqueada porque altera arquivos protegidos:
 pulls.can_auto_merge_desc=O merge deste pull request pode ser aplicado automaticamente.
 pulls.cannot_auto_merge_desc=O merge deste pull request não pode ser aplicado automaticamente pois há conflitos.
 pulls.cannot_auto_merge_helper=Faça o merge manualmente para resolver os conflitos.
@@ -2633,7 +2633,7 @@ settings.wiki_branch_rename_failure = Falha ao regularizar o nome do ramo da wik
 settings.add_collaborator_blocked_them = Não foi possível adicionar o(a) colaborador(a) porque ele(a) bloqueou o(a) proprietário(a) do repositório.
 settings.thread_id = ID da discussão
 issues.edit.already_changed = Não foi possível salvar as alterações desta questão. O conteúdo parece já ter sido alterado por outro(a) usuário(a). Atualize a página e tente novamente para evitar sobrescrever estas alterações
-pulls.edit.already_changed = Não foi possível salvar as alterações deste pull request. Parece que o conteúdo já foi alterado por outro(a) usuário(a). Atualize a página e tente novamente para evitar sobrescrever estas alterações
+pulls.edit.already_changed = Não foi possível salvar as alterações desta proposta de revisão. Parece que o conteúdo já foi alterado por outra conta. Atualize a página e tente editar novamente para evitar sobrescrever as alterações dela
 editor.commit_id_not_matching = O arquivo foi alterado durante a edição. Salve as alterações em um novo ramo e realize a mesclagem.
 blame.ignore_revs = As revisões em <a href="%s">.git-blame-ignore-revs</a> foram ignoradas. Clique <a href="%s">aqui</a> para retornar à visualização normal.
 topic.format_prompt = Os tópicos devem começar com um caracter alfanumérico, podem incluir hífens ("-") e pontos ("."), e podem ter até 35 caracteres. As letras devem ser minúsculas.
@@ -2645,10 +2645,10 @@ issues.author.tooltip.issue = Este(a) usuário(a) é o(a) autor(a) desta questã
 no_eol.text = Sem EOL
 no_eol.tooltip = Não há um caractere de fim de linha no final do arquivo.
 pulls.fast_forward_only_merge_pull_request = Apenas fast-forward
-pulls.has_merged = Falha: O pull request foi merged, você não pode merge novamente ou mudar o branch destino.
-issues.author.tooltip.pr = Esse usuário é o autor dessa solicitação de pull.
+pulls.has_merged = Falha: A proposta de revisão foi integrada ao repositório e não é possível integrá-la novamente ou alterar o ramo-alvo.
+issues.author.tooltip.pr = Este usuário é o autor desta proposta de revisão.
 editor.push_out_of_date = O push parece estar desatualizado.
-pulls.blocked_by_user = Você não pode criar uma solicitação de pull nesse repositório porque você está bloqueado pelo dono do repositório.
+pulls.blocked_by_user = Você não pode criar uma proposta de revisão nesse repositório porque você está bloqueado pelo dono do repositório.
 mirror_use_ssh.helper = Forgejo irá espelhar o repositório via Git através de SSH e criar um par de chaves para você ao escolher essa opção. Você deverá garantir que a chave pública gerada está autorizada a fazer push para o repositório de destino. Você não pode usar autorização baseada em senha ao escolher essa opção.
 mirror_denied_combination = Não é possível combinar o uso de chave pública e autenticação baseada em senha.
 mirror_public_key = Chave SSH pública
@@ -2733,7 +2733,7 @@ issues.num_reviews_one = %d revisão
 issues.summary_card_alt = Cartão de resumo de um issue com o título "%s" no repositório %s
 issues.num_reviews_few = %d revisões
 settings.default_update_style_desc = Estilo padrão de atualização usado para atualizar pull requests que estão atrasados em relação ao branch base.
-pulls.sign_in_require = <a href="%s">Entre</a> para criar um novo pull request.
+pulls.sign_in_require = <a href="%s">Entre</a> para criar uma nova proposta de revisão.
 new_from_template = Use um modelo
 new_from_template_description = Você pode selecionar um modelo de repositório nesta instância e aplicar suas configurações.
 new_advanced = Configurações avançadas
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index aac4c3f1d5..98cb82a5bc 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -33,7 +33,7 @@ twofa_scratch=Tvåfaktorsskrapkod
 passcode=Kod
 
 
-repository=Utvecklingskatalog
+repository=Kodförråd
 organization=Organisation
 mirror=Spegel
 new_mirror=Ny spegling
@@ -80,7 +80,7 @@ error404=Sidan du försöker nå <strong>finns inte</strong>, <strong>har tagits
 
 archived=Arkiverade
 
-concept_code_repository=Utvecklingskatalog
+concept_code_repository=Kodförråd
 concept_user_organization=Organisation
 
 
@@ -220,7 +220,7 @@ not_found = Målet kunde inte hittas.
 app_desc=En smidig, självhostad Git-tjänst
 install=Lätt att installera
 platform=Plattformsoberoende
-platform_desc=Forgejo har bekräftats körbart på fria operativsystem såsom Linux och FreeBSD, såväl som på olika CPU-arkitekturer. Välj vad du föredrar!
+platform_desc=Forgejo har bekräftats vara körbart på fria operativsystem såsom Linux och FreeBSD, såväl som på olika CPU-arkitekturer. Välj det du föredrar!
 lightweight=Lättviktig
 lightweight_desc=Forgejo har låga minimum-krav och kan köras på en billig Rasperry Pi. Spara på din maskins kraft!
 license=Öppen källkod
@@ -254,14 +254,14 @@ general_title=Allmänna inställningar
 app_name=Instansens titel
 app_name_helper=Skriv in instansens namn här. Det kommer att visas på varje sida.
 repo_path=Rotsökväg för kodförråd
-repo_path_helper=Fjärrutvecklingskataloger kommer att sparas i denna katalog.
+repo_path_helper=Fjärrkodförråd kommer att sparas i denna katalog.
 lfs_path=LFS rotsökväg
 lfs_path_helper=Filer hanterade av Git LFS kommer att sparas i denna mapp. Lämna tom för att avaktivera.
 run_user=Användare att köra som
 ssh_port=SSH-serverport
-ssh_port_helper=Portnumret som din SSH-server använder. Lämna tomt för att inaktivera.
+ssh_port_helper=Portnumret för din SSH-server. Lämna tomt för att inaktivera.
 http_port=HTTP-lyssningsport
-http_port_helper=Portnumret som kommer att användas av Forgejos webbserver.
+http_port_helper=Portnumret för Forgejos webbserver.
 app_url=Bas-URL
 app_url_helper=Basadressen för HTTP(S)-kloningslänkar och mejlnotifikationer.
 log_root_path=Loggsökväg
@@ -276,16 +276,16 @@ smtp_from_helper=Mejladress som Forgejo kommer att använda. Anges i simpelt ('e
 mailer_user=SMTP-användarnamn
 mailer_password=SMTP-lösenord
 register_confirm=Kräv bekräftelse via e-post för att registrera
-mail_notify=Aktivera e-postnotifikationer
+mail_notify=Aktivera e-postnotiser
 server_service_title=Inställningar för server- och tredjepartstjänster
 offline_mode=Aktivera lokalt läge
 offline_mode.description=Inaktivera CDN från tredjepart och distribuera samtliga resurser lokalt istället.
 disable_gravatar=Inaktivera Gravatar
-disable_gravatar.description=Inaktivera Gravatar- och avatarskällor från tredjepart. Standardbilder kommer att användas för användaravatarer om de inte laddar upp en egen avatar till instansen.
-federated_avatar_lookup=Aktivera federerade avatarer
-federated_avatar_lookup.description=Använd Libavatar för uppslagning av avatarer.
+disable_gravatar.description=Inaktivera Gravatar- och avatarskällor från tredjepart. Standardbilder kommer att användas för användprofilbilder om de inte laddar upp en egen profilbild till instansen.
+federated_avatar_lookup=Aktivera federerade profilbilder
+federated_avatar_lookup.description=Använd Libavatar för uppslagning av profilbilder.
 disable_registration=Inaktivera självregistrering
-disable_registration.description=Endast instansens administratörer kommer kunna skapa nya konton. Det rekommenderas starkt att inaktivera självregistrering av användare om du inte tänker driva en publik instans för alla och är redo att hantera en stor mängd spam-konton.
+disable_registration.description=Endast instansens administratörer kommer att kunna skapa nya konton. Det rekommenderas starkt att inaktivera självregistrering av användare om du inte tänker driva en publik instans för alla och är redo att hantera en stor mängd spam-konton.
 allow_only_external_registration.description=Användare kommer endast kunna skapa nya konton genom att använda konfigurerade externa tjänster.
 openid_signin=Aktivera OpenID-inloggning
 openid_signin.description=Tillåt användare att logga in via OpenID.
@@ -304,7 +304,7 @@ install_btn_confirm=Installera Forgejo
 test_git_failed=Det gick inte att testa "git"-kommando: %v
 sqlite3_not_available=Denna version av Forgejo stödjer inte SQLite3. Ladda ner den officiella binären från %s (inte "gobuild" versionen).
 invalid_db_setting=Databasinställningarna är ogiltiga: %v
-invalid_repo_path=Utvecklingskatalogens rotsökväg är ogiltig: %v
+invalid_repo_path=Kodförrådets rotsökväg är ogiltig: %v
 run_user_not_match=Systemtjänstanvändaren är inte den nuvarande användaren: %s -> %s
 save_config_failed=Misslyckades att spara konfigurationen: %v
 invalid_admin_setting=Inställning för administartörskontot är ogiltig: %v
@@ -316,7 +316,7 @@ default_allow_create_organization.description=Tillåt nya användarkonton att sk
 default_enable_timetracking=Aktivera tidredovisning som standard
 default_enable_timetracking.description=Aktivera tidsredovisning för nya kodförråd som standard.
 no_reply_address=Dold e-postdomän
-no_reply_address_helper=Domännamn för användare med en dold e-postadress. Exempelvis kommer användarnamnet "joe" att loggas i Git som "joe@noreply.example.org" om den dolda e-postdomänen är satt till "noreply.example.org".
+no_reply_address_helper=Domännamn för användare med en dold e-postadress. Exempelvis kommer användarnamnet "loke" att loggas i Git som "loke@noreply.example.org" om den dolda e-postdomänen är satt till "noreply.example.org".
 require_db_desc = Forgejo kräver MySQL, PostgreSQL, SQLite3 eller TiDB (MySQL-protokoll).
 allow_only_external_registration = Tillåt registrering endast via externa tjänster
 app_slogan = Instansslogan
@@ -339,7 +339,7 @@ env_config_keys_prompt = Följande miljövariabler kommer också att tillämpas
 smtp_from_invalid = "Skicka e-post som"-adressen är ogiltig
 reinstall_confirm_check_1 = Data krypterad av SECRET_KEY i app.ini kan gå förlorad: användare kommer kanske inte att kunna logga in med 2FA/OTP och speglar fungerar kanske inte korrekt. Genom att kryssa i rutan godkänner du att den nuvarande app.ini innehåller korrekt SECRET_KEY.
 reinstall_confirm_check_2 = Kodförråden och inställningarna kan behöva omsynkroniseras. Genom att kryssa i rutan bekräftar du att du kommer omsynkronisera krokarna för kodförråden och authorized_keys-filen manuellt. Du bekräftar att du säkerställer att kodförrådet och spegelinställningarna är korrekta.
-run_user_helper = Operativsystemets användarnamn som Forgejo körs som. Notera att denna användare måste ha tillgång till kodförrådets rotsökväg.
+run_user_helper = Operativsystemets användarnamn som Forgejo körs som. Observera att denna användare måste ha tillgång till kodförrådets rotsökväg.
 enable_update_checker_helper_forgejo = Den kommer regelbundet att leta efter nya Forgejo-versioner genom att läsa av en DNS TXT-post från release.forgejo.org.
 enable_update_checker = Aktivera uppdateringskontroll
 reinstall_confirm_check_3 = Du bekräftar att du är helt säker att Forgejo kör med korrekt app.ini plats och att du är säker att du behöver ominstallera. Du bekräftar att du har förstått ovanstående risker.
@@ -348,7 +348,7 @@ env_config_keys = Miljökonfiguration
 [home]
 uname_holder=Användarnamn eller e-postadress
 switch_dashboard_context=Växla visad instrumentpanel
-my_repos=Utvecklingskataloger
+my_repos=Kodförråd
 my_orgs=Organisationer
 view_home=Visa %s
 filter=Övriga filter
@@ -363,19 +363,19 @@ show_both_private_public=Visar både offentliga och privata
 show_only_private=Visar endast privata
 show_only_public=Visar endast publika
 
-issues.in_your_repos=I dina utvecklingskataloger
+issues.in_your_repos=I dina kodförråd
 filter_by_team_repositories = Filtrera efter teamkodförråd
 feed_of = Flöde av "%s"
 
 [explore]
-repos=Utvecklingskataloger
+repos=Kodförråd
 users=Användare
 organizations=Organisationer
 code=Kod
 code_last_indexed_at=Indexerades senast %s
 go_to = Gå till
 relevant_repositories = Endast relevanta kodförråd visas, <a href="%s">visa ofiltrerade resultat</a>.
-relevant_repositories_tooltip = Kodförråd som är förgreningar eller inte har ämne, ikon, och beskrivning är dolda.
+relevant_repositories_tooltip = Kodförråd som är avgreningar eller inte har ämne, ikon, och beskrivning är dolda.
 
 [auth]
 create_new_account=Registrera konto
@@ -465,7 +465,7 @@ register_success=Registreringen lyckades
 password_change.subject = Ditt lösenord har uppdaterats
 password_change.text_1 = Lösenordet för ditt konto ändrades just.
 primary_mail_change.subject = Din primära e-postadress har ändrats
-activate_account.text_1 = Hej <b>%[1]s</b>, tack för att du registrerat dig hos %[2]s!
+activate_account.text_1 = Hej <b>%[1]s</b>, tack för att du har registrerat dig hos %[2]s!
 reply = eller svara på detta e-postmeddelande direkt
 hi_user_x = Hej <b>%s</b>,
 admin.new_user.user_info = Användarinformation
@@ -503,7 +503,7 @@ issue_assigned.pull = @%[1]s har tilldelat dig ändringsförfrågan %[2]s i kodf
 issue_assigned.issue = @%[1]s har tilldelat dig ärendet %[2]s i kodförrådet %[3]s.
 register_notify.text_2 = Du kan logga in på ditt konto med ditt användarnamn: %s
 reset_password.text = Om detta var du, klicka på följande länk för att återställa ditt konto inom <b>%s</b>:
-issue.action.force_push = <b>%[1]s</b> gjorde en tvingad skickning av <b>%[2]s</b> från %[3]s till %[4]s.
+issue.action.force_push = <b>%[1]s</b> tvångsskickade <b>%[2]s</b> från %[3]s till %[4]s.
 repo.transfer.subject_to_you = %s vill överföra kodförrådet ”%s” till dig
 release.title = Titel: %s
 view_it_on = Visa på %s
@@ -519,8 +519,8 @@ issue.action.review_dismissed = <b>@%[1]s</b> avfärdade senaste granskningen fr
 issue.action.ready_for_review = <b>@%[1]s</b> markerade denna ändringsförfrågan som redo för granskning.
 issue.action.new = <b>@%[1]s</b> skapade #%[2]d.
 issue.in_tree_path = I %s:
-release.new.subject = %s i %s har släppts
-release.new.text = <b>@%[1]s</b> släppte %[2]s i %[3]s
+release.new.subject = %s i %s har publicerats
+release.new.text = <b>@%[1]s</b> publicerade %[2]s i %[3]s
 team_invite.text_1 = %[1]s har bjudit in dig till teamet %[2]s i organisationen %[3]s.
 team_invite.text_2 = Klicka på följande länk för att gå med i teamet:
 team_invite.text_3 = Obs: Denna inbjudan var avsedd för %[1]s. Om du inte förväntade dig denna inbjudan kan du ignorera detta e-postmeddelande.
@@ -540,7 +540,7 @@ confirm = Bekräfta
 
 [form]
 UserName=Användarnamn
-RepoName=Utvecklingskatalogens namn
+RepoName=Kodförrådsnamn
 Email=E-postadress
 Password=Lösenord
 Retype=Bekräfta lösenord
@@ -571,16 +571,16 @@ password_not_match=Lösenorden matchar inte.
 lang_select_error=Välj ett språk från listan.
 
 username_been_taken=Användarnamnet är redan taget.
-repo_name_been_taken=Namnet för utvecklingskatalogen är upptaget.
-repository_files_already_exist=Filer finns redan för denna utvecklingskatalog. Kontakta systemadministratören.
-repository_files_already_exist.adopt=Filer finns redan för denna utvecklingskatalog och kan bara antas.
-repository_files_already_exist.delete=Filer finns redan för denna utvecklingskatalog. Du måste ta bort dem.
-repository_files_already_exist.adopt_or_delete=Filer finns redan för denna utvecklingskatalog. Antingen anta dem eller ta bort dem.
+repo_name_been_taken=Kodförrådsnamnet används redan.
+repository_files_already_exist=Det finns redan filer för detta kodförråd. Kontakta systemadministratören.
+repository_files_already_exist.adopt=Det finns redan filer för detta kodförråd och de kan bara behållas.
+repository_files_already_exist.delete=Det finns redan filer för detta kodförråd. Du måste ta bort dem.
+repository_files_already_exist.adopt_or_delete=Det finns redan filer för detta kodförråd. Behåll dem eller ta bort dem.
 visit_rate_limit=För många förfrågningar på för kort tid till fjärrvärden.
 2fa_auth_required=Fjärrbesök kräver tvåfaktorsautentisering.
 org_name_been_taken=Organisationsnamnet är redan taget.
 team_name_been_taken=Teamnamnet är redan taget.
-team_no_units_error=Tillåt åtkomst för åtminstone en del av utvecklingskatalogen.
+team_no_units_error=Tillåt åtkomst för åtminstone en del av kodförrådet.
 email_been_used=Mejladressen är upptagen.
 email_invalid=E-postadresssen är ogiltig.
 username_password_incorrect=Användarnamnet eller lösenordet är felaktigt.
@@ -589,12 +589,12 @@ password_lowercase_one=Åtminstone en gemen
 password_uppercase_one=Åtminstone en versal
 password_digit_one=Åtminstone en siffra
 password_special_one=Åtminstone ett specialtecken (kommatering, parenteser, citattecken osv.)
-enterred_invalid_repo_name=Namnet för utvecklingskatalogen som angavs är felaktigt.
+enterred_invalid_repo_name=Namnet som angavs för kodförrådet är felaktigt.
 enterred_invalid_owner_name=Det nya namnet på ägaren är ogiltligt.
 enterred_invalid_password=Det angivna lösenordet är felaktigt.
 user_not_exist=Användaren finns inte.
 team_not_exist=Teamet finns inte.
-last_org_owner=Du kan inte ta bort den sista användaren från "owners" teamet. Det måste finnas minst en ägare för en organisation.
+last_org_owner=Du kan inte ta bort den sista användaren från "owners"-teamet. Det måste finnas minst en ägare för en organisation.
 cannot_add_org_to_team=En organisation kan inte läggas till som teammedlem.
 
 invalid_ssh_key=Kunde inte verifiera din SSH-nyckel: %s
@@ -603,10 +603,10 @@ auth_failed=Autentisering misslyckades: %v
 
 
 target_branch_not_exist=Målgrenen finns inte.
-org_still_own_repo = Denna organisation äger fortfarande en eller flera kodförråd, ta bort eller överför dem först.
-must_use_public_key = Den nyckel du angav är en privat nyckel. Skicka inte upp din privata nyckel någonstans. Använd istället din offentliga nyckel.
+org_still_own_repo = Denna organisation äger fortfarande ett eller flera kodförråd, ta bort eller överför dem först.
+must_use_public_key = Den nyckel du angav är en privat nyckel. Skicka inte upp din privata nyckel någonstans. Använd istället din publika nyckel.
 unable_verify_ssh_key = SSH-nyckeln kan inte verifieras. Kontrollera att den är korrekt.
-still_own_repo = Ditt konto äger en eller flera kodförråd, ta bort eller överför dem först.
+still_own_repo = Ditt konto äger ett eller flera kodförråd, ta bort eller överför dem först.
 still_has_org = Ditt konto är medlem i en eller flera organisationer. Lämna dem först.
 still_own_packages = Ditt konto har ett eller flera paket, ta bort dem först.
 Description = Beskrivning
@@ -641,7 +641,7 @@ required_prefix = Inmatningen måste börja med "%s"
 
 [user]
 change_avatar=Byt din avatar…
-repositories=Utvecklingskataloger
+repositories=Kodförråd
 activity=Offentlig aktivitet
 followers_few=%d följare
 starred=Stjärnmärkta kodförråd
@@ -653,7 +653,7 @@ unfollow=Sluta följa
 user_bio=Biografi
 disabled_public_activity=Den här användaren har inaktiverat den publika synligheten av aktiviteten.
 code = Kod
-watched = Övervakade kodförråd
+watched = Bevakade kodförråd
 unblock = Avblockera
 email_visibility.limited = Din e-postadress är synlig för alla autentiserade användare
 show_on_map = Visa denna plats på en karta
@@ -691,7 +691,7 @@ avatar=Visningsbild
 ssh_gpg_keys=SSH/GPG-nycklar
 applications=Applikationer
 orgs=Organisationer
-repos=Utvecklingskataloger
+repos=Kodförråd
 delete=Radera konto
 twofa=Tvåfaktorsautentisering (TOTP)
 organization=Organisationer
@@ -712,10 +712,10 @@ ui=Tema
 comment_type_group_title=Titel
 privacy=Sekretess
 lookup_avatar_by_mail=Slå upp avatar efter e-postadress
-enable_custom_avatar=Använd anpassad avatar
+enable_custom_avatar=Använd anpassad profilbild
 choose_new_avatar=Välj ny avatar
-update_avatar=Uppdatera avatar
-delete_current_avatar=Ta bort aktuell avatar
+update_avatar=Uppdatera profilbild
+delete_current_avatar=Ta bort aktuell profilbild
 uploaded_avatar_not_a_image=Den uppladdade filen är inte en bild.
 update_avatar_success=Din avatar har blivit uppdaterad.
 
@@ -733,7 +733,7 @@ theme_desc=Detta tema kommer att användas för webbgränssnittet när du är in
 primary=Primär
 activated=Aktiverad
 requires_activation=Aktivering krävs
-primary_email=Gör primär
+primary_email=Sätt som primär
 activate_email=Skicka aktivering
 activations_pending=Väntar på aktivering
 delete_email=Ta Bort
@@ -759,7 +759,7 @@ manage_ssh_keys=Hantera SSH-nycklar
 manage_gpg_keys=Hantera GPG-nycklar
 add_key=Lägg till nyckel
 ssh_desc=Dessa offentliga SSH-nycklar är kopplade till ditt konto. De motsvarande privata nycklarna ger full åtkomst till dina kodförråd. SSH-nycklar som har verifierats kan användas för att verifiera SSH-signerade Git-incheckningar.
-gpg_desc=Dessa offentliga GPG-nycklar är kopplade till ditt konto. Håll dina privata nycklar säkra då de gör det möjligt att verifiera incheckningar.
+gpg_desc=Dessa publika GPG-nycklar är kopplade till ditt konto. Håll dina privata nycklar säkra då de gör det möjligt att verifiera incheckningar.
 ssh_helper=<strong>Behöver du hjälp?</strong> Kolla in Github's guide för att <a href="%s">skapa din egen SSH-nycklar</a> eller lösa <a href="%s">vanliga problem</a> som kan uppstå med SSH.
 gpg_helper=<strong>Behöver du hjälp?</strong> Ta en titt på Github's guide <a href="%s"> om GPG</a>.
 key_content_gpg_placeholder=Börjar med "-----BEGIN PGP PUBLIC KEY BLOCK-----"
@@ -791,7 +791,7 @@ token_state_desc=Denna token har används inom dom senaste 7 dagarna
 show_openid=Synlig på min profil
 hide_openid=Dold från min profil
 ssh_disabled=SSH är inaktiverat
-manage_access_token=Åtkomsttokens
+manage_access_token=Åtkomsttoken
 generate_new_token=Generera ny token
 tokens_desc=Dessa tokens tillåter åtkomst till ditt konto via Forgejo API.
 token_name=Tokennamn
@@ -822,14 +822,14 @@ oauth2_application_create_description=OAuth2-applikationer ger tredjepartsapplik
 
 authorized_oauth2_applications=Auktoriserade OAuth2-appar
 revoke_key=Upphäv
-revoke_oauth2_grant=Dra in åtkomst
+revoke_oauth2_grant=Återkalla åtkomst
 revoke_oauth2_grant_description=Återkallning av åtkomst för detta tredjepartsprogram kommer att hindra programmet från att komma åt dina data. Är du säker?
 
 twofa_desc=Tvåfaktorsautentisering förbättrar säkerheten på ditt konto.
 twofa_is_enrolled=Ditt konto är för närvarande <strong>uppsäkrad</strong> med tvåfaktorsautentisering.
 twofa_not_enrolled=Ditt konto är för närvarande inte uppsäkrad med tvåfaktorsautentisering.
 twofa_disable=Inaktivera tvåfaktorsautentisering
-twofa_scratch_token_regenerate=Generera ny skrapkod
+twofa_scratch_token_regenerate=Generera ny engångsåterställningnyckel
 twofa_enroll=Aktivera tvåfaktorsautentisering
 twofa_disable_note=Du kan inaktivera tvåfaktorsautentisering om det behövs.
 twofa_disable_desc=Avaktivering av tvåfaktorsautentisering kommer göra ditt konto mindre säkert. Vill du fortsätta?
@@ -846,8 +846,8 @@ manage_account_links=Länkade konton
 manage_account_links_desc=Dessa externa konton är länkade till ditt Forgejo-konto.
 link_account=Länka konto
 remove_account_link=Ta bort länkat konto
-remove_account_link_desc=Borttagning av länkade konton kommer häva dess åtkomst till ditt Forgejo-konto. Vill du fortsätta?
-remove_account_link_success=Det länkade konton har tagits bort.
+remove_account_link_desc=Borttagning av länkade konton kommer ta bort dess åtkomst till ditt Forgejo-konto. Vill du fortsätta?
+remove_account_link_success=Det länkade kontot har tagits bort.
 
 
 orgs_none=Du är inte en medlem i någon organisation.
@@ -910,8 +910,8 @@ change_username_redirect_prompt.with_cooldown.few = Det gamla användarnamnet bl
 language.description = Detta språk sparas på ditt konto och används som standard efter inloggning.
 language.localization_project = Hjälp oss översätta Forgejo till ditt språk! <a href="%s">Läs mer</a>.
 additional_repo_units_hint = Föreslå att aktivera ytterligare kodförrådsenheter
-additional_repo_units_hint_description = Visa en "Aktivera fler" ledtråd för kodförråd som inte har alla tillgängliga enheter aktiverade.
-update_hints_success = Ledtrådarna har uppdaterats.
+additional_repo_units_hint_description = Visa tips om att  "Aktivera fler" för kodförråd som inte har alla tillgängliga enheter aktiverade.
+update_hints_success = Tipsen har uppdaterats.
 hidden_comment_types = Dolda kommentarstyper
 hidden_comment_types_description = Kommentarstyper som är markerade här visas inte på ärendesidor. Att markera "Etikett" tar till exempel bort alla "<user> lade till/tog bort <label>" kommentarer.
 hidden_comment_types.ref_tooltip = Kommentarer där detta ärende refererades från ett annat ärende/incheckning/…
@@ -927,12 +927,12 @@ saved_successfully = Dina inställningar har sparats.
 keep_activity_private = Dölj aktivitet från profilsidan
 keep_activity_private.description = Din <a href="%s">publika aktivitet</a> kommer endast vara synlig för dig och instansadministratörerna.
 uploaded_avatar_is_too_big = Den uppladdade filstorleken (%d KiB) överskrider maxstorleken (%d KiB).
-update_user_avatar_success = Användarens avatar har uppdaterats.
+update_user_avatar_success = Användarens profilbild har uppdaterats.
 retype_new_password = Bekräfta nytt lösenord
 email_desc = Din primära e-postadress används för notiser, lösenordsåterställning och, om den inte är dold, webbaserade Git-operationer.
 can_not_add_email_activations_pending = Det finns en väntande aktivering, försök igen om några minuter om du vill lägga till en ny e-postadress.
 add_email_confirmation_sent = Ett bekräftelsemeddelande har skickats till "%s". Kontrollera din inkorg och följ länken inom %s för att bekräfta din e-postadress.
-keep_email_private_popup = E-postadressen visas inte på profilsidan och används inte som standard för incheckningar via webbgränssnittet, som filuppladdningar, redigeringar och sammanfogningsincheckningar. Istället kan en särskild adress %s användas för att länka incheckningar till användarkontot. Detta alternativ påverkar inte befintliga incheckningar.
+keep_email_private_popup = E-postadressen visas inte på profilsidan och används inte som standard för incheckningar via webbgränssnittet, som filuppladdningar, redigeringar och sammanslagningsncheckningar. Istället kan en särskild adress %s användas för att länka incheckningar till användarkontot. Detta alternativ påverkar inte befintliga incheckningar.
 keep_pronouns_private = Visa endast pronomen för inloggade användare
 keep_pronouns_private.description = Detta döljer dina pronomen för besökare som inte är inloggade.
 manage_ssh_principals = Hantera SSH-certifikatnamn
@@ -941,20 +941,20 @@ key_content_ssh_placeholder = Börjar med "ssh-ed25519", "ssh-rsa", "ecdsa-sha2-
 add_new_principal = Lägg till certifikatnamn
 ssh_key_name_used = En SSH-nyckel med samma namn finns redan på ditt konto.
 ssh_principal_been_used = Detta certifikatnamn har redan lagts till på servern.
-gpg_no_key_email_found = Denna GPG-nyckel matchar inte någon aktiverad e-postadress kopplad till ditt konto. Den kan fortfarande läggas till om du signerar den angivna tokenen.
+gpg_no_key_email_found = GPG-nyckeln matchar inte någon aktiverad e-postadress kopplad till ditt konto. Den kan fortfarande läggas till om du signerar angiven token.
 gpg_key_matched_identities = Matchade identiteter:
 gpg_key_matched_identities_long = De inbäddade identiteterna i denna nyckel matchar följande aktiverade e-postadresser för denna användare. Incheckningar som matchar dessa e-postadresser kan verifieras med denna nyckel.
 gpg_key_verified = Verifierad nyckel
 gpg_key_verified_long = Nyckeln har verifierats med en token och kan användas för att verifiera incheckningar som matchar aktiverade e-postadresser för denna användare samt matchade identiteter för denna nyckel.
-gpg_invalid_token_signature = Den angivna GPG-nyckeln, signaturen och tokenen matchar inte eller så är tokenen föråldrad.
-gpg_token_required = Du måste ange en signatur för tokenen nedan
+gpg_invalid_token_signature = Den angivna GPG-nyckeln, signaturen och dess token matchar inte eller så denna token föråldrad.
+gpg_token_required = Du måste ange en signatur för denna token
 gpg_token_signature = Armerad GPG-signatur
 key_signature_gpg_placeholder = Börjar med "-----BEGIN PGP SIGNATURE-----"
 verify_gpg_key_success = GPG-nyckeln "%s" har verifierats.
 ssh_key_verified = Verifierad nyckel
 ssh_key_verified_long = Nyckeln har verifierats med en token och kan användas för att verifiera incheckningar som matchar aktiverade e-postadresser för denna användare.
-ssh_invalid_token_signature = Den angivna SSH-nyckeln, signaturen eller tokenen matchar inte eller så är tokenen föråldrad.
-ssh_token_required = Du måste ange en signatur för tokenen nedan
+ssh_invalid_token_signature = Den angivna SSH-nyckeln, signaturen eller token matchar inte eller så är token föråldrad.
+ssh_token_required = Du måste ange en signatur för token nedan
 ssh_token_help = Du kan generera en signatur med:
 ssh_token_help_ssh_agent = eller, om du använder en SSH-agent (med SSH_AUTH_SOCK-variabeln satt):
 ssh_token_signature = Armerad SSH-signatur
@@ -1016,29 +1016,29 @@ quota.sizes.repos.public = Publika kodförråd
 quota.sizes.repos.private = Privata kodförråd
 quota.sizes.git.all = Git-innehåll
 quota.sizes.git.lfs = Git LFS
-quota.sizes.assets.all = Tillgångar
+quota.sizes.assets.all = Resurser
 quota.sizes.assets.attachments.all = Bilagor
 quota.sizes.assets.attachments.issues = Ärendebilagor
-quota.sizes.assets.attachments.releases = Utgivningsbilagor
+quota.sizes.assets.attachments.releases = Utgåvebilagor
 quota.sizes.assets.artifacts = Artefakter
 
 [repo]
 owner=Ägare
 repo_name=Kodförrådets namn
-repo_name_helper=Bra namn på utvecklingskataloger består utav korta, unika nyckelord som är enkla att komma ihåg.
-repo_size=Utvecklingskatalogens storlek
+repo_name_helper=Bra namn på kodförråd består utav korta, unika nyckelord som är enkla att komma ihåg.
+repo_size=Kodförrådsstorlek
 template=Mall
 template_select=Välj en mall
-template_helper=Gör utvecklingskatalog till mall
-template_description=Utvecklingskatalogmallar låter användare skapa nya utvecklingskataloger med samma filstruktur, filer, och valda inställningar.
+template_helper=Gör kodförrådet till mall
+template_description=Kodförrådsmallar låter användare skapa nya kodförråd med samma filstruktur, filer, och valda inställningar.
 visibility=Synligt för
 visibility_description=Bara ägaren eller medlemmar i organisationen med rätt rättigheter kommer kunna se det.
-visibility_helper_forced=Din tjänstadministratör påtvingar privata utvecklingskataloger.
-visibility_fork_helper=(Att ändra detta kommer att påverka alla förgreningar.)
+visibility_helper_forced=Din tjänstadministratör påtvingar privata kodförråd.
+visibility_fork_helper=(Att ändra detta kommer att påverka alla avgreningar.)
 clone_helper=Hjälp med kloning? Se <a target="_blank" rel="noopener" href="%s">hjälp</a>.
-fork_repo=Förgrena kodförråd
-fork_from=Förgrena från
-fork_visibility_helper=Synligheten av en forkad utvecklingskatalog kan inte ändras.
+fork_repo=Avgrena kodförråd
+fork_from=Avgrena från
+fork_visibility_helper=Det går inte att ändra synligheten för ett avgrenat kodförråd.
 use_template=Välj den här mallen
 generate_repo=Generera utvecklingskatalog
 generate_from=Generera från
@@ -1065,11 +1065,11 @@ mirror_address=Klona från URL
 mirror_last_synced=Synkroniserad senast
 watchers=Observerare
 stargazers=Stjärnmärkare
-forks=Förgreningar
+forks=Avgreningar
 reactions_more=och %d flera
-unit_disabled=Webbplatsens administratör har inaktiverat denna utvecklingskatalog.
+unit_disabled=Webbplatsens administratör har inaktiverat detta kodförråd.
 language_other=Övrigt
-adopt_preexisting_content=Skapa utvecklingskatalog från %s
+adopt_preexisting_content=Skapa kodförråd från %s
 delete_preexisting_label=Radera
 delete_preexisting=Ta bort befintliga filer
 delete_preexisting_content=Ta bort filer i %s
@@ -1090,7 +1090,7 @@ template.topics=Ämnen
 template.avatar=Profilbild
 template.issue_labels=Ärendeetiketter
 template.one_item=Du måste välja minst ett mallobjekt
-template.invalid=Du måste välja minst en utvecklingskatalog för mallar
+template.invalid=Du måste välja ett mallkodförråd
 
 migrate_options=Migreringsalternativ
 migrate_items=Migrationsobjekt
@@ -1100,7 +1100,7 @@ migrate_items_labels=Etiketter
 migrate_items_issues=Ärenden
 migrate_items_pullrequests=Ändringsförfrågningar
 migrate_items_merge_requests=Begäran om sammanfogning
-migrate_items_releases=Releaser
+migrate_items_releases=Utgåvor
 migrate_repo=Migrera kodförråd
 migrate.clone_address=Migrera eller klona från URL
 migrate.clone_address_desc=HTTP(S)- eller Git "clone"-länk för ett befintligt kodförråd
@@ -1116,24 +1116,24 @@ migrate.migrating_failed=Migrering från <b>%s</b> misslyckades.
 migrate.migrating_issues=Migrerar ärenden
 
 mirror_from=spegling av
-forked_from=forkad från
+forked_from=avgrenad från
 generated_from=skapad från
-fork_from_self=Du kan inte forka din egna utvecklingskatalog.
-fork_guest_user=Logga in för att grena detta förråd.
-watch_guest_user=Logga in för att bevaka denna utvecklingskatalog.
-star_guest_user=Logga in för att stjärnmarkera denna utvecklingskatalog.
+fork_from_self=Det går inte att avgrena ett kodförråd du äger.
+fork_guest_user=Logga in för att avgrena detta kodförråd.
+watch_guest_user=Logga in för att bevaka detta kodförråd.
+star_guest_user=Logga in för att stjärnmarkera detta kodförråd.
 unwatch=Avsluta bevakning
 watch=Bevaka
 unstar=Ta bort stjärnmärkning
 star=Stjärnmärk
-fork=Förgrening
+fork=Avgrening
 download_archive=Ladda ner utvecklingskatalogen
 
 no_desc=Ingen beskrivning
 quick_guide=Snabbguide
 clone_this_repo=Klona detta repo
-create_new_repo_command=Skapa en ny utvecklingskatalog på kommandoraden
-push_exist_repo=Pusha en existerande utvecklingskatalog från kommandoraden
+create_new_repo_command=Skapa en nytt kodförråd på kommandoraden
+push_exist_repo=Skicka upp ett befintligt kodförråd från kommandoraden
 empty_message=Detta förråd innehåller inget.
 
 code=Kod
@@ -1147,7 +1147,7 @@ tags=Taggar
 issues=Ärenden
 pulls=Ändringsförfrågningar
 labels=Etiketter
-org_labels_desc=Etiketter på organisationsnivå som kan användas i <strong>alla utvecklingskataloger</strong> tillhörande denna organisation
+org_labels_desc=Etiketter på organisationsnivå som kan användas i <strong>alla kodförråd</strong> som tillhör denna organisation
 org_labels_desc_manage=hantera
 
 milestones=Milstolpar
@@ -1180,7 +1180,7 @@ editor.cannot_edit_non_text_files=Binära filer kan inte redigeras genom webbgr
 editor.edit_this_file=Redigera fil
 editor.this_file_locked=Filen är låst
 editor.must_be_on_a_branch=Du måste vara på en branch för att göra eller föreslå ändringar i denna fil.
-editor.fork_before_edit=Du måste forka denna utvecklingskatalog för att göra eller föreslå förändringar på denna fil.
+editor.fork_before_edit=Du måste avgrena detta kodförråd för att göra eller föreslå förändringar på denna fil.
 editor.delete_this_file=Ta bort fil
 editor.must_have_write_access=Du måste ha skrivåtkomst för att göra eller föreslå ändringar av denna fil.
 editor.name_your_file=Namnge din fil…
@@ -1317,8 +1317,8 @@ issues.filter_sort.nearduedate=Närmaste förfallodatum
 issues.filter_sort.farduedate=Mest avlägsna förfallodatum
 issues.filter_sort.moststars=Flest stjärnor
 issues.filter_sort.feweststars=Minst stjärnor
-issues.filter_sort.mostforks=Flest forks
-issues.filter_sort.fewestforks=Minst forks
+issues.filter_sort.mostforks=Flest avgreningar
+issues.filter_sort.fewestforks=Minst avgreningar
 issues.action_open=Öppna
 issues.action_close=Stäng
 issues.action_label=Etikett
@@ -1392,7 +1392,7 @@ issues.unlock_comment=lås upp denna konversation %s
 issues.lock_confirm=Lås
 issues.unlock_confirm=Lås upp
 issues.lock.notice_1=- Andra användare kan inte kommentera på detta ärende.
-issues.lock.notice_2=- Du och andra kollaboratörer med tillgång till denna utvecklingskatalog kan fortfarande skriva kommentarer som andra kan se.
+issues.lock.notice_2=- Du och andra medarbetare med åtkomst till detta kodförråd kan fortfarande skriva kommentarer som andra kan se.
 issues.lock.notice_3=- Du kan alltid låsa upp detta ärende senare.
 issues.unlock.notice_1=- Alla kommer kunna kommentera detta ärende en gång till.
 issues.unlock.notice_2=- Du kan alltid låsa detta ärende senare.
@@ -1453,7 +1453,7 @@ issues.dependency.add_error_dep_issue_not_exist=Ärendet du beror på, finns int
 issues.dependency.add_error_dep_not_exist=Beroendet finns inte.
 issues.dependency.add_error_dep_exists=Beroendet finns redan.
 issues.dependency.add_error_cannot_create_circular=Du kan inte skapa ett beroende med två ärenden som blockerar varandra.
-issues.dependency.add_error_dep_not_same_repo=Båda ärendena måste vara i samma utvecklingskatalog.
+issues.dependency.add_error_dep_not_same_repo=Båda ärendena måste vara i samma kodförråd.
 issues.review.self.approval=Du kan inte godkänna din egen pull-begäran.
 issues.review.self.rejection=Du kan inte begära ändringar för din egna pull-förfrågan.
 issues.review.approve=godkände dessa ändringar %s
@@ -1495,7 +1495,7 @@ pulls.cant_reopen_deleted_branch=Denna pull-förfrågan kan inte öppnas igen ef
 pulls.merged=Sammanfogat
 pulls.is_closed=Pull-förfrågan har stängts.
 pulls.title_wip_desc=`<a href="#">Börja titeln med <strong>%s</strong></a> för att förhindra att pull-förfrågan sammanfogas av misstag`
-pulls.data_broken=Pull-requesten är trasig pågrund av oexisterande information on forken.
+pulls.data_broken=Ändringsbegäran är trasig på grund av saknad information on avgreningen.
 pulls.files_conflicted=Den här pull-förfrågan ha ändringar som är i konflikt med mål-branchen.
 pulls.is_checking=Sammanfognings-konfliktkontroll pågår. Försök igen senare.
 pulls.required_status_check_failed=Vissa tvingande kontroller lyckades inte.
@@ -1505,8 +1505,8 @@ pulls.can_auto_merge_desc=Denna pull-förfrågan kan sammanfogas automatiskt.
 pulls.cannot_auto_merge_desc=Pull-requesten kan inte bli mergad automatiskt på grund av konflikter.
 pulls.cannot_auto_merge_helper=Merga manuellt för att lösa konlifterna.
 
-pulls.no_merge_desc=Pull-requesten kan inte mergas för alla alternativ för merging är inaktiverade för denna utvecklingskatalog.
-pulls.no_merge_helper=Aktivera mergealternativ i utvecklingskatalogsinställningarna, eller merga manuellt.
+pulls.no_merge_desc=Det går inte att sammafoga denna ändringsförfrågan då alla alternativ för det är inaktiverade.
+pulls.no_merge_helper=Aktivera sammanfogningsalternativ i kodförrådsinställningarna, eller sammanfoga manuellt.
 
 pulls.invalid_merge_option=Du kan inte använda detta mergealternativet för denna pull-request.
 pulls.open_unmerged_pull_exists=`Du kan inte återuppliva denna pull-request då det redan finns en identisk pull-request öppen (#%d).`
@@ -1622,8 +1622,8 @@ activity.git_stats_deletion_n=%d borttagningar
 contributors.contribution_type.commits=Incheckningar
 
 settings=Inställningar
-settings.desc=Inställningarna är där du kan hantera inställningar för utvecklingskatalogen
-settings.options=Utvecklingskatalog
+settings.desc=Inställningarna är där du kan hantera kodförrådets inställningar
+settings.options=Kodförråd
 settings.collaboration=Medarbetare
 settings.collaboration.admin=Administratör
 settings.collaboration.write=Skriva
@@ -1656,7 +1656,7 @@ settings.tracker_url_format_error=URL-formatet för den extern ärendehanterare
 settings.tracker_issue_style=Externt ärendenummerformat
 settings.tracker_issue_style.numeric=Numerisk
 settings.tracker_issue_style.alphanumeric=Alfanumerisk
-settings.tracker_url_format_desc=Använd variablerna <code>{user}</code>, <code>{repo}</code> och <code>{index}</code> för användarnamn, utvecklingskatalogsnamn och ärenderegister.
+settings.tracker_url_format_desc=Använd variablerna <code>{user}</code>, <code>{repo}</code> och <code>{index}</code> för användarnamn, kodförrådsnamn och ärenderegister.
 settings.enable_timetracker=Aktivera tidsredovisning
 settings.allow_only_contributors_to_track_time=Låt endast bidragsgivare spåra tid
 settings.pulls_desc=Aktivera ändringsförfrågningar för kodförråd
@@ -1667,46 +1667,46 @@ settings.admin_enable_close_issues_via_commit_in_any_branch=Stäng ett ärende v
 settings.danger_zone=Farozon
 settings.new_owner_has_same_repo=Den nya ägaren har redan ett repo med det namnet. Vänligen välj ett annat namn.
 settings.convert=Konvertera till vanligt kodförråd
-settings.convert_desc=Du kan konvertera denna spegling till en vanlig utvecklingskatalog. Detta kan ej ångras.
-settings.convert_notices_1=Denna operation kommer att omvandla speglingen till en vanlig utvecklingskatalog och detta kan inte ångras.
+settings.convert_desc=Du kan konvertera denna spegling till ett vanligt kodförråd. Detta kan ej ångras.
+settings.convert_notices_1=Denna operation kommer att omvandla speglingen till ett vanligt kodförråd och detta kan inte ångras.
 settings.convert_confirm=Konvertera kodförråd
-settings.convert_succeed=Speglingen har blivit konverterad till en vanlig utvecklingskatalog.
+settings.convert_succeed=Speglingen har blivit konverterad till ett vanligt kodförråd.
 settings.convert_fork=Konvertera till vanligt kodförråd
 settings.convert_fork_confirm=Konvertera kodförråd
 settings.transfer.title=Överför Ägarskap
-settings.transfer_desc=Överför denna utvecklingskatalog till en användare eller organisation för vilken du har administratörsrättigheter till.
-settings.transfer_notices_1=- Du kommer förlora åtkomst till denna utvecklingskatalog om du för över den till en individuell användare.
-settings.transfer_notices_2=- Du kommer behålla åtkomst till utvecklingskatalogen om du för över den till en organisation som du antingen äger eller är delägare i.
+settings.transfer_desc=Överför detta kodförråd till en användare eller organisation för vilken du har administratörsrättigheter till.
+settings.transfer_notices_1=- Du kommer förlora åtkomst till kodförrådet om du för över den till en individuell användare.
+settings.transfer_notices_2=- Du kommer behålla åtkomst till kodförrådet om du för över den till en organisation som du antingen äger eller är delägare i.
 settings.transfer_owner=Ny ägare
-settings.transfer_succeed=Utvecklingskatalogen har flyttats över.
+settings.transfer_succeed=Kodförrådet har flyttats över.
 settings.trust_model.collaborator=Medarbetare
 settings.wiki_delete=Ta bort wikidata
-settings.wiki_delete_desc=Borttagning av utvecklingskatalogens wiki-data är permanent och kan ej ångras.
-settings.wiki_delete_notices_1=- Detta kommer permanent ta bort och inaktivera utvecklingskatalogens wiki för %s.
+settings.wiki_delete_desc=Borttagning av kodförrådets wiki-data är permanent och kan ej ångras.
+settings.wiki_delete_notices_1=- Detta kommer permanent ta bort och inaktivera kodförrådets wiki för %s.
 settings.confirm_wiki_delete=Ta bort wikidata
-settings.wiki_deletion_success=Utvecklingskatalogens wiki-data har blivit borttaget.
+settings.wiki_deletion_success=Kodförrådets wiki-data har tagits bort.
 settings.delete=Ta bort detta kodförråd
-settings.delete_desc=Borttagning av en utvecklingskatalog är permanent och kan ej ångras.
+settings.delete_desc=Borttagning av en kodförrådet är permanent och kan ej ångras.
 settings.delete_notices_1=- Denna åtgärd kan <strong>INTE</strong> ångras.
-settings.delete_notices_2=- Denna åtgärd kommer permanent ta bort utvecklingskatalogen <strong>%s</strong> inklusive kod, ärenden, kommentarer, wiki-data samt medarbetarinställningar.
-settings.delete_notices_fork_1=- Forkar av denna utvecklingskatalog kommer bli självständiga efter borttagning.
-settings.deletion_success=Utvecklingskatalog har tagits bort.
-settings.update_settings_success=Inställningar för utvecklingskatalog har uppdaterats.
+settings.delete_notices_2=- Denna åtgärd kommer permanent ta bort kodförrådet <strong>%s</strong> inklusive kod, ärenden, kommentarer, wiki-data samt medarbetarinställningar.
+settings.delete_notices_fork_1=- Avgreningar från detta kodförråd kommer bli självständiga efter borttagning.
+settings.deletion_success=Kodförrådet har tagits bort.
+settings.update_settings_success=Inställningarna för kodförrådet har uppdaterats.
 settings.confirm_delete=Ta bort kodförråd
 settings.add_collaborator=Lägg till medarbetare
 settings.add_collaborator_success=Medarbetare har lagts till.
-settings.add_collaborator_duplicate=Kollaboratören är redan tillagd i denna utvecklingskatalog.
+settings.add_collaborator_duplicate=Medarbetaren är redan tillagd i detta kodförråd.
 settings.delete_collaborator=Ta bort
 settings.collaborator_deletion=Ta bort medarbetare
-settings.collaborator_deletion_desc=Borttagning av en medarbetare kommer att återkalla deras åtkomst till utvecklingskatalogen. Vill du fortsätta?
+settings.collaborator_deletion_desc=Borttagning av en medarbetare kommer att återkalla deras åtkomst till kodförrådet. Vill du fortsätta?
 settings.remove_collaborator_success=Medarbetaren har blivit borttagen.
 settings.org_not_allowed_to_be_collaborator=Organisationer kan inte läggas till som en medarbetare.
-settings.change_team_access_not_allowed=Att ändra teamåtkomst för utvecklingskatalogen har begränsats till organisationsägaren
-settings.team_not_in_organization=Teamet är inte i samma organisation som utvecklingskatalogen
+settings.change_team_access_not_allowed=Ändringar av teamåtkomst för kodförrådet har begränsats till organisationsägaren
+settings.team_not_in_organization=Teamet är inte i samma organisation som kodförrådet
 settings.teams=Grupper
-settings.add_team_duplicate=Teamet har redan utvecklingskatalogen
-settings.add_team_success=Teamet har nu tillgång till utvecklingskatalogen.
-settings.remove_team_success=Teamets åtkomst till utvecklingskatalogen har tagits bort.
+settings.add_team_duplicate=Teamet har redan kodförrådet
+settings.add_team_success=Teamet har nu tillgång till kodförrådet.
+settings.remove_team_success=Teamets åtkomst till kodförrådet har tagits bort.
 settings.add_webhook=Lägg till webbkrok
 settings.hooks_desc=Webhooks gör automatiskt ett HTTP POST anrop mot en server när vissa Forgejo events triggas. Läs mer om detta i <a target="_blank" rel="noopener noreferrer" href="%s">webhooks guiden</a>.
 settings.webhook_deletion=Ta bort webbkrok
@@ -1741,14 +1741,14 @@ settings.event_create=Skapa
 settings.event_create_desc=Branch eller tagg skapad.
 settings.event_delete=Ta bort
 settings.event_fork=Avgrena
-settings.event_fork_desc=Utvecklingskatalog forkad.
+settings.event_fork_desc=Kodförrådet är avgrenat.
 settings.event_wiki=Wiki
-settings.event_release=Release
-settings.event_release_desc=Releasen publicerad, uppdaterad eller raderad i en utvecklingskatalog.
+settings.event_release=Utgåva
+settings.event_release_desc=Utgåvan är publicerad, uppdaterad eller raderad i ett kodförråd.
 settings.event_push=Pusha
-settings.event_push_desc=Git push till en utvecklingskatalog.
-settings.event_repository=Utvecklingskatalog
-settings.event_repository_desc=Utvecklingskatalogen skapad eller borttagen.
+settings.event_push_desc=Git push till ett kodförråd.
+settings.event_repository=Kodförråd
+settings.event_repository_desc=Kodförråd skapat eller borttaget.
 settings.event_header_issue=Ärendehändelser
 settings.event_issues=Ändring
 settings.event_issue_comment=Kommentarer
@@ -1769,14 +1769,14 @@ settings.deploy_keys=Distributionsnycklar
 settings.add_deploy_key=Lägg till distributionsnyckel
 settings.deploy_key_desc=Distributionsnycklar kan ha läs- eller läs- och skrivåtkomst till kodförrådet.
 settings.is_writable=Aktivera skrivåtkomst
-settings.is_writable_info=Tillåt denna distributionsnyckel att<strong>pusha</strong> till utvecklingskatalogen.
+settings.is_writable_info=Tillåt denna distributionsnyckel att<strong>skicka</strong> till kodförrådet.
 settings.no_deploy_keys=Det finns inga distributionsnycklar ännu.
 settings.title=Titel
 settings.deploy_key_content=Innehåll
 settings.key_been_used=En distributionsnyckel med identiskt innehåller används redan.
 settings.key_name_used=En distributionsnyckel med samma namn finns redan.
 settings.deploy_key_deletion=Ta bort distributionsnyckel
-settings.deploy_key_deletion_desc=Borttagning utav en distributionsnyckel kommer att återkalla dess åtkomst till utvecklingskatalogen. Vill du fortsätta?
+settings.deploy_key_deletion_desc=Borttagning utav en distributionsnyckel kommer att återkalla dess åtkomst till kodförrådet. Vill du fortsätta?
 settings.deploy_key_deletion_success=Distributionsnyckeln har blivit borttagen.
 settings.branches=Brancher
 settings.protected_branch=Grenskydd
@@ -1794,7 +1794,7 @@ settings.protect_merge_whitelist_users=Vitlistade användare för sammanfogning
 settings.protect_merge_whitelist_teams=Vitlistade teams för sammanfogning
 settings.protect_check_status_contexts=Aktivera statuskontroller
 settings.protect_check_status_contexts_desc=Kräv godkända statuskontroller innan sammanfogning. Om aktiverad, måste incheckningar först skickas upp till en annan gren, sedan sammanfogas eller skickas upp direkt till en gren som matchar denna regel efter statuskontrollerna har godkännts. Om inga kontext matchar måste den sista incheckningen lyckas oavsett kontext.
-settings.protect_check_status_contexts_list=Statuskontroller funna under senaste veckan för denna utvecklingskatalog
+settings.protect_check_status_contexts_list=Statuskontroller funna under senaste veckan för detta kodförråd
 settings.protect_required_approvals=Godkännanden som krävs
 settings.protect_approvals_whitelist_users=Vitlistade granskare
 settings.protect_approvals_whitelist_teams=Vitlistade team för granskning
@@ -1814,13 +1814,13 @@ settings.matrix.message_type=Typ av meddelande
 settings.archive.button=Arkivera kodförråd
 settings.archive.header=Arkivera detta kodförråd
 settings.archive.success=Förrådet arkiverades.
-settings.archive.error=Ett fel uppstod när utvecklingskatalogen arkiverades. Se loggen för fler detaljer.
+settings.archive.error=Ett fel uppstod när kodförrådet arkiverades. Se loggen för fler detaljer.
 settings.archive.error_ismirror=Du kan inte arkivera ett speglat förråd.
 settings.archive.branchsettings_unavailable=Inställningar för grenar är inte tillgängliga för arkiverade kodförråd.
-settings.update_avatar_success=Utvecklingskatalogens avatar har uppdaterats.
+settings.update_avatar_success=Kodförrådets profilbild har uppdaterats.
 settings.lfs=LFS
-settings.lfs_filelist=LFS filer lagrade i denna utvecklingskatalog
-settings.lfs_no_lfs_files=Inga LFS filer är lagrade i denna utvecklingskatalog
+settings.lfs_filelist=LFS filer lagrade i detta kodförråd
+settings.lfs_no_lfs_files=Inga LFS filer är lagrade i detta kodförråd
 settings.lfs_findcommits=Hitta commits
 settings.lfs_lfs_file_no_commits=Ingen incheckning hittad för denna LFS-fil
 settings.lfs_locks=Lås
@@ -1871,31 +1871,31 @@ diff.review.reject=Begär ändringar
 diff.committed_by=committad av
 
 releases.desc=Följ projektversioner och nerladdningar.
-release.releases=Släpp
+release.releases=Utgåvor
 release.new_release=Ny utgåva
 release.draft=Utkast
 release.prerelease=Förutgåva
 release.stable=Stabil
 release.compare=Jämför
 release.edit=Redigera
-release.ahead.commits=<strong>%d</strong> committer
+release.ahead.commits=<strong>%d</strong> incheckningar
 release.ahead.target=till %s sedan denna utgåva
 release.source_code=Källkod
-release.new_subheader=Releaser organiserar projektversioner.
-release.edit_subheader=Releaser organiserar projektversioner.
+release.new_subheader=Utgåvor organiserar projektversioner.
+release.edit_subheader=Utgåvor organiserar projektversioner.
 release.tag_name=Taggnamn
 release.target=Mål
 release.tag_helper=Välj en existerande tagg eller skapa en ny tagg.
-release.prerelease_desc=Markera som en förutgåva
-release.prerelease_helper=Markera denna Release olämpliga för användning i produktion.
+release.prerelease_desc=Markera som förutgåva
+release.prerelease_helper=Markera denna utgåva olämplig för användning i produktion.
 release.cancel=Avbryt
 release.publish=Publicera utgåva
 release.save_draft=Spara utkast
 release.edit_release=Uppdatera utgåva
 release.delete_release=Ta bort utgåva
 release.deletion=Ta bort utgåva
-release.deletion_success=Releasen har blivit raderad.
-release.tag_name_already_exist=En release med denna tagg existerar redan.
+release.deletion_success=Utgåvan har tagits bort.
+release.tag_name_already_exist=En utgåva med denna tagg existerar redan.
 release.tag_name_invalid=Taggnamnet är inte giltigt.
 release.downloads=Nedladdningar
 branch.name=Grennamn
@@ -1918,10 +1918,10 @@ download_zip = Hämta ZIP
 download_tar = Hämta TAR.GZ
 repo_desc_helper = Ange kort beskrivning (valfritt)
 all_branches = Alla grenar
-fork_no_valid_owners = Detta kodförråd kan inte förgrenas eftersom det inte finns några giltiga ägare.
-fork_to_different_account = Förgrena till ett annat konto
+fork_no_valid_owners = Detta kodförråd kan inte avgrenas eftersom det inte finns några giltiga ägare.
+fork_to_different_account = Avgrena till ett annat konto
 size_format = %[1]s: %[2]s, %[3]s: %[4]s
-already_forked = Du har redan förgrenat %s
+already_forked = Du har redan avgrenat %s
 commitstatus.failure = Misslyckad
 ext_issues = Externa ärenden
 open_with_editor = Öppna med %s
@@ -2031,7 +2031,7 @@ new_from_template_description = Du kan välja en befintlig kodförrådsmall på
 new_advanced = Avancerade inställningar
 new_advanced_expand = Klicka för att expandera
 owner_helper = Vissa organisationer kanske inte visas i rullgardinsmenyn på grund av en maxgräns för antal kodförråd.
-fork_branch = Gren som ska klonas till förgreningen
+fork_branch = Gren som ska klonas till avgreningen
 object_format_helper = Objektformat för kodförrådet. Kan inte ändras senare. SHA1 är mest kompatibelt.
 auto_init_description = Starta Git-historiken med en README och lägg valfritt till licens- och .gitignore-filer.
 mirror_interval = Speglingsintervall (giltiga tidsenheter är "h", "m", "s"). 0 för att inaktivera periodisk synkronisering. (Minsta intervall: %s)
@@ -2120,7 +2120,7 @@ n_tag_one = %s tagg
 n_tag_few = %s taggar
 n_release_one = %s utgåva
 n_release_few = %s utgåvor
-released_this = släppte detta
+released_this = publicerade detta
 file.title = %s vid %s
 file_follow = Följ symlänk
 file_view_rendered = Visa renderad
@@ -2400,7 +2400,7 @@ pulls.clear_merge_message_hint = Att rensa sammanfogningsmeddelandet tar endast
 pulls.reopen_failed.head_branch = Ändringsförfrågan kan inte återöppnas eftersom huvudgrenen inte längre existerar.
 pulls.reopen_failed.base_branch = Ändringsförfrågan kan inte återöppnas eftersom basgrenen inte längre existerar.
 pulls.made_using_agit = AGit
-pulls.agit_explanation = Skapad med AGit-arbetsflödet. AGit låter bidragsgivare föreslå ändringar med "git-skickning" utan att skapa en förgrening eller en ny gren.
+pulls.agit_explanation = Skapad med AGit-arbetsflödet. AGit låter bidragsgivare föreslå ändringar med "git-skickning" utan att skapa en avgrening eller en ny gren.
 pulls.editable_explanation = Denna ändringsförfrågan tillåter redigeringar från underhållare. Du kan bidra direkt till den.
 pulls.auto_merge_button_when_succeed = (När kontroller lyckas)
 pulls.auto_merge_when_succeed = Automatisk sammanfogning när alla kontroller lyckas
@@ -2511,9 +2511,9 @@ settings.admin_indexer_unindexed = Oindexerad
 settings.reindex_button = Lägg till i omindexeringskön
 settings.reindex_requested = Omindexering begärd
 settings.new_owner_blocked_doer = Den nya ägaren har blockerat dig.
-settings.convert_fork_desc = Du kan konvertera denna förgrening till ett vanligt kodförråd. Detta kan inte ångras.
-settings.convert_fork_notices_1 = Denna åtgärd kommer att konvertera förgreningen till ett vanligt kodförråd och kan inte ångras.
-settings.convert_fork_succeed = Förgreningen har konverterats till ett vanligt kodförråd.
+settings.convert_fork_desc = Du kan konvertera denna avgrening till ett vanligt kodförråd. Detta kan inte ångras.
+settings.convert_fork_notices_1 = Denna åtgärd kommer att konvertera avgreningen till ett vanligt kodförråd och kan inte ångras.
+settings.convert_fork_succeed = Avgreningen har konverterats till ett vanligt kodförråd.
 settings.transfer.rejected = Överföring av kodförråd avvisades.
 settings.transfer.success = Överföring av kodförråd lyckades.
 settings.transfer_abort_invalid = Du kan inte avbryta en obefintlig överföring av kodförråd.
@@ -2702,9 +2702,9 @@ diff.image.swipe = Svep
 diff.image.overlay = Överlägga
 diff.show_file_tree = Visa filträd
 diff.hide_file_tree = Dölj filträd
-release.detail = Utgåvadetaljer
+release.detail = Utgåvedetaljer
 release.tag_helper_new = Ny tagg. Denna tagg kommer att skapas från målet.
-release.title = Utgåvatitel
+release.title = Utgåvetitel
 release.title_empty = Titeln kan inte vara tom.
 release.message = Beskriv denna utgåva
 release.deletion_desc = Borttagning av en utgåva tar bara bort den från Forgejo. Det påverkar inte Git-taggen, innehållet i ditt kodförråd eller dess historik. Vill du fortsätta?
@@ -2778,7 +2778,7 @@ repo_updated=Uppdaterad %s
 members=Medlemmar
 teams=Grupper
 lower_members=medlemmar
-lower_repositories=utvecklingskataloger
+lower_repositories=Kodförråd
 create_new_team=Nytt team
 create_team=Skapa team
 org_desc=Beskrivning
@@ -2786,7 +2786,7 @@ team_name=Teamnamn
 team_desc=Beskrivning
 team_name_helper=Teamnamn bör vara korta och lätta att komma ihåg.
 team_desc_helper=Beskriv syftet eller rollen för teamet.
-team_access_desc=Åtkomst till utvecklingskatalogen
+team_access_desc=Åtkomst till kodförrådet
 team_permission_desc=Behörighet
 team_unit_desc=Tillåt åtkomst till delar av kodförrådet
 team_unit_disabled=(Inaktiverad)
@@ -2799,7 +2799,7 @@ settings.full_name=Fullständigt namn
 settings.website=Webbplats
 settings.location=Plats
 settings.permission=Behörigheter
-settings.repoadminchangeteam=Utvecklingskatalogens admin kan lägga till och ta bort åtkomst för team
+settings.repoadminchangeteam=Kodförrådets admin kan lägga till och ta bort åtkomst för team
 settings.visibility=Synlighet
 settings.visibility.public=Offentlig
 settings.visibility.private=Privat (synlig endast för organisationens medlemmar)
@@ -2814,9 +2814,9 @@ settings.delete_prompt=Organisationen kommer tas bort permanent, och det går <s
 settings.confirm_delete_account=Bekräfta borttagning
 settings.delete_org_title=Ta bort organisation
 settings.delete_org_desc=Denna organisation kommer tas bort permanent. Vill du fortsätta?
-settings.hooks_desc=Lägg till webbhook som triggas för <strong>alla utvecklingskataloger</strong> under denna organisationen.
+settings.hooks_desc=Lägg till webbkrokar som triggas för <strong>alla kodförråd</strong> under organisationen.
 
-settings.labels_desc=Lägg till etiketter som kan användas till ärenden för <strong>alla utvecklingskataloger</strong> under denna organisation.
+settings.labels_desc=Lägg till etiketter som kan användas till ärenden för <strong>alla kodförråd</strong> under organisationen.
 
 members.membership_visibility=Synlighet för medlemskap:
 members.public=Synlig
@@ -2833,35 +2833,35 @@ members.invite_now=Bjud in
 
 teams.join=Gå med
 teams.leave=Gå ur
-teams.can_create_org_repo=Skapa utvecklingskataloger
-teams.can_create_org_repo_helper=Medlemmar kan skapa nya utvecklingskataloger i organisationen. Skaparen får administratörsåtkomst till den nya katalogen.
+teams.can_create_org_repo=Skapa kodförråd
+teams.can_create_org_repo_helper=Medlemmar kan skapa nya kodförråd i organisationen. Skaparen får administratörsåtkomst till det nya kodförrådet.
 teams.read_access=Lästa
 teams.admin_access=Administratörsåtkomst
-teams.admin_access_helper=Medlemmar kan pulla och pusha till teamets utvecklingskataloger och lägga till medarbetare till dessa.
+teams.admin_access_helper=Medlemmar kan dra ned och skicka till teamets kodförråd samt lägga till medarbetare till dessa.
 teams.no_desc=Detta team har ingen beskrivning
 teams.settings=Inställningar
-teams.owners_permission_desc=Ägare har full åtkomst till <strong>alla utvecklingskataloger</strong> och har <strong>administratörsåtkomst</strong> till organisationen.
+teams.owners_permission_desc=Ägare har full åtkomst till <strong>alla kodförråd</strong> och har <strong>administratörsåtkomst</strong> till organisationen.
 teams.members=Lagmedlemmar
 teams.update_settings=Uppdatera inställningar
 teams.delete_team=Ta bort team
 teams.add_team_member=Lägg till teammedlem
 teams.delete_team_title=Ta bort team
-teams.delete_team_desc=Borttagning av ett team återkallar åtkomsten till utvecklingskatalogen för dess medlemmar. Vill du fortsätta?
+teams.delete_team_desc=Borttagning av ett team återkallar åtkomsten till kodförråd för dess medlemmar. Vill du fortsätta?
 teams.delete_team_success=Teamet har blivit borttaget.
 teams.admin_permission_desc=Medlemskap i detta team ger <strong>administratörsrättigheter</strong>: medlemmar kan läsa från, skicka till och lägga till medarbetare till teamets kodförråd.
 teams.create_repo_permission_desc=Vidare så ger detta team <strong>Skapa utvecklingskatalog</strong> rättigheten: medlemmar can skapa nya utvecklingskataloger i organisationen.
 teams.repositories=Lagets utvecklingskataloger
 teams.remove_all_repos_title=Ta bort alla utvecklingskataloger för teamet
-teams.remove_all_repos_desc=Detta kommer att ta bort alla utvecklingskataloger från teamet.
+teams.remove_all_repos_desc=Detta kommer att ta bort alla kodförråd från teamet.
 teams.add_all_repos_title=Lägg till alla utvecklingskataloger
-teams.add_all_repos_desc=Detta kommer att lägga till alla organisationens utvecklingskataloger till teamet.
+teams.add_all_repos_desc=Detta lägger till organisationens kodförråd till teamet.
 teams.add_duplicate_users=Användaren är redan en gruppmedlem.
 teams.repos.none=Inga förråd åtkomliga för denna grupp.
 teams.members.none=Inga medlemmar i denna grupp.
-teams.specific_repositories=Specifika utvecklingskataloger
-teams.specific_repositories_helper=Medlemmar kommer endast ha tillgång till utvecklingskataloger som explicit har lagts till för teamet. Att välja detta kommer <strong>inte</strong> automatiskt ta bort utvecklingskataloger som redan lagts till genom <i>Alla utvecklingskataloger</i>.
-teams.all_repositories=Alla utvecklingskataloger
-teams.all_repositories_helper=Teamet har tillgång till alla utvecklingskataloger. När du väljer detta komma <strong>alla nuvarande utvecklingskataloger</strong> läggas till i teamet.
+teams.specific_repositories=Specifika kodförråd
+teams.specific_repositories_helper=Medlemmar kommer endast ha tillgång till kodförråd som explicit har lagts till för teamet. Att välja detta kommer <strong>inte</strong> automatiskt ta bort kodförråd som redan lagts till genom <i>Alla kodförråd</i>.
+teams.all_repositories=Alla kodförråd
+teams.all_repositories_helper=Teamet har tillgång till alla kodförråd. När du väljer detta komma <strong>alla nuvarande kodförråd</strong> läggas till i teamet.
 code = Kod
 settings.visibility.limited_shortname = Begränsad
 teams.write_access = Skriv
@@ -2893,7 +2893,7 @@ teams.invite.description = Klicka på knappen nedan för att gå med i teamet.
 dashboard=Instrumentpanel
 users=Användarkonton
 organizations=Organisationer
-repositories=Utvecklingskataloger
+repositories=Kodförråd
 authentication=Autentiseringskällor
 config=Konfiguration
 notices=Systemaviseringar
@@ -2910,11 +2910,11 @@ dashboard.operation_switch=Byt till
 dashboard.operation_run=Kör
 dashboard.clean_unbind_oauth=Rena obundna OAuth anslutningar
 dashboard.clean_unbind_oauth_success=Alla obundna OAuth anslutningar har raderats.
-dashboard.delete_missing_repos=Ta bort alla utvecklingskataloger som saknar filer specifika för Git
-dashboard.delete_generated_repository_avatars=Ta bort genererade avatarer för utvecklingskatalogen
-dashboard.git_gc_repos=Rensa skräpfiler på samtliga utvecklingskataloger
+dashboard.delete_missing_repos=Ta bort alla kodförråd som saknar filer specifika för Git
+dashboard.delete_generated_repository_avatars=Ta bort genererade profilbilder för kodförrådet
+dashboard.git_gc_repos=Rensa skräpfiler i samtliga kodförråd
 dashboard.resync_all_hooks=Återsynkronisera pre-receive-, update- och post-receive-krokar för alla kodförråd
-dashboard.reinit_missing_repos=Återinitialisera alla saknade utvecklingskataloger som vi känner till
+dashboard.reinit_missing_repos=Återinitialisera alla saknade kodförråd för vilka det finns poster
 dashboard.sync_external_users=Synkronisera extern användardata
 dashboard.server_uptime=Serverns upptid
 dashboard.current_goroutine=Aktuella gorutiner
@@ -2928,7 +2928,7 @@ dashboard.current_heap_usage=Nuvarande heapanvändning
 dashboard.heap_memory_obtained=Heapminne som erhållits
 dashboard.heap_memory_idle=Heapminne som är inaktivt
 dashboard.heap_memory_in_use=Heapminne som används
-dashboard.heap_memory_released=Heapminne som har släppts
+dashboard.heap_memory_released=Frigjort heap-minne
 dashboard.heap_objects=Heapobjekt
 dashboard.bootstrap_stack_usage=Bootstrap Stack-användning
 dashboard.stack_memory_obtained=Stackminne som erhålls
@@ -2951,7 +2951,7 @@ users.name=Användarnamn
 users.full_name=Fullständigt namn
 users.activated=Aktiverad
 users.admin=Administratör
-users.repos=Utvecklingskataloger
+users.repos=Kodförråd
 users.created=Skapad
 users.last_login=Senaste inloggning
 users.never_login=Aldrig loggat in
@@ -2973,7 +2973,7 @@ users.allow_import_local=Kan importera lokala kodförråd
 users.allow_create_organization=Kan skapa organisationer
 users.update_profile=Uppdatera användarkonto
 users.delete_account=Ta bort användarkontot
-users.still_own_repo=Denna användare äger fortfarande en eller flera utvecklingskataloger. Ta bort eller överför dessa utvecklingskataloger först.
+users.still_own_repo=Denna användare äger fortfarande ett eller flera kodförråd. Ta bort eller överför dessa kodförråd först.
 users.still_has_org=Denna användare är medlem i en eller flera organisationer. Ta bort användaren från dessa först.
 users.deletion_success=Användarkontot har blivit borttaget.
 users.list_status_filter.is_active=Aktiv
@@ -3002,7 +3002,7 @@ repos.size=Storlek
 packages.owner=Ägare
 packages.name=Namn
 packages.type=Typ
-packages.repository=Utvecklingskatalog
+packages.repository=Kodförråd
 packages.size=Storlek
 
 
@@ -3211,7 +3211,7 @@ notices.inverse_selection=Invertera markeringar
 notices.delete_selected=Ta bort markerade
 notices.delete_all=Ta bort alla notiser
 notices.type=Typ
-notices.type_1=Utvecklingskatalog
+notices.type_1=Kodförråd
 notices.type_2=Uppgift
 notices.desc=Beskrivning
 notices.op=Op.
@@ -3430,7 +3430,7 @@ self_check.database_collation_case_insensitive = Databasen använder kollatering
 
 
 [action]
-create_repo=skapade utvecklingskatalog <a href="%s"> %s</a>
+create_repo=skapade kodförråd <a href="%s"> %s</a>
 rename_repo=döpte om utvecklingskalatogen från <code>%[1]s</code> till <a href="%[2]s">%[3]s</a>
 transfer_repo=överförde utvecklingskalatogen <code>%s</code> till <a href="%s">%s</a>
 delete_tag=tog bort taggen %[2]s från <a href="%[1]s">%[3]s</a>
@@ -3459,7 +3459,7 @@ push_tag = skickade tagg <a href="%[2]s">%[3]s</a> till <a href="%[1]s">%[4]s</a
 mirror_sync_push = synkade incheckningar till <a href="%[2]s">%[3]s</a> i <a href="%[1]s">%[4]s</a> från spegel
 mirror_sync_create = synkade ny referens <a href="%[2]s">%[3]s</a> till <a href="%[1]s">%[4]s</a> från spegel
 reject_pull_request = `föreslog ändringar för <a href="%[1]s">%[3]s#%[2]s</a>`
-publish_release = `släppte <a href="%[2]s">%[4]s</a> i <a href="%[1]s">%[3]s</a>`
+publish_release = `publicerade <a href="%[2]s">%[4]s</a> i <a href="%[1]s">%[3]s</a>`
 review_dismissed = `avfärdade granskning från <b>%[4]s</b> för <a href="%[1]s">%[3]s#%[2]s</a>`
 
 [tool]
@@ -3489,7 +3489,7 @@ raw_minutes=minuter
 [gpg]
 
 [units]
-error.no_unit_allowed_repo=Du tillåts inte åtkomst till någon del av denna utvecklingskatalog.
+error.no_unit_allowed_repo=Du tillåts inte åtkomst till någon del av detta kodförråd.
 error.unit_not_allowed=Du har inte åtkomst till denna del av utvecklingskatalogen.
 unit = Enhet
 
@@ -3537,7 +3537,7 @@ workflow.dispatch.success = Arbetsflödeskörning begärdes framgångsrikt.
 workflow.dispatch.input_required = Värde krävs för indata "%s".
 workflow.dispatch.invalid_input_type = Ogiltig indatatyp "%s".
 workflow.dispatch.warn_input_limit = Visar endast de första %d indatafälten.
-need_approval_desc = Godkännande krävs för att köra arbetsflöden för ändringsförfrågningar från förgreningar.
+need_approval_desc = Godkännande krävs för att köra arbetsflöden för ändringsförfrågningar från avgreningar.
 variables.none = Det finns inga variabler ännu.
 variables.deletion.description = Borttagning av en variabel är permanent och kan inte ångras. Vill du fortsätta?
 variables.description = Variabler skickas till vissa actions och kan inte läsas annars.
@@ -3608,7 +3608,7 @@ issues.read = <b>Läs:</b> Läs och skapa ärenden och kommentarer.
 issues.write = <b>Skriv:</b> Stäng ärenden och hantera metadata som etiketter, milstolpar, tilldelade, förfallodatum och beroenden.
 pulls.read = <b>Läs:</b> Läs och skapa ändringsförfrågan.
 pulls.write = <b>Skriv:</b> Stäng ändringsförfrågan och hantera metadata som etiketter, milstolpar, tilldelade, förfallodatum och beroenden.
-releases.read = <b>Läs:</b> Visa och ladda ner releaser.
+releases.read = <b>Läs:</b> Visa och ladda ner utgåvor.
 releases.write = <b>Skriv:</b> Publicera, redigera och ta bort utgåvor och deras resurser.
 wiki.read = <b>Läs:</b> Läs den integrerade wikin och dess historik.
 wiki.write = <b>Skriv:</b> Skapa, uppdatera och ta bort sidor i den integrerade wikin.
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 41f689e93d..53ef8c4b0b 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -512,7 +512,7 @@ totp_disabled.text_1 = Тимчасовий одноразовий пароль
 password_change.subject = Ваш пароль успішно змінено
 password_change.text_1 = Пароль до вашого облікового запису було щойно змінено.
 reply = чи відповісти напряму з електронної адреси
-admin.new_user.user_info = Інформація користувача
+admin.new_user.user_info = Інформація про користувача
 admin.new_user.text = Будь ласка, <a href="%s">натисніть тут</a>, щоб керувати цим користувачем із панелі адміністрації.
 admin.new_user.subject = Новий користувач %s щойно ввійшов
 removed_security_key.text_1 = Ключ безпеки «%[1]s» було щойно видалено з вашого облікового запису.
@@ -1242,7 +1242,7 @@ editor.filename_help=Щоб додати каталог, наберіть йог
 editor.or=або
 editor.cancel_lower=Скасувати
 editor.commit_signed_changes=Внести підписані зміни
-editor.commit_changes=Зберегти зміни
+editor.commit_changes=Внести зміни
 editor.add_tmpl=Додати «<%s>»
 editor.commit_message_desc=Додати необов’язковий розширений опис…
 editor.signoff_desc=Додати повідомленню в журналі комітів рядок Signed-off-by від свого імені.
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 13fd65a128..a391412199 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -5,27 +5,27 @@ explore=探索
 help=帮助
 logo=徽标
 sign_in=登录
-sign_in_with_provider=使用 %s 登录
+sign_in_with_provider=使用%s登录
 sign_in_or=或
 sign_out=登出
 sign_up=注册
 link_account=链接账号
 register=注册
 version=当前版本
-powered_by=由 %s 提供支持
+powered_by=由%s提供支持
 page=页面
 template=模板
 language=语言选项
 notifications=通知
 active_stopwatch=活跃时间跟踪器
 tracked_time_summary=议题列表过滤器的跟踪时间摘要
-create_new=创建…
-user_profile_and_more=个人信息与设置…
+create_new=创建……
+user_profile_and_more=个人信息与设置……
 signed_in_as=已登录
-enable_javascript=此网站需要 JavaScript。
+enable_javascript=此网站需要JavaScript。
 toc=目录
 licenses=许可证
-return_to_forgejo=返回 Forgejo
+return_to_forgejo=返回Forgejo
 
 username=用户名
 email=电子邮件地址
@@ -39,12 +39,12 @@ passcode=验证码
 
 webauthn_insert_key=插入安全密钥
 webauthn_sign_in=按下安全密钥上的按钮。如果安全密钥没有按钮，请重新插入它。
-webauthn_press_button=请按下安全密钥上的按钮…
+webauthn_press_button=请按下安全密钥上的按钮……
 webauthn_use_twofa=使用来自手机中的两步验证码
 webauthn_error=无法读取安全密钥。
-webauthn_unsupported_browser=你的浏览器目前不支持 WebAuthn。
+webauthn_unsupported_browser=你的浏览器目前不支持WebAuthn。
 webauthn_error_unknown=发生未知错误。请重试。
-webauthn_error_insecure=WebAuthn 仅支持安全连接。如果要在 HTTP 协议上进行测试，请使用 "localhost" 或 "127.0.0.1" 作为访问来源
+webauthn_error_insecure=WebAuthn仅支持安全连接。如果要在HTTP协议上进行测试，请使用"localhost"或"127.0.0.1"作为访问来源
 webauthn_error_unable_to_process=服务器无法处理您的请求。
 webauthn_error_duplicated=此安全密钥未被许可用于这个请求。请确保该密钥尚未注册。
 webauthn_error_empty=您必须为此密钥设置一个名称。
@@ -102,7 +102,7 @@ copy_type_unsupported=无法复制此类型的文件内容
 
 write=撰写
 preview=预览
-loading=正在加载…
+loading=正在加载……
 
 error=错误
 error404=您正在尝试访问的页面<strong>不存在</strong>、<strong>已被移除</strong>或<strong>您无权查看</strong>。
@@ -111,7 +111,7 @@ go_back=返回
 never=从未
 unknown=未知
 
-rss_feed=RSS 订阅源
+rss_feed=RSS订阅源
 
 pin=置顶
 unpin=取消置顶
@@ -168,7 +168,7 @@ footer.software=关于此软件
 footer.links=链接
 
 [heatmap]
-number_of_contributions_in_the_last_12_months=过去的一年内有 %s 次贡献
+number_of_contributions_in_the_last_12_months=过去的一年内有%s次贡献
 contributions_zero=没有贡献
 less=较少
 more=较多
@@ -202,7 +202,7 @@ table_modal.placeholder.content = 内容
 link_modal.header = 添加链接
 link_modal.url = URL
 link_modal.description = 描述
-link_modal.paste_reminder = 提示：您可以将剪贴板中的 URL 直接粘贴到编辑器创建链接。
+link_modal.paste_reminder = 提示：您可以将剪贴板中的URL直接粘贴到编辑器创建链接。
 
 [filter]
 string.asc=A - Z
@@ -210,27 +210,27 @@ string.desc=Z - A
 
 [error]
 occurred=发生了一个错误
-report_message=如果您确定这是一个 Forgejo 的 bug，请在 <a href="%s" target="_blank">Codeberg</a> 上搜索相关问题或在必要时创建一个新议题。
+report_message=如果您确定这是一个Forgejo的bug，请在<a href="%s" target="_blank">Codeberg</a>上搜索相关问题或在必要时创建一个新议题。
 not_found=找不到目标。
 network_error=网络错误
 server_internal = 服务器内部错误
 
 [startpage]
-app_desc=一款极易搭建的自助 Git 服务
+app_desc=一款极易搭建的自助Git服务
 install=易安装
 install_desc=轻松使用<a target="_blank" rel="noopener noreferrer" href="%[1]s">二进制</a>、<a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a>或<a target="_blank" rel="noopener noreferrer" href="%[3]s">安装包</a>来部署。
 platform=跨平台
-platform_desc=已证实可以在 Linux 和 FreeBSD 等自由操作系统以及不同的 CPU 架构上运行 Forgejo。挑一个您喜欢的就行！
+platform_desc=已证实可以在Linux和FreeBSD等自由操作系统以及不同的CPU架构上运行Forgejo。挑一个您喜欢的就行！
 lightweight=轻量级
-lightweight_desc=一个廉价的树莓派的配置足以满足 Forgejo 的最低系统硬件要求。最大程度上节省您的服务器资源！
+lightweight_desc=一个廉价的树莓派的配置足以满足Forgejo的最低系统硬件要求。最大程度上节省您的服务器资源！
 license=开源化
-license_desc=取得 <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>！赶快<a target="_blank" rel="noopener noreferrer" href="%[2]s">加入我们</a>来共同发展这个伟大的项目！还等什么？成为贡献者吧！
+license_desc=取得<a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>！赶快<a target="_blank" rel="noopener noreferrer" href="%[2]s">加入我们</a>来共同发展这个伟大的项目！还等什么？成为贡献者吧！
 
 [install]
 install=安装页面
 title=初始配置
-docker_helper=如果您正在使用 Docker 容器运行 Forgejo，请务必先仔细阅读 <a target="_blank" rel="noopener noreferrer" href="%s">官方文档</a> 后再对本页面进行填写。
-require_db_desc=Forgejo 需要使用 MySQL、PostgreSQL、SQLite3 或 TiDB（MySQL 协议）等数据库。
+docker_helper=如果您正在使用Docker容器运行Forgejo，请务必先仔细阅读<a target="_blank" rel="noopener noreferrer" href="%s">官方文档</a>后再对本页面进行填写。
+require_db_desc=Forgejo需要使用MySQL、PostgreSQL、SQLite3或TiDB（MySQL协议）等数据库。
 db_title=数据库设置
 db_type=数据库类型
 host=数据库主机
@@ -241,13 +241,13 @@ db_schema=架构模式
 db_schema_helper=留空则数据库中默认值为（"public"）。
 ssl_mode=SSL
 path=数据库文件路径
-sqlite_helper=SQLite3 数据库的文件路径。<br>如果以服务的方式运行 Forgejo，请输入绝对路径。
-reinstall_error=您正在尝试安装到一个已经有 Forgejo 数据的数据库中
-reinstall_confirm_message=使用现有的 Forgejo 数据库重新安装可能会导致多个问题。在大多数情况下，你应该使用你现有的 “app.ini” 来运行 Forgejo。如果你知道自己在做什么，请确认以下内容：
-reinstall_confirm_check_1=使用 app.ini 中 SECRET KEY 加密的数据可能会丢失：用户可能无法使用 2FA/OTP 登录，仓库镜像可能无法正常工作。勾选此框，表示您确认当前 app.ini 文件包含正确的 SECRET KEY。
-reinstall_confirm_check_2=代码仓库和设置可能需要重新同步。勾选此框，表示您确认将手动重新同步仓库和 SSH authorized_keys 的钩子。您确认您将确保代码仓库和镜像设置是正确的。
-reinstall_confirm_check_3=你确认你绝对肯定这个 Forgejo 在正确的 app.ini 位置上运行，而且你确定你必须重新安装。你确认你知晓上述风险。
-err_empty_db_path=SQLite 数据库文件路径不能为空。
+sqlite_helper=SQLite3数据库的文件路径。<br>如果以服务的方式运行Forgejo，请输入绝对路径。
+reinstall_error=您正在尝试安装到一个已经有Forgejo数据的数据库中
+reinstall_confirm_message=使用现有的Forgejo数据库重新安装可能会导致多个问题。在大多数情况下，你应该使用你现有的“app.ini”来运行Forgejo。如果你知道自己在做什么，请确认以下内容：
+reinstall_confirm_check_1=使用app.ini中SECRET KEY加密的数据可能会丢失：用户可能无法使用2FA/OTP登录，仓库镜像可能无法正常工作。勾选此框，表示您确认当前app.ini文件包含正确的SECRET KEY。
+reinstall_confirm_check_2=代码仓库和设置可能需要重新同步。勾选此框，表示您确认将手动重新同步仓库和SSH authorized_keys的钩子。您确认您将确保代码仓库和镜像设置是正确的。
+reinstall_confirm_check_3=你确认你绝对肯定这个Forgejo在正确的app.ini位置上运行，而且你确定你必须重新安装。你确认你知晓上述风险。
+err_empty_db_path=SQLite数据库文件路径不能为空。
 no_admin_and_disable_registration=您不能够在未创建管理员账号的情况下禁止注册。
 err_empty_admin_password=管理员密码不能为空。
 err_empty_admin_email=管理员电子邮件不能为空。
@@ -259,46 +259,46 @@ general_title=一般设置
 app_name=站点名称
 app_name_helper=在此处输入您的实例名称。它将显示在所有页面上。
 repo_path=仓库根目录
-repo_path_helper=所有远程 Git 仓库将保存到此目录。
-lfs_path=LFS 根目录
-lfs_path_helper=存储为 Git LFS 的文件将被存储在此目录。留空以禁用 LFS。
+repo_path_helper=所有远程Git仓库将保存到此目录。
+lfs_path=LFS根目录
+lfs_path_helper=存储为Git LFS的文件将被存储在此目录。留空以禁用LFS。
 run_user=要使用的用户身份
-run_user_helper=输入 Forgejo 运行的操作系统用户名。请注意，此用户必须具有对仓库根路径的访问权限。
+run_user_helper=输入Forgejo运行的操作系统用户名。请注意，此用户必须具有对仓库根路径的访问权限。
 domain=服务器域名
 domain_helper=服务器的域名或主机地址。
-ssh_port=SSH 服务器端口
-ssh_port_helper=SSH 服务器的端口号，为空则禁用它。
-http_port=HTTP 服务端口
-http_port_helper=Forgejo Web 服务器将侦听的端口号。
-app_url=基础 URL
-app_url_helper=用于 HTTP(S) 克隆和电子邮件通知的基础 URL。
+ssh_port=SSH服务器端口
+ssh_port_helper=SSH服务器的端口号，为空则禁用它。
+http_port=HTTP服务端口
+http_port_helper=Forgejo Web服务器将侦听的端口号。
+app_url=基础URL
+app_url_helper=用于HTTP(S)克隆和电子邮件通知的基础URL。
 log_root_path=日志路径
 log_root_path_helper=日志文件将写入此目录。
 
 optional_title=可选设置
 email_title=电子邮件设置
-smtp_addr=SMTP 主机地址
-smtp_port=SMTP 端口
+smtp_addr=SMTP主机地址
+smtp_port=SMTP端口
 smtp_from=电子邮件发件人
-smtp_from_helper=Forgejo 使用的电子邮件地址。直接输入邮件地址或使用完整格式："名称" <email@example.com>。
-mailer_user=SMTP 用户名
-mailer_password=SMTP 密码
+smtp_from_helper=Forgejo使用的电子邮件地址。直接输入邮件地址或使用完整格式："名称" <email@example.com>。
+mailer_user=SMTP用户名
+mailer_password=SMTP密码
 register_confirm=需要发电子邮件确认注册
 mail_notify=启用邮件通知提醒
 server_service_title=服务器和第三方服务设置
 offline_mode=启用本地模式
-offline_mode.description=禁用第三方 CDN 并在本地提供所有资源。
-disable_gravatar=禁用 Gravatar 头像
-disable_gravatar.description=禁用 Gravatar 和第三方头像源。除非用户在实例上传头像, 否则将使用默认的头像。
+offline_mode.description=禁用第三方CDN并在本地提供所有资源。
+disable_gravatar=禁用Gravatar头像
+disable_gravatar.description=禁用Gravatar和第三方头像源。除非用户在实例上传头像，否则将使用默认的头像。
 federated_avatar_lookup=启用联邦头像
-federated_avatar_lookup.description=使用 Libravatar 查找头像。
+federated_avatar_lookup.description=使用Libravatar查找头像。
 disable_registration=禁止用户自助注册
 disable_registration.description=只有实例管理员才能创建新的帐户。强烈建议保持注册禁用，除非您打算为所有人托管一个公共实例并准备好处理大量垃圾帐户。
 allow_only_external_registration.description=仅允许使用已配置的外部服务来创建新帐户。
-openid_signin=启用 OpenID 登录
-openid_signin.description=允许用户通过 OpenID 登录。
-openid_signup=启用 OpenID 自助注册
-openid_signup.description=如果启用了自助注册，则允许用户通过 OpenID 创建帐户。
+openid_signin=启用OpenID登录
+openid_signin.description=允许用户通过OpenID登录。
+openid_signup=启用OpenID自助注册
+openid_signup.description=如果启用了自助注册，则允许用户通过OpenID创建帐户。
 enable_captcha=启用注册验证码
 enable_captcha.description=要求用户通过验证码才能创建帐户。
 require_sign_in_view=启用页面访问限制
@@ -310,10 +310,10 @@ admin_password=管理员密码
 confirm_password=确认密码
 admin_email=电子邮件地址
 install_btn_confirm=立即安装
-test_git_failed=无法识别 “git” 命令：%v
-sqlite3_not_available=当前 Forgejo 版本不支持 SQLite3。请从 %s 下载官方构建版（注：请勿下载标有 “gobuild” 的版本）。
+test_git_failed=无法识别“git”命令：%v
+sqlite3_not_available=当前Forgejo版本不支持SQLite3。请从%s下载官方构建版（注：请勿下载标有“gobuild”的版本）。
 invalid_db_setting=数据库设置无效：%v
-invalid_db_table=数据库表 '%s' 无效：%v
+invalid_db_table=数据库表'%s'无效：%v
 invalid_repo_path=仓库根目录设置无效：%v
 invalid_app_data_path=应用数据路径无效：%v
 run_user_not_match=运行用户名不是当前的用户名：%s -> %s
@@ -329,15 +329,15 @@ default_allow_create_organization.description=默认允许新用户创建组织
 default_enable_timetracking=默认情况下启用时间跟踪
 default_enable_timetracking.description=默认允许新仓库使用时间跟踪功能。
 no_reply_address=隐藏的电子邮件域名
-no_reply_address_helper=用于设置隐藏电子邮件地址的用户使用的电子邮件域名。例如，如果用于隐藏电子邮件地址的域名设为“noreply.example.org”，则用户名 “joe” 在 Git 中将以 “joe@noreply.example.org” 表示。
+no_reply_address_helper=用于设置隐藏电子邮件地址的用户使用的电子邮件域名。例如，如果用于隐藏电子邮件地址的域名设为“noreply.example.org”，则用户名“joe”在Git中将以“joe@noreply.example.org”表示。
 password_algorithm=密码哈希算法
 invalid_password_algorithm=无效的密码哈希算法
-password_algorithm_helper=设置密码散列算法。算法有不同的要求和强度。 argon2 算法相当安全，但使用大量内存，因此可能不适合小型系统。
+password_algorithm_helper=设置密码散列算法。算法有不同的要求和强度。argon2算法相当安全，但使用大量内存，因此可能不适合小型系统。
 enable_update_checker=启用更新检查
 env_config_keys=环境配置
 env_config_keys_prompt=以下环境变量也将应用于您的配置文件：
 allow_dots_in_usernames = 允许用户在用户名中使用英文句号。不影响已有的帐户。
-enable_update_checker_helper_forgejo = 通过检查 release.forgejo.org 上的 DNS TXT 记录，定期检查 Forgejo 的新版本。
+enable_update_checker_helper_forgejo = 通过检查release.forgejo.org上的DNS TXT记录，定期检查Forgejo的新版本。
 smtp_from_invalid = 电子邮件发件人地址无效
 config_location_hint = 这些配置项将被保存在：
 allow_only_external_registration = 仅允许通过外部服务注册
@@ -349,10 +349,10 @@ uname_holder=用户名或电子邮件地址
 switch_dashboard_context=切换控制面板用户
 my_repos=仓库列表
 my_orgs=我的组织
-view_home=访问 %s
+view_home=访问%s
 filter=其他过滤器
 filter_by_team_repositories=按团队仓库筛选
-feed_of=`"%s"的源`
+feed_of="%s"的源
 
 show_archived=已存档
 show_both_archived_unarchived=显示已存档和未存档的
@@ -372,7 +372,7 @@ users=用户
 organizations=组织
 go_to=转到
 code=代码
-code_last_indexed_at=最后索引于 %s
+code_last_indexed_at=最后索引于%s
 relevant_repositories_tooltip=派生的、缺少主题、图标和描述的仓库已被隐藏。
 relevant_repositories=只显示相关的仓库，<a href="%s">显示未过滤结果</a>。
 
@@ -385,26 +385,26 @@ remember_me=记住此设备
 forgot_password_title=忘记密码
 forgot_password=忘记密码？
 sign_up_successful=帐户创建成功。欢迎！
-confirmation_mail_sent_prompt=新的确认邮件已发送至 <b>%s</b>。请检查您的收件箱并在接下来的 %s 内点击提供的链接以完成注册过程。如果电子邮件不正确，您可以登录并请求将另一封确认邮件发送到其他地址。
+confirmation_mail_sent_prompt=新的确认邮件已发送至<b>%s</b>。请检查您的收件箱并在接下来的%s内点击提供的链接以完成注册过程。如果电子邮件不正确，您可以登录并请求将另一封确认邮件发送到其他地址。
 must_change_password=更新您的密码
 allow_password_change=要求用户更改密码（推荐）
-reset_password_mail_sent_prompt=确认邮件已发送至 <b>%s</b>。请检查您的收件箱并在接下来的 %s 内点击提供的链接以完成账号恢复过程。
+reset_password_mail_sent_prompt=确认邮件已发送至<b>%s</b>。请检查您的收件箱并在接下来的%s内点击提供的链接以完成账号恢复过程。
 active_your_account=激活您的帐户
 account_activated=帐户已激活
 prohibit_login=账号已暂停
 prohibit_login_desc=您的账号已暂停与实例交互。请与实例管理员联系以重新获得访问权限。
-resent_limit_prompt=您请求发送激活邮件过于频繁，请等待 3 分钟后再试。
-has_unconfirmed_mail=%s 您好，系统检测到您有一封发送至 <b>%s</b> 但未被确认的邮件。如果您未收到激活邮件，或需要重新发送，请单击下方的按钮。
+resent_limit_prompt=您请求发送激活邮件过于频繁，请等待3分钟后再试。
+has_unconfirmed_mail=%s您好，系统检测到您有一封发送至<b>%s</b>但未被确认的邮件。如果您未收到激活邮件，或需要重新发送，请单击下方的按钮。
 resend_mail=单击此处重新发送确认邮件
 send_reset_mail=发送恢复邮件
 reset_password=账户恢复
 invalid_code=此确认密钥无效或已过期。
-invalid_code_forgot_password=你的确认码无效或者已过期，点击 <a href="%s">这里</a> 开始新的会话。
+invalid_code_forgot_password=你的确认码无效或者已过期，点击<a href="%s">这里</a>开始新的会话。
 invalid_password=您的密码与用于创建账户的密码不匹配。
 reset_password_helper=恢复账户
-reset_password_wrong_user=您以 %s 登录，但恢复账号链接适用于 %s
-password_too_short=密码长度不能少于 %d 位。
-non_local_account=非本地帐户不能通过 Forgejo 的 web 界面更改密码。
+reset_password_wrong_user=您以%s登录，但恢复账号链接适用于%s
+password_too_short=密码长度不能少于%d位。
+non_local_account=非本地帐户不能通过Forgejo的web界面更改密码。
 verify=验证
 scratch_code=验证口令
 use_scratch_code=使用验证口令
@@ -423,110 +423,110 @@ oauth.signin.error.access_denied=授权请求被拒绝。
 oauth.signin.error.temporarily_unavailable=授权失败，因为认证服务器暂时不可用。请稍后再试。
 openid_connect_submit=连接
 openid_connect_title=连接到现有的帐户
-openid_connect_desc=所选的 OpenID URI 未知。在这里关联一个新帐户。
+openid_connect_desc=所选的OpenID URI未知。在这里关联一个新帐户。
 openid_register_title=创建新帐户
-openid_register_desc=所选的 OpenID URI 未知。在这里关联一个新帐户。
-openid_signin_desc=输入您的 OpenID 地址。例如：alice.openid.example.org 或 https://openid.example.org/alice.
-disable_forgot_password_mail=由于未设置电子邮件，帐户恢复被禁用。 请联系您的站点管理员。
-disable_forgot_password_mail_admin=帐户恢复仅在设置电子邮件后可用。 请设置电子邮件以启用帐户恢复。
+openid_register_desc=所选的OpenID URI未知。在这里关联一个新帐户。
+openid_signin_desc=输入您的OpenID地址。例如：alice.openid.example.org或https://openid.example.org/alice。
+disable_forgot_password_mail=由于未设置电子邮件，帐户恢复被禁用。请联系您的站点管理员。
+disable_forgot_password_mail_admin=帐户恢复仅在设置电子邮件后可用。请设置电子邮件以启用帐户恢复。
 email_domain_blacklisted=您不能使用您的电子邮件地址注册。
 authorize_application=授权应用
-authorize_redirect_notice=如果您授权此应用，您将会被重定向到 %s。
-authorize_application_created_by=此应用由 %s 创建。
+authorize_redirect_notice=如果您授权此应用，您将会被重定向到%s。
+authorize_application_created_by=此应用由%s创建。
 authorize_application_description=如果您允许，它将能够读取和修改您的所有帐户信息，包括私人仓库和组织。
-authorize_title=授权 "%s" 访问您的帐户？
+authorize_title=授权"%s"访问您的帐户？
 authorization_failed=授权失败
 authorization_failed_desc=因为检测到无效请求，授权失败。请尝试联系您授权应用的管理员。
-password_pwned=此密码出现在 <a target="_blank" rel="noopener noreferrer" href="%s">被盗密码</a> 列表上并且曾经被公开。 请使用另一个密码再试一次。
-password_pwned_err=无法完成对 HaveIBeenPwned 的请求
+password_pwned=此密码出现在<a target="_blank" rel="noopener noreferrer" href="%s">被盗密码</a>列表上并且曾经被公开。请使用另一个密码再试一次。
+password_pwned_err=无法完成对HaveIBeenPwned的请求
 last_admin=您不能删除最后一个管理员。必须至少保留一个管理员。
 change_unconfirmed_email = 如果您在注册时提供了错误的邮箱地址，您可以在下方修改，激活邮件会发送到修改后的邮箱地址。
 change_unconfirmed_email_summary = 更改接收激活邮件的电子邮件地址。
 change_unconfirmed_email_error = 无法更改电子邮件地址：%v
 hint_login = 已经有账户了吗？<a href="%s">立即登录！</a>
 back_to_sign_in = 返回登录
-sign_in_openid = 继续使用 OpenID
+sign_in_openid = 继续使用OpenID
 sign_up_button = 立即注册。
 hint_register = 需要账号？<a href="%s">立即注册。</a>
-unauthorized_credentials = 凭据不正确或已过期。请重试您的命令，或查看 %s 以获取更多信息
+unauthorized_credentials = 凭据不正确或已过期。请重试您的命令，或查看%s以获取更多信息
 use_onetime_code = 使用一次性代码
 
 [mail]
-view_it_on=在 %s 上查看
+view_it_on=在%s上查看
 reply=或直接回复此邮件
 link_not_working_do_paste=链接点不了？尝试复制并粘贴到您的浏览器。
-hi_user_x=<b>%s</b> 您好，
+hi_user_x=<b>%s</b>您好，
 
 activate_account=请激活您的帐户
-activate_account.text_1=<b>%[1]s</b> 您好，感谢注册 %[2]s ！
-activate_account.text_2=请在 <b>%s</b> 时间内，点击以下链接激活您的账户：
+activate_account.text_1=<b>%[1]s</b>您好，感谢注册%[2]s！
+activate_account.text_2=请在<b>%s</b>时间内，点击以下链接激活您的账户：
 
 activate_email=请验证您的邮箱地址
-activate_email.text=请在 <b>%s</b> 时间内，点击以下链接，以验证你的电子邮件地址：
+activate_email.text=请在<b>%s</b>时间内，点击以下链接，以验证你的电子邮件地址：
 
-register_notify=欢迎来到 %s
-register_notify.text_1=这是您的 %s 注册确认电子邮件 ！
-register_notify.text_2=您现在可以以用户名 %s 登录
-register_notify.text_3=如果此账户是别人为您创建的，请先 <a href="%s">设置您的密码</a>。
+register_notify=欢迎来到%s
+register_notify.text_1=这是您的%s注册确认电子邮件！
+register_notify.text_2=您现在可以以用户名%s登录
+register_notify.text_3=如果此账户是别人为您创建的，请先<a href="%s">设置您的密码</a>。
 
 reset_password=恢复您的账户
-reset_password.text=如果此请求是您本人作出的，则请在 <b>%s</b> 时间内，点击以下链接，恢复你的账户：
+reset_password.text=如果此请求是您本人作出的，则请在<b>%s</b>时间内，点击以下链接，恢复你的账户：
 
 register_success=注册成功
 
-issue_assigned.pull=@%[1]s 已将仓库 %[3]s 中的合并请求 %[2]s 指派给您。
-issue_assigned.issue=@%[1]s 已将仓库 %[3]s 中的议题 %[2]s 指派给您。
+issue_assigned.pull=@%[1]s已将仓库%[3]s中的合并请求%[2]s指派给您。
+issue_assigned.issue=@%[1]s已将仓库%[3]s中的议题%[2]s指派给您。
 
-issue.x_mentioned_you=<b>@%s</b> 提到了您：
-issue.action.force_push=<b>%[1]s</b> 强制从 %[3]s 推送 <b>%[2]s</b> 至 [4]s。
-issue.action.push_1=<b>@%[1]s</b> 推送了 %[3]d 个提交到 %[2]s
-issue.action.push_n=<b>@%[1]s</b> 推送了 %[3]d 个提交到 %[2]s
-issue.action.close=<b>@%[1]s</b> 关闭了 #%[2]d.
-issue.action.reopen=<b>@%[1]s</b> 重新打开了 #%[2]d.
-issue.action.merge=<b>@%[1]s</b> 将 #%[2]d 合并到 #%[3]s。
-issue.action.approve=<b>@%[1]s</b> 批准了此合并请求。
-issue.action.reject=<b>@%[1]s</b> 请求更改此合并请求。
-issue.action.review=<b>@%[1]s</b> 评论了这个合并请求。
-issue.action.review_dismissed=<b>@%[1]s</b> 取消了 %[2]s 对此合并请求的上一个评审。
-issue.action.ready_for_review=<b>@%[1]s</b> 标记了此合并请求为已准备好接受评审。
-issue.action.new=<b>@%[1]s</b> 创建了 #%[2]d.
-issue.in_tree_path=在 %s 中：
+issue.x_mentioned_you=<b>@%s</b>提到了您：
+issue.action.force_push=<b>%[1]s</b>强制从%[3]s推送<b>%[2]s</b>至[4]s。
+issue.action.push_1=<b>@%[1]s</b>推送了%[3]d个提交到%[2]s
+issue.action.push_n=<b>@%[1]s</b>推送了%[3]d个提交到%[2]s
+issue.action.close=<b>@%[1]s</b>关闭了#%[2]d。
+issue.action.reopen=<b>@%[1]s</b>重新打开了#%[2]d。
+issue.action.merge=<b>@%[1]s</b>将#%[2]d合并到#%[3]s。
+issue.action.approve=<b>@%[1]s</b>批准了此合并请求。
+issue.action.reject=<b>@%[1]s</b>请求更改此合并请求。
+issue.action.review=<b>@%[1]s</b>评论了这个合并请求。
+issue.action.review_dismissed=<b>@%[1]s</b>取消了%[2]s对此合并请求的上一个评审。
+issue.action.ready_for_review=<b>@%[1]s</b>标记了此合并请求为已准备好接受评审。
+issue.action.new=<b>@%[1]s</b>创建了#%[2]d。
+issue.in_tree_path=在%s中：
 
-release.new.subject=%[2]s 中的 %[1]s 发布了
-release.new.text=<b>@%[1]s</b> 于 %[3]s 发布了 %[2]s
+release.new.subject=%[2]s中的%[1]s发布了
+release.new.text=<b>@%[1]s</b>于%[3]s发布了%[2]s
 release.title=标题：%s
 release.note=注释：
 release.downloads=下载：
 release.download.zip=源代码（ZIP）
 release.download.targz=源代码（TAR.GZ）
 
-repo.transfer.subject_to=%s 想要将 "%s" 仓库转让给 %s
-repo.transfer.subject_to_you=%s 想要将 "%s" 仓库转让给你
+repo.transfer.subject_to=%s想要将"%s"仓库转让给%s
+repo.transfer.subject_to_you=%s想要将"%s"仓库转让给你
 repo.transfer.to_you=你
-repo.transfer.body=访问 %s 以接受或拒绝转移，亦可忽略此邮件。
+repo.transfer.body=访问%s以接受或拒绝转移，亦可忽略此邮件。
 
-repo.collaborator.added.subject=%s 已将你作为协作者添加到 %s
+repo.collaborator.added.subject=%s已将你作为协作者添加到%s
 repo.collaborator.added.text=您已被添加为代码库的协作者：
 
-team_invite.subject=%[1]s 邀请您加入组织 %[2]s
-team_invite.text_1=%[1]s 邀请您加入组织 %[3]s 中的团队 %[2]s。
+team_invite.subject=%[1]s邀请您加入组织%[2]s
+team_invite.text_1=%[1]s邀请您加入组织%[3]s中的团队%[2]s。
 team_invite.text_2=请点击下面的链接加入团队：
-team_invite.text_3=注意：这是发送给 %[1]s 的邀请。如果您未曾收到过此类邀请，请忽略这封电子邮件。
-admin.new_user.subject = 新用户 %s 刚刚完成注册
+team_invite.text_3=注意：这是发送给%[1]s的邀请。如果您未曾收到过此类邀请，请忽略这封电子邮件。
+admin.new_user.subject = 新用户%s刚刚完成注册
 admin.new_user.user_info = 用户信息
-admin.new_user.text = 请 <a href="%s">点击这里</a> 以在管理员面板中管理此用户。
-removed_security_key.no_2fa = 不再配置其他 2FA 方法，这意味着不再需要使用 2FA 登录您的账号。
+admin.new_user.text = 请<a href="%s">点击这里</a>以在管理员面板中管理此用户。
+removed_security_key.no_2fa = 不再配置其他2FA方法，这意味着不再需要使用2FA登录您的账号。
 account_security_caution.text_2 = 如果这不是您本人所为，则您的账号已盗用。请联系本网站管理员。
-totp_enrolled.text_1.no_webauthn = 您刚刚为您的账号启用了 TOTP。这意味着，在将来登录您的账号必须使用 TOTP 作为 2FA 方法。
-totp_enrolled.subject = 您已将 TOTP 激活为 2FA 方法
-totp_enrolled.text_1.has_webauthn = 您刚刚为您的账号启用了 TOTP。这意味着，在将来登录您的账号，您可以使用 TOTP 作为 2FA 方法或您使用的任何安全密钥。
+totp_enrolled.text_1.no_webauthn = 您刚刚为您的账号启用了TOTP。这意味着，在将来登录您的账号必须使用TOTP作为2FA方法。
+totp_enrolled.subject = 您已将TOTP激活为2FA方法
+totp_enrolled.text_1.has_webauthn = 您刚刚为您的账号启用了TOTP。这意味着，在将来登录您的账号，您可以使用TOTP作为2FA方法或您使用的任何安全密钥。
 password_change.text_1 = 您的账号密码刚刚更改。
 primary_mail_change.subject = 您的主要邮件地址已更改
-primary_mail_change.text_1 = 您账号的主要邮件地址刚刚更改为 %[1]s。这意味着此电子邮件地址将不再收到您账号的电子邮件通知。
-totp_disabled.subject = TOTP 已禁用
+primary_mail_change.text_1 = 您账号的主要邮件地址刚刚更改为%[1]s。这意味着此电子邮件地址将不再收到您账号的电子邮件通知。
+totp_disabled.subject = TOTP已禁用
 totp_disabled.text_1 = 您账号上的基于时间的一次性密码（TOTP）刚刚禁用。
 password_change.subject = 您的密码已更改
-totp_disabled.no_2fa = 不再配置其他 2FA 方法，这意味着不再需要使用 2FA 登录您的账号。
+totp_disabled.no_2fa = 不再配置其他2FA方法，这意味着不再需要使用2FA登录您的账号。
 removed_security_key.subject = 安全密钥已移除
 removed_security_key.text_1 = 安全密钥“%[1]s”刚刚从您的账号中移除。
 account_security_caution.text_1 = 如果这是您，那么您可以放心地忽略这封邮件。
@@ -556,20 +556,20 @@ CommitChoice=提交选择
 TreeName=文件路径
 Content=内容
 
-require_error=` 不能为空。`
-alpha_dash_error=` 应只包含字母数字、破折号（“-”）和下划线（“_”）字符。`
-alpha_dash_dot_error=` 应该只包含半角字母、数字、连接号（“-”）、下划线（“_”）和半角句号（“.”）。`
-git_ref_name_error=` 必须是格式正确的 Git 引用名称。`
-size_error=`长度必须为 %s。`
-min_size_error=`长度最小为 %s 个字符。`
-max_size_error=`长度最大为 %s 个字符。`
-email_error=`不是一个有效的邮箱地址。`
-url_error=`'%s' 不是一个有效的 URL。`
-include_error=`必须包含子字符串 "%s"。`
-glob_pattern_error=`匹配模式无效：%s.`
-regex_pattern_error=`正则表达式无效：%s.`
-username_error=` 只允许包含字母数字字符（“0-9”、“a-z”、“A-Z”）、破折号（“-”）、下划线（“_”）和点（“.”）。不能以非字母数字字符开头或结尾，并且不允许连续的非字母数字字符。`
-invalid_group_team_map_error=`映射无效：%s`
+require_error=不能为空。
+alpha_dash_error=应只包含字母数字、破折号（“-”）和下划线（“_”）字符。
+alpha_dash_dot_error=应该只包含半角字母、数字、连接号（“-”）、下划线（“_”）和半角句号（“.”）。
+git_ref_name_error=必须是格式正确的Git引用名称。
+size_error=长度必须为%s。
+min_size_error=长度最小为%s个字符。
+max_size_error=长度最大为%s个字符。
+email_error=不是一个有效的邮箱地址。
+url_error='%s'不是一个有效的URL。
+include_error=必须包含子字符串"%s"。
+glob_pattern_error=匹配模式无效：%s。
+regex_pattern_error=正则表达式无效：%s。
+username_error=只允许包含字母数字字符（“0-9”、“a-z”、“A-Z”）、破折号（“-”）、下划线（“_”）和点（“.”）。不能以非字母数字字符开头或结尾，并且不允许连续的非字母数字字符。
+invalid_group_team_map_error=映射无效：%s
 unknown_error=未知错误：
 captcha_incorrect=验证码不正确。
 password_not_match=密码不匹配。
@@ -590,9 +590,9 @@ team_name_been_taken=团队名称已被使用。
 team_no_units_error=至少选择一项仓库单元。
 email_been_used=该电子邮件地址已在使用中。
 email_invalid=此邮箱地址无效。
-openid_been_used=OpenID 地址 "%s" 已被使用。
+openid_been_used=OpenID地址"%s"已被使用。
 username_password_incorrect=用户名或密码不正确。
-password_complexity=密码未达到复杂程度要求:
+password_complexity=密码未达到复杂程度要求：
 password_lowercase_one=至少一个小写字符
 password_uppercase_one=至少一个大写字符
 password_digit_one=至少一个数字
@@ -606,13 +606,13 @@ team_not_exist=团队不存在。
 last_org_owner=您不能从“所有者”团队中删除最后一个用户。组织中必须至少有一个所有者。
 cannot_add_org_to_team=组织不能被加入到团队中。
 duplicate_invite_to_team=此用户已被邀请为团队成员。
-organization_leave_success=您已成功离开组织 %s。
+organization_leave_success=您已成功离开组织%s。
 
-invalid_ssh_key=无法验证您的 SSH 密钥：%s
-invalid_gpg_key=无法验证您的 GPG 密钥：%s
+invalid_ssh_key=无法验证您的SSH密钥：%s
+invalid_gpg_key=无法验证您的GPG密钥：%s
 invalid_ssh_principal=无效的规则：%s
 must_use_public_key=您提供的密钥是私钥。不要在任何地方上传您的私钥，请改用您的公钥。
-unable_verify_ssh_key=无法验证 SSH 公钥，请仔细检查是否有错误。
+unable_verify_ssh_key=无法验证SSH公钥，请仔细检查是否有错误。
 auth_failed=授权验证失败：%v
 
 still_own_repo=此帐户仍拥有至少一个仓库，您需要先删除或转移它们。
@@ -622,7 +622,7 @@ org_still_own_repo=该组织下仍有仓库，请先删除或转移它们。
 org_still_own_packages=该组织下仍有软件包，请先删除它们。
 
 target_branch_not_exist=目标分支不存在。
-username_error_no_dots = ` 只能包含英文字母与数字（“0-9”、“a-z”、“A-Z”）、横杠（“-”） 与下划线（“_”）。 开头与结尾的字符只能使用英文字母或数字，且不能包含连续的非字母非数字字符。`
+username_error_no_dots = 只能包含英文字母与数字（“0-9”、“a-z”、“A-Z”）、横杠（“-”）与下划线（“_”）。开头与结尾的字符只能使用英文字母或数字，且不能包含连续的非字母非数字字符。
 admin_cannot_delete_self=当您是管理员时，您不能删除自己。请先移除您的管理员权限。
 unsupported_login_type = 该账号使用的登录方式不支持删除此账户。
 unset_password = 当前登录用户尚未设置密码。
@@ -635,21 +635,21 @@ AccessToken = 访问令牌
 Description = 描述
 Pronouns = 代称
 Biography = 简介
-username_claiming_cooldown = 用户名不能被认领，因为其仍处于保护期。其可以在 %[1]s 后被认领。
-email_domain_is_not_allowed = 用户电子邮件地址的域名 <b>%s</b> 与 EMAIL_DOMAIN_ALLOWLIST 或 EMAIL_DOMAIN_BLOCKLIST 冲突。请确保您正确设置了电子邮件地址。
+username_claiming_cooldown = 用户名不能被认领，因为其仍处于保护期。其可以在%[1]s后被认领。
+email_domain_is_not_allowed = 用户电子邮件地址的域名<b>%s</b>与EMAIL_DOMAIN_ALLOWLIST或EMAIL_DOMAIN_BLOCKLIST冲突。请确保您正确设置了电子邮件地址。
 
 [user]
-change_avatar=修改头像…
-joined_on=加入于 %s
+change_avatar=修改头像……
+joined_on=加入于%s
 repositories=仓库列表
 activity=公开活动
-followers_few=%d 位关注者
+followers_few=%d位关注者
 starred=已点赞
 watched=已关注仓库
 code=代码
 projects=项目
 overview=概览
-following_few=%d 关注
+following_few=%d关注
 follow=关注
 unfollow=取消关注
 user_bio=简介
@@ -658,9 +658,9 @@ email_visibility.limited=所有已认证用户均可看到您的电子邮件地
 show_on_map=在地图上显示这个位置
 settings=用户设置
 
-form.name_reserved=用户名 "%s" 被保留。
-form.name_pattern_not_allowed=用户名中不允许使用 "%s" 格式。
-form.name_chars_not_allowed=用户名 "%s" 包含无效字符。
+form.name_reserved=用户名"%s"被保留。
+form.name_pattern_not_allowed=用户名中不允许使用"%s"格式。
+form.name_chars_not_allowed=用户名"%s"包含无效字符。
 block_user = 屏蔽用户
 block_user.detail = 请注意，屏蔽用户还有其他影响，例如：
 block_user.detail_1 = 将会停止互相关注对方，也无法再互相关注对方。
@@ -669,8 +669,8 @@ follow_blocked_user = 您不能关注该用户，因为您已屏蔽该用户或
 block = 屏蔽
 unblock = 解除屏蔽
 block_user.detail_3 = 您将无法将彼此添加为仓库协作者。
-followers_one = %d 关注者
-following_one = %d 关注
+followers_one = %d关注者
+following_one = %d关注
 public_activity.visibility_hint.self_public = 您的活动对所有人都是可见的，但在私人空间中的交互除外。<a href="%s">配置</a>。
 public_activity.visibility_hint.admin_public = 此活动对所有人可见，但作为管理员，您还可以看到私人空间中的交互。
 public_activity.visibility_hint.self_private = 您的活动仅对您和实例管理员可见。<a href="%s">配置</a>。
@@ -688,7 +688,7 @@ appearance=外观
 password=修改密码
 security=安全
 avatar=头像设置
-ssh_gpg_keys=SSH / GPG 公钥
+ssh_gpg_keys=SSH / GPG公钥
 applications=应用
 orgs=组织
 repos=仓库列表
@@ -699,7 +699,7 @@ uid=UID
 webauthn=两步验证（安全密钥）
 
 public_profile=公开信息
-biography_placeholder=向他人介绍一下你自己！（支持 Markdown）
+biography_placeholder=向他人介绍一下你自己！（支持Markdown）
 location_placeholder=与他人分享你的大概位置
 profile_desc=关于您
 password_username_disabled=不允许非本地用户更改他们的用户名。更多详情请联系您的系统管理员。
@@ -709,11 +709,11 @@ location=所在地区
 update_theme=更换主题
 update_profile=更新个人资料
 update_language=更改语言
-update_language_not_found=语言 %s 不可用。
+update_language_not_found=语言%s不可用。
 update_language_success=语言已更新。
 update_profile_success=您的个人资料已经更新。
 change_username=您的用户名已更改。
-change_username_prompt=注意：更改您的用户名也更改您的帐户 URL。
+change_username_prompt=注意：更改您的用户名也更改您的帐户URL。
 change_username_redirect_prompt=在其他用户使用您的旧用户名注册前，此旧用户名将会重定向到您的新用户名。
 continue=继续操作
 cancel=取消操作
@@ -721,7 +721,7 @@ language=界面语言
 ui=主题
 hidden_comment_types=隐藏的注释类型
 hidden_comment_types_description=此处选中的注释类型不会显示在议题页面中。例如，勾选“标签”将移除所有“<用户>添加/删除了<标签>”注释。
-hidden_comment_types.ref_tooltip=注释此问题在何处被提及过，如另一个问题、代码提交等…
+hidden_comment_types.ref_tooltip=注释此问题在何处被提及过，如另一个问题、代码提交等……
 hidden_comment_types.issue_ref_tooltip=注释用户在何处更改了与此问题相关联的分支/标签
 comment_type_group_reference=引用
 comment_type_group_label=标签
@@ -746,7 +746,7 @@ choose_new_avatar=选择新的头像
 update_avatar=更新头像
 delete_current_avatar=删除当前头像
 uploaded_avatar_not_a_image=上传的文件不是一张图片。
-uploaded_avatar_is_too_big=上传的文件大小（%d KiB） 超过最大限制（%d KiB）。
+uploaded_avatar_is_too_big=上传的文件大小（%d KiB）超过最大限制（%d KiB）。
 update_avatar_success=您的头像已更新。
 update_user_avatar_success=用户头像已更新。
 
@@ -756,12 +756,12 @@ new_password=新的密码
 retype_new_password=确认新密码
 password_incorrect=当前密码不正确。
 change_password_success=您的密码已更新。从现在开始请使用您的新密码登录。
-password_change_disabled=非本地帐户不能通过 Forgejo 的 web 界面更改密码。
+password_change_disabled=非本地帐户不能通过Forgejo的web界面更改密码。
 
 manage_emails=管理电子邮件地址
 manage_themes=默认主题
-manage_openid=OpenID 地址
-email_desc=您的主要电子邮件地址将用于通知、密码恢复，基于网页界面的 Git 操作（只要它不是设置为隐藏的）。
+manage_openid=OpenID地址
+email_desc=您的主要电子邮件地址将用于通知、密码恢复，基于网页界面的Git操作（只要它不是设置为隐藏的）。
 theme_desc=此主题将在您已登录时被用于网页界面。
 primary=主要
 activated=已激活
@@ -772,104 +772,104 @@ activations_pending=等待激活
 can_not_add_email_activations_pending=有一个待处理的激活请求，请稍等几分钟后再尝试添加新的电子邮件地址。
 delete_email=移除
 email_deletion=移除电子邮件地址
-email_deletion_desc=此电子邮件地址及相关信息将被删除。使用此电子邮件地址的 Git 提交将被保留。继续吗？
+email_deletion_desc=此电子邮件地址及相关信息将被删除。使用此电子邮件地址的Git提交将被保留。继续吗？
 email_deletion_success=您的电子邮件地址已被移除。
 theme_update_success=您的主题已更新。
 theme_update_error=所选主题不存在。
-openid_deletion=移除 OpenID 地址
-openid_deletion_desc=删除此 OpenID 地址将会阻止你使用它进行登录。你确定要继续吗？
-openid_deletion_success=已移除 OpenID 地址。
+openid_deletion=移除OpenID地址
+openid_deletion_desc=删除此OpenID地址将会阻止你使用它进行登录。你确定要继续吗？
+openid_deletion_success=已移除OpenID地址。
 add_new_email=添加电子邮件地址
-add_new_openid=添加新的 OpenID URI
+add_new_openid=添加新的OpenID URI
 add_email=添加电子邮件地址
-add_openid=添加 OpenID URI
-add_email_confirmation_sent=确认邮件已发送至“%s”。请检查您的收件箱并在接下来的 %s 内点击提供的链接以确认您的电子邮件地址。
+add_openid=添加OpenID URI
+add_email_confirmation_sent=确认邮件已发送至“%s”。请检查您的收件箱并在接下来的%s内点击提供的链接以确认您的电子邮件地址。
 add_email_success=新的电子邮件地址已添加。
 email_preference_set_success=电子邮件首选项已成功设置。
-add_openid_success=新的 OpenID 地址已添加。
+add_openid_success=新的OpenID地址已添加。
 keep_email_private=隐藏电子邮件地址
-keep_email_private_popup=电子邮件地址不会显示在个人资料页面上，且不会成为通过网页界面提交的默认地址，例如文件上传、编辑和合并提交。相反，可以使用特殊地址 %s 将提交链接到用户账号。此选项不会影响现有提交。
-openid_desc=OpenID 让你可以将认证转发到外部服务。
+keep_email_private_popup=电子邮件地址不会显示在个人资料页面上，且不会成为通过网页界面提交的默认地址，例如文件上传、编辑和合并提交。相反，可以使用特殊地址%s将提交链接到用户账号。此选项不会影响现有提交。
+openid_desc=OpenID让你可以将认证转发到外部服务。
 
-manage_ssh_keys=管理 SSH 公钥
-manage_ssh_principals=管理 SSH 证书主体
-manage_gpg_keys=管理 GPG 密钥
+manage_ssh_keys=管理SSH公钥
+manage_ssh_principals=管理SSH证书主体
+manage_gpg_keys=管理GPG密钥
 add_key=增加密钥
-ssh_desc=这些 SSH 公钥已经关联到你的账号。相应的私钥拥有完全操作你的仓库的权限，且已验证的 SSH 密钥可以验证 SSH 签名的 Git 提交。
-principal_desc=这些已关联到你的账号的 SSH 证书主体将有你的所有仓库的完全访问权。
-gpg_desc=这些 GPG 公钥已经关联到你的账号，并用于验证您的提交。请妥善保管你的私钥，因为这些私钥可以以你的身份签名提交。
-ssh_helper=<strong>需要帮助？</strong>请查看<a href="%s">如何生成 SSH 密钥</a>或<a href="%s">常见 SSH 问题</a>寻找答案。
-gpg_helper=<strong>需要帮助吗？</strong>建议看一看 GitHub <a href="%s">关于 GPG</a> 的指南。
-key_content_ssh_placeholder=以“ssh-ed25519”、“ssh-rsa”、“ecdsa-sha2-nistp256”、“ecdsa-sha2-nistp384”、“ecdsa-sha2-nistp521”、“sk-ecdsa-sha2-nistp256@openssh.com” 或 “sk-ssh-ed25519@openssh.com” 开头
-key_content_gpg_placeholder=以 “-----BEGIN PGP PUBLIC KEY BLOCK-----” 开头
+ssh_desc=这些SSH公钥已经关联到你的账号。相应的私钥拥有完全操作你的仓库的权限，且已验证的SSH密钥可以验证SSH签名的Git提交。
+principal_desc=这些已关联到你的账号的SSH证书主体将有你的所有仓库的完全访问权。
+gpg_desc=这些GPG公钥已经关联到你的账号，并用于验证您的提交。请妥善保管你的私钥，因为这些私钥可以以你的身份签名提交。
+ssh_helper=<strong>需要帮助？</strong>请查看<a href="%s">如何生成SSH密钥</a>或<a href="%s">常见SSH问题</a>寻找答案。
+gpg_helper=<strong>需要帮助吗？</strong>建议看一看GitHub <a href="%s">关于GPG</a>的指南。
+key_content_ssh_placeholder=以“ssh-ed25519”、“ssh-rsa”、“ecdsa-sha2-nistp256”、“ecdsa-sha2-nistp384”、“ecdsa-sha2-nistp521”、“sk-ecdsa-sha2-nistp256@openssh.com”或“sk-ssh-ed25519@openssh.com”开头
+key_content_gpg_placeholder=以“-----BEGIN PGP PUBLIC KEY BLOCK-----”开头
 add_new_principal=添加规则
-ssh_key_been_used=此 SSH 公钥已被添加到此服务器。
-ssh_key_name_used=使用相同名称的 SSH 公钥已存在。
+ssh_key_been_used=此SSH公钥已被添加到此服务器。
+ssh_key_name_used=使用相同名称的SSH公钥已存在。
 ssh_principal_been_used=此规则已经加入到了服务器。
-gpg_key_id_used=具有相同 ID 的 GPG 公钥已存在。
-gpg_no_key_email_found=此 GPG 密钥与您帐户关联的任何已激活电子邮件地址均不匹配。如果您在提供的令牌上签名，它仍然可以被添加。
+gpg_key_id_used=具有相同ID的GPG公钥已存在。
+gpg_no_key_email_found=此GPG密钥与您帐户关联的任何已激活电子邮件地址均不匹配。如果您在提供的令牌上签名，它仍然可以被添加。
 gpg_key_matched_identities=匹配的身份：
 gpg_key_matched_identities_long=此密钥中包含的身份信息与下面这个该用户已激活电子邮件地址是相匹配的。因此，能与这些电子邮件地址相匹配的提交可以通过此密钥进行验证。
 gpg_key_verified=已验证的密钥
 gpg_key_verified_long=密钥已经用令牌进行了验证，并且可以用来验证匹配此用户任何已激活电子邮件地址的提交，以及匹配此密钥的任何身份。
 gpg_key_verify=验证
-gpg_invalid_token_signature=提供的 GPG 密钥、签名和令牌不匹配或过期。
+gpg_invalid_token_signature=提供的GPG密钥、签名和令牌不匹配或过期。
 gpg_token_required=您必须为下面的令牌提供签名
 gpg_token=令牌
 gpg_token_help=您可以使用以下方式生成签名：
-gpg_token_signature=GPG 增强签名
-key_signature_gpg_placeholder=以 “-----BEGIN PGP SIGNATURE-----” 开头
-verify_gpg_key_success=GPG 密钥 %s 已被验证。
+gpg_token_signature=GPG增强签名
+key_signature_gpg_placeholder=以“-----BEGIN PGP SIGNATURE-----”开头
+verify_gpg_key_success=GPG密钥%s已被验证。
 ssh_key_verified=已验证的公钥
 ssh_key_verified_long=公钥已由令牌进行了验证，并且可以用来验证匹配此用户任何已激活电子邮件地址的提交。
 ssh_key_verify=验证
-ssh_invalid_token_signature=提供的 SSH 公钥、签名或令牌不匹配或令牌已过期。
+ssh_invalid_token_signature=提供的SSH公钥、签名或令牌不匹配或令牌已过期。
 ssh_token_required=您必须为下面的令牌提供签名
 ssh_token=令牌
 ssh_token_help=您可以使用以下方式生成签名：
-ssh_token_signature=增强 SSH 签名
-key_signature_ssh_placeholder=以 “-----BEGIN SSH SIGNATURE -----” 开头
-verify_ssh_key_success=SSH 公钥 %s 已通过验证。
+ssh_token_signature=增强SSH签名
+key_signature_ssh_placeholder=以“-----BEGIN SSH SIGNATURE -----”开头
+verify_ssh_key_success=SSH公钥%s已通过验证。
 subkeys=子项
-key_id=密钥 ID
+key_id=密钥ID
 key_name=密钥名称
 key_content=密钥内容
 principal_content=内容
-add_key_success=成功添加 SSH 公钥 "%s"。
-add_gpg_key_success=成功添加 GPG 密钥 "%s"。
-add_principal_success=SSH 证书主体 "%s" 添加成功。
+add_key_success=成功添加SSH公钥"%s"。
+add_gpg_key_success=成功添加GPG密钥"%s"。
+add_principal_success=SSH证书主体"%s"添加成功。
 delete_key=删除
-ssh_key_deletion=删除 SSH 公钥
-gpg_key_deletion=删除 GPG 密钥
-ssh_principal_deletion=删除 SSH 证书主体
-ssh_key_deletion_desc=删除 SSH 公钥将取消对应的私钥对您的 Forgejo 帐户的访问权限。继续？
-gpg_key_deletion_desc=删除 GPG 公钥将无法认知使用对应私钥签名的提交，继续？
-ssh_principal_deletion_desc=删除此 SSH 证书主体将吊销其对您账户的访问权限。继续？
-ssh_key_deletion_success=SSH 公钥已被删除。
-gpg_key_deletion_success=GPG 密钥已被删除。
+ssh_key_deletion=删除SSH公钥
+gpg_key_deletion=删除GPG密钥
+ssh_principal_deletion=删除SSH证书主体
+ssh_key_deletion_desc=删除SSH公钥将取消对应的私钥对您的Forgejo帐户的访问权限。继续？
+gpg_key_deletion_desc=删除GPG公钥将无法认知使用对应私钥签名的提交，继续？
+ssh_principal_deletion_desc=删除此SSH证书主体将吊销其对您账户的访问权限。继续？
+ssh_key_deletion_success=SSH公钥已被删除。
+gpg_key_deletion_success=GPG密钥已被删除。
 ssh_principal_deletion_success=此规则删除成功。
-added_on=添加于 %s
-valid_until_date=有效期至 %s
+added_on=添加于%s
+valid_until_date=有效期至%s
 valid_forever=永久有效
 last_used=上次使用在
 no_activity=没有最近活动
 can_read_info=读取
 can_write_info=写入
-key_state_desc=7 天内使用过该密钥
-token_state_desc=7 天内使用过该密钥
-principal_state_desc=7 天内使用过该规则
+key_state_desc=7天内使用过该密钥
+token_state_desc=7天内使用过该密钥
+principal_state_desc=7天内使用过该规则
 show_openid=在个人信息上显示
 hide_openid=在个人信息上隐藏
-ssh_disabled=SSH 已禁用
-ssh_signonly=SSH 目前已被禁用，因此这些公钥仅用于验证提交签名。
-ssh_externally_managed=此 SSH 公钥是由外部服务所管理的
+ssh_disabled=SSH已禁用
+ssh_signonly=SSH目前已被禁用，因此这些公钥仅用于验证提交签名。
+ssh_externally_managed=此SSH公钥是由外部服务所管理的
 manage_access_token=访问令牌
 generate_new_token=生成新的令牌
-tokens_desc=这些令牌拥有通过 Forgejo API 对您的帐户的访问权限。
+tokens_desc=这些令牌拥有通过Forgejo API对您的帐户的访问权限。
 token_name=令牌名称
 generate_token=生成令牌
 generate_token_success=新令牌生成成功。请拷贝因为令牌将只会显示一次。
-generate_token_name_duplicate=<strong>%s</strong> 已被用作应用程序名称。请使用一个新的名称。
+generate_token_name_duplicate=<strong>%s</strong>已被用作应用程序名称。请使用一个新的名称。
 delete_token=删除令牌
 access_token_deletion=删除访问令牌
 access_token_deletion_desc=删除令牌将撤销程序对您账户的访问权限。此操作无法撤消。是否继续？
@@ -881,23 +881,23 @@ select_permissions=选择权限
 permission_no_access=无访问权限
 permission_read=可读
 permission_write=读写
-access_token_desc=所选令牌权限仅限于对应的 <a href="%[1]s" target="_blank">API</a> 路由的授权。阅读 <a href="%[2]s" target="_blank">文档</a> 以获取更多信息。
+access_token_desc=所选令牌权限仅限于对应的<a href="%[1]s" target="_blank">API</a>路由的授权。阅读<a href="%[2]s" target="_blank">文档</a>以获取更多信息。
 at_least_one_permission=你需要选择至少一个权限才能创建令牌
 permissions_list=权限：
 
-manage_oauth2_applications=管理 OAuth2 应用程序
-edit_oauth2_application=编辑 OAuth2 应用程序
+manage_oauth2_applications=管理OAuth2应用程序
+edit_oauth2_application=编辑OAuth2应用程序
 oauth2_applications_desc=OAuth2 应用允许第三方应用程序在此 Forgejo 实例中安全验证用户。
-remove_oauth2_application=删除 OAuth2 应用程序
+remove_oauth2_application=删除OAuth2应用程序
 remove_oauth2_application_desc=删除 OAuth2 应用将撤销所有签名的访问令牌。继续吗？
 remove_oauth2_application_success=该应用已被删除。
-create_oauth2_application=创建新的 OAuth2 应用程序
+create_oauth2_application=创建新的OAuth2应用程序
 create_oauth2_application_button=创建应用
-create_oauth2_application_success=您已成功创建了一个新的 OAuth2 应用。
-update_oauth2_application_success=您已成功更新了此 OAuth2 应用。
+create_oauth2_application_success=您已成功创建了一个新的OAuth2应用。
+update_oauth2_application_success=您已成功更新了此OAuth2应用。
 oauth2_application_name=应用名称
 oauth2_confidential_client=机密客户端。是否是能够维持凭据机密性的应用，比如网页应用程序。如果是本地应用程序请不要勾选，包括桌面和移动端应用。
-oauth2_redirect_uris=重定向 URI。每行一个 URI。
+oauth2_redirect_uris=重定向URI。每行一个URI。
 save_application=保存
 oauth2_client_id=客户端ID
 oauth2_client_secret=客户端密钥
@@ -905,12 +905,12 @@ oauth2_regenerate_secret=重新生成密钥
 oauth2_regenerate_secret_hint=您的密钥已丢失？
 oauth2_client_secret_hint=您离开或刷新此页面后将不会再显示此密钥。请确保您已保存它。
 oauth2_application_edit=编辑
-oauth2_application_create_description=OAuth2 应用允许您的第三方应用程序访问此实例的用户帐户。
-oauth2_application_remove_description=移除 OAuth2 应用将会阻止其访问此实例上的已授权用户账户。是否继续？
-oauth2_application_locked=如果配置启用，Forgejo 预注册一些 OAuth2 应用程序。为了防止意外的行为，这些应用既不能编辑也不能删除。请参阅 OAuth2 文档以获取更多信息。
+oauth2_application_create_description=OAuth2应用允许您的第三方应用程序访问此实例的用户帐户。
+oauth2_application_remove_description=移除OAuth2应用将会阻止其访问此实例上的已授权用户账户。是否继续？
+oauth2_application_locked=如果配置启用，Forgejo预注册一些OAuth2应用程序。为了防止意外的行为，这些应用既不能编辑也不能删除。请参阅OAuth2文档以获取更多信息。
 
-authorized_oauth2_applications=已授权的 OAuth2 应用
-authorized_oauth2_applications_description=您已授予这些第三方应用程序访问您的个人 Forgejo 账户的权限。请撤销那些您不再使用的应用程序的访问权限。
+authorized_oauth2_applications=已授权的OAuth2应用
+authorized_oauth2_applications_description=您已授予这些第三方应用程序访问您的个人Forgejo账户的权限。请撤销那些您不再使用的应用程序的访问权限。
 revoke_key=撤销
 revoke_oauth2_grant=撤销访问权限
 revoke_oauth2_grant_description=确定撤销此三方应用程序的授权，并阻止此应用程序访问您的数据？
@@ -922,20 +922,20 @@ twofa_is_enrolled=你的账号<strong>已启用</strong>了两步验证。
 twofa_not_enrolled=你的账号未开启两步验证。
 twofa_disable=禁用两步验证
 twofa_scratch_token_regenerate=重新生成一次性恢复令牌
-twofa_scratch_token_regenerated=您的临时令牌现在是 %s。将其存放在安全的地方，它将不会再次显示。
+twofa_scratch_token_regenerated=您的临时令牌现在是%s。将其存放在安全的地方，它将不会再次显示。
 twofa_enroll=启用两步验证
-twofa_disable_note=如果需要, 可以禁用双因素身份验证。
+twofa_disable_note=如果需要，可以禁用双因素身份验证。
 twofa_disable_desc=关掉两步验证会使得您的账号不安全，继续执行？
-regenerate_scratch_token_desc=如果您丢失了您的验证口令或已经使用它登录, 您可以在这里重置它。
+regenerate_scratch_token_desc=如果您丢失了您的验证口令或已经使用它登录，您可以在这里重置它。
 twofa_disabled=两步验证已被禁用。
 scan_this_image=使用您的授权应用扫描这张图片：
 or_enter_secret=或者输入密钥：%s
-then_enter_passcode=并输入应用程序中显示的密码:
+then_enter_passcode=并输入应用程序中显示的密码：
 passcode_invalid=密码不正确。再试一次。
 twofa_enrolled=你的账号已经启用了两步验证。请保存初始令牌（%s）到一个安全的地方，此令牌仅当前显示一次。
-twofa_failed_get_secret=获取 secret 失败。
+twofa_failed_get_secret=获取secret失败。
 
-webauthn_desc=安全密钥是包含加密密钥的硬件设备。它们可以用于双因素身份验证。安全密钥必须支持 <a rel="noreferrer" target="_blank" href="%s">WebAuthn 身份验证器</a>标准。
+webauthn_desc=安全密钥是包含加密密钥的硬件设备。它们可以用于双因素身份验证。安全密钥必须支持<a rel="noreferrer" target="_blank" href="%s">WebAuthn身份验证器</a>标准。
 webauthn_register_key=添加安全密钥
 webauthn_nickname=昵称
 webauthn_delete_key=移除安全密钥
@@ -944,20 +944,20 @@ webauthn_key_loss_warning=如果您丢失了您的安全密钥，您将无法访
 webauthn_alternative_tip=您可能想要配置额外的身份验证方法。
 
 manage_account_links=已绑定的账号
-manage_account_links_desc=这些外部帐户已经绑定到您的 Forgejo 帐户。
+manage_account_links_desc=这些外部帐户已经绑定到您的Forgejo帐户。
 link_account=链接账户
 remove_account_link=删除已绑定的账号
-remove_account_link_desc=删除已绑定帐户将吊销其对您的 Forgejo 帐户的访问权限。继续？
+remove_account_link_desc=删除已绑定帐户将吊销其对您的Forgejo帐户的访问权限。继续？
 remove_account_link_success=已取消绑定帐户。
 
-hooks.desc=添加会在您拥有的<strong>所有仓库</strong>上触发的 Web 钩子。
+hooks.desc=添加会在您拥有的<strong>所有仓库</strong>上触发的Web钩子。
 
 orgs_none=您现在还不是任何组织的成员。
 repos_none=你并不拥有任何仓库。
 
 delete_account=删除当前帐户
-delete_prompt=此操作将永久删除您的用户帐户。它 <strong>不能</strong> 被撤消。
-delete_with_all_comments=你的帐户年龄小于 %s。为了避免幽灵评论，所有议题/合并请求的评论都将与它一起被删除。
+delete_prompt=此操作将永久删除您的用户帐户。它<strong>不能</strong>被撤消。
+delete_with_all_comments=你的帐户年龄小于%s。为了避免幽灵评论，所有议题/合并请求的评论都将与它一起被删除。
 confirm_delete_account=确认删除帐户
 delete_account_title=删除当前帐户
 delete_account_desc=确实要永久删除此用户帐户吗？
@@ -977,7 +977,7 @@ visibility.private=私有
 visibility.private_tooltip=仅对您已加入的组织的成员可见
 blocked_users = 已屏蔽的用户
 blocked_users_none = 黑名单中没有用户。
-blocked_since = 自 %s 起被屏蔽
+blocked_since = 自%s起被屏蔽
 user_unblock_success = 已成功取消对该用户的屏蔽。
 user_block_success = 已成功屏蔽该用户。
 change_password = 更改密码
@@ -991,10 +991,10 @@ pronouns_unspecified = 未指定
 language.title = 默认语言
 keep_activity_private.description = 您的<a href="%s">公开活动</a>将仅对您和实例管理员可见。
 language.description = 此语言将保存到您的账号中，并在您登录后用作默认语言。
-language.localization_project = 帮助我们将 Forgejo 翻译成您的语言！<a href="%s">了解更多</a>。
+language.localization_project = 帮助我们将Forgejo翻译成您的语言！<a href="%s">了解更多</a>。
 user_block_yourself = 您不能屏蔽自己。
-change_username_redirect_prompt.with_cooldown.one = 旧用户名将在 %[1]d 天的保护期后对所有人可用。您仍可以在此期间重新认领旧用户名。
-change_username_redirect_prompt.with_cooldown.few = 旧用户名将在 %[1]d 天的保护期后对所有人可用，您仍可以在此期间重新认领旧用户名。
+change_username_redirect_prompt.with_cooldown.one = 旧用户名将在%[1]d天的保护期后对所有人可用。您仍可以在此期间重新认领旧用户名。
+change_username_redirect_prompt.with_cooldown.few = 旧用户名将在%[1]d天的保护期后对所有人可用，您仍可以在此期间重新认领旧用户名。
 keep_pronouns_private = 仅向已认证用户显示代词
 keep_pronouns_private.description = 这将对未登录的访问者隐藏您的代词。
 quota = 配额
@@ -1005,7 +1005,7 @@ quota.rule.no_limit = 无限制
 quota.sizes.all = 全部
 quota.sizes.repos.all = 仓库
 quota.sizes.repos.private = 私有仓库
-quota.sizes.git.all = Git 内容
+quota.sizes.git.all = Git内容
 quota.sizes.git.lfs = Git LFS
 quota.sizes.assets.all = 资源
 quota.sizes.assets.attachments.all = 附件
@@ -1021,7 +1021,7 @@ regenerate_token_success = 已重新生成令牌。使用旧令牌的应用程
 regenerate_token = 重新生成
 access_token_regeneration = 重新生成访问令牌
 access_token_regeneration_desc = 重新生成令牌将撤销使用该令牌的应用程序对您的账号的访问权限。此操作无法撤销。继续？
-ssh_token_help_ssh_agent = 或者，如果您使用的是 SSH 代理（已设置 SSH_AUTH_SOCK 变量）：
+ssh_token_help_ssh_agent = 或者，如果您使用的是SSH代理（已设置SSH_AUTH_SOCK变量）：
 
 [repo]
 new_repo_helper=代码仓库包含了所有的项目文件，包括版本历史记录。已经在其他地方托管了？<a href="%s">迁移仓库</a>。
@@ -1039,33 +1039,33 @@ visibility_description=只有组织所有人或拥有权利的组织成员才能
 visibility_helper=将仓库设为私有
 visibility_helper_forced=站点管理员强制要求新仓库为私有。
 visibility_fork_helper=（修改该值将会影响到所有派生仓库）
-clone_helper=不知道如何克隆？查看<a target="_blank" rel="noopener noreferrer" href="%s">帮助</a> 。
+clone_helper=不知道如何克隆？查看<a target="_blank" rel="noopener noreferrer" href="%s">帮助</a>。
 fork_repo=派生仓库
 fork_from=派生自
-already_forked=你已经派生过 %s
+already_forked=你已经派生过%s
 fork_to_different_account=派生到其他账号
 fork_visibility_helper=无法更改派生仓库的可见性。
 fork_branch=要复制到派生的分支
 all_branches=所有分支
 fork_no_valid_owners=这个代码仓库无法被派生，因为没有有效的所有者。
 use_template=使用此模板
-download_zip=下载 ZIP
-download_tar=下载 TAR.GZ
-download_bundle=下载 BUNDLE
+download_zip=下载ZIP
+download_tar=下载TAR.GZ
+download_bundle=下载BUNDLE
 generate_repo=生成仓库
 generate_from=生成自
 repo_desc=仓库描述
 repo_desc_helper=输入简要描述（可选）
 repo_lang=仓库语言
-repo_gitignore_helper=选择 .gitignore 模板
-repo_gitignore_helper_desc=从常见语言的模板列表中选择忽略跟踪的文件。默认情况下，由开发或构建工具生成的特殊文件都包含在 .gitignore 中。
+repo_gitignore_helper=选择.gitignore模板
+repo_gitignore_helper_desc=从常见语言的模板列表中选择忽略跟踪的文件。默认情况下，由开发或构建工具生成的特殊文件都包含在.gitignore中。
 issue_labels=标签
 issue_labels_helper=选择标签集
 license=授权许可
 license_helper=选择授权许可文件
-license_helper_desc=许可证说明了其他人可以和不可以用您的代码做什么。不确定哪一个适合你的项目？请见 <a target="_blank" rel="noopener noreferrer" href="%s">选择一个许可证</a>。
+license_helper_desc=许可证说明了其他人可以和不可以用您的代码做什么。不确定哪一个适合你的项目？请见<a target="_blank" rel="noopener noreferrer" href="%s">选择一个许可证</a>。
 object_format = 对象格式
-object_format_helper = 仓库的对象格式，一旦设置无法更改。SHA1 的兼容性最强。
+object_format_helper = 仓库的对象格式，一旦设置无法更改。SHA1的兼容性最强。
 readme=自述
 readme_helper=选择自述文件模板
 readme_helper_desc=这是您可以为您的项目撰写完整描述的地方。
@@ -1076,18 +1076,18 @@ default_branch_label=默认
 default_branch_helper=默认分支是用于合并请求和代码提交的基础分支。
 mirror_prune=修剪
 mirror_prune_desc=删除过时的远程跟踪引用
-mirror_interval=镜像间隔（有效的时间单位是 “h"、“m”、“s”）。填 0 禁用自动定期同步。（最短间隔：%s）
+mirror_interval=镜像间隔（有效的时间单位是 “h"、“m”、“s”）。填0禁用自动定期同步。（最短间隔：%s）
 mirror_interval_invalid=镜像间隔无效。
 mirror_sync = 已同步
 mirror_sync_on_commit=推送提交时同步
-mirror_address=从 URL 克隆
+mirror_address=从URL克隆
 mirror_address_desc=在授权框中输入必要的凭据。
-mirror_address_url_invalid=URL 无效。请检查所输入 URL 的所有部分是否都已正确转义。
-mirror_address_protocol_invalid=提供的 URL 无效。只能使用 http(s):// 或 git:// 地址进行镜像操作。
+mirror_address_url_invalid=URL无效。请检查所输入URL的所有部分是否都已正确转义。
+mirror_address_protocol_invalid=提供的URL无效。只能使用http(s)://或git://地址进行镜像操作。
 mirror_lfs=大文件存储（LFS）
-mirror_lfs_desc=镜像 LFS 数据。
-mirror_lfs_endpoint=LFS 网址
-mirror_lfs_endpoint_desc=同步将尝试使用克隆网址来 <a target="_blank" rel="noopener noreferrer" href="%s">确定 LFS 服务器</a>。如果仓库 LFS 数据存储在其他位置，你还可以指定自定义网址。
+mirror_lfs_desc=镜像LFS数据。
+mirror_lfs_endpoint=LFS网址
+mirror_lfs_endpoint_desc=同步将尝试使用克隆网址来<a target="_blank" rel="noopener noreferrer" href="%s">确定LFS服务器</a>。如果仓库LFS数据存储在其他位置，你还可以指定自定义网址。
 mirror_last_synced=上次同步
 mirror_password_placeholder=（未更改）
 mirror_password_blank_placeholder=（未设置）
@@ -1099,28 +1099,28 @@ forks=派生仓库
 reactions_more=再加载 %d
 unit_disabled=站点管理员已禁用此仓库单元。
 language_other=其它
-adopt_search=输入用户名以搜索未被收录的仓库…（留空以查找全部）
+adopt_search=输入用户名以搜索未被收录的仓库……（留空以查找全部）
 adopt_preexisting_label=收录文件
 adopt_preexisting=收录已存在的仓库
-adopt_preexisting_content=从 %s 创建仓库
-adopt_preexisting_success=从 %s 收录仓库成功
+adopt_preexisting_content=从%s创建仓库
+adopt_preexisting_success=从%s收录仓库成功
 delete_preexisting_label=删除
 delete_preexisting=删除已存在的文件
-delete_preexisting_content=删除 %s 中的文件
-delete_preexisting_success=删除 %s 中未收录的文件
-blame_prior=查看此更改前的 blame
-blame.ignore_revs=忽略 <a href="%s">.git-blame-ignore-revs</a> 的修订。点击 <a href="%s">绕过</a> 并查看正常的 Blame 视图。
-blame.ignore_revs.failed=忽略 <a href="%s">.git-blame-ignore-revs</a> 版本失败。
-author_search_tooltip=最多显示 30 位用户
+delete_preexisting_content=删除%s中的文件
+delete_preexisting_success=删除%s中未收录的文件
+blame_prior=查看此更改前的blame
+blame.ignore_revs=忽略<a href="%s">.git-blame-ignore-revs</a>的修订。点击<a href="%s">绕过</a>并查看正常的Blame视图。
+blame.ignore_revs.failed=忽略<a href="%s">.git-blame-ignore-revs</a>版本失败。
+author_search_tooltip=最多显示30位用户
 
 tree_path_not_found_commit=路径%[1]s 在提交 %[2]s 中不存在
 tree_path_not_found_branch=路径 %[1]s 不存在于分支 %[2]s 中
 tree_path_not_found_tag=路径 %[1]s 不存在于标签 %[2]s 中
 
 transfer.accept=接受转移
-transfer.accept_desc=`转移到 "%s"`
+transfer.accept_desc=转移到"%s"
 transfer.reject=拒绝转移
-transfer.reject_desc=`取消转移到 "%s"`
+transfer.reject_desc=取消转移到"%s"
 transfer.no_permission_to_accept=您没有权限接受此转让。
 transfer.no_permission_to_reject=您没有权限拒绝此转让。
 
@@ -1131,10 +1131,10 @@ desc.internal=内部
 desc.archived=已存档
 desc.sha256 = SHA256
 template.items=模板选项
-template.git_content=Git 内容（默认分支）
-template.git_hooks=Git 钩子
-template.git_hooks_tooltip=你目前无法修改或删除被添加过的 Git 钩子。仅当你信任模板仓库时才可以选择此项。
-template.webhooks=Web 钩子
+template.git_content=Git内容（默认分支）
+template.git_hooks=Git钩子
+template.git_hooks_tooltip=你目前无法修改或删除被添加过的Git钩子。仅当你信任模板仓库时才可以选择此项。
+template.webhooks=Web钩子
 template.topics=主题
 template.avatar=头像
 template.issue_labels=议题标签
@@ -1142,20 +1142,20 @@ template.one_item=必须至少选择一个模板项
 template.invalid=必须选择一个模板仓库
 
 archive.title=此仓库已存档。您可以查看文件和克隆仓库，但无法对其状态进行任何更改，例如推送和创建新议题、合并请求或评论。
-archive.title_date=此仓库已于 %s 存档。您可以查看文件或克隆它，但无法对其状态进行任何更改，例如推送和创建新议题、合并请求或评论。
-form.reach_limit_of_creation_1=你已经达到了 %d 仓库的上限。
-form.reach_limit_of_creation_n=你已经达到了 %d 个仓库的上限。
-form.name_reserved=仓库名称 %s 是被保留的。
-form.name_pattern_not_allowed=仓库名称中不允许使用 %s 格式。
+archive.title_date=此仓库已于%s存档。您可以查看文件或克隆它，但无法对其状态进行任何更改，例如推送和创建新议题、合并请求或评论。
+form.reach_limit_of_creation_1=你已经达到了%d仓库的上限。
+form.reach_limit_of_creation_n=你已经达到了%d个仓库的上限。
+form.name_reserved=仓库名称%s是被保留的。
+form.name_pattern_not_allowed=仓库名称中不允许使用%s格式。
 
 need_auth=授权
 migrate_options=迁移选项
 migrate_options_mirror_helper=该仓库将是一个镜像
-migrate_options_lfs=迁移 LFS 文件
-migrate_options_lfs_endpoint.label=LFS 网址
-migrate_options_lfs_endpoint.description=迁移将尝试使用你的 Git remote 来 <a target="_blank" rel="noopener noreferrer" href="%s">确定 LFS 服务器</a>。如果仓库 LFS 数据存储在其他位置，你还可以指定自定义网址。
+migrate_options_lfs=迁移LFS文件
+migrate_options_lfs_endpoint.label=LFS网址
+migrate_options_lfs_endpoint.description=迁移将尝试使用你的Git remote来<a target="_blank" rel="noopener noreferrer" href="%s">确定LFS服务器</a>。如果仓库LFS数据存储在其他位置，你还可以指定自定义网址。
 migrate_options_lfs_endpoint.description.local=支持本地服务器路径。
-migrate_options_lfs_endpoint.placeholder=如果留空，网址将从克隆 URL 中得到
+migrate_options_lfs_endpoint.placeholder=如果留空，网址将从克隆URL中得到
 migrate_items=迁移项目
 migrate_items_wiki=百科
 migrate_items_milestones=里程碑
@@ -1165,24 +1165,24 @@ migrate_items_pullrequests=合并请求
 migrate_items_merge_requests=合并请求
 migrate_items_releases=版本发布
 migrate_repo=迁移仓库
-migrate.clone_address=从 URL 迁移/克隆
-migrate.clone_address_desc=现有仓库的 HTTP(S) 或 Git “clone” URL
-migrate.github_token_desc=您可以在此填写一个或多个以逗号分隔的令牌，以规避 GitHub API 速率限制并加快迁移速度。 警告：滥用此功能可能会违反服务提供商的政策并导致您的帐户被封禁。
+migrate.clone_address=从URL迁移/克隆
+migrate.clone_address_desc=现有仓库的HTTP(S)或Git“clone”URL
+migrate.github_token_desc=您可以在此填写一个或多个以逗号分隔的令牌，以规避GitHub API速率限制并加快迁移速度。警告：滥用此功能可能会违反服务提供商的政策并导致您的帐户被封禁。
 migrate.clone_local_path=或服务器本地路径
 migrate.permission_denied=您没有获得导入本地仓库的权限。
-migrate.permission_denied_blocked=您不能从不允许的主机导入，请询问管理员以检查 ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS 设置。
+migrate.permission_denied_blocked=您不能从不允许的主机导入，请询问管理员以检查ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS设置。
 migrate.invalid_local_path=本地路径不存在或不是一个目录。
-migrate.invalid_lfs_endpoint=LFS 网址无效。
+migrate.invalid_lfs_endpoint=LFS网址无效。
 migrate.failed=迁移失败：%v
 migrate.migrate_items_options=需要访问令牌来迁移额外的内容
-migrated_from=从 <a href="%[1]s">%[2]s</a> 迁移
-migrated_from_fake=从 %[1]s 迁移成功
-migrate.migrate=从 %s 迁移
-migrate.migrating=正在从 <b>%s</b> 迁移…
-migrate.migrating_failed=从 <b>%s</b> 迁移失败。
+migrated_from=从<a href="%[1]s">%[2]s</a>迁移
+migrated_from_fake=从%[1]s迁移成功
+migrate.migrate=从%s迁移
+migrate.migrating=正在从<b>%s</b>迁移……
+migrate.migrating_failed=从<b>%s</b>迁移失败。
 migrate.migrating_failed.error=迁移失败：%s
 migrate.migrating_failed_no_addr=迁移失败。
-migrate.migrating_git=迁移 Git 数据
+migrate.migrating_git=迁移Git数据
 migrate.migrating_topics=正在迁移主题
 migrate.migrating_milestones=正在迁移里程碑
 migrate.migrating_labels=正在迁移标签
@@ -1214,13 +1214,13 @@ cite_this_repo=引用此仓库
 create_new_repo_command=从命令行创建一个新的仓库
 push_exist_repo=从命令行推送已经创建的仓库
 empty_message=这个家伙很懒，什么都没有推送。
-broken_message=无法读取此仓库下的 Git 数据。 联系此实例的管理员或删除此仓库。
+broken_message=无法读取此仓库下的Git数据。联系此实例的管理员或删除此仓库。
 
 code=代码
 code.desc=查看源码、文件、提交和分支。
 branch=分支
 tree=目录树
-clear_ref=`清除当前引用`
+clear_ref=清除当前引用
 filter_branch_and_tag=过滤分支或标签
 find_tag=查找标签
 branches=分支列表
@@ -1230,7 +1230,7 @@ pulls=合并请求
 packages=软件包
 actions=Actions
 labels=标签
-org_labels_desc=组织级别的标签，可以被本组织下的 <strong>所有仓库</strong> 使用
+org_labels_desc=组织级别的标签，可以被本组织下的<strong>所有仓库</strong>使用
 org_labels_desc_manage=管理
 
 milestones=里程碑
@@ -1240,7 +1240,7 @@ release=版本发布
 releases=版本发布
 tag=Git标签
 released_this=发布
-file.title=%s 位于 %s
+file.title=%s位于%s
 file_raw=原始文件
 file_history=历史
 file_view_source=源码模式
@@ -1248,21 +1248,21 @@ file_view_rendered=渲染模式
 file_view_raw=查看原始文件
 file_permalink=永久链接
 file_too_large=文件过大，无法显示。
-invisible_runes_header=`此文件含有不可见的 Unicode 字符`
-invisible_runes_description=`此文件含有人类无法区分的不可见的 Unicode 字符，但可以由计算机进行不同的处理。 如果您是想特意这样的，可以安全地忽略该警告。 使用 Escape 按钮显示他们。`
-ambiguous_runes_header=`此文件含有模棱两可的 Unicode 字符`
-ambiguous_runes_description=`此文件含有可能会与其他字符混淆的 Unicode 字符。 如果您是想特意这样的，可以安全地忽略该警告。 使用 Escape 按钮显示他们。`
-invisible_runes_line=`此行含有不可见的 unicode 字符`
-ambiguous_runes_line=`此行有模棱两可的 unicode 字符`
-ambiguous_character=`%[1]c [U+%04[1]X] 容易和 %[2]c [U+%04[2]X] 混淆`
+invisible_runes_header=此文件含有不可见的Unicode字符
+invisible_runes_description=此文件含有人类无法区分的不可见的Unicode字符，但可以由计算机进行不同的处理。如果您是想特意这样的，可以安全地忽略该警告。使用Escape按钮显示他们。
+ambiguous_runes_header=此文件含有模棱两可的Unicode字符
+ambiguous_runes_description=此文件含有可能会与其他字符混淆的Unicode字符。如果您是想特意这样的，可以安全地忽略该警告。使用Escape按钮显示他们。
+invisible_runes_line=此行含有不可见的unicode字符
+ambiguous_runes_line=此行有模棱两可的unicode字符
+ambiguous_character=%[1]c [U+%04[1]X]容易和%[2]c [U+%04[2]X]混淆
 
 escape_control_characters=转义
 unescape_control_characters=反转义
 file_copy_permalink=复制固定链接
-view_git_blame=查看 Git Blame
-video_not_supported_in_browser=您的浏览器不支持 HTML5 “video” 标签。
-audio_not_supported_in_browser=您的浏览器不支持 HTML5 “audio” 标签。
-stored_lfs=存储到 Git LFS
+view_git_blame=查看Git Blame
+video_not_supported_in_browser=您的浏览器不支持HTML5“video” 标签。
+audio_not_supported_in_browser=您的浏览器不支持HTML5“audio” 标签。
+stored_lfs=存储到Git LFS
 symbolic_link=符号链接
 executable_file=可执行文件
 vendored = Vendored
@@ -1287,7 +1287,7 @@ editor.new_file=新建文件
 editor.upload_file=上传文件
 editor.edit_file=编辑文件
 editor.preview_changes=预览变更
-editor.cannot_edit_lfs_files=无法在 Web 界面中编辑 LFS 文件。
+editor.cannot_edit_lfs_files=无法在Web界面中编辑LFS文件。
 editor.cannot_edit_non_text_files=网页不能编辑二进制文件。
 editor.edit_this_file=编辑文件
 editor.this_file_locked=文件已锁定
@@ -1295,65 +1295,65 @@ editor.must_be_on_a_branch=您必须在某个分支上才能对此文件进行
 editor.fork_before_edit=您必须先派生这个仓库才能对此文件进行修改操作。
 editor.delete_this_file=删除文件
 editor.must_have_write_access=您必须具有写权限才能对此文件进行修改操作。
-editor.file_delete_success=文件 %s 已被删除。
-editor.name_your_file=命名文件…
+editor.file_delete_success=文件%s已被删除。
+editor.name_your_file=命名文件……
 editor.filename_help=通过键入名称后跟半角斜杠（“/”）来添加目录。在输入框的开头退格来删除目录。
 editor.or=或
 editor.cancel_lower=取消
 editor.commit_signed_changes=提交已签名的更改
 editor.commit_changes=提交变更
 editor.add_tmpl=添加 “<%s>”
-editor.add=添加 %s
-editor.update=更新 %s
-editor.delete=删除 %s
+editor.add=添加%s
+editor.update=更新%s
+editor.delete=删除%s
 editor.patch=应用补丁
 editor.patching=打补丁：
-editor.fail_to_apply_patch=无法应用补丁 %s
+editor.fail_to_apply_patch=无法应用补丁%s
 editor.new_patch=新补丁
-editor.commit_message_desc=添加一个可选的扩展描述…
+editor.commit_message_desc=添加一个可选的扩展描述……
 editor.signoff_desc=在提交日志消息末尾添加签署人信息。
-editor.commit_directly_to_this_branch=直接提交至 <strong class="%[2]s">%[1]s</strong> 分支。
-editor.create_new_branch=为此提交创建一个 <strong>新的分支</strong> 并发起合并请求。
-editor.create_new_branch_np=为此提交创建 <strong>新分支</strong>。
+editor.commit_directly_to_this_branch=直接提交至<strong class="%[2]s">%[1]s</strong>分支。
+editor.create_new_branch=为此提交创建一个<strong>新的分支</strong>并发起合并请求。
+editor.create_new_branch_np=为此提交创建<strong>新分支</strong>。
 editor.propose_file_change=提议文件更改
 editor.new_branch_name=为这次提交的新分支命名
-editor.new_branch_name_desc=新的分支名称…
+editor.new_branch_name_desc=新的分支名称……
 editor.cancel=取消
 editor.filename_cannot_be_empty=文件名不能为空。
-editor.filename_is_invalid=文件名 %s 无效。
-editor.branch_does_not_exist=此仓库中不存在名为 %s 的分支。
-editor.branch_already_exists=此仓库已存在名为 %s 的分支。
-editor.directory_is_a_file=%s 已经作为文件名在此仓库中存在。
-editor.file_is_a_symlink=`"%s" 是一个符号链接，无法在 web 编辑器中编辑`
+editor.filename_is_invalid=文件名%s无效。
+editor.branch_does_not_exist=此仓库中不存在名为%s的分支。
+editor.branch_already_exists=此仓库已存在名为%s的分支。
+editor.directory_is_a_file=%s已经作为文件名在此仓库中存在。
+editor.file_is_a_symlink="%s"是一个符号链接，无法在web编辑器中编辑
 editor.filename_is_a_directory=此仓库中已存在名为“%s” 的目录。
-editor.file_editing_no_longer_exists=正在编辑的文件 %s 已不存在。
-editor.file_deleting_no_longer_exists=正在删除的文件 %s 已不存在。
-editor.file_changed_while_editing=文件内容在您打开文件后被更改。<a target="_blank" rel="noopener noreferrer" href="%s">单击此处</a> 查看具体被更改的内容，或者 <strong>再次提交</strong> 覆盖其它在编辑时产生的更改。
-editor.file_already_exists=此仓库已经存在名为 %s 的文件。
+editor.file_editing_no_longer_exists=正在编辑的文件%s已不存在。
+editor.file_deleting_no_longer_exists=正在删除的文件%s已不存在。
+editor.file_changed_while_editing=文件内容在您打开文件后被更改。<a target="_blank" rel="noopener noreferrer" href="%s">单击此处</a>查看具体被更改的内容，或者<strong>再次提交</strong>覆盖其它在编辑时产生的更改。
+editor.file_already_exists=此仓库已经存在名为%s的文件。
 editor.commit_empty_file_header=提交一个空文件
 editor.commit_empty_file_text=您要提交的文件是空的，继续吗？
 editor.no_changes_to_show=没有可以显示的变更。
-editor.fail_to_update_file=更新/创建文件 %s 失败。
+editor.fail_to_update_file=更新/创建文件%s失败。
 editor.fail_to_update_file_summary=错误信息：
-editor.push_rejected_no_message=此修改被服务器拒绝且没有反馈消息。请检查 Git 钩子。
-editor.push_rejected=此修改被服务器拒绝。请检查 Git 钩子。
+editor.push_rejected_no_message=此修改被服务器拒绝且没有反馈消息。请检查Git钩子。
+editor.push_rejected=此修改被服务器拒绝。请检查Git钩子。
 editor.push_rejected_summary=详细拒绝信息：
-editor.add_subdir=添加目录…
-editor.unable_to_upload_files=上传文件至 %s 时发生错误：%v
-editor.upload_file_is_locked=文件 %s 被 %s 锁定。
-editor.upload_files_to_dir=上传文件至 %s
-editor.cannot_commit_to_protected_branch=不可以提交到受保护的分支 %s。
+editor.add_subdir=添加目录……
+editor.unable_to_upload_files=上传文件至%s时发生错误：%v
+editor.upload_file_is_locked=文件%s被%s锁定。
+editor.upload_files_to_dir=上传文件至%s
+editor.cannot_commit_to_protected_branch=不可以提交到受保护的分支%s。
 editor.no_commit_to_branch=无法直接提交分支，因为：
 editor.user_no_push_to_branch=用户不能推送到分支
 editor.require_signed_commit=分支需要签名提交
-editor.cherry_pick=Cherry-pick %s 到：
-editor.revert=将 %s 还原到：
+editor.cherry_pick=Cherry-pick %s到：
+editor.revert=将%s还原到：
 
 commits.desc=浏览代码修改历史。
 commits.commits=次代码提交
-commits.no_commits=没有共同的提交。%s 和 %s 的历史完全不同。
+commits.no_commits=没有共同的提交。%s和%s的历史完全不同。
 commits.nothing_to_compare=这些分支是相同的。
-commits.search.tooltip=您可以在关键词前加上前缀 "author:"、"committer:"、"after:" 或 "before:"，例如 "revert author:Alice before:2019-01-13"。
+commits.search.tooltip=您可以在关键词前加上前缀"author:"、"committer:"、"after:"或"before:"，例如"revert author:Alice before:2019-01-13"。
 commits.search_all=所有分支
 commits.author=作者
 commits.message=备注
@@ -1363,8 +1363,8 @@ commits.newer=更新的提交
 commits.signed_by=签署人
 commits.signed_by_untrusted_user=由未授信的用户签名
 commits.signed_by_untrusted_user_unmatched=由与提交者不匹配的未授信的用户签名
-commits.gpg_key_id=GPG 密钥 ID
-commits.ssh_key_fingerprint=SSH 密钥指纹
+commits.gpg_key_id=GPG密钥ID
+commits.ssh_key_fingerprint=SSH密钥指纹
 commits.view_path=在历史记录中的此处查看
 
 commit.operations=操作
@@ -1373,7 +1373,7 @@ commit.revert-header=还原：%s
 commit.revert-content=选择要还原的分支：
 commit.cherry-pick=拣选
 commit.cherry-pick-header=Cherry-pick：%s
-commit.cherry-pick-content=选择 cherry-pick 的目标分支：
+commit.cherry-pick-content=选择cherry-pick的目标分支：
 
 commitstatus.error=错误
 commitstatus.failure=失败
@@ -1389,17 +1389,17 @@ projects.create=创建项目
 projects.title=标题
 projects.new=创建项目
 projects.new_subheader=在一个地方协调、跟踪和更新您的工作，让项目保持透明并按计划进行。
-projects.create_success=项目 %s 创建成功。
+projects.create_success=项目%s创建成功。
 projects.deletion=删除项目
 projects.deletion_desc=删除项目会从所有相关的议题中移除它。是否继续？
 projects.deletion_success=该项目已被删除。
 projects.edit=编辑项目
 projects.edit_subheader=项目用于组织议题和跟踪进展情况。
 projects.modify=更新项目
-projects.edit_success=项目 %s 更新成功。
+projects.edit_success=项目%s更新成功。
 projects.type.none=无
 projects.type.basic_kanban=基础看板
-projects.type.bug_triage=Bug 分类看板
+projects.type.bug_triage=Bug分类看板
 projects.template.desc=项目模板
 projects.template.desc_helper=选择一个项目模板以开始
 projects.column.edit=编辑列
@@ -1450,7 +1450,7 @@ issues.choose.open_external_link=开启
 issues.choose.blank=默认模板
 issues.choose.blank_about=从默认模板创建一个议题。
 issues.choose.ignore_invalid_templates=已忽略无效模板
-issues.choose.invalid_templates=发现了 %v 个无效模板
+issues.choose.invalid_templates=发现了%v个无效模板
 issues.choose.invalid_config=问题配置包含错误：
 issues.no_ref=未指定分支或标签
 issues.create=创建议题
@@ -1462,29 +1462,29 @@ issues.label_templates.title=加载预定义的标签模板
 issues.label_templates.info=还没有任何标签。您可以使用“创建标签”按钮或者加载预定义的标签集创建标签：
 issues.label_templates.helper=选择标签模板
 issues.label_templates.use=使用标签集
-issues.label_templates.fail_to_load_file=加载标签模板文件 %s 时发生错误：%v
-issues.add_label=于 %[2]s 添加了标签 %[1]s
-issues.add_labels=于 %s 添加 %s 标签
-issues.remove_label=于 %[2]s 删除了标签 %[1]s
-issues.remove_labels=于 %[2]s 删除了标签 %[1]s
-issues.add_remove_labels=于 %[3]s 添加了标签 %[1]s ，删除了标签 %[2]s
-issues.add_milestone_at=`于 %[2]s 添加了里程碑 <b>%[1]s</b>`
-issues.add_project_at=`将此添加到 <b>%s</b> 项目 %s`
-issues.change_milestone_at=`%[3]s 修改了里程碑从 <b>%[1]s</b> 到 <b>%[2]s</b>`
-issues.change_project_at=修改项目从 <b>%s</b> 到 <b>%s</b> %s
-issues.remove_milestone_at=`%[2]s 删除了里程碑 <b>%[1]s</b>`
-issues.remove_project_at=`从 <b>%s</b> 项目 %s 中删除`
+issues.label_templates.fail_to_load_file=加载标签模板文件%s时发生错误：%v
+issues.add_label=于%[2]s添加了标签%[1]s
+issues.add_labels=于%s添加%s标签
+issues.remove_label=于%[2]s删除了标签%[1]s
+issues.remove_labels=于%[2]s删除了标签%[1]s
+issues.add_remove_labels=于%[3]s添加了标签%[1]s，删除了标签%[2]s
+issues.add_milestone_at=于%[2]s添加了里程碑<b>%[1]s</b>
+issues.add_project_at=将此添加到<b>%s</b>项目%s
+issues.change_milestone_at=%[3]s修改了里程碑从<b>%[1]s</b>到<b>%[2]s</b>
+issues.change_project_at=修改项目从<b>%s</b>到<b>%s</b> %s
+issues.remove_milestone_at=%[2]s删除了里程碑<b>%[1]s</b>
+issues.remove_project_at=从<b>%s</b>项目%s中删除
 issues.deleted_milestone=（已删除）
-issues.deleted_project=`（已删除）`
-issues.self_assign_at=`于 %s 指派给自己`
-issues.add_assignee_at=`于 %[2]s 被 <b>%[1]s</b> 指派`
-issues.remove_assignee_at=`<b>%s</b> 取消了指派在 %s`
-issues.remove_self_assignment=`于 %s 取消了指派`
-issues.change_title_at=`于 %[3]s 修改标题 <b><strike>%[1]s</strike></b> 为 <b>%[2]s</b>`
-issues.change_ref_at=`将引用从 <b><strike>%s</strike></b> 更改为了 <b>%s</b> %s`
-issues.remove_ref_at=`删除了引用 <b>%s</b> %s`
-issues.add_ref_at=`添加了引用 <b>%s</b> %s`
-issues.delete_branch_at=`于 %[2]s 删除了分支 <b>%[1]s</b>`
+issues.deleted_project=（已删除）
+issues.self_assign_at=于%s指派给自己
+issues.add_assignee_at=于%[2]s被<b>%[1]s</b>指派
+issues.remove_assignee_at=<b>%s</b>取消了指派在%s
+issues.remove_self_assignment=于%s取消了指派
+issues.change_title_at=于%[3]s修改标题<b><strike>%[1]s</strike></b>为<b>%[2]s</b>
+issues.change_ref_at=将引用从<b><strike>%s</strike></b>更改为了<b>%s</b> %s
+issues.remove_ref_at=删除了引用<b>%s</b> %s
+issues.add_ref_at=添加了引用<b>%s</b> %s
+issues.delete_branch_at=于%[2]s删除了分支<b>%[1]s</b>
 issues.filter_label=标签
 issues.filter_label_exclude=使用 <kbd>Alt</kbd> + <kbd>单击</kbd> 排除标签
 issues.filter_label_no_select=所有标签
@@ -1531,20 +1531,20 @@ issues.action_assignee=指派人筛选
 issues.action_assignee_no_select=未指派
 issues.action_check=选中/取消选中
 issues.action_check_all=选中/取消选中所有项目
-issues.opened_by=由 <a href="%[2]s">%[3]s</a> 创建于 %[1]s
-pulls.merged_by=由 <a href="%[2]s">%[3]s</a> 创建，合并于 %[1]s
-pulls.merged_by_fake=由 %[2]s 创建，合并于 %[1]s
-issues.closed_by=由 <a href="%[2]s">%[3]s</a> 创建，被关闭于 %[1]s
-issues.opened_by_fake=由 %[2]s 于 %[1]s 打开
-issues.closed_by_fake=由 %[2]s 创建，被关闭于 %[1]s
+issues.opened_by=由<a href="%[2]s">%[3]s</a>创建于%[1]s
+pulls.merged_by=由<a href="%[2]s">%[3]s</a>创建，合并于%[1]s
+pulls.merged_by_fake=由%[2]s创建，合并于%[1]s
+issues.closed_by=由<a href="%[2]s">%[3]s</a>创建，被关闭于%[1]s
+issues.opened_by_fake=由%[2]s于%[1]s打开
+issues.closed_by_fake=由%[2]s创建，被关闭于%[1]s
 issues.previous=上一页
 issues.next=下一页
 issues.open_title=开放中
 issues.closed_title=已关闭
 issues.draft_title=草稿
-issues.num_comments_1=%d 评论
-issues.num_comments=%d 条评论
-issues.commented_at=`评论于 <a href="#%s">%s</a>`
+issues.num_comments_1=%d评论
+issues.num_comments=%d条评论
+issues.commented_at=评论于<a href="#%s">%s</a>
 issues.delete_comment_confirm=您确定要删除该条评论吗？
 issues.context.copy_link=复制链接
 issues.context.quote_reply=回复
@@ -1553,20 +1553,20 @@ issues.context.edit=编辑
 issues.context.delete=删除
 issues.no_content=没有提供说明。
 issues.close=关闭
-issues.comment_pull_merged_at=已合并提交 %[1]s 到 %[2]s %[3]s
-issues.comment_manually_pull_merged_at=手动合并提交 %[1]s 到 %[2]s %[3]s
+issues.comment_pull_merged_at=已合并提交%[1]s到%[2]s %[3]s
+issues.comment_manually_pull_merged_at=手动合并提交%[1]s到%[2]s %[3]s
 issues.close_comment_issue=评论并关闭
 issues.reopen_issue=重新开放
 issues.reopen_comment_issue=重新打开并评论
 issues.create_comment=评论
-issues.closed_at=`关闭了此议题 %s`
-issues.reopened_at=`于 %s 重新打开了此议题`
-issues.commit_ref_at=`于 %s 从提交中引用了此议题`
-issues.ref_issue_from=`于 %[1]s <a href="%[2]s">引用了此议题 %[3]s</a>`
-issues.ref_pull_from=`<a href="%[2]s">引用了此合并请求 %[3]s</a> %[1]s`
-issues.ref_closing_from=`于 %[1]s <a href="%[2]s">从合并请求 %[3]s 引用了此议题，将关闭此议题</a>`
-issues.ref_reopening_from=`于 %[1]s <a href="%[2]s">从合并请求 %[3]s 引用了此议题，将重新打开此议题</a> `
-issues.ref_from=`来自 %[1]s`
+issues.closed_at=关闭了此议题%s
+issues.reopened_at=于%s重新打开了此议题
+issues.commit_ref_at=于%s从提交中引用了此议题
+issues.ref_issue_from=于%[1]s <a href="%[2]s">引用了此议题%[3]s</a>
+issues.ref_pull_from=<a href="%[2]s">引用了此合并请求%[3]s</a> %[1]s
+issues.ref_closing_from=于%[1]s <a href="%[2]s">从合并请求%[3]s引用了此议题，将关闭此议题</a>
+issues.ref_reopening_from=于%[1]s <a href="%[2]s">从合并请求%[3]s引用了此议题，将重新打开此议题</a>
+issues.ref_from=来自%[1]s
 issues.author=作者
 issues.role.owner=所有者
 issues.role.owner_helper=该用户是此仓库的所有者之一。
@@ -1584,7 +1584,7 @@ issues.remove_request_review=移除评审请求
 issues.remove_request_review_block=无法移除评审请求
 issues.dismiss_review=取消评审
 issues.dismiss_review_warning=您确定要取消此评审吗？
-issues.sign_in_require_desc=<a href="%s">登录</a> 并参与到对话中。
+issues.sign_in_require_desc=<a href="%s">登录</a>并参与到对话中。
 issues.edit=编辑
 issues.cancel=取消
 issues.save=保存
@@ -1595,10 +1595,10 @@ issues.label_exclusive=独有
 issues.label_archive=存档标签
 issues.label_archived_filter=显示存档标签
 issues.label_archive_tooltip=在标签搜索时，默认情况下存档标签将被排除在外。
-issues.label_exclusive_desc=命名标签为 <code>scope/item</code> 以使其与其他以 <code>scope/</code> 开头的标签互斥。
+issues.label_exclusive_desc=命名标签为<code>scope/item</code>以使其与其他以<code>scope/</code>开头的标签互斥。
 issues.label_exclusive_warning=在编辑议题或合并请求的标签时，任何冲突的范围标签都将被删除。
-issues.label_count=%d 个标签
-issues.label_open_issues=%d 个开放中的议题
+issues.label_count=%d个标签
+issues.label_open_issues=%d个开放中的议题
 issues.label_edit=编辑
 issues.label_delete=删除
 issues.label_modify=编辑标签
@@ -1609,118 +1609,118 @@ issues.label.filter_sort.alphabetically=按字母顺序排序
 issues.label.filter_sort.reverse_alphabetically=按字母逆序排序
 issues.label.filter_sort.by_size=最小尺寸
 issues.label.filter_sort.reverse_by_size=最大尺寸
-issues.num_participants_few=%d 名参与者
-issues.attachment.open_tab=`在新的标签页中查看 '%s'`
+issues.num_participants_few=%d名参与者
+issues.attachment.open_tab=在新的标签页中查看'%s'
 issues.attachment.download=`点击下载 '%s'`
 issues.subscribe=订阅
 issues.unsubscribe=取消订阅
 issues.unpin_issue=取消置顶
 issues.max_pinned=您不能置顶更多议题
-issues.pin_comment=于 %s 置顶本议题
-issues.unpin_comment=于 %s 取消置顶本议题
+issues.pin_comment=于%s置顶本议题
+issues.unpin_comment=于%s取消置顶本议题
 issues.lock=锁定对话
 issues.unlock=解锁对话
 issues.lock.unknown_reason=由于未知原因无法锁定。
 issues.lock_duplicate=一个议题不能被锁定两次。
 issues.unlock_error=无法解锁一个未锁定的议题。
-issues.lock_with_reason=于 %[2]s 以 <strong>%[1]s</strong> 锁定本议题，并限制仅限协作者发言
-issues.lock_no_reason=于 %s 锁定本议题并限制仅协作者可发言
-issues.unlock_comment=于 %s 解锁此议题
+issues.lock_with_reason=于%[2]s以<strong>%[1]s</strong>锁定本议题，并限制仅限协作者发言
+issues.lock_no_reason=于%s锁定本议题并限制仅协作者可发言
+issues.unlock_comment=于%s解锁此议题
 issues.lock_confirm=锁定
 issues.unlock_confirm=解锁
-issues.lock.notice_1=- 其他用户不能评论此议题。
-issues.lock.notice_2=- 您和仓库其他协作者仍可评论并可见。
-issues.lock.notice_3=- 您可以在未来再次解锁这个议题。
-issues.unlock.notice_1=- 每个人都可以再次就这一议题发表评论。
-issues.unlock.notice_2=- 您可以在未来再次解锁这个议题。
+issues.lock.notice_1=-其他用户不能评论此议题。
+issues.lock.notice_2=-您和仓库其他协作者仍可评论并可见。
+issues.lock.notice_3=-您可以在未来再次解锁这个议题。
+issues.unlock.notice_1=-每个人都可以再次就这一议题发表评论。
+issues.unlock.notice_2=-您可以在未来再次解锁这个议题。
 issues.lock.reason=锁定原因
 issues.lock.title=锁定对话
 issues.unlock.title=解锁对话
 issues.comment_on_locked=您不能对锁定的问题发表评论。
 issues.delete=删除
-issues.delete.title=是否删除议题?
+issues.delete.title=是否删除议题？
 issues.delete.text=您真的要删除这个议题吗？（该操作将会永久删除所有内容。如果您需要保留，请关闭它）
 issues.tracker=时间跟踪
 issues.start_tracking_short=启动计时器
 issues.start_tracking=开始时间跟踪
-issues.start_tracking_history=`开始工作 %s`
+issues.start_tracking_history=开始工作%s
 issues.tracker_auto_close=当此议题关闭时，自动停止计时器
-issues.tracking_already_started=`你已经开始对 <a href="%s">另一个议题</a> 进行时间跟踪！`
+issues.tracking_already_started=你已在对<a href="%s">另一个议题</a>进行时间跟踪！
 issues.stop_tracking=停止计时器
-issues.stop_tracking_history=`停止工作 %s`
+issues.stop_tracking_history=停止工作%s
 issues.cancel_tracking=放弃
-issues.cancel_tracking_history=`取消时间跟踪 %s`
+issues.cancel_tracking_history=取消时间跟踪%s
 issues.add_time=手动记录时间
 issues.del_time=删除此时间跟踪日志
 issues.add_time_short=添加时间
 issues.add_time_cancel=取消
-issues.add_time_history=`添加耗时 %s`
-issues.del_time_history=`已删除时间 %s`
+issues.add_time_history=添加耗时%s
+issues.del_time_history=已删除时间%s
 issues.add_time_hours=小时
 issues.add_time_minutes=分钟
 issues.add_time_sum_to_small=没有输入时间。
 issues.time_spent_total=总用时
-issues.time_spent_from_all_authors=`总花费时间：%s`
+issues.time_spent_from_all_authors=总花费时间：%s
 issues.due_date=到期时间
-issues.push_commit_1=于 %[2]s 推送了 %[1]d 个提交
-issues.push_commits_n=于 %[2]s 推送了 %[1]d 个提交
-issues.force_push_codes=`于 %[6]s 强制推送 %[1]s，从 <a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s 至 <a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s`
+issues.push_commit_1=于%[2]s推送了%[1]d个提交
+issues.push_commits_n=于%[2]s推送了%[1]d个提交
+issues.force_push_codes=于%[6]s强制推送%[1]s，从<a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s至<a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s
 issues.force_push_compare=比较
 issues.due_date_form=yyyy年mm月dd日
 issues.due_date_form_edit=编辑
 issues.due_date_form_remove=删除
 issues.due_date_not_set=未设置到期时间。
-issues.due_date_added=于 %[2]s 设置到期时间为 %[1]s
-issues.due_date_modified=于 %[3]s 将到期日从 %[2]s 修改为 %[1]s
-issues.due_date_remove=于 %[2]s 删除了到期时间 %[1]s
+issues.due_date_added=于%[2]s设置到期时间为%[1]s
+issues.due_date_modified=于%[3]s将到期日从%[2]s修改为%[1]s
+issues.due_date_remove=于%[2]s删除了到期时间%[1]s
 issues.due_date_overdue=超期
 issues.due_date_invalid=到期日期无效或超出范围。请使用“yyyy-mm-dd”格式。
 issues.dependency.title=依赖议题
 issues.dependency.issue_no_dependencies=未设置依赖项。
 issues.dependency.pr_no_dependencies=没有设置依赖项。
-issues.dependency.no_permission_1=您没有读取 %d 依赖关系的权限
-issues.dependency.no_permission_n=您没有读取 %d 依赖关系的权限
+issues.dependency.no_permission_1=您没有读取%d依赖关系的权限
+issues.dependency.no_permission_n=您没有读取%d依赖关系的权限
 issues.dependency.no_permission.can_remove=您没有读取此依赖关系的权限，但可以删除此依赖关系
-issues.dependency.add=添加依赖议题…
+issues.dependency.add=添加依赖议题……
 issues.dependency.cancel=取消
 issues.dependency.remove=删除
 issues.dependency.remove_info=删除此依赖项
-issues.dependency.added_dependency=`添加了一个新的依赖项 %s`
-issues.dependency.removed_dependency=`移除了一个依赖项 %s`
+issues.dependency.added_dependency=添加了一个新的依赖项%s
+issues.dependency.removed_dependency=移除了一个依赖项%s
 issues.dependency.pr_closing_blockedby=以下议题阻止了关闭此合并请求
 issues.dependency.issue_closing_blockedby=关闭此议题被以下议题阻止
 issues.dependency.issue_close_blocks=此议题阻止了以下议题的关闭
 issues.dependency.pr_close_blocks=此合并请求阻止以下议题的关闭
-issues.dependency.issue_close_blocked=您需要关闭所有阻止此议题的议题, 然后才能关闭它。
-issues.dependency.issue_batch_close_blocked=无法批量关闭您所选择的议题，因为 #%d 议题仍然有处于打开状态的依赖议题
-issues.dependency.pr_close_blocked=您需要关闭所有阻止此合并请求的议题, 然后才能合并它。
+issues.dependency.issue_close_blocked=您需要关闭所有阻止此议题的议题，然后才能关闭它。
+issues.dependency.issue_batch_close_blocked=无法批量关闭您所选择的议题，因为#%d议题仍然有处于打开状态的依赖议题
+issues.dependency.pr_close_blocked=您需要关闭所有阻止此合并请求的议题，然后才能合并它。
 issues.dependency.blocks_short=阻止
 issues.dependency.blocked_by_short=依赖于
 issues.dependency.remove_header=删除依赖项
-issues.dependency.issue_remove_text=此操作将从议题中删除依赖。是否要继续?
-issues.dependency.pr_remove_text=此操作将从合并请求中删除依赖。是否要继续?
+issues.dependency.issue_remove_text=此操作将从议题中删除依赖。是否要继续？
+issues.dependency.pr_remove_text=此操作将从合并请求中删除依赖。是否要继续？
 issues.dependency.setting=为议题和合并请求启用依赖
 issues.dependency.add_error_same_issue=你不能让一个议题依赖于自己。
 issues.dependency.add_error_dep_issue_not_exist=依赖项不存在。
 issues.dependency.add_error_dep_not_exist=依赖项不存在。
 issues.dependency.add_error_dep_exists=依赖项已存在。
-issues.dependency.add_error_cannot_create_circular=您不能创建依赖, 使得两个议题相互阻止。
+issues.dependency.add_error_cannot_create_circular=您不能创建依赖，使得两个议题相互阻止。
 issues.dependency.add_error_dep_not_same_repo=这两个议题必须在同一仓库。
 issues.review.self.approval=您不能批准您自己的合并请求。
 issues.review.self.rejection=您不能请求对您自己的合并请求进行更改。
-issues.review.approve=于 %s 批准此合并请求
-issues.review.comment=评审于 %s
-issues.review.dismissed=于 %[2]s 取消了 %[1]s 的评审
+issues.review.approve=于%s批准此合并请求
+issues.review.comment=评审于%s
+issues.review.dismissed=于%[2]s取消了%[1]s的评审
 issues.review.dismissed_label=已取消
 issues.review.left_comment=留下了一条评论
 issues.review.content.empty=您需要留下一个注释，表明需要的更改。
-issues.review.reject=于 %s 请求更改
+issues.review.reject=于%s请求更改
 issues.review.wait=于 %s 请求评审
-issues.review.add_review_request=于 %[2]s 请求 %[1]s 评审
-issues.review.remove_review_request=于 %[2]s 取消对 %[1]s 的评审请求
-issues.review.remove_review_request_self=于 %s 拒绝评审
+issues.review.add_review_request=于%[2]s请求%[1]s评审
+issues.review.remove_review_request=于%[2]s取消对%[1]s的评审请求
+issues.review.remove_review_request_self=于%s拒绝评审
 issues.review.pending=待定
-issues.review.pending.tooltip=此评论目前对其他用户不可见。 若要提交您的待定评论，请在页面顶部选择 %s -> %s/%s/%s。
+issues.review.pending.tooltip=此评论目前对其他用户不可见。若要提交您的待定评论，请在页面顶部选择%s -> %s/%s/%s。
 issues.review.reviewers=评审人
 issues.review.outdated=已过时
 issues.review.outdated_description=评论发布后内容已经修改
@@ -1753,20 +1753,20 @@ pulls.allow_edits_from_maintainers_err=更新失败
 pulls.compare_changes_desc=选择合并的目标分支和源分支。
 pulls.has_viewed_file=已查看
 pulls.has_changed_since_last_review=自您上次评审以来已有更改
-pulls.viewed_files_label=已查看 %[1]d / %[2]d 个文件
+pulls.viewed_files_label=已查看%[1]d / %[2]d个文件
 pulls.expand_files=展开所有文件
 pulls.collapse_files=折叠所有文件
 pulls.compare_base=合并到
 pulls.compare_compare=拉取从
 pulls.switch_comparison_type=切换比较类型
-pulls.switch_head_and_base=切换 head 和 base
+pulls.switch_head_and_base=切换head和base
 pulls.filter_branch=过滤分支
 pulls.no_results=未找到结果。
 pulls.show_all_commits=显示所有提交
 pulls.show_changes_since_your_last_review=显示自您上次评审以来的更改
-pulls.showing_only_single_commit=仅显示提交 %[1]s 的更改
-pulls.showing_specified_commit_range=仅显示 %[1]s...%[2]s 之间的更改
-pulls.select_commit_hold_shift_for_range=选择提交。按住 Shift + 单击选择一个范围
+pulls.showing_only_single_commit=仅显示提交%[1]s的更改
+pulls.showing_specified_commit_range=仅显示%[1]s...%[2]s之间的更改
+pulls.select_commit_hold_shift_for_range=选择提交。按住Shift +单击选择一个范围
 pulls.review_only_possible_for_full_diff=只有在查看全部差异时才能进行评审
 pulls.filter_changes_by_commit=按提交筛选
 pulls.nothing_to_compare=分支内容相同，无需创建合并请求。
@@ -1774,7 +1774,7 @@ pulls.nothing_to_compare_have_tag = 所选分支/标签相同。
 pulls.nothing_to_compare_and_allow_empty_pr=这些分支是相等的，此合并请求将为空。
 pulls.has_pull_request=这些分支之间的合并请求已存在：<a href="%[1]s">%[2]s#%[3]d</a>
 pulls.create=创建合并请求
-pulls.change_target_branch_at=将目标分支从 <b>%s</b> 更改为 <b>%s</b> %s
+pulls.change_target_branch_at=将目标分支从<b>%s</b>更改为<b>%s</b> %s
 pulls.tab_conversation=对话
 pulls.tab_commits=代码提交
 pulls.tab_files=文件更改
@@ -1784,13 +1784,13 @@ pulls.merged=已合并
 pulls.merged_success=合并请求已成功合并和关闭
 pulls.closed=合并请求已关闭
 pulls.manually_merged=已手动合并
-pulls.merged_info_text=分支 %s 现在可以被删除了。
+pulls.merged_info_text=分支%s现在可以被删除了。
 pulls.is_closed=合并请求已经关闭。
-pulls.title_wip_desc=`<a href="#">标题以 <strong>%s</strong> 开头</a>以免合并请求意外合并。`
+pulls.title_wip_desc=<a href="#">标题以<strong>%s</strong>开头</a>以免合并请求意外合并。
 pulls.cannot_merge_work_in_progress=此合并请求被标记为正在进行的工作。
 pulls.still_in_progress=仍在进行中？
-pulls.add_prefix=添加 <strong>%s</strong> 前缀
-pulls.remove_prefix=删除 <strong>%s</strong> 前缀
+pulls.add_prefix=添加<strong>%s</strong>前缀
+pulls.remove_prefix=删除<strong>%s</strong>前缀
 pulls.data_broken=此合并请求因为派生仓库信息缺失而中断。
 pulls.files_conflicted=此合并请求有变更与目标分支冲突。
 pulls.is_checking=正在进行合并冲突检测，请稍后再试。
@@ -1799,7 +1799,7 @@ pulls.is_empty=此分支上的更改已经在目标分支上。这将是一个
 pulls.required_status_check_failed=一些必要的检测没有成功。
 pulls.required_status_check_missing=缺少一些必要的检测。
 pulls.required_status_check_administrator=作为管理员，您仍可合并此合并请求。
-pulls.blocked_by_approvals=此合并请求尚未通过审批。已有 %d 个批准，共需 %d 个。
+pulls.blocked_by_approvals=此合并请求尚未通过审批。已有%d个批准，共需%d个。
 pulls.blocked_by_rejection=此合并请求有官方评审员请求的更改。
 pulls.blocked_by_official_review_requests=此合并请求需要一名或多名评审员审阅批准。
 pulls.blocked_by_outdated_branch=此合并请求因过期而被阻止。
@@ -1808,15 +1808,15 @@ pulls.blocked_by_changed_protected_files_n=此合并请求因修改了下列被
 pulls.can_auto_merge_desc=该合并请求可以进行自动合并操作。
 pulls.cannot_auto_merge_desc=该合并请求存在冲突，无法进行自动合并操作。
 pulls.cannot_auto_merge_helper=手动合并以解决冲突。
-pulls.num_conflicting_files_1=%d 个冲突文件
-pulls.num_conflicting_files_n=%d 个冲突文件
-pulls.approve_count_1=%d 项批准
-pulls.approve_count_n=%d 项批准
-pulls.reject_count_1=%d 变更请求
-pulls.reject_count_n=%d 变更请求
-pulls.waiting_count_1=等待 %d 人评审
-pulls.waiting_count_n=等待 %d 人评审
-pulls.wrong_commit_id=提交 ID 必须是目标分支上的提交的 ID
+pulls.num_conflicting_files_1=%d个冲突文件
+pulls.num_conflicting_files_n=%d个冲突文件
+pulls.approve_count_1=%d项批准
+pulls.approve_count_n=%d项批准
+pulls.reject_count_1=%d变更请求
+pulls.reject_count_n=%d变更请求
+pulls.waiting_count_1=等待%d人评审
+pulls.waiting_count_n=等待%d人评审
+pulls.wrong_commit_id=提交ID必须是目标分支上的提交的ID
 
 pulls.no_merge_desc=由于未启用合并选项，此合并请求无法被合并。
 pulls.no_merge_helper=在仓库设置中启用合并选项或者手工合并请求。
@@ -1828,7 +1828,7 @@ pulls.rebase_merge_pull_request=变基后快进
 pulls.rebase_merge_commit_pull_request=变基后创建合并提交
 pulls.squash_merge_pull_request=创建压缩提交
 pulls.merge_manually=手动合并
-pulls.merge_commit_id=合并提交 ID
+pulls.merge_commit_id=合并提交ID
 pulls.require_signed_wont_sign=分支需要签名的提交，但这个合并将不会被签名
 
 pulls.invalid_merge_option=你可以在此合并请求中使用合并选项。
@@ -1838,12 +1838,12 @@ pulls.rebase_conflict=合并失败：变基提交有冲突：%[1]s。提示：
 pulls.rebase_conflict_summary=错误信息
 pulls.unrelated_histories=合并失败：两个分支没有共同历史。提示：尝试不同的策略
 pulls.merge_out_of_date=合并失败：在生成合并时，主分支已更新。提示：再试一次。
-pulls.head_out_of_date=合并失败：在生成合并时，head 已更新。提示：再试一次。
+pulls.head_out_of_date=合并失败：在生成合并时，head已更新。提示：再试一次。
 pulls.has_merged=失败：合并请求已经被合并，您不能再次合并或更改目标分支。
-pulls.push_rejected=合并失败：推送被拒绝。请查看此仓库的 Git 钩子。
+pulls.push_rejected=合并失败：推送被拒绝。请查看此仓库的Git钩子。
 pulls.push_rejected_summary=详细拒绝信息
-pulls.push_rejected_no_message=推送失败：此推送被拒绝但未提供其他信息。请检查此仓库的 Git 钩子
-pulls.open_unmerged_pull_exists=`您不能执行重新打开操作, 因为已经存在相同的合并请求（#%d）。`
+pulls.push_rejected_no_message=推送失败：此推送被拒绝但未提供其他信息。请检查此仓库的Git钩子
+pulls.open_unmerged_pull_exists=您不能执行重新打开操作，因为已经存在相同的合并请求（#%d）。
 pulls.status_checking=仍在等待一些检测
 pulls.status_checks_success=所有检测均成功
 pulls.status_checks_warning=一些检测报告了警告
@@ -1859,55 +1859,55 @@ pulls.update_branch_success=分支更新成功
 pulls.update_not_allowed=您无权更新分支
 pulls.outdated_with_base_branch=此分支相比基础分支已过期
 pulls.close=关闭
-pulls.closed_at=`于 %s 关闭了此合并请求`
-pulls.reopened_at=`于 %s 重新打开了此合并请求`
+pulls.closed_at=于%s关闭了此合并请求
+pulls.reopened_at=于%s重新打开了此合并请求
 pulls.cmd_instruction_hint=查看命令行说明
 pulls.cmd_instruction_checkout_title=检出
 pulls.cmd_instruction_checkout_desc=从你的仓库中检出一个新的分支并测试变更。
 pulls.cmd_instruction_merge_title=合并
-pulls.cmd_instruction_merge_desc=合并更改并在 Forgejo 上更新。
+pulls.cmd_instruction_merge_desc=合并更改并在Forgejo上更新。
 pulls.clear_merge_message=清除合并消息
-pulls.clear_merge_message_hint=清除合并消息只会删除提交消息内容，并保留生成的 git 附加内容，如“Co-Authored-By …”。
+pulls.clear_merge_message_hint=清除合并消息只会删除提交消息内容，并保留生成的git附加内容，如“Co-Authored-By……”。
 
 pulls.auto_merge_button_when_succeed=（当检测成功时）
 pulls.auto_merge_when_succeed=在所有检测成功后自动合并
 pulls.auto_merge_newly_scheduled=合并请求计划在所有检测成功后合并。
-pulls.auto_merge_has_pending_schedule=%[1]s 安排此拉取请求在所有检测成功时自动合并 %[2]s。
+pulls.auto_merge_has_pending_schedule=%[1]s安排此拉取请求在所有检测成功时自动合并%[2]s。
 
 pulls.auto_merge_cancel_schedule=取消自动合并
 pulls.auto_merge_not_scheduled=此拉取请求没有计划自动合并。
 pulls.auto_merge_canceled_schedule=此拉取请求的自动合并已取消。
 
-pulls.auto_merge_newly_scheduled_comment=`已安排此拉取请求在所有检测成功后自动合并 %[1]s`
-pulls.auto_merge_canceled_schedule_comment=`已取消当所有检测成功后自动合并此拉取请求 %[1]s`
+pulls.auto_merge_newly_scheduled_comment=已安排此拉取请求在所有检测成功后自动合并%[1]s
+pulls.auto_merge_canceled_schedule_comment=已取消当所有检测成功后自动合并此拉取请求%[1]s
 
 pulls.delete.title=删除此拉取请求？
 pulls.delete.text=你真的要删除这个拉取请求吗？（这将永久删除所有内容。如果你打算将内容存档，请考虑关闭它）
 
-pulls.recently_pushed_new_branches=您已于%[2]s推送了分支 <a href="%[3]s"><strong>%[1]s</strong></a>
+pulls.recently_pushed_new_branches=您已于%[2]s推送了分支<a href="%[3]s"><strong>%[1]s</strong></a>
 
 pull.deleted_branch=（已删除）：%s
 
 milestones.new=新的里程碑
-milestones.closed=关闭于 %s
-milestones.update_ago=已更新 %s
+milestones.closed=关闭于%s
+milestones.update_ago=已更新%s
 milestones.no_due_date=暂无截止日期
 milestones.open=开放中
 milestones.close=关闭
 milestones.new_subheader=里程碑可以帮助您组织议题并跟踪其进度。
-milestones.completeness=<strong>%d%%</strong> 已完成
+milestones.completeness=<strong>%d%%</strong>已完成
 milestones.create=创建里程碑
 milestones.title=标题
 milestones.desc=描述
 milestones.due_date=截止日期（可选）
 milestones.clear=清除
 milestones.invalid_due_date_format=到期时间的格式必须是“yyyy-mm-dd”。
-milestones.create_success=里程碑 %s 创建成功。
+milestones.create_success=里程碑%s创建成功。
 milestones.edit=编辑里程碑
 milestones.edit_subheader=里程碑组织议题，合并请求和跟踪进度。
 milestones.cancel=取消
 milestones.modify=更新里程碑
-milestones.edit_success=里程碑 %s 已经更新。
+milestones.edit_success=里程碑%s已经更新。
 milestones.deletion=删除里程碑
 milestones.deletion_desc=删除该里程碑将会移除所有议题中相关的信息。是否继续？
 milestones.deletion_success=里程碑已被删除。
@@ -1918,7 +1918,7 @@ milestones.filter_sort.most_complete=完成度从高到低
 milestones.filter_sort.most_issues=议题从多到少
 milestones.filter_sort.least_issues=议题从少到多
 
-signing.will_sign=这个提交将用密钥 "%s" 签名。
+signing.will_sign=这个提交将用密钥"%s"签名。
 signing.wont_sign.error=检测提交是否可以签名时出错。
 signing.wont_sign.nokey=本实例没有密钥用于签署该提交。
 signing.wont_sign.never=提交从未签名。
@@ -1945,83 +1945,83 @@ wiki.page_title=页面标题
 wiki.page_content=页面内容
 wiki.default_commit_message=关于此次修改的说明（可选）。
 wiki.save_page=保存页面
-wiki.last_commit_info=%s 于 %s 修改了此页面
+wiki.last_commit_info=%s于%s修改了此页面
 wiki.edit_page_button=修改
 wiki.new_page_button=新的页面
 wiki.file_revision=页面历史
 wiki.wiki_page_revisions=页面历史
 wiki.back_to_wiki=返回百科
 wiki.delete_page_button=删除页面
-wiki.delete_page_notice_1=百科页面 %s 删除后无法恢复，是否继续？
-wiki.page_already_exists=相同名称的 Wiki 页面已经存在。
-wiki.reserved_page=百科页面名称 %s 是被保留的。
+wiki.delete_page_notice_1=百科页面%s删除后无法恢复，是否继续？
+wiki.page_already_exists=相同名称的Wiki页面已经存在。
+wiki.reserved_page=百科页面名称%s是被保留的。
 wiki.pages=所有页面
-wiki.last_updated=最后更新于 %s
-wiki.page_name_desc=输入此 Wiki 页面的名称。特殊名称包括“Home”、“_Sidebar”和“_Footer”。
-wiki.original_git_entry_tooltip=查看原始的 Git 文件而不是使用友好链接。
+wiki.last_updated=最后更新于%s
+wiki.page_name_desc=输入此Wiki页面的名称。特殊名称包括“Home”、“_Sidebar”和“_Footer”。
+wiki.original_git_entry_tooltip=查看原始的Git文件而不是使用友好链接。
 
 activity=动态
 activity.navbar.contributors=贡献者
 activity.period.filter_label=周期：
-activity.period.daily=1 天
-activity.period.halfweekly=3 天
-activity.period.weekly=1 周
-activity.period.monthly=1 个月
-activity.period.quarterly=3 个月
-activity.period.semiyearly=6 个月
-activity.period.yearly=1 年
+activity.period.daily=1天
+activity.period.halfweekly=3天
+activity.period.weekly=1周
+activity.period.monthly=1个月
+activity.period.quarterly=3个月
+activity.period.semiyearly=6个月
+activity.period.yearly=1年
 activity.overview=概览
 activity.merged_prs_count_1=已合并的合并请求
 activity.merged_prs_count_n=已合并的合并请求
 activity.opened_prs_count_1=新合并请求
 activity.opened_prs_count_n=新合并请求
-activity.title.user_1=%d 名用户
-activity.title.user_n=%d 名用户
-activity.title.prs_1=%d 个合并请求
-activity.title.prs_n=%d 个合并请求
-activity.title.prs_merged_by=%[2]s 共合并了 %[1]s
-activity.title.prs_opened_by=%[2]s 共创建了 %[1]s
+activity.title.user_1=%d名用户
+activity.title.user_n=%d名用户
+activity.title.prs_1=%d个合并请求
+activity.title.prs_n=%d个合并请求
+activity.title.prs_merged_by=%[2]s共合并了%[1]s
+activity.title.prs_opened_by=%[2]s共创建了%[1]s
 activity.merged_prs_label=已合并
 activity.opened_prs_label=已创建
 activity.closed_issues_count_1=已关闭的议题
 activity.closed_issues_count_n=已关闭的议题
-activity.title.issues_1=%d 项议题
-activity.title.issues_n=%d 项议题
-activity.title.issues_closed_from=%[2]s 共关闭了 %[1]s
-activity.title.issues_created_by=%[2]s 共创建了 %[1]s
+activity.title.issues_1=%d项议题
+activity.title.issues_n=%d项议题
+activity.title.issues_closed_from=%[2]s共关闭了%[1]s
+activity.title.issues_created_by=%[2]s共创建了%[1]s
 activity.closed_issue_label=已关闭
 activity.new_issues_count_1=新议题
 activity.new_issues_count_n=新议题
 activity.new_issue_label=打开的
-activity.title.unresolved_conv_1=%d 项未解决的会话
-activity.title.unresolved_conv_n=%d 项未解决的会话
+activity.title.unresolved_conv_1=%d项未解决的会话
+activity.title.unresolved_conv_n=%d项未解决的会话
 activity.unresolved_conv_desc=这些最近更新的议题和合并请求还没有解决。
 activity.unresolved_conv_label=打开
-activity.title.releases_1=%d 个版本发布
-activity.title.releases_n=%d 个版本发布
-activity.title.releases_published_by=%[2]s 共发布了 %[1]s
+activity.title.releases_1=%d个版本发布
+activity.title.releases_n=%d个版本发布
+activity.title.releases_published_by=%[2]s共发布了%[1]s
 activity.published_release_label=版本发布
 activity.no_git_activity=在此期间没有任何提交活动。
 activity.git_stats_exclude_merges=除去合并提交以外，
-activity.git_stats_author_1=%d 名作者
-activity.git_stats_author_n=%d 名作者
+activity.git_stats_author_1=%d名作者
+activity.git_stats_author_n=%d名作者
 activity.git_stats_pushed_1=总共推送了
 activity.git_stats_pushed_n=总共推送了
-activity.git_stats_commit_1=%d 个提交
-activity.git_stats_commit_n=%d 个提交
-activity.git_stats_push_to_branch=到 %s 和
+activity.git_stats_commit_1=%d个提交
+activity.git_stats_commit_n=%d个提交
+activity.git_stats_push_to_branch=到%s和
 activity.git_stats_push_to_all_branches=到所有分支。
-activity.git_stats_on_default_branch=在 %s 分支上，
-activity.git_stats_file_1=%d 个文件
-activity.git_stats_file_n=%d 个文件
+activity.git_stats_on_default_branch=在%s分支上，
+activity.git_stats_file_1=%d个文件
+activity.git_stats_file_n=%d个文件
 activity.git_stats_files_changed_1=被改动
 activity.git_stats_files_changed_n=被改动
 activity.git_stats_additions=，总共
-activity.git_stats_addition_1=新增了 %d 行
-activity.git_stats_addition_n=新增了 %d 行
+activity.git_stats_addition_1=新增了%d行
+activity.git_stats_addition_n=新增了%d行
 activity.git_stats_and_deletions=并有
-activity.git_stats_deletion_1=%d 行被删除
-activity.git_stats_deletion_n=%d 行被删除
+activity.git_stats_deletion_1=%d行被删除
+activity.git_stats_deletion_n=%d行被删除
 
 contributors.contribution_type.filter_label=贡献类型：
 contributors.contribution_type.commits=提交
@@ -2037,8 +2037,8 @@ settings.collaboration.write=可写权限
 settings.collaboration.read=可读权限
 settings.collaboration.owner=所有者
 settings.collaboration.undefined=未定义
-settings.hooks=Web 钩子
-settings.githooks=管理 Git 钩子
+settings.hooks=Web钩子
+settings.githooks=管理Git钩子
 settings.basic_settings=基本设置
 settings.mirror_settings=镜像设置
 settings.mirror_settings.docs=设置您的仓库以自动同步另一个仓库的提交、标签和分支。
@@ -2060,13 +2060,13 @@ settings.mirror_settings.direction.pull=拉取
 settings.mirror_settings.direction.push=推送
 settings.mirror_settings.last_update=最后更新
 settings.mirror_settings.push_mirror.none=未配置推送镜像
-settings.mirror_settings.push_mirror.remote_url=Git 远程仓库链接
+settings.mirror_settings.push_mirror.remote_url=Git远程仓库链接
 settings.mirror_settings.push_mirror.add=添加推送镜像
 settings.mirror_settings.push_mirror.edit_sync_time=编辑镜像同步间隔
 
 settings.sync_mirror=立即同步
-settings.pull_mirror_sync_in_progress=正在从远程 %s 拉取更改。
-settings.push_mirror_sync_in_progress=正在推送变更到远程 %s 。
+settings.pull_mirror_sync_in_progress=正在从远程%s拉取更改。
+settings.push_mirror_sync_in_progress=正在推送变更到远程%s。
 settings.site=网站
 settings.update_settings=保存设置
 settings.update_mirror_settings=更新镜像设置
@@ -2078,23 +2078,23 @@ settings.wiki_desc=启用仓库百科
 settings.use_internal_wiki=使用内置百科
 settings.use_external_wiki=使用外部百科
 settings.external_wiki_url=外部百科链接
-settings.external_wiki_url_error=外部百科链接不是有效的 URL。
-settings.external_wiki_url_desc=在用户点击百科标签时，重定向至外部百科系统的 URL。
+settings.external_wiki_url_error=外部百科链接不是有效的URL。
+settings.external_wiki_url_desc=在用户点击百科标签时，重定向至外部百科系统的URL。
 settings.issues_desc=启用仓库议题系统
 settings.use_internal_issue_tracker=使用内置的议题系统
 settings.use_external_issue_tracker=使用外部的议题系统
-settings.external_tracker_url=外部议题系统 URL
+settings.external_tracker_url=外部议题系统URL
 settings.external_tracker_url_error=外部百科链接无效。
-settings.external_tracker_url_desc=在用户点击议题标签时，重定向至外部议题系统的 URL。
-settings.tracker_url_format=外部议题系统的 URL 格式
+settings.external_tracker_url_desc=在用户点击议题标签时，重定向至外部议题系统的URL。
+settings.tracker_url_format=外部议题系统的URL格式
 settings.tracker_url_format_error=外部议题追踪器链接无效。
 settings.tracker_issue_style=外部议题系统的编号格式
 settings.tracker_issue_style.numeric=纯数字形式
 settings.tracker_issue_style.alphanumeric=英文字母数字组合形式
 settings.tracker_issue_style.regexp=正则表达式
 settings.tracker_issue_style.regexp_pattern=正则表达式模式
-settings.tracker_issue_style.regexp_pattern_desc=第一个被捕获的组将取代 <code>{index}</code>。
-settings.tracker_url_format_desc=使用占位符 <code>{user}</code>, <code>{repo}</code> 和 <code>{index}</code> 作为用户名、仓库名和议题索引。
+settings.tracker_issue_style.regexp_pattern_desc=第一个被捕获的组将取代<code>{index}</code>。
+settings.tracker_url_format_desc=使用占位符<code>{user}</code>，<code>{repo}</code>和<code>{index}</code>作为用户名、仓库名和议题索引。
 settings.enable_timetracker=启用时间跟踪
 settings.allow_only_contributors_to_track_time=仅允许成员跟踪时间
 settings.pulls_desc=启用合并请求
@@ -2106,7 +2106,7 @@ settings.pulls.default_allow_edits_from_maintainers=默认开启允许维护者
 settings.releases_desc=启用版本发布
 settings.packages_desc=启用仓库软件包注册中心
 settings.projects_desc=启用仓库项目
-settings.actions_desc=使用 Forgejo Actions 启用集成 CI/CD 管道
+settings.actions_desc=使用Forgejo Actions启用集成CI/CD管道
 settings.admin_settings=管理员设置
 settings.admin_enable_health_check=启用仓库健康检查（git fsck）
 settings.admin_code_indexer=代码索引器
@@ -2133,15 +2133,15 @@ settings.transfer.rejected=代码库转移被拒绝。
 settings.transfer.success=代码库转移成功。
 settings.transfer_abort=取消转移
 settings.transfer_abort_invalid=你不能取消不存在的代码库转移。
-settings.transfer_abort_success=成功取消了将代码库转让给 %s。
+settings.transfer_abort_success=成功取消了将代码库转让给%s。
 settings.transfer_desc=您可以将仓库转移至您拥有管理员权限的帐户或组织。
-settings.transfer_in_progress=当前正在进行转让。 如果你想将此代码库转让给另一个用户，请取消它。
-settings.transfer_notices_1=- 若将此仓库转移给其他用户，您将失去对其的访问权限。
-settings.transfer_notices_2=- 若将其转移到您（共同）拥有的组织，您可以继续访问该仓库。
-settings.transfer_notices_3=- 如果仓库是私有的并且被转移给某个用户，那么此操作可以确保该用户至少具有读权限（以及必要时的更改权限）。
+settings.transfer_in_progress=当前正在进行转让。如果你想将此代码库转让给另一个用户，请取消它。
+settings.transfer_notices_1=-若将此仓库转移给其他用户，您将失去对其的访问权限。
+settings.transfer_notices_2=-若将其转移到您（共同）拥有的组织，您可以继续访问该仓库。
+settings.transfer_notices_3=-如果仓库是私有的并且被转移给某个用户，那么此操作可以确保该用户至少具有读权限（以及必要时的更改权限）。
 settings.transfer_owner=新拥有者
 settings.transfer_perform=执行转让
-settings.transfer_started=该代码库已被标记为转让并等待来自 %s 的确认
+settings.transfer_started=该代码库已被标记为转让并等待来自%s的确认
 settings.transfer_succeed=仓库已被转移。
 settings.signing_settings=签名验证设置
 settings.trust_model=签名信任模型
@@ -2151,21 +2151,21 @@ settings.trust_model.collaborator=协作者
 settings.trust_model.collaborator.long=协作者：信任协作者的签名
 settings.trust_model.collaborator.desc=此仓库中协作者的有效签名将被标记为「可信」（无论它们是否是提交者），签名只符合提交者时将标记为「不可信」，都不匹配时标记为「不匹配」。
 settings.trust_model.committer=提交者
-settings.trust_model.committer.long=提交者：信任与提交者相符的签名（此特性类似 GitHub，这会强制采用 Forgejo 作为提交者和签名者）
-settings.trust_model.committer.desc=有效签名只有和提交者相匹配才会被标记为“受信任”，否则它们将被标记为“不匹配”。这强制 Forgejo 成为签名提交的提交者，而实际提交者被加上 Co-authored-by：和 Co-committed-by：的标记。 默认的 Forgejo 密钥必须匹配数据库中的一名用户。
+settings.trust_model.committer.long=提交者：信任与提交者相符的签名（此特性类似GitHub，这会强制采用Forgejo作为提交者和签名者）
+settings.trust_model.committer.desc=有效签名只有和提交者相匹配才会被标记为“受信任”，否则它们将被标记为“不匹配”。这强制Forgejo成为签名提交的提交者，而实际提交者被加上Co-authored-by：和Co-committed-by：的标记。 默认的Forgejo密钥必须匹配数据库中的一名用户。
 settings.trust_model.collaboratorcommitter=协作者+提交者
 settings.trust_model.collaboratorcommitter.long=协作者+提交者：信任协作者同时是提交者的签名
-settings.trust_model.collaboratorcommitter.desc=此仓库中协作者的有效签名在他同时是提交者时将被标记为「可信」，签名只匹配了提交者时将标记为「不可信」，都不匹配时标记为「不匹配」。这会强制 Forgejo 成为签名者和提交者，实际的提交者将被标记于提交消息结尾处的「Co-Authored-By:」和「Co-Committed-By:」。默认的 Forgejo 签名密钥必须匹配数据库中的一个用户密钥。
+settings.trust_model.collaboratorcommitter.desc=此仓库中协作者的有效签名在他同时是提交者时将被标记为「可信」，签名只匹配了提交者时将标记为「不可信」，都不匹配时标记为「不匹配」。这会强制Forgejo成为签名者和提交者，实际的提交者将被标记于提交消息结尾处的「Co-Authored-By:」和「Co-Committed-By:」。默认的Forgejo签名密钥必须匹配数据库中的一个用户密钥。
 settings.wiki_delete=删除百科数据
 settings.wiki_delete_desc=删除仓库百科数据是永久性的，无法撤消。
-settings.wiki_delete_notices_1=- 这将永久删除和禁用 %s 的百科。
+settings.wiki_delete_notices_1=-这将永久删除和禁用%s的百科。
 settings.confirm_wiki_delete=删除百科数据
 settings.wiki_deletion_success=已成功删除仓库百科数据。
 settings.delete=删除本仓库
-settings.delete_desc=删除仓库是永久性的, 无法撤消。
-settings.delete_notices_1=- 此操作<strong>不可</strong>被回滚。
-settings.delete_notices_2=- 此操作将永久删除仓库 <strong>%s</strong>，包括 Git 数据、议题、评论、百科和协作者的操作权限。
-settings.delete_notices_fork_1=- 在此仓库删除后，它的派生仓库将变成独立仓库。
+settings.delete_desc=删除仓库是永久的，无法撤消。
+settings.delete_notices_1=-此操作<strong>不可</strong>被回滚。
+settings.delete_notices_2=-此操作将永久删除仓库<strong>%s</strong>，包括Git数据、议题、评论、百科和协作者的操作权限。
+settings.delete_notices_fork_1=-在此仓库删除后，它的派生仓库将变成独立仓库。
 settings.deletion_success=仓库已被删除。
 settings.update_settings_success=仓库设置已更新。
 settings.update_settings_no_unit=该代码库应该至少允许某种形式的交互。
@@ -2187,44 +2187,44 @@ settings.add_team=添加团队
 settings.add_team_duplicate=团队已经拥有仓库
 settings.add_team_success=团队现在可以访问仓库。
 settings.change_team_permission_tip=团队权限设置于团队设置页面，不能根据仓库更改
-settings.delete_team_tip=该团队仍有仓库, 无法删除
+settings.delete_team_tip=无法删除还有仓库的团队
 settings.remove_team_success=团队访问仓库的权限已被删除。
-settings.add_webhook=添加 Web 钩子
-settings.add_webhook.invalid_channel_name=Web 钩子通道名称不能为空且不能仅包含一个 # 字符。
-settings.hooks_desc=当某些 Forgejo 事件发生时，Web 钩子将自动发出 HTTP POST 请求。在 <a target="_blank" rel="noopener noreferrer" href="%s">Web 钩子指南</a>阅读更多内容。
-settings.webhook_deletion=删除 Web 钩子
-settings.webhook_deletion_desc=删除 Web 钩子将删除其设置和历史记录。继续？
-settings.webhook_deletion_success=Web 钩子已移除。
+settings.add_webhook=添加Web钩子
+settings.add_webhook.invalid_channel_name=Web钩子通道名称不能为空且不能仅包含一个#字符。
+settings.hooks_desc=当某些Forgejo事件发生时，Web钩子将自动发出HTTP POST请求。在<a target="_blank" rel="noopener noreferrer" href="%s">Web钩子指南</a>阅读更多内容。
+settings.webhook_deletion=删除Web钩子
+settings.webhook_deletion_desc=删除Web钩子将删除其设置和历史记录。继续？
+settings.webhook_deletion_success=Web钩子已移除。
 settings.webhook.test_delivery=测试推送
-settings.webhook.test_delivery_desc=使用假事件测试此 Web 钩子。
-settings.webhook.test_delivery_desc_disabled=用假事件测试这个 Web 钩子前，请先激活它。
+settings.webhook.test_delivery_desc=使用假事件测试此Web钩子。
+settings.webhook.test_delivery_desc_disabled=用假事件测试这个Web钩子前，请先激活它。
 settings.webhook.request=请求内容
 settings.webhook.response=响应内容
 settings.webhook.headers=头信息
 settings.webhook.payload=内容
 settings.webhook.body=响应体
-settings.webhook.replay.description=重新执行此 Web 钩子。
-settings.webhook.replay.description_disabled=重新执行此 Web 钩子前，请先激活它。
+settings.webhook.replay.description=重新执行此Web钩子。
+settings.webhook.replay.description_disabled=重新执行此Web钩子前，请先激活它。
 settings.webhook.delivery.success=一个事件已被添加到推送队列。可能需要过几秒钟才会显示在推送记录中。
-settings.githooks_desc=Git 钩子是 Git 本身提供的功能。您可以在下方编辑 hook 文件以设置自定义操作。
+settings.githooks_desc=Git钩子是Git本身提供的功能。您可以在下方编辑hook文件以设置自定义操作。
 settings.githook_edit_desc=如果钩子未启动，则会显示样例文件中的内容。如果想要删除某个钩子，则提交空白文本即可。
 settings.githook_name=钩子名称
 settings.githook_content=钩子内容
 settings.update_githook=更新钩子
-settings.add_webhook_desc=Forgejo 将向目标 URL 发送具有指定 Content-Type 的 <code>POST</code> 请求。在 <a target="_blank" rel="noopener noreferrer" href="%s">Web 钩子指南</a>阅读更多内容。
-settings.payload_url=目标 URL
-settings.http_method=HTTP 方法
-settings.content_type=POST 内容类型
+settings.add_webhook_desc=Forgejo将向目标URL发送具有指定Content-Type的<code>POST</code>请求。在<a target="_blank" rel="noopener noreferrer" href="%s">Web钩子指南</a>阅读更多内容。
+settings.payload_url=目标URL
+settings.http_method=HTTP方法
+settings.content_type=POST内容类型
 settings.secret=密钥文本
 settings.slack_username=服务名称
-settings.slack_icon_url=图标 URL
+settings.slack_icon_url=图标URL
 settings.slack_color=颜色
 settings.discord_username=用户名
-settings.discord_icon_url=图标 URL
+settings.discord_icon_url=图标URL
 settings.event_desc=触发条件：
 settings.event_push_only=推送事件
 settings.event_send_everything=所有事件
-settings.event_choose=自定义事件…
+settings.event_choose=自定义事件……
 settings.event_header_repository=仓库事件
 settings.event_create=创建
 settings.event_create_desc=创建分支或标签。
@@ -2237,7 +2237,7 @@ settings.event_wiki_desc=创建、重命名、编辑或删除了百科页面。
 settings.event_release=版本发布
 settings.event_release_desc=发布、更新或删除版本时。
 settings.event_push=推送
-settings.event_push_desc=推送到 Git 仓库。
+settings.event_push_desc=推送到Git仓库。
 settings.event_repository=仓库
 settings.event_repository_desc=创建或删除仓库。
 settings.event_header_issue=议题事件
@@ -2273,21 +2273,21 @@ settings.event_pull_request_merge=合并请求合并
 settings.event_package=软件包
 settings.event_package_desc=软件包已在仓库中被创建或删除。
 settings.branch_filter=分支过滤
-settings.branch_filter_desc=推送事件、创建或删除分支事件的分支白名单，使用 glob 模式匹配指定。若为空或 <code>*</code>，则将报告所有分支的事件。语法文档见 <a href="%[1]s">%[2]s</a>。示例：<code>master</code>、<code>{master,release*}</code>。
+settings.branch_filter_desc=推送事件、创建或删除分支事件的分支白名单，使用glob模式匹配指定。若为空或<code>*</code>，则将报告所有分支的事件。语法文档见<a href="%[1]s">%[2]s</a>。示例：<code>master</code>、<code>{master,release*}</code>。
 settings.authorization_header=授权标头
 settings.authorization_header_desc=当存在时将被作为授权标头包含在内。例如：%s。
 settings.active=激活
-settings.active_helper=将触发事件的信息发送到此 Web 钩子 URL。
-settings.add_hook_success=Web 钩子已添加。
-settings.update_webhook=更新 Web 钩子
-settings.update_hook_success=Web 钩子已更新。
-settings.delete_webhook=删除 Web 钩子
+settings.active_helper=将触发事件的信息发送到此Web钩子URL。
+settings.add_hook_success=Web钩子已添加。
+settings.update_webhook=更新Web钩子
+settings.update_hook_success=Web钩子已更新。
+settings.delete_webhook=删除Web钩子
 settings.recent_deliveries=最近推送记录
 settings.hook_type=钩子类型
 settings.slack_token=令牌
 settings.slack_domain=域名
 settings.slack_channel=频道
-settings.add_web_hook_desc=将 <a target="_blank" rel="noreferrer" href="%s">%s</a> 集成到您的仓库。
+settings.add_web_hook_desc=将<a target="_blank" rel="noreferrer" href="%s">%s</a>集成到您的仓库。
 settings.web_hook_name_gitea=Gitea
 settings.web_hook_name_forgejo = Forgejo
 settings.web_hook_name_gogs=Gogs
@@ -2297,25 +2297,25 @@ settings.web_hook_name_dingtalk=钉钉
 settings.web_hook_name_telegram=Telegram
 settings.web_hook_name_matrix=Matrix
 settings.web_hook_name_msteams=Microsoft Teams
-settings.web_hook_name_feishu=飞书 / Lark Suite
+settings.web_hook_name_feishu=飞书/ Lark Suite
 settings.web_hook_name_feishu_only =飞书
 settings.web_hook_name_larksuite_only =Lark Suite
 settings.web_hook_name_wechatwork=企业微信
 settings.web_hook_name_packagist=Packagist
-settings.packagist_username=Packagist 用户名
-settings.packagist_api_token=API 令牌
-settings.packagist_package_url=Packagist 软件包 URL
+settings.packagist_username=Packagist用户名
+settings.packagist_api_token=API令牌
+settings.packagist_package_url=Packagist软件包URL
 settings.deploy_keys=部署密钥
 settings.add_deploy_key=添加部署密钥
 settings.deploy_key_desc=部署密钥对仓库可具有只读或读写访问权限。
 settings.is_writable=启用写权限
-settings.is_writable_info=允许此部署密钥 <strong>推送</strong> 提交到仓库。
+settings.is_writable_info=允许此部署密钥<strong>推送</strong>提交到仓库。
 settings.no_deploy_keys=没有部署密钥。
 settings.title=标题
 settings.deploy_key_content=密钥文本
 settings.key_been_used=具有相同内容的部署密钥已在使用中。
 settings.key_name_used=使用相同名称的部署密钥已经存在。
-settings.add_key_success=部署密钥 %s 添加成功。
+settings.add_key_success=部署密钥%s添加成功。
 settings.deploy_key_deletion=删除部署密钥
 settings.deploy_key_deletion_desc=删除部署密钥将取消此密钥对此仓库的访问权限。继续？
 settings.deploy_key_deletion_success=部署密钥已删除。
@@ -2350,7 +2350,7 @@ settings.protect_no_valid_status_check_patterns=没有有效的状态检测规
 settings.protect_required_approvals=所需的批准
 settings.protect_required_approvals_desc=只允许合并有足够评审人数的拉取请求。
 settings.protect_approvals_whitelist_enabled=批准仅限列入白名单的用户或团队
-settings.protect_approvals_whitelist_enabled_desc=只有白名单用户或团队的评审才能被计入需要的批准数量。 没有白名单时，来自任何有写入权限的人的评审都将计数。
+settings.protect_approvals_whitelist_enabled_desc=只有白名单用户或团队的评审才能被计入需要的批准数量。没有白名单时，来自任何有写入权限的人的评审都将计数。
 settings.protect_approvals_whitelist_users=审查者白名单
 settings.protect_approvals_whitelist_teams=审查团队白名单
 settings.dismiss_stale_approvals=取消过时的批准
@@ -2360,13 +2360,13 @@ settings.ignore_stale_approvals_desc = 不将旧的提交（陈旧的评审）
 settings.require_signed_commits=需要签名提交
 settings.require_signed_commits_desc=拒绝推送未签名或无法验证的提交到此分支。
 settings.protect_branch_name_pattern=受保护的分支名称正则
-settings.protect_branch_name_pattern_desc=受保护的分支名称正则。语法请参阅<a href="%s">文档</a> 。如：main, release/**
+settings.protect_branch_name_pattern_desc=受保护的分支名称正则。语法请参阅<a href="%s">文档</a>。如：main，release/**
 settings.protect_patterns=规则
-settings.protect_protected_file_patterns=受保护的文件模式（使用半角分号“;”分隔）
-settings.protect_protected_file_patterns_desc=即便用户有权添加、编辑或删除此分支中的文件，也不允许直接更改受保护的文件。多个匹配模式使用半角分号（";"）分隔。查阅 <a href="%[1]s">%[2]s</a> 文档了解匹配模式语法。例如：<code>.drone.yml</code>、<code>/docs/**/*.txt</code>。
+settings.protect_protected_file_patterns=受保护的文件模式（使用半角分号“；”分隔）
+settings.protect_protected_file_patterns_desc=即便用户有权添加、编辑或删除此分支中的文件，也不允许直接更改受保护的文件。多个匹配模式使用半角分号（";"）分隔。查阅<a href="%[1]s">%[2]s</a>文档了解匹配模式语法。例如：<code>.drone.yml</code>、<code>/docs/**/*.txt</code>。
 settings.protect_unprotected_file_patterns=不受保护的文件模式（使用半角分号“;”分隔）
-settings.protect_unprotected_file_patterns_desc=在用户有写权限的情况下允许绕过限制，直接修改设为不保护的文件。多个匹配模式可以使用半角分号（“;”）分隔。查阅 <a href="%[1]s">%[2]s</a> 文档了解匹配模式语法。例子：<code>.drone.yml</code>, <code>/docs/**/*.txt</code>。
-settings.update_protect_branch_success=分支保护规则 %s 更新成功。
+settings.protect_unprotected_file_patterns_desc=在用户有写权限的情况下允许绕过限制，直接修改设为不保护的文件。多个匹配模式可以使用半角分号（“;”）分隔。查阅<a href="%[1]s">%[2]s</a>文档了解匹配模式语法。例子：<code>.drone.yml</code>, <code>/docs/**/*.txt</code>。
+settings.update_protect_branch_success=分支保护规则%s更新成功。
 settings.remove_protected_branch_success=移除分支保护规则"%s"成功。
 settings.remove_protected_branch_failed=移除分支保护规则"%s"失败。
 settings.protected_branch_deletion=禁用分支保护
@@ -2380,7 +2380,7 @@ settings.block_outdated_branch_desc=当头部分支落后基础分支时，不
 settings.default_branch_desc=请选择一个默认的分支用于合并请求和提交：
 settings.merge_style_desc=合并方式
 settings.default_merge_style_desc=默认合并方式
-settings.choose_branch=选择一个分支…
+settings.choose_branch=选择一个分支……
 settings.no_protected_branch=没有分支受到保护。
 settings.edit_protected_branch=编辑
 settings.protected_branch_required_rule_name=必须填写规则名称
@@ -2395,12 +2395,12 @@ settings.tags.protection.allowed.teams=允许的团队
 settings.tags.protection.allowed.noone=无
 settings.tags.protection.create=添加规则
 settings.tags.protection.none=没有受保护的标签。
-settings.tags.protection.pattern.description=你可以使用单个名称、glob 模式匹配或正则表达式来匹配多个标签。了解详情请访问 <a target="_blank" rel="noopener" href="%s">受保护标签指南</a>。
+settings.tags.protection.pattern.description=你可以使用单个名称、glob模式匹配或正则表达式来匹配多个标签。了解详情请访问<a target="_blank" rel="noopener" href="%s">受保护标签指南</a>。
 settings.bot_token=机器人令牌
-settings.chat_id=聊天 ID
-settings.thread_id=线程 ID
+settings.chat_id=聊天ID
+settings.thread_id=线程ID
 settings.matrix.homeserver_url=主服务器网址
-settings.matrix.room_id=房间 ID
+settings.matrix.room_id=房间ID
 settings.matrix.message_type=消息类型
 settings.archive.button=存档仓库
 settings.archive.header=存档此仓库
@@ -2418,33 +2418,33 @@ settings.unarchive.success=仓库已成功撤销存档。
 settings.unarchive.error=仓库在取消存档时出现异常。请通过日志获取详细信息。
 settings.update_avatar_success=仓库头像已经更新。
 settings.lfs=LFS
-settings.lfs_filelist=存储在此仓库中的 LFS 文件
-settings.lfs_no_lfs_files=此仓库中没有 LFS 文件
+settings.lfs_filelist=存储在此仓库中的LFS文件
+settings.lfs_no_lfs_files=此仓库中没有LFS文件
 settings.lfs_findcommits=查找提交
-settings.lfs_lfs_file_no_commits=没有找到关于此 LFS 文件的提交
+settings.lfs_lfs_file_no_commits=没有找到关于此LFS文件的提交
 settings.lfs_noattribute=此路径在默认分支中没有可锁定的属性
-settings.lfs_delete=删除 OID 为 %s 的 LFS 文件
-settings.lfs_delete_warning=删除一个 LFS 文件可能导致检出时出现“对象不存在”的错误。确定继续吗？
+settings.lfs_delete=删除OID为%s的LFS文件
+settings.lfs_delete_warning=删除一个LFS文件可能导致检出时出现“对象不存在”的错误。确定继续吗？
 settings.lfs_findpointerfiles=查找指针文件
 settings.lfs_locks=锁定
 settings.lfs_invalid_locking_path=无效路径：%s
 settings.lfs_invalid_lock_directory=无法锁定目录：%s
 settings.lfs_lock_already_exists=锁已经存在：%s
 settings.lfs_lock=锁定
-settings.lfs_lock_path=要锁定的文件路径…
+settings.lfs_lock_path=要锁定的文件路径……
 settings.lfs_locks_no_locks=无锁定
 settings.lfs_lock_file_no_exist=锁定的文件在默认分支中不存在
 settings.lfs_force_unlock=强制解锁
-settings.lfs_pointers.found=找到 %d 个块指针 - %d 个关联， %d 个未关联（%d 个从仓库丢失）
+settings.lfs_pointers.found=找到%d个块指针- %d个关联，%d个未关联（%d个从仓库丢失）
 settings.lfs_pointers.sha=Blob SHA
 settings.lfs_pointers.oid=OID
 settings.lfs_pointers.inRepo=在仓库中
 settings.lfs_pointers.exists=在仓库中存在
 settings.lfs_pointers.accessible=用户可访问
-settings.lfs_pointers.associateAccessible=关联可访问的 %d OID
-settings.rename_branch_failed_exist=无法重命名分支，因为目标分支 %s 存在。
-settings.rename_branch_failed_not_exist=无法重命名分支 %s ，因为它不存在。
-settings.rename_branch_success=分支 %s 已成功重命名为 %s。
+settings.lfs_pointers.associateAccessible=关联可访问的%d OID
+settings.rename_branch_failed_exist=无法重命名分支，因为目标分支%s存在。
+settings.rename_branch_failed_not_exist=无法重命名分支%s，因为它不存在。
+settings.rename_branch_success=分支%s已成功重命名为%s。
 settings.rename_branch=重命名分支
 
 diff.browse_source=浏览代码
@@ -2452,9 +2452,9 @@ diff.parent=父节点
 diff.commit=当前提交
 diff.git-notes=注释
 diff.data_not_available=比较内容不可用
-diff.options_button=Diff 选项
-diff.download_patch=下载 Patch 文件
-diff.download_diff=下载 Diff 文件
+diff.options_button=Diff选项
+diff.download_patch=下载Patch文件
+diff.download_diff=下载Diff文件
 diff.show_split_view=拆分视图
 diff.show_unified_view=合并视图
 diff.whitespace_button=空白符号
@@ -2462,8 +2462,8 @@ diff.whitespace_show_everything=显示所有更改
 diff.whitespace_ignore_all_whitespace=比较行时忽略空白符号
 diff.whitespace_ignore_amount_changes=忽略空白符号数量的变化
 diff.whitespace_ignore_at_eol=忽略行末空白符号的更改
-diff.stats_desc=共有 <strong> %d 个文件被更改</strong>，包括 <strong>%d 次插入</strong> 和 <strong>%d 次删除</strong>
-diff.stats_desc_file=更改 %d 行：新增 %d 行，删除 %d 行
+diff.stats_desc=共有<strong> %d个文件被更改</strong>，包括<strong>%d次插入</strong>和<strong>%d次删除</strong>
+diff.stats_desc_file=更改%d行：新增%d行，删除%d行
 diff.bin=二进制
 diff.bin_not_shown=二进制文件未显示。
 diff.view_file=查看文件
@@ -2474,14 +2474,14 @@ diff.file_image_height=高度
 diff.file_byte_size=大小
 diff.file_suppressed=文件差异内容过多而无法显示
 diff.file_suppressed_line_too_long=文件差异因一行或多行过长而隐藏
-diff.too_many_files=某些文件未显示，因为此 diff 中更改的文件太多
+diff.too_many_files=某些文件未显示，因为此diff中更改的文件太多
 diff.show_more=显示更多
 diff.load=加载差异
 diff.generated=自动生成
 diff.vendored=Vendored
 diff.comment.add_line_comment=添加行内评论
 diff.comment.placeholder=留下评论
-diff.comment.markdown_info=支持使用 Markdown 格式。
+diff.comment.markdown_info=支持使用Markdown格式。
 diff.comment.add_single_comment=添加单条评论
 diff.comment.add_review_comment=添加评论
 diff.comment.start_review=开始评审
@@ -2513,8 +2513,8 @@ release.prerelease=预发行
 release.stable=稳定
 release.compare=比较
 release.edit=编辑
-release.ahead.commits=<strong>%d</strong> 次提交
-release.ahead.target=在此版本发布后被加入到 %s
+release.ahead.commits=<strong>%d</strong>次提交
+release.ahead.target=在此版本发布后被加入到%s
 tag.ahead.target=自此标签到 %s
 release.source_code=源代码
 release.new_subheader=版本发布组织项目的版本。
@@ -2536,10 +2536,10 @@ release.edit_release=更新此次发布
 release.delete_release=删除发布
 release.delete_tag=删除标签
 release.deletion=删除发布
-release.deletion_desc=删除版本发布只会从 Forgejo 中移除。这不会影响 Git 的标签以及您仓库的内容和历史。是否继续？
+release.deletion_desc=删除版本发布只会从Forgejo中移除。这不会影响Git的标签以及您仓库的内容和历史。是否继续？
 release.deletion_success=已删除此版本发布。
 release.deletion_tag_desc=将从仓库中删除此标签，仓库内容和历史记录将保持不变。继续吗？
-release.deletion_tag_success=该 Git 标签已被删除。
+release.deletion_tag_success=该Git标签已被删除。
 release.tag_name_already_exist=使用此标签名称的发布版本已经存在。
 release.tag_name_invalid=标签名称无效。
 release.tag_name_protected=标签名称受到保护。
@@ -2547,32 +2547,32 @@ release.tag_already_exist=此 Git 标签已存在。
 release.downloads=下载附件
 release.add_tag_msg=使用发布的标题和内容作为标签消息。
 release.add_tag=创建标签
-release.releases_for=%s 的版本发布
-release.tags_for=%s 的标签
+release.releases_for=%s的版本发布
+release.tags_for=%s的标签
 
 branch.name=分支名称
-branch.already_exists=名为 %s 的分支已存在。
+branch.already_exists=名为%s的分支已存在。
 branch.delete_head=删除
-branch.delete=删除分支 "%s"
+branch.delete=删除分支"%s"
 branch.delete_html=删除分支
 branch.delete_desc=删除分支是永久的。虽然已删除的分支在实际被删除前有可能会短时间存在，但这在大多数情况下无法撤销。是否继续？
-branch.deletion_success=分支 %s 已被删除。
-branch.deletion_failed=删除分支 %s 失败。
-branch.delete_branch_has_new_commits=因为合并之后有新的提交，分支 %s 无法被删除。
-branch.create_branch=创建分支 %s
-branch.create_from=从 %s
-branch.create_success=分支 '%s' 已创建。
-branch.branch_already_exists=此仓库已存在名为 %s 的分支。
+branch.deletion_success=分支%s已被删除。
+branch.deletion_failed=删除分支%s失败。
+branch.delete_branch_has_new_commits=因为合并之后有新的提交，分支%s无法被删除。
+branch.create_branch=创建分支%s
+branch.create_from=从%s
+branch.create_success=分支'%s'已创建。
+branch.branch_already_exists=此仓库已存在名为%s的分支。
 branch.branch_name_conflict=分支名称"%s"与已存在的分支"%s"冲突。
-branch.tag_collision=分支 %s 不能被创建因为同名的标签已经存在。
+branch.tag_collision=分支%s不能被创建因为同名的标签已经存在。
 branch.deleted_by=删除人：%s
-branch.restore_success=分支 "%s"已还原。
-branch.restore_failed=还原分支 "%s"失败。
-branch.protected_deletion_failed=不能删除受保护的分支 "%s"。
+branch.restore_success=分支"%s"已还原。
+branch.restore_failed=还原分支"%s"失败。
+branch.protected_deletion_failed=不能删除受保护的分支"%s"。
 branch.default_deletion_failed=不能删除默认分支"%s"。
-branch.restore=恢复分支 "%s"
-branch.download=下载分支 "%s"
-branch.rename=重命名分支 "%s"
+branch.restore=恢复分支"%s"
+branch.download=下载分支"%s"
+branch.rename=重命名分支"%s"
 branch.included_desc=此分支是默认分支的一部分
 branch.included=已包含
 branch.create_new_branch=从下列分支创建分支：
@@ -2582,9 +2582,9 @@ branch.rename_branch_to=正在重命名分支“%s”。
 branch.create_branch_operation=创建分支
 branch.new_branch=创建新分支
 branch.new_branch_from=基于"%s"创建新分支
-branch.renamed=分支 %s 被重命名为 %s。
+branch.renamed=分支%s被重命名为%s。
 
-tag.create_tag=创建标签 %s
+tag.create_tag=创建标签%s
 tag.create_tag_operation=创建标签
 tag.confirm_create_tag=创建标签
 tag.create_tag_from=基于"%s"创建新标签
@@ -2600,12 +2600,12 @@ find_file.go_to_file=查找文件
 find_file.no_matching=没有找到匹配的文件
 
 error.csv.too_large=无法渲染此文件，因为它太大了。
-error.csv.unexpected=无法渲染此文件，因为它包含了意外字符，其位于第 %d 行和第 %d 列。
-error.csv.invalid_field_count=无法渲染此文件，因为它在第 %d 行中的字段数有误。
+error.csv.unexpected=无法渲染此文件，因为它包含了意外字符，其位于第%d行和第%d列。
+error.csv.invalid_field_count=无法渲染此文件，因为它在第%d行中的字段数有误。
 admin.enabled_flags = 该仓库启用的标志：
 admin.flags_replaced = 仓库标志已被替换
 admin.update_flags = 更新标志
-rss.must_be_on_branch = 只有在分支上才能有 RSS 订阅源。
+rss.must_be_on_branch = 只有在分支上才能有RSS订阅源。
 admin.manage_flags = 管理标志
 admin.failed_to_replace_flags = 替换仓库标志失败
 issues.blocked_by_user = 由于你已被仓库所有者屏蔽，你无法在此仓库创建议题。
@@ -2613,7 +2613,7 @@ settings.wiki_rename_branch_main_desc = 将百科内部使用的分支重命名
 editor.invalid_commit_mail = 用于创建提交的邮件地址无效。
 pulls.blocked_by_user = 你无法在此仓库上创建合并请求，因为您已被仓库所有者屏蔽。
 commits.browse_further = 浏览更多
-commits.renamed_from = 重命名自 %s
+commits.renamed_from = 重命名自%s
 wiki.cancel = 取消
 settings.wiki_globally_editable = 允许任何人编辑百科
 settings.new_owner_blocked_doer = 新所有者已将你拉黑。
@@ -2622,8 +2622,8 @@ settings.wiki_rename_branch_main = 标准化百科分支名称
 settings.wiki_rename_branch_main_notices_1 = 此操作<strong>无法</strong>撤消。
 settings.wiki_branch_rename_success = 百科仓库的分支名称已成功规范化。
 settings.confirm_wiki_branch_rename = 重命名百科分支
-pulls.commit_ref_at = `于 %s 从提交中引用了此合并请求`
-settings.wiki_rename_branch_main_notices_2 = 这将永久重命名 %s 的仓库百科的内部分支。现存的检出方式需要更新。
+pulls.commit_ref_at = 于%s从提交中引用了此合并请求
+settings.wiki_rename_branch_main_notices_2 = 这将永久重命名%s的仓库百科的内部分支。现存的检出方式需要更新。
 settings.wiki_branch_rename_failure = 无法标准化仓库百科的分支名称。
 settings.add_collaborator_blocked_our = 因仓库所有者已将其拉黑，不能添加该用户为协作者。
 settings.add_collaborator_blocked_them = 因该用户已将仓库所有者拉黑，不能添加该用户为协作者。
@@ -2638,65 +2638,65 @@ pulls.made_using_agit = AGit
 activity.navbar.pulse = 动态
 activity.navbar.code_frequency = 代码频率
 activity.navbar.recent_commits = 近期提交
-pulls.agit_explanation = 该合并请求是用 AGit 工作流创建的。使用 AGit，贡献者无需派生或创建分支就可以直接通过 “git push” 提出更改代码。
+pulls.agit_explanation = 该合并请求是用AGit工作流创建的。使用AGit，贡献者无需派生或创建分支就可以直接通过 “git push” 提出更改代码。
 commits.search_branch = 此分支
-open_with_editor = 使用 %s 打开
-settings.rename_branch_failed_protected = 无法重命名受保护的分支 %s。
+open_with_editor = 使用%s打开
+settings.rename_branch_failed_protected = 无法重命名受保护的分支%s。
 stars = 点赞
 settings.confirmation_string = 确认输入
-n_commit_one = %s 提交
-n_commit_few = %s 提交
-n_branch_one = %s 分支
-n_branch_few = %s 分支
-n_tag_one = %s 标签
-n_tag_few = %s 标签
+n_commit_one = %s提交
+n_commit_few = %s提交
+n_branch_one = %s分支
+n_branch_few = %s分支
+n_tag_one = %s标签
+n_tag_few = %s标签
 editor.commit_id_not_matching = 您在编辑文件时该文件已被更改。请提交到一个新的分支，然后再将这个新的分支合并回当前分支。
-issues.num_participants_one = %d 位参与者
+issues.num_participants_one = %d位参与者
 issues.archived_label_description = （已存档）%s
 editor.push_out_of_date = 推送似乎已过期。
 settings.enforce_on_admins = 对仓库的管理员适用该规则
 settings.enforce_on_admins_desc = 使仓库管理员也须遵守此规则。
 settings.sourcehut_builds.secrets = 密钥
-size_format = %[1]s：%[2]s, %[3]s：%[4]s
+size_format = %[1]s：%[2]s，%[3]s：%[4]s
 settings.add_webhook.invalid_path = 路径中不能包含“.”或“..”，也不能在开头或结尾中使用斜杠。
-settings.sourcehut_builds.secrets_helper = 给予任务访问构建密钥的权限（需要 SECRETS:RO 权限）
+settings.sourcehut_builds.secrets_helper = 给予任务访问构建密钥的权限（需要SECRETS:RO权限）
 release.system_generated = 此附件是自动生成的。
 pulls.ready_for_review = 准备好接受评审了吗？
 settings.web_hook_name_sourcehut_builds = SourceHut Builds
-settings.graphql_url = GraphQL URL 链接
-settings.sourcehut_builds.access_token_helper = 已授予 JOBS:RW 权限的访问令牌。可在 meta.sr.ht 上生成标准的 <a target="_blank" rel="noopener noreferrer" href="%s">builds.sr.ht 令牌</a>或<a target="_blank" rel="noopener noreferrer" href="%s">带有密匙访问权限的 builds.sr.ht 令牌</a> 。
-settings.matrix.access_token_helper = 推荐为此设立专门的 Matrix 账户。访问令牌可从 Element Web 客户端（在隐私/无痕模式选项卡中打开）> 用户菜单（左上角）> 所有设置 > 帮助及关于 > 高级 > 访问令牌（在主服务器 URL 下方）检索。获取完成后，请直接关闭隐私/无痕选项卡（注销会使令牌失效）。
+settings.graphql_url = GraphQL URL链接
+settings.sourcehut_builds.access_token_helper = 已授予JOBS:RW权限的访问令牌。可在meta.sr.ht上生成标准的<a target="_blank" rel="noopener noreferrer" href="%s">builds.sr.ht令牌</a>或<a target="_blank" rel="noopener noreferrer" href="%s">带有密匙访问权限的builds.sr.ht令牌</a>。
+settings.matrix.access_token_helper = 推荐为此设立专门的Matrix账户。访问令牌可从Element Web客户端（在隐私/无痕模式选项卡中打开）>用户菜单（左上角）>所有设置>帮助及关于>高级>访问令牌（在主服务器URL下方）检索。获取完成后，请直接关闭隐私/无痕选项卡（注销会使令牌失效）。
 settings.event_pull_request_enforcement = 执行
 settings.sourcehut_builds.manifest_path = 构建清单路径
 settings.sourcehut_builds.visibility = 作业可见性
-settings.matrix.room_id_helper = 房间 ID 可从 Element Web 客户端 > 房间设置 > 高级 > 内部房间 ID 获得。例如：%s。
+settings.matrix.room_id_helper = 房间ID可从Element Web客户端>房间设置>高级>内部房间ID获得。例如：%s。
 release.hide_archive_links_helper = 为此版本发布隐藏自动生成的源代码存档。例如，如果您准备自行上传。
 release.hide_archive_links = 隐藏自动生成的存档
 settings.transfer.modal.title = 转移所有权
 settings.transfer.button = 转移所有权
 wiki.search = 搜索百科
 wiki.no_search_results = 无结果
-form.string_too_long = 给定的字符串长度超过 %d 个字符。
-n_release_one = %s 版本发布
-n_release_few = %s 版本发布
+form.string_too_long = 给定的字符串长度超过%d个字符。
+n_release_one = %s版本发布
+n_release_few = %s版本发布
 project = 项目
 issues.edit.already_changed = 无法保存对议题的更改。议题似乎已经被另一个用户修改了，为了防止修改被覆盖，请刷新页面后再次尝试编辑
 pulls.edit.already_changed = 无法保存对合并请求的更改。内容似乎已经被另一个用户修改了，为了防止修改被覆盖，请刷新页面后再次尝试编辑
 comments.edit.already_changed = 无法保存对评论的更改。内容似乎已经被另一个用户修改了，为了防止修改被覆盖，请刷新页面后再次尝试编辑
 subscribe.issue.guest.tooltip = 登录以订阅议题。
 subscribe.pull.guest.tooltip = 登录以订阅此合并请求。
-settings.federation_following_repos = 关注的仓库 URL 地址。以 ";" 分隔，不需要空格。
+settings.federation_following_repos = 关注的仓库URL地址。以";"分隔，不需要空格。
 settings.federation_settings = 邦联设置
-settings.federation_apapiurl = 此仓库的联邦 URL 地址。将其作为关注的仓库 URL 地址填写到另一个仓库的联邦设置中。
+settings.federation_apapiurl = 此仓库的联邦URL地址。将其作为关注的仓库URL地址填写到另一个仓库的联邦设置中。
 settings.federation_not_enabled = 当前实例未启用邦联功能。
 issues.author.tooltip.issue = 此用户是本议题的作者。
 issues.author.tooltip.pr = 此用户是此合并请求的作者。
 release.type_attachment = 附件
 release.type_external_asset = 外部资源
 release.asset_name = 资源名称
-release.asset_external_url = 外部 URL
+release.asset_external_url = 外部URL
 release.add_external_asset = 添加外部资源
-release.invalid_external_url = 无效的外部 URL：“%s”
+release.invalid_external_url = 无效的外部URL：“%s”
 milestones.filter_sort.name = 名称
 settings.pull_mirror_sync_quota_exceeded = 超出配额，未拉取更改。
 settings.transfer_quota_exceeded = 新所有者（%s）已超出配额。仓库尚未转移。
@@ -2708,18 +2708,18 @@ activity.commit = 提交活动
 pulls.cmd_instruction_merge_warning = <b>警告：</b>未启用此仓库的“自动检测手动合并”设置，您之后必须将此合并请求标记为手动合并。
 settings.protect_new_rule = 创建新的分支保护规则
 mirror_denied_combination = 不能同时使用公钥和基于密码的验证。
-mirror_public_key = 公共 SSH 公钥
-mirror_use_ssh.text = 使用 SSH 验证
-mirror_use_ssh.helper = 选择此选项后，Forgejo 将通过 SSH 以 Git 方式镜像仓库，并为您创建一个密钥对。您必须确保已授权生成的公钥推送到目标仓库。选择此选项时，不能使用基于密码的授权。
+mirror_public_key = 公共SSH公钥
+mirror_use_ssh.text = 使用SSH验证
+mirror_use_ssh.helper = 选择此选项后，Forgejo将通过SSH以Git方式镜像仓库，并为您创建一个密钥对。您必须确保已授权生成的公钥推送到目标仓库。选择此选项时，不能使用基于密码的授权。
 settings.mirror_settings.push_mirror.copy_public_key = 复制公钥
 settings.mirror_settings.push_mirror.none_ssh = 无
-mirror_use_ssh.not_available = SSH 验证不可用。
+mirror_use_ssh.not_available = SSH验证不可用。
 issues.new.assign_to_me = 指派给我
 issues.all_title = 全部
-settings.discord_icon_url.exceeds_max_length = 图标 URL 必须小于或等于 2048 个字符
-issues.review.remove_review_requests = 于 %[2]s 取消对 %[1]s 的评审请求
-issues.review.add_review_requests = 于 %[2]s 请求 %[1]s 评审
-issues.review.add_remove_review_requests = 于 %[3]s 请求 %[1]s 评审，并取消对 %[2]s 的评审请求
+settings.discord_icon_url.exceeds_max_length = 图标URL必须小于或等于2048个字符
+issues.review.remove_review_requests = 于%[2]s取消对%[1]s的评审请求
+issues.review.add_review_requests = 于%[2]s请求%[1]s评审
+issues.review.add_remove_review_requests = 于%[3]s请求%[1]s评审，并取消对%[2]s的评审请求
 pulls.delete_after_merge.head_branch.is_protected = 您要删除的头部分支是受保护的分支，无法删除。
 pulls.delete_after_merge.head_branch.insufficient_branch = 您没有权限删除头部分支。
 pulls.delete_after_merge.head_branch.is_default = 您要删除的头部分支是默认分支，无法删除。
@@ -2727,9 +2727,9 @@ issues.filter_sort.relevance = 相关性
 diff.git-notes.add = 添加注释
 diff.git-notes.remove-header = 移除注释
 diff.git-notes.remove-body = 此注释将被移除。
-issues.num_reviews_one = %d 评审
-issues.num_reviews_few = %d 评审
-issues.summary_card_alt = 仓库 %[2]s 中标题为 %[1]s 的议题的摘要卡片
+issues.num_reviews_one = %d评审
+issues.num_reviews_few = %d评审
+issues.summary_card_alt = 仓库%[2]s中标题为%[1]s的议题的摘要卡片
 editor.add_tmpl.filename = 文件名
 settings.default_update_style_desc = 用于更新落后于基础分支的合并请求的默认更新样式。
 pulls.sign_in_require = <a href="%s">登录</a>以创建新的合并请求。
@@ -2737,15 +2737,15 @@ new_from_template = 使用模板
 new_from_template_description = 您可以选择此实例上现有仓库模板并应用其设置。
 new_advanced = 高级设置
 new_advanced_expand = 单击展开
-auto_init_description = 以自述文件、可选的许可证和 .gitignore 文件开启 Git 历史。
+auto_init_description = 以自述文件、可选的许可证和.gitignore文件开启Git历史。
 issues.reaction.add = 添加回应
-issues.reaction.alt_few = %[1]s 回应了 %[2]s。
-issues.reaction.alt_many = %[1]s 和另外 %[2]d 人回应了 %[3]s。
-issues.reaction.alt_remove = 从评论中移除 %[1] 回应。
+issues.reaction.alt_few = %[1]s回应了%[2]s。
+issues.reaction.alt_many = %[1]s和另外%[2]d人回应了%[3]s。
+issues.reaction.alt_remove = 从评论中移除%[1]回应。
 issues.context.menu = 评论菜单
-issues.reaction.alt_add = 对评论添加 %[1]s 回应。
-release.summary_card_alt = 仓库 %[2]s 中标题为 %[1]s 的版本发布的摘要卡片
-summary_card_alt = 仓库 %s 的摘要卡片
+issues.reaction.alt_add = 对评论添加%[1]s回应。
+release.summary_card_alt = 仓库%[2]s中标题为%[1]s的版本发布的摘要卡片
+summary_card_alt = 仓库%s的摘要卡片
 editor.commit_email = 提交电子邮件
 archive.pull.noreview = 此仓库已存档，您无法评审合并请求。
 commits.view_single_diff = 查看该提交对本文件的更改
@@ -2758,24 +2758,24 @@ migrate.repo_desc_helper = 留空以导入现有描述
 archive.nocomment = 您无法评论，因为此仓库已存档。
 comment.blocked_by_user = 您无法评论，因为您已被仓库所有者或作者屏蔽。
 sync_fork.button = 同步
-sync_fork.branch_behind_one = 此分支落后于 %[2]s %[1]d 个提交
-sync_fork.branch_behind_few = 此分支落后于 %[2]s %[1]d 个提交
+sync_fork.branch_behind_one = 此分支落后于%[2]s %[1]d个提交
+sync_fork.branch_behind_few = 此分支落后于%[2]s %[1]d个提交
 settings.event_action_failure = 失败
 settings.event_action_recover = 恢复
-settings.event_action_recover_desc = Action 运行在同一工作流上次失败后成功。
+settings.event_action_recover_desc = Action运行在同一工作流上次失败后成功。
 settings.event_action_success = 成功
-settings.event_action_success_desc = Action 运行以成功结束。
-settings.event_action_failure_desc = Action 运行以失败结束。
-settings.event_header_action = Action 运行事件
+settings.event_action_success_desc = Action运行以成功结束。
+settings.event_action_failure_desc = Action运行以失败结束。
+settings.event_header_action = Action运行事件
 issues.filter_type.all_pull_requests = 所有合并请求
-tree_path_not_found.commit = 路径 %[1]s 在提交 %[2]s 中不存在
-tree_path_not_found.branch = 路径 %[1]s 在分支 %[2]s 中不存在
-tree_path_not_found.tag = 路径 %[1]s 在标签 %[2]s 中不存在
+tree_path_not_found.commit = 路径%[1]s在提交%[2]s中不存在
+tree_path_not_found.branch = 路径%[1]s在分支%[2]s中不存在
+tree_path_not_found.tag = 路径%[1]s在标签%[2]s中不存在
 
 [graphs]
-component_loading=正在加载 %s…
-component_loading_failed=无法加载 %s
-component_loading_info=这可能需要一点时间…
+component_loading=正在加载%s……
+component_loading_failed=无法加载%s
+component_loading_info=这可能需要一点时间……
 component_failed_to_load=意外的错误发生了。
 contributors.what=贡献
 recent_commits.what = 近期提交
@@ -2786,7 +2786,7 @@ org_name_holder=组织名称
 org_full_name_holder=组织全名
 org_name_helper=组织名字应该简单明了。
 create_org=创建组织
-repo_updated=于 %s 更新
+repo_updated=于%s更新
 members=成员
 teams=团队
 code=代码
@@ -2804,8 +2804,8 @@ team_permission_desc=权限
 team_unit_desc=允许访问仓库单元
 team_unit_disabled=（已禁用）
 
-form.name_reserved=组织名称 '%s' 是被保留的。
-form.name_pattern_not_allowed=仓库名称中不允许使用 "%s"。
+form.name_reserved=组织名称'%s'是被保留的。
+form.name_pattern_not_allowed=仓库名称中不允许使用"%s"。
 form.create_org_not_allowed=您不能创建组织。
 
 settings=组织设置
@@ -2825,18 +2825,18 @@ settings.visibility.private_shortname=私有
 
 settings.update_settings=更新设置
 settings.update_setting_success=组织设置已更新。
-settings.change_orgname_prompt=注意：更改组织名称同时会更改组织的 URL 地址并释放旧的名称。
+settings.change_orgname_prompt=注意：更改组织名称同时会更改组织的URL地址并释放旧的名称。
 settings.change_orgname_redirect_prompt=在被人使用前，旧用户名将会被重定向。
 settings.update_avatar_success=组织头像已经更新。
 settings.delete=删除组织
 settings.delete_account=删除当前组织
-settings.delete_prompt=删除操作会永久清除该组织的信息，并且 <strong>不可恢复</strong>！
+settings.delete_prompt=删除操作会永久清除该组织的信息，并且<strong>不可恢复</strong>！
 settings.confirm_delete_account=确认删除
 settings.delete_org_title=删除组织
 settings.delete_org_desc=此组织将会被永久删除，确认继续吗？
-settings.hooks_desc=在此处添加的 Web 钩子将会应用到该组织下的 <strong>所有仓库</strong>。
+settings.hooks_desc=在此处添加的Web钩子将会应用到该组织下的<strong>所有仓库</strong>。
 
-settings.labels_desc=添加能够被该组织下的 <strong>所有仓库</strong> 的议题使用的标签。
+settings.labels_desc=添加能够被该组织下的<strong>所有仓库</strong>的议题使用的标签。
 
 members.membership_visibility=成员可见性：
 members.public=可见
@@ -2847,7 +2847,7 @@ members.member_role=成员角色：
 members.owner=所有者
 members.member=成员
 members.remove=移除成员
-members.remove.detail=从 %[2]s 中移除 %[1]s 吗？
+members.remove.detail=从%[2]s中移除%[1]s吗？
 members.leave=离开组织
 members.leave.detail=是否确定要离开组织“%s”？
 members.invite_desc=邀请新的用户加入 %s：
@@ -2868,12 +2868,12 @@ teams.admin_access=管理员权限
 teams.admin_access_helper=成员可以拉取和推送到团队仓库同时可以添加协作者。
 teams.no_desc=该团队暂无描述
 teams.settings=团队设置
-teams.owners_permission_desc=管理员团队对 <strong>所有仓库</strong> 具有操作权限，且对组织具有 <strong>管理员权限</strong>。
+teams.owners_permission_desc=管理员团队对<strong>所有仓库</strong>具有操作权限，且对组织具有<strong>管理员权限</strong>。
 teams.members=团队成员
 teams.update_settings=更新设置
 teams.delete_team=删除团队
 teams.add_team_member=添加团队成员
-teams.invite_team_member=邀请加入 %s
+teams.invite_team_member=邀请加入%s
 teams.invite_team_member.list=待处理的邀请
 teams.delete_team_title=删除团队
 teams.delete_team_desc=删除一个团队将删除团队成员的访问权限，继续？
@@ -2890,16 +2890,16 @@ teams.add_duplicate_users=用户已经是团队成员。
 teams.repos.none=此团队无法访问任何仓库。
 teams.members.none=团队中没有成员。
 teams.specific_repositories=指定仓库
-teams.specific_repositories_helper=团队成员将只能访问添加到团队的仓库。 选择此项<strong>将不会</strong>自动删除通过<i>所有仓库</i>添加的仓库。
+teams.specific_repositories_helper=团队成员将只能访问添加到团队的仓库。选择此项<strong>将不会</strong>自动删除通过<i>所有仓库</i>添加的仓库。
 teams.all_repositories=所有仓库
-teams.all_repositories_helper=团队可以访问所有仓库。选择此选项将 <strong>添加所有现有的</strong> 仓库到指定团队。
-teams.invite.title=您已被邀请加入组织 <strong>%s</strong> 中的团队 <strong>%s</strong>。
-teams.invite.by=邀请人 %s
+teams.all_repositories_helper=团队可以访问所有仓库。选择此选项将<strong>添加所有现有的</strong>仓库到指定团队。
+teams.invite.title=您已被邀请加入组织<strong>%s</strong>中的团队<strong>%s</strong>。
+teams.invite.by=邀请人%s
 teams.invite.description=请点击下面的按钮加入团队。
 follow_blocked_user = 你无法关注此组织，因为此组织已屏蔽你。
 open_dashboard = 打开仪表盘
-settings.change_orgname_redirect_prompt.with_cooldown.one = 旧组织名将在 %[1]d 天的保护期后对所有人可用，您仍可以在此期间重新认领旧名称。
-settings.change_orgname_redirect_prompt.with_cooldown.few = 旧组织名将在 %[1]d 天的保护期后对所有人可用，您仍可以在此期间重新认领旧名称。
+settings.change_orgname_redirect_prompt.with_cooldown.one = 旧组织名将在%[1]d天的保护期后对所有人可用，您仍可以在此期间重新认领旧名称。
+settings.change_orgname_redirect_prompt.with_cooldown.few = 旧组织名将在%[1]d天的保护期后对所有人可用，您仍可以在此期间重新认领旧名称。
 
 [admin]
 dashboard=管理面板
@@ -2909,7 +2909,7 @@ users=用户帐户
 organizations=组织管理
 assets=代码资源
 repositories=仓库管理
-hooks=Web 钩子
+hooks=Web钩子
 integrations=集成
 authentication=认证源
 emails=用户邮件
@@ -2921,83 +2921,83 @@ last_page=末页
 total=总计：%d
 settings=管理设置
 
-dashboard.new_version_hint=Forgejo %s 现已可用，您正在运行 %s。查看 <a target="_blank" rel="noreferrer" href="%s">博客</a> 了解详情。
+dashboard.new_version_hint=Forgejo %s现已可用，您正在运行%s。查看<a target="_blank" rel="noreferrer" href="%s">博客</a>了解详情。
 dashboard.statistic=摘要
 dashboard.operations=维护操作
 dashboard.system_status=系统状态
 dashboard.operation_name=操作名称
 dashboard.operation_switch=开关
 dashboard.operation_run=执行
-dashboard.clean_unbind_oauth=清理未绑定的 OAuth 连接
-dashboard.clean_unbind_oauth_success=所有未绑定的 OAuth 连接已被删除。
+dashboard.clean_unbind_oauth=清理未绑定的OAuth连接
+dashboard.clean_unbind_oauth_success=所有未绑定的OAuth连接已被删除。
 dashboard.task.started=已开始任务：%[1]s
 dashboard.task.process=任务：%[1]s
-dashboard.task.cancelled=任务：%[1]s 已取消：%[3]s
+dashboard.task.cancelled=任务：%[1]s已取消：%[3]s
 dashboard.task.error=任务中的错误：%[1]s：%[3]s
-dashboard.task.finished=任务：%[2]s 启动的 %[1]s 已完成
+dashboard.task.finished=任务：%[2]s启动的%[1]s已完成
 dashboard.task.unknown=未知任务：%[1]s
 dashboard.cron.started=已开始计划任务：%[1]s
 dashboard.cron.process=计划任务：%[1]s
-dashboard.cron.cancelled=定时任务：%[1]s 已取消：%[3]s
+dashboard.cron.cancelled=定时任务：%[1]s已取消：%[3]s
 dashboard.cron.error=任务中的错误：%s：%[3]s
-dashboard.cron.finished=任务：%[1]s 已经完成
+dashboard.cron.finished=任务：%[1]s已经完成
 dashboard.delete_inactive_accounts=删除所有未激活的帐户
 dashboard.delete_inactive_accounts.started=删除所有未激活的账户任务已启动。
 dashboard.delete_repo_archives=删除所有仓库的存档（ZIP、TAR.GZ等）
 dashboard.delete_repo_archives.started=删除所有仓库存档任务已启动。
-dashboard.delete_missing_repos=删除所有丢失 Git 文件的仓库
-dashboard.delete_missing_repos.started=删除所有丢失 Git 文件的仓库任务已启动。
+dashboard.delete_missing_repos=删除所有丢失Git文件的仓库
+dashboard.delete_missing_repos.started=删除所有丢失Git文件的仓库任务已启动。
 dashboard.delete_generated_repository_avatars=删除生成的仓库头像
-dashboard.sync_repo_branches=将缺少的分支从 Git 数据同步到数据库
-dashboard.sync_repo_tags = 同步 Git 数据中的标签至数据库
+dashboard.sync_repo_branches=将缺少的分支从Git数据同步到数据库
+dashboard.sync_repo_tags = 同步Git数据中的标签至数据库
 dashboard.update_mirrors=更新镜像仓库
 dashboard.repo_health_check=对所有仓库健康检查
 dashboard.check_repo_stats=检查所有仓库统计
 dashboard.archive_cleanup=删除旧的仓库存档
 dashboard.deleted_branches_cleanup=清理已删除的分支
-dashboard.update_migration_poster_id=更新迁移的发布者 ID
+dashboard.update_migration_poster_id=更新迁移的发布者ID
 dashboard.git_gc_repos=对仓库进行垃圾回收
-dashboard.resync_all_sshkeys=使用 Forgejo 的 SSH 密钥更新“.ssh/authorized_keys”文件。
-dashboard.resync_all_sshprincipals=使用 Forgejo 的 SSH 规则更新“.ssh/authorized_principals”文件。
-dashboard.resync_all_hooks=重新同步所有仓库的 Git 钩子（pre-receive、update、post-receive、proc-receive 等）
-dashboard.reinit_missing_repos=重新初始化所有丢失的 Git 仓库存在的记录
+dashboard.resync_all_sshkeys=使用Forgejo的SSH密钥更新“.ssh/authorized_keys”文件。
+dashboard.resync_all_sshprincipals=使用Forgejo的SSH规则更新“.ssh/authorized_principals”文件。
+dashboard.resync_all_hooks=重新同步所有仓库的Git钩子（pre-receive、update、post-receive、proc-receive等）
+dashboard.reinit_missing_repos=重新初始化所有丢失的Git仓库存在的记录
 dashboard.sync_external_users=同步外部用户数据
-dashboard.cleanup_hook_task_table=清理 hook_task 表
+dashboard.cleanup_hook_task_table=清理hook_task表
 dashboard.cleanup_packages=清理过期的软件包
-dashboard.cleanup_actions=清理过期的 Actions 日志和制品
+dashboard.cleanup_actions=清理过期的Actions日志和制品
 dashboard.server_uptime=服务运行时间
-dashboard.current_goroutine=当前 Goroutines 数量
+dashboard.current_goroutine=当前Goroutines数量
 dashboard.current_memory_usage=当前内存使用量
 dashboard.total_memory_allocated=所有被分配的内存
 dashboard.memory_obtained=内存占用量
 dashboard.pointer_lookup_times=指针查找次数
 dashboard.memory_allocate_times=内存分配次数
 dashboard.memory_free_times=内存释放次数
-dashboard.current_heap_usage=当前 Heap 内存使用量
-dashboard.heap_memory_obtained=Heap 内存占用量
-dashboard.heap_memory_idle=Heap 内存空闲量
-dashboard.heap_memory_in_use=正在使用的 Heap 内存
-dashboard.heap_memory_released=被释放的 Heap 内存
-dashboard.heap_objects=Heap 对象数量
-dashboard.bootstrap_stack_usage=启动 Stack 使用量
-dashboard.stack_memory_obtained=被分配的 Stack 内存
-dashboard.mspan_structures_usage=MSpan 结构内存使用量
-dashboard.mspan_structures_obtained=被分配的 MSpan 结构内存
-dashboard.mcache_structures_usage=MCache 结构内存使用量
-dashboard.mcache_structures_obtained=被分配的 MCache 结构内存
+dashboard.current_heap_usage=当前Heap内存使用量
+dashboard.heap_memory_obtained=Heap内存占用量
+dashboard.heap_memory_idle=Heap内存空闲量
+dashboard.heap_memory_in_use=正在使用的Heap内存
+dashboard.heap_memory_released=被释放的Heap内存
+dashboard.heap_objects=Heap对象数量
+dashboard.bootstrap_stack_usage=启动Stack使用量
+dashboard.stack_memory_obtained=被分配的Stack内存
+dashboard.mspan_structures_usage=MSpan结构内存使用量
+dashboard.mspan_structures_obtained=被分配的MSpan结构内存
+dashboard.mcache_structures_usage=MCache结构内存使用量
+dashboard.mcache_structures_obtained=被分配的MCache结构内存
 dashboard.profiling_bucket_hash_table_obtained=被分配的剖析哈希表内存
-dashboard.gc_metadata_obtained=被分配的 GC 元数据内存
+dashboard.gc_metadata_obtained=被分配的GC元数据内存
 dashboard.other_system_allocation_obtained=其它被分配的系统内存
-dashboard.next_gc_recycle=下次 GC 内存回收量
-dashboard.last_gc_time=距离上次 GC 时间
-dashboard.total_gc_pause=GC 暂停时间总量
-dashboard.last_gc_pause=上次 GC 暂停时间
-dashboard.gc_times=GC 执行次数
+dashboard.next_gc_recycle=下次GC内存回收量
+dashboard.last_gc_time=距离上次GC时间
+dashboard.total_gc_pause=GC暂停时间总量
+dashboard.last_gc_pause=上次GC暂停时间
+dashboard.gc_times=GC执行次数
 dashboard.delete_old_actions=从数据库中删除所有旧操作记录
 dashboard.delete_old_actions.started=已开始从数据库中删除所有旧操作记录。
 dashboard.update_checker=更新检查器
 dashboard.delete_old_system_notices=从数据库中删除所有旧系统通知
-dashboard.gc_lfs=垃圾回收 LFS 元数据
+dashboard.gc_lfs=垃圾回收LFS元数据
 dashboard.stop_zombie_tasks=停止僵尸操作任务
 dashboard.stop_endless_tasks=停止无休止的操作任务
 dashboard.cancel_abandoned_jobs=取消放弃的操作任务
@@ -3022,7 +3022,7 @@ users.created=创建时间
 users.last_login=上次登录
 users.never_login=从未登录
 users.send_register_notify=通过邮件发送注册通知
-users.new_success=用户账户 '%s' 已被创建。
+users.new_success=用户账户'%s'已被创建。
 users.edit=修改
 users.auth_source=认证源
 users.local=本地
@@ -3031,13 +3031,13 @@ users.password_helper=保持密码为空将不更改密码。
 users.update_profile_success=该帐户已被更新。
 users.edit_account=编辑帐号
 users.max_repo_creation=最大仓库数
-users.max_repo_creation_desc=（设置为 -1 表示使用全局默认值）
+users.max_repo_creation_desc=（设置为-1表示使用全局默认值）
 users.is_activated=已激活账号
 users.prohibit_login=已暂停账号
 users.is_admin=管理员账号
 users.is_restricted=受限账号
-users.allow_git_hook=允许创建 Git 钩子
-users.allow_git_hook_tooltip=Git 钩子将以运行 Forgejo 的操作系统用户的身份执行，并拥有同等级别的主机访问权限。因此，拥有这种特殊 Git 钩子权限的用户可以访问和修改所有 Forgejo 仓库以及 Forgejo 使用的数据库。这使得他们也能够借此获取 Forgejo 管理员权限。
+users.allow_git_hook=允许创建Git钩子
+users.allow_git_hook_tooltip=Git钩子将以运行Forgejo的操作系统用户的身份执行，并拥有同等级别的主机访问权限。因此，拥有这种特殊Git钩子权限的用户可以访问和修改所有Forgejo仓库以及Forgejo使用的数据库。这使得他们也能够借此获取Forgejo管理员权限。
 users.allow_import_local=允许导入本地仓库
 users.allow_create_organization=允许创建组织
 users.update_profile=更新帐户
@@ -3060,8 +3060,8 @@ users.list_status_filter.is_restricted=受限
 users.list_status_filter.not_restricted=不受限
 users.list_status_filter.is_prohibit_login=禁止登录
 users.list_status_filter.not_prohibit_login=允许登录
-users.list_status_filter.is_2fa_enabled=已启用 2FA
-users.list_status_filter.not_2fa_enabled=未启用 2FA
+users.list_status_filter.is_2fa_enabled=已启用2FA
+users.list_status_filter.not_2fa_enabled=未启用2FA
 users.details=用户详情
 
 emails.email_manage_panel=管理用户邮件地址
@@ -3091,7 +3091,7 @@ repos.name=名称
 repos.private=私有
 repos.issues=议题数
 repos.size=大小
-repos.lfs_size=LFS 大小
+repos.lfs_size=LFS大小
 
 packages.package_manage_panel=软件包管理
 packages.total_size=总大小：%s
@@ -3107,15 +3107,15 @@ packages.repository=仓库
 packages.size=大小
 packages.published=已发布
 
-defaulthooks=默认 Web 钩子
-defaulthooks.desc=当某些 Forgejo 事件触发时，Web 钩子自动向服务器发出 HTTP POST 请求。这里定义的 Web 钩子是默认配置，将被复制到所有新的仓库中。详情请访问 <a target="_blank" rel="noopener" href="%s">Web 钩子指南</a>。
-defaulthooks.add_webhook=添加默认 Web 钩子
-defaulthooks.update_webhook=更新默认 Web 钩子
+defaulthooks=默认Web钩子
+defaulthooks.desc=当某些Forgejo事件触发时，Web钩子自动向服务器发出HTTP POST请求。这里定义的Web钩子是默认配置，将被复制到所有新的仓库中。详情请访问<a target="_blank" rel="noopener" href="%s">Web钩子指南</a>。
+defaulthooks.add_webhook=添加默认Web钩子
+defaulthooks.update_webhook=更新默认Web钩子
 
-systemhooks=系统 Web 钩子
-systemhooks.desc=当某些 Forgejo 事件触发时，Web 钩子自动向服务器发出 HTTP POST 请求。这里定义的 Web 钩子将作用于系统上的所有仓库，所以请考虑这可能带来的任何性能影响。了解详情请访问 <a target="_blank" rel="noopener" href="%s">Web 钩子指南</a>。
-systemhooks.add_webhook=添加系统 Web 钩子
-systemhooks.update_webhook=更新系统 Web 钩子
+systemhooks=系统Web钩子
+systemhooks.desc=当某些Forgejo事件触发时，Web钩子自动向服务器发出HTTP POST请求。这里定义的Web钩子将作用于系统上的所有仓库，所以请考虑这可能带来的任何性能影响。了解详情请访问<a target="_blank" rel="noopener" href="%s">Web钩子指南</a>。
+systemhooks.add_webhook=添加系统Web钩子
+systemhooks.update_webhook=更新系统Web钩子
 
 auths.auth_manage_panel=认证源管理
 auths.new=添加认证源
@@ -3130,88 +3130,88 @@ auths.security_protocol=安全协议
 auths.domain=域名
 auths.host=主机
 auths.port=端口
-auths.bind_dn=绑定 DN
+auths.bind_dn=绑定DN
 auths.bind_password=绑定密码
 auths.user_base=用户搜索基准
-auths.user_dn=用户 DN
+auths.user_dn=用户DN
 auths.attribute_username=用户名属性
-auths.attribute_username_placeholder=留空以使用 Forgejo 中输入的的用户名。
+auths.attribute_username_placeholder=留空以使用Forgejo中输入的的用户名。
 auths.attribute_name=名字属性
 auths.attribute_surname=姓氏属性
 auths.attribute_mail=电子邮件地址属性
-auths.attribute_ssh_public_key=SSH 公钥属性
+auths.attribute_ssh_public_key=SSH公钥属性
 auths.attribute_avatar=头像属性
-auths.attributes_in_bind=从 bind DN 中拉取属性信息
+auths.attributes_in_bind=从bind DN中拉取属性信息
 auths.allow_deactivate_all=允许在搜索结果为空时停用所有用户
 auths.use_paged_search=使用分页搜索
 auths.search_page_size=分页大小
 auths.filter=用户过滤规则
 auths.admin_filter=管理员过滤规则
 auths.restricted_filter=受限的过滤器
-auths.restricted_filter_helper=留空则不将任何用户设置为受限。使用星号（'*'） 将所有不匹配管理过滤器的用户设置为受限用户。
-auths.verify_group_membership=验证 LDAP 组成员资格（留空过滤器跳过）
-auths.group_search_base=群组搜索基础 DN
+auths.restricted_filter_helper=留空则不将任何用户设置为受限。使用星号（'*'）将所有不匹配管理过滤器的用户设置为受限用户。
+auths.verify_group_membership=验证LDAP组成员资格（留空过滤器跳过）
+auths.group_search_base=群组搜索基础DN
 auths.group_attribute_list_users=包含用户列表的群组属性
 auths.user_attribute_in_group=群组中列出的用户属性
-auths.map_group_to_team=将 LDAP 组映射到组织团队（留空字段则跳过）
-auths.map_group_to_team_removal=如果用户不属于相应的 LDAP 组，从已同步团队中移除用户
-auths.enable_ldap_groups=启用 LDAP 组
+auths.map_group_to_team=将LDAP组映射到组织团队（留空字段则跳过）
+auths.map_group_to_team_removal=如果用户不属于相应的LDAP组，从已同步团队中移除用户
+auths.enable_ldap_groups=启用LDAP组
 auths.ms_ad_sa=MS AD 搜索属性
-auths.smtp_auth=SMTP 认证类型
-auths.smtphost=SMTP 主机地址
-auths.smtpport=SMTP 主机端口
+auths.smtp_auth=SMTP认证类型
+auths.smtphost=SMTP主机地址
+auths.smtpport=SMTP主机端口
 auths.allowed_domains=域名白名单
 auths.allowed_domains_helper=每个域名用逗号分隔，如要允许任意域名则留空。
-auths.skip_tls_verify=忽略 TLS 验证
-auths.force_smtps=强制 SMTPS
-auths.force_smtps_helper=SMTPS 始终用于 465 端口。设置此项会强制其他端口也使用 SMTPS。（否则，如果主机支持，将在其他端口上使用 STARTTLS。）
-auths.helo_hostname=HELO 主机名
-auths.helo_hostname_helper=用 HELO 发送的主机名。 留空发送当前主机名。
-auths.disable_helo=禁用 HELO
-auths.pam_service_name=PAM 服务名称
-auths.pam_email_domain=PAM 电子邮件域（可选）
-auths.oauth2_provider=OAuth2 提供程序
-auths.oauth2_icon_url=图标 URL
-auths.oauth2_clientID=客户端 ID（密钥）
+auths.skip_tls_verify=忽略TLS验证
+auths.force_smtps=强制SMTPS
+auths.force_smtps_helper=SMTPS始终用于465端口。设置此项会强制其他端口也使用SMTPS。（否则，如果主机支持，将在其他端口上使用STARTTLS。）
+auths.helo_hostname=HELO主机名
+auths.helo_hostname_helper=用HELO发送的主机名。留空发送当前主机名。
+auths.disable_helo=禁用HELO
+auths.pam_service_name=PAM服务名称
+auths.pam_email_domain=PAM电子邮件域（可选）
+auths.oauth2_provider=OAuth2提供程序
+auths.oauth2_icon_url=图标URL
+auths.oauth2_clientID=客户端ID（密钥）
 auths.oauth2_clientSecret=客户端密钥
-auths.openIdConnectAutoDiscoveryURL=OpenID 连接自动发现 URL
-auths.oauth2_use_custom_url=使用自定义的 URL 而不是默认的 URL
-auths.oauth2_tokenURL=令牌 URL
-auths.oauth2_authURL=授权 URL
-auths.oauth2_profileURL=个人信息 URL
-auths.oauth2_emailURL=电子邮件 URL
+auths.openIdConnectAutoDiscoveryURL=OpenID连接自动发现URL
+auths.oauth2_use_custom_url=使用自定义的URL而不是默认的URL
+auths.oauth2_tokenURL=令牌URL
+auths.oauth2_authURL=授权URL
+auths.oauth2_profileURL=个人信息URL
+auths.oauth2_emailURL=电子邮件URL
 auths.skip_local_two_fa=跳过本地两步验证
 auths.skip_local_two_fa_helper=不设置意味着设置了两步验证的本地用户仍然需要通过两步验证才能登录
 auths.oauth2_tenant=租户
 auths.oauth2_scopes=附加授权范围（Scopes）
-auths.oauth2_required_claim_name=必须填写 Claim 声明的名称
+auths.oauth2_required_claim_name=必须填写Claim声明的名称
 auths.oauth2_required_claim_name_helper=设置此名称，只有具有此名称的声明（Claim）的用户可从此源登录
-auths.oauth2_required_claim_value=必须填写 Claim 声明的值
+auths.oauth2_required_claim_value=必须填写Claim声明的值
 auths.oauth2_required_claim_value_helper=设置此值，只有拥有对应的声明（Claim）的名称和值的用户才被允许从此源登录
-auths.oauth2_group_claim_name=用于提供用户组名称的 Claim 声明名称。（可选）
-auths.oauth2_admin_group=管理员用户组的 Claim 声明值。（可选 - 需要上面的声明名称）
-auths.oauth2_restricted_group=受限用户组的 Claim 声明值。（可选 - 需要上面的声明名称）
-auths.oauth2_map_group_to_team=映射声明的组到组织团队。（可选 - 要求在上面填写声明的名字）
+auths.oauth2_group_claim_name=用于提供用户组名称的Claim声明名称。（可选）
+auths.oauth2_admin_group=管理员用户组的Claim声明值。（可选-需要上面的声明名称）
+auths.oauth2_restricted_group=受限用户组的Claim声明值。（可选-需要上面的声明名称）
+auths.oauth2_map_group_to_team=映射声明的组到组织团队。（可选-要求在上面填写声明的名字）
 auths.oauth2_map_group_to_team_removal=如果用户不属于相应的组，则从同步的团队中移除用户。
 auths.tips=帮助提示
-auths.tips.oauth2.general=OAuth2 认证
-auths.tips.oauth2.general.tip=当注册新的 OAuth2 身份验证时，回调/重定向 URL 应该是：
-auths.tip.oauth2_provider=OAuth2 提供程序
-auths.tip.bitbucket=在 %s 注册新的 OAuth 客户端，并添加“账户”—“读取”权限
-auths.tip.nextcloud=在您的实例上使用菜单“设置 -> 安全 -> OAuth 2.0 客户端”注册新的 OAuth 客户端
-auths.tip.dropbox=在 %s 上创建一个新的应用程序
-auths.tip.facebook=`在 %s 注册一个新的应用，并添加产品"Facebook 登录"`
-auths.tip.github=在 %s 注册一个 OAuth 应用程序
-auths.tip.google_plus=从谷歌 API 控制台（%s） 获得 OAuth2 客户端凭据
-auths.tip.openid_connect=使用 OpenID Connect 发现 URL（<server>/.well-known/openid-configuration）指定端点
-auths.tip.twitter=前往 %s，创建一个应用程序并确保启用了“允许此应用程序用于使用 Twitter 登录”选项
-auths.tip.discord=在 %s 上注册新应用程序
-auths.tip.gitea=注册一个新的 OAuth2 应用程序。可以访问 %s 查看帮助
-auths.tip.yandex=在 %s 上创建一个新的应用程序。在“Yandex.Passport API”这部分中选择以下权限：“访问电子邮件地址（Access to email address）”，“访问用户头像（Access to user avatar）”和“访问用户名，名字和姓氏，性别（Access to username, first name and surname, gender）”
-auths.tip.mastodon=输入您想要认证的 mastodon 实例的自定义 URL（或使用默认值）
+auths.tips.oauth2.general=OAuth2认证
+auths.tips.oauth2.general.tip=当注册新的OAuth2身份验证时，回调/重定向URL应该是：
+auths.tip.oauth2_provider=OAuth2提供程序
+auths.tip.bitbucket=在%s注册新的OAuth客户端，并添加“账户”—“读取”权限
+auths.tip.nextcloud=在您的实例上使用菜单“设置->安全-> OAuth 2.0客户端”注册新的OAuth客户端
+auths.tip.dropbox=在%s上创建一个新的应用程序
+auths.tip.facebook=在%s注册一个新的应用，并添加产品"Facebook登录"
+auths.tip.github=在%s注册一个OAuth应用程序
+auths.tip.google_plus=从谷歌API控制台（%s）获得OAuth2客户端凭据
+auths.tip.openid_connect=使用OpenID Connect发现URL（<server>/.well-known/openid-configuration）指定端点
+auths.tip.twitter=前往%s，创建一个应用程序并确保启用了“允许此应用程序用于使用Twitter登录”选项
+auths.tip.discord=在%s上注册新应用程序
+auths.tip.gitea=注册一个新的OAuth2应用程序。可以访问%s查看帮助
+auths.tip.yandex=在%s上创建一个新的应用程序。在“Yandex.Passport API”这部分中选择以下权限：“访问电子邮件地址（Access to email address）”，“访问用户头像（Access to user avatar）”和“访问用户名，名字和姓氏，性别（Access to username，first name and surname，gender）”
+auths.tip.mastodon=输入您想要认证的mastodon实例的自定义URL（或使用默认值）
 auths.edit=修改认证源
 auths.activated=该认证源已经启用
-auths.new_success=已添加身份验证 '%s'。
+auths.new_success=已添加身份验证'%s'。
 auths.update_success=认证源已经更新。
 auths.update=更新认证源
 auths.delete=删除认证源
@@ -3219,15 +3219,15 @@ auths.delete_auth_title=删除认证源
 auths.delete_auth_desc=删除一个认证源将阻止使用它进行登录。确认？
 auths.still_in_used=认证源仍在使用。请先解除或者删除使用此认证源的用户。
 auths.deletion_success=认证源已经更新。
-auths.login_source_exist=认证源 '%s' 已经存在。
+auths.login_source_exist=认证源'%s'已经存在。
 auths.login_source_of_type_exist=此类型的认证源已存在。
-auths.unable_to_initialize_openid=无法初始化 OpenID Connect 提供商：%s
-auths.invalid_openIdConnectAutoDiscoveryURL=无效的 Auto Discovery URL（这必须是一个以 http:// 或 https://开头的有效的 URL）
+auths.unable_to_initialize_openid=无法初始化OpenID Connect提供商：%s
+auths.invalid_openIdConnectAutoDiscoveryURL=无效的Auto Discovery URL（这必须是一个以http://或https://开头的有效的URL）
 
 config.server_config=服务器配置
 config.app_name=实例名称
-config.app_ver=Forgejo 版本
-config.app_url=基础 URL
+config.app_ver=Forgejo版本
+config.app_url=基础URL
 config.custom_conf=配置文件路径
 config.custom_file_root_path=自定义文件根路径
 config.domain=服务器域名
@@ -3235,7 +3235,7 @@ config.offline_mode=离线模式
 config.disable_router_log=关闭路由日志
 config.run_user=以用户名运行
 config.run_mode=运行模式
-config.git_version=Git 版本
+config.git_version=Git版本
 config.app_data_path=应用数据路径
 config.repo_root_path=仓库根目录
 config.lfs_root_path=LFS根目录
@@ -3243,10 +3243,10 @@ config.log_file_root_path=日志路径
 config.script_type=脚本类型
 config.reverse_auth_user=反向代理认证用户
 
-config.ssh_config=SSH 配置
+config.ssh_config=SSH配置
 config.ssh_enabled=启用
-config.ssh_start_builtin_server=使用内置 SSH 服务器
-config.ssh_domain=SSH 服务器域名
+config.ssh_start_builtin_server=使用内置SSH服务器
+config.ssh_domain=SSH服务器域名
 config.ssh_port=端口
 config.ssh_listen_port=监听端口
 config.ssh_root_path=根目录
@@ -3255,10 +3255,10 @@ config.ssh_keygen_path=密钥生成器（“ssh-keygen”）路径
 config.ssh_minimum_key_size_check=密钥最小长度检查
 config.ssh_minimum_key_sizes=密钥最小长度限制
 
-config.lfs_config=LFS 配置
+config.lfs_config=LFS配置
 config.lfs_enabled=启用
-config.lfs_content_path=LFS 内容存放目录
-config.lfs_http_auth_expiry=LFS HTTP 身份验证过期时间
+config.lfs_content_path=LFS内容存放目录
+config.lfs_http_auth_expiry=LFS HTTP身份验证过期时间
 
 config.db_config=数据库配置
 config.db_type=类型
@@ -3272,10 +3272,10 @@ config.db_path=数据库路径
 config.service_config=服务配置
 config.register_email_confirm=需要电子邮件确认注册
 config.disable_register=禁止用户注册
-config.allow_only_internal_registration=只允许通过 Forgejo 进行注册
+config.allow_only_internal_registration=只允许通过Forgejo进行注册
 config.allow_only_external_registration=仅允许通过外部服务注册
-config.enable_openid_signup=启用 OpenID 自助注册
-config.enable_openid_signin=启用 OpenID 登录
+config.enable_openid_signup=启用OpenID自助注册
+config.enable_openid_signin=启用OpenID登录
 config.show_registration_button=显示注册按钮
 config.require_sign_in_view=需要登录才能查看内容
 config.mail_notify=启用邮件通知
@@ -3292,29 +3292,29 @@ config.no_reply_address=隐藏的电子邮件域名
 config.default_visibility_organization=新组织的默认可见性
 config.default_enable_dependencies=默认情况下启用议题依赖
 
-config.webhook_config=Web 钩子配置
+config.webhook_config=Web钩子配置
 config.queue_length=队列长度
 config.deliver_timeout=推送超时
-config.skip_tls_verify=跳过 TLS 验证
+config.skip_tls_verify=跳过TLS验证
 
 config.mailer_config=邮件配置
 config.mailer_enabled=启用服务
-config.mailer_enable_helo=启用 HELO
+config.mailer_enable_helo=启用HELO
 config.mailer_name=任务名称
 config.mailer_protocol=协议
-config.mailer_smtp_addr=SMTP 地址
-config.mailer_smtp_port=SMTP 端口
+config.mailer_smtp_addr=SMTP地址
+config.mailer_smtp_port=SMTP端口
 config.mailer_user=发送者帐号
-config.mailer_use_sendmail=使用 Sendmail
-config.mailer_sendmail_path=Sendmail 路径
-config.mailer_sendmail_args=Sendmail 的额外参数
-config.mailer_sendmail_timeout=Sendmail 超时
+config.mailer_use_sendmail=使用Sendmail
+config.mailer_sendmail_path=Sendmail路径
+config.mailer_sendmail_args=Sendmail的额外参数
+config.mailer_sendmail_timeout=Sendmail超时
 config.mailer_use_dummy=Dummy
 config.test_email_placeholder=电子邮址（例如：test@example.com）
 config.send_test_mail=发送测试邮件
 config.send_test_mail_submit=发送
-config.test_mail_failed=发送测试邮件至 "%s" 时失败：%v
-config.test_mail_sent=测试邮件已经发送至 "%s"。
+config.test_mail_failed=发送测试邮件至"%s"时失败：%v
+config.test_mail_sent=测试邮件已经发送至"%s"。
 
 config.oauth_config=OAuth 配置
 config.oauth_enabled=启用
@@ -3323,42 +3323,42 @@ config.cache_config=缓存配置
 config.cache_adapter=缓存适配器
 config.cache_interval=缓存周期
 config.cache_conn=缓存连接字符串
-config.cache_item_ttl=缓存条目 TTL
+config.cache_item_ttl=缓存条目TTL
 
-config.session_config=Session 配置
-config.session_provider=Session 提供者
+config.session_config=Session配置
+config.session_provider=Session提供者
 config.provider_config=提供者配置
-config.cookie_name=Cookie 名称
-config.gc_interval_time=GC 周期
-config.session_life_time=Session 生命周期
-config.https_only=仅限 HTTPS
+config.cookie_name=Cookie名称
+config.gc_interval_time=GC周期
+config.session_life_time=Session生命周期
+config.https_only=仅限HTTPS
 config.cookie_life_time=Cookie 生命周期
 
 config.picture_config=图片和头像配置
 config.picture_service=图片服务
-config.disable_gravatar=禁用 Gravatar 头像
+config.disable_gravatar=禁用Gravatar头像
 config.enable_federated_avatar=启用联邦头像
 
-config.git_config=Git 配置
+config.git_config=Git配置
 config.git_disable_diff_highlight=禁用差异对比语法高亮
 config.git_max_diff_lines=差异对比显示的最大行数（单个文件）
 config.git_max_diff_line_characters=差异对比显示的最大字符数（单行）
 config.git_max_diff_files=差异对比显示的最大文件数
-config.git_gc_args=GC 参数
+config.git_gc_args=GC参数
 config.git_migrate_timeout=迁移操作超时
 config.git_mirror_timeout=镜像更新操作超时
 config.git_clone_timeout=克隆操作超时
 config.git_pull_timeout=拉取操作超时
-config.git_gc_timeout=GC 操作超时
+config.git_gc_timeout=GC操作超时
 
 config.log_config=日志配置
 config.logger_name_fmt=日志：%s
 config.disabled_logger=禁用
 config.access_log_mode=访问日志模式
 config.access_log_template=访问日志模板
-config.xorm_log_sql=日志 SQL
+config.xorm_log_sql=日志SQL
 
-config.set_setting_failed=设置 %s 失败
+config.set_setting_failed=设置%s失败
 
 monitor.stats=统计
 
@@ -3370,7 +3370,7 @@ monitor.previous=上次执行时间
 monitor.execute_times=执行次数
 monitor.process=运行中进程
 monitor.stacktrace=调用栈踪迹
-monitor.processes_count=%d 个进程
+monitor.processes_count=%d个进程
 monitor.download_diagnosis_report=下载诊断报告
 monitor.desc=进程描述
 monitor.start=开始时间
@@ -3378,7 +3378,7 @@ monitor.execute_time=执行时长
 monitor.last_execution_result=结果
 monitor.process.cancel=中止进程
 monitor.process.cancel_desc=中止一个进程可能导致数据丢失
-monitor.process.cancel_notices=中止：<strong>%s</strong> ？
+monitor.process.cancel_notices=中止：<strong>%s</strong>？
 monitor.process.children=子进程
 
 monitor.queues=队列
@@ -3386,15 +3386,15 @@ monitor.queue=队列：%s
 monitor.queue.name=名称
 monitor.queue.type=类型
 monitor.queue.exemplar=数据类型
-monitor.queue.numberworkers=worker 数量
-monitor.queue.activeworkers=活跃 worker
-monitor.queue.maxnumberworkers=最大 worker 数量
+monitor.queue.numberworkers=worker数量
+monitor.queue.activeworkers=活跃worker
+monitor.queue.maxnumberworkers=最大worker数量
 monitor.queue.numberinqueue=队列中的数量
-monitor.queue.review_add=审查 / 添加 worker
+monitor.queue.review_add=审查/添加worker
 monitor.queue.settings.title=池设置
 monitor.queue.settings.desc=因为工作者队列阻塞，池正在动态扩展。
 monitor.queue.settings.maxnumberworkers=最大工作者数量
-monitor.queue.settings.maxnumberworkers.placeholder=当前 %[1]d
+monitor.queue.settings.maxnumberworkers.placeholder=当前%[1]d
 monitor.queue.settings.maxnumberworkers.error=最大工作者数必须是数字
 monitor.queue.settings.submit=更新设置
 monitor.queue.settings.changed=设置已更新
@@ -3417,11 +3417,11 @@ notices.op=操作
 notices.delete_success=系统通知已被删除。
 self_check.no_problem_found=尚未发现问题。
 self_check.database_collation_mismatch=期望数据库使用的校验方式：%s
-self_check.database_collation_case_insensitive=数据库正在使用排序规则 %s，这是一个不敏感的排序规则。虽然 Forgejo 可以与其一同工作，但可能有一些罕见的情况存在问题。
-self_check.database_inconsistent_collation_columns=数据库正在使用 %s 排序规则，但是这些列使用了不匹配的排序规则，可能会造成一些意外问题。
-self_check.database_fix_mysql=对于 MySQL/MariaDB 用户，您可以使用“forgejo doctor convert”命令来修复排序规则问题，或者您也可以手动通过“ALTER ... COLLATE ...” SQL 修复该问题。
-auths.tips.gmail_settings = Gmail 设置：
-auths.tip.gitlab_new = 在 %s 上注册新应用
+self_check.database_collation_case_insensitive=数据库正在使用排序规则%s，这是一个不敏感的排序规则。虽然Forgejo可以与其一同工作，但可能有一些罕见的情况存在问题。
+self_check.database_inconsistent_collation_columns=数据库正在使用%s排序规则，但是这些列使用了不匹配的排序规则，可能会造成一些意外问题。
+self_check.database_fix_mysql=对于MySQL/MariaDB用户，您可以使用“forgejo doctor convert”命令来修复排序规则问题，或者您也可以手动通过“ALTER ... COLLATE ...”SQL修复该问题。
+auths.tips.gmail_settings = Gmail设置：
+auths.tip.gitlab_new = 在%s上注册新应用
 config_settings = 设置
 config_summary = 概况
 auths.default_domain_name = 用于电子邮件地址的默认域名
@@ -3434,65 +3434,65 @@ emails.delete = 删除电子邮件地址
 emails.delete_desc = 是否确定要删除此电子邮件地址？
 emails.deletion_success = 已删除此电子邮件地址。
 emails.delete_primary_email_error = 您无法删除主要电子邮件。
-config.cache_test_succeeded = 缓存测试成功，在 %s 中收到响应。
+config.cache_test_succeeded = 缓存测试成功，在%s中收到响应。
 users.activated.description = 完成电子邮件验证。在电子邮件验证完成之前，未激活账号的所有者将无法登录。
 users.block.description = 阻止此用户通过其账号与此服务交互，并禁止登录。
-users.admin.description = 授予此用户对通过 Web UI 和 API 提供的所有管理功能的完全访问权限。
+users.admin.description = 授予此用户对通过Web UI和API提供的所有管理功能的完全访问权限。
 users.restricted.description = 仅允许与添加此用户作为协作者的仓库和组织进行交互。这将阻止访问此实例上的公开仓库。
 users.local_import.description = 允许从服务器的本地文件系统导入仓库。这可能是一个安全问题。
 users.organization_creation.description = 允许创建新组织。
 monitor.duration = 时长（秒）
 
 [action]
-create_repo=创建了仓库 <a href="%s">%s</a>
-rename_repo=重命名仓库 <code>%[1]s</code> 为 <a href="%[2]s">%[3]s</a>
-commit_repo=推送到了仓库 <a href="%[1]s">%[4]s</a> 的 <a href="%[2]s">%[3]s</a> 分支
-create_issue=`创建了议题 <a href="%[1]s">%[3]s#%[2]s</a>`
-close_issue=`关闭了议题 <a href="%[1]s">%[3]s#%[2]s</a>`
-reopen_issue=`重新开放了议题 <a href="%[1]s">%[3]s#%[2]s</a>`
-create_pull_request=`创建了合并请求 <a href="%[1]s">%[3]s#%[2]s</a>`
-close_pull_request=`关闭了合并请求 <a href="%[1]s">%[3]s#%[2]s</a>`
-reopen_pull_request=`重新开放了合并请求 <a href="%[1]s">%[3]s#%[2]s</a>`
-comment_issue=`评论了议题 <a href="%[1]s">%[3]s#%[2]s</a>`
-comment_pull=`评论了合并请求 <a href="%[1]s">%[3]s#%[2]s</a>`
-merge_pull_request=`合并了合并请求 <a href="%[1]s">%[3]s#%[2]s</a>`
-auto_merge_pull_request=`自动合并了拉取请求 <a href="%[1]s">%[3]s#%[2]s</a>`
-transfer_repo=将仓库 <code>%s</code> 转移至 <a href="%s">%s</a>
-push_tag=推送了标签 <a href="%[2]s">%[3]s</a> 至仓库 <a href="%[1]s">%[4]s</a>
-delete_tag=从<a href="%[1]s">%[3]s</a> 删除了标签 %[2]s
-delete_branch=删除了 <a href="%[1]s">%[3]s</a> 的 <code>%[2]s</code> 分支
+create_repo=创建了仓库<a href="%s">%s</a>
+rename_repo=重命名仓库<code>%[1]s</code>为<a href="%[2]s">%[3]s</a>
+commit_repo=推送到了仓库<a href="%[1]s">%[4]s</a>的<a href="%[2]s">%[3]s</a>分支
+create_issue=创建了议题<a href="%[1]s">%[3]s#%[2]s</a>
+close_issue=关闭了议题<a href="%[1]s">%[3]s#%[2]s</a>
+reopen_issue=重新开放了议题<a href="%[1]s">%[3]s#%[2]s</a>
+create_pull_request=创建了合并请求<a href="%[1]s">%[3]s#%[2]s</a>
+close_pull_request=关闭了合并请求<a href="%[1]s">%[3]s#%[2]s</a>
+reopen_pull_request=重新开放了合并请求<a href="%[1]s">%[3]s#%[2]s</a>
+comment_issue=评论了议题<a href="%[1]s">%[3]s#%[2]s</a>
+comment_pull=评论了合并请求<a href="%[1]s">%[3]s#%[2]s</a>
+merge_pull_request=合并了合并请求<a href="%[1]s">%[3]s#%[2]s</a>
+auto_merge_pull_request=自动合并了拉取请求<a href="%[1]s">%[3]s#%[2]s</a>
+transfer_repo=将仓库<code>%s</code>转移至<a href="%s">%s</a>
+push_tag=推送了标签<a href="%[2]s">%[3]s</a>至仓库<a href="%[1]s">%[4]s</a>
+delete_tag=从<a href="%[1]s">%[3]s</a>删除了标签%[2]s
+delete_branch=删除了<a href="%[1]s">%[3]s</a>的<code>%[2]s</code>分支
 compare_branch=比较
-compare_commits=比较 %d 提交
+compare_commits=比较%d提交
 compare_commits_general=比较提交
-mirror_sync_push=从镜像同步了提交至仓库 <a href="%[1]s">%[4]s</a> 的 <a href="%[2]s">%[3]s</a> 分支
-mirror_sync_create=从镜像同步了引用 <a href="%[2]s">%[3]s</a> 至仓库 <a href="%[1]s">%[4]s</a>
-mirror_sync_delete=从镜像同步并从 <a href="%[1]s">%[3]s</a> 删除了引用 <code>%[2]s</code>
-approve_pull_request=`批准了 <a href="%[1]s">%[3]s#%[2]s</a>`
-reject_pull_request=`建议变更 <a href="%[1]s">%[3]s#%[2]s</a>`
-publish_release=`在 <a href="%[1]s">%[3]s</a> 发布了 <a href="%[2]s"> "%[4]s" </a>`
-review_dismissed=`取消了 <b>%[4]s</b> 对 <a href="%[1]s">%[3]s#%[2]s</a> 的变更请求`
+mirror_sync_push=从镜像同步了提交至仓库<a href="%[1]s">%[4]s</a>的<a href="%[2]s">%[3]s</a>分支
+mirror_sync_create=从镜像同步了引用<a href="%[2]s">%[3]s</a>至仓库<a href="%[1]s">%[4]s</a>
+mirror_sync_delete=从镜像同步并从<a href="%[1]s">%[3]s</a>删除了引用<code>%[2]s</code>
+approve_pull_request=批准了<a href="%[1]s">%[3]s#%[2]s</a>
+reject_pull_request=建议变更<a href="%[1]s">%[3]s#%[2]s</a>
+publish_release=在<a href="%[1]s">%[3]s</a>发布了<a href="%[2]s"> "%[4]s" </a>
+review_dismissed=取消了<b>%[4]s</b>对<a href="%[1]s">%[3]s#%[2]s</a>的变更请求
 review_dismissed_reason=原因：
-create_branch=于 <a href="%[1]s">%[4]s</a> 创建了分支 <a href="%[2]s">%[3]s</a>
-starred_repo=点赞了 <a href="%[1]s">%[2]s</a>
-watched_repo=开始关注 <a href="%[1]s">%[2]s</a>
+create_branch=于<a href="%[1]s">%[4]s</a>创建了分支<a href="%[2]s">%[3]s</a>
+starred_repo=点赞了<a href="%[1]s">%[2]s</a>
+watched_repo=开始关注<a href="%[1]s">%[2]s</a>
 
 [tool]
 now=现在
 future=将来
-1s=1 秒
+1s=1秒
 1m=1分钟
-1h=1 小时
-1d=1 天
-1w=1 周
-1mon=1 个月
-1y=1 年
-seconds=%d 秒
-minutes=%d 分钟
-hours=%d 小时
-days=%d 天
-weeks=%d 周
-months=%d 个月
-years=%d 年
+1h=1小时
+1d=1天
+1w=1周
+1mon=1个月
+1y=1年
+seconds=%d秒
+minutes=%d分钟
+hours=%d小时
+days=%d天
+weeks=%d周
+months=%d个月
+years=%d年
 raw_seconds=秒
 raw_minutes=分钟
 
@@ -3511,17 +3511,17 @@ error.unit_not_allowed=您没有权限访问此仓库单元。
 desc=管理仓库软件包。
 conan.details.repository=仓库
 owner.settings.cleanuprules.enabled=启用
-owner.settings.cleanuprules.keep.count.1=每个软件包 1 个版本
-owner.settings.cleanuprules.keep.count.n=每个软件包 %d 个版本
+owner.settings.cleanuprules.keep.count.1=每个软件包1个版本
+owner.settings.cleanuprules.keep.count.n=每个软件包%d个版本
 
 [secrets]
 secrets=密钥
-description=机密将被传给特定的 Action，其它情况将不能被读取。
+description=机密将被传给特定的Action，其它情况将不能被读取。
 none=还没有密钥。
 creation=添加密钥
 creation.name_placeholder=不区分大小写，只能包含英文字母、数字或下划线，不能以 GITEA_ 或 GITHUB_ 开头
 creation.value_placeholder=输入任何内容。开头和结尾的空格都会被省略。
-creation.success=您的密钥 '%s' 添加成功。
+creation.success=您的密钥'%s'添加成功。
 creation.failed=添加密钥失败。
 deletion=删除密钥
 deletion.description=删除密钥是永久性的，无法撤消。继续吗？
@@ -3536,9 +3536,9 @@ runs.no_runs=工作流尚未运行过。
 runs.empty_commit_message=（空白的提交消息）
 
 workflow.disable=禁用工作流
-workflow.disable_success=工作流 "%s" 已成功禁用。
+workflow.disable_success=工作流"%s"已成功禁用。
 workflow.enable=启用工作流
-workflow.enable_success=工作流 "%s" 已成功启用。
+workflow.enable_success=工作流"%s"已成功启用。
 workflow.disabled=工作流已禁用。
 
 need_approval_desc=该工作流由派生仓库的合并请求所触发，需要批准方可运行。
@@ -3549,7 +3549,7 @@ variables.creation=添加变量
 variables.none=目前还没有变量。
 variables.deletion=删除变量
 variables.deletion.description=删除变量是永久性的，无法撤消。继续吗？
-variables.description=变量将被传给特定的 Action，其它情况将不能被读取。
+variables.description=变量将被传给特定的Action，其它情况将不能被读取。
 variables.id_not_exist=ID为 %d 的变量不存在。
 variables.edit=编辑变量
 variables.deletion.failed=删除变量失败。
@@ -3558,16 +3558,16 @@ variables.creation.failed=添加变量失败。
 variables.creation.success=变量 “%s” 添加成功。
 variables.update.failed=编辑变量失败。
 variables.update.success=该变量已被编辑。
-workflow.dispatch.trigger_found = 此工作流有 <c>workflow_dispatch</c> 事件触发器。
+workflow.dispatch.trigger_found = 此工作流有<c>workflow_dispatch</c>事件触发器。
 workflow.dispatch.use_from = 使用工作流
 workflow.dispatch.invalid_input_type = 输入类型“%s”无效。
-workflow.dispatch.warn_input_limit = 仅显示前 %d 个输入。
+workflow.dispatch.warn_input_limit = 仅显示前%d个输入。
 workflow.dispatch.run = 运行工作流
 workflow.dispatch.success = 已成功请求工作流运行。
 workflow.dispatch.input_required = 需要输入“%s”的值。
 runs.expire_log_message = 已清除日志，因为它们太旧了。
-runs.no_workflows.help_write_access = 不知道如何上手 Forgejo Actions？查看<a target="_blank" rel="noopener noreferrer" href="%s">用户文档的快速上手部分</a>来编写你的第一个工作流，然后<a target="_blank" rel="noopener noreferrer" href="%s">配置一个 Forgejo 运行器</a>来运行你的任务。
-runs.no_workflows.help_no_write_access = 欲了解关于 Forgejo Actions 的更多信息，请参见<a target="_blank" rel="noopener noreferrer" href="%s">文档</a>。
+runs.no_workflows.help_write_access = 不知道如何上手Forgejo Actions？查看<a target="_blank" rel="noopener noreferrer" href="%s">用户文档的快速上手部分</a>来编写你的第一个工作流，然后<a target="_blank" rel="noopener noreferrer" href="%s">配置一个Forgejo运行器</a>来运行你的任务。
+runs.no_workflows.help_no_write_access = 欲了解关于Forgejo Actions的更多信息，请参见<a target="_blank" rel="noopener noreferrer" href="%s">文档</a>。
 variables.not_found = 找不到变量。
 
 [projects]
@@ -3588,25 +3588,25 @@ submodule=子模块
 
 [search]
 keyword_search_unavailable = 关键词搜索目前不可用。请联系站点管理员。
-search = 搜索…
-repo_kind = 搜索仓库…
-user_kind = 搜索用户…
-org_kind = 搜索组织…
-team_kind = 搜索团队…
-code_kind = 搜索代码…
+search = 搜索……
+repo_kind = 搜索仓库……
+user_kind = 搜索用户……
+org_kind = 搜索组织……
+team_kind = 搜索团队……
+code_kind = 搜索代码……
 code_search_unavailable = 代码搜索目前不可用。请联系站点管理员。
-package_kind = 搜索软件包…
-project_kind = 搜索项目…
-branch_kind = 搜索分支…
-commit_kind = 搜索提交…
-runner_kind = 搜索运行器…
+package_kind = 搜索软件包……
+project_kind = 搜索项目……
+branch_kind = 搜索分支……
+commit_kind = 搜索提交……
+runner_kind = 搜索运行器……
 no_results = 未找到匹配的结果。
 type_tooltip = 搜索类型
 fuzzy = 模糊
 fuzzy_tooltip = 包含与搜索词相近的结果
 exact = 精确
-issue_kind = 搜索议题…
-pull_kind = 搜索合并请求…
+issue_kind = 搜索议题……
+pull_kind = 搜索合并请求……
 exact_tooltip = 仅包含与搜索词精确匹配的结果
 union_tooltip = 包括与以空格分隔的关键字中任意一个相匹配的结果
 union = 交集
@@ -3617,8 +3617,8 @@ regexp_tooltip = 将搜索内容解释为正则表达式
 [munits.data]
 
 [markup]
-filepreview.line = %[2]s 中的第 %[1]d 行
-filepreview.lines = %[3]s 中的第 %[1]d 到 %[2]d 行
+filepreview.line = %[2]s中的第%[1]d行
+filepreview.lines = %[3]s中的第%[1]d到%[2]d行
 filepreview.truncated = 预览已被截断
 
 [translation_meta]
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index 44a89006fb..87290333de 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -1021,6 +1021,7 @@ quota.sizes.assets.attachments.issues = 問題附件
 quota.sizes.assets.attachments.releases = 版本發布附件
 keep_pronouns_private = 僅向已驗證的使用者顯示代名詞
 keep_pronouns_private.description = 這將對未登入的訪客隱藏您的代名詞。
+ssh_token_help_ssh_agent = 或者，如果您正在使用 SSH 代理（已設定 SSH_AUTH_SOCK 變數）：
 
 [repo]
 owner=所有者
diff --git a/options/locale_next/locale_ar.json b/options/locale_next/locale_ar.json
index 2c2ff1ec5f..20ed138baf 100644
--- a/options/locale_next/locale_ar.json
+++ b/options/locale_next/locale_ar.json
@@ -84,7 +84,6 @@
 	"packages.dependency.version": "الاصدار",
 	"packages.alpine.registry.key": "نزّل مفتاح RSA العام للتسجيل في المجلد <code>/etc/apk/keys/</code> للتحقق من توقيع الفهرس:",
 	"packages.generic.download": "نزّل الحزمة عبر سطر الأوامر:",
-	"packages.rpm.repository": "معلومات المستودع",
 	"packages.rpm.repository.architectures": "بنيات",
 	"packages.rpm.repository.multiple_groups": "هذه الحزمة متوفرة في مجموعات متعددة.",
 	"packages.swift.install": "اضف الحزمة إلى ملف <code>Package.swift</code>:",
diff --git a/options/locale_next/locale_be.json b/options/locale_next/locale_be.json
index a3723780f6..7faba26c21 100644
--- a/options/locale_next/locale_be.json
+++ b/options/locale_next/locale_be.json
@@ -67,7 +67,6 @@
 	"repo.issues.filter_reviewers.hint": "Фільтраваць па карыстальніку, які праверыў",
 	"repo.issues.filter_mention.hint": "Фільтраваць па згаданым карыстальніку",
 	"repo.issues.filter_modified.hint": "Фільтраваць па дате апошняй змены",
-	"repo.issues.filter_sort.hint": "Сартаваць па: створаны/каментары/абноўлены/дэдлайн",
 	"repo.pulls.poster_manage_approval": "Кіраваць зацвярджэннем",
 	"repo.pulls.poster_requires_approval": "Некаторыя працэсы <a href=\"%[1]s\">чакаюць рэвізіі.</a>",
 	"repo.pulls.poster_requires_approval.tooltip": "Аўтар гэтага запыту на зліццё не з’яўляецца надзейным для запуску працэсаў, якія запускаюцца запытам на зліццё, створаным з фаркаванага рэпазіторыя або з AGit. Працэсы, якія запускаюцца падзеяй `pull_request`, не будуць выконвацца, пакуль іх не зацвердзяць.",
diff --git a/options/locale_next/locale_bg.json b/options/locale_next/locale_bg.json
index e97ff261ba..43de5d6955 100644
--- a/options/locale_next/locale_bg.json
+++ b/options/locale_next/locale_bg.json
@@ -32,9 +32,9 @@
 	"notification.mark_all_as_read": "Отбелязване на всички като прочетени",
 	"notification.subscriptions": "Абонаменти",
 	"notification.watching": "Наблюдавани",
-	"notification.no_subscriptions": "Няма абонаменти",
+	"notification.no_subscriptions": "Нямате абонаменти.",
 	"dropzone.default_message": "Пуснете файлове тук или щракнете, за качване.",
-	"dropzone.invalid_input_type": "Не можете да качвате файлове от този тип.",
+	"dropzone.invalid_input_type": "Файлове от този тип не могат да се качват.",
 	"dropzone.file_too_big": "Размерът на файла ({{filesize}} MB) надвишава максималния размер от ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Премахване на файла",
 	"munits.data.b": "Б",
@@ -75,8 +75,6 @@
 	"packages.alpine.registry": "Настройте този регистър, като добавите URL адреса във вашия файл <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Изтеглете публичния RSA ключ на регистъра в папката <code>/etc/apk/keys/</code>, за да проверите подписа на индекса:",
 	"packages.alpine.registry.info": "Изберете $branch и $repository от списъка по-долу.",
-	"packages.alpine.install": "За да инсталирате пакета, изпълнете следната команда:",
-	"packages.alpine.repository": "За хранилището",
 	"packages.alpine.repository.branches": "Клонове",
 	"packages.alpine.repository.repositories": "Хранилища",
 	"packages.alpine.repository.architectures": "Архитектури",
@@ -89,7 +87,6 @@
 	"packages.arch.version.description": "Описание",
 	"packages.arch.version.provides": "Доставя",
 	"packages.arch.version.groups": "Група",
-	"packages.arch.version.depends": "Зависимости",
 	"packages.arch.version.optdepends": "Допълнителни зависимости",
 	"packages.arch.version.makedepends": "Зависимости за изграждането",
 	"packages.arch.version.checkdepends": "Зависимости за проверката",
@@ -98,11 +95,8 @@
 	"packages.cargo.registry": "Настройте този регистър в конфигурационния файл на Cargo (например <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "За да инсталирате пакета с Cargo, изпълнете следната команда:",
 	"packages.chef.registry": "Настройте този регистър във вашия файл <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "За да инсталирате пакета, изпълнете следната команда:",
 	"packages.composer.registry": "Настройте този регистър във вашия файл <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "За да инсталирате пакета с Composer, изпълнете следната команда:",
-	"packages.composer.dependencies": "Зависимости",
-	"packages.conan.registry": "Настройте този регистър от командния ред:",
 	"packages.conan.install": "За да инсталирате пакета с Conan, изпълнете следната команда:",
 	"packages.conda.registry": "Настройте този регистър като Conda хранилище във вашия файл <code>.condarc</code>:",
 	"packages.conda.install": "За да инсталирате пакета с Conda, изпълнете следната команда:",
@@ -116,23 +110,16 @@
 	"packages.container.labels.key": "Ключ",
 	"packages.container.labels.value": "Стойност",
 	"packages.cran.registry": "Настройте този регистър във вашия файл <code>Rprofile.site</code>:",
-	"packages.cran.install": "За да инсталирате пакета, изпълнете следната команда:",
-	"packages.debian.registry": "Настройте този регистър от командния ред:",
 	"packages.debian.registry.info": "Изберете $distribution и $component от списъка по-долу.",
-	"packages.debian.install": "За да инсталирате пакета, изпълнете следната команда:",
-	"packages.debian.repository": "Информация за хранилището",
 	"packages.debian.repository.distributions": "Дистрибуции",
 	"packages.debian.repository.components": "Компоненти",
 	"packages.debian.repository.architectures": "Архитектури",
 	"packages.generic.download": "Изтеглете пакета от командния ред:",
 	"packages.go.install": "Инсталирайте пакета от командния ред:",
-	"packages.helm.registry": "Настройте този регистър от командния ред:",
-	"packages.helm.install": "За да инсталирате пакета, изпълнете следната команда:",
 	"packages.maven.registry": "Настройте този регистър във файла на вашия проект <code>pom.xml</code>:",
 	"packages.maven.install": "За да използвате пакета, включете следното в блока <code>dependencies</code> във файла <code>pom.xml</code>:",
 	"packages.maven.install2": "Изпълнете през командния ред:",
 	"packages.maven.download": "За да изтеглите зависимостта, изпълнете през командния ред:",
-	"packages.nuget.registry": "Настройте този регистър от командния ред:",
 	"packages.nuget.install": "За да инсталирате пакета с NuGet, изпълнете следната команда:",
 	"packages.nuget.dependency.framework": "Целева платформа",
 	"packages.npm.registry": "Настройте този регистър във файла на вашия проект <code>.npmrc</code>:",
@@ -142,21 +129,14 @@
 	"packages.npm.details.tag": "Маркер",
 	"packages.pypi.requires": "Изисква Python",
 	"packages.pypi.install": "За да инсталирате пакета с pip, изпълнете следната команда:",
-	"packages.rpm.registry": "Настройте този регистър от командния ред:",
 	"packages.rpm.distros.redhat": "на дистрибуции, базирани на RedHat",
 	"packages.rpm.distros.suse": "на дистрибуции, базирани на SUSE",
-	"packages.rpm.install": "За да инсталирате пакета, изпълнете следната команда:",
-	"packages.rpm.repository": "Информация за хранилището",
 	"packages.rpm.repository.architectures": "Архитектури",
 	"packages.rpm.repository.multiple_groups": "Този пакет е наличен в няколко групи.",
-	"packages.alt.registry": "Настройте този регистър от командния ред:",
-	"packages.alt.registry.install": "За да инсталирате пакета, изпълнете следната команда:",
 	"packages.alt.install": "Инсталиране на пакет",
 	"packages.alt.setup": "Добавете хранилище към списъка със свързани хранилища (изберете необходимата архитектура вместо „_arch_“):",
-	"packages.alt.repository": "Информация за хранилището",
 	"packages.alt.repository.architectures": "Архитектури",
 	"packages.alt.repository.multiple_groups": "Този пакет е наличен в няколко групи.",
-	"packages.swift.registry": "Настройте този регистър от командния ред:",
 	"packages.swift.install": "Добавете пакета във вашия файл <code>Package.swift</code>:",
 	"packages.swift.install2": "и изпълнете следната команда:",
 	"packages.vagrant.install": "За да добавите Vagrant box, изпълнете следната команда:",
@@ -318,25 +298,36 @@
 		"other": "%s активни заявки за сливане"
 	},
 	"watch.n_watchers": {
-		"one": "наблюдател",
-		"other": "наблюдатели"
+		"one": "наблюдаващ",
+		"other": "наблюдаващи"
 	},
 	"repo.issues.filter_poster.hint": "Филтриране по автор",
-	"repo.issues.filter_assignee.hint": "Филтриране по назначен потребител",
-	"repo.issues.filter_reviewers.hint": "Филтриране по потребител, който е прегледал",
-	"repo.issues.filter_mention.hint": "Филтриране по споменат портребител",
-	"repo.issues.filter_modified.hint": "Филтрирай по дата на последното изменение",
-	"repo.issues.filter_sort.hint": "Сортиране по: създаден/коментари/актуализиран/краен срок",
-	"issues.updated": "актуализирано %s",
+	"repo.issues.filter_assignee.hint": "Филтриране по възложен потребител",
+	"repo.issues.filter_reviewers.hint": "Филтриране по потребител, който е рецензирал",
+	"repo.issues.filter_mention.hint": "Филтриране по споменат потребител",
+	"repo.issues.filter_modified.hint": "Филтриране по дата на последното изменение",
+	"issues.updated": "обновено %s",
 	"repo.pulls.poster_manage_approval": "Управление на одобренията",
-	"repo.pulls.poster_requires_approval": "Някои работни процеси са <a href=\"%[1]s\">в очакване на преглед.</a>",
-	"repo.pulls.poster_requires_approval.tooltip": "На автора на това искане за изтегляне не се доверява да изпълнява работни потоци, задействани от искане за изтегляне, създадено от разклонено хранилище или с AGit. Работните потоци, задействани от събитие `pull_request`, няма да се изпълняват, докато не бъдат одобрени.",
-	"repo.pulls.poster_is_trusted": "Авторът на това искане за изтегляне е <a href=\"%[1]s\">винаги надежден за изпълнение на работни процеси.</a>pick",
-	"repo.pulls.poster_is_trusted.tooltip": "На автора на това искане за изтегляне се предоставя изрично доверие да изпълнява работни потоци, задействани от събития `pull_request`.",
+	"repo.pulls.poster_requires_approval": "Някои работни процеси са <a href=\"%[1]s\">в очакване на рецензия</a>.",
+	"repo.pulls.poster_requires_approval.tooltip": "На автора на тази заявка за сливане не се доверява да изпълнява работни потоци, задействани от заявка за сливане, създадено от разклонено хранилище или с AGit. Работните потоци, задействани от събитие `pull_request`, няма да се изпълняват, докато не бъдат одобрени.",
+	"repo.pulls.poster_is_trusted": "Авторът на тази заявка за сливане е <a href=\"%[1]s\">винаги надежден за изпълнение на работни процеси</a>.",
+	"repo.pulls.poster_is_trusted.tooltip": "На автора на тази заявка за сливане се предоставя изрично доверие да изпълнява работни потоци, задействани от събития `pull_request`.",
 	"repo.pulls.poster_trust_deny": "Отказване",
 	"repo.pulls.poster_trust_deny.tooltip": "Работните процеси, които чакат одобрение, ще бъдат отменени.",
-	"repo.pulls.poster_trust_once": "Одобри веднъж",
-	"repo.pulls.poster_trust_always": "Одобрявай винаги",
+	"repo.pulls.poster_trust_once": "Одобряване веднъж",
+	"repo.pulls.poster_trust_always": "Одобряване винаги",
 	"repo.pulls.poster_trust_revoke": "Отмяна",
-	"repo.pulls.already_merged": "Сливането се провали: Тази заявка за сливане вече е била слята."
+	"repo.pulls.already_merged": "Сливането се провали: Тази заявка за сливане вече е била слята.",
+	"mail.actions.run_info_sha": "Подаване: %[1]s",
+	"discussion.sidebar.reference": "Препратка",
+	"moderation.action.account.suspend": "Замразяване на акаунта",
+	"moderation.users.cannot_suspend_self": "Не можете да замразите себе си.",
+	"actions.runners": "Изпълнители",
+	"actions.runners.runner_manage_panel": "Управление на изпълнителите",
+	"actions.runners.new": "Създаване на нов изпълнител",
+	"actions.runners.new_notice": "Как да стартирате изпълнител",
+	"actions.runners.status": "Състояние",
+	"actions.runners.status.unspecified": "Неизвестно",
+	"actions.runners.status.idle": "В покой",
+	"actions.runners.status.active": "Активен"
 }
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index 7383314347..a20495744f 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -208,7 +208,6 @@
 	"repo.issues.filter_modified.hint": "Filtra per la darrera data de modificació",
 	"repo.pulls.poster_manage_approval": "Gestiona l'aprovació",
 	"repo.pulls.poster_requires_approval": "Alguns fluxos de treball encara estan <a href=\"%[1]s\">pendents de revisió.</a>",
-	"repo.issues.filter_sort.hint": "Ordena per: creació/comentaris/actualització/termini",
 	"repo.pulls.poster_is_trusted": "L'autor d'aquesta «pull request» <a href=\"%[1]s\">sempre podrà executar fluxos de treball.</a>",
 	"repo.pulls.poster_is_trusted.tooltip": "L'autor d'aquesta «pull request» està explícitament autoritzat per a executar fluxos de treball a partir d'esdeveniments `pull_request`.",
 	"repo.pulls.poster_trust_deny": "Denega",
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 029cbe55ab..f037ecce2f 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -19,9 +19,9 @@
 	"notification.mark_all_as_read": "Označit vše jako přečtené",
 	"notification.subscriptions": "Odběry",
 	"notification.watching": "Sledované",
-	"notification.no_subscriptions": "Žádné odběry",
+	"notification.no_subscriptions": "Nemáte žádné odběry.",
 	"dropzone.default_message": "Přetáhněte soubory nebo klikněte sem pro nahrání.",
-	"dropzone.invalid_input_type": "Nemůžete nahrávat soubory tohoto typu.",
+	"dropzone.invalid_input_type": "Soubory tohoto typu nelze nahrát.",
 	"dropzone.file_too_big": "Velikost souboru ({{filesize}} MB) je vyšší než maximální velikost ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Smazat soubor",
 	"munits.data.b": "B",
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Nastavte tento registr přidáním adresy URL do souboru <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Stáhněte si veřejný RSA klíč registru do složky <code>/etc/apk/keys/</code> pro ověření podpisu indexu:",
 	"packages.alpine.registry.info": "Vyberte $branch a $repository ze seznamu níže.",
-	"packages.alpine.install": "Pro instalaci balíčku spusťte následující příkaz:",
-	"packages.alpine.repository": "Informace o repozitáři",
 	"packages.alpine.repository.branches": "Větve",
 	"packages.alpine.repository.repositories": "Repozitáře",
 	"packages.alpine.repository.architectures": "Architektury",
@@ -78,7 +76,6 @@
 	"packages.arch.version.description": "Popis",
 	"packages.arch.version.provides": "Poskytuje",
 	"packages.arch.version.groups": "Skupina",
-	"packages.arch.version.depends": "Závislosti",
 	"packages.arch.version.optdepends": "Volitelné závislosti",
 	"packages.arch.version.makedepends": "Závislosti Make",
 	"packages.arch.version.checkdepends": "Závislosti Check",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Nastavte tento registr v konfiguračním souboru Cargo (například <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Pro instalaci balíčku pomocí nástroje Cargo spusťte následující příkaz:",
 	"packages.chef.registry": "Nastavit tento registr v souboru <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "Pro instalaci balíčku spusťte následující příkaz:",
 	"packages.composer.registry": "Nastavit tento registr v souboru <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "Pro instalaci balíčku pomocí nástroje Composer spusťte následující příkaz:",
-	"packages.composer.dependencies": "Závislosti",
 	"packages.composer.dependencies.development": "Vývojové závislosti",
-	"packages.conan.registry": "Nastavte tento registr z příkazového řádku:",
 	"packages.conan.install": "Pro instalaci balíčku pomocí nástroje Conan spusťte následující příkaz:",
 	"packages.conda.registry": "Nastavte tento registr jako repozitář Conda ve vašem souboru <code>.condarc</code>:",
 	"packages.conda.install": "Pro instalaci balíčku pomocí nástroje Conda spusťte následující příkaz:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Klíč",
 	"packages.container.labels.value": "Hodnota",
 	"packages.cran.registry": "Nastavte tento registr v souboru <code>Rprofile.site</code>:",
-	"packages.cran.install": "Pro instalaci balíčku spusťte následující příkaz:",
-	"packages.debian.registry": "Nastavte tento registr z příkazového řádku:",
 	"packages.debian.registry.info": "Vyberte $distribution a $component ze seznamu níže.",
-	"packages.debian.install": "Pro instalaci balíčku spusťte následující příkaz:",
-	"packages.debian.repository": "Informace o repozitáři",
 	"packages.debian.repository.distributions": "Distribuce",
 	"packages.debian.repository.components": "Komponenty",
 	"packages.debian.repository.architectures": "Architektury",
 	"packages.generic.download": "Stáhněte balíček z příkazové řádky:",
 	"packages.go.install": "Nainstalujte balíček z příkazové řádky:",
-	"packages.helm.registry": "Nastavte tento registr z příkazového řádku:",
-	"packages.helm.install": "Pro instalaci balíčku spusťte následující příkaz:",
 	"packages.maven.registry": "Nastavte tento registr v souboru <code>pom.xml</code> vašeho projektu:",
 	"packages.maven.install": "Pro použití balíčku přidejte následující do bloku <code>dependencies</code> v souboru <code>pom.xml</code>:",
 	"packages.maven.install2": "Spusťte pomocí příkazové řádky:",
 	"packages.maven.download": "Pro stáhnutí závislosti spusťte následující příkaz v příkazovém řádku:",
-	"packages.nuget.registry": "Nastavte tento registr z příkazového řádku:",
 	"packages.nuget.install": "Pro instalaci balíčku pomocí NuGet spusťte následující příkaz:",
 	"packages.nuget.dependency.framework": "Cílový framework",
 	"packages.npm.registry": "Nastavte tento registr v souboru <code>.npmrc</code> ve vašem projektu:",
 	"packages.npm.install": "Pro instalaci balíčku pomocí npm spusťte následující příkaz:",
 	"packages.npm.install2": "nebo ho přidejte do souboru package.json:",
-	"packages.npm.dependencies": "Závislosti",
 	"packages.npm.dependencies.development": "Vývojové závislosti",
 	"packages.npm.dependencies.bundle": "Přidružené závislosti",
 	"packages.npm.dependencies.peer": "Vzájemné závislosti",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Značka",
 	"packages.pypi.requires": "Vyžaduje Python",
 	"packages.pypi.install": "Pro instalaci balíčku pomocí pip spusťte následující příkaz:",
-	"packages.rpm.registry": "Nastavte tento registr z příkazového řádku:",
 	"packages.rpm.distros.redhat": "na distribucích založených na RedHat",
 	"packages.rpm.distros.suse": "na distribucích založených na SUSE",
-	"packages.rpm.install": "Pro instalaci balíčku spusťte následující příkaz:",
-	"packages.rpm.repository": "Informace o repozitáři",
 	"packages.rpm.repository.architectures": "Architektury",
 	"packages.rpm.repository.multiple_groups": "Tento balíček je dostupný v několika skupinách.",
-	"packages.alt.registry": "Nastavte tento registr z příkazového řádku:",
-	"packages.alt.registry.install": "Pro instalaci balíčku spusťte následující příkaz:",
 	"packages.alt.install": "Instalovat balíček",
 	"packages.alt.setup": "Přidejte repozitář do seznamu připojených repozitářů (místo „_arch_“ zvolte potřebnou architekturu):",
-	"packages.alt.repository": "Informace o repozitáři",
 	"packages.alt.repository.architectures": "Architektury",
 	"packages.alt.repository.multiple_groups": "Tento balíček je dostupný v několika skupinách.",
 	"packages.rubygems.install": "Pro instalaci balíčku pomocí gem spusťte následující příkaz:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Vývojové závislosti",
 	"packages.rubygems.required.ruby": "Vyžaduje verzi Ruby",
 	"packages.rubygems.required.rubygems": "Vyžaduje verzi RubyGem",
-	"packages.swift.registry": "Nastavte tento registr z příkazového řádku:",
 	"packages.swift.install": "Přidejte balíček do svého souboru <code>Package.swift</code>:",
 	"packages.swift.install2": "a spusťte následující příkaz:",
 	"packages.vagrant.install": "Pro přidání Vagrant box spusťte následující příkaz:",
@@ -409,10 +388,10 @@
 	"actions.runners.task_list.repository": "Repozitář",
 	"actions.runners.task_list.commit": "Revize",
 	"actions.runners.task_list.done_at": "Dokončeno v",
-	"actions.runners.edit_runner": "Upravit Runner",
-	"actions.runners.update_runner.button": "Aktualizovat změny",
-	"actions.runners.update_runner.success": "Runner byl úspěšně aktualizován",
-	"actions.runners.update_runner.failed": "Aktualizace runneru se nezdařila",
+	"actions.runners.edit_runner": "Upravit runner",
+	"actions.runners.update_runner.button": "Uložit změny",
+	"actions.runners.update_runner.success": "Runner byl úspěšně upraven",
+	"actions.runners.update_runner.failed": "Nepodařilo se upravit runner",
 	"actions.runners.delete_runner.button": "Odstranit tento runner",
 	"actions.runners.delete_runner.success": "Runner byl úspěšně odstraněn",
 	"actions.runners.delete_runner.failed": "Odstranění runneru selhalo",
@@ -452,7 +431,7 @@
 	"repo.pulls.poster_manage_approval": "Spravovat schválení",
 	"repo.pulls.poster_requires_approval": "Některé běhy workflow <a href=\"%[1]s\">čekají na kontrolu</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "Autor této žádosti o sloučení není oprávněn spouštět běhy workflow iniciovaných žádostí o sloučení vytvořenou z forku repozitáře nebo pomocí AGit. Běhy workflow spuštěné událostí `pull_request` se nespustí, dokud nebudou schváleny.",
-	"repo.pulls.poster_is_trusted": "Autor této žádosti o sloučení je <a href=\"%[1]s\">oprávněný spouštět běhy workflow</a>.",
+	"repo.pulls.poster_is_trusted": "Autor této žádosti o sloučení je <a href=\"%[1]s\">oprávněn spouštět běhy workflow</a>.",
 	"repo.pulls.poster_is_trusted.tooltip": "Autor této žádosti o sloučení je explicitně oprávněný spouštět běhy workflow iniciované událostmi `pull_request`.",
 	"repo.pulls.poster_trust_deny": "Zamítnout",
 	"repo.pulls.poster_trust_deny.tooltip": "Běhy workflow čekající na schválení budou zrušeny.",
@@ -483,7 +462,6 @@
 	"repo.issues.filter_reviewers.hint": "Filtrovat podle uživatele, který prováděl kontrolu",
 	"repo.issues.filter_mention.hint": "Filtrovat podle zmíněného uživatele",
 	"repo.issues.filter_modified.hint": "Filtrovat podle data poslední úpravy",
-	"repo.issues.filter_sort.hint": "Seřadit podle: vytvořeno/komentáře/aktualizováno/termín",
 	"search.syntax": "Syntaxe vyhledávání",
 	"actions.workflow.persistent_incomplete_matrix": "Nepodařilo se vyhodnotit `strategy.matrix` úlohy %[1]s z důvodu výrazu `needs`, který byl neplatný. Může odkazovat na úlohu, která není v seznamu „needs“ (%[2]s), nebo výstup, který v jedné z těchto úloh neexistuje.",
 	"admin.auths.oauth2_quota_group_claim_name": "Zabrat název poskytující názvy skupin pro tento zdroj k použití ve správě kvót. (Volitelné)",
@@ -538,5 +516,12 @@
 	"actions.secrets.creation.name_description": "Název tajného klíče může obsahovat pouze písmena, čísla a podtržítka. Nesmí začínat textem FORGEJO_, GITEA_, GITHUB_ nebo číslem. Forgejo jej automaticky převede na velká písmena.",
 	"actions.secrets.creation.value_description": "Hodnota tajného klíče může být jakýkoli text. Speciální znaky zůstanou zachovány. CRLF (zakončení řádků ve stylu Windows) budou automaticky převedeny na LF. Zakódujte hodnotu pomocí Base64, pokud chcete zachovat zakončení řádků.",
 	"actions.variables.mutation.name_description": "Název proměnné může obsahovat pouze písmena, čísla a podtržítka. Nesmí mít název CI nebo začínat textem FORGEJO_, GITEA_, GITHUB_ nebo číslem. Forgejo jej automaticky převede na velká písmena.",
-	"actions.variables.mutation.value_description": "Hodnota proměnné může být jakýkoli text. Speciální znaky zůstanou zachovány. CRLF (zakončení řádků ve stylu Windows) budou automaticky převedeny na LF. Zakódujte hodnotu pomocí Base64, pokud chcete zachovat zakončení řádků."
+	"actions.variables.mutation.value_description": "Hodnota proměnné může být jakýkoli text. Speciální znaky zůstanou zachovány. CRLF (zakončení řádků ve stylu Windows) budou automaticky převedeny na LF. Zakódujte hodnotu pomocí Base64, pokud chcete zachovat zakončení řádků.",
+	"issues.filters.labels.exclude": "Nezahrnovat štítek",
+	"issues.filters.labels.unexclude": "Vymazat nezahrnutí",
+	"packages.common.install": "Pro instalaci balíčku spusťte následující příkaz:",
+	"packages.common.registry": "Nastavte tento registr z příkazového řádku:",
+	"packages.common.repository": "Informace o repozitáři",
+	"actions.runs.all_runs_link": "všechny běhy",
+	"repo.issues.filter_sort.hint_with_placeholder": "Řadit podle: %s"
 }
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index 0bbff127e2..f6845d4853 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -124,8 +124,6 @@
 	"packages.alpine.registry": "Konfigurer dette register ved at tilføje url'en i din <code>/etc/apk/repositories</code> fil:",
 	"packages.alpine.registry.key": "Download den offentlige RSA-nøgle til registreringsdatabasen i mappen <code>/etc/apk/keys/</code> for at bekræfte indekssignaturen:",
 	"packages.alpine.registry.info": "Vælg $branch og $repository fra listen nedenfor.",
-	"packages.alpine.install": "For at installere pakken skal du køre følgende kommando:",
-	"packages.alpine.repository": "Depot info",
 	"packages.alpine.repository.branches": "Grene",
 	"packages.alpine.repository.repositories": "Depoter",
 	"packages.alpine.repository.architectures": "Arkitekturer",
@@ -138,7 +136,6 @@
 	"packages.arch.version.description": "Beskrivelse",
 	"packages.arch.version.provides": "Forsyner",
 	"packages.arch.version.groups": "Gruppe",
-	"packages.arch.version.depends": "Afhænger",
 	"packages.arch.version.optdepends": "Valgfri afhænger",
 	"packages.arch.version.makedepends": "Gør afhænger",
 	"packages.arch.version.checkdepends": "Check afhænger",
@@ -148,12 +145,9 @@
 	"packages.cargo.registry": "Konfigurer dette register i Cargo-konfigurationsfilen (for eksempel <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "For at installere pakken ved hjælp af Cargo skal du køre følgende kommando:",
 	"packages.chef.registry": "Konfigurer dette register i din <code>~/.chef/config.rb</code> fil:",
-	"packages.chef.install": "For at installere pakken skal du køre følgende kommando:",
 	"packages.composer.registry": "Konfigurer dette register i din <code>~/.composer/config.json</code> fil:",
 	"packages.composer.install": "For at installere pakken ved hjælp af Composer skal du køre følgende kommando:",
-	"packages.composer.dependencies": "Afhængigheder",
 	"packages.composer.dependencies.development": "Udviklingsafhængigheder",
-	"packages.conan.registry": "Konfigurer dette register fra kommandolinjen:",
 	"packages.conan.install": "For at installere pakken ved hjælp af Conan skal du køre følgende kommando:",
 	"packages.conda.registry": "Konfigurer dette register som et Conda-depot i din <code>.condarc</code>-fil:",
 	"packages.conda.install": "For at installere pakken ved hjælp af Conda skal du køre følgende kommando:",
@@ -168,29 +162,21 @@
 	"packages.container.labels.key": "Nøgle",
 	"packages.container.labels.value": "Værdi",
 	"packages.cran.registry": "Konfigurer dette register i din <code>Rprofile.site</code> fil:",
-	"packages.cran.install": "For at installere pakken skal du køre følgende kommando:",
-	"packages.debian.registry": "Konfigurer dette register fra kommandolinjen:",
 	"packages.debian.registry.info": "Vælg $distribution og $component fra listen nedenfor.",
-	"packages.debian.install": "For at installere pakken skal du køre følgende kommando:",
-	"packages.debian.repository": "Depot info",
 	"packages.debian.repository.distributions": "Fordelinger",
 	"packages.debian.repository.components": "Komponenter",
 	"packages.debian.repository.architectures": "Arkitekturer",
 	"packages.generic.download": "Download pakken fra kommandolinjen:",
 	"packages.go.install": "Installer pakken fra kommandolinjen:",
-	"packages.helm.registry": "Konfigurer dette register fra kommandolinjen:",
-	"packages.helm.install": "For at installere pakken skal du køre følgende kommando:",
 	"packages.maven.registry": "Konfigurer denne registreringsdatabasen i din projekt <code>pom.xml</code> fil:",
 	"packages.maven.install": "For at bruge pakken skal du inkludere følgende i blokken <code>afhængigheder</code> i filen <code>pom.xml</code>:",
 	"packages.maven.install2": "Kør via kommandolinje:",
 	"packages.maven.download": "For at downloade afhængigheden skal du køre via kommandolinjen:",
-	"packages.nuget.registry": "Konfigurer dette register fra kommandolinjen:",
 	"packages.nuget.install": "For at installere pakken ved hjælp af NuGet skal du køre følgende kommando:",
 	"packages.nuget.dependency.framework": "Mål Framework",
 	"packages.npm.registry": "Konfigurer denne registreringsdatabase i din projekt-<code>.npmrc</code>-fil:",
 	"packages.npm.install": "For at installere pakken ved hjælp af npm skal du køre følgende kommando:",
 	"packages.npm.install2": "eller føj det til filen package.json:",
-	"packages.npm.dependencies": "Afhængigheder",
 	"packages.npm.dependencies.development": "Udviklingsafhængigheder",
 	"packages.npm.dependencies.bundle": "Samlede afhængigheder",
 	"packages.npm.dependencies.peer": "Peer-afhængigheder",
@@ -198,18 +184,12 @@
 	"packages.npm.details.tag": "Tag",
 	"packages.pypi.requires": "Kræver Python",
 	"packages.pypi.install": "For at installere pakken ved hjælp af pip skal du køre følgende kommando:",
-	"packages.rpm.registry": "Konfigurer dette register fra kommandolinjen:",
 	"packages.rpm.distros.redhat": "på RedHat-baserede distributioner",
 	"packages.rpm.distros.suse": "på SUSE-baserede distributioner",
-	"packages.rpm.install": "For at installere pakken skal du køre følgende kommando:",
-	"packages.rpm.repository": "Depot info",
 	"packages.rpm.repository.architectures": "Arkitekturer",
 	"packages.rpm.repository.multiple_groups": "Denne pakke er tilgængelig i flere grupper.",
-	"packages.alt.registry": "Konfigurer dette register fra kommandolinjen:",
-	"packages.alt.registry.install": "For at installere pakken skal du køre følgende kommando:",
 	"packages.alt.install": "Installer pakken",
 	"packages.alt.setup": "Tilføj et depot til listen over tilsluttede arkiver (vælg den nødvendige arkitektur i stedet for \"_arch_\"):",
-	"packages.alt.repository": "Depot info",
 	"packages.alt.repository.architectures": "Arkitekturer",
 	"packages.alt.repository.multiple_groups": "Denne pakke er tilgængelig i flere grupper.",
 	"packages.rubygems.install": "For at installere pakken ved hjælp af gem skal du køre følgende kommando:",
@@ -218,7 +198,6 @@
 	"packages.rubygems.dependencies.development": "Udviklingsafhængigheder",
 	"packages.rubygems.required.ruby": "Kræver Ruby version",
 	"packages.rubygems.required.rubygems": "Kræver RubyGem version",
-	"packages.swift.registry": "Konfigurer dette register fra kommandolinjen:",
 	"packages.swift.install": "Tilføj pakken i din <code>Package.swift</code>-fil:",
 	"packages.swift.install2": "og kør følgende kommando:",
 	"packages.vagrant.install": "For at tilføje en Vagrant-boks skal du køre følgende kommando:",
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 48cf6545c2..0f93d35113 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -19,7 +19,7 @@
 	"notification.mark_all_as_read": "Alle als gelesen markieren",
 	"notification.subscriptions": "Abonnements",
 	"notification.watching": "Beobachtet",
-	"notification.no_subscriptions": "Keine Abonnements",
+	"notification.no_subscriptions": "Du hast keine Abonnements.",
 	"dropzone.default_message": "Zum Hochladen hier klicken oder Datei ablegen.",
 	"dropzone.invalid_input_type": "Dateien dieses Dateityps können nicht hochgeladen werden.",
 	"dropzone.file_too_big": "Dateigröße ({{filesize}} MB) überschreitet die Maximalgröße ({{maxFilesize}} MB).",
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Richte diese Registry ein, indem Du die URL in die <code>/etc/apk/repositories</code>-Datei hinzufügst:",
 	"packages.alpine.registry.key": "Lade den öffentlichen RSA-Key der Registry in den <code>/etc/apk/keys/</code>-Ordner, um die Signatur zu überprüfen:",
 	"packages.alpine.registry.info": "Wähle $branch und $repository aus der Liste unten.",
-	"packages.alpine.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
-	"packages.alpine.repository": "Repository-Informationen",
 	"packages.alpine.repository.branches": "Branches",
 	"packages.alpine.repository.repositories": "Repositorys",
 	"packages.alpine.repository.architectures": "Architekturen",
@@ -78,22 +76,18 @@
 	"packages.arch.version.description": "Beschreibung",
 	"packages.arch.version.provides": "Bietet",
 	"packages.arch.version.groups": "Gruppe",
-	"packages.arch.version.depends": "Hängt ab von",
-	"packages.arch.version.optdepends": "Optionale Abhängigkeit",
-	"packages.arch.version.makedepends": "Make-Abhängigkeit",
-	"packages.arch.version.checkdepends": "Prüfungs-Abhängigkeit",
+	"packages.arch.version.optdepends": "Optionale Abhängigkeiten",
+	"packages.arch.version.makedepends": "Make-Abhängigkeiten",
+	"packages.arch.version.checkdepends": "Prüfungs-Abhängigkeiten",
 	"packages.arch.version.conflicts": "Konflikte",
 	"packages.arch.version.replaces": "Ersetzt",
 	"packages.arch.version.backup": "Backup",
 	"packages.cargo.registry": "Richte diese Registry in der Cargo-Konfigurationsdatei ein (z.B. <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Um das Paket mit Cargo zu installieren, führe den folgenden Befehl aus:",
 	"packages.chef.registry": "Richte diese Registry in deiner <code>~/.chef/config.rb</code>-Datei ein:",
-	"packages.chef.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
 	"packages.composer.registry": "Setze diese Paketverwaltung in deiner <code>~/.composer/config.json</code>-Datei auf:",
 	"packages.composer.install": "Nutze folgenden Befehl, um das Paket mit Composer zu installieren:",
-	"packages.composer.dependencies": "Abhängigkeiten",
 	"packages.composer.dependencies.development": "Entwicklungsabhängigkeiten",
-	"packages.conan.registry": "Diese Registry über die Kommandozeile einrichten:",
 	"packages.conan.install": "Um das Paket mit Conan zu installieren, führe den folgenden Befehl aus:",
 	"packages.conda.registry": "Richte diese Registry als Conda-Repository in deiner <code>.condarc</code>-Datei ein:",
 	"packages.conda.install": "Um das Paket mit Conda zu installieren, führe den folgenden Befehl aus:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Schlüssel",
 	"packages.container.labels.value": "Wert",
 	"packages.cran.registry": "Richte diese Registry in deiner <code>Rprofile.site</code>-Datei ein:",
-	"packages.cran.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
-	"packages.debian.registry": "Diese Registry über die Kommandozeile einrichten:",
 	"packages.debian.registry.info": "Wähle $distribution und $component aus der Liste unten.",
-	"packages.debian.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
-	"packages.debian.repository": "Repository-Informationen",
 	"packages.debian.repository.distributions": "Distributionen",
 	"packages.debian.repository.components": "Komponenten",
 	"packages.debian.repository.architectures": "Architekturen",
 	"packages.generic.download": "Lade das Paket mit der Kommandozeile herunter:",
 	"packages.go.install": "Installiere das Paket über die Kommandozeile:",
-	"packages.helm.registry": "Diese Paketverwaltung über die Kommandozeile einrichten:",
-	"packages.helm.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
 	"packages.maven.registry": "Setze diese Paketverwaltung in der <code>pom.xml</code> deines Projektes auf:",
 	"packages.maven.install": "Um das Paket zu verwenden, nimm Folgendes in den <code>dependencies</code>-Block in der <code>pom.xml</code>-Datei auf:",
 	"packages.maven.install2": "Über die Kommandozeile ausführen:",
 	"packages.maven.download": "Nutze folgendes Kommando, um die Abhängigkeit herunterzuladen:",
-	"packages.nuget.registry": "Diese Registry über die Kommandozeile einrichten:",
 	"packages.nuget.install": "Um das Paket mit NuGet zu installieren, führe den folgenden Befehl aus:",
 	"packages.nuget.dependency.framework": "Zielframework",
 	"packages.npm.registry": "Setze diese Paketverwaltung in der <code>.npmrc</code> deines Projektes auf:",
 	"packages.npm.install": "Um das Paket mit npm zu installieren, führe den folgenden Befehl aus:",
 	"packages.npm.install2": "oder füge es zur package.json-Datei hinzu:",
-	"packages.npm.dependencies": "Abhängigkeiten",
 	"packages.npm.dependencies.development": "Entwicklungsabhängigkeiten",
 	"packages.npm.dependencies.bundle": "Gebündelte Abhängigkeiten",
 	"packages.npm.dependencies.peer": "Peer-Abhängigkeiten",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Tag",
 	"packages.pypi.requires": "Erfordert Python",
 	"packages.pypi.install": "Nutze folgenden Befehl, um das Paket mit pip zu installieren:",
-	"packages.rpm.registry": "Diese Registry über die Kommandozeile einrichten:",
 	"packages.rpm.distros.redhat": "auf RedHat-basierten Distributionen",
 	"packages.rpm.distros.suse": "auf SUSE-basierten Distributionen",
-	"packages.rpm.install": "Nutze folgenden Befehl, um das Paket zu installieren:",
-	"packages.rpm.repository": "Repository-Info",
 	"packages.rpm.repository.architectures": "Architekturen",
 	"packages.rpm.repository.multiple_groups": "Dieses Paket ist in mehreren Gruppen verfügbar.",
-	"packages.alt.registry": "Diese Registry von der Befehlszeile aus einrichten:",
-	"packages.alt.registry.install": "Um das Paket zu installieren, folgenden Befehl ausführen:",
 	"packages.alt.install": "Paket installieren",
 	"packages.alt.setup": "Ein Repository zur Liste der verbundenen Repositorys hinzufügen (wähle die nötige Architektur anstelle von „_arch_“):",
-	"packages.alt.repository": "Repository-Infos",
 	"packages.alt.repository.architectures": "Architekturen",
 	"packages.alt.repository.multiple_groups": "Dieses Paket ist in verschiedenen Gruppen verfügbar.",
 	"packages.rubygems.install": "Um das Paket mit gem zu installieren, führe den folgenden Befehl aus:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Entwicklungsabhängigkeiten",
 	"packages.rubygems.required.ruby": "Benötigt Ruby-Version",
 	"packages.rubygems.required.rubygems": "Benötigt RubyGem-Version",
-	"packages.swift.registry": "Diese Registry über die Kommandozeile einrichten:",
 	"packages.swift.install": "Füge das Paket deiner <code>Package.swift</code>-Datei hinzu:",
 	"packages.swift.install2": "und führe den folgenden Befehl aus:",
 	"packages.vagrant.install": "Um eine Vagrant-Box hinzuzufügen, führe den folgenden Befehl aus:",
@@ -391,14 +370,14 @@
 	"actions.runners.last_online": "Letzte Online-Zeit",
 	"actions.runners.runner_title": "Runner",
 	"actions.runners.task_list": "Letzte Aufgaben dieses Runners",
-	"actions.runners.task_list.no_tasks": "Es gibt noch keine Aufgabe.",
+	"actions.runners.task_list.no_tasks": "Es gibt noch keine Aufgaben.",
 	"actions.runners.task_list.run": "Ausführen",
 	"actions.runners.task_list.status": "Status",
 	"actions.runners.task_list.repository": "Repository",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Fertig um",
 	"actions.runners.edit_runner": "Runner bearbeiten",
-	"actions.runners.update_runner.button": "Änderungen anwenden",
+	"actions.runners.update_runner.button": "Änderungen speichern",
 	"actions.runners.update_runner.success": "Runner erfolgreich aktualisiert",
 	"actions.runners.update_runner.failed": "Der Runner konnte nicht aktualisiert werden",
 	"actions.runners.delete_runner.button": "Diesen Runner löschen",
@@ -436,9 +415,9 @@
 	"teams.add_all_repos.modal.header": "Alle Repositorys hinzufügen",
 	"teams.remove_all_repos.modal.header": "Alle Repositorys entfernen",
 	"repo.pulls.poster_manage_approval": "Genehmigung verwalten",
-	"repo.pulls.poster_requires_approval": "Einige Workflows <a href=\"%[1]s\">warten auf die Sichtung.</a>",
+	"repo.pulls.poster_requires_approval": "Einige Workflows <a href=\"%[1]s\">warten auf die Sichtung</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "Dem Autor dieses Pull-Requests wird nicht vertraut, Workflows auszuführen, die von einem Pull-Request von einem geforkten Repository oder von AGit ausgelöst wurden. Die Workflows, die von einem `pull_request`-Ereignis ausgelöst wurden, werden nicht ausgeführt, bis sie genehmigt werden.",
-	"repo.pulls.poster_is_trusted": "Dem Autor dieses Pull-Requests wird <a href=\"%[1]s\">immer vertraut, Workflows auszuführen.</a>",
+	"repo.pulls.poster_is_trusted": "Dem Autor dieses Pull-Requests wird <a href=\"%[1]s\">immer vertraut, Workflows auszuführen</a>.",
 	"repo.pulls.poster_is_trusted.tooltip": "Dem Autor dieses Pull-Requests wird explizit vertraut, Workflows, die von `pull_request`-Ereignissen ausgelöst wurden, auszuführen.",
 	"repo.pulls.poster_trust_deny": "Ablehnen",
 	"repo.pulls.poster_trust_deny.tooltip": "Die Workflows, die auf eine Genehmigung warten, werden abgebrochen.",
@@ -467,7 +446,6 @@
 	"repo.issues.filter_reviewers.hint": "Nach Benutzer, der gesichtet hat, filtern",
 	"repo.issues.filter_mention.hint": "Nach erwähntem Benutzer filtern",
 	"repo.issues.filter_modified.hint": "Nach letzten modifiziertem Datum filtern",
-	"repo.issues.filter_sort.hint": "Sortieren nach: created/comments/updated/deadline",
 	"search.syntax": "Suchsyntax",
 	"admin.dashboard.transfer_lingering_logs": "Aktionslogs von fertigen Aktions-Jobs aus der Datenbank in den Speicher übertragen",
 	"actions.workflow.persistent_incomplete_matrix": "`strategy.matrix` vom Job %[1]s konnte aufgrund eines ungültigen `needs`-Ausdrucks nicht ausgewertet werden. Er könnte auf einen Job verweisen, der nicht in seiner „needs“-Liste (%[2]s) ist, oder auf eine Ausgabe, die in keinem dieser Jobs existiert.",
@@ -523,5 +501,12 @@
 	"actions.secrets.creation.name_description": "Der Name eines Geheimnisses darf nur Buchstaben, Ziffern und Unterstriche enthalten. Es darf nicht mit „FORGEJO_“, „GITEA_“, „GITHUB_“ oder einer Zahl anfangen. Forgejo wird es automatisch in Großbuchstaben umwandeln.",
 	"actions.secrets.creation.value_description": "Der Wert eines Geheimnisses kann jeder Text sein. Sonderzeichen werden beibehalten. CRLF (Zeilenumbrüche im Windows-Stil) werden automatisch zu LF konvertiert. Kodieren Sie den Wert mit Base64, falls Zeilenumbrüche beibehalten werden sollen.",
 	"actions.variables.mutation.name_description": "Der Name einer Variable kann nur Buchstaben, Ziffern und Unterstriche enthalten. Er darf nicht „CI“ lauten oder mit „FORGEJO_“, „GITEA_“, „GITHUB_“ oder einer Zahl beginnen. Forgejo wird ihn automatisch zu Großbuchstaben umwandeln.",
-	"actions.variables.mutation.value_description": "Der Wert einer Variablen kann jeder Text sein. Sonderzeichen werden beibehalten. CRLF (Zeilenumbrüche im Windows-Stil) werden automatisch zu LF konvertiert. Kodieren Sie den Wert mit Base64, falls Zeilenumbrüche beibehalten werden sollen."
+	"actions.variables.mutation.value_description": "Der Wert einer Variablen kann jeder Text sein. Sonderzeichen werden beibehalten. CRLF (Zeilenumbrüche im Windows-Stil) werden automatisch zu LF konvertiert. Kodieren Sie den Wert mit Base64, falls Zeilenumbrüche beibehalten werden sollen.",
+	"issues.filters.labels.exclude": "Label ausschließen",
+	"issues.filters.labels.unexclude": "Ausschließung aufheben",
+	"packages.common.install": "Um das Paket zu installieren, folgenden Befehl ausführen:",
+	"packages.common.registry": "Diese Registry von der Befehlszeile aus einrichten:",
+	"packages.common.repository": "Repository-Infos",
+	"actions.runs.all_runs_link": "alle Durchläufe",
+	"repo.issues.filter_sort.hint_with_placeholder": "Sortieren nach: %"
 }
diff --git a/options/locale_next/locale_el-GR.json b/options/locale_next/locale_el-GR.json
index 2b3bdb20d4..d1c069af67 100644
--- a/options/locale_next/locale_el-GR.json
+++ b/options/locale_next/locale_el-GR.json
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Ρυθμίστε αυτό το μητρώο προσθέτοντας το url στο αρχείο <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Αποθηκεύστε το δημόσιο κλειδί RSA του μητρώου στο φάκελο <code>/etc/apk/keys/</code> για να επαληθεύσετε την υπογραφή ευρετηρίου:",
 	"packages.alpine.registry.info": "Επιλέξτε $branch και $repository από την παρακάτω λίστα.",
-	"packages.alpine.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
-	"packages.alpine.repository": "Πληροφορίες αποθετηρίου",
 	"packages.alpine.repository.branches": "Κλάδοι",
 	"packages.alpine.repository.repositories": "Αποθετήρια",
 	"packages.alpine.repository.architectures": "Αρχιτεκτονικές",
@@ -78,7 +76,6 @@
 	"packages.arch.version.description": "Περιγραφή",
 	"packages.arch.version.provides": "Προσφέρει",
 	"packages.arch.version.groups": "Γκρουπ",
-	"packages.arch.version.depends": "Εξαρτάται",
 	"packages.arch.version.optdepends": "Εξαρτάται προαιρετικά από",
 	"packages.arch.version.makedepends": "Εξαρτήσεις make",
 	"packages.arch.version.checkdepends": "Εξαρτήσεις ελέγχου",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Ρυθμίστε αυτό το μητρώο στις ρυθμίσεις του Cargo (για παράδειγμα <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Cargo, εκτελέστε την ακόλουθη εντολή:",
 	"packages.chef.registry": "Ρυθμίστε αυτό το μητρώο στο αρχείο <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
 	"packages.composer.registry": "Ρυθμίστε αυτό το μητρώο στο αρχείο <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Composer, εκτελέστε την ακόλουθη εντολή:",
-	"packages.composer.dependencies": "Εξαρτήσεις",
 	"packages.composer.dependencies.development": "Εξαρτήσεις ανάπτυξης",
-	"packages.conan.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
 	"packages.conan.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Conan, εκτελέστε την ακόλουθη εντολή:",
 	"packages.conda.registry": "Ρυθμίστε αυτό το μητρώο ως repository Conda στο αρχείο <code>.condarc</code>:",
 	"packages.conda.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Conda, εκτελέστε την ακόλουθη εντολή:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Κλειδί",
 	"packages.container.labels.value": "Τιμή",
 	"packages.cran.registry": "Ρυθμίστε αυτό το μητρώο στο αρχείο <code>Rprofile.site</code>:",
-	"packages.cran.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
-	"packages.debian.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
 	"packages.debian.registry.info": "Επιλέξτε $distribution και $component από την παρακάτω λίστα.",
-	"packages.debian.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
-	"packages.debian.repository": "Πληροφορίες αποθετηρίου",
 	"packages.debian.repository.distributions": "Διανομές",
 	"packages.debian.repository.components": "Συστατικά",
 	"packages.debian.repository.architectures": "Αρχιτεκτονικές",
 	"packages.generic.download": "Λήψη πακέτου από τη γραμμή εντολών:",
 	"packages.go.install": "Εγκαταστήστε το πακέτο από τη γραμμή εντολών:",
-	"packages.helm.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
-	"packages.helm.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
 	"packages.maven.registry": "Ρυθμίστε αυτό το μητρώο στο αρχείο <code>pom.xml</code> του έργου σας:",
 	"packages.maven.install": "Για να χρησιμοποιήσετε το πακέτο, συμπεριλάβετε τα ακόλουθα στη περιοχή <code>dependencies</code> στο αρχείο <code>pom.xml</code>:",
 	"packages.maven.install2": "Εκτέλεση μέσω γραμμής εντολών:",
 	"packages.maven.download": "Για να κατεβάσετε την εξάρτηση, εκτελέστε μέσω της γραμμής εντολών:",
-	"packages.nuget.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
 	"packages.nuget.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το NuGet, εκτελέστε την ακόλουθη εντολή:",
 	"packages.nuget.dependency.framework": "Πλαίσιο Ανάπτυξης",
 	"packages.npm.registry": "Ρυθμίστε αυτό το μητρώο στο αρχείο <code>.npmrc</code> του έργου σας:",
 	"packages.npm.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας npm, εκτελέστε την ακόλουθη εντολή:",
 	"packages.npm.install2": "ή προσθέστε το στο αρχείο package.json:",
-	"packages.npm.dependencies": "Εξαρτήσεις",
 	"packages.npm.dependencies.development": "Εξαρτήσεις ανάπτυξης",
 	"packages.npm.dependencies.bundle": "Ενσωματωμένες εξαρτήσεις",
 	"packages.npm.dependencies.peer": "Εξαρτήσεις ομότιμου",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Σήμανση",
 	"packages.pypi.requires": "Απαιτεί Python",
 	"packages.pypi.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το pip, εκτελέστε την ακόλουθη εντολή:",
-	"packages.rpm.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
 	"packages.rpm.distros.redhat": "σε διανομές βασισμένες στο RedHat",
 	"packages.rpm.distros.suse": "σε διανομές με βάση το SUSE",
-	"packages.rpm.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
-	"packages.rpm.repository": "Πληροφορίες αποθετηρίου",
 	"packages.rpm.repository.architectures": "Αρχιτεκτονικές",
 	"packages.rpm.repository.multiple_groups": "Αυτό το πακέτο είναι διαθέσιμο σε πολλαπλά group.",
-	"packages.alt.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
-	"packages.alt.registry.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
 	"packages.alt.install": "Εγκατάσταση πακέτου",
 	"packages.alt.setup": "Προσθήκη ενός αποθετηρίου στη λίστα των συνδεδεμένων αποθετηρίων (επιλέξτε την απαραίτητη αρχιτεκτονική αντί του \"_arch_\"):",
-	"packages.alt.repository": "Πληροφορίες αποθετηρίου",
 	"packages.alt.repository.architectures": "Αρχιτεκτονικές",
 	"packages.alt.repository.multiple_groups": "Αυτό το πακέτο είναι διαθέσιμο σε πολλαπλές ομάδες.",
 	"packages.rubygems.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το gem, εκτελέστε την ακόλουθη εντολή:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Εξαρτήσεις ανάπτυξης",
 	"packages.rubygems.required.ruby": "Απαιτεί την έκδοση Ruby",
 	"packages.rubygems.required.rubygems": "Απαιτεί έκδοση RubyGem",
-	"packages.swift.registry": "Ρυθμίστε αυτό το μητρώο από τη γραμμή εντολών:",
 	"packages.swift.install": "Προσθέστε το πακέτο στο αρχείο <code>Package.swift</code>:",
 	"packages.swift.install2": "και εκτελέστε την ακόλουθη εντολή:",
 	"packages.vagrant.install": "Για προσθήκη ενός κυτίου Vagrant, εκτελέστε την ακόλουθη εντολή:",
@@ -453,7 +432,6 @@
 	"moderation.action.repo.delete": "Διαγραφή αποθετηρίου",
 	"moderation.action.issue.delete": "Διαγραφή ζητήματος",
 	"keys.verify.token.hint": "Το διακριτικό είναι έγκυρο μόνο για 1 λεπτό. <a href=\"%[1]s\">Λάβετε ένα καινούργιο εάν έχει λήξει</a>.",
-	"repo.issues.filter_sort.hint": "Ταξινόμηση κατά: δημιουργήθηκε/σχόλια/ενημερώθηκε/διορία",
 	"editor.search": "Αναζήτηση",
 	"editor.find_previous": "Προηγούμενη εύρεση",
 	"editor.find_next": "Επόμενη εύρεση",
@@ -471,5 +449,9 @@
 	"admin.dashboard.transfer_lingering_logs": "Μεταβιβάστε τις καταγραφές ενεργειών για τις ολοκληρωμένες εργασίες ενεργειών από τη βάση δεδομένων στον αποθηκευτικό χώρο",
 	"migrate.pagure.private_issues.summary": "Ιδιωτικά Ζητήματα (Προαιρετικό)",
 	"teams.add_all_repos.modal.header": "Προσθήκη όλων των αποθετηρίων",
-	"teams.remove_all_repos.modal.header": "Αφαίρεση όλων των αποθετηρίων"
+	"teams.remove_all_repos.modal.header": "Αφαίρεση όλων των αποθετηρίων",
+	"repo.issues.filter_sort.hint_with_placeholder": "Ταξινόμηση κατά: %s",
+	"issues.filters.labels.exclude": "Εξαίρεση ετικέτας",
+	"issues.filters.labels.unexclude": "Καθαρισμός εξαίρεσης",
+	"migrate.pagure.token.placeholder": "Μόνο για δημιουργία ιδιωτικού αρχείου ζητημάτων"
 }
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index 686478e9d5..c2ebbfdb6e 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -121,8 +121,6 @@
 	"packages.alpine.registry": "Configura este registro agregando la url en tu archivo <code>./apk/repositories</code>:",
 	"packages.alpine.registry.key": "Descargue la clave RSA pública del registro en la carpeta <code>./apk/keys/</code> para verificar la firma del índice:",
 	"packages.alpine.registry.info": "Seleccione $branch y $repository de la siguiente lista.",
-	"packages.alpine.install": "Para instalar el paquete, ejecute el siguiente comando:",
-	"packages.alpine.repository": "Información del repositorio",
 	"packages.alpine.repository.branches": "Ramas",
 	"packages.alpine.repository.repositories": "Repositorios",
 	"packages.alpine.repository.architectures": "Arquitecturas",
@@ -135,7 +133,6 @@
 	"packages.arch.version.description": "Descripción",
 	"packages.arch.version.provides": "Proveedores",
 	"packages.arch.version.groups": "Grupo",
-	"packages.arch.version.depends": "Depende",
 	"packages.arch.version.optdepends": "Dependencias opcionales",
 	"packages.arch.version.makedepends": "Construir dependencias",
 	"packages.arch.version.checkdepends": "Comprobar dependencias",
@@ -145,12 +142,9 @@
 	"packages.cargo.registry": "Configurar este registro en el archivo de configuración de Cargo (por ejemplo <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Para instalar el paquete usando Cargo, ejecute el siguiente comando:",
 	"packages.chef.registry": "Configura este registro en tu archivo <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "Para instalar el paquete, ejecute el siguiente comando:",
 	"packages.composer.registry": "Configura este registro en el archivo <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "Para instalar el paquete usando Composer, ejecute el siguiente comando:",
-	"packages.composer.dependencies": "Dependencias",
 	"packages.composer.dependencies.development": "Dependencias de desarrollo",
-	"packages.conan.registry": "Configurar este registro desde la línea de comandos:",
 	"packages.conan.install": "Para instalar el paquete usando Conan, ejecuta el siguiente comando:",
 	"packages.conda.registry": "Configura este registro como un repositorio Conda en tu archivo <code>.condarc</code>:",
 	"packages.conda.install": "Para instalar el paquete usando Conda, ejecute el siguiente comando:",
@@ -165,29 +159,21 @@
 	"packages.container.labels.key": "Clave",
 	"packages.container.labels.value": "Valor",
 	"packages.cran.registry": "Configurar este registro en su archivo <code>Rprofile.site</code>:",
-	"packages.cran.install": "Para instalar el paquete, ejecute el siguiente comando:",
-	"packages.debian.registry": "Configurar este registro desde la línea de comandos:",
 	"packages.debian.registry.info": "Seleccione $distribution y $component de la siguiente lista.",
-	"packages.debian.install": "Para instalar el paquete, ejecute el siguiente comando:",
-	"packages.debian.repository": "Información del repositorio",
 	"packages.debian.repository.distributions": "Distribuciones",
 	"packages.debian.repository.components": "Componentes",
 	"packages.debian.repository.architectures": "Arquitecturas",
 	"packages.generic.download": "Descargar paquete desde la línea de comandos:",
 	"packages.go.install": "Instalar el paquete desde la línea de comandos:",
-	"packages.helm.registry": "Configurar este registro desde la línea de comandos:",
-	"packages.helm.install": "Para instalar el paquete, ejecute el siguiente comando:",
 	"packages.maven.registry": "Configure este registro en su proyecto <code>pom.xml</code> archivo:",
 	"packages.maven.install": "Para usar el paquete incluya lo siguiente en el bloque <code>dependencias</code> en el archivo <code>pom.xml</code>:",
 	"packages.maven.install2": "Ejecutar vía línea de comandos:",
 	"packages.maven.download": "Para descargar la dependencia, ejecute vía línea de comandos:",
-	"packages.nuget.registry": "Configurar este registro desde la línea de comandos:",
 	"packages.nuget.install": "Para instalar el paquete usando NuGet, ejecute el siguiente comando:",
 	"packages.nuget.dependency.framework": "Marco de destino",
 	"packages.npm.registry": "Configura este registro en tu proyecto <code>.npmrc</code> archivo:",
 	"packages.npm.install": "Para instalar el paquete usando npm, ejecute el siguiente comando:",
 	"packages.npm.install2": "o añádelo al archivo package.json:",
-	"packages.npm.dependencies": "Dependencias",
 	"packages.npm.dependencies.development": "Dependencias de desarrollo",
 	"packages.npm.dependencies.bundle": "Empaquetar dependencias",
 	"packages.npm.dependencies.peer": "Dependencias de pares",
@@ -195,17 +181,11 @@
 	"packages.npm.details.tag": "Etiqueta",
 	"packages.pypi.requires": "Requiere Python",
 	"packages.pypi.install": "Para instalar el paquete usando pip, ejecute el siguiente comando:",
-	"packages.rpm.registry": "Configurar este registro desde la línea de comandos:",
 	"packages.rpm.distros.redhat": "en distribuciones basadas en RedHat",
 	"packages.rpm.distros.suse": "en distribuciones basadas en SUSE",
-	"packages.rpm.install": "Para instalar el paquete, ejecute el siguiente comando:",
-	"packages.rpm.repository": "Información del repositorio",
 	"packages.rpm.repository.architectures": "Arquitecturas",
 	"packages.rpm.repository.multiple_groups": "Este paquete está disponible en múltiples grupos.",
-	"packages.alt.registry": "Configurar este registro desde la línea de comandos:",
-	"packages.alt.registry.install": "Para instalar el paquete, ejecute el siguiente comando:",
 	"packages.alt.install": "Instalar paquete",
-	"packages.alt.repository": "Información del repositorio",
 	"packages.alt.repository.architectures": "Arquitecturas",
 	"packages.alt.repository.multiple_groups": "Este paquete está disponible en múltiples grupos.",
 	"packages.rubygems.install": "Para instalar el paquete usando gem, ejecute el siguiente comando:",
@@ -214,7 +194,6 @@
 	"packages.rubygems.dependencies.development": "Dependencias de desarrollo",
 	"packages.rubygems.required.ruby": "Requiere versión Ruby",
 	"packages.rubygems.required.rubygems": "Requiere la versión de RubyGem",
-	"packages.swift.registry": "Configurar este registro desde la línea de comandos:",
 	"packages.swift.install": "Añade el paquete en tu archivo <code>Package.swift</code>:",
 	"packages.swift.install2": "y ejecuta el siguiente comando:",
 	"packages.vagrant.install": "Para añadir un paquete Vagrant, ejecuta el siguiente comando:",
@@ -401,6 +380,45 @@
 	"repo.issues.filter_mention.hint": "Filtrar por usuario mencionado",
 	"repo.issues.filter_modified.hint": "Filtrar por fecha de última modificación",
 	"repo.issues.filter_poster.hint": "Filtrar por autor",
-	"repo.issues.filter_sort.hint": "Ordenar por: creación/comentarios/actualización/fecha límite",
-	"issues.updated": "actualizado %s"
+	"issues.updated": "actualizado %s",
+	"watch.n_watchers": {
+		"one": "%s observador",
+		"many": "%s observadores",
+		"other": "%s observadores"
+	},
+	"issues.filters.labels.exclude": "Excluir etiqueta",
+	"issues.filters.labels.unexclude": "Limpiar exclusión",
+	"repo.pulls.poster_manage_approval": "Administrar la aprobación",
+	"repo.pulls.poster_requires_approval": "Algunos flujos de trabajo están <a href=\"%[1]s\"> esperando ser revisados</a>.",
+	"repo.pulls.poster_requires_approval.tooltip": "Al autor de esta solicitud de incorporación de cambios no se le confía el ejecutar flujos de trabajo desencadenados por una solicitud de incorporación de cambios creada a partir de un repositorio bifurcado o con AGit. Los flujos de trabajo desencadenados por un evento \"pull_request\" no funcionarán hasta ser aprobados.",
+	"repo.pulls.poster_is_trusted": "Al autor de esta solicitud de incorporación de cambios se le ha <a href=\"%[1]s\"> siempre confiado para ejecutar flujos de trabajo</a>.",
+	"repo.pulls.poster_is_trusted.tooltip": "Al autor de esta solicitud de incorporación de cambios se le ha confiado explícitamente ejecutar los flujos de trabajo desencadenados por los eventos `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Denegar",
+	"repo.pulls.poster_trust_deny.tooltip": "Los flujos de trabajo esperando por aprobación serán cancelados.",
+	"repo.pulls.poster_trust_once": "Aprobar una vez",
+	"repo.pulls.poster_trust_once.tooltip": "Los flujos de trabajo desencadenados por un evento 'pull_request' se ejecutarán en esta confirmación pero tendrán que ser aprobados para todos las futuras confirmaciones enviadas a esta solicitud de incorporación de cambios.",
+	"repo.pulls.poster_trust_always.tooltip": "Los flujos de trabajo desencadenados por un evento 'pull_request' se ejecutarán en esta confirmación y no habrá necesidad de aprobar las ejecuciones de esta solicitud de incorporación de cambios o futuras solicitudes de incorporación de cambios creadas por el mismo usuario.",
+	"repo.pulls.poster_trust_revoke.tooltip": "Ya no se confiará al autor de esta solicitud de incorporación de cambios para ejecutar los flujos de trabajo desencadenados por un evento “pull_request”, cada ejecución tendrá que ser aprobada manualmente.",
+	"mail.actions.run_info_trigger": "Desencadenado por: %[1]s by: %[2]s",
+	"repo.issues.filter_sort.hint_with_placeholder": "Ordenar por: %s",
+	"repo.pulls.poster_trust_revoke": "Revocar",
+	"repo.view.gitmodules_too_large": "El archivo .gitmodules es demasiado grande y será ignorado (en llamadas a la API por ejemplo)",
+	"migrate.form.error.url_credentials": "La URL contiene credenciales, colóquelas en los campos de nombre de usuario y contraseña respectivamente",
+	"search.syntax": "Sintaxis de búsqueda",
+	"install.ssh_authorized_keys_inspection_error": "Error al inspeccionar el archivo autorized_keys existente: %v",
+	"moderation.report.mark_as_ignored": "Marcar como ignorado",
+	"moderation.action.account.delete": "Eliminar cuenta",
+	"moderation.action.account.suspend": "Suspender cuenta",
+	"moderation.action.repo.delete": "Eliminar repositorio",
+	"moderation.action.issue.delete": "Eliminar incidencia",
+	"moderation.action.comment.delete": "Eliminar comentario",
+	"moderation.unknown_action": "Acción desconocida",
+	"moderation.users.cannot_suspend_org": "Las organizaciones no pueden ser suspendidas.",
+	"moderation.users.already_suspended": "La cuenta de usuario ya está suspendida.",
+	"moderation.users.suspend_success": "La cuenta de usuario ha sido suspendida.",
+	"moderation.issue.deletion_success": "La incidencia ha sido eliminada.",
+	"moderation.comment.deletion_success": "El comentario ha sido eliminado.",
+	"mail.actions.run_info_sha": "Confirmación: %[1]s",
+	"mail.issue.action.close_by_commit": "%[1]s cerró %[2]s en la confirmación %[3]s.",
+	"repo.diff.commit.next-short": "Siguiente"
 }
diff --git a/options/locale_next/locale_fi-FI.json b/options/locale_next/locale_fi-FI.json
index 70d360726d..767e871db7 100644
--- a/options/locale_next/locale_fi-FI.json
+++ b/options/locale_next/locale_fi-FI.json
@@ -53,8 +53,6 @@
 	"packages.alpine.registry": "Aseta tämä rekisteri lisäämällä URL-osoite tiedostoon <code>/etc/apk/tietovarastot</code>:",
 	"packages.alpine.registry.key": "Lataa rekisterin julkinen RSA-avain hakemistoon <code>/etc/apk/keys/</code> vahvistaaksesi indeksin allekirjoituksen:",
 	"packages.alpine.registry.info": "Valitse $branch ja $repository alla olevasta listasta.",
-	"packages.alpine.install": "Asenna paketti seuraavalla komennolla:",
-	"packages.alpine.repository": "Tietovaraston tiedot",
 	"packages.alpine.repository.branches": "Haarat",
 	"packages.alpine.repository.repositories": "Tietovarastot",
 	"packages.alpine.repository.architectures": "Arkkitehtuurit",
@@ -65,17 +63,13 @@
 	"packages.arch.version.description": "Kuvaus",
 	"packages.arch.version.provides": "Tarjoaa",
 	"packages.arch.version.groups": "Ryhmä",
-	"packages.arch.version.depends": "Riippuu",
 	"packages.arch.version.replaces": "Korvaa",
 	"packages.cargo.registry": "Määritä tämä rekisteri Cargon asetustiedostossa (esimerkiksi <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Asenna paketti Cargolla suorittamalla seuraava komento:",
 	"packages.chef.registry": "Määritä tämä rekisteri <code>~/.chef/config.rb</code>-tiedostossa:",
-	"packages.chef.install": "Asenna paketti komennolla:",
 	"packages.composer.registry": "Määritä tämä rekisteri <code>~/.composer/config.json</code>-tiedostossa:",
 	"packages.composer.install": "Asenna paketti Composerilla suorittamalla komento:",
-	"packages.composer.dependencies": "Riippuvuudet",
 	"packages.composer.dependencies.development": "Kehitysriippuvuudet",
-	"packages.conan.registry": "Määritä tämä rekisteri komentoriviltä:",
 	"packages.conan.install": "Asenna paketti Conanilla suorittamalla komento:",
 	"packages.conda.registry": "Määritä tämä rekisteri Conda-tietovarastoksi <code>.condarc</code>-tiedostossa:",
 	"packages.conda.install": "Asenna paketti Condalla suorittamalla komento:",
@@ -87,43 +81,29 @@
 	"packages.container.labels.key": "Avain",
 	"packages.container.labels.value": "Arvo",
 	"packages.cran.registry": "Määritä rekisteri <code>Rprofile.site</code>-tiedostossa:",
-	"packages.cran.install": "Asenna paketti komennolla:",
-	"packages.debian.registry": "Määritä tämä rekisteri komentoriviltä:",
 	"packages.debian.registry.info": "Valitse $distribution ja $component alla olevasta listasta.",
-	"packages.debian.install": "Asenna paketti komennolla:",
-	"packages.debian.repository": "Tietovaraston tiedot",
 	"packages.debian.repository.distributions": "Jakelut",
 	"packages.debian.repository.components": "Komponentit",
 	"packages.debian.repository.architectures": "Arkkitehtuurit",
 	"packages.generic.download": "Lataa paketti komentoriviltä:",
 	"packages.go.install": "Asenna paketti komentoriviltä:",
-	"packages.helm.registry": "Määritä tämä rekisteri komentoriviltä:",
-	"packages.helm.install": "Asenna paketti komennolla:",
 	"packages.maven.registry": "Määritä tämä rekisteri projektin <code>pom.xml</code>-tiedostossa:",
 	"packages.maven.install": "Käytä pakettia sisällyttämällä seuraava sisältö <code>dependencies</code>-lohkoon <code>pom.xml</code>-tiedostossa:",
 	"packages.maven.install2": "Suorita komentoriviltä:",
 	"packages.maven.download": "Lataa riippuvuus suorittamalla komentorivillä:",
-	"packages.nuget.registry": "Määritä rekisteri komentoriviltä:",
 	"packages.nuget.install": "Asenna paketti NuGetillä suorittamalla komento:",
 	"packages.npm.registry": "Määritä rekisteri projektin <code>.npmrc</code>-tiedostossa:",
 	"packages.npm.install": "Asenna paketti npm:llä komennolla:",
 	"packages.npm.install2": "tai lisää se package.json-tiedostoon:",
-	"packages.npm.dependencies": "Riippuvuudet",
 	"packages.npm.dependencies.development": "Kehitysriippuvuudet",
 	"packages.npm.dependencies.optional": "Valinnaiset riippuvuudet",
 	"packages.pypi.requires": "Vaatii Pythonin",
 	"packages.pypi.install": "Asenna paketti pipillä komennolla:",
-	"packages.rpm.registry": "Määritä rekisteri komentoriviltä:",
 	"packages.rpm.distros.redhat": "RedHatiin pohjautuvilla jakeluilla",
 	"packages.rpm.distros.suse": "SUSE:en pohjautuvilla jakeluilla",
-	"packages.rpm.install": "Asenna paketti komennolla:",
-	"packages.rpm.repository": "Tietovaraston tiedot",
 	"packages.rpm.repository.architectures": "Arkkitehtuurit",
 	"packages.rpm.repository.multiple_groups": "Tämä paketti on saatavilla useissa ryhmissä.",
-	"packages.alt.registry": "Määritä tämä rekisteri komentoriviltä:",
-	"packages.alt.registry.install": "Asenna paketti komennolla:",
 	"packages.alt.install": "Asenna paketti",
-	"packages.alt.repository": "Tietovaraston tiedot",
 	"packages.alt.repository.architectures": "Arkkitehtuurit",
 	"packages.alt.repository.multiple_groups": "Tämä paketti on saatavilla useissa ryhmissä.",
 	"packages.rubygems.install": "Asenna paketti gemillä suorittamalla komento:",
@@ -132,7 +112,6 @@
 	"packages.rubygems.dependencies.development": "Kehitysriippuvuudet",
 	"packages.rubygems.required.ruby": "Vaatii Ruby-version",
 	"packages.rubygems.required.rubygems": "Vaatii RubyGem-version",
-	"packages.swift.registry": "Määritä rekisteri komentoriviltä:",
 	"packages.swift.install": "Lisää paketti <code>Package.swift</code>-tiedostoon:",
 	"packages.swift.install2": "ja suorita komento:",
 	"packages.vagrant.install": "Lisää Vagrant-boksi suorittamalla komento:",
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 510a964847..7e45c98e7c 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -19,9 +19,9 @@
 	"notification.mark_all_as_read": "Markahan lahat bilang nabasa",
 	"notification.subscriptions": "Mga subscription",
 	"notification.watching": "Pinapanood",
-	"notification.no_subscriptions": "Walang mga subscription",
+	"notification.no_subscriptions": "Wala kang mga subscription.",
 	"dropzone.default_message": "I-drop ang mga file o mag-click dito para mag-upload.",
-	"dropzone.invalid_input_type": "Hindi ka maaaring mag-upload ng mga file sa uri na ito.",
+	"dropzone.invalid_input_type": "Hindi maaaring i-upload ang mga file na ganitong uri.",
 	"dropzone.file_too_big": "Ang laki ng file ({{filesize}}) MB) ay lumalagpas sa pinakamataas na size na ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Tanggalin ang file",
 	"munits.data.b": "B",
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "I-setup ang registry na ito sa pamamagitan ng pagdagdag ng url sa iyong <code>/etc/apk/repositories</code> file:",
 	"packages.alpine.registry.key": "I-download ang registry public RSA key sa <code>/etc/apk/keys</code> folder para i-verify ang index signature:",
 	"packages.alpine.registry.info": "Pumili ng $branch at $repository mula sa listahan sa ibaba.",
-	"packages.alpine.install": "Para i-install ang package, patakbuhin ang sumusunod na command:",
-	"packages.alpine.repository": "Info ng repositoryo",
 	"packages.alpine.repository.branches": "Mga branch",
 	"packages.alpine.repository.repositories": "Mga Repositoryo",
 	"packages.alpine.repository.architectures": "Mga architechture",
@@ -78,22 +76,18 @@
 	"packages.arch.version.description": "Paglalarawan",
 	"packages.arch.version.provides": "Nagbibigay",
 	"packages.arch.version.groups": "Grupo",
-	"packages.arch.version.depends": "Dumedepende",
-	"packages.arch.version.optdepends": "Opsyonal na dumepende",
-	"packages.arch.version.makedepends": "Mga make depend",
-	"packages.arch.version.checkdepends": "Mga check depend",
+	"packages.arch.version.optdepends": "Mga opsyonal na dependency",
+	"packages.arch.version.makedepends": "Mga make dependencies",
+	"packages.arch.version.checkdepends": "Mga dependency sa pagsusuri",
 	"packages.arch.version.conflicts": "Mga salungatan",
 	"packages.arch.version.replaces": "Pinapalit",
 	"packages.arch.version.backup": "Backup",
 	"packages.cargo.registry": "I-setup ang registry na ito sa Cargo configuration file (halimbawa <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Para i-install ang package gamit ang Cargo, patakbuhin ang sumusunod na command:",
 	"packages.chef.registry": "I-setup ang registry na ito sa iyong <code>~/.chef/config.rb</code> file:",
-	"packages.chef.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
 	"packages.composer.registry": "I-setup ang registry na ito sa iyong <code>~/.composee/config.json</code> file:",
 	"packages.composer.install": "Para i-install ang package gamit ang Composer, patakbuhin ang sumusunod na command:",
-	"packages.composer.dependencies": "Mga dependency",
 	"packages.composer.dependencies.development": "Mga dependency ng pag-develop",
-	"packages.conan.registry": "I-setup ang registry na ito mula sa command line:",
 	"packages.conan.install": "Para i-install ang package gamit ang Conan, patakbuhin ang sumusunod na command:",
 	"packages.conda.registry": "I-set up ang registry na ito bilang Conda repository sa iyong <code>.condarc</code> file:",
 	"packages.conda.install": "Para i-install ang package gamit ang Conda, patakbuhin ang sumusunod na command:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Key",
 	"packages.container.labels.value": "Value",
 	"packages.cran.registry": "I-set up ang registry na ito sa iyong <code>Rprofile.site</code> na file:",
-	"packages.cran.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
-	"packages.debian.registry": "I-setup ang registry na ito mula sa command line:",
 	"packages.debian.registry.info": "Pumili ng $distribution at $component sa listahan sa ibaba.",
-	"packages.debian.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
-	"packages.debian.repository": "Info ng repositoryo",
 	"packages.debian.repository.distributions": "Mga distribution",
 	"packages.debian.repository.components": "Mga component",
 	"packages.debian.repository.architectures": "Mga architechture",
 	"packages.generic.download": "I-download ang package mula sa command line:",
 	"packages.go.install": "I-install ang package mula sa command line:",
-	"packages.helm.registry": "I-setup ang registry na ito mula sa command line:",
-	"packages.helm.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
 	"packages.maven.registry": "I-set up ang registry na ito sa iyong <code>pom.xml</code> ng iyong proyekto:",
 	"packages.maven.install": "Para gamitin ang package isama ang sumusunod sa <code>dependencies</code> block sa <code>pom.xml</code> file:",
 	"packages.maven.install2": "Patakbuhin sa pamamagitan ng command line:",
 	"packages.maven.download": "Para i-download ang dependency, patakbuhin sa pamamagitan ng command line:",
-	"packages.nuget.registry": "I-setup ang registry na ito mula sa command line:",
 	"packages.nuget.install": "Para i-install ang package gamit ang NuGet, patakbuhin ang sumusunod na command:",
 	"packages.nuget.dependency.framework": "Target na Framework",
 	"packages.npm.registry": "I-set up ang registry na ito sa <code>.npmrc</code> file ng iyong proyekto:",
 	"packages.npm.install": "Para i-install ang package gamit ng npm, patakbuhin ang sumusunod na command:",
 	"packages.npm.install2": "o idagdag ito sa package.json file:",
-	"packages.npm.dependencies": "Mga dependency",
 	"packages.npm.dependencies.development": "Mga development dependency",
 	"packages.npm.dependencies.bundle": "Mga kasamang dependency",
 	"packages.npm.dependencies.peer": "Mga peer dependency",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Tag",
 	"packages.pypi.requires": "Kinakailangan ang Python",
 	"packages.pypi.install": "Para i-install ang package gamit ang pip, patakbuhin ang sumusunod na command:",
-	"packages.rpm.registry": "I-setup ang registry na ito mula sa command line:",
 	"packages.rpm.distros.redhat": "sa mga RedHat based na distribution",
 	"packages.rpm.distros.suse": "sa mga SUSE based na distribution",
-	"packages.rpm.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
-	"packages.rpm.repository": "Info ng repositoryo",
 	"packages.rpm.repository.architectures": "Mga architechture",
 	"packages.rpm.repository.multiple_groups": "Available ang package na ito sa iba't ibang grupo.",
-	"packages.alt.registry": "I-setup ang registry na ito mula sa command line:",
-	"packages.alt.registry.install": "Para i-install ang package na ito, patakbuhin ang sumusunod na command:",
 	"packages.alt.install": "I-install ang package",
 	"packages.alt.setup": "Idagdag ang repositoryo sa listahan ng mga nakakonektang repositoryo (piliin ang kinakailangang architechture sa halip ng \"_arch_\"):",
-	"packages.alt.repository": "Info ng repositoryo",
 	"packages.alt.repository.architectures": "Mga architechture",
 	"packages.alt.repository.multiple_groups": "Available ang package na ito sa iba't ibang grupo.",
 	"packages.rubygems.install": "Para i-install ang package sa pamamagitan ng gem, patakbuhin ang sumusunod na command:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Mga development dependency",
 	"packages.rubygems.required.ruby": "Kinakailangan ang bersyon ng Ruby",
 	"packages.rubygems.required.rubygems": "Kinakailangan ang bersyon ng RubyGem",
-	"packages.swift.registry": "I-setup ang registry na ito mula sa command line:",
 	"packages.swift.install": "Idagdag ang package sa iyong <code>Package.swift</code> na file:",
 	"packages.swift.install2": "at patakbuhin ang sumusunod na utos:",
 	"packages.vagrant.install": "Para magdagdag ng Vagrant box, patakbuhin ang sumusunod na command:",
@@ -290,7 +269,7 @@
 	"moderation.abuse_category.illegal_content": "Ilegal na nilalaman",
 	"moderation.abuse_category.other_violations": "Mga ibang paglabag sa mga patakaran ng platform",
 	"moderation.report_remarks": "Mga pahayag",
-	"moderation.report_remarks.placeholder": "Mangyaring magbigay ng mga detalye tungkol sa pang aabuso na inuulat mo.",
+	"moderation.report_remarks.placeholder": "Pakibigay ang mga detalye tungkol sa pang aabuso na inuulat mo.",
 	"moderation.submit_report": "I-submit ang ulat",
 	"moderation.reporting_failed": "Hindi ma-submit ang bagong ulat sa pang aabuso: %v",
 	"moderation.reported_thank_you": "Salamat sa iyong ulat. Naipaalam na ito sa administrasyon.",
@@ -398,10 +377,10 @@
 	"actions.runners.task_list.repository": "Repositoryo",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Natapos sa",
-	"actions.runners.edit_runner": "Baguhin ang Runner",
-	"actions.runners.update_runner.button": "I-update ang mga pagbabago",
-	"actions.runners.update_runner.success": "Matagumpay na na-update ang runner",
-	"actions.runners.update_runner.failed": "Nabigong i-update ang runner",
+	"actions.runners.edit_runner": "I-edit ang runner",
+	"actions.runners.update_runner.button": "I-save ang mga pagbabago",
+	"actions.runners.update_runner.success": "Matagumpay na na-edit ang runner",
+	"actions.runners.update_runner.failed": "Nabigong i-edit ang runner",
 	"actions.runners.delete_runner.button": "Burahin ang runner na ito",
 	"actions.runners.delete_runner.success": "Matagumpay na nabura ang runner",
 	"actions.runners.delete_runner.failed": "Nabigong burahin ang runner",
@@ -434,15 +413,14 @@
 		"other": "%s (mga) nanonood"
 	},
 	"repo.pulls.poster_manage_approval": "Ipamahala ang pagapruba",
-	"repo.pulls.poster_requires_approval": "Ang ilang mga workflow ay <a href=\"%[1]s\">naghihintay para suriin.</a>",
+	"repo.pulls.poster_requires_approval": "Ang ilang mga workflow ay <a href=\"%[1]s\">naghihintay para suriin</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "Ang may-akda ng hiling sa paghilang ito ay hindi pinagkatiwalaan na tumakbo ng mga workflow na na-trigger ng isang hiling sa paghila na ginawa mula sa naka-fork na repositoryo o gamit ang AGit. Hindi tatakbo ang mga workflow na na-trigger ng `pull_request` event hanggang sa sila ay aprubahan.",
-	"repo.pulls.poster_is_trusted": "Ang may-akda ng hiling sa paghilang ito ay <a href=\"%[1]s\">palaging pinagkakatiwalaan na tumakbo ng mga workflow.</a>",
+	"repo.pulls.poster_is_trusted": "Ang may-akda ng hiling sa paghilang ito ay <a href=\"%[1]s\">palaging pinagkakatiwalaan na tumakbo ng mga workflow</a>.",
 	"repo.issues.filter_poster.hint": "I-filter ayon sa may-akda",
 	"repo.issues.filter_assignee.hint": "I-filter ayon sa itinalagang user",
 	"repo.issues.filter_reviewers.hint": "I-filter ayon sa user na sinuri",
 	"repo.issues.filter_mention.hint": "I-filter ayon sa nabanggit na user",
 	"repo.issues.filter_modified.hint": "I-filter ayon sa petsa ng huling binago",
-	"repo.issues.filter_sort.hint": "Isaayos ayon sa: ginawa/komento/binago/takdang petsa",
 	"repo.pulls.poster_is_trusted.tooltip": "Tahasang pinagkakatiwalaan ang may-akda ng hiling sa paghila na ito na patakbuhin ang mga workflow na na-trigger ng mga `pull_request` na event.",
 	"repo.pulls.poster_trust_deny": "Tanggihan",
 	"repo.pulls.poster_trust_deny.tooltip": "Ikakansela ang mga workflow na naghihintay para sa pag apruba.",
@@ -523,5 +501,12 @@
 	"editor.replace_all": "Palitan lahat",
 	"editor.toggle_case": "I-toggle ang case sensitivity",
 	"editor.toggle_regex": "I-toggle ang paggamit ng mga regular na ekspresyon",
-	"editor.toggle_whole_word": "I-toggle ang pagtugma ng mga buong salita"
+	"editor.toggle_whole_word": "I-toggle ang pagtugma ng mga buong salita",
+	"repo.issues.filter_sort.hint_with_placeholder": "Isaayos ayon sa: %s",
+	"issues.filters.labels.exclude": "Huwag isama ang label",
+	"issues.filters.labels.unexclude": "Tanggalin ang pagbubukod",
+	"packages.common.install": "Para i-install ang package, patakbuhin ang sumusunod na command:",
+	"packages.common.registry": "I-setup ang registry na ito mula sa command line:",
+	"packages.common.repository": "Info ng repositoryo",
+	"actions.runs.all_runs_link": "lahat ng mga takbo"
 }
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index 7c84a9f01e..9cf9a4f5fa 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Configurez ce registre en ajoutant l’URL dans votre fichier <code>/etc/apk/repositories</code> :",
 	"packages.alpine.registry.key": "Téléchargez la clé RSA publique du registre dans le dossier <code>/etc/apk/keys/</code> pour vérifier la signature de l'index :",
 	"packages.alpine.registry.info": "Choisissez $branch et $repository dans la liste ci-dessous.",
-	"packages.alpine.install": "Pour installer le paquet, exécutez la commande suivante :",
-	"packages.alpine.repository": "Informations sur le dépôt",
 	"packages.alpine.repository.branches": "Branches",
 	"packages.alpine.repository.repositories": "Dépôts",
 	"packages.alpine.repository.architectures": "Architectures",
@@ -78,7 +76,6 @@
 	"packages.arch.version.description": "Description",
 	"packages.arch.version.provides": "Fournit",
 	"packages.arch.version.groups": "Groupe",
-	"packages.arch.version.depends": "Dépend",
 	"packages.arch.version.optdepends": "Dépendances optionnelles",
 	"packages.arch.version.makedepends": "Faire des dépendances",
 	"packages.arch.version.checkdepends": "Vérifier les dépendances",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Configurez ce registre dans le fichier de configuration Cargo (par exemple <code>~/.cargo/config.toml</code>) :",
 	"packages.cargo.install": "Pour installer le paquet en utilisant Cargo, exécutez la commande suivante :",
 	"packages.chef.registry": "Configurer ce registre dans votre fichier <code>~/.chef/config.rb</code> :",
-	"packages.chef.install": "Pour installer le paquet, exécutez la commande suivante :",
 	"packages.composer.registry": "Configurez ce registre dans votre fichier <code>~/.composer/config.json</code> :",
 	"packages.composer.install": "Pour installer le paquet en utilisant Composer, exécutez la commande suivante :",
-	"packages.composer.dependencies": "Dépendances",
 	"packages.composer.dependencies.development": "Dépendances de développement",
-	"packages.conan.registry": "Configurez ce registre à partir d'un terminal :",
 	"packages.conan.install": "Pour installer le paquet en utilisant Conan, exécutez la commande suivante :",
 	"packages.conda.registry": "Configurez ce registre en tant que dépôt Conda dans le fichier <code>.condarc</code> :",
 	"packages.conda.install": "Pour installer le paquet en utilisant Conda, exécutez la commande suivante :",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Clé",
 	"packages.container.labels.value": "Valeur",
 	"packages.cran.registry": "Configurez ce registre dans le fichier <code>Rprofile.site</code> :",
-	"packages.cran.install": "Pour installer le paquet, exécutez la commande suivante :",
-	"packages.debian.registry": "Configurez ce registre à partir d'un terminal :",
 	"packages.debian.registry.info": "Choisissez $distribution et $component dans la liste ci-dessous.",
-	"packages.debian.install": "Pour installer le paquet, exécutez la commande suivante :",
-	"packages.debian.repository": "Infos sur le dépôt",
 	"packages.debian.repository.distributions": "Distributions",
 	"packages.debian.repository.components": "Composants",
 	"packages.debian.repository.architectures": "Architectures",
 	"packages.generic.download": "Télécharger le paquet depuis un terminal :",
 	"packages.go.install": "Installer le paquet à partir de la ligne de commande :",
-	"packages.helm.registry": "Configurer ce registre à partir d'un terminal :",
-	"packages.helm.install": "Pour installer le paquet, exécutez la commande suivante :",
 	"packages.maven.registry": "Configurez ce registre dans le fichier <code>pom.xml</code> de votre projet :",
 	"packages.maven.install": "Pour utiliser le paquet, inclure ce qui suit dans le bloc <code>dependencies</code> dans le fichier <code>pom.xml</code> :",
 	"packages.maven.install2": "Exécuter dans un terminal :",
 	"packages.maven.download": "Pour télécharger la dépendance, exécutez dans un terminal :",
-	"packages.nuget.registry": "Configurer ce registre à partir d'un terminal :",
 	"packages.nuget.install": "Pour installer le paquet en utilisant NuGet, exécutez la commande suivante :",
 	"packages.nuget.dependency.framework": "Cadriciel cible",
 	"packages.npm.registry": "Configurez ce registre dans le fichier <code>.npmrc</code> de votre projet :",
 	"packages.npm.install": "Pour installer le paquet en utilisant npm, exécutez la commande suivante :",
 	"packages.npm.install2": "ou ajoutez-le au fichier package.json :",
-	"packages.npm.dependencies": "Dépendances",
 	"packages.npm.dependencies.development": "Dépendances de développement",
 	"packages.npm.dependencies.bundle": "Bundles de dépendances",
 	"packages.npm.dependencies.peer": "Dépendances de pairs",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Balise",
 	"packages.pypi.requires": "Nécessite Python",
 	"packages.pypi.install": "Pour installer le paquet en utilisant pip, exécutez la commande suivante :",
-	"packages.rpm.registry": "Configurez ce registre à partir d'un terminal :",
 	"packages.rpm.distros.redhat": "sur les distributions basées sur RedHat",
 	"packages.rpm.distros.suse": "sur les distributions basées sur SUSE",
-	"packages.rpm.install": "Pour installer le paquet, exécutez la commande suivante :",
-	"packages.rpm.repository": "Information sur le dépôt",
 	"packages.rpm.repository.architectures": "Architectures",
 	"packages.rpm.repository.multiple_groups": "Ce paquet est disponible dans plusieurs groupes.",
-	"packages.alt.registry": "Configurez ce registre à partir d'un terminal :",
-	"packages.alt.registry.install": "Pour installer le paquet, exécutez la commande suivante :",
 	"packages.alt.install": "Installer le paquet",
 	"packages.alt.setup": "Ajouter un dépôt à la liste des dépôts connecté (choisissez l'architecture nécessaire à la place de \"_arch\") :",
-	"packages.alt.repository": "Informations sur le dépôt",
 	"packages.alt.repository.architectures": "Architectures",
 	"packages.alt.repository.multiple_groups": "Ce paquet est disponible dans plusieurs groupes.",
 	"packages.rubygems.install": "Pour installer le paquet en utilisant gem, exécutez la commande suivante :",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Dépendances de développement",
 	"packages.rubygems.required.ruby": "Nécessite Ruby en version",
 	"packages.rubygems.required.rubygems": "Nécessite RubyGem en version",
-	"packages.swift.registry": "Configurez ce registre à partir d'un terminal :",
 	"packages.swift.install": "Ajoutez le paquet dans votre fichier <code>Package.swift</code> :",
 	"packages.swift.install2": "et exécutez la commande suivante :",
 	"packages.vagrant.install": "Pour ajouter une machine Vagrant, exécutez la commande suivante :",
@@ -466,7 +445,6 @@
 	"repo.issues.filter_reviewers.hint": "Filtrer par l'utilisateur qui a examiné",
 	"repo.issues.filter_mention.hint": "Filtrer par utilisateur mentionné",
 	"repo.issues.filter_modified.hint": "Filtrer par la dernière date modifiée",
-	"repo.issues.filter_sort.hint": "Trier par : date de création/commentaires/mise à jour/date limite",
 	"search.syntax": "Syntaxe de recherche",
 	"admin.dashboard.transfer_lingering_logs": "Transférer les journaux des actions terminées de la base de données au stockage",
 	"actions.status.diagnostics.waiting": {
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index a9115c127d..dcb262bfdc 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -49,20 +49,15 @@
 	"packages.alpine.registry": "Socraigh an chlár seo tríd an url a chur i do chomhad <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Íoslódáil eochair RSA poiblí na clárlainne isteach san fhillteán <code>/etc/apk/keys/</code> chun an síniú innéacs a fhíorú:",
 	"packages.alpine.registry.info": "Roghnaigh $branch agus $repository ón liosta thíos.",
-	"packages.alpine.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
-	"packages.alpine.repository": "Eolas Stórais",
 	"packages.alpine.repository.branches": "Brainsí",
 	"packages.alpine.repository.repositories": "Stórais",
 	"packages.alpine.repository.architectures": "Ailtireachtaí",
 	"packages.cargo.registry": "Socraigh an clárlann seo sa chomhad cumraíochta lasta (mar shampla <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Chun an pacáiste a shuiteáil ag baint úsáide as Cargo, reáchtáil an t-ordú seo a leanas:",
 	"packages.chef.registry": "Socraigh an clárlann seo i do chomhad <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
 	"packages.composer.registry": "Socraigh an chlár seo i do chomhad <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "Chun an pacáiste a shuiteáil ag baint úsáide as Cumadóir, reáchtáil an t-ordú seo a leanas:",
-	"packages.composer.dependencies": "Spleithiúlachtaí",
 	"packages.composer.dependencies.development": "Spleithiúlachtaí Forbartha",
-	"packages.conan.registry": "Socraigh an clárlann seo ón líne ordaithe:",
 	"packages.conan.install": "Chun an pacáiste a shuiteáil ag úsáid Conan, reáchtáil an t-ordú seo a leanas:",
 	"packages.conda.registry": "Socraigh an chlár seo mar stóras Conda i do chomhad <code>.condarc</code>:",
 	"packages.conda.install": "Chun an pacáiste a shuiteáil ag úsáid Conda, reáchtáil an t-ordú seo a leanas:",
@@ -76,29 +71,21 @@
 	"packages.container.labels.key": "Eochair",
 	"packages.container.labels.value": "Luach",
 	"packages.cran.registry": "Cumraigh an chlárlann seo i do chomhad <code>Rprofile.site</code>:",
-	"packages.cran.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
-	"packages.debian.registry": "Socraigh an clárlann seo ón líne ordaithe:",
 	"packages.debian.registry.info": "Roghnaigh $distribution agus $component ón liosta thíos.",
-	"packages.debian.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
-	"packages.debian.repository": "Eolas Stóras",
 	"packages.debian.repository.distributions": "Dáiltí",
 	"packages.debian.repository.components": "Comhpháirteanna",
 	"packages.debian.repository.architectures": "Ailtireachtaí",
 	"packages.generic.download": "Íoslódáil pacáiste ón líne ordaithe:",
 	"packages.go.install": "Suiteáil an pacáiste ón líne ordaithe:",
-	"packages.helm.registry": "Socraigh an clárlann seo ón líne ordaithe:",
-	"packages.helm.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
 	"packages.maven.registry": "Socraigh an clárlann seo i do chomhad <code>pom.xml</code> tionscadail:",
 	"packages.maven.install": "Chun an pacáiste a úsáid cuir na nithe seo a leanas sa bhloc <code>spleáchais</code> sa chomhad <code>pom.xml</code>:",
 	"packages.maven.install2": "Rith tríd an líne ordaithe:",
 	"packages.maven.download": "Chun an spleáchas a íoslódáil, rith tríd an líne ordaithe:",
-	"packages.nuget.registry": "Socraigh an clárlann seo ón líne ordaithe:",
 	"packages.nuget.install": "Chun an pacáiste a shuiteáil ag úsáid NuGet, reáchtáil an t-ordú seo a leanas:",
 	"packages.nuget.dependency.framework": "Spriocchreat",
 	"packages.npm.registry": "Socraigh an chlárlann seo i do chomhad <code>.npmrc</code> do thionscadail:",
 	"packages.npm.install": "Chun an pacáiste a shuiteáil ag úsáid npm, reáchtáil an t-ordú seo a leanas:",
 	"packages.npm.install2": "nó cuir leis an gcomhad package.json é:",
-	"packages.npm.dependencies": "Spleithiúlachtaí",
 	"packages.npm.dependencies.development": "Spleithiúlachtaí Forbartha",
 	"packages.npm.dependencies.bundle": "Spleáchais Chuachta",
 	"packages.npm.dependencies.peer": "Spleithiúlachtaí Piaraí",
@@ -106,11 +93,8 @@
 	"packages.npm.details.tag": "Clib",
 	"packages.pypi.requires": "Teastaíonn Python",
 	"packages.pypi.install": "Chun an pacáiste a shuiteáil ag úsáid pip, reáchtáil an t-ordú seo a leanas:",
-	"packages.rpm.registry": "Socraigh an clárlann seo ón líne ordaithe:",
 	"packages.rpm.distros.redhat": "ar dháileadh bunaithe ar RedHat",
 	"packages.rpm.distros.suse": "ar dháileadh bunaithe ar SUSE",
-	"packages.rpm.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
-	"packages.rpm.repository": "Eolas Stóras",
 	"packages.rpm.repository.architectures": "Ailtireachtaí",
 	"packages.rpm.repository.multiple_groups": "Tá an pacáiste seo ar fáil i ngrúpaí éagsúla.",
 	"packages.rubygems.install": "Chun an pacáiste a shuiteáil ag baint úsáide as gem, reáchtáil an t-ordú seo a leanas:",
@@ -119,7 +103,6 @@
 	"packages.rubygems.dependencies.development": "Spleáchais Forbartha",
 	"packages.rubygems.required.ruby": "Éilíonn leagan Ruby",
 	"packages.rubygems.required.rubygems": "Éilíonn leagan RubyGem",
-	"packages.swift.registry": "Socraigh an clárlann seo ón líne ordaithe:",
 	"packages.swift.install": "Cuir an pacáiste i do <code>chomhad Package.swift</code>:",
 	"packages.swift.install2": "agus reáchtáil an t-ordú seo a leanas:",
 	"packages.vagrant.install": "Chun bosca Vagrant a chur leis, reáchtáil an t-ordú seo a leanas:",
@@ -268,7 +251,6 @@
 	"repo.issues.filter_reviewers.hint": "Scag de réir úsáideora a rinne athbhreithniú",
 	"repo.issues.filter_mention.hint": "Scag de réir úsáideora luaite",
 	"repo.issues.filter_modified.hint": "Scag de réir an dáta deiridh a ndearnadh an modhnú air",
-	"repo.issues.filter_sort.hint": "Sórtáil de réir: cruthaithe/tráchtanna/nuashonraithe/spriocdháta",
 	"issues.updated": "nuashonraithe %s",
 	"repo.pulls.poster_manage_approval": "Bainistigh ceadú",
 	"repo.pulls.poster_requires_approval": "Tá roinnt sreafaí oibre <a href=\"%[1]s\">ag fanacht le hathbhreithniú.</a>",
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index 4aee4ef125..f31ecdd067 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Imposta questo registro aggiungendo l'URL nel tuo file <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Scarica la chiave RSA pubblica del registro nella cartella <code>/etc/apk/keys/</code> per verificare la firma dell'indice:",
 	"packages.alpine.registry.info": "scegli $ramo e $repositorio dalla lista sotto.",
-	"packages.alpine.install": "Per installare il pacchetto, eseguire il seguente comando:",
-	"packages.alpine.repository": "Informazioni sul repositorio",
 	"packages.alpine.repository.branches": "Rami",
 	"packages.alpine.repository.repositories": "Repository",
 	"packages.alpine.repository.architectures": "Architetture",
@@ -78,7 +76,6 @@
 	"packages.arch.version.description": "Descrizione",
 	"packages.arch.version.provides": "Fornisce",
 	"packages.arch.version.groups": "Gruppo",
-	"packages.arch.version.depends": "Dipende da",
 	"packages.arch.version.optdepends": "Dipende opzionalmente da",
 	"packages.arch.version.makedepends": "Dipendenze di build",
 	"packages.arch.version.checkdepends": "Dipendenze di controllo",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Imposta il registro nel file di configurazione di Cargo (per esempio <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Per installare il pacchetto usando Cargo esegui il comando seguente:",
 	"packages.chef.registry": "Imposta questo registro nel tuo file <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "Per installare il pacchetto, eseguire il seguente comando:",
 	"packages.composer.registry": "Imposta questo registro nel tuo file <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "Per installare il pacchetto utilizzando Composer, eseguire il seguente comando:",
-	"packages.composer.dependencies": "Dipendenze",
 	"packages.composer.dependencies.development": "Dipendenze Di Sviluppo",
-	"packages.conan.registry": "Configura questo registro dalla riga di comando:",
 	"packages.conan.install": "Per installare il pacchetto usando Conan, eseguire il seguente comando:",
 	"packages.conda.registry": "Imposta questo registro come un repositorio Conda nel tuo file <code>.condarc</code>:",
 	"packages.conda.install": "Per installare il pacchetto usando conda, esegui il comando seguente:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Chiave",
 	"packages.container.labels.value": "Valore",
 	"packages.cran.registry": "Imposta questo registro nel tuo file <code>Rprofile.site</code>:",
-	"packages.cran.install": "Per installare il pacchetto, eseguire il seguente comando:",
-	"packages.debian.registry": "Configura questo registro dalla riga di comando:",
 	"packages.debian.registry.info": "Scegli $distribuzione e $componente dalla lista sotto.",
-	"packages.debian.install": "Per installare il pacchetto, eseguire il seguente comando:",
-	"packages.debian.repository": "Informazioni sul repositorio",
 	"packages.debian.repository.distributions": "Distribuzioni",
 	"packages.debian.repository.components": "Componenti",
 	"packages.debian.repository.architectures": "Architetture",
 	"packages.generic.download": "Scarica il pacchetto dalla riga di comando:",
 	"packages.go.install": "Installa il pacchetto dalla riga di comando:",
-	"packages.helm.registry": "Configura questo registro dalla riga di comando:",
-	"packages.helm.install": "Per installare il pacchetto, eseguire il seguente comando:",
 	"packages.maven.registry": "Configura questo registro nel file <code>pom.xml</code> del tuo progetto:",
 	"packages.maven.install": "Per utilizzare il pacchetto includere i seguenti nel blocco <code>dipendenze</code> nel file <code>pom.xml</code>:",
 	"packages.maven.install2": "Esegui tramite riga di comando:",
 	"packages.maven.download": "Per scaricare la dipendenza, eseguire tramite riga di comando:",
-	"packages.nuget.registry": "Configura questo registro dalla riga di comando:",
 	"packages.nuget.install": "Per installare il pacchetto utilizzando NuGet, eseguire il seguente comando:",
 	"packages.nuget.dependency.framework": "Target Framework",
 	"packages.npm.registry": "Impostare questo registro nel file del progetto <code>.npmrc</code>:",
 	"packages.npm.install": "Per installare il pacchetto usando npm, eseguire il seguente comando:",
 	"packages.npm.install2": "o aggiungerlo al file package.json:",
-	"packages.npm.dependencies": "Dipendenze",
 	"packages.npm.dependencies.development": "Dipendenze Di Sviluppo",
 	"packages.npm.dependencies.bundle": "Dipendenze raggruppate",
 	"packages.npm.dependencies.peer": "Dipendenze Peer",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Tag",
 	"packages.pypi.requires": "Richiede Python",
 	"packages.pypi.install": "Per installare il pacchetto usando pip, eseguire il seguente comando:",
-	"packages.rpm.registry": "Configura questo registro dalla riga di comando:",
 	"packages.rpm.distros.redhat": "sulle distribuzione basate su RedHat",
 	"packages.rpm.distros.suse": "sulle distribuzioni basate su SUSE",
-	"packages.rpm.install": "Per installare il pacchetto, eseguire il seguente comando:",
-	"packages.rpm.repository": "Informazioni sul repositorio",
 	"packages.rpm.repository.architectures": "Architetture",
 	"packages.rpm.repository.multiple_groups": "Questo pacchetto è disponibile in molteplici gruppi.",
-	"packages.alt.registry": "Configura questo registro dalla riga di comando:",
-	"packages.alt.registry.install": "Per installare il pacchetto, esegui il comando seguente:",
 	"packages.alt.install": "Installa pacchetto",
 	"packages.alt.setup": "Aggiungi il repositorio alla lista dei repositori in rete (seleziona l'architettura necessaria al posto di \"_arch_\"):",
-	"packages.alt.repository": "Informazioni del repositorio",
 	"packages.alt.repository.architectures": "Architetture",
 	"packages.alt.repository.multiple_groups": "Questo pacchetto è disponibile per più gruppi.",
 	"packages.rubygems.install": "Per installare il pacchetto usando gem, eseguire il seguente comando:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Dipendenze Di Sviluppo",
 	"packages.rubygems.required.ruby": "Richiede la versione di Ruby",
 	"packages.rubygems.required.rubygems": "Richiede la versione RubyGem",
-	"packages.swift.registry": "Configura questo registro dalla riga di comando:",
 	"packages.swift.install": "Aggiungi il pacchetto nel tuo file <code>Package.swift</code>:",
 	"packages.swift.install2": "ed esegui il comando seguente:",
 	"packages.vagrant.install": "Per aggiungere una scatola Vagrant esegui il comando seguente:",
@@ -459,5 +438,8 @@
 	"teams.remove_all_repos.modal.header": "Rimuovi tutti i repositori",
 	"moderation.action.account.delete": "Elimina profilo",
 	"moderation.action.comment.delete": "Elimina commento",
-	"moderation.action.account.suspend": "Sospendi profilo"
+	"moderation.action.account.suspend": "Sospendi profilo",
+	"repo.issues.filter_reviewers.hint": "Filtra per utente che ha recensito",
+	"repo.issues.filter_mention.hint": "Filtra per utente menzionato",
+	"repo.issues.filter_modified.hint": "Filtra per ultima data modificata"
 }
diff --git a/options/locale_next/locale_ja-JP.json b/options/locale_next/locale_ja-JP.json
index 1afbaa5254..a0f998c0a9 100644
--- a/options/locale_next/locale_ja-JP.json
+++ b/options/locale_next/locale_ja-JP.json
@@ -124,20 +124,15 @@
 	"packages.alpine.registry": "あなたの <code>/etc/apk/repositories</code> ファイルにURLを追加して、このレジストリをセットアップします:",
 	"packages.alpine.registry.key": "インデックス署名の検証のため、レジストリのRSA公開鍵を <code>/etc/apk/keys/</code> フォルダにダウンロードします:",
 	"packages.alpine.registry.info": "$branch と $repository は下にあるリストから選んでください。",
-	"packages.alpine.install": "パッケージをインストールするには、次のコマンドを実行します:",
-	"packages.alpine.repository": "リポジトリ情報",
 	"packages.alpine.repository.branches": "Branches",
 	"packages.alpine.repository.repositories": "Repositories",
 	"packages.alpine.repository.architectures": "Architectures",
 	"packages.cargo.registry": "Cargo 設定ファイルでこのレジストリをセットアップします。(例 <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Cargo を使用してパッケージをインストールするには、次のコマンドを実行します:",
 	"packages.chef.registry": "あなたの <code>~/.chef/config.rb</code> ファイルに、このレジストリをセットアップします:",
-	"packages.chef.install": "パッケージをインストールするには、次のコマンドを実行します:",
 	"packages.composer.registry": "あなたの <code>~/.composer/config.json</code> ファイルに、このレジストリをセットアップします:",
 	"packages.composer.install": "Composer を使用してパッケージをインストールするには、次のコマンドを実行します:",
-	"packages.composer.dependencies": "依存関係",
 	"packages.composer.dependencies.development": "開発用依存関係",
-	"packages.conan.registry": "このレジストリをコマンドラインからセットアップします:",
 	"packages.conan.install": "Conan を使用してパッケージをインストールするには、次のコマンドを実行します:",
 	"packages.conda.registry": "あなたの <code>.condarc</code> ファイルに、このレジストリを Conda リポジトリとしてセットアップします:",
 	"packages.conda.install": "Conda を使用してパッケージをインストールするには、次のコマンドを実行します:",
@@ -151,29 +146,21 @@
 	"packages.container.labels.key": "キー",
 	"packages.container.labels.value": "値",
 	"packages.cran.registry": "あなたの <code>Rprofile.site</code> ファイルに、このレジストリをセットアップします:",
-	"packages.cran.install": "パッケージをインストールするには、次のコマンドを実行します:",
-	"packages.debian.registry": "このレジストリをコマンドラインからセットアップします:",
 	"packages.debian.registry.info": "$distribution と $component は下にあるリストから選んでください。",
-	"packages.debian.install": "パッケージをインストールするには、次のコマンドを実行します:",
-	"packages.debian.repository": "リポジトリ情報",
 	"packages.debian.repository.distributions": "Distributions",
 	"packages.debian.repository.components": "Components",
 	"packages.debian.repository.architectures": "Architectures",
 	"packages.generic.download": "コマンドラインでパッケージをダウンロードします:",
 	"packages.go.install": "コマンドラインでパッケージをインストール:",
-	"packages.helm.registry": "このレジストリをコマンドラインからセットアップします:",
-	"packages.helm.install": "パッケージをインストールするには、次のコマンドを実行します:",
 	"packages.maven.registry": "あなたのプロジェクトの <code>pom.xml</code> ファイルに、このレジストリをセットアップします:",
 	"packages.maven.install": "パッケージを使用するため <code>pom.xml</code> ファイル内の <code>dependencies</code> ブロックに以下を含めます:",
 	"packages.maven.install2": "コマンドラインで実行します:",
 	"packages.maven.download": "依存関係をダウンロードするには、コマンドラインでこれを実行します:",
-	"packages.nuget.registry": "このレジストリをコマンドラインからセットアップします:",
 	"packages.nuget.install": "NuGet を使用してパッケージをインストールするには、次のコマンドを実行します:",
 	"packages.nuget.dependency.framework": "ターゲットフレームワーク",
 	"packages.npm.registry": "あなたのプロジェクトの <code>.npmrc</code> ファイルに、このレジストリをセットアップします:",
 	"packages.npm.install": "npm を使用してパッケージをインストールするには、次のコマンドを実行します:",
 	"packages.npm.install2": "または package.json ファイルに追加します:",
-	"packages.npm.dependencies": "依存関係",
 	"packages.npm.dependencies.development": "開発用依存関係",
 	"packages.npm.dependencies.bundle": "バンドルされた依存関係",
 	"packages.npm.dependencies.peer": "Peer依存関係",
@@ -181,11 +168,8 @@
 	"packages.npm.details.tag": "タグ",
 	"packages.pypi.requires": "必要なPython",
 	"packages.pypi.install": "pip を使用してパッケージをインストールするには、次のコマンドを実行します:",
-	"packages.rpm.registry": "このレジストリをコマンドラインからセットアップします:",
 	"packages.rpm.distros.redhat": "RedHat系ディストリビューションの場合",
 	"packages.rpm.distros.suse": "SUSE系ディストリビューションの場合",
-	"packages.rpm.install": "パッケージをインストールするには、次のコマンドを実行します:",
-	"packages.rpm.repository": "リポジトリ情報",
 	"packages.rpm.repository.architectures": "Architectures",
 	"packages.rpm.repository.multiple_groups": "このパッケージは複数のグループで利用できます。",
 	"packages.rubygems.install": "gem を使用してパッケージをインストールするには、次のコマンドを実行します:",
@@ -194,7 +178,6 @@
 	"packages.rubygems.dependencies.development": "開発用依存関係",
 	"packages.rubygems.required.ruby": "必要なRubyバージョン",
 	"packages.rubygems.required.rubygems": "必要なRubyGemバージョン",
-	"packages.swift.registry": "このレジストリをコマンドラインからセットアップします:",
 	"packages.swift.install": "あなたの <code>Package.swift</code> ファイルにパッケージを追加します:",
 	"packages.swift.install2": "そして次のコマンドを実行します:",
 	"packages.vagrant.install": "Vagrant ボックスを追加するには、次のコマンドを実行します。",
diff --git a/options/locale_next/locale_ka.json b/options/locale_next/locale_ka.json
index 8c6ee7e247..06287b4fe7 100644
--- a/options/locale_next/locale_ka.json
+++ b/options/locale_next/locale_ka.json
@@ -64,11 +64,9 @@
 	"packages.arch.version.description": "აღწერა",
 	"packages.arch.version.provides": "მოგაწვდით",
 	"packages.arch.version.groups": "ჯგუფი",
-	"packages.arch.version.depends": "დამოკიდებულია",
 	"packages.arch.version.conflicts": "კონფლიქტშია",
 	"packages.arch.version.replaces": "ანაცვლებს",
 	"packages.arch.version.backup": "მარქაფი",
-	"packages.composer.dependencies": "დამოკიდებულებები",
 	"packages.container.images.title": "ასლის ფაილები",
 	"packages.container.details.platform": "პლატფორმა",
 	"packages.container.digest": "დაიჯესტი",
@@ -78,7 +76,6 @@
 	"packages.debian.repository.distributions": "დისტრიბუტივები",
 	"packages.debian.repository.components": "კომპონენტები",
 	"packages.debian.repository.architectures": "არქიტექტურები",
-	"packages.npm.dependencies": "დამოკიდებულებები",
 	"packages.npm.details.tag": "ჭდე",
 	"packages.rpm.repository.architectures": "არქიტექტურები",
 	"packages.alt.repository.architectures": "არქიტექტურები",
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index 97c9f6f06e..e83f329d38 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -87,10 +87,7 @@
 	"packages.container.labels.value": "Azal",
 	"moderation.submit_report": "Ceyyeɛ aneqqis",
 	"packages.container.details.type": "Anaw n tugna",
-	"packages.debian.repository": "Talɣut ɣef ukufi",
-	"packages.rpm.repository": "Talɣut ɣef ukufi",
 	"packages.alt.install": "Sbedd akemmus",
-	"packages.alt.repository": "Talɣut ɣef ukufi",
 	"teams.add_all_repos.modal.header": "Rnu ikufiyen akk-nsen",
 	"teams.remove_all_repos.modal.header": "Kkes akk ikufan",
 	"packages.search_in_external_registry": "Nadi deg %s",
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 27fa4452bf..58e7dcb167 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -4,7 +4,7 @@
 	"gpg.error.generate_hash": "Neizdevās izveidot iesūtījuma jaucējkodu",
 	"gpg.error.no_committer_account": "Iesūtītāja e-pasta adrese nav piesaistīta nevienam kontam",
 	"gpg.error.no_gpg_keys_found": "Šim parakstam datubāzē netika atrasta zināma atslēga",
-	"gpg.error.not_signed_commit": "Nav parakstīts iesūtījums",
+	"gpg.error.not_signed_commit": "Neparakstīts iesūtījums",
 	"gpg.error.failed_retrieval_gpg_keys": "Neizdevās iegūt nevienu iesūtītāja kontam piesaistītu atslēgu",
 	"gpg.error.probable_bad_signature": "UZMANĪBU! Lai arī datubāzē ir atslēga ar šādu identifikatoru, tā neapliecina šo iesūtījumu. Šis iesūtījums ir AIZDOMĪGS.",
 	"gpg.error.probable_bad_default_signature": "UZMANĪBU! Lai arī noklusējuma atslēgai ir šis identifikators, tas neapliecina šo iesūtījumu. Šis iesūtījums ir AIZDOMĪGS.",
@@ -19,8 +19,8 @@
 	"notification.mark_all_as_read": "Atzīmēt visus kā izlasītus",
 	"notification.subscriptions": "Abonementi",
 	"notification.watching": "Skatās",
-	"notification.no_subscriptions": "Nav abonementu",
-	"dropzone.default_message": "Ievilkt datnes vai klikšķināt šeit, lai augšupielādētu.",
+	"notification.no_subscriptions": "Nav abonementu.",
+	"dropzone.default_message": "Jāievelk datnes vai jāklikšķina šeit, lai augšupielādētu.",
 	"dropzone.invalid_input_type": "Šī veida datnes nevar augšupielādēt.",
 	"dropzone.file_too_big": "Datnes izmērs ({{filesize}} MB) pārsniedz pieļaujamo izmēru ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Noņemt datni",
@@ -55,32 +55,29 @@
 	"packages.details.repository_site": "Glabātavas tīmekļvietne",
 	"packages.details.documentation_site": "Dokumentācijas tīmekļvietne",
 	"packages.details.license": "Licence",
-	"packages.assets": "Resursi",
+	"packages.assets": "Līdzekļi",
 	"packages.versions": "Versijas",
 	"packages.versions.view_all": "Parādīt visas",
-	"packages.dependency.id": "ID",
+	"packages.dependency.id": "Id",
 	"packages.dependency.version": "Versija",
 	"packages.search_in_external_registry": "Meklēt %s",
 	"packages.alpine.registry": "Iestatīt šo reģistru ar URL pievienošanu datnē <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Reģistra publiskā RSA atslēga jālejupielādē mapē <code>/etc/apk/keys/</code>, lai apliecinātu indeksa parakstu:",
 	"packages.alpine.registry.info": "No zemāk esošā saraksta jāizvēlas $branch un $repository.",
-	"packages.alpine.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
-	"packages.alpine.repository": "Glabātavas informācija",
 	"packages.alpine.repository.branches": "Zari",
 	"packages.alpine.repository.repositories": "Glabātavas",
 	"packages.alpine.repository.architectures": "Arhitektūras",
-	"packages.arch.pacman.helper.gpg": "Jāpievieno uzticēšanās sertifikāts pacman:",
+	"packages.arch.pacman.helper.gpg": "Jāpievieno pacman uzticēšanās sertifikāts:",
 	"packages.arch.pacman.repo.multi": "%s ir tāda pati versija dažādās distribūcijās.",
 	"packages.arch.pacman.repo.multi.item": "%s konfigurācija",
 	"packages.arch.pacman.conf": "<code>/etc/pacman.conf</code> jāpievieno serveris ar atbilstošu distribūciju un arhitektūru:",
-	"packages.arch.pacman.sync": "Jāsinhronizē pakotne ar pacman:",
+	"packages.arch.pacman.sync": "Pakotne jāsinhronizē ar pacman:",
 	"packages.arch.version.properties": "Versijas īpašības",
 	"packages.arch.version.description": "Apraksts",
 	"packages.arch.version.provides": "Nodrošina",
 	"packages.arch.version.groups": "Kopa",
-	"packages.arch.version.depends": "Atkarīga no",
 	"packages.arch.version.optdepends": "Izvēles atkarības",
-	"packages.arch.version.makedepends": "Izveidot atkarības",
+	"packages.arch.version.makedepends": "Izveidošanas atkarības",
 	"packages.arch.version.checkdepends": "Pārbaudīt atkarības",
 	"packages.arch.version.conflicts": "Nesaderības",
 	"packages.arch.version.replaces": "Aizvieto",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Iestatīt šo reģistru Cargo konfigurācijas datnē (piemēram, <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Lai uzstādītu pakotni ar Cargo, jāizpilda šī komanda:",
 	"packages.chef.registry": "Iestatīt šo reģistru datnē <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
 	"packages.composer.registry": "Iestatīt šo reģistru datnē <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "Lai uzstādīt pakotni ar Composer, jāizpilda šī komanda:",
-	"packages.composer.dependencies": "Atkarības",
 	"packages.composer.dependencies.development": "Izstrādes atkarības",
-	"packages.conan.registry": "Šis reģistra uzstādīšana komandrindā:",
 	"packages.conan.install": "Lai uzstādītu pakotni ar Conan, jāizpilda šī komanda:",
 	"packages.conda.registry": "Izveidot šo reģistru kā Conda glabātavu datnē <code>.condarc</code>:",
 	"packages.conda.install": "Lai uzstādītu pakotni ar Conda, jāizpilda šī komanda:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Atslēga",
 	"packages.container.labels.value": "Vērtība",
 	"packages.cran.registry": "Iestatīt šo reģistru datnē <code>Rprofile.site</code>:",
-	"packages.cran.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
-	"packages.debian.registry": "Šis reģistra uzstādīšana komandrindā:",
 	"packages.debian.registry.info": "No zemāk esošā saraksta jāizvēlas $distribution un $component.",
-	"packages.debian.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
-	"packages.debian.repository": "Glabātavas informācija",
 	"packages.debian.repository.distributions": "Distribūcijas",
 	"packages.debian.repository.components": "Komponentes",
 	"packages.debian.repository.architectures": "Arhitektūras",
 	"packages.generic.download": "Lejupielādēt pakotni, izmantojot, komandrindu:",
 	"packages.go.install": "Uzstādīt pakotni komandrindā:",
-	"packages.helm.registry": "Šī reģistra uzstādīšana komandrindā:",
-	"packages.helm.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
 	"packages.maven.registry": "Iestatīt šo reģistru sava projekta datnē <code>pom.xml</code>:",
 	"packages.maven.install": "Lai izmantotu pakotni, datnes <code>pom.xml</code> sadaļā <code>dependencies</code> jāievieto šīs rindas:",
 	"packages.maven.install2": "Jāizpilda komandrindā:",
 	"packages.maven.download": "Jāizpilda komandrindā, lai lejupielādētu šo atkarību:",
-	"packages.nuget.registry": "Šī reģistra uzstādīšana komandrindā:",
 	"packages.nuget.install": "Lai uzstādītu pakotni ar NuGet, jāizpilda šī komanda:",
 	"packages.nuget.dependency.framework": "Mērķa ietvars",
 	"packages.npm.registry": "Iestatīt šo reģistru sava projekta datnē <code>.npmrc</code>:",
 	"packages.npm.install": "Lai uzstādītu pakotni ar npm, jāizpilda šī komanda:",
 	"packages.npm.install2": "vai datnē package.json jāpievieno:",
-	"packages.npm.dependencies": "Atkarības",
 	"packages.npm.dependencies.development": "Izstrādes atkarības",
 	"packages.npm.dependencies.bundle": "Iekļautās atkarības",
 	"packages.npm.dependencies.peer": "Līdzatkarības",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Birka",
 	"packages.pypi.requires": "Nepieciešams Python",
 	"packages.pypi.install": "Lai uzstādītu pakotni ar pip, jāizpilda šī komanda:",
-	"packages.rpm.registry": "Šī reģistra uzstādīšana komandrindā:",
 	"packages.rpm.distros.redhat": "uz RedHat balstītās operētājsistēmās",
 	"packages.rpm.distros.suse": "uz SUSE balstītās operētājsistēmās",
-	"packages.rpm.install": "Lai uzstādītu pakotni, ir jāizpilda šī komanda:",
-	"packages.rpm.repository": "Glabātavas informācija",
 	"packages.rpm.repository.architectures": "Arhitektūras",
 	"packages.rpm.repository.multiple_groups": "Šī pakotne ir pieejama vairākās kopās.",
-	"packages.alt.registry": "Šī reģistra uzstādīšana komandrindā:",
-	"packages.alt.registry.install": "Lai uzstādītu pakotni, jāizpilda šī komanda:",
 	"packages.alt.install": "Uzstādīt pakotni",
 	"packages.alt.setup": "Pievienot glabātavu savienoto glabātavu sarakstā (\"_arch_\" vietā jāizvēlas nepieciešamā arhitektūra):",
-	"packages.alt.repository": "Informācija par glabātavu",
 	"packages.alt.repository.architectures": "Arhitektūras",
 	"packages.alt.repository.multiple_groups": "Šī pakotne ir pieejama vairākās kopās.",
 	"packages.rubygems.install": "Lai uzstādītu pakotni ar gem, jāizpilda šī komanda:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Izstrādes atkarības",
 	"packages.rubygems.required.ruby": "Nepieciešamā Ruby versija",
 	"packages.rubygems.required.rubygems": "Nepieciešamā RubyGem versija",
-	"packages.swift.registry": "Šī reģistra uzstādīšana komandrindā:",
 	"packages.swift.install": "Pakotne jāpievieno datnē <code>Package.swift</code>:",
 	"packages.swift.install2": "vai jāpievieno tā Gemfile:",
 	"packages.vagrant.install": "Lai pievienotu Vagrant kasti, jāizpilda šī komanda:",
@@ -410,9 +389,9 @@
 	"actions.runners.task_list.commit": "Iesūtījums",
 	"actions.runners.task_list.done_at": "Pabeigts",
 	"actions.runners.edit_runner": "Labot izpildītāju",
-	"actions.runners.update_runner.button": "Atjaunināt izmaiņas",
-	"actions.runners.update_runner.success": "Izpildītājs sekmīgi atjaunināts",
-	"actions.runners.update_runner.failed": "Neizdevās atjaunināt izpildītāju",
+	"actions.runners.update_runner.button": "Saglabāt izmaiņas",
+	"actions.runners.update_runner.success": "Izpildītājs sekmīgi labots",
+	"actions.runners.update_runner.failed": "Neizdevās labot izpildītāju",
 	"actions.runners.delete_runner.button": "Dzēst izpildītāju",
 	"actions.runners.delete_runner.success": "Izpildītājs sekmīgi izdzēsts",
 	"actions.runners.delete_runner.failed": "Neizdevās izdzēst izpildītāju",
@@ -483,7 +462,6 @@
 	"repo.issues.filter_reviewers.hint": "Atlasīt pēc lietotāja, kurš izskatīja",
 	"repo.issues.filter_mention.hint": "Atlasīt pēc lietotāja, kurš ir pieminēts",
 	"repo.issues.filter_modified.hint": "Atlasīt pēc pēdējā izmainīšanas datuma",
-	"repo.issues.filter_sort.hint": "Kārtot pēc: izveidots/piebildes/atjaunināts/beigu datums",
 	"search.syntax": "Meklēšanas pieraksts",
 	"actions.workflow.persistent_incomplete_matrix": "Nav iespējams izvērtēt darba %[1]s `strategy.matrix` nederīgas `needs` izteiksmes dēļ. Tas, iespējams, atsaucas uz darbu, kas nav tā 'needs' sarakstā (%[2]s), vai izvadi, kas nepastāv kādā no darbiem.",
 	"admin.auths.oauth2_quota_group_claim_name": "Prasības nosaukums, kas sniedz kopu nosaukumus šim avotam, kas tiks izmantots apjomu pārvaldībai. (Pēc izvēles)",
@@ -534,5 +512,15 @@
 	"editor.toggle_whole_word": "Pārslēgt atbilstību veseliem vārdiem",
 	"repo.view.gitmodules_too_large": "Datne .gitmodules ir pārāk liela un netiks ņemta vērā (piemēram, API izsaukumos)",
 	"install.ssh_authorized_keys_inspection_error": "Neizdevās pārbaudīt esošu authorized_keys datni: %v",
-	"install.ssh_authorized_keys_unexpected_key": "SSH iespējošana Forgejo nesader ar datni, kas atrodas %s, kas satur esošas SSH atslēgas. Ieteikumi: Forgejo vajadzībām izmantot atsevišķu sistēmas lietotāju vai atspējot SSH."
+	"install.ssh_authorized_keys_unexpected_key": "SSH iespējošana Forgejo nesader ar datni, kas atrodas %s, kas satur esošas SSH atslēgas. Ieteikumi: Forgejo vajadzībām izmantot atsevišķu sistēmas lietotāju vai atspējot SSH.",
+	"issues.filters.labels.exclude": "Neiekļaut iezīmi",
+	"issues.filters.labels.unexclude": "Notīrīt neiekļaušanu",
+	"actions.secrets.creation.name_description": "Noslēpuma nosaukums var saturēt tikai burtus, ciparus un zemsvītras. Tas nevar sākties ar FORGEJO_, GITEA_, GITHUB_ vai ciparu. Forgejo automātiski pārveidos to uz visiem lielajiem burtiem.",
+	"actions.variables.mutation.name_description": "Mainīgā nosaukums var saturēt tikai burtus, ciparus un zemsvītras. Tā nosaukums nevar būt CI vai sākties ar FORGEJO_, GITEA_, GITHUB_ vai ciparu. Forgejo automātiski pārveidos to uz visiem lielajiem burtiem.",
+	"actions.variables.mutation.value_description": "Mainīgā vērtība var būt jebkāds teksts. Īpašās rakstzīmes tiek paturētas. CRLF (Windows līniju pārrāvumi) tiek automātiski pārveidoti par LF. Kodēt vērtību ar Base64, ja būtu jāsaglabā sākotnējie līniju pārrāvumi.",
+	"actions.secrets.creation.value_description": "Noslēpuma vērtība var būt jebkāds teksts. Īpašās rakstzīmes tiek saglabātas. CRLF (Windows līniju pārrāvumi) tiek automātiski pārveidoti par LF. Kodēt vērtību ar Base64, ja būtu jāsaglabā sākotnējie līniju pārrāvumi.",
+	"packages.common.install": "Lai uzstādītu pakotni, jāizpilda šī komanda:",
+	"packages.common.registry": "Šis reģistrs ir iestatāms komandrindā:",
+	"packages.common.repository": "Informācija par glabātavu",
+	"actions.runs.all_runs_link": "visas izpildīšanas"
 }
diff --git a/options/locale_next/locale_nb_NO.json b/options/locale_next/locale_nb_NO.json
index f7e1cbaf4d..3fe643bf12 100644
--- a/options/locale_next/locale_nb_NO.json
+++ b/options/locale_next/locale_nb_NO.json
@@ -116,7 +116,6 @@
 	"repo.issues.filter_reviewers.hint": "Filtrer etter bruker som anmelder",
 	"repo.issues.filter_mention.hint": "Filtrer etter nevnt bruker",
 	"repo.issues.filter_modified.hint": "Filtrer etter sist endret dato",
-	"repo.issues.filter_sort.hint": "Sorter etter: skapt/kommentarer/oppdatert/deadline",
 	"repo.pulls.poster_manage_approval": "Endre godkjenning",
 	"repo.pulls.poster_requires_approval": "Noen workflow <a href=\"%[1]s\">venter på å blir anmeldt.</a>",
 	"repo.pulls.poster_requires_approval.tooltip": "Skaperen av denne pull requesten er ikke verifisert til å kjøre workflow som blei kjørt av en pull request skapt i fra en forket repositorie eller med AGit. Workflowene som blei kjørt av `pull_request` event vil ikke kjøre inntil de blir godkjent.",
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 6f26c757f7..0ebdb84036 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -19,9 +19,9 @@
 	"notification.mark_all_as_read": "All as lesen markeren",
 	"notification.subscriptions": "Abonneerens",
 	"notification.watching": "Beluren",
-	"notification.no_subscriptions": "Nix abonneert",
+	"notification.no_subscriptions": "Du hest nix abonneert.",
 	"dropzone.default_message": "Laat Dateien hier fallen of klick hier tum Upladen.",
-	"dropzone.invalid_input_type": "Du kannst deese Aard vun Dateien nich upladen.",
+	"dropzone.invalid_input_type": "Dateien vun deeser Aard könen nich upladen worden.",
 	"dropzone.file_too_big": "Dateigrött ({{filesize}} MB) is boven de hoogste Dateigrött vun {{maxFilesize}} MB.",
 	"dropzone.remove_file": "Datei wegdoon",
 	"munits.data.b": "B",
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Richt deese Paketlist in, indeem du de URL in diene <code>/etc/apk/repositories</code>-Datei inföögst:",
 	"packages.alpine.registry.key": "Laad de publiken RSA-Slötel vun de Paketlist in dat Verteeknis <code>/etc/apk/keys/</code> runner, um de Index-Unnerschrift uttowiesen:",
 	"packages.alpine.registry.info": "Köör $branch un $repository ut de List unnern ut.",
-	"packages.alpine.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
-	"packages.alpine.repository": "Repositoriums-Informatioon",
 	"packages.alpine.repository.branches": "Twiegen",
 	"packages.alpine.repository.repositories": "Repositoriums",
 	"packages.alpine.repository.architectures": "Architekturen",
@@ -78,7 +76,6 @@
 	"packages.arch.version.description": "Beschrieven",
 	"packages.arch.version.provides": "Stellt paraat",
 	"packages.arch.version.groups": "Grupp",
-	"packages.arch.version.depends": "Hangt of vun",
 	"packages.arch.version.optdepends": "Hangt nich nödig of vun",
 	"packages.arch.version.makedepends": "Bau-Ofhangens",
 	"packages.arch.version.checkdepends": "Överprüfens-Ofhangens",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Richt deese Paketlist in de Cargo-Instellens-Datei in (to’n Bispööl <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Um dat Paket mit Cargo to installeren, föhr deese Oorder ut:",
 	"packages.chef.registry": "Richt deese Paketlist in diener <code>~/.chef/config.rb</code>-Datei in:",
-	"packages.chef.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
 	"packages.composer.registry": "Richt deese Paketlist in diener <code>~/.composer/config.json</code>-Datei in:",
 	"packages.composer.install": "Um dat Paket mit Composer to installeren, föhr deese Oorder ut:",
-	"packages.composer.dependencies": "Ofhangens",
 	"packages.composer.dependencies.development": "Entwicklens-Ofhangens",
-	"packages.conan.registry": "Richt deese Paketlist vun de Oorderreeg in:",
 	"packages.conan.install": "Um dat Paket mit Conan to installeren, föhr deese Oorder ut:",
 	"packages.conda.registry": "Richt deese Paketlist as een Conda-Repositorium in diener <code>~/.condarc</code>-Datei in:",
 	"packages.conda.install": "Um dat Paket mit Conda to installeren, föhr deese Oorder ut:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Slötel",
 	"packages.container.labels.value": "Weert",
 	"packages.cran.registry": "Richt deese Paketlist in diener <code>Rprofile.site</code>-Datei in:",
-	"packages.cran.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
-	"packages.debian.registry": "Richt deese Paketlist vun de Oorderreeg in:",
 	"packages.debian.registry.info": "Köör $distribution un $component ut de unnern List ut.",
-	"packages.debian.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
-	"packages.debian.repository": "Repositoriums-Informatioon",
 	"packages.debian.repository.distributions": "Verdeelens",
 	"packages.debian.repository.components": "Delen",
 	"packages.debian.repository.architectures": "Architekturen",
 	"packages.generic.download": "Laad deeses Paket vun de Oorderreeg runner:",
 	"packages.go.install": "Installeer dat Paket vun de Oorderreeg:",
-	"packages.helm.registry": "Richt deese Paketlist vun de Oorderreeg in:",
-	"packages.helm.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
 	"packages.maven.registry": "Richt deese Paketlist in diener <code>pom.xml</code>-Datei in:",
 	"packages.maven.install": "Um dat Paket to bruken, giff in de <code>dependencies</code>-Deel vun de <code>pom.xml</code>-Datei dat an:",
 	"packages.maven.install2": "Vun de Oorderreeg utföhren:",
 	"packages.maven.download": "Um de Ofhangen runnertoladen, föhr in de Oorderreeg ut:",
-	"packages.nuget.registry": "Richt deese Paketlist vun de Oorderreeg in:",
 	"packages.nuget.install": "Um dat Paket mit NuGet to installeren, föhr deese Oorder ut:",
 	"packages.nuget.dependency.framework": "Enn-Rahmwark",
 	"packages.npm.registry": "Richt deese Paketlist in de <code>.npmrc</code>-Datei vun dienem Projekt in:",
 	"packages.npm.install": "Um dat Paket mit npm to installeren, föhr deese Oorder ut:",
 	"packages.npm.install2": "of föög dat to de »package.json«-Datei hento:",
-	"packages.npm.dependencies": "Ofhangens",
 	"packages.npm.dependencies.development": "Entwicklens-Ofhangens",
 	"packages.npm.dependencies.bundle": "Mitbrocht Ofhangens",
 	"packages.npm.dependencies.peer": "Maten-Ofhangens",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Mark",
 	"packages.pypi.requires": "Bruukt Python",
 	"packages.pypi.install": "Um dat Paket mit pip to installeren, föhr deese Oorder ut:",
-	"packages.rpm.registry": "Richt deese Paketlist vun de Oorderreeg in:",
 	"packages.rpm.distros.redhat": "Up Verdeelens mit RedHat as Grundlaag",
 	"packages.rpm.distros.suse": "Up Verdeelens mit SUSE as Grundlaag",
-	"packages.rpm.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
-	"packages.rpm.repository": "Repositoriums-Informatioon",
 	"packages.rpm.repository.architectures": "Architekturen",
 	"packages.rpm.repository.multiple_groups": "Deeses Paket is in mennig Gruppen verföögbaar.",
-	"packages.alt.registry": "Richt deese Paketlist vun de Oorderreeg in:",
-	"packages.alt.registry.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
 	"packages.alt.install": "Paket installeren",
 	"packages.alt.setup": "Föög een Repositorium to de List vun verbunnen Repositoriums hento (köör de nödige Architektuur in Stee vun »_arch_« ut):",
-	"packages.alt.repository": "Repositoriums-Informatioon",
 	"packages.alt.repository.architectures": "Architekturen",
 	"packages.alt.repository.multiple_groups": "Deeses Paket is in mennig Gruppen verföögbaar.",
 	"packages.rubygems.install": "Um dat Paket mit gem to installeren, föhr deese Oorder ut:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Entwicklens-Ofhangens",
 	"packages.rubygems.required.ruby": "Bruukt Ruby-Versioon",
 	"packages.rubygems.required.rubygems": "Bruukt RubyGem-Versioon",
-	"packages.swift.registry": "Richt deese Paketlist vun de Oorderreeg in:",
 	"packages.swift.install": "Föög dat Paket in diener <code>Package.swift</code>-Datei hento:",
 	"packages.swift.install2": "un föhr deese Oorder ut:",
 	"packages.vagrant.install": "Um eene Vagrant-Kist hentotofögen, föhr deese Oorder ut:",
@@ -392,16 +371,16 @@
 	"actions.runners.last_online": "Tolest verbunnen",
 	"actions.runners.runner_title": "Loper",
 	"actions.runners.task_list": "Leste Upgaven up deesem Loper",
-	"actions.runners.task_list.no_tasks": "Dat gifft noch keene Upgaav.",
+	"actions.runners.task_list.no_tasks": "Dat gifft noch keene Upgaven.",
 	"actions.runners.task_list.run": "Utföhren",
 	"actions.runners.task_list.status": "Tostand",
 	"actions.runners.task_list.repository": "Repositorium",
 	"actions.runners.task_list.commit": "Kommitteren",
 	"actions.runners.task_list.done_at": "Daan um",
 	"actions.runners.edit_runner": "Loper bewarken",
-	"actions.runners.update_runner.button": "Ännerns vernejen",
-	"actions.runners.update_runner.success": "Loper verneeit",
-	"actions.runners.update_runner.failed": "Kunn Loper nich vernejen",
+	"actions.runners.update_runner.button": "Ännerns sekern",
+	"actions.runners.update_runner.success": "Loper bewarkt",
+	"actions.runners.update_runner.failed": "Kunn Loper nich bewarken",
 	"actions.runners.delete_runner.button": "Deesen Loper wegdoon",
 	"actions.runners.delete_runner.success": "Loper wegdaan",
 	"actions.runners.delete_runner.failed": "Kunn Loper nich wegdoon",
@@ -436,8 +415,8 @@
 	"teams.add_all_repos.modal.header": "All Repositoriums hentofögen",
 	"teams.remove_all_repos.modal.header": "All Repositoriums wegdoon",
 	"repo.pulls.poster_manage_approval": "Tostimmen verwalten",
-	"repo.pulls.poster_requires_approval": "Eenige Warkwiesen <a href=\"%[1]s\">wachten up een Nakieken.</a>",
-	"repo.pulls.poster_is_trusted": "De Schriever vun deesem Haalvörslag word <a href=\"%[1]s\">alltied vertroot, Warkwiesen uttoföhren.</a>",
+	"repo.pulls.poster_requires_approval": "Eenige Warkwiesen <a href=\"%[1]s\">wachten up een Nakieken</a>.",
+	"repo.pulls.poster_is_trusted": "De Schriever vun deesem Haalvörslag word <a href=\"%[1]s\">alltied vertroot, Warkwiesen uttoföhren</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "De Schriever vun deesem Haalvörslag word nich vertroot, Warkwiesen uttoföhren, wat vun eenem Haalvörslag ut eener Gavel of mit AGit utlööst worden. De Warkwiesen, wat vun eenem `pull_request`-Vörfall utlööst worden, lopen eerst dann, wenn se tostimmt worden.",
 	"repo.pulls.poster_is_trusted.tooltip": "De Schriever vun deesem Haalvörslag word utdrückelk vertroot, Warkwiesen uttoföhren, wat vun `pull_request`-Vörfallen utlööst worden.",
 	"repo.pulls.poster_trust_deny": "Verseggen",
@@ -468,7 +447,6 @@
 	"repo.issues.filter_reviewers.hint": "Na Nakieker filtern",
 	"repo.issues.filter_mention.hint": "Na benöömt Bruker filtern",
 	"repo.issues.filter_modified.hint": "Na lestem Ännern filtern",
-	"repo.issues.filter_sort.hint": "Sorteren na: maakt/Kommentaren/verneeit/Anstahn",
 	"search.syntax": "Söök-Syntax",
 	"actions.workflow.persistent_incomplete_matrix": "Kann de `strategy.matrix` vun Upgaav %[1]s nich utweerten, denn een `needs`-Utdruck weer ungültig. Verlicht benöömt dat eene Upgaav, wat nich in hör »needs«-List is (%[2]s), of eene Utgaav, wat in keener vun deeser Upgaven vörkummt.",
 	"admin.auths.oauth2_quota_group_map": "In Anspröök nohmen Gruppen up Quoten-Gruppen ofbillen. (Wenn du willst – bruukt Anspröök-Naam boven)",
@@ -523,5 +501,12 @@
 	"actions.secrets.creation.name_description": "De Naam vun eenem Geheemst kann blots Bookstaven, Tahlen un Unnerstreken enthollen. ’t kann nich mit FORGEJO_, GITEA_, GITHUB_ of eener Tahl begünnen. Forgejo word de Naam automatisk in Grotbookstavens umwanneln.",
 	"actions.variables.mutation.name_description": "De Naam vun eener Variaabel kann blots Bookstaven, Tahlen un Unnerstreken enthollen. ’t kann nich CI heten of mit FORGEJO_, GITEA_, GITHUB_ of eener Tahl begünnen. Forgejo word de Naam automatisk in Grotbookstavens umwanneln.",
 	"actions.secrets.creation.value_description": "De Weert vun eenem Geheemst kann elkeen Text wesen. Besünnere Tekens worden behollen. CRLF (Riegenennen na Windows-Aard) worden automatisk in LF umwannelt. Kodeer de Weert mit Base64, wenn Riegenennen behollen worden sallen.",
-	"actions.variables.mutation.value_description": "De Weert vun eener Variaabel kann elkeen Text wesen. Besünnere Tekens worden behollen. CRLF (Riegenennen na Windows-Aard) worden automatisk in LF umwannelt. Kodeer de Weert mit Base64, wenn Riegenennen behollen worden sallen."
+	"actions.variables.mutation.value_description": "De Weert vun eener Variaabel kann elkeen Text wesen. Besünnere Tekens worden behollen. CRLF (Riegenennen na Windows-Aard) worden automatisk in LF umwannelt. Kodeer de Weert mit Base64, wenn Riegenennen behollen worden sallen.",
+	"issues.filters.labels.exclude": "Vermark utsluten",
+	"issues.filters.labels.unexclude": "Utsluten leegmaken",
+	"packages.common.install": "Um dat Paket to installeren, föhr deese Oorder ut:",
+	"packages.common.registry": "Richt deese Paketlist vun de Oorderrieg in:",
+	"packages.common.repository": "Repositoriums-Informatioon",
+	"actions.runs.all_runs_link": "All Utföhrens",
+	"repo.issues.filter_sort.hint_with_placeholder": "Sorteren na: %s"
 }
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index 801ac2b29d..d342a8ddf0 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Stel dit register in door de url toe te voegen aan je <code>/etc/apk/repositories</code> bestand:",
 	"packages.alpine.registry.key": "Download de openbare RSA-sleutel van het register in de map <code>/etc/apk/keys/</code> om de indexhandtekening te verifiëren:",
 	"packages.alpine.registry.info": "Kies $branch en $repository uit de onderstaande lijst.",
-	"packages.alpine.install": "Voer het volgende commando uit om het pakket te installeren:",
-	"packages.alpine.repository": "Repository informatie",
 	"packages.alpine.repository.branches": "Branches",
 	"packages.alpine.repository.repositories": "Repositories",
 	"packages.alpine.repository.architectures": "Architecturen",
@@ -78,7 +76,6 @@
 	"packages.arch.version.description": "Beschrijving",
 	"packages.arch.version.provides": "Biedt",
 	"packages.arch.version.groups": "Groep",
-	"packages.arch.version.depends": "Afhankelijk van",
 	"packages.arch.version.optdepends": "Optioneel is afhankelijk van",
 	"packages.arch.version.makedepends": "Maken is afhankelijk van",
 	"packages.arch.version.checkdepends": "Controleer is afhankelijk van",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Stel dit register in het Cargo configuratiebestand in (bijvoorbeeld <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Voer de volgende opdracht uit om het pakket met Cargo te installeren:",
 	"packages.chef.registry": "Stel dit register in je <code>~/.chef/config.rb</code> bestand:",
-	"packages.chef.install": "Voer het volgende commando uit om het pakket te installeren:",
 	"packages.composer.registry": "Stel dit register in je <code>~/.composer/config.json</code> bestand:",
 	"packages.composer.install": "Voer de volgende opdracht uit om het pakket met Composer te installeren:",
-	"packages.composer.dependencies": "Afhankelijkheden",
 	"packages.composer.dependencies.development": "Ontwikkelings afhankelijkheden",
-	"packages.conan.registry": "Stel dit register in vanaf de terminal:",
 	"packages.conan.install": "Voer het volgende commando uit om het pakket met Conan te installeren:",
 	"packages.conda.registry": "Stel dit register in als een Conda repository in je <code>.condarc</code> bestand:",
 	"packages.conda.install": "Voer het volgende commando uit om het pakket met Conda te installeren:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Sleutel",
 	"packages.container.labels.value": "Waarde",
 	"packages.cran.registry": "Stel dit register in je <code>Rprofile.site</code> bestand:",
-	"packages.cran.install": "Voer het volgende commando uit om het pakket te installeren:",
-	"packages.debian.registry": "Stel dit register in vanaf de terminal:",
 	"packages.debian.registry.info": "Kies $distribution en $component uit de onderstaande lijst.",
-	"packages.debian.install": "Voer het volgende commando uit om het pakket te installeren:",
-	"packages.debian.repository": "Repository informatie",
 	"packages.debian.repository.distributions": "Distributies",
 	"packages.debian.repository.components": "Componenten",
 	"packages.debian.repository.architectures": "Architecturen",
 	"packages.generic.download": "Pakket downloaden vanaf de terminal:",
 	"packages.go.install": "Installeer het pakket vanaf de terminal:",
-	"packages.helm.registry": "Stel dit register in vanaf de terminal:",
-	"packages.helm.install": "Voer het volgende commando uit om het pakket te installeren:",
 	"packages.maven.registry": "Stel dit register in het <code>pom.xml</code> bestand van je project:",
 	"packages.maven.install": "Om het pakket te gebruiken, voeg het volgende toe aan het <code>dependencies</code> blok in het <code>pom.xml</code> bestand:",
 	"packages.maven.install2": "Uitvoeren via opdrachtregel:",
 	"packages.maven.download": "Voer de opdrachtregel uit om de dependencies te downloaden:",
-	"packages.nuget.registry": "Stel dit register in vanaf de terminal:",
 	"packages.nuget.install": "Voer het volgende commando uit om het pakket met NuGet te installeren:",
 	"packages.nuget.dependency.framework": "Target Framework",
 	"packages.npm.registry": "Stel dit register in het <code>.npmrc</code> bestand van je project:",
 	"packages.npm.install": "Voer het volgende commando uit om het pakket met npm te installeren:",
 	"packages.npm.install2": "of voeg het toe aan het package.json bestand:",
-	"packages.npm.dependencies": "Afhankelijkheden",
 	"packages.npm.dependencies.development": "Ontwikkelings afhankelijkheden",
 	"packages.npm.dependencies.bundle": "Gebundelde dependencies",
 	"packages.npm.dependencies.peer": "Peer afhankelijkheden",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Label",
 	"packages.pypi.requires": "Python vereist",
 	"packages.pypi.install": "Voer het volgende commando uit om het pakket met pip te installeren:",
-	"packages.rpm.registry": "Stel dit register in vanaf de terminal:",
 	"packages.rpm.distros.redhat": "op distributies gebaseerd op RedHat",
 	"packages.rpm.distros.suse": "op SUSE gebaseerde distributies",
-	"packages.rpm.install": "Voer het volgende commando uit om het pakket te installeren:",
-	"packages.rpm.repository": "Repository informatie",
 	"packages.rpm.repository.architectures": "Architecturen",
 	"packages.rpm.repository.multiple_groups": "Dit pakket is beschikbaar in meerdere groepen.",
-	"packages.alt.registry": "Stel dit register in vanaf de opdrachtregel:",
-	"packages.alt.registry.install": "Voer het volgende commando uit om het pakket te installeren:",
 	"packages.alt.install": "Pakket installeren",
 	"packages.alt.setup": "Voeg een repository toe aan de lijst met gekoppelde repositories (kies de benodigde architectuur in plaats van \"_arch_\"):",
-	"packages.alt.repository": "Repository info",
 	"packages.alt.repository.architectures": "Architecturen",
 	"packages.alt.repository.multiple_groups": "Dit pakket is beschikbaar in meerdere groepen.",
 	"packages.rubygems.install": "Voer het volgende commando uit om het pakket met gem te installeren:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Ontwikkelings dependencies",
 	"packages.rubygems.required.ruby": "Vereist Ruby versie",
 	"packages.rubygems.required.rubygems": "Vereist RubyGem versie",
-	"packages.swift.registry": "Stel dit register in vanaf de terminal:",
 	"packages.swift.install": "Voeg het pakket toe in je <code>Package.swift</code> bestand:",
 	"packages.swift.install2": "en voer het volgende commando uit:",
 	"packages.vagrant.install": "Om een Vagrant box toe te voegen, voer je het volgende commando uit:",
@@ -468,7 +447,6 @@
 	"repo.issues.filter_mention.hint": "Filteren op genoemde gebruiker",
 	"repo.issues.filter_reviewers.hint": "Filteren op gebruiker die beoordeelde",
 	"repo.issues.filter_modified.hint": "Filteren op laatst gewijzigde datum",
-	"repo.issues.filter_sort.hint": "Sorteer op: aangemaakt/reacties/updated/deadline",
 	"repo.view.gitmodules_too_large": "Het .gitmodules-bestand is te groot en wordt genegeerd (bijvoorbeeld bij API-aanroepen)",
 	"search.syntax": "Syntaxis zoeken",
 	"search.fuzzy": "Fuzzy",
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index 2b65650060..d559a3f776 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Skonfiguruj ten rejestr dodając url do twojego pliku <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Pobierz klucz publiczny RSA rejestru do folderu <code>/etc/apk/keys/</code> by zweryfikować podpis indeksu:",
 	"packages.alpine.registry.info": "Wybierz $branch i $repository z listy poniżej.",
-	"packages.alpine.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
-	"packages.alpine.repository": "Informacje o repozytorium",
 	"packages.alpine.repository.branches": "Gałęzie",
 	"packages.alpine.repository.repositories": "Repozytoria",
 	"packages.alpine.repository.architectures": "Architektury",
@@ -78,7 +76,6 @@
 	"packages.arch.version.description": "Opis",
 	"packages.arch.version.provides": "Zapewnia",
 	"packages.arch.version.groups": "Grupa",
-	"packages.arch.version.depends": "Zależności",
 	"packages.arch.version.optdepends": "Opcjonalne zależności",
 	"packages.arch.version.makedepends": "Zależności budowy",
 	"packages.arch.version.checkdepends": "Zależności weryfikacji",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Skonfiguruj ten rejestr w pliku konfiguracyjnym Cargo (na przykład <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "By zainstalować ten pakiet przy użyciu Cargo, wykonaj następujące polecenie:",
 	"packages.chef.registry": "Skonfiguruj ten rejestr w twoim pliku <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
 	"packages.composer.registry": "Skonfiguruj ten rejestr w twoim pliku <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "By zainstalować ten pakiet przy użyciu Composer, wykonaj następujące polecenie:",
-	"packages.composer.dependencies": "Zależności",
 	"packages.composer.dependencies.development": "Zależności programistyczne",
-	"packages.conan.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
 	"packages.conan.install": "By zainstalować ten pakiet przy użyciu Conan, wykonaj następujące polecenie:",
 	"packages.conda.registry": "Skonfiguruj ten rejestr jako repozytorium Conda w twoim pliku <code>.condarc</code>:",
 	"packages.conda.install": "By zainstalować ten pakiet przy użyciu Conda, wykonaj następujące polecenie:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Klucz",
 	"packages.container.labels.value": "Wartość",
 	"packages.cran.registry": "Skonfiguruj ten rejestr w twoim pliku <code>Rprofile.site</code>:",
-	"packages.cran.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
-	"packages.debian.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
 	"packages.debian.registry.info": "Wybierz $distribution i $component z listy poniżej.",
-	"packages.debian.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
-	"packages.debian.repository": "Informacje o repozytorium",
 	"packages.debian.repository.distributions": "Dystrybucje",
 	"packages.debian.repository.components": "Komponenty",
 	"packages.debian.repository.architectures": "Architektury",
 	"packages.generic.download": "Pobierz pakiet z wiersza poleceń:",
 	"packages.go.install": "Zainstaluj pakiet z wiersza poleceń:",
-	"packages.helm.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
-	"packages.helm.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
 	"packages.maven.registry": "Skonfiguruj ten rejestr w twoim pliku projektu <code>pom.xml</code>:",
 	"packages.maven.install": "By użyć tego pakietu dołącz następującą treść w bloku <code>dependencies</code> w pliku <code>pom.xml</code>:",
 	"packages.maven.install2": "Uruchom z wiersza poleceń:",
 	"packages.maven.download": "By pobrać zależność, wykonaj w wierszu poleceń:",
-	"packages.nuget.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
 	"packages.nuget.install": "By zainstalować ten pakiet przy użyciu NuGet, wykonaj następujące polecenie:",
 	"packages.nuget.dependency.framework": "Framework Docelowy",
 	"packages.npm.registry": "Skonfiguruj ten rejestr w pliku projektu <code>.npmrc</code>:",
 	"packages.npm.install": "By zainstalować ten pakiet przy użyciu npm, wykonaj następujące polecenie:",
 	"packages.npm.install2": "lub dodaj to do pliku package.json:",
-	"packages.npm.dependencies": "Zależności",
 	"packages.npm.dependencies.development": "Zależności programistyczne",
 	"packages.npm.dependencies.bundle": "Dołączone zależności",
 	"packages.npm.dependencies.peer": "Zależności rówieśnicze",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Znacznik",
 	"packages.pypi.requires": "Wymagany Python",
 	"packages.pypi.install": "By zainstalować ten pakiet przy użyciu pip, wykonaj następujące polecenie:",
-	"packages.rpm.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
 	"packages.rpm.distros.redhat": "na dystrybucjach opartych o RedHat",
 	"packages.rpm.distros.suse": "na dystrybucjach opartych o SUSE",
-	"packages.rpm.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
-	"packages.rpm.repository": "Informacje o repozytorium",
 	"packages.rpm.repository.architectures": "Architektury",
 	"packages.rpm.repository.multiple_groups": "Ten pakiet jest dostępny w wielu grupach.",
-	"packages.alt.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
-	"packages.alt.registry.install": "By zainstalować ten pakiet, wykonaj następujące polecenie:",
 	"packages.alt.install": "Zainstaluj pakiet",
 	"packages.alt.setup": "Dodaj repozytorium do listy połączonych repozytoriów (wybierz wymaganą architekturę zamiast '_arch_'):",
-	"packages.alt.repository": "Informacje o repozytorium",
 	"packages.alt.repository.architectures": "Architektury",
 	"packages.alt.repository.multiple_groups": "Ten pakiet jest dostępny w wielu grupach.",
 	"packages.rubygems.install": "By zainstalować ten pakiet przy użyciu gem, wykonaj następujące polecenie:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Zależności programistyczne",
 	"packages.rubygems.required.ruby": "Wymaga wersji Ruby",
 	"packages.rubygems.required.rubygems": "Wymaga wersji RubyGem",
-	"packages.swift.registry": "Skonfiguruj ten rejestr z wiersza poleceń:",
 	"packages.swift.install": "Dodaj ten packiet do twojego pliku <code>Package.swift</code>:",
 	"packages.swift.install2": "i wykonaj następujące polecenie:",
 	"packages.vagrant.install": "By dodać box Vagrant, wykonaj następujące polecenie:",
@@ -346,7 +325,6 @@
 	"repo.issues.filter_reviewers.hint": "Filtruj według recenzentów",
 	"repo.issues.filter_mention.hint": "Filtruj według wspomnianych użytkowników",
 	"repo.issues.filter_modified.hint": "Filtruj według daty ostatniej modyfikacji",
-	"repo.issues.filter_sort.hint": "Sortuj według: created/comments/updated/deadline",
 	"issues.updated": "ostatnia aktualizacja: %s",
 	"repo.pulls.poster_manage_approval": "Zarządzaj zatwierdzeniami",
 	"repo.pulls.poster_requires_approval": "Kilka workflowów <a href=\"%[1]s\">oczekuje na sprawdzenie.</a>",
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index 2bbd2c7aa1..e1b167a90a 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Configure este registro adicionando o URL no arquivo <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Baixe a chave RSA pública do registro para a pasta <code>/etc/apk/keys/</code> para verificar a assinatura do índice:",
 	"packages.alpine.registry.info": "Escolha o $branch e $repository da lista abaixo.",
-	"packages.alpine.install": "Para instalar o pacote, execute o seguinte comando:",
-	"packages.alpine.repository": "Informações do repositório",
 	"packages.alpine.repository.branches": "Branches",
 	"packages.alpine.repository.repositories": "Repositórios",
 	"packages.alpine.repository.architectures": "Arquiteturas",
@@ -78,7 +76,6 @@
 	"packages.arch.version.description": "Descrição",
 	"packages.arch.version.provides": "Fornece",
 	"packages.arch.version.groups": "Grupo",
-	"packages.arch.version.depends": "Depende",
 	"packages.arch.version.optdepends": "Depende opcionalmente",
 	"packages.arch.version.makedepends": "Dependências do make",
 	"packages.arch.version.checkdepends": "Verificar dependências",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Configurar este registro no arquivo de configuração de Cargo (por exemplo <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Para instalar o pacote usando Cargo, execute o seguinte comando:",
 	"packages.chef.registry": "Configure este registro em seu arquivo <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "Para instalar o pacote, execute o seguinte comando:",
 	"packages.composer.registry": "Configure este registro em seu arquivo <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "Para instalar o pacote usando o Composer, execute o seguinte comando:",
-	"packages.composer.dependencies": "Dependências",
 	"packages.composer.dependencies.development": "Dependências de desenvolvimento",
-	"packages.conan.registry": "Configure este registro pela linha de comando:",
 	"packages.conan.install": "Para instalar o pacote usando o Conan, execute o seguinte comando:",
 	"packages.conda.registry": "Configure este registro como um repositório Conda no arquivo <code>.condarc</code>:",
 	"packages.conda.install": "Para instalar o pacote usando o Conda, execute o seguinte comando:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Chave",
 	"packages.container.labels.value": "Valor",
 	"packages.cran.registry": "Configure este registro no arquivo <code>Rprofile.site</code>:",
-	"packages.cran.install": "Para instalar o pacote, execute o seguinte comando:",
-	"packages.debian.registry": "Configure este registro pela linha de comando:",
 	"packages.debian.registry.info": "Escolha uma $distribution e um $component da lista abaixo:",
-	"packages.debian.install": "Para instalar o pacote, execute o seguinte comando:",
-	"packages.debian.repository": "Informações do repositório",
 	"packages.debian.repository.distributions": "Distribuições",
 	"packages.debian.repository.components": "Componentes",
 	"packages.debian.repository.architectures": "Arquiteturas",
 	"packages.generic.download": "Baixar pacote pela linha de comando:",
 	"packages.go.install": "Instale o pacote usando o comando:",
-	"packages.helm.registry": "Configurar este registro pela linha de comando:",
-	"packages.helm.install": "Para instalar o pacote, execute o seguinte comando:",
 	"packages.maven.registry": "Configure este registro no arquivo <code>pom.xml</code> do seu projeto:",
 	"packages.maven.install": "Para usar o pacote inclua o seguinte no bloco de <code>dependencies</code> no arquivo <code>pom.xml</code>:",
 	"packages.maven.install2": "Executar via linha de comando:",
 	"packages.maven.download": "Para baixar a dependência, execute via linha de comando:",
-	"packages.nuget.registry": "Configurar este registro pela linha de comando:",
 	"packages.nuget.install": "Para instalar o pacote usando NuGet, execute o seguinte comando:",
 	"packages.nuget.dependency.framework": "Estrutura Alvo",
 	"packages.npm.registry": "Configure este registro no arquivo <code>.npmrc</code> do seu projeto:",
 	"packages.npm.install": "Para instalar o pacote usando o npm, execute o seguinte comando:",
 	"packages.npm.install2": "ou adicione-o ao arquivo package.json:",
-	"packages.npm.dependencies": "Dependências",
 	"packages.npm.dependencies.development": "Dependências de desenvolvimento",
 	"packages.npm.dependencies.bundle": "Dependências em bundle",
 	"packages.npm.dependencies.peer": "Dependências peer",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Tag",
 	"packages.pypi.requires": "Requer Python",
 	"packages.pypi.install": "Para instalar o pacote usando pip, execute o seguinte comando:",
-	"packages.rpm.registry": "Configure este registro pela linha de comando:",
 	"packages.rpm.distros.redhat": "em distribuições baseadas no RedHat",
 	"packages.rpm.distros.suse": "em distribuições baseadas no SUSE",
-	"packages.rpm.install": "Para instalar o pacote, execute o seguinte comando:",
-	"packages.rpm.repository": "Informações do repositório",
 	"packages.rpm.repository.architectures": "Arquiteturas",
 	"packages.rpm.repository.multiple_groups": "Este pacote está disponível em vários grupos.",
-	"packages.alt.registry": "Configurar este registro da linha de comando:",
-	"packages.alt.registry.install": "Para instalar o pacote, execute o seguinte comando:",
 	"packages.alt.install": "Instalar pacote",
 	"packages.alt.setup": "Adicionar um repositório à lista de repositórios conectados (escolha a arquitetura necessária em vez de \"_arch_\"):",
-	"packages.alt.repository": "Informação do repositório",
 	"packages.alt.repository.architectures": "Arquiteturas",
 	"packages.alt.repository.multiple_groups": "Este pacote está disponível em múltiplos grupos.",
 	"packages.rubygems.install": "Para instalar o pacote usando gem, execute o seguinte comando:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Dependências de desenvolvimento",
 	"packages.rubygems.required.ruby": "Requer o Ruby versão",
 	"packages.rubygems.required.rubygems": "Requer o RubyGem versão",
-	"packages.swift.registry": "Configure este registro pela linha de comando:",
 	"packages.swift.install": "Adicione o pacote em seu arquivo <code>Package.swift</code>:",
 	"packages.swift.install2": "e execute o seguinte comando:",
 	"packages.vagrant.install": "Para adicionar uma Vagrant box, execute o seguinte comando:",
@@ -482,7 +461,6 @@
 	"repo.issues.filter_reviewers.hint": "Filtrar por usuário revisor",
 	"repo.issues.filter_mention.hint": "Filtrar por usuário mencionado",
 	"repo.issues.filter_modified.hint": "Filtrar por data da última modificação",
-	"repo.issues.filter_sort.hint": "Ordenar por: criado/comentários/atualizado/prazo",
 	"search.syntax": "Sintaxe de pesquisa",
 	"admin.dashboard.transfer_lingering_logs": "Transferir registros de actions de trabalhos finalizados do banco de dados para o armazenamento",
 	"actions.workflow.persistent_incomplete_matrix": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s devido a uma expressão `needs` que era inválida. Ela pode se referir a um trabalho que não está na sua lista de 'needs' (%[2]s), ou uma saída que não existe em um desses trabalhos.",
@@ -521,5 +499,8 @@
 	"actions.workflow.incomplete_with_missing_job": "Não é possível avaliar `with` do trabalho %[1]s: o trabalho %[2]s não está na lista de `needs` do trabalho %[1]s (%[3]s).",
 	"actions.workflow.incomplete_with_missing_output": "Não é possível avaliar `with` do trabalho %[1]s: falta o resultado %[3]s no trabalho %[2]s.",
 	"actions.workflow.incomplete_with_missing_matrix_dimension": "Não é possível avaliar `with` do trabalho %[1]s: a dimensão da matriz %[2]s não existe.",
-	"actions.workflow.incomplete_with_unknown_cause": "Não é possível avaliar `with` do trabalho %[1]s: erro desconhecido."
+	"actions.workflow.incomplete_with_unknown_cause": "Não é possível avaliar `with` do trabalho %[1]s: erro desconhecido.",
+	"repo.issues.filter_sort.hint_with_placeholder": "Ordenar por: %s",
+	"issues.filters.labels.exclude": "Remover rótulo",
+	"issues.filters.labels.unexclude": "Limpar exclusão"
 }
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index 4f24bf9ccc..e0aad4484e 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -19,9 +19,9 @@
 	"notification.mark_all_as_read": "Marcar todas como lidas",
 	"notification.subscriptions": "Subscrições",
 	"notification.watching": "Vigiando",
-	"notification.no_subscriptions": "Sem subscrições",
+	"notification.no_subscriptions": "Não tem nenhuma subscrição.",
 	"dropzone.default_message": "Largue os ficheiros aqui ou clique aqui para os carregar.",
-	"dropzone.invalid_input_type": "Não pode carregar ficheiros deste tipo.",
+	"dropzone.invalid_input_type": "Ficheiros deste tipo não podem ser carregados.",
 	"dropzone.file_too_big": "O tamanho do ficheiro ({{filesize}} MB) excede o tamanho máximo de ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Remover ficheiro",
 	"munits.data.b": "B",
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Configure este registo adicionando o URL no seu ficheiro <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Descarregue a chave RSA pública do registo para dentro da pasta <code>/etc/apk/keys/</code> para verificar a assinatura do índice:",
 	"packages.alpine.registry.info": "Escolha $branch e $repository da lista abaixo.",
-	"packages.alpine.install": "Para instalar o pacote, execute o seguinte comando:",
-	"packages.alpine.repository": "Informações do repositório",
 	"packages.alpine.repository.branches": "Ramos",
 	"packages.alpine.repository.repositories": "Repositórios",
 	"packages.alpine.repository.architectures": "Arquitecturas",
@@ -78,8 +76,7 @@
 	"packages.arch.version.description": "Descrição",
 	"packages.arch.version.provides": "Fornece",
 	"packages.arch.version.groups": "Grupo",
-	"packages.arch.version.depends": "Depende de",
-	"packages.arch.version.optdepends": "Depende opcionalmente",
+	"packages.arch.version.optdepends": "Dependências opcionais",
 	"packages.arch.version.makedepends": "Dependências do make",
 	"packages.arch.version.checkdepends": "Verificar dependências",
 	"packages.arch.version.conflicts": "Conflitos",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Configurar este registo no ficheiro de configuração do Cargo (por exemplo: <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Para instalar o pacote usando o Cargo, execute o seguinte comando:",
 	"packages.chef.registry": "Configure este registo no seu ficheiro <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "Para instalar o pacote, execute o seguinte comando:",
 	"packages.composer.registry": "Configure este registo no seu ficheiro <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "Para instalar o pacote usando o Composer, execute o seguinte comando:",
-	"packages.composer.dependencies": "Dependências",
 	"packages.composer.dependencies.development": "Dependências de desenvolvimento",
-	"packages.conan.registry": "Configurar este registo usando a linha de comandos:",
 	"packages.conan.install": "Para instalar o pacote usando o Conan, execute o seguinte comando:",
 	"packages.conda.registry": "Configure este registo como um repositório Conda no seu ficheiro <code>.condarc</code>:",
 	"packages.conda.install": "Para instalar o pacote usando o Conda, execute o seguinte comando:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Chave",
 	"packages.container.labels.value": "Valor",
 	"packages.cran.registry": "Configure este registo no seu ficheiro <code>Rprofile.site</code>:",
-	"packages.cran.install": "Para instalar o pacote, execute o seguinte comando:",
-	"packages.debian.registry": "Configurar este registo usando a linha de comandos:",
 	"packages.debian.registry.info": "Escolha $distribution e $component da lista abaixo.",
-	"packages.debian.install": "Para instalar o pacote, execute o seguinte comando:",
-	"packages.debian.repository": "Informações do repositório",
 	"packages.debian.repository.distributions": "Distribuições",
 	"packages.debian.repository.components": "Componentes",
 	"packages.debian.repository.architectures": "Arquitecturas",
 	"packages.generic.download": "Descarregar pacote usando a linha de comandos:",
 	"packages.go.install": "Instale o pacote a partir da linha de comandos:",
-	"packages.helm.registry": "Configurar este registo usando a linha de comandos:",
-	"packages.helm.install": "Para instalar o pacote, execute o seguinte comando:",
 	"packages.maven.registry": "Configure este registo no seu ficheiro <code>pom.xml</code> do projecto:",
 	"packages.maven.install": "Para usar este pacote, inclua no bloco <code>dependencies</code> do ficheiro <code>pom.xml</code> o seguinte:",
 	"packages.maven.install2": "Executar usando a linha de comandos:",
 	"packages.maven.download": "Para descarregar a dependência, execute na linha de comandos:",
-	"packages.nuget.registry": "Configurar este registo usando a linha de comandos:",
 	"packages.nuget.install": "Para instalar o pacote usando NuGet, execute o seguinte comando:",
 	"packages.nuget.dependency.framework": "Estrutura alvo",
 	"packages.npm.registry": "Configure este registo no seu ficheiro <code>.npmrc</code> do projecto:",
 	"packages.npm.install": "Para instalar o pacote usando o npm, execute o seguinte comando:",
 	"packages.npm.install2": "ou adicione-o ao ficheiro <code>package.json</code>:",
-	"packages.npm.dependencies": "Dependências",
 	"packages.npm.dependencies.development": "Dependências de desenvolvimento",
 	"packages.npm.dependencies.bundle": "Dependências agrupadas",
 	"packages.npm.dependencies.peer": "Dependências de pares",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Etiqueta",
 	"packages.pypi.requires": "Requer Python",
 	"packages.pypi.install": "Para instalar o pacote usando o pip, execute o seguinte comando:",
-	"packages.rpm.registry": "Configurar este registo usando a linha de comandos:",
 	"packages.rpm.distros.redhat": "em distribuições baseadas no RedHat",
 	"packages.rpm.distros.suse": "em distribuições baseadas no SUSE",
-	"packages.rpm.install": "Para instalar o pacote, execute o seguinte comando:",
-	"packages.rpm.repository": "Informações do repositório",
 	"packages.rpm.repository.architectures": "Arquitecturas",
 	"packages.rpm.repository.multiple_groups": "Este pacote está disponível em vários grupos.",
-	"packages.alt.registry": "Configure este registo a partir da linha de comandos:",
-	"packages.alt.registry.install": "Para instalar o pacote, execute o seguinte comando:",
 	"packages.alt.install": "Instalar pacote",
 	"packages.alt.setup": "Adicionar um repositório à lista de repositórios ligados (escolha a arquitetura necessária em vez de \"_arch_\"):",
-	"packages.alt.repository": "Informação do repositório",
 	"packages.alt.repository.architectures": "Arquiteturas",
 	"packages.alt.repository.multiple_groups": "Este pacote está disponível em vários grupos.",
 	"packages.rubygems.install": "Para instalar o pacote usando o gem, execute o seguinte comando:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Dependências de desenvolvimento",
 	"packages.rubygems.required.ruby": "Requer a versão do Ruby",
 	"packages.rubygems.required.rubygems": "Requer a versão do RubyGem",
-	"packages.swift.registry": "Configurar este registo usando a linha de comandos:",
 	"packages.swift.install": "Adicione o pacote no seu ficheiro <code>Package.swift</code>:",
 	"packages.swift.install2": "e execute o seguinte comando:",
 	"packages.vagrant.install": "Para adicionar uma máquina virtual Vagrant, execute o seguinte comando:",
@@ -450,9 +429,9 @@
 	"teams.add_all_repos.modal.header": "Adicionar todos os repositórios",
 	"teams.remove_all_repos.modal.header": "Remover todos os repositórios",
 	"repo.pulls.poster_manage_approval": "Gerir aprovação",
-	"repo.pulls.poster_requires_approval": "Algumas sequências de trabalho estão <a href=\"%[1]s\">à espera de serem avaliadas.</a>",
+	"repo.pulls.poster_requires_approval": "Algumas sequências de trabalho estão <a href=\"%[1]s\">à espera de serem avaliadas</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "O autor deste pedido de integração não é confiável para executar sequências de trabalho acionados por um pedido de integração criada a partir de um repositório derivado ou com AGit. As sequências de trabalho acionadas por um evento `pull_request` não serão executadas até que sejam aprovadas.",
-	"repo.pulls.poster_is_trusted": "O autor deste pedido de integração é <a href=\"%[1]s\">sempre confiável para executar sequências de trabalho.</a>",
+	"repo.pulls.poster_is_trusted": "O autor deste pedido de integração é <a href=\"%[1]s\">sempre confiável para executar sequências de trabalho</a>.",
 	"repo.pulls.poster_is_trusted.tooltip": "O autor deste pedido de integração é explicitamente confiável para executar fluxos de trabalho acionados por eventos `pull_request`.",
 	"repo.pulls.poster_trust_deny": "Recusar",
 	"repo.pulls.poster_trust_deny.tooltip": "As sequências de trabalho que aguardam aprovação serão canceladas.",
@@ -482,7 +461,6 @@
 	"repo.issues.filter_reviewers.hint": "Filtrar por utilizador que reviu",
 	"repo.issues.filter_mention.hint": "Filtrar por utilizador mencionado",
 	"repo.issues.filter_modified.hint": "Filtrar por data da última modificação",
-	"repo.issues.filter_sort.hint": "Ordenar por: criado/comentários/atualizado/prazo",
 	"search.syntax": "Sintaxe de pesquisa",
 	"admin.dashboard.transfer_lingering_logs": "Transferir registos de operações concluídas da base de dados para o armazenamento",
 	"moderation.report.mark_as_handled": "Marcar como tratado",
@@ -534,5 +512,16 @@
 	"editor.toggle_whole_word": "Ativar/desativar correspondência de palavras inteiras",
 	"repo.view.gitmodules_too_large": "O ficheiro .gitmodules é demasiado grande e será ignorado (por exemplo, em chamadas API)",
 	"install.ssh_authorized_keys_inspection_error": "Falha ao inspecionar o ficheiro authorized_keys existente: %v",
-	"install.ssh_authorized_keys_unexpected_key": "A ativação do SSH para o Forgejo entra em conflito com o ficheiro localizado em %s que contém chaves SSH existentes. Sugestões: use um utilizador de sistema dedicado para o Forgejo ou desative o SSH."
+	"install.ssh_authorized_keys_unexpected_key": "A ativação do SSH para o Forgejo entra em conflito com o ficheiro localizado em %s que contém chaves SSH existentes. Sugestões: use um utilizador de sistema dedicado para o Forgejo ou desative o SSH.",
+	"actions.secrets.creation.name_description": "O nome de um segredo só pode conter letras, números e sublinhados. Não pode começar com FORGEJO_, GITEA_, GITHUB_ ou um número. O Forgejo irá convertê-lo automaticamente para maiúsculas.",
+	"actions.secrets.creation.value_description": "O valor de um segredo pode ser qualquer texto. Os caracteres especiais são mantidos. CRLF (quebras de linha no estilo Windows) é automaticamente convertido para LF. Codifique o valor com Base64 se as quebras de linha devem ser mantidas.",
+	"actions.variables.mutation.name_description": "O nome de uma variável só pode conter letras, números e sublinhados. Não pode ter o nome CI nem começar por FORGEJO_, GITEA_, GITHUB_ ou um número. O Forgejo irá convertê-lo automaticamente para maiúsculas.",
+	"actions.variables.mutation.value_description": "O valor de uma variável pode ser qualquer texto. Os caracteres especiais são mantidos. CRLF (quebras de linha no estilo Windows) é automaticamente convertido para LF. Codifique o valor com Base64 se as quebras de linha devem ser mantidas.",
+	"repo.issues.filter_sort.hint_with_placeholder": "Ordenar por: %s",
+	"issues.filters.labels.exclude": "Excluir rótulo",
+	"issues.filters.labels.unexclude": "Retirar exclusão",
+	"packages.common.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.common.registry": "Configure este registo a partir da linha de comandos:",
+	"packages.common.repository": "Informações sobre o repositório",
+	"actions.runs.all_runs_link": "todas as execuções"
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index eb576c5f38..92b66653ed 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -6,8 +6,8 @@
 	"gpg.error.no_gpg_keys_found": "Не найден ключ, соответствующий данной подписи",
 	"gpg.error.not_signed_commit": "Неподписанный коммит",
 	"gpg.error.failed_retrieval_gpg_keys": "Не удалось получить ни одного ключа GPG автора коммита",
-	"gpg.error.probable_bad_signature": "ВНИМАНИЕ! Хоть в базе данных есть ключ с этим идентификатором, он не заверяет этот коммит! Этот коммит ПОДОЗРИТЕЛЬНЫЙ.",
-	"gpg.error.probable_bad_default_signature": "ВНИМАНИЕ! Хоть ключ по умолчанию имеет этот идентификатор, он не заверяет этот коммит! Этот коммит ПОДОЗРИТЕЛЬНЫЙ.",
+	"gpg.error.probable_bad_signature": "ВНИМАНИЕ! Хоть в базе данных есть ключ с таким идентификатором, он не заверяет этот коммит! Этот коммит ПОДОЗРИТЕЛЬНЫЙ.",
+	"gpg.error.probable_bad_default_signature": "ВНИМАНИЕ! Хоть ключ по умолчанию имеет такой идентификатор, он не заверяет этот коммит! Этот коммит ПОДОЗРИТЕЛЬНЫЙ.",
 	"notification.notifications": "Уведомления",
 	"notification.unread": "Непросмотренные",
 	"notification.read": "Просмотренные",
@@ -18,11 +18,11 @@
 	"notification.mark_as_unread": "Пометить как непросмотренное",
 	"notification.mark_all_as_read": "Пометить все как просмотренные",
 	"notification.subscriptions": "Подписки",
-	"notification.watching": "Наблюдение",
-	"notification.no_subscriptions": "Нет подписок",
+	"notification.watching": "Наблюдаемые",
+	"notification.no_subscriptions": "Вы ни на что не подписаны.",
 	"dropzone.default_message": "Перетащите сюда файлы или нажмите для загрузки.",
-	"dropzone.invalid_input_type": "Вы не можете загружать файлы этого типа.",
-	"dropzone.file_too_big": "Размер файла ({{filesize}} МБ) больше чем максимальный размер ({{maxFilesize}} МБ).",
+	"dropzone.invalid_input_type": "Файлы этого типа не могут быть загружены.",
+	"dropzone.file_too_big": "Размер файла ({{filesize}} МБ) превышает максимальный ({{maxFilesize}} МБ).",
 	"dropzone.remove_file": "Удалить файл",
 	"munits.data.b": "Б",
 	"munits.data.kib": "КиБ",
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Настройте этот реестр, добавив URL в файл <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Загрузите публичный ключ RSA реестра в каталог <code>/etc/apk/keys/</code> для проверки подписи индекса:",
 	"packages.alpine.registry.info": "Выберите $branch и $repository из списка ниже.",
-	"packages.alpine.install": "Для установки пакета выполните следующую команду:",
-	"packages.alpine.repository": "О репозитории",
 	"packages.alpine.repository.branches": "Ветви",
 	"packages.alpine.repository.repositories": "Репозитории",
 	"packages.alpine.repository.architectures": "Архитектуры",
@@ -78,7 +76,6 @@
 	"packages.arch.version.description": "Описание",
 	"packages.arch.version.provides": "Предоставляет",
 	"packages.arch.version.groups": "Группа",
-	"packages.arch.version.depends": "Зависит на",
 	"packages.arch.version.optdepends": "Необязательные зависимости",
 	"packages.arch.version.makedepends": "Сборочные зависимости",
 	"packages.arch.version.checkdepends": "Проверочные зависимости",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Настройте этот реестр в файле конфигурации Cargo (например, <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Чтобы установить пакет с помощью Cargo, выполните следующую команду:",
 	"packages.chef.registry": "Настройте этот реестр в своём файле <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "Для установки пакета выполните следующую команду:",
 	"packages.composer.registry": "Настройте этот реестр в файле <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "Чтобы установить пакет с помощью Composer, выполните следующую команду:",
-	"packages.composer.dependencies": "Зависимости",
 	"packages.composer.dependencies.development": "Зависимости для разработки",
-	"packages.conan.registry": "Добавьте реестр командой:",
 	"packages.conan.install": "Чтобы установить пакет с помощью Conan, выполните следующую команду:",
 	"packages.conda.registry": "Пропишите этот реестр в качестве репозитория Conda в своём файле <code>.condarc</code>:",
 	"packages.conda.install": "Чтобы установить пакет с помощью Conda, выполните следующую команду:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Ключ",
 	"packages.container.labels.value": "Значение",
 	"packages.cran.registry": "Настройте этот реестр в файле <code>Rprofile.site</code>:",
-	"packages.cran.install": "Для установки пакета выполните следующую команду:",
-	"packages.debian.registry": "Добавьте реестр командой:",
 	"packages.debian.registry.info": "Выберите $distribution и $component из списка ниже.",
-	"packages.debian.install": "Для установки пакета выполните следующую команду:",
-	"packages.debian.repository": "О репозитории",
 	"packages.debian.repository.distributions": "Дистрибутивы",
 	"packages.debian.repository.components": "Компоненты",
 	"packages.debian.repository.architectures": "Архитектуры",
 	"packages.generic.download": "Скачайте пакет командой ниже:",
 	"packages.go.install": "Установите пакет командой ниже:",
-	"packages.helm.registry": "Добавьте реестр командой:",
-	"packages.helm.install": "Для установки пакета выполните следующую команду:",
 	"packages.maven.registry": "Настройте реестр в файле <code>pom.xml</code> вашего проекта:",
 	"packages.maven.install": "Чтобы использовать пакет, включите в блок <code>dependencies</code> в файле <code>pom.xml</code> следующее:",
 	"packages.maven.install2": "Запустите командой ниже:",
 	"packages.maven.download": "Чтобы скачать зависимость, выполните в командной строке:",
-	"packages.nuget.registry": "Добавьте реестр командой:",
 	"packages.nuget.install": "Чтобы установить пакет с помощью NuGet, выполните следующую команду:",
 	"packages.nuget.dependency.framework": "Целевой фреймворк",
 	"packages.npm.registry": "Настройте реестр в файле <code>.npmrc</code> вашего проекта:",
 	"packages.npm.install": "Чтобы установить пакет с помощью npm, выполните следующую команду:",
 	"packages.npm.install2": "или добавьте его в файл package.json:",
-	"packages.npm.dependencies": "Зависимости",
 	"packages.npm.dependencies.development": "Зависимости для разработки",
 	"packages.npm.dependencies.bundle": "Комплектуемые зависимости",
 	"packages.npm.dependencies.peer": "Одноранговые зависимости",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Тег",
 	"packages.pypi.requires": "Требуется Python",
 	"packages.pypi.install": "Чтобы установить пакет с помощью pip, выполните следующую команду:",
-	"packages.rpm.registry": "Добавьте реестр командой:",
 	"packages.rpm.distros.redhat": "на дистрибутивах семейства RedHat",
 	"packages.rpm.distros.suse": "на дистрибутивах семейства SUSE",
-	"packages.rpm.install": "Для установки пакета выполните следующую команду:",
-	"packages.rpm.repository": "О репозитории",
 	"packages.rpm.repository.architectures": "Архитектуры",
 	"packages.rpm.repository.multiple_groups": "Этот пакет доступен в нескольких группах.",
-	"packages.alt.registry": "Добавьте реестр командой:",
-	"packages.alt.registry.install": "Для установки пакета выполните следующую команду:",
 	"packages.alt.install": "Установка пакета",
 	"packages.alt.setup": "Добавьте репозиторий в свой список репозиториев (выберите подходящую архитектуру вместо «_arch_»):",
-	"packages.alt.repository": "О репозитории",
 	"packages.alt.repository.architectures": "Архитектуры",
 	"packages.alt.repository.multiple_groups": "Этот пакет доступен в нескольких группах.",
 	"packages.rubygems.install": "Чтобы установить пакет с помощью gem, выполните следующую команду:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Зависимости для разработки",
 	"packages.rubygems.required.ruby": "Требуется версия Ruby",
 	"packages.rubygems.required.rubygems": "Требуется версия RubyGem",
-	"packages.swift.registry": "Добавьте реестр командой:",
 	"packages.swift.install": "Добавьте пакет в свой файл <code>Package.swift</code>:",
 	"packages.swift.install2": "и выполните следующую команду:",
 	"packages.vagrant.install": "Чтобы добавить бокс Vagrant, выполните следующую команду:",
@@ -309,7 +288,7 @@
 	"moderation.report_content": "Пожаловаться",
 	"moderation.report_abuse_form.already_reported": "Вы уже пожаловались на это содержимое",
 	"moderation.submit_report": "Пожаловаться",
-	"moderation.reported_thank_you": "Спасибо за ваше сообщение. Администрация оповещена.",
+	"moderation.reported_thank_you": "Спасибо за ваше сообщение. Администрация была оповещена.",
 	"moderation.report_abuse_form.details": "Через эту форму можно жаловаться на пользователей, распространяющих спам или ведущих себя неадекватно.",
 	"moderation.report_abuse_form.invalid": "Невалидные аргументы",
 	"moderation.report_abuse_form.header": "Жалоба администрации",
@@ -368,7 +347,7 @@
 	"user.ghost.tooltip": "Пользователь удалён или неизвестен.",
 	"migrate.form.error.url_credentials": "Ссылка содержит данные авторизации. Поместите их в соответствующие поля",
 	"actions.runs.run_attempt_label": "Попытка №%[1]s (%[2]s)",
-	"actions.runs.viewing_out_of_date_run": "Это устаревший результат. Задание было выполнено %[1]s.",
+	"actions.runs.viewing_out_of_date_run": "Это устаревший результат задания, которое выполнялось %[1]s.",
 	"actions.runs.view_most_recent_run": "Перейти к актуальному",
 	"actions.runs.all_workflows": "Все рабочие потоки",
 	"actions.runs.commit": "коммит",
@@ -388,14 +367,14 @@
 	"actions.actions": "Действия",
 	"actions.runners": "Исполнители",
 	"actions.runners.runner_manage_panel": "Управление исполнителями",
-	"actions.runners.new": "Создать новый исполнитель",
-	"actions.runners.new_notice": "Как запустить исполнитель",
+	"actions.runners.new": "Добавить нового исполнителя",
+	"actions.runners.new_notice": "Как запустить исполнителя",
 	"actions.runners.status": "Состояние",
 	"actions.runners.status.unspecified": "Неизвестно",
 	"actions.runners.status.idle": "Простаивает",
-	"actions.runners.status.active": "Активный",
+	"actions.runners.status.active": "Активен",
 	"actions.runners.status.offline": "Недоступен",
-	"actions.runners.id": "ID",
+	"actions.runners.id": "ИД",
 	"actions.runners.name": "Название",
 	"actions.runners.owner_type": "Тип",
 	"actions.runners.description": "Описание",
@@ -403,24 +382,24 @@
 	"actions.runners.last_online": "Был в сети",
 	"actions.runners.runner_title": "Исполнитель",
 	"actions.runners.task_list": "Недавние задания исполнителя",
-	"actions.runners.task_list.no_tasks": "Задания пока нет.",
+	"actions.runners.task_list.no_tasks": "Заданий пока нет.",
 	"actions.runners.task_list.run": "Запуск",
 	"actions.runners.task_list.status": "Состояние",
 	"actions.runners.task_list.repository": "Репозиторий",
 	"actions.runners.task_list.commit": "Коммит",
 	"actions.runners.task_list.done_at": "Завершено",
-	"actions.runners.edit_runner": "Изменить исполнитель",
-	"actions.runners.update_runner.button": "Обновить изменения",
-	"actions.runners.update_runner.success": "Исполнитель успешно обновлён",
-	"actions.runners.update_runner.failed": "Не удалось обновить исполнитель",
-	"actions.runners.delete_runner.button": "Удалить этот исполнитель",
+	"actions.runners.edit_runner": "Изменить исполнителя",
+	"actions.runners.update_runner.button": "Сохранить изменения",
+	"actions.runners.update_runner.success": "Исполнитель успешно изменён",
+	"actions.runners.update_runner.failed": "Не удалось изменить исполнителя",
+	"actions.runners.delete_runner.button": "Удалить этого исполнителя",
 	"actions.runners.delete_runner.success": "Исполнитель успешно удалён",
-	"actions.runners.delete_runner.failed": "Не удалось удалить исполнитель",
+	"actions.runners.delete_runner.failed": "Не удалось удалить исполнителя",
 	"actions.runners.delete_runner.header": "Подтвердите удаление исполнителя",
-	"actions.runners.delete_runner.notice": "Если на этом исполнителе выполняется задание, оно будет завершено и помечено как неудачное. Это может нарушить рабочий поток при сборке.",
+	"actions.runners.delete_runner.notice": "Если на этом исполнителе выполняется задание, оно будет завершено и помечено как неудачное. Это может нарушить собирающийся раб. поток.",
 	"actions.runners.none": "Нет доступных исполнителей",
 	"actions.runners.version": "Версия",
-	"actions.runners.reset_registration_token.button": "Сброс токена регистрации",
+	"actions.runners.reset_registration_token.button": "Сбросить токен регистрации",
 	"actions.runners.reset_registration_token.success": "Токен регистрации исполнителя успешно сброшен",
 	"repo.pulls.maintainers_can_edit": "Сопровождающие могут вносить правки.",
 	"repo.pulls.maintainers_cannot_edit": "Сопровождающие не могут вносить правки.",
@@ -472,7 +451,7 @@
 	"actions.status.success": "Успех",
 	"actions.status.failure": "Неудача",
 	"actions.status.cancelled": "Отменено",
-	"actions.status.skipped": "Пропущен",
+	"actions.status.skipped": "Пропущено",
 	"actions.status.blocked": "Заблокировано",
 	"repo.pulls.poster_manage_approval": "Управление одобрением",
 	"repo.pulls.poster_trust_revoke.tooltip": "Автор запроса на слияние больше не будет доверятся для запуска раб. потоков, срабатывающих для событий `pull_request`. Каждый запуск потребует одобрения.",
@@ -482,7 +461,6 @@
 	"repo.issues.filter_reviewers.hint": "Отфильтровать по оставившему рецензию",
 	"repo.issues.filter_mention.hint": "Отфильтровать по упомянутому пользователю",
 	"repo.issues.filter_modified.hint": "Отфильтровать по дате изменения",
-	"repo.issues.filter_sort.hint": "Отсортировать по: created/comments/updated/deadline",
 	"search.syntax": "Синтаксис поиска",
 	"admin.dashboard.transfer_lingering_logs": "Перенести журналы завершённых Действий из БД в хранилище",
 	"actions.workflow.persistent_incomplete_matrix": "Не удалось проверить `strategy.matrix` задачи %[1]s – выражение `needs` некорректно. Возможно, оно ссылается на задачу, не входящую в список требуемых (%[2]s), или на интерфейс вывода, отсутствующий у какой-то из этих задач.",
@@ -538,5 +516,12 @@
 	"actions.secrets.creation.name_description": "Название секрета может содержать только буквы, цифры и нижние подчёркивания. Оно не может начинаться на FORGEJO_, GITEA_, GITHUB_, или на цифру. Оно будет сохранено в верхнем регистре.",
 	"actions.secrets.creation.value_description": "Значение секрета может содержать любой текст. Спец. символы сохраняются. Переносы строк в формате CRLF (как в Windows) будут конвертированы в LF. При необходимости сохранить переносы строк храните значение в Base64.",
 	"actions.variables.mutation.name_description": "Название переменной может содержать только буквы, цифры и нижние подчёркивания. Оно не может начинаться на FORGEJO_, GITEA_, GITHUB_, или на цифру, или быть равным «CI». Оно будет сохранено в верхнем регистре.",
-	"actions.variables.mutation.value_description": "Значение переменной может содержать любой текст. Спец. символы сохраняются. Переносы строк в формате CRLF (как в Windows) будут конвертированы в LF. При необходимости сохранить переносы строк храните значение в Base64."
+	"actions.variables.mutation.value_description": "Значение переменной может содержать любой текст. Спец. символы сохраняются. Переносы строк в формате CRLF (как в Windows) будут конвертированы в LF. При необходимости сохранить переносы строк храните значение в Base64.",
+	"issues.filters.labels.exclude": "Исключить метку",
+	"issues.filters.labels.unexclude": "Обратить исключение",
+	"packages.common.repository": "О репозитории",
+	"packages.common.install": "Чтобы установить пакет, выполните следующую команду:",
+	"packages.common.registry": "Добавьте реестр командой:",
+	"actions.runs.all_runs_link": "все запуски",
+	"repo.issues.filter_sort.hint_with_placeholder": "Сортировать по: %s"
 }
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index f18a357245..b456cb4691 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -1,25 +1,25 @@
 {
-	"gpg.default_key": "Signerad med standard nyckeln",
+	"gpg.default_key": "Signerad med standardnyckeln",
 	"gpg.error.extract_sign": "Det gick inte att extrahera signatur",
-	"gpg.error.generate_hash": "Misslyckades att generera hashsumma av commiten",
-	"gpg.error.no_committer_account": "Inget konto är kopplat till bidragsgivarens mejladress",
+	"gpg.error.generate_hash": "Misslyckades att generera en hashsumma för incheckningen",
+	"gpg.error.no_committer_account": "Inget konto är kopplat till incheckarens epostadress",
 	"gpg.error.no_gpg_keys_found": "Ingen känd nyckel hittad för denna signatur i databasen",
 	"gpg.error.not_signed_commit": "Inte en signerad incheckning",
-	"gpg.error.failed_retrieval_gpg_keys": "Det gick inte att hämta någon nyckel kopplad till bidragsgivarens konto",
+	"gpg.error.failed_retrieval_gpg_keys": "Det gick inte att hämta någon nyckel kopplad till incheckarens konto",
 	"gpg.error.probable_bad_signature": "VARNING! Även om det finns en nyckel med detta ID i databasen så verifierar det inte incheckningen! Denna incheckning är MISSTÄNKT.",
 	"gpg.error.probable_bad_default_signature": "VARNING! Även om standardnyckeln har detta ID så verifierar det inte incheckningen! Denna incheckning är MISSTÄNKT.",
 	"notification.notifications": "Notiser",
 	"notification.unread": "Olästa",
 	"notification.read": "Lästa",
-	"notification.no_unread": "Inga olästa notifikationer.",
-	"notification.no_read": "Inga lästa notifikationer.",
-	"notification.pin": "Pinna notifiering",
+	"notification.no_unread": "Inga olästa notiser.",
+	"notification.no_read": "Inga lästa notiser.",
+	"notification.pin": "Fäst notis",
 	"notification.mark_as_read": "Markera som läst",
 	"notification.mark_as_unread": "Markera som oläst",
 	"notification.mark_all_as_read": "Markera alla som lästa",
 	"notification.subscriptions": "Prenumerationer",
 	"notification.watching": "Bevakar",
-	"notification.no_subscriptions": "Inga prenumerationer",
+	"notification.no_subscriptions": "Inga prenumerationer.",
 	"dropzone.default_message": "Släpp filer här eller klicka för att ladda upp.",
 	"dropzone.invalid_input_type": "Du kan inte ladda upp filer av denna typen.",
 	"dropzone.file_too_big": "Filstorleken ({{filesize}} MB) överskrider maxstorleken ({{maxFilesize}} MB).",
@@ -64,10 +64,8 @@
 	"packages.alpine.registry": "Konfigurera detta register genom att lägga till URL:en i din <code>/etc/apk/repositories</code>-fil:",
 	"packages.alpine.registry.key": "Ladda ner registrets offentliga RSA-nyckel till <code>/etc/apk/keys/</code>-mappen för att verifiera indexsignaturen:",
 	"packages.alpine.registry.info": "Välj $gren och $kodförråd från listan nedan.",
-	"packages.alpine.install": "För att installera paketet, kör följande kommando:",
-	"packages.alpine.repository": "Kodförrådsinfo",
-	"packages.alpine.repository.branches": "Brancher",
-	"packages.alpine.repository.repositories": "Utvecklingskataloger",
+	"packages.alpine.repository.branches": "Grenar",
+	"packages.alpine.repository.repositories": "Kodförråd",
 	"packages.alpine.repository.architectures": "Arkitekturer",
 	"packages.arch.pacman.helper.gpg": "Lägg till förtroendecertifikat för pacman:",
 	"packages.arch.pacman.repo.multi": "%s har samma version i olika distributioner.",
@@ -78,7 +76,6 @@
 	"packages.arch.version.description": "Beskrivning",
 	"packages.arch.version.provides": "Tillhandahåller",
 	"packages.arch.version.groups": "Grupp",
-	"packages.arch.version.depends": "Beroenden",
 	"packages.arch.version.optdepends": "Valfria beroenden",
 	"packages.arch.version.makedepends": "Byggberoenden",
 	"packages.arch.version.checkdepends": "Kontrollberoenden",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "Konfigurera detta register i Cargo-konfigurationsfilen (till exempel <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "För att installera paketet med Cargo, kör följande kommando:",
 	"packages.chef.registry": "Konfigurera detta register i din <code>~/.chef/config.rb</code>-fil:",
-	"packages.chef.install": "För att installera paketet, kör följande kommando:",
 	"packages.composer.registry": "Konfigurera detta register i din <code>~/.composer/config.json</code>-fil:",
 	"packages.composer.install": "För att installera paketet med Composer, kör följande kommando:",
-	"packages.composer.dependencies": "Beroenden",
 	"packages.composer.dependencies.development": "Utvecklingsberoenden",
-	"packages.conan.registry": "Konfigurera detta register från kommandoraden:",
 	"packages.conan.install": "För att installera paketet med Conan, kör följande kommando:",
 	"packages.conda.registry": "Konfigurera detta register som ett Conda-kodförråd i din <code>.condarc</code>-fil:",
 	"packages.conda.install": "För att installera paketet med Conda, kör följande kommando:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Nyckel",
 	"packages.container.labels.value": "Värde",
 	"packages.cran.registry": "Konfigurera detta register i din <code>Rprofile.site</code>-fil:",
-	"packages.cran.install": "För att installera paketet, kör följande kommando:",
-	"packages.debian.registry": "Konfigurera detta register från kommandoraden:",
 	"packages.debian.registry.info": "Välj $distribution och $component från listan nedan.",
-	"packages.debian.install": "För att installera paketet, kör följande kommando:",
-	"packages.debian.repository": "Kodförrådsinfo",
 	"packages.debian.repository.distributions": "Distributioner",
 	"packages.debian.repository.components": "Komponenter",
 	"packages.debian.repository.architectures": "Arkitekturer",
 	"packages.generic.download": "Ladda ner paket från kommandoraden:",
 	"packages.go.install": "Installera paketet från kommandoraden:",
-	"packages.helm.registry": "Konfigurera detta register från kommandoraden:",
-	"packages.helm.install": "För att installera paketet, kör följande kommando:",
 	"packages.maven.registry": "Konfigurera detta register i ditt projekts <code>pom.xml</code>-fil:",
 	"packages.maven.install": "För att använda paketet, inkludera följande i <code>dependencies</code>-blocket i <code>pom.xml</code>-filen:",
 	"packages.maven.install2": "Kör via kommandoraden:",
 	"packages.maven.download": "För att ladda ner beroendet, kör via kommandoraden:",
-	"packages.nuget.registry": "Konfigurera detta register från kommandoraden:",
 	"packages.nuget.install": "För att installera paketet med NuGet, kör följande kommando:",
 	"packages.nuget.dependency.framework": "Målramverk",
 	"packages.npm.registry": "Konfigurera detta register i ditt projekts <code>.npmrc</code>-fil:",
 	"packages.npm.install": "För att installera paketet med npm, kör följande kommando:",
 	"packages.npm.install2": "eller lägg till det i package.json-filen:",
-	"packages.npm.dependencies": "Beroenden",
 	"packages.npm.dependencies.development": "Utvecklingsberoenden",
 	"packages.npm.dependencies.bundle": "Buntade beroenden",
 	"packages.npm.dependencies.peer": "Peer-beroenden",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Tagg",
 	"packages.pypi.requires": "Kräver Python",
 	"packages.pypi.install": "För att installera paketet med pip, kör följande kommando:",
-	"packages.rpm.registry": "Konfigurera detta register från kommandoraden:",
 	"packages.rpm.distros.redhat": "på RedHat-baserade distributioner",
 	"packages.rpm.distros.suse": "på SUSE-baserade distributioner",
-	"packages.rpm.install": "För att installera paketet, kör följande kommando:",
-	"packages.rpm.repository": "Kodförrådsinfo",
 	"packages.rpm.repository.architectures": "Arkitekturer",
 	"packages.rpm.repository.multiple_groups": "Detta paket är tillgängligt i flera grupper.",
-	"packages.alt.registry": "Konfigurera detta register från kommandoraden:",
-	"packages.alt.registry.install": "För att installera paketet, kör följande kommando:",
 	"packages.alt.install": "Installera paket",
 	"packages.alt.setup": "Lägg till ett kodförråd i listan över anslutna kodförråd (välj nödvändig arkitektur istället för \"_arch_\"):",
-	"packages.alt.repository": "Kodförrådsinfo",
 	"packages.alt.repository.architectures": "Arkitekturer",
 	"packages.alt.repository.multiple_groups": "Detta paket är tillgängligt i flera grupper.",
 	"packages.rubygems.install": "För att installera paketet med gem, kör följande kommando:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Utvecklingsberoenden",
 	"packages.rubygems.required.ruby": "Kräver Ruby-version",
 	"packages.rubygems.required.rubygems": "Kräver RubyGem-version",
-	"packages.swift.registry": "Konfigurera detta register från kommandoraden:",
 	"packages.swift.install": "Lägg till paketet i din <code>Package.swift</code>-fil:",
 	"packages.swift.install2": "och kör följande kommando:",
 	"packages.vagrant.install": "För att lägga till en Vagrant-box, kör följande kommando:",
@@ -386,7 +365,7 @@
 	"actions.runners.task_list.no_tasks": "Det finns ingen uppgift ännu.",
 	"actions.runners.task_list.run": "Kör",
 	"actions.runners.task_list.status": "Status",
-	"actions.runners.task_list.repository": "Utvecklingskatalog",
+	"actions.runners.task_list.repository": "Kodförråd",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Klar",
 	"actions.runners.edit_runner": "Redigera körare",
@@ -444,8 +423,8 @@
 	"teams.remove_all_repos.modal.header": "Ta bort alla arkiv",
 	"admin.auths.oauth2_quota_group_map_removal": "Ta bort användare från synkroniserade kvotgrupper om användaren inte tillhör motsvarande grupp.",
 	"issues.updated": "uppdaterade %s",
-	"repo.pulls.poster_requires_approval": "Några arbetsflöden <a href=\"%[1]s\">väntar på att bli undersökta.</a>",
-	"repo.pulls.poster_is_trusted": "Författaren till denna ändringsbegäran är <a href=\"%[1]s\">alltid godkänd för att köra arbetsflöden.</a>",
+	"repo.pulls.poster_requires_approval": "Några arbetsflöden <a href=\"%[1]s\">väntar på att bli undersökta.</a>.",
+	"repo.pulls.poster_is_trusted": "Författaren till denna ändringsbegäran är <a href=\"%[1]s\">alltid godkänd för att köra arbetsflöden.</a>.",
 	"repo.pulls.poster_is_trusted.tooltip": "Författaren till denna ändringsbegäran är specifikt godkänd för att köra arbetsflöden som utlöses av `pull_request`-händelser.",
 	"search.fuzzy_tooltip": "Inkludera resultat som ungefärligt matchar söktermen",
 	"search.fuzzy": "Ungefärlig",
@@ -457,7 +436,6 @@
 		"one": "%s följare",
 		"other": "%s följare"
 	},
-	"repo.issues.filter_sort.hint": "Sortera utifrån: skapad/kommentarer/uppdaterad/slutdatum",
 	"repo.pulls.poster_trust_once.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer att köra för denna incheckning men kommer att behöva godkännas för alla framtida incheckningar uppskickade till denna ändringsbegäran.",
 	"repo.pulls.poster_trust_always.tooltip": "Arbetsflöden som utlöses av en `pull_request`-begäran kommer köra för denna incheckning och kommer inte att behöva godkännas för den här eller framtida ändringsbegäran från samma användare.",
 	"repo.pulls.poster_trust_revoke.tooltip": "Författaren av denna ändringsbegäran kommer inte längre vara godkänd för att köra arbetsflöden som utlösts av en `pull_request`-begäran, varje körning måste godkännas manuellt.",
@@ -523,5 +501,12 @@
 	"editor.replace_all": "Ersätta alla",
 	"editor.toggle_case": "Växla skiftlägeskänslighet",
 	"editor.toggle_regex": "Använd reguljära uttryck",
-	"editor.toggle_whole_word": "Matcha hela ord"
+	"editor.toggle_whole_word": "Matcha hela ord",
+	"repo.issues.filter_sort.hint_with_placeholder": "Sortera efter: %s",
+	"issues.filters.labels.exclude": "Uteslut etikett",
+	"issues.filters.labels.unexclude": "Ta bort uteslutning",
+	"packages.common.install": "För att installera paketet, kör följande kommando:",
+	"packages.common.registry": "Konfigurera upp registret från kommandoraden:",
+	"packages.common.repository": "Kodförrådsinfo",
+	"actions.runs.all_runs_link": "alla körningar"
 }
diff --git a/options/locale_next/locale_ta.json b/options/locale_next/locale_ta.json
index 2d7adc48f6..242fcde9d5 100644
--- a/options/locale_next/locale_ta.json
+++ b/options/locale_next/locale_ta.json
@@ -19,9 +19,9 @@
 	"notification.mark_all_as_read": "அனைத்தையும் படித்ததாகக் குறிக்கவும்",
 	"notification.subscriptions": "சந்தாக்கள்",
 	"notification.watching": "பார்க்கிறேன்",
-	"notification.no_subscriptions": "சந்தாக்கள் இல்லை",
+	"notification.no_subscriptions": "உங்களிடம் சந்தாக்கள் எதுவும் இல்லை.",
 	"dropzone.default_message": "கோப்புகளை கைவிடவும் அல்லது பதிவேற்ற இங்கே சொடுக்கு செய்யவும்.",
-	"dropzone.invalid_input_type": "இந்த வகை கோப்புகளை நீங்கள் பதிவேற்ற முடியாது.",
+	"dropzone.invalid_input_type": "இந்த வகை கோப்புகளைப் பதிவேற்ற முடியாது.",
 	"dropzone.file_too_big": "கோப்பு அளவு ({{filesize}} MB) அதிகபட்ச அளவு ({{maxFilesize}} MB) ஐ விட அதிகமாக உள்ளது.",
 	"dropzone.remove_file": "கோப்பை அகற்று",
 	"munits.data.b": "பி",
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "உங்கள் <code>/etc/apk/repositories</code> கோப்பில் urlஐச் சேர்ப்பதன் மூலம் இந்தப் பதிவேட்டை அமைக்கவும்:",
 	"packages.alpine.registry.key": "குறியீட்டு கையொப்பத்தைச் சரிபார்க்க, <code>/etc/apk/keys/</code> கோப்புறையில் பொது RSA விசையைப் பதிவிறக்கவும்:",
 	"packages.alpine.registry.info": "கீழே உள்ள பட்டியலில் இருந்து $கிளை மற்றும் $ களஞ்சியத்தைத் தேர்ந்தெடுக்கவும்.",
-	"packages.alpine.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
-	"packages.alpine.repository": "களஞ்சிய செய்தி",
 	"packages.alpine.repository.branches": "கிளைகள்",
 	"packages.alpine.repository.repositories": "களஞ்சியங்கள்",
 	"packages.alpine.repository.architectures": "கட்டமைப்புகள்",
@@ -78,22 +76,18 @@
 	"packages.arch.version.description": "விவரம்",
 	"packages.arch.version.provides": "வழங்குகிறது",
 	"packages.arch.version.groups": "குழு",
-	"packages.arch.version.depends": "சார்ந்துள்ளது",
-	"packages.arch.version.optdepends": "விருப்பம் சார்ந்தது",
-	"packages.arch.version.makedepends": "செய்வது சார்ந்தது",
-	"packages.arch.version.checkdepends": "காசோலை சார்ந்தது",
+	"packages.arch.version.optdepends": "விருப்ப சார்புகள்",
+	"packages.arch.version.makedepends": "செய்வது சார்புகள்",
+	"packages.arch.version.checkdepends": "சரிபார்ப்பு சார்புகள்",
 	"packages.arch.version.conflicts": "மோதல்கள்",
 	"packages.arch.version.replaces": "மாற்றுகிறது",
 	"packages.arch.version.backup": "காப்புப்பிரதி",
 	"packages.cargo.registry": "சரக்கு உள்ளமைவு கோப்பில் இந்தப் பதிவேட்டை அமைக்கவும் (உதாரணமாக <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "கார்கோவைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
 	"packages.chef.registry": "இந்தப் பதிவேட்டை உங்கள் <code>~/.chef/config.rb</code> கோப்பில் அமைக்கவும்:",
-	"packages.chef.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
 	"packages.composer.registry": "இந்தப் பதிவேட்டை உங்கள் <code>~/.composer/config.json</code> கோப்பில் அமைக்கவும்:",
 	"packages.composer.install": "கம்போசரைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
-	"packages.composer.dependencies": "சார்புநிலைகள்",
 	"packages.composer.dependencies.development": "வளர்ச்சி சார்புகள்",
-	"packages.conan.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
 	"packages.conan.install": "கோனனைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
 	"packages.conda.registry": "இந்த பதிவேட்டை உங்கள் <code>.condarc</code> கோப்பில் கோண்டா களஞ்சியமாக அமைக்கவும்:",
 	"packages.conda.install": "கோண்டாவைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "முக்கிய",
 	"packages.container.labels.value": "மதிப்பு",
 	"packages.cran.registry": "இந்த பதிவேட்டை உங்கள் <code>Rprofile.site</code> கோப்பில் அமைக்கவும்:",
-	"packages.cran.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
-	"packages.debian.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
 	"packages.debian.registry.info": "கீழே உள்ள பட்டியலில் இருந்து $distribution மற்றும் $component என்பதைத் தேர்ந்தெடுக்கவும்.",
-	"packages.debian.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
-	"packages.debian.repository": "களஞ்சிய செய்தி",
 	"packages.debian.repository.distributions": "விநியோகங்கள்",
 	"packages.debian.repository.components": "கூறுகள்",
 	"packages.debian.repository.architectures": "கட்டமைப்புகள்",
 	"packages.generic.download": "கட்டளை வரியிலிருந்து தொகுப்பைப் பதிவிறக்கவும்:",
 	"packages.go.install": "கட்டளை வரியிலிருந்து தொகுப்பை நிறுவவும்:",
-	"packages.helm.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
-	"packages.helm.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
 	"packages.maven.registry": "இந்தப் பதிவேட்டை உங்கள் திட்டப்பணி <code>pom.xml</code> கோப்பில் அமைக்கவும்:",
 	"packages.maven.install": "தொகுப்பைப் பயன்படுத்த, <code>pom.xml</code> கோப்பில் உள்ள <code>சார்புகள்</code> தொகுதியில் பின்வருவனவற்றைச் சேர்க்கவும்:",
 	"packages.maven.install2": "கட்டளை வரி வழியாக இயக்கவும்:",
 	"packages.maven.download": "சார்புநிலையைப் பதிவிறக்க, கட்டளை வரி வழியாக இயக்கவும்:",
-	"packages.nuget.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
 	"packages.nuget.install": "NuGet ஐப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
 	"packages.nuget.dependency.framework": "இலக்கு கட்டமைப்பு",
 	"packages.npm.registry": "இந்தப் பதிவேட்டை உங்கள் திட்டப்பணி <code>.npmrc</code> கோப்பில் அமைக்கவும்:",
 	"packages.npm.install": "npm ஐப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
 	"packages.npm.install2": "அல்லது pack.json கோப்பில் சேர்க்கவும்:",
-	"packages.npm.dependencies": "சார்புநிலைகள்",
 	"packages.npm.dependencies.development": "வளர்ச்சி சார்புகள்",
 	"packages.npm.dependencies.bundle": "தொகுக்கப்பட்ட சார்புகள்",
 	"packages.npm.dependencies.peer": "தம சார்புகள்",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "குறிச்சொல்",
 	"packages.pypi.requires": "பைதான் தேவை",
 	"packages.pypi.install": "பிப்பைப் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
-	"packages.rpm.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
 	"packages.rpm.distros.redhat": "RedHat அடிப்படையிலான விநியோகங்களில்",
 	"packages.rpm.distros.suse": "SUSE அடிப்படையிலான விநியோகங்களில்",
-	"packages.rpm.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
-	"packages.rpm.repository": "களஞ்சிய செய்தி",
 	"packages.rpm.repository.architectures": "கட்டமைப்புகள்",
 	"packages.rpm.repository.multiple_groups": "இந்த தொகுப்பு பல குழுக்களில் கிடைக்கிறது.",
-	"packages.alt.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
-	"packages.alt.registry.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
 	"packages.alt.install": "தொகுப்பை நிறுவவும்",
 	"packages.alt.setup": "இணைக்கப்பட்ட களஞ்சியங்களின் பட்டியலில் ஒரு களஞ்சியத்தைச் சேர்க்கவும் (\"_arch_\"க்குப் பதிலாக தேவையான கட்டமைப்பைத் தேர்வு செய்யவும்):",
-	"packages.alt.repository": "களஞ்சிய செய்தி",
 	"packages.alt.repository.architectures": "கட்டமைப்புகள்",
 	"packages.alt.repository.multiple_groups": "இந்த தொகுப்பு பல குழுக்களில் கிடைக்கிறது.",
 	"packages.rubygems.install": "செம் பயன்படுத்தி தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கவும்:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "வளர்ச்சி சார்புகள்",
 	"packages.rubygems.required.ruby": "ரூபி பதிப்பு தேவை",
 	"packages.rubygems.required.rubygems": "ரூபிசெம் பதிப்பு தேவை",
-	"packages.swift.registry": "கட்டளை வரியிலிருந்து இந்த பதிவேட்டை அமைக்கவும்:",
 	"packages.swift.install": "உங்கள் <code>Package.swift</code> கோப்பில் தொகுப்பைச் சேர்க்கவும்:",
 	"packages.swift.install2": "மற்றும் பின்வரும் கட்டளையை இயக்கவும்:",
 	"packages.vagrant.install": "அலைபாயும் பெட்டியைச் சேர்க்க, பின்வரும் கட்டளையை இயக்கவும்:",
@@ -405,16 +384,16 @@
 	"actions.runners.last_online": "கடைசி நிகழ்நிலை நேரம்",
 	"actions.runners.runner_title": "ஓடுபவர்",
 	"actions.runners.task_list": "இந்த ரன்னரின் அண்மைக் கால பணிகள்",
-	"actions.runners.task_list.no_tasks": "இதுவரை எந்த பணியும் இல்லை.",
+	"actions.runners.task_list.no_tasks": "இன்னும் பணிகள் எதுவும் இல்லை.",
 	"actions.runners.task_list.run": "ஓடு",
 	"actions.runners.task_list.status": "நிலை",
 	"actions.runners.task_list.repository": "களஞ்சியம்",
 	"actions.runners.task_list.commit": "உறுதி",
 	"actions.runners.task_list.done_at": "மணிக்கு முடிந்தது",
-	"actions.runners.edit_runner": "திருத்து ரன்னர்",
-	"actions.runners.update_runner.button": "மாற்றங்களைப் புதுப்பிக்கவும்",
-	"actions.runners.update_runner.success": "ரன்னர் வெற்றிகரமாக புதுப்பிக்கப்பட்டது",
-	"actions.runners.update_runner.failed": "ரன்னரைப் புதுப்பிக்க முடியவில்லை",
+	"actions.runners.edit_runner": "திருத்து இயக்கி",
+	"actions.runners.update_runner.button": "மாற்றங்களைச் சேமி",
+	"actions.runners.update_runner.success": "இயக்கி வெற்றிகரமாகத் திருத்தப்பட்டது",
+	"actions.runners.update_runner.failed": "இயக்கியைத் திருத்த முடியவில்லை",
 	"actions.runners.delete_runner.button": "இந்த ரன்னரை நீக்கு",
 	"actions.runners.delete_runner.success": "ரன்னர் வெற்றிகரமாக நீக்கப்பட்டது",
 	"actions.runners.delete_runner.failed": "ரன்னரை நீக்க முடியவில்லை",
@@ -440,11 +419,10 @@
 	"repo.issues.filter_reviewers.hint": "மதிப்பாய்வு செய்த பயனரின்படி வடிகட்டவும்",
 	"repo.issues.filter_mention.hint": "குறிப்பிடப்பட்ட பயனரின்படி வடிகட்டவும்",
 	"repo.issues.filter_modified.hint": "கடைசியாக மாற்றியமைக்கப்பட்ட தேதியின்படி வடிகட்டவும்",
-	"repo.issues.filter_sort.hint": "வரிசைப்படுத்து: உருவாக்கப்பட்டது/கருத்துகள்/புதுப்பிக்கப்பட்டது/காலக்கெடு",
 	"repo.pulls.poster_manage_approval": "ஒப்புதலை நிர்வகிக்கவும்",
-	"repo.pulls.poster_requires_approval": "சில பணிப்பாய்வுகள் <a href=\"%[1]s\">மதிப்பாய்வுக்காக காத்திருக்கின்றன.</a>",
+	"repo.pulls.poster_requires_approval": "சில பணிப்பாய்வுகள் <a href=\"%[1]s\">மதிப்பாய்வுக்காகக் காத்திருக்கின்றன</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர், ஃபோர்க் செய்யப்பட்ட களஞ்சியத்திலிருந்து அல்லது AGit மூலம் உருவாக்கப்பட்ட இழுத்தல் கோரிக்கையால் தூண்டப்பட்ட பணிப்பாய்வுகளை இயக்க நம்பவில்லை. `புல்_ரிக்வெச்ட்` நிகழ்வால் தூண்டப்படும் பணிப்பாய்வுகள் அங்கீகரிக்கப்படும் வரை இயங்காது.",
-	"repo.pulls.poster_is_trusted": "இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர் <a href=\"%[1]s\">எப்பொழுதும் பணிப்பாய்வுகளை இயக்க நம்பகமானவர்.</a>",
+	"repo.pulls.poster_is_trusted": "இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர் <a href=\"%[1]s\">எப்பொழுதும் பணிப்பாய்வுகளை இயக்க நம்பகமானவர்</a>.",
 	"repo.pulls.poster_is_trusted.tooltip": "இந்த இழுத்தல் கோரிக்கையின் ஆசிரியர், `புல்_ரிக்வெச்ட்` நிகழ்வுகளால் தூண்டப்பட்ட பணிப்பாய்வுகளை இயக்க வெளிப்படையாக நம்புகிறார்.",
 	"repo.pulls.poster_trust_deny": "மறுக்கவும்",
 	"repo.pulls.poster_trust_deny.tooltip": "காத்திருப்பு பணிப்பாய்வு இசைவு ரத்து செய்யப்படும்.",
@@ -519,5 +497,16 @@
 	"editor.replace_all": "அனைத்தையும் மாற்றவும்",
 	"editor.toggle_case": "கேச் உணர்திறனை நிலைமாற்று",
 	"editor.toggle_regex": "வழக்கமான வெளிப்பாடுகளைப் பயன்படுத்தி மாறவும்",
-	"editor.toggle_whole_word": "முழு வார்த்தைகளையும் பொருத்த நிலைமாற்று"
+	"editor.toggle_whole_word": "முழு வார்த்தைகளையும் பொருத்த நிலைமாற்று",
+	"repo.issues.filter_sort.hint_with_placeholder": "இதன்படி வரிசைப்படுத்து: %s",
+	"issues.filters.labels.exclude": "சிட்டையை விலக்கு",
+	"issues.filters.labels.unexclude": "விலக்கு துடை",
+	"packages.common.install": "தொகுப்பை நிறுவ, பின்வரும் கட்டளையை இயக்கு:",
+	"packages.common.registry": "கட்டளை வரியிலிருந்து இந்தப் பதிவேட்டை அமை:",
+	"packages.common.repository": "களஞ்சிய தகவல்",
+	"actions.runs.all_runs_link": "அனைத்து ஓட்டங்கள்",
+	"actions.secrets.creation.name_description": "ஒரு மறைபொருளின் பெயரில் எழுத்துக்கள், எண்கள் மற்றும் அடிக்கோடுகள் மட்டுமே இருக்க முடியும். இது FORGEJO_, GITEA_, GITHUB_ அல்லது எண்ணுடன் தொடங்க முடியாது. Forgejo அதைத் தானாகப் பெரிய எழுத்துக்கு மாற்றும்.",
+	"actions.secrets.creation.value_description": "ஒரு மறைபொருளின் மதிப்பு எந்த உரையாகவும் இருக்கலாம். சிறப்பு எழுத்துக்கள் தக்கவைக்கப்படுகின்றன. CRLF (Windows-style line breaks) தானாகவே LF ஆக மாற்றப்படும். வரி முறிவுகள் தக்கவைக்கப்பட வேண்டுமானால், மதிப்பை Base64 உடன் குறியிடவும்.",
+	"actions.variables.mutation.name_description": "ஒரு மாறியின் பெயரில் எழுத்துக்கள், எண்கள் மற்றும் அடிக்கோடிட்டுகள் மட்டுமே இருக்க முடியும். இதற்கு CI என்று பெயரிட முடியாது அல்லது FORGEJO_, GITEA_, GITHUB_ அல்லது எண்ணில் தொடங்க முடியாது. Forgejo அதைத் தானாகப் பெரிய எழுத்துக்கு மாற்றும்.",
+	"actions.variables.mutation.value_description": "ஒரு மாறியின் மதிப்பு எந்த உரையாகவும் இருக்கலாம். சிறப்பு எழுத்துக்கள் தக்கவைக்கப்படுகின்றன. CRLF (Windows-style line breaks) தானாகவே LF ஆக மாற்றப்படும். வரி முறிவுகள் தக்கவைக்கப்பட வேண்டுமானால், மதிப்பை Base64 உடன் குறியிடவும்."
 }
diff --git a/options/locale_next/locale_th.json b/options/locale_next/locale_th.json
index c6896c6af8..741c24594e 100644
--- a/options/locale_next/locale_th.json
+++ b/options/locale_next/locale_th.json
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "ตั้งค่ารีจิสทรีนี้โดยเพิ่ม url ในไฟล์ <code>/etc/apk/repositories</code> ของคุณ:",
 	"packages.alpine.registry.key": "ดาวน์โหลดคีย์ RSA สาธารณะของรีจิสทรีลงในโฟลเดอร์ <code>/etc/apk/keys/</code> เพื่อตรวจสอบลายเซ็นดัชนี:",
 	"packages.alpine.registry.info": "เลือก $branch และ $repository จากรายการด้านล่าง",
-	"packages.alpine.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
-	"packages.alpine.repository": "ข้อมูลที่เก็บ",
 	"packages.alpine.repository.branches": "สาขา",
 	"packages.alpine.repository.repositories": "ที่เก็บ",
 	"packages.alpine.repository.architectures": "สถาปัตยกรรม",
@@ -78,7 +76,6 @@
 	"packages.arch.version.description": "คำอธิบาย",
 	"packages.arch.version.provides": "ให้",
 	"packages.arch.version.groups": "กลุ่ม",
-	"packages.arch.version.depends": "ขึ้นอยู่กับ",
 	"packages.arch.version.optdepends": "การพึ่งพาเพิ่มเติม",
 	"packages.arch.version.makedepends": "การพึ่งพาการสร้าง",
 	"packages.arch.version.checkdepends": "การพึ่งพาการตรวจสอบ",
@@ -88,12 +85,9 @@
 	"packages.cargo.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์การกำหนดค่า Cargo (เช่น <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ Cargo ให้เรียกใช้คำสั่งต่อไปนี้:",
 	"packages.chef.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>~/.chef/config.rb</code> ของคุณ:",
-	"packages.chef.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
 	"packages.composer.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>~/.composer/config.json</code> ของคุณ:",
 	"packages.composer.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ Composer ให้เรียกใช้คำสั่งต่อไปนี้:",
-	"packages.composer.dependencies": "การพึ่งพา",
 	"packages.composer.dependencies.development": "การพึ่งพาการพัฒนา",
-	"packages.conan.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
 	"packages.conan.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ Conan ให้เรียกใช้คำสั่งต่อไปนี้:",
 	"packages.conda.registry": "ตั้งค่ารีจิสทรีนี้เป็นที่เก็บ Conda ในไฟล์ <code>.condarc</code> ของคุณ:",
 	"packages.conda.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ Conda ให้เรียกใช้คำสั่งต่อไปนี้:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "คีย์",
 	"packages.container.labels.value": "ค่า",
 	"packages.cran.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>Rprofile.site</code> ของคุณ:",
-	"packages.cran.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
-	"packages.debian.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
 	"packages.debian.registry.info": "เลือก $distribution และ $component จากรายการด้านล่าง",
-	"packages.debian.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
-	"packages.debian.repository": "ข้อมูลที่เก็บ",
 	"packages.debian.repository.distributions": "การแจกจ่าย",
 	"packages.debian.repository.components": "ส่วนประกอบ",
 	"packages.debian.repository.architectures": "สถาปัตยกรรม",
 	"packages.generic.download": "ดาวน์โหลดแพ็คเกจจากบรรทัดคำสั่ง:",
 	"packages.go.install": "ติดตั้งแพ็คเกจจากบรรทัดคำสั่ง:",
-	"packages.helm.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
-	"packages.helm.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
 	"packages.maven.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>pom.xml</code> ของโปรเจกต์ของคุณ:",
 	"packages.maven.install": "หากต้องการใช้แพ็คเกจ ให้รวมสิ่งต่อไปนี้ในบล็อก <code>dependencies</code> ในไฟล์ <code>pom.xml</code>:",
 	"packages.maven.install2": "เรียกใช้ผ่านบรรทัดคำสั่ง:",
 	"packages.maven.download": "หากต้องการดาวน์โหลดการพึ่งพา ให้เรียกใช้ผ่านบรรทัดคำสั่ง:",
-	"packages.nuget.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
 	"packages.nuget.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ NuGet ให้เรียกใช้คำสั่งต่อไปนี้:",
 	"packages.nuget.dependency.framework": "เฟรมเวิร์กเป้าหมาย",
 	"packages.npm.registry": "ตั้งค่ารีจิสทรีนี้ในไฟล์ <code>.npmrc</code> ของโปรเจกต์ของคุณ:",
 	"packages.npm.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ npm ให้เรียกใช้คำสั่งต่อไปนี้:",
 	"packages.npm.install2": "หรือเพิ่มลงในไฟล์ package.json:",
-	"packages.npm.dependencies": "การพึ่งพา",
 	"packages.npm.dependencies.development": "การพึ่งพาการพัฒนา",
 	"packages.npm.dependencies.bundle": "การพึ่งพาที่รวมอยู่",
 	"packages.npm.dependencies.peer": "การพึ่งพาแบบเพียร์",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "แท็ก",
 	"packages.pypi.requires": "ต้องใช้ Python",
 	"packages.pypi.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ pip ให้เรียกใช้คำสั่งต่อไปนี้:",
-	"packages.rpm.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
 	"packages.rpm.distros.redhat": "บนการแจกจ่ายที่ใช้ RedHat",
 	"packages.rpm.distros.suse": "บนการแจกจ่ายที่ใช้ SUSE",
-	"packages.rpm.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
-	"packages.rpm.repository": "ข้อมูลที่เก็บ",
 	"packages.rpm.repository.architectures": "สถาปัตยกรรม",
 	"packages.rpm.repository.multiple_groups": "แพ็คเกจนี้มีอยู่ในหลายกลุ่ม",
-	"packages.alt.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
-	"packages.alt.registry.install": "หากต้องการติดตั้งแพ็คเกจ ให้เรียกใช้คำสั่งต่อไปนี้:",
 	"packages.alt.install": "ติดตั้งแพ็คเกจ",
 	"packages.alt.setup": "เพิ่มที่เก็บไปยังรายการที่เก็บที่เชื่อมต่อ ((เลือกสถาปัตยกรรมที่จำเป็นแทน \"_arch_\")",
-	"packages.alt.repository": "ข้อมูลที่เก็บ",
 	"packages.alt.repository.architectures": "สถาปัตยกรรม",
 	"packages.alt.repository.multiple_groups": "แพ็คเกจนี้มีอยู่ในหลายกลุ่ม",
 	"packages.rubygems.install": "หากต้องการติดตั้งแพ็คเกจโดยใช้ gem ให้เรียกใช้คำสั่งต่อไปนี้:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "การพึ่งพาการพัฒนา",
 	"packages.rubygems.required.ruby": "ต้องการ Ruby เวอร์ชัน",
 	"packages.rubygems.required.rubygems": "ต้องการ RubyGem เวอร์ชัน",
-	"packages.swift.registry": "ตั้งค่ารีจิสทรีนี้จากบรรทัดคำสั่ง:",
 	"packages.swift.install": "เพิ่มแพ็คเกจในไฟล์ <code>Package.swift</code> ของคุณ:",
 	"packages.swift.install2": "และเรียกใช้คำสั่งต่อไปนี้:",
 	"packages.vagrant.install": "หากต้องการเพิ่ม Vagrant box ให้เรียกใช้คำสั่งต่อไปนี้:",
diff --git a/options/locale_next/locale_tr-TR.json b/options/locale_next/locale_tr-TR.json
index b291b41c76..de2af238cb 100644
--- a/options/locale_next/locale_tr-TR.json
+++ b/options/locale_next/locale_tr-TR.json
@@ -63,20 +63,15 @@
 	"packages.alpine.registry": "Bu kütüğü, <code>/etc/apk/repositories</code> dosyanıza url'yi ekleyerek kurun:",
 	"packages.alpine.registry.key": "Kütüğün açık RSA anahtarını, indeks imzasını doğrulamak için <code>/etc/apk/keys/</code> dizinine indirin:",
 	"packages.alpine.registry.info": "Aşağıdaki listeden $branch ve $repository seçin.",
-	"packages.alpine.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
-	"packages.alpine.repository": "Depo Bilgisi",
 	"packages.alpine.repository.branches": "Dallar",
 	"packages.alpine.repository.repositories": "Depolar",
 	"packages.alpine.repository.architectures": "Mimariler",
 	"packages.cargo.registry": "Bu kütüğü Cargo yapılandırma dosyasına (örneğin <code>~/.cargo/config.toml</code>) ayarlayın:",
 	"packages.cargo.install": "Paketi Cargo kullanarak kurmak için, şu komutu çalıştırın:",
 	"packages.chef.registry": "Bu kütüğü <code>~/.chef/config.rb</code> dosyasında ayarlayın:",
-	"packages.chef.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
 	"packages.composer.registry": "Bu kütüğü <code>~/.composer/config.json</code> dosyasında ayarlayın:",
 	"packages.composer.install": "Paketi Composer ile kurmak için, şu komutu çalıştırın:",
-	"packages.composer.dependencies": "Bağımlılıklar",
 	"packages.composer.dependencies.development": "Geliştirme Bağımlılıkları",
-	"packages.conan.registry": "Bu kütüğü komut satırını kullanarak kurun:",
 	"packages.conan.install": "Conan ile paket kurmak için aşağıdaki komutu çalıştırın:",
 	"packages.conda.registry": "Bu kütüğü <code>.condarc</code> dosyasında bir Conda deposu olarak ayarlayın:",
 	"packages.conda.install": "Conda ile paket kurmak için aşağıdaki komutu çalıştırın:",
@@ -90,29 +85,21 @@
 	"packages.container.labels.key": "Anahtar",
 	"packages.container.labels.value": "Değer",
 	"packages.cran.registry": "Bu kütüğü <code>Rprofile.site</code> dosyasında ayarlayın:",
-	"packages.cran.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
-	"packages.debian.registry": "Bu kütüğü komut satırını kullanarak kurun:",
 	"packages.debian.registry.info": "Aşağıdaki listeden $distribution ve $component seçin.",
-	"packages.debian.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
-	"packages.debian.repository": "Depo Bilgisi",
 	"packages.debian.repository.distributions": "Dağıtımlar",
 	"packages.debian.repository.components": "Bileşenler",
 	"packages.debian.repository.architectures": "Mimariler",
 	"packages.generic.download": "Paketi komut satırında indirin:",
 	"packages.go.install": "Paketi komut satırını kullanarak yükleyin:",
-	"packages.helm.registry": "Bu kütüğü komut satırını kullanarak kurun:",
-	"packages.helm.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
 	"packages.maven.registry": "Bu kütüğü projenizdeki <code>pom.xml</code> dosyasında ayarlayın:",
 	"packages.maven.install": "Paketi kullanmak için aşağıdaki <code>dependencies</code> parçasını <code>pom.xml</code> dosyasınıza ekleyin:",
 	"packages.maven.install2": "Komut satırında çalıştırın:",
 	"packages.maven.download": "Bağımlılığı indirmek için, komut satırında çalıştırın:",
-	"packages.nuget.registry": "Bu kütüğü komut satırını kullanarak kurun:",
 	"packages.nuget.install": "Paketi NuGet ile kurmak için, şu komutu çalıştırın:",
 	"packages.nuget.dependency.framework": "Hedef Çerçeve",
 	"packages.npm.registry": "Bu kütüğü projenizdeki <code>.npmrc</code> dosyasında ayarlayın:",
 	"packages.npm.install": "Paketi npm ile kurmak için, şu komutu çalıştırın:",
 	"packages.npm.install2": "veya paketi package.json dosyasına ekleyin:",
-	"packages.npm.dependencies": "Bağımlılıklar",
 	"packages.npm.dependencies.development": "Geliştirme Bağımlılıkları",
 	"packages.npm.dependencies.bundle": "Paketlenmiş Bağımlılıklar",
 	"packages.npm.dependencies.peer": "Eş Bağımlılıkları",
@@ -120,11 +107,8 @@
 	"packages.npm.details.tag": "Etiket",
 	"packages.pypi.requires": "Gereken Python",
 	"packages.pypi.install": "Paketi pip ile kurmak için, şu komutu çalıştırın:",
-	"packages.rpm.registry": "Bu kütüğü komut satırını kullanarak kurun:",
 	"packages.rpm.distros.redhat": "RedHat tabanlı dağıtımlarda",
 	"packages.rpm.distros.suse": "SUSE tabanlı dağıtımlarda",
-	"packages.rpm.install": "Paketi kurmak için, aşağıdaki komutu çalıştırın:",
-	"packages.rpm.repository": "Depo Bilgisi",
 	"packages.rpm.repository.architectures": "Mimariler",
 	"packages.rpm.repository.multiple_groups": "Bu paket birçok grupta mevcut.",
 	"packages.rubygems.install": "Paketi gem ile kurmak için, şu komutu çalıştırın:",
@@ -133,7 +117,6 @@
 	"packages.rubygems.dependencies.development": "Geliştirme Bağımlılıkları",
 	"packages.rubygems.required.ruby": "Gereken Ruby sürümü",
 	"packages.rubygems.required.rubygems": "Gereken RubyGem sürümü",
-	"packages.swift.registry": "Bu kütüğü komut satırını kullanarak kurun:",
 	"packages.swift.install": "Paketi <code>Package.swift</code> dosyanıza ekleyin:",
 	"packages.swift.install2": "ve şu komutu çalıştırın:",
 	"packages.vagrant.install": "Vagrant paketi eklemek için aşağıdaki komutu çalıştırın:",
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index 97898ff3cb..7cd96a3a63 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -6,22 +6,22 @@
 	"gpg.error.no_gpg_keys_found": "Не вдалося знайти GPG-ключ, що відповідає даному підпису",
 	"gpg.error.not_signed_commit": "Непідписаний коміт",
 	"gpg.error.failed_retrieval_gpg_keys": "Не вдалось отримати ключ, пов’язаний з обліковим записом комітера",
-	"gpg.error.probable_bad_signature": "УВАГА! Хоча ключ із таким ID і є в базі, коміт неможливо ним перевірити! Цей коміт ПІДОЗРІЛИЙ.",
-	"gpg.error.probable_bad_default_signature": "УВАГА! Хоча типовий ключ має цей ID, коміт неможливо ним перевірити! Цей коміт ПІДОЗРІЛИЙ.",
+	"gpg.error.probable_bad_signature": "УВАГА! Хоча ключ із таким ID і є в базі, цей коміт неможливо ним перевірити! Цей коміт ПІДОЗРІЛИЙ.",
+	"gpg.error.probable_bad_default_signature": "УВАГА! Хоча типовий ключ має такий ID, цей коміт неможливо ним перевірити! Цей коміт ПІДОЗРІЛИЙ.",
 	"notification.notifications": "Сповіщення",
 	"notification.unread": "Непрочитані",
 	"notification.read": "Прочитані",
 	"notification.no_unread": "Немає непрочитаних сповіщень.",
 	"notification.no_read": "Немає прочитаних сповіщень.",
-	"notification.pin": "Прикріпити сповіщення",
+	"notification.pin": "Закріпити сповіщення",
 	"notification.mark_as_read": "Позначити як прочитане",
 	"notification.mark_as_unread": "Позначити як непрочитане",
 	"notification.mark_all_as_read": "Позначити всі як прочитані",
 	"notification.subscriptions": "Підписки",
 	"notification.watching": "Спостереження",
-	"notification.no_subscriptions": "Немає підписок",
+	"notification.no_subscriptions": "У вас немає підписок.",
 	"dropzone.default_message": "Перетягніть файли або натисніть тут, щоб завантажити.",
-	"dropzone.invalid_input_type": "Ви не можете завантажувати файли цього типу.",
+	"dropzone.invalid_input_type": "Не можна завантажувати файли цього типу.",
 	"dropzone.file_too_big": "Розмір файлу ({{filesize}} МБ) перевищує максимальний розмір ({{maxFilesize}} МБ).",
 	"dropzone.remove_file": "Видалити файл",
 	"munits.data.b": "Б",
@@ -64,8 +64,6 @@
 	"packages.alpine.registry": "Налаштуйте цей реєстр, додавши URL у файл <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Завантажте відкритий RSA-ключ реєстру в папку <code>/etc/apk/keys/</code> для перевірки підпису індексу:",
 	"packages.alpine.registry.info": "Виберіть $branch і $repository зі списку нижче.",
-	"packages.alpine.install": "Аби встановити цей пакунок, виконайте команду:",
-	"packages.alpine.repository": "Про репозиторій",
 	"packages.alpine.repository.branches": "Гілки",
 	"packages.alpine.repository.repositories": "Репозиторії",
 	"packages.alpine.repository.architectures": "Архітектури",
@@ -78,22 +76,18 @@
 	"packages.arch.version.description": "Опис",
 	"packages.arch.version.provides": "Надає",
 	"packages.arch.version.groups": "Група",
-	"packages.arch.version.depends": "Залежить",
-	"packages.arch.version.optdepends": "Необов’язково залежить",
+	"packages.arch.version.optdepends": "Необов’язкові залежності",
 	"packages.arch.version.makedepends": "Залежності для збірки",
-	"packages.arch.version.checkdepends": "Перевірити залежності",
+	"packages.arch.version.checkdepends": "Залежності для перевірок",
 	"packages.arch.version.conflicts": "Конфлікти",
 	"packages.arch.version.replaces": "Заміни",
 	"packages.arch.version.backup": "Резервне копіювання",
 	"packages.cargo.registry": "Налаштуйте цей реєстр у файлі конфігурації Cargo (наприклад, <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Аби встановити пакунок, використовуючи Cargo, виконайте команду:",
 	"packages.chef.registry": "Налаштуйте цей реєстр у файлі <code>~/.chef/config.rb</code>:",
-	"packages.chef.install": "Аби встановити пакунок, виконайте команду:",
 	"packages.composer.registry": "Налаштуйте цей реєстр у файлі <code>~/.composer/config.json</code>:",
 	"packages.composer.install": "Аби встановити пакунок, використовуючи Composer, виконайте команду:",
-	"packages.composer.dependencies": "Залежності",
 	"packages.composer.dependencies.development": "Залежності розробки",
-	"packages.conan.registry": "Налаштуйте цей реєстр із командного рядка:",
 	"packages.conan.install": "Аби встановити пакунок, використовуючи Conan, виконайте команду:",
 	"packages.conda.registry": "Встановіть цей реєстр як репозиторій Conda у своєму файлі <code>.condarc</code>:",
 	"packages.conda.install": "Аби встановити пакунок, використовуючи Conda, виконайте команду:",
@@ -108,29 +102,21 @@
 	"packages.container.labels.key": "Ключ",
 	"packages.container.labels.value": "Значення",
 	"packages.cran.registry": "Налаштуйте цей реєстр у файлі <code>Rprofile.site</code>:",
-	"packages.cran.install": "Аби встановити пакунок, виконайте команду:",
-	"packages.debian.registry": "Налаштуйте цей реєстр із командного рядка:",
 	"packages.debian.registry.info": "Виберіть $distribution і $component зі списку нижче.",
-	"packages.debian.install": "Аби встановити пакунок, виконайте команду:",
-	"packages.debian.repository": "Про репозиторій",
 	"packages.debian.repository.distributions": "Дистрибутиви",
 	"packages.debian.repository.components": "Складові",
 	"packages.debian.repository.architectures": "Архітектури",
 	"packages.generic.download": "Завантажте пакунок із командного рядка:",
 	"packages.go.install": "Встановити пакунок із командного рядка:",
-	"packages.helm.registry": "Налаштуйте цей реєстр із командного рядка:",
-	"packages.helm.install": "Аби встановити пакунок, виконайте команду:",
 	"packages.maven.registry": "Налаштуйте цей реєстр у файлі <code>pom.xml</code> свого проєкту:",
 	"packages.maven.install": "Для використання пакунка включіть у блок <code>dependencies</code> у файлі <code>pom.xml</code> таке:",
 	"packages.maven.install2": "Запустити з командного рядка:",
 	"packages.maven.download": "Щоб завантажити залежність, запустіть із командного рядка:",
-	"packages.nuget.registry": "Налаштуйте цей реєстр із командного рядка:",
 	"packages.nuget.install": "Аби встановити пакунок, використовуючи NuGet, виконайте команду:",
 	"packages.nuget.dependency.framework": "Цільовий фреймворк",
 	"packages.npm.registry": "Налаштуйте цей реєстр у файлі <code>.npmrc</code> свого проєкту:",
 	"packages.npm.install": "Аби встановити пакунок, використовуючи npm, виконайте команду:",
 	"packages.npm.install2": "або додайте його у файл package.json:",
-	"packages.npm.dependencies": "Залежності",
 	"packages.npm.dependencies.development": "Залежності розробки",
 	"packages.npm.dependencies.bundle": "Пакетні залежності",
 	"packages.npm.dependencies.peer": "Однорангові залежності",
@@ -138,18 +124,12 @@
 	"packages.npm.details.tag": "Тег",
 	"packages.pypi.requires": "Необхідний Python",
 	"packages.pypi.install": "Аби встановити пакунок, використовуючи pip, виконайте команду:",
-	"packages.rpm.registry": "Налаштуйте цей реєстр із командного рядка:",
 	"packages.rpm.distros.redhat": "у дистрибутивах на основі RedHat",
 	"packages.rpm.distros.suse": "у дистрибутивах на основі SUSE",
-	"packages.rpm.install": "Щоб установити пакунок, виконайте команду:",
-	"packages.rpm.repository": "Про репозиторій",
 	"packages.rpm.repository.architectures": "Архітектури",
 	"packages.rpm.repository.multiple_groups": "Цей пакунок доступний у кількох групах.",
-	"packages.alt.registry": "Налаштуйте цей реєстр із командного рядка:",
-	"packages.alt.registry.install": "Щоб установити пакунок, виконайте команду:",
 	"packages.alt.install": "Встановити пакунок",
 	"packages.alt.setup": "Додайте репозиторій до списку підключених репозиторіїв (виберіть потрібну архітектуру замість «_arch_»):",
-	"packages.alt.repository": "Про репозиторій",
 	"packages.alt.repository.architectures": "Архітектури",
 	"packages.alt.repository.multiple_groups": "Цей пакунок доступний у кількох групах.",
 	"packages.rubygems.install": "Аби встановити пакунок, використовуючи gem, виконайте команду:",
@@ -158,7 +138,6 @@
 	"packages.rubygems.dependencies.development": "Залежності розробки",
 	"packages.rubygems.required.ruby": "Необхідна версія Ruby",
 	"packages.rubygems.required.rubygems": "Необхідна версія RubyGem",
-	"packages.swift.registry": "Налаштуйте цей реєстр із командного рядка:",
 	"packages.swift.install": "Додайте пакунок у свій файл <code>Package.swift</code>:",
 	"packages.swift.install2": "і виконайте команду:",
 	"packages.vagrant.install": "Щоб додати скриньку Vagrant, виконайте команду:",
@@ -410,9 +389,9 @@
 	"actions.runners.task_list.commit": "Коміт",
 	"actions.runners.task_list.done_at": "Завершено",
 	"actions.runners.edit_runner": "Редагувати ранер",
-	"actions.runners.update_runner.button": "Оновити зміни",
-	"actions.runners.update_runner.success": "Ранер оновлено",
-	"actions.runners.update_runner.failed": "Не вдалось оновити ранер",
+	"actions.runners.update_runner.button": "Зберегти зміни",
+	"actions.runners.update_runner.success": "Ранер успішно змінено",
+	"actions.runners.update_runner.failed": "Не вдалося змінити ранер",
 	"actions.runners.delete_runner.button": "Видалити цей ранер",
 	"actions.runners.delete_runner.success": "Ранер успішно видалено",
 	"actions.runners.delete_runner.failed": "Не вдалося видалити ранер",
@@ -449,11 +428,11 @@
 	},
 	"teams.add_all_repos.modal.header": "Додати всі репозиторії",
 	"teams.remove_all_repos.modal.header": "Вилучити всі репозиторії",
-	"repo.pulls.poster_requires_approval": "Деякі робочі потоки <a href=\"%[1]s\">очікують на перевірку.</a>",
+	"repo.pulls.poster_requires_approval": "Деякі робочі потоки <a href=\"%[1]s\">очікують на перевірку</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "Авторові цього запиту на злиття не довірено запуск робочих потоків, ініційованих запитом на злиття з форкнутого репозиторію або з AGit. Робочі потоки, ініційовані подією `pull_request`, не будуть виконані до їх схвалення.",
 	"repo.pulls.poster_manage_approval": "Керування схваленням",
 	"repo.pulls.poster_is_trusted.tooltip": "Авторові цього запиту на злиття явно довірено запуск робочих потоків, ініційованих подіями `pull_request`.",
-	"repo.pulls.poster_is_trusted": "Авторові цього запиту на злиття <a href=\"%[1]s\">завжди довірено запуск робочих потоків.</a>",
+	"repo.pulls.poster_is_trusted": "Авторові цього запиту на злиття <a href=\"%[1]s\">завжди довірено запуск робочих потоків</a>.",
 	"repo.pulls.poster_trust_deny.tooltip": "Робочі потоки, що очікують на схвалення, будуть скасовані.",
 	"repo.pulls.poster_trust_once": "Схвалити один раз",
 	"repo.pulls.poster_trust_deny": "Відхилити",
@@ -484,7 +463,6 @@
 	"repo.issues.filter_reviewers.hint": "Фільтрувати за користувачем, який залишив відгук",
 	"repo.issues.filter_mention.hint": "Фільтрувати за згаданим користувачем",
 	"repo.issues.filter_modified.hint": "Фільтрувати за датою останньої зміни",
-	"repo.issues.filter_sort.hint": "Сортувати за: створено/коментарі/оновлено/термін виконання",
 	"actions.workflow.persistent_incomplete_matrix": "Неможливо оцінити `strategy.matrix` завдання %[1]s через недійсний вираз `needs`. Можливо, він посилається на завдання, якого немає у списку «needs» (%[2]s), або на результат, якого не існує в одному з цих завдань.",
 	"admin.auths.oauth2_quota_group_claim_name": "Назва заявки, що надає назви груп для цього джерела, які будуть використовуватися для керування квотами. (Необов’язково)",
 	"admin.auths.oauth2_quota_group_map": "Зіставити заявлені групи з групами квот. (Необов’язково — потрібна назва заявки вище)",
@@ -538,5 +516,12 @@
 	"actions.secrets.creation.name_description": "Ім’я секрету може містити тільки літери, цифри та підкреслення. Не може починатися з FORGEJO_, GITEA_, GITHUB_ або цифри. Forgejo автоматично переводить його у верхній регістр.",
 	"actions.variables.mutation.name_description": "Ім’я змінної може містити лише літери, цифри та підкреслення. Не можна називати змінну CI або починати ім’я з FORGEJO_, GITEA_, GITHUB_ чи цифри. Forgejo автоматично переводить його у верхній регістр.",
 	"actions.secrets.creation.value_description": "Значенням секрету може бути будь-який текст. Спеціальні символи зберігаються. CRLF (розриви рядків у форматі Windows) автоматично замінюються на LF. Якщо розриви рядків потрібно зберегти, закодуйте значення за допомогою Base64.",
-	"actions.variables.mutation.value_description": "Значенням змінної може бути будь-який текст. Спеціальні символи зберігаються. CRLF (розриви рядків у форматі Windows) автоматично замінюються на LF. Якщо розриви рядків потрібно зберегти, закодуйте значення за допомогою Base64."
+	"actions.variables.mutation.value_description": "Значенням змінної може бути будь-який текст. Спеціальні символи зберігаються. CRLF (розриви рядків у форматі Windows) автоматично замінюються на LF. Якщо розриви рядків потрібно зберегти, закодуйте значення за допомогою Base64.",
+	"issues.filters.labels.exclude": "Виключити мітку",
+	"issues.filters.labels.unexclude": "Зняти виключення",
+	"packages.common.repository": "Інформація про репозиторій",
+	"packages.common.install": "Щоб установити пакунок, виконайте команду:",
+	"packages.common.registry": "Налаштуйте цей реєстр із командного рядка:",
+	"actions.runs.all_runs_link": "усі запуски",
+	"repo.issues.filter_sort.hint_with_placeholder": "Сортувати за: %s"
 }
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index f9a330d439..8d7a06ff5d 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -1,28 +1,28 @@
 {
 	"gpg.default_key": "使用默认密钥签名",
 	"gpg.error.extract_sign": "无法提取签名",
-	"gpg.error.generate_hash": "无法生成提交的哈希",
-	"gpg.error.no_committer_account": "没有帐户链接到提交者的电子邮件",
-	"gpg.error.no_gpg_keys_found": "找不到此签名对应的密钥",
+	"gpg.error.generate_hash": "无法生成提交散列",
+	"gpg.error.no_committer_account": "没有帐户链接到提交者的电子邮箱",
+	"gpg.error.no_gpg_keys_found": "数据库中找不到此签名对应的密钥",
 	"gpg.error.not_signed_commit": "提交未签名",
 	"gpg.error.failed_retrieval_gpg_keys": "找不到任何与该提交者账号相关的密钥",
-	"gpg.error.probable_bad_signature": "警告！尽管数据库中有此 ID 对应的密钥，但此提交未通过验证！此提交是可疑的。",
-	"gpg.error.probable_bad_default_signature": "警告！尽管默认密钥具有此 ID，但此提交未通过验证！此提交是可疑的。",
+	"gpg.error.probable_bad_signature": "警告！尽管数据库中有此ID对应的密钥，但此提交未通过验证！此提交是可疑的。",
+	"gpg.error.probable_bad_default_signature": "警告！尽管默认密钥具有此ID，但此提交未通过验证！此提交是可疑的。",
 	"notification.notifications": "通知",
 	"notification.unread": "未读",
 	"notification.read": "已读",
-	"notification.no_unread": "没有未读通知。",
-	"notification.no_read": "没有已读通知。",
-	"notification.pin": "Pin 通知",
+	"notification.no_unread": "暂无未读通知。",
+	"notification.no_read": "暂无已读通知。",
+	"notification.pin": "固定通知",
 	"notification.mark_as_read": "标记为已读",
 	"notification.mark_as_unread": "标记为未读",
 	"notification.mark_all_as_read": "全部标记为已读",
 	"notification.subscriptions": "订阅",
 	"notification.watching": "关注",
-	"notification.no_subscriptions": "无订阅",
+	"notification.no_subscriptions": "无任何订阅",
 	"dropzone.default_message": "拖放文件或点击此处上传",
-	"dropzone.invalid_input_type": "您不能上传该类型的文件。",
-	"dropzone.file_too_big": "文件体积（{{filesize}} MB）超过了最大允许体积（{{maxFilesize}} MB）。",
+	"dropzone.invalid_input_type": "不能上传这类型的文件。",
+	"dropzone.file_too_big": "文件大小（{{filesize}} MB）超过了最大限制（{{maxFilesize}} MB）。",
 	"dropzone.remove_file": "移除文件",
 	"munits.data.b": "B",
 	"munits.data.kib": "KiB",
@@ -33,216 +33,195 @@
 	"munits.data.eib": "EiB",
 	"packages.title": "软件包",
 	"packages.empty": "还没有软件包。",
-	"packages.empty.documentation": "关于软件包注册中心的更多信息，请参阅 <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\"> 文档 </a>。",
-	"packages.empty.repo": "您上传了一个包，但没有显示在这里吗？转到 <a href=\"%[1]s\">包设置</a> 并将其链接到这个仓库中。",
-	"packages.registry.documentation": "关于 %s 注册中心的更多信息，请参阅 <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">文档</a>。",
+	"packages.empty.documentation": "关于软件包注册中心的更多信息，请参阅<a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">文档</a>。",
+	"packages.empty.repo": "已上传了一个软件包，但它没有在这里显示吗？在<a href=\"%[1]s\">包设置</a>中将其链接到这个仓库。",
+	"packages.registry.documentation": "关于%s注册中心的更多信息，请参阅<a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">文档</a>。",
 	"packages.filter.type": "类型",
 	"packages.filter.type.all": "所有",
-	"packages.filter.no_result": "您的过滤器没有产生任何结果。",
+	"packages.filter.no_result": "没有筛选结果。",
 	"packages.filter.container.tagged": "已加标签",
 	"packages.filter.container.untagged": "未加标签",
-	"packages.published_by": "由 <a href=\"%[2]s\">%[3]s</a> 发布于 %[1]s",
-	"packages.published_by_in": "<a href=\"%[2]s\">%[3]s</a> 于 %[1]s 发布了 <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
-	"packages.pub.install": "要使用 Dart 安装软件包，请运行以下命令：",
+	"packages.published_by": "由<a href=\"%[2]s\">%[3]s</a>于%[1]s发布",
+	"packages.published_by_in": "<a href=\"%[2]s\">%[3]s</a>于%[1]s发布了<a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "请运行以下命令以使用Dart安装软件包：",
 	"packages.installation": "安装",
-	"packages.about": "关于这个软件包",
+	"packages.about": "关于此软件包",
 	"packages.requirements": "要求",
 	"packages.dependencies": "依赖",
 	"packages.keywords": "关键词",
 	"packages.details": "详情",
 	"packages.details.author": "作者",
-	"packages.details.project_site": "项目站点",
+	"packages.details.project_site": "项目网站",
 	"packages.details.repository_site": "仓库网站",
-	"packages.details.documentation_site": "文档站点",
+	"packages.details.documentation_site": "文档网站",
 	"packages.details.license": "许可协议",
 	"packages.assets": "资源",
 	"packages.versions": "版本",
 	"packages.versions.view_all": "查看全部",
 	"packages.dependency.id": "ID",
 	"packages.dependency.version": "版本",
-	"packages.search_in_external_registry": "在 %s 中搜索",
-	"packages.alpine.registry": "通过在您的 <code>/etc/apk/repositories</code> 文件中添加 URL 来设置此注册中心：",
-	"packages.alpine.registry.key": "下载注册中心公开的 RSA 密钥到 <code>/etc/apk/keys/</code> 文件夹来验证索引签名：",
-	"packages.alpine.registry.info": "从下面的列表中选择 $branch 和 $repository。",
-	"packages.alpine.install": "要安装包，请运行以下命令：",
-	"packages.alpine.repository": "仓库信息",
+	"packages.search_in_external_registry": "在%s中搜索",
+	"packages.alpine.registry": "通过在您的<code>/etc/apk/repositories</code>文件中添加以下URL来配置此注册中心：",
+	"packages.alpine.registry.key": "下载注册中心的RSA公钥到<code>/etc/apk/keys/</code>文件夹来验证索引签名：",
+	"packages.alpine.registry.info": "从下面的列表中选择$branch和$repository。",
 	"packages.alpine.repository.branches": "分支",
-	"packages.alpine.repository.repositories": "仓库管理",
+	"packages.alpine.repository.repositories": "仓库",
 	"packages.alpine.repository.architectures": "架构",
-	"packages.arch.pacman.helper.gpg": "为 pacman 添加信任证书：",
-	"packages.arch.pacman.repo.multi": "%s 在不同的发行版中有相同的版本。",
-	"packages.arch.pacman.repo.multi.item": "%s 的配置",
-	"packages.arch.pacman.conf": "将具有相关发行版和架构的服务器添加到 <code>/etc/pacman.conf</code> 中：",
-	"packages.arch.pacman.sync": "在 pacman 下同步软件包：",
+	"packages.arch.pacman.helper.gpg": "为pacman添加信任证书：",
+	"packages.arch.pacman.repo.multi": "%s在不同的发行版中有相同的版本。",
+	"packages.arch.pacman.repo.multi.item": "%s的配置",
+	"packages.arch.pacman.conf": "将有相关发行版和架构的服务器添加到<code>/etc/pacman.conf</code>中：",
+	"packages.arch.pacman.sync": "使用pacman同步软件包：",
 	"packages.arch.version.properties": "版本属性",
-	"packages.arch.version.description": "说明",
+	"packages.arch.version.description": "描述",
 	"packages.arch.version.provides": "提供",
 	"packages.arch.version.groups": "组",
-	"packages.arch.version.depends": "依赖",
 	"packages.arch.version.optdepends": "可选依赖",
-	"packages.arch.version.makedepends": "编译依赖",
+	"packages.arch.version.makedepends": "构建依赖",
 	"packages.arch.version.checkdepends": "检查依赖",
 	"packages.arch.version.conflicts": "冲突",
 	"packages.arch.version.replaces": "替换",
 	"packages.arch.version.backup": "备份",
-	"packages.cargo.registry": "在 Cargo 配置文件中设置此注册中心（例如：<code>~/.cargo/config.toml</code>）：",
-	"packages.cargo.install": "要使用 Cargo 安装软件包，请运行以下命令：",
-	"packages.chef.registry": "在您的 <code>~/.chef/config.rb</code> 文件中设置此注册中心：",
-	"packages.chef.install": "要安装包，请运行以下命令：",
-	"packages.composer.registry": "在您的 <code>~/.composer/config.json</code> 文件中设置此注册中心：",
-	"packages.composer.install": "要使用 Composer 安装软件包，请运行以下命令：",
-	"packages.composer.dependencies": "依赖",
+	"packages.cargo.registry": "在Cargo配置文件中设置此注册中心（例如：<code>~/.cargo/config.toml</code>）：",
+	"packages.cargo.install": "请运行以下命令以使用Cargo安装此软件包：",
+	"packages.chef.registry": "在您的<code>~/.chef/config.rb</code>文件中设置此注册中心：",
+	"packages.composer.registry": "在<code>~/.composer/config.json</code>文件中设置此注册中心：",
+	"packages.composer.install": "请运行以下命令以使用Composer安装此软件包：",
 	"packages.composer.dependencies.development": "开发依赖",
-	"packages.conan.registry": "从命令行设置此注册中心：",
-	"packages.conan.install": "要使用 Conan 安装软件包，请运行以下命令：",
-	"packages.conda.registry": "在您的 <code>.condarc</code> 文件中将此注册中心设置为 Conda 仓库：",
-	"packages.conda.install": "要使用 Conda 安装软件包，请运行以下命令：",
+	"packages.conan.install": "请运行以下命令以使用Conan安装此软件包：",
+	"packages.conda.registry": "在您的<code>.condarc</code>文件中将此注册中心设置为Conda仓库：",
+	"packages.conda.install": "请运行以下命令以使用Conda安装此软件包：",
 	"packages.container.images.title": "镜像",
 	"packages.container.details.type": "镜像类型",
 	"packages.container.details.platform": "平台",
-	"packages.container.pull": "从命令行拉取镜像：",
+	"packages.container.pull": "通过命令行拉取镜像：",
 	"packages.container.digest": "摘要",
-	"packages.container.multi_arch": "操作系统 / 架构",
+	"packages.container.multi_arch": "操作系统与架构",
 	"packages.container.layers": "镜像分层",
 	"packages.container.labels": "标签",
 	"packages.container.labels.key": "键",
 	"packages.container.labels.value": "值",
-	"packages.cran.registry": "在您的 <code>Rprofile.site</code> 文件中设置此注册中心：",
-	"packages.cran.install": "要安装包，请运行以下命令：",
-	"packages.debian.registry": "从命令行设置此注册中心：",
-	"packages.debian.registry.info": "从下面的列表中选择 $distribution 和 $component。",
-	"packages.debian.install": "要安装包，请运行以下命令：",
-	"packages.debian.repository": "仓库信息",
+	"packages.cran.registry": "在您的<code>Rprofile.site</code>文件中设置此注册中心：",
+	"packages.debian.registry.info": "从下面的列表中选择$distribution和$component。",
 	"packages.debian.repository.distributions": "发行版",
 	"packages.debian.repository.components": "组件",
 	"packages.debian.repository.architectures": "架构",
-	"packages.generic.download": "从命令行下载软件包：",
-	"packages.go.install": "通过命令行安装软件包：",
-	"packages.helm.registry": "从命令行设置此注册中心：",
-	"packages.helm.install": "要安装包，请运行以下命令：",
-	"packages.maven.registry": "在您项目的 <code>pom.xml</code> 文件中设置此注册中心：",
-	"packages.maven.install": "要使用这个软件包，在 <code>pom.xml</code> 文件中的 <code>依赖项</code> 块中包含以下内容：",
+	"packages.generic.download": "通过命令行下载此软件包：",
+	"packages.go.install": "通过命令行安装此软件包：",
+	"packages.maven.registry": "在您项目的<code>pom.xml</code>文件中设置此注册中心：",
+	"packages.maven.install": "在<code>pom.xml</code>文件中的<code>依赖项</code>块中包含以下内容以使用此软件包：",
 	"packages.maven.install2": "通过命令行运行：",
-	"packages.maven.download": "要下载依赖项，请通过命令行运行：",
-	"packages.nuget.registry": "从命令行设置此注册中心：",
-	"packages.nuget.install": "要使用 Nuget 安装软件包，请运行以下命令：",
+	"packages.maven.download": "请运行以下命令以下载此依赖项：",
+	"packages.nuget.install": "请运行以下命令以使用Nuget安装此软件包：",
 	"packages.nuget.dependency.framework": "目标框架",
-	"packages.npm.registry": "在您项目的 <code>.npmrc</code> 文件中设置此注册中心：",
-	"packages.npm.install": "要使用 npm 安装软件包，请运行以下命令：",
-	"packages.npm.install2": "或将其添加到 package.json 文件：",
-	"packages.npm.dependencies": "依赖项",
+	"packages.npm.registry": "在您项目的<code>.npmrc</code>文件中设置此注册中心：",
+	"packages.npm.install": "请运行以下命令以使用npm安装此软件包：",
+	"packages.npm.install2": "或将其添加到package.json文件中：",
 	"packages.npm.dependencies.development": "开发依赖",
-	"packages.npm.dependencies.bundle": "捆绑的依赖项",
-	"packages.npm.dependencies.peer": "同等依赖",
+	"packages.npm.dependencies.bundle": "捆绑依赖项",
+	"packages.npm.dependencies.peer": "对等依赖",
 	"packages.npm.dependencies.optional": "可选依赖",
 	"packages.npm.details.tag": "标签",
-	"packages.pypi.requires": "需要 Python",
-	"packages.pypi.install": "要使用 pip 安装软件包，请运行以下命令：",
-	"packages.rpm.registry": "从命令行设置此注册中心：",
-	"packages.rpm.distros.redhat": "在基于 RedHat 的发行版",
-	"packages.rpm.distros.suse": "在基于 SUSE 的发行版",
-	"packages.rpm.install": "要安装包，请运行以下命令：",
-	"packages.rpm.repository": "仓库信息",
+	"packages.pypi.requires": "需要Python",
+	"packages.pypi.install": "请运行以下命令以使用pip安装此软件包：",
+	"packages.rpm.distros.redhat": "在基于RedHat的发行版上",
+	"packages.rpm.distros.suse": "在基于SUSE的发行版上",
 	"packages.rpm.repository.architectures": "架构",
-	"packages.rpm.repository.multiple_groups": "该软件包可在多个组中使用。",
-	"packages.alt.registry": "通过命令行配置此注册表：",
-	"packages.alt.registry.install": "要安装此软件包，请运行以下命令：",
+	"packages.rpm.repository.multiple_groups": "该软件包在多个组中可用。",
 	"packages.alt.install": "安装软件包",
 	"packages.alt.setup": "添加一个仓库到连接的仓库列表（选择必要的架构而非“_arch_”）：",
-	"packages.alt.repository": "仓库信息",
 	"packages.alt.repository.architectures": "架构",
 	"packages.alt.repository.multiple_groups": "此软件包在多个组中可用。",
-	"packages.rubygems.install": "要使用 gem 安装软件包，请运行以下命令：",
-	"packages.rubygems.install2": "或将它添加到 Gemfile：",
+	"packages.rubygems.install": "请运行以下命令以使用gem安装此软件包：",
+	"packages.rubygems.install2": "或将它添加到Gemfile中：",
 	"packages.rubygems.dependencies.runtime": "运行时依赖",
 	"packages.rubygems.dependencies.development": "开发依赖",
-	"packages.rubygems.required.ruby": "需要 Ruby 版本",
-	"packages.rubygems.required.rubygems": "需要 RubyGem 版本",
-	"packages.swift.registry": "从命令行设置此注册中心：",
-	"packages.swift.install": "在你的 <code>Package.swift</code>文件中添加该包：",
+	"packages.rubygems.required.ruby": "需要Ruby版本",
+	"packages.rubygems.required.rubygems": "需要RubyGem版本",
+	"packages.swift.install": "在<code>Package.swift</code>文件中添加此包：",
 	"packages.swift.install2": "并运行以下命令：",
-	"packages.vagrant.install": "若要添加一个 Vagrant box，请运行以下命令：",
-	"packages.settings.link": "将此软件包链接到仓库",
-	"packages.settings.link.description": "如果您将一个软件包与一个代码库链接起来，软件包将显示在代码库的软件包列表中。",
+	"packages.vagrant.install": "请运行以下命令以新增Vagrant box：",
+	"packages.settings.link": "链接此软件包到一个仓库",
+	"packages.settings.link.description": "若将软件包与仓库链接起来，软件包将显示在仓库的软件包列表中。",
 	"packages.settings.link.select": "选择仓库",
 	"packages.settings.link.button": "更新仓库链接",
 	"packages.settings.link.success": "仓库链接已成功更新。",
 	"packages.settings.link.error": "更新仓库链接失败。",
 	"packages.settings.delete": "删除软件包",
-	"packages.settings.delete.description": "删除软件包是永久性的，无法撤消。",
-	"packages.settings.delete.notice": "您将要删除 %s（%s）。此操作是不可逆的，您确定吗？",
+	"packages.settings.delete.description": "删除软件包是永久的，无法撤消。",
+	"packages.settings.delete.notice": "您将要删除%s（%s）。此操作是不可逆的，您确定吗？",
 	"packages.settings.delete.success": "软件包已被删除。",
 	"packages.settings.delete.error": "删除软件包失败。",
-	"packages.owner.settings.cargo.title": "Cargo 注册中心索引",
+	"packages.owner.settings.cargo.title": "Cargo注册中心索引",
 	"packages.owner.settings.cargo.initialize": "初始化索引",
-	"packages.owner.settings.cargo.initialize.description": "使用 Cargo 注册中心时需要一个特殊索引的 Git 仓库。使用此选项将（重新）创建仓库并自动配置它。",
+	"packages.owner.settings.cargo.initialize.description": "使用Cargo注册中心时需要一个特殊的索引Git仓库。此选项将（重新）创建仓库并自动配置它。",
 	"packages.owner.settings.cargo.initialize.error": "初始化Cargo索引失败：%v",
 	"packages.owner.settings.cargo.initialize.success": "Cargo索引已经成功创建。",
 	"packages.owner.settings.cargo.rebuild": "重建索引",
-	"packages.owner.settings.cargo.rebuild.description": "如果索引与存储的 Cargo 包不同步，重建可能会有用。",
-	"packages.owner.settings.cargo.rebuild.error": "无法重建 Cargo 索引：%v",
-	"packages.owner.settings.cargo.rebuild.success": "Cargo 索引已成功重建。",
+	"packages.owner.settings.cargo.rebuild.description": "若索引与存储的Cargo包不同步，重建可能会很有用。",
+	"packages.owner.settings.cargo.rebuild.error": "无法重建Cargo索引：%v",
+	"packages.owner.settings.cargo.rebuild.success": "Cargo索引已成功重建。",
 	"packages.owner.settings.cargo.rebuild.no_index": "无法重建，未初始化任何索引。",
 	"packages.owner.settings.cleanuprules.title": "清理规则",
 	"packages.owner.settings.cleanuprules.add": "添加清理规则",
 	"packages.owner.settings.cleanuprules.edit": "编辑清理规则",
 	"packages.owner.settings.cleanuprules.none": "尚无清理规则。",
 	"packages.owner.settings.cleanuprules.preview": "清理规则预览",
-	"packages.owner.settings.cleanuprules.preview.overview": "%d 个软件包计划被删除。",
+	"packages.owner.settings.cleanuprules.preview.overview": "已计划删除%d个软件包。",
 	"packages.owner.settings.cleanuprules.preview.none": "清理规则与任何软件包都不匹配。",
-	"packages.owner.settings.cleanuprules.pattern_full_match": "应用规则到完整软件包名称",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "对完整的软件包名称应用规则",
 	"packages.owner.settings.cleanuprules.keep.title": "与这些规则相匹配的版本即使与下面的删除规则相匹配，也将予以保留。",
 	"packages.owner.settings.cleanuprules.keep.count": "保留最新的",
-	"packages.owner.settings.cleanuprules.keep.pattern": "保持版本匹配",
+	"packages.owner.settings.cleanuprules.keep.pattern": "欲保留版本的匹配规则",
 	"packages.owner.settings.cleanuprules.keep.pattern.container": "容器的<code>latest</code>版本总是会被保留。",
-	"packages.owner.settings.cleanuprules.remove.title": "与这些规则相匹配的版本将被删除，除非其中存在某个保留它们的规则。",
+	"packages.owner.settings.cleanuprules.remove.title": "与这些规则相匹配的版本将被删除，除非上述规则明确保留它们。",
 	"packages.owner.settings.cleanuprules.remove.days": "移除旧于天数的版本",
-	"packages.owner.settings.cleanuprules.remove.pattern": "删除匹配的版本",
+	"packages.owner.settings.cleanuprules.remove.pattern": "欲删除版本的匹配规则",
 	"packages.owner.settings.cleanuprules.success.update": "清理规则已更新。",
 	"packages.owner.settings.cleanuprules.success.delete": "清理规则已删除。",
-	"packages.owner.settings.chef.title": "Chef 注册中心",
+	"packages.owner.settings.chef.title": "Chef注册中心",
 	"packages.owner.settings.chef.keypair": "生成密钥对",
-	"packages.owner.settings.chef.keypair.description": "发送至 Chef 注册表的请求必须被密码学签名，以进行身份验证。在生成密钥对时，Forgejo仅保存公钥。私钥将被提供给您以和 knife 一同使用。生成新的密钥对将丢弃旧的密钥对。",
-	"fork.n_forks": "%s 个派生",
-	"stars.n_stars": "%s 次点赞",
-	"release.n_downloads": "%s 次下载",
-	"repo.pulls.merged_title_desc": "于 %[4]s 将 %[1]d 次代码提交从 <code>%[2]s</code> 合并至 <code>%[3]s</code>",
-	"repo.pulls.title_desc": "请求将 %[1]d 次代码提交从 <code>%[2]s</code> 合并至 <code id=\"%[4]s\">%[3]s</code>",
-	"search.milestone_kind": "搜索里程碑…",
+	"packages.owner.settings.chef.keypair.description": "发送至Chef注册中心的请求必须被加密签名以验证身份。在生成密钥对时，Forgejo仅保存公钥，您将得到供knife使用的私钥。生成新的密钥对将丢弃旧的密钥对。",
+	"fork.n_forks": "%s个派生",
+	"stars.n_stars": "%s次点赞",
+	"release.n_downloads": "%s次下载",
+	"repo.pulls.merged_title_desc": "于%[4]s将%[1]d次代码提交从<code>%[2]s</code>合并至<code>%[3]s</code>",
+	"repo.pulls.title_desc": "请求将%[1]d次代码提交从<code>%[2]s</code>合并至<code id=\"%[4]s\">%[3]s</code>",
+	"search.milestone_kind": "搜索里程碑……",
 	"home.welcome.no_activity": "无活动",
 	"home.welcome.activity_hint": "您的订阅中还没有任何内容。您关注的仓库中的操作和活动将显示在此处。",
 	"home.explore_repos": "探索仓库",
 	"home.explore_users": "探索用户",
 	"home.explore_orgs": "探索组织",
-	"incorrect_root_url": "此 Forgejo 实例配置为在“%s”上提供服务。您当前正在通过不同的网址查看 Forgejo，这可能会导致应用程序的某些部分损坏。Forgejo 管理员可以通过 app.ini 中的 ROOT_URL 设置控制规范网址。",
+	"incorrect_root_url": "此Forgejo实例配置为在“%s”上提供服务。您当前正在通过不同的网址查看Forgejo，这可能会导致应用程序的某些部分损坏。Forgejo管理员可以通过app.ini中的ROOT_URL设置控制规范网址。",
 	"themes.names.forgejo-auto": "Forgejo（遵循系统主题）",
-	"themes.names.forgejo-light": "Forgejo 浅色",
-	"themes.names.forgejo-dark": "Forgejo 深色",
+	"themes.names.forgejo-light": "Forgejo浅色",
+	"themes.names.forgejo-dark": "Forgejo深色",
 	"error.not_found.title": "页面不存在",
-	"alert.asset_load_failed": "无法从 {path} 加载资源文件。请确保资源文件可被访问。",
-	"install.invalid_lfs_path": "无法在指定路径创建 LFS 根目录：%[1]s",
-	"alert.range_error": " 必须是一个介于 %[1]s 和 %[2]s 之间的数字。",
+	"alert.asset_load_failed": "无法从{path}加载资源文件。请确保资源文件可被访问。",
+	"install.invalid_lfs_path": "无法在指定路径创建LFS根目录：%[1]s",
+	"alert.range_error": " 必须是一个介于%[1]s和%[2]s之间的数字。",
 	"meta.last_line": "感谢各位对Forgejo翻译的支持和帮助！不需要翻译这个。(三维鱼)。",
-	"mail.actions.successful_run_after_failure_subject": "仓库 %[2]s 中的工作流 %[1]s 已恢复",
-	"mail.actions.not_successful_run_subject": "仓库 %[2]s 中的工作流 %[1]s 已失败",
-	"mail.actions.successful_run_after_failure": "仓库 %[2]s 中的工作流 %[1]s 已恢复",
+	"mail.actions.successful_run_after_failure_subject": "仓库%[2]s中的工作流%[1]s已恢复",
+	"mail.actions.not_successful_run_subject": "仓库%[2]s中的工作流%[1]s已失败",
+	"mail.actions.successful_run_after_failure": "仓库%[2]s中的工作流%[1]s已恢复",
 	"mail.actions.run_info_previous_status": "上次运行的状态：%[1]s",
-	"mail.actions.run_info_cur_status": "此次运行的状态：%[1]s（从 %[2]s 更新）",
-	"mail.actions.run_info_trigger": "由 %[2]s %[1]s 触发",
-	"mail.actions.not_successful_run": "仓库 %[2]s 中的工作流 %[1]s 已失败",
+	"mail.actions.run_info_cur_status": "此次运行的状态：%[1]s（从%[2]s更新）",
+	"mail.actions.run_info_trigger": "由%[2]s %[1]s触发",
+	"mail.actions.not_successful_run": "仓库%[2]s中的工作流%[1]s已失败",
 	"discussion.locked": "讨论已被锁定。仅贡献者能够发表评论。",
 	"relativetime.future": "未来",
-	"relativetime.mins": "%d 分钟前",
-	"relativetime.hours": "%d 小时前",
-	"relativetime.weeks": "%d 周前",
-	"relativetime.months": "%d 个月前",
-	"relativetime.years": "%d 年前",
+	"relativetime.mins": "%d分钟前",
+	"relativetime.hours": "%d小时前",
+	"relativetime.weeks": "%d周前",
+	"relativetime.months": "%d个月前",
+	"relativetime.years": "%d年前",
 	"relativetime.1day": "昨天",
 	"relativetime.1week": "上周",
 	"relativetime.1month": "上个月",
 	"relativetime.1year": "去年",
 	"relativetime.now": "现在",
-	"relativetime.days": "%d 天前",
+	"relativetime.days": "%d天前",
 	"moderation.report_abuse_form.details": "此表单用于举报创建垃圾个人信息、仓库、议题、评论或行为不当的用户。",
 	"admin.config.moderation_config": "审核配置",
 	"moderation.report_abuse": "举报滥用",
@@ -266,24 +245,24 @@
 	"watch.list.none": "没有人关注这个仓库。",
 	"followers.incoming.list.none": "没有人关注这位用户。",
 	"followers.outgoing.list.self.none": "你没有关注任何人。",
-	"followers.outgoing.list.none": "%s 没有关注任何人。",
+	"followers.outgoing.list.none": "%s没有关注任何人。",
 	"stars.list.none": "没有人点赞这个仓库。",
 	"followers.incoming.list.self.none": "没有人关注你的个人资料。",
-	"editor.textarea.tab_hint": "此行已缩进。再次按 <kbd>Tab</kbd> 或按 <kbd>Escape</kbd> 退出编辑器。",
-	"editor.textarea.shift_tab_hint": "此行无缩进。再次按 <kbd>Shift</kbd> + <kbd>Tab</kbd> 或按 <kbd>Escape</kbd> 退出编辑器。",
+	"editor.textarea.tab_hint": "此行已缩进。再次按<kbd>Tab</kbd>或按<kbd>Escape</kbd>退出编辑器。",
+	"editor.textarea.shift_tab_hint": "此行无缩进。再次按<kbd>Shift</kbd> + <kbd>Tab</kbd>或按<kbd>Escape</kbd>退出编辑器。",
 	"admin.dashboard.cleanup_offline_runners": "清理离线运行器",
 	"settings.visibility.description": "个人资料可见性设置会影响他人对您的非私有仓库的访问。<a href=\"%s\" target=\"_blank\">了解更多</a>。",
-	"avatar.constraints_hint": "自定义头像大小不得超过 %[1]s，且分辨率不得大于 %[2]d×%[3]d 像素",
-	"keys.ssh.link": "SSH 密钥",
-	"keys.gpg.link": "GPG 密钥",
+	"avatar.constraints_hint": "自定义头像大小不得超过%[1]s，且分辨率不得大于%[2]d×%[3]d像素",
+	"keys.ssh.link": "SSH密钥",
+	"keys.gpg.link": "GPG密钥",
 	"profile.actions.tooltip": "更多操作",
 	"repo.diff.commit.next-short": "下一个",
 	"repo.diff.commit.previous-short": "上一个",
-	"feed.atom.link": "Atom 订阅源",
+	"feed.atom.link": "Atom订阅源",
 	"profile.edit.link": "编辑个人资料",
-	"og.repo.summary_card.alt_description": "仓库 %[1]s 的摘要卡片，描述为：%[2]s",
+	"og.repo.summary_card.alt_description": "仓库%[1]s的摘要卡片，描述为：%[2]s",
 	"repo.settings.push_mirror.branch_filter.label": "分支过滤器（可选）",
-	"repo.settings.push_mirror.branch_filter.description": "欲镜像的分支。留空以镜像所有分支。关于语法的更多信息，请参见 <a href=\"%[1]s\">%[2]s 文档</a>。例如：<code>main, release/*</code>",
+	"repo.settings.push_mirror.branch_filter.description": "欲镜像的分支。留空以镜像所有分支。关于语法的更多信息，请参见<a href=\"%[1]s\">%[2]s文档</a>。例如：<code>main, release/*</code>",
 	"mail.actions.run_info_sha": "提交：%[1]s",
 	"discussion.sidebar.reference": "引用",
 	"admin.dashboard.remove_resolved_reports": "移除已解决的举报",
@@ -292,47 +271,47 @@
 	"admin.moderation.moderation_reports": "举报",
 	"admin.moderation.reports": "举报",
 	"admin.moderation.no_open_reports": "目前没有打开的举报。",
-	"admin.moderation.deleted_content_ref": "类型为 %[1]v、ID为 %[2]d 的举报不存在",
+	"admin.moderation.deleted_content_ref": "类型为%[1]v、ID为%[2]d的举报不存在",
 	"repo.commit.load_tags_failed": "由于内部错误，无法加载标签",
 	"admin.auths.allow_username_change": "允许更改用户名",
-	"migrate.pagure.description": "从 pagure.io 或其他 Pagure 实例迁移数据。",
-	"migrate.github.description": "从 github.com 或 GitHub Enterprise 服务器迁移数据。",
-	"migrate.git.description": "从任意 Git 服务迁移仓库。",
-	"migrate.gitea.description": "从 gitea.com 或其他 Gitea 实例迁移数据。",
-	"migrate.gitlab.description": "从 gitlab.com 或其他 GitLab 实例迁移数据。",
-	"migrate.gogs.description": "从 notabug.org 或其他 Gogs 实例迁移数据。",
-	"migrate.onedev.description": "从 code.onedev.io 或其他 OneDev 实例迁移数据。",
-	"migrate.gitbucket.description": "从 GitBucket 实例迁移数据。",
-	"migrate.codebase.description": "从 codebasehq.com 迁移数据。",
-	"migrate.forgejo.description": "从 codeberg.org 或其他 Forgejo 实例迁移数据。",
+	"migrate.pagure.description": "从pagure.io或其他Pagure实例迁移数据。",
+	"migrate.github.description": "从github.com或GitHub Enterprise服务器迁移数据。",
+	"migrate.git.description": "从任意Git服务迁移仓库。",
+	"migrate.gitea.description": "从gitea.com或其他Gitea实例迁移数据。",
+	"migrate.gitlab.description": "从gitlab.com或其他GitLab实例迁移数据。",
+	"migrate.gogs.description": "从notabug.org或其他Gogs实例迁移数据。",
+	"migrate.onedev.description": "从code.onedev.io或其他OneDev实例迁移数据。",
+	"migrate.gitbucket.description": "从GitBucket实例迁移数据。",
+	"migrate.codebase.description": "从codebasehq.com迁移数据。",
+	"migrate.forgejo.description": "从codeberg.org或其他Forgejo实例迁移数据。",
 	"warning.repository.out_of_sync": "此仓库的数据库表示已脱同步。如果在向此仓库推送提交后仍出现此警告，请联系管理员。",
 	"admin.config.security": "安全设置",
 	"settings.twofa_unroll_unavailable": "你的账户必须启用双因子认证，无法禁用。",
-	"error.must_enable_2fa": "此 Forgejo 实例要求用户启用双因子认证。转到 %s 以启用",
+	"error.must_enable_2fa": "此Forgejo实例要求用户启用双因子认证。转到%s以启用",
 	"admin.config.global_2fa_requirement.title": "全局双因子认证要求",
 	"admin.config.global_2fa_requirement.none": "无",
 	"admin.config.global_2fa_requirement.all": "所有用户",
 	"admin.config.global_2fa_requirement.admin": "管理员",
 	"settings.twofa_reenroll": "重新启用双因子认证",
 	"settings.twofa_reenroll.description": "重新启用你的双因子认证",
-	"settings.must_enable_2fa": "此 Forgejo 实例要求用户启用双因子认证。",
+	"settings.must_enable_2fa": "此Forgejo实例要求用户启用双因子认证。",
 	"migrate.pagure.incorrect_url": "提供了错误的源仓库URL",
-	"migrate.pagure.project_url": "Pagure 项目 URL",
-	"migrate.pagure.project_example": "Pagure 项目 URL，例如：https://pagure.io/pagure",
-	"migrate.pagure.token_label": "Pagure API 令牌",
+	"migrate.pagure.project_url": "Pagure项目URL",
+	"migrate.pagure.project_example": "Pagure项目URL，例如：https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Pagure API令牌",
 	"repo.pulls.already_merged": "合并失败：此合并请求已被合并。",
 	"user.ghost.tooltip": "该用户已被删除或无法找到。",
-	"migrate.form.error.url_credentials": "URL 包含凭据，请分别将凭据填入用户名和密码字段",
+	"migrate.form.error.url_credentials": "URL包含凭据，请分别将凭据填入用户名和密码字段",
 	"actions.runs.view_most_recent_run": "查看最新运行",
-	"actions.runs.run_attempt_label": "运行尝试 #%[1]s（%[2]s）",
-	"actions.runs.viewing_out_of_date_run": "您正在查看于 %[1]s 执行的过期运行。",
+	"actions.runs.run_attempt_label": "运行尝试#%[1]s（%[2]s）",
+	"actions.runs.viewing_out_of_date_run": "您正在查看于%[1]s执行的过期运行。",
 	"actions.runs.all_workflows": "所有工作流",
 	"actions.runs.commit": "提交",
-	"actions.runs.scheduled": "已计划的",
-	"actions.runs.pushed_by": "推送者",
-	"actions.runs.workflow": "工作流",
+	"actions.runs.scheduled": "已排队",
+	"actions.runs.pushed_by": "推送者：",
+	"actions.runs.workflow": "工作流：",
 	"actions.runs.invalid_workflow_helper": "工作流配置文件无效。请检查您的配置文件：%s",
-	"actions.runs.no_matching_online_runner.helper": "没有匹配标签的在线运行器：%s",
+	"actions.runs.no_matching_online_runner.helper": "没有匹配标签且在线的运行器：%s",
 	"actions.runs.no_job_without_needs": "工作流必须至少包含一组没有依赖的作业。",
 	"actions.runs.no_job": "工作流必须至少包含一个作业",
 	"actions.runs.actor": "操作者",
@@ -349,55 +328,55 @@
 	"actions.runners.status": "状态",
 	"actions.runners.status.unspecified": "未知",
 	"actions.runners.status.idle": "空闲",
-	"actions.runners.status.active": "激活",
+	"actions.runners.status.active": "在线",
 	"actions.runners.status.offline": "离线",
 	"actions.runners.id": "ID",
 	"actions.runners.name": "名称",
 	"actions.runners.owner_type": "类型",
-	"actions.runners.description": "组织描述",
+	"actions.runners.description": "描述",
 	"actions.runners.labels": "标签",
-	"actions.runners.last_online": "上次在线时间",
+	"actions.runners.last_online": "最后在线时间",
 	"actions.runners.runner_title": "运行器",
 	"actions.runners.task_list": "最近在此运行器上的任务",
-	"actions.runners.task_list.no_tasks": "还没有任务。",
-	"actions.runners.task_list.run": "执行",
+	"actions.runners.task_list.no_tasks": "尚无任何任务",
+	"actions.runners.task_list.run": "运行",
 	"actions.runners.task_list.status": "状态",
 	"actions.runners.task_list.repository": "仓库",
 	"actions.runners.task_list.commit": "提交",
 	"actions.runners.task_list.done_at": "完成于",
 	"actions.runners.edit_runner": "编辑运行器",
-	"actions.runners.update_runner.button": "更新更改",
-	"actions.runners.update_runner.success": "运行器更新成功",
-	"actions.runners.update_runner.failed": "更新运行器失败",
-	"actions.runners.delete_runner.button": "删除运行器",
-	"actions.runners.delete_runner.success": "运行器删除成功",
+	"actions.runners.update_runner.button": "保存更改",
+	"actions.runners.update_runner.success": "成功更新运行器设置",
+	"actions.runners.update_runner.failed": "更新运行器设置失败",
+	"actions.runners.delete_runner.button": "删除此运行器",
+	"actions.runners.delete_runner.success": "成功删除运行器",
 	"actions.runners.delete_runner.failed": "删除运行器失败",
 	"actions.runners.delete_runner.header": "确认要删除此运行器",
 	"actions.runners.delete_runner.notice": "如果有任务正在此运行器上运行，它将被终止并标记为失败。这可能会中断正在构建的工作流。",
-	"actions.runners.none": "无可用的运行器",
+	"actions.runners.none": "无可用运行器",
 	"actions.runners.version": "版本",
 	"actions.runners.reset_registration_token.button": "重置注册令牌",
-	"actions.runners.reset_registration_token.success": "成功重置运行器注册令牌",
-	"pulse.n_active_issues": "%s 项活动的议题",
-	"pulse.n_active_prs": "%s 个活跃的合并请求",
+	"actions.runners.reset_registration_token.success": "已重置运行器注册令牌",
+	"pulse.n_active_issues": "%s项活动的议题",
+	"pulse.n_active_prs": "%s个活跃的合并请求",
 	"repo.pulls.maintainers_can_edit": "维护者可以编辑此合并请求。",
 	"repo.pulls.maintainers_cannot_edit": "维护者无法编辑此合并请求。",
 	"migrate.pagure.private_issues.summary": "私有议题（可选）",
 	"migrate.pagure.private_issues.description": "此功能将创建一个单独的、只包含私有议题的仓库，以供存档。首先，不带令牌进行一次普通迁移以导入公开内容，然后若有需要，填写令牌并再次迁移以创建一个新的仓库并存档私有议题。",
 	"migrate.pagure.private_issues.warning": "请确保在导入私有议题时将仓库可见性设置为私有，以避免意外将私有内容泄漏至公开仓库。",
 	"migrate.pagure.token.placeholder": "仅用于创建私有议题归档",
-	"mail.issue.action.close_by_commit": "%[1]s 于提交 %[3]s 中关闭了 %[2]s。",
+	"mail.issue.action.close_by_commit": "%[1]s于提交%[3]s中关闭了%[2]s。",
 	"actions.workflow.job_parsing_error": "无法解析工作流中的任务：%v",
 	"actions.workflow.event_detection_error": "无法解析工作流中受支持的事件：%v",
 	"actions.workflow.pre_execution_error": "因有错误阻止了执行尝试，工作流未被执行。",
-	"watch.n_watchers": "%s 位关注者",
+	"watch.n_watchers": "%s位关注者",
 	"teams.add_all_repos.modal.header": "添加所有仓库",
 	"teams.remove_all_repos.modal.header": "移除所有仓库",
 	"repo.pulls.poster_manage_approval": "管理批准",
-	"repo.pulls.poster_requires_approval": "一些工作流正<a href=\"%[1]s\">等待审阅</a>。",
-	"repo.pulls.poster_requires_approval.tooltip": "此合并请求的作者未被信任以运行由派生仓库或AGit创建的PR触发的工作流。由 `pull_request` 事件触发的工作流在被批准前不会运行。",
-	"repo.pulls.poster_is_trusted": "此合并请求的作者<a href=\"%[1]s\">总是被信任以运行工作流</a>。",
-	"repo.pulls.poster_is_trusted.tooltip": "此合并请求的作者被明确信任以运行由 `pull_request` 事件触发的工作流。",
+	"repo.pulls.poster_requires_approval": "有工作流正<a href=\"%[1]s\">等待审阅</a>。",
+	"repo.pulls.poster_requires_approval.tooltip": "此合并请求的作者未被信任以运行由派生仓库或AGit创建的PR触发的工作流。由`pull_request`事件触发的工作流在被批准前不会运行。",
+	"repo.pulls.poster_is_trusted": "此合并请求的作者<a href=\"%[1]s\">总是受到信任以运行工作流</a>。",
+	"repo.pulls.poster_is_trusted.tooltip": "此合并请求的作者被明确信任以运行由`pull_request`事件触发的工作流。",
 	"repo.pulls.poster_trust_deny": "拒绝",
 	"repo.pulls.poster_trust_deny.tooltip": "等待批准的工作流将被取消。",
 	"repo.pulls.poster_trust_once": "批准一次",
@@ -406,11 +385,10 @@
 	"repo.issues.filter_reviewers.hint": "按审阅用户过滤",
 	"repo.issues.filter_mention.hint": "按提及用户过滤",
 	"repo.issues.filter_modified.hint": "按最后修改时间过滤",
-	"repo.issues.filter_sort.hint": "按创建时间/评论数/更新时间/截止时间排序",
 	"search.syntax": "搜索语法",
 	"keys.verify.token.hint": "此令牌仅在一分钟内有效。过期后请<a href=\"%[1]s\">重新获取</a>。",
 	"admin.dashboard.actions_action_user": "撤销不活跃用户的Forgejo Actions信任",
-	"admin.dashboard.transfer_lingering_logs": "将已完成的actions任务的日志从数据库转移到硬盘",
+	"admin.dashboard.transfer_lingering_logs": "将已完成的Actions任务的日志从数据库转移到硬盘",
 	"actions.status.diagnostics.waiting": "等待带有以下标签的运行器：%s",
 	"actions.status.unknown": "未知",
 	"actions.status.waiting": "等待中",
@@ -419,7 +397,7 @@
 	"actions.status.failure": "失败",
 	"actions.status.cancelled": "已取消",
 	"actions.status.skipped": "已忽略",
-	"actions.status.blocked": "阻塞中",
+	"actions.status.blocked": "已阻止",
 	"repo.pulls.poster_trust_once.tooltip": "由`pull_request`事件触发的工作流会基于此提交运行，但仍需批准。",
 	"repo.pulls.poster_trust_always": "始终批准",
 	"repo.pulls.poster_trust_always.tooltip": "由`pull_request`事件触发的工作流会基于此提交运行，且来自此合并请求或同一用户的其他合并请求的运行不需要批准。",
@@ -433,15 +411,15 @@
 	"moderation.action.issue.delete": "删除议题",
 	"moderation.action.comment.delete": "删除评论",
 	"moderation.unknown_action": "未知操作",
-	"moderation.users.cannot_suspend_self": "您不能封禁您自己。",
-	"moderation.users.cannot_suspend_admins": "您不能封禁有管理权限的用户。",
-	"moderation.users.cannot_suspend_org": "您不能封禁组织。",
+	"moderation.users.cannot_suspend_self": "不能封禁您自己。",
+	"moderation.users.cannot_suspend_admins": "不能封禁管理员。",
+	"moderation.users.cannot_suspend_org": "不能封禁组织。",
 	"moderation.users.already_suspended": "该账户已经处于封禁状态。",
 	"moderation.users.suspend_success": "已封禁该账户。",
-	"moderation.users.cannot_delete_admins": "您不能删除有管理权限的账户。",
+	"moderation.users.cannot_delete_admins": "您不能删除管理员。",
 	"moderation.issue.deletion_success": "已删除该议题。",
 	"moderation.comment.deletion_success": "已删除该评论。",
-	"actions.workflow.persistent_incomplete_matrix": "因`needs`表达式无效，无法解析该任务的`strategy.martix`。可能引用了一个未在其 needs 列表（%[2]s）当中的任务，或者该列表中某些任务没有输出。",
+	"actions.workflow.persistent_incomplete_matrix": "因`needs`表达式无效，无法解析该任务的`strategy.martix`。可能是因为引用了一个未在其needs列表（%[2]s）当中的任务，或者该列表中某些任务没有输出。",
 	"actions.workflow.incomplete_matrix_missing_job": "无法解析任务‘%[1]s’的`strategy.martix`：任务‘%[2]s’不在‘%[1]s’的`needs`列表当中（%[3]s）。",
 	"actions.workflow.incomplete_matrix_missing_output": "无法解析任务‘%[1]s’的`strategy.martix`：任务‘%[2]s’没有输出‘%[3]s’。",
 	"actions.workflow.incomplete_matrix_unknown_cause": "无法解析任务‘%[1]s’的`strategy.martix`：未知错误。",
@@ -449,11 +427,11 @@
 	"actions.workflow.incomplete_runson_missing_output": "无法解析任务‘%[1]s’的`runs-on`：任务‘%[2]s’没有输出‘%[3]s’。",
 	"actions.workflow.incomplete_runson_missing_matrix_dimension": "无法解析任务‘%[1]s’的`runs-on`：矩阵维度‘%[2]s’不存在。",
 	"actions.workflow.incomplete_runson_unknown_cause": "无法解析任务‘%[1]s’的`runs-on`：未知错误。",
-	"admin.auths.oauth2_quota_group_claim_name": "用于设定该来源配额组名的声明（claim）的名称。（可选）",
-	"admin.auths.oauth2_quota_group_map": "将声明组映射到配额组。（可选，需要填写上述声明名称）",
-	"admin.auths.oauth2_quota_group_map_removal": "如果用户不是对应组的成员，则将用户从同步的配额组中移出。",
+	"admin.auths.oauth2_quota_group_claim_name": "提供配额管理组名称的claim名称。（可选）",
+	"admin.auths.oauth2_quota_group_map": "将claim组映射到配额组。（可选，需要填写上述claim名称）",
+	"admin.auths.oauth2_quota_group_map_removal": "如果用户不是对应组的成员，则将用户同步从配额组中移出。",
 	"search.fuzzy": "模糊",
-	"issues.updated": "更新于 %s",
+	"issues.updated": "更新于%s",
 	"search.fuzzy_tooltip": "包含与搜索关键字相似的结果",
 	"actions.workflow.incomplete_with_missing_job": "无法解析任务‘%[1]s’的`with`：任务‘%[2]s’不在任务‘%[1]s’的`needs`列表（‘%[3]s’）中。",
 	"actions.workflow.incomplete_with_missing_output": "无法解析任务‘%[1]s’的`with`：任务‘%[2]s’没有输出‘%[3]s’。",
@@ -472,7 +450,18 @@
 	"editor.toggle_case": "切换大小写敏感",
 	"editor.toggle_regex": "切换正则表达式",
 	"editor.toggle_whole_word": "切换全词匹配",
-	"repo.view.gitmodules_too_large": ".gitmodules 因太大而被（API等）忽略",
-	"install.ssh_authorized_keys_inspection_error": "无法检查已存在的 authorized_keys 文件：%v",
-	"install.ssh_authorized_keys_unexpected_key": "为 Forgejo 启用 SSH 与位于 %s 的文件冲突，该文件包含已存在的 SSH 密钥。建议：为 Forgejo 使用独立的系统用户或禁用 SSH。"
+	"repo.view.gitmodules_too_large": ".gitmodules因太大而被（API等）忽略",
+	"install.ssh_authorized_keys_inspection_error": "无法检查已存在的authorized_keys文件：%v",
+	"install.ssh_authorized_keys_unexpected_key": "为Forgejo启用SSH与位于%s的文件冲突，该文件包含已存在的SSH密钥。建议：为Forgejo使用独立的系统用户或禁用SSH。",
+	"issues.filters.labels.exclude": "排除标签",
+	"issues.filters.labels.unexclude": "清除排除",
+	"actions.secrets.creation.name_description": "机密名称只能含有字母、数字和下划线，且不能以FORGEJO_、GITEA_、GITHUB_或数字开头，Forgejo会自动将名字转换为大写。",
+	"actions.secrets.creation.value_description": "机密值可以是任意文本，特殊字符会被保留，CRLF（Windows式的换行符）会被自动转换为LF。若要保留换行符，请对值进行Base64编码。",
+	"actions.variables.mutation.name_description": "变量名称只能含有字母、数字和下划线，且不能为CI或以FORGEJO_、GITEA_、GITHUB_或数字开头，Forgejo会自动将名字转换为大写。",
+	"actions.variables.mutation.value_description": "变量值可以是任意文本，特殊字符会被保留，CRLF（Windows式的换行符）会被自动转换为LF。若要保留换行符，请对值进行Base64编码。",
+	"packages.common.install": "运行以下命令以安装这个软件包：",
+	"packages.common.registry": "运行以下命令以配置此注册表：",
+	"packages.common.repository": "仓库信息",
+	"repo.issues.filter_sort.hint_with_placeholder": "排序依据：%s",
+	"actions.runs.all_runs_link": "所有运行记录"
 }
diff --git a/options/locale_next/locale_zh-HK.json b/options/locale_next/locale_zh-HK.json
index f8a63b7403..a595ec54f5 100644
--- a/options/locale_next/locale_zh-HK.json
+++ b/options/locale_next/locale_zh-HK.json
@@ -1,7 +1,7 @@
 {
-	"actions.runners.name": "組織名稱",
+	"actions.runners.name": "名稱",
 	"actions.runners.owner_type": "認證類型",
-	"actions.runners.description": "組織描述",
+	"actions.runners.description": "描述",
 	"actions.runners.labels": "標籤",
 	"actions.runners.task_list.run": "執行",
 	"actions.runners.task_list.repository": "儲存庫",
diff --git a/options/locale_next/locale_zh-TW.json b/options/locale_next/locale_zh-TW.json
index 27ee7633a4..29a5084b2c 100644
--- a/options/locale_next/locale_zh-TW.json
+++ b/options/locale_next/locale_zh-TW.json
@@ -124,8 +124,6 @@
 	"packages.alpine.registry": "在您的 <code>/etc/apk/repositories</code> 檔加入下列 URL 以設定此註冊中心:",
 	"packages.alpine.registry.key": "下載註冊中心的公開 RSA 金鑰到 <code>/etc/apk/keys/</code> 資料夾來驗證索引簽署:",
 	"packages.alpine.registry.info": "從下列清單選擇 $branch 和 $repository。",
-	"packages.alpine.install": "執行下列命令安裝此軟體包：",
-	"packages.alpine.repository": "儲存庫資訊",
 	"packages.alpine.repository.branches": "分支",
 	"packages.alpine.repository.repositories": "儲存庫",
 	"packages.alpine.repository.architectures": "架構",
@@ -138,7 +136,6 @@
 	"packages.arch.version.description": "描述",
 	"packages.arch.version.provides": "提供",
 	"packages.arch.version.groups": "群組",
-	"packages.arch.version.depends": "依賴",
 	"packages.arch.version.optdepends": "選擇性依賴",
 	"packages.arch.version.makedepends": "編譯依賴",
 	"packages.arch.version.checkdepends": "檢查依賴",
@@ -148,12 +145,9 @@
 	"packages.cargo.registry": "在 Cargo 組態檔設定此註冊中心 (例如: <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "執行下列命令以使用 Cargo 安裝此軟體包：",
 	"packages.chef.registry": "在您的 <code>~/.chef/config.rb</code> 檔設定此註冊中心:",
-	"packages.chef.install": "執行下列命令以安裝此軟體包：",
 	"packages.composer.registry": "在您的 <code>~/.composer/config.json</code> 檔設定此註冊中心:",
 	"packages.composer.install": "執行下列命令以使用 Composer 安裝此軟體包：",
-	"packages.composer.dependencies": "相依性",
 	"packages.composer.dependencies.development": "開發相依性",
-	"packages.conan.registry": "透過下列命令設定此註冊中心:",
 	"packages.conan.install": "執行下列命令以使用 Conan 安裝此軟體包：",
 	"packages.conda.registry": "在您的 <code>.condarc</code> 檔設定此註冊中心為 Conda 存儲庫:",
 	"packages.conda.install": "執行下列命令以使用 Conda 安裝此軟體包：",
@@ -168,29 +162,21 @@
 	"packages.container.labels.key": "鍵",
 	"packages.container.labels.value": "值",
 	"packages.cran.registry": "在你的 <code>Rprofile.site</code> 檔案中設定此註冊表：",
-	"packages.cran.install": "執行下列命令以安裝此軟體包：",
-	"packages.debian.registry": "透過下列命令設定此註冊中心:",
 	"packages.debian.registry.info": "從下面的清單中選擇 $distribution 和 $component。",
-	"packages.debian.install": "執行下列命令以安裝此軟體包：",
-	"packages.debian.repository": "儲存庫資訊",
 	"packages.debian.repository.distributions": "發行版",
 	"packages.debian.repository.components": "元件",
 	"packages.debian.repository.architectures": "架構",
 	"packages.generic.download": "使用命令列下載軟體包：",
 	"packages.go.install": "使用命令列安裝軟體包：",
-	"packages.helm.registry": "透過下列命令設定此註冊中心:",
-	"packages.helm.install": "執行下列命令安裝以此軟體包：",
 	"packages.maven.registry": "在您專案的 <code>pom.xml</code> 檔設定此註冊中心:",
 	"packages.maven.install": "若要使用此軟體包，請在您 <code>pom.xml</code> 檔的 <code>dependencies</code> 段落加入下列內容:",
 	"packages.maven.install2": "透過下列命令執行:",
 	"packages.maven.download": "透過下列命令下載相依性：",
-	"packages.nuget.registry": "透過下列命令設定此註冊中心：",
 	"packages.nuget.install": "執行下列命令以使用 NuGet 安裝此軟體包：",
 	"packages.nuget.dependency.framework": "目標框架",
 	"packages.npm.registry": "在您專案的 <code>.npmrc</code> 檔設定此註冊中心:",
 	"packages.npm.install": "執行下列命令以使用 npm 安裝此軟體包：",
 	"packages.npm.install2": "或將它加到 package.json 檔：",
-	"packages.npm.dependencies": "相依性",
 	"packages.npm.dependencies.development": "開發相依性",
 	"packages.npm.dependencies.bundle": "已捆綁相依性",
 	"packages.npm.dependencies.peer": "同行相依性",
@@ -198,18 +184,12 @@
 	"packages.npm.details.tag": "標籤",
 	"packages.pypi.requires": "需要 Python",
 	"packages.pypi.install": "執行下列命令以使用 pip 安裝此軟體包：",
-	"packages.rpm.registry": "透過下列命令設定此註冊中心:",
 	"packages.rpm.distros.redhat": "在基於 RedHat 的發行版上",
 	"packages.rpm.distros.suse": "在基於 SUSE 的發行版上",
-	"packages.rpm.install": "執行下列命令以安裝此軟體包：",
-	"packages.rpm.repository": "儲存庫資訊",
 	"packages.rpm.repository.architectures": "架構",
 	"packages.rpm.repository.multiple_groups": "此套件可以在多個群組中使用。",
-	"packages.alt.registry": "從命令列設定此註冊表：",
-	"packages.alt.registry.install": "若要安裝軟體包，執行以下命令：",
 	"packages.alt.install": "安裝軟體包",
 	"packages.alt.setup": "新增儲存庫至已連接的儲存庫清單（選擇必要的架構結構而非「_arch_」）：",
-	"packages.alt.repository": "儲存庫資訊",
 	"packages.alt.repository.architectures": "架構",
 	"packages.alt.repository.multiple_groups": "此軟體包在多個群組中可用。",
 	"packages.rubygems.install": "執行下列命令以使用 gem 安裝此軟體包：",
@@ -218,7 +198,6 @@
 	"packages.rubygems.dependencies.development": "開發相依性",
 	"packages.rubygems.required.ruby": "需要的 Ruby 版本",
 	"packages.rubygems.required.rubygems": "需要的 RubyGem 版本",
-	"packages.swift.registry": "透過下列命令設定此註冊中心:",
 	"packages.swift.install": "將此軟體包加入您的 <code>Package.swift</code> 檔：",
 	"packages.swift.install2": "並執行下列命令：",
 	"packages.vagrant.install": "執行下列命令以新增 Vagrant box:",
@@ -346,5 +325,18 @@
 	"migrate.codebase.description": "從 codebasehq.com 遷移資料。",
 	"migrate.forgejo.description": "從 codeberg.org 或其他 Forgejo 站點遷移資料。",
 	"pulse.n_active_issues": "%s 個問題",
-	"pulse.n_active_prs": "%s 個合併請求"
+	"pulse.n_active_prs": "%s 個合併請求",
+	"watch.n_watchers": "%s 位關注者",
+	"repo.issues.filter_poster.hint": "按作者過濾",
+	"repo.issues.filter_assignee.hint": "按指定用戶過濾",
+	"repo.issues.filter_reviewers.hint": "按審閱用戶過濾",
+	"repo.issues.filter_mention.hint": "按提及用戶過濾",
+	"repo.issues.filter_modified.hint": "按最後修改時間過濾",
+	"repo.issues.filter_sort.hint_with_placeholder": "排序依據：%s",
+	"issues.updated": "更新與 %s",
+	"issues.filters.labels.exclude": "排除標籤",
+	"issues.filters.labels.unexclude": "清除排除",
+	"repo.pulls.poster_manage_approval": "管理批准",
+	"repo.pulls.poster_requires_approval": "有工作流正<a href=\"%[1]s\">等待審閱</a>。",
+	"repo.pulls.poster_requires_approval.tooltip": "此合併請求的提交者,不信任執行由衍生儲存庫或 AGit 所建立的 PR 所觸發的工作流程。由 `pull_request` 事件觸發的工作流程,將不會持續執行,直到核准為止。"
 }

From 5582faa0c77fdb1eadfab104d273a406578f48c7 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 1 Mar 2026 08:01:10 -0700
Subject: [PATCH 370/854] refactor: split AuthorizationReducer into a base
 RepositoryAuthorizationReducer interface

---
 models/repo/authz.go                          | 29 +++++++++++++++++++
 services/authz/all_access_reducer.go          |  2 +-
 services/authz/all_access_reducer_test.go     | 12 ++++----
 services/authz/authorization_reducer.go       | 21 ++------------
 services/authz/authorization_reducer_mock.go  | 14 ++++-----
 services/authz/public_repos_reducer.go        |  5 ++--
 services/authz/public_repos_reducer_test.go   | 20 ++++++-------
 services/authz/specific_repos_reducer.go      | 11 ++-----
 services/authz/specific_repos_reducer_test.go | 16 +---------
 9 files changed, 58 insertions(+), 72 deletions(-)
 create mode 100644 models/repo/authz.go

diff --git a/models/repo/authz.go b/models/repo/authz.go
new file mode 100644
index 0000000000..9196370583
--- /dev/null
+++ b/models/repo/authz.go
@@ -0,0 +1,29 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package repo
+
+import (
+	"context"
+
+	"forgejo.org/models/perm"
+
+	"xorm.io/builder"
+)
+
+// Defines an API for reducing available permissions to specific repositories.
+type RepositoryAuthorizationReducer interface {
+	// Given a repository and an accessMode, ReduceRepoAccess will return a new, possibly reduced, AccessMode that
+	// reflects the actual access that is currently permitted.  For example, when using a fine-grained access token that
+	// only grants write access to one target repository, `ReduceRepoAccess(target, AccessModeWrite)` would return
+	// `AccessModeWrite`, and `ReduceRepoAccess(other-repo, AccessModeWrite)` would return a lesser access mode,
+	// restricting access to other repositories.
+	ReduceRepoAccess(ctx context.Context, repo *Repository, accessMode perm.AccessMode) (perm.AccessMode, error)
+
+	// If querying the repository table, apply the provided condition to query only repositories that the restriction
+	// will allow AccessModeRead (or higher).  For example, when using a fine-grained access token that only grants
+	// write access to one target repository, `RepoReadAccessFilter()` will return a query condition that provides
+	// visibility for all the public repos (which have read access) and all the target private repos (which have write
+	// access, which is greater-than read access).
+	RepoReadAccessFilter() builder.Cond
+}
diff --git a/services/authz/all_access_reducer.go b/services/authz/all_access_reducer.go
index 8a4590f285..42e3ee2e8e 100644
--- a/services/authz/all_access_reducer.go
+++ b/services/authz/all_access_reducer.go
@@ -20,7 +20,7 @@ func (*AllAccessAuthorizationReducer) ReduceRepoAccess(ctx context.Context, repo
 	return accessMode, nil
 }
 
-func (*AllAccessAuthorizationReducer) RepoFilter(accessMode perm.AccessMode) builder.Cond {
+func (*AllAccessAuthorizationReducer) RepoReadAccessFilter() builder.Cond {
 	return builder.NewCond() // invalid cond should be excluded and cause no filtering
 }
 
diff --git a/services/authz/all_access_reducer_test.go b/services/authz/all_access_reducer_test.go
index 84c1b1c1ac..ad2d8f72ee 100644
--- a/services/authz/all_access_reducer_test.go
+++ b/services/authz/all_access_reducer_test.go
@@ -33,14 +33,12 @@ func TestAllAccessAuthorizationReducer(t *testing.T) {
 		numRepos, err := db.GetEngine(t.Context()).Table(&repo.Repository{}).Count()
 		require.NoError(t, err)
 
-		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite, perm.AccessModeRead} {
-			cond := reducer.RepoFilter(am)
+		cond := reducer.RepoReadAccessFilter()
 
-			var rows []*repo.Repository
-			err := db.GetEngine(t.Context()).Table(&repo.Repository{}).Where(cond).OrderBy("id").Cols("id", "owner_id", "is_private").Find(&rows)
-			require.NoError(t, err)
-			assert.Len(t, rows, int(numRepos))
-		}
+		var rows []*repo.Repository
+		err = db.GetEngine(t.Context()).Table(&repo.Repository{}).Where(cond).OrderBy("id").Cols("id", "owner_id", "is_private").Find(&rows)
+		require.NoError(t, err)
+		assert.Len(t, rows, int(numRepos))
 	})
 
 	t.Run("AllowAdminOverride is true", func(t *testing.T) {
diff --git a/services/authz/authorization_reducer.go b/services/authz/authorization_reducer.go
index 0152daf890..7485f74f40 100644
--- a/services/authz/authorization_reducer.go
+++ b/services/authz/authorization_reducer.go
@@ -4,30 +4,15 @@
 package authz
 
 import (
-	"context"
-
-	"forgejo.org/models/perm"
 	repo_model "forgejo.org/models/repo"
-
-	"xorm.io/builder"
 )
 
 // Defines an API for reducing available permissions to specific resources.  Typically associated with a fine-grained
 // access tokens and provides methods to reduce authorization that the access token provides down to specific resources.
 type AuthorizationReducer interface {
-	// Given a repository and an accessMode, ReduceRepoAccess will return a new, possibly reduced, AccessMode that
-	// reflects the actual access that is currently permitted.  For example, when using a fine-grained access token that
-	// only grants write access to one target repository, `ReduceRepoAccess(target, AccessModeWrite)` would return
-	// `AccessModeWrite`, and `ReduceRepoAccess(other-repo, AccessModeWrite)` would return a lesser access mode,
-	// restricting access to other repositories.
-	ReduceRepoAccess(ctx context.Context, repo *repo_model.Repository, accessMode perm.AccessMode) (perm.AccessMode, error)
-
-	// If querying the repository table, apply this condition to return only repositories that the restriction will
-	// allow the target access mode (or higher).  For example, when using a fine-grained access token that only grants
-	// write access to one target repository, `RepoFilter(AccessModeWrite)` would return a filter that only returns that
-	// single repository, while `RepoFilter(AccessModeRead)` would return a filter that includes all public repositories
-	// and the target repository.
-	RepoFilter(accessMode perm.AccessMode) builder.Cond
+	// Incorporate all the methods of [RepositoryAuthorizationReducer], which allows reducing permissions related to
+	// repositories specifically.
+	repo_model.RepositoryAuthorizationReducer
 
 	// Controls whether the presence of an authorization reducer will prevent administrators from overriding permission
 	// checks. Typically site administrators and repo administrators are exempted from permission checks, but if an
diff --git a/services/authz/authorization_reducer_mock.go b/services/authz/authorization_reducer_mock.go
index 27e90b24a4..79562917c4 100644
--- a/services/authz/authorization_reducer_mock.go
+++ b/services/authz/authorization_reducer_mock.go
@@ -64,20 +64,18 @@ func (_m *MockAuthorizationReducer) ReduceRepoAccess(ctx context.Context, repo *
 }
 
 // RepoFilter provides a mock function with given fields: accessMode
-func (_m *MockAuthorizationReducer) RepoFilter(accessMode perm.AccessMode) builder.Cond {
-	ret := _m.Called(accessMode)
+func (_m *MockAuthorizationReducer) RepoReadAccessFilter() builder.Cond {
+	ret := _m.Called()
 
 	if len(ret) == 0 {
-		panic("no return value specified for RepoFilter")
+		panic("no return value specified for AllowAdminOverride")
 	}
 
 	var r0 builder.Cond
-	if rf, ok := ret.Get(0).(func(perm.AccessMode) builder.Cond); ok {
-		r0 = rf(accessMode)
+	if rf, ok := ret.Get(0).(func() builder.Cond); ok {
+		r0 = rf()
 	} else {
-		if ret.Get(0) != nil {
-			r0 = ret.Get(0).(builder.Cond)
-		}
+		r0 = ret.Get(0).(builder.Cond)
 	}
 
 	return r0
diff --git a/services/authz/public_repos_reducer.go b/services/authz/public_repos_reducer.go
index ce603cb569..335e1e60b8 100644
--- a/services/authz/public_repos_reducer.go
+++ b/services/authz/public_repos_reducer.go
@@ -31,9 +31,8 @@ func (*PublicReposAuthorizationReducer) ReduceRepoAccess(ctx context.Context, re
 	return accessMode, nil
 }
 
-func (*PublicReposAuthorizationReducer) RepoFilter(accessMode perm.AccessMode) builder.Cond {
-	// Regardless of access mode, allow access only to non-private repositories, that aren't in a private or limited
-	// organization.
+func (*PublicReposAuthorizationReducer) RepoReadAccessFilter() builder.Cond {
+	// Allow access only to non-private repositories, that aren't in a private or limited organization.
 	return builder.And(
 		builder.Eq{"is_private": false},
 		builder.NotIn("owner_id", builder.Select("id").From("`user`").Where(
diff --git a/services/authz/public_repos_reducer_test.go b/services/authz/public_repos_reducer_test.go
index 5e72566253..40a0b397fd 100644
--- a/services/authz/public_repos_reducer_test.go
+++ b/services/authz/public_repos_reducer_test.go
@@ -52,18 +52,16 @@ func TestPublicReposAuthorizationReducer(t *testing.T) {
 	})
 
 	t.Run("RepoFilter unrestricted access only permitted to public repos", func(t *testing.T) {
-		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite, perm.AccessModeRead} {
-			cond := reducer.RepoFilter(am)
+		cond := reducer.RepoReadAccessFilter()
 
-			var rows []*repo.Repository
-			err := db.GetEngine(t.Context()).Table(&repo.Repository{}).Where(cond).OrderBy("id").Cols("id", "owner_id", "is_private").Find(&rows)
-			require.NoError(t, err)
-			assert.NotEmpty(t, rows)
-			for _, repo := range rows {
-				assert.False(t, repo.IsPrivate)
-				require.NoError(t, repo.LoadOwner(t.Context()))
-				assert.True(t, repo.Owner.Visibility.IsPublic())
-			}
+		var rows []*repo.Repository
+		err := db.GetEngine(t.Context()).Table(&repo.Repository{}).Where(cond).OrderBy("id").Cols("id", "owner_id", "is_private").Find(&rows)
+		require.NoError(t, err)
+		assert.NotEmpty(t, rows)
+		for _, repo := range rows {
+			assert.False(t, repo.IsPrivate)
+			require.NoError(t, repo.LoadOwner(t.Context()))
+			assert.True(t, repo.Owner.Visibility.IsPublic())
 		}
 	})
 
diff --git a/services/authz/specific_repos_reducer.go b/services/authz/specific_repos_reducer.go
index e9c6f6d7c5..dd085189af 100644
--- a/services/authz/specific_repos_reducer.go
+++ b/services/authz/specific_repos_reducer.go
@@ -44,21 +44,14 @@ func (r *SpecificReposAuthorizationReducer) ReduceRepoAccess(ctx context.Context
 	return min(accessMode, perm.AccessModeRead), nil
 }
 
-func (r *SpecificReposAuthorizationReducer) RepoFilter(accessMode perm.AccessMode) builder.Cond {
+func (r *SpecificReposAuthorizationReducer) RepoReadAccessFilter() builder.Cond {
 	repoIDs := make([]int64, len(r.resourceRepos))
 	for i, tokenRepo := range r.resourceRepos {
 		repoIDs[i] = tokenRepo.RepoID
 	}
 	targetRepos := builder.In("repository.id", repoIDs)
 
-	// If requesting anything higher than read access, it will only be available for repos within the scope of the
-	// access token.
-	if accessMode > perm.AccessModeRead {
-		return targetRepos
-	}
-
-	// For read access, we should be able to see all non-private repositories that aren't in a private or limited
-	// organisation.
+	// We should also be able to see all non-private repositories that aren't in a private or limited organization.
 	return builder.Or(
 		targetRepos,
 		builder.And(
diff --git a/services/authz/specific_repos_reducer_test.go b/services/authz/specific_repos_reducer_test.go
index e99c8515a6..5db65eeca4 100644
--- a/services/authz/specific_repos_reducer_test.go
+++ b/services/authz/specific_repos_reducer_test.go
@@ -77,22 +77,8 @@ func TestSpecificReposAuthorizationReducer(t *testing.T) {
 		assert.Equal(t, perm.AccessModeNone, p3)
 	})
 
-	t.Run("RepoFilter >write access only permitted to targeted repos", func(t *testing.T) {
-		for _, am := range []perm.AccessMode{perm.AccessModeOwner, perm.AccessModeAdmin, perm.AccessModeWrite} {
-			cond := reducer.RepoFilter(am)
-
-			var repoIDs []int64
-			err := db.GetEngine(t.Context()).Table(&repo.Repository{}).Where(cond).OrderBy("id").Cols("id").Find(&repoIDs)
-			require.NoError(t, err)
-
-			assert.Len(t, repoIDs, 2)
-			assert.EqualValues(t, 1, repoIDs[0])
-			assert.EqualValues(t, 2, repoIDs[1])
-		}
-	})
-
 	t.Run("RepoFilter read access only permitted to target repos & public repos", func(t *testing.T) {
-		cond := reducer.RepoFilter(perm.AccessModeRead)
+		cond := reducer.RepoReadAccessFilter()
 
 		var rows []*repo.Repository
 		err := db.GetEngine(t.Context()).Table(&repo.Repository{}).Where(cond).OrderBy("id").Cols("id", "owner_id", "is_private").Find(&rows)

From 9c748e87e120c8d4492715c68e3be8b2799d472c Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 18:58:04 -0700
Subject: [PATCH 371/854] feat: implement fine-grained access tokens in
 /user/starred & /users/{username}/starred

---
 models/repo/user_repo.go                |  3 +-
 routers/api/v1/user/star.go             |  9 ++-
 tests/integration/api_user_star_test.go | 81 +++++++++++++++++++++++++
 3 files changed, 89 insertions(+), 4 deletions(-)

diff --git a/models/repo/user_repo.go b/models/repo/user_repo.go
index ca02c1e3f0..743e50bb35 100644
--- a/models/repo/user_repo.go
+++ b/models/repo/user_repo.go
@@ -17,13 +17,14 @@ import (
 )
 
 // GetStarredRepos returns the repos starred by a particular user
-func GetStarredRepos(ctx context.Context, userID int64, private bool, listOptions db.ListOptions) ([]*Repository, error) {
+func GetStarredRepos(ctx context.Context, userID int64, private bool, listOptions db.ListOptions, reducer RepositoryAuthorizationReducer) ([]*Repository, error) {
 	sess := db.GetEngine(ctx).
 		Where("star.uid=?", userID).
 		Join("LEFT", "star", "`repository`.id=`star`.repo_id")
 	if !private {
 		sess = sess.And("is_private=?", false)
 	}
+	sess = sess.And(reducer.RepoReadAccessFilter())
 
 	if listOptions.Page != 0 {
 		sess = db.SetSessionPagination(sess, &listOptions)
diff --git a/routers/api/v1/user/star.go b/routers/api/v1/user/star.go
index 19fa49f2ad..ea50080804 100644
--- a/routers/api/v1/user/star.go
+++ b/routers/api/v1/user/star.go
@@ -6,7 +6,6 @@
 package user
 
 import (
-	std_context "context"
 	"net/http"
 
 	"forgejo.org/models/db"
@@ -22,14 +21,18 @@ import (
 
 // getStarredRepos returns the repos that the user with the specified userID has
 // starred
-func getStarredRepos(ctx std_context.Context, user *user_model.User, private bool, listOptions db.ListOptions) ([]*api.Repository, error) {
-	starredRepos, err := repo_model.GetStarredRepos(ctx, user.ID, private, listOptions)
+func getStarredRepos(ctx *context.APIContext, user *user_model.User, private bool, listOptions db.ListOptions) ([]*api.Repository, error) {
+	starredRepos, err := repo_model.GetStarredRepos(ctx, user.ID, private, listOptions, ctx.Reducer)
 	if err != nil {
 		return nil, err
 	}
 
 	repos := make([]*api.Repository, len(starredRepos))
 	for i, starred := range starredRepos {
+		// Resource filtering is implemented above in the call to GetStarredRepos, and doesn't need to be taken into
+		// account here:
+		//
+		// nosemgrep: forgejo-api-use-resource-GetUserRepoPermission
 		permission, err := access_model.GetUserRepoPermission(ctx, starred, user)
 		if err != nil {
 			return nil, err
diff --git a/tests/integration/api_user_star_test.go b/tests/integration/api_user_star_test.go
index 27e5b9e0ca..1e6b4400ae 100644
--- a/tests/integration/api_user_star_test.go
+++ b/tests/integration/api_user_star_test.go
@@ -116,3 +116,84 @@ func TestAPIStar(t *testing.T) {
 		})
 	})
 }
+
+func TestAPIStarRepoAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	var repos []api.Repository
+
+	// Test cases repo1, repo2, repo16 -- create a star on each of them so that we can inspect through /starred and see
+	// if the repos are visible or not with different access tokens.
+	session := loginUser(t, "user2")
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository)
+	for _, r := range []string{"repo1", "repo2", "repo16"} {
+		MakeRequest(t,
+			NewRequest(t, "PUT", fmt.Sprintf("/api/v1/user/starred/user2/%s", r)).AddTokenAuth(writeToken),
+			http.StatusNoContent)
+	}
+
+	find := func() (bool, bool, bool) {
+		foundRepo1 := false  // public repo1
+		foundRepo2 := false  // private repo2
+		foundRepo16 := false // second public repo used in fine-grain testing, included as baseline
+		for _, repo := range repos {
+			switch repo.Name {
+			case "repo1":
+				foundRepo1 = true
+			case "repo2":
+				foundRepo2 = true
+			case "repo16":
+				foundRepo16 = true
+			}
+		}
+		return foundRepo1, foundRepo2, foundRepo16
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
+
+		req := NewRequest(t, "GET", "/api/v1/users/user2/starred").AddTokenAuth(allToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)  // public repo1
+		assert.True(t, foundRepo2)  // private repo2
+		assert.True(t, foundRepo16) // private repo16, used in fine-grain testing, included as baseline
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadUser)
+
+		req := NewRequest(t, "GET", "/api/v1/users/user2/starred").AddTokenAuth(publicOnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public repo1
+		assert.False(t, foundRepo2)  // private repo2
+		assert.False(t, foundRepo16) // private repo16
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadUser},
+			[]int64{2},
+		)
+
+		req := NewRequest(t, "GET", "/api/v1/users/user2/starred").AddTokenAuth(repo2OnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public repo1, allowed as it's public and read-access only
+		assert.True(t, foundRepo2)   // private repo2, allowed inside fine-grain
+		assert.False(t, foundRepo16) // private repo16, denied outside fine-grain
+	})
+}

From c89504d573f39a2a326818d39fc957261b297709 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 18:57:24 -0700
Subject: [PATCH 372/854] feat: implement fine-grained access tokens in
 /user/subscriptions & /users/{username}/subscriptions

---
 models/repo/user_repo.go                 |  3 +-
 routers/api/v1/user/watch.go             |  9 ++-
 tests/integration/api_user_watch_test.go | 81 ++++++++++++++++++++++++
 3 files changed, 89 insertions(+), 4 deletions(-)

diff --git a/models/repo/user_repo.go b/models/repo/user_repo.go
index 743e50bb35..e46e5e1d5a 100644
--- a/models/repo/user_repo.go
+++ b/models/repo/user_repo.go
@@ -38,7 +38,7 @@ func GetStarredRepos(ctx context.Context, userID int64, private bool, listOption
 }
 
 // GetWatchedRepos returns the repos watched by a particular user
-func GetWatchedRepos(ctx context.Context, userID int64, private bool, listOptions db.ListOptions) ([]*Repository, int64, error) {
+func GetWatchedRepos(ctx context.Context, userID int64, private bool, listOptions db.ListOptions, reducer RepositoryAuthorizationReducer) ([]*Repository, int64, error) {
 	sess := db.GetEngine(ctx).
 		Where("watch.user_id=?", userID).
 		And("`watch`.mode<>?", WatchModeDont).
@@ -46,6 +46,7 @@ func GetWatchedRepos(ctx context.Context, userID int64, private bool, listOption
 	if !private {
 		sess = sess.And("is_private=?", false)
 	}
+	sess = sess.And(reducer.RepoReadAccessFilter())
 
 	if listOptions.Page != 0 {
 		sess = db.SetSessionPagination(sess, &listOptions)
diff --git a/routers/api/v1/user/watch.go b/routers/api/v1/user/watch.go
index 1358a63f51..c31744b280 100644
--- a/routers/api/v1/user/watch.go
+++ b/routers/api/v1/user/watch.go
@@ -4,7 +4,6 @@
 package user
 
 import (
-	std_context "context"
 	"net/http"
 
 	"forgejo.org/models/db"
@@ -18,14 +17,18 @@ import (
 )
 
 // getWatchedRepos returns the repos that the user with the specified userID is watching
-func getWatchedRepos(ctx std_context.Context, user *user_model.User, private bool, listOptions db.ListOptions) ([]*api.Repository, int64, error) {
-	watchedRepos, total, err := repo_model.GetWatchedRepos(ctx, user.ID, private, listOptions)
+func getWatchedRepos(ctx *context.APIContext, user *user_model.User, private bool, listOptions db.ListOptions) ([]*api.Repository, int64, error) {
+	watchedRepos, total, err := repo_model.GetWatchedRepos(ctx, user.ID, private, listOptions, ctx.Reducer)
 	if err != nil {
 		return nil, 0, err
 	}
 
 	repos := make([]*api.Repository, len(watchedRepos))
 	for i, watched := range watchedRepos {
+		// Resource filtering is implemented above in the call to GetWatchedRepos, and doesn't need to be taken into
+		// account here:
+		//
+		// nosemgrep: forgejo-api-use-resource-GetUserRepoPermission
 		permission, err := access_model.GetUserRepoPermission(ctx, watched, user)
 		if err != nil {
 			return nil, 0, err
diff --git a/tests/integration/api_user_watch_test.go b/tests/integration/api_user_watch_test.go
index fd8964a8ed..1d8c27007b 100644
--- a/tests/integration/api_user_watch_test.go
+++ b/tests/integration/api_user_watch_test.go
@@ -86,3 +86,84 @@ func TestAPIWatch(t *testing.T) {
 		MakeRequest(t, req, http.StatusNoContent)
 	})
 }
+
+func TestAPIWatchRepoAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	var repos []api.Repository
+
+	// Test cases repo1, repo2, repo16 -- create a subscription on each of them so that we can inspect through
+	// /subscriptions and see if the repos are visible or not with different access tokens.
+	session := loginUser(t, "user2")
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository)
+	for _, r := range []string{"repo1", "repo2", "repo16"} {
+		MakeRequest(t,
+			NewRequest(t, "PUT", fmt.Sprintf("/api/v1/repos/user2/%s/subscription", r)).AddTokenAuth(writeToken),
+			http.StatusOK)
+	}
+
+	find := func() (bool, bool, bool) {
+		foundRepo1 := false  // public repo1
+		foundRepo2 := false  // private repo2
+		foundRepo16 := false // second public repo used in fine-grain testing, included as baseline
+		for _, repo := range repos {
+			switch repo.Name {
+			case "repo1":
+				foundRepo1 = true
+			case "repo2":
+				foundRepo2 = true
+			case "repo16":
+				foundRepo16 = true
+			}
+		}
+		return foundRepo1, foundRepo2, foundRepo16
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
+
+		req := NewRequest(t, "GET", "/api/v1/users/user2/subscriptions").AddTokenAuth(allToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)  // public repo1
+		assert.True(t, foundRepo2)  // private repo2
+		assert.True(t, foundRepo16) // private repo16, used in fine-grain testing, included as baseline
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadUser)
+
+		req := NewRequest(t, "GET", "/api/v1/users/user2/subscriptions").AddTokenAuth(publicOnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public repo1
+		assert.False(t, foundRepo2)  // private repo2
+		assert.False(t, foundRepo16) // private repo16
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadUser},
+			[]int64{2},
+		)
+
+		req := NewRequest(t, "GET", "/api/v1/users/user2/subscriptions").AddTokenAuth(repo2OnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public repo1, allowed as it's public and read-access only
+		assert.True(t, foundRepo2)   // private repo2, allowed inside fine-grain
+		assert.False(t, foundRepo16) // private repo16, denied outside fine-grain
+	})
+}

From 0c2ece0ae721060258be7101bcf6b648c4bb4a52 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 19:01:18 -0700
Subject: [PATCH 373/854] feat: implement fine-grained access tokens in
 /teams/{id}/repos/{org}/{repo}

**Breaking*: /teams/{id}/repos/{org}/{repo} previously allowed read
access to private repositories even if a "public-only" access token was
in-use.  This has been restricted to only return public repositories in
this case.
---
 routers/api/v1/org/team.go                    |  8 +-
 tests/integration/api_team_test.go            | 78 +++++++++++++++++++
 .../team.yml                                  |  4 +
 .../team_repo.yml                             | 15 ++++
 .../team_user.yml                             |  5 ++
 5 files changed, 108 insertions(+), 2 deletions(-)
 create mode 100644 tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team.yml
 create mode 100644 tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team_repo.yml
 create mode 100644 tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team_user.yml

diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go
index 315b44ce6f..cc08133afe 100644
--- a/routers/api/v1/org/team.go
+++ b/routers/api/v1/org/team.go
@@ -632,9 +632,13 @@ func GetTeamRepo(ctx *context.APIContext) {
 		return
 	}
 
-	permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+	permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
 	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "GetTeamRepos", err)
+		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
+		return
+	}
+	if !permission.HasAccess() {
+		ctx.NotFound()
 		return
 	}
 
diff --git a/tests/integration/api_team_test.go b/tests/integration/api_team_test.go
index 2d16ea2b95..9413406b42 100644
--- a/tests/integration/api_team_test.go
+++ b/tests/integration/api_team_test.go
@@ -319,3 +319,81 @@ func TestAPIGetTeamRepo(t *testing.T) {
 		AddTokenAuth(token5)
 	MakeRequest(t, req, http.StatusNotFound)
 }
+
+func TestAPIGetTeamRepoAccessTokenResources(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources")()
+	defer tests.PrepareTestEnv(t)()
+
+	// Test cases org3/repo21 (public), org3/repo3 (private), org3/repo5 (private) --
+	// TestAPIGetTeamReposAccessTokenResources fixtures create a team w/ ID=26 that contains all three repos.
+	session := loginUser(t, "user2")
+
+	var repo api.Repository
+
+	t.Run("all access token", func(t *testing.T) {
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
+
+		t.Run("allowed public repo21", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/teams/26/repos/org3/repo21").AddTokenAuth(allToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.False(t, repo.Private)
+		})
+		t.Run("allowed private repo3", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/teams/26/repos/org3/repo3").AddTokenAuth(allToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.True(t, repo.Private)
+		})
+		// org3/repo5 is a second repo used in fine-grain testing below, so we include it in other tests as a baseline
+		t.Run("allowed private repo5", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/teams/26/repos/org3/repo5").AddTokenAuth(allToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.True(t, repo.Private)
+		})
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadOrganization)
+
+		t.Run("allowed public repo21", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/teams/26/repos/org3/repo21").AddTokenAuth(publicOnlyToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.False(t, repo.Private)
+		})
+		t.Run("denied private repo3", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/teams/26/repos/org3/repo3").AddTokenAuth(publicOnlyToken)
+			MakeRequest(t, req, http.StatusNotFound)
+		})
+		t.Run("denied private repo5", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/teams/26/repos/org3/repo5").AddTokenAuth(publicOnlyToken)
+			MakeRequest(t, req, http.StatusNotFound)
+		})
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadOrganization},
+			[]int64{3},
+		)
+
+		t.Run("allowed public repo21", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/teams/26/repos/org3/repo21").AddTokenAuth(repo2OnlyToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.False(t, repo.Private)
+		})
+		t.Run("allowed inside fine-grain repo3", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/teams/26/repos/org3/repo3").AddTokenAuth(repo2OnlyToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			DecodeJSON(t, resp, &repo)
+			assert.True(t, repo.Private)
+		})
+		t.Run("denied private outside fine-grain repo5", func(t *testing.T) {
+			req := NewRequest(t, "GET", "/api/v1/teams/26/repos/org3/repo5").AddTokenAuth(repo2OnlyToken)
+			MakeRequest(t, req, http.StatusNotFound)
+		})
+	})
+}
diff --git a/tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team.yml b/tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team.yml
new file mode 100644
index 0000000000..19b2a3bc29
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team.yml
@@ -0,0 +1,4 @@
+-
+  id: 26
+  org_id: 3
+  includes_all_repositories: false
diff --git a/tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team_repo.yml b/tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team_repo.yml
new file mode 100644
index 0000000000..285514a4f2
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team_repo.yml
@@ -0,0 +1,15 @@
+-
+  id: 20
+  org_id: 3
+  team_id: 26
+  repo_id: 32 # org3/repo21 - public
+-
+  id: 21
+  org_id: 3
+  team_id: 26
+  repo_id: 3 # org3/repo3 - private
+-
+  id: 22
+  org_id: 3
+  team_id: 26
+  repo_id: 5 # org3/repo5 - private
diff --git a/tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team_user.yml b/tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team_user.yml
new file mode 100644
index 0000000000..8fb6e84ca6
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIGetTeamRepoAccessTokenResources/team_user.yml
@@ -0,0 +1,5 @@
+-
+  id: 30
+  org_id: 3
+  team_id: 26
+  uid: 2

From 0628776cad77c9771251a1aa825604eaf44d108d Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 19:04:35 -0700
Subject: [PATCH 374/854] feat: implement fine-grained access tokens in
 /repos/{owner}/{repo}/issues/{index}/timeline

---
 routers/api/v1/repo/issue_comment.go  |   7 +-
 tests/integration/api_comment_test.go | 107 ++++++++++++++++++++++++++
 2 files changed, 111 insertions(+), 3 deletions(-)

diff --git a/routers/api/v1/repo/issue_comment.go b/routers/api/v1/repo/issue_comment.go
index 1b98c154c8..8a0cf241da 100644
--- a/routers/api/v1/repo/issue_comment.go
+++ b/routers/api/v1/repo/issue_comment.go
@@ -18,6 +18,7 @@ import (
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/web"
 	"forgejo.org/routers/api/v1/utils"
+	"forgejo.org/services/authz"
 	"forgejo.org/services/context"
 	"forgejo.org/services/convert"
 	issue_service "forgejo.org/services/issue"
@@ -216,7 +217,7 @@ func ListIssueCommentsAndTimeline(ctx *context.APIContext) {
 
 	var apiComments []*api.TimelineComment
 	for _, comment := range comments {
-		if comment.Type != issues_model.CommentTypeCode && isXRefCommentAccessible(ctx, ctx.Doer, comment, issue.RepoID) {
+		if comment.Type != issues_model.CommentTypeCode && isXRefCommentAccessible(ctx, ctx.Doer, comment, issue.RepoID, ctx.Reducer) {
 			comment.Issue = issue
 			apiComments = append(apiComments, convert.ToTimelineComment(ctx, issue.Repo, comment, ctx.Doer))
 		}
@@ -226,7 +227,7 @@ func ListIssueCommentsAndTimeline(ctx *context.APIContext) {
 	ctx.JSON(http.StatusOK, &apiComments)
 }
 
-func isXRefCommentAccessible(ctx stdCtx.Context, user *user_model.User, c *issues_model.Comment, issueRepoID int64) bool {
+func isXRefCommentAccessible(ctx stdCtx.Context, user *user_model.User, c *issues_model.Comment, issueRepoID int64, reducer authz.AuthorizationReducer) bool {
 	// Remove comments that the user has no permissions to see
 	if issues_model.CommentTypeIsRef(c.Type) && c.RefRepoID != issueRepoID && c.RefRepoID != 0 {
 		var err error
@@ -235,7 +236,7 @@ func isXRefCommentAccessible(ctx stdCtx.Context, user *user_model.User, c *issue
 		if err != nil {
 			return false
 		}
-		perm, err := access_model.GetUserRepoPermission(ctx, c.RefRepo, user)
+		perm, err := access_model.GetUserRepoPermissionWithReducer(ctx, c.RefRepo, user, reducer)
 		if err != nil {
 			return false
 		}
diff --git a/tests/integration/api_comment_test.go b/tests/integration/api_comment_test.go
index 810b5b9727..59fdfd17a2 100644
--- a/tests/integration/api_comment_test.go
+++ b/tests/integration/api_comment_test.go
@@ -481,3 +481,110 @@ func TestAPIListIssueTimeline(t *testing.T) {
 	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/issues/%d/timeline", repoOwner.Name, repo.Name, IssueIDNotExist)
 	MakeRequest(t, req, http.StatusNotFound)
 }
+
+func TestAPIListIssueTimelineAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user2")
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue)
+
+	// Create an issue on a repo, repo1 -- call it issue1.
+	req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/issues", &api.CreateIssueOption{
+		Body:  "issue body",
+		Title: "issue title",
+	}).AddTokenAuth(writeToken)
+	resp := MakeRequest(t, req, http.StatusCreated)
+	var issue1 api.Issue
+	DecodeJSON(t, resp, &issue1)
+
+	// On three other issues, on a public repo (repo1), on two private repos (repo2, org3/repo3), create
+	// cross-references via comments to issue1. (typically repo16 is used in similar tests for a second private repo,
+	// but can't be used here because it doesn't have the issue unit enabled)
+	req = NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/issues", &api.CreateIssueOption{
+		Body:  "repo1 referencing issue",
+		Title: fmt.Sprintf("I really like the idea of %s ...", issue1.HTMLURL),
+	}).AddTokenAuth(writeToken)
+	MakeRequest(t, req, http.StatusCreated)
+	req = NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo2/issues", &api.CreateIssueOption{
+		Body:  "repo1 referencing issue",
+		Title: fmt.Sprintf("I really like the idea of %s ...", issue1.HTMLURL),
+	}).AddTokenAuth(writeToken)
+	MakeRequest(t, req, http.StatusCreated)
+	req = NewRequestWithJSON(t, "POST", "/api/v1/repos/org3/repo3/issues", &api.CreateIssueOption{
+		Body:  "repo1 referencing issue",
+		Title: fmt.Sprintf("I really like the idea of %s ...", issue1.HTMLURL),
+	}).AddTokenAuth(writeToken)
+	MakeRequest(t, req, http.StatusCreated)
+
+	// The remainder of this test reads the timeline on issue1 with different access token resources and see if the
+	// cross-references are visible or hidden.
+	var comments []*api.TimelineComment
+	find := func() (bool, bool, bool) {
+		foundRepo1 := false // public repo1
+		foundRepo2 := false // private repo2
+		foundRepo3 := false // second public repo used in fine-grain testing, included as baseline
+		for _, comment := range comments {
+			// println(fmt.Sprintf("%#v", comment))
+			if comment.RefIssue != nil && comment.RefIssue.Repo != nil {
+				// println(fmt.Sprintf("RefIssue = %#v", comment.RefIssue))
+				switch comment.RefIssue.Repo.Name {
+				case "repo1":
+					foundRepo1 = true
+				case "repo2":
+					foundRepo2 = true
+				case "repo3":
+					foundRepo3 = true
+				}
+			}
+		}
+		return foundRepo1, foundRepo2, foundRepo3
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue)
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/issues/%d/timeline", issue1.Index)).AddTokenAuth(allToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &comments)
+		foundRepo1, foundRepo2, foundRepo3 := find()
+
+		assert.True(t, foundRepo1) // public repo1
+		assert.True(t, foundRepo2) // private repo2
+		assert.True(t, foundRepo3) // private org3/repo3, used in fine-grain testing, included as baseline
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadIssue)
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/issues/%d/timeline", issue1.Index)).AddTokenAuth(publicOnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &comments)
+		foundRepo1, foundRepo2, foundRepo3 := find()
+
+		assert.True(t, foundRepo1)  // public repo1
+		assert.False(t, foundRepo2) // private repo2
+		assert.False(t, foundRepo3) // private org3/repo3
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadIssue},
+			[]int64{2},
+		)
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo1/issues/%d/timeline", issue1.Index)).AddTokenAuth(repo2OnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &comments)
+		foundRepo1, foundRepo2, foundRepo3 := find()
+
+		assert.True(t, foundRepo1)  // public repo1, allowed as it's public and read-access only
+		assert.True(t, foundRepo2)  // private repo2, allowed inside fine-grain
+		assert.False(t, foundRepo3) // private org3/repo3, denied outside fine-grain
+	})
+}

From e4ee1a27565e355f9a4538c056b6771e6ddcfa9d Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 19:05:33 -0700
Subject: [PATCH 375/854] feat: implement fine-grained access tokens in
 /repos/{owner}/{repo}/issues/{index}/dependencies

**Breaking**: Public-only tokens previously had the capability to view
private repositories through this API, which has been revoked by this
change to support fine-grained access tokens.
---
 routers/api/v1/repo/issue_dependency.go |   4 +-
 tests/integration/api_issue_test.go     | 107 ++++++++++++++++++++++++
 2 files changed, 109 insertions(+), 2 deletions(-)

diff --git a/routers/api/v1/repo/issue_dependency.go b/routers/api/v1/repo/issue_dependency.go
index 400575d37c..6f2d7dbb4c 100644
--- a/routers/api/v1/repo/issue_dependency.go
+++ b/routers/api/v1/repo/issue_dependency.go
@@ -115,9 +115,9 @@ func GetIssueDependencies(ctx *context.APIContext) {
 			perm = existPerm
 		} else {
 			var err error
-			perm, err = access_model.GetUserRepoPermission(ctx, &blocker.Repository, ctx.Doer)
+			perm, err = access_model.GetUserRepoPermissionWithReducer(ctx, &blocker.Repository, ctx.Doer, ctx.Reducer)
 			if err != nil {
-				ctx.ServerError("GetUserRepoPermission", err)
+				ctx.ServerError("GetUserRepoPermissionWithReducer", err)
 				return
 			}
 			repoPerms[blocker.RepoID] = perm
diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go
index 554155e5f7..9ebb919681 100644
--- a/tests/integration/api_issue_test.go
+++ b/tests/integration/api_issue_test.go
@@ -886,3 +886,110 @@ func TestAPIIssueDependencyPermissions(t *testing.T) {
 	}).AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusNotFound) // as otherUserRepo is a private repo we can't link a dependency to it
 }
+
+func TestAPIIssueDependencyAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user2")
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue)
+
+	// Create an issue on a repo, repo1 -- call it issue1.  repo256 is used because it's configured with
+	// EnableDependencies:true in its issue unit.
+	req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo256/issues", &api.CreateIssueOption{
+		Body:  "issue body",
+		Title: "issue title",
+	}).AddTokenAuth(writeToken)
+	resp := MakeRequest(t, req, http.StatusCreated)
+	var issue1 api.Issue
+	DecodeJSON(t, resp, &issue1)
+
+	// On three other issues, on a public repo (repo1), on two private repos (repo2, org3/repo3), create new issues. Add
+	// each issue as a dependency of issue1. (typically repo16 is used in similar tests for a second private repo, but
+	// can't be used here because it doesn't have the issue unit enabled)
+	for _, repo := range []string{"user2/repo1", "user2/repo2", "org3/repo3"} {
+		var dependency api.Issue
+		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/issues", repo), &api.CreateIssueOption{
+			Body:  "repo1 issue dependency",
+			Title: "important dependency",
+		}).AddTokenAuth(writeToken)
+		resp = MakeRequest(t, req, http.StatusCreated)
+		DecodeJSON(t, resp, &dependency)
+
+		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/user2/repo256/issues/%d/dependencies", issue1.Index), api.IssueMeta{
+			Owner: dependency.Repo.Owner,
+			Name:  dependency.Repo.Name,
+			Index: dependency.Index,
+		}).AddTokenAuth(writeToken)
+		MakeRequest(t, req, http.StatusCreated)
+	}
+
+	// The remainder of this test reads the dependencies on issue1 with different access token resources and see if the
+	// dependencies are visible or hidden.
+	var issues []*api.Issue
+	find := func() (bool, bool, bool) {
+		foundRepo1 := false // public repo1
+		foundRepo2 := false // private repo2
+		foundRepo3 := false // second public repo used in fine-grain testing, included as baseline
+		for _, issue := range issues {
+			if issue.Repo != nil {
+				switch issue.Repo.Name {
+				case "repo1":
+					foundRepo1 = true
+				case "repo2":
+					foundRepo2 = true
+				case "repo3":
+					foundRepo3 = true
+				}
+			}
+		}
+		return foundRepo1, foundRepo2, foundRepo3
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue)
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo256/issues/%d/dependencies", issue1.Index)).AddTokenAuth(allToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &issues)
+		foundRepo1, foundRepo2, foundRepo3 := find()
+
+		assert.True(t, foundRepo1) // public repo1
+		assert.True(t, foundRepo2) // private repo2
+		assert.True(t, foundRepo3) // private org3/repo3, used in fine-grain testing, included as baseline
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadIssue)
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo256/issues/%d/dependencies", issue1.Index)).AddTokenAuth(publicOnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &issues)
+		foundRepo1, foundRepo2, foundRepo3 := find()
+
+		assert.True(t, foundRepo1)  // public repo1
+		assert.False(t, foundRepo2) // private repo2
+		assert.False(t, foundRepo3) // private org3/repo3
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadIssue},
+			[]int64{2},
+		)
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo256/issues/%d/dependencies", issue1.Index)).AddTokenAuth(repo2OnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &issues)
+		foundRepo1, foundRepo2, foundRepo3 := find()
+
+		assert.True(t, foundRepo1)  // public repo1, allowed as it's public and read-access only
+		assert.True(t, foundRepo2)  // private repo2, allowed inside fine-grain
+		assert.False(t, foundRepo3) // private org3/repo3, denied outside fine-grain
+	})
+}

From 26ffe3106cff8d21aedea6c255d96055f81a9ae2 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 19:06:08 -0700
Subject: [PATCH 376/854] feat: implement fine-grained access tokens in
 /repos/{owner}/{repo}/issues/{index}/blocks

**Breaking**: Public-only tokens previously had the capability to view
private repositories through this API, which has been revoked by this
change to support fine-grained access tokens.
---
 routers/api/v1/repo/issue_dependency.go |   4 +-
 tests/integration/api_issue_test.go     | 117 ++++++++++++++++++++++++
 2 files changed, 119 insertions(+), 2 deletions(-)

diff --git a/routers/api/v1/repo/issue_dependency.go b/routers/api/v1/repo/issue_dependency.go
index 6f2d7dbb4c..aacc2ebe10 100644
--- a/routers/api/v1/repo/issue_dependency.go
+++ b/routers/api/v1/repo/issue_dependency.go
@@ -369,9 +369,9 @@ func GetIssueBlocks(ctx *context.APIContext) {
 			perm = existPerm
 		} else {
 			var err error
-			perm, err = access_model.GetUserRepoPermission(ctx, &depMeta.Repository, ctx.Doer)
+			perm, err = access_model.GetUserRepoPermissionWithReducer(ctx, &depMeta.Repository, ctx.Doer, ctx.Reducer)
 			if err != nil {
-				ctx.ServerError("GetUserRepoPermission", err)
+				ctx.ServerError("GetUserRepoPermissionWithReducer", err)
 				return
 			}
 			repoPerms[depMeta.RepoID] = perm
diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go
index 9ebb919681..af26d7719f 100644
--- a/tests/integration/api_issue_test.go
+++ b/tests/integration/api_issue_test.go
@@ -993,3 +993,120 @@ func TestAPIIssueDependencyAccessTokenResources(t *testing.T) {
 		assert.False(t, foundRepo3) // private org3/repo3, denied outside fine-grain
 	})
 }
+
+func TestAPIIssueBlocksAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user2")
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue, auth_model.AccessTokenScopeWriteRepository)
+
+	// Create an issue on a repo, repo1 -- call it issue1.  repo256 is used because it's configured with
+	// EnableDependencies:true in its issue unit.
+	req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo256/issues", &api.CreateIssueOption{
+		Body:  "issue body",
+		Title: "issue title",
+	}).AddTokenAuth(writeToken)
+	resp := MakeRequest(t, req, http.StatusCreated)
+	var issue1 api.Issue
+	DecodeJSON(t, resp, &issue1)
+
+	// For our three target repos, we'll need to enable issue dependencies for this test to succeed.
+	for _, repo := range []string{"user2/repo1", "user2/repo2", "org3/repo3"} {
+		req = NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/repos/%s", repo), &api.EditRepoOption{
+			InternalTracker: &api.InternalTracker{
+				EnableIssueDependencies: true,
+			},
+		}).AddTokenAuth(writeToken)
+		MakeRequest(t, req, http.StatusOK)
+	}
+
+	// On three other repos (one public repo (repo1), two private repos (repo2, org3/repo3)), create new issues. Block
+	// each issue by issue1. (typically repo16 is used in similar tests for a second private repo, but can't be used
+	// here because it doesn't have the issue unit enabled)
+	for _, repo := range []string{"user2/repo1", "user2/repo2", "org3/repo3"} {
+		var dependency api.Issue
+		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/issues", repo), &api.CreateIssueOption{
+			Body:  "repo1 issue dependency",
+			Title: "important dependency",
+		}).AddTokenAuth(writeToken)
+		resp = MakeRequest(t, req, http.StatusCreated)
+		DecodeJSON(t, resp, &dependency)
+
+		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/user2/repo256/issues/%d/blocks", issue1.Index), api.IssueMeta{
+			Owner: dependency.Repo.Owner,
+			Name:  dependency.Repo.Name,
+			Index: dependency.Index,
+		}).AddTokenAuth(writeToken)
+		MakeRequest(t, req, http.StatusCreated)
+	}
+
+	// The remainder of this test reads the dependencies on issue1 with different access token resources and see if the
+	// dependencies are visible or hidden.
+	var issues []*api.Issue
+	find := func() (bool, bool, bool) {
+		foundRepo1 := false // public repo1
+		foundRepo2 := false // private repo2
+		foundRepo3 := false // second public repo used in fine-grain testing, included as baseline
+		for _, issue := range issues {
+			if issue.Repo != nil {
+				switch issue.Repo.Name {
+				case "repo1":
+					foundRepo1 = true
+				case "repo2":
+					foundRepo2 = true
+				case "repo3":
+					foundRepo3 = true
+				}
+			}
+		}
+		return foundRepo1, foundRepo2, foundRepo3
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue)
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo256/issues/%d/blocks", issue1.Index)).AddTokenAuth(allToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &issues)
+		foundRepo1, foundRepo2, foundRepo3 := find()
+
+		assert.True(t, foundRepo1) // public repo1
+		assert.True(t, foundRepo2) // private repo2
+		assert.True(t, foundRepo3) // private org3/repo3, used in fine-grain testing, included as baseline
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadIssue)
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo256/issues/%d/blocks", issue1.Index)).AddTokenAuth(publicOnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &issues)
+		foundRepo1, foundRepo2, foundRepo3 := find()
+
+		assert.True(t, foundRepo1)  // public repo1
+		assert.False(t, foundRepo2) // private repo2
+		assert.False(t, foundRepo3) // private org3/repo3
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadIssue},
+			[]int64{2},
+		)
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/repo256/issues/%d/blocks", issue1.Index)).AddTokenAuth(repo2OnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &issues)
+		foundRepo1, foundRepo2, foundRepo3 := find()
+
+		assert.True(t, foundRepo1)  // public repo1, allowed as it's public and read-access only
+		assert.True(t, foundRepo2)  // private repo2, allowed inside fine-grain
+		assert.False(t, foundRepo3) // private org3/repo3, denied outside fine-grain
+	})
+}

From 94dd94c2c0bc0ae7c4c07029f9a183c1c078722c Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 19:07:07 -0700
Subject: [PATCH 377/854] feat: implement fine-grained access tokens in issue
 dependency & blocking modification APIs

**Breaking**: Public-only tokens previously had the capability to make
issue dependencies and block issues w/ data from private repositories
through these APIs, which has been revoked by this change to support
fine-grained access tokens.
---
 routers/api/v1/repo/issue_dependency.go |  4 +-
 tests/integration/api_issue_test.go     | 97 +++++++++++++++++++++++++
 2 files changed, 99 insertions(+), 2 deletions(-)

diff --git a/routers/api/v1/repo/issue_dependency.go b/routers/api/v1/repo/issue_dependency.go
index aacc2ebe10..7c087e28b9 100644
--- a/routers/api/v1/repo/issue_dependency.go
+++ b/routers/api/v1/repo/issue_dependency.go
@@ -557,9 +557,9 @@ func getPermissionForRepo(ctx *context.APIContext, repo *repo_model.Repository)
 		return &ctx.Repo.Permission
 	}
 
-	perm, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+	perm, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
 	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
+		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
 		return nil
 	}
 
diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go
index af26d7719f..282d418316 100644
--- a/tests/integration/api_issue_test.go
+++ b/tests/integration/api_issue_test.go
@@ -1110,3 +1110,100 @@ func TestAPIIssueBlocksAccessTokenResources(t *testing.T) {
 		assert.False(t, foundRepo3) // private org3/repo3, denied outside fine-grain
 	})
 }
+
+func TestAPIIssueBlocksModificationAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user2")
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue, auth_model.AccessTokenScopeWriteRepository)
+
+	// Create an issue on a repo, repo1 -- call it issue1.  repo256 is used because it's configured with
+	// EnableDependencies:true in its issue unit.
+	req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo256/issues", &api.CreateIssueOption{
+		Body:  "issue body",
+		Title: "issue title",
+	}).AddTokenAuth(writeToken)
+	resp := MakeRequest(t, req, http.StatusCreated)
+	var issue1 api.Issue
+	DecodeJSON(t, resp, &issue1)
+
+	// For our three target repos, we'll need to enable issue dependencies for this test case.
+	for _, repo := range []string{"user2/repo1", "user2/repo2", "org3/repo3"} {
+		req = NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/repos/%s", repo), &api.EditRepoOption{
+			InternalTracker: &api.InternalTracker{
+				EnableIssueDependencies: true,
+			},
+		}).AddTokenAuth(writeToken)
+		MakeRequest(t, req, http.StatusOK)
+	}
+
+	// On three other repos, on a public repo (repo1), on two private repos (repo2, org3/repo3), create new issues.
+	var repo1Issue, repo2Issue, repo3Issue api.Issue
+	createIssue := func(repoFullname string, issue *api.Issue) {
+		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/issues", repoFullname), &api.CreateIssueOption{
+			Body:  "repo1 issue dependency",
+			Title: "important dependency",
+		}).AddTokenAuth(writeToken)
+		resp = MakeRequest(t, req, http.StatusCreated)
+		DecodeJSON(t, resp, issue)
+	}
+	createIssue("user2/repo1", &repo1Issue)
+	createIssue("user2/repo2", &repo2Issue)
+	createIssue("org3/repo3", &repo3Issue)
+
+	// The remainder of this test attempts to create dependencies between the issues on repo1/repo2/repo3, and the
+	// target issue on repo256, with various levels of access tokens.  `makeDep` is a nice helper function to make those
+	// test case shorter.
+	makeDep := func(t *testing.T, dependency *api.Issue, token string, expectedStatus int) {
+		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/user2/repo256/issues/%d/blocks", issue1.Index), api.IssueMeta{
+			Owner: dependency.Repo.Owner,
+			Name:  dependency.Repo.Name,
+			Index: dependency.Index,
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, expectedStatus)
+		if expectedStatus == http.StatusCreated {
+			// Delete the dependency created at the end of this test, to allow a clean environment for next test cases.
+			t.Cleanup(func() {
+				req = NewRequestWithJSON(t, "DELETE", fmt.Sprintf("/api/v1/repos/user2/repo256/issues/%d/blocks", issue1.Index), api.IssueMeta{
+					Owner: dependency.Repo.Owner,
+					Name:  dependency.Repo.Name,
+					Index: dependency.Index,
+				}).AddTokenAuth(token)
+				MakeRequest(t, req, http.StatusCreated)
+			})
+		}
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue)
+
+		makeDep(t, &repo1Issue, allToken, http.StatusCreated) // public repo1
+		makeDep(t, &repo2Issue, allToken, http.StatusCreated) // private repo2
+		makeDep(t, &repo3Issue, allToken, http.StatusCreated) // private org3/repo3
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteIssue)
+
+		makeDep(t, &repo1Issue, publicOnlyToken, http.StatusCreated)  // public repo1
+		makeDep(t, &repo2Issue, publicOnlyToken, http.StatusNotFound) // private repo2
+		makeDep(t, &repo3Issue, publicOnlyToken, http.StatusNotFound) // private org3/repo3
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeWriteIssue},
+			[]int64{2},
+		)
+
+		makeDep(t, &repo1Issue, repo2OnlyToken, http.StatusNotFound) // public repo1 -- fails because fine-grained token has read only access
+		makeDep(t, &repo2Issue, repo2OnlyToken, http.StatusCreated)  // private repo2
+		makeDep(t, &repo3Issue, repo2OnlyToken, http.StatusNotFound) // private org3/repo3
+	})
+}

From f9a2167105cd4e7958ac294fcb314f715c637a52 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 19:08:29 -0700
Subject: [PATCH 378/854] feat: implement fine-grained access tokens in
 /repos/{owner}/{repo}/pulls & /repos/{owner}/{repo}/compare/{basehead} APIs

As these APIs only work on forks, and it's not possible to change the
visibility of a fork from its parent, only testing the API access
pattern against the head is sufficient.  Also it is not a breaking
change due to checkTokenPublicOnly middleware already enforcing this for
public-only scopes, and the lack of ability to change a fork's
visibility.
---
 routers/api/v1/repo/pull.go                |  8 ++--
 tests/integration/api_repo_compare_test.go | 47 ++++++++++++++++++++++
 2 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 5a5acc3c69..2e5babdf31 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -1150,10 +1150,10 @@ func parseCompareInfo(ctx *context.APIContext, form api.CreatePullRequestOption)
 	}
 
 	// user should have permission to read baseRepo's codes and pulls, NOT headRepo's
-	permBase, err := access_model.GetUserRepoPermission(ctx, baseRepo, ctx.Doer)
+	permBase, err := access_model.GetUserRepoPermissionWithReducer(ctx, baseRepo, ctx.Doer, ctx.Reducer)
 	if err != nil {
 		headGitRepo.Close()
-		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
+		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
 		return nil, nil, nil, "", ""
 	}
 	if !permBase.CanReadIssuesOrPulls(true) || !permBase.CanRead(unit.TypeCode) {
@@ -1169,10 +1169,10 @@ func parseCompareInfo(ctx *context.APIContext, form api.CreatePullRequestOption)
 	}
 
 	// user should have permission to read headrepo's codes
-	permHead, err := access_model.GetUserRepoPermission(ctx, headRepo, ctx.Doer)
+	permHead, err := access_model.GetUserRepoPermissionWithReducer(ctx, headRepo, ctx.Doer, ctx.Reducer)
 	if err != nil {
 		headGitRepo.Close()
-		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
+		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
 		return nil, nil, nil, "", ""
 	}
 	if !permHead.CanRead(unit.TypeCode) {
diff --git a/tests/integration/api_repo_compare_test.go b/tests/integration/api_repo_compare_test.go
index 42f997eb7d..12941d9ad2 100644
--- a/tests/integration/api_repo_compare_test.go
+++ b/tests/integration/api_repo_compare_test.go
@@ -18,6 +18,7 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
 	api "forgejo.org/modules/structs"
+	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -269,3 +270,49 @@ func testAPICompareCommits(t *testing.T, objectFormat git.ObjectFormat) {
 		}
 	})
 }
+
+func TestAPICompareCommitsAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user2")
+
+	// Using the compare API, will be testing that the base repo's security checks implement fine-grained access
+	// controls (and baselines with all and public-only).
+	testCase := func(t *testing.T, repo, token string, expectedStatus int) {
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/compare/master...master", repo)).AddTokenAuth(token)
+		MakeRequest(t, req, expectedStatus)
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+
+		testCase(t, "user2/repo1", allToken, http.StatusOK)  // public user2/repo1
+		testCase(t, "org3/repo3", allToken, http.StatusOK)   // private org3/repo3
+		testCase(t, "user2/repo20", allToken, http.StatusOK) // private user2/repo20
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadRepository)
+
+		testCase(t, "user2/repo1", publicOnlyToken, http.StatusOK)        // public user2/repo1
+		testCase(t, "org3/repo3", publicOnlyToken, http.StatusNotFound)   // private org3/repo3
+		testCase(t, "user2/repo20", publicOnlyToken, http.StatusNotFound) // private user2/repo20
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadRepository},
+			[]int64{3},
+		)
+
+		testCase(t, "user2/repo1", repo2OnlyToken, http.StatusOK)        // public user2/repo1
+		testCase(t, "org3/repo3", repo2OnlyToken, http.StatusOK)         // private org3/repo3
+		testCase(t, "user2/repo20", repo2OnlyToken, http.StatusNotFound) // private user2/repo20, outside of fine-grain
+	})
+}

From bbb7d52fc09ab82b9cac342aba2a93dcfc186868 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 19:09:24 -0700
Subject: [PATCH 379/854] feat: implement fine-grained access tokens in
 /repos/{owner}/{repo}/pulls/{index}/requested_reviewers

---
 routers/api/v1/repo/pull_review.go        | 19 ++++-
 routers/web/repo/issue.go                 |  2 +-
 services/issue/assignee.go                | 10 +--
 templates/swagger/v1_json.tmpl            |  3 +
 tests/integration/api_pull_review_test.go | 96 +++++++++++++++++++++++
 5 files changed, 116 insertions(+), 14 deletions(-)

diff --git a/routers/api/v1/repo/pull_review.go b/routers/api/v1/repo/pull_review.go
index aa9a06d70c..76201f3f6e 100644
--- a/routers/api/v1/repo/pull_review.go
+++ b/routers/api/v1/repo/pull_review.go
@@ -11,7 +11,7 @@ import (
 
 	issues_model "forgejo.org/models/issues"
 	"forgejo.org/models/organization"
-	access_model "forgejo.org/models/perm/access"
+	"forgejo.org/models/perm"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/gitrepo"
 	api "forgejo.org/modules/structs"
@@ -746,6 +746,8 @@ func CreateReviewRequests(ctx *context.APIContext) {
 	//     "$ref": "#/responses/PullReviewListWithoutPagination"
 	//   "422":
 	//     "$ref": "#/responses/validationError"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
@@ -813,9 +815,18 @@ func apiReviewRequest(ctx *context.APIContext, opts api.PullReviewRequestOptions
 
 	reviewers := make([]*user_model.User, 0, len(opts.Reviewers))
 
-	permDoer, err := access_model.GetUserRepoPermission(ctx, pr.Issue.Repo, ctx.Doer)
+	// Ability to add review requests is relatively complex logic that will be in `CanDoerChangeReviewRequests`.  But on
+	// the API side, it's possible that an auth reducer may want to interfere with this logic -- so we'll run a write
+	// AccessMode through the reducer and if we don't get write back, then the reducer is preventing us from adding this
+	// review request. (eg. a repo-scoped access token, when accessing a public repo, can't write review requests)
+	reducerAccessMode, err := ctx.Reducer.ReduceRepoAccess(ctx, ctx.Repo.Repository, perm.AccessModeWrite)
 	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
+		ctx.Error(http.StatusInternalServerError, "ReduceRepoAccess", err)
+		return
+	} else if reducerAccessMode != perm.AccessModeWrite {
+		// Forbidden (rather than NotFound) is used for this perm check because the middleware on the APIs already
+		// guarantees we have read access to this repo, so this doesn't leak any existence information.
+		ctx.Error(http.StatusForbidden, "apiReviewRequest", "permission reduction prevented review request change")
 		return
 	}
 
@@ -836,7 +847,7 @@ func apiReviewRequest(ctx *context.APIContext, opts api.PullReviewRequestOptions
 			return
 		}
 
-		err = issue_service.IsValidReviewRequest(ctx, reviewer, ctx.Doer, isAdd, pr.Issue, &permDoer)
+		err = issue_service.IsValidReviewRequest(ctx, reviewer, ctx.Doer, isAdd, pr.Issue)
 		if err != nil {
 			if issues_model.IsErrNotValidReviewRequest(err) {
 				ctx.Error(http.StatusUnprocessableEntity, "NotValidReviewRequest", err)
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index 1fef838516..10d3e6651b 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -2605,7 +2605,7 @@ func UpdatePullReviewRequest(ctx *context.Context) {
 			return
 		}
 
-		err = issue_service.IsValidReviewRequest(ctx, reviewer, ctx.Doer, action == "attach", issue, nil)
+		err = issue_service.IsValidReviewRequest(ctx, reviewer, ctx.Doer, action == "attach", issue)
 		if err != nil {
 			if issues_model.IsErrNotValidReviewRequest(err) {
 				log.Warn(
diff --git a/services/issue/assignee.go b/services/issue/assignee.go
index 2d8700213e..5ec351b411 100644
--- a/services/issue/assignee.go
+++ b/services/issue/assignee.go
@@ -81,7 +81,7 @@ func ReviewRequest(ctx context.Context, issue *issues_model.Issue, doer, reviewe
 }
 
 // IsValidReviewRequest Check permission for ReviewRequest
-func IsValidReviewRequest(ctx context.Context, reviewer, doer *user_model.User, isAdd bool, issue *issues_model.Issue, permDoer *access_model.Permission) error {
+func IsValidReviewRequest(ctx context.Context, reviewer, doer *user_model.User, isAdd bool, issue *issues_model.Issue) error {
 	if reviewer.IsOrganization() {
 		return issues_model.ErrNotValidReviewRequest{
 			Reason: "Organization can't be added as reviewer",
@@ -102,14 +102,6 @@ func IsValidReviewRequest(ctx context.Context, reviewer, doer *user_model.User,
 		return err
 	}
 
-	if permDoer == nil {
-		permDoer = new(access_model.Permission)
-		*permDoer, err = access_model.GetUserRepoPermission(ctx, issue.Repo, doer)
-		if err != nil {
-			return err
-		}
-	}
-
 	lastreview, err := issues_model.GetReviewByIssueIDAndUserID(ctx, issue.ID, reviewer.ID)
 	if err != nil && !issues_model.IsErrReviewNotExist(err) {
 		return err
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 7e83814a2d..f155e91f3c 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -14576,6 +14576,9 @@
           "201": {
             "$ref": "#/responses/PullReviewListWithoutPagination"
           },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
           "404": {
             "$ref": "#/responses/notFound"
           },
diff --git a/tests/integration/api_pull_review_test.go b/tests/integration/api_pull_review_test.go
index 9f00686b57..5ff8bd4adf 100644
--- a/tests/integration/api_pull_review_test.go
+++ b/tests/integration/api_pull_review_test.go
@@ -6,6 +6,7 @@ package integration
 import (
 	"fmt"
 	"net/http"
+	"net/url"
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
@@ -486,6 +487,101 @@ func TestAPIPullReviewRequest(t *testing.T) {
 	MakeRequest(t, req, http.StatusNoContent)
 }
 
+func TestAPIPullReviewRequestAccessTokenResources(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		session := loginUser(t, "user2")
+		writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue, auth_model.AccessTokenScopeWriteRepository)
+
+		for _, repo := range []string{"user2/repo1", "user2/repo2", "org3/repo3"} {
+			// For our three target repos, we'll need to enable pull requests for this test case.
+			trueBool := true
+			req := NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/repos/%s", repo), &api.EditRepoOption{
+				HasPullRequests: &trueBool,
+			}).AddTokenAuth(writeToken)
+			MakeRequest(t, req, http.StatusOK)
+
+			// Add user `user5` as a collaborator on all the target repos as well, so that we can successfully request
+			// review from them.
+			write := "write"
+			req = NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/collaborators/user5", repo), &api.AddCollaboratorOption{
+				Permission: &write,
+			}).AddTokenAuth(writeToken)
+			MakeRequest(t, req, http.StatusNoContent)
+		}
+
+		// Create a pull request on each of the target test repos.
+		var repo1PullRequest, repo2PullRequest, repo3PullRequest api.PullRequest
+		createPullRequest := func(repoFullname string, pullRequest *api.PullRequest) {
+			req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/contents", repoFullname),
+				&api.ChangeFilesOptions{
+					FileOptions: api.FileOptions{
+						NewBranchName: "prtest",
+					},
+					Files: []*api.ChangeFileOperation{},
+				}).AddTokenAuth(writeToken)
+			MakeRequest(t, req, http.StatusCreated)
+
+			req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/pulls", repoFullname), &api.CreatePullRequestOption{
+				Body:  "repo1 issue dependency",
+				Title: "important dependency",
+				Base:  "master",
+				Head:  "prtest",
+			}).AddTokenAuth(writeToken)
+			resp := MakeRequest(t, req, http.StatusCreated)
+			DecodeJSON(t, resp, pullRequest)
+		}
+		createPullRequest("user2/repo1", &repo1PullRequest)
+		createPullRequest("user2/repo2", &repo2PullRequest)
+		createPullRequest("org3/repo3", &repo3PullRequest)
+
+		// The core of the test is to see whether we can add pull request reviewers to the repos, using access tokens
+		// with different permission scopes (all, public-only, fine-grained access tokens).  Define the test:
+		testCase := func(t *testing.T, repo string, pullRequest *api.PullRequest, token string, expectedStatus int) {
+			req := NewRequestWithJSON(t,
+				"POST",
+				fmt.Sprintf("/api/v1/repos/%s/pulls/%d/requested_reviewers", repo, pullRequest.Index),
+				&api.PullReviewRequestOptions{
+					Reviewers: []string{"user5"},
+				}).
+				AddTokenAuth(token)
+			MakeRequest(t, req, expectedStatus)
+		}
+
+		t.Run("all access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+			testCase(t, "user2/repo1", &repo1PullRequest, allToken, http.StatusCreated) // public user2/repo1
+			testCase(t, "user2/repo2", &repo2PullRequest, allToken, http.StatusCreated) // private user2/repo2
+			testCase(t, "org3/repo3", &repo3PullRequest, allToken, http.StatusCreated)  // private org3/repo3
+		})
+
+		t.Run("public-only access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteRepository)
+
+			testCase(t, "user2/repo1", &repo1PullRequest, publicOnlyToken, http.StatusCreated)  // public user2/repo1
+			testCase(t, "user2/repo2", &repo2PullRequest, publicOnlyToken, http.StatusNotFound) // private user2/repo2
+			testCase(t, "org3/repo3", &repo3PullRequest, publicOnlyToken, http.StatusNotFound)  // private org3/repo3
+		})
+
+		t.Run("specific repo access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+				[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeWriteRepository},
+				[]int64{3},
+			)
+
+			testCase(t, "user2/repo1", &repo1PullRequest, repo2OnlyToken, http.StatusForbidden) // public user2/repo1, read-only outside of the auth'd repos
+			testCase(t, "user2/repo2", &repo2PullRequest, repo2OnlyToken, http.StatusNotFound)  // private user2/repo2, outside of fine-grain
+			testCase(t, "org3/repo3", &repo3PullRequest, repo2OnlyToken, http.StatusCreated)    // private org3/repo3
+		})
+	})
+}
+
 func TestAPIPullReviewStayDismissed(t *testing.T) {
 	// This test against issue https://github.com/go-gitea/gitea/issues/28542
 	// where old reviews surface after a review request got dismissed.

From b9be4b76486f19b3f2f1fd4f4b15a2de637e15c9 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 19:10:38 -0700
Subject: [PATCH 380/854] feat: implement fine-grained access tokens in
 /repositories/{id}

**Breaking**: accessing the `/repositories/{id}` API with a public-only
access token did not restrict read access to only public repositories.
As part of a consolidation of permission logic with repo-specific access
tokens, this access has not been restricted.
---
 routers/api/v1/repo/repo.go        |  4 +--
 tests/integration/api_repo_test.go | 51 ++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index faeb4c3280..4d514ec394 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -599,9 +599,9 @@ func GetByID(ctx *context.APIContext) {
 		return
 	}
 
-	permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+	permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
 	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
+		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
 		return
 	} else if !permission.HasAccess() {
 		ctx.NotFound()
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index 03d70e0fd6..2b48bd329e 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -480,6 +480,57 @@ func TestAPIGetRepoByIDUnauthorized(t *testing.T) {
 	MakeRequest(t, req, http.StatusNotFound)
 }
 
+func TestAPIGetRepoByIDAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user2")
+
+	// Test targets:
+	// id 1 - user2/repo1 - public repo
+	// id 2 - user2/repo2 - private repo
+	// id 16 - user2/repo16 - private repo
+	testCase := func(t *testing.T, repoID int, token string, expectedStatus int) {
+		req := NewRequest(t,
+			"GET",
+			fmt.Sprintf("/api/v1/repositories/%d", repoID)).
+			AddTokenAuth(token)
+		MakeRequest(t, req, expectedStatus)
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+
+		testCase(t, 1, allToken, http.StatusOK)  // public user2/repo1
+		testCase(t, 2, allToken, http.StatusOK)  // private user2/repo2
+		testCase(t, 16, allToken, http.StatusOK) // private org3/repo3
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadRepository)
+
+		testCase(t, 1, publicOnlyToken, http.StatusOK)        // public user2/repo1
+		testCase(t, 2, publicOnlyToken, http.StatusNotFound)  // private user2/repo2
+		testCase(t, 16, publicOnlyToken, http.StatusNotFound) // private org3/repo3
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadRepository},
+			[]int64{2},
+		)
+
+		testCase(t, 1, repo2OnlyToken, http.StatusOK)        // public user2/repo1, read-only outside of the auth'd repos
+		testCase(t, 2, repo2OnlyToken, http.StatusOK)        // private org3/repo3
+		testCase(t, 16, repo2OnlyToken, http.StatusNotFound) // private user2/repo20, outside of fine-grain
+	})
+}
+
 func TestAPIRepoMigrate(t *testing.T) {
 	testCases := []struct {
 		ctxUserID, userID  int64

From e870b9cb74a1292839a630c321d49ea300b5e04c Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 28 Feb 2026 15:12:04 -0700
Subject: [PATCH 381/854] docs: add release notes for PR #11457

---
 release-notes/11457.md | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 release-notes/11457.md

diff --git a/release-notes/11457.md b/release-notes/11457.md
new file mode 100644
index 0000000000..edd0199b0d
--- /dev/null
+++ b/release-notes/11457.md
@@ -0,0 +1,6 @@
+Accessing the `/repositories/{id}` API with a public-only access token did not restrict read access to only public repositories, which is now prevented.
+Accessing the `/repos/{owner}/{repo}/issues/{index}/dependencies` and `/repos/{owner}/{repo}/issues/{index}/blocks` APIs with a public-only access token had access to modification operations against private repositories in the *form* component of the API (not the URL component), which is now prevented.
+Accessing the `/repos/{owner}/{repo}/issues/{index}/dependencies` and `/repos/{owner}/{repo}/issues/{index}/blocks` APIs with a public-only access token could view dependencies or blocking issues from private repositories, which is now prevented.
+Accessing the `/repos/{owner}/{repo}/issues/{index}/timeline` API with a public-only access token could view comment cross-references from private repositories, which is now prevented.
+Accessing the `/teams/{id}/repos/{org}/{repo}` API with a public-only access token could view private repositories assigned to a team, which is now prevented.
+Access the watched repos and starred repos of a your own user through /user/subscriptions and /user/starred APIs with a public-only access token could view private repositories, which is now prevented.
\ No newline at end of file

From 4bd81d33636a1db904885780eac9ebaf89bcae94 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 28 Feb 2026 10:30:06 -0700
Subject: [PATCH 382/854] feat: add authorization reducer support to
 SearchRepoOptions

---
 models/repo/repo_list.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/models/repo/repo_list.go b/models/repo/repo_list.go
index 54f9cff007..5f56e43270 100644
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@@ -186,6 +186,8 @@ type SearchRepoOptions struct {
 	// - Don't show forks, when opts.Fork is OptionalBoolNone.
 	// - Do not display repositories that don't have a description, an icon and topics.
 	OnlyShowRelevant bool
+	// Filters repositories based upon optional authorization restrictions.
+	AuthorizationReducer RepositoryAuthorizationReducer
 }
 
 // UserOwnedRepoCond returns user ownered repositories
@@ -518,6 +520,10 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 		cond = cond.And(subQueryCond)
 	}
 
+	if opts.AuthorizationReducer != nil {
+		cond = cond.And(opts.AuthorizationReducer.RepoReadAccessFilter())
+	}
+
 	return cond
 }
 

From a309db27f2a0be453629600add5e29709582df37 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 19:12:14 -0700
Subject: [PATCH 383/854] feat: implement fine-grained access tokens in
 /user/repos

**Breaking**: a user's own public-only access tokens were previously
visible in the `/users/repos` API.  This access has been removed in this
change.
---
 routers/api/v1/user/repo.go        | 20 +++++---
 tests/integration/api_repo_test.go | 74 ++++++++++++++++++++++++++++++
 2 files changed, 87 insertions(+), 7 deletions(-)

diff --git a/routers/api/v1/user/repo.go b/routers/api/v1/user/repo.go
index 94dd3931e4..54e18b1aae 100644
--- a/routers/api/v1/user/repo.go
+++ b/routers/api/v1/user/repo.go
@@ -115,11 +115,12 @@ func ListMyRepos(ctx *context.APIContext) {
 	//     "$ref": "#/responses/validationError"
 
 	opts := &repo_model.SearchRepoOptions{
-		ListOptions:        utils.GetListOptions(ctx),
-		Actor:              ctx.Doer,
-		OwnerID:            ctx.Doer.ID,
-		Private:            ctx.IsSigned,
-		IncludeDescription: true,
+		ListOptions:          utils.GetListOptions(ctx),
+		Actor:                ctx.Doer,
+		OwnerID:              ctx.Doer.ID,
+		Private:              ctx.IsSigned,
+		IncludeDescription:   true,
+		AuthorizationReducer: ctx.Reducer,
 	}
 	orderBy := ctx.FormTrim("order_by")
 	switch orderBy {
@@ -148,9 +149,14 @@ func ListMyRepos(ctx *context.APIContext) {
 			ctx.Error(http.StatusInternalServerError, "LoadOwner", err)
 			return
 		}
-		permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+		permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
 		if err != nil {
-			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
+			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
+		} else if !permission.HasAccess() {
+			// It shouldn't happen that a repo is returned from SearchRepository which we have no access to at all. Due
+			// to the pagination of the API it doesn't make sense to skip it, as we wouldn't be giving the right number
+			// of results back to the API consumer.
+			ctx.Error(http.StatusInternalServerError, "InvalidAuthorizationReducer", "Repository was available from SearchRepository, but not readable.")
 		}
 		results[i] = convert.ToRepo(ctx, repo, permission)
 	}
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index 2b48bd329e..72ebd1cb71 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -966,3 +966,77 @@ func TestAPIListOwnRepoSorting(t *testing.T) {
 		assert.Equal(t, "test_workflows", repos[1].Name)
 	})
 }
+
+func TestAPIListOwnRepoAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	var repos []api.Repository
+
+	// Test cases repo1 (public), repo2 (private), repo16 (private).
+	session := loginUser(t, "user2")
+
+	find := func() (bool, bool, bool) {
+		foundRepo1 := false  // public user2/repo1
+		foundRepo2 := false  // private user2/repo2
+		foundRepo16 := false // second private repo user2/repo16 used in fine-grain testing, included as baseline
+		for _, repo := range repos {
+			switch repo.Name {
+			case "repo1":
+				foundRepo1 = true
+			case "repo2":
+				foundRepo2 = true
+			case "repo16":
+				foundRepo16 = true
+			}
+		}
+		return foundRepo1, foundRepo2, foundRepo16
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadRepository)
+
+		req := NewRequest(t, "GET", "/api/v1/user/repos").AddTokenAuth(allToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)  // public user2/repo1
+		assert.True(t, foundRepo2)  // private user2/repo2
+		assert.True(t, foundRepo16) // private user2/repo16, used in fine-grain testing, included as baseline
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadRepository)
+
+		req := NewRequest(t, "GET", "/api/v1/user/repos").AddTokenAuth(publicOnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public user2/repo1
+		assert.False(t, foundRepo2)  // private user2/repo2
+		assert.False(t, foundRepo16) // private user2/repo16
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadRepository},
+			[]int64{2},
+		)
+
+		req := NewRequest(t, "GET", "/api/v1/user/repos").AddTokenAuth(repo2OnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public user2/repo1, allowed as it's public and read-access only
+		assert.True(t, foundRepo2)   // private user2/repo2, allowed inside fine-grain
+		assert.False(t, foundRepo16) // private user2/repo16, denied outside fine-grain
+	})
+}

From cac675bc2177bc1f94b60c451ed102bc90bd74a1 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 19:11:45 -0700
Subject: [PATCH 384/854] feat: implement fine-grained access tokens on
 /users/{username}/repos & /orgs/{org}/repos

**Breaking**: when using a public-only access tokens, private
repositories were not filtered out by the `/users/{username}/repos` or
`/orgs/{org}/repos` APIs.  This access has been removed in this change.
---
 routers/api/v1/user/repo.go        | 13 +++---
 tests/integration/api_repo_test.go | 74 ++++++++++++++++++++++++++++++
 2 files changed, 81 insertions(+), 6 deletions(-)

diff --git a/routers/api/v1/user/repo.go b/routers/api/v1/user/repo.go
index 54e18b1aae..4d23b5c643 100644
--- a/routers/api/v1/user/repo.go
+++ b/routers/api/v1/user/repo.go
@@ -20,10 +20,11 @@ func listUserRepos(ctx *context.APIContext, u *user_model.User, private bool) {
 	opts := utils.GetListOptions(ctx)
 
 	repos, count, err := repo_model.GetUserRepositories(ctx, &repo_model.SearchRepoOptions{
-		Actor:       u,
-		Private:     private,
-		ListOptions: opts,
-		OrderBy:     "id ASC",
+		Actor:                u,
+		Private:              private,
+		ListOptions:          opts,
+		OrderBy:              "id ASC",
+		AuthorizationReducer: ctx.Reducer,
 	})
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "GetUserRepositories", err)
@@ -37,9 +38,9 @@ func listUserRepos(ctx *context.APIContext, u *user_model.User, private bool) {
 
 	apiRepos := make([]*api.Repository, 0, len(repos))
 	for i := range repos {
-		permission, err := access_model.GetUserRepoPermission(ctx, repos[i], ctx.Doer)
+		permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repos[i], ctx.Doer, ctx.Reducer)
 		if err != nil {
-			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
+			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
 			return
 		}
 		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index 72ebd1cb71..bdcf4a85b4 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -55,6 +55,80 @@ func TestAPIUserReposWithWrongToken(t *testing.T) {
 	assert.Contains(t, resp.Body.String(), "access token does not exist")
 }
 
+func TestAPIUserReposAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	var repos []api.Repository
+
+	// Test cases repo1 (public), repo2 (private), repo16 (private).
+	session := loginUser(t, "user2")
+
+	find := func() (bool, bool, bool) {
+		foundRepo1 := false  // public user2/repo1
+		foundRepo2 := false  // private user2/repo2
+		foundRepo16 := false // second private repo user2/repo16 used in fine-grain testing, included as baseline
+		for _, repo := range repos {
+			switch repo.Name {
+			case "repo1":
+				foundRepo1 = true
+			case "repo2":
+				foundRepo2 = true
+			case "repo16":
+				foundRepo16 = true
+			}
+		}
+		return foundRepo1, foundRepo2, foundRepo16
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadRepository)
+
+		req := NewRequest(t, "GET", "/api/v1/users/user2/repos").AddTokenAuth(allToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)  // public user2/repo1
+		assert.True(t, foundRepo2)  // private user2/repo2
+		assert.True(t, foundRepo16) // private user2/repo16, used in fine-grain testing, included as baseline
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadRepository)
+
+		req := NewRequest(t, "GET", "/api/v1/users/user2/repos").AddTokenAuth(publicOnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public user2/repo1
+		assert.False(t, foundRepo2)  // private user2/repo2
+		assert.False(t, foundRepo16) // private user2/repo16
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopeReadRepository},
+			[]int64{2},
+		)
+
+		req := NewRequest(t, "GET", "/api/v1/users/user2/repos").AddTokenAuth(repo2OnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public user2/repo1, allowed as it's public and read-access only
+		assert.True(t, foundRepo2)   // private user2/repo2, allowed inside fine-grain
+		assert.False(t, foundRepo16) // private user2/repo16, denied outside fine-grain
+	})
+}
+
 func TestAPISearchRepo(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	const keyword = "test"

From 0eca229d152a9f0ec19c936bfec22dd576af5aaa Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Feb 2026 19:00:25 -0700
Subject: [PATCH 385/854] feat: implement fine-grained access tokens in
 /teams/{id}/repos

**Breaking*: /teams/{id}/repos previously allowed read access to private
repositories even if a "public-only" access token was in-use.  This has
been restricted to only return public repositories in this case.
---
 models/organization/team_repo.go              |  5 ++
 routers/api/v1/org/team.go                    | 14 +++-
 tests/integration/api_team_test.go            | 78 ++++++++++++++++++-
 .../team.yml                                  |  4 +
 .../team_repo.yml                             | 15 ++++
 .../team_user.yml                             |  5 ++
 6 files changed, 116 insertions(+), 5 deletions(-)
 create mode 100644 tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team.yml
 create mode 100644 tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team_repo.yml
 create mode 100644 tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team_user.yml

diff --git a/models/organization/team_repo.go b/models/organization/team_repo.go
index 334b139808..9331537e19 100644
--- a/models/organization/team_repo.go
+++ b/models/organization/team_repo.go
@@ -34,6 +34,8 @@ func HasTeamRepo(ctx context.Context, orgID, teamID, repoID int64) bool {
 type SearchTeamRepoOptions struct {
 	db.ListOptions
 	TeamID int64
+	// Filters repositories based upon optional authorization restrictions.
+	AuthorizationReducer repo_model.RepositoryAuthorizationReducer
 }
 
 // GetRepositories returns paginated repositories in team of organization.
@@ -46,6 +48,9 @@ func GetTeamRepositories(ctx context.Context, opts *SearchTeamRepoOptions) (repo
 				Where(builder.Eq{"team_id": opts.TeamID}),
 		)
 	}
+	if opts.AuthorizationReducer != nil {
+		sess = sess.Where(opts.AuthorizationReducer.RepoReadAccessFilter())
+	}
 	if opts.PageSize > 0 {
 		sess.Limit(opts.PageSize, (opts.Page-1)*opts.PageSize)
 	}
diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go
index cc08133afe..1fdaca02bd 100644
--- a/routers/api/v1/org/team.go
+++ b/routers/api/v1/org/team.go
@@ -572,8 +572,9 @@ func GetTeamRepos(ctx *context.APIContext) {
 
 	team := ctx.Org.Team
 	teamRepos, err := organization.GetTeamRepositories(ctx, &organization.SearchTeamRepoOptions{
-		ListOptions: utils.GetListOptions(ctx),
-		TeamID:      team.ID,
+		ListOptions:          utils.GetListOptions(ctx),
+		TeamID:               team.ID,
+		AuthorizationReducer: ctx.Reducer,
 	})
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "GetTeamRepos", err)
@@ -581,10 +582,15 @@ func GetTeamRepos(ctx *context.APIContext) {
 	}
 	repos := make([]*api.Repository, len(teamRepos))
 	for i, repo := range teamRepos {
-		permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+		permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
 		if err != nil {
-			ctx.Error(http.StatusInternalServerError, "GetTeamRepos", err)
+			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
 			return
+		} else if !permission.HasAccess() {
+			// It shouldn't happen that a repo is returned from GetTeamRepositories which we have no access to at all.
+			// Due to the pagination of the API it doesn't make sense to skip it, as we wouldn't be giving the right
+			// number of results back to the API consumer.
+			ctx.Error(http.StatusInternalServerError, "InvalidAuthorizationReducer", "Repository was available from GetTeamRepositories, but not readable.")
 		}
 		repos[i] = convert.ToRepo(ctx, repo, permission)
 	}
diff --git a/tests/integration/api_team_test.go b/tests/integration/api_team_test.go
index 9413406b42..5332f6ba83 100644
--- a/tests/integration/api_team_test.go
+++ b/tests/integration/api_team_test.go
@@ -295,6 +295,82 @@ func TestAPITeamSearch(t *testing.T) {
 	MakeRequest(t, req, http.StatusForbidden)
 }
 
+func TestAPIGetTeamReposAccessTokenResources(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources")()
+	defer tests.PrepareTestEnv(t)()
+
+	var repos []api.Repository
+
+	// Test cases org3/repo21 (public), org3/repo3 (private), org3/repo5 (private) --
+	// TestAPIGetTeamReposAccessTokenResources fixtures create a team w/ ID=26 that contains all three repos.
+	session := loginUser(t, "user2")
+
+	find := func() (bool, bool, bool) {
+		foundRepo21 := false // public org3/repo21
+		foundRepo3 := false  // private org3/repo3
+		foundRepo5 := false  // second private repo org3/repo5 used in fine-grain testing, included as baseline
+		for _, repo := range repos {
+			switch repo.Name {
+			case "repo21":
+				foundRepo21 = true
+			case "repo3":
+				foundRepo3 = true
+			case "repo5":
+				foundRepo5 = true
+			}
+		}
+		return foundRepo21, foundRepo3, foundRepo5
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
+
+		req := NewRequest(t, "GET", "/api/v1/teams/26/repos").AddTokenAuth(allToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo21, foundRepo3, foundRepo5 := find()
+
+		assert.True(t, foundRepo21) // public org3/repo21
+		assert.True(t, foundRepo3)  // private org3/repo3
+		assert.True(t, foundRepo5)  // private org3/repo5, used in fine-grain testing, included as baseline
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadOrganization)
+
+		req := NewRequest(t, "GET", "/api/v1/teams/26/repos").AddTokenAuth(publicOnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo21, foundRepo3, foundRepo5 := find()
+
+		assert.True(t, foundRepo21) // public org3/repo21
+		assert.False(t, foundRepo3) // private org3/repo3
+		assert.False(t, foundRepo5) // private org3/repo5
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadOrganization},
+			[]int64{3},
+		)
+
+		req := NewRequest(t, "GET", "/api/v1/teams/26/repos").AddTokenAuth(repo2OnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &repos)
+		foundRepo21, foundRepo3, foundRepo5 := find()
+
+		assert.True(t, foundRepo21) // public org3/repo21, allowed as it's public and read-access only
+		assert.True(t, foundRepo3)  // private org3/repo3, allowed inside fine-grain
+		assert.False(t, foundRepo5) // private org3/repo5, denied outside fine-grain
+	})
+}
+
 func TestAPIGetTeamRepo(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
@@ -325,7 +401,7 @@ func TestAPIGetTeamRepoAccessTokenResources(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	// Test cases org3/repo21 (public), org3/repo3 (private), org3/repo5 (private) --
-	// TestAPIGetTeamReposAccessTokenResources fixtures create a team w/ ID=26 that contains all three repos.
+	// TestAPIGetTeamRepoAccessTokenResources fixtures create a team w/ ID=26 that contains all three repos.
 	session := loginUser(t, "user2")
 
 	var repo api.Repository
diff --git a/tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team.yml b/tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team.yml
new file mode 100644
index 0000000000..19b2a3bc29
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team.yml
@@ -0,0 +1,4 @@
+-
+  id: 26
+  org_id: 3
+  includes_all_repositories: false
diff --git a/tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team_repo.yml b/tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team_repo.yml
new file mode 100644
index 0000000000..285514a4f2
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team_repo.yml
@@ -0,0 +1,15 @@
+-
+  id: 20
+  org_id: 3
+  team_id: 26
+  repo_id: 32 # org3/repo21 - public
+-
+  id: 21
+  org_id: 3
+  team_id: 26
+  repo_id: 3 # org3/repo3 - private
+-
+  id: 22
+  org_id: 3
+  team_id: 26
+  repo_id: 5 # org3/repo5 - private
diff --git a/tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team_user.yml b/tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team_user.yml
new file mode 100644
index 0000000000..8fb6e84ca6
--- /dev/null
+++ b/tests/integration/fixtures/TestAPIGetTeamReposAccessTokenResources/team_user.yml
@@ -0,0 +1,5 @@
+-
+  id: 30
+  org_id: 3
+  team_id: 26
+  uid: 2

From 2192184d9b94624d285303869afbe3923639c212 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 28 Feb 2026 12:30:38 -0700
Subject: [PATCH 386/854] feat: implement fine-grained access tokens in
 /repos/search

---
 routers/api/v1/repo/repo.go        | 12 ++++-
 tests/integration/api_repo_test.go | 77 ++++++++++++++++++++++++++++++
 2 files changed, 88 insertions(+), 1 deletion(-)

diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index 4d514ec394..ad665770bf 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -131,6 +131,8 @@ func Search(ctx *context.APIContext) {
 	//   "422":
 	//     "$ref": "#/responses/validationError"
 
+	// Note that ctx.Resource's `RepoFilter()` will be added below, which may implement a PAT's scope to only display
+	// public repos regardless of the request for private repos in the API call.
 	private := ctx.IsSigned && (ctx.FormString("private") == "" || ctx.FormBool("private"))
 	if ctx.PublicOnly {
 		private = false
@@ -149,6 +151,8 @@ func Search(ctx *context.APIContext) {
 		Template:           optional.None[bool](),
 		StarredByID:        ctx.FormInt64("starredBy"),
 		IncludeDescription: ctx.FormBool("includeDesc"),
+
+		AuthorizationReducer: ctx.Reducer,
 	}
 
 	if ctx.FormString("template") != "" {
@@ -222,13 +226,19 @@ func Search(ctx *context.APIContext) {
 			})
 			return
 		}
-		permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+		permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
 		if err != nil {
 			ctx.JSON(http.StatusInternalServerError, api.SearchError{
 				OK:    false,
 				Error: err.Error(),
 			})
+		} else if !permission.HasAccess() {
+			// It shouldn't happen that a repo is returned from GetTeamRepositories which we have no access to at all.
+			// Due to the pagination of the API it doesn't make sense to skip it, as we wouldn't be giving the right
+			// number of results back to the API consumer.
+			ctx.Error(http.StatusInternalServerError, "InvalidAuthorizationReducer", "Repository was available from SearchRepository, but not readable.")
 		}
+
 		results[i] = convert.ToRepo(ctx, repo, permission)
 	}
 	ctx.SetLinkHeader(int(count), opts.PageSize)
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index bdcf4a85b4..ee2f1fc568 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -324,6 +324,83 @@ func TestAPISearchRepo(t *testing.T) {
 	}
 }
 
+func TestAPISearchRepoAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	var searchResults *api.SearchResults
+
+	// Test cases repo1 (public), repo2 (private), repo16 (private).
+	session := loginUser(t, "user2")
+
+	find := func() (bool, bool, bool) {
+		foundRepo1 := false  // public user2/repo1
+		foundRepo2 := false  // private user2/repo2
+		foundRepo16 := false // second private repo user2/repo16 used in fine-grain testing, included as baseline
+		for _, repo := range searchResults.Data {
+			switch repo.Name {
+			case "repo1":
+				foundRepo1 = true
+			case "repo2":
+				foundRepo2 = true
+			case "repo16":
+				foundRepo16 = true
+			}
+		}
+		return foundRepo1, foundRepo2, foundRepo16
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+
+		req := NewRequest(t, "GET", "/api/v1/repos/search").AddTokenAuth(allToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &searchResults)
+		require.True(t, searchResults.OK)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)  // public user2/repo1
+		assert.True(t, foundRepo2)  // private user2/repo2
+		assert.True(t, foundRepo16) // private user2/repo16, used in fine-grain testing, included as baseline
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadRepository)
+
+		req := NewRequest(t, "GET", "/api/v1/repos/search").AddTokenAuth(publicOnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &searchResults)
+		require.True(t, searchResults.OK)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public user2/repo1
+		assert.False(t, foundRepo2)  // private user2/repo2
+		assert.False(t, foundRepo16) // private user2/repo16
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadRepository},
+			[]int64{2},
+		)
+
+		req := NewRequest(t, "GET", "/api/v1/repos/search").AddTokenAuth(repo2OnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &searchResults)
+		require.True(t, searchResults.OK)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public user2/repo1, allowed as it's public and read-access only
+		assert.True(t, foundRepo2)   // private user2/repo2, allowed inside fine-grain
+		assert.False(t, foundRepo16) // private user2/repo16, denied outside fine-grain
+	})
+}
+
 var repoCache = make(map[int64]*repo_model.Repository)
 
 func getRepo(t *testing.T, repoID int64) *repo_model.Repository {

From 0da4505a4963a5f401167fd719d928f80b741ad8 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 15 Feb 2026 14:17:38 -0700
Subject: [PATCH 387/854] feat: implement fine-grained access tokens in
 /repos/issues/search

---
 routers/api/v1/repo/issue.go        |  2 +
 tests/integration/api_issue_test.go | 91 +++++++++++++++++++++++++++++
 2 files changed, 93 insertions(+)

diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go
index e3b41eed81..1ebfe8352c 100644
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@@ -166,6 +166,8 @@ func SearchIssues(ctx *context.APIContext) {
 			// MySQL will return different results when sorting by null in some cases
 			OrderBy: db.SearchOrderByAlphabetically,
 			Actor:   ctx.Doer,
+
+			AuthorizationReducer: ctx.Reducer,
 		}
 		if ctx.IsSigned {
 			opts.Private = !ctx.PublicOnly
diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go
index 282d418316..3f57e31757 100644
--- a/tests/integration/api_issue_test.go
+++ b/tests/integration/api_issue_test.go
@@ -660,6 +660,97 @@ func TestAPISearchIssuesWithLabels(t *testing.T) {
 	assert.Len(t, apiIssues, 2)
 }
 
+func TestAPISearchIssuesAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	var issues []*api.Issue
+
+	// Test repos: repo1 (public), repo2 (private), repo16 (private).
+	session := loginUser(t, "user2")
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteIssue)
+
+	// On those three test repos, create an issue with a specific title for search.
+	for _, repo := range []string{"repo1", "repo2", "repo16"} {
+		trueBool := true
+		// Enable issues on each target repo as well
+		req := NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/repos/user2/%s", repo), &api.EditRepoOption{
+			HasIssues: &trueBool,
+		}).AddTokenAuth(writeToken)
+		MakeRequest(t, req, http.StatusOK)
+
+		req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/user2/%s/issues", repo), &api.CreateIssueOption{
+			Body:  "body: abracadabra",
+			Title: "important issue",
+		}).AddTokenAuth(writeToken)
+		MakeRequest(t, req, http.StatusCreated)
+	}
+
+	find := func() (bool, bool, bool) {
+		foundRepo1 := false  // public user2/repo1
+		foundRepo2 := false  // private user2/repo2
+		foundRepo16 := false // second private repo user2/repo16 used in fine-grain testing, included as baseline
+		for _, issue := range issues {
+			switch issue.Repo.Name {
+			case "repo1":
+				foundRepo1 = true
+			case "repo2":
+				foundRepo2 = true
+			case "repo16":
+				foundRepo16 = true
+			}
+		}
+		return foundRepo1, foundRepo2, foundRepo16
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue)
+
+		req := NewRequest(t, "GET", "/api/v1/repos/issues/search").AddTokenAuth(allToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &issues)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)  // public user2/repo1
+		assert.True(t, foundRepo2)  // private user2/repo2
+		assert.True(t, foundRepo16) // private user2/repo16, used in fine-grain testing, included as baseline
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadIssue)
+
+		req := NewRequest(t, "GET", "/api/v1/repos/issues/search").AddTokenAuth(publicOnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &issues)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public user2/repo1
+		assert.False(t, foundRepo2)  // private user2/repo2
+		assert.False(t, foundRepo16) // private user2/repo16
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadIssue},
+			[]int64{2},
+		)
+
+		req := NewRequest(t, "GET", "/api/v1/repos/issues/search").AddTokenAuth(repo2OnlyToken)
+		resp := MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &issues)
+		foundRepo1, foundRepo2, foundRepo16 := find()
+
+		assert.True(t, foundRepo1)   // public user2/repo1, allowed as it's public and read-access only
+		assert.True(t, foundRepo2)   // private user2/repo2, allowed inside fine-grain
+		assert.False(t, foundRepo16) // private user2/repo16, denied outside fine-grain
+	})
+}
+
 func TestAPIInternalAndExternalIssueTracker(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From b394e66d5fbbd4c4e2be46f28e6559aeed731eef Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 28 Feb 2026 15:42:26 -0700
Subject: [PATCH 388/854] docs: add release notes for PR #11458

---
 release-notes/11458.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 release-notes/11458.md

diff --git a/release-notes/11458.md b/release-notes/11458.md
new file mode 100644
index 0000000000..1447f9e273
--- /dev/null
+++ b/release-notes/11458.md
@@ -0,0 +1 @@
+feat: implement repo-specific access tokens in relevant search & list APIs.  **Breaking**: the following APIs could previously return private repositories when using a public-only access token, but can no longer do so: `/user/repos`, `/users/{username}/repos`, `/orgs/{org}/repos`, and `/teams/{id}/repos`.
\ No newline at end of file

From 19474cab6198b565c87d7bed47a1869dc2ba7e7f Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 1 Mar 2026 23:10:37 +0100
Subject: [PATCH 389/854] Update module
 github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.10.1 (forgejo)
 (#11449)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile                         | 2 +-
 modules/git/foreachref/format.go | 2 +-
 routers/web/repo/setting/lfs.go  | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 27c2059ee9..ce271333c4 100644
--- a/Makefile
+++ b/Makefile
@@ -39,7 +39,7 @@ XGO_VERSION := go-1.21.x
 AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.6.1 # renovate: datasource=go
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.9.2 # renovate: datasource=go
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.7.2 # renovate: datasource=go
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.10.1 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.15 # renovate: datasource=go
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.1 # renovate: datasource=go
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
diff --git a/modules/git/foreachref/format.go b/modules/git/foreachref/format.go
index 75e315ad4a..2f5ec08991 100644
--- a/modules/git/foreachref/format.go
+++ b/modules/git/foreachref/format.go
@@ -53,7 +53,7 @@ func (f Format) Flag() string {
 	var formatFlag strings.Builder
 	for i, field := range f.fieldNames {
 		// field key and field value
-		formatFlag.WriteString(fmt.Sprintf("%s %%(%s)", field, field))
+		fmt.Fprintf(&formatFlag, "%s %%(%s)", field, field)
 
 		if i < len(f.fieldNames)-1 {
 			// note: escape delimiters to allow control characters as
diff --git a/routers/web/repo/setting/lfs.go b/routers/web/repo/setting/lfs.go
index 235a86820b..78184930d3 100644
--- a/routers/web/repo/setting/lfs.go
+++ b/routers/web/repo/setting/lfs.go
@@ -326,13 +326,13 @@ func LFSFileGet(ctx *context.Context) {
 			if index != len(lines)-1 {
 				line += "\n"
 			}
-			output.WriteString(fmt.Sprintf(`<li class="L%d" rel="L%d">%s</li>`, index+1, index+1, line))
+			fmt.Fprintf(&output, `<li class="L%d" rel="L%d">%s</li>`, index+1, index+1, line)
 		}
 		ctx.Data["FileContent"] = gotemplate.HTML(output.String())
 
 		output.Reset()
 		for i := 0; i < len(lines); i++ {
-			output.WriteString(fmt.Sprintf(`<span id="L%d">%d</span>`, i+1, i+1))
+			fmt.Fprintf(&output, `<span id="L%d">%d</span>`, i+1, i+1)
 		}
 		ctx.Data["LineNums"] = gotemplate.HTML(output.String())
 

From 59447e21718e2d430eb1a8c365226854a5ab281b Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 1 Mar 2026 23:29:15 +0100
Subject: [PATCH 390/854] Update module
 code.superseriousbusiness.org/exif-terminator to v0.11.1 (forgejo) (#11463)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11463
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b33cec2635..3e08d9e3a2 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	code.forgejo.org/go-chi/captcha v1.0.2
 	code.forgejo.org/go-chi/session v1.0.2
 	code.gitea.io/sdk/gitea v0.21.0
-	code.superseriousbusiness.org/exif-terminator v0.11.0
+	code.superseriousbusiness.org/exif-terminator v0.11.1
 	code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
 	connectrpc.com/connect v1.19.1
diff --git a/go.sum b/go.sum
index 6249342e01..db69e2578d 100644
--- a/go.sum
+++ b/go.sum
@@ -46,8 +46,8 @@ code.forgejo.org/xorm/xorm v1.3.9-forgejo.4 h1:kyJHREXNEIuzpMwQoouTbUldPP6s/UlL3
 code.forgejo.org/xorm/xorm v1.3.9-forgejo.4/go.mod h1:5ouTxqMcalQUvlBpQynRpzu/44GwaMpkA1nU+encsDE=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
 code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
-code.superseriousbusiness.org/exif-terminator v0.11.0 h1:Hof0MCcsa+1fS17gf86fTTZ8AQnMY9h9kzcc+2C6mVg=
-code.superseriousbusiness.org/exif-terminator v0.11.0/go.mod h1:9sutT1axa/kSdlPLlRFjCNKmyo/KNx8eX3XZvWBlAEY=
+code.superseriousbusiness.org/exif-terminator v0.11.1 h1:qnujLH4/Yk/CFtFMmtjozbdV6Ry5G3Q/E/mLlWm/gQI=
+code.superseriousbusiness.org/exif-terminator v0.11.1/go.mod h1:/Z+3DHSrefCzzN5ePkGjVYKFErRimoeUf694Gz8Pn/Y=
 code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0 h1:r9uq8StaSHYKJ8DklR9Xy+E9c40G1Z8yj5TRGi8L6+4=
 code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0/go.mod h1:IK1OlR6APjVB3E9tuYGvf0qXMrwP+TrzcHS5rf4wffQ=
 code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0 h1:I512jiIeXDC4//2BeSPrRM2ZS4wpBKUaPeTPxakMNGA=

From 44501c80ebd02635147a92aa1f44e5c3745cbbdc Mon Sep 17 00:00:00 2001
From: AngryDove <angrydove@noreply.codeberg.org>
Date: Mon, 2 Mar 2026 02:08:21 +0100
Subject: [PATCH 391/854] feat: add trace logging for oauth2 callback (#11175)

This change is to enable some additional trace logging for oauth2.

Initial setups can be a real pain to debug, and getting JWT back for debug purpose helps a lot i.e. checking claims, roles, groups.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11175
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: AngryDove <angrydove@noreply.codeberg.org>
Co-committed-by: AngryDove <angrydove@noreply.codeberg.org>
---
 routers/web/auth/oauth.go       |  10 ++
 tests/integration/oauth_test.go | 156 ++++++++++++++++++++++++++++++++
 2 files changed, 166 insertions(+)

diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index f925a5cbff..1fd4a0311b 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -998,6 +998,16 @@ func SignInOAuthCallback(ctx *context.Context) {
 	}
 
 	u, gothUser, err := oAuth2UserLoginCallback(ctx, authSource, ctx.Req, ctx.Resp)
+
+	log.Trace("OAuth2 Provider %s returned gothUser: UserID=%q, Email=%q, NickName=%q, Name=%q, FirstName=%q, LastName=%q, AvatarURL=%q",
+		authSource.Name, gothUser.UserID, gothUser.Email, gothUser.NickName, gothUser.Name, gothUser.FirstName, gothUser.LastName, gothUser.AvatarURL)
+	if gothUser.RawData != nil {
+		log.Trace("OAuth2 Provider %s RawData: %+v", authSource.Name, gothUser.RawData)
+	}
+	if gothUser.IDToken != "" {
+		log.Trace("OAuth2 Provider %s IDToken (decode at jwt.ms): %s", authSource.Name, gothUser.IDToken)
+	}
+
 	if err != nil {
 		if user_model.IsErrUserProhibitLogin(err) {
 			uplerr := err.(user_model.ErrUserProhibitLogin)
diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go
index 39b3c3494f..9220f03ccd 100644
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -14,12 +14,14 @@ import (
 	"net/url"
 	"strings"
 	"testing"
+	"time"
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/json"
+	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
@@ -1591,3 +1593,157 @@ func TestAccessTokenWithPKCE(t *testing.T) {
 		}
 	})
 }
+
+func TestSignInOAuthCallbackGothUserFields(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	// OAuth2 authentication source GitLab
+	gitlabName := "gitlab"
+	gitlab := addAuthSource(t, authSourcePayloadGitLabCustom(gitlabName))
+
+	// Create a user as if it had been previously created by the GitLab
+	// authentication source.
+	userGitLabUserID := "5678"
+	userGitLab := &user_model.User{
+		Name:        "gitlabuser",
+		Email:       "gitlabuser@example.com",
+		Passwd:      "gitlabuserpassword",
+		Type:        user_model.UserTypeIndividual,
+		LoginType:   auth_model.OAuth2,
+		LoginSource: gitlab.ID,
+		LoginName:   userGitLabUserID,
+	}
+	defer createUser(t.Context(), t, userGitLab)()
+
+	t.Run("Callback with all gothUser fields", func(t *testing.T) {
+		// Set up log checker to verify trace logs
+		logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
+		defer cleanup()
+		logChecker.Filter(
+			"OAuth2 Provider gitlab returned gothUser",
+			"OAuth2 Provider gitlab RawData:",
+			"OAuth2 Provider gitlab IDToken",
+		)
+
+		// Return a goth.User with all fields populated including RawData and IDToken
+		defer mockCompleteUserAuth(func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
+			return goth.User{
+				Provider:  gitlabName,
+				UserID:    userGitLabUserID,
+				Email:     userGitLab.Email,
+				NickName:  "gitlabnick",
+				Name:      "GitLab User",
+				FirstName: "GitLab",
+				LastName:  "User",
+				AvatarURL: "https://example.com/avatar.png",
+				RawData: map[string]any{
+					"sub":             userGitLabUserID,
+					"groups":          []string{"group1", "group2"},
+					"custom_claim":    "custom_value",
+					"nested_claim":    map[string]any{"key": "value"},
+					"array_of_values": []any{"val1", "val2", "val3"},
+				},
+				IDToken: "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.test",
+			}, nil
+		})()
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/user/oauth2/%s/callback?code=XYZ&state=XYZ", gitlabName))
+		resp := MakeRequest(t, req, http.StatusSeeOther)
+		assert.Equal(t, "/", test.RedirectURL(resp))
+
+		// Verify the user was logged in successfully
+		userAfterLogin := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userGitLab.ID})
+		assert.Greater(t, userAfterLogin.LastLoginUnix, userGitLab.LastLoginUnix)
+
+		// Verify all trace logs were outputted
+		logFiltered, _ := logChecker.Check(5 * time.Second)
+		assert.True(t, logFiltered[0], "Expected trace log with gothUser fields")
+		assert.True(t, logFiltered[1], "Expected trace log with RawData")
+		assert.True(t, logFiltered[2], "Expected trace log with IDToken")
+	})
+
+	t.Run("Callback with minimal gothUser fields", func(t *testing.T) {
+		// Set up log checker to verify trace logs
+		logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
+		defer cleanup()
+		logChecker.Filter(
+			"OAuth2 Provider gitlab returned gothUser",
+		)
+
+		// Return a goth.User with only required fields (no RawData or IDToken)
+		defer mockCompleteUserAuth(func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
+			return goth.User{
+				Provider: gitlabName,
+				UserID:   userGitLabUserID,
+				Email:    userGitLab.Email,
+			}, nil
+		})()
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/user/oauth2/%s/callback?code=XYZ&state=XYZ", gitlabName))
+		resp := MakeRequest(t, req, http.StatusSeeOther)
+		assert.Equal(t, "/", test.RedirectURL(resp))
+
+		// Verify basic trace log was outputted (but not RawData or IDToken logs)
+		logFiltered, _ := logChecker.Check(5 * time.Second)
+		assert.True(t, logFiltered[0], "Expected trace log with gothUser fields")
+	})
+
+	t.Run("Callback with RawData but no IDToken", func(t *testing.T) {
+		// Set up log checker to verify trace logs
+		logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
+		defer cleanup()
+		logChecker.Filter(
+			"OAuth2 Provider gitlab returned gothUser",
+			"OAuth2 Provider gitlab RawData:",
+		)
+
+		defer mockCompleteUserAuth(func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
+			return goth.User{
+				Provider: gitlabName,
+				UserID:   userGitLabUserID,
+				Email:    userGitLab.Email,
+				RawData: map[string]any{
+					"sub":    userGitLabUserID,
+					"groups": []string{"developers", "admins"},
+				},
+			}, nil
+		})()
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/user/oauth2/%s/callback?code=XYZ&state=XYZ", gitlabName))
+		resp := MakeRequest(t, req, http.StatusSeeOther)
+		assert.Equal(t, "/", test.RedirectURL(resp))
+
+		// Verify gothUser and RawData logs were outputted (but not IDToken log)
+		logFiltered, _ := logChecker.Check(5 * time.Second)
+		assert.True(t, logFiltered[0], "Expected trace log with gothUser fields")
+		assert.True(t, logFiltered[1], "Expected trace log with RawData")
+	})
+
+	t.Run("Callback with IDToken but no RawData", func(t *testing.T) {
+		// Set up log checker to verify trace logs
+		logChecker, cleanup := test.NewLogChecker(log.DEFAULT, log.TRACE)
+		defer cleanup()
+		logChecker.Filter(
+			"OAuth2 Provider gitlab returned gothUser",
+			"OAuth2 Provider gitlab IDToken",
+		)
+
+		defer mockCompleteUserAuth(func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
+			return goth.User{
+				Provider: gitlabName,
+				UserID:   userGitLabUserID,
+				Email:    userGitLab.Email,
+				IDToken:  "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIn0.test",
+			}, nil
+		})()
+
+		req := NewRequest(t, "GET", fmt.Sprintf("/user/oauth2/%s/callback?code=XYZ&state=XYZ", gitlabName))
+		resp := MakeRequest(t, req, http.StatusSeeOther)
+		assert.Equal(t, "/", test.RedirectURL(resp))
+
+		// Verify gothUser and IDToken logs were outputted (but not RawData log)
+		logFiltered, _ := logChecker.Check(5 * time.Second)
+		assert.True(t, logFiltered[0], "Expected trace log with gothUser fields")
+		assert.True(t, logFiltered[1], "Expected trace log with IDToken")
+	})
+}

From b921d5bdb334039152c14f1e1550d6d6e14a6607 Mon Sep 17 00:00:00 2001
From: panc <pan0xc@foxmail.com>
Date: Mon, 2 Mar 2026 05:04:57 +0100
Subject: [PATCH 392/854] fix(ui): fix dashboard some style issues (#11461)

1.  Remove excess left and right margins
2. Remove excess bottom margin
3. Fixed the missing top rounded corner when repo is 0

| Before | After |
|----|----|
| ![Screenshot From 2026-02-26 04-02-03](/attachments/37da4f21-ae28-4708-a6be-a3421ebf5717) | ![Screenshot From 2026-02-26 04-01-39](/attachments/20cd29c4-0cb7-49ec-b7bb-99568364b4b7) |
| ![Screenshot From 2026-02-26 04-03-02](/attachments/d238275e-f231-4ae3-8de6-9418452ed6eb) | ![Screenshot From 2026-02-26 04-03-09](/attachments/eed862ef-b1db-46ac-aba0-9ac3089024c7) |
| ![image](/attachments/157bbc3e-2cdc-45c6-b4ca-236b3620f867) | ![Screenshot From 2026-03-01 19-50-41](/attachments/f22d963d-86d7-4c17-831a-307f990b1696) |

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11461
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: panc <pan0xc@foxmail.com>
Co-committed-by: panc <pan0xc@foxmail.com>
---
 web_src/css/dashboard.css                   | 2 +-
 web_src/css/modules/segment.css             | 5 +++++
 web_src/js/components/DashboardRepoList.vue | 4 +---
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/web_src/css/dashboard.css b/web_src/css/dashboard.css
index 3a1fc34ed3..9790e517c7 100644
--- a/web_src/css/dashboard.css
+++ b/web_src/css/dashboard.css
@@ -57,7 +57,7 @@
 
 .dashboard .dashboard-repos,
 .dashboard .dashboard-orgs {
-  margin: 0 1px; /* Accommodate for Semantic's 1px hacks on .attached elements */
+  margin-bottom: 0;
 }
 
 .dashboard .secondary-nav {
diff --git a/web_src/css/modules/segment.css b/web_src/css/modules/segment.css
index 5e1d3602b0..76638cb639 100644
--- a/web_src/css/modules/segment.css
+++ b/web_src/css/modules/segment.css
@@ -165,6 +165,11 @@
   margin-top: 1rem;
   border-radius: 0.28571429rem 0.28571429rem 0 0;
 }
+
+.ui.top.attached.segment:only-child {
+  border-radius: var(--border-radius);
+}
+
 .ui.segment[class*="top attached"]:first-child {
   margin-top: 0;
 }
diff --git a/web_src/js/components/DashboardRepoList.vue b/web_src/js/components/DashboardRepoList.vue
index 7debf6240e..9bc655df32 100644
--- a/web_src/js/components/DashboardRepoList.vue
+++ b/web_src/js/components/DashboardRepoList.vue
@@ -391,7 +391,7 @@ export default {
           </div>
         </overflow-menu>
       </div>
-      <div v-if="repos.length" class="ui attached table segment tw-rounded-b">
+      <div v-if="repos.length" class="ui attached table segment">
         <ul class="repo-owner-name-list">
           <li class="tw-flex tw-items-center tw-py-2" v-for="repo, index in repos" :class="{'active': index === activeIndex}" :key="repo.id">
             <a class="repo-list-link muted" :href="repo.link">
@@ -482,10 +482,8 @@ ul li:not(:last-child) {
 }
 
 .repos-filter {
-  padding-top: 0 !important;
   margin-top: 0 !important;
   border-bottom-width: 0 !important;
-  margin-bottom: 2px !important;
 }
 
 .repos-filter .item {

From cce5f868cec11830d19126b90c659772708cd323 Mon Sep 17 00:00:00 2001
From: jaylinski <jaylinski@noreply.codeberg.org>
Date: Mon, 2 Mar 2026 06:03:39 +0100
Subject: [PATCH 393/854] chore(Dockerfile.rootless): remove legacy config file
 support (#11098)

This legacy support was added in version 8. We now have version 14, so this deprecated feature can be confidently removed.

See dad16cd5895a945c067ec6a2dacdac67afc8aa04 for a detailed explanation.

Docs PR: https://codeberg.org/forgejo/docs/pulls/1740

Co-authored-by: Jakob Linskeseder <jakob@linskeseder.com>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11098
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: jaylinski <jaylinski@noreply.codeberg.org>
Co-committed-by: jaylinski <jaylinski@noreply.codeberg.org>
---
 Dockerfile.rootless                              | 10 +++-------
 .../rootless/usr/local/bin/docker-entrypoint.sh  |  5 -----
 docker/rootless/usr/local/bin/docker-setup.sh    | 16 ++--------------
 release-notes/11098.md                           |  1 +
 4 files changed, 6 insertions(+), 26 deletions(-)
 create mode 100644 release-notes/11098.md

diff --git a/Dockerfile.rootless b/Dockerfile.rootless
index c4079fd918..785986e545 100644
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -86,8 +86,8 @@ RUN addgroup \
     -G git \
     git
 
-RUN mkdir -p /var/lib/gitea /etc/gitea
-RUN chown git:git /var/lib/gitea /etc/gitea
+RUN mkdir -p /var/lib/gitea
+RUN chown git:git /var/lib/gitea
 
 COPY --from=build-env /tmp/local /
 RUN cd /usr/local/bin ; ln -s gitea forgejo
@@ -103,13 +103,9 @@ ENV GITEA_CUSTOM=/var/lib/gitea/custom
 ENV GITEA_TEMP=/tmp/gitea
 ENV TMPDIR=/tmp/gitea
 
-# Legacy config file for backwards compatibility
-# TODO: remove on next major version release
-ENV GITEA_APP_INI_LEGACY=/etc/gitea/app.ini
-
 ENV GITEA_APP_INI=${GITEA_CUSTOM}/conf/app.ini
 ENV HOME="/var/lib/gitea/git"
-VOLUME ["/var/lib/gitea", "/etc/gitea"]
+VOLUME ["/var/lib/gitea"]
 WORKDIR /var/lib/gitea
 
 ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
diff --git a/docker/rootless/usr/local/bin/docker-entrypoint.sh b/docker/rootless/usr/local/bin/docker-entrypoint.sh
index e5fa41cc78..ca509214bf 100755
--- a/docker/rootless/usr/local/bin/docker-entrypoint.sh
+++ b/docker/rootless/usr/local/bin/docker-entrypoint.sh
@@ -13,10 +13,5 @@ fi
 if [ $# -gt 0 ]; then
     exec "$@"
 else
-    # TODO: remove on next major version release
-    # Honour legacy config file if existing
-    if [ -f ${GITEA_APP_INI_LEGACY} ]; then
-        GITEA_APP_INI=${GITEA_APP_INI_LEGACY}
-    fi
     exec /usr/local/bin/gitea -c ${GITEA_APP_INI} web
 fi
diff --git a/docker/rootless/usr/local/bin/docker-setup.sh b/docker/rootless/usr/local/bin/docker-setup.sh
index 09bbeabc63..7bcb78c88c 100755
--- a/docker/rootless/usr/local/bin/docker-setup.sh
+++ b/docker/rootless/usr/local/bin/docker-setup.sh
@@ -11,22 +11,10 @@ mkdir -p ${GITEA_CUSTOM} && chmod 0700 ${GITEA_CUSTOM}
 mkdir -p ${GITEA_TEMP} && chmod 0700 ${GITEA_TEMP}
 if [ ! -w ${GITEA_TEMP} ]; then echo "${GITEA_TEMP} is not writable"; exit 1; fi
 
-# TODO: remove on next major version release
-# Honour legacy config file if existing, but inform the user
-if [ -f ${GITEA_APP_INI_LEGACY} ] && [ ${GITEA_APP_INI} != ${GITEA_APP_INI_LEGACY} ]; then
-    GITEA_APP_INI_DEFAULT=/var/lib/gitea/custom/conf/app.ini
-    echo -e \
-      "\033[33mWARNING\033[0m: detected configuration file in deprecated default path ${GITEA_APP_INI_LEGACY}." \
-      "The new default is ${GITEA_APP_INI_DEFAULT}. To remove this warning, choose one of the options:\n" \
-      "* Move ${GITEA_APP_INI_LEGACY} to ${GITEA_APP_INI_DEFAULT} (or to \$GITEA_APP_INI if you want to override this variable)\n" \
-      "* Explicitly override GITEA_APP_INI=${GITEA_APP_INI_LEGACY} in the container environment"
-    GITEA_APP_INI=${GITEA_APP_INI_LEGACY}
-fi
-
-#Prepare config file
+# Prepare config file
 if [ ! -f ${GITEA_APP_INI} ]; then
 
-    #Prepare config file folder
+    # Prepare config file folder
     GITEA_APP_INI_DIR=$(dirname ${GITEA_APP_INI})
     mkdir -p ${GITEA_APP_INI_DIR} && chmod 0700 ${GITEA_APP_INI_DIR}
     if [ ! -w ${GITEA_APP_INI_DIR} ]; then echo "${GITEA_APP_INI_DIR} is not writable"; exit 1; fi
diff --git a/release-notes/11098.md b/release-notes/11098.md
new file mode 100644
index 0000000000..bab9505d8f
--- /dev/null
+++ b/release-notes/11098.md
@@ -0,0 +1 @@
+In Forgejo v8.0.0, the default location for the config file was changed from `/etc/gitea/app.ini` to `/var/lib/gitea/app.ini`. Backward compatibility logic and startup warnings were added to container setup and entrypoint scripts. Now they are removed. This change only affects those using container deployments with rootless images. If you have the config file stored in a volume bound to container's /etc/gitea, move it to the new location or override the environment variable `GITEA_APP_INI`. An unused volume `/etc/gitea` can be safely removed from the container after moving the config or if the deployment never used versions prior to v8.0.0.
\ No newline at end of file

From 9803d002ce23ec2aaa366501cc5ecd9d38e5f576 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 2 Mar 2026 13:37:56 +0100
Subject: [PATCH 394/854] Update module
 github.com/SaveTheRbtz/zstd-seekable-format-go/pkg to v0.8.0 (forgejo)
 (#11451)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11451
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 3e08d9e3a2..8825ffd3f7 100644
--- a/go.mod
+++ b/go.mod
@@ -26,7 +26,7 @@ require (
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/ProtonMail/go-crypto v1.3.0
 	github.com/PuerkitoBio/goquery v1.11.0
-	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2
+	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0
 	github.com/alecthomas/chroma/v2 v2.23.1
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
 	github.com/blevesearch/bleve/v2 v2.5.6
@@ -191,7 +191,7 @@ require (
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/btree v1.1.2 // indirect
+	github.com/google/btree v1.1.3 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/go-tpm v0.9.5 // indirect
diff --git a/go.sum b/go.sum
index db69e2578d..80d903b347 100644
--- a/go.sum
+++ b/go.sum
@@ -79,8 +79,8 @@ github.com/RoaringBitmap/roaring/v2 v2.4.5 h1:uGrrMreGjvAtTBobc0g5IrW1D5ldxDQYe2
 github.com/RoaringBitmap/roaring/v2 v2.4.5/go.mod h1:FiJcsfkGje/nZBZgCu0ZxCPOKD/hVXDS2dXi7/eUFE0=
 github.com/STARRY-S/zip v0.2.3 h1:luE4dMvRPDOWQdeDdUxUoZkzUIpTccdKdhHHsQJ1fm4=
 github.com/STARRY-S/zip v0.2.3/go.mod h1:lqJ9JdeRipyOQJrYSOtpNAiaesFO6zVDsE8GIGFaoSk=
-github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2 h1:cSXom2MoKJ9KPPw29RoZtHvUETY4F4n/kXl8m9btnQ0=
-github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.7.2/go.mod h1:JitQWJ8JuV4Y87l8VsHiiwhb3cgdyn68mX40s7NT6PA=
+github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0 h1:tgjwQrDH5m6jIYB7kac5IQZmfUzQNseac/e3H4VoCNE=
+github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0/go.mod h1:1HmmMEVsr+0R1QWahSeMJkjSkq6CYAZu1aIbYSpfJ4o=
 github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0=
 github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k=
 github.com/alecthomas/chroma/v2 v2.2.0/go.mod h1:vf4zrexSH54oEjJ7EdB65tGNHmH3pGZmVkgTP5RHvAs=
@@ -371,8 +371,8 @@ github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
 github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
-github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
+github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
+github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=

From ddcf37fdfe34a7abc6ea194b56872cfe9cc2c335 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 2 Mar 2026 13:56:59 +0100
Subject: [PATCH 395/854] Update module golang.org/x/net to v0.51.0 [SECURITY]
 (forgejo) (#11447)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11447
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8825ffd3f7..d871013779 100644
--- a/go.mod
+++ b/go.mod
@@ -104,7 +104,7 @@ require (
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.48.0
 	golang.org/x/image v0.36.0
-	golang.org/x/net v0.50.0
+	golang.org/x/net v0.51.0
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.19.0
 	golang.org/x/sys v0.41.0
diff --git a/go.sum b/go.sum
index 80d903b347..f70992469c 100644
--- a/go.sum
+++ b/go.sum
@@ -791,8 +791,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60=
-golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM=
+golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
+golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 6bac9e29e78feea37f2bf3db2e7b0cbdf8a85cd4 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Mon, 2 Mar 2026 15:34:09 +0100
Subject: [PATCH 396/854] Revert "fix: ensure actions logs are transferred when
 a task is done (#10008)" (#11462)

This reverts commit d4951968f0abbee8c614acec648240c4b25e7ec7, #10008.

When Forgejo cancels a job server-side, for example due to an additional push to an open PR, it immediately archives the logs from DBFS to disk due to the changes in #10008.  Then, the runner recognizes that the job status is cancelled and it attempts to flush its pending logs to Forgejo, resulting in warnings being logged:

```
forgejo-runner.log:time="2026-02-23T01:32:11+01:00" level=warning msg="uploading final logs failed, but will be retried: already_exists: log file has been archived" task_id=51
forgejo-runner.log:time="2026-02-23T01:32:11+01:00" level=warning msg="uploading final logs failed, but will be retried: already_exists: log file has been archived" task_id=51
forgejo-runner.log:time="2026-02-23T01:32:11+01:00" level=warning msg="uploading final logs failed, but will be retried: already_exists: log file has been archived" task_id=51
forgejo-runner.log:time="2026-02-23T01:32:12+01:00" level=warning msg="uploading final logs failed, but will be retried: already_exists: log file has been archived" task_id=51
forgejo-runner.log:time="2026-02-23T01:32:13+01:00" level=warning msg="uploading final logs failed, but will be retried: already_exists: log file has been archived" task_id=51
forgejo-runner.log:time="2026-02-23T01:32:14+01:00" level=warning msg="uploading final logs failed, but will be retried: already_exists: log file has been archived" task_id=51
forgejo-runner.log:time="2026-02-23T01:32:16+01:00" level=info msg="runner: received shutdown signal"
forgejo-runner.log:time="2026-02-23T01:32:16+01:00" level=info msg="runner: shutdown initiated, waiting [runner].shutdown_timeout=0s for running jobs to complete before shutting down"
forgejo-runner.log:time="2026-02-23T01:32:16+01:00" level=info msg="[poller] shutdown begin, 1 tasks currently running"
forgejo-runner.log:time="2026-02-23T01:32:16+01:00" level=info msg="forcing the jobs to shutdown"
forgejo-runner.log:time="2026-02-23T01:32:18+01:00" level=warning msg="uploading final logs failed, but will be retried: already_exists: log file has been archived" task_id=51
forgejo-runner.log:time="2026-02-23T01:32:24+01:00" level=warning msg="uploading final logs failed, but will be retried: already_exists: log file has been archived" task_id=51
```

This appears to be the cause of the `push-cancel` end-to-end test failing since #10008 was merged.  https://code.forgejo.org/forgejo/end-to-end/actions/runs/4985/jobs/8/attempt/1   The `push-cancel` test case itself seems to succeed, but then the test process aborts with `return 1`.  Doesn't reproduce locally.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11462
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 routers/api/actions/runner/runner.go | 14 +++++++++++++-
 services/actions/clear_tasks.go      | 13 +++++++++++++
 services/actions/task.go             |  8 +-------
 3 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go
index e079aa8de8..5a29dd7ab7 100644
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -336,9 +336,21 @@ func (s *Service) UpdateLog(
 
 	res.Msg.AckIndex = task.LogLength
 
-	if err := actions_model.UpdateTask(ctx, task, "log_indexes", "log_length", "log_size"); err != nil {
+	var remove func()
+	if req.Msg.NoMore {
+		task.LogInStorage = true
+		remove, err = actions.TransferLogs(ctx, task.LogFilename)
+		if err != nil {
+			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("transfer logs: %w", err))
+		}
+	}
+
+	if err := actions_model.UpdateTask(ctx, task, "log_indexes", "log_length", "log_size", "log_in_storage"); err != nil {
 		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("update task: %w", err))
 	}
+	if remove != nil {
+		remove()
+	}
 
 	return res, nil
 }
diff --git a/services/actions/clear_tasks.go b/services/actions/clear_tasks.go
index d597ad313b..507659d085 100644
--- a/services/actions/clear_tasks.go
+++ b/services/actions/clear_tasks.go
@@ -10,6 +10,7 @@ import (
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
+	"forgejo.org/modules/actions"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
@@ -53,6 +54,18 @@ func stopTasks(ctx context.Context, opts actions_model.FindTaskOptions) error {
 			log.Warn("Cannot stop task %v: %v", task.ID, err)
 			continue
 		}
+
+		remove, err := actions.TransferLogs(ctx, task.LogFilename)
+		if err != nil {
+			log.Warn("Cannot transfer logs of task %v: %v", task.ID, err)
+			continue
+		}
+		task.LogInStorage = true
+		if err := actions_model.UpdateTask(ctx, task, "log_in_storage"); err != nil {
+			log.Warn("Cannot update task %v: %v", task.ID, err)
+			continue
+		}
+		remove()
 	}
 
 	CreateCommitStatus(ctx, jobs...)
diff --git a/services/actions/task.go b/services/actions/task.go
index 141678549c..4f78092bdb 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -263,7 +263,7 @@ func StopTask(ctx context.Context, taskID int64, status actions_model.Status) er
 		}
 	}
 
-	return TransferLogsAndUpdateLogInStorage(ctx, task)
+	return nil
 }
 
 // UpdateTaskByState updates the task by the state.
@@ -319,12 +319,6 @@ func UpdateTaskByState(ctx context.Context, runnerID int64, state *runnerv1.Task
 		}
 	}
 
-	if task.Status.IsDone() {
-		if err := TransferLogsAndUpdateLogInStorage(ctx, task); err != nil {
-			return nil, err
-		}
-	}
-
 	if err := task.LoadAttributes(ctx); err != nil {
 		return nil, err
 	}

From a0faae27645d0111c940abe6137f2ce2ff95fb52 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Mon, 2 Mar 2026 23:32:40 +0100
Subject: [PATCH 397/854] fix(ui/mde): inputs in table/link insertion modals
 (#11341)

Fixes #11268
Fixes regression of #9614

Calling `initDisabledInputs` wasn't effective for template contents, so inputs in MDEs spawned by repo-legacy.js on comment editing were broken. Now repo-legacy.js also calls it when it spawns a new MDE.

Co-authored-by: Gusted <Gusted@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11341
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 tests/e2e/issue-comment.test.e2e.ts   |  14 ++-
 tests/e2e/markdown-editor.test.e2e.ts | 132 ++++++++++++++++++--------
 tests/e2e/org-members.test.e2e.ts     |   3 +-
 tests/e2e/switch.test.e2e.ts          |  40 +++++---
 web_src/js/features/common-global.js  |   8 +-
 web_src/js/features/repo-legacy.js    |   3 +-
 web_src/js/index.js                   |   2 +-
 7 files changed, 136 insertions(+), 66 deletions(-)

diff --git a/tests/e2e/issue-comment.test.e2e.ts b/tests/e2e/issue-comment.test.e2e.ts
index 238fc30fc0..94e4bb7243 100644
--- a/tests/e2e/issue-comment.test.e2e.ts
+++ b/tests/e2e/issue-comment.test.e2e.ts
@@ -1,3 +1,6 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 // @watch start
 // web_src/js/features/comp/**
 // web_src/js/features/repo-**
@@ -108,17 +111,18 @@ test.describe('Button text replaced by JS', () => {
     await commentField.fill('Blah blah');
     await expect(statusButton.getByText('Reopen with comment')).toBeVisible();
     await expect(statusButtonIcon).toBeVisible();
-
-    return true;
   }
 
   test('Issue', async ({page}) => {
-    // All actual expect() are happening in the helper
-    expect(await testPage(page, '/user2/repo2/issues/2', 'Close issue')).toBeTruthy();
+    await expect(async () => {
+      await testPage(page, '/user2/repo2/issues/2', 'Close issue');
+    }).toPass();
   });
 
   test('PR', async ({page}) => {
-    expect(await testPage(page, '/user2/repo1/pulls/5', 'Close pull request')).toBeTruthy();
+    await expect(async () => {
+      await testPage(page, '/user2/repo1/pulls/5', 'Close pull request');
+    }).toPass();
   });
 });
 
diff --git a/tests/e2e/markdown-editor.test.e2e.ts b/tests/e2e/markdown-editor.test.e2e.ts
index cc8a7be2d1..5be8c1ed67 100644
--- a/tests/e2e/markdown-editor.test.e2e.ts
+++ b/tests/e2e/markdown-editor.test.e2e.ts
@@ -1,3 +1,6 @@
+// Copyright 2024 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 // @watch start
 // web_src/js/modules/tab.ts
 // web_src/css/modules/tab.css
@@ -6,7 +9,7 @@
 // templates/shared/combomarkdowneditor.tmpl
 // @watch end
 
-import {expect} from '@playwright/test';
+import {expect, type Page} from '@playwright/test';
 import {accessibilityCheck} from './shared/accessibility.ts';
 import {test} from './utils_e2e.ts';
 import {screenshot} from './shared/screenshots.ts';
@@ -349,53 +352,100 @@ test('Markdown list continuation', async ({page}) => {
 });
 
 test('Markdown insert table', async ({page}) => {
-  const response = await page.goto('/user2/repo1/issues/new');
+  async function evaluateTableInsertion(page: Page, selector: string, isEditing: boolean) {
+    const area = page.locator(selector);
+
+    let expectedContent = '| Header  | Header  |\n|---------|---------|\n| Content | Content |\n| Content | Content |\n| Content | Content |\n';
+
+    if (isEditing) {
+      // Preparations for evaluating comment editing
+      await area.locator('.context-dropdown').click();
+      await area.locator('.context-dropdown .edit-content').click();
+      expectedContent = `good work!${expectedContent}`;
+    }
+
+    const newTableButton = area.locator('button[data-md-action="new-table"]');
+    await newTableButton.click();
+
+    const newTableModal = page.locator('[data-modal-name="new-markdown-table"].active');
+    await expect(newTableModal).toBeVisible();
+    await screenshot(page);
+
+    const rowsInput = newTableModal.locator('input[name="table-rows"]');
+    const columnsInput = newTableModal.locator('input[name="table-columns"]');
+
+    await expect(rowsInput).not.toHaveAttribute('disabled');
+    await expect(columnsInput).not.toHaveAttribute('disabled');
+
+    await rowsInput.fill('3');
+    await columnsInput.fill('2');
+
+    await newTableModal.locator('button[data-selector-name="ok-button"]').click();
+
+    await expect(newTableModal).toBeHidden();
+
+    const textarea = area.locator('textarea[name=content]');
+    await expect(textarea).toHaveValue(expectedContent);
+    await screenshot(page);
+  }
+
+  const response = await page.goto('/user2/repo1/issues/1');
   expect(response?.status()).toBe(200);
 
-  const newTableButton = page.locator('button[data-md-action="new-table"]');
-  await newTableButton.click();
-
-  const newTableModal = page.locator('div[data-markdown-table-modal-id="0"]');
-  await expect(newTableModal).toBeVisible();
-  await screenshot(page);
-
-  await newTableModal.locator('input[name="table-rows"]').fill('3');
-  await newTableModal.locator('input[name="table-columns"]').fill('2');
-
-  await newTableModal.locator('button[data-selector-name="ok-button"]').click();
-
-  await expect(newTableModal).toBeHidden();
-
-  const textarea = page.locator('textarea[name=content]');
-  await expect(textarea).toHaveValue('| Header  | Header  |\n|---------|---------|\n| Content | Content |\n| Content | Content |\n| Content | Content |\n');
-  await screenshot(page);
+  await expect(async () => {
+    await evaluateTableInsertion(page, '#comment-form', false);
+    await evaluateTableInsertion(page, '#issuecomment-2', true);
+  }).toPass();
 });
 
 test('Markdown insert link', async ({page}) => {
-  const response = await page.goto('/user2/repo1/issues/new');
+  async function evaluateLinkInsertion(page: Page, selector: string, isEditing: boolean) {
+    const url = 'https://example.com';
+    const description = 'Where does this lead?';
+
+    let expectedContent = `[${description}](${url})`;
+
+    const area = page.locator(selector);
+
+    if (isEditing) {
+      // Preparations for evaluating comment editing
+      await area.locator('.context-dropdown').click();
+      await area.locator('.context-dropdown .edit-content').click();
+      expectedContent = `good work!${expectedContent}`;
+    }
+
+    const newLinkButton = area.locator('button[data-md-action="new-link"]');
+    await newLinkButton.click();
+
+    const newLinkModal = page.locator('[data-modal-name="new-markdown-link"].active');
+    await expect(newLinkModal).toBeVisible();
+    await accessibilityCheck({page}, ['[data-modal-name="new-markdown-link"].active'], [], []);
+    await screenshot(page);
+
+    const urlInput = newLinkModal.locator('input[name="link-url"]');
+    const descriptionInput = newLinkModal.locator('input[name="link-description"]');
+
+    await expect(urlInput).not.toHaveAttribute('disabled');
+    await expect(descriptionInput).not.toHaveAttribute('disabled');
+
+    await urlInput.fill(url);
+    await descriptionInput.fill(description);
+
+    await newLinkModal.locator('button[data-selector-name="ok-button"]').click();
+    await expect(newLinkModal).toBeHidden();
+
+    const textarea = area.locator('textarea[name=content]');
+    await expect(textarea).toHaveValue(expectedContent);
+    await screenshot(page);
+  }
+
+  const response = await page.goto('/user2/repo1/issues/1');
   expect(response?.status()).toBe(200);
 
-  const newLinkButton = page.locator('button[data-md-action="new-link"]');
-  await newLinkButton.click();
-
-  const newLinkModal = page.locator('div[data-markdown-link-modal-id="0"]');
-  await expect(newLinkModal).toBeVisible();
-  await accessibilityCheck({page}, ['[data-modal-name="new-markdown-link"]'], [], []);
-  await screenshot(page);
-
-  const url = 'https://example.com';
-  const description = 'Where does this lead?';
-
-  await newLinkModal.locator('input[name="link-url"]').fill(url);
-  await newLinkModal.locator('input[name="link-description"]').fill(description);
-
-  await newLinkModal.locator('button[data-selector-name="ok-button"]').click();
-
-  await expect(newLinkModal).toBeHidden();
-
-  const textarea = page.locator('textarea[name=content]');
-  await expect(textarea).toHaveValue(`[${description}](${url})`);
-  await screenshot(page);
+  await expect(async () => {
+    await evaluateLinkInsertion(page, '#comment-form', false);
+    await evaluateLinkInsertion(page, '#issuecomment-2', true);
+  }).toPass();
 });
 
 test('text expander has higher prio then prefix continuation', async ({page}) => {
diff --git a/tests/e2e/org-members.test.e2e.ts b/tests/e2e/org-members.test.e2e.ts
index 311ad0f7cc..b5cb9bd104 100644
--- a/tests/e2e/org-members.test.e2e.ts
+++ b/tests/e2e/org-members.test.e2e.ts
@@ -2,7 +2,8 @@
 // SPDX-License-Identifier: GPL-3.0-or-later
 
 // @watch start
-
+// web_src/css/org.css
+// templates/org/member/members.tmpl
 // @watch end
 
 import {expect} from '@playwright/test';
diff --git a/tests/e2e/switch.test.e2e.ts b/tests/e2e/switch.test.e2e.ts
index bc4922d198..8489ddb467 100644
--- a/tests/e2e/switch.test.e2e.ts
+++ b/tests/e2e/switch.test.e2e.ts
@@ -41,8 +41,6 @@ test.describe('Switch CSS properties', () => {
     }
 
     expect((await item.boundingBox()).height).toBeCloseTo(itemHeight);
-
-    return true;
   }
 
   const normalMargin = '0px';
@@ -60,21 +58,33 @@ test.describe('Switch CSS properties', () => {
 
     await page.goto('/user2/repo1/pulls');
 
-    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
-    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight)).toBeTruthy();
-    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
+    await expect(async () => {
+      await Promise.all([
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+      ]);
+    }).toPass();
 
     await page.goto('/user2/repo1/pulls?state=closed');
 
-    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, normalMargin, specialLeftMargin, normalPadding, specialPadding, itemHeight)).toBeTruthy();
-    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
-    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight)).toBeTruthy();
+    await expect(async () => {
+      await Promise.all([
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, normalMargin, specialLeftMargin, normalPadding, specialPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight),
+      ]);
+    }).toPass();
 
     await page.goto('/user2/repo1/pulls?state=all');
 
-    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
-    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, normalMargin, specialLeftMargin, normalPadding, specialPadding, itemHeight)).toBeTruthy();
-    expect(await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
+    await expect(async () => {
+      await Promise.all([
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, normalMargin, specialLeftMargin, normalPadding, specialPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+      ]);
+    }).toPass();
   });
 
   // Subtest for areas that can't be reached without JS
@@ -91,7 +101,11 @@ test.describe('Switch CSS properties', () => {
     // Markdown editor has a special rule for a shorter switch
     const itemHeight = 28;
 
-    expect(await evaluateSwitchItem(page, '.review-box-panel .switch > .item:nth-child(1)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight)).toBeTruthy();
-    expect(await evaluateSwitchItem(page, '.review-box-panel .switch > .item:nth-child(2)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight)).toBeTruthy();
+    await expect(async () => {
+      await Promise.all([
+        evaluateSwitchItem(page, '.review-box-panel .switch > .item:nth-child(1)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '.review-box-panel .switch > .item:nth-child(2)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight),
+      ]);
+    }).toPass();
   });
 });
diff --git a/web_src/js/features/common-global.js b/web_src/js/features/common-global.js
index 25df43a636..93a970caa0 100644
--- a/web_src/js/features/common-global.js
+++ b/web_src/js/features/common-global.js
@@ -206,10 +206,10 @@ export function initGlobalCommon() {
 }
 
 // Sometimes unrelated inputs are stored in forms for convenience, for example,
-// modal inputs. To prevent them from breaking the forms they are in they are
-// disabled by default
-export function initDisabledInputs() {
-  for (const el of document.querySelectorAll('input.js-enable[disabled]')) {
+// modal inputs. To prevent them from blocking the forms for noJS clients they
+// are disabled by default. TypeScript: root is HTMLElement
+export function initDisabledInputs(root) {
+  for (const el of root.querySelectorAll('input.js-enable[disabled]')) {
     el.removeAttribute('disabled');
   }
 }
diff --git a/web_src/js/features/repo-legacy.js b/web_src/js/features/repo-legacy.js
index 05766c6c78..4d2f25148c 100644
--- a/web_src/js/features/repo-legacy.js
+++ b/web_src/js/features/repo-legacy.js
@@ -27,7 +27,7 @@ import {attachRefIssueContextPopup} from './contextpopup.js';
 import {POST} from '../modules/fetch.js';
 import {MarkdownQuote} from '@github/quote-selection';
 import {toAbsoluteUrl} from '../utils.js';
-import {initDropzone, initGlobalShowModal} from './common-global.js';
+import {initDropzone, initGlobalShowModal, initDisabledInputs} from './common-global.js';
 
 export function initRepoCommentForm() {
   const $commentForm = $('.comment.form');
@@ -370,6 +370,7 @@ async function onEditContent(event) {
   comboMarkdownEditor = getComboMarkdownEditor(editContentZone.querySelector('.combo-markdown-editor'));
   if (!comboMarkdownEditor) {
     editContentZone.innerHTML = document.getElementById('issue-comment-editor-template').innerHTML;
+    initDisabledInputs(editContentZone);
     const dropzone = editContentZone.querySelector('.dropzone');
     if (!dropzone.dropzone) await initDropzone(dropzone, editContentZone);
     comboMarkdownEditor = await initComboMarkdownEditor(editContentZone.querySelector('.combo-markdown-editor'));
diff --git a/web_src/js/index.js b/web_src/js/index.js
index 37848d2d90..33c94d7e07 100644
--- a/web_src/js/index.js
+++ b/web_src/js/index.js
@@ -98,7 +98,7 @@ initDirAuto();
 onDomReady(() => {
   initGlobalCommon();
 
-  initDisabledInputs();
+  initDisabledInputs(document);
   initGlobalTooltips();
   initGlobalButtonClickOnEnter();
   initGlobalButtons();

From cfc8a6701abcf240dbed03c48aba1b7c93645b3f Mon Sep 17 00:00:00 2001
From: forgejo-renovate-action <forgejo-renovate-action@noreply.codeberg.org>
Date: Tue, 3 Mar 2026 02:33:46 +0100
Subject: [PATCH 398/854] Update dependency swagger-ui-dist to v5.31.1
 (forgejo) (#11374)

---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 7c747b635c..8795c5f2b7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -64,7 +64,7 @@
         "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
         "sortablejs": "1.15.7",
-        "swagger-ui-dist": "5.31.0",
+        "swagger-ui-dist": "5.31.2",
         "tailwindcss": "3.4.18",
         "throttle-debounce": "5.0.0",
         "tinycolor2": "1.6.0",
@@ -14675,9 +14675,9 @@
       }
     },
     "node_modules/swagger-ui-dist": {
-      "version": "5.31.0",
-      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.31.0.tgz",
-      "integrity": "sha512-zSUTIck02fSga6rc0RZP3b7J7wgHXwLea8ZjgLA3Vgnb8QeOl3Wou2/j5QkzSGeoz6HusP/coYuJl33aQxQZpg==",
+      "version": "5.31.2",
+      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.31.2.tgz",
+      "integrity": "sha512-uIoesCjDcxnAKj/C/HG5pjHZMQs2K/qmqpUlwLxxaVryGKlgm8Ri+VOza5xywAqf//pgg/hW16RYa6dDuTCOSg==",
       "license": "Apache-2.0",
       "dependencies": {
         "@scarf/scarf": "=1.4.0"
diff --git a/package.json b/package.json
index 8587455187..0d9575ee22 100644
--- a/package.json
+++ b/package.json
@@ -63,7 +63,7 @@
     "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",
     "sortablejs": "1.15.7",
-    "swagger-ui-dist": "5.31.0",
+    "swagger-ui-dist": "5.31.2",
     "tailwindcss": "3.4.18",
     "throttle-debounce": "5.0.0",
     "tinycolor2": "1.6.0",

From 3d6acf5e8c4c99ee191fbea958da5332ea785475 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 3 Mar 2026 17:55:35 +0100
Subject: [PATCH 399/854] ci: add `semgrep` detection for API code ignoring
 repo-specific access tokens (#11476)

This PR is part of a series (#11311).

Prevents the usage of three internal APIs in the web API code:
- `repo_model.SearchRepoOptions{}` without an `AuthorizationReducer`
- `organization.SearchTeamRepoOptions{}` without an `AuthorizationReducer`
- `access_model.GetUserRepoPermission()`, which doesn't take an `AuthorizationReducer` -- use `GetUserRepoPermissionWithReducer` instead.

A couple lingering usages are marked with `// nosemgrep: ...` as they have been inspected and considered correct as-is.

The `GetUserRepoPermission` is tested via the `.semgrep/tests` files; the other rules have been tested manually.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11476
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .semgrep/config/auth.yaml            | 78 ++++++++++++++++++++++++++++
 .semgrep/tests/auth.fixed.go         | 58 +++++++++++++++++++++
 .semgrep/tests/auth.go               | 58 +++++++++++++++++++++
 routers/api/packages/npm/npm.go      | 13 +++++
 routers/api/v1/repo/collaborators.go |  5 ++
 routers/api/v1/repo/fork.go          |  6 +++
 6 files changed, 218 insertions(+)
 create mode 100644 .semgrep/config/auth.yaml
 create mode 100644 .semgrep/tests/auth.fixed.go
 create mode 100644 .semgrep/tests/auth.go

diff --git a/.semgrep/config/auth.yaml b/.semgrep/config/auth.yaml
new file mode 100644
index 0000000000..fdd0a5cf72
--- /dev/null
+++ b/.semgrep/config/auth.yaml
@@ -0,0 +1,78 @@
+rules:
+  - id: forgejo-api-use-resource-SearchRepoOptions
+    patterns:
+      - pattern: |
+          repo_model.SearchRepoOptions{...}
+      - pattern-not: |
+          repo_model.SearchRepoOptions{
+            ...,
+            AuthorizationReducer: ctx.Reducer,
+            ...
+          }
+    languages:
+      - go
+    message: >
+      SearchRepoOptions does not take into account fine-grained access token limitations.  Include the
+      AuthorizationReducer field.
+    severity: ERROR
+    paths:
+      include:
+        - "/routers/api/**/*.go"
+
+  - id: forgejo-api-use-resource-SearchRepoOptions
+    patterns:
+      - pattern: |
+          organization.SearchTeamRepoOptions{...}
+      - pattern-not: |
+          organization.SearchTeamRepoOptions{
+            ...,
+            AuthorizationReducer: ctx.Reducer,
+            ...
+          }
+    languages:
+      - go
+    message: >
+      SearchTeamRepoOptions does not take into account fine-grained access token limitations.  Include the
+      AuthorizationReducer field.
+    severity: ERROR
+    paths:
+      include:
+        - "/routers/api/**/*.go"
+
+  - id: forgejo-api-use-resource-GetUserRepoPermission
+    patterns:
+      - pattern: |
+          $X.GetUserRepoPermission($CTX, $REPO, $DOER)
+      - metavariable-type:
+          metavariable: $CTX
+          types:
+            - "*context.APIContext"
+    languages:
+      - go
+    message: >
+      GetUserRepoPermission does not take into account fine-grained access token limitations.  Use
+      GetUserRepoPermissionWithReducer.
+    fix: |
+      $X.GetUserRepoPermissionWithReducer($CTX, $REPO, $DOER, $CTX.Reducer)
+    severity: ERROR
+
+  - id: forgejo-api-suspicious-GetUserRepoPermission
+    patterns:
+      - pattern: $X.GetUserRepoPermission($CTX, $REPO, $DOER)
+      - pattern-not: # don't match if identical to forgejo-api-use-resource-GetUserRepoPermission
+          patterns:
+          - pattern: |
+              $X.GetUserRepoPermission($CTX, $REPO, $DOER)
+          - metavariable-type:
+              metavariable: $CTX
+              types:
+                - "*context.APIContext"
+    languages:
+      - go
+    message: >
+      API code is accessing GetUserRepoPermission which does not take into account fine-grained access token
+      limitations.  Should this use GetUserRepoPermissionWithReducer?
+    severity: ERROR
+    paths:
+      include:
+        - "/routers/api/**/*.go"
diff --git a/.semgrep/tests/auth.fixed.go b/.semgrep/tests/auth.fixed.go
new file mode 100644
index 0000000000..99703b2005
--- /dev/null
+++ b/.semgrep/tests/auth.fixed.go
@@ -0,0 +1,58 @@
+// Copyright 2016 The Gogs Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	"forgejo.org/models/db"
+	access_model "forgejo.org/models/perm/access"
+	repo_model "forgejo.org/models/repo"
+	api "forgejo.org/modules/structs"
+	"forgejo.org/routers/api/v1/utils"
+	"forgejo.org/services/context"
+	"forgejo.org/services/convert"
+)
+
+// ListForks list a repository's forks
+func ListForks(ctx *context.APIContext) {
+	forks, total, err := repo_model.GetForks(ctx, ctx.Repo.Repository, ctx.Doer, utils.GetListOptions(ctx))
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "GetForks", err)
+		return
+	}
+	apiForks := make([]*api.Repository, len(forks))
+	for i, fork := range forks {
+		// ruleid:forgejo-api-use-resource-GetUserRepoPermission
+		permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, fork, ctx.Doer, ctx.Reducer)
+		// ok:forgejo-api-use-resource-GetUserRepoPermission
+		permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, fork, ctx.Doer, ctx.Reducer)
+		if err != nil {
+			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
+			return
+		}
+		apiForks[i] = convert.ToRepo(ctx, fork, permission)
+	}
+}
+
+// getStarredRepos returns the repos that the user with the specified userID has
+// starred
+func getStarredRepos(ctx std_context.Context, user *user_model.User, private bool, listOptions db.ListOptions) ([]*api.Repository, error) {
+	starredRepos, err := repo_model.GetStarredRepos(ctx, user.ID, private, listOptions)
+	if err != nil {
+		return nil, err
+	}
+
+	repos := make([]*api.Repository, len(starredRepos))
+	for i, starred := range starredRepos {
+		// ruleid:forgejo-api-suspicious-GetUserRepoPermission
+		permission, err := access_model.GetUserRepoPermission(ctx, starred, user)
+		if err != nil {
+			return nil, err
+		}
+		repos[i] = convert.ToRepo(ctx, starred, permission)
+	}
+	return repos, nil
+}
diff --git a/.semgrep/tests/auth.go b/.semgrep/tests/auth.go
new file mode 100644
index 0000000000..686dc5f9f7
--- /dev/null
+++ b/.semgrep/tests/auth.go
@@ -0,0 +1,58 @@
+// Copyright 2016 The Gogs Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	"forgejo.org/models/db"
+	access_model "forgejo.org/models/perm/access"
+	repo_model "forgejo.org/models/repo"
+	api "forgejo.org/modules/structs"
+	"forgejo.org/routers/api/v1/utils"
+	"forgejo.org/services/context"
+	"forgejo.org/services/convert"
+)
+
+// ListForks list a repository's forks
+func ListForks(ctx *context.APIContext) {
+	forks, total, err := repo_model.GetForks(ctx, ctx.Repo.Repository, ctx.Doer, utils.GetListOptions(ctx))
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "GetForks", err)
+		return
+	}
+	apiForks := make([]*api.Repository, len(forks))
+	for i, fork := range forks {
+		// ruleid:forgejo-api-use-resource-GetUserRepoPermission
+		permission, err := access_model.GetUserRepoPermission(ctx, fork, ctx.Doer)
+		// ok:forgejo-api-use-resource-GetUserRepoPermission
+		permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, fork, ctx.Doer, ctx.Reducer)
+		if err != nil {
+			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
+			return
+		}
+		apiForks[i] = convert.ToRepo(ctx, fork, permission)
+	}
+}
+
+// getStarredRepos returns the repos that the user with the specified userID has
+// starred
+func getStarredRepos(ctx std_context.Context, user *user_model.User, private bool, listOptions db.ListOptions) ([]*api.Repository, error) {
+	starredRepos, err := repo_model.GetStarredRepos(ctx, user.ID, private, listOptions)
+	if err != nil {
+		return nil, err
+	}
+
+	repos := make([]*api.Repository, len(starredRepos))
+	for i, starred := range starredRepos {
+		// ruleid:forgejo-api-suspicious-GetUserRepoPermission
+		permission, err := access_model.GetUserRepoPermission(ctx, starred, user)
+		if err != nil {
+			return nil, err
+		}
+		repos[i] = convert.ToRepo(ctx, starred, permission)
+	}
+	return repos, nil
+}
diff --git a/routers/api/packages/npm/npm.go b/routers/api/packages/npm/npm.go
index bf9d247b30..c7313e78c0 100644
--- a/routers/api/packages/npm/npm.go
+++ b/routers/api/packages/npm/npm.go
@@ -168,6 +168,19 @@ func UploadPackage(ctx *context.Context) {
 		canWrite := repo.OwnerID == ctx.Doer.ID
 
 		if !canWrite {
+			// GetUserRepoPermission is used, which doesn't take into account any `AuthorizationReducer` from access
+			// tokens.  At present, `AuthorizationReducer` only provides capabilities to implement repo-specific access
+			// tokens.  It is not possible to create a repo-specific access token with the `package:write` scope, and
+			// that scope is required to call this API, so implementing `AuthorizationReducer` is not necessary here.
+			//
+			// This access check would need revision if either: package-specific access tokens were created, or,
+			// `package:write` scope was permitted on a repo-specific access token.
+			//
+			// (Because package APIs doesn't take use an `APIContext`, we don't have access to a reducer to provide to
+			// GetUserRepoPermissionWithReducer, otherwise we'd just do it and not spend so much time describing why we
+			// don't have to.)
+			//
+			// nosemgrep: forgejo-api-suspicious-GetUserRepoPermission
 			perms, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
 			if err != nil {
 				apiError(ctx, http.StatusInternalServerError, err)
diff --git a/routers/api/v1/repo/collaborators.go b/routers/api/v1/repo/collaborators.go
index 3ef7721ef5..eae25d75d7 100644
--- a/routers/api/v1/repo/collaborators.go
+++ b/routers/api/v1/repo/collaborators.go
@@ -301,6 +301,11 @@ func GetRepoPermissions(ctx *context.APIContext) {
 		return
 	}
 
+	// GetUserRepoPermission is used which doesn't take into account fine-grained access token's permissions, but that's
+	// appropriate in this rare case because we're trying to load the collaborator's permissions, not the access token's
+	// permissions.
+	//
+	// nosemgrep: forgejo-api-use-resource-GetUserRepoPermission
 	permission, err := access_model.GetUserRepoPermission(ctx, ctx.Repo.Repository, collaborator)
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)
diff --git a/routers/api/v1/repo/fork.go b/routers/api/v1/repo/fork.go
index edb85cf54f..49093579b4 100644
--- a/routers/api/v1/repo/fork.go
+++ b/routers/api/v1/repo/fork.go
@@ -63,6 +63,12 @@ func ListForks(ctx *context.APIContext) {
 	}
 	apiForks := make([]*api.Repository, len(forks))
 	for i, fork := range forks {
+		// GetUserRepoPermission is used which doesn't take into account fine-grained access token's permissions. A fork
+		// cannot have a different visibility than the original repo. It makes sense that if you can view a `ctx.Repo`
+		// (guaranteed by the `repoAssignment` middleware used on the API endpoint), you can view the forks of that
+		// repo.
+		//
+		// nosemgrep: forgejo-api-use-resource-GetUserRepoPermission
 		permission, err := access_model.GetUserRepoPermission(ctx, fork, ctx.Doer)
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err)

From a0d6970442c94a91cbcc6307fa6e422592b37b61 Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Tue, 3 Mar 2026 21:36:14 +0100
Subject: [PATCH 400/854] fix: prevent panic on gitlab import (releases/issues)
 (#11282)

It is unfortunately all mixed up, because refreshing the data, means breaking the tests. And changing the code means needing fresh data.

- tests: ignore some more headers and sort the rest when dumping http responses
- code: fixed #10234 by requesting the latest issues first.
- tests: created a new repo to replace the disappeared repo, needed for the skip-numbers test
- refreshed the testdata.
- follow-up fixes to get the tests green.
- including a cherry-pick of https://github.com/go-gitea/gitea/pull/36295 and #11272

Co-authored-by: Joakim Olsson <joakim@unbound.se>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11282
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: patdyn <patdyn@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
---
 models/unittest/mock_http.go                  |   8 +-
 modules/migration/release.go                  |   6 +-
 release-notes/11282.md                        |   3 +
 services/migrations/github.go                 |   1 -
 services/migrations/github_test.go            |   2 -
 services/migrations/gitlab.go                 |  64 ++----
 services/migrations/gitlab_test.go            | 195 ++++++++++++------
 services/migrations/main_test.go              |  18 +-
 .../GET_%2Fapi%2Fv4%2Fprojects%2F61363672     |  27 ++-
 ...sues%2F1%2Faward_emoji%3Fpage=1&per_page=2 |  30 ---
 ...sues%2F1%2Faward_emoji%3Fpage=1&per_page=3 |  45 ++--
 ...sues%2F1%2Faward_emoji%3Fpage=2&per_page=2 |  32 ---
 ...sues%2F2%2Faward_emoji%3Fpage=1&per_page=2 |  30 ---
 ...sues%2F2%2Faward_emoji%3Fpage=1&per_page=3 |  39 ++--
 ...sues%2F2%2Faward_emoji%3Fpage=2&per_page=2 |  30 ---
 ...sues%2F2%2Faward_emoji%3Fpage=2&per_page=3 |  47 ++---
 ...sues%2F2%2Faward_emoji%3Fpage=3&per_page=2 |  30 ---
 ...sues%2F2%2Faward_emoji%3Fpage=3&per_page=3 |  39 ++--
 ...sues%2F2%2Faward_emoji%3Fpage=4&per_page=2 |  32 ---
 ...es%2F2%2Fdiscussions%3Fpage=1&per_page=100 |  49 +++--
 ...esource_state_events%3Fpage=1&per_page=100 |  45 ++--
 ...sues%2F3%2Faward_emoji%3Fpage=1&per_page=3 |  43 ++--
 ...es%2F3%2Fdiscussions%3Fpage=1&per_page=100 |  45 ++--
 ...esource_state_events%3Fpage=1&per_page=100 |  45 ++--
 ...sues%2F4%2Faward_emoji%3Fpage=1&per_page=3 |  29 +++
 ...d_at&page=1&per_page=3&sort=desc&state=all |  27 +++
 ...d_at&page=2&per_page=3&sort=desc&state=all |  27 +++
 ...ues%3Fpage=1&per_page=2&sort=asc&state=all |  30 ---
 ...ues%3Fpage=1&per_page=3&sort=asc&state=all |  30 ---
 ...%2F61363672%2Flabels%3Fpage=1&per_page=100 |  51 +++--
 ...2Fprojects%2F61363672%2Fmerge_requests%2F1 |  35 ++--
 ...F61363672%2Fmerge_requests%2F1%2Fapprovals |  31 ++-
 ...ests%2F1%2Faward_emoji%3Fpage=1&per_page=1 |  30 ---
 ...ests%2F1%2Faward_emoji%3Fpage=1&per_page=2 |  47 ++---
 ...ests%2F1%2Faward_emoji%3Fpage=2&per_page=1 |  30 ---
 ...ests%2F1%2Faward_emoji%3Fpage=2&per_page=2 |  49 +++--
 ...ests%2F1%2Faward_emoji%3Fpage=3&per_page=1 |  32 ---
 ...2Fprojects%2F61363672%2Fmerge_requests%2F2 |  35 ++--
 ...F61363672%2Fmerge_requests%2F2%2Fapprovals |  16 --
 ...ests%2F2%2Faward_emoji%3Fpage=1&per_page=1 |  32 ---
 ...ests%2F2%2Faward_emoji%3Fpage=1&per_page=2 |  39 ++--
 ...ts%2F2%2Fdiscussions%3Fpage=1&per_page=100 |  39 ++--
 ...esource_state_events%3Fpage=1&per_page=100 |  51 +++--
 ...e_requests%3Fpage=1&per_page=1&view=simple |  30 ---
 ...e_requests%3Fpage=1&per_page=2&view=simple |  41 ++--
 ...milestones%3Fpage=1&per_page=100&state=all |  41 ++--
 ...F61363672%2Freleases%3Fpage=1&per_page=100 |  33 ++-
 ...pi%2Fv4%2Fprojects%2Fforgejo%252Ftest_repo |  31 ++-
 ...Fapi%2Fv4%2Fprojects%2Fgitea%252Ftest_repo |  17 --
 .../full_download/GET_%2Fapi%2Fv4%2Fversion   |  33 ++-
 .../GET_%2Fapi%2Fv4%2Fprojects%2F6590996      |  22 --
 ...ues%2F2%2Faward_emoji%3Fpage=1&per_page=10 |  31 ---
 ...es%3Fpage=1&per_page=10&sort=asc&state=all |  29 ---
 ...%2Fprojects%2F6590996%2Fmerge_requests%2F1 |  22 --
 ...sts%2F1%2Faward_emoji%3Fpage=1&per_page=10 |  31 ---
 ..._requests%3Fpage=1&per_page=10&view=simple |  29 ---
 .../GET_%2Fapi%2Fv4%2Fprojects%2F79476606     |  20 ++
 ...ues%2F2%2Faward_emoji%3Fpage=1&per_page=10 |  29 +++
 ..._at&page=1&per_page=10&sort=desc&state=all |  27 +++
 ...2Fprojects%2F79476606%2Fmerge_requests%2F1 |  20 ++
 ...sts%2F1%2Faward_emoji%3Fpage=1&per_page=10 |  29 +++
 ..._requests%3Fpage=1&per_page=10&view=simple |  27 +++
 ...ts%2Fforgejo%252Ftest_repo-skipped-numbers |  20 ++
 ...%2Fv4%2Fprojects%2Ftroyengel%252Farchbuild |  22 --
 .../GET_%2Fapi%2Fv4%2Fversion                 |  36 ++--
 65 files changed, 908 insertions(+), 1277 deletions(-)
 create mode 100644 release-notes/11282.md
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=1&per_page=2
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=2&per_page=2
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=2
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=2&per_page=2
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=3&per_page=2
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=4&per_page=2
 create mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F4%2Faward_emoji%3Fpage=1&per_page=3
 create mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Forder_by=created_at&page=1&per_page=3&sort=desc&state=all
 create mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Forder_by=created_at&page=2&per_page=3&sort=desc&state=all
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Fpage=1&per_page=2&sort=asc&state=all
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Fpage=1&per_page=3&sort=asc&state=all
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=1
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=2&per_page=1
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=3&per_page=1
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fapprovals
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Faward_emoji%3Fpage=1&per_page=1
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%3Fpage=1&per_page=1&view=simple
 delete mode 100644 services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2Fgitea%252Ftest_repo
 delete mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996
 delete mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=10
 delete mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fissues%3Fpage=1&per_page=10&sort=asc&state=all
 delete mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%2F1
 delete mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=10
 delete mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%3Fpage=1&per_page=10&view=simple
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=10
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fissues%3Forder_by=created_at&page=1&per_page=10&sort=desc&state=all
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%2F1
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=10
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%3Fpage=1&per_page=10&view=simple
 create mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2Fforgejo%252Ftest_repo-skipped-numbers
 delete mode 100644 services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2Ftroyengel%252Farchbuild

diff --git a/models/unittest/mock_http.go b/models/unittest/mock_http.go
index 3c4ddd8e27..b8413104b3 100644
--- a/models/unittest/mock_http.go
+++ b/models/unittest/mock_http.go
@@ -7,6 +7,7 @@ import (
 	"bufio"
 	"fmt"
 	"io"
+	"maps"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -29,7 +30,7 @@ import (
 //     test data files
 func NewMockWebServer(t *testing.T, liveServerBaseURL, testDataDir string, liveMode bool) *httptest.Server {
 	mockServerBaseURL := ""
-	ignoredHeaders := []string{"cf-ray", "server", "date", "report-to", "nel", "x-request-id"}
+	ignoredHeaders := []string{"cf-ray", "server", "date", "report-to", "nel", "x-request-id", "set-cookie", "x-gitlab-meta"}
 
 	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		path := NormalizedFullPath(r.URL)
@@ -46,6 +47,7 @@ func NewMockWebServer(t *testing.T, liveServerBaseURL, testDataDir string, liveM
 			fixturePath = fmt.Sprintf("%s/%s", testDataDir, strings.TrimLeft(r.URL.Path, "/"))
 		}
 		if liveMode {
+			require.NoError(t, os.MkdirAll(testDataDir, 0o755))
 			liveURL := fmt.Sprintf("%s%s", liveServerBaseURL, path)
 
 			request, err := http.NewRequest(r.Method, liveURL, nil)
@@ -68,8 +70,8 @@ func NewMockWebServer(t *testing.T, liveServerBaseURL, testDataDir string, liveM
 			defer fixture.Close()
 			fixtureWriter := bufio.NewWriter(fixture)
 
-			for headerName, headerValues := range response.Header {
-				for _, headerValue := range headerValues {
+			for _, headerName := range slices.Sorted(maps.Keys(response.Header)) {
+				for _, headerValue := range response.Header[headerName] {
 					if !slices.Contains(ignoredHeaders, strings.ToLower(headerName)) {
 						_, err := fmt.Fprintf(fixtureWriter, "%s: %s\n", headerName, headerValue)
 						require.NoError(t, err, "writing the header of the HTTP response to the fixture file failed")
diff --git a/modules/migration/release.go b/modules/migration/release.go
index f92cf25e7b..1d9f32ad3c 100644
--- a/modules/migration/release.go
+++ b/modules/migration/release.go
@@ -10,9 +10,9 @@ import (
 
 // ReleaseAsset represents a release asset
 type ReleaseAsset struct {
-	ID            int64
-	Name          string
-	ContentType   *string `yaml:"content_type"`
+	ID   int64
+	Name string
+
 	Size          *int
 	DownloadCount *int `yaml:"download_count"`
 	Created       time.Time
diff --git a/release-notes/11282.md b/release-notes/11282.md
new file mode 100644
index 0000000000..be91c77bff
--- /dev/null
+++ b/release-notes/11282.md
@@ -0,0 +1,3 @@
+fix: prevent panic when importing issues from GitLab
+fix: prevent panic when importing releases with more than 4 release assets from GitLab
+fix: correct re-mapping of merge-request numbers mentioned in GitLab comments
diff --git a/services/migrations/github.go b/services/migrations/github.go
index 04cbd690cf..ed419ed444 100644
--- a/services/migrations/github.go
+++ b/services/migrations/github.go
@@ -352,7 +352,6 @@ func (g *GithubDownloaderV3) convertGithubRelease(rel *github.RepositoryRelease)
 		r.Assets = append(r.Assets, &base.ReleaseAsset{
 			ID:            asset.GetID(),
 			Name:          asset.GetName(),
-			ContentType:   asset.ContentType,
 			Size:          asset.Size,
 			DownloadCount: asset.DownloadCount,
 			Created:       asset.CreatedAt.Time,
diff --git a/services/migrations/github_test.go b/services/migrations/github_test.go
index cf7c1d2958..29a78f53fc 100644
--- a/services/migrations/github_test.go
+++ b/services/migrations/github_test.go
@@ -236,7 +236,6 @@ func TestGitHubDownloadRepo(t *testing.T) {
 	}, labels)
 
 	id := int64(280443629)
-	ct := "application/pdf"
 	size := 550175
 	dc := 0
 
@@ -256,7 +255,6 @@ func TestGitHubDownloadRepo(t *testing.T) {
 				{
 					ID:            id,
 					Name:          "wireguard.pdf",
-					ContentType:   &ct,
 					Size:          &size,
 					DownloadCount: &dc,
 					Created:       time.Date(2025, time.August, 7, 23, 39, 27, 0, time.UTC),
diff --git a/services/migrations/gitlab.go b/services/migrations/gitlab.go
index b58046c4fc..53d3ab7490 100644
--- a/services/migrations/gitlab.go
+++ b/services/migrations/gitlab.go
@@ -65,10 +65,13 @@ type gitlabIIDResolver struct {
 }
 
 func (r *gitlabIIDResolver) recordIssueIID(issueIID int) {
-	if r.frozen {
-		panic("cannot record issue IID after pull request IID generation has started")
+	if int64(issueIID) <= r.maxIssueIID {
+		return
 	}
-	r.maxIssueIID = max(r.maxIssueIID, int64(issueIID))
+	if r.frozen {
+		panic("cannot record bigger issue IID after pull request IID generation has started")
+	}
+	r.maxIssueIID = int64(issueIID)
 }
 
 func (r *gitlabIIDResolver) generatePullRequestNumber(mrIID int) int64 {
@@ -332,12 +335,11 @@ func (g *GitlabDownloader) convertGitlabRelease(rel *gitlab.Release) *base.Relea
 
 	httpClient := NewMigrationHTTPClient()
 
-	for k, asset := range rel.Assets.Links {
+	for _, asset := range rel.Assets.Links {
 		assetID := asset.ID // Don't optimize this, for closure we need a local variable
 		r.Assets = append(r.Assets, &base.ReleaseAsset{
 			ID:            int64(asset.ID),
 			Name:          asset.Name,
-			ContentType:   &rel.Assets.Sources[k].Format,
 			Size:          &zero,
 			DownloadCount: &zero,
 			DownloadFunc: func() (io.ReadCloser, error) {
@@ -403,15 +405,18 @@ type gitlabIssueContext struct {
 //	Note: issue label description and colors are not supported by the go-gitlab library at this time
 func (g *GitlabDownloader) GetIssues(page, perPage int) ([]*base.Issue, bool, error) {
 	state := "all"
-	sort := "asc"
+	// we want most recent issues first, to get the biggest issue IID immediately
+	sort := "desc"
+	orderBy := "created_at"
 
 	if perPage > g.maxPerPage {
 		perPage = g.maxPerPage
 	}
 
 	opt := &gitlab.ListProjectIssuesOptions{
-		State: &state,
-		Sort:  &sort,
+		State:   &state,
+		Sort:    &sort,
+		OrderBy: &orderBy,
 		ListOptions: gitlab.ListOptions{
 			PerPage: perPage,
 			Page:    page,
@@ -795,39 +800,14 @@ func (g *GitlabDownloader) awardsToReactions(awards []*gitlab.AwardEmoji) []*bas
 	return result
 }
 
-// Build on the assumption, that PR IDs will resolve after Issue IDs
-func (g *GitlabDownloader) convertMRReference(body string) string {
-	maxLength := len(body)
-	for i := 0; i < maxLength; i++ {
-		if body[i] == '!' {
-			var collected string
-			for k := i + 1; k < maxLength; k++ { // for each rune after ! check if next rune is integer
-				if body[k]-'0' <= 9 {
-					collected += string(body[k])
-					if k == maxLength-1 { // The last rune in the string was an integer
-						body = g.updateAndInsert(body, collected, i+1, k)
-					}
-				} else if len(collected) > 0 { // Integers have been collected, update value
-					body = g.updateAndInsert(body, collected, i+1, k)
-					maxLength = len(body)
-					i = k
-					break // We're done, continue after our replacement
-				}
-			}
-		}
-	}
-	return body
-}
+var mrFinder = regexp.MustCompile(`![0-9]+`)
 
-func (g *GitlabDownloader) updateAndInsert(description, oldReference string, endFirst, startSecond int) string {
-	oldVal, _ := strconv.Atoi(oldReference)
-	newVal := oldVal + int(g.iidResolver.maxIssueIID)
-	firstPart := description[0:endFirst]
-	firstPart += strconv.Itoa(newVal)
-	var secondPart string
-	if startSecond < len(description)-1 {
-		secondPart = description[startSecond:]
-	}
-	description = firstPart + secondPart
-	return description
+// In gitlab, issues and merge-request have split numbering
+// Adjust the merge-request numbers (preserve the issue numbers)
+func (g *GitlabDownloader) convertMRReference(body string) string {
+	return mrFinder.ReplaceAllStringFunc(body, func(s string) string {
+		oldVal, _ := strconv.Atoi(s[1:]) // skip the leading exclamation mark
+		newVal := g.iidResolver.generatePullRequestNumber(oldVal)
+		return "!" + strconv.FormatInt(newVal, 10)
+	})
 }
diff --git a/services/migrations/gitlab_test.go b/services/migrations/gitlab_test.go
index 2a1ecc1c9f..37fdea9475 100644
--- a/services/migrations/gitlab_test.go
+++ b/services/migrations/gitlab_test.go
@@ -48,8 +48,8 @@ func TestGitlabDownloadRepo(t *testing.T) {
 
 	topics, err := downloader.GetTopics()
 	require.NoError(t, err)
-	assert.Len(t, topics, 2)
-	assert.Equal(t, []string{"migration", "test"}, topics)
+	assert.Len(t, topics, 3)
+	assert.Equal(t, []string{"migration", "migration test", "test"}, topics)
 
 	milestones, err := downloader.GetMilestones()
 	require.NoError(t, err)
@@ -123,6 +123,10 @@ func TestGitlabDownloadRepo(t *testing.T) {
 
 	releases, err := downloader.GetReleases()
 	require.NoError(t, err)
+	// TODO: fix size, currently reported as 0
+	// See https://codeberg.org/forgejo/forgejo/issues/11471
+	size := 0
+	dc := 0
 	assertReleasesEqual(t, []*base.Release{
 		{
 			TagName:         "v0.9.99",
@@ -132,6 +136,50 @@ func TestGitlabDownloadRepo(t *testing.T) {
 			Created:         time.Date(2024, 9, 3, 15, 1, 1, 513000000, time.UTC),
 			PublisherID:     548513,
 			PublisherName:   "mkobel",
+			Assets: []*base.ReleaseAsset{
+				{
+					ID:            10694714,
+					Name:          "Forgejo logo",
+					Size:          &size,
+					DownloadCount: &dc,
+				},
+				{
+					// TODO: fix name or URL, doesn't make sense to download without extension
+					// See https://codeberg.org/forgejo/forgejo/issues/11471
+					ID:            10687293,
+					Name:          "zip (other)",
+					Size:          &size,
+					DownloadCount: &dc,
+					// TODO: fix date, currently time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)
+					// See https://codeberg.org/forgejo/forgejo/issues/11471
+					// Created:       time.Date(2025, time.August, 7, 23, 39, 27, 0, time.UTC),
+					// Updated:       time.Date(2025, time.August, 7, 23, 39, 29, 0, time.UTC),
+				},
+				{
+					ID:            10687292,
+					Name:          "Forgejo",
+					Size:          &size,
+					DownloadCount: &dc,
+				},
+				{
+					ID:            10687291,
+					Name:          "Frogejo 🐸",
+					Size:          &size,
+					DownloadCount: &dc,
+				},
+				{
+					ID:            10687290,
+					Name:          "tar.bz2 (runbook)",
+					Size:          &size,
+					DownloadCount: &dc,
+				},
+				{
+					ID:            10687289,
+					Name:          "tar.gz (package)",
+					Size:          &size,
+					DownloadCount: &dc,
+				},
+			},
 		},
 	}, releases)
 
@@ -140,36 +188,30 @@ func TestGitlabDownloadRepo(t *testing.T) {
 	assert.False(t, isEnd)
 	assertIssuesEqual(t, []*base.Issue{
 		{
-			Number:     1,
-			Title:      "Please add an animated gif icon to the merge button",
-			Content:    "I just want the merge button to hurt my eyes a little. :stuck_out_tongue_closed_eyes:",
-			Milestone:  "1.0.0",
-			PosterID:   548513,
-			PosterName: "mkobel",
-			State:      "closed",
-			Created:    time.Date(2024, 9, 3, 14, 42, 34, 924000000, time.UTC),
-			Updated:    time.Date(2024, 9, 3, 14, 48, 43, 756000000, time.UTC),
-			Labels: []*base.Label{
-				{
-					Name: "bug",
-				},
-				{
-					Name: "discussion",
-				},
-			},
-			Reactions: []*base.Reaction{
-				{
-					UserID:   548513,
-					UserName: "mkobel",
-					Content:  "thumbsup",
-				},
-				{
-					UserID:   548513,
-					UserName: "mkobel",
-					Content:  "open_mouth",
-				},
-			},
-			Closed: timePtr(time.Date(2024, 9, 3, 14, 43, 10, 708000000, time.UTC)),
+			Number:     4,
+			Title:      "Missing \"migration_test\" and \"migration_test_migration_test_migration_test\" topic",
+			Content:    "This is required for https://codeberg.org/forgejo/forgejo/pulls/10336.",
+			Milestone:  "",
+			PosterID:   29018602,
+			PosterName: "amadaluzia",
+			State:      "opened",
+			Created:    time.Date(2025, time.December, 6, 14, 2, 59, 995000000, time.UTC),
+			Updated:    time.Date(2025, time.December, 6, 15, 4, 37, 324000000, time.UTC),
+			Labels:     []*base.Label{},
+			Reactions:  []*base.Reaction{},
+		},
+		{
+			Number:     3,
+			Title:      "Fix plz",
+			Content:    "Can we do something about it? !6 is maybe related to that.", // was "!2" on gitlab, now !6 on forgejo
+			Milestone:  "",
+			PosterID:   10529876,
+			PosterName: "patdyn",
+			State:      "opened",
+			Created:    time.Date(2025, time.November, 25, 9, 49, 31, 991000000, time.UTC),
+			Updated:    time.Date(2025, time.November, 25, 9, 49, 31, 991000000, time.UTC),
+			Labels:     []*base.Label{},
+			Reactions:  []*base.Reaction{},
 		},
 		{
 			Number:     2,
@@ -180,7 +222,7 @@ func TestGitlabDownloadRepo(t *testing.T) {
 			PosterName: "mkobel",
 			State:      "closed",
 			Created:    time.Date(2024, 9, 3, 14, 42, 35, 371000000, time.UTC),
-			Updated:    time.Date(2024, 9, 3, 20, 3, 43, 536000000, time.UTC),
+			Updated:    time.Date(2026, 2, 13, 20, 46, 11, 889000000, time.UTC),
 			Labels: []*base.Label{
 				{
 					Name: "duplicate",
@@ -220,18 +262,42 @@ func TestGitlabDownloadRepo(t *testing.T) {
 			},
 			Closed: timePtr(time.Date(2024, 9, 3, 14, 43, 10, 906000000, time.UTC)),
 		},
+	}, issues)
+	issues, isEnd, err = downloader.GetIssues(2, 3)
+	require.NoError(t, err)
+	assert.True(t, isEnd)
+	assertIssuesEqual(t, []*base.Issue{
 		{
-			Number:     3,
-			Title:      "Fix plz",
-			Content:    "Can we do something about it? !5 is maybe related to that.",
-			Milestone:  "",
-			PosterID:   10529876,
-			PosterName: "patdyn",
-			State:      "opened",
-			Created:    time.Date(2025, time.November, 25, 9, 49, 31, 991000000, time.UTC),
-			Updated:    time.Date(2025, time.November, 25, 9, 49, 31, 991000000, time.UTC),
-			Labels:     []*base.Label{},
-			Reactions:  []*base.Reaction{},
+			Number:     1,
+			Title:      "Please add an animated gif icon to the merge button",
+			Content:    "I just want the merge button to hurt my eyes a little. :stuck_out_tongue_closed_eyes:",
+			Milestone:  "1.0.0",
+			PosterID:   548513,
+			PosterName: "mkobel",
+			State:      "closed",
+			Created:    time.Date(2024, 9, 3, 14, 42, 34, 924000000, time.UTC),
+			Updated:    time.Date(2024, 9, 3, 14, 48, 43, 756000000, time.UTC),
+			Labels: []*base.Label{
+				{
+					Name: "bug",
+				},
+				{
+					Name: "discussion",
+				},
+			},
+			Reactions: []*base.Reaction{
+				{
+					UserID:   548513,
+					UserName: "mkobel",
+					Content:  "thumbsup",
+				},
+				{
+					UserID:   548513,
+					UserName: "mkobel",
+					Content:  "open_mouth",
+				},
+			},
+			Closed: timePtr(time.Date(2024, 9, 3, 14, 43, 10, 708000000, time.UTC)),
 		},
 	}, issues)
 
@@ -258,6 +324,15 @@ func TestGitlabDownloadRepo(t *testing.T) {
 			Content:    "A second comment",
 			Reactions:  nil,
 		},
+		{
+			IssueIndex:  2,
+			PosterID:    2005797,
+			PosterName:  "oliverpool",
+			Created:     time.Date(2026, 2, 13, 20, 46, 11, 841000000, time.UTC),
+			Content:     "with an image ![image](/uploads/3756af8a4893bea08b99536df000e932/image.png){width=217 height=280}",
+			Reactions:   nil,
+			CommentType: "close",
+		},
 		{
 			IssueIndex:  2,
 			PosterID:    548513,
@@ -281,7 +356,7 @@ func TestGitlabDownloadRepo(t *testing.T) {
 			PosterID:   10529876,
 			PosterName: "patdyn",
 			Created:    time.Date(2025, time.November, 25, 9, 49, 50, 899000000, time.UTC),
-			Content:    "No actually its !4",
+			Content:    "No actually its !5",
 			Reactions:  nil,
 		},
 	}, comments)
@@ -298,7 +373,7 @@ func TestGitlabDownloadRepo(t *testing.T) {
 			PosterID:   10529876,
 			PosterName: "patdyn",
 			Created:    time.Date(2025, time.November, 25, 9, 49, 0, 750000000, time.UTC),
-			Content:    "Although we had some trouble with !4",
+			Content:    "Although we had some trouble with !5.",
 			Reactions:  nil,
 		},
 		{
@@ -315,9 +390,9 @@ func TestGitlabDownloadRepo(t *testing.T) {
 	require.NoError(t, err)
 	assertPullRequestsEqual(t, []*base.PullRequest{
 		{
-			Number:     5,
+			Number:     6,
 			Title:      "Test/parsing",
-			Content:    "Simillar to !4 this solves an issue.",
+			Content:    "Simillar to !5 this solves an issue.",
 			Milestone:  "",
 			PosterID:   10529876,
 			PosterName: "patdyn",
@@ -347,7 +422,7 @@ func TestGitlabDownloadRepo(t *testing.T) {
 			Context:        gitlabIssueContext{IsMergeRequest: true},
 		},
 		{
-			Number:     4,
+			Number:     5,
 			Title:      "Test branch",
 			Content:    "do not merge this PR",
 			Milestone:  "1.1.0",
@@ -417,19 +492,20 @@ func TestGitlabSkippedIssueNumber(t *testing.T) {
 	server := unittest.NewMockWebServer(t, "https://gitlab.com", fixturePath, gitlabPersonalAccessToken != "")
 	defer server.Close()
 
-	downloader, err := NewGitlabDownloader(t.Context(), server.URL, "troyengel/archbuild", "", "", gitlabPersonalAccessToken)
+	downloader, err := NewGitlabDownloader(t.Context(), server.URL, "forgejo/test_repo-skipped-numbers", "", "", gitlabPersonalAccessToken)
 	if err != nil {
 		t.Fatalf("NewGitlabDownloader is nil: %v", err)
 	}
 	repo, err := downloader.GetRepoInfo()
 	require.NoError(t, err)
+	// Repo Owner is blank in Gitlab Group repos
 	assertRepositoryEqual(t, &base.Repository{
-		Name:          "archbuild",
-		Owner:         "troyengel",
-		Description:   "Arch packaging and build files",
-		CloneURL:      server.URL + "/troyengel/archbuild.git",
-		OriginalURL:   server.URL + "/troyengel/archbuild",
-		DefaultBranch: "master",
+		Name:          "test_repo-skipped-numbers",
+		Owner:         "",
+		Description:   "",
+		CloneURL:      server.URL + "/forgejo/test_repo-skipped-numbers.git",
+		OriginalURL:   server.URL + "/forgejo/test_repo-skipped-numbers",
+		DefaultBranch: "main",
 	}, repo)
 
 	issues, isEnd, err := downloader.GetIssues(1, 10)
@@ -439,7 +515,7 @@ func TestGitlabSkippedIssueNumber(t *testing.T) {
 	// the only issue in this repository has number 2
 	assert.Len(t, issues, 1)
 	assert.EqualValues(t, 2, issues[0].Number)
-	assert.Equal(t, "vpn unlimited errors", issues[0].Title)
+	assert.Equal(t, "2nd issue", issues[0].Title)
 
 	prs, _, err := downloader.GetPullRequests(1, 10)
 	require.NoError(t, err)
@@ -448,7 +524,7 @@ func TestGitlabSkippedIssueNumber(t *testing.T) {
 	// pull request 3 in Forgejo
 	assert.Len(t, prs, 1)
 	assert.EqualValues(t, 3, prs[0].Number)
-	assert.Equal(t, "Review", prs[0].Title)
+	assert.Equal(t, "cleanup README.md", prs[0].Title)
 }
 
 func gitlabClientMockSetup(t *testing.T) (*http.ServeMux, *httptest.Server, *gitlab.Client) {
@@ -744,6 +820,7 @@ func TestCommentBodyParser(t *testing.T) {
 	testNote4 := makeTestNote(4, "Closed by !1 and !14", false, now)
 	testNote5 := makeTestNote(5, "Actually !1 and !1 are the same but !100 and !214 are not", false, now)
 	testNote6 := makeTestNote(6, "!11 and !1 are simillar but !201 and !100 are not!", false, now)
+	testNote7 := makeTestNote(1, "Simillar to #9, may be solved in !004", false, now)
 
 	parsedBody1 := downloader.convertMRReference(testNote1.Body)
 	parsedBody2 := downloader.convertMRReference(testNote2.Body)
@@ -751,6 +828,7 @@ func TestCommentBodyParser(t *testing.T) {
 	parsedBody4 := downloader.convertMRReference(testNote4.Body)
 	parsedBody5 := downloader.convertMRReference(testNote5.Body)
 	parsedBody6 := downloader.convertMRReference(testNote6.Body)
+	parsedBody7 := downloader.convertMRReference(testNote7.Body)
 
 	// Assuming a total of 20 comments + PRs
 	assert.Equal(t, "Simillar to #9, may be solved in !14", parsedBody1)
@@ -759,4 +837,5 @@ func TestCommentBodyParser(t *testing.T) {
 	assert.Equal(t, "Closed by !11 and !24", parsedBody4)
 	assert.Equal(t, "Actually !11 and !11 are the same but !110 and !224 are not", parsedBody5)
 	assert.Equal(t, "!21 and !11 are simillar but !211 and !110 are not!", parsedBody6)
+	assert.Equal(t, "Simillar to #9, may be solved in !14", parsedBody7)
 }
diff --git a/services/migrations/main_test.go b/services/migrations/main_test.go
index 02282d5266..d304f345cf 100644
--- a/services/migrations/main_test.go
+++ b/services/migrations/main_test.go
@@ -5,6 +5,7 @@
 package migrations
 
 import (
+	"fmt"
 	"testing"
 	"time"
 
@@ -109,7 +110,9 @@ func assertIssueEqual(t *testing.T, expected, actual *base.Issue) {
 func assertIssuesEqual(t *testing.T, expected, actual []*base.Issue) {
 	if assert.Len(t, actual, len(expected)) {
 		for i := range expected {
-			assertIssueEqual(t, expected[i], actual[i])
+			t.Run(fmt.Sprintf("issue[%d]", i), func(t *testing.T) {
+				assertIssueEqual(t, expected[i], actual[i])
+			})
 		}
 	}
 }
@@ -172,7 +175,6 @@ func assertReactionsEqual(t *testing.T, expected, actual []*base.Reaction) {
 func assertReleaseAssetEqual(t *testing.T, expected, actual *base.ReleaseAsset) {
 	assert.Equal(t, expected.ID, actual.ID)
 	assert.Equal(t, expected.Name, actual.Name)
-	assert.Equal(t, expected.ContentType, actual.ContentType)
 	assert.Equal(t, expected.Size, actual.Size)
 	assert.Equal(t, expected.DownloadCount, actual.DownloadCount)
 	assertTimeEqual(t, expected.Created, actual.Created)
@@ -181,9 +183,11 @@ func assertReleaseAssetEqual(t *testing.T, expected, actual *base.ReleaseAsset)
 }
 
 func assertReleaseAssetsEqual(t *testing.T, expected, actual []*base.ReleaseAsset) {
-	if assert.Len(t, actual, len(expected)) {
+	if assert.Len(t, actual, len(expected), "wrong number of assets") {
 		for i := range expected {
-			assertReleaseAssetEqual(t, expected[i], actual[i])
+			t.Run(fmt.Sprintf("asset[%d]", i), func(t *testing.T) {
+				assertReleaseAssetEqual(t, expected[i], actual[i])
+			})
 		}
 	}
 }
@@ -204,9 +208,11 @@ func assertReleaseEqual(t *testing.T, expected, actual *base.Release) {
 }
 
 func assertReleasesEqual(t *testing.T, expected, actual []*base.Release) {
-	if assert.Len(t, actual, len(expected)) {
+	if assert.Len(t, actual, len(expected), "wrong number of releases") {
 		for i := range expected {
-			assertReleaseEqual(t, expected[i], actual[i])
+			t.Run(fmt.Sprintf("release[%d]", i), func(t *testing.T) {
+				assertReleaseEqual(t, expected[i], actual[i])
+			})
 		}
 	}
 }
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672
index 8dac7b406b..041068c55b 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672
@@ -1,23 +1,20 @@
 Cache-Control: max-age=0, private, must-revalidate
-Etag: W/"c77cec95a47ea2b28a897b9b9eaaf641"
-Gitlab-Lb: haproxy-main-28-lb-gprd
-Gitlab-Sv: api-gke-us-east1-b
-Ratelimit-Reset: 1764067260
 Cf-Cache-Status: MISS
-Strict-Transport-Security: max-age=31536000
 Content-Security-Policy: default-src 'none'
-Ratelimit-Limit: 2000
-Ratelimit-Observed: 4
-Referrer-Policy: strict-origin-when-cross-origin
-X-Runtime: 0.280463
 Content-Type: application/json
+Etag: W/"c121b3a20c1098563adf329ff75151ef"
+Gitlab-Lb: haproxy-main-42-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 4
+Ratelimit-Remaining: 1996
+Ratelimit-Reset: 1771085820
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
 Vary: Origin, Accept-Encoding
 X-Content-Type-Options: nosniff
 X-Frame-Options: SAMEORIGIN
-Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Remaining: 1996
-X-Gitlab-Meta: {"correlation_id":"9a40876c7564e0d9-ATL","version":"1"}
-Set-Cookie: __cf_bm=pNVcnucqgoXcZjvxr101uQXpAxglmowlLAItA.WHiEE-1764067238-1.0.1.1-bHnsERU82S.3aXviQYZyZ.Wpz1M9bl64MxY81EF8r68DhKfk4q01V_P2K2xdnH2EisJA8NJCH8S6WRN17yBWvtpyv3KTgEM.fWZTzzVvsnE; path=/; expires=Tue, 25-Nov-25 11:10:38 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=IeTcO1.iXZQZ_rk.w1KsaEts1gdvZO2RzZzYRR6IKU0-1764067238254-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+X-Runtime: 0.265902
 
-{"id":61363672,"description":"Test repository for testing migration from gitlab to forgejo","name":"test_repo","name_with_namespace":"Forgejo / test_repo","path":"test_repo","path_with_namespace":"forgejo/test_repo","created_at":"2024-09-03T07:44:30.668Z","default_branch":"master","tag_list":["migration","test"],"topics":["migration","test"],"ssh_url_to_repo":"git@gitlab.com:forgejo/test_repo.git","http_url_to_repo":"https://gitlab.com/forgejo/test_repo.git","web_url":"https://gitlab.com/forgejo/test_repo","readme_url":"https://gitlab.com/forgejo/test_repo/-/blob/master/README.md","forks_count":0,"avatar_url":null,"star_count":0,"last_activity_at":"2025-11-25T09:03:01.001Z","visibility":"public","namespace":{"id":64459497,"name":"Forgejo","path":"forgejo","kind":"group","full_path":"forgejo","parent_id":null,"avatar_url":"/uploads/-/system/group/avatar/64459497/73144-c883a242dec5299fbc06bbe3ee71d8c6.png","web_url":"https://gitlab.com/groups/forgejo"},"forked_from_project":{"id":15578026,"description":"Test repository for testing migration from gitlab to gitea","name":"test_repo","name_with_namespace":"gitea / test_repo","path":"test_repo","path_with_namespace":"gitea/test_repo","created_at":"2019-11-28T08:20:33.019Z","default_branch":"master","tag_list":["migration","test"],"topics":["migration","test"],"ssh_url_to_repo":"git@gitlab.com:gitea/test_repo.git","http_url_to_repo":"https://gitlab.com/gitea/test_repo.git","web_url":"https://gitlab.com/gitea/test_repo","readme_url":"https://gitlab.com/gitea/test_repo/-/blob/master/README.md","forks_count":2,"avatar_url":null,"star_count":0,"last_activity_at":"2025-11-25T09:21:43.130Z","visibility":"public","namespace":{"id":3181312,"name":"gitea","path":"gitea","kind":"group","full_path":"gitea","parent_id":null,"avatar_url":"/uploads/-/system/group/avatar/3181312/gitea.png","web_url":"https://gitlab.com/groups/gitea"}},"container_registry_image_prefix":"registry.gitlab.com/forgejo/test_repo","_links":{"self":"https://gitlab.com/api/v4/projects/61363672","issues":"https://gitlab.com/api/v4/projects/61363672/issues","merge_requests":"https://gitlab.com/api/v4/projects/61363672/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/61363672/repository/branches","labels":"https://gitlab.com/api/v4/projects/61363672/labels","events":"https://gitlab.com/api/v4/projects/61363672/events","members":"https://gitlab.com/api/v4/projects/61363672/members","cluster_agents":"https://gitlab.com/api/v4/projects/61363672/cluster_agents"},"marked_for_deletion_at":null,"marked_for_deletion_on":null,"packages_enabled":true,"empty_repo":false,"archived":false,"resolve_outdated_diff_discussions":false,"container_expiration_policy":{"cadence":"1d","enabled":false,"keep_n":10,"older_than":"90d","name_regex":".*","name_regex_keep":null,"next_run_at":"2024-09-04T07:44:30.699Z"},"repository_object_format":"sha1","issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"service_desk_address":"contact-project+forgejo-test-repo-61363672-issue-@incoming.gitlab.com","can_create_merge_request_in":true,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"enabled","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","model_registry_access_level":"enabled","package_registry_access_level":"public","emails_disabled":false,"emails_enabled":true,"show_diff_preview_in_email":true,"shared_runners_enabled":true,"lfs_enabled":true,"creator_id":2005797,"mr_default_target_self":false,"import_url":null,"import_type":null,"import_status":"finished","import_error":null,"open_issues_count":1,"description_html":"\u003cp data-sourcepos=\"1:1-1:60\" dir=\"auto\"\u003eTest repository for testing migration from gitlab to forgejo\u003c/p\u003e","updated_at":"2025-11-25T09:21:03.121Z","ci_default_git_depth":50,"ci_delete_pipelines_in_seconds":null,"ci_forward_deployment_enabled":true,"ci_forward_deployment_rollback_allowed":true,"ci_job_token_scope_enabled":false,"ci_separated_caches":true,"ci_allow_fork_pipelines_to_run_in_parent_project":true,"ci_id_token_sub_claim_components":["project_path","ref_type","ref"],"build_git_strategy":"fetch","keep_latest_artifact":true,"restrict_user_defined_variables":false,"ci_pipeline_variables_minimum_override_role":"developer","runner_token_expiration_interval":null,"group_runners_enabled":true,"resource_group_default_process_mode":"unordered","auto_cancel_pending_pipelines":"enabled","build_timeout":3600,"auto_devops_enabled":false,"auto_devops_deploy_strategy":"continuous","ci_push_repository_for_job_token_allowed":false,"ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":true,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":true,"printing_merge_request_link_enabled":true,"merge_method":"merge","merge_request_title_regex":null,"merge_request_title_regex_description":null,"squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"warn_about_potentially_unwanted_characters":true,"autoclose_referenced_issues":true,"max_artifacts_size":null,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":true,"compliance_frameworks":[],"duo_remote_flows_enabled":true,"duo_foundational_flows_enabled":false,"web_based_commit_signing_enabled":false,"permissions":{"project_access":{"access_level":40,"notification_level":3},"group_access":null}}
\ No newline at end of file
+{"id":61363672,"description":"Test repository for testing migration from gitlab to forgejo","name":"test_repo","name_with_namespace":"Forgejo / test_repo","path":"test_repo","path_with_namespace":"forgejo/test_repo","created_at":"2024-09-03T07:44:30.668Z","default_branch":"master","tag_list":["migration","migration test","test"],"topics":["migration","migration test","test"],"ssh_url_to_repo":"git@gitlab.com:forgejo/test_repo.git","http_url_to_repo":"https://gitlab.com/forgejo/test_repo.git","web_url":"https://gitlab.com/forgejo/test_repo","readme_url":"https://gitlab.com/forgejo/test_repo/-/blob/master/README.md","forks_count":0,"avatar_url":null,"star_count":0,"last_activity_at":"2026-02-13T20:46:12.772Z","visibility":"public","namespace":{"id":64459497,"name":"Forgejo","path":"forgejo","kind":"group","full_path":"forgejo","parent_id":null,"avatar_url":"/uploads/-/system/group/avatar/64459497/73144-c883a242dec5299fbc06bbe3ee71d8c6.png","web_url":"https://gitlab.com/groups/forgejo"},"container_registry_image_prefix":"registry.gitlab.com/forgejo/test_repo","_links":{"self":"https://gitlab.com/api/v4/projects/61363672","issues":"https://gitlab.com/api/v4/projects/61363672/issues","merge_requests":"https://gitlab.com/api/v4/projects/61363672/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/61363672/repository/branches","labels":"https://gitlab.com/api/v4/projects/61363672/labels","events":"https://gitlab.com/api/v4/projects/61363672/events","members":"https://gitlab.com/api/v4/projects/61363672/members","cluster_agents":"https://gitlab.com/api/v4/projects/61363672/cluster_agents"},"marked_for_deletion_at":null,"marked_for_deletion_on":null,"packages_enabled":true,"empty_repo":false,"archived":true,"resolve_outdated_diff_discussions":false,"container_expiration_policy":{"cadence":"1d","enabled":false,"keep_n":10,"older_than":"90d","name_regex":".*","name_regex_keep":null,"next_run_at":"2024-09-04T07:44:30.699Z"},"repository_object_format":"sha1","issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"can_create_merge_request_in":false,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"enabled","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","model_registry_access_level":"enabled","package_registry_access_level":"public","emails_disabled":false,"emails_enabled":true,"show_diff_preview_in_email":true,"shared_runners_enabled":true,"lfs_enabled":true,"creator_id":2005797,"import_url":null,"import_type":null,"import_status":"finished","import_error":null,"open_issues_count":2,"description_html":"\u003cp data-sourcepos=\"1:1-1:60\" dir=\"auto\"\u003eTest repository for testing migration from gitlab to forgejo\u003c/p\u003e","updated_at":"2026-02-14T16:16:08.902Z","ci_default_git_depth":50,"ci_delete_pipelines_in_seconds":null,"ci_forward_deployment_enabled":true,"ci_forward_deployment_rollback_allowed":true,"ci_job_token_scope_enabled":false,"ci_separated_caches":true,"ci_allow_fork_pipelines_to_run_in_parent_project":true,"ci_id_token_sub_claim_components":["project_path","ref_type","ref"],"build_git_strategy":"fetch","keep_latest_artifact":true,"restrict_user_defined_variables":false,"ci_pipeline_variables_minimum_override_role":"developer","runner_token_expiration_interval":null,"group_runners_enabled":true,"resource_group_default_process_mode":"unordered","auto_cancel_pending_pipelines":"enabled","build_timeout":3600,"auto_devops_enabled":false,"auto_devops_deploy_strategy":"continuous","ci_push_repository_for_job_token_allowed":false,"ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":true,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":true,"printing_merge_request_link_enabled":true,"merge_method":"merge","merge_request_title_regex":null,"merge_request_title_regex_description":null,"squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"warn_about_potentially_unwanted_characters":true,"autoclose_referenced_issues":true,"max_artifacts_size":null,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":true,"compliance_frameworks":[],"duo_remote_flows_enabled":true,"duo_foundational_flows_enabled":true,"web_based_commit_signing_enabled":false,"permissions":{"project_access":null,"group_access":{"access_level":50,"notification_level":3}}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=1&per_page=2 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=1&per_page=2
deleted file mode 100644
index c95d5fd2ea..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=1&per_page=2
+++ /dev/null
@@ -1,30 +0,0 @@
-Ratelimit-Limit: 2000
-X-Gitlab-Meta: {"correlation_id":"9a405365d6794fc7-ATL","version":"1"}
-X-Page: 1
-X-Per-Page: 2
-Set-Cookie: __cf_bm=C5GGirb47y1AnxdEybainR1wHe_wFq41P5zDjTZX3yk-1764065107-1.0.1.1-mWi3KtIRmcyLamp2D2O3UsEVFAAu65Kq6r.fkCp9g7iBN9NXkpBwglhkU0pH0XEoKCoY7qLFRA6dcjdYRqzU4Wrezc9nf_FvtZ1tDxbRLM4; path=/; expires=Tue, 25-Nov-25 10:35:07 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=DJAtB6RFRWI32R0nVIBcUFeqnT.fjNBWrZdi.MUzDds-1764065107320-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/1/award_emoji?id=61363672&issue_iid=1&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/1/award_emoji?id=61363672&issue_iid=1&page=1&per_page=2>; rel="last"
-Content-Security-Policy: default-src 'none'
-Gitlab-Lb: haproxy-main-43-lb-gprd
-X-Content-Type-Options: nosniff
-X-Runtime: 0.114443
-Cache-Control: max-age=0, private, must-revalidate
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Remaining: 1991
-Ratelimit-Observed: 9
-X-Next-Page: 
-X-Prev-Page: 
-X-Total-Pages: 1
-Cf-Cache-Status: MISS
-Referrer-Policy: strict-origin-when-cross-origin
-X-Frame-Options: SAMEORIGIN
-Content-Type: application/json
-Vary: Origin, Accept-Encoding
-Gitlab-Sv: api-gke-us-east1-b
-Ratelimit-Reset: 1764065160
-Etag: W/"8a63dd18b47e217645efd63790d939b6"
-Ratelimit-Name: throttle_authenticated_api
-X-Total: 2
-
-[{"id":28099429,"name":"thumbsup","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T19:56:19.487Z","updated_at":"2024-09-03T19:56:19.487Z","awardable_id":152568896,"awardable_type":"Issue","url":null},{"id":28099432,"name":"open_mouth","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T19:56:24.365Z","updated_at":"2024-09-03T19:56:24.365Z","awardable_id":152568896,"awardable_type":"Issue","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=1&per_page=3 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=1&per_page=3
index e480d6431f..e2fe469a67 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=1&per_page=3
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=1&per_page=3
@@ -1,30 +1,27 @@
-Content-Type: application/json
-Gitlab-Sv: api-gke-us-east1-c
-Ratelimit-Limit: 2000
-X-Total-Pages: 1
+Cache-Control: max-age=0, private, must-revalidate
 Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"8a63dd18b47e217645efd63790d939b6"
+Gitlab-Lb: haproxy-main-31-lb-gprd
+Gitlab-Sv: api-gke-us-east1-b
+Link: <https://gitlab.com/api/v4/projects/61363672/issues/1/award_emoji?id=61363672&issue_iid=1&page=1&per_page=3>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/1/award_emoji?id=61363672&issue_iid=1&page=1&per_page=3>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 15
+Ratelimit-Remaining: 1985
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
 X-Per-Page: 3
 X-Prev-Page: 
-Set-Cookie: __cf_bm=AMkW.FglpczGT7nCMi_moniL9P4E.UGt4JDm070vKFE-1764067240-1.0.1.1-3QZwxgak9dKmN8t8sAA11eCLyiWdDjbVaWuGfyVvF.bMk3qQb08X9.n7foHiwljxlG9XcXaGQLJ9RzqwPJGViCz2nTZw7my.wVKi4dECxaA; path=/; expires=Tue, 25-Nov-25 11:10:40 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=VDNJkuLs.DLPThrJdTl9P4NavYEsbxLAbkpfYeG_TIo-1764067240555-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Cache-Control: max-age=0, private, must-revalidate
-Strict-Transport-Security: max-age=31536000
-Content-Security-Policy: default-src 'none'
-Ratelimit-Remaining: 1991
-Ratelimit-Reset: 1764067260
-X-Frame-Options: SAMEORIGIN
-X-Gitlab-Meta: {"correlation_id":"9a40877bd3c5e0d9-ATL","version":"1"}
-X-Next-Page: 
-Vary: Origin, Accept-Encoding
-Ratelimit-Observed: 9
-X-Page: 1
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/1/award_emoji?id=61363672&issue_iid=1&page=1&per_page=3>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/1/award_emoji?id=61363672&issue_iid=1&page=1&per_page=3>; rel="last"
+X-Runtime: 0.080698
 X-Total: 2
-Ratelimit-Name: throttle_authenticated_api
-Referrer-Policy: strict-origin-when-cross-origin
-X-Content-Type-Options: nosniff
-X-Runtime: 0.114023
-Etag: W/"8a63dd18b47e217645efd63790d939b6"
-Gitlab-Lb: haproxy-main-38-lb-gprd
+X-Total-Pages: 1
 
 [{"id":28099429,"name":"thumbsup","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T19:56:19.487Z","updated_at":"2024-09-03T19:56:19.487Z","awardable_id":152568896,"awardable_type":"Issue","url":null},{"id":28099432,"name":"open_mouth","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T19:56:24.365Z","updated_at":"2024-09-03T19:56:24.365Z","awardable_id":152568896,"awardable_type":"Issue","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=2&per_page=2 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=2&per_page=2
deleted file mode 100644
index fba1ea703f..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F1%2Faward_emoji%3Fpage=2&per_page=2
+++ /dev/null
@@ -1,32 +0,0 @@
-X-Total: 2
-Content-Length: 2
-X-Per-Page: 2
-Cache-Control: max-age=0, private, must-revalidate
-Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Observed: 10
-X-Runtime: 0.093808
-X-Total-Pages: 1
-Accept-Ranges: bytes
-Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Remaining: 1990
-X-Next-Page: 
-Set-Cookie: __cf_bm=krmSIgoXy70nwccNzKrKDrmGomsstoTv.pb2G609iS8-1764065107-1.0.1.1-O3bOtgk9Cm4h3Nr5ppRJDGdeQ7ojT70JRYEWnC7I2W8eegxfQG4mhNRRmmbsU86z9feGvE2FRtyPC8WcznS3cvzBO4v0i1K9bifxgfMT3Jg; path=/; expires=Tue, 25-Nov-25 10:35:07 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=3IXI51wbK6iOCjIgl35YHfmHOshYnQFoepGa8MPgbzQ-1764065107606-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Type: application/json
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/1/award_emoji?id=61363672&issue_iid=1&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/1/award_emoji?id=61363672&issue_iid=1&page=1&per_page=2>; rel="last"
-Vary: Origin, Accept-Encoding
-Ratelimit-Limit: 2000
-Cf-Cache-Status: MISS
-Gitlab-Sv: api-gke-us-east1-d
-X-Prev-Page: 
-Referrer-Policy: strict-origin-when-cross-origin
-X-Content-Type-Options: nosniff
-X-Frame-Options: SAMEORIGIN
-Content-Security-Policy: default-src 'none'
-Gitlab-Lb: haproxy-main-45-lb-gprd
-Ratelimit-Reset: 1764065160
-X-Gitlab-Meta: {"correlation_id":"9a40536901af4fc7-ATL","version":"1"}
-X-Page: 2
-
-[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=2 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=2
deleted file mode 100644
index 34671df48b..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=2
+++ /dev/null
@@ -1,30 +0,0 @@
-X-Content-Type-Options: nosniff
-X-Page: 1
-X-Prev-Page: 
-X-Total-Pages: 3
-Gitlab-Lb: haproxy-main-49-lb-gprd
-Ratelimit-Observed: 11
-Strict-Transport-Security: max-age=31536000
-Gitlab-Sv: api-gke-us-east1-b
-Ratelimit-Limit: 2000
-X-Next-Page: 2
-X-Total: 6
-Vary: Origin, Accept-Encoding
-Ratelimit-Remaining: 1989
-Ratelimit-Reset: 1764065160
-X-Frame-Options: SAMEORIGIN
-X-Runtime: 0.145887
-Content-Security-Policy: default-src 'none'
-X-Per-Page: 2
-Cf-Cache-Status: MISS
-Etag: W/"46d402fdfea4626a5b918865ed2a21b3"
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=2&per_page=2>; rel="next", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=3&per_page=2>; rel="last"
-Referrer-Policy: strict-origin-when-cross-origin
-X-Gitlab-Meta: {"correlation_id":"9a40536ad3804fc7-ATL","version":"1"}
-Set-Cookie: __cf_bm=iAflLFsTWXue0NdlWTclQNmHmKgpnpLwVGp9zRstYHA-1764065107-1.0.1.1-iBouQbArw5dudRhRG8Gc.oXAcwJckMJKbFw9UkTlVrUCMc8xwY52vD9JDp6LxvnCvrbT_TWiKhCL1tjvXy2.hS7lAOJwjoKLTE8Ilc8GPwg; path=/; expires=Tue, 25-Nov-25 10:35:07 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=Rcq3h31X5A4Y4I4o2L2rg7wfiVvTIFeAnA5MHEHeMtE-1764065107948-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Type: application/json
-Cache-Control: max-age=0, private, must-revalidate
-Ratelimit-Name: throttle_authenticated_api
-
-[{"id":28092934,"name":"thumbsup","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:45:50.310Z","updated_at":"2024-09-03T14:45:50.310Z","awardable_id":152568900,"awardable_type":"Issue","url":null},{"id":28092936,"name":"thumbsdown","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:45:51.174Z","updated_at":"2024-09-03T14:45:51.174Z","awardable_id":152568900,"awardable_type":"Issue","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=3 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=3
index 9fb6111c05..da1dddaddb 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=3
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=3
@@ -1,30 +1,27 @@
-Cf-Cache-Status: MISS
-Gitlab-Lb: haproxy-main-56-lb-gprd
-Gitlab-Sv: api-gke-us-east1-c
-Ratelimit-Observed: 10
-X-Per-Page: 3
-Content-Security-Policy: default-src 'none'
-Ratelimit-Limit: 2000
-Referrer-Policy: strict-origin-when-cross-origin
-X-Total: 6
 Cache-Control: max-age=0, private, must-revalidate
-Ratelimit-Remaining: 1990
-X-Gitlab-Meta: {"correlation_id":"9a40877dc542e0d9-ATL","version":"1"}
-X-Total-Pages: 2
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
 Content-Type: application/json
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=2&per_page=3>; rel="next", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=3>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=2&per_page=3>; rel="last"
-Vary: Origin, Accept-Encoding
-X-Next-Page: 2
-X-Page: 1
-X-Runtime: 0.094421
 Etag: W/"a7f74b6635cdf940405e20b5627e092a"
+Gitlab-Lb: haproxy-main-29-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
+Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=2&per_page=3>; rel="next", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=3>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=2&per_page=3>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 11
+Ratelimit-Remaining: 1989
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
 Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
 X-Content-Type-Options: nosniff
 X-Frame-Options: SAMEORIGIN
+X-Next-Page: 2
+X-Page: 1
+X-Per-Page: 3
 X-Prev-Page: 
-Set-Cookie: __cf_bm=1pVUk5OSzwbz4O8dsFsRnozXAyop91pPTEBHeWWpDnU-1764067240-1.0.1.1-5IYX.blo82vcD5UKTwXG7ln4ys9VsT8BYI8x9c9lF2Q4yBTQxA8DUvNouhqDG6Ge_Ps8oVjgbQrYPMb7Jt2zn5Xh3jOtS9ulH3q7ITiR7ek; path=/; expires=Tue, 25-Nov-25 11:10:40 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=gEvp_O9POy6sfr63Hx3Ama.RZa_hYvDk4vkRpBHycmE-1764067240834-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Reset: 1764067260
+X-Runtime: 0.087002
+X-Total: 6
+X-Total-Pages: 2
 
 [{"id":28092934,"name":"thumbsup","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:45:50.310Z","updated_at":"2024-09-03T14:45:50.310Z","awardable_id":152568900,"awardable_type":"Issue","url":null},{"id":28092936,"name":"thumbsdown","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:45:51.174Z","updated_at":"2024-09-03T14:45:51.174Z","awardable_id":152568900,"awardable_type":"Issue","url":null},{"id":28092944,"name":"laughing","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:46:00.936Z","updated_at":"2024-09-03T14:46:00.936Z","awardable_id":152568900,"awardable_type":"Issue","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=2&per_page=2 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=2&per_page=2
deleted file mode 100644
index ac0ac301b7..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=2&per_page=2
+++ /dev/null
@@ -1,30 +0,0 @@
-Etag: W/"15557729ecccd67be90f7632b49d20e5"
-Gitlab-Sv: api-gke-us-east1-d
-X-Content-Type-Options: nosniff
-X-Runtime: 0.176046
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=2>; rel="prev", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=3&per_page=2>; rel="next", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=3&per_page=2>; rel="last"
-Vary: Origin, Accept-Encoding
-Ratelimit-Observed: 12
-Ratelimit-Reset: 1764065160
-Cf-Cache-Status: MISS
-X-Gitlab-Meta: {"correlation_id":"9a40536cf55d4fc7-ATL","version":"1"}
-X-Total-Pages: 3
-Content-Security-Policy: default-src 'none'
-Referrer-Policy: strict-origin-when-cross-origin
-X-Per-Page: 2
-X-Prev-Page: 1
-X-Total: 6
-Content-Type: application/json
-Cache-Control: max-age=0, private, must-revalidate
-Strict-Transport-Security: max-age=31536000
-Gitlab-Lb: haproxy-main-39-lb-gprd
-Ratelimit-Name: throttle_authenticated_api
-X-Next-Page: 3
-X-Page: 2
-Ratelimit-Limit: 2000
-X-Frame-Options: SAMEORIGIN
-Set-Cookie: __cf_bm=6PlKBj6oiuq6_N7epiS8Xm97vcaMAb9oDDhC1roPYgY-1764065108-1.0.1.1-XesydYL7bwOpVgX.ZNZLcgr8fZUWm36QW2vpzPhzl0G3ok_ebr4MVuM_XldppYra8PuF_9X3ErU.u0k.aVkhCwJbtNwJgxrtTycf3bA5gXc; path=/; expires=Tue, 25-Nov-25 10:35:08 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=ww6AGjv1O4W9g8e2r75FKUoE_C9tXI.9LU3S5Ldwk3Q-1764065108312-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Ratelimit-Remaining: 1988
-
-[{"id":28092944,"name":"laughing","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:46:00.936Z","updated_at":"2024-09-03T14:46:00.936Z","awardable_id":152568900,"awardable_type":"Issue","url":null},{"id":28092948,"name":"tada","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:46:09.593Z","updated_at":"2024-09-03T14:46:09.593Z","awardable_id":152568900,"awardable_type":"Issue","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=2&per_page=3 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=2&per_page=3
index c885b1e7ad..9310ff08ae 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=2&per_page=3
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=2&per_page=3
@@ -1,30 +1,27 @@
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Observed: 11
-Ratelimit-Remaining: 1989
-Set-Cookie: __cf_bm=9AE8CpIjrEnerJtOH7BLyO_OXlXzIs0gOxe3EtqIUuA-1764067241-1.0.1.1-Qs3bffq8SPyos4SyAbcK_5xcCd8OmKP52qPTL7ta5sxW7DtrWmeVuW8GkH.7PLS4D8kxUIGLhr81eTmtH_pcv9Q6Bq_9ACQVIRXQBoDsjXI; path=/; expires=Tue, 25-Nov-25 11:10:41 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=7LR1RtBEpFtdvYmrN.poZNibwl0WEel7bAmYSK4txoU-1764067241094-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-X-Prev-Page: 1
-Cf-Cache-Status: MISS
-Ratelimit-Limit: 2000
-Ratelimit-Reset: 1764067260
-X-Runtime: 0.081401
-X-Total: 6
-Gitlab-Lb: haproxy-main-28-lb-gprd
-X-Content-Type-Options: nosniff
-Etag: W/"412dc0049cf530d17cba7741291c3200"
-Vary: Origin, Accept-Encoding
-Referrer-Policy: strict-origin-when-cross-origin
-X-Next-Page: 
-X-Per-Page: 3
 Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
 Content-Security-Policy: default-src 'none'
-X-Total-Pages: 2
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=3>; rel="prev", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=3>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=2&per_page=3>; rel="last"
-Gitlab-Sv: api-gke-us-east1-b
-X-Frame-Options: SAMEORIGIN
-X-Page: 2
 Content-Type: application/json
-X-Gitlab-Meta: {"correlation_id":"9a40877f76b0e0d9-ATL","version":"1"}
+Etag: W/"412dc0049cf530d17cba7741291c3200"
+Gitlab-Lb: haproxy-main-45-lb-gprd
+Gitlab-Sv: gke-cny-api
+Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=3>; rel="prev", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=3>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=2&per_page=3>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 12
+Ratelimit-Remaining: 1988
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 2
+X-Per-Page: 3
+X-Prev-Page: 1
+X-Runtime: 0.072203
+X-Total: 6
+X-Total-Pages: 2
 
 [{"id":28092948,"name":"tada","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:46:09.593Z","updated_at":"2024-09-03T14:46:09.593Z","awardable_id":152568900,"awardable_type":"Issue","url":null},{"id":28092953,"name":"confused","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:46:18.191Z","updated_at":"2024-09-03T14:46:18.191Z","awardable_id":152568900,"awardable_type":"Issue","url":null},{"id":28092962,"name":"hearts","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:46:35.367Z","updated_at":"2024-09-03T14:46:35.367Z","awardable_id":152568900,"awardable_type":"Issue","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=3&per_page=2 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=3&per_page=2
deleted file mode 100644
index d016c95c8f..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=3&per_page=2
+++ /dev/null
@@ -1,30 +0,0 @@
-Ratelimit-Reset: 1764065160
-X-Total: 6
-X-Total-Pages: 3
-Gitlab-Lb: haproxy-main-03-lb-gprd
-X-Gitlab-Meta: {"correlation_id":"9a40536f57014fc7-ATL","version":"1"}
-X-Runtime: 0.292482
-Vary: Origin, Accept-Encoding
-Gitlab-Sv: api-gke-us-east1-d
-Ratelimit-Remaining: 1987
-Referrer-Policy: strict-origin-when-cross-origin
-X-Content-Type-Options: nosniff
-Cf-Cache-Status: MISS
-Ratelimit-Name: throttle_authenticated_api
-X-Frame-Options: SAMEORIGIN
-Etag: W/"ceed6f177d5f7e84961ad604a8cddc35"
-X-Page: 3
-X-Prev-Page: 2
-Content-Type: application/json
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=2&per_page=2>; rel="prev", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=3&per_page=2>; rel="last"
-Ratelimit-Limit: 2000
-Set-Cookie: __cf_bm=t2tUXdhLqCPmsw4U1LbZRu_gDoywVJmKT1x66aIcKoA-1764065108-1.0.1.1-Q6CudjcxQoHnyXHzHcIH4s_2Pte9_SriSix3lG7t79O.7er2sS7Ltg32UG33iHJMoGh1FRMTXnlFJA3g6mPm3vs2T.Z7rx8LjInyQ98AdCA; path=/; expires=Tue, 25-Nov-25 10:35:08 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=L3s_nmm3ScmGh8cr3YisKfgCl7xvN0vJNxfsvMYEpzk-1764065108869-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Cache-Control: max-age=0, private, must-revalidate
-Content-Security-Policy: default-src 'none'
-Ratelimit-Observed: 13
-X-Next-Page: 
-X-Per-Page: 2
-Strict-Transport-Security: max-age=31536000
-
-[{"id":28092953,"name":"confused","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:46:18.191Z","updated_at":"2024-09-03T14:46:18.191Z","awardable_id":152568900,"awardable_type":"Issue","url":null},{"id":28092962,"name":"hearts","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:46:35.367Z","updated_at":"2024-09-03T14:46:35.367Z","awardable_id":152568900,"awardable_type":"Issue","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=3&per_page=3 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=3&per_page=3
index 7b78f53c9a..222ae67c3d 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=3&per_page=3
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=3&per_page=3
@@ -1,32 +1,29 @@
-Content-Type: application/json
-Gitlab-Lb: haproxy-main-53-lb-gprd
-Ratelimit-Name: throttle_authenticated_api
-X-Prev-Page: 
-Ratelimit-Reset: 1764067260
-Cache-Control: max-age=0, private, must-revalidate
-Gitlab-Sv: api-gke-us-east1-c
-Ratelimit-Remaining: 1988
-X-Gitlab-Meta: {"correlation_id":"9a408781100ee0d9-ATL","version":"1"}
-Set-Cookie: __cf_bm=ERtdJNpQThaSjqUa1.mZTqn7n0q1_fbzhUfqnAuidrE-1764067241-1.0.1.1-SIVaHdxaT7VFCCtSClSPrkBAOkMKdqMo_6H.18diW8wVohWWzdQkGK1lgp7NSFWYB.9fUd08EGQM4crpdR0vk8L6Lx9vi5tSwI0F9El27Cs; path=/; expires=Tue, 25-Nov-25 11:10:41 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=TWm8WMj9YPkP1A9SyC.xy86EYVqWA5BmefQUd0h0Bh8-1764067241497-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Length: 2
 Accept-Ranges: bytes
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Length: 2
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
 Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Gitlab-Lb: haproxy-main-32-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
 Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=3>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=2&per_page=3>; rel="last"
 Ratelimit-Limit: 2000
-Vary: Origin, Accept-Encoding
-Content-Security-Policy: default-src 'none'
-X-Runtime: 0.199084
-Cf-Cache-Status: MISS
-X-Next-Page: 
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 13
+Ratelimit-Remaining: 1987
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
 Strict-Transport-Security: max-age=31536000
-Ratelimit-Observed: 12
+Vary: Origin, Accept-Encoding
 X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 3
 X-Per-Page: 3
+X-Prev-Page: 
+X-Runtime: 0.069015
 X-Total: 6
 X-Total-Pages: 2
-Referrer-Policy: strict-origin-when-cross-origin
-X-Frame-Options: SAMEORIGIN
-X-Page: 3
 
 []
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=4&per_page=2 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=4&per_page=2
deleted file mode 100644
index ebb294094d..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Faward_emoji%3Fpage=4&per_page=2
+++ /dev/null
@@ -1,32 +0,0 @@
-X-Total-Pages: 3
-Set-Cookie: __cf_bm=XEiSKl80KAa5zod94SawbVosALj1cNcQ_eq8bE3jYLU-1764065109-1.0.1.1-hnWNajuOroFE7mHA4HInOTO2nVGBGHu9yC6P4yIQZyPkA0jzn2v2QQW3QTNox6wumnUAuRkNfFUCG9tzx2wlteVA0JCboGsGmJY2FADr1LA; path=/; expires=Tue, 25-Nov-25 10:35:09 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=BVV2bFUiotodstANTLeIUoIFj5yU0lMB1WpZbkGzD9Q-1764065109254-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Vary: Origin, Accept-Encoding
-Gitlab-Sv: api-gke-us-east1-c
-Ratelimit-Observed: 14
-Ratelimit-Reset: 1764065160
-X-Page: 4
-Cf-Cache-Status: MISS
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji?id=61363672&issue_iid=2&page=3&per_page=2>; rel="last"
-Ratelimit-Limit: 2000
-Ratelimit-Remaining: 1986
-X-Content-Type-Options: nosniff
-Accept-Ranges: bytes
-X-Frame-Options: SAMEORIGIN
-Strict-Transport-Security: max-age=31536000
-Content-Security-Policy: default-src 'none'
-X-Next-Page: 
-Content-Type: application/json
-Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
-Gitlab-Lb: haproxy-main-53-lb-gprd
-X-Total: 6
-Ratelimit-Name: throttle_authenticated_api
-X-Per-Page: 2
-Content-Length: 2
-Referrer-Policy: strict-origin-when-cross-origin
-X-Gitlab-Meta: {"correlation_id":"9a405372b1ba4fc7-ATL","version":"1"}
-Cache-Control: max-age=0, private, must-revalidate
-X-Prev-Page: 
-X-Runtime: 0.198149
-
-[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Fdiscussions%3Fpage=1&per_page=100 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Fdiscussions%3Fpage=1&per_page=100
index 05e407d106..4f150ff0e5 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Fdiscussions%3Fpage=1&per_page=100
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Fdiscussions%3Fpage=1&per_page=100
@@ -1,30 +1,27 @@
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/discussions?id=61363672&noteable_id=2&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/discussions?id=61363672&noteable_id=2&page=1&per_page=100>; rel="last"
-Vary: Origin, Accept-Encoding
-X-Next-Page: 
-Etag: W/"3f43dfe90694977cf41e442db7d78f76"
-Ratelimit-Observed: 14
-Ratelimit-Remaining: 1986
-X-Gitlab-Meta: {"correlation_id":"9a408786746ce0d9-ATL","version":"1"}
-X-Runtime: 0.160743
-Strict-Transport-Security: max-age=31536000
-Gitlab-Lb: haproxy-main-51-lb-gprd
-Gitlab-Sv: api-gke-us-east1-d
-Referrer-Policy: strict-origin-when-cross-origin
-X-Page: 1
-Cf-Cache-Status: MISS
-Ratelimit-Limit: 2000
-X-Content-Type-Options: nosniff
-X-Per-Page: 100
-X-Total-Pages: 1
-Content-Security-Policy: default-src 'none'
-Ratelimit-Reset: 1764067260
-X-Prev-Page: 
 Cache-Control: max-age=0, private, must-revalidate
-X-Frame-Options: SAMEORIGIN
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
 Content-Type: application/json
+Etag: W/"f36dea488bdfeaf39734c472f94fed6b"
+Gitlab-Lb: haproxy-main-15-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
+Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/discussions?id=61363672&noteable_id=2&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/discussions?id=61363672&noteable_id=2&page=1&per_page=100>; rel="last"
+Ratelimit-Limit: 2000
 Ratelimit-Name: throttle_authenticated_api
-X-Total: 2
-Set-Cookie: __cf_bm=yLb0tijb_h6IcP8N5b9_gCUI2Oax.oodlJg5G_org7w-1764067242-1.0.1.1-96nM1EZJz3goO7FuhYyOprR4N67BL_8FlZ8L9TgGmqW2umM_h1xDE8tQNKLmthWt.CBQIfxBfNs1DXkxSv5WLkJ_450s8QqebqHYeHLWzvw; path=/; expires=Tue, 25-Nov-25 11:10:42 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=FKADqckdKPYzioe9Z2r5_0EEWR7cMjHX60K9UT3DE2Q-1764067242301-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Ratelimit-Observed: 16
+Ratelimit-Remaining: 1984
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
+X-Per-Page: 100
+X-Prev-Page: 
+X-Runtime: 0.205651
+X-Total: 3
+X-Total-Pages: 1
 
-[{"id":"8d6017e7426130502cd94fff207224b8a98efabc","individual_note":true,"notes":[{"id":2087994191,"type":null,"body":"This is a comment","author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:45:20.848Z","updated_at":"2024-09-03T14:45:46.592Z","system":false,"noteable_id":152568900,"noteable_type":"Issue","project_id":61363672,"resolvable":false,"confidential":false,"internal":false,"imported":false,"imported_from":"none","noteable_iid":2,"commands_changes":{}}]},{"id":"c721de2d3f2f0fe9a40005228f50d8c8d8131581","individual_note":true,"notes":[{"id":2087994632,"type":null,"body":"A second comment","author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:45:30.059Z","updated_at":"2024-09-03T14:45:30.059Z","system":false,"noteable_id":152568900,"noteable_type":"Issue","project_id":61363672,"resolvable":false,"confidential":false,"internal":false,"imported":false,"imported_from":"none","noteable_iid":2,"commands_changes":{}}]}]
\ No newline at end of file
+[{"id":"8d6017e7426130502cd94fff207224b8a98efabc","individual_note":true,"notes":[{"id":2087994191,"type":null,"body":"This is a comment","author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:45:20.848Z","updated_at":"2024-09-03T14:45:46.592Z","system":false,"noteable_id":152568900,"noteable_type":"Issue","project_id":61363672,"resolvable":false,"confidential":false,"internal":false,"imported":false,"imported_from":"none","noteable_iid":2,"commands_changes":{}}]},{"id":"c721de2d3f2f0fe9a40005228f50d8c8d8131581","individual_note":true,"notes":[{"id":2087994632,"type":null,"body":"A second comment","author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:45:30.059Z","updated_at":"2024-09-03T14:45:30.059Z","system":false,"noteable_id":152568900,"noteable_type":"Issue","project_id":61363672,"resolvable":false,"confidential":false,"internal":false,"imported":false,"imported_from":"none","noteable_iid":2,"commands_changes":{}}]},{"id":"6958a4530864f0f8c546f33e25bf09d4a11e0bd7","individual_note":true,"notes":[{"id":3083417271,"type":null,"body":"with an image ![image](/uploads/3756af8a4893bea08b99536df000e932/image.png){width=217 height=280}","author":{"id":2005797,"username":"oliverpool","public_email":"","name":"oliverpool","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/2005797/avatar.png","web_url":"https://gitlab.com/oliverpool"},"created_at":"2026-02-13T20:46:11.841Z","updated_at":"2026-02-13T20:46:11.841Z","system":false,"noteable_id":152568900,"noteable_type":"Issue","project_id":61363672,"resolvable":false,"confidential":false,"internal":false,"imported":false,"imported_from":"none","noteable_iid":2,"commands_changes":{}}]}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Fresource_state_events%3Fpage=1&per_page=100 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Fresource_state_events%3Fpage=1&per_page=100
index 201e5cd4dd..d5ed7c28a9 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Fresource_state_events%3Fpage=1&per_page=100
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F2%2Fresource_state_events%3Fpage=1&per_page=100
@@ -1,30 +1,27 @@
-Vary: Origin, Accept-Encoding
-Referrer-Policy: strict-origin-when-cross-origin
-X-Next-Page: 
-X-Per-Page: 100
-X-Prev-Page: 
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Reset: 1764067260
-Set-Cookie: __cf_bm=3hSvaVOg9Df1RydUBhWv7dmQ6AHasvpAX8RiMf_0IMk-1764067242-1.0.1.1-EFnF8p7l6vPWO.7t.INm4jiU4zIX2q26I0zgX.CvdmU0HESjVmD2HuJVzh_X4vWOmISdYa05_.IJt08.yQ25DsMlnJCYBtAuNHSeGCSl.Lg; path=/; expires=Tue, 25-Nov-25 11:10:42 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=C3.D.QMDCTlck3o2O1IZRIpjzLAzJF.V4LfqOvfHkh0-1764067242832-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Type: application/json
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/resource_state_events?eventable_id=2&id=61363672&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/resource_state_events?eventable_id=2&id=61363672&page=1&per_page=100>; rel="last"
-X-Total-Pages: 1
 Cache-Control: max-age=0, private, must-revalidate
-Etag: W/"2cf51cc8586d98d271cacf42f33dae75"
-Content-Security-Policy: default-src 'none'
-X-Runtime: 0.123392
-X-Frame-Options: SAMEORIGIN
-X-Page: 1
-X-Total: 1
 Cf-Cache-Status: MISS
-Gitlab-Sv: api-gke-us-east1-c
-Ratelimit-Observed: 15
-X-Content-Type-Options: nosniff
-X-Gitlab-Meta: {"correlation_id":"9a408788a63de0d9-ATL","version":"1"}
-Gitlab-Lb: haproxy-main-53-lb-gprd
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"2cf51cc8586d98d271cacf42f33dae75"
+Gitlab-Lb: haproxy-main-09-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
+Link: <https://gitlab.com/api/v4/projects/61363672/issues/2/resource_state_events?eventable_id=2&id=61363672&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/2/resource_state_events?eventable_id=2&id=61363672&page=1&per_page=100>; rel="last"
 Ratelimit-Limit: 2000
 Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Remaining: 1985
+Ratelimit-Observed: 17
+Ratelimit-Remaining: 1983
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
+X-Per-Page: 100
+X-Prev-Page: 
+X-Runtime: 0.107523
+X-Total: 1
+X-Total-Pages: 1
 
 [{"id":241837962,"user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T14:43:10.947Z","resource_type":"Issue","resource_id":152568900,"source_commit":null,"source_merge_request_id":null,"state":"closed"}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Faward_emoji%3Fpage=1&per_page=3 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Faward_emoji%3Fpage=1&per_page=3
index 4659d0f5ab..13a4e37677 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Faward_emoji%3Fpage=1&per_page=3
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Faward_emoji%3Fpage=1&per_page=3
@@ -1,32 +1,29 @@
-Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
-Ratelimit-Remaining: 1987
-Referrer-Policy: strict-origin-when-cross-origin
-X-Frame-Options: SAMEORIGIN
-Vary: Origin, Accept-Encoding
-Set-Cookie: __cf_bm=_PiVkq.l17DijVAdAtfuSQ4GuCtCOOl4czL6yY_6g9E-1764067241-1.0.1.1-QlPR96ULIEw44gI9D5uugVOR0hpmBZeL5BOF.IuALd9NwlgztPD8sH2EjiaF8LhWXfarSxmi1I_02t4cRnqlZZJmgCD3nqaOY1DEr2Jd8J8; path=/; expires=Tue, 25-Nov-25 11:10:41 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=5Y9fvzgH44fmICzIWOGlsiNLueIloiAp7j_1MuyHfL0-1764067241958-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-X-Content-Type-Options: nosniff
-X-Prev-Page: 
-Content-Type: application/json
-Cf-Cache-Status: MISS
 Accept-Ranges: bytes
 Cache-Control: max-age=0, private, must-revalidate
-Ratelimit-Name: throttle_authenticated_api
-X-Page: 1
-X-Total: 0
+Cf-Cache-Status: MISS
 Content-Length: 2
-Gitlab-Sv: api-gke-us-east1-d
-Ratelimit-Reset: 1764067260
-X-Runtime: 0.069144
 Content-Security-Policy: default-src 'none'
-Gitlab-Lb: haproxy-main-39-lb-gprd
-Ratelimit-Limit: 2000
-X-Gitlab-Meta: {"correlation_id":"9a4087839220e0d9-ATL","version":"1"}
-X-Next-Page: 
-Ratelimit-Observed: 13
-X-Per-Page: 3
+Content-Type: application/json
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Gitlab-Lb: haproxy-main-14-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
 Link: <https://gitlab.com/api/v4/projects/61363672/issues/3/award_emoji?id=61363672&issue_iid=3&page=1&per_page=3>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/3/award_emoji?id=61363672&issue_iid=3&page=1&per_page=3>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 10
+Ratelimit-Remaining: 1990
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
 Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
+X-Per-Page: 3
+X-Prev-Page: 
+X-Runtime: 0.070635
+X-Total: 0
 X-Total-Pages: 1
 
 []
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Fdiscussions%3Fpage=1&per_page=100 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Fdiscussions%3Fpage=1&per_page=100
index c55e369b30..9c83508ab1 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Fdiscussions%3Fpage=1&per_page=100
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Fdiscussions%3Fpage=1&per_page=100
@@ -1,30 +1,27 @@
-Strict-Transport-Security: max-age=31536000
-Etag: W/"d25ee844965ed283636474d7b1195b57"
-Ratelimit-Observed: 16
-Ratelimit-Reset: 1764067260
-X-Content-Type-Options: nosniff
-X-Prev-Page: 
-X-Total: 1
-Set-Cookie: __cf_bm=YkiNZjRNirt6PowNRQAhJbAZ1pSohmmpGiWle8vgu8U-1764067243-1.0.1.1-TJDOjL6q1b4S_JjFxO6NHWpxJOK77U_qAYESfRAOSIZjbTTqJ3NAThC009W5Ll0R7aiRVA7d1XnHN1AQz0zaZ2X4M0Ws9FePwJD90gaAZns; path=/; expires=Tue, 25-Nov-25 11:10:43 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=vsL8nPGLjnwrlB9N1iy79xlUSdinKj45qcTl7NrXo5E-1764067243230-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Gitlab-Sv: api-gke-us-east1-c
-Ratelimit-Name: throttle_authenticated_api
-Referrer-Policy: strict-origin-when-cross-origin
-Content-Type: application/json
-Ratelimit-Limit: 2000
-X-Page: 1
 Cache-Control: max-age=0, private, must-revalidate
-Vary: Origin, Accept-Encoding
-Ratelimit-Remaining: 1984
-X-Next-Page: 
-X-Runtime: 0.199882
-X-Per-Page: 100
-X-Total-Pages: 1
 Cf-Cache-Status: MISS
-X-Frame-Options: SAMEORIGIN
-X-Gitlab-Meta: {"correlation_id":"9a40878bf119e0d9-ATL","version":"1"}
 Content-Security-Policy: default-src 'none'
-Gitlab-Lb: haproxy-main-14-lb-gprd
+Content-Type: application/json
+Etag: W/"d25ee844965ed283636474d7b1195b57"
+Gitlab-Lb: haproxy-main-20-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
 Link: <https://gitlab.com/api/v4/projects/61363672/issues/3/discussions?id=61363672&noteable_id=3&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/3/discussions?id=61363672&noteable_id=3&page=1&per_page=100>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 18
+Ratelimit-Remaining: 1982
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
+X-Per-Page: 100
+X-Prev-Page: 
+X-Runtime: 0.167168
+X-Total: 1
+X-Total-Pages: 1
 
 [{"id":"36545838ff9cc7d13fb129f2a97ff49297299158","individual_note":true,"notes":[{"id":2911821024,"type":null,"body":"No actually its !1","author":{"id":10529876,"username":"patdyn","public_email":"","name":"Pat Dyn","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/10529876/avatar.png","web_url":"https://gitlab.com/patdyn"},"created_at":"2025-11-25T09:49:50.899Z","updated_at":"2025-11-25T09:49:50.899Z","system":false,"noteable_id":177633591,"noteable_type":"Issue","project_id":61363672,"resolvable":false,"confidential":false,"internal":false,"imported":false,"imported_from":"none","noteable_iid":3,"commands_changes":{}}]}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Fresource_state_events%3Fpage=1&per_page=100 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Fresource_state_events%3Fpage=1&per_page=100
index 6e8c1d9c81..328da03915 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Fresource_state_events%3Fpage=1&per_page=100
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F3%2Fresource_state_events%3Fpage=1&per_page=100
@@ -1,32 +1,29 @@
-X-Total-Pages: 1
 Accept-Ranges: bytes
-Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
-Link: <https://gitlab.com/api/v4/projects/61363672/issues/3/resource_state_events?eventable_id=3&id=61363672&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/3/resource_state_events?eventable_id=3&id=61363672&page=1&per_page=100>; rel="last"
-Ratelimit-Observed: 17
-X-Content-Type-Options: nosniff
-X-Gitlab-Meta: {"correlation_id":"9a40878e7365e0d9-ATL","version":"1"}
-X-Per-Page: 100
-Set-Cookie: __cf_bm=K3TOUn2vDaz1qInIfA3ot2QfDGciipMeNz7mTLiUHew-1764067243-1.0.1.1-emtayPBYQbA_Hcjg3SJRaDfSnu1LMo0AwU3oLUo88E9kLsWYkTqQJbtaEa0vquShox_HRWnGFp9s6cIg_iVaPfwR4bzUnIHzO0GNMfRcdls; path=/; expires=Tue, 25-Nov-25 11:10:43 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=Jcc7jNquyhw_7ru6wi24nRmm1pryvsiBqi_0wTQQxNY-1764067243527-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Gitlab-Lb: haproxy-main-49-lb-gprd
-X-Next-Page: 
-Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Reset: 1764067260
-X-Total: 0
-Vary: Origin, Accept-Encoding
-Content-Security-Policy: default-src 'none'
-Ratelimit-Remaining: 1983
-X-Runtime: 0.113354
 Cache-Control: max-age=0, private, must-revalidate
-Strict-Transport-Security: max-age=31536000
-Referrer-Policy: strict-origin-when-cross-origin
-Content-Type: application/json
-Content-Length: 2
 Cf-Cache-Status: MISS
-Gitlab-Sv: api-gke-us-east1-b
+Content-Length: 2
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Gitlab-Lb: haproxy-main-05-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
+Link: <https://gitlab.com/api/v4/projects/61363672/issues/3/resource_state_events?eventable_id=3&id=61363672&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/3/resource_state_events?eventable_id=3&id=61363672&page=1&per_page=100>; rel="last"
 Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 19
+Ratelimit-Remaining: 1981
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
 X-Frame-Options: SAMEORIGIN
-X-Prev-Page: 
+X-Next-Page: 
 X-Page: 1
+X-Per-Page: 100
+X-Prev-Page: 
+X-Runtime: 0.116312
+X-Total: 0
+X-Total-Pages: 1
 
 []
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F4%2Faward_emoji%3Fpage=1&per_page=3 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F4%2Faward_emoji%3Fpage=1&per_page=3
new file mode 100644
index 0000000000..03cdff2094
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%2F4%2Faward_emoji%3Fpage=1&per_page=3
@@ -0,0 +1,29 @@
+Accept-Ranges: bytes
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Length: 2
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Gitlab-Lb: haproxy-main-58-lb-gprd
+Gitlab-Sv: api-gke-us-east1-b
+Link: <https://gitlab.com/api/v4/projects/61363672/issues/4/award_emoji?id=61363672&issue_iid=4&page=1&per_page=3>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues/4/award_emoji?id=61363672&issue_iid=4&page=1&per_page=3>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 9
+Ratelimit-Remaining: 1991
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
+X-Per-Page: 3
+X-Prev-Page: 
+X-Runtime: 0.059838
+X-Total: 0
+X-Total-Pages: 1
+
+[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Forder_by=created_at&page=1&per_page=3&sort=desc&state=all b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Forder_by=created_at&page=1&per_page=3&sort=desc&state=all
new file mode 100644
index 0000000000..5888a3279b
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Forder_by=created_at&page=1&per_page=3&sort=desc&state=all
@@ -0,0 +1,27 @@
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"219f33a99593d492e262065df734c743"
+Gitlab-Lb: haproxy-main-45-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
+Link: <https://gitlab.com/api/v4/projects/61363672/issues?id=61363672&order_by=created_at&page=2&per_page=3&sort=desc&state=all&with_labels_details=false>; rel="next", <https://gitlab.com/api/v4/projects/61363672/issues?id=61363672&order_by=created_at&page=1&per_page=3&sort=desc&state=all&with_labels_details=false>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues?id=61363672&order_by=created_at&page=2&per_page=3&sort=desc&state=all&with_labels_details=false>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 8
+Ratelimit-Remaining: 1992
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 2
+X-Page: 1
+X-Per-Page: 3
+X-Prev-Page: 
+X-Runtime: 0.135940
+X-Total: 4
+X-Total-Pages: 2
+
+[{"id":178287958,"iid":4,"project_id":61363672,"title":"Missing \"migration_test\" and \"migration_test_migration_test_migration_test\" topic","description":"This is required for https://codeberg.org/forgejo/forgejo/pulls/10336.","state":"opened","created_at":"2025-12-06T14:02:59.995Z","updated_at":"2025-12-06T15:04:37.324Z","closed_at":null,"closed_by":null,"labels":[],"milestone":null,"assignees":[],"author":{"id":29018602,"username":"amadaluzia","public_email":"amadaluzia@disroot.org","name":"Artur Manuel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/66b976e59f1d5d1938ea360b9cc09127ddf982c2452fdf106f4a9f0c7e3f7175?s=80\u0026d=identicon","web_url":"https://gitlab.com/amadaluzia"},"type":"ISSUE","assignee":null,"user_notes_count":0,"merge_requests_count":0,"upvotes":0,"downvotes":0,"start_date":null,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/forgejo/test_repo/-/issues/4","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/61363672/issues/4","notes":"https://gitlab.com/api/v4/projects/61363672/issues/4/notes","award_emoji":"https://gitlab.com/api/v4/projects/61363672/issues/4/award_emoji","project":"https://gitlab.com/api/v4/projects/61363672","closed_as_duplicate_of":null},"references":{"short":"#4","relative":"#4","full":"forgejo/test_repo#4"},"severity":"UNKNOWN","moved_to_id":null,"imported":false,"imported_from":"none","service_desk_reply_to":null},{"id":177633591,"iid":3,"project_id":61363672,"title":"Fix plz","description":"Can we do something about it? !2 is maybe related to that.","state":"opened","created_at":"2025-11-25T09:49:31.991Z","updated_at":"2025-11-25T09:49:31.991Z","closed_at":null,"closed_by":null,"labels":[],"milestone":null,"assignees":[],"author":{"id":10529876,"username":"patdyn","public_email":"","name":"Pat Dyn","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/10529876/avatar.png","web_url":"https://gitlab.com/patdyn"},"type":"ISSUE","assignee":null,"user_notes_count":1,"merge_requests_count":0,"upvotes":0,"downvotes":0,"start_date":null,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/forgejo/test_repo/-/issues/3","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/61363672/issues/3","notes":"https://gitlab.com/api/v4/projects/61363672/issues/3/notes","award_emoji":"https://gitlab.com/api/v4/projects/61363672/issues/3/award_emoji","project":"https://gitlab.com/api/v4/projects/61363672","closed_as_duplicate_of":null},"references":{"short":"#3","relative":"#3","full":"forgejo/test_repo#3"},"severity":"UNKNOWN","moved_to_id":null,"imported":false,"imported_from":"none","service_desk_reply_to":null},{"id":152568900,"iid":2,"project_id":61363672,"title":"Test issue","description":"This is test issue 2, do not touch!","state":"closed","created_at":"2024-09-03T14:42:35.371Z","updated_at":"2026-02-13T20:46:11.889Z","closed_at":"2024-09-03T14:43:10.906Z","closed_by":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"labels":["duplicate"],"milestone":{"id":4711993,"iid":2,"project_id":61363672,"title":"1.0.0","description":"","state":"closed","created_at":"2024-09-03T13:53:08.516Z","updated_at":"2024-09-03T20:03:57.786Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/forgejo/test_repo/-/milestones/2"},"assignees":[],"author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"type":"ISSUE","assignee":null,"user_notes_count":3,"merge_requests_count":0,"upvotes":1,"downvotes":1,"start_date":null,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/forgejo/test_repo/-/issues/2","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/61363672/issues/2","notes":"https://gitlab.com/api/v4/projects/61363672/issues/2/notes","award_emoji":"https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji","project":"https://gitlab.com/api/v4/projects/61363672","closed_as_duplicate_of":null},"references":{"short":"#2","relative":"#2","full":"forgejo/test_repo#2"},"severity":"UNKNOWN","moved_to_id":null,"imported":false,"imported_from":"none","service_desk_reply_to":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Forder_by=created_at&page=2&per_page=3&sort=desc&state=all b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Forder_by=created_at&page=2&per_page=3&sort=desc&state=all
new file mode 100644
index 0000000000..93174225cd
--- /dev/null
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Forder_by=created_at&page=2&per_page=3&sort=desc&state=all
@@ -0,0 +1,27 @@
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"26480a02f633f15960a2189bbf83f74d"
+Gitlab-Lb: haproxy-main-12-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
+Link: <https://gitlab.com/api/v4/projects/61363672/issues?id=61363672&order_by=created_at&page=1&per_page=3&sort=desc&state=all&with_labels_details=false>; rel="prev", <https://gitlab.com/api/v4/projects/61363672/issues?id=61363672&order_by=created_at&page=1&per_page=3&sort=desc&state=all&with_labels_details=false>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues?id=61363672&order_by=created_at&page=2&per_page=3&sort=desc&state=all&with_labels_details=false>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 14
+Ratelimit-Remaining: 1986
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 2
+X-Per-Page: 3
+X-Prev-Page: 1
+X-Runtime: 0.116035
+X-Total: 4
+X-Total-Pages: 2
+
+[{"id":152568896,"iid":1,"project_id":61363672,"title":"Please add an animated gif icon to the merge button","description":"I just want the merge button to hurt my eyes a little. :stuck_out_tongue_closed_eyes:","state":"closed","created_at":"2024-09-03T14:42:34.924Z","updated_at":"2024-09-03T14:48:43.756Z","closed_at":"2024-09-03T14:43:10.708Z","closed_by":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"labels":["bug","discussion"],"milestone":{"id":4711993,"iid":2,"project_id":61363672,"title":"1.0.0","description":"","state":"closed","created_at":"2024-09-03T13:53:08.516Z","updated_at":"2024-09-03T20:03:57.786Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/forgejo/test_repo/-/milestones/2"},"assignees":[],"author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"type":"ISSUE","assignee":null,"user_notes_count":0,"merge_requests_count":0,"upvotes":1,"downvotes":0,"start_date":null,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/forgejo/test_repo/-/issues/1","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/61363672/issues/1","notes":"https://gitlab.com/api/v4/projects/61363672/issues/1/notes","award_emoji":"https://gitlab.com/api/v4/projects/61363672/issues/1/award_emoji","project":"https://gitlab.com/api/v4/projects/61363672","closed_as_duplicate_of":null},"references":{"short":"#1","relative":"#1","full":"forgejo/test_repo#1"},"severity":"UNKNOWN","moved_to_id":null,"imported":false,"imported_from":"none","service_desk_reply_to":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Fpage=1&per_page=2&sort=asc&state=all b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Fpage=1&per_page=2&sort=asc&state=all
deleted file mode 100644
index 3281b83fc4..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Fpage=1&per_page=2&sort=asc&state=all
+++ /dev/null
@@ -1,30 +0,0 @@
-Strict-Transport-Security: max-age=31536000
-Gitlab-Lb: haproxy-main-08-lb-gprd
-Ratelimit-Limit: 2000
-X-Content-Type-Options: nosniff
-Content-Type: application/json
-Etag: W/"fed6a858b8cd04cce298928641bdbf91"
-Ratelimit-Name: throttle_authenticated_api
-X-Total: 3
-Set-Cookie: __cf_bm=56WriCYT.4x.bhoJPAbtvhcoXjX.hSJZSxyA5n4RgGI-1764065106-1.0.1.1-6X71GaEn1440OUYNQyEtihb2G6vdIAldNl8MmJSA8B8vdpeLOu6wJjctKFZf1p4I_We9_fFUHF6bJxrhnd5L1w60cfZKL..QHzcglCDhYbA; path=/; expires=Tue, 25-Nov-25 10:35:06 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=njTrSjqzKoVc9pRMPI0tC9D3oUEVFwisFK8ERC4hPzQ-1764065106798-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Ratelimit-Remaining: 1992
-X-Gitlab-Meta: {"correlation_id":"9a40536354284fc7-ATL","version":"1"}
-X-Per-Page: 2
-Link: <https://gitlab.com/api/v4/projects/61363672/issues?id=61363672&order_by=created_at&page=2&per_page=2&sort=asc&state=all&with_labels_details=false>; rel="next", <https://gitlab.com/api/v4/projects/61363672/issues?id=61363672&order_by=created_at&page=1&per_page=2&sort=asc&state=all&with_labels_details=false>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues?id=61363672&order_by=created_at&page=2&per_page=2&sort=asc&state=all&with_labels_details=false>; rel="last"
-Vary: Origin, Accept-Encoding
-Referrer-Policy: strict-origin-when-cross-origin
-X-Frame-Options: SAMEORIGIN
-X-Page: 1
-Ratelimit-Reset: 1764065160
-X-Next-Page: 2
-X-Total-Pages: 2
-Content-Security-Policy: default-src 'none'
-X-Prev-Page: 
-X-Runtime: 0.164380
-Cf-Cache-Status: MISS
-Cache-Control: max-age=0, private, must-revalidate
-Gitlab-Sv: api-gke-us-east1-c
-Ratelimit-Observed: 8
-
-[{"id":152568896,"iid":1,"project_id":61363672,"title":"Please add an animated gif icon to the merge button","description":"I just want the merge button to hurt my eyes a little. :stuck_out_tongue_closed_eyes:","state":"closed","created_at":"2024-09-03T14:42:34.924Z","updated_at":"2024-09-03T14:48:43.756Z","closed_at":"2024-09-03T14:43:10.708Z","closed_by":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"labels":["bug","discussion"],"milestone":{"id":4711993,"iid":2,"project_id":61363672,"title":"1.0.0","description":"","state":"closed","created_at":"2024-09-03T13:53:08.516Z","updated_at":"2024-09-03T20:03:57.786Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/forgejo/test_repo/-/milestones/2"},"assignees":[],"author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"type":"ISSUE","assignee":null,"user_notes_count":0,"merge_requests_count":0,"upvotes":1,"downvotes":0,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/forgejo/test_repo/-/issues/1","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/61363672/issues/1","notes":"https://gitlab.com/api/v4/projects/61363672/issues/1/notes","award_emoji":"https://gitlab.com/api/v4/projects/61363672/issues/1/award_emoji","project":"https://gitlab.com/api/v4/projects/61363672","closed_as_duplicate_of":null},"references":{"short":"#1","relative":"#1","full":"forgejo/test_repo#1"},"severity":"UNKNOWN","moved_to_id":null,"imported":false,"imported_from":"none","service_desk_reply_to":null},{"id":152568900,"iid":2,"project_id":61363672,"title":"Test issue","description":"This is test issue 2, do not touch!","state":"closed","created_at":"2024-09-03T14:42:35.371Z","updated_at":"2024-09-03T20:03:43.536Z","closed_at":"2024-09-03T14:43:10.906Z","closed_by":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"labels":["duplicate"],"milestone":{"id":4711993,"iid":2,"project_id":61363672,"title":"1.0.0","description":"","state":"closed","created_at":"2024-09-03T13:53:08.516Z","updated_at":"2024-09-03T20:03:57.786Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/forgejo/test_repo/-/milestones/2"},"assignees":[],"author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"type":"ISSUE","assignee":null,"user_notes_count":2,"merge_requests_count":0,"upvotes":1,"downvotes":1,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/forgejo/test_repo/-/issues/2","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/61363672/issues/2","notes":"https://gitlab.com/api/v4/projects/61363672/issues/2/notes","award_emoji":"https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji","project":"https://gitlab.com/api/v4/projects/61363672","closed_as_duplicate_of":null},"references":{"short":"#2","relative":"#2","full":"forgejo/test_repo#2"},"severity":"UNKNOWN","moved_to_id":null,"imported":false,"imported_from":"none","service_desk_reply_to":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Fpage=1&per_page=3&sort=asc&state=all b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Fpage=1&per_page=3&sort=asc&state=all
deleted file mode 100644
index 15ae79e7cb..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fissues%3Fpage=1&per_page=3&sort=asc&state=all
+++ /dev/null
@@ -1,30 +0,0 @@
-Vary: Origin, Accept-Encoding
-Ratelimit-Limit: 2000
-X-Frame-Options: SAMEORIGIN
-Ratelimit-Name: throttle_authenticated_api
-X-Page: 1
-X-Per-Page: 3
-X-Prev-Page: 
-X-Total-Pages: 1
-Ratelimit-Remaining: 1992
-Referrer-Policy: strict-origin-when-cross-origin
-X-Content-Type-Options: nosniff
-X-Next-Page: 
-Ratelimit-Reset: 1764067260
-X-Runtime: 0.227834
-X-Total: 3
-Gitlab-Lb: haproxy-main-23-lb-gprd
-X-Gitlab-Meta: {"correlation_id":"9a408779112ee0d9-ATL","version":"1"}
-Link: <https://gitlab.com/api/v4/projects/61363672/issues?id=61363672&order_by=created_at&page=1&per_page=3&sort=asc&state=all&with_labels_details=false>; rel="first", <https://gitlab.com/api/v4/projects/61363672/issues?id=61363672&order_by=created_at&page=1&per_page=3&sort=asc&state=all&with_labels_details=false>; rel="last"
-Strict-Transport-Security: max-age=31536000
-Gitlab-Sv: api-gke-us-east1-c
-Set-Cookie: __cf_bm=EQ7pNoZane3xZqZxCf03mAsOGNucyrqojo9wPP4ChLM-1764067240-1.0.1.1-4ICPtyEd80UCX5bM6Pt8v544OsY1V18pcsukJmXJPhb1L13ezQ1ewpmJtxd2DTS7f_.25GTrVvYfuSVBv4FKp.yuXWHEeTpuHVlaqQnByNY; path=/; expires=Tue, 25-Nov-25 11:10:40 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=1Q7FFLgLU1b0P.8Xf.1UYduw1IUBJQTNRCeXyNRWlCs-1764067240233-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Cf-Cache-Status: MISS
-Cache-Control: max-age=0, private, must-revalidate
-Etag: W/"7799d3664530e11a655130b629f46644"
-Content-Security-Policy: default-src 'none'
-Content-Type: application/json
-Ratelimit-Observed: 8
-
-[{"id":152568896,"iid":1,"project_id":61363672,"title":"Please add an animated gif icon to the merge button","description":"I just want the merge button to hurt my eyes a little. :stuck_out_tongue_closed_eyes:","state":"closed","created_at":"2024-09-03T14:42:34.924Z","updated_at":"2024-09-03T14:48:43.756Z","closed_at":"2024-09-03T14:43:10.708Z","closed_by":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"labels":["bug","discussion"],"milestone":{"id":4711993,"iid":2,"project_id":61363672,"title":"1.0.0","description":"","state":"closed","created_at":"2024-09-03T13:53:08.516Z","updated_at":"2024-09-03T20:03:57.786Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/forgejo/test_repo/-/milestones/2"},"assignees":[],"author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"type":"ISSUE","assignee":null,"user_notes_count":0,"merge_requests_count":0,"upvotes":1,"downvotes":0,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/forgejo/test_repo/-/issues/1","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/61363672/issues/1","notes":"https://gitlab.com/api/v4/projects/61363672/issues/1/notes","award_emoji":"https://gitlab.com/api/v4/projects/61363672/issues/1/award_emoji","project":"https://gitlab.com/api/v4/projects/61363672","closed_as_duplicate_of":null},"references":{"short":"#1","relative":"#1","full":"forgejo/test_repo#1"},"severity":"UNKNOWN","moved_to_id":null,"imported":false,"imported_from":"none","service_desk_reply_to":null},{"id":152568900,"iid":2,"project_id":61363672,"title":"Test issue","description":"This is test issue 2, do not touch!","state":"closed","created_at":"2024-09-03T14:42:35.371Z","updated_at":"2024-09-03T20:03:43.536Z","closed_at":"2024-09-03T14:43:10.906Z","closed_by":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"labels":["duplicate"],"milestone":{"id":4711993,"iid":2,"project_id":61363672,"title":"1.0.0","description":"","state":"closed","created_at":"2024-09-03T13:53:08.516Z","updated_at":"2024-09-03T20:03:57.786Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/forgejo/test_repo/-/milestones/2"},"assignees":[],"author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"type":"ISSUE","assignee":null,"user_notes_count":2,"merge_requests_count":0,"upvotes":1,"downvotes":1,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/forgejo/test_repo/-/issues/2","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/61363672/issues/2","notes":"https://gitlab.com/api/v4/projects/61363672/issues/2/notes","award_emoji":"https://gitlab.com/api/v4/projects/61363672/issues/2/award_emoji","project":"https://gitlab.com/api/v4/projects/61363672","closed_as_duplicate_of":null},"references":{"short":"#2","relative":"#2","full":"forgejo/test_repo#2"},"severity":"UNKNOWN","moved_to_id":null,"imported":false,"imported_from":"none","service_desk_reply_to":null},{"id":177633591,"iid":3,"project_id":61363672,"title":"Fix plz","description":"Can we do something about it? !2 is maybe related to that.","state":"opened","created_at":"2025-11-25T09:49:31.991Z","updated_at":"2025-11-25T09:49:31.991Z","closed_at":null,"closed_by":null,"labels":[],"milestone":null,"assignees":[],"author":{"id":10529876,"username":"patdyn","public_email":"","name":"Pat Dyn","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/10529876/avatar.png","web_url":"https://gitlab.com/patdyn"},"type":"ISSUE","assignee":null,"user_notes_count":1,"merge_requests_count":0,"upvotes":0,"downvotes":0,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/forgejo/test_repo/-/issues/3","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/61363672/issues/3","notes":"https://gitlab.com/api/v4/projects/61363672/issues/3/notes","award_emoji":"https://gitlab.com/api/v4/projects/61363672/issues/3/award_emoji","project":"https://gitlab.com/api/v4/projects/61363672","closed_as_duplicate_of":null},"references":{"short":"#3","relative":"#3","full":"forgejo/test_repo#3"},"severity":"UNKNOWN","moved_to_id":null,"imported":false,"imported_from":"none","service_desk_reply_to":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Flabels%3Fpage=1&per_page=100 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Flabels%3Fpage=1&per_page=100
index a9040ca9c6..a9481f5bf6 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Flabels%3Fpage=1&per_page=100
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Flabels%3Fpage=1&per_page=100
@@ -1,30 +1,27 @@
-Etag: W/"91f61a44ed534ef7d26e391dbef8dc0a"
-Strict-Transport-Security: max-age=31536000
-X-Page: 1
-X-Prev-Page: 
-Ratelimit-Observed: 6
-X-Gitlab-Meta: {"correlation_id":"9a408773b4a6e0d9-ATL","version":"1"}
-X-Next-Page: 
-X-Total: 11
-Set-Cookie: __cf_bm=j7aaqO7rO5ziUIdQvf3RVOCy1YoqvZ3PMMn1F62gies-1764067239-1.0.1.1-O7tT2VIiDucsyQjuWn1XLbewuJ4MmW97cRVANB7hdyWUzZpBkjvWpeR7MtctRTLHGgNDSjZ4cB8rX_vr7.zxtEJNM0LOGN.YT_oQoCMABHs; path=/; expires=Tue, 25-Nov-25 11:10:39 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=ym04h_vUzr0khxRVeGrqFkX54HQowOMaSiPIyov7_dU-1764067239516-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-X-Total-Pages: 1
 Cache-Control: max-age=0, private, must-revalidate
-Content-Security-Policy: default-src 'none'
-Gitlab-Lb: haproxy-main-49-lb-gprd
-Referrer-Policy: strict-origin-when-cross-origin
-Content-Type: application/json
-Ratelimit-Limit: 2000
-X-Frame-Options: SAMEORIGIN
-X-Runtime: 0.141755
-Link: <https://gitlab.com/api/v4/projects/61363672/labels?id=61363672&include_ancestor_groups=true&page=1&per_page=100&with_counts=false>; rel="first", <https://gitlab.com/api/v4/projects/61363672/labels?id=61363672&include_ancestor_groups=true&page=1&per_page=100&with_counts=false>; rel="last"
-Ratelimit-Name: throttle_authenticated_api
-X-Content-Type-Options: nosniff
-X-Per-Page: 100
-Vary: Origin, Accept-Encoding
-Ratelimit-Remaining: 1994
-Ratelimit-Reset: 1764067260
-Gitlab-Sv: api-gke-us-east1-b
 Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"977ad54e33d2b62b959abfb2a9b801f3"
+Gitlab-Lb: haproxy-main-57-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
+Link: <https://gitlab.com/api/v4/projects/61363672/labels?id=61363672&include_ancestor_groups=true&page=1&per_page=100&with_counts=false>; rel="first", <https://gitlab.com/api/v4/projects/61363672/labels?id=61363672&include_ancestor_groups=true&page=1&per_page=100&with_counts=false>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 6
+Ratelimit-Remaining: 1994
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
+X-Per-Page: 100
+X-Prev-Page: 
+X-Runtime: 0.162398
+X-Total: 11
+X-Total-Pages: 1
 
-[{"id":36554072,"name":"bug","description":null,"description_html":"","text_color":"#FFFFFF","color":"#d9534f","subscribed":false,"priority":null,"is_project_label":true},{"id":36554074,"name":"confirmed","description":null,"description_html":"","text_color":"#FFFFFF","color":"#d9534f","subscribed":false,"priority":null,"is_project_label":true},{"id":36554073,"name":"critical","description":null,"description_html":"","text_color":"#FFFFFF","color":"#d9534f","subscribed":false,"priority":null,"is_project_label":true},{"id":36554077,"name":"discussion","description":null,"description_html":"","text_color":"#FFFFFF","color":"#428bca","subscribed":false,"priority":null,"is_project_label":true},{"id":36554075,"name":"documentation","description":null,"description_html":"","text_color":"#1F1E24","color":"#f0ad4e","subscribed":false,"priority":null,"is_project_label":true},{"id":36556606,"name":"duplicate","description":"","description_html":"","text_color":"#FFFFFF","color":"#7F8C8D","subscribed":false,"priority":null,"is_project_label":true},{"id":36554079,"name":"enhancement","description":null,"description_html":"","text_color":"#FFFFFF","color":"#5cb85c","subscribed":false,"priority":null,"is_project_label":true},{"id":36554078,"name":"suggestion","description":null,"description_html":"","text_color":"#FFFFFF","color":"#428bca","subscribed":false,"priority":null,"is_project_label":true},{"id":36554076,"name":"support","description":null,"description_html":"","text_color":"#1F1E24","color":"#f0ad4e","subscribed":false,"priority":null,"is_project_label":true},{"id":36554080,"name":"test-scope::label0","description":"scoped label","description_html":"scoped label","text_color":"#FFFFFF","color":"#6699cc","subscribed":false,"priority":null,"is_project_label":true},{"id":36554094,"name":"test-scope::label1","description":"","description_html":"","text_color":"#FFFFFF","color":"#dc143c","subscribed":false,"priority":null,"is_project_label":true}]
\ No newline at end of file
+[{"id":36554072,"name":"bug","description":null,"description_html":"","text_color":"#FFFFFF","color":"#d9534f","archived":false,"subscribed":false,"priority":null,"is_project_label":true},{"id":36554074,"name":"confirmed","description":null,"description_html":"","text_color":"#FFFFFF","color":"#d9534f","archived":false,"subscribed":false,"priority":null,"is_project_label":true},{"id":36554073,"name":"critical","description":null,"description_html":"","text_color":"#FFFFFF","color":"#d9534f","archived":false,"subscribed":false,"priority":null,"is_project_label":true},{"id":36554077,"name":"discussion","description":null,"description_html":"","text_color":"#FFFFFF","color":"#428bca","archived":false,"subscribed":false,"priority":null,"is_project_label":true},{"id":36554075,"name":"documentation","description":null,"description_html":"","text_color":"#1F1E24","color":"#f0ad4e","archived":false,"subscribed":false,"priority":null,"is_project_label":true},{"id":36556606,"name":"duplicate","description":"","description_html":"","text_color":"#FFFFFF","color":"#7F8C8D","archived":false,"subscribed":false,"priority":null,"is_project_label":true},{"id":36554079,"name":"enhancement","description":null,"description_html":"","text_color":"#FFFFFF","color":"#5cb85c","archived":false,"subscribed":false,"priority":null,"is_project_label":true},{"id":36554078,"name":"suggestion","description":null,"description_html":"","text_color":"#FFFFFF","color":"#428bca","archived":false,"subscribed":false,"priority":null,"is_project_label":true},{"id":36554076,"name":"support","description":null,"description_html":"","text_color":"#1F1E24","color":"#f0ad4e","archived":false,"subscribed":false,"priority":null,"is_project_label":true},{"id":36554080,"name":"test-scope::label0","description":"scoped label","description_html":"scoped label","text_color":"#FFFFFF","color":"#6699cc","archived":false,"subscribed":false,"priority":null,"is_project_label":true},{"id":36554094,"name":"test-scope::label1","description":"","description_html":"","text_color":"#FFFFFF","color":"#dc143c","archived":false,"subscribed":false,"priority":null,"is_project_label":true}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1
index fe69777a61..6478282753 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1
@@ -1,23 +1,20 @@
-X-Gitlab-Meta: {"correlation_id":"9a4087994491e0d9-ATL","version":"1"}
-X-Runtime: 0.188528
-Cf-Cache-Status: MISS
-Vary: Origin, Accept-Encoding
-Gitlab-Sv: api-gke-us-east1-c
-Ratelimit-Limit: 2000
-X-Frame-Options: SAMEORIGIN
-Set-Cookie: __cf_bm=vRq7jzBikEzTq7AnqMSFoJylX9YITdPajG9uX4tCYrc-1764067245-1.0.1.1-Hvlybvw74Kibce1zpFZ5U3RZzRotTcS82dIqQrHeSDN5svoMhXq6s7eKBI.0y2048mnyh3swNvHQJl8uNf2OU7_0q_XKtRC.y7j6Z9HlKLQ; path=/; expires=Tue, 25-Nov-25 11:10:45 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=.7RnvMg3Voknz7jDeEvYmkDEODsSDm7wD3k4HhDyqas-1764067245334-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
 Cache-Control: max-age=0, private, must-revalidate
-Strict-Transport-Security: max-age=31536000
-Gitlab-Lb: haproxy-main-20-lb-gprd
-Ratelimit-Reset: 1764067260
-Etag: W/"03394ce63b5a2ead1d07419720dfe556"
-Ratelimit-Remaining: 1977
-Referrer-Policy: strict-origin-when-cross-origin
-X-Content-Type-Options: nosniff
-Content-Type: application/json
+Cf-Cache-Status: MISS
 Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"cf224bae9251f5868bfb51709dbbd6e3"
+Gitlab-Lb: haproxy-main-45-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
+Ratelimit-Limit: 2000
 Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Observed: 23
+Ratelimit-Observed: 25
+Ratelimit-Remaining: 1975
+Ratelimit-Reset: 1771085820
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Runtime: 0.178737
 
-{"id":324657888,"iid":1,"project_id":61363672,"title":"Test branch","description":"do not merge this PR","state":"opened","created_at":"2024-09-03T07:57:19.866Z","updated_at":"2024-09-03T18:50:21.065Z","merged_by":null,"merge_user":null,"merged_at":null,"closed_by":null,"closed_at":null,"target_branch":"master","source_branch":"feat/test","user_notes_count":0,"upvotes":1,"downvotes":0,"author":{"id":2005797,"username":"oliverpool","public_email":"","name":"oliverpool","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/2005797/avatar.png","web_url":"https://gitlab.com/oliverpool"},"assignees":[],"assignee":null,"reviewers":[],"source_project_id":61363672,"target_project_id":61363672,"labels":["test-scope::label0","test-scope::label1"],"draft":false,"imported":false,"imported_from":"none","work_in_progress":false,"milestone":{"id":4711991,"iid":1,"project_id":61363672,"title":"1.1.0","description":"","state":"active","created_at":"2024-09-03T13:52:48.414Z","updated_at":"2024-09-03T14:52:14.093Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/forgejo/test_repo/-/milestones/1"},"merge_when_pipeline_succeeds":false,"merge_status":"can_be_merged","detailed_merge_status":"mergeable","merge_after":null,"sha":"9f733b96b98a4175276edf6a2e1231489c3bdd23","merge_commit_sha":null,"squash_commit_sha":null,"discussion_locked":null,"should_remove_source_branch":null,"force_remove_source_branch":true,"prepared_at":"2024-09-03T08:15:46.361Z","reference":"!1","references":{"short":"!1","relative":"!1","full":"forgejo/test_repo!1"},"web_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests/1","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"squash":false,"squash_on_merge":false,"task_completion_status":{"count":0,"completed_count":0},"has_conflicts":false,"blocking_discussions_resolved":true,"approvals_before_merge":null,"subscribed":true,"changes_count":"1","latest_build_started_at":null,"latest_build_finished_at":null,"first_deployed_to_production_at":null,"pipeline":null,"head_pipeline":null,"diff_refs":{"base_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83","head_sha":"9f733b96b98a4175276edf6a2e1231489c3bdd23","start_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83"},"merge_error":null,"first_contribution":true,"user":{"can_merge":true}}
\ No newline at end of file
+{"id":324657888,"iid":1,"project_id":61363672,"title":"Test branch","description":"do not merge this PR","state":"opened","created_at":"2024-09-03T07:57:19.866Z","updated_at":"2024-09-03T18:50:21.065Z","merged_by":null,"merge_user":null,"merged_at":null,"closed_by":null,"closed_at":null,"target_branch":"master","source_branch":"feat/test","user_notes_count":0,"upvotes":1,"downvotes":0,"author":{"id":2005797,"username":"oliverpool","public_email":"","name":"oliverpool","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/2005797/avatar.png","web_url":"https://gitlab.com/oliverpool"},"assignees":[],"assignee":null,"reviewers":[],"source_project_id":61363672,"target_project_id":61363672,"labels":["test-scope::label0","test-scope::label1"],"draft":false,"imported":false,"imported_from":"none","work_in_progress":false,"milestone":{"id":4711991,"iid":1,"project_id":61363672,"title":"1.1.0","description":"","state":"active","created_at":"2024-09-03T13:52:48.414Z","updated_at":"2024-09-03T14:52:14.093Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/forgejo/test_repo/-/milestones/1"},"merge_when_pipeline_succeeds":false,"merge_status":"can_be_merged","detailed_merge_status":"mergeable","merge_after":null,"sha":"9f733b96b98a4175276edf6a2e1231489c3bdd23","merge_commit_sha":null,"squash_commit_sha":null,"discussion_locked":null,"should_remove_source_branch":null,"force_remove_source_branch":true,"prepared_at":"2024-09-03T08:15:46.361Z","reference":"!1","references":{"short":"!1","relative":"!1","full":"forgejo/test_repo!1"},"web_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests/1","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"squash":false,"squash_on_merge":false,"task_completion_status":{"count":0,"completed_count":0},"has_conflicts":false,"blocking_discussions_resolved":true,"approvals_before_merge":null,"subscribed":true,"changes_count":"1","latest_build_started_at":null,"latest_build_finished_at":null,"first_deployed_to_production_at":null,"pipeline":null,"head_pipeline":null,"diff_refs":{"base_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83","head_sha":"9f733b96b98a4175276edf6a2e1231489c3bdd23","start_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83"},"merge_error":null,"first_contribution":true,"user":{"can_merge":false}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Fapprovals b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Fapprovals
index 4a9e817815..6a57040fa3 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Fapprovals
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Fapprovals
@@ -1,23 +1,20 @@
-Cf-Cache-Status: MISS
-Gitlab-Sv: api-gke-us-east1-d
-Ratelimit-Reset: 1764067260
-Referrer-Policy: strict-origin-when-cross-origin
-X-Content-Type-Options: nosniff
-X-Frame-Options: SAMEORIGIN
-Content-Type: application/json
 Cache-Control: max-age=0, private, must-revalidate
-Etag: W/"3da5e3df1b0f9c6ee83a8de4be017f3a"
-Vary: Origin, Accept-Encoding
+Cf-Cache-Status: MISS
 Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"3bd641be6f148427c8595a68c455f91f"
+Gitlab-Lb: haproxy-main-51-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
 Ratelimit-Limit: 2000
 Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Observed: 26
-Gitlab-Lb: haproxy-main-03-lb-gprd
-Ratelimit-Remaining: 1974
-X-Gitlab-Meta: {"correlation_id":"9a40879ea04ee0d9-ATL","version":"1"}
+Ratelimit-Observed: 28
+Ratelimit-Remaining: 1972
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
 Strict-Transport-Security: max-age=31536000
-X-Runtime: 0.089708
-Set-Cookie: __cf_bm=OBdSEa.4KBD148U98yToDpYASVjC3RfvvJChcLJD_Kc-1764067246-1.0.1.1-1dlglt_BfkVGaLI98pb6juSKJMhyzHMY1KT5aZOuQyrf2HisPIb7tFfDgraswOe_IEGXIJyHjGWne9ncfWM_I1ALhUewLlQRlSABre9b17I; path=/; expires=Tue, 25-Nov-25 11:10:46 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=3vl9VuwtU32ij7owL1kgjOEE9G9SIR6v5rGoV1LSWMw-1764067246314-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Runtime: 0.083008
 
-{"id":324657888,"iid":1,"project_id":61363672,"title":"Test branch","description":"do not merge this PR","state":"opened","created_at":"2024-09-03T07:57:19.866Z","updated_at":"2024-09-03T18:50:21.065Z","merge_status":"can_be_merged","approved":true,"approvals_required":0,"approvals_left":0,"require_password_to_approve":false,"approved_by":[{"user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"approved_at":"2024-09-03T18:50:20.774Z"}],"suggested_approvers":[],"approvers":[],"approver_groups":[],"user_has_approved":false,"user_can_approve":true,"approval_rules_left":[],"has_approval_rules":false,"merge_request_approvers_available":false,"multiple_approval_rules_available":false,"invalid_approvers_rules":[]}
\ No newline at end of file
+{"id":324657888,"iid":1,"project_id":61363672,"title":"Test branch","description":"do not merge this PR","state":"opened","created_at":"2024-09-03T07:57:19.866Z","updated_at":"2024-09-03T18:50:21.065Z","merge_status":"can_be_merged","approved":true,"approvals_required":0,"approvals_left":0,"require_password_to_approve":false,"approved_by":[{"user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"approved_at":"2024-09-03T18:50:20.774Z"}],"suggested_approvers":[],"approvers":[],"approver_groups":[],"user_has_approved":false,"user_can_approve":false,"approval_rules_left":[],"has_approval_rules":false,"merge_request_approvers_available":false,"multiple_approval_rules_available":false,"invalid_approvers_rules":[]}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=1 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=1
deleted file mode 100644
index e14fd54fe9..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=1
+++ /dev/null
@@ -1,30 +0,0 @@
-X-Total: 2
-Cache-Control: max-age=0, private, must-revalidate
-Gitlab-Lb: haproxy-main-52-lb-gprd
-Ratelimit-Name: throttle_authenticated_api
-X-Page: 1
-Etag: W/"70c4ed058c515311f62a5765a249cc5a"
-Referrer-Policy: strict-origin-when-cross-origin
-X-Next-Page: 2
-Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=2&per_page=1>; rel="next", <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=1>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=2&per_page=1>; rel="last"
-Content-Security-Policy: default-src 'none'
-X-Total-Pages: 2
-Set-Cookie: __cf_bm=XkuPSlZqX6G9cDIjI3kScBSmIE8.DphoKnxS7TLsOkw-1764063483-1.0.1.1-mbTkp1GpKErhvN0TGPwU7C70xZ3hGtyNGmIFwd0ztkPoYV1Sa6EAAmpFv0UvuVIo1MZUfmjpu0nKcM0sgmv5Yq93F_j6Mo5yv42SwqSCp.o; path=/; expires=Tue, 25-Nov-25 10:08:03 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=bAOzKGORp_o4KNjq.9E3ti0ukBGdMCxdTqK0GKzH8HM-1764063483573-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Type: application/json
-X-Content-Type-Options: nosniff
-X-Prev-Page: 
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Limit: 2000
-Ratelimit-Remaining: 1993
-X-Frame-Options: SAMEORIGIN
-X-Gitlab-Meta: {"correlation_id":"9a402bbdd2c14fc7-ATL","version":"1"}
-Gitlab-Sv: gke-cny-api
-Ratelimit-Observed: 7
-X-Runtime: 0.556538
-Cf-Cache-Status: MISS
-Vary: Origin, Accept-Encoding
-Ratelimit-Reset: 1764063540
-X-Per-Page: 1
-
-[{"id":28098492,"name":"thumbsup","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T18:49:58.072Z","updated_at":"2024-09-03T18:49:58.072Z","awardable_id":324657888,"awardable_type":"MergeRequest","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=2 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=2
index 7f5cac98b4..0c8899056e 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=2
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=2
@@ -1,30 +1,27 @@
-Cf-Cache-Status: MISS
-Ratelimit-Reset: 1764067260
-X-Page: 1
-X-Total-Pages: 1
-Content-Type: application/json
-Gitlab-Lb: haproxy-main-54-lb-gprd
-Ratelimit-Limit: 2000
-Referrer-Policy: strict-origin-when-cross-origin
-X-Gitlab-Meta: {"correlation_id":"9a40879b9635e0d9-ATL","version":"1"}
-X-Runtime: 0.064452
-Set-Cookie: __cf_bm=b3C7feSdSLcE5xBQkgGd_HSIGeFMUvtzoe7GjmBh4Sk-1764067245-1.0.1.1-69_Md94YSDAyIau0t6tbIWbQGCnD__2bLKIX_WYDa0uRa9WuVm1U9fHC0QdOI_PYD4NVQM68oFumZvLz.O6A93tHnH6PxlVDxJEc1i_gzfQ; path=/; expires=Tue, 25-Nov-25 11:10:45 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=i6_IAh2s573c9vJrB5wlCzyfSOOgp4v9v0gzK1Wr0nk-1764067245571-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Vary: Origin, Accept-Encoding
-Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Observed: 24
-X-Content-Type-Options: nosniff
-X-Total: 2
-Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=2>; rel="last"
-Strict-Transport-Security: max-age=31536000
-Gitlab-Sv: api-gke-us-east1-d
-Ratelimit-Remaining: 1976
-Etag: W/"bd2f80bb25761a40ac32dfacf2031227"
-Content-Security-Policy: default-src 'none'
-X-Next-Page: 
-X-Prev-Page: 
 Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"bd2f80bb25761a40ac32dfacf2031227"
+Gitlab-Lb: haproxy-main-39-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
+Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=2>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 26
+Ratelimit-Remaining: 1974
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
 X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
 X-Per-Page: 2
+X-Prev-Page: 
+X-Runtime: 0.069272
+X-Total: 2
+X-Total-Pages: 1
 
 [{"id":28098492,"name":"thumbsup","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T18:49:58.072Z","updated_at":"2024-09-03T18:49:58.072Z","awardable_id":324657888,"awardable_type":"MergeRequest","url":null},{"id":28098494,"name":"tada","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T18:50:02.028Z","updated_at":"2024-09-03T18:50:02.028Z","awardable_id":324657888,"awardable_type":"MergeRequest","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=2&per_page=1 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=2&per_page=1
deleted file mode 100644
index afd45d6577..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=2&per_page=1
+++ /dev/null
@@ -1,30 +0,0 @@
-X-Runtime: 0.081215
-Vary: Origin, Accept-Encoding
-X-Frame-Options: SAMEORIGIN
-X-Gitlab-Meta: {"correlation_id":"9a402bc4a7d24fc7-ATL","version":"1"}
-X-Page: 2
-Set-Cookie: __cf_bm=YmAk0.hRdZg1DtVIkj7YXf8z7q94AXkw7DPT6UASlcg-1764063484-1.0.1.1-rCR7QJGDjGvGw7RA8JmcdbMEKiNoDr3w9Iyu290lGhFN6oyozy1GKI51UR6Ul29VSBh9W2lqUqeBIF2gSCTe227jItc5EnFmEUrzN3_dPUQ; path=/; expires=Tue, 25-Nov-25 10:08:04 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=cQxspr39HLxTXEIAEI3Z8UlOj.KlZ4ayyHo87KzcH9g-1764063484057-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Security-Policy: default-src 'none'
-Content-Type: application/json
-Cf-Cache-Status: MISS
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Reset: 1764063540
-X-Per-Page: 1
-X-Prev-Page: 1
-Ratelimit-Observed: 8
-Referrer-Policy: strict-origin-when-cross-origin
-X-Content-Type-Options: nosniff
-X-Next-Page: 
-X-Total: 2
-X-Total-Pages: 2
-Gitlab-Lb: haproxy-main-59-lb-gprd
-Gitlab-Sv: api-gke-us-east1-c
-Ratelimit-Remaining: 1992
-Cache-Control: max-age=0, private, must-revalidate
-Etag: W/"9c7da703c0da01fbfe41ef1d4bd2a84e"
-Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=1>; rel="prev", <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=1>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=2&per_page=1>; rel="last"
-Ratelimit-Limit: 2000
-Ratelimit-Name: throttle_authenticated_api
-
-[{"id":28098494,"name":"tada","user":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"created_at":"2024-09-03T18:50:02.028Z","updated_at":"2024-09-03T18:50:02.028Z","awardable_id":324657888,"awardable_type":"MergeRequest","url":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=2&per_page=2 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=2&per_page=2
index 3eae28338a..460708af72 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=2&per_page=2
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=2&per_page=2
@@ -1,32 +1,29 @@
-Cache-Control: max-age=0, private, must-revalidate
-Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
-Ratelimit-Limit: 2000
-Ratelimit-Remaining: 1975
-X-Next-Page: 
-X-Prev-Page: 
-Cf-Cache-Status: MISS
 Accept-Ranges: bytes
-Ratelimit-Reset: 1764067260
-Gitlab-Lb: haproxy-main-20-lb-gprd
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Length: 2
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Gitlab-Lb: haproxy-main-28-lb-gprd
+Gitlab-Sv: api-gke-us-east1-b
+Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=2>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 27
+Ratelimit-Remaining: 1973
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
 X-Content-Type-Options: nosniff
-X-Gitlab-Meta: {"correlation_id":"9a40879d1756e0d9-ATL","version":"1"}
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 2
+X-Per-Page: 2
+X-Prev-Page: 
+X-Runtime: 0.064023
 X-Total: 2
 X-Total-Pages: 1
-Content-Type: application/json
-Content-Length: 2
-Gitlab-Sv: api-gke-us-east1-c
-Ratelimit-Observed: 25
-X-Page: 2
-X-Runtime: 0.067902
-Ratelimit-Name: throttle_authenticated_api
-X-Per-Page: 2
-Vary: Origin, Accept-Encoding
-Referrer-Policy: strict-origin-when-cross-origin
-X-Frame-Options: SAMEORIGIN
-Strict-Transport-Security: max-age=31536000
-Content-Security-Policy: default-src 'none'
-Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=2>; rel="last"
-Set-Cookie: __cf_bm=h8BkNDjGvwb3L57ZRGQkkABB5U78kXobmi1vtvY8i5c-1764067245-1.0.1.1-qeX.CJTb63vRVrI6u7enwWNE_coj067G.amslx62c.UdglGf2qHOdO25C8bxHlEWtNPaxlkY0ihPzQSjY2B.em1fEWDa98O9iqQxEEgy680; path=/; expires=Tue, 25-Nov-25 11:10:45 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=384Idtls0tkTwfkLTd3hr9ayqErhfdHhmT.uwruZi1E-1764067245816-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
 
 []
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=3&per_page=1 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=3&per_page=1
deleted file mode 100644
index 22dc3f24fc..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=3&per_page=1
+++ /dev/null
@@ -1,32 +0,0 @@
-X-Runtime: 0.081756
-Content-Type: application/json
-X-Frame-Options: SAMEORIGIN
-X-Page: 3
-Strict-Transport-Security: max-age=31536000
-Content-Security-Policy: default-src 'none'
-X-Content-Type-Options: nosniff
-X-Next-Page: 
-X-Total: 2
-Content-Length: 2
-Cf-Cache-Status: MISS
-X-Prev-Page: 
-Accept-Ranges: bytes
-Gitlab-Sv: api-gke-us-east1-c
-Set-Cookie: __cf_bm=AHaUZsC2vGJiM7kOdVaKOrbNwS69trH4NwA4P6H35Vo-1764063484-1.0.1.1-gfqG42z4PvllEAyjj0SNhLcsgPK3u54jS6cGLa78UgC.Any.C_FMzf7kkXJvCnT28XdjZ7_FcCLOVfdz8xG3y9QpvRCvCWhSzmFixx.vluM; path=/; expires=Tue, 25-Nov-25 10:08:04 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=yd78Ii6EQz3b4s8UdQ3cbMCFHi10JBkiCih71Ur2DCY-1764063484541-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Cache-Control: max-age=0, private, must-revalidate
-Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Reset: 1764063540
-Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=1&per_page=1>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/1/award_emoji?id=61363672&merge_request_iid=1&page=2&per_page=1>; rel="last"
-Gitlab-Lb: haproxy-main-38-lb-gprd
-Ratelimit-Limit: 2000
-Ratelimit-Observed: 9
-Ratelimit-Remaining: 1991
-X-Gitlab-Meta: {"correlation_id":"9a402bc7a1d04fc7-ATL","version":"1"}
-X-Total-Pages: 2
-Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
-X-Per-Page: 1
-Vary: Origin, Accept-Encoding
-Referrer-Policy: strict-origin-when-cross-origin
-
-[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2
index f28ebfc5b3..06edc96b4f 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2
@@ -1,23 +1,20 @@
-X-Runtime: 0.178866
-Set-Cookie: __cf_bm=HovvnRHtwoTC7rEbSu8TkTRpkxnN64EyEWBOEpKDwU8-1764067244-1.0.1.1-0CLYMFRqlcI0z_A7KhZby1Aw17uQQga6KzLBpEDHWCnRtXpCZQJogK6a4bPwHMTwIX88ao8QGRhAkD.23OgXKxzXH4VrjXO0rYEok74gQd4; path=/; expires=Tue, 25-Nov-25 11:10:44 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=O46TDle0ljANZqt352yHmPEDBXtO70FiLe5dp9Z0Wnw-1764067244738-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Type: application/json
-Ratelimit-Name: throttle_authenticated_api
-X-Content-Type-Options: nosniff
-Strict-Transport-Security: max-age=31536000
-Gitlab-Sv: api-gke-us-east1-b
-Ratelimit-Reset: 1764067260
-X-Gitlab-Meta: {"correlation_id":"9a408795917de0d9-ATL","version":"1"}
-Cf-Cache-Status: MISS
-Etag: W/"e5bb0f6d19fcb489771c0b23b44ef3c7"
-Vary: Origin, Accept-Encoding
-Gitlab-Lb: haproxy-main-25-lb-gprd
-Ratelimit-Limit: 2000
-Referrer-Policy: strict-origin-when-cross-origin
 Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
 Content-Security-Policy: default-src 'none'
-Ratelimit-Observed: 21
-Ratelimit-Remaining: 1979
+Content-Type: application/json
+Etag: W/"9ee6be6c33814e3e7602172c770ee033"
+Gitlab-Lb: haproxy-main-59-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 23
+Ratelimit-Remaining: 1977
+Ratelimit-Reset: 1771085820
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
 X-Frame-Options: SAMEORIGIN
+X-Runtime: 0.186907
 
-{"id":435564587,"iid":2,"project_id":61363672,"title":"Test/parsing","description":"Simillar to !1 this solves an issue.","state":"opened","created_at":"2025-11-25T09:48:20.259Z","updated_at":"2025-11-25T09:48:21.627Z","merged_by":null,"merge_user":null,"merged_at":null,"closed_by":null,"closed_at":null,"target_branch":"master","source_branch":"test/parsing","user_notes_count":1,"upvotes":0,"downvotes":0,"author":{"id":10529876,"username":"patdyn","public_email":"","name":"Pat Dyn","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/10529876/avatar.png","web_url":"https://gitlab.com/patdyn"},"assignees":[],"assignee":null,"reviewers":[],"source_project_id":61363672,"target_project_id":61363672,"labels":[],"draft":false,"imported":false,"imported_from":"none","work_in_progress":false,"milestone":null,"merge_when_pipeline_succeeds":false,"merge_status":"cannot_be_merged","detailed_merge_status":"commits_status","merge_after":null,"sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83","merge_commit_sha":null,"squash_commit_sha":null,"discussion_locked":null,"should_remove_source_branch":null,"force_remove_source_branch":true,"prepared_at":"2025-11-25T09:48:21.605Z","reference":"!2","references":{"short":"!2","relative":"!2","full":"forgejo/test_repo!2"},"web_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests/2","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"squash":false,"squash_on_merge":false,"task_completion_status":{"count":0,"completed_count":0},"has_conflicts":true,"blocking_discussions_resolved":true,"approvals_before_merge":null,"subscribed":true,"changes_count":null,"latest_build_started_at":null,"latest_build_finished_at":null,"first_deployed_to_production_at":null,"pipeline":null,"head_pipeline":null,"diff_refs":{"base_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83","head_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83","start_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83"},"merge_error":null,"first_contribution":true,"user":{"can_merge":true}}
\ No newline at end of file
+{"id":435564587,"iid":2,"project_id":61363672,"title":"Test/parsing","description":"Simillar to !1 this solves an issue.","state":"opened","created_at":"2025-11-25T09:48:20.259Z","updated_at":"2025-11-25T09:48:21.627Z","merged_by":null,"merge_user":null,"merged_at":null,"closed_by":null,"closed_at":null,"target_branch":"master","source_branch":"test/parsing","user_notes_count":1,"upvotes":0,"downvotes":0,"author":{"id":10529876,"username":"patdyn","public_email":"","name":"Pat Dyn","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/10529876/avatar.png","web_url":"https://gitlab.com/patdyn"},"assignees":[],"assignee":null,"reviewers":[],"source_project_id":61363672,"target_project_id":61363672,"labels":[],"draft":false,"imported":false,"imported_from":"none","work_in_progress":false,"milestone":null,"merge_when_pipeline_succeeds":false,"merge_status":"cannot_be_merged","detailed_merge_status":"commits_status","merge_after":null,"sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83","merge_commit_sha":null,"squash_commit_sha":null,"discussion_locked":null,"should_remove_source_branch":null,"force_remove_source_branch":true,"prepared_at":"2025-11-25T09:48:21.605Z","reference":"!2","references":{"short":"!2","relative":"!2","full":"forgejo/test_repo!2"},"web_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests/2","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"squash":false,"squash_on_merge":false,"task_completion_status":{"count":0,"completed_count":0},"has_conflicts":true,"blocking_discussions_resolved":true,"approvals_before_merge":null,"subscribed":false,"changes_count":null,"latest_build_started_at":null,"latest_build_finished_at":null,"first_deployed_to_production_at":null,"pipeline":null,"head_pipeline":null,"diff_refs":{"base_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83","head_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83","start_sha":"c59c9b451acca9d106cc19d61d87afe3fbbb8b83"},"merge_error":null,"first_contribution":true,"user":{"can_merge":false}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fapprovals b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fapprovals
deleted file mode 100644
index 8025baab29..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fapprovals
+++ /dev/null
@@ -1,16 +0,0 @@
-Content-Type: application/json
-Cache-Control: no-cache
-X-Runtime: 0.050861
-Cf-Cache-Status: MISS
-Content-Length: 27
-Strict-Transport-Security: max-age=31536000
-X-Content-Type-Options: nosniff
-Set-Cookie: _cfuvid=dOl9pLwVdWdrfHK2_lQ8ilTg21PZJf8ErnJ6hi2V6LQ-1725394529656-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Security-Policy: default-src 'none'
-X-Gitlab-Meta: {"correlation_id":"8b1408168090614939be8b301aaf8ec1","version":"1"}
-Referrer-Policy: strict-origin-when-cross-origin
-Gitlab-Lb: haproxy-main-42-lb-gprd
-Vary: Origin, Accept-Encoding
-Gitlab-Sv: api-gke-us-east1-b
-
-{"message":"404 Not found"}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Faward_emoji%3Fpage=1&per_page=1 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Faward_emoji%3Fpage=1&per_page=1
deleted file mode 100644
index 3ed2facd4e..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Faward_emoji%3Fpage=1&per_page=1
+++ /dev/null
@@ -1,32 +0,0 @@
-X-Next-Page: 
-Content-Length: 2
-Cf-Cache-Status: MISS
-Content-Security-Policy: default-src 'none'
-Gitlab-Lb: haproxy-main-18-lb-gprd
-Referrer-Policy: strict-origin-when-cross-origin
-Content-Type: application/json
-Ratelimit-Observed: 19
-X-Prev-Page: 
-X-Total: 0
-Accept-Ranges: bytes
-Ratelimit-Remaining: 1981
-X-Content-Type-Options: nosniff
-X-Per-Page: 1
-X-Runtime: 0.334300
-Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
-Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/award_emoji?id=61363672&merge_request_iid=2&page=1&per_page=1>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/award_emoji?id=61363672&merge_request_iid=2&page=1&per_page=1>; rel="last"
-Strict-Transport-Security: max-age=31536000
-Gitlab-Sv: api-gke-us-east1-d
-Ratelimit-Limit: 2000
-Ratelimit-Reset: 1764065160
-X-Gitlab-Meta: {"correlation_id":"9a40538146934fc7-ATL","version":"1"}
-Vary: Origin, Accept-Encoding
-X-Page: 1
-X-Total-Pages: 1
-Set-Cookie: __cf_bm=aMNCos1nC670QtjMcPl6AMOr5.gQUvwKoSkkyhFR2hA-1764065111-1.0.1.1-m.0niiKJJIBHdpKYYtPy7xw4tWUWsrxwXv.ZidE9s75fbutM0awLVZIAG4443voqhHhr92y0BEsgfJd2.dEPfqO5y0Zq8U2dIDMlwE7IjUI; path=/; expires=Tue, 25-Nov-25 10:35:11 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=ldTbqSB2WbTEqJNb2dvw._Hp9jvybBVGuhFVSaaB7GA-1764065111752-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Cache-Control: max-age=0, private, must-revalidate
-Ratelimit-Name: throttle_authenticated_api
-X-Frame-Options: SAMEORIGIN
-
-[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Faward_emoji%3Fpage=1&per_page=2 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Faward_emoji%3Fpage=1&per_page=2
index c5c729ae7b..bf1be1a533 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Faward_emoji%3Fpage=1&per_page=2
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Faward_emoji%3Fpage=1&per_page=2
@@ -1,32 +1,29 @@
+Accept-Ranges: bytes
+Cache-Control: max-age=0, private, must-revalidate
 Cf-Cache-Status: MISS
+Content-Length: 2
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Gitlab-Lb: haproxy-main-21-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
 Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/award_emoji?id=61363672&merge_request_iid=2&page=1&per_page=2>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/award_emoji?id=61363672&merge_request_iid=2&page=1&per_page=2>; rel="last"
-Ratelimit-Remaining: 1978
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 24
+Ratelimit-Remaining: 1976
+Ratelimit-Reset: 1771055640
 Referrer-Policy: strict-origin-when-cross-origin
 Strict-Transport-Security: max-age=31536000
-Gitlab-Sv: api-gke-us-east1-c
+Vary: Origin, Accept-Encoding
 X-Content-Type-Options: nosniff
 X-Frame-Options: SAMEORIGIN
-X-Gitlab-Meta: {"correlation_id":"9a408797d389e0d9-ATL","version":"1"}
-X-Total: 0
-Content-Length: 2
-Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Reset: 1764067260
-X-Prev-Page: 
-Set-Cookie: __cf_bm=H04JUnNcTc5yzKjplGbl_VmPweCoi2aMc578JKU_Q.M-1764067244-1.0.1.1-zcEHZ4sJjriN3Gh0ujBF_3s7qAY.rzjaoXGjAqzJntUfd.fKcKzAnTLjEg70s0xAr7208YETSkoJ7.HlDXm0T3N1s6mI_oGRQ_xeDuc5FP8; path=/; expires=Tue, 25-Nov-25 11:10:44 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=R_C1xCw9pcpiAS2mZ6MTjC9pE2RWjtSAXb5vDH3RRbQ-1764067244972-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Accept-Ranges: bytes
-Content-Security-Policy: default-src 'none'
-Gitlab-Lb: haproxy-main-23-lb-gprd
-X-Total-Pages: 1
-Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
-Ratelimit-Observed: 22
-X-Runtime: 0.058917
-Content-Type: application/json
-Ratelimit-Limit: 2000
-Cache-Control: max-age=0, private, must-revalidate
 X-Next-Page: 
-Vary: Origin, Accept-Encoding
 X-Page: 1
 X-Per-Page: 2
+X-Prev-Page: 
+X-Runtime: 0.060605
+X-Total: 0
+X-Total-Pages: 1
 
 []
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fdiscussions%3Fpage=1&per_page=100 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fdiscussions%3Fpage=1&per_page=100
index 43a14538b7..59a52da44b 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fdiscussions%3Fpage=1&per_page=100
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fdiscussions%3Fpage=1&per_page=100
@@ -1,30 +1,27 @@
-Set-Cookie: __cf_bm=o0aS8o8ajcHs8a5C4vSUXQmZAQazi4dD0KCvTVlvSes-1764067243-1.0.1.1-94CxZwBfz9gJBykfV5Arn2iq8ORj_QBoMo9BmK9tJUwpEf0.WHNvPI5pVdUvZhdhCJGv3Bcxj0RbLwC..n2enJmsCgru1h.kjm0qBMVBCHA; path=/; expires=Tue, 25-Nov-25 11:10:43 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=HmW_.D2rp7JGXPOBvfl0WM76DobWOh6fFYs.z8WTWgw-1764067243834-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Cf-Cache-Status: MISS
-Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/discussions?id=61363672&noteable_id=2&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/discussions?id=61363672&noteable_id=2&page=1&per_page=100>; rel="last"
-Ratelimit-Observed: 18
-X-Total: 2
-Content-Security-Policy: default-src 'none'
-Ratelimit-Remaining: 1982
-X-Next-Page: 
-Content-Type: application/json
-Strict-Transport-Security: max-age=31536000
 Cache-Control: max-age=0, private, must-revalidate
-Gitlab-Lb: haproxy-main-03-lb-gprd
-X-Gitlab-Meta: {"correlation_id":"9a40879044cce0d9-ATL","version":"1"}
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
 Etag: W/"d87805cd93ac626c7e1fe459c808b459"
-X-Page: 1
-X-Runtime: 0.131844
-Vary: Origin, Accept-Encoding
-Gitlab-Sv: api-gke-us-east1-d
-Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Reset: 1764067260
-X-Frame-Options: SAMEORIGIN
-X-Prev-Page: 
+Gitlab-Lb: haproxy-main-10-lb-gprd
+Gitlab-Sv: api-gke-us-east1-b
+Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/discussions?id=61363672&noteable_id=2&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/discussions?id=61363672&noteable_id=2&page=1&per_page=100>; rel="last"
 Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 20
+Ratelimit-Remaining: 1980
+Ratelimit-Reset: 1771055640
 Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
 X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
 X-Per-Page: 100
+X-Prev-Page: 
+X-Runtime: 0.166725
+X-Total: 2
 X-Total-Pages: 1
 
 [{"id":"b5ca983c1aa64f694c89a7c6df9a27a7b68b5414","individual_note":true,"notes":[{"id":2911818565,"type":null,"body":"Although we had some trouble with !1.","author":{"id":10529876,"username":"patdyn","public_email":"","name":"Pat Dyn","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/10529876/avatar.png","web_url":"https://gitlab.com/patdyn"},"created_at":"2025-11-25T09:49:00.750Z","updated_at":"2025-11-25T09:49:00.750Z","system":false,"noteable_id":435564587,"noteable_type":"MergeRequest","project_id":61363672,"resolvable":false,"confidential":false,"internal":false,"imported":false,"imported_from":"none","noteable_iid":2,"commands_changes":{}}]},{"id":"d6baff3ff75a892764e7b3cc164689687c875266","individual_note":true,"notes":[{"id":2911820075,"type":null,"body":"mentioned in issue #3","author":{"id":10529876,"username":"patdyn","public_email":"","name":"Pat Dyn","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/10529876/avatar.png","web_url":"https://gitlab.com/patdyn"},"created_at":"2025-11-25T09:49:32.263Z","updated_at":"2025-11-25T09:49:32.265Z","system":true,"noteable_id":435564587,"noteable_type":"MergeRequest","project_id":61363672,"resolvable":false,"confidential":false,"internal":false,"imported":false,"imported_from":"none","noteable_iid":2,"commands_changes":{}}]}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fresource_state_events%3Fpage=1&per_page=100 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fresource_state_events%3Fpage=1&per_page=100
index f4f9a26815..6059cfa08d 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fresource_state_events%3Fpage=1&per_page=100
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%2F2%2Fresource_state_events%3Fpage=1&per_page=100
@@ -1,32 +1,29 @@
-Cf-Cache-Status: MISS
-Cache-Control: max-age=0, private, must-revalidate
-Content-Security-Policy: default-src 'none'
-X-Content-Type-Options: nosniff
-X-Per-Page: 100
-Content-Type: application/json
-Vary: Origin, Accept-Encoding
-Gitlab-Sv: api-gke-us-east1-b
-X-Frame-Options: SAMEORIGIN
-X-Page: 1
-X-Total: 0
 Accept-Ranges: bytes
-Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/resource_state_events?eventable_id=2&id=61363672&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/resource_state_events?eventable_id=2&id=61363672&page=1&per_page=100>; rel="last"
-X-Prev-Page: 
-X-Total-Pages: 1
-Strict-Transport-Security: max-age=31536000
-Gitlab-Lb: haproxy-main-37-lb-gprd
-X-Gitlab-Meta: {"correlation_id":"9a408792362de0d9-ATL","version":"1"}
-X-Runtime: 0.082961
-Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
-Ratelimit-Limit: 2000
-Ratelimit-Reset: 1764067260
-Referrer-Policy: strict-origin-when-cross-origin
-X-Next-Page: 
-Set-Cookie: __cf_bm=AnbNdfNVmM4eBwZO07iC8Va19AxPZPp91NRwcAAlm_4-1764067244-1.0.1.1-qdSGqOhjrZDqx4w1MVLdWS9_hLohzXuyB6JjSNSvzdYbcKAB9eHFjLuKigE7JLZOzDMt7b4_O8Z_a9VJwO5qn4QmH1tG0wA3sxAzlkyFpog; path=/; expires=Tue, 25-Nov-25 11:10:44 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=l_1AA94UEp6etDe2M2tLuf3x3bwZqHT2Kexkl1I.K18-1764067244103-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
 Content-Length: 2
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Gitlab-Lb: haproxy-main-21-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
+Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/resource_state_events?eventable_id=2&id=61363672&page=1&per_page=100>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests/2/resource_state_events?eventable_id=2&id=61363672&page=1&per_page=100>; rel="last"
+Ratelimit-Limit: 2000
 Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Observed: 19
-Ratelimit-Remaining: 1981
+Ratelimit-Observed: 21
+Ratelimit-Remaining: 1979
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
+X-Per-Page: 100
+X-Prev-Page: 
+X-Runtime: 0.071763
+X-Total: 0
+X-Total-Pages: 1
 
 []
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%3Fpage=1&per_page=1&view=simple b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%3Fpage=1&per_page=1&view=simple
deleted file mode 100644
index bbeec767ae..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%3Fpage=1&per_page=1&view=simple
+++ /dev/null
@@ -1,30 +0,0 @@
-Ratelimit-Name: throttle_authenticated_api
-X-Per-Page: 1
-X-Total: 2
-Content-Type: application/json
-Etag: W/"bea70362bb288b76f51e3d14bd31bc42"
-Ratelimit-Observed: 17
-X-Runtime: 0.447768
-X-Total-Pages: 2
-Ratelimit-Limit: 2000
-Ratelimit-Remaining: 1983
-Ratelimit-Reset: 1764065160
-Referrer-Policy: strict-origin-when-cross-origin
-X-Content-Type-Options: nosniff
-Gitlab-Sv: api-gke-us-east1-c
-X-Frame-Options: SAMEORIGIN
-Content-Security-Policy: default-src 'none'
-X-Gitlab-Meta: {"correlation_id":"9a40537b01234fc7-ATL","version":"1"}
-Set-Cookie: __cf_bm=_HMrVhG5HY5SHmHF_4ytrh.j8o.Q2PM_KOi9Vc9CQts-1764065110-1.0.1.1-cRPKy84Yt3i5.R5xOiJjfYqrJUDcb2sTotrA4Di5rodGlh4onCATQRN9el4Gx41Mx_TZWH0HatzJ5eRfxxBpy_0QKhMi3U6s46JhXhTzsmU; path=/; expires=Tue, 25-Nov-25 10:35:10 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=J1H2NC_dYKCXaGmgSwM0Ahwl.9DTCQXtQRfhU.LqfQI-1764065110860-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Cf-Cache-Status: MISS
-Gitlab-Lb: haproxy-main-08-lb-gprd
-X-Page: 1
-Cache-Control: max-age=0, private, must-revalidate
-Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests?id=61363672&order_by=created_at&page=2&per_page=1&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="next", <https://gitlab.com/api/v4/projects/61363672/merge_requests?id=61363672&order_by=created_at&page=1&per_page=1&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests?id=61363672&order_by=created_at&page=2&per_page=1&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="last"
-Strict-Transport-Security: max-age=31536000
-Vary: Origin, Accept-Encoding
-X-Next-Page: 2
-X-Prev-Page: 
-
-[{"id":435564587,"iid":2,"project_id":61363672,"title":"Test/parsing","description":"Simillar to !1 this solves an issue.","state":"opened","created_at":"2025-11-25T09:48:20.259Z","updated_at":"2025-11-25T09:48:21.627Z","web_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests/2"}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%3Fpage=1&per_page=2&view=simple b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%3Fpage=1&per_page=2&view=simple
index 49b8a01c33..e928372280 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%3Fpage=1&per_page=2&view=simple
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmerge_requests%3Fpage=1&per_page=2&view=simple
@@ -1,30 +1,27 @@
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"890cf8ae2716f07ebfd15e1c459084c7"
+Gitlab-Lb: haproxy-main-55-lb-gprd
+Gitlab-Sv: api-gke-us-east1-b
+Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests?id=61363672&order_by=created_at&page=1&per_page=2&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests?id=61363672&order_by=created_at&page=1&per_page=2&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 22
+Ratelimit-Remaining: 1978
+Ratelimit-Reset: 1771055640
 Referrer-Policy: strict-origin-when-cross-origin
-Gitlab-Sv: api-gke-us-east1-c
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
 X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
 X-Next-Page: 
 X-Page: 1
 X-Per-Page: 2
-Link: <https://gitlab.com/api/v4/projects/61363672/merge_requests?id=61363672&order_by=created_at&page=1&per_page=2&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="first", <https://gitlab.com/api/v4/projects/61363672/merge_requests?id=61363672&order_by=created_at&page=1&per_page=2&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="last"
-Ratelimit-Remaining: 1980
-X-Runtime: 0.087096
-X-Total-Pages: 1
-Cache-Control: max-age=0, private, must-revalidate
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Observed: 20
-Set-Cookie: __cf_bm=oXDIvscgtcgX.J4BQH6gVUnRcpqDCIxXtIW88H5GkeE-1764067244-1.0.1.1-MRMb6HL_mAeWU7TOSknLwTRt2Vci4So1emQBn4uV6PvsIL4KAA7mEHa7wQYT0M6iXAH7ZrZz9R2cQT9cOsKuj_dxehLZHXdKGWA2H9sXINM; path=/; expires=Tue, 25-Nov-25 11:10:44 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=sto9ErHOck8xfsNxjLefx9wVTcqi24bVZV4T.w0DQSw-1764067244372-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Type: application/json
-Vary: Origin, Accept-Encoding
-Ratelimit-Limit: 2000
-Ratelimit-Name: throttle_authenticated_api
-Ratelimit-Reset: 1764067260
-Cf-Cache-Status: MISS
-Content-Security-Policy: default-src 'none'
-Gitlab-Lb: haproxy-main-32-lb-gprd
-X-Gitlab-Meta: {"correlation_id":"9a408793e7bfe0d9-ATL","version":"1"}
-X-Total: 2
-Etag: W/"890cf8ae2716f07ebfd15e1c459084c7"
-X-Frame-Options: SAMEORIGIN
 X-Prev-Page: 
+X-Runtime: 0.127936
+X-Total: 2
+X-Total-Pages: 1
 
 [{"id":435564587,"iid":2,"project_id":61363672,"title":"Test/parsing","description":"Simillar to !1 this solves an issue.","state":"opened","created_at":"2025-11-25T09:48:20.259Z","updated_at":"2025-11-25T09:48:21.627Z","web_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests/2"},{"id":324657888,"iid":1,"project_id":61363672,"title":"Test branch","description":"do not merge this PR","state":"opened","created_at":"2024-09-03T07:57:19.866Z","updated_at":"2024-09-03T18:50:21.065Z","web_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests/1"}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmilestones%3Fpage=1&per_page=100&state=all b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmilestones%3Fpage=1&per_page=100&state=all
index 5583057266..8d10968741 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmilestones%3Fpage=1&per_page=100&state=all
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Fmilestones%3Fpage=1&per_page=100&state=all
@@ -1,30 +1,27 @@
-Gitlab-Sv: api-gke-us-east1-c
-X-Page: 1
-X-Per-Page: 100
-Cf-Cache-Status: MISS
 Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"a42f286b703ec341ad7f117b273a51ad"
+Gitlab-Lb: haproxy-main-32-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
+Link: <https://gitlab.com/api/v4/projects/61363672/milestones?id=61363672&include_ancestors=false&page=1&per_page=100&state=all>; rel="first", <https://gitlab.com/api/v4/projects/61363672/milestones?id=61363672&include_ancestors=false&page=1&per_page=100&state=all>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 5
+Ratelimit-Remaining: 1995
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
 X-Frame-Options: SAMEORIGIN
 X-Next-Page: 
+X-Page: 1
+X-Per-Page: 100
 X-Prev-Page: 
-Set-Cookie: __cf_bm=_41Rh9aSyGsrVkscA.pV8yzJ4_ETNn9QF0Ag5uOwFqM-1764067238-1.0.1.1-bznJbf8viMS6FKcHE5lHz3uctOWh26FtF1avZuq328MUfmiD9DR0UYeWy900ArfK2i6mhadZCuvjqSl5V4hfYb3ndX30EH36gtJnzrDm11I; path=/; expires=Tue, 25-Nov-25 11:10:38 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=rCL0Wxxs.PKqgYyWaT19PeP_2uBvc11akIdy0Wt8f7A-1764067238959-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Type: application/json
-Gitlab-Lb: haproxy-main-08-lb-gprd
-Ratelimit-Observed: 5
-Referrer-Policy: strict-origin-when-cross-origin
-Etag: W/"a42f286b703ec341ad7f117b273a51ad"
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Limit: 2000
+X-Runtime: 0.117952
 X-Total: 2
-Ratelimit-Remaining: 1995
-Ratelimit-Reset: 1764067260
-X-Gitlab-Meta: {"correlation_id":"9a40876f5056e0d9-ATL","version":"1"}
-X-Content-Type-Options: nosniff
-X-Runtime: 0.490074
 X-Total-Pages: 1
-Link: <https://gitlab.com/api/v4/projects/61363672/milestones?id=61363672&include_ancestors=false&page=1&per_page=100&state=all>; rel="first", <https://gitlab.com/api/v4/projects/61363672/milestones?id=61363672&include_ancestors=false&page=1&per_page=100&state=all>; rel="last"
-Vary: Origin, Accept-Encoding
-Ratelimit-Name: throttle_authenticated_api
-Content-Security-Policy: default-src 'none'
 
 [{"id":4711993,"iid":2,"project_id":61363672,"title":"1.0.0","description":"","state":"closed","created_at":"2024-09-03T13:53:08.516Z","updated_at":"2024-09-03T20:03:57.786Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/forgejo/test_repo/-/milestones/2"},{"id":4711991,"iid":1,"project_id":61363672,"title":"1.1.0","description":"","state":"active","created_at":"2024-09-03T13:52:48.414Z","updated_at":"2024-09-03T14:52:14.093Z","due_date":null,"start_date":null,"expired":false,"web_url":"https://gitlab.com/forgejo/test_repo/-/milestones/1"}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Freleases%3Fpage=1&per_page=100 b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Freleases%3Fpage=1&per_page=100
index 69147618ed..193e78630e 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Freleases%3Fpage=1&per_page=100
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2F61363672%2Freleases%3Fpage=1&per_page=100
@@ -1,30 +1,27 @@
-Etag: W/"8e9bc910bda56a48f88c6b10688d08e9"
-X-Frame-Options: SAMEORIGIN
-Set-Cookie: __cf_bm=IqmyzMHjnUzan7uwUHFl.h_L2KH2gn3oinFwKn.ohxw-1764067239-1.0.1.1-U49Lfd8o3XxxNn6s4NaaBb6IVSBNE6qZIXrgjggwzM6hh_Y3AMRrXPgR.cYt2JjjBfysZfQXaB5iC5HN8VZ_KefSkjWzKZTI11._lwVsze8; path=/; expires=Tue, 25-Nov-25 11:10:39 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=bimDaLUdNYksl6173_Be3EXR5YSZBCDuUSR5YDEQP8s-1764067239812-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
 Cache-Control: max-age=0, private, must-revalidate
-Gitlab-Lb: haproxy-main-01-lb-gprd
-Ratelimit-Name: throttle_authenticated_api
-X-Total-Pages: 1
 Cf-Cache-Status: MISS
-Strict-Transport-Security: max-age=31536000
 Content-Security-Policy: default-src 'none'
-Referrer-Policy: strict-origin-when-cross-origin
-Ratelimit-Reset: 1764067260
-X-Prev-Page: 
-Vary: Origin, Accept-Encoding
-X-Gitlab-Meta: {"correlation_id":"9a4087774774e0d9-ATL","version":"1"}
-X-Per-Page: 100
 Content-Type: application/json
+Etag: W/"fc79a561cf4910ed7107f242a4561dab"
+Gitlab-Lb: haproxy-main-40-lb-gprd
 Gitlab-Sv: api-gke-us-east1-b
 Link: <https://gitlab.com/api/v4/projects/61363672/releases?id=61363672&order_by=released_at&page=1&per_page=100&sort=desc>; rel="first", <https://gitlab.com/api/v4/projects/61363672/releases?id=61363672&order_by=released_at&page=1&per_page=100&sort=desc>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
 Ratelimit-Observed: 7
+Ratelimit-Remaining: 1993
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
 X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
 X-Next-Page: 
 X-Page: 1
-X-Runtime: 0.099947
-Ratelimit-Limit: 2000
-Ratelimit-Remaining: 1993
+X-Per-Page: 100
+X-Prev-Page: 
+X-Runtime: 0.113045
 X-Total: 1
+X-Total-Pages: 1
 
-[{"name":"First Release","tag_name":"v0.9.99","description":"A test release","created_at":"2024-09-03T15:01:01.513Z","released_at":"2024-09-03T15:01:01.000Z","upcoming_release":false,"author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"commit":{"id":"0720a3ec57c1f843568298117b874319e7deee75","short_id":"0720a3ec","created_at":"2019-11-28T08:49:16.000+00:00","parent_ids":["93ea21ce45d35690c35e80961d239645139e872c"],"title":"Add new file","message":"Add new file","author_name":"Lauris BH","author_email":"lauris@nix.lv","authored_date":"2019-11-28T08:49:16.000+00:00","committer_name":"Lauris BH","committer_email":"lauris@nix.lv","committed_date":"2019-11-28T08:49:16.000+00:00","trailers":{},"extended_trailers":{},"web_url":"https://gitlab.com/forgejo/test_repo/-/commit/0720a3ec57c1f843568298117b874319e7deee75"},"commit_path":"/forgejo/test_repo/-/commit/0720a3ec57c1f843568298117b874319e7deee75","tag_path":"/forgejo/test_repo/-/tags/v0.9.99","assets":{"count":4,"sources":[{"format":"zip","url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.zip"},{"format":"tar.gz","url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar.gz"},{"format":"tar.bz2","url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar.bz2"},{"format":"tar","url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar"}],"links":[]},"evidences":[{"sha":"e30c1d21d05ff0c73436ee1e97b3ef12a1d6d33d0dcd","filepath":"https://gitlab.com/forgejo/test_repo/-/releases/v0.9.99/evidences/9608487.json","collected_at":"2024-09-03T15:01:02.963Z"}],"_links":{"closed_issues_url":"https://gitlab.com/forgejo/test_repo/-/issues?release_tag=v0.9.99\u0026scope=all\u0026state=closed","closed_merge_requests_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests?release_tag=v0.9.99\u0026scope=all\u0026state=closed","edit_url":"https://gitlab.com/forgejo/test_repo/-/releases/v0.9.99/edit","merged_merge_requests_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests?release_tag=v0.9.99\u0026scope=all\u0026state=merged","opened_issues_url":"https://gitlab.com/forgejo/test_repo/-/issues?release_tag=v0.9.99\u0026scope=all\u0026state=opened","opened_merge_requests_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests?release_tag=v0.9.99\u0026scope=all\u0026state=opened","self":"https://gitlab.com/forgejo/test_repo/-/releases/v0.9.99"}}]
\ No newline at end of file
+[{"name":"First Release","tag_name":"v0.9.99","description":"A test release","created_at":"2024-09-03T15:01:01.513Z","released_at":"2024-09-03T15:01:01.000Z","upcoming_release":false,"author":{"id":548513,"username":"mkobel","public_email":"","name":"Moritz Kobel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/eae1be6324682816aedc885acbf5858719b40956e0278edabe5c0db7cbc95f3b?s=80\u0026d=identicon","web_url":"https://gitlab.com/mkobel"},"commit":{"id":"0720a3ec57c1f843568298117b874319e7deee75","short_id":"0720a3ec","created_at":"2019-11-28T08:49:16.000+00:00","parent_ids":["93ea21ce45d35690c35e80961d239645139e872c"],"title":"Add new file","message":"Add new file","author_name":"Lauris BH","author_email":"lauris@nix.lv","authored_date":"2019-11-28T08:49:16.000+00:00","committer_name":"Lauris BH","committer_email":"lauris@nix.lv","committed_date":"2019-11-28T08:49:16.000+00:00","trailers":{},"extended_trailers":{},"web_url":"https://gitlab.com/forgejo/test_repo/-/commit/0720a3ec57c1f843568298117b874319e7deee75"},"commit_path":"/forgejo/test_repo/-/commit/0720a3ec57c1f843568298117b874319e7deee75","tag_path":"/forgejo/test_repo/-/tags/v0.9.99","assets":{"count":10,"sources":[{"format":"zip","url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.zip"},{"format":"tar.gz","url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar.gz"},{"format":"tar.bz2","url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar.bz2"},{"format":"tar","url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar"}],"links":[{"id":10694714,"name":"Forgejo logo","url":"https://gitlab.com/-/project/61363672/uploads/3756af8a4893bea08b99536df000e932/image.png","direct_asset_url":"https://gitlab.com/forgejo/test_repo/-/releases/v0.9.99/downloads/forgejo.png","link_type":"other"},{"id":10687293,"name":"zip (other)","url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.zip","direct_asset_url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.zip","link_type":"other"},{"id":10687292,"name":"Forgejo","url":"https://forgejo.org/","direct_asset_url":"https://forgejo.org/","link_type":"other"},{"id":10687291,"name":"Frogejo 🐸","url":"https://frogejo.org/","direct_asset_url":"https://frogejo.org/","link_type":"image"},{"id":10687290,"name":"tar.bz2 (runbook)","url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar.bz2","direct_asset_url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar.bz2","link_type":"runbook"},{"id":10687289,"name":"tar.gz (package)","url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar.gz","direct_asset_url":"https://gitlab.com/forgejo/test_repo/-/archive/v0.9.99/test_repo-v0.9.99.tar.gz","link_type":"package"}]},"evidences":[{"sha":"e30c1d21d05ff0c73436ee1e97b3ef12a1d6d33d0dcd","filepath":"https://gitlab.com/forgejo/test_repo/-/releases/v0.9.99/evidences/9608487.json","collected_at":"2024-09-03T15:01:02.963Z"}],"_links":{"closed_issues_url":"https://gitlab.com/forgejo/test_repo/-/issues?release_tag=v0.9.99\u0026scope=all\u0026state=closed","closed_merge_requests_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests?release_tag=v0.9.99\u0026scope=all\u0026state=closed","edit_url":"https://gitlab.com/forgejo/test_repo/-/releases/v0.9.99/edit","merged_merge_requests_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests?release_tag=v0.9.99\u0026scope=all\u0026state=merged","opened_issues_url":"https://gitlab.com/forgejo/test_repo/-/issues?release_tag=v0.9.99\u0026scope=all\u0026state=opened","opened_merge_requests_url":"https://gitlab.com/forgejo/test_repo/-/merge_requests?release_tag=v0.9.99\u0026scope=all\u0026state=opened","self":"https://gitlab.com/forgejo/test_repo/-/releases/v0.9.99"}}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2Fforgejo%252Ftest_repo b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2Fforgejo%252Ftest_repo
index b9f3b5883c..d5c617521b 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2Fforgejo%252Ftest_repo
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2Fforgejo%252Ftest_repo
@@ -1,23 +1,20 @@
-X-Runtime: 0.171155
-Etag: W/"c77cec95a47ea2b28a897b9b9eaaf641"
-Strict-Transport-Security: max-age=31536000
-Vary: Origin, Accept-Encoding
-Gitlab-Lb: haproxy-main-15-lb-gprd
-Ratelimit-Remaining: 1998
-Ratelimit-Reset: 1764067260
-X-Gitlab-Meta: {"correlation_id":"9a4087681127e0d9-ATL","version":"1"}
-Content-Type: application/json
 Cache-Control: max-age=0, private, must-revalidate
-Ratelimit-Limit: 2000
-Ratelimit-Observed: 2
-X-Content-Type-Options: nosniff
 Cf-Cache-Status: MISS
 Content-Security-Policy: default-src 'none'
-Gitlab-Sv: api-gke-us-east1-d
+Content-Type: application/json
+Etag: W/"c121b3a20c1098563adf329ff75151ef"
+Gitlab-Lb: haproxy-main-50-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
+Ratelimit-Limit: 2000
 Ratelimit-Name: throttle_authenticated_api
-X-Frame-Options: SAMEORIGIN
-Set-Cookie: __cf_bm=ewgZYYeSboiRyGpVTDdPSVDfQthTkGsdCdZ98QAfFxg-1764067237-1.0.1.1-BpQ7IOgWJuKrJMmIUiu_2cbPWhTpSIXcC7t33gKB2xDwnlymfMCkCOBlDVT.dPN4HFT1_6NaM9LC2vHEe.kYzUnW9T5U6aySrghgvKuops0; path=/; expires=Tue, 25-Nov-25 11:10:37 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=vtpk1JkIE1jJ1yKC2ZDs1gmNCGXsPbWYHO.qSKcyAYc-1764067237452-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
+Ratelimit-Observed: 2
+Ratelimit-Remaining: 1998
+Ratelimit-Reset: 1771085820
 Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Runtime: 0.160512
 
-{"id":61363672,"description":"Test repository for testing migration from gitlab to forgejo","name":"test_repo","name_with_namespace":"Forgejo / test_repo","path":"test_repo","path_with_namespace":"forgejo/test_repo","created_at":"2024-09-03T07:44:30.668Z","default_branch":"master","tag_list":["migration","test"],"topics":["migration","test"],"ssh_url_to_repo":"git@gitlab.com:forgejo/test_repo.git","http_url_to_repo":"https://gitlab.com/forgejo/test_repo.git","web_url":"https://gitlab.com/forgejo/test_repo","readme_url":"https://gitlab.com/forgejo/test_repo/-/blob/master/README.md","forks_count":0,"avatar_url":null,"star_count":0,"last_activity_at":"2025-11-25T09:03:01.001Z","visibility":"public","namespace":{"id":64459497,"name":"Forgejo","path":"forgejo","kind":"group","full_path":"forgejo","parent_id":null,"avatar_url":"/uploads/-/system/group/avatar/64459497/73144-c883a242dec5299fbc06bbe3ee71d8c6.png","web_url":"https://gitlab.com/groups/forgejo"},"forked_from_project":{"id":15578026,"description":"Test repository for testing migration from gitlab to gitea","name":"test_repo","name_with_namespace":"gitea / test_repo","path":"test_repo","path_with_namespace":"gitea/test_repo","created_at":"2019-11-28T08:20:33.019Z","default_branch":"master","tag_list":["migration","test"],"topics":["migration","test"],"ssh_url_to_repo":"git@gitlab.com:gitea/test_repo.git","http_url_to_repo":"https://gitlab.com/gitea/test_repo.git","web_url":"https://gitlab.com/gitea/test_repo","readme_url":"https://gitlab.com/gitea/test_repo/-/blob/master/README.md","forks_count":2,"avatar_url":null,"star_count":0,"last_activity_at":"2025-11-25T09:21:43.130Z","visibility":"public","namespace":{"id":3181312,"name":"gitea","path":"gitea","kind":"group","full_path":"gitea","parent_id":null,"avatar_url":"/uploads/-/system/group/avatar/3181312/gitea.png","web_url":"https://gitlab.com/groups/gitea"}},"container_registry_image_prefix":"registry.gitlab.com/forgejo/test_repo","_links":{"self":"https://gitlab.com/api/v4/projects/61363672","issues":"https://gitlab.com/api/v4/projects/61363672/issues","merge_requests":"https://gitlab.com/api/v4/projects/61363672/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/61363672/repository/branches","labels":"https://gitlab.com/api/v4/projects/61363672/labels","events":"https://gitlab.com/api/v4/projects/61363672/events","members":"https://gitlab.com/api/v4/projects/61363672/members","cluster_agents":"https://gitlab.com/api/v4/projects/61363672/cluster_agents"},"marked_for_deletion_at":null,"marked_for_deletion_on":null,"packages_enabled":true,"empty_repo":false,"archived":false,"resolve_outdated_diff_discussions":false,"container_expiration_policy":{"cadence":"1d","enabled":false,"keep_n":10,"older_than":"90d","name_regex":".*","name_regex_keep":null,"next_run_at":"2024-09-04T07:44:30.699Z"},"repository_object_format":"sha1","issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"service_desk_address":"contact-project+forgejo-test-repo-61363672-issue-@incoming.gitlab.com","can_create_merge_request_in":true,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"enabled","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","model_registry_access_level":"enabled","package_registry_access_level":"public","emails_disabled":false,"emails_enabled":true,"show_diff_preview_in_email":true,"shared_runners_enabled":true,"lfs_enabled":true,"creator_id":2005797,"mr_default_target_self":false,"import_url":null,"import_type":null,"import_status":"finished","import_error":null,"open_issues_count":1,"description_html":"\u003cp data-sourcepos=\"1:1-1:60\" dir=\"auto\"\u003eTest repository for testing migration from gitlab to forgejo\u003c/p\u003e","updated_at":"2025-11-25T09:21:03.121Z","ci_default_git_depth":50,"ci_delete_pipelines_in_seconds":null,"ci_forward_deployment_enabled":true,"ci_forward_deployment_rollback_allowed":true,"ci_job_token_scope_enabled":false,"ci_separated_caches":true,"ci_allow_fork_pipelines_to_run_in_parent_project":true,"ci_id_token_sub_claim_components":["project_path","ref_type","ref"],"build_git_strategy":"fetch","keep_latest_artifact":true,"restrict_user_defined_variables":false,"ci_pipeline_variables_minimum_override_role":"developer","runner_token_expiration_interval":null,"group_runners_enabled":true,"resource_group_default_process_mode":"unordered","auto_cancel_pending_pipelines":"enabled","build_timeout":3600,"auto_devops_enabled":false,"auto_devops_deploy_strategy":"continuous","ci_push_repository_for_job_token_allowed":false,"ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":true,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":true,"printing_merge_request_link_enabled":true,"merge_method":"merge","merge_request_title_regex":null,"merge_request_title_regex_description":null,"squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"warn_about_potentially_unwanted_characters":true,"autoclose_referenced_issues":true,"max_artifacts_size":null,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":true,"compliance_frameworks":[],"duo_remote_flows_enabled":true,"duo_foundational_flows_enabled":false,"web_based_commit_signing_enabled":false,"permissions":{"project_access":{"access_level":40,"notification_level":3},"group_access":null}}
\ No newline at end of file
+{"id":61363672,"description":"Test repository for testing migration from gitlab to forgejo","name":"test_repo","name_with_namespace":"Forgejo / test_repo","path":"test_repo","path_with_namespace":"forgejo/test_repo","created_at":"2024-09-03T07:44:30.668Z","default_branch":"master","tag_list":["migration","migration test","test"],"topics":["migration","migration test","test"],"ssh_url_to_repo":"git@gitlab.com:forgejo/test_repo.git","http_url_to_repo":"https://gitlab.com/forgejo/test_repo.git","web_url":"https://gitlab.com/forgejo/test_repo","readme_url":"https://gitlab.com/forgejo/test_repo/-/blob/master/README.md","forks_count":0,"avatar_url":null,"star_count":0,"last_activity_at":"2026-02-13T20:46:12.772Z","visibility":"public","namespace":{"id":64459497,"name":"Forgejo","path":"forgejo","kind":"group","full_path":"forgejo","parent_id":null,"avatar_url":"/uploads/-/system/group/avatar/64459497/73144-c883a242dec5299fbc06bbe3ee71d8c6.png","web_url":"https://gitlab.com/groups/forgejo"},"container_registry_image_prefix":"registry.gitlab.com/forgejo/test_repo","_links":{"self":"https://gitlab.com/api/v4/projects/61363672","issues":"https://gitlab.com/api/v4/projects/61363672/issues","merge_requests":"https://gitlab.com/api/v4/projects/61363672/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/61363672/repository/branches","labels":"https://gitlab.com/api/v4/projects/61363672/labels","events":"https://gitlab.com/api/v4/projects/61363672/events","members":"https://gitlab.com/api/v4/projects/61363672/members","cluster_agents":"https://gitlab.com/api/v4/projects/61363672/cluster_agents"},"marked_for_deletion_at":null,"marked_for_deletion_on":null,"packages_enabled":true,"empty_repo":false,"archived":true,"resolve_outdated_diff_discussions":false,"container_expiration_policy":{"cadence":"1d","enabled":false,"keep_n":10,"older_than":"90d","name_regex":".*","name_regex_keep":null,"next_run_at":"2024-09-04T07:44:30.699Z"},"repository_object_format":"sha1","issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"can_create_merge_request_in":false,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"enabled","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","model_registry_access_level":"enabled","package_registry_access_level":"public","emails_disabled":false,"emails_enabled":true,"show_diff_preview_in_email":true,"shared_runners_enabled":true,"lfs_enabled":true,"creator_id":2005797,"import_url":null,"import_type":null,"import_status":"finished","import_error":null,"open_issues_count":2,"description_html":"\u003cp data-sourcepos=\"1:1-1:60\" dir=\"auto\"\u003eTest repository for testing migration from gitlab to forgejo\u003c/p\u003e","updated_at":"2026-02-14T16:16:08.902Z","ci_default_git_depth":50,"ci_delete_pipelines_in_seconds":null,"ci_forward_deployment_enabled":true,"ci_forward_deployment_rollback_allowed":true,"ci_job_token_scope_enabled":false,"ci_separated_caches":true,"ci_allow_fork_pipelines_to_run_in_parent_project":true,"ci_id_token_sub_claim_components":["project_path","ref_type","ref"],"build_git_strategy":"fetch","keep_latest_artifact":true,"restrict_user_defined_variables":false,"ci_pipeline_variables_minimum_override_role":"developer","runner_token_expiration_interval":null,"group_runners_enabled":true,"resource_group_default_process_mode":"unordered","auto_cancel_pending_pipelines":"enabled","build_timeout":3600,"auto_devops_enabled":false,"auto_devops_deploy_strategy":"continuous","ci_push_repository_for_job_token_allowed":false,"ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":true,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":true,"printing_merge_request_link_enabled":true,"merge_method":"merge","merge_request_title_regex":null,"merge_request_title_regex_description":null,"squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"warn_about_potentially_unwanted_characters":true,"autoclose_referenced_issues":true,"max_artifacts_size":null,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":true,"compliance_frameworks":[],"duo_remote_flows_enabled":true,"duo_foundational_flows_enabled":true,"web_based_commit_signing_enabled":false,"permissions":{"project_access":null,"group_access":{"access_level":50,"notification_level":3}}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2Fgitea%252Ftest_repo b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2Fgitea%252Ftest_repo
deleted file mode 100644
index 96f1ea86b5..0000000000
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fprojects%2Fgitea%252Ftest_repo
+++ /dev/null
@@ -1,17 +0,0 @@
-Referrer-Policy: strict-origin-when-cross-origin
-Gitlab-Lb: haproxy-main-51-lb-gprd
-Cf-Cache-Status: MISS
-Etag: W/"8db4917b3be5f4ca0d101a702179b75a"
-X-Content-Type-Options: nosniff
-Strict-Transport-Security: max-age=31536000
-Gitlab-Sv: api-gke-us-east1-b
-Content-Type: application/json
-Cache-Control: max-age=0, private, must-revalidate
-X-Gitlab-Meta: {"correlation_id":"9b3859cf6d73ce5de261a56d286072a5","version":"1"}
-X-Runtime: 0.119487
-Content-Security-Policy: default-src 'none'
-Vary: Origin, Accept-Encoding
-Set-Cookie: _cfuvid=Cmc.ycVkdwA_tBvmR2tOVLQ5B.khzzU39ZUxgf4RNlw-1710504204838-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-X-Frame-Options: SAMEORIGIN
-
-{"id":15578026,"description":"Test repository for testing migration from gitlab to gitea","name":"test_repo","name_with_namespace":"gitea / test_repo","path":"test_repo","path_with_namespace":"gitea/test_repo","created_at":"2019-11-28T08:20:33.019Z","default_branch":"master","tag_list":["migration","test"],"topics":["migration","test"],"ssh_url_to_repo":"git@gitlab.com:gitea/test_repo.git","http_url_to_repo":"https://gitlab.com/gitea/test_repo.git","web_url":"https://gitlab.com/gitea/test_repo","readme_url":"https://gitlab.com/gitea/test_repo/-/blob/master/README.md","forks_count":1,"avatar_url":null,"star_count":0,"last_activity_at":"2020-04-19T19:46:04.527Z","namespace":{"id":3181312,"name":"gitea","path":"gitea","kind":"group","full_path":"gitea","parent_id":null,"avatar_url":"/uploads/-/system/group/avatar/3181312/gitea.png","web_url":"https://gitlab.com/groups/gitea"},"container_registry_image_prefix":"registry.gitlab.com/gitea/test_repo","_links":{"self":"https://gitlab.com/api/v4/projects/15578026","issues":"https://gitlab.com/api/v4/projects/15578026/issues","merge_requests":"https://gitlab.com/api/v4/projects/15578026/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/15578026/repository/branches","labels":"https://gitlab.com/api/v4/projects/15578026/labels","events":"https://gitlab.com/api/v4/projects/15578026/events","members":"https://gitlab.com/api/v4/projects/15578026/members","cluster_agents":"https://gitlab.com/api/v4/projects/15578026/cluster_agents"},"packages_enabled":true,"empty_repo":false,"archived":false,"visibility":"public","resolve_outdated_diff_discussions":false,"repository_object_format":"sha1","issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"can_create_merge_request_in":true,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"enabled","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","model_registry_access_level":"enabled","emails_disabled":false,"emails_enabled":true,"shared_runners_enabled":true,"lfs_enabled":true,"creator_id":1241334,"import_status":"none","open_issues_count":0,"description_html":"\u003cp data-sourcepos=\"1:1-1:58\" dir=\"auto\"\u003eTest repository for testing migration from gitlab to gitea\u003c/p\u003e","updated_at":"2024-01-11T01:23:21.057Z","ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":true,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":true,"printing_merge_request_link_enabled":true,"merge_method":"ff","squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"warn_about_potentially_unwanted_characters":true,"autoclose_referenced_issues":true,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":false,"compliance_frameworks":[],"permissions":{"project_access":null,"group_access":null}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fversion b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fversion
index 312161fafc..4a73d0774c 100644
--- a/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fversion
+++ b/services/migrations/testdata/gitlab/full_download/GET_%2Fapi%2Fv4%2Fversion
@@ -1,23 +1,20 @@
-Gitlab-Sv: api-gke-us-east1-c
-Ratelimit-Name: throttle_authenticated_api
-X-Content-Type-Options: nosniff
 Cache-Control: max-age=0, private, must-revalidate
-Etag: W/"07cf63ed6ca527a8440305b235c1dbe6"
-Vary: Origin, Accept-Encoding
-Gitlab-Lb: haproxy-main-02-lb-gprd
-X-Gitlab-Meta: {"correlation_id":"9a40876657b0e0d9-ATL","version":"1"}
-Set-Cookie: __cf_bm=6UrvvT.eVACA2RNxuo3JgYQGOf87viAkfYl9Zk_E3A4-1764067237-1.0.1.1-Eq.xOoKXTaA91xlfvuNCFFzkpGifBiA41K8r8QGdw0f_sTr66SIHXtulqNIs7.A6aF8RcfB6owiKiV_rect7ubdVVRrKTWwxfHtaWvykTrI; path=/; expires=Tue, 25-Nov-25 11:10:37 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Set-Cookie: _cfuvid=NMsff2_I6aWniAT9LeJhCwEeMAfr8Wkjg5mYqJ06haU-1764067237046-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
 Cf-Cache-Status: MISS
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Limit: 2000
-Ratelimit-Remaining: 1999
-Referrer-Policy: strict-origin-when-cross-origin
 Content-Security-Policy: default-src 'none'
-Ratelimit-Observed: 1
-Ratelimit-Reset: 1764067260
-X-Frame-Options: SAMEORIGIN
-X-Runtime: 0.051513
 Content-Type: application/json
+Etag: W/"eb8caeed3eb2f6feb10c7f2b9610d346"
+Gitlab-Lb: haproxy-main-24-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 1
+Ratelimit-Remaining: 1999
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Runtime: 0.054657
 
-{"version":"18.7.0-pre","revision":"6f8cf4c6c2b","kas":{"enabled":true,"externalUrl":"wss://kas.gitlab.com","externalK8sProxyUrl":"https://kas.gitlab.com/k8s-proxy","version":"18.7.0-rc1+5ca8be73a8685a5a9ab2baeb0d3ab7c455f9f819"},"enterprise":true}
\ No newline at end of file
+{"version":"18.9.0-pre","revision":"dde8b248bb9","kas":{"enabled":true,"externalUrl":"wss://kas.gitlab.com","externalK8sProxyUrl":"https://kas.gitlab.com/k8s-proxy","version":"18.9.0-rc1+f6b096ad1f478a35a7335ec9b905c1230fd27b4e"},"enterprise":true}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996 b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996
deleted file mode 100644
index db8d596173..0000000000
--- a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996
+++ /dev/null
@@ -1,22 +0,0 @@
-X-Runtime: 0.088022
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Observed: 3
-Cache-Control: max-age=0, private, must-revalidate
-Etag: W/"03ce4f6ce1c1e8c5a31df8a44cf2fbdd"
-Gitlab-Lb: haproxy-main-11-lb-gprd
-Content-Security-Policy: default-src 'none'
-Ratelimit-Limit: 2000
-X-Gitlab-Meta: {"correlation_id":"b57b226f741f9140a1fea54f65cb5cfd","version":"1"}
-Referrer-Policy: strict-origin-when-cross-origin
-Ratelimit-Remaining: 1997
-Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:53 GMT
-Set-Cookie: _cfuvid=V0ToiOTUW0XbtWq7BirwVNfL1_YP1POMrLBnDSEWS0M-1701332633965-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-X-Content-Type-Options: nosniff
-X-Frame-Options: SAMEORIGIN
-Gitlab-Sv: localhost
-Content-Type: application/json
-Vary: Origin, Accept-Encoding
-Ratelimit-Reset: 1701332693
-Cf-Cache-Status: MISS
-
-{"id":6590996,"description":"Arch packaging and build files","name":"archbuild","name_with_namespace":"Troy Engel / archbuild","path":"archbuild","path_with_namespace":"troyengel/archbuild","created_at":"2018-06-03T22:53:17.388Z","default_branch":"master","tag_list":[],"topics":[],"ssh_url_to_repo":"git@gitlab.com:troyengel/archbuild.git","http_url_to_repo":"https://gitlab.com/troyengel/archbuild.git","web_url":"https://gitlab.com/troyengel/archbuild","readme_url":"https://gitlab.com/troyengel/archbuild/-/blob/master/README.md","forks_count":0,"avatar_url":null,"star_count":0,"last_activity_at":"2020-12-13T18:09:32.071Z","namespace":{"id":1452515,"name":"Troy Engel","path":"troyengel","kind":"user","full_path":"troyengel","parent_id":null,"avatar_url":"https://secure.gravatar.com/avatar/b226c267929f1bcfcc446e75a025591c?s=80\u0026d=identicon","web_url":"https://gitlab.com/troyengel"},"container_registry_image_prefix":"registry.gitlab.com/troyengel/archbuild","_links":{"self":"https://gitlab.com/api/v4/projects/6590996","issues":"https://gitlab.com/api/v4/projects/6590996/issues","merge_requests":"https://gitlab.com/api/v4/projects/6590996/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/6590996/repository/branches","labels":"https://gitlab.com/api/v4/projects/6590996/labels","events":"https://gitlab.com/api/v4/projects/6590996/events","members":"https://gitlab.com/api/v4/projects/6590996/members","cluster_agents":"https://gitlab.com/api/v4/projects/6590996/cluster_agents"},"packages_enabled":null,"empty_repo":false,"archived":true,"visibility":"public","owner":{"id":1215848,"username":"troyengel","name":"Troy Engel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/b226c267929f1bcfcc446e75a025591c?s=80\u0026d=identicon","web_url":"https://gitlab.com/troyengel"},"resolve_outdated_diff_discussions":false,"issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"can_create_merge_request_in":false,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"enabled","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","emails_disabled":false,"emails_enabled":true,"shared_runners_enabled":true,"lfs_enabled":false,"creator_id":1215848,"import_status":"finished","open_issues_count":0,"description_html":"\u003cp data-sourcepos=\"1:1-1:30\" dir=\"auto\"\u003eArch packaging and build files\u003c/p\u003e","updated_at":"2022-07-13T21:32:12.624Z","ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":false,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":null,"printing_merge_request_link_enabled":true,"merge_method":"merge","squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"autoclose_referenced_issues":true,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":false,"compliance_frameworks":[],"permissions":{"project_access":null,"group_access":null}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=10 b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=10
deleted file mode 100644
index 8f829d08f0..0000000000
--- a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=10
+++ /dev/null
@@ -1,31 +0,0 @@
-Gitlab-Sv: localhost
-X-Content-Type-Options: nosniff
-Gitlab-Lb: haproxy-main-25-lb-gprd
-X-Total-Pages: 1
-Referrer-Policy: strict-origin-when-cross-origin
-Ratelimit-Observed: 5
-Ratelimit-Remaining: 1995
-Content-Security-Policy: default-src 'none'
-X-Gitlab-Meta: {"correlation_id":"eeab46d836341bd4cb18e3d2e82abf97","version":"1"}
-Ratelimit-Limit: 2000
-Accept-Ranges: bytes
-Content-Type: application/json
-X-Page: 1
-X-Frame-Options: SAMEORIGIN
-X-Prev-Page: 
-Cf-Cache-Status: MISS
-X-Total: 0
-Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:54 GMT
-Link: <https://gitlab.com/api/v4/projects/6590996/issues/2/award_emoji?id=6590996&issue_iid=2&page=1&per_page=10>; rel="first", <https://gitlab.com/api/v4/projects/6590996/issues/2/award_emoji?id=6590996&issue_iid=2&page=1&per_page=10>; rel="last"
-X-Per-Page: 10
-Set-Cookie: _cfuvid=c5HuTPxOuSXdHSuVrXQALS.uV7WvAYfc5Mc_143EAB8-1701332634513-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Length: 2
-Vary: Origin, Accept-Encoding
-Cache-Control: max-age=0, private, must-revalidate
-Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
-X-Runtime: 0.069269
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Reset: 1701332694
-X-Next-Page: 
-
-[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fissues%3Fpage=1&per_page=10&sort=asc&state=all b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fissues%3Fpage=1&per_page=10&sort=asc&state=all
deleted file mode 100644
index 99133d5f8d..0000000000
--- a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fissues%3Fpage=1&per_page=10&sort=asc&state=all
+++ /dev/null
@@ -1,29 +0,0 @@
-Link: <https://gitlab.com/api/v4/projects/6590996/issues?id=6590996&order_by=created_at&page=1&per_page=10&sort=asc&state=all&with_labels_details=false>; rel="first", <https://gitlab.com/api/v4/projects/6590996/issues?id=6590996&order_by=created_at&page=1&per_page=10&sort=asc&state=all&with_labels_details=false>; rel="last"
-Ratelimit-Observed: 4
-Ratelimit-Remaining: 1996
-Gitlab-Lb: haproxy-main-04-lb-gprd
-Vary: Origin, Accept-Encoding
-Content-Security-Policy: default-src 'none'
-X-Next-Page: 
-Ratelimit-Reset: 1701332694
-Etag: W/"f50a70d0fc1465a289d231f80806ced7"
-X-Gitlab-Meta: {"correlation_id":"47afd74254dd7946d2b2bded87448c60","version":"1"}
-X-Page: 1
-X-Prev-Page: 
-Referrer-Policy: strict-origin-when-cross-origin
-Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:54 GMT
-Cf-Cache-Status: MISS
-X-Total: 1
-X-Total-Pages: 1
-Strict-Transport-Security: max-age=31536000
-Content-Type: application/json
-X-Frame-Options: SAMEORIGIN
-Ratelimit-Limit: 2000
-Gitlab-Sv: localhost
-Set-Cookie: _cfuvid=YDWTZ5VoSuLBDZgKsBnXMyYxz.0rHJ9TBYXv5zBj24Q-1701332634294-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Cache-Control: max-age=0, private, must-revalidate
-X-Content-Type-Options: nosniff
-X-Per-Page: 10
-X-Runtime: 0.179458
-
-[{"id":11201348,"iid":2,"project_id":6590996,"title":"vpn unlimited errors","description":"updated version to 2.8.0, build and tried running `vpnu-arch`:\n\n```\nvpn-unlimited: /usr/lib/libcurl.so.3: no version information available (required by /usr/lib/libvpnu_rpc.so.1)\nvpn-unlimited: /usr/lib/libssl.so.1.0.0: no version information available (required by /usr/lib/libvpnu_enc.so.1)\nvpn-unlimited: symbol lookup error: /usr/lib/libvpnu_rpc.so.1: undefined symbol: _ZNK4Json5Value8asStringEv\n```\n","state":"closed","created_at":"2016-03-26T16:41:12.000Z","updated_at":"2016-03-27T12:19:27.000Z","closed_at":null,"closed_by":null,"labels":[],"milestone":null,"assignees":[],"author":{"id":10273,"username":"brauliobo","name":"Bráulio Bhavamitra","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/cd3fcb7a417c8acb989fc320b604a2a8?s=80\u0026d=identicon","web_url":"https://gitlab.com/brauliobo"},"type":"ISSUE","assignee":null,"user_notes_count":1,"merge_requests_count":0,"upvotes":0,"downvotes":0,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/troyengel/archbuild/-/issues/2","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"0 of 0 checklist items completed","_links":{"self":"https://gitlab.com/api/v4/projects/6590996/issues/2","notes":"https://gitlab.com/api/v4/projects/6590996/issues/2/notes","award_emoji":"https://gitlab.com/api/v4/projects/6590996/issues/2/award_emoji","project":"https://gitlab.com/api/v4/projects/6590996","closed_as_duplicate_of":null},"references":{"short":"#2","relative":"#2","full":"troyengel/archbuild#2"},"severity":"UNKNOWN","moved_to_id":null,"service_desk_reply_to":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%2F1 b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%2F1
deleted file mode 100644
index 18e8a8583f..0000000000
--- a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%2F1
+++ /dev/null
@@ -1,22 +0,0 @@
-Ratelimit-Observed: 7
-Set-Cookie: _cfuvid=_b9GQEo3CBPMs9QmGE89dBdOmbSTfnYjZlzValULQPs-1701332635000-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Strict-Transport-Security: max-age=31536000
-Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:54 GMT
-Gitlab-Lb: haproxy-main-50-lb-gprd
-Gitlab-Sv: localhost
-X-Gitlab-Meta: {"correlation_id":"da44cd0303a4e62cc52ed8de3b2adf14","version":"1"}
-Referrer-Policy: strict-origin-when-cross-origin
-Ratelimit-Remaining: 1993
-Etag: W/"f6299e7e884cb8df8109256c086eb4e7"
-X-Runtime: 0.107573
-Content-Type: application/json
-Ratelimit-Reset: 1701332694
-X-Frame-Options: SAMEORIGIN
-Cache-Control: max-age=0, private, must-revalidate
-X-Content-Type-Options: nosniff
-Ratelimit-Limit: 2000
-Cf-Cache-Status: MISS
-Content-Security-Policy: default-src 'none'
-Vary: Origin, Accept-Encoding
-
-{"id":10518914,"iid":1,"project_id":6590996,"title":"Review","description":"*Created by: cgtx*\n\n### remove patch from makedepends\n- patch is in base-devel\n- The group base-devel is assumed to be already installed when building with makepkg. Members of \"base-devel\" should not be included in makedepends arrays.\n- https://wiki.archlinux.org/index.php/Pkgbuild#makedepends\n### remove python2 from makedepends\n- python2 is a dependency of python2-setuptools.  It is redundant to list it again.\n- You do not need to list packages that your software depends on if other packages your software depends on already have those packages listed in their dependency.\n- https://wiki.archlinux.org/index.php/Pkgbuild#depends\n### more simple find/delete command\n- just because\n","state":"merged","created_at":"2014-12-12T15:01:32.000Z","updated_at":"2014-12-12T15:28:38.000Z","merged_by":null,"merge_user":null,"merged_at":null,"closed_by":null,"closed_at":null,"target_branch":"master","source_branch":"cgtx:review","user_notes_count":1,"upvotes":0,"downvotes":0,"author":{"id":1215848,"username":"troyengel","name":"Troy Engel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/b226c267929f1bcfcc446e75a025591c?s=80\u0026d=identicon","web_url":"https://gitlab.com/troyengel"},"assignees":[],"assignee":null,"reviewers":[],"source_project_id":6590996,"target_project_id":6590996,"labels":[],"draft":false,"work_in_progress":false,"milestone":null,"merge_when_pipeline_succeeds":false,"merge_status":"cannot_be_merged","detailed_merge_status":"not_open","sha":"9006fee398299beed8f5d5086f8e6008ffc02280","merge_commit_sha":null,"squash_commit_sha":null,"discussion_locked":null,"should_remove_source_branch":null,"force_remove_source_branch":null,"prepared_at":"2014-12-12T15:01:32.000Z","reference":"!1","references":{"short":"!1","relative":"!1","full":"troyengel/archbuild!1"},"web_url":"https://gitlab.com/troyengel/archbuild/-/merge_requests/1","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"squash":false,"squash_on_merge":false,"task_completion_status":{"count":0,"completed_count":0},"has_conflicts":true,"blocking_discussions_resolved":true,"approvals_before_merge":null,"subscribed":false,"changes_count":"1","latest_build_started_at":null,"latest_build_finished_at":null,"first_deployed_to_production_at":null,"pipeline":null,"head_pipeline":null,"diff_refs":{"base_sha":"6edcf8fc09f6c44213c892f5108d34a5255a47e1","head_sha":"9006fee398299beed8f5d5086f8e6008ffc02280","start_sha":"6edcf8fc09f6c44213c892f5108d34a5255a47e1"},"merge_error":null,"first_contribution":false,"user":{"can_merge":false}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=10 b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=10
deleted file mode 100644
index d6f8dd4941..0000000000
--- a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=10
+++ /dev/null
@@ -1,31 +0,0 @@
-Link: <https://gitlab.com/api/v4/projects/6590996/merge_requests/1/award_emoji?id=6590996&merge_request_iid=1&page=1&per_page=10>; rel="first", <https://gitlab.com/api/v4/projects/6590996/merge_requests/1/award_emoji?id=6590996&merge_request_iid=1&page=1&per_page=10>; rel="last"
-Set-Cookie: _cfuvid=qK29tijoyp0AdVoHf9Lqjc8Y28h4jplJDW9hOFLfq28-1701332635229-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Cache-Control: max-age=0, private, must-revalidate
-Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
-Ratelimit-Observed: 8
-Gitlab-Sv: localhost
-Content-Length: 2
-Gitlab-Lb: haproxy-main-16-lb-gprd
-X-Total: 0
-Ratelimit-Remaining: 1992
-Ratelimit-Reset: 1701332695
-Ratelimit-Limit: 2000
-Vary: Origin, Accept-Encoding
-X-Frame-Options: SAMEORIGIN
-Content-Type: application/json
-X-Content-Type-Options: nosniff
-X-Next-Page: 
-X-Page: 1
-Strict-Transport-Security: max-age=31536000
-Accept-Ranges: bytes
-Content-Security-Policy: default-src 'none'
-X-Per-Page: 10
-X-Total-Pages: 1
-Referrer-Policy: strict-origin-when-cross-origin
-Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:55 GMT
-Cf-Cache-Status: MISS
-X-Gitlab-Meta: {"correlation_id":"eb59d63fed23cdbec69308570cc49c3e","version":"1"}
-X-Runtime: 0.065972
-X-Prev-Page: 
-
-[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%3Fpage=1&per_page=10&view=simple b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%3Fpage=1&per_page=10&view=simple
deleted file mode 100644
index 5339392008..0000000000
--- a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F6590996%2Fmerge_requests%3Fpage=1&per_page=10&view=simple
+++ /dev/null
@@ -1,29 +0,0 @@
-Vary: Origin, Accept-Encoding
-Strict-Transport-Security: max-age=31536000
-Gitlab-Sv: localhost
-X-Content-Type-Options: nosniff
-X-Prev-Page: 
-Ratelimit-Reset: 1701332694
-Cache-Control: max-age=0, private, must-revalidate
-Ratelimit-Limit: 2000
-Referrer-Policy: strict-origin-when-cross-origin
-Ratelimit-Observed: 6
-Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:54 GMT
-Cf-Cache-Status: MISS
-Content-Type: application/json
-Content-Security-Policy: default-src 'none'
-Etag: W/"1a50811aa3cccb2e6a404a976422a83a"
-X-Total: 1
-Ratelimit-Remaining: 1994
-Set-Cookie: _cfuvid=u.zumTkG1ayCnh_OwrT9Q1Fl3MXV9Gh98W.ma4WN2Xs-1701332634745-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Link: <https://gitlab.com/api/v4/projects/6590996/merge_requests?id=6590996&order_by=created_at&page=1&per_page=10&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="first", <https://gitlab.com/api/v4/projects/6590996/merge_requests?id=6590996&order_by=created_at&page=1&per_page=10&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="last"
-X-Frame-Options: SAMEORIGIN
-X-Page: 1
-X-Total-Pages: 1
-Gitlab-Lb: haproxy-main-05-lb-gprd
-X-Gitlab-Meta: {"correlation_id":"907f9e1f94131ea7a6d1405100a8cc4b","version":"1"}
-X-Next-Page: 
-X-Per-Page: 10
-X-Runtime: 0.078413
-
-[{"id":10518914,"iid":1,"project_id":6590996,"title":"Review","description":"*Created by: cgtx*\n\n### remove patch from makedepends\n- patch is in base-devel\n- The group base-devel is assumed to be already installed when building with makepkg. Members of \"base-devel\" should not be included in makedepends arrays.\n- https://wiki.archlinux.org/index.php/Pkgbuild#makedepends\n### remove python2 from makedepends\n- python2 is a dependency of python2-setuptools.  It is redundant to list it again.\n- You do not need to list packages that your software depends on if other packages your software depends on already have those packages listed in their dependency.\n- https://wiki.archlinux.org/index.php/Pkgbuild#depends\n### more simple find/delete command\n- just because\n","state":"merged","created_at":"2014-12-12T15:01:32.000Z","updated_at":"2014-12-12T15:28:38.000Z","web_url":"https://gitlab.com/troyengel/archbuild/-/merge_requests/1"}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606 b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606
new file mode 100644
index 0000000000..4b202ccaf4
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606
@@ -0,0 +1,20 @@
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"b6cd860c9645dff485548e1592139cb2"
+Gitlab-Lb: haproxy-main-38-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 31
+Ratelimit-Remaining: 1969
+Ratelimit-Reset: 1771085280
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Runtime: 0.338588
+
+{"id":79476606,"description":null,"name":"test_repo-skipped-numbers","name_with_namespace":"Forgejo / test_repo-skipped-numbers","path":"test_repo-skipped-numbers","path_with_namespace":"forgejo/test_repo-skipped-numbers","created_at":"2026-02-13T20:29:32.674Z","default_branch":"main","tag_list":[],"topics":[],"ssh_url_to_repo":"git@gitlab.com:forgejo/test_repo-skipped-numbers.git","http_url_to_repo":"https://gitlab.com/forgejo/test_repo-skipped-numbers.git","web_url":"https://gitlab.com/forgejo/test_repo-skipped-numbers","readme_url":"https://gitlab.com/forgejo/test_repo-skipped-numbers/-/blob/main/README.md","forks_count":0,"avatar_url":null,"star_count":0,"last_activity_at":"2026-02-13T20:29:32.598Z","visibility":"public","namespace":{"id":64459497,"name":"Forgejo","path":"forgejo","kind":"group","full_path":"forgejo","parent_id":null,"avatar_url":"/uploads/-/system/group/avatar/64459497/73144-c883a242dec5299fbc06bbe3ee71d8c6.png","web_url":"https://gitlab.com/groups/forgejo"},"container_registry_image_prefix":"registry.gitlab.com/forgejo/test_repo-skipped-numbers","_links":{"self":"https://gitlab.com/api/v4/projects/79476606","issues":"https://gitlab.com/api/v4/projects/79476606/issues","merge_requests":"https://gitlab.com/api/v4/projects/79476606/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/79476606/repository/branches","labels":"https://gitlab.com/api/v4/projects/79476606/labels","events":"https://gitlab.com/api/v4/projects/79476606/events","members":"https://gitlab.com/api/v4/projects/79476606/members","cluster_agents":"https://gitlab.com/api/v4/projects/79476606/cluster_agents"},"marked_for_deletion_at":null,"marked_for_deletion_on":null,"packages_enabled":true,"empty_repo":false,"archived":true,"resolve_outdated_diff_discussions":false,"container_expiration_policy":{"cadence":"1d","enabled":false,"keep_n":10,"older_than":"90d","name_regex":".*","name_regex_keep":null,"next_run_at":"2026-02-14T20:29:32.690Z"},"repository_object_format":"sha1","issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"can_create_merge_request_in":false,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"private","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","model_registry_access_level":"enabled","package_registry_access_level":"enabled","emails_disabled":false,"emails_enabled":true,"show_diff_preview_in_email":true,"shared_runners_enabled":true,"lfs_enabled":true,"creator_id":2005797,"import_url":null,"import_type":null,"import_status":"none","import_error":null,"open_issues_count":1,"description_html":"","updated_at":"2026-02-14T16:06:34.919Z","ci_default_git_depth":20,"ci_delete_pipelines_in_seconds":null,"ci_forward_deployment_enabled":true,"ci_forward_deployment_rollback_allowed":true,"ci_job_token_scope_enabled":false,"ci_separated_caches":true,"ci_allow_fork_pipelines_to_run_in_parent_project":true,"ci_id_token_sub_claim_components":["project_path","ref_type","ref"],"build_git_strategy":"fetch","keep_latest_artifact":true,"restrict_user_defined_variables":false,"ci_pipeline_variables_minimum_override_role":"developer","runner_token_expiration_interval":null,"group_runners_enabled":true,"resource_group_default_process_mode":"unordered","auto_cancel_pending_pipelines":"enabled","build_timeout":3600,"auto_devops_enabled":false,"auto_devops_deploy_strategy":"continuous","ci_push_repository_for_job_token_allowed":false,"ci_config_path":"","public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":true,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":true,"printing_merge_request_link_enabled":true,"merge_method":"merge","merge_request_title_regex":null,"merge_request_title_regex_description":null,"squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"warn_about_potentially_unwanted_characters":true,"autoclose_referenced_issues":true,"max_artifacts_size":null,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":true,"compliance_frameworks":[],"duo_remote_flows_enabled":true,"duo_foundational_flows_enabled":true,"web_based_commit_signing_enabled":false,"permissions":{"project_access":null,"group_access":{"access_level":50,"notification_level":3}}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=10 b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=10
new file mode 100644
index 0000000000..11a3a988d2
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fissues%2F2%2Faward_emoji%3Fpage=1&per_page=10
@@ -0,0 +1,29 @@
+Accept-Ranges: bytes
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Length: 2
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Gitlab-Lb: haproxy-main-30-lb-gprd
+Gitlab-Sv: api-gke-us-east1-d
+Link: <https://gitlab.com/api/v4/projects/79476606/issues/2/award_emoji?id=79476606&issue_iid=2&page=1&per_page=10>; rel="first", <https://gitlab.com/api/v4/projects/79476606/issues/2/award_emoji?id=79476606&issue_iid=2&page=1&per_page=10>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 33
+Ratelimit-Remaining: 1967
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
+X-Per-Page: 10
+X-Prev-Page: 
+X-Runtime: 0.066401
+X-Total: 0
+X-Total-Pages: 1
+
+[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fissues%3Forder_by=created_at&page=1&per_page=10&sort=desc&state=all b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fissues%3Forder_by=created_at&page=1&per_page=10&sort=desc&state=all
new file mode 100644
index 0000000000..d877929b18
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fissues%3Forder_by=created_at&page=1&per_page=10&sort=desc&state=all
@@ -0,0 +1,27 @@
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"cfd6114327ec8067d5d20d5d17c3ba48"
+Gitlab-Lb: haproxy-main-40-lb-gprd
+Gitlab-Sv: api-gke-us-east1-b
+Link: <https://gitlab.com/api/v4/projects/79476606/issues?id=79476606&order_by=created_at&page=1&per_page=10&sort=desc&state=all&with_labels_details=false>; rel="first", <https://gitlab.com/api/v4/projects/79476606/issues?id=79476606&order_by=created_at&page=1&per_page=10&sort=desc&state=all&with_labels_details=false>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 32
+Ratelimit-Remaining: 1968
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
+X-Per-Page: 10
+X-Prev-Page: 
+X-Runtime: 0.241899
+X-Total: 1
+X-Total-Pages: 1
+
+[{"id":184077979,"iid":2,"project_id":79476606,"title":"2nd issue","description":"","state":"opened","created_at":"2026-02-13T20:30:05.549Z","updated_at":"2026-02-13T20:30:05.549Z","closed_at":null,"closed_by":null,"labels":[],"milestone":null,"assignees":[],"author":{"id":2005797,"username":"oliverpool","public_email":"","name":"oliverpool","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/2005797/avatar.png","web_url":"https://gitlab.com/oliverpool"},"type":"ISSUE","assignee":null,"user_notes_count":0,"merge_requests_count":0,"upvotes":0,"downvotes":0,"start_date":null,"due_date":null,"confidential":false,"discussion_locked":null,"issue_type":"issue","web_url":"https://gitlab.com/forgejo/test_repo-skipped-numbers/-/issues/2","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"task_completion_status":{"count":0,"completed_count":0},"blocking_issues_count":0,"has_tasks":true,"task_status":"","_links":{"self":"https://gitlab.com/api/v4/projects/79476606/issues/2","notes":"https://gitlab.com/api/v4/projects/79476606/issues/2/notes","award_emoji":"https://gitlab.com/api/v4/projects/79476606/issues/2/award_emoji","project":"https://gitlab.com/api/v4/projects/79476606","closed_as_duplicate_of":null},"references":{"short":"#2","relative":"#2","full":"forgejo/test_repo-skipped-numbers#2"},"severity":"UNKNOWN","moved_to_id":null,"imported":false,"imported_from":"none","service_desk_reply_to":null}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%2F1 b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%2F1
new file mode 100644
index 0000000000..7e3cd6054b
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%2F1
@@ -0,0 +1,20 @@
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"fd4f08163e3a4f801ca3af1abd07f500"
+Gitlab-Lb: haproxy-main-35-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 35
+Ratelimit-Remaining: 1965
+Ratelimit-Reset: 1771085280
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Runtime: 0.404174
+
+{"id":455684411,"iid":1,"project_id":79476606,"title":"cleanup README.md","description":"","state":"opened","created_at":"2026-02-13T20:31:06.580Z","updated_at":"2026-02-13T20:31:10.927Z","merged_by":null,"merge_user":null,"merged_at":null,"closed_by":null,"closed_at":null,"target_branch":"main","source_branch":"mr-1","user_notes_count":0,"upvotes":0,"downvotes":0,"author":{"id":2005797,"username":"oliverpool","public_email":"","name":"oliverpool","state":"active","locked":false,"avatar_url":"https://gitlab.com/uploads/-/system/user/avatar/2005797/avatar.png","web_url":"https://gitlab.com/oliverpool"},"assignees":[],"assignee":null,"reviewers":[],"source_project_id":79476606,"target_project_id":79476606,"labels":[],"draft":false,"imported":false,"imported_from":"none","work_in_progress":false,"milestone":null,"merge_when_pipeline_succeeds":false,"merge_status":"can_be_merged","detailed_merge_status":"mergeable","merge_after":null,"sha":"df1f488cbe903607e5cd80220f8e12db90598490","merge_commit_sha":null,"squash_commit_sha":null,"discussion_locked":null,"should_remove_source_branch":null,"force_remove_source_branch":true,"prepared_at":"2026-02-13T20:31:10.921Z","reference":"!1","references":{"short":"!1","relative":"!1","full":"forgejo/test_repo-skipped-numbers!1"},"web_url":"https://gitlab.com/forgejo/test_repo-skipped-numbers/-/merge_requests/1","time_stats":{"time_estimate":0,"total_time_spent":0,"human_time_estimate":null,"human_total_time_spent":null},"squash":false,"squash_on_merge":false,"task_completion_status":{"count":0,"completed_count":0},"has_conflicts":false,"blocking_discussions_resolved":true,"approvals_before_merge":null,"subscribed":true,"changes_count":"1","latest_build_started_at":null,"latest_build_finished_at":null,"first_deployed_to_production_at":null,"pipeline":null,"head_pipeline":null,"diff_refs":{"base_sha":"80db4c60fb87dddbcf7158c5a5bbbbd2e8d182cb","head_sha":"df1f488cbe903607e5cd80220f8e12db90598490","start_sha":"80db4c60fb87dddbcf7158c5a5bbbbd2e8d182cb"},"merge_error":null,"first_contribution":true,"user":{"can_merge":false}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=10 b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=10
new file mode 100644
index 0000000000..8710ee04ff
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%2F1%2Faward_emoji%3Fpage=1&per_page=10
@@ -0,0 +1,29 @@
+Accept-Ranges: bytes
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Length: 2
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"4f53cda18c2baa0c0354bb5f9a3ecbe5"
+Gitlab-Lb: haproxy-main-53-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
+Link: <https://gitlab.com/api/v4/projects/79476606/merge_requests/1/award_emoji?id=79476606&merge_request_iid=1&page=1&per_page=10>; rel="first", <https://gitlab.com/api/v4/projects/79476606/merge_requests/1/award_emoji?id=79476606&merge_request_iid=1&page=1&per_page=10>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 36
+Ratelimit-Remaining: 1964
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
+X-Per-Page: 10
+X-Prev-Page: 
+X-Runtime: 0.063873
+X-Total: 0
+X-Total-Pages: 1
+
+[]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%3Fpage=1&per_page=10&view=simple b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%3Fpage=1&per_page=10&view=simple
new file mode 100644
index 0000000000..b39e3a3526
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2F79476606%2Fmerge_requests%3Fpage=1&per_page=10&view=simple
@@ -0,0 +1,27 @@
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"c5f9d81ed33b3c752a17ced50fddb103"
+Gitlab-Lb: haproxy-main-17-lb-gprd
+Gitlab-Sv: api-gke-us-east1-c
+Link: <https://gitlab.com/api/v4/projects/79476606/merge_requests?id=79476606&order_by=created_at&page=1&per_page=10&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="first", <https://gitlab.com/api/v4/projects/79476606/merge_requests?id=79476606&order_by=created_at&page=1&per_page=10&sort=desc&state=all&view=simple&with_labels_details=false&with_merge_status_recheck=false>; rel="last"
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 34
+Ratelimit-Remaining: 1966
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Next-Page: 
+X-Page: 1
+X-Per-Page: 10
+X-Prev-Page: 
+X-Runtime: 0.084126
+X-Total: 1
+X-Total-Pages: 1
+
+[{"id":455684411,"iid":1,"project_id":79476606,"title":"cleanup README.md","description":"","state":"opened","created_at":"2026-02-13T20:31:06.580Z","updated_at":"2026-02-13T20:31:10.927Z","web_url":"https://gitlab.com/forgejo/test_repo-skipped-numbers/-/merge_requests/1"}]
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2Fforgejo%252Ftest_repo-skipped-numbers b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2Fforgejo%252Ftest_repo-skipped-numbers
new file mode 100644
index 0000000000..5835b34b49
--- /dev/null
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2Fforgejo%252Ftest_repo-skipped-numbers
@@ -0,0 +1,20 @@
+Cache-Control: max-age=0, private, must-revalidate
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
+Content-Type: application/json
+Etag: W/"b6cd860c9645dff485548e1592139cb2"
+Gitlab-Lb: haproxy-main-16-lb-gprd
+Gitlab-Sv: api-gke-us-east1-b
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 30
+Ratelimit-Remaining: 1970
+Ratelimit-Reset: 1771085280
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Runtime: 0.218526
+
+{"id":79476606,"description":null,"name":"test_repo-skipped-numbers","name_with_namespace":"Forgejo / test_repo-skipped-numbers","path":"test_repo-skipped-numbers","path_with_namespace":"forgejo/test_repo-skipped-numbers","created_at":"2026-02-13T20:29:32.674Z","default_branch":"main","tag_list":[],"topics":[],"ssh_url_to_repo":"git@gitlab.com:forgejo/test_repo-skipped-numbers.git","http_url_to_repo":"https://gitlab.com/forgejo/test_repo-skipped-numbers.git","web_url":"https://gitlab.com/forgejo/test_repo-skipped-numbers","readme_url":"https://gitlab.com/forgejo/test_repo-skipped-numbers/-/blob/main/README.md","forks_count":0,"avatar_url":null,"star_count":0,"last_activity_at":"2026-02-13T20:29:32.598Z","visibility":"public","namespace":{"id":64459497,"name":"Forgejo","path":"forgejo","kind":"group","full_path":"forgejo","parent_id":null,"avatar_url":"/uploads/-/system/group/avatar/64459497/73144-c883a242dec5299fbc06bbe3ee71d8c6.png","web_url":"https://gitlab.com/groups/forgejo"},"container_registry_image_prefix":"registry.gitlab.com/forgejo/test_repo-skipped-numbers","_links":{"self":"https://gitlab.com/api/v4/projects/79476606","issues":"https://gitlab.com/api/v4/projects/79476606/issues","merge_requests":"https://gitlab.com/api/v4/projects/79476606/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/79476606/repository/branches","labels":"https://gitlab.com/api/v4/projects/79476606/labels","events":"https://gitlab.com/api/v4/projects/79476606/events","members":"https://gitlab.com/api/v4/projects/79476606/members","cluster_agents":"https://gitlab.com/api/v4/projects/79476606/cluster_agents"},"marked_for_deletion_at":null,"marked_for_deletion_on":null,"packages_enabled":true,"empty_repo":false,"archived":true,"resolve_outdated_diff_discussions":false,"container_expiration_policy":{"cadence":"1d","enabled":false,"keep_n":10,"older_than":"90d","name_regex":".*","name_regex_keep":null,"next_run_at":"2026-02-14T20:29:32.690Z"},"repository_object_format":"sha1","issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"can_create_merge_request_in":false,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"private","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","model_registry_access_level":"enabled","package_registry_access_level":"enabled","emails_disabled":false,"emails_enabled":true,"show_diff_preview_in_email":true,"shared_runners_enabled":true,"lfs_enabled":true,"creator_id":2005797,"import_url":null,"import_type":null,"import_status":"none","import_error":null,"open_issues_count":1,"description_html":"","updated_at":"2026-02-14T16:06:34.919Z","ci_default_git_depth":20,"ci_delete_pipelines_in_seconds":null,"ci_forward_deployment_enabled":true,"ci_forward_deployment_rollback_allowed":true,"ci_job_token_scope_enabled":false,"ci_separated_caches":true,"ci_allow_fork_pipelines_to_run_in_parent_project":true,"ci_id_token_sub_claim_components":["project_path","ref_type","ref"],"build_git_strategy":"fetch","keep_latest_artifact":true,"restrict_user_defined_variables":false,"ci_pipeline_variables_minimum_override_role":"developer","runner_token_expiration_interval":null,"group_runners_enabled":true,"resource_group_default_process_mode":"unordered","auto_cancel_pending_pipelines":"enabled","build_timeout":3600,"auto_devops_enabled":false,"auto_devops_deploy_strategy":"continuous","ci_push_repository_for_job_token_allowed":false,"ci_config_path":"","public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":true,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":true,"printing_merge_request_link_enabled":true,"merge_method":"merge","merge_request_title_regex":null,"merge_request_title_regex_description":null,"squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"warn_about_potentially_unwanted_characters":true,"autoclose_referenced_issues":true,"max_artifacts_size":null,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":true,"compliance_frameworks":[],"duo_remote_flows_enabled":true,"duo_foundational_flows_enabled":true,"web_based_commit_signing_enabled":false,"permissions":{"project_access":null,"group_access":{"access_level":50,"notification_level":3}}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2Ftroyengel%252Farchbuild b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2Ftroyengel%252Farchbuild
deleted file mode 100644
index a8c2882c26..0000000000
--- a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fprojects%2Ftroyengel%252Farchbuild
+++ /dev/null
@@ -1,22 +0,0 @@
-Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:53 GMT
-Gitlab-Lb: haproxy-main-41-lb-gprd
-Cache-Control: max-age=0, private, must-revalidate
-Referrer-Policy: strict-origin-when-cross-origin
-Cf-Cache-Status: MISS
-X-Content-Type-Options: nosniff
-Set-Cookie: _cfuvid=r78xThY2IPR6QvHnea1t_L7DbvuQp4.HWOiG1cKTWUg-1701332633720-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Ratelimit-Limit: 2000
-Strict-Transport-Security: max-age=31536000
-Vary: Origin, Accept-Encoding
-X-Gitlab-Meta: {"correlation_id":"4c3e0f8b5858454b6e138ecae9902a8d","version":"1"}
-X-Runtime: 0.097047
-Ratelimit-Observed: 2
-Ratelimit-Remaining: 1998
-X-Frame-Options: SAMEORIGIN
-Content-Security-Policy: default-src 'none'
-Etag: W/"03ce4f6ce1c1e8c5a31df8a44cf2fbdd"
-Content-Type: application/json
-Gitlab-Sv: localhost
-Ratelimit-Reset: 1701332693
-
-{"id":6590996,"description":"Arch packaging and build files","name":"archbuild","name_with_namespace":"Troy Engel / archbuild","path":"archbuild","path_with_namespace":"troyengel/archbuild","created_at":"2018-06-03T22:53:17.388Z","default_branch":"master","tag_list":[],"topics":[],"ssh_url_to_repo":"git@gitlab.com:troyengel/archbuild.git","http_url_to_repo":"https://gitlab.com/troyengel/archbuild.git","web_url":"https://gitlab.com/troyengel/archbuild","readme_url":"https://gitlab.com/troyengel/archbuild/-/blob/master/README.md","forks_count":0,"avatar_url":null,"star_count":0,"last_activity_at":"2020-12-13T18:09:32.071Z","namespace":{"id":1452515,"name":"Troy Engel","path":"troyengel","kind":"user","full_path":"troyengel","parent_id":null,"avatar_url":"https://secure.gravatar.com/avatar/b226c267929f1bcfcc446e75a025591c?s=80\u0026d=identicon","web_url":"https://gitlab.com/troyengel"},"container_registry_image_prefix":"registry.gitlab.com/troyengel/archbuild","_links":{"self":"https://gitlab.com/api/v4/projects/6590996","issues":"https://gitlab.com/api/v4/projects/6590996/issues","merge_requests":"https://gitlab.com/api/v4/projects/6590996/merge_requests","repo_branches":"https://gitlab.com/api/v4/projects/6590996/repository/branches","labels":"https://gitlab.com/api/v4/projects/6590996/labels","events":"https://gitlab.com/api/v4/projects/6590996/events","members":"https://gitlab.com/api/v4/projects/6590996/members","cluster_agents":"https://gitlab.com/api/v4/projects/6590996/cluster_agents"},"packages_enabled":null,"empty_repo":false,"archived":true,"visibility":"public","owner":{"id":1215848,"username":"troyengel","name":"Troy Engel","state":"active","locked":false,"avatar_url":"https://secure.gravatar.com/avatar/b226c267929f1bcfcc446e75a025591c?s=80\u0026d=identicon","web_url":"https://gitlab.com/troyengel"},"resolve_outdated_diff_discussions":false,"issues_enabled":true,"merge_requests_enabled":true,"wiki_enabled":true,"jobs_enabled":true,"snippets_enabled":true,"container_registry_enabled":true,"service_desk_enabled":true,"can_create_merge_request_in":false,"issues_access_level":"enabled","repository_access_level":"enabled","merge_requests_access_level":"enabled","forking_access_level":"enabled","wiki_access_level":"enabled","builds_access_level":"enabled","snippets_access_level":"enabled","pages_access_level":"enabled","analytics_access_level":"enabled","container_registry_access_level":"enabled","security_and_compliance_access_level":"private","releases_access_level":"enabled","environments_access_level":"enabled","feature_flags_access_level":"enabled","infrastructure_access_level":"enabled","monitor_access_level":"enabled","model_experiments_access_level":"enabled","emails_disabled":false,"emails_enabled":true,"shared_runners_enabled":true,"lfs_enabled":false,"creator_id":1215848,"import_status":"finished","open_issues_count":0,"description_html":"\u003cp data-sourcepos=\"1:1-1:30\" dir=\"auto\"\u003eArch packaging and build files\u003c/p\u003e","updated_at":"2022-07-13T21:32:12.624Z","ci_config_path":null,"public_jobs":true,"shared_with_groups":[],"only_allow_merge_if_pipeline_succeeds":false,"allow_merge_on_skipped_pipeline":null,"request_access_enabled":false,"only_allow_merge_if_all_discussions_are_resolved":false,"remove_source_branch_after_merge":null,"printing_merge_request_link_enabled":true,"merge_method":"merge","squash_option":"default_off","enforce_auth_checks_on_uploads":true,"suggestion_commit_message":null,"merge_commit_template":null,"squash_commit_template":null,"issue_branch_template":null,"autoclose_referenced_issues":true,"external_authorization_classification_label":"","requirements_enabled":false,"requirements_access_level":"enabled","security_and_compliance_enabled":false,"compliance_frameworks":[],"permissions":{"project_access":null,"group_access":null}}
\ No newline at end of file
diff --git a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fversion b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fversion
index eb6df2ffb1..19ac3aa53f 100644
--- a/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fversion
+++ b/services/migrations/testdata/gitlab/skipped_issue_number/GET_%2Fapi%2Fv4%2Fversion
@@ -1,22 +1,20 @@
-Ratelimit-Observed: 1
-X-Gitlab-Meta: {"correlation_id":"aa75720bd9c597c7f2f886a4042d1f80","version":"1"}
-Etag: W/"4e5c0a031c3aacb6ba0a3c19e67d7592"
-X-Content-Type-Options: nosniff
-Ratelimit-Limit: 2000
-Ratelimit-Resettime: Thu, 30 Nov 2023 08:24:53 GMT
-X-Runtime: 0.039899
-Ratelimit-Remaining: 1999
-Set-Cookie: _cfuvid=7OAEitQ3J0BOxrXk2pMBApFg1KFnz5aBVqOY7mHwLRk-1701332633452-0-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
-Content-Security-Policy: default-src 'none'
-Gitlab-Sv: localhost
-Cf-Cache-Status: MISS
-Vary: Origin, Accept-Encoding
-X-Frame-Options: SAMEORIGIN
 Cache-Control: max-age=0, private, must-revalidate
-Strict-Transport-Security: max-age=31536000
-Referrer-Policy: strict-origin-when-cross-origin
-Ratelimit-Reset: 1701332693
-Gitlab-Lb: haproxy-main-39-lb-gprd
+Cf-Cache-Status: MISS
+Content-Security-Policy: default-src 'none'
 Content-Type: application/json
+Etag: W/"eb8caeed3eb2f6feb10c7f2b9610d346"
+Gitlab-Lb: haproxy-main-52-lb-gprd
+Gitlab-Sv: api-gke-us-east1-b
+Ratelimit-Limit: 2000
+Ratelimit-Name: throttle_authenticated_api
+Ratelimit-Observed: 29
+Ratelimit-Remaining: 1971
+Ratelimit-Reset: 1771055640
+Referrer-Policy: strict-origin-when-cross-origin
+Strict-Transport-Security: max-age=31536000
+Vary: Origin, Accept-Encoding
+X-Content-Type-Options: nosniff
+X-Frame-Options: SAMEORIGIN
+X-Runtime: 0.060644
 
-{"version":"16.7.0-pre","revision":"acd848a9228","kas":{"enabled":true,"externalUrl":"wss://kas.gitlab.com","version":"v16.7.0-rc2"},"enterprise":true}
\ No newline at end of file
+{"version":"18.9.0-pre","revision":"dde8b248bb9","kas":{"enabled":true,"externalUrl":"wss://kas.gitlab.com","externalK8sProxyUrl":"https://kas.gitlab.com/k8s-proxy","version":"18.9.0-rc1+f6b096ad1f478a35a7335ec9b905c1230fd27b4e"},"enterprise":true}
\ No newline at end of file

From 607f2bb8d7bf1d738296c0249e54f8d42ab26364 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 3 Mar 2026 21:36:25 +0100
Subject: [PATCH 401/854] Update module github.com/valyala/fastjson to v1.6.10
 (forgejo) (#11477)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/valyala/fastjson](https://github.com/valyala/fastjson) | `v1.6.7` -> `v1.6.10` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fvalyala%2ffastjson/v1.6.10?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fvalyala%2ffastjson/v1.6.7/v1.6.10?slim=true) |

---

### Release Notes

<details>
<summary>valyala/fastjson (github.com/valyala/fastjson)</summary>

### [`v1.6.10`](https://github.com/valyala/fastjson/compare/v1.6.9...v1.6.10)

[Compare Source](https://github.com/valyala/fastjson/compare/v1.6.9...v1.6.10)

### [`v1.6.9`](https://github.com/valyala/fastjson/compare/v1.6.8...v1.6.9)

[Compare Source](https://github.com/valyala/fastjson/compare/v1.6.8...v1.6.9)

### [`v1.6.8`](https://github.com/valyala/fastjson/compare/v1.6.7...v1.6.8)

[Compare Source](https://github.com/valyala/fastjson/compare/v1.6.7...v1.6.8)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41LjAiLCJ1cGRhdGVkSW5WZXIiOiI0My41LjAiLCJ0YXJnZXRCcmFuY2giOiJmb3JnZWpvIiwibGFiZWxzIjpbImRlcGVuZGVuY3ktdXBncmFkZSIsInRlc3Qvbm90LW5lZWRlZCJdfQ==-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11477
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d871013779..35bcee5fd3 100644
--- a/go.mod
+++ b/go.mod
@@ -95,7 +95,7 @@ require (
 	github.com/syndtr/goleveldb v1.0.0
 	github.com/ulikunitz/xz v0.5.15
 	github.com/urfave/cli/v3 v3.6.2
-	github.com/valyala/fastjson v1.6.7
+	github.com/valyala/fastjson v1.6.10
 	github.com/yohcop/openid-go v1.0.1
 	github.com/yuin/goldmark v1.7.16
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
diff --git a/go.sum b/go.sum
index f70992469c..c044d6da5e 100644
--- a/go.sum
+++ b/go.sum
@@ -663,8 +663,8 @@ github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0o
 github.com/urfave/cli/v3 v3.5.0 h1:qCuFMmdayTF3zmjG8TSsoBzrDqszNrklYg2x3g4MSgw=
 github.com/urfave/cli/v3 v3.5.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
-github.com/valyala/fastjson v1.6.7 h1:ZE4tRy0CIkh+qDc5McjatheGX2czdn8slQjomexVpBM=
-github.com/valyala/fastjson v1.6.7/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
+github.com/valyala/fastjson v1.6.10 h1:/yjJg8jaVQdYR3arGxPE2X5z89xrlhS0eGXdv+ADTh4=
+github.com/valyala/fastjson v1.6.10/go.mod h1:e6FubmQouUNP73jtMLmcbxS6ydWIpOfhz34TSfO3JaE=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
 github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=

From d467c2bed72fb9acae59d4cac324d790b1cb943b Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Tue, 3 Mar 2026 21:42:13 +0100
Subject: [PATCH 402/854] chore: update licenses and gitignores [skip ci]
 (#11158)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

… by simply running `make generate-license` and `make generate-gitignore` (last time: 9d2fabc7d35d52dba32c08b7b9d4171831cacc52)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11158
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
---
 options/gitignore/AdventureGameStudio         |  31 ++
 options/gitignore/Alteryx                     |   2 +-
 options/gitignore/Android                     |   3 +-
 options/gitignore/Angular                     |  28 ++
 options/gitignore/Ansible                     |   1 +
 options/gitignore/ArchLinuxPackages           |   1 +
 options/gitignore/AutomationStudio            |  31 ++
 options/gitignore/Autotools                   |   2 +
 options/gitignore/Bazel                       |   2 +-
 options/gitignore/C                           |   3 +
 options/gitignore/C++                         |  37 ++
 options/gitignore/CMake                       |   7 +
 options/gitignore/ColdBox                     |  24 ++
 options/gitignore/Cursor                      |   2 +
 options/gitignore/Dart                        |   8 +-
 options/gitignore/Delphi                      |   1 +
 options/gitignore/Dotnet                      |  57 +++
 options/gitignore/Dotter                      |   6 +
 options/gitignore/Drupal                      |   3 +
 options/gitignore/Eclipse                     |   2 +-
 options/gitignore/Elisp                       |   8 +-
 options/gitignore/Emacs                       |   2 +
 options/gitignore/Expo                        |  32 ++
 options/gitignore/Firebase                    |  28 ++
 options/gitignore/Fortran                     |  37 ++
 options/gitignore/GitHubPages                 |   2 +-
 options/gitignore/Gleam                       |   4 +
 options/gitignore/Go                          |   9 +-
 options/gitignore/Godot                       |   4 +-
 options/gitignore/Gradle                      |   2 +-
 options/gitignore/HIP                         |  50 +++
 options/gitignore/Haxe                        |   3 +
 options/gitignore/IAR                         |  32 +-
 options/gitignore/JetBrains                   |  13 +-
 options/gitignore/Julia                       |   6 +-
 options/gitignore/JupyterNotebooks            |   4 +
 options/gitignore/Katalon                     |  40 ++
 options/gitignore/KiCad                       |  15 +-
 options/gitignore/Kotlin                      |   3 +
 options/gitignore/LangChain                   |   6 +
 options/gitignore/Laravel                     |   7 +
 options/gitignore/Lefthook                    |  16 +
 options/gitignore/Linux                       |   5 +-
 options/gitignore/Luau                        |  14 +
 options/gitignore/MATLAB                      |  28 +-
 options/gitignore/Maven                       |   2 +-
 options/gitignore/MetaTrader5                 |  57 +++
 options/gitignore/Metals                      |   7 +-
 options/gitignore/MicrosoftOffice             |   1 +
 options/gitignore/Modelica                    |  42 +++
 options/gitignore/Move                        |   6 +
 options/gitignore/NasaSpecsIntact             |  10 +-
 options/gitignore/Nestjs                      |  24 ++
 options/gitignore/Nextjs                      |  36 ++
 options/gitignore/Node                        |  46 ++-
 .../gitignore/NotesAndExtendedConfiguration   |   8 +-
 options/gitignore/OCaml                       |   9 +-
 options/gitignore/Octave                      |  28 +-
 options/gitignore/OpenTofu                    |  42 +++
 options/gitignore/Packer                      |   6 +-
 options/gitignore/Perl                        |   6 +
 options/gitignore/PlatformIO                  |   6 +
 options/gitignore/Python                      |  86 ++++-
 options/gitignore/Rust                        |  14 +-
 options/gitignore/SBT                         |   1 +
 options/gitignore/SSDT-sqlproj                |  31 ++
 options/gitignore/STM32CubeIDE                |  51 +++
 options/gitignore/Salesforce                  |  39 ++
 options/gitignore/Solidity-Remix              |  15 +
 options/gitignore/Stata                       |   1 +
 options/gitignore/TeX                         |  20 +
 options/gitignore/Terraform                   |  13 +-
 options/gitignore/TestComplete                |  14 +
 options/gitignore/TwinCAT3                    |  66 +++-
 options/gitignore/UTAU                        |  52 +++
 options/gitignore/UiPath                      |   2 +-
 options/gitignore/Umbraco                     |   4 +-
 options/gitignore/Unity                       |  37 +-
 options/gitignore/UnrealEngine                |   1 +
 options/gitignore/VBA                         |  40 ++
 options/gitignore/Vim                         |   3 +-
 options/gitignore/VirtualEnv                  |   2 +-
 options/gitignore/VisualStudio                |  68 +++-
 options/gitignore/VisualStudioCode            |   4 +-
 options/gitignore/Zig                         |   4 +-
 options/gitignore/libogc                      |  91 +++++
 options/gitignore/macOS                       |   5 +-
 options/gitignore/mise                        |  11 +
 options/license/ALGLIB-Documentation          |  17 +
 options/license/Advanced-Cryptics-Dictionary  |  10 +
 options/license/Artistic-dist                 | 125 +++++++
 options/license/Aspell-RU                     |   4 +
 .../license/BSD-2-Clause-pkgconf-disclaimer   |  15 +
 options/license/BSD-3-Clause-Tso              |  11 +
 options/license/BSD-Mark-Modifications        |  35 ++
 options/license/Boehm-GC-without-fee          |  14 +
 options/license/Buddy                         |  26 ++
 options/license/CAPEC-tou                     |   6 +
 options/license/CC-BY-ND-2.5                  |   2 +-
 options/license/CC-PDM-1.0                    |  27 ++
 options/license/CC-SA-1.0                     | 198 ++++++++++
 options/license/CGAL-linking-exception        |   4 +
 options/license/Classpath-exception-2.0-short |  11 +
 options/license/CryptoSwift                   |  11 +
 options/license/Digia-Qt-LGPL-exception-1.1   |   9 +
 options/license/DocBook-DTD                   |  24 ++
 options/license/DocBook-Schema                |  22 ++
 options/license/DocBook-XML                   |  48 +++
 options/license/ESA-PL-permissive-2.4         | 240 ++++++++++++
 options/license/ESA-PL-strong-copyleft-2.4    | 200 ++++++++++
 options/license/ESA-PL-weak-copyleft-2.4      | 193 ++++++++++
 options/license/Elastic-2.0                   |  34 +-
 options/license/FSFULLRSD                     |   4 +
 options/license/FSL-1.1-ALv2                  | 105 ++++++
 options/license/FSL-1.1-MIT                   | 110 ++++++
 options/license/Game-Programming-Gems         |   8 +
 options/license/HDF5                          |  96 +++++
 options/license/HIDAPI                        |   2 +
 options/license/HPND-Netrek                   |  10 +
 options/license/HPND-SMC                      |  15 +
 .../HPND-sell-variant-critical-systems        |  20 +
 options/license/ISO-permission                |   4 +
 options/license/Independent-modules-exception |  18 +
 options/license/InnoSetup                     |  27 ++
 options/license/MIPS                          |   4 +
 options/license/MIT                           |  15 +-
 options/license/MIT-STK                       |  27 ++
 options/license/MIT-open-group                |   8 +-
 options/license/MMPL-1.0.1                    |  87 +++++
 options/license/Motosoto                      | 344 +++++++++++++++---
 options/license/NIST-PD-TNT                   |   3 +
 options/license/NTIA-PD                       |  13 +
 options/license/Net-SNMP                      | 107 ------
 options/license/OSSP                          |  26 ++
 options/license/OpenMDW-1.0                   |  49 +++
 options/license/ParaType-Free-Font-1.3        |  24 ++
 options/license/Ruby-pty                      |  10 +
 options/license/SGMLUG-PM                     |  43 +++
 options/license/SMAIL-GPL                     | 144 ++++++++
 options/license/SOFA                          |  90 +++++
 options/license/SUL-1.0                       |  73 ++++
 options/license/Sendmail-Open-Source-1.1      |  75 ++++
 .../license/Simple-Library-Usage-exception    |  33 ++
 options/license/TekHVC                        |  34 ++
 options/license/ThirdEye                      |   7 +
 options/license/Ubuntu-font-1.0               |  96 +++++
 options/license/UnRAR                         |  41 +++
 options/license/Unlicense-libtelnet           |   1 +
 options/license/Unlicense-libwhirlpool        |   8 +
 options/license/Vixie-Cron                    |   4 +
 options/license/WTFNMFPL                      |  17 +
 options/license/WordNet                       |  12 +
 options/license/X11-no-permit-persons         |  23 ++
 options/license/X11-swapped                   |  23 ++
 options/license/any-OSI-perl-modules          |  11 +
 options/license/erlang-otp-linking-exception  |  11 +
 options/license/generic-xts                   |  17 +
 options/license/harbour-exception             |  23 ++
 options/license/hyphen-bulgarian              |   8 +
 options/license/jove                          |   4 +
 options/license/kvirc-openssl-exception       |  30 ++
 options/license/libpng-1.6.35                 |  96 +++++
 options/license/man2html                      |   2 +
 options/license/mxml-exception                |  16 +
 options/license/ngrep                         |  38 ++
 options/license/polyparse-exception           |   7 +
 options/license/romic-exception               |   6 +
 options/license/rsync-linking-exception       |   6 +
 options/license/wwl                           |   5 +
 169 files changed, 4710 insertions(+), 348 deletions(-)
 create mode 100644 options/gitignore/AdventureGameStudio
 create mode 100644 options/gitignore/Angular
 create mode 100644 options/gitignore/AutomationStudio
 create mode 100644 options/gitignore/ColdBox
 create mode 100644 options/gitignore/Cursor
 create mode 100644 options/gitignore/Dotnet
 create mode 100644 options/gitignore/Dotter
 create mode 100644 options/gitignore/Expo
 create mode 100644 options/gitignore/Firebase
 create mode 100644 options/gitignore/Gleam
 create mode 100644 options/gitignore/HIP
 create mode 100644 options/gitignore/Haxe
 create mode 100644 options/gitignore/Katalon
 create mode 100644 options/gitignore/LangChain
 create mode 100644 options/gitignore/Lefthook
 create mode 100644 options/gitignore/Luau
 create mode 100644 options/gitignore/MetaTrader5
 create mode 100644 options/gitignore/Modelica
 create mode 100644 options/gitignore/Move
 create mode 100644 options/gitignore/Nestjs
 create mode 100644 options/gitignore/Nextjs
 create mode 100644 options/gitignore/OpenTofu
 create mode 100644 options/gitignore/PlatformIO
 create mode 100644 options/gitignore/SSDT-sqlproj
 create mode 100644 options/gitignore/STM32CubeIDE
 create mode 100644 options/gitignore/Salesforce
 create mode 100644 options/gitignore/Solidity-Remix
 create mode 100644 options/gitignore/TestComplete
 create mode 100644 options/gitignore/UTAU
 create mode 100644 options/gitignore/VBA
 create mode 100644 options/gitignore/libogc
 create mode 100644 options/gitignore/mise
 create mode 100644 options/license/ALGLIB-Documentation
 create mode 100644 options/license/Advanced-Cryptics-Dictionary
 create mode 100644 options/license/Artistic-dist
 create mode 100644 options/license/Aspell-RU
 create mode 100644 options/license/BSD-2-Clause-pkgconf-disclaimer
 create mode 100644 options/license/BSD-3-Clause-Tso
 create mode 100644 options/license/BSD-Mark-Modifications
 create mode 100644 options/license/Boehm-GC-without-fee
 create mode 100644 options/license/Buddy
 create mode 100644 options/license/CAPEC-tou
 create mode 100644 options/license/CC-PDM-1.0
 create mode 100644 options/license/CC-SA-1.0
 create mode 100644 options/license/CGAL-linking-exception
 create mode 100644 options/license/Classpath-exception-2.0-short
 create mode 100644 options/license/CryptoSwift
 create mode 100644 options/license/Digia-Qt-LGPL-exception-1.1
 create mode 100644 options/license/DocBook-DTD
 create mode 100644 options/license/DocBook-Schema
 create mode 100644 options/license/DocBook-XML
 create mode 100644 options/license/ESA-PL-permissive-2.4
 create mode 100644 options/license/ESA-PL-strong-copyleft-2.4
 create mode 100644 options/license/ESA-PL-weak-copyleft-2.4
 create mode 100644 options/license/FSFULLRSD
 create mode 100644 options/license/FSL-1.1-ALv2
 create mode 100644 options/license/FSL-1.1-MIT
 create mode 100644 options/license/Game-Programming-Gems
 create mode 100644 options/license/HDF5
 create mode 100644 options/license/HIDAPI
 create mode 100644 options/license/HPND-Netrek
 create mode 100644 options/license/HPND-SMC
 create mode 100644 options/license/HPND-sell-variant-critical-systems
 create mode 100644 options/license/ISO-permission
 create mode 100644 options/license/Independent-modules-exception
 create mode 100644 options/license/InnoSetup
 create mode 100644 options/license/MIPS
 create mode 100644 options/license/MIT-STK
 create mode 100644 options/license/MMPL-1.0.1
 create mode 100644 options/license/NIST-PD-TNT
 create mode 100644 options/license/NTIA-PD
 delete mode 100644 options/license/Net-SNMP
 create mode 100644 options/license/OSSP
 create mode 100644 options/license/OpenMDW-1.0
 create mode 100644 options/license/ParaType-Free-Font-1.3
 create mode 100644 options/license/Ruby-pty
 create mode 100644 options/license/SGMLUG-PM
 create mode 100644 options/license/SMAIL-GPL
 create mode 100644 options/license/SOFA
 create mode 100644 options/license/SUL-1.0
 create mode 100644 options/license/Sendmail-Open-Source-1.1
 create mode 100644 options/license/Simple-Library-Usage-exception
 create mode 100644 options/license/TekHVC
 create mode 100644 options/license/ThirdEye
 create mode 100644 options/license/Ubuntu-font-1.0
 create mode 100644 options/license/UnRAR
 create mode 100644 options/license/Unlicense-libtelnet
 create mode 100644 options/license/Unlicense-libwhirlpool
 create mode 100644 options/license/Vixie-Cron
 create mode 100644 options/license/WTFNMFPL
 create mode 100644 options/license/WordNet
 create mode 100644 options/license/X11-no-permit-persons
 create mode 100644 options/license/X11-swapped
 create mode 100644 options/license/any-OSI-perl-modules
 create mode 100644 options/license/erlang-otp-linking-exception
 create mode 100644 options/license/generic-xts
 create mode 100644 options/license/harbour-exception
 create mode 100644 options/license/hyphen-bulgarian
 create mode 100644 options/license/jove
 create mode 100644 options/license/kvirc-openssl-exception
 create mode 100644 options/license/libpng-1.6.35
 create mode 100644 options/license/man2html
 create mode 100644 options/license/mxml-exception
 create mode 100644 options/license/ngrep
 create mode 100644 options/license/polyparse-exception
 create mode 100644 options/license/romic-exception
 create mode 100644 options/license/rsync-linking-exception
 create mode 100644 options/license/wwl

diff --git a/options/gitignore/AdventureGameStudio b/options/gitignore/AdventureGameStudio
new file mode 100644
index 0000000000..27a089f475
--- /dev/null
+++ b/options/gitignore/AdventureGameStudio
@@ -0,0 +1,31 @@
+# Built things
+_Debug/
+Compiled/
+
+# AudioCache can be rebuilt from sources
+AudioCache/
+
+# Lockfile
+_OpenInEditor.lock
+
+# User settings
+Game.agf.user
+*.crm.user
+
+# Backups
+Game.agf.bak
+backup_acsprset.spr
+
+# Memory dumps
+*.dmp
+
+# Temporary files
+# temporarily created during sprite or room background compression
+~aclzw.tmp
+# temporary, main game data, before getting packed into exe
+game28.dta
+# temporary build of the game before being moved to Compiled/ folder
+*.exe
+
+# Log files
+warnings.log
diff --git a/options/gitignore/Alteryx b/options/gitignore/Alteryx
index a8e1341ffe..8fe3c5cd71 100644
--- a/options/gitignore/Alteryx
+++ b/options/gitignore/Alteryx
@@ -29,7 +29,7 @@ CASS.ini
 *.gzlc
 
 ## gitignore reference sites
-# https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#Ignoring-Files
+# https://git-scm.com/book/en/v2/Git-Basics-Recording-Changes-to-the-Repository#_ignoring
 # https://git-scm.com/docs/gitignore
 # https://help.github.com/articles/ignoring-files/
 
diff --git a/options/gitignore/Android b/options/gitignore/Android
index 347e252ef1..e5cbb64142 100644
--- a/options/gitignore/Android
+++ b/options/gitignore/Android
@@ -12,8 +12,9 @@ local.properties
 captures/
 .externalNativeBuild/
 .cxx/
+*.aab
 *.apk
-output.json
+output-metadata.json
 
 # IntelliJ
 *.iml
diff --git a/options/gitignore/Angular b/options/gitignore/Angular
new file mode 100644
index 0000000000..0383c3a577
--- /dev/null
+++ b/options/gitignore/Angular
@@ -0,0 +1,28 @@
+# Angular specific
+/dist/
+/out-tsc/
+/tmp/
+/coverage/
+/e2e/test-output/
+/.angular/
+.angular/
+
+# Node modules and dependency files
+/node_modules/
+/package-lock.json
+/yarn.lock
+
+# Environment files
+/.env
+
+# Angular CLI and build artefacts
+/.angular-cli.json
+/.ng/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Logs
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
diff --git a/options/gitignore/Ansible b/options/gitignore/Ansible
index a8b42eb6ee..7eaa6e286f 100644
--- a/options/gitignore/Ansible
+++ b/options/gitignore/Ansible
@@ -1 +1,2 @@
 *.retry
+.ansible/
diff --git a/options/gitignore/ArchLinuxPackages b/options/gitignore/ArchLinuxPackages
index b73905529f..289fa5c677 100644
--- a/options/gitignore/ArchLinuxPackages
+++ b/options/gitignore/ArchLinuxPackages
@@ -3,6 +3,7 @@
 *.jar
 *.exe
 *.msi
+*.deb
 *.zip
 *.tgz
 *.log
diff --git a/options/gitignore/AutomationStudio b/options/gitignore/AutomationStudio
new file mode 100644
index 0000000000..b5552b17a0
--- /dev/null
+++ b/options/gitignore/AutomationStudio
@@ -0,0 +1,31 @@
+# gitignore template for B&R Automation Studio (AS) 4
+# website: https://www.br-automation.com/en-us/products/software/automation-software/automation-studio/
+
+# AS temporary directories
+Binaries/
+Diagnosis/
+Temp/
+TempObjects/
+
+# AS transfer files
+*artransfer.br
+*arTrsfmode.nv
+
+# 'ignored' directory
+ignored/
+
+# ARNC0ext
+*arnc0ext.br
+
+# AS File types
+*.bak
+*.isopen
+*.orig
+*.log
+*.asar
+*.csvlog*
+*.set
+!**/Physical/**/*.set
+
+# RevInfo variables
+*RevInfo.var
diff --git a/options/gitignore/Autotools b/options/gitignore/Autotools
index 617156f819..9a47826430 100644
--- a/options/gitignore/Autotools
+++ b/options/gitignore/Autotools
@@ -31,7 +31,9 @@ autom4te.cache
 
 # https://www.gnu.org/software/libtool/
 
+/libtool
 /ltmain.sh
+.libs/
 
 # http://www.gnu.org/software/texinfo
 
diff --git a/options/gitignore/Bazel b/options/gitignore/Bazel
index bc3afc20ba..4e1d5a2ba0 100644
--- a/options/gitignore/Bazel
+++ b/options/gitignore/Bazel
@@ -6,7 +6,7 @@
 /bazel-*
 
 # Directories for the Bazel IntelliJ plugin containing the generated
-# IntelliJ project files and plugin configuration. Seperate directories are
+# IntelliJ project files and plugin configuration. Separate directories are
 # for the IntelliJ, Android Studio and CLion versions of the plugin.
 /.ijwb/
 /.aswb/
diff --git a/options/gitignore/C b/options/gitignore/C
index c6127b38c1..845cda6a8a 100644
--- a/options/gitignore/C
+++ b/options/gitignore/C
@@ -50,3 +50,6 @@ modules.order
 Module.symvers
 Mkfile.old
 dkms.conf
+
+# debug information files
+*.dwo
diff --git a/options/gitignore/C++ b/options/gitignore/C++
index 259148fa18..bdde3b171b 100644
--- a/options/gitignore/C++
+++ b/options/gitignore/C++
@@ -11,10 +11,18 @@
 *.gch
 *.pch
 
+# Linker files
+*.ilk
+
+# Debugger Files
+*.pdb
+
 # Compiled Dynamic libraries
 *.so
 *.dylib
 *.dll
+*.so.*
+
 
 # Fortran module files
 *.mod
@@ -30,3 +38,32 @@
 *.exe
 *.out
 *.app
+
+# Build directories
+build/
+Build/
+build-*/
+
+# CMake generated files
+CMakeFiles/
+CMakeCache.txt
+cmake_install.cmake
+Makefile
+install_manifest.txt 
+compile_commands.json
+
+# Temporary files
+*.tmp 
+*.log 
+*.bak 
+*.swp 
+
+# vcpkg
+vcpkg_installed/
+
+# debug information files
+*.dwo
+
+# test output & cache
+Testing/
+.cache/
\ No newline at end of file
diff --git a/options/gitignore/CMake b/options/gitignore/CMake
index 11c76431e1..1f99f9d2f5 100644
--- a/options/gitignore/CMake
+++ b/options/gitignore/CMake
@@ -10,3 +10,10 @@ compile_commands.json
 CTestTestfile.cmake
 _deps
 CMakeUserPresets.json
+
+# CLion
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+#cmake-build-*
diff --git a/options/gitignore/ColdBox b/options/gitignore/ColdBox
new file mode 100644
index 0000000000..93f003fad3
--- /dev/null
+++ b/options/gitignore/ColdBox
@@ -0,0 +1,24 @@
+# Servelet Ignores
+WEB-INF
+
+# Engines + Database + CBFS + Secrets
+.tmp/**
+.env
+.engine/**
+.cbfs/**
+
+# Logs + Test Results
+logs/**
+tests/results/**
+
+## Ignored Dependencies
+effective-pom.xml
+/coldbox/**
+/testbox/**
+/modules/**
+/lib/java/**
+
+# NPM JS Assets (If applicable)
+**/node_modules/*
+npm-debug.log
+yarn-error.log
diff --git a/options/gitignore/Cursor b/options/gitignore/Cursor
new file mode 100644
index 0000000000..234f905b0e
--- /dev/null
+++ b/options/gitignore/Cursor
@@ -0,0 +1,2 @@
+.cursorignore
+.cursorindexingignore
diff --git a/options/gitignore/Dart b/options/gitignore/Dart
index 3a83c2f087..3150b4060c 100644
--- a/options/gitignore/Dart
+++ b/options/gitignore/Dart
@@ -16,9 +16,11 @@ doc/api/
 
 # Avoid committing generated Javascript files:
 *.dart.js
-*.info.json      # Produced by the --dump-info flag.
-*.js             # When generated by dart2js. Don't specify *.js if your
-                 # project includes source files written in JavaScript.
+# Produced by the --dump-info flag.
+*.info.json
+# When generated by dart2js. Don't specify *.js if your
+# project includes source files written in JavaScript.
+*.js
 *.js_
 *.js.deps
 *.js.map
diff --git a/options/gitignore/Delphi b/options/gitignore/Delphi
index 8df99b676b..9db64f626d 100644
--- a/options/gitignore/Delphi
+++ b/options/gitignore/Delphi
@@ -68,6 +68,7 @@
 *.projdata
 *.tvsconfig
 *.dsk
+*.dsv
 
 # Delphi history and backups
 __history/
diff --git a/options/gitignore/Dotnet b/options/gitignore/Dotnet
new file mode 100644
index 0000000000..7282dbf28f
--- /dev/null
+++ b/options/gitignore/Dotnet
@@ -0,0 +1,57 @@
+## A streamlined .gitignore for modern .NET projects
+## including temporary files, build results, and
+## files generated by popular .NET tools. If you are
+## developing with Visual Studio, the VS .gitignore
+## https://github.com/github/gitignore/blob/main/VisualStudio.gitignore
+## has more thorough IDE-specific entries.
+##
+## Get latest from https://github.com/github/gitignore/blob/main/Dotnet.gitignore
+
+# Build results
+[Dd]ebug/
+[Dd]ebugPublic/
+[Rr]elease/
+[Rr]eleases/
+x64/
+x86/
+[Ww][Ii][Nn]32/
+[Aa][Rr][Mm]/
+[Aa][Rr][Mm]64/
+bld/
+[Bb]in/
+[Oo]bj/
+[Ll]og/
+[Ll]ogs/
+
+# .NET Core
+project.lock.json
+project.fragment.lock.json
+artifacts/
+
+# ASP.NET Scaffolding
+ScaffoldingReadMe.txt
+
+# NuGet Packages
+*.nupkg
+# NuGet Symbol Packages
+*.snupkg
+
+# dotenv environment variables file
+.env
+
+# Others
+~$*
+*~
+CodeCoverage/
+
+# MSBuild Binary and Structured Log
+*.binlog
+
+# MSTest test Results
+[Tt]est[Rr]esult*/
+[Bb]uild[Ll]og.*
+
+# NUnit
+*.VisualState.xml
+TestResult.xml
+nunit-*.xml
diff --git a/options/gitignore/Dotter b/options/gitignore/Dotter
new file mode 100644
index 0000000000..86e82e8c5f
--- /dev/null
+++ b/options/gitignore/Dotter
@@ -0,0 +1,6 @@
+# local files are for host-specific overrides
+.dotter/local.toml
+
+# ignore caches
+.dotter/cache.toml
+.dotter/cache
diff --git a/options/gitignore/Drupal b/options/gitignore/Drupal
index faae808384..3856fe4634 100644
--- a/options/gitignore/Drupal
+++ b/options/gitignore/Drupal
@@ -25,12 +25,15 @@
 /web/vendor
 /web/core
 /web/modules/README.txt
+/web/modules/contrib
 /web/profiles/README.txt
+/web/profiles/contrib
 /web/sites/development.services.yml
 /web/sites/example.settings.local.php
 /web/sites/example.sites.php
 /web/sites/README.txt
 /web/themes/README.txt
+/web/themes/contrib
 /web/.csslintrc
 /web/.editorconfig
 /web/.eslintignore
diff --git a/options/gitignore/Eclipse b/options/gitignore/Eclipse
index acec74ac06..85723da801 100644
--- a/options/gitignore/Eclipse
+++ b/options/gitignore/Eclipse
@@ -48,7 +48,7 @@ local.properties
 
 # Annotation Processing
 .apt_generated/
-.apt_generated_test/
+.apt_generated_tests/
 
 # Scala IDE specific (Scala & Java development for Eclipse)
 .cache-main
diff --git a/options/gitignore/Elisp b/options/gitignore/Elisp
index 206569dc66..adef969d3d 100644
--- a/options/gitignore/Elisp
+++ b/options/gitignore/Elisp
@@ -2,7 +2,13 @@
 *.elc
 
 # Packaging
-.cask
+.cask/
+.eask/
+.eldev/
+.keg/
+
+# Built distribution
+dist/
 
 # Backup files
 *~
diff --git a/options/gitignore/Emacs b/options/gitignore/Emacs
index d40e86599b..489b89280c 100644
--- a/options/gitignore/Emacs
+++ b/options/gitignore/Emacs
@@ -47,3 +47,5 @@ flycheck_*.el
 # network security
 /network-security.data
 
+# undo-tree
+*.~undo-tree~
diff --git a/options/gitignore/Expo b/options/gitignore/Expo
new file mode 100644
index 0000000000..164986e1ff
--- /dev/null
+++ b/options/gitignore/Expo
@@ -0,0 +1,32 @@
+# .gitignore template for Expo
+# website: https://expo.dev/
+# docs: https://docs.expo.dev/workflow/expo-cli/
+#
+# Rationale:
+# node_modules/ is always ignored
+# .expo/, .expo-shared/ are Expo’s local state and project-settings cache (see docs)
+#  Metro caches/logs are *.expo, *.tunnel, *.cache, *.tmp, *.log
+
+# Node modules
+node_modules/
+
+# Expo local state and caches
+.expo/             # runtime state (Metro bundler, dev-client data, tunnels)
+.expo-shared/      # shared project settings (app.json edits, etc.)
+
+# Metro bundler caches/logs
+*.expo             # generic Expo temp files
+*.tunnel           # Expo DevTools tunnels
+*.cache            # Metro cache folder
+*.tmp              # temp files created during bundling
+*.log              # build or Metro logs
+
+# Environment variables
+.env
+.env.local
+.env.*.local
+
+# Package manager logs
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
diff --git a/options/gitignore/Firebase b/options/gitignore/Firebase
new file mode 100644
index 0000000000..55b8b0ea7f
--- /dev/null
+++ b/options/gitignore/Firebase
@@ -0,0 +1,28 @@
+# Firebase build and deployment files
+/firebase-debug.log
+/firebase-debug.*.log
+.firebaserc
+
+# Firebase Hosting
+/firebase.json
+*.cache
+hosting/.cache
+
+# Firebase Functions
+/functions/node_modules/
+/functions/.env
+/functions/package-lock.json
+
+# Firebase Emulators
+/firebase-*.zip
+/.firebase/
+/emulator-ui/
+
+# Logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Environment files (local configs)
+/.env.*
diff --git a/options/gitignore/Fortran b/options/gitignore/Fortran
index 259148fa18..bdde3b171b 100644
--- a/options/gitignore/Fortran
+++ b/options/gitignore/Fortran
@@ -11,10 +11,18 @@
 *.gch
 *.pch
 
+# Linker files
+*.ilk
+
+# Debugger Files
+*.pdb
+
 # Compiled Dynamic libraries
 *.so
 *.dylib
 *.dll
+*.so.*
+
 
 # Fortran module files
 *.mod
@@ -30,3 +38,32 @@
 *.exe
 *.out
 *.app
+
+# Build directories
+build/
+Build/
+build-*/
+
+# CMake generated files
+CMakeFiles/
+CMakeCache.txt
+cmake_install.cmake
+Makefile
+install_manifest.txt 
+compile_commands.json
+
+# Temporary files
+*.tmp 
+*.log 
+*.bak 
+*.swp 
+
+# vcpkg
+vcpkg_installed/
+
+# debug information files
+*.dwo
+
+# test output & cache
+Testing/
+.cache/
\ No newline at end of file
diff --git a/options/gitignore/GitHubPages b/options/gitignore/GitHubPages
index 493e69ba39..807c07fc55 100644
--- a/options/gitignore/GitHubPages
+++ b/options/gitignore/GitHubPages
@@ -11,7 +11,7 @@ _site/
 /vendor
 
 # Specific ignore for GitHub Pages
-# GitHub Pages will always use its own deployed version of pages-gem 
+# GitHub Pages will always use its own deployed version of pages-gem
 # This means GitHub Pages will NOT use your Gemfile.lock and therefore it is
 # counterproductive to check this file into the repository.
 # Details at https://github.com/github/pages-gem/issues/768
diff --git a/options/gitignore/Gleam b/options/gitignore/Gleam
new file mode 100644
index 0000000000..599be4eb92
--- /dev/null
+++ b/options/gitignore/Gleam
@@ -0,0 +1,4 @@
+*.beam
+*.ez
+/build
+erl_crash.dump
diff --git a/options/gitignore/Go b/options/gitignore/Go
index 6f72f89261..aaadf736e5 100644
--- a/options/gitignore/Go
+++ b/options/gitignore/Go
@@ -11,8 +11,11 @@
 # Test binary, built with `go test -c`
 *.test
 
-# Output of the go coverage tool, specifically when used with LiteIDE
+# Code coverage profiles and other test artifacts
 *.out
+coverage.*
+*.coverprofile
+profile.cov
 
 # Dependency directories (remove the comment below to include it)
 # vendor/
@@ -23,3 +26,7 @@ go.work.sum
 
 # env file
 .env
+
+# Editor/IDE
+# .idea/
+# .vscode/
diff --git a/options/gitignore/Godot b/options/gitignore/Godot
index d9aac213e7..e00df843c3 100644
--- a/options/gitignore/Godot
+++ b/options/gitignore/Godot
@@ -1,10 +1,12 @@
 # Godot 4+ specific ignores
 .godot/
+.nomedia
 
 # Godot-specific ignores
 .import/
 export.cfg
-export_presets.cfg
+export_credentials.cfg
+*.tmp
 
 # Imported translations (automatically generated from CSV files)
 *.translation
diff --git a/options/gitignore/Gradle b/options/gitignore/Gradle
index a5b111377b..296d3f0021 100644
--- a/options/gitignore/Gradle
+++ b/options/gitignore/Gradle
@@ -1,6 +1,6 @@
 .gradle
 **/build/
-!src/**/build/
+!**/src/**/build/
 
 # Ignore Gradle GUI config
 gradle-app.setting
diff --git a/options/gitignore/HIP b/options/gitignore/HIP
new file mode 100644
index 0000000000..5f3324cf14
--- /dev/null
+++ b/options/gitignore/HIP
@@ -0,0 +1,50 @@
+# HIP.gitignore
+# GitHub gitignore template for AMD HIP (ROCm) projects
+#
+# Reference:
+#   Official AMD ROCm HIP .gitignore: https://github.com/ROCm/hip/blob/amd-staging/.gitignore
+
+# 1. Build directories and files
+/build/                          # common build directory
+/CMakeFiles/                     # CMake internal files
+/CMakeCache.txt                  # CMake cache file
+/Makefile                        # autogenerated Makefile
+/cmake_install.cmake             # install script
+/install_manifest.txt            # install manifest list
+*.ninja-dep                      # Ninja dependency files
+*.ninja_log                      # Ninja log files
+meson-logs/                      # Meson log directory
+
+# 2. Compilation outputs and intermediates
+*.o                              # object files
+*.obj                            # Windows object files
+*.so                             # shared libraries
+*.a                              # static librarie
+*.d                              # dependency files
+*.gch                            # precompiled headers
+*.ii                             # preprocessed output
+*.ii.cpp                         # C++ preprocessed output
+*.out                            # generic executable outputs
+*.exe                            # Windows executables
+
+# 3. HIP/ROCm specific binaries and intermediates
+*.hsaco                          # ROCm compiled binary
+*.s                              # assembly output
+*.kernels.cpp                    # autogenerated kernel sources
+*.hip.cpp.*                      # hipcc intermediate outputs
+
+# 4. Official sample binaries and tutorial outputs
+bin/hipInfo                      # sample binary
+bin/hipBusBandwidth              # sample binary
+bin/hipDispatchLatency           # sample binary
+bin/hipify-clang                 # sample tool
+samples/**/*.out                 # tutorial outputs
+samples/**/*.code                # ISA/code dumps
+samples/**/*.hsaco               # compiled binaries
+samples/**/*.co                  # kernel code outputs
+
+# 5. Tags, logs and test outputs
+tags                             # ctags index
+*.log                            # log files
+/tests_output/                   # custom test output directory
+/samples_output/                 # custom sample output directory
diff --git a/options/gitignore/Haxe b/options/gitignore/Haxe
new file mode 100644
index 0000000000..efafc9e940
--- /dev/null
+++ b/options/gitignore/Haxe
@@ -0,0 +1,3 @@
+.haxelib/
+.haxelsp/recording/
+dump/
diff --git a/options/gitignore/IAR b/options/gitignore/IAR
index e8938b31a4..cb3fdf2cf0 100644
--- a/options/gitignore/IAR
+++ b/options/gitignore/IAR
@@ -12,24 +12,24 @@
 thumbs.db
 *.~*
 
-# IAR Settings  
-**/settings/*.crun  
-**/settings/*.dbgdt  
-**/settings/*.cspy  
-**/settings/*.cspy.*  
-**/settings/*.xcl  
-**/settings/*.dni  
-**/settings/*.wsdt  
-**/settings/*.wspos  
+# IAR Settings
+**/settings/*.crun
+**/settings/*.dbgdt
+**/settings/*.cspy
+**/settings/*.cspy.*
+**/settings/*.xcl
+**/settings/*.dni
+**/settings/*.wsdt
+**/settings/*.wspos
 
-# IAR Debug Exe  
-**/Exe/*.sim  
+# IAR Debug Exe
+**/Exe/*.sim
 
-# IAR Debug Obj  
-**/Obj/*.pbd  
-**/Obj/*.pbd.*  
-**/Obj/*.pbi  
-**/Obj/*.pbi.*  
+# IAR Debug Obj
+**/Obj/*.pbd
+**/Obj/*.pbd.*
+**/Obj/*.pbi
+**/Obj/*.pbi.*
 
 # IAR project "Debug" directory
 Debug/
diff --git a/options/gitignore/JetBrains b/options/gitignore/JetBrains
index 3649d6dc25..0c1302b4c6 100644
--- a/options/gitignore/JetBrains
+++ b/options/gitignore/JetBrains
@@ -1,4 +1,4 @@
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Covers JetBrains IDEs: IntelliJ, GoLand, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
 # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
 
 # User-specific stuff
@@ -63,6 +63,7 @@ atlassian-ide-plugin.xml
 
 # SonarLint plugin
 .idea/sonarlint/
+.idea/sonarlint.xml # see https://community.sonarsource.com/t/is-the-file-idea-idea-idea-sonarlint-xml-intended-to-be-under-source-control/121119
 
 # Crashlytics plugin (for Android Studio and IntelliJ)
 com_crashlytics_export_strings.xml
@@ -70,8 +71,16 @@ crashlytics.properties
 crashlytics-build.properties
 fabric.properties
 
-# Editor-based Rest Client
+# Editor-based HTTP Client
 .idea/httpRequests
+http-client.private.env.json
 
 # Android studio 3.1+ serialized cache file
 .idea/caches/build_file_checksums.ser
+
+# Apifox Helper cache
+.idea/.cache/.Apifox_Helper
+.idea/ApifoxUploaderProjectSetting.xml
+
+# Github Copilot persisted session migrations, see: https://github.com/microsoft/copilot-intellij-feedback/issues/712#issuecomment-3322062215
+.idea/**/copilot.data.migration.*.xml
diff --git a/options/gitignore/Julia b/options/gitignore/Julia
index 29126e47b0..285da1ecd2 100644
--- a/options/gitignore/Julia
+++ b/options/gitignore/Julia
@@ -21,4 +21,8 @@ docs/site/
 # It records a fixed state of all packages used by the project. As such, it should not be
 # committed for packages, but should be committed for applications that require a static
 # environment.
-Manifest.toml
+Manifest*.toml
+
+# File generated by the Preferences package to store local preferences
+LocalPreferences.toml
+JuliaLocalPreferences.toml
diff --git a/options/gitignore/JupyterNotebooks b/options/gitignore/JupyterNotebooks
index f27f90d665..f45b39dedb 100644
--- a/options/gitignore/JupyterNotebooks
+++ b/options/gitignore/JupyterNotebooks
@@ -8,5 +8,9 @@
 profile_default/
 ipython_config.py
 
+# Jupyter lab virtual documents
+# https://jupyterlab-lsp.readthedocs.io/en/2.x/Configuring.html#virtual_documents_dir
+.virtual_documents/
+
 # Remove previous ipynb_checkpoints
 #   git rm -r .ipynb_checkpoints/
diff --git a/options/gitignore/Katalon b/options/gitignore/Katalon
new file mode 100644
index 0000000000..73a4938fc6
--- /dev/null
+++ b/options/gitignore/Katalon
@@ -0,0 +1,40 @@
+# Katalon Test Suite
+# Compiled class file
+*.class
+*.swp
+output
+!output/.gitkeep
+build
+
+Libs/TempTestCase*
+Libs/TempTestSuite*
+bin/lib/TempTestCase*
+Reports/
+\.classpath
+\.project
+\.settings/
+bin/lib/
+Libs/
+.svn/
+.gradle
+
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
diff --git a/options/gitignore/KiCad b/options/gitignore/KiCad
index a63bc0e7f7..9d5df933c9 100644
--- a/options/gitignore/KiCad
+++ b/options/gitignore/KiCad
@@ -8,14 +8,19 @@
 *.kicad_pcb-bak
 *.kicad_sch-bak
 *-backups
-*.kicad_prl
-*.sch-bak
+*-cache*
+*-bak
+*-bak*
 *~
+~*
 _autosave-*
+\#auto_saved_files\#
 *.tmp
 *-save.pro
 *-save.kicad_pcb
 fp-info-cache
+~*.lck
+\#auto_saved_files#
 
 # Netlist files (exported from Eeschema)
 *.net
@@ -27,3 +32,9 @@ fp-info-cache
 # Exported BOM files
 *.xml
 *.csv
+
+# Archived Backups (KiCad 6.0)
+**/*-backups/*.zip
+
+# Local project settings
+*.kicad_prl
diff --git a/options/gitignore/Kotlin b/options/gitignore/Kotlin
index 524f0963bd..566e06bf99 100644
--- a/options/gitignore/Kotlin
+++ b/options/gitignore/Kotlin
@@ -22,3 +22,6 @@
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
 replay_pid*
+
+# Kotlin Gradle plugin data, see https://kotlinlang.org/docs/whatsnew20.html#new-directory-for-kotlin-data-in-gradle-projects
+.kotlin/
\ No newline at end of file
diff --git a/options/gitignore/LangChain b/options/gitignore/LangChain
new file mode 100644
index 0000000000..c76ebfd922
--- /dev/null
+++ b/options/gitignore/LangChain
@@ -0,0 +1,6 @@
+# gitignore template for LangChain products, e.g., LangGraph, LangSmith
+# website: https://www.langchain.com/
+# website: https://www.langchain.com/langgraph
+
+# LangGraph
+.langgraph_api/
diff --git a/options/gitignore/Laravel b/options/gitignore/Laravel
index 297959a19e..d5673e321c 100644
--- a/options/gitignore/Laravel
+++ b/options/gitignore/Laravel
@@ -21,3 +21,10 @@ Homestead.yaml
 Homestead.json
 /.vagrant
 .phpunit.result.cache
+
+/public/build
+/storage/pail
+.env.backup
+.env.production
+.phpactor.json
+auth.json
diff --git a/options/gitignore/Lefthook b/options/gitignore/Lefthook
new file mode 100644
index 0000000000..35409f0e02
--- /dev/null
+++ b/options/gitignore/Lefthook
@@ -0,0 +1,16 @@
+# https://lefthook.dev/configuration/#config-file-name
+/.lefthook-local.json
+/.lefthook-local.toml
+/.lefthook-local.yaml
+/.lefthook-local.yml
+/lefthook-local.json
+/lefthook-local.toml
+/lefthook-local.yaml
+/lefthook-local.yml
+/.config/lefthook-local.json
+/.config/lefthook-local.toml
+/.config/lefthook-local.yaml
+/.config/lefthook-local.yml
+
+# https://lefthook.dev/configuration/source_dir_local.html
+/.lefthook-local/
diff --git a/options/gitignore/Linux b/options/gitignore/Linux
index b56bf65d85..35ea8c6723 100644
--- a/options/gitignore/Linux
+++ b/options/gitignore/Linux
@@ -3,7 +3,7 @@
 # temporary files which can be created if a process still has a handle open of a deleted file
 .fuse_hidden*
 
-# KDE directory preferences
+# Metadata left by Dolphin file manager, which comes with KDE Plasma
 .directory
 
 # Linux trash folder which might appear on any partition or disk
@@ -11,3 +11,6 @@
 
 # .nfs files are created when an open file is removed but is still being accessed
 .nfs*
+
+# Log files created by default by the nohup command
+nohup.out
diff --git a/options/gitignore/Luau b/options/gitignore/Luau
new file mode 100644
index 0000000000..f7ecbc96ae
--- /dev/null
+++ b/options/gitignore/Luau
@@ -0,0 +1,14 @@
+# A fast, small, safe, gradually typed embeddable scripting language derived from Lua
+#
+# https://github.com/luau-lang/luau
+# https://luau.org/
+
+# Code coverage
+coverage.out
+
+# Profiling
+profile.out
+profile.svg
+
+# Time trace
+trace.json
diff --git a/options/gitignore/MATLAB b/options/gitignore/MATLAB
index 01d02dd2e4..92061b1d8e 100644
--- a/options/gitignore/MATLAB
+++ b/options/gitignore/MATLAB
@@ -1,31 +1,33 @@
-# Windows default autosave extension
+# Autosave files
 *.asv
-
-# OSX / *nix default autosave extension
 *.m~
+*.autosave
+*.slx.r*
+*.mdl.r*
 
-# Compiled MEX binaries (all platforms)
+# Derived content-obscured files
+*.p
+
+# Compiled MEX files
 *.mex*
 
 # Packaged app and toolbox files
 *.mlappinstall
 *.mltbx
 
+# Deployable archives
+*.ctf
+
 # Generated helpsearch folders
 helpsearch*/
 
-# Simulink code generation folders
+# Code generation folders
 slprj/
 sccprj/
-
-# Matlab code generation folders
 codegen/
 
-# Simulink autosave extension
-*.autosave
-
-# Simulink cache files
+# Cache files
 *.slxc
 
-# Octave session info
-octave-workspace
+# Cloud based storage dotfile
+.MATLABDriveTag
diff --git a/options/gitignore/Maven b/options/gitignore/Maven
index 2f4353087f..6d706b8df1 100644
--- a/options/gitignore/Maven
+++ b/options/gitignore/Maven
@@ -7,7 +7,7 @@ release.properties
 dependency-reduced-pom.xml
 buildNumber.properties
 .mvn/timing.properties
-# https://github.com/takari/maven-wrapper#usage-without-binary-jar
+# https://maven.apache.org/wrapper/#usage-without-binary-jar
 .mvn/wrapper/maven-wrapper.jar
 
 # Eclipse m2e generated files
diff --git a/options/gitignore/MetaTrader5 b/options/gitignore/MetaTrader5
new file mode 100644
index 0000000000..0e235ca712
--- /dev/null
+++ b/options/gitignore/MetaTrader5
@@ -0,0 +1,57 @@
+# MetaTrader 5 and MQL5 gitignore template
+# Project homepage: https://www.metatrader5.com/en
+
+# Compiled MQL5 executables (binaries)
+# These are generated from .mq5 source files and should not be committed.
+*.ex5
+*.ex4 # For MQL4 compatibility if you also manage MT4 projects in a similar structure
+
+# Log files
+# Terminal logs, strategy tester logs, and custom logs from Print() functions.
+*.log
+*.slog # Strategy Tester logs
+
+# Strategy Tester specific files
+# History data, optimization results, and temporary files used by the tester.
+*.fxt  # FXT files (history data for testing)
+*.hst  # History data files (can be large)
+*.ini  # Initialization files (often generated by tester or EAs)
+*.dat  # Data files (various purposes, often temporary)
+*.csv  # CSV export files (e.g., from tester reports)
+*.jrn  # Journal files (tester journal)
+
+# Market Watch sets and profiles
+# User-specific lists of symbols in Market Watch, and terminal profiles.
+*.set  # Market Watch symbol sets
+*.tpl  # Chart templates
+*.chr  # Chart settings files (can be generated when saving templates or profiles)
+
+# External libraries (DLLs)
+# If you use custom DLLs, you might want to ignore them if they are built separately
+# and not part of your MQL5 source code repository.
+*.dll
+
+# User-specific configuration and credentials
+# Files containing sensitive information or local user settings.
+.env   # Environment variables (e.g., for Python integration credentials)
+*.cfg  # Configuration files (if not meant to be shared)
+*.json # Be careful: if you have config JSONs you *do* want to commit, add specific exceptions.
+       # Example: !config.json (to include config.json but ignore other *.json)
+
+# Temporary files and backup files generated by MetaEditor
+*.~*   # Temporary files (e.g., ~MyScript.mq5)
+*.bak  # Backup files (e.g., MyScript.mq5.bak)
+*.mqh.bak
+*.mq5.bak
+
+# MetaEditor project files
+# Project files for MetaEditor workspaces.
+.mqproj
+
+# Python specific ignores (if you also keep Python scripts or Jupyter notebooks in this repository)
+# These are relevant if your Git repo root is higher up (e.g., the terminal folder itself)
+# or if you mix Python code within your MQL5 structure.
+__pycache__/       # Python compiled bytecode cache
+.ipynb_checkpoints/ # Jupyter Notebook checkpoints
+*.pyc              # Python compiled files
+*.pyd              # Python dynamic modules
diff --git a/options/gitignore/Metals b/options/gitignore/Metals
index 516e7e33f2..779e796bb8 100644
--- a/options/gitignore/Metals
+++ b/options/gitignore/Metals
@@ -1,5 +1,6 @@
- # Generated Metals (Scala Language Server) files
- # Reference: https://scalameta.org/metals/
+# Metals (Scala Language Server)
+# Reference: https://scalameta.org/metals/docs/editors/vscode#files-and-directories-to-include-in-your-gitignore
 .metals/
 .bloop/
-project/metals.sbt
+.ammonite/
+metals.sbt
diff --git a/options/gitignore/MicrosoftOffice b/options/gitignore/MicrosoftOffice
index ddcc9cf6e3..6501a7d322 100644
--- a/options/gitignore/MicrosoftOffice
+++ b/options/gitignore/MicrosoftOffice
@@ -2,6 +2,7 @@
 
 # Word temporary
 ~$*.doc*
+~$*.dot*
 
 # Word Auto Backup File
 Backup of *.doc*
diff --git a/options/gitignore/Modelica b/options/gitignore/Modelica
new file mode 100644
index 0000000000..aa2cc996da
--- /dev/null
+++ b/options/gitignore/Modelica
@@ -0,0 +1,42 @@
+# Modelica - an object-oriented language for modeling of cyber-physical systems
+# https://modelica.org/
+# Ignore temporary files, build results, simulation files
+
+## Modelica-specific files
+*~
+*.bak
+*.bak-mo
+*.mof
+\#*\#
+*.moe
+*.mol
+
+## Build artefacts
+*.exe
+*.exp
+*.o
+*.pyc
+
+## Simulation files
+*.mat
+
+## Package files
+*.gz
+*.rar
+*.tar
+*.zip
+
+## Dymola-specific files
+buildlog.txt
+dsfinal.txt
+dsin.txt
+dslog.txt
+dsmodel*
+dsres.txt
+dymosim*
+request
+stat
+status
+stop
+success
+*.
diff --git a/options/gitignore/Move b/options/gitignore/Move
new file mode 100644
index 0000000000..b7d406e7bb
--- /dev/null
+++ b/options/gitignore/Move
@@ -0,0 +1,6 @@
+# Generated by Move
+# will have compiled files
+build/
+
+# Remove possibly saving credentials to the git repository
+.aptos/
diff --git a/options/gitignore/NasaSpecsIntact b/options/gitignore/NasaSpecsIntact
index be53af0e0a..626d18167e 100644
--- a/options/gitignore/NasaSpecsIntact
+++ b/options/gitignore/NasaSpecsIntact
@@ -1,9 +1,9 @@
 # gitignore template for Nasa SpecsIntact (SI)
 # Website: https://specsintact.ksc.nasa.gov/
 #
-# Recommended: 
+# Recommended:
 # MicrosoftOffice.gitignore
-# 
+#
 
 # SpecsIntact (SI) Locking file; this would lock everyone out.
 *.se$
@@ -20,14 +20,14 @@ SUBMVER.*
 TTLDIFFS.*
 
 # SpecsIntact files that change a lot and don't actually affect SI
-# PULL.TBL is an auto-generated file to help speed SI loading. 
+# PULL.TBL is an auto-generated file to help speed SI loading.
 PULL.TBL
 pulltbl.bck
 
 # Tailoring information.
 # Keep tailor.tag; it is a list of tailoring options in SI.
 
-# JOB.OTL informs SI where a spec section came from. 
+# JOB.OTL informs SI where a spec section came from.
 # Keeping the old one isn't useful in git.
 JOB.OTL.OLD
 
@@ -35,6 +35,6 @@ JOB.OTL.OLD
 # notebooks, and if so, OneNote will litter the SI folder with these.
 *.onetoc*
 
-# Log files, typically tagfix or other auto generated logs that aren't useful 
+# Log files, typically tagfix or other auto generated logs that aren't useful
 # outside of the user that made them and clutter up the index.
 *.log
diff --git a/options/gitignore/Nestjs b/options/gitignore/Nestjs
new file mode 100644
index 0000000000..845341e446
--- /dev/null
+++ b/options/gitignore/Nestjs
@@ -0,0 +1,24 @@
+# Nestjs specific
+/dist
+/node_modules
+/build
+/tmp
+
+# Logs
+logs
+*.log
+npm-debug.log*
+pnpm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+
+# dotenv environment variable files
+.env
+.env.development
+.env.test
+.env.production
+
+# temp directory
+.temp
+.tmp
diff --git a/options/gitignore/Nextjs b/options/gitignore/Nextjs
new file mode 100644
index 0000000000..45c1abce86
--- /dev/null
+++ b/options/gitignore/Nextjs
@@ -0,0 +1,36 @@
+# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
+
+# dependencies
+/node_modules
+/.pnp
+.pnp.js
+
+# testing
+/coverage
+
+# next.js
+/.next/
+/out/
+
+# production
+/build
+
+# misc
+.DS_Store
+*.pem
+
+# debug
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# local env files
+.env*.local
+.env
+
+# vercel
+.vercel
+
+# typescript
+*.tsbuildinfo
+next-env.d.ts
diff --git a/options/gitignore/Node b/options/gitignore/Node
index c6bba59138..2aa8c99a54 100644
--- a/options/gitignore/Node
+++ b/options/gitignore/Node
@@ -5,7 +5,6 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
-.pnpm-debug.log*
 
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
@@ -57,12 +56,6 @@ web_modules/
 # Optional stylelint cache
 .stylelintcache
 
-# Microbundle cache
-.rpt2_cache/
-.rts2_cache_cjs/
-.rts2_cache_es/
-.rts2_cache_umd/
-
 # Optional REPL history
 .node_repl_history
 
@@ -74,10 +67,8 @@ web_modules/
 
 # dotenv environment variable files
 .env
-.env.development.local
-.env.test.local
-.env.production.local
-.env.local
+.env.*
+!.env.example
 
 # parcel-bundler cache (https://parceljs.org/)
 .cache
@@ -90,6 +81,7 @@ out
 # Nuxt.js build / generate output
 .nuxt
 dist
+.output
 
 # Gatsby files
 .cache/
@@ -104,6 +96,15 @@ dist
 .temp
 .cache
 
+# Sveltekit cache directory
+.svelte-kit/
+
+# vitepress build output
+**/.vitepress/dist
+
+# vitepress cache directory
+**/.vitepress/cache
+
 # Docusaurus cache and generated files
 .docusaurus
 
@@ -116,15 +117,28 @@ dist
 # DynamoDB Local files
 .dynamodb/
 
+# Firebase cache directory
+.firebase/
+
 # TernJS port file
 .tern-port
 
 # Stores VSCode versions used for testing VSCode extensions
 .vscode-test
 
-# yarn v2
-.yarn/cache
-.yarn/unplugged
-.yarn/build-state.yml
-.yarn/install-state.gz
+# pnpm
+.pnpm-store
+
+# yarn v3
 .pnp.*
+.yarn/*
+!.yarn/patches
+!.yarn/plugins
+!.yarn/releases
+!.yarn/sdks
+!.yarn/versions
+
+# Vite files
+vite.config.js.timestamp-*
+vite.config.ts.timestamp-*
+.vite/
diff --git a/options/gitignore/NotesAndExtendedConfiguration b/options/gitignore/NotesAndExtendedConfiguration
index 3e0804f299..58c3f71e48 100644
--- a/options/gitignore/NotesAndExtendedConfiguration
+++ b/options/gitignore/NotesAndExtendedConfiguration
@@ -30,9 +30,7 @@
 # contain metadata (manifest.json), application code (main.js), stylesheets
 # (styles.css), and user-configuration data (data.json).
 # We only want to track data.json, so we:
-# 1. exclude everything under the plugins directory recursively,
-# 2. unignore the plugin directories themselves, which then allows us to
-# 3. unignore the data.json files
-.obsidian/plugins/**/*
-!.obsidian/plugins/*/
+# 1. exclude everything that the plugin folders contain,
+# 2. unignore data.json in the plugin folders
+.obsidian/plugins/*/**
 !.obsidian/plugins/*/data.json
diff --git a/options/gitignore/OCaml b/options/gitignore/OCaml
index a18e08402b..250caf74e7 100644
--- a/options/gitignore/OCaml
+++ b/options/gitignore/OCaml
@@ -8,7 +8,14 @@
 *.cmxs
 *.cmxa
 
-# ocamlbuild working directory
+# Files containing detailed information about the compilation (generated
+# by `ocamlc`/`ocamlopt` when invoked using the option `-bin-annot`).
+# These files are typically useful for code inspection tools
+# (e.g. Merlin).
+*.cmt
+*.cmti
+
+# ocamlbuild and Dune default working directory
 _build/
 
 # ocamlbuild targets
diff --git a/options/gitignore/Octave b/options/gitignore/Octave
index 01d02dd2e4..92061b1d8e 100644
--- a/options/gitignore/Octave
+++ b/options/gitignore/Octave
@@ -1,31 +1,33 @@
-# Windows default autosave extension
+# Autosave files
 *.asv
-
-# OSX / *nix default autosave extension
 *.m~
+*.autosave
+*.slx.r*
+*.mdl.r*
 
-# Compiled MEX binaries (all platforms)
+# Derived content-obscured files
+*.p
+
+# Compiled MEX files
 *.mex*
 
 # Packaged app and toolbox files
 *.mlappinstall
 *.mltbx
 
+# Deployable archives
+*.ctf
+
 # Generated helpsearch folders
 helpsearch*/
 
-# Simulink code generation folders
+# Code generation folders
 slprj/
 sccprj/
-
-# Matlab code generation folders
 codegen/
 
-# Simulink autosave extension
-*.autosave
-
-# Simulink cache files
+# Cache files
 *.slxc
 
-# Octave session info
-octave-workspace
+# Cloud based storage dotfile
+.MATLABDriveTag
diff --git a/options/gitignore/OpenTofu b/options/gitignore/OpenTofu
new file mode 100644
index 0000000000..8a7f7b76a1
--- /dev/null
+++ b/options/gitignore/OpenTofu
@@ -0,0 +1,42 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tofu
+override.tf.json
+override.tofu.json
+*_override.tf
+*_override.tofu
+*_override.tf.json
+*_override.tofu.json
+
+# Ignore transient lock info files created by tofu apply
+.terraform.tfstate.lock.info
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+# !example_override.tofu
+
+# Include tfplan files to ignore the plan output of command: tofu plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
diff --git a/options/gitignore/Packer b/options/gitignore/Packer
index 2cbc1ad079..caa24ec789 100644
--- a/options/gitignore/Packer
+++ b/options/gitignore/Packer
@@ -5,9 +5,9 @@ packer_cache/
 crash.log
 
 # https://www.packer.io/guides/hcl/variables
-# Exclude all .pkrvars.hcl files, which are likely to contain sensitive data, 
-# such as password, private keys, and other secrets. These should not be part of 
-# version control as they are data points which are potentially sensitive and 
+# Exclude all .pkrvars.hcl files, which are likely to contain sensitive data,
+# such as password, private keys, and other secrets. These should not be part of
+# version control as they are data points which are potentially sensitive and
 # subject to change depending on the environment.
 #
 *.pkrvars.hcl
diff --git a/options/gitignore/Perl b/options/gitignore/Perl
index fb8b193173..79d77ce623 100644
--- a/options/gitignore/Perl
+++ b/options/gitignore/Perl
@@ -33,3 +33,9 @@ inc/
 /MANIFEST.bak
 /pm_to_blib
 /*.zip
+
+# Carton/Carmel
+/local/
+/.carmel/
+# cpanfile.snapshot should generally be ignored for library code, otherwise included
+# cpanfile.snapshot
diff --git a/options/gitignore/PlatformIO b/options/gitignore/PlatformIO
new file mode 100644
index 0000000000..2de98aba16
--- /dev/null
+++ b/options/gitignore/PlatformIO
@@ -0,0 +1,6 @@
+.pio
+.pioenvs
+.piolibdeps
+.vscode/.browse.c_cpp.db*
+.vscode/c_cpp_properties.json
+.vscode/launch.json
diff --git a/options/gitignore/Python b/options/gitignore/Python
index 82f927558a..e15106e38f 100644
--- a/options/gitignore/Python
+++ b/options/gitignore/Python
@@ -1,6 +1,6 @@
 # Byte-compiled / optimized / DLL files
 __pycache__/
-*.py[cod]
+*.py[codz]
 *$py.class
 
 # C extensions
@@ -27,8 +27,8 @@ share/python-wheels/
 MANIFEST
 
 # PyInstaller
-#  Usually these files are written by a python script from a template
-#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+#   Usually these files are written by a python script from a template
+#   before PyInstaller builds the exe, so as to inject date/other infos into it.
 *.manifest
 *.spec
 
@@ -46,7 +46,7 @@ htmlcov/
 nosetests.xml
 coverage.xml
 *.cover
-*.py,cover
+*.py.cover
 .hypothesis/
 .pytest_cache/
 cover/
@@ -92,25 +92,38 @@ ipython_config.py
 #   However, in case of collaboration, if having platform-specific dependencies or dependencies
 #   having no cross-platform support, pipenv may install dependencies that don't work, or not
 #   install all needed dependencies.
-#Pipfile.lock
+# Pipfile.lock
+
+# UV
+#   Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+# uv.lock
 
 # poetry
 #   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
 #   This is especially recommended for binary packages to ensure reproducibility, and is more
 #   commonly ignored for libraries.
 #   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
-#poetry.lock
+# poetry.lock
+# poetry.toml
 
 # pdm
 #   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
-#pdm.lock
-#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
-#   in version control.
-#   https://pdm.fming.dev/latest/usage/project/#working-with-version-control
-.pdm.toml
+#   pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python.
+#   https://pdm-project.org/en/latest/usage/project/#working-with-version-control
+# pdm.lock
+# pdm.toml
 .pdm-python
 .pdm-build/
 
+# pixi
+#   Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control.
+# pixi.lock
+#   Pixi creates a virtual environment in the .pixi directory, just like venv module creates one
+#   in the .venv directory. It is recommended not to include this directory in version control.
+.pixi
+
 # PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
 __pypackages__/
 
@@ -118,11 +131,25 @@ __pypackages__/
 celerybeat-schedule
 celerybeat.pid
 
+# Redis
+*.rdb
+*.aof
+*.pid
+
+# RabbitMQ
+mnesia/
+rabbitmq/
+rabbitmq-data/
+
+# ActiveMQ
+activemq-data/
+
 # SageMath parsed files
 *.sage.py
 
 # Environments
 .env
+.envrc
 .venv
 env/
 venv/
@@ -155,8 +182,35 @@ dmypy.json
 cython_debug/
 
 # PyCharm
-#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
-#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
-#  and can be added to the global gitignore or merged into this file.  For a more nuclear
-#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
+#   JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#   be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#   and can be added to the global gitignore or merged into this file.  For a more nuclear
+#   option (not recommended) you can uncomment the following to ignore the entire idea folder.
+# .idea/
+
+# Abstra
+#   Abstra is an AI-powered process automation framework.
+#   Ignore directories containing user credentials, local state, and settings.
+#   Learn more at https://abstra.io/docs
+.abstra/
+
+# Visual Studio Code
+#   Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
+#   that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
+#   and can be added to the global gitignore or merged into this file. However, if you prefer, 
+#   you could uncomment the following to ignore the entire vscode folder
+# .vscode/
+
+# Ruff stuff:
+.ruff_cache/
+
+# PyPI configuration file
+.pypirc
+
+# Marimo
+marimo/_static/
+marimo/_lsp/
+__marimo__/
+
+# Streamlit
+.streamlit/secrets.toml
diff --git a/options/gitignore/Rust b/options/gitignore/Rust
index d01bd1a990..ad67955886 100644
--- a/options/gitignore/Rust
+++ b/options/gitignore/Rust
@@ -1,11 +1,7 @@
 # Generated by Cargo
 # will have compiled files and executables
-debug/
-target/
-
-# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
-# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
-Cargo.lock
+debug
+target
 
 # These are backup files generated by rustfmt
 **/*.rs.bk
@@ -13,9 +9,13 @@ Cargo.lock
 # MSVC Windows builds of rustc generate these, which store debugging information
 *.pdb
 
+# Generated by cargo mutants
+# Contains mutation testing data
+**/mutants.out*/
+
 # RustRover
 #  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
 #  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
\ No newline at end of file
+#.idea/
diff --git a/options/gitignore/SBT b/options/gitignore/SBT
index 5ed6acb657..98ee5070d7 100644
--- a/options/gitignore/SBT
+++ b/options/gitignore/SBT
@@ -10,3 +10,4 @@ project/plugins/project/
 .history
 .cache
 .lib/
+.bsp/
diff --git a/options/gitignore/SSDT-sqlproj b/options/gitignore/SSDT-sqlproj
new file mode 100644
index 0000000000..36c16598dd
--- /dev/null
+++ b/options/gitignore/SSDT-sqlproj
@@ -0,0 +1,31 @@
+## Ignore Visual Studio SSDT sqlproj specific temporary files, build results, etc
+##
+##
+## Get latest from https://github.com/github/gitignore/blob/master/SSDT-sqlproj.gitignore
+# Build output
+bin/
+obj/
+
+# DACPAC files
+*.dacpac
+
+# Publish profiles (optional, if environment-specific)
+*.publish.xml
+
+# SQL Server debug files
+*.dbmdl
+*.sqlcmdvars
+
+# Visual Studio settings
+.vs/
+
+# User-specific files
+*.user
+*.suo
+*.userosscache
+*.sln.docstates
+
+# Backup files
+*.bak
+*.log
+
diff --git a/options/gitignore/STM32CubeIDE b/options/gitignore/STM32CubeIDE
new file mode 100644
index 0000000000..fc7ee5c7fd
--- /dev/null
+++ b/options/gitignore/STM32CubeIDE
@@ -0,0 +1,51 @@
+# STM32CubeIDE specific files
+
+# Project-specific settings. Ignore it if developers have different preferences.
+# However, if you want all team members to use the same code formatting and settings, 
+# consider including the .settings folder in the repository.
+
+# /.settings/
+
+# Ignore Eclipse-based IDE launch configurations.
+# Uncomment if you want each developer to have their own unique debug configurations.
+#*.launch
+
+# Ignore any JLink-related files (debug configurations).
+# Uncomment if you want each developer to have their own unique debug configurations.
+#*.jlink
+
+# Ignore log files generated by the IDE.
+# These are not necessary for version control.
+*.log
+
+# Build files
+
+# Ignore build output directories.
+# These are not needed in the repository as they are generated during the build process.
+Debug/
+Release/
+
+# Ignore common binary and object files generated during compilation.
+# They should not be included in the repository as they are build artifacts.
+*.elf
+*.map
+*.bin
+*.hex
+*.srec
+*.lst
+*.o
+*.d
+*.a
+*.su
+*.crl
+
+#TouchGFX files (in case your project has touchGFX)
+TouchGFX/generated
+TouchGFX/build
+TouchGFX/simulator/msvs/.vs
+
+# Backup files
+
+# Ignore temporary and backup files generated by the operating system and editor.
+# These are not needed in the repository.
+*.bak
diff --git a/options/gitignore/Salesforce b/options/gitignore/Salesforce
new file mode 100644
index 0000000000..3547a96f6d
--- /dev/null
+++ b/options/gitignore/Salesforce
@@ -0,0 +1,39 @@
+# This file is used for Git repositories to specify intentionally untracked files that Git should ignore. 
+# If you are not using git, you can delete this file. For more information see: https://git-scm.com/docs/gitignore
+# For useful gitignore templates see: https://github.com/github/gitignore
+
+# Salesforce cache
+.sf/
+.sfdx/
+.localdevserver/
+deploy-options.json
+.localdev
+
+# LWC VSCode autocomplete
+**/lwc/jsconfig.json
+
+# LWC Jest coverage reports
+coverage/
+
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Eslint cache
+.eslintcache
+
+# Windows system files
+Thumbs.db
+ehthumbs.db
+[Dd]esktop.ini
+$RECYCLE.BIN/
+
+# Salesforce Analyzer results
+sca-results.csv
+sfca_results.json
+
+# Local environment variables
+.env
diff --git a/options/gitignore/Solidity-Remix b/options/gitignore/Solidity-Remix
new file mode 100644
index 0000000000..a49555a43a
--- /dev/null
+++ b/options/gitignore/Solidity-Remix
@@ -0,0 +1,15 @@
+# Remix compiler artifacts
+**/artifacts/
+**/artifacts/**
+
+# Remix plugin state folders
+deps/
+states/
+
+# Debug info
+*.dbg.json
+*.tsbuildinfo
+
+# Optional
+.env
+.env.local
\ No newline at end of file
diff --git a/options/gitignore/Stata b/options/gitignore/Stata
index 07997bb120..288abf8a15 100644
--- a/options/gitignore/Stata
+++ b/options/gitignore/Stata
@@ -8,6 +8,7 @@
 *.smcl
 *.stpr
 *.stsem
+~*.stswp
 
 # Graphic export files from Stata
 # Stata command graph export: http://www.stata.com/manuals14/g-2graphexport.pdf
diff --git a/options/gitignore/TeX b/options/gitignore/TeX
index a1f5212090..9308a4b649 100644
--- a/options/gitignore/TeX
+++ b/options/gitignore/TeX
@@ -26,7 +26,9 @@
 
 ## Bibliography auxiliary files (bibtex/biblatex/biber):
 *.bbl
+*.bbl-SAVE-ERROR
 *.bcf
+*.bcf-SAVE-ERROR
 *.blg
 *-blx.aux
 *-blx.bib
@@ -57,6 +59,9 @@ acs-*.bib
 # amsthm
 *.thm
 
+# attachfile2
+*.atfi
+
 # beamer
 *.nav
 *.pre
@@ -65,6 +70,7 @@ acs-*.bib
 
 # changes
 *.soc
+*.loc
 
 # comment
 *.cut
@@ -108,8 +114,11 @@ acs-*.bib
 *.acn
 *.acr
 *.glg
+*.glg-abr
 *.glo
+*.glo-abr
 *.gls
+*.gls-abr
 *.glsdefs
 *.lzo
 *.lzs
@@ -152,6 +161,9 @@ acs-*.bib
 # *.tikz
 *-tikzDictionary
 
+# latexindent will create succesive backup files by default
+#*.bak*
+
 # listings
 *.lol
 
@@ -174,6 +186,7 @@ acs-*.bib
 
 # minted
 _minted*
+*.data.minted
 *.pyg
 
 # morewrites
@@ -201,6 +214,10 @@ _minted*
 # scrwfile
 *.wrt
 
+# spelling
+*.spell.bad
+*.spell.txt
+
 # svg
 svg-inkscape/
 
@@ -266,6 +283,9 @@ TSWLatexianTemp*
 *.bak
 *.sav
 
+# latexindent.pl
+*.bak[0-9]*
+
 # Texpad
 .texpadtmp
 
diff --git a/options/gitignore/Terraform b/options/gitignore/Terraform
index 2faf43d0a1..78e7733b54 100644
--- a/options/gitignore/Terraform
+++ b/options/gitignore/Terraform
@@ -1,5 +1,5 @@
 # Local .terraform directories
-**/.terraform/*
+.terraform/
 
 # .tfstate files
 *.tfstate
@@ -10,8 +10,8 @@ crash.log
 crash.*.log
 
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
-# password, private keys, and other secrets. These should not be part of version 
-# control as they are data points which are potentially sensitive and subject 
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
 # to change depending on the environment.
 *.tfvars
 *.tfvars.json
@@ -35,3 +35,10 @@ override.tf.json
 # Ignore CLI configuration files
 .terraformrc
 terraform.rc
+
+# Optional: ignore graph output files generated by `terraform graph`
+# *.dot
+
+# Optional: ignore plan files saved before destroying Terraform configuration
+# Uncomment the line below if you want to ignore planout files.
+# planout
\ No newline at end of file
diff --git a/options/gitignore/TestComplete b/options/gitignore/TestComplete
new file mode 100644
index 0000000000..8378b9eedb
--- /dev/null
+++ b/options/gitignore/TestComplete
@@ -0,0 +1,14 @@
+# Test Complete ignore files: https://support.smartbear.com/viewarticle/68002/
+
+# Tester-specific Settings
+*.tcCFGExtender
+*.tcLS
+
+# Type library declarations
+*.tlb
+
+# Log files
+*.tcLogs
+
+# Backup files
+*.bak
diff --git a/options/gitignore/TwinCAT3 b/options/gitignore/TwinCAT3
index 7bd6f87505..6786d5e833 100644
--- a/options/gitignore/TwinCAT3
+++ b/options/gitignore/TwinCAT3
@@ -1,25 +1,57 @@
-# gitignore template for TwinCAT3
+### TwinCAT3 ###
 # website: https://www.beckhoff.com/twincat3/
-#
-# Recommended: VisualStudio.gitignore
 
-# TwinCAT files
+# TwinCAT PLC
+*.plcproj.bak
+*.plcproj.orig
 *.tpy
 *.tclrs
+*.library
 *.compiled-library
 *.compileinfo
-# Don't include the tmc-file rule if either of the following is true:
-#   1. You've got TwinCAT C++ projects, as the information in the TMC-file is created manually for the C++ projects (in that case, only (manually) ignore the tmc-files for the PLC projects)
-#   2. You've created a standalone PLC-project and added events to it, as these are stored in the TMC-file.
-*.tmc
-*.tmcRefac
-*.library
-*.project.~u
-*.tsproj.bak
-*.xti.bak
+*.asm
+*.core
 LineIDs.dbg
 LineIDs.dbg.bak
-_Boot/
-_CompileInfo/
-_Libraries/
-_ModuleInstall/
\ No newline at end of file
+
+# TwinCAT C++ and shared types
+# ignoring the TMC file is only useful for plain PLC programming
+# as soon as shared data types (via tmc), C++ or in general TcCom-Module are used, the TMC file has to be part of the repository
+*.tmc
+*.tmcRefac
+
+# TwinCAT project files
+*.tsproj.bak
+*.tsproj.b?k
+*.tsproj.orig
+*.tspproj.bak
+*.xti.bak
+*.xti.bk?
+*.xti.orig
+*.xtv
+*.xtv.bak
+*.xtv.bk?
+*.xt?.bk?
+*.xt?.orig
+
+# Multiuser specific
+**/.TcGit/
+
+# exclude not required folders
+**/_Boot/
+**/_CompileInfo/
+**/_Libraries/
+**/_ModuleInstall/
+**/_Deployment/
+**/_Repository/
+
+
+# To include a specific library directory (i.e. third party/custom libs),
+# use pattern `!/**/_Libraries/<directory name>/` i.e. `!/**/_Libraries/www.tcunit.org/`
+#
+
+# VS Shell project specific files and folders
+**/.vs/
+*.~u
+*.project.~u
+*.suo
diff --git a/options/gitignore/UTAU b/options/gitignore/UTAU
new file mode 100644
index 0000000000..173bc781f1
--- /dev/null
+++ b/options/gitignore/UTAU
@@ -0,0 +1,52 @@
+# Adobe Audition
+*.pkf
+
+# UTAU Engines
+*.ctspec
+*.d4c
+*.dio
+*.frc
+*.frt
+*.frq
+*.harvest
+*.lessaudio
+*.llsm
+*.mrq
+*.pitchtier
+*.platinum
+*.pmk
+*.sc.npz
+*.star
+*.uspec
+*.vs4ufrq
+
+# UTAU related tools
+$read
+*.setParam-Scache
+*.lbp
+*.lbp.caches/*
+
+# OpenUtau
+errors.txt
+
+# Deepvocal
+*.DVModel
+*-log.txt
+SKC
+SKI
+SKC_1
+SKC_2
+*.sksd
+
+# VocalSharp
+*.scep
+*.vssf
+*.vsdx
+*.vsdxindex
+
+# Binary Archive
+*.7z
+*.zip
+*.rar
+*.exe
+
diff --git a/options/gitignore/UiPath b/options/gitignore/UiPath
index f0c2267b89..0948dcc846 100644
--- a/options/gitignore/UiPath
+++ b/options/gitignore/UiPath
@@ -1,4 +1,4 @@
-# gitignore template for RPA development using UiPath Studio 
+# gitignore template for RPA development using UiPath Studio
 # website: https://www.uipath.com/product/studio
 #
 # Recommended: n/a
diff --git a/options/gitignore/Umbraco b/options/gitignore/Umbraco
index 1dc3da526c..260c741209 100644
--- a/options/gitignore/Umbraco
+++ b/options/gitignore/Umbraco
@@ -21,7 +21,7 @@
 
 ## The [Mm]edia/ folder contains content. Content may vary by environment and should therefore not be added to source control.
 ## Uncomment this line if you think it fits the way you work on your project.
-## **/[Mm]edia/ 
+## **/[Mm]edia/
 
 # Don't ignore Umbraco packages (VisualStudio.gitignore mistakes this for a NuGet packages folder)
 # Make sure to include details from VisualStudio.gitignore BEFORE this
@@ -43,7 +43,7 @@
 *.sqlite.db*
 
 #ignore umbraco data/views/settings
-**/umbraco/
+**/umbraco/*
 
 #include default location for modelsbuilder output
 !**/umbraco/models
diff --git a/options/gitignore/Unity b/options/gitignore/Unity
index 58cbc8256e..9eb70ce1f5 100644
--- a/options/gitignore/Unity
+++ b/options/gitignore/Unity
@@ -2,6 +2,7 @@
 #
 # Get latest from https://github.com/github/gitignore/blob/main/Unity.gitignore
 #
+.utmp/
 /[Ll]ibrary/
 /[Tt]emp/
 /[Oo]bj/
@@ -9,6 +10,11 @@
 /[Bb]uilds/
 /[Ll]ogs/
 /[Uu]ser[Ss]ettings/
+*.log
+
+# By default unity supports Blender asset imports, *.blend1 blender files do not need to be commited to version control.
+*.blend1
+*.blend1.meta
 
 # MemoryCaptures can get excessive in size.
 # They also could contain extremely sensitive data
@@ -22,6 +28,8 @@
 
 # Autogenerated Jetbrains Rider plugin
 /[Aa]ssets/Plugins/Editor/JetBrains*
+# Jetbrains Rider personal-layer settings
+*.DotSettings.user
 
 # Visual Studio cache directory
 .vs/
@@ -55,18 +63,37 @@ ExportedObj/
 # Unity3D generated file on crash reports
 sysinfo.txt
 
+# Mono auto generated files
+mono_crash.*
+
 # Builds
 *.apk
 *.aab
 *.unitypackage
+*.unitypackage.meta
 *.app
 
 # Crashlytics generated file
 crashlytics-build.properties
 
-# Packed Addressables
-/[Aa]ssets/[Aa]ddressable[Aa]ssets[Dd]ata/*/*.bin*
+# TestRunner generated files
+InitTestScene*.unity*
 
-# Temporary auto-generated Android Assets
-/[Aa]ssets/[Ss]treamingAssets/aa.meta
-/[Aa]ssets/[Ss]treamingAssets/aa/*
+# Addressables default ignores, before user customizations
+/ServerData
+/[Aa]ssets/StreamingAssets/aa*
+/[Aa]ssets/AddressableAssetsData/link.xml*
+/[Aa]ssets/Addressables_Temp*
+# By default, Addressables content builds will generate addressables_content_state.bin
+# files in platform-specific subfolders, for example:
+# /Assets/AddressableAssetsData/OSX/addressables_content_state.bin
+/[Aa]ssets/AddressableAssetsData/*/*.bin*
+
+# Visual Scripting auto-generated files
+/[Aa]ssets/Unity.VisualScripting.Generated/VisualScripting.Flow/UnitOptions.db
+/[Aa]ssets/Unity.VisualScripting.Generated/VisualScripting.Flow/UnitOptions.db.meta
+/[Aa]ssets/Unity.VisualScripting.Generated/VisualScripting.Core/Property Providers
+/[Aa]ssets/Unity.VisualScripting.Generated/VisualScripting.Core/Property Providers.meta
+
+# Auto-generated scenes by play mode tests
+/[Aa]ssets/[Ii]nit[Tt]est[Ss]cene*.unity*
diff --git a/options/gitignore/UnrealEngine b/options/gitignore/UnrealEngine
index 6e0d95fb31..b70ad5aae2 100644
--- a/options/gitignore/UnrealEngine
+++ b/options/gitignore/UnrealEngine
@@ -40,6 +40,7 @@
 *.sdf
 *.VC.db
 *.VC.opendb
+.vsconfig
 
 # Precompiled Assets
 SourceArt/**/*.png
diff --git a/options/gitignore/VBA b/options/gitignore/VBA
new file mode 100644
index 0000000000..710dab19de
--- /dev/null
+++ b/options/gitignore/VBA
@@ -0,0 +1,40 @@
+
+# Office temporary files
+~$*
+
+# Access database lock files (laccdb, ldb)
+*.[lL][aA][cC][cC][dD][bB]
+*.[lL][dD][bB]
+
+# The following sections constitute a list of Office file extensions that support VBA.
+# If you want to exclude Office files from your repo, uncomment the corresponding file extensions.
+
+# Excel (xls, xlsb, xlsm, xlt, xltm, xla, xlam)
+#*.[xX][lL][sS]
+#*.[xX][lL][sS][bB]
+#*.[xX][lL][sS][mM]
+#*.[xX][lL][tT]
+#*.[xX][lL][tT][mM]
+#*.[xX][lL][aA]
+#*.[xX][lL][aA][mM]
+
+# Word (doc, docm, dot, dotm)
+#*.[dD][oO][cC]
+#*.[dD][oO][cC][mM]
+#*.[dD][oO][tT]
+#*.[dD][oO][tT][mM]
+
+# Access (accda, accdb, accde, mdb, mde)
+#*.[aA][cC][cC][dD][aA]
+#*.[aA][cC][cC][dD][bB]
+#*.[aA][cC][cC][dD][eE]
+#*.[mM][dD][bB]
+#*.[mM][dD][eE]
+
+# PowerPoint (ppt, pptm, pot, potm, pps, ppsm)
+#*.[pP][pP][tT]
+#*.[pP][pP][tT][mM]
+#*.[pP][oO][tT]
+#*.[pP][oO][tT][mM]
+#*.[pP][pP][sS]
+#*.[pP][pP][sS][mM]
diff --git a/options/gitignore/Vim b/options/gitignore/Vim
index 19fa63264c..cb8a049960 100644
--- a/options/gitignore/Vim
+++ b/options/gitignore/Vim
@@ -1,6 +1,7 @@
 # Swap
 [._]*.s[a-v][a-z]
-!*.svg  # comment out if you don't need vector files
+# comment out the next line if you don't need vector files
+!*.svg
 [._]*.sw[a-p]
 [._]s[a-rt-v][a-z]
 [._]ss[a-gi-z]
diff --git a/options/gitignore/VirtualEnv b/options/gitignore/VirtualEnv
index b2c22f2af7..d895d00efe 100644
--- a/options/gitignore/VirtualEnv
+++ b/options/gitignore/VirtualEnv
@@ -1,5 +1,5 @@
 # Virtualenv
-# http://iamzed.com/2009/05/07/a-primer-on-virtualenv/
+# https://realpython.com/python-virtual-environments-a-primer/#the-virtualenv-project
 .Python
 [Bb]in
 [Ii]nclude
diff --git a/options/gitignore/VisualStudio b/options/gitignore/VisualStudio
index 8a30d258ed..47a94ef17f 100644
--- a/options/gitignore/VisualStudio
+++ b/options/gitignore/VisualStudio
@@ -9,6 +9,7 @@
 *.user
 *.userosscache
 *.sln.docstates
+*.env
 
 # User-specific files (MonoDevelop/Xamarin Studio)
 *.userprefs
@@ -21,17 +22,37 @@ mono_crash.*
 [Dd]ebugPublic/
 [Rr]elease/
 [Rr]eleases/
-x64/
-x86/
+
+[Dd]ebug/x64/
+[Dd]ebugPublic/x64/
+[Rr]elease/x64/
+[Rr]eleases/x64/
+bin/x64/
+obj/x64/
+
+[Dd]ebug/x86/
+[Dd]ebugPublic/x86/
+[Rr]elease/x86/
+[Rr]eleases/x86/
+bin/x86/
+obj/x86/
+
 [Ww][Ii][Nn]32/
 [Aa][Rr][Mm]/
 [Aa][Rr][Mm]64/
+[Aa][Rr][Mm]64[Ee][Cc]/
 bld/
-[Bb]in/
 [Oo]bj/
+[Oo]ut/
 [Ll]og/
 [Ll]ogs/
 
+# Build results on 'Bin' directories
+**/[Bb]in/*
+# Uncomment if you have tasks that rely on *.refresh files to move binaries
+# (https://github.com/github/gitignore/pull/3736)
+#!**/[Bb]in/*.refresh
+
 # Visual Studio 2015/2017 cache/options directory
 .vs/
 # Uncomment if you have tasks that create the project's static files in wwwroot
@@ -43,12 +64,16 @@ Generated\ Files/
 # MSTest test Results
 [Tt]est[Rr]esult*/
 [Bb]uild[Ll]og.*
+*.trx
 
 # NUnit
 *.VisualState.xml
 TestResult.xml
 nunit-*.xml
 
+# Approval Tests result files
+*.received.*
+
 # Build Results of an ATL Project
 [Dd]ebugPS/
 [Rr]eleasePS/
@@ -75,6 +100,7 @@ StyleCopReport.xml
 *.ilk
 *.meta
 *.obj
+*.idb
 *.iobj
 *.pch
 *.pdb
@@ -82,6 +108,8 @@ StyleCopReport.xml
 *.pgc
 *.pgd
 *.rsp
+# but not Directory.Build.rsp, as it configures directory-level build defaults
+!Directory.Build.rsp
 *.sbr
 *.tlb
 *.tli
@@ -153,6 +181,7 @@ coverage*.info
 
 # NCrunch
 _NCrunch_*
+.NCrunch_*
 .*crunch*.local.xml
 nCrunchTemp_*
 
@@ -294,9 +323,6 @@ node_modules/
 # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
 *.vbw
 
-# Visual Studio 6 auto-generated project file (contains which files were open etc.)
-*.vbp
-
 # Visual Studio 6 workspace and project file (working project files containing files to include in project)
 *.dsw
 *.dsp
@@ -314,22 +340,22 @@ node_modules/
 _Pvt_Extensions
 
 # Paket dependency manager
-.paket/paket.exe
+**/.paket/paket.exe
 paket-files/
 
 # FAKE - F# Make
-.fake/
+**/.fake/
 
 # CodeRush personal settings
-.cr/personal
+**/.cr/personal
 
 # Python Tools for Visual Studio (PTVS)
-__pycache__/
+**/__pycache__/
 *.pyc
 
 # Cake - Uncomment if you are using it
-# tools/**
-# !tools/packages.config
+#tools/**
+#!tools/packages.config
 
 # Tabs Studio
 *.tss
@@ -351,15 +377,19 @@ ASALocalRun/
 
 # MSBuild Binary and Structured Log
 *.binlog
+MSBuild_Logs/
+
+# AWS SAM Build and Temporary Artifacts folder
+.aws-sam
 
 # NVidia Nsight GPU debugger configuration file
 *.nvuser
 
 # MFractors (Xamarin productivity tool) working folder
-.mfractor/
+**/.mfractor/
 
 # Local History for Visual Studio
-.localhistory/
+**/.localhistory/
 
 # Visual Studio History (VSHistory) files
 .vshistory/
@@ -371,7 +401,7 @@ healthchecksdb
 MigrationBackup/
 
 # Ionide (cross platform F# VS Code tools) working folder
-.ionide/
+**/.ionide/
 
 # Fody - auto-generated XML schema
 FodyWeavers.xsd
@@ -382,17 +412,17 @@ FodyWeavers.xsd
 !.vscode/tasks.json
 !.vscode/launch.json
 !.vscode/extensions.json
-*.code-workspace
+!.vscode/*.code-snippets
 
 # Local History for Visual Studio Code
 .history/
 
+# Built Visual Studio Code Extensions
+*.vsix
+
 # Windows Installer files from build outputs
 *.cab
 *.msi
 *.msix
 *.msm
 *.msp
-
-# JetBrains Rider
-*.sln.iml
diff --git a/options/gitignore/VisualStudioCode b/options/gitignore/VisualStudioCode
index 45fce1d71c..b72ba8b5bd 100644
--- a/options/gitignore/VisualStudioCode
+++ b/options/gitignore/VisualStudioCode
@@ -4,9 +4,7 @@
 !.vscode/launch.json
 !.vscode/extensions.json
 !.vscode/*.code-snippets
-
-# Local History for Visual Studio Code
-.history/
+!*.code-workspace
 
 # Built Visual Studio Code Extensions
 *.vsix
diff --git a/options/gitignore/Zig b/options/gitignore/Zig
index 748837a058..0180838aed 100644
--- a/options/gitignore/Zig
+++ b/options/gitignore/Zig
@@ -1,5 +1,3 @@
 .zig-cache/
 zig-out/
-build/
-build-*/
-docgen_tmp/
\ No newline at end of file
+*.o
diff --git a/options/gitignore/libogc b/options/gitignore/libogc
new file mode 100644
index 0000000000..facd77526f
--- /dev/null
+++ b/options/gitignore/libogc
@@ -0,0 +1,91 @@
+# Ignore build directories
+build/
+
+# Ignore Wii-specific metadata files
+meta.xml
+icon.png
+
+
+# Ignore editor or IDE-specific files
+.vscode/
+.idea/
+*.sublime-project
+*.sublime-workspace
+
+# Ignore backup or temporary files
+*~
+*.bak
+*.swp
+*.tmp
+
+# Ignore log files
+*.log
+
+# Ignore libraries and dependencies
+lib/
+deps/
+obj/
+
+# Ignore operating system-specific files
+$RECYCLE.BIN/
+.Trash-1000/
+.Spotlight-V100/
+.fseventsd/
+.DS_Store
+
+# Prerequisites
+*.d
+
+# Object files
+*.o
+*.ko
+*.obj
+*.elf
+*.o
+*.bin
+
+# Linker output
+*.ilk
+*.map
+*.exp
+
+# Precompiled Headers
+*.gch
+*.pch
+
+# Libraries
+*.lib
+*.a
+*.la
+*.lo
+
+# Shared objects (inc. Windows DLLs)
+*.dll
+*.so
+*.so.*
+*.dylib
+
+# Executables
+*.exe
+*.out
+*.app
+*.i*86
+*.x86_64
+*.hex
+*.dol
+*.elf
+
+# Debug files
+*.dSYM/
+*.su
+*.idb
+*.pdb
+
+# Kernel Module Compile Results
+*.mod*
+*.cmd
+.tmp_versions/
+modules.order
+Module.symvers
+Mkfile.old
+dkms.conf
diff --git a/options/gitignore/macOS b/options/gitignore/macOS
index 135767fc07..a4557fbaea 100644
--- a/options/gitignore/macOS
+++ b/options/gitignore/macOS
@@ -1,10 +1,9 @@
 # General
 .DS_Store
+__MACOSX/
 .AppleDouble
 .LSOverride
-
-# Icon must end with two \r
-Icon

+Icon[
]
 
 # Thumbnails
 ._*
diff --git a/options/gitignore/mise b/options/gitignore/mise
new file mode 100644
index 0000000000..2f44750e3a
--- /dev/null
+++ b/options/gitignore/mise
@@ -0,0 +1,11 @@
+# https://mise.jdx.dev/configuration.html
+# https://mise.jdx.dev/configuration/environments.html
+.mise.*.local.toml
+.mise.local.toml
+mise.*.local.toml
+mise.local.toml
+.mise/*.local.toml
+mise/*.local.toml
+
+# https://mise.jdx.dev/configuration.html#tool-versions
+#.tool-versions
diff --git a/options/license/ALGLIB-Documentation b/options/license/ALGLIB-Documentation
new file mode 100644
index 0000000000..6b966d4b41
--- /dev/null
+++ b/options/license/ALGLIB-Documentation
@@ -0,0 +1,17 @@
+ Copyright 1994-2009 Sergey Bochkanov, ALGLIB Project. All rights reserved.
+
+Redistribution and use of this document (ALGLIB Reference Manual) with or
+without modification, are permitted provided that such redistributions will
+retain the above copyright notice, this condition and the following disclaimer
+as the first (or last) lines of this file.
+
+THIS DOCUMENTATION IS PROVIDED BY THE ALGLIB PROJECT "AS IS" AND ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
+SHALL THE ALGLIB PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
diff --git a/options/license/Advanced-Cryptics-Dictionary b/options/license/Advanced-Cryptics-Dictionary
new file mode 100644
index 0000000000..904b942ae6
--- /dev/null
+++ b/options/license/Advanced-Cryptics-Dictionary
@@ -0,0 +1,10 @@
+License text: Copyright (c) J Ross Beresford 1993-1999. All Rights Reserved.
+
+The following restriction is placed on the use of this publication:
+if The UK Advanced Cryptics Dictionary is used in a software package
+or redistributed in any form, the copyright notice must be
+prominently displayed and the text of this document must be included
+verbatim.
+
+There are no other restrictions: I would like to see the list
+distributed as widely as possible.
diff --git a/options/license/Artistic-dist b/options/license/Artistic-dist
new file mode 100644
index 0000000000..ff0b79e470
--- /dev/null
+++ b/options/license/Artistic-dist
@@ -0,0 +1,125 @@
+The "Artistic License"
+ 
+                             Preamble
+ 
+The intent of this document is to state the conditions under which a
+Package may be copied, such that the Copyright Holder maintains some
+semblance of artistic control over the development of the Package,
+while giving the users of the package the right to use and distribute
+the Package in a more-or-less customary fashion, plus the right to make
+reasonable modifications.
+ 
+It also grants you the rights to reuse parts of a Package in your own
+programs without transferring this License to those programs, provided
+that you meet some reasonable requirements.
+ 
+Definitions:
+ 
+        "Package" refers to the collection of files distributed by the
+        Copyright Holder, and derivatives of that collection of files
+        created through textual modification.
+ 
+        "Standard Version" refers to such a Package if it has not been
+        modified, or has been modified in accordance with the wishes
+        of the Copyright Holder as specified below.
+ 
+        "Copyright Holder" is whoever is named in the copyright or
+        copyrights for the package.
+ 
+        "You" is you, if you're thinking about copying or distributing
+        this Package.
+ 
+        "Reasonable copying fee" is whatever you can justify on the
+        basis of media cost, duplication charges, time of people involved,
+        and so on.  (You will not be required to justify it to the
+        Copyright Holder, but only to the computing community at large
+        as a market that must bear the fee.)
+ 
+        "Freely Available" means that no fee is charged for the item
+        itself, though there may be fees involved in handling the item.
+        It also means that recipients of the item may redistribute it
+        under the same conditions they received it.
+ 
+1. You may make and give away verbatim copies of the source form of the
+Standard Version of this Package without restriction, provided that you
+duplicate all of the original copyright notices and associated disclaimers.
+ 
+2. You may apply bug fixes, portability fixes and other modifications
+derived from the Public Domain or from the Copyright Holder.  A Package
+modified in such a way shall still be considered the Standard Version.
+ 
+3. You may otherwise modify your copy of this Package in any way, provided
+that you insert a prominent notice in each changed file stating how and
+when you changed that file, and provided that you do at least ONE of the
+following:
+ 
+    a) place your modifications in the Public Domain or otherwise make them
+    Freely Available, such as by posting said modifications to Usenet or
+    an equivalent medium, or placing the modifications on a major archive
+    site such as uunet.uu.net, or by allowing the Copyright Holder to include
+    your modifications in the Standard Version of the Package.
+ 
+    b) use the modified Package only within your corporation or organization.
+ 
+    c) rename any non-standard executables so the names do not conflict
+    with standard executables, which must also be provided, and provide
+    a separate manual page for each non-standard executable that clearly
+    documents how it differs from the Standard Version.
+ 
+    d) make other distribution arrangements with the Copyright Holder.
+ 
+4. You may distribute the programs of this Package in object code or
+executable form, provided that you do at least ONE of the following:
+ 
+    a) distribute a Standard Version of the executables and library files,
+    together with instructions (in the manual page or equivalent) on where
+    to get the Standard Version.
+ 
+    b) accompany the distribution with the machine-readable source of
+    the Package with your modifications.
+ 
+    c) give non-standard executables non-standard names, and clearly
+    document the differences in manual pages (or equivalent), together
+    with instructions on where to get the Standard Version.
+ 
+    d) make other distribution arrangements with the Copyright Holder.
+ 
+5. You may charge a reasonable copying fee for any distribution of this
+Package.  You may charge any fee you choose for support of this
+Package.  You may not charge a fee for this Package itself.  However,
+you may distribute this Package in aggregate with other (possibly
+commercial) programs as part of a larger (possibly commercial) software
+distribution provided that you do not advertise this Package as a
+product of your own.
+ 
+6. The scripts and library files supplied as input to or produced as
+output from the programs of this Package do not automatically fall
+under the copyright of this Package, but belong to whoever generated
+them, and may be sold commercially, and may be aggregated with this
+Package.  If such scripts or library files are aggregated with this
+Package via the so-called "undump" or "unexec" methods of producing a
+binary executable image, then distribution of such an image shall
+neither be construed as a distribution of this Package nor shall it
+fall under the restrictions of Paragraphs 3 and 4, provided that you do
+not represent such an executable image as a Standard Version of this
+Package.
+ 
+7. You may reuse parts of this Package in your own programs, provided that
+you explicitly state where you got them from, in the source code (and, left
+to your courtesy, in the documentation), duplicating all the associated
+copyright notices and disclaimers. Besides your changes, if any, must be
+clearly marked as such. Parts reused that way will no longer fall under this
+license if, and only if, the name of your program(s) have no immediate
+connection with the name of the Package itself or its associated programs.
+You may then apply whatever restrictions you wish on the reused parts or
+choose to place them in the Public Domain--this will apply only within the
+context of your package.
+ 
+8. The name of the Copyright Holder may not be used to endorse or promote
+products derived from this software without specific prior written permission.
+ 
+9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+THE END
diff --git a/options/license/Aspell-RU b/options/license/Aspell-RU
new file mode 100644
index 0000000000..5cec17629b
--- /dev/null
+++ b/options/license/Aspell-RU
@@ -0,0 +1,4 @@
+Permission to use, copy, redistribute is granted.
+Permission to redistribute modifications in patch form is granted.
+Permission to redistribute binaries made of modified sources is granted.
+All other rights reserved.
diff --git a/options/license/BSD-2-Clause-pkgconf-disclaimer b/options/license/BSD-2-Clause-pkgconf-disclaimer
new file mode 100644
index 0000000000..4c3b8ae80e
--- /dev/null
+++ b/options/license/BSD-2-Clause-pkgconf-disclaimer
@@ -0,0 +1,15 @@
+Copyright © 2001-2025 Audacious developers and others
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions, and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions, and the following disclaimer in the
+   documentation provided with the distribution.
+
+This software is provided “as is” and without any warranty, express or
+implied.  In no event shall the authors be liable for any damages arising
+from the use of this software.
diff --git a/options/license/BSD-3-Clause-Tso b/options/license/BSD-3-Clause-Tso
new file mode 100644
index 0000000000..3f70dabf39
--- /dev/null
+++ b/options/license/BSD-3-Clause-Tso
@@ -0,0 +1,11 @@
+Copyright Theodore Ts'o, 1994, 1995, 1996, 1997, 1998, 1999. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, and the entire permission notice in its entirety, including the disclaimer of warranties.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ALL OF WHICH ARE HEREBY DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/options/license/BSD-Mark-Modifications b/options/license/BSD-Mark-Modifications
new file mode 100644
index 0000000000..995bcb1eb9
--- /dev/null
+++ b/options/license/BSD-Mark-Modifications
@@ -0,0 +1,35 @@
+License text:  Copyright 1993, Geoff Kuenning, Granada Hills, CA
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+3. All modifications to the source code must be clearly marked as
+such.  Binary redistributions based on modified source code
+must be clearly marked as modified versions in the documentation
+and/or other materials provided with the distribution.
+(clause 4 removed with permission from Geoff Kuenning)
+
+4. The name of Geoff Kuenning may not be used to endorse or promote
+products derived from this software without specific prior
+written permission.
+
+THIS SOFTWARE IS PROVIDED BY GEOFF KUENNING AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL GEOFF KUENNING OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
diff --git a/options/license/Boehm-GC-without-fee b/options/license/Boehm-GC-without-fee
new file mode 100644
index 0000000000..354d47017e
--- /dev/null
+++ b/options/license/Boehm-GC-without-fee
@@ -0,0 +1,14 @@
+Copyright (c)  2000
+SWsoft  company
+
+Modifications copyright (c) 2001, 2013. Oracle and/or its affiliates.
+All rights reserved.
+
+This material is provided "as is", with absolutely no warranty expressed
+or implied. Any use is at your own risk.
+
+Permission to use or copy this software for any purpose is hereby granted
+without fee, provided the above notices are retained on all copies.
+Permission to modify the code and to distribute modified code is granted,
+provided the above notices are retained, and a notice that the code was
+modified is included with the above copyright notice.
diff --git a/options/license/Buddy b/options/license/Buddy
new file mode 100644
index 0000000000..fe750b2e32
--- /dev/null
+++ b/options/license/Buddy
@@ -0,0 +1,26 @@
+           Copyright (C) 1996-2002 by Jorn Lind-Nielsen
+                        All rights reserved
+
+Permission is hereby granted, without written agreement and without
+license or royalty fees, to use, reproduce, prepare derivative
+works, distribute, and display this software and its documentation
+for any purpose, provided that (1) the above copyright notice and
+the following two paragraphs appear in all copies of the source code
+and (2) redistributions, including without limitation binaries,
+reproduce these notices in the supporting documentation. Substantial
+modifications to this software may be copyrighted by their authors
+and need not follow the licensing terms described here, provided
+that the new terms are clearly indicated in all files where they apply.
+
+IN NO EVENT SHALL JORN LIND-NIELSEN, OR DISTRIBUTORS OF THIS
+SOFTWARE BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL,
+INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS
+SOFTWARE AND ITS DOCUMENTATION, EVEN IF THE AUTHORS OR ANY OF THE
+ABOVE PARTIES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+JORN LIND-NIELSEN SPECIFICALLY DISCLAIM ANY WARRANTIES, INCLUDING,
+BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
+FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS
+ON AN "AS IS" BASIS, AND THE AUTHORS AND DISTRIBUTORS HAVE NO
+OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR
+MODIFICATIONS.
diff --git a/options/license/CAPEC-tou b/options/license/CAPEC-tou
new file mode 100644
index 0000000000..fe6ddd466e
--- /dev/null
+++ b/options/license/CAPEC-tou
@@ -0,0 +1,6 @@
+LICENSE
+The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use Common Attack Pattern Enumeration and Classification (CAPEC™) for research, development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce MITRE’s copyright designation and this license in any such copy.
+
+DISCLAIMERS
+
+ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
diff --git a/options/license/CC-BY-ND-2.5 b/options/license/CC-BY-ND-2.5
index 2f6b29acfa..69e476834d 100644
--- a/options/license/CC-BY-ND-2.5
+++ b/options/license/CC-BY-ND-2.5
@@ -1,4 +1,4 @@
-Creative Commons Attribution-NoDerivs 2.5
+Creative Commons Attribution-NoDerivs 2.5 Generic
 
  CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE.
 
diff --git a/options/license/CC-PDM-1.0 b/options/license/CC-PDM-1.0
new file mode 100644
index 0000000000..1dc4e63b87
--- /dev/null
+++ b/options/license/CC-PDM-1.0
@@ -0,0 +1,27 @@
+No Copyright
+
+This work has been identified as being free of known restrictions under
+copyright law, including all related and neighboring rights.
+
+
+You can copy, modify, distribute and perform the work, even for commercial
+purposes, all without asking permission. See Other Information below.
+
+Other Information
+
+The work may not be free of known copyright restrictions in all jurisdictions .
+
+Persons may have other rights in or related to the work, such as patent or
+trademark rights, and others may have rights in how the work is used, such as
+publicity or privacy rights.
+
+In some jurisdictions moral rights of the author may persist beyond the term of
+copyright. These rights may include the right to be identified as the author
+and the right to object to derogatory treatments.
+
+Unless expressly stated otherwise, the person who identified the work makes no
+warranties about the work, and disclaims liability for all uses of the work, to
+the fullest extent permitted by applicable law.
+
+When using or citing the work, you should not imply endorsement by the author
+or the person who identified the work.
diff --git a/options/license/CC-SA-1.0 b/options/license/CC-SA-1.0
new file mode 100644
index 0000000000..1a810feaec
--- /dev/null
+++ b/options/license/CC-SA-1.0
@@ -0,0 +1,198 @@
+                          Creative Commons Legal Code
+
+                                ShareAlike 1.0
+
+CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL
+SERVICES. DISTRIBUTION OF THIS DRAFT LICENSE DOES NOT CREATE AN ATTORNEY-CLIENT
+RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS.
+CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE INFORMATION PROVIDED, AND
+DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM ITS USE.
+
+License
+
+THE WORK (AS DEFINED BELOW) IS PROVIDED UNDER THE TERMS OF THIS CREATIVE
+COMMONS PUBLIC LICENSE ("CCPL" OR "LICENSE"). THE WORK IS PROTECTED BY
+COPYRIGHT AND/OR OTHER APPLICABLE LAW. ANY USE OF THE WORK OTHER THAN AS
+AUTHORIZED UNDER THIS LICENSE IS PROHIBITED.
+
+BY EXERCISING ANY RIGHTS TO THE WORK PROVIDED HERE, YOU ACCEPT AND AGREE TO BE
+BOUND BY THE TERMS OF THIS LICENSE. THE LICENSOR GRANTS YOU THE RIGHTS
+CONTAINED HERE IN CONSIDERATION OF YOUR ACCEPTANCE OF SUCH TERMS AND
+CONDITIONS.
+
+1. Definitions
+
+ a. "Collective Work" means a work, such as a periodical issue, anthology or
+    encyclopedia, in which the Work in its entirety in unmodified form, along
+    with a number of other contributions, constituting separate and independent
+    works in themselves, are assembled into a collective whole. A work that
+    constitutes a Collective Work will not be considered a Derivative Work (as
+    defined below) for the purposes of this License.
+ b. "Derivative Work" means a work based upon the Work or upon the Work and
+    other pre-existing works, such as a translation, musical arrangement,
+    dramatization, fictionalization, motion picture version, sound recording,
+    art reproduction, abridgment, condensation, or any other form in which the
+    Work may be recast, transformed, or adapted, except that a work that
+    constitutes a Collective Work will not be considered a Derivative Work for
+    the purpose of this License.
+ c. "Licensor" means the individual or entity that offers the Work under the
+    terms of this License.
+ d. "Original Author" means the individual or entity who created the Work.
+ e. "Work" means the copyrightable work of authorship offered under the terms
+    of this License.
+ f. "You" means an individual or entity exercising rights under this License
+    who has not previously violated the terms of this License with respect to
+    the Work, or who has received express permission from the Licensor to
+    exercise rights under this License despite a previous violation.
+
+2. Fair Use Rights. Nothing in this license is intended to reduce, limit, or
+restrict any rights arising from fair use, first sale or other limitations on
+the exclusive rights of the copyright owner under copyright law or other
+applicable laws.
+
+3. License Grant. Subject to the terms and conditions of this License, Licensor
+hereby grants You a worldwide, royalty-free, non-exclusive, perpetual (for the
+duration of the applicable copyright) license to exercise the rights in the
+Work as stated below:
+
+ a. to reproduce the Work, to incorporate the Work into one or more Collective
+    Works, and to reproduce the Work as incorporated in the Collective Works;
+ b. to create and reproduce Derivative Works;
+ c. to distribute copies or phonorecords of, display publicly, perform
+    publicly, and perform publicly by means of a digital audio transmission the
+    Work including as incorporated in Collective Works;
+ d. to distribute copies or phonorecords of, display publicly, perform
+    publicly, and perform publicly by means of a digital audio transmission
+    Derivative Works;
+
+The above rights may be exercised in all media and formats whether now known or
+hereafter devised. The above rights include the right to make such
+modifications as are technically necessary to exercise the rights in other
+media and formats. All rights not expressly granted by Licensor are hereby
+reserved.
+
+4. Restrictions. The license granted in Section 3 above is expressly made
+subject to and limited by the following restrictions:
+
+ a. You may distribute, publicly display, publicly perform, or publicly
+    digitally perform the Work only under the terms of this License, and You
+    must include a copy of, or the Uniform Resource Identifier for, this
+    License with every copy or phonorecord of the Work You distribute, publicly
+    display, publicly perform, or publicly digitally perform. You may not offer
+    or impose any terms on the Work that alter or restrict the terms of this
+    License or the recipients' exercise of the rights granted hereunder. You
+    may not sublicense the Work. You must keep intact all notices that refer to
+    this License and to the disclaimer of warranties. You may not distribute,
+    publicly display, publicly perform, or publicly digitally perform the Work
+    with any technological measures that control access or use of the Work in a
+    manner inconsistent with the terms of this License Agreement. The above
+    applies to the Work as incorporated in a Collective Work, but this does not
+    require the Collective Work apart from the Work itself to be made subject
+    to the terms of this License. If You create a Collective Work, upon notice
+    from any Licensor You must, to the extent practicable, remove from the
+    Collective Work any reference to such Licensor or the Original Author, as
+    requested. If You create a Derivative Work, upon notice from any Licensor
+    You must, to the extent practicable, remove from the Derivative Work any
+    reference to such Licensor or the Original Author, as requested.
+ b. You may distribute, publicly display, publicly perform, or publicly
+    digitally perform a Derivative Work only under the terms of this License,
+    and You must include a copy of, or the Uniform Resource Identifier for,
+    this License with every copy or phonorecord of each Derivative Work You
+    distribute, publicly display, publicly perform, or publicly digitally
+    perform. You may not offer or impose any terms on the Derivative Works that
+    alter or restrict the terms of this License or the recipients' exercise of
+    the rights granted hereunder, and You must keep intact all notices that
+    refer to this License and to the disclaimer of warranties. You may not
+    distribute, publicly display, publicly perform, or publicly digitally
+    perform the Derivative Work with any technological measures that control
+    access or use of the Work in a manner inconsistent with the terms of this
+    License Agreement. The above applies to the Derivative Work as incorporated
+    in a Collective Work, but this does not require the Collective Work apart
+    from the Derivative Work itself to be made subject to the terms of this
+    License.
+
+5. Representations, Warranties and Disclaimer
+
+ a. By offering the Work for public release under this License, Licensor
+    represents and warrants that, to the best of Licensor's knowledge after
+    reasonable inquiry:
+     i. Licensor has secured all rights in the Work necessary to grant the
+        license rights hereunder and to permit the lawful exercise of the
+        rights granted hereunder without You having any obligation to pay any
+        royalties, compulsory license fees, residuals or any other payments;
+    ii. The Work does not infringe the copyright, trademark, publicity rights,
+        common law rights or any other right of any third party or constitute
+        defamation, invasion of privacy or other tortious injury to any third
+        party.
+ b. EXCEPT AS EXPRESSLY STATED IN THIS LICENSE OR OTHERWISE AGREED IN WRITING
+    OR REQUIRED BY APPLICABLE LAW, THE WORK IS LICENSED ON AN "AS IS" BASIS,
+    WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING,
+    WITHOUT LIMITATION, ANY WARRANTIES REGARDING THE CONTENTS OR ACCURACY OF
+    THE WORK.
+
+6. Limitation on Liability. EXCEPT TO THE EXTENT REQUIRED BY APPLICABLE LAW,
+AND EXCEPT FOR DAMAGES ARISING FROM LIABILITY TO A THIRD PARTY RESULTING FROM
+BREACH OF THE WARRANTIES IN SECTION 5, IN NO EVENT WILL LICENSOR BE LIABLE TO
+YOU ON ANY LEGAL THEORY FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, PUNITIVE OR
+EXEMPLARY DAMAGES ARISING OUT OF THIS LICENSE OR THE USE OF THE WORK, EVEN IF
+LICENSOR HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
+
+7. Termination
+
+ a. This License and the rights granted hereunder will terminate automatically
+    upon any breach by You of the terms of this License. Individuals or
+    entities who have received Derivative Works or Collective Works from You
+    under this License, however, will not have their licenses terminated
+    provided such individuals or entities remain in full compliance with those
+    licenses. Sections 1, 2, 5, 6, 7, and 8 will survive any termination of
+    this License.
+ b. Subject to the above terms and conditions, the license granted here is
+    perpetual (for the duration of the applicable copyright in the Work).
+    Notwithstanding the above, Licensor reserves the right to release the Work
+    under different license terms or to stop distributing the Work at any time;
+    provided, however that any such election will not serve to withdraw this
+    License (or any other license that has been, or is required to be, granted
+    under the terms of this License), and this License will continue in full
+    force and effect unless terminated as stated above.
+
+8. Miscellaneous
+
+ a. Each time You distribute or publicly digitally perform the Work or a
+    Collective Work, the Licensor offers to the recipient a license to the Work
+    on the same terms and conditions as the license granted to You under this
+    License.
+ b. Each time You distribute or publicly digitally perform a Derivative Work,
+    Licensor offers to the recipient a license to the original Work on the same
+    terms and conditions as the license granted to You under this License.
+ c. If any provision of this License is invalid or unenforceable under
+    applicable law, it shall not affect the validity or enforceability of the
+    remainder of the terms of this License, and without further action by the
+    parties to this agreement, such provision shall be reformed to the minimum
+    extent necessary to make such provision valid and enforceable.
+ d. No term or provision of this License shall be deemed waived and no breach
+    consented to unless such waiver or consent shall be in writing and signed
+    by the party to be charged with such waiver or consent.
+ e. This License constitutes the entire agreement between the parties with
+    respect to the Work licensed here. There are no understandings, agreements
+    or representations with respect to the Work not specified here. Licensor
+    shall not be bound by any additional provisions that may appear in any
+    communication from You. This License may not be modified without the mutual
+    written agreement of the Licensor and You.
+
+Creative Commons is not a party to this License, and makes no warranty
+whatsoever in connection with the Work. Creative Commons will not be liable to
+You or any party on any legal theory for any damages whatsoever, including
+without limitation any general, special, incidental or consequential damages
+arising in connection to this license. Notwithstanding the foregoing two (2)
+sentences, if Creative Commons has expressly identified itself as the Licensor
+hereunder, it shall have all rights and obligations of Licensor.
+
+Except for the limited purpose of indicating to the public that the Work is
+licensed under the CCPL, neither party will use the trademark "Creative
+Commons" or any related trademark or logo of Creative Commons without the prior
+written consent of Creative Commons. Any permitted use will be in compliance
+with Creative Commons' then-current trademark usage guidelines, as may be
+published on its website or otherwise made available upon request from time to
+time.
+
+Creative Commons may be contacted at http://creativecommons.org/.
diff --git a/options/license/CGAL-linking-exception b/options/license/CGAL-linking-exception
new file mode 100644
index 0000000000..c6dbd55ca6
--- /dev/null
+++ b/options/license/CGAL-linking-exception
@@ -0,0 +1,4 @@
+As a special exception, you have permission to link this library
+with the CGAL library (http://www.cgal.org) and distribute executables,
+as long as you follow the requirements of the GNU GPL in regard to
+all of the software in the executable aside from CGAL.
diff --git a/options/license/Classpath-exception-2.0-short b/options/license/Classpath-exception-2.0-short
new file mode 100644
index 0000000000..2e7df40484
--- /dev/null
+++ b/options/license/Classpath-exception-2.0-short
@@ -0,0 +1,11 @@
+As a special exception, the copyright holders of this library give
+you permission to link this library with independent modules to
+produce an executable, regardless of the license terms of these
+independent modules, and to copy and distribute the resulting
+executable under terms of your choice, provided that you also
+meet, for each linked independent module, the terms and conditions
+of the license of that module. An independent module is a module
+which is not derived from or based on this library. If you modify
+this library, you may extend this exception to your version of
+the library, but you are not obligated to do so. If you do not
+wish to do so, delete this exception statement from your version.
diff --git a/options/license/CryptoSwift b/options/license/CryptoSwift
new file mode 100644
index 0000000000..71603206c5
--- /dev/null
+++ b/options/license/CryptoSwift
@@ -0,0 +1,11 @@
+Copyright (C) 2014-3099 Marcin Krzyżanowski
+This software is provided 'as-is', without any express or implied warranty.
+
+In no event will the authors be held liable for any damages arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose,including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions:
+
+- The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation is required.
+- Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software.
+- This notice may not be removed or altered from any source or binary distribution.
+- Redistributions of any form whatsoever must retain the following acknowledgment: 'This product includes software developed by the "Marcin Krzyzanowski" (http://krzyzanowskim.com/).'
diff --git a/options/license/Digia-Qt-LGPL-exception-1.1 b/options/license/Digia-Qt-LGPL-exception-1.1
new file mode 100644
index 0000000000..66cddd38aa
--- /dev/null
+++ b/options/license/Digia-Qt-LGPL-exception-1.1
@@ -0,0 +1,9 @@
+Digia Qt LGPL Exception version 1.1
+
+As a special exception to the GNU Lesser General Public License version 2.1,
+the object code form of a "work that uses the Library" may incorporate material
+from a header file that is part of the Library. You may distribute such object
+code under terms of your choice, provided that the incorporated material (i)
+does not exceed more than 5% of the total size of the Library; and (ii) is
+limited to numerical parameters, data structure layouts, accessors, macros,
+inline functions and templates.
diff --git a/options/license/DocBook-DTD b/options/license/DocBook-DTD
new file mode 100644
index 0000000000..a110d23e6f
--- /dev/null
+++ b/options/license/DocBook-DTD
@@ -0,0 +1,24 @@
+Copyright 1992-2002 HaL Computer Systems, Inc.,
+O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+Corporation, Norman Walsh, Sun Microsystems, Inc., and the
+Organization for the Advancement of Structured Information
+Standards (OASIS).
+
+$Id: sdbcent.mod,v 1.13 2005/04/01 21:02:17 nwalsh Exp $
+
+Permission to use, copy, modify and distribute the DocBook XML DTD
+and its accompanying documentation for any purpose and without fee
+is hereby granted in perpetuity, provided that the above copyright
+notice and this paragraph appear in all copies.  The copyright
+holders make no representation about the suitability of the DTD for
+any purpose.  It is provided "as is" without expressed or implied
+warranty.
+
+If you modify the Simplified DocBook DTD in any way, except for
+declaring and referencing additional sets of general entities and
+declaring additional notations, label your DTD as a variant of
+DocBook.  See the maintenance documentation for more information.
+
+Please direct all questions, bug reports, or suggestions for
+changes to the docbook@lists.oasis-open.org mailing list. For more
+information, see http://www.oasis-open.org/docbook/.
diff --git a/options/license/DocBook-Schema b/options/license/DocBook-Schema
new file mode 100644
index 0000000000..56203a0878
--- /dev/null
+++ b/options/license/DocBook-Schema
@@ -0,0 +1,22 @@
+Copyright 1992-2011 HaL Computer Systems, Inc.,
+O'Reilly & Associates, Inc., ArborText, Inc., Fujitsu Software
+Corporation, Norman Walsh, Sun Microsystems, Inc., and the
+Organization for the Advancement of Structured Information
+Standards (OASIS).
+ 
+Permission to use, copy, modify and distribute the DocBook schema
+and its accompanying documentation for any purpose and without fee
+is hereby granted in perpetuity, provided that the above copyright
+notice and this paragraph appear in all copies. The copyright
+holders make no representation about the suitability of the schema
+for any purpose. It is provided "as is" without expressed or implied
+warranty.
+ 
+If you modify the DocBook schema in any way, label your schema as a
+variant of DocBook. See the reference documentation
+(http://docbook.org/tdg5/en/html/ch05.html#s-notdocbook)
+for more information.
+ 
+Please direct all questions, bug reports, or suggestions for changes
+to the docbook@lists.oasis-open.org mailing list. For more
+information, see http://www.oasis-open.org/docbook/.
diff --git a/options/license/DocBook-XML b/options/license/DocBook-XML
new file mode 100644
index 0000000000..9553feee6b
--- /dev/null
+++ b/options/license/DocBook-XML
@@ -0,0 +1,48 @@
+Copyright
+---------
+Copyright (C) 1999-2007 Norman Walsh
+Copyright (C) 2003 Jiří Kosek
+Copyright (C) 2004-2007 Steve Ball
+Copyright (C) 2005-2014 The DocBook Project
+Copyright (C) 2011-2012 O'Reilly Media
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the ``Software''), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or
+sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+Except as contained in this notice, the names of individuals
+credited with contribution to this software shall not be used in
+advertising or otherwise to promote the sale, use or other
+dealings in this Software without prior written authorization
+from the individuals in question.
+
+Any stylesheet derived from this Software that is publically
+distributed will be identified with a different name and the
+version strings in any derived Software will be changed so that
+no possibility of confusion between the derived package and this
+Software will exist.
+
+Warranty
+--------
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT.  IN NO EVENT SHALL NORMAN WALSH OR ANY OTHER
+CONTRIBUTOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+Contacting the Author
+---------------------
+The DocBook XSL stylesheets are maintained by Norman Walsh,
+<ndw@nwalsh.com>, and members of the DocBook Project,
+<docbook-developers@sf.net>
diff --git a/options/license/ESA-PL-permissive-2.4 b/options/license/ESA-PL-permissive-2.4
new file mode 100644
index 0000000000..5e25adc372
--- /dev/null
+++ b/options/license/ESA-PL-permissive-2.4
@@ -0,0 +1,240 @@
+European Space Agency Public License (ESA-PL) Permissive (Type 3) – v2.4
+
+
+
+1 Definitions
+
+
+
+1.1 “Contributor” means (a) the individual or legal entity that originally creates or later modifies the Software and (b) each subsequent individual or legal entity that creates or contributes to the creation of Modifications.
+
+
+
+1.2 “Contributor Version” means the version of the Software on which the Contributor based its Modifications.
+
+
+
+1.3 “Distribution” and “Distribute” means any act of selling, giving, lending, renting, distributing, communicating, transmitting, or otherwise making available, physically or electronically or by any other means, copies of the Software or Modifications.
+
+
+
+1.4 “ESA” means the European Space Agency.
+
+
+
+1.5 “License” means this document.
+
+
+
+1.6 “Licensor” means the individual or legal entity that Distributes the Software under the License to You.
+
+
+
+1.7 “Modification” means any work or software created that is based upon or derived from the Software (or portions thereof) or a modification of the Software (or portions thereof). For the avoidance of doubt, linking a library to the Software results in a Modification.
+
+
+
+1.8 “Object Code” means any non-Source Code form of the Software and/or Modifications.
+
+
+
+1.9 “Patent Claims” (of a Contributor) means any patent claim(s), owned at the time of the Distribution or subsequently acquired, including without limitation, method, process and apparatus claims, in any patent licensable by a Contributor which would be infringed by making use of the rights granted under Sec. 2.1, including but not limited to make, have made, use, sell, offer for sale or import of the Contributor Version and/or such Contributor’s Modifications (if any), either alone or in combination with the Contributor Version. “Licensable” means having the right to grant, whether at the time of the Distribution or subsequently acquired, the rights conveyed herein.
+
+
+
+1.10 “Software” means the software Distributed under this License by the Licensor, in Source Code and/or Object Code form.
+
+
+
+1.11 “Source Code” means the preferred, usually human readable form of the Software and/or Modifications in which modifications are made and the associated documentation included in or with such code.
+
+
+
+1.12 “You” means an individual or legal entity exercising rights under this License (the licensee).
+
+
+
+2 Grant of Rights
+
+
+
+2.1 Copyright
+
+
+
+The Licensor, and each Contributor in respect of such Contributor’s Modifications, hereby grants You a world-wide, royalty-free, non-exclusive license under Copyright, subject to the terms and conditions of this License, to:
+
+·      use the Software;
+
+·      reproduce the Software by any or all means and in any or all form;
+
+·      Modify the Software and create works based on the Software;
+
+·      communicate to the public, including making available, display or perform the Software or copies thereof to the public;
+
+·      Distribute, sublicense, lend and rent the Software.
+
+
+
+The license grant is perpetual and irrevocable, unless terminated pursuant to Sec. 8.
+
+
+
+2.2 Patents
+
+
+
+Each Contributor in respect of such Contributor’s Modifications, hereby grants You a world-wide, royalty-free, non-exclusive, sub-licensable license under Patent Claims to the extent necessary to make use of the rights granted under Sec. 2.1, including but not limited to make, have made, use, sell, offer for sale, import, export and Distribute such Contributor’s Modifications and the combination of such Contributor’s Modifications with the Contributor Version (collectively called the “Patent Licensed Version” of the Software).
+
+
+
+No patent license is granted for claims that are infringed:
+
+·      only as a consequence of further modification of the Patent Licensed Version; or
+
+·      by the combination of the Patent Licensed Version with other software or other devices or hardware, unless such combination was an intended use case of the Patent Licensed Version (e.g. a general purpose library is intended to be used with other software, a satellite navigation software is intended to be used with appropriate hardware); or
+
+·      by a Modification under Patent Claims in the absence of the Contributor’s Modifications or by a combination of the Contributor’s Modifications with software other than the Patent Licensed Version or Modifications thereof.
+
+
+
+2.3 Trademark
+
+
+
+This License does not grant permission to use trade names, trademarks, services marks, logos or names of the Licensor, except as required for reasonable and customary use in describing the origin of the Software and as reasonable necessary to comply with the obligations of this License (e.g. by reproducing the content of the notices). For the avoidance of doubt, upon Distribution of Modifications You must not use the Licensor’s or ESA’s trademarks, names or logos in any way that states or implies, or can be interpreted as stating or implying, that the final product is endorsed or created by the Licensor or ESA.
+
+
+
+3 Distribution
+
+
+
+3.1 No Copyleft
+
+
+
+You may Distribute the Software and/or Modifications, as Source Code or Object Code, under any license terms, provided that
+
+(a)  notice is given of the use of the Software and the applicability of this License to the Software; and
+
+(b) You make best efforts to ensure that further Distribution of the Software and/or Modifications (including further Modifications) is subject to the obligations set forth in this Sec. 3.1 (a) and (b).
+
+
+
+4 Notices
+
+
+
+The following obligations apply in the event of any Distribution of the Software and/or Modifications as Source Code and/or Object Code:
+
+
+
+4.1 You must include a copy of this License and all of the notices set out in this Sec. 4.
+
+
+
+4.2 You may not remove or alter any copyright, patent, trademark and attribution notices nor any of the notices set out in this Sec. 4, except as necessary for your compliance with this License or otherwise permitted by this License, except for those notices that do not pertain to the Modifications You Distribute.
+
+
+
+4.3 Each Contributor must cause its Modification carrying prominent notices stating that the Software has been modified and the date of modification and identify itself as the originator of its Modifications in a manner that reasonably allows identification and contact with the Contributor. The aforementioned notices must at a minimum be in a text file included with the Distribution titled “CHANGELOG”.
+
+
+
+4.4 The Software may include a "NOTICE" text file containing general notices. Any Contributor can create such a NOTICE file or add notices to it, alongside or as an addendum to the original text, provided that such notices cannot be construed as modifying the License.
+
+
+
+4.5 Each Contributor must identify all of its Patent Claims by providing at a minimum the patent number and identification and contact information in a text file included with the Distribution titled "LEGAL".
+
+
+
+5 Warranty and Liability
+
+
+
+5.1 Each Contributor warrants and represents that it has sufficient rights to grant the rights to its Modifications conveyed by this License.
+
+
+
+5.2 Except as expressly set forth in this License, the Software is provided to You on an “as is” basis and without warranties of any kind, including without limitation merchantability, fitness for a particular purpose, absence of defects or errors, accuracy or non-infringement of intellectual property rights. Mandatory statutory warranty claims, e.g. in the event of wilful deception or fraudulent misrepresentation, shall remain unaffected.
+
+
+
+5.3 Except as expressly set forth in this License, neither Licensor nor any Contributor shall be liable, including, without limitation, for direct, indirect, incidental, or consequential damages (including without limitation loss of profit), however caused and on any theory of liability, arising in any way out of the use or Distribution of the Software or the exercise of any rights under this License, even if You have been advised of the possibility of such damages. Mandatory statutory liability claims, e.g. in the event of wilful misconduct, wilful deception or fraudulent misrepresentation, shall remain unaffected.
+
+
+
+6 Additional Agreements
+
+
+
+While Distributing the Software or Modifications, You may choose to conclude additional agreements, for free or for charge, regarding for example support, warranty, indemnity, liability or liability obligations and/or rights, provided such additional agreements are consistent with this License and do not effectively restrict the recipient’s rights under this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor or Licensor, and only if You agree to indemnify, defend, and hold each Contributor or Licensor harmless for any liability incurred by, or claims asserted against, such Contributor or Licensor by reason of your accepting any such warranty or additional liability.
+
+
+
+7 Infringements
+
+
+
+You acknowledge that continuing to use the Software knowing that such use infringes third party rights (e.g. after receiving a third party notification of infringement) would expose you to the risk of being considered as intentionally infringing third party rights. In such event You should acquire the respective rights or modify the Software so that the Modification is non-infringing.
+
+
+
+8 Termination
+
+
+
+8.1 This License and the rights granted hereunder will terminate automatically upon any breach by You with the terms of this License if you fail to cure such breach within 30 days of becoming aware of the breach.
+
+
+
+8.2 If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Software constitutes direct or contributory patent infringement, then any patent and copyright licenses granted to You under this License for the Software shall terminate as of the date such litigation is filed.
+
+
+
+8.3 Any licenses validly granted by You under the License prior to termination shall continue and survive termination.
+
+
+
+9 Applicable Law, Arbitration and Compliance
+
+
+
+9.1 This License is governed by the laws of the ESA Member State where the Licensor resides or has his registered office. “Member States” are the members of the European Space Agency pursuant to Art. 1 of the ESA Convention[1]. This licence shall be governed by German law if a dispute arises with the ESA as a Licensor or if the Licensor has no residence or registered office inside a Member State.
+
+
+
+9.2 Any dispute arising out of this License shall be finally settled in accordance with the Rules of Arbitration of the International Chamber of Commerce by one or more arbitrators designated in conformity with those rules. Arbitration proceedings shall take place in Cologne, Germany. The award shall be final and binding on the parties, no appeal shall lie against it. The enforcement of the award shall be governed by the rules of procedure in force in the state/country in which it is to be executed.
+
+
+
+9.3 For the avoidance of doubt, You are solely responsible for compliance with current applicable requirements of national laws. The Software can be subject to export control laws. If You export the Software it is your responsibility to comply with all export control laws. This may include different requirements, as e.g. registering the Software with the local authorities.
+
+
+
+9.4 If it is impossible for You to comply with any of the terms of this License due to statute, judicial order or regulation You must:
+
+(a)  comply with the terms of this License to the maximum extent possible; and
+
+(b) describe the limitations and the Object Code and/or Source Code they affect. Such description must be included in the LEGAL notice described in Section 4. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for an average recipient to be able to understand it.
+
+
+
+10 Miscellaneous
+
+
+
+10.1 Only ESA has the right to modify or publish new versions of this License. ESA may assign this right to other individuals or legal entities. Each version will be given a distinguishing version number.
+
+
+
+10.2 This License represents the complete agreement concerning subject matter hereof.
+
+
+
+10.3 If any provision of this License is held invalid or unenforceable, the remaining provisions of this License shall not be affected. The invalid or unenforceable provision shall be construed and/or reformed to the extent necessary to make it enforceable and valid.
+
+
+[1] As of January 2020 the Member States are Austria, Belgium, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, The Netherlands, Norway, Poland, Portugal, Romania, Slovenia, Spain, Sweden, Switzerland and the United Kingdom.
diff --git a/options/license/ESA-PL-strong-copyleft-2.4 b/options/license/ESA-PL-strong-copyleft-2.4
new file mode 100644
index 0000000000..a007898657
--- /dev/null
+++ b/options/license/ESA-PL-strong-copyleft-2.4
@@ -0,0 +1,200 @@
+European Space Agency Public License (ESA-PL) Strong Copyleft (Type 1) – v2.4
+
+
+
+1 Definitions
+
+
+
+1.1 “Contributor” means (a) the individual or legal entity that originally creates or later modifies the Software and (b) each subsequent individual or legal entity that creates or contributes to the creation of Modifications.
+
+1.2 “Contributor Version” means the version of the Software on which the Contributor based its Modifications.
+
+1.3 “Distribution” and “Distribute” means any act of selling, giving, lending, renting, distributing, communicating, transmitting, or otherwise making available, physically or electronically or by any other means, copies of the Software or Modifications.
+
+1.4 “ESA” means the European Space Agency.
+
+1.5 “License” means this document.
+
+1.6 “Licensor” means the individual or legal entity that Distributes the Software under the License to You.
+
+1.7 “Modification” means any work or software created that is based upon or derived from the Software (or portions thereof) or a modification of the Software (or portions thereof). For the avoidance of doubt, linking a library to the Software results in a Modification.
+
+1.8 “Object Code” means any non-Source Code form of the Software and/or Modifications.
+
+1.9 “Patent Claims” (of a Contributor) means any patent claim(s), owned at the time of the Distribution or subsequently acquired, including without limitation, method, process and apparatus claims, in any patent licensable by a Contributor which would be infringed by making use of the rights granted under Sec. 2.1, including but not limited to make, have made, use, sell, offer for sale or import of the Contributor Version and/or such Contributor’s Modifications (if any), either alone or in combination with the Contributor Version. “Licensable” means having the right to grant, whether at the time of the Distribution or subsequently acquired, the rights conveyed herein.
+
+1.10 “Software” means the software Distributed under this License by the Licensor, in Source Code and/or Object Code form.
+
+1.11 “Source Code” means the preferred, usually human readable form of the Software and/or Modifications in which modifications are made and the associated documentation included in or with such code.
+
+1.12 “You” means an individual or legal entity exercising rights under this License (the licensee).
+
+
+
+2 Grant of Rights
+
+
+
+2.1 Copyright
+
+The Licensor, and each Contributor in respect of such Contributor’s Modifications, hereby grants You a world-wide, royalty-free, non-exclusive license under Copyright, subject to the terms and conditions of this License, to:
+
+- use the Software;
+- reproduce the Software by any or all means and in any or all form;
+- Modify the Software and create works based on the Software;
+- communicate to the public, including making available, display or perform the Software or copies thereof to the public;
+- Distribute, sublicense, lend and rent the Software.
+
+
+The license grant is perpetual and irrevocable, unless terminated pursuant to Sec. 8.
+
+
+
+2.2 Patents
+
+Each Contributor in respect of such Contributor’s Modifications, hereby grants You a world-wide, royalty-free, non-exclusive, sub-licensable license under Patent Claims to the extent necessary to make use of the rights granted under Sec. 2.1, including but not limited to make, have made, use, sell, offer for sale, import, export and Distribute such Contributor’s Modifications and the combination of such Contributor’s Modifications with the Contributor Version (collectively called the “Patent Licensed Version” of the Software).
+
+
+
+No patent license is granted for claims that are infringed:
+
+- only as a consequence of further modification of the Patent Licensed Version; or
+- by the combination of the Patent Licensed Version with other software or other devices or hardware, unless such combination was an intended use case of the Patent Licensed Version (e.g. a general purpose library is intended to be used with other software, a satellite navigation software is intended to be used with appropriate hardware); or
+- by a Modification under Patent Claims in the absence of the Contributor’s Modifications or by a combination of the Contributor’s Modifications with software other than the Patent Licensed Version or Modifications thereof.
+
+
+2.3 Trademark
+
+This License does not grant permission to use trade names, trademarks, services marks, logos or names of the Licensor, except as required for reasonable and customary use in describing the origin of the Software and as reasonable necessary to comply with the obligations of this License (e.g. by reproducing the content of the notices). For the avoidance of doubt, upon Distribution of Modifications You must not use the Licensor’s or ESA’s trademarks, names or logos in any way that states or implies, or can be interpreted as stating or implying, that the final product is endorsed or created by the Licensor or ESA.
+
+
+
+3 Distribution
+
+
+
+3.1 Copyleft Clause
+
+All Distribution of the Software and/or Modifications, as Source Code or Object Code, must be, as a whole, either under (a) the terms of this License or (b) any later version of this License unless the Software is expressly Distributed only under a specific version of the License by a Contributor.
+
+
+
+3.2 Copyleft exceptions
+
+3.2.1 Compilations. In the event of the Distribution of a compilation of Software and/or Modifications with other separate and independent works (for example in or on a volume of a storage or distribution medium), which are not by their nature extensions or other modifications of the Software and/or the Modifications, and which are not combined with it such as to form a larger program, Distribution of the compilation does not cause this License to apply to the other parts of the compilation.
+
+3.2.2 System Libraries. System Libraries used by a Modification need not be Distributed under the terms of this License and need not be included as part of the Source Code pursuant to Sec. 3.3. “System Library” means anything that is normally distributed (in either source or binary form) with the major components (kernel, window system etc.) of the operating system(s) on which the Software or Modification runs, or a compiler used to produce the Object Code, or an object code interpreter used to run it.
+
+3.2.3 External Modules. You may create a Modification by combining Software with an external module enabling supplementary functions or services and Distribute the external module under different license terms, provided that the external module and the Software run in separate address spaces, with one calling the other, or each other interfacing, when they are run.
+
+
+
+3.3 Communication of the Source Code
+
+If You Distribute the Software and/or Modifications as Object Code, You must:
+
+provide in addition a copy of the Source Code of the Software and/or Modifications to each recipient; or
+make the Source Code of the Software and/or Modifications freely accessible by reasonable means for anyone who possesses the Object Code or received the Software and/or Modifications from You, and inform recipients how to obtain a copy of the Source Code. Such information needs to be included at a minimum in the “NOTICE” file pursuant to Sec. 4.4 You are obliged to make the Source Code accessible in accordance with this Section for as long as You continue to Distribute the Software and/or Modifications and at a minimum for a three year period following Your last Distribution of the Software and/or Modifications.
+
+
+3.4 Service Provision
+
+If You provide access to the Software and/or Modifications or make its functionality available by any means or use it to provide services for any individual or legal entity other than You, e.g. by provision of software-as-a-service, You are obliged to make  the Source Code of the Software and/or Modifications freely accessible by reasonable means to those individuals or legal entities and provide information on how to obtain a copy of the Source Code. You are obliged to make the Source Code accessible in accordance with this Section for as long as You continue to provide access to the Software and/or Modifications.
+
+
+
+3.5 Dual Licensing
+
+This License gives no permission to license the Software or Modifications in any other way, but it does not invalidate such permission if You have separately received it.
+
+
+
+4 Notices
+
+The following obligations apply in the event of any Distribution of the Software and/or Modifications as Source Code and/or Object Code:
+
+
+
+4.1 You must include a copy of this License and all of the notices set out in this Sec. 4.
+
+4.2 You may not remove or alter any copyright, patent, trademark and attribution notices nor any of the notices set out in this Sec. 4, except as necessary for your compliance with this License or otherwise permitted by this License, except for those notices that do not pertain to the Modifications You Distribute.
+
+4.3 Each Contributor must cause its Modification carrying prominent notices stating that the Software has been modified and the date of modification and identify itself as the originator of its Modifications in a manner that reasonably allows identification and contact with the Contributor. The aforementioned notices must at a minimum be in a text file included with the Distribution titled “CHANGELOG”.
+
+4.4 The Software may include a "NOTICE" text file containing general notices. Any Contributor can create such a NOTICE file or add notices to it, alongside or as an addendum to the original text, provided that such notices cannot be construed as modifying the License.
+
+4.5 Each Contributor must identify all of its Patent Claims by providing at a minimum the patent number and identification and contact information in a text file included with the Distribution titled "LEGAL".
+
+
+
+5 Warranty and Liability
+
+
+
+5.1 Each Contributor warrants and represents that it has sufficient rights to grant the rights to its Modifications conveyed by this License.
+
+5.2 Except as expressly set forth in this License, the Software is provided to You on an “as is” basis and without warranties of any kind, including without limitation merchantability, fitness for a particular purpose, absence of defects or errors, accuracy or non-infringement of intellectual property rights. Mandatory statutory warranty claims, e.g. in the event of wilful deception or fraudulent misrepresentation, shall remain unaffected.
+
+5.3 Except as expressly set forth in this License, neither Licensor nor any Contributor shall be liable, including, without limitation, for direct, indirect, incidental, or consequential damages (including without limitation loss of profit), however caused and on any theory of liability, arising in any way out of the use or Distribution of the Software or the exercise of any rights under this License, even if You have been advised of the possibility of such damages. Mandatory statutory liability claims, e.g. in the event of wilful misconduct, wilful deception or fraudulent misrepresentation, shall remain unaffected.
+
+
+
+6 Additional Agreements
+
+
+
+While Distributing the Software or Modifications, You may choose to conclude additional agreements, for free or for charge, regarding for example support, warranty, indemnity, liability or liability obligations and/or rights, provided such additional agreements are consistent with this License and do not effectively restrict the recipient’s rights under this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor or Licensor, and only if You agree to indemnify, defend, and hold each Contributor or Licensor harmless for any liability incurred by, or claims asserted against, such Contributor or Licensor by reason of your accepting any such warranty or additional liability.
+
+
+
+7 Infringements
+
+
+
+7.1 You acknowledge that continuing to use the Software knowing that such use infringes third party rights (e.g. after receiving a third party notification of infringement) would expose you to the risk of being considered as intentionally infringing third party rights. In such event You should acquire the respective rights or modify the Software so that the Modification is non-infringing.
+
+
+
+8 Termination
+
+
+
+8.1 This License and the rights granted hereunder will terminate automatically upon any breach by You with the terms of this License if you fail to cure such breach within 30 days of becoming aware of the breach.
+
+8.2 If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Software constitutes direct or contributory patent infringement, then any patent and copyright licenses granted to You under this License for the Software shall terminate as of the date such litigation is filed.
+
+8.3 Any licenses validly granted by You under the License prior to termination shall continue and survive termination.
+
+
+
+9 Applicable Law, Arbitration and Compliance
+
+
+
+9.1 This License is governed by the laws of the ESA Member State where the Licensor resides or has his registered office. “Member States” are the members of the European Space Agency pursuant to Art. 1 of the ESA Convention[1]. This licence shall be governed by German law if a dispute arises with the ESA as a Licensor or if the Licensor has no residence or registered office inside a Member State.
+
+9.2 Any dispute arising out of this License shall be finally settled in accordance with the Rules of Arbitration of the International Chamber of Commerce by one or more arbitrators designated in conformity with those rules. Arbitration proceedings shall take place in Cologne, Germany. The award shall be final and binding on the parties, no appeal shall lie against it. The enforcement of the award shall be governed by the rules of procedure in force in the state/country in which it is to be executed.
+
+9.3 For the avoidance of doubt, You are solely responsible for compliance with current applicable requirements of national laws. The Software can be subject to export control laws. If You export the Software it is your responsibility to comply with all export control laws. This may include different requirements, as e.g. registering the Software with the local authorities.
+
+
+
+9.4 If it is impossible for You to comply with any of the terms of this License due to statute, judicial order or regulation You must:
+
+comply with the terms of this License to the maximum extent possible; and
+describe the limitations and the Object Code and/or Source Code they affect. Such description must be included in the LEGAL notice described in Section 4. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for an average recipient to be able to understand it.
+
+
+10 Miscellaneous
+
+
+
+10.1 Only ESA has the right to modify or publish new versions of this License. ESA may assign this right to other individuals or legal entities. Each version will be given a distinguishing version number.
+
+10.2 This License represents the complete agreement concerning subject matter hereof.
+
+10.3 If any provision of this License is held invalid or unenforceable, the remaining provisions of this License shall not be affected. The invalid or unenforceable provision shall be construed and/or reformed to the extent necessary to make it enforceable and valid.
+
+
+[1] As of June 2025 the Member States are Austria, Belgium, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, The Netherlands, Norway, Poland, Portugal, Romania, Slovenia, Spain, Sweden, Switzerland and the United Kingdom.
diff --git a/options/license/ESA-PL-weak-copyleft-2.4 b/options/license/ESA-PL-weak-copyleft-2.4
new file mode 100644
index 0000000000..7c27dc2506
--- /dev/null
+++ b/options/license/ESA-PL-weak-copyleft-2.4
@@ -0,0 +1,193 @@
+European Space Agency Public License (ESA-PL) Weak Copyleft (Type 2) – v2.4
+
+ 
+
+1 Definitions
+
+ 
+
+1.1 “Contributor” means (a) the individual or legal entity that originally creates or later modifies the Software and (b) each subsequent individual or legal entity that creates or contributes to the creation of Modifications.
+
+1.2 “Contributor Version” means the version of the Software on which the Contributor based its Modifications.
+
+1.3 “Distribution” and “Distribute” means any act of selling, giving, lending, renting, distributing, communicating, transmitting, or otherwise making available, physically or electronically or by any other means, copies of the Software or Modifications.
+
+1.4 “ESA” means the European Space Agency.
+
+1.5 “License” means this document.
+
+1.6 “Licensor” means the individual or legal entity that Distributes the Software under the License to You.
+
+1.7 “Modification” means any work or software created that is based upon or derived from the Software (or portions thereof) or a modification of the Software (or portions thereof). For the avoidance of doubt, linking a library to the Software results in a Modification.
+
+1.8 “Object Code” means any non-Source Code form of the Software and/or Modifications.
+
+1.9 “Patent Claims” (of a Contributor) means any patent claim(s), owned at the time of the Distribution or subsequently acquired, including without limitation, method, process and apparatus claims, in any patent licensable by a Contributor which would be infringed by making use of the rights granted under Sec. 2.1, including but not limited to make, have made, use, sell, offer for sale or import of the Contributor Version and/or such Contributor’s Modifications (if any), either alone or in combination with the Contributor Version. “Licensable” means having the right to grant, whether at the time of the Distribution or subsequently acquired, the rights conveyed herein. 
+
+1.10 “Software” means the software Distributed under this License by the Licensor, in Source Code and/or Object Code form.
+
+1.11 “Source Code” means the preferred, usually human readable form of the Software and/or Modifications in which modifications are made and the associated documentation included in or with such code.
+
+1.12 “You” means an individual or legal entity exercising rights under this License (the licensee).
+
+ 
+
+2 Grant of Rights
+
+ 
+
+2.1 Copyright
+
+The Licensor, and each Contributor in respect of such Contributor’s Modifications, hereby grants You a world-wide, royalty-free, non-exclusive license under Copyright, subject to the terms and conditions of this License, to:
+
+use the Software;
+reproduce the Software by any or all means and in any or all form;
+Modify the Software and create works based on the Software;
+communicate to the public, including making available, display or perform the Software or copies thereof to the public;
+Distribute, sublicense, lend and rent the Software.
+The license grant is perpetual and irrevocable, unless terminated pursuant to Sec. 8.
+
+ 
+
+2.2 Patents
+
+Each Contributor in respect of such Contributor’s Modifications, hereby grants You a world-wide, royalty-free, non-exclusive, sub-licensable license under Patent Claims to the extent necessary to make use of the rights granted under Sec. 2.1, including but not limited to make, have made, use, sell, offer for sale, import, export and Distribute such Contributor’s Modifications and the combination of such Contributor’s Modifications with the Contributor Version (collectively called the “Patent Licensed Version” of the Software).
+
+No patent license is granted for claims that are infringed:
+
+only as a consequence of further modification of the Patent Licensed Version; or
+by the combination of the Patent Licensed Version with other software or other devices or hardware, unless such combination was an intended use case of the Patent Licensed Version (e.g. a general purpose library is intended to be used with other software, a satellite navigation software is intended to be used with appropriate hardware); or
+by a Modification under Patent Claims in the absence of the Contributor’s Modifications or by a combination of the Contributor’s Modifications with software other than the Patent Licensed Version or Modifications thereof.
+ 
+
+2.3 Trademark
+
+This License does not grant permission to use trade names, trademarks, services marks, logos or names of the Licensor, except as required for reasonable and customary use in describing the origin of the Software and as reasonable necessary to comply with the obligations of this License (e.g. by reproducing the content of the notices). For the avoidance of doubt, upon Distribution of Modifications You must not use the Licensor’s or ESA’s trademarks, names or logos in any way that states or implies, or can be interpreted as stating or implying, that the final product is endorsed or created by the Licensor or ESA.
+
+ 
+
+3 Distribution
+
+ 
+
+3.1 Copyleft Clause
+
+All Distribution of the Software and/or Modifications, as Source Code or Object Code, must be, as a whole, either under (a) the terms of this License or the ESA-PL Strong Copyleft license v2.4 or (b) any later version of these Licenses unless the Software is expressly Distributed only under a specific version of the License by a Contributor or (c) the terms of a compatible license as listed in Appendix A to this License. Any obligation in this License to Distribute under the terms of this License, in particular as set out in Sec. 3.2, shall be construed as referring to “this License or a compatible license”.
+
+3.2 Copyleft exceptions
+
+3.2.1 Compilations. In the event of the Distribution of a compilation of Software and/or Modifications with other separate and independent works (for example in or on a volume of a storage or distribution medium), which are not by their nature extensions or other modifications of the Software and/or the Modifications, and which are not combined with it such as to form a single larger program, Distribution of the compilation does not cause this License to apply to the other parts of the compilation.
+
+3.2.2 System Libraries. System Libraries used by a Modification need not be Distributed under the terms of this License and need not be included as part of the Source Code pursuant to Sec. 3.3. “System Library” means anything that is normally distributed (in either source or binary form) with the major components (kernel, window system etc.) of the operating system(s) on which the Software or Modification runs, or a compiler used to produce the Object Code, or an object code interpreter used to run it.
+
+3.2.3 External Modules. You may create a Modification by combining Software with an external module enabling supplementary functions or services and Distribute the external module under different license terms, provided that the external module and the Software run in separate address spaces, with one calling the other, or each other interfacing, when they are run.
+
+3.2.4 Combinations. You may create a Modification (the “Combination”) by combining or linking the Software or Modifications thereof (the “Covered Code”) with additional code or software (the “External Code”) not governed by the terms of this License and Distribute the Combination
+
+in Object Code form under any license terms, and/or
+in Source Code form with the External Code’s Source Code under any license terms and the Covered Code’s Source Code under this License,
+provided that:
+the Covered Code will be governed by this License and the different license terms effectively do not restrict the rights granted by this License; and
+the External Code and its license terms are clearly identified and notice is given of the use of Covered Code and the applicability of this License; and
+the External Code’s Source Code is clearly separated from the Covered Code’s Source Code (usually contained in different files); and
+You communicate the Covered Code’s Source Code in accordance with Sec. 3.3. 
+ 
+
+3.3 Communication of the Source Code
+
+If You Distribute the Software and/or Modifications as Object Code, You must:
+
+provide in addition a copy of the Source Code of the Software and/or Modifications to each recipient; or
+make the Source Code of the Software and/or Modifications freely accessible by reasonable means for anyone who possesses the Object Code or received the Software and/or Modifications from You, and inform recipients how to obtain a copy of the Source Code. Such information needs to be included at a minimum in the “NOTICE” file pursuant to Sec. 4.4 You are obliged to make the Source Code accessible in accordance with this Section for as long as You continue to Distribute the Software and/or Modifications and at a minimum for a three year period following Your last Distribution of the Software and/or Modifications.
+ 
+
+3.4 Dual Licensing
+
+This License gives no permission to license the Software or Modifications in any other way, but it does not invalidate such permission if You have separately received it.
+
+ 
+
+4 Notices
+
+The following obligations apply in the event of any Distribution of the Software and/or Modifications as Source Code and/or Object Code:
+
+4.1 You must include a copy of this License and all of the notices set out in this Sec. 4.
+
+4.2 You may not remove or alter any copyright, patent, trademark and attribution notices nor any of the notices set out in this Sec. 4, except as necessary for your compliance with this License or otherwise permitted by this License, except for those notices that do not pertain to the Modifications You Distribute.
+
+4.3 Each Contributor must cause its Modification carrying prominent notices stating that the Software has been modified and the date of modification and identify itself as the originator of its Modifications in a manner that reasonably allows identification and contact with the Contributor. The aforementioned notices must at a minimum be in a text file included with the Distribution titled “CHANGELOG”.
+
+4.4 The Software may include a "NOTICE" text file containing general notices. Any Contributor can create such a NOTICE file or add notices to it, alongside or as an addendum to the original text, provided that such notices cannot be construed as modifying the License. 
+
+4.5 Each Contributor must identify all of its Patent Claims by providing at a minimum the patent number and identification and contact information in a text file included with the Distribution titled "LEGAL".
+
+ 
+
+5 Warranty and Liability 
+
+5.1 Each Contributor warrants and represents that it has sufficient rights to grant the rights to its Modifications conveyed by this License.
+
+5.2 Except as expressly set forth in this License, the Software is provided to You on an “as is” basis and without warranties of any kind, including without limitation merchantability, fitness for a particular purpose, absence of defects or errors, accuracy or non-infringement of intellectual property rights. Mandatory statutory warranty claims, e.g. in the event of wilful deception or fraudulent misrepresentation, shall remain unaffected.
+
+5.3 Except as expressly set forth in this License, neither Licensor nor any Contributor shall be liable, including, without limitation, for direct, indirect, incidental, or consequential damages (including without limitation loss of profit), however caused and on any theory of liability, arising in any way out of the use or Distribution of the Software or the exercise of any rights under this License, even if You have been advised of the possibility of such damages. Mandatory statutory liability claims, e.g. in the event of wilful misconduct, wilful deception or fraudulent misrepresentation, shall remain unaffected.
+
+ 
+
+6 Additional Agreements
+
+While Distributing the Software or Modifications, You may choose to conclude additional agreements, for free or for charge, regarding for example support, warranty, indemnity, liability or liability obligations and/or rights, provided such additional agreements are consistent with this License and do not effectively restrict the recipient’s rights under this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor or Licensor, and only if You agree to indemnify, defend, and hold each Contributor or Licensor harmless for any liability incurred by, or claims asserted against, such Contributor or Licensor by reason of your accepting any such warranty or additional liability.
+
+ 
+
+7 Infringements
+
+7.1 You acknowledge that continuing to use the Software knowing that such use infringes third party rights (e.g. after receiving a third party notification of infringement) would expose you to the risk of being considered as intentionally infringing third party rights. In such event You should acquire the respective rights or modify the Software so that the Modification is non-infringing.
+
+ 
+
+8 Termination
+
+8.1 This License and the rights granted hereunder will terminate automatically upon any breach by You with the terms of this License if you fail to cure such breach within 30 days of becoming aware of the breach.
+
+8.2 If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Software constitutes direct or contributory patent infringement, then any patent and copyright licenses granted to You under this License for the Software shall terminate as of the date such litigation is filed.
+
+8.3 Any licenses validly granted by You under the License prior to termination shall continue and survive termination.
+
+ 
+
+9 Applicable Law, Arbitration and Compliance
+
+9.1 This License is governed by the laws of the ESA Member State where the Licensor resides or has his registered office. “Member States” are the members of the European Space Agency pursuant to Art. 1 of the ESA Convention[1]. This licence shall be governed by German law if a dispute arises with the ESA as a Licensor or if the Licensor has no residence or registered office inside a Member State.
+
+9.2 Any dispute arising out of this License shall be finally settled in accordance with the Rules of Arbitration of the International Chamber of Commerce by one or more arbitrators designated in conformity with those rules. Arbitration proceedings shall take place in Cologne, Germany. The award shall be final and binding on the parties, no appeal shall lie against it. The enforcement of the award shall be governed by the rules of procedure in force in the state/country in which it is to be executed.
+
+9.3 For the avoidance of doubt, You are solely responsible for compliance with current applicable requirements of national laws. The Software can be subject to export control laws. If You export the Software it is your responsibility to comply with all export control laws. This may include different requirements, as e.g. registering the Software with the local authorities.
+
+9.4 If it is impossible for You to comply with any of the terms of this License due to statute, judicial order or regulation You must:
+
+comply with the terms of this License to the maximum extent possible; and
+describe the limitations and the Object Code and/or Source Code they affect. Such description must be included in the LEGAL notice described in Section 4. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for an average recipient to be able to understand it.
+ 
+
+10 Miscellaneous
+
+10.1 Only ESA has the right to modify or publish new versions of this License. ESA may assign this right to other individuals or legal entities. Each version will be given a distinguishing version number.
+
+10.2 This License represents the complete agreement concerning subject matter hereof.
+
+10.3 If any provision of this License is held invalid or unenforceable, the remaining provisions of this License shall not be affected. The invalid or unenforceable provision shall be construed and/or reformed to the extent necessary to make it enforceable and valid.
+
+ 
+
+Appendix A – List of compatible licenses
+
+ 
+
+Compatible licenses are:
+
+GNU General Public License (GPL)  version 2 and any subsequent version
+CeCILL version 2 and any subsequent version
+ 
+
+ 
+[1] As of January 2020 the Member States are Austria, Belgium, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Luxembourg, The Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland and the United Kingdom.
diff --git a/options/license/Elastic-2.0 b/options/license/Elastic-2.0
index 809108b857..9496955678 100644
--- a/options/license/Elastic-2.0
+++ b/options/license/Elastic-2.0
@@ -2,18 +2,18 @@ Elastic License 2.0
 
 URL: https://www.elastic.co/licensing/elastic-license
 
-## Acceptance
+Acceptance
 
 By using the software, you agree to all of the terms and conditions below.
 
-## Copyright License
+Copyright License
 
 The licensor grants you a non-exclusive, royalty-free, worldwide,
 non-sublicensable, non-transferable license to use, copy, distribute, make
 available, and prepare derivative works of the software, in each case subject to
 the limitations and conditions below.
 
-## Limitations
+Limitations
 
 You may not provide the software to third parties as a hosted or managed
 service, where the service provides users with access to any substantial set of
@@ -27,7 +27,7 @@ You may not alter, remove, or obscure any licensing, copyright, or other notices
 of the licensor in the software. Any use of the licensor’s trademarks is subject
 to applicable law.
 
-## Patents
+Patents
 
 The licensor grants you a license, under any patent claims the licensor can
 license, or becomes able to license, to make, have made, use, sell, offer for
@@ -40,7 +40,7 @@ the software granted under these terms ends immediately. If your company makes
 such a claim, your patent license ends immediately for work on behalf of your
 company.
 
-## Notices
+Notices
 
 You must ensure that anyone who gets a copy of any part of the software from you
 also gets a copy of these terms.
@@ -53,7 +53,7 @@ software prominent notices stating that you have modified the software.
 These terms do not imply any licenses other than those expressly granted in
 these terms.
 
-## Termination
+Termination
 
 If you use the software in violation of these terms, such use is not licensed,
 and your licenses will automatically terminate. If the licensor provides you
@@ -63,31 +63,31 @@ reinstated retroactively. However, if you violate these terms after such
 reinstatement, any additional violation of these terms will cause your licenses
 to terminate automatically and permanently.
 
-## No Liability
+No Liability
 
-*As far as the law allows, the software comes as is, without any warranty or
+As far as the law allows, the software comes as is, without any warranty or
 condition, and the licensor will not be liable to you for any damages arising
 out of these terms or the use or nature of the software, under any kind of
-legal claim.*
+legal claim.
 
-## Definitions
+Definitions
 
-The **licensor** is the entity offering these terms, and the **software** is the
+The licensor is the entity offering these terms, and the software is the
 software the licensor makes available under these terms, including any portion
 of it.
 
-**you** refers to the individual or entity agreeing to these terms.
+you refers to the individual or entity agreeing to these terms.
 
-**your company** is any legal entity, sole proprietorship, or other kind of
+your company is any legal entity, sole proprietorship, or other kind of
 organization that you work for, plus all organizations that have control over,
 are under the control of, or are under common control with that
-organization. **control** means ownership of substantially all the assets of an
+organization. control means ownership of substantially all the assets of an
 entity, or the power to direct its management and policies by vote, contract, or
 otherwise. Control can be direct or indirect.
 
-**your licenses** are all the licenses granted to you for the software under
+your licenses are all the licenses granted to you for the software under
 these terms.
 
-**use** means anything you do with the software requiring one of your licenses.
+use means anything you do with the software requiring one of your licenses.
 
-**trademark** means trademarks, service marks, and similar rights.
+trademark means trademarks, service marks, and similar rights.
diff --git a/options/license/FSFULLRSD b/options/license/FSFULLRSD
new file mode 100644
index 0000000000..abc104563a
--- /dev/null
+++ b/options/license/FSFULLRSD
@@ -0,0 +1,4 @@
+This file is free software; the Free Software Foundation
+gives unlimited permission to copy and/or distribute it,
+with or without modifications, as long as this notice is preserved.
+This file is offered as-is, without any warranty.
diff --git a/options/license/FSL-1.1-ALv2 b/options/license/FSL-1.1-ALv2
new file mode 100644
index 0000000000..386880ecd6
--- /dev/null
+++ b/options/license/FSL-1.1-ALv2
@@ -0,0 +1,105 @@
+# Functional Source License, Version 1.1, ALv2 Future License
+
+## Abbreviation
+
+FSL-1.1-ALv2
+
+## Notice
+
+Copyright ${year} ${licensor name}
+
+## Terms and Conditions
+
+### Licensor ("We")
+
+The party offering the Software under these Terms and Conditions.
+
+### The Software
+
+The "Software" is each version of the software that we make available under
+these Terms and Conditions, as indicated by our inclusion of these Terms and
+Conditions with the Software.
+
+### License Grant
+
+Subject to your compliance with this License Grant and the Patents,
+Redistribution and Trademark clauses below, we hereby grant you the right to
+use, copy, modify, create derivative works, publicly perform, publicly display
+and redistribute the Software for any Permitted Purpose identified below.
+
+### Permitted Purpose
+
+A Permitted Purpose is any purpose other than a Competing Use. A Competing Use
+means making the Software available to others in a commercial product or
+service that:
+
+1. substitutes for the Software;
+
+2. substitutes for any other product or service we offer using the Software
+   that exists as of the date we make the Software available; or
+
+3. offers the same or substantially similar functionality as the Software.
+
+Permitted Purposes specifically include using the Software:
+
+1. for your internal use and access;
+
+2. for non-commercial education;
+
+3. for non-commercial research; and
+
+4. in connection with professional services that you provide to a licensee
+   using the Software in accordance with these Terms and Conditions.
+
+### Patents
+
+To the extent your use for a Permitted Purpose would necessarily infringe our
+patents, the license grant above includes a license under our patents. If you
+make a claim against any party that the Software infringes or contributes to
+the infringement of any patent, then your patent license to the Software ends
+immediately.
+
+### Redistribution
+
+The Terms and Conditions apply to all copies, modifications and derivatives of
+the Software.
+
+If you redistribute any copies, modifications or derivatives of the Software,
+you must include a copy of or a link to these Terms and Conditions and not
+remove any copyright notices provided in or with the Software.
+
+### Disclaimer
+
+THE SOFTWARE IS PROVIDED "AS IS" AND WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR
+PURPOSE, MERCHANTABILITY, TITLE OR NON-INFRINGEMENT.
+
+IN NO EVENT WILL WE HAVE ANY LIABILITY TO YOU ARISING OUT OF OR RELATED TO THE
+SOFTWARE, INCLUDING INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES,
+EVEN IF WE HAVE BEEN INFORMED OF THEIR POSSIBILITY IN ADVANCE.
+
+### Trademarks
+
+Except for displaying the License Details and identifying us as the origin of
+the Software, you have no right under these Terms and Conditions to use our
+trademarks, trade names, service marks or product names.
+
+## Grant of Future License
+
+We hereby irrevocably grant you an additional license to use the Software under
+the Apache License, Version 2.0 that is effective on the second anniversary of
+the date we make the Software available. On or after that date, you may use the
+Software under the Apache License, Version 2.0, in which case the following
+will apply:
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License.
+
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.
diff --git a/options/license/FSL-1.1-MIT b/options/license/FSL-1.1-MIT
new file mode 100644
index 0000000000..571aa38073
--- /dev/null
+++ b/options/license/FSL-1.1-MIT
@@ -0,0 +1,110 @@
+# Functional Source License, Version 1.1, MIT Future License
+
+## Abbreviation
+
+FSL-1.1-MIT
+
+## Notice
+
+Copyright ${year} ${licensor name}
+
+## Terms and Conditions
+
+### Licensor ("We")
+
+The party offering the Software under these Terms and Conditions.
+
+### The Software
+
+The "Software" is each version of the software that we make available under
+these Terms and Conditions, as indicated by our inclusion of these Terms and
+Conditions with the Software.
+
+### License Grant
+
+Subject to your compliance with this License Grant and the Patents,
+Redistribution and Trademark clauses below, we hereby grant you the right to
+use, copy, modify, create derivative works, publicly perform, publicly display
+and redistribute the Software for any Permitted Purpose identified below.
+
+### Permitted Purpose
+
+A Permitted Purpose is any purpose other than a Competing Use. A Competing Use
+means making the Software available to others in a commercial product or
+service that:
+
+1. substitutes for the Software;
+
+2. substitutes for any other product or service we offer using the Software
+   that exists as of the date we make the Software available; or
+
+3. offers the same or substantially similar functionality as the Software.
+
+Permitted Purposes specifically include using the Software:
+
+1. for your internal use and access;
+
+2. for non-commercial education;
+
+3. for non-commercial research; and
+
+4. in connection with professional services that you provide to a licensee
+   using the Software in accordance with these Terms and Conditions.
+
+### Patents
+
+To the extent your use for a Permitted Purpose would necessarily infringe our
+patents, the license grant above includes a license under our patents. If you
+make a claim against any party that the Software infringes or contributes to
+the infringement of any patent, then your patent license to the Software ends
+immediately.
+
+### Redistribution
+
+The Terms and Conditions apply to all copies, modifications and derivatives of
+the Software.
+
+If you redistribute any copies, modifications or derivatives of the Software,
+you must include a copy of or a link to these Terms and Conditions and not
+remove any copyright notices provided in or with the Software.
+
+### Disclaimer
+
+THE SOFTWARE IS PROVIDED "AS IS" AND WITHOUT WARRANTIES OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR
+PURPOSE, MERCHANTABILITY, TITLE OR NON-INFRINGEMENT.
+
+IN NO EVENT WILL WE HAVE ANY LIABILITY TO YOU ARISING OUT OF OR RELATED TO THE
+SOFTWARE, INCLUDING INDIRECT, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES,
+EVEN IF WE HAVE BEEN INFORMED OF THEIR POSSIBILITY IN ADVANCE.
+
+### Trademarks
+
+Except for displaying the License Details and identifying us as the origin of
+the Software, you have no right under these Terms and Conditions to use our
+trademarks, trade names, service marks or product names.
+
+## Grant of Future License
+
+We hereby irrevocably grant you an additional license to use the Software under
+the MIT license that is effective on the second anniversary of the date we make
+the Software available. On or after that date, you may use the Software under
+the MIT license, in which case the following will apply:
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/options/license/Game-Programming-Gems b/options/license/Game-Programming-Gems
new file mode 100644
index 0000000000..25549ebb38
--- /dev/null
+++ b/options/license/Game-Programming-Gems
@@ -0,0 +1,8 @@
+Original version Copyright (C) Scott Bilas, 2000.
+All rights reserved worldwide.
+
+This software is provided "as is" without express or implied
+warranties. You may freely copy and compile this source into
+applications you distribute provided that the copyright text
+below is included in the resulting source code, for example:
+"Portions Copyright (C) Scott Bilas, 2000"
diff --git a/options/license/HDF5 b/options/license/HDF5
new file mode 100644
index 0000000000..b4cb77559c
--- /dev/null
+++ b/options/license/HDF5
@@ -0,0 +1,96 @@
+Copyright Notice and License Terms for
+HDF5 (Hierarchical Data Format 5) Software Library and Utilities
+-----------------------------------------------------------------------------
+
+HDF5 (Hierarchical Data Format 5) Software Library and Utilities
+Copyright 2006 by The HDF Group.
+
+NCSA HDF5 (Hierarchical Data Format 5) Software Library and Utilities
+Copyright 1998-2006 by The Board of Trustees of the University of Illinois.
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted for any purpose (including commercial purposes)
+provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions, and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions, and the following disclaimer in the documentation
+   and/or materials provided with the distribution.
+
+3. Neither the name of The HDF Group, the name of the University, nor the
+   name of any Contributor may be used to endorse or promote products derived
+   from this software without specific prior written permission from
+   The HDF Group, the University, or the Contributor, respectively.
+
+DISCLAIMER:
+THIS SOFTWARE IS PROVIDED BY THE HDF GROUP AND THE CONTRIBUTORS
+"AS IS" WITH NO WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED. IN NO
+EVENT SHALL THE HDF GROUP OR THE CONTRIBUTORS BE LIABLE FOR ANY DAMAGES
+SUFFERED BY THE USERS ARISING OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+You are under no obligation whatsoever to provide any bug fixes, patches, or
+upgrades to the features, functionality or performance of the source code
+("Enhancements") to anyone; however, if you choose to make your Enhancements
+available either publicly, or directly to The HDF Group, without imposing a
+separate written license agreement for such Enhancements, then you hereby
+grant the following license: a non-exclusive, royalty-free perpetual license
+to install, use, modify, prepare derivative works, incorporate into other
+computer software, distribute, and sublicense such enhancements or derivative
+works thereof, in binary and source code form.
+
+-----------------------------------------------------------------------------
+-----------------------------------------------------------------------------
+
+Contributors:   National Center for Supercomputing Applications (NCSA) at
+the University of Illinois, Fortner Software, Unidata Program Center
+(netCDF), The Independent JPEG Group (JPEG), Jean-loup Gailly and Mark Adler
+(gzip), and Digital Equipment Corporation (DEC).
+
+-----------------------------------------------------------------------------
+
+Portions of HDF5 were developed with support from the Lawrence Berkeley
+National Laboratory (LBNL) and the United States Department of Energy
+under Prime Contract No. DE-AC02-05CH11231.
+
+-----------------------------------------------------------------------------
+
+Portions of HDF5 were developed with support from Lawrence Livermore
+National Laboratory and the United States Department of Energy under
+Prime Contract No. DE-AC52-07NA27344.
+
+-----------------------------------------------------------------------------
+
+Portions of HDF5 were developed with support from the University of
+California, Lawrence Livermore National Laboratory (UC LLNL).
+The following statement applies to those portions of the product and must
+be retained in any redistribution of source code, binaries, documentation,
+and/or accompanying materials:
+
+   This work was partially produced at the University of California,
+   Lawrence Livermore National Laboratory (UC LLNL) under contract
+   no. W-7405-ENG-48 (Contract 48) between the U.S. Department of Energy
+   (DOE) and The Regents of the University of California (University)
+   for the operation of UC LLNL.
+
+   DISCLAIMER:
+   THIS WORK WAS PREPARED AS AN ACCOUNT OF WORK SPONSORED BY AN AGENCY OF
+   THE UNITED STATES GOVERNMENT. NEITHER THE UNITED STATES GOVERNMENT NOR
+   THE UNIVERSITY OF CALIFORNIA NOR ANY OF THEIR EMPLOYEES, MAKES ANY
+   WARRANTY, EXPRESS OR IMPLIED, OR ASSUMES ANY LIABILITY OR RESPONSIBILITY
+   FOR THE ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION,
+   APPARATUS, PRODUCT, OR PROCESS DISCLOSED, OR REPRESENTS THAT ITS USE
+   WOULD NOT INFRINGE PRIVATELY- OWNED RIGHTS. REFERENCE HEREIN TO ANY
+   SPECIFIC COMMERCIAL PRODUCTS, PROCESS, OR SERVICE BY TRADE NAME,
+   TRADEMARK, MANUFACTURER, OR OTHERWISE, DOES NOT NECESSARILY CONSTITUTE
+   OR IMPLY ITS ENDORSEMENT, RECOMMENDATION, OR FAVORING BY THE UNITED
+   STATES GOVERNMENT OR THE UNIVERSITY OF CALIFORNIA. THE VIEWS AND
+   OPINIONS OF AUTHORS EXPRESSED HEREIN DO NOT NECESSARILY STATE OR REFLECT
+   THOSE OF THE UNITED STATES GOVERNMENT OR THE UNIVERSITY OF CALIFORNIA,
+   AND SHALL NOT BE USED FOR ADVERTISING OR PRODUCT ENDORSEMENT PURPOSES.
+
+-----------------------------------------------------------------------------
diff --git a/options/license/HIDAPI b/options/license/HIDAPI
new file mode 100644
index 0000000000..e0b5d70c04
--- /dev/null
+++ b/options/license/HIDAPI
@@ -0,0 +1,2 @@
+This software may be used by anyone for any reason so long
+as the copyright notice in the source files remains intact.
diff --git a/options/license/HPND-Netrek b/options/license/HPND-Netrek
new file mode 100644
index 0000000000..5c3cb650f4
--- /dev/null
+++ b/options/license/HPND-Netrek
@@ -0,0 +1,10 @@
+Copyright (C) 1995 S. M. Patel (smpatel@wam.umd.edu)
+
+Permission to use, copy, modify, and distribute this
+software and its documentation for any purpose and without
+fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright
+notice and this permission notice appear in supporting
+documentation.  No representations are made about the
+suitability of this software for any purpose.  It is
+provided "as is" without express or implied warranty.
diff --git a/options/license/HPND-SMC b/options/license/HPND-SMC
new file mode 100644
index 0000000000..79c1e948e4
--- /dev/null
+++ b/options/license/HPND-SMC
@@ -0,0 +1,15 @@
+Copyright 2000, Mojam Media, Inc., all rights reserved. Author: Skip Montanaro
+
+Copyright 1999, Bioreason, Inc., all rights reserved. Author: Andrew Dalke
+
+Copyright 1995-1997, Automatrix, Inc., all rights reserved. Author: Skip Montanaro
+
+Copyright 1991-1995, Stichting Mathematisch Centrum, all rights reserved.
+
+Permission to use, copy, modify, and distribute this Python software and its
+associated documentation for any purpose without fee is hereby granted,
+provided that the above copyright notice appears in all copies, and that both
+that copyright notice and this permission notice appear in supporting
+documentation, and that the name of neither Automatrix, Bioreason or Mojam
+Media be used in advertising or publicity pertaining to distribution of the
+software without specific, written prior permission.
diff --git a/options/license/HPND-sell-variant-critical-systems b/options/license/HPND-sell-variant-critical-systems
new file mode 100644
index 0000000000..b71219d4c2
--- /dev/null
+++ b/options/license/HPND-sell-variant-critical-systems
@@ -0,0 +1,20 @@
+Alan Cox <alan@redhat.com>
+Permission to use, copy, modify, distribute, and sell this software and its
+documentation for any purpose is hereby granted without fee, provided that
+the above copyright notice appear in all copies and that both that
+copyright notice and this permission notice appear in supporting
+documentation, and that the names of Red Hat, Alan Cox and Henrik Harmsen
+not be used in advertising or publicity pertaining to distribution of the
+software without specific, written prior permission.  Th authors make no
+representations about the suitability of this software for any purpose.
+It is provided "as is" without express or implied warranty.
+THE AUTHORS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+EVENT SHALL RICHARD HECKER BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE,
+DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+PERFORMANCE OF THIS SOFTWARE.
+
+THIS SOFTWARE IS NOT DESIGNED FOR USE IN SAFETY CRITICAL SYSTEMS OF
+ANY KIND OR FORM.
diff --git a/options/license/ISO-permission b/options/license/ISO-permission
new file mode 100644
index 0000000000..fc0ddeab3b
--- /dev/null
+++ b/options/license/ISO-permission
@@ -0,0 +1,4 @@
+(C) International Organization for Standardization 1986
+Permission to copy in any form is granted for use with
+conforming SGML systems and applications as defined 
+in ISO 8879, provided this notice is included in all copies.
diff --git a/options/license/Independent-modules-exception b/options/license/Independent-modules-exception
new file mode 100644
index 0000000000..8f66dba6ab
--- /dev/null
+++ b/options/license/Independent-modules-exception
@@ -0,0 +1,18 @@
+This is the file COPYING.FPC, it applies to the Free Pascal Run-Time Library 
+(RTL) and packages (packages) distributed by members of the Free Pascal 
+Development Team.
+
+The source code of the Free Pascal Runtime Libraries and packages are 
+distributed under the Library GNU General Public License 
+(see the file COPYING) with the following modification:
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent modules,
+and to copy and distribute the resulting executable under terms of your choice,
+provided that you also meet, for each linked independent module, the terms
+and conditions of the license of that module. An independent module is a module
+which is not derived from or based on this library. If you modify this
+library, you may extend this exception to your version of the library, but you are
+not obligated to do so. If you do not wish to do so, delete this exception
+statement from your version.
diff --git a/options/license/InnoSetup b/options/license/InnoSetup
new file mode 100644
index 0000000000..337584e6d1
--- /dev/null
+++ b/options/license/InnoSetup
@@ -0,0 +1,27 @@
+Inno Setup License
+==================
+
+Except where otherwise noted, all of the documentation and software included in the Inno Setup
+package is copyrighted by Jordan Russell.
+
+Copyright (C) 1997-2024 Jordan Russell. All rights reserved.
+Portions Copyright (C) 2000-2024 Martijn Laan. All rights reserved.
+
+This software is provided "as-is," without any express or implied warranty. In no event shall the
+author be held liable for any damages arising from the use of this software.
+
+Permission is granted to anyone to use this software for any purpose, including commercial
+applications, and to alter and redistribute it, provided that the following conditions are met:
+
+1. All redistributions of source code files must retain all copyright notices that are currently in
+   place, and this list of conditions without modification.
+
+2. All redistributions in binary form must retain all occurrences of the above copyright notice and
+   web site addresses that are currently in place (for example, in the About boxes).
+
+3. The origin of this software must not be misrepresented; you must not claim that you wrote the
+   original software. If you use this software to distribute a product, an acknowledgment in the
+   product documentation would be appreciated but is not required.
+
+4. Modified versions in source or binary form must be plainly marked as such, and must not be
+   misrepresented as being the original software.
diff --git a/options/license/MIPS b/options/license/MIPS
new file mode 100644
index 0000000000..cf57a05639
--- /dev/null
+++ b/options/license/MIPS
@@ -0,0 +1,4 @@
+Copyright (c) 1992, 1991, 1990 MIPS Computer Systems, Inc.
+MIPS Computer Systems, Inc. grants reproduction and use
+rights to all parties, PROVIDED that this comment is
+maintained in the copy.
diff --git a/options/license/MIT b/options/license/MIT
index 2071b23b0e..d817195dad 100644
--- a/options/license/MIT
+++ b/options/license/MIT
@@ -2,8 +2,17 @@ MIT License
 
 Copyright (c) <year> <copyright holders>
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
+following conditions:
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all copies or substantial
+portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
+EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/options/license/MIT-STK b/options/license/MIT-STK
new file mode 100644
index 0000000000..40397a37b1
--- /dev/null
+++ b/options/license/MIT-STK
@@ -0,0 +1,27 @@
+The Synthesis ToolKit in C++ (STK)
+
+Copyright (c) 1995-2023 Perry R. Cook and Gary P. Scavone
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+Any person wishing to distribute modifications to the Software is
+asked to send the modifications to the original developer so that they
+can be incorporated into the canonical version.  This is, however, not
+a binding provision of this license.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
+ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/options/license/MIT-open-group b/options/license/MIT-open-group
index ff185d30ed..18ee4889bd 100644
--- a/options/license/MIT-open-group
+++ b/options/license/MIT-open-group
@@ -12,10 +12,10 @@ in all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL BE LIABLE FOR ANY CLAIM, DAMAGES
-OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
-OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
-THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
 
 Except as contained in this notice, the name of The Open Group
 shall not be used in advertising or otherwise to promote the sale, use
diff --git a/options/license/MMPL-1.0.1 b/options/license/MMPL-1.0.1
new file mode 100644
index 0000000000..6556291ea2
--- /dev/null
+++ b/options/license/MMPL-1.0.1
@@ -0,0 +1,87 @@
+Minecraft Mod Public License
+============================
+
+Version 1.0.1
+
+0. Definitions
+--------------
+
+Minecraft: Denotes a copy of the Minecraft game licensed by Mojang AB
+
+User: Anybody that interacts with the software in one of the following ways:
+   - play
+   - decompile
+   - recompile or compile
+   - modify
+   - distribute
+
+Mod: The mod code designated by the present license, in source form, binary
+form, as obtained standalone, as part of a wider distribution or resulting from
+the compilation of the original or modified sources.
+
+Dependency: Code required for the mod to work properly. This includes
+dependencies required to compile the code as well as any file or modification
+that is explicitely or implicitely required for the mod to be working.
+
+1. Scope
+--------
+
+The present license is granted to any user of the mod. As a prerequisite,
+a user must own a legally acquired copy of Minecraft
+
+2. Liability
+------------
+
+This mod is provided 'as is' with no warranties, implied or otherwise. The owner
+of this mod takes no responsibility for any damages incurred from the use of
+this mod. This mod alters fundamental parts of the Minecraft game, parts of
+Minecraft may not work with this mod installed. All damages caused from the use
+or misuse of this mad fall on the user.
+
+3. Play rights
+--------------
+
+The user is allowed to install this mod on a client or a server and to play
+without restriction.
+
+4. Modification rights
+----------------------
+
+The user has the right to decompile the source code, look at either the
+decompiled version or the original source code, and to modify it.
+
+5. Derivation rights
+--------------------
+
+The user has the rights to derive code from this mod, that is to say to
+write code that extends or instanciate the mod classes or interfaces, refer to
+its objects, or calls its functions. This code is known as "derived" code, and
+can be licensed under a license different from this mod.
+
+6. Distribution of original or modified copy rights
+---------------------------------------------------
+
+Is subject to distribution rights this entire mod in its various forms. This
+include:
+   - original binary or source forms of this mod files
+   - modified versions of these binaries or source files, as well as binaries
+     resulting from source modifications
+   - patch to its source or binary files
+   - any copy of a portion of its binary source files
+
+The user is allowed to redistribute this mod partially, in totality, or
+included in a distribution.
+
+When distributing binary files, the user must provide means to obtain its
+entire set of sources or modified sources at no costs.
+
+All distributions of this mod must remain licensed under the MMPL.
+
+All dependencies that this mod have on other mods or classes must be licensed
+under conditions comparable to this version of MMPL, with the exception of the
+Minecraft code and the mod loading framework (e.g. ModLoader, ModLoaderMP or
+Bukkit).
+
+Modified version of binaries and sources, as well as files containing sections
+copied from this mod, should be distributed under the terms of the present
+license.
diff --git a/options/license/Motosoto b/options/license/Motosoto
index 4add8c6a39..a25cff026e 100644
--- a/options/license/Motosoto
+++ b/options/license/Motosoto
@@ -1,110 +1,372 @@
 MOTOSOTO OPEN SOURCE LICENSE - Version 0.9.1
 
-This Motosoto Open Source License (the "License") applies to "Community Portal Server" and related software products as well as any updatesor maintenance releases of that software ("Motosoto Products") that are distributed by Motosoto.Com B.V. ("Licensor"). Any Motosoto Product licensed pursuant to this License is a "Licensed Product." Licensed Product, in its entirety, is protected by Dutch copyright law. This License identifies the terms under which you may use, copy, distribute or modify Licensed Product and has been submitted to the Open Software Initiative (OSI) for approval.
+This Motosoto Open Source License (the "License") applies to "Community Portal Server" and related 
+software products as well as any updatesor maintenance releases of that software ("Motosoto 
+Products") that are distributed by Motosoto.Com B.V. ("Licensor"). Any Motosoto Product licensed 
+pursuant to this License is a "Licensed Product." Licensed Product, in its entirety, is protected 
+by Dutch copyright law. This License identifies the terms under which you may use, copy, distribute 
+or modify Licensed Product and has been submitted to the Open Software Initiative (OSI) for 
+approval.
 
 Preamble
 
-This Preamble is intended to describe, in plain English, the nature and scope of this License. However, this Preamble is not a part of this license. The legal effect of this License is dependent only upon the terms of the License and not this Preamble. This License complies with the Open Source Definition and has been approved by Open Source Initiative. Software distributed under this License may be marked as "OSI Certified Open Source Software."
+This Preamble is intended to describe, in plain English, the nature and scope of this License. 
+However, this Preamble is not a part of this license. The legal effect of this License is dependent 
+only upon the terms of the License and not this Preamble. This License complies with the Open 
+Source Definition and has been approved by Open Source Initiative. Software distributed under this 
+License may be marked as "OSI Certified Open Source Software."
 
 This License provides that:
 
-1. You may use, sell or give away the Licensed Product, alone or as a component of an aggregate software distribution containing programs from several different sources. No royalty or other fee is required.
+1. You may use, sell or give away the Licensed Product, alone or as a component of an aggregate 
+software distribution containing programs from several different sources. No royalty or other fee 
+is required.
 
-2. Both Source Code and executable versions of the Licensed Product, including Modifications made by previous Contributors, are available for your use. (The terms "Licensed Product," "Modifications," "Contributors" and "Source Code" are defined in the License.)
+2. Both Source Code and executable versions of the Licensed Product, including Modifications made 
+by previous Contributors, are available for your use. (The terms "Licensed Product," 
+"Modifications," "Contributors" and "Source Code" are defined in the License.)
 
-3. You are allowed to make Modifications to the Licensed Product, and you can create Derivative Works from it. (The term "Derivative Works" is defined in the License.)
+3. You are allowed to make Modifications to the Licensed Product, and you can create Derivative 
+Works from it. (The term "Derivative Works" is defined in the License.)
 
-4. By accepting the Licensed Product under the provisions of this License, you agree that any Modifications you make to the Licensed Product and then distribute are governed by the provisions of this License. In particular, you must make the Source Code of your Modifications available to others.
+4. By accepting the Licensed Product under the provisions of this License, you agree that any 
+Modifications you make to the Licensed Product and then distribute are governed by the provisions 
+of this License. In particular, you must make the Source Code of your Modifications available to 
+others.
 
-5. You may use the Licensed Product for any purpose, but the Licensor is not providing you any warranty whatsoever, nor is the Licensor accepting any liability in the event that the Licensed Product doesn't work properly or causes you any injury or damages.
+5. You may use the Licensed Product for any purpose, but the Licensor is not providing you any 
+warranty whatsoever, nor is the Licensor accepting any liability in the event that the Licensed 
+Product doesn't work properly or causes you any injury or damages.
 
-6. If you sublicense the Licensed Product or Derivative Works, you may charge fees for warranty or support, or for accepting indemnity or liability obligations to your customers. You cannot charge for the Source Code.
+6. If you sublicense the Licensed Product or Derivative Works, you may charge fees for warranty or 
+support, or for accepting indemnity or liability obligations to your customers. You cannot charge 
+for the Source Code.
 
-7. If you assert any patent claims against the Licensor relating to the Licensed Product, or if you breach any terms of the License, your rights to the Licensed Product under this License automatically terminate.
+7. If you assert any patent claims against the Licensor relating to the Licensed Product, or if you 
+breach any terms of the License, your rights to the Licensed Product under this License 
+automatically terminate.
 
-You may use this License to distribute your own Derivative Works, in which case the provisions of this License will apply to your Derivative Works just as they do to the original Licensed Product.
+You may use this License to distribute your own Derivative Works, in which case the provisions of 
+this License will apply to your Derivative Works just as they do to the original Licensed Product.
 
-Alternatively, you may distribute your Derivative Works under any other OSI-approved Open Source license, or under a proprietary license of your choice. If you use any license other than this License, however, you must continue to fulfill the requirements of this License (including the provisions relating to publishing the Source Code) for those portions of your Derivative Works that consist of the Licensed Product, including the files containing Modifications.
+Alternatively, you may distribute your Derivative Works under any other OSI-approved Open Source 
+license, or under a proprietary license of your choice. If you use any license other than this 
+License, however, you must continue to fulfill the requirements of this License (including the 
+provisions relating to publishing the Source Code) for those portions of your Derivative Works that 
+consist of the Licensed Product, including the files containing Modifications.
 
-New versions of this License may be published from time to time. You may choose to continue to use the license terms in this version of the License or those from the new version. However, only the Licensor has the right to change the License terms as they apply to the Licensed Product. This License relies on precise definitions for certain terms. Those terms are defined when they are first used, and the definitions are repeated for your convenience in a Glossary at the end of the License.
+New versions of this License may be published from time to time. You may choose to continue to use 
+the license terms in this version of the License or those from the new version. However, only the 
+Licensor has the right to change the License terms as they apply to the Licensed Product. This 
+License relies on precise definitions for certain terms. Those terms are defined when they are 
+first used, and the definitions are repeated for your convenience in a Glossary at the end of the 
+License.
 
 License Terms
 
 1. Grant of License From Licensor.
 
-Licensor hereby grants you a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims, to do the following:
+Licensor hereby grants you a world-wide, royalty-free, non-exclusive license, subject to third 
+party intellectual property claims, to do the following:
 
-     a. Use, reproduce, modify, display, perform, sublicense and distribute Licensed Product or portions thereof (including Modifications as hereinafter defined), in both Source Code or as an executable program. "Source Code" means the preferred form for making modifications to the Licensed Product, including all modules contained therein, plus any associated interface definition files, scripts used to control compilation and installation of an executable program, or a list of differential comparisons against the Source Code of the Licensed Product.
+     a. Use, reproduce, modify, display, perform, sublicense and distribute Licensed Product or 
+portions thereof (including Modifications as hereinafter defined), in both Source Code or as an 
+executable program. "Source Code" means the preferred form for making modifications to the Licensed 
+Product, including all modules contained therein, plus any associated interface definition files, 
+scripts used to control compilation and installation of an executable program, or a list of 
+differential comparisons against the Source Code of the Licensed Product.
 
-     b. Create Derivative Works (as that term is defined under Dutch copyright law) of Licensed Product by adding to or deleting from the substance or structure of said Licensed Product.
+     b. Create Derivative Works (as that term is defined under Dutch copyright law) of Licensed 
+Product by adding to or deleting from the substance or structure of said Licensed Product.
 
-     c. Under claims of patents now or hereafter owned or controlled by Licensor, to make, use, sell, offer for sale, have made, and/or otherwise dispose of Licensed Product or portions thereof, but solely to the extent that any such claim is necessary to enable you to make, use, sell, offer for sale, have made, and/or otherwise dispose of Licensed Product or portions thereof or Derivative Works thereof.
+     c. Under claims of patents now or hereafter owned or controlled by Licensor, to make, use, 
+sell, offer for sale, have made, and/or otherwise dispose of Licensed Product or portions thereof, 
+but solely to the extent that any such claim is necessary to enable you to make, use, sell, offer 
+for sale, have made, and/or otherwise dispose of Licensed Product or portions thereof or Derivative 
+Works thereof.
 
 2. Grant of License to Modifications From Contributor.
 
-"Modifications" means any additions to or deletions from the substance or structure of (i) a file containing Licensed Product, or (ii) any new file that contains any part of Licensed Product. Hereinafter in this License, the term "Licensed Product" shall include all previous Modifications that you receive from any Contributor. By application of the provisions in Section 4(a) below, each person or entity who created or contributed to the creation of, and distributed, a Modification (a "Contributor") hereby grants you a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims, to do the following:
+"Modifications" means any additions to or deletions from the substance or structure of (i) a file 
+containing Licensed Product, or (ii) any new file that contains any part of Licensed Product. 
+Hereinafter in this License, the term "Licensed Product" shall include all previous Modifications 
+that you receive from any Contributor. By application of the provisions in Section 4(a) below, each 
+person or entity who created or contributed to the creation of, and distributed, a Modification (a 
+"Contributor") hereby grants you a world-wide, royalty-free, non-exclusive license, subject to 
+third party intellectual property claims, to do the following:
 
-     a. Use, reproduce, modify, display, perform, sublicense and distribute any Modifications created by such Contributor or portions thereof, in both Source Code or as an executable program, either on an unmodified basis or as part of Derivative Works.
+     a. Use, reproduce, modify, display, perform, sublicense and distribute any Modifications 
+created by such Contributor or portions thereof, in both Source Code or as an executable program, 
+either on an unmodified basis or as part of Derivative Works.
 
-     b. Under claims of patents now or hereafter owned or controlled by Contributor, to make, use, sell, offer for sale, have made, and/or otherwise dispose of Modifications or portions thereof, but solely to the extent that any such claim is necessary to enable you to make, use, sell, offer for sale, have made, and/or otherwise dispose of Modifications or portions thereof or Derivative Works thereof.
+     b. Under claims of patents now or hereafter owned or controlled by Contributor, to make, use, 
+sell, offer for sale, have made, and/or otherwise dispose of Modifications or portions thereof, but 
+solely to the extent that any such claim is necessary to enable you to make, use, sell, offer for 
+sale, have made, and/or otherwise dispose of Modifications or portions thereof or Derivative Works 
+thereof.
 
 3. Exclusions From License Grant.
 
-Nothing in this License shall be deemed to grant any rights to trademarks, copyrights, patents, trade secrets or any other intellectual property of Licensor or any Contributor except as expressly stated herein. No patent license is granted separate from the Licensed Product, for code that you delete from the Licensed Product, or for combinations of the Licensed Product with other software or hardware. No right is granted to the trademarks of Licensor or any Contributor even if such marks are included in the Licensed Product. Nothing in this License shall be interpreted to prohibit Licensor from licensing under different terms from this License any code that Licensor otherwise would have a right to license.
+Nothing in this License shall be deemed to grant any rights to trademarks, copyrights, patents, 
+trade secrets or any other intellectual property of Licensor or any Contributor except as expressly 
+stated herein. No patent license is granted separate from the Licensed Product, for code that you 
+delete from the Licensed Product, or for combinations of the Licensed Product with other software 
+or hardware. No right is granted to the trademarks of Licensor or any Contributor even if such 
+marks are included in the Licensed Product. Nothing in this License shall be interpreted to 
+prohibit Licensor from licensing under different terms from this License any code that Licensor 
+otherwise would have a right to license.
 
 4. Your Obligations Regarding Distribution.
 
-     a. Application of This License to Your Modifications. As an express condition for your use of the Licensed Product, you hereby agree that any Modifications that you create or to which you contribute, and which you distribute, are governed by the terms of this License including, without limitation, Section 2. Any Modifications that you create or to which you contribute may be distributed only under the terms of this License or a future version of this License released under Section 7. You must include a copy of this License with every copy of the Modifications you distribute. You agree not to offer or impose any terms on any Source Code or executable version of the Licensed Product or Modifications that alter or restrict the applicable version of this License or the recipients' rights hereunder. However, you may include an additional document offering the additional rights described in Section 4(e).
+     a. Application of This License to Your Modifications. As an express condition for your use of 
+the Licensed Product, you hereby agree that any Modifications that you create or to which you 
+contribute, and which you distribute, are governed by the terms of this License including, without 
+limitation, Section 2. Any Modifications that you create or to which you contribute may be 
+distributed only under the terms of this License or a future version of this License released under 
+Section 7. You must include a copy of this License with every copy of the Modifications you 
+distribute. You agree not to offer or impose any terms on any Source Code or executable version of 
+the Licensed Product or Modifications that alter or restrict the applicable version of this License 
+or the recipients' rights hereunder. However, you may include an additional document offering the 
+additional rights described in Section 4(e).
 
-     b. Availability of Source Code. You must make available, under the terms of this License, the Source Code of the Licensed Product and any Modifications that you distribute, either on the same media as you distribute any executable or other form of the Licensed Product, or via a mechanism generally accepted in the software development community for the electronic transfer of data (an "Electronic Distribution Mechanism"). The Source Code for any version of Licensed Product or Modifications that you distribute must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of said Licensed Product or Modifications has been made available. You are responsible for ensuring that the Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party.
+     b. Availability of Source Code. You must make available, under the terms of this License, the 
+Source Code of the Licensed Product and any Modifications that you distribute, either on the same 
+media as you distribute any executable or other form of the Licensed Product, or via a mechanism 
+generally accepted in the software development community for the electronic transfer of data (an 
+"Electronic Distribution Mechanism"). The Source Code for any version of Licensed Product or 
+Modifications that you distribute must remain available for at least twelve (12) months after the 
+date it initially became available, or at least six (6) months after a subsequent version of said 
+Licensed Product or Modifications has been made available. You are responsible for ensuring that 
+the Source Code version remains available even if the Electronic Distribution Mechanism is 
+maintained by a third party.
 
-     c. Description of Modifications. You must cause any Modifications that you create or to which you contribute, and which you distribute, to contain a file documenting the additions, changes or deletions you made to create or contribute to those Modifications, and the dates of any such additions, changes or deletions. You must include a prominent statement that the Modifications are derived, directly or indirectly, from the Licensed Product and include the names of the Licensor and any Contributor to the Licensed Product in (i) the Source Code and (ii) in any notice displayed by a version of the Licensed Product you distribute or in related documentation in which you describe the origin or ownership of the Licensed Product. You may not modify or delete any preexisting copyright notices in the Licensed Product.
+     c. Description of Modifications. You must cause any Modifications that you create or to which 
+you contribute, and which you distribute, to contain a file documenting the additions, changes or 
+deletions you made to create or contribute to those Modifications, and the dates of any such 
+additions, changes or deletions. You must include a prominent statement that the Modifications are 
+derived, directly or indirectly, from the Licensed Product and include the names of the Licensor 
+and any Contributor to the Licensed Product in (i) the Source Code and (ii) in any notice displayed 
+by a version of the Licensed Product you distribute or in related documentation in which you 
+describe the origin or ownership of the Licensed Product. You may not modify or delete any 
+preexisting copyright notices in the Licensed Product.
 
      d. Intellectual Property Matters.
-          i. Third Party Claims. If you have knowledge that a license to a third party's intellectual property right is required to exercise the rights granted by this License, you must include a text file with the Source Code distribution titled "LEGAL" that describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact. If you obtain such knowledge after you make any Modifications available as described in Section 4(b), you shall promptly modify the LEGAL file in all copies you make available thereafter and shall take other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to inform those who received the Licensed Product from you that new knowledge has been obtained.
+          i. Third Party Claims. If you have knowledge that a license to a third party's 
+intellectual property right is required to exercise the rights granted by this License, you must 
+include a text file with the Source Code distribution titled "LEGAL" that describes the claim and 
+the party making the claim in sufficient detail that a recipient will know whom to contact. If you 
+obtain such knowledge after you make any Modifications available as described in Section 4(b), you 
+shall promptly modify the LEGAL file in all copies you make available thereafter and shall take 
+other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to 
+inform those who received the Licensed Product from you that new knowledge has been obtained.
 
-          ii. Contributor APIs. If your Modifications include an application programming interface ("API") and you have knowledge of patent licenses that are reasonably necessary to implement that API, you must also include this information in the LEGAL file.
+          ii. Contributor APIs. If your Modifications include an application programming interface 
+("API") and you have knowledge of patent licenses that are reasonably necessary to implement that 
+API, you must also include this information in the LEGAL file.
 
-          iii. Representations. You represent that, except as disclosed pursuant to 4(d)(i) above, you believe that any Modifications you distribute are your original creations and that you have sufficient rights to grant the rights conveyed by this License.
+          iii. Representations. You represent that, except as disclosed pursuant to 4(d)(i) above, 
+you believe that any Modifications you distribute are your original creations and that you have 
+sufficient rights to grant the rights conveyed by this License.
 
-     e. Required Notices. You must duplicate this License in any documentation you provide along with the Source Code of any Modifications you create or to which you contribute, and which you distribute, wherever you describe recipients' rights relating to Licensed Product. You must duplicate the notice contained in Exhibit A (the "Notice") in each file of the Source Code of any copy you distribute of the Licensed Product. If you created a Modification, you may add your name as a Contributor to the Notice. If it is not possible to put the Notice in a particular Source Code file due to its structure, then you must include such Notice in a location (such as a relevant directory file) where a user would be likely to look for such a notice. You may choose to offer, and charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Licensed Product. However, you may do so only on your own behalf, and not on behalf of the Licensor or any Contributor. You must make it clear that any such warranty, support, indemnity or liability obligation is offered by you alone, and you hereby agree to indemnify the Licensor and every Contributor for any liability incurred by the Licensor or such Contributor as a result of warranty, support, indemnity or liability terms you offer.
+     e. Required Notices. You must duplicate this License in any documentation you provide along 
+with the Source Code of any Modifications you create or to which you contribute, and which you 
+distribute, wherever you describe recipients' rights relating to Licensed Product. You must 
+duplicate the notice contained in Exhibit A (the "Notice") in each file of the Source Code of any 
+copy you distribute of the Licensed Product. If you created a Modification, you may add your name 
+as a Contributor to the Notice. If it is not possible to put the Notice in a particular Source Code 
+file due to its structure, then you must include such Notice in a location (such as a relevant 
+directory file) where a user would be likely to look for such a notice. You may choose to offer, 
+and charge a fee for, warranty, support, indemnity or liability obligations to one or more 
+recipients of Licensed Product. However, you may do so only on your own behalf, and not on behalf 
+of the Licensor or any Contributor. You must make it clear that any such warranty, support, 
+indemnity or liability obligation is offered by you alone, and you hereby agree to indemnify the 
+Licensor and every Contributor for any liability incurred by the Licensor or such Contributor as a 
+result of warranty, support, indemnity or liability terms you offer.
 
-     f. Distribution of Executable Versions. You may distribute Licensed Product as an executable program under a license of your choice that may contain terms different from this License provided (i) you have satisfied the requirements of Sections 4(a) through 4(e) for that distribution, (ii) you include a conspicuous notice in the executable version, related documentation and collateral materials stating that the Source Code version of the Licensed Product is available under the terms of this License, including a description of how and where you have fulfilled the obligations of Section 4(b), (iii) you retain all existing copyright notices in the Licensed Product, and (iv) you make it clear that any terms that differ from this License are offered by you alone, not by Licensor or any Contributor. You hereby agree to indemnify the Licensor and every Contributor for any liability incurred by Licensor or such Contributor as a result of any terms you offer.
+     f. Distribution of Executable Versions. You may distribute Licensed Product as an executable 
+program under a license of your choice that may contain terms different from this License provided 
+(i) you have satisfied the requirements of Sections 4(a) through 4(e) for that distribution, (ii) 
+you include a conspicuous notice in the executable version, related documentation and collateral 
+materials stating that the Source Code version of the Licensed Product is available under the terms 
+of this License, including a description of how and where you have fulfilled the obligations of 
+Section 4(b), (iii) you retain all existing copyright notices in the Licensed Product, and (iv) you 
+make it clear that any terms that differ from this License are offered by you alone, not by 
+Licensor or any Contributor. You hereby agree to indemnify the Licensor and every Contributor for 
+any liability incurred by Licensor or such Contributor as a result of any terms you offer.
 
-     g. Distribution of Derivative Works. You may create Derivative Works (e.g., combinations of some or all of the Licensed Product with other code) and distribute the Derivative Works as products under any other license you select, with the proviso that the requirements of this License are fulfilled for those portions of the Derivative Works that consist of the Licensed Product or any Modifications thereto.
+     g. Distribution of Derivative Works. You may create Derivative Works (e.g., combinations of 
+some or all of the Licensed Product with other code) and distribute the Derivative Works as 
+products under any other license you select, with the proviso that the requirements of this License 
+are fulfilled for those portions of the Derivative Works that consist of the Licensed Product or 
+any Modifications thereto.
 
 5. Inability to Comply Due to Statute or Regulation.
 
-If it is impossible for you to comply with any of the terms of this License with respect to some or all of the Licensed Product due to statute, judicial order, or regulation, then you must (i) comply with the terms of this License to the maximum extent possible, (ii) cite the statute or regulation that prohibits you from adhering to the License, and (iii) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in Section 4(d), and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill at computer programming to be able to understand it.
+If it is impossible for you to comply with any of the terms of this License with respect to some or 
+all of the Licensed Product due to statute, judicial order, or regulation, then you must (i) comply 
+with the terms of this License to the maximum extent possible, (ii) cite the statute or regulation 
+that prohibits you from adhering to the License, and (iii) describe the limitations and the code 
+they affect. Such description must be included in the LEGAL file described in Section 4(d), and 
+must be included with all distributions of the Source Code. Except to the extent prohibited by 
+statute or regulation, such description must be sufficiently detailed for a recipient of ordinary 
+skill at computer programming to be able to understand it.
 
 6. Application of This License.
 
-This License applies to code to which Licensor or Contributor has attached the Notice in Exhibit A, which is incorporated herein by this reference.
+This License applies to code to which Licensor or Contributor has attached the Notice in Exhibit A, 
+which is incorporated herein by this reference.
 
 7. Versions of This License.
 
-     a. Version. The Motosoto Open Source License is derived from the Jabber Open Source License. All changes are related to applicable law and the location of court.
+     a. Version. The Motosoto Open Source License is derived from the Jabber Open Source License. 
+All changes are related to applicable law and the location of court.
 
-     b. New Versions. Licensor may publish from time to time revised and/or new versions of the License.
+     b. New Versions. Licensor may publish from time to time revised and/or new versions of the 
+License.
 
-     c. Effect of New Versions. Once Licensed Product has been published under a particular version of the License, you may always continue to use it under the terms of that version. You may also choose to use such Licensed Product under the terms of any subsequent version of the License published by Licensor. No one other than Lic ensor has the right to modify the terms applicable to Licensed Product created under this License.
+     c. Effect of New Versions. Once Licensed Product has been published under a particular version 
+of the License, you may always continue to use it under the terms of that version. You may also 
+choose to use such Licensed Product under the terms of any subsequent version of the License 
+published by Licensor. No one other than Lic ensor has the right to modify the terms applicable to 
+Licensed Product created under this License.
 
-     d. Derivative Works of this License. If you create or use a modified version of this License, which you may do only in order to apply it to software that is not already a Licensed Product under this License, you must rename your license so that it is not confusingly similar to this License, and must make it clear that your license contains terms that differ from this License. In so naming your license, you may not use any trademark of Licensor or any Contributor.
+     d. Derivative Works of this License. If you create or use a modified version of this License, 
+which you may do only in order to apply it to software that is not already a Licensed Product under 
+this License, you must rename your license so that it is not confusingly similar to this License, 
+and must make it clear that your license contains terms that differ from this License. In so naming 
+your license, you may not use any trademark of Licensor or any Contributor.
 
 8. Disclaimer of Warranty.
 
-LICENSED PRODUCT IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE LICENSED PRODUCT IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LICENSED PRODUCT IS WITH YOU. SHOULD LICENSED PRODUCT PROVE DEFECTIVE IN ANY RESPECT, YOU (AND NOT THE LICENSOR OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF LICENSED PRODUCT IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
+LICENSED PRODUCT IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, 
+EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE LICENSED PRODUCT IS 
+FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS 
+TO THE QUALITY AND PERFORMANCE OF THE LICENSED PRODUCT IS WITH YOU. SHOULD LICENSED PRODUCT PROVE 
+DEFECTIVE IN ANY RESPECT, YOU (AND NOT THE LICENSOR OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF 
+ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL 
+PART OF THIS LICENSE. NO USE OF LICENSED PRODUCT IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS 
+DISCLAIMER.
 
 9. Termination.
 
-     a. Automatic Termination Upon Breach. This license and the rights granted hereunder will terminate automatically if you fail to comply with the terms herein and fail to cure such breach within thirty (30) days of becoming aware of the breach. All sublicenses to the Licensed Product that are properly granted shall survive any termination of this license. Provisions that, by their nature, must remain in effect beyond the termination of this License, shall survive.
+     a. Automatic Termination Upon Breach. This license and the rights granted hereunder will 
+terminate automatically if you fail to comply with the terms herein and fail to cure such breach 
+within thirty (30) days of becoming aware of the breach. All sublicenses to the Licensed Product 
+that are properly granted shall survive any termination of this license. Provisions that, by their 
+nature, must remain in effect beyond the termination of this License, shall survive.
 
-     b. Termination Upon Assertion of Patent Infringement. If you initiate litigation by asserting a patent infringement claim (excluding declaratory judgment actions) against Licensor or a Contributor (Licensor or Contributor against whom you file such an action is referred to herein as "Respondent") alleging that Licensed Product directly or indirectly infringes any patent, then any and all rights granted by such Respondent to you under Sections 1 or 2 of this License shall terminate prospectively upon sixty (60) days notice from Respondent (the "Notice Period") unless within that Notice Period you either agree in writing (i) to pay Respondent a mutually agreeable reasonably royalty for your past or future use of Licensed Product made by such Respondent, or (ii) withdraw your litigation claim with respect to Licensed Product against such Respondent. If within said Notice Period a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Licensor to you under Sections 1 and 2 automatically terminate at the expiration of said Notice Period.
+     b. Termination Upon Assertion of Patent Infringement. If you initiate litigation by asserting 
+a patent infringement claim (excluding declaratory judgment actions) against Licensor or a 
+Contributor (Licensor or Contributor against whom you file such an action is referred to herein as 
+"Respondent") alleging that Licensed Product directly or indirectly infringes any patent, then any 
+and all rights granted by such Respondent to you under Sections 1 or 2 of this License shall 
+terminate prospectively upon sixty (60) days notice from Respondent (the "Notice Period") unless 
+within that Notice Period you either agree in writing (i) to pay Respondent a mutually agreeable 
+reasonably royalty for your past or future use of Licensed Product made by such Respondent, or (ii) 
+withdraw your litigation claim with respect to Licensed Product against such Respondent. If within 
+said Notice Period a reasonable royalty and payment arrangement are not mutually agreed upon in 
+writing by the parties or the litigation claim is not withdrawn, the rights granted by Licensor to 
+you under Sections 1 and 2 automatically terminate at the expiration of said Notice Period.
 
-     c. Reasonable Value of This License. If you assert a patent infringement claim against Respondent alleging that Licensed Product directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by said Respondent under Sections 1 and 2 shall be taken into account in determining the amount or value of any payment or license.
+     c. Reasonable Value of This License. If you assert a patent infringement claim against 
+Respondent alleging that Licensed Product directly or indirectly infringes any patent where such 
+claim is resolved (such as by license or settlement) prior to the initiation of patent infringement 
+litigation, then the reasonable value of the licenses granted by said Respondent under Sections 1 
+and 2 shall be taken into account in determining the amount or value of any payment or license.
 
-     d. No Retroactive Effect of Termination. In the event of termination under Sections 9(a) or 9(b) above, all end user license agreements (excluding licenses to distributors and reselle rs) that have been validly granted by you or any distributor hereunder prior to termination shall survive termination.
+     d. No Retroactive Effect of Termination. In the event of termination under Sections 9(a) or 
+9(b) above, all end user license agreements (excluding licenses to distributors and reselle rs) 
+that have been validly granted by you or any distributor hereunder prior to termination shall 
+survive termination.
 
 10. Limitation of Liability.
 
-UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL THE LICENSOR, ANY CONTRIBUTOR, OR ANY DISTRIBUTOR OF LICENSED PRODUCT, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY
+UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR 
+OTHERWISE, SHALL THE LICENSOR, ANY CONTRIBUTOR, OR ANY DISTRIBUTOR OF LICENSED PRODUCT, OR ANY 
+SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR 
+CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, 
+WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, 
+EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF 
+LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY's
+NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE 
+EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY 
+NOT APPLY TO YOU.
+
+11. Responsibility for Claims. 
+    
+As between Licensor and Contributors, each party is responsible for claims and damages arising, 
+directly or indirectly, out of its utilization of rights under this License. You agree to work with 
+Licensor and Contributors to distribute such responsibility on an equitable basis. Nothing herein is 
+intended or shall be deemed to constitute any admission of liability.
+
+12. U.S. Government End Users. 
+
+The Licensed Product is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), 
+consisting of "commercial computer software" and "commercial computer software documentation," 
+as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 
+48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire 
+Licensed Product with only those rights set forth herein.
+
+13. Miscellaneous. 
+This License represents the complete agreement concerning the subject matter hereof. If any 
+provision of this License is held to be unenforceable, such provision shall be reformed only 
+to the extent necessary to make it enforceable. This License shall be governed by Dutch law 
+provisions. The application of the United Nations Convention on Contracts for the International 
+Sale of Goods is expressly excluded. You and Licensor expressly waive any rights to a jury trial 
+in any litigation concerning Licensed Product or this License. Any law or regulation that provides 
+that the language of a contract shall be construed against the drafter shall not apply to this License.
+
+14. Definition of "You" in This License. 
+"You" throughout this License, whether in upper or lower case, means an individual or a legal entity 
+exercising rights under, and complying with all of the terms of, this License or a future version of 
+this License issued under Section 7. For legal entities, "you" includes any entity that controls, is 
+controlled by, or is under common control with you. For purposes of this definition, "control" means 
+(i) the power, direct or indirect, to cause the direction or management of such entity, whether by 
+contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, 
+or (iii) beneficial ownership of such entity.
+
+15. Glossary.
+All defined terms in this License that are used in more than one Section of this License are 
+repeated here, in alphabetical order, for the convenience of the reader. The Section of this 
+License in which each defined term is first used is shown in parentheses. 
+
+Contributor: Each person or entity who created or contributed to the creation of, and distributed, a Modification. (See Section 2)
+
+Derivative Works: That term as used in this License is defined under Dutch copyright law. (See Section 1(b))
+
+License: This Motosoto Open Source License. (See first paragraph of License)
+
+Licensed Product: Any Motosoto Product licensed pursuant to this License. The term
+"Licensed Product" includes all previous Modifications from any Contributor that you receive. 
+(See first paragraph of License and Section 2)
+
+Licensor: Motosoto.Com B.V.. (See first paragraph of License)
+
+Modifications: Any additions to or deletions from the substance or structure of (i) a file 
+containing Licensed Product, or (ii) any new file that contains any part of Licensed Product. (See Section 2)
+
+Notice: The notice contained in Exhibit A. (See Section 4(e))
+
+Source Code: The preferred form for making modifications to the Licensed Product, including 
+all modules contained therein, plus any associated interface definition files, scripts used 
+to control compilation and installation of an executable program, or a list of differential 
+comparisons against the Source Code of the Licensed Product. (See Section 1(a))
+
+You: This term is defined in Section 14 of this License.
+ 
+EXHIBIT A
+The Notice below must appear in each file of the Source Code of any copy you distribute of the Licensed Product or any Modifications thereto. Contributors to any Modifications may add their own copyright notices to identify their own contributions.
+
+License:
+The contents of this file are subject to the Motosoto Open Source License Version 0.9 (the "License"). You may not copy or use this file, in either source code or executable form, except in compliance with the License. You may obtain a copy of the License at http://www.motosoto.com/license/ or at http://www.opensource.org/.
+
+Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License.
+
+Copyrights:
+Portions created by or assigned to Motosoto.com B.V. are Copyright (c) 2000-2001 Motosoto.com B.V.
+All Rights Reserved. Contact information for Motosoto.com B.V. is available at http://www.motosoto.com/.
+
+Acknowledgements
+Special thanks to the Motosoto Open Source Contributors for their suggestions and support of Motosoto.
+
+Modifications:
diff --git a/options/license/NIST-PD-TNT b/options/license/NIST-PD-TNT
new file mode 100644
index 0000000000..51202893ac
--- /dev/null
+++ b/options/license/NIST-PD-TNT
@@ -0,0 +1,3 @@
+This software was developed at the National Institute of Standards and Technology (NIST) by employees of the Federal Government in the course of their official duties. Pursuant to title 17 Section 105 of the United States Code this software is not subject to copyright protection and is in the public domain. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guarantees, expressed or implied, about its quality, reliability, or any other characteristic.
+
+We would appreciate acknowledgement if the software is incorporated in redistributable libraries or applications.
diff --git a/options/license/NTIA-PD b/options/license/NTIA-PD
new file mode 100644
index 0000000000..f451790073
--- /dev/null
+++ b/options/license/NTIA-PD
@@ -0,0 +1,13 @@
+SOFTWARE DISCLAIMER / RELEASE
+
+This software was developed by employees of the National Telecommunications and Information Administration (NTIA), an agency of the Federal Government and is provided to you as a public service.  Pursuant to Title 15 United States Code Section 105, works of NTIA employees are not subject to copyright protection within the United States.
+
+The software is provided by NTIA “AS IS.”  NTIA MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. NTIA does not warrant or make any representations regarding the use of the software or the results thereof, including but not limited to the correctness, accuracy, reliability or usefulness of the software. 
+
+To the extent that NTIA holds rights in countries other than the United States, you are hereby granted the non-exclusive irrevocable and unconditional right to print, publish, prepare derivative works and distribute the NTIA software, in any medium, or authorize others to do so on your behalf, on a royalty-free basis throughout the World.
+
+You may improve, modify, and create derivative works of the software or any portion of the software, and you may copy and distribute such modifications or works. Modified works should carry a notice stating that you changed the software and should note the date and nature of any such change.
+
+You are solely responsible for determining the appropriateness of using and distributing the software and you assume all risks associated with its use, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and the unavailability or interruption of operation. This software is not intended to be used in any situation where a failure could cause risk of injury or damage to property. 
+
+Please provide appropriate acknowledgments of NTIA’s creation of the software in any copies or derivative works of this software.
diff --git a/options/license/Net-SNMP b/options/license/Net-SNMP
deleted file mode 100644
index 9ec271072f..0000000000
--- a/options/license/Net-SNMP
+++ /dev/null
@@ -1,107 +0,0 @@
- ---- Part 1: CMU/UCD copyright notice: (BSD like) -----
-
- Copyright 1989, 1991, 1992 by Carnegie Mellon University
-
- Derivative Work - 1996, 1998-2000 Copyright 1996, 1998-2000 The Regents of the University of California
-
- All Rights Reserved
-
-Permission to use, copy, modify and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appears in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of CMU and The Regents of the University of California not be used in advertising or publicity pertaining to distribution of the software without specific written permission.
-
-CMU AND THE REGENTS OF THE UNIVERSITY OF CALIFORNIA DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL CMU OR THE REGENTS OF THE UNIVERSITY OF CALIFORNIA BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM THE LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
----- Part 2: Networks Associates Technology, Inc copyright notice (BSD) -----
-
-Copyright (c) 2001-2003, Networks Associates Technology, Inc All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-     * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-     * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-     * Neither the name of the Networks Associates Technology, Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
----- Part 3: Cambridge Broadband Ltd. copyright notice (BSD) -----
-
-Portions of this code are copyright (c) 2001-2003, Cambridge Broadband Ltd. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-     * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-     * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-     * The name of Cambridge Broadband Ltd. may not be used to endorse or promote products derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
----- Part 4: Sun Microsystems, Inc. copyright notice (BSD) -----
-
-Copyright © 2003 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved.
-
-Use is subject to license terms below.
-
-This distribution may include materials developed by third parties.
-
-Sun, Sun Microsystems, the Sun logo and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries.
-
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-     * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-
-     * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-
-     * Neither the name of the Sun Microsystems, Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
----- Part 5: Sparta, Inc copyright notice (BSD) -----
-
-Copyright (c) 2003-2009, Sparta, Inc All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-     * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-     * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-     * Neither the name of Sparta, Inc nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
----- Part 6: Cisco/BUPTNIC copyright notice (BSD) -----
-
-Copyright (c) 2004, Cisco, Inc and Information Network Center of Beijing University of Posts and Telecommunications. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-     * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-     * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-     * Neither the name of Cisco, Inc, Beijing University of Posts and Telecommunications, nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
----- Part 7: Fabasoft R&D Software GmbH & Co KG copyright notice (BSD) -----
-
-Copyright (c) Fabasoft R&D Software GmbH & Co KG, 2003 oss@fabasoft.com Author: Bernhard Penz
-
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-     * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-
-     * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-
-     * The name of Fabasoft R&D Software GmbH & Co KG or any of its subsidiaries, brand or product names may not be used to endorse or promote products derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDER ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
----- Part 8: Apple Inc. copyright notice (BSD) -----
-
-Copyright (c) 2007 Apple Inc. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-     1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-     2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-     3. Neither the name of Apple Inc. ("Apple") nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
----- Part 9: ScienceLogic, LLC copyright notice (BSD) -----
-
-Copyright (c) 2009, ScienceLogic, LLC All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
-     * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-     * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
-     * Neither the name of ScienceLogic, LLC nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/options/license/OSSP b/options/license/OSSP
new file mode 100644
index 0000000000..92a1d4705d
--- /dev/null
+++ b/options/license/OSSP
@@ -0,0 +1,26 @@
+COPYRIGHT AND LICENSE
+
+  Copyright (c) 2001-2005 Ralf S. Engelschall <rse@engelschall.com>
+  Copyright (c) 2001-2005 The OSSP Project <http://www.ossp.org/>
+  Copyright (c) 2001-2005 Cable & Wireless <http://www.cw.com/>
+
+  This file is part of OSSP var, a variable expansion
+  library which can be found at http://www.ossp.org/pkg/lib/var/.
+
+  Permission to use, copy, modify, and distribute this software for
+  any purpose with or without fee is hereby granted, provided that
+  the above copyright notice and this permission notice appear in all
+  copies.
+
+  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
+  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  SUCH DAMAGE.
diff --git a/options/license/OpenMDW-1.0 b/options/license/OpenMDW-1.0
new file mode 100644
index 0000000000..5166ede9b6
--- /dev/null
+++ b/options/license/OpenMDW-1.0
@@ -0,0 +1,49 @@
+OpenMDW License Agreement, version 1.0 (OpenMDW-1.0)
+
+By exercising rights granted to you under this agreement, you accept and agree
+to its terms.
+
+As used in this agreement, "Model Materials" means the materials provided to
+you under this agreement, consisting of: (1) one or more machine learning
+models (including architecture and parameters); and (2) all related artifacts
+(including associated data, documentation and software) that are provided to
+you hereunder.
+
+Subject to your compliance with this agreement, permission is hereby granted,
+free of charge, to deal in the Model Materials without restriction, including
+under all copyright, patent, database, and trade secret rights included or
+embodied therein.
+
+If you distribute any portion of the Model Materials, you shall retain in your
+distribution (1) a copy of this agreement, and (2) all copyright notices and
+other notices of origin included in the Model Materials that are applicable to
+your distribution.
+
+If you file, maintain, or voluntarily participate in a lawsuit against any
+person or entity asserting that the Model Materials directly or indirectly
+infringe any patent, then all rights and grants made to you hereunder are
+terminated, unless that lawsuit was in response to a corresponding lawsuit
+first brought against you.
+
+This agreement does not impose any restrictions or obligations with respect to
+any use, modification, or sharing of any outputs generated by using the Model
+Materials.
+
+THE MODEL MATERIALS ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, ACCURACY, OR THE
+ABSENCE OF LATENT OR OTHER DEFECTS OR ERRORS, WHETHER OR NOT DISCOVERABLE, ALL
+TO THE GREATEST EXTENT PERMISSIBLE UNDER APPLICABLE LAW.
+
+YOU ARE SOLELY RESPONSIBLE FOR (1) CLEARING RIGHTS OF OTHER PERSONS THAT MAY
+APPLY TO THE MODEL MATERIALS OR ANY USE THEREOF, INCLUDING WITHOUT LIMITATION
+ANY PERSON'S COPYRIGHTS OR OTHER RIGHTS INCLUDED OR EMBODIED IN THE MODEL
+MATERIALS; (2) OBTAINING ANY NECESSARY CONSENTS, PERMISSIONS OR OTHER RIGHTS
+REQUIRED FOR ANY USE OF THE MODEL MATERIALS; OR (3) PERFORMING ANY DUE
+DILIGENCE OR UNDERTAKING ANY OTHER INVESTIGATIONS INTO THE MODEL MATERIALS OR
+ANYTHING INCORPORATED OR EMBODIED THEREIN.
+
+IN NO EVENT SHALL THE PROVIDERS OF THE MODEL MATERIALS BE LIABLE FOR ANY CLAIM,
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE MODEL MATERIALS, THE
+USE THEREOF OR OTHER DEALINGS THEREIN.
diff --git a/options/license/ParaType-Free-Font-1.3 b/options/license/ParaType-Free-Font-1.3
new file mode 100644
index 0000000000..21f8140887
--- /dev/null
+++ b/options/license/ParaType-Free-Font-1.3
@@ -0,0 +1,24 @@
+ParaType Free Font Licensing Agreement
+
+Copyright (c) 2009, ParaType Ltd. All Rights Reserved.
+
+LICENSING AGREEMENT
+for the fonts with Original Name: PT Sans, PT Serif, PT Mono
+Version 1.3 - January 20, 2012
+
+GRANT OF LICENSE
+ParaType Ltd grants you the right to use, copy, modify the fonts and distribute modified and unmodified copies of the fonts by any means, including placing on Web servers for free downloading, embedding in documents and Web pages, bundling with commercial and non commercial products, if it does not conflict with the conditions listed below:
+
+- You may bundle the fonts with commercial software, but you may not sell the fonts by themselves. They are free.
+
+- You may distribute the fonts in modified or unmodified versions only together with this Licensing Agreement and with above copyright notice. You have no right to modify the text of Licensing Agreement. It can be placed in a separate text file or inserted into the font file, but it must be easily viewed by users.
+
+- You may not distribute modified version of the font under the Original name or а combination of Original name with any other words without explicit written permission from ParaType.
+
+TERMINATION & TERRITORY
+This license has no limits on time and territory, but it becomes null and void if any of the above conditions are not met.
+
+DISCLAIMER
+THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL PARATYPE BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM OTHER DEALINGS IN THE FONT SOFTWARE.
+
+ParaType Ltd
diff --git a/options/license/Ruby-pty b/options/license/Ruby-pty
new file mode 100644
index 0000000000..c817762f84
--- /dev/null
+++ b/options/license/Ruby-pty
@@ -0,0 +1,10 @@
+(c) Copyright 1998 by Akinori Ito.
+
+This software may be redistributed freely for this purpose, in full
+or in part, provided that this entire copyright notice is included
+on any copies of this software and applications and derivations thereof.
+
+This software is provided on an "as is" basis, without warranty of any
+kind, either expressed or implied, as to any matter including, but not
+limited to warranty of fitness of purpose, or merchantability, or
+results obtained from use of this software.
diff --git a/options/license/SGMLUG-PM b/options/license/SGMLUG-PM
new file mode 100644
index 0000000000..552f8be94a
--- /dev/null
+++ b/options/license/SGMLUG-PM
@@ -0,0 +1,43 @@
+LICENSE AND DISCLAIMER OF WARRANTIES
+
+      Standard Generalized Markup Language Users' Group (SGMLUG)
+                         SGML Parser Materials
+
+                              1. License
+
+SGMLUG hereby grants to any user: (1) an irrevocable royalty-free,
+worldwide, non-exclusive license to use, execute, reproduce, display,
+perform and distribute copies of, and to prepare derivative works
+based upon these materials; and (2) the right to authorize others to
+do any of the foregoing.
+
+                     2. Disclaimer of Warranties
+
+(a) The SGML Parser Materials are provided "as is" to any USER.  USER
+assumes responsibility for determining the suitability of the SGML
+Parser Materials for its use and for results obtained.  SGMLUG makes
+no warranty that any errors have been eliminated from the SGML Parser
+Materials or that they can be eliminated by USER.  SGMLUG shall not
+provide any support maintenance or other aid to USER or its licensees
+with respect to SGML Parser Materials.  SGMLUG shall not be
+responsible for losses of any kind resulting from use of the SGML
+Parser Materials including (without limitation) any liability for
+business expense, machine downtime, or damages caused to USER or third
+parties by any deficiency, defect, error, or malfunction.
+
+(b) SGMLUG DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, ARISING OUT
+OF OR RELATING TO THE SGML PARSER MATERIALS OR ANY USE THEREOF,
+INCLUDING (WITHOUT LIMITATION) ANY WARRANTY WHATSOEVER AS TO THE
+FITNESS FOR A PARTICULAR USE OR THE MERCHANTABILITY OF THE SGML PARSER
+MATERIALS.
+
+(c) In no event shall SGMLUG be liable to USER or third parties
+licensed by USER for any indirect, special, incidental, or
+consequential damages (including lost profits).
+(d) SGMLUG has no knowledge of any conditions that would impair its right
+to license the SGML Parser Materials.  Notwithstanding the foregoing,
+SGMLUG does not make any warranties or representations that the
+SGML Parser Materials are free of claims by third parties of patent,
+copyright infringement or the like, nor does SGMLUG assume any
+liability in respect of any such infringement of rights of third
+parties due to USER's operation under this license.
diff --git a/options/license/SMAIL-GPL b/options/license/SMAIL-GPL
new file mode 100644
index 0000000000..be799ec39d
--- /dev/null
+++ b/options/license/SMAIL-GPL
@@ -0,0 +1,144 @@
+SMAIL GENERAL PUBLIC LICENSE
+		       (Clarified 11 Feb 1988)
+
+ Copyright (C)  1988 Landon Curt Noll & Ronald S. Karr
+ Copyright (C)  1992 Ronald S. Karr
+ Copyleft (GNU) 1988 Landon Curt Noll & Ronald S. Karr
+
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license, but changing it is not allowed.  You can also
+ use this wording to make the terms for other programs.
+
+  The license agreements of most software companies keep you at the
+mercy of those companies.  By contrast, our general public license is
+intended to give everyone the right to share SMAIL.  To make sure that
+you get the rights we want you to have, we need to make restrictions
+that forbid anyone to deny you these rights or to ask you to surrender
+the rights.  Hence this license agreement.
+
+  Specifically, we want to make sure that you have the right to give
+away copies of SMAIL, that you receive source code or else can get it
+if you want it, that you can change SMAIL or use pieces of it in new
+free programs, and that you know you can do these things.
+
+  To make sure that everyone has such rights, we have to forbid you to
+deprive anyone else of these rights.  For example, if you distribute
+copies of SMAIL, you must give the recipients all the rights that you
+have.  You must make sure that they, too, receive or can get the
+source code.  And you must tell them their rights.
+
+  Also, for our own protection, we must make certain that everyone
+finds out that there is no warranty for SMAIL.  If SMAIL is modified by
+someone else and passed on, we want its recipients to know that what
+they have is not what we distributed, so that any problems introduced
+by others will not reflect on our reputation.
+
+  Therefore we (Landon Curt Noll and Ronald S. Karr) make the following 
+terms which say what you must do to be allowed to distribute or change 
+SMAIL.
+
+
+			COPYING POLICIES
+
+  1. You may copy and distribute verbatim copies of SMAIL source code
+as you receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy a valid copyright notice "Copyright
+(C) 1988 Landon Curt Noll & Ronald S. Karr" (or with whatever year is
+appropriate); keep intact the notices on all files that refer to this
+License Agreement and to the absence of any warranty; and give any
+other recipients of the SMAIL program a copy of this License
+Agreement along with the program.  You may charge a distribution fee
+for the physical act of transferring a copy.
+
+  2. You may modify your copy or copies of SMAIL or any portion of it,
+and copy and distribute such modifications under the terms of
+Paragraph 1 above, provided that you also do the following:
+
+    a) cause the modified files to carry prominent notices stating
+    that you changed the files and the date of any change; and
+
+    b) cause the whole of any work that you distribute or publish,
+    that in whole or in part contains or is a derivative of SMAIL or
+    any part thereof, to be licensed at no charge to all third
+    parties on terms identical to those contained in this License
+    Agreement (except that you may choose to grant more extensive
+    warranty protection to some or all third parties, at your option).
+
+    c) You may charge a distribution fee for the physical act of
+    transferring a copy, and you may at your option offer warranty
+    protection in exchange for a fee.
+
+Mere aggregation of another unrelated program with this program (or its
+derivative) on a volume of a storage or distribution medium does not bring
+the other program under the scope of these terms.
+
+  3. You may copy and distribute SMAIL (or a portion or derivative of it,
+under Paragraph 2) in object code or executable form under the terms of
+Paragraphs 1 and 2 above provided that you also do one of the following:
+
+    a) accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of
+    Paragraphs 1 and 2 above; or,
+
+    b) accompany it with a written offer, valid for at least three
+    years, to give any third party free (except for a nominal
+    shipping charge) a complete machine-readable copy of the
+    corresponding source code, to be distributed under the terms of
+    Paragraphs 1 and 2 above; or,
+
+    c) accompany it with the information you received as to where the
+    corresponding source code may be obtained.  (This alternative is
+    allowed only for non-commercial distribution and only if you
+    received the program in object code or executable form alone.)
+
+For an executable file, complete source code means all the source code for
+all modules it contains; but, as a special exception, it need not include
+source code for modules which are standard libraries that accompany the
+operating system on which the executable file runs.
+
+  4. You may not copy, sublicense, distribute or transfer SMAIL
+except as expressly provided under this License Agreement.  Any attempt
+otherwise to copy, sublicense, distribute or transfer SMAIL is void and
+your rights to use the program under this License agreement shall be
+automatically terminated.  However, parties who have received computer
+software programs from you with this License Agreement will not have
+their licenses terminated so long as such parties remain in full compliance.
+
+  5. If you wish to incorporate parts of SMAIL into other free
+programs whose distribution conditions are different, write to Landon
+Curt Noll & Ronald S. Karr via the Free Software Foundation at 51
+Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.  We have not yet
+worked out a simple rule that can be stated here, but we will often
+permit this.  We will be guided by the two goals of preserving the
+free status of all derivatives of our free software and of promoting
+the sharing and reuse of software.
+
+Your comments and suggestions about our licensing policies and our
+software are welcome!  This contract was based on the contract made by
+the Free Software Foundation.  Please contact the Free Software
+Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
+USA, or call (617) 542-5942 for details on copylefted material in
+general.
+
+		       NO WARRANTY
+
+  BECAUSE SMAIL IS LICENSED FREE OF CHARGE, WE PROVIDE ABSOLUTELY NO
+WARRANTY, TO THE EXTENT PERMITTED BY APPLICABLE STATE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING, LANDON CURT NOLL & RONALD S. KARR AND/OR
+OTHER PARTIES PROVIDE SMAIL "AS IS" WITHOUT WARRANTY OF ANY KIND,
+EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF SMAIL IS WITH
+YOU.  SHOULD SMAIL PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL
+NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW WILL LANDON CURT NOLL &
+RONALD S. KARR AND/OR ANY OTHER PARTY WHO MAY MODIFY AND REDISTRIBUTE
+SMAIL AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+LOST PROFITS, LOST MONIES, OR OTHER SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE
+(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
+INACCURATE OR LOSSES SUSTAINED BY THIRD PARTIES OR A FAILURE OF THE
+PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS) SMAIL, EVEN IF YOU HAVE
+BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY
+ANY OTHER PARTY.
diff --git a/options/license/SOFA b/options/license/SOFA
new file mode 100644
index 0000000000..d9529497c3
--- /dev/null
+++ b/options/license/SOFA
@@ -0,0 +1,90 @@
+Copyright (C) 2023
+Standards of Fundamental Astronomy Board
+of the International Astronomical Union.
+
+=====================
+SOFA Software License
+=====================
+
+NOTICE TO USER:
+
+BY USING THIS SOFTWARE YOU ACCEPT THE FOLLOWING SIX TERMS AND
+CONDITIONS WHICH APPLY TO ITS USE.
+
+1. The Software is owned by the IAU SOFA Board ("SOFA").
+
+2. Permission is granted to anyone to use the SOFA software for any
+purpose, including commercial applications, free of charge and
+without payment of royalties, subject to the conditions and
+restrictions listed below.
+
+3. You (the user) may copy and distribute SOFA source code to others,
+and use and adapt its code and algorithms in your own software,
+on a world-wide, royalty-free basis.  That portion of your
+distribution that does not consist of intact and unchanged copies
+of SOFA source code files is a "derived work" that must comply
+with the following requirements:
+
+     a) Your work shall be marked or carry a statement that it
+        (i) uses routines and computations derived by you from
+        software provided by SOFA under license to you; and
+        (ii) does not itself constitute software provided by and/or
+        endorsed by SOFA.
+
+     b) The source code of your derived work must contain descriptions
+        of how the derived work is based upon, contains and/or differs
+        from the original SOFA software.
+
+     c) The names of all routines in your derived work shall not
+        include the prefix "iau" or "sofa" or trivial modifications
+        thereof such as changes of case.
+
+     d) The origin of the SOFA components of your derived work must
+        not be misrepresented;  you must not claim that you wrote the
+        original software, nor file a patent application for SOFA
+        software or algorithms embedded in the SOFA software.
+
+     e) These requirements must be reproduced intact in any source
+        distribution and shall apply to anyone to whom you have
+        granted a further right to modify the source code of your
+        derived work.
+
+     Note that, as originally distributed, the SOFA software is
+     intended to be a definitive implementation of the IAU standards,
+     and consequently third-party modifications are discouraged.  All
+     variations, no matter how minor, must be explicitly marked as
+     such, as explained above.
+
+  4. You shall not cause the SOFA software to be brought into
+     disrepute, either by misuse, or use for inappropriate tasks, or
+     by inappropriate modification.
+
+  5. The SOFA software is provided "as is" and SOFA makes no warranty
+     as to its use or performance.   SOFA does not and cannot warrant
+     the performance or results which the user may obtain by using the
+     SOFA software.  SOFA makes no warranties, express or implied, as
+     to non-infringement of third party rights, merchantability, or
+     fitness for any particular purpose.  In no event will SOFA be
+     liable to the user for any consequential, incidental, or special
+     damages, including any lost profits or lost savings, even if a
+     SOFA representative has been advised of such damages, or for any
+     claim by any third party.
+
+  6. The provision of any version of the SOFA software under the terms
+     and conditions specified herein does not imply that future
+     versions will also be made available under the same terms and
+     conditions.
+
+  In any published work or commercial product which uses the SOFA
+  software directly, acknowledgement (see www.iausofa.org) is
+  appreciated.
+
+  Correspondence concerning SOFA software should be addressed as
+  follows:
+      By email:  sofa@ukho.gov.uk
+      By post:   IAU SOFA Center
+                 HM Nautical Almanac Office
+                 UK Hydrographic Office
+                 Admiralty Way, Taunton
+                 Somerset, TA1 2DN
+                 United Kingdom
diff --git a/options/license/SUL-1.0 b/options/license/SUL-1.0
new file mode 100644
index 0000000000..119672697d
--- /dev/null
+++ b/options/license/SUL-1.0
@@ -0,0 +1,73 @@
+Sustainable Use License
+
+Version 1.0
+
+Acceptance
+
+By using the software, you agree to all of the terms and conditions below.
+
+Copyright License
+
+The licensor grants you a non-exclusive, royalty-free, worldwide, non-sublicensable, non-transferable license
+to use, copy, distribute, make available, and prepare derivative works of the software, in each case subject
+to the limitations below.
+
+Limitations
+
+You may use or modify the software only for your own internal business purposes or for non-commercial or
+personal use. You may distribute the software or provide it to others only if you do so free of charge for
+non-commercial purposes. You may not alter, remove, or obscure any licensing, copyright, or other notices of
+the licensor in the software. Any use of the licensor’s trademarks is subject to applicable law.
+
+Patents
+
+The licensor grants you a license, under any patent claims the licensor can license, or becomes able to
+license, to make, have made, use, sell, offer for sale, import and have imported the software, in each case
+subject to the limitations and conditions in this license. This license does not cover any patent claims that
+you cause to be infringed by modifications or additions to the software. If you or your company make any
+written claim that the software infringes or contributes to infringement of any patent, your patent license
+for the software granted under these terms ends immediately. If your company makes such a claim, your patent
+license ends immediately for work on behalf of your company.
+
+Notices
+
+You must ensure that anyone who gets a copy of any part of the software from you also gets a copy of these
+terms. If you modify the software, you must include in any modified copies of the software a prominent notice
+stating that you have modified the software.
+
+No Other Rights
+
+These terms do not imply any licenses other than those expressly granted in these terms.
+
+Termination
+
+If you use the software in violation of these terms, such use is not licensed, and your license will
+automatically terminate. If the licensor provides you with a notice of your violation, and you cease all
+violation of this license no later than 30 days after you receive that notice, your license will be reinstated
+retroactively. However, if you violate these terms after such reinstatement, any additional violation of these
+terms will cause your license to terminate automatically and permanently.
+
+No Liability
+
+As far as the law allows, the software comes as is, without any warranty or condition, and the licensor will
+not be liable to you for any damages arising out of these terms or the use or nature of the software, under
+any kind of legal claim.
+
+Definitions
+
+The “licensor” is the entity offering these terms.
+
+The “software” is the software the licensor makes available under these terms, including any portion of it.
+
+“You” refers to the individual or entity agreeing to these terms.
+
+“Your company” is any legal entity, sole proprietorship, or other kind of organization that you work for, plus
+all organizations that have control over, are under the control of, or are under common control with that
+organization. Control means ownership of substantially all the assets of an entity, or the power to direct its
+management and policies by vote, contract, or otherwise. Control can be direct or indirect.
+
+“Your license” is the license granted to you for the software under these terms.
+
+“Use” means anything you do with the software requiring your license.
+
+“Trademark” means trademarks, service marks, and similar rights.
diff --git a/options/license/Sendmail-Open-Source-1.1 b/options/license/Sendmail-Open-Source-1.1
new file mode 100644
index 0000000000..054f719ee5
--- /dev/null
+++ b/options/license/Sendmail-Open-Source-1.1
@@ -0,0 +1,75 @@
+SENDMAIL OPEN SOURCE LICENSE
+
+The following license terms and conditions apply to this open source
+software ("Software"), unless a different license is obtained directly
+from Sendmail, Inc. ("Sendmail") located at 6475 Christie Ave, Suite 350,
+Emeryville, CA 94608, USA.
+
+Use, modification and redistribution (including distribution of any
+modified or derived work) of the Software in source and binary forms is
+permitted only if each of the following conditions of 1-6 are met:
+
+1. Redistributions of the Software qualify as "freeware" or "open
+   source software" under one of the following terms:
+
+   (a) Redistributions are made at no charge beyond the reasonable
+       cost of materials and delivery; or
+
+   (b) Redistributions are accompanied by a copy of the modified
+       Source Code (on an acceptable machine-readable medium) or by an
+       irrevocable offer to provide a copy of the modified Source Code
+       (on an acceptable machine-readable medium) for up to three years
+       at the cost of materials and delivery. Such redistributions must
+       allow further use, modification, and redistribution of the Source
+       Code under substantially the same terms as this license. For
+       the purposes of redistribution "Source Code" means the complete
+       human-readable, compilable, linkable, and operational source
+       code of the redistributed module(s) including all modifications.
+
+2. Redistributions of the Software Source Code must retain the
+   copyright notices as they appear in each Source Code file, these
+   license terms and conditions, and the disclaimer/limitation of
+   liability set forth in paragraph 6 below. Redistributions of the
+   Software Source Code must also comply with the copyright notices
+   and/or license terms and conditions imposed by contributors on
+   embedded code. The contributors' license terms and conditions
+   and/or copyright notices are contained in the Source Code
+   distribution.
+
+3. Redistributions of the Software in binary form must reproduce the
+   Copyright Notice described below, these license terms and conditions,
+   and the disclaimer/limitation of liability set forth in paragraph
+   6 below, in the documentation and/or other materials provided with
+   the binary distribution.  For the purposes of binary distribution,
+   "Copyright Notice" refers to the following language: "Copyright (c)
+   1998-2009 Sendmail, Inc. All rights reserved."
+
+4. Neither the name, trademark or logo of Sendmail, Inc. (including
+   without limitation its subsidiaries or affiliates) or its contributors
+   may be used to endorse or promote products, or software or services
+   derived from this Software without specific prior written permission.
+   The name "sendmail" is a registered trademark and service mark of
+   Sendmail, Inc.
+
+5. We reserve the right to cancel this license if you do not comply with 
+   the terms.  This license is governed by California law and both of us 
+   agree that for any dispute arising out of or relating to this Software, 
+   that jurisdiction and venue is proper in San Francisco or Alameda 
+   counties.  These license terms and conditions reflect the complete 
+   agreement for the license of the Software (which means this supercedes 
+   prior or contemporaneous agreements or representations).  If any term
+   or condition under this license is found to be invalid, the remaining
+   terms and conditions still apply.
+
+6. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY
+   SENDMAIL AND ITS CONTRIBUTORS "AS IS" WITHOUT WARRANTY OF ANY KIND
+   AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+   IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. IN NO EVENT SHALL SENDMAIL
+   OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+   TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+   OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+   OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+   WITHOUT LIMITATION NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+   USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
diff --git a/options/license/Simple-Library-Usage-exception b/options/license/Simple-Library-Usage-exception
new file mode 100644
index 0000000000..2db2bbe10f
--- /dev/null
+++ b/options/license/Simple-Library-Usage-exception
@@ -0,0 +1,33 @@
+EXCEPTION NOTICE
+
+1. As a special exception, the copyright holders of this library give
+permission for additional uses of the text contained in this release
+of the library as licensed under the Simple Library Usage License,
+applying either version 1 of the License, or (at your option) any
+later version of the License as published by the copyright holders of
+version 1 of the License document.
+
+2. The exception is that you may combine or link a "work that uses the
+Library" (as defined by the LGPL) with the Library to produce a work
+containing portions of the Library in binary form, and distribute that
+work under terms of your choice, provided that:
+
+  a) You give prominent notice with each copy of the work that the
+  Library is used in it.
+
+  b) If the work during execution displays copyright notices, you must
+  include the copyright notice for the Library among them.
+
+3. If you copy code from files distributed under the terms of the GNU
+General Public License or the GNU Lesser General Public License into a
+copy of this library, as this license permits, the exception does not
+apply to the code that you add in this way.  To avoid misleading
+anyone as to the status of such modified files, you must delete this
+exception notice from such code and/or adjust the licensing conditions
+notice accordingly.
+
+4. If you write modifications of your own for this library, it is your
+choice whether to permit this exception to apply to your
+modifications.  If you do not wish that, you must delete the exception
+notice from such code and/or adjust the licensing conditions notice
+accordingly.
diff --git a/options/license/TekHVC b/options/license/TekHVC
new file mode 100644
index 0000000000..6a3958717a
--- /dev/null
+++ b/options/license/TekHVC
@@ -0,0 +1,34 @@
+Code and supporting documentation (c) Copyright 1990 1991 Tektronix, Inc.
+	All Rights Reserved
+
+This file is a component of an X Window System-specific implementation
+of Xcms based on the TekColor Color Management System.  TekColor is a
+trademark of Tektronix, Inc.  The term "TekHVC" designates a particular
+color space that is the subject of U.S. Patent No. 4,985,853 (equivalent
+foreign patents pending).  Permission is hereby granted to use, copy,
+modify, sell, and otherwise distribute this software and its
+documentation for any purpose and without fee, provided that:
+
+1. This copyright, permission, and disclaimer notice is reproduced in
+   all copies of this software and any modification thereof and in
+   supporting documentation;
+2. Any color-handling application which displays TekHVC color
+   cooordinates identifies these as TekHVC color coordinates in any
+   interface that displays these coordinates and in any associated
+   documentation;
+3. The term "TekHVC" is always used, and is only used, in association
+   with the mathematical derivations of the TekHVC Color Space,
+   including those provided in this file and any equivalent pathways and
+   mathematical derivations, regardless of digital (e.g., floating point
+   or integer) representation.
+
+Tektronix makes no representation about the suitability of this software
+for any purpose.  It is provided "as is" and with all faults.
+
+TEKTRONIX DISCLAIMS ALL WARRANTIES APPLICABLE TO THIS SOFTWARE,
+INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+PARTICULAR PURPOSE.  IN NO EVENT SHALL TEKTRONIX BE LIABLE FOR ANY
+SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
+RESULTING FROM LOSS OF USE, DATA, OR PROFITS, WHETHER IN AN ACTION OF
+CONTRACT, NEGLIGENCE, OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+CONNECTION WITH THE USE OR THE PERFORMANCE OF THIS SOFTWARE.
diff --git a/options/license/ThirdEye b/options/license/ThirdEye
new file mode 100644
index 0000000000..ce75b566e3
--- /dev/null
+++ b/options/license/ThirdEye
@@ -0,0 +1,7 @@
+(C) Copyright 1984 by Third Eye Software, Inc.
+
+Third Eye Software, Inc. grants reproduction and use rights to
+all parties, PROVIDED that this comment is maintained in the copy.
+
+Third Eye makes no claims about the applicability of this
+symbol table to a particular use.
diff --git a/options/license/Ubuntu-font-1.0 b/options/license/Ubuntu-font-1.0
new file mode 100644
index 0000000000..ae78a8f94e
--- /dev/null
+++ b/options/license/Ubuntu-font-1.0
@@ -0,0 +1,96 @@
+-------------------------------
+UBUNTU FONT LICENCE Version 1.0
+-------------------------------
+
+PREAMBLE
+This licence allows the licensed fonts to be used, studied, modified and
+redistributed freely. The fonts, including any derivative works, can be
+bundled, embedded, and redistributed provided the terms of this licence
+are met. The fonts and derivatives, however, cannot be released under
+any other licence. The requirement for fonts to remain under this
+licence does not require any document created using the fonts or their
+derivatives to be published under this licence, as long as the primary
+purpose of the document is not to be a vehicle for the distribution of
+the fonts.
+
+DEFINITIONS
+"Font Software" refers to the set of files released by the Copyright
+Holder(s) under this licence and clearly marked as such. This may
+include source files, build scripts and documentation.
+
+"Original Version" refers to the collection of Font Software components
+as received under this licence.
+
+"Modified Version" refers to any derivative made by adding to, deleting,
+or substituting -- in part or in whole -- any of the components of the
+Original Version, by changing formats or by porting the Font Software to
+a new environment.
+
+"Copyright Holder(s)" refers to all individuals and companies who have a
+copyright ownership of the Font Software.
+
+"Substantially Changed" refers to Modified Versions which can be easily
+identified as dissimilar to the Font Software by users of the Font
+Software comparing the Original Version with the Modified Version.
+
+To "Propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification and with or without charging
+a redistribution fee), making available to the public, and in some
+countries other activities as well.
+
+PERMISSION & CONDITIONS
+This licence does not grant any rights under trademark law and all such
+rights are reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of the Font Software, to propagate the Font Software, subject to
+the below conditions:
+
+1) Each copy of the Font Software must contain the above copyright
+notice and this licence. These can be included either as stand-alone
+text files, human-readable headers or in the appropriate machine-
+readable metadata fields within text or binary files as long as those
+fields can be easily viewed by the user.
+
+2) The font name complies with the following:
+(a) The Original Version must retain its name, unmodified.
+(b) Modified Versions which are Substantially Changed must be renamed to
+avoid use of the name of the Original Version or similar names entirely.
+(c) Modified Versions which are not Substantially Changed must be
+renamed to both (i) retain the name of the Original Version and (ii) add
+additional naming elements to distinguish the Modified Version from the
+Original Version. The name of such Modified Versions must be the name of
+the Original Version, with "derivative X" where X represents the name of
+the new work, appended to that name.
+
+3) The name(s) of the Copyright Holder(s) and any contributor to the
+Font Software shall not be used to promote, endorse or advertise any
+Modified Version, except (i) as required by this licence, (ii) to
+acknowledge the contribution(s) of the Copyright Holder(s) or (iii) with
+their explicit written permission.
+
+4) The Font Software, modified or unmodified, in part or in whole, must
+be distributed entirely under this licence, and must not be distributed
+under any other licence. The requirement for fonts to remain under this
+licence does not affect any document created using the Font Software,
+except any version of the Font Software extracted from a document
+created using the Font Software may only be distributed under this
+licence.
+
+TERMINATION
+This licence becomes null and void if any of the above conditions are
+not met.
+
+DISCLAIMER
+THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF
+COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
+COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
+DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM OTHER
+DEALINGS IN THE FONT SOFTWARE.
diff --git a/options/license/UnRAR b/options/license/UnRAR
new file mode 100644
index 0000000000..645b6071c8
--- /dev/null
+++ b/options/license/UnRAR
@@ -0,0 +1,41 @@
+******    *****   ******   UnRAR - free utility for RAR archives
+ **   **  **   **  **   **  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ ******   *******  ******    License for use and distribution of
+ **   **  **   **  **   **   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ **   **  **   **  **   **         FREE portable version
+                                   ~~~~~~~~~~~~~~~~~~~~~
+
+      The source code of UnRAR utility is freeware. This means:
+
+   1. All copyrights to RAR and the utility UnRAR are exclusively
+      owned by the author - Alexander Roshal.
+
+   2. UnRAR source code may be used in any software to handle
+      RAR archives without limitations free of charge, but cannot be
+      used to develop RAR (WinRAR) compatible archiver and to
+      re-create RAR compression algorithm, which is proprietary.
+      Distribution of modified UnRAR source code in separate form
+      or as a part of other software is permitted, provided that
+      full text of this paragraph, starting from "UnRAR source code"
+      words, is included in license, or in documentation if license
+      is not available, and in source code comments of resulting package.
+
+   3. The UnRAR utility may be freely distributed. It is allowed
+      to distribute UnRAR inside of other software packages.
+
+   4. THE RAR ARCHIVER AND THE UnRAR UTILITY ARE DISTRIBUTED "AS IS".
+      NO WARRANTY OF ANY KIND IS EXPRESSED OR IMPLIED.  YOU USE AT 
+      YOUR OWN RISK. THE AUTHOR WILL NOT BE LIABLE FOR DATA LOSS, 
+      DAMAGES, LOSS OF PROFITS OR ANY OTHER KIND OF LOSS WHILE USING
+      OR MISUSING THIS SOFTWARE.
+
+   5. Installing and using the UnRAR utility signifies acceptance of
+      these terms and conditions of the license.
+
+   6. If you don't agree with terms of the license you must remove
+      UnRAR files from your storage devices and cease to use the
+      utility.
+
+      Thank you for your interest in RAR and UnRAR.
+
+                                            Alexander L. Roshal
diff --git a/options/license/Unlicense-libtelnet b/options/license/Unlicense-libtelnet
new file mode 100644
index 0000000000..18d1788030
--- /dev/null
+++ b/options/license/Unlicense-libtelnet
@@ -0,0 +1 @@
+The author or authors of this code dedicate any and all copyright interest in this code to the public domain. We make this dedication for the benefit of the public at large and to the detriment of our heirs and successors. We intend this dedication to be an overt act of relinquishment in perpetuity of all present and future rights to this code under copyright law.
diff --git a/options/license/Unlicense-libwhirlpool b/options/license/Unlicense-libwhirlpool
new file mode 100644
index 0000000000..11ead25c2d
--- /dev/null
+++ b/options/license/Unlicense-libwhirlpool
@@ -0,0 +1,8 @@
+This is free and unencumbered software released into the public domain.
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any means.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
diff --git a/options/license/Vixie-Cron b/options/license/Vixie-Cron
new file mode 100644
index 0000000000..3fefb02f27
--- /dev/null
+++ b/options/license/Vixie-Cron
@@ -0,0 +1,4 @@
+Copyright 1988,1990,1993 by Paul Vixie
+All rights reserved
+
+Distribute freely, except: don't remove my name from the source or documentation (don't take credit for my work), mark your changes (don't get me blamed for your possible bugs), don't alter or remove this notice. May be sold if buildable source is provided to buyer. No warrantee of any kind, express or implied, is included with this software; use at your own risk, responsibility for damages (if any) to anyone resulting from the use of this software rests entirely with the user.
diff --git a/options/license/WTFNMFPL b/options/license/WTFNMFPL
new file mode 100644
index 0000000000..e76917a9bc
--- /dev/null
+++ b/options/license/WTFNMFPL
@@ -0,0 +1,17 @@
+DO WHAT THE FUCK YOU WANT TO BUT IT'S NOT MY FAULT PUBLIC LICENSE
+                    Version 1, October 2013
+
+ Copyright (C) 2013 Ben McGinnes <ben@adversary.org>
+
+ Everyone is permitted to copy and distribute verbatim or modified
+ copies of this license document, and changing it is allowed as long
+ as the name is changed.
+
+   DO WHAT THE FUCK YOU WANT TO BUT IT'S NOT MY FAULT PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. You just DO WHAT THE FUCK YOU WANT TO.
+
+  1. Do not hold the author(s), creator(s), developer(s) or
+     distributor(s) liable for anything that happens or goes wrong
+     with your use of the work.
diff --git a/options/license/WordNet b/options/license/WordNet
new file mode 100644
index 0000000000..b937fa5cb3
--- /dev/null
+++ b/options/license/WordNet
@@ -0,0 +1,12 @@
+WordNet Release 3.0
+This software and database is being provided to you, the LICENSEE, by Princeton University under the following license.
+
+By obtaining, using and/or copying this software and database, you agree that you have read, understood, and will comply with these terms and conditions.:
+
+Permission to use, copy, modify and distribute this software and database and its documentation for any purpose and without fee or royalty is hereby granted, provided that you agree to comply with the following copyright notice and statements, including the disclaimer, and that the same appear on ALL copies of the software, database and documentation, including modifications that you make for internal use or for distribution.
+
+WordNet 3.0 Copyright 2006 by Princeton University. All rights reserved.
+
+THIS SOFTWARE AND DATABASE IS PROVIDED "AS IS" AND PRINCETON UNIVERSITY MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PRINCETON UNIVERSITY MAKES NO REPRESENTATIONS OR WARRANTIES OF MERCHANT- ABILITY OR FITNESS FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF THE LICENSED SOFTWARE, DATABASE OR DOCUMENTATION WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS.
+
+The name of Princeton University or Princeton may not be used in advertising or publicity pertaining to distribution of the software and/or database. Title to copyright in this software, database and any associated documentation shall at all times remain with Princeton University and LICENSEE agrees to preserve same.
diff --git a/options/license/X11-no-permit-persons b/options/license/X11-no-permit-persons
new file mode 100644
index 0000000000..504b2eb7bd
--- /dev/null
+++ b/options/license/X11-no-permit-persons
@@ -0,0 +1,23 @@
+Copyright (c) 1991, 1997 Digital Equipment Corporation, Maynard, Massachusetts.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software.
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+DIGITAL EQUIPMENT CORPORATION BE LIABLE FOR ANY CLAIM, DAMAGES, INCLUDING,
+BUT NOT LIMITED TO CONSEQUENTIAL OR INCIDENTAL DAMAGES, OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
+IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of Digital Equipment Corporation
+shall not be used in advertising or otherwise to promote the sale, use or other
+dealings in this Software without prior written authorization from Digital
+Equipment Corporation.
diff --git a/options/license/X11-swapped b/options/license/X11-swapped
new file mode 100644
index 0000000000..b023bd546e
--- /dev/null
+++ b/options/license/X11-swapped
@@ -0,0 +1,23 @@
+Copyright (c) 2008-2010 Derick Eddington.  All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+Except as contained in this notice, the name(s) of the above copyright
+holders shall not be used in advertising or otherwise to promote the sale,
+use or other dealings in this Software without prior written authorization.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
+THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
diff --git a/options/license/any-OSI-perl-modules b/options/license/any-OSI-perl-modules
new file mode 100644
index 0000000000..108db04581
--- /dev/null
+++ b/options/license/any-OSI-perl-modules
@@ -0,0 +1,11 @@
+This software may be redistributed under the terms of the GPL, LGPL,
+modified BSD, or Artistic license, or any of the other OSI approved
+licenses listed at http://www.opensource.org/licenses/alphabetical.
+Distribution is allowed under all of these licenses, or any smaller
+subset of multiple or just one of these licenses.
+
+When using a packaged version, please refer to the package metadata to see
+under which license terms it was distributed. Alternatively, a distributor
+may choose to replace the LICENSE section of the documentation and/or
+include a LICENSE file to reflect the license(s) they chose to redistribute
+under.
diff --git a/options/license/erlang-otp-linking-exception b/options/license/erlang-otp-linking-exception
new file mode 100644
index 0000000000..ca8b775480
--- /dev/null
+++ b/options/license/erlang-otp-linking-exception
@@ -0,0 +1,11 @@
+If you modify this Program, or any covered work, by linking or
+combining it with runtime libraries of Erlang/OTP as released by
+Ericsson on https://www.erlang.org (or a modified version of these
+libraries), containing parts covered by the terms of the Erlang Public
+License (https://www.erlang.org/EPLICENSE), the licensors of this
+Program grant you additional permission to convey the resulting work
+without the need to license the runtime libraries of Erlang/OTP under
+the GNU Affero General Public License. Corresponding Source for a
+non-source form of such a combination shall include the source code
+for the parts of the runtime libraries of Erlang/OTP used as well as
+that of the covered work.
diff --git a/options/license/generic-xts b/options/license/generic-xts
new file mode 100644
index 0000000000..bf08a2b421
--- /dev/null
+++ b/options/license/generic-xts
@@ -0,0 +1,17 @@
+Copyright (C) 2008, Damien Miller
+Copyright (C) 2011, Alex Hornung
+
+Permission to use, copy, and modify this software with or without fee
+is hereby granted, provided that this entire notice is included in
+all copies of any software which is or includes a copy or
+modification of this software.
+You may use this code under the GNU public license if you so wish. Please
+contribute changes back to the authors under this freer than GPL license
+so that we may further the use of strong encryption without limitations to
+all.
+
+THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+PURPOSE.
diff --git a/options/license/harbour-exception b/options/license/harbour-exception
new file mode 100644
index 0000000000..25d75e9fc7
--- /dev/null
+++ b/options/license/harbour-exception
@@ -0,0 +1,23 @@
+As a special exception, the Harbour Project gives permission for
+additional uses of the text contained in its release of Harbour.
+
+The exception is that, if you link the Harbour libraries with other
+files to produce an executable, this does not by itself cause the
+resulting executable to be covered by the GNU General Public License.
+Your use of that executable is in no way restricted on account of
+linking the Harbour library code into it.
+
+This exception does not however invalidate any other reasons why
+the executable file might be covered by the GNU General Public License.
+
+This exception applies only to the code released by the Harbour
+Project under the name Harbour.  If you copy code from other
+Harbour Project or Free Software Foundation releases into a copy of
+Harbour, as the General Public License permits, the exception does
+not apply to the code that you add in this way.  To avoid misleading
+anyone as to the status of such modified files, you must delete
+this exception notice from them.
+
+If you write modifications of your own for Harbour, it is your choice
+whether to permit this exception to apply to your modifications.
+If you do not wish that, delete this exception notice.
diff --git a/options/license/hyphen-bulgarian b/options/license/hyphen-bulgarian
new file mode 100644
index 0000000000..6642d1c676
--- /dev/null
+++ b/options/license/hyphen-bulgarian
@@ -0,0 +1,8 @@
+This software may be used, modified, copied, distributed, and sold,
+both in source and binary form provided that the above copyright
+notice and these terms are retained. The name of the author may not
+be used to endorse or promote products derived from this software
+without prior permission.  THIS SOFTWARE IS PROVIDES "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES ARE DISCLAIMED.  IN NO EVENT
+SHALL THE AUTHOR BE LIABLE FOR ANY DAMAGES ARISING IN ANY WAY OUT
+OF THE USE OF THIS SOFTWARE.
diff --git a/options/license/jove b/options/license/jove
new file mode 100644
index 0000000000..edcc31667a
--- /dev/null
+++ b/options/license/jove
@@ -0,0 +1,4 @@
+This program is Copyright (C) 1986-2002 by Jonathan Payne.  JOVE is
+provided by Jonathan and Jovehacks without charge and without
+warranty.  You may copy, modify, and/or distribute JOVE, provided that
+this notice is included in all the source files and documentation.
diff --git a/options/license/kvirc-openssl-exception b/options/license/kvirc-openssl-exception
new file mode 100644
index 0000000000..beb605b8bd
--- /dev/null
+++ b/options/license/kvirc-openssl-exception
@@ -0,0 +1,30 @@
+                       _OpenSSL Exception_
+
+0. Definitions
+
+"KVIrc" means KVIrc software licensed under version 2 or any later
+version of the GNU General Public License (collectively, "GPL"), or a
+work based on such software and licensed under the GPL.
+
+"OpenSSL" means OpenSSL toolkit software distributed by the OpenSSL
+Project and licensed under the OpenSSL Licenses, or a work based on such
+software and licensed under the OpenSSL Licenses.
+
+"OpenSSL Licenses" means the OpenSSL License and Original SSLeay License
+under which the OpenSSL Project distributes the OpenSSL toolkit software,
+as those licenses appear in the file LICENSE-OPENSSL.
+
+1. Exception
+
+You have permission to copy, modify, propagate, and distribute a work
+formed by combining OpenSSL with KVIrc, or a work derivative of such a
+combination, even if such copying, modification, propagation, or
+distribution would otherwise violate the terms of the GPL. You must
+comply with the GPL in all respects for all of the code used other than
+OpenSSL.
+
+You may include this OpenSSL Exception and its grant of permissions when
+you distribute KVIrc. Inclusion of this notice with such a
+distribution constitutes a grant of such permission. If you do not wish
+to grant these permissions, remove this section entitled "OpenSSL
+Exception" from your distribution.
diff --git a/options/license/libpng-1.6.35 b/options/license/libpng-1.6.35
new file mode 100644
index 0000000000..cf3b98dfdb
--- /dev/null
+++ b/options/license/libpng-1.6.35
@@ -0,0 +1,96 @@
+PNG Reference Library License version 1 (for libpng 0.5 through 1.6.35)
+-----------------------------------------------------------------------
+
+libpng versions 1.0.7, July 1, 2000, through 1.6.35, July 15, 2018 are
+Copyright (c) 2000-2002, 2004, 2006-2018 Glenn Randers-Pehrson, are
+derived from libpng-1.0.6, and are distributed according to the same
+disclaimer and license as libpng-1.0.6 with the following individuals
+added to the list of Contributing Authors:
+
+    Simon-Pierre Cadieux
+    Eric S. Raymond
+    Mans Rullgard
+    Cosmin Truta
+    Gilles Vollant
+    James Yu
+    Mandar Sahastrabuddhe
+    Google Inc.
+    Vadim Barkov
+
+and with the following additions to the disclaimer:
+
+    There is no warranty against interference with your enjoyment of
+    the library or against infringement.  There is no warranty that our
+    efforts or the library will fulfill any of your particular purposes
+    or needs.  This library is provided with all faults, and the entire
+    risk of satisfactory quality, performance, accuracy, and effort is
+    with the user.
+
+Some files in the "contrib" directory and some configure-generated
+files that are distributed with libpng have other copyright owners, and
+are released under other open source licenses.
+
+libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are
+Copyright (c) 1998-2000 Glenn Randers-Pehrson, are derived from
+libpng-0.96, and are distributed according to the same disclaimer and
+license as libpng-0.96, with the following individuals added to the
+list of Contributing Authors:
+
+    Tom Lane
+    Glenn Randers-Pehrson
+    Willem van Schaik
+
+libpng versions 0.89, June 1996, through 0.96, May 1997, are
+Copyright (c) 1996-1997 Andreas Dilger, are derived from libpng-0.88,
+and are distributed according to the same disclaimer and license as
+libpng-0.88, with the following individuals added to the list of
+Contributing Authors:
+
+    John Bowler
+    Kevin Bracey
+    Sam Bushell
+    Magnus Holmgren
+    Greg Roelofs
+    Tom Tanner
+
+Some files in the "scripts" directory have other copyright owners,
+but are released under this license.
+
+libpng versions 0.5, May 1995, through 0.88, January 1996, are
+Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
+
+For the purposes of this copyright and license, "Contributing Authors"
+is defined as the following set of individuals:
+
+    Andreas Dilger
+    Dave Martindale
+    Guy Eric Schalnat
+    Paul Schmidt
+    Tim Wegner
+
+The PNG Reference Library is supplied "AS IS".  The Contributing
+Authors and Group 42, Inc. disclaim all warranties, expressed or
+implied, including, without limitation, the warranties of
+merchantability and of fitness for any purpose.  The Contributing
+Authors and Group 42, Inc. assume no liability for direct, indirect,
+incidental, special, exemplary, or consequential damages, which may
+result from the use of the PNG Reference Library, even if advised of
+the possibility of such damage.
+
+Permission is hereby granted to use, copy, modify, and distribute this
+source code, or portions hereof, for any purpose, without fee, subject
+to the following restrictions:
+
+ 1. The origin of this source code must not be misrepresented.
+
+ 2. Altered versions must be plainly marked as such and must not
+    be misrepresented as being the original source.
+
+ 3. This Copyright notice may not be removed or altered from any
+    source or altered source distribution.
+
+The Contributing Authors and Group 42, Inc. specifically permit,
+without fee, and encourage the use of this source code as a component
+to supporting the PNG file format in commercial products.  If you use
+this source code in a product, acknowledgment is not required but would
+be appreciated.
diff --git a/options/license/man2html b/options/license/man2html
new file mode 100644
index 0000000000..42d61d3af5
--- /dev/null
+++ b/options/license/man2html
@@ -0,0 +1,2 @@
+Permission is granted to distribute, modify and use this program
+as long as this comment is not removed or changed.
diff --git a/options/license/mxml-exception b/options/license/mxml-exception
new file mode 100644
index 0000000000..32928e8dd6
--- /dev/null
+++ b/options/license/mxml-exception
@@ -0,0 +1,16 @@
+Mini-XML
+
+Copyright © 2003-2024 by Michael R Sweet
+
+
+(Optional) Exceptions to the Apache 2.0 License:
+================================================
+
+In addition, if you combine or link compiled forms of this Software with
+software that is licensed under the GPLv2 or LGPLv2 (“Combined Software”) and if
+a court of competent jurisdiction determines that the patent provision (Section
+3), the indemnity provision (Section 9) or other Section of the License
+conflicts with the conditions of the GPLv2 or LGPLv2, you may retroactively and
+prospectively choose to deem waived or otherwise exclude such Section(s) of the
+License, but only in their entirety and only with respect to the Combined
+Software.
diff --git a/options/license/ngrep b/options/license/ngrep
new file mode 100644
index 0000000000..6b970e466b
--- /dev/null
+++ b/options/license/ngrep
@@ -0,0 +1,38 @@
+Copyright (c) 2017 Jordan Ritter.  All rights reserved.
+
+Permission is granted to anyone to use this software for any purpose on
+any computer system, and to alter it and redistribute it, subject
+to the following restrictions:
+
+1. The origin of this software must not be misrepresented, either by
+   explicit claim or by omission.
+
+2. Altered versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.  Any altered version
+   must clearly and properly represent the origin of this software in
+   any accompanying documentation.
+
+3. All advertising materials which relate specifically to derivate
+   works of this software must display the following acknowledgement:
+   This product includes software developed by Jordan Ritter.
+
+4. The name of the Author may not be used to endorse or promote
+   products derived from this software without specific prior written
+   permission.
+
+5. This notice, and any references to this notice, in any original or
+   derived source distribution of or documentation for this software,
+   may not be removed or altered.
+
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/options/license/polyparse-exception b/options/license/polyparse-exception
new file mode 100644
index 0000000000..55ed918bb9
--- /dev/null
+++ b/options/license/polyparse-exception
@@ -0,0 +1,7 @@
+As a relaxation of clause 6 of the LGPL, the copyright holders of this
+library give permission to use, copy, link, modify, and distribute,
+binary-only object-code versions of an executable linked with the
+original unmodified Library, without requiring the supply of any
+mechanism to modify or replace the Library and relink (clauses 6a,
+6b, 6c, 6d, 6e), provided that all the other terms of clause 6 are
+complied with.
diff --git a/options/license/romic-exception b/options/license/romic-exception
new file mode 100644
index 0000000000..57def44818
--- /dev/null
+++ b/options/license/romic-exception
@@ -0,0 +1,6 @@
+Additional permission under the GNU Affero GPL version 3 section 7:
+
+If you modify this Program, or any covered work, by linking or
+combining it with other code, such other code is not for that reason
+alone subject to any of the requirements of the GNU Affero GPL
+version 3.
diff --git a/options/license/rsync-linking-exception b/options/license/rsync-linking-exception
new file mode 100644
index 0000000000..ddad55cb28
--- /dev/null
+++ b/options/license/rsync-linking-exception
@@ -0,0 +1,6 @@
+In addition, as a special exception, the copyright holders give
+permission to dynamically link rsync with the OpenSSL and xxhash
+libraries when those libraries are being distributed in compliance
+with their license terms, and to distribute a dynamically linked
+combination of rsync and these libraries.  This is also considered
+to be covered under the GPL's System Libraries exception.
diff --git a/options/license/wwl b/options/license/wwl
new file mode 100644
index 0000000000..12486ff638
--- /dev/null
+++ b/options/license/wwl
@@ -0,0 +1,5 @@
+db@FreeBSD.ORG wrote this file.  As long as you retain this notice you
+can do whatever you want with this code, except you may not
+license it under any form of the GPL.
+A postcard or QSL card showing me you appreciate
+this code would be nice. Diane Bruce va3db

From 8d6812df25b76095b9b6b97e733e991f38211c13 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Wed, 4 Mar 2026 00:36:54 +0100
Subject: [PATCH 403/854] fix(ui): use overflow:auto to avoid scrollbars when
 they are not needed (#11469)

Closes forgejo/forgejo#11407

I looked at related Gitea discussions for when it was implemented and it looks like what to use exactly for `overflow` was not discussed, the intention was just to have overflowing content scroll, not to have irrelevant scrollbars appear at all times.

- https://github.com/go-gitea/gitea/pull/31683
- https://github.com/go-gitea/gitea/issues/31667
- https://github.com/go-gitea/gitea/pull/26561

But with `max-height` restrictions that are in place only horizontal scrollbars are ever needed on demand. Vertical ones are not needed. For this `auto` works much better than `scroll`.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11469
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 web_src/css/features/projects.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web_src/css/features/projects.css b/web_src/css/features/projects.css
index 1401916e73..3a1808dfe3 100644
--- a/web_src/css/features/projects.css
+++ b/web_src/css/features/projects.css
@@ -78,7 +78,7 @@
 .card-attachment-images {
   display: inline-block;
   white-space: nowrap;
-  overflow: scroll;
+  overflow: auto;
   cursor: default;
   text-align: center;
 }

From b21193ee5035892da2f64e2ecb94e27c2ef44974 Mon Sep 17 00:00:00 2001
From: nachtjasmin <nachtjasmin@posteo.de>
Date: Wed, 4 Mar 2026 00:45:38 +0100
Subject: [PATCH 404/854] chore: use `signal.NotifyContext` over custom
 implementation (#10311)

Go 1.16 added the signal.NotifyContext helper utility. `installSignals` could be further inlined in a future iteration, if needed.

When reading the [function documentation](https://pkg.go.dev/os/signal#NotifyContext), it becomes clear that this is doing the exact same thing as the old code.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10311
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: nachtjasmin <nachtjasmin@posteo.de>
Co-committed-by: nachtjasmin <nachtjasmin@posteo.de>
---
 cmd/cmd.go      | 22 +++-------------------
 cmd/cmd_test.go | 39 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 19 deletions(-)
 create mode 100644 cmd/cmd_test.go

diff --git a/cmd/cmd.go b/cmd/cmd.go
index 379609d294..a6e5d8fcfe 100644
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -1,4 +1,5 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
+// Copyright 2026 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 // Package cmd provides subcommands to the gitea binary - such as "web" or
@@ -89,26 +90,9 @@ If this is the intended configuration file complete the [database] section.`, se
 	return nil
 }
 
+// installSignals returns a context that's cancelled on the SIGINT and SIGTERM signals or if the passed ctx is cancelled.
 func installSignals(ctx context.Context) (context.Context, context.CancelFunc) {
-	ctx, cancel := context.WithCancel(ctx)
-	go func() {
-		// install notify
-		signalChannel := make(chan os.Signal, 1)
-
-		signal.Notify(
-			signalChannel,
-			syscall.SIGINT,
-			syscall.SIGTERM,
-		)
-		select {
-		case <-signalChannel:
-		case <-ctx.Done():
-		}
-		cancel()
-		signal.Reset()
-	}()
-
-	return ctx, cancel
+	return signal.NotifyContext(ctx, syscall.SIGINT, syscall.SIGTERM)
 }
 
 func setupConsoleLogger(level log.Level, colorize bool, out io.Writer) {
diff --git a/cmd/cmd_test.go b/cmd/cmd_test.go
new file mode 100644
index 0000000000..8e66cbdba1
--- /dev/null
+++ b/cmd/cmd_test.go
@@ -0,0 +1,39 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"runtime"
+	"syscall"
+	"testing"
+	"time"
+)
+
+func Test_installSignals(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		t.Skipf("Windows does not terminate in an awaitable manner")
+		return
+	}
+
+	for _, s := range []syscall.Signal{syscall.SIGTERM, syscall.SIGINT} {
+		t.Run(fmt.Sprintf("Context is terminated on %s", s), func(t *testing.T) {
+			// Register the signal handler. context.Background() is chosen deliberately,
+			// because unlike t.Context(), we can be sure that it's not cancelled by a
+			// different handler.
+			ctx, cancel := installSignals(context.Background())
+			t.Cleanup(cancel)
+
+			// Send the signal in the background.
+			go syscall.Kill(syscall.Getpid(), s)
+
+			select {
+			case <-time.Tick(time.Second * 10):
+				t.Fatalf("Context not cancelled via signal after 10 seconds")
+			case <-ctx.Done():
+				t.Logf("Context was cancelled")
+			}
+		})
+	}
+}

From ad6ab32e96006c9eb0d1b29a0ad0509a1940221d Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Wed, 4 Mar 2026 15:20:24 +0100
Subject: [PATCH 405/854] chore(renovate): update config (#11490)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11490
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 .forgejo/renovate.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.forgejo/renovate.json b/.forgejo/renovate.json
index 0710f111b5..34c5c1f958 100644
--- a/.forgejo/renovate.json
+++ b/.forgejo/renovate.json
@@ -13,7 +13,8 @@
   ],
   "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths", "npmDedupe"],
   "prConcurrentLimit": 10,
-  "osvVulnerabilityAlerts": true,
+  "dependencyDashboardReportAbandonment": false,
+  "dependencyDashboardHeader": "This issue lists Renovate updates and detected dependencies. Read the [Dependency Dashboard](https://docs.renovatebot.com/key-concepts/dashboard/) docs to learn more.\n- [ ] <!-- manual job -->Check this box to trigger a request for Renovate to run again on this repository\n",
   "automergeStrategy": "squash",
   "labels": ["dependency-upgrade", "test/not-needed"],
   "packageRules": [

From 5207594b63de3dd811e5354be9261653d29abae5 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Wed, 4 Mar 2026 16:16:12 +0100
Subject: [PATCH 406/854] chore: update license test (#11485)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11485
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 modules/repository/license_test.go | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/modules/repository/license_test.go b/modules/repository/license_test.go
index 3195f15dda..5bd3846d61 100644
--- a/modules/repository/license_test.go
+++ b/modules/repository/license_test.go
@@ -33,11 +33,20 @@ func Test_getLicense(t *testing.T) {
 
 Copyright (c) 2023 Gitea
 
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+associated documentation files (the "Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
+following conditions:
 
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all copies or substantial
+portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
+EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+USE OR OTHER DEALINGS IN THE SOFTWARE.
 `,
 			wantErr: require.NoError,
 		},

From 0dd594baca505116ac36f2586e2e9772a7c3f13c Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 4 Mar 2026 16:16:46 +0100
Subject: [PATCH 407/854] Update github.com/cloudflare/circl (indirect) to
 v1.6.3 [SECURITY] (forgejo) (#11492)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11492
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 35bcee5fd3..eca472bfe7 100644
--- a/go.mod
+++ b/go.mod
@@ -156,7 +156,7 @@ require (
 	github.com/caddyserver/zerossl v0.1.3 // indirect
 	github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
-	github.com/cloudflare/circl v1.6.1 // indirect
+	github.com/cloudflare/circl v1.6.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/davidmz/go-pageant v1.0.2 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
diff --git a/go.sum b/go.sum
index c044d6da5e..31cb529327 100644
--- a/go.sum
+++ b/go.sum
@@ -182,8 +182,8 @@ github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObk
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0=
-github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs=
+github.com/cloudflare/circl v1.6.3 h1:9GPOhQGF9MCYUeXyMYlqTR6a5gTrgR/fBLXvUgtVcg8=
+github.com/cloudflare/circl v1.6.3/go.mod h1:2eXP6Qfat4O/Yhh8BznvKnJ+uzEoTQ6jVKJRn81BiS4=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

From 99984dac4dce5b95bcc3529e3220882734e197a7 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 4 Mar 2026 16:17:41 +0100
Subject: [PATCH 408/854] feat: remove admin-level permissions from
 repo-specific & public-only access tokens (#11468)

This PR is part of a series (#11311).

If the user authenticating to an API call is a Forgejo site administrator, or a Forgejo repo administrator, a wide variety of permission and ownership checks in the API are either bypassed, or are bypassable.  If a user has created an access token with restricted resources, I understand the intent of the user is to create a token which has a layer of risk reduction in the event that the token is lost/leaked to an attacker.  For this reason, it makes sense to me that restricted scope access tokens shouldn't inherit the owner's administrator access.

My intent is that repo-specific access tokens [will only be able to access specific authorization scopes](https://codeberg.org/forgejo/design/issues/50#issuecomment-11093951), probably: `repository:read`, `repository:write`, `issue:read`, `issue:write`, (`organization:read` / `user:read` maybe).  This means that *most* admin access is not intended to be affected by this because repo-specific access tokens won't have, for example, `admin:write` scope.  However, administrative access still grants elevated permissions in some areas that are relevant to these scopes, and need to be restricted:

- The `?sudo=otheruser` query parameter allows site administrators to impersonate other users in the API.
- Repository management rules are different for a site administrator, allowing them to create repos for another user, create repos in another organization, migrate a repository to an arbitrary owner, and transfer a repository to a prviate organization.
- Administrators have access to extra data through some APIs which would be in scope: the detailed configuration of branch protection rules, the some details of repository deploy keys (which repo, and which scope -- seems odd), (user:read -- user SSH keys, activity feeds of private users, user profiles of private users, user webhook configurations).
- Pull request reviews have additional perms for repo administrators, including the ability to dismiss PR reviews, delete PR reviews, and view draft PR reviews.
- Repo admins and site admins can comment on locked issues, and related to comments can edit or delete other user's comments and attachments.
- Repo admins can manage and view logged time on behalf of other users.

A handful of these permissions may make sense for repo-specific access tokens, but most of them clearly exceed the risk that would be expected from creating a limited scope access token.  I'd generally prefer to take a restrictive approach, and we can relax it if real-world use-cases come in -- users will have a workaround of creating an access token without repo-specific restrictions if they are blocked from needed access.

**Breaking:** The administration restrictions introduced in this PR affect both repo-specific access tokens, and existing public-only access tokens.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
    - Although repo-specific access tokens are not yet exposed to end users, the breaking changes to public-only tokens will be visible to users and require release notes.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11468
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .semgrep/config/auth.yaml                     |  33 +++
 routers/api/packages/helper/helper.go         |   2 +-
 .../TestReducer}/access_token.yml             |   0
 routers/api/{v1 => shared}/main_test.go       |   2 +-
 routers/api/shared/middleware.go              |  33 ++-
 routers/api/shared/middleware_test.go         | 227 ++++++++++++++-
 routers/api/v1/api.go                         |  29 +-
 routers/api/v1/api_test.go                    | 266 ------------------
 routers/api/v1/notify/threads.go              |   2 +-
 routers/api/v1/org/member.go                  |   2 +-
 routers/api/v1/org/org.go                     |   6 +-
 routers/api/v1/org/team.go                    |   4 +-
 routers/api/v1/repo/branch.go                 |   6 +-
 routers/api/v1/repo/issue_comment.go          |   2 +-
 routers/api/v1/repo/issue_subscription.go     |   2 +-
 routers/api/v1/repo/issue_tracked_time.go     |  10 +-
 routers/api/v1/repo/key.go                    |   4 +-
 routers/api/v1/repo/migrate.go                |   2 +-
 routers/api/v1/repo/pull_review.go            |   6 +-
 routers/api/v1/repo/repo.go                   |   8 +-
 routers/api/v1/repo/transfer.go               |   2 +-
 routers/api/v1/user/hook.go                   |   2 +-
 routers/api/v1/user/key.go                    |   6 +-
 routers/api/v1/user/repo.go                   |   2 +-
 routers/api/v1/user/user.go                   |   2 +-
 services/context/api.go                       |   6 +
 services/context/api_test.go                  |  79 ++++++
 tests/integration/api_admin_test.go           |  37 +++
 .../api_issue_tracked_time_test.go            |  50 ++++
 29 files changed, 483 insertions(+), 349 deletions(-)
 rename routers/api/{v1/TestTokenRequiresScopes => shared/TestReducer}/access_token.yml (100%)
 rename routers/api/{v1 => shared}/main_test.go (93%)
 delete mode 100644 routers/api/v1/api_test.go

diff --git a/.semgrep/config/auth.yaml b/.semgrep/config/auth.yaml
index fdd0a5cf72..09dacf28c1 100644
--- a/.semgrep/config/auth.yaml
+++ b/.semgrep/config/auth.yaml
@@ -76,3 +76,36 @@ rules:
     paths:
       include:
         - "/routers/api/**/*.go"
+
+  - id: forgejo-api-direct-IsAdmin-check
+    patterns:
+      - pattern: |
+          ctx.Doer.IsAdmin
+    languages:
+      - go
+    message: |
+      ctx.Doer.IsAdmin does not take into account limited API access tokens.  Use ctx.IsUserSiteAdmin() instead.
+    fix: |
+      ctx.IsUserSiteAdmin()
+    severity: ERROR
+    paths:
+      include:
+        - "/routers/api/**/*.go"
+
+  - id: forgejo-api-direct-repo-Admin-check
+    patterns:
+      - pattern: |
+          ctx.Repo.IsAdmin()
+      - pattern: |
+          ctx.Repo.IsOwner()
+    languages:
+      - go
+    message: |
+      ctx.Repo.IsAdmin/IsOwner() does not take into account limited API access tokens.  Use ctx.IsUserRepoAdmin() instead.
+    fix: |
+      ctx.IsUserRepoAdmin()
+    severity: ERROR
+    paths:
+      include:
+        - "/routers/api/**/*.go"
+
diff --git a/routers/api/packages/helper/helper.go b/routers/api/packages/helper/helper.go
index 47d1f18623..7d82571b68 100644
--- a/routers/api/packages/helper/helper.go
+++ b/routers/api/packages/helper/helper.go
@@ -28,7 +28,7 @@ func LogAndProcessError(ctx *context.Context, status int, obj any, cb func(strin
 		// LogAndProcessError is always wrapped in a `apiError` call, so we need to skip two frames
 		log.ErrorWithSkip(2, message)
 
-		if setting.IsProd && (ctx.Doer == nil || !ctx.Doer.IsAdmin) {
+		if setting.IsProd && (ctx.Doer == nil || !ctx.IsUserSiteAdmin()) {
 			message = ""
 		}
 	} else {
diff --git a/routers/api/v1/TestTokenRequiresScopes/access_token.yml b/routers/api/shared/TestReducer/access_token.yml
similarity index 100%
rename from routers/api/v1/TestTokenRequiresScopes/access_token.yml
rename to routers/api/shared/TestReducer/access_token.yml
diff --git a/routers/api/v1/main_test.go b/routers/api/shared/main_test.go
similarity index 93%
rename from routers/api/v1/main_test.go
rename to routers/api/shared/main_test.go
index 7553b68bfd..a328ac53cb 100644
--- a/routers/api/v1/main_test.go
+++ b/routers/api/shared/main_test.go
@@ -1,7 +1,7 @@
 // Copyright 2026 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
-package v1
+package shared
 
 import (
 	"testing"
diff --git a/routers/api/shared/middleware.go b/routers/api/shared/middleware.go
index efd252728e..f657dae026 100644
--- a/routers/api/shared/middleware.go
+++ b/routers/api/shared/middleware.go
@@ -35,7 +35,8 @@ func Middlewares() (stack []any) {
 
 		checkDeprecatedAuthMethods,
 		// Get user from session if logged in.
-		apiAuth(buildAuthGroup()),
+		apiAuthentication(buildAuthGroup()),
+		apiAuthorization,
 		verifyAuthWithOptions(&common.VerifyOptions{
 			SignInRequired: setting.Service.RequireSignInView,
 		}),
@@ -55,7 +56,7 @@ func buildAuthGroup() *auth.Group {
 	return group
 }
 
-func apiAuth(authMethod auth.Method) func(*context.APIContext) {
+func apiAuthentication(authMethod auth.Method) func(*context.APIContext) {
 	return func(ctx *context.APIContext) {
 		ar, err := common.AuthShared(ctx.Base, nil, authMethod)
 		if err != nil {
@@ -65,8 +66,30 @@ func apiAuth(authMethod auth.Method) func(*context.APIContext) {
 		ctx.Doer = ar.Doer
 		ctx.IsSigned = ar.Doer != nil
 		ctx.IsBasicAuth = ar.IsBasicAuth
-		if ctx.Reducer == nil {
-			// Ensure ctx.Reducer isn't nil, but has no impact:
+	}
+}
+
+func apiAuthorization(ctx *context.APIContext) {
+	scope, scopeExists := ctx.Data["ApiTokenScope"].(auth_model.AccessTokenScope)
+	if scopeExists {
+		publicOnly, err := scope.PublicOnly()
+		if err != nil {
+			ctx.Error(http.StatusForbidden, "tokenRequiresScope", "parsing public resource scope failed: "+err.Error())
+			return
+		}
+		ctx.PublicOnly = publicOnly
+	}
+
+	reducer, reducerExists := ctx.Data["ApiTokenReducer"].(authz.AuthorizationReducer)
+	if reducerExists {
+		ctx.Reducer = reducer
+	} else {
+		// No "ApiTokenReducer" will be populated if the auth method wasn't an PAT.  In this case, we populate
+		// `ctx.Reducer` so no nil checks are needed, and we respect the scope `PublicOnly()` so that it it's safe to
+		// just rely on `ctx.Reducer` to account for public-only access:
+		if ctx.PublicOnly {
+			ctx.Reducer = &authz.PublicReposAuthorizationReducer{}
+		} else {
 			ctx.Reducer = &authz.AllAccessAuthorizationReducer{}
 		}
 	}
@@ -143,7 +166,7 @@ func verifyAuthWithOptions(options *common.VerifyOptions) func(ctx *context.APIC
 		}
 
 		if options.AdminRequired {
-			if !ctx.Doer.IsAdmin {
+			if !ctx.IsUserSiteAdmin() {
 				ctx.JSON(http.StatusForbidden, map[string]string{
 					"message": "You have no permission to request for this.",
 				})
diff --git a/routers/api/shared/middleware_test.go b/routers/api/shared/middleware_test.go
index 3c5fc4d00d..52771eb0e7 100644
--- a/routers/api/shared/middleware_test.go
+++ b/routers/api/shared/middleware_test.go
@@ -5,21 +5,33 @@ package shared
 
 import (
 	"bytes"
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"testing"
+	"time"
 
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
+	"forgejo.org/models/unittest"
 	"forgejo.org/modules/json"
+	"forgejo.org/modules/jwtx"
+	"forgejo.org/modules/test"
 	"forgejo.org/modules/web"
 	"forgejo.org/routers/common"
+	"forgejo.org/services/auth/source/oauth2"
 	"forgejo.org/services/authz"
 	"forgejo.org/services/context"
 
+	"github.com/golang-jwt/jwt/v5"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
 func TestReducer(t *testing.T) {
+	defer unittest.OverrideFixtures("routers/api/shared/TestReducer")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
 	makeRecorder := func() *httptest.ResponseRecorder {
 		buff := bytes.NewBufferString("")
 		recorder := httptest.NewRecorder()
@@ -32,9 +44,11 @@ func TestReducer(t *testing.T) {
 	r.Use(Middlewares()...)
 
 	type ReducerInfo struct {
-		IsSigned    bool
-		IsNil       bool
-		IsAllAccess bool
+		IsSigned         bool
+		IsNil            bool
+		IsAllAccess      bool
+		IsPublicAccess   bool
+		IsSpecificAccess bool
 	}
 
 	r.Get("/api/test", func(ctx *context.APIContext) {
@@ -46,23 +60,206 @@ func TestReducer(t *testing.T) {
 		_, isAllAccess := ctx.Reducer.(*authz.AllAccessAuthorizationReducer)
 		retval.IsAllAccess = isAllAccess
 
+		_, isPublicAccess := ctx.Reducer.(*authz.PublicReposAuthorizationReducer)
+		retval.IsPublicAccess = isPublicAccess
+
+		_, isSpecificAccess := ctx.Reducer.(*authz.SpecificReposAuthorizationReducer)
+		retval.IsSpecificAccess = isSpecificAccess
+
 		ctx.JSON(http.StatusOK, retval)
 	})
 
-	// shared middleware ensures that `APIContext.Reducer` is not nil, and so that's the only test required in this
-	// package's scope -- an anonymous request and `Reducer` is not nil:
-	t.Run("anonymous", func(t *testing.T) {
-		recorder := makeRecorder()
-		req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+	t.Run("Basic Auth w/ PAT", func(t *testing.T) {
+		t.Run("unrestricted access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.SetBasicAuth("token", "4a0c970da8bf58408a8c22264b2ac1ff47dadcce")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.True(t, reducerInfo.IsAllAccess)
+			assert.False(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
+
+		t.Run("public-only access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.SetBasicAuth("token", "83909b5b978acc5620ae0c7b0e55b548da2e26b5")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.False(t, reducerInfo.IsAllAccess)
+			assert.True(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
+
+		t.Run("specific-repo access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.SetBasicAuth("token", "46088605ec804b43ebd15cef1b3f210c31b066dd")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.False(t, reducerInfo.IsAllAccess)
+			assert.False(t, reducerInfo.IsPublicAccess)
+			assert.True(t, reducerInfo.IsSpecificAccess)
+		})
+	})
+
+	t.Run("Token Auth", func(t *testing.T) {
+		t.Run("unrestricted access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.Header.Set("Authorization", "token 4a0c970da8bf58408a8c22264b2ac1ff47dadcce")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.True(t, reducerInfo.IsAllAccess)
+			assert.False(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
+
+		t.Run("public-only access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.Header.Set("Authorization", "token 83909b5b978acc5620ae0c7b0e55b548da2e26b5")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.False(t, reducerInfo.IsAllAccess)
+			assert.True(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
+
+		t.Run("specific-repo access token", func(t *testing.T) {
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.Header.Set("Authorization", "token 46088605ec804b43ebd15cef1b3f210c31b066dd")
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.False(t, reducerInfo.IsAllAccess)
+			assert.False(t, reducerInfo.IsPublicAccess)
+			assert.True(t, reducerInfo.IsSpecificAccess)
+		})
+	})
+
+	t.Run("OAuth", func(t *testing.T) {
+		signingKey, err := jwtx.CreateSigningKey("HS256", make([]byte, 32))
 		require.NoError(t, err)
-		r.ServeHTTP(recorder, req)
-		assert.Equal(t, http.StatusOK, recorder.Code)
+		defer test.MockVariableValue(&oauth2.DefaultSigningKey, signingKey)()
 
-		var reducerInfo ReducerInfo
-		require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+		t.Run("unrestricted grant", func(t *testing.T) {
+			grant := &auth_model.OAuth2Grant{
+				UserID:        2,
+				ApplicationID: 100, // fake, but required here for unique constraint
+				Scope:         "write:repository",
+			}
+			_, err = db.GetEngine(t.Context()).Insert(grant)
+			require.NoError(t, err)
 
-		assert.False(t, reducerInfo.IsSigned)
-		assert.False(t, reducerInfo.IsNil)
-		assert.True(t, reducerInfo.IsAllAccess)
+			token := oauth2.Token{
+				GrantID: grant.ID,
+				Type:    oauth2.TypeAccessToken,
+				Counter: 100,
+				RegisteredClaims: jwt.RegisteredClaims{
+					IssuedAt:  jwt.NewNumericDate(time.Now().Add(-1 * time.Hour)),
+					ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
+				},
+			}
+			signed, err := token.SignToken(oauth2.DefaultSigningKey)
+			require.NoError(t, err)
+
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.Header.Set("Authorization", fmt.Sprintf("bearer %s", signed))
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.True(t, reducerInfo.IsAllAccess)
+			assert.False(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
+
+		t.Run("public-only grant", func(t *testing.T) {
+			grant := &auth_model.OAuth2Grant{
+				UserID:        2,
+				ApplicationID: 101, // fake, but required here for unique constraint
+				Scope:         "write:repository public-only",
+			}
+			_, err = db.GetEngine(t.Context()).Insert(grant)
+			require.NoError(t, err)
+
+			token := oauth2.Token{
+				GrantID: grant.ID,
+				Type:    oauth2.TypeAccessToken,
+				Counter: 100,
+				RegisteredClaims: jwt.RegisteredClaims{
+					IssuedAt:  jwt.NewNumericDate(time.Now().Add(-1 * time.Hour)),
+					ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
+				},
+			}
+			signed, err := token.SignToken(oauth2.DefaultSigningKey)
+			require.NoError(t, err)
+
+			recorder := makeRecorder()
+			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
+			req.Header.Set("Authorization", fmt.Sprintf("bearer %s", signed))
+			require.NoError(t, err)
+			r.ServeHTTP(recorder, req)
+			assert.Equal(t, http.StatusOK, recorder.Code)
+
+			var reducerInfo ReducerInfo
+			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
+
+			assert.True(t, reducerInfo.IsSigned)
+			assert.False(t, reducerInfo.IsNil)
+			assert.False(t, reducerInfo.IsAllAccess)
+			assert.True(t, reducerInfo.IsPublicAccess)
+			assert.False(t, reducerInfo.IsSpecificAccess)
+		})
 	})
 }
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index b680dd50ac..ce013e7fdb 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -86,7 +86,6 @@ import (
 	"forgejo.org/routers/api/v1/user"
 	"forgejo.org/services/actions"
 	"forgejo.org/services/auth"
-	"forgejo.org/services/authz"
 	"forgejo.org/services/context"
 	"forgejo.org/services/forms"
 	redirect_service "forgejo.org/services/redirect"
@@ -105,7 +104,7 @@ func sudo() func(ctx *context.APIContext) {
 		}
 
 		if len(sudo) > 0 {
-			if ctx.IsSigned && ctx.Doer.IsAdmin {
+			if ctx.IsSigned && ctx.IsUserSiteAdmin() {
 				user, err := user_model.GetUserByName(ctx, sudo)
 				if err != nil {
 					if user_model.IsErrUserNotExist(err) {
@@ -356,30 +355,6 @@ func tokenRequiresScopes(requiredScopeCategories ...auth_model.AccessTokenScopeC
 		}
 
 		ctx.Data["requiredScopeCategories"] = requiredScopeCategories
-
-		// check if scope only applies to public resources
-		publicOnly, err := scope.PublicOnly()
-		if err != nil {
-			ctx.Error(http.StatusForbidden, "tokenRequiresScope", "parsing public resource scope failed: "+err.Error())
-			return
-		}
-
-		// assign to true so that those searching should only filter public repositories/users/organizations
-		ctx.PublicOnly = publicOnly
-
-		reducer, ok := ctx.Data["ApiTokenReducer"].(authz.AuthorizationReducer)
-		if ok {
-			ctx.Reducer = reducer
-		} else {
-			// No "ApiTokenReducer" will be populated if the auth method wasn't an PAT.  In this case, we populate
-			// `ctx.Reducer` so no nil checks are needed, and we respect the scope `PublicOnly()` so that it it's safe
-			// to just rely on `ctx.Reducer` to account for public-only access:
-			if ctx.PublicOnly {
-				ctx.Reducer = &authz.PublicReposAuthorizationReducer{}
-			} else {
-				ctx.Reducer = &authz.AllAccessAuthorizationReducer{}
-			}
-		}
 	}
 }
 
@@ -825,7 +800,7 @@ func individualPermsChecker(ctx *context.APIContext) {
 	if ctx.ContextUser.IsIndividual() {
 		switch ctx.ContextUser.Visibility {
 		case api.VisibleTypePrivate:
-			if ctx.Doer == nil || (ctx.ContextUser.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin) {
+			if ctx.Doer == nil || (ctx.ContextUser.ID != ctx.Doer.ID && !ctx.IsUserSiteAdmin()) {
 				ctx.NotFound("Visit Project", nil)
 				return
 			}
diff --git a/routers/api/v1/api_test.go b/routers/api/v1/api_test.go
deleted file mode 100644
index 4b6ae948f3..0000000000
--- a/routers/api/v1/api_test.go
+++ /dev/null
@@ -1,266 +0,0 @@
-// Copyright 2026 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: GPL-3.0-or-later
-
-package v1
-
-import (
-	"bytes"
-	"fmt"
-	"net/http"
-	"net/http/httptest"
-	"testing"
-	"time"
-
-	auth_model "forgejo.org/models/auth"
-	"forgejo.org/models/db"
-	"forgejo.org/models/unittest"
-	"forgejo.org/modules/json"
-	"forgejo.org/modules/jwtx"
-	"forgejo.org/modules/test"
-	"forgejo.org/modules/web"
-	"forgejo.org/routers/api/shared"
-	"forgejo.org/routers/common"
-	"forgejo.org/services/auth/source/oauth2"
-	"forgejo.org/services/authz"
-	"forgejo.org/services/context"
-
-	"github.com/golang-jwt/jwt/v5"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestTokenRequiresScopes(t *testing.T) {
-	defer unittest.OverrideFixtures("routers/api/v1/TestTokenRequiresScopes")()
-	require.NoError(t, unittest.PrepareTestDatabase())
-
-	makeRecorder := func() *httptest.ResponseRecorder {
-		buff := bytes.NewBufferString("")
-		recorder := httptest.NewRecorder()
-		recorder.Body = buff
-		return recorder
-	}
-
-	r := web.NewRoute()
-	r.Use(common.ProtocolMiddlewares()...)
-	r.Use(shared.Middlewares()...)
-
-	type ReducerInfo struct {
-		IsSigned         bool
-		IsNil            bool
-		IsAllAccess      bool
-		IsPublicAccess   bool
-		IsSpecificAccess bool
-	}
-
-	r.Get("/api/test", tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository), func(ctx *context.APIContext) {
-		retval := ReducerInfo{
-			IsSigned: ctx.IsSigned,
-			IsNil:    ctx.Reducer == nil,
-		}
-
-		_, isAllAccess := ctx.Reducer.(*authz.AllAccessAuthorizationReducer)
-		retval.IsAllAccess = isAllAccess
-
-		_, isPublicAccess := ctx.Reducer.(*authz.PublicReposAuthorizationReducer)
-		retval.IsPublicAccess = isPublicAccess
-
-		_, isSpecificAccess := ctx.Reducer.(*authz.SpecificReposAuthorizationReducer)
-		retval.IsSpecificAccess = isSpecificAccess
-
-		ctx.JSON(http.StatusOK, retval)
-	})
-
-	t.Run("Basic Auth w/ PAT", func(t *testing.T) {
-		t.Run("unrestricted access token", func(t *testing.T) {
-			recorder := makeRecorder()
-			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
-			req.SetBasicAuth("token", "4a0c970da8bf58408a8c22264b2ac1ff47dadcce")
-			require.NoError(t, err)
-			r.ServeHTTP(recorder, req)
-			assert.Equal(t, http.StatusOK, recorder.Code)
-
-			var reducerInfo ReducerInfo
-			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
-
-			assert.True(t, reducerInfo.IsSigned)
-			assert.False(t, reducerInfo.IsNil)
-			assert.True(t, reducerInfo.IsAllAccess)
-			assert.False(t, reducerInfo.IsPublicAccess)
-			assert.False(t, reducerInfo.IsSpecificAccess)
-		})
-
-		t.Run("public-only access token", func(t *testing.T) {
-			recorder := makeRecorder()
-			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
-			req.SetBasicAuth("token", "83909b5b978acc5620ae0c7b0e55b548da2e26b5")
-			require.NoError(t, err)
-			r.ServeHTTP(recorder, req)
-			assert.Equal(t, http.StatusOK, recorder.Code)
-
-			var reducerInfo ReducerInfo
-			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
-
-			assert.True(t, reducerInfo.IsSigned)
-			assert.False(t, reducerInfo.IsNil)
-			assert.False(t, reducerInfo.IsAllAccess)
-			assert.True(t, reducerInfo.IsPublicAccess)
-			assert.False(t, reducerInfo.IsSpecificAccess)
-		})
-
-		t.Run("specific-repo access token", func(t *testing.T) {
-			recorder := makeRecorder()
-			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
-			req.SetBasicAuth("token", "46088605ec804b43ebd15cef1b3f210c31b066dd")
-			require.NoError(t, err)
-			r.ServeHTTP(recorder, req)
-			assert.Equal(t, http.StatusOK, recorder.Code)
-
-			var reducerInfo ReducerInfo
-			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
-
-			assert.True(t, reducerInfo.IsSigned)
-			assert.False(t, reducerInfo.IsNil)
-			assert.False(t, reducerInfo.IsAllAccess)
-			assert.False(t, reducerInfo.IsPublicAccess)
-			assert.True(t, reducerInfo.IsSpecificAccess)
-		})
-	})
-
-	t.Run("Token Auth", func(t *testing.T) {
-		t.Run("unrestricted access token", func(t *testing.T) {
-			recorder := makeRecorder()
-			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
-			req.Header.Set("Authorization", "token 4a0c970da8bf58408a8c22264b2ac1ff47dadcce")
-			require.NoError(t, err)
-			r.ServeHTTP(recorder, req)
-			assert.Equal(t, http.StatusOK, recorder.Code)
-
-			var reducerInfo ReducerInfo
-			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
-
-			assert.True(t, reducerInfo.IsSigned)
-			assert.False(t, reducerInfo.IsNil)
-			assert.True(t, reducerInfo.IsAllAccess)
-			assert.False(t, reducerInfo.IsPublicAccess)
-			assert.False(t, reducerInfo.IsSpecificAccess)
-		})
-
-		t.Run("public-only access token", func(t *testing.T) {
-			recorder := makeRecorder()
-			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
-			req.Header.Set("Authorization", "token 83909b5b978acc5620ae0c7b0e55b548da2e26b5")
-			require.NoError(t, err)
-			r.ServeHTTP(recorder, req)
-			assert.Equal(t, http.StatusOK, recorder.Code)
-
-			var reducerInfo ReducerInfo
-			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
-
-			assert.True(t, reducerInfo.IsSigned)
-			assert.False(t, reducerInfo.IsNil)
-			assert.False(t, reducerInfo.IsAllAccess)
-			assert.True(t, reducerInfo.IsPublicAccess)
-			assert.False(t, reducerInfo.IsSpecificAccess)
-		})
-
-		t.Run("specific-repo access token", func(t *testing.T) {
-			recorder := makeRecorder()
-			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
-			req.Header.Set("Authorization", "token 46088605ec804b43ebd15cef1b3f210c31b066dd")
-			require.NoError(t, err)
-			r.ServeHTTP(recorder, req)
-			assert.Equal(t, http.StatusOK, recorder.Code)
-
-			var reducerInfo ReducerInfo
-			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
-
-			assert.True(t, reducerInfo.IsSigned)
-			assert.False(t, reducerInfo.IsNil)
-			assert.False(t, reducerInfo.IsAllAccess)
-			assert.False(t, reducerInfo.IsPublicAccess)
-			assert.True(t, reducerInfo.IsSpecificAccess)
-		})
-	})
-
-	t.Run("OAuth", func(t *testing.T) {
-		signingKey, err := jwtx.CreateSigningKey("HS256", make([]byte, 32))
-		require.NoError(t, err)
-		defer test.MockVariableValue(&oauth2.DefaultSigningKey, signingKey)()
-
-		t.Run("unrestricted grant", func(t *testing.T) {
-			grant := &auth_model.OAuth2Grant{
-				UserID:        2,
-				ApplicationID: 100, // fake, but required here for unique constraint
-				Scope:         "write:repository",
-			}
-			_, err = db.GetEngine(t.Context()).Insert(grant)
-			require.NoError(t, err)
-
-			token := oauth2.Token{
-				GrantID: grant.ID,
-				Type:    oauth2.TypeAccessToken,
-				Counter: 100,
-				RegisteredClaims: jwt.RegisteredClaims{
-					IssuedAt:  jwt.NewNumericDate(time.Now().Add(-1 * time.Hour)),
-					ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
-				},
-			}
-			signed, err := token.SignToken(oauth2.DefaultSigningKey)
-			require.NoError(t, err)
-
-			recorder := makeRecorder()
-			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
-			req.Header.Set("Authorization", fmt.Sprintf("bearer %s", signed))
-			require.NoError(t, err)
-			r.ServeHTTP(recorder, req)
-			assert.Equal(t, http.StatusOK, recorder.Code)
-
-			var reducerInfo ReducerInfo
-			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
-
-			assert.True(t, reducerInfo.IsSigned)
-			assert.False(t, reducerInfo.IsNil)
-			assert.True(t, reducerInfo.IsAllAccess)
-			assert.False(t, reducerInfo.IsPublicAccess)
-			assert.False(t, reducerInfo.IsSpecificAccess)
-		})
-
-		t.Run("public-only grant", func(t *testing.T) {
-			grant := &auth_model.OAuth2Grant{
-				UserID:        2,
-				ApplicationID: 101, // fake, but required here for unique constraint
-				Scope:         "write:repository public-only",
-			}
-			_, err = db.GetEngine(t.Context()).Insert(grant)
-			require.NoError(t, err)
-
-			token := oauth2.Token{
-				GrantID: grant.ID,
-				Type:    oauth2.TypeAccessToken,
-				Counter: 100,
-				RegisteredClaims: jwt.RegisteredClaims{
-					IssuedAt:  jwt.NewNumericDate(time.Now().Add(-1 * time.Hour)),
-					ExpiresAt: jwt.NewNumericDate(time.Now().Add(1 * time.Hour)),
-				},
-			}
-			signed, err := token.SignToken(oauth2.DefaultSigningKey)
-			require.NoError(t, err)
-
-			recorder := makeRecorder()
-			req, err := http.NewRequest("GET", "http://localhost:8000/api/test", nil)
-			req.Header.Set("Authorization", fmt.Sprintf("bearer %s", signed))
-			require.NoError(t, err)
-			r.ServeHTTP(recorder, req)
-			assert.Equal(t, http.StatusOK, recorder.Code)
-
-			var reducerInfo ReducerInfo
-			require.NoError(t, json.Unmarshal(recorder.Body.Bytes(), &reducerInfo))
-
-			assert.True(t, reducerInfo.IsSigned)
-			assert.False(t, reducerInfo.IsNil)
-			assert.False(t, reducerInfo.IsAllAccess)
-			assert.True(t, reducerInfo.IsPublicAccess)
-			assert.False(t, reducerInfo.IsSpecificAccess)
-		})
-	})
-}
diff --git a/routers/api/v1/notify/threads.go b/routers/api/v1/notify/threads.go
index 9f0e416698..2035bccfd8 100644
--- a/routers/api/v1/notify/threads.go
+++ b/routers/api/v1/notify/threads.go
@@ -112,7 +112,7 @@ func getThread(ctx *context.APIContext) *activities_model.Notification {
 		}
 		return nil
 	}
-	if n.UserID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
+	if n.UserID != ctx.Doer.ID && !ctx.IsUserSiteAdmin() {
 		ctx.Error(http.StatusForbidden, "GetNotificationByID", fmt.Errorf("only user itself and admin are allowed to read/change this thread %d", n.ID))
 		return nil
 	}
diff --git a/routers/api/v1/org/member.go b/routers/api/v1/org/member.go
index c6e67b2ab9..48785f1656 100644
--- a/routers/api/v1/org/member.go
+++ b/routers/api/v1/org/member.go
@@ -152,7 +152,7 @@ func IsMember(ctx *context.APIContext) {
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, "IsOrgMember", err)
 			return
-		} else if userIsMember || ctx.Doer.IsAdmin {
+		} else if userIsMember || ctx.IsUserSiteAdmin() {
 			userToCheckIsMember, err := ctx.Org.Organization.IsOrgMember(ctx, userToCheck.ID)
 			if err != nil {
 				ctx.Error(http.StatusInternalServerError, "IsOrgMember", err)
diff --git a/routers/api/v1/org/org.go b/routers/api/v1/org/org.go
index e69a24bc0b..a52095bcfe 100644
--- a/routers/api/v1/org/org.go
+++ b/routers/api/v1/org/org.go
@@ -27,7 +27,7 @@ import (
 
 func listUserOrgs(ctx *context.APIContext, u *user_model.User) {
 	listOptions := utils.GetListOptions(ctx)
-	showPrivate := ctx.IsSigned && (ctx.Doer.IsAdmin || ctx.Doer.ID == u.ID)
+	showPrivate := ctx.IsSigned && (ctx.IsUserSiteAdmin() || ctx.Doer.ID == u.ID)
 
 	opts := organization.FindOrgOptions{
 		ListOptions:    listOptions,
@@ -199,7 +199,7 @@ func GetAll(ctx *context.APIContext) {
 	vMode := []api.VisibleType{api.VisibleTypePublic}
 	if ctx.IsSigned && !ctx.PublicOnly {
 		vMode = append(vMode, api.VisibleTypeLimited)
-		if ctx.Doer.IsAdmin {
+		if ctx.IsUserSiteAdmin() {
 			vMode = append(vMode, api.VisibleTypePrivate)
 		}
 	}
@@ -483,7 +483,7 @@ func ListOrgActivityFeeds(ctx *context.APIContext) {
 
 	includePrivate := false
 	if ctx.IsSigned {
-		if ctx.Doer.IsAdmin {
+		if ctx.IsUserSiteAdmin() {
 			includePrivate = true
 		} else {
 			org := organization.OrgFromUser(ctx.ContextUser)
diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go
index 1fdaca02bd..489b22892a 100644
--- a/routers/api/v1/org/team.go
+++ b/routers/api/v1/org/team.go
@@ -405,7 +405,7 @@ func GetTeamMembers(ctx *context.APIContext) {
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "IsOrganizationMember", err)
 		return
-	} else if !isMember && !ctx.Doer.IsAdmin {
+	} else if !isMember && !ctx.IsUserSiteAdmin() {
 		ctx.NotFound()
 		return
 	}
@@ -822,7 +822,7 @@ func SearchTeam(ctx *context.APIContext) {
 	}
 
 	// Only admin is allowed to search for all teams
-	if !ctx.Doer.IsAdmin {
+	if !ctx.IsUserSiteAdmin() {
 		opts.UserID = ctx.Doer.ID
 	}
 
diff --git a/routers/api/v1/repo/branch.go b/routers/api/v1/repo/branch.go
index e043448590..88cefb78a6 100644
--- a/routers/api/v1/repo/branch.go
+++ b/routers/api/v1/repo/branch.go
@@ -79,7 +79,7 @@ func GetBranch(ctx *context.APIContext) {
 		return
 	}
 
-	br, err := convert.ToBranch(ctx, ctx.Repo.Repository, branch.Name, c, branchProtection, ctx.Doer, ctx.Repo.IsAdmin())
+	br, err := convert.ToBranch(ctx, ctx.Repo.Repository, branch.Name, c, branchProtection, ctx.Doer, ctx.IsUserRepoAdmin())
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "convert.ToBranch", err)
 		return
@@ -283,7 +283,7 @@ func CreateBranch(ctx *context.APIContext) {
 		return
 	}
 
-	br, err := convert.ToBranch(ctx, ctx.Repo.Repository, branch.Name, commit, branchProtection, ctx.Doer, ctx.Repo.IsAdmin())
+	br, err := convert.ToBranch(ctx, ctx.Repo.Repository, branch.Name, commit, branchProtection, ctx.Doer, ctx.IsUserRepoAdmin())
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "convert.ToBranch", err)
 		return
@@ -378,7 +378,7 @@ func ListBranches(ctx *context.APIContext) {
 			}
 
 			branchProtection := rules.GetFirstMatched(branches[i].Name)
-			apiBranch, err := convert.ToBranch(ctx, ctx.Repo.Repository, branches[i].Name, c, branchProtection, ctx.Doer, ctx.Repo.IsAdmin())
+			apiBranch, err := convert.ToBranch(ctx, ctx.Repo.Repository, branches[i].Name, c, branchProtection, ctx.Doer, ctx.IsUserRepoAdmin())
 			if err != nil {
 				ctx.Error(http.StatusInternalServerError, "convert.ToBranch", err)
 				return
diff --git a/routers/api/v1/repo/issue_comment.go b/routers/api/v1/repo/issue_comment.go
index 8a0cf241da..ceebb41f9e 100644
--- a/routers/api/v1/repo/issue_comment.go
+++ b/routers/api/v1/repo/issue_comment.go
@@ -418,7 +418,7 @@ func CreateIssueComment(ctx *context.APIContext) {
 		return
 	}
 
-	if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.Doer.IsAdmin {
+	if issue.IsLocked && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) && !ctx.IsUserSiteAdmin() {
 		ctx.Error(http.StatusForbidden, "CreateIssueComment", errors.New(ctx.Locale.TrString("repo.issues.comment_on_locked")))
 		return
 	}
diff --git a/routers/api/v1/repo/issue_subscription.go b/routers/api/v1/repo/issue_subscription.go
index 33654dc136..0fa435e2f5 100644
--- a/routers/api/v1/repo/issue_subscription.go
+++ b/routers/api/v1/repo/issue_subscription.go
@@ -127,7 +127,7 @@ func setIssueSubscription(ctx *context.APIContext, watch bool) {
 	}
 
 	// only admin and user for itself can change subscription
-	if user.ID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
+	if user.ID != ctx.Doer.ID && !ctx.IsUserSiteAdmin() {
 		ctx.Error(http.StatusForbidden, "User", fmt.Errorf("%s is not permitted to change subscriptions for %s", ctx.Doer.Name, user.Name))
 		return
 	}
diff --git a/routers/api/v1/repo/issue_tracked_time.go b/routers/api/v1/repo/issue_tracked_time.go
index 0fb96fc319..cc961ca364 100644
--- a/routers/api/v1/repo/issue_tracked_time.go
+++ b/routers/api/v1/repo/issue_tracked_time.go
@@ -109,7 +109,7 @@ func ListTrackedTimes(ctx *context.APIContext) {
 		return
 	}
 
-	cantSetUser := !ctx.Doer.IsAdmin &&
+	cantSetUser := !ctx.IsUserSiteAdmin() &&
 		opts.UserID != ctx.Doer.ID &&
 		!ctx.IsUserRepoWriter([]unit.Type{unit.TypeIssues})
 
@@ -203,7 +203,7 @@ func AddTime(ctx *context.APIContext) {
 
 	user := ctx.Doer
 	if form.User != "" {
-		if (ctx.IsUserRepoAdmin() && ctx.Doer.Name != form.User) || ctx.Doer.IsAdmin {
+		if (ctx.IsUserRepoAdmin() && ctx.Doer.Name != form.User) || ctx.IsUserSiteAdmin() {
 			// allow only RepoAdmin, Admin and User to add time
 			user, err = user_model.GetUserByName(ctx, form.User)
 			if err != nil {
@@ -371,7 +371,7 @@ func DeleteTime(ctx *context.APIContext) {
 		return
 	}
 
-	if !ctx.Doer.IsAdmin && time.UserID != ctx.Doer.ID {
+	if !ctx.IsUserSiteAdmin() && time.UserID != ctx.Doer.ID {
 		// Only Admin and User itself can delete their time
 		ctx.Status(http.StatusForbidden)
 		return
@@ -437,7 +437,7 @@ func ListTrackedTimesByUser(ctx *context.APIContext) {
 		return
 	}
 
-	if !ctx.IsUserRepoAdmin() && !ctx.Doer.IsAdmin && ctx.Doer.ID != user.ID {
+	if !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() && ctx.Doer.ID != user.ID {
 		ctx.Error(http.StatusForbidden, "", errors.New("query by user not allowed; not enough rights"))
 		return
 	}
@@ -538,7 +538,7 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
 		return
 	}
 
-	cantSetUser := !ctx.Doer.IsAdmin &&
+	cantSetUser := !ctx.IsUserSiteAdmin() &&
 		opts.UserID != ctx.Doer.ID &&
 		!ctx.IsUserRepoWriter([]unit.Type{unit.TypeIssues})
 
diff --git a/routers/api/v1/repo/key.go b/routers/api/v1/repo/key.go
index 2abf95a189..36fe2080d4 100644
--- a/routers/api/v1/repo/key.go
+++ b/routers/api/v1/repo/key.go
@@ -104,7 +104,7 @@ func ListDeployKeys(ctx *context.APIContext) {
 			return
 		}
 		apiKeys[i] = convert.ToDeployKey(apiLink, keys[i])
-		if ctx.Doer.IsAdmin || ((ctx.Repo.Repository.ID == keys[i].RepoID) && (ctx.Doer.ID == ctx.Repo.Owner.ID)) {
+		if ctx.IsUserSiteAdmin() || ((ctx.Repo.Repository.ID == keys[i].RepoID) && (ctx.Doer.ID == ctx.Repo.Owner.ID)) {
 			apiKeys[i], _ = appendPrivateInformation(ctx, apiKeys[i], keys[i], ctx.Repo.Repository)
 		}
 	}
@@ -166,7 +166,7 @@ func GetDeployKey(ctx *context.APIContext) {
 
 	apiLink := composeDeployKeysAPILink(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
 	apiKey := convert.ToDeployKey(apiLink, key)
-	if ctx.Doer.IsAdmin || ((ctx.Repo.Repository.ID == key.RepoID) && (ctx.Doer.ID == ctx.Repo.Owner.ID)) {
+	if ctx.IsUserSiteAdmin() || ((ctx.Repo.Repository.ID == key.RepoID) && (ctx.Doer.ID == ctx.Repo.Owner.ID)) {
 		apiKey, _ = appendPrivateInformation(ctx, apiKey, key, ctx.Repo.Repository)
 	}
 	ctx.JSON(http.StatusOK, apiKey)
diff --git a/routers/api/v1/repo/migrate.go b/routers/api/v1/repo/migrate.go
index 874a05a3ac..272806bfb0 100644
--- a/routers/api/v1/repo/migrate.go
+++ b/routers/api/v1/repo/migrate.go
@@ -91,7 +91,7 @@ func Migrate(ctx *context.APIContext) {
 		return
 	}
 
-	if !ctx.Doer.IsAdmin {
+	if !ctx.IsUserSiteAdmin() {
 		if !repoOwner.IsOrganization() && ctx.Doer.ID != repoOwner.ID {
 			ctx.Error(http.StatusForbidden, "", "Given user is not an organization.")
 			return
diff --git a/routers/api/v1/repo/pull_review.go b/routers/api/v1/repo/pull_review.go
index 76201f3f6e..97c5dcee78 100644
--- a/routers/api/v1/repo/pull_review.go
+++ b/routers/api/v1/repo/pull_review.go
@@ -402,7 +402,7 @@ func DeletePullReview(ctx *context.APIContext) {
 		ctx.NotFound()
 		return
 	}
-	if !ctx.Doer.IsAdmin && ctx.Doer.ID != review.ReviewerID {
+	if !ctx.IsUserSiteAdmin() && ctx.Doer.ID != review.ReviewerID {
 		ctx.Error(http.StatusForbidden, "only admin and user itself can delete a review", nil)
 		return
 	}
@@ -699,7 +699,7 @@ func prepareSingleReview(ctx *context.APIContext) (*issues_model.Review, *issues
 	}
 
 	// make sure that the user has access to this review if it is pending
-	if review.Type == issues_model.ReviewTypePending && review.ReviewerID != ctx.Doer.ID && !ctx.Doer.IsAdmin {
+	if review.Type == issues_model.ReviewTypePending && review.ReviewerID != ctx.Doer.ID && !ctx.IsUserSiteAdmin() {
 		ctx.NotFound("GetReviewByID")
 		return nil, nil, true
 	}
@@ -1080,7 +1080,7 @@ func DeletePullReviewComment(ctx *context.APIContext) {
 }
 
 func dismissReview(ctx *context.APIContext, msg string, isDismiss, dismissPriors bool) {
-	if !ctx.Repo.IsAdmin() {
+	if !ctx.IsUserRepoAdmin() {
 		ctx.Error(http.StatusForbidden, "", "Must be repo admin")
 		return
 	}
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index ad665770bf..e182f207f9 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -419,12 +419,12 @@ func Generate(ctx *context.APIContext) {
 			return
 		}
 
-		if !ctx.Doer.IsAdmin && !ctxUser.IsOrganization() {
+		if !ctx.IsUserSiteAdmin() && !ctxUser.IsOrganization() {
 			ctx.Error(http.StatusForbidden, "", "Only admin can generate repository for other user.")
 			return
 		}
 
-		if !ctx.Doer.IsAdmin {
+		if !ctx.IsUserSiteAdmin() {
 			canCreate, err := organization.OrgFromUser(ctxUser).CanCreateOrgRepo(ctx, ctx.Doer.ID)
 			if err != nil {
 				ctx.ServerError("CanCreateOrgRepo", err)
@@ -534,7 +534,7 @@ func CreateOrgRepo(ctx *context.APIContext) {
 		return
 	}
 
-	if !ctx.Doer.IsAdmin {
+	if !ctx.IsUserSiteAdmin() {
 		canCreate, err := org.CanCreateOrgRepo(ctx, ctx.Doer.ID)
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, "CanCreateOrgRepo", err)
@@ -776,7 +776,7 @@ func updateBasicProperties(ctx *context.APIContext, opts api.EditRepoOption) err
 
 		visibilityChanged = repo.IsPrivate != *opts.Private
 		// when ForcePrivate enabled, you could change public repo to private, but only admin users can change private to public
-		if visibilityChanged && setting.Repository.ForcePrivate && !*opts.Private && !ctx.Doer.IsAdmin {
+		if visibilityChanged && setting.Repository.ForcePrivate && !*opts.Private && !ctx.IsUserSiteAdmin() {
 			err := errors.New("cannot change private repository to public")
 			ctx.Error(http.StatusUnprocessableEntity, "Force Private enabled", err)
 			return err
diff --git a/routers/api/v1/repo/transfer.go b/routers/api/v1/repo/transfer.go
index 72cfeaf902..96f1919055 100644
--- a/routers/api/v1/repo/transfer.go
+++ b/routers/api/v1/repo/transfer.go
@@ -72,7 +72,7 @@ func Transfer(ctx *context.APIContext) {
 	}
 
 	if newOwner.Type == user_model.UserTypeOrganization {
-		if !ctx.Doer.IsAdmin && newOwner.Visibility == api.VisibleTypePrivate && !organization.OrgFromUser(newOwner).HasMemberWithUserID(ctx, ctx.Doer.ID) {
+		if !ctx.IsUserSiteAdmin() && newOwner.Visibility == api.VisibleTypePrivate && !organization.OrgFromUser(newOwner).HasMemberWithUserID(ctx, ctx.Doer.ID) {
 			// The user shouldn't know about this organization
 			ctx.Error(http.StatusNotFound, "", "The new owner does not exist or cannot be found")
 			return
diff --git a/routers/api/v1/user/hook.go b/routers/api/v1/user/hook.go
index 1c44204470..f84138caa9 100644
--- a/routers/api/v1/user/hook.go
+++ b/routers/api/v1/user/hook.go
@@ -70,7 +70,7 @@ func GetHook(ctx *context.APIContext) {
 		return
 	}
 
-	if !ctx.Doer.IsAdmin && hook.OwnerID != ctx.Doer.ID {
+	if !ctx.IsUserSiteAdmin() && hook.OwnerID != ctx.Doer.ID {
 		ctx.NotFound()
 		return
 	}
diff --git a/routers/api/v1/user/key.go b/routers/api/v1/user/key.go
index d8b5dfdfe9..94af893a0e 100644
--- a/routers/api/v1/user/key.go
+++ b/routers/api/v1/user/key.go
@@ -90,7 +90,7 @@ func listPublicKeys(ctx *context.APIContext, user *user_model.User) {
 	apiKeys := make([]*api.PublicKey, len(keys))
 	for i := range keys {
 		apiKeys[i] = convert.ToPublicKey(apiLink, keys[i])
-		if ctx.Doer.IsAdmin || ctx.Doer.ID == keys[i].OwnerID {
+		if ctx.IsUserSiteAdmin() || ctx.Doer.ID == keys[i].OwnerID {
 			apiKeys[i], _ = appendPrivateInformation(ctx, apiKeys[i], keys[i], user)
 		}
 	}
@@ -200,7 +200,7 @@ func GetPublicKey(ctx *context.APIContext) {
 
 	apiLink := composePublicKeysAPILink()
 	apiKey := convert.ToPublicKey(apiLink, key)
-	if ctx.Doer.IsAdmin || ctx.Doer.ID == key.OwnerID {
+	if ctx.IsUserSiteAdmin() || ctx.Doer.ID == key.OwnerID {
 		apiKey, _ = appendPrivateInformation(ctx, apiKey, key, ctx.Doer)
 	}
 	ctx.JSON(http.StatusOK, apiKey)
@@ -226,7 +226,7 @@ func CreateUserPublicKey(ctx *context.APIContext, form api.CreateKeyOption, uid
 	}
 	apiLink := composePublicKeysAPILink()
 	apiKey := convert.ToPublicKey(apiLink, key)
-	if ctx.Doer.IsAdmin || ctx.Doer.ID == key.OwnerID {
+	if ctx.IsUserSiteAdmin() || ctx.Doer.ID == key.OwnerID {
 		apiKey, _ = appendPrivateInformation(ctx, apiKey, key, ctx.Doer)
 	}
 	ctx.JSON(http.StatusCreated, apiKey)
diff --git a/routers/api/v1/user/repo.go b/routers/api/v1/user/repo.go
index 4d23b5c643..92d86e10b0 100644
--- a/routers/api/v1/user/repo.go
+++ b/routers/api/v1/user/repo.go
@@ -43,7 +43,7 @@ func listUserRepos(ctx *context.APIContext, u *user_model.User, private bool) {
 			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
 			return
 		}
-		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
+		if ctx.IsSigned && ctx.IsUserSiteAdmin() || permission.HasAccess() {
 			apiRepos = append(apiRepos, convert.ToRepo(ctx, repos[i], permission))
 		}
 	}
diff --git a/routers/api/v1/user/user.go b/routers/api/v1/user/user.go
index 7bb4db69c5..9083774c0e 100644
--- a/routers/api/v1/user/user.go
+++ b/routers/api/v1/user/user.go
@@ -214,7 +214,7 @@ func ListUserActivityFeeds(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	includePrivate := ctx.IsSigned && (ctx.Doer.IsAdmin || ctx.Doer.ID == ctx.ContextUser.ID)
+	includePrivate := ctx.IsSigned && (ctx.IsUserSiteAdmin() || ctx.Doer.ID == ctx.ContextUser.ID)
 	listOptions := utils.GetListOptions(ctx)
 
 	opts := activities_model.GetFeedsOptions{
diff --git a/services/context/api.go b/services/context/api.go
index 27458f3768..434da29906 100644
--- a/services/context/api.go
+++ b/services/context/api.go
@@ -450,11 +450,17 @@ func (ctx *APIContext) NotFoundOrServerError(logMsg string, errCheck func(error)
 
 // IsUserSiteAdmin returns true if current user is a site admin
 func (ctx *APIContext) IsUserSiteAdmin() bool {
+	if !ctx.Reducer.AllowAdminOverride() {
+		return false
+	}
 	return ctx.IsSigned && ctx.Doer.IsAdmin
 }
 
 // IsUserRepoAdmin returns true if current user is admin in current repo
 func (ctx *APIContext) IsUserRepoAdmin() bool {
+	if !ctx.Reducer.AllowAdminOverride() {
+		return false
+	}
 	return ctx.Repo.IsAdmin()
 }
 
diff --git a/services/context/api_test.go b/services/context/api_test.go
index 9916160f8d..a8e7baf5f7 100644
--- a/services/context/api_test.go
+++ b/services/context/api_test.go
@@ -9,8 +9,12 @@ import (
 	"strconv"
 	"testing"
 
+	perm_model "forgejo.org/models/perm"
+	access_model "forgejo.org/models/perm/access"
+	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
+	"forgejo.org/services/authz"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -74,3 +78,78 @@ func TestAcceptsGithubResponse(t *testing.T) {
 		assert.True(t, ctx.AcceptsGithubResponse())
 	})
 }
+
+func TestIsUserSiteAdmin(t *testing.T) {
+	makeCtx := func(t *testing.T, reducer authz.AuthorizationReducer) *APIContext {
+		req := httptest.NewRequest("GET", "/", nil)
+		resp := httptest.NewRecorder()
+		base, baseCleanUp := NewBaseContext(resp, req)
+		t.Cleanup(baseCleanUp)
+		ctx := &APIContext{Base: base, Reducer: reducer}
+		// setup ctx with an admin, and the test cases will modify to false in various ways
+		ctx.IsSigned = true
+		ctx.Doer = &user_model.User{IsAdmin: true}
+		return ctx
+	}
+
+	defaultReducer := authz.NewMockAuthorizationReducer(t)
+	defaultReducer.On("AllowAdminOverride").Return(true)
+
+	t.Run("not authenticated", func(t *testing.T) {
+		ctx := makeCtx(t, defaultReducer)
+		ctx.IsSigned = false
+		assert.False(t, ctx.IsUserSiteAdmin())
+	})
+
+	t.Run("non-admin", func(t *testing.T) {
+		ctx := makeCtx(t, defaultReducer)
+		ctx.Doer.IsAdmin = false
+		assert.False(t, ctx.IsUserSiteAdmin())
+	})
+
+	t.Run("admin", func(t *testing.T) {
+		ctx := makeCtx(t, defaultReducer)
+		assert.True(t, ctx.IsUserSiteAdmin())
+	})
+
+	t.Run("admin w/ reducer", func(t *testing.T) {
+		reducer := authz.NewMockAuthorizationReducer(t)
+		reducer.On("AllowAdminOverride").Return(false)
+		ctx := makeCtx(t, reducer)
+		assert.False(t, ctx.IsUserSiteAdmin())
+	})
+}
+
+func TestIsUserRepoAdmin(t *testing.T) {
+	makeCtx := func(t *testing.T, reducer authz.AuthorizationReducer) *APIContext {
+		req := httptest.NewRequest("GET", "/", nil)
+		resp := httptest.NewRecorder()
+		base, baseCleanUp := NewBaseContext(resp, req)
+		t.Cleanup(baseCleanUp)
+		ctx := &APIContext{Base: base, Reducer: reducer}
+		// setup ctx with a repo admin, and the test cases will modify to false in various ways
+		ctx.Repo = &Repository{Permission: access_model.Permission{AccessMode: perm_model.AccessModeAdmin}}
+		return ctx
+	}
+
+	defaultReducer := authz.NewMockAuthorizationReducer(t)
+	defaultReducer.On("AllowAdminOverride").Return(true)
+
+	t.Run("non-admin", func(t *testing.T) {
+		ctx := makeCtx(t, defaultReducer)
+		ctx.Repo.Permission.AccessMode = perm_model.AccessModeWrite
+		assert.False(t, ctx.IsUserRepoAdmin())
+	})
+
+	t.Run("admin", func(t *testing.T) {
+		ctx := makeCtx(t, defaultReducer)
+		assert.True(t, ctx.IsUserRepoAdmin())
+	})
+
+	t.Run("admin w/ reducer", func(t *testing.T) {
+		reducer := authz.NewMockAuthorizationReducer(t)
+		reducer.On("AllowAdminOverride").Return(false)
+		ctx := makeCtx(t, reducer)
+		assert.False(t, ctx.IsUserRepoAdmin())
+	})
+}
diff --git a/tests/integration/api_admin_test.go b/tests/integration/api_admin_test.go
index e83630c919..ae5a5b46ae 100644
--- a/tests/integration/api_admin_test.go
+++ b/tests/integration/api_admin_test.go
@@ -97,6 +97,43 @@ func TestAPISudoUser(t *testing.T) {
 	assert.Equal(t, normalUsername, user.UserName)
 }
 
+// Variation of TestAPISudoUser which verifies the usability of `sudo` with various access token restrictions.
+func TestAPISudoUserAuthorizationReducer(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	adminUsername := "user1"
+	normalUsername := "user2"
+	session := loginUser(t, adminUsername)
+
+	test := func(t *testing.T, token string, expectedStatus int) {
+		req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/user?sudo=%s", normalUsername)).
+			AddTokenAuth(token)
+		resp := MakeRequest(t, req, expectedStatus)
+		if expectedStatus == http.StatusOK {
+			var user api.User
+			DecodeJSON(t, resp, &user)
+			assert.Equal(t, normalUsername, user.UserName)
+		}
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
+		test(t, allToken, http.StatusOK)
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadUser)
+		test(t, publicOnlyToken, http.StatusForbidden)
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, adminUsername,
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadUser},
+			[]int64{2},
+		)
+		test(t, repo2OnlyToken, http.StatusForbidden)
+	})
+}
+
 func TestAPISudoUserForbidden(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	adminUsername := "user1"
diff --git a/tests/integration/api_issue_tracked_time_test.go b/tests/integration/api_issue_tracked_time_test.go
index 5e8b383437..cf0bab2e52 100644
--- a/tests/integration/api_issue_tracked_time_test.go
+++ b/tests/integration/api_issue_tracked_time_test.go
@@ -142,3 +142,53 @@ func TestAPIAddTrackedTimes(t *testing.T) {
 	assert.Equal(t, user2.ID, apiNewTime.UserID)
 	assert.EqualValues(t, 947688818, apiNewTime.Created.Unix())
 }
+
+// Listing tracked times w/ `/repos/{owner}/{repo}/times/{user}` requires repository admin or site admin permissions (or
+// to just list yourself).  This test is a variation of [TestAPIGetTrackedTimes] which uses the `/{user}` endpoint with
+// various access token restrictions, validating this API's implementation, but also validating that public-only and
+// repo-scoped access tokens don't have admin access.
+func TestAPIGetTrackedTimesAuthorizationReducer(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	adminUsername := "user1"
+	normalUsername := "user2"
+	session := loginUser(t, adminUsername)
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	issue2 := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 2})
+	require.NoError(t, issue2.LoadRepo(db.DefaultContext))
+
+	test := func(t *testing.T, token string, expectedStatus int) {
+		req := NewRequest(t, "GET",
+			fmt.Sprintf("/api/v1/repos/%s/%s/times/%s", user2.Name, issue2.Repo.Name, normalUsername)).
+			AddTokenAuth(token)
+		resp := MakeRequest(t, req, expectedStatus)
+		if expectedStatus == http.StatusOK {
+			var apiTimes api.TrackedTimeList
+			DecodeJSON(t, resp, &apiTimes)
+			assert.Len(t, apiTimes, 3)
+		}
+	}
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+		test(t, allToken, http.StatusOK)
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadRepository)
+		test(t, publicOnlyToken, http.StatusForbidden)
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, adminUsername,
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadRepository},
+			[]int64{issue2.RepoID},
+		)
+		test(t, repo2OnlyToken, http.StatusForbidden)
+	})
+}

From 1d1a5ae5e7bb96f0ca30f75f76e4a1e340507bdd Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 4 Mar 2026 16:18:15 +0100
Subject: [PATCH 409/854] Update dependency @vitest/eslint-plugin to v1.6.9
 (forgejo) (#11493)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11493
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 166 ++++++++++++++++++++++++++++++++++++++++++++--
 package.json      |   2 +-
 2 files changed, 161 insertions(+), 7 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 8795c5f2b7..3f469f1697 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -90,7 +90,7 @@
         "@stylistic/stylelint-plugin": "4.0.1",
         "@vitejs/plugin-vue": "6.0.3",
         "@vitest/coverage-v8": "4.0.18",
-        "@vitest/eslint-plugin": "1.6.6",
+        "@vitest/eslint-plugin": "1.6.9",
         "@vue/test-utils": "2.4.6",
         "eslint": "9.39.2",
         "eslint-import-resolver-typescript": "4.4.4",
@@ -4865,14 +4865,14 @@
       }
     },
     "node_modules/@vitest/eslint-plugin": {
-      "version": "1.6.6",
-      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.6.6.tgz",
-      "integrity": "sha512-bwgQxQWRtnTVzsUHK824tBmHzjV0iTx3tZaiQIYDjX3SA7TsQS8CuDVqxXrRY3FaOUMgbGavesCxI9MOfFLm7Q==",
+      "version": "1.6.9",
+      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.6.9.tgz",
+      "integrity": "sha512-9WfPx1OwJ19QLCSRLkqVO7//1WcWnK3fE/3fJhKMAmDe8+9G4rB47xCNIIeCq3FdEzkIoLTfDlwDlPBaUTMhow==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "^8.51.0",
-        "@typescript-eslint/utils": "^8.51.0"
+        "@typescript-eslint/scope-manager": "^8.55.0",
+        "@typescript-eslint/utils": "^8.55.0"
       },
       "engines": {
         "node": ">=18"
@@ -4891,6 +4891,160 @@
         }
       }
     },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/project-service": {
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.56.1.tgz",
+      "integrity": "sha512-TAdqQTzHNNvlVFfR+hu2PDJrURiwKsUvxFn1M0h95BB8ah5jejas08jUWG4dBA68jDMI988IvtfdAI53JzEHOQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/tsconfig-utils": "^8.56.1",
+        "@typescript-eslint/types": "^8.56.1",
+        "debug": "^4.4.3"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "typescript": ">=4.8.4 <6.0.0"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/scope-manager": {
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.56.1.tgz",
+      "integrity": "sha512-YAi4VDKcIZp0O4tz/haYKhmIDZFEUPOreKbfdAN3SzUDMcPhJ8QI99xQXqX+HoUVq8cs85eRKnD+rne2UAnj2w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.56.1"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/tsconfig-utils": {
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.56.1.tgz",
+      "integrity": "sha512-qOtCYzKEeyr3aR9f28mPJqBty7+DBqsdd63eO0yyDwc6vgThj2UjWfJIcsFeSucYydqcuudMOprZ+x1SpF3ZuQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "typescript": ">=4.8.4 <6.0.0"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/types": {
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.56.1.tgz",
+      "integrity": "sha512-dbMkdIUkIkchgGDIv7KLUpa0Mda4IYjo4IAMJUZ+3xNoUXxMsk9YtKpTHSChRS85o+H9ftm51gsK1dZReY9CVw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": {
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.56.1.tgz",
+      "integrity": "sha512-qzUL1qgalIvKWAf9C1HpvBjif+Vm6rcT5wZd4VoMb9+Km3iS3Cv9DY6dMRMDtPnwRAFyAi7YXJpTIEXLvdfPxg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/project-service": "8.56.1",
+        "@typescript-eslint/tsconfig-utils": "8.56.1",
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.56.1",
+        "debug": "^4.4.3",
+        "minimatch": "^10.2.2",
+        "semver": "^7.7.3",
+        "tinyglobby": "^0.2.15",
+        "ts-api-utils": "^2.4.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "typescript": ">=4.8.4 <6.0.0"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/utils": {
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.56.1.tgz",
+      "integrity": "sha512-HPAVNIME3tABJ61siYlHzSWCGtOoeP2RTIaHXFMPqjrQKCGB9OgUVdiNgH7TJS2JNIQ5qQ4RsAUDuGaGme/KOA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@eslint-community/eslint-utils": "^4.9.1",
+        "@typescript-eslint/scope-manager": "8.56.1",
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.56.1"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependencies": {
+        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
+        "typescript": ">=4.8.4 <6.0.0"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": {
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.56.1.tgz",
+      "integrity": "sha512-KiROIzYdEV85YygXw6BI/Dx4fnBlFQu6Mq4QE4MOH9fFnhohw6wX/OAvDY2/C+ut0I3RSPKenvZJIVYqJNkhEw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@typescript-eslint/types": "8.56.1",
+        "eslint-visitor-keys": "^5.0.0"
+      },
+      "engines": {
+        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@vitest/eslint-plugin/node_modules/eslint-visitor-keys": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz",
+      "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": "^20.19.0 || ^22.13.0 || >=24"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
     "node_modules/@vitest/expect": {
       "version": "4.0.18",
       "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.18.tgz",
diff --git a/package.json b/package.json
index 0d9575ee22..35fee6d2fc 100644
--- a/package.json
+++ b/package.json
@@ -89,7 +89,7 @@
     "@stylistic/stylelint-plugin": "4.0.1",
     "@vitejs/plugin-vue": "6.0.3",
     "@vitest/coverage-v8": "4.0.18",
-    "@vitest/eslint-plugin": "1.6.6",
+    "@vitest/eslint-plugin": "1.6.9",
     "@vue/test-utils": "2.4.6",
     "eslint": "9.39.2",
     "eslint-import-resolver-typescript": "4.4.4",

From 05d98b97291b82ca71995420cf7bc542523db22f Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 4 Mar 2026 18:23:48 +0100
Subject: [PATCH 410/854] Update linters (forgejo) (#11448)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 463 ++++++++++++++--------------------------------
 package.json      |  16 +-
 2 files changed, 146 insertions(+), 333 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3f469f1697..da317f9950 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -86,27 +86,27 @@
         "@eslint-community/eslint-plugin-eslint-comments": "4.6.0",
         "@playwright/test": "1.57.0",
         "@stoplight/spectral-cli": "6.15.0",
-        "@stylistic/eslint-plugin": "5.7.1",
+        "@stylistic/eslint-plugin": "5.9.0",
         "@stylistic/stylelint-plugin": "4.0.1",
         "@vitejs/plugin-vue": "6.0.3",
         "@vitest/coverage-v8": "4.0.18",
         "@vitest/eslint-plugin": "1.6.9",
         "@vue/test-utils": "2.4.6",
-        "eslint": "9.39.2",
+        "eslint": "9.39.3",
         "eslint-import-resolver-typescript": "4.4.4",
         "eslint-plugin-array-func": "5.1.0",
         "eslint-plugin-import-x": "4.16.1",
         "eslint-plugin-no-jquery": "3.1.1",
         "eslint-plugin-no-use-extend-native": "0.7.2",
-        "eslint-plugin-playwright": "2.5.1",
+        "eslint-plugin-playwright": "2.8.0",
         "eslint-plugin-regexp": "3.0.0",
-        "eslint-plugin-sonarjs": "3.0.6",
+        "eslint-plugin-sonarjs": "3.0.7",
         "eslint-plugin-toml": "0.13.1",
         "eslint-plugin-unicorn": "63.0.0",
         "eslint-plugin-vitest-globals": "1.5.0",
-        "eslint-plugin-vue": "10.7.0",
+        "eslint-plugin-vue": "10.8.0",
         "eslint-plugin-vue-scoped-css": "2.12.0",
-        "eslint-plugin-wc": "3.0.2",
+        "eslint-plugin-wc": "3.1.0",
         "globals": "17.3.0",
         "happy-dom": "20.0.11",
         "license-checker-rseidelsohn": "4.4.2",
@@ -115,11 +115,11 @@
         "sharp": "0.34.5",
         "stylelint": "16.26.1",
         "stylelint-declaration-block-no-ignored-properties": "2.8.0",
-        "stylelint-declaration-strict-value": "1.10.11",
+        "stylelint-declaration-strict-value": "1.11.1",
         "stylelint-value-no-unknown-custom-properties": "6.1.1",
         "svgo": "4.0.0",
         "typescript": "5.9.3",
-        "typescript-eslint": "8.54.0",
+        "typescript-eslint": "8.56.1",
         "vite-string-plugin": "2.0.0",
         "vitest": "4.0.18"
       },
@@ -1587,9 +1587,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.39.2",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.2.tgz",
-      "integrity": "sha512-q1mjIoW1VX4IvSocvM/vbTiveKC4k9eLrajNEuSsmjymSDEbpGddtpfOoN7YGAqBK3NG+uqo8ia4PDTt8buCYA==",
+      "version": "9.39.3",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.3.tgz",
+      "integrity": "sha512-1B1VkCq6FuUNlQvlBYb+1jDu/gV297TIs/OeiaSR9l1H27SVW55ONE1e1Vp16NqP683+xEGzxYtv4XCiDPaQiw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -2237,9 +2237,9 @@
       }
     },
     "node_modules/@isaacs/brace-expansion": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/@isaacs/brace-expansion/-/brace-expansion-5.0.0.tgz",
-      "integrity": "sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==",
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/@isaacs/brace-expansion/-/brace-expansion-5.0.1.tgz",
+      "integrity": "sha512-WMz71T1JS624nWj2n2fnYAuPovhv7EUhk69R6i9dsVyzxt5eM3bjwvgk9L+APE1TRscGysAVMANkB0jh0LQZrQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -3789,14 +3789,14 @@
       }
     },
     "node_modules/@stylistic/eslint-plugin": {
-      "version": "5.7.1",
-      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin/-/eslint-plugin-5.7.1.tgz",
-      "integrity": "sha512-zjTUwIsEfT+k9BmXwq1QEFYsb4afBlsI1AXFyWQBgggMzwBFOuu92pGrE5OFx90IOjNl+lUbQoTG7f8S0PkOdg==",
+      "version": "5.9.0",
+      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin/-/eslint-plugin-5.9.0.tgz",
+      "integrity": "sha512-FqqSkvDMYJReydrMhlugc71M76yLLQWNfmGq+SIlLa7N3kHp8Qq8i2PyWrVNAfjOyOIY+xv9XaaYwvVW7vroMA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/types": "^8.53.1",
+        "@typescript-eslint/types": "^8.56.0",
         "eslint-visitor-keys": "^4.2.1",
         "espree": "^10.4.0",
         "estraverse": "^5.3.0",
@@ -3806,7 +3806,7 @@
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
       },
       "peerDependencies": {
-        "eslint": ">=9.0.0"
+        "eslint": "^9.0.0 || ^10.0.0"
       }
     },
     "node_modules/@stylistic/eslint-plugin/node_modules/picomatch": {
@@ -4285,17 +4285,17 @@
       "license": "MIT"
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.54.0.tgz",
-      "integrity": "sha512-hAAP5io/7csFStuOmR782YmTthKBJ9ND3WVL60hcOjvtGFb+HJxH4O5huAcmcZ9v9G8P+JETiZ/G1B8MALnWZQ==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.56.1.tgz",
+      "integrity": "sha512-Jz9ZztpB37dNC+HU2HI28Bs9QXpzCz+y/twHOwhyrIRdbuVDxSytJNDl6z/aAKlaRIwC7y8wJdkBv7FxYGgi0A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.12.2",
-        "@typescript-eslint/scope-manager": "8.54.0",
-        "@typescript-eslint/type-utils": "8.54.0",
-        "@typescript-eslint/utils": "8.54.0",
-        "@typescript-eslint/visitor-keys": "8.54.0",
+        "@typescript-eslint/scope-manager": "8.56.1",
+        "@typescript-eslint/type-utils": "8.56.1",
+        "@typescript-eslint/utils": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.56.1",
         "ignore": "^7.0.5",
         "natural-compare": "^1.4.0",
         "ts-api-utils": "^2.4.0"
@@ -4308,8 +4308,8 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.54.0",
-        "eslint": "^8.57.0 || ^9.0.0",
+        "@typescript-eslint/parser": "^8.56.1",
+        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
     },
@@ -4324,16 +4324,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.54.0.tgz",
-      "integrity": "sha512-BtE0k6cjwjLZoZixN0t5AKP0kSzlGu7FctRXYuPAm//aaiZhmfq1JwdYpYr1brzEspYyFeF+8XF5j2VK6oalrA==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.56.1.tgz",
+      "integrity": "sha512-klQbnPAAiGYFyI02+znpBRLyjL4/BrBd0nyWkdC0s/6xFLkXYQ8OoRrSkqacS1ddVxf/LDyODIKbQ5TgKAf/Fg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.54.0",
-        "@typescript-eslint/types": "8.54.0",
-        "@typescript-eslint/typescript-estree": "8.54.0",
-        "@typescript-eslint/visitor-keys": "8.54.0",
+        "@typescript-eslint/scope-manager": "8.56.1",
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.56.1",
         "debug": "^4.4.3"
       },
       "engines": {
@@ -4344,19 +4344,19 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "eslint": "^8.57.0 || ^9.0.0",
+        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.54.0.tgz",
-      "integrity": "sha512-YPf+rvJ1s7MyiWM4uTRhE4DvBXrEV+d8oC3P9Y2eT7S+HBS0clybdMIPnhiATi9vZOYDc7OQ1L/i6ga6NFYK/g==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.56.1.tgz",
+      "integrity": "sha512-TAdqQTzHNNvlVFfR+hu2PDJrURiwKsUvxFn1M0h95BB8ah5jejas08jUWG4dBA68jDMI988IvtfdAI53JzEHOQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.54.0",
-        "@typescript-eslint/types": "^8.54.0",
+        "@typescript-eslint/tsconfig-utils": "^8.56.1",
+        "@typescript-eslint/types": "^8.56.1",
         "debug": "^4.4.3"
       },
       "engines": {
@@ -4371,14 +4371,14 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.54.0.tgz",
-      "integrity": "sha512-27rYVQku26j/PbHYcVfRPonmOlVI6gihHtXFbTdB5sb6qA0wdAQAbyXFVarQ5t4HRojIz64IV90YtsjQSSGlQg==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.56.1.tgz",
+      "integrity": "sha512-YAi4VDKcIZp0O4tz/haYKhmIDZFEUPOreKbfdAN3SzUDMcPhJ8QI99xQXqX+HoUVq8cs85eRKnD+rne2UAnj2w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.54.0",
-        "@typescript-eslint/visitor-keys": "8.54.0"
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.56.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4389,9 +4389,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.54.0.tgz",
-      "integrity": "sha512-dRgOyT2hPk/JwxNMZDsIXDgyl9axdJI3ogZ2XWhBPsnZUv+hPesa5iuhdYt2gzwA9t8RE5ytOJ6xB0moV0Ujvw==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.56.1.tgz",
+      "integrity": "sha512-qOtCYzKEeyr3aR9f28mPJqBty7+DBqsdd63eO0yyDwc6vgThj2UjWfJIcsFeSucYydqcuudMOprZ+x1SpF3ZuQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4406,15 +4406,15 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.54.0.tgz",
-      "integrity": "sha512-hiLguxJWHjjwL6xMBwD903ciAwd7DmK30Y9Axs/etOkftC3ZNN9K44IuRD/EB08amu+Zw6W37x9RecLkOo3pMA==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.56.1.tgz",
+      "integrity": "sha512-yB/7dxi7MgTtGhZdaHCemf7PuwrHMenHjmzgUW1aJpO+bBU43OycnM3Wn+DdvDO/8zzA9HlhaJ0AUGuvri4oGg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.54.0",
-        "@typescript-eslint/typescript-estree": "8.54.0",
-        "@typescript-eslint/utils": "8.54.0",
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.56.1",
+        "@typescript-eslint/utils": "8.56.1",
         "debug": "^4.4.3",
         "ts-api-utils": "^2.4.0"
       },
@@ -4426,14 +4426,14 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "eslint": "^8.57.0 || ^9.0.0",
+        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.54.0.tgz",
-      "integrity": "sha512-PDUI9R1BVjqu7AUDsRBbKMtwmjWcn4J3le+5LpcFgWULN3LvHC5rkc9gCVxbrsrGmO1jfPybN5s6h4Jy+OnkAA==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.56.1.tgz",
+      "integrity": "sha512-dbMkdIUkIkchgGDIv7KLUpa0Mda4IYjo4IAMJUZ+3xNoUXxMsk9YtKpTHSChRS85o+H9ftm51gsK1dZReY9CVw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4445,18 +4445,18 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.54.0.tgz",
-      "integrity": "sha512-BUwcskRaPvTk6fzVWgDPdUndLjB87KYDrN5EYGetnktoeAvPtO4ONHlAZDnj5VFnUANg0Sjm7j4usBlnoVMHwA==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.56.1.tgz",
+      "integrity": "sha512-qzUL1qgalIvKWAf9C1HpvBjif+Vm6rcT5wZd4VoMb9+Km3iS3Cv9DY6dMRMDtPnwRAFyAi7YXJpTIEXLvdfPxg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.54.0",
-        "@typescript-eslint/tsconfig-utils": "8.54.0",
-        "@typescript-eslint/types": "8.54.0",
-        "@typescript-eslint/visitor-keys": "8.54.0",
+        "@typescript-eslint/project-service": "8.56.1",
+        "@typescript-eslint/tsconfig-utils": "8.56.1",
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/visitor-keys": "8.56.1",
         "debug": "^4.4.3",
-        "minimatch": "^9.0.5",
+        "minimatch": "^10.2.2",
         "semver": "^7.7.3",
         "tinyglobby": "^0.2.15",
         "ts-api-utils": "^2.4.0"
@@ -4472,50 +4472,17 @@
         "typescript": ">=4.8.4 <6.0.0"
       }
     },
-    "node_modules/@typescript-eslint/typescript-estree/node_modules/balanced-match": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/@typescript-eslint/typescript-estree/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "balanced-match": "^1.0.0"
-      }
-    },
-    "node_modules/@typescript-eslint/typescript-estree/node_modules/minimatch": {
-      "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "brace-expansion": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=16 || 14 >=14.17"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.54.0.tgz",
-      "integrity": "sha512-9Cnda8GS57AQakvRyG0PTejJNlA2xhvyNtEVIMlDWOOeEyBkYWhGPnfrIAnqxLMTSTo6q8g12XVjjev5l1NvMA==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.56.1.tgz",
+      "integrity": "sha512-HPAVNIME3tABJ61siYlHzSWCGtOoeP2RTIaHXFMPqjrQKCGB9OgUVdiNgH7TJS2JNIQ5qQ4RsAUDuGaGme/KOA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.54.0",
-        "@typescript-eslint/types": "8.54.0",
-        "@typescript-eslint/typescript-estree": "8.54.0"
+        "@typescript-eslint/scope-manager": "8.56.1",
+        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.56.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4525,19 +4492,19 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "eslint": "^8.57.0 || ^9.0.0",
+        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.54.0.tgz",
-      "integrity": "sha512-VFlhGSl4opC0bprJiItPQ1RfUhGDIBokcPwaFH4yiBCaNPeld/9VeXbiPO1cLyorQi1G1vL+ecBk1x8o1axORA==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.56.1.tgz",
+      "integrity": "sha512-KiROIzYdEV85YygXw6BI/Dx4fnBlFQu6Mq4QE4MOH9fFnhohw6wX/OAvDY2/C+ut0I3RSPKenvZJIVYqJNkhEw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.54.0",
-        "eslint-visitor-keys": "^4.2.1"
+        "@typescript-eslint/types": "8.56.1",
+        "eslint-visitor-keys": "^5.0.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4547,6 +4514,19 @@
         "url": "https://opencollective.com/typescript-eslint"
       }
     },
+    "node_modules/@typescript-eslint/visitor-keys/node_modules/eslint-visitor-keys": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz",
+      "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": "^20.19.0 || ^22.13.0 || >=24"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
     "node_modules/@unrs/resolver-binding-android-arm-eabi": {
       "version": "1.11.1",
       "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-android-arm-eabi/-/resolver-binding-android-arm-eabi-1.11.1.tgz",
@@ -4891,160 +4871,6 @@
         }
       }
     },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/project-service": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.56.1.tgz",
-      "integrity": "sha512-TAdqQTzHNNvlVFfR+hu2PDJrURiwKsUvxFn1M0h95BB8ah5jejas08jUWG4dBA68jDMI988IvtfdAI53JzEHOQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.56.1",
-        "@typescript-eslint/types": "^8.56.1",
-        "debug": "^4.4.3"
-      },
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.56.1.tgz",
-      "integrity": "sha512-YAi4VDKcIZp0O4tz/haYKhmIDZFEUPOreKbfdAN3SzUDMcPhJ8QI99xQXqX+HoUVq8cs85eRKnD+rne2UAnj2w==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@typescript-eslint/types": "8.56.1",
-        "@typescript-eslint/visitor-keys": "8.56.1"
-      },
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.56.1.tgz",
-      "integrity": "sha512-qOtCYzKEeyr3aR9f28mPJqBty7+DBqsdd63eO0yyDwc6vgThj2UjWfJIcsFeSucYydqcuudMOprZ+x1SpF3ZuQ==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/types": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.56.1.tgz",
-      "integrity": "sha512-dbMkdIUkIkchgGDIv7KLUpa0Mda4IYjo4IAMJUZ+3xNoUXxMsk9YtKpTHSChRS85o+H9ftm51gsK1dZReY9CVw==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.56.1.tgz",
-      "integrity": "sha512-qzUL1qgalIvKWAf9C1HpvBjif+Vm6rcT5wZd4VoMb9+Km3iS3Cv9DY6dMRMDtPnwRAFyAi7YXJpTIEXLvdfPxg==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@typescript-eslint/project-service": "8.56.1",
-        "@typescript-eslint/tsconfig-utils": "8.56.1",
-        "@typescript-eslint/types": "8.56.1",
-        "@typescript-eslint/visitor-keys": "8.56.1",
-        "debug": "^4.4.3",
-        "minimatch": "^10.2.2",
-        "semver": "^7.7.3",
-        "tinyglobby": "^0.2.15",
-        "ts-api-utils": "^2.4.0"
-      },
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/utils": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.56.1.tgz",
-      "integrity": "sha512-HPAVNIME3tABJ61siYlHzSWCGtOoeP2RTIaHXFMPqjrQKCGB9OgUVdiNgH7TJS2JNIQ5qQ4RsAUDuGaGme/KOA==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.56.1",
-        "@typescript-eslint/types": "8.56.1",
-        "@typescript-eslint/typescript-estree": "8.56.1"
-      },
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      },
-      "peerDependencies": {
-        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.56.1.tgz",
-      "integrity": "sha512-KiROIzYdEV85YygXw6BI/Dx4fnBlFQu6Mq4QE4MOH9fFnhohw6wX/OAvDY2/C+ut0I3RSPKenvZJIVYqJNkhEw==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@typescript-eslint/types": "8.56.1",
-        "eslint-visitor-keys": "^5.0.0"
-      },
-      "engines": {
-        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/typescript-eslint"
-      }
-    },
-    "node_modules/@vitest/eslint-plugin/node_modules/eslint-visitor-keys": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz",
-      "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "engines": {
-        "node": "^20.19.0 || ^22.13.0 || >=24"
-      },
-      "funding": {
-        "url": "https://opencollective.com/eslint"
-      }
-    },
     "node_modules/@vitest/expect": {
       "version": "4.0.18",
       "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.18.tgz",
@@ -8070,9 +7896,9 @@
       }
     },
     "node_modules/eslint": {
-      "version": "9.39.2",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.2.tgz",
-      "integrity": "sha512-LEyamqS7W5HB3ujJyvi0HQK/dtVINZvd5mAAp9eT5S/ujByGjiZLCzPcHVzuXbpJDJF/cxwHlfceVUDZ2lnSTw==",
+      "version": "9.39.3",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.3.tgz",
+      "integrity": "sha512-VmQ+sifHUbI/IcSopBCF/HO3YiHQx/AVd3UVyYL6weuwW+HvON9VYn5l6Zl1WZzPWXPNZrSQpxwkkZ/VuvJZzg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8082,7 +7908,7 @@
         "@eslint/config-helpers": "^0.4.2",
         "@eslint/core": "^0.17.0",
         "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.39.2",
+        "@eslint/js": "9.39.3",
         "@eslint/plugin-kit": "^0.4.1",
         "@humanfs/node": "^0.16.6",
         "@humanwhocodes/module-importer": "^1.0.1",
@@ -8285,13 +8111,13 @@
       }
     },
     "node_modules/eslint-plugin-playwright": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-playwright/-/eslint-plugin-playwright-2.5.1.tgz",
-      "integrity": "sha512-q7oqVQTTfa3VXJQ8E+ln0QttPGrs/XmSO1FjOMzQYBMYF3btih4FIrhEYh34JF184GYDmq3lJ/n7CMa49OHBvA==",
+      "version": "2.8.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-playwright/-/eslint-plugin-playwright-2.8.0.tgz",
+      "integrity": "sha512-BRCXbnX20l/ZPOOi1jEqNvqU/UjXpkZRJaghQxSM2kjAvsDph8+osn9u1iMmvoa9Cegbp9d0Skh7vro7242t+Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "globals": "^16.4.0"
+        "globals": "^17.3.0"
       },
       "engines": {
         "node": ">=16.9.0"
@@ -8300,19 +8126,6 @@
         "eslint": ">=8.40.0"
       }
     },
-    "node_modules/eslint-plugin-playwright/node_modules/globals": {
-      "version": "16.5.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-16.5.0.tgz",
-      "integrity": "sha512-c/c15i26VrJ4IRt5Z89DnIzCGDn9EcebibhAOjw5ibqEHsE1wLUgkPn9RDmNcUKyU87GeaL633nyJ+pplFR2ZQ==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=18"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/eslint-plugin-regexp": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/eslint-plugin-regexp/-/eslint-plugin-regexp-3.0.0.tgz",
@@ -8336,9 +8149,9 @@
       }
     },
     "node_modules/eslint-plugin-sonarjs": {
-      "version": "3.0.6",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-sonarjs/-/eslint-plugin-sonarjs-3.0.6.tgz",
-      "integrity": "sha512-3mVUqsAUSylGfkJMj2v0aC2Cu/eUunDLm+XMjLf0uLjAZao205NWF3g6EXxcCAFO+rCZiQ6Or1WQkUcU9/sKFQ==",
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-sonarjs/-/eslint-plugin-sonarjs-3.0.7.tgz",
+      "integrity": "sha512-62jB20krIPvcwBLAyG3VVKa2ce2j2lL1yCb8Y0ylMRR/dLvCCTiQx8gQbXb+G81k1alPZ2/I3muZinqWQdBbzw==",
       "dev": true,
       "license": "LGPL-3.0-only",
       "dependencies": {
@@ -8348,9 +8161,9 @@
         "functional-red-black-tree": "1.0.1",
         "jsx-ast-utils-x": "0.1.0",
         "lodash.merge": "4.6.2",
-        "minimatch": "10.1.1",
+        "minimatch": "10.1.2",
         "scslre": "0.3.0",
-        "semver": "7.7.3",
+        "semver": "7.7.4",
         "typescript": ">=5"
       },
       "peerDependencies": {
@@ -8358,13 +8171,13 @@
       }
     },
     "node_modules/eslint-plugin-sonarjs/node_modules/minimatch": {
-      "version": "10.1.1",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.1.tgz",
-      "integrity": "sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==",
+      "version": "10.1.2",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.2.tgz",
+      "integrity": "sha512-fu656aJ0n2kcXwsnwnv9g24tkU5uSmOlTjd6WyyaKm2Z+h1qmY6bAjrcaIxF/BslFqbZ8UBtbJi7KgQOZD2PTw==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
-        "@isaacs/brace-expansion": "^5.0.0"
+        "@isaacs/brace-expansion": "^5.0.1"
       },
       "engines": {
         "node": "20 || >=22"
@@ -8449,9 +8262,9 @@
       "license": "MIT"
     },
     "node_modules/eslint-plugin-vue": {
-      "version": "10.7.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-vue/-/eslint-plugin-vue-10.7.0.tgz",
-      "integrity": "sha512-r2XFCK4qlo1sxEoAMIoTTX0PZAdla0JJDt1fmYiworZUX67WeEGqm+JbyAg3M+pGiJ5U6Mp5WQbontXWtIW7TA==",
+      "version": "10.8.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-vue/-/eslint-plugin-vue-10.8.0.tgz",
+      "integrity": "sha512-f1J/tcbnrpgC8suPN5AtdJ5MQjuXbSU9pGRSSYAuF3SHoiYCOdEX6O22pLaRyLHXvDcOe+O5ENgc1owQ587agA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8468,7 +8281,7 @@
       "peerDependencies": {
         "@stylistic/eslint-plugin": "^2.0.0 || ^3.0.0 || ^4.0.0 || ^5.0.0",
         "@typescript-eslint/parser": "^7.0.0 || ^8.0.0",
-        "eslint": "^8.57.0 || ^9.0.0",
+        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
         "vue-eslint-parser": "^10.0.0"
       },
       "peerDependenciesMeta": {
@@ -8508,9 +8321,9 @@
       }
     },
     "node_modules/eslint-plugin-wc": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-wc/-/eslint-plugin-wc-3.0.2.tgz",
-      "integrity": "sha512-siwTrxPTw6GU2JmP3faInw8nhi0ZCnKsiSRM3j7EAkZmBTGYdDAToeseLYsvPrc5Urp/vPz+g7Ewh7XcICLxww==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-wc/-/eslint-plugin-wc-3.1.0.tgz",
+      "integrity": "sha512-spvXHD2/GTTgYXxFB3xlMThnXGUeNJaiCwWuPGzjDOLXnVGLcQpDt0fyiN6yiLoaLs/yhsj+7G1FpBZKeigCSA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8559,9 +8372,9 @@
       "license": "MIT"
     },
     "node_modules/eslint/node_modules/ajv": {
-      "version": "6.12.6",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
-      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "version": "6.14.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
+      "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8583,9 +8396,9 @@
       "license": "MIT"
     },
     "node_modules/eslint/node_modules/minimatch": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -13803,9 +13616,9 @@
       }
     },
     "node_modules/semver": {
-      "version": "7.7.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz",
-      "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==",
+      "version": "7.7.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
+      "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
       "license": "ISC",
       "bin": {
         "semver": "bin/semver.js"
@@ -14569,16 +14382,16 @@
       }
     },
     "node_modules/stylelint-declaration-strict-value": {
-      "version": "1.10.11",
-      "resolved": "https://registry.npmjs.org/stylelint-declaration-strict-value/-/stylelint-declaration-strict-value-1.10.11.tgz",
-      "integrity": "sha512-oVQvhZlFZAiDz9r2BPFZLtTGm1A2JVhdKObKAJoTjFfR4F/NpApC4bMBTxf4sZS76Na3njYKVOaAaKSZ4+FU+g==",
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/stylelint-declaration-strict-value/-/stylelint-declaration-strict-value-1.11.1.tgz",
+      "integrity": "sha512-DYihiMuKGk9AeCYp+c3PMy6Z+Qu6yb6wRLeXQJZVMdXV+QOqs7P+Xj6jt8RVTgFJfII+cEQaFI5uWu08WwlkOA==",
       "dev": true,
       "license": "MIT",
       "engines": {
-        "node": ">=18.12.0"
+        "node": ">=20.19.0"
       },
       "peerDependencies": {
-        "stylelint": ">=7 <=16"
+        "stylelint": ">=16 <=17"
       }
     },
     "node_modules/stylelint-value-no-unknown-custom-properties": {
@@ -15337,16 +15150,16 @@
       }
     },
     "node_modules/typescript-eslint": {
-      "version": "8.54.0",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.54.0.tgz",
-      "integrity": "sha512-CKsJ+g53QpsNPqbzUsfKVgd3Lny4yKZ1pP4qN3jdMOg/sisIDLGyDMezycquXLE5JsEU0wp3dGNdzig0/fmSVQ==",
+      "version": "8.56.1",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.56.1.tgz",
+      "integrity": "sha512-U4lM6pjmBX7J5wk4szltF7I1cGBHXZopnAXCMXb3+fZ3B/0Z3hq3wS/CCUB2NZBNAExK92mCU2tEohWuwVMsDQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.54.0",
-        "@typescript-eslint/parser": "8.54.0",
-        "@typescript-eslint/typescript-estree": "8.54.0",
-        "@typescript-eslint/utils": "8.54.0"
+        "@typescript-eslint/eslint-plugin": "8.56.1",
+        "@typescript-eslint/parser": "8.56.1",
+        "@typescript-eslint/typescript-estree": "8.56.1",
+        "@typescript-eslint/utils": "8.56.1"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -15356,7 +15169,7 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "eslint": "^8.57.0 || ^9.0.0",
+        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
     },
diff --git a/package.json b/package.json
index 35fee6d2fc..64a101fd82 100644
--- a/package.json
+++ b/package.json
@@ -85,27 +85,27 @@
     "@eslint-community/eslint-plugin-eslint-comments": "4.6.0",
     "@playwright/test": "1.57.0",
     "@stoplight/spectral-cli": "6.15.0",
-    "@stylistic/eslint-plugin": "5.7.1",
+    "@stylistic/eslint-plugin": "5.9.0",
     "@stylistic/stylelint-plugin": "4.0.1",
     "@vitejs/plugin-vue": "6.0.3",
     "@vitest/coverage-v8": "4.0.18",
     "@vitest/eslint-plugin": "1.6.9",
     "@vue/test-utils": "2.4.6",
-    "eslint": "9.39.2",
+    "eslint": "9.39.3",
     "eslint-import-resolver-typescript": "4.4.4",
     "eslint-plugin-array-func": "5.1.0",
     "eslint-plugin-import-x": "4.16.1",
     "eslint-plugin-no-jquery": "3.1.1",
     "eslint-plugin-no-use-extend-native": "0.7.2",
-    "eslint-plugin-playwright": "2.5.1",
+    "eslint-plugin-playwright": "2.8.0",
     "eslint-plugin-regexp": "3.0.0",
-    "eslint-plugin-sonarjs": "3.0.6",
+    "eslint-plugin-sonarjs": "3.0.7",
     "eslint-plugin-toml": "0.13.1",
     "eslint-plugin-unicorn": "63.0.0",
     "eslint-plugin-vitest-globals": "1.5.0",
-    "eslint-plugin-vue": "10.7.0",
+    "eslint-plugin-vue": "10.8.0",
     "eslint-plugin-vue-scoped-css": "2.12.0",
-    "eslint-plugin-wc": "3.0.2",
+    "eslint-plugin-wc": "3.1.0",
     "globals": "17.3.0",
     "happy-dom": "20.0.11",
     "license-checker-rseidelsohn": "4.4.2",
@@ -114,11 +114,11 @@
     "sharp": "0.34.5",
     "stylelint": "16.26.1",
     "stylelint-declaration-block-no-ignored-properties": "2.8.0",
-    "stylelint-declaration-strict-value": "1.10.11",
+    "stylelint-declaration-strict-value": "1.11.1",
     "stylelint-value-no-unknown-custom-properties": "6.1.1",
     "svgo": "4.0.0",
     "typescript": "5.9.3",
-    "typescript-eslint": "8.54.0",
+    "typescript-eslint": "8.56.1",
     "vite-string-plugin": "2.0.0",
     "vitest": "4.0.18"
   },

From df9a9cc5e1c472311fe7ae363676f8733d2b10b0 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 5 Mar 2026 14:26:22 +0100
Subject: [PATCH 411/854] Update dependency svgo to v4.0.1 [SECURITY] (forgejo)
 (#11508)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11508
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 16 ++++++++--------
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index da317f9950..c1a8cfdf47 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -117,7 +117,7 @@
         "stylelint-declaration-block-no-ignored-properties": "2.8.0",
         "stylelint-declaration-strict-value": "1.11.1",
         "stylelint-value-no-unknown-custom-properties": "6.1.1",
-        "svgo": "4.0.0",
+        "svgo": "4.0.1",
         "typescript": "5.9.3",
         "typescript-eslint": "8.56.1",
         "vite-string-plugin": "2.0.0",
@@ -14596,9 +14596,9 @@
       "dev": true
     },
     "node_modules/svgo": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/svgo/-/svgo-4.0.0.tgz",
-      "integrity": "sha512-VvrHQ+9uniE+Mvx3+C9IEe/lWasXCU0nXMY2kZeLrHNICuRiC8uMPyM14UEaMOFA5mhyQqEkB02VoQ16n3DLaw==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/svgo/-/svgo-4.0.1.tgz",
+      "integrity": "sha512-XDpWUOPC6FEibaLzjfe0ucaV0YrOjYotGJO1WpF0Zd+n6ZGEQUsSugaoLq9QkEZtAfQIxT42UChcssDVPP3+/w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -14608,7 +14608,7 @@
         "css-what": "^6.1.0",
         "csso": "^5.0.5",
         "picocolors": "^1.1.1",
-        "sax": "^1.4.1"
+        "sax": "^1.5.0"
       },
       "bin": {
         "svgo": "bin/svgo.js"
@@ -14632,9 +14632,9 @@
       }
     },
     "node_modules/svgo/node_modules/sax": {
-      "version": "1.4.4",
-      "resolved": "https://registry.npmjs.org/sax/-/sax-1.4.4.tgz",
-      "integrity": "sha512-1n3r/tGXO6b6VXMdFT54SHzT9ytu9yr7TaELowdYpMqY/Ao7EnlQGmAQ1+RatX7Tkkdm6hONI2owqNx2aZj5Sw==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.5.0.tgz",
+      "integrity": "sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "engines": {
diff --git a/package.json b/package.json
index 64a101fd82..276ddbe5a8 100644
--- a/package.json
+++ b/package.json
@@ -116,7 +116,7 @@
     "stylelint-declaration-block-no-ignored-properties": "2.8.0",
     "stylelint-declaration-strict-value": "1.11.1",
     "stylelint-value-no-unknown-custom-properties": "6.1.1",
-    "svgo": "4.0.0",
+    "svgo": "4.0.1",
     "typescript": "5.9.3",
     "typescript-eslint": "8.56.1",
     "vite-string-plugin": "2.0.0",

From e47957e24c4856792b16d43f25bd41c744ddbdc8 Mon Sep 17 00:00:00 2001
From: marijnjh <marijnjh@noreply.codeberg.org>
Date: Thu, 5 Mar 2026 21:32:13 +0100
Subject: [PATCH 412/854] fix: replace reference to Monaco with CodeMirror in
 `app.example.ini` (#11507)

Just a small fix in a comment in the example config file.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11507
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: marijnjh <marijnjh@noreply.codeberg.org>
Co-committed-by: marijnjh <marijnjh@noreply.codeberg.org>
---
 custom/conf/app.example.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index b7aa3571df..da83d4636f 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1062,7 +1062,7 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; List of file extensions for which lines should be wrapped in the Monaco editor
+;; List of file extensions for which lines should be wrapped in the CodeMirror editor
 ;; Separate extensions with a comma. To line wrap files without an extension, just put a comma
 ;LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,.livemd,
 

From c896f480d4e95206080103683ba7508ec5d3e55d Mon Sep 17 00:00:00 2001
From: Renovate Bot <forgejo-renovate-action@forgejo.org>
Date: Thu, 5 Mar 2026 21:58:26 +0100
Subject: [PATCH 413/854] Update dependency mermaid to v11.12.3 (forgejo)
 (#11385)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11385
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
---
 package-lock.json | 105 +++++++++++++++++++++++-----------------------
 package.json      |   2 +-
 2 files changed, 54 insertions(+), 53 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c1a8cfdf47..ac22152602 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -55,7 +55,7 @@
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
         "katex": "0.16.27",
-        "mermaid": "11.12.2",
+        "mermaid": "11.12.3",
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.3",
         "pdfobject": "2.3.0",
@@ -328,42 +328,42 @@
       }
     },
     "node_modules/@chevrotain/cst-dts-gen": {
-      "version": "11.0.3",
-      "resolved": "https://registry.npmjs.org/@chevrotain/cst-dts-gen/-/cst-dts-gen-11.0.3.tgz",
-      "integrity": "sha512-BvIKpRLeS/8UbfxXxgC33xOumsacaeCKAjAeLyOn7Pcp95HiRbrpl14S+9vaZLolnbssPIUuiUd8IvgkRyt6NQ==",
+      "version": "11.1.1",
+      "resolved": "https://registry.npmjs.org/@chevrotain/cst-dts-gen/-/cst-dts-gen-11.1.1.tgz",
+      "integrity": "sha512-fRHyv6/f542qQqiRGalrfJl/evD39mAvbJLCekPazhiextEatq1Jx1K/i9gSd5NNO0ds03ek0Cbo/4uVKmOBcw==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@chevrotain/gast": "11.0.3",
-        "@chevrotain/types": "11.0.3",
-        "lodash-es": "4.17.21"
+        "@chevrotain/gast": "11.1.1",
+        "@chevrotain/types": "11.1.1",
+        "lodash-es": "4.17.23"
       }
     },
     "node_modules/@chevrotain/gast": {
-      "version": "11.0.3",
-      "resolved": "https://registry.npmjs.org/@chevrotain/gast/-/gast-11.0.3.tgz",
-      "integrity": "sha512-+qNfcoNk70PyS/uxmj3li5NiECO+2YKZZQMbmjTqRI3Qchu8Hig/Q9vgkHpI3alNjr7M+a2St5pw5w5F6NL5/Q==",
+      "version": "11.1.1",
+      "resolved": "https://registry.npmjs.org/@chevrotain/gast/-/gast-11.1.1.tgz",
+      "integrity": "sha512-Ko/5vPEYy1vn5CbCjjvnSO4U7GgxyGm+dfUZZJIWTlQFkXkyym0jFYrWEU10hyCjrA7rQtiHtBr0EaZqvHFZvg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@chevrotain/types": "11.0.3",
-        "lodash-es": "4.17.21"
+        "@chevrotain/types": "11.1.1",
+        "lodash-es": "4.17.23"
       }
     },
     "node_modules/@chevrotain/regexp-to-ast": {
-      "version": "11.0.3",
-      "resolved": "https://registry.npmjs.org/@chevrotain/regexp-to-ast/-/regexp-to-ast-11.0.3.tgz",
-      "integrity": "sha512-1fMHaBZxLFvWI067AVbGJav1eRY7N8DDvYCTwGBiE/ytKBgP8azTdgyrKyWZ9Mfh09eHWb5PgTSO8wi7U824RA==",
+      "version": "11.1.1",
+      "resolved": "https://registry.npmjs.org/@chevrotain/regexp-to-ast/-/regexp-to-ast-11.1.1.tgz",
+      "integrity": "sha512-ctRw1OKSXkOrR8VTvOxrQ5USEc4sNrfwXHa1NuTcR7wre4YbjPcKw+82C2uylg/TEwFRgwLmbhlln4qkmDyteg==",
       "license": "Apache-2.0"
     },
     "node_modules/@chevrotain/types": {
-      "version": "11.0.3",
-      "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-11.0.3.tgz",
-      "integrity": "sha512-gsiM3G8b58kZC2HaWR50gu6Y1440cHiJ+i3JUvcp/35JchYejb2+5MVeJK0iKThYpAa/P2PYFV4hoi44HD+aHQ==",
+      "version": "11.1.1",
+      "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-11.1.1.tgz",
+      "integrity": "sha512-wb2ToxG8LkgPYnKe9FH8oGn3TMCBdnwiuNC5l5y+CtlaVRbCytU0kbVsk6CGrqTL4ZN4ksJa0TXOYbxpbthtqw==",
       "license": "Apache-2.0"
     },
     "node_modules/@chevrotain/utils": {
-      "version": "11.0.3",
-      "resolved": "https://registry.npmjs.org/@chevrotain/utils/-/utils-11.0.3.tgz",
-      "integrity": "sha512-YslZMgtJUyuMbZ+aKvfF3x1f5liK4mWNxghFRv7jqRR9C3R3fAOGTTKvxXDa2Y1s9zSbcpuO0cAxDYsc9SrXoQ==",
+      "version": "11.1.1",
+      "resolved": "https://registry.npmjs.org/@chevrotain/utils/-/utils-11.1.1.tgz",
+      "integrity": "sha512-71eTYMzYXYSFPrbg/ZwftSaSDld7UYlS8OQa3lNnn9jzNtpFbaReRRyghzqS7rI3CDaorqpPJJcXGHK+FE1TVQ==",
       "license": "Apache-2.0"
     },
     "node_modules/@citation-js/core": {
@@ -2699,12 +2699,12 @@
       }
     },
     "node_modules/@mermaid-js/parser": {
-      "version": "0.6.3",
-      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-0.6.3.tgz",
-      "integrity": "sha512-lnjOhe7zyHjc+If7yT4zoedx2vo4sHaTmtkl1+or8BRTnCtDmcTpAjpzDSfCZrshM5bCoz0GyidzadJAH1xobA==",
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-1.0.0.tgz",
+      "integrity": "sha512-vvK0Hi/VWndxoh03Mmz6wa1KDriSPjS2XMZL/1l19HFwygiObEEoEwSDxOqyLzzAI6J2PU3261JjTMTO7x+BPw==",
       "license": "MIT",
       "dependencies": {
-        "langium": "3.3.1"
+        "langium": "^4.0.0"
       }
     },
     "node_modules/@monogrid/gainmap-js": {
@@ -6150,17 +6150,17 @@
       }
     },
     "node_modules/chevrotain": {
-      "version": "11.0.3",
-      "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-11.0.3.tgz",
-      "integrity": "sha512-ci2iJH6LeIkvP9eJW6gpueU8cnZhv85ELY8w8WiFtNjMHA5ad6pQLaJo9mEly/9qUyCpvqX8/POVUTf18/HFdw==",
+      "version": "11.1.1",
+      "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-11.1.1.tgz",
+      "integrity": "sha512-f0yv5CPKaFxfsPTBzX7vGuim4oIC1/gcS7LUGdBSwl2dU6+FON6LVUksdOo1qJjoUvXNn45urgh8C+0a24pACQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@chevrotain/cst-dts-gen": "11.0.3",
-        "@chevrotain/gast": "11.0.3",
-        "@chevrotain/regexp-to-ast": "11.0.3",
-        "@chevrotain/types": "11.0.3",
-        "@chevrotain/utils": "11.0.3",
-        "lodash-es": "4.17.21"
+        "@chevrotain/cst-dts-gen": "11.1.1",
+        "@chevrotain/gast": "11.1.1",
+        "@chevrotain/regexp-to-ast": "11.1.1",
+        "@chevrotain/types": "11.1.1",
+        "@chevrotain/utils": "11.1.1",
+        "lodash-es": "4.17.23"
       }
     },
     "node_modules/chevrotain-allstar": {
@@ -10572,19 +10572,20 @@
       "license": "MIT"
     },
     "node_modules/langium": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/langium/-/langium-3.3.1.tgz",
-      "integrity": "sha512-QJv/h939gDpvT+9SiLVlY7tZC3xB2qK57v0J04Sh9wpMb6MP1q8gB21L3WIo8T5P1MSMg3Ep14L7KkDCFG3y4w==",
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/langium/-/langium-4.2.1.tgz",
+      "integrity": "sha512-zu9QWmjpzJcomzdJQAHgDVhLGq5bLosVak1KVa40NzQHXfqr4eAHupvnPOVXEoLkg6Ocefvf/93d//SB7du4YQ==",
       "license": "MIT",
       "dependencies": {
-        "chevrotain": "~11.0.3",
-        "chevrotain-allstar": "~0.3.0",
+        "chevrotain": "~11.1.1",
+        "chevrotain-allstar": "~0.3.1",
         "vscode-languageserver": "~9.0.1",
         "vscode-languageserver-textdocument": "~1.0.11",
-        "vscode-uri": "~3.0.8"
+        "vscode-uri": "~3.1.0"
       },
       "engines": {
-        "node": ">=16.0.0"
+        "node": ">=20.10.0",
+        "npm": ">=10.2.3"
       }
     },
     "node_modules/layout-base": {
@@ -10763,9 +10764,9 @@
       "license": "MIT"
     },
     "node_modules/lodash-es": {
-      "version": "4.17.21",
-      "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.21.tgz",
-      "integrity": "sha512-mKnC+QJ9pWVzv+C4/U3rRsHapFfHvQFoFB92e52xeyGMcX6/OlIl78je1u8vePzYZSkkogMPJ2yjxxsb89cxyw==",
+      "version": "4.17.23",
+      "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.23.tgz",
+      "integrity": "sha512-kVI48u3PZr38HdYz98UmfPnXl2DXrpdctLrFLCd3kOx1xUkOmpFPx7gCWWM5MPkL/fD8zb+Ph0QzjGFs4+hHWg==",
       "license": "MIT"
     },
     "node_modules/lodash.clonedeep": {
@@ -11128,14 +11129,14 @@
       }
     },
     "node_modules/mermaid": {
-      "version": "11.12.2",
-      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.12.2.tgz",
-      "integrity": "sha512-n34QPDPEKmaeCG4WDMGy0OT6PSyxKCfy2pJgShP+Qow2KLrvWjclwbc3yXfSIf4BanqWEhQEpngWwNp/XhZt6w==",
+      "version": "11.12.3",
+      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.12.3.tgz",
+      "integrity": "sha512-wN5ZSgJQIC+CHJut9xaKWsknLxaFBwCPwPkGTSUYrTiHORWvpT8RxGk849HPnpUAQ+/9BPRqYb80jTpearrHzQ==",
       "license": "MIT",
       "dependencies": {
         "@braintree/sanitize-url": "^7.1.1",
         "@iconify/utils": "^3.0.1",
-        "@mermaid-js/parser": "^0.6.3",
+        "@mermaid-js/parser": "^1.0.0",
         "@types/d3": "^7.4.3",
         "cytoscape": "^3.29.3",
         "cytoscape-cose-bilkent": "^4.1.0",
@@ -11147,7 +11148,7 @@
         "dompurify": "^3.2.5",
         "katex": "^0.16.22",
         "khroma": "^2.1.0",
-        "lodash-es": "^4.17.21",
+        "lodash-es": "^4.17.23",
         "marked": "^16.2.1",
         "roughjs": "^4.6.6",
         "stylis": "^4.3.6",
@@ -15699,9 +15700,9 @@
       "license": "MIT"
     },
     "node_modules/vscode-uri": {
-      "version": "3.0.8",
-      "resolved": "https://registry.npmjs.org/vscode-uri/-/vscode-uri-3.0.8.tgz",
-      "integrity": "sha512-AyFQ0EVmsOZOlAnxoFOGOq1SQDWAB7C6aqMGS23svWAllfOaxbuFvcT8D1i8z3Gyn8fraVeZNNmN6e9bxxXkKw==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/vscode-uri/-/vscode-uri-3.1.0.tgz",
+      "integrity": "sha512-/BpdSx+yCQGnCvecbyXdxHDkuk55/G3xwnC0GqY4gmQ3j+A+g8kzzgB4Nk/SINjqn6+waqw3EgbVF2QKExkRxQ==",
       "license": "MIT"
     },
     "node_modules/vue": {
diff --git a/package.json b/package.json
index 276ddbe5a8..6261d3fd94 100644
--- a/package.json
+++ b/package.json
@@ -54,7 +54,7 @@
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
     "katex": "0.16.27",
-    "mermaid": "11.12.2",
+    "mermaid": "11.12.3",
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.3",
     "pdfobject": "2.3.0",

From 06f0788e00b9a637825ea6e65774ef70baac2310 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 5 Mar 2026 23:42:14 +0100
Subject: [PATCH 414/854] Update module github.com/markbates/goth to v1.82.0
 (forgejo) (#11450)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11450
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index eca472bfe7..5976d478f8 100644
--- a/go.mod
+++ b/go.mod
@@ -73,7 +73,7 @@ require (
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/klauspost/compress v1.18.4
 	github.com/klauspost/cpuid/v2 v2.2.11
-	github.com/markbates/goth v1.80.0
+	github.com/markbates/goth v1.82.0
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mattn/go-sqlite3 v1.14.34
 	github.com/meilisearch/meilisearch-go v0.36.0
diff --git a/go.sum b/go.sum
index 31cb529327..2ba75568a6 100644
--- a/go.sum
+++ b/go.sum
@@ -506,8 +506,8 @@ github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4
 github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
 github.com/markbates/going v1.0.3 h1:mY45T5TvW+Xz5A6jY7lf4+NLg9D8+iuStIHyR7M8qsE=
 github.com/markbates/going v1.0.3/go.mod h1:fQiT6v6yQar9UD6bd/D4Z5Afbk9J6BBVBtLiyY4gp2o=
-github.com/markbates/goth v1.80.0 h1:NnvatczZDzOs1hn9Ug+dVYf2Viwwkp/ZDX5K+GLjan8=
-github.com/markbates/goth v1.80.0/go.mod h1:4/GYHo+W6NWisrMPZnq0Yr2Q70UntNLn7KXEFhrIdAY=
+github.com/markbates/goth v1.82.0 h1:8j/c34AjBSTNzO7zTsOyP5IYCQCMBTRBHAbBt/PI0bQ=
+github.com/markbates/goth v1.82.0/go.mod h1:/DRlcq0pyqkKToyZjsL2KgiA1zbF1HIjE7u2uC79rUk=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=

From 757eb2f2676e963df05507721ddda30e4d0ce3ea Mon Sep 17 00:00:00 2001
From: Oliver Eikemeier <eikemeier@fillmore-labs.com>
Date: Fri, 6 Mar 2026 00:48:06 +0100
Subject: [PATCH 415/854] chore: handle error types consistently (#9873)

Some error types are used inconsistently or wrong:

- `forgejo.org/modules/git.ErrNotExist` is meant to be a value error: <[modules/git/error.go#L23](https://codeberg.org/forgejo/forgejo/src/tag/v13.0.2/modules/git/error.go#L23)>

- `forgejo.org/models/repo.ErrRepoNotExist` is meant to be a value error: <[models/repo/repo.go#L750](https://codeberg.org/forgejo/forgejo/src/tag/v13.0.2/models/repo/repo.go#L750)>

- `errors.Is(logErr, &net.OpError{})` is always `false`: <[services/context/context_response.go#L188](https://codeberg.org/forgejo/forgejo/src/tag/v13.0.2/services/context/context_response.go#L188)>

- `forgejo.org/models/issues.ErrIssueContentHistoryNotExist` is used inconsistently: <[models/issues/content_history.go#L211](https://codeberg.org/forgejo/forgejo/src/tag/v13.0.2/models/issues/content_history.go#L211)>
Decided to use a value, since the structure is small and to be in line with the above errors.

These issued where found with the [errortype](https://codeberg.org/fillmore-labs/errortype) linter and add this to Makefile as part of the linter suite.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9873
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
Co-committed-by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
---
 Makefile                             | 3 +++
 models/issues/content_history.go     | 2 +-
 modules/git/batch_reader.go          | 2 +-
 modules/log/color_console_other.go   | 2 +-
 services/context/context_response.go | 3 ++-
 services/pull/temp_repo.go           | 4 ++--
 6 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index ce271333c4..ca0aa27206 100644
--- a/Makefile
+++ b/Makefile
@@ -46,6 +46,7 @@ XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.42.0 # renovate: datasource=go
+ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.10 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
 RENOVATE_NPM_PACKAGE ?= renovate@43.31.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
@@ -486,6 +487,7 @@ RUN_DEADCODE = $(GO) run $(DEADCODE_PACKAGE) -generated=false -f='{{println .Pat
 .PHONY: lint-go
 lint-go:
 	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS)
+	$(GO) run $(ERRORTYPE_PACKAGE) ./...
 	$(RUN_DEADCODE) > .cur-deadcode-out
 	@$(DIFF) .deadcode-out .cur-deadcode-out \
 	|| (code=$$?; echo "Please run 'make lint-go-fix' and commit the result"; exit $${code})
@@ -955,6 +957,7 @@ deps-tools:
 	$(GO) install $(GO_LICENSES_PACKAGE)
 	$(GO) install $(GOVULNCHECK_PACKAGE)
 	$(GO) install $(GOMOCK_PACKAGE)
+	$(GO) install $(ERRORTYPE_PACKAGE)
 
 node_modules: package-lock.json
 	npm install --no-save
diff --git a/models/issues/content_history.go b/models/issues/content_history.go
index 476c6e0f90..0849686607 100644
--- a/models/issues/content_history.go
+++ b/models/issues/content_history.go
@@ -222,7 +222,7 @@ func GetIssueContentHistoryAndPrev(dbCtx context.Context, issueID, id int64) (hi
 		return nil, nil, err
 	} else if !has {
 		log.Error("issue content history does not exist. id=%v. err=%v", id, err)
-		return nil, nil, &ErrIssueContentHistoryNotExist{id}
+		return nil, nil, ErrIssueContentHistoryNotExist{id}
 	}
 
 	prevHistory = &ContentHistory{}
diff --git a/modules/git/batch_reader.go b/modules/git/batch_reader.go
index 1297c7247f..a8cd626d81 100644
--- a/modules/git/batch_reader.go
+++ b/modules/git/batch_reader.go
@@ -273,7 +273,7 @@ func ParseTreeLine(objectFormat ObjectFormat, rd *bufio.Reader, modeBuf, fnameBu
 	idx := bytes.IndexByte(readBytes, ' ')
 	if idx < 0 {
 		log.Debug("missing space in readBytes ParseTreeLine: %s", readBytes)
-		return mode, fname, sha, n, &ErrNotExist{}
+		return mode, fname, sha, n, ErrNotExist{}
 	}
 
 	n += idx + 1
diff --git a/modules/log/color_console_other.go b/modules/log/color_console_other.go
index 6573d093a5..7505deef61 100644
--- a/modules/log/color_console_other.go
+++ b/modules/log/color_console_other.go
@@ -39,7 +39,7 @@ func fileStatDevIno(file *os.File) (uint64, uint64, bool) {
 
 	// Do a type conversion to uint64, because Dev isn't always uint64
 	// on every operating system + architecture combination.
-	return uint64(stat.Dev), stat.Ino, true //nolint:unconvert
+	return uint64(stat.Dev), stat.Ino, true //nolint:unconvert,nolintlint
 }
 
 func fileIsDevIno(file *os.File, dev, ino uint64) bool {
diff --git a/services/context/context_response.go b/services/context/context_response.go
index f1470e1ad0..e111bafe4a 100644
--- a/services/context/context_response.go
+++ b/services/context/context_response.go
@@ -185,7 +185,8 @@ func (ctx *Context) ServerError(logMsg string, logErr error) {
 func (ctx *Context) serverErrorInternal(logMsg string, logErr error) {
 	if logErr != nil {
 		log.ErrorWithSkip(2, "%s: %v", logMsg, logErr)
-		if _, ok := logErr.(*net.OpError); ok || errors.Is(logErr, &net.OpError{}) {
+		var opError *net.OpError
+		if errors.As(logErr, &opError) {
 			// This is an error within the underlying connection
 			// and further rendering will not work so just return
 			return
diff --git a/services/pull/temp_repo.go b/services/pull/temp_repo.go
index 76ae0df018..801f4d5ede 100644
--- a/services/pull/temp_repo.go
+++ b/services/pull/temp_repo.go
@@ -53,7 +53,7 @@ func createTemporaryRepoForPR(ctx context.Context, pr *issues_model.PullRequest)
 		return nil, nil, fmt.Errorf("%v LoadHeadRepo: %w", pr, err)
 	} else if pr.HeadRepo == nil {
 		log.Error("%-v HeadRepo %d does not exist", pr, pr.HeadRepoID)
-		return nil, nil, &repo_model.ErrRepoNotExist{
+		return nil, nil, repo_model.ErrRepoNotExist{
 			ID: pr.HeadRepoID,
 		}
 	} else if err := pr.LoadBaseRepo(ctx); err != nil {
@@ -61,7 +61,7 @@ func createTemporaryRepoForPR(ctx context.Context, pr *issues_model.PullRequest)
 		return nil, nil, fmt.Errorf("%v LoadBaseRepo: %w", pr, err)
 	} else if pr.BaseRepo == nil {
 		log.Error("%-v BaseRepo %d does not exist", pr, pr.BaseRepoID)
-		return nil, nil, &repo_model.ErrRepoNotExist{
+		return nil, nil, repo_model.ErrRepoNotExist{
 			ID: pr.BaseRepoID,
 		}
 	} else if err := pr.HeadRepo.LoadOwner(ctx); err != nil {

From 0f2f5017a0ad6cf3c1d2dfbc1a81f0e1678abf5b Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 6 Mar 2026 01:09:08 +0100
Subject: [PATCH 416/854] Update CodeMirror (forgejo) (#11517)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11517
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 40 ++++++++++++++++++++--------------------
 package.json      | 10 +++++-----
 2 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ac22152602..cc139c7c3c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,17 +9,17 @@
         "@citation-js/core": "0.7.21",
         "@citation-js/plugin-bibtex": "0.7.21",
         "@citation-js/plugin-software-formats": "0.6.2",
-        "@codemirror/autocomplete": "6.20.0",
+        "@codemirror/autocomplete": "6.20.1",
         "@codemirror/commands": "6.10.2",
         "@codemirror/lang-cpp": "6.0.3",
         "@codemirror/lang-css": "6.3.1",
         "@codemirror/lang-go": "6.0.1",
         "@codemirror/lang-html": "6.4.11",
         "@codemirror/lang-java": "6.0.2",
-        "@codemirror/lang-javascript": "6.2.4",
+        "@codemirror/lang-javascript": "6.2.5",
         "@codemirror/lang-json": "6.0.2",
         "@codemirror/lang-less": "6.0.2",
-        "@codemirror/lang-liquid": "6.3.1",
+        "@codemirror/lang-liquid": "6.3.2",
         "@codemirror/lang-markdown": "6.5.0",
         "@codemirror/lang-php": "6.0.2",
         "@codemirror/lang-python": "6.2.1",
@@ -27,10 +27,10 @@
         "@codemirror/lang-sass": "6.0.2",
         "@codemirror/lang-xml": "6.1.0",
         "@codemirror/lang-yaml": "6.1.2",
-        "@codemirror/language": "6.12.1",
+        "@codemirror/language": "6.12.2",
         "@codemirror/search": "6.6.0",
         "@codemirror/state": "6.5.4",
-        "@codemirror/view": "6.39.14",
+        "@codemirror/view": "6.39.16",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.9.4",
@@ -497,9 +497,9 @@
       }
     },
     "node_modules/@codemirror/autocomplete": {
-      "version": "6.20.0",
-      "resolved": "https://registry.npmjs.org/@codemirror/autocomplete/-/autocomplete-6.20.0.tgz",
-      "integrity": "sha512-bOwvTOIJcG5FVo5gUUupiwYh8MioPLQ4UcqbcRf7UQ98X90tCa9E1kZ3Z7tqwpZxYyOvh1YTYbmZE9RTfTp5hg==",
+      "version": "6.20.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/autocomplete/-/autocomplete-6.20.1.tgz",
+      "integrity": "sha512-1cvg3Vz1dSSToCNlJfRA2WSI4ht3K+WplO0UMOgmUYPivCyy2oueZY6Lx7M9wThm7SDUBViRmuT+OG/i8+ON9A==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/language": "^6.0.0",
@@ -584,9 +584,9 @@
       }
     },
     "node_modules/@codemirror/lang-javascript": {
-      "version": "6.2.4",
-      "resolved": "https://registry.npmjs.org/@codemirror/lang-javascript/-/lang-javascript-6.2.4.tgz",
-      "integrity": "sha512-0WVmhp1QOqZ4Rt6GlVGwKJN3KW7Xh4H2q8ZZNGZaP6lRdxXJzmjm4FqvmOojVj6khWJHIb9sp7U/72W7xQgqAA==",
+      "version": "6.2.5",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-javascript/-/lang-javascript-6.2.5.tgz",
+      "integrity": "sha512-zD4e5mS+50htS7F+TYjBPsiIFGanfVqg4HyUz6WNFikgOPf2BgKlx+TQedI1w6n/IqRBVBbBWmGFdLB/7uxO4A==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/autocomplete": "^6.0.0",
@@ -622,9 +622,9 @@
       }
     },
     "node_modules/@codemirror/lang-liquid": {
-      "version": "6.3.1",
-      "resolved": "https://registry.npmjs.org/@codemirror/lang-liquid/-/lang-liquid-6.3.1.tgz",
-      "integrity": "sha512-S/jE/D7iij2Pu70AC65ME6AYWxOOcX20cSJvaPgY5w7m2sfxsArAcUAuUgm/CZCVmqoi9KiOlS7gj/gyLipABw==",
+      "version": "6.3.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-liquid/-/lang-liquid-6.3.2.tgz",
+      "integrity": "sha512-6PDVU3ZnfeYyz1at1E/ttorErZvZFXXt1OPhtfe1EZJ2V2iDFa0CwPqPgG5F7NXN0yONGoBogKmFAafKTqlwIw==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/autocomplete": "^6.0.0",
@@ -731,9 +731,9 @@
       }
     },
     "node_modules/@codemirror/language": {
-      "version": "6.12.1",
-      "resolved": "https://registry.npmjs.org/@codemirror/language/-/language-6.12.1.tgz",
-      "integrity": "sha512-Fa6xkSiuGKc8XC8Cn96T+TQHYj4ZZ7RdFmXA3i9xe/3hLHfwPZdM+dqfX0Cp0zQklBKhVD8Yzc8LS45rkqcwpQ==",
+      "version": "6.12.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/language/-/language-6.12.2.tgz",
+      "integrity": "sha512-jEPmz2nGGDxhRTg3lTpzmIyGKxz3Gp3SJES4b0nAuE5SWQoKdT5GoQ69cwMmFd+wvFUhYirtDTr0/DRHpQAyWg==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.0.0",
@@ -776,9 +776,9 @@
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.39.14",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.14.tgz",
-      "integrity": "sha512-WJcvgHm/6Q7dvGT0YFv/6PSkoc36QlR0VCESS6x9tGsnF1lWLmmYxOgX3HH6v8fo6AvSLgpcs+H0Olre6MKXlg==",
+      "version": "6.39.16",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.16.tgz",
+      "integrity": "sha512-m6S22fFpKtOWhq8HuhzsI1WzUP/hB9THbDj0Tl5KX4gbO6Y91hwBl7Yky33NdvB6IffuRFiBxf1R8kJMyXmA4Q==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.5.0",
diff --git a/package.json b/package.json
index 6261d3fd94..c00f43207e 100644
--- a/package.json
+++ b/package.json
@@ -8,17 +8,17 @@
     "@citation-js/core": "0.7.21",
     "@citation-js/plugin-bibtex": "0.7.21",
     "@citation-js/plugin-software-formats": "0.6.2",
-    "@codemirror/autocomplete": "6.20.0",
+    "@codemirror/autocomplete": "6.20.1",
     "@codemirror/commands": "6.10.2",
     "@codemirror/lang-cpp": "6.0.3",
     "@codemirror/lang-css": "6.3.1",
     "@codemirror/lang-go": "6.0.1",
     "@codemirror/lang-html": "6.4.11",
     "@codemirror/lang-java": "6.0.2",
-    "@codemirror/lang-javascript": "6.2.4",
+    "@codemirror/lang-javascript": "6.2.5",
     "@codemirror/lang-json": "6.0.2",
     "@codemirror/lang-less": "6.0.2",
-    "@codemirror/lang-liquid": "6.3.1",
+    "@codemirror/lang-liquid": "6.3.2",
     "@codemirror/lang-markdown": "6.5.0",
     "@codemirror/lang-php": "6.0.2",
     "@codemirror/lang-python": "6.2.1",
@@ -26,10 +26,10 @@
     "@codemirror/lang-sass": "6.0.2",
     "@codemirror/lang-xml": "6.1.0",
     "@codemirror/lang-yaml": "6.1.2",
-    "@codemirror/language": "6.12.1",
+    "@codemirror/language": "6.12.2",
     "@codemirror/search": "6.6.0",
     "@codemirror/state": "6.5.4",
-    "@codemirror/view": "6.39.14",
+    "@codemirror/view": "6.39.16",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.9.4",

From 3b0b13a88211900fe72e75c1f8f4cf3b0bc94225 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 6 Mar 2026 02:21:15 +0100
Subject: [PATCH 417/854] Update dependency dayjs to v1.11.19 (forgejo)
 (#11519)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11519
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index cc139c7c3c..3d577cd32e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -45,7 +45,7 @@
         "chartjs-plugin-zoom": "2.2.0",
         "clippie": "4.1.9",
         "css-loader": "7.1.3",
-        "dayjs": "1.11.18",
+        "dayjs": "1.11.19",
         "dropzone": "6.0.0-beta.2",
         "easymde": "2.18.0",
         "esbuild-loader": "4.4.2",
@@ -7206,9 +7206,9 @@
       }
     },
     "node_modules/dayjs": {
-      "version": "1.11.18",
-      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.18.tgz",
-      "integrity": "sha512-zFBQ7WFRvVRhKcWoUh+ZA1g2HVgUbsZm9sbddh8EC5iv93sui8DVVz1Npvz+r6meo9VKfa8NyLWBsQK1VvIKPA==",
+      "version": "1.11.19",
+      "resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.19.tgz",
+      "integrity": "sha512-t5EcLVS6QPBNqM2z8fakk/NKel+Xzshgt8FFKAn+qwlD1pzZWxh0nVCrvFK7ZDb6XucZeF9z8C7CBWTRIVApAw==",
       "license": "MIT"
     },
     "node_modules/debug": {
diff --git a/package.json b/package.json
index c00f43207e..2f408205b4 100644
--- a/package.json
+++ b/package.json
@@ -44,7 +44,7 @@
     "chartjs-plugin-zoom": "2.2.0",
     "clippie": "4.1.9",
     "css-loader": "7.1.3",
-    "dayjs": "1.11.18",
+    "dayjs": "1.11.19",
     "dropzone": "6.0.0-beta.2",
     "easymde": "2.18.0",
     "esbuild-loader": "4.4.2",

From c929c50863071051c9d0cb065581007b29a74328 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 6 Mar 2026 02:22:14 +0100
Subject: [PATCH 418/854] Update dependency katex to v0.16.33 (forgejo)
 (#11520)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11520
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3d577cd32e..8b3793d503 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -54,7 +54,7 @@
         "htmx.org": "2.0.8",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
-        "katex": "0.16.27",
+        "katex": "0.16.33",
         "mermaid": "11.12.3",
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.3",
@@ -10516,9 +10516,9 @@
       "license": "MIT"
     },
     "node_modules/katex": {
-      "version": "0.16.27",
-      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.27.tgz",
-      "integrity": "sha512-aeQoDkuRWSqQN6nSvVCEFvfXdqo1OQiCmmW1kc9xSdjutPv7BGO7pqY9sQRJpMOGrEdfDgF2TfRXe5eUAD2Waw==",
+      "version": "0.16.33",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.33.tgz",
+      "integrity": "sha512-q3N5u+1sY9Bu7T4nlXoiRBXWfwSefNGoKeOwekV+gw0cAXQlz2Ww6BLcmBxVDeXBMUDQv6fK5bcNaJLxob3ZQA==",
       "funding": [
         "https://opencollective.com/katex",
         "https://github.com/sponsors/katex"
diff --git a/package.json b/package.json
index 2f408205b4..8ba742fa23 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
     "htmx.org": "2.0.8",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
-    "katex": "0.16.27",
+    "katex": "0.16.33",
     "mermaid": "11.12.3",
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.3",

From b8dac67364e4a7001a775a440205feb65b1a0fca Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 6 Mar 2026 03:53:06 +0100
Subject: [PATCH 419/854] Update dependency go to v1.25.8 (forgejo) (#11521)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11521
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 5976d478f8..3ac726db7a 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module forgejo.org
 
 go 1.25.0
 
-toolchain go1.25.7
+toolchain go1.25.8
 
 require (
 	code.forgejo.org/f3/gof3/v3 v3.11.15

From 7fdb31c8ef2c7fa89deb9e31701d08d190e70bda Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 6 Mar 2026 06:43:33 +0100
Subject: [PATCH 420/854] chore: add more diagnostic output to dbfs Stat error
 (#11525)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11525
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 modules/actions/log.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/actions/log.go b/modules/actions/log.go
index 5df1f9bec3..c7cb270b18 100644
--- a/modules/actions/log.go
+++ b/modules/actions/log.go
@@ -61,7 +61,7 @@ func WriteLogs(ctx context.Context, filename string, offset int64, rows []*runne
 
 	stat, err := f.Stat()
 	if err != nil {
-		return nil, fmt.Errorf("dbfs Stat %q: %w", name, err)
+		return nil, fmt.Errorf("WriteLogs(name=%q, offset=%d, len(rows)=%d): dbfs Stat: %w", name, offset, len(rows), err)
 	}
 	if stat.Size() < offset {
 		// If the size is less than offset, refuse to write, or it could result in content holes.

From df79ccf7d8b69f63b7cb66d340e26ce1e3e79c89 Mon Sep 17 00:00:00 2001
From: patdyn <patdyn@noreply.codeberg.org>
Date: Fri, 6 Mar 2026 18:56:49 +0100
Subject: [PATCH 421/854] Move Container API processing logic to service
 (#11432)

As discussed here: https://codeberg.org/forgejo/discussions/issues/444 the container v2 API logic does need some refactoring for better maintainability.

This is a proposition on how to achieve that. My goal was to be able to write unit tests for functions like processImageManifest() which are currently only tested indirectly by TestPackageContainer() in tests/integration/api_packages_container_test.go.

A first unit test was implemented that targets ProcessManifest(). I think that test also shows what steps are needed to successfully execute the ProcessManifest() function and hopefully helps understanding that code better.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11432
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: patdyn <patdyn@noreply.codeberg.org>
Co-committed-by: patdyn <patdyn@noreply.codeberg.org>
---
 routers/api/packages/container/container.go   | 216 ++++++------------
 .../packages/container/blob.go                |  55 +++--
 services/packages/container/container.go      |  36 +++
 .../packages/container/errors.go              |  36 +--
 services/packages/container/main_test.go      |  20 ++
 .../packages/container/manifest.go            | 112 +++++++--
 services/packages/container/manifest_test.go  |  95 ++++++++
 services/packages/container/tags.go           |  47 ++++
 8 files changed, 417 insertions(+), 200 deletions(-)
 rename {routers/api => services}/packages/container/blob.go (76%)
 create mode 100644 services/packages/container/container.go
 rename {routers/api => services}/packages/container/errors.go (50%)
 create mode 100644 services/packages/container/main_test.go
 rename {routers/api => services}/packages/container/manifest.go (86%)
 create mode 100644 services/packages/container/manifest_test.go
 create mode 100644 services/packages/container/tags.go

diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go
index 873ce5c23a..a9f198c18d 100644
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@@ -10,10 +10,8 @@ import (
 	"io"
 	"net/http"
 	"net/url"
-	"os"
 	"regexp"
 	"strconv"
-	"strings"
 
 	auth_model "forgejo.org/models/auth"
 	packages_model "forgejo.org/models/packages"
@@ -24,7 +22,6 @@ import (
 	packages_module "forgejo.org/modules/packages"
 	container_module "forgejo.org/modules/packages/container"
 	"forgejo.org/modules/setting"
-	"forgejo.org/modules/util"
 	"forgejo.org/routers/api/packages/helper"
 	"forgejo.org/services/context"
 	packages_service "forgejo.org/services/packages"
@@ -33,14 +30,7 @@ import (
 	digest "github.com/opencontainers/go-digest"
 )
 
-// maximum size of a container manifest
-// https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pushing-manifests
-const maxManifestSize = 10 * 1024 * 1024
-
-var (
-	imageNamePattern = regexp.MustCompile(`\A[a-z0-9]+([._-][a-z0-9]+)*(/[a-z0-9]+([._-][a-z0-9]+)*)*\z`)
-	referencePattern = regexp.MustCompile(`\A[a-zA-Z0-9_][a-zA-Z0-9._-]{0,127}\z`)
-)
+var imageNamePattern = regexp.MustCompile(`\A[a-z0-9]+([._-][a-z0-9]+)*(/[a-z0-9]+([._-][a-z0-9]+)*)*\z`)
 
 type containerHeaders struct {
 	Status        int
@@ -105,7 +95,7 @@ func apiError(ctx *context.Context, status int, err error) {
 }
 
 // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#error-codes
-func apiErrorDefined(ctx *context.Context, err *namedError) {
+func apiErrorDefined(ctx *context.Context, err *container_service.NamedError) {
 	type ContainerError struct {
 		Code    string `json:"code"`
 		Message string `json:"message"`
@@ -127,7 +117,7 @@ func apiErrorDefined(ctx *context.Context, err *namedError) {
 
 func apiUnauthorizedError(ctx *context.Context) {
 	ctx.Resp.Header().Add("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)
-	apiErrorDefined(ctx, errUnauthorized)
+	apiErrorDefined(ctx, container_service.ErrUnauthorized)
 }
 
 // ReqContainerAccess is a middleware which checks the current user valid (real user or ghost if anonymous access is enabled)
@@ -140,7 +130,7 @@ func ReqContainerAccess(ctx *context.Context) {
 // VerifyImageName is a middleware which checks if the image name is allowed
 func VerifyImageName(ctx *context.Context) {
 	if !imageNamePattern.MatchString(ctx.Params("image")) {
-		apiErrorDefined(ctx, errNameInvalid)
+		apiErrorDefined(ctx, container_service.ErrNameInvalid)
 	}
 }
 
@@ -232,7 +222,7 @@ func InitiateUploadBlob(ctx *context.Context) {
 	mount := ctx.FormTrim("mount")
 	from := ctx.FormTrim("from")
 	if mount != "" {
-		blob, _ := workaroundGetContainerBlob(ctx, &container_model.BlobSearchOptions{
+		blob, _ := container_service.WorkaroundGetContainerBlob(ctx, &container_model.BlobSearchOptions{
 			Repository: from,
 			Digest:     mount,
 		})
@@ -244,7 +234,7 @@ func InitiateUploadBlob(ctx *context.Context) {
 			}
 
 			if accessible {
-				if err := mountBlob(ctx, &packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}, blob.Blob); err != nil {
+				if err := container_service.MountBlob(ctx, &packages_service.PackageInfo{Owner: ctx.Package.Owner, Name: image}, blob.Blob); err != nil {
 					apiError(ctx, http.StatusInternalServerError, err)
 					return
 				}
@@ -268,12 +258,12 @@ func InitiateUploadBlob(ctx *context.Context) {
 		}
 		defer buf.Close()
 
-		if digest != digestFromHashSummer(buf) {
-			apiErrorDefined(ctx, errDigestInvalid)
+		if digest != container_service.DigestFromHashSummer(buf) {
+			apiErrorDefined(ctx, container_service.ErrDigestInvalid)
 			return
 		}
 
-		if _, err := saveAsPackageBlob(ctx,
+		if _, err := container_service.SaveAsPackageBlob(ctx,
 			buf,
 			&packages_service.PackageCreationInfo{
 				PackageInfo: packages_service.PackageInfo{
@@ -321,7 +311,7 @@ func GetUploadBlob(ctx *context.Context) {
 	upload, err := packages_model.GetBlobUploadByID(ctx, uuid)
 	if err != nil {
 		if err == packages_model.ErrPackageBlobUploadNotExist {
-			apiErrorDefined(ctx, errBlobUploadUnknown)
+			apiErrorDefined(ctx, container_service.ErrBlobUploadUnknown)
 		} else {
 			apiError(ctx, http.StatusInternalServerError, err)
 		}
@@ -342,7 +332,7 @@ func UploadBlob(ctx *context.Context) {
 	uploader, err := container_service.NewBlobUploader(ctx, ctx.Params("uuid"))
 	if err != nil {
 		if err == packages_model.ErrPackageBlobUploadNotExist {
-			apiErrorDefined(ctx, errBlobUploadUnknown)
+			apiErrorDefined(ctx, container_service.ErrBlobUploadUnknown)
 		} else {
 			apiError(ctx, http.StatusInternalServerError, err)
 		}
@@ -354,16 +344,16 @@ func UploadBlob(ctx *context.Context) {
 	if contentRange != "" {
 		start, end := 0, 0
 		if _, err := fmt.Sscanf(contentRange, "%d-%d", &start, &end); err != nil {
-			apiErrorDefined(ctx, errBlobUploadInvalid)
+			apiErrorDefined(ctx, container_service.ErrBlobUploadInvalid)
 			return
 		}
 
 		if int64(start) != uploader.Size() {
-			apiErrorDefined(ctx, errBlobUploadInvalid.WithStatusCode(http.StatusRequestedRangeNotSatisfiable))
+			apiErrorDefined(ctx, container_service.ErrBlobUploadInvalid.WithStatusCode(http.StatusRequestedRangeNotSatisfiable))
 			return
 		}
 	} else if uploader.Size() != 0 {
-		apiErrorDefined(ctx, errBlobUploadInvalid.WithMessage("Stream uploads after first write are not allowed"))
+		apiErrorDefined(ctx, container_service.ErrBlobUploadInvalid.WithMessage("Stream uploads after first write are not allowed"))
 		return
 	}
 
@@ -386,14 +376,14 @@ func EndUploadBlob(ctx *context.Context) {
 
 	digest := ctx.FormTrim("digest")
 	if digest == "" {
-		apiErrorDefined(ctx, errDigestInvalid)
+		apiErrorDefined(ctx, container_service.ErrDigestInvalid)
 		return
 	}
 
 	uploader, err := container_service.NewBlobUploader(ctx, ctx.Params("uuid"))
 	if err != nil {
 		if err == packages_model.ErrPackageBlobUploadNotExist {
-			apiErrorDefined(ctx, errBlobUploadUnknown)
+			apiErrorDefined(ctx, container_service.ErrBlobUploadUnknown)
 		} else {
 			apiError(ctx, http.StatusInternalServerError, err)
 		}
@@ -408,12 +398,12 @@ func EndUploadBlob(ctx *context.Context) {
 		}
 	}
 
-	if digest != digestFromHashSummer(uploader) {
-		apiErrorDefined(ctx, errDigestInvalid)
+	if digest != container_service.DigestFromHashSummer(uploader) {
+		apiErrorDefined(ctx, container_service.ErrDigestInvalid)
 		return
 	}
 
-	if _, err := saveAsPackageBlob(ctx,
+	if _, err := container_service.SaveAsPackageBlob(ctx,
 		uploader,
 		&packages_service.PackageCreationInfo{
 			PackageInfo: packages_service.PackageInfo{
@@ -451,7 +441,7 @@ func CancelUploadBlob(ctx *context.Context) {
 	_, err := packages_model.GetBlobUploadByID(ctx, uuid)
 	if err != nil {
 		if err == packages_model.ErrPackageBlobUploadNotExist {
-			apiErrorDefined(ctx, errBlobUploadUnknown)
+			apiErrorDefined(ctx, container_service.ErrBlobUploadUnknown)
 		} else {
 			apiError(ctx, http.StatusInternalServerError, err)
 		}
@@ -468,26 +458,12 @@ func CancelUploadBlob(ctx *context.Context) {
 	})
 }
 
-func getBlobFromContext(ctx *context.Context) (*packages_model.PackageFileDescriptor, error) {
-	d := ctx.Params("digest")
-
-	if digest.Digest(d).Validate() != nil {
-		return nil, container_model.ErrContainerBlobNotExist
-	}
-
-	return workaroundGetContainerBlob(ctx, &container_model.BlobSearchOptions{
-		OwnerID: ctx.Package.Owner.ID,
-		Image:   ctx.Params("image"),
-		Digest:  d,
-	})
-}
-
 // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#checking-if-content-exists-in-the-registry
 func HeadBlob(ctx *context.Context) {
-	blob, err := getBlobFromContext(ctx)
+	blob, err := container_service.GetLocalBlob(ctx, ctx.Package.Owner.ID, ctx.Params("digest"), ctx.Params("image"))
 	if err != nil {
-		if err == container_model.ErrContainerBlobNotExist {
-			apiErrorDefined(ctx, errBlobUnknown)
+		if errors.Is(err, container_model.ErrContainerBlobNotExist) {
+			apiErrorDefined(ctx, container_service.ErrBlobUnknown)
 		} else {
 			apiError(ctx, http.StatusInternalServerError, err)
 		}
@@ -503,10 +479,10 @@ func HeadBlob(ctx *context.Context) {
 
 // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pulling-blobs
 func GetBlob(ctx *context.Context) {
-	blob, err := getBlobFromContext(ctx)
+	blob, err := container_service.GetLocalBlob(ctx, ctx.Package.Owner.ID, ctx.Params("digest"), ctx.Params("image"))
 	if err != nil {
 		if err == container_model.ErrContainerBlobNotExist {
-			apiErrorDefined(ctx, errBlobUnknown)
+			apiErrorDefined(ctx, container_service.ErrBlobUnknown)
 		} else {
 			apiError(ctx, http.StatusInternalServerError, err)
 		}
@@ -521,11 +497,11 @@ func DeleteBlob(ctx *context.Context) {
 	d := ctx.Params("digest")
 
 	if digest.Digest(d).Validate() != nil {
-		apiErrorDefined(ctx, errBlobUnknown)
+		apiErrorDefined(ctx, container_service.ErrBlobUnknown)
 		return
 	}
 
-	if err := deleteBlob(ctx, ctx.Package.Owner.ID, ctx.Params("image"), d); err != nil {
+	if err := container_service.DeleteBlob(ctx, ctx.Package.Owner.ID, ctx.Params("image"), d); err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
 	}
@@ -537,23 +513,19 @@ func DeleteBlob(ctx *context.Context) {
 
 // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pushing-manifests
 func UploadManifest(ctx *context.Context) {
-	reference := ctx.Params("reference")
-
-	mci := &manifestCreationInfo{
-		MediaType: ctx.Req.Header.Get("Content-Type"),
-		Owner:     ctx.Package.Owner,
-		Creator:   ctx.Doer,
-		Image:     ctx.Params("image"),
-		Reference: reference,
-		IsTagged:  digest.Digest(reference).Validate() != nil,
-	}
-
-	if mci.IsTagged && !referencePattern.MatchString(reference) {
-		apiErrorDefined(ctx, errManifestInvalid.WithMessage("Tag is invalid"))
+	mci, err := container_service.NewManifestCreationInfo(
+		ctx.Package.Owner,
+		ctx.Doer,
+		ctx.Req.Header.Get("Content-Type"),
+		ctx.Params("image"),
+		ctx.Params("reference"),
+	)
+	if err != nil {
+		apiErrorDefined(ctx, container_service.ErrManifestInvalid.WithMessage(err.Error()))
 		return
 	}
 
-	maxSize := maxManifestSize + 1
+	maxSize := container_service.MaxManifestSize + 1
 	buf, err := packages_module.CreateHashedBufferFromReaderWithSize(&io.LimitedReader{R: ctx.Req.Body, N: int64(maxSize)}, maxSize)
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
@@ -561,18 +533,18 @@ func UploadManifest(ctx *context.Context) {
 	}
 	defer buf.Close()
 
-	if buf.Size() > maxManifestSize {
-		apiErrorDefined(ctx, errManifestInvalid.WithMessage("Manifest exceeds maximum size").WithStatusCode(http.StatusRequestEntityTooLarge))
+	if buf.Size() > container_service.MaxManifestSize {
+		apiErrorDefined(ctx, container_service.ErrManifestInvalid.WithMessage("Manifest exceeds maximum size").WithStatusCode(http.StatusRequestEntityTooLarge))
 		return
 	}
 
-	digest, err := processManifest(ctx, mci, buf)
+	digest, err := container_service.ProcessManifest(ctx, *mci, buf)
 	if err != nil {
-		var namedError *namedError
+		var namedError *container_service.NamedError
 		if errors.As(err, &namedError) {
 			apiErrorDefined(ctx, namedError)
 		} else if errors.Is(err, container_model.ErrContainerBlobNotExist) {
-			apiErrorDefined(ctx, errBlobUnknown)
+			apiErrorDefined(ctx, container_service.ErrBlobUnknown)
 		} else {
 			switch err {
 			case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:
@@ -585,47 +557,18 @@ func UploadManifest(ctx *context.Context) {
 	}
 
 	setResponseHeaders(ctx.Resp, &containerHeaders{
-		Location:      fmt.Sprintf("/v2/%s/%s/manifests/%s", ctx.Package.Owner.LowerName, mci.Image, reference),
+		Location:      fmt.Sprintf("/v2/%s/%s/manifests/%s", ctx.Package.Owner.LowerName, mci.Image, mci.Reference),
 		ContentDigest: digest,
 		Status:        http.StatusCreated,
 	})
 }
 
-func getBlobSearchOptionsFromContext(ctx *context.Context) (*container_model.BlobSearchOptions, error) {
-	reference := ctx.Params("reference")
-
-	opts := &container_model.BlobSearchOptions{
-		OwnerID:    ctx.Package.Owner.ID,
-		Image:      ctx.Params("image"),
-		IsManifest: true,
-	}
-
-	if digest.Digest(reference).Validate() == nil {
-		opts.Digest = reference
-	} else if referencePattern.MatchString(reference) {
-		opts.Tag = reference
-	} else {
-		return nil, container_model.ErrContainerBlobNotExist
-	}
-
-	return opts, nil
-}
-
-func getManifestFromContext(ctx *context.Context) (*packages_model.PackageFileDescriptor, error) {
-	opts, err := getBlobSearchOptionsFromContext(ctx)
-	if err != nil {
-		return nil, err
-	}
-
-	return workaroundGetContainerBlob(ctx, opts)
-}
-
 // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#checking-if-content-exists-in-the-registry
 func HeadManifest(ctx *context.Context) {
-	manifest, err := getManifestFromContext(ctx)
+	manifest, err := container_service.GetLocalManifest(ctx, ctx.Package.Owner.ID, ctx.Params("image"), ctx.Params("reference"))
 	if err != nil {
 		if err == container_model.ErrContainerBlobNotExist {
-			apiErrorDefined(ctx, errManifestUnknown)
+			apiErrorDefined(ctx, container_service.ErrManifestUnknown)
 		} else {
 			apiError(ctx, http.StatusInternalServerError, err)
 		}
@@ -642,10 +585,10 @@ func HeadManifest(ctx *context.Context) {
 
 // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pulling-manifests
 func GetManifest(ctx *context.Context) {
-	manifest, err := getManifestFromContext(ctx)
+	manifest, err := container_service.GetLocalManifest(ctx, ctx.Package.Owner.ID, ctx.Params("image"), ctx.Params("reference"))
 	if err != nil {
 		if err == container_model.ErrContainerBlobNotExist {
-			apiErrorDefined(ctx, errManifestUnknown)
+			apiErrorDefined(ctx, container_service.ErrManifestUnknown)
 		} else {
 			apiError(ctx, http.StatusInternalServerError, err)
 		}
@@ -658,9 +601,13 @@ func GetManifest(ctx *context.Context) {
 // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#deleting-tags
 // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#deleting-manifests
 func DeleteManifest(ctx *context.Context) {
-	opts, err := getBlobSearchOptionsFromContext(ctx)
+	opts, err := container_service.GetManifestSearchOptions(
+		ctx.Package.Owner.ID,
+		ctx.Params("image"),
+		ctx.Params("reference"),
+	)
 	if err != nil {
-		apiErrorDefined(ctx, errManifestUnknown)
+		apiErrorDefined(ctx, container_service.ErrManifestUnknown)
 		return
 	}
 
@@ -671,7 +618,7 @@ func DeleteManifest(ctx *context.Context) {
 	}
 
 	if len(pvs) == 0 {
-		apiErrorDefined(ctx, errManifestUnknown)
+		apiErrorDefined(ctx, container_service.ErrManifestUnknown)
 		return
 	}
 
@@ -722,7 +669,7 @@ func GetTagList(ctx *context.Context) {
 
 	if _, err := packages_model.GetPackageByName(ctx, ctx.Package.Owner.ID, packages_model.TypeContainer, image); err != nil {
 		if errors.Is(err, packages_model.ErrPackageNotExist) {
-			apiErrorDefined(ctx, errNameUnknown)
+			apiErrorDefined(ctx, container_service.ErrNameUnknown)
 		} else {
 			apiError(ctx, http.StatusInternalServerError, err)
 		}
@@ -735,49 +682,24 @@ func GetTagList(ctx *context.Context) {
 	}
 	last := ctx.FormTrim("last")
 
-	tags, err := container_model.GetImageTags(ctx, ctx.Package.Owner.ID, image, n, last)
-	if err != nil {
+	tagList, vals, err := container_service.GetLocalTagList(ctx,
+		ctx.Package.Owner.LowerName,
+		image,
+		last,
+		n,
+		ctx.Package.Owner.ID)
+
+	if errors.Is(err, packages_model.ErrPackageNotExist) {
+		apiErrorDefined(ctx, container_service.ErrNameUnknown)
+		return
+	} else if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
 	}
 
-	type TagList struct {
-		Name string   `json:"name"`
-		Tags []string `json:"tags"`
+	if len(tagList.Tags) > 0 {
+		ctx.Resp.Header().Set("Link", fmt.Sprintf(`</v2/%s/%s/tags/list?%s>; rel="next"`, ctx.Package.Owner.LowerName, image, vals.Encode()))
 	}
 
-	if len(tags) > 0 {
-		v := url.Values{}
-		if n > 0 {
-			v.Add("n", strconv.Itoa(n))
-		}
-		v.Add("last", tags[len(tags)-1])
-
-		ctx.Resp.Header().Set("Link", fmt.Sprintf(`</v2/%s/%s/tags/list?%s>; rel="next"`, ctx.Package.Owner.LowerName, image, v.Encode()))
-	}
-
-	jsonResponse(ctx, http.StatusOK, TagList{
-		Name: strings.ToLower(ctx.Package.Owner.LowerName + "/" + image),
-		Tags: tags,
-	})
-}
-
-// FIXME: Workaround to be removed in v1.20
-// https://github.com/go-gitea/gitea/issues/19586
-func workaroundGetContainerBlob(ctx *context.Context, opts *container_model.BlobSearchOptions) (*packages_model.PackageFileDescriptor, error) {
-	blob, err := container_model.GetContainerBlob(ctx, opts)
-	if err != nil {
-		return nil, err
-	}
-
-	err = packages_module.NewContentStore().Has(packages_module.BlobHash256Key(blob.Blob.HashSHA256))
-	if err != nil {
-		if errors.Is(err, util.ErrNotExist) || errors.Is(err, os.ErrNotExist) {
-			log.Debug("Package registry inconsistent: blob %s does not exist on file system", blob.Blob.HashSHA256)
-			return nil, container_model.ErrContainerBlobNotExist
-		}
-		return nil, err
-	}
-
-	return blob, nil
+	jsonResponse(ctx, http.StatusOK, tagList)
 }
diff --git a/routers/api/packages/container/blob.go b/services/packages/container/blob.go
similarity index 76%
rename from routers/api/packages/container/blob.go
rename to services/packages/container/blob.go
index 29de375842..d577edc877 100644
--- a/routers/api/packages/container/blob.go
+++ b/services/packages/container/blob.go
@@ -20,20 +20,47 @@ import (
 	container_module "forgejo.org/modules/packages/container"
 	"forgejo.org/modules/util"
 	packages_service "forgejo.org/services/packages"
+
+	oci_digest "github.com/opencontainers/go-digest"
 )
 
 var uploadVersionMutex sync.Mutex
 
-// saveAsPackageBlob creates a package blob from an upload
+// GetLocalBlob finds a local blob if it exists, returns ErrContainerBlobNotExist otherwise
+func GetLocalBlob(ctx context.Context, ownerID int64, dig, imageName string) (*packages_model.PackageFileDescriptor, error) {
+	if oci_digest.Digest(dig).Validate() != nil {
+		return nil, container_model.ErrContainerBlobNotExist
+	}
+
+	opts := &container_model.BlobSearchOptions{
+		OwnerID: ownerID,
+		Image:   imageName,
+		Digest:  dig,
+	}
+
+	// Get blob or err
+	log.Debug("Trying to find blob %s locally", dig)
+	blobDescriptor, err := WorkaroundGetContainerBlob(ctx, opts)
+	if err != nil {
+		if errors.Is(err, container_model.ErrContainerBlobNotExist) {
+			return nil, err
+		}
+		return nil, fmt.Errorf("could not get container blob: %s", err.Error())
+	}
+
+	return blobDescriptor, nil
+}
+
+// SaveAsPackageBlob creates a package blob from an upload
 // The uploaded blob gets stored in a special upload version to link them to the package/image
-func saveAsPackageBlob(ctx context.Context, hsr packages_module.HashedSizeReader, pci *packages_service.PackageCreationInfo) (*packages_model.PackageBlob, error) { //nolint:unparam
+func SaveAsPackageBlob(ctx context.Context, hsr packages_module.HashedSizeReader, pci *packages_service.PackageCreationInfo) (*packages_model.PackageBlob, error) {
 	pb := packages_service.NewPackageBlob(hsr)
 
 	exists := false
 
 	contentStore := packages_module.NewContentStore()
 
-	uploadVersion, err := getOrCreateUploadVersion(ctx, &pci.PackageInfo)
+	uploadVersion, err := GetOrCreateUploadVersion(ctx, &pci.PackageInfo)
 	if err != nil {
 		return nil, err
 	}
@@ -64,7 +91,7 @@ func saveAsPackageBlob(ctx context.Context, hsr packages_module.HashedSizeReader
 			}
 		}
 
-		return createFileForBlob(ctx, uploadVersion, pb)
+		return CreateFileForBlob(ctx, uploadVersion, pb)
 	})
 	if err != nil {
 		if !exists {
@@ -78,19 +105,19 @@ func saveAsPackageBlob(ctx context.Context, hsr packages_module.HashedSizeReader
 	return pb, nil
 }
 
-// mountBlob mounts the specific blob to a different package
-func mountBlob(ctx context.Context, pi *packages_service.PackageInfo, pb *packages_model.PackageBlob) error {
-	uploadVersion, err := getOrCreateUploadVersion(ctx, pi)
+// MountBlob mounts the specific blob to a different package
+func MountBlob(ctx context.Context, pi *packages_service.PackageInfo, pb *packages_model.PackageBlob) error {
+	uploadVersion, err := GetOrCreateUploadVersion(ctx, pi)
 	if err != nil {
 		return err
 	}
 
 	return db.WithTx(ctx, func(ctx context.Context) error {
-		return createFileForBlob(ctx, uploadVersion, pb)
+		return CreateFileForBlob(ctx, uploadVersion, pb)
 	})
 }
 
-func getOrCreateUploadVersion(ctx context.Context, pi *packages_service.PackageInfo) (*packages_model.PackageVersion, error) {
+func GetOrCreateUploadVersion(ctx context.Context, pi *packages_service.PackageInfo) (*packages_model.PackageVersion, error) {
 	var uploadVersion *packages_model.PackageVersion
 
 	// FIXME: Replace usage of mutex with database transaction
@@ -150,7 +177,7 @@ func getOrCreateUploadVersion(ctx context.Context, pi *packages_service.PackageI
 	return uploadVersion, err
 }
 
-func createFileForBlob(ctx context.Context, pv *packages_model.PackageVersion, pb *packages_model.PackageBlob) error {
+func CreateFileForBlob(ctx context.Context, pv *packages_model.PackageVersion, pb *packages_model.PackageBlob) error {
 	filename := strings.ToLower(fmt.Sprintf("sha256_%s", pb.HashSHA256))
 
 	pf := &packages_model.PackageFile{
@@ -169,7 +196,7 @@ func createFileForBlob(ctx context.Context, pv *packages_model.PackageVersion, p
 		return err
 	}
 
-	if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypeFile, pf.ID, container_module.PropertyDigest, digestFromPackageBlob(pb)); err != nil {
+	if _, err := packages_model.InsertProperty(ctx, packages_model.PropertyTypeFile, pf.ID, container_module.PropertyDigest, DigestFromPackageBlob(pb)); err != nil {
 		log.Error("Error setting package file property: %v", err)
 		return err
 	}
@@ -177,7 +204,7 @@ func createFileForBlob(ctx context.Context, pv *packages_model.PackageVersion, p
 	return nil
 }
 
-func deleteBlob(ctx context.Context, ownerID int64, image, digest string) error {
+func DeleteBlob(ctx context.Context, ownerID int64, image, digest string) error {
 	return db.WithTx(ctx, func(ctx context.Context) error {
 		pfds, err := container_model.GetContainerBlobs(ctx, &container_model.BlobSearchOptions{
 			OwnerID: ownerID,
@@ -197,11 +224,11 @@ func deleteBlob(ctx context.Context, ownerID int64, image, digest string) error
 	})
 }
 
-func digestFromHashSummer(h packages_module.HashSummer) string {
+func DigestFromHashSummer(h packages_module.HashSummer) string {
 	_, _, hashSHA256, _, _ := h.Sums()
 	return "sha256:" + hex.EncodeToString(hashSHA256)
 }
 
-func digestFromPackageBlob(pb *packages_model.PackageBlob) string {
+func DigestFromPackageBlob(pb *packages_model.PackageBlob) string {
 	return "sha256:" + pb.HashSHA256
 }
diff --git a/services/packages/container/container.go b/services/packages/container/container.go
new file mode 100644
index 0000000000..909a667081
--- /dev/null
+++ b/services/packages/container/container.go
@@ -0,0 +1,36 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package container
+
+import (
+	"context"
+	"errors"
+	"os"
+
+	packages_model "forgejo.org/models/packages"
+	container_model "forgejo.org/models/packages/container"
+	"forgejo.org/modules/log"
+	packages_module "forgejo.org/modules/packages"
+	"forgejo.org/modules/util"
+)
+
+// FIXME: Workaround to be removed in v1.20
+// https://github.com/go-gitea/gitea/issues/19586
+func WorkaroundGetContainerBlob(ctx context.Context, opts *container_model.BlobSearchOptions) (*packages_model.PackageFileDescriptor, error) {
+	blob, err := container_model.GetContainerBlob(ctx, opts)
+	if err != nil {
+		return nil, err
+	}
+
+	err = packages_module.NewContentStore().Has(packages_module.BlobHash256Key(blob.Blob.HashSHA256))
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) || errors.Is(err, os.ErrNotExist) {
+			log.Debug("Package registry inconsistent: blob %s does not exist on file system", blob.Blob.HashSHA256)
+			return nil, container_model.ErrContainerBlobNotExist
+		}
+		return nil, err
+	}
+
+	return blob, nil
+}
diff --git a/routers/api/packages/container/errors.go b/services/packages/container/errors.go
similarity index 50%
rename from routers/api/packages/container/errors.go
rename to services/packages/container/errors.go
index 1a9b0f32d2..64dc48f850 100644
--- a/routers/api/packages/container/errors.go
+++ b/services/packages/container/errors.go
@@ -9,33 +9,33 @@ import (
 
 // https://github.com/opencontainers/distribution-spec/blob/main/spec.md#error-codes
 var (
-	errBlobUnknown         = &namedError{Code: "BLOB_UNKNOWN", StatusCode: http.StatusNotFound}
-	errBlobUploadInvalid   = &namedError{Code: "BLOB_UPLOAD_INVALID", StatusCode: http.StatusBadRequest}
-	errBlobUploadUnknown   = &namedError{Code: "BLOB_UPLOAD_UNKNOWN", StatusCode: http.StatusNotFound}
-	errDigestInvalid       = &namedError{Code: "DIGEST_INVALID", StatusCode: http.StatusBadRequest}
-	errManifestBlobUnknown = &namedError{Code: "MANIFEST_BLOB_UNKNOWN", StatusCode: http.StatusNotFound}
-	errManifestInvalid     = &namedError{Code: "MANIFEST_INVALID", StatusCode: http.StatusBadRequest}
-	errManifestUnknown     = &namedError{Code: "MANIFEST_UNKNOWN", StatusCode: http.StatusNotFound}
-	errNameInvalid         = &namedError{Code: "NAME_INVALID", StatusCode: http.StatusBadRequest}
-	errNameUnknown         = &namedError{Code: "NAME_UNKNOWN", StatusCode: http.StatusNotFound}
-	errSizeInvalid         = &namedError{Code: "SIZE_INVALID", StatusCode: http.StatusBadRequest}
-	errUnauthorized        = &namedError{Code: "UNAUTHORIZED", StatusCode: http.StatusUnauthorized}
-	errUnsupported         = &namedError{Code: "UNSUPPORTED", StatusCode: http.StatusNotImplemented}
+	ErrBlobUnknown         = &NamedError{Code: "BLOB_UNKNOWN", StatusCode: http.StatusNotFound}
+	ErrBlobUploadInvalid   = &NamedError{Code: "BLOB_UPLOAD_INVALID", StatusCode: http.StatusBadRequest}
+	ErrBlobUploadUnknown   = &NamedError{Code: "BLOB_UPLOAD_UNKNOWN", StatusCode: http.StatusNotFound}
+	ErrDigestInvalid       = &NamedError{Code: "DIGEST_INVALID", StatusCode: http.StatusBadRequest}
+	ErrManifestBlobUnknown = &NamedError{Code: "MANIFEST_BLOB_UNKNOWN", StatusCode: http.StatusNotFound}
+	ErrManifestInvalid     = &NamedError{Code: "MANIFEST_INVALID", StatusCode: http.StatusBadRequest}
+	ErrManifestUnknown     = &NamedError{Code: "MANIFEST_UNKNOWN", StatusCode: http.StatusNotFound}
+	ErrNameInvalid         = &NamedError{Code: "NAME_INVALID", StatusCode: http.StatusBadRequest}
+	ErrNameUnknown         = &NamedError{Code: "NAME_UNKNOWN", StatusCode: http.StatusNotFound}
+	ErrSizeInvalid         = &NamedError{Code: "SIZE_INVALID", StatusCode: http.StatusBadRequest}
+	ErrUnauthorized        = &NamedError{Code: "UNAUTHORIZED", StatusCode: http.StatusUnauthorized}
+	ErrUnsupported         = &NamedError{Code: "UNSUPPORTED", StatusCode: http.StatusNotImplemented}
 )
 
-type namedError struct {
+type NamedError struct {
 	Code       string
 	StatusCode int
 	Message    string
 }
 
-func (e *namedError) Error() string {
+func (e *NamedError) Error() string {
 	return e.Message
 }
 
 // WithMessage creates a new instance of the error with a different message
-func (e *namedError) WithMessage(message string) *namedError {
-	return &namedError{
+func (e *NamedError) WithMessage(message string) *NamedError {
+	return &NamedError{
 		Code:       e.Code,
 		StatusCode: e.StatusCode,
 		Message:    message,
@@ -43,8 +43,8 @@ func (e *namedError) WithMessage(message string) *namedError {
 }
 
 // WithStatusCode creates a new instance of the error with a different status code
-func (e *namedError) WithStatusCode(statusCode int) *namedError {
-	return &namedError{
+func (e *NamedError) WithStatusCode(statusCode int) *NamedError {
+	return &NamedError{
 		Code:       e.Code,
 		StatusCode: statusCode,
 		Message:    e.Message,
diff --git a/services/packages/container/main_test.go b/services/packages/container/main_test.go
new file mode 100644
index 0000000000..6ea1106fc9
--- /dev/null
+++ b/services/packages/container/main_test.go
@@ -0,0 +1,20 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package container
+
+import (
+	"testing"
+
+	"forgejo.org/models/unittest"
+
+	_ "forgejo.org/models"
+	_ "forgejo.org/models/actions"
+	_ "forgejo.org/models/activities"
+	_ "forgejo.org/models/forgefed"
+	_ "forgejo.org/models/packages"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m)
+}
diff --git a/routers/api/packages/container/manifest.go b/services/packages/container/manifest.go
similarity index 86%
rename from routers/api/packages/container/manifest.go
rename to services/packages/container/manifest.go
index 545bfb9f15..22918706f2 100644
--- a/routers/api/packages/container/manifest.go
+++ b/services/packages/container/manifest.go
@@ -10,6 +10,7 @@ import (
 	"io"
 	"net/url"
 	"os"
+	"regexp"
 	"strings"
 
 	"forgejo.org/models/db"
@@ -30,6 +31,67 @@ import (
 	oci "github.com/opencontainers/image-spec/specs-go/v1"
 )
 
+// maximum size of a container manifest
+// https://github.com/opencontainers/distribution-spec/blob/main/spec.md#pushing-manifests
+const MaxManifestSize = 10 * 1024 * 1024
+
+var (
+	ReferencePattern = regexp.MustCompile(`\A[a-zA-Z0-9_][a-zA-Z0-9._-]{0,127}\z`)
+	ErrTagInvalid    = util.NewInvalidArgumentErrorf("Tag is invalid")
+)
+
+// ManifestCreationInfo describes a manifest to create
+type ManifestCreationInfo struct {
+	MediaType  string
+	Owner      *user_model.User
+	Creator    *user_model.User
+	Image      string
+	Reference  string
+	IsTagged   bool
+	Properties map[string]string
+}
+
+func GetLocalManifest(ctx context.Context, ownerID int64, imageName, reference string) (*packages_model.PackageFileDescriptor, error) {
+	opts, err := GetManifestSearchOptions(
+		ownerID,
+		imageName,
+		reference,
+	)
+	if err != nil {
+		return nil, err
+	}
+	// Get blob or err
+	log.Debug("Trying to find manifest with %s locally", reference)
+	pdf, err := WorkaroundGetContainerBlob(ctx, opts)
+	if err != nil {
+		if errors.Is(err, container_model.ErrContainerBlobNotExist) {
+			return nil, err
+		}
+		return nil, fmt.Errorf("could not get container blob: %s", err.Error())
+	}
+
+	return pdf, nil
+}
+
+func NewManifestCreationInfo(owner, creator *user_model.User, mediaType, image, reference string) (*ManifestCreationInfo, error) {
+	isTagged := digest.Digest(reference).Validate() != nil
+
+	mci := &ManifestCreationInfo{
+		MediaType: mediaType,
+		Owner:     owner,
+		Creator:   creator,
+		Image:     image,
+		Reference: reference,
+		IsTagged:  isTagged,
+	}
+
+	if mci.IsTagged && !ReferencePattern.MatchString(reference) {
+		return &ManifestCreationInfo{}, ErrTagInvalid
+	}
+
+	return mci, nil
+}
+
 func isValidMediaType(mt string) bool {
 	return strings.HasPrefix(mt, "application/vnd.docker.") || strings.HasPrefix(mt, "application/vnd.oci.")
 }
@@ -42,25 +104,32 @@ func isImageIndexMediaType(mt string) bool {
 	return strings.EqualFold(mt, oci.MediaTypeImageIndex) || strings.EqualFold(mt, "application/vnd.docker.distribution.manifest.list.v2+json")
 }
 
-// manifestCreationInfo describes a manifest to create
-type manifestCreationInfo struct {
-	MediaType  string
-	Owner      *user_model.User
-	Creator    *user_model.User
-	Image      string
-	Reference  string
-	IsTagged   bool
-	Properties map[string]string
+func GetManifestSearchOptions(ownerID int64, image, reference string) (*container_model.BlobSearchOptions, error) {
+	opts := &container_model.BlobSearchOptions{
+		OwnerID:    ownerID,
+		Image:      image,
+		IsManifest: true,
+	}
+
+	if digest.Digest(reference).Validate() == nil {
+		opts.Digest = reference
+	} else if ReferencePattern.MatchString(reference) {
+		opts.Tag = reference
+	} else {
+		return nil, container_model.ErrContainerBlobNotExist
+	}
+
+	return opts, nil
 }
 
-func processManifest(ctx context.Context, mci *manifestCreationInfo, buf *packages_module.HashedBuffer) (string, error) {
+func ProcessManifest(ctx context.Context, mci ManifestCreationInfo, buf *packages_module.HashedBuffer) (string, error) {
 	var index oci.Index
 	if err := json.NewDecoder(buf).Decode(&index); err != nil {
 		return "", err
 	}
 
 	if index.SchemaVersion != 2 {
-		return "", errUnsupported.WithMessage("Schema version is not supported")
+		return "", ErrUnsupported.WithMessage("Schema version is not supported")
 	}
 
 	if _, err := buf.Seek(0, io.SeekStart); err != nil {
@@ -70,7 +139,7 @@ func processManifest(ctx context.Context, mci *manifestCreationInfo, buf *packag
 	if !isValidMediaType(mci.MediaType) {
 		mci.MediaType = index.MediaType
 		if !isValidMediaType(mci.MediaType) {
-			return "", errManifestInvalid.WithMessage("MediaType not recognized")
+			return "", ErrManifestInvalid.WithMessage("MediaType not recognized")
 		}
 	}
 
@@ -79,10 +148,10 @@ func processManifest(ctx context.Context, mci *manifestCreationInfo, buf *packag
 	} else if isImageIndexMediaType(mci.MediaType) {
 		return processImageManifestIndex(ctx, mci, buf)
 	}
-	return "", errManifestInvalid
+	return "", ErrManifestInvalid
 }
 
-func processImageManifest(ctx context.Context, mci *manifestCreationInfo, buf *packages_module.HashedBuffer) (string, error) {
+func processImageManifest(ctx context.Context, mci ManifestCreationInfo, buf *packages_module.HashedBuffer) (string, error) {
 	manifestDigest := ""
 
 	err := func() error {
@@ -120,6 +189,7 @@ func processImageManifest(ctx context.Context, mci *manifestCreationInfo, buf *p
 		if err != nil {
 			return err
 		}
+
 		metadata.Annotations = manifest.Annotations
 
 		blobReferences := make([]*blobReference, 0, 1+len(manifest.Layers))
@@ -200,7 +270,7 @@ func processImageManifest(ctx context.Context, mci *manifestCreationInfo, buf *p
 	return manifestDigest, nil
 }
 
-func processImageManifestIndex(ctx context.Context, mci *manifestCreationInfo, buf *packages_module.HashedBuffer) (string, error) {
+func processImageManifestIndex(ctx context.Context, mci ManifestCreationInfo, buf *packages_module.HashedBuffer) (string, error) {
 	manifestDigest := ""
 
 	err := func() error {
@@ -226,7 +296,7 @@ func processImageManifestIndex(ctx context.Context, mci *manifestCreationInfo, b
 
 		for _, manifest := range index.Manifests {
 			if !isImageManifestMediaType(manifest.MediaType) {
-				return errManifestInvalid
+				return ErrManifestInvalid
 			}
 
 			platform := container_module.DefaultPlatform
@@ -245,7 +315,7 @@ func processImageManifestIndex(ctx context.Context, mci *manifestCreationInfo, b
 			})
 			if err != nil {
 				if err == container_model.ErrContainerBlobNotExist {
-					return errManifestBlobUnknown
+					return ErrManifestBlobUnknown
 				}
 				return err
 			}
@@ -315,7 +385,7 @@ func notifyPackageCreate(ctx context.Context, doer *user_model.User, pv *package
 	return nil
 }
 
-func createPackageAndVersion(ctx context.Context, mci *manifestCreationInfo, metadata *container_module.Metadata) (*packages_model.PackageVersion, error) {
+func createPackageAndVersion(ctx context.Context, mci ManifestCreationInfo, metadata *container_module.Metadata) (*packages_model.PackageVersion, error) {
 	created := true
 	p := &packages_model.Package{
 		OwnerID:   mci.Owner.ID,
@@ -429,7 +499,7 @@ type blobReference struct {
 
 func createFileFromBlobReference(ctx context.Context, pv, uploadVersion *packages_model.PackageVersion, ref *blobReference) error {
 	if ref.File.Blob.Size != ref.ExpectedSize {
-		return errSizeInvalid
+		return ErrSizeInvalid
 	}
 
 	if ref.Name == "" {
@@ -474,7 +544,7 @@ func createFileFromBlobReference(ctx context.Context, pv, uploadVersion *package
 	return nil
 }
 
-func createManifestBlob(ctx context.Context, mci *manifestCreationInfo, pv *packages_model.PackageVersion, buf *packages_module.HashedBuffer) (*packages_model.PackageBlob, bool, string, error) {
+func createManifestBlob(ctx context.Context, mci ManifestCreationInfo, pv *packages_model.PackageVersion, buf *packages_module.HashedBuffer) (*packages_model.PackageBlob, bool, string, error) {
 	pb, exists, err := packages_model.GetOrInsertBlob(ctx, packages_service.NewPackageBlob(buf))
 	if err != nil {
 		log.Error("Error inserting package blob: %v", err)
@@ -497,7 +567,7 @@ func createManifestBlob(ctx context.Context, mci *manifestCreationInfo, pv *pack
 		}
 	}
 
-	manifestDigest := digestFromHashSummer(buf)
+	manifestDigest := DigestFromHashSummer(buf)
 	err = createFileFromBlobReference(ctx, pv, nil, &blobReference{
 		Digest:       digest.Digest(manifestDigest),
 		MediaType:    mci.MediaType,
diff --git a/services/packages/container/manifest_test.go b/services/packages/container/manifest_test.go
new file mode 100644
index 0000000000..d2a65cf01a
--- /dev/null
+++ b/services/packages/container/manifest_test.go
@@ -0,0 +1,95 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package container
+
+import (
+	"encoding/base64"
+	"io"
+	"strings"
+	"testing"
+
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	packages_module "forgejo.org/modules/packages"
+	packages_service "forgejo.org/services/packages"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func Test_SaveAndGetManifestAndBlob(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+	manifestMediaType := "application/vnd.docker.distribution.manifest.v2+json"
+	image := "test"
+	tag := "latest"
+
+	mci, err := NewManifestCreationInfo(user2, user2, manifestMediaType, image, tag)
+	require.NoError(t, err)
+
+	blobContent, _ := base64.StdEncoding.DecodeString(`H4sIAAAJbogA/2IYBaNgFIxYAAgAAP//Lq+17wAEAAA=`)
+
+	blobReader := &io.LimitedReader{R: strings.NewReader(string(blobContent)), N: int64(MaxManifestSize + 1)}
+	blobBuf, err := packages_module.CreateHashedBufferFromReaderWithSize(blobReader, MaxManifestSize+1)
+	blobDigest := DigestFromHashSummer(blobBuf)
+	require.NoError(t, err)
+	defer blobBuf.Close()
+
+	blobPCI := &packages_service.PackageCreationInfo{
+		PackageInfo: packages_service.PackageInfo{
+			Owner: user2,
+			Name:  image,
+		},
+		Creator: user2,
+	}
+
+	_, err = SaveAsPackageBlob(t.Context(), blobBuf, blobPCI)
+	require.NoError(t, err)
+
+	configDigest := "sha256:4607e093bec406eaadb6f3a340f63400c9d3a7038680744c406903766b938f0d"
+	configContent := `{"architecture":"amd64","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/true"],"ArgsEscaped":true,"Image":"sha256:9bd8b88dc68b80cffe126cc820e4b52c6e558eb3b37680bfee8e5f3ed7b8c257"},"container":"b89fe92a887d55c0961f02bdfbfd8ac3ddf66167db374770d2d9e9fab3311510","container_config":{"Hostname":"b89fe92a887d","Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/sh","-c","#(nop) ","CMD [\"/true\"]"],"ArgsEscaped":true,"Image":"sha256:9bd8b88dc68b80cffe126cc820e4b52c6e558eb3b37680bfee8e5f3ed7b8c257"},"created":"2022-01-01T00:00:00.000000000Z","docker_version":"20.10.12","history":[{"created":"2022-01-01T00:00:00.000000000Z","created_by":"/bin/sh -c #(nop) COPY file:0e7589b0c800daaf6fa460d2677101e4676dd9491980210cb345480e513f3602 in /true "},{"created":"2022-01-01T00:00:00.000000001Z","created_by":"/bin/sh -c #(nop)  CMD [\"/true\"]","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:0ff3b91bdf21ecdf2f2f3d4372c2098a14dbe06cd678e8f0a85fd4902d00e2e2"]}}`
+
+	cfgReader := &io.LimitedReader{R: strings.NewReader(configContent), N: int64(MaxManifestSize + 1)}
+	cfgBuf, err := packages_module.CreateHashedBufferFromReaderWithSize(cfgReader, MaxManifestSize+1)
+	require.NoError(t, err)
+	defer cfgBuf.Close()
+
+	confPci := &packages_service.PackageCreationInfo{
+		PackageInfo: packages_service.PackageInfo{
+			Owner:   user2,
+			Name:    image,
+			Version: configDigest,
+		},
+		Creator: user2,
+	}
+
+	_, err = SaveAsPackageBlob(t.Context(), cfgBuf, confPci)
+	require.NoError(t, err)
+
+	manifestDigest := "sha256:4f10484d1c1bb13e3956b4de1cd42db8e0f14a75be1617b60f2de3cd59c803c6"
+	manifestContent := `{"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"mediaType":"application/vnd.docker.container.image.v1+json","digest":"sha256:4607e093bec406eaadb6f3a340f63400c9d3a7038680744c406903766b938f0d","size":1069},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:a3ed95caeb02ffe68cdd9fd84406680ae93d633cb16422d00e8a7c22955b46d4","size":32}]}`
+
+	reader := &io.LimitedReader{R: strings.NewReader(manifestContent), N: int64(MaxManifestSize + 1)}
+	buf, err := packages_module.CreateHashedBufferFromReaderWithSize(reader, MaxManifestSize+1)
+	require.NoError(t, err)
+	defer buf.Close()
+
+	digest, err := ProcessManifest(t.Context(), *mci, buf)
+	require.NoError(t, err)
+	assert.Equal(t, digest, manifestDigest)
+
+	pdf, err := GetLocalManifest(t.Context(), user2.ID, image, tag)
+	require.NoError(t, err)
+	assert.Equal(t, "sha256:"+pdf.Blob.HashSHA256, digest)
+
+	pdf, err = GetLocalBlob(t.Context(), user2.ID, blobDigest, image)
+	require.NoError(t, err)
+	assert.Equal(t, "sha256:"+pdf.Blob.HashSHA256, blobDigest)
+
+	tl, v, err := GetLocalTagList(t.Context(), user2.LowerName, image, "", 1, user2.ID)
+	require.NoError(t, err)
+	assert.Len(t, tl.Tags, 1)
+	assert.Equal(t, "latest", v.Get("last"))
+}
diff --git a/services/packages/container/tags.go b/services/packages/container/tags.go
new file mode 100644
index 0000000000..d12324063a
--- /dev/null
+++ b/services/packages/container/tags.go
@@ -0,0 +1,47 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package container
+
+import (
+	"context"
+	"net/url"
+	"strconv"
+	"strings"
+
+	packages_model "forgejo.org/models/packages"
+	container_model "forgejo.org/models/packages/container"
+)
+
+type TagList struct {
+	Name string   `json:"name"`
+	Tags []string `json:"tags"`
+}
+
+func GetLocalTagList(ctx context.Context, ownerLower, image, last string, n int, ownerID int64) (*TagList, *url.Values, error) {
+	_, err := packages_model.GetPackageByName(ctx, ownerID, packages_model.TypeContainer, image)
+	if err != nil {
+		return nil, nil, err
+	}
+	tags, err := container_model.GetImageTags(ctx, ownerID, image, n, last)
+	if err != nil {
+		return nil, nil, err
+	}
+	tagList := &TagList{
+		Name: strings.ToLower(ownerLower + "/" + image),
+		Tags: tags,
+	}
+	v := setLinkHeaderValues(tagList, n)
+	return tagList, v, nil
+}
+
+func setLinkHeaderValues(tagList *TagList, n int) *url.Values {
+	v := &url.Values{}
+	if len(tagList.Tags) > 0 {
+		if n > 0 {
+			v.Add("n", strconv.Itoa(n))
+		}
+		v.Add("last", tagList.Tags[len(tagList.Tags)-1])
+	}
+	return v
+}

From d1c7b04d09f6a13896eaa1322ac690b2021539da Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Mon, 2 Mar 2026 01:37:10 +0100
Subject: [PATCH 422/854] fix: verify code challenge of S256

We do not know for sure, but it is quite likely someone assumed implicit
fallthrough. This meant that if someone used S256 for PKCE, it simply
did not verify the code challenge and always accepted it.

PKCE only started working recently as it was broken for a long time
already, forgejo/forgejo!8678
---
 routers/web/auth/oauth.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 1fd4a0311b..8e8ede0008 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -480,8 +480,7 @@ func AuthorizeOAuth(ctx *context.Context) {
 
 	// pkce support
 	switch form.CodeChallengeMethod {
-	case "S256":
-	case "plain":
+	case "S256", "plain":
 		if err := ctx.Session.Set("CodeChallengeMethod", form.CodeChallengeMethod); err != nil {
 			handleAuthorizeError(ctx, AuthorizeError{
 				ErrorCode:        ErrorCodeServerError,

From faf448f35077957fa0b10470a4bb00e6de3daf47 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Mon, 2 Mar 2026 01:40:26 +0100
Subject: [PATCH 423/854] chore: add integration testing

Build on the test of forgejo/forgejo!8678 to also verify PKCE works for
S256.
---
 tests/integration/oauth_test.go | 153 +++++++++++++++++++++++---------
 1 file changed, 109 insertions(+), 44 deletions(-)

diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go
index 9220f03ccd..21a1ff561f 100644
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -1535,62 +1535,127 @@ func TestSignUpViaOAuth2FA(t *testing.T) {
 func TestAccessTokenWithPKCE(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	var u *url.URL
-	t.Run("Grant", func(t *testing.T) {
-		session := loginUser(t, "user4")
+	session := loginUser(t, "user4")
 
-		session.MakeRequest(t, NewRequest(t, "GET", "/login/oauth/authorize?client_id=ce5a1322-42a7-11ed-b878-0242ac120002&redirect_uri=b&response_type=code&code_challenge_method=plain&code_challenge=CODE&state=thestate"), http.StatusOK)
-		req := NewRequestWithValues(t, "POST", "/login/oauth/grant", map[string]string{
-			"client_id":    "ce5a1322-42a7-11ed-b878-0242ac120002",
-			"redirect_uri": "b",
-			"state":        "thestate",
-			"granted":      "true",
+	t.Run("Plain method", func(t *testing.T) {
+		defer unittest.AssertSuccessfulDelete(t, &auth_model.OAuth2Grant{UserID: 4, ApplicationID: 2})
+
+		var u *url.URL
+		t.Run("Grant", func(t *testing.T) {
+			session.MakeRequest(t, NewRequest(t, "GET", "/login/oauth/authorize?client_id=ce5a1322-42a7-11ed-b878-0242ac120002&redirect_uri=b&response_type=code&code_challenge_method=plain&code_challenge=CODE&state=thestate"), http.StatusOK)
+			req := NewRequestWithValues(t, "POST", "/login/oauth/grant", map[string]string{
+				"client_id":    "ce5a1322-42a7-11ed-b878-0242ac120002",
+				"redirect_uri": "b",
+				"state":        "thestate",
+				"granted":      "true",
+			})
+			resp := session.MakeRequest(t, req, http.StatusSeeOther)
+
+			var err error
+			u, err = url.Parse(test.RedirectURL(resp))
+			require.NoError(t, err)
 		})
-		resp := session.MakeRequest(t, req, http.StatusSeeOther)
 
-		var err error
-		u, err = url.Parse(test.RedirectURL(resp))
-		require.NoError(t, err)
+		t.Run("Incorrect code verifier", func(t *testing.T) {
+			req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+				"client_id":     "ce5a1322-42a7-11ed-b878-0242ac120002",
+				"code":          u.Query().Get("code"),
+				"code_verifier": "just a guess",
+				"grant_type":    "authorization_code",
+				"redirect_uri":  "b",
+			})
+			resp := MakeRequest(t, req, http.StatusBadRequest)
+
+			var respBody map[string]any
+			DecodeJSON(t, resp, &respBody)
+
+			if assert.Len(t, respBody, 2) {
+				assert.Equal(t, "unauthorized_client", respBody["error"])
+				assert.Equal(t, "failed PKCE code challenge", respBody["error_description"])
+			}
+		})
+
+		t.Run("Get access token", func(t *testing.T) {
+			req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+				"client_id":     "ce5a1322-42a7-11ed-b878-0242ac120002",
+				"code":          u.Query().Get("code"),
+				"code_verifier": "CODE",
+				"grant_type":    "authorization_code",
+				"redirect_uri":  "b",
+			})
+			resp := MakeRequest(t, req, http.StatusOK)
+
+			var respBody map[string]any
+			DecodeJSON(t, resp, &respBody)
+
+			if assert.Len(t, respBody, 4) {
+				assert.NotEmpty(t, respBody["access_token"])
+				assert.NotEmpty(t, respBody["token_type"])
+				assert.NotEmpty(t, respBody["expires_in"])
+				assert.NotEmpty(t, respBody["refresh_token"])
+			}
+		})
 	})
 
-	t.Run("Incorrect code verifier", func(t *testing.T) {
-		req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
-			"client_id":     "ce5a1322-42a7-11ed-b878-0242ac120002",
-			"code":          u.Query().Get("code"),
-			"code_verifier": "just a guess",
-			"grant_type":    "authorization_code",
-			"redirect_uri":  "b",
+	t.Run("S256 method", func(t *testing.T) {
+		var u *url.URL
+		t.Run("Grant", func(t *testing.T) {
+			h := sha256.Sum256([]byte("CODE"))
+			hashedVerifier := base64.RawURLEncoding.EncodeToString(h[:])
+
+			session.MakeRequest(t, NewRequest(t, "GET", "/login/oauth/authorize?client_id=ce5a1322-42a7-11ed-b878-0242ac120002&redirect_uri=b&response_type=code&code_challenge_method=S256&code_challenge="+hashedVerifier+"&state=thestate"), http.StatusOK)
+			req := NewRequestWithValues(t, "POST", "/login/oauth/grant", map[string]string{
+				"client_id":    "ce5a1322-42a7-11ed-b878-0242ac120002",
+				"redirect_uri": "b",
+				"state":        "thestate",
+				"granted":      "true",
+			})
+			resp := session.MakeRequest(t, req, http.StatusSeeOther)
+
+			var err error
+			u, err = url.Parse(test.RedirectURL(resp))
+			require.NoError(t, err)
 		})
-		resp := MakeRequest(t, req, http.StatusBadRequest)
 
-		var respBody map[string]any
-		DecodeJSON(t, resp, &respBody)
+		t.Run("Incorrect code verifier", func(t *testing.T) {
+			req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+				"client_id":     "ce5a1322-42a7-11ed-b878-0242ac120002",
+				"code":          u.Query().Get("code"),
+				"code_verifier": "just a guess",
+				"grant_type":    "authorization_code",
+				"redirect_uri":  "b",
+			})
+			resp := MakeRequest(t, req, http.StatusBadRequest)
 
-		if assert.Len(t, respBody, 2) {
-			assert.Equal(t, "unauthorized_client", respBody["error"])
-			assert.Equal(t, "failed PKCE code challenge", respBody["error_description"])
-		}
-	})
+			var respBody map[string]any
+			DecodeJSON(t, resp, &respBody)
 
-	t.Run("Get access token", func(t *testing.T) {
-		req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
-			"client_id":     "ce5a1322-42a7-11ed-b878-0242ac120002",
-			"code":          u.Query().Get("code"),
-			"code_verifier": "CODE",
-			"grant_type":    "authorization_code",
-			"redirect_uri":  "b",
+			if assert.Len(t, respBody, 2) {
+				assert.Equal(t, "unauthorized_client", respBody["error"])
+				assert.Equal(t, "failed PKCE code challenge", respBody["error_description"])
+			}
 		})
-		resp := MakeRequest(t, req, http.StatusOK)
 
-		var respBody map[string]any
-		DecodeJSON(t, resp, &respBody)
+		t.Run("Get access token", func(t *testing.T) {
+			req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+				"client_id":     "ce5a1322-42a7-11ed-b878-0242ac120002",
+				"code":          u.Query().Get("code"),
+				"code_verifier": "CODE",
+				"grant_type":    "authorization_code",
+				"redirect_uri":  "b",
+			})
+			resp := MakeRequest(t, req, http.StatusOK)
 
-		if assert.Len(t, respBody, 4) {
-			assert.NotEmpty(t, respBody["access_token"])
-			assert.NotEmpty(t, respBody["token_type"])
-			assert.NotEmpty(t, respBody["expires_in"])
-			assert.NotEmpty(t, respBody["refresh_token"])
-		}
+			var respBody map[string]any
+			DecodeJSON(t, resp, &respBody)
+
+			if assert.Len(t, respBody, 4) {
+				assert.NotEmpty(t, respBody["access_token"])
+				assert.NotEmpty(t, respBody["token_type"])
+				assert.NotEmpty(t, respBody["expires_in"])
+				assert.NotEmpty(t, respBody["refresh_token"])
+			}
+		})
 	})
 }
 

From da766f1e199b8f19e71f8063c233d37d188fde12 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sun, 1 Mar 2026 23:32:33 +0100
Subject: [PATCH 424/854] fix: consider scopes for OAuth2 token via basic login

There are two ways to use a OAuth2 token:

Via the Authorization header as a Bearer token.
Via the Authorization header as a Basic login.

For the former the scope was correctly passed through, for the latter it
was not and would mean no scope was checked if you used the token via
this way.
---
 services/auth/basic.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/services/auth/basic.go b/services/auth/basic.go
index 4125c914a9..502d806a12 100644
--- a/services/auth/basic.go
+++ b/services/auth/basic.go
@@ -73,7 +73,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 	}
 
 	// check oauth2 token
-	uid, _ := CheckOAuthAccessToken(req.Context(), authToken)
+	uid, grantScopes := CheckOAuthAccessToken(req.Context(), authToken)
 	if uid != 0 {
 		log.Trace("Basic Authorization: Valid OAuthAccessToken for user[%d]", uid)
 
@@ -84,6 +84,11 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 		}
 
 		store.GetData()["IsApiToken"] = true
+		if grantScopes != "" {
+			store.GetData()["ApiTokenScope"] = auth_model.AccessTokenScope(grantScopes)
+		} else {
+			store.GetData()["ApiTokenScope"] = auth_model.AccessTokenScopeAll // fallback to all
+		}
 		return u, nil
 	}
 

From 68b2930caad9ca7bb5993b9ebea140da75e4d5a2 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Mon, 2 Mar 2026 00:48:04 +0100
Subject: [PATCH 425/854] chore: add integration testing

Modify the existing scopes tests for normal API tokens to OAuth2 tokens.
---
 tests/integration/api_token_test.go | 106 +++++++++++++++++++---------
 1 file changed, 72 insertions(+), 34 deletions(-)

diff --git a/tests/integration/api_token_test.go b/tests/integration/api_token_test.go
index 2beadfacc2..19946afce8 100644
--- a/tests/integration/api_token_test.go
+++ b/tests/integration/api_token_test.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"strings"
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
@@ -541,13 +542,29 @@ func runTestCase(t *testing.T, testCase *requiredScopeTestCase, user *user_model
 			unauthorizedScopes = append(unauthorizedScopes, categoryUnauthorizedScopes...)
 		}
 
-		accessToken := createAPIAccessTokenWithoutCleanUp(t, "test-token", user, unauthorizedScopes)
-		defer deleteAPIAccessToken(t, accessToken, user)
-
 		// Request the endpoint.  Verify that permission is denied.
-		req := NewRequest(t, testCase.method, testCase.url).
-			AddTokenAuth(accessToken.Token)
-		MakeRequest(t, req, http.StatusForbidden)
+
+		t.Run("Bearer", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			accessToken := createAPIAccessTokenWithoutCleanUp(t, "test-token", user, unauthorizedScopes)
+			defer deleteAPIAccessToken(t, accessToken, user)
+
+			req := NewRequest(t, testCase.method, testCase.url).
+				AddTokenAuth(accessToken.Token)
+			MakeRequest(t, req, http.StatusForbidden)
+		})
+
+		t.Run("Basic", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			oauth2Token := createOAuth2Token(t, loginUser(t, user.Name), unauthorizedScopes)
+			defer unittest.AssertSuccessfulDelete(t, &auth_model.OAuth2Grant{ApplicationID: 2, UserID: user.ID})
+
+			req := NewRequest(t, testCase.method, testCase.url)
+			req.SetBasicAuth("x-oauth-basic", oauth2Token)
+			MakeRequest(t, req, http.StatusForbidden)
+		})
 	})
 }
 
@@ -585,6 +602,51 @@ func deleteAPIAccessToken(t *testing.T, accessToken api.AccessToken, user *user_
 	unittest.AssertNotExistsBean(t, &auth_model.AccessToken{ID: accessToken.ID})
 }
 
+func createOAuth2Token(t *testing.T, session *TestSession, scopes []auth_model.AccessTokenScope) string {
+	// Make a call to `/login/oauth/authorize` to get some session data.
+	session.MakeRequest(t, NewRequest(t, "GET", "/login/oauth/authorize?client_id=ce5a1322-42a7-11ed-b878-0242ac120002&redirect_uri=b&response_type=code&code_challenge_method=plain&code_challenge=CODE&state=thestate"), http.StatusOK)
+
+	var b strings.Builder
+	switch len(scopes) {
+	case 0:
+		break
+	case 1:
+		b.WriteString(string(scopes[0]))
+	default:
+		b.WriteString(string(scopes[0]))
+		for _, s := range scopes[1:] {
+			b.WriteString(" ")
+			b.WriteString(string(s))
+		}
+	}
+
+	req := NewRequestWithValues(t, "POST", "/login/oauth/grant", map[string]string{
+		"client_id":    "ce5a1322-42a7-11ed-b878-0242ac120002",
+		"redirect_uri": "b",
+		"state":        "thestate",
+		"granted":      "true",
+		"scope":        b.String(),
+	})
+	resp := session.MakeRequest(t, req, http.StatusSeeOther)
+
+	u, err := url.Parse(test.RedirectURL(resp))
+	require.NoError(t, err)
+
+	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+		"client_id":     "ce5a1322-42a7-11ed-b878-0242ac120002",
+		"code":          u.Query().Get("code"),
+		"code_verifier": "CODE",
+		"grant_type":    "authorization_code",
+		"redirect_uri":  "b",
+	})
+	resp = MakeRequest(t, req, http.StatusOK)
+
+	var respBody map[string]any
+	DecodeJSON(t, resp, &respBody)
+
+	return respBody["access_token"].(string)
+}
+
 func TestAPITokenCreation(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
@@ -611,39 +673,15 @@ func TestAPITokenCreation(t *testing.T) {
 	t.Run("Via OAuth2", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 
-		// Make a call to `/login/oauth/authorize` to get some session data.
-		session.MakeRequest(t, NewRequest(t, "GET", "/login/oauth/authorize?client_id=ce5a1322-42a7-11ed-b878-0242ac120002&redirect_uri=b&response_type=code&code_challenge_method=plain&code_challenge=CODE&state=thestate"), http.StatusOK)
+		accessToken := createOAuth2Token(t, session, nil)
 
-		req := NewRequestWithValues(t, "POST", "/login/oauth/grant", map[string]string{
-			"client_id":    "ce5a1322-42a7-11ed-b878-0242ac120002",
-			"redirect_uri": "b",
-			"state":        "thestate",
-			"granted":      "true",
-		})
-		resp := session.MakeRequest(t, req, http.StatusSeeOther)
-
-		u, err := url.Parse(test.RedirectURL(resp))
-		require.NoError(t, err)
-
-		req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
-			"client_id":     "ce5a1322-42a7-11ed-b878-0242ac120002",
-			"code":          u.Query().Get("code"),
-			"code_verifier": "CODE",
-			"grant_type":    "authorization_code",
-			"redirect_uri":  "b",
-		})
-		resp = MakeRequest(t, req, http.StatusOK)
-
-		var respBody map[string]any
-		DecodeJSON(t, resp, &respBody)
-
-		req = NewRequestWithJSON(t, "POST", "/api/v1/users/user4/tokens", map[string]any{
+		req := NewRequestWithJSON(t, "POST", "/api/v1/users/user4/tokens", map[string]any{
 			"name":   "new-new-token",
 			"scopes": []auth_model.AccessTokenScope{auth_model.AccessTokenScopeWriteUser},
 		})
-		req.Request.Header.Set("Authorization", "basic "+base64.StdEncoding.EncodeToString([]byte("user4:"+respBody["access_token"].(string))))
+		req.SetBasicAuth("user4", accessToken)
 
-		resp = MakeRequest(t, req, http.StatusUnauthorized)
+		resp := MakeRequest(t, req, http.StatusUnauthorized)
 
 		respMsg := map[string]any{}
 		DecodeJSON(t, resp, &respMsg)

From ce0a3767230bf0ed2a16f69fd3eb0afe0dff6168 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Wed, 11 Feb 2026 08:16:51 +0100
Subject: [PATCH 426/854] fix: check that attachments belong to correct
 resource

It was possible to hijack attachments during update and create functions
to another owner as permissions to check they weren't already attached
to another resource and wasn't checked if it belonged to the repository
that was being operated on.
---
 models/issues/comment.go          | 29 ++++----------
 models/issues/issue_update.go     | 22 +++--------
 models/repo/attachment.go         | 64 +++++++++++++++++++++++++------
 models/repo/release.go            | 12 ++----
 routers/web/repo/issue.go         |  2 +-
 services/attachment/attachment.go |  6 +++
 services/release/release.go       | 37 ++++++++----------
 7 files changed, 93 insertions(+), 79 deletions(-)

diff --git a/models/issues/comment.go b/models/issues/comment.go
index c0a13ef03d..325fcbe30b 100644
--- a/models/issues/comment.go
+++ b/models/issues/comment.go
@@ -611,9 +611,13 @@ func (c *Comment) UpdateAttachments(ctx context.Context, uuids []string) error {
 	}
 	defer committer.Close()
 
-	attachments, err := repo_model.GetAttachmentsByUUIDs(ctx, uuids)
+	if err := c.LoadIssue(ctx); err != nil {
+		return fmt.Errorf("LoadIssue: %w", err)
+	}
+
+	attachments, err := repo_model.FindRepoAttachmentsByUUID(ctx, c.Issue.RepoID, uuids, repo_model.FindAttachmentOptions{})
 	if err != nil {
-		return fmt.Errorf("getAttachmentsByUUIDs [uuids: %v]: %w", uuids, err)
+		return fmt.Errorf("FindRepoAttachmentsByUUID[uuids=%q,repoID=%d]: %w", uuids, c.Issue.RepoID, err)
 	}
 	for i := 0; i < len(attachments); i++ {
 		attachments[i].IssueID = c.IssueID
@@ -889,7 +893,7 @@ func updateCommentInfos(ctx context.Context, opts *CreateCommentOptions, comment
 	// Check comment type.
 	switch opts.Type {
 	case CommentTypeCode:
-		if err = updateAttachments(ctx, opts, comment); err != nil {
+		if err := comment.UpdateAttachments(ctx, opts.Attachments); err != nil {
 			return err
 		}
 		if comment.ReviewID != 0 {
@@ -909,7 +913,7 @@ func updateCommentInfos(ctx context.Context, opts *CreateCommentOptions, comment
 		}
 		fallthrough
 	case CommentTypeReview:
-		if err = updateAttachments(ctx, opts, comment); err != nil {
+		if err := comment.UpdateAttachments(ctx, opts.Attachments); err != nil {
 			return err
 		}
 	case CommentTypeReopen, CommentTypeClose:
@@ -921,23 +925,6 @@ func updateCommentInfos(ctx context.Context, opts *CreateCommentOptions, comment
 	return UpdateIssueCols(ctx, opts.Issue, "updated_unix")
 }
 
-func updateAttachments(ctx context.Context, opts *CreateCommentOptions, comment *Comment) error {
-	attachments, err := repo_model.GetAttachmentsByUUIDs(ctx, opts.Attachments)
-	if err != nil {
-		return fmt.Errorf("getAttachmentsByUUIDs [uuids: %v]: %w", opts.Attachments, err)
-	}
-	for i := range attachments {
-		attachments[i].IssueID = opts.Issue.ID
-		attachments[i].CommentID = comment.ID
-		// No assign value could be 0, so ignore AllCols().
-		if _, err = db.GetEngine(ctx).ID(attachments[i].ID).Update(attachments[i]); err != nil {
-			return fmt.Errorf("update attachment [%d]: %w", attachments[i].ID, err)
-		}
-	}
-	comment.Attachments = attachments
-	return nil
-}
-
 func createDeadlineComment(ctx context.Context, doer *user_model.User, issue *Issue, newDeadlineUnix timeutil.TimeStamp) (*Comment, error) {
 	var content string
 	var commentType CommentType
diff --git a/models/issues/issue_update.go b/models/issues/issue_update.go
index 84a8820cd1..22e6fcb8d4 100644
--- a/models/issues/issue_update.go
+++ b/models/issues/issue_update.go
@@ -234,18 +234,18 @@ func AddDeletePRBranchComment(ctx context.Context, doer *user_model.User, repo *
 }
 
 // UpdateIssueAttachments update attachments by UUIDs for the issue
-func UpdateIssueAttachments(ctx context.Context, issueID int64, uuids []string) (err error) {
+func UpdateIssueAttachments(ctx context.Context, issue *Issue, uuids []string) (err error) {
 	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return err
 	}
 	defer committer.Close()
-	attachments, err := repo_model.GetAttachmentsByUUIDs(ctx, uuids)
+	attachments, err := repo_model.FindRepoAttachmentsByUUID(ctx, issue.RepoID, uuids, repo_model.FindAttachmentOptions{})
 	if err != nil {
-		return fmt.Errorf("getAttachmentsByUUIDs [uuids: %v]: %w", uuids, err)
+		return fmt.Errorf("FindRepoAttachmentsByUUID[uuids=%q,repoID=%d]: %w", uuids, issue.RepoID, err)
 	}
 	for i := 0; i < len(attachments); i++ {
-		attachments[i].IssueID = issueID
+		attachments[i].IssueID = issue.ID
 		if err := repo_model.UpdateAttachment(ctx, attachments[i]); err != nil {
 			return fmt.Errorf("update attachment [id: %d]: %w", attachments[i].ID, err)
 		}
@@ -394,18 +394,8 @@ func NewIssueWithIndex(ctx context.Context, doer *user_model.User, opts NewIssue
 		return err
 	}
 
-	if len(opts.Attachments) > 0 {
-		attachments, err := repo_model.GetAttachmentsByUUIDs(ctx, opts.Attachments)
-		if err != nil {
-			return fmt.Errorf("getAttachmentsByUUIDs [uuids: %v]: %w", opts.Attachments, err)
-		}
-
-		for i := 0; i < len(attachments); i++ {
-			attachments[i].IssueID = opts.Issue.ID
-			if _, err = e.ID(attachments[i].ID).Update(attachments[i]); err != nil {
-				return fmt.Errorf("update attachment [id: %d]: %w", attachments[i].ID, err)
-			}
-		}
+	if err := UpdateIssueAttachments(ctx, opts.Issue, opts.Attachments); err != nil {
+		return fmt.Errorf("UpdateIssueAttachments: %w", err)
 	}
 	if err = opts.Issue.LoadAttributes(ctx); err != nil {
 		return err
diff --git a/models/repo/attachment.go b/models/repo/attachment.go
index 6d903be5f8..1b6af572dd 100644
--- a/models/repo/attachment.go
+++ b/models/repo/attachment.go
@@ -1,4 +1,5 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2026 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package repo
@@ -16,17 +17,30 @@ import (
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/validation"
+
+	"xorm.io/builder"
 )
 
 // Attachment represent a attachment of issue/comment/release.
 type Attachment struct {
-	ID                int64  `xorm:"pk autoincr"`
-	UUID              string `xorm:"uuid UNIQUE"`
-	RepoID            int64  `xorm:"INDEX"`           // this should not be zero
-	IssueID           int64  `xorm:"INDEX"`           // maybe zero when creating
-	ReleaseID         int64  `xorm:"INDEX"`           // maybe zero when creating
-	UploaderID        int64  `xorm:"INDEX DEFAULT 0"` // Notice: will be zero before this column added
-	CommentID         int64  `xorm:"INDEX"`
+	ID int64 `xorm:"pk autoincr"`
+	// UUID is the public identifier of the attachment, and is used during HTTP
+	// requests to refer to a specific attachment.
+	UUID string `xorm:"uuid UNIQUE"`
+	// UploaderID is always set and non-zero and refers to the user that has
+	// uploaded this attachment.
+	UploaderID int64 `xorm:"INDEX DEFAULT 0"`
+	// RepoID is always set and non-zero and refers to the repository where this
+	// attachment was uploaded to.
+	RepoID int64 `xorm:"INDEX"`
+	// IssueID, ReleaseID and CommentID have multiple possible states:
+	//  - ReleaseID != 0 && IssueID == 0 && CommentID == 0: attached to release with id `ReleaseID`.
+	//  - ReleaseID == 0 && IssueID != 0 && CommentID == 0: attached to the issue with id `IssueID`.
+	//  - ReleaseID == 0 && IssueID != 0 && CommentID != 0: attached to comment with id `CommentID` that is in issue with id `IssueID`.
+	//  All other states should be considered invalid.
+	IssueID           int64 `xorm:"INDEX"`
+	ReleaseID         int64 `xorm:"INDEX"`
+	CommentID         int64 `xorm:"INDEX"`
 	Name              string
 	DownloadCount     int64              `xorm:"DEFAULT 0"`
 	Size              int64              `xorm:"DEFAULT 0"`
@@ -73,6 +87,12 @@ func (a *Attachment) DownloadURL() string {
 	return setting.AppURL + "attachments/" + url.PathEscape(a.UUID)
 }
 
+// IsAttachedToResource returns true if this attachment is attached to a release,
+// issue or comment.
+func (a *Attachment) IsAttachedToResource() bool {
+	return a.ReleaseID != 0 || a.IssueID != 0 || a.CommentID != 0
+}
+
 // ErrAttachmentNotExist represents a "AttachmentNotExist" kind of error.
 type ErrAttachmentNotExist struct {
 	ID   int64
@@ -133,15 +153,37 @@ func GetAttachmentByUUID(ctx context.Context, uuid string) (*Attachment, error)
 	return attach, nil
 }
 
-// GetAttachmentsByUUIDs returns attachment by given UUID list.
-func GetAttachmentsByUUIDs(ctx context.Context, uuids []string) ([]*Attachment, error) {
+type FindAttachmentOptions struct {
+	ReleaseID int64
+	IssueID   int64
+	CommentID int64
+}
+
+func (opts FindAttachmentOptions) ToConds() builder.Cond {
+	return builder.Eq{"release_id": opts.ReleaseID, "issue_id": opts.IssueID, "comment_id": opts.CommentID}
+}
+
+// FindRepoAttachmentsByUUID always returns attachment that has a UUID that is
+// in the given `uuids` argument and is attached to the repository.
+//
+// The values in `opts` are always as a condition even if they are zero, this
+// allows to search for attachments that are not yet attached to any resource by
+// specifying a empty struct.
+func FindRepoAttachmentsByUUID(ctx context.Context, repoID int64, uuids []string, opts FindAttachmentOptions) ([]*Attachment, error) {
+	// Nothing to match anyway.
 	if len(uuids) == 0 {
 		return []*Attachment{}, nil
 	}
 
-	// Silently drop invalid uuids.
+	// At maximum nothing is filtered and we get all attachments via the UUID.
 	attachments := make([]*Attachment, 0, len(uuids))
-	return attachments, db.GetEngine(ctx).In("uuid", uuids).Find(&attachments)
+
+	err := db.GetEngine(ctx).
+		Where("repo_id = ?", repoID).
+		In("uuid", uuids).
+		And(opts.ToConds()).
+		Find(&attachments)
+	return attachments, err
 }
 
 // ExistAttachmentsByUUID returns true if attachment exists with the given UUID
diff --git a/models/repo/release.go b/models/repo/release.go
index 4efbfb352d..edd628fa0f 100644
--- a/models/repo/release.go
+++ b/models/repo/release.go
@@ -224,18 +224,14 @@ func UpdateRelease(ctx context.Context, rel *Release) error {
 }
 
 // AddReleaseAttachments adds a release attachments
-func AddReleaseAttachments(ctx context.Context, releaseID int64, attachmentUUIDs []string) (err error) {
-	// Check attachments
-	attachments, err := GetAttachmentsByUUIDs(ctx, attachmentUUIDs)
+func AddReleaseAttachments(ctx context.Context, release *Release, attachmentUUIDs []string) (err error) {
+	attachments, err := FindRepoAttachmentsByUUID(ctx, release.RepoID, attachmentUUIDs, FindAttachmentOptions{})
 	if err != nil {
-		return fmt.Errorf("GetAttachmentsByUUIDs [uuids: %v]: %w", attachmentUUIDs, err)
+		return fmt.Errorf("FindRepoAttachmentsByUUID[uuids=%q,repoID=%d]: %w", attachmentUUIDs, release.RepoID, err)
 	}
 
 	for i := range attachments {
-		if attachments[i].ReleaseID != 0 {
-			return util.NewPermissionDeniedErrorf("release permission denied")
-		}
-		attachments[i].ReleaseID = releaseID
+		attachments[i].ReleaseID = release.ID
 		// No assign value could be 0, so ignore AllCols().
 		if _, err = db.GetEngine(ctx).ID(attachments[i].ID).Update(attachments[i]); err != nil {
 			return fmt.Errorf("update attachment [%d]: %w", attachments[i].ID, err)
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index 10d3e6651b..cc09651e97 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -3682,7 +3682,7 @@ func updateAttachments(ctx *context.Context, item any, files []string) error {
 	if len(files) > 0 {
 		switch content := item.(type) {
 		case *issues_model.Issue:
-			err = issues_model.UpdateIssueAttachments(ctx, content.ID, files)
+			err = issues_model.UpdateIssueAttachments(ctx, content, files)
 		case *issues_model.Comment:
 			err = content.UpdateAttachments(ctx, files)
 		default:
diff --git a/services/attachment/attachment.go b/services/attachment/attachment.go
index b6f763842b..420e95d1eb 100644
--- a/services/attachment/attachment.go
+++ b/services/attachment/attachment.go
@@ -24,6 +24,9 @@ func NewAttachment(ctx context.Context, attach *repo_model.Attachment, file io.R
 	if attach.RepoID == 0 {
 		return nil, fmt.Errorf("attachment %s should belong to a repository", attach.Name)
 	}
+	if attach.UploaderID == 0 {
+		return nil, fmt.Errorf("attachment %s should have a uploader", attach.Name)
+	}
 
 	err := db.WithTx(ctx, func(ctx context.Context) error {
 		attach.UUID = uuid.New().String()
@@ -48,6 +51,9 @@ func NewExternalAttachment(ctx context.Context, attach *repo_model.Attachment) (
 	if attach.RepoID == 0 {
 		return nil, fmt.Errorf("attachment %s should belong to a repository", attach.Name)
 	}
+	if attach.UploaderID == 0 {
+		return nil, fmt.Errorf("attachment %s should have a uploader", attach.Name)
+	}
 	if attach.ExternalURL == "" {
 		return nil, fmt.Errorf("attachment %s should have a external url", attach.Name)
 	}
diff --git a/services/release/release.go b/services/release/release.go
index 69889a1638..9536ebf6dd 100644
--- a/services/release/release.go
+++ b/services/release/release.go
@@ -192,7 +192,7 @@ func CreateRelease(gitRepo *git.Repository, rel *repo_model.Release, msg string,
 		}
 	}
 
-	if err = repo_model.AddReleaseAttachments(gitRepo.Ctx, rel.ID, addAttachmentUUIDs.Values()); err != nil {
+	if err = repo_model.AddReleaseAttachments(gitRepo.Ctx, rel, addAttachmentUUIDs.Values()); err != nil {
 		return err
 	}
 
@@ -314,44 +314,37 @@ func UpdateRelease(ctx context.Context, doer *user_model.User, gitRepo *git.Repo
 		}
 	}
 
-	if err = repo_model.AddReleaseAttachments(ctx, rel.ID, addAttachmentUUIDs.Values()); err != nil {
+	if err = repo_model.AddReleaseAttachments(ctx, rel, addAttachmentUUIDs.Values()); err != nil {
 		return fmt.Errorf("AddReleaseAttachments: %w", err)
 	}
 
 	deletedUUIDs := make(container.Set[string])
 	if len(delAttachmentUUIDs) > 0 {
-		// Check attachments
-		attachments, err := repo_model.GetAttachmentsByUUIDs(ctx, delAttachmentUUIDs.Values())
+		// Check delAttachments
+		delAttachments, err := repo_model.FindRepoAttachmentsByUUID(ctx, rel.RepoID, delAttachmentUUIDs.Values(), repo_model.FindAttachmentOptions{ReleaseID: rel.ID})
 		if err != nil {
-			return fmt.Errorf("GetAttachmentsByUUIDs [uuids: %v]: %w", delAttachmentUUIDs, err)
+			return fmt.Errorf("FindRepoAttachmentsByUUID[uuids=%q,repoID=%d,releaseID=%d]: %w", delAttachmentUUIDs.Values(), rel.RepoID, rel.ID, err)
 		}
-		for _, attach := range attachments {
-			if attach.ReleaseID != rel.ID {
-				return util.SilentWrap{
-					Message: "delete attachment of release permission denied",
-					Err:     util.ErrPermissionDenied,
-				}
-			}
+		for _, attach := range delAttachments {
 			deletedUUIDs.Add(attach.UUID)
 		}
 
-		if _, err := repo_model.DeleteAttachments(ctx, attachments, true); err != nil {
+		if _, err := repo_model.DeleteAttachments(ctx, delAttachments, true); err != nil {
 			return fmt.Errorf("DeleteAttachments [uuids: %v]: %w", delAttachmentUUIDs, err)
 		}
 	}
 
 	if len(updateAttachmentUUIDs) > 0 {
-		// Check attachments
-		attachments, err := repo_model.GetAttachmentsByUUIDs(ctx, updateAttachmentUUIDs.Values())
+		// Check that attachments actually belong to repository and release.
+		attachments, err := repo_model.FindRepoAttachmentsByUUID(ctx, rel.RepoID, updateAttachmentUUIDs.Values(), repo_model.FindAttachmentOptions{ReleaseID: rel.ID})
 		if err != nil {
-			return fmt.Errorf("GetAttachmentsByUUIDs [uuids: %v]: %w", updateAttachmentUUIDs, err)
+			return fmt.Errorf("FindRepoAttachmentsByUUID[uuids=%q,repoID=%d,releaseID=%d]: %w", updateAttachmentUUIDs.Values(), rel.RepoID, rel.ID, err)
 		}
-		for _, attach := range attachments {
-			if attach.ReleaseID != rel.ID {
-				return util.SilentWrap{
-					Message: "update attachment of release permission denied",
-					Err:     util.ErrPermissionDenied,
-				}
+
+		if len(attachments) != len(updateAttachments) {
+			return util.SilentWrap{
+				Message: "update attachment of release permission denied",
+				Err:     util.ErrPermissionDenied,
 			}
 		}
 	}

From abdac1993ab38f12e939505681886684b4deb890 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 27 Feb 2026 00:03:02 +0100
Subject: [PATCH 427/854] chore: add unit test

---
 models/repo/attachment_test.go                |  72 +++++++++--
 .../attachment.yml                            | 116 ++++++++++++++++++
 2 files changed, 180 insertions(+), 8 deletions(-)
 create mode 100644 models/repo/fixtures/TestFindRepoAttachmentsByUUID/attachment.yml

diff --git a/models/repo/attachment_test.go b/models/repo/attachment_test.go
index 23f4b3799f..2ee4ee91ed 100644
--- a/models/repo/attachment_test.go
+++ b/models/repo/attachment_test.go
@@ -1,9 +1,12 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2026 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package repo_test
 
 import (
+	"cmp"
+	"slices"
 	"testing"
 
 	"forgejo.org/models/db"
@@ -88,14 +91,67 @@ func TestUpdateAttachment(t *testing.T) {
 	unittest.AssertExistsAndLoadBean(t, &repo_model.Attachment{Name: "new_name"})
 }
 
-func TestGetAttachmentsByUUIDs(t *testing.T) {
+func TestFindRepoAttachmentsByUUID(t *testing.T) {
+	defer unittest.OverrideFixtures("models/repo/fixtures/TestFindRepoAttachmentsByUUID")()
 	require.NoError(t, unittest.PrepareTestDatabase())
 
-	attachList, err := repo_model.GetAttachmentsByUUIDs(db.DefaultContext, []string{"a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11", "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a17", "not-existing-uuid"})
-	require.NoError(t, err)
-	assert.Len(t, attachList, 2)
-	assert.Equal(t, "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11", attachList[0].UUID)
-	assert.Equal(t, "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a17", attachList[1].UUID)
-	assert.Equal(t, int64(1), attachList[0].IssueID)
-	assert.Equal(t, int64(5), attachList[1].IssueID)
+	sort := func(x []*repo_model.Attachment) {
+		slices.SortFunc(x, func(a, b *repo_model.Attachment) int {
+			return cmp.Compare(a.ID, b.ID)
+		})
+	}
+
+	t.Run("Empty UUIDs", func(t *testing.T) {
+		attachments, err := repo_model.FindRepoAttachmentsByUUID(t.Context(), 1001, []string{}, repo_model.FindAttachmentOptions{})
+		require.NoError(t, err)
+		assert.Empty(t, attachments)
+	})
+
+	t.Run("Wrong repository", func(t *testing.T) {
+		attachments, err := repo_model.FindRepoAttachmentsByUUID(t.Context(), 1002, []string{"31b6f65e-2745-4e87-b02c-e6bb9890d399", "e19fd169-c2d1-4fd0-a6d5-9658fd4affed", "758e41f6-e3b7-4420-b34f-1920da0858aa"}, repo_model.FindAttachmentOptions{})
+		require.NoError(t, err)
+		assert.Empty(t, attachments)
+	})
+
+	t.Run("Not attached", func(t *testing.T) {
+		attachments, err := repo_model.FindRepoAttachmentsByUUID(t.Context(), 1001, []string{"31b6f65e-2745-4e87-b02c-e6bb9890d399", "e19fd169-c2d1-4fd0-a6d5-9658fd4affed", "758e41f6-e3b7-4420-b34f-1920da0858aa"}, repo_model.FindAttachmentOptions{})
+		require.NoError(t, err)
+		if assert.Len(t, attachments, 1) {
+			assert.Equal(t, "31b6f65e-2745-4e87-b02c-e6bb9890d399", attachments[0].UUID)
+		}
+	})
+
+	t.Run("Issue", func(t *testing.T) {
+		attachments, err := repo_model.FindRepoAttachmentsByUUID(t.Context(), 1001, []string{"17bcdb6b-dd84-4da1-b37a-671165402d8d", "e19fd169-c2d1-4fd0-a6d5-9658fd4affed", "774f276e-c85d-488e-b735-7bc07860c756"}, repo_model.FindAttachmentOptions{IssueID: 1001})
+		require.NoError(t, err)
+		sort(attachments)
+		if assert.Len(t, attachments, 2) {
+			assert.Equal(t, "17bcdb6b-dd84-4da1-b37a-671165402d8d", attachments[0].UUID)
+			assert.Equal(t, "e19fd169-c2d1-4fd0-a6d5-9658fd4affed", attachments[1].UUID)
+		}
+	})
+
+	t.Run("Comment", func(t *testing.T) {
+		attachments, err := repo_model.FindRepoAttachmentsByUUID(t.Context(), 1001, []string{"edf0d986-8a12-447a-a4bb-e9aefead251b", "774f276e-c85d-488e-b735-7bc07860c756", "e19fd169-c2d1-4fd0-a6d5-9658fd4affed"}, repo_model.FindAttachmentOptions{IssueID: 1001, CommentID: 1001})
+		require.NoError(t, err)
+		if assert.Len(t, attachments, 1) {
+			assert.Equal(t, "edf0d986-8a12-447a-a4bb-e9aefead251b", attachments[0].UUID)
+		}
+
+		attachments, err = repo_model.FindRepoAttachmentsByUUID(t.Context(), 1001, []string{"edf0d986-8a12-447a-a4bb-e9aefead251b", "774f276e-c85d-488e-b735-7bc07860c756", "e19fd169-c2d1-4fd0-a6d5-9658fd4affed"}, repo_model.FindAttachmentOptions{IssueID: 1001, CommentID: 1002})
+		require.NoError(t, err)
+		if assert.Len(t, attachments, 1) {
+			assert.Equal(t, "774f276e-c85d-488e-b735-7bc07860c756", attachments[0].UUID)
+		}
+	})
+
+	t.Run("Release", func(t *testing.T) {
+		attachments, err := repo_model.FindRepoAttachmentsByUUID(t.Context(), 1001, []string{"d2570bab-c843-486f-b7b7-23e011c42815", "758e41f6-e3b7-4420-b34f-1920da0858aa", "e19fd169-c2d1-4fd0-a6d5-9658fd4affed"}, repo_model.FindAttachmentOptions{ReleaseID: 1001})
+		require.NoError(t, err)
+		if assert.Len(t, attachments, 2) {
+			sort(attachments)
+			assert.Equal(t, "758e41f6-e3b7-4420-b34f-1920da0858aa", attachments[0].UUID)
+			assert.Equal(t, "d2570bab-c843-486f-b7b7-23e011c42815", attachments[1].UUID)
+		}
+	})
 }
diff --git a/models/repo/fixtures/TestFindRepoAttachmentsByUUID/attachment.yml b/models/repo/fixtures/TestFindRepoAttachmentsByUUID/attachment.yml
new file mode 100644
index 0000000000..934f92d264
--- /dev/null
+++ b/models/repo/fixtures/TestFindRepoAttachmentsByUUID/attachment.yml
@@ -0,0 +1,116 @@
+-
+  id: 1001
+  uuid: 70d3e7b8-5e46-41eb-bd2d-afaba53056bd
+  repo_id: 0
+  issue_id: 0
+  release_id: 0
+  uploader_id: 0
+  comment_id: 0
+  name: attach1
+  download_count: 0
+  size: 0
+  created_unix: 1771300000
+
+-
+  id: 1002
+  uuid: 31b6f65e-2745-4e87-b02c-e6bb9890d399
+  repo_id: 1001
+  issue_id: 0
+  release_id: 0
+  uploader_id: 1001
+  comment_id: 0
+  name: attach1
+  download_count: 0
+  size: 0
+  created_unix: 1771300001
+
+-
+  id: 1003
+  uuid: 03158f6c-487c-4bc5-b24b-10f13e21c2e7
+  repo_id: 1001
+  issue_id: 0
+  release_id: 0
+  uploader_id: 1002
+  comment_id: 0
+  name: attach1
+  download_count: 0
+  size: 0
+  created_unix: 1771300002
+
+-
+  id: 1004
+  uuid: 17bcdb6b-dd84-4da1-b37a-671165402d8d
+  repo_id: 1001
+  issue_id: 1001
+  release_id: 0
+  uploader_id: 1001
+  comment_id: 0
+  name: attach1
+  download_count: 0
+  size: 0
+  created_unix: 1771300003
+
+-
+  id: 1005
+  uuid: e19fd169-c2d1-4fd0-a6d5-9658fd4affed
+  repo_id: 1001
+  issue_id: 1001
+  release_id: 0
+  uploader_id: 1002
+  comment_id: 0
+  name: attach1
+  download_count: 0
+  size: 0
+  created_unix: 1771300004
+
+-
+  id: 1006
+  uuid: 758e41f6-e3b7-4420-b34f-1920da0858aa
+  repo_id: 1001
+  issue_id: 0
+  release_id: 1001
+  uploader_id: 1001
+  comment_id: 0
+  name: attach1
+  download_count: 0
+  size: 0
+  created_unix: 1771300005
+
+-
+  id: 1007
+  uuid: d2570bab-c843-486f-b7b7-23e011c42815
+  repo_id: 1001
+  issue_id: 0
+  release_id: 1001
+  uploader_id: 1002
+  comment_id: 0
+  name: attach1
+  download_count: 0
+  size: 0
+  created_unix: 1771300006
+
+-
+  id: 1008
+  uuid: edf0d986-8a12-447a-a4bb-e9aefead251b
+  repo_id: 1001
+  issue_id: 1001
+  release_id: 0
+  uploader_id: 1001
+  comment_id: 1001
+  name: attach1
+  download_count: 0
+  size: 0
+  created_unix: 1771300007
+
+-
+  id: 1009
+  uuid: 774f276e-c85d-488e-b735-7bc07860c756
+  repo_id: 1001
+  issue_id: 1001
+  release_id: 0
+  uploader_id: 1002
+  comment_id: 1002
+  name: attach1
+  download_count: 0
+  size: 0
+  created_unix: 1771300008

From b55d819a914dd520e86137662c34f609d8e39163 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 28 Feb 2026 01:48:18 +0100
Subject: [PATCH 428/854] chore: add unit test

---
 services/release/release_test.go | 34 ++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/services/release/release_test.go b/services/release/release_test.go
index 2a593862ce..e05efd9658 100644
--- a/services/release/release_test.go
+++ b/services/release/release_test.go
@@ -14,6 +14,7 @@ import (
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/test"
+	"forgejo.org/modules/util"
 	"forgejo.org/services/attachment"
 
 	"github.com/stretchr/testify/assert"
@@ -379,6 +380,39 @@ func TestRelease_Update(t *testing.T) {
 	assert.Equal(t, release.ID, release.Attachments[0].ReleaseID)
 	assert.Equal(t, "test2", release.Attachments[0].Name)
 	assert.Equal(t, "https://about.gitea.com/", release.Attachments[0].ExternalURL)
+
+	// delete the attachment
+	require.NoError(t, UpdateRelease(db.DefaultContext, user, gitRepo, release, false, []*AttachmentChange{
+		{
+			Action: "delete",
+			UUID:   externalAttachmentUUID,
+		},
+	}))
+	release.Attachments = nil
+	require.NoError(t, repo_model.GetReleaseAttachments(db.DefaultContext, release))
+	assert.Empty(t, release.Attachments)
+
+	t.Run("Permission denied", func(t *testing.T) {
+		require.NoError(t, UpdateRelease(t.Context(), user, gitRepo, release, false, []*AttachmentChange{
+			{
+				Action: "add",
+				Type:   "attachment",
+				UUID:   "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a13",
+			},
+		}))
+		require.NoError(t, repo_model.GetReleaseAttachments(t.Context(), release))
+		assert.Empty(t, release.Attachments)
+
+		require.ErrorIs(t, UpdateRelease(t.Context(), user, gitRepo, release, false, []*AttachmentChange{
+			{
+				Action: "update",
+				Name:   "test2.txt",
+				UUID:   "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a13",
+			},
+		}), util.ErrPermissionDenied)
+		require.NoError(t, repo_model.GetReleaseAttachments(t.Context(), release))
+		assert.Empty(t, release.Attachments)
+	})
 }
 
 func TestRelease_createTag(t *testing.T) {

From af0173894a6f93a991ae0d5baece6e2e6ec89d00 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 20 Feb 2026 18:10:49 +0100
Subject: [PATCH 429/854] fix: consider more risky redirects

After evaluating `..`, it's possible that the resulting path is a risky
redirect, as it might be a "browser" special redirect. Detect this case.
---
 modules/httplib/url.go      | 19 ++++++++++++++++---
 modules/httplib/url_test.go |  7 +++++--
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/modules/httplib/url.go b/modules/httplib/url.go
index 32a02e3277..66ea77add7 100644
--- a/modules/httplib/url.go
+++ b/modules/httplib/url.go
@@ -1,20 +1,26 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2026 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package httplib
 
 import (
 	"net/url"
+	"path"
 	"strings"
 
 	"forgejo.org/modules/setting"
 )
 
+// Unfortunately browsers consider a redirect Location with preceding "//", "\\", "/\" and "\/" as meaning redirect to "http(s)://REST_OF_PATH"
+// Therefore we should ignore these redirect locations to prevent open redirects.
+func isBrowserRedirect(s string) bool {
+	return len(s) > 1 && (s[0] == '/' || s[0] == '\\') && (s[1] == '/' || s[1] == '\\')
+}
+
 // IsRiskyRedirectURL returns true if the URL is considered risky for redirects
 func IsRiskyRedirectURL(s string) bool {
-	// Unfortunately browsers consider a redirect Location with preceding "//", "\\", "/\" and "\/" as meaning redirect to "http(s)://REST_OF_PATH"
-	// Therefore we should ignore these redirect locations to prevent open redirects
-	if len(s) > 1 && (s[0] == '/' || s[0] == '\\') && (s[1] == '/' || s[1] == '\\') {
+	if isBrowserRedirect(s) {
 		return true
 	}
 
@@ -23,5 +29,12 @@ func IsRiskyRedirectURL(s string) bool {
 		return true
 	}
 
+	// If the path contains `..` then it's still possible this is seen
+	// as a browser redirect, use `path.Clean` to eliminate each inner `..`
+	// and then check if that might be a browser redirect.
+	if strings.Contains(u.Path, "..") {
+		return isBrowserRedirect(path.Clean(u.Path))
+	}
+
 	return false
 }
diff --git a/modules/httplib/url_test.go b/modules/httplib/url_test.go
index cd2ceac267..0fd59c13a6 100644
--- a/modules/httplib/url_test.go
+++ b/modules/httplib/url_test.go
@@ -29,7 +29,6 @@ func TestIsRiskyRedirectURL(t *testing.T) {
 		{"/sub/foo", false},
 		{"http://localhost:3000/sub/foo", false},
 		{"http://localhost:3000/sub/test?param=false", false},
-		// FIXME: should probably be true (would requires resolving references using setting.appURL.ResolveReference(u))
 		{"/sub/../", false},
 		{"http://localhost:3000/sub/../", false},
 		{"/sUb/", false},
@@ -58,10 +57,12 @@ func TestIsRiskyRedirectURL(t *testing.T) {
 		{"://missing protocol scheme", true},
 		// FIXME: should probably be false
 		{"//localhost:3000/sub/test?param=false", true},
+		{"/a/../\\example.com", true},
+		{"/a/%2e%2e/\\example.com", true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.input, func(t *testing.T) {
-			assert.Equal(t, tt.want, IsRiskyRedirectURL(tt.input))
+			assert.Equal(t, tt.want, IsRiskyRedirectURL(tt.input), tt.input)
 		})
 	}
 }
@@ -114,6 +115,8 @@ func TestIsRiskyRedirectURLWithoutSubURL(t *testing.T) {
 		{"https://next.forgejo.org", true},
 		{"//next.forgejo.org/test?param=false", true},
 		{"//next.forgejo.org/sub/test?param=false", true},
+		{"/a/../\\example.com", true},
+		{"/a/%2e%2e/\\example.com", true},
 	}
 	for _, tt := range tests {
 		t.Run(tt.input, func(t *testing.T) {

From f0e8763867338c4fd9d8a82be20b5f498e26d240 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 20 Feb 2026 20:42:56 +0100
Subject: [PATCH 430/854] fix: check the permission of canceling automerge

The API already checked the permission sufficiently if auto merge could
be cancelled by the doer. The web route did not. Consolidate this check
in the function that lives in the services directory.
---
 options/locale_next/locale_en-US.json |  1 +
 routers/api/v1/repo/pull.go           | 34 ++++++++-------------------
 routers/web/repo/pull.go              | 17 +++++++++-----
 services/automerge/automerge.go       | 21 ++++++++++++++++-
 4 files changed, 42 insertions(+), 31 deletions(-)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 9047ca393c..f1849af859 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -61,6 +61,7 @@
 	"issues.updated": "updated %s",
 	"issues.filters.labels.exclude": "Exclude label",
 	"issues.filters.labels.unexclude": "Clear exclusion",
+	"repo.pulls.auto_merge.no_permission": "You do not have permission to cancel this pull request's auto merge.",
 	"repo.pulls.poster_manage_approval": "Manage approval",
 	"repo.pulls.poster_requires_approval": "Some workflows are <a href=\"%[1]s\">waiting to be reviewed</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "The author of this pull request is not trusted to run workflows triggered by a pull request created from a forked repository or with AGit. The workflows triggered by a `pull_request` event will not run until they are approved.",
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 2e5babdf31..cae39a1466 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -14,6 +14,7 @@ import (
 
 	"forgejo.org/models"
 	activities_model "forgejo.org/models/activities"
+	"forgejo.org/models/db"
 	git_model "forgejo.org/models/git"
 	issues_model "forgejo.org/models/issues"
 	access_model "forgejo.org/models/perm/access"
@@ -1373,33 +1374,18 @@ func CancelScheduledAutoMerge(ctx *context.APIContext) {
 		return
 	}
 
-	exist, autoMerge, err := pull_model.GetScheduledMergeByPullID(ctx, pull.ID)
-	if err != nil {
-		ctx.InternalServerError(err)
-		return
-	}
-	if !exist {
-		ctx.NotFound()
-		return
-	}
-
-	if ctx.Doer.ID != autoMerge.DoerID {
-		allowed, err := access_model.IsUserRepoAdmin(ctx, ctx.Repo.Repository, ctx.Doer)
-		if err != nil {
-			ctx.InternalServerError(err)
-			return
-		}
-		if !allowed {
+	if err := automerge.RemoveScheduledAutoMerge(ctx, ctx.Doer, pull, ctx.Repo.Permission); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
 			ctx.Error(http.StatusForbidden, "No permission to cancel", "user has no permission to cancel the scheduled auto merge")
-			return
+		case db.IsErrNotExist(err):
+			ctx.NotFound()
+		default:
+			ctx.InternalServerError(err)
 		}
+		return
 	}
-
-	if err := automerge.RemoveScheduledAutoMerge(ctx, ctx.Doer, pull); err != nil {
-		ctx.InternalServerError(err)
-	} else {
-		ctx.Status(http.StatusNoContent)
-	}
+	ctx.Status(http.StatusNoContent)
 }
 
 // GetPullRequestCommits gets all commits associated with a given PR
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index 69710824a4..781a001fba 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -1538,17 +1538,22 @@ func CancelAutoMergePullRequest(ctx *context.Context) {
 		return
 	}
 
-	if err := automerge.RemoveScheduledAutoMerge(ctx, ctx.Doer, issue.PullRequest); err != nil {
-		if db.IsErrNotExist(err) {
+	if err := automerge.RemoveScheduledAutoMerge(ctx, ctx.Doer, issue.PullRequest, ctx.Repo.Permission); err != nil {
+		switch {
+		case errors.Is(err, util.ErrPermissionDenied):
+			ctx.Flash.Error(ctx.Tr("repo.pulls.auto_merge.no_permission"))
+			ctx.Redirect(issue.HTMLURL())
+		case db.IsErrNotExist(err):
 			ctx.Flash.Error(ctx.Tr("repo.pulls.auto_merge_not_scheduled"))
-			ctx.Redirect(fmt.Sprintf("%s/pulls/%d", ctx.Repo.RepoLink, issue.Index))
-			return
+			ctx.Redirect(issue.HTMLURL())
+		default:
+			ctx.ServerError("RemoveScheduledAutoMerge", err)
 		}
-		ctx.ServerError("RemoveScheduledAutoMerge", err)
 		return
 	}
+
 	ctx.Flash.Success(ctx.Tr("repo.pulls.auto_merge_canceled_schedule"))
-	ctx.Redirect(fmt.Sprintf("%s/pulls/%d", ctx.Repo.RepoLink, issue.Index))
+	ctx.Redirect(issue.HTMLURL())
 }
 
 func stopTimerIfAvailable(ctx *context.Context, user *user_model.User, issue *issues_model.Issue) error {
diff --git a/services/automerge/automerge.go b/services/automerge/automerge.go
index 0cdc113379..099d048927 100644
--- a/services/automerge/automerge.go
+++ b/services/automerge/automerge.go
@@ -20,6 +20,7 @@ import (
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/process"
 	"forgejo.org/modules/queue"
+	"forgejo.org/modules/util"
 	notify_service "forgejo.org/services/notify"
 	pull_service "forgejo.org/services/pull"
 	repo_service "forgejo.org/services/repository"
@@ -67,7 +68,25 @@ func ScheduleAutoMerge(ctx context.Context, doer *user_model.User, pull *issues_
 }
 
 // RemoveScheduledAutoMerge cancels a previously scheduled pull request
-func RemoveScheduledAutoMerge(ctx context.Context, doer *user_model.User, pull *issues_model.PullRequest) error {
+func RemoveScheduledAutoMerge(ctx context.Context, doer *user_model.User, pull *issues_model.PullRequest, repoPerms access_model.Permission) error {
+	exist, autoMerge, err := pull_model.GetScheduledMergeByPullID(ctx, pull.ID)
+	if err != nil {
+		return err
+	}
+	if !exist {
+		return db.ErrNotExist{Resource: "auto_merge", ID: pull.ID}
+	}
+
+	if doer.ID != autoMerge.DoerID {
+		allowed, err := pull_service.IsUserAllowedToMerge(ctx, pull, repoPerms, doer)
+		if err != nil {
+			return err
+		}
+		if !allowed {
+			return util.ErrPermissionDenied
+		}
+	}
+
 	return db.WithTx(ctx, func(ctx context.Context) error {
 		if err := pull_model.DeleteScheduledAutoMerge(ctx, pull.ID); err != nil {
 			return err

From a4fc54830e6c7b30e8261b6c6e942c6b9b2db9cf Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 24 Feb 2026 02:04:49 +0100
Subject: [PATCH 431/854] chore: unit testing

---
 services/automerge/automerge_test.go          | 54 +++++++++++++++++++
 .../pull_auto_merge.yml                       |  8 +++
 services/automerge/main_test.go               | 14 +++++
 3 files changed, 76 insertions(+)
 create mode 100644 services/automerge/automerge_test.go
 create mode 100644 services/automerge/fixtures/TestRemoveScheduledAutoMerge/pull_auto_merge.yml
 create mode 100644 services/automerge/main_test.go

diff --git a/services/automerge/automerge_test.go b/services/automerge/automerge_test.go
new file mode 100644
index 0000000000..4ad5b70cce
--- /dev/null
+++ b/services/automerge/automerge_test.go
@@ -0,0 +1,54 @@
+// Copyright 2026 Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package automerge
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	issues_model "forgejo.org/models/issues"
+	"forgejo.org/models/perm"
+	access_model "forgejo.org/models/perm/access"
+	pull_model "forgejo.org/models/pull"
+	"forgejo.org/models/unit"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/util"
+	"github.com/stretchr/testify/require"
+)
+
+func TestRemoveScheduledAutoMerge(t *testing.T) {
+	defer unittest.OverrideFixtures("services/automerge/fixtures/TestRemoveScheduledAutoMerge")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+	pull1 := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 1})
+	pull2 := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 2})
+
+	t.Run("No automerge", func(t *testing.T) {
+		err := RemoveScheduledAutoMerge(t.Context(), user5, pull2, access_model.Permission{})
+		require.ErrorIs(t, err, db.ErrNotExist{Resource: "auto_merge", ID: 2})
+	})
+
+	t.Run("No permission", func(t *testing.T) {
+		err := RemoveScheduledAutoMerge(t.Context(), user5, pull1, access_model.Permission{})
+		require.ErrorIs(t, err, util.ErrPermissionDenied)
+
+		err = RemoveScheduledAutoMerge(t.Context(), user5, pull1, access_model.Permission{UnitsMode: map[unit.Type]perm.AccessMode{
+			unit.TypePullRequests: perm.AccessModeRead,
+		}})
+		require.ErrorIs(t, err, util.ErrPermissionDenied)
+	})
+
+	t.Run("Normal", func(t *testing.T) {
+		err := RemoveScheduledAutoMerge(t.Context(), user2, pull1, access_model.Permission{UnitsMode: map[unit.Type]perm.AccessMode{
+			unit.TypePullRequests: perm.AccessModeWrite,
+		}})
+		require.NoError(t, err)
+
+		unittest.AssertExistsIf(t, false, &pull_model.AutoMerge{PullID: pull1.ID})
+		unittest.AssertExistsIf(t, true, &issues_model.Comment{IssueID: pull1.IssueID, Type: issues_model.CommentTypePRUnScheduledToAutoMerge})
+	})
+}
diff --git a/services/automerge/fixtures/TestRemoveScheduledAutoMerge/pull_auto_merge.yml b/services/automerge/fixtures/TestRemoveScheduledAutoMerge/pull_auto_merge.yml
new file mode 100644
index 0000000000..2cacb611c3
--- /dev/null
+++ b/services/automerge/fixtures/TestRemoveScheduledAutoMerge/pull_auto_merge.yml
@@ -0,0 +1,8 @@
+-
+  id: 1001
+  pull_id: 1
+  doer_id: 2
+  merge_style: "merge"
+  message: "Automatically merged"
+  delete_branch_after_merge: false
+  created_unix: 1771800000
diff --git a/services/automerge/main_test.go b/services/automerge/main_test.go
new file mode 100644
index 0000000000..8c0e558b17
--- /dev/null
+++ b/services/automerge/main_test.go
@@ -0,0 +1,14 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package automerge
+
+import (
+	"testing"
+
+	"forgejo.org/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m)
+}

From 0da92e47ca1d58597fe4607c6ea38d08d1233615 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 24 Feb 2026 03:15:02 +0100
Subject: [PATCH 432/854] chore: add integration testing

---
 services/automerge/automerge_test.go      |   1 +
 tests/integration/pull_auto_merge_test.go | 106 ++++++++++++++++++++++
 2 files changed, 107 insertions(+)
 create mode 100644 tests/integration/pull_auto_merge_test.go

diff --git a/services/automerge/automerge_test.go b/services/automerge/automerge_test.go
index 4ad5b70cce..38ed4dcd9f 100644
--- a/services/automerge/automerge_test.go
+++ b/services/automerge/automerge_test.go
@@ -15,6 +15,7 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/util"
+
 	"github.com/stretchr/testify/require"
 )
 
diff --git a/tests/integration/pull_auto_merge_test.go b/tests/integration/pull_auto_merge_test.go
new file mode 100644
index 0000000000..e9a428d4e7
--- /dev/null
+++ b/tests/integration/pull_auto_merge_test.go
@@ -0,0 +1,106 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+	"path"
+	"strings"
+	"testing"
+	"time"
+
+	unit_model "forgejo.org/models/unit"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
+	app_context "forgejo.org/services/context"
+	files_service "forgejo.org/services/repository/files"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPullRemoveAutomerge(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+		user5Session := loginUser(t, user5.Name)
+		user2Session := loginUser(t, "user2")
+
+		repo, _, f := tests.CreateDeclarativeRepo(t, user5, "",
+			[]unit_model.Type{unit_model.TypeCode, unit_model.TypePullRequests}, nil,
+			[]*files_service.ChangeRepoFile{
+				{
+					Operation: "create",
+					TreePath:  "FUNFACT",
+					ContentReader: strings.NewReader(
+						"The Netherlands got its first openly gay prime minister today."),
+				},
+			},
+		)
+		defer f()
+
+		dstPath := t.TempDir()
+		cloneURL, _ := url.Parse(fmt.Sprintf("%suser5/%s.git", u.String(), repo.Name))
+		cloneURL.User = url.UserPassword("user5", userPassword)
+		require.NoError(t, git.CloneWithArgs(t.Context(), nil, cloneURL.String(), dstPath, git.CloneRepoOptions{}))
+		doGitSetRemoteURL(dstPath, "origin", cloneURL)(t)
+
+		require.NoError(t, git.NewCommand(t.Context(), "switch", "-c", "new-fun-fact").Run(&git.RunOpts{Dir: dstPath}))
+
+		require.NoError(t, os.WriteFile(path.Join(dstPath, "README.md"), []byte("The house of representative already had that in 1937."), 0o600))
+		require.NoError(t, git.AddChanges(dstPath, true))
+		require.NoError(t, git.CommitChanges(dstPath, git.CommitChangesOptions{
+			Committer: &git.Signature{
+				Email: "user2@example.com",
+				Name:  "user2",
+				When:  time.Now(),
+			},
+			Author: &git.Signature{
+				Email: "user2@example.com",
+				Name:  "user2",
+				When:  time.Now(),
+			},
+			Message: "Update funfact.",
+		}))
+
+		require.NoError(t, git.NewCommand(t.Context(), "push", "origin", "HEAD:refs/for/main", "-o", "topic=new-fun-fact").Run(&git.RunOpts{Dir: dstPath}))
+
+		// Create a protected branch rule for automerge.
+		user5Session.MakeRequest(t, NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/settings/branches/edit", repo.FullName()), map[string]string{
+			"rule_name":          "main",
+			"required_approvals": "1",
+		}), http.StatusSeeOther)
+
+		// Start a automerge for new pull request.
+		user5Session.MakeRequest(t, NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/pulls/1/merge", repo.FullName()), map[string]string{
+			"merge_message_field":       "I love automation when it works",
+			"do":                        "merge",
+			"merge_when_checks_succeed": "true",
+		}), http.StatusOK)
+
+		t.Run("No permission", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			user2Session.MakeRequest(t, NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/pulls/1/cancel_auto_merge", repo.FullName()), nil), http.StatusSeeOther)
+
+			flashCookie := user2Session.GetCookie(app_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Equal(t, "error%3DYou%2Bdo%2Bnot%2Bhave%2Bpermission%2Bto%2Bcancel%2Bthis%2Bpull%2Brequest%2527s%2Bauto%2Bmerge.", flashCookie.Value)
+		})
+
+		t.Run("Normal", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			user5Session.MakeRequest(t, NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/pulls/1/cancel_auto_merge", repo.FullName()), nil), http.StatusSeeOther)
+
+			flashCookie := user5Session.GetCookie(app_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Equal(t, "success%3DThe%2Bauto%2Bmerge%2Bwas%2Bcanceled%2Bfor%2Bthis%2Bpull%2Brequest.", flashCookie.Value)
+		})
+	})
+}

From 837557166b138304b800bdcd77141f15d80a6a43 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 21 Feb 2026 13:47:15 +0100
Subject: [PATCH 433/854] fix: check owner when changing state of project

It was sufficiently checked for the repostiory case, but for user/org
project it was not checked and you could change the state of any
project by there mere knowledge of a ID.
---
 models/project/project.go      | 62 ++++++++++++++++------------------
 models/project/project_test.go | 37 --------------------
 routers/web/org/projects.go    |  9 +++--
 routers/web/repo/projects.go   |  9 +++--
 4 files changed, 43 insertions(+), 74 deletions(-)

diff --git a/models/project/project.go b/models/project/project.go
index c095087e51..3a36613b49 100644
--- a/models/project/project.go
+++ b/models/project/project.go
@@ -309,6 +309,18 @@ func GetProjectForRepoByID(ctx context.Context, repoID, id int64) (*Project, err
 	return p, nil
 }
 
+// GetProjectForUserByID returns the project by id that belongs to the specified user.
+func GetProjectForUserByID(ctx context.Context, uid, id int64) (*Project, error) {
+	p := new(Project)
+	has, err := db.GetEngine(ctx).Where("id=? AND owner_id=?", id, uid).Get(p)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrProjectNotExist{ID: id}
+	}
+	return p, nil
+}
+
 // UpdateProject updates project properties
 func UpdateProject(ctx context.Context, p *Project) error {
 	if !IsCardTypeValid(p.CardType) {
@@ -346,42 +358,26 @@ func updateRepositoryProjectCount(ctx context.Context, repoID int64) error {
 	return nil
 }
 
-// ChangeProjectStatusByRepoIDAndID toggles a project between opened and closed
-func ChangeProjectStatusByRepoIDAndID(ctx context.Context, repoID, projectID int64, isClosed bool) error {
-	ctx, committer, err := db.TxContext(ctx)
-	if err != nil {
-		return err
-	}
-	defer committer.Close()
-
-	p := new(Project)
-
-	has, err := db.GetEngine(ctx).ID(projectID).Where("repo_id = ?", repoID).Get(p)
-	if err != nil {
-		return err
-	} else if !has {
-		return ErrProjectNotExist{ID: projectID, RepoID: repoID}
-	}
-
-	if err := changeProjectStatus(ctx, p, isClosed); err != nil {
-		return err
-	}
-
-	return committer.Commit()
-}
-
-func changeProjectStatus(ctx context.Context, p *Project, isClosed bool) error {
-	p.IsClosed = isClosed
-	p.ClosedDateUnix = timeutil.TimeStampNow()
-	count, err := db.GetEngine(ctx).ID(p.ID).Where("repo_id = ? AND is_closed = ?", p.RepoID, !isClosed).Cols("is_closed", "closed_date_unix").Update(p)
-	if err != nil {
-		return err
-	}
-	if count < 1 {
+// ChangeProjectStatus changes the status of the specified project to the state
+// specified via the `isClosed` argument.
+func ChangeProjectStatus(ctx context.Context, p *Project, isClosed bool) error {
+	if p.IsClosed == isClosed {
 		return nil
 	}
 
-	return updateRepositoryProjectCount(ctx, p.RepoID)
+	return db.WithTx(ctx, func(ctx context.Context) error {
+		p.IsClosed = isClosed
+		p.ClosedDateUnix = timeutil.TimeStampNow()
+		count, err := db.GetEngine(ctx).ID(p.ID).Cols("is_closed", "closed_date_unix").Update(p)
+		if err != nil {
+			return err
+		}
+		if count < 1 {
+			return nil
+		}
+
+		return updateRepositoryProjectCount(ctx, p.RepoID)
+	})
 }
 
 // DeleteProjectByID deletes a project from a repository. if it's not in a database
diff --git a/models/project/project_test.go b/models/project/project_test.go
index b6f7c7db27..73b8f01f00 100644
--- a/models/project/project_test.go
+++ b/models/project/project_test.go
@@ -8,7 +8,6 @@ import (
 
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
-	"forgejo.org/modules/timeutil"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -48,42 +47,6 @@ func TestGetProjects(t *testing.T) {
 	assert.Len(t, projects, 1)
 }
 
-func TestProject(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-
-	project := &Project{
-		Type:         TypeRepository,
-		TemplateType: TemplateTypeBasicKanban,
-		CardType:     CardTypeTextOnly,
-		Title:        "New Project",
-		RepoID:       1,
-		CreatedUnix:  timeutil.TimeStampNow(),
-		CreatorID:    2,
-	}
-
-	require.NoError(t, NewProject(db.DefaultContext, project))
-
-	_, err := GetProjectByID(db.DefaultContext, project.ID)
-	require.NoError(t, err)
-
-	// Update project
-	project.Title = "Updated title"
-	require.NoError(t, UpdateProject(db.DefaultContext, project))
-
-	projectFromDB, err := GetProjectByID(db.DefaultContext, project.ID)
-	require.NoError(t, err)
-
-	assert.Equal(t, project.Title, projectFromDB.Title)
-
-	require.NoError(t, ChangeProjectStatusByRepoIDAndID(db.DefaultContext, project.RepoID, project.ID, true))
-
-	// Retrieve from DB afresh to check if it is truly closed
-	projectFromDB, err = GetProjectByID(db.DefaultContext, project.ID)
-	require.NoError(t, err)
-
-	assert.True(t, projectFromDB.IsClosed)
-}
-
 func TestProjectsSort(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
diff --git a/routers/web/org/projects.go b/routers/web/org/projects.go
index 66c560f55e..a492d85d84 100644
--- a/routers/web/org/projects.go
+++ b/routers/web/org/projects.go
@@ -218,8 +218,13 @@ func ChangeProjectStatus(ctx *context.Context) {
 	}
 	id := ctx.ParamsInt64(":id")
 
-	if err := project_model.ChangeProjectStatusByRepoIDAndID(ctx, 0, id, toClose); err != nil {
-		ctx.NotFoundOrServerError("ChangeProjectStatusByRepoIDAndID", project_model.IsErrProjectNotExist, err)
+	project, err := project_model.GetProjectForUserByID(ctx, ctx.ContextUser.ID, id)
+	if err != nil {
+		ctx.NotFoundOrServerError("GetProjectForUserByID", project_model.IsErrProjectNotExist, err)
+		return
+	}
+	if err := project_model.ChangeProjectStatus(ctx, project, toClose); err != nil {
+		ctx.ServerError("ChangeProjectStatus", err)
 		return
 	}
 	ctx.JSONRedirect(project_model.ProjectLinkForOrg(ctx.ContextUser, id))
diff --git a/routers/web/repo/projects.go b/routers/web/repo/projects.go
index ecc1cc89d9..e3e9ce0eb7 100644
--- a/routers/web/repo/projects.go
+++ b/routers/web/repo/projects.go
@@ -192,8 +192,13 @@ func ChangeProjectStatus(ctx *context.Context) {
 	}
 	id := ctx.ParamsInt64(":id")
 
-	if err := project_model.ChangeProjectStatusByRepoIDAndID(ctx, ctx.Repo.Repository.ID, id, toClose); err != nil {
-		ctx.NotFoundOrServerError("ChangeProjectStatusByRepoIDAndID", project_model.IsErrProjectNotExist, err)
+	project, err := project_model.GetProjectForRepoByID(ctx, ctx.Repo.Repository.ID, id)
+	if err != nil {
+		ctx.NotFoundOrServerError("GetProjectForRepoByID", project_model.IsErrProjectNotExist, err)
+		return
+	}
+	if err := project_model.ChangeProjectStatus(ctx, project, toClose); err != nil {
+		ctx.ServerError("ChangeProjectStatus", err)
 		return
 	}
 	ctx.JSONRedirect(project_model.ProjectLinkForRepo(ctx.Repo.Repository, id))

From 4f464db8a74bd22c2eb71a403e9130f9f585145f Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 21 Feb 2026 14:09:01 +0100
Subject: [PATCH 434/854] chore: add unit tests

Unit tests for model functions
---
 models/project/project_test.go | 73 ++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/models/project/project_test.go b/models/project/project_test.go
index 73b8f01f00..8a50d73ebc 100644
--- a/models/project/project_test.go
+++ b/models/project/project_test.go
@@ -1,4 +1,5 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
+// Copyright 2026 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package project
@@ -7,6 +8,7 @@ import (
 	"testing"
 
 	"forgejo.org/models/db"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 
 	"github.com/stretchr/testify/assert"
@@ -85,3 +87,74 @@ func TestProjectsSort(t *testing.T) {
 		}
 	}
 }
+
+func TestGetProjectForUserByID(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	found := func(t *testing.T, uid, id int64) {
+		t.Helper()
+
+		p, err := GetProjectForUserByID(t.Context(), uid, id)
+		require.NoError(t, err)
+		if assert.NotNil(t, p) {
+			assert.Equal(t, id, p.ID)
+		}
+	}
+
+	notFound := func(t *testing.T, uid, id int64) {
+		t.Helper()
+
+		p, err := GetProjectForUserByID(t.Context(), uid, id)
+		require.ErrorIs(t, err, ErrProjectNotExist{ID: id})
+		assert.Nil(t, p)
+	}
+
+	found(t, 2, 4)
+	found(t, 2, 5)
+	found(t, 2, 6)
+	found(t, 3, 7)
+	notFound(t, 1, 4)
+	notFound(t, 1, 5)
+	notFound(t, 1, 6)
+	notFound(t, 1, 7)
+}
+
+func TestChangeProjectStatus(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("Unchanged", func(t *testing.T) {
+		project := unittest.AssertExistsAndLoadBean(t, &Project{ID: 1})
+
+		require.NoError(t, ChangeProjectStatus(t.Context(), project, project.IsClosed))
+
+		projectAfter := unittest.AssertExistsAndLoadBean(t, &Project{ID: 1})
+		assert.Equal(t, project.IsClosed, projectAfter.IsClosed)
+	})
+
+	t.Run("Normal", func(t *testing.T) {
+		project := unittest.AssertExistsAndLoadBean(t, &Project{ID: 1})
+		isClosed := !project.IsClosed
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: project.RepoID})
+
+		require.NoError(t, ChangeProjectStatus(t.Context(), project, isClosed))
+
+		projectAfter := unittest.AssertExistsAndLoadBean(t, &Project{ID: 1})
+		repoAfter := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: project.RepoID})
+		assert.Equal(t, isClosed, projectAfter.IsClosed)
+		assert.Equal(t, repo.NumProjects, repoAfter.NumProjects)
+		assert.Equal(t, repo.NumOpenProjects-1, repoAfter.NumOpenProjects)
+		assert.Equal(t, repo.NumClosedProjects+1, repoAfter.NumClosedProjects)
+	})
+
+	t.Run("Invalid ID", func(t *testing.T) {
+		project := &Project{ID: 1001, RepoID: 1}
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: project.RepoID})
+
+		require.NoError(t, ChangeProjectStatus(t.Context(), project, true))
+
+		repoAfter := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: project.RepoID})
+		assert.Equal(t, repo.NumProjects, repoAfter.NumProjects)
+		assert.Equal(t, repo.NumOpenProjects, repoAfter.NumOpenProjects)
+		assert.Equal(t, repo.NumClosedProjects, repoAfter.NumClosedProjects)
+	})
+}

From 58d844b32033701292121a9720135cafa83a5eb3 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 21 Feb 2026 14:32:45 +0100
Subject: [PATCH 435/854] chore: add integration testing

---
 tests/integration/project_test.go | 82 +++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)

diff --git a/tests/integration/project_test.go b/tests/integration/project_test.go
index b8fcafab7a..955caaf6f7 100644
--- a/tests/integration/project_test.go
+++ b/tests/integration/project_test.go
@@ -1,4 +1,5 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2026 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package integration
@@ -78,3 +79,84 @@ func TestMoveRepoProjectColumns(t *testing.T) {
 
 	require.NoError(t, project_model.DeleteProjectByID(db.DefaultContext, project1.ID))
 }
+
+func TestChangeStatusProject(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user5 := loginUser(t, "user5")
+	user2 := loginUser(t, "user2")
+
+	t.Run("User", func(t *testing.T) {
+		project4CloseURL := "/user2/-/projects/4/close"
+
+		t.Run("Doer is not context user", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			user5.MakeRequest(t, NewRequest(t, "POST", project4CloseURL), http.StatusNotFound)
+			unittest.AssertExistsIf(t, true, &project_model.Project{ID: 4}, "is_closed = false")
+		})
+
+		t.Run("Wrong ID", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			user5.MakeRequest(t, NewRequest(t, "POST", "/user5/-/projects/4/close"), http.StatusNotFound)
+			unittest.AssertExistsIf(t, true, &project_model.Project{ID: 4}, "is_closed = false")
+
+			user5.MakeRequest(t, NewRequest(t, "POST", "/user5/-/projects/1/close"), http.StatusNotFound)
+			unittest.AssertExistsIf(t, true, &project_model.Project{ID: 1}, "is_closed = false")
+
+			user5.MakeRequest(t, NewRequest(t, "POST", "/user5/-/projects/7/close"), http.StatusNotFound)
+			unittest.AssertExistsIf(t, true, &project_model.Project{ID: 7}, "is_closed = false")
+		})
+
+		t.Run("Normal", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			user2.MakeRequest(t, NewRequest(t, "POST", project4CloseURL), http.StatusOK)
+			unittest.AssertExistsIf(t, true, &project_model.Project{ID: 4}, "is_closed = true")
+		})
+	})
+
+	t.Run("Organization", func(t *testing.T) {
+		project7CloseURL := "/org3/-/projects/7/close"
+
+		t.Run("Doer does not have permission", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			user5.MakeRequest(t, NewRequest(t, "POST", project7CloseURL), http.StatusNotFound)
+			unittest.AssertExistsIf(t, true, &project_model.Project{ID: 7}, "is_closed = false")
+		})
+
+		t.Run("Normal", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			user2.MakeRequest(t, NewRequest(t, "POST", project7CloseURL), http.StatusOK)
+			unittest.AssertExistsIf(t, true, &project_model.Project{ID: 7}, "is_closed = true")
+		})
+	})
+
+	t.Run("Repository", func(t *testing.T) {
+		project1CloseURL := "/user2/repo1/projects/1/close"
+
+		t.Run("Doer does not have permission", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			user5.MakeRequest(t, NewRequest(t, "POST", project1CloseURL), http.StatusNotFound)
+			unittest.AssertExistsIf(t, true, &project_model.Project{ID: 1}, "is_closed = false")
+		})
+
+		t.Run("Wrong ID", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			user5.MakeRequest(t, NewRequest(t, "POST", "/user5/repo4/projects/1/close"), http.StatusNotFound)
+			unittest.AssertExistsIf(t, true, &project_model.Project{ID: 1}, "is_closed = false")
+		})
+
+		t.Run("Normal", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			user2.MakeRequest(t, NewRequest(t, "POST", project1CloseURL), http.StatusOK)
+			unittest.AssertExistsIf(t, true, &project_model.Project{ID: 1}, "is_closed = true")
+		})
+	})
+}

From 5e1a2f9cc493bfd78da821e5f75faafd9b6d0ff7 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 21 Feb 2026 14:47:07 +0100
Subject: [PATCH 436/854] fix: filter recipients for new release mails

Remove recipients that are not active (e.g. done by moderation or
organizational reasons) and those that have the permi ssion to read
releases on that repository.
---
 services/mailer/mail_release.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/services/mailer/mail_release.go b/services/mailer/mail_release.go
index 0f2ef33fe1..2111083bd4 100644
--- a/services/mailer/mail_release.go
+++ b/services/mailer/mail_release.go
@@ -6,8 +6,11 @@ package mailer
 import (
 	"bytes"
 	"context"
+	"slices"
 
+	access_model "forgejo.org/models/perm/access"
 	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unit"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/base"
 	"forgejo.org/modules/log"
@@ -40,6 +43,12 @@ func MailNewRelease(ctx context.Context, rel *repo_model.Release) {
 		return
 	}
 
+	// Users are not eligible to receive this mail if they are not active or
+	// they don't have permissions to read releases.
+	recipients = slices.DeleteFunc(recipients, func(u *user_model.User) bool {
+		return !u.IsActive || !access_model.CheckRepoUnitUser(ctx, rel.Repo, u, unit.TypeReleases)
+	})
+
 	langMap := make(map[string][]*user_model.User)
 	for _, user := range recipients {
 		if user.ID != rel.PublisherID {

From 39078d478a43a164bb47712ced6115c6947e792e Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 21 Feb 2026 16:00:11 +0100
Subject: [PATCH 437/854] chore: add unit test

---
 .../fixtures/TestMailNewRelease/watch.yml     |   5 +
 services/mailer/mail_release_test.go          | 122 ++++++++++++++++++
 2 files changed, 127 insertions(+)
 create mode 100644 services/mailer/fixtures/TestMailNewRelease/watch.yml
 create mode 100644 services/mailer/mail_release_test.go

diff --git a/services/mailer/fixtures/TestMailNewRelease/watch.yml b/services/mailer/fixtures/TestMailNewRelease/watch.yml
new file mode 100644
index 0000000000..4c488a6f85
--- /dev/null
+++ b/services/mailer/fixtures/TestMailNewRelease/watch.yml
@@ -0,0 +1,5 @@
+-
+ id: 1001
+ user_id: 11
+ repo_id: 41
+ mode: 1
diff --git a/services/mailer/mail_release_test.go b/services/mailer/mail_release_test.go
new file mode 100644
index 0000000000..4b37afb8cd
--- /dev/null
+++ b/services/mailer/mail_release_test.go
@@ -0,0 +1,122 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package mailer_test
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/gitrepo"
+	"forgejo.org/services/mailer"
+	release_service "forgejo.org/services/release"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestMailNewRelease(t *testing.T) {
+	defer unittest.OverrideFixtures("services/mailer/fixtures/TestMailNewRelease")()
+	defer require.NoError(t, unittest.PrepareTestDatabase())
+
+	user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	user11 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 11})
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+	gitRepo, err := gitrepo.OpenRepository(t.Context(), repo)
+	require.NoError(t, err)
+	defer gitRepo.Close()
+
+	t.Run("Normal", func(t *testing.T) {
+		called := false
+
+		defer mailer.MockMailSettings(func(msgs ...*mailer.Message) {
+			assert.Len(t, msgs, 2)
+			if user1.EmailTo() == msgs[0].To {
+				assert.Equal(t, user11.EmailTo(), msgs[1].To)
+			} else {
+				assert.Equal(t, user11.EmailTo(), msgs[0].To)
+				assert.Equal(t, user1.EmailTo(), msgs[1].To)
+			}
+
+			assert.Equal(t, "v0.1 in user2/repo1 released", msgs[0].Subject)
+			called = true
+		})()
+
+		require.NoError(t, release_service.CreateRelease(gitRepo, &repo_model.Release{
+			RepoID:      repo.ID,
+			Repo:        repo,
+			PublisherID: user2.ID,
+			Publisher:   user2,
+			TagName:     "v0.1",
+			Target:      "master",
+			Title:       "v0.1 is released",
+			Note:        "v0.1 is released",
+		}, "", []*release_service.AttachmentChange{}))
+
+		assert.True(t, called)
+	})
+
+	t.Run("Non-active user", func(t *testing.T) {
+		_, err := db.GetEngine(db.DefaultContext).Exec("UPDATE user SET is_active=false WHERE id=11")
+		require.NoError(t, err)
+
+		t.Cleanup(func() {
+			_, err := db.GetEngine(db.DefaultContext).Exec("UPDATE user SET is_active=true WHERE id=11")
+			require.NoError(t, err)
+		})
+		called := false
+
+		defer mailer.MockMailSettings(func(msgs ...*mailer.Message) {
+			assert.Len(t, msgs, 1)
+			assert.Equal(t, user1.EmailTo(), msgs[0].To)
+
+			assert.Equal(t, "v0.2 in user2/repo1 released", msgs[0].Subject)
+			called = true
+		})()
+
+		require.NoError(t, release_service.CreateRelease(gitRepo, &repo_model.Release{
+			RepoID:      repo.ID,
+			Repo:        repo,
+			PublisherID: user2.ID,
+			Publisher:   user2,
+			TagName:     "v0.2",
+			Target:      "master",
+			Title:       "v0.2 is released",
+			Note:        "v0.2 is released",
+		}, "", []*release_service.AttachmentChange{}))
+
+		assert.True(t, called)
+	})
+
+	t.Run("No permissions for releases", func(t *testing.T) {
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 41})
+
+		gitRepo, err := gitrepo.OpenRepository(t.Context(), repo)
+		require.NoError(t, err)
+		defer gitRepo.Close()
+
+		called := false
+
+		defer mailer.MockMailSettings(func(msgs ...*mailer.Message) {
+			called = true
+		})()
+
+		require.NoError(t, release_service.CreateRelease(gitRepo, &repo_model.Release{
+			RepoID:      repo.ID,
+			Repo:        repo,
+			PublisherID: user2.ID,
+			Publisher:   user2,
+			TagName:     "v0.2",
+			Target:      "master",
+			Title:       "v0.2 is released",
+			Note:        "v0.2 is released",
+		}, "", []*release_service.AttachmentChange{}))
+
+		assert.False(t, called)
+	})
+}

From c0d8c3221fe2764b8c32af9fba4448c7a45dbe24 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 7 Mar 2026 00:49:57 +0100
Subject: [PATCH 438/854] Update dependency minimatch to v10.2.4 (forgejo)
 (#11523)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11523
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 14 +++++++-------
 package.json      |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 8b3793d503..3099b5a66b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -57,7 +57,7 @@
         "katex": "0.16.33",
         "mermaid": "11.12.3",
         "mini-css-extract-plugin": "2.10.0",
-        "minimatch": "10.2.3",
+        "minimatch": "10.2.4",
         "pdfobject": "2.3.0",
         "postcss": "8.5.6",
         "postcss-loader": "8.2.1",
@@ -11759,9 +11759,9 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "10.2.3",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.3.tgz",
-      "integrity": "sha512-Rwi3pnapEqirPSbWbrZaa6N3nmqq4Xer/2XooiOKyV3q12ML06f7MOuc5DVH8ONZIFhwIYQ3yzPH4nt7iWHaTg==",
+      "version": "10.2.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
+      "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
       "license": "BlueOak-1.0.0",
       "dependencies": {
         "brace-expansion": "^5.0.2"
@@ -11783,9 +11783,9 @@
       }
     },
     "node_modules/minimatch/node_modules/brace-expansion": {
-      "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.3.tgz",
-      "integrity": "sha512-fy6KJm2RawA5RcHkLa1z/ScpBeA762UF9KmZQxwIbDtRJrgLzM10depAiEQ+CXYcoiqW1/m96OAAoke2nE9EeA==",
+      "version": "5.0.4",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.4.tgz",
+      "integrity": "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^4.0.2"
diff --git a/package.json b/package.json
index 8ba742fa23..b278d20650 100644
--- a/package.json
+++ b/package.json
@@ -56,7 +56,7 @@
     "katex": "0.16.33",
     "mermaid": "11.12.3",
     "mini-css-extract-plugin": "2.10.0",
-    "minimatch": "10.2.3",
+    "minimatch": "10.2.4",
     "pdfobject": "2.3.0",
     "postcss": "8.5.6",
     "postcss-loader": "8.2.1",

From 851356577c8ef7eefb351014a3ba8b6a670c0cd9 Mon Sep 17 00:00:00 2001
From: limiting-factor <limiting-factor@posteo.com>
Date: Sat, 7 Mar 2026 02:03:22 +0100
Subject: [PATCH 439/854] chore: do not leak global repository unit defaults
 (#11470)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The [test disabling the issue unit][0] took care of [reseting the disabled units][1]. However, it overlooked that calling [`LoadUnitConfig`][2] also has a [side effect on `DefaultRepoUnits`][3]. It happens when [`validateDefaultRepoUnits` has a side effect][4] on the array backing the slice, when it is [not recreated][5]. As a result the issue unit is disabled for all tests that run after this one.

The subtle side effect is harmless because it only happens in tests, the `LoadUnitConfig` is otherwise only called once. For clarity `LoadUnitConfig` is modified to clone the unit array being validated so that the returned slice is never backed by the same array as the argument.

As the global variables used for repository units should be saved and restored as a whole, a dedicated test function (`SaveUnits`) is provided to be used by both integration tests and unit tests. The test of the unit model is refactored to be a blackbox test in order to avoid an import cycle.

[0]: https://codeberg.org/forgejo/forgejo/src/commit/cce5f868cec11830d19126b90c659772708cd323/tests/integration/repo_settings_test.go#L258
[1]: https://codeberg.org/forgejo/forgejo/src/commit/cce5f868cec11830d19126b90c659772708cd323/tests/integration/repo_settings_test.go#L253
[2]: https://codeberg.org/forgejo/forgejo/src/commit/cce5f868cec11830d19126b90c659772708cd323/models/unit/unit.go#L171
[3]: https://codeberg.org/forgejo/forgejo/src/commit/cce5f868cec11830d19126b90c659772708cd323/models/unit/unit.go#L182
[4]: https://codeberg.org/forgejo/forgejo/src/commit/cce5f868cec11830d19126b90c659772708cd323/models/unit/unit.go#L162
[5]: https://codeberg.org/forgejo/forgejo/src/commit/cce5f868cec11830d19126b90c659772708cd323/models/unit/unit.go#L148

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11470
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: limiting-factor <limiting-factor@posteo.com>
Co-committed-by: limiting-factor <limiting-factor@posteo.com>
---
 models/unit/tests/units.go              | 35 +++++++++++
 models/unit/tests/units_test.go         | 37 ++++++++++++
 models/unit/unit.go                     |  3 +-
 models/unit/unit_test.go                | 80 +++++++------------------
 tests/integration/repo_settings_test.go |  7 +--
 5 files changed, 100 insertions(+), 62 deletions(-)
 create mode 100644 models/unit/tests/units.go
 create mode 100644 models/unit/tests/units_test.go

diff --git a/models/unit/tests/units.go b/models/unit/tests/units.go
new file mode 100644
index 0000000000..7507b80e2a
--- /dev/null
+++ b/models/unit/tests/units.go
@@ -0,0 +1,35 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package tests
+
+import (
+	unit_model "forgejo.org/models/unit"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+)
+
+func SaveUnits() func() {
+	disabledGlobal := unit_model.DisabledRepoUnitsGet()
+	restoreDisabledGlobal := func() {
+		unit_model.DisabledRepoUnitsSet(disabledGlobal)
+	}
+	restoreDisabledRepo := test.MockProtect(&setting.Repository.DisabledRepoUnits)
+
+	restoreDefaultGlobal := test.MockProtect(&unit_model.DefaultRepoUnits)
+	restoreDefaultRepo := test.MockProtect(&setting.Repository.DefaultRepoUnits)
+
+	restoreForkGlobal := test.MockProtect(&unit_model.DefaultForkRepoUnits)
+	restoreForkRepo := test.MockProtect(&setting.Repository.DefaultForkRepoUnits)
+
+	return func() {
+		restoreDisabledGlobal()
+		restoreDisabledRepo()
+
+		restoreDefaultGlobal()
+		restoreDefaultRepo()
+
+		restoreForkGlobal()
+		restoreForkRepo()
+	}
+}
diff --git a/models/unit/tests/units_test.go b/models/unit/tests/units_test.go
new file mode 100644
index 0000000000..acf543285f
--- /dev/null
+++ b/models/unit/tests/units_test.go
@@ -0,0 +1,37 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package tests
+
+import (
+	"testing"
+
+	unit_model "forgejo.org/models/unit"
+	"forgejo.org/modules/setting"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSaveUnits(t *testing.T) {
+	restoreUnits := SaveUnits()
+
+	unit_model.DisabledRepoUnitsSet([]unit_model.Type{unit_model.TypeInvalid})
+	setting.Repository.DisabledRepoUnits = []string{"invalid"}
+
+	unit_model.DefaultRepoUnits = []unit_model.Type{unit_model.TypeInvalid}
+	setting.Repository.DefaultRepoUnits = []string{"invalid"}
+
+	unit_model.DefaultForkRepoUnits = []unit_model.Type{unit_model.TypeInvalid}
+	setting.Repository.DefaultForkRepoUnits = []string{"invalid"}
+
+	restoreUnits()
+
+	assert.NotEqual(t, []unit_model.Type{unit_model.TypeInvalid}, unit_model.DisabledRepoUnitsGet())
+	assert.NotEqual(t, []string{"invalid"}, setting.Repository.DisabledRepoUnits)
+
+	assert.NotEqual(t, []unit_model.Type{unit_model.TypeInvalid}, unit_model.DefaultRepoUnits)
+	assert.NotEqual(t, []string{"invalid"}, setting.Repository.DefaultRepoUnits)
+
+	assert.NotEqual(t, []unit_model.Type{unit_model.TypeInvalid}, unit_model.DefaultForkRepoUnits)
+	assert.NotEqual(t, []string{"invalid"}, setting.Repository.DefaultForkRepoUnits)
+}
diff --git a/models/unit/unit.go b/models/unit/unit.go
index 2f8306d45f..434e5f0acc 100644
--- a/models/unit/unit.go
+++ b/models/unit/unit.go
@@ -7,6 +7,7 @@ package unit
 import (
 	"errors"
 	"fmt"
+	"slices"
 	"strings"
 	"sync/atomic"
 
@@ -141,7 +142,7 @@ func DisabledRepoUnitsSet(v []Type) {
 
 // Get valid set of default repository units from settings
 func validateDefaultRepoUnits(defaultUnits, settingDefaultUnits []Type) []Type {
-	units := defaultUnits
+	units := slices.Clone(defaultUnits)
 
 	// Use setting if not empty
 	if len(settingDefaultUnits) > 0 {
diff --git a/models/unit/unit_test.go b/models/unit/unit_test.go
index efcad4a405..1da15c4d85 100644
--- a/models/unit/unit_test.go
+++ b/models/unit/unit_test.go
@@ -1,11 +1,13 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package unit
+package unit_test
 
 import (
 	"testing"
 
+	unit_model "forgejo.org/models/unit"
+	"forgejo.org/models/unit/tests"
 	"forgejo.org/modules/setting"
 
 	"github.com/stretchr/testify/assert"
@@ -14,83 +16,47 @@ import (
 
 func TestLoadUnitConfig(t *testing.T) {
 	t.Run("regular", func(t *testing.T) {
-		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []Type) {
-			DisabledRepoUnitsSet(disabledRepoUnits)
-			DefaultRepoUnits = defaultRepoUnits
-			DefaultForkRepoUnits = defaultForkRepoUnits
-		}(DisabledRepoUnitsGet(), DefaultRepoUnits, DefaultForkRepoUnits)
-		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []string) {
-			setting.Repository.DisabledRepoUnits = disabledRepoUnits
-			setting.Repository.DefaultRepoUnits = defaultRepoUnits
-			setting.Repository.DefaultForkRepoUnits = defaultForkRepoUnits
-		}(setting.Repository.DisabledRepoUnits, setting.Repository.DefaultRepoUnits, setting.Repository.DefaultForkRepoUnits)
+		defer tests.SaveUnits()()
 
 		setting.Repository.DisabledRepoUnits = []string{"repo.issues"}
 		setting.Repository.DefaultRepoUnits = []string{"repo.code", "repo.releases", "repo.issues", "repo.pulls"}
 		setting.Repository.DefaultForkRepoUnits = []string{"repo.releases"}
-		require.NoError(t, LoadUnitConfig())
-		assert.Equal(t, []Type{TypeIssues}, DisabledRepoUnitsGet())
-		assert.Equal(t, []Type{TypeCode, TypeReleases, TypePullRequests}, DefaultRepoUnits)
-		assert.Equal(t, []Type{TypeReleases}, DefaultForkRepoUnits)
+		require.NoError(t, unit_model.LoadUnitConfig())
+		assert.Equal(t, []unit_model.Type{unit_model.TypeIssues}, unit_model.DisabledRepoUnitsGet())
+		assert.Equal(t, []unit_model.Type{unit_model.TypeCode, unit_model.TypeReleases, unit_model.TypePullRequests}, unit_model.DefaultRepoUnits)
+		assert.Equal(t, []unit_model.Type{unit_model.TypeReleases}, unit_model.DefaultForkRepoUnits)
 	})
 	t.Run("invalid", func(t *testing.T) {
-		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []Type) {
-			DisabledRepoUnitsSet(disabledRepoUnits)
-			DefaultRepoUnits = defaultRepoUnits
-			DefaultForkRepoUnits = defaultForkRepoUnits
-		}(DisabledRepoUnitsGet(), DefaultRepoUnits, DefaultForkRepoUnits)
-		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []string) {
-			setting.Repository.DisabledRepoUnits = disabledRepoUnits
-			setting.Repository.DefaultRepoUnits = defaultRepoUnits
-			setting.Repository.DefaultForkRepoUnits = defaultForkRepoUnits
-		}(setting.Repository.DisabledRepoUnits, setting.Repository.DefaultRepoUnits, setting.Repository.DefaultForkRepoUnits)
+		defer tests.SaveUnits()()
 
 		setting.Repository.DisabledRepoUnits = []string{"repo.issues", "invalid.1"}
 		setting.Repository.DefaultRepoUnits = []string{"repo.code", "invalid.2", "repo.releases", "repo.issues", "repo.pulls"}
 		setting.Repository.DefaultForkRepoUnits = []string{"invalid.3", "repo.releases"}
-		require.NoError(t, LoadUnitConfig())
-		assert.Equal(t, []Type{TypeIssues}, DisabledRepoUnitsGet())
-		assert.Equal(t, []Type{TypeCode, TypeReleases, TypePullRequests}, DefaultRepoUnits)
-		assert.Equal(t, []Type{TypeReleases}, DefaultForkRepoUnits)
+		require.NoError(t, unit_model.LoadUnitConfig())
+		assert.Equal(t, []unit_model.Type{unit_model.TypeIssues}, unit_model.DisabledRepoUnitsGet())
+		assert.Equal(t, []unit_model.Type{unit_model.TypeCode, unit_model.TypeReleases, unit_model.TypePullRequests}, unit_model.DefaultRepoUnits)
+		assert.Equal(t, []unit_model.Type{unit_model.TypeReleases}, unit_model.DefaultForkRepoUnits)
 	})
 	t.Run("duplicate", func(t *testing.T) {
-		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []Type) {
-			DisabledRepoUnitsSet(disabledRepoUnits)
-			DefaultRepoUnits = defaultRepoUnits
-			DefaultForkRepoUnits = defaultForkRepoUnits
-		}(DisabledRepoUnitsGet(), DefaultRepoUnits, DefaultForkRepoUnits)
-		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []string) {
-			setting.Repository.DisabledRepoUnits = disabledRepoUnits
-			setting.Repository.DefaultRepoUnits = defaultRepoUnits
-			setting.Repository.DefaultForkRepoUnits = defaultForkRepoUnits
-		}(setting.Repository.DisabledRepoUnits, setting.Repository.DefaultRepoUnits, setting.Repository.DefaultForkRepoUnits)
+		defer tests.SaveUnits()()
 
 		setting.Repository.DisabledRepoUnits = []string{"repo.issues", "repo.issues"}
 		setting.Repository.DefaultRepoUnits = []string{"repo.code", "repo.releases", "repo.issues", "repo.pulls", "repo.code"}
 		setting.Repository.DefaultForkRepoUnits = []string{"repo.releases", "repo.releases"}
-		require.NoError(t, LoadUnitConfig())
-		assert.Equal(t, []Type{TypeIssues}, DisabledRepoUnitsGet())
-		assert.Equal(t, []Type{TypeCode, TypeReleases, TypePullRequests}, DefaultRepoUnits)
-		assert.Equal(t, []Type{TypeReleases}, DefaultForkRepoUnits)
+		require.NoError(t, unit_model.LoadUnitConfig())
+		assert.Equal(t, []unit_model.Type{unit_model.TypeIssues}, unit_model.DisabledRepoUnitsGet())
+		assert.Equal(t, []unit_model.Type{unit_model.TypeCode, unit_model.TypeReleases, unit_model.TypePullRequests}, unit_model.DefaultRepoUnits)
+		assert.Equal(t, []unit_model.Type{unit_model.TypeReleases}, unit_model.DefaultForkRepoUnits)
 	})
 	t.Run("empty_default", func(t *testing.T) {
-		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []Type) {
-			DisabledRepoUnitsSet(disabledRepoUnits)
-			DefaultRepoUnits = defaultRepoUnits
-			DefaultForkRepoUnits = defaultForkRepoUnits
-		}(DisabledRepoUnitsGet(), DefaultRepoUnits, DefaultForkRepoUnits)
-		defer func(disabledRepoUnits, defaultRepoUnits, defaultForkRepoUnits []string) {
-			setting.Repository.DisabledRepoUnits = disabledRepoUnits
-			setting.Repository.DefaultRepoUnits = defaultRepoUnits
-			setting.Repository.DefaultForkRepoUnits = defaultForkRepoUnits
-		}(setting.Repository.DisabledRepoUnits, setting.Repository.DefaultRepoUnits, setting.Repository.DefaultForkRepoUnits)
+		defer tests.SaveUnits()()
 
 		setting.Repository.DisabledRepoUnits = []string{"repo.issues", "repo.issues"}
 		setting.Repository.DefaultRepoUnits = []string{}
 		setting.Repository.DefaultForkRepoUnits = []string{"repo.releases", "repo.releases"}
-		require.NoError(t, LoadUnitConfig())
-		assert.Equal(t, []Type{TypeIssues}, DisabledRepoUnitsGet())
-		assert.ElementsMatch(t, []Type{TypeCode, TypePullRequests, TypeReleases, TypeWiki, TypePackages, TypeProjects, TypeActions}, DefaultRepoUnits)
-		assert.Equal(t, []Type{TypeReleases}, DefaultForkRepoUnits)
+		require.NoError(t, unit_model.LoadUnitConfig())
+		assert.Equal(t, []unit_model.Type{unit_model.TypeIssues}, unit_model.DisabledRepoUnitsGet())
+		assert.ElementsMatch(t, []unit_model.Type{unit_model.TypeCode, unit_model.TypePullRequests, unit_model.TypeReleases, unit_model.TypeWiki, unit_model.TypePackages, unit_model.TypeProjects, unit_model.TypeActions}, unit_model.DefaultRepoUnits)
+		assert.Equal(t, []unit_model.Type{unit_model.TypeReleases}, unit_model.DefaultForkRepoUnits)
 	})
 }
diff --git a/tests/integration/repo_settings_test.go b/tests/integration/repo_settings_test.go
index a17b05c4e1..1e164563d8 100644
--- a/tests/integration/repo_settings_test.go
+++ b/tests/integration/repo_settings_test.go
@@ -12,6 +12,7 @@ import (
 	git_model "forgejo.org/models/git"
 	repo_model "forgejo.org/models/repo"
 	unit_model "forgejo.org/models/unit"
+	unit_tests "forgejo.org/models/unit/tests"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/optional"
@@ -222,13 +223,12 @@ func TestRepoAddMoreUnits(t *testing.T) {
 
 	t.Run("no add more if unit is globally disabled", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
+		defer unit_tests.SaveUnits()()
 		defer func() {
 			repo_service.UpdateRepositoryUnits(db.DefaultContext, repo, []repo_model.RepoUnit{{
 				RepoID: repo.ID,
 				Type:   unit_model.TypePackages,
 			}}, nil)
-			setting.Repository.DisabledRepoUnits = []string{}
-			unit_model.LoadUnitConfig()
 		}()
 
 		// Disable the Packages unit globally
@@ -245,13 +245,12 @@ func TestRepoAddMoreUnits(t *testing.T) {
 
 	t.Run("issues & ext tracker globally disabled", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
+		defer unit_tests.SaveUnits()()
 		defer func() {
 			repo_service.UpdateRepositoryUnits(db.DefaultContext, repo, []repo_model.RepoUnit{{
 				RepoID: repo.ID,
 				Type:   unit_model.TypeIssues,
 			}}, nil)
-			setting.Repository.DisabledRepoUnits = []string{}
-			unit_model.LoadUnitConfig()
 		}()
 
 		// Disable both Issues and ExternalTracker units globally

From 3e849b4b5021136f927f7a616112b3cf6e790b30 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sat, 7 Mar 2026 03:19:49 +0100
Subject: [PATCH 440/854] fix: extend basic auth to /v2, always include
 WWW-Authenticate header (#11393)

Forgejo's OCI container registry did not enable basic authentication for the top-level endpoint `/v2`. Furthermore, it did not include the `WWW-Authenticate` header when returning the status code 401 as mandated by [RFC 7235](https://datatracker.ietf.org/doc/html/rfc7235#section-3.1), "Hypertext Transfer Protocol (HTTP/1.1): Authentication", section 3.1. Those deficiencies made it impossible for Apple's [container](https://github.com/apple/container) to log into Forgejo OCI container registry. This has been rectified.

The problem did not occur with most other tools because they do not include credentials when sending the initial request to `/v2`. Forgejo's reply then included `WWW-Authenticate` as expected.

Enabling basic authentication for `/v2` has the side effect that Apple's container uses username and password for all successive requests and not the bearer token. If that is a problem, it's up to Apple to change container's behaviour.

If invalid credentials are passed to `container registry login`, then container enters an infinite loop. The same happens with quay.io, but not ghcr.io (returns 403) or docker.io (returns 401 but _without_ `WWW-Authenticate`). As this is invalid behaviour on container's side, it's up to Apple to change container. Docker and Podman handle it correctly.

Login and pushing have been tested manually with Docker 29.1.3, Podman 5.7.1, and Apple's container 0.9.0.

Resolves https://codeberg.org/forgejo/forgejo/issues/11297.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11393
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 routers/api/packages/api.go                   |  1 +
 routers/api/packages/container/container.go   |  9 +--
 services/auth/auth.go                         |  4 +-
 services/auth/auth_test.go                    | 64 +++++++++++++++++++
 ..._packages_container_cleanup_sha256_test.go |  3 +-
 .../api_packages_container_test.go            | 30 ++++++++-
 6 files changed, 104 insertions(+), 7 deletions(-)

diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 47e582eb92..3b51ddc406 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -118,6 +118,7 @@ func verifyAuth(r *web.Route, authMethods []auth.Method) {
 		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
 		if err != nil {
 			log.Info("Failed to verify user: %v", err)
+			container.APIUnauthorizedError(ctx)
 			ctx.Error(http.StatusUnauthorized, "authGroup.Verify")
 			return
 		}
diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go
index a9f198c18d..bf621f36de 100644
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@@ -115,15 +115,16 @@ func apiErrorDefined(ctx *context.Context, err *container_service.NamedError) {
 	})
 }
 
-func apiUnauthorizedError(ctx *context.Context) {
-	ctx.Resp.Header().Add("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)
+func APIUnauthorizedError(ctx *context.Context) {
+	ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*",`+
+		`Basic realm="`+setting.AppURL+`v2",service="container_registry",scope="*"`)
 	apiErrorDefined(ctx, container_service.ErrUnauthorized)
 }
 
 // ReqContainerAccess is a middleware which checks the current user valid (real user or ghost if anonymous access is enabled)
 func ReqContainerAccess(ctx *context.Context) {
 	if ctx.Doer == nil || (setting.Service.RequireSignInView && ctx.Doer.IsGhost()) {
-		apiUnauthorizedError(ctx)
+		APIUnauthorizedError(ctx)
 	}
 }
 
@@ -148,7 +149,7 @@ func Authenticate(ctx *context.Context) {
 	u := ctx.Doer
 	if u == nil {
 		if setting.Service.RequireSignInView {
-			apiUnauthorizedError(ctx)
+			APIUnauthorizedError(ctx)
 			return
 		}
 
diff --git a/services/auth/auth.go b/services/auth/auth.go
index 52f1f65cce..14d78cdbc0 100644
--- a/services/auth/auth.go
+++ b/services/auth/auth.go
@@ -33,7 +33,9 @@ func isAttachmentDownload(req *http.Request) bool {
 
 // isContainerPath checks if the request targets the container endpoint
 func isContainerPath(req *http.Request) bool {
-	return strings.HasPrefix(req.URL.Path, "/v2/")
+	// Go's URL omits trailing slashes from `Path`. That means that `/v2/`, the top-level endpoint, appears as `/v2`.
+	// strings.HasPrefix(req.URL.Path, "/v2") would be inappropriate because it would match paths like `/v2-abcd`, too.
+	return req.URL.Path == "/v2" || strings.HasPrefix(req.URL.Path, "/v2/")
 }
 
 var (
diff --git a/services/auth/auth_test.go b/services/auth/auth_test.go
index a6c6c74022..82308402d2 100644
--- a/services/auth/auth_test.go
+++ b/services/auth/auth_test.go
@@ -6,9 +6,13 @@ package auth
 
 import (
 	"net/http"
+	"net/url"
 	"testing"
 
 	"forgejo.org/modules/setting"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func Test_isGitRawOrLFSPath(t *testing.T) {
@@ -132,3 +136,63 @@ func Test_isGitRawOrLFSPath(t *testing.T) {
 	}
 	setting.LFS.StartServer = origLFSStartServer
 }
+
+func TestAuth_isContainerPath(t *testing.T) {
+	testCases := []struct {
+		name            string
+		input           string
+		isContainerPath bool
+	}{
+		{
+			name:            "without trailing slash",
+			input:           "https://example.com/v2",
+			isContainerPath: true,
+		},
+		{
+			name:            "with trailing slash",
+			input:           "https://example.com/v2/",
+			isContainerPath: true,
+		},
+		{
+			name:            "with additional path components",
+			input:           "https://example.com/v2/example/blobs/uploads/",
+			isContainerPath: true,
+		},
+		{
+			name:            "without v2",
+			input:           "https://example.com/",
+			isContainerPath: false,
+		},
+		{
+			name:            "v2 not at the beginning",
+			input:           "https://example.com/something/v2/",
+			isContainerPath: false,
+		},
+		{
+			name:            "v2 with prefix",
+			input:           "https://example.com/abcd-v2/",
+			isContainerPath: false,
+		},
+		{
+			name:            "v2 with suffix",
+			input:           "https://example.com/v2-abcd/",
+			isContainerPath: false,
+		},
+		{
+			name:            "v1",
+			input:           "https://example.com/v1/",
+			isContainerPath: false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			inputURL, err := url.Parse(testCase.input)
+			require.NoError(t, err)
+
+			request := http.Request{URL: inputURL}
+
+			assert.Equal(t, testCase.isContainerPath, isContainerPath(&request))
+		})
+	}
+}
diff --git a/tests/integration/api_packages_container_cleanup_sha256_test.go b/tests/integration/api_packages_container_cleanup_sha256_test.go
index 19b73f7698..d672504509 100644
--- a/tests/integration/api_packages_container_cleanup_sha256_test.go
+++ b/tests/integration/api_packages_container_cleanup_sha256_test.go
@@ -63,7 +63,8 @@ func TestPackageContainerCleanupSHA256(t *testing.T) {
 			Token string `json:"token"`
 		}
 
-		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
+		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*",` +
+			`Basic realm="` + setting.AppURL + `v2",service="container_registry",scope="*"`}
 
 		t.Run("User", func(t *testing.T) {
 			req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go
index 6ab0933931..1024d90d5d 100644
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -91,7 +91,8 @@ func TestPackageContainer(t *testing.T) {
 			Token string `json:"token"`
 		}
 
-		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
+		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*",` +
+			`Basic realm="` + setting.AppURL + `v2",service="container_registry",scope="*"`}
 
 		t.Run("Anonymous", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
@@ -171,6 +172,33 @@ func TestPackageContainer(t *testing.T) {
 				MakeRequest(t, req, http.StatusOK)
 			})
 		})
+
+		t.Run("No token issued if credentials are invalid", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))
+			// Setting the header explicitly instead of using AddBasicAuth to supply an invalid password.
+			req.Request.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("user2:very-invalid")))
+			resp := MakeRequest(t, req, http.StatusUnauthorized)
+
+			assert.Equal(t, authenticate, resp.Header().Values("WWW-Authenticate"))
+		})
+
+		t.Run("Basic authentication", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
+			req.AddBasicAuth("does-not-exist")
+			resp := MakeRequest(t, req, http.StatusUnauthorized)
+
+			assert.Equal(t, authenticate, resp.Header().Values("WWW-Authenticate"))
+
+			req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
+			req.AddBasicAuth(user.Name)
+			resp = MakeRequest(t, req, http.StatusOK)
+
+			assert.Empty(t, resp.Header().Get("WWW-Authenticate"))
+		})
 	})
 
 	t.Run("DetermineSupport", func(t *testing.T) {

From a824a34266e6deda5041542ccca5e3856ada1ba0 Mon Sep 17 00:00:00 2001
From: panc <pan0xc@foxmail.com>
Date: Sat, 7 Mar 2026 05:52:32 +0100
Subject: [PATCH 441/854] fix(ui): add active background color for menu items
 in tippy tooltips (#11315)

Fix #11309

![image](/attachments/1067134a-e40e-4f21-82bb-fd4324080215)

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11315
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: panc <pan0xc@foxmail.com>
Co-committed-by: panc <pan0xc@foxmail.com>
---
 tests/e2e/overflow-menu.test.e2e.ts | 44 +++++++++++++++++++++++++++++
 web_src/css/modules/tippy.css       |  4 +++
 2 files changed, 48 insertions(+)
 create mode 100644 tests/e2e/overflow-menu.test.e2e.ts

diff --git a/tests/e2e/overflow-menu.test.e2e.ts b/tests/e2e/overflow-menu.test.e2e.ts
new file mode 100644
index 0000000000..9b0a5cb8ee
--- /dev/null
+++ b/tests/e2e/overflow-menu.test.e2e.ts
@@ -0,0 +1,44 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// @watch start
+// templates/user/profile.tmpl
+// templates/user/overview/header.tmpl
+// web_src/css/modules/tippy.css
+// web_src/js/modules/tippy.js
+// @watch end
+
+import {expect} from '@playwright/test';
+import {test} from './utils_e2e.ts';
+
+test(`Visual properties`, async ({page, isMobile}) => {
+  test.skip(!isMobile, 'Overflow menu button only appears on mobile');
+
+  const noBg = 'rgba(0, 0, 0, 0)';
+  const activeBg = 'rgb(226, 226, 229)';
+  const menuItemSelector = `.tippy-box .tippy-content .tippy-target > a.item`;
+  const activeItemSelector = `${menuItemSelector}.active`;
+  const inactiveItemSelector = `${menuItemSelector}:not(.active)`;
+
+  await page.goto(`/user2/repo1`);
+  const overflowMenuButton = page.locator(`.overflow-menu-button`);
+
+  await overflowMenuButton.click();
+  const menuItems = page.locator(`${menuItemSelector}`);
+  const itemCount = await menuItems.count();
+  for (let i = 0; i < itemCount; i++) {
+    await menuItems.nth(i).click();
+    await page.waitForLoadState('domcontentloaded');
+
+    await overflowMenuButton.click();
+    const activeItem = page.locator(`${activeItemSelector}`);
+    expect(await activeItem.evaluate((el) => getComputedStyle(el).backgroundColor)).toBe(activeBg);
+
+    const inactiveItems = page.locator(inactiveItemSelector);
+    const inactiveCount = await inactiveItems.count();
+    for (let j = 0; j < itemCount - inactiveCount; j++) {
+      const nonActiveItem = page.locator(`${inactiveItemSelector}`).nth(j);
+      expect(await nonActiveItem.evaluate((el) => getComputedStyle(el).backgroundColor)).toBe(noBg);
+    }
+  }
+});
diff --git a/web_src/css/modules/tippy.css b/web_src/css/modules/tippy.css
index de681b24b6..ab894d46c5 100644
--- a/web_src/css/modules/tippy.css
+++ b/web_src/css/modules/tippy.css
@@ -97,6 +97,10 @@
   background: var(--color-active);
 }
 
+.tippy-box[data-theme="menu"] .tippy-target > .item.active {
+  background: var(--color-active);
+}
+
 /* box-with-header theme to look like .ui.attached.segment. can contain .ui.attached.header */
 
 .tippy-box[data-theme="box-with-header"] {

From 74f8b819c29df07026b421420525e183ed04702f Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 7 Mar 2026 15:01:41 +0100
Subject: [PATCH 442/854] Update dependency forgejo/release-notes-assistant to
 v1.6.1 (forgejo) (#11543)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .forgejo/workflows/release-notes-assistant-milestones.yml | 2 +-
 .forgejo/workflows/release-notes-assistant.yml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index 988dc2bf87..8d7df5f18d 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -6,7 +6,7 @@ on:
 
 env:
   RNA_WORKDIR: /srv/rna
-  RNA_VERSION: v1.6.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.6.1 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index 8a0dc8617b..34d73624ec 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -8,7 +8,7 @@ on:
       - labeled
 
 env:
-  RNA_VERSION: v1.6.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.6.1 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:

From 0beec59c01345e1776f901941adf401cdfd0c298 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 7 Mar 2026 15:01:49 +0100
Subject: [PATCH 443/854] Update dependency uint8-to-base64 to v0.2.1 (forgejo)
 (#11549)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11549
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3099b5a66b..764bfe0744 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -71,7 +71,7 @@
         "tippy.js": "6.3.7",
         "toastify-js": "1.12.0",
         "tributejs": "5.1.3",
-        "uint8-to-base64": "0.2.0",
+        "uint8-to-base64": "0.2.1",
         "vanilla-colorful": "0.7.2",
         "vue": "3.5.28",
         "vue-chartjs": "5.3.3",
@@ -15194,9 +15194,9 @@
       "license": "MIT"
     },
     "node_modules/uint8-to-base64": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/uint8-to-base64/-/uint8-to-base64-0.2.0.tgz",
-      "integrity": "sha512-r13jrghEYZAN99GeYpEjM107DOxqB65enskpwce8rRHVAGEtaWmsF5GqoGdPMf8DIXc9XyAJTdvlvRZi4LsszA==",
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/uint8-to-base64/-/uint8-to-base64-0.2.1.tgz",
+      "integrity": "sha512-uO/84GaoDUfiAxpa8EksjVLE77A9Kc7ZTziN4zRpq4de9yLaLcZn3jx1/sVjyupsywcVX6RKWbqLe7gUNyzH+Q==",
       "license": "ISC"
     },
     "node_modules/unbox-primitive": {
diff --git a/package.json b/package.json
index b278d20650..2a70568d21 100644
--- a/package.json
+++ b/package.json
@@ -70,7 +70,7 @@
     "tippy.js": "6.3.7",
     "toastify-js": "1.12.0",
     "tributejs": "5.1.3",
-    "uint8-to-base64": "0.2.0",
+    "uint8-to-base64": "0.2.1",
     "vanilla-colorful": "0.7.2",
     "vue": "3.5.28",
     "vue-chartjs": "5.3.3",

From eef3111cc76271c89d1b384edf98b6f7f61eba9b Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 7 Mar 2026 15:38:53 +0100
Subject: [PATCH 444/854] chore(deps): upgrade xorm to v1.3.9-forgejo.7
 (#11538)

Primarily to gain access to https://code.forgejo.org/xorm/xorm/pulls/67 & https://code.forgejo.org/xorm/xorm/pulls/66 which allows Forgejo to implement a few methods and support `optional.Option[T]` in database beans for nullable fields.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11538
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 assets/go-licenses.json |  4 ++--
 go.mod                  |  6 +++---
 go.sum                  | 28 ++++++++++++++--------------
 3 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index cca9ba355f..204d23bfd1 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -861,8 +861,8 @@
   },
   {
     "name": "github.com/lib/pq",
-    "path": "github.com/lib/pq/LICENSE.md",
-    "licenseText": "Copyright (c) 2011-2013, 'pq' Contributors\nPortions Copyright (C) 2011 Blake Mizerany\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
+    "path": "github.com/lib/pq/LICENSE",
+    "licenseText": "MIT License\n\nCopyright (c) 2011-2013, 'pq' Contributors. Portions Copyright (c) 2011 Blake Mizerany\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
   },
   {
     "name": "github.com/libdns/libdns",
diff --git a/go.mod b/go.mod
index 3ac726db7a..fec3696a7f 100644
--- a/go.mod
+++ b/go.mod
@@ -120,7 +120,7 @@ require (
 require (
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
 	code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0 // indirect
-	filippo.io/edwards25519 v1.1.0 // indirect
+	filippo.io/edwards25519 v1.1.1 // indirect
 	git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
 	github.com/RoaringBitmap/roaring/v2 v2.4.5 // indirect
 	github.com/STARRY-S/zip v0.2.3 // indirect
@@ -207,7 +207,7 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/klauspost/crc32 v1.3.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
-	github.com/lib/pq v1.10.9 // indirect
+	github.com/lib/pq v1.11.2 // indirect
 	github.com/libdns/libdns v1.0.0 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/markbates/going v1.0.3 // indirect
@@ -274,6 +274,6 @@ replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-2024121
 
 replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
 
-replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.4
+replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.7
 
 replace github.com/urfave/cli/v3 => github.com/urfave/cli/v3 v3.5.0
diff --git a/go.sum b/go.sum
index 2ba75568a6..e1bae03505 100644
--- a/go.sum
+++ b/go.sum
@@ -42,8 +42,8 @@ code.forgejo.org/go-chi/captcha v1.0.2 h1:vyHDPXkpjDv8bLO9NqtWzZayzstD/WpJ5xwEkA
 code.forgejo.org/go-chi/captcha v1.0.2/go.mod h1:lxiPLcJ76UCZHoH31/Wbum4GUi2NgjfFZLrJkKv1lLE=
 code.forgejo.org/go-chi/session v1.0.2 h1:pG+AXre9L9VXJmTaADXkmeEPuRalhmBXyv6tG2Rvjcc=
 code.forgejo.org/go-chi/session v1.0.2/go.mod h1:HnEGyBny7WPzCiVLP2vzL5ssma+3gCSl/vLpuVNYrqc=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.4 h1:kyJHREXNEIuzpMwQoouTbUldPP6s/UlL3ZAcNlO4C5s=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.4/go.mod h1:5ouTxqMcalQUvlBpQynRpzu/44GwaMpkA1nU+encsDE=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.7 h1:sCKvX25xch5KHvGr6F7nHvIYKi5T155X5ZDRGr1QPbY=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.7/go.mod h1:C3wmlPyYWKe0cCCJUayG8c3lYOA1gogU5BpNxrGrXSo=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
 code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
 code.superseriousbusiness.org/exif-terminator v0.11.1 h1:qnujLH4/Yk/CFtFMmtjozbdV6Ry5G3Q/E/mLlWm/gQI=
@@ -57,8 +57,8 @@ codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570/go.mod h1:IIAjsi
 connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
 connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
-filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+filippo.io/edwards25519 v1.1.1 h1:YpjwWWlNmGIDyXOn8zLzqiD+9TyIlPhGFG96P39uBpw=
+filippo.io/edwards25519 v1.1.1/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0pAQhH8yz+DNjUbjppKQzKFAn28TMYPB6IU=
 github.com/42wim/httpsig v1.2.3 h1:xb0YyWhkYj57SPtfSttIobJUPJZB9as1nsfo7KWVcEs=
@@ -497,8 +497,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
-github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
-github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.11.2 h1:x6gxUeu39V0BHZiugWe8LXZYZ+Utk7hSJGThs8sdzfs=
+github.com/lib/pq v1.11.2/go.mod h1:/p+8NSbOcwzAEI7wiMXFlgydTwcgTr3OSKMsD2BitpA=
 github.com/libdns/libdns v1.0.0 h1:IvYaz07JNz6jUQ4h/fv2R4sVnRnm77J/aOuC9B+TQTA=
 github.com/libdns/libdns v1.0.0/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
@@ -553,8 +553,8 @@ github.com/msteinert/pam/v2 v2.1.0 h1:er5F9TKV5nGFuTt12ubtqPHEUdeBwReP7vd3wovidG
 github.com/msteinert/pam/v2 v2.1.0/go.mod h1:KT28NNIcDFf3PcBmNI2mIGO4zZJ+9RSs/At2PB3IDVc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
-github.com/ncruces/go-strftime v0.1.9 h1:bY0MQC28UADQmHmaF5dgpLmImcShSi2kHU9XLdhx/f4=
-github.com/ncruces/go-strftime v0.1.9/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
+github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
+github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
 github.com/niklasfasching/go-org v1.9.1 h1:/3s4uTPOF06pImGa2Yvlp24yKXZoTYM+nsIlMzfpg/0=
 github.com/niklasfasching/go-org v1.9.1/go.mod h1:ZAGFFkWvUQcpazmi/8nHqwvARpr1xpb+Es67oUGX/48=
 github.com/nwaples/rardecode/v2 v2.2.0 h1:4ufPGHiNe1rYJxYfehALLjup4Ls3ck42CWwjKiOqu0A=
@@ -732,8 +732,8 @@ golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE
 golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b h1:M2rDM6z3Fhozi9O7NWsxAkg/yqS/lQJ6PmkyIV3YP+o=
-golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b/go.mod h1:3//PLf8L/X+8b4vuAfHzxeRUl04Adcb341+IGKfnqS8=
+golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY=
+golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.36.0 h1:Iknbfm1afbgtwPTmHnS2gTM/6PPZfH+z2EFuOkSbqwc=
@@ -993,14 +993,14 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-modernc.org/libc v1.66.10 h1:yZkb3YeLx4oynyR+iUsXsybsX4Ubx7MQlSYEw4yj59A=
-modernc.org/libc v1.66.10/go.mod h1:8vGSEwvoUoltr4dlywvHqjtAqHBaw0j1jI7iFBTAr2I=
+modernc.org/libc v1.67.6 h1:eVOQvpModVLKOdT+LvBPjdQqfrZq+pC39BygcT+E7OI=
+modernc.org/libc v1.67.6/go.mod h1:JAhxUVlolfYDErnwiqaLvUqc8nfb2r6S6slAgZOnaiE=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
 modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
-modernc.org/sqlite v1.39.1 h1:H+/wGFzuSCIEVCvXYVHX5RQglwhMOvtHSv+VtidL2r4=
-modernc.org/sqlite v1.39.1/go.mod h1:9fjQZ0mB1LLP0GYrp39oOJXx/I2sxEnZtzCmEQIKvGE=
+modernc.org/sqlite v1.46.1 h1:eFJ2ShBLIEnUWlLy12raN0Z1plqmFX9Qe3rjQTKt6sU=
+modernc.org/sqlite v1.46.1/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA=
 mvdan.cc/xurls/v2 v2.5.0 h1:lyBNOm8Wo71UknhUs4QTFUNNMyxy2JEIaKKo0RWOh+8=
 mvdan.cc/xurls/v2 v2.5.0/go.mod h1:yQgaGQ1rFtJUzkmKiHYSSfuQxqfYmd//X6PxvholpeE=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=

From e3b219ee98489a006a06fa5fc76248660805db30 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 7 Mar 2026 15:58:31 +0100
Subject: [PATCH 445/854] chore: skip sha256 repo for older git versions
 (#11542)

- Breaks testing on git versions that don't have SHA256 support.

https://codeberg.org/forgejo-integration/forgejo/actions/runs/16172/jobs/1/attempt/1#jobstep-5-2381

```
// TestLinksLogin
	"2026/03/06 06:15:20 ...ices/context/repo.go:1007:28() [E] GetBranchCommit: length 64 has no matched object format: 473a0f4c3be8a93681a267e3b1e9a7dcda1185436fe141f7749120a303721813",
```

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11542
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 tests/integration/links_test.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/integration/links_test.go b/tests/integration/links_test.go
index ebc71aa363..611027ff00 100644
--- a/tests/integration/links_test.go
+++ b/tests/integration/links_test.go
@@ -9,6 +9,7 @@ import (
 	"path"
 	"testing"
 
+	"forgejo.org/modules/git"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
@@ -161,6 +162,10 @@ func testLinksAsUser(userName string, t *testing.T) {
 	}
 
 	for _, repo := range apiRepos {
+		if repo.ObjectFormatName == "sha256" && !git.SupportHashSha256 {
+			continue
+		}
+
 		for _, link := range repoLinks {
 			req := NewRequest(t, "GET", fmt.Sprintf("/%s/%s%s", userName, repo.Name, link))
 			session.MakeRequest(t, req, http.StatusOK)

From 54aca2a9ed381decdf94c3977ad868707a4907e9 Mon Sep 17 00:00:00 2001
From: sarge <sarge@noreply.codeberg.org>
Date: Sat, 7 Mar 2026 18:59:47 +0100
Subject: [PATCH 446/854] feat: Add `HEAD` support for debian repo files
 (#11489)

Add `HEAD` handlers for repo index file for debian package registry.

Resolves #11488

Co-authored-by: sarge <ephemeralsarge@example.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11489
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: sarge <sarge@noreply.codeberg.org>
Co-committed-by: sarge <sarge@noreply.codeberg.org>
---
 routers/api/packages/api.go                   |  7 +++-
 routers/api/packages/debian/debian.go         | 32 +++++++++++++++++++
 tests/integration/api_packages_debian_test.go | 13 ++++++--
 3 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 3b51ddc406..2676a6309d 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -354,11 +354,16 @@ func CommonRoutes() *web.Route {
 			})
 		}, reqPackageAccess(perm.AccessModeRead))
 		r.Group("/debian", func() {
-			r.Get("/repository.key", debian.GetRepositoryKey)
+			r.Group("/repository.key", func() {
+				r.Head("", debian.GetRepositoryKey)
+				r.Get("", debian.GetRepositoryKey)
+			})
 			r.Group("/dists/{distribution}", func() {
 				r.Get("/{filename}", debian.GetRepositoryFile)
+				r.Head("/{filename}", debian.CheckRepositoryFileExistence)
 				r.Get("/by-hash/{algorithm}/{hash}", debian.GetRepositoryFileByHash)
 				r.Group("/{component}/{architecture}", func() {
+					r.Head("/{filename}", debian.CheckRepositoryFileExistence)
 					r.Get("/{filename}", debian.GetRepositoryFile)
 					r.Get("/by-hash/{algorithm}/{hash}", debian.GetRepositoryFileByHash)
 				})
diff --git a/routers/api/packages/debian/debian.go b/routers/api/packages/debian/debian.go
index dbab9d9ee6..19213c6e41 100644
--- a/routers/api/packages/debian/debian.go
+++ b/routers/api/packages/debian/debian.go
@@ -29,6 +29,38 @@ func apiError(ctx *context.Context, status int, obj any) {
 	})
 }
 
+func CheckRepositoryFileExistence(ctx *context.Context) {
+	pv, err := debian_service.GetOrCreateRepositoryVersion(ctx, ctx.Package.Owner.ID)
+	if err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+
+	key := ctx.Params("distribution")
+
+	component := ctx.Params("component")
+	architecture := strings.TrimPrefix(ctx.Params("architecture"), "binary-")
+	if component != "" && architecture != "" {
+		key += "|" + component + "|" + architecture
+	}
+
+	pf, err := packages_model.GetFileForVersionByName(ctx, pv.ID, ctx.Params("filename"), key)
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			ctx.Status(http.StatusNotFound)
+		} else {
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
+	ctx.SetServeHeaders(&context.ServeHeaderOptions{
+		Filename:     pf.Name,
+		LastModified: pf.CreatedUnix.AsLocalTime(),
+	})
+	ctx.Status(http.StatusOK)
+}
+
 func GetRepositoryKey(ctx *context.Context) {
 	_, pub, err := debian_service.GetOrCreateKeyPair(ctx, ctx.Package.Owner.ID)
 	if err != nil {
diff --git a/tests/integration/api_packages_debian_test.go b/tests/integration/api_packages_debian_test.go
index 40e20aa632..e22165c44b 100644
--- a/tests/integration/api_packages_debian_test.go
+++ b/tests/integration/api_packages_debian_test.go
@@ -70,7 +70,10 @@ func TestPackageDebian(t *testing.T) {
 	t.Run("RepositoryKey", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 
-		req := NewRequest(t, "GET", rootURL+"/repository.key")
+		req := NewRequest(t, "HEAD", rootURL+"/repository.key")
+		MakeRequest(t, req, http.StatusOK)
+
+		req = NewRequest(t, "GET", rootURL+"/repository.key")
 		resp := MakeRequest(t, req, http.StatusOK)
 
 		assert.Equal(t, "application/pgp-keys", resp.Header().Get("Content-Type"))
@@ -205,7 +208,10 @@ func TestPackageDebian(t *testing.T) {
 			t.Run("Release", func(t *testing.T) {
 				defer tests.PrintCurrentTest(t)()
 
-				req := NewRequest(t, "GET", fmt.Sprintf("%s/dists/%s/Release", rootURL, distribution))
+				req := NewRequest(t, "HEAD", fmt.Sprintf("%s/dists/%s/Release", rootURL, distribution))
+				MakeRequest(t, req, http.StatusOK)
+
+				req = NewRequest(t, "GET", fmt.Sprintf("%s/dists/%s/Release", rootURL, distribution))
 				resp := MakeRequest(t, req, http.StatusOK)
 
 				body := resp.Body.String()
@@ -231,6 +237,9 @@ func TestPackageDebian(t *testing.T) {
 
 				assert.Contains(t, resp.Body.String(), "-----BEGIN PGP SIGNATURE-----")
 
+				req = NewRequest(t, "HEAD", fmt.Sprintf("%s/dists/%s/InRelease", rootURL, distribution))
+				MakeRequest(t, req, http.StatusOK)
+
 				req = NewRequest(t, "GET", fmt.Sprintf("%s/dists/%s/InRelease", rootURL, distribution))
 				resp = MakeRequest(t, req, http.StatusOK)
 

From 4d2eafdd8e4728812efa3f913a2e26f77ceb322f Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 7 Mar 2026 19:04:36 +0100
Subject: [PATCH 447/854] Update dependency tailwindcss to v3.4.19 (forgejo)
 (#11545)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11545
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 764bfe0744..a062bad47f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -65,7 +65,7 @@
         "pretty-ms": "9.0.0",
         "sortablejs": "1.15.7",
         "swagger-ui-dist": "5.31.2",
-        "tailwindcss": "3.4.18",
+        "tailwindcss": "3.4.19",
         "throttle-debounce": "5.0.0",
         "tinycolor2": "1.6.0",
         "tippy.js": "6.3.7",
@@ -14682,9 +14682,9 @@
       }
     },
     "node_modules/tailwindcss": {
-      "version": "3.4.18",
-      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.18.tgz",
-      "integrity": "sha512-6A2rnmW5xZMdw11LYjhcI5846rt9pbLSabY5XPxo+XWdxwZaFEn47Go4NzFiHu9sNNmr/kXivP1vStfvMaK1GQ==",
+      "version": "3.4.19",
+      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.19.tgz",
+      "integrity": "sha512-3ofp+LL8E+pK/JuPLPggVAIaEuhvIz4qNcf3nA1Xn2o/7fb7s/TYpHhwGDv1ZU3PkBluUVaF8PyCHcm48cKLWQ==",
       "license": "MIT",
       "dependencies": {
         "@alloc/quick-lru": "^5.2.0",
diff --git a/package.json b/package.json
index 2a70568d21..1081c962d5 100644
--- a/package.json
+++ b/package.json
@@ -64,7 +64,7 @@
     "pretty-ms": "9.0.0",
     "sortablejs": "1.15.7",
     "swagger-ui-dist": "5.31.2",
-    "tailwindcss": "3.4.18",
+    "tailwindcss": "3.4.19",
     "throttle-debounce": "5.0.0",
     "tinycolor2": "1.6.0",
     "tippy.js": "6.3.7",

From ae0d0b5b09da40aa2994fe9ae55580dec116bd39 Mon Sep 17 00:00:00 2001
From: sarge <sarge@noreply.codeberg.org>
Date: Sat, 7 Mar 2026 19:05:29 +0100
Subject: [PATCH 448/854] fix: RPM registry addrepo instructions (#11478)

The provided instructions for how to add RPM package repo fail on Fedora 43:

```
Unknown argument "--add-repo" for command "config-manager". Add "--help" for more information about the arguments.
```

The [docs](https://forgejo.org/docs/latest/user/packages/rpm/#configuring-the-package-registry-using-dnf5) contain a different command, which does work.

This changes instructions to match docs.

Co-authored-by: sarge <ephemeralsarge@example.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11478
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: sarge <sarge@noreply.codeberg.org>
Co-committed-by: sarge <sarge@noreply.codeberg.org>
---
 templates/package/content/rpm.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/package/content/rpm.tmpl b/templates/package/content/rpm.tmpl
index 8d79b3f24e..ff41d98101 100644
--- a/templates/package/content/rpm.tmpl
+++ b/templates/package/content/rpm.tmpl
@@ -11,7 +11,7 @@
 # {{ctx.Locale.Tr "packages.rpm.distros.redhat"}}
 {{- range $group := .Groups}}
 	{{- if $group}}{{$group = print "/" $group}}{{end}}
-dnf config-manager --add-repo <origin-url data-url="{{AppSubUrl}}/api/packages/{{$.PackageDescriptor.Owner.Name}}/rpm{{$group}}.repo"></origin-url>
+dnf config-manager addrepo --from-repofile="<origin-url data-url="{{AppSubUrl}}/api/packages/{{$.PackageDescriptor.Owner.Name}}/rpm{{$group}}.repo"></origin-url>"
 {{- end}}
 
 # {{ctx.Locale.Tr "packages.rpm.distros.suse"}}

From 950cb098de7e04278c12cf2686b4cdc192eaaa18 Mon Sep 17 00:00:00 2001
From: anon_ally <ANON_ALLY@noreply.codeberg.org>
Date: Sat, 7 Mar 2026 19:07:10 +0100
Subject: [PATCH 449/854] feat: Add shortcut to link markdown action (#11466)

Follow forgejo/forgejo!9110 and add a shortcut to the link action, via ctrl/command + K.

Close #11353

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11466
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: anon_ally <ANON_ALLY@noreply.codeberg.org>
Co-committed-by: anon_ally <ANON_ALLY@noreply.codeberg.org>
---
 options/locale/locale_en-US.ini           |  2 +-
 templates/shared/combomarkdowneditor.tmpl |  2 +-
 tests/e2e/markdown-editor.test.e2e.ts     | 39 +++++++++++++++++++++++
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index a72ddb6116..6e6f8a81cf 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -205,7 +205,7 @@ buttons.bold.tooltip = Add bold text (Ctrl+B / ⌘B)
 buttons.italic.tooltip = Add italic text (Ctrl+I / ⌘I)
 buttons.quote.tooltip = Quote text
 buttons.code.tooltip = Add code
-buttons.link.tooltip = Add a link
+buttons.link.tooltip = Add a link (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip = Add a bullet list
 buttons.list.ordered.tooltip = Add a numbered list
 buttons.list.task.tooltip = Add a list of tasks
diff --git a/templates/shared/combomarkdowneditor.tmpl b/templates/shared/combomarkdowneditor.tmpl
index a7f7778db2..c1ec50ab70 100644
--- a/templates/shared/combomarkdowneditor.tmpl
+++ b/templates/shared/combomarkdowneditor.tmpl
@@ -29,7 +29,7 @@ Template Attributes:
 		<div class="markdown-toolbar-group">
 			<md-quote class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.quote.tooltip"}}">{{svg "octicon-quote"}}</md-quote>
 			<md-code class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.code.tooltip"}}">{{svg "octicon-code"}}</md-code>
-			<button class="markdown-toolbar-button show-modal" data-md-button data-md-action="new-link" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.link.tooltip"}}">{{svg "octicon-link"}}</button>
+			<button class="markdown-toolbar-button show-modal" data-md-button data-md-action="new-link" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.link.tooltip"}}" data-md-ctrl-shortcut="k">{{svg "octicon-link"}}</button>
 		</div>
 		<div class="markdown-toolbar-group">
 			<md-unordered-list class="markdown-toolbar-button" data-tooltip-content="{{ctx.Locale.Tr "editor.buttons.list.unordered.tooltip"}}">{{svg "octicon-list-unordered"}}</md-unordered-list>
diff --git a/tests/e2e/markdown-editor.test.e2e.ts b/tests/e2e/markdown-editor.test.e2e.ts
index 5be8c1ed67..5274b25a73 100644
--- a/tests/e2e/markdown-editor.test.e2e.ts
+++ b/tests/e2e/markdown-editor.test.e2e.ts
@@ -439,6 +439,40 @@ test('Markdown insert link', async ({page}) => {
     await screenshot(page);
   }
 
+  async function evaluateLinkInsertionShortcut(page: Page, selector: string) {
+    const url = 'https://example.com';
+    const description = 'Where does this lead?';
+
+    const expectedContent = `[${description}](${url})`;
+
+    const area = page.locator(selector);
+
+    const textarea = area.locator('textarea[name=content]');
+
+    await textarea.fill(description);
+    await textarea.focus();
+    await textarea.evaluate((it:HTMLTextAreaElement) => it.setSelectionRange(0, it.value.length));
+
+    await textarea.press('ControlOrMeta+KeyK');
+
+    const newLinkModal = page.locator('[data-modal-name="new-markdown-link"].active');
+    await expect(newLinkModal).toBeVisible();
+    await accessibilityCheck({page}, ['[data-modal-name="new-markdown-link"].active'], [], []);
+    await screenshot(page);
+
+    const urlInput = newLinkModal.locator('input[name="link-url"]');
+
+    await expect(urlInput).not.toHaveAttribute('disabled');
+
+    await urlInput.fill(url);
+
+    await newLinkModal.locator('button[data-selector-name="ok-button"]').click();
+    await expect(newLinkModal).toBeHidden();
+
+    await expect(textarea).toHaveValue(expectedContent);
+    await screenshot(page);
+  }
+
   const response = await page.goto('/user2/repo1/issues/1');
   expect(response?.status()).toBe(200);
 
@@ -446,6 +480,11 @@ test('Markdown insert link', async ({page}) => {
     await evaluateLinkInsertion(page, '#comment-form', false);
     await evaluateLinkInsertion(page, '#issuecomment-2', true);
   }).toPass();
+
+  await expect(async () => {
+    await evaluateLinkInsertionShortcut(page, '#comment-form');
+    await evaluateLinkInsertionShortcut(page, '#issuecomment-2');
+  }).toPass();
 });
 
 test('text expander has higher prio then prefix continuation', async ({page}) => {

From 8d330dc9c7f7927d1d592fb461e9079c30bd031a Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 7 Mar 2026 20:03:55 +0100
Subject: [PATCH 450/854] Update code.forgejo.org/forgejo-contrib/go-libravatar
 digest to add494e (forgejo) (#11486)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11486
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index fec3696a7f..b922bea04b 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ toolchain go1.25.8
 
 require (
 	code.forgejo.org/f3/gof3/v3 v3.11.15
-	code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251
+	code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20260301104140-add494e31dab
 	code.forgejo.org/forgejo/actions-proto v0.6.0
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
diff --git a/go.sum b/go.sum
index e1bae03505..c2f80bd265 100644
--- a/go.sum
+++ b/go.sum
@@ -18,8 +18,8 @@ cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiy
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 code.forgejo.org/f3/gof3/v3 v3.11.15 h1:/EzJWRQUhVVia1EmCWRZHCuW8qdAX1DEXY0M1n0mECc=
 code.forgejo.org/f3/gof3/v3 v3.11.15/go.mod h1:k99wl7QiI9LjS3qEd1RXLdcZPE3wZP5gkVhy8/WhzJ4=
-code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251 h1:HTZl3CBk3ABNYtFI6TPLvJgGKFIhKT5CBk0sbOtkDKU=
-code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20191008002943-06d1c002b251/go.mod h1:PphB88CPbx601QrWPMZATeorACeVmQlyv3u+uUMbSaM=
+code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20260301104140-add494e31dab h1:g/uf/tNOvCdGL9EuYV9EJQglEH8n572P1ZwH4lBBkjI=
+code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20260301104140-add494e31dab/go.mod h1:PphB88CPbx601QrWPMZATeorACeVmQlyv3u+uUMbSaM=
 code.forgejo.org/forgejo/actions-proto v0.6.0 h1:dw1Dogk9A4V/yrLVkhe9dSZPsqNAIkI1kCXPSqG3tZA=
 code.forgejo.org/forgejo/actions-proto v0.6.0/go.mod h1:+444hHBs9/qDh5X/AedaTv0Egj3vd/EXP93vg9zFV2E=
 code.forgejo.org/forgejo/go-rpmutils v1.0.0 h1:RZGGeKt70p/WaIEL97pyT6uiiEIoN8/aLmS5Z6WmX0M=

From 48d2af5561f3b2fb1064899b63013266ebddc6f9 Mon Sep 17 00:00:00 2001
From: Bram Hagens <bram@bramh.me>
Date: Sat, 7 Mar 2026 20:53:23 +0100
Subject: [PATCH 451/854] fix: skip repo avatar upload when no file is selected
 (#11335)

Submitting the repo avatar form without selecting a file shows a raw Go error: `Avatar.Open: open : no such file or directory.`. The existing `nil` check does not prevent this from happening.

The user avatar handler already guards against this same problem with [`form.Avatar != nil && form.Avatar.Filename != ""`](https://codeberg.org/forgejo/forgejo/src/commit/e1cecbd276841a5762ad034a920be8c2732e295f/routers/web/user/setting/profile.go#L141), I've done the same for the repo avatar handler.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11335
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Bram Hagens <bram@bramh.me>
Co-committed-by: Bram Hagens <bram@bramh.me>
---
 routers/web/repo/setting/avatar.go    | 40 ++----------
 routers/web/user/setting/profile.go   | 30 ++-------
 services/forms/avatar.go              | 45 +++++++++++++
 tests/integration/repo_avatar_test.go | 94 +++++++++++++++++++++++++++
 4 files changed, 151 insertions(+), 58 deletions(-)
 create mode 100644 services/forms/avatar.go
 create mode 100644 tests/integration/repo_avatar_test.go

diff --git a/routers/web/repo/setting/avatar.go b/routers/web/repo/setting/avatar.go
index 20e211316d..be45bb8e7b 100644
--- a/routers/web/repo/setting/avatar.go
+++ b/routers/web/repo/setting/avatar.go
@@ -4,13 +4,8 @@
 package setting
 
 import (
-	"errors"
 	"fmt"
-	"io"
 
-	"forgejo.org/modules/log"
-	"forgejo.org/modules/setting"
-	"forgejo.org/modules/typesniffer"
 	"forgejo.org/modules/web"
 	"forgejo.org/services/context"
 	"forgejo.org/services/forms"
@@ -19,37 +14,14 @@ import (
 
 // UpdateAvatarSetting update repo's avatar
 func UpdateAvatarSetting(ctx *context.Context, form forms.AvatarForm) error {
-	ctxRepo := ctx.Repo.Repository
-
-	if form.Avatar == nil {
-		// No avatar is uploaded and we not removing it here.
-		// No random avatar generated here.
-		// Just exit, no action.
-		if ctxRepo.CustomAvatarRelativePath() == "" {
-			log.Trace("No avatar was uploaded for repo: %d. Default icon will appear instead.", ctxRepo.ID)
-		}
+	data, err := forms.ReadAvatar(form.Avatar, ctx.Locale)
+	if err != nil {
+		return err
+	}
+	if data == nil {
 		return nil
 	}
-
-	r, err := form.Avatar.Open()
-	if err != nil {
-		return fmt.Errorf("Avatar.Open: %w", err)
-	}
-	defer r.Close()
-
-	if form.Avatar.Size > setting.Avatar.MaxFileSize {
-		return errors.New(ctx.Locale.TrString("settings.uploaded_avatar_is_too_big", form.Avatar.Size/1024, setting.Avatar.MaxFileSize/1024))
-	}
-
-	data, err := io.ReadAll(r)
-	if err != nil {
-		return fmt.Errorf("io.ReadAll: %w", err)
-	}
-	st := typesniffer.DetectContentType(data, "")
-	if !st.IsImage() || st.IsSvgImage() {
-		return errors.New(ctx.Locale.TrString("settings.uploaded_avatar_not_a_image"))
-	}
-	if err = repo_service.UploadAvatar(ctx, ctxRepo, data); err != nil {
+	if err := repo_service.UploadAvatar(ctx, ctx.Repo.Repository, data); err != nil {
 		return fmt.Errorf("UploadAvatar: %w", err)
 	}
 	return nil
diff --git a/routers/web/user/setting/profile.go b/routers/web/user/setting/profile.go
index 466fbff435..0190e5bdac 100644
--- a/routers/web/user/setting/profile.go
+++ b/routers/web/user/setting/profile.go
@@ -5,9 +5,7 @@
 package setting
 
 import (
-	"errors"
 	"fmt"
-	"io"
 	"math/big"
 	"net/http"
 	"os"
@@ -25,7 +23,6 @@ import (
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/translation"
-	"forgejo.org/modules/typesniffer"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
 	"forgejo.org/modules/web/middleware"
@@ -138,27 +135,12 @@ func UpdateAvatarSetting(ctx *context.Context, form *forms.AvatarForm, ctxUser *
 		ctxUser.AvatarEmail = form.Gravatar
 	}
 
-	if form.Avatar != nil && form.Avatar.Filename != "" {
-		fr, err := form.Avatar.Open()
-		if err != nil {
-			return fmt.Errorf("Avatar.Open: %w", err)
-		}
-		defer fr.Close()
-
-		if form.Avatar.Size > setting.Avatar.MaxFileSize {
-			return errors.New(ctx.Locale.TrString("settings.uploaded_avatar_is_too_big", form.Avatar.Size/1024, setting.Avatar.MaxFileSize/1024))
-		}
-
-		data, err := io.ReadAll(fr)
-		if err != nil {
-			return fmt.Errorf("io.ReadAll: %w", err)
-		}
-
-		st := typesniffer.DetectContentType(data, "")
-		if !st.IsImage() || st.IsSvgImage() {
-			return errors.New(ctx.Locale.TrString("settings.uploaded_avatar_not_a_image"))
-		}
-		if err = user_service.UploadAvatar(ctx, ctxUser, data); err != nil {
+	data, err := forms.ReadAvatar(form.Avatar, ctx.Locale)
+	if err != nil {
+		return err
+	}
+	if data != nil {
+		if err := user_service.UploadAvatar(ctx, ctxUser, data); err != nil {
 			return fmt.Errorf("UploadAvatar: %w", err)
 		}
 	} else if ctxUser.UseCustomAvatar && ctxUser.Avatar == "" {
diff --git a/services/forms/avatar.go b/services/forms/avatar.go
new file mode 100644
index 0000000000..47cdc6c0df
--- /dev/null
+++ b/services/forms/avatar.go
@@ -0,0 +1,45 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forms
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"mime/multipart"
+
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/translation"
+	"forgejo.org/modules/typesniffer"
+)
+
+// ReadAvatar reads and validates an avatar from a multipart file header.
+func ReadAvatar(header *multipart.FileHeader, locale translation.Locale) ([]byte, error) {
+	if header == nil || header.Filename == "" {
+		return nil, nil
+	}
+
+	r, err := header.Open()
+	if err != nil {
+		return nil, fmt.Errorf("Avatar.Open: %w", err)
+	}
+	defer r.Close()
+
+	if header.Size > setting.Avatar.MaxFileSize {
+		return nil, errors.New(locale.TrString("settings.uploaded_avatar_is_too_big", header.Size/1024, setting.Avatar.MaxFileSize/1024))
+	}
+
+	data, err := io.ReadAll(r)
+	if err != nil {
+		return nil, fmt.Errorf("io.ReadAll: %w", err)
+	}
+
+	st := typesniffer.DetectContentType(data, "")
+	if !st.IsImage() || st.IsSvgImage() {
+		return nil, errors.New(locale.TrString("settings.uploaded_avatar_not_a_image"))
+	}
+
+	return data, nil
+}
diff --git a/tests/integration/repo_avatar_test.go b/tests/integration/repo_avatar_test.go
new file mode 100644
index 0000000000..451557119c
--- /dev/null
+++ b/tests/integration/repo_avatar_test.go
@@ -0,0 +1,94 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"bytes"
+	"image/png"
+	"io"
+	"mime/multipart"
+	"net/http"
+	"testing"
+
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/avatar"
+	app_context "forgejo.org/services/context"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestRepoAvatar(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+	session := loginUser(t, user2.Name)
+	avatarURL := "/" + repo.OwnerName + "/" + repo.Name + "/settings/avatar"
+
+	t.Run("valid avatar", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		img, err := avatar.RandomImage([]byte("seed"))
+		require.NoError(t, err)
+
+		imgData := &bytes.Buffer{}
+		require.NoError(t, png.Encode(imgData, img))
+
+		body := &bytes.Buffer{}
+		writer := multipart.NewWriter(body)
+		require.NoError(t, writer.WriteField("source", "local"))
+		part, err := writer.CreateFormFile("avatar", "avatar.png")
+		require.NoError(t, err)
+		_, err = io.Copy(part, imgData)
+		require.NoError(t, err)
+		require.NoError(t, writer.Close())
+
+		req := NewRequestWithBody(t, "POST", avatarURL, body)
+		req.Header.Add("Content-Type", writer.FormDataContentType())
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
+		require.NotNil(t, flashCookie)
+		assert.Contains(t, flashCookie.Value, "success")
+
+		// Verify avatar was actually set
+		repo = unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		assert.NotEmpty(t, repo.CustomAvatarRelativePath())
+
+		// Verify avatar is accessible
+		req = NewRequest(t, "GET", "/repo-avatars/"+repo.Avatar)
+		_ = session.MakeRequest(t, req, http.StatusOK)
+
+		// Clean up
+		req = NewRequest(t, "POST", avatarURL+"/delete")
+		session.MakeRequest(t, req, http.StatusOK)
+	})
+
+	t.Run("no file selected", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// Simulate what a browser sends when user did not select a file
+		body := &bytes.Buffer{}
+		writer := multipart.NewWriter(body)
+		require.NoError(t, writer.WriteField("source", "local"))
+		_, err := writer.CreateFormFile("avatar", "")
+		require.NoError(t, err)
+		require.NoError(t, writer.Close())
+
+		req := NewRequestWithBody(t, "POST", avatarURL, body)
+		req.Header.Add("Content-Type", writer.FormDataContentType())
+		session.MakeRequest(t, req, http.StatusSeeOther)
+
+		// Should silently skip
+		flashCookie := session.GetCookie(app_context.CookieNameFlash)
+		if flashCookie != nil {
+			assert.NotContains(t, flashCookie.Value, "error")
+		}
+	})
+}

From 2db6210f69b6546c9e1458bd22275898064af9fb Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 7 Mar 2026 21:55:08 +0100
Subject: [PATCH 452/854] feat: read, create, & delete repo-specific access
 tokens via API (#11504)

This PR is part of a series (#11311).

Adds support for reading and creating repo-secific access tokens through the API via the `GET /users/{username}/tokens`, `POST /users/{username}/tokens`, and `DELETE /users/{username}/tokens/{id}` APIs.

Validation rules are included to [restrict repo-specific access tokens to specific scopes](https://codeberg.org/forgejo/design/issues/50#issuecomment-11093951).

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11504): <!--number 11504 --><!--line 0 --><!--description cmVhZCwgY3JlYXRlLCAmIGRlbGV0ZSByZXBvLXNwZWNpZmljIGFjY2VzcyB0b2tlbnMgdmlhIEFQSQ==-->read, create, & delete repo-specific access tokens via API<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11504
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .../access_token_resource_repo.yml            |  17 ++
 models/auth/access_token.go                   |  24 ++-
 models/auth/access_token_resource.go          |  32 +++
 models/auth/access_token_resource_test.go     |  88 +++++++-
 modules/structs/repo.go                       |   9 +
 modules/structs/user_app.go                   |   5 +
 options/locale_next/locale_en-US.json         |   3 +
 routers/api/v1/user/app.go                    | 132 +++++++++++-
 services/authz/access_token.go                |  54 +++++
 services/authz/access_token_test.go           |  53 +++++
 templates/swagger/v1_json.tmpl                |  36 ++++
 tests/integration/api_token_test.go           | 189 ++++++++++++++++--
 12 files changed, 615 insertions(+), 27 deletions(-)
 create mode 100644 models/auth/TestGetRepositoriesAccessibleWithTokens/access_token_resource_repo.yml

diff --git a/models/auth/TestGetRepositoriesAccessibleWithTokens/access_token_resource_repo.yml b/models/auth/TestGetRepositoriesAccessibleWithTokens/access_token_resource_repo.yml
new file mode 100644
index 0000000000..1f1a552361
--- /dev/null
+++ b/models/auth/TestGetRepositoriesAccessibleWithTokens/access_token_resource_repo.yml
@@ -0,0 +1,17 @@
+- token_id: 3
+  repo_id: 1
+  created_unix: 1772158384
+- token_id: 3
+  repo_id: 2
+  created_unix: 1772158384
+- token_id: 3
+  repo_id: 3
+  created_unix: 1772158384
+
+- token_id: 2
+  repo_id: 1
+  created_unix: 1772158384
+  # (no repo 2 for token 2)
+- token_id: 2
+  repo_id: 3
+  created_unix: 1772158384
diff --git a/models/auth/access_token.go b/models/auth/access_token.go
index 85b89055e1..3311769573 100644
--- a/models/auth/access_token.go
+++ b/models/auth/access_token.go
@@ -224,15 +224,23 @@ func (opts ListAccessTokensOptions) ToOrders() string {
 
 // DeleteAccessTokenByID deletes access token by given ID.
 func DeleteAccessTokenByID(ctx context.Context, id, userID int64) error {
-	cnt, err := db.GetEngine(ctx).ID(id).Delete(&AccessToken{
-		UID: userID,
+	return db.WithTx(ctx, func(ctx context.Context) error {
+		if err := db.DeleteBeans(ctx,
+			&AccessTokenResourceRepo{TokenID: id},
+		); err != nil {
+			return fmt.Errorf("DeleteBeans: %w", err)
+		}
+
+		cnt, err := db.GetEngine(ctx).ID(id).Delete(&AccessToken{
+			UID: userID,
+		})
+		if err != nil {
+			return err
+		} else if cnt != 1 {
+			return ErrAccessTokenNotExist{}
+		}
+		return nil
 	})
-	if err != nil {
-		return err
-	} else if cnt != 1 {
-		return ErrAccessTokenNotExist{}
-	}
-	return nil
 }
 
 // RegenerateAccessTokenByID regenerates access token by given ID.
diff --git a/models/auth/access_token_resource.go b/models/auth/access_token_resource.go
index 1e29ac4765..bf98c52b69 100644
--- a/models/auth/access_token_resource.go
+++ b/models/auth/access_token_resource.go
@@ -34,3 +34,35 @@ func GetRepositoriesAccessibleWithToken(ctx context.Context, accessTokenID int64
 	}
 	return resources, nil
 }
+
+func GetRepositoriesAccessibleWithTokens(ctx context.Context, accessTokens []*AccessToken) (map[int64][]*AccessTokenResourceRepo, error) {
+	accessTokenIDs := make([]int64, len(accessTokens))
+	for i, at := range accessTokens {
+		accessTokenIDs[i] = at.ID
+	}
+
+	var resources []*AccessTokenResourceRepo
+	err := db.GetEngine(ctx).
+		In("token_id", accessTokenIDs).
+		Find(&resources)
+	if err != nil {
+		return nil, err
+	}
+	retval := make(map[int64][]*AccessTokenResourceRepo)
+	for _, resource := range resources {
+		retval[resource.TokenID] = append(retval[resource.TokenID], resource)
+	}
+	return retval, nil
+}
+
+func InsertAccessTokenResourceRepos(ctx context.Context, accessTokenID int64, resources []*AccessTokenResourceRepo) error {
+	return db.WithTx(ctx, func(ctx context.Context) error {
+		for _, resourceRepo := range resources {
+			resourceRepo.TokenID = accessTokenID
+			if err := db.Insert(ctx, resourceRepo); err != nil {
+				return err
+			}
+		}
+		return nil
+	})
+}
diff --git a/models/auth/access_token_resource_test.go b/models/auth/access_token_resource_test.go
index 722dcc070d..d8cd4e286a 100644
--- a/models/auth/access_token_resource_test.go
+++ b/models/auth/access_token_resource_test.go
@@ -7,7 +7,6 @@ import (
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
-	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
 
 	"github.com/stretchr/testify/assert"
@@ -19,13 +18,13 @@ func TestGetRepositoriesAccessibleWithToken(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
 	t.Run("No Resources", func(t *testing.T) {
-		resources, err := auth_model.GetRepositoriesAccessibleWithToken(db.DefaultContext, 999)
+		resources, err := auth_model.GetRepositoriesAccessibleWithToken(t.Context(), 999)
 		require.NoError(t, err)
 		assert.Empty(t, resources)
 	})
 
 	t.Run("Has Resources", func(t *testing.T) {
-		resources, err := auth_model.GetRepositoriesAccessibleWithToken(db.DefaultContext, 3)
+		resources, err := auth_model.GetRepositoriesAccessibleWithToken(t.Context(), 3)
 		require.NoError(t, err)
 		require.Len(t, resources, 3)
 
@@ -39,3 +38,86 @@ func TestGetRepositoriesAccessibleWithToken(t *testing.T) {
 		assert.Contains(t, repoIDs, int64(3))
 	})
 }
+
+func TestGetRepositoriesAccessibleWithTokens(t *testing.T) {
+	defer unittest.OverrideFixtures("models/auth/TestGetRepositoriesAccessibleWithTokens")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	token1 := unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{ID: 1})
+	token2 := unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{ID: 2})
+	token3 := unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{ID: 3})
+
+	t.Run("No Tokens", func(t *testing.T) {
+		resources, err := auth_model.GetRepositoriesAccessibleWithTokens(t.Context(), []*auth_model.AccessToken{})
+		require.NoError(t, err)
+		assert.Empty(t, resources)
+	})
+
+	t.Run("Multiple Access Tokens", func(t *testing.T) {
+		resources, err := auth_model.GetRepositoriesAccessibleWithTokens(t.Context(), []*auth_model.AccessToken{token1, token2, token3})
+		require.NoError(t, err)
+
+		repos1, ok := resources[token1.ID]
+		assert.False(t, ok)
+		assert.Empty(t, repos1)
+
+		repos2, ok := resources[token2.ID]
+		assert.True(t, ok)
+		assert.Len(t, repos2, 2)
+
+		repos3, ok := resources[token3.ID]
+		assert.True(t, ok)
+		assert.Len(t, repos3, 3)
+	})
+}
+
+func TestInsertAccessTokenResourceRepos(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	token1 := unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{ID: 1})
+	token2 := unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{ID: 2})
+	token3 := unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{ID: 3})
+
+	t.Run("blank insert", func(t *testing.T) {
+		err := auth_model.InsertAccessTokenResourceRepos(t.Context(), token1.ID, nil)
+		require.NoError(t, err)
+	})
+
+	t.Run("multiple insert", func(t *testing.T) {
+		resRepo1 := &auth_model.AccessTokenResourceRepo{
+			TokenID: token2.ID,
+			RepoID:  1,
+		}
+		resRepo3 := &auth_model.AccessTokenResourceRepo{
+			TokenID: token2.ID,
+			RepoID:  3,
+		}
+		err := auth_model.InsertAccessTokenResourceRepos(t.Context(), token2.ID,
+			[]*auth_model.AccessTokenResourceRepo{resRepo1, resRepo3})
+		require.NoError(t, err)
+
+		unittest.AssertCount(t, &auth_model.AccessTokenResourceRepo{TokenID: token2.ID}, 2)
+	})
+
+	t.Run("in tx", func(t *testing.T) {
+		// Pre-condition: count is 0.
+		unittest.AssertCount(t, &auth_model.AccessTokenResourceRepo{TokenID: token3.ID}, 0)
+
+		// Verify that InsertAccessTokenResourceRepos performs inserts in a TX by having a second one with an invalid
+		// RepoID, causing a foreign key violation
+		resRepo1 := &auth_model.AccessTokenResourceRepo{
+			TokenID: token3.ID,
+			RepoID:  1,
+		}
+		resRepo3 := &auth_model.AccessTokenResourceRepo{
+			TokenID: token3.ID,
+			RepoID:  30000, // invalid
+		}
+		err := auth_model.InsertAccessTokenResourceRepos(t.Context(), token3.ID,
+			[]*auth_model.AccessTokenResourceRepo{resRepo1, resRepo3})
+		require.ErrorContains(t, err, "foreign key")
+
+		// Count remains 0; the first record was not inserted.
+		unittest.AssertCount(t, &auth_model.AccessTokenResourceRepo{TokenID: token3.ID}, 0)
+	})
+}
diff --git a/modules/structs/repo.go b/modules/structs/repo.go
index 01cbf26f61..a8e8249f18 100644
--- a/modules/structs/repo.go
+++ b/modules/structs/repo.go
@@ -436,3 +436,12 @@ type UpdateRepoAvatarOption struct {
 	// image must be base64 encoded
 	Image string `json:"image" binding:"Required"`
 }
+
+type RepoTargetOption struct {
+	// Name of user or organisation that owns the repository
+	// required: true
+	Owner string `json:"owner"`
+	// Name of repository
+	// required: true
+	Name string `json:"name"`
+}
diff --git a/modules/structs/user_app.go b/modules/structs/user_app.go
index a7504085fd..357f3aed0a 100644
--- a/modules/structs/user_app.go
+++ b/modules/structs/user_app.go
@@ -16,6 +16,9 @@ type AccessToken struct {
 	Token          string   `json:"sha1"`
 	TokenLastEight string   `json:"token_last_eight"`
 	Scopes         []string `json:"scopes"`
+	// Indicates that an access token only has access to the specified repositories.  Will be null if the access token
+	// is not limited to a set of specified repositories.
+	Repositories []*RepositoryMeta `json:"repositories"`
 }
 
 // AccessTokenList represents a list of API access token.
@@ -28,6 +31,8 @@ type CreateAccessTokenOption struct {
 	Name string `json:"name" binding:"Required"`
 	// example: ["all", "read:activitypub","read:issue", "write:misc", "read:notification", "read:organization", "read:package", "read:repository", "read:user"]
 	Scopes []string `json:"scopes"`
+	// If provided and not-empty, creates an access token with access only to specified repositories.
+	Repositories []*RepoTargetOption `json:"repositories"`
 }
 
 // CreateOAuth2ApplicationOptions holds options to create an oauth2 application
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 9047ca393c..ff67abe384 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -395,6 +395,9 @@
 	"packages.owner.settings.chef.title": "Chef registry",
 	"packages.owner.settings.chef.keypair": "Generate key pair",
 	"packages.owner.settings.chef.keypair.description": "Requests sent to the Chef registry must be cryptographically signed as a means of authentication. When generating a keypair, only the public key is stored on Forgejo. The private key is provided to you to be used with knife. Generating a new keypair will overwrite the previous one.",
+	"access_token.error.specified_repos_none": "Access tokens with specified repositories must have at least one repository.",
+	"access_token.error.specified_repos_and_public_only": "Access tokens with specified repositories cannot be combined with the public-only scope.",
+	"access_token.error.specified_repos_and_invalid_scope": "Access tokens with specified repositories can only be used with the read:issue, write:issue, read:repository, and write:repository scopes.",
 	"actions.status.diagnostics.waiting": {
 		"one": "Waiting for a runner with the following label: %s",
 		"other": "Waiting for a runner with the following labels: %s"
diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go
index a75c389a34..b223d35332 100644
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -5,17 +5,25 @@
 package user
 
 import (
+	"cmp"
+	stdCtx "context"
 	"errors"
 	"fmt"
 	"net/http"
+	"slices"
 	"strconv"
 	"strings"
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
+	access_model "forgejo.org/models/perm/access"
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/modules/container"
+	"forgejo.org/modules/optional"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/web"
 	"forgejo.org/routers/api/v1/utils"
+	"forgejo.org/services/authz"
 	"forgejo.org/services/context"
 	"forgejo.org/services/convert"
 )
@@ -57,6 +65,45 @@ func ListAccessTokens(ctx *context.APIContext) {
 		return
 	}
 
+	// Load all the AccessTokenResourceRepo for the tokens that we're returning:
+	allRepoIDs := container.Set[int64]{}
+	repoResourcesByTokenID, err := auth_model.GetRepositoriesAccessibleWithTokens(ctx, tokens)
+	if err != nil {
+		ctx.InternalServerError(err)
+		return
+	}
+
+	// Load all the Repository models that are referenced by the AccessTokenResourceRepo's:
+	for _, repoResources := range repoResourcesByTokenID {
+		for _, repoResource := range repoResources {
+			allRepoIDs.Add(repoResource.RepoID)
+		}
+	}
+	reposByID, err := repo_model.GetRepositoriesMapByIDs(ctx, allRepoIDs.Slice())
+	if err != nil {
+		ctx.InternalServerError(err)
+		return
+	}
+
+	// Prepare a lookup map to access the repositories by token ID:
+	reposByTokenID := make(map[int64][]*api.RepositoryMeta)
+	for tokenID, repoResources := range repoResourcesByTokenID {
+		for _, repoResource := range repoResources {
+			repo, ok := reposByID[repoResource.RepoID]
+			if !ok {
+				// Shouldn't be possible with the foreign key on `AccessTokenResourceRepo` to the repository table.
+				ctx.Error(http.StatusInternalServerError, "reposById", "missing repository")
+				return
+			}
+			reposByTokenID[tokenID] = append(reposByTokenID[tokenID], &api.RepositoryMeta{
+				ID:       repo.ID,
+				Name:     repo.Name,
+				Owner:    repo.OwnerName,
+				FullName: repo.FullName(),
+			})
+		}
+	}
+
 	apiTokens := make([]*api.AccessToken, len(tokens))
 	for i := range tokens {
 		apiTokens[i] = &api.AccessToken{
@@ -64,13 +111,32 @@ func ListAccessTokens(ctx *context.APIContext) {
 			Name:           tokens[i].Name,
 			TokenLastEight: tokens[i].TokenLastEight,
 			Scopes:         tokens[i].Scope.StringSlice(),
+			Repositories:   reposByTokenID[tokens[i].ID],
 		}
+		// Provide a consistent sort order on repositories, helpful for test consistency.  Hard to do any earlier
+		// because of the bulk loading maps.
+		slices.SortFunc(apiTokens[i].Repositories, func(a, b *api.RepositoryMeta) int {
+			return cmp.Compare(a.ID, b.ID)
+		})
 	}
 
 	ctx.SetTotalCountHeader(count)
 	ctx.JSON(http.StatusOK, &apiTokens)
 }
 
+func translateAccessTokenValidationError(ctx *context.Base, err error) optional.Option[string] {
+	switch {
+	case errors.Is(err, authz.ErrSpecifiedReposNone):
+		return optional.Some[string](ctx.Locale.TrString("access_token.error.specified_repos_none"))
+	case errors.Is(err, authz.ErrSpecifiedReposNoPublicOnly):
+		return optional.Some[string](ctx.Locale.TrString("access_token.error.specified_repos_and_public_only"))
+	case errors.Is(err, authz.ErrSpecifiedReposInvalidScope):
+		return optional.Some[string](ctx.Locale.TrString("access_token.error.specified_repos_and_invalid_scope"))
+	default:
+		return optional.None[string]()
+	}
+}
+
 // CreateAccessToken creates an access token
 func CreateAccessToken(ctx *context.APIContext) {
 	// swagger:operation POST /users/{username}/tokens user userCreateToken
@@ -128,11 +194,68 @@ func CreateAccessToken(ctx *context.APIContext) {
 	}
 	t.Scope = scope
 
-	// maintain legacy behaviour until new API options are added -- token has access to all resources, is not
-	// fine-grained
-	t.ResourceAllRepos = true
+	var resourceRepos []*auth_model.AccessTokenResourceRepo
+	var tokenRepositories []*api.RepositoryMeta
 
-	if err := auth_model.NewAccessToken(ctx, t); err != nil {
+	if len(form.Repositories) != 0 {
+		repos := make([]*repo_model.Repository, len(form.Repositories))
+		for i, repoTarget := range form.Repositories {
+			repo, err := repo_model.GetRepositoryByOwnerAndName(ctx, repoTarget.Owner, repoTarget.Name)
+			if err != nil && repo_model.IsErrRepoNotExist(err) {
+				ctx.Error(http.StatusBadRequest, "GetRepositoryByOwnerAndName", fmt.Errorf("repository %s/%s does not exist", repoTarget.Owner, repoTarget.Name))
+				return
+			} else if err != nil {
+				ctx.ServerError("GetRepositoryByOwnerAndName", err)
+				return
+			}
+			permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
+			if err != nil {
+				ctx.ServerError("GetUserRepoPermissionWithReducer", err)
+				return
+			} else if !permission.HasAccess() {
+				// Prevent data existence probing -- ensure this error is the exact same as the !IsErrRepoNotExist case above
+				ctx.Error(http.StatusBadRequest, "GetRepositoryByOwnerAndName", fmt.Errorf("repository %s/%s does not exist", repoTarget.Owner, repoTarget.Name))
+				return
+			}
+			repos[i] = repo
+		}
+
+		for _, repo := range repos {
+			resourceRepos = append(resourceRepos, &auth_model.AccessTokenResourceRepo{RepoID: repo.ID})
+			tokenRepositories = append(tokenRepositories, &api.RepositoryMeta{
+				ID:       repo.ID,
+				Name:     repo.Name,
+				Owner:    repo.OwnerName,
+				FullName: repo.FullName(),
+			})
+		}
+
+		t.ResourceAllRepos = false
+	} else {
+		// token has access to all repository resources
+		t.ResourceAllRepos = true
+	}
+
+	if err := authz.ValidateAccessToken(t, resourceRepos); err != nil {
+		s := translateAccessTokenValidationError(ctx.Base, err)
+		if has, str := s.Get(); has {
+			ctx.Error(http.StatusBadRequest, "ValidateAccessToken", str)
+			return
+		}
+		ctx.ServerError("ValidateAccessToken", err)
+		return
+	}
+
+	err = db.WithTx(ctx, func(ctx stdCtx.Context) error {
+		if err := auth_model.NewAccessToken(ctx, t); err != nil {
+			return nil
+		}
+		if err := auth_model.InsertAccessTokenResourceRepos(ctx, t.ID, resourceRepos); err != nil {
+			return nil
+		}
+		return nil
+	})
+	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "NewAccessToken", err)
 		return
 	}
@@ -142,6 +265,7 @@ func CreateAccessToken(ctx *context.APIContext) {
 		ID:             t.ID,
 		TokenLastEight: t.TokenLastEight,
 		Scopes:         t.Scope.StringSlice(),
+		Repositories:   tokenRepositories,
 	})
 }
 
diff --git a/services/authz/access_token.go b/services/authz/access_token.go
index 1d7b09e91e..207fdd6546 100644
--- a/services/authz/access_token.go
+++ b/services/authz/access_token.go
@@ -5,6 +5,7 @@ package authz
 
 import (
 	"context"
+	"errors"
 	"fmt"
 
 	auth_model "forgejo.org/models/auth"
@@ -26,3 +27,56 @@ func GetAuthorizationReducerForAccessToken(ctx context.Context, token *auth_mode
 	}
 	return &SpecificReposAuthorizationReducer{resourceRepos: repos}, nil
 }
+
+// A locale lookup string for the error -- eg. `access_token.error.invalid_something`
+type AccessTokenValidationFailure string
+
+// Validate that an access token's state is valid for creation.  For example, that it doesn't have a conflicting set of
+// resources (public-only and specific repositories), and other similar checks.
+func ValidateAccessToken(token *auth_model.AccessToken, repoResources []*auth_model.AccessTokenResourceRepo) error {
+	// Other validations may be added here in the future.
+	return validateRepositoryResource(token, repoResources)
+}
+
+var (
+	ErrSpecifiedReposNone         = errors.New("specified repository access token: must have at least one repository")
+	ErrSpecifiedReposNoPublicOnly = errors.New("specified repository access token: cannot be combined with public-only scope")
+	ErrSpecifiedReposInvalidScope = errors.New("specified repository access token: invalid scope")
+)
+
+func validateRepositoryResource(token *auth_model.AccessToken, repoResources []*auth_model.AccessTokenResourceRepo) error {
+	// Access tokens with broad access to all resources don't have any relevant validation rules to apply.
+	if token.ResourceAllRepos {
+		return nil
+	}
+
+	// Repo-specific access token must have at least one repository.
+	if len(repoResources) == 0 {
+		return ErrSpecifiedReposNone
+	}
+
+	// Can't have public-only and specified repos -- that's a combination that doesn't make sense.
+	if publicOnly, err := token.Scope.PublicOnly(); err != nil {
+		return err
+	} else if publicOnly {
+		return ErrSpecifiedReposNoPublicOnly
+	}
+
+	// Repo-specific access tokens are only effective at restricting permissions if they are limited to the scopes that
+	// support repositories as a resource.  For example, if you had a repo-specific token but then gave it
+	// `write:organization`, it would be able to do operations like delete an organization -- permission checks on the
+	// repository resources wouldn't be applicable to the organization resources.
+	for _, scope := range token.Scope.StringSlice() {
+		switch auth_model.AccessTokenScope(scope) {
+		case auth_model.AccessTokenScopeReadIssue,
+			auth_model.AccessTokenScopeWriteIssue,
+			auth_model.AccessTokenScopeReadRepository,
+			auth_model.AccessTokenScopeWriteRepository:
+			continue
+		default:
+			return fmt.Errorf("%w: cannot be combined with scope %s", ErrSpecifiedReposInvalidScope, scope)
+		}
+	}
+
+	return nil
+}
diff --git a/services/authz/access_token_test.go b/services/authz/access_token_test.go
index d037add76f..8219e2a057 100644
--- a/services/authz/access_token_test.go
+++ b/services/authz/access_token_test.go
@@ -4,6 +4,7 @@
 package authz
 
 import (
+	"strings"
 	"testing"
 
 	"forgejo.org/models/auth"
@@ -44,3 +45,55 @@ func TestGetAuthorizationReducerForAccessToken(t *testing.T) {
 		assert.EqualValues(t, 1, specific.resourceRepos[0].RepoID)
 	})
 }
+
+func TestValidateAccessToken(t *testing.T) {
+	t.Run("valid - all access", func(t *testing.T) {
+		token := &auth.AccessToken{
+			ResourceAllRepos: true,
+			Scope:            auth.AccessTokenScopeReadRepository,
+		}
+		err := ValidateAccessToken(token, nil)
+		require.NoError(t, err)
+	})
+
+	t.Run("valid - specified repos", func(t *testing.T) {
+		token := &auth.AccessToken{
+			ResourceAllRepos: false,
+			Scope:            auth.AccessTokenScopeReadRepository,
+		}
+		resources := []*auth.AccessTokenResourceRepo{{RepoID: 12}}
+		err := ValidateAccessToken(token, resources)
+		require.NoError(t, err)
+	})
+
+	t.Run("invalid - no specified repos", func(t *testing.T) {
+		token := &auth.AccessToken{
+			ResourceAllRepos: false,
+			Scope:            auth.AccessTokenScopeReadRepository,
+		}
+		resources := []*auth.AccessTokenResourceRepo{}
+		err := ValidateAccessToken(token, resources)
+		require.ErrorIs(t, err, ErrSpecifiedReposNone)
+	})
+
+	t.Run("invalid - specified repos & public-only", func(t *testing.T) {
+		token := &auth.AccessToken{
+			ResourceAllRepos: false,
+			Scope:            auth.AccessTokenScope(strings.Join([]string{string(auth.AccessTokenScopePublicOnly), string(auth.AccessTokenScopeReadRepository)}, ",")),
+		}
+		resources := []*auth.AccessTokenResourceRepo{{RepoID: 12}}
+		err := ValidateAccessToken(token, resources)
+		require.ErrorIs(t, err, ErrSpecifiedReposNoPublicOnly)
+	})
+
+	t.Run("invalid - specified repos unsupported scopes", func(t *testing.T) {
+		token := &auth.AccessToken{
+			ResourceAllRepos: false,
+			Scope:            auth.AccessTokenScopeReadAdmin,
+		}
+		resources := []*auth.AccessTokenResourceRepo{{RepoID: 12}}
+		err := ValidateAccessToken(token, resources)
+		require.ErrorIs(t, err, ErrSpecifiedReposInvalidScope)
+		require.ErrorContains(t, err, string(auth.AccessTokenScopeReadAdmin))
+	})
+}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index f155e91f3c..11bde671df 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -22167,6 +22167,14 @@
           "type": "string",
           "x-go-name": "Name"
         },
+        "repositories": {
+          "description": "Indicates that an access token only has access to the specified repositories.  Will be null if the access token\nis not limited to a set of specified repositories.",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/RepositoryMeta"
+          },
+          "x-go-name": "Repositories"
+        },
         "scopes": {
           "type": "array",
           "items": {
@@ -23528,6 +23536,14 @@
           "type": "string",
           "x-go-name": "Name"
         },
+        "repositories": {
+          "description": "If provided and not-empty, creates an access token with access only to specified repositories.",
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/RepoTargetOption"
+          },
+          "x-go-name": "Repositories"
+        },
         "scopes": {
           "type": "array",
           "items": {
@@ -28742,6 +28758,26 @@
       },
       "x-go-package": "forgejo.org/modules/structs"
     },
+    "RepoTargetOption": {
+      "type": "object",
+      "required": [
+        "owner",
+        "name"
+      ],
+      "properties": {
+        "name": {
+          "description": "Name of repository",
+          "type": "string",
+          "x-go-name": "Name"
+        },
+        "owner": {
+          "description": "Name of user or organisation that owns the repository",
+          "type": "string",
+          "x-go-name": "Owner"
+        }
+      },
+      "x-go-package": "forgejo.org/modules/structs"
+    },
     "RepoTopicOptions": {
       "description": "RepoTopicOptions a collection of repo topic names",
       "type": "object",
diff --git a/tests/integration/api_token_test.go b/tests/integration/api_token_test.go
index 2beadfacc2..1b61885a9b 100644
--- a/tests/integration/api_token_test.go
+++ b/tests/integration/api_token_test.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"strings"
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
@@ -38,17 +39,78 @@ func TestAPIGetTokens(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 
-	// with basic auth...
-	req := NewRequest(t, "GET", "/api/v1/users/user2/tokens").
-		AddBasicAuth(user.Name)
-	MakeRequest(t, req, http.StatusOK)
+	t.Run("GET w/ basic auth", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
 
-	// ... or with a token.
-	newAccessToken := createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll})
-	req = NewRequest(t, "GET", "/api/v1/users/user2/tokens").
-		AddTokenAuth(newAccessToken.Token)
-	MakeRequest(t, req, http.StatusOK)
-	deleteAPIAccessToken(t, newAccessToken, user)
+		// with basic auth...
+		req := NewRequest(t, "GET", "/api/v1/users/user2/tokens").
+			AddBasicAuth(user.Name)
+		resp := MakeRequest(t, req, http.StatusOK)
+		var accessTokens api.AccessTokenList
+		DecodeJSON(t, resp, &accessTokens)
+
+		require.Len(t, accessTokens, 1)
+		at := accessTokens[0]
+		assert.EqualValues(t, 3, at.ID)
+		assert.Equal(t, "Token A", at.Name)
+		assert.Equal(t, []string{""}, at.Scopes)
+		assert.Empty(t, at.Token)
+		assert.Equal(t, "69d28c91", at.TokenLastEight)
+		assert.Nil(t, at.Repositories)
+	})
+
+	t.Run("GET w/ token auth", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// ... or with a token.
+		newAccessToken := createAPIAccessTokenWithoutCleanUp(t, "test-key-1", user, []auth_model.AccessTokenScope{auth_model.AccessTokenScopeAll})
+		req := NewRequest(t, "GET", "/api/v1/users/user2/tokens").
+			AddTokenAuth(newAccessToken.Token)
+		resp := MakeRequest(t, req, http.StatusOK)
+		var accessTokens api.AccessTokenList
+		DecodeJSON(t, resp, &accessTokens)
+		deleteAPIAccessToken(t, newAccessToken, user)
+	})
+
+	t.Run("GET fine-grained token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadUser},
+			[]int64{2, 3},
+		)
+
+		req := NewRequest(t, "GET", "/api/v1/users/user2/tokens").
+			AddBasicAuth(user.Name)
+		resp := MakeRequest(t, req, http.StatusOK)
+		var accessTokens api.AccessTokenList
+		DecodeJSON(t, resp, &accessTokens)
+
+		found := false
+		for _, token := range accessTokens {
+			if strings.HasSuffix(repo2OnlyToken, token.TokenLastEight) {
+				found = true
+				assert.Len(t, token.Repositories, 2)
+
+				repo2 := token.Repositories[0]
+				assert.Equal(t, &api.RepositoryMeta{
+					ID:       2,
+					Name:     "repo2",
+					Owner:    "user2",
+					FullName: "user2/repo2",
+				}, repo2)
+
+				repo3 := token.Repositories[1]
+				assert.Equal(t, &api.RepositoryMeta{
+					ID:       3,
+					Name:     "repo3",
+					Owner:    "org3",
+					FullName: "org3/repo3",
+				}, repo3)
+			}
+		}
+		assert.True(t, found)
+	})
 }
 
 // TestAPIDeleteMissingToken ensures that error is thrown when token not found
@@ -658,8 +720,111 @@ func TestAPITokenCreation(t *testing.T) {
 			"name":   "new-new-token",
 			"scopes": []auth_model.AccessTokenScope{auth_model.AccessTokenScopeWriteUser},
 		})
-		req.Request.Header.Set("Authorization", "basic "+base64.StdEncoding.EncodeToString([]byte("user4:"+userPassword)))
+		req.AddBasicAuth("user4")
 
-		MakeRequest(t, req, http.StatusCreated)
+		resp := MakeRequest(t, req, http.StatusCreated)
+		var token api.AccessToken
+		DecodeJSON(t, resp, &token)
+	})
+
+	t.Run("repo-specific", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		t.Run("valid", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequestWithJSON(t, "POST", "/api/v1/users/user2/tokens", &api.CreateAccessTokenOption{
+				Name:   "even-newer-token",
+				Scopes: []string{string(auth_model.AccessTokenScopeReadRepository)},
+				Repositories: []*api.RepoTargetOption{
+					{
+						Owner: "user2",
+						Name:  "repo2",
+					},
+				},
+			})
+			req.AddBasicAuth("user2")
+
+			resp := MakeRequest(t, req, http.StatusCreated)
+			var token api.AccessToken
+			DecodeJSON(t, resp, &token)
+			assert.NotEmpty(t, token.Repositories)
+		})
+
+		t.Run("target other user's private repo", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequestWithJSON(t, "POST", "/api/v1/users/user2/tokens", &api.CreateAccessTokenOption{
+				Name:   "not-a-valid-token",
+				Scopes: []string{string(auth_model.AccessTokenScopeReadRepository)},
+				Repositories: []*api.RepoTargetOption{
+					{
+						Owner: "user10",
+						Name:  "repo7", // private repo owned by another user
+					},
+				},
+			})
+			req.AddBasicAuth("user2")
+			MakeRequest(t, req, http.StatusBadRequest)
+		})
+
+		t.Run("target invalid repo", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequestWithJSON(t, "POST", "/api/v1/users/user2/tokens", &api.CreateAccessTokenOption{
+				Name:   "not-a-valid-token",
+				Scopes: []string{string(auth_model.AccessTokenScopeReadRepository)},
+				Repositories: []*api.RepoTargetOption{
+					{
+						// doesn't exist:
+						Owner: "user10000",
+						Name:  "repo70000",
+					},
+				},
+			})
+			req.AddBasicAuth("user2")
+			MakeRequest(t, req, http.StatusBadRequest)
+		})
+
+		t.Run("invalid scopes", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequestWithJSON(t, "POST", "/api/v1/users/user2/tokens", &api.CreateAccessTokenOption{
+				Name:   "not-a-valid-token",
+				Scopes: []string{string(auth_model.AccessTokenScopeReadAdmin)},
+				Repositories: []*api.RepoTargetOption{
+					{
+						Owner: "user2",
+						Name:  "repo2",
+					},
+				},
+			})
+			req.AddBasicAuth("user2")
+			MakeRequest(t, req, http.StatusBadRequest)
+		})
 	})
 }
+
+func TestAPITokenDelete(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	req := NewRequestWithJSON(t, "POST", "/api/v1/users/user2/tokens", &api.CreateAccessTokenOption{
+		Name:   "delete-this-token",
+		Scopes: []string{string(auth_model.AccessTokenScopeReadRepository)},
+		Repositories: []*api.RepoTargetOption{
+			{
+				Owner: "user2",
+				Name:  "repo2",
+			},
+		},
+	})
+	req.AddBasicAuth("user2")
+
+	resp := MakeRequest(t, req, http.StatusCreated)
+	var token api.AccessToken
+	DecodeJSON(t, resp, &token)
+
+	unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{ID: token.ID})
+
+	req = NewRequestf(t, "DELETE", "/api/v1/users/user2/tokens/%d", token.ID)
+	req.AddBasicAuth("user2")
+	MakeRequest(t, req, http.StatusNoContent)
+
+	unittest.AssertNotExistsBean(t, &auth_model.AccessToken{ID: token.ID})
+}

From bff5c00b804936a1d03c5335d99da180a861b8cf Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Sat, 7 Mar 2026 23:16:20 +0100
Subject: [PATCH 453/854] feat(api): more verbose error messages and swagger
 comments for posting issue comments (#11368)

Closes: #11364

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11368
Reviewed-by: Cyborus <cyborus@disroot.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
---
 modules/structs/issue_comment.go    | 33 +++++++++++++++++++++--------
 services/issue/issue.go             |  4 ++--
 templates/swagger/v1_json.tmpl      | 14 ++++++++++++
 tests/integration/api_issue_test.go |  2 +-
 4 files changed, 41 insertions(+), 12 deletions(-)

diff --git a/modules/structs/issue_comment.go b/modules/structs/issue_comment.go
index 9ecb4a1789..766442374d 100644
--- a/modules/structs/issue_comment.go
+++ b/modules/structs/issue_comment.go
@@ -9,33 +9,48 @@ import (
 
 // Comment represents a comment on a commit or issue
 type Comment struct {
-	ID               int64         `json:"id"`
-	HTMLURL          string        `json:"html_url"`
-	PRURL            string        `json:"pull_request_url"`
-	IssueURL         string        `json:"issue_url"`
-	Poster           *User         `json:"user"`
-	OriginalAuthor   string        `json:"original_author"`
-	OriginalAuthorID int64         `json:"original_author_id"`
-	Body             string        `json:"body"`
-	Attachments      []*Attachment `json:"assets"`
+	// The identifier of the comment
+	ID int64 `json:"id"`
+	// The HTML URL of the comment
+	HTMLURL string `json:"html_url"`
+	// The HTML URL of the pull request if the comment is posted on a pull request, else empty string
+	PRURL string `json:"pull_request_url"`
+	// The HTML URL of the issue if the comment is posted on an issue, else empty string
+	IssueURL string `json:"issue_url"`
+	// The user that posted the comment if it was posted locally
+	Poster *User `json:"user"`
+	// The original author that posted the comment if it was not posted locally, else empty string
+	OriginalAuthor string `json:"original_author"`
+	// The ID of the original author that posted the comment if it was not posted locally, else 0
+	OriginalAuthorID int64 `json:"original_author_id"`
+	// The body of the comment
+	Body string `json:"body"`
+	// The attachments to the comment
+	Attachments []*Attachment `json:"assets"`
+	// The time of the comment's creation
 	// swagger:strfmt date-time
 	Created time.Time `json:"created_at"`
+	// The time of the comment's update
 	// swagger:strfmt date-time
 	Updated time.Time `json:"updated_at"`
 }
 
 // CreateIssueCommentOption options for creating a comment on an issue
 type CreateIssueCommentOption struct {
+	// The body of the comment
 	// required:true
 	Body string `json:"body" binding:"Required"`
+	// The time of the comment's update, needs admin or repository owner permission
 	// swagger:strfmt date-time
 	Updated *time.Time `json:"updated_at"`
 }
 
 // EditIssueCommentOption options for editing a comment
 type EditIssueCommentOption struct {
+	// The body of the comment
 	// required: true
 	Body string `json:"body" binding:"Required"`
+	// The time of the comment's update, needs admin or repository owner permission
 	// swagger:strfmt date-time
 	Updated *time.Time `json:"updated_at"`
 }
diff --git a/services/issue/issue.go b/services/issue/issue.go
index 9dfbd903b6..7a65d87cd4 100644
--- a/services/issue/issue.go
+++ b/services/issue/issue.go
@@ -342,13 +342,13 @@ func SetIssueUpdateDate(ctx context.Context, issue *issues_model.Issue, updated
 		return err
 	}
 	if !perm.IsAdmin() && !perm.IsOwner() {
-		return errors.New("user needs to have admin or owner right")
+		return errors.New("user needs to have admin or repository owner right to set an update date")
 	}
 
 	// A simple guard against potential inconsistent calls
 	updatedUnix := timeutil.TimeStamp(updated.Unix())
 	if updatedUnix < issue.CreatedUnix || updatedUnix > timeutil.TimeStampNow() {
-		return errors.New("unallowed update date")
+		return errors.New("unallowed update date, because given date must be between issue creation date and now")
 	}
 
 	issue.UpdatedUnix = updatedUnix
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 11bde671df..d72142016a 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -23177,6 +23177,7 @@
       "type": "object",
       "properties": {
         "assets": {
+          "description": "The attachments to the comment",
           "type": "array",
           "items": {
             "$ref": "#/definitions/Attachment"
@@ -23184,41 +23185,50 @@
           "x-go-name": "Attachments"
         },
         "body": {
+          "description": "The body of the comment",
           "type": "string",
           "x-go-name": "Body"
         },
         "created_at": {
+          "description": "The time of the comment's creation",
           "type": "string",
           "format": "date-time",
           "x-go-name": "Created"
         },
         "html_url": {
+          "description": "The HTML URL of the comment",
           "type": "string",
           "x-go-name": "HTMLURL"
         },
         "id": {
+          "description": "The identifier of the comment",
           "type": "integer",
           "format": "int64",
           "x-go-name": "ID"
         },
         "issue_url": {
+          "description": "The HTML URL of the issue if the comment is posted on an issue, else empty string",
           "type": "string",
           "x-go-name": "IssueURL"
         },
         "original_author": {
+          "description": "The original author that posted the comment if it was not posted locally, else empty string",
           "type": "string",
           "x-go-name": "OriginalAuthor"
         },
         "original_author_id": {
+          "description": "The ID of the original author that posted the comment if it was not posted locally, else 0",
           "type": "integer",
           "format": "int64",
           "x-go-name": "OriginalAuthorID"
         },
         "pull_request_url": {
+          "description": "The HTML URL of the pull request if the comment is posted on a pull request, else empty string",
           "type": "string",
           "x-go-name": "PRURL"
         },
         "updated_at": {
+          "description": "The time of the comment's update",
           "type": "string",
           "format": "date-time",
           "x-go-name": "Updated"
@@ -23886,10 +23896,12 @@
       ],
       "properties": {
         "body": {
+          "description": "The body of the comment",
           "type": "string",
           "x-go-name": "Body"
         },
         "updated_at": {
+          "description": "The time of the comment's update, needs admin or repository owner permission",
           "type": "string",
           "format": "date-time",
           "x-go-name": "Updated"
@@ -25103,10 +25115,12 @@
       ],
       "properties": {
         "body": {
+          "description": "The body of the comment",
           "type": "string",
           "x-go-name": "Body"
         },
         "updated_at": {
+          "description": "The time of the comment's update, needs admin or repository owner permission",
           "type": "string",
           "format": "date-time",
           "x-go-name": "Updated"
diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go
index 3f57e31757..6267065602 100644
--- a/tests/integration/api_issue_test.go
+++ b/tests/integration/api_issue_test.go
@@ -418,7 +418,7 @@ func TestAPIEditIssueAutoDate(t *testing.T) {
 		var apiError api.APIError
 		DecodeJSON(t, resp, &apiError)
 
-		assert.Equal(t, "user needs to have admin or owner right", apiError.Message)
+		assert.Equal(t, "user needs to have admin or repository owner right to set an update date", apiError.Message)
 	})
 }
 

From c738e59dca25f5ce3633170da52e47feaae84237 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sun, 8 Mar 2026 00:11:31 +0100
Subject: [PATCH 454/854] fix: modals on small viewport height (#11547)

- For small modals fomantic tried to add a `scrolling` class using a function that was not implemented, this function is now stubbed.
- There's not really a need to conditionally change the behavior of scrolling or not, we can specify `overflow-y: auto` which is more than enough to take care of this. We do add some layout changes to ensure the modal is fully scrollable.
- Refactor to nested CSS.
- Resolves forgejo/forgejo#10991

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11547
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 tests/e2e/modal.test.e2e.ts    | 24 ++++++++++++++++++++++++
 web_src/css/modules/dimmer.css | 15 ++++++++++-----
 web_src/js/modules/dimmer.ts   |  1 +
 3 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/tests/e2e/modal.test.e2e.ts b/tests/e2e/modal.test.e2e.ts
index 28161a2012..40fe33e9a6 100644
--- a/tests/e2e/modal.test.e2e.ts
+++ b/tests/e2e/modal.test.e2e.ts
@@ -103,3 +103,27 @@ test('Dialog modal: width', async ({page, isMobile}) => {
     expect(width).toBe(800);
   }
 });
+
+test('Dialog modal: short viewport', async ({page, isMobile}) => {
+  test.skip(isMobile);
+
+  // Small height for viewport.
+  await page.setViewportSize({
+    width: 1000,
+    height: 200,
+  });
+
+  await page.goto('/user2/repo1/settings');
+
+  // Open modal with long content
+  const deleteModal = page.locator('#delete-repo-modal');
+  await expect(deleteModal).toBeHidden();
+  await page.getByRole('button', {name: 'Delete this repository'}).click();
+  await expect(deleteModal).toBeVisible();
+
+  // Scroll to the bottom.
+  const scrollY = await page.evaluate(() => document.querySelector('.ui.dimmer').scrollHeight);
+  await page.mouse.wheel(0, scrollY);
+  const scrollTop = await page.evaluate(() => document.querySelector('.ui.dimmer').scrollTop);
+  expect(scrollTop).toBeGreaterThan(0);
+});
diff --git a/web_src/css/modules/dimmer.css b/web_src/css/modules/dimmer.css
index 7ef4618a18..6e01487665 100644
--- a/web_src/css/modules/dimmer.css
+++ b/web_src/css/modules/dimmer.css
@@ -2,11 +2,6 @@ body:has(> .ui.active.dimmer) {
   overflow: hidden;
 }
 
-.ui.active.dimmer {
-  display: flex;
-  opacity: 1;
-}
-
 .ui.dimmer {
   align-items: center;
   animation-fill-mode: both;
@@ -16,10 +11,20 @@ body:has(> .ui.active.dimmer) {
   height: 100%;
   position: fixed;
   opacity: 0;
+  overflow: hidden auto;
   transform-origin: center center;
   justify-content: center;
   user-select: none;
   width: 100%;
   will-change: opacity;
   z-index: 1000;
+
+  &.active {
+    display: flex;
+    opacity: 1;
+  }
+
+  .scrolling {
+    top: 1em;
+  }
 }
diff --git a/web_src/js/modules/dimmer.ts b/web_src/js/modules/dimmer.ts
index 7f1cbaa7ad..3c8bde7a10 100644
--- a/web_src/js/modules/dimmer.ts
+++ b/web_src/js/modules/dimmer.ts
@@ -38,6 +38,7 @@ class Dimmer {
   }
   removeClass() {}
   hasClass() {}
+  addClass() {}
 }
 
 export function initDimmer() {

From 4b7eb821ff22796169c234903905e24461e77088 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 8 Mar 2026 02:30:53 +0100
Subject: [PATCH 455/854] Update module github.com/blevesearch/bleve/v2 to
 v2.5.7 (forgejo) (#11563)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11563
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index b922bea04b..6ac6cd5e3e 100644
--- a/go.mod
+++ b/go.mod
@@ -29,7 +29,7 @@ require (
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0
 	github.com/alecthomas/chroma/v2 v2.23.1
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
-	github.com/blevesearch/bleve/v2 v2.5.6
+	github.com/blevesearch/bleve/v2 v2.5.7
 	github.com/buildkite/terminal-to-html/v3 v3.16.8
 	github.com/caddyserver/certmagic v0.24.0
 	github.com/chi-middleware/proxy v1.1.1
@@ -146,7 +146,7 @@ require (
 	github.com/blevesearch/zapx/v13 v13.4.2 // indirect
 	github.com/blevesearch/zapx/v14 v14.4.2 // indirect
 	github.com/blevesearch/zapx/v15 v15.4.2 // indirect
-	github.com/blevesearch/zapx/v16 v16.2.7 // indirect
+	github.com/blevesearch/zapx/v16 v16.2.8 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.9.1 // indirect
 	github.com/bodgit/plumbing v1.3.0 // indirect
 	github.com/bodgit/sevenzip v1.6.1 // indirect
diff --git a/go.sum b/go.sum
index c2f80bd265..709591fb08 100644
--- a/go.sum
+++ b/go.sum
@@ -106,8 +106,8 @@ github.com/bits-and-blooms/bitset v1.22.0 h1:Tquv9S8+SGaS3EhyA+up3FXzmkhxPGjQQCk
 github.com/bits-and-blooms/bitset v1.22.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb h1:m935MPodAbYS46DG4pJSv7WO+VECIWUQ7OJYSoTrMh4=
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI=
-github.com/blevesearch/bleve/v2 v2.5.6 h1:YdixQmOUuZHojQRe8Te7BY2cRirbzpbcpybAFs0m2DI=
-github.com/blevesearch/bleve/v2 v2.5.6/go.mod h1:t5WoESS5TDteTdnjhhvpA1BpLYErOBX2IQViTMLK7wo=
+github.com/blevesearch/bleve/v2 v2.5.7 h1:2d9YrL5zrX5EBBW++GOaEKjE+NPWeZGaX77IM26m1Z8=
+github.com/blevesearch/bleve/v2 v2.5.7/go.mod h1:yj0NlS7ocGC4VOSAedqDDMktdh2935v2CSWOCDMHdSA=
 github.com/blevesearch/bleve_index_api v1.2.11 h1:bXQ54kVuwP8hdrXUSOnvTQfgK0KI1+f9A0ITJT8tX1s=
 github.com/blevesearch/bleve_index_api v1.2.11/go.mod h1:rKQDl4u51uwafZxFrPD1R7xFOwKnzZW7s/LSeK4lgo0=
 github.com/blevesearch/geo v0.2.4 h1:ECIGQhw+QALCZaDcogRTNSJYQXRtC8/m8IKiA706cqk=
@@ -140,8 +140,8 @@ github.com/blevesearch/zapx/v14 v14.4.2 h1:2SGHakVKd+TrtEqpfeq8X+So5PShQ5nW6GNxT
 github.com/blevesearch/zapx/v14 v14.4.2/go.mod h1:rz0XNb/OZSMjNorufDGSpFpjoFKhXmppH9Hi7a877D8=
 github.com/blevesearch/zapx/v15 v15.4.2 h1:sWxpDE0QQOTjyxYbAVjt3+0ieu8NCE0fDRaFxEsp31k=
 github.com/blevesearch/zapx/v15 v15.4.2/go.mod h1:1pssev/59FsuWcgSnTa0OeEpOzmhtmr/0/11H0Z8+Nw=
-github.com/blevesearch/zapx/v16 v16.2.7 h1:xcgFRa7f/tQXOwApVq7JWgPYSlzyUMmkuYa54tMDuR0=
-github.com/blevesearch/zapx/v16 v16.2.7/go.mod h1:murSoCJPCk25MqURrcJaBQ1RekuqSCSfMjXH4rHyA14=
+github.com/blevesearch/zapx/v16 v16.2.8 h1:SlnzF0YGtSlrsOE3oE7EgEX6BIepGpeqxs1IjMbHLQI=
+github.com/blevesearch/zapx/v16 v16.2.8/go.mod h1:murSoCJPCk25MqURrcJaBQ1RekuqSCSfMjXH4rHyA14=
 github.com/bmatcuk/doublestar/v4 v4.9.1 h1:X8jg9rRZmJd4yRy7ZeNDRnM+T3ZfHv15JiBJ/avrEXE=
 github.com/bmatcuk/doublestar/v4 v4.9.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/bodgit/plumbing v1.3.0 h1:pf9Itz1JOQgn7vEOE7v7nlEfBykYqvUYioC61TwWCFU=

From c357be8b52acae4fd62a0c53c04179a9b52b46fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=CE=88=CE=BB=CE=BB=CE=B5=CE=BD=20=CE=95=CE=BC=CE=AF=CE=BB?=
 =?UTF-8?q?=CE=B9=CE=B1=20=CE=86=CE=BD=CE=BD=CE=B1=20Zscheile?=
 <fogti+devel@ytrizja.de>
Date: Sun, 8 Mar 2026 02:41:37 +0100
Subject: [PATCH 456/854] chore: rename SafeHTML to TrustHTML (#11481)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Naming is less confusing this way, might not give the impression this will sanitize HTML to safe HTML.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11481
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>
Co-committed-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>
---
 modules/templates/helper.go               | 6 +++---
 templates/admin/packages/list.tmpl        | 2 +-
 templates/admin/repo/list.tmpl            | 2 +-
 templates/admin/stacktrace.tmpl           | 2 +-
 templates/org/member/members.tmpl         | 4 ++--
 templates/org/team/members.tmpl           | 2 +-
 templates/org/team/sidebar.tmpl           | 2 +-
 templates/org/team/teams.tmpl             | 2 +-
 templates/repo/pulse.tmpl                 | 4 ++--
 templates/repo/settings/lfs_file.tmpl     | 4 ++--
 templates/repo/sub_menu.tmpl              | 6 +++---
 templates/repo/wiki/view.tmpl             | 8 ++++----
 templates/user/settings/organization.tmpl | 2 +-
 templates/webhook/new/matrix.tmpl         | 2 +-
 templates/webhook/shared-settings.tmpl    | 2 +-
 15 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index 848d4b4ad4..693ef90d65 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -54,7 +54,7 @@ func NewFuncMap() template.FuncMap {
 		// html/template related functions
 		"dict":         dict, // it's lowercase because this name has been widely used. Our other functions should have uppercase names.
 		"Eval":         Eval,
-		"SafeHTML":     SafeHTML,
+		"TrustHTML":    TrustHTML,
 		"HTMLFormat":   HTMLFormat,
 		"HTMLEscape":   HTMLEscape,
 		"QueryEscape":  QueryEscape,
@@ -240,8 +240,8 @@ func HTMLFormat(s string, rawArgs ...any) template.HTML {
 	return template.HTML(fmt.Sprintf(s, args...))
 }
 
-// SafeHTML render raw as HTML
-func SafeHTML(s any) template.HTML {
+// TrustHTML render raw as HTML
+func TrustHTML(s any) template.HTML {
 	switch v := s.(type) {
 	case string:
 		return template.HTML(v)
diff --git a/templates/admin/packages/list.tmpl b/templates/admin/packages/list.tmpl
index ddb625fd8f..ce0903b576 100644
--- a/templates/admin/packages/list.tmpl
+++ b/templates/admin/packages/list.tmpl
@@ -89,7 +89,7 @@
 		{{ctx.Locale.Tr "packages.settings.delete"}}
 	</div>
 	<div class="content">
-		{{ctx.Locale.Tr "packages.settings.delete.notice" (`<span class="name"></span>`|SafeHTML) (`<span class="dataVersion"></span>`|SafeHTML)}}
+		{{ctx.Locale.Tr "packages.settings.delete.notice" (`<span class="name"></span>`|TrustHTML) (`<span class="dataVersion"></span>`|TrustHTML)}}
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
diff --git a/templates/admin/repo/list.tmpl b/templates/admin/repo/list.tmpl
index 8f3f41cea9..465c51ddcf 100644
--- a/templates/admin/repo/list.tmpl
+++ b/templates/admin/repo/list.tmpl
@@ -103,7 +103,7 @@
 	</div>
 	<div class="content">
 		<p>{{ctx.Locale.Tr "repo.settings.delete_desc"}}</p>
-		{{ctx.Locale.Tr "repo.settings.delete_notices_2" (`<span class="name"></span>`|SafeHTML)}}<br>
+		{{ctx.Locale.Tr "repo.settings.delete_notices_2" (`<span class="name"></span>`|TrustHTML)}}<br>
 		{{ctx.Locale.Tr "repo.settings.delete_notices_fork_1"}}<br>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
diff --git a/templates/admin/stacktrace.tmpl b/templates/admin/stacktrace.tmpl
index 57c0c210cc..b89140483c 100644
--- a/templates/admin/stacktrace.tmpl
+++ b/templates/admin/stacktrace.tmpl
@@ -40,7 +40,7 @@
 		{{ctx.Locale.Tr "admin.monitor.process.cancel"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "admin.monitor.process.cancel_notices" (`<span class="name"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "admin.monitor.process.cancel_notices" (`<span class="name"></span>`|TrustHTML)}}</p>
 		<p>{{ctx.Locale.Tr "admin.monitor.process.cancel_desc"}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
diff --git a/templates/org/member/members.tmpl b/templates/org/member/members.tmpl
index 0cbc1b5eb1..24d7fd09e0 100644
--- a/templates/org/member/members.tmpl
+++ b/templates/org/member/members.tmpl
@@ -74,7 +74,7 @@
 		{{ctx.Locale.Tr "org.members.leave"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.members.leave.detail" (`<span class="dataOrganizationName"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.members.leave.detail" (`<span class="dataOrganizationName"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
@@ -83,7 +83,7 @@
 		{{ctx.Locale.Tr "org.members.remove"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.members.remove.detail" (`<span class="name"></span>`|SafeHTML) (`<span class="dataOrganizationName"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.members.remove.detail" (`<span class="name"></span>`|TrustHTML) (`<span class="dataOrganizationName"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
diff --git a/templates/org/team/members.tmpl b/templates/org/team/members.tmpl
index 09b9ce3bf4..60667e963d 100644
--- a/templates/org/team/members.tmpl
+++ b/templates/org/team/members.tmpl
@@ -79,7 +79,7 @@
 		{{ctx.Locale.Tr "org.members.remove"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.members.remove.detail" (`<span class="name"></span>`|SafeHTML) (`<span class="dataTeamName"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.members.remove.detail" (`<span class="name"></span>`|TrustHTML) (`<span class="dataTeamName"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
diff --git a/templates/org/team/sidebar.tmpl b/templates/org/team/sidebar.tmpl
index 2592a5a8d1..302827003f 100644
--- a/templates/org/team/sidebar.tmpl
+++ b/templates/org/team/sidebar.tmpl
@@ -84,7 +84,7 @@
 		{{ctx.Locale.Tr "org.teams.leave"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.teams.leave.detail" (`<span class="name"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.teams.leave.detail" (`<span class="name"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
diff --git a/templates/org/team/teams.tmpl b/templates/org/team/teams.tmpl
index ef71c2652e..79749a1ee6 100644
--- a/templates/org/team/teams.tmpl
+++ b/templates/org/team/teams.tmpl
@@ -48,7 +48,7 @@
 		{{ctx.Locale.Tr "org.teams.leave"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.teams.leave.detail" (`<span class="name"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.teams.leave.detail" (`<span class="name"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
diff --git a/templates/repo/pulse.tmpl b/templates/repo/pulse.tmpl
index 4e54bb881f..4077287434 100644
--- a/templates/repo/pulse.tmpl
+++ b/templates/repo/pulse.tmpl
@@ -35,7 +35,7 @@
 				<a class="table-cell tiny tw-bg-grey"></a>
 			</div>
 			{{end}}
-			{{ctx.Locale.TrPluralString .Activity.ActivePRCount "pulse.n_active_prs" (printf "<strong>%d</strong>" .Activity.ActivePRCount | SafeHTML)}}
+			{{ctx.Locale.TrPluralString .Activity.ActivePRCount "pulse.n_active_prs" (printf "<strong>%d</strong>" .Activity.ActivePRCount | TrustHTML)}}
 		</div>
 	{{end}}
 	{{if .Permission.CanRead $.UnitTypeIssues}}
@@ -52,7 +52,7 @@
 				<a class="table-cell tiny tw-bg-grey"></a>
 			</div>
 			{{end}}
-			{{ctx.Locale.TrPluralString .Activity.ActiveIssueCount "pulse.n_active_issues" (printf "<strong>%d</strong>" .Activity.ActiveIssueCount | SafeHTML)}}
+			{{ctx.Locale.TrPluralString .Activity.ActiveIssueCount "pulse.n_active_issues" (printf "<strong>%d</strong>" .Activity.ActiveIssueCount | TrustHTML)}}
 		</div>
 	{{end}}
 </div>
diff --git a/templates/repo/settings/lfs_file.tmpl b/templates/repo/settings/lfs_file.tmpl
index 00bbae616a..ebbcc9b1f8 100644
--- a/templates/repo/settings/lfs_file.tmpl
+++ b/templates/repo/settings/lfs_file.tmpl
@@ -15,9 +15,9 @@
 				{{template "repo/unicode_escape_prompt" dict "EscapeStatus" .EscapeStatus "root" $}}
 				<div class="file-view{{if .IsMarkup}} markup {{.MarkupType}}{{else if .IsPlainText}} plain-text{{else if .IsTextFile}} code-view{{end}}">
 					{{if .IsMarkup}}
-						{{if .FileContent}}{{.FileContent | SafeHTML}}{{end}}
+						{{if .FileContent}}{{.FileContent | TrustHTML}}{{end}}
 					{{else if .IsPlainText}}
-						<pre>{{if .FileContent}}{{.FileContent | SafeHTML}}{{end}}</pre>
+						<pre>{{if .FileContent}}{{.FileContent | TrustHTML}}{{end}}</pre>
 					{{else if not .IsTextFile}}
 						<div class="view-raw">
 							{{if .IsImageFile}}
diff --git a/templates/repo/sub_menu.tmpl b/templates/repo/sub_menu.tmpl
index b79b14d059..96ecfdb50c 100644
--- a/templates/repo/sub_menu.tmpl
+++ b/templates/repo/sub_menu.tmpl
@@ -3,14 +3,14 @@
 	<div class="ui segment repository-menu">
 		{{if and (.Permission.CanRead $.UnitTypeCode) (not .IsEmptyRepo)}}
 			<a class="item muted {{if .PageIsCommits}}active{{end}}" href="{{.RepoLink}}/commits/{{.BranchNameSubURL}}">
-				{{svg "octicon-history"}} {{ctx.Locale.TrN .CommitsCount "repo.n_commit_one" "repo.n_commit_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .CommitsCount) | SafeHTML)}}
+				{{svg "octicon-history"}} {{ctx.Locale.TrN .CommitsCount "repo.n_commit_one" "repo.n_commit_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .CommitsCount) | TrustHTML)}}
 			</a>
 			<a class="item muted {{if .PageIsBranches}}active{{end}}" href="{{.RepoLink}}/branches">
-				{{svg "octicon-git-branch"}} {{ctx.Locale.TrN .BranchesCount "repo.n_branch_one" "repo.n_branch_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .BranchesCount) | SafeHTML)}}
+				{{svg "octicon-git-branch"}} {{ctx.Locale.TrN .BranchesCount "repo.n_branch_one" "repo.n_branch_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .BranchesCount) | TrustHTML)}}
 			</a>
 			{{if $.Permission.CanRead $.UnitTypeCode}}
 				<a class="item muted {{if .PageIsTagList}}active{{end}}" href="{{.RepoLink}}/tags">
-					{{svg "octicon-tag"}} {{ctx.Locale.TrN .NumTags "repo.n_tag_one" "repo.n_tag_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .NumTags) | SafeHTML)}}
+					{{svg "octicon-tag"}} {{ctx.Locale.TrN .NumTags "repo.n_tag_one" "repo.n_tag_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .NumTags) | TrustHTML)}}
 				</a>
 			{{end}}
 			<span class="item" {{if not (eq .Repository.Size 0)}}data-tooltip-content="{{.Repository.SizeDetailsString ctx.Locale}}"{{end}}>
diff --git a/templates/repo/wiki/view.tmpl b/templates/repo/wiki/view.tmpl
index 1a0da970a1..7d41452b05 100644
--- a/templates/repo/wiki/view.tmpl
+++ b/templates/repo/wiki/view.tmpl
@@ -76,13 +76,13 @@
 		<div class="wiki-content-parts">
 			{{if .sidebarTocContent}}
 			<div class="markup wiki-content-sidebar wiki-content-toc">
-				{{.sidebarTocContent | SafeHTML}}
+				{{.sidebarTocContent | TrustHTML}}
 			</div>
 			{{end}}
 
 			<div class="file-view markup wiki-content-main {{if or .sidebarTocContent .sidebarPresent}}with-sidebar{{end}}">
 				{{template "repo/unicode_escape_prompt" dict "EscapeStatus" .EscapeStatus "root" $}}
-				{{.content | SafeHTML}}
+				{{.content | TrustHTML}}
 			</div>
 
 			{{if .sidebarPresent}}
@@ -91,7 +91,7 @@
 				{{if and .CanWriteWiki (not .Repository.IsMirror)}}
 					<a class="tw-float-right muted" href="{{.RepoLink}}/wiki/_Sidebar?action=_edit" aria-label="{{ctx.Locale.Tr "repo.wiki.edit_page_button"}}">{{svg "octicon-pencil"}}</a>
 				{{end}}
-				{{.sidebarContent | SafeHTML}}
+				{{.sidebarContent | TrustHTML}}
 			</div>
 			{{end}}
 
@@ -103,7 +103,7 @@
 				{{if and .CanWriteWiki (not .Repository.IsMirror)}}
 					<a class="tw-float-right muted" href="{{.RepoLink}}/wiki/_Footer?action=_edit" aria-label="{{ctx.Locale.Tr "repo.wiki.edit_page_button"}}">{{svg "octicon-pencil"}}</a>
 				{{end}}
-				{{.footerContent | SafeHTML}}
+				{{.footerContent | TrustHTML}}
 			</div>
 			{{end}}
 		</div>
diff --git a/templates/user/settings/organization.tmpl b/templates/user/settings/organization.tmpl
index e3a8ec1471..13749806c6 100644
--- a/templates/user/settings/organization.tmpl
+++ b/templates/user/settings/organization.tmpl
@@ -46,7 +46,7 @@
 		{{ctx.Locale.Tr "org.members.leave"}}
 	</div>
 	<div class="content">
-		<p>{{ctx.Locale.Tr "org.members.leave.detail" (`<span class="dataOrganizationName"></span>`|SafeHTML)}}</p>
+		<p>{{ctx.Locale.Tr "org.members.leave.detail" (`<span class="dataOrganizationName"></span>`|TrustHTML)}}</p>
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
diff --git a/templates/webhook/new/matrix.tmpl b/templates/webhook/new/matrix.tmpl
index e8ba210187..b8d00633ee 100644
--- a/templates/webhook/new/matrix.tmpl
+++ b/templates/webhook/new/matrix.tmpl
@@ -13,7 +13,7 @@
 	<div class="required field {{if .Err_Room}}error{{end}}">
 		<label for="room_id">{{ctx.Locale.Tr "repo.settings.matrix.room_id"}}</label>
 		<input id="room_id" name="room_id" type="text" value="{{.HookMetadata.Room}}" placeholder="!opaque_id" pattern="!.+" maxlength="255" required>
-		<span class="help">{{ctx.Locale.Tr "repo.settings.matrix.room_id_helper" ("<code>!opaque_id:example.org</code>"|SafeHTML)}}</span>
+		<span class="help">{{ctx.Locale.Tr "repo.settings.matrix.room_id_helper" ("<code>!opaque_id:example.org</code>"|TrustHTML)}}</span>
 	</div>
 	<div class="field">
 		<label>{{ctx.Locale.Tr "repo.settings.matrix.message_type"}}</label>
diff --git a/templates/webhook/shared-settings.tmpl b/templates/webhook/shared-settings.tmpl
index 47bce87e9e..95d91f5c30 100644
--- a/templates/webhook/shared-settings.tmpl
+++ b/templates/webhook/shared-settings.tmpl
@@ -192,7 +192,7 @@
 	<div class="field {{if .Err_AuthorizationHeader}}error{{end}}">
 		<label for="authorization_header">{{ctx.Locale.Tr "repo.settings.authorization_header"}}</label>
 		<input id="authorization_header" name="authorization_header" type="text" value="{{.Webhook.HeaderAuthorization}}">
-		<span class="help">{{ctx.Locale.Tr "repo.settings.authorization_header_desc" ("<code>Bearer token123456</code>, <code>Basic YWxhZGRpbjpvcGVuc2VzYW1l</code>" | SafeHTML)}}</span>
+		<span class="help">{{ctx.Locale.Tr "repo.settings.authorization_header_desc" ("<code>Bearer token123456</code>, <code>Basic YWxhZGRpbjpvcGVuc2VzYW1l</code>" | TrustHTML)}}</span>
 	</div>
 {{end}}
 

From 34ae2899ad1330b58d5bc699204b5fb5b16258d1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 8 Mar 2026 02:47:21 +0100
Subject: [PATCH 457/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.7.1 (forgejo) (#11562)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.7.0` -> `v12.7.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.7.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.7.0/v12.7.1?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.7.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.7.1)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.7.0...v12.7.1)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1402): <!--number 1402 --><!--line 0 --><!--description Zml4OiBjb3JyZWN0IGV4YW1wbGVzL2RvY2tlci1jb21wb3NlIGZvciBgY3JlYXRlLXJ1bm5lci1maWxlYCBiZWhhdmlvdXIgY2hhbmdl-->fix: correct examples/docker-compose for `create-runner-file` behaviour change<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1393): <!--number 1393 --><!--line 0 --><!--description Zml4OiBpbXBsZW1lbnQgaWRlbXBvdGVudCBGZXRjaFRhc2sgQVBJIGNhbGxzIHRvIHJlZHVjZSByaXNrIG9mIGxvc3QgdGFza3M=-->fix: implement idempotent FetchTask API calls to reduce risk of lost tasks<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1388): <!--number 1388 --><!--line 0 --><!--description Zml4OiBhY2NlcHQgYm9vbGVhbiB3b3JrZmxvd19jYWxsIGlucHV0cyB0aGF0IGFyZSBib29sZWFucw==-->fix: accept boolean workflow\_call inputs that are booleans<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1410): <!--number 1410 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTcuMA==-->Update module github.com/go-git/go-git/v5 to v5.17.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1409): <!--number 1409 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1iaWxseS92NSB0byB2NS44LjA=-->Update module github.com/go-git/go-billy/v5 to v5.8.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1406): <!--number 1406 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3Zla3RyYS9tb2NrZXJ5L3YyIHRvIHYyLjUzLjY=-->Update module github.com/vektra/mockery/v2 to v2.53.6<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1400): <!--number 1400 --><!--line 0 --><!--description cmVmYWN0b3I6IGNsZWFuLXVwIGVycm9yIGhhbmRsaW5nIG9uIHRhc2sgZXhlY3V0aW9u-->refactor: clean-up error handling on task execution<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1394): <!--number 1394 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMi43LjA=-->Update forgejo-runner to v12.7.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1397): <!--number 1397 --><!--line 0 --><!--description UmV2ZXJ0ICJSZXBsYWNlIE5vZGUuanMgd2l0aCBkYXRhLmZvcmdlam8ub3JnL29jaS9ub2RlIDI0LXRyaXhpZSAoIzEzOTUpIg==-->Revert "Replace Node.js with data.forgejo.org/oci/node 24-trixie ([#&#8203;1395](https://github.com/forgejo/runner/issues/1395))"<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1395): <!--number 1395 --><!--line 0 --><!--description UmVwbGFjZSBOb2RlLmpzIHdpdGggZGF0YS5mb3JnZWpvLm9yZy9vY2kvbm9kZSAyNC10cml4aWU=-->Replace Node.js with data.forgejo.org/oci/node 24-trixie<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1396): <!--number 1396 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMTAuMQ==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.10.1<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1386): <!--number 1386 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby1ydW5uZXItc2VydmljZS15cSB0byB2NC41Mi40-->Update dependency forgejo-runner-service-yq to v4.52.4<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1392): <!--number 1392 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS42LjA=-->Update dependency forgejo/release-notes-assistant to v1.6.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1389): <!--number 1389 --><!--line 0 --><!--description dGVzdDogZW5hYmxlIGRpc2FibGVkIHRlc3Rz-->test: enable disabled tests<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1387): <!--number 1387 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuNg==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.1.6<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41Mi4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTIuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11562
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 6ac6cd5e3e..2da42560f6 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.7.0
+	code.forgejo.org/forgejo/runner/v12 v12.7.1
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
@@ -174,8 +174,8 @@ require (
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-fed/httpsig v1.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.6.2 // indirect
-	github.com/go-git/go-git/v5 v5.16.5 // indirect
+	github.com/go-git/go-billy/v5 v5.8.0 // indirect
+	github.com/go-git/go-git/v5 v5.17.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-openapi/jsonpointer v0.22.4 // indirect
 	github.com/go-openapi/jsonreference v0.21.4 // indirect
diff --git a/go.sum b/go.sum
index 709591fb08..f17e047e9a 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.7.0 h1:yQWcSe6LQsb0a1iYAoxTXuquGW4cQNehy7870/fEmO0=
-code.forgejo.org/forgejo/runner/v12 v12.7.0/go.mod h1:es/tNTXl1C2tUYyoIwpe7tUL+5NUH58fSfGxUZ0Zloo=
+code.forgejo.org/forgejo/runner/v12 v12.7.1 h1:32WCUDsO1eu4GNqFRgfz4ZYM70JHLoypTHAc60IbmyM=
+code.forgejo.org/forgejo/runner/v12 v12.7.1/go.mod h1:/6CLR0Q0jltFN18MuHLk0GBCVDLCAth3Sw+6sk53ej0=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=
@@ -282,10 +282,10 @@ github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI=
 github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.6.2 h1:6Q86EsPXMa7c3YZ3aLAQsMA0VlWmy43r6FHqa/UNbRM=
-github.com/go-git/go-billy/v5 v5.6.2/go.mod h1:rcFC2rAsp/erv7CMz9GczHcuD0D32fWzH+MJAU+jaUU=
-github.com/go-git/go-git/v5 v5.16.5 h1:mdkuqblwr57kVfXri5TTH+nMFLNUxIj9Z7F5ykFbw5s=
-github.com/go-git/go-git/v5 v5.16.5/go.mod h1:QOMLpNf1qxuSY4StA/ArOdfFR2TrKEjJiye2kel2m+M=
+github.com/go-git/go-billy/v5 v5.8.0 h1:I8hjc3LbBlXTtVuFNJuwYuMiHvQJDq1AT6u4DwDzZG0=
+github.com/go-git/go-billy/v5 v5.8.0/go.mod h1:RpvI/rw4Vr5QA+Z60c6d6LXH0rYJo0uD5SqfmrrheCY=
+github.com/go-git/go-git/v5 v5.17.0 h1:AbyI4xf+7DsjINHMu35quAh4wJygKBKBuXVjV/pxesM=
+github.com/go-git/go-git/v5 v5.17.0/go.mod h1:f82C4YiLx+Lhi8eHxltLeGC5uBTXSFa6PC5WW9o4SjI=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=

From d01fd19c5869e14bbe33098d5d07f9b49f5cccaa Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 8 Mar 2026 02:52:17 +0100
Subject: [PATCH 458/854] Update https://data.forgejo.org/actions/setup-forgejo
 action to v3.1.7 (forgejo) (#11559)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/setup-forgejo](https://code.forgejo.org/actions/setup-forgejo) | action | patch | `v3.1.6` → `v3.1.7` |

---

### Release Notes

<details>
<summary>actions/setup-forgejo (https://data.forgejo.org/actions/setup-forgejo)</summary>

### [`v3.1.7`](https://code.forgejo.org/actions/setup-forgejo/releases/tag/v3.1.7)

[Compare Source](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.6...v3.1.7)

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/actions/setup-forgejo-->

- other
  - [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/908): <!--number 908 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjcuMQ==-->Update dependency forgejo/runner to v12.7.1<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41Mi4wIiwidXBkYXRlZEluVmVyIjoiNDMuNTIuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11559
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index a173a4f172..70ea94b605 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -32,7 +32,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.6
+        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.7
         with:
           user: root
           password: admin1234

From 37701491589778c05cbaf89aa15a879d464f107a Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 8 Mar 2026 03:06:52 +0100
Subject: [PATCH 459/854] Update module github.com/go-enry/go-enry/v2 to v2.9.5
 (forgejo) (#11564)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11564
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 2da42560f6..0a0241f77c 100644
--- a/go.mod
+++ b/go.mod
@@ -48,7 +48,7 @@ require (
 	github.com/go-chi/chi/v5 v5.2.5
 	github.com/go-chi/cors v1.2.2
 	github.com/go-co-op/gocron v1.37.0
-	github.com/go-enry/go-enry/v2 v2.9.4
+	github.com/go-enry/go-enry/v2 v2.9.5
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-openapi/spec v0.22.3
 	github.com/go-sql-driver/mysql v1.9.3
diff --git a/go.sum b/go.sum
index f17e047e9a..53384f1921 100644
--- a/go.sum
+++ b/go.sum
@@ -269,8 +269,8 @@ github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE=
 github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=
 github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY=
-github.com/go-enry/go-enry/v2 v2.9.4 h1:DS4l06/NgMzYjsJ2J52wORo6UsfFDjDCwfAn7w3gG44=
-github.com/go-enry/go-enry/v2 v2.9.4/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
+github.com/go-enry/go-enry/v2 v2.9.5 h1:HPhAQQHYwJgihL2PxBZiUMFWiROsGwOBdB6/D8zCUhY=
+github.com/go-enry/go-enry/v2 v2.9.5/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
 github.com/go-enry/go-oniguruma v1.2.1 h1:k8aAMuJfMrqm/56SG2lV9Cfti6tC4x8673aHCcBk+eo=
 github.com/go-enry/go-oniguruma v1.2.1/go.mod h1:bWDhYP+S6xZQgiRL7wlTScFYBe023B6ilRZbCAD5Hf4=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=

From d442f83a09a5ff5350672feaec0e1c55507c79f8 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 8 Mar 2026 03:36:32 +0100
Subject: [PATCH 460/854] chore: support `Option[T]` as a type on database
 schema structs (#11553)

Adds support for `optional.Option[T]` to be used on an xorm schema struct to represent nullable fields.  The `optional.None[T]()` value will be stored in the database as `NULL`.

```go
type OptionString struct {
	ID     int64 `xorm:"pk autoincr"`
	StringField optional.Option[string]
}
```

Before this change, it is possible to represent a nullable field in two reasonable ways: , or as a `sql.Null[T]` (eg. `StringField sql.Null[string]`).  The problems with these are:
- as a pointer (eg. `StringField *string`) -- but this introduces the risk of panics when `nil` values are dereferenced, and makes it difficult to use literals in structure creation (although `new()` in Go 1.26 would reduce this issue when Forgejo is upgraded to it)
- as a `sql.Null[T]` -- but this "leaks" references to the `database/sql` package for anything that interacts with Forgejo models, and it's API is awkward as nothing gates you into checking the `Valid` field before you access and use the `V` field

`optional.Option[T]` addresses these points and provides a single way to use an optional primitive type, with a safe check-before-access interface, which can be used consistently throughout model code and other application code.  Figuring out the best way to handle this became a blocker to me for [adding foreign keys to nullable fields](https://codeberg.org/forgejo/discussions/issues/385#issuecomment-10218316) in database models, which is what drove me to implement this solution.

## Notes: Filtering on `Option[T]` Fields

It is supported and functional to perform queries with xorm beans with non-None `Option` values.  For example:
```go
cond := &OptionString{
	StringField: optional.Some("hello"),
}
err := db.GetEngine(t.Context()).Find(&arr, cond)
```
will generate a database query `WHERE string_field = 'hello'`, and correctly filter the records.

It is **not** supported to perform queries with `None` values, for two reasons:
- xorm cannot distinguish between an explicit `&OptionString{ StringField: optional.None[string]() }`, and `&OptionString{}`.  Both of them have the `StringField` field set to the zero-value of `Option[String]`.
- For this SQL query to be formatted correctly, it would require `WHERE string_field IS NOT NULL`, not `WHERE string_field = NULL`.  This is not how xorm generated bean-based queries.

This is similar to the risk that exists with any other field querying on its zero-value with xorm.  It's an unfortunate structural limitation of xorm, and can lead to developers believing database queries are performing filtering that they are not.

(perhaps we can mitigate this risk with semgrep or other automated tooling in the future)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11553
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/db/optional_test.go      | 202 ++++++++++++++++++++++++++++++++
 modules/optional/option.go      |  51 +++++++-
 modules/optional/option_test.go |  50 ++++++++
 3 files changed, 302 insertions(+), 1 deletion(-)
 create mode 100644 models/db/optional_test.go

diff --git a/models/db/optional_test.go b/models/db/optional_test.go
new file mode 100644
index 0000000000..fedf20161f
--- /dev/null
+++ b/models/db/optional_test.go
@@ -0,0 +1,202 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package db_test
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/optional"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"xorm.io/xorm/schemas"
+)
+
+func TestOptionFieldInt(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	type OptionInt struct {
+		ID     int64 `xorm:"pk autoincr"`
+		Number optional.Option[int64]
+	}
+	db.GetEngine(t.Context()).Sync(&OptionInt{})
+
+	t.Run("insert null, read back", func(t *testing.T) {
+		null := OptionInt{
+			Number: optional.None[int64](),
+		}
+		cnt, err := db.GetEngine(t.Context()).Insert(&null)
+		require.NoError(t, err)
+		assert.EqualValues(t, 1, cnt)
+
+		{
+			var read OptionInt
+			has, err := db.GetEngine(t.Context()).ID(null.ID).Get(&read)
+			require.NoError(t, err)
+			require.True(t, has)
+			hasNumber, _ := read.Number.Get()
+			assert.False(t, hasNumber)
+		}
+	})
+
+	t.Run("insert not null, read back", func(t *testing.T) {
+		notNull := OptionInt{
+			Number: optional.Some[int64](123),
+		}
+
+		cnt, err := db.GetEngine(t.Context()).Insert(&notNull)
+		require.NoError(t, err)
+		assert.EqualValues(t, 1, cnt)
+		{
+			var read OptionInt
+			has, err := db.GetEngine(t.Context()).ID(notNull.ID).Get(&read)
+			require.NoError(t, err)
+			require.True(t, has)
+			hasNumber, number := read.Number.Get()
+			assert.True(t, hasNumber)
+			assert.EqualValues(t, 123, number)
+		}
+	})
+
+	t.Run("read multiple records without filters", func(t *testing.T) {
+		var arr []OptionInt
+		err := db.GetEngine(t.Context()).Find(&arr)
+		require.NoError(t, err)
+		assert.Len(t, arr, 2)
+	})
+
+	t.Run("read multiple records with bean filters", func(t *testing.T) {
+		var arr []OptionInt
+		cond := &OptionInt{
+			Number: optional.Some[int64](123),
+		}
+		err := db.GetEngine(t.Context()).Find(&arr, cond)
+		require.NoError(t, err)
+		require.Len(t, arr, 1)
+		v := arr[0]
+		has, value := v.Number.Get()
+		assert.True(t, has)
+		assert.EqualValues(t, 123, value)
+	})
+}
+
+func TestOptionFieldString(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	type OptionString struct {
+		ID     int64 `xorm:"pk autoincr"`
+		String optional.Option[string]
+	}
+	assert.NoError(t, db.GetEngine(t.Context()).Sync(new(OptionString)))
+
+	t.Run("insert null, read back", func(t *testing.T) {
+		null := OptionString{
+			String: optional.None[string](),
+		}
+		cnt, err := db.GetEngine(t.Context()).Insert(&null)
+		require.NoError(t, err)
+		assert.EqualValues(t, 1, cnt)
+
+		{
+			var read OptionString
+			has, err := db.GetEngine(t.Context()).ID(null.ID).Get(&read)
+			require.NoError(t, err)
+			require.True(t, has)
+			hasString, _ := read.String.Get()
+			assert.False(t, hasString)
+		}
+	})
+
+	t.Run("insert not null, read back", func(t *testing.T) {
+		notNull := OptionString{
+			String: optional.Some("hello"),
+		}
+
+		cnt, err := db.GetEngine(t.Context()).Insert(&notNull)
+		require.NoError(t, err)
+		assert.EqualValues(t, 1, cnt)
+		{
+			var read OptionString
+			has, err := db.GetEngine(t.Context()).ID(notNull.ID).Get(&read)
+			require.NoError(t, err)
+			require.True(t, has)
+			hasString, str := read.String.Get()
+			assert.True(t, hasString)
+			assert.Equal(t, "hello", str)
+		}
+	})
+
+	t.Run("read multiple records without filters", func(t *testing.T) {
+		var arr []OptionString
+		err := db.GetEngine(t.Context()).Find(&arr)
+		require.NoError(t, err)
+		assert.Len(t, arr, 2)
+	})
+
+	t.Run("read multiple records with bean filters", func(t *testing.T) {
+		var arr []OptionString
+		cond := &OptionString{
+			String: optional.Some("hello"),
+		}
+		err := db.GetEngine(t.Context()).Find(&arr, cond)
+		require.NoError(t, err)
+		require.Len(t, arr, 1)
+		v := arr[0]
+		has, value := v.String.Get()
+		assert.True(t, has)
+		assert.Equal(t, "hello", value)
+	})
+}
+
+func TestOptionFieldIntrospection(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	type OptionIntrospectInt struct {
+		ID           int64 `xorm:"pk autoincr"`
+		OptionNumber optional.Option[int64]
+		NormalNumber int64
+	}
+	assert.NoError(t, db.GetEngine(t.Context()).Sync(new(OptionIntrospectInt)))
+
+	schema, err := db.GetEngine(t.Context()).NoAutoTime().Engine().TableInfo(&OptionIntrospectInt{})
+	require.NoError(t, err)
+
+	var optionColumn, normalColumn *schemas.Column
+	for _, c := range schema.Columns() {
+		switch c.Name {
+		case "option_number":
+			optionColumn = c
+		case "normal_number":
+			normalColumn = c
+		}
+	}
+	require.NotNil(t, optionColumn)
+	require.NotNil(t, normalColumn)
+
+	assert.Equal(t, normalColumn.TableName, optionColumn.TableName, "field TableName")
+	assert.Equal(t, normalColumn.SQLType, optionColumn.SQLType, "field SQLType")
+	assert.Equal(t, normalColumn.IsJSON, optionColumn.IsJSON, "field IsJSON")
+	assert.Equal(t, normalColumn.Length, optionColumn.Length, "field Length")
+	assert.Equal(t, normalColumn.Length2, optionColumn.Length2, "field Length2")
+	assert.Equal(t, normalColumn.Nullable, optionColumn.Nullable, "field Nullable")
+	assert.Equal(t, normalColumn.Default, optionColumn.Default, "field Default")
+	assert.Equal(t, normalColumn.Indexes, optionColumn.Indexes, "field Indexes")
+	assert.Equal(t, normalColumn.IsPrimaryKey, optionColumn.IsPrimaryKey, "field IsPrimaryKey")
+	assert.Equal(t, normalColumn.IsAutoIncrement, optionColumn.IsAutoIncrement, "field IsAutoIncrement")
+	assert.Equal(t, normalColumn.MapType, optionColumn.MapType, "field MapType")
+	assert.Equal(t, normalColumn.IsCreated, optionColumn.IsCreated, "field IsCreated")
+	assert.Equal(t, normalColumn.IsUpdated, optionColumn.IsUpdated, "field IsUpdated")
+	assert.Equal(t, normalColumn.IsDeleted, optionColumn.IsDeleted, "field IsDeleted")
+	assert.Equal(t, normalColumn.IsCascade, optionColumn.IsCascade, "field IsCascade")
+	assert.Equal(t, normalColumn.IsVersion, optionColumn.IsVersion, "field IsVersion")
+	assert.Equal(t, normalColumn.DefaultIsEmpty, optionColumn.DefaultIsEmpty, "field DefaultIsEmpty")
+	assert.Equal(t, normalColumn.EnumOptions, optionColumn.EnumOptions, "field EnumOptions")
+	assert.Equal(t, normalColumn.SetOptions, optionColumn.SetOptions, "field SetOptions")
+	assert.Equal(t, normalColumn.DisableTimeZone, optionColumn.DisableTimeZone, "field DisableTimeZone")
+	assert.Equal(t, normalColumn.TimeZone, optionColumn.TimeZone, "field TimeZone")
+	assert.Equal(t, normalColumn.Comment, optionColumn.Comment, "field Comment")
+	assert.Equal(t, normalColumn.Collation, optionColumn.Collation, "field Collation")
+}
diff --git a/modules/optional/option.go b/modules/optional/option.go
index dee5126ba2..2793f985e8 100644
--- a/modules/optional/option.go
+++ b/modules/optional/option.go
@@ -3,7 +3,14 @@
 
 package optional
 
-import "strconv"
+import (
+	"database/sql"
+	"database/sql/driver"
+	"reflect"
+	"strconv"
+
+	"xorm.io/xorm/schemas"
+)
 
 type Option[T any] []T
 
@@ -62,3 +69,45 @@ func ParseBool(s string) Option[bool] {
 	}
 	return Some(v)
 }
+
+// Option[T] can be used in an xorm bean as a field type for a nullable column. Multiple interfaces must be implemented
+// for this to work correctly and won't be checked at compile-time of the bean struct, so they're asserted here in case
+// the interface definitions change:
+var (
+	_ sql.Scanner              = (*Option[bool])(nil) // read data from DB
+	_ driver.Valuer            = None[bool]()         // write data to DB
+	_ schemas.SQLTypeDelegator = None[bool]()         // represent column field type correctly
+)
+
+// Convert database data into an Option[T]. sql.Null[T] has all the necessary logic to perform Value(), so it is used as
+// an implementation.
+func (o *Option[T]) Scan(value any) error {
+	var n sql.Null[T]
+	if err := n.Scan(value); err != nil {
+		return err
+	}
+	if n.Valid {
+		*o = Some(n.V)
+	} else {
+		*o = None[T]()
+	}
+	return nil
+}
+
+// Convert Option[T] into the necessary database data to represent it. sql.Null[T] has all the necessary logic to
+// perform Value(), so it is used as an implementation.
+func (o Option[T]) Value() (driver.Value, error) {
+	var n sql.Null[T]
+	if o.Has() {
+		n.V = o[0]
+		n.Valid = true
+	} else {
+		n.Valid = false
+	}
+	return n.Value()
+}
+
+// Make xorm use whatever SQLType is appropriate for T to represent Option[T] in the database table
+func (o Option[T]) DelegateSQLType() reflect.Type {
+	return reflect.TypeFor[T]()
+}
diff --git a/modules/optional/option_test.go b/modules/optional/option_test.go
index 391d913aaa..9d9d839746 100644
--- a/modules/optional/option_test.go
+++ b/modules/optional/option_test.go
@@ -9,6 +9,7 @@ import (
 	"forgejo.org/modules/optional"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestOption(t *testing.T) {
@@ -73,3 +74,52 @@ func Test_ParseBool(t *testing.T) {
 	assert.Equal(t, optional.Some(true), optional.ParseBool("t"))
 	assert.Equal(t, optional.Some(true), optional.ParseBool("True"))
 }
+
+func roundtrip[T any](t *testing.T, orig optional.Option[T]) {
+	// invoke (driver.Valuer).Value to get a DB value
+	dbValue, err := orig.Value()
+	require.NoError(t, err)
+
+	// invoke (sql.Scanner).Scan to read the DB value
+	var scanned optional.Option[T]
+	err = scanned.Scan(dbValue)
+	require.NoError(t, err)
+
+	hasOrig, origValue := orig.Get()
+	hasScanned, scannedValue := scanned.Get()
+
+	if hasOrig {
+		require.True(t, hasScanned, "must hasScanned")
+		assert.Equal(t, origValue, scannedValue)
+	} else {
+		assert.False(t, hasScanned, "must not hasScanned")
+	}
+}
+
+func TestOptionValueScan(t *testing.T) {
+	t.Run("string roundtrip", func(t *testing.T) {
+		roundtrip(t, optional.Some("hello world"))
+	})
+	t.Run("string null", func(t *testing.T) {
+		roundtrip(t, optional.None[string]())
+	})
+	t.Run("int64 roundtrip", func(t *testing.T) {
+		roundtrip(t, optional.Some(int64(1234)))
+	})
+	t.Run("int64 null", func(t *testing.T) {
+		roundtrip(t, optional.None[int64]())
+	})
+	t.Run("bool roundtrip", func(t *testing.T) {
+		roundtrip(t, optional.Some(false))
+	})
+	t.Run("bool null", func(t *testing.T) {
+		roundtrip(t, optional.None[bool]())
+	})
+}
+
+func TestDelegateSQLType(t *testing.T) {
+	assert.Equal(t, "string", optional.Some("hello world").DelegateSQLType().Name())
+	assert.Equal(t, "string", optional.None[string]().DelegateSQLType().Name())
+	assert.Equal(t, "int64", optional.Some(int64(123)).DelegateSQLType().Name())
+	assert.Equal(t, "int64", optional.None[int64]().DelegateSQLType().Name())
+}

From d665904a22abe8d140a98073ef97a02712322959 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Sun, 8 Mar 2026 18:09:13 +0100
Subject: [PATCH 461/854] feat(ui): improve visibility of counters inside of
 switch items (#11472)

Apply the feature from https://codeberg.org/forgejo/forgejo/pulls/2935 on element from https://codeberg.org/forgejo/forgejo/pulls/6459 (which was applied to notifications page in https://codeberg.org/forgejo/forgejo/pulls/6542).

A few small semi-related refactors. One of them (nested CSS commit) actually revealed a hole in testing: there are no test cases for hover in `evaluateSwitchItem`. I would like to address this but this PR already conflicts with https://codeberg.org/forgejo/forgejo/pulls/11341, so I won't do that until either is merged to save on rebase work.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11472
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 .../user/notification/notification_div.tmpl   |   2 +-
 tests/e2e/switch.test.e2e.ts                  | 124 +++++++++++++-----
 web_src/css/modules/switch.css                |  36 ++---
 3 files changed, 111 insertions(+), 51 deletions(-)

diff --git a/templates/user/notification/notification_div.tmpl b/templates/user/notification/notification_div.tmpl
index 61a8c7d799..9dacdf4b44 100644
--- a/templates/user/notification/notification_div.tmpl
+++ b/templates/user/notification/notification_div.tmpl
@@ -5,7 +5,7 @@
 			<div class="switch">
 				<a class="{{if eq .Status 1}}active {{end}}item" href="{{AppSubUrl}}/notifications?q=unread">
 					{{ctx.Locale.Tr "notification.unread"}}
-					<div class="notifications-unread-count ui label {{if not $notificationUnreadCount}}tw-hidden{{end}}">{{$notificationUnreadCount}}</div>
+					<div class="notifications-unread-count ui label{{if not $notificationUnreadCount}} tw-hidden{{end}}">{{$notificationUnreadCount}}</div>
 				</a>
 				<a class="{{if eq .Status 2}}active {{end}}item" href="{{AppSubUrl}}/notifications?q=read">
 					{{ctx.Locale.Tr "notification.read"}}
diff --git a/tests/e2e/switch.test.e2e.ts b/tests/e2e/switch.test.e2e.ts
index 8489ddb467..43635850f4 100644
--- a/tests/e2e/switch.test.e2e.ts
+++ b/tests/e2e/switch.test.e2e.ts
@@ -7,15 +7,25 @@
 // web_src/css/themes
 // @watch end
 
-import {expect} from '@playwright/test';
-import {test, login_user} from './utils_e2e.ts';
+import {expect, type Page} from '@playwright/test';
+import {test} from './utils_e2e.ts';
 
 test.describe('Switch CSS properties', () => {
   const noBg = 'rgba(0, 0, 0, 0)';
   const activeBg = 'rgb(226, 226, 229)';
+  const hoverBg = 'rgba(228, 228, 228, 0.667)';
 
-  async function evaluateSwitchItem(page, selector, isActive, marginLeft, marginRight, paddingLeft, paddingRight, itemHeight) {
+  const normalMargin = '0px';
+  const normalPadding = '15.75px';
+
+  const specialLeftMargin = '-4px';
+  const specialPadding = '19.75px';
+
+  async function evaluateSwitchItem(page: Page, selector: string, hover, isActive: boolean, marginLeft, marginRight, paddingLeft, paddingRight: string, itemHeight: number) {
     const item = page.locator(selector);
+
+    if (hover) await item.hover();
+
     const cs = await item.evaluate((el) => {
       // In Firefox getComputedStyle is undefined if returned from evaluate
       const s = getComputedStyle(el);
@@ -34,21 +44,29 @@ test.describe('Switch CSS properties', () => {
 
     if (isActive) {
       await expect(item).toHaveClass(/active/);
+
+      // Active item has active background color regardless of `hover`
       expect(cs.backgroundColor).toBe(activeBg);
     } else {
       await expect(item).not.toHaveClass(/active/);
-      expect(cs.backgroundColor).toBe(noBg);
+
+      // When hovering, `getComputedStyle` returns random `backgroundColor` values
+      // because of transition. `toHaveCSS` is reliable
+      if (hover) {
+        // Verify that inactive item changes it's background color on hover
+        await expect(item).toHaveCSS('background-color', hoverBg);
+      } else {
+        // Verify that inactive item doesn't have a background color
+        await expect(item).toHaveCSS('background-color', noBg);
+      }
     }
 
-    expect((await item.boundingBox()).height).toBeCloseTo(itemHeight);
+    expect((await item.boundingBox()).height).toBeCloseTo(itemHeight, 1);
+
+    // Reset hover
+    if (hover) await page.locator('#navbar-logo').hover();
   }
 
-  const normalMargin = '0px';
-  const normalPadding = '15.75px';
-
-  const specialLeftMargin = '-4px';
-  const specialPadding = '19.75px';
-
   // Subtest for areas that can be evaluated without JS
   test('No JS', async ({browser}) => {
     const context = await browser.newContext({javaScriptEnabled: false});
@@ -60,9 +78,9 @@ test.describe('Switch CSS properties', () => {
 
     await expect(async () => {
       await Promise.all([
-        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
-        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight),
-        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, false, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
       ]);
     }).toPass();
 
@@ -70,9 +88,9 @@ test.describe('Switch CSS properties', () => {
 
     await expect(async () => {
       await Promise.all([
-        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, normalMargin, specialLeftMargin, normalPadding, specialPadding, itemHeight),
-        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
-        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, false, normalMargin, specialLeftMargin, normalPadding, specialPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight),
       ]);
     }).toPass();
 
@@ -80,32 +98,68 @@ test.describe('Switch CSS properties', () => {
 
     await expect(async () => {
       await Promise.all([
-        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
-        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, normalMargin, specialLeftMargin, normalPadding, specialPadding, itemHeight),
-        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', false, false, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', false, false, normalMargin, specialLeftMargin, normalPadding, specialPadding, itemHeight),
+        evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', false, true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
       ]);
     }).toPass();
+
+    // Check colors on hover synchronously - can only hover one item at a time
+    await expect(async () => {
+      await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(1)', true, false, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight);
+      await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(2)', true, false, normalMargin, specialLeftMargin, normalPadding, specialPadding, itemHeight);
+      await evaluateSwitchItem(page, '#issue-filters .switch > .item:nth-child(3)', true, true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight);
+    }).toPass();
   });
 
   // Subtest for areas that can't be reached without JS
-  test('With JS', async ({browser}, workerInfo) => {
-    const context = await login_user(browser, workerInfo, 'user2');
-    const page = await context.newPage();
+  test.describe('With JS', () => {
+    test.use({user: 'user2'});
 
-    // Go to files tab of a reviewable pull request
-    await page.goto('/user2/repo1/pulls/5/files');
+    test('PR review box', async ({page}) => {
+      // Go to files tab of a reviewable pull request
+      await page.goto('/user2/repo1/pulls/5/files');
 
-    // Open review box
-    await page.locator('#review-box .js-btn-review').click();
+      // Open review box
+      await page.locator('#review-box .js-btn-review').click();
 
-    // Markdown editor has a special rule for a shorter switch
-    const itemHeight = 28;
+      // Markdown editor has a special rule for a shorter switch
+      const itemHeight = 28;
 
-    await expect(async () => {
-      await Promise.all([
-        evaluateSwitchItem(page, '.review-box-panel .switch > .item:nth-child(1)', true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
-        evaluateSwitchItem(page, '.review-box-panel .switch > .item:nth-child(2)', false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight),
-      ]);
-    }).toPass();
+      await expect(async () => {
+        await Promise.all([
+          evaluateSwitchItem(page, '.review-box-panel .switch > .item:nth-child(1)', false, true, normalMargin, normalMargin, normalPadding, normalPadding, itemHeight),
+          evaluateSwitchItem(page, '.review-box-panel .switch > .item:nth-child(2)', false, false, specialLeftMargin, normalMargin, specialPadding, normalPadding, itemHeight),
+        ]);
+      }).toPass();
+    });
+
+    test('Notifications page', async ({page}) => {
+      // Test counter contrast boost in active and :hover items
+      const labelBgNormal = 'rgba(202, 202, 202, 0.482)';
+      const labelBgContrast = 'rgb(202, 202, 202)';
+      const counter = page.locator('a.item[href="/notifications?q=unread"] > .ui.label');
+
+      // On Unread tab (item with counter is active)
+      await page.goto('/notifications?q=unread');
+
+      // * not hovering => boosted because .active
+      expect(await counter.evaluate((el) => getComputedStyle(el).backgroundColor)).toBe(labelBgContrast);
+
+      // * hoveing => boosted
+      await page.locator('a.item[href="/notifications?q=unread"]').hover();
+      expect(await counter.evaluate((el) => getComputedStyle(el).backgroundColor)).toBe(labelBgContrast);
+
+      // On Read tab (item with counter is inactive)
+      await page.goto('/notifications?q=read');
+
+      // * not hovering => normal
+      await page.locator('#navbar-logo').hover();
+      expect(await counter.evaluate((el) => getComputedStyle(el).backgroundColor)).toBe(labelBgNormal);
+
+      // * hoveing => boosted
+      await page.locator('a.item[href="/notifications?q=unread"]').hover();
+      expect(await counter.evaluate((el) => getComputedStyle(el).backgroundColor)).toBe(labelBgContrast);
+    });
   });
 });
diff --git a/web_src/css/modules/switch.css b/web_src/css/modules/switch.css
index e975c8991e..dee30f4ca3 100644
--- a/web_src/css/modules/switch.css
+++ b/web_src/css/modules/switch.css
@@ -34,14 +34,26 @@
   border-radius: var(--border-radius);
   text-wrap: nowrap;
   transition: background-color 0.1s ease;
+
+  &:hover {
+    background: var(--color-hover);
+  }
+
+  &.active {
+    z-index: 2;
+    padding-left: var(--switch-padding-inline);
+    background: var(--color-active);
+    outline: 1px solid var(--color-input-border);
+  }
+
+  /* Prevent default browser styling */
+  &button {
+    background: transparent;
+  }
 }
 
-.switch > .item:hover {
-  background: var(--color-hover);
-}
-
-/* Item that has to crawl under it's active neighbor, so when it is hovered,
-there are no ugly unpainted v/^ shapes between them */
+/* Corner rounding aid: item that has to crawl under it's active neighbor,
+so when it is hovered, there are no ugly unpainted v/^ shapes between them */
 .switch > .item:has(+ .active.item) { /* Active neighbor is next item */
   margin-right: calc(-1 * var(--border-radius));
   padding-right: calc(var(--switch-padding-inline) + var(--border-radius));
@@ -51,13 +63,7 @@ there are no ugly unpainted v/^ shapes between them */
   padding-left: calc(var(--switch-padding-inline) + var(--border-radius));
 }
 
-.switch > .active.item {
-  z-index: 2;
-  padding-left: var(--switch-padding-inline);
-  background: var(--color-active);
-  outline: 1px solid var(--color-input-border);
-}
-
-.switch > button.item {
-  background: transparent;
+/* Make counters embedded into items more visible on brighter backgrounds */
+.switch > .item:is(.active, :hover) > .ui.label {
+  background: var(--color-label-bg-alt, var(--color-label-bg));
 }

From c69ba8b1c1102fe1c6ff9af141be166f8b1a8ae5 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 6 Mar 2026 13:01:43 -0700
Subject: [PATCH 462/854] chore: release notes from #11514 & #11515 backports

---
 release-notes/11514.md | 7 +++++++
 release-notes/11515.md | 7 +++++++
 2 files changed, 14 insertions(+)
 create mode 100644 release-notes/11514.md
 create mode 100644 release-notes/11515.md

diff --git a/release-notes/11514.md b/release-notes/11514.md
new file mode 100644
index 0000000000..078e479e6a
--- /dev/null
+++ b/release-notes/11514.md
@@ -0,0 +1,7 @@
+- fix: PKCE challenges to Forgejo's OAuth identity provider were not validated when using the `S256` algorithm
+- fix: Forgejo supports using an OAuth Bearer token with HTTP basic authentication, rather than Bearer token authentication, but did not properly apply the limited scopes of the OAuth grant
+- fix: missing permission checks in attachment-related web endpoints allowed modifying attachments that a user did not own
+- fix: email notifications for new releases could be sent to users that no longer access to the repository, or to inactive users
+- fix: missing permission checks in user/org-owned projects would allow modifications of the open/closed state to be made to projects via insecure direct object references
+- fix: missing permission checks in a web endpoint allowed cancellation of the automerge of a PR
+- fix: prevent additional path-traversals in post-login redirect parameters that allowed for arbitrary redirects
diff --git a/release-notes/11515.md b/release-notes/11515.md
new file mode 100644
index 0000000000..078e479e6a
--- /dev/null
+++ b/release-notes/11515.md
@@ -0,0 +1,7 @@
+- fix: PKCE challenges to Forgejo's OAuth identity provider were not validated when using the `S256` algorithm
+- fix: Forgejo supports using an OAuth Bearer token with HTTP basic authentication, rather than Bearer token authentication, but did not properly apply the limited scopes of the OAuth grant
+- fix: missing permission checks in attachment-related web endpoints allowed modifying attachments that a user did not own
+- fix: email notifications for new releases could be sent to users that no longer access to the repository, or to inactive users
+- fix: missing permission checks in user/org-owned projects would allow modifications of the open/closed state to be made to projects via insecure direct object references
+- fix: missing permission checks in a web endpoint allowed cancellation of the automerge of a PR
+- fix: prevent additional path-traversals in post-login redirect parameters that allowed for arbitrary redirects

From 192052e3e4f4860711130e6602cb6c459fb8d410 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Mon, 9 Mar 2026 06:58:38 +0100
Subject: [PATCH 463/854] chore(release-notes): Forgejo v11.0.11 [skip ci]
 (#11582)

https://codeberg.org/forgejo/forgejo/milestone/47802
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11582
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/11.0.11.md | 32 ++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 release-notes-published/11.0.11.md

diff --git a/release-notes-published/11.0.11.md b/release-notes-published/11.0.11.md
new file mode 100644
index 0000000000..afa89172ba
--- /dev/null
+++ b/release-notes-published/11.0.11.md
@@ -0,0 +1,32 @@
+
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11515): <!--number 11515 --><!--line 0 --><!--description LSBmaXg6IFBLQ0UgY2hhbGxlbmdlcyB0byBGb3JnZWpvJ3MgT0F1dGggaWRlbnRpdHkgcHJvdmlkZXIgd2VyZSBub3QgdmFsaWRhdGVkIHdoZW4gdXNpbmcgdGhlIGBTMjU2YCBhbGdvcml0aG0=-->fix: PKCE challenges to Forgejo's OAuth identity provider were not validated when using the `S256` algorithm<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11515): <!--number 11515 --><!--line 1 --><!--description LSBmaXg6IEZvcmdlam8gc3VwcG9ydHMgdXNpbmcgYW4gT0F1dGggQmVhcmVyIHRva2VuIHdpdGggSFRUUCBiYXNpYyBhdXRoZW50aWNhdGlvbiwgcmF0aGVyIHRoYW4gQmVhcmVyIHRva2VuIGF1dGhlbnRpY2F0aW9uLCBidXQgZGlkIG5vdCBwcm9wZXJseSBhcHBseSB0aGUgbGltaXRlZCBzY29wZXMgb2YgdGhlIE9BdXRoIGdyYW50-->fix: Forgejo supports using an OAuth Bearer token with HTTP basic authentication, rather than Bearer token authentication, but did not properly apply the limited scopes of the OAuth grant<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11515): <!--number 11515 --><!--line 2 --><!--description LSBmaXg6IG1pc3NpbmcgcGVybWlzc2lvbiBjaGVja3MgaW4gYXR0YWNobWVudC1yZWxhdGVkIHdlYiBlbmRwb2ludHMgYWxsb3dlZCBtb2RpZnlpbmcgYXR0YWNobWVudHMgdGhhdCBhIHVzZXIgZGlkIG5vdCBvd24=-->fix: missing permission checks in attachment-related web endpoints allowed modifying attachments that a user did not own<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11515): <!--number 11515 --><!--line 3 --><!--description LSBmaXg6IGVtYWlsIG5vdGlmaWNhdGlvbnMgZm9yIG5ldyByZWxlYXNlcyBjb3VsZCBiZSBzZW50IHRvIHVzZXJzIHRoYXQgbm8gbG9uZ2VyIGFjY2VzcyB0byB0aGUgcmVwb3NpdG9yeSwgb3IgdG8gaW5hY3RpdmUgdXNlcnM=-->fix: email notifications for new releases could be sent to users that no longer access to the repository, or to inactive users<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11515): <!--number 11515 --><!--line 4 --><!--description LSBmaXg6IG1pc3NpbmcgcGVybWlzc2lvbiBjaGVja3MgaW4gdXNlci9vcmctb3duZWQgcHJvamVjdHMgd291bGQgYWxsb3cgbW9kaWZpY2F0aW9ucyBvZiB0aGUgb3Blbi9jbG9zZWQgc3RhdGUgdG8gYmUgbWFkZSB0byBwcm9qZWN0cyB2aWEgaW5zZWN1cmUgZGlyZWN0IG9iamVjdCByZWZlcmVuY2Vz-->fix: missing permission checks in user/org-owned projects would allow modifications of the open/closed state to be made to projects via insecure direct object references<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11515): <!--number 11515 --><!--line 5 --><!--description LSBmaXg6IG1pc3NpbmcgcGVybWlzc2lvbiBjaGVja3MgaW4gYSB3ZWIgZW5kcG9pbnQgYWxsb3dlZCBjYW5jZWxsYXRpb24gb2YgdGhlIGF1dG9tZXJnZSBvZiBhIFBS-->fix: missing permission checks in a web endpoint allowed cancellation of the automerge of a PR<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11515): <!--number 11515 --><!--line 6 --><!--description LSBmaXg6IHByZXZlbnQgYWRkaXRpb25hbCBwYXRoLXRyYXZlcnNhbHMgaW4gcG9zdC1sb2dpbiByZWRpcmVjdCBwYXJhbWV0ZXJzIHRoYXQgYWxsb3dlZCBmb3IgYXJiaXRyYXJ5IHJlZGlyZWN0cw==-->fix: prevent additional path-traversals in post-login redirect parameters that allowed for arbitrary redirects<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11526): <!--number 11526 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuOCAodjExLjAvZm9yZ2Vqbyk=-->Update dependency go to v1.25.8 (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11509): <!--number 11509 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgc3ZnbyB0byB2My4zLjMgW1NFQ1VSSVRZXSAodjExLjAvZm9yZ2Vqbyk=-->Update dependency svgo to v3.3.3 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11496): <!--number 11496 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ29sYW5nLWp3dC9qd3QvdjQgKGluZGlyZWN0KSB0byB2NC41LjIgW1NFQ1VSSVRZXSAodjExLjAvZm9yZ2Vqbyk=-->Update github.com/golang-jwt/jwt/v4 (indirect) to v4.5.2 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11495): <!--number 11495 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vY2xvdWRmbGFyZS9jaXJjbCAoaW5kaXJlY3QpIHRvIHYxLjYuMyBbU0VDVVJJVFldICh2MTEuMC9mb3JnZWpvKQ==-->Update github.com/cloudflare/circl (indirect) to v1.6.3 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11473): <!--number 11473 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2Nhc2NhZGluZy1wciBhY3Rpb24gdG8gdjIuMy4wICh2MTEuMC9mb3JnZWpvKQ==-->Update https://data.forgejo.org/actions/cascading-pr action to v2.3.0 (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11474): <!--number 11474 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuNyAodjExLjAvZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.1.7 (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11414): <!--number 11414 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWluaW1hdGNoIHRvIHYxMC4yLjMgW1NFQ1VSSVRZXSAodjExLjAvZm9yZ2Vqbyk=-->Update dependency minimatch to v10.2.3 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11396): <!--number 11396 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTYuNSBbU0VDVVJJVFldICh2MTEuMC9mb3JnZWpvKQ==-->Update module github.com/go-git/go-git/v5 to v5.16.5 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11395): <!--number 11395 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDQuMSBbU0VDVVJJVFldICh2MTEuMC9mb3JnZWpvKQ==-->Update dependency webpack to v5.104.1 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11394): <!--number 11394 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWNoaS9jaGkvdjUgdG8gdjUuMi40IFtTRUNVUklUWV0gKHYxMS4wL2Zvcmdlam8p-->Update module github.com/go-chi/chi/v5 to v5.2.4 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11167): <!--number 11167 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNyAodjExLjAvZm9yZ2Vqbyk=-->Update dependency go to v1.25.7 (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10981): <!--number 10981 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuNS4xICh2MTEuMC9mb3JnZWpvKQ==-->Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.5.1 (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10982): <!--number 10982 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9pbmZyYXN0cnVjdHVyZS9pc3N1ZS1hY3Rpb24gYWN0aW9uIHRvIHYxLjUuMCAodjExLjAvZm9yZ2Vqbyk=-->Update https://data.forgejo.org/infrastructure/issue-action action to v1.5.0 (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10907): <!--number 10907 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMC4wLjIgW1NFQ1VSSVRZXSAodjExLjAvZm9yZ2Vqbyk=-->Update dependency happy-dom to v20.0.2 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10879): <!--number 10879 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMCBbU0VDVVJJVFldICh2MTEuMC9mb3JnZWpvKQ==-->Update dependency happy-dom to v20 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10883) ([backported](https://codeberg.org/forgejo/forgejo/pulls/10885)): <!--number 10885 --><!--line 0 --><!--description Y2k6IHRpZSBnbyBjYWNoZSB0byBnbyB2ZXJzaW9uIGFuZCBhZGQgYE1ha2VmaWxlYCB0byBrZXkgaGFzaA==-->ci: tie go cache to go version and add `Makefile` to key hash<!--description-->
+<!--end release-notes-assistant-->

From cfd4d53e3217b9b1a8650d5f09841e0d045ba0ab Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Mon, 9 Mar 2026 07:00:32 +0100
Subject: [PATCH 464/854] chore(release-notes): Forgejo v14.0.3 [skip ci]
 (#11583)

https://codeberg.org/forgejo/forgejo/milestone/55554
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11583
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/14.0.3.md | 54 +++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 release-notes-published/14.0.3.md

diff --git a/release-notes-published/14.0.3.md b/release-notes-published/14.0.3.md
new file mode 100644
index 0000000000..d86e59c31e
--- /dev/null
+++ b/release-notes-published/14.0.3.md
@@ -0,0 +1,54 @@
+
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11514): <!--number 11514 --><!--line 0 --><!--description LSBmaXg6IFBLQ0UgY2hhbGxlbmdlcyB0byBGb3JnZWpvJ3MgT0F1dGggaWRlbnRpdHkgcHJvdmlkZXIgd2VyZSBub3QgdmFsaWRhdGVkIHdoZW4gdXNpbmcgdGhlIGBTMjU2YCBhbGdvcml0aG0=-->fix: PKCE challenges to Forgejo's OAuth identity provider were not validated when using the `S256` algorithm<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11514): <!--number 11514 --><!--line 1 --><!--description LSBmaXg6IEZvcmdlam8gc3VwcG9ydHMgdXNpbmcgYW4gT0F1dGggQmVhcmVyIHRva2VuIHdpdGggSFRUUCBiYXNpYyBhdXRoZW50aWNhdGlvbiwgcmF0aGVyIHRoYW4gQmVhcmVyIHRva2VuIGF1dGhlbnRpY2F0aW9uLCBidXQgZGlkIG5vdCBwcm9wZXJseSBhcHBseSB0aGUgbGltaXRlZCBzY29wZXMgb2YgdGhlIE9BdXRoIGdyYW50-->fix: Forgejo supports using an OAuth Bearer token with HTTP basic authentication, rather than Bearer token authentication, but did not properly apply the limited scopes of the OAuth grant<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11514): <!--number 11514 --><!--line 2 --><!--description LSBmaXg6IG1pc3NpbmcgcGVybWlzc2lvbiBjaGVja3MgaW4gYXR0YWNobWVudC1yZWxhdGVkIHdlYiBlbmRwb2ludHMgYWxsb3dlZCBtb2RpZnlpbmcgYXR0YWNobWVudHMgdGhhdCBhIHVzZXIgZGlkIG5vdCBvd24=-->fix: missing permission checks in attachment-related web endpoints allowed modifying attachments that a user did not own<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11514): <!--number 11514 --><!--line 3 --><!--description LSBmaXg6IGVtYWlsIG5vdGlmaWNhdGlvbnMgZm9yIG5ldyByZWxlYXNlcyBjb3VsZCBiZSBzZW50IHRvIHVzZXJzIHRoYXQgbm8gbG9uZ2VyIGFjY2VzcyB0byB0aGUgcmVwb3NpdG9yeSwgb3IgdG8gaW5hY3RpdmUgdXNlcnM=-->fix: email notifications for new releases could be sent to users that no longer access to the repository, or to inactive users<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11514): <!--number 11514 --><!--line 4 --><!--description LSBmaXg6IG1pc3NpbmcgcGVybWlzc2lvbiBjaGVja3MgaW4gdXNlci9vcmctb3duZWQgcHJvamVjdHMgd291bGQgYWxsb3cgbW9kaWZpY2F0aW9ucyBvZiB0aGUgb3Blbi9jbG9zZWQgc3RhdGUgdG8gYmUgbWFkZSB0byBwcm9qZWN0cyB2aWEgaW5zZWN1cmUgZGlyZWN0IG9iamVjdCByZWZlcmVuY2Vz-->fix: missing permission checks in user/org-owned projects would allow modifications of the open/closed state to be made to projects via insecure direct object references<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11514): <!--number 11514 --><!--line 5 --><!--description LSBmaXg6IG1pc3NpbmcgcGVybWlzc2lvbiBjaGVja3MgaW4gYSB3ZWIgZW5kcG9pbnQgYWxsb3dlZCBjYW5jZWxsYXRpb24gb2YgdGhlIGF1dG9tZXJnZSBvZiBhIFBS-->fix: missing permission checks in a web endpoint allowed cancellation of the automerge of a PR<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11514): <!--number 11514 --><!--line 6 --><!--description LSBmaXg6IHByZXZlbnQgYWRkaXRpb25hbCBwYXRoLXRyYXZlcnNhbHMgaW4gcG9zdC1sb2dpbiByZWRpcmVjdCBwYXJhbWV0ZXJzIHRoYXQgYWxsb3dlZCBmb3IgYXJiaXRyYXJ5IHJlZGlyZWN0cw==-->fix: prevent additional path-traversals in post-login redirect parameters that allowed for arbitrary redirects<!--description-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11381) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11413)): <!--number 11413 --><!--line 0 --><!--description Zml4KHVpKTogaGFyZGNvZGUgc29ydCBvcHRpb25zIGluIHNlYXJjaCBzeW50YXggaGludCwgaW1wcm92ZSBsb29r-->fix(ui): hardcode sort options in search syntax hint, improve look<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11547) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11560)): <!--number 11560 --><!--line 0 --><!--description Zml4OiBtb2RhbHMgb24gc21hbGwgdmlld3BvcnQgaGVpZ2h0-->fix: modals on small viewport height<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11341) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11499)): <!--number 11499 --><!--line 0 --><!--description Zml4KHVpL21kZSk6IGlucHV0cyBpbiB0YWJsZS9saW5rIGluc2VydGlvbiBtb2RhbHM=-->fix(ui/mde): inputs in table/link insertion modals<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11287) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11327)): <!--number 11327 --><!--line 0 --><!--description Zml4KHVpKTogcHJldmVudCBsYWJlbCBvdmVyZmxvdyBpbiBQUiBDSSBjaGVja3Mgb24gbW9iaWxl-->fix(ui): prevent label overflow in PR CI checks on mobile<!--description-->
+- Localization
+  - Updates from Codeberg Translate: [#11535](https://codeberg.org/forgejo/forgejo/pulls/11535) (backport of [#10978](https://codeberg.org/forgejo/forgejo/pulls/10978), [#11344](https://codeberg.org/forgejo/forgejo/pulls/11344))
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11570): <!--number 11570 --><!--line 0 --><!--description aTE4bjogYmFja3BvcnQgb2YgaGludF93aXRoX3BsYWNlaG9sZGVyIHRyYW5zbGF0aW9ucw==-->i18n: backport of hint_with_placeholder translations<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11393) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11557)): <!--number 11557 --><!--line 0 --><!--description Zml4OiBleHRlbmQgYmFzaWMgYXV0aCB0byAvdjIsIGFsd2F5cyBpbmNsdWRlIFdXVy1BdXRoZW50aWNhdGUgaGVhZGVyICgjMTEzOTMp-->fix: extend basic auth to /v2, always include WWW-Authenticate header (#11393)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11282) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11484)): <!--number 11484 --><!--line 0 --><!--description cHJldmVudCBwYW5pYyB3aGVuIGltcG9ydGluZyBpc3N1ZXMgZnJvbSBHaXRMYWI=-->prevent panic when importing issues from GitLab<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11282) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11484)): <!--number 11484 --><!--line 1 --><!--description cHJldmVudCBwYW5pYyB3aGVuIGltcG9ydGluZyByZWxlYXNlcyB3aXRoIG1vcmUgdGhhbiA0IHJlbGVhc2UgYXNzZXRzIGZyb20gR2l0TGFi-->prevent panic when importing releases with more than 4 release assets from GitLab<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11282) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11484)): <!--number 11484 --><!--line 2 --><!--description Y29ycmVjdCByZS1tYXBwaW5nIG9mIG1lcmdlLXJlcXVlc3QgbnVtYmVycyBtZW50aW9uZWQgaW4gR2l0TGFiIGNvbW1lbnRz-->correct re-mapping of merge-request numbers mentioned in GitLab comments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11246) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11254)): <!--number 11254 --><!--line 0 --><!--description Zml4OiBjbGVhbnVwIG9mIG11bHRpLXBsYXRmb3JtIGNvbnRhaW5lciBpbWFnZXM=-->fix: cleanup of multi-platform container images<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11164) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11166)): <!--number 11166 --><!--line 0 --><!--description Zml4OiB3aGVuIGV4cGFuZGluZyBhIGR5bmFtaWMgbWF0cml4LCBvcmlnaW5hbCAnbmVlZHMnIGFjY2VzcyB3YXMgbG9zdA==-->fix: when expanding a dynamic matrix, original 'needs' access was lost<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11179) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11220)): <!--number 11220 --><!--line 0 --><!--description Zml4OiBpbXByb3ZlIFNRTGl0ZSAiZGF0YWJhc2UgaXMgbG9ja2VkIiBlcnJvcnMgYnkgaW5jcmVhc2luZyBkZWZhdWx0IGBTUUxJVEVfVElNRU9VVGA=-->fix: improve SQLite "database is locked" errors by increasing default `SQLITE_TIMEOUT`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10933) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11126)): <!--number 11126 --><!--line 0 --><!--description Zml4OiB1c2UgYW4gYWJzb2x1dGUgVVJMIGZvciBjb21wYXJlIGxpbmtzIGluIGF0b20gZmVlZA==-->fix: use an absolute URL for compare links in atom feed<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11581): <!--number 11581 --><!--line 0 --><!--description aTE4bjogcmV2ZXJ0IHpoLUNOIGNoYW5nZXMgaW4gMTQ1MmMzYWU3MCBhbmQgZjYwMmI1ZjVlZA==-->i18n: revert zh-CN changes in 1452c3ae70 and f602b5f5ed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11335) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11555)): <!--number 11555 --><!--line 0 --><!--description Zml4OiBza2lwIHJlcG8gYXZhdGFyIHVwbG9hZCB3aGVuIG5vIGZpbGUgaXMgc2VsZWN0ZWQ=-->fix: skip repo avatar upload when no file is selected<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11168): <!--number 11168 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNyAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency go to v1.25.7 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11478) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11552)): <!--number 11552 --><!--line 0 --><!--description Zml4OiBSUE0gcmVnaXN0cnkgYWRkcmVwbyBpbnN0cnVjdGlvbnM=-->fix: RPM registry addrepo instructions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11542) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11551)): <!--number 11551 --><!--line 0 --><!--description Y2hvcmU6IHNraXAgc2hhMjU2IHJlcG8gZm9yIG9sZGVyIGdpdCB2ZXJzaW9ucw==-->chore: skip sha256 repo for older git versions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11525) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11528)): <!--number 11528 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBtb3JlIGRpYWdub3N0aWMgb3V0cHV0IHRvIGRiZnMgU3RhdCBlcnJvcg==-->chore: add more diagnostic output to dbfs Stat error<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11527): <!--number 11527 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuOCAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency go to v1.25.8 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11510): <!--number 11510 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgc3ZnbyB0byB2NC4wLjEgW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency svgo to v4.0.1 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11498): <!--number 11498 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vY2xvdWRmbGFyZS9jaXJjbCAoaW5kaXJlY3QpIHRvIHYxLjYuMyBbU0VDVVJJVFldICh2MTQuMC9mb3JnZWpvKQ==-->Update github.com/cloudflare/circl (indirect) to v1.6.3 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11475): <!--number 11475 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuNyAodjE0LjAvZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.1.7 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11415): <!--number 11415 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWluaW1hdGNoIHRvIHYxMC4yLjMgW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency minimatch to v10.2.3 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11467): <!--number 11467 --><!--line 0 --><!--description Y2k6IGVuc3VyZSBjb3JyZWN0IG5vZGUgdmVyc2lvbg==-->ci: ensure correct node version<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11464): <!--number 11464 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLnN1cGVyc2VyaW91c2J1c2luZXNzLm9yZy9leGlmLXRlcm1pbmF0b3IgdG8gdjAuMTEuMSAodjE0LjAvZm9yZ2Vqbyk=-->Update module code.superseriousbusiness.org/exif-terminator to v0.11.1 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11412): <!--number 11412 --><!--line 0 --><!--description Y2hvcmU6IGJ1bXAgZ28tZ2l0L3Y1IGluZGlyZWN0IGRlcGVuZGVuY3kgZm9yIGdvdnVsbmNoZWNr-->chore: bump go-git/v5 indirect dependency for govulncheck<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11398): <!--number 11398 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDQuMSBbU0VDVVJJVFldICh2MTQuMC9mb3JnZWpvKQ==-->Update dependency webpack to v5.104.1 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11397): <!--number 11397 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWNoaS9jaGkvdjUgdG8gdjUuMi40IFtTRUNVUklUWV0gKHYxNC4wL2Zvcmdlam8p-->Update module github.com/go-chi/chi/v5 to v5.2.4 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11245): <!--number 11245 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21hdHRuL2dvLXNxbGl0ZTMgdG8gdjEuMTQuMzQgKHYxNC4wL2Zvcmdlam8p-->Update module github.com/mattn/go-sqlite3 to v1.14.34 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11244): <!--number 11244 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNi40ICh2MTQuMC9mb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.6.4 (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11145) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11148)): <!--number 11148 --><!--line 0 --><!--description Zml4OiBkb24ndCBhYmFuZG9uIEFjdGlvbiBqb2JzIHdhaXRpbmcgZm9yIGFwcHJvdmFs-->fix: don't abandon Action jobs waiting for approval<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11176) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11178)): <!--number 11178 --><!--line 0 --><!--description OiBlbnN1cmUgY29uc2lzdGVudCBzb3J0IG9yZGVyIGluIFRlc3RGZWVkIGZpeHR1cmU=-->: ensure consistent sort order in TestFeed fixture<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11134) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11135)): <!--number 11135 --><!--line 0 --><!--description Zml4OiBjYW5jZWwgcnVucyBwZW5kaW5nIGFwcHJvdmFsIHdoZW4gYSBQUiBpcyBjbG9zZWQ=-->fix: cancel runs pending approval when a PR is closed<!--description-->
+<!--end release-notes-assistant-->

From 70081c92976a09bb3f21d87e3ea298ccccf1f7c3 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Mon, 9 Mar 2026 15:19:28 +0100
Subject: [PATCH 465/854] chore: cleanup Makefile (#11587)

Leftover of #7680

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11587
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 Makefile | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/Makefile b/Makefile
index ca0aa27206..5376016d96 100644
--- a/Makefile
+++ b/Makefile
@@ -963,10 +963,6 @@ node_modules: package-lock.json
 	npm install --no-save
 	@touch node_modules
 
-.venv: poetry.lock
-	poetry install
-	@touch .venv
-
 .PHONY: fomantic
 fomantic:
 	rm -rf $(FOMANTIC_WORK_DIR)/build

From b2e7f082460eb347e36702aa3d624aa069054dbb Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 9 Mar 2026 16:29:07 +0100
Subject: [PATCH 466/854] Update dependency webpack to v5.105.4 (forgejo)
 (#11558)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11558
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 79 ++++++++++++-----------------------------------
 package.json      |  2 +-
 2 files changed, 21 insertions(+), 60 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a062bad47f..76c07c7488 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -77,7 +77,7 @@
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
-        "webpack": "5.105.2",
+        "webpack": "5.105.4",
         "webpack-cli": "6.0.1",
         "wrap-ansi": "9.0.2"
       },
@@ -5377,9 +5377,9 @@
       }
     },
     "node_modules/acorn": {
-      "version": "8.15.0",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
-      "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
+      "version": "8.16.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.16.0.tgz",
+      "integrity": "sha512-UVJyE9MttOsBQIDKw1skb9nAwQuR5wuGD3+82K6JgJlm/Y+KI92oNsMNGZCYdDsVtRHSak0pcV5Dno5+4jh9sw==",
       "license": "MIT",
       "bin": {
         "acorn": "bin/acorn"
@@ -7581,9 +7581,9 @@
       }
     },
     "node_modules/enhanced-resolve": {
-      "version": "5.19.0",
-      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.19.0.tgz",
-      "integrity": "sha512-phv3E1Xl4tQOShqSte26C7Fl84EwUdZsyOuSSk9qtAGyyQs2s3jJzComh+Abf4g187lUUAvH+H26omrqia2aGg==",
+      "version": "5.20.0",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.20.0.tgz",
+      "integrity": "sha512-/ce7+jQ1PQ6rVXwe+jKEg5hW5ciicHwIQUagZkp6IufBoY3YDgdTTY1azVs0qoRgVmvsNB+rbjLJxDAeHHtwsQ==",
       "license": "MIT",
       "dependencies": {
         "graceful-fs": "^4.2.4",
@@ -13064,15 +13064,6 @@
       ],
       "license": "MIT"
     },
-    "node_modules/randombytes": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
-      "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==",
-      "license": "MIT",
-      "dependencies": {
-        "safe-buffer": "^5.1.0"
-      }
-    },
     "node_modules/read-cache": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz",
@@ -13507,26 +13498,6 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
-    "node_modules/safe-buffer": {
-      "version": "5.2.1",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
-      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/feross"
-        },
-        {
-          "type": "patreon",
-          "url": "https://www.patreon.com/feross"
-        },
-        {
-          "type": "consulting",
-          "url": "https://feross.org/support"
-        }
-      ],
-      "license": "MIT"
-    },
     "node_modules/safe-push-apply": {
       "version": "1.0.0",
       "resolved": "https://registry.npmjs.org/safe-push-apply/-/safe-push-apply-1.0.0.tgz",
@@ -13628,15 +13599,6 @@
         "node": ">=10"
       }
     },
-    "node_modules/serialize-javascript": {
-      "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz",
-      "integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==",
-      "license": "BSD-3-Clause",
-      "dependencies": {
-        "randombytes": "^2.1.0"
-      }
-    },
     "node_modules/seroval": {
       "version": "1.5.0",
       "resolved": "https://registry.npmjs.org/seroval/-/seroval-1.5.0.tgz",
@@ -14772,15 +14734,14 @@
       }
     },
     "node_modules/terser-webpack-plugin": {
-      "version": "5.3.16",
-      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.16.tgz",
-      "integrity": "sha512-h9oBFCWrq78NyWWVcSwZarJkZ01c2AyGrzs1crmHZO3QUg9D61Wu4NPjBy69n7JqylFF5y+CsUZYmYEIZ3mR+Q==",
+      "version": "5.3.17",
+      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.17.tgz",
+      "integrity": "sha512-YR7PtUp6GMU91BgSJmlaX/rS2lGDbAF7D+Wtq7hRO+MiljNmodYvqslzCFiYVAgW+Qoaaia/QUIP4lGXufjdZw==",
       "license": "MIT",
       "dependencies": {
         "@jridgewell/trace-mapping": "^0.3.25",
         "jest-worker": "^27.4.5",
         "schema-utils": "^4.3.0",
-        "serialize-javascript": "^6.0.2",
         "terser": "^5.31.1"
       },
       "engines": {
@@ -15829,9 +15790,9 @@
       "license": "BSD-2-Clause"
     },
     "node_modules/webpack": {
-      "version": "5.105.2",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.105.2.tgz",
-      "integrity": "sha512-dRXm0a2qcHPUBEzVk8uph0xWSjV/xZxenQQbLwnwP7caQCYpqG1qddwlyEkIDkYn0K8tvmcrZ+bOrzoQ3HxCDw==",
+      "version": "5.105.4",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.105.4.tgz",
+      "integrity": "sha512-jTywjboN9aHxFlToqb0K0Zs9SbBoW4zRUlGzI2tYNxVYcEi/IPpn+Xi4ye5jTLvX2YeLuic/IvxNot+Q1jMoOw==",
       "license": "MIT",
       "dependencies": {
         "@types/eslint-scope": "^3.7.7",
@@ -15840,11 +15801,11 @@
         "@webassemblyjs/ast": "^1.14.1",
         "@webassemblyjs/wasm-edit": "^1.14.1",
         "@webassemblyjs/wasm-parser": "^1.14.1",
-        "acorn": "^8.15.0",
+        "acorn": "^8.16.0",
         "acorn-import-phases": "^1.0.3",
         "browserslist": "^4.28.1",
         "chrome-trace-event": "^1.0.2",
-        "enhanced-resolve": "^5.19.0",
+        "enhanced-resolve": "^5.20.0",
         "es-module-lexer": "^2.0.0",
         "eslint-scope": "5.1.1",
         "events": "^3.2.0",
@@ -15856,9 +15817,9 @@
         "neo-async": "^2.6.2",
         "schema-utils": "^4.3.3",
         "tapable": "^2.3.0",
-        "terser-webpack-plugin": "^5.3.16",
+        "terser-webpack-plugin": "^5.3.17",
         "watchpack": "^2.5.1",
-        "webpack-sources": "^3.3.3"
+        "webpack-sources": "^3.3.4"
       },
       "bin": {
         "webpack": "bin/webpack.js"
@@ -15986,9 +15947,9 @@
       }
     },
     "node_modules/webpack/node_modules/webpack-sources": {
-      "version": "3.3.3",
-      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.3.3.tgz",
-      "integrity": "sha512-yd1RBzSGanHkitROoPFd6qsrxt+oFhg/129YzheDGqeustzX0vTZJZsSsQjVQC4yzBQ56K55XU8gaNCtIzOnTg==",
+      "version": "3.3.4",
+      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.3.4.tgz",
+      "integrity": "sha512-7tP1PdV4vF+lYPnkMR0jMY5/la2ub5Fc/8VQrrU+lXkiM6C4TjVfGw7iKfyhnTQOsD+6Q/iKw0eFciziRgD58Q==",
       "license": "MIT",
       "engines": {
         "node": ">=10.13.0"
diff --git a/package.json b/package.json
index 1081c962d5..394dedf087 100644
--- a/package.json
+++ b/package.json
@@ -76,7 +76,7 @@
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",
-    "webpack": "5.105.2",
+    "webpack": "5.105.4",
     "webpack-cli": "6.0.1",
     "wrap-ansi": "9.0.2"
   },

From 9f6e04c67710a0cadcbd892e00a6fdaf85d21c5a Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 9 Mar 2026 16:30:18 +0100
Subject: [PATCH 467/854] Update dependency katex to v0.16.35 (forgejo)
 (#11576)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11576
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 76c07c7488..186a33c1e7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -54,7 +54,7 @@
         "htmx.org": "2.0.8",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
-        "katex": "0.16.33",
+        "katex": "0.16.35",
         "mermaid": "11.12.3",
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.4",
@@ -10516,9 +10516,9 @@
       "license": "MIT"
     },
     "node_modules/katex": {
-      "version": "0.16.33",
-      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.33.tgz",
-      "integrity": "sha512-q3N5u+1sY9Bu7T4nlXoiRBXWfwSefNGoKeOwekV+gw0cAXQlz2Ww6BLcmBxVDeXBMUDQv6fK5bcNaJLxob3ZQA==",
+      "version": "0.16.35",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.35.tgz",
+      "integrity": "sha512-S0+riEvy1CK4VKse1ivMff8gmabe/prY7sKB3njjhyoLLsNFDQYtKNgXrbWUggGDCJBz7Fctl5i8fLCESHXzSg==",
       "funding": [
         "https://opencollective.com/katex",
         "https://github.com/sponsors/katex"
diff --git a/package.json b/package.json
index 394dedf087..8c6f590243 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
     "htmx.org": "2.0.8",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
-    "katex": "0.16.33",
+    "katex": "0.16.35",
     "mermaid": "11.12.3",
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.4",

From fc82d7319a0b4e9c67f4a5cc05e32ecbea1b762b Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 9 Mar 2026 16:31:21 +0100
Subject: [PATCH 468/854] Update module github.com/minio/minio-go/v7 to v7.0.99
 (forgejo) (#11568)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11568
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 0a0241f77c..52b7629daa 100644
--- a/go.mod
+++ b/go.mod
@@ -79,7 +79,7 @@ require (
 	github.com/meilisearch/meilisearch-go v0.36.0
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
-	github.com/minio/minio-go/v7 v7.0.98
+	github.com/minio/minio-go/v7 v7.0.99
 	github.com/msteinert/pam/v2 v2.1.0
 	github.com/niklasfasching/go-org v1.9.1
 	github.com/olivere/elastic/v7 v7.0.32
diff --git a/go.sum b/go.sum
index 53384f1921..09332da181 100644
--- a/go.sum
+++ b/go.sum
@@ -534,8 +534,8 @@ github.com/minio/crc64nvme v1.1.1 h1:8dwx/Pz49suywbO+auHCBpCtlW1OfpcLN7wYgVR6wAI
 github.com/minio/crc64nvme v1.1.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.98 h1:MeAVKjLVz+XJ28zFcuYyImNSAh8Mq725uNW4beRisi0=
-github.com/minio/minio-go/v7 v7.0.98/go.mod h1:cY0Y+W7yozf0mdIclrttzo1Iiu7mEf9y7nk2uXqMOvM=
+github.com/minio/minio-go/v7 v7.0.99 h1:2vH/byrwUkIpFQFOilvTfaUpvAX3fEFhEzO+DR3DlCE=
+github.com/minio/minio-go/v7 v7.0.99/go.mod h1:EtGNKtlX20iL2yaYnxEigaIvj0G0GwSDnifnG8ClIdw=
 github.com/minio/minlz v1.0.1 h1:OUZUzXcib8diiX+JYxyRLIdomyZYzHct6EShOKtQY2A=
 github.com/minio/minlz v1.0.1/go.mod h1:qT0aEB35q79LLornSzeDH75LBf3aH1MV+jB5w9Wasec=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=

From 3934e5fea30da5ac628c41fa597cb56855af42ef Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Mon, 9 Mar 2026 17:09:07 +0100
Subject: [PATCH 469/854] chore: add comment for ap migration (#11144)

When merging #9254 I didn't make the mental note that v14 is already out and the migration would now apply to v15. Document this mistake.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11144
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 .../v14a_ap-change-fedi-handle-structure.go                  | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go b/models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go
index c59f778205..fe0a68489a 100644
--- a/models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go
+++ b/models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go
@@ -1,6 +1,11 @@
 // Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: GPL-3.0-or-later
 
+// Due to a mistake during code review, this code was merged with the prefix 14a
+// but this code was merged for the v15 cycle, the correct prefix would be 15a.
+// As it would lead to breakage for instance who already ran with the old prefix
+// the incorrect prefix is kept.
+
 package forgejo_migrations
 
 import (

From cf51d3c888d0950b2e8d52cbf36af209b209c440 Mon Sep 17 00:00:00 2001
From: wejdross <wejdross@noreply.codeberg.org>
Date: Mon, 9 Mar 2026 17:14:50 +0100
Subject: [PATCH 470/854] fix: enforce package quota against package owner, not
 uploader (#11442)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## What is broken

Quota on packages is not enforced when pushing to an organisation.

`enforcePackagesQuota()` calls `EvaluateForUser(ctx.Doer.ID, ...)` — it checks how much space the **uploader** personally owns, not the org being pushed to. Since packages accumulate under `package.owner_id = org_id`, the uploader always shows 0 bytes used and the check always passes.

This also means site admins bypass quota entirely when pushing to orgs (they get the service-layer admin bypass on top of the 0-byte measurement).

OCI/container routes (`/v2/...`) have the same problem but worse — `enforcePackagesQuota()` was not called on them at all.

## Fix

Check quota against `ctx.Package.Owner.ID` instead of `ctx.Doer.ID`. The package owner (the org or user being pushed to) is already available via `ctx.Package.Owner`, populated by `PackageAssignment()` before this middleware runs.

For individual user namespaces nothing changes — `ctx.Package.Owner` is the user themselves.

Also wired `enforcePackagesQuota()` into the missing OCI upload routes: `InitiateUploadBlob`, `UploadBlob`, `EndUploadBlob`, `UploadManifest` — both in the named `/{image}` group and the wildcard `/*` handler.

## Tested

Kind cluster, org `maw2` with 1 GiB quota, 2.6 GiB of container images already pushed:

- pushing a generic package to `maw2` as SA user → was 201, now 413
- pushing a generic package to `maw2` as `gitea_admin` → was 201, now 413
- initiating OCI blob upload to `maw2` as SA user → was 202, now 413
- pushing to own user namespace within quota → still 201

Co-authored-by: azhluwi <lukasz.widera@convotis.ch>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11442
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: wejdross <wejdross@noreply.codeberg.org>
Co-committed-by: wejdross <wejdross@noreply.codeberg.org>
---
 routers/api/packages/api.go             |  33 ++++-
 tests/integration/api_quota_use_test.go | 163 +++++++++++++++++++++++-
 2 files changed, 190 insertions(+), 6 deletions(-)

diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 2676a6309d..800e3514d9 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -94,7 +94,14 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
 
 func enforcePackagesQuota() func(ctx *context.Context) {
 	return func(ctx *context.Context) {
-		ok, err := quota_model.EvaluateForUser(ctx, ctx.Doer.ID, quota_model.LimitSubjectSizeAssetsPackagesAll)
+		// Evaluate quota against the package owner (org or user the package is pushed to),
+		// not the uploader (ctx.Doer). This enables org-level quota: all members uploading
+		// to an org consume from the org's quota group, not their own personal quota.
+		ownerID := ctx.Doer.ID
+		if ctx.Package != nil {
+			ownerID = ctx.Package.Owner.ID
+		}
+		ok, err := quota_model.EvaluateForUser(ctx, ownerID, quota_model.LimitSubjectSizeAssetsPackagesAll)
 		if err != nil {
 			log.Error("quota_model.EvaluateForUser: %v", err)
 			ctx.Error(http.StatusInternalServerError, "Error checking quota")
@@ -793,11 +800,11 @@ func ContainerRoutes() *web.Route {
 	r.Group("/{username}", func() {
 		r.Group("/{image}", func() {
 			r.Group("/blobs/uploads", func() {
-				r.Post("", container.InitiateUploadBlob)
+				r.Post("", enforcePackagesQuota(), container.InitiateUploadBlob)
 				r.Group("/{uuid}", func() {
 					r.Get("", container.GetUploadBlob)
-					r.Patch("", container.UploadBlob)
-					r.Put("", container.EndUploadBlob)
+					r.Patch("", enforcePackagesQuota(), container.UploadBlob)
+					r.Put("", enforcePackagesQuota(), container.EndUploadBlob)
 					r.Delete("", container.CancelUploadBlob)
 				})
 			}, reqPackageAccess(perm.AccessModeWrite))
@@ -807,7 +814,7 @@ func ContainerRoutes() *web.Route {
 				r.Delete("", reqPackageAccess(perm.AccessModeWrite), container.DeleteBlob)
 			})
 			r.Group("/manifests/{reference}", func() {
-				r.Put("", reqPackageAccess(perm.AccessModeWrite), container.UploadManifest)
+				r.Put("", reqPackageAccess(perm.AccessModeWrite), enforcePackagesQuota(), container.UploadManifest)
 				r.Head("", container.HeadManifest)
 				r.Get("", container.GetManifest)
 				r.Delete("", reqPackageAccess(perm.AccessModeWrite), container.DeleteManifest)
@@ -843,6 +850,10 @@ func ContainerRoutes() *web.Route {
 					return
 				}
 
+				enforcePackagesQuota()(ctx)
+				if ctx.Written() {
+					return
+				}
 				container.InitiateUploadBlob(ctx)
 				return
 			}
@@ -875,8 +886,16 @@ func ContainerRoutes() *web.Route {
 				if isGet {
 					container.GetUploadBlob(ctx)
 				} else if isPatch {
+					enforcePackagesQuota()(ctx)
+					if ctx.Written() {
+						return
+					}
 					container.UploadBlob(ctx)
 				} else if isPut {
+					enforcePackagesQuota()(ctx)
+					if ctx.Written() {
+						return
+					}
 					container.EndUploadBlob(ctx)
 				} else {
 					container.CancelUploadBlob(ctx)
@@ -926,6 +945,10 @@ func ContainerRoutes() *web.Route {
 						return
 					}
 					if isPut {
+						enforcePackagesQuota()(ctx)
+						if ctx.Written() {
+							return
+						}
 						container.UploadManifest(ctx)
 					} else {
 						container.DeleteManifest(ctx)
diff --git a/tests/integration/api_quota_use_test.go b/tests/integration/api_quota_use_test.go
index 1d1cf6062c..1ca44cc17e 100644
--- a/tests/integration/api_quota_use_test.go
+++ b/tests/integration/api_quota_use_test.go
@@ -5,6 +5,7 @@ package integration
 
 import (
 	"bytes"
+	"crypto/sha256"
 	"encoding/base64"
 	"fmt"
 	"io"
@@ -402,7 +403,7 @@ func testAPIQuotaEnforcement(t *testing.T) {
 
 	t.Run("#/orgs/{org}/repos", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
-		defer env.SetRuleLimit(t, "all", 0)
+		defer env.SetRuleLimit(t, "all", 0)()
 
 		assertCreateRepo := func(t *testing.T, orgName, repoName string, expectedStatus int) func() {
 			t.Helper()
@@ -1285,6 +1286,166 @@ func testAPIQuotaEnforcement(t *testing.T) {
 			env.User.Session.MakeRequest(t, req, http.StatusNoContent)
 		})
 	})
+
+	// verify that package upload quota is evaluated against the package owner, not the uploader
+	t.Run("#/packages/{org}/quota-enforcement-against-owner", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		// Ensure the user's own quota is unlimited for this block; prior tests may have left it at 0.
+		defer env.SetRuleLimit(t, "all", -1)()
+
+		t.Run("upload to limited org is rejected", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			// Verify the user has quota remaining, so rejection is due to org quota
+			req := NewRequest(t, "GET", "/api/v1/user/quota/check?subject=size:assets:packages:all").AddTokenAuth(env.User.Token)
+			resp := env.User.Session.MakeRequest(t, req, http.StatusOK)
+			var quotaOK bool
+			DecodeJSON(t, resp, &quotaOK)
+			assert.True(t, quotaOK, "user must have quota remaining before the rejection test")
+
+			body := strings.NewReader("forgejo is awesome")
+			req = NewRequestWithBody(t, "PUT",
+				fmt.Sprintf("/api/packages/%s/generic/org-quota-test/1.0.0/file.txt", env.Orgs.Limited.Name),
+				body,
+			).AddTokenAuth(env.User.Token)
+			env.User.Session.MakeRequest(t, req, http.StatusRequestEntityTooLarge)
+		})
+
+		t.Run("upload to unlimited org succeeds even when user quota is zero", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			defer env.SetRuleLimit(t, "all", 0)()
+
+			// Verify the user's quota is zero before the upload
+			req := NewRequest(t, "GET", "/api/v1/user/quota/check?subject=size:assets:packages:all").AddTokenAuth(env.User.Token)
+			resp := env.User.Session.MakeRequest(t, req, http.StatusOK)
+			var quotaOK bool
+			DecodeJSON(t, resp, &quotaOK)
+			assert.False(t, quotaOK, "user must have no quota before the upload test")
+
+			body := strings.NewReader("forgejo is awesome")
+			req = NewRequestWithBody(t, "PUT",
+				fmt.Sprintf("/api/packages/%s/generic/org-quota-test/1.0.0/file.txt", env.Orgs.Unlimited.Name),
+				body,
+			).AddTokenAuth(env.User.Token)
+			env.User.Session.MakeRequest(t, req, http.StatusCreated)
+
+			env.WithoutQuota(t, func() {
+				req := NewRequestf(t, "DELETE", "/api/v1/packages/%s/generic/org-quota-test/1.0.0", env.Orgs.Unlimited.Name).
+					AddTokenAuth(env.User.Token)
+				env.User.Session.MakeRequest(t, req, http.StatusNoContent)
+			})
+		})
+	})
+
+	t.Run("#/v2/{org}/container/quota-enforcement-against-owner", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		// Ensure the user's own quota is unlimited for this block; prior tests may have left it at 0.
+		defer env.SetRuleLimit(t, "all", -1)()
+
+		type tokenResponse struct {
+			Token string `json:"token"`
+		}
+
+		getContainerToken := func(t *testing.T, username string) string {
+			t.Helper()
+			req := NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL)).
+				AddBasicAuth(username)
+			resp := MakeRequest(t, req, http.StatusOK)
+			var tr tokenResponse
+			DecodeJSON(t, resp, &tr)
+			return fmt.Sprintf("Bearer %s", tr.Token)
+		}
+
+		blobContent := []byte("quota-container-blob")
+		blobDigest := fmt.Sprintf("sha256:%x", sha256.Sum256(blobContent))
+		configContent := `{}`
+		configDigest := fmt.Sprintf("sha256:%x", sha256.Sum256([]byte(configContent)))
+		manifestContent := fmt.Sprintf(`{"schemaVersion":2,"mediaType":"application/vnd.docker.distribution.manifest.v2+json","config":{"mediaType":"application/vnd.docker.container.image.v1+json","digest":%q,"size":%d},"layers":[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":%q,"size":%d}]}`,
+			configDigest, len(configContent), blobDigest, len(blobContent))
+
+		userToken := getContainerToken(t, env.User.User.Name)
+
+		t.Run("upload to limited org is rejected", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			// Verify the user has quota remaining, so rejection is due to org quota
+			req := NewRequest(t, "GET", "/api/v1/user/quota/check?subject=size:assets:packages:all").AddTokenAuth(env.User.Token)
+			resp := env.User.Session.MakeRequest(t, req, http.StatusOK)
+			var quotaOK bool
+			DecodeJSON(t, resp, &quotaOK)
+			assert.True(t, quotaOK, "user must have quota remaining before the rejection test")
+
+			image := fmt.Sprintf("%sv2/%s/quota-test-img", setting.AppURL, env.Orgs.Limited.Name)
+
+			req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", image, blobDigest), bytes.NewReader(blobContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusRequestEntityTooLarge)
+
+			req = NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", image)).
+				AddTokenAuth(userToken)
+			resp = MakeRequest(t, req, http.StatusRequestEntityTooLarge)
+
+			// chunked upload: initiate returns 413, so patch/put are never reached
+			// this is the result we expect, otherwise it's very hard to create multi-tenant environment
+			_ = resp
+		})
+
+		t.Run("upload to unlimited org succeeds even when user quota is zero", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			defer env.SetRuleLimit(t, "all", 0)()
+
+			// Verify the user's quota is zero before the upload
+			req := NewRequest(t, "GET", "/api/v1/user/quota/check?subject=size:assets:packages:all").AddTokenAuth(env.User.Token)
+			resp := env.User.Session.MakeRequest(t, req, http.StatusOK)
+			var quotaOK bool
+			DecodeJSON(t, resp, &quotaOK)
+			assert.False(t, quotaOK, "user must have no quota before the upload test")
+
+			image := fmt.Sprintf("%sv2/%s/quota-test-img", setting.AppURL, env.Orgs.Unlimited.Name)
+
+			// monolithic blob upload
+			req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", image, blobDigest), bytes.NewReader(blobContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+
+			req = NewRequestWithBody(t, "POST", fmt.Sprintf("%s/blobs/uploads?digest=%s", image, configDigest), strings.NewReader(configContent)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+
+			// chunked blob upload (patch + put)
+			req = NewRequest(t, "POST", fmt.Sprintf("%s/blobs/uploads", image)).
+				AddTokenAuth(userToken)
+			resp = MakeRequest(t, req, http.StatusAccepted)
+
+			uploadURL := resp.Header().Get("Location")
+			contentRange := fmt.Sprintf("0-%d", len(blobContent)-1)
+			req = NewRequestWithBody(t, "PATCH", setting.AppURL+uploadURL[1:], bytes.NewReader(blobContent)).
+				AddTokenAuth(userToken).
+				SetHeader("Content-Range", contentRange)
+			resp = MakeRequest(t, req, http.StatusAccepted)
+
+			uploadURL = resp.Header().Get("Location")
+			req = NewRequest(t, "PUT", fmt.Sprintf("%s?digest=%s", setting.AppURL+uploadURL[1:], blobDigest)).
+				AddTokenAuth(userToken)
+			MakeRequest(t, req, http.StatusCreated)
+
+			// upload manifest
+			req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/manifests/v1", image), strings.NewReader(manifestContent)).
+				AddTokenAuth(userToken).
+				SetHeader("Content-Type", "application/vnd.docker.distribution.manifest.v2+json")
+			MakeRequest(t, req, http.StatusCreated)
+
+			// delete manifest
+			env.WithoutQuota(t, func() {
+				manifestDigest := fmt.Sprintf("sha256:%x", sha256.Sum256([]byte(manifestContent)))
+				req := NewRequest(t, "DELETE", fmt.Sprintf("%s/manifests/%s", image, manifestDigest)).
+					AddTokenAuth(userToken)
+				MakeRequest(t, req, http.StatusAccepted)
+			})
+		})
+	})
 }
 
 func TestAPIQuotaOrgQuotaQuery(t *testing.T) {

From 9e67037a3f1008c53faa4285d13811b764845ee2 Mon Sep 17 00:00:00 2001
From: Shiny Nematoda <snematoda.751k2@aleeas.com>
Date: Mon, 9 Mar 2026 18:51:18 +0100
Subject: [PATCH 471/854] fix(issue-search): delete issue from indexer on
 DeleteIssue (#11585)

Previously, issues were deleted from the indexer only when the repository was deleted.
Individually deleting issues would not remove them from the indexer.
Instead, they were merely hidden due to their IDs being absent from the DB.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11585
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
---
 modules/indexer/issues/indexer.go      | 13 ++++++++
 modules/indexer/issues/indexer_test.go | 43 +++++++++++++++++++++++++-
 services/indexer/notify.go             |  4 +++
 services/issue/issue.go                |  2 ++
 services/notify/notifier.go            |  1 +
 services/notify/notify.go              |  7 +++++
 services/notify/null.go                |  4 +++
 7 files changed, 73 insertions(+), 1 deletion(-)

diff --git a/modules/indexer/issues/indexer.go b/modules/indexer/issues/indexer.go
index eebcc9a509..dd7102713c 100644
--- a/modules/indexer/issues/indexer.go
+++ b/modules/indexer/issues/indexer.go
@@ -262,6 +262,19 @@ func DeleteRepoIssueIndexer(ctx context.Context, repoID int64) {
 	}
 }
 
+// DeleteIssueIndexer deletes a single issue by it's ID
+//
+// NOTE: This does not perform any DB validation.
+// Hence, the issueID does not need to be present in the DB.
+func DeleteIssueIndexer(ctx context.Context, issueID int64) {
+	if err := pushIssueIndexerQueue(ctx, &IndexerMetadata{
+		IDs:      []int64{issueID},
+		IsDelete: true,
+	}); err != nil {
+		log.Error("Unable to push deleted issue %d to issue indexer: %v", issueID, err)
+	}
+}
+
 // IsAvailable checks if issue indexer is available
 func IsAvailable(ctx context.Context) bool {
 	return (*globalIndexer.Load()).Ping(ctx) == nil
diff --git a/modules/indexer/issues/indexer_test.go b/modules/indexer/issues/indexer_test.go
index 3a913d8e79..2d7aa71236 100644
--- a/modules/indexer/issues/indexer_test.go
+++ b/modules/indexer/issues/indexer_test.go
@@ -4,7 +4,11 @@
 package issues
 
 import (
+	"path/filepath"
+	"slices"
+	"strings"
 	"testing"
+	"time"
 
 	"forgejo.org/models/db"
 	"forgejo.org/models/issues"
@@ -12,6 +16,7 @@ import (
 	"forgejo.org/modules/indexer/issues/internal"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -24,7 +29,7 @@ func TestMain(m *testing.M) {
 func TestDBSearchIssues(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
-	setting.Indexer.IssueType = "db"
+	defer test.MockVariableValue(&setting.Indexer.IssueType, "db")()
 	InitIssueIndexer(true)
 
 	t.Run("search issues with keyword", searchIssueWithKeyword)
@@ -414,3 +419,39 @@ func searchIssueWithPaginator(t *testing.T) {
 		assert.Equal(t, test.expectedTotal, total)
 	}
 }
+
+func TestBleveDeleteIssue(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	tmp := t.TempDir()
+	defer test.MockVariableValue(&setting.Indexer.IssuePath, filepath.Join(tmp, "indexers/issues.bleve"))()
+	defer test.MockVariableValue(&setting.Indexer.IssueType, "bleve")()
+	InitIssueIndexer(false)
+
+	ctx := t.Context()
+	issue := unittest.AssertExistsAndLoadBean(t, &issues.Issue{ID: 1})
+	UpdateIssueIndexer(ctx, issue.ID)
+
+	opts := &internal.SearchOptions{
+		RepoIDs: []int64{issue.RepoID},
+	}
+	opts.WithKeyword(ctx, "first")
+
+	assert.Eventually(t, func() bool {
+		ids, _, err := SearchIssues(ctx, opts)
+		if err != nil && strings.Contains(err.Error(), "not ready") {
+			return false
+		}
+		assert.NoError(t, err)
+
+		assert.NoError(t, err)
+		return slices.Contains(ids, issue.ID)
+	}, time.Second*5, time.Millisecond*100, "failed to update issue")
+
+	DeleteIssueIndexer(ctx, issue.ID)
+	assert.Eventually(t, func() bool {
+		ids, _, err := SearchIssues(ctx, opts)
+		assert.NoError(t, err)
+		return !slices.Contains(ids, issue.ID)
+	}, time.Second*5, time.Millisecond*100, "failed to delete issue")
+}
diff --git a/services/indexer/notify.go b/services/indexer/notify.go
index ddd89f733c..8362348a62 100644
--- a/services/indexer/notify.go
+++ b/services/indexer/notify.go
@@ -74,6 +74,10 @@ func (r *indexerNotifier) DeleteRepository(ctx context.Context, doer *user_model
 	}
 }
 
+func (r indexerNotifier) DeleteIssue(ctx context.Context, doer *user_model.User, issue *issues_model.Issue) {
+	issue_indexer.DeleteIssueIndexer(ctx, issue.ID)
+}
+
 func (r *indexerNotifier) MigrateRepository(ctx context.Context, doer, u *user_model.User, repo *repo_model.Repository) {
 	issue_indexer.UpdateRepoIndexer(ctx, repo.ID)
 	if setting.Indexer.RepoIndexerEnabled && !repo.IsEmpty {
diff --git a/services/issue/issue.go b/services/issue/issue.go
index 7a65d87cd4..ab42916017 100644
--- a/services/issue/issue.go
+++ b/services/issue/issue.go
@@ -198,6 +198,8 @@ func DeleteIssue(ctx context.Context, doer *user_model.User, gitRepo *git.Reposi
 		}
 	}
 
+	notify_service.DeleteIssue(ctx, doer, issue)
+
 	return nil
 }
 
diff --git a/services/notify/notifier.go b/services/notify/notifier.go
index e6598a9377..4d88a7ab95 100644
--- a/services/notify/notifier.go
+++ b/services/notify/notifier.go
@@ -30,6 +30,7 @@ type Notifier interface {
 
 	NewIssue(ctx context.Context, issue *issues_model.Issue, mentions []*user_model.User)
 	IssueChangeStatus(ctx context.Context, doer *user_model.User, commitID string, issue *issues_model.Issue, actionComment *issues_model.Comment, closeOrReopen bool)
+	DeleteIssue(ctx context.Context, doer *user_model.User, issue *issues_model.Issue)
 	IssueChangeMilestone(ctx context.Context, doer *user_model.User, issue *issues_model.Issue, oldMilestoneID int64)
 	IssueChangeAssignee(ctx context.Context, doer *user_model.User, issue *issues_model.Issue, assignee *user_model.User, removed bool, comment *issues_model.Comment)
 	PullRequestReviewRequest(ctx context.Context, doer *user_model.User, issue *issues_model.Issue, reviewer *user_model.User, isRequest bool, comment *issues_model.Comment)
diff --git a/services/notify/notify.go b/services/notify/notify.go
index 9fdde430c9..3ca704f717 100644
--- a/services/notify/notify.go
+++ b/services/notify/notify.go
@@ -76,6 +76,13 @@ func IssueChangeStatus(ctx context.Context, doer *user_model.User, commitID stri
 	}
 }
 
+// DeleteIssue notify when some issue deleted
+func DeleteIssue(ctx context.Context, doer *user_model.User, issue *issues_model.Issue) {
+	for _, notifier := range notifiers {
+		notifier.DeleteIssue(ctx, doer, issue)
+	}
+}
+
 // MergePullRequest notifies merge pull request to notifiers
 func MergePullRequest(ctx context.Context, doer *user_model.User, pr *issues_model.PullRequest) {
 	for _, notifier := range notifiers {
diff --git a/services/notify/null.go b/services/notify/null.go
index c0265e2a3e..9c76e5cbd3 100644
--- a/services/notify/null.go
+++ b/services/notify/null.go
@@ -37,6 +37,10 @@ func (*NullNotifier) NewIssue(ctx context.Context, issue *issues_model.Issue, me
 func (*NullNotifier) IssueChangeStatus(ctx context.Context, doer *user_model.User, commitID string, issue *issues_model.Issue, actionComment *issues_model.Comment, isClosed bool) {
 }
 
+// DeleteIssue notify when some issue deleted
+func (*NullNotifier) DeleteIssue(ctx context.Context, doer *user_model.User, issue *issues_model.Issue) {
+}
+
 // NewPullRequest places a place holder function
 func (*NullNotifier) NewPullRequest(ctx context.Context, pr *issues_model.PullRequest, mentions []*user_model.User) {
 }

From d499c3b132bd1fa756b0a58de08276a02da2ffe8 Mon Sep 17 00:00:00 2001
From: Oliver Eikemeier <eikemeier@fillmore-labs.com>
Date: Mon, 9 Mar 2026 23:36:47 +0100
Subject: [PATCH 472/854] chore: rename `AccessTokenError` to
 `AccessTokenErrorResponse` (#11595)

AccessTokenError is never used as a Go error. In fact, it is returned
as a *AccessTokenError (which would result in a `nil` error when cast).

Rename the struct to a more accurate name and remove the unused
`Error() string` method to prevent future confusion.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11595
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
Co-committed-by: Oliver Eikemeier <eikemeier@fillmore-labs.com>
---
 routers/web/auth/oauth.go       | 63 +++++++++++++++------------------
 tests/integration/oauth_test.go | 43 +++++++++-------------
 2 files changed, 46 insertions(+), 60 deletions(-)

diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 8e8ede0008..22d8c7b846 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -112,18 +112,13 @@ const (
 	AccessTokenErrorCodeInvalidScope = "invalid_scope"
 )
 
-// AccessTokenError represents an error response specified in RFC 6749
+// AccessTokenErrorResponse represents an error response specified in RFC 6749
 // https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
-type AccessTokenError struct {
+type AccessTokenErrorResponse struct {
 	ErrorCode        AccessTokenErrorCode `json:"error" form:"error"`
 	ErrorDescription string               `json:"error_description"`
 }
 
-// Error returns the error message
-func (err AccessTokenError) Error() string {
-	return fmt.Sprintf("%s: %s", err.ErrorCode, err.ErrorDescription)
-}
-
 // errCallback represents a oauth2 callback error
 type errCallback struct {
 	Code        string
@@ -154,10 +149,10 @@ type AccessTokenResponse struct {
 	IDToken      string    `json:"id_token,omitempty"`
 }
 
-func newAccessTokenResponse(ctx go_context.Context, grant *auth.OAuth2Grant, serverKey, clientKey jwtx.SigningKey) (*AccessTokenResponse, *AccessTokenError) {
+func newAccessTokenResponse(ctx go_context.Context, grant *auth.OAuth2Grant, serverKey, clientKey jwtx.SigningKey) (*AccessTokenResponse, *AccessTokenErrorResponse) {
 	if setting.OAuth2.InvalidateRefreshTokens {
 		if err := grant.IncreaseCounter(ctx); err != nil {
-			return nil, &AccessTokenError{
+			return nil, &AccessTokenErrorResponse{
 				ErrorCode:        AccessTokenErrorCodeInvalidGrant,
 				ErrorDescription: "cannot increase the grant counter",
 			}
@@ -174,7 +169,7 @@ func newAccessTokenResponse(ctx go_context.Context, grant *auth.OAuth2Grant, ser
 	}
 	signedAccessToken, err := accessToken.SignToken(serverKey)
 	if err != nil {
-		return nil, &AccessTokenError{
+		return nil, &AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 			ErrorDescription: "cannot sign token",
 		}
@@ -192,7 +187,7 @@ func newAccessTokenResponse(ctx go_context.Context, grant *auth.OAuth2Grant, ser
 	}
 	signedRefreshToken, err := refreshToken.SignToken(serverKey)
 	if err != nil {
-		return nil, &AccessTokenError{
+		return nil, &AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 			ErrorDescription: "cannot sign token",
 		}
@@ -203,7 +198,7 @@ func newAccessTokenResponse(ctx go_context.Context, grant *auth.OAuth2Grant, ser
 	if grant.ScopeContains("openid") {
 		app, err := auth.GetOAuth2ApplicationByID(ctx, grant.ApplicationID)
 		if err != nil {
-			return nil, &AccessTokenError{
+			return nil, &AccessTokenErrorResponse{
 				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 				ErrorDescription: "cannot find application",
 			}
@@ -211,13 +206,13 @@ func newAccessTokenResponse(ctx go_context.Context, grant *auth.OAuth2Grant, ser
 		user, err := user_model.GetUserByID(ctx, grant.UserID)
 		if err != nil {
 			if user_model.IsErrUserNotExist(err) {
-				return nil, &AccessTokenError{
+				return nil, &AccessTokenErrorResponse{
 					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 					ErrorDescription: "cannot find user",
 				}
 			}
 			log.Error("Error loading user: %v", err)
-			return nil, &AccessTokenError{
+			return nil, &AccessTokenErrorResponse{
 				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 				ErrorDescription: "server error",
 			}
@@ -251,7 +246,7 @@ func newAccessTokenResponse(ctx go_context.Context, grant *auth.OAuth2Grant, ser
 			groups, err := getOAuthGroupsForUser(ctx, user, onlyPublicGroups)
 			if err != nil {
 				log.Error("Error getting groups: %v", err)
-				return nil, &AccessTokenError{
+				return nil, &AccessTokenErrorResponse{
 					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 					ErrorDescription: "server error",
 				}
@@ -261,7 +256,7 @@ func newAccessTokenResponse(ctx go_context.Context, grant *auth.OAuth2Grant, ser
 
 		signedIDToken, err = idToken.SignToken(clientKey)
 		if err != nil {
-			return nil, &AccessTokenError{
+			return nil, &AccessTokenErrorResponse{
 				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 				ErrorDescription: "cannot sign token",
 			}
@@ -711,7 +706,7 @@ func AccessTokenOAuth(ctx *context.Context) {
 		if authType, authData, ok := strings.Cut(authHeader, " "); ok && strings.EqualFold(authType, "Basic") {
 			clientID, clientSecret, err := base.BasicAuthDecode(authData)
 			if err != nil {
-				handleAccessTokenError(ctx, AccessTokenError{
+				handleAccessTokenError(ctx, AccessTokenErrorResponse{
 					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 					ErrorDescription: "cannot parse basic auth header",
 				})
@@ -719,7 +714,7 @@ func AccessTokenOAuth(ctx *context.Context) {
 			}
 			// validate that any fields present in the form match the Basic auth header
 			if form.ClientID != "" && form.ClientID != clientID {
-				handleAccessTokenError(ctx, AccessTokenError{
+				handleAccessTokenError(ctx, AccessTokenErrorResponse{
 					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 					ErrorDescription: "client_id in request body inconsistent with Authorization header",
 				})
@@ -727,7 +722,7 @@ func AccessTokenOAuth(ctx *context.Context) {
 			}
 			form.ClientID = clientID
 			if form.ClientSecret != "" && form.ClientSecret != clientSecret {
-				handleAccessTokenError(ctx, AccessTokenError{
+				handleAccessTokenError(ctx, AccessTokenErrorResponse{
 					ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 					ErrorDescription: "client_secret in request body inconsistent with Authorization header",
 				})
@@ -743,7 +738,7 @@ func AccessTokenOAuth(ctx *context.Context) {
 		var err error
 		clientKey, err = jwtx.CreateSigningKey(serverKey.SigningMethod().Alg(), []byte(form.ClientSecret))
 		if err != nil {
-			handleAccessTokenError(ctx, AccessTokenError{
+			handleAccessTokenError(ctx, AccessTokenErrorResponse{
 				ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 				ErrorDescription: "Error creating signing key",
 			})
@@ -757,7 +752,7 @@ func AccessTokenOAuth(ctx *context.Context) {
 	case "authorization_code":
 		handleAuthorizationCode(ctx, form, serverKey, clientKey)
 	default:
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeUnsupportedGrantType,
 			ErrorDescription: "Only refresh_token or authorization_code grant type is supported",
 		})
@@ -767,7 +762,7 @@ func AccessTokenOAuth(ctx *context.Context) {
 func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, serverKey, clientKey jwtx.SigningKey) {
 	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
 	if err != nil {
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeInvalidClient,
 			ErrorDescription: fmt.Sprintf("cannot load client with client id: %q", form.ClientID),
 		})
@@ -782,7 +777,7 @@ func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, server
 		}
 		// "invalid_client ... Client authentication failed"
 		// https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeInvalidClient,
 			ErrorDescription: errorDescription,
 		})
@@ -791,7 +786,7 @@ func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, server
 
 	token, err := oauth2.ParseToken(form.RefreshToken, serverKey)
 	if err != nil {
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
 			ErrorDescription: "unable to parse refresh token",
 		})
@@ -800,7 +795,7 @@ func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, server
 	// get grant before increasing counter
 	grant, err := auth.GetOAuth2GrantByID(ctx, token.GrantID)
 	if err != nil || grant == nil {
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeInvalidGrant,
 			ErrorDescription: "grant does not exist",
 		})
@@ -809,7 +804,7 @@ func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, server
 
 	// check if token got already used
 	if setting.OAuth2.InvalidateRefreshTokens && (grant.Counter != token.Counter || token.Counter == 0) {
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
 			ErrorDescription: "token was already used",
 		})
@@ -827,7 +822,7 @@ func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, server
 func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, serverKey, clientKey jwtx.SigningKey) {
 	app, err := auth.GetOAuth2ApplicationByClientID(ctx, form.ClientID)
 	if err != nil {
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeInvalidClient,
 			ErrorDescription: fmt.Sprintf("cannot load client with client id: '%s'", form.ClientID),
 		})
@@ -838,14 +833,14 @@ func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, s
 		if form.ClientSecret == "" {
 			errorDescription = "invalid empty client secret"
 		}
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
 			ErrorDescription: errorDescription,
 		})
 		return
 	}
 	if form.RedirectURI != "" && !app.ContainsRedirectURI(form.RedirectURI) {
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
 			ErrorDescription: "unexpected redirect URI",
 		})
@@ -853,7 +848,7 @@ func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, s
 	}
 	authorizationCode, err := auth.GetOAuth2AuthorizationByCode(ctx, form.Code)
 	if err != nil || authorizationCode == nil {
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
 			ErrorDescription: "client is not authorized",
 		})
@@ -861,7 +856,7 @@ func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, s
 	}
 	// check if code verifier authorizes the client, PKCE support
 	if !authorizationCode.ValidateCodeChallenge(form.CodeVerifier) {
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
 			ErrorDescription: "failed PKCE code challenge",
 		})
@@ -869,7 +864,7 @@ func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, s
 	}
 	// check if granted for this application
 	if authorizationCode.Grant.ApplicationID != app.ID {
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeInvalidGrant,
 			ErrorDescription: "invalid grant",
 		})
@@ -877,7 +872,7 @@ func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, s
 	}
 	// remove token from database to deny duplicate usage
 	if err := authorizationCode.Invalidate(ctx); err != nil {
-		handleAccessTokenError(ctx, AccessTokenError{
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
 			ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 			ErrorDescription: "cannot proceed your request",
 		})
@@ -891,7 +886,7 @@ func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, s
 	ctx.JSON(http.StatusOK, resp)
 }
 
-func handleAccessTokenError(ctx *context.Context, acErr AccessTokenError) {
+func handleAccessTokenError(ctx *context.Context, acErr AccessTokenErrorResponse) {
 	ctx.JSON(http.StatusBadRequest, acErr)
 }
 
diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go
index 21a1ff561f..2533a64a3d 100644
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -249,8 +249,8 @@ func TestAccessTokenExchangeWithoutPKCE(t *testing.T) {
 		"code":          "authcode",
 	})
 	resp := MakeRequest(t, req, http.StatusBadRequest)
-	parsedError := new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	var parsedError auth.AccessTokenErrorResponse
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "failed PKCE code challenge", parsedError.ErrorDescription)
 }
@@ -267,8 +267,8 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp := MakeRequest(t, req, http.StatusBadRequest)
-	parsedError := new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	var parsedError auth.AccessTokenErrorResponse
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "invalid_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "cannot load client with client id: '???'", parsedError.ErrorDescription)
 
@@ -282,8 +282,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "invalid client secret", parsedError.ErrorDescription)
 
@@ -297,8 +296,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "unexpected redirect URI", parsedError.ErrorDescription)
 
@@ -312,8 +310,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "client is not authorized", parsedError.ErrorDescription)
 
@@ -327,8 +324,7 @@ func TestAccessTokenExchangeWithInvalidCredentials(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "unsupported_grant_type", string(parsedError.ErrorCode))
 	assert.Equal(t, "Only refresh_token or authorization_code grant type is supported", parsedError.ErrorDescription)
 }
@@ -364,8 +360,8 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) {
 	})
 	req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OmJsYWJsYQ==")
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError := new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	var parsedError auth.AccessTokenErrorResponse
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "invalid client secret", parsedError.ErrorDescription)
 
@@ -377,8 +373,7 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) {
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "invalid_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "cannot load client with client id: ''", parsedError.ErrorDescription)
 
@@ -391,8 +386,7 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) {
 	})
 	req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OjRNSzhOYTZSNTVzbWRDWTBXdUNDdW1aNmhqUlBuR1k1c2FXVlJISGpKaUE9")
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "invalid_request", string(parsedError.ErrorCode))
 	assert.Equal(t, "client_id in request body inconsistent with Authorization header", parsedError.ErrorDescription)
 
@@ -405,8 +399,7 @@ func TestAccessTokenExchangeWithBasicAuth(t *testing.T) {
 	})
 	req.Header.Add("Authorization", "Basic ZGE3ZGEzYmEtOWExMy00MTY3LTg1NmYtMzg5OWRlMGIwMTM4OjRNSzhOYTZSNTVzbWRDWTBXdUNDdW1aNmhqUlBuR1k1c2FXVlJISGpKaUE9")
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "invalid_request", string(parsedError.ErrorCode))
 	assert.Equal(t, "client_secret in request body inconsistent with Authorization header", parsedError.ErrorDescription)
 }
@@ -443,8 +436,8 @@ func TestRefreshTokenInvalidation(t *testing.T) {
 		"refresh_token": parsed.RefreshToken,
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError := new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	var parsedError auth.AccessTokenErrorResponse
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "invalid_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "invalid empty client secret", parsedError.ErrorDescription)
 
@@ -456,8 +449,7 @@ func TestRefreshTokenInvalidation(t *testing.T) {
 		"refresh_token": "UNEXPECTED",
 	})
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "unable to parse refresh token", parsedError.ErrorDescription)
 
@@ -486,8 +478,7 @@ func TestRefreshTokenInvalidation(t *testing.T) {
 	// repeat request should fail
 	req.Body = io.NopCloser(bytes.NewReader(bs))
 	resp = MakeRequest(t, req, http.StatusBadRequest)
-	parsedError = new(auth.AccessTokenError)
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsedError))
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "token was already used", parsedError.ErrorDescription)
 }

From e7d4ecadf32a7a789b42b1e28e87748a7f1f49ba Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Tue, 10 Mar 2026 01:20:00 +0100
Subject: [PATCH 473/854] feat: add more filters to actions run and tasks api
 (#11584)

The new filters are especially useful for status monotoring like kuma to have more relevant results.

The wrong status check seems to be a regression of #6300

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11584
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 models/actions/task_list.go           |   3 +-
 models/fixtures/action_run.yml        |  14 ++--
 routers/api/v1/repo/action.go         |  27 ++++++
 routers/api/v1/repo/action_test.go    | 113 ++++++++++++++++++++++++++
 services/contexttest/context_tests.go |   9 ++
 templates/swagger/v1_json.tmpl        |  25 ++++++
 6 files changed, 183 insertions(+), 8 deletions(-)
 create mode 100644 routers/api/v1/repo/action_test.go

diff --git a/models/actions/task_list.go b/models/actions/task_list.go
index 6c565410d9..f85e17b41b 100644
--- a/models/actions/task_list.go
+++ b/models/actions/task_list.go
@@ -1,4 +1,5 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
+// Copyright 2026 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package actions
@@ -70,7 +71,7 @@ func (opts FindTaskOptions) ToConds() builder.Cond {
 	if opts.CommitSHA != "" {
 		cond = cond.And(builder.Eq{"commit_sha": opts.CommitSHA})
 	}
-	if opts.Status != nil {
+	if len(opts.Status) > 0 {
 		cond = cond.And(builder.In("status", opts.Status))
 	}
 	if opts.UpdatedBefore > 0 {
diff --git a/models/fixtures/action_run.yml b/models/fixtures/action_run.yml
index 41559ef788..e37fb2f955 100644
--- a/models/fixtures/action_run.yml
+++ b/models/fixtures/action_run.yml
@@ -2,7 +2,7 @@
   id: 791
   title: "update actions"
   repo_id: 4
-  owner_id: 1
+  owner_id: 5
   workflow_id: "artifact.yaml"
   index: 187
   trigger_user_id: 1
@@ -210,7 +210,7 @@
   id: 792
   title: "update actions"
   repo_id: 4
-  owner_id: 1
+  owner_id: 5
   workflow_id: "artifact.yaml"
   index: 188
   trigger_user_id: 1
@@ -417,7 +417,7 @@
   id: 793
   title: "job output"
   repo_id: 4
-  owner_id: 1
+  owner_id: 5
   workflow_id: "test.yaml"
   index: 189
   trigger_user_id: 1
@@ -436,7 +436,7 @@
   id: 794
   title: "job output"
   repo_id: 4
-  owner_id: 1
+  owner_id: 5
   workflow_id: "test.yaml"
   index: 190
   trigger_user_id: 1
@@ -455,7 +455,7 @@
   id: 891
   title: "update actions"
   repo_id: 1
-  owner_id: 1
+  owner_id: 5
   workflow_id: "artifact.yaml"
   index: 187
   trigger_user_id: 1
@@ -538,7 +538,7 @@
   id: 895
   title: "job output"
   repo_id: 4
-  owner_id: 1
+  owner_id: 5
   workflow_id: "test.yaml"
   index: 191
   trigger_user_id: 1
@@ -558,7 +558,7 @@
   id: 896
   title: "job output"
   repo_id: 4
-  owner_id: 1
+  owner_id: 5
   workflow_id: "test.yaml"
   index: 192
   trigger_user_id: 1
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index 85726c72a1..ab049e4383 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -1,4 +1,5 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
+// Copyright 2026 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package repo
@@ -710,6 +711,15 @@ func ListActionTasks(ctx *context.APIContext) {
 	//   in: query
 	//   description: page size of results, default maximum page size is 50
 	//   type: integer
+	// - name: status
+	//   in: query
+	//   description: |
+	//     Returns workflow tasks with the check run status or conclusion that is specified.
+	// 		 For example, a conclusion can be success or a status can be in_progress.
+	//   type: array
+	//   items:
+	//     type: string
+	//     enum: [unknown, waiting, running, success, failure, cancelled, skipped, blocked]
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/TasksList"
@@ -724,9 +734,21 @@ func ListActionTasks(ctx *context.APIContext) {
 	//   "422":
 	//     "$ref": "#/responses/validationError"
 
+	statusStrs := ctx.FormStrings("status")
+	statuses := make([]actions_model.Status, len(statusStrs))
+	for i, s := range statusStrs {
+		if status, exists := actions_model.StatusFromString(s); exists {
+			statuses[i] = status
+		} else {
+			ctx.Error(http.StatusBadRequest, "StatusFromString", fmt.Sprintf("unknown status: %s", s))
+			return
+		}
+	}
+
 	tasks, total, err := db.FindAndCount[actions_model.ActionTask](ctx, &actions_model.FindTaskOptions{
 		ListOptions: utils.GetListOptions(ctx),
 		RepoID:      ctx.Repo.Repository.ID,
+		Status:      statuses,
 	})
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "ListActionTasks", err)
@@ -886,6 +908,10 @@ func ListActionRuns(ctx *context.APIContext) {
 	//   in: query
 	//   description: Only return workflow runs that involve the given Git reference, for example, `refs/heads/main`.
 	//   type: string
+	// - name: workflow_id
+	//   in: query
+	//   description: Only return workflow runs that involve the given workflow ID.
+	//   type: string
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/ActionRunList"
@@ -914,6 +940,7 @@ func ListActionRuns(ctx *context.APIContext) {
 		RunNumber:   ctx.FormInt64("run_number"),
 		CommitSHA:   ctx.FormString("head_sha"),
 		Ref:         ctx.FormString("ref"),
+		WorkflowID:  ctx.FormString("workflow_id"),
 	})
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "ListActionRuns", err)
diff --git a/routers/api/v1/repo/action_test.go b/routers/api/v1/repo/action_test.go
new file mode 100644
index 0000000000..80391ef640
--- /dev/null
+++ b/routers/api/v1/repo/action_test.go
@@ -0,0 +1,113 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package repo
+
+import (
+	"net/http"
+	"testing"
+
+	"forgejo.org/models/unittest"
+	api "forgejo.org/modules/structs"
+	"forgejo.org/services/contexttest"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestActions(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	t.Run("ListActionRuns", func(t *testing.T) {
+		t.Run("paging", func(t *testing.T) {
+			var runResp api.ListActionRunResponse
+			ctx, resp := contexttest.MockAPIContext(t, "user5/repo4/actions/runs")
+			contexttest.LoadRepo(t, ctx, 4)
+
+			ctx.SetFormString("limit", "1")
+			ctx.SetFormString("page", "1")
+
+			ListActionRuns(ctx)
+			assert.Equal(t, http.StatusOK, resp.Code)
+			contexttest.DecodeJSON(t, resp, &runResp)
+			assert.Len(t, runResp.Entries, 1)
+			assert.Equal(t, int64(6), runResp.TotalCount)
+		})
+
+		t.Run("invalid status filter", func(t *testing.T) {
+			ctx, resp := contexttest.MockAPIContext(t, "user5/repo4/actions/runs")
+			contexttest.LoadRepo(t, ctx, 4)
+
+			ctx.SetFormString("status", "some-invalid-value")
+			ListActionRuns(ctx)
+			assert.Equal(t, http.StatusBadRequest, resp.Code)
+		})
+
+		t.Run("filtered by status", func(t *testing.T) {
+			ctx, resp := contexttest.MockAPIContext(t, "user5/repo4/actions/runs")
+			contexttest.LoadRepo(t, ctx, 4)
+
+			ctx.SetFormString("status", "failure")
+
+			ListActionRuns(ctx)
+			assert.Equal(t, http.StatusOK, resp.Code)
+			var runResp api.ListActionRunResponse
+			contexttest.DecodeJSON(t, resp, &runResp)
+			assert.Len(t, runResp.Entries, 2)
+			assert.Equal(t, int64(2), runResp.TotalCount)
+		})
+
+		t.Run("filtered by workflow_id", func(t *testing.T) {
+			ctx, resp := contexttest.MockAPIContext(t, "user5/repo4/actions/runs")
+			contexttest.LoadRepo(t, ctx, 4)
+
+			ctx.SetFormString("workflow_id", "some.yml")
+
+			ListActionRuns(ctx)
+			assert.Equal(t, http.StatusOK, resp.Code)
+			var runResp api.ListActionRunResponse
+			contexttest.DecodeJSON(t, resp, &runResp)
+			assert.Empty(t, runResp.Entries)
+			assert.Equal(t, int64(0), runResp.TotalCount)
+		})
+	})
+
+	t.Run("ListActionTasks", func(t *testing.T) {
+		t.Run("paging", func(t *testing.T) {
+			var taskResp api.ActionTaskResponse
+			ctx, resp := contexttest.MockAPIContext(t, "user5/repo4/actions/tasks")
+			contexttest.LoadRepo(t, ctx, 4)
+
+			ctx.SetFormString("limit", "1")
+			ctx.SetFormString("page", "1")
+
+			ListActionTasks(ctx)
+			assert.Equal(t, http.StatusOK, resp.Code)
+			contexttest.DecodeJSON(t, resp, &taskResp)
+			assert.Len(t, taskResp.Entries, 1)
+			assert.Equal(t, int64(12), taskResp.TotalCount)
+		})
+
+		t.Run("invalid status filter", func(t *testing.T) {
+			ctx, resp := contexttest.MockAPIContext(t, "user5/repo4/actions/tasks")
+			contexttest.LoadRepo(t, ctx, 4)
+
+			ctx.SetFormString("status", "some-invalid-value")
+			ListActionTasks(ctx)
+			assert.Equal(t, http.StatusBadRequest, resp.Code)
+		})
+
+		t.Run("filtered by status", func(t *testing.T) {
+			ctx, resp := contexttest.MockAPIContext(t, "user5/repo4/actions/tasks")
+			contexttest.LoadRepo(t, ctx, 4)
+
+			ctx.SetFormString("status", "failure")
+
+			ListActionTasks(ctx)
+			assert.Equal(t, http.StatusOK, resp.Code)
+			var taskResp api.ActionTaskResponse
+			contexttest.DecodeJSON(t, resp, &taskResp)
+			assert.Len(t, taskResp.Entries, 2)
+			assert.Equal(t, int64(2), taskResp.TotalCount)
+		})
+	})
+}
diff --git a/services/contexttest/context_tests.go b/services/contexttest/context_tests.go
index a4e674a896..0da87ca35c 100644
--- a/services/contexttest/context_tests.go
+++ b/services/contexttest/context_tests.go
@@ -1,4 +1,5 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2026 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 // Package contexttest provides utilities for testing Web/API contexts with models.
@@ -21,6 +22,7 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/gitrepo"
+	"forgejo.org/modules/json"
 	"forgejo.org/modules/templates"
 	"forgejo.org/modules/translation"
 	"forgejo.org/modules/web/middleware"
@@ -206,3 +208,10 @@ func (tr *MockRender) HTML(w io.Writer, status int, _ string, _ any, _ gocontext
 	}
 	return nil
 }
+
+func DecodeJSON(t testing.TB, resp *httptest.ResponseRecorder, v any) {
+	t.Helper()
+
+	decoder := json.NewDecoder(resp.Body)
+	require.NoError(t, decoder.Decode(v))
+}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index d72142016a..7a800cc171 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -5787,6 +5787,12 @@
             "description": "Only return workflow runs that involve the given Git reference, for example, `refs/heads/main`.",
             "name": "ref",
             "in": "query"
+          },
+          {
+            "type": "string",
+            "description": "Only return workflow runs that involve the given workflow ID.",
+            "name": "workflow_id",
+            "in": "query"
           }
         ],
         "responses": {
@@ -6042,6 +6048,25 @@
             "description": "page size of results, default maximum page size is 50",
             "name": "limit",
             "in": "query"
+          },
+          {
+            "type": "array",
+            "items": {
+              "enum": [
+                "unknown",
+                "waiting",
+                "running",
+                "success",
+                "failure",
+                "cancelled",
+                "skipped",
+                "blocked"
+              ],
+              "type": "string"
+            },
+            "description": "Returns workflow tasks with the check run status or conclusion that is specified.\n For example, a conclusion can be success or a status can be in_progress.\n",
+            "name": "status",
+            "in": "query"
           }
         ],
         "responses": {

From c564867439b1a4f89dc3cd3cc5dee5be771c8cc1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 10 Mar 2026 02:04:22 +0100
Subject: [PATCH 474/854] Update dependency katex to v0.16.37 (forgejo)
 (#11599)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11599
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 186a33c1e7..dc878eae7c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -54,7 +54,7 @@
         "htmx.org": "2.0.8",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
-        "katex": "0.16.35",
+        "katex": "0.16.37",
         "mermaid": "11.12.3",
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.4",
@@ -10516,9 +10516,9 @@
       "license": "MIT"
     },
     "node_modules/katex": {
-      "version": "0.16.35",
-      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.35.tgz",
-      "integrity": "sha512-S0+riEvy1CK4VKse1ivMff8gmabe/prY7sKB3njjhyoLLsNFDQYtKNgXrbWUggGDCJBz7Fctl5i8fLCESHXzSg==",
+      "version": "0.16.37",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.37.tgz",
+      "integrity": "sha512-TIGjO2cCGYono+uUzgkE7RFF329mLLWGuHUlSr6cwIVj9O8f0VQZ783rsanmJpFUo32vvtj7XT04NGRPh+SZFg==",
       "funding": [
         "https://opencollective.com/katex",
         "https://github.com/sponsors/katex"
diff --git a/package.json b/package.json
index 8c6f590243..c1b132a8eb 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
     "htmx.org": "2.0.8",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
-    "katex": "0.16.35",
+    "katex": "0.16.37",
     "mermaid": "11.12.3",
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.4",

From f93d2cb261abbfe9f377d4a5b424a4d88c8b1610 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 10 Mar 2026 02:50:28 +0100
Subject: [PATCH 475/854] ci: detect and prevent empty `case` statements in Go
 code (#11593)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

One of the security patches released 2026-03-09 [fixed a vulnerability](https://codeberg.org/forgejo/forgejo/pulls/11513/commits/d1c7b04d09f6a13896eaa1322ac690b2021539da) caused by a misapplication of Go `case` statements, where the implementation would have been correct if Go `case` statements automatically fall through to the next case block, but they do not.  This PR adds a semgrep rule which detects any empty `case` statement and raises an error, in order to prevent this coding mistake in the future.

For example, code like this will now trigger a build error:
```go
	switch setting.Protocol {
	case setting.HTTPUnix:
	case setting.FCGI:
	case setting.FCGIUnix:
	default:
		defaultLocalURL := string(setting.Protocol) + "://"
	}
```

Example error:
```
    cmd/web.go
   ❯❯❱ semgrep.config.forgejo-switch-empty-case
          switch has a case block with no content. This is treated as "break" by Go, but developers may
          confuse it for "fallthrough".  To fix this error, disambiguate by using "break" or
          "fallthrough".

          279┆ switch setting.Protocol {
          280┆ case setting.HTTPUnix:
          281┆ case setting.FCGI:
          282┆ case setting.FCGIUnix:
          283┆ default:
          284┆   defaultLocalURL := string(setting.Protocol) + "://"
          285┆   if setting.HTTPAddr == "0.0.0.0" {
          286┆           defaultLocalURL += "localhost"
          287┆   } else {
          288┆           defaultLocalURL += setting.HTTPAddr
```

As described in the error output, this error can be fixed by explicitly listing `break` (the real Go behaviour, to do nothing in the block), or by listing `fallthrough` (if the intent was to fall through).

All existing code triggering this detection has been changed to `break` (or, rarely, irrelevant cases have been removed), which should maintain the same code functionality.  While performing this fixup, a light analysis was performed on each case and they *appeared* correct, but with ~65 cases I haven't gone into extreme depth.

Tests are present for the semgrep rule in `.semgrep/tests/go.go`.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11593
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .semgrep/config/go.yaml                     | 18 +++++++++
 .semgrep/tests/go.go                        | 44 +++++++++++++++++++++
 cmd/forgejo/forgejo.go                      |  2 +
 cmd/web.go                                  |  3 ++
 models/gitea_migrations/v1_13/v151.go       |  1 +
 models/packages/descriptor.go               |  2 +
 modules/eventsource/manager.go              |  2 +
 modules/eventsource/manager_run.go          |  4 ++
 modules/eventsource/messenger.go            |  2 +
 modules/git/diff.go                         |  1 +
 modules/git/pushoptions/pushoptions.go      |  8 +---
 modules/git/repo_stats.go                   |  1 +
 modules/graceful/manager.go                 |  2 +
 modules/graceful/manager_common.go          |  1 +
 modules/indexer/code/indexer.go             |  2 +
 modules/indexer/issues/indexer.go           |  2 +
 modules/log/event_writer_base.go            |  3 ++
 modules/log/logger_impl.go                  |  1 +
 modules/markup/html.go                      |  1 +
 modules/migration/retry_downloader.go       |  1 +
 modules/proxyprotocol/conn.go               |  9 +++--
 modules/queue/workergroup.go                |  7 ++++
 modules/queue/workerqueue.go                |  1 +
 modules/setting/cache.go                    |  1 +
 modules/setting/incoming_email.go           |  1 +
 modules/setting/mailer.go                   |  1 +
 modules/templates/helper.go                 |  1 +
 modules/templates/util_date.go              |  1 +
 modules/translation/i18n/localestore.go     |  2 +
 modules/translation/localeiter/utils.go     |  2 +
 routers/api/packages/chef/auth.go           |  1 +
 routers/api/v1/repo/repo.go                 |  1 +
 routers/web/admin/diagnosis.go              |  2 +
 routers/web/admin/queue_tester.go           |  3 ++
 routers/web/auth/oauth.go                   |  1 +
 routers/web/repo/repo.go                    |  1 +
 routers/web/user/home.go                    |  4 +-
 routers/web/user/package.go                 |  2 -
 services/actions/job_emitter.go             |  1 +
 services/convert/activitypub_user_action.go |  7 ----
 services/mailer/incoming/incoming.go        |  2 +
 services/migrations/github.go               |  1 +
 services/pull/patch_unmerged.go             |  1 +
 services/repository/gitgraph/parser.go      |  2 +-
 services/task/migrate.go                    |  1 +
 45 files changed, 135 insertions(+), 22 deletions(-)
 create mode 100644 .semgrep/config/go.yaml
 create mode 100644 .semgrep/tests/go.go

diff --git a/.semgrep/config/go.yaml b/.semgrep/config/go.yaml
new file mode 100644
index 0000000000..f73e5e43d7
--- /dev/null
+++ b/.semgrep/config/go.yaml
@@ -0,0 +1,18 @@
+rules:
+  - id: forgejo-switch-empty-case
+    pattern-either:
+      - pattern: |-
+          switch $_ {
+            case $_:
+          }
+      - patterns:
+        - pattern: |-
+            switch {
+              case $_:
+            }
+    languages:
+      - go
+    severity: ERROR
+    message: >
+      switch has a case block with no content. This is treated as "break" by Go, but developers may confuse it for
+      "fallthrough".  To fix this error, disambiguate by using "break" or "fallthrough".
diff --git a/.semgrep/tests/go.go b/.semgrep/tests/go.go
new file mode 100644
index 0000000000..14c9a31912
--- /dev/null
+++ b/.semgrep/tests/go.go
@@ -0,0 +1,44 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package cmd
+
+import (
+	"context"
+	"os"
+	"os/signal"
+	"strings"
+	"syscall"
+
+	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
+
+	"forgejo.org/modules/setting"
+)
+
+func setPortEmptyCaseBad(port string) error {
+	setting.AppURL = strings.Replace(setting.AppURL, setting.HTTPPort, port, 1)
+	setting.HTTPPort = port
+
+	// ruleid:forgejo-switch-empty-case
+	switch setting.Protocol {
+	case setting.HTTPUnix:
+	case setting.FCGI:
+	case setting.FCGIUnix:
+	default:
+		defaultLocalURL := string(setting.Protocol) + "://"
+	}
+
+	// ok:forgejo-switch-empty-case
+	switch setting.Protocol {
+	case setting.HTTPUnix:
+		break
+	case setting.FCGI:
+		break
+	case setting.FCGIUnix:
+		break
+	default:
+		defaultLocalURL := string(setting.Protocol) + "://"
+	}
+
+	return nil
+}
diff --git a/cmd/forgejo/forgejo.go b/cmd/forgejo/forgejo.go
index 171ef1a71d..7b59eaab15 100644
--- a/cmd/forgejo/forgejo.go
+++ b/cmd/forgejo/forgejo.go
@@ -126,7 +126,9 @@ func installSignals(ctx context.Context) (context.Context, context.CancelFunc) {
 		)
 		select {
 		case <-signalChannel:
+			break
 		case <-ctx.Done():
+			break
 		}
 		cancel()
 		signal.Reset()
diff --git a/cmd/web.go b/cmd/web.go
index 12a8cac797..683b19c82a 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -278,8 +278,11 @@ func setPort(port string) error {
 
 	switch setting.Protocol {
 	case setting.HTTPUnix:
+		break
 	case setting.FCGI:
+		break
 	case setting.FCGIUnix:
+		break
 	default:
 		defaultLocalURL := string(setting.Protocol) + "://"
 		if setting.HTTPAddr == "0.0.0.0" {
diff --git a/models/gitea_migrations/v1_13/v151.go b/models/gitea_migrations/v1_13/v151.go
index a464e6e7a7..09abfd4b9e 100644
--- a/models/gitea_migrations/v1_13/v151.go
+++ b/models/gitea_migrations/v1_13/v151.go
@@ -25,6 +25,7 @@ func SetDefaultPasswordToArgon2(x *xorm.Engine) error {
 		return err
 	case setting.Database.Type.IsSQLite3():
 		// drop through
+		break
 	default:
 		log.Fatal("Unrecognized DB")
 	}
diff --git a/models/packages/descriptor.go b/models/packages/descriptor.go
index 19e0e8f5d5..947144ec54 100644
--- a/models/packages/descriptor.go
+++ b/models/packages/descriptor.go
@@ -174,8 +174,10 @@ func GetPackageDescriptor(ctx context.Context, pv *PackageVersion) (*PackageDesc
 		metadata = &debian.Metadata{}
 	case TypeGeneric:
 		// generic packages have no metadata
+		break
 	case TypeGo:
 		// go packages have no metadata
+		break
 	case TypeHelm:
 		metadata = &helm.Metadata{}
 	case TypeNuGet:
diff --git a/modules/eventsource/manager.go b/modules/eventsource/manager.go
index 730cacd940..e0d7ab78c4 100644
--- a/modules/eventsource/manager.go
+++ b/modules/eventsource/manager.go
@@ -39,7 +39,9 @@ func (m *Manager) Register(uid int64) <-chan *Event {
 	}
 	select {
 	case m.connection <- struct{}{}:
+		break
 	default:
+		break
 	}
 	m.mutex.Unlock()
 	return messenger.Register()
diff --git a/modules/eventsource/manager_run.go b/modules/eventsource/manager_run.go
index 0eaee5dc3c..48500feafc 100644
--- a/modules/eventsource/manager_run.go
+++ b/modules/eventsource/manager_run.go
@@ -47,7 +47,9 @@ loop:
 				// empty the connection channel
 				select {
 				case <-m.connection:
+					break
 				default:
+					break
 				}
 			}
 			m.mutex.Unlock()
@@ -63,7 +65,9 @@ loop:
 					// We won't change the "then" time because there could be concurrency issues
 					select {
 					case <-timer.C:
+						break
 					default:
+						break
 					}
 					continue
 				}
diff --git a/modules/eventsource/messenger.go b/modules/eventsource/messenger.go
index 378e717126..380cb13f20 100644
--- a/modules/eventsource/messenger.go
+++ b/modules/eventsource/messenger.go
@@ -62,7 +62,9 @@ func (m *Messenger) SendMessage(message *Event) {
 		channel := m.channels[i]
 		select {
 		case channel <- message:
+			break
 		default:
+			break
 		}
 	}
 }
diff --git a/modules/git/diff.go b/modules/git/diff.go
index f745531edd..507dc5b2f5 100644
--- a/modules/git/diff.go
+++ b/modules/git/diff.go
@@ -221,6 +221,7 @@ func CutDiffAroundLine(originalDiff io.Reader, line int64, old bool, numbersOfLi
 				}
 			case '\\':
 				// FIXME: handle `\ No newline at end of file`
+				break
 			default:
 				currentLine++
 				otherLine++
diff --git a/modules/git/pushoptions/pushoptions.go b/modules/git/pushoptions/pushoptions.go
index e96ba0a339..3fa2e01c44 100644
--- a/modules/git/pushoptions/pushoptions.go
+++ b/modules/git/pushoptions/pushoptions.go
@@ -65,12 +65,8 @@ func (o *gitPushOptions) Parse(data string) bool {
 		value = "true"
 	}
 	switch Key(key) {
-	case RepoPrivate:
-	case RepoTemplate:
-	case AgitTopic:
-	case AgitForcePush:
-	case AgitTitle:
-	case AgitDescription:
+	case RepoPrivate, RepoTemplate, AgitTopic, AgitForcePush, AgitTitle, AgitDescription:
+		break
 	default:
 		return false
 	}
diff --git a/modules/git/repo_stats.go b/modules/git/repo_stats.go
index ef0865e3d3..881acdafcf 100644
--- a/modules/git/repo_stats.go
+++ b/modules/git/repo_stats.go
@@ -98,6 +98,7 @@ func (repo *Repository) GetCodeActivityStats(fromTime time.Time, branch string)
 				}
 				switch p {
 				case 1: // Separator
+					break
 				case 2: // Commit sha-1
 					stats.CommitCount++
 				case 3: // Author
diff --git a/modules/graceful/manager.go b/modules/graceful/manager.go
index db5738c94c..3b0115c51c 100644
--- a/modules/graceful/manager.go
+++ b/modules/graceful/manager.go
@@ -164,6 +164,7 @@ func (g *Manager) doHammerTime(d time.Duration) {
 	g.lock.Lock()
 	select {
 	case <-g.hammerCtx.Done():
+		break
 	default:
 		log.Warn("Setting Hammer condition")
 		g.hammerCtxCancel()
@@ -180,6 +181,7 @@ func (g *Manager) doTerminate() {
 	g.lock.Lock()
 	select {
 	case <-g.terminateCtx.Done():
+		break
 	default:
 		log.Warn("Terminating")
 		g.terminateCtxCancel()
diff --git a/modules/graceful/manager_common.go b/modules/graceful/manager_common.go
index 892957e93f..87f18e382f 100644
--- a/modules/graceful/manager_common.go
+++ b/modules/graceful/manager_common.go
@@ -86,6 +86,7 @@ func (g *Manager) DoGracefulShutdown() {
 	g.lock.Lock()
 	select {
 	case <-g.shutdownRequested:
+		break
 	default:
 		close(g.shutdownRequested)
 	}
diff --git a/modules/indexer/code/indexer.go b/modules/indexer/code/indexer.go
index a3e20e1d5a..a414c40d0e 100644
--- a/modules/indexer/code/indexer.go
+++ b/modules/indexer/code/indexer.go
@@ -215,7 +215,9 @@ func Init() {
 		}
 		select {
 		case waitChannel <- time.Since(start):
+			break
 		case <-graceful.GetManager().IsShutdown():
+			break
 		}
 
 		close(waitChannel)
diff --git a/modules/indexer/issues/indexer.go b/modules/indexer/issues/indexer.go
index dd7102713c..81ffcaaf5d 100644
--- a/modules/indexer/issues/indexer.go
+++ b/modules/indexer/issues/indexer.go
@@ -141,7 +141,9 @@ func InitIssueIndexer(syncReindex bool) {
 	if syncReindex {
 		select {
 		case <-indexerInitWaitChannel:
+			break
 		case <-graceful.GetManager().IsShutdown():
+			break
 		}
 	} else if setting.Indexer.StartupTimeout > 0 {
 		go func() {
diff --git a/modules/log/event_writer_base.go b/modules/log/event_writer_base.go
index 4de2b953c7..561166b2ad 100644
--- a/modules/log/event_writer_base.go
+++ b/modules/log/event_writer_base.go
@@ -80,7 +80,9 @@ func (b *EventWriterBaseImpl) Run(ctx context.Context) {
 		if pause := b.GetPauseChan(); pause != nil {
 			select {
 			case <-pause:
+				break
 			case <-ctx.Done():
+				break
 			}
 		}
 	}
@@ -178,6 +180,7 @@ func eventWriterStopWait(w EventWriter) {
 	close(w.Base().Queue)
 	select {
 	case <-w.Base().stopped:
+		break
 	case <-time.After(2 * time.Second):
 		FallbackErrorf("unable to stop log writer %q in time, skip", w.GetWriterName())
 	}
diff --git a/modules/log/logger_impl.go b/modules/log/logger_impl.go
index 76d7e6a821..9f25f9f7fb 100644
--- a/modules/log/logger_impl.go
+++ b/modules/log/logger_impl.go
@@ -58,6 +58,7 @@ func (l *LoggerImpl) SendLogEvent(event *Event) {
 		}
 		select {
 		case w.Base().Queue <- formatted:
+			break
 		default:
 			bs, _ := json.Marshal(event)
 			FallbackErrorf("log writer %q queue is full, event: %v", w.GetWriterName(), string(bs))
diff --git a/modules/markup/html.go b/modules/markup/html.go
index 7f16502d5e..d60021bfbb 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -742,6 +742,7 @@ func shortLinkProcessor(ctx *RenderContext, node *html.Node) {
 		// fast path: empty string, ignore
 		case "":
 			// leave image as false
+			break
 		case ".jpg", ".jpeg", ".png", ".tif", ".tiff", ".webp", ".gif", ".bmp", ".ico", ".svg":
 			image = true
 		}
diff --git a/modules/migration/retry_downloader.go b/modules/migration/retry_downloader.go
index 1cacf5f375..ef3d78a5d9 100644
--- a/modules/migration/retry_downloader.go
+++ b/modules/migration/retry_downloader.go
@@ -44,6 +44,7 @@ func (d *RetryDownloader) retry(work func() error) error {
 		case <-d.ctx.Done():
 			return d.ctx.Err()
 		case <-time.After(time.Second * time.Duration(d.RetryDelay)):
+			break
 		}
 	}
 	return err
diff --git a/modules/proxyprotocol/conn.go b/modules/proxyprotocol/conn.go
index 9434fa88a1..8414b8af35 100644
--- a/modules/proxyprotocol/conn.go
+++ b/modules/proxyprotocol/conn.go
@@ -259,9 +259,10 @@ func (p *Conn) readV2ProxyHeader() error {
 		p.localAddr = p.conn.RemoteAddr()
 		return nil
 	case 0x1:
-	// - \x1 : PROXY : the connection was established on behalf of another node,
-	//   and reflects the original connection endpoints. The receiver must then use
-	//   the information provided in the protocol block to get original the address.
+		// - \x1 : PROXY : the connection was established on behalf of another node,
+		//   and reflects the original connection endpoints. The receiver must then use
+		//   the information provided in the protocol block to get original the address.
+		break
 	default:
 		// - other values are unassigned and must not be emitted by senders. Receivers
 		//   must drop connections presenting unexpected values here.
@@ -466,7 +467,9 @@ func (p *Conn) readV1ProxyHeader() error {
 		p.localAddr = p.conn.RemoteAddr()
 		return nil
 	case "TCP4":
+		break
 	case "TCP6":
+		break
 	default:
 		p.conn.Close()
 		return &ErrBadAddressType{parts[1]}
diff --git a/modules/queue/workergroup.go b/modules/queue/workergroup.go
index 3fb821ce69..2d1228db2c 100644
--- a/modules/queue/workergroup.go
+++ b/modules/queue/workergroup.go
@@ -56,6 +56,7 @@ func (q *WorkerPoolQueue[T]) doDispatchBatchToWorker(wg *workerGroup[T], flushCh
 	full := false
 	select {
 	case q.batchChan <- batch:
+		break
 	default:
 		full = true
 	}
@@ -76,6 +77,7 @@ func (q *WorkerPoolQueue[T]) doDispatchBatchToWorker(wg *workerGroup[T], flushCh
 	if full {
 		select {
 		case q.batchChan <- batch:
+			break
 		case flush := <-flushChan:
 			q.doWorkerHandle(batch)
 			q.doFlush(wg, flush)
@@ -105,7 +107,9 @@ func (q *WorkerPoolQueue[T]) doWorkerHandle(batch []T) {
 		log.Error("Queue %q failed to handle batch of %d items, backoff for a few seconds", q.GetName(), len(batch))
 		select {
 		case <-q.ctxRun.Done():
+			break
 		case <-time.After(time.Duration(unhandledItemRequeueDuration.Load())):
+			break
 		}
 	}
 	for _, item := range unhandled {
@@ -170,7 +174,9 @@ func (q *WorkerPoolQueue[T]) doStartNewWorker(wp *workerGroup[T]) {
 				t.Reset(workerIdleDuration)
 				select {
 				case <-t.C:
+					break
 				default:
+					break
 				}
 			case <-t.C:
 				q.workerNumMu.Lock()
@@ -296,6 +302,7 @@ func (q *WorkerPoolQueue[T]) doRun() {
 			go func() { wg.wg.Wait(); close(workerDone) }()
 			select {
 			case <-workerDone:
+				break
 			case <-time.After(shutdownTimeout):
 				log.Error("Queue %q is shutting down, but workers are still running after timeout", q.GetName())
 			}
diff --git a/modules/queue/workerqueue.go b/modules/queue/workerqueue.go
index 6a71fc4fb4..c340bafa50 100644
--- a/modules/queue/workerqueue.go
+++ b/modules/queue/workerqueue.go
@@ -110,6 +110,7 @@ func (q *WorkerPoolQueue[T]) FlushWithContext(ctx context.Context, timeout time.
 	// if it blocks, it means that there is a flush in progress or the queue hasn't been started yet
 	select {
 	case q.flushChan <- c:
+		break
 	case <-ctx.Done():
 		return ctx.Err()
 	case <-q.ctxRun.Done():
diff --git a/modules/setting/cache.go b/modules/setting/cache.go
index cdc7e1a971..519a236599 100644
--- a/modules/setting/cache.go
+++ b/modules/setting/cache.go
@@ -53,6 +53,7 @@ func loadCacheFrom(rootCfg ConfigProvider) {
 	CacheService.Adapter = sec.Key("ADAPTER").In("memory", []string{"memory", "redis", "memcache", "twoqueue"})
 	switch CacheService.Adapter {
 	case "memory":
+		break
 	case "redis", "memcache":
 		CacheService.Conn = strings.Trim(sec.Key("HOST").String(), "\" ")
 	case "twoqueue":
diff --git a/modules/setting/incoming_email.go b/modules/setting/incoming_email.go
index a890a4a328..47fc2e560d 100644
--- a/modules/setting/incoming_email.go
+++ b/modules/setting/incoming_email.go
@@ -82,6 +82,7 @@ func checkReplyToAddress() error {
 	case 0:
 		return fmt.Errorf("%s must appear in the user part of the address (before the @)", IncomingEmail.TokenPlaceholder)
 	case 1:
+		break
 	default:
 		return fmt.Errorf("%s must appear only once", IncomingEmail.TokenPlaceholder)
 	}
diff --git a/modules/setting/mailer.go b/modules/setting/mailer.go
index b43484a90f..a84758c505 100644
--- a/modules/setting/mailer.go
+++ b/modules/setting/mailer.go
@@ -235,6 +235,7 @@ func loadMailerFrom(rootCfg ConfigProvider) {
 			}
 		}
 	case "dummy": // just mention and do nothing
+		break
 	}
 
 	if MailService.From != "" {
diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index 693ef90d65..a6235c37ba 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -229,6 +229,7 @@ func HTMLFormat(s string, rawArgs ...any) template.HTML {
 		switch v := v.(type) {
 		case nil, bool, int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64, float32, float64, template.HTML:
 			// for most basic types (including template.HTML which is safe), just do nothing and use it
+			break
 		case string:
 			args[i] = template.HTMLEscapeString(v)
 		case fmt.Stringer:
diff --git a/modules/templates/util_date.go b/modules/templates/util_date.go
index 839d2701ef..982a1b8050 100644
--- a/modules/templates/util_date.go
+++ b/modules/templates/util_date.go
@@ -75,6 +75,7 @@ func anyToTime(any any) (t time.Time, isZero bool) {
 	switch v := any.(type) {
 	case nil:
 		// it is zero
+		break
 	case *time.Time:
 		if v != nil {
 			t = *v
diff --git a/modules/translation/i18n/localestore.go b/modules/translation/i18n/localestore.go
index fc27c75d13..89361088a4 100644
--- a/modules/translation/i18n/localestore.go
+++ b/modules/translation/i18n/localestore.go
@@ -145,6 +145,7 @@ func (l *locale) LookupPluralByForm(trKey string, pluralForm PluralFormIndex) st
 		suffix = PluralFormSeparator + "many"
 	case PluralFormOther:
 		// No suffix for the "other" string.
+		break
 	default:
 		log.Error("Invalid plural form index %d", pluralForm)
 		return ""
@@ -248,6 +249,7 @@ func PrepareArgsForHTML(trArgs ...any) []any {
 		switch v := v.(type) {
 		case nil, bool, int, int8, int16, int32, int64, uint, uint8, uint16, uint32, uint64, float32, float64, template.HTML:
 			// for most basic types (including template.HTML which is safe), just do nothing and use it
+			break
 		case string:
 			args[i] = template.HTMLEscapeString(v)
 		case fmt.Stringer:
diff --git a/modules/translation/localeiter/utils.go b/modules/translation/localeiter/utils.go
index de398258e2..cda20df1bb 100644
--- a/modules/translation/localeiter/utils.go
+++ b/modules/translation/localeiter/utils.go
@@ -56,6 +56,7 @@ func iterateMessagesNextInner(onMsgid func(string, string, string) error, data m
 				pluralSuffix = key
 			case "other":
 				// do nothing
+				break
 			default:
 				realKey = fullKey
 			}
@@ -71,6 +72,7 @@ func iterateMessagesNextInner(onMsgid func(string, string, string) error, data m
 
 		case nil:
 			// do nothing
+			break
 
 		default:
 			return fmt.Errorf("Unexpected JSON type: %s - %T", fullKey, value)
diff --git a/routers/api/packages/chef/auth.go b/routers/api/packages/chef/auth.go
index 7263cf13bb..62523df02d 100644
--- a/routers/api/packages/chef/auth.go
+++ b/routers/api/packages/chef/auth.go
@@ -141,6 +141,7 @@ func getSignVersion(req *http.Request) (string, error) {
 
 	switch m[1] {
 	case "1.0", "1.1", "1.2", "1.3":
+		break
 	default:
 		return "", util.NewInvalidArgumentErrorf("unsupported version")
 	}
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index e182f207f9..5f24f44f90 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -176,6 +176,7 @@ func Search(ctx *context.APIContext) {
 		opts.Mirror = optional.Some(false)
 		opts.Collaborate = optional.Some(true)
 	case "":
+		break
 	default:
 		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("Invalid search mode: \"%s\"", mode))
 		return
diff --git a/routers/web/admin/diagnosis.go b/routers/web/admin/diagnosis.go
index 8b0ec45214..abd35448f0 100644
--- a/routers/web/admin/diagnosis.go
+++ b/routers/web/admin/diagnosis.go
@@ -54,7 +54,9 @@ func MonitorDiagnosis(ctx *context.Context) {
 
 	select {
 	case <-time.After(time.Duration(seconds) * time.Second):
+		break
 	case <-ctx.Done():
+		break
 	}
 	pprof.StopCPUProfile()
 	trace.Stop()
diff --git a/routers/web/admin/queue_tester.go b/routers/web/admin/queue_tester.go
index 831947fe41..9bcd61592d 100644
--- a/routers/web/admin/queue_tester.go
+++ b/routers/web/admin/queue_tester.go
@@ -34,7 +34,9 @@ func initTestQueueOnce() {
 			for range t {
 				select {
 				case <-graceful.GetManager().ShutdownContext().Done():
+					break
 				case <-time.After(5 * time.Second):
+					break
 				}
 			}
 			return nil
@@ -56,6 +58,7 @@ func initTestQueueOnce() {
 			for {
 				select {
 				case <-ctx.Done():
+					break
 				case <-time.After(500 * time.Millisecond):
 					if adding {
 						if testQueue.GetQueueItemNumber() == qs.Length {
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 22d8c7b846..a53e718aa9 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -1418,6 +1418,7 @@ func generateCodeChallenge(ctx *context.Context, provider string) (codeChallenge
 	case *openidConnect.Provider, *fitbit.Provider, *zoom.Provider:
 		// those providers forward the `code_verifier`
 		// a code_challenge can be generated
+		break
 	}
 
 	codeVerifier := util.CryptoRandomString(util.RandomStringHigh)
diff --git a/routers/web/repo/repo.go b/routers/web/repo/repo.go
index eca4c5f5e7..6b6ec55720 100644
--- a/routers/web/repo/repo.go
+++ b/routers/web/repo/repo.go
@@ -634,6 +634,7 @@ func SearchRepo(ctx *context.Context) {
 		opts.Mirror = optional.Some(false)
 		opts.Collaborate = optional.Some(true)
 	case "":
+		break
 	default:
 		ctx.Error(http.StatusUnprocessableEntity, fmt.Sprintf("Invalid search mode: \"%s\"", mode))
 		return
diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index 3bd118e06c..9c40236475 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -511,8 +511,6 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) {
 	}
 
 	switch filterMode {
-	case issues_model.FilterModeAll:
-	case issues_model.FilterModeYourRepositories:
 	case issues_model.FilterModeAssign:
 		opts.AssigneeID = ctx.Doer.ID
 	case issues_model.FilterModeCreate:
@@ -846,7 +844,7 @@ func getUserIssueStats(ctx *context.Context, ctxUser *user_model.User, filterMod
 		openClosedOpts := opts.Copy()
 		switch filterMode {
 		case issues_model.FilterModeAll:
-			// no-op
+			break
 		case issues_model.FilterModeYourRepositories:
 			openClosedOpts.AllPublic = false
 		case issues_model.FilterModeAssign:
diff --git a/routers/web/user/package.go b/routers/web/user/package.go
index 2862c6684b..9a77af0bb2 100644
--- a/routers/web/user/package.go
+++ b/routers/web/user/package.go
@@ -180,8 +180,6 @@ func ViewPackageVersion(ctx *context.Context) {
 	ctx.Data["PackageRegistryHost"] = setting.Packages.RegistryHost
 
 	switch pd.Package.Type {
-	case packages_model.TypeContainer:
-
 	case packages_model.TypeAlpine:
 		branches := make(container.Set[string])
 		repositories := make(container.Set[string])
diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index a7f4273338..02ad9d66f5 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -85,6 +85,7 @@ func checkJobsOfRun(ctx context.Context, runID int64, recursionCount int) error
 
 					case behaviourExecuteJob:
 						// Intentional blank case -- proceed with updating the status of the job to waiting.
+						break
 
 					case behaviourIgnoreJob:
 						// Skip updating this job's status to waiting, continue with other jobs in the run.
diff --git a/services/convert/activitypub_user_action.go b/services/convert/activitypub_user_action.go
index 9c62e6f25c..b08eaa14c7 100644
--- a/services/convert/activitypub_user_action.go
+++ b/services/convert/activitypub_user_action.go
@@ -164,13 +164,6 @@ func ActionToForgeUserActivity(ctx context.Context, action *activities_model.Act
 			renderIssue(action.Comment.Issue),
 			renderedComment,
 		)
-	case activities_model.ActionMirrorSyncPush:
-	case activities_model.ActionMirrorSyncCreate:
-	case activities_model.ActionMirrorSyncDelete:
-	case activities_model.ActionPublishRelease:
-	case activities_model.ActionPullReviewDismissed:
-	case activities_model.ActionPullRequestReadyForReview:
-	case activities_model.ActionAutoMergePullRequest:
 	}
 
 	return makeUserActivity("performed an unrecognised action: %s", action.OpType.String())
diff --git a/services/mailer/incoming/incoming.go b/services/mailer/incoming/incoming.go
index b1b9191df3..39d1554083 100644
--- a/services/mailer/incoming/incoming.go
+++ b/services/mailer/incoming/incoming.go
@@ -69,6 +69,7 @@ func Init(ctx context.Context) error {
 				case <-ctx.Done():
 					return
 				case <-time.NewTimer(10 * time.Second).C:
+					break
 				}
 			}
 		}
@@ -123,6 +124,7 @@ func processIncomingEmails(ctx context.Context) error {
 			case <-ctx.Done():
 				return nil
 			case <-time.NewTimer(time.Second).C:
+				break
 			}
 		}
 	}
diff --git a/services/migrations/github.go b/services/migrations/github.go
index ed419ed444..7cfb626a15 100644
--- a/services/migrations/github.go
+++ b/services/migrations/github.go
@@ -182,6 +182,7 @@ func (g *GithubDownloaderV3) waitAndPickClient() {
 			timer.Stop()
 			return
 		case <-timer.C:
+			break
 		}
 
 		err := g.RefreshRate()
diff --git a/services/pull/patch_unmerged.go b/services/pull/patch_unmerged.go
index caa0318c48..209674ef82 100644
--- a/services/pull/patch_unmerged.go
+++ b/services/pull/patch_unmerged.go
@@ -170,6 +170,7 @@ func unmergedFiles(ctx context.Context, tmpBasePath string, unmerged chan *unmer
 		switch line.stage {
 		case 0:
 			// Should not happen as this represents successfully merged file - we will tolerate and ignore though
+			break
 		case 1:
 			if next.stage1 != nil || next.stage2 != nil || next.stage3 != nil {
 				// We need to handle the unstaged file stage1,stage2,stage3
diff --git a/services/repository/gitgraph/parser.go b/services/repository/gitgraph/parser.go
index 3c98e66273..fcbc666f7e 100644
--- a/services/repository/gitgraph/parser.go
+++ b/services/repository/gitgraph/parser.go
@@ -184,7 +184,7 @@ func (parser *Parser) ParseGlyphs(glyphs []byte) {
 		case '-':
 			parser.setLeftFlow(i)
 		case ' ':
-			// no-op
+			break
 		default:
 			parser.newFlow(i)
 		}
diff --git a/services/task/migrate.go b/services/task/migrate.go
index a9f76299fd..2a2a8b3668 100644
--- a/services/task/migrate.go
+++ b/services/task/migrate.go
@@ -108,6 +108,7 @@ func runMigrateTask(ctx context.Context, t *admin_model.Task) (err error) {
 		for {
 			select {
 			case <-time.After(2 * time.Second):
+				break
 			case <-ctx.Done():
 				return
 			}

From a012b8bf369c29bca8edc6bc9bdcffd1f9ddd181 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 10 Mar 2026 03:19:16 +0100
Subject: [PATCH 476/854] refactor: replace ActionRunnerToken.OwnerID & RepoID
 with optional.Option[int64] (#11601)

Currently:
- In the database, `NULL` is used in `action_runner_token.owner_id` & `.repo_id` to represent an absent value, as required by the foreign key
- In the code, `0` is used in `ActionRunnerToken.OwnerID` and `.RepoID` to represent an absent value

This PR replaces the `int64` fields with `optional.Option[int64]` which allows a single data type to be used for both cases, and removes the usage of the value `0` as a placeholder.

This change has a limited scope -- although `ActionRunnerToken` uses `NULL` values in the database, the related table `ActionRunner` still uses zero-values for `OwnerID` and `RepoID`.  This means a lot of code interacting with both of these tables still uses `0` values, such as the UI.  The changes here were stopped at a reasonable point to avoid cascading into all places that use the `ActionRunner` table.  (I'll continue this work in the future to enable foreign keys on `ActionRunner`, but likely after #11516 is completed to avoid serious conflict resolution problems.)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11601
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/actions/runner_token.go        | 41 +++++++++++----------------
 models/actions/runner_token_test.go   |  9 +++---
 models/organization/org.go            |  3 +-
 routers/api/actions/runner/runner.go  | 12 ++++----
 routers/api/v1/shared/runners.go      | 14 +++++++--
 routers/private/actions.go            | 14 +++++++--
 routers/web/shared/actions/runners.go | 25 ++++++++++++++--
 services/org/org_test.go              |  4 +--
 services/repository/delete.go         |  3 +-
 services/user/delete.go               |  3 +-
 10 files changed, 81 insertions(+), 47 deletions(-)

diff --git a/models/actions/runner_token.go b/models/actions/runner_token.go
index 848330c954..f789f30ddf 100644
--- a/models/actions/runner_token.go
+++ b/models/actions/runner_token.go
@@ -10,6 +10,7 @@ import (
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 
@@ -31,9 +32,9 @@ import (
 type ActionRunnerToken struct {
 	ID       int64
 	Token    string                 `xorm:"UNIQUE"`
-	OwnerID  int64                  `xorm:"index REFERENCES(user, id)"`
+	OwnerID  optional.Option[int64] `xorm:"index REFERENCES(user, id)"`
 	Owner    *user_model.User       `xorm:"-"`
-	RepoID   int64                  `xorm:"index REFERENCES(repository, id)"`
+	RepoID   optional.Option[int64] `xorm:"index REFERENCES(repository, id)"`
 	Repo     *repo_model.Repository `xorm:"-"`
 	IsActive bool                   // true means it can be used
 
@@ -71,21 +72,11 @@ func UpdateRunnerToken(ctx context.Context, r *ActionRunnerToken, cols ...string
 
 // NewRunnerToken creates a new active runner token and invalidate all old tokens
 // ownerID will be ignored and treated as 0 if repoID is non-zero.
-func NewRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerToken, error) {
-	if ownerID != 0 && repoID != 0 {
+func NewRunnerToken(ctx context.Context, ownerID, repoID optional.Option[int64]) (*ActionRunnerToken, error) {
+	if ownerID.Has() && repoID.Has() {
 		// It's trying to create a runner token that belongs to a repository, but OwnerID has been set accidentally.
 		// Remove OwnerID to avoid confusion; it's not worth returning an error here.
-		ownerID = 0
-	}
-
-	// To ensure that NULL values are used for the unused columns, rather than attempting to insert 0 values which will
-	// cause FK violation, manage the list of columns that xorm will insert.
-	cols := []string{"is_active", "token"}
-	if ownerID != 0 {
-		cols = append(cols, "owner_id")
-	}
-	if repoID != 0 {
-		cols = append(cols, "repo_id")
+		ownerID = optional.None[int64]()
 	}
 
 	token := util.CryptoRandomString(util.RandomStringHigh)
@@ -103,33 +94,33 @@ func NewRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerTo
 			return err
 		}
 
-		_, err := db.GetEngine(ctx).Cols(cols...).Insert(runnerToken)
+		_, err := db.GetEngine(ctx).Insert(runnerToken)
 		return err
 	})
 }
 
-func runnerTokenCond(ownerID, repoID int64) builder.Cond {
+func runnerTokenCond(ownerID, repoID optional.Option[int64]) builder.Cond {
 	var condOwnerID builder.Cond
-	if ownerID == 0 {
+	if has, value := ownerID.Get(); !has {
 		condOwnerID = builder.IsNull{"owner_id"}
 	} else {
-		condOwnerID = builder.Eq{"owner_id": ownerID}
+		condOwnerID = builder.Eq{"owner_id": value}
 	}
 	var condRepoID builder.Cond
-	if repoID == 0 {
+	if has, value := repoID.Get(); !has {
 		condRepoID = builder.IsNull{"repo_id"}
 	} else {
-		condRepoID = builder.Eq{"repo_id": repoID}
+		condRepoID = builder.Eq{"repo_id": value}
 	}
 	return builder.And(condOwnerID, condRepoID)
 }
 
 // GetLatestRunnerToken returns the latest runner token
-func GetLatestRunnerToken(ctx context.Context, ownerID, repoID int64) (*ActionRunnerToken, error) {
-	if ownerID != 0 && repoID != 0 {
-		// It's trying to get a runner token that belongs to a repository, but OwnerID has been set accidentally.
+func GetLatestRunnerToken(ctx context.Context, ownerID, repoID optional.Option[int64]) (*ActionRunnerToken, error) {
+	if ownerID.Has() && repoID.Has() {
+		// It's trying to create a runner token that belongs to a repository, but OwnerID has been set accidentally.
 		// Remove OwnerID to avoid confusion; it's not worth returning an error here.
-		ownerID = 0
+		ownerID = optional.None[int64]()
 	}
 
 	var runnerToken ActionRunnerToken
diff --git a/models/actions/runner_token_test.go b/models/actions/runner_token_test.go
index 73320077a6..4b69f5488f 100644
--- a/models/actions/runner_token_test.go
+++ b/models/actions/runner_token_test.go
@@ -8,6 +8,7 @@ import (
 
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/optional"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -16,16 +17,16 @@ import (
 func TestGetLatestRunnerToken(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	token := unittest.AssertExistsAndLoadBean(t, &ActionRunnerToken{ID: 3})
-	expectedToken, err := GetLatestRunnerToken(db.DefaultContext, 1, 0)
+	expectedToken, err := GetLatestRunnerToken(db.DefaultContext, optional.Some[int64](1), optional.None[int64]())
 	require.NoError(t, err)
 	assert.Equal(t, expectedToken, token)
 }
 
 func TestNewRunnerToken(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
-	token, err := NewRunnerToken(db.DefaultContext, 1, 0)
+	token, err := NewRunnerToken(db.DefaultContext, optional.Some[int64](1), optional.None[int64]())
 	require.NoError(t, err)
-	expectedToken, err := GetLatestRunnerToken(db.DefaultContext, 1, 0)
+	expectedToken, err := GetLatestRunnerToken(db.DefaultContext, optional.Some[int64](1), optional.None[int64]())
 	require.NoError(t, err)
 	assert.Equal(t, expectedToken, token)
 }
@@ -35,7 +36,7 @@ func TestUpdateRunnerToken(t *testing.T) {
 	token := unittest.AssertExistsAndLoadBean(t, &ActionRunnerToken{ID: 3})
 	token.IsActive = true
 	require.NoError(t, UpdateRunnerToken(db.DefaultContext, token, "is_active"))
-	expectedToken, err := GetLatestRunnerToken(db.DefaultContext, 1, 0)
+	expectedToken, err := GetLatestRunnerToken(db.DefaultContext, optional.Some[int64](1), optional.None[int64]())
 	require.NoError(t, err)
 	assert.Equal(t, expectedToken, token)
 }
diff --git a/models/organization/org.go b/models/organization/org.go
index b6a7e8d1a0..7dcb78cb9b 100644
--- a/models/organization/org.go
+++ b/models/organization/org.go
@@ -17,6 +17,7 @@ import (
 	"forgejo.org/models/unit"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/structs"
 	"forgejo.org/modules/util"
@@ -404,7 +405,7 @@ func DeleteOrganization(ctx context.Context, org *Organization) error {
 		&TeamInvite{OrgID: org.ID},
 		&secret_model.Secret{OwnerID: org.ID},
 		&actions_model.ActionRunner{OwnerID: org.ID},
-		&actions_model.ActionRunnerToken{OwnerID: org.ID},
+		&actions_model.ActionRunnerToken{OwnerID: optional.Some(org.ID)},
 	); err != nil {
 		return fmt.Errorf("DeleteBeans: %w", err)
 	}
diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go
index 5a29dd7ab7..41e33fc476 100644
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -56,14 +56,14 @@ func (s *Service) Register(
 		return nil, connect.NewError(connect.CodeInvalidArgument, errors.New("runner registration token has been invalidated, please use the latest one"))
 	}
 
-	if runnerToken.OwnerID != 0 {
-		if _, err := user_model.GetUserByID(ctx, runnerToken.OwnerID); err != nil {
+	if has, ownerID := runnerToken.OwnerID.Get(); has {
+		if _, err := user_model.GetUserByID(ctx, ownerID); err != nil {
 			return nil, connect.NewError(connect.CodeInternal, errors.New("owner of the token not found"))
 		}
 	}
 
-	if runnerToken.RepoID != 0 {
-		if _, err := repo_model.GetRepositoryByID(ctx, runnerToken.RepoID); err != nil {
+	if has, repoID := runnerToken.RepoID.Get(); has {
+		if _, err := repo_model.GetRepositoryByID(ctx, repoID); err != nil {
 			return nil, connect.NewError(connect.CodeInternal, errors.New("repository of the token not found"))
 		}
 	}
@@ -75,8 +75,8 @@ func (s *Service) Register(
 	runner := &actions_model.ActionRunner{
 		UUID:        gouuid.New().String(),
 		Name:        name,
-		OwnerID:     runnerToken.OwnerID,
-		RepoID:      runnerToken.RepoID,
+		OwnerID:     runnerToken.OwnerID.ValueOrDefault(0),
+		RepoID:      runnerToken.RepoID.ValueOrDefault(0),
 		Version:     req.Msg.Version,
 		AgentLabels: labels,
 		Ephemeral:   req.Msg.Ephemeral,
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index a96a10ad30..5fadbd92e0 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -11,6 +11,7 @@ import (
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/structs"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
@@ -27,9 +28,18 @@ type RegistrationToken struct {
 }
 
 func GetRegistrationToken(ctx *context.APIContext, ownerID, repoID int64) {
-	token, err := actions_model.GetLatestRunnerToken(ctx, ownerID, repoID)
+	optOwnerID := optional.None[int64]()
+	if ownerID != 0 {
+		optOwnerID = optional.Some(ownerID)
+	}
+	optRepoID := optional.None[int64]()
+	if repoID != 0 {
+		optRepoID = optional.Some(repoID)
+	}
+
+	token, err := actions_model.GetLatestRunnerToken(ctx, optOwnerID, optRepoID)
 	if errors.Is(err, util.ErrNotExist) || (token != nil && !token.IsActive) {
-		token, err = actions_model.NewRunnerToken(ctx, ownerID, repoID)
+		token, err = actions_model.NewRunnerToken(ctx, optOwnerID, optRepoID)
 	}
 	if err != nil {
 		ctx.InternalServerError(err)
diff --git a/routers/private/actions.go b/routers/private/actions.go
index 441fb881ed..2b22c0f964 100644
--- a/routers/private/actions.go
+++ b/routers/private/actions.go
@@ -15,6 +15,7 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/private"
 	"forgejo.org/modules/util"
 	"forgejo.org/services/context"
@@ -42,9 +43,18 @@ func GenerateActionsRunnerToken(ctx *context.PrivateContext) {
 		})
 	}
 
-	token, err := actions_model.GetLatestRunnerToken(ctx, owner, repo)
+	ownerID := optional.None[int64]()
+	if owner != 0 {
+		ownerID = optional.Some(owner)
+	}
+	repoID := optional.None[int64]()
+	if repo != 0 {
+		repoID = optional.Some(repo)
+	}
+
+	token, err := actions_model.GetLatestRunnerToken(ctx, ownerID, repoID)
 	if errors.Is(err, util.ErrNotExist) || (token != nil && !token.IsActive) {
-		token, err = actions_model.NewRunnerToken(ctx, owner, repo)
+		token, err = actions_model.NewRunnerToken(ctx, ownerID, repoID)
 		if err != nil {
 			errMsg := fmt.Sprintf("error while creating runner token: %v", err)
 			log.Error("NewRunnerToken failed: %v", errMsg)
diff --git a/routers/web/shared/actions/runners.go b/routers/web/shared/actions/runners.go
index 1b77fb1597..9d0ad3b0cd 100644
--- a/routers/web/shared/actions/runners.go
+++ b/routers/web/shared/actions/runners.go
@@ -9,6 +9,7 @@ import (
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
 	"forgejo.org/services/context"
@@ -29,10 +30,19 @@ func RunnersList(ctx *context.Context, opts actions_model.FindRunnerOptions) {
 	}
 
 	// ownid=0,repo_id=0,means this token is used for global
+	ownerID := optional.None[int64]()
+	if opts.OwnerID != 0 {
+		ownerID = optional.Some(opts.OwnerID)
+	}
+	repoID := optional.None[int64]()
+	if opts.RepoID != 0 {
+		repoID = optional.Some(opts.RepoID)
+	}
+
 	var token *actions_model.ActionRunnerToken
-	token, err = actions_model.GetLatestRunnerToken(ctx, opts.OwnerID, opts.RepoID)
+	token, err = actions_model.GetLatestRunnerToken(ctx, ownerID, repoID)
 	if errors.Is(err, util.ErrNotExist) || (token != nil && !token.IsActive) {
-		token, err = actions_model.NewRunnerToken(ctx, opts.OwnerID, opts.RepoID)
+		token, err = actions_model.NewRunnerToken(ctx, ownerID, repoID)
 		if err != nil {
 			ctx.ServerError("CreateRunnerToken", err)
 			return
@@ -130,7 +140,16 @@ func RunnerDetailsEditPost(ctx *context.Context, runnerID, ownerID, repoID int64
 
 // RunnerResetRegistrationToken reset registration token
 func RunnerResetRegistrationToken(ctx *context.Context, ownerID, repoID int64, redirectTo string) {
-	_, err := actions_model.NewRunnerToken(ctx, ownerID, repoID)
+	optOwnerID := optional.None[int64]()
+	if ownerID != 0 {
+		optOwnerID = optional.Some(ownerID)
+	}
+	optRepoID := optional.None[int64]()
+	if repoID != 0 {
+		optRepoID = optional.Some(repoID)
+	}
+
+	_, err := actions_model.NewRunnerToken(ctx, optOwnerID, optRepoID)
 	if err != nil {
 		ctx.ServerError("ResetRunnerRegistrationToken", err)
 		return
diff --git a/services/org/org_test.go b/services/org/org_test.go
index 10f753acd6..38736286f4 100644
--- a/services/org/org_test.go
+++ b/services/org/org_test.go
@@ -12,6 +12,7 @@ import (
 	"forgejo.org/models/organization"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/optional"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -30,8 +31,7 @@ func TestDeleteOrganization(t *testing.T) {
 	unittest.AssertNotExistsBean(t, &organization.Organization{ID: 6})
 	unittest.AssertNotExistsBean(t, &organization.OrgUser{OrgID: 6})
 	unittest.AssertNotExistsBean(t, &organization.Team{OrgID: 6})
-	orgID := int64(6)
-	unittest.AssertNotExistsBean(t, &actions.ActionRunnerToken{OwnerID: orgID})
+	unittest.AssertNotExistsBean(t, &actions.ActionRunnerToken{OwnerID: optional.Some[int64](6)})
 
 	org = unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
 	err := DeleteOrganization(db.DefaultContext, org, false)
diff --git a/services/repository/delete.go b/services/repository/delete.go
index ebebdef3f1..3ea7e51a9b 100644
--- a/services/repository/delete.go
+++ b/services/repository/delete.go
@@ -28,6 +28,7 @@ import (
 	actions_module "forgejo.org/modules/actions"
 	"forgejo.org/modules/lfs"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/storage"
 	actions_service "forgejo.org/services/actions"
@@ -187,7 +188,7 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
 		&actions_model.ActionArtifact{RepoID: repoID},
 		&actions_model.ActionUser{RepoID: repoID},
 		&repo_model.RepoArchiveDownloadCount{RepoID: repoID},
-		&actions_model.ActionRunnerToken{RepoID: repoID},
+		&actions_model.ActionRunnerToken{RepoID: optional.Some(repoID)},
 	); err != nil {
 		return fmt.Errorf("deleteBeans: %w", err)
 	}
diff --git a/services/user/delete.go b/services/user/delete.go
index 0c2a0b63ed..bcd465ce9d 100644
--- a/services/user/delete.go
+++ b/services/user/delete.go
@@ -23,6 +23,7 @@ import (
 	pull_model "forgejo.org/models/pull"
 	repo_model "forgejo.org/models/repo"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	issue_service "forgejo.org/services/issue"
 
@@ -97,7 +98,7 @@ func deleteUser(ctx context.Context, u *user_model.User, purge bool) (err error)
 		&actions_model.ActionUser{UserID: u.ID},
 		&user_model.BlockedUser{BlockID: u.ID},
 		&user_model.BlockedUser{UserID: u.ID},
-		&actions_model.ActionRunnerToken{OwnerID: u.ID},
+		&actions_model.ActionRunnerToken{OwnerID: optional.Some(u.ID)},
 		&auth_model.AuthorizationToken{UID: u.ID},
 	); err != nil {
 		return fmt.Errorf("deleteBeans: %w", err)

From 1853b7370b294da1ecd9da04ee053dc9eb74a878 Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Tue, 10 Mar 2026 16:50:04 +0100
Subject: [PATCH 477/854] fix: webook/discord: omit empty embeds.footer from
 the payload for Spacebar compatibility (#11588)

Fixes #11573

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11588
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
---
 services/webhook/discord.go      |  4 ++--
 services/webhook/discord_test.go | 11 ++++++++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/services/webhook/discord.go b/services/webhook/discord.go
index cdab4d6733..2383a1402b 100644
--- a/services/webhook/discord.go
+++ b/services/webhook/discord.go
@@ -77,7 +77,7 @@ func (discordHandler) UnmarshalForm(bind func(any)) forms.WebhookForm {
 type (
 	// DiscordEmbedFooter for Embed Footer Structure.
 	DiscordEmbedFooter struct {
-		Text string `json:"text,omitempty"`
+		Text string `json:"text"`
 	}
 
 	// DiscordEmbedAuthor for Embed Author Structure
@@ -99,7 +99,7 @@ type (
 		Description string              `json:"description"`
 		URL         string              `json:"url"`
 		Color       int                 `json:"color"`
-		Footer      DiscordEmbedFooter  `json:"footer"`
+		Footer      *DiscordEmbedFooter `json:"footer,omitempty"`
 		Author      DiscordEmbedAuthor  `json:"author"`
 		Fields      []DiscordEmbedField `json:"fields,omitempty"`
 	}
diff --git a/services/webhook/discord_test.go b/services/webhook/discord_test.go
index e94486def8..23745b421a 100644
--- a/services/webhook/discord_test.go
+++ b/services/webhook/discord_test.go
@@ -4,6 +4,8 @@
 package webhook
 
 import (
+	"bytes"
+	"io"
 	"testing"
 
 	webhook_model "forgejo.org/models/webhook"
@@ -354,8 +356,15 @@ func TestDiscordJSONPayload(t *testing.T) {
 	assert.Equal(t, "https://discord.example.com/", req.URL.String())
 	assert.Equal(t, "sha256=", req.Header.Get("X-Hub-Signature-256"))
 	assert.Equal(t, "application/json", req.Header.Get("Content-Type"))
+
+	buf, err := io.ReadAll(req.Body)
+	require.NoError(t, err)
+
+	// https://codeberg.org/forgejo/forgejo/issues/11573
+	assert.NotContains(t, string(buf), `"footer":`)
+
 	var body DiscordPayload
-	err = json.NewDecoder(req.Body).Decode(&body)
+	err = json.NewDecoder(bytes.NewReader(buf)).Decode(&body)
 	require.NoError(t, err)
 	assert.Equal(t, "[`2020558`](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) commit message \\- user1\n[`2020558`](http://localhost:3000/test/repo/commit/2020558fe2e34debb818a514715839cabd25e778) commit message \\- user1", body.Embeds[0].Description)
 }

From f1a08a7ab17fe7523a111fb127419b9e743f48d1 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Tue, 10 Mar 2026 21:07:08 +0100
Subject: [PATCH 478/854] fix: remove second challenge from WWW-Authenticate
 header (#11616)

https://codeberg.org/forgejo/forgejo/pulls/11393 introduced a second challenge, one for HTTP Basic Authentication, to the existing `WWW-Authenticate` header sent by Forgejo's container registry in response to missing or invalid credentials. However, that led to unexpected compatibility issues with some clients. For example, it broke Renovate (see https://github.com/renovatebot/renovate/discussions/41774).

To be extra-safe, the decision was taken to revert that particular change without introducing a second header field (i.e., sending two `WWW-Authenticate` headers). That effectively restores the old behaviour.

```
$ curl -v -u andreas --basic http://192.168.178.62:3000/v2
Enter host password for user 'andreas':
*   Trying 192.168.178.62:3000...
* Connected to 192.168.178.62 (192.168.178.62) port 3000
* using HTTP/1.x
* Server auth using Basic with user 'andreas'
> GET /v2 HTTP/1.1
> Host: 192.168.178.62:3000
> Authorization: Basic *****
> User-Agent: curl/8.15.0
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 401 Unauthorized
< Content-Length: 50
< Content-Type: application/json
< Docker-Distribution-Api-Version: registry/2.0
< Www-Authenticate: Bearer realm="http://192.168.178.62:3000/v2/token",service="container_registry",scope="*"
< Date: Tue, 10 Mar 2026 17:00:21 GMT
<
{"errors":[{"code":"UNAUTHORIZED","message":""}]}
```

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11616
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 routers/api/packages/container/container.go                  | 5 +++--
 .../api_packages_container_cleanup_sha256_test.go            | 3 +--
 tests/integration/api_packages_container_test.go             | 3 +--
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go
index bf621f36de..6781f511c8 100644
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@@ -116,8 +116,9 @@ func apiErrorDefined(ctx *context.Context, err *container_service.NamedError) {
 }
 
 func APIUnauthorizedError(ctx *context.Context) {
-	ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*",`+
-		`Basic realm="`+setting.AppURL+`v2",service="container_registry",scope="*"`)
+	// Do not include more than one challenge in the same header field. That breaks clients even though the HTTP RFC
+	// allows it.
+	ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)
 	apiErrorDefined(ctx, container_service.ErrUnauthorized)
 }
 
diff --git a/tests/integration/api_packages_container_cleanup_sha256_test.go b/tests/integration/api_packages_container_cleanup_sha256_test.go
index d672504509..19b73f7698 100644
--- a/tests/integration/api_packages_container_cleanup_sha256_test.go
+++ b/tests/integration/api_packages_container_cleanup_sha256_test.go
@@ -63,8 +63,7 @@ func TestPackageContainerCleanupSHA256(t *testing.T) {
 			Token string `json:"token"`
 		}
 
-		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*",` +
-			`Basic realm="` + setting.AppURL + `v2",service="container_registry",scope="*"`}
+		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
 
 		t.Run("User", func(t *testing.T) {
 			req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go
index 1024d90d5d..21420bb0d8 100644
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -91,8 +91,7 @@ func TestPackageContainer(t *testing.T) {
 			Token string `json:"token"`
 		}
 
-		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*",` +
-			`Basic realm="` + setting.AppURL + `v2",service="container_registry",scope="*"`}
+		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
 
 		t.Run("Anonymous", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()

From 296e6a284e04f010498221092c97d29955a4eb3e Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Tue, 10 Mar 2026 23:49:18 +0100
Subject: [PATCH 479/854] fix(ui): improve Git notes editing (#11365)

Closes #11355, namely:

1. bug: editing the note does not edit the orginal content, but the rendered content
    - https://codeberg.org/forgejo/forgejo/pulls/11365/commits/16368c4ccb7c5e4711599abe5a607d0a9da81f9b
    - edit raw notes instead of rendered notes
2. bug: editing existing note on single-commit PR page leads to 404 page because it sends a POST request to `/OWNER/REPO/pulls/ID/commits/COMMIT_HASH/notes`
    - https://codeberg.org/forgejo/forgejo/pulls/11365/commits/f036fc55db6b32975f6b0d78d0a7b0e34cd5e866
    - add new paths for the actions on pull request pages for `/OWNER/REPO/pulls/ID/commits/COMMIT_HASH/notes` and `/OWNER/REPO/pulls/ID/commits/COMMIT_HASH/notes/remove`
3. feat: both for adding and editing there is no `Cancel` button
    - https://codeberg.org/forgejo/forgejo/pulls/11365/commits/58d8c7cc872f34ddb092fe2c28d757580d16a320
    - moved both the `Cancel` and the `Save`/`Edit` button to the right for better consistency how, e.g., issue comments are edited/created.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11365
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
---
 release-notes/11365.md             |  3 ++
 routers/web/repo/commit.go         | 17 ++++++--
 routers/web/repo/commit_test.go    | 58 ++++++++++++++++++++++++++++
 routers/web/repo/pull.go           |  9 +++++
 routers/web/repo/pull_test.go      | 62 ++++++++++++++++++++++++++++++
 routers/web/web.go                 |  8 +++-
 templates/repo/commit_header.tmpl  | 33 +++++-----------
 tests/e2e/git-notes.test.e2e.ts    | 34 ++++++++++++++--
 web_src/js/features/repo-commit.js | 26 ++++++-------
 9 files changed, 204 insertions(+), 46 deletions(-)
 create mode 100644 release-notes/11365.md
 create mode 100644 routers/web/repo/commit_test.go
 create mode 100644 routers/web/repo/pull_test.go

diff --git a/release-notes/11365.md b/release-notes/11365.md
new file mode 100644
index 0000000000..15e17a2054
--- /dev/null
+++ b/release-notes/11365.md
@@ -0,0 +1,3 @@
+fix: edit raw instead of rendered Git notes when editing notes on commit pages
+fix: make editing Git notes from single-commit PR page actually work
+feat: add cancel button to Git note adding and editing
diff --git a/routers/web/repo/commit.go b/routers/web/repo/commit.go
index 9968ccd018..3db8a091b0 100644
--- a/routers/web/repo/commit.go
+++ b/routers/web/repo/commit.go
@@ -407,6 +407,7 @@ func Diff(ctx *context.Context) {
 	if err == nil {
 		ctx.Data["NoteCommit"] = note.Commit
 		ctx.Data["NoteAuthor"] = user_model.ValidateCommitWithEmail(ctx, note.Commit)
+		ctx.Data["NoteRaw"] = string(charset.ToUTF8WithFallback(note.Message, charset.ConvertOpts{}))
 		ctx.Data["NoteRendered"], err = markup.RenderCommitMessage(&markup.RenderContext{
 			Links: markup.Links{
 				Base:       ctx.Repo.RepoLink,
@@ -463,7 +464,7 @@ func RawDiff(ctx *context.Context) {
 	}
 }
 
-func SetCommitNotes(ctx *context.Context) {
+func setCommitNotes(ctx *context.Context, redirectURL string) {
 	form := web.GetForm(ctx).(*forms.CommitNotesForm)
 
 	commitID := ctx.Params(":sha")
@@ -474,10 +475,14 @@ func SetCommitNotes(ctx *context.Context) {
 		return
 	}
 
-	ctx.Redirect(fmt.Sprintf("%s/commit/%s", ctx.Repo.Repository.HTMLURL(), commitID))
+	ctx.Redirect(redirectURL)
 }
 
-func RemoveCommitNotes(ctx *context.Context) {
+func SetCommitNotes(ctx *context.Context) {
+	setCommitNotes(ctx, ctx.Repo.Repository.CommitLink(ctx.Params(":sha")))
+}
+
+func removeCommitNotes(ctx *context.Context, redirectURL string) {
 	commitID := ctx.Params(":sha")
 
 	err := git.RemoveNote(ctx, ctx.Repo.GitRepo, commitID)
@@ -486,5 +491,9 @@ func RemoveCommitNotes(ctx *context.Context) {
 		return
 	}
 
-	ctx.Redirect(fmt.Sprintf("%s/commit/%s", ctx.Repo.Repository.HTMLURL(), commitID))
+	ctx.Redirect(redirectURL)
+}
+
+func RemoveCommitNotes(ctx *context.Context) {
+	removeCommitNotes(ctx, ctx.Repo.Repository.CommitLink(ctx.Params(":sha")))
 }
diff --git a/routers/web/repo/commit_test.go b/routers/web/repo/commit_test.go
new file mode 100644
index 0000000000..eb4c1e3367
--- /dev/null
+++ b/routers/web/repo/commit_test.go
@@ -0,0 +1,58 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package repo
+
+import (
+	"net/http"
+	"testing"
+
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/git"
+	"forgejo.org/modules/test"
+	"forgejo.org/modules/web"
+	"forgejo.org/services/contexttest"
+	"forgejo.org/services/forms"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSetCommitNotes(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	commitID := "65f1bf27bc3bf70f64657658635e66094edbcb4d"
+	path := "/user2/repo1/commit/" + commitID
+	ctx, _ := contexttest.MockContext(t, path)
+	ctx.SetParams(":sha", commitID)
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	contexttest.LoadGitRepo(t, ctx)
+	notes := `This is a new note.\nSee https://frogejo.org.`
+	web.SetForm(ctx, &forms.CommitNotesForm{
+		Notes: notes,
+	})
+	SetCommitNotes(ctx)
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.Status())
+	assert.Equal(t, path, test.RedirectURL(ctx.Resp))
+	note, err := git.GetNote(ctx, ctx.Repo.GitRepo, commitID)
+	require.NoError(t, err)
+	assert.Equal(t, []byte(notes+"\n"), note.Message)
+}
+
+func TestRemoveCommitNotes(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	commitID := "65f1bf27bc3bf70f64657658635e66094edbcb4d"
+	path := "/user2/repo1/commit/" + commitID
+	ctx, _ := contexttest.MockContext(t, path)
+	ctx.SetParams(":sha", commitID)
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	contexttest.LoadGitRepo(t, ctx)
+	RemoveCommitNotes(ctx)
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.Status())
+	assert.Equal(t, path, test.RedirectURL(ctx.Resp))
+	note, err := git.GetNote(ctx, ctx.Repo.GitRepo, commitID)
+	require.Error(t, err)
+	assert.True(t, git.IsErrNotExist(err))
+	assert.Nil(t, note)
+}
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index 781a001fba..83e3a3cef3 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -1008,6 +1008,7 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 		if err == nil {
 			ctx.Data["NoteCommit"] = note.Commit
 			ctx.Data["NoteAuthor"] = user_model.ValidateCommitWithEmail(ctx, note.Commit)
+			ctx.Data["NoteRaw"] = string(charset.ToUTF8WithFallback(note.Message, charset.ConvertOpts{}))
 			ctx.Data["NoteRendered"], err = markup.RenderCommitMessage(&markup.RenderContext{
 				Links: markup.Links{
 					Base:       ctx.Repo.RepoLink,
@@ -2018,3 +2019,11 @@ func UpdateTrustWithPullRequestActions(ctx *context.Context) {
 
 	ctx.Redirect(fmt.Sprintf("%s#pull-request-trust-panel", pr.Issue.Link()))
 }
+
+func SetCommitNotesPullRequest(ctx *context.Context) {
+	setCommitNotes(ctx, fmt.Sprintf("%s/pulls/%s/commits/%s", ctx.Repo.Repository.Link(), ctx.Params(":index"), ctx.Params(":sha")))
+}
+
+func RemoveCommitNotesPullRequest(ctx *context.Context) {
+	removeCommitNotes(ctx, fmt.Sprintf("%s/pulls/%s/commits/%s", ctx.Repo.Repository.Link(), ctx.Params(":index"), ctx.Params(":sha")))
+}
diff --git a/routers/web/repo/pull_test.go b/routers/web/repo/pull_test.go
new file mode 100644
index 0000000000..ae7f78f810
--- /dev/null
+++ b/routers/web/repo/pull_test.go
@@ -0,0 +1,62 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package repo
+
+import (
+	"net/http"
+	"testing"
+
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/git"
+	"forgejo.org/modules/test"
+	"forgejo.org/modules/web"
+	"forgejo.org/services/contexttest"
+	"forgejo.org/services/forms"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestSetCommitNotesPullRequest(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	commitID := "65f1bf27bc3bf70f64657658635e66094edbcb4d"
+	pullID := "5"
+	path := "/user2/repo1/pulls/" + pullID + "/commits/" + commitID
+	ctx, _ := contexttest.MockContext(t, path)
+	ctx.SetParams(":sha", commitID)
+	ctx.SetParams(":index", pullID)
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	contexttest.LoadGitRepo(t, ctx)
+	notes := `This is a new note.\nSee https://frogejo.org.`
+	web.SetForm(ctx, &forms.CommitNotesForm{
+		Notes: notes,
+	})
+	SetCommitNotesPullRequest(ctx)
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.Status())
+	assert.Equal(t, path, test.RedirectURL(ctx.Resp))
+	note, err := git.GetNote(ctx, ctx.Repo.GitRepo, commitID)
+	require.NoError(t, err)
+	assert.Equal(t, []byte(notes+"\n"), note.Message)
+}
+
+func TestRemoveCommitNotesPullRequest(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	commitID := "65f1bf27bc3bf70f64657658635e66094edbcb4d"
+	pullID := "5"
+	path := "/user2/repo1/pulls/" + pullID + "/commits/" + commitID
+	ctx, _ := contexttest.MockContext(t, path)
+	ctx.SetParams(":sha", commitID)
+	ctx.SetParams(":index", pullID)
+	contexttest.LoadUser(t, ctx, 2)
+	contexttest.LoadRepo(t, ctx, 1)
+	contexttest.LoadGitRepo(t, ctx)
+	RemoveCommitNotesPullRequest(ctx)
+	assert.Equal(t, http.StatusSeeOther, ctx.Resp.Status())
+	assert.Equal(t, path, test.RedirectURL(ctx.Resp))
+	note, err := git.GetNote(ctx, ctx.Repo.GitRepo, commitID)
+	require.Error(t, err)
+	assert.True(t, git.IsErrNotExist(err))
+	assert.Nil(t, note)
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index cd5d65b912..6cddc1d0b0 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1564,6 +1564,10 @@ func registerRoutes(m *web.Route) {
 					m.Get("", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.SetShowOutdatedComments, repo.ViewPullFilesForSingleCommit)
 					m.Post("/reviews/submit", context.RepoMustNotBeArchived(), web.Bind(forms.SubmitReviewForm{}), repo.SubmitReview)
 				})
+				m.Group("/{sha:([a-f0-9]{4,64})$}/notes", func() {
+					m.Post("", context.RepoMustNotBeArchived(), web.Bind(forms.CommitNotesForm{}), repo.SetCommitNotesPullRequest)
+					m.Post("/remove", context.RepoMustNotBeArchived(), repo.RemoveCommitNotesPullRequest)
+				}, reqSignIn, reqRepoCodeWriter)
 			})
 			m.Post("/merge", context.RepoMustNotBeArchived(), web.Bind(forms.MergePullRequestForm{}), context.EnforceQuotaWeb(quota_model.LimitSubjectSizeGitAll, context.QuotaTargetRepo), repo.MergePullRequest)
 			m.Post("/cancel_auto_merge", context.RepoMustNotBeArchived(), repo.CancelAutoMergePullRequest)
@@ -1626,8 +1630,8 @@ func registerRoutes(m *web.Route) {
 			m.Get("/commit/{sha:([a-f0-9]{4,64})$}", repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.Diff)
 			m.Get("/commit/{sha:([a-f0-9]{4,64})$}/load-branches-and-tags", repo.LoadBranchesAndTags)
 			m.Group("/commit/{sha:([a-f0-9]{4,64})$}/notes", func() {
-				m.Post("", web.Bind(forms.CommitNotesForm{}), repo.SetCommitNotes)
-				m.Post("/remove", repo.RemoveCommitNotes)
+				m.Post("", context.RepoMustNotBeArchived(), web.Bind(forms.CommitNotesForm{}), repo.SetCommitNotes)
+				m.Post("/remove", context.RepoMustNotBeArchived(), repo.RemoveCommitNotes)
 			}, reqSignIn, reqRepoCodeWriter)
 			m.Get("/cherry-pick/{sha:([a-f0-9]{4,64})$}", repo.SetEditorconfigIfExists, repo.CherryPick)
 		}, repo.MustBeNotEmpty, context.RepoRef(), reqRepoCodeReader)
diff --git a/templates/repo/commit_header.tmpl b/templates/repo/commit_header.tmpl
index 3426d5feac..dacbf43b59 100644
--- a/templates/repo/commit_header.tmpl
+++ b/templates/repo/commit_header.tmpl
@@ -293,7 +293,7 @@
 					<div class="text right actions">
 						<form action="{{.Link}}/notes/remove" method="post">
 							<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
-							<button type="submit" class="ui red button" href="{{.Link}}/notes/remove">{{ctx.Locale.Tr "remove"}}</button>
+							<button type="submit" class="ui red button">{{ctx.Locale.Tr "remove"}}</button>
 						</form>
 					</div>
 				</div>
@@ -303,32 +303,19 @@
 	<div id="commit-notes-display-area" class="ui bottom attached info segment git-notes">
 		<pre class="commit-body">{{.NoteRendered | SanitizeHTML}}</pre>
 	</div>
-	{{if and ($.Permission.CanWrite $.UnitTypeCode) (not $.Repository.IsArchived) (not .IsDeleted)}}
-		<div id="commit-notes-edit-area" class="ui bottom attached info segment git-notes tw-hidden">
-			<form class="ui form" action="{{.Link}}/notes" method="post">
-
-				<div class="field">
-					<textarea name="notes">{{.NoteRendered | SanitizeHTML}}</textarea>
-				</div>
-
-				<div class="field">
-					<button id="notes-save-button" class="ui primary button">{{ctx.Locale.Tr "save"}}</button>
-				</div>
-			</form>
-		</div>
-	{{end}}
-{{else if and ($.Permission.CanWrite $.UnitTypeCode) (not $.Repository.IsArchived) (not .IsDeleted)}}
-	<div id="commit-notes-add-area" class="ui tw-mt-3 segment tw-hidden">
-		<form class="ui form" action="{{.Link}}/notes" method="post">
-
+{{end}}
+{{if and ($.Permission.CanWrite $.UnitTypeCode) (not $.Repository.IsArchived) (not .IsDeleted)}}
+	<div id="commit-notes-edit-area" class="ui bottom attached info segment git-notes tw-hidden">
+		<form id="commit-notes-edit-form" class="ui form" action="{{.Link}}/notes" method="post">
 			<div class="field">
-				<textarea name="notes"></textarea>
+				<textarea name="notes">{{.NoteRaw}}</textarea>
 			</div>
-
 			<div class="field">
-				<button class="ui primary button">{{ctx.Locale.Tr "add"}}</button>
+				<div class="text right edit">
+					<button id="commit-notes-cancel-button" type="button" class="ui cancel button">{{ctx.Locale.Tr "cancel"}}</button>
+					<button id="commit-notes-save-button" type="submit" class="ui primary button">{{if .NoteRaw}}{{ctx.Locale.Tr "save"}}{{else}}{{ctx.Locale.Tr "add"}}{{end}}</button>
+				</div>
 			</div>
 		</form>
 	</div>
 {{end}}
-
diff --git a/tests/e2e/git-notes.test.e2e.ts b/tests/e2e/git-notes.test.e2e.ts
index f1f4d07c1d..2e2948a43e 100644
--- a/tests/e2e/git-notes.test.e2e.ts
+++ b/tests/e2e/git-notes.test.e2e.ts
@@ -6,26 +6,52 @@ import {screenshot} from './shared/screenshots.ts';
 test.use({user: 'user2'});
 
 test('Change git note', async ({page}) => {
+  const text = 'This is a new note <script>alert("xss")</script>.\nSee https://frogejo.org.';
+
   let response = await page.goto('/user2/repo1/commit/65f1bf27bc3bf70f64657658635e66094edbcb4d');
   expect(response?.status()).toBe(200);
 
   // An add button should not be present, because the commit already has a commit note
   await expect(page.locator('#commit-notes-add-button')).toHaveCount(0);
 
+  let renderedarea = page.locator('#commit-notes-display-area pre.commit-body');
+  await expect(renderedarea).toBeVisible();
+  let textarea = page.locator('textarea[name="notes"]');
+  await expect(textarea).toBeHidden();
+
   await page.locator('#commit-notes-edit-button').click();
 
-  let textarea = page.locator('textarea[name="notes"]');
+  await expect(renderedarea).toBeHidden();
   await expect(textarea).toBeVisible();
-  await textarea.fill('This is a new note');
+  await textarea.fill(text);
   await screenshot(page, page.locator('.ui.container.fluid.padded'));
 
-  await page.locator('#notes-save-button').click();
+  await page.locator('#commit-notes-save-button').click();
+
+  await expect(renderedarea).toBeVisible();
+  await expect(textarea).toBeHidden();
+  await expect(renderedarea).toHaveText(text);
+  await expect(renderedarea.locator('a')).toHaveAttribute('href', 'https://frogejo.org');
   await screenshot(page, page.locator('.ui.container.fluid.padded'));
 
+  // Check edited note
   response = await page.goto('/user2/repo1/commit/65f1bf27bc3bf70f64657658635e66094edbcb4d');
   expect(response?.status()).toBe(200);
 
+  renderedarea = page.locator('#commit-notes-display-area pre.commit-body');
+  await expect(renderedarea).toHaveText(text);
+  await expect(renderedarea.locator('a')).toHaveAttribute('href', 'https://frogejo.org');
   textarea = page.locator('textarea[name="notes"]');
-  await expect(textarea).toHaveText('This is a new note');
+  await expect(textarea).toHaveText(text);
+  await expect(textarea.locator('a')).toHaveCount(0);
   await screenshot(page, page.locator('.ui.container.fluid.padded'));
+
+  // Cancel note editing
+  await page.locator('#commit-notes-edit-button').click();
+  await textarea.fill('Edited note');
+  await page.locator('#commit-notes-cancel-button').click();
+  await expect(renderedarea).toBeVisible();
+  await expect(renderedarea).toHaveText(text);
+  await expect(textarea).toBeHidden();
+  await expect(textarea).toHaveText(text);
 });
diff --git a/web_src/js/features/repo-commit.js b/web_src/js/features/repo-commit.js
index c546cfe0c2..5f8d0e7393 100644
--- a/web_src/js/features/repo-commit.js
+++ b/web_src/js/features/repo-commit.js
@@ -28,18 +28,18 @@ export function initCommitStatuses() {
 }
 
 export function initCommitNotes() {
-  const notesEditButton = document.getElementById('commit-notes-edit-button');
-  if (notesEditButton !== null) {
-    notesEditButton.addEventListener('click', () => {
-      document.getElementById('commit-notes-display-area').classList.add('tw-hidden');
-      document.getElementById('commit-notes-edit-area').classList.remove('tw-hidden');
-    });
-  }
+  document.getElementById('commit-notes-edit-button')?.addEventListener('click', () => {
+    document.getElementById('commit-notes-display-area').classList.add('tw-hidden');
+    document.getElementById('commit-notes-edit-area').classList.remove('tw-hidden');
+  });
 
-  const notesAddButton = document.getElementById('commit-notes-add-button');
-  if (notesAddButton !== null) {
-    notesAddButton.addEventListener('click', () => {
-      document.getElementById('commit-notes-add-area').classList.remove('tw-hidden');
-    });
-  }
+  document.getElementById('commit-notes-add-button')?.addEventListener('click', () => {
+    document.getElementById('commit-notes-edit-area').classList.remove('tw-hidden');
+  });
+
+  document.getElementById('commit-notes-cancel-button')?.addEventListener('click', () => {
+    document.getElementById('commit-notes-edit-form').reset();
+    document.getElementById('commit-notes-display-area')?.classList.remove('tw-hidden');
+    document.getElementById('commit-notes-edit-area').classList.add('tw-hidden');
+  });
 }

From a58105960684a456009b55d839d59a8da42e73cc Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 11 Mar 2026 00:51:58 +0100
Subject: [PATCH 480/854] Update dependency globals to v17.4.0 (forgejo)
 (#11621)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11621
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index dc878eae7c..9d4d57280f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -107,7 +107,7 @@
         "eslint-plugin-vue": "10.8.0",
         "eslint-plugin-vue-scoped-css": "2.12.0",
         "eslint-plugin-wc": "3.1.0",
-        "globals": "17.3.0",
+        "globals": "17.4.0",
         "happy-dom": "20.0.11",
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.47.0",
@@ -9048,9 +9048,9 @@
       }
     },
     "node_modules/globals": {
-      "version": "17.3.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-17.3.0.tgz",
-      "integrity": "sha512-yMqGUQVVCkD4tqjOJf3TnrvaaHDMYp4VlUSObbkIiuCPe/ofdMBFIAcBbCSRFWOnos6qRiTVStDwqPLUclaxIw==",
+      "version": "17.4.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-17.4.0.tgz",
+      "integrity": "sha512-hjrNztw/VajQwOLsMNT1cbJiH2muO3OROCHnbehc8eY5JyD2gqz4AcMHPqgaOR59DjgUjYAYLeH699g/eWi2jw==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/package.json b/package.json
index c1b132a8eb..a2a6208b68 100644
--- a/package.json
+++ b/package.json
@@ -106,7 +106,7 @@
     "eslint-plugin-vue": "10.8.0",
     "eslint-plugin-vue-scoped-css": "2.12.0",
     "eslint-plugin-wc": "3.1.0",
-    "globals": "17.3.0",
+    "globals": "17.4.0",
     "happy-dom": "20.0.11",
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.47.0",

From d2acd4f14cd0023cde797365d000133d912ae8fc Mon Sep 17 00:00:00 2001
From: limiting-factor <limiting-factor@posteo.com>
Date: Wed, 11 Mar 2026 03:40:32 +0100
Subject: [PATCH 481/854] chore: split `AddRepository` and `AddTeamMember` to
 return the inserted value (#11342)

Split [AddRepository][0] and [AddTeamMember][1] to functions that return the inserted value. These can be used by the F3 driver to obtain the ID of the TeamRepo and TeamUser rows inserted in the database.

Add test coverage for both functions and remove a duplicated test. Integration tests also already [make use of AddRepository and AddTeamMember][2] indirectly.

[0]: https://codeberg.org/forgejo/forgejo/src/commit/f8bee35e7717e33a8dc122b038dd6335a198449c/models/org_team.go#L26
[1]: https://codeberg.org/forgejo/forgejo/src/commit/f8bee35e7717e33a8dc122b038dd6335a198449c/models/org_team.go#L359
[2]: https://codeberg.org/forgejo/forgejo/src/commit/f8bee35e7717e33a8dc122b038dd6335a198449c/tests/integration/api_helper_for_declarative_test.go#L461-L483

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11342
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: limiting-factor <limiting-factor@posteo.com>
Co-committed-by: limiting-factor <limiting-factor@posteo.com>
---
 models/org_team.go               |  53 ++++++++++------
 models/org_team_test.go          | 104 ++++++++++++++++++++++++++-----
 models/organization/team_repo.go |  10 ---
 3 files changed, 125 insertions(+), 42 deletions(-)

diff --git a/models/org_team.go b/models/org_team.go
index de54c61745..187ea1560d 100644
--- a/models/org_team.go
+++ b/models/org_team.go
@@ -23,34 +23,44 @@ import (
 	"xorm.io/builder"
 )
 
-func AddRepository(ctx context.Context, t *organization.Team, repo *repo_model.Repository) (err error) {
-	if err = organization.AddTeamRepo(ctx, t.OrgID, t.ID, repo.ID); err != nil {
-		return err
+func AddRepository(ctx context.Context, t *organization.Team, repo *repo_model.Repository) error {
+	_, err := InsertTeamRepository(ctx, t, repo)
+	return err
+}
+
+func InsertTeamRepository(ctx context.Context, t *organization.Team, repo *repo_model.Repository) (teamRepo *organization.TeamRepo, err error) {
+	teamRepo = &organization.TeamRepo{
+		OrgID:  t.OrgID,
+		TeamID: t.ID,
+		RepoID: repo.ID,
+	}
+	if _, err = db.GetEngine(ctx).Insert(teamRepo); err != nil {
+		return nil, err
 	}
 
 	if err = organization.IncrTeamRepoNum(ctx, t.ID); err != nil {
-		return fmt.Errorf("update team: %w", err)
+		return nil, fmt.Errorf("update team: %w", err)
 	}
 
 	t.NumRepos++
 
 	if err = access_model.RecalculateTeamAccesses(ctx, repo, 0); err != nil {
-		return fmt.Errorf("recalculateAccesses: %w", err)
+		return nil, fmt.Errorf("recalculateAccesses: %w", err)
 	}
 
 	// Make all team members watch this repo if enabled in global settings
 	if setting.Service.AutoWatchNewRepos {
 		if err = t.LoadMembers(ctx); err != nil {
-			return fmt.Errorf("getMembers: %w", err)
+			return nil, fmt.Errorf("getMembers: %w", err)
 		}
 		for _, u := range t.Members {
 			if err = repo_model.WatchRepo(ctx, u.ID, repo.ID, true); err != nil {
-				return fmt.Errorf("watchRepo: %w", err)
+				return nil, fmt.Errorf("watchRepo: %w", err)
 			}
 		}
 	}
 
-	return nil
+	return teamRepo, nil
 }
 
 // addAllRepositories adds all repositories to the team.
@@ -354,16 +364,27 @@ func DeleteTeam(ctx context.Context, t *organization.Team) error {
 	return committer.Commit()
 }
 
+func AddTeamMember(ctx context.Context, team *organization.Team, userID int64) error {
+	_, err := InsertTeamMember(ctx, team, userID)
+	return err
+}
+
 // AddTeamMember adds new membership of given team to given organization,
 // the user will have membership to given organization automatically when needed.
-func AddTeamMember(ctx context.Context, team *organization.Team, userID int64) error {
+func InsertTeamMember(ctx context.Context, team *organization.Team, userID int64) (*organization.TeamUser, error) {
 	isAlreadyMember, err := organization.IsTeamMember(ctx, team.OrgID, team.ID, userID)
 	if err != nil || isAlreadyMember {
-		return err
+		return nil, err
 	}
 
 	if err := organization.AddOrgUser(ctx, team.OrgID, userID); err != nil {
-		return err
+		return nil, err
+	}
+
+	teamUser := &organization.TeamUser{
+		UID:    userID,
+		OrgID:  team.OrgID,
+		TeamID: team.ID,
 	}
 
 	err = db.WithTx(ctx, func(ctx context.Context) error {
@@ -375,11 +396,7 @@ func AddTeamMember(ctx context.Context, team *organization.Team, userID int64) e
 
 		sess := db.GetEngine(ctx)
 
-		if err := db.Insert(ctx, &organization.TeamUser{
-			UID:    userID,
-			OrgID:  team.OrgID,
-			TeamID: team.ID,
-		}); err != nil {
+		if err := db.Insert(ctx, teamUser); err != nil {
 			return err
 		} else if _, err := sess.Incr("num_members").ID(team.ID).Update(new(organization.Team)); err != nil {
 			return err
@@ -420,7 +437,7 @@ func AddTeamMember(ctx context.Context, team *organization.Team, userID int64) e
 		return nil
 	})
 	if err != nil {
-		return err
+		return nil, err
 	}
 
 	// this behaviour may spend much time so run it in a goroutine
@@ -440,7 +457,7 @@ func AddTeamMember(ctx context.Context, team *organization.Team, userID int64) e
 		}(team.Repos)
 	}
 
-	return nil
+	return teamUser, nil
 }
 
 func removeTeamMember(ctx context.Context, team *organization.Team, userID int64) error {
diff --git a/models/org_team_test.go b/models/org_team_test.go
index 730bc65f7d..5f7544e9ea 100644
--- a/models/org_team_test.go
+++ b/models/org_team_test.go
@@ -19,20 +19,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestTeam_AddMember(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-
-	test := func(teamID, userID int64) {
-		team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: teamID})
-		require.NoError(t, AddTeamMember(db.DefaultContext, team, userID))
-		unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{UID: userID, TeamID: teamID})
-		unittest.CheckConsistencyFor(t, &organization.Team{ID: teamID}, &user_model.User{ID: team.OrgID})
-	}
-	test(1, 2)
-	test(1, 4)
-	test(3, 2)
-}
-
 func TestTeam_RemoveMember(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
@@ -132,6 +118,96 @@ func TestAddTeamMember(t *testing.T) {
 	test(3, 2)
 }
 
+func TestTeam_AddAndReturnTeamMember(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	for _, testCase := range []struct {
+		name          string
+		alreadyMember bool
+		teamID        int64
+		userID        int64
+	}{
+		{
+			name:          "Already member of a team with repositories",
+			alreadyMember: true,
+			teamID:        1,
+			userID:        2,
+		},
+		{
+			name:   "New member of a team with repositories",
+			teamID: 1,
+			userID: 4,
+		},
+		{
+			name:   "New member of a team with no repositories",
+			teamID: 3,
+			userID: 2,
+		},
+	} {
+		t.Run(testCase.name, func(t *testing.T) {
+			team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: testCase.teamID})
+			teamUser, err := InsertTeamMember(db.DefaultContext, team, testCase.userID)
+			require.NoError(t, err)
+			if testCase.alreadyMember {
+				assert.Nil(t, teamUser)
+			} else {
+				require.NotNil(t, teamUser)
+				assert.Equal(t, testCase.teamID, teamUser.TeamID)
+				assert.Equal(t, testCase.userID, teamUser.UID)
+			}
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamUser{UID: testCase.userID, TeamID: testCase.teamID})
+			unittest.CheckConsistencyFor(t, &organization.Team{ID: testCase.teamID}, &user_model.User{ID: team.OrgID})
+		})
+	}
+}
+
+func TestTeam_AddTeamRepository(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	for _, testCase := range []struct {
+		name   string
+		teamID int64
+		repoID int64
+	}{
+		{
+			name:   "AddAndReturnTeamRepository",
+			teamID: 8,
+			repoID: 23,
+		},
+	} {
+		t.Run(testCase.name, func(t *testing.T) {
+			team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: testCase.teamID})
+			repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: testCase.repoID})
+			teamRepo, err := InsertTeamRepository(t.Context(), team, repo)
+			require.NoError(t, err)
+			require.NotNil(t, teamRepo)
+			assert.Equal(t, testCase.teamID, teamRepo.TeamID)
+			assert.Equal(t, testCase.repoID, teamRepo.RepoID)
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamRepo{RepoID: testCase.repoID, TeamID: testCase.teamID})
+		})
+	}
+
+	for _, testCase := range []struct {
+		name   string
+		teamID int64
+		repoID int64
+	}{
+		{
+			name:   "AddTeamRepository",
+			teamID: 9,
+			repoID: 23,
+		},
+	} {
+		t.Run(testCase.name, func(t *testing.T) {
+			team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: testCase.teamID})
+			repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: testCase.repoID})
+			err := AddRepository(t.Context(), team, repo)
+			require.NoError(t, err)
+			unittest.AssertExistsAndLoadBean(t, &organization.TeamRepo{RepoID: testCase.repoID, TeamID: testCase.teamID})
+		})
+	}
+}
+
 func TestRemoveTeamMember(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
diff --git a/models/organization/team_repo.go b/models/organization/team_repo.go
index 9331537e19..895d5a56d0 100644
--- a/models/organization/team_repo.go
+++ b/models/organization/team_repo.go
@@ -59,16 +59,6 @@ func GetTeamRepositories(ctx context.Context, opts *SearchTeamRepoOptions) (repo
 		Find(&repos)
 }
 
-// AddTeamRepo adds a repo for an organization's team
-func AddTeamRepo(ctx context.Context, orgID, teamID, repoID int64) error {
-	_, err := db.GetEngine(ctx).Insert(&TeamRepo{
-		OrgID:  orgID,
-		TeamID: teamID,
-		RepoID: repoID,
-	})
-	return err
-}
-
 // RemoveTeamRepo remove repository from team
 func RemoveTeamRepo(ctx context.Context, teamID, repoID int64) error {
 	_, err := db.DeleteByBean(ctx, &TeamRepo{

From 20388a7bee1af7bf54b774278f99fc97b6a32a85 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 11 Mar 2026 03:40:43 +0100
Subject: [PATCH 482/854] chore(deps): bump xorm to v1.3.9-forgejo.8 (#11624)

Fixes https://codeberg.org/forgejo/forgejo/issues/11608 via https://code.forgejo.org/xorm/xorm/pulls/81.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11624
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 52b7629daa..9a70251ad0 100644
--- a/go.mod
+++ b/go.mod
@@ -274,6 +274,6 @@ replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-2024121
 
 replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
 
-replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.7
+replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.8
 
 replace github.com/urfave/cli/v3 => github.com/urfave/cli/v3 v3.5.0
diff --git a/go.sum b/go.sum
index 09332da181..380048714d 100644
--- a/go.sum
+++ b/go.sum
@@ -42,8 +42,8 @@ code.forgejo.org/go-chi/captcha v1.0.2 h1:vyHDPXkpjDv8bLO9NqtWzZayzstD/WpJ5xwEkA
 code.forgejo.org/go-chi/captcha v1.0.2/go.mod h1:lxiPLcJ76UCZHoH31/Wbum4GUi2NgjfFZLrJkKv1lLE=
 code.forgejo.org/go-chi/session v1.0.2 h1:pG+AXre9L9VXJmTaADXkmeEPuRalhmBXyv6tG2Rvjcc=
 code.forgejo.org/go-chi/session v1.0.2/go.mod h1:HnEGyBny7WPzCiVLP2vzL5ssma+3gCSl/vLpuVNYrqc=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.7 h1:sCKvX25xch5KHvGr6F7nHvIYKi5T155X5ZDRGr1QPbY=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.7/go.mod h1:C3wmlPyYWKe0cCCJUayG8c3lYOA1gogU5BpNxrGrXSo=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.8 h1:dsSKm2nus0NhHsqYxeuB3Gldk6TtlusD1CBGV6V1SS0=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.8/go.mod h1:A7sFd3BFmRp20h6drSsCXgQRQdF8Vz8HuCSrzFS3m90=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
 code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
 code.superseriousbusiness.org/exif-terminator v0.11.1 h1:qnujLH4/Yk/CFtFMmtjozbdV6Ry5G3Q/E/mLlWm/gQI=

From 29e12d4db463e675919c3c242d7384e83d8524c6 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 11 Mar 2026 03:55:38 +0100
Subject: [PATCH 483/854] Update module code.forgejo.org/go-chi/session to
 v1.0.3

---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 9a70251ad0..56ecc4491f 100644
--- a/go.mod
+++ b/go.mod
@@ -15,7 +15,7 @@ require (
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
-	code.forgejo.org/go-chi/session v1.0.2
+	code.forgejo.org/go-chi/session v1.0.3
 	code.gitea.io/sdk/gitea v0.21.0
 	code.superseriousbusiness.org/exif-terminator v0.11.1
 	code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0
diff --git a/go.sum b/go.sum
index 380048714d..ab757aa052 100644
--- a/go.sum
+++ b/go.sum
@@ -40,8 +40,8 @@ code.forgejo.org/go-chi/cache v1.0.1 h1:w6IsDcPbeEnEYZn7M2HJe3/3/Ehtcw/72VjcVK7+
 code.forgejo.org/go-chi/cache v1.0.1/go.mod h1:K3aQSyRIN4xiuqV1kanfQ6O4ToDpzDpY3bNOyGjFe3U=
 code.forgejo.org/go-chi/captcha v1.0.2 h1:vyHDPXkpjDv8bLO9NqtWzZayzstD/WpJ5xwEkAaqZGQ=
 code.forgejo.org/go-chi/captcha v1.0.2/go.mod h1:lxiPLcJ76UCZHoH31/Wbum4GUi2NgjfFZLrJkKv1lLE=
-code.forgejo.org/go-chi/session v1.0.2 h1:pG+AXre9L9VXJmTaADXkmeEPuRalhmBXyv6tG2Rvjcc=
-code.forgejo.org/go-chi/session v1.0.2/go.mod h1:HnEGyBny7WPzCiVLP2vzL5ssma+3gCSl/vLpuVNYrqc=
+code.forgejo.org/go-chi/session v1.0.3 h1:ByJ9c/UC0AU57hxiGl53TXh+NdBOBwK/bhZ9jyadEwE=
+code.forgejo.org/go-chi/session v1.0.3/go.mod h1:xzGtFrV/agCJoZCUhFDlqAr1he6BrAdqlaprKOB1W90=
 code.forgejo.org/xorm/xorm v1.3.9-forgejo.8 h1:dsSKm2nus0NhHsqYxeuB3Gldk6TtlusD1CBGV6V1SS0=
 code.forgejo.org/xorm/xorm v1.3.9-forgejo.8/go.mod h1:A7sFd3BFmRp20h6drSsCXgQRQdF8Vz8HuCSrzFS3m90=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=

From 31fff54e17747a88aabf1d0defefe6c089d148c2 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Fri, 13 Feb 2026 14:26:17 +0100
Subject: [PATCH 484/854] Improvement: Do not set session cookie for empty
 session

This is based on https://code.forgejo.org/go-chi/session/pulls/80.

The remainder of this message is largely copied from there:

For interoperability with reverse proxies and CDNs, setting a session
cookie for no good reason (login is a good reason) is a PITA, because it
makes caching of content for anonymous (not logged-in) users very hard,
requiring all kinds of special casing and error prone workarounds.

In particular in an age of exploitative AI bot crawling, being able to
serve content for anonymous users from a fast, efficient page cache is
an important option.

This patch lays a foundation by using an option added to go-chi/session
to not create session cookies always, but rather only when the
respective session is non-empty.

Test cases are included there and omitted here.
---
 modules/session/db.go        | 5 +++++
 modules/session/redis.go     | 5 +++++
 modules/session/virtual.go   | 5 +++++
 routers/common/middleware.go | 1 +
 4 files changed, 16 insertions(+)

diff --git a/modules/session/db.go b/modules/session/db.go
index eea7e2136e..57f658dfd6 100644
--- a/modules/session/db.go
+++ b/modules/session/db.go
@@ -84,6 +84,11 @@ func (s *DBStore) Flush() error {
 	return nil
 }
 
+// True if no keys have been set
+func (s *DBStore) Empty() bool {
+	return len(s.data) == 0
+}
+
 // DBProvider represents a DB session provider implementation.
 type DBProvider struct {
 	maxLifetime int64
diff --git a/modules/session/redis.go b/modules/session/redis.go
index cf84ef21d9..1e8c61da8b 100644
--- a/modules/session/redis.go
+++ b/modules/session/redis.go
@@ -103,6 +103,11 @@ func (s *RedisStore) Flush() error {
 	return nil
 }
 
+// True if no keys have been set
+func (s *RedisStore) Empty() bool {
+	return len(s.data) == 0
+}
+
 // RedisProvider represents a redis session provider implementation.
 type RedisProvider struct {
 	c        nosql.RedisClient
diff --git a/modules/session/virtual.go b/modules/session/virtual.go
index 1986ba64ad..cde9e60c4d 100644
--- a/modules/session/virtual.go
+++ b/modules/session/virtual.go
@@ -195,3 +195,8 @@ func (s *VirtualStore) Flush() error {
 	s.data = make(map[any]any)
 	return nil
 }
+
+// True if no keys have been set
+func (s *VirtualStore) Empty() bool {
+	return len(s.data) == 0
+}
diff --git a/routers/common/middleware.go b/routers/common/middleware.go
index 7bc4890a43..5c8283e247 100644
--- a/routers/common/middleware.go
+++ b/routers/common/middleware.go
@@ -118,5 +118,6 @@ func Sessioner() func(next http.Handler) http.Handler {
 		Secure:         setting.SessionConfig.Secure,
 		SameSite:       setting.SessionConfig.SameSite,
 		Domain:         setting.SessionConfig.Domain,
+		DeferSetCookie: true,
 	})
 }

From 3a0c776a078af12fa1ef8201c6fa3d2578a2859c Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 11 Mar 2026 05:18:17 +0100
Subject: [PATCH 485/854] Update dependency asciinema-player to v3.15.1
 (forgejo) (#11605)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11605
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 9d4d57280f..b508d89c08 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -39,7 +39,7 @@
         "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
         "@primer/octicons": "19.14.0",
         "ansi_up": "6.0.5",
-        "asciinema-player": "3.14.15",
+        "asciinema-player": "3.15.1",
         "chart.js": "4.5.1",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
@@ -5615,9 +5615,9 @@
       }
     },
     "node_modules/asciinema-player": {
-      "version": "3.14.15",
-      "resolved": "https://registry.npmjs.org/asciinema-player/-/asciinema-player-3.14.15.tgz",
-      "integrity": "sha512-M+6n0GXMc9X4Oaz9qOr5pfQGcmnPOW8QIBzf67eZvtSpyqiKexMA03CpP4S9ZaDuUQNQIF2RSjHl6QLgJYvJ9g==",
+      "version": "3.15.1",
+      "resolved": "https://registry.npmjs.org/asciinema-player/-/asciinema-player-3.15.1.tgz",
+      "integrity": "sha512-agVYeNlPxthLyAb92l9AS7ypW0uhesqOuQzyR58Q4Sj+MvesQztZBgx86lHqNJkB8rQ6EP0LeA9czGytQUBpYw==",
       "license": "Apache-2.0",
       "dependencies": {
         "@babel/runtime": "^7.21.0",
diff --git a/package.json b/package.json
index a2a6208b68..e500012122 100644
--- a/package.json
+++ b/package.json
@@ -38,7 +38,7 @@
     "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
     "@primer/octicons": "19.14.0",
     "ansi_up": "6.0.5",
-    "asciinema-player": "3.14.15",
+    "asciinema-player": "3.15.1",
     "chart.js": "4.5.1",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",

From a8837bc1ab794828525eb76d8e152347fe412714 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 11 Mar 2026 05:28:18 +0100
Subject: [PATCH 486/854] Update dependency wrap-ansi to v10 (forgejo) (#11629)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11629
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 49 ++++++++++++++++++++---------------------------
 package.json      |  2 +-
 2 files changed, 22 insertions(+), 29 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b508d89c08..02a6646b46 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -79,7 +79,7 @@
         "vue3-calendar-heatmap": "2.0.5",
         "webpack": "5.105.4",
         "webpack-cli": "6.0.1",
-        "wrap-ansi": "9.0.2"
+        "wrap-ansi": "10.0.0"
       },
       "devDependencies": {
         "@axe-core/playwright": "4.11.0",
@@ -8852,9 +8852,9 @@
       }
     },
     "node_modules/get-east-asian-width": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.4.0.tgz",
-      "integrity": "sha512-QZjmEOC+IT1uk6Rx0sX22V6uHWVwbdbxf1faPqJ1QhLdGgsRGCZoyaQBm/piRdJy/D2um6hM1UP7ZEeQ4EkP+Q==",
+      "version": "1.5.0",
+      "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.5.0.tgz",
+      "integrity": "sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==",
       "license": "MIT",
       "engines": {
         "node": ">=18"
@@ -16113,17 +16113,17 @@
       }
     },
     "node_modules/wrap-ansi": {
-      "version": "9.0.2",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.2.tgz",
-      "integrity": "sha512-42AtmgqjV+X1VpdOfyTGOYRi0/zsoLqtXQckTmqTeybT+BDIbM/Guxo7x3pE2vtpr1ok6xRqM9OpBe+Jyoqyww==",
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-10.0.0.tgz",
+      "integrity": "sha512-SGcvg80f0wUy2/fXES19feHMz8E0JoXv2uNgHOu4Dgi2OrCy1lqwFYEJz1BLbDI0exjPMe/ZdzZ/YpGECBG/aQ==",
       "license": "MIT",
       "dependencies": {
-        "ansi-styles": "^6.2.1",
-        "string-width": "^7.0.0",
-        "strip-ansi": "^7.1.0"
+        "ansi-styles": "^6.2.3",
+        "string-width": "^8.2.0",
+        "strip-ansi": "^7.1.2"
       },
       "engines": {
-        "node": ">=18"
+        "node": ">=20"
       },
       "funding": {
         "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
@@ -16172,36 +16172,29 @@
         "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
-    "node_modules/wrap-ansi/node_modules/emoji-regex": {
-      "version": "10.6.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz",
-      "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==",
-      "license": "MIT"
-    },
     "node_modules/wrap-ansi/node_modules/string-width": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz",
-      "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==",
+      "version": "8.2.0",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-8.2.0.tgz",
+      "integrity": "sha512-6hJPQ8N0V0P3SNmP6h2J99RLuzrWz2gvT7VnK5tKvrNqJoyS9W4/Fb8mo31UiPvy00z7DQXkP2hnKBVav76thw==",
       "license": "MIT",
       "dependencies": {
-        "emoji-regex": "^10.3.0",
-        "get-east-asian-width": "^1.0.0",
-        "strip-ansi": "^7.1.0"
+        "get-east-asian-width": "^1.5.0",
+        "strip-ansi": "^7.1.2"
       },
       "engines": {
-        "node": ">=18"
+        "node": ">=20"
       },
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
     "node_modules/wrap-ansi/node_modules/strip-ansi": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz",
-      "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
+      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
       "license": "MIT",
       "dependencies": {
-        "ansi-regex": "^6.0.1"
+        "ansi-regex": "^6.2.2"
       },
       "engines": {
         "node": ">=12"
diff --git a/package.json b/package.json
index e500012122..cf52fa9aff 100644
--- a/package.json
+++ b/package.json
@@ -78,7 +78,7 @@
     "vue3-calendar-heatmap": "2.0.5",
     "webpack": "5.105.4",
     "webpack-cli": "6.0.1",
-    "wrap-ansi": "9.0.2"
+    "wrap-ansi": "10.0.0"
   },
   "devDependencies": {
     "@axe-core/playwright": "4.11.0",

From 692905a2a3ea4cddfaf0724654f60047b2b2287a Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 11 Mar 2026 05:33:18 +0100
Subject: [PATCH 487/854] Update
 https://data.forgejo.org/forgejo/upload-artifact action to v5 (forgejo)
 (#11631)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11631
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .forgejo/workflows/testing.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index f9cce74258..fe6500d469 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -148,7 +148,7 @@ jobs:
           RUN_ALL: ${{steps.run-all.all}}
       - name: Upload test artifacts on failure
         if: failure()
-        uses: https://data.forgejo.org/forgejo/upload-artifact@v4
+        uses: https://data.forgejo.org/forgejo/upload-artifact@v5
         with:
           name: test-artifacts.zip
           path: tests/e2e/test-artifacts/

From 7604267a17103f8d97519b733b6fca831f4530ed Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 11 Mar 2026 06:01:06 +0100
Subject: [PATCH 488/854] Update
 https://code.forgejo.org/forgejo/upload-artifact action to v5 (forgejo)
 (#11630)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11630
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .forgejo/workflows/coverage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/coverage.yml b/.forgejo/workflows/coverage.yml
index 539527533f..3c2a6c245e 100644
--- a/.forgejo/workflows/coverage.yml
+++ b/.forgejo/workflows/coverage.yml
@@ -83,7 +83,7 @@ jobs:
           TEST_MINIO_ENDPOINT: minio:9000
           TEST_LDAP: 1
           TEST_REDIS_SERVER: cacher:6379
-      - uses: https://code.forgejo.org/forgejo/upload-artifact@v4
+      - uses: https://data.forgejo.org/forgejo/upload-artifact@v5
         with:
           name: coverage
           path: ${{ forge.workspace }}/coverage/merged

From 8e41551acb351b03dcbe48ca513b089046bfe9dd Mon Sep 17 00:00:00 2001
From: forgejo-renovate-action <forgejo-renovate-action@noreply.codeberg.org>
Date: Thu, 12 Mar 2026 01:26:23 +0100
Subject: [PATCH 489/854] Update dependency go to v1.26 (forgejo) (#11320)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11320
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: forgejo-renovate-action <forgejo-renovate-action@noreply.codeberg.org>
Co-committed-by: forgejo-renovate-action <forgejo-renovate-action@noreply.codeberg.org>
---
 .devcontainer/devcontainer.json | 2 +-
 go.mod                          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index fb1a99295f..0db96fc73a 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,6 +1,6 @@
 {
   "name": "Gitea DevContainer",
-  "image": "mcr.microsoft.com/devcontainers/go:1.25-trixie",
+  "image": "mcr.microsoft.com/devcontainers/go:1.26-trixie",
   "features": {
     // installs nodejs into container
     "ghcr.io/devcontainers/features/node:1": {
diff --git a/go.mod b/go.mod
index 9a70251ad0..2c9a6d659e 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module forgejo.org
 
 go 1.25.0
 
-toolchain go1.25.8
+toolchain go1.26.1
 
 require (
 	code.forgejo.org/f3/gof3/v3 v3.11.15

From 6237728b7111e1bfc999e9e0a3236547ab8090e2 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 12 Mar 2026 01:35:50 +0100
Subject: [PATCH 490/854] Update dependency katex to v0.16.38 (forgejo)
 (#11638)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11638
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 02a6646b46..2161d9d256 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -54,7 +54,7 @@
         "htmx.org": "2.0.8",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
-        "katex": "0.16.37",
+        "katex": "0.16.38",
         "mermaid": "11.12.3",
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.4",
@@ -10516,9 +10516,9 @@
       "license": "MIT"
     },
     "node_modules/katex": {
-      "version": "0.16.37",
-      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.37.tgz",
-      "integrity": "sha512-TIGjO2cCGYono+uUzgkE7RFF329mLLWGuHUlSr6cwIVj9O8f0VQZ783rsanmJpFUo32vvtj7XT04NGRPh+SZFg==",
+      "version": "0.16.38",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.38.tgz",
+      "integrity": "sha512-cjHooZUmIAUmDsHBN+1n8LaZdpmbj03LtYeYPyuYB7OuloiaeaV6N4LcfjcnHVzGWjVQmKrxxTrpDcmSzEZQwQ==",
       "funding": [
         "https://opencollective.com/katex",
         "https://github.com/sponsors/katex"
diff --git a/package.json b/package.json
index cf52fa9aff..ccdcb349af 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
     "htmx.org": "2.0.8",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
-    "katex": "0.16.37",
+    "katex": "0.16.38",
     "mermaid": "11.12.3",
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.4",

From c3908ba34930557ab22905acde359aaa9601c73e Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 12 Mar 2026 01:37:50 +0100
Subject: [PATCH 491/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.7.2 (forgejo) (#11639)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.7.1` → `v12.7.2` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.7.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.7.1/v12.7.2?slim=true) |

---

> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2779) for more information.

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.7.2`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.7.2)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.7.1...v12.7.2)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1430): <!--number 1430 --><!--line 0 --><!--description Zml4OiBvbmx5IHBpbmcgRm9yZ2VqbyBkdXJpbmcgb2ZmbGluZSByZWdpc3RyYXRpb24gd2hlbiAtLWNvbm5lY3QgaXMgZW5hYmxlZA==-->fix: only ping Forgejo during offline registration when --connect is enabled<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1412): <!--number 1412 --><!--line 0 --><!--description Zml4OiBVUkwgY29tcGFyaXNvbiB3aGVuIGRldGVybWluaW5nIHRva2VuIGF1dGggc3VwcG9ydA==-->fix: URL comparison when determining token auth support<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1428): <!--number 1428 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvdGltZSB0byB2MC4xNS4w-->Update module golang.org/x/time to v0.15.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1427): <!--number 1427 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvc3lzIHRvIHYwLjQyLjA=-->Update module golang.org/x/sys to v0.42.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1425): <!--number 1425 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMTEuMg==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.11.2<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1423): <!--number 1423 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS42LjE=-->Update dependency forgejo/release-notes-assistant to v1.6.1<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1422): <!--number 1422 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuOA==-->Update dependency go to v1.25.8<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1418): <!--number 1418 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vY2xvdWRmbGFyZS9jaXJjbCAoaW5kaXJlY3QpIHRvIHYxLjYuMyBbU0VDVVJJVFld-->Update github.com/cloudflare/circl (indirect) to v1.6.3 \[SECURITY]<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1416): <!--number 1416 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuNw==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.1.7<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1415): <!--number 1415 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMi43LjE=-->Update forgejo-runner to v12.7.1<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4zIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMyIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11639
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 2c9a6d659e..04eda64d7b 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.7.1
+	code.forgejo.org/forgejo/runner/v12 v12.7.2
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
@@ -107,7 +107,7 @@ require (
 	golang.org/x/net v0.51.0
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.19.0
-	golang.org/x/sys v0.41.0
+	golang.org/x/sys v0.42.0
 	golang.org/x/text v0.34.0
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
@@ -258,7 +258,7 @@ require (
 	go.yaml.in/yaml/v4 v4.0.0-rc.3 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
 	golang.org/x/mod v0.33.0 // indirect
-	golang.org/x/time v0.14.0 // indirect
+	golang.org/x/time v0.15.0 // indirect
 	golang.org/x/tools v0.42.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
diff --git a/go.sum b/go.sum
index 380048714d..9a64d48945 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.7.1 h1:32WCUDsO1eu4GNqFRgfz4ZYM70JHLoypTHAc60IbmyM=
-code.forgejo.org/forgejo/runner/v12 v12.7.1/go.mod h1:/6CLR0Q0jltFN18MuHLk0GBCVDLCAth3Sw+6sk53ej0=
+code.forgejo.org/forgejo/runner/v12 v12.7.2 h1:S+r+brf6oo7X2VM/ztypSK/L8JT96RTZi+MbkhrcvcY=
+code.forgejo.org/forgejo/runner/v12 v12.7.2/go.mod h1:qwF/qaXUGhwQzFccS4N7NIQNI5P+3+erlDR9xJJomK8=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=
@@ -849,8 +849,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
-golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -879,8 +879,8 @@ golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
 golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
-golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
+golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
+golang.org/x/time v0.15.0/go.mod h1:Y4YMaQmXwGQZoFaVFk4YpCt4FLQMYKZe9oeV/f4MSno=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=

From 29635728457de58fab85e0dc7f58e399870c1b4e Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Thu, 12 Mar 2026 02:14:45 +0100
Subject: [PATCH 492/854] feat: add form-based runner management (#11516)

Forgejo Runner is deprecating the runner registration token. It is too powerful, requires tooling, and is unnecessary. As a consequence, users need new mechanisms for managing runners in Forgejo. https://codeberg.org/forgejo/forgejo/pulls/10677 added an HTTP API for runner registration. This PR adds the ability to manage runners using Forgejo's web interface.

Runners can be added, modified, and deleted. It is also possible to regenerate a runner's token. When a runner is added or a runner's token is regenerated, setup instructions are displayed. They explain how to alter Forgejo Runner's configuration file or how to launch `forgejo-runner daemon` (yet to be implemented). The existing details page has been overhauled and is now accessible to all users that are allowed to use a particular runner. The details page displays additional information that had to be removed from the list of runners due to space constraints. The task list is filtered. That means it only lists jobs of the respective repository, user, or organization.

The runner registration token has been marked as deprecated.

See https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/88 for context and design considerations.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11516
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 .../action_runner.yml                         |  36 +
 models/actions/runner.go                      |  37 +
 models/actions/runner_test.go                 | 139 ++++
 options/locale_next/locale_en-US.json         |  60 +-
 routers/web/repo/setting/runners.go           | 205 +++--
 routers/web/shared/actions/runners.go         | 178 ++++-
 routers/web/shared/actions/runners_test.go    |   9 +-
 routers/web/web.go                            |   7 +-
 services/forms/runner.go                      |  22 +-
 templates/admin/runners/create.tmpl           |   5 +
 templates/admin/runners/details.tmpl          |   5 +
 templates/admin/runners/edit.tmpl             |   6 +-
 templates/admin/runners/setup.tmpl            |   5 +
 templates/org/settings/runners_create.tmpl    |   5 +
 templates/org/settings/runners_details.tmpl   |   5 +
 templates/org/settings/runners_setup.tmpl     |   5 +
 templates/repo/settings/runner_create.tmpl    |   5 +
 templates/repo/settings/runner_details.tmpl   |   5 +
 templates/repo/settings/runner_setup.tmpl     |   5 +
 templates/shared/actions/runner_create.tmpl   |  22 +
 templates/shared/actions/runner_details.tmpl  | 132 ++++
 templates/shared/actions/runner_edit.tmpl     | 113 +--
 templates/shared/actions/runner_list.tmpl     | 137 ++--
 templates/shared/actions/runner_setup.tmpl    |  53 ++
 templates/user/settings/runner_create.tmpl    |   5 +
 templates/user/settings/runner_details.tmpl   |   5 +
 templates/user/settings/runner_setup.tmpl     |   5 +
 tests/e2e/e2e_test.go                         |   3 +
 .../runner-management/action_runner.yml       |  69 ++
 .../runner-management/action_task.yml         |  15 +
 tests/e2e/runner-management.test.e2e.ts       | 706 ++++++++++++++++++
 .../TestRunnerModification/action_runner.yml  |  12 +
 tests/integration/runner_test.go              | 193 +++--
 web_src/css/actions.css                       |  94 +++
 web_src/css/themes/theme-forgejo-dark.css     |   7 +-
 web_src/css/themes/theme-forgejo-light.css    |   6 +
 web_src/css/themes/theme-gitea-dark.css       |   6 +
 web_src/css/themes/theme-gitea-light.css      |   6 +
 38 files changed, 2030 insertions(+), 303 deletions(-)
 create mode 100644 models/actions/TestRunner_GetAvailableRunnerByID/action_runner.yml
 create mode 100644 templates/admin/runners/create.tmpl
 create mode 100644 templates/admin/runners/details.tmpl
 create mode 100644 templates/admin/runners/setup.tmpl
 create mode 100644 templates/org/settings/runners_create.tmpl
 create mode 100644 templates/org/settings/runners_details.tmpl
 create mode 100644 templates/org/settings/runners_setup.tmpl
 create mode 100644 templates/repo/settings/runner_create.tmpl
 create mode 100644 templates/repo/settings/runner_details.tmpl
 create mode 100644 templates/repo/settings/runner_setup.tmpl
 create mode 100644 templates/shared/actions/runner_create.tmpl
 create mode 100644 templates/shared/actions/runner_details.tmpl
 create mode 100644 templates/shared/actions/runner_setup.tmpl
 create mode 100644 templates/user/settings/runner_create.tmpl
 create mode 100644 templates/user/settings/runner_details.tmpl
 create mode 100644 templates/user/settings/runner_setup.tmpl
 create mode 100644 tests/e2e/fixtures/runner-management/action_runner.yml
 create mode 100644 tests/e2e/fixtures/runner-management/action_task.yml
 create mode 100644 tests/e2e/runner-management.test.e2e.ts

diff --git a/models/actions/TestRunner_GetAvailableRunnerByID/action_runner.yml b/models/actions/TestRunner_GetAvailableRunnerByID/action_runner.yml
new file mode 100644
index 0000000000..1b8198236e
--- /dev/null
+++ b/models/actions/TestRunner_GetAvailableRunnerByID/action_runner.yml
@@ -0,0 +1,36 @@
+- id: 719931
+  uuid: "9e0eb762-cbdf-4725-9c90-4298568a2a77"
+  name: "runner-1"
+  version: "dev"
+  owner_id: 3  # Owned by org3
+  repo_id: 0
+  description: "A superb runner"
+  agent_labels: ["debian", "gpu"]
+  deleted: 0
+- id: 719932
+  uuid: "b0a0a168-1b08-4365-95dd-e65040ca384d"
+  name: "runner-2"
+  version: "11.3.1"
+  owner_id: 2  # Owned by user2
+  repo_id: 0
+  description: "An exclusive runner"
+  agent_labels: ["docker"]
+  deleted: 0
+- id: 719933
+  uuid: "974f9caf-ee64-4022-a56b-67b28ea06a0d"
+  name: "runner-3"
+  version: "12.2.0"
+  owner_id: 0
+  repo_id: 0
+  description: "A runner for everyone"
+  agent_labels: ["docker"]
+  deleted: 0
+- id: 719934
+  uuid: "022650a8-e999-4a3d-afb0-21f75233798b"
+  name: "runner-4"
+  version: "12.1.0"
+  owner_id: 0
+  repo_id: 32
+  description: ""
+  agent_labels: ["debian"]
+  deleted: 0
diff --git a/models/actions/runner.go b/models/actions/runner.go
index 3761cb6ccf..ea2e811f94 100644
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@@ -127,6 +127,18 @@ func (r *ActionRunner) IsOnline() bool {
 	return false
 }
 
+func (r *ActionRunner) IsActive() bool {
+	return r.Status() == runnerv1.RunnerStatus_RUNNER_STATUS_ACTIVE
+}
+
+func (r *ActionRunner) IsIdle() bool {
+	return r.Status() == runnerv1.RunnerStatus_RUNNER_STATUS_IDLE
+}
+
+func (r *ActionRunner) IsOffline() bool {
+	return r.Status() == runnerv1.RunnerStatus_RUNNER_STATUS_OFFLINE
+}
+
 // Editable checks if the runner is editable by the user
 func (r *ActionRunner) Editable(ownerID, repoID int64) bool {
 	if ownerID == 0 && repoID == 0 {
@@ -266,6 +278,31 @@ func GetRunnerByID(ctx context.Context, id int64) (*ActionRunner, error) {
 	return &runner, nil
 }
 
+// GetAvailableRunnerByID is like GetRunnerByID, but it only finds the runner if it is accessible to the given owner or
+// repository. If it is not, util.ErrNotExist will be returned even if the runner exists.
+func GetAvailableRunnerByID(ctx context.Context, id, ownerID, repoID int64) (*ActionRunner, error) {
+	query := db.GetEngine(ctx).Where("id=?", id)
+
+	if repoID > 0 {
+		cond := builder.NewCond().And(builder.Eq{"repo_id": repoID})
+		cond = cond.Or(builder.Eq{"owner_id": builder.Select("owner_id").From("repository").Where(builder.Eq{"id": repoID})})
+		cond = cond.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
+		query = query.And(cond)
+	} else if ownerID > 0 { // ownerID is ignored if repoID is set
+		cond := builder.NewCond().And(builder.Eq{"owner_id": ownerID}).Or(builder.Eq{"repo_id": 0, "owner_id": 0})
+		query = query.And(cond)
+	}
+
+	var runner ActionRunner
+	has, err := query.Get(&runner)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, fmt.Errorf("runner with ID %d: %w", id, util.ErrNotExist)
+	}
+	return &runner, nil
+}
+
 // UpdateRunner updates runner's information.
 func UpdateRunner(ctx context.Context, r *ActionRunner, cols ...string) error {
 	e := db.GetEngine(ctx)
diff --git a/models/actions/runner_test.go b/models/actions/runner_test.go
index f6d6bd5d23..d279c776c6 100644
--- a/models/actions/runner_test.go
+++ b/models/actions/runner_test.go
@@ -10,6 +10,7 @@ import (
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
+	"forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/timeutil"
 
@@ -235,3 +236,141 @@ func TestRunnerEditable(t *testing.T) {
 		})
 	}
 }
+
+func TestRunner_GetAvailableRunnerByID(t *testing.T) {
+	defer unittest.OverrideFixtures("models/actions/TestRunner_GetAvailableRunnerByID")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	repository32 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 32, OwnerID: 3})
+	repository1 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 1, OwnerID: 2})
+
+	runner1 := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: 719931, OwnerID: 3, RepoID: 0}) // Owned by org3
+	runner2 := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: 719932, OwnerID: 2, RepoID: 0}) // Owned by user2
+	runner3 := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: 719933, OwnerID: 0, RepoID: 0})
+	runner4 := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: 719934, OwnerID: 0, RepoID: repository32.ID})
+
+	testCases := []struct {
+		name          string
+		runner        *ActionRunner
+		ownerID       int64
+		repoID        int64
+		expectedError string
+	}{
+		{
+			name:          "Organization runner",
+			runner:        runner1,
+			ownerID:       3,
+			repoID:        0,
+			expectedError: "",
+		},
+		{
+			name:          "Organization runner visible to admins",
+			runner:        runner1,
+			ownerID:       0,
+			repoID:        0,
+			expectedError: "",
+		},
+		{
+			name:          "Organization runner invisible to different owner",
+			runner:        runner1,
+			ownerID:       2,
+			repoID:        0,
+			expectedError: fmt.Sprintf("runner with ID %d: resource does not exist", runner1.ID),
+		},
+		{
+			name:          "Organization runner visible to its repositories",
+			runner:        runner1,
+			ownerID:       0,
+			repoID:        repository32.ID,
+			expectedError: "",
+		},
+		{
+			name:          "Organization runner invisible to repositories owned by somebody else",
+			runner:        runner1,
+			ownerID:       0,
+			repoID:        repository1.ID,
+			expectedError: fmt.Sprintf("runner with ID %d: resource does not exist", runner1.ID),
+		},
+		{
+			name:          "User runner",
+			runner:        runner2,
+			ownerID:       2,
+			repoID:        0,
+			expectedError: "",
+		},
+		{
+			name:          "User runner invisible to different user",
+			runner:        runner2,
+			ownerID:       1,
+			repoID:        0,
+			expectedError: fmt.Sprintf("runner with ID %d: resource does not exist", runner2.ID),
+		},
+		{
+			name:          "User runner visible to repository owned by user",
+			runner:        runner2,
+			ownerID:       0,
+			repoID:        repository1.ID,
+			expectedError: "",
+		},
+		{
+			name:          "User runner invisible to repository owned by different user",
+			runner:        runner2,
+			ownerID:       0,
+			repoID:        repository32.ID,
+			expectedError: fmt.Sprintf("runner with ID %d: resource does not exist", runner2.ID),
+		},
+		{
+			name:          "Global runner",
+			runner:        runner3,
+			ownerID:       0,
+			repoID:        0,
+			expectedError: "",
+		},
+		{
+			name:          "Global runner is visible to any user",
+			runner:        runner3,
+			ownerID:       2,
+			repoID:        0,
+			expectedError: "",
+		},
+		{
+			name:          "Global runner is visible to any repository",
+			runner:        runner3,
+			ownerID:       0,
+			repoID:        repository32.ID,
+			expectedError: "",
+		},
+		{
+			name:          "Repository runner",
+			runner:        runner4,
+			ownerID:       0,
+			repoID:        repository32.ID,
+			expectedError: "",
+		},
+		{
+			name:          "Repository runner is visible to admins",
+			runner:        runner4,
+			ownerID:       0,
+			repoID:        0,
+			expectedError: "",
+		},
+		{
+			name:          "Repository runner is invisible to repository owner",
+			runner:        runner4,
+			ownerID:       repository32.OwnerID,
+			repoID:        0,
+			expectedError: fmt.Sprintf("runner with ID %d: resource does not exist", runner4.ID),
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			_, err := GetAvailableRunnerByID(t.Context(), testCase.runner.ID, testCase.ownerID, testCase.repoID)
+			if testCase.expectedError == "" {
+				require.NoError(t, err)
+			} else {
+				assert.ErrorContains(t, err, testCase.expectedError)
+			}
+		})
+	}
+}
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index f87a3a6fdb..d358fcc424 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -421,13 +421,26 @@
 	"actions.runners.status.idle": "Idle",
 	"actions.runners.status.active": "Active",
 	"actions.runners.status.offline": "Offline",
-	"actions.runners.id": "ID",
+	"actions.runners.uuid": "UUID",
 	"actions.runners.name": "Name",
 	"actions.runners.owner_type": "Type",
 	"actions.runners.description": "Description",
+	"actions.runners.token": "Token",
+	"actions.runners.ephemeral": "Ephemeral",
 	"actions.runners.labels": "Labels",
 	"actions.runners.last_online": "Last online time",
-	"actions.runners.runner_title": "Runner",
+	"actions.runners.list_runners.details_column": "Details",
+	"actions.runners.list_runners.edit_column": "Edit",
+	"actions.runners.list_runners.delete_column": "Delete",
+	"actions.runners.list_runners.details_button": "Details",
+	"actions.runners.list_runners.details_button_aria": "Show details of %s",
+	"actions.runners.list_runners.delete_button": "Delete",
+	"actions.runners.list_runners.delete_button_aria": "Delete %s",
+	"actions.runners.list_runners.edit_button": "Edit",
+	"actions.runners.list_runners.edit_button_aria": "Edit %s",
+	"actions.runners.runner_title": "Runner %s",
+	"actions.runners.ephemeral.yes": "yes",
+	"actions.runners.ephemeral.no": "no",
 	"actions.runners.task_list": "Recent tasks on this runner",
 	"actions.runners.task_list.no_tasks": "There are no tasks yet.",
 	"actions.runners.task_list.run": "Run",
@@ -435,17 +448,47 @@
 	"actions.runners.task_list.repository": "Repository",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Done at",
-	"actions.runners.edit_runner": "Edit runner",
-	"actions.runners.update_runner.button": "Save changes",
+	"actions.runners.edit_runner_button": "Edit runner",
+	"actions.runners.create_runner.page_title": "Create new runner",
+	"actions.runners.create_runner.title": "Create new runner",
+	"actions.runners.create_runner.properties_fieldset": "Properties",
+	"actions.runners.create_runner.name_label": "Name*",
+	"actions.runners.create_runner.description_label": "Description",
+	"actions.runners.create_runner.create_button": "Create",
+	"actions.runners.create_runner.cancel_button": "Cancel",
+	"actions.runners.edit_runner.page_title": "Edit runner %s",
+	"actions.runners.edit_runner.title": "Edit runner %s",
+	"actions.runners.edit_runner.properties_fieldset": "Properties",
+	"actions.runners.edit_runner.properties_options": "Options",
+	"actions.runners.edit_runner.name_label": "Name*",
+	"actions.runners.edit_runner.description_label": "Description",
+	"actions.runners.edit_runner.regenerate_token_label": "Regenerate token",
+	"actions.runners.edit_runner.regenerate_token_help": "The existing token will be invalidated immediately. You will receive a new token on the next page.",
+	"actions.runners.edit_runner.save_button": "Save",
+	"actions.runners.edit_runner.cancel_button": "Cancel",
+	"actions.runners.runner_setup.title": "Set up runner %s",
+	"actions.runners.show_registration_token": "Show registration token",
 	"actions.runners.update_runner.success": "Runner edited successfully",
 	"actions.runners.update_runner.failed": "Failed to edit runner",
-	"actions.runners.delete_runner.button": "Delete this runner",
-	"actions.runners.delete_runner.success": "Runner deleted successfully",
-	"actions.runners.delete_runner.failed": "Failed to delete runner",
 	"actions.runners.delete_runner.header": "Confirm to delete this runner",
 	"actions.runners.delete_runner.notice": "If a task is running on this runner, it will be terminated and marked as failed. It may break building workflow.",
+	"actions.runners.delete_runner.success": "Runner deleted successfully",
+	"actions.runners.delete_runner.failed": "Failed to delete runner",
+	"actions.runners.runner_details.page_title": "Runner %s",
+	"actions.runners.runner_details.labels_note": "The runner's labels are defined in the configuration file of Forgejo Runner or passed as command line option. They are updated every time Forgejo Runner establishes a connection to Forgejo.",
+	"actions.runners.runner_setup.page_title": "Set up runner %s",
+	"actions.runners.runner_setup.list_of_runners_link": "List of runners",
+	"actions.runners.runner_setup.last_chance_copying_token": "Copy the token now as you will not be able to see it again!",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Copy runner UUID",
+	"actions.runners.runner_setup.button_copy_token_aria": "Copy runner token",
+	"actions.runners.runner_setup.heading_using_configuration": "Using the runner configuration file",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Snippet to insert into the runner configuration",
+	"actions.runners.runner_setup.program_options_snippet_aria": "How to invoke forgejo-runner",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Replace the connection name (<code>forgejo</code> in the example) with a value of your liking.",
+	"actions.runners.runner_setup.heading_using_options": "Using program options",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "For configuring Forgejo Runner running in containers or advanced configurations, see the <a href=\"https://TO-BE-REPLACED.COM\">documentation</a>.",
 	"actions.runners.none": "No runners available",
-	"actions.runners.version": "Version",
+	"actions.runners.reset_registration_token.token": "Registration Token (Deprecated)",
 	"actions.runners.reset_registration_token.button": "Reset registration token",
 	"actions.runners.reset_registration_token.success": "Runner registration token reset successfully",
 	"actions.runs.run_attempt_label": "Run attempt #%[1]s (%[2]s)",
@@ -512,5 +555,6 @@
 	"editor.toggle_case": "Toggle case sensitivity",
 	"editor.toggle_regex": "Toggle using regular expressions",
 	"editor.toggle_whole_word": "Toggle matching whole words",
+	"form.RunnerName": "Name",
 	"meta.last_line": "Thank you for translating Forgejo! This line isn't seen by the users but it serves other purposes in the translation management. You can place a fun fact in the translation instead of translating it."
 }
diff --git a/routers/web/repo/setting/runners.go b/routers/web/repo/setting/runners.go
index 32c8667825..ab3ec32c4a 100644
--- a/routers/web/repo/setting/runners.go
+++ b/routers/web/repo/setting/runners.go
@@ -5,7 +5,7 @@ package setting
 
 import (
 	"errors"
-	"net/http"
+	"fmt"
 	"net/url"
 
 	actions_model "forgejo.org/models/actions"
@@ -18,88 +18,109 @@ import (
 )
 
 const (
-	// TODO: Separate secrets from runners when layout is ready
-	tplRepoRunners     base.TplName = "repo/settings/actions"
-	tplOrgRunners      base.TplName = "org/settings/actions"
-	tplAdminRunners    base.TplName = "admin/actions"
-	tplUserRunners     base.TplName = "user/settings/actions"
-	tplRepoRunnerEdit  base.TplName = "repo/settings/runner_edit"
-	tplOrgRunnerEdit   base.TplName = "org/settings/runners_edit"
-	tplAdminRunnerEdit base.TplName = "admin/runners/edit"
-	tplUserRunnerEdit  base.TplName = "user/settings/runner_edit"
+	tplAdminRunnerCreate  base.TplName = "admin/runners/create"
+	tplAdminRunnerDetails base.TplName = "admin/runners/details"
+	tplAdminRunnerEdit    base.TplName = "admin/runners/edit"
+	tplAdminRunnerSetup   base.TplName = "admin/runners/setup"
+	tplAdminRunners       base.TplName = "admin/actions"
+	tplOrgRunnerCreate    base.TplName = "org/settings/runners_create"
+	tplOrgRunnerDetails   base.TplName = "org/settings/runners_details"
+	tplOrgRunnerEdit      base.TplName = "org/settings/runners_edit"
+	tplOrgRunnerSetup     base.TplName = "org/settings/runners_setup"
+	tplOrgRunners         base.TplName = "org/settings/actions"
+	tplRepoRunnerCreate   base.TplName = "repo/settings/runner_create"
+	tplRepoRunnerDetails  base.TplName = "repo/settings/runner_details"
+	tplRepoRunnerEdit     base.TplName = "repo/settings/runner_edit"
+	tplRepoRunnerSetup    base.TplName = "repo/settings/runner_setup"
+	tplRepoRunners        base.TplName = "repo/settings/actions"
+	tplUserRunnerCreate   base.TplName = "user/settings/runner_create"
+	tplUserRunnerDetails  base.TplName = "user/settings/runner_details"
+	tplUserRunnerEdit     base.TplName = "user/settings/runner_edit"
+	tplUserRunnerSetup    base.TplName = "user/settings/runner_setup"
+	tplUserRunners        base.TplName = "user/settings/actions"
 )
 
 type runnersCtx struct {
-	OwnerID            int64
-	RepoID             int64
-	IsRepo             bool
-	IsOrg              bool
-	IsAdmin            bool
-	IsUser             bool
-	RunnersTemplate    base.TplName
-	RunnerEditTemplate base.TplName
-	RedirectLink       string
+	OwnerID               int64
+	RepoID                int64
+	IsRepo                bool
+	IsOrg                 bool
+	IsAdmin               bool
+	IsUser                bool
+	RunnerCreateTemplate  base.TplName
+	RunnerDetailsTemplate base.TplName
+	RunnerEditTemplate    base.TplName
+	RunnerSetupTemplate   base.TplName
+	RunnersTemplate       base.TplName
+	RedirectLink          string
 }
 
 func getRunnersCtx(ctx *context.Context) (*runnersCtx, error) {
 	if ctx.Data["PageIsRepoSettings"] == true {
 		return &runnersCtx{
-			RepoID:             ctx.Repo.Repository.ID,
-			OwnerID:            0,
-			IsRepo:             true,
-			RunnersTemplate:    tplRepoRunners,
-			RunnerEditTemplate: tplRepoRunnerEdit,
-			RedirectLink:       ctx.Repo.RepoLink + "/settings/actions/runners/",
+			RepoID:                ctx.Repo.Repository.ID,
+			OwnerID:               0,
+			IsRepo:                true,
+			RunnerCreateTemplate:  tplRepoRunnerCreate,
+			RunnerDetailsTemplate: tplRepoRunnerDetails,
+			RunnerEditTemplate:    tplRepoRunnerEdit,
+			RunnerSetupTemplate:   tplRepoRunnerSetup,
+			RunnersTemplate:       tplRepoRunners,
+			RedirectLink:          ctx.Repo.RepoLink + "/settings/actions/runners/",
 		}, nil
 	}
 
 	if ctx.Data["PageIsOrgSettings"] == true {
 		err := shared_user.LoadHeaderCount(ctx)
 		if err != nil {
-			ctx.ServerError("LoadHeaderCount", err)
-			return nil, nil
+			return nil, fmt.Errorf("could not load project and package counts: %w", err)
 		}
 		return &runnersCtx{
-			RepoID:             0,
-			OwnerID:            ctx.Org.Organization.ID,
-			IsOrg:              true,
-			RunnersTemplate:    tplOrgRunners,
-			RunnerEditTemplate: tplOrgRunnerEdit,
-			RedirectLink:       ctx.Org.OrgLink + "/settings/actions/runners/",
+			RepoID:                0,
+			OwnerID:               ctx.Org.Organization.ID,
+			IsOrg:                 true,
+			RunnerCreateTemplate:  tplOrgRunnerCreate,
+			RunnerDetailsTemplate: tplOrgRunnerDetails,
+			RunnerEditTemplate:    tplOrgRunnerEdit,
+			RunnerSetupTemplate:   tplOrgRunnerSetup,
+			RunnersTemplate:       tplOrgRunners,
+			RedirectLink:          ctx.Org.OrgLink + "/settings/actions/runners/",
 		}, nil
 	}
 
 	if ctx.Data["PageIsAdmin"] == true {
 		return &runnersCtx{
-			RepoID:             0,
-			OwnerID:            0,
-			IsAdmin:            true,
-			RunnersTemplate:    tplAdminRunners,
-			RunnerEditTemplate: tplAdminRunnerEdit,
-			RedirectLink:       setting.AppSubURL + "/admin/actions/runners/",
+			RepoID:                0,
+			OwnerID:               0,
+			IsAdmin:               true,
+			RunnerCreateTemplate:  tplAdminRunnerCreate,
+			RunnerDetailsTemplate: tplAdminRunnerDetails,
+			RunnerEditTemplate:    tplAdminRunnerEdit,
+			RunnerSetupTemplate:   tplAdminRunnerSetup,
+			RunnersTemplate:       tplAdminRunners,
+			RedirectLink:          setting.AppSubURL + "/admin/actions/runners/",
 		}, nil
 	}
 
 	if ctx.Data["PageIsUserSettings"] == true {
 		return &runnersCtx{
-			OwnerID:            ctx.Doer.ID,
-			RepoID:             0,
-			IsUser:             true,
-			RunnersTemplate:    tplUserRunners,
-			RunnerEditTemplate: tplUserRunnerEdit,
-			RedirectLink:       setting.AppSubURL + "/user/settings/actions/runners/",
+			OwnerID:               ctx.Doer.ID,
+			RepoID:                0,
+			IsUser:                true,
+			RunnerCreateTemplate:  tplUserRunnerCreate,
+			RunnerDetailsTemplate: tplUserRunnerDetails,
+			RunnerEditTemplate:    tplUserRunnerEdit,
+			RunnerSetupTemplate:   tplUserRunnerSetup,
+			RunnersTemplate:       tplUserRunners,
+			RedirectLink:          setting.AppSubURL + "/user/settings/actions/runners/",
 		}, nil
 	}
 
 	return nil, errors.New("unable to set Runners context")
 }
 
-// Runners render settings/actions/runners page for repo level
+// Runners renders the list of all available runners.
 func Runners(ctx *context.Context) {
-	ctx.Data["PageIsSharedSettingsRunners"] = true
-	ctx.Data["Title"] = ctx.Tr("actions.actions")
-	ctx.Data["PageType"] = "runners"
-
 	rCtx, err := getRunnersCtx(ctx)
 	if err != nil {
 		ctx.ServerError("getRunnersCtx", err)
@@ -126,60 +147,114 @@ func Runners(ctx *context.Context) {
 		opts.OwnerID = rCtx.OwnerID
 		opts.WithAvailable = true
 	}
-	actions_shared.RunnersList(ctx, opts)
 
-	ctx.HTML(http.StatusOK, rCtx.RunnersTemplate)
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+
+	actions_shared.RunnersList(ctx, rCtx.RunnersTemplate, opts)
 }
 
-// RunnersEdit renders runner edit page for repository level
-func RunnersEdit(ctx *context.Context) {
-	ctx.Data["PageIsSharedSettingsRunners"] = true
-	ctx.Data["Title"] = ctx.Tr("actions.runners.edit_runner")
+// RunnersDetails renders a read-only view of the most important properties of a runner. It is accessible to every user
+// that can use that particular runner.
+func RunnersDetails(ctx *context.Context) {
 	rCtx, err := getRunnersCtx(ctx)
 	if err != nil {
 		ctx.ServerError("getRunnersCtx", err)
 		return
 	}
 
+	runnerID := ctx.ParamsInt64(":runnerid")
 	page := ctx.FormInt("page")
 	if page <= 1 {
 		page = 1
 	}
 
-	actions_shared.RunnerDetails(ctx, page,
-		ctx.ParamsInt64(":runnerid"), rCtx.OwnerID, rCtx.RepoID,
-	)
-	ctx.HTML(http.StatusOK, rCtx.RunnerEditTemplate)
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+
+	actions_shared.RunnerDetails(ctx, runnerID, rCtx.OwnerID, rCtx.RepoID, rCtx.RunnerDetailsTemplate, page)
 }
 
+// RunnersCreate renders the form for creating a new runner.
+func RunnersCreate(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+
+	actions_shared.RunnerCreate(ctx, rCtx.RunnerCreateTemplate)
+}
+
+// RunnersCreatePost handles the form submitted by RunnersCreate.
+func RunnersCreatePost(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+
+	actions_shared.RunnerCreatePost(ctx, rCtx.OwnerID, rCtx.RepoID, rCtx.RunnerCreateTemplate, rCtx.RunnerSetupTemplate)
+}
+
+// RunnersEdit renders the form for changing an existing runner.
+func RunnersEdit(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+
+	actions_shared.RunnerEdit(ctx, ctx.ParamsInt64(":runnerid"), rCtx.OwnerID, rCtx.RepoID, rCtx.RunnerEditTemplate)
+}
+
+// RunnersEditPost handles the form submitted by RunnersEdit.
 func RunnersEditPost(ctx *context.Context) {
 	rCtx, err := getRunnersCtx(ctx)
 	if err != nil {
 		ctx.ServerError("getRunnersCtx", err)
 		return
 	}
-	actions_shared.RunnerDetailsEditPost(ctx, ctx.ParamsInt64(":runnerid"),
-		rCtx.OwnerID, rCtx.RepoID,
-		rCtx.RedirectLink+url.PathEscape(ctx.Params(":runnerid")))
+
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+
+	runnerID := ctx.ParamsInt64(":runnerid")
+	redirectURL := rCtx.RedirectLink + url.PathEscape(ctx.Params(":runnerid"))
+	actions_shared.RunnerEditPost(ctx, runnerID, rCtx.OwnerID, rCtx.RepoID, rCtx.RunnerEditTemplate,
+		rCtx.RunnerSetupTemplate, redirectURL)
 }
 
+// ResetRunnerRegistrationToken handles the request to reset the runner registration token.
 func ResetRunnerRegistrationToken(ctx *context.Context) {
 	rCtx, err := getRunnersCtx(ctx)
 	if err != nil {
 		ctx.ServerError("getRunnersCtx", err)
 		return
 	}
+
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+
 	actions_shared.RunnerResetRegistrationToken(ctx, rCtx.OwnerID, rCtx.RepoID, rCtx.RedirectLink)
 }
 
-// RunnerDeletePost response for deleting runner
+// RunnerDeletePost handles the request to delete a runner.
 func RunnerDeletePost(ctx *context.Context) {
 	rCtx, err := getRunnersCtx(ctx)
 	if err != nil {
 		ctx.ServerError("getRunnersCtx", err)
 		return
 	}
-	actions_shared.RunnerDeletePost(ctx, ctx.ParamsInt64(":runnerid"), rCtx.OwnerID, rCtx.RepoID, rCtx.RedirectLink, rCtx.RedirectLink+url.PathEscape(ctx.Params(":runnerid")))
+
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+
+	runnerID := ctx.ParamsInt64(":runnerid")
+	successRedirectURL := rCtx.RedirectLink
+	failureRedirectURL := rCtx.RedirectLink
+	actions_shared.RunnerDeletePost(ctx, runnerID, rCtx.OwnerID, rCtx.RepoID, successRedirectURL, failureRedirectURL)
 }
 
 func RedirectToDefaultSetting(ctx *context.Context) {
diff --git a/routers/web/shared/actions/runners.go b/routers/web/shared/actions/runners.go
index 9d0ad3b0cd..ab52faf9f5 100644
--- a/routers/web/shared/actions/runners.go
+++ b/routers/web/shared/actions/runners.go
@@ -5,19 +5,24 @@ package actions
 
 import (
 	"errors"
+	"net/http"
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
+	"forgejo.org/modules/base"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/optional"
+	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
 	"forgejo.org/services/context"
 	"forgejo.org/services/forms"
+
+	gouuid "github.com/google/uuid"
 )
 
-// RunnersList prepares data for runners list
-func RunnersList(ctx *context.Context, opts actions_model.FindRunnerOptions) {
+// RunnersList renders the list of runners.
+func RunnersList(ctx *context.Context, template base.TplName, opts actions_model.FindRunnerOptions) {
 	runners, count, err := db.FindAndCount[actions_model.ActionRunner](ctx, opts)
 	if err != nil {
 		ctx.ServerError("CountRunners", err)
@@ -52,6 +57,9 @@ func RunnersList(ctx *context.Context, opts actions_model.FindRunnerOptions) {
 		return
 	}
 
+	ctx.Data["PageIsSharedSettingsRunners"] = true
+	ctx.Data["Title"] = ctx.Tr("actions.actions")
+	ctx.Data["PageType"] = "runners"
 	ctx.Data["Keyword"] = opts.Filter
 	ctx.Data["Runners"] = runners
 	ctx.Data["Total"] = count
@@ -63,26 +71,24 @@ func RunnersList(ctx *context.Context, opts actions_model.FindRunnerOptions) {
 	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
 
 	ctx.Data["Page"] = pager
+	ctx.HTML(http.StatusOK, template)
 }
 
-// RunnerDetails prepares data for runners edit page
-func RunnerDetails(ctx *context.Context, page int, runnerID, ownerID, repoID int64) {
-	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
-	if err != nil {
-		ctx.ServerError("GetRunnerByID", err)
+// RunnerDetails displays detail information about each runner. The page is purely informational and visible to everyone
+// who is allowed to use a runner.
+func RunnerDetails(ctx *context.Context, runnerID, ownerID, repoID int64, template base.TplName, page int) {
+	runner, err := actions_model.GetAvailableRunnerByID(ctx, runnerID, ownerID, repoID)
+	if errors.Is(err, util.ErrNotExist) {
+		ctx.NotFound("GetAvailableRunnerByID", err)
+		return
+	} else if err != nil {
+		ctx.ServerError("GetAvailableRunnerByID", err)
 		return
 	}
 	if err := runner.LoadAttributes(ctx); err != nil {
 		ctx.ServerError("LoadAttributes", err)
 		return
 	}
-	if !runner.Editable(ownerID, repoID) {
-		err = errors.New("no permission to edit this runner")
-		ctx.NotFound("RunnerDetails", err)
-		return
-	}
-
-	ctx.Data["Runner"] = runner
 
 	opts := actions_model.FindTaskOptions{
 		ListOptions: db.ListOptions{
@@ -90,6 +96,8 @@ func RunnerDetails(ctx *context.Context, page int, runnerID, ownerID, repoID int
 			PageSize: 30,
 		},
 		RunnerID: runner.ID,
+		OwnerID:  ownerID,
+		RepoID:   repoID,
 	}
 
 	tasks, count, err := db.FindAndCount[actions_model.ActionTask](ctx, opts)
@@ -103,42 +111,147 @@ func RunnerDetails(ctx *context.Context, page int, runnerID, ownerID, repoID int
 		return
 	}
 
+	ctx.Data["PageIsSharedSettingsRunners"] = true
+	ctx.Data["RunnerOwnerID"] = ownerID
+	ctx.Data["RunnerRepoID"] = repoID
+	ctx.Data["Title"] = ctx.Tr("actions.runners.runner_details.page_title", runner.Name)
+	ctx.Data["Runner"] = runner
 	ctx.Data["Tasks"] = tasks
 	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
 	ctx.Data["Page"] = pager
+	ctx.HTML(http.StatusOK, template)
 }
 
-// RunnerDetailsEditPost response for edit runner details
-func RunnerDetailsEditPost(ctx *context.Context, runnerID, ownerID, repoID int64, redirectTo string) {
-	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
+// RunnerCreate displays a form for creating a new runner.
+func RunnerCreate(ctx *context.Context, template base.TplName) {
+	ctx.Data["PageIsSharedSettingsRunners"] = true
+	ctx.Data["Title"] = ctx.Tr("actions.runners.create_runner.page_title")
+	ctx.HTML(http.StatusOK, template)
+}
+
+// RunnerCreatePost handles the form submitted by RunnerCreate.
+func RunnerCreatePost(ctx *context.Context, ownerID, repoID int64, template, successTemplate base.TplName) {
+	form := web.GetForm(ctx).(*forms.CreateRunnerForm)
+
+	runner := actions_model.ActionRunner{
+		UUID:        gouuid.New().String(),
+		Name:        form.RunnerName,
+		OwnerID:     ownerID,
+		RepoID:      repoID,
+		Description: form.RunnerDescription,
+		Ephemeral:   false,
+	}
+	runner.GenerateToken()
+
+	ctx.Data["PageIsSharedSettingsRunners"] = true
+	ctx.Data["Title"] = ctx.Tr("actions.runners.runner_setup.page_title", runner.Name)
+	ctx.Data["AppURL"] = setting.AppURL
+	ctx.Data["Runner"] = runner
+	ctx.Data["RunnerOwnerID"] = ownerID
+	ctx.Data["RunnerRepoID"] = repoID
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, template)
+		return
+	}
+
+	err := actions_model.CreateRunner(ctx, &runner)
 	if err != nil {
-		log.Warn("RunnerDetailsEditPost.GetRunnerByID failed: %v, url: %s", err, ctx.Req.URL)
-		ctx.ServerError("RunnerDetailsEditPost.GetRunnerByID", err)
+		ctx.ServerError("CreateRunner", err)
+		return
+	}
+
+	ctx.HTML(http.StatusOK, successTemplate)
+}
+
+// RunnerEdit displays a form to modify the given runner.
+func RunnerEdit(ctx *context.Context, runnerID, ownerID, repoID int64, template base.TplName) {
+	runner, err := actions_model.GetAvailableRunnerByID(ctx, runnerID, ownerID, repoID)
+	if errors.Is(err, util.ErrNotExist) {
+		ctx.NotFound("GetAvailableRunnerByID", err)
+		return
+	} else if err != nil {
+		ctx.ServerError("GetAvailableRunnerByID", err)
+		return
+	}
+	if err := runner.LoadAttributes(ctx); err != nil {
+		ctx.ServerError("LoadAttributes", err)
 		return
 	}
 	if !runner.Editable(ownerID, repoID) {
-		ctx.NotFound("RunnerDetailsEditPost.Editable", util.NewPermissionDeniedErrorf("no permission to edit this runner"))
+		err = errors.New("no permission to edit this runner")
+		ctx.NotFound("RunnerDetails", err)
 		return
 	}
 
-	form := web.GetForm(ctx).(*forms.EditRunnerForm)
-	runner.Description = form.Description
+	ctx.Data["PageIsSharedSettingsRunners"] = true
+	ctx.Data["Title"] = ctx.Tr("actions.runners.edit_runner.page_title", runner.Name)
+	ctx.Data["Runner"] = runner
+	ctx.Data["RunnerOwnerID"] = ownerID
+	ctx.Data["RunnerRepoID"] = repoID
+	ctx.HTML(http.StatusOK, template)
+}
 
-	err = actions_model.UpdateRunner(ctx, runner, "description")
+// RunnerEditPost handles the form submitted by RunnerEdit.
+func RunnerEditPost(ctx *context.Context, runnerID, ownerID, repoID int64, template, successTemplate base.TplName, redirectTo string) {
+	runner, err := actions_model.GetAvailableRunnerByID(ctx, runnerID, ownerID, repoID)
+	if errors.Is(err, util.ErrNotExist) {
+		ctx.NotFound("GetAvailableRunnerByID", err)
+		return
+	} else if err != nil {
+		ctx.ServerError("GetAvailableRunnerByID", err)
+		return
+	}
+	if !runner.Editable(ownerID, repoID) {
+		ctx.NotFound("RunnerEditPost.Editable", util.NewPermissionDeniedErrorf("no permission to edit this runner"))
+		return
+	}
+
+	ctx.Data["PageIsSharedSettingsRunners"] = true
+	ctx.Data["Title"] = ctx.Tr("actions.runners.runner_setup.page_title", runner.Name)
+	ctx.Data["AppURL"] = setting.AppURL
+	ctx.Data["Runner"] = runner
+	ctx.Data["RunnerOwnerID"] = ownerID
+	ctx.Data["RunnerRepoID"] = repoID
+
+	form := web.GetForm(ctx).(*forms.EditRunnerForm)
+	runner.Name = form.RunnerName
+	runner.Description = form.RunnerDescription
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, template)
+		return
+	}
+
+	if !form.RegenerateToken {
+		err = actions_model.UpdateRunner(ctx, runner, "name", "description")
+		if err != nil {
+			log.Warn("RunnerEditPost.UpdateRunner failed: %v, url: %s", err, ctx.Req.URL)
+			ctx.Flash.Warning(ctx.Tr("actions.runners.update_runner.failed"))
+			ctx.Redirect(redirectTo)
+			return
+		}
+
+		log.Debug("RunnerEditPost success: %s", ctx.Req.URL)
+
+		ctx.Flash.Success(ctx.Tr("actions.runners.update_runner.success"))
+		ctx.Redirect(redirectTo)
+		return
+	}
+
+	runner.GenerateToken()
+	err = actions_model.UpdateRunner(ctx, runner, "name", "description", "token_hash", "token_salt")
 	if err != nil {
-		log.Warn("RunnerDetailsEditPost.UpdateRunner failed: %v, url: %s", err, ctx.Req.URL)
+		log.Warn("RunnerEditPost.UpdateRunner failed: %v, url: %s", err, ctx.Req.URL)
 		ctx.Flash.Warning(ctx.Tr("actions.runners.update_runner.failed"))
 		ctx.Redirect(redirectTo)
 		return
 	}
 
-	log.Debug("RunnerDetailsEditPost success: %s", ctx.Req.URL)
-
-	ctx.Flash.Success(ctx.Tr("actions.runners.update_runner.success"))
-	ctx.Redirect(redirectTo)
+	ctx.HTML(http.StatusOK, successTemplate)
 }
 
-// RunnerResetRegistrationToken reset registration token
+// RunnerResetRegistrationToken resets the runner registration token.
 func RunnerResetRegistrationToken(ctx *context.Context, ownerID, repoID int64, redirectTo string) {
 	optOwnerID := optional.None[int64]()
 	if ownerID != 0 {
@@ -159,10 +272,8 @@ func RunnerResetRegistrationToken(ctx *context.Context, ownerID, repoID int64, r
 	ctx.Redirect(redirectTo)
 }
 
-// RunnerDeletePost response for deleting a runner
-func RunnerDeletePost(ctx *context.Context, runnerID, ownerID, repoID int64,
-	successRedirectTo, failedRedirectTo string,
-) {
+// RunnerDeletePost handles the request for deleting a particular runner.
+func RunnerDeletePost(ctx *context.Context, runnerID, ownerID, repoID int64, successRedirectTo, failedRedirectTo string) {
 	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
 	if err != nil {
 		ctx.ServerError("GetRunnerByID", err)
@@ -176,6 +287,7 @@ func RunnerDeletePost(ctx *context.Context, runnerID, ownerID, repoID int64,
 
 	if err := actions_model.DeleteRunner(ctx, runner); err != nil {
 		log.Warn("DeleteRunnerPost.UpdateRunner failed: %v, url: %s", err, ctx.Req.URL)
+
 		ctx.Flash.Warning(ctx.Tr("actions.runners.delete_runner.failed"))
 
 		ctx.JSONRedirect(failedRedirectTo)
diff --git a/routers/web/shared/actions/runners_test.go b/routers/web/shared/actions/runners_test.go
index ad75d34ee6..9426bbdf08 100644
--- a/routers/web/shared/actions/runners_test.go
+++ b/routers/web/shared/actions/runners_test.go
@@ -25,14 +25,15 @@ func TestRunnerDetails(t *testing.T) {
 
 	t.Run("permission denied", func(t *testing.T) {
 		ctx, resp := contexttest.MockContext(t, "/admin/actions/runners")
-		RunnerDetails(ctx, 1, runner.ID, user.ID, 0)
-		assert.Equal(t, http.StatusNotFound, resp.Code)
+		RunnerDetails(ctx, runner.ID, user.ID, 0, "admin/runners/details", 1)
+		assert.Equal(t, http.StatusOK, resp.Code)
+		assert.Empty(t, ctx.GetData()["Tasks"])
 	})
 
 	t.Run("first page", func(t *testing.T) {
 		ctx, resp := contexttest.MockContext(t, "/admin/actions/runners")
 		page := 1
-		RunnerDetails(ctx, page, runner.ID, 0, 0)
+		RunnerDetails(ctx, runner.ID, 0, 0, "admin/runners/details", page)
 		require.Equal(t, http.StatusOK, resp.Code)
 		assert.Len(t, ctx.GetData()["Tasks"], 30)
 	})
@@ -40,7 +41,7 @@ func TestRunnerDetails(t *testing.T) {
 	t.Run("second and last page", func(t *testing.T) {
 		ctx, resp := contexttest.MockContext(t, "/admin/actions/runners")
 		page := 2
-		RunnerDetails(ctx, page, runner.ID, 0, 0)
+		RunnerDetails(ctx, runner.ID, 0, 0, "admin/runners/details", page)
 		require.Equal(t, http.StatusOK, resp.Code)
 		assert.Len(t, ctx.GetData()["Tasks"], 10)
 	})
diff --git a/routers/web/web.go b/routers/web/web.go
index 6cddc1d0b0..ee3a515dff 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -461,7 +461,12 @@ func registerRoutes(m *web.Route) {
 	addSettingsRunnersRoutes := func() {
 		m.Group("/runners", func() {
 			m.Get("", repo_setting.Runners)
-			m.Combo("/{runnerid}").Get(repo_setting.RunnersEdit).
+			m.Combo("/new").
+				Get(repo_setting.RunnersCreate).
+				Post(web.Bind(forms.CreateRunnerForm{}), repo_setting.RunnersCreatePost)
+			m.Get("/{runnerid}", repo_setting.RunnersDetails)
+			m.Combo("/{runnerid}/edit").
+				Get(repo_setting.RunnersEdit).
 				Post(web.Bind(forms.EditRunnerForm{}), repo_setting.RunnersEditPost)
 			m.Post("/{runnerid}/delete", repo_setting.RunnerDeletePost)
 			m.Get("/reset_registration_token", repo_setting.ResetRunnerRegistrationToken)
diff --git a/services/forms/runner.go b/services/forms/runner.go
index fcf6c5a694..319fffcee1 100644
--- a/services/forms/runner.go
+++ b/services/forms/runner.go
@@ -12,12 +12,26 @@ import (
 	"code.forgejo.org/go-chi/binding"
 )
 
-// EditRunnerForm form for admin to create runner
-type EditRunnerForm struct {
-	Description string
+// CreateRunnerForm needs to be filled in by the user to create a new runner.
+type CreateRunnerForm struct {
+	RunnerName        string `binding:"Required;MaxSize(255)"`
+	RunnerDescription string
 }
 
-// Validate validates form fields
+// Validate validates the submitted form.
+func (f *CreateRunnerForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
+	ctx := context.GetValidateContext(req)
+	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
+}
+
+// EditRunnerForm can be filled in by the user to change an existing runner.
+type EditRunnerForm struct {
+	RunnerName        string `binding:"Required;MaxSize(255)"`
+	RunnerDescription string
+	RegenerateToken   bool
+}
+
+// Validate validates the submitted form.
 func (f *EditRunnerForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
 	ctx := context.GetValidateContext(req)
 	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
diff --git a/templates/admin/runners/create.tmpl b/templates/admin/runners/create.tmpl
new file mode 100644
index 0000000000..5d3bc739ac
--- /dev/null
+++ b/templates/admin/runners/create.tmpl
@@ -0,0 +1,5 @@
+{{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin runners")}}
+<div class="admin-setting-content">
+	{{template "shared/actions/runner_create" .}}
+</div>
+{{template "admin/layout_footer" .}}
diff --git a/templates/admin/runners/details.tmpl b/templates/admin/runners/details.tmpl
new file mode 100644
index 0000000000..47eb552952
--- /dev/null
+++ b/templates/admin/runners/details.tmpl
@@ -0,0 +1,5 @@
+{{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin runners")}}
+<div class="admin-setting-content">
+	{{template "shared/actions/runner_details" .}}
+</div>
+{{template "admin/layout_footer" .}}
diff --git a/templates/admin/runners/edit.tmpl b/templates/admin/runners/edit.tmpl
index 1165c84b79..6a4b696696 100644
--- a/templates/admin/runners/edit.tmpl
+++ b/templates/admin/runners/edit.tmpl
@@ -1,5 +1,5 @@
 {{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin runners")}}
-	<div class="admin-setting-content">
-		{{template "shared/actions/runner_edit" .}}
-	</div>
+<div class="admin-setting-content">
+	{{template "shared/actions/runner_edit" .}}
+</div>
 {{template "admin/layout_footer" .}}
diff --git a/templates/admin/runners/setup.tmpl b/templates/admin/runners/setup.tmpl
new file mode 100644
index 0000000000..6fa9f69a96
--- /dev/null
+++ b/templates/admin/runners/setup.tmpl
@@ -0,0 +1,5 @@
+{{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin runners")}}
+<div class="admin-setting-content">
+	{{template "shared/actions/runner_setup" .}}
+</div>
+{{template "admin/layout_footer" .}}
diff --git a/templates/org/settings/runners_create.tmpl b/templates/org/settings/runners_create.tmpl
new file mode 100644
index 0000000000..422d978811
--- /dev/null
+++ b/templates/org/settings/runners_create.tmpl
@@ -0,0 +1,5 @@
+{{template "org/settings/layout_head" (dict "ctxData" . "pageClass" "organization settings runners")}}
+<div class="org-setting-content">
+	{{template "shared/actions/runner_create" .}}
+</div>
+{{template "org/settings/layout_footer" .}}
diff --git a/templates/org/settings/runners_details.tmpl b/templates/org/settings/runners_details.tmpl
new file mode 100644
index 0000000000..367a4cd019
--- /dev/null
+++ b/templates/org/settings/runners_details.tmpl
@@ -0,0 +1,5 @@
+{{template "org/settings/layout_head" (dict "ctxData" . "pageClass" "organization settings runners")}}
+<div class="org-setting-content">
+	{{template "shared/actions/runner_details" .}}
+</div>
+{{template "org/settings/layout_footer" .}}
diff --git a/templates/org/settings/runners_setup.tmpl b/templates/org/settings/runners_setup.tmpl
new file mode 100644
index 0000000000..da377f3776
--- /dev/null
+++ b/templates/org/settings/runners_setup.tmpl
@@ -0,0 +1,5 @@
+{{template "org/settings/layout_head" (dict "ctxData" . "pageClass" "organization settings runners")}}
+<div class="org-setting-content">
+	{{template "shared/actions/runner_setup" .}}
+</div>
+{{template "org/settings/layout_footer" .}}
diff --git a/templates/repo/settings/runner_create.tmpl b/templates/repo/settings/runner_create.tmpl
new file mode 100644
index 0000000000..cf29555970
--- /dev/null
+++ b/templates/repo/settings/runner_create.tmpl
@@ -0,0 +1,5 @@
+{{template "repo/settings/layout_head" (dict "ctxData" . "pageClass" "repository settings runners")}}
+<div class="repo-setting-content">
+	{{template "shared/actions/runner_create" .}}
+</div>
+{{template "repo/settings/layout_footer" .}}
diff --git a/templates/repo/settings/runner_details.tmpl b/templates/repo/settings/runner_details.tmpl
new file mode 100644
index 0000000000..b79080c990
--- /dev/null
+++ b/templates/repo/settings/runner_details.tmpl
@@ -0,0 +1,5 @@
+{{template "repo/settings/layout_head" (dict "ctxData" . "pageClass" "repository settings runners")}}
+<div class="repo-setting-content">
+	{{template "shared/actions/runner_details" .}}
+</div>
+{{template "repo/settings/layout_footer" .}}
diff --git a/templates/repo/settings/runner_setup.tmpl b/templates/repo/settings/runner_setup.tmpl
new file mode 100644
index 0000000000..65e6f74e3f
--- /dev/null
+++ b/templates/repo/settings/runner_setup.tmpl
@@ -0,0 +1,5 @@
+{{template "repo/settings/layout_head" (dict "ctxData" . "pageClass" "repository settings runners")}}
+<div class="repo-setting-content">
+	{{template "shared/actions/runner_setup" .}}
+</div>
+{{template "repo/settings/layout_footer" .}}
diff --git a/templates/shared/actions/runner_create.tmpl b/templates/shared/actions/runner_create.tmpl
new file mode 100644
index 0000000000..9ee7bedde8
--- /dev/null
+++ b/templates/shared/actions/runner_create.tmpl
@@ -0,0 +1,22 @@
+<div class="runner-container">
+	<h4 class="ui top attached header">
+		{{ctx.Locale.Tr "actions.runners.create_runner.title"}}
+	</h4>
+	<form class="ui form attached segment" action="{{.Link}}" method="post">
+		<fieldset>
+			<legend>{{ctx.Locale.Tr "actions.runners.create_runner.properties_fieldset"}}</legend>
+			<div class="form-field">
+				<label for="name">{{ctx.Locale.Tr "actions.runners.create_runner.name_label"}}</label>
+				<input id="name" name="runner_name" type="text" value="{{.Runner.Name}}"{{if .Err_RunnerName}} class="error"{{end}}>
+			</div>
+			<div class="form-field">
+				<label for="description">{{ctx.Locale.Tr "actions.runners.create_runner.description_label"}}</label>
+				<textarea id="description" name="runner_description"{{if .Err_RunnerDescription}} class="error"{{end}}>{{.Runner.Description}}</textarea>
+			</div>
+		</fieldset>
+		<div class="form-buttons">
+			<a class="ui secondary button" href="{{$.RunnersListLink}}">{{ctx.Locale.Tr "actions.runners.create_runner.cancel_button"}}</a>
+			<button class="ui primary button">{{ctx.Locale.Tr "actions.runners.create_runner.create_button"}}</button>
+		</div>
+	</form>
+</div>
diff --git a/templates/shared/actions/runner_details.tmpl b/templates/shared/actions/runner_details.tmpl
new file mode 100644
index 0000000000..ee073c6098
--- /dev/null
+++ b/templates/shared/actions/runner_details.tmpl
@@ -0,0 +1,132 @@
+<div class="runner-container">
+	<h4 class="ui top attached header">
+		{{ctx.Locale.Tr "actions.runners.runner_title" .Runner.Name}}
+		{{if .Runner.Editable $.RunnerOwnerID $.RunnerRepoID}}
+			<div class="ui right">
+				<a class="ui primary tiny button" tabindex="0" href="{{$.Link}}/edit">
+					{{ctx.Locale.Tr "actions.runners.edit_runner_button"}}
+				</a>
+			</div>
+		{{end}}
+	</h4>
+	<div class="ui attached segment">
+		<dl aria-label="Properties of {{.Runner.Name}}">
+			<div class="item">
+				<dt>{{ctx.Locale.Tr "actions.runners.uuid"}}</dt>
+				<dd>
+					{{.Runner.UUID}}
+				</dd>
+			</div>
+			<div class="item">
+				<dt>{{ctx.Locale.Tr "actions.runners.owner_type"}}</dt>
+				<dd>
+					{{.Runner.BelongsToOwnerType.LocaleString ctx.Locale}}
+				</dd>
+			</div>
+			<div class="item">
+				<dt>{{ctx.Locale.Tr "actions.runners.labels"}}</dt>
+				<dd class="tw-flex tw-items-start tw-flex-wrap tw-gap-2">
+					{{if gt (len .Runner.AgentLabels) 0}}
+						{{range .Runner.AgentLabels}}
+							<div class="ui label">{{.}}</div>
+						{{end}}
+					{{else}}
+						&mdash;
+					{{end}}
+				</dd>
+			</div>
+			<div class="item">
+				<dt>{{ctx.Locale.Tr "actions.runners.last_online"}}</dt>
+				<dd>
+					<div>
+						{{if .Runner.LastOnline}}
+							{{DateUtils.TimeSince .Runner.LastOnline}}
+						{{else}}
+							{{ctx.Locale.Tr "never"}}
+						{{end}}
+					</div>
+				</dd>
+			</div>
+			<div class="item">
+				<dt>{{ctx.Locale.Tr "actions.runners.status"}}</dt>
+				<dd class="tw-flex tw-items-center tw-gap-x-2">
+					{{if .Runner.IsActive}}
+					<div class="indicator-active">
+						<div></div>
+					</div>
+					{{else if .Runner.IsIdle}}
+					<div class="indicator-idle">
+						<div></div>
+					</div>
+					{{else}}
+					<div class="indicator-offline">
+						<div></div>
+					</div>
+					{{end}}
+					<div>
+						{{.Runner.StatusLocaleName ctx.Locale}}
+					</div>
+				</dd>
+			</div>
+			<div class="item">
+				<dt>{{ctx.Locale.Tr "actions.runners.ephemeral"}}</dt>
+				<dd>
+					{{if .Runner.Ephemeral}}
+						{{ctx.Locale.Tr "actions.runners.ephemeral.yes"}}
+					{{else}}
+						{{ctx.Locale.Tr "actions.runners.ephemeral.no"}}
+					{{end}}
+				</dd>
+			</div>
+			<div class="item">
+				<dt>{{ctx.Locale.Tr "actions.runners.description"}}</dt>
+				<dd>
+					{{if .Runner.Description}}
+						{{.Runner.Description}}
+					{{else}}
+						&mdash;
+					{{end}}
+				</dd>
+			</div>
+			<p class="tw-mt-8 tw-italic">{{ctx.Locale.Tr "actions.runners.runner_details.labels_note"}}</p>
+		</dl>
+	</div>
+
+	<h4 class="ui top attached header">
+		{{ctx.Locale.Tr "actions.runners.task_list"}}
+	</h4>
+	<div class="ui attached segment">
+		<table class="ui very basic striped table unstackable">
+			<thead>
+				<tr>
+					<th>{{ctx.Locale.Tr "actions.runners.task_list.run"}}</th>
+					<th>{{ctx.Locale.Tr "actions.runners.task_list.status"}}</th>
+					<th>{{ctx.Locale.Tr "actions.runners.task_list.repository"}}</th>
+					<th>{{ctx.Locale.Tr "actions.runners.task_list.commit"}}</th>
+					<th>{{ctx.Locale.Tr "actions.runners.task_list.done_at"}}</th>
+				</tr>
+			</thead>
+			<tbody>
+				{{range .Tasks}}
+				<tr>
+					<td><a href="{{.GetRunLink}}" target="_blank">{{.ID}}</a></td>
+					<td><span class="ui label task-status-{{.Status.String}}">{{.Status.LocaleString ctx.Locale}}</span></td>
+					<td><a href="{{.GetRepoLink}}" target="_blank">{{.GetRepoName}}</a></td>
+					<td>
+						<strong><a href="{{.GetCommitLink}}" target="_blank">{{ShortSha .CommitSHA}}</a></strong>
+					</td>
+					<td>{{if .IsStopped}}
+						<span>{{DateUtils.TimeSince .Stopped}}</span>
+						{{else}}-{{end}}</td>
+				</tr>
+				{{end}}
+				{{if not .Tasks}}
+				<tr>
+					<td colspan="5">{{ctx.Locale.Tr "actions.runners.task_list.no_tasks"}}</td>
+				</tr>
+				{{end}}
+			</tbody>
+		</table>
+		{{template "base/paginate" .}}
+	</div>
+</div>
diff --git a/templates/shared/actions/runner_edit.tmpl b/templates/shared/actions/runner_edit.tmpl
index 66e419c520..749a85a6a3 100644
--- a/templates/shared/actions/runner_edit.tmpl
+++ b/templates/shared/actions/runner_edit.tmpl
@@ -1,95 +1,34 @@
 <div class="runner-container">
 	<h4 class="ui top attached header">
-		{{ctx.Locale.Tr "actions.runners.runner_title"}} {{.Runner.ID}} {{.Runner.Name}}
+		{{ctx.Locale.Tr "actions.runners.edit_runner.title" .Runner.Name}}
 	</h4>
-	<div class="ui attached segment">
-		<form class="ui form" method="post">
-			{{template "base/disable_form_autofill"}}
-			<div class="runner-basic-info">
-				<div class="field tw-inline-block tw-mr-4">
-					<label>{{ctx.Locale.Tr "actions.runners.status"}}</label>
-					<span class="ui {{if .Runner.IsOnline}}green{{else}}basic{{end}} label">{{.Runner.StatusLocaleName ctx.Locale}}</span>
+	<form class="ui form attached segment" action="{{.Link}}" method="post">
+		<fieldset>
+			<legend>{{ctx.Locale.Tr "actions.runners.edit_runner.properties_fieldset"}}</legend>
+			<div class="form-field">
+				<label for="name">{{ctx.Locale.Tr "actions.runners.edit_runner.name_label"}}</label>
+				<input id="name" name="runner_name" type="text" value="{{.Runner.Name}}" {{if .Err_RunnerName}}class="error"{{end}}>
+			</div>
+			<div class="form-field">
+				<label for="description">{{ctx.Locale.Tr "actions.runners.edit_runner.description_label"}}</label>
+				<textarea id="description" name="runner_description" {{if .Err_RunnerDescription}}class="error"{{end}}>{{.Runner.Description}}</textarea>
+			</div>
+		</fieldset>
+		<fieldset>
+			<legend>{{ctx.Locale.Tr "actions.runners.edit_runner.properties_options"}}</legend>
+			<div class="form-field tw-flex tw-gap-x-4">
+				<div class="tw-flex tw-h-6 tw-items-center">
+					<input type="checkbox" id="regenerate_token" name="regenerate_token">
 				</div>
-				<div class="field tw-inline-block tw-mr-4">
-					<label>{{ctx.Locale.Tr "actions.runners.last_online"}}</label>
-					<span>{{if .Runner.LastOnline}}{{DateUtils.TimeSince .Runner.LastOnline}}{{else}}{{ctx.Locale.Tr "never"}}{{end}}</span>
-				</div>
-				<div class="field tw-inline-block tw-mr-4">
-					<label>{{ctx.Locale.Tr "actions.runners.labels"}}</label>
-					<span>
-						{{range .Runner.AgentLabels}}
-						<span class="ui label">{{.}}</span>
-						{{end}}
-					</span>
-				</div>
-				<div class="field tw-inline-block tw-mr-4">
-					<label>{{ctx.Locale.Tr "actions.runners.owner_type"}}</label>
-					<span data-tooltip-content="{{.Runner.BelongsToOwnerName}}">{{.Runner.BelongsToOwnerType.LocaleString ctx.Locale}}</span>
+				<div>
+					<label for="regenerate_token" class="tw-font-medium tw-m-0">{{ctx.Locale.Tr "actions.runners.edit_runner.regenerate_token_label"}}</label>
+					<p class="help">{{ctx.Locale.Tr "actions.runners.edit_runner.regenerate_token_help"}}</p>
 				</div>
 			</div>
-
-			<div class="divider"></div>
-
-			<div class="field">
-				<label for="description">{{ctx.Locale.Tr "actions.runners.description"}}</label>
-				<input id="description" name="description" value="{{.Runner.Description}}">
-			</div>
-
-			<div class="divider"></div>
-
-			<div class="field">
-				<button class="ui primary button" data-url="{{.Link}}">{{ctx.Locale.Tr "actions.runners.update_runner.button"}}</button>
-				<button class="ui red button delete-button" data-url="{{.Link}}/delete" data-modal-id="runner-delete-modal">
-					{{ctx.Locale.Tr "actions.runners.delete_runner.button"}}</button>
-			</div>
-		</form>
-	</div>
-
-	<h4 class="ui top attached header">
-		{{ctx.Locale.Tr "actions.runners.task_list"}}
-	</h4>
-	<div class="ui attached segment">
-		<table class="ui very basic striped table unstackable">
-			<thead>
-				<tr>
-					<th>{{ctx.Locale.Tr "actions.runners.task_list.run"}}</th>
-					<th>{{ctx.Locale.Tr "actions.runners.task_list.status"}}</th>
-					<th>{{ctx.Locale.Tr "actions.runners.task_list.repository"}}</th>
-					<th>{{ctx.Locale.Tr "actions.runners.task_list.commit"}}</th>
-					<th>{{ctx.Locale.Tr "actions.runners.task_list.done_at"}}</th>
-				</tr>
-			</thead>
-			<tbody>
-				{{range .Tasks}}
-				<tr>
-					<td><a href="{{.GetRunLink}}" target="_blank">{{.ID}}</a></td>
-					<td><span class="ui label task-status-{{.Status.String}}">{{.Status.LocaleString ctx.Locale}}</span></td>
-					<td><a href="{{.GetRepoLink}}" target="_blank">{{.GetRepoName}}</a></td>
-					<td>
-						<strong><a href="{{.GetCommitLink}}" target="_blank">{{ShortSha .CommitSHA}}</a></strong>
-					</td>
-					<td>{{if .IsStopped}}
-						<span>{{DateUtils.TimeSince .Stopped}}</span>
-						{{else}}-{{end}}</td>
-				</tr>
-				{{end}}
-				{{if not .Tasks}}
-				<tr>
-					<td colspan="5">{{ctx.Locale.Tr "actions.runners.task_list.no_tasks"}}</td>
-				</tr>
-				{{end}}
-			</tbody>
-		</table>
-		{{template "base/paginate" .}}
-	</div>
-	<div class="ui g-modal-confirm delete modal" id="runner-delete-modal">
-		<div class="header">
-			{{svg "octicon-trash"}}
-			{{ctx.Locale.Tr "actions.runners.delete_runner.header"}}
+		</fieldset>
+		<div class="form-buttons">
+			<a class="ui secondary button" href="{{$.RunnersListLink}}">{{ctx.Locale.Tr "actions.runners.edit_runner.cancel_button"}}</a>
+			<button class="ui primary button">{{ctx.Locale.Tr "actions.runners.edit_runner.save_button"}}</button>
 		</div>
-		<div class="content">
-			<p>{{ctx.Locale.Tr "actions.runners.delete_runner.notice"}}</p>
-		</div>
-		{{template "base/modal_actions_confirm" .}}
-	</div>
+	</form>
 </div>
diff --git a/templates/shared/actions/runner_list.tmpl b/templates/shared/actions/runner_list.tmpl
index ea28a7692f..e40aaaff3e 100644
--- a/templates/shared/actions/runner_list.tmpl
+++ b/templates/shared/actions/runner_list.tmpl
@@ -4,8 +4,8 @@
 		{{ctx.Locale.Tr "actions.runners.runner_manage_panel"}} ({{ctx.Locale.Tr "admin.total" .Total}})
 		<div class="ui right">
 			<div class="ui top right pointing dropdown">
-				<button class="ui primary tiny button">
-					{{ctx.Locale.Tr "actions.runners.new"}}
+				<button class="ui secondary tiny button">
+					{{ctx.Locale.Tr "actions.runners.show_registration_token"}}
 					{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 				</button>
 				<div class="menu">
@@ -14,7 +14,7 @@
 					</div>
 					<div class="divider"></div>
 					<div class="header">
-						Registration Token
+						{{ctx.Locale.Tr "actions.runners.reset_registration_token.token"}}
 					</div>
 					<div class="ui input">
 						<input type="text" value="{{.RegistrationToken}}">
@@ -28,7 +28,9 @@
 					</div>
 				</div>
 			</div>
-
+			<a class="ui primary tiny button" href="{{$.Link}}/new" tabindex="0">
+				{{ctx.Locale.Tr "actions.runners.new"}}
+			</a>
 		</div>
 	</h4>
 	<div class="ui attached segment">
@@ -37,59 +39,108 @@
 		</form>
 	</div>
 	<div class="ui attached table segment">
-		<table class="ui very basic striped table unstackable">
+		{{if .Runners}}
+		<table class="ui very basic striped table unstackable runner-list">
 			<thead>
 				<tr>
-					<th data-sortt-asc="online" data-sortt-desc="offline">
-						{{ctx.Locale.Tr "actions.runners.status"}}
-						{{SortArrow "online" "offline" .SortType false}}
-					</th>
-					<th data-sortt-asc="newest" data-sortt-desc="oldest">
-						{{ctx.Locale.Tr "actions.runners.id"}}
-						{{SortArrow "oldest" "newest" .SortType false}}
-					</th>
-					<th data-sortt-asc="alphabetically" data-sortt-desc="reversealphabetically">
+					<th scope="col" data-sortt-asc="alphabetically" data-sortt-desc="reversealphabetically">
 						{{ctx.Locale.Tr "actions.runners.name"}}
 						{{SortArrow "alphabetically" "reversealphabetically" .SortType false}}
 					</th>
-					<th>{{ctx.Locale.Tr "actions.runners.version"}}</th>
-					<th>{{ctx.Locale.Tr "actions.runners.owner_type"}}</th>
-					<th>{{ctx.Locale.Tr "actions.runners.labels"}}</th>
-					<th>{{ctx.Locale.Tr "actions.runners.last_online"}}</th>
-					<th>{{ctx.Locale.Tr "edit"}}</th>
+					<th scope="col">
+						{{ctx.Locale.Tr "actions.runners.labels"}}
+					</th>
+					<th scope="col">
+						{{ctx.Locale.Tr "actions.runners.owner_type"}}
+					</th>
+					<th scope="col" data-sortt-asc="online" data-sortt-desc="offline">
+						{{ctx.Locale.Tr "actions.runners.status"}}
+						{{SortArrow "online" "offline" .SortType false}}
+					</th>
+					<th scope="col">
+						<span class="tw-sr-only">{{ctx.Locale.Tr "actions.runners.list_runners.details_column"}}</span>
+					</th>
+					<th scope="col">
+						<span class="tw-sr-only">{{ctx.Locale.Tr "actions.runners.list_runners.edit_column"}}</span>
+					</th>
+					<th scope="col">
+						<span class="tw-sr-only">{{ctx.Locale.Tr "actions.runners.list_runners.delete_column"}}</span>
+					</th>
 				</tr>
 			</thead>
 			<tbody>
-				{{if .Runners}}
-					{{range .Runners}}
-					<tr>
-						<td>
-							<span class="ui {{if .IsOnline}}green{{end}} label">{{.StatusLocaleName ctx.Locale}}</span>
-						</td>
-						<td>{{.ID}}</td>
-						<td><p data-tooltip-content="{{.Description}}">{{.Name}}</p></td>
-						<td>{{if .Version}}{{.Version}}{{else}}{{ctx.Locale.Tr "unknown"}}{{end}}</td>
-						<td><span data-tooltip-content="{{.BelongsToOwnerName}}">{{.BelongsToOwnerType.LocaleString ctx.Locale}}</span></td>
-						<td class="tw-flex tw-flex-wrap tw-gap-2 runner-tags">
-							{{range .AgentLabels}}<span class="ui label">{{.}}</span>{{end}}
-						</td>
-						<td>{{if .LastOnline}}{{DateUtils.TimeSince .LastOnline}}{{else}}{{ctx.Locale.Tr "never"}}{{end}}</td>
-						<td class="runner-ops">
-							{{if .Editable $.RunnerOwnerID $.RunnerRepoID}}
-							<a href="{{$.Link}}/{{.ID}}">{{svg "octicon-pencil"}}</a>
+				{{range .Runners}}
+				<tr>
+					<td>
+						<div class="tw-font-medium">{{.Name}}</div>
+						<div class="tw-mt-1">{{.UUID}}</div>
+					</td>
+					<td class="tw-flex tw-items-start tw-flex-wrap tw-gap-2">
+						{{if gt (len .AgentLabels) 0}}
+							{{range .AgentLabels}}
+							<div class="ui label special">{{.}}</div>
 							{{end}}
-						</td>
-					</tr>
-					{{end}}
-				{{else}}
-					<tr>
-						<td class="center aligned" colspan="8">{{ctx.Locale.Tr "actions.runners.none"}}</td>
-					</tr>
+						{{else}}
+							&mdash;
+						{{end}}
+					</td>
+					<td>
+						{{.BelongsToOwnerType.LocaleString ctx.Locale}}
+					</td>
+					<td>
+						<div class="tw-flex tw-items-center tw-gap-x-2">
+							{{if .IsActive}}
+								<div class="indicator-active">
+									<div></div>
+								</div>
+							{{else if .IsIdle}}
+								<div class="indicator-idle">
+									<div></div>
+								</div>
+							{{else}}
+								<div class="indicator-offline">
+									<div></div>
+								</div>
+							{{end}}
+							<div>
+								{{.StatusLocaleName ctx.Locale}}
+							</div>
+						</div>
+					</td>
+					<td class="tw-text-right">
+						<a href="{{$.Link}}/{{.ID}}" class="runner-action-link" tabindex="0" aria-label="{{ctx.Locale.Tr "actions.runners.list_runners.details_button_aria" .Name}}">{{ctx.Locale.Tr "actions.runners.list_runners.details_button"}}</a>
+					</td>
+					<td class="tw-text-right">
+						{{if .Editable $.RunnerOwnerID $.RunnerRepoID}}
+							<a href="{{$.Link}}/{{.ID}}/edit" class="runner-action-link" tabindex="0" aria-label="{{ctx.Locale.Tr "actions.runners.list_runners.edit_button_aria" .Name}}">{{ctx.Locale.Tr "actions.runners.list_runners.edit_button"}}</a>
+						{{end}}
+					</td>
+					<td class="tw-text-right">
+						{{if .Editable $.RunnerOwnerID $.RunnerRepoID}}
+							<button class="delete-button runner-delete-link" aria-label="{{ctx.Locale.Tr "actions.runners.list_runners.delete_button_aria" .Name}}" data-url="{{$.Link}}/{{.ID}}/delete" data-modal-id="runner-delete-modal">{{ctx.Locale.Tr "actions.runners.list_runners.delete_button"}}</button>
+						{{end}}
+					</td>
+				</tr>
 				{{end}}
 			</tbody>
 		</table>
+		{{else}}
+		<div class="tw-flex tw-p-4">
+			{{ctx.Locale.Tr "actions.runners.none"}}
+		</div>
+		{{end}}
 	</div>
 
 	{{template "base/paginate" .}}
 
+	<div class="ui g-modal-confirm delete modal" id="runner-delete-modal">
+		<div class="header">
+			{{svg "octicon-trash"}}
+			{{ctx.Locale.Tr "actions.runners.delete_runner.header"}}
+		</div>
+		<div class="content">
+			<p>{{ctx.Locale.Tr "actions.runners.delete_runner.notice"}}</p>
+		</div>
+		{{template "base/modal_actions_confirm" .}}
+	</div>
 </div>
diff --git a/templates/shared/actions/runner_setup.tmpl b/templates/shared/actions/runner_setup.tmpl
new file mode 100644
index 0000000000..b18c995b3b
--- /dev/null
+++ b/templates/shared/actions/runner_setup.tmpl
@@ -0,0 +1,53 @@
+<div class="runner-container">
+	<h4 class="ui top attached header">
+		{{ctx.Locale.Tr "actions.runners.runner_setup.title" .Runner.Name}}
+		<div class="ui right">
+			<a class="ui secondary tiny button" href="{{.RunnersListLink}}" tabindex="0">
+				{{ctx.Locale.Tr "actions.runners.runner_setup.list_of_runners_link"}}
+			</a>
+		</div>
+	</h4>
+	<div class="ui attached segment">
+		<p>{{ctx.Locale.Tr "actions.runners.runner_setup.last_chance_copying_token"}}</p>
+		<dl>
+			<div class="item">
+				<dt>{{ctx.Locale.Tr "actions.runners.uuid"}}</dt>
+				<dd>
+					{{.Runner.UUID}}
+					<button class="ui basic label button"
+							aria-label="{{ctx.Locale.Tr "actions.runners.runner_setup.button_copy_uuid_aria"}}"
+							data-clipboard-text="{{.Runner.UUID}}">
+						{{svg "octicon-copy" 14}}
+					</button>
+				</dd>
+			</div>
+			<div class="item">
+				<dt>{{ctx.Locale.Tr "actions.runners.token"}}</dt>
+				<dd>
+					{{.Runner.Token}}
+					<button class="ui basic label button"
+							aria-label="{{ctx.Locale.Tr "actions.runners.runner_setup.button_copy_token_aria"}}"
+							data-clipboard-text="{{.Runner.Token}}">
+						{{svg "octicon-copy" 14}}
+					</button>
+				</dd>
+			</div>
+		</dl>
+		<h5>{{ctx.Locale.Tr "actions.runners.runner_setup.heading_using_configuration"}}</h5>
+		<pre><code aria-label="{{ctx.Locale.Tr "actions.runners.runner_setup.configuration_snippet_aria"}}">server:
+&nbsp;&nbsp;connections:
+&nbsp;&nbsp;&nbsp;&nbsp;forgejo:
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;url: {{.AppURL}}
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;uuid: {{.Runner.UUID}}
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;token: {{.Runner.Token}}
+</code></pre>
+		<p>{{ctx.Locale.Tr "actions.runners.runner_setup.instruction_replace_connection_name"}}</p>
+		<h5>{{ctx.Locale.Tr "actions.runners.runner_setup.heading_using_options"}}</h5>
+		<pre><code aria-label="{{ctx.Locale.Tr "actions.runners.runner_setup.program_options_snippet_aria"}}">forgejo-runner daemon \
+	--url {{.AppURL}} \
+	--uuid {{.Runner.UUID}} \
+	--token {{.Runner.Token}}
+</code></pre>
+		<p>{{ctx.Locale.Tr "actions.runners.runner_setup.instruction_advanced_configurations"}}</p>
+	</div>
+</div>
diff --git a/templates/user/settings/runner_create.tmpl b/templates/user/settings/runner_create.tmpl
new file mode 100644
index 0000000000..1c6371d7f4
--- /dev/null
+++ b/templates/user/settings/runner_create.tmpl
@@ -0,0 +1,5 @@
+{{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings runners")}}
+<div class="user-setting-content">
+	{{template "shared/actions/runner_create" .}}
+</div>
+{{template "user/settings/layout_footer" .}}
diff --git a/templates/user/settings/runner_details.tmpl b/templates/user/settings/runner_details.tmpl
new file mode 100644
index 0000000000..ed159da955
--- /dev/null
+++ b/templates/user/settings/runner_details.tmpl
@@ -0,0 +1,5 @@
+{{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings runners")}}
+<div class="user-setting-content">
+	{{template "shared/actions/runner_details" .}}
+</div>
+{{template "user/settings/layout_footer" .}}
diff --git a/templates/user/settings/runner_setup.tmpl b/templates/user/settings/runner_setup.tmpl
new file mode 100644
index 0000000000..ad6998d641
--- /dev/null
+++ b/templates/user/settings/runner_setup.tmpl
@@ -0,0 +1,5 @@
+{{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings runners")}}
+<div class="user-setting-content">
+	{{template "shared/actions/runner_setup" .}}
+</div>
+{{template "user/settings/layout_footer" .}}
diff --git a/tests/e2e/e2e_test.go b/tests/e2e/e2e_test.go
index 34bedf9dc8..9168cb8b51 100644
--- a/tests/e2e/e2e_test.go
+++ b/tests/e2e/e2e_test.go
@@ -114,6 +114,9 @@ func TestE2e(t *testing.T) {
 				defer test.MockVariableValue(&setting.Quota.Enabled, true)()
 				defer test.MockVariableValue(&testE2eWebRoutes, routers.NormalRoutes())()
 			}
+			if testname == "runner-management.test.e2e" {
+				defer unittest.OverrideFixtures("tests/e2e/fixtures/runner-management")()
+			}
 
 			// Default 2 minute timeout
 			onForgejoRun(t, func(*testing.T, *url.URL) {
diff --git a/tests/e2e/fixtures/runner-management/action_runner.yml b/tests/e2e/fixtures/runner-management/action_runner.yml
new file mode 100644
index 0000000000..54f45da349
--- /dev/null
+++ b/tests/e2e/fixtures/runner-management/action_runner.yml
@@ -0,0 +1,69 @@
+- id: 719931
+  uuid: "8f940b0b-32a2-479a-9d48-06ab8d8a0b90"
+  name: "runner-1"
+  version: "dev"
+  owner_id: 3
+  repo_id: 0
+  description: "A superb runner"
+  agent_labels: ["debian", "gpu"]
+  deleted: 0
+- id: 719932
+  uuid: "3a20ad8d-d5d6-4b7b-ba55-841ac8264c17"
+  name: "runner-2"
+  version: "11.3.1"
+  owner_id: 2
+  repo_id: 0
+  description: "An exclusive runner"
+  agent_labels: ["docker"]
+  # token: 9730f9d2c6c731f07582788d1a1fe72a6b999a17
+  token_hash: ceb24f8ebc06fa5d0bb5a8dcab6f67b9bbc1f0c2f13313aefa0b81fe961ecc1feaad182d2b7f15fe6df0da8c17b12a9b11ef
+  token_salt: 53GUbQ9nih0vBemnIxV5sU
+  deleted: 0
+- id: 719933
+  uuid: "11c9a6da-0a92-46ea-a4f1-b6c98f8c781c"
+  name: "runner-3"
+  version: "11.3.1"
+  owner_id: 17
+  repo_id: 0
+  description: "Another fine runner"
+  agent_labels: ["fedora"]
+  deleted: 0
+- id: 719934
+  uuid: "1ef59b64-93b7-4ad4-ade4-21ca13db49c0"
+  name: "runner-4"
+  version: "12.2.0"
+  owner_id: 0
+  repo_id: 0
+  description: "A runner for everyone"
+  agent_labels: ["docker"]
+  # token: 1ad04b98cafcc7461ef562b7ff07d1ade169eefb
+  token_hash: 2aafaefc1690601106c0ccca874140828eb9f98e7719e58f3d399d4c64d11b1a251bd7363ff6fd4d1dbce852558987066334
+  token_salt: 9--ISaaA6tHZbXMY6dqlqy
+  deleted: 0
+- id: 719935
+  uuid: "69d29449-1de5-4d17-845d-e3ae11a04a1b"
+  name: "runner-5"
+  version: "12.0.0"
+  owner_id: 1
+  repo_id: 0
+  description: ""
+  agent_labels: ["debian"]
+  deleted: 0
+- id: 719936
+  uuid: "9da25fbb-89a5-4520-a35a-d55fc94e4b76"
+  name: "runner-6"
+  version: "12.1.0"
+  owner_id: 0
+  repo_id: 62
+  description: ""
+  agent_labels: ["debian"]
+  deleted: 0
+- id: 719937
+  uuid: "d935307e-1d2d-4b61-8885-bc8a1c52c269"
+  name: "runner-7"
+  version: "12.1.0"
+  owner_id: 4
+  repo_id: 0
+  description: ""
+  agent_labels: ["alpine"]
+  deleted: 0
diff --git a/tests/e2e/fixtures/runner-management/action_task.yml b/tests/e2e/fixtures/runner-management/action_task.yml
new file mode 100644
index 0000000000..892e22e6cc
--- /dev/null
+++ b/tests/e2e/fixtures/runner-management/action_task.yml
@@ -0,0 +1,15 @@
+- id: 88931
+  attempt: 1
+  runner_id: 719934
+  status: 6 # StatusRunning
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: ed38c5a46c32eb907856178977fef0062cf407c3
+
+- id: 88932
+  attempt: 1
+  runner_id: 719934
+  status: 5 # StatusWaiting
+  repo_id: 1
+  owner_id: 2 # user2
+  commit_sha: 49f55ab99b8ea6a84cae04d265822c93afdc3d50
diff --git a/tests/e2e/runner-management.test.e2e.ts b/tests/e2e/runner-management.test.e2e.ts
new file mode 100644
index 0000000000..04e3e1d168
--- /dev/null
+++ b/tests/e2e/runner-management.test.e2e.ts
@@ -0,0 +1,706 @@
+// @watch start
+// modules/actions/**
+// routers/web/shared/actions/**
+// routers/web/web.go
+// services/forms/runner.go
+// templates/admin/runners/**
+// templates/org/settings/runner*
+// templates/repo/settings/runner*
+// templates/shared/actions/runner*
+// templates/user/settings/runner*
+// web_src/css/actions.css
+// @watch end
+
+import {test} from './utils_e2e.ts';
+import {expect} from '@playwright/test';
+
+const uuidPattern = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/;
+const tokenPattern = /^[0-9a-f]{40}$/;
+
+test.describe('Runners of user2', () => {
+  test.use({user: 'user2'});
+
+  test('usable runners are visible', async ({page}) => {
+    await page.goto('/user/settings/actions/runners');
+
+    await expect(page.getByRole('heading', {name: 'Manage runners'})).toBeVisible();
+
+    const runnerContainer = page.locator('.runner-container');
+    const rows = runnerContainer.getByRole('row');
+
+    // We cannot assert the length of the table because it's influenced by global fixtures. It also changes depending on
+    // the ordering of tests.
+    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Details Edit Delete');
+    await expect(page.locator('tbody tr:has-text("3a20ad8d-d5d6-4b7b-ba55-841ac8264c17")')).toMatchAriaSnapshot(`
+      - cell "runner-2 3a20ad8d-d5d6-4b7b-ba55-841ac8264c17"
+      - cell "docker"
+      - cell "Individual"
+      - cell "Offline"
+      - cell "Show details of runner-2"
+      - cell "Edit runner-2"
+      - cell "Delete runner-2"
+    `);
+    await expect(page.locator('tbody tr:has-text("1ef59b64-93b7-4ad4-ade4-21ca13db49c0")')).toMatchAriaSnapshot(`
+      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0"
+      - cell "docker"
+      - cell "Global"
+      - cell "Offline"
+      - cell "Show details of runner-4"
+      - cell
+      - cell
+    `);
+
+    await page.getByRole('link', {name: 'Show details of runner-2', exact: true}).click();
+    await expect(page).toHaveTitle(/^Runner runner-2 .*/);
+
+    await page.goto('/user/settings/actions/runners');
+
+    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+    await expect(page).toHaveTitle(/^Runner runner-4 .*/);
+  });
+
+  test('runner details with tasks of repositories owned by user', async ({page}) => {
+    await page.goto('/user/settings/actions/runners');
+
+    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+    await expect(page).toHaveTitle(/^Runner runner-4 .*/);
+
+    await expect(page.getByRole('heading', {name: 'Runner runner-4'})).toBeVisible();
+
+    await expect(page.getByLabel('Properties of runner-4')).toMatchAriaSnapshot(`
+      - term: UUID
+      - definition: ${uuidPattern}
+      - term: Type
+      - definition: Global
+      - term: Labels
+      - definition: docker
+      - term: Last online time
+      - definition: Never
+      - term: Status
+      - definition: Offline
+      - term: Ephemeral
+      - definition: "no"
+      - term: Description
+      - definition: A runner for everyone
+    `);
+
+    await expect(page.getByRole('heading', {name: 'Recent tasks on this runner '})).toBeVisible();
+
+    const rows = page.getByRole('row');
+
+    // Only tasks from repositories owned by user2 should appear.
+    await expect(rows).toHaveCount(2);
+    await expect(rows.nth(0)).toHaveAccessibleName('Run Status Repository Commit Done at');
+    await expect(rows.nth(1)).toHaveAccessibleName('88932 Waiting 49f55ab99b -');
+  });
+
+  test('create new runner', async ({page}) => {
+    await page.goto('/user/settings/actions/runners');
+
+    await expect(page.getByRole('heading', {name: 'Manage runners'})).toBeVisible();
+
+    await page.getByRole('link', {name: 'Create new runner'}).click();
+
+    await expect(page).toHaveTitle(/^Create new runner .*/);
+
+    // Submit an invalid form to test validation.
+    await page.getByRole('button', {name: 'Create'}).click();
+    await expect(page.getByRole('paragraph')).toHaveText('Name cannot be empty.');
+
+    // Submit a valid form to create a runner.
+    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-991301');
+    await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-991301');
+
+    await page.getByRole('button', {name: 'Create'}).click();
+
+    // Verify set up instructions.
+    await expect(page).toHaveTitle(/^Set up runner runner-991301 .*/);
+    await expect(page.getByRole('heading', {name: 'Set up runner runner-991301'})).toBeVisible();
+
+    await page.getByRole('button', {name: 'Copy runner UUID'}).click();
+    const runnerUUID = await page.evaluate(() => navigator.clipboard.readText());
+    expect(runnerUUID).toMatch(uuidPattern);
+
+    await page.getByRole('button', {name: 'Copy runner token'}).click();
+    const runnerToken = await page.evaluate(() => navigator.clipboard.readText());
+    expect(runnerToken).toMatch(tokenPattern);
+
+    await expect(page.getByRole('term')).toHaveText(['UUID', 'Token']);
+    await expect(page.getByRole('definition')).toContainText([runnerUUID, runnerToken]);
+
+    await expect(page.getByRole('heading', {name: 'Using the runner configuration file'})).toBeVisible();
+    await expect(page.getByLabel('Snippet to insert into the runner configuration')).toContainText(`uuid: ${runnerUUID}`);
+    await expect(page.getByLabel('Snippet to insert into the runner configuration')).toContainText(`token: ${runnerToken}`);
+
+    await expect(page.getByRole('heading', {name: 'Using program options'})).toBeVisible();
+    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--uuid ${runnerUUID}`);
+    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--token ${runnerToken}`);
+
+    // Go back to list of runners.
+    await page.getByRole('link', {name: 'List of runners', exact: true}).click();
+
+    await expect(page.locator(`tbody tr:has-text("${runnerUUID}")`)).toMatchAriaSnapshot(`
+      - cell "runner-991301 ${runnerUUID}"
+      - cell ""
+      - cell "Individual"
+      - cell "Offline"
+      - cell "Show details of runner-991301"
+      - cell "Edit runner-991301"
+      - cell "Delete runner-991301"
+    `);
+  });
+
+  test('edit runner without changing its token', async ({page}) => {
+    await page.goto('/user/settings/actions/runners');
+
+    // We have to create a new runner because changes to fixtures would affect the remainder of the tests in this file.
+    await page.getByRole('link', {name: 'Create new runner'}).click();
+    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-46635');
+    await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-46635');
+    await page.getByRole('button', {name: 'Create'}).click();
+
+    // Go back to list of runners.
+    await page.getByRole('link', {name: 'Runners', exact: true}).click();
+
+    // Edit the runner that was just created.
+    await page.getByRole('link', {name: 'Edit runner-46635'}).click();
+
+    await expect(page).toHaveTitle(/^Edit runner runner-46635 .*/);
+    await expect(page.getByRole('heading', {name: 'Edit runner runner-46635'})).toBeVisible();
+
+    // Make the form invalid to test validation.
+    await page.getByRole('textbox', {name: 'Name*'}).clear();
+    await page.getByRole('button', {name: 'Save'}).click();
+
+    await expect(page.locator('#flash-message')).toHaveText('Name cannot be empty.');
+    await expect(page.getByRole('textbox', {name: 'Name*'})).toBeEmpty();
+    await expect(page.getByRole('textbox', {name: 'Description'})).toHaveValue('Description of runner-46635');
+
+    // Submit a valid form.
+    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-46636');
+    await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-46636');
+
+    await page.getByRole('button', {name: 'Save'}).click();
+
+    // Verify that the runner's properties were updated properly.
+    await expect(page).toHaveTitle(/^Runner runner-46636 .*/);
+    await expect(page.locator('#flash-message')).toHaveText('Runner edited successfully');
+    await expect(page.getByRole('heading', {name: 'Runner runner-46636'})).toBeVisible();
+
+    await expect(page.getByLabel('Properties of runner-46636')).toMatchAriaSnapshot(`
+      - term: UUID
+      - definition: ${uuidPattern}
+      - term: Type
+      - definition: Individual
+      - term: Labels
+      - definition
+      - term: Last online time
+      - definition: Never
+      - term: Status
+      - definition: Offline
+      - term: Ephemeral
+      - definition: "no"
+      - term: Description
+      - definition: Description of runner-46636
+    `);
+  });
+
+  test('regenerate runner token', async ({page}) => {
+    await page.goto('/user/settings/actions/runners');
+
+    await page.getByRole('link', {name: 'Edit runner-2', exact: true}).click();
+
+    await expect(page).toHaveTitle(/^Edit runner runner-2 .*/);
+    await expect(page.getByRole('heading', {name: 'Edit runner runner-2'})).toBeVisible();
+
+    await page.getByRole('checkbox', {name: 'Regenerate token'}).check();
+    await page.getByRole('button', {name: 'Save'}).click();
+
+    // Verify set up instructions.
+    await expect(page).toHaveTitle(/^Set up runner runner-2 .*/);
+    await expect(page.getByRole('heading', {name: 'Set up runner runner-2'})).toBeVisible();
+
+    await page.getByRole('button', {name: 'Copy runner UUID'}).click();
+    const runnerUUID = await page.evaluate(() => navigator.clipboard.readText());
+    expect(runnerUUID).toEqual('3a20ad8d-d5d6-4b7b-ba55-841ac8264c17');
+
+    await page.getByRole('button', {name: 'Copy runner token'}).click();
+    const runnerToken = await page.evaluate(() => navigator.clipboard.readText());
+    expect(runnerToken).not.toEqual('9730f9d2c6c731f07582788d1a1fe72a6b999a17');
+    expect(runnerToken).toMatch(tokenPattern);
+
+    await expect(page.getByRole('term')).toHaveText(['UUID', 'Token']);
+    await expect(page.getByRole('definition')).toContainText([runnerUUID, runnerToken]);
+
+    await expect(page.getByRole('heading', {name: 'Using the runner configuration file'})).toBeVisible();
+    await expect(page.getByLabel('Snippet to insert into the runner configuration')).toContainText(`uuid: ${runnerUUID}`);
+    await expect(page.getByLabel('Snippet to insert into the runner configuration')).toContainText(`token: ${runnerToken}`);
+
+    await expect(page.getByRole('heading', {name: 'Using program options'})).toBeVisible();
+    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--uuid ${runnerUUID}`);
+    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--token ${runnerToken}`);
+  });
+
+  test('delete runner', async ({page}) => {
+    await page.goto('/user/settings/actions/runners');
+
+    // We have to create a new runner because changes to fixtures affect the remainder of the tests in this file.
+    await page.getByRole('link', {name: 'Create new runner'}).click();
+    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-660332');
+    await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-660332');
+    await page.getByRole('button', {name: 'Create'}).click();
+
+    // Go back to list of runners.
+    await page.getByRole('link', {name: 'Runners', exact: true}).click();
+
+    await expect(page.getByRole('heading', {name: 'Manage runners'})).toBeVisible();
+    await expect(page.getByRole('document')).toContainText('runner-660332');
+
+    // Delete the runner that was just created.
+    await page.getByRole('button', {name: 'Delete runner-660332'}).click();
+
+    // Confirm deletion
+    await expect(page.getByRole('document')).toContainText('Confirm to delete this runner');
+
+    await page.getByRole('button', {name: 'Yes', exact: true}).click();
+
+    // Verify that the runner is gone.
+    await expect(page.locator('#flash-message')).toHaveText('Runner deleted successfully');
+    await expect(page.getByRole('document')).not.toContainText('runner-660332');
+  });
+});
+
+test.describe('Global runners', () => {
+  test.use({user: 'user1'});
+
+  test('all runners are visible', async ({page}) => {
+    await page.goto('/admin/actions/runners');
+
+    await expect(page.getByRole('heading', {name: 'Manage runners'})).toBeVisible();
+
+    const runnerContainer = page.locator('.runner-container');
+    const rows = runnerContainer.getByRole('row');
+
+    // We cannot assert the length of the table because it's influenced by global fixtures. It also changes depending on
+    // the ordering of tests.
+    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Details Edit Delete');
+    await expect(page.locator('tbody tr:has-text("8f940b0b-32a2-479a-9d48-06ab8d8a0b90")')).toMatchAriaSnapshot(`
+      - cell "runner-1 8f940b0b-32a2-479a-9d48-06ab8d8a0b90"
+      - cell "debian gpu"
+      - cell "Organization"
+      - cell "Offline"
+      - cell "Show details of runner-1"
+      - cell "Edit runner-1"
+      - cell "Delete runner-1"
+    `);
+    await expect(page.locator('tbody tr:has-text("3a20ad8d-d5d6-4b7b-ba55-841ac8264c17")')).toMatchAriaSnapshot(`
+      - cell "runner-2 3a20ad8d-d5d6-4b7b-ba55-841ac8264c17"
+      - cell "docker"
+      - cell "Individual"
+      - cell "Offline"
+      - cell "Show details of runner-2"
+      - cell "Edit runner-2"
+      - cell "Delete runner-2"
+    `);
+    await expect(page.locator('tbody tr:has-text("11c9a6da-0a92-46ea-a4f1-b6c98f8c781c")')).toMatchAriaSnapshot(`
+      - cell "runner-3 11c9a6da-0a92-46ea-a4f1-b6c98f8c781c"
+      - cell "fedora"
+      - cell "Organization"
+      - cell "Offline"
+      - cell "Show details of runner-3"
+      - cell "Edit runner-3"
+      - cell "Delete runner-3"
+    `);
+    await expect(page.locator('tbody tr:has-text("1ef59b64-93b7-4ad4-ade4-21ca13db49c0")')).toMatchAriaSnapshot(`
+      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0"
+      - cell "docker"
+      - cell "Global"
+      - cell "Offline"
+      - cell "Show details of runner-4"
+      - cell "Edit runner-4"
+      - cell "Delete runner-4"
+    `);
+    await expect(page.locator('tbody tr:has-text("69d29449-1de5-4d17-845d-e3ae11a04a1b")')).toMatchAriaSnapshot(`
+      - cell "runner-5 69d29449-1de5-4d17-845d-e3ae11a04a1b"
+      - cell "debian"
+      - cell "Individual"
+      - cell "Offline"
+      - cell "Show details of runner-5"
+      - cell "Edit runner-5"
+      - cell "Delete runner-5"
+    `);
+    await expect(page.locator('tbody tr:has-text("9da25fbb-89a5-4520-a35a-d55fc94e4b76")')).toMatchAriaSnapshot(`
+      - cell "runner-6 9da25fbb-89a5-4520-a35a-d55fc94e4b76"
+      - cell "debian"
+      - cell "Repository"
+      - cell "Offline"
+      - cell "Show details of runner-6"
+      - cell "Edit runner-6"
+      - cell "Delete runner-6"
+    `);
+    await expect(page.locator('tbody tr:has-text("d935307e-1d2d-4b61-8885-bc8a1c52c269")')).toMatchAriaSnapshot(`
+      - cell "runner-7 d935307e-1d2d-4b61-8885-bc8a1c52c269"
+      - cell "alpine"
+      - cell "Individual"
+      - cell "Offline"
+      - cell "Show details of runner-7"
+      - cell "Edit runner-7"
+      - cell "Delete runner-7"
+    `);
+  });
+
+  test('runner details with all tasks visible on details page', async ({page}) => {
+    await page.goto('/admin/actions/runners');
+
+    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+
+    await expect(page).toHaveTitle(/^Runner runner-4 .*/);
+    await expect(page.getByRole('heading', {name: 'Runner runner-4'})).toBeVisible();
+
+    await expect(page.getByLabel('Properties of runner-4')).toMatchAriaSnapshot(`
+      - term: UUID
+      - definition: ${uuidPattern}
+      - term: Type
+      - definition: Global
+      - term: Labels
+      - definition: docker
+      - term: Last online time
+      - definition: Never
+      - term: Status
+      - definition: Offline
+      - term: Ephemeral
+      - definition: "no"
+      - term: Description
+      - definition: A runner for everyone
+    `);
+
+    await expect(page.getByRole('heading', {name: 'Recent tasks on this runner '})).toBeVisible();
+
+    const rows = page.getByRole('row');
+
+    // Only tasks from repositories owned by user2 should appear.
+    await expect(rows).toHaveCount(3);
+    await expect(rows.nth(0)).toHaveAccessibleName('Run Status Repository Commit Done at');
+    await expect(rows.nth(1)).toHaveAccessibleName('88932 Waiting 49f55ab99b -');
+    await expect(rows.nth(2)).toHaveAccessibleName('88931 Running ed38c5a46c -');
+  });
+
+  test('create new runner', async ({page}) => {
+    await page.goto('/admin/actions/runners');
+
+    await expect(page.getByRole('heading', {name: 'Manage runners'})).toBeVisible();
+
+    await page.getByRole('link', {name: 'Create new runner'}).click();
+
+    await expect(page).toHaveTitle(/^Create new runner .*/);
+
+    // Submit an invalid form to test validation.
+    await page.getByRole('button', {name: 'Create'}).click();
+    await expect(page.getByRole('paragraph')).toHaveText('Name cannot be empty.');
+
+    // Submit a valid form to create a runner.
+    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-473465');
+    await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-473465');
+
+    await page.getByRole('button', {name: 'Create'}).click();
+
+    // Verify set up instructions.
+    await expect(page).toHaveTitle(/^Set up runner runner-473465 .*/);
+    await expect(page.getByRole('heading', {name: 'Set up runner runner-473465'})).toBeVisible();
+
+    await page.getByRole('button', {name: 'Copy runner UUID'}).click();
+    const runnerUUID = await page.evaluate(() => navigator.clipboard.readText());
+    expect(runnerUUID).toMatch(uuidPattern);
+
+    await page.getByRole('button', {name: 'Copy runner token'}).click();
+    const runnerToken = await page.evaluate(() => navigator.clipboard.readText());
+    expect(runnerToken).toMatch(tokenPattern);
+
+    await expect(page.getByRole('term')).toHaveText(['UUID', 'Token']);
+    await expect(page.getByRole('definition')).toContainText([runnerUUID, runnerToken]);
+
+    await expect(page.getByRole('heading', {name: 'Using the runner configuration file'})).toBeVisible();
+    await expect(page.getByLabel('Snippet to insert into the runner configuration')).toContainText(`uuid: ${runnerUUID}`);
+    await expect(page.getByLabel('Snippet to insert into the runner configuration')).toContainText(`token: ${runnerToken}`);
+
+    await expect(page.getByRole('heading', {name: 'Using program options'})).toBeVisible();
+    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--uuid ${runnerUUID}`);
+    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--token ${runnerToken}`);
+
+    // Go back to list of runners.
+    await page.getByRole('link', {name: 'List of runners', exact: true}).click();
+
+    await expect(page.locator(`tbody tr:has-text("${runnerUUID}")`)).toMatchAriaSnapshot(`
+      - cell "runner-473465 ${runnerUUID}"
+      - cell ""
+      - cell "Global"
+      - cell "Offline"
+      - cell "Show details of runner-473465"
+      - cell "Edit runner-473465"
+      - cell "Delete runner-473465"
+    `);
+  });
+
+  test('edit runner without changing its token', async ({page}) => {
+    await page.goto('/admin/actions/runners');
+
+    // We have to create a new runner because changes to fixtures would affect the remainder of the tests in this file.
+    await page.getByRole('link', {name: 'Create new runner'}).click();
+    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-956857');
+    await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-956857');
+    await page.getByRole('button', {name: 'Create'}).click();
+
+    // Go back to list of runners.
+    await page.getByRole('link', {name: 'Runners', exact: true}).click();
+
+    // Edit the runner that was just created.
+    await page.getByRole('link', {name: 'Edit runner-956857'}).click();
+
+    await expect(page).toHaveTitle(/^Edit runner runner-956857 .*/);
+    await expect(page.getByRole('heading', {name: 'Edit runner runner-956857'})).toBeVisible();
+
+    // Make the form invalid to test validation.
+    await page.getByRole('textbox', {name: 'Name*'}).clear();
+    await page.getByRole('button', {name: 'Save'}).click();
+
+    await expect(page.locator('#flash-message')).toHaveText('Name cannot be empty.');
+    await expect(page.getByRole('textbox', {name: 'Name*'})).toBeEmpty();
+    await expect(page.getByRole('textbox', {name: 'Description'})).toHaveValue('Description of runner-956857');
+
+    // Submit a valid form.
+    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-956858');
+    await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-956858');
+
+    await page.getByRole('button', {name: 'Save'}).click();
+
+    // Verify that the runner's properties were updated properly.
+    await expect(page).toHaveTitle(/^Runner runner-956858 .*/);
+    await expect(page.locator('#flash-message')).toHaveText('Runner edited successfully');
+    await expect(page.getByRole('heading', {name: 'Runner runner-956858'})).toBeVisible();
+
+    await expect(page.getByLabel('Properties of runner-956858')).toMatchAriaSnapshot(`
+      - term: UUID
+      - definition: ${uuidPattern}
+      - term: Type
+      - definition: Global
+      - term: Labels
+      - definition
+      - term: Last online time
+      - definition: Never
+      - term: Status
+      - definition: Offline
+      - term: Ephemeral
+      - definition: "no"
+      - term: Description
+      - definition: Description of runner-956858
+    `);
+  });
+
+  test('delete runner', async ({page}) => {
+    await page.goto('/admin/actions/runners');
+
+    // We have to create a new runner because changes to fixtures affect the remainder of the tests in this file.
+    await page.getByRole('link', {name: 'Create new runner'}).click();
+    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-650332');
+    await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-650332');
+    await page.getByRole('button', {name: 'Create'}).click();
+
+    // Go back to list of runners.
+    await page.getByRole('link', {name: 'Runners', exact: true}).click();
+
+    await expect(page.getByRole('heading', {name: 'Manage runners'})).toBeVisible();
+    await expect(page.getByRole('document')).toContainText('runner-650332');
+
+    // Delete the runner that was just created.
+    await page.getByRole('button', {name: 'Delete runner-650332'}).click();
+
+    // Confirm deletion
+    await expect(page.getByRole('document')).toContainText('Confirm to delete this runner');
+
+    await page.getByRole('button', {name: 'Yes', exact: true}).click();
+
+    // Verify that the runner is gone.
+    await expect(page.locator('#flash-message')).toHaveText('Runner deleted successfully');
+    await expect(page.getByRole('document')).not.toContainText('runner-650332');
+  });
+});
+
+test.describe('Organization runners', () => {
+  test.use({user: 'user2'});
+
+  test('usable runners are visible', async ({page}) => {
+    await page.goto('/org/org3/settings/actions/runners');
+
+    await expect(page.getByRole('heading', {name: 'Manage runners'})).toBeVisible();
+
+    const runnerContainer = page.locator('.runner-container');
+    const rows = runnerContainer.getByRole('row');
+
+    // We cannot assert the length of the table because it's influenced by global fixtures. It also changes depending on
+    // the ordering of tests.
+    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Details Edit Delete');
+    await expect(page.locator('tbody tr:has-text("8f940b0b-32a2-479a-9d48-06ab8d8a0b90")')).toMatchAriaSnapshot(`
+      - cell "runner-1 8f940b0b-32a2-479a-9d48-06ab8d8a0b90"
+      - cell "debian gpu"
+      - cell "Organization"
+      - cell "Offline"
+      - cell "Show details of runner-1"
+      - cell "Edit runner-1"
+      - cell "Delete runner-1"
+    `);
+    await expect(page.locator('tbody tr:has-text("1ef59b64-93b7-4ad4-ade4-21ca13db49c0")')).toMatchAriaSnapshot(`
+      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0"
+      - cell "docker"
+      - cell "Global"
+      - cell "Offline"
+      - cell "Show details of runner-4"
+      - cell
+      - cell
+    `);
+    await expect(page.locator('tbody tr:has-text("3a20ad8d-d5d6-4b7b-ba55-841ac8264c17")')).toBeHidden();
+    await expect(page.locator('tbody tr:has-text("11c9a6da-0a92-46ea-a4f1-b6c98f8c781c")')).toBeHidden();
+    await expect(page.locator('tbody tr:has-text("69d29449-1de5-4d17-845d-e3ae11a04a1b")')).toBeHidden();
+    await expect(page.locator('tbody tr:has-text("9da25fbb-89a5-4520-a35a-d55fc94e4b76")')).toBeHidden();
+    await expect(page.locator('tbody tr:has-text("d935307e-1d2d-4b61-8885-bc8a1c52c269")')).toBeHidden();
+
+    // Verify that details of usable runners are accessible.
+    await page.getByRole('link', {name: 'Show details of runner-1', exact: true}).click();
+    await expect(page).toHaveTitle(/^Runner runner-1 .*/);
+
+    await page.goto('/org/org3/settings/actions/runners');
+
+    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+    await expect(page).toHaveTitle(/^Runner runner-4 .*/);
+  });
+
+  test('runner details with tasks of repositories owned by organization', async ({page}) => {
+    await page.goto('/org/org3/settings/actions/runners');
+
+    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+
+    await expect(page).toHaveTitle(/^Runner runner-4 .*/);
+    await expect(page.getByRole('heading', {name: 'Runner runner-4'})).toBeVisible();
+
+    await expect(page.getByLabel('Properties of runner-4')).toMatchAriaSnapshot(`
+      - term: UUID
+      - definition: ${uuidPattern}
+      - term: Type
+      - definition: Global
+      - term: Labels
+      - definition: docker
+      - term: Last online time
+      - definition: Never
+      - term: Status
+      - definition: Offline
+      - term: Ephemeral
+      - definition: "no"
+      - term: Description
+      - definition: A runner for everyone
+    `);
+
+    await expect(page.getByRole('heading', {name: 'Recent tasks on this runner '})).toBeVisible();
+
+    const rows = page.getByRole('row');
+
+    // Only tasks from repositories owned by org3 should appear.
+    await expect(rows).toHaveCount(2);
+    await expect(rows.nth(0)).toHaveAccessibleName('Run Status Repository Commit Done at');
+    await expect(rows.nth(1)).toHaveAccessibleName('88931 Running ed38c5a46c -');
+  });
+});
+
+test.describe('Repository runners', () => {
+  test.use({user: 'user2'});
+
+  test('usable runners are visible', async ({page}) => {
+    await page.goto('/user2/test_workflows/settings/actions/runners');
+
+    await expect(page.getByRole('heading', {name: 'Manage runners'})).toBeVisible();
+
+    const runnerContainer = page.locator('.runner-container');
+    const rows = runnerContainer.getByRole('row');
+
+    // We cannot assert the length of the table because it's influenced by global fixtures. It also changes depending on
+    // the ordering of tests.
+    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Details Edit Delete');
+    await expect(page.locator('tbody tr:has-text("3a20ad8d-d5d6-4b7b-ba55-841ac8264c17")')).toMatchAriaSnapshot(`
+      - cell "runner-2 3a20ad8d-d5d6-4b7b-ba55-841ac8264c17"
+      - cell "docker"
+      - cell "Individual"
+      - cell "Offline"
+      - cell "Show details of runner-2"
+      - cell
+      - cell
+    `);
+    await expect(page.locator('tbody tr:has-text("1ef59b64-93b7-4ad4-ade4-21ca13db49c0")')).toMatchAriaSnapshot(`
+      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0"
+      - cell "docker"
+      - cell "Global"
+      - cell "Offline"
+      - cell "Show details of runner-4"
+      - cell
+      - cell
+    `);
+    await expect(page.locator('tbody tr:has-text("9da25fbb-89a5-4520-a35a-d55fc94e4b76")')).toMatchAriaSnapshot(`
+      - cell "runner-6 9da25fbb-89a5-4520-a35a-d55fc94e4b76"
+      - cell "debian"
+      - cell "Repository"
+      - cell "Offline"
+      - cell "Show details of runner-6"
+      - cell "Edit runner-6"
+      - cell "Delete runner-6"
+    `);
+    await expect(page.locator('tbody tr:has-text("11c9a6da-0a92-46ea-a4f1-b6c98f8c781c")')).toBeHidden();
+    await expect(page.locator('tbody tr:has-text("69d29449-1de5-4d17-845d-e3ae11a04a1b")')).toBeHidden();
+    await expect(page.locator('tbody tr:has-text("d935307e-1d2d-4b61-8885-bc8a1c52c269")')).toBeHidden();
+
+    // Verify that details of usable runners are accessible.
+    await page.getByRole('link', {name: 'Show details of runner-2', exact: true}).click();
+    await expect(page).toHaveTitle(/^Runner runner-2 .*/);
+
+    await page.goto('/user2/test_workflows/settings/actions/runners');
+
+    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+    await expect(page).toHaveTitle(/^Runner runner-4 .*/);
+
+    await page.goto('/user2/test_workflows/settings/actions/runners');
+
+    await page.getByRole('link', {name: 'Show details of runner-6', exact: true}).click();
+    await expect(page).toHaveTitle(/^Runner runner-6 .*/);
+  });
+
+  test('runner details with tasks of repository only', async ({page}) => {
+    await page.goto('/user2/test_workflows/settings/actions/runners');
+
+    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+
+    await expect(page).toHaveTitle(/^Runner runner-4 .*/);
+    await expect(page.getByRole('heading', {name: 'Runner runner-4'})).toBeVisible();
+
+    await expect(page.getByLabel('Properties of runner-4')).toMatchAriaSnapshot(`
+      - term: UUID
+      - definition: ${uuidPattern}
+      - term: Type
+      - definition: Global
+      - term: Labels
+      - definition: docker
+      - term: Last online time
+      - definition: Never
+      - term: Status
+      - definition: Offline
+      - term: Ephemeral
+      - definition: "no"
+      - term: Description
+      - definition: A runner for everyone
+    `);
+
+    await expect(page.getByRole('heading', {name: 'Recent tasks on this runner '})).toBeVisible();
+
+    const rows = page.getByRole('row');
+
+    // Only tasks from this repository should appear.
+    await expect(rows).toHaveCount(2);
+    await expect(rows.nth(0)).toHaveAccessibleName('Run Status Repository Commit Done at');
+    await expect(rows.nth(1)).toHaveAccessibleName('There are no tasks yet.');
+  });
+});
diff --git a/tests/integration/fixtures/TestRunnerModification/action_runner.yml b/tests/integration/fixtures/TestRunnerModification/action_runner.yml
index 95599b19bd..29a51caa12 100644
--- a/tests/integration/fixtures/TestRunnerModification/action_runner.yml
+++ b/tests/integration/fixtures/TestRunnerModification/action_runner.yml
@@ -5,6 +5,9 @@
   owner_id: 2
   repo_id: 0
   deleted: 0
+  # token: 9730f9d2c6c731f07582788d1a1fe72a6b999a17
+  token_hash: ceb24f8ebc06fa5d0bb5a8dcab6f67b9bbc1f0c2f13313aefa0b81fe961ecc1feaad182d2b7f15fe6df0da8c17b12a9b11ef
+  token_salt: 53GUbQ9nih0vBemnIxV5sU
 
 -
   id: 1002
@@ -13,6 +16,9 @@
   owner_id: 3
   repo_id: 0
   deleted: 0
+  # token: 724e44135713fd2b4d44f3c75955b020bff979ea
+  token_hash: 3cc123529e77ae1a7e7b77d480a376dddd85f22dae23cf1dcbf552bf1e2afeacce7dee03ddbf4fe55f15c2c31de051069c01
+  token_salt: afwDV_UMPp_Xm2T8-D6WIt
 
 -
   id: 1003
@@ -21,6 +27,9 @@
   owner_id: 0
   repo_id: 1
   deleted: 0
+  # token: 15ef826cbcba0e46c5aa873fc0639bf9a599bc2b
+  token_hash: 5b4fb4aadf3b7529a6d165f3e785b51e7c2ab812fd427550c438c350662f35ce64b7a5170a60ac49ca322991416d0cf60fdc
+  token_salt: 98TOI49tvsPkWIgl_CJ14y
 
 -
   id: 1004
@@ -29,3 +38,6 @@
   owner_id: 0
   repo_id: 0
   deleted: 0
+  # token: 98a9f9eaa63683f1328e9b80e547f70507f22864
+  token_hash: 49c9a05828e5d416896420334e30a6c209be407039007ad82728ad3029e4a229373457c68a13a6a06e40998274bbdb4bdd83
+  token_salt: gqTeYixe5YwmCkc4pwbVAH
diff --git a/tests/integration/runner_test.go b/tests/integration/runner_test.go
index df88458acd..e0afc6784c 100644
--- a/tests/integration/runner_test.go
+++ b/tests/integration/runner_test.go
@@ -6,6 +6,7 @@ package integration
 import (
 	"fmt"
 	"net/http"
+	"strings"
 	"testing"
 
 	actions_model "forgejo.org/models/actions"
@@ -15,6 +16,7 @@ import (
 	app_context "forgejo.org/services/context"
 	"forgejo.org/tests"
 
+	"github.com/PuerkitoBio/goquery"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -47,8 +49,11 @@ func TestRunnerModification(t *testing.T) {
 			sess = adminSess
 		}
 
-		req := NewRequestWithValues(t, "POST", baseURL+fmt.Sprintf("/%d", id), map[string]string{
-			"description": "New Description",
+		originalRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: id})
+
+		req := NewRequestWithValues(t, "POST", baseURL+fmt.Sprintf("/%d/edit", id), map[string]string{
+			"runner_name":        "New Name",
+			"runner_description": "New Description",
 		})
 		if fail {
 			sess.MakeRequest(t, req, http.StatusNotFound)
@@ -57,6 +62,12 @@ func TestRunnerModification(t *testing.T) {
 			flashCookie := sess.GetCookie(app_context.CookieNameFlash)
 			assert.NotNil(t, flashCookie)
 			assert.Equal(t, "success%3DRunner%2Bedited%2Bsuccessfully", flashCookie.Value)
+
+			// Verify that the runner's token isn't changed during a normal update when token regeneration is not
+			// requested.
+			updatedRunner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: id})
+			assert.Equal(t, originalRunner.TokenHash, updatedRunner.TokenHash, "token was changed unexpectedly")
+			assert.Equal(t, originalRunner.TokenSalt, updatedRunner.TokenSalt, "token was changed unexpectedly")
 		}
 
 		req = NewRequest(t, "POST", baseURL+fmt.Sprintf("/%d/delete", id))
@@ -136,58 +147,132 @@ func TestRunnerVisibility(t *testing.T) {
 	runnerFive := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 719935})
 	runnerSix := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 719936})
 
-	testCases := []struct {
-		name              string
-		user              *user_model.User
-		url               string
-		expectedRunners   []*actions_model.ActionRunner
-		unexpectedRunners []*actions_model.ActionRunner
-	}{
-		{
-			name:              "admin-sees-all",
-			user:              admin,
-			url:               "/admin/actions/runners",
-			expectedRunners:   []*actions_model.ActionRunner{runnerOne, runnerTwo, runnerThree, runnerFour, runnerFive, runnerSix},
-			unexpectedRunners: []*actions_model.ActionRunner{},
-		},
-		{
-			name:              "user-sees-own-and-global",
-			user:              user2,
-			url:               "user/settings/actions/runners",
-			expectedRunners:   []*actions_model.ActionRunner{runnerTwo, runnerFour},
-			unexpectedRunners: []*actions_model.ActionRunner{runnerOne, runnerThree, runnerFive, runnerSix},
-		},
-		{
-			name:              "org-sees-own-and-global",
-			user:              user2,
-			url:               "/org/org3/settings/actions/runners",
-			expectedRunners:   []*actions_model.ActionRunner{runnerOne, runnerFour},
-			unexpectedRunners: []*actions_model.ActionRunner{runnerTwo, runnerThree, runnerFive, runnerSix},
-		},
-		{
-			name:              "user-repo-sees-own-and-users-and-global",
-			user:              user2,
-			url:               "/user2/test_workflows/settings/actions/runners",
-			expectedRunners:   []*actions_model.ActionRunner{runnerTwo, runnerFour, runnerSix},
-			unexpectedRunners: []*actions_model.ActionRunner{runnerOne, runnerThree, runnerFive},
-		},
-	}
-	for _, testCase := range testCases {
-		t.Run(testCase.name, func(t *testing.T) {
-			session := loginUser(t, testCase.user.Name)
-
-			request := NewRequest(t, "GET", testCase.url)
-			response := session.MakeRequest(t, request, http.StatusOK)
-
-			htmlDoc := NewHTMLParser(t, response.Body)
-			for _, expectedRunner := range testCase.expectedRunners {
-				selector := fmt.Sprintf("td:contains('%s')", expectedRunner.Name)
-				assert.Equal(t, 1, htmlDoc.Find(selector).Length(), "runner '%s' could not be found", expectedRunner.Name)
-			}
-			for _, unexpectedRunner := range testCase.unexpectedRunners {
-				selector := fmt.Sprintf("td:contains('%s')", unexpectedRunner.Name)
-				assert.Zero(t, htmlDoc.Find(selector).Length(), "runner '%s' is unexpectedly present", unexpectedRunner.Name)
-			}
+	containsText := func(selection *goquery.Selection, text string) bool {
+		filtered := selection.FilterFunction(func(i int, s *goquery.Selection) bool {
+			return strings.Contains(strings.TrimSpace(s.Text()), text)
 		})
+		return filtered.Length() == 1
 	}
+
+	t.Run("runner list", func(t *testing.T) {
+		testCases := []struct {
+			name              string
+			user              *user_model.User
+			url               string
+			expectedRunners   []*actions_model.ActionRunner
+			unexpectedRunners []*actions_model.ActionRunner
+		}{
+			{
+				name:              "Admin sees all",
+				user:              admin,
+				url:               "/admin/actions/runners",
+				expectedRunners:   []*actions_model.ActionRunner{runnerOne, runnerTwo, runnerThree, runnerFour, runnerFive, runnerSix},
+				unexpectedRunners: []*actions_model.ActionRunner{},
+			},
+			{
+				name:              "User sees own and global",
+				user:              user2,
+				url:               "/user/settings/actions/runners",
+				expectedRunners:   []*actions_model.ActionRunner{runnerTwo, runnerFour},
+				unexpectedRunners: []*actions_model.ActionRunner{runnerOne, runnerThree, runnerFive, runnerSix},
+			},
+			{
+				name:              "Org sees own and global",
+				user:              user2,
+				url:               "/org/org3/settings/actions/runners",
+				expectedRunners:   []*actions_model.ActionRunner{runnerOne, runnerFour},
+				unexpectedRunners: []*actions_model.ActionRunner{runnerTwo, runnerThree, runnerFive, runnerSix},
+			},
+			{
+				name:              "User repo sees own and user's and global",
+				user:              user2,
+				url:               "/user2/test_workflows/settings/actions/runners",
+				expectedRunners:   []*actions_model.ActionRunner{runnerTwo, runnerFour, runnerSix},
+				unexpectedRunners: []*actions_model.ActionRunner{runnerOne, runnerThree, runnerFive},
+			},
+		}
+		for _, testCase := range testCases {
+			t.Run(testCase.name, func(t *testing.T) {
+				session := loginUser(t, testCase.user.Name)
+
+				request := NewRequest(t, "GET", testCase.url)
+				response := session.MakeRequest(t, request, http.StatusOK)
+
+				htmlDoc := NewHTMLParser(t, response.Body)
+				for _, expectedRunner := range testCase.expectedRunners {
+					selector := fmt.Sprintf("td:contains('%s')", expectedRunner.Name)
+					assert.Equal(t, 1, htmlDoc.Find(selector).Length(), "runner '%s' could not be found", expectedRunner.Name)
+				}
+				for _, unexpectedRunner := range testCase.unexpectedRunners {
+					selector := fmt.Sprintf("td:contains('%s')", unexpectedRunner.Name)
+					assert.Zero(t, htmlDoc.Find(selector).Length(), "runner '%s' is unexpectedly present", unexpectedRunner.Name)
+				}
+			})
+		}
+	})
+
+	t.Run("runner details", func(t *testing.T) {
+		testCases := []struct {
+			name             string
+			user             *user_model.User
+			runner           *actions_model.ActionRunner
+			accessibleURLs   []string
+			inaccessibleURLs []string
+		}{
+			{
+				name:   "Organization runner",
+				user:   user2,
+				runner: runnerOne,
+				// Actions are disabled on all repositories of org3. That's why runnerOne isn't accessible in any
+				// repository.
+				accessibleURLs:   []string{"/org/org3/settings/actions/runners"},
+				inaccessibleURLs: []string{"/user/settings/actions/runners", "/user2/test_workflows/settings/actions/runners"},
+			},
+			{
+				name:             "User runner",
+				user:             user2,
+				runner:           runnerTwo,
+				accessibleURLs:   []string{"/user/settings/actions/runners", "/user2/test_workflows/settings/actions/runners"},
+				inaccessibleURLs: []string{"/org/org3/settings/actions/runners"},
+			},
+			{
+				name:   "Global runner",
+				user:   user2,
+				runner: runnerFour,
+				accessibleURLs: []string{
+					"/user/settings/actions/runners",
+					"/user2/test_workflows/settings/actions/runners",
+					"/org/org3/settings/actions/runners",
+				},
+				inaccessibleURLs: []string{},
+			},
+			{
+				name:             "Repository runner",
+				user:             user2,
+				runner:           runnerSix,
+				accessibleURLs:   []string{"/user2/test_workflows/settings/actions/runners"},
+				inaccessibleURLs: []string{"/user/settings/actions/runners", "/org/org3/settings/actions/runners"},
+			},
+		}
+		for _, testCase := range testCases {
+			t.Run(testCase.name, func(t *testing.T) {
+				session := loginUser(t, testCase.user.Name)
+
+				for _, accessibleURL := range testCase.accessibleURLs {
+					request := NewRequest(t, "GET", fmt.Sprintf("%s/%d", accessibleURL, testCase.runner.ID))
+					response := session.MakeRequest(t, request, http.StatusOK)
+
+					htmlDoc := NewHTMLParser(t, response.Body)
+					assert.True(t, containsText(htmlDoc.Find("dd"), testCase.runner.UUID))
+				}
+				for _, inaccessibleURL := range testCase.inaccessibleURLs {
+					request := NewRequest(t, "GET", fmt.Sprintf("%s/%d", inaccessibleURL, testCase.runner.ID))
+					response := session.MakeRequest(t, request, http.StatusNotFound)
+
+					htmlDoc := NewHTMLParser(t, response.Body)
+					assert.False(t, containsText(htmlDoc.Find("body"), testCase.runner.UUID))
+				}
+			})
+		}
+	})
 }
diff --git a/web_src/css/actions.css b/web_src/css/actions.css
index a9ff222e3c..03e548be4a 100644
--- a/web_src/css/actions.css
+++ b/web_src/css/actions.css
@@ -43,6 +43,100 @@
   color: var(--color-white);
 }
 
+.runner-container table.runner-list thead th {
+  font-weight: var(--font-weight-medium);
+}
+
+.runner-container table.runner-list th, .runner-container table.runner-list td {
+  padding-block: 1rem !important;
+  padding-inline: 0.75rem !important;
+  vertical-align: top;
+}
+
+.indicator-offline, .indicator-idle, .indicator-active {
+  flex: none;
+  border-radius: calc(infinity * 1px);
+  padding: 0.25rem;
+}
+
+.indicator-offline {
+  color: var(--color-indicator-offline);
+  background-color: var(--color-indicator-offline-20);
+}
+
+.indicator-idle {
+  color: var(--color-indicator-idle);
+  background-color: var(--color-indicator-idle-20);
+}
+
+.indicator-active {
+  color: var(--color-indicator-active);
+  background-color: var(--color-indicator-active-20);
+}
+
+.runner-container .indicator-offline > div, .runner-container .indicator-idle > div, .runner-container .indicator-active > div {
+  width: 0.5rem;
+  height: 0.5rem;
+  border-radius: calc(infinity * 1px);
+  background-color: currentcolor;
+}
+
+.runner-action-link {
+  background: transparent;
+  color: var(--color-primary);
+  font-weight: var(--font-weight-semibold);
+}
+
+.runner-action-link:hover {
+  text-decoration: underline;
+}
+
+.runner-delete-link {
+  background: transparent;
+  color: var(--color-red);
+  font-weight: var(--font-weight-semibold);
+}
+
+.runner-delete-link:hover {
+  text-decoration: underline;
+}
+
+.runner-container form .form-field {
+  margin-block: 1rem !important;
+}
+
+.runner-container form .form-buttons {
+  display: flex;
+  justify-content: flex-end;
+  column-gap: 1.5rem;
+}
+
+.runner-container pre {
+  color: var(--color-console-fg);
+  background-color: var(--color-console-bg);
+  border-color: var(--color-console-border);
+  border-width: 1px;
+  border-radius: 0.5rem;
+  border-style: dotted;
+  padding: 1rem;
+}
+
+.runner-container dl .item {
+  display: flex;
+  padding-block: 0.5rem
+}
+
+.runner-container dl dt {
+  flex: none;
+  font-weight: var(--font-weight-medium);
+  width: 12rem;
+  padding-right: 1.5rem;
+}
+
+.runner-container dl dd {
+  flex-grow: 1;
+}
+
 .run-list-item-right {
   width: 130px;
   display: flex;
diff --git a/web_src/css/themes/theme-forgejo-dark.css b/web_src/css/themes/theme-forgejo-dark.css
index a89666725b..974f920158 100644
--- a/web_src/css/themes/theme-forgejo-dark.css
+++ b/web_src/css/themes/theme-forgejo-dark.css
@@ -196,7 +196,6 @@
   --color-orange-badge: #ea580c;
   --color-orange-badge-bg: #ea580c22;
   --color-orange-badge-hover-bg: #ea580c44;
-
   /* Colors for thin elements: octicons, text, borders */
   --thin-lightness: 0.68;
   --regular-chroma: 0.19;
@@ -281,6 +280,12 @@
   /* pattern colors for image diff */
   --checkerboard-color-1: #474747;
   --checkerboard-color-2: #313131;
+  --color-indicator-offline: #a1a1aa;
+  --color-indicator-offline-20: #a1a1aa1a;
+  --color-indicator-idle: #16a34a;
+  --color-indicator-idle-20: #16a34a1a;
+  --color-indicator-active: #2185d0;
+  --color-indicator-active-20: #2185d033;
   accent-color: var(--color-accent);
   color-scheme: dark;
 }
diff --git a/web_src/css/themes/theme-forgejo-light.css b/web_src/css/themes/theme-forgejo-light.css
index f0d7413072..da89f0db73 100644
--- a/web_src/css/themes/theme-forgejo-light.css
+++ b/web_src/css/themes/theme-forgejo-light.css
@@ -279,6 +279,12 @@
   /* pattern colors for gradient */
   --checkerboard-color-1: #ffffff;
   --checkerboard-color-2: #e5e5e5;
+  --color-indicator-offline: #52525b;
+  --color-indicator-offline-20: #52525b33;
+  --color-indicator-idle: #16a34a;
+  --color-indicator-idle-20: #16a34a33;
+  --color-indicator-active: #2185d0;
+  --color-indicator-active-20: #2185d033;
   accent-color: var(--color-accent);
   color-scheme: light;
 }
diff --git a/web_src/css/themes/theme-gitea-dark.css b/web_src/css/themes/theme-gitea-dark.css
index 983d1ce6e2..967b046899 100644
--- a/web_src/css/themes/theme-gitea-dark.css
+++ b/web_src/css/themes/theme-gitea-dark.css
@@ -239,6 +239,12 @@
   /* pattern colors for image diff */
   --checkerboard-color-1: #313131;
   --checkerboard-color-2: #212121;
+  --color-indicator-offline: #a1a1aa;
+  --color-indicator-offline-20: #a1a1aa1a;
+  --color-indicator-idle: #16a34a;
+  --color-indicator-idle-20: #16a34a1a;
+  --color-indicator-active: #2185d0;
+  --color-indicator-active-20: #2185d033;
   accent-color: var(--color-accent);
   color-scheme: dark;
 }
diff --git a/web_src/css/themes/theme-gitea-light.css b/web_src/css/themes/theme-gitea-light.css
index 8d88f5e204..91b0c52703 100644
--- a/web_src/css/themes/theme-gitea-light.css
+++ b/web_src/css/themes/theme-gitea-light.css
@@ -239,6 +239,12 @@
   /* pattern colors for gradient */
   --checkerboard-color-1: #ffffff;
   --checkerboard-color-2: #e5e5e5;
+  --color-indicator-offline: #52525b;
+  --color-indicator-offline-20: #52525b1a;
+  --color-indicator-idle: #16a34a;
+  --color-indicator-idle-20: #16a34a1a;
+  --color-indicator-active: #2185d0;
+  --color-indicator-active-20: #2185d033;
   accent-color: var(--color-accent);
   color-scheme: light;
 }

From 8b57cfc15247260efe818596d926a9be93aed604 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 12 Mar 2026 04:06:50 +0100
Subject: [PATCH 493/854] Update https://data.forgejo.org/actions/setup-forgejo
 action to v3.1.8 (forgejo) (#11644)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/setup-forgejo](https://code.forgejo.org/actions/setup-forgejo) | action | patch | `v3.1.7` → `v3.1.8` |

---

> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2779) for more information.

---

### Release Notes

<details>
<summary>actions/setup-forgejo (https://data.forgejo.org/actions/setup-forgejo)</summary>

### [`v3.1.8`](https://code.forgejo.org/actions/setup-forgejo/releases/tag/v3.1.8)

[Compare Source](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.7...v3.1.8)

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/actions/setup-forgejo-->

- other
  - [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/922): <!--number 922 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjcuMg==-->Update dependency forgejo/runner to v12.7.2<!--description-->
  - [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/916): <!--number 916 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2Zvcmdlam8tcmVsZWFzZSBhY3Rpb24gdG8gdjIuMTEuMw==-->Update <https://data.forgejo.org/actions/forgejo-release> action to v2.11.3<!--description-->
  - [PR](https://code.forgejo.org/actions/setup-forgejo/pulls/893): <!--number 893 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2Zvcmdlam8tcmVsZWFzZSBhY3Rpb24gdG8gdjIuMTEuMg==-->Update <https://data.forgejo.org/actions/forgejo-release> action to v2.11.2<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My41OS4zIiwidXBkYXRlZEluVmVyIjoiNDMuNTkuMyIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11644
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 70ea94b605..98d2f10e3b 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -32,7 +32,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.7
+        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.8
         with:
           user: root
           password: admin1234

From 6e804c8b1b32d6a5cef607d6fdc87b7d0020d91f Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 12 Mar 2026 16:06:38 +0100
Subject: [PATCH 494/854] feat(ui): display repositories accessible by
 repo-specific access tokens (#11604)

When an access token is repository specific, display the repositories that it can access when expanded in the UI (token **test** in this screenshot):

![image](/attachments/6d2d539c-7781-4a4f-ba90-a28b7c365c6c)

Default, collapsed view is unchanged:

![image](/attachments/a4f0a36d-2f2b-46af-8fa6-c8d445f707e4)

Bulk loading of repositories is refactored out of the access token API endpoint into a `BulkGetRepositoriesForAccessTokens` method that can be used in both this UI, and the original API location.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11604
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/repo/repo.go                       | 54 +++++++++++++++++++++++
 options/locale_next/locale_en-US.json     |  1 +
 routers/api/v1/user/app.go                | 53 +++++++++-------------
 routers/web/user/setting/applications.go  | 35 ++++++++++++++-
 templates/user/settings/applications.tmpl | 29 +++++++-----
 tests/integration/user_test.go            | 29 ++++++++++++
 6 files changed, 158 insertions(+), 43 deletions(-)

diff --git a/models/repo/repo.go b/models/repo/repo.go
index 11442350dd..cdb30aa1a9 100644
--- a/models/repo/repo.go
+++ b/models/repo/repo.go
@@ -15,10 +15,12 @@ import (
 	"strconv"
 	"strings"
 
+	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	"forgejo.org/models/unit"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/cache"
+	"forgejo.org/modules/container"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/markup"
@@ -1001,3 +1003,55 @@ func UpdateRepoIssueNumbers(ctx context.Context, repoID int64, isPull, isClosed
 	})
 	return nil
 }
+
+// Bulk load of all the repo_model.Repository objects for the repository resources that can be accessed by the given
+// access tokens.  Any access tokens which are not repository-specific tokens will not be present in the map.  An
+// optional filter function can be used to remove repositories (based upon a user visibility check, for example) before
+// the map is constructed -- return `true` for repos to include.
+func BulkGetRepositoriesForAccessTokens(ctx context.Context, tokens []*auth_model.AccessToken, filter func(*Repository) (bool, error)) (map[int64][]*Repository, error) {
+	// Load all the AccessTokenResourceRepo for the tokens that we're returning:
+	allRepoIDs := container.Set[int64]{}
+	repoResourcesByTokenID, err := auth_model.GetRepositoriesAccessibleWithTokens(ctx, tokens)
+	if err != nil {
+		return nil, fmt.Errorf("failed to fetch repositories for tokens: %w", err)
+	}
+
+	// Load all the Repository models that are referenced by the AccessTokenResourceRepo's:
+	for _, repoResources := range repoResourcesByTokenID {
+		for _, repoResource := range repoResources {
+			allRepoIDs.Add(repoResource.RepoID)
+		}
+	}
+	reposByID, err := GetRepositoriesMapByIDs(ctx, allRepoIDs.Slice())
+	if err != nil {
+		return nil, fmt.Errorf("failed to fetch repositories: %w", err)
+	}
+
+	if filter != nil {
+		// Rebuild reposByID, filtering it with the provided filter function.  It's more efficient to do this here,
+		// rather than returning the data and allowing the caller to filter it, because this guarantees one invocation
+		// per repository.  `reposByTokenID` could have the same repository referenced by multiple access tokens.
+		tmp := reposByID
+		reposByID = make(map[int64]*Repository, len(tmp))
+		for id, repo := range tmp {
+			if ok, err := filter(repo); err != nil {
+				return nil, fmt.Errorf("error filtering repo %d: %w", repo.ID, err)
+			} else if ok {
+				reposByID[id] = repo
+			}
+		}
+	}
+
+	// Prepare a lookup map to access the repositories by token ID:
+	reposByTokenID := make(map[int64][]*Repository)
+	for tokenID, repoResources := range repoResourcesByTokenID {
+		for _, repoResource := range repoResources {
+			repo, ok := reposByID[repoResource.RepoID]
+			if ok {
+				reposByTokenID[tokenID] = append(reposByTokenID[tokenID], repo)
+			}
+		}
+	}
+
+	return reposByTokenID, nil
+}
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index d358fcc424..78aac13010 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -191,6 +191,7 @@
 	"settings.twofa_reenroll": "Re-enroll two-factor authentication",
 	"settings.twofa_reenroll.description": "Re-enroll your two-factor authentication",
 	"settings.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts.",
+	"settings.specific_repo_access": "Repository Access",
 	"error.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts. Enable it at: %s",
 	"avatar.constraints_hint": "Custom avatar may not exceed %[1]s in size or be larger than %[2]dx%[3]d pixels",
 	"user.ghost.tooltip": "This user has been deleted, or cannot be matched.",
diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go
index b223d35332..bc4f6eda98 100644
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -18,7 +18,6 @@ import (
 	"forgejo.org/models/db"
 	access_model "forgejo.org/models/perm/access"
 	repo_model "forgejo.org/models/repo"
-	"forgejo.org/modules/container"
 	"forgejo.org/modules/optional"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/web"
@@ -66,42 +65,34 @@ func ListAccessTokens(ctx *context.APIContext) {
 	}
 
 	// Load all the AccessTokenResourceRepo for the tokens that we're returning:
-	allRepoIDs := container.Set[int64]{}
-	repoResourcesByTokenID, err := auth_model.GetRepositoriesAccessibleWithTokens(ctx, tokens)
-	if err != nil {
-		ctx.InternalServerError(err)
-		return
-	}
-
-	// Load all the Repository models that are referenced by the AccessTokenResourceRepo's:
-	for _, repoResources := range repoResourcesByTokenID {
-		for _, repoResource := range repoResources {
-			allRepoIDs.Add(repoResource.RepoID)
-		}
-	}
-	reposByID, err := repo_model.GetRepositoriesMapByIDs(ctx, allRepoIDs.Slice())
-	if err != nil {
-		ctx.InternalServerError(err)
-		return
-	}
-
-	// Prepare a lookup map to access the repositories by token ID:
-	reposByTokenID := make(map[int64][]*api.RepositoryMeta)
-	for tokenID, repoResources := range repoResourcesByTokenID {
-		for _, repoResource := range repoResources {
-			repo, ok := reposByID[repoResource.RepoID]
-			if !ok {
-				// Shouldn't be possible with the foreign key on `AccessTokenResourceRepo` to the repository table.
-				ctx.Error(http.StatusInternalServerError, "reposById", "missing repository")
-				return
+	repoModelsByTokenID, err := repo_model.BulkGetRepositoriesForAccessTokens(ctx, tokens,
+		func(repo *repo_model.Repository) (bool, error) {
+			// Repos associated with a repo-specific access token should already be visible to the token owner, but it's
+			// possible that access has changed, such as a removed collaborator on a repo -- don't provide info on that
+			// repo if so.
+			permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
+			if err != nil {
+				return false, err
 			}
-			reposByTokenID[tokenID] = append(reposByTokenID[tokenID], &api.RepositoryMeta{
+			return permission.HasAccess(), nil
+		})
+	if err != nil {
+		ctx.InternalServerError(err)
+		return
+	}
+	// Convert map[int64]*Repository -> map[int64]*RepositoryMeta...
+	reposByTokenID := make(map[int64][]*api.RepositoryMeta)
+	for tokenID, repoModels := range repoModelsByTokenID {
+		repos := make([]*api.RepositoryMeta, len(repoModels))
+		for i, repo := range repoModels {
+			repos[i] = &api.RepositoryMeta{
 				ID:       repo.ID,
 				Name:     repo.Name,
 				Owner:    repo.OwnerName,
 				FullName: repo.FullName(),
-			})
+			}
 		}
+		reposByTokenID[tokenID] = repos
 	}
 
 	apiTokens := make([]*api.AccessToken, len(tokens))
diff --git a/routers/web/user/setting/applications.go b/routers/web/user/setting/applications.go
index 359f0c1dce..a5c38b8dc3 100644
--- a/routers/web/user/setting/applications.go
+++ b/routers/web/user/setting/applications.go
@@ -9,6 +9,8 @@ import (
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
+	access_model "forgejo.org/models/perm/access"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/modules/base"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
@@ -112,6 +114,11 @@ func RegenerateApplication(ctx *context.Context) {
 	ctx.JSONRedirect(setting.AppSubURL + "/user/settings/applications")
 }
 
+type TokenWithResources struct {
+	Token        *auth_model.AccessToken
+	Repositories []*repo_model.Repository
+}
+
 func loadApplicationsData(ctx *context.Context) {
 	ctx.Data["AccessTokenScopePublicOnly"] = auth_model.AccessTokenScopePublicOnly
 	tokens, err := db.Find[auth_model.AccessToken](ctx, auth_model.ListAccessTokensOptions{UserID: ctx.Doer.ID})
@@ -119,7 +126,33 @@ func loadApplicationsData(ctx *context.Context) {
 		ctx.ServerError("ListAccessTokens", err)
 		return
 	}
-	ctx.Data["Tokens"] = tokens
+
+	// Load all the AccessTokenResourceRepo for the tokens that we're returning:
+	reposByTokenID, err := repo_model.BulkGetRepositoriesForAccessTokens(ctx, tokens,
+		func(repo *repo_model.Repository) (bool, error) {
+			// Repos associated with a repo-specific access token should already be visible to the token owner, but it's
+			// possible that access has changed, such as a removed collaborator on a repo -- don't provide info on that
+			// repo if so.
+			permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+			if err != nil {
+				return false, err
+			}
+			return permission.HasAccess(), nil
+		})
+	if err != nil {
+		ctx.ServerError("BulkGetRepositoriesForAccessTokens", err)
+		return
+	}
+
+	tokensWithResources := make([]*TokenWithResources, len(tokens))
+	for i := range tokens {
+		tokensWithResources[i] = &TokenWithResources{
+			Token:        tokens[i],
+			Repositories: reposByTokenID[tokens[i].ID],
+		}
+	}
+
+	ctx.Data["TokensWithResources"] = tokensWithResources
 	ctx.Data["EnableOAuth2"] = setting.OAuth2.Enabled
 	ctx.Data["IsAdmin"] = ctx.Doer.IsAdmin
 	if setting.OAuth2.Enabled {
diff --git a/templates/user/settings/applications.tmpl b/templates/user/settings/applications.tmpl
index b77bcf067b..59d352eab3 100644
--- a/templates/user/settings/applications.tmpl
+++ b/templates/user/settings/applications.tmpl
@@ -8,27 +8,34 @@
 				<div class="flex-item">
 					{{ctx.Locale.Tr "settings.tokens_desc"}}
 				</div>
-				{{range .Tokens}}
+				{{range .TokensWithResources}}
 					<div class="flex-item">
 						<div class="flex-item-leading">
-							<span class="text {{if .HasRecentActivity}}green{{end}}" {{if .HasRecentActivity}}data-tooltip-content="{{ctx.Locale.Tr "settings.token_state_desc"}}"{{end}}>
+							<span class="text {{if .Token.HasRecentActivity}}green{{end}}" {{if .Token.HasRecentActivity}}data-tooltip-content="{{ctx.Locale.Tr "settings.token_state_desc"}}"{{end}}>
 								{{svg "fontawesome-send" 32}}
 							</span>
 						</div>
 						<div class="flex-item-main">
 							<details>
-								<summary><span class="flex-item-title">{{.Name}}</span></summary>
-								<p class="tw-my-1">
-									{{ctx.Locale.Tr "settings.repo_and_org_access"}}:
-									{{if .DisplayPublicOnly}}
+								<summary><span class="flex-item-title">{{.Token.Name}}</span></summary>
+								{{if .Token.ResourceAllRepos}}
+									<p class="tw-my-1">{{ctx.Locale.Tr "settings.repo_and_org_access"}}:</p>
+									{{if .Token.DisplayPublicOnly}}
 										{{ctx.Locale.Tr "settings.permissions_public_only"}}
 									{{else}}
 										{{ctx.Locale.Tr "settings.permissions_access_all"}}
 									{{end}}
-								</p>
+								{{else}}
+									<p class="tw-my-1">{{ctx.Locale.Tr "settings.specific_repo_access"}}:</p>
+									<ul class="tw-my-1">
+										{{range .Repositories}}
+											<li><a href="{{.HTMLURL}}">{{.FullName}}</a></li>
+										{{end}}
+									</ul>
+								{{end}}
 								<p class="tw-my-1">{{ctx.Locale.Tr "settings.permissions_list"}}</p>
 								<ul class="tw-my-1">
-								{{range .Scope.StringSlice}}
+								{{range .Token.Scope.StringSlice}}
 									{{if (ne . $.AccessTokenScopePublicOnly)}}
 										<li>{{.}}</li>
 									{{end}}
@@ -36,15 +43,15 @@
 								</ul>
 							</details>
 							<div class="flex-item-body">
-								<p>{{ctx.Locale.Tr "settings.added_on" (DateUtils.AbsoluteShort .CreatedUnix)}} — {{svg "octicon-info"}} {{if .HasUsed}}{{ctx.Locale.Tr "settings.last_used"}} <span {{if .HasRecentActivity}}class="text green"{{end}}>{{DateUtils.AbsoluteShort .UpdatedUnix}}</span>{{else}}{{ctx.Locale.Tr "settings.no_activity"}}{{end}}</p>
+								<p>{{ctx.Locale.Tr "settings.added_on" (DateUtils.AbsoluteShort .Token.CreatedUnix)}} — {{svg "octicon-info"}} {{if .Token.HasUsed}}{{ctx.Locale.Tr "settings.last_used"}} <span {{if .Token.HasRecentActivity}}class="text green"{{end}}>{{DateUtils.AbsoluteShort .Token.UpdatedUnix}}</span>{{else}}{{ctx.Locale.Tr "settings.no_activity"}}{{end}}</p>
 							</div>
 						</div>
 						<div class="flex-item-trailing">
-								<button class="ui primary tiny button delete-button" data-modal-id="regenerate-token" data-url="{{$.Link}}/regenerate" data-id="{{.ID}}">
+								<button class="ui primary tiny button delete-button" data-modal-id="regenerate-token" data-url="{{$.Link}}/regenerate" data-id="{{.Token.ID}}">
 									{{svg "octicon-issue-reopened" 16 "tw-mr-1"}}
 									{{ctx.Locale.Tr "settings.regenerate_token"}}
 								</button>
-								<button class="ui red tiny button delete-button" data-modal-id="delete-token" data-url="{{$.Link}}/delete" data-id="{{.ID}}">
+								<button class="ui red tiny button delete-button" data-modal-id="delete-token" data-url="{{$.Link}}/delete" data-id="{{.Token.ID}}">
 									{{svg "octicon-trash" 16 "tw-mr-1"}}
 									{{ctx.Locale.Tr "settings.delete_token"}}
 								</button>
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index 2eb82f1c8a..4c8e7c9458 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -281,6 +281,35 @@ func TestAccessTokenRegenerate(t *testing.T) {
 	assert.NotEqual(t, "TestAccessToken", latestTokenName)
 }
 
+func TestAccessTokenResourceRepos(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user2")
+
+	// Before creating a repo-specific access token, we shouldn't have the "Repository Access:" list in the personal
+	// access token page:
+	req := NewRequest(t, "GET", "/user/settings/applications")
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+	htmlDoc.AssertSelection(t, htmlDoc.FindByText(".user-setting-content p", "Repository Access:"), false)
+
+	// Then we create a repo-specific access token.  We give it access to two repos, user2/repo2, but also user30/empty,
+	// a private repo owned by someone else...  We'll pretend user2 used to be a collaborator on this repo and
+	// previously had access to view it, but doesn't anymore.
+	createFineGrainedRepoAccessToken(t, "user2",
+		[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadUser},
+		[]int64{2, 52},
+	)
+
+	// Now we have "Repository Access:"...
+	req = NewRequest(t, "GET", "/user/settings/applications")
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	htmlDoc = NewHTMLParser(t, resp.Body)
+	htmlDoc.AssertSelection(t, htmlDoc.FindByText(".user-setting-content p", "Repository Access:"), true)
+	htmlDoc.AssertSelection(t, htmlDoc.FindByText(".user-setting-content a", "user2/repo2"), true)   // link to repo
+	htmlDoc.AssertSelection(t, htmlDoc.FindByText(".user-setting-content a", "user30/empty"), false) // missing - user2 has no visibility
+}
+
 func findLatestTokenID(t *testing.T, session *TestSession) (string, int) {
 	req := NewRequest(t, "GET", "/user/settings/applications")
 	resp := session.MakeRequest(t, req, http.StatusOK)

From 9177e52cf4c6fe725139d264da223b92189ce817 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Thu, 12 Mar 2026 16:12:18 +0100
Subject: [PATCH 495/854] chore: deprecate HTTP API endpoints for obtaining the
 runner registration token (#11650)

Forgejo Runner is deprecating the runner registration token. It is too powerful, requires tooling, and is unnecessary. https://codeberg.org/forgejo/forgejo/pulls/10677 added an HTTP API for runner registration. https://codeberg.org/forgejo/forgejo/pulls/11516 added the ability to manage runners using Forgejo's web interface and marked the runner registration token in the UI as deprecated. This PR deprecates the HTTP endpoints for obtaining the runner registration token by updating the API documentation. The implementation and all the tests remain in place and untouched.

See https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/88 for context.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11650
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 routers/api/v1/admin/runners.go | 10 ++++++++--
 routers/api/v1/api.go           |  4 ++--
 routers/api/v1/org/action.go    |  8 +++++++-
 routers/api/v1/repo/action.go   |  6 ++++++
 routers/api/v1/user/runners.go  |  6 ++++++
 templates/swagger/v1_json.tmpl  | 10 +++++++++-
 6 files changed, 38 insertions(+), 6 deletions(-)

diff --git a/routers/api/v1/admin/runners.go b/routers/api/v1/admin/runners.go
index 81c029c57c..db62979b62 100644
--- a/routers/api/v1/admin/runners.go
+++ b/routers/api/v1/admin/runners.go
@@ -9,10 +9,16 @@ import (
 )
 
 // GetRunnerRegistrationToken returns a token to register global runners
+//
+// Deprecated: This operation has been deprecated in Forgejo 15. Use the web UI or RegisterRunner instead.
 func GetRunnerRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /admin/actions/runners/registration-token admin adminGetRunnerRegistrationToken
 	// ---
 	// summary: Get a runner registration token for registering global runners
+	// description: >
+	//   This operation has been deprecated in Forgejo 15.
+	//   Use the web UI or [`/admin/actions/runners`](#/admin/registerAdminRunner) instead.
+	// deprecated: true
 	// produces:
 	// - application/json
 	// parameters:
@@ -25,14 +31,14 @@ func GetRunnerRegistrationToken(ctx *context.APIContext) {
 
 // GetRegistrationToken returns the token to register global runners
 //
-// Deprecated: This operation has been deprecated in Forgejo 15. Use GetRunnerRegistrationToken instead.
+// Deprecated: This operation has been deprecated in Forgejo 15. Use the web UI or RegisterRunner instead.
 func GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /admin/runners/registration-token admin adminGetRegistrationToken
 	// ---
 	// summary: Get a runner registration token for registering global runners
 	// description: >
 	//   This operation has been deprecated in Forgejo 15.
-	//   Use [`/admin/actions/runners/registration-token`](#/admin/adminGetRunnerRegistrationToken) instead.
+	//   Use the web UI or [`/admin/actions/runners`](#/admin/registerAdminRunner) instead.
 	// deprecated: true
 	// produces:
 	// - application/json
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index ce013e7fdb..f551f20c6a 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -1010,7 +1010,7 @@ func Routes() *web.Route {
 					m.Combo("").
 						Get(reqToken(), user.ListRunners).
 						Post(bind(api.RegisterRunnerOptions{}), user.RegisterRunner)
-					m.Get("/registration-token", reqToken(), user.GetRegistrationToken)
+					m.Get("/registration-token", reqToken(), user.GetRegistrationToken) //nolint:staticcheck
 					m.Get("/{runner_id}", reqToken(), user.GetRunner)
 					m.Delete("/{runner_id}", reqToken(), user.DeleteRunner)
 					m.Get("/jobs", reqToken(), user.SearchActionRunJobs)
@@ -1694,7 +1694,7 @@ func Routes() *web.Route {
 				m.Combo("").
 					Get(admin.ListRunners).
 					Post(bind(api.RegisterRunnerOptions{}), admin.RegisterRunner)
-				m.Get("/registration-token", admin.GetRunnerRegistrationToken)
+				m.Get("/registration-token", admin.GetRunnerRegistrationToken) //nolint:staticcheck
 				m.Get("/{runner_id}", admin.GetRunner)
 				m.Delete("/{runner_id}", admin.DeleteRunner)
 				m.Get("/jobs", admin.GetActionRunJobs)
diff --git a/routers/api/v1/org/action.go b/routers/api/v1/org/action.go
index dac6704d4b..6036d476f7 100644
--- a/routers/api/v1/org/action.go
+++ b/routers/api/v1/org/action.go
@@ -168,11 +168,17 @@ func (Action) DeleteSecret(ctx *context.APIContext) {
 	ctx.Status(http.StatusNoContent)
 }
 
-// GetRegistrationToken returns the organization's runner registration token
+// GetRegistrationToken returns the organization's runner registration token.
+//
+// Deprecated: This operation has been deprecated in Forgejo 15. Use the web UI or RegisterRunner instead.
 func (Action) GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /orgs/{org}/actions/runners/registration-token organization orgGetRunnerRegistrationToken
 	// ---
 	// summary: Get the organization's runner registration token
+	// description: >
+	//   This operation has been deprecated in Forgejo 15.
+	//   Use the web UI or [`/orgs/{org}/actions/runners`](#/organization/registerOrgRunner) instead.
+	// deprecated: true
 	// produces:
 	// - application/json
 	// parameters:
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index ab049e4383..94a25a088f 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -482,10 +482,16 @@ func (Action) ListVariables(ctx *context.APIContext) {
 }
 
 // GetRegistrationToken returns the runner registration token to register runners for the repository
+//
+// Deprecated: This operation has been deprecated in Forgejo 15. Use the web UI or RegisterRunner instead.
 func (Action) GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/actions/runners/registration-token repository repoGetRunnerRegistrationToken
 	// ---
 	// summary: Get a repository's runner registration token
+	// description: >
+	//   This operation has been deprecated in Forgejo 15.
+	//   Use the web UI or [`/repos/{owner}/{repo}/actions/runners`](#/repository/registerRepoRunner) instead.
+	// deprecated: true
 	// produces:
 	// - application/json
 	// parameters:
diff --git a/routers/api/v1/user/runners.go b/routers/api/v1/user/runners.go
index 340233f27d..29bf13b982 100644
--- a/routers/api/v1/user/runners.go
+++ b/routers/api/v1/user/runners.go
@@ -9,10 +9,16 @@ import (
 )
 
 // GetRegistrationToken returns a token to register user-level runners
+//
+// Deprecated: This operation has been deprecated in Forgejo 15. Use the web UI or RegisterRunner instead.
 func GetRegistrationToken(ctx *context.APIContext) {
 	// swagger:operation GET /user/actions/runners/registration-token user userGetRunnerRegistrationToken
 	// ---
 	// summary: Get the user's runner registration token
+	// description: >
+	//   This operation has been deprecated in Forgejo 15.
+	//   Use the web UI or [`/user/actions/runners`](#/user/registerUserRunner) instead.
+	// deprecated: true
 	// produces:
 	// - application/json
 	// parameters:
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 7a800cc171..08bd72ef60 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -414,6 +414,7 @@
     },
     "/admin/actions/runners/registration-token": {
       "get": {
+        "description": "This operation has been deprecated in Forgejo 15. Use the web UI or [`/admin/actions/runners`](#/admin/registerAdminRunner) instead.\n",
         "produces": [
           "application/json"
         ],
@@ -422,6 +423,7 @@
         ],
         "summary": "Get a runner registration token for registering global runners",
         "operationId": "adminGetRunnerRegistrationToken",
+        "deprecated": true,
         "responses": {
           "200": {
             "$ref": "#/responses/RegistrationToken"
@@ -1347,7 +1349,7 @@
     },
     "/admin/runners/registration-token": {
       "get": {
-        "description": "This operation has been deprecated in Forgejo 15. Use [`/admin/actions/runners/registration-token`](#/admin/adminGetRunnerRegistrationToken) instead.\n",
+        "description": "This operation has been deprecated in Forgejo 15. Use the web UI or [`/admin/actions/runners`](#/admin/registerAdminRunner) instead.\n",
         "produces": [
           "application/json"
         ],
@@ -2833,6 +2835,7 @@
     },
     "/orgs/{org}/actions/runners/registration-token": {
       "get": {
+        "description": "This operation has been deprecated in Forgejo 15. Use the web UI or [`/orgs/{org}/actions/runners`](#/organization/registerOrgRunner) instead.\n",
         "produces": [
           "application/json"
         ],
@@ -2841,6 +2844,7 @@
         ],
         "summary": "Get the organization's runner registration token",
         "operationId": "orgGetRunnerRegistrationToken",
+        "deprecated": true,
         "parameters": [
           {
             "type": "string",
@@ -5583,6 +5587,7 @@
     },
     "/repos/{owner}/{repo}/actions/runners/registration-token": {
       "get": {
+        "description": "This operation has been deprecated in Forgejo 15. Use the web UI or [`/repos/{owner}/{repo}/actions/runners`](#/repository/registerRepoRunner) instead.\n",
         "produces": [
           "application/json"
         ],
@@ -5591,6 +5596,7 @@
         ],
         "summary": "Get a repository's runner registration token",
         "operationId": "repoGetRunnerRegistrationToken",
+        "deprecated": true,
         "parameters": [
           {
             "type": "string",
@@ -19086,6 +19092,7 @@
     },
     "/user/actions/runners/registration-token": {
       "get": {
+        "description": "This operation has been deprecated in Forgejo 15. Use the web UI or [`/user/actions/runners`](#/user/registerUserRunner) instead.\n",
         "produces": [
           "application/json"
         ],
@@ -19094,6 +19101,7 @@
         ],
         "summary": "Get the user's runner registration token",
         "operationId": "userGetRunnerRegistrationToken",
+        "deprecated": true,
         "responses": {
           "200": {
             "$ref": "#/responses/RegistrationToken"

From 62c32f00e4de2232faf64da6117786c0b6fe0574 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 12 Mar 2026 18:27:43 +0100
Subject: [PATCH 496/854] Update linters (forgejo) (#11627)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 eslint.config.mjs                           |  1 +
 package-lock.json                           | 94 ++++++++++-----------
 package.json                                | 10 +--
 tests/e2e/release.test.e2e.ts               | 20 ++---
 tests/e2e/repo-wiki.test.e2e.ts             |  2 +-
 tests/e2e/right-settings-button.test.e2e.ts | 30 +++----
 6 files changed, 79 insertions(+), 78 deletions(-)

diff --git a/eslint.config.mjs b/eslint.config.mjs
index df3425d7a0..03ca13176a 100644
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@@ -1145,6 +1145,7 @@ export default tseslint.config(
 
       'playwright/prefer-comparison-matcher': [2],
       'playwright/prefer-equality-matcher': [2],
+      'playwright/prefer-locator': [0],
       'playwright/prefer-native-locators': [2],
       'playwright/prefer-to-contain': [2],
       'playwright/prefer-to-have-length': [2],
diff --git a/package-lock.json b/package-lock.json
index 2161d9d256..23b067710b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -83,22 +83,22 @@
       },
       "devDependencies": {
         "@axe-core/playwright": "4.11.0",
-        "@eslint-community/eslint-plugin-eslint-comments": "4.6.0",
+        "@eslint-community/eslint-plugin-eslint-comments": "4.7.1",
         "@playwright/test": "1.57.0",
         "@stoplight/spectral-cli": "6.15.0",
-        "@stylistic/eslint-plugin": "5.9.0",
+        "@stylistic/eslint-plugin": "5.10.0",
         "@stylistic/stylelint-plugin": "4.0.1",
         "@vitejs/plugin-vue": "6.0.3",
         "@vitest/coverage-v8": "4.0.18",
         "@vitest/eslint-plugin": "1.6.9",
         "@vue/test-utils": "2.4.6",
-        "eslint": "9.39.3",
+        "eslint": "9.39.4",
         "eslint-import-resolver-typescript": "4.4.4",
-        "eslint-plugin-array-func": "5.1.0",
+        "eslint-plugin-array-func": "5.1.1",
         "eslint-plugin-import-x": "4.16.1",
         "eslint-plugin-no-jquery": "3.1.1",
         "eslint-plugin-no-use-extend-native": "0.7.2",
-        "eslint-plugin-playwright": "2.8.0",
+        "eslint-plugin-playwright": "2.9.0",
         "eslint-plugin-regexp": "3.0.0",
         "eslint-plugin-sonarjs": "3.0.7",
         "eslint-plugin-toml": "0.13.1",
@@ -1387,9 +1387,9 @@
       }
     },
     "node_modules/@eslint-community/eslint-plugin-eslint-comments": {
-      "version": "4.6.0",
-      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-plugin-eslint-comments/-/eslint-plugin-eslint-comments-4.6.0.tgz",
-      "integrity": "sha512-2EX2bBQq1ez++xz2o9tEeEQkyvfieWgUFMH4rtJJri2q0Azvhja3hZGXsjPXs31R4fQkZDtWzNDDK2zQn5UE5g==",
+      "version": "4.7.1",
+      "resolved": "https://registry.npmjs.org/@eslint-community/eslint-plugin-eslint-comments/-/eslint-plugin-eslint-comments-4.7.1.tgz",
+      "integrity": "sha512-Ql2nJFwA8wUGpILYGOQaT1glPsmvEwE0d+a+l7AALLzQvInqdbXJdx7aSu0DpUX9dB1wMVBMhm99/++S3MdEtQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1403,7 +1403,7 @@
         "url": "https://opencollective.com/eslint"
       },
       "peerDependencies": {
-        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0 || ^9.0.0"
+        "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0"
       }
     },
     "node_modules/@eslint-community/eslint-plugin-eslint-comments/node_modules/ignore": {
@@ -1459,24 +1459,24 @@
       }
     },
     "node_modules/@eslint/config-array": {
-      "version": "0.21.1",
-      "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.1.tgz",
-      "integrity": "sha512-aw1gNayWpdI/jSYVgzN5pL0cfzU02GT3NBpeT/DXbx1/1x7ZKxFPd9bwrzygx/qiwIQiJ1sw/zD8qY/kRvlGHA==",
+      "version": "0.21.2",
+      "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.2.tgz",
+      "integrity": "sha512-nJl2KGTlrf9GjLimgIru+V/mzgSK0ABCDQRvxw5BjURL7WfH5uoWmizbH7QB6MmnMBd8cIC9uceWnezL1VZWWw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
         "@eslint/object-schema": "^2.1.7",
         "debug": "^4.3.1",
-        "minimatch": "^3.1.2"
+        "minimatch": "^3.1.5"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
       }
     },
     "node_modules/@eslint/config-array/node_modules/minimatch": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -1513,20 +1513,20 @@
       }
     },
     "node_modules/@eslint/eslintrc": {
-      "version": "3.3.3",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.3.tgz",
-      "integrity": "sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==",
+      "version": "3.3.5",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz",
+      "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "ajv": "^6.12.4",
+        "ajv": "^6.14.0",
         "debug": "^4.3.2",
         "espree": "^10.0.1",
         "globals": "^14.0.0",
         "ignore": "^5.2.0",
         "import-fresh": "^3.2.1",
         "js-yaml": "^4.1.1",
-        "minimatch": "^3.1.2",
+        "minimatch": "^3.1.5",
         "strip-json-comments": "^3.1.1"
       },
       "engines": {
@@ -1537,9 +1537,9 @@
       }
     },
     "node_modules/@eslint/eslintrc/node_modules/ajv": {
-      "version": "6.12.6",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
-      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "version": "6.14.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
+      "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1574,9 +1574,9 @@
       "license": "MIT"
     },
     "node_modules/@eslint/eslintrc/node_modules/minimatch": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -1587,9 +1587,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "9.39.3",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.3.tgz",
-      "integrity": "sha512-1B1VkCq6FuUNlQvlBYb+1jDu/gV297TIs/OeiaSR9l1H27SVW55ONE1e1Vp16NqP683+xEGzxYtv4XCiDPaQiw==",
+      "version": "9.39.4",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.4.tgz",
+      "integrity": "sha512-nE7DEIchvtiFTwBw4Lfbu59PG+kCofhjsKaCWzxTpt4lfRjRMqG6uMBzKXuEcyXhOHoUp9riAm7/aWYGhXZ9cw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3789,9 +3789,9 @@
       }
     },
     "node_modules/@stylistic/eslint-plugin": {
-      "version": "5.9.0",
-      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin/-/eslint-plugin-5.9.0.tgz",
-      "integrity": "sha512-FqqSkvDMYJReydrMhlugc71M76yLLQWNfmGq+SIlLa7N3kHp8Qq8i2PyWrVNAfjOyOIY+xv9XaaYwvVW7vroMA==",
+      "version": "5.10.0",
+      "resolved": "https://registry.npmjs.org/@stylistic/eslint-plugin/-/eslint-plugin-5.10.0.tgz",
+      "integrity": "sha512-nPK52ZHvot8Ju/0A4ucSX1dcPV2/1clx0kLcH5wDmrE4naKso7TUC/voUyU1O9OTKTrR6MYip6LP0ogEMQ9jPQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7896,25 +7896,25 @@
       }
     },
     "node_modules/eslint": {
-      "version": "9.39.3",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.3.tgz",
-      "integrity": "sha512-VmQ+sifHUbI/IcSopBCF/HO3YiHQx/AVd3UVyYL6weuwW+HvON9VYn5l6Zl1WZzPWXPNZrSQpxwkkZ/VuvJZzg==",
+      "version": "9.39.4",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.4.tgz",
+      "integrity": "sha512-XoMjdBOwe/esVgEvLmNsD3IRHkm7fbKIUGvrleloJXUZgDHig2IPWNniv+GwjyJXzuNqVjlr5+4yVUZjycJwfQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.8.0",
         "@eslint-community/regexpp": "^4.12.1",
-        "@eslint/config-array": "^0.21.1",
+        "@eslint/config-array": "^0.21.2",
         "@eslint/config-helpers": "^0.4.2",
         "@eslint/core": "^0.17.0",
-        "@eslint/eslintrc": "^3.3.1",
-        "@eslint/js": "9.39.3",
+        "@eslint/eslintrc": "^3.3.5",
+        "@eslint/js": "9.39.4",
         "@eslint/plugin-kit": "^0.4.1",
         "@humanfs/node": "^0.16.6",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@humanwhocodes/retry": "^0.4.2",
         "@types/estree": "^1.0.6",
-        "ajv": "^6.12.4",
+        "ajv": "^6.14.0",
         "chalk": "^4.0.0",
         "cross-spawn": "^7.0.6",
         "debug": "^4.3.2",
@@ -7933,7 +7933,7 @@
         "is-glob": "^4.0.0",
         "json-stable-stringify-without-jsonify": "^1.0.1",
         "lodash.merge": "^4.6.2",
-        "minimatch": "^3.1.2",
+        "minimatch": "^3.1.5",
         "natural-compare": "^1.4.0",
         "optionator": "^0.9.3"
       },
@@ -8032,9 +8032,9 @@
       }
     },
     "node_modules/eslint-plugin-array-func": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-array-func/-/eslint-plugin-array-func-5.1.0.tgz",
-      "integrity": "sha512-+OULB0IQdENBmBf8pHMPPObgV6QyfeXFin483jPonOaiurI9UFmc8UydWriK5f5Gel8xBhQLA6NzMwbck1BUJw==",
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-array-func/-/eslint-plugin-array-func-5.1.1.tgz",
+      "integrity": "sha512-TbVGk+yLqXHgtrS4DnYzg2Ycuk5y+lYFy5NgT748neQdJvNIYUucxp2QQjPU7dwbs9xp9fyktgtK069y9rNdig==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -8111,9 +8111,9 @@
       }
     },
     "node_modules/eslint-plugin-playwright": {
-      "version": "2.8.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-playwright/-/eslint-plugin-playwright-2.8.0.tgz",
-      "integrity": "sha512-BRCXbnX20l/ZPOOi1jEqNvqU/UjXpkZRJaghQxSM2kjAvsDph8+osn9u1iMmvoa9Cegbp9d0Skh7vro7242t+Q==",
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-playwright/-/eslint-plugin-playwright-2.9.0.tgz",
+      "integrity": "sha512-k3xrG6YzrallWNFMoGUjMNeu3SFFKXN79KJQBD2PkM4PasJegqV2Up+mPY5od2UmPKQGT+MeIhCmWH8r5eYuQQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index ccdcb349af..6f5191d518 100644
--- a/package.json
+++ b/package.json
@@ -82,22 +82,22 @@
   },
   "devDependencies": {
     "@axe-core/playwright": "4.11.0",
-    "@eslint-community/eslint-plugin-eslint-comments": "4.6.0",
+    "@eslint-community/eslint-plugin-eslint-comments": "4.7.1",
     "@playwright/test": "1.57.0",
     "@stoplight/spectral-cli": "6.15.0",
-    "@stylistic/eslint-plugin": "5.9.0",
+    "@stylistic/eslint-plugin": "5.10.0",
     "@stylistic/stylelint-plugin": "4.0.1",
     "@vitejs/plugin-vue": "6.0.3",
     "@vitest/coverage-v8": "4.0.18",
     "@vitest/eslint-plugin": "1.6.9",
     "@vue/test-utils": "2.4.6",
-    "eslint": "9.39.3",
+    "eslint": "9.39.4",
     "eslint-import-resolver-typescript": "4.4.4",
-    "eslint-plugin-array-func": "5.1.0",
+    "eslint-plugin-array-func": "5.1.1",
     "eslint-plugin-import-x": "4.16.1",
     "eslint-plugin-no-jquery": "3.1.1",
     "eslint-plugin-no-use-extend-native": "0.7.2",
-    "eslint-plugin-playwright": "2.8.0",
+    "eslint-plugin-playwright": "2.9.0",
     "eslint-plugin-regexp": "3.0.0",
     "eslint-plugin-sonarjs": "3.0.7",
     "eslint-plugin-toml": "0.13.1",
diff --git a/tests/e2e/release.test.e2e.ts b/tests/e2e/release.test.e2e.ts
index fedb1c8f1d..de30794997 100644
--- a/tests/e2e/release.test.e2e.ts
+++ b/tests/e2e/release.test.e2e.ts
@@ -18,6 +18,16 @@ import {validate_form} from './shared/forms.ts';
 
 test.use({user: 'user2'});
 
+test.afterEach(async ({page}) => {
+  // Delete release
+  const response = await page.goto('/user2/repo2/releases/edit/2.0');
+  test.skip(response.status() === 404, 'No release to delete');
+
+  await page.locator('.delete-button').dispatchEvent('click');
+  await page.locator('.button.ok').click();
+  await expect(page).toHaveURL('/user2/repo2/releases');
+});
+
 test.describe('Releases', () => {
   test('External release attachments', async ({page, isMobile}) => {
     test.skip(isMobile);
@@ -142,14 +152,4 @@ test.describe('Releases', () => {
       expect((await release.locator('.detail').boundingBox()).width).toBeLessThan(viewport.width * 0.75);
     }
   });
-
-  test.afterEach(async ({page}) => {
-    // Delete release
-    const response = await page.goto('/user2/repo2/releases/edit/2.0');
-    test.skip(response.status() === 404, 'No release to delete');
-
-    await page.locator('.delete-button').dispatchEvent('click');
-    await page.locator('.button.ok').click();
-    await expect(page).toHaveURL('/user2/repo2/releases');
-  });
 });
diff --git a/tests/e2e/repo-wiki.test.e2e.ts b/tests/e2e/repo-wiki.test.e2e.ts
index 1eb02dfa36..fcbfc822a4 100644
--- a/tests/e2e/repo-wiki.test.e2e.ts
+++ b/tests/e2e/repo-wiki.test.e2e.ts
@@ -44,7 +44,7 @@ test('Wiki unicode-escape', async ({page}) => {
   await page.goto('/user2/unicode-escaping/wiki');
   await screenshot(page);
 
-  expect(await page.locator('.ui.message.unicode-escape-prompt').count()).toEqual(3);
+  await expect(page.locator('.ui.message.unicode-escape-prompt')).toHaveCount(3);
 
   const unescapedElements = page.locator('.ambiguous-code-point');
   for (let i = 0; i < await unescapedElements.count(); i++) {
diff --git a/tests/e2e/right-settings-button.test.e2e.ts b/tests/e2e/right-settings-button.test.e2e.ts
index 1e19fdae8c..27240595be 100644
--- a/tests/e2e/right-settings-button.test.e2e.ts
+++ b/tests/e2e/right-settings-button.test.e2e.ts
@@ -73,12 +73,12 @@ test.describe('small viewport', () => {
     await expect(page.locator('.tippy-target>#settings-btn')).toBeVisible();
 
     // Verify that we have no duplicated items
-    const shownItems = await page.locator('.overflow-menu-items>a').all();
-    expect(shownItems).not.toHaveLength(0);
-    const overflowItems = await page.locator('.tippy-target>a').all();
-    expect(overflowItems).not.toHaveLength(0);
+    const shownItems = page.locator('.overflow-menu-items>a');
+    await expect(shownItems).not.toHaveCount(0);
+    const overflowItems = page.locator('.tippy-target>a');
+    await expect(overflowItems).not.toHaveCount(0);
 
-    const items = shownItems.concat(overflowItems);
+    const items = (await shownItems.all()).concat(overflowItems);
     expect(Array.from(new Set(items))).toHaveLength(items.length);
     await screenshot(page);
   });
@@ -94,12 +94,12 @@ test.describe('small viewport', () => {
     await expect(page.locator('.tippy-target>#settings-btn')).toBeVisible();
 
     // Verify that we have no duplicated items
-    const shownItems = await page.locator('.overflow-menu-items>a').all();
-    expect(shownItems).not.toHaveLength(0);
-    const overflowItems = await page.locator('.tippy-target>a').all();
-    expect(overflowItems).not.toHaveLength(0);
+    const shownItems = page.locator('.overflow-menu-items>a');
+    await expect(shownItems).not.toHaveCount(0);
+    const overflowItems = page.locator('.tippy-target>a');
+    await expect(overflowItems).not.toHaveCount(0);
 
-    const items = shownItems.concat(overflowItems);
+    const items = (await shownItems.all()).concat(overflowItems);
     expect(Array.from(new Set(items))).toHaveLength(items.length);
   });
 });
@@ -117,12 +117,12 @@ test.describe('small viewport, unauthenticated', () => {
     await expect(page.locator('.tippy-target>#settings-btn')).toHaveCount(0);
 
     // Verify that we have no duplicated items
-    const shownItems = await page.locator('.overflow-menu-items>a').all();
-    expect(shownItems).not.toHaveLength(0);
-    const overflowItems = await page.locator('.tippy-target>a').all();
-    expect(overflowItems).not.toHaveLength(0);
+    const shownItems = page.locator('.overflow-menu-items>a');
+    await expect(shownItems).not.toHaveCount(0);
+    const overflowItems = page.locator('.tippy-target>a');
+    await expect(overflowItems).not.toHaveCount(0);
 
-    const items = shownItems.concat(overflowItems);
+    const items = (await shownItems.all()).concat(overflowItems);
     expect(Array.from(new Set(items))).toHaveLength(items.length);
     await screenshot(page);
   });

From 85728351603ec6c7ff97211449e637bbceece934 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Thu, 12 Mar 2026 20:29:10 +0100
Subject: [PATCH 497/854] fix: don't trip deleting attachment with missing
 permission error (#11642)

- Deleting attachments are also seen as updating attachments due to the frontend always sending a field to edit the name even if the name didn't change. This was not reflected in the unit tests.
- Refactor the updating attachment logic to be more flexible if a attachment does not exist, because it was just deleted or because someone is being malicious.
- Resolves forgejo/forgejo#11636

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11642
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 services/release/release.go      | 20 +++++-----------
 services/release/release_test.go | 40 +++++++++++++++++++++++++++++---
 2 files changed, 43 insertions(+), 17 deletions(-)

diff --git a/services/release/release.go b/services/release/release.go
index 9536ebf6dd..c6492e00a0 100644
--- a/services/release/release.go
+++ b/services/release/release.go
@@ -267,7 +267,7 @@ func UpdateRelease(ctx context.Context, doer *user_model.User, gitRepo *git.Repo
 	addAttachmentUUIDs := make(container.Set[string])
 	delAttachmentUUIDs := make(container.Set[string])
 	updateAttachmentUUIDs := make(container.Set[string])
-	updateAttachments := make(container.Set[*AttachmentChange])
+	updateAttachments := map[string]*AttachmentChange{}
 
 	for _, attachmentChange := range attachmentChanges {
 		switch attachmentChange.Action {
@@ -305,7 +305,7 @@ func UpdateRelease(ctx context.Context, doer *user_model.User, gitRepo *git.Repo
 			delAttachmentUUIDs.Add(attachmentChange.UUID)
 		case "update":
 			updateAttachmentUUIDs.Add(attachmentChange.UUID)
-			updateAttachments.Add(attachmentChange)
+			updateAttachments[attachmentChange.UUID] = attachmentChange
 		default:
 			if attachmentChange.Action == "" {
 				return errors.New("missing attachment action")
@@ -318,16 +318,12 @@ func UpdateRelease(ctx context.Context, doer *user_model.User, gitRepo *git.Repo
 		return fmt.Errorf("AddReleaseAttachments: %w", err)
 	}
 
-	deletedUUIDs := make(container.Set[string])
 	if len(delAttachmentUUIDs) > 0 {
 		// Check delAttachments
 		delAttachments, err := repo_model.FindRepoAttachmentsByUUID(ctx, rel.RepoID, delAttachmentUUIDs.Values(), repo_model.FindAttachmentOptions{ReleaseID: rel.ID})
 		if err != nil {
 			return fmt.Errorf("FindRepoAttachmentsByUUID[uuids=%q,repoID=%d,releaseID=%d]: %w", delAttachmentUUIDs.Values(), rel.RepoID, rel.ID, err)
 		}
-		for _, attach := range delAttachments {
-			deletedUUIDs.Add(attach.UUID)
-		}
 
 		if _, err := repo_model.DeleteAttachments(ctx, delAttachments, true); err != nil {
 			return fmt.Errorf("DeleteAttachments [uuids: %v]: %w", delAttachmentUUIDs, err)
@@ -341,16 +337,12 @@ func UpdateRelease(ctx context.Context, doer *user_model.User, gitRepo *git.Repo
 			return fmt.Errorf("FindRepoAttachmentsByUUID[uuids=%q,repoID=%d,releaseID=%d]: %w", updateAttachmentUUIDs.Values(), rel.RepoID, rel.ID, err)
 		}
 
-		if len(attachments) != len(updateAttachments) {
-			return util.SilentWrap{
-				Message: "update attachment of release permission denied",
-				Err:     util.ErrPermissionDenied,
+		for _, attachment := range attachments {
+			attachmentChange, ok := updateAttachments[attachment.UUID]
+			if !ok {
+				continue
 			}
-		}
-	}
 
-	for attachmentChange := range updateAttachments {
-		if !deletedUUIDs.Contains(attachmentChange.UUID) {
 			if err = repo_model.UpdateAttachmentByUUID(ctx, &repo_model.Attachment{
 				UUID:        attachmentChange.UUID,
 				Name:        attachmentChange.Name,
diff --git a/services/release/release_test.go b/services/release/release_test.go
index e05efd9658..b29397b174 100644
--- a/services/release/release_test.go
+++ b/services/release/release_test.go
@@ -14,7 +14,6 @@ import (
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/test"
-	"forgejo.org/modules/util"
 	"forgejo.org/services/attachment"
 
 	"github.com/stretchr/testify/assert"
@@ -403,13 +402,48 @@ func TestRelease_Update(t *testing.T) {
 		require.NoError(t, repo_model.GetReleaseAttachments(t.Context(), release))
 		assert.Empty(t, release.Attachments)
 
-		require.ErrorIs(t, UpdateRelease(t.Context(), user, gitRepo, release, false, []*AttachmentChange{
+		require.NoError(t, UpdateRelease(t.Context(), user, gitRepo, release, false, []*AttachmentChange{
 			{
 				Action: "update",
 				Name:   "test2.txt",
 				UUID:   "a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a13",
 			},
-		}), util.ErrPermissionDenied)
+		}))
+		require.NoError(t, repo_model.GetReleaseAttachments(t.Context(), release))
+		assert.Empty(t, release.Attachments)
+	})
+
+	t.Run("Delete and edit", func(t *testing.T) {
+		// Add a attachment.
+		attach, err := attachment.NewAttachment(t.Context(), &repo_model.Attachment{
+			RepoID:     repo.ID,
+			UploaderID: user.ID,
+			Name:       "test.txt",
+		}, strings.NewReader("beep"), 4)
+		require.NoError(t, err)
+
+		require.NoError(t, UpdateRelease(t.Context(), user, gitRepo, release, false, []*AttachmentChange{
+			{
+				Action: "add",
+				Type:   "attachment",
+				UUID:   attach.UUID,
+			},
+		}))
+		require.NoError(t, repo_model.GetReleaseAttachments(t.Context(), release))
+		assert.Len(t, release.Attachments, 1)
+
+		// Delete and edit at the same time, this is identical how the browser would delete a attachment.
+		require.NoError(t, UpdateRelease(t.Context(), user, gitRepo, release, false, []*AttachmentChange{
+			{
+				Action: "update",
+				Name:   "test.txt",
+				UUID:   attach.UUID,
+			},
+			{
+				Action: "delete",
+				UUID:   attach.UUID,
+			},
+		}))
 		require.NoError(t, repo_model.GetReleaseAttachments(t.Context(), release))
 		assert.Empty(t, release.Attachments)
 	})

From ed76e2a114a3e59a4ad607b95e24c49ba3b1ec3d Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 12 Mar 2026 22:55:12 +0100
Subject: [PATCH 498/854] fix: create repo-specific access token unexpected
 behaviour with `"repositories": []` (#11653)

When creating an access token via API, if `"repositories": []`, then it is expected that the intent of the user was to create a repo-specific access token, but the API currently creates an all-access access token instead.  `"repositories": []` is expected to be an error, instead of an unexpectedly wide grant.

Reported by @aahlenst during testing: https://codeberg.org/forgejo/forgejo/pulls/11604#issuecomment-11569816

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
    - Bugfix in unreleased feature.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11653
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 routers/api/v1/user/app.go          |  2 +-
 tests/integration/api_token_test.go | 22 +++++++++++++++++-----
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go
index bc4f6eda98..661f4d4746 100644
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -188,7 +188,7 @@ func CreateAccessToken(ctx *context.APIContext) {
 	var resourceRepos []*auth_model.AccessTokenResourceRepo
 	var tokenRepositories []*api.RepositoryMeta
 
-	if len(form.Repositories) != 0 {
+	if form.Repositories != nil {
 		repos := make([]*repo_model.Repository, len(form.Repositories))
 		for i, repoTarget := range form.Repositories {
 			repo, err := repo_model.GetRepositoryByOwnerAndName(ctx, repoTarget.Owner, repoTarget.Name)
diff --git a/tests/integration/api_token_test.go b/tests/integration/api_token_test.go
index f3efd6fa2c..f650bcbe02 100644
--- a/tests/integration/api_token_test.go
+++ b/tests/integration/api_token_test.go
@@ -17,6 +17,7 @@ import (
 	"forgejo.org/modules/log"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
+	"forgejo.org/modules/util"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -56,7 +57,7 @@ func TestAPIGetTokens(t *testing.T) {
 		assert.Equal(t, []string{""}, at.Scopes)
 		assert.Empty(t, at.Token)
 		assert.Equal(t, "69d28c91", at.TokenLastEight)
-		assert.Nil(t, at.Repositories)
+		assert.Nil(t, at.Repositories) // not repo-specific access token - nil expected, not an empty array
 	})
 
 	t.Run("GET w/ token auth", func(t *testing.T) {
@@ -770,7 +771,7 @@ func TestAPITokenCreation(t *testing.T) {
 		t.Run("valid", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			req := NewRequestWithJSON(t, "POST", "/api/v1/users/user2/tokens", &api.CreateAccessTokenOption{
-				Name:   "even-newer-token",
+				Name:   util.CryptoRandomString(util.RandomStringLow), // avoid false test failures from conflicting names
 				Scopes: []string{string(auth_model.AccessTokenScopeReadRepository)},
 				Repositories: []*api.RepoTargetOption{
 					{
@@ -790,7 +791,7 @@ func TestAPITokenCreation(t *testing.T) {
 		t.Run("target other user's private repo", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			req := NewRequestWithJSON(t, "POST", "/api/v1/users/user2/tokens", &api.CreateAccessTokenOption{
-				Name:   "not-a-valid-token",
+				Name:   util.CryptoRandomString(util.RandomStringLow), // avoid unexpected test impact from conflicting names
 				Scopes: []string{string(auth_model.AccessTokenScopeReadRepository)},
 				Repositories: []*api.RepoTargetOption{
 					{
@@ -806,7 +807,7 @@ func TestAPITokenCreation(t *testing.T) {
 		t.Run("target invalid repo", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			req := NewRequestWithJSON(t, "POST", "/api/v1/users/user2/tokens", &api.CreateAccessTokenOption{
-				Name:   "not-a-valid-token",
+				Name:   util.CryptoRandomString(util.RandomStringLow), // avoid unexpected test impact from conflicting names
 				Scopes: []string{string(auth_model.AccessTokenScopeReadRepository)},
 				Repositories: []*api.RepoTargetOption{
 					{
@@ -823,7 +824,7 @@ func TestAPITokenCreation(t *testing.T) {
 		t.Run("invalid scopes", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 			req := NewRequestWithJSON(t, "POST", "/api/v1/users/user2/tokens", &api.CreateAccessTokenOption{
-				Name:   "not-a-valid-token",
+				Name:   util.CryptoRandomString(util.RandomStringLow), // avoid unexpected test impact from conflicting names
 				Scopes: []string{string(auth_model.AccessTokenScopeReadAdmin)},
 				Repositories: []*api.RepoTargetOption{
 					{
@@ -835,6 +836,17 @@ func TestAPITokenCreation(t *testing.T) {
 			req.AddBasicAuth("user2")
 			MakeRequest(t, req, http.StatusBadRequest)
 		})
+
+		t.Run("invalid zero repositories", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequestWithJSON(t, "POST", "/api/v1/users/user2/tokens", &api.CreateAccessTokenOption{
+				Name:         util.CryptoRandomString(util.RandomStringLow), // avoid unexpected test impact from conflicting names
+				Scopes:       []string{string(auth_model.AccessTokenScopeReadRepository)},
+				Repositories: []*api.RepoTargetOption{}, // not nil, but not populated
+			})
+			req.AddBasicAuth("user2")
+			MakeRequest(t, req, http.StatusBadRequest)
+		})
 	})
 }
 

From 6ff4147688e5c741015ec9e0d396e2c46b6c20ba Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Fri, 13 Mar 2026 01:43:32 +0100
Subject: [PATCH 499/854] refactor: replace WithAvailable with WithVisible when
 fetching runners (#11657)

When fetching runners, the option `WithAvailable` can be enabled to fetch all runners that can be used by a repository, user, or organization, not only those that are owned by the respective repository, user, or organization. In the instance scope, `WithAvailable` has no meaning. You always get _all_ runners. This means it is impossible to only fetch runners that are owned by the instance, but no others.

This PR replaces `WithAvailable` with `WithVisible`. For repositories, users, and organizations, it has the same semantics as `WithAvailable`. For the instance scope, `WithVisible=true` equals today's default behaviour (i.e., return _all_ runners), whereas `WithVisible=false` is new and would only return the runners owned by the instance itself.

The advantage of `WithVisible` is that it has a consistent meaning across all scopes. This also lays the groundwork for the introduction of a `with-visible` (tentative name) flag in the HTTP API.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11657
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 .../action_runner.yml                         | 45 +++++++++
 .../action_runner.yml                         |  0
 models/actions/runner.go                      | 22 +++--
 models/actions/runner_test.go                 | 99 ++++++++++++++++++-
 routers/api/v1/shared/runners.go              |  1 +
 routers/web/repo/actions/actions.go           |  6 +-
 routers/web/repo/setting/runners.go           |  7 +-
 routers/web/shared/actions/runners.go         | 18 ++--
 8 files changed, 169 insertions(+), 29 deletions(-)
 create mode 100644 models/actions/TestRunner_FindRunnerOptionsToConds/action_runner.yml
 rename models/actions/{TestRunner_GetAvailableRunnerByID => TestRunner_GetVisibleRunnerByID}/action_runner.yml (100%)

diff --git a/models/actions/TestRunner_FindRunnerOptionsToConds/action_runner.yml b/models/actions/TestRunner_FindRunnerOptionsToConds/action_runner.yml
new file mode 100644
index 0000000000..fc5190107e
--- /dev/null
+++ b/models/actions/TestRunner_FindRunnerOptionsToConds/action_runner.yml
@@ -0,0 +1,45 @@
+- id: 719931
+  uuid: "9e0eb762-cbdf-4725-9c90-4298568a2a77"
+  name: "runner-1"
+  version: "dev"
+  owner_id: 3  # Owned by org3
+  repo_id: 0
+  description: "A superb runner"
+  agent_labels: ["debian", "gpu"]
+  deleted: 0
+- id: 719932
+  uuid: "b0a0a168-1b08-4365-95dd-e65040ca384d"
+  name: "runner-2"
+  version: "11.3.1"
+  owner_id: 2  # Owned by user2
+  repo_id: 0
+  description: "An exclusive runner"
+  agent_labels: ["docker"]
+  deleted: 0
+- id: 719933
+  uuid: "974f9caf-ee64-4022-a56b-67b28ea06a0d"
+  name: "runner-3"
+  version: "12.2.0"
+  owner_id: 0
+  repo_id: 0
+  description: "A runner for everyone"
+  agent_labels: ["docker"]
+  deleted: 0
+- id: 719934
+  uuid: "022650a8-e999-4a3d-afb0-21f75233798b"
+  name: "runner-4"
+  version: "12.1.0"
+  owner_id: 0
+  repo_id: 32  # owned by org3
+  description: ""
+  agent_labels: ["debian"]
+  deleted: 0
+- id: 719935
+  uuid: "f3031695-87ea-41cf-8d48-21948e83ee17"
+  name: "runner-5"
+  version: "12.7.0"
+  owner_id: 0
+  repo_id: 36  # owned by user2
+  description: ""
+  agent_labels: ["arch"]
+  deleted: 0
diff --git a/models/actions/TestRunner_GetAvailableRunnerByID/action_runner.yml b/models/actions/TestRunner_GetVisibleRunnerByID/action_runner.yml
similarity index 100%
rename from models/actions/TestRunner_GetAvailableRunnerByID/action_runner.yml
rename to models/actions/TestRunner_GetVisibleRunnerByID/action_runner.yml
diff --git a/models/actions/runner.go b/models/actions/runner.go
index ea2e811f94..c524ed6060 100644
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@@ -196,12 +196,12 @@ func init() {
 
 type FindRunnerOptions struct {
 	db.ListOptions
-	RepoID        int64
-	OwnerID       int64 // it will be ignored if RepoID is set
-	Sort          string
-	Filter        string
-	IsOnline      optional.Option[bool]
-	WithAvailable bool // not only runners belong to, but also runners can be used
+	RepoID      int64
+	OwnerID     int64 // it will be ignored if RepoID is set
+	Sort        string
+	Filter      string
+	IsOnline    optional.Option[bool]
+	WithVisible bool // include all runners that are visible to the repository, owner, or instance
 }
 
 func (opts FindRunnerOptions) ToConds() builder.Cond {
@@ -209,17 +209,19 @@ func (opts FindRunnerOptions) ToConds() builder.Cond {
 
 	if opts.RepoID > 0 {
 		c := builder.NewCond().And(builder.Eq{"repo_id": opts.RepoID})
-		if opts.WithAvailable {
+		if opts.WithVisible {
 			c = c.Or(builder.Eq{"owner_id": builder.Select("owner_id").From("repository").Where(builder.Eq{"id": opts.RepoID})})
 			c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
 		}
 		cond = cond.And(c)
 	} else if opts.OwnerID > 0 { // OwnerID is ignored if RepoID is set
 		c := builder.NewCond().And(builder.Eq{"owner_id": opts.OwnerID})
-		if opts.WithAvailable {
+		if opts.WithVisible {
 			c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
 		}
 		cond = cond.And(c)
+	} else if !opts.WithVisible {
+		cond = cond.And(builder.Eq{"repo_id": 0, "owner_id": 0})
 	}
 
 	if opts.Filter != "" {
@@ -278,9 +280,9 @@ func GetRunnerByID(ctx context.Context, id int64) (*ActionRunner, error) {
 	return &runner, nil
 }
 
-// GetAvailableRunnerByID is like GetRunnerByID, but it only finds the runner if it is accessible to the given owner or
+// GetVisibleRunnerByID is like GetRunnerByID, but it only finds the runner if it is visible to the given owner or
 // repository. If it is not, util.ErrNotExist will be returned even if the runner exists.
-func GetAvailableRunnerByID(ctx context.Context, id, ownerID, repoID int64) (*ActionRunner, error) {
+func GetVisibleRunnerByID(ctx context.Context, id, ownerID, repoID int64) (*ActionRunner, error) {
 	query := db.GetEngine(ctx).Where("id=?", id)
 
 	if repoID > 0 {
diff --git a/models/actions/runner_test.go b/models/actions/runner_test.go
index d279c776c6..bf5911ff47 100644
--- a/models/actions/runner_test.go
+++ b/models/actions/runner_test.go
@@ -237,8 +237,8 @@ func TestRunnerEditable(t *testing.T) {
 	}
 }
 
-func TestRunner_GetAvailableRunnerByID(t *testing.T) {
-	defer unittest.OverrideFixtures("models/actions/TestRunner_GetAvailableRunnerByID")()
+func TestRunner_GetVisibleRunnerByID(t *testing.T) {
+	defer unittest.OverrideFixtures("models/actions/TestRunner_GetVisibleRunnerByID")()
 	require.NoError(t, unittest.PrepareTestDatabase())
 
 	repository32 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 32, OwnerID: 3})
@@ -365,7 +365,7 @@ func TestRunner_GetAvailableRunnerByID(t *testing.T) {
 
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			_, err := GetAvailableRunnerByID(t.Context(), testCase.runner.ID, testCase.ownerID, testCase.repoID)
+			_, err := GetVisibleRunnerByID(t.Context(), testCase.runner.ID, testCase.ownerID, testCase.repoID)
 			if testCase.expectedError == "" {
 				require.NoError(t, err)
 			} else {
@@ -374,3 +374,96 @@ func TestRunner_GetAvailableRunnerByID(t *testing.T) {
 		})
 	}
 }
+
+func TestRunner_FindRunnerOptionsToConds(t *testing.T) {
+	defer unittest.OverrideFixtures("models/actions/TestRunner_FindRunnerOptionsToConds")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	runner1 := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: 719931, OwnerID: 3, RepoID: 0}) // Owned by org3
+	runner2 := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: 719932, OwnerID: 2, RepoID: 0}) // Owned by user2
+	runner3 := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: 719933, OwnerID: 0, RepoID: 0})
+	runner4 := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: 719934, OwnerID: 0, RepoID: 32})
+	runner5 := unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: 719935, OwnerID: 0, RepoID: 36})
+
+	testCases := []struct {
+		name              string
+		opts              FindRunnerOptions
+		expectedRunners   RunnerList
+		unexpectedRunners RunnerList
+	}{
+		{
+			name:              "Only runners owned by instance",
+			opts:              FindRunnerOptions{OwnerID: 0, RepoID: 0, WithVisible: false},
+			expectedRunners:   RunnerList{runner3},
+			unexpectedRunners: RunnerList{runner1, runner2, runner4, runner5},
+		},
+		{
+			name:              "All runners on instance",
+			opts:              FindRunnerOptions{OwnerID: 0, RepoID: 0, WithVisible: true},
+			expectedRunners:   RunnerList{runner1, runner2, runner3, runner4, runner5},
+			unexpectedRunners: RunnerList{},
+		},
+		{
+			name:              "Only runners owned by organization",
+			opts:              FindRunnerOptions{OwnerID: 3, RepoID: 0, WithVisible: false},
+			expectedRunners:   RunnerList{runner1},
+			unexpectedRunners: RunnerList{runner2, runner3, runner4, runner5},
+		},
+		{
+			name:              "Runners available to organization",
+			opts:              FindRunnerOptions{OwnerID: 3, RepoID: 0, WithVisible: true},
+			expectedRunners:   RunnerList{runner1, runner3},
+			unexpectedRunners: RunnerList{runner2, runner4, runner5},
+		},
+		{
+			name:              "Only runners owned by user",
+			opts:              FindRunnerOptions{OwnerID: 2, RepoID: 0, WithVisible: false},
+			expectedRunners:   RunnerList{runner2},
+			unexpectedRunners: RunnerList{runner1, runner3, runner4, runner5},
+		},
+		{
+			name:              "Runners available to user",
+			opts:              FindRunnerOptions{OwnerID: 2, RepoID: 0, WithVisible: true},
+			expectedRunners:   RunnerList{runner2, runner3},
+			unexpectedRunners: RunnerList{runner1, runner4, runner5},
+		},
+		{
+			name:              "Only runners owned by organization repository",
+			opts:              FindRunnerOptions{OwnerID: 0, RepoID: 32, WithVisible: false},
+			expectedRunners:   RunnerList{runner4},
+			unexpectedRunners: RunnerList{runner1, runner2, runner3, runner5},
+		},
+		{
+			name:              "Runners available to organization repository",
+			opts:              FindRunnerOptions{OwnerID: 0, RepoID: 32, WithVisible: true},
+			expectedRunners:   RunnerList{runner1, runner3, runner4},
+			unexpectedRunners: RunnerList{runner2, runner5},
+		},
+		{
+			name:              "Only runners owned by user repository",
+			opts:              FindRunnerOptions{OwnerID: 0, RepoID: 36, WithVisible: false},
+			expectedRunners:   RunnerList{runner5},
+			unexpectedRunners: RunnerList{runner1, runner2, runner3, runner4},
+		},
+		{
+			name:              "Runners available to user repository",
+			opts:              FindRunnerOptions{OwnerID: 0, RepoID: 36, WithVisible: true},
+			expectedRunners:   RunnerList{runner2, runner3, runner5},
+			unexpectedRunners: RunnerList{runner1, runner4},
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			runners, err := db.Find[ActionRunner](t.Context(), testCase.opts)
+			require.NoError(t, err)
+
+			for _, expectedRunner := range testCase.expectedRunners {
+				assert.Contains(t, runners, expectedRunner)
+			}
+			for _, unexpectedRunner := range testCase.unexpectedRunners {
+				assert.NotContains(t, runners, unexpectedRunner)
+			}
+		})
+	}
+}
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index 5fadbd92e0..a86c0ee904 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -106,6 +106,7 @@ func ListRunners(ctx *context.APIContext, ownerID, repoID int64) {
 		OwnerID:     ownerID,
 		RepoID:      repoID,
 		ListOptions: listOptions,
+		WithVisible: ownerID == 0 && repoID == 0,
 	})
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "FindCountRunners", map[string]string{})
diff --git a/routers/web/repo/actions/actions.go b/routers/web/repo/actions/actions.go
index 63098b62b6..b70f06c2f4 100644
--- a/routers/web/repo/actions/actions.go
+++ b/routers/web/repo/actions/actions.go
@@ -88,9 +88,9 @@ func List(ctx *context.Context) {
 
 		// Get all runner labels
 		runners, err := db.Find[actions_model.ActionRunner](ctx, actions_model.FindRunnerOptions{
-			RepoID:        ctx.Repo.Repository.ID,
-			IsOnline:      optional.Some(true),
-			WithAvailable: true,
+			RepoID:      ctx.Repo.Repository.ID,
+			IsOnline:    optional.Some(true),
+			WithVisible: true,
 		})
 		if err != nil {
 			ctx.ServerError("FindRunners", err)
diff --git a/routers/web/repo/setting/runners.go b/routers/web/repo/setting/runners.go
index ab3ec32c4a..70f8c99c6e 100644
--- a/routers/web/repo/setting/runners.go
+++ b/routers/web/repo/setting/runners.go
@@ -137,15 +137,14 @@ func Runners(ctx *context.Context) {
 			Page:     page,
 			PageSize: 100,
 		},
-		Sort:   ctx.Req.URL.Query().Get("sort"),
-		Filter: ctx.Req.URL.Query().Get("q"),
+		WithVisible: true,
+		Sort:        ctx.Req.URL.Query().Get("sort"),
+		Filter:      ctx.Req.URL.Query().Get("q"),
 	}
 	if rCtx.IsRepo {
 		opts.RepoID = rCtx.RepoID
-		opts.WithAvailable = true
 	} else if rCtx.IsOrg || rCtx.IsUser {
 		opts.OwnerID = rCtx.OwnerID
-		opts.WithAvailable = true
 	}
 
 	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
diff --git a/routers/web/shared/actions/runners.go b/routers/web/shared/actions/runners.go
index ab52faf9f5..436b103f35 100644
--- a/routers/web/shared/actions/runners.go
+++ b/routers/web/shared/actions/runners.go
@@ -77,12 +77,12 @@ func RunnersList(ctx *context.Context, template base.TplName, opts actions_model
 // RunnerDetails displays detail information about each runner. The page is purely informational and visible to everyone
 // who is allowed to use a runner.
 func RunnerDetails(ctx *context.Context, runnerID, ownerID, repoID int64, template base.TplName, page int) {
-	runner, err := actions_model.GetAvailableRunnerByID(ctx, runnerID, ownerID, repoID)
+	runner, err := actions_model.GetVisibleRunnerByID(ctx, runnerID, ownerID, repoID)
 	if errors.Is(err, util.ErrNotExist) {
-		ctx.NotFound("GetAvailableRunnerByID", err)
+		ctx.NotFound("GetVisibleRunnerByID", err)
 		return
 	} else if err != nil {
-		ctx.ServerError("GetAvailableRunnerByID", err)
+		ctx.ServerError("GetVisibleRunnerByID", err)
 		return
 	}
 	if err := runner.LoadAttributes(ctx); err != nil {
@@ -166,12 +166,12 @@ func RunnerCreatePost(ctx *context.Context, ownerID, repoID int64, template, suc
 
 // RunnerEdit displays a form to modify the given runner.
 func RunnerEdit(ctx *context.Context, runnerID, ownerID, repoID int64, template base.TplName) {
-	runner, err := actions_model.GetAvailableRunnerByID(ctx, runnerID, ownerID, repoID)
+	runner, err := actions_model.GetVisibleRunnerByID(ctx, runnerID, ownerID, repoID)
 	if errors.Is(err, util.ErrNotExist) {
-		ctx.NotFound("GetAvailableRunnerByID", err)
+		ctx.NotFound("GetVisibleRunnerByID", err)
 		return
 	} else if err != nil {
-		ctx.ServerError("GetAvailableRunnerByID", err)
+		ctx.ServerError("GetVisibleRunnerByID", err)
 		return
 	}
 	if err := runner.LoadAttributes(ctx); err != nil {
@@ -194,12 +194,12 @@ func RunnerEdit(ctx *context.Context, runnerID, ownerID, repoID int64, template
 
 // RunnerEditPost handles the form submitted by RunnerEdit.
 func RunnerEditPost(ctx *context.Context, runnerID, ownerID, repoID int64, template, successTemplate base.TplName, redirectTo string) {
-	runner, err := actions_model.GetAvailableRunnerByID(ctx, runnerID, ownerID, repoID)
+	runner, err := actions_model.GetVisibleRunnerByID(ctx, runnerID, ownerID, repoID)
 	if errors.Is(err, util.ErrNotExist) {
-		ctx.NotFound("GetAvailableRunnerByID", err)
+		ctx.NotFound("GetVisibleRunnerByID", err)
 		return
 	} else if err != nil {
-		ctx.ServerError("GetAvailableRunnerByID", err)
+		ctx.ServerError("GetVisibleRunnerByID", err)
 		return
 	}
 	if !runner.Editable(ownerID, repoID) {

From fd41a4c30f6a902f86c79830f6a48897cc4a9010 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 13 Mar 2026 08:10:53 +0100
Subject: [PATCH 500/854] Update dependency mermaid to v11.13.0 (forgejo)
 (#11663)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11663
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 47 +++++++++++++++++++++++++++++------------------
 package.json      |  2 +-
 2 files changed, 30 insertions(+), 19 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 23b067710b..804a9a333f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -55,7 +55,7 @@
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
         "katex": "0.16.38",
-        "mermaid": "11.12.3",
+        "mermaid": "11.13.0",
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.4",
         "pdfobject": "2.3.0",
@@ -2699,9 +2699,9 @@
       }
     },
     "node_modules/@mermaid-js/parser": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-1.0.0.tgz",
-      "integrity": "sha512-vvK0Hi/VWndxoh03Mmz6wa1KDriSPjS2XMZL/1l19HFwygiObEEoEwSDxOqyLzzAI6J2PU3261JjTMTO7x+BPw==",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-1.0.1.tgz",
+      "integrity": "sha512-opmV19kN1JsK0T6HhhokHpcVkqKpF+x2pPDKKM2ThHtZAB5F4PROopk0amuVYK5qMrIA4erzpNm8gmPNJgMDxQ==",
       "license": "MIT",
       "dependencies": {
         "langium": "^4.0.0"
@@ -4796,6 +4796,16 @@
         "win32"
       ]
     },
+    "node_modules/@upsetjs/venn.js": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/@upsetjs/venn.js/-/venn.js-2.0.0.tgz",
+      "integrity": "sha512-WbBhLrooyePuQ1VZxrJjtLvTc4NVfpOyKx0sKqioq9bX1C1m7Jgykkn8gLrtwumBioXIqam8DLxp88Adbue6Hw==",
+      "license": "MIT",
+      "optionalDependencies": {
+        "d3-selection": "^3.0.0",
+        "d3-transition": "^3.0.1"
+      }
+    },
     "node_modules/@vitejs/plugin-vue": {
       "version": "6.0.3",
       "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-6.0.3.tgz",
@@ -7135,9 +7145,9 @@
       }
     },
     "node_modules/dagre-d3-es": {
-      "version": "7.0.13",
-      "resolved": "https://registry.npmjs.org/dagre-d3-es/-/dagre-d3-es-7.0.13.tgz",
-      "integrity": "sha512-efEhnxpSuwpYOKRm/L5KbqoZmNNukHa/Flty4Wp62JRvgH2ojwVgPgdYyr4twpieZnyRDdIH7PY2mopX26+j2Q==",
+      "version": "7.0.14",
+      "resolved": "https://registry.npmjs.org/dagre-d3-es/-/dagre-d3-es-7.0.14.tgz",
+      "integrity": "sha512-P4rFMVq9ESWqmOgK+dlXvOtLwYg0i7u0HBGJER0LZDJT2VHIPAMZ/riPxqJceWMStH5+E61QxFra9kIS3AqdMg==",
       "license": "MIT",
       "dependencies": {
         "d3": "^7.9.0",
@@ -11129,27 +11139,28 @@
       }
     },
     "node_modules/mermaid": {
-      "version": "11.12.3",
-      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.12.3.tgz",
-      "integrity": "sha512-wN5ZSgJQIC+CHJut9xaKWsknLxaFBwCPwPkGTSUYrTiHORWvpT8RxGk849HPnpUAQ+/9BPRqYb80jTpearrHzQ==",
+      "version": "11.13.0",
+      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.13.0.tgz",
+      "integrity": "sha512-fEnci+Immw6lKMFI8sqzjlATTyjLkRa6axrEgLV2yHTfv8r+h1wjFbV6xeRtd4rUV1cS4EpR9rwp3Rci7TRWDw==",
       "license": "MIT",
       "dependencies": {
         "@braintree/sanitize-url": "^7.1.1",
-        "@iconify/utils": "^3.0.1",
-        "@mermaid-js/parser": "^1.0.0",
+        "@iconify/utils": "^3.0.2",
+        "@mermaid-js/parser": "^1.0.1",
         "@types/d3": "^7.4.3",
-        "cytoscape": "^3.29.3",
+        "@upsetjs/venn.js": "^2.0.0",
+        "cytoscape": "^3.33.1",
         "cytoscape-cose-bilkent": "^4.1.0",
         "cytoscape-fcose": "^2.2.0",
         "d3": "^7.9.0",
         "d3-sankey": "^0.12.3",
-        "dagre-d3-es": "7.0.13",
-        "dayjs": "^1.11.18",
-        "dompurify": "^3.2.5",
-        "katex": "^0.16.22",
+        "dagre-d3-es": "7.0.14",
+        "dayjs": "^1.11.19",
+        "dompurify": "^3.3.1",
+        "katex": "^0.16.25",
         "khroma": "^2.1.0",
         "lodash-es": "^4.17.23",
-        "marked": "^16.2.1",
+        "marked": "^16.3.0",
         "roughjs": "^4.6.6",
         "stylis": "^4.3.6",
         "ts-dedent": "^2.2.0",
diff --git a/package.json b/package.json
index 6f5191d518..168edafc9f 100644
--- a/package.json
+++ b/package.json
@@ -54,7 +54,7 @@
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
     "katex": "0.16.38",
-    "mermaid": "11.12.3",
+    "mermaid": "11.13.0",
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.4",
     "pdfobject": "2.3.0",

From 5a64bdb0e75905eb5d407cbffa587a579a2c5bbb Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 13 Mar 2026 08:15:36 +0100
Subject: [PATCH 501/854] Update data.forgejo.org/forgejo/forgejo Docker tag to
 v11.0.11 (forgejo) (#11660)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11660
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 98d2f10e3b..1bec8b7dfa 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -2,7 +2,7 @@ name: Integration tests for the release process
 enable-email-notifications: true
 
 env:
-  FORGEJO_VERSION: 11.0.10 # renovate: datasource=docker depName=data.forgejo.org/forgejo/forgejo
+  FORGEJO_VERSION: 11.0.11 # renovate: datasource=docker depName=data.forgejo.org/forgejo/forgejo
 
 on:
   push:

From 68702415c394743ecd5be93a03f48c196b0f7ced Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 13 Mar 2026 08:17:21 +0100
Subject: [PATCH 502/854] Update data.forgejo.org/oci/golang Docker tag to
 v1.26 (forgejo) (#11662)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11662
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Dockerfile          | 2 +-
 Dockerfile.rootless | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 3deba255be..2639d91e44 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/xx AS xx
 
-FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/golang:1.25-alpine3.23 AS build-env
+FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/golang:1.26-alpine3.23 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-https://proxy.golang.org,direct}
diff --git a/Dockerfile.rootless b/Dockerfile.rootless
index 785986e545..d6e037c522 100644
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,6 +1,6 @@
 FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/xx AS xx
 
-FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/golang:1.25-alpine3.23 AS build-env
+FROM --platform=$BUILDPLATFORM data.forgejo.org/oci/golang:1.26-alpine3.23 AS build-env
 
 ARG GOPROXY
 ENV GOPROXY=${GOPROXY:-https://proxy.golang.org,direct}

From e9969afa6b121e47be160f1ae2b9d6c5e6ff24b7 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sat, 14 Mar 2026 04:12:00 +0100
Subject: [PATCH 503/854] feat: make it possible to search runners by UUID
 (#11671)

Forgejo Runner [identifies runners by their UUID](https://code.forgejo.org/forgejo/runner/pulls/1380), not by their name. That means users should be able to find a runner in Forgejo not only using its name, but also using its UUID. With this change, when a user enters a (partial) UUID into the search bar on top of the list of runners, all matching runners will be found.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11671
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 models/actions/runner.go      |  2 +-
 models/actions/runner_test.go | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/models/actions/runner.go b/models/actions/runner.go
index c524ed6060..8061ccf37e 100644
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@@ -225,7 +225,7 @@ func (opts FindRunnerOptions) ToConds() builder.Cond {
 	}
 
 	if opts.Filter != "" {
-		cond = cond.And(builder.Like{"name", opts.Filter})
+		cond = cond.And(builder.Like{"name", opts.Filter}).Or(builder.Like{"uuid", opts.Filter})
 	}
 
 	if has, value := opts.IsOnline.Get(); has {
diff --git a/models/actions/runner_test.go b/models/actions/runner_test.go
index bf5911ff47..acca9b1761 100644
--- a/models/actions/runner_test.go
+++ b/models/actions/runner_test.go
@@ -451,6 +451,18 @@ func TestRunner_FindRunnerOptionsToConds(t *testing.T) {
 			expectedRunners:   RunnerList{runner2, runner3, runner5},
 			unexpectedRunners: RunnerList{runner1, runner4},
 		},
+		{
+			name:              "Runners with partially matching name",
+			opts:              FindRunnerOptions{Filter: "er-3"},
+			expectedRunners:   RunnerList{runner3},
+			unexpectedRunners: RunnerList{runner1, runner2, runner4, runner5},
+		},
+		{
+			name:              "Runners with partially matching UUID",
+			opts:              FindRunnerOptions{Filter: "21f75233798b"},
+			expectedRunners:   RunnerList{runner4},
+			unexpectedRunners: RunnerList{runner1, runner2, runner3, runner5},
+		},
 	}
 
 	for _, testCase := range testCases {

From ce73827b7e516f3d8ccec59d1fab2295807b1557 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sat, 14 Mar 2026 04:22:01 +0100
Subject: [PATCH 504/854] feat: add visible flag to HTTP API endpoints that
 return runners (#11670)

Add a `visible=true|false` flag to the HTTP API endpoints that return runners (`/user/actions/runners` and friends). Previously, all endpoints (except the one for admins) only returned the runners owned by the respective repository, user, or organization. The endpoint for admins returned all runners.

With this change, all endpoints only return the runners directly owned by the repository, user, organization, or instance by default (`visible=false`). With `visible=true`, the API returns the same runners as the UI. That means, for example, that `/repos/{owner}/{repo}/actions/runners?visible=true` returns all runners owned by the repository, its owner, and the instance.

Additionally, the behaviour of the endpoint for getting a single runner was altered. With this change, it permits accessing all _visible_ runners, thereby matching the UI. Previously, only runners directly owned by the repository, user, or organization could be obtained, whereas the admin could obtain all. Furthermore, existence probing is no longer possible.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11670
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 routers/api/v1/admin/runners.go             |   4 +
 routers/api/v1/org/action.go                |   4 +
 routers/api/v1/repo/action.go               |   4 +
 routers/api/v1/shared/runners.go            |  10 +-
 routers/api/v1/user/runners.go              |   4 +
 templates/swagger/v1_json.tmpl              |  24 ++++
 tests/integration/api_admin_actions_test.go | 151 +++++++++----------
 tests/integration/api_org_actions_test.go   | 152 ++++++++++++--------
 tests/integration/api_repo_actions_test.go  | 152 ++++++++++++--------
 tests/integration/api_user_actions_test.go  | 139 ++++++++++--------
 10 files changed, 382 insertions(+), 262 deletions(-)

diff --git a/routers/api/v1/admin/runners.go b/routers/api/v1/admin/runners.go
index db62979b62..33f39e1eb5 100644
--- a/routers/api/v1/admin/runners.go
+++ b/routers/api/v1/admin/runners.go
@@ -104,6 +104,10 @@ func ListRunners(ctx *context.APIContext) {
 	// produces:
 	// - application/json
 	// parameters:
+	// - name: visible
+	//   in: query
+	//   description: whether to include all visible runners (true) or only those that are directly owned by the instance (false)
+	//   type: boolean
 	// - name: page
 	//   in: query
 	//   description: page number of results to return (1-based)
diff --git a/routers/api/v1/org/action.go b/routers/api/v1/org/action.go
index 6036d476f7..dd024ca8fd 100644
--- a/routers/api/v1/org/action.go
+++ b/routers/api/v1/org/action.go
@@ -284,6 +284,10 @@ func (Action) ListRunners(ctx *context.APIContext) {
 	//   description: name of the organization
 	//   type: string
 	//   required: true
+	// - name: visible
+	//   in: query
+	//   description: whether to include all visible runners (true) or only those that are directly owned by the organization (false)
+	//   type: boolean
 	// - name: page
 	//   in: query
 	//   description: page number of results to return (1-based)
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index 94a25a088f..63baaf4437 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -530,6 +530,10 @@ func (Action) ListRunners(ctx *context.APIContext) {
 	//   description: name of the repo
 	//   type: string
 	//   required: true
+	// - name: visible
+	//   in: query
+	//   description: whether to include all visible runners (true) or only those that are directly owned by the repository (false)
+	//   type: boolean
 	// - name: page
 	//   in: query
 	//   description: page number of results to return (1-based)
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index a86c0ee904..de54339f6b 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -106,7 +106,7 @@ func ListRunners(ctx *context.APIContext, ownerID, repoID int64) {
 		OwnerID:     ownerID,
 		RepoID:      repoID,
 		ListOptions: listOptions,
-		WithVisible: ownerID == 0 && repoID == 0,
+		WithVisible: ctx.FormBool("visible"),
 	})
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "FindCountRunners", map[string]string{})
@@ -139,7 +139,7 @@ func GetRunner(ctx *context.APIContext, ownerID, repoID, runnerID int64) {
 		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("ownerID and repoID should not be both set: %d and %d", ownerID, repoID))
 		return
 	}
-	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
+	runner, err := actions_model.GetVisibleRunnerByID(ctx, runnerID, ownerID, repoID)
 	if err != nil {
 		if errors.Is(err, util.ErrNotExist) {
 			ctx.Error(http.StatusNotFound, "GetRunnerNotFound", err)
@@ -148,10 +148,6 @@ func GetRunner(ctx *context.APIContext, ownerID, repoID, runnerID int64) {
 		}
 		return
 	}
-	if !runner.Editable(ownerID, repoID) {
-		ctx.Error(http.StatusNotFound, "RunnerEdit", "No permission to get this runner")
-		return
-	}
 
 	actionRunner, err := convert.ToActionRunner(runner)
 	if err != nil {
@@ -199,7 +195,7 @@ func DeleteRunner(ctx *context.APIContext, ownerID, repoID, runnerID int64) {
 		ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("ownerID and repoID should not be both set: %d and %d", ownerID, repoID))
 		return
 	}
-	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
+	runner, err := actions_model.GetVisibleRunnerByID(ctx, runnerID, ownerID, repoID)
 	if err != nil {
 		if errors.Is(err, util.ErrNotExist) {
 			ctx.Error(http.StatusNotFound, "DeleteRunnerNotFound", err)
diff --git a/routers/api/v1/user/runners.go b/routers/api/v1/user/runners.go
index 29bf13b982..a4416f9acb 100644
--- a/routers/api/v1/user/runners.go
+++ b/routers/api/v1/user/runners.go
@@ -63,6 +63,10 @@ func ListRunners(ctx *context.APIContext) {
 	// produces:
 	// - application/json
 	// parameters:
+	// - name: visible
+	//   in: query
+	//   description: whether to include all visible runners (true) or only those that are directly owned by the user (false)
+	//   type: boolean
 	// - name: page
 	//   in: query
 	//   description: page number of results to return (1-based)
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 08bd72ef60..9b5611a083 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -322,6 +322,12 @@
         "summary": "Get all runners, no matter whether they are global runners or scoped to an organization, user, or repository",
         "operationId": "getAdminRunners",
         "parameters": [
+          {
+            "type": "boolean",
+            "description": "whether to include all visible runners (true) or only those that are directly owned by the instance (false)",
+            "name": "visible",
+            "in": "query"
+          },
           {
             "type": "integer",
             "description": "page number of results to return (1-based)",
@@ -2729,6 +2735,12 @@
             "in": "path",
             "required": true
           },
+          {
+            "type": "boolean",
+            "description": "whether to include all visible runners (true) or only those that are directly owned by the organization (false)",
+            "name": "visible",
+            "in": "query"
+          },
           {
             "type": "integer",
             "description": "page number of results to return (1-based)",
@@ -5467,6 +5479,12 @@
             "in": "path",
             "required": true
           },
+          {
+            "type": "boolean",
+            "description": "whether to include all visible runners (true) or only those that are directly owned by the repository (false)",
+            "name": "visible",
+            "in": "query"
+          },
           {
             "type": "integer",
             "description": "page number of results to return (1-based)",
@@ -18994,6 +19012,12 @@
         "summary": "Get the user's runners",
         "operationId": "getUserRunners",
         "parameters": [
+          {
+            "type": "boolean",
+            "description": "whether to include all visible runners (true) or only those that are directly owned by the user (false)",
+            "name": "visible",
+            "in": "query"
+          },
           {
             "type": "integer",
             "description": "page number of results to return (1-based)",
diff --git a/tests/integration/api_admin_actions_test.go b/tests/integration/api_admin_actions_test.go
index c935d352f9..bf0f6fd579 100644
--- a/tests/integration/api_admin_actions_test.go
+++ b/tests/integration/api_admin_actions_test.go
@@ -183,6 +183,63 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadAdmin)
 	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteAdmin)
 
+	runnerOne := &api.ActionRunner{
+		ID:          130791,
+		UUID:        "8b0f6b98-fef8-430e-bfdc-dcbeeb58f3c8",
+		Name:        "runner-1-global",
+		Version:     "dev",
+		OwnerID:     0,
+		RepoID:      0,
+		Description: "A superb runner",
+		Labels:      []string{"debian", "gpu"},
+		Status:      "offline",
+	}
+	runnerTwo := &api.ActionRunner{
+		ID:          130792,
+		UUID:        "61c48447-6e7d-42da-9dbe-d659ade77a56",
+		Name:        "runner-2-user",
+		Version:     "11.3.1",
+		OwnerID:     1,
+		RepoID:      0,
+		Description: "A splendid runner",
+		Labels:      []string{"docker"},
+		Status:      "offline",
+	}
+	runnerThree := &api.ActionRunner{
+		ID:          130793,
+		UUID:        "9b92be13-b002-4fc0-b182-5e7cdbef0b8d",
+		Name:        "runner-3-global",
+		Version:     "11.3.1",
+		OwnerID:     0,
+		RepoID:      0,
+		Description: "Another fine runner",
+		Labels:      []string{"fedora"},
+		Status:      "offline",
+	}
+	runnerFour := &api.ActionRunner{
+		ID:          130794,
+		UUID:        "44d595e9-b47d-42ef-b1b9-5869f8b8d501",
+		Name:        "runner-4-repository",
+		Version:     "12.2.0",
+		OwnerID:     0,
+		RepoID:      62,
+		Description: "",
+		Labels:      []string{"nixos"},
+		Status:      "offline",
+	}
+	runnerFive := &api.ActionRunner{
+		ID:          130795,
+		UUID:        "16ca1a5c-8024-41f1-be31-e55830263cc6",
+		Name:        "runner-5-ephemeral",
+		Version:     "1.0.0",
+		OwnerID:     0,
+		RepoID:      0,
+		Description: "An ephemeral runner",
+		Labels:      []string{"ephemeral-label"},
+		Status:      "offline",
+		Ephemeral:   true,
+	}
+
 	t.Run("Get runners", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners")
 		request.AddTokenAuth(readToken)
@@ -193,57 +250,12 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		var runners []*api.ActionRunner
 		DecodeJSON(t, response, &runners)
 
-		runnerOne := &api.ActionRunner{
-			ID:          130791,
-			UUID:        "8b0f6b98-fef8-430e-bfdc-dcbeeb58f3c8",
-			Name:        "runner-1-global",
-			Version:     "dev",
-			OwnerID:     0,
-			RepoID:      0,
-			Description: "A superb runner",
-			Labels:      []string{"debian", "gpu"},
-			Status:      "offline",
-		}
-		runnerTwo := &api.ActionRunner{
-			ID:          130792,
-			UUID:        "61c48447-6e7d-42da-9dbe-d659ade77a56",
-			Name:        "runner-2-user",
-			Version:     "11.3.1",
-			OwnerID:     1,
-			RepoID:      0,
-			Description: "A splendid runner",
-			Labels:      []string{"docker"},
-			Status:      "offline",
-		}
-		runnerThree := &api.ActionRunner{
-			ID:          130793,
-			UUID:        "9b92be13-b002-4fc0-b182-5e7cdbef0b8d",
-			Name:        "runner-3-global",
-			Version:     "11.3.1",
-			OwnerID:     0,
-			RepoID:      0,
-			Description: "Another fine runner",
-			Labels:      []string{"fedora"},
-			Status:      "offline",
-		}
-		runnerFive := &api.ActionRunner{
-			ID:          130795,
-			UUID:        "16ca1a5c-8024-41f1-be31-e55830263cc6",
-			Name:        "runner-5-ephemeral",
-			Version:     "1.0.0",
-			OwnerID:     0,
-			RepoID:      0,
-			Description: "An ephemeral runner",
-			Labels:      []string{"ephemeral-label"},
-			Status:      "offline",
-			Ephemeral:   true,
-		}
-
 		// There are more runners in the result that originate from the global fixtures. The test ignores them to limit
 		// the impact of unrelated changes.
 		assert.Contains(t, runners, runnerOne)
-		assert.Contains(t, runners, runnerTwo)
+		assert.NotContains(t, runners, runnerTwo)
 		assert.Contains(t, runners, runnerThree)
+		assert.NotContains(t, runners, runnerFour)
 		assert.Contains(t, runners, runnerFive)
 	})
 
@@ -260,6 +272,25 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		assert.Len(t, runners, 5)
 	})
 
+	t.Run("Get visible runners", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners?visible=true")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		assert.NotEmpty(t, response.Header().Get("X-Total-Count"))
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		// There are more runners in the result that originate from the global fixtures. The test ignores them to limit
+		// the impact of unrelated changes.
+		assert.Contains(t, runners, runnerOne)
+		assert.Contains(t, runners, runnerTwo)
+		assert.Contains(t, runners, runnerThree)
+		assert.Contains(t, runners, runnerFour)
+		assert.Contains(t, runners, runnerFive)
+	})
+
 	t.Run("Get global runner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/admin/actions/runners/130793")
 		request.AddTokenAuth(readToken)
@@ -268,19 +299,7 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		var runner *api.ActionRunner
 		DecodeJSON(t, response, &runner)
 
-		runnerOne := &api.ActionRunner{
-			ID:          130793,
-			UUID:        "9b92be13-b002-4fc0-b182-5e7cdbef0b8d",
-			Name:        "runner-3-global",
-			Version:     "11.3.1",
-			OwnerID:     0,
-			RepoID:      0,
-			Description: "Another fine runner",
-			Labels:      []string{"fedora"},
-			Status:      "offline",
-		}
-
-		assert.Equal(t, runnerOne, runner)
+		assert.Equal(t, runnerThree, runner)
 	})
 
 	t.Run("Get repository-scoped runner", func(t *testing.T) {
@@ -291,18 +310,6 @@ func TestAPIAdminActionsRunnerOperations(t *testing.T) {
 		var runner *api.ActionRunner
 		DecodeJSON(t, response, &runner)
 
-		runnerFour := &api.ActionRunner{
-			ID:          130794,
-			UUID:        "44d595e9-b47d-42ef-b1b9-5869f8b8d501",
-			Name:        "runner-4-repository",
-			Version:     "12.2.0",
-			OwnerID:     0,
-			RepoID:      62,
-			Description: "",
-			Labels:      []string{"nixos"},
-			Status:      "offline",
-		}
-
 		assert.Equal(t, runnerFour, runner)
 	})
 
diff --git a/tests/integration/api_org_actions_test.go b/tests/integration/api_org_actions_test.go
index 35183306c2..ec5326c35b 100644
--- a/tests/integration/api_org_actions_test.go
+++ b/tests/integration/api_org_actions_test.go
@@ -112,6 +112,63 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadOrganization)
 	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
 
+	runnerOne := &api.ActionRunner{
+		ID:          655691,
+		UUID:        "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec",
+		Name:        "runner-1-organization",
+		Version:     "dev",
+		OwnerID:     3,
+		RepoID:      0,
+		Description: "A superb runner",
+		Labels:      []string{"debian", "gpu"},
+		Status:      "offline",
+	}
+	runnerTwo := &api.ActionRunner{
+		ID:          655692,
+		UUID:        "6d2d13ef-b19f-47a8-85ad-e82e51f606c5",
+		Name:        "runner-2-user",
+		Version:     "11.3.1",
+		OwnerID:     1,
+		RepoID:      0,
+		Description: "A splendid runner",
+		Labels:      []string{"docker"},
+		Status:      "offline",
+	}
+	runnerThree := &api.ActionRunner{
+		ID:          655693,
+		UUID:        "0a7e5e05-2da4-44d5-a72a-615da120cef6",
+		Name:        "runner-3-organization",
+		Version:     "11.3.1",
+		OwnerID:     3,
+		RepoID:      0,
+		Description: "Another fine runner",
+		Labels:      []string{"fedora"},
+		Status:      "offline",
+	}
+	runnerFour := &api.ActionRunner{
+		ID:          655694,
+		UUID:        "166c596c-5016-488d-bd55-b84e5a0460ea",
+		Name:        "runner-4-global",
+		Version:     "11.3.1",
+		OwnerID:     0,
+		RepoID:      0,
+		Description: "",
+		Labels:      []string{},
+		Status:      "offline",
+	}
+	runnerFive := &api.ActionRunner{
+		ID:          655695,
+		UUID:        "0851ed0a-f0af-4a01-9b98-fc9bf9c1d332",
+		Name:        "runner-5-ephemeral",
+		Version:     "1.0.0",
+		OwnerID:     3,
+		RepoID:      0,
+		Description: "An ephemeral runner",
+		Labels:      []string{"ephemeral-label"},
+		Status:      "offline",
+		Ephemeral:   true,
+	}
+
 	t.Run("Get runners", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners")
 		request.AddTokenAuth(readToken)
@@ -122,41 +179,6 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		var runners []*api.ActionRunner
 		DecodeJSON(t, response, &runners)
 
-		runnerOne := &api.ActionRunner{
-			ID:          655691,
-			UUID:        "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec",
-			Name:        "runner-1-organization",
-			Version:     "dev",
-			OwnerID:     3,
-			RepoID:      0,
-			Description: "A superb runner",
-			Labels:      []string{"debian", "gpu"},
-			Status:      "offline",
-		}
-		runnerThree := &api.ActionRunner{
-			ID:          655693,
-			UUID:        "0a7e5e05-2da4-44d5-a72a-615da120cef6",
-			Name:        "runner-3-organization",
-			Version:     "11.3.1",
-			OwnerID:     3,
-			RepoID:      0,
-			Description: "Another fine runner",
-			Labels:      []string{"fedora"},
-			Status:      "offline",
-		}
-		runnerFive := &api.ActionRunner{
-			ID:          655695,
-			UUID:        "0851ed0a-f0af-4a01-9b98-fc9bf9c1d332",
-			Name:        "runner-5-ephemeral",
-			Version:     "1.0.0",
-			OwnerID:     3,
-			RepoID:      0,
-			Description: "An ephemeral runner",
-			Labels:      []string{"ephemeral-label"},
-			Status:      "offline",
-			Ephemeral:   true,
-		}
-
 		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree, runnerFive}, runners)
 	})
 
@@ -173,6 +195,25 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		assert.Len(t, runners, 1)
 	})
 
+	t.Run("Get visible runners", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners?visible=true")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		assert.NotEmpty(t, response.Header().Get("X-Total-Count"))
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		// There are more runners in the result that originate from the global fixtures. The test ignores them to limit
+		// the impact of unrelated changes.
+		assert.Contains(t, runners, runnerOne)
+		assert.NotContains(t, runners, runnerTwo)
+		assert.Contains(t, runners, runnerThree)
+		assert.Contains(t, runners, runnerFour)
+		assert.Contains(t, runners, runnerFive)
+	})
+
 	t.Run("Get runner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners/655691")
 		request.AddTokenAuth(readToken)
@@ -181,19 +222,21 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		var runner *api.ActionRunner
 		DecodeJSON(t, response, &runner)
 
-		runnerOne := &api.ActionRunner{
-			ID:          655691,
-			UUID:        "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec",
-			Name:        "runner-1-organization",
-			Version:     "dev",
-			OwnerID:     3,
-			RepoID:      0,
-			Description: "A superb runner",
-			Labels:      []string{"debian", "gpu"},
-			Status:      "offline",
-		}
-
 		assert.Equal(t, runnerOne, runner)
+
+		// Instance runner is visible to any organization.
+		request = NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners/655694")
+		request.AddTokenAuth(readToken)
+		response = MakeRequest(t, request, http.StatusOK)
+
+		DecodeJSON(t, response, &runner)
+
+		assert.Equal(t, runnerFour, runner)
+
+		// Runner owned by a user is invisible.
+		request = NewRequest(t, "GET", "/api/v1/orgs/org3/actions/runners/655692")
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusNotFound)
 	})
 
 	t.Run("Get ephemeral runner", func(t *testing.T) {
@@ -204,20 +247,7 @@ func TestAPIOrgActionsRunnerOperations(t *testing.T) {
 		var runner *api.ActionRunner
 		DecodeJSON(t, response, &runner)
 
-		expectedRunner := &api.ActionRunner{
-			ID:          655695,
-			UUID:        "0851ed0a-f0af-4a01-9b98-fc9bf9c1d332",
-			Name:        "runner-5-ephemeral",
-			Version:     "1.0.0",
-			OwnerID:     3,
-			RepoID:      0,
-			Description: "An ephemeral runner",
-			Labels:      []string{"ephemeral-label"},
-			Status:      "offline",
-			Ephemeral:   true,
-		}
-
-		assert.Equal(t, expectedRunner, runner)
+		assert.Equal(t, runnerFive, runner)
 	})
 
 	t.Run("Delete runner", func(t *testing.T) {
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index dfe33379d4..6ff70771ee 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -393,6 +393,63 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
 	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
 
+	runnerOne := &api.ActionRunner{
+		ID:          899251,
+		UUID:        "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec",
+		Name:        "runner-1-repository",
+		Version:     "dev",
+		OwnerID:     0,
+		RepoID:      62,
+		Description: "A superb runner",
+		Labels:      []string{"debian", "gpu"},
+		Status:      "offline",
+	}
+	runnerTwo := &api.ActionRunner{
+		ID:          899252,
+		UUID:        "6d2d13ef-b19f-47a8-85ad-e82e51f606c5",
+		Name:        "runner-2-user",
+		Version:     "11.3.1",
+		OwnerID:     1,
+		RepoID:      0,
+		Description: "A splendid runner",
+		Labels:      []string{"docker"},
+		Status:      "offline",
+	}
+	runnerThree := &api.ActionRunner{
+		ID:          899253,
+		UUID:        "0a7e5e05-2da4-44d5-a72a-615da120cef6",
+		Name:        "runner-3-repository",
+		Version:     "11.3.1",
+		OwnerID:     0,
+		RepoID:      62,
+		Description: "Another fine runner",
+		Labels:      []string{"fedora"},
+		Status:      "offline",
+	}
+	runnerFour := &api.ActionRunner{
+		ID:          899254,
+		UUID:        "6456ac1f-70ec-4e8f-9ab7-bf117ee23d47",
+		Name:        "runner-4-global",
+		Version:     "11.3.1",
+		OwnerID:     0,
+		RepoID:      0,
+		Description: "",
+		Labels:      []string{},
+		Status:      "offline",
+	}
+	runnerFive := &api.ActionRunner{
+		ID:          899255,
+		UUID:        "96639646-67b2-4bcb-9142-fde1ab8498cf",
+		Name:        "runner-5-repository-ephemeral",
+		Version:     "1.0.0",
+		OwnerID:     0,
+		RepoID:      62,
+		Description: "An ephemeral runner",
+		Labels:      []string{"ephemeral-label"},
+		Status:      "offline",
+		Ephemeral:   true,
+	}
+
 	t.Run("Get runners", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners")
 		request.AddTokenAuth(readToken)
@@ -403,41 +460,6 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		var runners []*api.ActionRunner
 		DecodeJSON(t, response, &runners)
 
-		runnerOne := &api.ActionRunner{
-			ID:          899251,
-			UUID:        "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec",
-			Name:        "runner-1-repository",
-			Version:     "dev",
-			OwnerID:     0,
-			RepoID:      62,
-			Description: "A superb runner",
-			Labels:      []string{"debian", "gpu"},
-			Status:      "offline",
-		}
-		runnerThree := &api.ActionRunner{
-			ID:          899253,
-			UUID:        "0a7e5e05-2da4-44d5-a72a-615da120cef6",
-			Name:        "runner-3-repository",
-			Version:     "11.3.1",
-			OwnerID:     0,
-			RepoID:      62,
-			Description: "Another fine runner",
-			Labels:      []string{"fedora"},
-			Status:      "offline",
-		}
-		runnerFive := &api.ActionRunner{
-			ID:          899255,
-			UUID:        "96639646-67b2-4bcb-9142-fde1ab8498cf",
-			Name:        "runner-5-repository-ephemeral",
-			Version:     "1.0.0",
-			OwnerID:     0,
-			RepoID:      62,
-			Description: "An ephemeral runner",
-			Labels:      []string{"ephemeral-label"},
-			Status:      "offline",
-			Ephemeral:   true,
-		}
-
 		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree, runnerFive}, runners)
 	})
 
@@ -454,6 +476,25 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		assert.Len(t, runners, 1)
 	})
 
+	t.Run("Get visible runners", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners?visible=true")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		assert.NotEmpty(t, response.Header().Get("X-Total-Count"))
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		// There are more runners in the result that originate from the global fixtures. The test ignores them to limit
+		// the impact of unrelated changes.
+		assert.Contains(t, runners, runnerOne)
+		assert.NotContains(t, runners, runnerTwo)
+		assert.Contains(t, runners, runnerThree)
+		assert.Contains(t, runners, runnerFour)
+		assert.Contains(t, runners, runnerFive)
+	})
+
 	t.Run("Get runner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners/899251")
 		request.AddTokenAuth(readToken)
@@ -462,19 +503,21 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		var runner *api.ActionRunner
 		DecodeJSON(t, response, &runner)
 
-		runnerOne := &api.ActionRunner{
-			ID:          899251,
-			UUID:        "a3297f3a-ba5c-4a0f-878e-6cc8b8ac79ec",
-			Name:        "runner-1-repository",
-			Version:     "dev",
-			OwnerID:     0,
-			RepoID:      62,
-			Description: "A superb runner",
-			Labels:      []string{"debian", "gpu"},
-			Status:      "offline",
-		}
-
 		assert.Equal(t, runnerOne, runner)
+
+		// Runner of instance is visible
+		request = NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners/899254")
+		request.AddTokenAuth(readToken)
+		response = MakeRequest(t, request, http.StatusOK)
+
+		DecodeJSON(t, response, &runner)
+
+		assert.Equal(t, runnerFour, runner)
+
+		// Runner of user that does not own the repository is invisible
+		request = NewRequest(t, "GET", "/api/v1/repos/user2/test_workflows/actions/runners/899252")
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusNotFound)
 	})
 
 	t.Run("Get ephemeral runner", func(t *testing.T) {
@@ -485,20 +528,7 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		var runner *api.ActionRunner
 		DecodeJSON(t, response, &runner)
 
-		expectedRunner := &api.ActionRunner{
-			ID:          899255,
-			UUID:        "96639646-67b2-4bcb-9142-fde1ab8498cf",
-			Name:        "runner-5-repository-ephemeral",
-			Version:     "1.0.0",
-			OwnerID:     0,
-			RepoID:      62,
-			Description: "An ephemeral runner",
-			Labels:      []string{"ephemeral-label"},
-			Status:      "offline",
-			Ephemeral:   true,
-		}
-
-		assert.Equal(t, expectedRunner, runner)
+		assert.Equal(t, runnerFive, runner)
 	})
 
 	t.Run("Delete runner", func(t *testing.T) {
diff --git a/tests/integration/api_user_actions_test.go b/tests/integration/api_user_actions_test.go
index 304004659c..2718228a36 100644
--- a/tests/integration/api_user_actions_test.go
+++ b/tests/integration/api_user_actions_test.go
@@ -110,6 +110,53 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 	readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser)
 	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
 
+	runnerOne := &api.ActionRunner{
+		ID:          71301,
+		UUID:        "99fc4a58-a25e-4dbe-b6ea-3d55dddcd216",
+		Name:        "runner-1-user",
+		Version:     "dev",
+		OwnerID:     2,
+		RepoID:      0,
+		Description: "A superb runner",
+		Labels:      []string{"debian", "gpu"},
+		Status:      "offline",
+	}
+	runnerThree := &api.ActionRunner{
+		ID:          71303,
+		UUID:        "70bc0da3-35b2-4129-bbc9-4679dfdda4d0",
+		Name:        "runner-3-user",
+		Version:     "11.3.1",
+		OwnerID:     2,
+		RepoID:      0,
+		Description: "Another fine runner",
+		Labels:      []string{"fedora"},
+		Status:      "offline",
+	}
+	runnerFour := &api.ActionRunner{
+		ID:          71304,
+		UUID:        "3873c473-47b8-4559-9fa5-843277419780",
+		Name:        "runner-4-global",
+		Version:     "11.3.1",
+		OwnerID:     0,
+		RepoID:      0,
+		Description: "",
+		Labels:      []string{},
+		Status:      "offline",
+		Ephemeral:   false,
+	}
+	runnerFive := &api.ActionRunner{
+		ID:          71305,
+		UUID:        "3ca04a95-3e75-4e48-8b7a-63427ebcf3b8",
+		Name:        "runner-5-user-ephemeral",
+		Version:     "1.0.0",
+		OwnerID:     2,
+		RepoID:      0,
+		Description: "An ephemeral runner",
+		Labels:      []string{"ephemeral-label"},
+		Status:      "offline",
+		Ephemeral:   true,
+	}
+
 	t.Run("Get runners", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/user/actions/runners")
 		request.AddTokenAuth(readToken)
@@ -120,41 +167,6 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		var runners []*api.ActionRunner
 		DecodeJSON(t, response, &runners)
 
-		runnerOne := &api.ActionRunner{
-			ID:          71301,
-			UUID:        "99fc4a58-a25e-4dbe-b6ea-3d55dddcd216",
-			Name:        "runner-1-user",
-			Version:     "dev",
-			OwnerID:     2,
-			RepoID:      0,
-			Description: "A superb runner",
-			Labels:      []string{"debian", "gpu"},
-			Status:      "offline",
-		}
-		runnerThree := &api.ActionRunner{
-			ID:          71303,
-			UUID:        "70bc0da3-35b2-4129-bbc9-4679dfdda4d0",
-			Name:        "runner-3-user",
-			Version:     "11.3.1",
-			OwnerID:     2,
-			RepoID:      0,
-			Description: "Another fine runner",
-			Labels:      []string{"fedora"},
-			Status:      "offline",
-		}
-		runnerFive := &api.ActionRunner{
-			ID:          71305,
-			UUID:        "3ca04a95-3e75-4e48-8b7a-63427ebcf3b8",
-			Name:        "runner-5-user-ephemeral",
-			Version:     "1.0.0",
-			OwnerID:     2,
-			RepoID:      0,
-			Description: "An ephemeral runner",
-			Labels:      []string{"ephemeral-label"},
-			Status:      "offline",
-			Ephemeral:   true,
-		}
-
 		assert.ElementsMatch(t, []*api.ActionRunner{runnerOne, runnerThree, runnerFive}, runners)
 	})
 
@@ -171,6 +183,22 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		assert.Len(t, runners, 1)
 	})
 
+	t.Run("Get visible runners", func(t *testing.T) {
+		request := NewRequest(t, "GET", "/api/v1/user/actions/runners?visible=true")
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusOK)
+
+		var runners []*api.ActionRunner
+		DecodeJSON(t, response, &runners)
+
+		// There are more runners in the result that originate from the global fixtures. The test ignores them to limit
+		// the impact of unrelated changes.
+		assert.Contains(t, runners, runnerOne)
+		assert.Contains(t, runners, runnerThree)
+		assert.Contains(t, runners, runnerFour)
+		assert.Contains(t, runners, runnerFive)
+	})
+
 	t.Run("Get runner", func(t *testing.T) {
 		request := NewRequest(t, "GET", "/api/v1/user/actions/runners/71303")
 		request.AddTokenAuth(readToken)
@@ -179,19 +207,21 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		var runner *api.ActionRunner
 		DecodeJSON(t, response, &runner)
 
-		runnerThree := &api.ActionRunner{
-			ID:          71303,
-			UUID:        "70bc0da3-35b2-4129-bbc9-4679dfdda4d0",
-			Name:        "runner-3-user",
-			Version:     "11.3.1",
-			OwnerID:     2,
-			RepoID:      0,
-			Description: "Another fine runner",
-			Labels:      []string{"fedora"},
-			Status:      "offline",
-		}
-
 		assert.Equal(t, runnerThree, runner)
+
+		// Runner owned by instance is visible to user.
+		request = NewRequest(t, "GET", "/api/v1/user/actions/runners/71304")
+		request.AddTokenAuth(readToken)
+		response = MakeRequest(t, request, http.StatusOK)
+
+		DecodeJSON(t, response, &runner)
+
+		assert.Equal(t, runnerFour, runner)
+
+		// Runner owned by different user is invisible.
+		request = NewRequest(t, "GET", "/api/v1/user/actions/runners/71302")
+		request.AddTokenAuth(readToken)
+		MakeRequest(t, request, http.StatusNotFound)
 	})
 
 	t.Run("Get ephemeral runner", func(t *testing.T) {
@@ -202,20 +232,7 @@ func TestAPIUserActionsRunnerOperations(t *testing.T) {
 		var runner *api.ActionRunner
 		DecodeJSON(t, response, &runner)
 
-		expectedRunner := &api.ActionRunner{
-			ID:          71305,
-			UUID:        "3ca04a95-3e75-4e48-8b7a-63427ebcf3b8",
-			Name:        "runner-5-user-ephemeral",
-			Version:     "1.0.0",
-			OwnerID:     2,
-			RepoID:      0,
-			Description: "An ephemeral runner",
-			Labels:      []string{"ephemeral-label"},
-			Status:      "offline",
-			Ephemeral:   true,
-		}
-
-		assert.Equal(t, expectedRunner, runner)
+		assert.Equal(t, runnerFive, runner)
 	})
 
 	t.Run("Delete runner", func(t *testing.T) {

From bbf6a957aadc25380608d58afc33bd6fc5d0d510 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 15 Mar 2026 07:27:20 +0100
Subject: [PATCH 505/854] Update dependency @codemirror/view to v6.39.17
 (forgejo) (#11672)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11672
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 804a9a333f..cf5f485934 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -30,7 +30,7 @@
         "@codemirror/language": "6.12.2",
         "@codemirror/search": "6.6.0",
         "@codemirror/state": "6.5.4",
-        "@codemirror/view": "6.39.16",
+        "@codemirror/view": "6.39.17",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.9.4",
@@ -776,9 +776,9 @@
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.39.16",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.16.tgz",
-      "integrity": "sha512-m6S22fFpKtOWhq8HuhzsI1WzUP/hB9THbDj0Tl5KX4gbO6Y91hwBl7Yky33NdvB6IffuRFiBxf1R8kJMyXmA4Q==",
+      "version": "6.39.17",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.17.tgz",
+      "integrity": "sha512-Aim4lFqhbijnchl83RLfABWueSGs1oUCSv0mru91QdhpXQeNKprIdRO9LWA4cYkJvuYTKGJN7++9MXx8XW43ag==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.5.0",
diff --git a/package.json b/package.json
index 168edafc9f..5e57e5bdc0 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "@codemirror/language": "6.12.2",
     "@codemirror/search": "6.6.0",
     "@codemirror/state": "6.5.4",
-    "@codemirror/view": "6.39.16",
+    "@codemirror/view": "6.39.17",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.9.4",

From 1d99ce02421b9c6d03812448976ec50ac1dffd97 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 15 Mar 2026 07:43:33 +0100
Subject: [PATCH 506/854] fix: incorrect DB error handling in 'POST
 /users/{username}/tokens' (#11682)

Came across a coding error from #11504 while working on adding a UI for repo-specific access tokens.  I couldn't find a practical way to test this fix as there are no expected error conditions that will be returned here, just database-level errors, and the `SetFaultInjector` capability in testing is only integrated into unit tests, not integration tests.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11682
Reviewed-by: Cyborus <cyborus@disroot.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 routers/api/v1/user/app.go | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go
index 661f4d4746..2532396dca 100644
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -239,12 +239,9 @@ func CreateAccessToken(ctx *context.APIContext) {
 
 	err = db.WithTx(ctx, func(ctx stdCtx.Context) error {
 		if err := auth_model.NewAccessToken(ctx, t); err != nil {
-			return nil
+			return err
 		}
-		if err := auth_model.InsertAccessTokenResourceRepos(ctx, t.ID, resourceRepos); err != nil {
-			return nil
-		}
-		return nil
+		return auth_model.InsertAccessTokenResourceRepos(ctx, t.ID, resourceRepos)
 	})
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "NewAccessToken", err)

From a480324595cb53bb77f2a1830587156e08f3c497 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Sun, 15 Mar 2026 15:09:43 +0100
Subject: [PATCH 507/854] fix(i18n): reuse string for repository access, fix
 capitalization consistency (#11683)

Followup to https://codeberg.org/forgejo/forgejo/pulls/11604

These strings are used in similar contexts and can be reused. Fixed capitalization consistency (`specific_repo_access` inherited capitalization from `repo_and_org_access` which was nearby in the UI)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11683
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 options/locale/locale_en-US.ini       |  3 +--
 options/locale_next/locale_en-US.json |  2 +-
 templates/org/team/new.tmpl           |  2 +-
 templates/org/team/sidebar.tmpl       |  2 +-
 tests/integration/user_test.go        | 11 +++++++----
 5 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 6e6f8a81cf..6ec0ba978c 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -925,7 +925,7 @@ regenerate_token = Regenerate
 access_token_regeneration = Regenerate access token
 access_token_regeneration_desc = Regenerating a token will revoke access to your account for applications using it. This cannot be undone. Continue?
 regenerate_token_success = The token has been regenerated. Applications that use it no longer have access to your account and must be updated with the new token.
-repo_and_org_access = Repository and Organization Access
+repo_and_org_access = Repository and organization access
 permissions_public_only = Public only
 permissions_access_all = All (public, private, and limited)
 select_permissions = Select permissions
@@ -2824,7 +2824,6 @@ team_name = Team name
 team_desc = Description
 team_name_helper = Team names should be short and memorable.
 team_desc_helper = Describe the purpose or role of the team.
-team_access_desc = Repository access
 team_permission_desc = Permission
 team_unit_desc = Allow access to repository sections
 team_unit_disabled = (Disabled)
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 78aac13010..8e2a340372 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -191,7 +191,7 @@
 	"settings.twofa_reenroll": "Re-enroll two-factor authentication",
 	"settings.twofa_reenroll.description": "Re-enroll your two-factor authentication",
 	"settings.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts.",
-	"settings.specific_repo_access": "Repository Access",
+	"settings.specific_repo_access": "Repository access",
 	"error.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts. Enable it at: %s",
 	"avatar.constraints_hint": "Custom avatar may not exceed %[1]s in size or be larger than %[2]dx%[3]d pixels",
 	"user.ghost.tooltip": "This user has been deleted, or cannot be matched.",
diff --git a/templates/org/team/new.tmpl b/templates/org/team/new.tmpl
index a5ebef0edd..96cc9536c9 100644
--- a/templates/org/team/new.tmpl
+++ b/templates/org/team/new.tmpl
@@ -25,7 +25,7 @@
 						</div>
 						{{if not (eq .Team.LowerName "owners")}}
 							<fieldset>
-								<legend>{{ctx.Locale.Tr "org.team_access_desc"}}</legend>
+								<legend>{{ctx.Locale.Tr "settings.specific_repo_access"}}</legend>
 								<label>
 									<input type="radio" name="repo_access" value="specific" {{if not .Team.IncludesAllRepositories}}checked{{end}}>
 									{{ctx.Locale.Tr "org.teams.specific_repositories"}}
diff --git a/templates/org/team/sidebar.tmpl b/templates/org/team/sidebar.tmpl
index 302827003f..99136089dd 100644
--- a/templates/org/team/sidebar.tmpl
+++ b/templates/org/team/sidebar.tmpl
@@ -30,7 +30,7 @@
 			</div>
 		{{else}}
 			<div class="item">
-				<h3>{{ctx.Locale.Tr "org.team_access_desc"}}</h3>
+				<h3>{{ctx.Locale.Tr "settings.specific_repo_access"}}</h3>
 				<ul>
 					{{if .Team.IncludesAllRepositories}}
 						<li>{{ctx.Locale.Tr "org.teams.all_repositories"}}</li>
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index 4c8e7c9458..90a4a00029 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -284,14 +284,17 @@ func TestAccessTokenRegenerate(t *testing.T) {
 func TestAccessTokenResourceRepos(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
+	locale := translation.NewLocale("en-US")
+	repoAccess := locale.TrString("settings.specific_repo_access") + ":"
+
 	session := loginUser(t, "user2")
 
-	// Before creating a repo-specific access token, we shouldn't have the "Repository Access:" list in the personal
+	// Before creating a repo-specific access token, we shouldn't have the "Repository access:" list in the personal
 	// access token page:
 	req := NewRequest(t, "GET", "/user/settings/applications")
 	resp := session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc := NewHTMLParser(t, resp.Body)
-	htmlDoc.AssertSelection(t, htmlDoc.FindByText(".user-setting-content p", "Repository Access:"), false)
+	htmlDoc.AssertSelection(t, htmlDoc.FindByText(".user-setting-content p", repoAccess), false)
 
 	// Then we create a repo-specific access token.  We give it access to two repos, user2/repo2, but also user30/empty,
 	// a private repo owned by someone else...  We'll pretend user2 used to be a collaborator on this repo and
@@ -301,11 +304,11 @@ func TestAccessTokenResourceRepos(t *testing.T) {
 		[]int64{2, 52},
 	)
 
-	// Now we have "Repository Access:"...
+	// Now we have "Repository access:"...
 	req = NewRequest(t, "GET", "/user/settings/applications")
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	htmlDoc = NewHTMLParser(t, resp.Body)
-	htmlDoc.AssertSelection(t, htmlDoc.FindByText(".user-setting-content p", "Repository Access:"), true)
+	htmlDoc.AssertSelection(t, htmlDoc.FindByText(".user-setting-content p", repoAccess), true)
 	htmlDoc.AssertSelection(t, htmlDoc.FindByText(".user-setting-content a", "user2/repo2"), true)   // link to repo
 	htmlDoc.AssertSelection(t, htmlDoc.FindByText(".user-setting-content a", "user30/empty"), false) // missing - user2 has no visibility
 }

From 8fed6bcc9b472b2064bea7cd7fd4ecc66ca42595 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sun, 15 Mar 2026 15:18:48 +0100
Subject: [PATCH 508/854] fix: add challenge for HTTP Basic Authentication to
 container registry (#11678)

After the [first attempt](https://codeberg.org/forgejo/forgejo/pulls/11393) to introduce a separate challenge for HTTP Basic Authentication failed and had to be [backed out](https://codeberg.org/forgejo/forgejo/pulls/11616) because two challenges in a single header field were not widely supported, we're trying it again. This time a second header `WWW-Authenticate` header is emitted.

Example:

```
$ curl -v -u andreas --basic http://192.168.178.62:3000/v2
Enter host password for user 'andreas':
*   Trying 192.168.178.62:3000...
* Connected to 192.168.178.62 (192.168.178.62) port 3000
* using HTTP/1.x
* Server auth using Basic with user 'andreas'
> GET /v2 HTTP/1.1
> Host: 192.168.178.62:3000
> Authorization: Basic *****
> User-Agent: curl/8.15.0
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 401 Unauthorized
< Content-Length: 50
< Content-Type: application/json
< Docker-Distribution-Api-Version: registry/2.0
< Www-Authenticate: Bearer realm="http://192.168.178.62:3000/v2/token",service="container_registry",scope="*"
* Basic authentication problem, ignoring.
< Www-Authenticate: Basic realm="Forgejo Container Registry"
< Date: Sat, 14 Mar 2026 15:09:50 GMT
<
{"errors":[{"code":"UNAUTHORIZED","message":""}]}
```

Tested with Docker 29.1.3, Podman 5.8.0, and Apple container 0.9.0.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11678
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 routers/api/packages/container/container.go                  | 3 ++-
 .../api_packages_container_cleanup_sha256_test.go            | 5 ++++-
 tests/integration/api_packages_container_test.go             | 5 ++++-
 3 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go
index 6781f511c8..f79bea2c84 100644
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@@ -118,7 +118,8 @@ func apiErrorDefined(ctx *context.Context, err *container_service.NamedError) {
 func APIUnauthorizedError(ctx *context.Context) {
 	// Do not include more than one challenge in the same header field. That breaks clients even though the HTTP RFC
 	// allows it.
-	ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)
+	ctx.Resp.Header().Add("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)
+	ctx.Resp.Header().Add("WWW-Authenticate", `Basic realm="Forgejo Container Registry"`)
 	apiErrorDefined(ctx, container_service.ErrUnauthorized)
 }
 
diff --git a/tests/integration/api_packages_container_cleanup_sha256_test.go b/tests/integration/api_packages_container_cleanup_sha256_test.go
index 19b73f7698..50106e6834 100644
--- a/tests/integration/api_packages_container_cleanup_sha256_test.go
+++ b/tests/integration/api_packages_container_cleanup_sha256_test.go
@@ -63,7 +63,10 @@ func TestPackageContainerCleanupSHA256(t *testing.T) {
 			Token string `json:"token"`
 		}
 
-		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
+		authenticate := []string{
+			`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
+			`Basic realm="Forgejo Container Registry"`,
+		}
 
 		t.Run("User", func(t *testing.T) {
 			req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go
index 21420bb0d8..75b703941a 100644
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -91,7 +91,10 @@ func TestPackageContainer(t *testing.T) {
 			Token string `json:"token"`
 		}
 
-		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
+		authenticate := []string{
+			`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
+			`Basic realm="Forgejo Container Registry"`,
+		}
 
 		t.Run("Anonymous", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()

From fd750f39b666c1103694511b88fb86163095df68 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Sun, 15 Mar 2026 15:29:01 +0100
Subject: [PATCH 509/854] fix(ui): improve consistency in new runner management
 pages (#11675)

Followup to https://codeberg.org/forgejo/forgejo/pulls/11516 which I didn't have time to review. Some consistency fixes.

Haven't done anything with the [actions in the table](https://codeberg.org/attachments/5a7eb4f2-c45c-4189-b952-ca4cd4085eb5) but something will need to be done. Like an ellipsis menu.

## Preview

![1](/attachments/a894648b-51e0-4706-9a83-338868a24970)

![2](/attachments/a8b3dc47-49fc-42d6-a353-a3b2963414d2)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11675
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 templates/shared/actions/runner_create.tmpl | 6 +++---
 templates/shared/actions/runner_edit.tmpl   | 6 +++---
 templates/shared/actions/runner_list.tmpl   | 2 +-
 web_src/css/actions.css                     | 6 ------
 4 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/templates/shared/actions/runner_create.tmpl b/templates/shared/actions/runner_create.tmpl
index 9ee7bedde8..d34b82cb97 100644
--- a/templates/shared/actions/runner_create.tmpl
+++ b/templates/shared/actions/runner_create.tmpl
@@ -14,9 +14,9 @@
 				<textarea id="description" name="runner_description"{{if .Err_RunnerDescription}} class="error"{{end}}>{{.Runner.Description}}</textarea>
 			</div>
 		</fieldset>
-		<div class="form-buttons">
-			<a class="ui secondary button" href="{{$.RunnersListLink}}">{{ctx.Locale.Tr "actions.runners.create_runner.cancel_button"}}</a>
-			<button class="ui primary button">{{ctx.Locale.Tr "actions.runners.create_runner.create_button"}}</button>
+		<div class="button-sequence">
+			<button class="primary button">{{ctx.Locale.Tr "actions.runners.create_runner.create_button"}}</button>
+			<a class="secondary button" href="{{$.RunnersListLink}}">{{ctx.Locale.Tr "actions.runners.create_runner.cancel_button"}}</a>
 		</div>
 	</form>
 </div>
diff --git a/templates/shared/actions/runner_edit.tmpl b/templates/shared/actions/runner_edit.tmpl
index 749a85a6a3..cd693abd75 100644
--- a/templates/shared/actions/runner_edit.tmpl
+++ b/templates/shared/actions/runner_edit.tmpl
@@ -26,9 +26,9 @@
 				</div>
 			</div>
 		</fieldset>
-		<div class="form-buttons">
-			<a class="ui secondary button" href="{{$.RunnersListLink}}">{{ctx.Locale.Tr "actions.runners.edit_runner.cancel_button"}}</a>
-			<button class="ui primary button">{{ctx.Locale.Tr "actions.runners.edit_runner.save_button"}}</button>
+		<div class="button-sequence">
+			<button class="primary button">{{ctx.Locale.Tr "actions.runners.edit_runner.save_button"}}</button>
+			<a class="secondary button" href="{{$.RunnersListLink}}">{{ctx.Locale.Tr "actions.runners.edit_runner.cancel_button"}}</a>
 		</div>
 	</form>
 </div>
diff --git a/templates/shared/actions/runner_list.tmpl b/templates/shared/actions/runner_list.tmpl
index e40aaaff3e..88c354b7cf 100644
--- a/templates/shared/actions/runner_list.tmpl
+++ b/templates/shared/actions/runner_list.tmpl
@@ -4,7 +4,7 @@
 		{{ctx.Locale.Tr "actions.runners.runner_manage_panel"}} ({{ctx.Locale.Tr "admin.total" .Total}})
 		<div class="ui right">
 			<div class="ui top right pointing dropdown">
-				<button class="ui secondary tiny button">
+				<button class="ui basic tiny button">
 					{{ctx.Locale.Tr "actions.runners.show_registration_token"}}
 					{{svg "octicon-triangle-down" 14 "dropdown icon"}}
 				</button>
diff --git a/web_src/css/actions.css b/web_src/css/actions.css
index 03e548be4a..cb96bdeac6 100644
--- a/web_src/css/actions.css
+++ b/web_src/css/actions.css
@@ -105,12 +105,6 @@
   margin-block: 1rem !important;
 }
 
-.runner-container form .form-buttons {
-  display: flex;
-  justify-content: flex-end;
-  column-gap: 1.5rem;
-}
-
 .runner-container pre {
   color: var(--color-console-fg);
   background-color: var(--color-console-bg);

From dda03a2bc6e878451f029660029b4d600eb7e58d Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 16 Mar 2026 01:03:30 +0100
Subject: [PATCH 510/854] Update CodeMirror (forgejo) (#11693)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11693
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 28 ++++++++++++++--------------
 package.json      |  6 +++---
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index cf5f485934..0427fa7bc2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
         "@citation-js/plugin-bibtex": "0.7.21",
         "@citation-js/plugin-software-formats": "0.6.2",
         "@codemirror/autocomplete": "6.20.1",
-        "@codemirror/commands": "6.10.2",
+        "@codemirror/commands": "6.10.3",
         "@codemirror/lang-cpp": "6.0.3",
         "@codemirror/lang-css": "6.3.1",
         "@codemirror/lang-go": "6.0.1",
@@ -29,8 +29,8 @@
         "@codemirror/lang-yaml": "6.1.2",
         "@codemirror/language": "6.12.2",
         "@codemirror/search": "6.6.0",
-        "@codemirror/state": "6.5.4",
-        "@codemirror/view": "6.39.17",
+        "@codemirror/state": "6.6.0",
+        "@codemirror/view": "6.40.0",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.9.4",
@@ -509,13 +509,13 @@
       }
     },
     "node_modules/@codemirror/commands": {
-      "version": "6.10.2",
-      "resolved": "https://registry.npmjs.org/@codemirror/commands/-/commands-6.10.2.tgz",
-      "integrity": "sha512-vvX1fsih9HledO1c9zdotZYUZnE4xV0m6i3m25s5DIfXofuprk6cRcLUZvSk3CASUbwjQX21tOGbkY2BH8TpnQ==",
+      "version": "6.10.3",
+      "resolved": "https://registry.npmjs.org/@codemirror/commands/-/commands-6.10.3.tgz",
+      "integrity": "sha512-JFRiqhKu+bvSkDLI+rUhJwSxQxYb759W5GBezE8Uc8mHLqC9aV/9aTC7yJSqCtB3F00pylrLCwnyS91Ap5ej4Q==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/language": "^6.0.0",
-        "@codemirror/state": "^6.4.0",
+        "@codemirror/state": "^6.6.0",
         "@codemirror/view": "^6.27.0",
         "@lezer/common": "^1.1.0"
       }
@@ -767,21 +767,21 @@
       }
     },
     "node_modules/@codemirror/state": {
-      "version": "6.5.4",
-      "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.5.4.tgz",
-      "integrity": "sha512-8y7xqG/hpB53l25CIoit9/ngxdfoG+fx+V3SHBrinnhOtLvKHRyAJJuHzkWrR4YXXLX8eXBsejgAAxHUOdW1yw==",
+      "version": "6.6.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.6.0.tgz",
+      "integrity": "sha512-4nbvra5R5EtiCzr9BTHiTLc+MLXK2QGiAVYMyi8PkQd3SR+6ixar/Q/01Fa21TBIDOZXgeWV4WppsQolSreAPQ==",
       "license": "MIT",
       "dependencies": {
         "@marijn/find-cluster-break": "^1.0.0"
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.39.17",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.39.17.tgz",
-      "integrity": "sha512-Aim4lFqhbijnchl83RLfABWueSGs1oUCSv0mru91QdhpXQeNKprIdRO9LWA4cYkJvuYTKGJN7++9MXx8XW43ag==",
+      "version": "6.40.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.40.0.tgz",
+      "integrity": "sha512-WA0zdU7xfF10+5I3HhUUq3kqOx3KjqmtQ9lqZjfK7jtYk4G72YW9rezcSywpaUMCWOMlq+6E0pO1IWg1TNIhtg==",
       "license": "MIT",
       "dependencies": {
-        "@codemirror/state": "^6.5.0",
+        "@codemirror/state": "^6.6.0",
         "crelt": "^1.0.6",
         "style-mod": "^4.1.0",
         "w3c-keyname": "^2.2.4"
diff --git a/package.json b/package.json
index 5e57e5bdc0..1456e0e122 100644
--- a/package.json
+++ b/package.json
@@ -9,7 +9,7 @@
     "@citation-js/plugin-bibtex": "0.7.21",
     "@citation-js/plugin-software-formats": "0.6.2",
     "@codemirror/autocomplete": "6.20.1",
-    "@codemirror/commands": "6.10.2",
+    "@codemirror/commands": "6.10.3",
     "@codemirror/lang-cpp": "6.0.3",
     "@codemirror/lang-css": "6.3.1",
     "@codemirror/lang-go": "6.0.1",
@@ -28,8 +28,8 @@
     "@codemirror/lang-yaml": "6.1.2",
     "@codemirror/language": "6.12.2",
     "@codemirror/search": "6.6.0",
-    "@codemirror/state": "6.5.4",
-    "@codemirror/view": "6.39.17",
+    "@codemirror/state": "6.6.0",
+    "@codemirror/view": "6.40.0",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.9.4",

From fab13475113a63e73a4843cf55d5db241911c6dd Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 16 Mar 2026 02:29:07 +0100
Subject: [PATCH 511/854] Update module
 github.com/go-swagger/go-swagger/cmd/swagger to v0.33.2 (forgejo) (#11695)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11695
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 5376016d96..f8d4c1ff11 100644
--- a/Makefile
+++ b/Makefile
@@ -41,7 +41,7 @@ EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-che
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.9.2 # renovate: datasource=go
 GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.10.1 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.15 # renovate: datasource=go
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.1 # renovate: datasource=go
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.2 # renovate: datasource=go
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go

From bfeec16d81d6c9cf82c7bd3768ee0154c38977cc Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 16 Mar 2026 03:15:14 +0100
Subject: [PATCH 512/854] Update dependency @google/model-viewer to v4.2.0
 (forgejo) (#11697)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11697
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 16 ++++++++--------
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 0427fa7bc2..5b0c9cef1a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -34,7 +34,7 @@
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.9.4",
-        "@google/model-viewer": "4.1.0",
+        "@google/model-viewer": "4.2.0",
         "@lezer/highlight": "1.2.3",
         "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
         "@primer/octicons": "19.14.0",
@@ -1652,9 +1652,9 @@
       }
     },
     "node_modules/@google/model-viewer": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/@google/model-viewer/-/model-viewer-4.1.0.tgz",
-      "integrity": "sha512-7WB/jS6wfBfRl/tWhsUUvDMKFE1KlKME97coDLlZQfvJD0nCwjhES1lJ+k7wnmf7T3zMvCfn9mIjM/mgZapuig==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/@google/model-viewer/-/model-viewer-4.2.0.tgz",
+      "integrity": "sha512-RjpAI5cLs9CdvPcMRsOs8Bea/lNmGTTyaPyl16o9Fv6Qn8VSpgBMmXFr/11yb0hTrsojp2dOACEcY77R8hVUVA==",
       "license": "Apache-2.0",
       "dependencies": {
         "@monogrid/gainmap-js": "^3.1.0",
@@ -1664,7 +1664,7 @@
         "node": ">=6.0.0"
       },
       "peerDependencies": {
-        "three": "^0.172.0"
+        "three": "^0.182.0"
       }
     },
     "node_modules/@humanfs/core": {
@@ -14812,9 +14812,9 @@
       }
     },
     "node_modules/three": {
-      "version": "0.172.0",
-      "resolved": "https://registry.npmjs.org/three/-/three-0.172.0.tgz",
-      "integrity": "sha512-6HMgMlzU97MsV7D/tY8Va38b83kz8YJX+BefKjspMNAv0Vx6dxMogHOrnRl/sbMIs3BPUKijPqDqJ/+UwJbIow==",
+      "version": "0.182.0",
+      "resolved": "https://registry.npmjs.org/three/-/three-0.182.0.tgz",
+      "integrity": "sha512-GbHabT+Irv+ihI1/f5kIIsZ+Ef9Sl5A1Y7imvS5RQjWgtTPfPnZ43JmlYI7NtCRDK9zir20lQpfg8/9Yd02OvQ==",
       "license": "MIT",
       "peer": true
     },
diff --git a/package.json b/package.json
index 1456e0e122..c6d9c0fff2 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.9.4",
-    "@google/model-viewer": "4.1.0",
+    "@google/model-viewer": "4.2.0",
     "@lezer/highlight": "1.2.3",
     "@mcaptcha/vanilla-glue": "0.1.0-alpha-3",
     "@primer/octicons": "19.14.0",

From 61fe3bb8ff0ef8f8ea60fcb973b0703e076abadd Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 16 Mar 2026 04:38:49 +0100
Subject: [PATCH 513/854] Update renovate Docker tag to v43.76.1 (forgejo)
 (#11692)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index f8d4c1ff11..16e97a1a5e 100644
--- a/Makefile
+++ b/Makefile
@@ -48,7 +48,7 @@ GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasour
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.42.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.10 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.31.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.76.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From a32b0da87c10bb628a9d2203b700f0683e1ae966 Mon Sep 17 00:00:00 2001
From: Shiny Nematoda <snematoda.751k2@aleeas.com>
Date: Mon, 16 Mar 2026 16:48:11 +0100
Subject: [PATCH 514/854] test: attempt to fix flaky TestBleveDeleteIssue
 (#11686)

Wait till the indexer has been fully initialized

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11686
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
---
 modules/indexer/issues/indexer.go      | 7 ++++++-
 modules/indexer/issues/indexer_test.go | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/modules/indexer/issues/indexer.go b/modules/indexer/issues/indexer.go
index 81ffcaaf5d..2f70cf7a69 100644
--- a/modules/indexer/issues/indexer.go
+++ b/modules/indexer/issues/indexer.go
@@ -61,10 +61,12 @@ func init() {
 
 // InitIssueIndexer initialize issue indexer, syncReindex is true then reindex until
 // all issue index done.
-func InitIssueIndexer(syncReindex bool) {
+// The return value is a done channel that signals that the indexer can be safely used.
+func InitIssueIndexer(syncReindex bool) <-chan struct{} {
 	ctx, _, finished := process.GetManager().AddTypedContext(context.Background(), "Service: IssueIndexer", process.SystemProcessType, false)
 
 	indexerInitWaitChannel := make(chan time.Duration, 1)
+	done := make(chan struct{}, 1)
 
 	// Create the Queue
 	issueIndexerQueue = queue.CreateUniqueQueue(ctx, "issue_indexer", getIssueIndexerQueueHandler(ctx))
@@ -136,6 +138,7 @@ func InitIssueIndexer(syncReindex bool) {
 
 		indexerInitWaitChannel <- time.Since(start)
 		close(indexerInitWaitChannel)
+		close(done)
 	}()
 
 	if syncReindex {
@@ -163,6 +166,8 @@ func InitIssueIndexer(syncReindex bool) {
 			}
 		}()
 	}
+
+	return done
 }
 
 func getIssueIndexerQueueHandler(ctx context.Context) func(items ...*IndexerMetadata) []*IndexerMetadata {
diff --git a/modules/indexer/issues/indexer_test.go b/modules/indexer/issues/indexer_test.go
index 2d7aa71236..60c46d9a2c 100644
--- a/modules/indexer/issues/indexer_test.go
+++ b/modules/indexer/issues/indexer_test.go
@@ -30,7 +30,7 @@ func TestDBSearchIssues(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
 	defer test.MockVariableValue(&setting.Indexer.IssueType, "db")()
-	InitIssueIndexer(true)
+	<-InitIssueIndexer(true)
 
 	t.Run("search issues with keyword", searchIssueWithKeyword)
 	t.Run("search issues in repo", searchIssueInRepo)
@@ -426,7 +426,7 @@ func TestBleveDeleteIssue(t *testing.T) {
 	tmp := t.TempDir()
 	defer test.MockVariableValue(&setting.Indexer.IssuePath, filepath.Join(tmp, "indexers/issues.bleve"))()
 	defer test.MockVariableValue(&setting.Indexer.IssueType, "bleve")()
-	InitIssueIndexer(false)
+	<-InitIssueIndexer(false)
 
 	ctx := t.Context()
 	issue := unittest.AssertExistsAndLoadBean(t, &issues.Issue{ID: 1})

From 120f97a914ea939afc55ab048ce6a44069602a17 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Tue, 17 Mar 2026 02:58:34 +0100
Subject: [PATCH 515/854] feat: expose attempt number of ActionRunJob in HTTP
 API (#11687)

Expose the attempt number of `ActionRunJob` in the HTTP API. It is required to uniquely identify a job run.

Example:

```
$ curl -u andreas --basic http://192.168.178.62:3000/api/v1/repos/andreas/test/actions/runners/jobs
```
```json
[{"id":63,"attempt":2,"repo_id":1,"owner_id":1,"name":"test","needs":null,"runs_on":["debian"],"task_id":0,"status":"waiting"}]
```

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11687
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 modules/structs/action.go                   |  4 +++-
 routers/api/v1/shared/runners.go            |  1 +
 templates/swagger/v1_json.tmpl              |  8 +++++++-
 tests/integration/api_admin_actions_test.go | 15 +++++++++++++--
 tests/integration/api_org_actions_test.go   | 17 +++++++++++++----
 tests/integration/api_repo_actions_test.go  | 16 +++++++++++++---
 tests/integration/api_user_actions_test.go  | 16 +++++++++++++---
 7 files changed, 63 insertions(+), 14 deletions(-)

diff --git a/modules/structs/action.go b/modules/structs/action.go
index f47b228d75..93aab4206c 100644
--- a/modules/structs/action.go
+++ b/modules/structs/action.go
@@ -10,8 +10,10 @@ import (
 // ActionRunJob represents a job of a run
 // swagger:model
 type ActionRunJob struct {
-	// the action run job id
+	// Identifier of this job.
 	ID int64 `json:"id"`
+	// How many times the job has been attempted including the current attempt.
+	Attempt int64 `json:"attempt"`
 	// the repository id
 	RepoID int64 `json:"repo_id"`
 	// the owner id
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index de54339f6b..7a5c363f13 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -76,6 +76,7 @@ func fromRunJobModelToResponse(job []*actions_model.ActionRunJob, labels []strin
 		if len(labels) == 0 || labels[0] == "" && len(job[i].RunsOn) == 0 || job[i].ItRunsOn(labels) {
 			res = append(res, &structs.ActionRunJob{
 				ID:      job[i].ID,
+				Attempt: job[i].Attempt,
 				RepoID:  job[i].RepoID,
 				OwnerID: job[i].OwnerID,
 				Name:    job[i].Name,
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 9b5611a083..efa8b939f5 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -22377,8 +22377,14 @@
       "description": "ActionRunJob represents a job of a run",
       "type": "object",
       "properties": {
+        "attempt": {
+          "description": "How many times the job has been attempted including the current attempt.",
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "Attempt"
+        },
         "id": {
-          "description": "the action run job id",
+          "description": "Identifier of this job.",
           "type": "integer",
           "format": "int64",
           "x-go-name": "ID"
diff --git a/tests/integration/api_admin_actions_test.go b/tests/integration/api_admin_actions_test.go
index bf0f6fd579..5f71a41c83 100644
--- a/tests/integration/api_admin_actions_test.go
+++ b/tests/integration/api_admin_actions_test.go
@@ -44,8 +44,19 @@ func TestAPIAdminActionsGetJobs(t *testing.T) {
 		var jobs []*api.ActionRunJob
 		DecodeJSON(t, res, &jobs)
 
-		assert.Len(t, jobs, 1)
-		assert.Equal(t, job393.ID, jobs[0].ID)
+		expected := api.ActionRunJob{
+			ID:      393,
+			Attempt: 1,
+			RepoID:  1,
+			OwnerID: 1,
+			Name:    "job_2",
+			Needs:   nil,
+			RunsOn:  []string{"ubuntu-latest"},
+			TaskID:  47,
+			Status:  "waiting",
+		}
+
+		assert.ElementsMatch(t, []*api.ActionRunJob{&expected}, jobs)
 	})
 
 	t.Run("jobs-without-labels", func(t *testing.T) {
diff --git a/tests/integration/api_org_actions_test.go b/tests/integration/api_org_actions_test.go
index ec5326c35b..1d71f02d83 100644
--- a/tests/integration/api_org_actions_test.go
+++ b/tests/integration/api_org_actions_test.go
@@ -27,8 +27,6 @@ func TestActionsAPISearchActionJobs_OrgRunner(t *testing.T) {
 	session := loginUser(t, "user1")
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
 
-	job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 395})
-
 	req := NewRequest(t, "GET",
 		fmt.Sprintf("/api/v1/orgs/org3/actions/runners/jobs?labels=%s", "fedora")).
 		AddTokenAuth(token)
@@ -37,8 +35,19 @@ func TestActionsAPISearchActionJobs_OrgRunner(t *testing.T) {
 	var jobs []*api.ActionRunJob
 	DecodeJSON(t, res, &jobs)
 
-	assert.Len(t, jobs, 1)
-	assert.Equal(t, job.ID, jobs[0].ID)
+	job395 := api.ActionRunJob{
+		ID:      395,
+		Attempt: 1,
+		RepoID:  1,
+		OwnerID: 3,
+		Name:    "job_2",
+		Needs:   nil,
+		RunsOn:  []string{"fedora"},
+		TaskID:  47,
+		Status:  "waiting",
+	}
+
+	assert.ElementsMatch(t, []*api.ActionRunJob{&job395}, jobs)
 }
 
 func TestActionsAPISearchActionJobs_OrgRunnerAllPendingJobsWithoutLabels(t *testing.T) {
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index 6ff70771ee..c3808c2058 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -36,7 +36,6 @@ func TestActionsAPISearchActionJobs_RepoRunner(t *testing.T) {
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 	token := getUserToken(t, user2.LowerName, auth_model.AccessTokenScopeWriteRepository)
-	job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 393})
 
 	req := NewRequestf(
 		t,
@@ -50,8 +49,19 @@ func TestActionsAPISearchActionJobs_RepoRunner(t *testing.T) {
 	var jobs []*api.ActionRunJob
 	DecodeJSON(t, res, &jobs)
 
-	assert.Len(t, jobs, 1)
-	assert.Equal(t, job.ID, jobs[0].ID)
+	job393 := api.ActionRunJob{
+		ID:      393,
+		Attempt: 1,
+		RepoID:  1,
+		OwnerID: 1,
+		Name:    "job_2",
+		Needs:   nil,
+		RunsOn:  []string{"ubuntu-latest"},
+		TaskID:  47,
+		Status:  "waiting",
+	}
+
+	assert.ElementsMatch(t, []*api.ActionRunJob{&job393}, jobs)
 }
 
 func TestActionsAPISearchActionJobs_RepoRunnerAllPendingJobsWithoutLabels(t *testing.T) {
diff --git a/tests/integration/api_user_actions_test.go b/tests/integration/api_user_actions_test.go
index 2718228a36..2e22686bea 100644
--- a/tests/integration/api_user_actions_test.go
+++ b/tests/integration/api_user_actions_test.go
@@ -27,7 +27,6 @@ func TestActionsAPISearchActionJobs_UserRunner(t *testing.T) {
 	normalUsername := "user2"
 	session := loginUser(t, normalUsername)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
-	job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 394})
 
 	req := NewRequest(t, "GET",
 		fmt.Sprintf("/api/v1/user/actions/runners/jobs?labels=%s", "debian-latest")).
@@ -37,8 +36,19 @@ func TestActionsAPISearchActionJobs_UserRunner(t *testing.T) {
 	var jobs []*api.ActionRunJob
 	DecodeJSON(t, res, &jobs)
 
-	assert.Len(t, jobs, 1)
-	assert.Equal(t, job.ID, jobs[0].ID)
+	job394 := api.ActionRunJob{
+		ID:      394,
+		Attempt: 2,
+		RepoID:  1,
+		OwnerID: 2,
+		Name:    "job_2",
+		Needs:   nil,
+		RunsOn:  []string{"debian-latest"},
+		TaskID:  47,
+		Status:  "waiting",
+	}
+
+	assert.ElementsMatch(t, []*api.ActionRunJob{&job394}, jobs)
 }
 
 func TestActionsAPISearchActionJobs_UserRunnerAllPendingJobsWithoutLabels(t *testing.T) {

From d8534ba123a938b915a5712f511a095f8caa782a Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Tue, 17 Mar 2026 03:02:09 +0100
Subject: [PATCH 516/854] feat: scope-specific headings for list of recent
 tasks (#11690)

As requested in https://codeberg.org/forgejo/forgejo/pulls/11516#issuecomment-11430034, the headings of the list of recent tasks that were executed on a particular runner now indicate that only tasks are listed that originated in the current scope.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11690
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 options/locale_next/locale_en-US.json         |   5 +-
 routers/web/repo/setting/runners.go           | 261 ---------------
 routers/web/shared/actions/runners.go         | 299 +++++++++++++++---
 routers/web/shared/actions/runners_test.go    |  48 ---
 routers/web/web.go                            |  19 +-
 templates/shared/actions/runner_details.tmpl  |  10 +-
 .../runner-management/action_task.yml         | 248 +++++++++++++++
 tests/e2e/runner-management.test.e2e.ts       |  40 ++-
 8 files changed, 556 insertions(+), 374 deletions(-)
 delete mode 100644 routers/web/repo/setting/runners.go
 delete mode 100644 routers/web/shared/actions/runners_test.go

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 8e2a340372..bb4767f461 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -442,7 +442,10 @@
 	"actions.runners.runner_title": "Runner %s",
 	"actions.runners.ephemeral.yes": "yes",
 	"actions.runners.ephemeral.no": "no",
-	"actions.runners.task_list": "Recent tasks on this runner",
+	"actions.runners.task_list_repo": "Recent tasks of this repository on this runner",
+	"actions.runners.task_list_org": "Recent tasks on this runner within this organization",
+	"actions.runners.task_list_admin": "Recent tasks on this runner",
+	"actions.runners.task_list_user": "Recent tasks of this user on this runner",
 	"actions.runners.task_list.no_tasks": "There are no tasks yet.",
 	"actions.runners.task_list.run": "Run",
 	"actions.runners.task_list.status": "Status",
diff --git a/routers/web/repo/setting/runners.go b/routers/web/repo/setting/runners.go
deleted file mode 100644
index 70f8c99c6e..0000000000
--- a/routers/web/repo/setting/runners.go
+++ /dev/null
@@ -1,261 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package setting
-
-import (
-	"errors"
-	"fmt"
-	"net/url"
-
-	actions_model "forgejo.org/models/actions"
-	"forgejo.org/models/db"
-	"forgejo.org/modules/base"
-	"forgejo.org/modules/setting"
-	actions_shared "forgejo.org/routers/web/shared/actions"
-	shared_user "forgejo.org/routers/web/shared/user"
-	"forgejo.org/services/context"
-)
-
-const (
-	tplAdminRunnerCreate  base.TplName = "admin/runners/create"
-	tplAdminRunnerDetails base.TplName = "admin/runners/details"
-	tplAdminRunnerEdit    base.TplName = "admin/runners/edit"
-	tplAdminRunnerSetup   base.TplName = "admin/runners/setup"
-	tplAdminRunners       base.TplName = "admin/actions"
-	tplOrgRunnerCreate    base.TplName = "org/settings/runners_create"
-	tplOrgRunnerDetails   base.TplName = "org/settings/runners_details"
-	tplOrgRunnerEdit      base.TplName = "org/settings/runners_edit"
-	tplOrgRunnerSetup     base.TplName = "org/settings/runners_setup"
-	tplOrgRunners         base.TplName = "org/settings/actions"
-	tplRepoRunnerCreate   base.TplName = "repo/settings/runner_create"
-	tplRepoRunnerDetails  base.TplName = "repo/settings/runner_details"
-	tplRepoRunnerEdit     base.TplName = "repo/settings/runner_edit"
-	tplRepoRunnerSetup    base.TplName = "repo/settings/runner_setup"
-	tplRepoRunners        base.TplName = "repo/settings/actions"
-	tplUserRunnerCreate   base.TplName = "user/settings/runner_create"
-	tplUserRunnerDetails  base.TplName = "user/settings/runner_details"
-	tplUserRunnerEdit     base.TplName = "user/settings/runner_edit"
-	tplUserRunnerSetup    base.TplName = "user/settings/runner_setup"
-	tplUserRunners        base.TplName = "user/settings/actions"
-)
-
-type runnersCtx struct {
-	OwnerID               int64
-	RepoID                int64
-	IsRepo                bool
-	IsOrg                 bool
-	IsAdmin               bool
-	IsUser                bool
-	RunnerCreateTemplate  base.TplName
-	RunnerDetailsTemplate base.TplName
-	RunnerEditTemplate    base.TplName
-	RunnerSetupTemplate   base.TplName
-	RunnersTemplate       base.TplName
-	RedirectLink          string
-}
-
-func getRunnersCtx(ctx *context.Context) (*runnersCtx, error) {
-	if ctx.Data["PageIsRepoSettings"] == true {
-		return &runnersCtx{
-			RepoID:                ctx.Repo.Repository.ID,
-			OwnerID:               0,
-			IsRepo:                true,
-			RunnerCreateTemplate:  tplRepoRunnerCreate,
-			RunnerDetailsTemplate: tplRepoRunnerDetails,
-			RunnerEditTemplate:    tplRepoRunnerEdit,
-			RunnerSetupTemplate:   tplRepoRunnerSetup,
-			RunnersTemplate:       tplRepoRunners,
-			RedirectLink:          ctx.Repo.RepoLink + "/settings/actions/runners/",
-		}, nil
-	}
-
-	if ctx.Data["PageIsOrgSettings"] == true {
-		err := shared_user.LoadHeaderCount(ctx)
-		if err != nil {
-			return nil, fmt.Errorf("could not load project and package counts: %w", err)
-		}
-		return &runnersCtx{
-			RepoID:                0,
-			OwnerID:               ctx.Org.Organization.ID,
-			IsOrg:                 true,
-			RunnerCreateTemplate:  tplOrgRunnerCreate,
-			RunnerDetailsTemplate: tplOrgRunnerDetails,
-			RunnerEditTemplate:    tplOrgRunnerEdit,
-			RunnerSetupTemplate:   tplOrgRunnerSetup,
-			RunnersTemplate:       tplOrgRunners,
-			RedirectLink:          ctx.Org.OrgLink + "/settings/actions/runners/",
-		}, nil
-	}
-
-	if ctx.Data["PageIsAdmin"] == true {
-		return &runnersCtx{
-			RepoID:                0,
-			OwnerID:               0,
-			IsAdmin:               true,
-			RunnerCreateTemplate:  tplAdminRunnerCreate,
-			RunnerDetailsTemplate: tplAdminRunnerDetails,
-			RunnerEditTemplate:    tplAdminRunnerEdit,
-			RunnerSetupTemplate:   tplAdminRunnerSetup,
-			RunnersTemplate:       tplAdminRunners,
-			RedirectLink:          setting.AppSubURL + "/admin/actions/runners/",
-		}, nil
-	}
-
-	if ctx.Data["PageIsUserSettings"] == true {
-		return &runnersCtx{
-			OwnerID:               ctx.Doer.ID,
-			RepoID:                0,
-			IsUser:                true,
-			RunnerCreateTemplate:  tplUserRunnerCreate,
-			RunnerDetailsTemplate: tplUserRunnerDetails,
-			RunnerEditTemplate:    tplUserRunnerEdit,
-			RunnerSetupTemplate:   tplUserRunnerSetup,
-			RunnersTemplate:       tplUserRunners,
-			RedirectLink:          setting.AppSubURL + "/user/settings/actions/runners/",
-		}, nil
-	}
-
-	return nil, errors.New("unable to set Runners context")
-}
-
-// Runners renders the list of all available runners.
-func Runners(ctx *context.Context) {
-	rCtx, err := getRunnersCtx(ctx)
-	if err != nil {
-		ctx.ServerError("getRunnersCtx", err)
-		return
-	}
-
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
-
-	opts := actions_model.FindRunnerOptions{
-		ListOptions: db.ListOptions{
-			Page:     page,
-			PageSize: 100,
-		},
-		WithVisible: true,
-		Sort:        ctx.Req.URL.Query().Get("sort"),
-		Filter:      ctx.Req.URL.Query().Get("q"),
-	}
-	if rCtx.IsRepo {
-		opts.RepoID = rCtx.RepoID
-	} else if rCtx.IsOrg || rCtx.IsUser {
-		opts.OwnerID = rCtx.OwnerID
-	}
-
-	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
-
-	actions_shared.RunnersList(ctx, rCtx.RunnersTemplate, opts)
-}
-
-// RunnersDetails renders a read-only view of the most important properties of a runner. It is accessible to every user
-// that can use that particular runner.
-func RunnersDetails(ctx *context.Context) {
-	rCtx, err := getRunnersCtx(ctx)
-	if err != nil {
-		ctx.ServerError("getRunnersCtx", err)
-		return
-	}
-
-	runnerID := ctx.ParamsInt64(":runnerid")
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
-
-	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
-
-	actions_shared.RunnerDetails(ctx, runnerID, rCtx.OwnerID, rCtx.RepoID, rCtx.RunnerDetailsTemplate, page)
-}
-
-// RunnersCreate renders the form for creating a new runner.
-func RunnersCreate(ctx *context.Context) {
-	rCtx, err := getRunnersCtx(ctx)
-	if err != nil {
-		ctx.ServerError("getRunnersCtx", err)
-		return
-	}
-
-	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
-
-	actions_shared.RunnerCreate(ctx, rCtx.RunnerCreateTemplate)
-}
-
-// RunnersCreatePost handles the form submitted by RunnersCreate.
-func RunnersCreatePost(ctx *context.Context) {
-	rCtx, err := getRunnersCtx(ctx)
-	if err != nil {
-		ctx.ServerError("getRunnersCtx", err)
-		return
-	}
-
-	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
-
-	actions_shared.RunnerCreatePost(ctx, rCtx.OwnerID, rCtx.RepoID, rCtx.RunnerCreateTemplate, rCtx.RunnerSetupTemplate)
-}
-
-// RunnersEdit renders the form for changing an existing runner.
-func RunnersEdit(ctx *context.Context) {
-	rCtx, err := getRunnersCtx(ctx)
-	if err != nil {
-		ctx.ServerError("getRunnersCtx", err)
-		return
-	}
-
-	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
-
-	actions_shared.RunnerEdit(ctx, ctx.ParamsInt64(":runnerid"), rCtx.OwnerID, rCtx.RepoID, rCtx.RunnerEditTemplate)
-}
-
-// RunnersEditPost handles the form submitted by RunnersEdit.
-func RunnersEditPost(ctx *context.Context) {
-	rCtx, err := getRunnersCtx(ctx)
-	if err != nil {
-		ctx.ServerError("getRunnersCtx", err)
-		return
-	}
-
-	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
-
-	runnerID := ctx.ParamsInt64(":runnerid")
-	redirectURL := rCtx.RedirectLink + url.PathEscape(ctx.Params(":runnerid"))
-	actions_shared.RunnerEditPost(ctx, runnerID, rCtx.OwnerID, rCtx.RepoID, rCtx.RunnerEditTemplate,
-		rCtx.RunnerSetupTemplate, redirectURL)
-}
-
-// ResetRunnerRegistrationToken handles the request to reset the runner registration token.
-func ResetRunnerRegistrationToken(ctx *context.Context) {
-	rCtx, err := getRunnersCtx(ctx)
-	if err != nil {
-		ctx.ServerError("getRunnersCtx", err)
-		return
-	}
-
-	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
-
-	actions_shared.RunnerResetRegistrationToken(ctx, rCtx.OwnerID, rCtx.RepoID, rCtx.RedirectLink)
-}
-
-// RunnerDeletePost handles the request to delete a runner.
-func RunnerDeletePost(ctx *context.Context) {
-	rCtx, err := getRunnersCtx(ctx)
-	if err != nil {
-		ctx.ServerError("getRunnersCtx", err)
-		return
-	}
-
-	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
-
-	runnerID := ctx.ParamsInt64(":runnerid")
-	successRedirectURL := rCtx.RedirectLink
-	failureRedirectURL := rCtx.RedirectLink
-	actions_shared.RunnerDeletePost(ctx, runnerID, rCtx.OwnerID, rCtx.RepoID, successRedirectURL, failureRedirectURL)
-}
-
-func RedirectToDefaultSetting(ctx *context.Context) {
-	ctx.Redirect(ctx.Repo.RepoLink + "/settings/actions/runners")
-}
diff --git a/routers/web/shared/actions/runners.go b/routers/web/shared/actions/runners.go
index 436b103f35..012ec246fd 100644
--- a/routers/web/shared/actions/runners.go
+++ b/routers/web/shared/actions/runners.go
@@ -5,7 +5,9 @@ package actions
 
 import (
 	"errors"
+	"fmt"
 	"net/http"
+	"net/url"
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
@@ -15,14 +17,143 @@ import (
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
+	shared_user "forgejo.org/routers/web/shared/user"
 	"forgejo.org/services/context"
 	"forgejo.org/services/forms"
 
 	gouuid "github.com/google/uuid"
 )
 
+const (
+	tplAdminRunnerCreate  base.TplName = "admin/runners/create"
+	tplAdminRunnerDetails base.TplName = "admin/runners/details"
+	tplAdminRunnerEdit    base.TplName = "admin/runners/edit"
+	tplAdminRunnerSetup   base.TplName = "admin/runners/setup"
+	tplAdminRunners       base.TplName = "admin/actions"
+	tplOrgRunnerCreate    base.TplName = "org/settings/runners_create"
+	tplOrgRunnerDetails   base.TplName = "org/settings/runners_details"
+	tplOrgRunnerEdit      base.TplName = "org/settings/runners_edit"
+	tplOrgRunnerSetup     base.TplName = "org/settings/runners_setup"
+	tplOrgRunners         base.TplName = "org/settings/actions"
+	tplRepoRunnerCreate   base.TplName = "repo/settings/runner_create"
+	tplRepoRunnerDetails  base.TplName = "repo/settings/runner_details"
+	tplRepoRunnerEdit     base.TplName = "repo/settings/runner_edit"
+	tplRepoRunnerSetup    base.TplName = "repo/settings/runner_setup"
+	tplRepoRunners        base.TplName = "repo/settings/actions"
+	tplUserRunnerCreate   base.TplName = "user/settings/runner_create"
+	tplUserRunnerDetails  base.TplName = "user/settings/runner_details"
+	tplUserRunnerEdit     base.TplName = "user/settings/runner_edit"
+	tplUserRunnerSetup    base.TplName = "user/settings/runner_setup"
+	tplUserRunners        base.TplName = "user/settings/actions"
+)
+
+type runnersCtx struct {
+	OwnerID               int64
+	RepoID                int64
+	IsRepo                bool
+	IsOrg                 bool
+	IsAdmin               bool
+	IsUser                bool
+	RunnerCreateTemplate  base.TplName
+	RunnerDetailsTemplate base.TplName
+	RunnerEditTemplate    base.TplName
+	RunnerSetupTemplate   base.TplName
+	RunnersTemplate       base.TplName
+	RedirectLink          string
+}
+
+func getRunnersCtx(ctx *context.Context) (*runnersCtx, error) {
+	if ctx.Data["PageIsRepoSettings"] == true {
+		return &runnersCtx{
+			RepoID:                ctx.Repo.Repository.ID,
+			OwnerID:               0,
+			IsRepo:                true,
+			RunnerCreateTemplate:  tplRepoRunnerCreate,
+			RunnerDetailsTemplate: tplRepoRunnerDetails,
+			RunnerEditTemplate:    tplRepoRunnerEdit,
+			RunnerSetupTemplate:   tplRepoRunnerSetup,
+			RunnersTemplate:       tplRepoRunners,
+			RedirectLink:          ctx.Repo.RepoLink + "/settings/actions/runners/",
+		}, nil
+	}
+
+	if ctx.Data["PageIsOrgSettings"] == true {
+		err := shared_user.LoadHeaderCount(ctx)
+		if err != nil {
+			return nil, fmt.Errorf("could not load project and package counts: %w", err)
+		}
+		return &runnersCtx{
+			RepoID:                0,
+			OwnerID:               ctx.Org.Organization.ID,
+			IsOrg:                 true,
+			RunnerCreateTemplate:  tplOrgRunnerCreate,
+			RunnerDetailsTemplate: tplOrgRunnerDetails,
+			RunnerEditTemplate:    tplOrgRunnerEdit,
+			RunnerSetupTemplate:   tplOrgRunnerSetup,
+			RunnersTemplate:       tplOrgRunners,
+			RedirectLink:          ctx.Org.OrgLink + "/settings/actions/runners/",
+		}, nil
+	}
+
+	if ctx.Data["PageIsAdmin"] == true {
+		return &runnersCtx{
+			RepoID:                0,
+			OwnerID:               0,
+			IsAdmin:               true,
+			RunnerCreateTemplate:  tplAdminRunnerCreate,
+			RunnerDetailsTemplate: tplAdminRunnerDetails,
+			RunnerEditTemplate:    tplAdminRunnerEdit,
+			RunnerSetupTemplate:   tplAdminRunnerSetup,
+			RunnersTemplate:       tplAdminRunners,
+			RedirectLink:          setting.AppSubURL + "/admin/actions/runners/",
+		}, nil
+	}
+
+	if ctx.Data["PageIsUserSettings"] == true {
+		return &runnersCtx{
+			OwnerID:               ctx.Doer.ID,
+			RepoID:                0,
+			IsUser:                true,
+			RunnerCreateTemplate:  tplUserRunnerCreate,
+			RunnerDetailsTemplate: tplUserRunnerDetails,
+			RunnerEditTemplate:    tplUserRunnerEdit,
+			RunnerSetupTemplate:   tplUserRunnerSetup,
+			RunnersTemplate:       tplUserRunners,
+			RedirectLink:          setting.AppSubURL + "/user/settings/actions/runners/",
+		}, nil
+	}
+
+	return nil, errors.New("unable to set Runners context")
+}
+
 // RunnersList renders the list of runners.
-func RunnersList(ctx *context.Context, template base.TplName, opts actions_model.FindRunnerOptions) {
+func RunnersList(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	page := ctx.FormInt("page")
+	if page <= 1 {
+		page = 1
+	}
+
+	opts := actions_model.FindRunnerOptions{
+		ListOptions: db.ListOptions{
+			Page:     page,
+			PageSize: 100,
+		},
+		WithVisible: true,
+		Sort:        ctx.Req.URL.Query().Get("sort"),
+		Filter:      ctx.Req.URL.Query().Get("q"),
+	}
+	if rCtx.IsRepo {
+		opts.RepoID = rCtx.RepoID
+	} else if rCtx.IsOrg || rCtx.IsUser {
+		opts.OwnerID = rCtx.OwnerID
+	}
+
 	runners, count, err := db.FindAndCount[actions_model.ActionRunner](ctx, opts)
 	if err != nil {
 		ctx.ServerError("CountRunners", err)
@@ -67,17 +198,30 @@ func RunnersList(ctx *context.Context, template base.TplName, opts actions_model
 	ctx.Data["RunnerOwnerID"] = opts.OwnerID
 	ctx.Data["RunnerRepoID"] = opts.RepoID
 	ctx.Data["SortType"] = opts.Sort
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
 
 	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
 
 	ctx.Data["Page"] = pager
-	ctx.HTML(http.StatusOK, template)
+	ctx.HTML(http.StatusOK, rCtx.RunnersTemplate)
 }
 
 // RunnerDetails displays detail information about each runner. The page is purely informational and visible to everyone
 // who is allowed to use a runner.
-func RunnerDetails(ctx *context.Context, runnerID, ownerID, repoID int64, template base.TplName, page int) {
-	runner, err := actions_model.GetVisibleRunnerByID(ctx, runnerID, ownerID, repoID)
+func RunnerDetails(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	runnerID := ctx.ParamsInt64(":runnerid")
+	page := ctx.FormInt("page")
+	if page <= 1 {
+		page = 1
+	}
+
+	runner, err := actions_model.GetVisibleRunnerByID(ctx, runnerID, rCtx.OwnerID, rCtx.RepoID)
 	if errors.Is(err, util.ErrNotExist) {
 		ctx.NotFound("GetVisibleRunnerByID", err)
 		return
@@ -96,8 +240,8 @@ func RunnerDetails(ctx *context.Context, runnerID, ownerID, repoID int64, templa
 			PageSize: 30,
 		},
 		RunnerID: runner.ID,
-		OwnerID:  ownerID,
-		RepoID:   repoID,
+		OwnerID:  rCtx.OwnerID,
+		RepoID:   rCtx.RepoID,
 	}
 
 	tasks, count, err := db.FindAndCount[actions_model.ActionTask](ctx, opts)
@@ -112,32 +256,51 @@ func RunnerDetails(ctx *context.Context, runnerID, ownerID, repoID int64, templa
 	}
 
 	ctx.Data["PageIsSharedSettingsRunners"] = true
-	ctx.Data["RunnerOwnerID"] = ownerID
-	ctx.Data["RunnerRepoID"] = repoID
+	ctx.Data["RunnerOwnerID"] = rCtx.OwnerID
+	ctx.Data["RunnerRepoID"] = rCtx.RepoID
 	ctx.Data["Title"] = ctx.Tr("actions.runners.runner_details.page_title", runner.Name)
 	ctx.Data["Runner"] = runner
 	ctx.Data["Tasks"] = tasks
+	ctx.Data["IsRepo"] = rCtx.IsRepo
+	ctx.Data["IsOrg"] = rCtx.IsOrg
+	ctx.Data["IsAdmin"] = rCtx.IsAdmin
+	ctx.Data["IsUser"] = rCtx.IsUser
 	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
 	ctx.Data["Page"] = pager
-	ctx.HTML(http.StatusOK, template)
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+
+	ctx.HTML(http.StatusOK, rCtx.RunnerDetailsTemplate)
 }
 
 // RunnerCreate displays a form for creating a new runner.
-func RunnerCreate(ctx *context.Context, template base.TplName) {
+func RunnerCreate(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
 	ctx.Data["PageIsSharedSettingsRunners"] = true
 	ctx.Data["Title"] = ctx.Tr("actions.runners.create_runner.page_title")
-	ctx.HTML(http.StatusOK, template)
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+	ctx.HTML(http.StatusOK, rCtx.RunnerCreateTemplate)
 }
 
 // RunnerCreatePost handles the form submitted by RunnerCreate.
-func RunnerCreatePost(ctx *context.Context, ownerID, repoID int64, template, successTemplate base.TplName) {
+func RunnerCreatePost(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
 	form := web.GetForm(ctx).(*forms.CreateRunnerForm)
 
 	runner := actions_model.ActionRunner{
 		UUID:        gouuid.New().String(),
 		Name:        form.RunnerName,
-		OwnerID:     ownerID,
-		RepoID:      repoID,
+		OwnerID:     rCtx.OwnerID,
+		RepoID:      rCtx.RepoID,
 		Description: form.RunnerDescription,
 		Ephemeral:   false,
 	}
@@ -147,26 +310,33 @@ func RunnerCreatePost(ctx *context.Context, ownerID, repoID int64, template, suc
 	ctx.Data["Title"] = ctx.Tr("actions.runners.runner_setup.page_title", runner.Name)
 	ctx.Data["AppURL"] = setting.AppURL
 	ctx.Data["Runner"] = runner
-	ctx.Data["RunnerOwnerID"] = ownerID
-	ctx.Data["RunnerRepoID"] = repoID
+	ctx.Data["RunnerOwnerID"] = rCtx.OwnerID
+	ctx.Data["RunnerRepoID"] = rCtx.RepoID
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
 
 	if ctx.HasError() {
-		ctx.HTML(http.StatusOK, template)
+		ctx.HTML(http.StatusOK, rCtx.RunnerCreateTemplate)
 		return
 	}
 
-	err := actions_model.CreateRunner(ctx, &runner)
+	err = actions_model.CreateRunner(ctx, &runner)
 	if err != nil {
 		ctx.ServerError("CreateRunner", err)
 		return
 	}
 
-	ctx.HTML(http.StatusOK, successTemplate)
+	ctx.HTML(http.StatusOK, rCtx.RunnerSetupTemplate)
 }
 
 // RunnerEdit displays a form to modify the given runner.
-func RunnerEdit(ctx *context.Context, runnerID, ownerID, repoID int64, template base.TplName) {
-	runner, err := actions_model.GetVisibleRunnerByID(ctx, runnerID, ownerID, repoID)
+func RunnerEdit(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	runner, err := actions_model.GetVisibleRunnerByID(ctx, ctx.ParamsInt64(":runnerid"), rCtx.OwnerID, rCtx.RepoID)
 	if errors.Is(err, util.ErrNotExist) {
 		ctx.NotFound("GetVisibleRunnerByID", err)
 		return
@@ -178,7 +348,7 @@ func RunnerEdit(ctx *context.Context, runnerID, ownerID, repoID int64, template
 		ctx.ServerError("LoadAttributes", err)
 		return
 	}
-	if !runner.Editable(ownerID, repoID) {
+	if !runner.Editable(rCtx.OwnerID, rCtx.RepoID) {
 		err = errors.New("no permission to edit this runner")
 		ctx.NotFound("RunnerDetails", err)
 		return
@@ -187,14 +357,26 @@ func RunnerEdit(ctx *context.Context, runnerID, ownerID, repoID int64, template
 	ctx.Data["PageIsSharedSettingsRunners"] = true
 	ctx.Data["Title"] = ctx.Tr("actions.runners.edit_runner.page_title", runner.Name)
 	ctx.Data["Runner"] = runner
-	ctx.Data["RunnerOwnerID"] = ownerID
-	ctx.Data["RunnerRepoID"] = repoID
-	ctx.HTML(http.StatusOK, template)
+	ctx.Data["RunnerOwnerID"] = rCtx.OwnerID
+	ctx.Data["RunnerRepoID"] = rCtx.RepoID
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+	ctx.HTML(http.StatusOK, rCtx.RunnerEditTemplate)
 }
 
 // RunnerEditPost handles the form submitted by RunnerEdit.
-func RunnerEditPost(ctx *context.Context, runnerID, ownerID, repoID int64, template, successTemplate base.TplName, redirectTo string) {
-	runner, err := actions_model.GetVisibleRunnerByID(ctx, runnerID, ownerID, repoID)
+func RunnerEditPost(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
+
+	runnerID := ctx.ParamsInt64(":runnerid")
+	redirectURL := rCtx.RedirectLink + url.PathEscape(ctx.Params(":runnerid"))
+
+	runner, err := actions_model.GetVisibleRunnerByID(ctx, runnerID, rCtx.OwnerID, rCtx.RepoID)
 	if errors.Is(err, util.ErrNotExist) {
 		ctx.NotFound("GetVisibleRunnerByID", err)
 		return
@@ -202,7 +384,7 @@ func RunnerEditPost(ctx *context.Context, runnerID, ownerID, repoID int64, templ
 		ctx.ServerError("GetVisibleRunnerByID", err)
 		return
 	}
-	if !runner.Editable(ownerID, repoID) {
+	if !runner.Editable(rCtx.OwnerID, rCtx.RepoID) {
 		ctx.NotFound("RunnerEditPost.Editable", util.NewPermissionDeniedErrorf("no permission to edit this runner"))
 		return
 	}
@@ -211,15 +393,16 @@ func RunnerEditPost(ctx *context.Context, runnerID, ownerID, repoID int64, templ
 	ctx.Data["Title"] = ctx.Tr("actions.runners.runner_setup.page_title", runner.Name)
 	ctx.Data["AppURL"] = setting.AppURL
 	ctx.Data["Runner"] = runner
-	ctx.Data["RunnerOwnerID"] = ownerID
-	ctx.Data["RunnerRepoID"] = repoID
+	ctx.Data["RunnerOwnerID"] = rCtx.OwnerID
+	ctx.Data["RunnerRepoID"] = rCtx.RepoID
+	ctx.Data["RunnersListLink"] = rCtx.RedirectLink
 
 	form := web.GetForm(ctx).(*forms.EditRunnerForm)
 	runner.Name = form.RunnerName
 	runner.Description = form.RunnerDescription
 
 	if ctx.HasError() {
-		ctx.HTML(http.StatusOK, template)
+		ctx.HTML(http.StatusOK, rCtx.RunnerEditTemplate)
 		return
 	}
 
@@ -228,14 +411,14 @@ func RunnerEditPost(ctx *context.Context, runnerID, ownerID, repoID int64, templ
 		if err != nil {
 			log.Warn("RunnerEditPost.UpdateRunner failed: %v, url: %s", err, ctx.Req.URL)
 			ctx.Flash.Warning(ctx.Tr("actions.runners.update_runner.failed"))
-			ctx.Redirect(redirectTo)
+			ctx.Redirect(redirectURL)
 			return
 		}
 
 		log.Debug("RunnerEditPost success: %s", ctx.Req.URL)
 
 		ctx.Flash.Success(ctx.Tr("actions.runners.update_runner.success"))
-		ctx.Redirect(redirectTo)
+		ctx.Redirect(redirectURL)
 		return
 	}
 
@@ -244,43 +427,55 @@ func RunnerEditPost(ctx *context.Context, runnerID, ownerID, repoID int64, templ
 	if err != nil {
 		log.Warn("RunnerEditPost.UpdateRunner failed: %v, url: %s", err, ctx.Req.URL)
 		ctx.Flash.Warning(ctx.Tr("actions.runners.update_runner.failed"))
-		ctx.Redirect(redirectTo)
+		ctx.Redirect(redirectURL)
 		return
 	}
 
-	ctx.HTML(http.StatusOK, successTemplate)
+	ctx.HTML(http.StatusOK, rCtx.RunnerSetupTemplate)
 }
 
 // RunnerResetRegistrationToken resets the runner registration token.
-func RunnerResetRegistrationToken(ctx *context.Context, ownerID, repoID int64, redirectTo string) {
-	optOwnerID := optional.None[int64]()
-	if ownerID != 0 {
-		optOwnerID = optional.Some(ownerID)
-	}
-	optRepoID := optional.None[int64]()
-	if repoID != 0 {
-		optRepoID = optional.Some(repoID)
+func RunnerResetRegistrationToken(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
 	}
 
-	_, err := actions_model.NewRunnerToken(ctx, optOwnerID, optRepoID)
+	optOwnerID := optional.None[int64]()
+	if rCtx.OwnerID != 0 {
+		optOwnerID = optional.Some(rCtx.OwnerID)
+	}
+	optRepoID := optional.None[int64]()
+	if rCtx.RepoID != 0 {
+		optRepoID = optional.Some(rCtx.RepoID)
+	}
+
+	_, err = actions_model.NewRunnerToken(ctx, optOwnerID, optRepoID)
 	if err != nil {
 		ctx.ServerError("ResetRunnerRegistrationToken", err)
 		return
 	}
 
 	ctx.Flash.Success(ctx.Tr("actions.runners.reset_registration_token.success"))
-	ctx.Redirect(redirectTo)
+	ctx.Redirect(rCtx.RedirectLink)
 }
 
 // RunnerDeletePost handles the request for deleting a particular runner.
-func RunnerDeletePost(ctx *context.Context, runnerID, ownerID, repoID int64, successRedirectTo, failedRedirectTo string) {
-	runner, err := actions_model.GetRunnerByID(ctx, runnerID)
+func RunnerDeletePost(ctx *context.Context) {
+	rCtx, err := getRunnersCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getRunnersCtx", err)
+		return
+	}
+
+	runner, err := actions_model.GetRunnerByID(ctx, ctx.ParamsInt64(":runnerid"))
 	if err != nil {
 		ctx.ServerError("GetRunnerByID", err)
 		return
 	}
 
-	if !runner.Editable(ownerID, repoID) {
+	if !runner.Editable(rCtx.OwnerID, rCtx.RepoID) {
 		ctx.NotFound("Editable", util.NewPermissionDeniedErrorf("no permission to edit this runner"))
 		return
 	}
@@ -290,7 +485,7 @@ func RunnerDeletePost(ctx *context.Context, runnerID, ownerID, repoID int64, suc
 
 		ctx.Flash.Warning(ctx.Tr("actions.runners.delete_runner.failed"))
 
-		ctx.JSONRedirect(failedRedirectTo)
+		ctx.JSONRedirect(rCtx.RedirectLink)
 		return
 	}
 
@@ -298,5 +493,9 @@ func RunnerDeletePost(ctx *context.Context, runnerID, ownerID, repoID int64, suc
 
 	ctx.Flash.Success(ctx.Tr("actions.runners.delete_runner.success"))
 
-	ctx.JSONRedirect(successRedirectTo)
+	ctx.JSONRedirect(rCtx.RedirectLink)
+}
+
+func RedirectToDefaultSetting(ctx *context.Context) {
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/actions/runners")
 }
diff --git a/routers/web/shared/actions/runners_test.go b/routers/web/shared/actions/runners_test.go
deleted file mode 100644
index 9426bbdf08..0000000000
--- a/routers/web/shared/actions/runners_test.go
+++ /dev/null
@@ -1,48 +0,0 @@
-// Copyright 2025 The Forgejo Authors.
-// SPDX-License-Identifier: GPL-3.0-or-later
-
-package actions
-
-import (
-	"net/http"
-	"testing"
-
-	actions_model "forgejo.org/models/actions"
-	"forgejo.org/models/unittest"
-	user_model "forgejo.org/models/user"
-	"forgejo.org/services/contexttest"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestRunnerDetails(t *testing.T) {
-	defer unittest.OverrideFixtures("routers/web/shared/actions/fixtures/TestRunnerDetails")()
-	require.NoError(t, unittest.PrepareTestDatabase())
-
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-	runner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 1004})
-
-	t.Run("permission denied", func(t *testing.T) {
-		ctx, resp := contexttest.MockContext(t, "/admin/actions/runners")
-		RunnerDetails(ctx, runner.ID, user.ID, 0, "admin/runners/details", 1)
-		assert.Equal(t, http.StatusOK, resp.Code)
-		assert.Empty(t, ctx.GetData()["Tasks"])
-	})
-
-	t.Run("first page", func(t *testing.T) {
-		ctx, resp := contexttest.MockContext(t, "/admin/actions/runners")
-		page := 1
-		RunnerDetails(ctx, runner.ID, 0, 0, "admin/runners/details", page)
-		require.Equal(t, http.StatusOK, resp.Code)
-		assert.Len(t, ctx.GetData()["Tasks"], 30)
-	})
-
-	t.Run("second and last page", func(t *testing.T) {
-		ctx, resp := contexttest.MockContext(t, "/admin/actions/runners")
-		page := 2
-		RunnerDetails(ctx, runner.ID, 0, 0, "admin/runners/details", page)
-		require.Equal(t, http.StatusOK, resp.Code)
-		assert.Len(t, ctx.GetData()["Tasks"], 10)
-	})
-}
diff --git a/routers/web/web.go b/routers/web/web.go
index ee3a515dff..f8132707ca 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -42,6 +42,7 @@ import (
 	"forgejo.org/routers/web/repo/badges"
 	repo_flags "forgejo.org/routers/web/repo/flags"
 	repo_setting "forgejo.org/routers/web/repo/setting"
+	shared_actions "forgejo.org/routers/web/shared/actions"
 	"forgejo.org/routers/web/shared/project"
 	"forgejo.org/routers/web/user"
 	user_setting "forgejo.org/routers/web/user/setting"
@@ -460,16 +461,16 @@ func registerRoutes(m *web.Route) {
 
 	addSettingsRunnersRoutes := func() {
 		m.Group("/runners", func() {
-			m.Get("", repo_setting.Runners)
+			m.Get("", shared_actions.RunnersList)
 			m.Combo("/new").
-				Get(repo_setting.RunnersCreate).
-				Post(web.Bind(forms.CreateRunnerForm{}), repo_setting.RunnersCreatePost)
-			m.Get("/{runnerid}", repo_setting.RunnersDetails)
+				Get(shared_actions.RunnerCreate).
+				Post(web.Bind(forms.CreateRunnerForm{}), shared_actions.RunnerCreatePost)
+			m.Get("/{runnerid}", shared_actions.RunnerDetails)
 			m.Combo("/{runnerid}/edit").
-				Get(repo_setting.RunnersEdit).
-				Post(web.Bind(forms.EditRunnerForm{}), repo_setting.RunnersEditPost)
-			m.Post("/{runnerid}/delete", repo_setting.RunnerDeletePost)
-			m.Get("/reset_registration_token", repo_setting.ResetRunnerRegistrationToken)
+				Get(shared_actions.RunnerEdit).
+				Post(web.Bind(forms.EditRunnerForm{}), shared_actions.RunnerEditPost)
+			m.Post("/{runnerid}/delete", shared_actions.RunnerDeletePost)
+			m.Get("/reset_registration_token", shared_actions.RunnerResetRegistrationToken)
 		})
 	}
 
@@ -1158,7 +1159,7 @@ func registerRoutes(m *web.Route) {
 				})
 			})
 			m.Group("/actions", func() {
-				m.Get("", repo_setting.RedirectToDefaultSetting)
+				m.Get("", shared_actions.RedirectToDefaultSetting)
 				addSettingsRunnersRoutes()
 				addSettingsSecretsRoutes()
 				addSettingsVariablesRoutes()
diff --git a/templates/shared/actions/runner_details.tmpl b/templates/shared/actions/runner_details.tmpl
index ee073c6098..7e4cad3b35 100644
--- a/templates/shared/actions/runner_details.tmpl
+++ b/templates/shared/actions/runner_details.tmpl
@@ -93,7 +93,15 @@
 	</div>
 
 	<h4 class="ui top attached header">
-		{{ctx.Locale.Tr "actions.runners.task_list"}}
+		{{if .IsRepo}}
+			{{ctx.Locale.Tr "actions.runners.task_list_repo"}}
+		{{else if .IsOrg}}
+			{{ctx.Locale.Tr "actions.runners.task_list_org"}}
+		{{else if .IsAdmin}}
+			{{ctx.Locale.Tr "actions.runners.task_list_admin"}}
+		{{else if .IsUser}}
+			{{ctx.Locale.Tr "actions.runners.task_list_user"}}
+		{{end}}
 	</h4>
 	<div class="ui attached segment">
 		<table class="ui very basic striped table unstackable">
diff --git a/tests/e2e/fixtures/runner-management/action_task.yml b/tests/e2e/fixtures/runner-management/action_task.yml
index 892e22e6cc..59868ecc48 100644
--- a/tests/e2e/fixtures/runner-management/action_task.yml
+++ b/tests/e2e/fixtures/runner-management/action_task.yml
@@ -1,3 +1,251 @@
+- id: 88899
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: d553d4419a9232b8eb49f9ba5396be9b5c742b3a
+
+- id: 88900
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: aa06c3e9601797fc929e6d53d921fc025ed86d97
+
+- id: 88901
+  attempt: 1
+  runner_id: 719931
+  status: 2 # StatusFailure
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: d7bccf4e23daf00ecce0c63770a861f2f6efa1fc
+
+- id: 88902
+  attempt: 2
+  runner_id: 719931
+  status: 3 # StatusCancelled
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: d7bccf4e23daf00ecce0c63770a861f2f6efa1fc
+
+- id: 88903
+  attempt: 3
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: d7bccf4e23daf00ecce0c63770a861f2f6efa1fc
+
+- id: 88904
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: f0a6cb54b000f0259005598d41c36912412fd1a1
+
+- id: 88905
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: f8efc8f98a79121043493a6a5022bc03a7ddd1e6
+
+- id: 88906
+  attempt: 2
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: f8efc8f98a79121043493a6a5022bc03a7ddd1e6
+
+- id: 88907
+  attempt: 2
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: f8efc8f98a79121043493a6a5022bc03a7ddd1e6
+
+- id: 88908
+  attempt: 3
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: f8efc8f98a79121043493a6a5022bc03a7ddd1e6
+
+- id: 88909
+  attempt: 4
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: f8efc8f98a79121043493a6a5022bc03a7ddd1e6
+
+- id: 88910
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: b96d11edc82815c5daf8aeab5455a633810772c8
+
+- id: 88911
+  attempt: 1
+  runner_id: 719931
+  status: 3 # StatusCancelled
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: f19005ba22ab1eb48809e6990853fd370fd00247
+
+- id: 88912
+  attempt: 2
+  runner_id: 719931
+  status: 3 # StatusCancelled
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: f19005ba22ab1eb48809e6990853fd370fd00247
+
+- id: 88913
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: 0766efdd387a2db415a2df3dd9db2b9ea9bc9286
+
+- id: 88914
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: 0766efdd387a2db415a2df3dd9db2b9ea9bc9286
+
+- id: 88915
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: e5251733cc20c2350ebe30f0d6ad7f04aa6f996e
+
+- id: 88916
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: d2374bac709f30cd2eeb11f985dea1c0f5b97282
+
+- id: 88917
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: 95d900ad932e9285039d20db5ebeaca52dd0528b
+
+- id: 88918
+  attempt: 2
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: 95d900ad932e9285039d20db5ebeaca52dd0528b
+
+- id: 88919
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: 95d900ad932e9285039d20db5ebeaca52dd0528b
+
+- id: 88920
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: 8ea3698775cb332b310041187602584d0507d580
+
+- id: 88921
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: a597d91f7580dacc95afd7658b078837ae15c02a
+
+- id: 88922
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: 206732455acefbbf2be33f673b8a475df48e1227
+
+- id: 88923
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: 8c07db7db9fb0d6a96dfb76ca3cff91e678eb4e6
+
+- id: 88924
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: d8269eb5270bfa079a2fc6a94a7d171a487264ce
+
+- id: 88925
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: fd449592611ee8689c81635bd030e9db1a18869a
+
+- id: 88926
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: 459cc09582b7767ad1b93fcbde536690bbd1b48a
+
+- id: 88927
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: 0d30b6df8041379690bec9a3bcd4710a76f3188c
+
+- id: 88929
+  attempt: 1
+  runner_id: 719931
+  status: 1 # StatusSuccess
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: 14d98a4d090d40358193ce2d14b5947c551fa8ec
+
+- id: 88930
+  attempt: 1
+  runner_id: 719931
+  status: 3 # StatusCancelled
+  repo_id: 32
+  owner_id: 3 # org3
+  commit_sha: ed4df76f868ac8a9a8406f2606208bb42ed8b9c7
+
 - id: 88931
   attempt: 1
   runner_id: 719934
diff --git a/tests/e2e/runner-management.test.e2e.ts b/tests/e2e/runner-management.test.e2e.ts
index 04e3e1d168..ba01a3f870 100644
--- a/tests/e2e/runner-management.test.e2e.ts
+++ b/tests/e2e/runner-management.test.e2e.ts
@@ -84,7 +84,7 @@ test.describe('Runners of user2', () => {
       - definition: A runner for everyone
     `);
 
-    await expect(page.getByRole('heading', {name: 'Recent tasks on this runner '})).toBeVisible();
+    await expect(page.getByRole('heading', {name: 'Recent tasks of this user on this runner'})).toBeVisible();
 
     const rows = page.getByRole('row');
 
@@ -374,7 +374,7 @@ test.describe('Global runners', () => {
       - definition: A runner for everyone
     `);
 
-    await expect(page.getByRole('heading', {name: 'Recent tasks on this runner '})).toBeVisible();
+    await expect(page.getByRole('heading', {name: 'Recent tasks on this runner'})).toBeVisible();
 
     const rows = page.getByRole('row');
 
@@ -598,7 +598,7 @@ test.describe('Organization runners', () => {
       - definition: A runner for everyone
     `);
 
-    await expect(page.getByRole('heading', {name: 'Recent tasks on this runner '})).toBeVisible();
+    await expect(page.getByRole('heading', {name: 'Recent tasks on this runner within this organization'})).toBeVisible();
 
     const rows = page.getByRole('row');
 
@@ -607,6 +607,38 @@ test.describe('Organization runners', () => {
     await expect(rows.nth(0)).toHaveAccessibleName('Run Status Repository Commit Done at');
     await expect(rows.nth(1)).toHaveAccessibleName('88931 Running ed38c5a46c -');
   });
+
+  test('runner details with multiple pages of tasks', async ({page}) => {
+    await page.goto('/org/org3/settings/actions/runners');
+
+    await page.getByRole('link', {name: 'Show details of runner-1', exact: true}).click();
+
+    await expect(page).toHaveTitle(/^Runner runner-1 .*/);
+    await expect(page.getByRole('heading', {name: 'Runner runner-1'})).toBeVisible();
+
+    await expect(page.getByRole('heading', {name: 'Recent tasks on this runner within this organization'})).toBeVisible();
+
+    const rows = page.getByRole('row');
+
+    await expect(rows).toHaveCount(31); // 30 runners plus table header
+    await expect(rows.nth(0)).toHaveAccessibleName('Run Status Repository Commit Done at');
+    await expect(rows.nth(1)).toHaveAccessibleName('88930 Canceled ed4df76f86 -');
+    await expect(rows.nth(30)).toHaveAccessibleName('88900 Success aa06c3e960 -');
+
+    await page.getByRole('link', {name: 'Next', exact: true}).click();
+
+    await expect(rows).toHaveCount(2);
+    await expect(rows.nth(0)).toHaveAccessibleName('Run Status Repository Commit Done at');
+    await expect(rows.nth(1)).toHaveAccessibleName('88899 Success d553d4419a -');
+
+    // Go back to the first page and verify that nothing has changed.
+    await page.getByRole('link', {name: 'Previous', exact: true}).click();
+
+    await expect(rows).toHaveCount(31); // 30 runners plus table header
+    await expect(rows.nth(0)).toHaveAccessibleName('Run Status Repository Commit Done at');
+    await expect(rows.nth(1)).toHaveAccessibleName('88930 Canceled ed4df76f86 -');
+    await expect(rows.nth(30)).toHaveAccessibleName('88900 Success aa06c3e960 -');
+  });
 });
 
 test.describe('Repository runners', () => {
@@ -694,7 +726,7 @@ test.describe('Repository runners', () => {
       - definition: A runner for everyone
     `);
 
-    await expect(page.getByRole('heading', {name: 'Recent tasks on this runner '})).toBeVisible();
+    await expect(page.getByRole('heading', {name: 'Recent tasks of this repository on this runner'})).toBeVisible();
 
     const rows = page.getByRole('row');
 

From 075ee9ea882cc6c89c8baa480af2daa9d78d5ed3 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 17 Mar 2026 03:35:52 +0100
Subject: [PATCH 517/854] Update module github.com/mattn/go-sqlite3 to v1.14.37
 (forgejo) (#11708)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11708
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 04eda64d7b..f8b35ab61a 100644
--- a/go.mod
+++ b/go.mod
@@ -75,7 +75,7 @@ require (
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.82.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-sqlite3 v1.14.34
+	github.com/mattn/go-sqlite3 v1.14.37
 	github.com/meilisearch/meilisearch-go v0.36.0
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
diff --git a/go.sum b/go.sum
index 9a64d48945..2b390b170e 100644
--- a/go.sum
+++ b/go.sum
@@ -516,8 +516,8 @@ github.com/mattn/go-runewidth v0.0.17 h1:78v8ZlW0bP43XfmAfPsdXcoNCelfMHsDmd/pkEN
 github.com/mattn/go-runewidth v0.0.17/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/mattn/go-sqlite3 v1.14.34 h1:3NtcvcUnFBPsuRcno8pUtupspG/GM+9nZ88zgJcp6Zk=
-github.com/mattn/go-sqlite3 v1.14.34/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.37 h1:3DOZp4cXis1cUIpCfXLtmlGolNLp2VEqhiB/PARNBIg=
+github.com/mattn/go-sqlite3 v1.14.37/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/meilisearch/meilisearch-go v0.36.0 h1:N1etykTektXt5KPcSbhBO0d5Xx5NaKj4pJWEM7WA5dI=
 github.com/meilisearch/meilisearch-go v0.36.0/go.mod h1:HBfHzKMxcSbTOvqdfuRA/yf6Vk9IivcwKocWRuW7W78=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=

From c1787d06e2917e75eb8901ac0586abb34a54f669 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 17 Mar 2026 09:11:52 +0100
Subject: [PATCH 518/854] fix: add missing deleting beans for organizations
 (#11699)

- Delete blocked users entries.
  - Organization cannot get blocked, it can block other people however.
- Delete following entries.
  - Organization cannot follow, it can be followed by users.
- Resolves forgejo/forgejo#11416

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11699
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 models/organization/org.go                          | 10 ++++++++++
 release-notes/11699.md                              |  1 +
 services/org/TestDeleteOrganization/follow.yml      |  4 ++++
 .../TestDeleteOrganization/forgejo_blocked_user.yml |  5 +++++
 services/org/TestDeleteOrganization/user.yml        | 13 +++++++++++++
 services/org/org_test.go                            |  4 ++++
 6 files changed, 37 insertions(+)
 create mode 100644 release-notes/11699.md
 create mode 100644 services/org/TestDeleteOrganization/follow.yml
 create mode 100644 services/org/TestDeleteOrganization/forgejo_blocked_user.yml
 create mode 100644 services/org/TestDeleteOrganization/user.yml

diff --git a/models/organization/org.go b/models/organization/org.go
index 7dcb78cb9b..02794ba2cb 100644
--- a/models/organization/org.go
+++ b/models/organization/org.go
@@ -397,6 +397,14 @@ func DeleteOrganization(ctx context.Context, org *Organization) error {
 		return fmt.Errorf("%s is a user not an organization", org.Name)
 	}
 
+	// Decrease following count of users that follow the organisation.
+	followerIDs, err := db.FindIDs(ctx, "follow", "follow.user_id", builder.Eq{"follow.follow_id": org.ID})
+	if err != nil {
+		return fmt.Errorf("get all followers: %w", err)
+	} else if err = db.DecrByIDs(ctx, followerIDs, "num_following", new(user_model.User)); err != nil {
+		return fmt.Errorf("decrease user num_following: %w", err)
+	}
+
 	if err := db.DeleteBeans(ctx,
 		&Team{OrgID: org.ID},
 		&OrgUser{OrgID: org.ID},
@@ -406,6 +414,8 @@ func DeleteOrganization(ctx context.Context, org *Organization) error {
 		&secret_model.Secret{OwnerID: org.ID},
 		&actions_model.ActionRunner{OwnerID: org.ID},
 		&actions_model.ActionRunnerToken{OwnerID: optional.Some(org.ID)},
+		&user_model.BlockedUser{UserID: org.ID},
+		&user_model.Follow{FollowID: org.ID},
 	); err != nil {
 		return fmt.Errorf("DeleteBeans: %w", err)
 	}
diff --git a/release-notes/11699.md b/release-notes/11699.md
new file mode 100644
index 0000000000..8ecf708442
--- /dev/null
+++ b/release-notes/11699.md
@@ -0,0 +1 @@
+fix: The DB entries about users following an organization and users blocked by an organization were not deleted when an organization was deleted. Orphaned entries can be cleaned up by running `forgejo doctor check --run check-db-consistency --fix`.
diff --git a/services/org/TestDeleteOrganization/follow.yml b/services/org/TestDeleteOrganization/follow.yml
new file mode 100644
index 0000000000..7677806934
--- /dev/null
+++ b/services/org/TestDeleteOrganization/follow.yml
@@ -0,0 +1,4 @@
+-
+  id: 1001
+  user_id: 1001
+  follow_id: 6
diff --git a/services/org/TestDeleteOrganization/forgejo_blocked_user.yml b/services/org/TestDeleteOrganization/forgejo_blocked_user.yml
new file mode 100644
index 0000000000..f1281fb65d
--- /dev/null
+++ b/services/org/TestDeleteOrganization/forgejo_blocked_user.yml
@@ -0,0 +1,5 @@
+-
+  id: 1001
+  user_id: 6
+  block_id: 1
+  created_unix: 1772018142
diff --git a/services/org/TestDeleteOrganization/user.yml b/services/org/TestDeleteOrganization/user.yml
new file mode 100644
index 0000000000..cb1ac4138f
--- /dev/null
+++ b/services/org/TestDeleteOrganization/user.yml
@@ -0,0 +1,13 @@
+-
+  id: 1001
+  lower_name: user1001
+  name: user1001
+  full_name: User That loves Upper Cases
+  email: AnotherTestUserWithUpperCaseEmail@otto.splvs.net
+  passwd: ZogKvWdyEx:password
+  passwd_hash_algo: dummy
+  avatar: ''
+  avatar_email: anothertestuserwithuppercaseemail@otto.splvs.net
+  login_name: user1
+  created_unix: 1772018142
+  num_following: 1
diff --git a/services/org/org_test.go b/services/org/org_test.go
index 38736286f4..fdb7f14008 100644
--- a/services/org/org_test.go
+++ b/services/org/org_test.go
@@ -32,6 +32,8 @@ func TestDeleteOrganization(t *testing.T) {
 	unittest.AssertNotExistsBean(t, &organization.OrgUser{OrgID: 6})
 	unittest.AssertNotExistsBean(t, &organization.Team{OrgID: 6})
 	unittest.AssertNotExistsBean(t, &actions.ActionRunnerToken{OwnerID: optional.Some[int64](6)})
+	unittest.AssertNotExistsBean(t, &user_model.Follow{FollowID: 6})
+	unittest.AssertNotExistsBean(t, &user_model.BlockedUser{UserID: 6})
 
 	org = unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
 	err := DeleteOrganization(db.DefaultContext, org, false)
@@ -41,4 +43,6 @@ func TestDeleteOrganization(t *testing.T) {
 	user := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 5})
 	require.Error(t, DeleteOrganization(db.DefaultContext, user, false))
 	unittest.CheckConsistencyFor(t, &user_model.User{}, &organization.Team{})
+
+	assert.Zero(t, unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1001}).NumFollowing)
 }

From 1c64bad453f22822a308ed31303f68b7c12e75e3 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 17 Mar 2026 18:44:23 +0100
Subject: [PATCH 519/854] fix: improve OAuth2 experience (#11715)

- fix: show oauth2 retrieve error
  - `true` indicates it only should be shown when the page is rendered
directly via `ctx.HTML` and not propagated if it redirects. As you can
see this always redirects and means the error is not shown.
  - Has the funny behavior that you get redirected to `/user/login`
without any indication what went wrong, no errors in the logs either.
- fix: pre-process OAuth2 client ID and secret
  - Spaces should are not appropriate for these input, remove them.
  - Manually copying and pasting client ID and secret from Github OAuth2
applications seems prone to introduce whitespaces.
  - The error of having a incorrect client ID is more noticeable (404 page
for the user).
  - The error of having a incorrect client secret is not noticeable (404
page for the goth library but no mention it's the wrong secret).

Reported-by: marijnh
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11715
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 routers/web/auth/oauth.go                   |  2 +-
 services/forms/auth_form.go                 |  4 +--
 tests/integration/admin_auth_source_test.go | 23 +++++++++++++
 tests/integration/oauth_test.go             | 37 +++++++++++++++++++++
 4 files changed, 63 insertions(+), 3 deletions(-)

diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index a53e718aa9..89d2fd37ce 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -1024,7 +1024,7 @@ func SignInOAuthCallback(ctx *context.Context) {
 			return
 		}
 		if err, ok := err.(*go_oauth2.RetrieveError); ok {
-			ctx.Flash.Error("OAuth2 RetrieveError: "+err.Error(), true)
+			ctx.Flash.Error("OAuth2 RetrieveError: " + err.Error())
 			ctx.Redirect(setting.AppSubURL + "/user/login")
 			return
 		}
diff --git a/services/forms/auth_form.go b/services/forms/auth_form.go
index 59c5f5b80f..9d60c1561f 100644
--- a/services/forms/auth_form.go
+++ b/services/forms/auth_form.go
@@ -57,8 +57,8 @@ type AuthenticationForm struct {
 	PAMServiceName                string
 	PAMEmailDomain                string
 	Oauth2Provider                string
-	Oauth2Key                     string
-	Oauth2Secret                  string
+	Oauth2Key                     string `preprocess:"TrimSpace"`
+	Oauth2Secret                  string `preprocess:"TrimSpace"`
 	OpenIDConnectAutoDiscoveryURL string
 	Oauth2UseCustomURL            bool
 	Oauth2TokenURL                string
diff --git a/tests/integration/admin_auth_source_test.go b/tests/integration/admin_auth_source_test.go
index 4b46541318..d655ec0c39 100644
--- a/tests/integration/admin_auth_source_test.go
+++ b/tests/integration/admin_auth_source_test.go
@@ -10,6 +10,8 @@ import (
 
 	"forgejo.org/models/auth"
 	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
 )
 
 func TestAdminAuthAllowUsernameChangeSetting(t *testing.T) {
@@ -30,3 +32,24 @@ func TestAdminAuthAllowUsernameChangeSetting(t *testing.T) {
 
 	htmlDoc.AssertElement(t, "#allow_username_change[checked]", true)
 }
+
+func TestAdminAuthTrimSpace(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	session := loginUser(t, "user1")
+
+	source := addAuthSource(t, map[string]string{
+		"type":            fmt.Sprintf("%d", auth.OAuth2),
+		"name":            "some-name",
+		"is_active":       "on",
+		"oauth2_provider": "gitlab",
+		"oauth2_key":      " public_id  ",
+		"oauth2_secret":   "  secret_key ",
+	})
+
+	response := session.MakeRequest(t, NewRequestf(t, "GET", "/admin/auths/%d", source.ID), http.StatusOK)
+	htmlDoc := NewHTMLParser(t, response.Body)
+
+	assert.Equal(t, "public_id", htmlDoc.GetInputValueByName("oauth2_key"))
+	assert.Equal(t, "secret_key", htmlDoc.GetInputValueByName("oauth2_secret"))
+}
diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go
index 2533a64a3d..27c66f0e5a 100644
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -26,11 +26,13 @@ import (
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
 	"forgejo.org/routers/web/auth"
+	app_context "forgejo.org/services/context"
 	"forgejo.org/tests"
 
 	"github.com/markbates/goth"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	go_oauth2 "golang.org/x/oauth2"
 )
 
 func TestAuthorizeNoClientID(t *testing.T) {
@@ -1803,3 +1805,38 @@ func TestSignInOAuthCallbackGothUserFields(t *testing.T) {
 		assert.True(t, logFiltered[1], "Expected trace log with IDToken")
 	})
 }
+
+func TestSignInOAuthCallbackSignInRetrieveError(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	gitlabName := "gitlab"
+	gitlab := addAuthSource(t, authSourcePayloadGitLabCustom(gitlabName))
+
+	userGitLabUserID := "5678"
+	userGitLab := &user_model.User{
+		Name:        "gitlabuser",
+		Email:       "gitlabuser@example.com",
+		Passwd:      "gitlabuserpassword",
+		Type:        user_model.UserTypeIndividual,
+		LoginType:   auth_model.OAuth2,
+		LoginSource: gitlab.ID,
+		LoginName:   userGitLabUserID,
+	}
+	defer createUser(t.Context(), t, userGitLab)()
+
+	defer mockCompleteUserAuth(func(res http.ResponseWriter, req *http.Request) (goth.User, error) {
+		return goth.User{}, &go_oauth2.RetrieveError{
+			Response: &http.Response{
+				Status: "404 Not Found",
+			},
+			Body: []byte("cooked"),
+		}
+	})()
+	sess := emptyTestSession(t)
+	resp := sess.MakeRequest(t, NewRequest(t, "GET", fmt.Sprintf("/user/oauth2/%s/callback?code=XYZ&state=XYZ", gitlabName)), http.StatusSeeOther)
+
+	assert.Equal(t, "/user/login", test.RedirectURL(resp))
+	flashCookie := sess.GetCookie(app_context.CookieNameFlash)
+	assert.NotNil(t, flashCookie)
+	assert.Equal(t, "error%3DOAuth2%2BRetrieveError%253A%2Boauth2%253A%2Bcannot%2Bfetch%2Btoken%253A%2B404%2BNot%2BFound%250AResponse%253A%2Bcooked", flashCookie.Value)
+}

From d7de47ea23cfb828d68cd7c7ba702a2101b8b945 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Tue, 17 Mar 2026 18:45:50 +0100
Subject: [PATCH 520/854] fix(ui): cleanup css deadcode related to stackable
 menus (#11719)

Followup to https://codeberg.org/forgejo/forgejo/pulls/11597#issuecomment-11486785

We only have two stackable menus in the UI:

https://codeberg.org/forgejo/forgejo/src/commit/c1787d06e2917e75eb8901ac0586abb34a54f669/templates/user/dashboard/navbar.tmpl#L2

https://codeberg.org/forgejo/forgejo/src/commit/c1787d06e2917e75eb8901ac0586abb34a54f669/web_src/js/components/DashboardRepoList.vue#L328

None of them have classes `right` or `pointing`. Not normally, not through JS.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11719
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 web_src/css/dashboard.css | 5 -----
 web_src/css/user.css      | 4 ----
 2 files changed, 9 deletions(-)

diff --git a/web_src/css/dashboard.css b/web_src/css/dashboard.css
index 9790e517c7..9c81ccc38a 100644
--- a/web_src/css/dashboard.css
+++ b/web_src/css/dashboard.css
@@ -50,11 +50,6 @@
   }
 }
 
-.dashboard.feeds .right.stackable.menu > .item.active,
-.dashboard.issues .right.stackable.menu > .item.active {
-  color: var(--color-red);
-}
-
 .dashboard .dashboard-repos,
 .dashboard .dashboard-orgs {
   margin-bottom: 0;
diff --git a/web_src/css/user.css b/web_src/css/user.css
index a647316fef..6f58dceb66 100644
--- a/web_src/css/user.css
+++ b/web_src/css/user.css
@@ -69,10 +69,6 @@
   }
 }
 
-.user.profile .ui.secondary.stackable.pointing.menu {
-  flex-wrap: wrap;
-}
-
 .user.link-account:not(.icon) {
   padding-top: 15px;
   padding-bottom: 5px;

From 06272bfdb892120a7b2da6bedf5c518bdff877dd Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 17 Mar 2026 18:46:08 +0100
Subject: [PATCH 521/854] Update module fillmore-labs.com/errortype to v0.0.11
 (forgejo) (#11707)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11707
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 16e97a1a5e..901cf78968 100644
--- a/Makefile
+++ b/Makefile
@@ -46,7 +46,7 @@ XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.42.0 # renovate: datasource=go
-ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.10 # renovate: datasource=go
+ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
 RENOVATE_NPM_PACKAGE ?= renovate@43.76.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 

From 178b2efbd2527308ed2242150b32bd41e81a7270 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 17 Mar 2026 18:47:31 +0100
Subject: [PATCH 522/854] Update module github.com/pquerna/otp to v1.5.0
 (forgejo) (#11700)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11700
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f8b35ab61a..4a5dc12f28 100644
--- a/go.mod
+++ b/go.mod
@@ -85,7 +85,7 @@ require (
 	github.com/olivere/elastic/v7 v7.0.32
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.1.1
-	github.com/pquerna/otp v1.4.0
+	github.com/pquerna/otp v1.5.0
 	github.com/prometheus/client_golang v1.21.1
 	github.com/redis/go-redis/v9 v9.17.3
 	github.com/robfig/cron/v3 v3.0.1
diff --git a/go.sum b/go.sum
index 2b390b170e..5784d82e7e 100644
--- a/go.sum
+++ b/go.sum
@@ -595,8 +595,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=
-github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
+github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
+github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/prometheus/client_golang v1.21.1 h1:DOvXXTqVzvkIewV/CDPFdejpMCGeMcbGCQ8YOmu+Ibk=
 github.com/prometheus/client_golang v1.21.1/go.mod h1:U9NM32ykUErtVBxdvD3zfi+EuFkkaBvMb09mIfe0Zgg=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=

From 26f401cab42656153d20a7bd361256a1928d970d Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Tue, 17 Mar 2026 18:51:29 +0100
Subject: [PATCH 523/854] fix: use CSS class to indicate that runner name is
 required (#11718)

Followup to https://codeberg.org/forgejo/forgejo/pulls/11516#issuecomment-11634760

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11718
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 options/locale_next/locale_en-US.json       |  4 ++--
 templates/shared/actions/runner_create.tmpl |  2 +-
 templates/shared/actions/runner_edit.tmpl   |  2 +-
 tests/e2e/runner-management.test.e2e.ts     | 24 ++++++++++-----------
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index bb4767f461..f73ae37355 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -456,7 +456,7 @@
 	"actions.runners.create_runner.page_title": "Create new runner",
 	"actions.runners.create_runner.title": "Create new runner",
 	"actions.runners.create_runner.properties_fieldset": "Properties",
-	"actions.runners.create_runner.name_label": "Name*",
+	"actions.runners.create_runner.name_label": "Name",
 	"actions.runners.create_runner.description_label": "Description",
 	"actions.runners.create_runner.create_button": "Create",
 	"actions.runners.create_runner.cancel_button": "Cancel",
@@ -464,7 +464,7 @@
 	"actions.runners.edit_runner.title": "Edit runner %s",
 	"actions.runners.edit_runner.properties_fieldset": "Properties",
 	"actions.runners.edit_runner.properties_options": "Options",
-	"actions.runners.edit_runner.name_label": "Name*",
+	"actions.runners.edit_runner.name_label": "Name",
 	"actions.runners.edit_runner.description_label": "Description",
 	"actions.runners.edit_runner.regenerate_token_label": "Regenerate token",
 	"actions.runners.edit_runner.regenerate_token_help": "The existing token will be invalidated immediately. You will receive a new token on the next page.",
diff --git a/templates/shared/actions/runner_create.tmpl b/templates/shared/actions/runner_create.tmpl
index d34b82cb97..d42005441e 100644
--- a/templates/shared/actions/runner_create.tmpl
+++ b/templates/shared/actions/runner_create.tmpl
@@ -6,7 +6,7 @@
 		<fieldset>
 			<legend>{{ctx.Locale.Tr "actions.runners.create_runner.properties_fieldset"}}</legend>
 			<div class="form-field">
-				<label for="name">{{ctx.Locale.Tr "actions.runners.create_runner.name_label"}}</label>
+				<label class="required" for="name">{{ctx.Locale.Tr "actions.runners.create_runner.name_label"}}</label>
 				<input id="name" name="runner_name" type="text" value="{{.Runner.Name}}"{{if .Err_RunnerName}} class="error"{{end}}>
 			</div>
 			<div class="form-field">
diff --git a/templates/shared/actions/runner_edit.tmpl b/templates/shared/actions/runner_edit.tmpl
index cd693abd75..7d5cc02e7f 100644
--- a/templates/shared/actions/runner_edit.tmpl
+++ b/templates/shared/actions/runner_edit.tmpl
@@ -6,7 +6,7 @@
 		<fieldset>
 			<legend>{{ctx.Locale.Tr "actions.runners.edit_runner.properties_fieldset"}}</legend>
 			<div class="form-field">
-				<label for="name">{{ctx.Locale.Tr "actions.runners.edit_runner.name_label"}}</label>
+				<label class="required" for="name">{{ctx.Locale.Tr "actions.runners.edit_runner.name_label"}}</label>
 				<input id="name" name="runner_name" type="text" value="{{.Runner.Name}}" {{if .Err_RunnerName}}class="error"{{end}}>
 			</div>
 			<div class="form-field">
diff --git a/tests/e2e/runner-management.test.e2e.ts b/tests/e2e/runner-management.test.e2e.ts
index ba01a3f870..8f4d5584be 100644
--- a/tests/e2e/runner-management.test.e2e.ts
+++ b/tests/e2e/runner-management.test.e2e.ts
@@ -108,7 +108,7 @@ test.describe('Runners of user2', () => {
     await expect(page.getByRole('paragraph')).toHaveText('Name cannot be empty.');
 
     // Submit a valid form to create a runner.
-    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-991301');
+    await page.getByRole('textbox', {name: 'Name *'}).fill('runner-991301');
     await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-991301');
 
     await page.getByRole('button', {name: 'Create'}).click();
@@ -155,7 +155,7 @@ test.describe('Runners of user2', () => {
 
     // We have to create a new runner because changes to fixtures would affect the remainder of the tests in this file.
     await page.getByRole('link', {name: 'Create new runner'}).click();
-    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-46635');
+    await page.getByRole('textbox', {name: 'Name *'}).fill('runner-46635');
     await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-46635');
     await page.getByRole('button', {name: 'Create'}).click();
 
@@ -169,15 +169,15 @@ test.describe('Runners of user2', () => {
     await expect(page.getByRole('heading', {name: 'Edit runner runner-46635'})).toBeVisible();
 
     // Make the form invalid to test validation.
-    await page.getByRole('textbox', {name: 'Name*'}).clear();
+    await page.getByRole('textbox', {name: 'Name *'}).clear();
     await page.getByRole('button', {name: 'Save'}).click();
 
     await expect(page.locator('#flash-message')).toHaveText('Name cannot be empty.');
-    await expect(page.getByRole('textbox', {name: 'Name*'})).toBeEmpty();
+    await expect(page.getByRole('textbox', {name: 'Name *'})).toBeEmpty();
     await expect(page.getByRole('textbox', {name: 'Description'})).toHaveValue('Description of runner-46635');
 
     // Submit a valid form.
-    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-46636');
+    await page.getByRole('textbox', {name: 'Name *'}).fill('runner-46636');
     await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-46636');
 
     await page.getByRole('button', {name: 'Save'}).click();
@@ -246,7 +246,7 @@ test.describe('Runners of user2', () => {
 
     // We have to create a new runner because changes to fixtures affect the remainder of the tests in this file.
     await page.getByRole('link', {name: 'Create new runner'}).click();
-    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-660332');
+    await page.getByRole('textbox', {name: 'Name *'}).fill('runner-660332');
     await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-660332');
     await page.getByRole('button', {name: 'Create'}).click();
 
@@ -399,7 +399,7 @@ test.describe('Global runners', () => {
     await expect(page.getByRole('paragraph')).toHaveText('Name cannot be empty.');
 
     // Submit a valid form to create a runner.
-    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-473465');
+    await page.getByRole('textbox', {name: 'Name *'}).fill('runner-473465');
     await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-473465');
 
     await page.getByRole('button', {name: 'Create'}).click();
@@ -446,7 +446,7 @@ test.describe('Global runners', () => {
 
     // We have to create a new runner because changes to fixtures would affect the remainder of the tests in this file.
     await page.getByRole('link', {name: 'Create new runner'}).click();
-    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-956857');
+    await page.getByRole('textbox', {name: 'Name *'}).fill('runner-956857');
     await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-956857');
     await page.getByRole('button', {name: 'Create'}).click();
 
@@ -460,15 +460,15 @@ test.describe('Global runners', () => {
     await expect(page.getByRole('heading', {name: 'Edit runner runner-956857'})).toBeVisible();
 
     // Make the form invalid to test validation.
-    await page.getByRole('textbox', {name: 'Name*'}).clear();
+    await page.getByRole('textbox', {name: 'Name *'}).clear();
     await page.getByRole('button', {name: 'Save'}).click();
 
     await expect(page.locator('#flash-message')).toHaveText('Name cannot be empty.');
-    await expect(page.getByRole('textbox', {name: 'Name*'})).toBeEmpty();
+    await expect(page.getByRole('textbox', {name: 'Name *'})).toBeEmpty();
     await expect(page.getByRole('textbox', {name: 'Description'})).toHaveValue('Description of runner-956857');
 
     // Submit a valid form.
-    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-956858');
+    await page.getByRole('textbox', {name: 'Name *'}).fill('runner-956858');
     await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-956858');
 
     await page.getByRole('button', {name: 'Save'}).click();
@@ -501,7 +501,7 @@ test.describe('Global runners', () => {
 
     // We have to create a new runner because changes to fixtures affect the remainder of the tests in this file.
     await page.getByRole('link', {name: 'Create new runner'}).click();
-    await page.getByRole('textbox', {name: 'Name*'}).fill('runner-650332');
+    await page.getByRole('textbox', {name: 'Name *'}).fill('runner-650332');
     await page.getByRole('textbox', {name: 'Description'}).fill('Description of runner-650332');
     await page.getByRole('button', {name: 'Create'}).click();
 

From 4643f006d95d1faa77b9462d65e4e6252a4e805b Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 17 Mar 2026 18:55:39 +0100
Subject: [PATCH 524/854] Update module github.com/ProtonMail/go-crypto to
 v1.4.0 (forgejo) (#11709)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11709
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 4a5dc12f28..5410931a45 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/42wim/httpsig v1.2.3
 	github.com/42wim/sshsig v0.0.0-20250502153856-5100632e8920
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
-	github.com/ProtonMail/go-crypto v1.3.0
+	github.com/ProtonMail/go-crypto v1.4.0
 	github.com/PuerkitoBio/goquery v1.11.0
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0
 	github.com/alecthomas/chroma/v2 v2.23.1
diff --git a/go.sum b/go.sum
index 5784d82e7e..b529fe7fe6 100644
--- a/go.sum
+++ b/go.sum
@@ -71,8 +71,8 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/ProtonMail/go-crypto v1.3.0 h1:ILq8+Sf5If5DCpHQp4PbZdS1J7HDFRXz/+xKBiRGFrw=
-github.com/ProtonMail/go-crypto v1.3.0/go.mod h1:9whxjD8Rbs29b4XWbB8irEcE8KHMqaR2e7GWU1R+/PE=
+github.com/ProtonMail/go-crypto v1.4.0 h1:Zq/pbM3F5DFgJiMouxEdSVY44MVoQNEKp5d5QxIQceQ=
+github.com/ProtonMail/go-crypto v1.4.0/go.mod h1:e1OaTyu5SYVrO9gKOEhTc+5UcXtTUa+P3uLudwcgPqo=
 github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
 github.com/PuerkitoBio/goquery v1.11.0/go.mod h1:wQHgxUOU3JGuj3oD/QFfxUdlzW6xPHfqyHre6VMY4DQ=
 github.com/RoaringBitmap/roaring/v2 v2.4.5 h1:uGrrMreGjvAtTBobc0g5IrW1D5ldxDQYe2JW2gggRdg=

From 7d2f1c2ee78a42c3d9980ca4fe516032b4257dab Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Tue, 17 Mar 2026 19:45:18 +0100
Subject: [PATCH 525/854] feat(ui): use better contrast color for required
 field indicator (#11677)

Use purpose-specific variable with better contrast on dark theme with fallback to generic variable, similarly to this rule: https://codeberg.org/forgejo/forgejo/src/commit/ce73827b7e516f3d8ccec59d1fab2295807b1557/web_src/css/base.css#L664-L666

### Preview

![](/attachments/eec8cb4f-cd8a-472d-ab98-9c73feaf82ff)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11677
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 web_src/css/form.css | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web_src/css/form.css b/web_src/css/form.css
index b335f27c07..5263d61d5d 100644
--- a/web_src/css/form.css
+++ b/web_src/css/form.css
@@ -268,7 +268,7 @@ input:-webkit-autofill:active,
 .ui.form .required.fields > .field > label::after,
 .ui.form .required.field > label::after,
 .ui.form label.required::after {
-  color: var(--color-red);
+  color: var(--color-thin-red, var(--color-red));
 }
 
 .ui.input {

From 9a741f7bd502239025b7cba39934f3b0a71aaac2 Mon Sep 17 00:00:00 2001
From: Artyom Bologov <git@aartaka.me>
Date: Tue, 17 Mar 2026 23:03:17 +0100
Subject: [PATCH 526/854] fix: make repository menu not overflow with JS off
 (#11614)

Closes #11400

Overflow is handled by javascript to show a button instead of horizontally scrolling, this is not the case when javascript is disabled. Add CSS to handle overflow, does not interfere with the javascript.

## Testing
1. Go to any repository.
2. Turn off javascript.
3. Make viewport width small.
4. Observe that repository menu under the repository header doesn't overflow.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11614
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Artyom Bologov <git@aartaka.me>
Co-committed-by: Artyom Bologov <git@aartaka.me>
---
 web_src/css/base.css | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web_src/css/base.css b/web_src/css/base.css
index d023699a9d..68b5c7b323 100644
--- a/web_src/css/base.css
+++ b/web_src/css/base.css
@@ -985,6 +985,7 @@ strong.attention-caution, svg.attention-caution {
 overflow-menu {
   border-bottom: 1px solid var(--color-secondary) !important;
   display: flex;
+  overflow-x: auto;
 }
 
 overflow-menu .overflow-menu-items {

From c987e8e3ce3cd3efc39ef94c8e1037b6755b9c50 Mon Sep 17 00:00:00 2001
From: Brandon Rothweiler <bdr9@noreply.codeberg.org>
Date: Tue, 17 Mar 2026 23:39:10 +0100
Subject: [PATCH 527/854] fix: remove template file from generated repo
 (#11691)

This PR fixes a bug where the previously-implemented functionality to delete the `.gitea/template` or `.forgejo/template` file when generating a repository from a template was not working. The issue happened because the code was using `util.Remove()` with a relative path, but this resolves against the process working directory instead of the temporary clone directory. The fix was to use `root.Remove()` which is based on an `os.OpenRoot()` anchored at `tmpDir`.

Updated integration tests and verified that they pass with this change and fail without it.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11691
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Brandon Rothweiler <bdr9@noreply.codeberg.org>
Co-committed-by: Brandon Rothweiler <bdr9@noreply.codeberg.org>
---
 services/repository/generate_repo_commit.go      | 16 ++++++++--------
 .../repository/generate_repo_commit_legacy.go    | 16 ++++++++--------
 tests/integration/repo_generate_test.go          | 14 ++++++++++++++
 3 files changed, 30 insertions(+), 16 deletions(-)

diff --git a/services/repository/generate_repo_commit.go b/services/repository/generate_repo_commit.go
index 6c20ea41db..981649c677 100644
--- a/services/repository/generate_repo_commit.go
+++ b/services/repository/generate_repo_commit.go
@@ -54,19 +54,19 @@ func generateRepoCommit(ctx context.Context, repo, templateRepo, generateRepo *r
 	}
 
 	if gt != nil {
-		if err := util.Remove(gt.Path); err != nil {
+		// All file access should be done through `root` to avoid file traversal attacks, especially with symlinks
+		root, err := os.OpenRoot(tmpDir)
+		if err != nil {
+			return fmt.Errorf("open root: %w", err)
+		}
+		defer root.Close()
+
+		if err := root.Remove(gt.Path); err != nil {
 			return fmt.Errorf("remove .giteatemplate: %w", err)
 		}
 
 		// Avoid walking tree if there are no globs
 		if len(gt.Globs()) > 0 {
-			// All file access should be done through `root` to avoid file traversal attacks, especially with symlinks
-			root, err := os.OpenRoot(tmpDir)
-			if err != nil {
-				return fmt.Errorf("open root: %w", err)
-			}
-			defer root.Close()
-
 			tmpDirSlash := strings.TrimSuffix(filepath.ToSlash(tmpDir), "/") + "/"
 			if err := filepath.WalkDir(tmpDirSlash, func(path string, d os.DirEntry, walkErr error) error {
 				if walkErr != nil {
diff --git a/services/repository/generate_repo_commit_legacy.go b/services/repository/generate_repo_commit_legacy.go
index 7f2aa8d814..a4d47c9975 100644
--- a/services/repository/generate_repo_commit_legacy.go
+++ b/services/repository/generate_repo_commit_legacy.go
@@ -55,19 +55,19 @@ func generateRepoCommit(ctx context.Context, repo, templateRepo, generateRepo *r
 	}
 
 	if gt != nil {
-		if err := util.Remove(gt.Path); err != nil {
+		// All file access should be done through `root` to avoid file traversal attacks, especially with symlinks
+		root, err := os.OpenRoot(tmpDir)
+		if err != nil {
+			return fmt.Errorf("open root: %w", err)
+		}
+		defer root.Close()
+
+		if err := root.Remove(gt.Path); err != nil {
 			return fmt.Errorf("remove .giteatemplate: %w", err)
 		}
 
 		// Avoid walking tree if there are no globs
 		if len(gt.Globs()) > 0 {
-			// All file access should be done through `root` to avoid file traversal attacks, especially with symlinks
-			root, err := os.OpenRoot(tmpDir)
-			if err != nil {
-				return fmt.Errorf("open root: %w", err)
-			}
-			defer root.Close()
-
 			tmpDirSlash := strings.TrimSuffix(filepath.ToSlash(tmpDir), "/") + "/"
 			if err := filepath.WalkDir(tmpDirSlash, func(path string, d os.DirEntry, walkErr error) error {
 				if walkErr != nil {
diff --git a/tests/integration/repo_generate_test.go b/tests/integration/repo_generate_test.go
index af3415566a..637f0a478d 100644
--- a/tests/integration/repo_generate_test.go
+++ b/tests/integration/repo_generate_test.go
@@ -120,6 +120,10 @@ Clone URL: %s%s/%s.git`,
 	req = NewRequestf(t, "GET", "/%s/%s/raw/branch/master/%s.log", generateOwner.Name, generateRepoName, generateRepoName)
 	resp = session.MakeRequest(t, req, http.StatusOK)
 	assert.Equal(t, generateRepoName, resp.Body.String())
+
+	// The .gitea/template file should not be present in the generated repo
+	req = NewRequestf(t, "GET", "/%s/%s/raw/branch/master/.gitea/template", generateOwner.Name, generateRepoName)
+	session.MakeRequest(t, req, http.StatusNotFound)
 }
 
 // test form elements before and after POST error response
@@ -291,6 +295,16 @@ func TestRepoGenerateTemplating(t *testing.T) {
 			user.Name,
 			generatedName)
 		assert.Equal(t, body, resp.Body.String())
+
+		// The .forgejo/template file should not be present in the generated repo
+		req = NewRequestf(
+			t,
+			"GET", "/%s/%s/raw/branch/%s/.forgejo/template",
+			user.Name,
+			generatedName,
+			template.DefaultBranch,
+		)
+		session.MakeRequest(t, req, http.StatusNotFound)
 	})
 }
 

From d8f1e7a060e8d2a2700bca59da4f2c22a7b64010 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 18 Mar 2026 13:42:33 +0100
Subject: [PATCH 528/854] Update module golang.org/x/crypto to v0.49.0
 (forgejo) (#11728)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11728
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod |  6 +++---
 go.sum | 16 ++++++++--------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/go.mod b/go.mod
index 5410931a45..35774fcec1 100644
--- a/go.mod
+++ b/go.mod
@@ -102,13 +102,13 @@ require (
 	gitlab.com/gitlab-org/api/client-go v0.143.2
 	go.uber.org/mock v0.6.0
 	go.yaml.in/yaml/v3 v3.0.4
-	golang.org/x/crypto v0.48.0
+	golang.org/x/crypto v0.49.0
 	golang.org/x/image v0.36.0
 	golang.org/x/net v0.51.0
 	golang.org/x/oauth2 v0.34.0
-	golang.org/x/sync v0.19.0
+	golang.org/x/sync v0.20.0
 	golang.org/x/sys v0.42.0
-	golang.org/x/text v0.34.0
+	golang.org/x/text v0.35.0
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
diff --git a/go.sum b/go.sum
index b529fe7fe6..7494efffa6 100644
--- a/go.sum
+++ b/go.sum
@@ -722,8 +722,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts=
-golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos=
+golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
+golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -813,8 +813,8 @@ golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
 golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
-golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
+golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -860,8 +860,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.40.0 h1:36e4zGLqU4yhjlmxEaagx2KuYbJq3EwY8K943ZsHcvg=
-golang.org/x/term v0.40.0/go.mod h1:w2P8uVp06p2iyKKuvXIm7N/y0UCRt3UfJTfZ7oOpglM=
+golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU=
+golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -875,8 +875,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
-golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
+golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
+golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=

From 28e0af25b4bdbdae0fa99470b986acfa005eb12a Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 18 Mar 2026 17:01:44 +0100
Subject: [PATCH 529/854] perf: remove redundant & incorrect filters on
 'SearchRepoOptions.OwnerID' (#11729)

Improves the performance of the `/repo/search?uid=N` API call, which is used on the user's dashboard to load a repo list.  More detailed notes are in https://codeberg.org/forgejo/forgejo/issues/11702.

Removes a redundant query condition (that a user was part of a team in an organization which could see a repo), and a condition that seems incorrect (that a repo could be seen just by being public within a private org, which is incorrect because that doesn't mean the user is a collaborator on the repo).

Covered by over 30 test cases in `repo_list_test.go` which did not fail from these changes.  Mutation testing (removing the remaining "2." condition) verified that the codepath is covered as tests did fail.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11729
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/repo/repo_list.go | 39 +++++----------------------------------
 1 file changed, 5 insertions(+), 34 deletions(-)

diff --git a/models/repo/repo_list.go b/models/repo/repo_list.go
index 5f56e43270..71ec8362f2 100644
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@@ -313,23 +313,6 @@ func userOrgPublicRepoCond(userID int64) builder.Cond {
 	)
 }
 
-// userOrgPublicRepoCondPrivate returns the condition that one user could access all public repositories in private organizations
-func userOrgPublicRepoCondPrivate(userID int64) builder.Cond {
-	return builder.And(
-		builder.Eq{"`repository`.is_private": false},
-		builder.In("`repository`.owner_id",
-			builder.Select("`org_user`.org_id").
-				From("org_user").
-				Join("INNER", "`user`", "`user`.id = `org_user`.org_id").
-				Where(builder.Eq{
-					"`org_user`.uid":    userID,
-					"`user`.`type`":     user_model.UserTypeOrganization,
-					"`user`.visibility": structs.VisibleTypePrivate,
-				}),
-		),
-	)
-}
-
 // UserOrgPublicUnitRepoCond returns the condition that one user could access all public repositories in the special organization
 func UserOrgPublicUnitRepoCond(userID, orgID int64) builder.Cond {
 	return userOrgPublicRepoCond(userID).
@@ -382,26 +365,14 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 		}
 
 		if opts.Collaborate.ValueOrDefault(true) {
-			// A Collaboration is:
-
 			collaborateCond := builder.NewCond()
+
+			// A Collaboration is:
 			// 1. Repository we don't own
 			collaborateCond = collaborateCond.And(builder.Neq{"owner_id": opts.OwnerID})
-			// 2. But we can see because of:
-			{
-				userAccessCond := builder.NewCond()
-				// A. We have unit independent access
-				userAccessCond = userAccessCond.Or(UserAccessRepoCond("`repository`.id", opts.OwnerID))
-				// B. We are in a team for
-				if opts.UnitType == unit.TypeInvalid {
-					userAccessCond = userAccessCond.Or(UserOrgTeamRepoCond("`repository`.id", opts.OwnerID))
-				} else {
-					userAccessCond = userAccessCond.Or(userOrgTeamUnitRepoCond("`repository`.id", opts.OwnerID, opts.UnitType))
-				}
-				// C. Public repositories in organizations that we are member of
-				userAccessCond = userAccessCond.Or(userOrgPublicRepoCondPrivate(opts.OwnerID))
-				collaborateCond = collaborateCond.And(userAccessCond)
-			}
+			// 2. But we can have access to unit on the repo > AccessModeNone
+			collaborateCond = collaborateCond.And(UserAccessRepoCond("`repository`.id", opts.OwnerID))
+
 			if !opts.Private {
 				collaborateCond = collaborateCond.And(builder.Expr("owner_id NOT IN (SELECT org_id FROM org_user WHERE org_user.uid = ? AND org_user.is_public = ?)", opts.OwnerID, false))
 			}

From f0657b38a574dc4e7bf604b115dd07216ec784d9 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Wed, 18 Mar 2026 20:17:50 +0100
Subject: [PATCH 530/854] fix: prevent container registry headers from leaking
 into other registries (#11733)

https://codeberg.org/forgejo/forgejo/issues/11711 discovered that headers from the container registry are leaking into the other registries. That was introduced by https://codeberg.org/forgejo/forgejo/pulls/11393. This PR fixes the problem and adds a regression test to the Maven repository.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11733
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 routers/api/packages/api.go                   | 23 +++++++++++++++----
 .../api_packages_container_test.go            |  2 +-
 tests/integration/api_packages_maven_test.go  | 14 +++++++++++
 3 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 800e3514d9..0b46cc66b0 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -120,6 +120,24 @@ func verifyAuth(r *web.Route, authMethods []auth.Method) {
 	}
 	authGroup := auth.NewGroup(authMethods...)
 
+	r.Use(func(ctx *context.Context) {
+		var err error
+		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
+		if err != nil {
+			log.Info("Failed to verify user: %v", err)
+			ctx.Error(http.StatusUnauthorized, "authGroup.Verify")
+			return
+		}
+		ctx.IsSigned = ctx.Doer != nil
+	})
+}
+
+func verifyContainerAuth(r *web.Route, authMethods []auth.Method) {
+	if setting.Service.EnableReverseProxyAuth {
+		authMethods = append(authMethods, &auth.ReverseProxy{})
+	}
+	authGroup := auth.NewGroup(authMethods...)
+
 	r.Use(func(ctx *context.Context) {
 		var err error
 		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
@@ -786,10 +804,7 @@ func ContainerRoutes() *web.Route {
 
 	r.Use(context.PackageContexter())
 
-	verifyAuth(r, []auth.Method{
-		&auth.Basic{},
-		&container.Auth{},
-	})
+	verifyContainerAuth(r, []auth.Method{&auth.Basic{}, &container.Auth{}})
 
 	r.Get("", container.ReqContainerAccess, container.DetermineSupport)
 	r.Group("/token", func() {
diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go
index 75b703941a..6775f3d228 100644
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -180,7 +180,7 @@ func TestPackageContainer(t *testing.T) {
 
 			req := NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))
 			// Setting the header explicitly instead of using AddBasicAuth to supply an invalid password.
-			req.Request.Header.Set("Authorization", "Basic "+base64.StdEncoding.EncodeToString([]byte("user2:very-invalid")))
+			req.SetBasicAuth("user2", "very-invalid")
 			resp := MakeRequest(t, req, http.StatusUnauthorized)
 
 			assert.Equal(t, authenticate, resp.Header().Values("WWW-Authenticate"))
diff --git a/tests/integration/api_packages_maven_test.go b/tests/integration/api_packages_maven_test.go
index 9490d52890..74e7883443 100644
--- a/tests/integration/api_packages_maven_test.go
+++ b/tests/integration/api_packages_maven_test.go
@@ -254,6 +254,20 @@ func TestPackageMaven(t *testing.T) {
 		resp := MakeRequest(t, req, http.StatusOK)
 		assert.NotContains(t, resp.Body.String(), "Internal server error")
 	})
+
+	t.Run("Invalid credentials", func(t *testing.T) {
+		req := NewRequest(t, "HEAD", fmt.Sprintf("%s/%s/%s", root, packageVersion, filename))
+		req.SetBasicAuth(user.Name, "invalid")
+		resp := MakeRequest(t, req, http.StatusUnauthorized)
+
+		// Verify that headers from other package endpoints do not leak into the Maven registry. That Forgejo responds
+		// with 401 Unauthorized without including any WWW-Authenticate header is *wrong*, though.
+		assert.Empty(t, resp.Header().Values("WWW-Authenticate"))
+
+		// Verify that the request would work with correct credentials.
+		req.AddBasicAuth(user.Name)
+		MakeRequest(t, req, http.StatusOK)
+	})
 }
 
 func TestPackageMavenConcurrent(t *testing.T) {

From 05272aad9964940126ea8559722a60e341648583 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 18 Mar 2026 20:23:38 +0100
Subject: [PATCH 531/854] Update module github.com/urfave/cli/v3 to v3.7.0
 (forgejo) (#11713)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11713
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 cmd/main.go | 2 --
 go.mod      | 4 +---
 go.sum      | 4 ++--
 3 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/cmd/main.go b/cmd/main.go
index 65cde47884..005dd763cf 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -80,7 +80,6 @@ func appGlobalFlags() []cli.Flag {
 func prepareSubcommandWithConfig(command *cli.Command, globalFlags func() []cli.Flag) {
 	command.Flags = append(globalFlags(), command.Flags...)
 	command.Action = prepareWorkPathAndCustomConf(command.Action)
-	command.HideHelp = true
 	if command.Name != "help" {
 		command.Commands = append(command.Commands, cmdHelp())
 	}
@@ -199,7 +198,6 @@ func innerNewMainApp(version, versionExtra string, subCmdsStandaloneArgs, subCmd
 	}
 	app.Flags = append(app.Flags, cli.VersionFlag)
 	app.Flags = append(app.Flags, globalFlags()...)
-	app.HideHelp = true // use our own help action to show helps (with more information like default config)
 	app.Before = PrepareConsoleLoggerLevel(log.INFO)
 	for i := range subCmdWithConfig {
 		prepareSubcommandWithConfig(subCmdWithConfig[i], globalFlags)
diff --git a/go.mod b/go.mod
index 35774fcec1..7920d499a5 100644
--- a/go.mod
+++ b/go.mod
@@ -94,7 +94,7 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/syndtr/goleveldb v1.0.0
 	github.com/ulikunitz/xz v0.5.15
-	github.com/urfave/cli/v3 v3.6.2
+	github.com/urfave/cli/v3 v3.7.0
 	github.com/valyala/fastjson v1.6.10
 	github.com/yohcop/openid-go v1.0.1
 	github.com/yuin/goldmark v1.7.16
@@ -275,5 +275,3 @@ replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-2024121
 replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
 
 replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.8
-
-replace github.com/urfave/cli/v3 => github.com/urfave/cli/v3 v3.5.0
diff --git a/go.sum b/go.sum
index 7494efffa6..1c6ac206f4 100644
--- a/go.sum
+++ b/go.sum
@@ -660,8 +660,8 @@ github.com/tinylib/msgp v1.6.1/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77ro
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
 github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli/v3 v3.5.0 h1:qCuFMmdayTF3zmjG8TSsoBzrDqszNrklYg2x3g4MSgw=
-github.com/urfave/cli/v3 v3.5.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
+github.com/urfave/cli/v3 v3.7.0 h1:AGSnbUyjtLiM+WJUb4dzXKldl/gL+F8OwmRDtVr6g2U=
+github.com/urfave/cli/v3 v3.7.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/valyala/fastjson v1.6.10 h1:/yjJg8jaVQdYR3arGxPE2X5z89xrlhS0eGXdv+ADTh4=
 github.com/valyala/fastjson v1.6.10/go.mod h1:e6FubmQouUNP73jtMLmcbxS6ydWIpOfhz34TSfO3JaE=

From aef91ab1a30dd69e742ead20b70e192165b674d4 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 18 Mar 2026 22:33:14 +0100
Subject: [PATCH 532/854] ui: move "New access token" to a separate UI page
 (#11659)

We are updating the user's personal access token page (`/user/settings/applications`) to allow the creation of repo-specific tokens, adding a third option to "Repository and Organization Access".  In preparation for this new UI, this PR moves the creation of access tokens to a new page accessed by "New access token".

This also resolves a pet-peeve: the "Select permissions" dropdown on the inline edit form hides a *required* input for an access token.  This section is expanded on the new dedicated page.  (The Vue component used here is replaced with a JS-free alternative as well.  This form component used to lose selected values when an error occurred, and it didn't make sense as a Vue component, so it has been translated into an HTML template instead.)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11659
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 options/locale_next/locale_en-US.json         |   1 +
 routers/web/user/setting/access_token.go      | 134 ++++++++++++++++++
 routers/web/user/setting/applications.go      |  85 -----------
 routers/web/web.go                            |  15 +-
 .../user/settings/access_token_edit.tmpl      |  63 ++++++++
 templates/user/settings/applications.tmpl     |  49 +------
 tests/e2e/user-settings.test.e2e.ts           |  22 ++-
 tests/integration/api_admin_org_test.go       |   2 +-
 tests/integration/api_admin_test.go           |   4 +-
 tests/integration/api_fork_test.go            |   2 +-
 tests/integration/api_repo_git_blobs_test.go  |   2 +-
 tests/integration/api_repo_git_trees_test.go  |   2 +-
 tests/integration/integration_test.go         |   4 +-
 tests/integration/mirror_push_test.go         |  10 +-
 tests/integration/repo_tag_test.go            |   8 +-
 tests/integration/signing_git_test.go         |   2 +-
 tests/integration/user_test.go                |   4 +-
 .../components/ScopedAccessTokenSelector.vue  | 104 --------------
 .../features/scoped-access-token-selector.ts  |  14 --
 web_src/js/index.js                           |   2 -
 20 files changed, 255 insertions(+), 274 deletions(-)
 create mode 100644 routers/web/user/setting/access_token.go
 create mode 100644 templates/user/settings/access_token_edit.tmpl
 delete mode 100644 web_src/js/components/ScopedAccessTokenSelector.vue
 delete mode 100644 web_src/js/features/scoped-access-token-selector.ts

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index f73ae37355..1a4036b79b 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -192,6 +192,7 @@
 	"settings.twofa_reenroll.description": "Re-enroll your two-factor authentication",
 	"settings.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts.",
 	"settings.specific_repo_access": "Repository access",
+	"settings.new_access_token": "New access token",
 	"error.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts. Enable it at: %s",
 	"avatar.constraints_hint": "Custom avatar may not exceed %[1]s in size or be larger than %[2]dx%[3]d pixels",
 	"user.ghost.tooltip": "This user has been deleted, or cannot be matched.",
diff --git a/routers/web/user/setting/access_token.go b/routers/web/user/setting/access_token.go
new file mode 100644
index 0000000000..293bb19456
--- /dev/null
+++ b/routers/web/user/setting/access_token.go
@@ -0,0 +1,134 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"net/http"
+	"slices"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/modules/base"
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/web"
+	"forgejo.org/services/context"
+	"forgejo.org/services/forms"
+)
+
+const (
+	tplAccessTokenEdit base.TplName = "user/settings/access_token_edit"
+)
+
+func loadAccessTokenCreateData(ctx *context.Context) {
+	ctx.Data["AccessTokenScopePublicOnly"] = string(auth_model.AccessTokenScopePublicOnly) // note: SliceUtils.Contains won't work in the template if this is a `auth_model.AccessTokenScope`, so it's cast to a string here
+
+	categories := []string{
+		"activitypub",
+		"issue",
+		"misc",
+		"notification",
+		"organization",
+		"package",
+		"repository",
+		"user",
+	}
+	if ctx.Doer.IsAdmin {
+		categories = append(categories, "admin")
+	}
+	slices.Sort(categories)
+	ctx.Data["Categories"] = categories
+}
+
+// Applications render manage access token page
+func AccessTokenCreate(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("settings.applications")
+	ctx.Data["PageIsSettingsApplications"] = true
+
+	loadAccessTokenCreateData(ctx)
+
+	ctx.HTML(http.StatusOK, tplAccessTokenEdit)
+}
+
+// ApplicationsPost response for add user's access token
+func AccessTokenCreatePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.NewAccessTokenForm)
+	ctx.Data["Title"] = ctx.Tr("settings")
+	ctx.Data["PageIsSettingsApplications"] = true
+
+	if ctx.HasError() {
+		loadAccessTokenCreateData(ctx)
+		ctx.HTML(http.StatusOK, tplAccessTokenEdit)
+		return
+	}
+
+	scope, err := form.GetScope()
+	if err != nil {
+		ctx.ServerError("GetScope", err)
+		return
+	}
+	if !scope.HasPermissionScope() {
+		loadAccessTokenCreateData(ctx)
+		ctx.RenderWithErr(ctx.Tr("settings.at_least_one_permission"), tplAccessTokenEdit, form)
+		return
+	}
+	t := &auth_model.AccessToken{
+		UID:   ctx.Doer.ID,
+		Name:  form.Name,
+		Scope: scope,
+
+		// maintain legacy behaviour until new UI options are added -- token has access to all resources, is not
+		// fine-grained
+		ResourceAllRepos: true,
+	}
+
+	exist, err := auth_model.AccessTokenByNameExists(ctx, t)
+	if err != nil {
+		ctx.ServerError("AccessTokenByNameExists", err)
+		return
+	}
+	if exist {
+		loadAccessTokenCreateData(ctx)
+		ctx.RenderWithErr(ctx.Tr("settings.generate_token_name_duplicate", t.Name), tplAccessTokenEdit, form)
+		return
+	}
+
+	if err := auth_model.NewAccessToken(ctx, t); err != nil {
+		ctx.ServerError("NewAccessToken", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("settings.generate_token_success"))
+	ctx.Flash.Info(t.Token)
+
+	ctx.Redirect(setting.AppSubURL + "/user/settings/applications")
+}
+
+// DeleteAccessToken response for delete user access token
+func DeleteAccessToken(ctx *context.Context) {
+	if err := auth_model.DeleteAccessTokenByID(ctx, ctx.FormInt64("id"), ctx.Doer.ID); err != nil {
+		ctx.Flash.Error("DeleteAccessTokenByID: " + err.Error())
+	} else {
+		ctx.Flash.Success(ctx.Tr("settings.delete_token_success"))
+	}
+
+	ctx.JSONRedirect(setting.AppSubURL + "/user/settings/applications")
+}
+
+// RegenerateAccessToken response for regenerating user access token
+func RegenerateAccessToken(ctx *context.Context) {
+	if t, err := auth_model.RegenerateAccessTokenByID(ctx, ctx.FormInt64("id"), ctx.Doer.ID); err != nil {
+		if auth_model.IsErrAccessTokenNotExist(err) {
+			ctx.Flash.Error(ctx.Tr("error.not_found"))
+		} else {
+			ctx.Flash.Error(ctx.Tr("error.server_internal"))
+			log.Error("DeleteAccessTokenByID", err)
+		}
+	} else {
+		ctx.Flash.Success(ctx.Tr("settings.regenerate_token_success"))
+		ctx.Flash.Info(t.Token)
+	}
+
+	ctx.JSONRedirect(setting.AppSubURL + "/user/settings/applications")
+}
diff --git a/routers/web/user/setting/applications.go b/routers/web/user/setting/applications.go
index a5c38b8dc3..cdb610e5e2 100644
--- a/routers/web/user/setting/applications.go
+++ b/routers/web/user/setting/applications.go
@@ -12,11 +12,8 @@ import (
 	access_model "forgejo.org/models/perm/access"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/modules/base"
-	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
-	"forgejo.org/modules/web"
 	"forgejo.org/services/context"
-	"forgejo.org/services/forms"
 )
 
 const (
@@ -33,94 +30,12 @@ func Applications(ctx *context.Context) {
 	ctx.HTML(http.StatusOK, tplSettingsApplications)
 }
 
-// ApplicationsPost response for add user's access token
-func ApplicationsPost(ctx *context.Context) {
-	form := web.GetForm(ctx).(*forms.NewAccessTokenForm)
-	ctx.Data["Title"] = ctx.Tr("settings")
-	ctx.Data["PageIsSettingsApplications"] = true
-
-	if ctx.HasError() {
-		loadApplicationsData(ctx)
-
-		ctx.HTML(http.StatusOK, tplSettingsApplications)
-		return
-	}
-
-	scope, err := form.GetScope()
-	if err != nil {
-		ctx.ServerError("GetScope", err)
-		return
-	}
-	if !scope.HasPermissionScope() {
-		ctx.Flash.Error(ctx.Tr("settings.at_least_one_permission"), true)
-	}
-	t := &auth_model.AccessToken{
-		UID:   ctx.Doer.ID,
-		Name:  form.Name,
-		Scope: scope,
-
-		// maintain legacy behaviour until new UI options are added -- token has access to all resources, is not
-		// fine-grained
-		ResourceAllRepos: true,
-	}
-
-	exist, err := auth_model.AccessTokenByNameExists(ctx, t)
-	if err != nil {
-		ctx.ServerError("AccessTokenByNameExists", err)
-		return
-	}
-	if exist {
-		ctx.Flash.Error(ctx.Tr("settings.generate_token_name_duplicate", t.Name))
-		ctx.Redirect(setting.AppSubURL + "/user/settings/applications")
-		return
-	}
-
-	if err := auth_model.NewAccessToken(ctx, t); err != nil {
-		ctx.ServerError("NewAccessToken", err)
-		return
-	}
-
-	ctx.Flash.Success(ctx.Tr("settings.generate_token_success"))
-	ctx.Flash.Info(t.Token)
-
-	ctx.Redirect(setting.AppSubURL + "/user/settings/applications")
-}
-
-// DeleteApplication response for delete user access token
-func DeleteApplication(ctx *context.Context) {
-	if err := auth_model.DeleteAccessTokenByID(ctx, ctx.FormInt64("id"), ctx.Doer.ID); err != nil {
-		ctx.Flash.Error("DeleteAccessTokenByID: " + err.Error())
-	} else {
-		ctx.Flash.Success(ctx.Tr("settings.delete_token_success"))
-	}
-
-	ctx.JSONRedirect(setting.AppSubURL + "/user/settings/applications")
-}
-
-// RegenerateApplication response for regenerating user access token
-func RegenerateApplication(ctx *context.Context) {
-	if t, err := auth_model.RegenerateAccessTokenByID(ctx, ctx.FormInt64("id"), ctx.Doer.ID); err != nil {
-		if auth_model.IsErrAccessTokenNotExist(err) {
-			ctx.Flash.Error(ctx.Tr("error.not_found"))
-		} else {
-			ctx.Flash.Error(ctx.Tr("error.server_internal"))
-			log.Error("DeleteAccessTokenByID", err)
-		}
-	} else {
-		ctx.Flash.Success(ctx.Tr("settings.regenerate_token_success"))
-		ctx.Flash.Info(t.Token)
-	}
-
-	ctx.JSONRedirect(setting.AppSubURL + "/user/settings/applications")
-}
-
 type TokenWithResources struct {
 	Token        *auth_model.AccessToken
 	Repositories []*repo_model.Repository
 }
 
 func loadApplicationsData(ctx *context.Context) {
-	ctx.Data["AccessTokenScopePublicOnly"] = auth_model.AccessTokenScopePublicOnly
 	tokens, err := db.Find[auth_model.AccessToken](ctx, auth_model.ListAccessTokensOptions{UserID: ctx.Doer.ID})
 	if err != nil {
 		ctx.ServerError("ListAccessTokens", err)
diff --git a/routers/web/web.go b/routers/web/web.go
index f8132707ca..5ea90c1eea 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -631,11 +631,16 @@ func registerRoutes(m *web.Route) {
 				m.Post("/{id}/revoke/{grantId}", user_setting.RevokeOAuth2Grant)
 			}, oauth2Enabled)
 
-			// access token applications
-			m.Combo("").Get(user_setting.Applications).
-				Post(web.Bind(forms.NewAccessTokenForm{}), user_setting.ApplicationsPost)
-			m.Post("/delete", user_setting.DeleteApplication)
-			m.Post("/regenerate", user_setting.RegenerateApplication)
+			// access token
+			m.Group("/tokens", func() {
+				m.Combo("/new").
+					Get(user_setting.AccessTokenCreate).
+					Post(web.Bind(forms.NewAccessTokenForm{}), user_setting.AccessTokenCreatePost)
+				m.Post("/delete", user_setting.DeleteAccessToken)
+				m.Post("/regenerate", user_setting.RegenerateAccessToken)
+			})
+
+			m.Get("", user_setting.Applications)
 		})
 
 		m.Combo("/keys").Get(user_setting.Keys).
diff --git a/templates/user/settings/access_token_edit.tmpl b/templates/user/settings/access_token_edit.tmpl
new file mode 100644
index 0000000000..c53fafeb1a
--- /dev/null
+++ b/templates/user/settings/access_token_edit.tmpl
@@ -0,0 +1,63 @@
+{{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings applications")}}
+	<div class="user-setting-content">
+		<h4 class="ui top attached header">
+			{{ctx.Locale.Tr "settings.manage_access_token"}}
+		</h4>
+
+		<div class="ui attached bottom segment">
+			<form id="scoped-access-form" class="ui form" action="{{.Link}}" method="post">
+				<h5 class="ui top header">
+					{{ctx.Locale.Tr "settings.generate_new_token"}}
+				</h5>
+				<div class="required field {{if .Err_Name}}error{{end}}">
+					<label for="name">{{ctx.Locale.Tr "settings.token_name"}}</label>
+					<input id="name" name="name" value="{{.name}}" autofocus required maxlength="255">
+				</div>
+				<div class="field">
+					<label>{{ctx.Locale.Tr "settings.repo_and_org_access"}}</label>
+					<label class="tw-cursor-pointer">
+						<input class="enable-system tw-mt-1 tw-mr-1" type="radio" name="scope" value="{{$.AccessTokenScopePublicOnly}}" {{if (SliceUtils.Contains .scope $.AccessTokenScopePublicOnly)}} checked {{end}}>
+						{{ctx.Locale.Tr "settings.permissions_public_only"}}
+					</label>
+					<label class="tw-cursor-pointer">
+						<input class="enable-system tw-mt-1 tw-mr-1" type="radio" name="scope" value="" {{if (not (SliceUtils.Contains .scope $.AccessTokenScopePublicOnly))}} checked {{end}}>
+						{{ctx.Locale.Tr "settings.permissions_access_all"}}
+					</label>
+				</div>
+				<div class="field">
+					<h5>
+						{{ctx.Locale.Tr "settings.select_permissions"}}
+					</h5>
+					<p class="activity meta">
+						<p>{{ctx.Locale.Tr "settings.access_token_desc" (printf "%s/api/swagger" AppSubUrl) "https://forgejo.org/docs/latest/user/token-scope/"}}</p>
+					</p>
+
+					{{range .Categories}}
+						<div class="field tw-pl-1 tw-pb-1 access-token-category">
+							<label class="category-label" for="access-token-scope-{{.}}">
+								{{.}}
+							</label>
+							<div class="gitea-select">
+								<select class="ui selection access-token-select" name="scope" id="access-token-scope-{{.}}">
+									<option value="">
+										{{ctx.Locale.Tr "settings.permission_no_access"}}
+									</option>
+									<option value="read:{{.}}" {{if (SliceUtils.Contains $.scope (printf "read:%s" .))}} selected {{end}}>
+										{{ctx.Locale.Tr "settings.permission_read"}}
+									</option>
+									<option value="write:{{.}}" {{if (SliceUtils.Contains $.scope (printf "write:%s" .))}} selected {{end}}>
+										{{ctx.Locale.Tr "settings.permission_write"}}
+									</option>
+								</select>
+							</div>
+						</div>
+					{{end}}
+				</div>
+				<button id="scoped-access-submit" class="ui primary button">
+					{{ctx.Locale.Tr "settings.generate_token"}}
+				</button>
+			</form>
+		</div>
+
+	</div>
+{{template "user/settings/layout_footer" .}}
diff --git a/templates/user/settings/applications.tmpl b/templates/user/settings/applications.tmpl
index 59d352eab3..eaf18f6de1 100644
--- a/templates/user/settings/applications.tmpl
+++ b/templates/user/settings/applications.tmpl
@@ -2,6 +2,9 @@
 	<div class="user-setting-content">
 		<h4 class="ui top attached header">
 			{{ctx.Locale.Tr "settings.manage_access_token"}}
+			<div class="ui right">
+				<a class="ui primary tiny button" href="{{AppSubUrl}}/user/settings/applications/tokens/new">{{ctx.Locale.Tr "settings.new_access_token"}}</a>
+			</div>
 		</h4>
 		<div class="ui attached segment">
 			<div class="flex-list">
@@ -47,11 +50,11 @@
 							</div>
 						</div>
 						<div class="flex-item-trailing">
-								<button class="ui primary tiny button delete-button" data-modal-id="regenerate-token" data-url="{{$.Link}}/regenerate" data-id="{{.Token.ID}}">
+								<button class="ui primary tiny button delete-button" data-modal-id="regenerate-token" data-url="{{$.Link}}/tokens/regenerate" data-id="{{.Token.ID}}">
 									{{svg "octicon-issue-reopened" 16 "tw-mr-1"}}
 									{{ctx.Locale.Tr "settings.regenerate_token"}}
 								</button>
-								<button class="ui red tiny button delete-button" data-modal-id="delete-token" data-url="{{$.Link}}/delete" data-id="{{.Token.ID}}">
+								<button class="ui red tiny button delete-button" data-modal-id="delete-token" data-url="{{$.Link}}/tokens/delete" data-id="{{.Token.ID}}">
 									{{svg "octicon-trash" 16 "tw-mr-1"}}
 									{{ctx.Locale.Tr "settings.delete_token"}}
 								</button>
@@ -60,48 +63,6 @@
 				{{end}}
 			</div>
 		</div>
-		<div class="ui attached bottom segment">
-			<h5 class="ui top header">
-				{{ctx.Locale.Tr "settings.generate_new_token"}}
-			</h5>
-			<form id="scoped-access-form" class="ui form ignore-dirty" action="{{.Link}}" method="post">
-				<div class="required field {{if .Err_Name}}error{{end}}">
-					<label for="name">{{ctx.Locale.Tr "settings.token_name"}}</label>
-					<input id="name" name="name" value="{{.name}}" autofocus required maxlength="255">
-				</div>
-				<div class="field">
-					<label>{{ctx.Locale.Tr "settings.repo_and_org_access"}}</label>
-					<label class="tw-cursor-pointer">
-						<input class="enable-system tw-mt-1 tw-mr-1" type="radio" name="scope" value="{{$.AccessTokenScopePublicOnly}}">
-						{{ctx.Locale.Tr "settings.permissions_public_only"}}
-					</label>
-					<label class="tw-cursor-pointer">
-						<input class="enable-system tw-mt-1 tw-mr-1" type="radio" name="scope" value="" checked>
-						{{ctx.Locale.Tr "settings.permissions_access_all"}}
-					</label>
-				</div>
-				<details class="ui optional field">
-					<summary class="tw-pb-4 tw-pl-1">
-						{{ctx.Locale.Tr "settings.select_permissions"}}
-					</summary>
-					<p class="activity meta">
-						<p>{{ctx.Locale.Tr "settings.access_token_desc" (printf "%s/api/swagger" AppSubUrl) "https://forgejo.org/docs/latest/user/token-scope/"}}</p>
-					</p>
-					<div class="scoped-access-token"
-						data-is-admin="{{if .IsAdmin}}true{{else}}false{{end}}"
-						data-no-access-label="{{ctx.Locale.Tr "settings.permission_no_access"}}"
-						data-read-label="{{ctx.Locale.Tr "settings.permission_read"}}"
-						data-write-label="{{ctx.Locale.Tr "settings.permission_write"}}"
-					></div>
-				</details>
-				<button id="scoped-access-submit" class="ui primary button">
-					{{ctx.Locale.Tr "settings.generate_token"}}
-				</button>
-			</form>{{/* Fomantic ".ui.form .warning.message" is hidden by default, so put the warning message out of the form*/}}
-			<div id="scoped-access-warning" class="ui warning message center tw-hidden">
-				{{ctx.Locale.Tr "settings.at_least_one_permission"}}
-			</div>
-		</div>
 
 		{{if .EnableOAuth2}}
 			{{template "user/settings/grants_oauth2" .}}
diff --git a/tests/e2e/user-settings.test.e2e.ts b/tests/e2e/user-settings.test.e2e.ts
index 22cec4c8cc..9a6baefef5 100644
--- a/tests/e2e/user-settings.test.e2e.ts
+++ b/tests/e2e/user-settings.test.e2e.ts
@@ -128,11 +128,11 @@ test('User: Canceling adding GPG key clears input', async ({browser}, workerInfo
 test('User: Add access token', async ({browser}, workerInfo) => {
   const page = await login({browser}, workerInfo);
   await page.goto('/user/settings/applications');
+  await page.getByRole('link', {name: 'New access token'}).click();
 
   await page.locator('#scoped-access-submit').click();
   await page.locator('#name:invalid').isVisible();
 
-  await page.locator('details.optional.field').click();
   await page.selectOption('#access-token-scope-activitypub', 'read:activitypub');
   await page.locator('#scoped-access-submit').click();
 
@@ -145,3 +145,23 @@ test('User: Add access token', async ({browser}, workerInfo) => {
 
   await page.getByText(tokenName).isVisible();
 });
+
+test('User: Add access token validation error', async ({browser}, workerInfo) => {
+  const page = await login({browser}, workerInfo);
+  await page.goto('/user/settings/applications');
+  await page.getByRole('link', {name: 'New access token'}).click();
+
+  await page.getByRole('button', {name: 'Generate token'}).click();
+  await page.locator('#name:invalid').isVisible();
+
+  await page.getByRole('textbox', {name: 'Token name *'}).fill('Token A');
+  await page.getByRole('combobox', {name: 'activitypub'}).selectOption('read:activitypub');
+  await page.getByRole('radio', {name: 'Public only'}).click();
+
+  await page.getByRole('button', {name: 'Generate token'}).click();
+
+  await page.getByText('has been used as an application name already.').isVisible();
+  // validate that selected options (public-only, activitypub) are still selected.
+  await expect(page.getByRole('radio', {name: 'Public only'})).toBeChecked();
+  await expect(page.getByRole('combobox', {name: 'activitypub'})).toHaveValue('read:activitypub');
+});
diff --git a/tests/integration/api_admin_org_test.go b/tests/integration/api_admin_org_test.go
index df5e961ec6..1ad1b9e55b 100644
--- a/tests/integration/api_admin_org_test.go
+++ b/tests/integration/api_admin_org_test.go
@@ -73,7 +73,7 @@ func TestAPIAdminOrgCreateNotAdmin(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	nonAdminUsername := "user2"
 	session := loginUser(t, nonAdminUsername)
-	token := getTokenForLoggedInUser(t, session)
+	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadAdmin)
 	org := api.CreateOrgOption{
 		UserName:    "user2_org",
 		FullName:    "User2's organization",
diff --git a/tests/integration/api_admin_test.go b/tests/integration/api_admin_test.go
index ae5a5b46ae..70a921a0a4 100644
--- a/tests/integration/api_admin_test.go
+++ b/tests/integration/api_admin_test.go
@@ -76,7 +76,7 @@ func TestAPIAdminDeleteUnauthorizedKey(t *testing.T) {
 	var newPublicKey api.PublicKey
 	DecodeJSON(t, resp, &newPublicKey)
 
-	token = getUserToken(t, normalUsername)
+	token = getUserToken(t, normalUsername, auth_model.AccessTokenScopeWriteAdmin)
 	req = NewRequestf(t, "DELETE", "/api/v1/admin/users/%s/keys/%d", adminUsername, newPublicKey.ID).
 		AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusForbidden)
@@ -178,7 +178,7 @@ func TestAPIListUsersNotLoggedIn(t *testing.T) {
 func TestAPIListUsersNonAdmin(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	nonAdminUsername := "user2"
-	token := getUserToken(t, nonAdminUsername)
+	token := getUserToken(t, nonAdminUsername, auth_model.AccessTokenScopeReadAdmin)
 	req := NewRequest(t, "GET", "/api/v1/admin/users").
 		AddTokenAuth(token)
 	MakeRequest(t, req, http.StatusForbidden)
diff --git a/tests/integration/api_fork_test.go b/tests/integration/api_fork_test.go
index 0d38831b10..a030d57bc8 100644
--- a/tests/integration/api_fork_test.go
+++ b/tests/integration/api_fork_test.go
@@ -102,7 +102,7 @@ func TestAPIDisabledForkRepo(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 
 		session := loginUser(t, "user5")
-		token := getTokenForLoggedInUser(t, session)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
 
 		req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo1/forks", &api.CreateForkOption{}).AddTokenAuth(token)
 		session.MakeRequest(t, req, http.StatusNotFound)
diff --git a/tests/integration/api_repo_git_blobs_test.go b/tests/integration/api_repo_git_blobs_test.go
index a4424a3348..6466835602 100644
--- a/tests/integration/api_repo_git_blobs_test.go
+++ b/tests/integration/api_repo_git_blobs_test.go
@@ -72,7 +72,7 @@ func TestAPIReposGitBlobs(t *testing.T) {
 
 	// Login as User4.
 	session = loginUser(t, user4.Name)
-	token4 := getTokenForLoggedInUser(t, session)
+	token4 := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
 
 	// Test using org repo "org3/repo3" where user4 is a NOT collaborator
 	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/d56a3073c1dbb7b15963110a049d50cdb5db99fc?access=%s", org3.Name, repo3.Name, token4)
diff --git a/tests/integration/api_repo_git_trees_test.go b/tests/integration/api_repo_git_trees_test.go
index f321760218..9418fc4857 100644
--- a/tests/integration/api_repo_git_trees_test.go
+++ b/tests/integration/api_repo_git_trees_test.go
@@ -69,7 +69,7 @@ func TestAPIReposGitTrees(t *testing.T) {
 
 	// Login as User4.
 	session = loginUser(t, user4.Name)
-	token4 := getTokenForLoggedInUser(t, session)
+	token4 := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
 
 	// Test using org repo "org3/repo3" where user4 is a NOT collaborator
 	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/d56a3073c1dbb7b15963110a049d50cdb5db99fc?access=%s", org3.Name, repo3.Name, token4)
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index de915b3cbf..464008e6e4 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -487,12 +487,14 @@ func getTokenForLoggedInUser(t testing.TB, session *TestSession, scopes ...auth.
 // createApplicationSettingsToken creates a token with given name and scopes for the currently logged in user.
 // It will redirect to the application settings page.
 func createApplicationSettingsToken(t testing.TB, session *TestSession, name string, scopes ...auth.AccessTokenScope) {
+	require.NotEmpty(t, scopes, "attempted to create access token with no scopes, which is not valid")
+
 	urlValues := url.Values{}
 	urlValues.Add("name", name)
 	for _, scope := range scopes {
 		urlValues.Add("scope", string(scope))
 	}
-	req := NewRequestWithURLValues(t, "POST", "/user/settings/applications", urlValues)
+	req := NewRequestWithURLValues(t, "POST", "/user/settings/applications/tokens/new", urlValues)
 	resp := session.MakeRequest(t, req, http.StatusSeeOther)
 
 	// Log the flash values on failure
diff --git a/tests/integration/mirror_push_test.go b/tests/integration/mirror_push_test.go
index b02f894b58..3f5a8223c8 100644
--- a/tests/integration/mirror_push_test.go
+++ b/tests/integration/mirror_push_test.go
@@ -99,7 +99,7 @@ func testMirrorPush(t *testing.T, u *url.URL) {
 	})
 	require.NoError(t, err)
 
-	ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name)
+	ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name, auth_model.AccessTokenScopeReadRepository)
 
 	doCreatePushMirror(ctx, fmt.Sprintf("%s%s/%s", u.String(), url.PathEscape(ctx.Username), url.PathEscape(mirrorRepo.Name)), user.LowerName, userPassword)(t)
 	doCreatePushMirror(ctx, fmt.Sprintf("%s%s/%s", u.String(), url.PathEscape(ctx.Username), url.PathEscape("does-not-matter")), user.LowerName, userPassword)(t)
@@ -407,7 +407,7 @@ func TestPushMirrorBranchFilterWebUI(t *testing.T) {
 		mirrorRepo, _, f := tests.CreateDeclarativeRepo(t, user, "", []unit.Type{unit.TypeCode}, nil, nil)
 		defer f()
 
-		ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name)
+		ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name, auth_model.AccessTokenScopeReadRepository)
 		ctx.Session = sess
 		remoteAddress := fmt.Sprintf("%s%s/%s", u.String(), url.PathEscape(user.Name), url.PathEscape(mirrorRepo.Name))
 
@@ -506,7 +506,7 @@ func TestPushMirrorBranchFilterIntegration(t *testing.T) {
 		sess := loginUser(t, user.Name)
 		token := getTokenForLoggedInUser(t, sess, auth_model.AccessTokenScopeAll)
 
-		ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name)
+		ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name, auth_model.AccessTokenScopeReadRepository)
 		ctx.Session = sess
 		remoteAddress := fmt.Sprintf("%s%s/%s", u.String(), url.PathEscape(user.Name), url.PathEscape("foo"))
 		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/push_mirrors", user.LowerName, srcRepo.Name)
@@ -682,7 +682,7 @@ func TestPushMirrorBranchFilterSyncOperations(t *testing.T) {
 		_, _, err = git.NewCommand(git.DefaultContext, "update-ref", "refs/heads/hotfix-123", "refs/heads/master").RunStdString(&git.RunOpts{Dir: testRepoPath})
 		require.NoError(t, err)
 
-		ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name)
+		ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name, auth_model.AccessTokenScopeReadRepository)
 		ctx.Session = sess
 
 		t.Run("Create push mirror with branch filter and trigger sync", func(t *testing.T) {
@@ -907,7 +907,7 @@ func TestPushMirrorWebUIToAPIIntegration(t *testing.T) {
 		mirrorRepo, _, f := tests.CreateDeclarativeRepo(t, user, "", []unit.Type{unit.TypeCode}, nil, nil)
 		defer f()
 
-		ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name)
+		ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name, auth_model.AccessTokenScopeReadRepository)
 		ctx.Session = session
 		remoteAddress := fmt.Sprintf("%s%s/%s", u.String(), url.PathEscape(user.Name), url.PathEscape(mirrorRepo.Name))
 		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/push_mirrors", user.Name, srcRepo.Name)
diff --git a/tests/integration/repo_tag_test.go b/tests/integration/repo_tag_test.go
index 735cb73126..ea2ae50309 100644
--- a/tests/integration/repo_tag_test.go
+++ b/tests/integration/repo_tag_test.go
@@ -107,7 +107,7 @@ func TestCreateNewTagProtected(t *testing.T) {
 		t.Run("Git", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
-			httpContext := NewAPITestContext(t, owner.Name, repo.Name)
+			httpContext := NewAPITestContext(t, owner.Name, repo.Name, auth_model.AccessTokenScopeReadRepository)
 
 			dstPath := t.TempDir()
 
@@ -127,7 +127,7 @@ func TestCreateNewTagProtected(t *testing.T) {
 		t.Run("GitTagForce", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
-			httpContext := NewAPITestContext(t, owner.Name, repo.Name)
+			httpContext := NewAPITestContext(t, owner.Name, repo.Name, auth_model.AccessTokenScopeReadRepository)
 
 			dstPath := t.TempDir()
 
@@ -160,7 +160,7 @@ func TestSyncRepoTags(t *testing.T) {
 		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 
 		t.Run("Git", func(t *testing.T) {
-			httpContext := NewAPITestContext(t, owner.Name, repo.Name)
+			httpContext := NewAPITestContext(t, owner.Name, repo.Name, auth_model.AccessTokenScopeReadRepository)
 
 			dstPath := t.TempDir()
 
@@ -199,7 +199,7 @@ func TestRepushTag(t *testing.T) {
 		session := loginUser(t, owner.LowerName)
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
 
-		httpContext := NewAPITestContext(t, owner.Name, repo.Name)
+		httpContext := NewAPITestContext(t, owner.Name, repo.Name, auth_model.AccessTokenScopeReadRepository)
 
 		dstPath := t.TempDir()
 
diff --git a/tests/integration/signing_git_test.go b/tests/integration/signing_git_test.go
index 7fbda358cf..5dee5b4801 100644
--- a/tests/integration/signing_git_test.go
+++ b/tests/integration/signing_git_test.go
@@ -96,7 +96,7 @@ func testCRUD(t *testing.T, u *url.URL, signingFormat string, objectFormat git.O
 
 	username := "user2"
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: username})
-	baseAPITestContext := NewAPITestContext(t, username, "repo1")
+	baseAPITestContext := NewAPITestContext(t, username, "repo1", auth_model.AccessTokenScopeReadRepository)
 	u.Path = baseAPITestContext.GitPath()
 
 	suffix := "-" + signingFormat + "-" + objectFormat.Name()
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index 90a4a00029..f1acafbde8 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -256,7 +256,7 @@ func TestAccessTokenRegenerate(t *testing.T) {
 
 	assert.Equal(t, "TestAccessToken", oldTokenName)
 
-	req := NewRequestWithValues(t, "POST", "/user/settings/applications/regenerate", map[string]string{
+	req := NewRequestWithValues(t, "POST", "/user/settings/applications/tokens/regenerate", map[string]string{
 		"id": strconv.Itoa(oldTokenID),
 	})
 	session.MakeRequest(t, req, http.StatusOK)
@@ -268,7 +268,7 @@ func TestAccessTokenRegenerate(t *testing.T) {
 	assert.Equal(t, oldTokenID, newTokenID)
 	assert.Equal(t, "TestAccessToken", newTokenName)
 
-	req = NewRequestWithValues(t, "POST", "/user/settings/applications/delete", map[string]string{
+	req = NewRequestWithValues(t, "POST", "/user/settings/applications/tokens/delete", map[string]string{
 		"id": strconv.Itoa(newTokenID),
 	})
 	session.MakeRequest(t, req, http.StatusOK)
diff --git a/web_src/js/components/ScopedAccessTokenSelector.vue b/web_src/js/components/ScopedAccessTokenSelector.vue
deleted file mode 100644
index fe79032aa9..0000000000
--- a/web_src/js/components/ScopedAccessTokenSelector.vue
+++ /dev/null
@@ -1,104 +0,0 @@
-<script>
-import {hideElem, showElem} from '../utils/dom.js';
-
-export default {
-  props: {
-    isAdmin: {
-      type: Boolean,
-      required: true,
-    },
-    noAccessLabel: {
-      type: String,
-      required: true,
-    },
-    readLabel: {
-      type: String,
-      required: true,
-    },
-    writeLabel: {
-      type: String,
-      required: true,
-    },
-  },
-
-  computed: {
-    categories() {
-      const categories = [
-        'activitypub',
-      ];
-      if (this.isAdmin) {
-        categories.push('admin');
-      }
-      categories.push(
-        'issue',
-        'misc',
-        'notification',
-        'organization',
-        'package',
-        'repository',
-        'user');
-      return categories;
-    },
-  },
-
-  mounted() {
-    document.getElementById('scoped-access-submit').addEventListener('click', this.onClickSubmit);
-  },
-
-  unmounted() {
-    document.getElementById('scoped-access-submit').removeEventListener('click', this.onClickSubmit);
-  },
-
-  methods: {
-    onClickSubmit(e) {
-      const form = document.getElementById('scoped-access-form');
-      if (!form.checkValidity()) {
-        // some required inputs are not filled
-        return;
-      }
-
-      // prevent after validity-check to get native-required-popup
-      e.preventDefault();
-
-      const warningEl = document.getElementById('scoped-access-warning');
-      // check that at least one scope has been selected
-      for (const el of document.getElementsByClassName('access-token-select')) {
-        if (el.value) {
-          // Hide the error if it was visible from previous attempt.
-          hideElem(warningEl);
-          // Submit the form.
-          form.submit();
-          // Don't show the warning.
-          return;
-        }
-      }
-      // no scopes selected, show validation error
-      showElem(warningEl);
-    },
-  },
-};
-</script>
-<template>
-  <div v-for="category in categories" :key="category" class="field tw-pl-1 tw-pb-1 access-token-category">
-    <label class="category-label" :for="'access-token-scope-' + category">
-      {{ category }}
-    </label>
-    <div class="gitea-select">
-      <select
-        class="ui selection access-token-select"
-        name="scope"
-        :id="'access-token-scope-' + category"
-      >
-        <option value="">
-          {{ noAccessLabel }}
-        </option>
-        <option :value="'read:' + category">
-          {{ readLabel }}
-        </option>
-        <option :value="'write:' + category">
-          {{ writeLabel }}
-        </option>
-      </select>
-    </div>
-  </div>
-</template>
diff --git a/web_src/js/features/scoped-access-token-selector.ts b/web_src/js/features/scoped-access-token-selector.ts
deleted file mode 100644
index 481ee0b57d..0000000000
--- a/web_src/js/features/scoped-access-token-selector.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-import {createApp} from 'vue';
-
-export async function initScopedAccessTokenCategories() {
-  for (const el of document.getElementsByClassName('scoped-access-token')) {
-    const {default: ScopedAccessTokenSelector} = await import(/* webpackChunkName: "scoped-access-token-selector" */'../components/ScopedAccessTokenSelector.vue');
-    const scopedAccessTokenSelector = createApp(ScopedAccessTokenSelector, {
-      isAdmin: el.getAttribute('data-is-admin') === 'true',
-      noAccessLabel: el.getAttribute('data-no-access-label'),
-      readLabel: el.getAttribute('data-read-label'),
-      writeLabel: el.getAttribute('data-write-label'),
-    });
-    scopedAccessTokenSelector.mount(el);
-  }
-}
diff --git a/web_src/js/index.js b/web_src/js/index.js
index 33c94d7e07..a3dabeacc0 100644
--- a/web_src/js/index.js
+++ b/web_src/js/index.js
@@ -2,7 +2,6 @@
 import './bootstrap.js';
 
 import {initRepoActivityTopAuthorsChart} from './features/repo-activity-top-authors.ts';
-import {initScopedAccessTokenCategories} from './features/scoped-access-token-selector.ts';
 import {initDashboardRepoList} from './features/dashboard-repo-list.ts';
 
 import {initGlobalCopyToClipboardListener} from './features/clipboard.js';
@@ -192,7 +191,6 @@ onDomReady(() => {
   initUserAuthWebAuthnRegister();
   initUserAuth();
   initRepoDiffView();
-  initScopedAccessTokenCategories();
   initColorPickers();
   initModalClose();
 

From 37ec7331ac7b7744c380c702ba24e18976df3aba Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 19 Mar 2026 00:55:17 +0100
Subject: [PATCH 533/854] Update module golang.org/x/image to v0.37.0 (forgejo)
 (#11739)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11739
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7920d499a5..953e7589cc 100644
--- a/go.mod
+++ b/go.mod
@@ -103,7 +103,7 @@ require (
 	go.uber.org/mock v0.6.0
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.49.0
-	golang.org/x/image v0.36.0
+	golang.org/x/image v0.37.0
 	golang.org/x/net v0.51.0
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.20.0
diff --git a/go.sum b/go.sum
index 1c6ac206f4..378c6e9122 100644
--- a/go.sum
+++ b/go.sum
@@ -736,8 +736,8 @@ golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2
 golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.36.0 h1:Iknbfm1afbgtwPTmHnS2gTM/6PPZfH+z2EFuOkSbqwc=
-golang.org/x/image v0.36.0/go.mod h1:YsWD2TyyGKiIX1kZlu9QfKIsQ4nAAK9bdgdrIsE7xy4=
+golang.org/x/image v0.37.0 h1:ZiRjArKI8GwxZOoEtUfhrBtaCN+4b/7709dlT6SSnQA=
+golang.org/x/image v0.37.0/go.mod h1:/3f6vaXC+6CEanU4KJxbcUZyEePbyKbaLoDOe4ehFYY=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

From 5b47f1f0025e10714a138b42c9c0bad1e8f8a105 Mon Sep 17 00:00:00 2001
From: hwipl <hwipl@noreply.codeberg.org>
Date: Thu, 19 Mar 2026 01:21:50 +0100
Subject: [PATCH 534/854] feat: add wiki git info to API (#11589)

Add information about the git repository for wiki pages to the
Repository response in the API:

- has_wiki_contents: info whether wiki git repository already exists
- wiki_clone_url: the git clone URL of the wiki git repository
- wiki_ssh_url: the git SSH URL of the wiki git repository

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11589
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: hwipl <hwipl@noreply.codeberg.org>
Co-committed-by: hwipl <hwipl@noreply.codeberg.org>
---
 modules/structs/repo.go            | 63 ++++++++++++++++--------------
 services/convert/repository.go     |  3 ++
 templates/swagger/v1_json.tmpl     | 14 +++++++
 tests/integration/api_repo_test.go | 58 +++++++++++++++++++++++++++
 4 files changed, 109 insertions(+), 29 deletions(-)

diff --git a/modules/structs/repo.go b/modules/structs/repo.go
index a8e8249f18..059f19c2bb 100644
--- a/modules/structs/repo.go
+++ b/modules/structs/repo.go
@@ -80,35 +80,40 @@ type Repository struct {
 	// swagger:strfmt date-time
 	Created time.Time `json:"created_at"`
 	// swagger:strfmt date-time
-	Updated                       time.Time        `json:"updated_at"`
-	ArchivedAt                    time.Time        `json:"archived_at"`
-	Permissions                   *Permission      `json:"permissions,omitempty"`
-	HasIssues                     bool             `json:"has_issues"`
-	InternalTracker               *InternalTracker `json:"internal_tracker,omitempty"`
-	ExternalTracker               *ExternalTracker `json:"external_tracker,omitempty"`
-	HasWiki                       bool             `json:"has_wiki"`
-	ExternalWiki                  *ExternalWiki    `json:"external_wiki,omitempty"`
-	WikiBranch                    string           `json:"wiki_branch,omitempty"`
-	GloballyEditableWiki          bool             `json:"globally_editable_wiki"`
-	HasPullRequests               bool             `json:"has_pull_requests"`
-	HasProjects                   bool             `json:"has_projects"`
-	HasReleases                   bool             `json:"has_releases"`
-	HasPackages                   bool             `json:"has_packages"`
-	HasActions                    bool             `json:"has_actions"`
-	IgnoreWhitespaceConflicts     bool             `json:"ignore_whitespace_conflicts"`
-	AllowMerge                    bool             `json:"allow_merge_commits"`
-	AllowRebase                   bool             `json:"allow_rebase"`
-	AllowRebaseMerge              bool             `json:"allow_rebase_explicit"`
-	AllowSquash                   bool             `json:"allow_squash_merge"`
-	AllowFastForwardOnly          bool             `json:"allow_fast_forward_only_merge"`
-	AllowRebaseUpdate             bool             `json:"allow_rebase_update"`
-	DefaultDeleteBranchAfterMerge bool             `json:"default_delete_branch_after_merge"`
-	DefaultMergeStyle             string           `json:"default_merge_style"`
-	DefaultAllowMaintainerEdit    bool             `json:"default_allow_maintainer_edit"`
-	DefaultUpdateStyle            string           `json:"default_update_style"`
-	AvatarURL                     string           `json:"avatar_url"`
-	Internal                      bool             `json:"internal"`
-	MirrorInterval                string           `json:"mirror_interval"`
+	Updated         time.Time        `json:"updated_at"`
+	ArchivedAt      time.Time        `json:"archived_at"`
+	Permissions     *Permission      `json:"permissions,omitempty"`
+	HasIssues       bool             `json:"has_issues"`
+	InternalTracker *InternalTracker `json:"internal_tracker,omitempty"`
+	ExternalTracker *ExternalTracker `json:"external_tracker,omitempty"`
+	// is the wiki enabled
+	HasWiki bool `json:"has_wiki"`
+	// have wiki pages ever been created
+	HasWikiContents               bool          `json:"has_wiki_contents"`
+	ExternalWiki                  *ExternalWiki `json:"external_wiki,omitempty"`
+	WikiBranch                    string        `json:"wiki_branch,omitempty"`
+	WikiSSHURL                    string        `json:"wiki_ssh_url"`
+	WikiCloneURL                  string        `json:"wiki_clone_url"`
+	GloballyEditableWiki          bool          `json:"globally_editable_wiki"`
+	HasPullRequests               bool          `json:"has_pull_requests"`
+	HasProjects                   bool          `json:"has_projects"`
+	HasReleases                   bool          `json:"has_releases"`
+	HasPackages                   bool          `json:"has_packages"`
+	HasActions                    bool          `json:"has_actions"`
+	IgnoreWhitespaceConflicts     bool          `json:"ignore_whitespace_conflicts"`
+	AllowMerge                    bool          `json:"allow_merge_commits"`
+	AllowRebase                   bool          `json:"allow_rebase"`
+	AllowRebaseMerge              bool          `json:"allow_rebase_explicit"`
+	AllowSquash                   bool          `json:"allow_squash_merge"`
+	AllowFastForwardOnly          bool          `json:"allow_fast_forward_only_merge"`
+	AllowRebaseUpdate             bool          `json:"allow_rebase_update"`
+	DefaultDeleteBranchAfterMerge bool          `json:"default_delete_branch_after_merge"`
+	DefaultMergeStyle             string        `json:"default_merge_style"`
+	DefaultAllowMaintainerEdit    bool          `json:"default_allow_maintainer_edit"`
+	DefaultUpdateStyle            string        `json:"default_update_style"`
+	AvatarURL                     string        `json:"avatar_url"`
+	Internal                      bool          `json:"internal"`
+	MirrorInterval                string        `json:"mirror_interval"`
 	// ObjectFormatName of the underlying git repository
 	// enum: ["sha1", "sha256"]
 	ObjectFormatName string `json:"object_format_name"`
diff --git a/services/convert/repository.go b/services/convert/repository.go
index 3823fd3a09..b95e7675a8 100644
--- a/services/convert/repository.go
+++ b/services/convert/repository.go
@@ -227,7 +227,10 @@ func innerToRepo(ctx stdCtx.Context, repo *repo_model.Repository, permissionInRe
 		ExternalTracker:               externalTracker,
 		InternalTracker:               internalTracker,
 		HasWiki:                       hasWiki,
+		HasWikiContents:               repo.HasWiki(),
 		WikiBranch:                    repo.WikiBranch,
+		WikiSSHURL:                    repo.WikiCloneLink().SSH,
+		WikiCloneURL:                  repo.WikiCloneLink().HTTPS,
 		GloballyEditableWiki:          globallyEditableWiki,
 		HasProjects:                   hasProjects,
 		HasReleases:                   hasReleases,
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index efa8b939f5..28a171ad84 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -29016,9 +29016,15 @@
           "x-go-name": "HasReleases"
         },
         "has_wiki": {
+          "description": "is the wiki enabled",
           "type": "boolean",
           "x-go-name": "HasWiki"
         },
+        "has_wiki_contents": {
+          "description": "have wiki pages ever been created",
+          "type": "boolean",
+          "x-go-name": "HasWikiContents"
+        },
         "html_url": {
           "type": "string",
           "x-go-name": "HTMLURL"
@@ -29158,6 +29164,14 @@
         "wiki_branch": {
           "type": "string",
           "x-go-name": "WikiBranch"
+        },
+        "wiki_clone_url": {
+          "type": "string",
+          "x-go-name": "WikiCloneURL"
+        },
+        "wiki_ssh_url": {
+          "type": "string",
+          "x-go-name": "WikiSSHURL"
         }
       },
       "x-go-package": "forgejo.org/modules/structs"
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index ee2f1fc568..9587383862 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -1049,6 +1049,64 @@ func TestAPIViewRepoObjectFormat(t *testing.T) {
 	assert.Equal(t, "sha1", repo.ObjectFormatName)
 }
 
+// TestAPIViewRepoWikiGitInfo tests wiki git information
+func TestAPIViewRepoWikiGitInfo(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	for _, test := range []struct {
+		name        string
+		user        string
+		repo        string
+		hasWiki     bool
+		hasContents bool
+	}{
+		{
+			name:        "wiki enabled, wiki contents",
+			user:        "user2",
+			repo:        "repo1",
+			hasWiki:     true,
+			hasContents: true,
+		},
+		{
+			name:        "wiki enabled, no wiki contents",
+			user:        "user5",
+			repo:        "repo4",
+			hasWiki:     true,
+			hasContents: false,
+		},
+		{
+			name:        "wiki disabled, no wiki contents",
+			user:        "user12",
+			repo:        "repo10",
+			hasWiki:     false,
+			hasContents: false,
+		},
+	} {
+		t.Run(test.name, func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			// get repo
+			url := fmt.Sprintf("/api/v1/repos/%s/%s", test.user, test.repo)
+			req := NewRequest(t, "GET", url)
+			resp := MakeRequest(t, req, http.StatusOK)
+			var repo api.Repository
+			DecodeJSON(t, resp, &repo)
+
+			// check repo
+			sshURL := fmt.Sprintf("ssh://%s@%s:%d/%s/%s.wiki.git",
+				setting.SSH.User, setting.SSH.Domain, setting.SSH.Port,
+				test.user, test.repo)
+			cloneURL := fmt.Sprintf("http://%s:%s/%s/%s.wiki.git",
+				setting.Domain, setting.HTTPPort,
+				test.user, test.repo)
+			assert.Equal(t, test.hasWiki, repo.HasWiki)
+			assert.Equal(t, test.hasContents, repo.HasWikiContents)
+			assert.Equal(t, sshURL, repo.WikiSSHURL)
+			assert.Equal(t, cloneURL, repo.WikiCloneURL)
+		})
+	}
+}
+
 func TestAPIRepoCommitPull(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From 04dd8ae5258831ca4a4562497c8f4ebb7025d726 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Matthias=20Ri=C3=9Fe?= <matrss@0px.xyz>
Date: Thu, 19 Mar 2026 01:25:51 +0100
Subject: [PATCH 535/854] feat: match on compound filename extensions (#11439)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Instead of going with a single extension, extracted by `filepath.Ext()`,
all possible extensions are now generated for a given filename, by
splitting the filename using a "." separator, starting with the
longest candidate. Moreover, each extension candidate is matched
against the actual set of known renderers (`extRenderers`), and
only the longest matching extension is used.

Resolves https://codeberg.org/forgejo/forgejo/issues/5190.

Co-authored-by: Michael Hanke <michael.hanke@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11439
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Matthias Riße <matrss@0px.xyz>
Co-committed-by: Matthias Riße <matrss@0px.xyz>
---
 modules/markup/renderer.go                | 51 ++++++++++++---
 routers/common/markup.go                  |  2 +-
 tests/integration/markup_external_test.go | 76 +++++++++++++++++++++++
 tests/mysql.ini.tmpl                      | 10 +++
 tests/pgsql.ini.tmpl                      | 10 +++
 tests/sqlite.ini.tmpl                     | 10 +++
 6 files changed, 150 insertions(+), 9 deletions(-)

diff --git a/modules/markup/renderer.go b/modules/markup/renderer.go
index 05dd512815..b1c3d35e73 100644
--- a/modules/markup/renderer.go
+++ b/modules/markup/renderer.go
@@ -198,10 +198,28 @@ func RegisterRenderer(renderer Renderer) {
 	}
 }
 
-// GetRendererByFileName get renderer by filename
-func GetRendererByFileName(filename string) Renderer {
-	extension := strings.ToLower(filepath.Ext(filename))
-	return extRenderers[extension]
+// FullExtension returns the full extension of path, i.e. everything after and including
+// the first period in the basename of path.
+func FullExtension(path string) string {
+	_, extension, found := strings.Cut(strings.ToLower(filepath.Base(path)), ".")
+	if !found {
+		return ""
+	}
+	return "." + extension
+}
+
+// GetRendererByExtension returns the most specific registered renderer for extension.
+func GetRendererByExtension(extension string) Renderer {
+	_, extension, found := strings.Cut(extension, ".")
+	checkedExtensions := 0
+	for found && checkedExtensions < 10 {
+		if renderer, ok := extRenderers["."+extension]; ok {
+			return renderer
+		}
+		checkedExtensions++
+		_, extension, found = strings.Cut(extension, ".")
+	}
+	return nil
 }
 
 // GetRendererByType returns a renderer according type
@@ -350,6 +368,20 @@ func renderByType(ctx *RenderContext, input io.Reader, output io.Writer) error {
 	return ErrUnsupportedRenderType{ctx.Type}
 }
 
+// ErrMissingExtension represents the error when a path does not have any extension.
+type ErrMissingExtension struct {
+	Path string
+}
+
+func IsErrMissingExtension(err error) bool {
+	_, ok := err.(ErrMissingExtension)
+	return ok
+}
+
+func (err ErrMissingExtension) Error() string {
+	return fmt.Sprintf("path '%s' does not have an extension", err.Path)
+}
+
 // ErrUnsupportedRenderExtension represents the error when extension doesn't supported to render
 type ErrUnsupportedRenderExtension struct {
 	Extension string
@@ -365,8 +397,11 @@ func (err ErrUnsupportedRenderExtension) Error() string {
 }
 
 func renderFile(ctx *RenderContext, input io.Reader, output io.Writer) error {
-	extension := strings.ToLower(filepath.Ext(ctx.RelativePath))
-	if renderer, ok := extRenderers[extension]; ok {
+	extension := FullExtension(ctx.RelativePath)
+	if extension == "" {
+		return ErrMissingExtension{ctx.RelativePath}
+	}
+	if renderer := GetRendererByExtension(extension); renderer != nil {
 		if r, ok := renderer.(ExternalRenderer); ok && r.DisplayInIFrame() {
 			if !ctx.InStandalonePage {
 				// for an external render, it could only output its content in a standalone page
@@ -381,7 +416,7 @@ func renderFile(ctx *RenderContext, input io.Reader, output io.Writer) error {
 
 // Type returns if markup format via the filename
 func Type(filename string) string {
-	if parser := GetRendererByFileName(filename); parser != nil {
+	if parser := GetRendererByExtension(FullExtension(filename)); parser != nil {
 		return parser.Name()
 	}
 	return ""
@@ -389,7 +424,7 @@ func Type(filename string) string {
 
 // IsMarkupFile reports whether file is a markup type file
 func IsMarkupFile(name, markup string) bool {
-	if parser := GetRendererByFileName(name); parser != nil {
+	if parser := GetRendererByExtension(FullExtension(name)); parser != nil {
 		return parser.Name() == markup
 	}
 	return false
diff --git a/routers/common/markup.go b/routers/common/markup.go
index 715d7d883f..f581d22ff7 100644
--- a/routers/common/markup.go
+++ b/routers/common/markup.go
@@ -94,7 +94,7 @@ func (re *Renderer) RenderMarkup(ctx *context.Base, repo *context.Repository) {
 		Type:         markupType,
 		RelativePath: relativePath,
 	}, strings.NewReader(re.Text), ctx.Resp); err != nil {
-		if markup.IsErrUnsupportedRenderExtension(err) {
+		if markup.IsErrUnsupportedRenderExtension(err) || markup.IsErrMissingExtension(err) {
 			ctx.Error(http.StatusUnprocessableEntity, err.Error())
 		} else {
 			ctx.Error(http.StatusInternalServerError, err.Error())
diff --git a/tests/integration/markup_external_test.go b/tests/integration/markup_external_test.go
index a7cbdf37cb..d95093a01b 100644
--- a/tests/integration/markup_external_test.go
+++ b/tests/integration/markup_external_test.go
@@ -7,10 +7,17 @@ import (
 	"bytes"
 	"io"
 	"net/http"
+	"net/url"
 	"strings"
 	"testing"
+	"time"
 
+	"forgejo.org/models/unit"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
 	"forgejo.org/modules/setting"
+	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -38,3 +45,72 @@ func TestExternalMarkupRenderer(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, "<div>\n\ttest external renderer\n</div>", strings.TrimSpace(data))
 }
+
+func TestExternalMarkupRendererWithCompoundFileExtensions(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		testCases := []struct {
+			path                      string
+			shouldUseExternalRenderer bool
+			expectedRenderedContent   string
+		}{
+			{"foo.abc.def.ghi.jkl.md", true, ".def.ghi.jkl.md renderer used"},
+			{"foo.def.ghi.jkl.md", true, ".def.ghi.jkl.md renderer used"},
+			{"foo.ghi.jkl.md", true, ".ghi.jkl.md renderer used"},
+			{"foo.jkl.md", false, "foo"},
+			{"foo.md", false, "foo"},
+		}
+
+		changeRepoFiles := []*files_service.ChangeRepoFile{}
+		for _, testCase := range testCases {
+			changeRepoFiles = append(changeRepoFiles,
+				&files_service.ChangeRepoFile{
+					Operation:     "create",
+					TreePath:      testCase.path,
+					ContentReader: strings.NewReader("foo"),
+				},
+			)
+		}
+
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+		repo, _, f := tests.CreateDeclarativeRepo(t, user, "", []unit.Type{unit.TypeCode}, nil, nil)
+		defer f()
+
+		_, err := files_service.ChangeRepoFiles(git.DefaultContext, repo, user, &files_service.ChangeRepoFilesOptions{
+			Files:   changeRepoFiles,
+			Message: "add files",
+			Author: &files_service.IdentityOptions{
+				Name:  user.Name,
+				Email: user.Email,
+			},
+			Committer: &files_service.IdentityOptions{
+				Name:  user.Name,
+				Email: user.Email,
+			},
+			Dates: &files_service.CommitDateOptions{
+				Author:    time.Now(),
+				Committer: time.Now(),
+			},
+		})
+		require.NoError(t, err)
+
+		for _, testCase := range testCases {
+			t.Run(testCase.path, func(t *testing.T) {
+				req := NewRequestf(t, "GET", "%s/src/branch/%s/%s", repo.HTMLURL(), repo.DefaultBranch, testCase.path)
+				resp := MakeRequest(t, req, http.StatusOK)
+				require.Equal(t, "text/html; charset=utf-8", resp.Header()["Content-Type"][0])
+
+				doc := NewHTMLParser(t, resp.Body)
+				var query string
+				if testCase.shouldUseExternalRenderer {
+					query = "div.file-view"
+				} else {
+					query = "div.file-view p"
+				}
+				p := doc.Find(query)
+				data, err := p.Html()
+				require.NoError(t, err)
+				assert.Equal(t, testCase.expectedRenderedContent, strings.TrimSpace(data))
+			})
+		}
+	})
+}
diff --git a/tests/mysql.ini.tmpl b/tests/mysql.ini.tmpl
index 4678cf5087..9a010daab1 100644
--- a/tests/mysql.ini.tmpl
+++ b/tests/mysql.ini.tmpl
@@ -140,3 +140,13 @@ NEED_POSTPROCESS = false
 [cache]
 # Disable caching so that data isn't kept in-memory between test cases
 ITEM_TTL = -1
+
+[markup.compound_file_extension]
+ENABLED = true
+FILE_EXTENSIONS = .ghi.jkl.md
+RENDER_COMMAND = echo .ghi.jkl.md renderer used
+
+[markup.compound_file_extension_2]
+ENABLED = true
+FILE_EXTENSIONS = .def.ghi.jkl.md
+RENDER_COMMAND = echo .def.ghi.jkl.md renderer used
diff --git a/tests/pgsql.ini.tmpl b/tests/pgsql.ini.tmpl
index 2e5dda5c59..ad56451bc3 100644
--- a/tests/pgsql.ini.tmpl
+++ b/tests/pgsql.ini.tmpl
@@ -154,3 +154,13 @@ NEED_POSTPROCESS = false
 [cache]
 # Disable caching so that data isn't kept in-memory between test cases
 ITEM_TTL = -1
+
+[markup.compound_file_extension]
+ENABLED = true
+FILE_EXTENSIONS = .ghi.jkl.md
+RENDER_COMMAND = echo .ghi.jkl.md renderer used
+
+[markup.compound_file_extension_2]
+ENABLED = true
+FILE_EXTENSIONS = .def.ghi.jkl.md
+RENDER_COMMAND = echo .def.ghi.jkl.md renderer used
diff --git a/tests/sqlite.ini.tmpl b/tests/sqlite.ini.tmpl
index 10280cae19..9511e6d2a5 100644
--- a/tests/sqlite.ini.tmpl
+++ b/tests/sqlite.ini.tmpl
@@ -141,3 +141,13 @@ NEED_POSTPROCESS = false
 [cache]
 # Disable caching so that data isn't kept in-memory between test cases
 ITEM_TTL = -1
+
+[markup.compound_file_extension]
+ENABLED = true
+FILE_EXTENSIONS = .ghi.jkl.md
+RENDER_COMMAND = echo .ghi.jkl.md renderer used
+
+[markup.compound_file_extension_2]
+ENABLED = true
+FILE_EXTENSIONS = .def.ghi.jkl.md
+RENDER_COMMAND = echo .def.ghi.jkl.md renderer used

From 4ce44e24d63ce26876a86a4a90294d21ffcd6372 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 19 Mar 2026 01:29:29 +0100
Subject: [PATCH 536/854] Update module github.com/ProtonMail/go-crypto to
 v1.4.1 (forgejo) (#11738)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11738
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 953e7589cc..b21a6b3fbb 100644
--- a/go.mod
+++ b/go.mod
@@ -24,7 +24,7 @@ require (
 	github.com/42wim/httpsig v1.2.3
 	github.com/42wim/sshsig v0.0.0-20250502153856-5100632e8920
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
-	github.com/ProtonMail/go-crypto v1.4.0
+	github.com/ProtonMail/go-crypto v1.4.1
 	github.com/PuerkitoBio/goquery v1.11.0
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0
 	github.com/alecthomas/chroma/v2 v2.23.1
diff --git a/go.sum b/go.sum
index 378c6e9122..2a8362699c 100644
--- a/go.sum
+++ b/go.sum
@@ -71,8 +71,8 @@ github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+
 github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/ProtonMail/go-crypto v1.4.0 h1:Zq/pbM3F5DFgJiMouxEdSVY44MVoQNEKp5d5QxIQceQ=
-github.com/ProtonMail/go-crypto v1.4.0/go.mod h1:e1OaTyu5SYVrO9gKOEhTc+5UcXtTUa+P3uLudwcgPqo=
+github.com/ProtonMail/go-crypto v1.4.1 h1:9RfcZHqEQUvP8RzecWEUafnZVtEvrBVL9BiF67IQOfM=
+github.com/ProtonMail/go-crypto v1.4.1/go.mod h1:e1OaTyu5SYVrO9gKOEhTc+5UcXtTUa+P3uLudwcgPqo=
 github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
 github.com/PuerkitoBio/goquery v1.11.0/go.mod h1:wQHgxUOU3JGuj3oD/QFfxUdlzW6xPHfqyHre6VMY4DQ=
 github.com/RoaringBitmap/roaring/v2 v2.4.5 h1:uGrrMreGjvAtTBobc0g5IrW1D5ldxDQYe2JW2gggRdg=

From 3c92b40915e0bb443c4c5864c4cf0f134401b14d Mon Sep 17 00:00:00 2001
From: limiting-factor <limiting-factor@posteo.com>
Date: Thu, 19 Mar 2026 01:39:29 +0100
Subject: [PATCH 537/854] fix: comment attachment API is more restrictive than
 the web UI (#11623)

The permission check for editing the attachments of a comment (adding or removing them) is changed to be the same as when editing the textual body of the comment.

The poster of a comment can always edit it via the web UI, which includes the ability to remove or add attachments. It does not require write permission on the issue or pull unit of the repository.

The API is consistent with the web UI in how it [verifies permissions for editing comments][0] when modifying the textual content. However, when adding or removing the attachments of a comment, it [also requires write permissions][1] on the issue or pull unit, which is inconsistent with the web UI and more restrictive.

[0]: https://codeberg.org/forgejo/forgejo/src/commit/a58105960684a456009b55d839d59a8da42e73cc/routers/api/v1/repo/issue_comment.go#L606
[1]: https://codeberg.org/forgejo/forgejo/src/commit/a58105960684a456009b55d839d59a8da42e73cc/routers/api/v1/repo/issue_comment_attachment.go#L359

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11623
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: limiting-factor <limiting-factor@posteo.com>
Co-committed-by: limiting-factor <limiting-factor@posteo.com>
---
 routers/api/v1/repo/issue_comment_attachment.go  | 4 ++--
 tests/integration/api_comment_attachment_test.go | 6 ++++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/routers/api/v1/repo/issue_comment_attachment.go b/routers/api/v1/repo/issue_comment_attachment.go
index 9edc9a3cb1..b2e0b57145 100644
--- a/routers/api/v1/repo/issue_comment_attachment.go
+++ b/routers/api/v1/repo/issue_comment_attachment.go
@@ -356,8 +356,8 @@ func canUserWriteIssueCommentAttachment(ctx *context.APIContext) bool {
 	// ctx.Comment is assumed to be set in a safe way via a middleware
 	comment := ctx.Comment
 
-	canEditComment := ctx.IsSigned && (ctx.Doer.ID == comment.PosterID || ctx.IsUserRepoAdmin() || ctx.IsUserSiteAdmin()) && ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)
-	if !canEditComment {
+	cannotEditComment := !ctx.IsSigned || (ctx.Doer.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull))
+	if cannotEditComment {
 		ctx.Error(http.StatusForbidden, "", "user should have permission to edit comment")
 		return false
 	}
diff --git a/tests/integration/api_comment_attachment_test.go b/tests/integration/api_comment_attachment_test.go
index 4bad3ca67e..a5e84f0cf8 100644
--- a/tests/integration/api_comment_attachment_test.go
+++ b/tests/integration/api_comment_attachment_test.go
@@ -96,12 +96,14 @@ func TestAPIListCommentAttachments(t *testing.T) {
 func TestAPICreateCommentAttachment(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 2})
+	comment := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 3})
 	issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: comment.IssueID})
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: issue.RepoID})
 	repoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+	commentPoster := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: comment.PosterID})
 
-	session := loginUser(t, repoOwner.Name)
+	session := loginUser(t, commentPoster.Name)
+	require.NotEqual(t, commentPoster.Name, repoOwner.Name)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue)
 
 	filename := "image.png"

From 528877820e662fd78779c01c0db1bc193834dc2a Mon Sep 17 00:00:00 2001
From: forgejo-renovate-action <forgejo-renovate-action@noreply.codeberg.org>
Date: Thu, 19 Mar 2026 01:44:35 +0100
Subject: [PATCH 538/854] Update dependency clippie to v4.1.10 (forgejo)
 (#11264)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11264
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: forgejo-renovate-action <forgejo-renovate-action@noreply.codeberg.org>
Co-committed-by: forgejo-renovate-action <forgejo-renovate-action@noreply.codeberg.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 5b0c9cef1a..b6a45fb066 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -43,7 +43,7 @@
         "chart.js": "4.5.1",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
-        "clippie": "4.1.9",
+        "clippie": "4.1.10",
         "css-loader": "7.1.3",
         "dayjs": "1.11.19",
         "dropzone": "6.0.0-beta.2",
@@ -6270,9 +6270,9 @@
       }
     },
     "node_modules/clippie": {
-      "version": "4.1.9",
-      "resolved": "https://registry.npmjs.org/clippie/-/clippie-4.1.9.tgz",
-      "integrity": "sha512-YaNJI8f2bPRVVfdKDUeqSPuQEztyOowee7DIc/DJ48qNJGq/SziipiWN6oWT6q9FR4QN0JzFDpP+fDtkSZyFHw==",
+      "version": "4.1.10",
+      "resolved": "https://registry.npmjs.org/clippie/-/clippie-4.1.10.tgz",
+      "integrity": "sha512-zUjK2fLH8/wju2lks5mH0u8wSRYCOJoHfT1KQ61+aCT5O1ouONnSrnKQ3BTKvIYLUYJarbLZo4FLHyce/SLF2g==",
       "license": "BSD-2-Clause"
     },
     "node_modules/cliui": {
diff --git a/package.json b/package.json
index c6d9c0fff2..309a16ec1a 100644
--- a/package.json
+++ b/package.json
@@ -42,7 +42,7 @@
     "chart.js": "4.5.1",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",
-    "clippie": "4.1.9",
+    "clippie": "4.1.10",
     "css-loader": "7.1.3",
     "dayjs": "1.11.19",
     "dropzone": "6.0.0-beta.2",

From ea9f2a236bbe5aa804ef2ebd951b27ae0f863201 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Thu, 19 Mar 2026 02:18:52 +0100
Subject: [PATCH 539/854] fix: only destroy session if exists

The virtual session doesn't unconditionally call `Read` of the provider,
which means it's possible for a session to not exists (created by the
call to `Read`). To avoid that the call to `Destroy` fails with that the
session does not exists, do also the exists check for `Destroy`.
---
 modules/session/virtual.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/session/virtual.go b/modules/session/virtual.go
index cde9e60c4d..fea7d11a44 100644
--- a/modules/session/virtual.go
+++ b/modules/session/virtual.go
@@ -76,7 +76,10 @@ func (o *VirtualSessionProvider) Exist(sid string) bool {
 func (o *VirtualSessionProvider) Destroy(sid string) error {
 	o.lock.Lock()
 	defer o.lock.Unlock()
-	return o.provider.Destroy(sid)
+	if o.provider.Exist(sid) {
+		return o.provider.Destroy(sid)
+	}
+	return nil
 }
 
 // Regenerate regenerates a session store from old session ID to new one.

From 64257d4c95aae6a3a23be8617b1cf716fb992eaf Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 19 Mar 2026 02:20:44 +0100
Subject: [PATCH 540/854] Update module golang.org/x/net to v0.52.0 (forgejo)
 (#11740)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11740
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b21a6b3fbb..1bf077b9d5 100644
--- a/go.mod
+++ b/go.mod
@@ -104,7 +104,7 @@ require (
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.49.0
 	golang.org/x/image v0.37.0
-	golang.org/x/net v0.51.0
+	golang.org/x/net v0.52.0
 	golang.org/x/oauth2 v0.34.0
 	golang.org/x/sync v0.20.0
 	golang.org/x/sys v0.42.0
diff --git a/go.sum b/go.sum
index 2a8362699c..c949edc980 100644
--- a/go.sum
+++ b/go.sum
@@ -791,8 +791,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
-golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
+golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
+golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From a0bbf96ce0af903ff567ea58f30a86f93ea52969 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 19 Mar 2026 02:23:06 +0100
Subject: [PATCH 541/854] Update module github.com/google/go-licenses to v2
 (forgejo) (#11632)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11632
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile                | 2 +-
 assets/go-licenses.json | 5 -----
 2 files changed, 1 insertion(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 901cf78968..10c1f29f86 100644
--- a/Makefile
+++ b/Makefile
@@ -43,7 +43,7 @@ GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.15 # renovate: datasource=go
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.2 # renovate: datasource=go
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
-GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0 # renovate: datasource=go
+GO_LICENSES_PACKAGE ?= github.com/google/go-licenses/v2@v2.0.1 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.42.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 204d23bfd1..fd348ca88f 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -1164,11 +1164,6 @@
     "path": "github.com/x448/float16/LICENSE",
     "licenseText": "MIT License\n\nCopyright (c) 2019 Montgomery Edwards⁴⁴⁸ and Faye Amacker\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n"
   },
-  {
-    "name": "github.com/yohcop/openid-go",
-    "path": "github.com/yohcop/openid-go/LICENSE",
-    "licenseText": "Copyright 2015 Yohann Coppel\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n"
-  },
   {
     "name": "github.com/yuin/goldmark-highlighting/v2",
     "path": "github.com/yuin/goldmark-highlighting/v2/LICENSE",

From de046a9e922ad7f607f04f29881fe0d2b0a43ee2 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 19 Mar 2026 03:41:21 +0100
Subject: [PATCH 542/854] Update module mvdan.cc/xurls/v2 to v2.6.0 (forgejo)
 (#11744)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11744
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 1bf077b9d5..2d61f1370b 100644
--- a/go.mod
+++ b/go.mod
@@ -112,7 +112,7 @@ require (
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
-	mvdan.cc/xurls/v2 v2.5.0
+	mvdan.cc/xurls/v2 v2.6.0
 	xorm.io/builder v0.3.13
 	xorm.io/xorm v1.3.9
 )
diff --git a/go.sum b/go.sum
index c949edc980..ab5dee66e8 100644
--- a/go.sum
+++ b/go.sum
@@ -1001,8 +1001,8 @@ modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
 modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
 modernc.org/sqlite v1.46.1 h1:eFJ2ShBLIEnUWlLy12raN0Z1plqmFX9Qe3rjQTKt6sU=
 modernc.org/sqlite v1.46.1/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA=
-mvdan.cc/xurls/v2 v2.5.0 h1:lyBNOm8Wo71UknhUs4QTFUNNMyxy2JEIaKKo0RWOh+8=
-mvdan.cc/xurls/v2 v2.5.0/go.mod h1:yQgaGQ1rFtJUzkmKiHYSSfuQxqfYmd//X6PxvholpeE=
+mvdan.cc/xurls/v2 v2.6.0 h1:3NTZpeTxYVWNSokW3MKeyVkz/j7uYXYiMtXRUfmjbgI=
+mvdan.cc/xurls/v2 v2.6.0/go.mod h1:bCvEZ1XvdA6wDnxY7jPPjEmigDtvtvPXAD/Exa9IMSk=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=

From fcf306f6fe2515fc130b3470bb90f4f8305b54d4 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 19 Mar 2026 04:16:19 +0100
Subject: [PATCH 543/854] Update module github.com/go-webauthn/webauthn to
 v0.16.1 (forgejo) (#11674)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11674
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 assets/go-licenses.json | 17 +++++++++++------
 go.mod                  |  8 ++++----
 go.sum                  | 18 ++++++++++--------
 3 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index fd348ca88f..dd1d033d1a 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -634,10 +634,20 @@
     "path": "github.com/go-sql-driver/mysql/LICENSE",
     "licenseText": "Mozilla Public License Version 2.0\n==================================\n\n1. Definitions\n--------------\n\n1.1. \"Contributor\"\n    means each individual or legal entity that creates, contributes to\n    the creation of, or owns Covered Software.\n\n1.2. \"Contributor Version\"\n    means the combination of the Contributions of others (if any) used\n    by a Contributor and that particular Contributor's Contribution.\n\n1.3. \"Contribution\"\n    means Covered Software of a particular Contributor.\n\n1.4. \"Covered Software\"\n    means Source Code Form to which the initial Contributor has attached\n    the notice in Exhibit A, the Executable Form of such Source Code\n    Form, and Modifications of such Source Code Form, in each case\n    including portions thereof.\n\n1.5. \"Incompatible With Secondary Licenses\"\n    means\n\n    (a) that the initial Contributor has attached the notice described\n        in Exhibit B to the Covered Software; or\n\n    (b) that the Covered Software was made available under the terms of\n        version 1.1 or earlier of the License, but not also under the\n        terms of a Secondary License.\n\n1.6. \"Executable Form\"\n    means any form of the work other than Source Code Form.\n\n1.7. \"Larger Work\"\n    means a work that combines Covered Software with other material, in \n    a separate file or files, that is not Covered Software.\n\n1.8. \"License\"\n    means this document.\n\n1.9. \"Licensable\"\n    means having the right to grant, to the maximum extent possible,\n    whether at the time of the initial grant or subsequently, any and\n    all of the rights conveyed by this License.\n\n1.10. \"Modifications\"\n    means any of the following:\n\n    (a) any file in Source Code Form that results from an addition to,\n        deletion from, or modification of the contents of Covered\n        Software; or\n\n    (b) any new file in Source Code Form that contains any Covered\n        Software.\n\n1.11. \"Patent Claims\" of a Contributor\n    means any patent claim(s), including without limitation, method,\n    process, and apparatus claims, in any patent Licensable by such\n    Contributor that would be infringed, but for the grant of the\n    License, by the making, using, selling, offering for sale, having\n    made, import, or transfer of either its Contributions or its\n    Contributor Version.\n\n1.12. \"Secondary License\"\n    means either the GNU General Public License, Version 2.0, the GNU\n    Lesser General Public License, Version 2.1, the GNU Affero General\n    Public License, Version 3.0, or any later versions of those\n    licenses.\n\n1.13. \"Source Code Form\"\n    means the form of the work preferred for making modifications.\n\n1.14. \"You\" (or \"Your\")\n    means an individual or a legal entity exercising rights under this\n    License. For legal entities, \"You\" includes any entity that\n    controls, is controlled by, or is under common control with You. For\n    purposes of this definition, \"control\" means (a) the power, direct\n    or indirect, to cause the direction or management of such entity,\n    whether by contract or otherwise, or (b) ownership of more than\n    fifty percent (50%) of the outstanding shares or beneficial\n    ownership of such entity.\n\n2. License Grants and Conditions\n--------------------------------\n\n2.1. Grants\n\nEach Contributor hereby grants You a world-wide, royalty-free,\nnon-exclusive license:\n\n(a) under intellectual property rights (other than patent or trademark)\n    Licensable by such Contributor to use, reproduce, make available,\n    modify, display, perform, distribute, and otherwise exploit its\n    Contributions, either on an unmodified basis, with Modifications, or\n    as part of a Larger Work; and\n\n(b) under Patent Claims of such Contributor to make, use, sell, offer\n    for sale, have made, import, and otherwise transfer either its\n    Contributions or its Contributor Version.\n\n2.2. Effective Date\n\nThe licenses granted in Section 2.1 with respect to any Contribution\nbecome effective for each Contribution on the date the Contributor first\ndistributes such Contribution.\n\n2.3. Limitations on Grant Scope\n\nThe licenses granted in this Section 2 are the only rights granted under\nthis License. No additional rights or licenses will be implied from the\ndistribution or licensing of Covered Software under this License.\nNotwithstanding Section 2.1(b) above, no patent license is granted by a\nContributor:\n\n(a) for any code that a Contributor has removed from Covered Software;\n    or\n\n(b) for infringements caused by: (i) Your and any other third party's\n    modifications of Covered Software, or (ii) the combination of its\n    Contributions with other software (except as part of its Contributor\n    Version); or\n\n(c) under Patent Claims infringed by Covered Software in the absence of\n    its Contributions.\n\nThis License does not grant any rights in the trademarks, service marks,\nor logos of any Contributor (except as may be necessary to comply with\nthe notice requirements in Section 3.4).\n\n2.4. Subsequent Licenses\n\nNo Contributor makes additional grants as a result of Your choice to\ndistribute the Covered Software under a subsequent version of this\nLicense (see Section 10.2) or under the terms of a Secondary License (if\npermitted under the terms of Section 3.3).\n\n2.5. Representation\n\nEach Contributor represents that the Contributor believes its\nContributions are its original creation(s) or it has sufficient rights\nto grant the rights to its Contributions conveyed by this License.\n\n2.6. Fair Use\n\nThis License is not intended to limit any rights You have under\napplicable copyright doctrines of fair use, fair dealing, or other\nequivalents.\n\n2.7. Conditions\n\nSections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted\nin Section 2.1.\n\n3. Responsibilities\n-------------------\n\n3.1. Distribution of Source Form\n\nAll distribution of Covered Software in Source Code Form, including any\nModifications that You create or to which You contribute, must be under\nthe terms of this License. You must inform recipients that the Source\nCode Form of the Covered Software is governed by the terms of this\nLicense, and how they can obtain a copy of this License. You may not\nattempt to alter or restrict the recipients' rights in the Source Code\nForm.\n\n3.2. Distribution of Executable Form\n\nIf You distribute Covered Software in Executable Form then:\n\n(a) such Covered Software must also be made available in Source Code\n    Form, as described in Section 3.1, and You must inform recipients of\n    the Executable Form how they can obtain a copy of such Source Code\n    Form by reasonable means in a timely manner, at a charge no more\n    than the cost of distribution to the recipient; and\n\n(b) You may distribute such Executable Form under the terms of this\n    License, or sublicense it under different terms, provided that the\n    license for the Executable Form does not attempt to limit or alter\n    the recipients' rights in the Source Code Form under this License.\n\n3.3. Distribution of a Larger Work\n\nYou may create and distribute a Larger Work under terms of Your choice,\nprovided that You also comply with the requirements of this License for\nthe Covered Software. If the Larger Work is a combination of Covered\nSoftware with a work governed by one or more Secondary Licenses, and the\nCovered Software is not Incompatible With Secondary Licenses, this\nLicense permits You to additionally distribute such Covered Software\nunder the terms of such Secondary License(s), so that the recipient of\nthe Larger Work may, at their option, further distribute the Covered\nSoftware under the terms of either this License or such Secondary\nLicense(s).\n\n3.4. Notices\n\nYou may not remove or alter the substance of any license notices\n(including copyright notices, patent notices, disclaimers of warranty,\nor limitations of liability) contained within the Source Code Form of\nthe Covered Software, except that You may alter any license notices to\nthe extent required to remedy known factual inaccuracies.\n\n3.5. Application of Additional Terms\n\nYou may choose to offer, and to charge a fee for, warranty, support,\nindemnity or liability obligations to one or more recipients of Covered\nSoftware. However, You may do so only on Your own behalf, and not on\nbehalf of any Contributor. You must make it absolutely clear that any\nsuch warranty, support, indemnity, or liability obligation is offered by\nYou alone, and You hereby agree to indemnify every Contributor for any\nliability incurred by such Contributor as a result of warranty, support,\nindemnity or liability terms You offer. You may include additional\ndisclaimers of warranty and limitations of liability specific to any\njurisdiction.\n\n4. Inability to Comply Due to Statute or Regulation\n---------------------------------------------------\n\nIf it is impossible for You to comply with any of the terms of this\nLicense with respect to some or all of the Covered Software due to\nstatute, judicial order, or regulation then You must: (a) comply with\nthe terms of this License to the maximum extent possible; and (b)\ndescribe the limitations and the code they affect. Such description must\nbe placed in a text file included with all distributions of the Covered\nSoftware under this License. Except to the extent prohibited by statute\nor regulation, such description must be sufficiently detailed for a\nrecipient of ordinary skill to be able to understand it.\n\n5. Termination\n--------------\n\n5.1. The rights granted under this License will terminate automatically\nif You fail to comply with any of its terms. However, if You become\ncompliant, then the rights granted under this License from a particular\nContributor are reinstated (a) provisionally, unless and until such\nContributor explicitly and finally terminates Your grants, and (b) on an\nongoing basis, if such Contributor fails to notify You of the\nnon-compliance by some reasonable means prior to 60 days after You have\ncome back into compliance. Moreover, Your grants from a particular\nContributor are reinstated on an ongoing basis if such Contributor\nnotifies You of the non-compliance by some reasonable means, this is the\nfirst time You have received notice of non-compliance with this License\nfrom such Contributor, and You become compliant prior to 30 days after\nYour receipt of the notice.\n\n5.2. If You initiate litigation against any entity by asserting a patent\ninfringement claim (excluding declaratory judgment actions,\ncounter-claims, and cross-claims) alleging that a Contributor Version\ndirectly or indirectly infringes any patent, then the rights granted to\nYou by any and all Contributors for the Covered Software under Section\n2.1 of this License shall terminate.\n\n5.3. In the event of termination under Sections 5.1 or 5.2 above, all\nend user license agreements (excluding distributors and resellers) which\nhave been validly granted by You or Your distributors under this License\nprior to termination shall survive termination.\n\n************************************************************************\n*                                                                      *\n*  6. Disclaimer of Warranty                                           *\n*  -------------------------                                           *\n*                                                                      *\n*  Covered Software is provided under this License on an \"as is\"       *\n*  basis, without warranty of any kind, either expressed, implied, or  *\n*  statutory, including, without limitation, warranties that the       *\n*  Covered Software is free of defects, merchantable, fit for a        *\n*  particular purpose or non-infringing. The entire risk as to the     *\n*  quality and performance of the Covered Software is with You.        *\n*  Should any Covered Software prove defective in any respect, You     *\n*  (not any Contributor) assume the cost of any necessary servicing,   *\n*  repair, or correction. This disclaimer of warranty constitutes an   *\n*  essential part of this License. No use of any Covered Software is   *\n*  authorized under this License except under this disclaimer.         *\n*                                                                      *\n************************************************************************\n\n************************************************************************\n*                                                                      *\n*  7. Limitation of Liability                                          *\n*  --------------------------                                          *\n*                                                                      *\n*  Under no circumstances and under no legal theory, whether tort      *\n*  (including negligence), contract, or otherwise, shall any           *\n*  Contributor, or anyone who distributes Covered Software as          *\n*  permitted above, be liable to You for any direct, indirect,         *\n*  special, incidental, or consequential damages of any character      *\n*  including, without limitation, damages for lost profits, loss of    *\n*  goodwill, work stoppage, computer failure or malfunction, or any    *\n*  and all other commercial damages or losses, even if such party      *\n*  shall have been informed of the possibility of such damages. This   *\n*  limitation of liability shall not apply to liability for death or   *\n*  personal injury resulting from such party's negligence to the       *\n*  extent applicable law prohibits such limitation. Some               *\n*  jurisdictions do not allow the exclusion or limitation of           *\n*  incidental or consequential damages, so this exclusion and          *\n*  limitation may not apply to You.                                    *\n*                                                                      *\n************************************************************************\n\n8. Litigation\n-------------\n\nAny litigation relating to this License may be brought only in the\ncourts of a jurisdiction where the defendant maintains its principal\nplace of business and such litigation shall be governed by laws of that\njurisdiction, without reference to its conflict-of-law provisions.\nNothing in this Section shall prevent a party's ability to bring\ncross-claims or counter-claims.\n\n9. Miscellaneous\n----------------\n\nThis License represents the complete agreement concerning the subject\nmatter hereof. If any provision of this License is held to be\nunenforceable, such provision shall be reformed only to the extent\nnecessary to make it enforceable. Any law or regulation which provides\nthat the language of a contract shall be construed against the drafter\nshall not be used to construe this License against a Contributor.\n\n10. Versions of the License\n---------------------------\n\n10.1. New Versions\n\nMozilla Foundation is the license steward. Except as provided in Section\n10.3, no one other than the license steward has the right to modify or\npublish new versions of this License. Each version will be given a\ndistinguishing version number.\n\n10.2. Effect of New Versions\n\nYou may distribute the Covered Software under the terms of the version\nof the License under which You originally received the Covered Software,\nor under the terms of any subsequent version published by the license\nsteward.\n\n10.3. Modified Versions\n\nIf you create software not governed by this License, and you want to\ncreate a new license for such software, you may create and use a\nmodified version of this License if you rename the license and remove\nany references to the name of the license steward (except to note that\nsuch modified license differs from this License).\n\n10.4. Distributing Source Code Form that is Incompatible With Secondary\nLicenses\n\nIf You choose to distribute Source Code Form that is Incompatible With\nSecondary Licenses under the terms of this version of the License, the\nnotice described in Exhibit B of this License must be attached.\n\nExhibit A - Source Code Form License Notice\n-------------------------------------------\n\n  This Source Code Form is subject to the terms of the Mozilla Public\n  License, v. 2.0. If a copy of the MPL was not distributed with this\n  file, You can obtain one at http://mozilla.org/MPL/2.0/.\n\nIf it is not possible or desirable to put the notice in a particular\nfile, then You may include the notice in a location (such as a LICENSE\nfile in a relevant directory) where a recipient would be likely to look\nfor such a notice.\n\nYou may add additional accurate notices of copyright ownership.\n\nExhibit B - \"Incompatible With Secondary Licenses\" Notice\n---------------------------------------------------------\n\n  This Source Code Form is \"Incompatible With Secondary Licenses\", as\n  defined by the Mozilla Public License, v. 2.0.\n"
   },
+  {
+    "name": "github.com/go-viper/mapstructure/v2",
+    "path": "github.com/go-viper/mapstructure/v2/LICENSE",
+    "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2013 Mitchell Hashimoto\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n"
+  },
   {
     "name": "github.com/go-webauthn/webauthn",
     "path": "github.com/go-webauthn/webauthn/LICENSE",
-    "licenseText": "Copyright (c) 2017 Duo Security, Inc. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n   notice, this list of conditions and the following disclaimer.\n2. Redistributions in binary form must reproduce the above copyright\n   notice, this list of conditions and the following disclaimer in the\n   documentation and/or other materials provided with the distribution.\n3. Neither the name of the copyright holder nor the names of its\n   contributors may be used to endorse or promote products derived from\n   this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS\nIS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR\nCONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,\nEXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,\nPROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\nPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\n\nCopyright (c) 2021-2022 github.com/go-webauthn/webauthn authors.\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the\nfollowing conditions are met:\n\n1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following\n   disclaimer.\n\n2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following\n   disclaimer in the documentation and/or other materials provided with the distribution.\n\n3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products\n   derived from this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES,\nINCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\nTHIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
+    "licenseText": "Copyright (c) 2025 github.com/go-webauthn/webauthn authors.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions\nare met:\n\n1. Redistributions of source code must retain the above copyright\n   notice, this list of conditions and the following disclaimer.\n2. Redistributions in binary form must reproduce the above copyright\n   notice, this list of conditions and the following disclaimer in the\n   documentation and/or other materials provided with the distribution.\n3. Neither the name of the copyright holder nor the names of its\n   contributors may be used to endorse or promote products derived from\n   this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS\nIS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR\nCONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,\nEXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,\nPROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR\nPROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF\nLIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING\nNEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
+  },
+  {
+    "name": "github.com/go-webauthn/x/encoding/asn1",
+    "path": "github.com/go-webauthn/x/encoding/asn1/LICENSE",
+    "licenseText": "Copyright (c) 2021-2023 github.com/go-webauthn authors.\n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the\nfollowing conditions are met:\n\n1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following\n   disclaimer.\n\n2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following\n   disclaimer in the documentation and/or other materials provided with the distribution.\n\n3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products\n   derived from this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES,\nINCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\nWHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\nTHIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
   },
   {
     "name": "github.com/go-webauthn/x/revoke",
@@ -954,11 +964,6 @@
     "path": "github.com/minio/minlz/LICENSE",
     "licenseText": "\r\n                                 Apache License\r\n                           Version 2.0, January 2004\r\n                        http://www.apache.org/licenses/\r\n\r\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\r\n\r\n   1. Definitions.\r\n\r\n      \"License\" shall mean the terms and conditions for use, reproduction,\r\n      and distribution as defined by Sections 1 through 9 of this document.\r\n\r\n      \"Licensor\" shall mean the copyright owner or entity authorized by\r\n      the copyright owner that is granting the License.\r\n\r\n      \"Legal Entity\" shall mean the union of the acting entity and all\r\n      other entities that control, are controlled by, or are under common\r\n      control with that entity. For the purposes of this definition,\r\n      \"control\" means (i) the power, direct or indirect, to cause the\r\n      direction or management of such entity, whether by contract or\r\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\r\n      outstanding shares, or (iii) beneficial ownership of such entity.\r\n\r\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\r\n      exercising permissions granted by this License.\r\n\r\n      \"Source\" form shall mean the preferred form for making modifications,\r\n      including but not limited to software source code, documentation\r\n      source, and configuration files.\r\n\r\n      \"Object\" form shall mean any form resulting from mechanical\r\n      transformation or translation of a Source form, including but\r\n      not limited to compiled object code, generated documentation,\r\n      and conversions to other media types.\r\n\r\n      \"Work\" shall mean the work of authorship, whether in Source or\r\n      Object form, made available under the License, as indicated by a\r\n      copyright notice that is included in or attached to the work\r\n      (an example is provided in the Appendix below).\r\n\r\n      \"Derivative Works\" shall mean any work, whether in Source or Object\r\n      form, that is based on (or derived from) the Work and for which the\r\n      editorial revisions, annotations, elaborations, or other modifications\r\n      represent, as a whole, an original work of authorship. For the purposes\r\n      of this License, Derivative Works shall not include works that remain\r\n      separable from, or merely link (or bind by name) to the interfaces of,\r\n      the Work and Derivative Works thereof.\r\n\r\n      \"Contribution\" shall mean any work of authorship, including\r\n      the original version of the Work and any modifications or additions\r\n      to that Work or Derivative Works thereof, that is intentionally\r\n      submitted to Licensor for inclusion in the Work by the copyright owner\r\n      or by an individual or Legal Entity authorized to submit on behalf of\r\n      the copyright owner. For the purposes of this definition, \"submitted\"\r\n      means any form of electronic, verbal, or written communication sent\r\n      to the Licensor or its representatives, including but not limited to\r\n      communication on electronic mailing lists, source code control systems,\r\n      and issue tracking systems that are managed by, or on behalf of, the\r\n      Licensor for the purpose of discussing and improving the Work, but\r\n      excluding communication that is conspicuously marked or otherwise\r\n      designated in writing by the copyright owner as \"Not a Contribution.\"\r\n\r\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\r\n      on behalf of whom a Contribution has been received by Licensor and\r\n      subsequently incorporated within the Work.\r\n\r\n   2. Grant of Copyright License. Subject to the terms and conditions of\r\n      this License, each Contributor hereby grants to You a perpetual,\r\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\r\n      copyright license to reproduce, prepare Derivative Works of,\r\n      publicly display, publicly perform, sublicense, and distribute the\r\n      Work and such Derivative Works in Source or Object form.\r\n\r\n   3. Grant of Patent License. Subject to the terms and conditions of\r\n      this License, each Contributor hereby grants to You a perpetual,\r\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\r\n      (except as stated in this section) patent license to make, have made,\r\n      use, offer to sell, sell, import, and otherwise transfer the Work,\r\n      where such license applies only to those patent claims licensable\r\n      by such Contributor that are necessarily infringed by their\r\n      Contribution(s) alone or by combination of their Contribution(s)\r\n      with the Work to which such Contribution(s) was submitted. If You\r\n      institute patent litigation against any entity (including a\r\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\r\n      or a Contribution incorporated within the Work constitutes direct\r\n      or contributory patent infringement, then any patent licenses\r\n      granted to You under this License for that Work shall terminate\r\n      as of the date such litigation is filed.\r\n\r\n   4. Redistribution. You may reproduce and distribute copies of the\r\n      Work or Derivative Works thereof in any medium, with or without\r\n      modifications, and in Source or Object form, provided that You\r\n      meet the following conditions:\r\n\r\n      (a) You must give any other recipients of the Work or\r\n          Derivative Works a copy of this License; and\r\n\r\n      (b) You must cause any modified files to carry prominent notices\r\n          stating that You changed the files; and\r\n\r\n      (c) You must retain, in the Source form of any Derivative Works\r\n          that You distribute, all copyright, patent, trademark, and\r\n          attribution notices from the Source form of the Work,\r\n          excluding those notices that do not pertain to any part of\r\n          the Derivative Works; and\r\n\r\n      (d) If the Work includes a \"NOTICE\" text file as part of its\r\n          distribution, then any Derivative Works that You distribute must\r\n          include a readable copy of the attribution notices contained\r\n          within such NOTICE file, excluding those notices that do not\r\n          pertain to any part of the Derivative Works, in at least one\r\n          of the following places: within a NOTICE text file distributed\r\n          as part of the Derivative Works; within the Source form or\r\n          documentation, if provided along with the Derivative Works; or,\r\n          within a display generated by the Derivative Works, if and\r\n          wherever such third-party notices normally appear. The contents\r\n          of the NOTICE file are for informational purposes only and\r\n          do not modify the License. You may add Your own attribution\r\n          notices within Derivative Works that You distribute, alongside\r\n          or as an addendum to the NOTICE text from the Work, provided\r\n          that such additional attribution notices cannot be construed\r\n          as modifying the License.\r\n\r\n      You may add Your own copyright statement to Your modifications and\r\n      may provide additional or different license terms and conditions\r\n      for use, reproduction, or distribution of Your modifications, or\r\n      for any such Derivative Works as a whole, provided Your use,\r\n      reproduction, and distribution of the Work otherwise complies with\r\n      the conditions stated in this License.\r\n\r\n   5. Submission of Contributions. Unless You explicitly state otherwise,\r\n      any Contribution intentionally submitted for inclusion in the Work\r\n      by You to the Licensor shall be under the terms and conditions of\r\n      this License, without any additional terms or conditions.\r\n      Notwithstanding the above, nothing herein shall supersede or modify\r\n      the terms of any separate license agreement you may have executed\r\n      with Licensor regarding such Contributions.\r\n\r\n   6. Trademarks. This License does not grant permission to use the trade\r\n      names, trademarks, service marks, or product names of the Licensor,\r\n      except as required for reasonable and customary use in describing the\r\n      origin of the Work and reproducing the content of the NOTICE file.\r\n\r\n   7. Disclaimer of Warranty. Unless required by applicable law or\r\n      agreed to in writing, Licensor provides the Work (and each\r\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\r\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\r\n      implied, including, without limitation, any warranties or conditions\r\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\r\n      PARTICULAR PURPOSE. You are solely responsible for determining the\r\n      appropriateness of using or redistributing the Work and assume any\r\n      risks associated with Your exercise of permissions under this License.\r\n\r\n   8. Limitation of Liability. In no event and under no legal theory,\r\n      whether in tort (including negligence), contract, or otherwise,\r\n      unless required by applicable law (such as deliberate and grossly\r\n      negligent acts) or agreed to in writing, shall any Contributor be\r\n      liable to You for damages, including any direct, indirect, special,\r\n      incidental, or consequential damages of any character arising as a\r\n      result of this License or out of the use or inability to use the\r\n      Work (including but not limited to damages for loss of goodwill,\r\n      work stoppage, computer failure or malfunction, or any and all\r\n      other commercial damages or losses), even if such Contributor\r\n      has been advised of the possibility of such damages.\r\n\r\n   9. Accepting Warranty or Additional Liability. While redistributing\r\n      the Work or Derivative Works thereof, You may choose to offer,\r\n      and charge a fee for, acceptance of support, warranty, indemnity,\r\n      or other liability obligations and/or rights consistent with this\r\n      License. However, in accepting such obligations, You may act only\r\n      on Your own behalf and on Your sole responsibility, not on behalf\r\n      of any other Contributor, and only if You agree to indemnify,\r\n      defend, and hold each Contributor harmless for any liability\r\n      incurred by, or claims asserted against, such Contributor by reason\r\n      of your accepting any such warranty or additional liability.\r\n\r\nEND OF TERMS AND CONDITIONS"
   },
-  {
-    "name": "github.com/mitchellh/mapstructure",
-    "path": "github.com/mitchellh/mapstructure/LICENSE",
-    "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2013 Mitchell Hashimoto\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n"
-  },
   {
     "name": "github.com/modern-go/concurrent",
     "path": "github.com/modern-go/concurrent/LICENSE",
diff --git a/go.mod b/go.mod
index 2d61f1370b..3cc3b860b1 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-openapi/spec v0.22.3
 	github.com/go-sql-driver/mysql v1.9.3
-	github.com/go-webauthn/webauthn v0.14.0
+	github.com/go-webauthn/webauthn v0.16.1
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
@@ -186,7 +186,8 @@ require (
 	github.com/go-openapi/swag/stringutils v0.25.4 // indirect
 	github.com/go-openapi/swag/typeutils v0.25.4 // indirect
 	github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
-	github.com/go-webauthn/x v0.1.25 // indirect
+	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
+	github.com/go-webauthn/x v0.2.2 // indirect
 	github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect
@@ -194,7 +195,7 @@ require (
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/google/go-tpm v0.9.5 // indirect
+	github.com/google/go-tpm v0.9.8 // indirect
 	github.com/gorilla/css v1.0.1 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/gorilla/securecookie v1.1.2 // indirect
@@ -220,7 +221,6 @@ require (
 	github.com/minio/crc64nvme v1.1.1 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/minio/minlz v1.0.1 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/mrjones/oauth v0.0.0-20190623134757-126b35219450 // indirect
diff --git a/go.sum b/go.sum
index ab5dee66e8..7ff8a08bef 100644
--- a/go.sum
+++ b/go.sum
@@ -323,10 +323,12 @@ github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI6
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
-github.com/go-webauthn/webauthn v0.14.0 h1:ZLNPUgPcDlAeoxe+5umWG/tEeCoQIDr7gE2Zx2QnhL0=
-github.com/go-webauthn/webauthn v0.14.0/go.mod h1:QZzPFH3LJ48u5uEPAu+8/nWJImoLBWM7iAH/kSVSo6k=
-github.com/go-webauthn/x v0.1.25 h1:g/0noooIGcz/yCVqebcFgNnGIgBlJIccS+LYAa+0Z88=
-github.com/go-webauthn/x v0.1.25/go.mod h1:ieblaPY1/BVCV0oQTsA/VAo08/TWayQuJuo5Q+XxmTY=
+github.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPEgAXnvj1Ro=
+github.com/go-viper/mapstructure/v2 v2.5.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-webauthn/webauthn v0.16.1 h1:x5/SSki5/aIfogaRukqvbg/RXa3Sgxy/9vU7UfFPHKU=
+github.com/go-webauthn/webauthn v0.16.1/go.mod h1:RBS+rtQJMkE5VfMQ4diDA2VNrEL8OeUhp4Srz37FHbQ=
+github.com/go-webauthn/x v0.2.2 h1:zIiipvMbr48CXi5RG0XdBJR94kd8I5LfzHPb/q+YYmk=
+github.com/go-webauthn/x v0.2.2/go.mod h1:IpJ5qyWB9NRhLX3C7gIfjTU7RZLXEP6kzFkoVSE7Fz4=
 github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b h1:khEcpUM4yFcxg4/FHQWkvVRmgijNXRfzkIDHh23ggEo=
 github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
@@ -386,8 +388,10 @@ github.com/google/go-github/v81 v81.0.0 h1:hTLugQRxSLD1Yei18fk4A5eYjOGLUBKAl/VCq
 github.com/google/go-github/v81 v81.0.0/go.mod h1:upyjaybucIbBIuxgJS7YLOZGziyvvJ92WX6WEBNE3sM=
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
-github.com/google/go-tpm v0.9.5 h1:ocUmnDebX54dnW+MQWGQRbdaAcJELsa6PqZhJ48KwVU=
-github.com/google/go-tpm v0.9.5/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
+github.com/google/go-tpm v0.9.8 h1:slArAR9Ft+1ybZu0lBwpSmpwhRXaa85hWtMinMyRAWo=
+github.com/google/go-tpm v0.9.8/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY=
+github.com/google/go-tpm-tools v0.3.13-0.20230620182252-4639ecce2aba h1:qJEJcuLzH5KDR0gKc0zcktin6KSAwL7+jWKBYceddTc=
+github.com/google/go-tpm-tools v0.3.13-0.20230620182252-4639ecce2aba/go.mod h1:EFYHy8/1y2KfgTAsx7Luu7NGhoxtuVHnNo8jE7FikKc=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
 github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
@@ -538,8 +542,6 @@ github.com/minio/minio-go/v7 v7.0.99 h1:2vH/byrwUkIpFQFOilvTfaUpvAX3fEFhEzO+DR3D
 github.com/minio/minio-go/v7 v7.0.99/go.mod h1:EtGNKtlX20iL2yaYnxEigaIvj0G0GwSDnifnG8ClIdw=
 github.com/minio/minlz v1.0.1 h1:OUZUzXcib8diiX+JYxyRLIdomyZYzHct6EShOKtQY2A=
 github.com/minio/minlz v1.0.1/go.mod h1:qT0aEB35q79LLornSzeDH75LBf3aH1MV+jB5w9Wasec=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=

From d2db9b2691bac307a509ed536394daf1604abd73 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 19 Mar 2026 04:30:22 +0100
Subject: [PATCH 544/854] Update module golang.org/x/oauth2 to v0.36.0
 (forgejo) (#11741)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11741
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 3cc3b860b1..000797c92c 100644
--- a/go.mod
+++ b/go.mod
@@ -105,7 +105,7 @@ require (
 	golang.org/x/crypto v0.49.0
 	golang.org/x/image v0.37.0
 	golang.org/x/net v0.52.0
-	golang.org/x/oauth2 v0.34.0
+	golang.org/x/oauth2 v0.36.0
 	golang.org/x/sync v0.20.0
 	golang.org/x/sys v0.42.0
 	golang.org/x/text v0.35.0
diff --git a/go.sum b/go.sum
index 7ff8a08bef..5ab52a8f49 100644
--- a/go.sum
+++ b/go.sum
@@ -800,8 +800,8 @@ golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw=
-golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA=
+golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
+golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

From 97a38372151e43ac05b52af7766c26e9f6b4d4fe Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Thu, 19 Mar 2026 04:34:27 +0100
Subject: [PATCH 545/854] branding!: make cookies brand independent (#10645)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10645
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
---
 modules/setting/security.go        | 2 +-
 modules/setting/session.go         | 4 ++--
 release-notes/10645.md             | 1 +
 services/context/base_test.go      | 2 +-
 services/context/context_cookie.go | 2 +-
 5 files changed, 6 insertions(+), 5 deletions(-)
 create mode 100644 release-notes/10645.md

diff --git a/modules/setting/security.go b/modules/setting/security.go
index 347912f248..e00a6af0ee 100644
--- a/modules/setting/security.go
+++ b/modules/setting/security.go
@@ -114,7 +114,7 @@ func loadSecurityFrom(rootCfg ConfigProvider) {
 
 	GlobalTwoFactorRequirement = NewTwoFactorRequirementType(sec.Key("GLOBAL_TWO_FACTOR_REQUIREMENT").String())
 
-	CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").MustString("gitea_incredible")
+	CookieRememberName = sec.Key("COOKIE_REMEMBER_NAME").MustString("persistent")
 
 	ReverseProxyAuthUser = sec.Key("REVERSE_PROXY_AUTHENTICATION_USER").MustString("X-WEBAUTH-USER")
 	ReverseProxyAuthEmail = sec.Key("REVERSE_PROXY_AUTHENTICATION_EMAIL").MustString("X-WEBAUTH-EMAIL")
diff --git a/modules/setting/session.go b/modules/setting/session.go
index e9ff9bf0bc..1d88ad334c 100644
--- a/modules/setting/session.go
+++ b/modules/setting/session.go
@@ -34,7 +34,7 @@ var SessionConfig = struct {
 	// SameSite declares if your cookie should be restricted to a first-party or same-site context. Valid strings are "none", "lax", "strict". Default is "lax"
 	SameSite http.SameSite
 }{
-	CookieName:  "i_like_gitea",
+	CookieName:  "session",
 	Gclifetime:  86400,
 	Maxlifetime: 86400,
 	SameSite:    http.SameSiteLaxMode,
@@ -48,7 +48,7 @@ func loadSessionFrom(rootCfg ConfigProvider) {
 	if SessionConfig.Provider == "file" && !filepath.IsAbs(SessionConfig.ProviderConfig) {
 		SessionConfig.ProviderConfig = path.Join(AppWorkPath, SessionConfig.ProviderConfig)
 	}
-	SessionConfig.CookieName = sec.Key("COOKIE_NAME").MustString("i_like_gitea")
+	SessionConfig.CookieName = sec.Key("COOKIE_NAME").MustString("session")
 	SessionConfig.CookiePath = AppSubURL
 	if SessionConfig.CookiePath == "" {
 		SessionConfig.CookiePath = "/"
diff --git a/release-notes/10645.md b/release-notes/10645.md
new file mode 100644
index 0000000000..61686efaa2
--- /dev/null
+++ b/release-notes/10645.md
@@ -0,0 +1 @@
+Make cookie names brand independent.<br>Attention: All users need to re-login, if you haven't manually set a cookie name in the settings. This can be prevented by changing the [remember me cookie](https://forgejo.org/docs/latest/admin/config-cheat-sheet/#security-security:~:text=COOKIE_REMEMBER_NAME) back to `gitea_incredible`
diff --git a/services/context/base_test.go b/services/context/base_test.go
index 9e058d8f24..e199f47fc4 100644
--- a/services/context/base_test.go
+++ b/services/context/base_test.go
@@ -34,7 +34,7 @@ func TestRedirect(t *testing.T) {
 		resp.Header().Add("Set-Cookie", (&http.Cookie{Name: setting.SessionConfig.CookieName, Value: "dummy"}).String())
 		b.Redirect(c.url)
 		cleanup()
-		has := resp.Header().Get("Set-Cookie") == "i_like_gitea=dummy"
+		has := resp.Header().Get("Set-Cookie") == "session=dummy"
 		assert.Equal(t, c.keep, has, "url = %q", c.url)
 		assert.Equal(t, http.StatusSeeOther, resp.Code)
 	}
diff --git a/services/context/context_cookie.go b/services/context/context_cookie.go
index 08ef84b5eb..4ed2b80439 100644
--- a/services/context/context_cookie.go
+++ b/services/context/context_cookie.go
@@ -14,7 +14,7 @@ import (
 	"forgejo.org/modules/web/middleware"
 )
 
-const CookieNameFlash = "gitea_flash"
+const CookieNameFlash = "flash"
 
 func removeSessionCookieHeader(w http.ResponseWriter) {
 	cookies := w.Header()["Set-Cookie"]

From 47d4595894154fe745b835277d68a87891b0b893 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 19 Mar 2026 05:56:57 +0100
Subject: [PATCH 546/854] Update module golang.org/x/tools/cmd/deadcode to
 v0.43.0 (forgejo) (#11743)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 10c1f29f86..dda216c0e9 100644
--- a/Makefile
+++ b/Makefile
@@ -45,7 +45,7 @@ SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.2 # renova
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses/v2@v2.0.1 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.42.0 # renovate: datasource=go
+DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.43.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
 RENOVATE_NPM_PACKAGE ?= renovate@43.76.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate

From 04f6645c3873309ddeee5c45caf37ab9914806fc Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 19 Mar 2026 06:47:57 +0100
Subject: [PATCH 547/854] Update Node.js to v24.14.0 (forgejo) (#11745)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11745
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .node-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.node-version b/.node-version
index f94d3c2ea9..bd165d99d1 100644
--- a/.node-version
+++ b/.node-version
@@ -1 +1 @@
-24.13.1
\ No newline at end of file
+24.14.0
\ No newline at end of file

From 6b2322f11002d85e876dcf6149bd513b61a2324f Mon Sep 17 00:00:00 2001
From: minh160302 <minh160302@noreply.codeberg.org>
Date: Thu, 19 Mar 2026 15:41:33 +0100
Subject: [PATCH 548/854] fix(i18n): hardcoded strings in repository activity
 graphs (#11735)

This PR removes hard-coded string from the activities page.
Resolves https://codeberg.org/forgejo/forgejo/issues/11680

Co-authored-by: Minh Nguyen <44615298+minh160302@users.noreply.github.com>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11735
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: minh160302 <minh160302@noreply.codeberg.org>
Co-committed-by: minh160302 <minh160302@noreply.codeberg.org>
---
 options/locale_next/locale_en-US.json          |  2 ++
 templates/repo/code_frequency.tmpl             |  1 +
 templates/repo/recent_commits.tmpl             |  1 +
 .../e2e/repo-activity-contributors.test.e2e.ts | 18 ++++++++++++++++++
 web_src/js/components/RepoCodeFrequency.vue    |  2 +-
 web_src/js/components/RepoRecentCommits.vue    |  2 +-
 web_src/js/features/code-frequency.js          |  1 +
 web_src/js/features/recent-commits.js          |  1 +
 8 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 1a4036b79b..9db0fb67c6 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -561,5 +561,7 @@
 	"editor.toggle_regex": "Toggle using regular expressions",
 	"editor.toggle_whole_word": "Toggle matching whole words",
 	"form.RunnerName": "Name",
+	"graphs.recent_commits.title": "Number of commits in the past year",
+	"graphs.code_frequency.title": "Code frequency over the history of {0}",
 	"meta.last_line": "Thank you for translating Forgejo! This line isn't seen by the users but it serves other purposes in the translation management. You can place a fun fact in the translation instead of translating it."
 }
diff --git a/templates/repo/code_frequency.tmpl b/templates/repo/code_frequency.tmpl
index 50ec1beb6b..e6bc097420 100644
--- a/templates/repo/code_frequency.tmpl
+++ b/templates/repo/code_frequency.tmpl
@@ -2,6 +2,7 @@
 	<div id="repo-code-frequency-chart"
 		data-locale-loading-title="{{ctx.Locale.Tr "graphs.component_loading" (ctx.Locale.Tr "graphs.code_frequency.what")}}"
 		data-locale-loading-title-failed="{{ctx.Locale.Tr "graphs.component_loading_failed" (ctx.Locale.Tr "graphs.code_frequency.what")}}"
+		data-locale-code-frequency-title="{{ctx.Locale.Tr "graphs.code_frequency.title"}}"
 		data-locale-loading-info="{{ctx.Locale.Tr "graphs.component_loading_info"}}"
 		data-locale-component-failed-to-load="{{ctx.Locale.Tr "graphs.component_failed_to_load"}}"
 	>
diff --git a/templates/repo/recent_commits.tmpl b/templates/repo/recent_commits.tmpl
index 5c241d635c..b39dabdaca 100644
--- a/templates/repo/recent_commits.tmpl
+++ b/templates/repo/recent_commits.tmpl
@@ -2,6 +2,7 @@
 	<div id="repo-recent-commits-chart"
 		data-locale-loading-title="{{ctx.Locale.Tr "graphs.component_loading" (ctx.Locale.Tr "graphs.recent_commits.what")}}"
 		data-locale-loading-title-failed="{{ctx.Locale.Tr "graphs.component_loading_failed" (ctx.Locale.Tr "graphs.recent_commits.what")}}"
+		data-locale-recent-commits-title="{{ctx.Locale.Tr "graphs.recent_commits.title"}}"
 		data-locale-loading-info="{{ctx.Locale.Tr "graphs.component_loading_info"}}"
 		data-locale-component-failed-to-load="{{ctx.Locale.Tr "graphs.component_failed_to_load"}}"
 	>
diff --git a/tests/e2e/repo-activity-contributors.test.e2e.ts b/tests/e2e/repo-activity-contributors.test.e2e.ts
index ece62cfaba..d9096bc8a3 100644
--- a/tests/e2e/repo-activity-contributors.test.e2e.ts
+++ b/tests/e2e/repo-activity-contributors.test.e2e.ts
@@ -15,3 +15,21 @@ test('Contributor graph', async ({page}) => {
   await page.getByRole('link', {name: '2 Commits'}).click();
   await expect(page.getByRole('cell', {name: 'Bob'})).toHaveCount(2);
 });
+
+test('Code frequency', async ({page}) => {
+  await page.goto('/user2/commits_search_test/activity/code-frequency');
+
+  /* Verify that Vue has access to i18n string */
+  const header = page.locator('#repo-code-frequency-chart .header');
+  await header.waitFor();
+  await expect(header).toContainText('Code frequency over the history of user2/commits_search_test');
+});
+
+test('Recent commits', async ({page}) => {
+  await page.goto('/user2/commits_search_test/activity/recent-commits');
+
+  /* Verify that Vue has access to i18n string */
+  const header = page.locator('#repo-recent-commits-chart .header');
+  await header.waitFor();
+  await expect(header).toContainText('Number of commits in the past year');
+});
diff --git a/web_src/js/components/RepoCodeFrequency.vue b/web_src/js/components/RepoCodeFrequency.vue
index 1d40d6d417..5aef63b0d4 100644
--- a/web_src/js/components/RepoCodeFrequency.vue
+++ b/web_src/js/components/RepoCodeFrequency.vue
@@ -145,7 +145,7 @@ export default {
 <template>
   <div>
     <div class="ui header tw-flex tw-items-center tw-justify-between">
-      {{ isLoading ? locale.loadingTitle : errorText ? locale.loadingTitleFailed: `Code frequency over the history of ${repoLink.slice(1)}` }}
+      {{ isLoading ? locale.loadingTitle : errorText ? locale.loadingTitleFailed : locale.codeFrequencyTitle.replace('{0}', repoLink.slice(1)) }}
     </div>
     <div class="tw-flex ui segment main-graph">
       <div v-if="isLoading || errorText !== ''" class="gt-tc tw-m-auto">
diff --git a/web_src/js/components/RepoRecentCommits.vue b/web_src/js/components/RepoRecentCommits.vue
index 8759978e78..92d355596b 100644
--- a/web_src/js/components/RepoRecentCommits.vue
+++ b/web_src/js/components/RepoRecentCommits.vue
@@ -122,7 +122,7 @@ export default {
 <template>
   <div>
     <div class="ui header tw-flex tw-items-center tw-justify-between">
-      {{ isLoading ? locale.loadingTitle : errorText ? locale.loadingTitleFailed: "Number of commits in the past year" }}
+      {{ isLoading ? locale.loadingTitle : errorText ? locale.loadingTitleFailed : locale.recentCommitsTitle }}
     </div>
     <div class="tw-flex ui segment main-graph">
       <div v-if="isLoading || errorText !== ''" class="gt-tc tw-m-auto">
diff --git a/web_src/js/features/code-frequency.js b/web_src/js/features/code-frequency.js
index 47e1539ddc..570448a3b8 100644
--- a/web_src/js/features/code-frequency.js
+++ b/web_src/js/features/code-frequency.js
@@ -11,6 +11,7 @@ export async function initRepoCodeFrequency() {
         loadingTitle: el.getAttribute('data-locale-loading-title'),
         loadingTitleFailed: el.getAttribute('data-locale-loading-title-failed'),
         loadingInfo: el.getAttribute('data-locale-loading-info'),
+        codeFrequencyTitle: el.getAttribute('data-locale-code-frequency-title'),
       },
     });
     View.mount(el);
diff --git a/web_src/js/features/recent-commits.js b/web_src/js/features/recent-commits.js
index 030c251a05..3b68a77243 100644
--- a/web_src/js/features/recent-commits.js
+++ b/web_src/js/features/recent-commits.js
@@ -10,6 +10,7 @@ export async function initRepoRecentCommits() {
       locale: {
         loadingTitle: el.getAttribute('data-locale-loading-title'),
         loadingTitleFailed: el.getAttribute('data-locale-loading-title-failed'),
+        recentCommitsTitle: el.getAttribute('data-locale-recent-commits-title'),
         loadingInfo: el.getAttribute('data-locale-loading-info'),
       },
     });

From c317a70b1d062815da6111975197708b6795a1b3 Mon Sep 17 00:00:00 2001
From: hwipl <hwipl@noreply.codeberg.org>
Date: Fri, 20 Mar 2026 02:22:20 +0100
Subject: [PATCH 549/854] feat: document more status codes in the API (#11717)

Add more HTTP status codes returned by the API to the API documentation.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11717
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: hwipl <hwipl@noreply.codeberg.org>
Co-committed-by: hwipl <hwipl@noreply.codeberg.org>
---
 routers/api/v1/repo/issue.go              |  2 ++
 routers/api/v1/repo/issue_tracked_time.go |  6 ++++++
 routers/api/v1/repo/pull.go               |  2 ++
 routers/api/v1/repo/teams.go              |  2 ++
 templates/swagger/v1_json.tmpl            | 18 ++++++++++++++++++
 5 files changed, 30 insertions(+)

diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go
index 1ebfe8352c..00908296b3 100644
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@@ -421,6 +421,8 @@ func ListIssues(ctx *context.APIContext) {
 	//     "$ref": "#/responses/IssueList"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
+	//   "422":
+	//     "$ref": "#/responses/validationError"
 	before, since, err := context.GetQueryBeforeSince(ctx.Base)
 	if err != nil {
 		ctx.Error(http.StatusUnprocessableEntity, "GetQueryBeforeSince", err)
diff --git a/routers/api/v1/repo/issue_tracked_time.go b/routers/api/v1/repo/issue_tracked_time.go
index cc961ca364..1b4f19fb66 100644
--- a/routers/api/v1/repo/issue_tracked_time.go
+++ b/routers/api/v1/repo/issue_tracked_time.go
@@ -69,8 +69,12 @@ func ListTrackedTimes(ctx *context.APIContext) {
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/TrackedTimeList"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
+	//   "422":
+	//     "$ref": "#/responses/validationError"
 
 	if !ctx.Repo.Repository.IsTimetrackerEnabled(ctx) {
 		ctx.NotFound("Timetracker is disabled")
@@ -508,6 +512,8 @@ func ListTrackedTimesByRepository(ctx *context.APIContext) {
 	//     "$ref": "#/responses/forbidden"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
+	//   "422":
+	//     "$ref": "#/responses/validationError"
 
 	if !ctx.Repo.Repository.IsTimetrackerEnabled(ctx) {
 		ctx.Error(http.StatusBadRequest, "", "time tracking disabled")
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index cae39a1466..3c3eb66d5c 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -104,6 +104,8 @@ func ListPullRequests(ctx *context.APIContext) {
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/PullRequestList"
+	//   "400":
+	//     "$ref": "#/responses/error"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 	//   "500":
diff --git a/routers/api/v1/repo/teams.go b/routers/api/v1/repo/teams.go
index cd08968efd..d41ca46757 100644
--- a/routers/api/v1/repo/teams.go
+++ b/routers/api/v1/repo/teams.go
@@ -37,6 +37,8 @@ func ListTeams(ctx *context.APIContext) {
 	//     "$ref": "#/responses/TeamListWithoutPagination"
 	//   "404":
 	//     "$ref": "#/responses/notFound"
+	//   "405":
+	//     "$ref": "#/responses/error"
 
 	if !ctx.Repo.Owner.IsOrganization() {
 		ctx.Error(http.StatusMethodNotAllowed, "noOrg", "repo is not owned by an organization")
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 28a171ad84..9737239467 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -9748,6 +9748,9 @@
           },
           "404": {
             "$ref": "#/responses/notFound"
+          },
+          "422": {
+            "$ref": "#/responses/validationError"
           }
         }
       },
@@ -12694,8 +12697,14 @@
           "200": {
             "$ref": "#/responses/TrackedTimeList"
           },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
           "404": {
             "$ref": "#/responses/notFound"
+          },
+          "422": {
+            "$ref": "#/responses/validationError"
           }
         }
       },
@@ -13964,6 +13973,9 @@
           "200": {
             "$ref": "#/responses/PullRequestList"
           },
+          "400": {
+            "$ref": "#/responses/error"
+          },
           "404": {
             "$ref": "#/responses/notFound"
           },
@@ -17371,6 +17383,9 @@
           },
           "404": {
             "$ref": "#/responses/notFound"
+          },
+          "405": {
+            "$ref": "#/responses/error"
           }
         }
       }
@@ -17585,6 +17600,9 @@
           },
           "404": {
             "$ref": "#/responses/notFound"
+          },
+          "422": {
+            "$ref": "#/responses/validationError"
           }
         }
       }

From dfbd6e50697722a38305b9d2829dd1caf3692061 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 20 Mar 2026 07:00:48 +0100
Subject: [PATCH 550/854] chore: update ingration test

No session ID is even send now
---
 tests/integration/create_no_session_test.go | 22 +++++----------------
 1 file changed, 5 insertions(+), 17 deletions(-)

diff --git a/tests/integration/create_no_session_test.go b/tests/integration/create_no_session_test.go
index 375add7014..fc9c38cabd 100644
--- a/tests/integration/create_no_session_test.go
+++ b/tests/integration/create_no_session_test.go
@@ -6,7 +6,6 @@ package integration
 import (
 	"net/http"
 	"net/http/httptest"
-	"os"
 	"path/filepath"
 	"testing"
 
@@ -31,8 +30,9 @@ func getSessionID(t *testing.T, resp *httptest.ResponseRecorder) string {
 			found = true
 		}
 	}
-	assert.True(t, found)
-	assert.NotEmpty(t, sessionID)
+	if found {
+		assert.NotEmpty(t, sessionID)
+	}
 	return sessionID
 }
 
@@ -40,18 +40,6 @@ func sessionFile(tmpDir, sessionID string) string {
 	return filepath.Join(tmpDir, sessionID[0:1], sessionID[1:2], sessionID)
 }
 
-func sessionFileExist(t *testing.T, tmpDir, sessionID string) bool {
-	sessionFile := sessionFile(tmpDir, sessionID)
-	_, err := os.Lstat(sessionFile)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return false
-		}
-		require.NoError(t, err)
-	}
-	return true
-}
-
 func TestSessionFileCreation(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	defer test.MockProtect(&setting.SessionConfig.ProviderConfig)()
@@ -82,7 +70,7 @@ func TestSessionFileCreation(t *testing.T) {
 		sessionID := getSessionID(t, resp)
 
 		// We're not logged in so there should be no session
-		assert.False(t, sessionFileExist(t, tmpDir, sessionID))
+		assert.Empty(t, sessionID)
 	})
 	t.Run("CreateSessionOnLogin", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
@@ -92,7 +80,7 @@ func TestSessionFileCreation(t *testing.T) {
 		sessionID := getSessionID(t, resp)
 
 		// We're not logged in so there should be no session
-		assert.False(t, sessionFileExist(t, tmpDir, sessionID))
+		assert.Empty(t, sessionID)
 
 		req = NewRequestWithValues(t, "POST", "/user/login", map[string]string{
 			"user_name": "user2",

From 0d879c48ef373f43fa8e8fad617dc7423f6725cb Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 20 Mar 2026 07:04:54 +0100
Subject: [PATCH 551/854] Update module github.com/yuin/goldmark to v1.7.17
 (forgejo) (#11751)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11751
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 000797c92c..6f5eaed403 100644
--- a/go.mod
+++ b/go.mod
@@ -97,7 +97,7 @@ require (
 	github.com/urfave/cli/v3 v3.7.0
 	github.com/valyala/fastjson v1.6.10
 	github.com/yohcop/openid-go v1.0.1
-	github.com/yuin/goldmark v1.7.16
+	github.com/yuin/goldmark v1.7.17
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	gitlab.com/gitlab-org/api/client-go v0.143.2
 	go.uber.org/mock v0.6.0
diff --git a/go.sum b/go.sum
index 5ab52a8f49..97aed9a2ae 100644
--- a/go.sum
+++ b/go.sum
@@ -676,8 +676,8 @@ github.com/yohcop/openid-go v1.0.1/go.mod h1:b/AvD03P0KHj4yuihb+VtLD6bYYgsy0zqBz
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/goldmark v1.4.15/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yuin/goldmark v1.7.16 h1:n+CJdUxaFMiDUNnWC3dMWCIQJSkxH4uz3ZwQBkAlVNE=
-github.com/yuin/goldmark v1.7.16/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
+github.com/yuin/goldmark v1.7.17 h1:p36OVWwRb246iHxA/U4p8OPEpOTESm4n+g+8t0EE5uA=
+github.com/yuin/goldmark v1.7.17/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc h1:+IAOyRda+RLrxa1WC7umKOZRsGq4QrFFMYApOeHzQwQ=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I=
 github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=

From 6bd8c976b6689945bd584f40d067347021a3cbb5 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Fri, 20 Mar 2026 07:06:09 +0100
Subject: [PATCH 552/854] chore: polish linter error vs. dead code reporting
 (#11217)

This PR improves and clarifies linter error reporting vs. dead code reporting.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11217
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 .gitignore |  1 +
 Makefile   | 20 ++++++++++++++++----
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index ffc493a51d..c524583ce8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -107,6 +107,7 @@ cpu.out
 /.air
 /.go-licenses
 /.cur-deadcode-out
+/.deadcode.diff
 
 # Files and folders that were previously generated
 /public/assets/img/webpack
diff --git a/Makefile b/Makefile
index dda216c0e9..4064ea8d85 100644
--- a/Makefile
+++ b/Makefile
@@ -486,11 +486,23 @@ RUN_DEADCODE = $(GO) run $(DEADCODE_PACKAGE) -generated=false -f='{{println .Pat
 
 .PHONY: lint-go
 lint-go:
-	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS)
-	$(GO) run $(ERRORTYPE_PACKAGE) ./...
-	$(RUN_DEADCODE) > .cur-deadcode-out
-	@$(DIFF) .deadcode-out .cur-deadcode-out \
+	$(GO) run $(GOLANGCI_LINT_PACKAGE) run $(GOLANGCI_LINT_ARGS) \
 	|| (code=$$?; echo "Please run 'make lint-go-fix' and commit the result"; exit $${code})
+	$(RUN_DEADCODE) > .cur-deadcode-out
+	@$(DIFF) .deadcode-out .cur-deadcode-out >.deadcode.diff || true
+	@if grep -qE '^[+][^+]' .deadcode.diff ; then \
+		cat .deadcode.diff ; \
+		echo "Looks like you added dead code, please evaluate and remove or use it."; \
+		echo "If you are sure the dead code should stay around, please run 'make lint-go-fix',"; \
+		echo "commit the result and explain the reason in the commit message / PR description."; \
+		exit 1; \
+	fi
+	@if grep -qE '^[-][^-]' .deadcode.diff ; then \
+		cat .deadcode.diff ; \
+		echo "Looks like you removed dead code. Thank you!"; \
+		echo "Run 'make lint-go-fix' and commit the result to accept."; \
+	fi
+	$(GO) run $(ERRORTYPE_PACKAGE) ./...
 
 .PHONY: lint-go-fix
 lint-go-fix:

From a27f9a719eb0fa2ca48292f2df964d89e780c09c Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 20 Mar 2026 16:14:36 +0100
Subject: [PATCH 553/854] feat: ensure repo-specific access tokens can't
 perform repo admin operations (#11736)

Last known backend change for #11311, fixing up some loose ends on the repository APIs related to repo-specific access tokens.

Adds automated testing, and aligns permissions where necessary, to ensure that repo-specific access tokens can't change the administrative state of the repositories that they are limited to.

Repo-specific access tokens cannot be used to:
- convert a mirror into a normal repo,
- create a new repository from a template,
- transfer ownership of a repository
- create a new repository (already protected, but test automation added),
- delete a repository (already protected, but test automation added),
- editing a repository's settings (already protected, but test automation added).

**Breaking**: The template generation (`POST /repos/{template_owner}/{template_repo}/generate`) and repository deletion (`DELETE /repos/{username}/{reponame}`) APIs have been updated to require the same permission scope as creating a new repository. Either `write:user` or `write:organization` is required, depending on the owner of the repository being created or deleted.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11736
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 release-notes/11736.md                        |   1 +
 routers/api/v1/api.go                         |  20 +-
 routers/api/v1/repo/repo.go                   |  27 ++-
 services/context/permission.go                |  20 ++
 tests/integration/actions_job_test.go         |   8 +-
 tests/integration/actions_log_test.go         |   4 +-
 .../integration/actions_notifications_test.go |   2 +-
 tests/integration/api_repo_convert_test.go    |  16 ++
 tests/integration/api_repo_edit_test.go       |  18 ++
 tests/integration/api_repo_test.go            | 191 +++++++++++++++---
 tests/integration/api_token_test.go           |  10 -
 11 files changed, 264 insertions(+), 53 deletions(-)
 create mode 100644 release-notes/11736.md

diff --git a/release-notes/11736.md b/release-notes/11736.md
new file mode 100644
index 0000000000..eb4d5d1a51
--- /dev/null
+++ b/release-notes/11736.md
@@ -0,0 +1 @@
+The template generation (`POST /repos/{template_owner}/{template_repo}/generate`) and repository deletion (`DELETE /repos/{username}/{reponame}`) APIs have been updated to require the same permission scope as creating a new repository. Either `write:user` or `write:organization` is required, depending on the owner of the repository being created or deleted.
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index f551f20c6a..2c10464438 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -358,6 +358,16 @@ func tokenRequiresScopes(requiredScopeCategories ...auth_model.AccessTokenScopeC
 	}
 }
 
+// Middleware that dynamically checks either the organization or user scope, depending on the owner type of the
+// repository (requires `repoAssignment()` middleware to be used before this).
+func tokenRequiresRepoOwnerScope(ctx *context.APIContext) {
+	if ctx.Repo.Owner.IsOrganization() {
+		tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization)(ctx)
+	} else {
+		tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser)(ctx)
+	}
+}
+
 // Contexter middleware already checks token for user sign in process.
 func reqToken() func(ctx *context.APIContext) {
 	return func(ctx *context.APIContext) {
@@ -1109,6 +1119,10 @@ func Routes() *web.Route {
 		// FIXME: Don't expose repository id outside of the system
 		m.Combo("/repositories/{id}", reqToken(), tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository)).Get(repo.GetByID)
 
+		// Needs to be extracted from the larger `/repos` group because deleting a repo isn't protected by
+		// `AccessTokenScopeCategoryRepository`; it's protected by either the User or Organization scope.
+		m.Delete("/repos/{username}/{reponame}", repoAssignment(), tokenRequiresRepoOwnerScope, reqOwner(), repo.Delete)
+
 		// Repos (requires repo scope)
 		m.Group("/repos", func() {
 			m.Get("/search", repo.Search)
@@ -1120,12 +1134,12 @@ func Routes() *web.Route {
 				m.Get("/compare/*", reqRepoReader(unit.TypeCode), repo.CompareDiff)
 
 				m.Combo("").Get(reqAnyRepoReader(), repo.Get).
-					Delete(reqToken(), reqOwner(), repo.Delete).
 					Patch(reqToken(), reqAdmin(), bind(api.EditRepoOption{}), repo.Edit)
-				m.Post("/convert", reqOwner(), repo.Convert)
+
+				m.Post("/convert", reqOwner(), reqAdmin(), repo.Convert)
 				m.Post("/generate", reqToken(), reqRepoReader(unit.TypeCode), bind(api.GenerateRepoOption{}), repo.Generate)
 				m.Group("/transfer", func() {
-					m.Post("", reqOwner(), bind(api.TransferRepoOption{}), repo.Transfer)
+					m.Post("", reqOwner(), reqAdmin(), bind(api.TransferRepoOption{}), repo.Transfer)
 					m.Post("/accept", repo.AcceptTransfer)
 					m.Post("/reject", repo.RejectTransfer)
 				}, reqToken())
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index 5f24f44f90..5c11a2380f 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -13,6 +13,7 @@ import (
 	"time"
 
 	activities_model "forgejo.org/models/activities"
+	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	"forgejo.org/models/organization"
 	"forgejo.org/models/perm"
@@ -404,10 +405,10 @@ func Generate(ctx *context.APIContext) {
 		return
 	}
 
-	ctxUser := ctx.Doer
+	targetOwner := ctx.Doer
 	var err error
-	if form.Owner != ctxUser.Name {
-		ctxUser, err = user_model.GetUserByName(ctx, form.Owner)
+	if form.Owner != targetOwner.Name {
+		targetOwner, err = user_model.GetUserByName(ctx, form.Owner)
 		if err != nil {
 			if user_model.IsErrUserNotExist(err) {
 				ctx.JSON(http.StatusNotFound, map[string]any{
@@ -420,13 +421,13 @@ func Generate(ctx *context.APIContext) {
 			return
 		}
 
-		if !ctx.IsUserSiteAdmin() && !ctxUser.IsOrganization() {
+		if !ctx.IsUserSiteAdmin() && !targetOwner.IsOrganization() {
 			ctx.Error(http.StatusForbidden, "", "Only admin can generate repository for other user.")
 			return
 		}
 
 		if !ctx.IsUserSiteAdmin() {
-			canCreate, err := organization.OrgFromUser(ctxUser).CanCreateOrgRepo(ctx, ctx.Doer.ID)
+			canCreate, err := organization.OrgFromUser(targetOwner).CanCreateOrgRepo(ctx, ctx.Doer.ID)
 			if err != nil {
 				ctx.ServerError("CanCreateOrgRepo", err)
 				return
@@ -435,13 +436,23 @@ func Generate(ctx *context.APIContext) {
 				return
 			}
 		}
+
+		context.CheckRuntimeDeterminedScope(ctx, auth_model.AccessTokenScopeCategoryOrganization, auth_model.Write, "token requires scope write:organization to create a repository owned by a user")
+		if ctx.Written() {
+			return
+		}
+	} else {
+		context.CheckRuntimeDeterminedScope(ctx, auth_model.AccessTokenScopeCategoryUser, auth_model.Write, "token requires scope write:user to create a repository owned by a user")
+		if ctx.Written() {
+			return
+		}
 	}
 
-	if !ctx.CheckQuota(quota_model.LimitSubjectSizeReposAll, ctxUser.ID, ctxUser.Name) {
+	if !ctx.CheckQuota(quota_model.LimitSubjectSizeReposAll, targetOwner.ID, targetOwner.Name) {
 		return
 	}
 
-	repo, err := repo_service.GenerateRepository(ctx, ctx.Doer, ctxUser, ctx.Repo.Repository, opts)
+	repo, err := repo_service.GenerateRepository(ctx, ctx.Doer, targetOwner, ctx.Repo.Repository, opts)
 	if err != nil {
 		if repo_model.IsErrRepoAlreadyExist(err) {
 			ctx.Error(http.StatusConflict, "", "The repository with the same name already exists.")
@@ -453,7 +464,7 @@ func Generate(ctx *context.APIContext) {
 		}
 		return
 	}
-	log.Trace("Repository generated [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
+	log.Trace("Repository generated [%d]: %s/%s", repo.ID, targetOwner.Name, repo.Name)
 
 	ctx.JSON(http.StatusCreated, convert.ToRepo(ctx, repo, access_model.Permission{AccessMode: perm.AccessModeOwner}))
 }
diff --git a/services/context/permission.go b/services/context/permission.go
index b1d02f135c..49504e5043 100644
--- a/services/context/permission.go
+++ b/services/context/permission.go
@@ -185,3 +185,23 @@ func CheckRepoScopedToken(ctx *Context, repo *repo_model.Repository, level auth_
 		}
 	}
 }
+
+func CheckRuntimeDeterminedScope(ctx *APIContext, scopeCategory auth_model.AccessTokenScopeCategory, level auth_model.AccessTokenScopeLevel, msg string) {
+	scope, ok := ctx.Data["ApiTokenScope"].(auth_model.AccessTokenScope)
+	if ok {
+		var scopeMatched bool
+
+		requiredScopes := auth_model.GetRequiredScopes(level, scopeCategory)
+
+		scopeMatched, err := scope.HasScope(requiredScopes...)
+		if err != nil {
+			ctx.ServerError("HasScope", err)
+			return
+		}
+
+		if !scopeMatched {
+			ctx.Error(http.StatusForbidden, "!scopeMatched", msg)
+			return
+		}
+	}
+}
diff --git a/tests/integration/actions_job_test.go b/tests/integration/actions_job_test.go
index d252d122a0..d10bc21799 100644
--- a/tests/integration/actions_job_test.go
+++ b/tests/integration/actions_job_test.go
@@ -172,7 +172,7 @@ jobs:
 			})
 		}
 
-		httpContext := NewAPITestContext(t, user2.Name, apiRepo.Name, auth_model.AccessTokenScopeWriteRepository)
+		httpContext := NewAPITestContext(t, user2.Name, apiRepo.Name, auth_model.AccessTokenScopeWriteUser)
 		doAPIDeleteRepository(httpContext)(t)
 	})
 }
@@ -357,7 +357,7 @@ jobs:
 			})
 		}
 
-		httpContext := NewAPITestContext(t, user2.Name, apiRepo.Name, auth_model.AccessTokenScopeWriteRepository)
+		httpContext := NewAPITestContext(t, user2.Name, apiRepo.Name, auth_model.AccessTokenScopeWriteUser)
 		doAPIDeleteRepository(httpContext)(t)
 	})
 }
@@ -409,7 +409,7 @@ jobs:
 
 		apiBaseRepo := createActionsTestRepo(t, user2Token, "actions-gitea-context", false)
 		baseRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiBaseRepo.ID})
-		user2APICtx := NewAPITestContext(t, baseRepo.OwnerName, baseRepo.Name, auth_model.AccessTokenScopeWriteRepository)
+		user2APICtx := NewAPITestContext(t, baseRepo.OwnerName, baseRepo.Name, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
 
 		runner := newMockRunner()
 		runner.registerAsRepoRunner(t, baseRepo.OwnerName, baseRepo.Name, "mock-runner", []string{"ubuntu-latest"})
@@ -620,7 +620,7 @@ func TestActionsEphemeral(t *testing.T) {
 
 		apiBaseRepo := createActionsTestRepo(t, user2Token, "actions-gitea-context", false)
 		baseRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiBaseRepo.ID})
-		user2APICtx := NewAPITestContext(t, baseRepo.OwnerName, baseRepo.Name, auth_model.AccessTokenScopeWriteRepository)
+		user2APICtx := NewAPITestContext(t, baseRepo.OwnerName, baseRepo.Name, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteUser)
 
 		runner := newMockRunner()
 		runner.registerAsEphemeralRepoRunner(t, baseRepo.OwnerName, baseRepo.Name, "mock-runner", []string{"ubuntu-latest"})
diff --git a/tests/integration/actions_log_test.go b/tests/integration/actions_log_test.go
index 14cf74d00c..03480d6afb 100644
--- a/tests/integration/actions_log_test.go
+++ b/tests/integration/actions_log_test.go
@@ -159,7 +159,7 @@ jobs:
 			})
 		}
 
-		httpContext := NewAPITestContext(t, user2.Name, repo.Name, auth_model.AccessTokenScopeWriteRepository)
+		httpContext := NewAPITestContext(t, user2.Name, repo.Name, auth_model.AccessTokenScopeWriteUser)
 		doAPIDeleteRepository(httpContext)(t)
 	})
 }
@@ -275,7 +275,7 @@ jobs:
 			)
 		}
 
-		httpContext := NewAPITestContext(t, user2.Name, repo.Name, auth_model.AccessTokenScopeWriteRepository)
+		httpContext := NewAPITestContext(t, user2.Name, repo.Name, auth_model.AccessTokenScopeWriteUser)
 		doAPIDeleteRepository(httpContext)(t)
 	})
 }
diff --git a/tests/integration/actions_notifications_test.go b/tests/integration/actions_notifications_test.go
index 78ab79e72f..70a5eaa741 100644
--- a/tests/integration/actions_notifications_test.go
+++ b/tests/integration/actions_notifications_test.go
@@ -80,7 +80,7 @@ jobs:
 				actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: actionRunJob.RunID})
 				assert.Equal(t, testCase.notifyEmail, actionRun.NotifyEmail)
 
-				httpContext := NewAPITestContext(t, user2.Name, apiRepo.Name, auth_model.AccessTokenScopeWriteRepository)
+				httpContext := NewAPITestContext(t, user2.Name, apiRepo.Name, auth_model.AccessTokenScopeWriteUser)
 				doAPIDeleteRepository(httpContext)(t)
 			})
 		}
diff --git a/tests/integration/api_repo_convert_test.go b/tests/integration/api_repo_convert_test.go
index fb9756f975..eeec8679bb 100644
--- a/tests/integration/api_repo_convert_test.go
+++ b/tests/integration/api_repo_convert_test.go
@@ -64,3 +64,19 @@ func TestAPIConvert(t *testing.T) {
 	repo4edited := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
 	assert.False(t, repo4edited.IsMirror)
 }
+
+// This test verifies that a repo-specific access token with `write:repository` scope is not a sufficient scope to edit
+// the settings of a repository that is within its repo-specific list.
+func TestAPIConvertAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo5 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 5})
+	org3 := "org3"
+
+	repoSpecificToken := createFineGrainedRepoAccessToken(t, "user2",
+		[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeWriteRepository},
+		[]int64{repo5.ID},
+	)
+	req := NewRequest(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/convert", org3, repo5.Name)).AddTokenAuth(repoSpecificToken)
+	MakeRequest(t, req, http.StatusForbidden)
+}
diff --git a/tests/integration/api_repo_edit_test.go b/tests/integration/api_repo_edit_test.go
index 341cb0961f..dd8699b59c 100644
--- a/tests/integration/api_repo_edit_test.go
+++ b/tests/integration/api_repo_edit_test.go
@@ -394,3 +394,21 @@ func TestAPIRepoEdit(t *testing.T) {
 		assert.Equal(t, "rebase", apiRepo.DefaultUpdateStyle)
 	})
 }
+
+// This test verifies that a repo-specific access token with `write:repository` scope is not a sufficient scope to edit
+// the settings of a repository that is within its repo-specific list.
+func TestAPIRepoEditAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+		[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeWriteRepository},
+		[]int64{2},
+	)
+	desc := "here's a new description"
+	req := NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/repos/user2/repo2"),
+		&api.EditRepoOption{
+			Description: &desc,
+		}).
+		AddTokenAuth(repo2OnlyToken)
+	MakeRequest(t, req, http.StatusForbidden)
+}
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index 9587383862..60c662c28a 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -824,6 +824,75 @@ func testAPIRepoCreateConflict(t *testing.T, u *url.URL) {
 	})
 }
 
+func TestAPIRepoCreateDenied(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	// This test verifies that `write:repository` is not a sufficient scope to create a repository.  If it was, then
+	// repo-specific access tokens would be able to create new repositories.
+	session := loginUser(t, "user2")
+	writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+	req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos",
+		&api.CreateRepoOption{
+			Name: "my-new-repo",
+		}).
+		AddTokenAuth(writeToken)
+	MakeRequest(t, req, http.StatusForbidden)
+}
+
+func TestAPIRepoDelete(t *testing.T) {
+	t.Run("permitted to delete user repo w/ user scope", func(t *testing.T) {
+		defer tests.PrepareTestEnv(t)()
+		session := loginUser(t, "user2")
+		writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
+		req := NewRequest(t, "DELETE", "/api/v1/repos/user2/repo2").
+			AddTokenAuth(writeToken)
+		MakeRequest(t, req, http.StatusNoContent)
+	})
+
+	t.Run("denied to delete user repo w/ org scope", func(t *testing.T) {
+		defer tests.PrepareTestEnv(t)()
+		session := loginUser(t, "user2")
+		writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
+		req := NewRequest(t, "DELETE", "/api/v1/repos/user2/repo2").
+			AddTokenAuth(writeToken)
+		resp := MakeRequest(t, req, http.StatusForbidden)
+		assert.Contains(t, resp.Body.String(), "token does not have at least one of required scope(s): [write:user]")
+	})
+
+	t.Run("permitted to delete org repo w/ org scope", func(t *testing.T) {
+		defer tests.PrepareTestEnv(t)()
+		session := loginUser(t, "user2")
+		writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
+		req := NewRequest(t, "DELETE", "/api/v1/repos/org3/repo3").
+			AddTokenAuth(writeToken)
+		MakeRequest(t, req, http.StatusNoContent)
+	})
+
+	t.Run("denied to delete org repo w/ user scope", func(t *testing.T) {
+		defer tests.PrepareTestEnv(t)()
+		session := loginUser(t, "user2")
+		writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
+		req := NewRequest(t, "DELETE", "/api/v1/repos/org3/repo3").
+			AddTokenAuth(writeToken)
+		resp := MakeRequest(t, req, http.StatusForbidden)
+		assert.Contains(t, resp.Body.String(), "token does not have at least one of required scope(s): [write:organization]")
+	})
+
+	t.Run("denied with repo-specific", func(t *testing.T) {
+		defer tests.PrepareTestEnv(t)()
+		// limit ourselves to write:repository -- repo-specific access tokens can't be created with write:user
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeWriteRepository},
+			[]int64{2},
+		)
+		req := NewRequest(t, "DELETE", "/api/v1/repos/user2/repo2").
+			AddTokenAuth(repo2OnlyToken)
+		resp := MakeRequest(t, req, http.StatusForbidden)
+		assert.Contains(t, resp.Body.String(), "token does not have at least one of required scope(s): [write:user]")
+	})
+}
+
 func TestAPIRepoTransfer(t *testing.T) {
 	testCases := []struct {
 		ctxUserID      int64
@@ -884,6 +953,23 @@ func TestAPIRepoTransfer(t *testing.T) {
 	_ = repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID)
 }
 
+// This test verifies that a repo-specific access token with `write:repository` scope is not a sufficient to transfer a
+// repository to another user.
+func TestAPIRepoTransferAccessTokenResources(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+		[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeWriteRepository},
+		[]int64{2},
+	)
+
+	req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user2/repo2/transfer", &api.TransferRepoOption{
+		NewOwner: "org3",
+	}).AddTokenAuth(repo2OnlyToken)
+	resp := MakeRequest(t, req, http.StatusForbidden)
+	assert.Contains(t, resp.Body.String(), "user should be an owner or a collaborator with admin write")
+}
+
 func transfer(t *testing.T) *repo_model.Repository {
 	// create repo to move
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
@@ -972,38 +1058,93 @@ func TestAPIRejectTransfer(t *testing.T) {
 func TestAPIGenerateRepo(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
+	templateRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 44})
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 	session := loginUser(t, user.Name)
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
 
-	templateRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 44})
+	// write:repository scope is always required (logically, because we're writing inside the contents of a new
+	// repository) but the need for write:user or write:organization depends on the target owner, so we'll test those
+	// combinations.
 
-	// user
-	repo := new(api.Repository)
-	req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/generate", templateRepo.OwnerName, templateRepo.Name), &api.GenerateRepoOption{
-		Owner:       user.Name,
-		Name:        "new-repo",
-		Description: "test generate repo",
-		Private:     false,
-		GitContent:  true,
-	}).AddTokenAuth(token)
-	resp := MakeRequest(t, req, http.StatusCreated)
-	DecodeJSON(t, resp, repo)
+	t.Run("permitted to generate into user with user scope", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
 
-	assert.Equal(t, "new-repo", repo.Name)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser, auth_model.AccessTokenScopeWriteRepository)
+		repo := new(api.Repository)
+		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/generate", templateRepo.OwnerName, templateRepo.Name), &api.GenerateRepoOption{
+			Owner:       user.Name,
+			Name:        "new-repo",
+			Description: "test generate repo",
+			Private:     false,
+			GitContent:  true,
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusCreated)
+		DecodeJSON(t, resp, repo)
+		assert.Equal(t, "new-repo", repo.Name)
+	})
 
-	// org
-	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/generate", templateRepo.OwnerName, templateRepo.Name), &api.GenerateRepoOption{
-		Owner:       "org3",
-		Name:        "new-repo",
-		Description: "test generate repo",
-		Private:     false,
-		GitContent:  true,
-	}).AddTokenAuth(token)
-	resp = MakeRequest(t, req, http.StatusCreated)
-	DecodeJSON(t, resp, repo)
+	t.Run("denied to generate into user without user scope", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
 
-	assert.Equal(t, "new-repo", repo.Name)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/generate", templateRepo.OwnerName, templateRepo.Name), &api.GenerateRepoOption{
+			Owner:       user.Name,
+			Name:        "new-repo",
+			Description: "test generate repo",
+			Private:     false,
+			GitContent:  true,
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusForbidden)
+		assert.Contains(t, resp.Body.String(), "token requires scope write:user to create a repository owned by a user")
+	})
+
+	t.Run("permitted to generate into org with org scope", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization, auth_model.AccessTokenScopeWriteRepository)
+		repo := new(api.Repository)
+		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/generate", templateRepo.OwnerName, templateRepo.Name), &api.GenerateRepoOption{
+			Owner:       "org3",
+			Name:        "new-repo",
+			Description: "test generate repo",
+			Private:     false,
+			GitContent:  true,
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusCreated)
+		DecodeJSON(t, resp, repo)
+
+		assert.Equal(t, "new-repo", repo.Name)
+	})
+
+	t.Run("denied to generate into org without org scope", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/generate", templateRepo.OwnerName, templateRepo.Name), &api.GenerateRepoOption{
+			Owner:       "org3",
+			Name:        "new-repo",
+			Description: "test generate repo",
+			Private:     false,
+			GitContent:  true,
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusForbidden)
+		assert.Contains(t, resp.Body.String(), "token requires scope write:organization to create a repository owned by a user")
+	})
+
+	t.Run("denied to generate without write:repository", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteUser)
+		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/generate", templateRepo.OwnerName, templateRepo.Name), &api.GenerateRepoOption{
+			Owner:       user.Name,
+			Name:        "new-repo",
+			Description: "test generate repo",
+			Private:     false,
+			GitContent:  true,
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusForbidden)
+		assert.Contains(t, resp.Body.String(), "token does not have at least one of required scope(s): [write:repository]")
+	})
 }
 
 func TestAPIRepoGetReviewers(t *testing.T) {
diff --git a/tests/integration/api_token_test.go b/tests/integration/api_token_test.go
index f650bcbe02..2a66bc7a98 100644
--- a/tests/integration/api_token_test.go
+++ b/tests/integration/api_token_test.go
@@ -346,16 +346,6 @@ func TestAPIDeniesPermissionBasedOnTokenScope(t *testing.T) {
 				},
 			},
 		},
-		{
-			"/api/v1/repos/user1/repo1",
-			"DELETE",
-			[]permission{
-				{
-					auth_model.AccessTokenScopeCategoryRepository,
-					auth_model.Write,
-				},
-			},
-		},
 		{
 			"/api/v1/repos/user1/repo1/branches",
 			"GET",

From 1127aca2d2eab70b39ee0df0a01a456043067745 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Fri, 20 Mar 2026 17:23:09 +0100
Subject: [PATCH 554/854] fix: set attempt number of action run jobs eagerly
 (#11750)

A Forgejo Action job should be uniquely identifiable by its `ID` and `Attempt` number. Each time a particular job is (re-)run, its `Attempt` number is incremented while its `ID` remains static. Unfortunately, `Attempt` is not incremented when the (re-)run is triggered, but right when Forgejo Runner requests the job. That makes identifying a particular run much harder, because the attempt number is changed in the midst of an attempt. Furthermore, it requires taking the job's `Status` into account. This is fixed by setting the correct attempt number right when a (re-)run is triggered. That means that the `Attempt` number remains static for the duration of a single attempt.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11750
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 models/actions/run.go                         | 11 +++-
 models/actions/run_job.go                     | 14 +++++
 models/actions/run_job_test.go                | 37 +++++++++++
 models/actions/run_test.go                    | 61 +++++++++++++++++++
 models/actions/task.go                        |  1 -
 .../actions/TestActionsRerun/action_run.yml   | 19 ++++++
 .../TestActionsRerun/action_run_job.yml       | 58 ++++++++++++++++++
 routers/web/repo/actions/view.go              | 19 ++----
 routers/web/repo/actions/view_test.go         | 13 ++--
 9 files changed, 211 insertions(+), 22 deletions(-)
 create mode 100644 routers/web/repo/actions/TestActionsRerun/action_run.yml
 create mode 100644 routers/web/repo/actions/TestActionsRerun/action_run_job.yml

diff --git a/models/actions/run.go b/models/actions/run.go
index c4e4a40eb2..88e8908fed 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -383,7 +383,8 @@ func InsertRunJobs(ctx context.Context, run *ActionRun, jobs []*jobparser.Single
 			name, _ = util.SplitStringAtByteN(job.Name, 255)
 			runsOn = job.RunsOn()
 		}
-		runJobs = append(runJobs, &ActionRunJob{
+
+		runJob := &ActionRunJob{
 			RunID:             run.ID,
 			RepoID:            run.RepoID,
 			OwnerID:           run.OwnerID,
@@ -394,8 +395,12 @@ func InsertRunJobs(ctx context.Context, run *ActionRun, jobs []*jobparser.Single
 			JobID:             id,
 			Needs:             needs,
 			RunsOn:            runsOn,
-			Status:            status,
-		})
+		}
+		if err := runJob.PrepareNextAttempt(status); err != nil {
+			return err
+		}
+
+		runJobs = append(runJobs, runJob)
 	}
 
 	if len(runJobs) > 0 {
diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index 926eb9f0de..a9fbdfaed4 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -117,6 +117,20 @@ func (job *ActionRunJob) ItRunsOn(labels []string) bool {
 	return labelSet.IsSubset(job.RunsOn)
 }
 
+func (job *ActionRunJob) PrepareNextAttempt(initialStatus Status) error {
+	if job.Status != StatusUnknown && !job.Status.IsDone() {
+		return fmt.Errorf("cannot prepare next attempt because job %d is active: %s", job.ID, job.Status.String())
+	}
+
+	job.Attempt++
+	job.Started = 0
+	job.Stopped = 0
+	job.TaskID = 0
+	job.Status = initialStatus
+
+	return nil
+}
+
 func GetRunJobByID(ctx context.Context, id int64) (*ActionRunJob, error) {
 	var job ActionRunJob
 	has, err := db.GetEngine(ctx).Where("id=?", id).Get(&job)
diff --git a/models/actions/run_job_test.go b/models/actions/run_job_test.go
index 90080473c7..945b2d150f 100644
--- a/models/actions/run_job_test.go
+++ b/models/actions/run_job_test.go
@@ -8,6 +8,7 @@ import (
 
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/timeutil"
 
 	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
 	"github.com/stretchr/testify/assert"
@@ -301,3 +302,39 @@ func TestRunHasOtherJobs(t *testing.T) {
 	require.NoError(t, err)
 	assert.False(t, has)
 }
+
+func TestActionRunJobPrepareNextAttempt(t *testing.T) {
+	job := ActionRunJob{ID: 46}
+	err := job.PrepareNextAttempt(StatusWaiting)
+	require.NoError(t, err)
+
+	assert.Equal(t, int64(1), job.Attempt)
+	assert.Zero(t, job.Started)
+	assert.Zero(t, job.Stopped)
+	assert.Zero(t, job.TaskID)
+	assert.Equal(t, StatusWaiting, job.Status)
+
+	job.Started = timeutil.TimeStampNow()
+	job.Stopped = timeutil.TimeStampNow()
+	job.TaskID = int64(59)
+	job.Status = StatusFailure
+
+	err = job.PrepareNextAttempt(StatusBlocked)
+	require.NoError(t, err)
+
+	assert.Equal(t, int64(2), job.Attempt)
+	assert.Zero(t, job.Started)
+	assert.Zero(t, job.Stopped)
+	assert.Zero(t, job.TaskID)
+	assert.Equal(t, StatusBlocked, job.Status)
+
+	// The job hasn't finished yet. Preparing a next attempt should not be possible. It should be left untouched.
+	err = job.PrepareNextAttempt(StatusWaiting)
+	require.ErrorContains(t, err, "cannot prepare next attempt because job 46 is active: blocked")
+
+	assert.Equal(t, int64(2), job.Attempt)
+	assert.Zero(t, job.Started)
+	assert.Zero(t, job.Stopped)
+	assert.Zero(t, job.TaskID)
+	assert.Equal(t, StatusBlocked, job.Status)
+}
diff --git a/models/actions/run_test.go b/models/actions/run_test.go
index f027512c75..41703f91e1 100644
--- a/models/actions/run_test.go
+++ b/models/actions/run_test.go
@@ -502,3 +502,64 @@ func TestComputeRunStatus(t *testing.T) {
 		assert.Contains(t, columns, "stopped")
 	})
 }
+
+func TestInsertRunJobs(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	pullRequestPosterID := int64(4)
+	repoID := int64(10)
+	pullRequestID := int64(2)
+	actionRun := &ActionRun{
+		RepoID:              repoID,
+		PullRequestID:       pullRequestID,
+		PullRequestPosterID: pullRequestPosterID,
+		CommitSHA:           "1421f75bc5474c69fdb1dc176bcb96d381f935dd",
+	}
+
+	workflowRaw := []byte(`
+jobs:
+  build:
+    runs-on: fedora
+  test:
+    runs-on: debian
+    steps: []
+`)
+	jobs, err := jobparser.Parse(workflowRaw, false)
+	require.NoError(t, err)
+
+	require.NoError(t, InsertRun(t.Context(), actionRun, jobs))
+
+	insertedJobs, err := db.Find[ActionRunJob](t.Context(), FindRunJobOptions{RunID: actionRun.ID})
+	require.NoError(t, err)
+	require.Len(t, insertedJobs, 2)
+
+	assert.Equal(t, actionRun.ID, insertedJobs[0].RunID)
+	assert.Equal(t, actionRun.RepoID, insertedJobs[0].RepoID)
+	assert.Equal(t, actionRun.OwnerID, insertedJobs[0].OwnerID)
+	assert.Equal(t, actionRun.CommitSHA, insertedJobs[0].CommitSHA)
+	assert.Equal(t, actionRun.IsForkPullRequest, insertedJobs[0].IsForkPullRequest)
+	assert.Equal(t, "build", insertedJobs[0].Name)
+	assert.Equal(t, "build", insertedJobs[0].JobID)
+	assert.Empty(t, insertedJobs[0].Needs)
+	assert.Equal(t, []string{"fedora"}, insertedJobs[0].RunsOn)
+	assert.Equal(t, int64(1), insertedJobs[0].Attempt)
+	assert.Zero(t, insertedJobs[0].Started)
+	assert.Zero(t, insertedJobs[0].Stopped)
+	assert.Zero(t, insertedJobs[0].TaskID)
+	assert.Equal(t, StatusWaiting, insertedJobs[0].Status)
+
+	assert.Equal(t, actionRun.ID, insertedJobs[1].RunID)
+	assert.Equal(t, actionRun.RepoID, insertedJobs[1].RepoID)
+	assert.Equal(t, actionRun.OwnerID, insertedJobs[1].OwnerID)
+	assert.Equal(t, actionRun.CommitSHA, insertedJobs[1].CommitSHA)
+	assert.Equal(t, actionRun.IsForkPullRequest, insertedJobs[1].IsForkPullRequest)
+	assert.Equal(t, "test", insertedJobs[1].Name)
+	assert.Equal(t, "test", insertedJobs[1].JobID)
+	assert.Empty(t, insertedJobs[1].Needs)
+	assert.Equal(t, []string{"debian"}, insertedJobs[1].RunsOn)
+	assert.Equal(t, int64(1), insertedJobs[1].Attempt)
+	assert.Zero(t, insertedJobs[1].Started)
+	assert.Zero(t, insertedJobs[1].Stopped)
+	assert.Zero(t, insertedJobs[1].TaskID)
+	assert.Equal(t, StatusWaiting, insertedJobs[1].Status)
+}
diff --git a/models/actions/task.go b/models/actions/task.go
index f67b5e58e1..6b169de3c0 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -378,7 +378,6 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner, requestKey *
 	}
 
 	now := timeutil.TimeStampNow()
-	job.Attempt++
 	job.Started = now
 	job.Status = StatusRunning
 
diff --git a/routers/web/repo/actions/TestActionsRerun/action_run.yml b/routers/web/repo/actions/TestActionsRerun/action_run.yml
new file mode 100644
index 0000000000..9db0954b7c
--- /dev/null
+++ b/routers/web/repo/actions/TestActionsRerun/action_run.yml
@@ -0,0 +1,19 @@
+- id: 83731
+  title: "update actions"
+  repo_id: 1
+  owner_id: 5
+  workflow_id: "artifact.yaml"
+  index: 138574
+  trigger_user_id: 1
+  ref: "refs/heads/branch2"
+  commit_sha: "985f0301dba5e7b34be866819cd15ad3d8f508ee"
+  event: "push"
+  is_fork_pull_request: false
+  status: 1 # success
+  started: 1683636528
+  stopped: 1683636626
+  created: 1683636108
+  updated: 1683636626
+  need_approval: false
+  approved_by: 0
+  event_payload: '{"head_commit":{"id":"5f22f7d0d95d614d25a5b68592adb345a4b5c7fd"}}'
\ No newline at end of file
diff --git a/routers/web/repo/actions/TestActionsRerun/action_run_job.yml b/routers/web/repo/actions/TestActionsRerun/action_run_job.yml
new file mode 100644
index 0000000000..3d97591281
--- /dev/null
+++ b/routers/web/repo/actions/TestActionsRerun/action_run_job.yml
@@ -0,0 +1,58 @@
+- id: 248950
+  run_id: 83731
+  repo_id: 1
+  owner_id: 1
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: false
+  name: job_2
+  attempt: 2
+  job_id: job_2
+  task_id: 47
+  status: 1
+  started: 1683636528
+  stopped: 1683636626
+
+- id: 248951
+  run_id: 83731
+  repo_id: 1
+  owner_id: 1
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: false
+  name: job_2
+  attempt: 3
+  job_id: job_2
+  task_id: 47
+  status: 1
+  runs_on: '["ubuntu-latest"]'
+  started: 1683636528
+  stopped: 1683636626
+
+- id: 248952
+  run_id: 83731
+  repo_id: 1
+  owner_id: 2
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: false
+  name: job_2
+  attempt: 5
+  job_id: job_2
+  task_id: 47
+  status: 1
+  runs_on: '["debian-latest"]'
+  started: 1683636528
+  stopped: 1683636626
+
+- id: 248953
+  run_id: 83731
+  repo_id: 1
+  owner_id: 3
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: false
+  name: job_2
+  attempt: 2
+  job_id: job_2
+  task_id: 47
+  status: 1
+  runs_on: '["fedora"]'
+  started: 1683636528
+  stopped: 1683636626
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index caa35d37be..8deb733e16 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -520,11 +520,6 @@ func Rerun(ctx *app_context.Context) {
 				return
 			}
 			if redirectURL == "" {
-				// ActionRunJob's `Attempt` field won't be updated to reflect the rerun until the job is picked by a
-				// runner. But we need to redirect the user somewhere; if they stay on the current attempt then the
-				// rerun's logs won't appear. So, we redirect to the upcoming new attempt and then we'll handle the
-				// weirdness in the UI if the attempt doesn't exist yet.
-				j.Attempt++ // note: this is intentionally not persisted
 				redirectURL, err = j.HTMLURL(ctx)
 				if err != nil {
 					ctx.Error(http.StatusInternalServerError, err.Error())
@@ -552,8 +547,6 @@ func Rerun(ctx *app_context.Context) {
 			return
 		}
 		if j.JobID == job.JobID {
-			// see earlier comment about redirectURL, applicable here as well
-			j.Attempt++ // note: this is intentionally not persisted
 			redirectURL, err = j.HTMLURL(ctx)
 			if err != nil {
 				ctx.Error(http.StatusInternalServerError, err.Error())
@@ -575,16 +568,16 @@ func rerunJob(ctx *app_context.Context, job *actions_model.ActionRunJob, shouldB
 		return nil
 	}
 
-	job.TaskID = 0
-	job.Status = actions_model.StatusWaiting
+	initialStatus := actions_model.StatusWaiting
 	if shouldBlock {
-		job.Status = actions_model.StatusBlocked
+		initialStatus = actions_model.StatusBlocked
+	}
+	if err := job.PrepareNextAttempt(initialStatus); err != nil {
+		return err
 	}
-	job.Started = 0
-	job.Stopped = 0
 
 	if err := db.WithTx(ctx, func(ctx context.Context) error {
-		_, err := actions_service.UpdateRunJob(ctx, job, builder.Eq{"status": status}, "task_id", "status", "started", "stopped")
+		_, err := actions_service.UpdateRunJob(ctx, job, builder.Eq{"status": status}, "attempt", "task_id", "status", "started", "stopped")
 		return err
 	}); err != nil {
 		return err
diff --git a/routers/web/repo/actions/view_test.go b/routers/web/repo/actions/view_test.go
index c636570c7e..06af165c5c 100644
--- a/routers/web/repo/actions/view_test.go
+++ b/routers/web/repo/actions/view_test.go
@@ -521,6 +521,9 @@ func TestActionsViewRedirectToLatestAttempt(t *testing.T) {
 }
 
 func TestActionsRerun(t *testing.T) {
+	defer unittest.OverrideFixtures("routers/web/repo/actions/TestActionsRerun")()
+	unittest.PrepareTestEnv(t)
+
 	tests := []struct {
 		name         string
 		runIndex     int64
@@ -530,20 +533,20 @@ func TestActionsRerun(t *testing.T) {
 	}{
 		{
 			name:        "rerun all",
-			runIndex:    187,
+			runIndex:    138574,
 			jobIndex:    -1,
-			expectedURL: "https://try.gitea.io/user2/repo1/actions/runs/187/jobs/0/attempt/2",
+			expectedURL: "https://try.gitea.io/user2/repo1/actions/runs/138574/jobs/0/attempt/3",
 		},
 		{
 			name:        "rerun job",
-			runIndex:    187,
+			runIndex:    138574,
 			jobIndex:    2,
-			expectedURL: "https://try.gitea.io/user2/repo1/actions/runs/187/jobs/2/attempt/3",
+			expectedURL: "https://try.gitea.io/user2/repo1/actions/runs/138574/jobs/2/attempt/6",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			ctx, resp := contexttest.MockContext(t, "user2/repo1/actions/runs/187/rerun")
+			ctx, resp := contexttest.MockContext(t, "user2/repo1/actions/runs/138574/rerun")
 			contexttest.LoadUser(t, ctx, 2)
 			contexttest.LoadRepo(t, ctx, 1)
 			ctx.SetParams(":run", fmt.Sprintf("%d", tt.runIndex))

From 181ba05eed87d3456ffc7b6a73f53ef43ae30451 Mon Sep 17 00:00:00 2001
From: Henry Catalini Smith <henry@catalinismith.se>
Date: Fri, 20 Mar 2026 18:55:27 +0100
Subject: [PATCH 555/854] fix(ui): allow label descriptions to wrap in dropdown
 (#11607)

https://codeberg.org/forgejo/forgejo/issues/11512

Restoring default whitespace behaviour seems sufficient to resolve this. The `display: block` property is necessary because `<small>` is an inline element and otherwise the `padding-left` only applies to the first line. There's a description in one of the default label packages affected by the issue so I've used that for the before/after screenshots below.

| Before | After |
|-|-|
| ![Screenshot 2026-03-10 at 07-09-23 #1 - r - henrycatalinismith_test3 - Forgejo Beyond coding. We Forge](/attachments/2c361f11-d71a-464e-8d4a-0aaa97199d39) | ![Screenshot 2026-03-10 at 07-08-01 #1 - r - henrycatalinismith_test3 - Forgejo Beyond coding. We Forge](/attachments/7a570f99-8687-43d9-8376-98907961bfcf) |

The issue doesn't just affect long descriptions though. In fact even the nice, short defaults are affected. Vision impairment is one of the most common disabilities, and increasing the text size is a typical way in which people adapt their computing environment to accommodate their disability. Even the short default label descriptions are cut off in this use case.

| Before | After |
|-|-|
| ![Screenshot 2026-03-10 at 06-58-29 New issue - henrycatalinismith_test2 - Forgejo Beyond coding. We Forge](/attachments/741ac088-64ac-49d3-9962-c20905c7750c) | ![Screenshot 2026-03-10 at 06-59-00 New issue - henrycatalinismith_test2 - Forgejo Beyond coding. We Forge](/attachments/73f1dc1e-242c-4697-8e9d-1288088a2d8c) |

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11607
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Henry Catalini Smith <henry@catalinismith.se>
Co-committed-by: Henry Catalini Smith <henry@catalinismith.se>
---
 templates/repo/issue/labels/labels_selector_field.tmpl | 4 ++--
 web_src/css/repo.css                                   | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/templates/repo/issue/labels/labels_selector_field.tmpl b/templates/repo/issue/labels/labels_selector_field.tmpl
index 8a931a9433..aa073f3495 100644
--- a/templates/repo/issue/labels/labels_selector_field.tmpl
+++ b/templates/repo/issue/labels/labels_selector_field.tmpl
@@ -22,7 +22,7 @@
 				{{end}}
 				{{$previousExclusiveScope = $exclusiveScope}}
 				<a class="{{if .IsChecked}}checked{{end}} item" href="#" data-id="{{.ID}}" {{if .IsArchived}}data-is-archived{{end}} data-id-selector="#label_{{.ID}}" data-scope="{{$exclusiveScope}}"><span class="octicon-check {{if not .IsChecked}}tw-invisible{{end}}">{{if $exclusiveScope}}{{svg "octicon-dot-fill"}}{{else}}{{svg "octicon-check"}}{{end}}</span>&nbsp;&nbsp;{{RenderLabel ctx .}}
-					{{if .Description}}<br><small class="desc">{{.Description | RenderEmoji $.Context}}</small>{{end}}
+					{{if .Description}}<small class="desc">{{.Description | RenderEmoji $.Context}}</small>{{end}}
 					<p class="archived-label-hint">{{template "repo/issue/labels/label_archived" .}}</p>
 				</a>
 			{{end}}
@@ -35,7 +35,7 @@
 				{{end}}
 				{{$previousExclusiveScope = $exclusiveScope}}
 				<a class="{{if .IsChecked}}checked{{end}} item" href="#" data-id="{{.ID}}" {{if .IsArchived}}data-is-archived{{end}} data-id-selector="#label_{{.ID}}" data-scope="{{$exclusiveScope}}"><span class="octicon-check {{if not .IsChecked}}tw-invisible{{end}}">{{if $exclusiveScope}}{{svg "octicon-dot-fill"}}{{else}}{{svg "octicon-check"}}{{end}}</span>&nbsp;&nbsp;{{RenderLabel ctx .}}
-					{{if .Description}}<br><small class="desc">{{.Description | RenderEmoji $.Context}}</small>{{end}}
+					{{if .Description}}<small class="desc">{{.Description | RenderEmoji $.Context}}</small>{{end}}
 					<p class="archived-label-hint">{{template "repo/issue/labels/label_archived" .}}</p>
 				</a>
 			{{end}}
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index c13a6ee73b..00f159f33b 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -116,6 +116,9 @@
 
 .repository .select-label .desc {
   padding-left: 23px;
+  white-space: normal;
+  display: block;
+  margin-top: 2px;
 }
 
 /* For the secondary pointing menu, respect its own border-bottom */

From ce1c0dc2cca27611ca8a342fcb61e652384fdaf9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 22 Mar 2026 18:09:42 +0100
Subject: [PATCH 556/854] Update module github.com/jackc/pgx/v5 to v5.9.1
 (forgejo) (#11772)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `v5.8.0` → `v5.9.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fjackc%2fpgx%2fv5/v5.9.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fjackc%2fpgx%2fv5/v5.8.0/v5.9.1?slim=true) |

---

### Release Notes

<details>
<summary>jackc/pgx (github.com/jackc/pgx/v5)</summary>

### [`v5.9.1`](https://github.com/jackc/pgx/compare/v5.9.0...v5.9.1)

[Compare Source](https://github.com/jackc/pgx/compare/v5.9.0...v5.9.1)

### [`v5.9.0`](https://github.com/jackc/pgx/compare/v5.8.0...v5.9.0)

[Compare Source](https://github.com/jackc/pgx/compare/v5.8.0...v5.9.0)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My43Ni4yIiwidXBkYXRlZEluVmVyIjoiNDMuNzYuMiIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11772
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 61dceb0c8c..cfc57fa128 100644
--- a/go.mod
+++ b/go.mod
@@ -67,7 +67,7 @@ require (
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/huandu/xstrings v1.5.0
 	github.com/inbucket/html2text v0.9.0
-	github.com/jackc/pgx/v5 v5.8.0
+	github.com/jackc/pgx/v5 v5.9.1
 	github.com/jhillyerd/enmime/v2 v2.2.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
diff --git a/go.sum b/go.sum
index 3de4a64b0d..806a039ba3 100644
--- a/go.sum
+++ b/go.sum
@@ -447,8 +447,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.8.0 h1:TYPDoleBBme0xGSAX3/+NujXXtpZn9HBONkQC7IEZSo=
-github.com/jackc/pgx/v5 v5.8.0/go.mod h1:QVeDInX2m9VyzvNeiCJVjCkNFqzsNb43204HshNSZKw=
+github.com/jackc/pgx/v5 v5.9.1 h1:uwrxJXBnx76nyISkhr33kQLlUqjv7et7b9FjCen/tdc=
+github.com/jackc/pgx/v5 v5.9.1/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=

From bdbd0b5622614111869de0acb4dba2fd4d5f94c6 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Mon, 23 Mar 2026 03:30:02 +0100
Subject: [PATCH 557/854] feat: allow renaming and replacing secrets (#11732)

So far, Forgejo's UI only allowed to create Forgejo Actions secrets. But renaming or replacing their value wasn't possible. With this change, users can do both. The existing secret value is never revealed for security reasons.

Additionally, a confusing behaviour is removed. If a user created a new secret whose name matched an existing secret, the existing secret was silently updated. That does no longer happen. The new secret is rejected instead.

Resolves https://codeberg.org/forgejo/forgejo/issues/5707.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11732
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 .../secret/TestSecretGetSecretByID/secret.yml |  23 +
 models/secret/secret.go                       |  58 ++
 models/secret/secret_test.go                  | 172 ++++++
 options/locale_next/locale_en-US.json         |   6 +
 routers/web/repo/setting/secrets.go           |  24 +-
 routers/web/shared/secrets/secrets.go         |  43 +-
 routers/web/web.go                            |   5 +-
 services/actions/variables.go                 |   6 +-
 services/forms/secret.go                      |  38 ++
 services/forms/user_form.go                   |  12 -
 services/secrets/secrets.go                   |   2 +-
 services/secrets/validation.go                |  25 -
 services/secrets/validation_test.go           |  57 --
 templates/shared/secrets/add_list.tmpl        |  45 +-
 tests/integration/actions_secrets_test.go     | 500 +++++++++++++-----
 tests/integration/api_org_secrets_test.go     |   4 +-
 tests/integration/api_repo_secrets_test.go    |   3 +-
 tests/integration/api_user_secrets_test.go    |   4 +-
 18 files changed, 776 insertions(+), 251 deletions(-)
 create mode 100644 models/secret/TestSecretGetSecretByID/secret.yml
 create mode 100644 services/forms/secret.go
 delete mode 100644 services/secrets/validation.go
 delete mode 100644 services/secrets/validation_test.go

diff --git a/models/secret/TestSecretGetSecretByID/secret.yml b/models/secret/TestSecretGetSecretByID/secret.yml
new file mode 100644
index 0000000000..08e3e2c561
--- /dev/null
+++ b/models/secret/TestSecretGetSecretByID/secret.yml
@@ -0,0 +1,23 @@
+- id: 637340
+  name: TEST_SECRET
+  owner_id: 3
+  repo_id: 0
+  # very secret
+  data: 0x0e17d357077de0c1f72e9d87e1899c8026a207fcbbc0f1a2a79d0cb305da39fa3e9fe201b085e963fa1f9eeb59b4ff9ee6d748
+  created_unix: 1773692671
+
+- id: 637341
+  name: ANOTHER_SECRET
+  owner_id: 0
+  repo_id: 62 # user2/test_workflows
+  # also very secret
+  data: 0xb697cd4a66b02bc36d0afddcb6f158d7602f6cf0b0d31a0c96e178469e8b66babccb30b95e01c84824add04c5bfe91b9b773a21a78088a3e
+  created_unix: 1773692672
+
+- id: 637342
+  name: TEST_SECRET
+  owner_id: 1
+  repo_id: 0
+  # super secret
+  data: 0xd97d8cb662c07ca94953a388bc93209f713281a8b0d25499359cbd03a1fbe565a2a0ba183b8290fc110ee6b1c6437c569451e0c3
+  created_unix: 1773692673
diff --git a/models/secret/secret.go b/models/secret/secret.go
index de1a8d84a4..911d94d78a 100644
--- a/models/secret/secret.go
+++ b/models/secret/secret.go
@@ -6,6 +6,7 @@ package secret
 import (
 	"context"
 	"fmt"
+	"regexp"
 	"strings"
 
 	"forgejo.org/models/db"
@@ -17,6 +18,13 @@ import (
 	"xorm.io/builder"
 )
 
+var (
+	namePattern            = regexp.MustCompile("(?i)^[A-Z_][A-Z0-9_]*$")
+	forbiddenPrefixPattern = regexp.MustCompile("(?i)^FORGEJO_|GITEA_|GITHUB_")
+
+	ErrInvalidName = util.NewInvalidArgumentErrorf("invalid secret name")
+)
+
 // Secret represents a secret
 //
 // It can be:
@@ -63,6 +71,9 @@ func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, dat
 	if ownerID == 0 && repoID == 0 {
 		return nil, fmt.Errorf("%w: ownerID and repoID cannot be both zero, global secrets are not supported", util.ErrInvalidArgument)
 	}
+	if err := ValidateName(name); err != nil {
+		return nil, err
+	}
 
 	secret := &Secret{
 		OwnerID: ownerID,
@@ -129,6 +140,46 @@ func (s *Secret) GetDecryptedData() (string, error) {
 	return string(v), nil
 }
 
+func GetSecretByID(ctx context.Context, ownerID, repoID, id int64) (*Secret, error) {
+	query := db.GetEngine(ctx).Where("id=?", id)
+
+	if repoID > 0 {
+		query = query.And(builder.Eq{"repo_id": repoID})
+	} else if ownerID > 0 {
+		query = query.And(builder.Eq{"owner_id": ownerID})
+	} else {
+		return nil, fmt.Errorf("ownerID and repoID cannot be simultaneously 0")
+	}
+
+	var secret Secret
+	has, err := query.Get(&secret)
+
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, fmt.Errorf("secret with ID %d: %w", id, util.ErrNotExist)
+	}
+	return &secret, nil
+}
+
+func UpdateSecret(ctx context.Context, secret *Secret, columns ...string) error {
+	e := db.GetEngine(ctx)
+
+	if err := ValidateName(secret.Name); err != nil {
+		return err
+	}
+	secret.Name = strings.ToUpper(secret.Name)
+
+	var err error
+	if len(columns) == 0 {
+		_, err = e.ID(secret.ID).AllCols().Update(secret)
+	} else {
+		_, err = e.ID(secret.ID).Cols(columns...).Update(secret)
+	}
+
+	return err
+}
+
 func FetchActionSecrets(ctx context.Context, ownerID, repoID int64) (map[string]string, error) {
 	secrets := map[string]string{}
 
@@ -154,3 +205,10 @@ func FetchActionSecrets(ctx context.Context, ownerID, repoID int64) (map[string]
 
 	return secrets, nil
 }
+
+func ValidateName(name string) error {
+	if !namePattern.MatchString(name) || forbiddenPrefixPattern.MatchString(name) {
+		return ErrInvalidName
+	}
+	return nil
+}
diff --git a/models/secret/secret_test.go b/models/secret/secret_test.go
index e49100eb6a..5c54b25967 100644
--- a/models/secret/secret_test.go
+++ b/models/secret/secret_test.go
@@ -4,6 +4,7 @@
 package secret
 
 import (
+	"strings"
 	"testing"
 
 	"forgejo.org/models/unittest"
@@ -83,6 +84,11 @@ func TestInsertEncryptedSecret(t *testing.T) {
 		})
 	})
 
+	t.Run("Rejects invalid name", func(t *testing.T) {
+		_, err := InsertEncryptedSecret(t.Context(), 2, 0, "invalid name", "some secret")
+		require.ErrorContains(t, err, "invalid secret name")
+	})
+
 	t.Run("FetchActionSecrets", func(t *testing.T) {
 		secrets, err := FetchActionSecrets(t.Context(), 2, 1)
 		require.NoError(t, err)
@@ -123,3 +129,169 @@ func TestSecretGetDecryptedData(t *testing.T) {
 		assert.ErrorContains(t, err, "unable to decrypt secret[id=495,name=\"A_SECRET\"]")
 	})
 }
+
+func TestSecretGetSecretByID(t *testing.T) {
+	defer unittest.OverrideFixtures("models/secret/TestSecretGetSecretByID")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	testCases := []struct {
+		name          string
+		ownerID       int64
+		repoID        int64
+		id            int64
+		expectedName  string
+		expectedData  string
+		expectedError string
+	}{
+		{
+			name:         "Organization secret",
+			ownerID:      3,
+			repoID:       0,
+			id:           637340,
+			expectedName: "TEST_SECRET",
+			expectedData: "very secret",
+		},
+		{
+			name:          "Owner mismatch",
+			ownerID:       4,
+			repoID:        0,
+			id:            637340,
+			expectedError: "secret with ID 637340: resource does not exist",
+		},
+		{
+			name:          "Repository mismatch",
+			ownerID:       0,
+			repoID:        1,
+			id:            637340,
+			expectedError: "secret with ID 637340: resource does not exist",
+		},
+		{
+			name:         "Repository secret",
+			ownerID:      0,
+			repoID:       62,
+			id:           637341,
+			expectedName: "ANOTHER_SECRET",
+			expectedData: "also very secret",
+		},
+		{
+			name:          "Unsupported instance secret",
+			ownerID:       0,
+			repoID:        0,
+			id:            637341,
+			expectedError: "ownerID and repoID cannot be simultaneously 0",
+		},
+		{
+			name:         "User secret",
+			ownerID:      1,
+			repoID:       0,
+			id:           637342,
+			expectedName: "TEST_SECRET",
+			expectedData: "super secret",
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			secret, err := GetSecretByID(t.Context(), testCase.ownerID, testCase.repoID, testCase.id)
+
+			if testCase.expectedError != "" {
+				assert.ErrorContains(t, err, testCase.expectedError)
+			} else {
+				require.NoError(t, err)
+				assert.Equal(t, testCase.id, secret.ID)
+				assert.Equal(t, testCase.ownerID, secret.OwnerID)
+				assert.Equal(t, testCase.repoID, secret.RepoID)
+				assert.Equal(t, testCase.expectedName, secret.Name)
+
+				data, err := secret.GetDecryptedData()
+				require.NoError(t, err)
+				assert.Equal(t, testCase.expectedData, data)
+			}
+		})
+	}
+}
+
+func TestSecretUpdateSecret(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	secret, err := InsertEncryptedSecret(t.Context(), 2, 0, "a_secret", "very secret")
+	require.NoError(t, err)
+
+	secret.Name = "new_name"
+	secret.SetData("also very secret")
+
+	err = UpdateSecret(t.Context(), secret)
+	require.NoError(t, err)
+
+	updatedSecret := unittest.AssertExistsAndLoadBean(t, &Secret{ID: secret.ID})
+	decryptedData, err := updatedSecret.GetDecryptedData()
+	require.NoError(t, err)
+
+	assert.Equal(t, "NEW_NAME", updatedSecret.Name)
+	assert.Equal(t, "also very secret", decryptedData)
+}
+
+func TestSecretUpdateSecret_RejectsInvalidName(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	secret, err := InsertEncryptedSecret(t.Context(), 2, 0, "a_secret", "very secret")
+	require.NoError(t, err)
+
+	secret.Name = "GITHUB_IS_REJECTED" // Because it starts with `GITHUB_`.
+	secret.SetData("also very secret")
+
+	err = UpdateSecret(t.Context(), secret)
+	require.ErrorContains(t, err, "invalid secret name")
+
+	updatedSecret := unittest.AssertExistsAndLoadBean(t, &Secret{ID: secret.ID})
+	decryptedData, err := updatedSecret.GetDecryptedData()
+	require.NoError(t, err)
+
+	assert.Equal(t, "A_SECRET", updatedSecret.Name)
+	assert.Equal(t, "very secret", decryptedData)
+}
+
+func TestSecretValidateName(t *testing.T) {
+	testCases := []struct {
+		name  string
+		valid bool
+	}{
+		{"FORGEJO_", false},
+		{"FORGEJO_123", false},
+		{"FORGEJO_ABC", false},
+		{"GITEA_", false},
+		{"GITEA_123", false},
+		{"GITEA_ABC", false},
+		{"GITHUB_", false},
+		{"GITHUB_123", false},
+		{"GITHUB_ABC", false},
+		{"123_TEST", false},
+		{"CI", true},
+		{"_CI", true},
+		{"CI_", true},
+		{"CI123", true},
+		{"CIABC", true},
+		{"FORGEJO", true},
+		{"FORGEJO123", true},
+		{"FORGEJOABC", true},
+		{"GITEA", true},
+		{"GITEA123", true},
+		{"GITEAABC", true},
+		{"GITHUB", true},
+		{"GITHUB123", true},
+		{"GITHUBABC", true},
+		{"_123_TEST", true},
+	}
+	for _, tC := range testCases {
+		t.Run(tC.name, func(t *testing.T) {
+			t.Helper()
+			if tC.valid {
+				assert.NoError(t, ValidateName(tC.name))
+				assert.NoError(t, ValidateName(strings.ToLower(tC.name)))
+			} else {
+				require.ErrorIs(t, ValidateName(tC.name), ErrInvalidName)
+				require.ErrorIs(t, ValidateName(strings.ToLower(tC.name)), ErrInvalidName)
+			}
+		})
+	}
+}
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 9db0fb67c6..c6b65f8c84 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -534,6 +534,12 @@
 	"actions.secrets.creation.value_description": "The value of a secret can be any text. Special characters are retained. CRLF (Windows-style line breaks) is automatically converted to LF. Encode the value with Base64 if linebreaks should be retained.",
 	"actions.variables.mutation.name_description": "The name of a variable can only contain letters, numbers, and underscores. It cannot be named CI or start with FORGEJO_, GITEA_, GITHUB_, or a number. Forgejo will automatically convert it to uppercase.",
 	"actions.variables.mutation.value_description": "A variable's value can be any text. Special characters are retained. CRLF (Windows-style line breaks) is automatically converted to LF. Encode the value with Base64 if linebreaks should be retained.",
+	"actions.secrets.edit_button": "Edit secret \"%s\"",
+	"actions.secrets.mutation.header": "Edit secret \"%s\"",
+	"actions.secrets.mutation.success_message": "The secret \"%s\" has been updated.",
+	"actions.secrets.mutation.failure_message": "The secret \"%s\" could not be updated.",
+	"actions.secrets.mutation.name_description": "The name of a secret can only contain letters, numbers, and underscores. It cannot start with FORGEJO_, GITEA_, GITHUB_, or a number. Forgejo will automatically convert it to uppercase.",
+	"actions.secrets.mutation.value_description": "The existing value will not be shown. Leave the field empty if you do not want to modify it. Special characters are retained. CRLF (Windows-style line breaks) is automatically converted to LF. Encode the value with Base64 if linebreaks should be retained.",
 	"pulse.n_active_issues": {
 		"one": "%s active issue",
 		"other": "%s active issues"
diff --git a/routers/web/repo/setting/secrets.go b/routers/web/repo/setting/secrets.go
index 11c83e8bd6..c8aa6e3bfb 100644
--- a/routers/web/repo/setting/secrets.go
+++ b/routers/web/repo/setting/secrets.go
@@ -92,7 +92,7 @@ func Secrets(ctx *context.Context) {
 	ctx.HTML(http.StatusOK, sCtx.SecretsTemplate)
 }
 
-func SecretsPost(ctx *context.Context) {
+func SecretsCreatePost(ctx *context.Context) {
 	sCtx, err := getSecretsCtx(ctx)
 	if err != nil {
 		ctx.ServerError("getSecretsCtx", err)
@@ -104,7 +104,7 @@ func SecretsPost(ctx *context.Context) {
 		return
 	}
 
-	shared.PerformSecretsPost(
+	shared.CreateSecretPost(
 		ctx,
 		sCtx.OwnerID,
 		sCtx.RepoID,
@@ -112,16 +112,32 @@ func SecretsPost(ctx *context.Context) {
 	)
 }
 
-func SecretsDelete(ctx *context.Context) {
+func SecretsEditPost(ctx *context.Context) {
 	sCtx, err := getSecretsCtx(ctx)
 	if err != nil {
 		ctx.ServerError("getSecretsCtx", err)
 		return
 	}
-	shared.PerformSecretsDelete(
+
+	if ctx.HasError() {
+		ctx.JSONError(ctx.GetErrMsg())
+		return
+	}
+
+	shared.EditSecretPost(ctx, sCtx.OwnerID, sCtx.RepoID, ctx.ParamsInt64(":secret_id"), sCtx.RedirectLink)
+}
+
+func SecretsDeletePost(ctx *context.Context) {
+	sCtx, err := getSecretsCtx(ctx)
+	if err != nil {
+		ctx.ServerError("getSecretsCtx", err)
+		return
+	}
+	shared.DeleteSecretPost(
 		ctx,
 		sCtx.OwnerID,
 		sCtx.RepoID,
+		ctx.ParamsInt64(":secret_id"),
 		sCtx.RedirectLink,
 	)
 }
diff --git a/routers/web/shared/secrets/secrets.go b/routers/web/shared/secrets/secrets.go
index fe4c22bcee..ef8fea7129 100644
--- a/routers/web/shared/secrets/secrets.go
+++ b/routers/web/shared/secrets/secrets.go
@@ -4,6 +4,8 @@
 package secrets
 
 import (
+	"errors"
+
 	"forgejo.org/models/db"
 	secret_model "forgejo.org/models/secret"
 	"forgejo.org/modules/log"
@@ -24,23 +26,50 @@ func SetSecretsContext(ctx *context.Context, ownerID, repoID int64) {
 	ctx.Data["Secrets"] = secrets
 }
 
-func PerformSecretsPost(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
-	form := web.GetForm(ctx).(*forms.AddSecretForm)
+func CreateSecretPost(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
+	form := web.GetForm(ctx).(*forms.CreateSecretForm)
 
-	s, _, err := secrets_service.CreateOrUpdateSecret(ctx, ownerID, repoID, form.Name, util.ReserveLineBreakForTextarea(form.Data))
+	normalizedData := util.ReserveLineBreakForTextarea(form.Data)
+	secret, err := secret_model.InsertEncryptedSecret(ctx, ownerID, repoID, form.Name, normalizedData)
 	if err != nil {
-		log.Error("CreateOrUpdateSecret failed: %v", err)
+		log.Error("InsertEncryptedSecret failed: %v", err)
 		ctx.JSONError(ctx.Tr("secrets.creation.failed"))
 		return
 	}
 
-	ctx.Flash.Success(ctx.Tr("secrets.creation.success", s.Name))
+	ctx.Flash.Success(ctx.Tr("secrets.creation.success", secret.Name))
 	ctx.JSONRedirect(redirectURL)
 }
 
-func PerformSecretsDelete(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
-	id := ctx.FormInt64("id")
+func EditSecretPost(ctx *context.Context, ownerID, repoID, id int64, redirectURL string) {
+	form := web.GetForm(ctx).(*forms.EditSecretForm)
 
+	secret, err := secret_model.GetSecretByID(ctx, ownerID, repoID, id)
+	if errors.Is(err, util.ErrNotExist) {
+		ctx.NotFound("GetSecretByID", err)
+		return
+	} else if err != nil {
+		ctx.ServerError("GetSecretByID", err)
+		return
+	}
+
+	secret.Name = form.Name
+	if form.Data != "" {
+		secret.SetData(util.ReserveLineBreakForTextarea(form.Data))
+	}
+
+	err = secret_model.UpdateSecret(ctx, secret)
+	if err != nil {
+		log.Error("UpdateSecret failed: %v", err)
+		ctx.JSONError(ctx.Tr("actions.secrets.mutation.failure_message", secret.Name))
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("actions.secrets.mutation.success_message", secret.Name))
+	ctx.JSONRedirect(redirectURL)
+}
+
+func DeleteSecretPost(ctx *context.Context, ownerID, repoID, id int64, redirectURL string) {
 	err := secrets_service.DeleteSecretByID(ctx, ownerID, repoID, id)
 	if err != nil {
 		log.Error("DeleteSecretByID(%d) failed: %v", id, err)
diff --git a/routers/web/web.go b/routers/web/web.go
index 5ea90c1eea..ac5474e7ed 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -454,8 +454,9 @@ func registerRoutes(m *web.Route) {
 	addSettingsSecretsRoutes := func() {
 		m.Group("/secrets", func() {
 			m.Get("", repo_setting.Secrets)
-			m.Post("", web.Bind(forms.AddSecretForm{}), repo_setting.SecretsPost)
-			m.Post("/delete", repo_setting.SecretsDelete)
+			m.Post("", web.Bind(forms.CreateSecretForm{}), repo_setting.SecretsCreatePost)
+			m.Post("/{secret_id}/edit", web.Bind(forms.EditSecretForm{}), repo_setting.SecretsEditPost)
+			m.Post("/{secret_id}/delete", repo_setting.SecretsDeletePost)
 		})
 	}
 
diff --git a/services/actions/variables.go b/services/actions/variables.go
index 5dd68f0130..a99966737f 100644
--- a/services/actions/variables.go
+++ b/services/actions/variables.go
@@ -9,13 +9,13 @@ import (
 	"strings"
 
 	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/secret"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/util"
-	secrets_service "forgejo.org/services/secrets"
 )
 
 func CreateVariable(ctx context.Context, ownerID, repoID int64, name, data string) (*actions_model.ActionVariable, error) {
-	if err := secrets_service.ValidateName(name); err != nil {
+	if err := secret.ValidateName(name); err != nil {
 		return nil, err
 	}
 
@@ -32,7 +32,7 @@ func CreateVariable(ctx context.Context, ownerID, repoID int64, name, data strin
 }
 
 func UpdateVariable(ctx context.Context, variableID, ownerID, repoID int64, name, data string) (bool, error) {
-	if err := secrets_service.ValidateName(name); err != nil {
+	if err := secret.ValidateName(name); err != nil {
 		return false, err
 	}
 
diff --git a/services/forms/secret.go b/services/forms/secret.go
new file mode 100644
index 0000000000..45f3082bda
--- /dev/null
+++ b/services/forms/secret.go
@@ -0,0 +1,38 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forms
+
+import (
+	"net/http"
+
+	"forgejo.org/modules/web/middleware"
+	"forgejo.org/services/context"
+
+	"code.forgejo.org/go-chi/binding"
+)
+
+// CreateSecretForm needs to be filled in by the user to create a new secret.
+type CreateSecretForm struct {
+	Name string `binding:"Required;MaxSize(255)"`
+	Data string `binding:"Required;MaxSize(65535)"`
+}
+
+// Validate validates the submitted CreateSecretForm.
+func (f *CreateSecretForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
+	ctx := context.GetValidateContext(req)
+	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
+}
+
+// EditSecretForm needs to be filled in by the user to change an existing secret.
+type EditSecretForm struct {
+	Name string `binding:"Required;MaxSize(255)"`
+	Data string `binding:"MaxSize(65535)"`
+}
+
+// Validate validates the submitted EditSecretForm.
+func (f *EditSecretForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
+	ctx := context.GetValidateContext(req)
+	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
+}
diff --git a/services/forms/user_form.go b/services/forms/user_form.go
index 8c95139e2c..1c6ba58058 100644
--- a/services/forms/user_form.go
+++ b/services/forms/user_form.go
@@ -346,18 +346,6 @@ func (f *AddKeyForm) Validate(req *http.Request, errs binding.Errors) binding.Er
 	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
 }
 
-// AddSecretForm for adding secrets
-type AddSecretForm struct {
-	Name string `binding:"Required;MaxSize(255)"`
-	Data string `binding:"Required;MaxSize(65535)"`
-}
-
-// Validate validates the fields
-func (f *AddSecretForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
-	ctx := context.GetValidateContext(req)
-	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
-}
-
 type EditVariableForm struct {
 	Name string `binding:"Required;MaxSize(255)"`
 	Data string `binding:"Required;MaxSize(65535)"`
diff --git a/services/secrets/secrets.go b/services/secrets/secrets.go
index 498f3b6fcc..a3e841b81d 100644
--- a/services/secrets/secrets.go
+++ b/services/secrets/secrets.go
@@ -11,7 +11,7 @@ import (
 )
 
 func CreateOrUpdateSecret(ctx context.Context, ownerID, repoID int64, name, data string) (*secret_model.Secret, bool, error) {
-	if err := ValidateName(name); err != nil {
+	if err := secret_model.ValidateName(name); err != nil {
 		return nil, false, err
 	}
 
diff --git a/services/secrets/validation.go b/services/secrets/validation.go
deleted file mode 100644
index 676012f7d0..0000000000
--- a/services/secrets/validation.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package secrets
-
-import (
-	"regexp"
-
-	"forgejo.org/modules/util"
-)
-
-// https://docs.github.com/en/actions/security-guides/encrypted-secrets#naming-your-secrets
-var (
-	namePattern            = regexp.MustCompile("(?i)^[A-Z_][A-Z0-9_]*$")
-	forbiddenPrefixPattern = regexp.MustCompile("(?i)^FORGEJO_|GITEA_|GITHUB_")
-
-	ErrInvalidName = util.NewInvalidArgumentErrorf("invalid secret name")
-)
-
-func ValidateName(name string) error {
-	if !namePattern.MatchString(name) || forbiddenPrefixPattern.MatchString(name) {
-		return ErrInvalidName
-	}
-	return nil
-}
diff --git a/services/secrets/validation_test.go b/services/secrets/validation_test.go
deleted file mode 100644
index 2dface6f6d..0000000000
--- a/services/secrets/validation_test.go
+++ /dev/null
@@ -1,57 +0,0 @@
-// Copyright 2026 The Forgejo Authors. All rights reserved.
-// SPDX-License-Identifier: GPL-3.0-or-later
-
-package secrets
-
-import (
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestValidateName(t *testing.T) {
-	testCases := []struct {
-		name  string
-		valid bool
-	}{
-		{"FORGEJO_", false},
-		{"FORGEJO_123", false},
-		{"FORGEJO_ABC", false},
-		{"GITEA_", false},
-		{"GITEA_123", false},
-		{"GITEA_ABC", false},
-		{"GITHUB_", false},
-		{"GITHUB_123", false},
-		{"GITHUB_ABC", false},
-		{"123_TEST", false},
-		{"CI", true},
-		{"_CI", true},
-		{"CI_", true},
-		{"CI123", true},
-		{"CIABC", true},
-		{"FORGEJO", true},
-		{"FORGEJO123", true},
-		{"FORGEJOABC", true},
-		{"GITEA", true},
-		{"GITEA123", true},
-		{"GITEAABC", true},
-		{"GITHUB", true},
-		{"GITHUB123", true},
-		{"GITHUBABC", true},
-		{"_123_TEST", true},
-	}
-	for _, tC := range testCases {
-		t.Run(tC.name, func(t *testing.T) {
-			t.Helper()
-			if tC.valid {
-				assert.NoError(t, ValidateName(tC.name))
-				assert.NoError(t, ValidateName(strings.ToLower(tC.name)))
-			} else {
-				require.ErrorIs(t, ValidateName(tC.name), ErrInvalidName)
-				require.ErrorIs(t, ValidateName(strings.ToLower(tC.name)), ErrInvalidName)
-			}
-		})
-	}
-}
diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
index 2aa9534771..d4550bfb47 100644
--- a/templates/shared/secrets/add_list.tmpl
+++ b/templates/shared/secrets/add_list.tmpl
@@ -30,8 +30,18 @@
 				<span class="color-text-light-2">
 					{{ctx.Locale.Tr "settings.added_on" (DateUtils.AbsoluteShort .CreatedUnix)}}
 				</span>
+				<button class="btn interact-bg tw-p-2 show-modal"
+						data-tooltip-content="{{ctx.Locale.Tr "actions.secrets.edit_button" .Name}}"
+						data-modal="#edit-secret-modal"
+						data-modal-form.action="{{$.Link}}/{{.ID}}/edit"
+						data-modal-header="{{ctx.Locale.Tr "actions.secrets.mutation.header" .Name}}"
+						data-modal-dialog-secret-name="{{.Name}}"
+						data-modal-dialog-secret-data=""
+				>
+					{{svg "octicon-pencil"}}
+				</button>
 				<button class="ui btn interact-bg link-action tw-p-2"
-					data-url="{{$.Link}}/delete?id={{.ID}}"
+					data-url="{{$.Link}}/{{.ID}}/delete"
 					data-modal-confirm="{{ctx.Locale.Tr "secrets.deletion.description"}}"
 					data-tooltip-content="{{ctx.Locale.Tr "secrets.deletion"}}"
 				>
@@ -57,7 +67,7 @@
 				{{ctx.Locale.Tr "secrets.description"}}
 			</div>
 			<div class="field">
-				<label for="secret-name">{{ctx.Locale.Tr "name"}}</label>
+				<label class="required" for="secret-name">{{ctx.Locale.Tr "name"}}</label>
 				<input autofocus required
 					id="secret-name"
 					name="name"
@@ -67,7 +77,7 @@
 				<p id="name-description" class="help">{{ctx.Locale.Tr "actions.secrets.creation.name_description"}}</p>
 			</div>
 			<div class="field">
-				<label for="secret-data">{{ctx.Locale.Tr "value"}}</label>
+				<label class="required" for="secret-data">{{ctx.Locale.Tr "value"}}</label>
 				<textarea required
 					id="secret-data"
 					name="data"
@@ -78,3 +88,32 @@
 		{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
 	</form>
 </div>
+{{/* Edit secret dialog */}}
+<div class="ui small modal" id="edit-secret-modal">
+	<div class="header">
+		<span id="actions-modal-header"></span>
+	</div>
+	<form class="ui form form-fetch-action" method="post">
+		<fieldset class="content">
+			<div class="field">
+				{{ctx.Locale.Tr "secrets.description"}}
+			</div>
+			<div class="field">
+				<label class="required" for="dialog-secret-name">{{ctx.Locale.Tr "name"}}</label>
+				<input autofocus required
+					id="dialog-secret-name"
+					name="name"
+					value="{{.name}}"
+					pattern="^(?!FORGEJO_|GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
+				>
+				<p id="name-description" class="help">{{ctx.Locale.Tr "actions.secrets.mutation.name_description"}}</p>
+			</div>
+			<div class="field">
+				<label for="dialog-secret-data">{{ctx.Locale.Tr "value"}}</label>
+				<textarea id="dialog-secret-data" name="data"></textarea>
+				<p id="secret-data-description" class="help">{{ctx.Locale.Tr "actions.secrets.mutation.value_description"}}</p>
+			</div>
+		</fieldset>
+		{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
+	</form>
+</div>
diff --git a/tests/integration/actions_secrets_test.go b/tests/integration/actions_secrets_test.go
index 0070c40555..974c8c2d00 100644
--- a/tests/integration/actions_secrets_test.go
+++ b/tests/integration/actions_secrets_test.go
@@ -19,156 +19,388 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestActionsSecretsManageUserSecrets(t *testing.T) {
+func TestActionsSecretsCreateSecret(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-	url := "/user/settings/actions/secrets"
-	session := loginUser(t, user.Name)
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
 
-	t.Run("Create secret", func(t *testing.T) {
-		req := NewRequestWithValues(t, "POST", url, map[string]string{
-			"name": "my_secret",
-			"data": "   \r\n\tSecrët dåtä\\   \r\n",
+	sess := loginUser(t, user2.Name)
+
+	testCases := []struct {
+		name    string
+		url     string
+		ownerID int64
+		repoID  int64
+	}{
+		{
+			name:    "User",
+			url:     "/user/settings/actions/secrets",
+			ownerID: user2.ID,
+			repoID:  0,
+		},
+		{
+			name:    "Repository",
+			url:     "/" + repo1.FullName() + "/settings/actions/secrets",
+			ownerID: 0,
+			repoID:  repo1.ID,
+		},
+		{
+			name:    "Organization",
+			url:     "/org/" + org3.Name + "/settings/actions/secrets",
+			ownerID: org3.ID,
+			repoID:  0,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			req := NewRequestWithValues(t, "POST", testCase.url, map[string]string{
+				"name": "my_secret",
+				"data": "   \r\n\tSecrët dåtä\\   \r\n",
+			})
+			sess.MakeRequest(t, req, http.StatusOK)
+
+			flashCookie := sess.GetCookie(app_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Equal(t, "success%3DThe%2Bsecret%2B%2522MY_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+			secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: testCase.ownerID, RepoID: testCase.repoID, Name: "MY_SECRET"})
+			assert.Equal(t, "MY_SECRET", secret.Name)
+
+			value, err := secret.GetDecryptedData()
+			require.NoError(t, err)
+			assert.Equal(t, "   \n\tSecrët dåtä\\   \n", value)
 		})
-		session.MakeRequest(t, req, http.StatusOK)
-
-		flashCookie := session.GetCookie(app_context.CookieNameFlash)
-		assert.NotNil(t, flashCookie)
-		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522MY_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
-
-		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: user.ID, RepoID: 0, Name: "MY_SECRET"})
-		assert.Equal(t, "MY_SECRET", secret.Name)
-
-		value, err := secret.GetDecryptedData()
-		require.NoError(t, err)
-		assert.Equal(t, "   \n\tSecrët dåtä\\   \n", value)
-	})
-
-	t.Run("Remove secret", func(t *testing.T) {
-		req := NewRequestWithValues(t, "POST", url, map[string]string{
-			"name": "TEST_SECRET",
-			"data": "value",
-		})
-		session.MakeRequest(t, req, http.StatusOK)
-
-		flashCookie := session.GetCookie(app_context.CookieNameFlash)
-		assert.NotNil(t, flashCookie)
-		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522TEST_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
-
-		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: user.ID, RepoID: 0, Name: "TEST_SECRET"})
-
-		req = NewRequest(t, "POST", fmt.Sprintf("%s/delete?id=%d", url, secret.ID))
-		session.MakeRequest(t, req, http.StatusOK)
-
-		flashCookie = session.GetCookie(app_context.CookieNameFlash)
-		assert.NotNil(t, flashCookie)
-		assert.Equal(t, "success%3DThe%2Bsecret%2Bhas%2Bbeen%2Bremoved.", flashCookie.Value)
-
-		unittest.AssertNotExistsBean(t, secret)
-	})
+	}
 }
 
-func TestActionsSecretsManageRepositorySecrets(t *testing.T) {
+func TestActionsSecretsCreateSecretRejectsNameMatchingExistingSecret(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user.ID})
-	url := "/" + repo.FullName() + "/settings/actions/secrets"
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
 
-	session := loginUser(t, user.Name)
+	sess := loginUser(t, user2.Name)
 
-	t.Run("Create secret", func(t *testing.T) {
-		req := NewRequestWithValues(t, "POST", url, map[string]string{
-			"name": "my_secret",
-			"data": "   \r\n\tSecrët dåtä\\   \r\n",
+	testCases := []struct {
+		name    string
+		url     string
+		ownerID int64
+		repoID  int64
+	}{
+		{
+			name:    "User",
+			url:     "/user/settings/actions/secrets",
+			ownerID: user2.ID,
+			repoID:  0,
+		},
+		{
+			name:    "Repository",
+			url:     "/" + repo1.FullName() + "/settings/actions/secrets",
+			ownerID: 0,
+			repoID:  repo1.ID,
+		},
+		{
+			name:    "Organization",
+			url:     "/org/" + org3.Name + "/settings/actions/secrets",
+			ownerID: org3.ID,
+			repoID:  0,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			req := NewRequestWithValues(t, "POST", testCase.url, map[string]string{
+				"name": "my_secret",
+				"data": "original value",
+			})
+			sess.MakeRequest(t, req, http.StatusOK)
+
+			flashCookie := sess.GetCookie(app_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Equal(t, "success%3DThe%2Bsecret%2B%2522MY_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+			secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: testCase.ownerID, RepoID: testCase.repoID, Name: "MY_SECRET"})
+			assert.Equal(t, "MY_SECRET", secret.Name)
+
+			value, err := secret.GetDecryptedData()
+			require.NoError(t, err)
+			assert.Equal(t, "original value", value)
+
+			// Try to create a new secret with the name but another value.
+			req = NewRequestWithValues(t, "POST", testCase.url, map[string]string{
+				"name": "my_secret",
+				"data": "changed value",
+			})
+			sess.MakeRequest(t, req, http.StatusBadRequest)
+
+			// Verify that the original secret has not been changed.
+			secret = unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: testCase.ownerID, RepoID: testCase.repoID, Name: "MY_SECRET"})
+			value, err = secret.GetDecryptedData()
+			require.NoError(t, err)
+
+			assert.Equal(t, "MY_SECRET", secret.Name)
+			assert.Equal(t, "original value", value)
 		})
-		session.MakeRequest(t, req, http.StatusOK)
-
-		flashCookie := session.GetCookie(app_context.CookieNameFlash)
-		assert.NotNil(t, flashCookie)
-		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522MY_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
-
-		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: 0, RepoID: repo.ID, Name: "MY_SECRET"})
-		assert.Equal(t, "MY_SECRET", secret.Name)
-
-		value, err := secret.GetDecryptedData()
-		require.NoError(t, err)
-		assert.Equal(t, "   \n\tSecrët dåtä\\   \n", value)
-	})
-
-	t.Run("Remove secret", func(t *testing.T) {
-		req := NewRequestWithValues(t, "POST", url, map[string]string{
-			"name": "TEST_SECRET",
-			"data": "value",
-		})
-		session.MakeRequest(t, req, http.StatusOK)
-
-		flashCookie := session.GetCookie(app_context.CookieNameFlash)
-		assert.NotNil(t, flashCookie)
-		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522TEST_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
-
-		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: 0, RepoID: repo.ID, Name: "TEST_SECRET"})
-
-		req = NewRequest(t, "POST", fmt.Sprintf("%s/delete?id=%d", url, secret.ID))
-		session.MakeRequest(t, req, http.StatusOK)
-
-		flashCookie = session.GetCookie(app_context.CookieNameFlash)
-		assert.NotNil(t, flashCookie)
-		assert.Equal(t, "success%3DThe%2Bsecret%2Bhas%2Bbeen%2Bremoved.", flashCookie.Value)
-
-		unittest.AssertNotExistsBean(t, secret)
-	})
+	}
 }
 
-func TestActionsSecretsManageOrganizationSecrets(t *testing.T) {
+func TestActionsSecretsEditSecret(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-	org := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
-	url := "/org/" + org.Name + "/settings/actions/secrets"
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
 
-	session := loginUser(t, user.Name)
+	sess := loginUser(t, user2.Name)
 
-	t.Run("Create secret", func(t *testing.T) {
-		req := NewRequestWithValues(t, "POST", url, map[string]string{
-			"name": "my_secret",
-			"data": "   \r\n\tSecrët dåtä\\   \r\n",
+	testCases := []struct {
+		name    string
+		url     string
+		ownerID int64
+		repoID  int64
+	}{
+		{
+			name:    "User",
+			url:     "/user/settings/actions/secrets",
+			ownerID: user2.ID,
+			repoID:  0,
+		},
+		{
+			name:    "Repository",
+			url:     "/" + repo1.FullName() + "/settings/actions/secrets",
+			ownerID: 0,
+			repoID:  repo1.ID,
+		},
+		{
+			name:    "Organization",
+			url:     "/org/" + org3.Name + "/settings/actions/secrets",
+			ownerID: org3.ID,
+			repoID:  0,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			req := NewRequestWithValues(t, "POST", testCase.url, map[string]string{
+				"name": "TEST_SECRET",
+				"data": "value",
+			})
+			sess.MakeRequest(t, req, http.StatusOK)
+
+			flashCookie := sess.GetCookie(app_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Equal(t, "success%3DThe%2Bsecret%2B%2522TEST_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+			secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: testCase.ownerID, RepoID: testCase.repoID, Name: "TEST_SECRET"})
+
+			req = NewRequestWithValues(t, "POST", fmt.Sprintf("%s/%d/edit", testCase.url, secret.ID), map[string]string{
+				"name": secret.Name,
+				"data": "   \r\n\tSecrët dåtä\\   \r\n",
+			})
+			sess.MakeRequest(t, req, http.StatusOK)
+
+			flashCookie = sess.GetCookie(app_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Equal(t, "success%3DThe%2Bsecret%2B%2522TEST_SECRET%2522%2Bhas%2Bbeen%2Bupdated.", flashCookie.Value)
+
+			updatedSecret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{ID: secret.ID})
+			decryptedValue, err := updatedSecret.GetDecryptedData()
+			require.NoError(t, err)
+
+			assert.Equal(t, secret.Name, updatedSecret.Name)
+			assert.Equal(t, "   \n\tSecrët dåtä\\   \n", decryptedValue)
 		})
-		session.MakeRequest(t, req, http.StatusOK)
-
-		flashCookie := session.GetCookie(app_context.CookieNameFlash)
-		assert.NotNil(t, flashCookie)
-		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522MY_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
-
-		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: org.ID, RepoID: 0, Name: "MY_SECRET"})
-		assert.Equal(t, "MY_SECRET", secret.Name)
-
-		value, err := secret.GetDecryptedData()
-		require.NoError(t, err)
-		assert.Equal(t, "   \n\tSecrët dåtä\\   \n", value)
-	})
-
-	t.Run("Remove secret", func(t *testing.T) {
-		req := NewRequestWithValues(t, "POST", url, map[string]string{
-			"name": "TEST_SECRET",
-			"data": "value",
-		})
-		session.MakeRequest(t, req, http.StatusOK)
-
-		flashCookie := session.GetCookie(app_context.CookieNameFlash)
-		assert.NotNil(t, flashCookie)
-		assert.Equal(t, "success%3DThe%2Bsecret%2B%2522TEST_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
-
-		secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: org.ID, RepoID: 0, Name: "TEST_SECRET"})
-
-		req = NewRequest(t, "POST", fmt.Sprintf("%s/delete?id=%d", url, secret.ID))
-		session.MakeRequest(t, req, http.StatusOK)
-
-		flashCookie = session.GetCookie(app_context.CookieNameFlash)
-		assert.NotNil(t, flashCookie)
-		assert.Equal(t, "success%3DThe%2Bsecret%2Bhas%2Bbeen%2Bremoved.", flashCookie.Value)
-
-		unittest.AssertNotExistsBean(t, secret)
-	})
+	}
+}
+
+func TestActionsSecretsEditSecretWithoutChangingItsValue(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
+
+	sess := loginUser(t, user2.Name)
+
+	testCases := []struct {
+		name    string
+		url     string
+		ownerID int64
+		repoID  int64
+	}{
+		{
+			name:    "User",
+			url:     "/user/settings/actions/secrets",
+			ownerID: user2.ID,
+			repoID:  0,
+		},
+		{
+			name:    "Repository",
+			url:     "/" + repo1.FullName() + "/settings/actions/secrets",
+			ownerID: 0,
+			repoID:  repo1.ID,
+		},
+		{
+			name:    "Organization",
+			url:     "/org/" + org3.Name + "/settings/actions/secrets",
+			ownerID: org3.ID,
+			repoID:  0,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			req := NewRequestWithValues(t, "POST", testCase.url, map[string]string{
+				"name": "TEST_SECRET",
+				"data": "   \r\n\tSecrët dåtä\\   \r\n",
+			})
+			sess.MakeRequest(t, req, http.StatusOK)
+
+			flashCookie := sess.GetCookie(app_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Equal(t, "success%3DThe%2Bsecret%2B%2522TEST_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+			secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: testCase.ownerID, RepoID: testCase.repoID, Name: "TEST_SECRET"})
+
+			req = NewRequestWithValues(t, "POST", fmt.Sprintf("%s/%d/edit", testCase.url, secret.ID), map[string]string{
+				"name": "changed_secret",
+				"data": "",
+			})
+			sess.MakeRequest(t, req, http.StatusOK)
+
+			flashCookie = sess.GetCookie(app_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Equal(t, "success%3DThe%2Bsecret%2B%2522CHANGED_SECRET%2522%2Bhas%2Bbeen%2Bupdated.", flashCookie.Value)
+
+			updatedSecret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{ID: secret.ID})
+			decryptedValue, err := updatedSecret.GetDecryptedData()
+			require.NoError(t, err)
+
+			assert.Equal(t, "CHANGED_SECRET", updatedSecret.Name)
+			assert.Equal(t, "   \n\tSecrët dåtä\\   \n", decryptedValue)
+		})
+	}
+}
+
+func TestActionsSecretsEditSecretRejectsInvalidName(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
+
+	sess := loginUser(t, user2.Name)
+
+	testCases := []struct {
+		name    string
+		url     string
+		ownerID int64
+		repoID  int64
+	}{
+		{
+			name:    "User",
+			url:     "/user/settings/actions/secrets",
+			ownerID: user2.ID,
+			repoID:  0,
+		},
+		{
+			name:    "Repository",
+			url:     "/" + repo1.FullName() + "/settings/actions/secrets",
+			ownerID: 0,
+			repoID:  repo1.ID,
+		},
+		{
+			name:    "Organization",
+			url:     "/org/" + org3.Name + "/settings/actions/secrets",
+			ownerID: org3.ID,
+			repoID:  0,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			req := NewRequestWithValues(t, "POST", testCase.url, map[string]string{
+				"name": "TEST_SECRET",
+				"data": "value",
+			})
+			sess.MakeRequest(t, req, http.StatusOK)
+
+			flashCookie := sess.GetCookie(app_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Equal(t, "success%3DThe%2Bsecret%2B%2522TEST_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+			secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: testCase.ownerID, RepoID: testCase.repoID, Name: "TEST_SECRET"})
+
+			req = NewRequestWithValues(t, "POST", fmt.Sprintf("%s/%d/edit", testCase.url, secret.ID), map[string]string{
+				"name": "FORGEJO_IS_INVALID",
+				"data": "",
+			})
+			sess.MakeRequest(t, req, http.StatusBadRequest)
+		})
+	}
+}
+
+func TestActionsSecretsRemoveSecret(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 3, Type: user_model.UserTypeOrganization})
+
+	sess := loginUser(t, user2.Name)
+
+	testCases := []struct {
+		name    string
+		url     string
+		ownerID int64
+		repoID  int64
+	}{
+		{
+			name:    "User",
+			url:     "/user/settings/actions/secrets",
+			ownerID: user2.ID,
+			repoID:  0,
+		},
+		{
+			name:    "Repository",
+			url:     "/" + repo1.FullName() + "/settings/actions/secrets",
+			ownerID: 0,
+			repoID:  repo1.ID,
+		},
+		{
+			name:    "Organization",
+			url:     "/org/" + org3.Name + "/settings/actions/secrets",
+			ownerID: org3.ID,
+			repoID:  0,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			req := NewRequestWithValues(t, "POST", testCase.url, map[string]string{
+				"name": "TEST_SECRET",
+				"data": "value",
+			})
+			sess.MakeRequest(t, req, http.StatusOK)
+
+			flashCookie := sess.GetCookie(app_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Equal(t, "success%3DThe%2Bsecret%2B%2522TEST_SECRET%2522%2Bhas%2Bbeen%2Badded.", flashCookie.Value)
+
+			secret := unittest.AssertExistsAndLoadBean(t, &secret_model.Secret{OwnerID: testCase.ownerID, RepoID: testCase.repoID, Name: "TEST_SECRET"})
+
+			req = NewRequest(t, "POST", fmt.Sprintf("%s/%d/delete", testCase.url, secret.ID))
+			sess.MakeRequest(t, req, http.StatusOK)
+
+			flashCookie = sess.GetCookie(app_context.CookieNameFlash)
+			assert.NotNil(t, flashCookie)
+			assert.Equal(t, "success%3DThe%2Bsecret%2Bhas%2Bbeen%2Bremoved.", flashCookie.Value)
+
+			unittest.AssertNotExistsBean(t, secret)
+		})
+	}
 }
diff --git a/tests/integration/api_org_secrets_test.go b/tests/integration/api_org_secrets_test.go
index 02c4cfbc34..1be0b0d9dc 100644
--- a/tests/integration/api_org_secrets_test.go
+++ b/tests/integration/api_org_secrets_test.go
@@ -10,6 +10,7 @@ import (
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
 	org_model "forgejo.org/models/organization"
 	secret_model "forgejo.org/models/secret"
 	"forgejo.org/models/unittest"
@@ -157,7 +158,8 @@ func TestAPIOrgSecrets(t *testing.T) {
 	})
 
 	t.Run("Delete with forbidden names", func(t *testing.T) {
-		secret, err := secret_model.InsertEncryptedSecret(t.Context(), org.ID, 0, "FORGEJO_FORBIDDEN", "illegal")
+		secret := secret_model.Secret{OwnerID: org.ID, RepoID: 0, Name: "FORGEJO_FORBIDDEN"}
+		err := db.Insert(t.Context(), secret)
 		require.NoError(t, err)
 
 		url := fmt.Sprintf("/api/v1/orgs/%s/actions/secrets/%s", org.Name, secret.Name)
diff --git a/tests/integration/api_repo_secrets_test.go b/tests/integration/api_repo_secrets_test.go
index f012f3cb24..dd14ce77e2 100644
--- a/tests/integration/api_repo_secrets_test.go
+++ b/tests/integration/api_repo_secrets_test.go
@@ -158,7 +158,8 @@ func TestAPIRepoSecrets(t *testing.T) {
 	})
 
 	t.Run("Delete with forbidden names", func(t *testing.T) {
-		secret, err := secret_model.InsertEncryptedSecret(t.Context(), 0, repo.ID, "FORGEJO_FORBIDDEN", "illegal")
+		secret := secret_model.Secret{OwnerID: 0, RepoID: repo.ID, Name: "FORGEJO_FORBIDDEN"}
+		err := db.Insert(t.Context(), secret)
 		require.NoError(t, err)
 
 		url := fmt.Sprintf("/api/v1/repos/%s/actions/secrets/%s", repo.FullName(), secret.Name)
diff --git a/tests/integration/api_user_secrets_test.go b/tests/integration/api_user_secrets_test.go
index b32cf5fb19..f1442fe35a 100644
--- a/tests/integration/api_user_secrets_test.go
+++ b/tests/integration/api_user_secrets_test.go
@@ -10,6 +10,7 @@ import (
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
 	secret_model "forgejo.org/models/secret"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
@@ -122,7 +123,8 @@ func TestAPIUserSecrets(t *testing.T) {
 	})
 
 	t.Run("Delete with forbidden names", func(t *testing.T) {
-		secret, err := secret_model.InsertEncryptedSecret(t.Context(), user.ID, 0, "FORGEJO_FORBIDDEN", "illegal")
+		secret := secret_model.Secret{OwnerID: user.ID, RepoID: 0, Name: "FORGEJO_FORBIDDEN"}
+		err := db.Insert(t.Context(), secret)
 		require.NoError(t, err)
 
 		url := fmt.Sprintf("/api/v1/user/actions/secrets/%s", secret.Name)

From 35b872f383aa0aea5222efe4b92c1bd156c117c1 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Mon, 23 Mar 2026 15:29:08 +0100
Subject: [PATCH 558/854] feat(ui): create repo-specific access tokens (#11696)

Adds a user interface for creating repo-specific access tokens (#11311).  When the new option "Specific repositories" is selected, a search option appears.  Each repository in the search result has an "Add" button to include it on the access token, and once included, a repository can be removed with the "Remove" button.  This is a JS-free form.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/
README.md#end-to-end-tests)).
    - Technically there are no "JavaScript changes" in this PR, but e2e tests were added for browser interaction testing.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - TODO: planning to create documentation in https://forgejo.org/docs/next/user/token-scope/; there is none for public only tokens but I think this seems like a good place to add both.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11696
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/repo/repo_list.go                      |  23 ++
 models/repo/repo_list_test.go                 |  20 ++
 options/locale_next/locale_en-US.json         |  13 +
 routers/api/v1/user/app.go                    |  17 +-
 routers/web/shared/user/access_token.go       |  28 +++
 routers/web/user/setting/access_token.go      | 237 +++++++++++++++++-
 routers/web/user/setting/access_token_test.go | 159 ++++++++++++
 routers/web/web.go                            |   4 +-
 services/forms/user_form.go                   |  37 ++-
 services/forms/user_form_test.go              |   6 +-
 .../user/settings/access_token_edit.tmpl      | 229 ++++++++++++-----
 templates/user/settings/repo_icon.tmpl        |   9 +
 tests/e2e/user-settings.test.e2e.ts           |  74 +++++-
 tests/integration/integration_test.go         |  12 +-
 web_src/css/user.css                          |  27 ++
 15 files changed, 799 insertions(+), 96 deletions(-)
 create mode 100644 routers/web/shared/user/access_token.go
 create mode 100644 routers/web/user/setting/access_token_test.go
 create mode 100644 templates/user/settings/repo_icon.tmpl

diff --git a/models/repo/repo_list.go b/models/repo/repo_list.go
index 71ec8362f2..732d7b627c 100644
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@@ -188,6 +188,9 @@ type SearchRepoOptions struct {
 	OnlyShowRelevant bool
 	// Filters repositories based upon optional authorization restrictions.
 	AuthorizationReducer RepositoryAuthorizationReducer
+	// Retrieve multiple repositories by their owner name & repository name, similar to [GetRepositoryByOwnerAndName]
+	// but in bulk.
+	OwnerAndName [][2]string
 }
 
 // UserOwnedRepoCond returns user ownered repositories
@@ -495,6 +498,26 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 		cond = cond.And(opts.AuthorizationReducer.RepoReadAccessFilter())
 	}
 
+	if opts.OwnerAndName != nil {
+		if len(opts.OwnerAndName) > 0 {
+			// repository is indexed on `(owner_id, lower_name)`, but not on the `owner_name` field.  Plus the `owner_name`
+			// field isn't ToLower'd.  So this becomes a subquery:
+			subQuery := builder.Select("inner_repo.id").From("repository", "inner_repo").
+				Join("INNER", "`user`", "`user`.id = inner_repo.owner_id")
+			for _, ownerAndName := range opts.OwnerAndName {
+				subQuery.Or(builder.Eq{
+					"`user`.lower_name":     strings.ToLower(ownerAndName[0]),
+					"inner_repo.lower_name": strings.ToLower(ownerAndName[1]),
+				})
+			}
+			cond = cond.And(builder.In("id", subQuery))
+		} else {
+			// If opts.OwnerAndName is a non-nil, empty array, then we want to return zero repositories.  The loop to
+			// build the `Eq` conditions wouldn't occur, so we would have no filtering if this wasn't special-case'd.
+			cond = cond.And(builder.Eq{"1": "2"})
+		}
+	}
+
 	return cond
 }
 
diff --git a/models/repo/repo_list_test.go b/models/repo/repo_list_test.go
index dda9687414..fc32226975 100644
--- a/models/repo/repo_list_test.go
+++ b/models/repo/repo_list_test.go
@@ -179,6 +179,26 @@ func getTestCases() []struct {
 			opts:  &repo_model.SearchRepoOptions{Keyword: "user20/", ListOptions: db.ListOptions{Page: 1, PageSize: 10}, Private: true, OwnerID: 0},
 			count: 4,
 		},
+		{
+			name:  "OwnerAndName Single",
+			opts:  &repo_model.SearchRepoOptions{ListOptions: db.ListOptions{Page: 1, PageSize: 10}, OwnerAndName: [][2]string{{"user15", "big_test_public_1"}}},
+			count: 1,
+		},
+		{
+			name:  "OwnerAndName Multiple",
+			opts:  &repo_model.SearchRepoOptions{ListOptions: db.ListOptions{Page: 1, PageSize: 10}, OwnerAndName: [][2]string{{"user15", "big_test_public_1"}, {"user15", "big_test_public_2"}}},
+			count: 2,
+		},
+		{
+			name:  "OwnerAndName Miss",
+			opts:  &repo_model.SearchRepoOptions{ListOptions: db.ListOptions{Page: 1, PageSize: 10}, OwnerAndName: [][2]string{{"user15", "big_test_public_1"}, {"user15", "blah blah"}}},
+			count: 1,
+		},
+		{
+			name:  "OwnerAndName Empty",
+			opts:  &repo_model.SearchRepoOptions{ListOptions: db.ListOptions{Page: 1, PageSize: 10}, OwnerAndName: [][2]string{}},
+			count: 0,
+		},
 	}
 
 	return testCases
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index c6b65f8c84..67767b1985 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -193,6 +193,19 @@
 	"settings.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts.",
 	"settings.specific_repo_access": "Repository access",
 	"settings.new_access_token": "New access token",
+	"settings.permissions_access_specific_repositories": "Specific repositories",
+	"settings.access_token.selected_repositories": {
+		"one": "Selected repository (%d)",
+		"other": "Selected repositories (%d)"
+	},
+	"settings.access_token.available_repositories": "Available repositories",
+	"settings.access_token.no_repositories_selected": "No repositories selected.",
+	"settings.access_token.no_repositories_found": "No repositories found.",
+	"settings.access_token.remove": "Remove %s",
+	"settings.access_token.resource_all_help": "Allow access to all resources.",
+	"settings.access_token.resource_public_only_help": "Limit access to repositories and organizations that are public.",
+	"settings.access_token.resource_specific_repo_help": "Limit access to a specific list of repositories. Read-only access is permitted to all public repositories. Only permissions that allow access to repositories and issues can be enabled.",
+	"settings.access_token.admin_disabled": "Administrative permissions are disabled.",
 	"error.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts. Enable it at: %s",
 	"avatar.constraints_hint": "Custom avatar may not exceed %[1]s in size or be larger than %[2]dx%[3]d pixels",
 	"user.ghost.tooltip": "This user has been deleted, or cannot be matched.",
diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go
index 2532396dca..8d8ead9234 100644
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -18,10 +18,10 @@ import (
 	"forgejo.org/models/db"
 	access_model "forgejo.org/models/perm/access"
 	repo_model "forgejo.org/models/repo"
-	"forgejo.org/modules/optional"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/web"
 	"forgejo.org/routers/api/v1/utils"
+	"forgejo.org/routers/web/shared/user"
 	"forgejo.org/services/authz"
 	"forgejo.org/services/context"
 	"forgejo.org/services/convert"
@@ -115,19 +115,6 @@ func ListAccessTokens(ctx *context.APIContext) {
 	ctx.JSON(http.StatusOK, &apiTokens)
 }
 
-func translateAccessTokenValidationError(ctx *context.Base, err error) optional.Option[string] {
-	switch {
-	case errors.Is(err, authz.ErrSpecifiedReposNone):
-		return optional.Some[string](ctx.Locale.TrString("access_token.error.specified_repos_none"))
-	case errors.Is(err, authz.ErrSpecifiedReposNoPublicOnly):
-		return optional.Some[string](ctx.Locale.TrString("access_token.error.specified_repos_and_public_only"))
-	case errors.Is(err, authz.ErrSpecifiedReposInvalidScope):
-		return optional.Some[string](ctx.Locale.TrString("access_token.error.specified_repos_and_invalid_scope"))
-	default:
-		return optional.None[string]()
-	}
-}
-
 // CreateAccessToken creates an access token
 func CreateAccessToken(ctx *context.APIContext) {
 	// swagger:operation POST /users/{username}/tokens user userCreateToken
@@ -228,7 +215,7 @@ func CreateAccessToken(ctx *context.APIContext) {
 	}
 
 	if err := authz.ValidateAccessToken(t, resourceRepos); err != nil {
-		s := translateAccessTokenValidationError(ctx.Base, err)
+		s := user.TranslateAccessTokenValidationError(ctx.Base, err)
 		if has, str := s.Get(); has {
 			ctx.Error(http.StatusBadRequest, "ValidateAccessToken", str)
 			return
diff --git a/routers/web/shared/user/access_token.go b/routers/web/shared/user/access_token.go
new file mode 100644
index 0000000000..942054905b
--- /dev/null
+++ b/routers/web/shared/user/access_token.go
@@ -0,0 +1,28 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package user
+
+import (
+	"errors"
+
+	"forgejo.org/modules/optional"
+	"forgejo.org/services/authz"
+	"forgejo.org/services/context"
+)
+
+// Translate errors from [ValidateAccessToken] into user-visible messages, if the error is expected as a user-facing
+// error.  None[string] may be returned to indicate the error is an unexpected server-side error, not a user validation
+// error.
+func TranslateAccessTokenValidationError(ctx *context.Base, err error) optional.Option[string] {
+	switch {
+	case errors.Is(err, authz.ErrSpecifiedReposNone):
+		return optional.Some[string](ctx.Locale.TrString("access_token.error.specified_repos_none"))
+	case errors.Is(err, authz.ErrSpecifiedReposNoPublicOnly):
+		return optional.Some[string](ctx.Locale.TrString("access_token.error.specified_repos_and_public_only"))
+	case errors.Is(err, authz.ErrSpecifiedReposInvalidScope):
+		return optional.Some[string](ctx.Locale.TrString("access_token.error.specified_repos_and_invalid_scope"))
+	default:
+		return optional.None[string]()
+	}
+}
diff --git a/routers/web/user/setting/access_token.go b/routers/web/user/setting/access_token.go
index 293bb19456..cdaad287a8 100644
--- a/routers/web/user/setting/access_token.go
+++ b/routers/web/user/setting/access_token.go
@@ -1,26 +1,84 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
 
 package setting
 
 import (
+	stdCtx "context"
+	"fmt"
+	"html/template"
 	"net/http"
 	"slices"
+	"strings"
 
 	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
+	access_model "forgejo.org/models/perm/access"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/modules/base"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/web"
+	"forgejo.org/routers/web/shared/user"
+	"forgejo.org/services/authz"
 	"forgejo.org/services/context"
 	"forgejo.org/services/forms"
+
+	"xorm.io/builder"
 )
 
 const (
 	tplAccessTokenEdit base.TplName = "user/settings/access_token_edit"
 )
 
+func getSelectedRepos(ctx *context.Context, selectedReposRaw []string) []*repo_model.Repository {
+	ownerAndName := make([][2]string, len(selectedReposRaw))
+	for i, selected := range selectedReposRaw {
+		split := strings.SplitN(selected, "/", 2) // ownername/reponame
+		if len(split) != 2 {
+			ctx.Error(http.StatusBadRequest, fmt.Sprintf("invalid selected_repo: %s", selected))
+			return nil
+		}
+		ownerAndName[i] = [2]string{split[0], split[1]}
+	}
+
+	repoSearch := &repo_model.SearchRepoOptions{
+		OwnerAndName: ownerAndName,
+		OrderBy:      db.SearchOrderByAlphabetically, // match sorting in loadAccessTokenCreateData for consistency
+		Private:      true,
+	}
+
+	cond := repo_model.SearchRepositoryCondition(repoSearch)
+	repos, _, err := repo_model.SearchRepositoryByCondition(ctx, repoSearch, cond, false)
+	if err != nil {
+		ctx.ServerError("SearchRepositoryByCondition", err)
+		return nil
+	} else if len(repos) != len(selectedReposRaw) {
+		// One or more of the repositories couldn't be found by search by owner & name.
+		ctx.Error(http.StatusBadRequest, "GetRepositoryByOwnerAndName") // keep in sync w/ !permission.HasAccess below
+		return nil
+	}
+
+	selectedRepos := make([]*repo_model.Repository, len(selectedReposRaw))
+	for i, repo := range repos {
+		permission, err := access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+		if err != nil {
+			ctx.ServerError("GetUserRepoPermission", err)
+			return nil
+		} else if !permission.HasAccess() {
+			// Prevent data existence probing -- ensure this error is the exact same as the (len(repos) !=
+			// len(selectedReposRaw)) case above
+			ctx.Error(http.StatusBadRequest, "GetRepositoryByOwnerAndName")
+			return nil
+		}
+		selectedRepos[i] = repo
+	}
+	return selectedRepos
+}
+
 func loadAccessTokenCreateData(ctx *context.Context) {
 	ctx.Data["AccessTokenScopePublicOnly"] = string(auth_model.AccessTokenScopePublicOnly) // note: SliceUtils.Contains won't work in the template if this is a `auth_model.AccessTokenScope`, so it's cast to a string here
 
@@ -39,6 +97,113 @@ func loadAccessTokenCreateData(ctx *context.Context) {
 	}
 	slices.Sort(categories)
 	ctx.Data["Categories"] = categories
+
+	// Awkward -- GET and POST use different form bindings for the reasons explained on NewAccessTokenGetForm -- and
+	// this method can be called in both situations, on all GETs, and on some POSTs when validation errors occur.  So
+	// both forms need to be handled here.
+	getForm, isGet := web.GetForm(ctx).(*forms.NewAccessTokenGetForm)
+	postForm, isPost := web.GetForm(ctx).(*forms.NewAccessTokenPostForm)
+
+	if isGet {
+		// Manage the result of adding or removing a repository before we do anything with `form.SelectedRepo`...
+		changed := false
+		if getForm.AddSelectedRepo != "" {
+			getForm.SelectedRepo = append(getForm.SelectedRepo, getForm.AddSelectedRepo)
+			changed = true
+		}
+		if getForm.RemoveSelectedRepo != "" {
+			getForm.SelectedRepo = slices.DeleteFunc(
+				getForm.SelectedRepo,
+				func(r string) bool { return r == getForm.RemoveSelectedRepo },
+			)
+			changed = true
+		}
+		if changed {
+			// We've changed getForm.SelectedRepo, but a reference to this slice was already present in `ctx.Data` (the
+			// Bind middleware invokes AssignForm to put getForm values into `ctx.Data`).  Replace the reference:
+			ctx.Data["selected_repo"] = getForm.SelectedRepo
+		}
+	}
+
+	repoSearchText := ""
+	if isGet {
+		repoSearchText = getForm.RepoSearch
+	}
+
+	selectedReposRaw := []string{}
+	if isGet {
+		selectedReposRaw = getForm.SelectedRepo
+	} else if isPost {
+		selectedReposRaw = postForm.SelectedRepo
+	}
+	selectedRepos := getSelectedRepos(ctx, selectedReposRaw)
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["SelectedRepos"] = selectedRepos
+
+	page := 1
+	if isGet {
+		// Pagination on the repo search has form submit buttons that send the `set_page` param.  It's then encoded into
+		// the page in the hidden input `page` which we fall back to, if anything else causes a form get (eg. adding or
+		// removing a repo).
+		if getForm.SetPage > 0 {
+			page = getForm.SetPage
+		} else if getForm.Page > 0 {
+			page = getForm.Page
+		}
+	}
+	pageSize := 10
+	repoSearch := &repo_model.SearchRepoOptions{
+		Actor:    ctx.Doer,
+		Keyword:  repoSearchText,
+		Private:  true,
+		Archived: optional.Some(false),
+
+		// Restrict repositories to those owned by, or collaborated with, by the user.  Repo-specific access tokens
+		// could theoretically be created on any public repository as well, but there wouldn't be much point to that and
+		// it would really balloon the search results to an impractical number of repos.
+		OwnerID: ctx.Doer.ID,
+
+		ListOptions: db.ListOptions{
+			Page:     page,
+			PageSize: pageSize,
+		},
+		OrderBy: db.SearchOrderByAlphabetically, // match sorting in getSelectedRepos for consistency
+	}
+	cond := repo_model.SearchRepositoryCondition(repoSearch)
+	// Exclude all the repos that are currently in `form.SelectedRepo` from the search, by omitting them from the search
+	// condition.  This prevents the UI from displaying the same repo on the left and right, and maintains the repo
+	// search and page-size correctly.
+	for _, selected := range selectedRepos {
+		cond = cond.And(builder.Neq{"id": selected.ID})
+	}
+	repos, count, err := repo_model.SearchRepositoryByCondition(ctx, repoSearch, cond, false)
+	if err != nil {
+		log.Error("SearchRepository: %v", err)
+		ctx.JSON(http.StatusInternalServerError, nil)
+		return
+	}
+	ctx.Data["Repos"] = repos
+
+	pager := context.NewPagination(int(count), pageSize, page, 3)
+	pager.SetDefaultParams(ctx)
+	ctx.Data["Page"] = pager
+
+	autofocus := ""
+	if isGet {
+		switch {
+		// Token name will be autofocused the first time the page is loaded -- if form.Scope is empty then that would be
+		// a good sign it's the first load.
+		case len(getForm.Scope) == 0:
+			autofocus = "name"
+		// After submitting a search, refocus the search text box.  Search invokes set_page=1 to reset the pagination
+		// which we'll use to detect this case.
+		case getForm.SetPage == 1:
+			autofocus = "search"
+		}
+	}
+	ctx.Data["Autofocus"] = autofocus
 }
 
 // Applications render manage access token page
@@ -47,18 +212,32 @@ func AccessTokenCreate(ctx *context.Context) {
 	ctx.Data["PageIsSettingsApplications"] = true
 
 	loadAccessTokenCreateData(ctx)
+	if ctx.Written() {
+		return
+	}
 
 	ctx.HTML(http.StatusOK, tplAccessTokenEdit)
 }
 
 // ApplicationsPost response for add user's access token
 func AccessTokenCreatePost(ctx *context.Context) {
-	form := web.GetForm(ctx).(*forms.NewAccessTokenForm)
+	form := web.GetForm(ctx).(*forms.NewAccessTokenPostForm)
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsApplications"] = true
 
+	renderWithError := func(msg template.HTML) {
+		loadAccessTokenCreateData(ctx)
+		if ctx.Written() {
+			return
+		}
+		ctx.RenderWithErr(msg, tplAccessTokenEdit, form)
+	}
+
 	if ctx.HasError() {
 		loadAccessTokenCreateData(ctx)
+		if ctx.Written() {
+			return
+		}
 		ctx.HTML(http.StatusOK, tplAccessTokenEdit)
 		return
 	}
@@ -69,32 +248,66 @@ func AccessTokenCreatePost(ctx *context.Context) {
 		return
 	}
 	if !scope.HasPermissionScope() {
-		loadAccessTokenCreateData(ctx)
-		ctx.RenderWithErr(ctx.Tr("settings.at_least_one_permission"), tplAccessTokenEdit, form)
+		renderWithError(ctx.Tr("settings.at_least_one_permission"))
 		return
 	}
+
 	t := &auth_model.AccessToken{
 		UID:   ctx.Doer.ID,
 		Name:  form.Name,
 		Scope: scope,
+	}
 
-		// maintain legacy behaviour until new UI options are added -- token has access to all resources, is not
-		// fine-grained
-		ResourceAllRepos: true,
+	var resourceRepos []*auth_model.AccessTokenResourceRepo
+	switch form.Resource {
+	case "all":
+		t.ResourceAllRepos = true
+	case "public-only":
+		t.ResourceAllRepos = true
+		newScopeUnnormalized := fmt.Sprintf("%s,%s", scope, auth_model.AccessTokenScopePublicOnly)
+		newScope, err := auth_model.AccessTokenScope(newScopeUnnormalized).Normalize()
+		if err != nil {
+			ctx.ServerError("AccessTokenScope.Normalize", err)
+			return
+		}
+		t.Scope = newScope
+	case "repo-specific":
+		t.ResourceAllRepos = false
+		selectedRepos := getSelectedRepos(ctx, form.SelectedRepo)
+		if ctx.Written() {
+			return
+		}
+		for _, repo := range selectedRepos {
+			resourceRepos = append(resourceRepos, &auth_model.AccessTokenResourceRepo{RepoID: repo.ID})
+		}
 	}
 
 	exist, err := auth_model.AccessTokenByNameExists(ctx, t)
 	if err != nil {
 		ctx.ServerError("AccessTokenByNameExists", err)
 		return
-	}
-	if exist {
-		loadAccessTokenCreateData(ctx)
-		ctx.RenderWithErr(ctx.Tr("settings.generate_token_name_duplicate", t.Name), tplAccessTokenEdit, form)
+	} else if exist {
+		renderWithError(ctx.Tr("settings.generate_token_name_duplicate", t.Name))
 		return
 	}
 
-	if err := auth_model.NewAccessToken(ctx, t); err != nil {
+	if err := authz.ValidateAccessToken(t, resourceRepos); err != nil {
+		s := user.TranslateAccessTokenValidationError(ctx.Base, err)
+		if has, str := s.Get(); has {
+			renderWithError(template.HTML(template.HTMLEscapeString(str)))
+			return
+		}
+		ctx.ServerError("ValidateAccessToken", err)
+		return
+	}
+
+	err = db.WithTx(ctx, func(ctx stdCtx.Context) error {
+		if err := auth_model.NewAccessToken(ctx, t); err != nil {
+			return err
+		}
+		return auth_model.InsertAccessTokenResourceRepos(ctx, t.ID, resourceRepos)
+	})
+	if err != nil {
 		ctx.ServerError("NewAccessToken", err)
 		return
 	}
diff --git a/routers/web/user/setting/access_token_test.go b/routers/web/user/setting/access_token_test.go
new file mode 100644
index 0000000000..21d27a7992
--- /dev/null
+++ b/routers/web/user/setting/access_token_test.go
@@ -0,0 +1,159 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package setting
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"slices"
+	"testing"
+
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/templates"
+	"forgejo.org/modules/web"
+	"forgejo.org/services/context"
+	"forgejo.org/services/contexttest"
+	"forgejo.org/services/forms"
+
+	"code.forgejo.org/go-chi/binding"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAccessTokenCreate(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	ctx, resp := contexttest.MockContext(t, "user/settings/applications/tokens/new",
+		contexttest.MockContextOption{Render: templates.HTMLRenderer()})
+	contexttest.LoadUser(t, ctx, 2)
+
+	web.SetForm(ctx, &forms.NewAccessTokenGetForm{})
+	AccessTokenCreate(ctx)
+
+	assert.Equal(t, http.StatusOK, resp.Result().StatusCode)
+	assert.False(t, ctx.HasError(), "error: %s", ctx.GetErrMsg())
+
+	// check empty-form GET ctx.Data values
+	assert.Equal(t, "name", ctx.Data["Autofocus"])
+	assert.Len(t, ctx.Data["Repos"], 10)
+	assert.Empty(t, ctx.Data["SelectedRepos"])
+
+	// check that repo in the search is rendered in the content
+	assert.Contains(t, resp.Body.String(), "org17/big_test_private_4")
+}
+
+func TestAccessTokenCreatePost(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+
+	post := func(t *testing.T, form *forms.NewAccessTokenPostForm) (*context.Context, *httptest.ResponseRecorder) {
+		t.Helper()
+
+		ctx, resp := contexttest.MockContext(t, "user/settings/applications/tokens/new",
+			contexttest.MockContextOption{Render: templates.HTMLRenderer()})
+		contexttest.LoadUser(t, ctx, 2)
+
+		ctx.AppendContextValue(context.WebContextKey, ctx)
+		binding.Bind(ctx.Req.WithContext(ctx), form)
+		web.SetForm(ctx, form)
+		AccessTokenCreatePost(ctx)
+
+		return ctx, resp
+	}
+
+	render := func(t *testing.T, form *forms.NewAccessTokenPostForm) (*context.Context, string) {
+		t.Helper()
+		ctx, resp := post(t, form)
+		assert.Equal(t, http.StatusOK, resp.Result().StatusCode)
+		return ctx, resp.Body.String()
+	}
+
+	t.Run("retains form info on missing token name", func(t *testing.T) {
+		ctx, body := render(t, &forms.NewAccessTokenPostForm{
+			Name:         "", // absent
+			Resource:     "repo-specific",
+			Scope:        []string{"read:repository"},
+			SelectedRepo: []string{"org17/big_test_private_4"},
+		})
+		require.Contains(t, body, "settings.token_nameform.require_error")
+
+		assert.Equal(t, "repo-specific", ctx.Data["resource"])
+		assert.Contains(t, ctx.Data["scope"], "read:repository")
+		assert.True(t, slices.ContainsFunc(ctx.Data["SelectedRepos"].([]*repo_model.Repository), func(r *repo_model.Repository) bool {
+			return r.OwnerName == "org17" && r.Name == "big_test_private_4"
+		}), "SelectedRepos missing org17/big_test_private_4")
+	})
+
+	t.Run("retains form info on missing scopes", func(t *testing.T) {
+		ctx, body := render(t, &forms.NewAccessTokenPostForm{
+			Name:         "my new token",
+			Resource:     "repo-specific",
+			Scope:        []string{"", "", ""}, // absent
+			SelectedRepo: []string{"org17/big_test_private_4"},
+		})
+		require.Contains(t, body, "settings.at_least_one_permission")
+
+		assert.Equal(t, "my new token", ctx.Data["name"])
+		assert.Equal(t, "repo-specific", ctx.Data["resource"])
+		assert.True(t, slices.ContainsFunc(ctx.Data["SelectedRepos"].([]*repo_model.Repository), func(r *repo_model.Repository) bool {
+			return r.OwnerName == "org17" && r.Name == "big_test_private_4"
+		}), "SelectedRepos missing org17/big_test_private_4")
+	})
+
+	t.Run("retains form info on duplicate token name", func(t *testing.T) {
+		ctx, body := render(t, &forms.NewAccessTokenPostForm{
+			Name:         "Token A", // duplicate
+			Resource:     "repo-specific",
+			Scope:        []string{"read:repository"},
+			SelectedRepo: []string{"org17/big_test_private_4"},
+		})
+		require.Contains(t, body, "settings.generate_token_name_duplicate")
+
+		assert.Equal(t, "Token A", ctx.Data["name"])
+		assert.Equal(t, "repo-specific", ctx.Data["resource"])
+		assert.Contains(t, ctx.Data["scope"], "read:repository")
+		assert.True(t, slices.ContainsFunc(ctx.Data["SelectedRepos"].([]*repo_model.Repository), func(r *repo_model.Repository) bool {
+			return r.OwnerName == "org17" && r.Name == "big_test_private_4"
+		}), "SelectedRepos missing org17/big_test_private_4")
+	})
+
+	t.Run("retains form info on ValidateAccessToken error", func(t *testing.T) {
+		ctx, body := render(t, &forms.NewAccessTokenPostForm{
+			Name:         "my new token",
+			Resource:     "repo-specific",
+			Scope:        []string{"read:admin"}, // not permitted for repo-specific
+			SelectedRepo: []string{"org17/big_test_private_4"},
+		})
+		require.Contains(t, body, "access_token.error.specified_repos_and_invalid_scope")
+
+		assert.Equal(t, "my new token", ctx.Data["name"])
+		assert.Equal(t, "repo-specific", ctx.Data["resource"])
+		assert.Contains(t, ctx.Data["scope"], "read:admin")
+		assert.True(t, slices.ContainsFunc(ctx.Data["SelectedRepos"].([]*repo_model.Repository), func(r *repo_model.Repository) bool {
+			return r.OwnerName == "org17" && r.Name == "big_test_private_4"
+		}), "SelectedRepos missing org17/big_test_private_4")
+	})
+
+	t.Run("invalid repo selected", func(t *testing.T) {
+		_, resp := post(t, &forms.NewAccessTokenPostForm{
+			Name:         "my new token",
+			Resource:     "repo-specific",
+			Scope:        []string{"read:admin"}, // not permitted for repo-specific
+			SelectedRepo: []string{"org17/big_test_private_4000000_does_not_exist"},
+		})
+		assert.Equal(t, http.StatusBadRequest, resp.Result().StatusCode)
+		assert.Equal(t, "GetRepositoryByOwnerAndName\n", resp.Body.String())
+	})
+
+	t.Run("non-visible repo selected via IDOR", func(t *testing.T) {
+		_, resp := post(t, &forms.NewAccessTokenPostForm{
+			Name:         "my new token",
+			Resource:     "repo-specific",
+			Scope:        []string{"read:repository"},
+			SelectedRepo: []string{"user30/empty"}, // private repo, user2 has no visibility
+		})
+		assert.Equal(t, http.StatusBadRequest, resp.Result().StatusCode)
+		assert.Equal(t, "GetRepositoryByOwnerAndName\n", resp.Body.String()) // should be exact same response as "invalid repo selected" case
+	})
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index ac5474e7ed..7463bf3ea2 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -635,8 +635,8 @@ func registerRoutes(m *web.Route) {
 			// access token
 			m.Group("/tokens", func() {
 				m.Combo("/new").
-					Get(user_setting.AccessTokenCreate).
-					Post(web.Bind(forms.NewAccessTokenForm{}), user_setting.AccessTokenCreatePost)
+					Get(web.Bind(forms.NewAccessTokenGetForm{}), user_setting.AccessTokenCreate).
+					Post(web.Bind(forms.NewAccessTokenPostForm{}), user_setting.AccessTokenCreatePost)
 				m.Post("/delete", user_setting.DeleteAccessToken)
 				m.Post("/regenerate", user_setting.RegenerateAccessToken)
 			})
diff --git a/services/forms/user_form.go b/services/forms/user_form.go
index 1c6ba58058..971177fcd0 100644
--- a/services/forms/user_form.go
+++ b/services/forms/user_form.go
@@ -356,19 +356,44 @@ func (f *EditVariableForm) Validate(req *http.Request, errs binding.Errors) bind
 	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
 }
 
-// NewAccessTokenForm form for creating access token
-type NewAccessTokenForm struct {
-	Name  string `binding:"Required;MaxSize(255)" locale:"settings.token_name"`
-	Scope []string
+// NewAccessTokenGetForm form for creating access token.  Similar to NewAccessTokenPostForm, but contains some data that
+// is only part of the GET requests as the SelectedRepo field is built up interactively, and, it also removes the
+// Required binding to allow this to be used on a formless GET request without displaying an initial error.
+type NewAccessTokenGetForm struct {
+	Name         string `binding:"MaxSize(255)" locale:"settings.token_name"`
+	Resource     string // all, public-only, repo-specific
+	Scope        []string
+	SelectedRepo []string // slice of ownername/reponame
+
+	// Transient form values, not part of the final data for the access token form
+	RepoSearch         string
+	AddSelectedRepo    string // add a repo to SelectedRepo
+	RemoveSelectedRepo string // remove a repo from SelectedRepo
+	Page               int    // repo search page
+	SetPage            int    // repo search buttons
 }
 
 // Validate validates the fields
-func (f *NewAccessTokenForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
+func (f *NewAccessTokenGetForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
 	ctx := context.GetValidateContext(req)
 	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
 }
 
-func (f *NewAccessTokenForm) GetScope() (auth_model.AccessTokenScope, error) {
+// NewAccessTokenPostForm form for creating access token
+type NewAccessTokenPostForm struct {
+	Name         string `binding:"Required;MaxSize(255)" locale:"settings.token_name"`
+	Resource     string `binding:"Required" locale:"settings.repo_and_org_access"` // all, public-only, repo-specific
+	Scope        []string
+	SelectedRepo []string // slice of ownername/reponame
+}
+
+// Validate validates the fields
+func (f *NewAccessTokenPostForm) Validate(req *http.Request, errs binding.Errors) binding.Errors {
+	ctx := context.GetValidateContext(req)
+	return middleware.Validate(errs, ctx.Data, f, ctx.Locale)
+}
+
+func (f *NewAccessTokenPostForm) GetScope() (auth_model.AccessTokenScope, error) {
 	scope := strings.Join(f.Scope, ",")
 	s, err := auth_model.AccessTokenScope(scope).Normalize()
 	return s, err
diff --git a/services/forms/user_form_test.go b/services/forms/user_form_test.go
index 4ce63ab552..a52597184a 100644
--- a/services/forms/user_form_test.go
+++ b/services/forms/user_form_test.go
@@ -91,16 +91,16 @@ func TestRegisterForm_IsDomainAllowed_BlockedEmail(t *testing.T) {
 
 func TestNewAccessTokenForm_GetScope(t *testing.T) {
 	tests := []struct {
-		form        NewAccessTokenForm
+		form        NewAccessTokenPostForm
 		scope       auth_model.AccessTokenScope
 		expectedErr error
 	}{
 		{
-			form:  NewAccessTokenForm{Name: "test", Scope: []string{"read:repository"}},
+			form:  NewAccessTokenPostForm{Name: "test", Scope: []string{"read:repository"}},
 			scope: "read:repository",
 		},
 		{
-			form:  NewAccessTokenForm{Name: "test", Scope: []string{"read:repository", "write:user"}},
+			form:  NewAccessTokenPostForm{Name: "test", Scope: []string{"read:repository", "write:user"}},
 			scope: "read:repository,write:user",
 		},
 	}
diff --git a/templates/user/settings/access_token_edit.tmpl b/templates/user/settings/access_token_edit.tmpl
index c53fafeb1a..5caf42b3e7 100644
--- a/templates/user/settings/access_token_edit.tmpl
+++ b/templates/user/settings/access_token_edit.tmpl
@@ -1,63 +1,180 @@
 {{template "user/settings/layout_head" (dict "ctxData" . "pageClass" "user settings applications")}}
-	<div class="user-setting-content">
-		<h4 class="ui top attached header">
-			{{ctx.Locale.Tr "settings.manage_access_token"}}
-		</h4>
+<div class="user-setting-content">
+	<h4 class="ui top attached header">
+		{{ctx.Locale.Tr "settings.generate_new_token"}}
+	</h4>
 
-		<div class="ui attached bottom segment">
-			<form id="scoped-access-form" class="ui form" action="{{.Link}}" method="post">
-				<h5 class="ui top header">
-					{{ctx.Locale.Tr "settings.generate_new_token"}}
-				</h5>
-				<div class="required field {{if .Err_Name}}error{{end}}">
-					<label for="name">{{ctx.Locale.Tr "settings.token_name"}}</label>
-					<input id="name" name="name" value="{{.name}}" autofocus required maxlength="255">
-				</div>
-				<div class="field">
+	<div class="ui attached bottom segment">
+		<form id="scoped-access-form" class="ui form" action="{{.Link}}" method="post">
+			<div class="required field {{if .Err_Name}}error{{end}}">
+				<label for="name">{{ctx.Locale.Tr "settings.token_name"}}</label>
+				<input id="name" name="name" value="{{.name}}" {{if eq .Autofocus "name"}}autofocus{{end}} required maxlength="255">
+			</div>
+			<div class="field">
+				<fieldset>
 					<label>{{ctx.Locale.Tr "settings.repo_and_org_access"}}</label>
-					<label class="tw-cursor-pointer">
-						<input class="enable-system tw-mt-1 tw-mr-1" type="radio" name="scope" value="{{$.AccessTokenScopePublicOnly}}" {{if (SliceUtils.Contains .scope $.AccessTokenScopePublicOnly)}} checked {{end}}>
-						{{ctx.Locale.Tr "settings.permissions_public_only"}}
-					</label>
-					<label class="tw-cursor-pointer">
-						<input class="enable-system tw-mt-1 tw-mr-1" type="radio" name="scope" value="" {{if (not (SliceUtils.Contains .scope $.AccessTokenScopePublicOnly))}} checked {{end}}>
-						{{ctx.Locale.Tr "settings.permissions_access_all"}}
-					</label>
-				</div>
-				<div class="field">
-					<h5>
-						{{ctx.Locale.Tr "settings.select_permissions"}}
-					</h5>
-					<p class="activity meta">
-						<p>{{ctx.Locale.Tr "settings.access_token_desc" (printf "%s/api/swagger" AppSubUrl) "https://forgejo.org/docs/latest/user/token-scope/"}}</p>
-					</p>
-
-					{{range .Categories}}
-						<div class="field tw-pl-1 tw-pb-1 access-token-category">
-							<label class="category-label" for="access-token-scope-{{.}}">
-								{{.}}
-							</label>
-							<div class="gitea-select">
-								<select class="ui selection access-token-select" name="scope" id="access-token-scope-{{.}}">
-									<option value="">
-										{{ctx.Locale.Tr "settings.permission_no_access"}}
-									</option>
-									<option value="read:{{.}}" {{if (SliceUtils.Contains $.scope (printf "read:%s" .))}} selected {{end}}>
-										{{ctx.Locale.Tr "settings.permission_read"}}
-									</option>
-									<option value="write:{{.}}" {{if (SliceUtils.Contains $.scope (printf "write:%s" .))}} selected {{end}}>
-										{{ctx.Locale.Tr "settings.permission_write"}}
-									</option>
-								</select>
-							</div>
+					<div class="field">
+						<div class="field ui radio checkbox">
+							<input id="resource-all" class="enable-system" type="radio" name="resource" value="all" {{if eq .resource "all"}}checked{{end}}>
+							<label for="resource-all">{{ctx.Locale.Tr "settings.permissions_access_all"}}</label>
+							<p class="help">{{ctx.Locale.Tr "settings.access_token.resource_all_help"}}</p>
 						</div>
-					{{end}}
-				</div>
-				<button id="scoped-access-submit" class="ui primary button">
-					{{ctx.Locale.Tr "settings.generate_token"}}
-				</button>
-			</form>
-		</div>
+					</div>
+					<div class="field">
+						<div class="field ui radio checkbox">
+							<input id="resource-public-only" class="enable-system" type="radio" name="resource" value="public-only" {{if eq .resource "public-only"}}checked{{end}}>
+							<label for="resource-public-only">{{ctx.Locale.Tr "settings.permissions_public_only"}}</label>
+							<p class="help">
+								{{ctx.Locale.Tr "settings.access_token.resource_public_only_help"}}
+								{{if $.IsAdmin}}{{ctx.Locale.Tr "settings.access_token.admin_disabled"}}{{end}}
+							</p>
+						</div>
+					</div>
+					<div class="field">
+						<div class="field ui radio checkbox">
+							<input id="resource-repo-specific" class="enable-system" type="radio" name="resource" value="repo-specific" {{if eq .resource "repo-specific"}}checked{{end}}>
+							<label for="resource-repo-specific">{{ctx.Locale.Tr "settings.permissions_access_specific_repositories"}}</label>
+							<p class="help">
+								{{ctx.Locale.Tr "settings.access_token.resource_specific_repo_help"}}
+								{{if $.IsAdmin}}{{ctx.Locale.Tr "settings.access_token.admin_disabled"}}{{end}}
+							</p>
+						</div>
+					</div>
+				</fieldset>
+			</div>
+			<div id="repo-selector-wrapper" role="group" class="field tw-mt-4">
+				<div id="repo-selector" class="tw-flex tw-flex-wrap tw-gap-8">
 
+					<!-- left-hand side: repo list from a search -->
+					<div class="ui tab active list tw-flex-1">
+						<h5>
+							{{ctx.Locale.Tr "settings.access_token.available_repositories"}}
+						</h5>
+
+						<div class="ui small fluid action left icon input tw-mb-3">
+							<input type="search" name="repo_search" spellcheck="false" {{if eq .Autofocus "search"}}autofocus{{end}} placeholder="{{ctx.Locale.Tr "search.repo_kind"}}" value="{{.repo_search}}">
+							<i class="icon">{{svg "octicon-search" 16}}</i>
+							<button class="ui small icon button" aria-label="{{ctx.Locale.Tr "search.search"}}" type="submit" name="set_page" value="1" formnovalidate="true" formmethod="get">
+								{{svg "octicon-search" 16}}
+							</button>
+						</div>
+
+						{{if eq (len .Repos) 0}}
+							{{ctx.Locale.Tr "settings.access_token.no_repositories_found"}}
+						{{else}}
+							<div class="tw-grid tw-items-center" style="grid-template-columns: min-content 1fr min-content;">
+								{{range .Repos}}
+									{{template "user/settings/repo_icon" .}}
+									<div class="text truncate">
+										{{.FullName}}
+									</div>
+									<button class="ui primary button tw-ml-2 tw-my-1 tiny" type="submit" aria-label="{{ctx.Locale.Tr "repo.editor.add" .FullName}}" formnovalidate="true" name="add_selected_repo" value="{{.FullName}}" formmethod="get">
+										{{ctx.Locale.Tr "add"}}
+									</button>
+								{{end}}
+							</div>
+						{{end}}
+
+						{{/* Can't use base/paginate template include here because all the pagination links in
+						that template are simple <a href=...> links.  Here, we need to turn them into form
+						buttons so that we can submit the current form.  If a user just changed a value (eg. set
+						the token name, changed a selected permission) and then clicked a pagination button, the
+						new value that they changed needs to be submitted.  base/paginate would allow preserving
+						old values from before the change, but not new updates.  Implementing here also allows
+						the use of smaller styling. */}}
+						{{with .Page.Paginater}}
+							<input type="hidden" name="page" value="{{.Current}}">
+							<div class="center page buttons">
+								<div class="ui borderless pagination menu mini">
+									<button class="item navigation {{if .IsFirst}}disabled{{end}}" type="submit" formnovalidate="true" name="set_page" value="1" formmethod="get">
+										{{svg "gitea-double-chevron-left" 16 "tw-mr-1"}}
+										<span class="navigation_label">{{ctx.Locale.Tr "admin.first_page"}}</span>
+									</button>
+									<button class="item navigation {{if not .HasPrevious}}disabled{{end}}" type="submit" formnovalidate="true" name="set_page" value="{{.Previous}}" formmethod="get">
+										{{svg "octicon-chevron-left" 16 "tw-mr-1"}}
+										<span class="navigation_label">{{ctx.Locale.Tr "repo.issues.previous"}}</span>
+									</button>
+									{{range .Pages}}
+										{{if eq .Num -1}}
+											<a class="disabled item">...</a>
+										{{else}}
+											<button class="item navigation {{if .IsCurrent}}active{{end}}" type="submit" formnovalidate="true" name="set_page" value="{{.Num}}" formmethod="get">
+												{{.Num}}
+											</button>
+										{{end}}
+									{{end}}
+									<button class="item navigation {{if not .HasNext}}disabled{{end}}" type="submit" formnovalidate="true" name="set_page" value="{{.Next}}" formmethod="get">
+										<span class="navigation_label">{{ctx.Locale.Tr "repo.issues.next"}}</span>
+										{{svg "octicon-chevron-right" 16 "tw-ml-1"}}
+									</button>
+									<button class="item navigation {{if .IsLast}}disabled{{end}}" type="submit" formnovalidate="true" name="set_page" value="{{.TotalPages}}" formmethod="get">
+										<span class="navigation_label">{{ctx.Locale.Tr "admin.last_page"}}</span>
+										{{svg "gitea-double-chevron-right" 16 "tw-ml-1"}}
+									</button>
+								</div>
+							</div>
+						{{end}}
+					</div>
+
+					<!-- right-hand side: selected repositories -->
+					<div class="tw-flex-1">
+						<h5>{{ctx.Locale.TrPluralString (len .SelectedRepos) "settings.access_token.selected_repositories" (len .SelectedRepos)}}</h5>
+						{{if eq (len .SelectedRepos) 0}}
+							<div class="tw-my-2">
+								{{ctx.Locale.Tr "settings.access_token.no_repositories_selected"}}
+							</div>
+						{{else}}
+							<div class="tw-grid tw-items-center tw-auto-rows-min" style="grid-template-columns: min-content 1fr min-content;">
+								{{range .SelectedRepos}}
+									<input type="hidden" name="selected_repo" value="{{.FullName}}">
+									{{template "user/settings/repo_icon" .}}
+									<div class="text tw-text-nowrap"> <!-- nowrap, !truncate, ensures that this can be fully seen and ensures this side of the control has an appropriate min-width -->
+										{{.FullName}}
+									</div>
+									<button class="ui button tw-ml-2 tw-my-1 tiny" type="submit" aria-label="{{ctx.Locale.Tr "settings.access_token.remove" .FullName}}" formnovalidate="true" name="remove_selected_repo" value="{{.FullName}}" formmethod="get">
+										{{ctx.Locale.Tr "remove"}}
+									</button>
+								{{end}}
+							</div>
+						{{end}}
+					</div>
+
+				</div>
+			</div>
+			<div class="field">
+				<label>
+					{{ctx.Locale.Tr "settings.select_permissions"}}
+				</label>
+				<p class="activity meta">
+					<p>{{ctx.Locale.Tr "settings.access_token_desc" (printf "%s/api/swagger" AppSubUrl) "https://forgejo.org/docs/latest/user/token-scope/"}}</p>
+				</p>
+
+				{{range .Categories}}
+					<div class="field tw-pl-1 tw-pb-1 access-token-category">
+						<label class="category-label" for="access-token-scope-{{.}}">
+							{{.}}
+						</label>
+						<div class="gitea-select">
+							<select class="ui selection access-token-select" name="scope" id="access-token-scope-{{.}}">
+								<option value="">
+									{{ctx.Locale.Tr "settings.permission_no_access"}}
+								</option>
+								<option value="read:{{.}}" {{if (SliceUtils.Contains $.scope (printf "read:%s" .))}} selected {{end}}>
+									{{ctx.Locale.Tr "settings.permission_read"}}
+								</option>
+								<option value="write:{{.}}" {{if (SliceUtils.Contains $.scope (printf "write:%s" .))}} selected {{end}}>
+									{{ctx.Locale.Tr "settings.permission_write"}}
+								</option>
+							</select>
+						</div>
+					</div>
+				{{end}}
+			</div>
+			<button id="scoped-access-submit" class="ui primary button">
+				{{ctx.Locale.Tr "settings.generate_token"}}
+			</button>
+		</form>
 	</div>
+
+</div>
 {{template "user/settings/layout_footer" .}}
diff --git a/templates/user/settings/repo_icon.tmpl b/templates/user/settings/repo_icon.tmpl
new file mode 100644
index 0000000000..553ce57bd7
--- /dev/null
+++ b/templates/user/settings/repo_icon.tmpl
@@ -0,0 +1,9 @@
+{{$repoIcon := "octicon-repo"}}
+{{if .IsFork}}
+	{{$repoIcon = "octicon-repo-forked"}}
+{{else if .IsMirror}}
+	{{$repoIcon = "octicon-mirror"}}
+{{else if .IsPrivate}}
+	{{$repoIcon = "octicon-lock"}}
+{{end}}
+{{svg $repoIcon 16 "repo-list-icon tw-mr-2"}}
diff --git a/tests/e2e/user-settings.test.e2e.ts b/tests/e2e/user-settings.test.e2e.ts
index 9a6baefef5..1c52b5f9e1 100644
--- a/tests/e2e/user-settings.test.e2e.ts
+++ b/tests/e2e/user-settings.test.e2e.ts
@@ -141,8 +141,12 @@ test('User: Add access token', async ({browser}, workerInfo) => {
 
   const tokenName = globalThis.crypto.randomUUID();
   await page.locator('#name').fill(tokenName);
+  await page.getByRole('radio', {name: /^All /}).click();
   await page.locator('#scoped-access-submit').click();
 
+  await expect(page.locator('.ui.info.message.flash-info')).toBeVisible();
+  const flashText = await page.locator('.ui.info.message.flash-info').textContent();
+  expect(flashText?.trim()).toMatch(/^[0-9a-f]{40}$/);
   await page.getByText(tokenName).isVisible();
 });
 
@@ -161,7 +165,75 @@ test('User: Add access token validation error', async ({browser}, workerInfo) =>
   await page.getByRole('button', {name: 'Generate token'}).click();
 
   await page.getByText('has been used as an application name already.').isVisible();
-  // validate that selected options (public-only, activitypub) are still selected.
+  // validate that selected options (public-only, activitypub) are still selected after the validation error.
   await expect(page.getByRole('radio', {name: 'Public only'})).toBeChecked();
   await expect(page.getByRole('combobox', {name: 'activitypub'})).toHaveValue('read:activitypub');
 });
+
+test('User: Add specific repo access token', async ({browser}, workerInfo) => {
+  const page = await login({browser}, workerInfo);
+  await page.goto('/user/settings/applications');
+  await page.getByRole('link', {name: 'New access token'}).click();
+
+  const tokenName = globalThis.crypto.randomUUID();
+  await page.getByRole('textbox', {name: /^Token name/}).fill(tokenName);
+  await page.getByRole('combobox', {name: 'repository'}).selectOption('read:repository');
+
+  // clicking specific repositories will display currently available repositories:
+  await expect(page.getByText('org17/big_test_private_4')).toBeHidden();
+  await page.getByRole('radio', {name: 'Specific repositories'}).click();
+  await expect(page.getByText('org17/big_test_private_4')).toBeVisible();
+  await expect(page.getByText('user2/commits_search_test')).toBeVisible(); // another repo, will be used to verify search worked
+
+  await page.getByPlaceholder('Search repos…').fill('big_test_private_4');
+  await page.getByRole('button', {name: 'Search…'}).click();
+
+  // verify search results visible:
+  await expect(page.getByText('org17/big_test_private_4')).toBeVisible();
+  await expect(page.getByText('user2/commits_search_test')).toBeHidden();
+
+  // after performing a search, verify that the token name, 'selected repositories', and selected permissions are maintained
+  await expect(page.getByRole('textbox', {name: /^Token name/})).toHaveValue(tokenName);
+  await expect(page.getByRole('radio', {name: 'Specific repositories'})).toBeChecked();
+  await expect(page.getByRole('combobox', {name: 'repository'})).toHaveValue('read:repository');
+
+  // Add the big_test_private_4 repo.
+  await page.getByRole('button', {name: 'Add org17/big_test_private_4'}).click();
+  await expect(page.getByText('Selected repository (1)')).toBeVisible();
+  await expect(page.getByText('org17/big_test_private_4')).toBeVisible();
+
+  // Remove it to test remove, and then re-add
+  await page.getByRole('button', {name: 'Remove org17/big_test_private_4'}).click();
+  await expect(page.getByText('Selected repositories (0)')).toBeVisible();
+  await expect(page.getByText('org17/big_test_private_4')).toBeVisible();
+  await page.getByRole('button', {name: 'Add org17/big_test_private_4'}).click();
+
+  // Create the token and check for success.
+  await page.getByRole('button', {name: 'Generate token'}).click();
+  await expect(page.locator('.ui.info.message.flash-info')).toBeVisible();
+  const flashText = await page.locator('.ui.info.message.flash-info').textContent();
+  expect(flashText?.trim()).toMatch(/^[0-9a-f]{40}$/);
+  await page.getByText(tokenName).isVisible();
+});
+
+// Test that validation errors on the repo-specific access token page retain all the entered field values when the
+// error is displayed.
+test('User: Add specific repo access token error', async ({browser}, workerInfo) => {
+  const page = await login({browser}, workerInfo);
+  await page.goto('/user/settings/applications');
+  await page.getByRole('link', {name: 'New access token'}).click();
+
+  await page.getByRole('textbox', {name: /^Token name/}).fill('Token A');
+  await page.getByRole('combobox', {name: 'repository'}).selectOption('read:repository');
+  await page.getByRole('radio', {name: 'Specific repositories'}).click();
+  await page.getByRole('button', {name: 'Add org17/big_test_private_4'}).click();
+
+  // Create the token, verify error, then check all the fields for retained values.
+  await page.getByRole('button', {name: 'Generate token'}).click();
+  await page.getByText('has been used as an application name already.').isVisible();
+
+  await expect(page.getByRole('textbox', {name: /^Token name/})).toHaveValue('Token A');
+  await expect(page.getByRole('radio', {name: 'Specific repositories'})).toBeChecked();
+  await expect(page.getByRole('combobox', {name: 'repository'})).toHaveValue('read:repository');
+  await expect(page.getByRole('button', {name: 'Remove org17/big_test_private_4'})).toBeVisible();
+});
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index 464008e6e4..8657af839c 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -491,8 +491,18 @@ func createApplicationSettingsToken(t testing.TB, session *TestSession, name str
 
 	urlValues := url.Values{}
 	urlValues.Add("name", name)
+	publicOnly := false
 	for _, scope := range scopes {
-		urlValues.Add("scope", string(scope))
+		if scope == auth.AccessTokenScopePublicOnly {
+			publicOnly = true
+		} else {
+			urlValues.Add("scope", string(scope))
+		}
+	}
+	if publicOnly {
+		urlValues.Add("resource", "public-only")
+	} else {
+		urlValues.Add("resource", "all")
 	}
 	req := NewRequestWithURLValues(t, "POST", "/user/settings/applications/tokens/new", urlValues)
 	resp := session.MakeRequest(t, req, http.StatusSeeOther)
diff --git a/web_src/css/user.css b/web_src/css/user.css
index 6f58dceb66..71ac2b364b 100644
--- a/web_src/css/user.css
+++ b/web_src/css/user.css
@@ -141,3 +141,30 @@
 .notifications-item:hover .notifications-updated {
   display: none;
 }
+
+/* user's access token edit page; /user/settings/applications/tokens/new; custom CSS for repo selector visibility */
+
+/* #repo-selector-wrapper hides and shows the repository selection based upon the radio-button value, with an animation
+to hint the connection between the two to the user. */
+#repo-selector-wrapper {
+  display: grid;
+  grid-template-rows: 0fr;
+  transition: grid-template-rows 0.3s ease-out;
+}
+body:has(input[name="resource"][value="repo-specific"]:checked) #repo-selector-wrapper {
+  grid-template-rows: 1fr;
+  transition: grid-template-rows 0.3s ease-in;
+}
+
+/* Accessibility -- remove from the visibility tree when hidden so that it doesn't appear for screenreaders. Downside of
+this is that the contents of the selector disappear during the ease-in animation, but it's barely noticable.  The
+expansion animation is the important one anyway, as it associates the selector box with the selection just made for the
+user. */
+#repo-selector {
+  overflow: hidden; /* needed so that the grid-template-rows=0fr clips the selector out */
+  visibility: hidden;
+}
+
+body:has(input[name="resource"][value="repo-specific"]:checked) #repo-selector {
+  visibility: visible;
+}

From 5b83cb5508bcb0bba65aca1aa7c5ad2406052c65 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 23 Mar 2026 17:09:50 +0100
Subject: [PATCH 559/854] Update renovate Docker tag to v43.86.0 (forgejo)
 (#11781)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 4064ea8d85..61d5b22162 100644
--- a/Makefile
+++ b/Makefile
@@ -48,7 +48,7 @@ GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasour
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.43.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.76.2 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.86.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From b01278e534bcdc57bfa45b868cb45e15705016d6 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Tue, 24 Mar 2026 01:27:32 +0100
Subject: [PATCH 560/854] feat: show workflow name for scheduled runs (#11770)

Previously, a scheduled run would appear like a run triggered by a push. That could be confusing, especially if a scheduled run was unrelated to that particular commit. Now, either the workflow's name (taken from the field `name:`) is displayed or the path to workflow file, matching the behaviour of `workflow_dispatch`.

As a side-effect, the description of all run types were improved. They are no longer pieced together from individual translations. `workflow_dispatch` also no longer misattributes commits to the user that triggered the workflow.

Resolves https://codeberg.org/forgejo/forgejo/issues/11688.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11770
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 models/actions/run.go                         | 15 +++
 models/actions/run_test.go                    | 43 +++++++++
 modules/actions/workflows.go                  |  7 ++
 modules/actions/workflows_test.go             |  8 ++
 options/locale_next/locale_en-US.json         |  6 +-
 routers/web/repo/actions/view.go              | 18 +++-
 routers/web/repo/actions/view_test.go         |  3 +-
 services/actions/notifier_helper.go           |  7 +-
 templates/repo/actions/runs_list.tmpl         | 15 ++-
 tests/integration/actions_runs_list_test.go   | 30 +++++-
 tests/integration/actions_trigger_test.go     | 80 ++++++++++++++++
 tests/integration/actions_view_test.go        | 92 ++++++++++++++-----
 .../TestActionRunsList/action_run.yml         | 34 +++++++
 .../TestActionViewsView/action_run.yml        | 34 +++++++
 .../TestActionViewsView/action_run_job.yml    | 28 ++++++
 .../TestActionViewsView/action_task.yml       | 28 ++++++
 web_src/js/components/RepoActionView.vue      | 11 +--
 17 files changed, 407 insertions(+), 52 deletions(-)
 create mode 100644 tests/integration/fixtures/TestActionRunsList/action_run.yml
 create mode 100644 tests/integration/fixtures/TestActionViewsView/action_run.yml
 create mode 100644 tests/integration/fixtures/TestActionViewsView/action_run_job.yml
 create mode 100644 tests/integration/fixtures/TestActionViewsView/action_task.yml

diff --git a/models/actions/run.go b/models/actions/run.go
index 88e8908fed..6e01715f74 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -104,6 +104,13 @@ func (run *ActionRun) Link() string {
 	return fmt.Sprintf("%s/actions/runs/%d", run.Repo.Link(), run.Index)
 }
 
+func (run *ActionRun) CommitLink() string {
+	if run.Repo == nil {
+		return ""
+	}
+	return fmt.Sprintf("%s/commit/%s", run.Repo.Link(), run.CommitSHA)
+}
+
 // WorkflowPath returns the path in the git repo to the workflow file that this run was based on
 func (run *ActionRun) WorkflowPath() string {
 	if run.WorkflowDirectory == "" {
@@ -240,6 +247,14 @@ func (run *ActionRun) FindOuterWorkflowCall(ctx context.Context, innerCall *Acti
 	return nil, fmt.Errorf("no workflow call with ID %s found in run %d", parent, run.ID)
 }
 
+func (run *ActionRun) IsScheduledRun() bool {
+	return run.TriggerEvent == "schedule"
+}
+
+func (run *ActionRun) IsDispatchedRun() bool {
+	return run.TriggerEvent == "workflow_dispatch"
+}
+
 func actionsCountOpenCacheKey(repoID int64) string {
 	return fmt.Sprintf("Actions:CountOpenActionRuns:%d", repoID)
 }
diff --git a/models/actions/run_test.go b/models/actions/run_test.go
index 41703f91e1..541fb059cd 100644
--- a/models/actions/run_test.go
+++ b/models/actions/run_test.go
@@ -11,6 +11,8 @@ import (
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/cache"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
 
 	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
 	"github.com/stretchr/testify/assert"
@@ -53,6 +55,47 @@ func TestGetWorkflowPath(t *testing.T) {
 	assert.Equal(t, ".some/path/to/workflows/ci.yml", run.WorkflowPath())
 }
 
+func TestGetCommitLink(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	defer test.MockVariableValue(&setting.AppSubURL, "/sub")()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+	run := ActionRun{
+		Repo:      repo,
+		CommitSHA: "a356d1f1f82945a039cd16d4ce0137bd55284e77",
+	}
+	assert.Equal(t, "/sub/user2/repo1/commit/a356d1f1f82945a039cd16d4ce0137bd55284e77", run.CommitLink())
+}
+
+func TestIsScheduledRun(t *testing.T) {
+	scheduledRun := ActionRun{
+		CommitSHA:    "a356d1f1f82945a039cd16d4ce0137bd55284e77",
+		TriggerEvent: "schedule",
+	}
+	pushRun := ActionRun{
+		CommitSHA:    "8f9b5c6ab342eb11d7422deecef7195b18058b90",
+		TriggerEvent: "push",
+	}
+
+	assert.True(t, scheduledRun.IsScheduledRun())
+	assert.False(t, pushRun.IsScheduledRun())
+}
+
+func TestIsManualRun(t *testing.T) {
+	manualRunRun := ActionRun{
+		CommitSHA:    "a356d1f1f82945a039cd16d4ce0137bd55284e77",
+		TriggerEvent: "workflow_dispatch",
+	}
+	pushRun := ActionRun{
+		CommitSHA:    "8f9b5c6ab342eb11d7422deecef7195b18058b90",
+		TriggerEvent: "push",
+	}
+
+	assert.True(t, manualRunRun.IsDispatchedRun())
+	assert.False(t, pushRun.IsDispatchedRun())
+}
+
 func TestRepoNumOpenActions(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	err := cache.Init()
diff --git a/modules/actions/workflows.go b/modules/actions/workflows.go
index 6a7630548a..99c9446805 100644
--- a/modules/actions/workflows.go
+++ b/modules/actions/workflows.go
@@ -5,6 +5,7 @@ package actions
 
 import (
 	"bytes"
+	"fmt"
 	"io"
 	"strings"
 
@@ -30,6 +31,12 @@ type DetectedWorkflow struct {
 	NeedApproval        actions_model.ApprovalType
 }
 
+// GetWorkflowPath returns the full path to the workflow from the repository root, for example,
+// .forgejo/workflows/test.yaml.
+func (wf *DetectedWorkflow) GetWorkflowPath() string {
+	return fmt.Sprintf("%s/%s", wf.EntryDirectory, wf.EntryName)
+}
+
 func init() {
 	model.OnDecodeNodeError = func(node yaml.Node, out any, err error) {
 		// Log the error instead of panic or fatal.
diff --git a/modules/actions/workflows_test.go b/modules/actions/workflows_test.go
index b431989def..911d72a09a 100644
--- a/modules/actions/workflows_test.go
+++ b/modules/actions/workflows_test.go
@@ -19,6 +19,14 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+func TestDetectedWorkflowGetWorkflowPath(t *testing.T) {
+	buildWorkflow := DetectedWorkflow{EntryDirectory: ".github/workflows", EntryName: "build.yaml"}
+	testWorkflow := DetectedWorkflow{EntryDirectory: ".forgejo/workflows", EntryName: "test.yaml"}
+
+	assert.Equal(t, ".github/workflows/build.yaml", buildWorkflow.GetWorkflowPath())
+	assert.Equal(t, ".forgejo/workflows/test.yaml", testWorkflow.GetWorkflowPath())
+}
+
 func TestActionsWorkflowsDetectMatched(t *testing.T) {
 	testCases := []struct {
 		desc           string
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 67767b1985..59edecac03 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -513,9 +513,9 @@
 	"actions.runs.viewing_out_of_date_run": "You are viewing an out-of-date run of this job that was executed %[1]s.",
 	"actions.runs.view_most_recent_run": "View most recent run",
 	"actions.runs.all_workflows": "All workflows",
-	"actions.runs.commit": "Commit",
-	"actions.runs.scheduled": "Scheduled",
-	"actions.runs.pushed_by": "pushed by",
+	"actions.runs.scheduled_description": "Scheduled run of commit <a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "Run of commit <a href=\"%[1]s\">%[2]s</a> triggered by <a href=\"%[3]s\">%[4]s</a>",
+	"actions.runs.on_push_description": "Commit <a href=\"%[1]s\">%[2]s</a> pushed by <a href=\"%[3]s\">%[4]s</a>",
 	"actions.runs.workflow": "Workflow",
 	"actions.runs.invalid_workflow_helper": "Workflow config file is invalid. Please check your config file: %s",
 	"actions.runs.no_matching_online_runner.helper": "No matching online runner with label: %s",
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index 8deb733e16..c775de7ef5 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -173,6 +173,7 @@ type ViewRunInfo struct {
 	Title             string        `json:"title"`
 	TitleHTML         template.HTML `json:"titleHTML"`
 	Status            string        `json:"status"`
+	Description       string        `json:"description"`
 	CanCancel         bool          `json:"canCancel"`
 	CanApprove        bool          `json:"canApprove"` // the run needs an approval and the doer has permission to approve
 	CanRerun          bool          `json:"canRerun"`
@@ -203,8 +204,6 @@ type ViewJob struct {
 }
 
 type ViewCommit struct {
-	LocaleCommit   string     `json:"localeCommit"`
-	LocalePushedBy string     `json:"localePushedBy"`
 	LocaleWorkflow string     `json:"localeWorkflow"`
 	LocaleAllRuns  string     `json:"localeAllRuns"`
 	ShortSha       string     `json:"shortSHA"`
@@ -281,6 +280,18 @@ func getViewResponse(ctx *app_context.Context, req *ViewRequest, runIndex, jobIn
 
 	metas := ctx.Repo.Repository.ComposeMetas(ctx)
 
+	var runDescription string
+	if run.IsScheduledRun() {
+		runDescription = ctx.Locale.TrString("actions.runs.scheduled_description", run.CommitLink(),
+			base.ShortSha(run.CommitSHA))
+	} else if run.IsDispatchedRun() {
+		runDescription = ctx.Locale.TrString("actions.runs.workflow_dispatch_description", run.CommitLink(),
+			base.ShortSha(run.CommitSHA), run.TriggerUser.HomeLink(), run.TriggerUser.GetDisplayName())
+	} else {
+		runDescription = ctx.Locale.TrString("actions.runs.on_push_description", run.CommitLink(),
+			base.ShortSha(run.CommitSHA), run.TriggerUser.HomeLink(), run.TriggerUser.GetDisplayName())
+	}
+
 	resp.State.Run.Title = run.Title
 	resp.State.Run.TitleHTML = templates.RenderCommitMessage(ctx, run.Title, metas)
 	resp.State.Run.Link = run.Link()
@@ -290,6 +301,7 @@ func getViewResponse(ctx *app_context.Context, req *ViewRequest, runIndex, jobIn
 	resp.State.Run.Jobs = make([]*ViewJob, 0, len(jobs)) // marshal to '[]' instead of 'null' in json
 	resp.State.Run.Status = run.Status.String()
 	resp.State.Run.PreExecutionError = actions_model.TranslatePreExecutionError(ctx.Locale, run)
+	resp.State.Run.Description = runDescription
 
 	// It's possible for the run to be marked with a finalized status (eg. failure) because of a  single job within the
 	// run; eg. one job fails, the run fails. But other jobs can still be running. The frontend RepoActionView uses the
@@ -332,8 +344,6 @@ func getViewResponse(ctx *app_context.Context, req *ViewRequest, runIndex, jobIn
 	}
 
 	resp.State.Run.Commit = ViewCommit{
-		LocaleCommit:   ctx.Locale.TrString("actions.runs.commit"),
-		LocalePushedBy: ctx.Locale.TrString("actions.runs.pushed_by"),
 		LocaleWorkflow: ctx.Locale.TrString("actions.runs.workflow"),
 		LocaleAllRuns:  ctx.Locale.TrString("actions.runs.all_runs_link"),
 		ShortSha:       base.ShortSha(run.CommitSHA),
diff --git a/routers/web/repo/actions/view_test.go b/routers/web/repo/actions/view_test.go
index 06af165c5c..8d8e82a007 100644
--- a/routers/web/repo/actions/view_test.go
+++ b/routers/web/repo/actions/view_test.go
@@ -150,6 +150,7 @@ func baseExpectedViewResponse() *ViewResponse {
 				Title:             "update actions",
 				TitleHTML:         template.HTML("update actions"),
 				Status:            "success",
+				Description:       "actions.runs.on_push_description",
 				CanCancel:         false,
 				CanApprove:        false,
 				CanRerun:          false,
@@ -165,8 +166,6 @@ func baseExpectedViewResponse() *ViewResponse {
 					},
 				},
 				Commit: ViewCommit{
-					LocaleCommit:   "actions.runs.commit",
-					LocalePushedBy: "actions.runs.pushed_by",
 					LocaleWorkflow: "actions.runs.workflow",
 					LocaleAllRuns:  "actions.runs.all_runs_link",
 					ShortSha:       "c2d72f5484",
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index 184092e68e..c6af9b5b82 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -574,8 +574,13 @@ func handleSchedules(
 			continue
 		}
 
+		title := workflow.Name
+		if len(title) < 1 {
+			title = dwf.GetWorkflowPath()
+		}
+
 		run := &actions_model.ActionSchedule{
-			Title:             strings.SplitN(commit.CommitMessage, "\n", 2)[0],
+			Title:             title,
 			RepoID:            input.Repo.ID,
 			OwnerID:           input.Repo.OwnerID,
 			WorkflowID:        dwf.EntryName,
diff --git a/templates/repo/actions/runs_list.tmpl b/templates/repo/actions/runs_list.tmpl
index 3858ae0849..642851309a 100644
--- a/templates/repo/actions/runs_list.tmpl
+++ b/templates/repo/actions/runs_list.tmpl
@@ -16,14 +16,13 @@
 				</a>
 				<div class="flex-item-body">
 					<b>{{if not $.CurWorkflow}}{{.WorkflowID}} {{end}}#{{.Index}}</b> -
-					{{if .ScheduleID -}}
-						{{ctx.Locale.Tr "actions.runs.scheduled"}}
-					{{- else -}}
-						{{ctx.Locale.Tr "actions.runs.commit"}}
-						<a href="{{$.RepoLink}}/commit/{{.CommitSHA}}">{{ShortSha .CommitSHA}}</a>
-						{{ctx.Locale.Tr "actions.runs.pushed_by"}}
-						<a href="{{.TriggerUser.HomeLink}}">{{.TriggerUser.GetDisplayName}}</a>
-					{{- end -}}
+					{{if .IsScheduledRun -}}
+						{{ctx.Locale.Tr "actions.runs.scheduled_description" .CommitLink (ShortSha .CommitSHA)}}
+					{{else if .IsDispatchedRun -}}
+						{{ctx.Locale.Tr "actions.runs.workflow_dispatch_description" .CommitLink (ShortSha .CommitSHA) .TriggerUser.HomeLink .TriggerUser.GetDisplayName}}
+					{{else -}}
+						{{ctx.Locale.Tr "actions.runs.on_push_description" .CommitLink (ShortSha .CommitSHA) .TriggerUser.HomeLink .TriggerUser.GetDisplayName}}
+					{{end -}}
 				</div>
 			</div>
 			<div class="flex-item-trailing">
diff --git a/tests/integration/actions_runs_list_test.go b/tests/integration/actions_runs_list_test.go
index 790e19d71a..e8a33f1a38 100644
--- a/tests/integration/actions_runs_list_test.go
+++ b/tests/integration/actions_runs_list_test.go
@@ -5,14 +5,17 @@ package integration
 
 import (
 	"net/http"
+	"regexp"
 	"testing"
 
+	"forgejo.org/models/unittest"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
 )
 
 func TestActionRunsList(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionRunsList")()
 	defer tests.PrepareTestEnv(t)()
 
 	req := NewRequest(t, "GET", "/user5/repo4/actions")
@@ -20,7 +23,28 @@ func TestActionRunsList(t *testing.T) {
 
 	htmlDoc := NewHTMLParser(t, resp.Body)
 
-	runSubLine := htmlDoc.Find(".run-list .flex-item-body").Text()
-	assert.Contains(t, runSubLine, "Commit")
-	assert.NotContains(t, runSubLine, "-Commit")
+	runDescriptions := htmlDoc.Find(".run-list .flex-item-body")
+
+	allWhitespacePattern := regexp.MustCompile(`\s+`)
+
+	assert.Equal(t, 8, runDescriptions.Length())
+
+	assert.Contains(t, allWhitespacePattern.ReplaceAllString(runDescriptions.Eq(0).Text(), " "),
+		"dispatch.yaml #210 - Run of commit dc67f0a1a0 triggered by user29")
+	assert.Equal(t, "/user5/repo4/commit/dc67f0a1a0dc2417cd0b1a9f0b95e2e5d91876e9",
+		runDescriptions.Eq(0).Find("a").Eq(0).AttrOr("href", ""))
+	assert.Equal(t, "/user29",
+		runDescriptions.Eq(0).Find("a").Eq(1).AttrOr("href", ""))
+
+	assert.Contains(t, allWhitespacePattern.ReplaceAllString(runDescriptions.Eq(1).Text(), " "),
+		"scheduled.yaml #209 - Scheduled run of commit 64357baca8")
+	assert.Equal(t, "/user5/repo4/commit/64357baca84bfff631e7dfae5a3433b26d005646",
+		runDescriptions.Eq(1).Find("a").Eq(0).AttrOr("href", ""))
+
+	assert.Contains(t, allWhitespacePattern.ReplaceAllString(runDescriptions.Eq(2).Text(), " "),
+		"test.yaml #192 - Commit c2d72f5484 pushed by user1")
+	assert.Equal(t, "/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0",
+		runDescriptions.Eq(2).Find("a").Eq(0).AttrOr("href", ""))
+	assert.Equal(t, "/user1",
+		runDescriptions.Eq(2).Find("a").Eq(1).AttrOr("href", ""))
 }
diff --git a/tests/integration/actions_trigger_test.go b/tests/integration/actions_trigger_test.go
index 2b770c95a1..925434204c 100644
--- a/tests/integration/actions_trigger_test.go
+++ b/tests/integration/actions_trigger_test.go
@@ -1134,3 +1134,83 @@ func TestActionsWorkflowDispatchConcurrencyGroup(t *testing.T) {
 		assert.Equal(t, actions_model.StatusCancelled, firstRunReload.Status)
 	})
 }
+
+func TestActionsScheduledWorkflow(t *testing.T) {
+	testCases := []struct {
+		name                  string
+		workflowID            string
+		workflowDirectory     string
+		workflowContent       string
+		expectedWorkflowTitle string
+		expectedCronSpecs     []string
+	}{
+		{
+			name:              "GitHub",
+			workflowID:        "scheduled.yml",
+			workflowDirectory: ".github/workflows",
+			workflowContent: `
+on:
+  schedule:
+    - cron: "30 5,17 * * *"
+jobs:
+  test:
+    steps:
+      - run: echo OK
+`,
+			expectedWorkflowTitle: ".github/workflows/scheduled.yml",
+			expectedCronSpecs:     []string{"30 5,17 * * *"},
+		},
+		{
+			name:              "Gitea",
+			workflowID:        "test.yml",
+			workflowDirectory: ".gitea/workflows",
+			workflowContent: `
+name: My scheduled workflow
+on:
+  schedule:
+    - cron: "* * * * *"
+jobs:
+  test:
+    steps:
+      - run: echo OK
+`,
+			expectedWorkflowTitle: "My scheduled workflow",
+			expectedCronSpecs:     []string{"* * * * *"},
+		},
+	}
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		for _, testCase := range testCases {
+			t.Run(testCase.name, func(t *testing.T) {
+				user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+				// create the repo
+				repo, sha, f := tests.CreateDeclarativeRepo(t, user2, "repo-workflow-dispatch",
+					[]unit_model.Type{unit_model.TypeActions}, nil,
+					[]*files_service.ChangeRepoFile{
+						{
+							Operation:     "create",
+							TreePath:      fmt.Sprintf("%s/%s", testCase.workflowDirectory, testCase.workflowID),
+							ContentReader: strings.NewReader(testCase.workflowContent),
+						},
+					},
+				)
+				defer f()
+
+				schedules, err := db.Find[actions_model.ActionSchedule](t.Context(), actions_model.FindScheduleOptions{RepoID: repo.ID})
+				require.NoError(t, err)
+				require.Len(t, schedules, 1)
+
+				assert.Equal(t, testCase.expectedWorkflowTitle, schedules[0].Title)
+				assert.Equal(t, testCase.expectedCronSpecs, schedules[0].Specs)
+				assert.Equal(t, repo.ID, schedules[0].RepoID)
+				assert.Equal(t, repo.OwnerID, schedules[0].OwnerID)
+				assert.Equal(t, testCase.workflowID, schedules[0].WorkflowID)
+				assert.Equal(t, testCase.workflowDirectory, schedules[0].WorkflowDirectory)
+				assert.Equal(t, int64(-2), schedules[0].TriggerUserID)
+				assert.Equal(t, sha, schedules[0].CommitSHA)
+				assert.Equal(t, webhook_module.HookEventPush, schedules[0].Event)
+				assert.Equal(t, []byte(testCase.workflowContent), schedules[0].Content)
+			})
+		}
+	})
+}
diff --git a/tests/integration/actions_view_test.go b/tests/integration/actions_view_test.go
index 6314ce1e4f..5275198eff 100644
--- a/tests/integration/actions_view_test.go
+++ b/tests/integration/actions_view_test.go
@@ -9,6 +9,7 @@ import (
 	"net/http"
 	"net/url"
 	"regexp"
+	"strconv"
 	"strings"
 	"testing"
 
@@ -128,34 +129,77 @@ func TestActionViewsArtifactDownload(t *testing.T) {
 }
 
 func TestActionViewsView(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionViewsView")()
 	defer tests.PrepareTestEnv(t)()
 
-	req := NewRequest(t, "GET", "/user5/repo4/actions/runs/187")
-	intermediateRedirect := MakeRequest(t, req, http.StatusTemporaryRedirect)
+	testCases := []struct {
+		name              string
+		url               string
+		runIndex          int64
+		jobIndex          int64
+		attempt           int64
+		expectedJSON      string
+		expectedArtifacts string
+	}{
+		{
+			name:              "push",
+			url:               "/user5/repo4/actions/runs/187",
+			runIndex:          187,
+			jobIndex:          0,
+			attempt:           1,
+			expectedJSON:      "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/187\",\"title\":\"update actions\",\"titleHTML\":\"update actions\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"description\":\"Commit <a href=\\\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\\\">c2d72f5484</a> pushed by <a href=\\\"/user1\\\">user1</a>\",\"done\":true,\"jobs\":[{\"id\":192,\"name\":\"job_2\",\"status\":\"success\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Success\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"success\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"success\"}],\"allAttempts\":[{\"number\":3,\"time_since_started_html\":\"_time_\",\"status\":\"running\",\"status_diagnostics\":[\"Running\"]},{\"number\":2,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]},{\"number\":1,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]}]}},\"logs\":{\"stepsLog\":[]}}\n",
+			expectedArtifacts: "{\"artifacts\":[{\"name\":\"multi-file-download\",\"size\":2048,\"status\":\"completed\"}]}\n",
+		},
+		{
+			name:              "scheduled",
+			url:               "/user5/repo4/actions/runs/209",
+			runIndex:          209,
+			jobIndex:          0,
+			attempt:           1,
+			expectedJSON:      "{\"state\":{\"run\":{\"link\":\"/user5/repo4/actions/runs/209\",\"title\":\"A scheduled workflow\",\"titleHTML\":\"A scheduled workflow\",\"status\":\"waiting\",\"description\":\"Scheduled run of commit \\u003ca href=\\\"/user5/repo4/commit/64357baca84bfff631e7dfae5a3433b26d005646\\\"\\u003e64357baca8\\u003c/a\\u003e\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":false,\"jobs\":[{\"id\":2153,\"name\":\"job_2\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"64357baca8\",\"link\":\"/user5/repo4/commit/64357baca84bfff631e7dfae5a3433b26d005646\",\"pusher\":{\"displayName\":\"forgejo-actions\",\"link\":\"/forgejo-actions\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}},\"preExecutionError\":\"\"},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Waiting for a runner with the following labels: debian, gpu\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"success\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"success\"}],\"allAttempts\":[{\"number\":1,\"time_since_started_html\":\"-\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]}]}},\"logs\":{\"stepsLog\":[]}}\n",
+			expectedArtifacts: "{\"artifacts\":[]}\n",
+		},
+		{
+			name:              "workflow_dispatch",
+			url:               "/user5/repo4/actions/runs/210",
+			runIndex:          210,
+			jobIndex:          0,
+			attempt:           1,
+			expectedJSON:      "{\"state\":{\"run\":{\"link\":\"/user5/repo4/actions/runs/210\",\"title\":\"A triggered run\",\"titleHTML\":\"A triggered run\",\"status\":\"waiting\",\"description\":\"Run of commit \\u003ca href=\\\"/user5/repo4/commit/f4100ac14112a3740490afb22b07b69b0b5d4e8b\\\"\\u003ef4100ac141\\u003c/a\\u003e triggered by \\u003ca href=\\\"/user29\\\"\\u003euser29\\u003c/a\\u003e\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":false,\"jobs\":[{\"id\":2154,\"name\":\"mirror\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"f4100ac141\",\"link\":\"/user5/repo4/commit/f4100ac14112a3740490afb22b07b69b0b5d4e8b\",\"pusher\":{\"displayName\":\"user29\",\"link\":\"/user29\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}},\"preExecutionError\":\"\"},\"currentJob\":{\"title\":\"mirror\",\"details\":[\"Waiting for a runner with the following label: windows\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"running\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"waiting\"}],\"allAttempts\":[{\"number\":1,\"time_since_started_html\":\"-\",\"status\":\"waiting\",\"status_diagnostics\":[\"Waiting for a runner with the following label: windows\"]}]}},\"logs\":{\"stepsLog\":[]}}\n",
+			expectedArtifacts: "{\"artifacts\":[]}\n",
+		},
+	}
 
-	finalURL := intermediateRedirect.Result().Header.Get("Location")
-	req = NewRequest(t, "GET", finalURL)
-	resp := MakeRequest(t, req, http.StatusOK)
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			req := NewRequest(t, "GET", testCase.url)
+			intermediateRedirect := MakeRequest(t, req, http.StatusTemporaryRedirect)
 
-	htmlDoc := NewHTMLParser(t, resp.Body)
-	selector := "#repo-action-view"
-	// Verify key properties going into the `repo-action-view` to initialize the Vue component.
-	htmlDoc.AssertAttrEqual(t, selector, "data-run-index", "187")
-	htmlDoc.AssertAttrEqual(t, selector, "data-job-index", "0")
-	htmlDoc.AssertAttrEqual(t, selector, "data-attempt-number", "1")
-	htmlDoc.AssertAttrPredicate(t, selector, "data-initial-post-response", func(actual string) bool {
-		// Remove dynamic "duration" fields for comparison.
-		pattern := `"duration":"[^"]*"`
-		re := regexp.MustCompile(pattern)
-		actualClean := re.ReplaceAllString(actual, `"duration":"_duration_"`)
-		// Remove "time_since_started_html" fields for comparison since they're TZ-sensitive in the test
-		pattern = `"time_since_started_html":".*?\\u003c/relative-time\\u003e"`
-		re = regexp.MustCompile(pattern)
-		actualClean = re.ReplaceAllString(actualClean, `"time_since_started_html":"_time_"`)
+			finalURL := intermediateRedirect.Result().Header.Get("Location")
+			req = NewRequest(t, "GET", finalURL)
+			resp := MakeRequest(t, req, http.StatusOK)
 
-		return assert.JSONEq(t, "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/187\",\"title\":\"update actions\",\"titleHTML\":\"update actions\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":true,\"jobs\":[{\"id\":192,\"name\":\"job_2\",\"status\":\"success\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeCommit\":\"Commit\",\"localePushedBy\":\"pushed by\",\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Success\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"success\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"success\"}],\"allAttempts\":[{\"number\":3,\"time_since_started_html\":\"_time_\",\"status\":\"running\",\"status_diagnostics\":[\"Running\"]},{\"number\":2,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]},{\"number\":1,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]}]}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
-	})
-	htmlDoc.AssertAttrEqual(t, selector, "data-initial-artifacts-response", "{\"artifacts\":[{\"name\":\"multi-file-download\",\"size\":2048,\"status\":\"completed\"}]}\n")
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			selector := "#repo-action-view"
+			// Verify key properties going into the `repo-action-view` to initialize the Vue component.
+			htmlDoc.AssertAttrEqual(t, selector, "data-run-index", strconv.FormatInt(testCase.runIndex, 10))
+			htmlDoc.AssertAttrEqual(t, selector, "data-job-index", strconv.FormatInt(testCase.jobIndex, 10))
+			htmlDoc.AssertAttrEqual(t, selector, "data-attempt-number", strconv.FormatInt(testCase.attempt, 10))
+			htmlDoc.AssertAttrPredicate(t, selector, "data-initial-post-response", func(actual string) bool {
+				// Remove dynamic "duration" fields for comparison.
+				pattern := `"duration":"[^"]*"`
+				re := regexp.MustCompile(pattern)
+				actualClean := re.ReplaceAllString(actual, `"duration":"_duration_"`)
+				// Remove "time_since_started_html" fields for comparison since they're TZ-sensitive in the test
+				pattern = `"time_since_started_html":".*?\\u003c/relative-time\\u003e"`
+				re = regexp.MustCompile(pattern)
+				actualClean = re.ReplaceAllString(actualClean, `"time_since_started_html":"_time_"`)
+
+				return assert.JSONEq(t, testCase.expectedJSON, actualClean)
+			})
+			htmlDoc.AssertAttrEqual(t, selector, "data-initial-artifacts-response", testCase.expectedArtifacts)
+		})
+	}
 }
 
 // Action re-run will redirect the user to an attempt that may not exist in the database yet, since attempts are only
@@ -185,7 +229,7 @@ func TestActionViewsViewAttemptOutOfRange(t *testing.T) {
 		re = regexp.MustCompile(pattern)
 		actualClean = re.ReplaceAllString(actualClean, `"time_since_started_html":"_time_"`)
 
-		return assert.JSONEq(t, "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/190\",\"title\":\"job output\",\"titleHTML\":\"job output\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":false,\"jobs\":[{\"id\":396,\"name\":\"job_2\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeCommit\":\"Commit\",\"localePushedBy\":\"pushed by\",\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"test\",\"link\":\"/user5/repo4/src/branch/test\",\"isDeleted\":true}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Waiting for a runner with the following label: fedora\"],\"steps\":[],\"allAttempts\":null}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
+		return assert.JSONEq(t, "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/190\",\"title\":\"job output\",\"titleHTML\":\"job output\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"description\":\"Commit <a href=\\\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\\\">c2d72f5484</a> pushed by <a href=\\\"/user1\\\">user1</a>\",\"done\":false,\"jobs\":[{\"id\":396,\"name\":\"job_2\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"test\",\"link\":\"/user5/repo4/src/branch/test\",\"isDeleted\":true}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Waiting for a runner with the following label: fedora\"],\"steps\":[],\"allAttempts\":null}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
 	})
 	htmlDoc.AssertAttrEqual(t, selector, "data-initial-artifacts-response", "{\"artifacts\":[]}\n")
 }
diff --git a/tests/integration/fixtures/TestActionRunsList/action_run.yml b/tests/integration/fixtures/TestActionRunsList/action_run.yml
new file mode 100644
index 0000000000..096d458672
--- /dev/null
+++ b/tests/integration/fixtures/TestActionRunsList/action_run.yml
@@ -0,0 +1,34 @@
+- id: 1000
+  title: "A scheduled workflow"
+  repo_id: 4
+  owner_id: 5
+  workflow_id: "scheduled.yaml"
+  index: 209
+  trigger_user_id: -2
+  ref: "refs/heads/main"
+  commit_sha: "64357baca84bfff631e7dfae5a3433b26d005646"
+  trigger_event: "schedule"
+  is_fork_pull_request: false
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: false
+  approved_by: 0
+- id: 1001
+  title: "Running workflow_dispatch"
+  repo_id: 4
+  owner_id: 5
+  workflow_id: "dispatch.yaml"
+  index: 210
+  trigger_user_id: 29
+  ref: "refs/heads/main"
+  commit_sha: "dc67f0a1a0dc2417cd0b1a9f0b95e2e5d91876e9"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: false
+  status: 6 # running
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: false
+  approved_by: 0
diff --git a/tests/integration/fixtures/TestActionViewsView/action_run.yml b/tests/integration/fixtures/TestActionViewsView/action_run.yml
new file mode 100644
index 0000000000..14cfa86468
--- /dev/null
+++ b/tests/integration/fixtures/TestActionViewsView/action_run.yml
@@ -0,0 +1,34 @@
+- id: 1000
+  title: "A scheduled workflow"
+  repo_id: 4
+  owner_id: 5
+  workflow_id: "scheduled.yaml"
+  index: 209
+  trigger_user_id: -2
+  ref: "refs/heads/master"
+  commit_sha: "64357baca84bfff631e7dfae5a3433b26d005646"
+  trigger_event: "schedule"
+  is_fork_pull_request: false
+  status: 5 # waiting
+  started: 0
+  created: 1683636108
+  updated: 0
+  need_approval: false
+  approved_by: 0
+- id: 1001
+  title: "A triggered run"
+  repo_id: 4
+  owner_id: 5
+  workflow_id: "dispatch.yaml"
+  index: 210
+  trigger_user_id: 29
+  ref: "refs/heads/master"
+  commit_sha: "f4100ac14112a3740490afb22b07b69b0b5d4e8b"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: false
+  status: 5 # waiting
+  started: 0
+  created: 1683636108
+  updated: 0
+  need_approval: false
+  approved_by: 0
diff --git a/tests/integration/fixtures/TestActionViewsView/action_run_job.yml b/tests/integration/fixtures/TestActionViewsView/action_run_job.yml
new file mode 100644
index 0000000000..be79240519
--- /dev/null
+++ b/tests/integration/fixtures/TestActionViewsView/action_run_job.yml
@@ -0,0 +1,28 @@
+- id: 2153
+  run_id: 1000
+  repo_id: 4
+  owner_id: 5
+  commit_sha: 64357baca84bfff631e7dfae5a3433b26d005646
+  is_fork_pull_request: false
+  name: job_2
+  attempt: 1
+  runs_on: ["debian", "gpu"]
+  job_id: job_2
+  task_id: 8753
+  status: 5 # StatusWaiting
+  started: 0
+  stopped: 0
+- id: 2154
+  run_id: 1001
+  repo_id: 4
+  owner_id: 5
+  runs_on: ["windows"]
+  commit_sha: f4100ac14112a3740490afb22b07b69b0b5d4e8b
+  is_fork_pull_request: false
+  name: mirror
+  attempt: 1
+  job_id: mirror
+  task_id: 8754
+  status: 5 # StatusWaiting
+  started: 0
+  stopped: 0
\ No newline at end of file
diff --git a/tests/integration/fixtures/TestActionViewsView/action_task.yml b/tests/integration/fixtures/TestActionViewsView/action_task.yml
new file mode 100644
index 0000000000..b139270a2b
--- /dev/null
+++ b/tests/integration/fixtures/TestActionViewsView/action_task.yml
@@ -0,0 +1,28 @@
+- id: 8753
+  job_id: 2153
+  attempt: 1
+  runner_id: 0
+  status: 1 # Waiting
+  started: 0
+  stopped: 0
+  repo_id: 4
+  owner_id: 5
+  commit_sha: 64357baca84bfff631e7dfae5a3433b26d005646
+  is_fork_pull_request: false
+  token_hash: 5fd2714302a06027c0184dbaa697dd1bea7ec80823b673aac8e378dbabdb3f4156bfad6995a8701ec18c187483db7253110e
+  token_salt: ffffffffff
+  token_last_eight: ffffffff
+- id: 8754
+  job_id: 2154
+  attempt: 1
+  runner_id: 0
+  status: 5 # Waiting
+  started: 0
+  stopped: 0
+  repo_id: 4
+  owner_id: 5
+  commit_sha: f4100ac14112a3740490afb22b07b69b0b5d4e8b
+  is_fork_pull_request: false
+  token_hash: 9c104fe0db29aa6d737001707e1de2201fdfefb6d2316ec4fb38c44a1820a5948af2f9e1cb5e58ab95cc8fbe589fd4e82f95
+  token_salt: ffffffffff
+  token_last_eight: ffffffff
diff --git a/web_src/js/components/RepoActionView.vue b/web_src/js/components/RepoActionView.vue
index 3b44cee907..e42ae52fe7 100644
--- a/web_src/js/components/RepoActionView.vue
+++ b/web_src/js/components/RepoActionView.vue
@@ -82,6 +82,7 @@ export default {
         title: '',
         titleHTML: '',
         status: '',
+        description: '',
         canCancel: false,
         canApprove: false,
         canRerun: false,
@@ -97,8 +98,6 @@ export default {
           // },
         ],
         commit: {
-          localeCommit: '',
-          localePushedBy: '',
           localeWorkflow: '',
           localeAllRuns: '',
           shortSHA: '',
@@ -482,10 +481,8 @@ export default {
         </div>
       </div>
       <div class="action-summary">
-        {{ run.commit.localeCommit }}
-        <a class="muted" :href="run.commit.link">{{ run.commit.shortSHA }}</a>
-        {{ run.commit.localePushedBy }}
-        <a class="muted" :href="run.commit.pusher.link">{{ run.commit.pusher.displayName }}</a>
+        <!-- eslint-disable-next-line vue/no-v-html -->
+        <span v-html="run.description"/>
         <span class="ui label tw-max-w-full" v-if="run.commit.shortSHA">
           <span v-if="run.commit.branch.isDeleted" class="gt-ellipsis tw-line-through" :data-tooltip-content="run.commit.branch.name">{{ run.commit.branch.name }}</span>
           <a v-else class="gt-ellipsis" :href="run.commit.branch.link" :data-tooltip-content="run.commit.branch.name">{{ run.commit.branch.name }}</a>
@@ -493,7 +490,7 @@ export default {
       </div>
       <div class="action-summary">
         {{ run.commit.localeWorkflow }}
-        <a class="muted" :href="workflowSourceURL">{{ workflowName }}</a> <span>(<a class="muted" :href="workflowURL">{{ run.commit.localeAllRuns }}</a>)</span>
+        <a :href="workflowSourceURL">{{ workflowName }}</a> <span>(<a :href="workflowURL">{{ run.commit.localeAllRuns }}</a>)</span>
       </div>
       <div class="ui error message pre-execution-error" v-if="run.preExecutionError">
         <div class="header">

From 0a8540f52f7b8e4664393addc94f25be5383fdbb Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Mar 2026 16:33:16 +0100
Subject: [PATCH 561/854] chore: link to AI Agreement in PR template (#11789)

Adds a sentence to the PR template calling attention to the AI Agreement, as noted recently in https://codeberg.org/forgejo/forgejo/pulls/11756#issuecomment-11959350.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11789
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .forgejo/pull_request_template.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/pull_request_template.md b/.forgejo/pull_request_template.md
index 44c28e333e..cfdb8a5336 100644
--- a/.forgejo/pull_request_template.md
+++ b/.forgejo/pull_request_template.md
@@ -10,7 +10,7 @@ labels:
 
 ## Checklist
 
-The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
+The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
 
 ### Tests for Go changes
 

From 5365720abc0c4f718ca6bb769d8d47e7579d0bff Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 24 Mar 2026 21:57:38 +0100
Subject: [PATCH 562/854] ci: update tests to run debian trixie, remove manual
 installation from `testing` (#11801)

Forgejo CI is currently failing due to changes in debian testing packaging that are not compatible with installing `git` from testing onto a bookworm system (https://codeberg.org/forgejo/forgejo/actions/runs/147815/jobs/2/attempt/1#jobstep-3-144).

Where `git` was being installed from testing it is replaced with just using trixie's `git 2.47.3`.  Where `git-lfs` was being installed, it's been inlined with a simple `update` and `install`.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11801
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .forgejo/workflows/testing-integration.yml | 14 +++----
 .forgejo/workflows/testing.yml             | 48 +++++++++-------------
 2 files changed, 27 insertions(+), 35 deletions(-)

diff --git a/.forgejo/workflows/testing-integration.yml b/.forgejo/workflows/testing-integration.yml
index 85351af08c..11d20e2ab0 100644
--- a/.forgejo/workflows/testing-integration.yml
+++ b/.forgejo/workflows/testing-integration.yml
@@ -31,7 +31,7 @@ jobs:
     if: vars.ROLE == 'forgejo-integration'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
@@ -50,7 +50,7 @@ jobs:
     if: vars.ROLE == 'forgejo-integration'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
@@ -75,7 +75,7 @@ jobs:
       matrix:
         version: ['10.6', '11.8']
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     services:
       mysql:
@@ -87,10 +87,10 @@ jobs:
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install dependencies & git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
-        with:
-          packages: git git-lfs
+      - name: install dependencies
+        run: apt-get update -qq && apt-get -q install -qq -y git-lfs
+        env:
+          DEBIAN_FRONTEND: noninteractive
       - uses: ./.forgejo/workflows-composite/build-backend
       - run: |
           su forgejo -c 'make test-mysql-migration test-mysql'
diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
index fe6500d469..06ef5eb131 100644
--- a/.forgejo/workflows/testing.yml
+++ b/.forgejo/workflows/testing.yml
@@ -14,7 +14,7 @@ jobs:
     if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - name: event info
@@ -33,7 +33,7 @@ jobs:
     if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
     runs-on: docker
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
@@ -68,7 +68,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     services:
       elasticsearch:
@@ -88,10 +88,6 @@ jobs:
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
-        with:
-          packages: git
       - name: test release-notes-assistant.sh
         run: |
           apt-get -q install -qq -y jq
@@ -158,7 +154,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks, test-unit]
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     name: ${{ format('test-remote-cacher ({0})', matrix.cacher.name) }}
     strategy:
@@ -185,10 +181,6 @@ jobs:
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
-        with:
-          packages: git
       - uses: ./.forgejo/workflows-composite/build-backend
       - run: |
           su forgejo -c 'make test-remote-cacher test-check'
@@ -202,7 +194,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     services:
       mysql:
@@ -218,10 +210,10 @@ jobs:
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install dependencies & git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
-        with:
-          packages: git git-lfs
+      - name: install dependencies
+        run: apt-get update -qq && apt-get -q install -qq -y git-lfs
+        env:
+          DEBIAN_FRONTEND: noninteractive
       - uses: ./.forgejo/workflows-composite/build-backend
       - run: |
           su forgejo -c 'make test-mysql-migration test-mysql'
@@ -233,7 +225,7 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     services:
       minio:
@@ -256,10 +248,10 @@ jobs:
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install dependencies & git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
-        with:
-          packages: git git-lfs
+      - name: install dependencies
+        run: apt-get update -qq && apt-get -q install -qq -y git-lfs
+        env:
+          DEBIAN_FRONTEND: noninteractive
       - uses: ./.forgejo/workflows-composite/build-backend
       - run: |
           su forgejo -c 'make test-pgsql-migration test-pgsql'
@@ -273,15 +265,15 @@ jobs:
     runs-on: docker
     needs: [backend-checks, frontend-checks]
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6
       - uses: ./.forgejo/workflows-composite/setup-env
-      - name: install dependencies & git >= 2.42
-        uses: ./.forgejo/workflows-composite/apt-install-from
-        with:
-          packages: git git-lfs
+      - name: install dependencies
+        run: apt-get update -qq && apt-get -q install -qq -y git-lfs
+        env:
+          DEBIAN_FRONTEND: noninteractive
       - uses: ./.forgejo/workflows-composite/build-backend
       - run: |
           su forgejo -c 'make test-sqlite-migration test-sqlite'
@@ -301,7 +293,7 @@ jobs:
       - test-remote-cacher
       - test-unit
     container:
-      image: 'data.forgejo.org/oci/node:24-bookworm'
+      image: 'data.forgejo.org/oci/node:24-trixie'
       options: --tmpfs /tmp:exec,noatime
     steps:
       - uses: https://data.forgejo.org/actions/checkout@v6

From 3932389bcc4eb825e4616dab4f1374b4c0c2daa5 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 25 Mar 2026 01:00:50 +0100
Subject: [PATCH 563/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.7.3 (forgejo) (#11804)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.7.2` → `v12.7.3` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.7.3?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.7.2/v12.7.3?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.7.3`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.7.3)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.7.2...v12.7.3)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1436): <!--number 1436 --><!--line 0 --><!--description ZmVhdDogc2V0IGEgY3VzdG9tIHVzZXItYWdlbnQgaGVhZGVyIGZvciBhbGwgZ1JQQyByZXF1ZXN0cw==-->feat: set a custom user-agent header for all gRPC requests<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1448): <!--number 1448 --><!--line 0 --><!--description Zml4OiByZXBsYWNlIGBsb2dnZXIuUGFuaWNmYCB3aXRoIHBhbmljcyB0aGF0IGhhdmUgYSB1c2VmdWwgZXJyb3IgbWVzc2FnZQ==-->fix: replace `logger.Panicf` with panics that have a useful error message<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1445): <!--number 1445 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMTEuNA==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.11.4<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1439): <!--number 1439 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9mb3JnZWpvIERvY2tlciB0YWcgdG8gdjExLjAuMTE=-->Update data.forgejo.org/forgejo/forgejo Docker tag to v11.0.11<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1440): <!--number 1440 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9ydW5uZXIgRG9ja2VyIHRhZyB0byB2MTIuNy4y-->Update data.forgejo.org/forgejo/runner Docker tag to v12.7.2<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1431): <!--number 1431 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMTEuMw==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.11.3<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1434): <!--number 1434 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9ydW5uZXIgdG8gdjEyLjcuMg==-->Update dependency forgejo/runner to v12.7.2<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1435): <!--number 1435 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvdGVybSB0byB2MC40MS4w-->Update module golang.org/x/term to v0.41.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1433): <!--number 1433 --><!--line 0 --><!--description Rml4IGlzc3VlcyB3aXRoIHRlc3RzIG9uIFdpbmRvd3M=-->Fix issues with tests on Windows<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1437): <!--number 1437 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuOA==-->Update <https://data.forgejo.org/actions/setup-forgejo> action to v3.1.8<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1432): <!--number 1432 --><!--line 0 --><!--description dGVzdDogYWRkIHRlc3QgZm9yIGNvbW1hbmQgb25lLWpvYg==-->test: add test for command one-job<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuODYuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11804
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index cfc57fa128..87779d7aa4 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.7.2
+	code.forgejo.org/forgejo/runner/v12 v12.7.3
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index 806a039ba3..c199dc4e9f 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.7.2 h1:S+r+brf6oo7X2VM/ztypSK/L8JT96RTZi+MbkhrcvcY=
-code.forgejo.org/forgejo/runner/v12 v12.7.2/go.mod h1:qwF/qaXUGhwQzFccS4N7NIQNI5P+3+erlDR9xJJomK8=
+code.forgejo.org/forgejo/runner/v12 v12.7.3 h1:+thSawVfLeAZaWB6sYeUPvLj4lxYjCIDt/ktvkfX5Rs=
+code.forgejo.org/forgejo/runner/v12 v12.7.3/go.mod h1:OO+Vy9Dww6WNV7GG/6VUWo/0WwXY+ASGlINmAfEA9Ws=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=

From 595a4ca303697d0300653b17878fef95ce987af1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 25 Mar 2026 02:02:33 +0100
Subject: [PATCH 564/854] Update module code.forgejo.org/forgejo/actions-proto
 to v0.7.0 (forgejo) (#11806)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/actions-proto](https://code.forgejo.org/forgejo/actions-proto) | `v0.6.0` → `v0.7.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2factions-proto/v0.7.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2factions-proto/v0.6.0/v0.7.0?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/actions-proto (code.forgejo.org/forgejo/actions-proto)</summary>

### [`v0.7.0`](https://code.forgejo.org/forgejo/actions-proto/releases/tag/v0.7.0)

[Compare Source](https://code.forgejo.org/forgejo/actions-proto/compare/v0.6.0...v0.7.0)

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/actions-proto-->

- features
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/18): <!--number 18 --><!--line 0 --><!--description ZmVhdDogc3VwcG9ydCByZXF1ZXN0aW5nIGEgc3BlY2lmaWMgam9i-->feat: support requesting a specific job<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/17): <!--number 17 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2Zvcmdlam8tcmVsZWFzZSBhY3Rpb24gdG8gdjIuMTEuMw==-->Update <https://data.forgejo.org/actions/forgejo-release> action to v2.11.3<!--description-->
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/16): <!--number 16 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2Zvcmdlam8tcmVsZWFzZSBhY3Rpb24gdG8gdjIuMTEuMg==-->Update <https://data.forgejo.org/actions/forgejo-release> action to v2.11.2<!--description-->
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/15): <!--number 15 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2Zvcmdlam8tcmVsZWFzZSBhY3Rpb24gdG8gdjIuMTAuMA==-->Update <https://data.forgejo.org/actions/forgejo-release> action to v2.10.0<!--description-->
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/14): <!--number 14 --><!--line 0 --><!--description Y2k6IHB1Ymxpc2ggcmVsZWFzZXMgKHRha2UyKQ==-->ci: publish releases (take2)<!--description-->
  - [PR](https://code.forgejo.org/forgejo/actions-proto/pulls/13): <!--number 13 --><!--line 0 --><!--description Y2k6IHB1Ymxpc2ggcmVsZWFzZXM=-->ci: publish releases<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuODYuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11806
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 87779d7aa4..b7c217def8 100644
--- a/go.mod
+++ b/go.mod
@@ -7,7 +7,7 @@ toolchain go1.26.1
 require (
 	code.forgejo.org/f3/gof3/v3 v3.11.15
 	code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20260301104140-add494e31dab
-	code.forgejo.org/forgejo/actions-proto v0.6.0
+	code.forgejo.org/forgejo/actions-proto v0.7.0
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
diff --git a/go.sum b/go.sum
index c199dc4e9f..33570a84d1 100644
--- a/go.sum
+++ b/go.sum
@@ -20,8 +20,8 @@ code.forgejo.org/f3/gof3/v3 v3.11.15 h1:/EzJWRQUhVVia1EmCWRZHCuW8qdAX1DEXY0M1n0m
 code.forgejo.org/f3/gof3/v3 v3.11.15/go.mod h1:k99wl7QiI9LjS3qEd1RXLdcZPE3wZP5gkVhy8/WhzJ4=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20260301104140-add494e31dab h1:g/uf/tNOvCdGL9EuYV9EJQglEH8n572P1ZwH4lBBkjI=
 code.forgejo.org/forgejo-contrib/go-libravatar v0.0.0-20260301104140-add494e31dab/go.mod h1:PphB88CPbx601QrWPMZATeorACeVmQlyv3u+uUMbSaM=
-code.forgejo.org/forgejo/actions-proto v0.6.0 h1:dw1Dogk9A4V/yrLVkhe9dSZPsqNAIkI1kCXPSqG3tZA=
-code.forgejo.org/forgejo/actions-proto v0.6.0/go.mod h1:+444hHBs9/qDh5X/AedaTv0Egj3vd/EXP93vg9zFV2E=
+code.forgejo.org/forgejo/actions-proto v0.7.0 h1:0UA8AIOIWEiMLQvBbnZ6GQ9reh6BbM15Ep8x+oeTCY8=
+code.forgejo.org/forgejo/actions-proto v0.7.0/go.mod h1:+444hHBs9/qDh5X/AedaTv0Egj3vd/EXP93vg9zFV2E=
 code.forgejo.org/forgejo/go-rpmutils v1.0.0 h1:RZGGeKt70p/WaIEL97pyT6uiiEIoN8/aLmS5Z6WmX0M=
 code.forgejo.org/forgejo/go-rpmutils v1.0.0/go.mod h1:cg+VbgLXfrDPza9T+kBsMb3TVmmzPN4XseT6gDGLSUk=
 code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078 h1:RArF5AsF9LH4nEoJxqRxcP5r8hhRfWcId84G82YbqzA=

From 20f05f748a5f392baffd8d9a9aa8c1c1ab29a4c3 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 25 Mar 2026 06:47:24 +0100
Subject: [PATCH 565/854] Update Node.js to v24.14.1 (forgejo) (#11805)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11805
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .node-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.node-version b/.node-version
index bd165d99d1..045200741c 100644
--- a/.node-version
+++ b/.node-version
@@ -1 +1 @@
-24.14.0
\ No newline at end of file
+24.14.1
\ No newline at end of file

From d4fbbf0ac1c94612ac8063e296b8c1effd77f22c Mon Sep 17 00:00:00 2001
From: Codeberg Translate <translate@codeberg.org>
Date: Wed, 25 Mar 2026 11:27:59 +0000
Subject: [PATCH 566/854] i18n: update of translations from Codeberg Translate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Aindriú Mac Giolla Eoin <aindriu80@noreply.codeberg.org>
Co-authored-by: Atalanttore <atalanttore@noreply.codeberg.org>
Co-authored-by: Benedikt Straub <benedikt-straub@web.de>
Co-authored-by: Benniest <benniest@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Co-authored-by: Coral Pink <coral.pink@disr.it>
Co-authored-by: EssGeeEich <essgeeeich@noreply.codeberg.org>
Co-authored-by: Fjuro <fjuro@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Jean-Christian <jean-christian@noreply.codeberg.org>
Co-authored-by: Kenneth Bruen <kenny@kbruen.ro>
Co-authored-by: Kyush <kyush@noreply.codeberg.org>
Co-authored-by: Languages add-on <noreply-addon-languages@weblate.org>
Co-authored-by: Lzebulon <lzebulon@noreply.codeberg.org>
Co-authored-by: Martini-141 <martini-141@noreply.codeberg.org>
Co-authored-by: Salif Mehmed <mail@salif.eu>
Co-authored-by: Shihfu Juan <xlion@xlion.tw>
Co-authored-by: SomeTr <sometr@noreply.codeberg.org>
Co-authored-by: ThinkRoot <thinkroot@noreply.codeberg.org>
Co-authored-by: Ullebe1 <ullebe1@noreply.codeberg.org>
Co-authored-by: Vyxie <kitakita@disroot.org>
Co-authored-by: Wuzzy <wuzzy@disroot.org>
Co-authored-by: adriand <adriand@noreply.codeberg.org>
Co-authored-by: alanmena <alanmena@noreply.codeberg.org>
Co-authored-by: andreuz <andreu@kindspells.dev>
Co-authored-by: anon_ally <anon_ally@noreply.codeberg.org>
Co-authored-by: artnay <artnay@noreply.codeberg.org>
Co-authored-by: bertof <bertof@noreply.codeberg.org>
Co-authored-by: bespinas <bespinas@noreply.codeberg.org>
Co-authored-by: daltux <daltux@noreply.codeberg.org>
Co-authored-by: dsonck <dsonck@noreply.codeberg.org>
Co-authored-by: fbausch <fbausch@noreply.codeberg.org>
Co-authored-by: hanklank <hanklank@noreply.codeberg.org>
Co-authored-by: ivanhercaz <ivanhercaz@noreply.codeberg.org>
Co-authored-by: jimkats <jimkats@noreply.codeberg.org>
Co-authored-by: justbispo <justbispo@noreply.codeberg.org>
Co-authored-by: llixon <llixon@noreply.codeberg.org>
Co-authored-by: lxcj <lxcj@noreply.codeberg.org>
Co-authored-by: makmonty <makmonty@noreply.codeberg.org>
Co-authored-by: maydo <maydo@noreply.codeberg.org>
Co-authored-by: minh160302 <minh160302@noreply.codeberg.org>
Co-authored-by: mou7664 <mou7664@noreply.codeberg.org>
Co-authored-by: onkelklo <onkelklo@noreply.codeberg.org>
Co-authored-by: pixelcode <pixelcode@noreply.codeberg.org>
Co-authored-by: pswsm <pswsm@noreply.codeberg.org>
Co-authored-by: recreationalprogamer <recreationalprogamer@noreply.codeberg.org>
Co-authored-by: smlxdesign <smlxdesign@noreply.codeberg.org>
Co-authored-by: sunwoo1524 <sunwoo1524@noreply.codeberg.org>
Co-authored-by: vmtj <vmtj@noreply.codeberg.org>
Co-authored-by: woolkingx <woolkingx@noreply.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Co-authored-by: Кнⷫѧⷷ̈зⷮьⷬ Кропоткинъ <kropotkin@noreply.codeberg.org>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ar/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/bg/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/da/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/el/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fil/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ga/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/it/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ja/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ka/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/lv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ro/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ta/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/th/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/tr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hant/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ar/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/bg/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/da/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/el/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/eo/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fil/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/it/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ko/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/nb_NO/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ro/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/vi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/zh_Hant/
Translation: Forgejo/forgejo
Translation: Forgejo/forgejo-next
---
 options/locale/locale_ar.ini          |  15 +-
 options/locale/locale_arq.ini         |   1 +
 options/locale/locale_bg.ini          |  12 +-
 options/locale/locale_ca.ini          | 543 ++++++++++++++++++++++++--
 options/locale/locale_cs-CZ.ini       |   2 +-
 options/locale/locale_da.ini          |  26 +-
 options/locale/locale_de-DE.ini       |  98 ++---
 options/locale/locale_el-GR.ini       |   8 +-
 options/locale/locale_eo.ini          |   5 +-
 options/locale/locale_es-ES.ini       |  63 ++-
 options/locale/locale_fi-FI.ini       |  13 +-
 options/locale/locale_fil.ini         |   2 +-
 options/locale/locale_fr-FR.ini       |   2 +-
 options/locale/locale_it-IT.ini       |  42 +-
 options/locale/locale_ko-KR.ini       |  20 +-
 options/locale/locale_nb_NO.ini       | 109 ++++--
 options/locale/locale_nds.ini         |   2 +-
 options/locale/locale_nl-NL.ini       |  22 +-
 options/locale/locale_pl-PL.ini       |  80 ++--
 options/locale/locale_pt-BR.ini       |  76 ++--
 options/locale/locale_pt-PT.ini       |  24 +-
 options/locale/locale_ro.ini          |  46 ++-
 options/locale/locale_ru-RU.ini       |   6 +-
 options/locale/locale_sv-SE.ini       |  64 +--
 options/locale/locale_uk-UA.ini       |  12 +-
 options/locale/locale_vi.ini          |   6 +-
 options/locale/locale_zh-CN.ini       |   6 +-
 options/locale/locale_zh-TW.ini       |   4 +-
 options/locale_next/locale_ar.json    |  11 +-
 options/locale_next/locale_arq.json   |   1 +
 options/locale_next/locale_bg.json    | 113 +++++-
 options/locale_next/locale_ca.json    |  56 ++-
 options/locale_next/locale_cs-CZ.json | 108 +++--
 options/locale_next/locale_da.json    |  11 +-
 options/locale_next/locale_de-DE.json |  74 +++-
 options/locale_next/locale_el-GR.json |  97 +++--
 options/locale_next/locale_es-ES.json |  11 +-
 options/locale_next/locale_fa-IR.json |   1 -
 options/locale_next/locale_fi-FI.json |  11 +-
 options/locale_next/locale_fil.json   |  14 +-
 options/locale_next/locale_fr-FR.json |  97 ++++-
 options/locale_next/locale_ga.json    |  88 ++++-
 options/locale_next/locale_hu-HU.json |   1 -
 options/locale_next/locale_id-ID.json |   1 -
 options/locale_next/locale_is-IS.json |   3 -
 options/locale_next/locale_it-IT.json |  28 +-
 options/locale_next/locale_ja-JP.json |  11 +-
 options/locale_next/locale_ka.json    |   6 +-
 options/locale_next/locale_ko-KR.json |   1 -
 options/locale_next/locale_lv-LV.json |  11 +-
 options/locale_next/locale_nds.json   |  96 ++++-
 options/locale_next/locale_nl-NL.json |  42 +-
 options/locale_next/locale_pl-PL.json |  11 +-
 options/locale_next/locale_pt-BR.json |  66 ++--
 options/locale_next/locale_pt-PT.json | 108 ++++-
 options/locale_next/locale_ro.json    |   3 +-
 options/locale_next/locale_ru-RU.json |  52 ++-
 options/locale_next/locale_si-LK.json |   1 -
 options/locale_next/locale_sv-SE.json | 122 ++++--
 options/locale_next/locale_ta.json    |  11 +-
 options/locale_next/locale_th.json    |  11 +-
 options/locale_next/locale_tr-TR.json |  11 +-
 options/locale_next/locale_uk-UA.json |  97 ++++-
 options/locale_next/locale_vi.json    |   1 -
 options/locale_next/locale_zh-CN.json |  76 +++-
 options/locale_next/locale_zh-TW.json | 164 ++++++--
 66 files changed, 2211 insertions(+), 725 deletions(-)
 create mode 100644 options/locale/locale_arq.ini
 create mode 100644 options/locale_next/locale_arq.json

diff --git a/options/locale/locale_ar.ini b/options/locale/locale_ar.ini
index a92baa3307..5e9808d2f0 100644
--- a/options/locale/locale_ar.ini
+++ b/options/locale/locale_ar.ini
@@ -272,7 +272,7 @@ buttons.list.task.tooltip = أضف قائمة مهام
 buttons.enable_monospace_font = فعّل الخط الثابت العرض
 buttons.mention.tooltip = اذكر مستخدمًا أو فريقًا
 buttons.italic.tooltip = أضف نصًا مائلًا (Ctrl+I / ⌘I)
-buttons.link.tooltip = اضف رابط
+buttons.link.tooltip = اضف رابط.
 buttons.disable_monospace_font = عطّل الخط الثابت العرض
 buttons.unindent.tooltip = ‪عناصر غير متساوية من نفس المستوى
 buttons.indent.tooltip = تداخل العناصر بنفس المستوى
@@ -619,6 +619,7 @@ quota.rule.exceeded.helper = لقد تجاوز الحجم الإجمالي لل
 quota.rule.exceeded = تم تجاوزه
 quota.applies_to_user = تنطبق قواعد الحصص التالية على حسابك
 quota.sizes.wiki = الموسوعة
+ssh_token_help_ssh_agent = أو، إذا كنت تستخدم وكيل SSH (مع تعيين متغير SSH_AUTH_SOCK):
 
 [org]
 follow_blocked_user = لا يمكنك إتباع هذه المنظمة لأن هذه المنظمة حظرتك.
@@ -1611,6 +1612,18 @@ n_release_few = %s إصدارات
 file.title = %s عند %s
 vendored = مضمن
 file_follow = متابعة الروابط الرمزية
+unescape_control_characters = الهروب
+blame = لوم
+editor.file_is_a_symlink = `"%s" هو رابط رمزي. لا يمكن تعديل الروابط الرمزية في محرر الويب.`
+editor.file_editing_no_longer_exists = الملف الذي يتم تعديله، "%s"، لم يعد موجودًا في هذا المستودع.
+editor.file_deleting_no_longer_exists = الملف الذي يتم تعديله، "%s"، ليس موجودًا في هذا المستودع.
+editor.file_changed_while_editing = لقد تغيرت محتويات الملف منذ فتحه. <a target="_blank" rel="noopener noreferrer" href="%s">انقر هنا</a> لعرضها أو <strong>حفظ التغييرات مرة أخرى</strong> لاستبدالها.
+editor.commit_id_not_matching = تم تغيير الملف أثناء قيامك بتحريره. قم بإنشاء فرع جديد ثم قم بدمج التغييرات.
+editor.push_out_of_date = ­يبدو أن هذا التوجه قديم الطراز.
+editor.upload_file_is_locked = الملف "%s"هو مغلق من قبل %s.
+editor.cannot_commit_to_protected_branch = لا يمكن الالتزام بالفرع المحمي "%s".
+editor.user_no_push_to_branch = المستخدم لا يمكن الالتزام بالفرع المحمي.
+editor.require_signed_commit = يتطلب الفرع التزامًا موقعًا
 
 [mail]
 admin.new_user.text = من فضلك <a href="%s">اضغط هنا</a> لإدارة هذا المستخدم من لوحة الإدارة.
diff --git a/options/locale/locale_arq.ini b/options/locale/locale_arq.ini
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/options/locale/locale_arq.ini
@@ -0,0 +1 @@
+
diff --git a/options/locale/locale_bg.ini b/options/locale/locale_bg.ini
index dbb5a5e65f..762f50afa6 100644
--- a/options/locale/locale_bg.ini
+++ b/options/locale/locale_bg.ini
@@ -759,7 +759,7 @@ settings.danger_zone = Опасна зона
 issues.closed_by = от <a href="%[2]s">%[3]s</a> бе затворена %[1]s
 issues.delete_comment_confirm = Сигурни ли сте, че искате да изтриете този коментар?
 milestones.due_date = Краен срок (опционално)
-settings.wiki_delete_notices_1 = - Това ще изтрие перманентно и ще деактивира уикито на хранилището %s.
+settings.wiki_delete_notices_1 = - Това ще изтрие перманентно и ще изключи уикито на хранилището %s.
 settings.wiki_deletion_success = Данните на уикито на хранилището са изтрити.
 settings.collaborator_deletion = Премахване на сътрудника
 settings.remove_collaborator_success = Сътрудникът е премахнат.
@@ -1825,6 +1825,9 @@ settings.chat_id = ID на чата
 settings.thread_id = ID на нишката
 settings.matrix.room_id = ID на стаята
 settings.matrix.message_type = Тип съобщение
+issues.label_open_issues = %d отворени задачи/заявки за сливане
+issues.summary_card_alt = Карта с обобщение на задача със заглавие „%s“ в хранилище %s
+release.type_attachment = Прикачен файл
 
 [modal]
 confirm = Потвърждаване
@@ -1845,7 +1848,7 @@ buttons.list.task.tooltip = Добавяне на списък със задач
 buttons.enable_monospace_font = Включване на равноширок шрифт
 buttons.mention.tooltip = Споменаване на потребител или екип
 buttons.italic.tooltip = Добавяне на курсив текст (Ctrl+I / ⌘I)
-buttons.link.tooltip = Добавяне на връзка
+buttons.link.tooltip = Добавяне на връзка (Ctrl+K / ⌘K)
 buttons.disable_monospace_font = Изключване на равноширокия шрифт
 buttons.ref.tooltip = Препратка към задача или заявка за сливане
 table_modal.label.columns = Колони
@@ -2564,4 +2567,7 @@ issues.write = <b>Писане:</b> Затваряне на задачи и уп
 [units]
 error.no_unit_allowed_repo = Нямате разрешение за достъп до никоя секция на това хранилище.
 unit = Елемент
-error.unit_not_allowed = Нямате разрешение за достъп до тази секция на хранилището.
\ No newline at end of file
+error.unit_not_allowed = Нямате разрешение за достъп до тази секция на хранилището.
+
+[secrets]
+secrets = Тайни
\ No newline at end of file
diff --git a/options/locale/locale_ca.ini b/options/locale/locale_ca.ini
index 3e3907ecc2..e6f3cac5e2 100644
--- a/options/locale/locale_ca.ini
+++ b/options/locale/locale_ca.ini
@@ -158,7 +158,7 @@ commit_kind = Cerca commits…
 runner_kind = Cerca executors…
 no_results = Cap resultat coincident trobat.
 keyword_search_unavailable = La cerca per paraula clau no està disponible ara mateix. Si us plau contacteu amb l'administrador del lloc.
-union = Paraules clau
+union = Unió
 union_tooltip = Inclou resultats que encaixen amb qualsevol paraula clau separada per espais
 org_kind = Cerca organitzacions…
 team_kind = Cerca teams…
@@ -380,7 +380,7 @@ email_domain_blacklisted = No podeu registrar-vos amb el correu electrònic.
 hint_login = Ja tens compte? <a href="%s">Entra ara!</a>
 hint_register = Necessites un compte? <a href="%s">Registra't ara.</a>
 sign_up_button = Registra't ara.
-must_change_password = Actualitza la contrasenya
+must_change_password = Actualitzeu la contrasenya
 change_unconfirmed_email_error = No s'ha pogut canviar l'adreça de correu: %v
 oauth_signup_tab = Registrar compte nou
 back_to_sign_in = Torneu a entrar
@@ -414,7 +414,7 @@ buttons.quote.tooltip = Citar text
 buttons.enable_monospace_font = Habilitar la font monoespai
 buttons.disable_monospace_font = Deshabilita la font monoespai
 buttons.code.tooltip = Afegir codi
-buttons.link.tooltip = Afegir un enllaç
+buttons.link.tooltip = Afegir un enllaç (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip = Afegir un llista de punts
 buttons.list.ordered.tooltip = Afegir una llista enumerada
 buttons.list.task.tooltip = Afegir una llista de tasques
@@ -502,8 +502,8 @@ issue_assigned.pull = @%[1]s us ha assignat la sol·licitud d'extracció %[2]s a
 issue.action.reopen = <b>@%[1]s</b> ha reobert #%[2]s.
 issue.action.approve = <b>@%[1]s</b> ha aprovat aquesta sol·licitud d'extracció.
 issue.action.reject = <b>@%[1]s</b> ha sol·licitat canvis en aquesta sol·licitud d'extracció.
-register_notify.text_2 = Podeu iniciar sessió al vostre compte fent servir el vostre nom d'usuari: %s
-register_notify.text_1 = aquest és el vostre correu electrònic de confirmació pel registre de %s!
+register_notify.text_2 = Pots iniciar sessió al teu compte utilitzant el teu usuari: %s
+register_notify.text_1 = aquest és el teu correu electrònic de confirmació per %s!
 password_change.text_1 = S'acaba de canviar la contrasenya pel vostre compte.
 issue.action.review = <b>@%[1]s</b> ha deixat un comentari a la vostra sol·licitud d'extracció.
 issue.action.review_dismissed = <b>@%[1]s</b> ha rebutjat l'última revisió de %[2]s per aquesta sol·licitud d'extracció.
@@ -511,7 +511,7 @@ primary_mail_change.text_1 = S'ha canviat la vostra adreça de correu electròni
 totp_disabled.text_1 = S'han desactivat les contrasenyes d'un sol ús basades en el temps (TOTP) pel vostre compte.
 totp_disabled.no_2fa = Ja no hi ha altres mètodes d'autenticació de doble factor configurats, per la qual cosa ja no és necessari iniciar sessió al vostre compte mitjançat autenticació de doble factor.
 removed_security_key.no_2fa = Ja no hi ha altres mètodes d'autenticació de doble factor configurats, per la qual cosa ja no és necessari iniciar sessió al vostre compte mitjançat autenticació de doble factor.
-reset_password = Recupereu el vostre compte
+reset_password = Recuperar el vostre compte
 reset_password.text = Si heu sigut vós, cliqueu el següent enllaç per recuperar el vostre compte abans de <b>%s</b>:
 totp_enrolled.text_1.has_webauthn = Heu activat TOTP pel vostre compte. Això vol dir que podreu usar TOTP com a mètode d'autenticació de doble factor a tots els inicis de sessió futurs al vostre compte, o bé usar qualsevol de les vostres claus de seguretat.
 issue.action.force_push = <b>%[1]s</b> ha realitzat un «force push» de <b>%[2]s</b> des de %[3]s fins a %[4]s.
@@ -520,7 +520,7 @@ issue.in_tree_path = A %s:
 issue.action.push_1 = <b>@%[1]s</b> ha pujat $[3]d commit a %[2]s
 issue.action.push_n = <b>@%[1]s</b> ha pujat $[3]d commits a %[2]s
 release.note = Nota:
-release.new.text = <b>@%[1]s</b> ha publicat %[2]s a %[3]s
+release.new.text = <b>@%[1]s</b> ha publicat %[2]s en %[3]s
 release.new.subject = %s a %s publicat
 
 [modal]
@@ -611,9 +611,9 @@ git_ref_name_error = ` ha de ser un nom correcte de referència de Git.`
 size_error = ` ha de tenir una mida de %s.`
 include_error = ` ha de contenir la subcadena «%s».`
 glob_pattern_error = ` el patró glob no és vàlid: %s.`
-username_error = ` només pot contenir caràcters alfanumèrics ("0-9","a-z","A-Z"), guió ("-"), barra baixa ("_") i punt ("."). No pot començar ni acabar amb caràcters no alfanumèrics, i els caràcters no alfanumèrics consecutius també estan prohibits.`
+username_error = ` pot contenir només caràcters alfanumèrics ("0-9","a-z","A-Z"), barres baixes ("_") i punts ("."). No pot començar ni acabar amb caràcters que no siguin alfanumèrics, i els caràcters que no siguin alfanumèrics tampoc poden aparèixer de manera consecutiva.`
 username_error_no_dots = ` només pot contenir caràcters alfanumèrics ("0-9","a-z","A-Z"), guió ("-") i barra baixa ("_"). No pot començar ni acabar amb caràcters no alfanumèrics, i els caràcters no alfanumèrics consecutius tampoc estan permesos.`
-username_claiming_cooldown = El nom d'usuari no es pot reservar degut a que el seu període de refredament encara no ha acabat. Es podrà fer servir en %[1]s.
+username_claiming_cooldown = No es pot reclamar el nom d'usuari perquè el seu període de temps de recuperació encara no ha acabat. Es podrà reclamar el %[1]s.
 invalid_group_team_map_error = ` el mapatge no és vàlid: %s`
 repository_force_private = S'ha activat "Forçar privat": els repositoris privats no es poden fer públics.
 2fa_auth_required = L'accés remot requereix una autenticació de doble factor.
@@ -881,7 +881,7 @@ quota.sizes.assets.attachments.issues = Fitxers adjunts a incidències
 quota.sizes.assets.artifacts = Artefactes
 quota.sizes.assets.packages.all = Paquets
 enable_custom_avatar = Usa un avatar personalitzat
-comment_type_group_assignee = Assignat
+comment_type_group_assignee = Assignatari
 visibility.public = Públic
 visibility.limited = Limitat
 visibility.private = Privat
@@ -936,9 +936,9 @@ ssh_key_deletion_desc = Eliminar una clau SSH en revocarà l'accés al vostre co
 gpg_key_deletion_desc = Eliminar una clau GPG des-verificarà els commits firmats per ella. Voleu continuar?
 valid_until_date = Vàlid fins %s
 repo_and_org_access = Accés al repositori i a l'organització
-webauthn_delete_key = Eliminar una clau de seguretat
+webauthn_delete_key = Eliminar la clau de seguretat
 webauthn_alternative_tip = Segurament voldreu configurar un mètode d'autenticació addicional.
-remove_account_link = Eliminar el compte vinculat
+remove_account_link = Eliminar un compte vinculat
 email_notifications.onmention = Enviar correus electrònics només quan se us mencioni
 blocked_since = Bloquejat des de %s
 quota.sizes.assets.attachments.releases = Fitxers adjunts a la publicació
@@ -1387,7 +1387,7 @@ editor.fail_to_apply_patch = No s'ha pogut aplicar el pedaç "%s"
 editor.new_patch = Pedaç nou
 editor.commit_message_desc = Afegiu una descripció ampliada opcional…
 editor.create_new_branch_np = Crear una <strong>nova branca</strong> per aquest commit.
-editor.create_new_branch = Crear una <strong>nova branca</strong> per aquest commit i iniciar una sol·licitud d'extracció.
+editor.create_new_branch = Creeu una <strong>nova branca</strong> per aquest commit i inicieu una sol·licitud d'extracció.
 editor.new_branch_name_desc = Nom de la branca nova…
 editor.filename_is_invalid = El nom del fitxer és incorrecte: "%s".
 editor.branch_does_not_exist = La branca "%s" no existeix en aquest repositori.
@@ -1560,7 +1560,7 @@ pulls.merge_conflict = La fusió ha fallat: hi ha hagut un conflicte durant la f
 pulls.merge_conflict_summary = Missatge d'error
 pulls.rebase_conflict_summary = Missatge d'error
 signing.wont_sign.approved = La fusió no es signarà perquè la sol·licitud d'extracció no està aprovada.
-signing.wont_sign.not_signed_in = No heu iniciat sessió.
+signing.wont_sign.not_signed_in = No teniu la sessió iniciada.
 ext_wiki = Wiki externa
 wiki.welcome = Benvingut/da a la wiki.
 wiki.welcome_desc = La wiki us permet escriure i compartir documentació amb els col·laboradors.
@@ -1603,7 +1603,7 @@ activity.new_issues_count_n = Noves incidències
 activity.title.unresolved_conv_1 = %s conversa sense resoldre
 activity.title.unresolved_conv_n = %s converses sense resoldre
 activity.unresolved_conv_desc = Aquestes incidències i sol·licituds d'extracció recentment modificades no han sigut resoltes encara.
-activity.title.releases_1 = %d entrega
+activity.title.releases_1 = %d publicació
 activity.title.releases_n = %d entregues
 activity.title.releases_published_by = %s publicada per %s
 activity.published_tag_label = Etiqueta
@@ -1620,7 +1620,7 @@ activity.git_stats_addition_1 = %d addició
 activity.git_stats_addition_n = %d addicions
 activity.git_stats_deletion_1 = %d eliminació
 activity.git_stats_deletion_n = %d eliminacions
-settings.mirror_settings.docs = Configureu el vostre repositori per sincronitzar automàticament commits, etiquetes i branques amb un altre repositori.
+settings.mirror_settings.docs = Configureu el vostre repositori per sincronitzar commits, etiquetes i branques automàticament amb un altre repositori.
 rss.must_be_on_branch = Heu d'estar en una branca per a tenir un canal RSS.
 admin.manage_flags = Gestiona les marques
 admin.enabled_flags = Marques habilitades del repositori:
@@ -2136,14 +2136,14 @@ milestones.filter_sort.latest_due_date = Lluny de la data de venciment
 milestones.filter_sort.least_complete = Menys completa
 milestones.filter_sort.most_complete = Més completa
 default_branch_helper = La branca per defecte és la branca base pels pull requests i els commits.
-file_follow = Seguir symlink
-escape_control_characters =
-commits.signed_by_untrusted_user_unmatched = Signat per un usuari no fiable que no coincideix amb qui ha fet el commit
-projects.new_subheader = Coordineu, feu el seguiment i actualitzeu la vostra feina en un sol lloc, perquè els projectes siguin transparents i compleixin els terminis.
+file_follow = Seguir l'enllaç simbòlic
+escape_control_characters =Escapar
+commits.signed_by_untrusted_user_unmatched = Signat per un usuari no fiable que no coincideix amb l'autor del commit
+projects.new_subheader = Coordineu, feu seguiment, i actualitzeu el vostre treball en un sol lloc, per tal que els projectes es mantinguin transparents i dins del calendari previst.
 projects.type.bug_triage = Triatge d'errors
-projects.column.set_default = Estableix per defecte
+projects.column.set_default = Definir com a predeterminada
 projects.column.assigned_to = Assignat a
-issues.filter_sort.mostcomment = Més comentat
+issues.filter_sort.mostcomment = Les més comentades
 signing.wont_sign.parentsigned = El commit no se signarà perquè el commit pare no està signat.
 signing.wont_sign.headsigned = La fusió no se signarà perquè el commit cap (head) no està signat.
 wiki.create_first_page = Crea la primera pàgina
@@ -2251,6 +2251,364 @@ settings.add_webhook.invalid_path = El camí no pot contenir ".", ".." o una cad
 settings.webhook_deletion = Eliminar webhook
 settings.webhook_deletion_desc = Eliminar un webhook n'elimina la configuració i la història de lliurament. Continuar?
 settings.webhook_deletion_success = S'ha eliminat el webhook.
+unescape_control_characters = Des-escapar
+view_git_blame = Veure git blame
+vendored = Proveïdor
+editor.propose_file_change = Proposa canvis en el fitxer
+editor.invalid_commit_mail = Adreça de correu electrònic incorrecta per crear un commit.
+editor.file_changed_while_editing = El contingut del fitxer ha canviat des que el vau obrir. <a target="_blank" rel="noopener noreferrer" href="%s">Feu clic aquí</a> per veure'l o <strong>feu commit dels canvis un altre cop</strong> per sobreescriure'l.
+editor.push_rejected_no_message = El servidor ha rebutjat el canvi sense més detalls. Si us plau, reviseu els ganxos de Git.
+editor.push_rejected = El servidor ha rebutjat el canvi. Si us plau, reviseu els ganxos de Git.
+editor.cannot_commit_to_protected_branch = No es pot fer commit a la branca protegida "%s".
+editor.no_commit_to_branch = No s'ha pogut fer commit directament a la branca perquè:
+editor.require_signed_commit = La branca requereix un commit signat
+commits.renamed_from = Reanomenat de %s
+commits.signed_by_untrusted_user = Signat per un usuari no fiable
+projects.edit_subheader = Els projectes organitzen les incidències i fan seguiment del progrés.
+issues.choose.invalid_templates = S'han trobat %v plantilles invàlides
+pulls.merged_by_fake = per %[2]s ha sigut fusionada %[1]s
+issues.commit_ref_at = `ha fet referència a aquesta incidència en un commit %s`
+issues.ref_from = `de %[1]s`
+issues.unpin_issue = Desfixar la incidència
+issues.pin_comment = ha fixat aquest %s
+issues.unpin_comment = ha desfixat aquest %s
+issues.lock_with_reason = bloquejada com a <strong>%s</strong> i conversa restringida als col·laboradors %s
+issues.lock_no_reason = bloquejada i conversa restringida als col·laboradors %s
+issues.lock.reason = Causa del bloqueig
+pulls.allow_edits_from_maintainers = Permetre edicions dels mantenidors
+pulls.compare_changes_desc = Seleccioneu la branca on fusionar i la branca d'on extreure.
+pulls.switch_comparison_type = Intercanvia el tipus de comparació
+pulls.switch_head_and_base = Intercanvia el head i la base
+pulls.show_all_commits = Mostrar tots els commits
+pulls.select_commit_hold_shift_for_range = Seleccioneu el commit. Premeu shift + feu clic per seleccionar un rang
+pulls.is_checking = La comprovació de conflictes de fusió està en curs. Proveu de nou d'aquí una estona.
+pulls.is_empty = Els canvis en aquesta branca ja són a la branca de destí. Aquest serà un commit buit.
+pulls.required_status_check_administrator = Com a administrador, podeu fusionar aquesta «pull request» de totes maneres.
+pulls.num_conflicting_files_1 = %s fitxer en conflicte
+pulls.num_conflicting_files_n = %s fitxers en conflicte
+pulls.reject_count_1 = %d sol·licitud de canvi
+pulls.reject_count_n = %s sol·licituds de canvi
+pulls.waiting_count_1 = %d revisió en espera
+pulls.waiting_count_n = %d revisions en espera
+pulls.merge_pull_request = Crear un commit de fusió
+pulls.merge_commit_id = L'ID del commit de fusió
+pulls.require_signed_wont_sign = La branca requereix commits signats, però aquesta fusió no estarà signada
+milestones.filter_sort.most_issues = Més incidències
+milestones.filter_sort.least_issues = Menys incidències
+signing.will_sign = Aquest commit es signarà amb la clau "%s".
+signing.wont_sign.error = S'ha produït un error mentre es comprovava si el commit es podia signar.
+signing.wont_sign.nokey = Aquesta instància no té cap clau per signar aquest commit.
+signing.wont_sign.never = Els commits no es signen mai.
+signing.wont_sign.always = Els commits es signen sempre.
+signing.wont_sign.pubkey = El commit no es signarà perquè no teniu cap clau pública associada al vostre compte.
+signing.wont_sign.twofa = Heu de tenir habilitada l'autenticació de doble factor per tenir commits signats.
+signing.wont_sign.basesigned = La fusió no es signarà perquè el commit base no està signat.
+signing.wont_sign.commitssigned = La fusió no es signarà perquè cap dels commits associats està signat.
+wiki.file_revision = Revisió de la pàgina
+wiki.wiki_page_revisions = Revisions de la pàgina
+wiki.back_to_wiki = Tornar a la pàgina de la wiki
+wiki.reserved_page = El nom de pàgina wiki "%s" està reservat.
+wiki.last_updated = Actualitzat per última vegada %s
+wiki.page_name_desc = Introduïu un nom per aquesta pàgina de la Wiki. Alguns noms especials són: "Home", "_Sidebar" i "_Footer".
+activity.navbar.recent_commits = Commits recents
+activity.published_prerelease_label = Pre-publicació
+activity.git_stats_commit_1 = %d commit
+activity.git_stats_commit_n = %d commits
+activity.git_stats_push_to_all_branches = a totes les branques.
+settings.githooks = Ganxos de Git
+settings.mirror_settings.docs.disabled_pull_mirror.instructions = Configureu el vostre projecte per enviar automàticament commits, etiquetes i branques. L'administrador del vostre lloc ha desactivat els miralls de baixada (pull).
+settings.issues_desc = Activar el gestor d'incidències
+settings.use_internal_issue_tracker = Usa el gestor d'incidències per defecte
+settings.use_external_issue_tracker = Usa un gestor d'incidències extern
+settings.external_tracker_url = URL del gestor d'incidències extern
+settings.external_tracker_url_error = L'URL del gestor d'incidències extern no és vàlida.
+settings.external_tracker_url_desc = Quan els visitants facin clic a la pestanya d'incidències, se'ls redirigirà a l'URL del gestor d'incidències extern.
+settings.tracker_url_format = Format de l'URL del gestor d'incidències extern
+settings.tracker_url_format_error = El format de l'URL del gestor d'incidències extern no és vàlid.
+settings.tracker_issue_style = Format de número del gestor d'incidències extern
+settings.tracker_issue_style.regexp_pattern_desc = S'usarà el primer grup capturat enlloc de <code>{index}</code>.
+settings.tracker_url_format_desc = Usa els espais reservats <code>{user}</code>, <code>{repo}</code> i <code>{index}</code> com a nom d'usuari, nom de repositori i índex d'incidències.
+settings.pulls.allow_rebase_update = Activa canviar la branca dels «pull request» per «rebase»
+settings.default_update_style_desc = Mètode predeterminat que s'usarà per actualitzar les «pull requests» darrere de la branca base.
+settings.pulls.default_delete_branch_after_merge = Eliminar per defecte la branca dels «pull request» després de fusionar-los
+settings.packages_desc = Activar el registre de paquets del repositori
+settings.admin_enable_close_issues_via_commit_in_any_branch = Tancar una incidència mitjançant un commit en una branca no principal
+settings.trust_model.collaborator.desc = Les signatures vàlides dels col·laboradors d'aquest repositori es marcaran com a "confiables" (coincideixin o no amb l'autor del commit). Altrament, es marcaran com a "no confiables" si la signatura coincideix amb l'autor i com a "no coincidents" si no en coincideixen.
+settings.trust_model.committer.long = Autor del commit: Confia les signatures que coincideixen amb els autors dels commits (Aquest és el comportament de GitHub i farà que els commit signats per Forgejo tinguin Forgejo com a autor)
+settings.trust_model.committer.desc = Les signatures vàlides només es marcaran com a "confiables" si coincideixen amb l'autor del commit, altrament es marcaran com a "no coincidents". Això força que Forgejo sigui l'autor en els commits signats, amb l'autor real indicat com a Co-authored-by: i Co-committed-by: al final del commit. La clau per defecte de Forgejo ha de coincidir amb un User a la base de dades.
+settings.trust_model.collaboratorcommitter.long = Col·laborador+Autor del commit: Confia en les signatures dels col·laboradors que coincideixin amb l'autor del commit
+settings.trust_model.collaboratorcommitter.desc = Les signatures vàlides dels col·laboradors es marcaran com a "confiables" si coincideixen amb l'autor del commit. Altrament, es marcaran com a "no confiables" si la signatura coincideix amb l'autor i com a "no coincidents" si no en coincideix. Això força que Forgejo sigui l'autor dels commits signats amb l'autor real indicat amb Co-Authored-By: i Co-Committed-By: al final del commit. La clau per defecte de Forgejo ha de coincidir amb un User a la base de dades.
+settings.wiki_rename_branch_main_notices_2 = Això canviarà permanentment el nom de la branca interna de la wiki del repositori %s. S'haurà d'actualitzar els checkouts existents.
+settings.hooks_desc = Els webhooks fan consultes HTTP POST al servidor, automàticament, quan es disparen certs esdeveniments de Forgejo. Llegiu-ne més a la <a target="_blank" rel="noopener noreferrer" href="%s">guia de webhooks</a>.
+settings.webhook.test_delivery = Prova de lliurament
+settings.webhook.test_delivery_desc = Prova aquest webhook amb un esdeveniment fals.
+settings.webhook.test_delivery_desc_disabled = Activeu primer el webhook per a provar-lo amb un esdeveniment fals.
+settings.webhook.request = Consulta
+settings.webhook.replay.description = Rellança aquest webhook.
+settings.webhook.replay.description_disabled = Activeu el webhook per rellançar-lo.
+settings.webhook.delivery.success = S'ha afegit un esdeveniment a la cua de lliurament. Pot trigar uns segons a aparèixer a l'historial de lliurament.
+settings.githooks_desc = Git gestiona els ganxos git. Podeu editar els fitxers de ganxo següents per configurar operacions personalitzades.
+settings.githook_edit_desc = Si el ganxo és inactiu, es presentarà contingut de mostra. Deixar el contingut buit desactivarà aquest ganxo.
+settings.githook_name = Nom del ganxo
+settings.githook_content = Contingut del ganxo
+settings.update_githook = Actualitzar ganxo
+settings.add_webhook_desc = Forgejo enviarà consultes <code>POST</code> amb un Content-Type especificat a l'URL de destí. Llegiu-ne més a la <a target="_blank" rel="noopener noreferrer" href="%s">guia de webhooks</a>.
+settings.payload_url = URL de destí
+settings.http_method = Mètode HTTP
+settings.content_type = Tipus de contingut POST
+settings.slack_icon_url = URL de la icona
+settings.discord_icon_url = URL de la icona
+settings.discord_icon_url.exceeds_max_length = L'URL de la icona ha de ser menor o igual a 2048 caràcters
+settings.event_desc = Dispara quan:
+settings.event_push_only = Pujades (push)
+settings.event_choose = Esdeveniments personalitzats…
+settings.event_header_repository = Esdeveniment de repositori
+settings.event_create_desc = es creï una branca o etiqueta.
+settings.event_delete_desc = s'elimini una branca o etiqueta.
+settings.event_fork_desc = es bifurqui el repositori.
+settings.event_wiki_desc = es creï, modifiqui o elimini una pàgina de la wiki.
+settings.event_push_desc = es pugi (push) al repositori.
+settings.event_repository_desc = es creï o elimini un repositori.
+settings.event_header_issue = Esdeveniments d'incidències
+settings.event_issues_desc = s'obri, tanqui o editi una incidència.
+settings.event_issue_assign_desc = es canviï l'assignació d'una incidència.
+settings.event_issue_label_desc = s'afegeixi o esborri una etiqueta d'incidència.
+settings.event_issue_comment_desc = es creï, editi o elimini un comentari d'incidència.
+settings.event_header_pull_request = Esdeveniments de «pull request»
+settings.event_pull_request_desc = s'obri, tanqui o editi una «pull request».
+settings.event_pull_request_assign_desc = es canviï l'assignació d'una «pull request».
+settings.event_pull_request_label_desc = s'afegeixi o esborri una etiqueta de «pull request».
+settings.event_pull_request_comment_desc = es creï, editi o elimini un comentari de «pull request».
+settings.event_pull_request_review_desc = s'aprovi o rebutgi una «pull request» o se n'afegeixin comentaris de revisió.
+settings.event_pull_request_sync_desc = es canviï la branca automàticament a la branca objectiu.
+settings.event_pull_request_review_request = se sol·liciti revisió
+settings.event_pull_request_review_request_desc = se sol·licitin revisions a la «pull request» o se n'elimini la sol·licitud.
+settings.event_pull_request_approvals = s'accepti una «pull request»
+settings.event_pull_request_merge = es fusioni una «pull request»
+settings.authorization_header = Capçalera d'Autorització
+settings.authorization_header_desc = S'inclourà com a capçalera d'autorització per a les «requests» quan hi sigui. Exemples: %s.
+settings.active_helper = La informació sobre els esdeveniments disparats s'enviarà a aquesta URL webhook.
+settings.add_hook_success = S'ha afegit el webhook.
+settings.update_webhook = Actualitzar webhook
+settings.update_hook_success = S'ha actualitzat el webhook.
+settings.delete_webhook = Eliminar webhook
+settings.recent_deliveries = Lliuraments recents
+settings.hook_type = Tipus de ganxo
+settings.add_web_hook_desc = Integrar <a target="_blank" rel="noreferrer" href="%s">%s</a> al vostre repositori.
+settings.graphql_url = URL GraphQL
+settings.packagist_username = Nom d'usuari Packagist
+settings.packagist_api_token = Testimoni API
+settings.packagist_package_url = URL del paquet Packagist
+settings.web_hook_name_sourcehut_builds = Builds SourceHut
+settings.sourcehut_builds.manifest_path = Camí del build manifest
+settings.sourcehut_builds.visibility = Visibilitat del treball
+settings.sourcehut_builds.secrets_helper = Permet que el treball accedeixi als secrets de build (necessita el permís SECRETS:RO)
+settings.sourcehut_builds.access_token_helper = Testimoni d'accés que té el permís JOBS:RW. Genera un <a target="_blank" rel="noopener noreferrer" href="%s">testimoni builds.sr.ht</a> o un <a target="_blank" rel="noopener noreferrer" href="%s">testimoni builds.sr.ht amb accés a secrets</a> a meta.sr.ht.
+settings.deploy_keys = Clau d'implementació
+settings.add_deploy_key = Afegir clau d'implementació
+settings.deploy_key_desc = Les claus d'implementació poden tenir accés només-de-lectura o de lectura-i-escriptura al repositori.
+settings.is_writable = Activa l'accés d'escriptura
+settings.is_writable_info = Permeteu que aquesta clau d'implementació pugui <strong>pujar (push)</strong> al repositori.
+settings.no_deploy_keys = Encara no hi ha claus d'implementació.
+settings.key_been_used = Ja hi ha una clau d'implementació idèntica.
+settings.key_name_used = Ja hi ha una clau d'implementació amb el mateix nom.
+settings.add_key_success = S'ha afegit la clau d'implementació "%s".
+settings.deploy_key_deletion = Eliminar clau d'implementació
+settings.deploy_key_deletion_desc = Eliminar una clau d'implementació en traurà l'accés al repositori. Continua?
+settings.deploy_key_deletion_success = S'ha eliminat la clau d'implementació.
+settings.protected_branch.save_rule = Regle de desada
+settings.protected_branch.delete_rule = Regla d'eliminada
+settings.branch_protection = Regles de protecció per a la branca "<b>%s</b>"
+settings.protect_new_rule = Crear una nova regla de protecció de branca
+settings.protect_disable_push = Desactivar pujada
+settings.protect_disable_push_desc = No es permetrà la pujada (push) en aquesta branca.
+settings.protect_enable_push = Activar pujada
+settings.protect_enable_push_desc = Tothom que tingui accés d'escriptura podrà pujar (push) a la branca (però no «force push»).
+settings.protect_enable_merge = Activar fusió
+settings.protect_enable_merge_desc = Tothom amb accés d'escriptura podrà fusionar «pull requests» a la branca.
+settings.protect_whitelist_committers = Pujada restringida
+settings.protect_whitelist_committers_desc = Només els usuaris i equips indicats a la llista blanca podran pujar (push) a la branca (però no «force push»).
+settings.protect_whitelist_users = Llista blanca d'usuaris per pujar
+settings.protect_whitelist_teams = Llista blanca d'equips per pujar
+settings.protect_merge_whitelist_committers = Activar llista blanca de fusió
+settings.protect_merge_whitelist_committers_desc = Només els usuaris i equips indicats a la llista blanca podran fusionar «pull requests» a la branca.
+settings.protect_merge_whitelist_users = Llista blanca d'usuaris per fusionar
+settings.protect_merge_whitelist_teams = Llista blanca d'equips per fusionar
+settings.protect_status_check_patterns = Patrons de comprovació d'estat
+settings.protect_status_check_patterns_desc = Introdueix patrons per especificar quines comprovacions s'han de fer abans de que una branca es pugui fusionar en aquesta branca. Cada línia especifica un patró. Els patrons no poden estar buits.
+settings.protect_check_status_contexts_desc = Requerir comprovació d'estat abans de fusionar. Quan s'activa, els commits s'han de pujar primer en una altra branca, i llavors es podran fusionar o pujar directament a la branca que indica aquesta regla, un cop hagin passat les comprovacions. Si no s'indica cap context, l'últim commit ha de ser satisfactori, sigui quin sigui el context.
+settings.protect_check_status_contexts_list = Comprovacions d'estat de la darrera setmana d'aquest repositori
+settings.protect_invalid_status_check_pattern = Patró de comprovació invàlid: "%s".
+settings.event_header_action = Esdeveniments d'execució d'accions
+settings.event_action_failure = Fallada
+settings.event_action_failure_desc = L'Acció ha fallat.
+settings.dismiss_stale_approvals = Ignora les aprovacions estancades
+settings.dismiss_stale_approvals_desc = Quan es facin commits nous a la branca que canviïn el contingut de la «pull request», les aprovacions antigues es descartaran.
+settings.ignore_stale_approvals = Ignorar aprovacions estancades
+settings.ignore_stale_approvals_desc = No afegeix el nombre d'aprovacions fetes en commits antics (revisions estancades) al total d'aprovacions de la PR. Això és irrellevant si les revisions estancades ja es descarten.
+settings.require_signed_commits = Requerir commits signats
+settings.require_signed_commits_desc = Rebutja pujades a aquesta branca si no són signades o no es poden verificar.
+settings.protect_branch_name_pattern = Patró de nom de branca protegit
+settings.protect_branch_name_pattern_desc = Patrons de nom de branca protegits. Vegeu <a href="%s">la documentació</a> per la sintaxi de patrons. Per exemple: main, release/**
+settings.protect_protected_file_patterns = Patrons de fitxer protegits (separats amb punt i coma ";")
+settings.protect_protected_file_patterns_desc = Els fitxers protegits no es poden modificar directament encara que l'usuari tingui permisos per afegir, editar i eliminar fitxers en aquesta branca. Es pot indicar més d'un patró, separats amb punt i coma (";"). Vegeu la documentació <a href="%[1]s">%[2]s</a> per la sintaxi de patrons. Per exemple: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
+settings.protect_unprotected_file_patterns = Patrons de fitxer no protegits (separats amb punt i coma ";")
+settings.protect_unprotected_file_patterns_desc = Els usuaris amb accés d'escriptura poden modificar els fitxers no protegits, saltant-se la restricció de pujada. Es pot indicar més d'un patró, separats amb punt i coma (";"). Vegeu la documentació <a href="%[1]s">%[2]s</a> per la sintaxi de patró. Per exemple: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
+settings.update_protect_branch_success = La regla de protecció de branca "%s" s'ha actualitzat.
+settings.remove_protected_branch_success = La regla de protecció de branca "%s" s'ha eliminat.
+settings.remove_protected_branch_failed = No s'ha pogut eliminar la regla de protecció de branca "%s".
+settings.protected_branch_deletion = Protecció d'eliminació de branca
+settings.protected_branch_deletion_desc = Desactivar la protecció de branca permet als usuaris amb accés d'escriptura pujar a la branca. Continua?
+settings.block_rejected_reviews = Bloqueja la fusió en revisions rebutjades
+settings.merge_style_desc = Estils de fusió
+settings.default_merge_style_desc = Estil de fusió predeterminat
+settings.tags.protection = Protecció d'etiquetes
+settings.tags.protection.pattern = Patró d'etiquetes
+settings.tags.protection.allowed.users = Usuaris permesos
+settings.tags.protection.allowed.teams = Equips permesos
+settings.tags.protection.allowed.noone = Ningú
+settings.tags.protection.create = Afegir regla
+settings.tags.protection.none = No hi ha etiquetes protegides.
+settings.tags.protection.pattern.description = Podeu usar un sol nom o un patró «glob» o expressió regular per coincidir amb diferents etiquetes. Llegiu-ne més en la <a target="_blank" rel="noopener" href="%s">guia d'etiquetes protegides</a>.
+settings.bot_token = Testimoni de bot
+settings.chat_id = ID de Xat
+settings.thread_id = ID de fil
+settings.matrix.homeserver_url = URL del homeserver
+settings.matrix.room_id = ID de sala
+settings.matrix.message_type = Tipus de missatge
+settings.archive.text = Arxivar el repositori el farà de només-lectura. S'amagarà del tauler. Ningú (tampoc vós!) hi podrà fer commits nous, o obrir-hi incidències o «pull requests».
+settings.archive.error = Hi ha hagut un error en arxivar el repositori. Vegeu el log per més detalls.
+settings.archive.error_ismirror = No podeu arxivar un repositori mirall.
+settings.archive.branchsettings_unavailable = La configuració de branca no és disponible en repositoris arxivats.
+settings.archive.tagsettings_unavailable = La configuració d'etiquetes no és disponible en repositoris arxivats.
+settings.archive.mirrors_unavailable = Els miralls no són disponibles en repositoris arxivats.
+settings.unarchive.button = Des-arxivar repositori
+settings.unarchive.header = Des-arxiva aquest repositori
+settings.unarchive.text = Des-arxivar el repositori farà possible rebre-hi commits i pujades, així com noves incidències i «pull requests».
+settings.unarchive.success = El repositori s'ha des-arxivat satisfactòriament.
+settings.unarchive.error = Hi ha hagut un error en des-arxivar el repositori. Vegeu el log per més detalls.
+settings.update_avatar_success = S'ha actualitzat l'avatar del repositori.
+editor.commit_empty_file_text = L'arxiu que s'està a punt de cometre és buit. Procedir?
+pulls.no_merge_not_ready = Aquesta «pull request» no està llesta per a ser fusionada, comprova l'estat de revisió i les comprovacions d'estat.
+activity.navbar.pulse = Pols
+settings.event_action_recover_desc = La execució de l'acció ha finalitzat amb èxit després de que la última execució en el mateix flux fallés.
+settings.event_action_success_desc = La execució de l'acció ha tingut èxit.
+settings.event_package_desc = Paquet creat o eliminat en un repositori.
+settings.branch_filter = Filtre de branca
+settings.branch_filter_desc = Llista blanca de la branca per als esdeveniments de pujada i creació/eliminació de branques, especificada com un patró «glob». Si és buida o <code>*</code>, s'enregistraran els esdeveniments de totes les branques. Vegeu la documentació <a href="%[1]s">%[2]s</a> per a la sintaxi. Per exemple: <code>master</code>, <code>{master,release*}</code>.
+settings.protect_whitelist_deploy_keys = Posar les claus d'implementació amb accés d'escriptura per pujar (push) a la llista blanca.
+settings.protect_no_valid_status_check_patterns = Sense patrons de comprovació d'estat vàlids.
+settings.protect_required_approvals = Aprovacions necessàries
+settings.protect_required_approvals_desc = Permet fusionar només «pull requests» amb prou revisions positives.
+settings.protect_approvals_whitelist_enabled = Limita les aprovacions als usuaris o equips de la llista blanca
+settings.protect_approvals_whitelist_enabled_desc = Només comptaran cap al total d'aprovacions necessàries les revisions d'usuaris i equips de la llista blanca. Si la llista és buida, en comptaran les revisions de tothom amb accés d'escriptura.
+settings.protect_approvals_whitelist_users = Revisors en la llista blanca
+settings.protect_approvals_whitelist_teams = Equips en la llista blanca per revisions
+settings.block_rejected_reviews_desc = No es podrà fusionar quan els revisors oficials en sol·licitin canvis, encara que hi hagi prou aprovacions.
+settings.block_on_official_review_requests = Bloquejar fusió en sol·licituds de revisió oficials
+settings.block_on_official_review_requests_desc = No es podrà fusionar quan tingui sol·licituds de revisió oficials, encara que hi hagi prou aprovacions.
+settings.block_outdated_branch = Bloquejar fusió si la «pull request» és obsoleta
+settings.block_outdated_branch_desc = No es podrà fusionar quan la branca cap (head) sigui darrera la branca base.
+settings.enforce_on_admins = Aplica aquesta regla als administradors del repositori
+settings.enforce_on_admins_desc = Els repositoris del repositori no poden saltar-se aquesta regla.
+settings.default_branch_desc = Tria una branca per defecte del repositori per a «pull requests» i commits:
+settings.choose_branch = Tria una branca…
+settings.no_protected_branch = No hi ha branques protegides.
+settings.protected_branch_required_rule_name = Nom de regla obligatori
+settings.protected_branch_duplicate_rule_name = Ja hi ha una regla per a aquest set de branques
+settings.protected_branch_required_approvals_min = El nombre d'aprovacions necessàries no pot ser negatiu.
+settings.lfs_filelist = Fitxers LFS desats en aquest repositori
+settings.lfs_no_lfs_files = No hi ha fitxers LFS desats en aquest repositori
+settings.lfs_findcommits = Cercar commits
+settings.lfs_lfs_file_no_commits = No s'ha trobat commits en aquest fitxer LFS
+settings.lfs_noattribute = Aquest camí no té l'atribut bloquejable en la branca per defecte
+settings.lfs_delete = Eliminar fitxer LFS amb OID %s
+settings.lfs_delete_warning = Eliminar un fitxer LFS pot provocar errors de "aquest objecte no existeix" en fer checkout. Continuar?
+settings.lfs_findpointerfiles = Cercar fitxers de punters
+settings.lfs_locks = Bloqueigs
+settings.lfs_invalid_locking_path = Camí invàlid: %s
+settings.lfs_invalid_lock_directory = No es pot bloquejar el directori: %s
+settings.lfs_lock_already_exists = Ja està bloquejat: %s
+settings.lfs_lock = Bloqueig
+settings.lfs_lock_path = Camí al fitxer per bloquejar…
+settings.lfs_locks_no_locks = Sense bloqueigs
+settings.lfs_lock_file_no_exist = El fitxer bloquejat no existeix en la branca per defecte
+settings.lfs_force_unlock = Forçar el desbloqueig
+settings.lfs_pointers.sha = Hash del «blob»
+settings.lfs_pointers.inRepo = En repositori
+settings.lfs_pointers.exists = Existeix en magatzem
+settings.lfs_pointers.accessible = Accessible per l'usuari
+settings.rename_branch_failed_protected = No es pot canviar el nom de la branca %s perquè està protegida.
+settings.rename_branch_failed_exist = No es pot canviar el nom de la branca perquè la branca objectiu %s existeix.
+settings.rename_branch_failed_not_exist = No es pot canviar el nom de la branca %s perquè no existeix.
+settings.rename_branch_success = S'ha canviat el nom de la branca %s satisfactòriament.
+settings.rename_branch = Canviar el nom de branca
+diff.browse_source = Explorar codi font
+diff.comment.markdown_info = S'admet el format Markdown.
+release.add_tag_msg = Usar el títol i contingut de la publicació com al missatge d'etiqueta.
+release.hide_archive_links = Amagar els arxius generats automàticament
+release.hide_archive_links_helper = Amaga automàticament els arxius de codi font generats per a aquesta publicació. Per exemple, si n'esteu pujant els vostres.
+release.add_tag = Crear etiqueta
+release.releases_for = Publicacions per %s
+release.tags_for = Etiquetes per %s
+release.system_generated = Aquest adjunt es genera automàticament.
+release.type_attachment = Adjunt
+release.type_external_asset = Actiu extern
+release.asset_name = Nom d'actiu
+release.asset_external_url = URL externa
+release.add_external_asset = Afegeix actiu extern
+release.invalid_external_url = URL externa invàlida: "%s"
+branch.name = Nom de branca
+branch.already_exists = Ja existeix una branca anomenada "%s".
+branch.delete = Eliminar branca "%s"
+branch.delete_html = Eliminar branca
+branch.deletion_success = S'ha eliminat la branca "%s".
+release.summary_card_alt = Panell de resum d'una publicació titulada "%s" al repositori %s
+branch.delete_desc = Eliminar una branca és permanent. Malgrat la branca eliminada pot seguir existint durant una estona abans d'eliminar-se completament, aquesta acció NO es pot desfer en la majoria de casos. Continuar?
+branch.deletion_failed = No s'ha pogut eliminar la branca "%s".
+branch.delete_branch_has_new_commits = No s'ha pogut eliminar la branca "%s" perquè s'han afegit nou commits després de fusionar-la.
+branch.create_branch = Crear branca %s
+branch.create_from = des de "%s"
+branch.create_success = S'ha creat la branca "%s".
+branch.branch_already_exists = La branca "%s" ja existeix en aquest repositori.
+branch.branch_name_conflict = El nom de branca "%s" col·lideix amb la branca "%s" que ja existeix.
+branch.tag_collision = No es pot crear la branca "%s" perquè ja existeix una etiqueta amb el mateix nom al repositori.
+branch.deleted_by = Eliminada per %s
+branch.restore_success = S'ha restaurat la branca "%s".
+branch.restore_failed = No s'ha pogut restaurar la branca "%s".
+branch.protected_deletion_failed = La branca "%s" és protegida. No es pot eliminar.
+branch.default_deletion_failed = La branca "%s" és la branca per defecte. No es pot eliminar.
+branch.restore = Restaurar la branca "%s"
+branch.download = Baixar la branca "%s"
+branch.rename = Canviar el nom de la branca "%s"
+branch.included_desc = Aquesta branca és part de la branca per defecte
+branch.included = Inclosa
+branch.create_new_branch = Crear branca des de branca:
+branch.confirm_create_branch = Crear branca
+branch.warning_rename_default_branch = Esteu canviant el nom de la branca per defecte.
+branch.rename_branch_to = Canviant el nom de la branca "%s".
+branch.create_branch_operation = Crear branca
+branch.new_branch = Crear branca nova
+branch.new_branch_from = Crear branca nova des de "%s"
+branch.renamed = La branca %s ha canviat el nom a %s.
+tag.create_tag = Crear etiqueta %s
+tag.create_tag_operation = Crear etiqueta
+tag.confirm_create_tag = Crear etiqueta
+tag.create_tag_from = Crear nova etiqueta des de "%s"
+tag.create_success = S'ha creat l'etiqueta "%s".
+topic.manage_topics = Gestionar temes
+topic.count_prompt = No podeu seleccionar més de 25 temes
+topic.format_prompt = Els temes han de començar amb una lletra o número, poden incloure guions ("-") i punts ("."), i tenir fins a 35 caràcters. Les lletres han de ser minúscules.
+find_file.go_to_file = Cercar fitxer
+find_file.no_matching = No s'ha trobat un fitxer coincident
+error.csv.too_large = No es pot mostrar aquest fitxer perquè és massa gran.
+error.csv.unexpected = No es pot mostrar aquest fitxer perquè conté un caràcter inesperat a la línia %d i columna %d.
+error.csv.invalid_field_count = No es pot mostrar aquest fitxer perquè té un nombre d'entrades incorrecte a la línia %d.
+settings.web_hook_name_feishu = Feishu / Lark Suite
+settings.web_hook_name_larksuite_only = Lark Suite
+settings.web_hook_name_wechatwork = WeCom (Wechat Work)
+settings.lfs_pointers.found = S'ha trobat %d punters de blob - %d associats, %d no associats (%d no són a l'emmagatzematge)
+settings.lfs_pointers.associateAccessible = Associar %d OIDs accessibles
 
 [user]
 unblock = Desbloquejar
@@ -2298,9 +2656,13 @@ starred = Repositoris destacats
 executable_file = Fitxer executable
 symbolic_link = Enllaç simbòlic
 submodule = Submòdul
+normal_file = Fitxer normal
+directory = Directori
 
 [markup]
 filepreview.truncated = La vista prèvia s'ha truncat
+filepreview.line = Línia %[1]d a %[2]s
+filepreview.lines = Línies %[1]d a %[2]d en %[3]s
 
 [translation_meta]
 test = Aquest és un text de prova. No es mostra a l'interfície d'usuari de Forgejo, però s'utilitza amb finalitats de prova. Pots introduir "d'acord" per a estalviar temps (o alguna frase divertida al teu gust) i arribar a la dolça fita del 100% :)
@@ -2329,7 +2691,7 @@ settings.confirm_delete_account = Confirmar-ne l'eliminació
 settings.delete_org_title = Eliminar l'organització
 settings.delete_org_desc = Aquesta organització s'eliminarà permanentment. Voleu continuar?
 settings.labels_desc = Afegiu etiquetes que poden ser usades a totes les incidències de <strong>tots els repositoris</strong> d'aquesta organització.
-members.private = Ocult
+members.private = Amagat
 members.member_role = Funció del membre:
 members.owner = Propietari
 members.member = Membre
@@ -2365,6 +2727,48 @@ members = Membres
 teams = Equips
 code = Codi
 lower_repositories = repositoris
+settings.repoadminchangeteam = L'administrador del repositori pot donar-ne i treure'n l'accés als equips
+members.leave = Marxar
+org_name_holder = Nom de l'organització
+org_full_name_holder = Nom complet de l'organització
+org_name_helper = Els noms d'organització han de ser curts i memorables.
+create_org = Crear organització
+open_dashboard = Obrir tauler
+repo_updated = Actualitzat %s
+create_new_team = Nou equip
+create_team = Crear equip
+team_name_helper = Els noms d'equip han de ser curts i memorables.
+team_desc_helper = Descriviu l'objectiu o rol de l'equip.
+team_permission_desc = Permís
+team_unit_desc = Permetre accés a seccions del repositori
+team_unit_disabled = (Desactivat)
+follow_blocked_user = No podeu seguir aquesta organització perquè us ha bloquejat.
+form.name_reserved = El nom d'organització "%s" és reservat.
+form.name_pattern_not_allowed = El patró "%s" no està permès en un nom d'organització.
+form.create_org_not_allowed = No teniu permisos per crear una organització.
+settings.change_orgname_prompt = Nota: Canviar el nom de l'organització també en canviarà l'URL i alliberarà el nom antic.
+settings.change_orgname_redirect_prompt.with_cooldown.one = El nom antic de l'organització serà disponible a tothom després d'un període de protecció de %[1]d dia. Encara podreu reclamar el nom antic durant el període de protecció.
+settings.change_orgname_redirect_prompt.with_cooldown.few = El nom antic de l'organització serà disponible a tothom després d'un període de protecció de %[1]d dies. Encara podreu reclamar el nom antic durant el període de protecció.
+settings.hooks_desc = Afegir webhooks que s'activaran a <strong>tots els repositoris</strong> en aquesta organització.
+members.public_helper = Ocultar
+members.private_helper = Fer visible
+teams.admin_access_helper = Els membres poden pujar (push) i baixar (pull) als repositoris de l'equip i afegir-hi col·laboradors.
+teams.delete_team_desc = Eliminar un equip fa que els seus membres perdin accés al repositori. Continuar?
+teams.delete_team_success = S'ha eliminat l'equip.
+teams.admin_permission_desc = Aquest equip atorga accés d'<strong>administrador</strong>: els membres poden veure els repositoris de l'equip, pujar-hi (push) i afegir-hi col·laboradors.
+teams.remove_all_repos_desc = Això eliminarà tots els repositoris de l'equip.
+teams.add_all_repos_desc = Això afegirà tots els repositoris de l'organització a l'equip.
+teams.add_nonexistent_repo = El repositori que voleu afegir no existeix. Si us plau, creeu-lo.
+teams.add_duplicate_users = L'usuari ja és un membre de l'equip.
+teams.repos.none = Aquest equip no pot accedir a cap repositori.
+teams.members.none = No hi ha membres a l'equip.
+teams.specific_repositories = Repositoris específics
+teams.specific_repositories_helper = Els membres només tindran accés a repositoris afegits explícitament a l'equip. Seleccionar això <strong>no eliminarà</strong> automàticament els repositoris ja afegits a <i>Tots els repositoris</i>.
+teams.all_repositories = Tots els repositoris
+teams.all_repositories_helper = L'equip té accés a tots els repositoris. Seleccionar això <strong>afegirà tots els repositoris</strong> a l'equip.
+teams.invite.title = Heu sigut convidats a unir-vos a l'equip <strong>%s</strong> a l'organització <strong>%s</strong>.
+teams.invite.by = convidat per %s
+teams.invite.description = Si us plau, feu clic al botó aquí sota per unir-vos a l'equip.
 
 [admin]
 dashboard.cron.finished = Cron: %[1]s ha finalitzat
@@ -2422,5 +2826,96 @@ orgs.members = Membres
 orgs.new_orga = Nova organització
 repositories = Repositoris
 hooks = Webhooks
+dashboard.delete_generated_repository_avatars = Suprimir els avatars de repositori generats
+dashboard.sync_repo_tags = Sincronitzar les etiquetes de les dades de Git a la base de dades
+dashboard.repo_health_check = Comprovar la salut de tots els repositoris
+dashboard = Tauler
+self_check = Comprovació automàtica
+identity_access = Identitat i accés
+users = Comptes d'usuari
+organizations = Organitzacions
+assets = Recursos de codi
+integrations = Integracions
+authentication = Fonts d'autentificació
+emails = Adreces de correu electrònic d'usuaris
+config = Configuració
+config_summary = Resum
+config_settings = Configuració
+monitor = Monitoratge
+first_page = Primer
+last_page = Últim
+total = Total: %d
+settings = Configuració d'administrador
+dashboard.new_version_hint = Forgejo %s és ara disponible, esteu executant %s. Comprova <a target="_blank" rel="noreferrer" href="%s">el blog</a> per més detalls.
+dashboard.statistic = Resum
+dashboard.operations = Operacions de manteniment
+dashboard.system_status = Estat del sistema
+dashboard.operation_name = Nom d'operació
+dashboard.clean_unbind_oauth = Neteja les connexions OAuth desenllaçades
 
-[actions]
\ No newline at end of file
+[actions]
+variables = Variables
+variables.management = Gestionar variables
+variables.creation = Afegir variables
+variables.none = Encara no hi ha variables.
+variables.deletion = Eliminar variable
+variables.deletion.description = Eliminar una variable és permanent i no es pot desfer. Continua?
+variables.description = Les variables es passaran a certes accions i no es poden llegir altrament.
+variables.edit = Editar variable
+variables.not_found = No s'ha trobat la variable.
+variables.deletion.failed = No s'ha pogut eliminar la variable.
+variables.deletion.success = S'ha canviar el nom de la variable.
+variables.creation.failed = No s'ha pogut afegir la variable.
+variables.creation.success = S'ha afegit la variable "%s".
+variables.update.failed = No s'ha pogut editar la variable.
+variables.update.success = S'ha editat la variable.
+runs.no_workflows.help_write_access = No sabeu com començar amb Forgejo Actions? Feu un cop d'ull als <a target="_blank" rel="noopener noreferrer" href="%s">primers passos a la documentació d'usuari</a> per escriure el vostre primer flux de treball, llavors <a target="_blank" rel="noopener noreferrer" href="%s">configureu un runner Forgejo</a> per a executar els vostres treballs.
+runs.no_workflows.help_no_write_access = Per saber-ne més sobre Forgejo Actions, vegeu <a target="_blank" rel="noopener noreferrer" href="%s">la documentació</a>.
+
+[projects]
+deleted.display_name = Projecte eliminat
+type-1.display_name = Projecte individual
+type-2.display_name = Projecte del repositori
+type-3.display_name = Projecte de l'organització
+
+[secrets]
+secrets = Secrets
+description = Els secrets es passaran a certes accions i no es poden llegir altrament.
+none = Encara no hi ha secrets.
+creation = Afegir secret
+creation.success = S'ha afegit el secret "%s".
+creation.failed = No s'ha pogut afegir el secret.
+deletion = Eliminar secret
+deletion.description = Eliminar un secret és permanent i no es pot desfer. Continua?
+deletion.success = S'ha eliminat el secret.
+deletion.failed = No s'ha pogut eliminar el secret.
+management = Gestionar secrets
+
+[repo.permissions]
+code.read = <b>Lectura:</b> Accedir i clonar el codi del repositori.
+issues.read = <b>Lectura:</b> Llegir i crear incidències i comentaris.
+pulls.read = <b>Lectura:</b> Llegir i crear «pull requests».
+releases.read = <b>Lectura:</b> Veure i baixar publicacions.
+wiki.read = <b>Lectura:</b> Llegir la wiki integrada i el seu historial.
+projects.read = <b>Lectura:</b> Accedir els taulells de projecte del repositori.
+packages.read = <b>Lectura:</b> Llegir i baixar paquets assignats al repositori.
+actions.read = <b>Lectura:</b> Veure l'execució dels fluxos de treball i els seus registres (logs).
+code.write = <b>Escriptura:</b> Pujar (push) al repositori, crear branques i etiquetes.
+issues.write = <b>Escriptura:</b> Tancar incidències i gestionar metadades com etiquetes, fites, assignacions, terminis i dependències.
+pulls.write = <b>Escriptura:</b> Tancar «pull requests» i gestionar metadades com etiquetes, fites, assignacions, terminis i dependències.
+releases.write = <b>Escriptura:</b> Publicar, editar i eliminar publicacions i els seus recursos.
+wiki.write = <b>Escriptura:</b> Crear, modificar i eliminar pàgines en la wiki integrada.
+projects.write = <b>Escriptura:</b> Crear projectes i columnes, i editar-los.
+packages.write = <b>Escriptura:</b> Publicar i eliminar paquets assignats al repositori.
+actions.write = <b>Escriptura:</b> Activar, reiniciar i cancel·lar fluxos de treball. Gestionar la delegació de confiança als autors de «pull requests».
+ext_issues = Accedir a l'enllaç a un gestor d'incidències extern. Els permisos es gestionen allà.
+ext_wiki = Accedir a l'enllaç a una wiki externa. Els permisos es gestionen allà.
+
+[graphs]
+component_loading = Carregant %s…
+component_loading_failed = No s'ha pogut carregar %s
+component_loading_info = Això trigarà una estona…
+component_failed_to_load = Ha passat un error inesperat.
+code_frequency.what = freqüència de codi
+contributors.what = contribucions
+recent_commits.what = commits recents
\ No newline at end of file
diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 134877487e..f1893024ce 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -181,7 +181,7 @@ buttons.bold.tooltip=Přidat tučný text (Ctrl+B / ⌘B)
 buttons.italic.tooltip=Přidat kurzívu (Ctrl+I / ⌘I)
 buttons.quote.tooltip=Citace
 buttons.code.tooltip=Přidat kód
-buttons.link.tooltip=Přidat odkaz
+buttons.link.tooltip=Přidat odkaz (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip=Přidat odrážkový seznam
 buttons.list.ordered.tooltip=Přidat číslovaný seznam
 buttons.list.task.tooltip=Přidat seznam úkolů
diff --git a/options/locale/locale_da.ini b/options/locale/locale_da.ini
index cbfc0a1550..869fd0b734 100644
--- a/options/locale/locale_da.ini
+++ b/options/locale/locale_da.ini
@@ -187,8 +187,8 @@ more = Mere
 
 [editor]
 buttons.heading.tooltip = Tilføj overskrift
-buttons.bold.tooltip = Tilføj fed tekst
-buttons.italic.tooltip = Tilføj kursiv tekst
+buttons.bold.tooltip = Tilføj fed tekst (Ctrl+B / ⌘B)
+buttons.italic.tooltip = Tilføj kursiv tekst (Ctrl+I / ⌘I)
 buttons.quote.tooltip = Citat tekst
 buttons.code.tooltip = Tilføj kode
 buttons.link.tooltip = Tilføj et link
@@ -348,7 +348,7 @@ require_sign_in_view.description = Begræns indholdsadgang til ind-loggede bruge
 default_allow_create_organization.description = Tillad nye brugere at oprette organisationer som standard. Når denne mulighed er deaktiveret, skal en administrator give tilladelse til at oprette organisationer til nye brugere.
 password_algorithm = Adgangskode hash algoritme
 enable_update_checker_helper_forgejo = Den vil med jævne mellemrum tjekke for nye Forgejo versioner ved at tjekke en TXT DNS-posten på release.forgejo.org.
-password_algorithm_helper = Indstil adgangskode-hash-algoritmen. Algoritmer har forskellige krav og styrke. Argon2-algoritmen er ret sikker, men bruger meget hukommelse og kan være upassende til små systemer.
+password_algorithm_helper = Indstil adgangskode-hash-algoritmen. Algoritmer har forskellige krav og styrker. Argon2-algoritmen er ret sikker, men bruger meget hukommelse og kan være upassende til små systemer.
 openid_signup.description = Tillad brugere at oprette konti via OpenID, hvis selvregistrering er aktiveret.
 
 [home]
@@ -865,7 +865,7 @@ key_content_ssh_placeholder = Begynder med "ssh-ed25519", "ssh-rsa", "ecdsa-sha2
 gpg_key_matched_identities_long = De indlejrede identiteter i denne nøgle matcher de følgende aktiverede e-mailadresser for denne bruger. Commits, der matcher disse e-mailadresser, kan bekræftes med denne nøgle.
 gpg_key_deletion_success = GPG-nøglen er blevet fjernet.
 email_preference_set_success = E-mail-præference er blevet indstillet.
-keep_email_private_popup = Din e-mailadresse vil ikke blive vist på din profil og vil ikke være standard for commits foretaget via webgrænsefladen, som f.eks. filupload, redigeringer og merge commits. I stedet kan en speciel adresse %s bruges til at linke commits til din konto. Denne mulighed vil ikke påvirke eksisterende commits.
+keep_email_private_popup = E-mailadressen vil ikke blive vist på profilsiden og vil ikke være standard for commits foretaget via webgrænsefladen, som f.eks. filupload, redigeringer og merge commits. I stedet kan en speciel adresse %s bruges til at linke commits til brugerens konto. Denne mulighed vil ikke påvirke eksisterende commits.
 gpg_desc = Disse offentlige GPG-nøgler er knyttet til din konto og bruges til at bekræfte dine commits. Opbevar dine private nøgler sikkert, da de giver dig mulighed for at underskrive commits med din identitet.
 gpg_token_help = Du kan generere en signatur ved at bruge:
 ssh_key_verified_long = Nøglen er blevet bekræftet med et token og kan bruges til at bekræfte commits, der matcher enhver aktiveret e-mail-adresse for denne bruger.
@@ -973,7 +973,7 @@ quota.applies_to_user = Følgende kvoteregler gælder for din konto
 quota.rule.exceeded.helper = Den samlede størrelse af objekter for denne regel har overskredet kvoten.
 storage_overview = Opbevaringsoversigt
 quota = Kvote
-quota.applies_to_org = Følgende kontingentregler gælder for denne organisation
+quota.applies_to_org = Følgende kvoteregler gælder for denne organisation
 quota.rule.exceeded = Oversteget
 quota.rule.no_limit = Ubegrænset
 quota.sizes.all = Alle
@@ -1054,7 +1054,7 @@ mirror_sync = synkroniseret
 mirror_sync_on_commit = Synkroniser når commits er pushed
 mirror_address = Klon fra URL
 mirror_address_desc = Angiv eventuelle nødvendige legitimationsoplysninger i sektionen Autorisation.
-mirror_address_url_invalid = Den angivne URL er ugyldig. Du skal escape alle komponenter i URL'en korrekt.
+mirror_address_url_invalid = Den angivne URL er ugyldig. Du skal sikre dig at alle komponenter i URL'en er escapet korrekt.
 mirror_lfs = Stort fillager (LFS)
 mirror_lfs_desc = Aktiver spejling af LFS-data.
 mirror_lfs_endpoint = LFS-endepunkt
@@ -1506,7 +1506,7 @@ issues.ref_closing_from = `<a href="%[2]s">henviste til dette problem fra en pul
 issues.author.tooltip.issue = Denne bruger er forfatteren til dette problem.
 issues.author.tooltip.pr = Denne bruger er forfatteren af denne pull-anmodning.
 issues.role.owner = Ejer
-issues.role.owner_helper = Denne bruger er ejeren af dette depot.
+issues.role.owner_helper = Denne bruger er en ejer af dette depot.
 issues.role.member = Medlem
 issues.filter_label = Etiket
 issues.filter_label_no_select = Alle etiketter
@@ -1641,8 +1641,8 @@ issues.add_time_hours = Timer
 issues.add_time_sum_to_small = Ingen tid blev indtastet.
 issues.time_spent_from_all_authors = `Samlet tid brugt: %s`
 issues.time_spent_total = Samlet tid brugt
-issues.unlock.title = Lås op for samtale om dette problem.
-issues.lock.title = Lås samtale om dette problem.
+issues.unlock.title = Lås samtale op
+issues.lock.title = Lås samtale.
 issues.comment_on_locked = Du kan ikke kommentere på et låst problem.
 issues.delete = Slet
 issues.delete.title = Slet dette problem?
@@ -1802,7 +1802,7 @@ pulls.manually_merged = Manuelt flettet
 pulls.merged_info_text = Grenen %s kan nu slettes.
 pulls.is_closed = Pull-anmodningen er blevet lukket.
 pulls.nothing_to_compare = Disse grene er lige store. Der er ingen grund til at oprette en pull-anmodning.
-pulls.nothing_to_compare_have_tag = Den valgte gren/tag er ens.
+pulls.nothing_to_compare_have_tag = De valgte grene/tags er ens.
 pulls.nothing_to_compare_and_allow_empty_pr = Disse grene er lige store. Denne PR vil være tom.
 pulls.has_pull_request = `Der findes allerede en pull-anmodning mellem disse grene: <a href="%[1]s">%[2]s#%[3]d</a>`
 pulls.create = Opret pull-anmodning
@@ -2684,7 +2684,7 @@ branch.included_desc = Denne gren er en del af standardgrenen
 branch.included = Inkluderet
 branch.create_new_branch = Opret en gren fra gren:
 branch.confirm_create_branch = Opret gren
-branch.rename_branch_to = Omdøb "%s" til:
+branch.rename_branch_to = Omdøber gren "%s".
 migrate.repo_desc_helper = Lad være tom for at importere eksisterende beskrivelse
 archive.nocomment = Det er ikke muligt at kommentere, fordi depotet er arkiveret.
 comment.blocked_by_user = Det er ikke muligt at kommentere, fordi du er blokeret af depots ejer eller forfatteren.
@@ -2957,7 +2957,7 @@ dashboard.clean_unbind_oauth_success = Alle ubundne OAuth-forbindelser er blevet
 dashboard.task.started = Startet opgave: %[1]s
 dashboard.task.cancelled = Opgave: %[1]s annulleret: %[3]s
 dashboard.task.error = Fejl i Opgave: %[1]s: %[3]s
-dashboard.resync_all_hooks = Gensynkroniser pre-receive, update og post-receive hooks for alle depoter
+dashboard.resync_all_hooks = Gensynkroniser Git hooks for alle depoter (pre-receive, update, post-receive, proc-receive,...)
 dashboard.reinit_missing_repos = Geninitialiser alle manglende Git-depoter, som der findes poster for
 dashboard.sync_external_users = Synkroniser eksterne brugerdata
 dashboard.cleanup_hook_task_table = Oprydning hook_task tabel
@@ -3429,7 +3429,7 @@ days = %d dage
 now = nu
 
 [repo.permissions]
-actions.read = <b>Læs:</b> Se integrerede CI/CD-pipelines og deres logfiler.
+actions.read = <b>Læs:</b> Se worklows og deres logfiler.
 releases.write = <b>Skriv:</b> Udgiv, rediger og slet udgivelser og deres aktiver.
 wiki.read = <b>Læs:</b> Læs den integrerede wiki og dens historie.
 wiki.write = <b>Skriv:</b> Opret, opdater og slet sider i den integrerede wiki.
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index f316cb55c9..c34f152934 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -41,7 +41,7 @@ webauthn_sign_in=Drücke den Knopf auf deinem Sicherheitsschlüssel. Wenn dein S
 webauthn_press_button=Drücke den Knopf auf deinem Sicherheitsschlüssel …
 webauthn_use_twofa=Zwei-Faktor-Authentifizierung via Handy verwenden
 webauthn_error=Dein Sicherheitsschlüssel konnte nicht gelesen werden.
-webauthn_unsupported_browser=Dein Browser unterstützt derzeit keinen WebAuthn.
+webauthn_unsupported_browser=Dein Browser unterstützt derzeit kein WebAuthn.
 webauthn_error_unknown=Ein unbekannter Fehler ist aufgetreten. Bitte versuche es erneut.
 webauthn_error_insecure=WebAuthn unterstützt nur sichere Verbindungen. Zum Testen über HTTP kannst du „localhost“ oder „127.0.0.1“ als Host verwenden
 webauthn_error_unable_to_process=Der Server konnte deine Anfrage nicht bearbeiten.
@@ -182,7 +182,7 @@ buttons.bold.tooltip=Fettschrift hinzufügen (Strg+B / ⌘B)
 buttons.italic.tooltip=Kursivschrift hinzufügen (Strg+I / ⌘I)
 buttons.quote.tooltip=Text zitieren
 buttons.code.tooltip=Code hinzufügen
-buttons.link.tooltip=Link hinzufügen
+buttons.link.tooltip=Link hinzufügen (Strg+K / ⌘K)
 buttons.list.unordered.tooltip=Liste hinzufügen
 buttons.list.ordered.tooltip=Nummerierte Liste hinzufügen
 buttons.list.task.tooltip=Aufgabenliste hinzufügen
@@ -394,17 +394,17 @@ account_activated=Konto wurde aktiviert
 prohibit_login=Das Konto ist gesperrt
 prohibit_login_desc=Dein Konto ist auf dieser Instanz gesperrt worden. Bitte kontaktiere den Instanz-Administrator.
 resent_limit_prompt=Du hast bereits eine Aktivierungs-E-Mail angefordert. Bitte warte 3 Minuten und probiere es dann nochmal.
-has_unconfirmed_mail=Hallo %s, du hast eine unbestätigte E-Mail-Adresse (<b>%s</b>). Wenn du keine Bestätigungs-E-Mail erhalten hast oder eine neue senden möchtest, klicke bitte auf den folgenden Button.
+has_unconfirmed_mail=Hallo, %s, du hast eine unbestätigte E-Mail-Adresse (<b>%s</b>). Wenn du keine Bestätigungs-E-Mail erhalten hast oder eine neue senden möchtest, klicke bitte auf den folgenden Button.
 resend_mail=Aktivierungs-E-Mail erneut verschicken
 send_reset_mail=Wiederherstellungs-E-Mail senden
 reset_password=Kontowiederherstellung
 invalid_code=Dein Bestätigungs-Code ist ungültig oder abgelaufen.
 invalid_code_forgot_password=Dein Bestätigungscode ist ungültig oder abgelaufen. Klicke <a href="%s">hier</a>, um eine neue Sitzung zu starten.
-invalid_password=Ihr Passwort stimmt nicht mit dem Passwort überein, das zur Erstellung des Kontos verwendet wurde.
+invalid_password=Dein Passwort stimmt nicht mit dem Passwort überein, das zur Erstellung des Kontos verwendet wurde.
 reset_password_helper=Konto wiederherstellen
 reset_password_wrong_user=Du bist angemeldet als %s, aber der Link zur Kontowiederherstellung ist für %s
 password_too_short=Das Passwort muss mindestens %d Zeichen lang sein.
-non_local_account=Benutzer, die nicht von Forgejo verwaltet werden können ihre Passwörter nicht über das Web Interface ändern.
+non_local_account=Benutzer, die nicht von Forgejo verwaltet werden, können ihre Passwörter nicht über das Web-Interface ändern.
 verify=Verifizieren
 scratch_code=Einmalpasswort
 use_scratch_code=Einmalpasswort verwenden
@@ -423,9 +423,9 @@ oauth.signin.error.access_denied=Die Autorisierungsanfrage wurde abgelehnt.
 oauth.signin.error.temporarily_unavailable=Autorisierung fehlgeschlagen, da der Authentifizierungsserver vorübergehend nicht verfügbar ist. Bitte versuch es später erneut.
 openid_connect_submit=Verbinden
 openid_connect_title=Mit bestehendem Konto verbinden
-openid_connect_desc=Die gewählte OpenID-URI ist unbekannt. Ordne sie hier einem neuen Account zu.
+openid_connect_desc=Die gewählte OpenID-URI ist unbekannt. Ordne sie hier einem neuen Konto zu.
 openid_register_title=Neues Konto einrichten
-openid_register_desc=Die gewählte OpenID-URI ist unbekannt. Ordne sie hier einem neuen Account zu.
+openid_register_desc=Die gewählte OpenID-URI ist unbekannt. Ordne sie hier einem neuen Konto zu.
 openid_signin_desc=Gib deine OpenID-URI ein, zum Beispiel alice.openid.example.org oder https://openid.example.org/alice.
 disable_forgot_password_mail=Die Kontowiederherstellung ist deaktiviert, da keine E-Mail eingerichtet ist. Bitte kontaktiere den zuständigen Administrator.
 disable_forgot_password_mail_admin=Die Kontowiederherstellung ist nur verfügbar, wenn eine E-Mail eingerichtet wurde. Bitte richte eine E-Mail-Adresse ein, um die Kontowiederherstellung freizuschalten.
@@ -455,7 +455,7 @@ use_onetime_code = Einen Einmal-Code benutzen
 view_it_on=Auf %s ansehen
 reply=oder antworte direkt auf diese E-Mail
 link_not_working_do_paste=Link funktioniert nicht? Versuche, ihn zu kopieren und im Browser einzufügen.
-hi_user_x=Hallo <b>%s</b>,
+hi_user_x=Hallo, <b>%s</b>,
 
 activate_account=Bitte aktiviere dein Konto
 activate_account.text_1=Hallo <b>%[1]s</b>, danke für deine Registrierung bei %[2]s!
@@ -533,7 +533,7 @@ totp_enrolled.text_1.no_webauthn = Du hast gerade eben TOTP für dein Konto akti
 
 [modal]
 yes=Ja
-no=Abbrechen
+no=Nein
 confirm=Bestätigen
 cancel=Abbrechen
 modify=Aktualisieren
@@ -581,7 +581,7 @@ repo_name_been_taken=Der Repository-Name wird schon verwendet.
 repository_force_private=Privat erzwingen ist aktiviert: Private Repositorys können nicht veröffentlicht werden.
 repository_files_already_exist=Dateien für dieses Repository sind bereits vorhanden. Kontaktiere den Systemadministrator.
 repository_files_already_exist.adopt=Dateien für dieses Repository existieren bereits und können nur übernommen werden.
-repository_files_already_exist.delete=Dateien für dieses Repository sind bereits vorhanden. Du must sie löschen.
+repository_files_already_exist.delete=Dateien für dieses Repository sind bereits vorhanden. Du musst sie löschen.
 repository_files_already_exist.adopt_or_delete=Dateien für dieses Repository existieren bereits. Du musst sie entweder übernehmen oder löschen.
 visit_rate_limit=Die Ratenbegrenzung bei der Gegenseite wurde erreicht.
 2fa_auth_required=Die Gegenseite benötigt Zweifaktorauthentifikation.
@@ -597,7 +597,7 @@ password_lowercase_one=Mindestens ein Kleinbuchstabe
 password_uppercase_one=Mindestens ein Großbuchstabe
 password_digit_one=Mindestens eine Ziffer
 password_special_one=Mindestens ein Sonderzeichen (Satzzeichen, Klammern, Anführungszeichen, etc.)
-enterred_invalid_repo_name=Der eingegebenen Repository-Name ist falsch.
+enterred_invalid_repo_name=Der eingegebene Repository-Name ist falsch.
 enterred_invalid_org_name=Der eingegebene Organisationsname ist falsch.
 enterred_invalid_owner_name=Der Name des neuen Besitzers ist ungültig.
 enterred_invalid_password=Das eingegebene Passwort ist falsch.
@@ -608,8 +608,8 @@ cannot_add_org_to_team=Eine Organisation kann nicht als Teammitglied hinzugefüg
 duplicate_invite_to_team=Der Benutzer wurde bereits als Teammitglied eingeladen.
 organization_leave_success=Du hast die Organisation %s erfolgreich verlassen.
 
-invalid_ssh_key=Dein SSH-Key kann nicht überprüft werden: %s
-invalid_gpg_key=Dein GPG-Key kann nicht überprüft werden: %s
+invalid_ssh_key=Dein SSH-Schlüssel kann nicht überprüft werden: %s
+invalid_gpg_key=Dein GPG-Schlüssel kann nicht überprüft werden: %s
 invalid_ssh_principal=Ungültige Identität: %s
 must_use_public_key=Der von dir bereitgestellte Schlüssel ist ein privater. Bitte lade deinen privaten Schlüssel nirgendwo hoch, sondern verwende stattdessen deinen öffentlichen.
 unable_verify_ssh_key=Der SSH-Schlüssel kann nicht verifiziert werden, überprüfe ihn auf Fehler.
@@ -665,7 +665,7 @@ form.name_chars_not_allowed=Benutzername „%s“ enthält ungültige Zeichen.
 block_user = Benutzer blockieren
 block_user.detail = Bitte beachte, dass die Blockierung eines Benutzers auch andere Auswirkungen hat, so wie:
 block_user.detail_2 = Dieser Benutzer wird nicht mehr nicht mit deinen Repositorys oder von dir erstellten Issues und Kommentaren interagieren können.
-block_user.detail_1 = Ihr werdet euch nicht mehr gegenseitig folgen und könnt euch auch nicht mehr gegenseitig folgen.
+block_user.detail_1 = Ihr werdet euch nicht mehr gegenseitig folgen und es auch nicht mehr können.
 block = Blockieren
 follow_blocked_user = Du kannst diesen Benutzer nicht folgen, weil du ihn blockiert hast, oder er dich blockiert hat.
 block_user.detail_3 = Ihr werdet nicht mehr in der Lage sein, euch gegenseitig als Repository-Mitarbeiter hinzuzufügen.
@@ -684,7 +684,7 @@ public_activity.visibility_hint.self_private_profile = Deine Aktivität ist nur
 
 [settings]
 profile=Profil
-account=Account
+account=Konto
 appearance=Erscheinung
 password=Passwort
 security=Sicherheit
@@ -703,7 +703,7 @@ public_profile=Öffentliches Profil
 biography_placeholder=Erzähle anderen ein wenig über dich selbst! (Markdown wird unterstützt)
 location_placeholder=Teile deinen ungefähren Standort mit anderen
 profile_desc=Über dich
-password_username_disabled=Benutzer, die nicht von Forgejo verwaltet werden können ihren Benutzernamen nicht ändern. Bitte kontaktiere deinen Administrator für mehr Details.
+password_username_disabled=Benutzer, die nicht von Forgejo verwaltet werden, können ihren Benutzernamen nicht ändern. Bitte kontaktiere deinen Administrator für mehr Details.
 full_name=Vollständiger Name
 website=Webseite
 location=Standort
@@ -714,7 +714,7 @@ update_language_not_found=Sprache „%s“ ist nicht verfügbar.
 update_language_success=Sprache wurde aktualisiert.
 update_profile_success=Dein Profil wurde aktualisiert.
 change_username=Dein Benutzername wurde geändert.
-change_username_prompt=Hinweis: Das Ändern deines Benutzernamen ändert auch deine Account-URL.
+change_username_prompt=Hinweis: Das Ändern deines Benutzernamens ändert auch deine Konto-URL.
 change_username_redirect_prompt=Der alte Benutzername wird auf den neuen Benutzernamen weiterleiten, bis er erneut als Benutzername verwendet wird.
 continue=Weiter
 cancel=Abbrechen
@@ -804,11 +804,11 @@ gpg_helper=<strong>Brauchst du Hilfe?</strong> Sieh dir die Anleitung <a href="%
 key_content_ssh_placeholder=Startet mit „ssh-ed25519“, „ssh-rsa“, „ecdsa-sha2-nistp256“, „ecdsa-sha2-nistp384“, „ecdsa-sha2-nistp521“, „sk-ecdsa-sha2-nistp256@openssh.com“ oder „sk-ssh-ed25519@openssh.com“
 key_content_gpg_placeholder=Beginnt mit „-----BEGIN PGP PUBLIC KEY BLOCK-----“
 add_new_principal=Identität hinzufügen
-ssh_key_been_used=Dieser SSH-Key wird auf diesem Server bereits verwendet.
+ssh_key_been_used=Dieser SSH-Schlüssel wird auf diesem Server bereits verwendet.
 ssh_key_name_used=Ein gleichnamiger SSH-Key existiert bereits in deinem Account.
 ssh_principal_been_used=Diese Identität ist bereits auf dem Server vorhanden.
 gpg_key_id_used=Ein öffentlicher GPG-Schlüssel mit der gleichen ID existiert bereits.
-gpg_no_key_email_found=Dieser GPG-Key entspricht keiner mit deinem Account verbundenen aktivierten E-Mail-Addresse. Er kann trotzdem hinzugefügt werden, wenn du den gegebenen Token signierst.
+gpg_no_key_email_found=Dieser GPG-Schlüssel entspricht keiner mit deinem Konto verbundenen aktivierten E-Mail-Addresse. Er kann trotzdem hinzugefügt werden, wenn du den gegebenen Token signierst.
 gpg_key_matched_identities=Passende Identitäten:
 gpg_key_matched_identities_long=Die eingebetteten Identitäten in diesem Schlüssel stimmen mit den folgenden aktivierten E-Mail-Adressen für diesen Benutzer überein. Commits, die mit diesen E-Mail-Addressen committed wurden, können mit diesem Schlüssel verifiziert werden.
 gpg_key_verified=Verifizierter Schlüssel
@@ -866,15 +866,15 @@ ssh_signonly=SSH ist derzeit deaktiviert, sodass diese Schlüssel nur zur Commit
 ssh_externally_managed=Dieser SSH-Schlüssel wird extern für diesen Benutzer verwaltet
 manage_access_token=Zugriffstokens
 generate_new_token=Neuen Token erzeugen
-tokens_desc=Diese Tokens gewähren vollen Zugriff auf dein Konto mit der Forgejo-API.
+tokens_desc=Diese Tokens gewähren vollen Zugriff auf dein Konto via Forgejo-API.
 token_name=Token-Name
 generate_token=Token generieren
 generate_token_success=Ein neuer Token wurde generiert. Kopiere diesen jetzt, da er nicht erneut angezeigt wird.
 generate_token_name_duplicate=<strong>%s</strong> wurde bereits als Anwendungsname verwendet. Bitte wähle einen neuen Namen.
 delete_token=Löschen
 access_token_deletion=Zugriffstoken löschen
-access_token_deletion_desc=Wenn du ein Token löschst, haben die Anwendungen, die es nutzen, keinen Zugriff mehr auf deinen Account. Dies kann nicht rückgängig gemacht werden. Fortfahren?
-delete_token_success=Der Zugriffstoken wurde gelöscht. Anwendungen die diesen Token genutzt haben, haben nun keinen Zugriff mehr auf deinen Account.
+access_token_deletion_desc=Wenn du ein Token löschst, haben die Anwendungen, die es nutzen, keinen Zugriff mehr auf dein Konto. Dies kann nicht rückgängig gemacht werden. Fortfahren?
+delete_token_success=Der Zugriffstoken wurde gelöscht. Anwendungen, die diesen Token genutzt haben, haben nun keinen Zugriff mehr auf dein Konto.
 repo_and_org_access=Repository- und Organisationszugriff
 permissions_public_only=Nur öffentlich
 permissions_access_all=Alle (öffentlich, privat und begrenzt)
@@ -907,7 +907,7 @@ oauth2_regenerate_secret_hint=Geheimnis verloren?
 oauth2_client_secret_hint=Das Geheimnis wird nach dem Verlassen oder Aktualisieren dieser Seite nicht mehr angezeigt. Bitte stelle sicher, dass du es gespeichert hast.
 oauth2_application_edit=Bearbeiten
 oauth2_application_create_description=OAuth2-Anwendungen geben deiner Drittanwendung Zugriff auf Benutzerkonten dieser Forgejo-Instanz.
-oauth2_application_remove_description=Das Entfernen einer OAuth2-Anwendung hat zur Folge, dass diese nicht mehr auf autorisierte Benutzeraccounts auf dieser Instanz zugreifen kann. Möchtest Du fortfahren?
+oauth2_application_remove_description=Das Entfernen einer OAuth2-Anwendung hat zur Folge, dass diese nicht mehr auf autorisierte Benutzerkonten auf dieser Instanz zugreifen kann. Möchtest du fortfahren?
 oauth2_application_locked=Wenn es in der Konfiguration aktiviert ist, registriert Forgejo einige OAuth2-Anwendungen beim Starten vor. Um unerwartetes Verhalten zu verhindern, können diese weder bearbeitet noch entfernt werden. Weitere Informationen findest Du in der OAuth2-Dokumentation.
 
 authorized_oauth2_applications=Autorisierte OAuth2-Anwendungen
@@ -942,7 +942,7 @@ webauthn_delete_key=Sicherheitsschlüssel entfernen
 webauthn_delete_key_desc=Wenn du einen Sicherheitsschlüssel entfernst, kannst du dich nicht mehr mit ihm anmelden. Fortfahren?
 
 manage_account_links=Verknüpfte Konten
-manage_account_links_desc=Diese externen Accounts sind mit deinem Forgejo-Account verknüpft.
+manage_account_links_desc=Diese externen Konten sind mit deinem Forgejo-Konto verknüpft.
 link_account=Konto verbinden
 remove_account_link=Verknüpftes Konto entfernen
 remove_account_link_desc=Wenn du das verknüpfte Konto entfernst, wirst du darüber nicht mehr auf dein Forgejo-Konto zugreifen können. Fortfahren?
@@ -954,11 +954,11 @@ orgs_none=Du bist kein Mitglied in einer Organisation.
 repos_none=Du besitzt keine Repositorys.
 
 delete_account=Konto löschen
-delete_prompt=Wenn du fortfährst, wird dein Account permanent gelöscht. Dies <strong>KANN NICHT</strong> rückgängig gemacht werden.
+delete_prompt=Wenn du fortfährst, wird dein Konto permanent gelöscht. Dies <strong>KANN NICHT</strong> rückgängig gemacht werden.
 delete_with_all_comments=Dein Konto existiert seit weniger als %s. Um Geisterkommentare zu vermeiden, werden alle deine Issue/PR-Kommentare gelöscht.
 confirm_delete_account=Löschen bestätigen
 delete_account_title=Benutzerkonto löschen
-delete_account_desc=Bist du sicher, dass du diesen Account dauerhaft löschen möchtest?
+delete_account_desc=Bist du sicher, dass du dieses Konto dauerhaft löschen möchtest?
 
 email_notifications.enable=E-Mail-Benachrichtigungen aktivieren
 email_notifications.onmention=Nur E-Mail bei Erwähnung
@@ -1152,7 +1152,7 @@ migrate_options_lfs=LFS-Dateien migrieren
 migrate_options_lfs_endpoint.label=LFS-Endpunkt
 migrate_options_lfs_endpoint.description=Migration wird versuchen, über den entfernten Git-Server <a target="_blank" rel="noopener noreferrer" href="%s">den LFS-Server zu bestimmen</a>. Du kannst auch einen eigenen Endpunkt angeben, wenn die LFS-Dateien woanders gespeichert werden.
 migrate_options_lfs_endpoint.description.local=Ein lokaler Serverpfad wird ebenfalls unterstützt.
-migrate_options_lfs_endpoint.placeholder=Wenn leer gelassen, wird der Endpunkt von der Clone-URL abgeleitet
+migrate_options_lfs_endpoint.placeholder=Wenn leer gelassen, wird der Endpunkt von der Klon-URL abgeleitet
 migrate_items=Migrationselemente
 migrate_items_wiki=Wiki
 migrate_items_milestones=Meilensteine
@@ -1169,7 +1169,7 @@ migrate.clone_local_path=oder ein lokaler Serverpfad
 migrate.permission_denied=Du hast keine Berechtigung zum Importieren lokaler Repositorys.
 migrate.permission_denied_blocked=Du kannst von keinen nicht erlaubten Hosts importieren. Bitte fragen deinen Administrator, die Einstellungen ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS zu überprüfen.
 migrate.invalid_local_path=Der lokale Pfad ist ungültig. Er existiert nicht oder ist kein Verzeichnis.
-migrate.invalid_lfs_endpoint=Der LFS-Endpunkt ist nicht gültig.
+migrate.invalid_lfs_endpoint=Der LFS-Endpunkt ist ungültig.
 migrate.failed=Fehler bei der Migration: %v
 migrate.migrate_items_options=Zugangs-Token wird benötigt, um zusätzliche Elemente zu migrieren
 migrated_from=Migriert von <a href="%[1]s">%[2]s</a>
@@ -1357,7 +1357,7 @@ commits.older=Älter
 commits.newer=Neuer
 commits.signed_by=Signiert von
 commits.signed_by_untrusted_user=Signiert von nicht vertrauenswürdigen Benutzern
-commits.signed_by_untrusted_user_unmatched=Von einem nicht vertrauenswürdigen Benutzer, der nicht auf den Committer passt, signiert
+commits.signed_by_untrusted_user_unmatched=Signiert von nicht vertrauenswürdigem Benutzer, der nicht mit dem Committer übereinstimmt
 commits.gpg_key_id=GPG-Schlüssel-ID
 commits.ssh_key_fingerprint=SSH-Schlüssel-Fingerabdruck
 commits.view_path=An diesem Punkt im Verlauf anzeigen
@@ -1368,7 +1368,7 @@ commit.revert-header=Setze zurück: %s
 commit.revert-content=Branch auswählen, der zurückgesetzt werden soll:
 commit.cherry-pick=Cherry-Pick
 commit.cherry-pick-header=Cherry-Picke: %s
-commit.cherry-pick-content=Branch auswählen, zu dem das Ergebnis des Cherry-Picks angewendet werden soll:
+commit.cherry-pick-content=Branch auswählen, auf dem ein Cherry-Pick durchgeführt werden soll:
 
 commitstatus.error=Fehler
 commitstatus.failure=Fehler
@@ -1383,7 +1383,7 @@ projects.description_placeholder=Beschreibung
 projects.create=Projekt erstellen
 projects.title=Titel
 projects.new=Neues Projekt
-projects.new_subheader=Koordiniere, verfolge und aktualisiere deine Arbeit an einem Ort, so dass Projekte transparent und planmäßig bleiben.
+projects.new_subheader=Koordiniere, verfolge und aktualisiere deine Arbeit an einem Ort, so dass Projekte transparent und im Zeitplan bleiben.
 projects.create_success=Das Projekt „%s“ wurde erstellt.
 projects.deletion=Projekt löschen
 projects.deletion_desc=Das Löschen eines Projekts entfernt es von allen damit zusammenhängenden Issues. Fortfahren?
@@ -1508,7 +1508,7 @@ issues.filter_sort=Sortieren
 issues.filter_sort.latest=Neueste
 issues.filter_sort.oldest=Älteste
 issues.filter_sort.recentupdate=Kürzlich aktualisiert
-issues.filter_sort.leastupdate=Am Längsten nicht aktualisiert
+issues.filter_sort.leastupdate=Am längsten nicht aktualisiert
 issues.filter_sort.mostcomment=Am meisten kommentiert
 issues.filter_sort.leastcomment=Am wenigsten kommentiert
 issues.filter_sort.nearduedate=Nächstes Fälligkeitsdatum
@@ -1794,8 +1794,8 @@ pulls.required_status_check_failed=Einige erforderliche Prüfungen waren nicht e
 pulls.required_status_check_missing=Einige erforderliche Prüfungen fehlen.
 pulls.required_status_check_administrator=Als Administrator kannst du diesen Pull-Request weiterhin zusammenführen.
 pulls.blocked_by_approvals=Dieser Pull-Request hat noch nicht genügend Genehmigungen. %d von %d Genehmigungen erteilt.
-pulls.blocked_by_rejection=Dieser Pull-Request hat Änderungen, die von einem offiziellen Prüfer angefragt wurden.
-pulls.blocked_by_official_review_requests=Dieser Pull-Request ist blockiert, weil ihm die Genehmigung von einem oder mehreren offiziellen Prüfern fehlt.
+pulls.blocked_by_rejection=Dieser Pull-Request hat Änderungen, die von einem offiziellen Sichter angefragt wurden.
+pulls.blocked_by_official_review_requests=Dieser Pull-Request ist blockiert, weil ihm die Genehmigung von einem oder mehreren offiziellen Sichtern fehlt.
 pulls.blocked_by_outdated_branch=Dieser Pull-Request ist blockiert, da er veraltet ist.
 pulls.blocked_by_changed_protected_files_1=Dieser Pull-Request ist blockiert, weil er eine geschützte Datei ändert:
 pulls.blocked_by_changed_protected_files_n=Dieser Pull-Request ist blockiert, weil er geschützte Dateien ändert:
@@ -1848,7 +1848,7 @@ pulls.status_checks_details=Details
 pulls.update_branch=Branch durch Merge aktualisieren
 pulls.update_branch_rebase=Branch durch Rebase aktualisieren
 pulls.update_branch_success=Branch-Aktualisierung erfolgreich
-pulls.update_not_allowed=Du hast keine Berechtigung, den Branch zu updaten
+pulls.update_not_allowed=Du hast keine Berechtigung, den Branch zu aktualisieren
 pulls.outdated_with_base_branch=Dieser Branch enthält nicht die neusten Commits des Basis-Branches
 pulls.close=Pull-Request schließen
 pulls.closed_at=`hat diesen Pull-Request %s geschlossen`
@@ -1910,7 +1910,7 @@ signing.wont_sign.error=Es gab einen Fehler bei der Prüfung, ob der Commit sign
 signing.wont_sign.nokey=Diese Instanz hat keinen Schlüssel, um diesen Commit zu signieren.
 signing.wont_sign.never=Commits werden nie signiert.
 signing.wont_sign.always=Commits werden immer signiert.
-signing.wont_sign.pubkey=Der Commit wird nicht signiert, da du keinen öffentlichen Schlüssel mit deinem Account verknüpft hast.
+signing.wont_sign.pubkey=Der Commit wird nicht signiert, da du keinen öffentlichen Schlüssel mit deinem Konto verknüpft hast.
 signing.wont_sign.twofa=Du musst Zwei-Faktor-Authentifizierung aktivieren, damit Commits signiert werden.
 signing.wont_sign.parentsigned=Der Commit wird nicht signiert werden, da der vorherige Commit nicht signiert ist.
 signing.wont_sign.basesigned=Der Merge-Commit wird nicht signiert werden, da der Basis-Commit nicht signiert ist.
@@ -2135,7 +2135,7 @@ settings.trust_model.committer=Committer
 settings.trust_model.committer.long=Committer: Vertraue Signaturen, die zu Committern passen (dies stimmt mit GitHub überein und zwingt signierte Commits von Forgejo dazu, Forgejo als Committer zu haben)
 settings.trust_model.committer.desc=Gültige Signaturen werden nur dann als „vertrauenswürdig“ gekennzeichnet, wenn sie mit ihrem Committer übereinstimmen. Ansonsten werden sie als „nicht übereinstimmend“ markiert. Das führt dazu, dass Forgejo auf signierten Commits, bei denen der echte Committer als „Co-authored-by:“ oder „Co-committed-by:“ in der Beschreibung eingetragen wurde, als Committer gilt. Der Forgejo-Standard-Schlüssel muss zu einem Benutzer in der Datenbank passen.
 settings.trust_model.collaboratorcommitter=Mitarbeiter+Committer
-settings.trust_model.collaboratorcommitter.long=Mitarbeiter+Committer: Signaturen der Mitarbeiter vertrauen die mit dem Committer übereinstimmen
+settings.trust_model.collaboratorcommitter.long=Mitarbeiter+Committer: Signaturen der Mitarbeiter vertrauen, die mit dem Committer übereinstimmen
 settings.trust_model.collaboratorcommitter.desc=Gültige Signaturen von Mitarbeitern dieses Projekts werden als „vertrauenswürdig“ markiert, wenn sie mit dem Committer übereinstimmen. Andernfalls werden gültige Signaturen als „nicht vertrauenswürdig“ markiert, wenn die Signatur mit dem Committer übereinstimmt. Ansonsten werden sie als „nicht übereinstimmend“ markiert. Dies zwingt Forgejo, als Committer bei signierten Commits mit dem echten Committer als „Co-Authored-By:“ und „Co-Committed-By:“ im Commit zu markieren. Der Standard-Forgejo-Schlüssel muss mit einem Benutzer in der Datenbank übereinstimmen.
 settings.wiki_delete=Wiki-Daten löschen
 settings.wiki_delete_desc=Das Löschen von Wiki-Daten kann nicht rückgängig gemacht werden. Bitte sei vorsichtig.
@@ -2291,15 +2291,15 @@ settings.add_deploy_key=Deploy-Schlüssel hinzufügen
 settings.deploy_key_desc=Deploy-Schlüssel können Nur-Lese-Zugriff oder Lese-und-Schreib-Zugriff auf das Repository haben.
 settings.is_writable=Erlaube Schreibzugriff
 settings.is_writable_info=Erlaube diesem Deploy-Key auf das Repository zu <strong>pushen</strong>.
-settings.no_deploy_keys=Noch keine Deploy-Keys vorhanden.
+settings.no_deploy_keys=Noch keine Deploy-Schlüssel vorhanden.
 settings.title=Titel
 settings.deploy_key_content=Inhalt
-settings.key_been_used=Ein Deploy-Key mit identischem Inhalt wird bereits verwendet.
-settings.key_name_used=Ein Deploy-Key mit diesem Namen existiert bereits.
+settings.key_been_used=Ein Deploy-Schlüssel mit identischem Inhalt wird bereits verwendet.
+settings.key_name_used=Ein Deploy-Schlüssel mit diesem Namen existiert bereits.
 settings.add_key_success=Der Deploy-Schlüssel „%s“ wurde erfolgreich hinzugefügt.
 settings.deploy_key_deletion=Deploy-Schlüssel löschen
-settings.deploy_key_deletion_desc=Nach dem Löschen wird dieser Deploy-Key keinen Zugriff mehr auf dieses Repository haben. Fortfahren?
-settings.deploy_key_deletion_success=Der Deploy-Key wurde entfernt.
+settings.deploy_key_deletion_desc=Nach dem Löschen wird dieser Deploy-Schlüssel keinen Zugriff mehr auf dieses Repository haben. Fortfahren?
+settings.deploy_key_deletion_success=Der Deploy-Schlüssel wurde entfernt.
 settings.branches=Branches
 settings.protected_branch=Branch-Schutz
 settings.protected_branch.save_rule=Regel speichern
@@ -2745,7 +2745,7 @@ issues.reaction.alt_many = %[1]s und %[2]d mehr reagierten %[3]s.
 issues.reaction.alt_few = %[1]s reagierten %[2]s.
 issues.reaction.alt_add = Füge %[1]s Reaktion zum Kommentar hinzu.
 issues.reaction.alt_remove = Entferne %[1]s Reaktion von diesem Kommentar.
-summary_card_alt = Zusammenfassungskarte des Repositorys %s
+summary_card_alt = Übersichtskarte des Repositorys %s
 release.summary_card_alt = Übersichtskarte eines Releases mit dem Titel „%s“ im Repository %s
 archive.pull.noreview = Dieses Repository ist archiviert. Pull-Requests können nicht überprüft werden.
 editor.commit_email = Commit-E-Mail
@@ -2761,7 +2761,7 @@ comment.blocked_by_user = Kommentieren ist nicht möglich, da du vom Repository-
 sync_fork.branch_behind_one = Dieser Branch hinkt %[1]d Commit hinter %[2]s
 sync_fork.branch_behind_few = Dieser Branch hinkt %[1]d Commits hinter %[2]s
 sync_fork.button = Sync
-settings.event_action_failure_desc = Action-Run endete im Fehlschlag.
+settings.event_action_failure_desc = Action-Run ist fehlgeschlagen.
 settings.event_action_success_desc = Action-Run war erfolgreich.
 settings.event_action_failure = Fehlschlag
 settings.event_action_success = Erfolg
@@ -3044,10 +3044,10 @@ users.still_has_org=Dieser Nutzer ist Mitglied einer Organisation. Du musst ihn
 users.purge=Benutzer löschen
 users.purge_help=Das Löschen des Benutzers inklusive all seiner Repositorys, Organisationen und Pakete erzwingen. Alle Kommentare und Issues, die von diesem Benutzer gepostet wurden, werden ebenso gelöscht.
 users.still_own_packages=Dieser Benutzer besitzt noch ein oder mehrere Pakete, lösche diese Pakete zuerst.
-users.deletion_success=Der Account wurde gelöscht.
+users.deletion_success=Das Konto wurde gelöscht.
 users.reset_2fa=2FA zurücksetzen
 users.list_status_filter.menu_text=Filter
-users.list_status_filter.reset=Reset
+users.list_status_filter.reset=Zurücksetzen
 users.list_status_filter.is_active=Aktiv
 users.list_status_filter.not_active=Inaktiv
 users.list_status_filter.is_admin=Administrator
@@ -3215,7 +3215,7 @@ auths.still_in_used=Diese Authentifizierungsquelle wird noch verwendet. Bearbeit
 auths.deletion_success=Die Authentifizierungsquelle „%s“ wurde gelöscht.
 auths.login_source_exist=Die Authentifizierungsquelle „%s“ existiert bereits.
 auths.login_source_of_type_exist=Eine Authentifizierungart dieses Typs existiert bereits.
-auths.unable_to_initialize_openid=Provider für OpenID Connect konnte nicht initialisiert werden: %s
+auths.unable_to_initialize_openid=OpenID-Connect-Anbieter konnte nicht initialisiert werden: %s
 auths.invalid_openIdConnectAutoDiscoveryURL=Ungültige Auto-Discovery-URL (dies muss eine gültige URL sein, die mit http:// oder https:// beginnt)
 
 config.server_config=Serverkonfiguration
@@ -3468,7 +3468,7 @@ mirror_sync_push=Commits zu <a href="%[2]s">%[3]s</a> bei <a href="%[1]s">%[4]s<
 mirror_sync_create=neue Referenz <a href="%[2]s">%[3]s</a> bei <a href="%[1]s">%[4]s</a> wurde von einem Spiegel synchronisiert
 mirror_sync_delete=hat die Referenz des Spiegels <code>%[2]s</code> in <a href="%[1]s">%[3]s</a> synchronisiert und gelöscht
 approve_pull_request=`hat <a href="%[1]s">%[3]s#%[2]s</a> genehmigt`
-reject_pull_request=`schlug Änderungen für <a href="%[1]s">%[3]s#%[2]s</a> vor`
+reject_pull_request=`schlug Änderungen an <a href="%[1]s">%[3]s#%[2]s</a> vor`
 publish_release=`veröffentlichte Release <a href="%[2]s">%[4]s</a> in <a href="%[1]s">%[3]s</a>`
 review_dismissed=`verwarf die Sichtung von <b>%[4]s</b> in <a href="%[1]s">%[3]s#%[2]s</a>`
 review_dismissed_reason=Grund:
@@ -3581,7 +3581,7 @@ changed_filemode=%[1]s → %[2]s
 directory=Verzeichnis
 normal_file=Normale Datei
 executable_file=Ausführbare Datei
-symbolic_link=Softlink
+symbolic_link=Symbolischer Link
 submodule=Submodul
 
 
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 4b41a76810..682af86f78 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -182,7 +182,7 @@ buttons.bold.tooltip=Προσθήκη έντονου κειμένου (Ctrl+B /
 buttons.italic.tooltip=Προσθήκη πλαγίου κειμένου (Ctrl+I / ⌘I)
 buttons.quote.tooltip=Παράθεση κειμένου
 buttons.code.tooltip=Προσθήκη κώδικα
-buttons.link.tooltip=Προσθήκη συνδέσμου
+buttons.link.tooltip=Προσθήκη συνδέσμου (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip=Προσθήκη απλής λίστας
 buttons.list.ordered.tooltip=Προσθήκη αριθμημένης λίστας
 buttons.list.task.tooltip=Προσθήκη λίστας εργασιών
@@ -650,10 +650,10 @@ watched=Ακολουθούμενα αποθετήρια
 code=Κώδικας
 projects=Έργα
 overview=Επισκόπηση
-following_few=%d ακολουθεί
+following_few=ακολουθεί %d
 follow=Ακολούθηση
-unfollow=Να μην ακολουθώ
-user_bio=Περιγραφή
+unfollow=Άρση ακολούθησης
+user_bio=Βιογραφικό
 disabled_public_activity=Αυτός ο χρήστης έχει απενεργοποιήσει τη δημόσια προβολή της δραστηριότητας του.
 email_visibility.limited=Η διεύθυνση email σας είναι ορατή σε κάθε ταυτοποιημένο χρήστη
 show_on_map=Προβολή σε χάρτη
diff --git a/options/locale/locale_eo.ini b/options/locale/locale_eo.ini
index c309824898..249597b718 100644
--- a/options/locale/locale_eo.ini
+++ b/options/locale/locale_eo.ini
@@ -498,6 +498,7 @@ issue.action.review_dismissed = <b>@%[1]s</b> maldungis la lastan revizion de %[
 repo.transfer.subject_to_you = %s volas reposedigi la deponejon "%s" al vi
 totp_enrolled.subject = Vi aktivigis TOTP-n kiel 2FA metodo
 issue_assigned.issue = @%[1]s asignis al vi ĉi tiun eraron %[2]s en la deponejo %[3]s.
+repo.transfer.subject_to = %s volas transigi deponejon "%s" al %s
 
 [form]
 TeamName = Gruponomo
@@ -576,6 +577,8 @@ To = Branĉonomo
 AccessToken = Atingoĵetono
 required_prefix = La enigaĵo devas komenciĝi per "%s"
 username_error = ` enhavu sole literojn («a–z», «A–Z»), numerojn («0–9«), strekojn («-»), substrekojn («_») kaj punktojn («.»). Gi ne povas komenci kun ne-alfanumeraj signoj, kaj sinsekva ne-alfanumeraj signoj ankaŭ estas malpermesitaj.`
+PayloadUrl = Utilaĵ-URL
+CommitChoice = Enmeto elekton
 
 [modal]
 confirm = Konfirmi
@@ -769,7 +772,7 @@ enable_custom_avatar = Uzi propran profilbildon
 change_password = Ŝanĝi pasvorton
 keep_pronouns_private = Montri pronomojn nur al la aŭtentikigitaj uzantoj
 keep_pronouns_private.description = Tio maskos viajn pronomojn kontraŭ neaŭtentikigitaj vizitantoj.
-add_new_principal = 
+add_new_principal =
 gpg_token_required = Vi devas disponigi signaturon por la malsupran ĵetono
 gpg_token = Ĵetono
 gpg_token_help = Vi povas generi signaturon uzante:
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 276b0f8a1e..a7aa0f17ae 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -182,7 +182,7 @@ buttons.bold.tooltip=Añadir texto en negrita (Ctrl+B / ⌘B)
 buttons.italic.tooltip=Añadir texto en cursiva (Ctrl+I / ⌘I)
 buttons.quote.tooltip=Citar texto
 buttons.code.tooltip=Añadir código
-buttons.link.tooltip=Añadir un enlace
+buttons.link.tooltip=Añadir un enlace  (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip=Añadir una lista
 buttons.list.ordered.tooltip=Añadir una lista numerada
 buttons.list.task.tooltip=Añadir una lista de tareas
@@ -875,7 +875,7 @@ delete_token=Eliminar
 access_token_deletion=Eliminar token de acceso
 access_token_deletion_desc=Eliminar un token revocará el acceso a su cuenta para las aplicaciones que lo usen. Esto no se puede deshacer. ¿Continuar?
 delete_token_success=El token ha sido eliminado. Las aplicaciones que lo usen ya no tienen acceso a su cuenta.
-repo_and_org_access=Acceso al Repositorio y a la Organización
+repo_and_org_access=Acceso al repositorio y a la organización
 permissions_public_only=Sólo público
 permissions_access_all=Todo (público, privado y limitado)
 select_permissions=Seleccionar permisos
@@ -2556,7 +2556,7 @@ branch.included=Incluida
 branch.create_new_branch=Crear rama desde la rama:
 branch.confirm_create_branch=Crear rama
 branch.warning_rename_default_branch=Estás renombrando la rama por defecto.
-branch.rename_branch_to=Renombrar "%s" a:
+branch.rename_branch_to=Renombrando rama "%s".
 branch.create_branch_operation=Crear rama
 branch.new_branch=Crear nueva rama
 branch.new_branch_from=`Crear nueva rama de "%s"`
@@ -2752,10 +2752,22 @@ pulls.delete_after_merge.head_branch.insufficient_branch = No tienes permiso par
 settings.default_update_style_desc = El modo por defecto utilizado para actualizar las solicitudes de incorporación de cambios que estén detrás de la rama base.
 settings.wiki_branch_rename_success = La wiki de la rama del repositorio ha sido normalizada correctamente.
 settings.wiki_branch_rename_failure = Hubo un error al normalizar el nombre de la rama de la wiki del repositorio.
-release.hide_archive_links_helper = Ocultar el archivo de código generado automáticamente de este lanzamiento. Por ejemplo, si estás subiendo el tuyo propio.
+release.hide_archive_links_helper = Ocultar el archivo de código generado automáticamente para este lanzamiento. Por ejemplo, si estás subiendo el tuyo propio.
 settings.event_action_recover = Recuperar
 settings.event_action_success = Éxito
 settings.event_action_success_desc = La ejecución de la acción se ejecutó con éxito.
+settings.event_header_action = Eventos de la ejecución de la acción
+settings.event_action_failure = Fallo
+settings.event_action_failure_desc = La ejecución de la acción terminó con fallos.
+settings.event_action_recover_desc = La ejecución de la acción terminó con éxito después de que la última ejecución en el mismo flujo de trabajo fallara.
+settings.sourcehut_builds.secrets_helper = Concede al trabajo acceso a los secretos de construcción (requiere el permiso SECRETS:RO)
+settings.sourcehut_builds.access_token_helper = Token de acceso que tiene el permiso JOBS:RW. Genere un <a target="_blank" rel="noopener noreferrer" href="%s">token de builds.sr.ht</a> o un <a target="_blank" rel="noopener noreferrer" href="%s">token de builds.sr.ht con acceso a secretos</a> en meta.sr.ht.
+settings.ignore_stale_approvals_desc = No contabilizar las aprobaciones realizadas en commits anteriores (revisiones obsoletas) para el cálculo del número de aprobaciones que la PR tiene. Esto no aplica si las revisiones obsoletas ya han sido descartadas.
+settings.protect_branch_name_pattern_desc = Patrones de nombre de ramas protegidas. Véase <a href="%s">la documentación</a> para la sintaxis del patrón. Ejemplos: main, release/**
+settings.enforce_on_admins = Aplicar esta regla para los administradores del repositorio
+settings.matrix.access_token_helper = Se recomienda configurar una cuenta de Matrix dedicada para esto. El token de acceso puede ser obtenido desde el cliente web Element (en una pestaña privada/incógnito) > Menú de usuario (arriba izquierda) > Todos los ajustes > Ayuda & Acerca de > Avanzado > Token de acceso (a la derecha, debajo de URL del servidor). Cierra la pestaña privada/incógnito (desconectarse invalidaría el token).
+settings.archive.mirrors_unavailable = Los espejos no están disponibles en repos archivados.
+release.summary_card_alt = Tarjeta de resumen de una release titulada "%s" en el repositorio %s
 
 [graphs]
 component_loading = Cargando %s…
@@ -2942,7 +2954,7 @@ dashboard.update_migration_poster_id=Actualizar ID de usuario en migraciones
 dashboard.git_gc_repos=Ejecutar la recolección de basura en los repositorios
 dashboard.resync_all_sshkeys=Actualiza el archivo '.ssh/authorized_keys' con claves SSH de Forgejo.
 dashboard.resync_all_sshprincipals=Actualiza el archivo '.ssh/authorized_principals' con los principales del certificado SSH de Forgejo.
-dashboard.resync_all_hooks=Resincronizar los hooks de pre-recepción, actualización y post-recepción de todos los repositorios
+dashboard.resync_all_hooks=Resincronizar los hooks de todos los repositorios (pre-recepción, actualización, post-recepción, procesamiento de recepción, etc.)
 dashboard.reinit_missing_repos=Reiniciar todos los repositorios Git faltantes de los que existen registros
 dashboard.sync_external_users=Sincronizar datos de usuario externo
 dashboard.cleanup_hook_task_table=Limpiar la tabla hook_task
@@ -3027,8 +3039,8 @@ users.delete_account=Eliminar cuenta de usuario
 users.cannot_delete_self=No puedes eliminarte a ti mismo
 users.still_own_repo=Este usuario todavía posee uno o más depósitos. Eliminar o transferir estos repositorios primero.
 users.still_has_org=Este usuario es un miembro de una organización. Primero retire el usuario de cualquier organización.
-users.purge=Borrar usuario
-users.purge_help=Borrar forzosamente el usuario y cualquier repositorio, organización y paquete propiedad del usuario. Todos los comentarios también serán borrados.
+users.purge=Purgar usuario
+users.purge_help=Borrar forzosamente el usuario y cualquier repositorio, organización y paquete propiedad del usuario. Todos los comentarios e incidencias publicados por este usuario también serán borrados.
 users.still_own_packages=Este usuario todavía posee uno o más paquetes, elimina estos paquetes primero.
 users.deletion_success=La cuenta de usuario ha sido eliminada.
 users.reset_2fa=Reiniciar 2FA
@@ -3037,7 +3049,7 @@ users.list_status_filter.reset=Reiniciar
 users.list_status_filter.is_active=Activo
 users.list_status_filter.not_active=Inactivo
 users.list_status_filter.is_admin=Administrador
-users.list_status_filter.not_admin=Sin Admin
+users.list_status_filter.not_admin=No admin
 users.list_status_filter.is_restricted=Restringido
 users.list_status_filter.not_restricted=No restringido
 users.list_status_filter.is_prohibit_login=Prohibido el inicio de sesión
@@ -3046,7 +3058,7 @@ users.list_status_filter.is_2fa_enabled=2FA habilitado
 users.list_status_filter.not_2fa_enabled=2FA deshabilitado
 users.details=Detalles del usuario
 
-emails.email_manage_panel=Gestion de Correo del Usuario
+emails.email_manage_panel=Administrar direcciones de correo electrónico del usuario
 emails.primary=Principal
 emails.activated=Activado
 emails.filter_sort.email=Correo electrónico
@@ -3056,15 +3068,15 @@ emails.filter_sort.name_reverse=Nombre de usuario (invertir)
 emails.updated=Email actualizado
 emails.not_updated=Error al actualizar la dirección de correo electrónico solicitada: %v
 emails.duplicate_active=Esta dirección de correo está asignada a un usuario diferente.
-emails.change_email_header=Actualizar Propiedades de Correo
+emails.change_email_header=Actualizar propiedades del correo
 
-orgs.org_manage_panel=Gestión de organizaciones
+orgs.org_manage_panel=Administrar organizaciones
 orgs.name=Nombre
 orgs.teams=Equipos
 orgs.members=Miembros
 orgs.new_orga=Nueva organización
 
-repos.repo_manage_panel=Gestión de repositorios
+repos.repo_manage_panel=Administrar repositorios
 repos.unadopted=Repositorios no adoptados
 repos.unadopted.no_more=No se encontraron repositorios no adoptados.
 repos.owner=Propietario
@@ -3074,7 +3086,7 @@ repos.issues=Incidencias
 repos.size=Tamaño
 repos.lfs_size=Tamaño LFS
 
-packages.package_manage_panel=Gestión de paquetes
+packages.package_manage_panel=Administrar paquetes
 packages.total_size=Tamaño total: %s
 packages.unreferenced_size=Tamaño sin referencia: %s
 packages.cleanup=Limpiar datos caducados
@@ -3097,7 +3109,7 @@ systemhooks.desc=Los webhooks automáticamente hacen peticiones HTTP POST a un s
 systemhooks.add_webhook=Añadir Webhook del Sistema
 systemhooks.update_webhook=Actualizar Webhook del Sistema
 
-auths.auth_manage_panel=Gestión de origen de autenticación
+auths.auth_manage_panel=Administrar orígenes de autenticación
 auths.new=Añadir origen de autenticación
 auths.name=Nombre
 auths.type=Tipo
@@ -3412,6 +3424,20 @@ monitor.duration = Duración (es)
 self_check = Autocomprobación
 config.app_slogan = Eslogan de la instancia
 dashboard.sync_tag.started = Sincronización de etiquetas iniciada
+dashboard.sync_repo_tags = Sincronizar etiquetas de Git con la base de datos
+users.block.description = Bloquear a este usuario para que no pueda interactuar a través de su cuenta e impedirle iniciar sesión.
+users.admin.description = Otorgar a este usuario acceso completo a todas las funciones administrativas disponibles a través de la interfaz de usuario web y en la API.
+users.restricted.description = Solo permitir interactuar con los repositorios y organizaciones en los que el usuario ha sido añadido como colaborador. Esto previene el acceso a repositorios públicos en esta instancia.
+users.local_import.description = Permitir la importación de repositorios desde el sistema de archivos local del servidor. Esto puede suponer un problema de seguridad.
+packages.cleanup.success = Se eliminaron correctamente los datos caducados
+auths.default_domain_name = Nombre de dominio por defecto usado para la dirección de correo
+config.cache_test_slow = Prueba de caché exitosa, pero la respuesta es lenta: %s.
+config.cache_test_succeeded = Prueba de caché exitosa, se obtuvo una respuesta en %s.
+config.open_with_editor_app_help = Los editores disponibles para "Abrir con" en el menú de clonado. Si se deja vacío, se utilizan los valores por defecto. Expandir para ver estos valores.
+self_check.database_collation_mismatch = Se espera que la base de datos use intercalación: %s
+self_check.database_collation_case_insensitive = La base de datos está usando intercalación %s, que es una intercalación insensible. Aunque Forgejo podría funcionar, puede darse algún caso extraño en el que no funcione como se espera.
+self_check.database_inconsistent_collation_columns = La base de datos está usando intercalación %s, pero estas columnas están usando intercalaciones desparejadas. Esto puede causar algunos problemas inesperados.
+self_check.database_fix_mysql = Para usuarios de MySQL/MariaDB, podrían usar el comando "forgejo doctor convert" para arreglar los problemas de intercalación, o también podrían arreglarlos utilizando consultas SQL manuales, como "ALTER ... COLLATE ...".
 
 
 [action]
@@ -3538,6 +3564,8 @@ variables.not_found = No se ha encontrado la variable.
 workflow.dispatch.input_required = Se requiere valor para la entrada "%s".
 workflow.dispatch.trigger_found = Este flujo de trabajo tiene un disparador de eventos <c>workflow_dispatch</c>.
 workflow.dispatch.warn_input_limit = Sólo se muestran las primeras %d entradas.
+runs.no_workflows.help_write_access = ¿No sabes cómo empezar con Forgejo Actions? Comprueba la <a target="_blank" rel="noopener noreferrer" href="%s">guía de inicio rápido en la documentación de usuario</a> para escribir tu primer workflow, luego <a target="_blank" rel="noopener noreferrer" href="%s">configura un runner de Forgejo</a> para ejecutar tus trabajos.
+runs.no_workflows.help_no_write_access = Para aprender sobre Forgejo Actions, véase <a target="_blank" rel="noopener noreferrer" href="%s">la documentación</a>.
 
 [projects]
 type-1.display_name=Proyecto individual
@@ -3604,6 +3632,11 @@ ext_wiki = Acceder al enlace de la wiki externa. Los permisos se gestionan de fo
 code.write = <b>Escritura:</b> Push al repositorio, crear ramas y tags.
 issues.write = <b>Escritura:</b> Cerrar incidencias y gestion de metadatos como etiquetas, hitos, asignaciones, fechas de vencimiento y dependencias.
 packages.write = <b>Escritura:</b> Publicar y eliminar paquetes asignados al repositorio.
+actions.read = <b>Leer:</b> visualizar ejecuciones del flujo de trabajo y sus logs.
+actions.write = <b>Escribir:</b> Ejecutar, reiniciar y cancelar flujos de trabajo. Gestionar la delegación de confianza a los publicadores de pull requests.
 
 
-[munits.data]
\ No newline at end of file
+[munits.data]
+
+[translation_meta]
+test = Did you know that the Garoé, the sacred tree of El Hierro in the Canary Islands, was essentially a natural water fountain? :)
\ No newline at end of file
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index f99f1bf9db..763e036069 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -178,7 +178,7 @@ contributions_format = {contributions} {day}. {month} {year}
 
 [editor]
 buttons.code.tooltip = Lisää koodia
-buttons.link.tooltip = Lisää linkki
+buttons.link.tooltip = Lisää linkki (Ctrl+K / ⌘K)
 buttons.mention.tooltip = Mainitse käyttäjä tai tiimi
 buttons.list.task.tooltip = Lisää tehtävälista
 buttons.disable_monospace_font = Poista tasalevyinen fontti käytöstä
@@ -1016,6 +1016,9 @@ access_token_desc = Valitut poletin käyttöoikeudet rajoittavat valtuuden vain
 oauth2_application_remove_description = OAuth2-sovelluksen poistaminen estää sitä pääsemästä valtuutettuihin käyttäjätileihin tässä instanssissa. Jatketaanko?
 oauth2_application_locked = Forgejo esirekisteröi joitain OAuth2-sovelluksia käynnistymisen yhteydessä, jos näin on määritetty kokoonpanon asetuksissa. Odottamattoman toiminnan estämiseksi näitä sovelluksia ei voi muokata tai poistaa. Lisätietoja on saatavilla OAuth2-dokumentaatiossa.
 quota.rule.exceeded.helper = Objektien yhteiskoko tälle säännölle on ylittänyt kiintiön.
+regenerate_scratch_token_desc = Jos kadotit palautusavaimesi tai käytit sen jo sisäänkirjautumiseen, voit nollata palautusavaimen tästä.
+delete_with_all_comments = Tilisi on nuorempi kuin %s. Aavekommenttien välttämiseksi kaikki ongelma- ja vetopyyntökommentit poistetaan tilin mukana.
+quota.sizes.git.lfs = Git LFS
 
 [repo]
 owner=Omistaja
@@ -2580,6 +2583,14 @@ issues.dependency.no_permission_1 = Sinulla ei ole oikeutta lukea %d riippuvuutt
 issues.dependency.no_permission_n = Sinulla ei ole oikeutta lukea %d riippuvuutta
 issues.lock_no_reason = lukitsi ja rajoitti keskustelun avustajille %s
 commit.contained_in = Tämä kommitti sisältyy haaraan:
+diff.file_suppressed = Tiedoston eroavaisuutta ei näytetä, koska se on liian suuri
+size_format = %[1]s: %[2]s, %[3]s: %[4]s
+transfer.accept_desc = Siirrä taholle "%s"
+transfer.reject_desc = Peru siirto taholle "%s"
+ambiguous_runes_description = `Tämä tiedosto sisältää Unicode-merkkejä, jotka voi olla virheellisesti yhdistettävissä toisiin merkkeihin. Jos olet sitä mieltä, että tämä on tarkoituksellista, voit ohittaa tämän varoituksen. Käytä eskapointipainiketta näyttääksesi ne.`
+escape_control_characters = Eskapoi
+unescape_control_characters = Poista eskapointi
+invisible_runes_description = `Tämä tiedosto sisältää näkymättömiä Unicode-merkkejä, joita ihminen ei huomaa, mutta jotka mahdollisesti käsitellään eri tavalla tietokoneen toimesta. Jos olet sitä mieltä, että tämä on tarkoituksellista, voit ohittaa tämän varoituksen. Käytä eskapointipainiketta näyttääksesi ne.`
 
 
 
diff --git a/options/locale/locale_fil.ini b/options/locale/locale_fil.ini
index 09ffef443b..0181f32452 100644
--- a/options/locale/locale_fil.ini
+++ b/options/locale/locale_fil.ini
@@ -315,7 +315,7 @@ buttons.bold.tooltip = Magdagdag ng bold na text (Ctrl+B / ⌘B)
 buttons.italic.tooltip = Magdagdag ng italic text (Ctrl+I / ⌘I)
 buttons.quote.tooltip = I-quote ang text
 buttons.code.tooltip = Magdagdag ng code
-buttons.link.tooltip = Magdagdag ng link
+buttons.link.tooltip = Magdagdag ng link (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip = Magdagdag ng bullet na listahan
 buttons.list.task.tooltip = Magdagdag ng listahan ng mga gawain
 buttons.mention.tooltip = Magmensyon ng user o koponan
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index ab5f380e78..d48753763a 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -181,7 +181,7 @@ buttons.bold.tooltip=Ajouter du texte en gras (Ctrl+B / ⌘B)
 buttons.italic.tooltip=Ajouter du texte en italique (Ctrl+I / ⌘I)
 buttons.quote.tooltip=Citer le texte
 buttons.code.tooltip=Ajouter du code
-buttons.link.tooltip=Ajouter un lien
+buttons.link.tooltip=Ajouter un lien (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip=Ajouter une liste à puces
 buttons.list.ordered.tooltip=Ajouter une liste numérotée
 buttons.list.task.tooltip=Ajouter une liste de tâches
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index e17c1e91dd..2869750807 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -16,7 +16,7 @@ page=Pagina
 template=Template
 language=Lingua
 notifications=Notifiche
-active_stopwatch=Attiva cronometro
+active_stopwatch=Cronometro Attivo
 create_new=Crea…
 user_profile_and_more=Profilo ed impostazioni…
 signed_in_as=Accesso effettuato come
@@ -50,7 +50,7 @@ repository=Repositorio
 organization=Organizzazione
 mirror=Mirror
 new_mirror=Nuovo mirror
-new_fork=Nuova biforcazione
+new_fork=Nuovo fork
 new_project=Nuovo progetto
 admin_panel=Amministrazione sito
 settings=Impostazioni
@@ -110,18 +110,18 @@ concept_user_organization=Organizzazione
 name=Nome
 value=Valore
 enable_javascript = Questo sito richiede JavaScript.
-tracked_time_summary = Resoconto del tempo cronometrato in base ai filtri dell'elenco delle segnalazioni
+tracked_time_summary = Resoconto del tempo misurato in base ai filtri dell'elenco delle segnalazioni
 retry = Riprova
 rerun = Ri-esegui
-rerun_all = Ri-esegui tutti gli incarichi
-show_timestamps = Mostra timestamps
+rerun_all = Ri-esegui tutti i lavori
+show_timestamps = Mostra timestamp
 remove_label_str = Rimuovi elemento "%s"
 view = Visualizza
 copy_hash = Copia hash
 copy_content = Copia contenuto
 copy_type_unsupported = Questo tipo di file non può essere copiato
 locked = Bloccato
-go_back = Torna Indietro
+go_back = Torna indietro
 unknown = Sconosciuto
 pin = Fissa
 unpin = Sblocca
@@ -131,17 +131,17 @@ concept_system_global = Globale
 concept_user_individual = Individuale
 show_log_seconds = Mostra secondi
 show_full_screen = Mostra a schermo intero
-download_logs = Scarica logs
+download_logs = Scarica log
 confirm_delete_selected = Confermare l'eliminazione di tutti gli elementi selezionati?
 sign_in_with_provider = Accedi con %s
 new_project_column = Nuova colonna
 toggle_menu = Mostra/Nascondi menu
-filter.not_fork = Non biforcazioni
+filter.not_fork = Non fork
 filter = Filtro
 filter.clear = Rimuovi filtri
 filter.is_archived = Archiviato
 filter.not_archived = Non archiviato
-filter.is_fork = Biforcazioni
+filter.is_fork = Fork
 filter.is_mirror = Mirror
 filter.not_mirror = Non mirror
 filter.is_template = Modelli
@@ -373,7 +373,7 @@ organizations=Organizzazioni
 code=Codice
 code_last_indexed_at=Ultimo indicizzato %s
 go_to = Vai a
-relevant_repositories_tooltip = I repositori che sono biforcazioni o che non hanno argomento, icona, né descrizione sono nascosti.
+relevant_repositories_tooltip = I repositori che sono fork o che non hanno argomento, icona, né descrizione sono nascosti.
 relevant_repositories = Sono visibili solo i repositori pertinenti, <a href="%s">mostra risultati non filtrati</a>.
 
 [auth]
@@ -948,8 +948,8 @@ hidden_comment_types.ref_tooltip = Commenti in cui questa segnalazione è stata
 verify_ssh_key_success = La chiave SSH "%s" è stata verificata.
 valid_until_date = Valido fino a %s
 ssh_signonly = SSH è attualmente disabilitato quindi queste chiavi sono usate solo per la firma di verifica dei commit.
-permission_write = Leggi e scrivi
-access_token_desc = I permessi token selezionati limitano l'autorizzazione solo alle rotte <a href="%[1]s" target="_blank">API</a> corrispondenti. Leggi la <a href="%[2]s" target="_blank">documentazione</a> per ulteriori informazioni.
+permission_write = Lettura e scrittura
+access_token_desc = I permessi dei token selezionati limitano l'autorizzazione solo alle rotte <a href="%[1]s" target="_blank">API</a> corrispondenti. Leggi la <a href="%[2]s" target="_blank">documentazione</a> per ulteriori informazioni.
 create_oauth2_application_success = Hai correttamente creato una nuova applicazione OAuth2.
 update_oauth2_application_success = Hai correttamente aggiornato l'applicazione OAuth2.
 oauth2_redirect_uris = URI per la reindirizzazione. Usa una nuova riga per ogni URI.
@@ -971,7 +971,7 @@ hidden_comment_types.issue_ref_tooltip = Commenti in cui l'utente ha cambiato il
 add_key_success = La chiave SSH "%s" è stata aggiunta.
 add_gpg_key_success = La chiave GPG "%s" è stata aggiunta.
 add_principal_success = Il certificato principale SSH "%s" è stato aggiunto.
-repo_and_org_access = Accesso al repositorio e all'organizzazione
+repo_and_org_access = Accesso al repository e all'organizzazione
 permissions_access_all = Tutto (publico, privato e limitato)
 oauth2_client_secret_hint = Il segreto non verrà mostrato nuovamente dopo che lasci o ricarichi questa pagina. Assicurati di averlo salvato.
 oauth2_application_remove_description = Rimuovere un'applicazione OAuth2 le impedirà di accedere a profili utenti autorizzati su questa istanza. Continuare?
@@ -1037,10 +1037,10 @@ template_description=I modelli di repositori consentono allɜ utenti di generare
 visibility=Visibilità
 visibility_description=Solo il proprietario o i membri dell'organizzazione se hanno diritti, saranno in grado di vederlo.
 visibility_helper_forced=L'amministratorə del sito impone che i nuovi repositori siano privati.
-visibility_fork_helper=(Questa modifica influenzerà la visibilità di tutte le biforcazioni.)
+visibility_fork_helper=(Questa modifica influenzerà la visibilità di tutte i fork.)
 clone_helper=Hai bisogno di aiuto per la clonazione? Visita <a target="_blank" rel="noopener noreferrer" href="%s">Help</a>.
 fork_repo=Deriva repositorio
-fork_from=Biforcazione di
+fork_from=Fork di
 already_forked=Hai già fatto il fork di %s
 fork_to_different_account=Fai Fork a un account diverso
 fork_visibility_helper=La visibilità di un repositorio derivato non può essere modificata.
@@ -1652,7 +1652,7 @@ pulls.cannot_merge_work_in_progress=Questa richiesta di modifica è contrassegna
 pulls.still_in_progress=Ancora in corso?
 pulls.add_prefix=Aggiungi prefisso <strong>%s</strong>
 pulls.remove_prefix=Rimuovi il prefisso <strong>%s</strong>
-pulls.data_broken=Questa richiesta di modifica non è valida a causa di informazioni mancanti sulla biforcazione.
+pulls.data_broken=Questa richiesta di modifica non è valida a causa di informazioni mancanti sul fork.
 pulls.files_conflicted=Questa richiesta di modifica va in conflitto con il ramo di destinazione.
 pulls.is_checking=Verifica dei conflitti di fusione in corso. Riprova tra qualche istante.
 pulls.is_ancestor=Questo ramo è già incluso nel ramo di destinazione. Non c'è nulla da fondere.
@@ -2017,7 +2017,7 @@ settings.event_create_desc=Ramo o tag creato.
 settings.event_delete=Elimina
 settings.event_delete_desc=Ramo o tag eliminato.
 settings.event_fork=Deriva
-settings.event_fork_desc=Creata una biforcazione del repositorio.
+settings.event_fork_desc=Creato un fork della repository.
 settings.event_wiki=Wiki
 settings.event_release=Release
 settings.event_release_desc=Release pubblicata, aggiornata o rimossa in una repository.
@@ -3553,7 +3553,7 @@ runs.empty_commit_message = (messaggio di commit vuoto)
 runs.no_runs = Il flusso di lavoro non è stato ancora eseguito.
 variables.creation.success = La variabile "%s" è stata aggiunta.
 variables.description = Le variabili saranno passate a determinate azioni e non possono essere lette altrimenti.
-need_approval_desc = È necessaria l'approvazione per eseguire flussi di lavoro per richieste di modifica da biforcazioni.
+need_approval_desc = È necessaria l'approvazione per eseguire flussi di lavoro per richieste di modifica da fork.
 workflow.dispatch.trigger_found = Questo flusso di lavoro ha un rilevatore di eventi <c>workflow_dispatch</c>.
 workflow.dispatch.run = Esegui flusso di lavoro
 workflow.dispatch.success = L'esecuzione del flusso di lavoro è stata richiesta con successo.
@@ -3586,7 +3586,7 @@ changed_filemode = %[1]s → %[2]s
 
 
 [search]
-type_tooltip = Tipo ricerca
+type_tooltip = Tipo di ricerca
 search = Cerca…
 fuzzy = Approssimativa
 org_kind = Cerca organizzazioni…
@@ -3607,9 +3607,9 @@ exact_tooltip = Includi solo i risultati che corrispondono esattamente al termin
 issue_kind = Cerca segnalazioni…
 pull_kind = Cerca richieste…
 exact = Corrispondenza esatta
-regexp_tooltip = Interpreta i termini di ricerca come un'espressione regolare
+regexp_tooltip = Interpretare il termine di ricerca come espressione regolare
 regexp = Espressione regolare
-union_tooltip = Include i risultati che combaciano con una qualsiasi delle parole chiave separata da spazi
+union_tooltip = Include i risultati che combaciano con una qualsiasi delle parole chiave separate da spazi
 union = Parole chiavi
 
 [munits.data]
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index a57a116020..5409c84818 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -169,11 +169,11 @@ footer = 꼬릿말
 footer.software = 이 소프트웨어에 대하여
 
 [heatmap]
-number_of_contributions_in_the_last_12_months = 지난 12달간 %s 명의 기여자
-contributions_zero = 기여자 없음
-contributions_format = {year}년 {month}월 {day}일의 기여자 {contributions}
-contributions_one = 기여자
-contributions_few = 기여자
+number_of_contributions_in_the_last_12_months = 지난 12달간 %s 기여
+contributions_zero = 기여 없음
+contributions_format = {year}년 {month}월 {day}일 {contributions}
+contributions_one = 기여
+contributions_few = 기여
 less = 적은
 more = 많은
 
@@ -182,7 +182,7 @@ buttons.italic.tooltip = 기울어진 텍스트 추가 (Ctrl+I / ⌘I)
 buttons.heading.tooltip = 헤딩 추가
 buttons.bold.tooltip = 두꺼운 텍스트 추가 (Ctrl+B / ⌘B)
 buttons.code.tooltip = 코드 추가
-buttons.link.tooltip = 링크 추가
+buttons.link.tooltip = 링크 추가 (Ctrl+K / ⌘K)
 buttons.quote.tooltip = 인용구 추가
 buttons.list.unordered.tooltip = 불릿 리스트 추가
 buttons.ref.tooltip = 이슈 또는 풀 리퀘스트 참조
@@ -371,6 +371,9 @@ users=사용자
 organizations=조직
 code=코드
 go_to = 이동
+code_last_indexed_at = 마지막으로 %s에 인덱싱 됨
+relevant_repositories_tooltip = 포크된 저장소이거나 주제, 아이콘, 설명이 없는 저장소는 숨겨집니다.
+relevant_repositories = 관련 저장소만 표시됩니다, <a href="%s">필터링되지 않은 결과 보기</a>.
 
 [auth]
 create_new_account=계정 등록
@@ -384,7 +387,7 @@ allow_password_change=사용자에게 비밀번호 변경을 요청 (권장됨)
 reset_password_mail_sent_prompt=확인 메일이 <b>%s</b>로 전송되었습니다. 받은 편지함으로 도착한 메일을 %s 안에 확인해서 비밀번호 찾기 절차를 완료하십시오.
 active_your_account=계정 활성화
 account_activated=계정이 활성화 되었습니다
-prohibit_login = 
+prohibit_login =
 resent_limit_prompt=활성화를 위한 이메일을 이미 전송했습니다. 3분 내로 이메일을 받지 못한 경우 재시도해주세요.
 has_unconfirmed_mail=안녕하세요 %s, 이메일 주소(<b>%s</b>)가 확인되지 않았습니다. 확인 메일을 받으시지 못하겼거나 새로운 확인 메일이 필요하다면, 아래 버튼을 클릭해 재발송하실 수 있습니다.
 resend_mail=여기를 눌러 확인 메일 재전송
@@ -416,6 +419,9 @@ authorize_application=애플리케이션 승인
 authorize_redirect_notice=애플리케이션을 승인하면 %s (으)로 리다이렉트됩니다.
 authorize_application_created_by=이 애플리케이션은 %s (이)가 만들었습니다.
 authorization_failed=인증 실패
+manual_activation_only = 활성화를 완료하려면 사이트 관리자에게 문의하십시오.
+remember_me = 이 장치 기억하기
+hint_login = 이미 계정이 있으신가요? <a href="%s">지금 로그인하세요!</a>
 
 [mail]
 activate_account=계정을 활성화하세요
diff --git a/options/locale/locale_nb_NO.ini b/options/locale/locale_nb_NO.ini
index 4e8232f207..ada3a5bc39 100644
--- a/options/locale/locale_nb_NO.ini
+++ b/options/locale/locale_nb_NO.ini
@@ -32,7 +32,7 @@ webauthn_use_twofa = Bruk tofaktorkode fra din mobil
 organization = Organisasjon
 mirror = Speil
 new_mirror = Ny speiling
-repository = Repositorium
+repository = Depot
 new_project = Nytt prosjekt
 new_project_column = Ny kolonne
 webauthn_error = Klarte ikke lese sikkerhetsnøkkelen.
@@ -44,10 +44,10 @@ settings = Innstillinger
 your_profile = Profil
 your_starred = Stjernemerket
 your_settings = Innstillinger
-new_repo.title = Nytt repositorium
+new_repo.title = Nytt depot
 new_migrate.title = Ny migrasjon
 new_org.title = Ny organisasjon
-new_repo.link = Nytt repositorium
+new_repo.link = Nytt depot
 new_migrate.link = Ny migrasjon
 new_org.link = Ny organisasjon
 all = Alle
@@ -94,7 +94,7 @@ copy_type_unsupported = Denne filtypen kan ikke kopieres
 write = Skriv
 preview = Forhåndsvis
 concept_user_individual = Individuell
-concept_code_repository = Repositorium
+concept_code_repository = Depot
 concept_user_organization = Organisasjon
 show_timestamps = Vis tidsstempler
 show_log_seconds = Vis sekunder
@@ -131,14 +131,14 @@ twofa_scratch = To-faktor skrapekode
 webauthn_press_button = Vennligst trykk på knappen på sikkerhetsnøkkelen…
 webauthn_error_duplicated = Sikkerhetsnøkkelen er ikke tillatt for denne forespørselen. Vennligst sørg for at nøkkelen ikke allerede er registrert.
 webauthn_error_timeout = Et tidsavbrudd oppsto før nøkkelen din kunne leses. Vennligst last inn siden på nytt og prøv igjen.
-new_fork = Ny fork av repository
+new_fork = Ny forgrening av depot
 collaborative = Samarbeidende
 error413 = Du har brukt opp kvoten din.
 issues = Saker
 unpin = Løsne
 filter.is_fork = Forks
 filter.not_fork = Ikke forks
-pull_requests = Pull requests
+pull_requests = Fletteforespørsel
 copy_branch = Kopier branch navn
 error404 = Siden du forsøker å nå <strong>eksisterer ikke</strong>, <strong>er blitt fjernet</strong> eller <strong>du har ikke tilgang til å se den</strong>.
 tracked_time_summary = Oppsummering av registrert tid basert på problemfiltre
@@ -155,12 +155,12 @@ code_kind = Søk i kode…
 package_kind = Søk i pakker…
 project_kind = Søk i prosjekter…
 branch_kind = Søk i brancher…
-commit_kind = Søk i commits…
+commit_kind = Søk i innsendelser …
 regexp_tooltip = Tolk søkeordet som et regulæruttrykk
 pull_kind = Søk i pulls…
 keyword_search_unavailable = Søk etter nøkkelord er for øyeblikket ikke tilgjengelig. Kontakt administratoren.
 exact_tooltip = Inkluder kun resultater som samsvarer nøyaktig med søkeordet
-repo_kind = Søk i repositorer…
+repo_kind = Søk i depoter …
 fuzzy_tooltip = Inkluder resultater som også stemmer godt overens med søketermen
 org_kind = Søk i organisasjoner…
 issue_kind = Søk i saker…
@@ -235,18 +235,24 @@ email_domain_blacklisted = Du kan ikke registrere deg med din e-postadresse.
 authorize_application = Autoriser applikasjon
 authorize_redirect_notice = Du vil bli omdirigert til %s dersom du autoriserer denne applikasjonen.
 authorize_application_created_by = Denne applikasjonen ble laget av %s.
-authorize_application_description = Dersom du gir tilgang vil den kunne lese og skrive til all kontoinformasjonen din, inklusive private repo-er og organisasjoner.
+authorize_application_description = Dersom du gir tilgang vil den kunne lese og skrive til all kontoinformasjonen din, inklusive private depoter og organisasjoner.
 authorize_title = Autoriser "%s" for tilgang til din konto?
 authorization_failed = Autorisering feilet
+authorization_failed_desc = Autoriseringen mislyktes fordi vi oppdaget en ugyldig forespørsel. Venligst kontakt vedlikeholderen av appen som du prøvde å autorisere.
+password_pwned = Passordet du valgte står på en <a target="_blank" rel="noopener noreferrer" href="%s">liste over stjålne passord</a> tidligere eksponert i offentlige datainnbrudd. Vennligst prøv igjen med et annet password og vurder å endre passordet andre steder også.
+password_pwned_err = Kunne ikke fullføre forespørselen til HaveIBeenPwned
+last_admin = Du kan ikke fjerne den siste admin. Det må være minst en admin.
+back_to_sign_in = Tilbake til Logg inn
+sign_in_openid = Fortsett med OpenID
 
 [home]
 uname_holder = Brukernavn eller e-postadresse
 switch_dashboard_context = Bytt dashboard miljø
-my_repos = Repositorier
+my_repos = Depoter
 my_orgs = Organisasjoner
 view_home = Vis %s
 filter = Andre filtre
-filter_by_team_repositories = Filtrer etter team-repositorier
+filter_by_team_repositories = Filtrer etter lag-depoter
 feed_of = Feed av "%s"
 show_archived = Arkivert
 show_both_archived_unarchived = Viser både arkiverte og ikke arkiverte
@@ -256,7 +262,7 @@ show_private = Privat
 show_both_private_public = Vis både offentlige og private
 show_only_private = Vis kun private
 show_only_public = Vis kun offentlige
-issues.in_your_repos = I dine repositorier
+issues.in_your_repos = I dine depoter
 
 [heatmap]
 contributions_zero = Ingen bidrag
@@ -331,7 +337,7 @@ sqlite_helper = Sti til SQLite3-databasen.<br>Bruk absolutt filsti dersom Forgej
 reinstall_error = Du prøver å installere i en eksisterende Forgejo-database
 reinstall_confirm_message = Å installere på nytt med en eksisterende Forgejo-database kan føre til problemer. I de fleste tilfeller bør du bruke din eksisterende "app.ini" for å kjøre Forgejo. Hvis du vet hva du gjør, og vil fortsette, bekreft følgende:
 reinstall_confirm_check_1 = Data kryptert av SECRET_KEY i app.ini-filen kan mistes: brukere vil ikke ha mulighet til å logge inn med 2FA/OTP og mirrorene vil kanskje ikke fungere korrekt. Etter det å ha markert boksen bekrefter du at nåværende app.ini-filen har den korrekte SECRET_KEY.
-reinstall_confirm_check_2 = Repositoriene og innstillingene kan trenge en re-synkronisering. Ved å markere denne boksen bekrefter du at du vil re-synkronisere hookene til repositoriene og authorized_keys filen manuelt. Du bekrefter at du vil sjekke at repositorie- og speilinnstilingene er korrekte.
+reinstall_confirm_check_2 = Depotene og innstillingene kan trenge en re-synkronisering. Ved å markere denne boksen bekrefter du at du vil re-synkronisere hookene til depotene og «authorized_keys»-filen manuelt. Du bekrefter at du vil sjekke at depot- og speilinnstilingene er korrekte.
 reinstall_confirm_check_3 = Du bekrefter at du er absolutt sikker på at Forgejo kjører med den korrekte app.ini lokasjonen og at du er sikker på at du må gjøre en re-install. Du bekrefter at du forstår risikoene nevnt ovenfor.
 err_empty_db_path = Filplasseringen til SQLite3 database kan ikke være tom.
 no_admin_and_disable_registration = Du kan ikke skru av bruker selv-registrering uten å ha laget en administrator konto.
@@ -345,12 +351,12 @@ app_name = Instans tittel
 app_name_helper = Skriv inn navnet på instansen din. Den vil bli vist på alle sider.
 app_slogan = Instans motto
 app_slogan_helper = Skriv inn instans mottoen her. La den være tom om du vil skru av instans motto.
-repo_path = Repositorie root filplassering
-repo_path_helper = Fjerntilgjenelige Git repositorie vil være lagret på denne filplasseringen.
+repo_path = Rotsti til depot
+repo_path_helper = Fjerntilgjenelige Git-depot vil være lagret på denne filplasseringen.
 lfs_path = Git LFS root filplassering
 lfs_path_helper = Filer kontrollert av Git LFS vil være lagret på denne filplasseringen. La være tomt om du vil skru den av.
 run_user = Kjøre bruker som
-run_user_helper = Operativsystemets brukernavn som Forgejo kjører som. Merk at brukeren må ha tilgang til repositoriens root filplassering.
+run_user_helper = Operativsystemets brukernavn som Forgejo kjører som. Merk at brukeren må ha tilgang til depotets rotsti.
 domain = Server domene
 domain_helper = Domene eller host adresse til serveren.
 ssh_port = SSH server port
@@ -396,7 +402,7 @@ default_keep_email_private.description = Skru på e-post adresser gjemming for n
 default_allow_create_organization = Tilatt skaping av organisasjoner på default
 default_allow_create_organization.description = Tilatt nye bruker å danne organisasjoner på default. Når denne innstillingen er skrudd av, må en admin gi tillatelse til nye brukere om de vil danne organiasjoner.
 default_enable_timetracking = Skru på tids-tracking på default
-default_enable_timetracking.description = Tilatt bruken av tids-tracking funksjonen for nye repositorier på default.
+default_enable_timetracking.description = Tillatt bruken av tidtakingsfunksjonen for nye depoter som standard.
 admin_title = Administrator brukertinnstillinger
 admin_setting.description = Å lage en administratorbruker er helt valgfritt. Den første registrerte brukeren blir automatisk en administrator.
 admin_name = Administrator brukernavn
@@ -409,7 +415,7 @@ test_git_failed = Kunne ikke teste "git" kommandoen: %v
 sqlite3_not_available = Denne Forgejo-versjonen støtter ikke SQLite3. Last ned den offisielle programversjonen fra %s (ikke velg "gobuild"-versjonen).
 invalid_db_setting = Database instillingene er ugyldige: %v
 invalid_db_table = Database tabellen "%s" er ugyldig: %v
-invalid_repo_path = Repositorie root filplasseringen er ugyldig: %v
+invalid_repo_path = Rotstien til depotet er ugyldig: %v
 invalid_app_data_path = Appdata filplassering er ugyldig: %v
 run_user_not_match = Brukernavnet i "Kjører bruker som" er ikke det nåværende brukernavnet: %s -> %s
 internal_token_failed = Feilet å generere intern-toke: %v
@@ -417,7 +423,7 @@ save_config_failed = Feilet å lagre innstillingene: %v
 enable_update_checker_helper_forgejo = Den vil periodisk sjekke for nye Forgejo-versjoner ved å sjekke en TXT DNS-record på release.forgejo.org.
 invalid_admin_setting = Administrator konto innstilling er ugyldig: %v
 invalid_log_root_path = Loggfilplasseringen er ugyldig: %v
-no_reply_address = Gjemmet e-post domene
+no_reply_address = Gjemt e-post domene
 no_reply_address_helper = Domenenavn for bruker med en gjemt e-post adresse. For eksempel, vil brukeren "joe" være logget inn på Git som "joe@noreply.example.org" om den gjemmet e-post domenen er satt på "noreply.example.org".
 password_algorithm = Passord hash-algoritme
 invalid_password_algorithm = Ugyldig passord hash-algoritme
@@ -438,11 +444,70 @@ platform_desc = Forgejo fungerer på frie operativsystemer som Linux og FreeBSD,
 license_desc = Last ned <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Bli med ved å <a target="_blank" rel="noopener noreferrer" href="%[2]s">bidra</a> for å gjøre prosjektet enda bedre. Ikke vær redd for å bli en bidragsyter!
 
 [explore]
-repos = Repositorier
+repos = Depoter
 users = Brukere
 organizations = Organisasjoner
 go_to = Gå til
 code = Kode
 code_last_indexed_at = Sist indeksert %s
-relevant_repositories_tooltip = Repositorier som er forker eller har ingen tema, ingen ikon, og ingen beskrivelse er gjemt.
-relevant_repositories = Kun relevante repositorier er vist, <a href="%s">vis ufiltrerte resultater</a>.
\ No newline at end of file
+relevant_repositories_tooltip = Depoter som er en forgrening eller har ingen tema, ikon og beskrivelse er gjemt.
+relevant_repositories = Kun relevante depoter er vist, <a href="%s">vis ufiltrerte resultater</a>.
+
+[repo]
+migrate_items_releases = Utgivelser
+releases = Utgivelser
+n_release_few = %s utgivelser
+activity.title.releases_1 = %d utgivelse
+activity.title.releases_n = %d utgivelser
+activity.title.releases_published_by = %s utgitt av %s
+release.releases = Utgivelser
+release.releases_for = Utgivelser for %s
+activity = Aktivitet
+activity.navbar.contributors = Bidragsytere
+activity.navbar.recent_commits = Nylige innsendelser
+activity.period.filter_label = Periode:
+activity.period.daily = 1 dag
+activity.period.halfweekly = 3 dager
+activity.period.weekly = 1 uke
+activity.period.monthly = 1 måned
+activity.period.quarterly = 3 måneder
+activity.period.semiyearly = 6 måneder
+activity.period.yearly = 1 år
+activity.overview = Oversikt
+activity.merged_prs_count_1 = Flettet fletteforespørsel
+activity.merged_prs_count_n = Flettet fletteforespørsler
+n_commit_few = %s innsendelser
+commits.commits = Innsendelser
+n_branch_few = %s utgreining
+n_tag_few = %s etiketter
+tags = Etiketter
+commit_graph.select = Velg utgreining
+branches = Utgreining
+find_file.go_to_file = Finn en fil
+find_file.no_matching = Ingen samsvarende filer funnet
+pulls.merged = Flettet
+pulls.tab_conversation = Diskusjon
+
+[settings]
+no_activity = Ingen nylig aktivitet
+
+[git.filemode]
+normal_file = Normal fil
+executable_file = Kjørbar fil
+
+[mail]
+view_it_on = Se den på %s
+reply = eller svar direkte på denne e-posten
+link_not_working_do_paste = Fungerer ikke linken? Prøv å kopiere og lim det inn i nettleserens URL-linje.
+hi_user_x = Hei <b>%s</b>,
+activate_account = Vennligst aktiver kontoen din
+activate_account.text_1 = Hei <b>%[1]s</b>, takk for at du registrerte deg på %[2]s!
+activate_account.text_2 = Vennligst trykk på den følgende linken for å aktivere kontoen din innen <b>%s</b>:
+activate_email = Bekreft din e-postadresse
+activate_email.text = Vennligst trykk på den følgende linken for å bekrefte e-postadressen din innen <b>%s</b>:
+admin.new_user.subject = Ny bruker %s har nettopp registrert seg
+admin.new_user.user_info = Bruker informasjon
+admin.new_user.text = Vennligst <a href="%s">Trykk her</a> for å administrere denne brukeren fra admin panelet.
+register_notify = Velkommen til %s
+register_notify.text_1 = Dette er e-posten som bekrefter din registrering for %s!
+register_notify.text_2 = Du kan logge in på din konto med bruk av ditt brukernavn: %s
\ No newline at end of file
diff --git a/options/locale/locale_nds.ini b/options/locale/locale_nds.ini
index beb7f8ac67..d8b97b61cf 100644
--- a/options/locale/locale_nds.ini
+++ b/options/locale/locale_nds.ini
@@ -190,7 +190,7 @@ buttons.bold.tooltip = Fetten Text hentofögen (Strg+B / ⌘B)
 buttons.italic.tooltip = Schüünen Text hentofögen (Strg+I / ⌘I)
 buttons.quote.tooltip = Text ziteren
 buttons.code.tooltip = Quelltext hentofögen
-buttons.link.tooltip = Verwies hentofögen
+buttons.link.tooltip = Verwies hentofögen (Strg+K / ⌘K)
 buttons.list.unordered.tooltip = Punkierte List hentofögen
 buttons.list.task.tooltip = List vun Upgavens hentofögen
 buttons.mention.tooltip = Eenen Bruker of eene Klottje nömen
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index 998221c0a0..5ab06e61d0 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -17,7 +17,7 @@ template=Sjabloon
 language=Taal
 notifications=Meldingen
 active_stopwatch=Actieve tijd tracker
-create_new=Maken…
+create_new=Aanmaken…
 user_profile_and_more=Profiel en instellingen…
 signed_in_as=Aangemeld als
 toc=Inhoudsopgave
@@ -30,14 +30,14 @@ password=Wachtwoord
 access_token=Toegangstoken
 re_type=Bevestig wachtwoord
 captcha=CAPTCHA
-twofa=Twee-factor authenticatie
-twofa_scratch=Twee-factor krascode
+twofa=Tweefactorauthenticatie
+twofa_scratch=Tweefactor krascode
 passcode=Code
 
-webauthn_insert_key=Voer uw beveiligingssleutel in
-webauthn_sign_in=Druk op de knop van uw beveiligingssleutel. Als uw beveiligingssleutel geen knop heeft, voer deze dan opnieuw in.
+webauthn_insert_key=Sluit uw beveiligingssleutel aan
+webauthn_sign_in=Druk op de knop van uw beveiligingssleutel. Als uw beveiligingssleutel geen knop heeft, sluit deze dan opnieuw aan.
 webauthn_press_button=Druk alstublieft op de knop van uw beveiligingssleutel…
-webauthn_use_twofa=Gebruik een twee-factor code van uw telefoon
+webauthn_use_twofa=Gebruik een tweefactor code van uw telefoon
 webauthn_error=Kon uw beveiligingssleutel niet lezen.
 webauthn_unsupported_browser=Uw browser ondersteunt momenteel geen WebAuthn.
 webauthn_error_unknown=Er is een onbekende fout opgetreden. Probeer het opnieuw.
@@ -181,7 +181,7 @@ buttons.heading.tooltip = Koptekst toevoegen
 buttons.bold.tooltip = Vetgedrukte tekst toevoegen (Ctrl+B / ⌘B)
 buttons.quote.tooltip = Tekst citeren
 buttons.code.tooltip = Code toevoegen
-buttons.link.tooltip = Link toevoegen
+buttons.link.tooltip = Link toevoegen (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip = Een bulletlijst toevoegen
 buttons.list.ordered.tooltip = Een genummerde lijst toevoegen
 buttons.mention.tooltip = Vermeld een gebruiker of team
@@ -876,7 +876,7 @@ revoke_oauth2_grant_description=Het intrekken van toegang voor deze derde partij
 
 twofa_desc=Tweefactorauthenticatie verbetert de beveiliging van je account.
 twofa_is_enrolled=Je account is momenteel <strong>ingeschreven</strong> voor two-factor authenticatie.
-twofa_not_enrolled=Je account is momenteel niet ingeschreven voor two-factor authenticatie.
+twofa_not_enrolled=Er is momenteel geen two-factor authenticatie geactiveerd voor je account.
 twofa_disable=Twee-factor authenticatie uitschakelen
 twofa_scratch_token_regenerate=Herstelcode voor eenmalig gebruik genereren
 twofa_enroll=Two-factor authenticatie inschakelen
@@ -2027,13 +2027,13 @@ settings.packagist_api_token=API token
 settings.packagist_package_url=Packagist pakket URL
 settings.deploy_keys=Deploy sleutels
 settings.add_deploy_key=Deploy sleutel toevoegen
-settings.deploy_key_desc=Deploy sleutels kunnen alleen-lezen of alleen-lezen-schrijftoegang hebben tot de repository.
+settings.deploy_key_desc=Deploy sleutels kunnen alleen-lezen of lees-en-schrijftoegang hebben tot de repository.
 settings.is_writable=Schrijftoegang inschakelen
-settings.is_writable_info=Sta deze deploy toets toe om te <strong>pushen</strong> naar de repository.
+settings.is_writable_info=Sta deze deploysleutel toe om te <strong>pushen</strong> naar de repository.
 settings.no_deploy_keys=Er zijn nog geen deploy sleutels.
 settings.title=Titel
 settings.deploy_key_content=Inhoud
-settings.key_been_used=Een deploy key met identieke inhoud is al in gebruik.
+settings.key_been_used=Een deploy sleutel met identieke inhoud is al in gebruik.
 settings.key_name_used=Een deploy sleutel met dezelfde naam bestaat al.
 settings.deploy_key_deletion=Deploy sleutel verwijderen
 settings.deploy_key_deletion_desc=Het verwijderen van een deploy sleutel zal de toegang tot deze repository intrekken. Doorgaan?
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index 2a6ce16fc1..ed49655922 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -182,7 +182,7 @@ buttons.bold.tooltip = Dodaj pogrubiony tekst (Ctrl+B / ⌘B)
 buttons.italic.tooltip = Dodaj pochyły tekst (Ctrl+I / ⌘I)
 buttons.quote.tooltip = Zacytuj tekst
 buttons.code.tooltip = Dodaj kod
-buttons.link.tooltip = Dodaj odnośnik
+buttons.link.tooltip = Dodaj odnośnik (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip = Dodaj listę punktowaną
 buttons.list.ordered.tooltip = Dodaj listę numerowaną
 buttons.list.task.tooltip = Dodaj listę zadań
@@ -919,7 +919,7 @@ oauth2_application_locked = Forgejo rejestruje zawczasu kilka aplikacji OAuth2 p
 oauth2_client_secret_hint = Sekret nie będzie pokazany ponownie po opuszczeniu lub odświeżeniu tej strony. Proszę upewnij się, że został zapisany.
 email_desc = Twój główny adres e-mail będzie użyty dla powiadomień, odzyskiwania hasła i, chyba że jest ukryty, operacji Git w przeglądarce.
 key_content_ssh_placeholder = Rozpoczyna się z "ssh-ed25519", "ssh-rsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "sk-ecdsa-sha2-nistp256@openssh.com", lub "sk-ssh-ed25519@openssh.com"
-repo_and_org_access = Dostęp do Repozytoriów i Organizacji
+repo_and_org_access = Dostęp do repozytoriów i organizacji
 revoke_oauth2_grant_success = Dostęp cofnięty pomyślnie.
 update_language = Zmień język
 keep_email_private_popup = Adres e-mail nie będzie pokazywany na profilu i nie będzie używany jako domyślny dla commitów utworzonych przez interfejs przeglądarki, takich jak wgrywanie plików, edycje, czy commity scalające. Zamiast tego, specjalny adres %s może zostać użyty do powiązania commitów z kontem użytkownika. Ta opcja nie wpływa na commity już istniejące.
@@ -1013,6 +1013,16 @@ quota.sizes.repos.all = Repozytoria
 quota.sizes.repos.public = Publiczne repozytoria
 quota.sizes.repos.private = Prywatne repozytoria
 quota.applies_to_user = Następujące zasady limitów obowiązują dla Twojego konta
+quota.sizes.git.all = Zawartość Git
+quota.sizes.git.lfs = Git LFS
+quota.sizes.assets.attachments.all = Załączniki
+quota.sizes.assets.attachments.issues = Załączniki zgłoszeń
+quota.sizes.assets.attachments.releases = Załączniki wydań
+quota.sizes.assets.artifacts = Artefakty
+quota.sizes.assets.packages.all = Pakiety
+quota.sizes.wiki = Wiki
+quota = Udział
+quota.sizes.assets.all = Zasoby
 
 [repo]
 owner=Właściciel
@@ -1071,7 +1081,7 @@ forks=Forki
 reactions_more=i %d więcej
 unit_disabled=Administrator witryny wyłączył tę sekcję repozytorium.
 language_other=Pozostałe
-adopt_search=Wprowadź nazwę użytkownika, aby wyszukać nieprzyjęte repozytoria... (pozostaw puste, aby znaleźć wszystko)
+adopt_search=Wprowadź nazwę użytkownika, aby wyszukać nieprzyjęte repozytoria… (pozostaw puste, aby znaleźć wszystko)
 adopt_preexisting_label=Przyjmij pliki
 adopt_preexisting=Przyjmij istniejące pliki
 adopt_preexisting_content=Stwórz repozytorium z %s
@@ -1132,7 +1142,7 @@ migrate.migrate_items_options=Token dostępu jest wymagany, aby migrować dodatk
 migrated_from=Zmigrowane z <a href="%[1]s">%[2]s</a>
 migrated_from_fake=Migrowane z %[1]s
 migrate.migrate=Migracja z %s
-migrate.migrating=Migrowanie z <b>%s</b>...
+migrate.migrating=Migrowanie z <b>%s</b>…
 migrate.migrating_failed=Migrowanie z <b>%s</b> nie powiodło się.
 migrate.migrating_failed_no_addr=Migracja nie powiodła się.
 migrate.migrating_git=Migracja danych Git
@@ -1238,7 +1248,7 @@ editor.propose_file_change=Zaproponuj zmiany w pliku
 editor.new_branch_name_desc=Nazwa nowej gałęzi…
 editor.cancel=Anuluj
 editor.filename_cannot_be_empty=Nazwa pliku nie może być pusta.
-editor.file_changed_while_editing=Zawartość pliku zmieniła się, odkąd rozpoczęto jego edycję. <a target="_blank" rel="noopener noreferrer" href="%s">Kliknij tutaj</a>, aby zobaczyć zmiany, lub <strong>ponownie Zatwierdź zmiany</strong>, aby je nadpisać.
+editor.file_changed_while_editing=Zawartość pliku zmieniła się, odkąd otworzono plik. <a target="_blank" rel="noopener noreferrer" href="%s">Kliknij tutaj</a>, aby zobaczyć zmiany, lub <strong>ponownie Zatwierdź zmiany</strong>, aby je nadpisać.
 editor.commit_empty_file_header=Commituj pusty plik
 editor.commit_empty_file_text=Plik, który zamierzasz commitować, jest pusty. Kontynuować?
 editor.no_changes_to_show=Brak zmian do pokazania.
@@ -1403,7 +1413,7 @@ issues.closed_at=`zamknął(-ęła) to zgłoszenie %s`
 issues.reopened_at=`otworzył(-a) ponownie to zgłoszenie %s`
 issues.commit_ref_at=`wspomniał(-a) to zgłoszenie z commita %s`
 issues.ref_issue_from=`<a href="%[2]s">odwołał(-a) się do tego zgłoszenia %[3]s</a> %[1]s`
-issues.ref_pull_from=`<a href="%[2]s">odwołał(-a) się do tego Pull Requesta %[3]s</a> %[1]s`
+issues.ref_pull_from=`<a href="%[2]s">odwołał(-a) się do tego pull requesta %[3]s</a> %[1]s`
 issues.ref_closing_from=`<a href="%[2]s">odwołał(-a) się do pull requesta %[3]s, który zamknie to zgłoszenie</a> %[1]s`
 issues.ref_reopening_from=`<a href="%[2]s">odwołał(-a) się z pull requesta %[3]s, który otworzy na nowo to zgłoszenie</a> %[1]s`
 issues.ref_from=`z %[1]s`
@@ -1452,8 +1462,8 @@ issues.lock.notice_3=- Możesz zawsze odblokować to zagadnienie w przyszłości
 issues.unlock.notice_1=- Wszyscy będą mogli ponownie umieszczać komentarze w tym zagadnieniu.
 issues.unlock.notice_2=- Możesz zawsze ponownie zablokować to zagadnienie w przyszłości.
 issues.lock.reason=Powód blokady
-issues.lock.title=Zablokuj konwersację w tym zgłoszeniu.
-issues.unlock.title=Odblokuj konwersację w tym zgłoszeniu.
+issues.lock.title=Zablokuj konwersację
+issues.unlock.title=Odblokuj konwersację
 issues.comment_on_locked=Nie możesz umieszczać komentarzy pod zablokowanym zgłoszeniem.
 issues.delete=Usuń
 issues.tracker=Śledzenie czasu
@@ -1609,7 +1619,7 @@ pulls.update_branch_success=Aktualizacja gałęzi powiodła się
 pulls.update_not_allowed=Nie masz uprawnień do aktualizacji gałęzi
 pulls.outdated_with_base_branch=Ta gałąź jest przestarzała w stosunku do gałęzi bazowej
 pulls.closed_at=`zamknął(-ęła) ten pull request %s`
-pulls.reopened_at=`otworzył(-a) ponownie ten Pull Request %s`
+pulls.reopened_at=`otworzył(-a) ponownie ten pull request %s`
 
 
 
@@ -1643,7 +1653,7 @@ milestones.filter_sort.least_issues=Najmniej zgłoszeń
 
 
 wiki=Wiki
-wiki.welcome=Witaj na wiki!
+wiki.welcome=Witaj na wiki.
 wiki.welcome_desc=Wiki pozwala Ci na tworzenie i współdzielenie dokumentacji ze współpracownikami.
 wiki.desc=Pisz i współdziel dokumentację ze współpracownikami.
 wiki.create_first_page=Stwórz pierwszą stronę
@@ -1929,7 +1939,7 @@ settings.slack_domain=Domena
 settings.slack_channel=Kanał
 settings.deploy_keys=Klucze wdrożeniowe
 settings.add_deploy_key=Dodaj klucz wdrożeniowy
-settings.deploy_key_desc=Klucze wdrożeniowe mają wyłącznie dostęp "tylko do odczytu" do pobierania danych z repozytorium.
+settings.deploy_key_desc=Klucze wdrożeniowe mogą mieć wyłącznie dostęp "tylko do odczytu" lub "odczyt-zapis" do danych z repozytorium.
 settings.is_writable=Włącz dostęp do zapisu
 settings.is_writable_info=Zezwól temu kluczowi wdrożeniowemu na <strong>przepychanie</strong> zmian do tego repozytorium.
 settings.no_deploy_keys=W tej chwili nie ma kluczy wdrożeniowych.
@@ -2018,7 +2028,7 @@ settings.lfs_invalid_locking_path=Nieprawidłowa ścieżka: %s
 settings.lfs_invalid_lock_directory=Nie można zablokować katalogu: %s
 settings.lfs_lock_already_exists=Blokada już istnieje: %s
 settings.lfs_lock=Zablokuj
-settings.lfs_lock_path=Ścieżka pliku do zablokowania...
+settings.lfs_lock_path=Ścieżka pliku do zablokowania…
 settings.lfs_locks_no_locks=Brak blokad
 settings.lfs_lock_file_no_exist=Zablokowany plik nie istnieje w domyślnej gałęzi
 settings.lfs_force_unlock=Wymuś odblokowanie
@@ -2190,7 +2200,7 @@ fork_to_different_account = Utwórz fork do innego konta
 size_format = %[1]s: %[2]s, %[3]s: %[4]s
 rss.must_be_on_branch = Musisz być na gałęzi by mieć dostęp do kanału RSS.
 visibility_helper = Ustaw repozytorium jako prywatne
-mirror_address_url_invalid = Przekazany URL nie jest poprawny. Musisz zakodować wszystkie komponenty URL poprawnie.
+mirror_address_url_invalid = Przekazany URL nie jest poprawny. Upewnij się, że wszystkie komponenty URL są zakodowane poprawnie.
 form.name_pattern_not_allowed = Wzór "%s" nie jest dozwolony w nazwie repozytorium.
 blame_prior = Zobacz blame przed tą zmianą
 template.git_hooks_tooltip = W tym momencie nie można modyfikować ani usuwać hooków Gita które zostały już dodane. Wybierz tę opcję tylko jeżeli ufasz szablonowi repozytorium.
@@ -2214,13 +2224,13 @@ new_advanced_expand = Kliknij by rozwinąć
 author_search_tooltip = Pokazuje maksymalnie 30 użytkowników
 form.name_reserved = Nazwa repozytorium "%s" jest zarezerwowana.
 archive.title = To repozytorium zostało zarchiwizowane. Możesz podglądać pliki i sklonować je, ale nie możesz wypychać, otwierać zgłoszeń oraz pull requestów.
-archive.title_date = To repozytorium zostało zarchiwizone w %s. Możesz podglądać pliki i sklonować je, ale nie możesz wypychać, otwierać zgłoszeń oraz pull requestów.
+archive.title_date = To repozytorium zostało zarchiwizowane w %s. Możesz przeglądać pliki i klonować, ale nie możesz wypychać, otwierać zgłoszeń, tworzyć pull requestów oraz komentować.
 object_format = Format obiektów
 auto_init_description = Zainicjuj historię Git z README oraz opcjonalnie dodaj pliki Licencji oraz .gitignore.
 mirror_use_ssh.not_available = Uwierzytelnianie SSH nie jest dostępne.
 mirror_sync_on_commit = Synchronizuj kiedy commity są wypychane
 summary_card_alt = Karta podsumowania repozytorium %s
-tree_path_not_found.tag = Ścieża %[1]s nie istnieje w tagu %[2]s
+tree_path_not_found.tag = Ścieżka %[1]s nie istnieje w tagu %[2]s
 archive.pull.noreview = To repozytorium jest zarchiwizowane. Nie możesz recenzować pull requestów.
 migrate.migrating_failed.error = Nie udało się migrować: %s
 migrate.cancel_migrating_title = Anuluj migrację
@@ -2307,7 +2317,7 @@ release.title_empty = Tytuł nie może być pusty.
 release.releases_for = Wydania dla %s
 release.system_generated = Ten załącznik jest automatycznie wygenerowany.
 branch.delete_desc = Usunięcie gałęzi jest permanentne. Mimo, że usunięta gałąź może istnieć przez krótki czas zanim zostanie rzeczywiście usunięta, ta operacja NIE MOŻE zostać cofnięta w większości przypadków. Kontynuować?
-branch.rename_branch_to = Zmień nazwę gałęzi "%s" na:
+branch.rename_branch_to = Zmiana nazwy gałęzi "%s".
 editor.patch = Zastosuj patch
 commits.no_commits = Brak wspólnych commitów. "%s" i "%s" mają zupełnie inne historie.
 projects.create_success = Projekt "%s" został utworzony.
@@ -2538,7 +2548,7 @@ pulls.closed = Pull request zamknięty
 pulls.blocked_by_outdated_branch = Ten pull request jest zablokowany ponieważ jest przedawniony.
 pulls.blocked_by_changed_protected_files_1 = Ten pull request jest zablokowany ponieważ wprowadza zmiany do chronionego pliku:
 pulls.push_rejected_no_message = Wypchnięcie nie powiodło się: Wypchnięcie zostało odrzucone, ale nie otrzymano zdalnej wiadomości. Sprawdź hooki Git dla tego repozytorium.=
-pulls.commit_ref_at = `odniósł się do tego pull requesta z commita %s`
+pulls.commit_ref_at = `odniósł(-a) się do tego pull requesta z commita %s`
 pulls.cmd_instruction_checkout_desc = Ze swojego repozytorium projektu, utwórz nową gałąź i przetestuj zmiany.
 pulls.clear_merge_message_hint = Wyczyszczenie wiadomości scalenia usunie tylko treść wiadomości commitu pozostawiając wygenerowane przez git dopiski takie jak "Co-Authored-By ...".
 pulls.delete_after_merge.head_branch.insufficient_branch = Nie masz uprawnień by usunąć head gałęzi.
@@ -2676,7 +2686,7 @@ pulls.showing_only_single_commit = Pokazywane tylko zmiany commita %[1]s
 pulls.allow_edits_from_maintainers_desc = Użytkownicy z uprawnieniem zapisu do gałęzi głównej mogą również wypychać do tej gałęzi
 pulls.showing_specified_commit_range = Pokazywane tylko zmiany między %[1]s..%[2]s
 pulls.filter_changes_by_commit = Filtruj commitem
-pulls.nothing_to_compare_have_tag = Wybrana gałąź/tag są takie same.
+pulls.nothing_to_compare_have_tag = Wybrane gałęzie/tagi są takie same.
 pulls.has_pull_request = `Pull request między tymi gałęziami już istnieje: <a href="%[1]s">%[2]s#%[3]d</a>`
 settings.wiki_branch_rename_success = Gałąź wiki dla repozytorium została znormalizowana pomyślnie.
 settings.web_hook_name_larksuite_only = Lark Suite
@@ -2743,9 +2753,25 @@ settings.matrix.room_id_helper = ID Pokoju może być pozyskane z klienta przegl
 settings.matrix.access_token_helper = Zalecane jest skonfigurowanie dedykowany konta Matrix. Token dostępu może zostać pozyskany z przeglądarkowego klienta Element (w zakładce incognito/prywatnej) > Menu użytkownika (lewy górny róg) > Wszystkie ustawienia > Pomoc i O aplikacji > Zaawansowane > Token dostępu (zaraz pod URL Serwera domowego). Zamknij zakładkę incognito/prywatną (wylogowanie się unieważniłoby ten token).
 pulls.editable = Edytowalne
 pulls.editable_explanation = Ten pull request zezwala na edycje przez opiekunów. Możesz uczestniczyć w nim bezpośrednio.
+archive.nocomment = Komentowanie nie jest możliwe ponieważ repozytorium jest zarchiwizowane.
+sync_fork.branch_behind_one = Ta gałąź jest %[l]d commit za %[2]s
+sync_fork.branch_behind_few = Ta gałąź jest %[l]d commitów za %[2]s
+sync_fork.button = Synchronizuj
+migrate.repo_desc_helper = Pozostaw puste by zaimportować istniejący opis
+issues.filter_no_results = Brak wyników
+issues.filter_no_results_placeholder = Spróbuj zmienić filtry wyszukiwania.
+issues.filter_type.all_pull_requests = Wszystkie pull requesty
+comment.blocked_by_user = Komentowanie nie jest możliwe ponieważ jesteś zablokowany przez właściciela repozytorium lub autora.
+settings.event_action_failure = Niepowodzenie
+settings.event_action_success = Sukces
+settings.event_action_recover = Przywróć
+settings.event_action_recover_desc = Przebieg Akcji zakończony sukcesem po tym, jak ostatni Przebieg Akcji w tym samym procesie pracy się nie powiódł.
+settings.event_action_success_desc = Przebieg Akcji zakończony powodzeniem.
+settings.event_header_action = Wydarzenia Przebiegu Akcji
+settings.event_action_failure_desc = Przebieg Akcji zakończony niepowodzeniem.
 
 [graphs]
-component_loading = Wczytywanie %s...
+component_loading = Wczytywanie %s…
 component_loading_failed = Nie można wczytać %s
 component_loading_info = To może trochę zająć…
 code_frequency.what = częstotliwość kodu
@@ -2864,8 +2890,8 @@ teams.none_access_helper = Opcja "brak dostępu" dotyczy tylko repozytoriów pry
 teams.general_access = Niestandardowy dostęp
 teams.add_nonexistent_repo = Repozytorium które próbujesz dodać nie istnieje, proszę je najpierw utworzyć.
 teams.invite_team_member.list = Oczekujące zaproszenia
-settings.change_orgname_redirect_prompt.with_cooldown.few = Stara nazwa organizacji będzie dostępna dla każdego po okresie ochrony wynoszącym %[1]d dni, możesz nadal odzyskać starą nazwę podczas okresu ochrony.
-settings.change_orgname_redirect_prompt.with_cooldown.one = Stara nazwa organizacji będzie dostępna dla każdego po okresie ochrony wynoszącym %[1]d dzień, możesz nadal odzyskać starą nazwę podczas okresu ochrony.
+settings.change_orgname_redirect_prompt.with_cooldown.few = Stara nazwa organizacji będzie dostępna dla każdego po okresie ochrony wynoszącym %[1]d dni. Możesz nadal odzyskać starą nazwę podczas okresu ochrony.
+settings.change_orgname_redirect_prompt.with_cooldown.one = Stara nazwa organizacji będzie dostępna dla każdego po okresie ochrony wynoszącym %[1]d dzień. Możesz nadal odzyskać starą nazwę podczas okresu ochrony.
 teams.invite_team_member = Zaproś do %s
 settings.visibility.limited = Ograniczona (widoczne tylko dla zalogowanych użytkowników)
 teams.none_access = Brak dostępu
@@ -2920,10 +2946,10 @@ dashboard.deleted_branches_cleanup=Wyczyść usunięte galęzie
 dashboard.git_gc_repos=Wykonaj zbieranie śmieci ze wszystkich repozytoriów
 dashboard.resync_all_sshkeys=Zaktualizuj plik '.ssh/authorized_keys' z kluczami SSH Forgejo.
 dashboard.resync_all_sshprincipals=Zaktualizuj plik ".ssh/authorized_principals" z podmiotami SSH Forgejo.
-dashboard.resync_all_hooks=Ponownie synchronizuj hooki pre-receive, update i post-receive we wszystkich repozytoriach
+dashboard.resync_all_hooks=Ponownie synchronizuj hooki Git we wszystkich repozytoriach (pre-receive, update, post-receive, proc-receive, …)
 dashboard.reinit_missing_repos=Ponownie zainicjalizuj wszystkie brakujące repozytoria Git, dla których istnieją rekordy
 dashboard.sync_external_users=Synchronizuj zewnętrzne dane użytkownika
-dashboard.cleanup_hook_task_table=Oczyść tabelę hook_task
+dashboard.cleanup_hook_task_table=Wyczyść tabelę hook_task
 dashboard.server_uptime=Czas pracy serwera
 dashboard.current_goroutine=Bieżące goroutines
 dashboard.current_memory_usage=Bieżące użycie pamięci
@@ -3333,7 +3359,7 @@ users.still_own_packages = Ten użytkownik nadal jest właścicielem jednego lub
 users.list_status_filter.not_admin = Nie administrator
 users.list_status_filter.not_2fa_enabled = 2FA wyłączone
 emails.change_email_text = Czy jesteś pewien(-na), że chcesz zaktualizować ten adres e-mail?
-emails.delete = Usuń E-mail
+emails.delete = Usuń adres e-mail
 emails.delete_desc = Czy jesteś pewien(-na), że chcesz usunąć ten adres e-mail?
 packages.total_size = Wielkość całkowita: %s
 packages.unreferenced_size = Nieodniesiona wielkość: %s
@@ -3493,7 +3519,7 @@ deletion = Usuń sekret
 creation.failed = Dodanie sekretu nie powiodło się.
 description = Sekrety będą przekazane pewnym akcjom, nie mogą być odczytane inaczej.
 creation.success = Secret "%s" został dodany.
-creation = Dodaj Sekret
+creation = Dodaj sekret
 deletion.success = Sekret został usunięty.
 deletion.description = Usunięcie sekretu jest permanentne i nie może zostać cofnięte. Kontynuować?
 creation.value_placeholder = Wprowadź dowolną treść. Białe znaki na początku i końcu będą pominięte.
@@ -3611,7 +3637,7 @@ issues.write = <b>Zapis:</b> Zamykanie zgłoszeń i zarządzanie metadanymi taki
 pulls.write = <b>Zapis:</b> Zamykanie pull requestów i zarządzanie metadanymi takimi jak etykiety, kamienie milowe, osoby przypisane, terminy i zależności.
 ext_issues = Dostęp do linku kierującego do zewnętrznego dziennika zgłoszeń. Uprawnienia są zarządzane zewnętrznie.
 ext_wiki = Dostęp do linku kierującego do zewnętrznej wiki. Uprawnienia są zarządzane zewnętrznie.
-actions.write = <b>Zapis:</b> Ręczne wywołanie, restart, anulowanie lub zatwierdzenie oczekujących procesów CI/CD.
-actions.read = <b>Odczyt:</b> Podgląd zintegrowanych procesów CI/CD i ich logów.
+actions.write = <b>Zapis:</b> Wywołanie, restart i anulowanie procesów pracy. Zarządzaj modelem zaufania uczestników pull requestów.
+actions.read = <b>Odczyt:</b> Podgląd procesów pracy i ich logów.
 
 [munits.data]
\ No newline at end of file
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index 5b0a9e5ace..c1e3cac697 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -1040,8 +1040,8 @@ visibility_helper=Tornar o repositório privado
 visibility_helper_forced=O administrador do site força novos repositórios a serem privados.
 visibility_fork_helper=(Esta alteração irá afetar a visibilidade de todos os forks.)
 clone_helper=Precisa de ajuda com o clone? Visite a <a target="_blank" rel="noopener noreferrer" href="%s">Ajuda</a>.
-fork_repo=Fazer fork do repositório
-fork_from=Fork de
+fork_repo=Derivar repositório
+fork_from=Derivar de
 already_forked=Você já fez o fork de %s
 fork_to_different_account=Faça um fork para uma conta diferente
 fork_visibility_helper=A visibilidade do fork de um repositório não pode ser alterada.
@@ -1519,7 +1519,7 @@ issues.action_assignee_no_select=Sem responsável
 issues.action_check=Marcar/Desmarcar
 issues.action_check_all=Marcar/Desmarcar todos os itens
 issues.opened_by=aberto por <a href="%[2]s">%[3]s</a> %[1]s
-pulls.merged_by=por <a href="%[2]s">%[3]s</a> foi aplicado %[1]s
+pulls.merged_by=por <a href="%[2]s">%[3]s</a> foi mesclado %[1]s
 pulls.merged_by_fake=por %[2]s foi aplicado %[1]s
 issues.closed_by=por <a href="%[2]s">%[3]s</a> foi fechada %[1]s
 issues.opened_by_fake=%[1]s abertas por %[2]s
@@ -1722,7 +1722,7 @@ compare.compare_base=base
 compare.compare_head=comparar
 
 pulls.desc=Habilitar pull requests e revisões de código.
-pulls.new=Nova solicitação de revisão
+pulls.new=Nova proposta de revisão
 pulls.view=Ver proposta de revisão
 pulls.compare_changes=Nova proposta de revisão
 pulls.allow_edits_from_maintainers=Permitir edições de mantenedores
@@ -1832,9 +1832,9 @@ pulls.update_branch_rebase=Atualizar branch por rebase
 pulls.update_branch_success=Atualização do branch foi bem-sucedida
 pulls.update_not_allowed=Você não tem permissão para atualizar o branch
 pulls.outdated_with_base_branch=Este branch está desatualizado com o branch base
-pulls.close=Fechar pull request
-pulls.closed_at=`fechou este pull request %s`
-pulls.reopened_at=`reabriu este pull request %s`
+pulls.close=Fechar proposta de revisão
+pulls.closed_at=`fechou esta proposta de revisão %s`
+pulls.reopened_at=`reabriu esta proposta de revisão %s`
 pulls.clear_merge_message=Limpar mensagem do merge
 pulls.clear_merge_message_hint=Limpar a mensagem de merge só irá remover o conteúdo da mensagem de commit e manter trailers git gerados, como "Co-Authored-By …".
 
@@ -1938,14 +1938,14 @@ activity.period.quarterly=3 meses
 activity.period.semiyearly=6 meses
 activity.period.yearly=1 ano
 activity.overview=Visão geral
-activity.merged_prs_count_1=Pull request com merge concluído
-activity.merged_prs_count_n=Pull requests com merge concluído
-activity.opened_prs_count_1=Pull request proposto
-activity.opened_prs_count_n=Pull requests propostos
+activity.merged_prs_count_1=Proposta de revisão mesclada
+activity.merged_prs_count_n=Propostas de revisão mescladas
+activity.opened_prs_count_1=Proposta de revisão oferecida
+activity.opened_prs_count_n=Propostas de revisão oferecidas
 activity.title.user_1=%d usuário
 activity.title.user_n=%d usuários
-activity.title.prs_1=%d pull request
-activity.title.prs_n=%d pull requests
+activity.title.prs_1=%d proposta de revisão
+activity.title.prs_n=%d propostas de revisão
 activity.title.prs_merged_by=%s com merge aplicado por %s
 activity.title.prs_opened_by=%s proposto(s) por %s
 activity.merged_prs_label=Merge aplicado
@@ -2049,7 +2049,7 @@ settings.tracker_issue_style.regexp_pattern_desc=O primeiro grupo capturado ser
 settings.tracker_url_format_desc=Use os espaços reservados <code>{user}</code>, <code>{repo}</code> e <code>{index}</code> para o nome de usuário, nome do repositório e o índice de problemas.
 settings.enable_timetracker=Habilitar estatísticas de tempo
 settings.allow_only_contributors_to_track_time=Permitir que apenas os colaboradores usem estatísticas de tempo
-settings.pulls_desc=Habilitar pull requests no repositório
+settings.pulls_desc=Habilitar propostas de revisão no repositório
 settings.pulls.ignore_whitespace=Ignorar espaço em branco em conflitos
 settings.pulls.enable_autodetect_manual_merge=Habilitar a detecção automática de merge manual (Nota: Em alguns casos especiais, podem ocorrer julgamentos errados)
 settings.pulls.allow_rebase_update=Ativar atualização do branch do pull request por rebase
@@ -2198,21 +2198,21 @@ settings.event_issue_milestone=Marcos
 settings.event_issue_milestone_desc=Marco adicionado, removido ou modificado.
 settings.event_issue_comment=Comentários
 settings.event_issue_comment_desc=Comentário da issue criado, editado ou excluído.
-settings.event_header_pull_request=Eventos de pull request
+settings.event_header_pull_request=Eventos da proposta de revisão
 settings.event_pull_request=Modificação
 settings.event_pull_request_desc=Pull request aberto, fechado, reaberto ou editado.
 settings.event_pull_request_assign=Atribuição
 settings.event_pull_request_assign_desc=Pull request atribuído ou desatribuído.
 settings.event_pull_request_label=Rótulos
-settings.event_pull_request_label_desc=Rótulos do pull request adicionados ou removidos.
+settings.event_pull_request_label_desc=Rótulos da proposta de revisão adicionados ou removidos.
 settings.event_pull_request_milestone=Marcos
 settings.event_pull_request_milestone_desc=Marco adicionado, removido ou modificado.
 settings.event_pull_request_comment=Comentários
 settings.event_pull_request_comment_desc=Comentário criado, editado ou excluído no pull request.
 settings.event_pull_request_review=Revisões
-settings.event_pull_request_review_desc=Pull request aprovado, rejeitado ou comentários de revisão adicionados.
-settings.event_pull_request_sync=Sincronizado
-settings.event_pull_request_sync_desc=Branch atualizado automaticamente com o branch alvo.
+settings.event_pull_request_review_desc=Proposta de revisão aprovada, rejeitada ou comentários de revisão adicionados.
+settings.event_pull_request_sync=Sincronizada
+settings.event_pull_request_sync_desc=Remo atualizado automaticamente com o ramo alvo.
 settings.event_package=Pacote
 settings.event_package_desc=Pacote criado ou excluído em um repositório.
 settings.branch_filter=Filtro de branch
@@ -2555,7 +2555,7 @@ admin.enabled_flags = Sinalizadores habilitados para o repositório:
 admin.update_flags = Atualizar sinalizadores
 admin.flags_replaced = Os sinalizadores do repositório foram substituídos
 all_branches = Todos os ramos
-fork_branch = Branch a ser clonada para o fork
+fork_branch = Ramo a ser clonado para a derivação
 object_format_helper = O formato utilizado para armazenar os objetos do repositório. Não pode ser alterado depois. SHA1 é o mais compatível.
 object_format = Formato dos objetos
 tree_path_not_found_branch = O caminho %[1]s não existe no ramo %[2]s
@@ -2574,7 +2574,7 @@ issues.label_archive_tooltip = Etiquetas arquivadas não serão exibidas nas sug
 activity.navbar.pulse = Recente
 settings.units.overview = Geral
 settings.units.add_more = Habilitar mais
-pulls.commit_ref_at = `citou este pull request de um commit %s`
+pulls.commit_ref_at = `citou esta proposta de revisão a partir de um commit %s`
 pulls.cmd_instruction_merge_title = Mesclar
 settings.units.units = Unidades
 vendored = Externo
@@ -2633,7 +2633,7 @@ settings.wiki_branch_rename_failure = Falha ao regularizar o nome do ramo da wik
 settings.add_collaborator_blocked_them = Não foi possível adicionar o(a) colaborador(a) porque ele(a) bloqueou o(a) proprietário(a) do repositório.
 settings.thread_id = ID da discussão
 issues.edit.already_changed = Não foi possível salvar as alterações desta questão. O conteúdo parece já ter sido alterado por outro(a) usuário(a). Atualize a página e tente novamente para evitar sobrescrever estas alterações
-pulls.edit.already_changed = Não foi possível salvar as alterações desta proposta de revisão. Parece que o conteúdo já foi alterado por outra conta. Atualize a página e tente editar novamente para evitar sobrescrever as alterações dela
+pulls.edit.already_changed = Não foi possível salvar as alterações desta proposta de revisão. Parece que o conteúdo já foi alterado por outra conta. Atualize a página e tente editar novamente para evitar sobrescrever as alterações feitas por ela
 editor.commit_id_not_matching = O arquivo foi alterado durante a edição. Salve as alterações em um novo ramo e realize a mesclagem.
 blame.ignore_revs = As revisões em <a href="%s">.git-blame-ignore-revs</a> foram ignoradas. Clique <a href="%s">aqui</a> para retornar à visualização normal.
 topic.format_prompt = Os tópicos devem começar com um caracter alfanumérico, podem incluir hífens ("-") e pontos ("."), e podem ter até 35 caracteres. As letras devem ser minúsculas.
@@ -2660,7 +2660,7 @@ pulls.agit_explanation = Criado usando o fluxo de trabalho AGit. AGit permite qu
 signing.wont_sign.headsigned = O merge não será assinado pois o commit head não está assinado.
 settings.mirror_settings.push_mirror.copy_public_key = Copiar chave pública
 settings.pull_mirror_sync_in_progress = Fazendo pull das mudanças do remoto %s nesse momento.
-pulls.reopen_failed.head_branch = O pull request não pode ser reaberto porque o branch head não existe mais.
+pulls.reopen_failed.head_branch = A proposta de revisão não pode ser reaberta porque o ramo de topo não existe mais.
 pulls.cmd_instruction_checkout_desc = Do repositório do seu projeto, faça checkout de um novo branch e teste as alterações.
 settings.mirror_settings.docs.pulling_remote_title = Fazendo pull de um repositório remoto
 settings.mirror_settings.pushed_repository = Repositório enviado
@@ -2671,22 +2671,22 @@ subscribe.pull.guest.tooltip = Inicie a sessão para receber notificações dest
 settings.pull_mirror_sync_quota_exceeded = Cota excedida, não será feito pull das mudanças.
 settings.mirror_settings.docs.more_information_if_disabled = Saiba mais sobre espelhos de push e pull aqui:
 settings.transfer_quota_exceeded = O novo dono (%s) excedeu a cota. O repositório não foi transferido.
-pulls.reopen_failed.base_branch = O pull request não pode ser reaberto porque o branch base não existe mais.
+pulls.reopen_failed.base_branch = A proposta de revisão não pode ser reaberta porque o ramo base não existe mais.
 activity.commit = Atividade de commits
-pulls.cmd_instruction_merge_warning = <b>Atenção:</b> A opção "Autodetectar merge manual" não está habilitada para este repositório, você terá que marcar este pull request como um merge manual depois.
+pulls.cmd_instruction_merge_warning = <b>Atenção:</b> A opção "Autodetectar mesclagem manual" não está habilitada para este repositório. Terá que marcar esta proposta de revisão como mesclada manualmente depois.
 settings.federation_following_repos = URLs de Repositórios Seguidores. Separado por ";", sem espaços.
 settings.mirror_settings.docs.disabled_push_mirror.info = Espelhos de pull foram desativados pelo administrador do seu site.
 settings.mirror_settings.push_mirror.none_ssh = Nenhum
 settings.protect_status_check_patterns_desc = Insira padrões para especificar quais verificações de status devem passar com sucesso antes que merges possam ser feitos em branches aos quais esta regra se aplica. Cada linha especifica um padrão. Padrões não podem estar vazios.
-settings.archive.text = Arquivar o repositório irá torná-lo totalmente "somente leitura". Ele ficará oculto do painel. Ninguém (nem mesmo você!) poderá fazer novos commits, ou abrir quaisquer issues ou pull requests.
+settings.archive.text = Arquivar o repositório irá torná-lo somente para leitura. Ele ficará oculto do painel de controle. Ninguém (nem mesmo você) poderá fazer novos commits, nem abrir questões ou propostas de revisão.
 settings.add_key_success = A chave de deploy "%s" foi adicionada.
 settings.protect_invalid_status_check_pattern = Padrão de verificação de status inválido: "%s".
 settings.web_hook_name_sourcehut_builds = Builds do SourceHut
 settings.protect_new_rule = Criar uma nova regra de proteção de branch
 settings.wiki_rename_branch_main_notices_2 = Isso irá renomear permanentemente o branch interno da wiki do repositório %s. Checkouts existentes precisarão ser atualizados.
-settings.protect_enable_merge_desc = Qualquer pessoa com permissão de escrita terá autorização para fazer merge dos pull requests neste ramo.
+settings.protect_enable_merge_desc = Qualquer pessoa com permissão de escrita terá autorização para fazer mesclagem das propostas de revisão neste ramo.
 settings.protect_no_valid_status_check_patterns = Não há padrões de verificação de status válidos.
-settings.event_pull_request_approvals = Aprovações de pull request
+settings.event_pull_request_approvals = Aprovações de propostas de revisão
 settings.event_pull_request_enforcement = Aplicação
 settings.ignore_stale_approvals = Ignorar aprovações inativas
 settings.update_settings_no_unit = O repositório deve permitir pelo menos algum tipo de interação.
@@ -2697,14 +2697,14 @@ settings.sourcehut_builds.secrets_helper = Dar a este job acesso aos segredos de
 settings.sourcehut_builds.access_token_helper = Token de acesso tem a permissão JOBS:RW. Gere um <a target="_blank" rel="noopener noreferrer" href="%s">token builds.sr.ht</a> ou um <a target="_blank" rel="noopener noreferrer" href="%s">token builds.sr.ht com acesso a segredos</a> em meta.sr.ht.
 settings.matrix.room_id_helper = O ID da sala pode ser obtido do cliente web Element > Configurações da Sala > Avançado > ID interno da sala. Exemplo: %s.
 settings.unarchive.error = Ocorreu um erro ao tentar desarquivar o repositório. Veja o log para mais detalhes.
-settings.event_pull_request_review_request = Pedidos de revisão
-settings.event_pull_request_review_request_desc = Revisão de pull request solicitada ou pedido de revisão removido.
-settings.event_pull_request_merge = Merge de pull request
+settings.event_pull_request_review_request = Revisar propostas
+settings.event_pull_request_review_request_desc = Revisão da proposta solicitada ou solicitação de revisão removida.
+settings.event_pull_request_merge = Mesclagem de propostas de revisão
 settings.matrix.access_token_helper = É recomendado configurar uma conta Matrix dedicada para isso. O token de acesso pode ser obtido do cliente web Element (em uma aba privada/anônima) > Menu do usuário (acima à esquerda) > Todas as configurações > Ajuda & Sobre > Avançado > Token de acesso (logo abaixo da URL do servidor). Feche a aba privada/anônima (sair da conta irá invalidar o token).
 settings.tags.protection.pattern.description = Você pode usar um único nome, um padrão glob ou uma expressão regular para corresponder a várias tags. Saiba mais no <a target="_blank" rel="noopener" href="%s">guia de tags protegidas</a>.
 settings.add_webhook.invalid_path = O caminho não deve conter partes que sejam "." ou ".." ou uma string vazia. Ele não pode começar ou terminar com uma barra.
 settings.sourcehut_builds.visibility = Visibilidade do job
-settings.unarchive.text = Desarquivar o repositório irá restaurar a possibilidade de receber commits e push, bem como novos issues e pull requests.
+settings.unarchive.text = Desarquivar o repositório irá restaurar sua capacidade de receber commits e envios, bem como novas questões e propostas de revisão.
 settings.ignore_stale_approvals_desc = Não contar aprovações feitas em commits mais antigos (revisões inativas) no número de aprovações de pedidos de merge. Não tem efeito se as revisões inativas já são desconsideradas.
 settings.protect_status_check_patterns = Padrões de verificação de status
 release.type_attachment = Anexo
@@ -2716,7 +2716,7 @@ branch.delete_desc = Apagar um branch é permanente. Ainda que o branch apagado
 release.add_external_asset = Adicionar componente externo
 release.invalid_external_url = URL externo inválido: "%s"
 release.deletion_desc = Eliminar um release apenas o remove do Forgejo. Isso não irá afetar a tag no Git, o conteúdo do seu repositório ou o histórico. Continuar?
-issues.all_title = Tudo
+issues.all_title = Todas
 issues.new.assign_to_me = Designar a mim
 settings.discord_icon_url.exceeds_max_length = A URL do ícone precisa ter 2048 caracteres ou menos
 issues.review.add_review_requests = solicitou revisões de %[1]s %[2]s
@@ -2732,7 +2732,7 @@ diff.git-notes.remove-body = Esta anotação será removida.
 issues.num_reviews_one = %d revisão
 issues.summary_card_alt = Cartão de resumo de um issue com o título "%s" no repositório %s
 issues.num_reviews_few = %d revisões
-settings.default_update_style_desc = Estilo padrão de atualização usado para atualizar pull requests que estão atrasados em relação ao branch base.
+settings.default_update_style_desc = Estilo padrão de atualização usado para atualizar propostas de revisão que estejam atrasadas em relação ao ramo base.
 pulls.sign_in_require = <a href="%s">Entre</a> para criar uma nova proposta de revisão.
 new_from_template = Use um modelo
 new_from_template_description = Você pode selecionar um modelo de repositório nesta instância e aplicar suas configurações.
@@ -2751,7 +2751,7 @@ archive.pull.noreview = Este repositório está arquivado. Não é possível rev
 editor.commit_email = Email de commit
 commits.view_single_diff = Ver modificações neste arquivo introduzidas neste commit
 pulls.editable = Editável
-pulls.editable_explanation = Este pull request permite edições de mantenedores. Voçê pode contribuir diretamenta para ele.
+pulls.editable_explanation = Esta proposta de revisão permite edições de mantenedores. Você pode contribuir diretamente para ela.
 issues.reopen.blocked_by_user = Você não pode reabrir este issue porque você foi bloqueado pelo dono do repositório ou pelo criador deste issue.
 issues.filter_no_results = Nenhum resultado
 issues.filter_no_results_placeholder = Tente ajustar seus filtros de pesquisa.
@@ -3622,19 +3622,19 @@ filepreview.lines = Linhas %[1]d a %[2]d em %[3]s
 filepreview.truncated = Pré-visualização truncada
 
 [repo.permissions]
-pulls.write = <b>Escrita:</b> Encerrar pull requests e gerir metadados como rótulos, marcos, responsáveis, prazos e dependências.
+pulls.write = <b>Escrita:</b> Encerrar propostas de revisão e gerir metadados como rótulos, marcos, responsáveis, prazos e dependências.
 code.read = <b>Leitura:</b> Acessar e clonar o código do repositório.
 issues.read = <b>Leitura:</b> Visualizar e criar issues e comentários.
 code.write = <b>Escrita:</b> Fazer push para o repositório, criar branches e tags.
 issues.write = <b>Escrita:</b> Encerrar issues e gerir metadados como rótulos, marcos, responsáveis, prazos e dependências.
-pulls.read = <b>Leitura:</b> Visualizar e criar pull requests.
+pulls.read = <b>Leitura:</b> Ler e criar propostas de revisão.
 releases.read = <b>Leitura:</b> Visualizar e baixar releases.
 releases.write = <b>Escrita:</b> Publicar editar e apagar releases e seus recursos.
 wiki.read = <b>Leitura:</b> Ler a wiki integrada e o histórico dela.
 wiki.write = <b>Escrita:</b> Criar, alterar e apagar páginas na wiki integrada.
 projects.read = <b>Ler:</b> Acesse os painéis de projetos do repositório.
 ext_wiki = Acesse o link para um wiki externo. As permissões são gerenciadas externamente.
-actions.write = <b>Escrita:</b> Acionar, reiniciar e cancelar workflows. Gerenciar delegação de confiança para autores de pull requests.
+actions.write = <b>Escrita:</b> Acionar, reiniciar e cancelar workflows. Gerenciar delegação de confiança para autores de propostas de revisão.
 projects.write = <b>Escrever:</b> Crie projetos e colunas e edite-os.
 actions.read = <b>Leitura:</b> Visualizar execuções de workflows e seus logs.
 packages.read = <b>Ler:</b> Visualize e baixe pacotes atribuídos ao repositório.
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index accee87cfa..564293ce73 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -30,7 +30,7 @@ return_to_forgejo=Voltar ao Forgejo
 username=Nome de utilizador
 email=Endereço de email
 password=Senha
-access_token=Código de acesso
+access_token=Token de acesso
 re_type=Confirme a palavra-passe
 captcha=CAPTCHA
 twofa=Autenticação de dois fatores
@@ -182,7 +182,7 @@ buttons.bold.tooltip=Adicionar texto em negrito (Ctrl+B / ⌘B)
 buttons.italic.tooltip=Adicionar texto em itálico (Ctrl+I / ⌘I)
 buttons.quote.tooltip=Citar texto
 buttons.code.tooltip=Adicionar código-fonte
-buttons.link.tooltip=Adicionar uma ligação
+buttons.link.tooltip=Adicionar uma ligação (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip=Adicionar uma lista de pontos
 buttons.list.ordered.tooltip=Adicionar uma lista numerada
 buttons.list.task.tooltip=Adicionar uma lista de tarefas
@@ -632,7 +632,7 @@ Website = Sítio web
 Location = Localização
 To = Nome do ramo
 required_prefix = A entrada tem de começar com "%s"
-AccessToken = Código de acesso
+AccessToken = Token de acesso
 FullName = Nome completo
 Description = Descrição
 Pronouns = Pronomes
@@ -872,7 +872,7 @@ generate_token=Gerar código
 generate_token_success=O seu novo código foi gerado. Copie-o agora porque não irá ser mostrado novamente.
 generate_token_name_duplicate=<strong>%s</strong> já foi usado como nome de uma aplicação. Tente outro.
 delete_token=Eliminar
-access_token_deletion=Eliminar código de acesso
+access_token_deletion=Eliminar token de acesso
 access_token_deletion_desc=Eliminar um código revoga o acesso à sua conta nas aplicações que o usem. Esta operação não poderá ser revertida. Quer continuar?
 delete_token_success=O código foi eliminado. Aplicações que o usavam deixaram de ter acesso à sua conta.
 repo_and_org_access=Acesso aos repositórios e às organizações
@@ -882,7 +882,7 @@ select_permissions=Escolher permissões
 permission_no_access=Sem acesso
 permission_read=Lidas
 permission_write=Leitura e escrita
-access_token_desc=As permissões dos códigos escolhidos limitam a autorização apenas às rotas da <a href="%[1]s" target="_blank">API</a> correspondentes. Leia a <a href="%[2]s" target="_blank">documentação</a> para obter mais informação.
+access_token_desc=As permissões dos tokens escolhidos limitam a autorização apenas às rotas da <a href="%[1]s" target="_blank">API</a> correspondentes. Leia a <a href="%[2]s" target="_blank">documentação</a> para obter mais informação.
 at_least_one_permission=Tem que escolher pelo menos uma permissão para criar um código
 permissions_list=Permissões:
 
@@ -1018,10 +1018,10 @@ quota.sizes.assets.attachments.issues = Anexos de questões
 quota.sizes.assets.attachments.releases = Anexos de lançamentos
 quota.sizes.assets.packages.all = Pacotes
 quota.sizes.wiki = Wiki
-access_token_regeneration = Regenerar código de acesso
-regenerate_token_success = O código foi regenerado. As aplicações que o utilizam já não têm acesso à sua conta e devem ser atualizadas com o novo código.
+access_token_regeneration = Regenerar token de acesso
+regenerate_token_success = O token foi regenerado. As aplicações que o utilizam já não têm acesso à sua conta e devem ser atualizadas com o novo token.
 regenerate_token = Regenerar
-access_token_regeneration_desc = A regeneração de um código irá revogar o acesso à sua conta para as aplicações que o utilizam. Isto não pode ser anulado. Continuar?
+access_token_regeneration_desc = A regeneração de um token irá revogar o acesso à sua conta para as aplicações que o utilizam. Isto não pode ser anulado. Continuar?
 ssh_token_help_ssh_agent = ou, se estiver a utilizar um agente SSH (com a variável SSH_AUTH_SOCK definida):
 
 [repo]
@@ -1176,7 +1176,7 @@ migrate.permission_denied_blocked=Não pode importar de servidores não permitid
 migrate.invalid_local_path=A localização local é inválida. Não existe ou não é uma pasta.
 migrate.invalid_lfs_endpoint=O destino LFS não é válido.
 migrate.failed=A migração falhou: %v
-migrate.migrate_items_options=É necessário um código de acesso para migrar itens adicionais
+migrate.migrate_items_options=É necessário um token de acesso para migrar itens adicionais
 migrated_from=Migrado de <a href="%[1]s">%[2]s</a>
 migrated_from_fake=Migrado de %[1]s
 migrate.migrate=Migrar de %s
@@ -2400,7 +2400,7 @@ settings.tags.protection.allowed.noone=Ninguém
 settings.tags.protection.create=Adicionar regra
 settings.tags.protection.none=Não há etiquetas protegidas.
 settings.tags.protection.pattern.description=Pode usar um só nome ou um padrão glob ou uma expressão regular para corresponder a várias etiquetas. Para mais informações leia o <a target="_blank" rel="noopener" href="%s">guia das etiquetas protegidas</a>.
-settings.bot_token=Código do bot
+settings.bot_token=Token do bot
 settings.chat_id=ID do diálogo
 settings.thread_id=ID da discussão
 settings.matrix.homeserver_url=URL do servidor caseiro
@@ -2669,9 +2669,9 @@ settings.web_hook_name_sourcehut_builds = Construções do SourceHut
 settings.enter_repo_name = Insira o nome do/a proprietário/a e do repositório tal como é apresentado:
 pulls.agit_explanation = Criado usando a sequência de trabalho AGit. AGit deixa os contribuidores proporem alterações usando "git push" sem criar uma derivação ou um ramo novo.
 settings.new_owner_blocked_doer = O/A novo/a proprietário/a bloqueou-o/a.
-settings.matrix.access_token_helper = É recomendado criar uma conta Matrix só para isto. O código de acesso pode ser obtido a partir do cliente web Element (num separador privado/incógnito) > Menu de utilizador (canto superior esquerdo) > Todas as configurações > Ajuda e sobre > Avançado > Código de acesso (logo abaixo do URL do servidor caseiro). Feche o separador privado/incógnito (terminar a sessão iria invalidar o código).
+settings.matrix.access_token_helper = É recomendado criar uma conta Matrix só para isto. O token de acesso pode ser obtido a partir do cliente web Element (num separador privado/incógnito) > Menu de utilizador (canto superior esquerdo) > Todas as configurações > Ajuda e sobre > Avançado > Token de Acesso (logo abaixo do URL do servidor caseiro). Feche o separador privado/incógnito (terminar a sessão iria invalidar o token).
 settings.sourcehut_builds.secrets_helper = Dar, ao trabalho, acesso aos segredos da construção (requer a permissão SECRETS:RO)
-settings.sourcehut_builds.access_token_helper = Código de acesso que tem a permissão JOBS:RW. Gera um <a target="_blank" rel="noopener noreferrer" href="%s">código builds.sr.ht</a> ou um <a target="_blank" rel="noopener noreferrer" href="%s">código builds.sr.ht com acesso aos segredos</a> em meta.sr.ht.
+settings.sourcehut_builds.access_token_helper = Token de acesso que tem a permissão JOBS:RW. Gera um <a target="_blank" rel="noopener noreferrer" href="%s">token builds.sr.ht</a> ou um <a target="_blank" rel="noopener noreferrer" href="%s">token builds.sr.ht com acesso aos segredos</a> em meta.sr.ht.
 release.hide_archive_links = Esconder arquivos gerados automaticamente
 release.hide_archive_links_helper = Esconder arquivos de código-fonte gerados automaticamente para este lançamento. Por exemplo, se estiver a carregar o seu próprio.
 wiki.no_search_results = Sem resultados
diff --git a/options/locale/locale_ro.ini b/options/locale/locale_ro.ini
index 1cd772e251..5540c32d77 100644
--- a/options/locale/locale_ro.ini
+++ b/options/locale/locale_ro.ini
@@ -15,7 +15,7 @@ concept_user_organization = Organizație
 logo = Logo
 help = Ajutor
 sign_up = Înregistrare
-link_account = Conectați conturi
+link_account = Conectare cont
 register = Înregistrare
 template = Șablon
 language = Limbă
@@ -105,14 +105,14 @@ active_stopwatch = Contor timp activ
 more_items = Mai multe elemente
 tracked_time_summary = Rezumat al timpului monitorizat, bazat pe filtrele listei de probleme
 signed_in_as = Conectat ca
-toggle_menu = Afișează sau ascunde meniul
-passcode = Cod de acces
+toggle_menu = Schimbă meniul
+passcode = Parola temporala
 repository = Repozitoriu
 new_project_column = Coloană nouă
 new_fork = Bifurcație de repozitoriu nouă
 new_repo.title = Repozitoriu nou
 new_repo.link = Repozitoriu nou
-all = Tot
+all = Toate
 forks = Bifurcații
 pull_requests = Cereri de extragere
 issues = Probleme
@@ -140,7 +140,7 @@ filter.not_mirror = Nu sunt copii identice
 filter.public = Publice
 filter.private = Private
 filter.not_template = Nu sunt șabloane
-filter.is_fork = Bifurcații
+filter.is_fork = Fork-uri
 filter.is_template = Șabloane
 
 [editor]
@@ -163,7 +163,7 @@ buttons.list.task.tooltip = Adăugați o listă de sarcini
 buttons.switch_to_legacy.tooltip = Folosiți în schimb editorul vechi
 buttons.ref.tooltip = Faceți o referire la o problemă sau o cerere de extragere
 buttons.enable_monospace_font = Activați fontul monospațiat
-buttons.disable_monospace_font = Dezactivați fontul monospațiat
+buttons.disable_monospace_font = Dezactivează fontul monospace
 buttons.indent.tooltip = Indentați obiectele cu un nivel
 buttons.unindent.tooltip = Nu mai indentați obiectele cu un nivel
 link_modal.url = URL
@@ -178,7 +178,7 @@ string.desc = Z - A
 [error]
 server_internal = Eroare internă a serverului
 network_error = Eroare de rețea
-occurred = A apărut o eroare
+occurred = O eroare a avut loc
 not_found = Obiectul nu a putut fi găsit.
 report_message = Dacă credeți că aceasta este o problemă cu Forgejo, vă rugăm să căutați probleme pe <a href="%s" target="_blank">Codeberg</a> sau să deschideți o nouă problemă dacă este necesar.
 
@@ -186,10 +186,12 @@ report_message = Dacă credeți că aceasta este o problemă cu Forgejo, vă rug
 install = Ușor de instalat
 license = Sursă deschisă
 app_desc = Un serviciu Git fără probleme, auto-găzduit
-platform_desc = Forgejo rulează pe sisteme de operare libere ca Linux și FreeBSD, precum și pe diferite arhitecturi CPU. Alege ceea ce îți place!
+platform_desc = Forgejo rulează pe sisteme de operare libere cum ar fi Linux sau FreeBSD, cât și pe diferite arhitecturi CPU. Alege ce dorești!
 lightweight = Lejer
 license_desc = Descarcă <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Alătură-te nouă <a target="_blank" rel="noopener noreferrer" href="%[2]s">și contribuie</a> să îmbunătățești acest proiect. Nu ezita sa devii un contributor!
 lightweight_desc = Forgejo are cerințe minime mici și poate rula pe un Raspberry Pi ieftin. Economisește energie computațională!
+install_desc = Pur și simplu <a target="_blank" rel="noopener noreferrer" href="%[1]s">rulează binarul</a> pentru platforma ta, livrează-l cu <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a>, sau obține-l <a target="_blank" rel="noopener noreferrer" href="%[3]s">împachetat</a>.
+platform = Multiplatformă
 
 [install]
 require_db_desc = Forgejo are nevoie de MySQL, PostgreSQL, SQLite3 sau TiDB (protocol MySQL).
@@ -277,12 +279,30 @@ err_admin_name_pattern_not_allowed = Numele de utilizator al administratorului e
 domain = Domeniul serverului
 require_sign_in_view.description = Limitează accesul la conținut către utilizatori conectați. Oaspeții vor putea să viziteze doar paginile de autentificare.
 invalid_db_setting = Setările pentru bază de date sunt invalide: %v
-no_reply_address = Domeniu pentru adrese de email ascunse
+no_reply_address = Ascunde domeniul email
 app_name_helper = Introdu numele instanței aici. Va fi afișat pe fiecare pagină.
 app_slogan = Sloganul instanței
 app_slogan_helper = Introdu sloganul instanței aici. Lasă gol pentru a dezactiva.
 host = Gazdă
-db_schema = Schema
+db_schema = Schemă
+reinstall_confirm_check_2 = Depozitele și setările pot necesita re-sincronizare. Bifând această căsuță confirmi că vei resincroniza manual hook-urile pentru depozite și fișierul authorized_keys. Confirmi că te vei asigura că setările depozitelor și ale oglinzilor sunt corecte.
+app_name = Titlul instanței
+repo_path = Calea rădăcină a depozitului
+repo_path_helper = Depozitele Git de la distanță vor fi salvate în acest director.
+lfs_path_helper = Fișierele urmărite de Git LFS vor fi stocate în acest director. Lasă gol pentru a dezactiva.
+register_confirm = Necesită confirmare prin email pentru înregistrare
+disable_gravatar.description = Dezactivează folosirea Gravatar și a altor servicii terțe pentru poze de profil. Imagini implicite vor fi folosite pentru pozele de profil ale utilizatorilor în cazul în care nu își vor încărca propriile poze de profil pe această instanță.
+federated_avatar_lookup = Activează avatarurile federate
+disable_registration.description = Doar administratorii instanței vor putea crea conturi noi de utilizator. Este recomandat să păstrezi înregistrarea dezactivată, cu excepția cazului în care intenționezi să găzduiești o instanță publică pentru toată lumea și ești pregătit să gestionezi un număr mare de conturi spam.
+require_sign_in_view = Necesită autentificare pentru a vizualiza conținutul instanței
+run_user = Utilizatorul sub care rulează
+run_user_helper = Numele de utilizator al sistemului de operare sub care rulează Forgejo. Rețineți că acest utilizator trebuie să aibă acces la calea rădăcină a depozitului.
+offline_mode = Activează modul local
+federated_avatar_lookup.description = Caută avataruri folosind Libravatar.
+default_enable_timetracking = Activează urmărirea timpului în mod implicit
+default_enable_timetracking.description = Permite utilizarea funcției de urmărire a timpului pentru depozitele noi în mod implicit.
+invalid_repo_path = Calea rădăcină a depozitului este invalidă: %v
+run_user_not_match = Numele de utilizator „utilizatorul sub care rulează" nu este același cu numele de utilizator curent: %s -> %s
 
 [search]
 user_kind = Căutați utilizatori…
@@ -303,13 +323,13 @@ exact = Exactă
 exact_tooltip = Includeți doar rezultate care se potrivesc exact termenului de căutare
 regexp = Expresie regulată
 regexp_tooltip = Interpretați termenul de căutare ca o expresie regulată
-branch_kind = Căutați ramuri…
-commit_kind = Căutați comiteri…
+branch_kind = Caută branch-uri…
+commit_kind = Caută commituri…
 issue_kind = Căutați probleme…
 pull_kind = Căutați cereri de extragere…
 fuzzy_tooltip = Includeți rezultate care sunt asemănătoare termenului de căutare
 repo_kind = Căutați repozitorii…
-runner_kind = Căutați executori…
+runner_kind = Caută executori…
 
 [aria]
 navbar = Bară de navigare
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index d98d094b0e..e74f0a2b81 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -182,7 +182,7 @@ buttons.bold.tooltip=Добавить жирный текст (Ctrl+B / ⌘B)
 buttons.italic.tooltip=Добавить курсив (Ctrl+I / ⌘I)
 buttons.quote.tooltip=Цитировать текст
 buttons.code.tooltip=Добавить код
-buttons.link.tooltip=Добавить ссылку
+buttons.link.tooltip=Добавить ссылку (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip=Добавить маркированный список
 buttons.list.ordered.tooltip=Добавить нумерованный список
 buttons.list.task.tooltip=Добавить список заданий
@@ -874,7 +874,7 @@ delete_token=Удалить
 access_token_deletion=Удалить токен доступа
 access_token_deletion_desc=Удаление токена отзовёт доступ к вашей учётной записи у приложений, использующих его. Это действие не может быть отменено. Продолжить?
 delete_token_success=Токен удалён. У приложений, использующих его, больше нет доступа к вашей учётной записи.
-repo_and_org_access=Доступ к репозиторию и организации
+repo_and_org_access=Доступ к репозиториям и организациям
 permissions_public_only=Только публичные
 permissions_access_all=Все (публичные, приватные и ограниченные)
 select_permissions=Выбрать разрешения
@@ -3625,7 +3625,7 @@ filepreview.lines = Строки с %[1]d по %[2]d в %[3]s
 filepreview.truncated = Предпросмотр был обрезан
 
 [translation_meta]
-test = Wake up
+test = Wake up :)
 
 [repo.permissions]
 code.write = <b>Запись:</b> отправка изменений в репозиторий, создание веток и тегов.
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 98cb82a5bc..92268e33a8 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -180,7 +180,7 @@ number_of_contributions_in_the_last_12_months = %s bidrag under de senaste 12 m
 [editor]
 buttons.quote.tooltip = Citera text
 buttons.code.tooltip = Lägg till kod
-buttons.link.tooltip = Lägg till en länk
+buttons.link.tooltip = Lägg till en länk (Ctrl+K / ⌘K)
 buttons.heading.tooltip = Lägg till rubrik
 buttons.bold.tooltip = Lägg till fetstilt text (CTRL+B / ⌘B)
 buttons.italic.tooltip = Lägg till kursiv text (CTRL+I / ⌘I)
@@ -910,7 +910,7 @@ change_username_redirect_prompt.with_cooldown.few = Det gamla användarnamnet bl
 language.description = Detta språk sparas på ditt konto och används som standard efter inloggning.
 language.localization_project = Hjälp oss översätta Forgejo till ditt språk! <a href="%s">Läs mer</a>.
 additional_repo_units_hint = Föreslå att aktivera ytterligare kodförrådsenheter
-additional_repo_units_hint_description = Visa tips om att  "Aktivera fler" för kodförråd som inte har alla tillgängliga enheter aktiverade.
+additional_repo_units_hint_description = Visa tips om att "Aktivera fler" för kodförråd som inte har alla tillgängliga enheter aktiverade.
 update_hints_success = Tipsen har uppdaterats.
 hidden_comment_types = Dolda kommentarstyper
 hidden_comment_types_description = Kommentarstyper som är markerade här visas inte på ärendesidor. Att markera "Etikett" tar till exempel bort alla "<user> lade till/tog bort <label>" kommentarer.
@@ -1085,7 +1085,7 @@ desc.archived=Arkiverade
 template.items=Mallobjekt
 template.git_content=Git-innehåll (standardgren)
 template.git_hooks=Git-krokar
-template.webhooks=Webbhookar
+template.webhooks=Webbkrokar
 template.topics=Ämnen
 template.avatar=Profilbild
 template.issue_labels=Ärendeetiketter
@@ -1099,7 +1099,7 @@ migrate_items_milestones=Milstolpar
 migrate_items_labels=Etiketter
 migrate_items_issues=Ärenden
 migrate_items_pullrequests=Ändringsförfrågningar
-migrate_items_merge_requests=Begäran om sammanfogning
+migrate_items_merge_requests=Ändringsförfrågningar
 migrate_items_releases=Utgåvor
 migrate_repo=Migrera kodförråd
 migrate.clone_address=Migrera eller klona från URL
@@ -1126,7 +1126,7 @@ unwatch=Avsluta bevakning
 watch=Bevaka
 unstar=Ta bort stjärnmärkning
 star=Stjärnmärk
-fork=Avgrening
+fork=Avgrena
 download_archive=Ladda ner utvecklingskatalogen
 
 no_desc=Ingen beskrivning
@@ -1137,7 +1137,7 @@ push_exist_repo=Skicka upp ett befintligt kodförråd från kommandoraden
 empty_message=Detta förråd innehåller inget.
 
 code=Kod
-code.desc=Se källkod, filer, commits och brancher.
+code.desc=Se källkod, filer, incheckningar och grenar.
 branch=Gren
 tree=Träd
 clear_ref=`Rensa aktuell referens`
@@ -1166,7 +1166,7 @@ stored_lfs=Sparad med Git LFS
 symbolic_link=Symbolisk länk
 commit_graph=Incheckningsgraf
 commit_graph.monochrome=Mono
-blame=Blame
+blame=Klandra
 normal_view=Normal vy
 line=rad
 lines=rader
@@ -1298,7 +1298,7 @@ issues.filter_label_exclude=Använd <kbd>Alt</kbd> + <kbd>klicka/enter</kbd> fö
 issues.filter_label_no_select=Alla etiketter
 issues.filter_milestone=Milstolpe
 issues.filter_project_none=Inget projekt
-issues.filter_assignee=Förvärvare
+issues.filter_assignee=Tilldelad
 issues.filter_assginee_no_select=Alla tilldelade
 issues.filter_assginee_no_assignee=Ingen tilldelad
 issues.filter_type=Typ
@@ -1376,7 +1376,7 @@ issues.label.filter_sort.alphabetically=Alfabetiskt A-Ö
 issues.label.filter_sort.reverse_alphabetically=Alfabetiskt Ö-A
 issues.label.filter_sort.by_size=Minsta storlek
 issues.label.filter_sort.reverse_by_size=Största storlek
-issues.num_participants_few=%d Deltagare
+issues.num_participants_few=%d deltagare
 issues.attachment.open_tab=`Klicka för att se "%s" i en ny flik`
 issues.attachment.download=`Klicka för att hämta "%s"`
 issues.subscribe=Prenumerera
@@ -1418,7 +1418,7 @@ issues.add_time_hours=Timmar
 issues.add_time_minutes=Minuter
 issues.add_time_sum_to_small=Inge tid har angivits.
 issues.time_spent_total=Total tid spenderad
-issues.time_spent_from_all_authors=`Total Tid Spenderad: %s`
+issues.time_spent_from_all_authors=`Total använd tid: %s`
 issues.due_date=Förfallodatum
 issues.push_commit_1=lade till %d incheckning %s
 issues.push_commits_n=lade till %d incheckningar %s
@@ -1480,11 +1480,11 @@ pulls.desc=Aktivera pull-förfrågningar och kodgranskning.
 pulls.new=Ny ändringsförfrågan
 pulls.compare_changes=Ny ändringsförfrågan
 pulls.compare_changes_desc=Välj gren att sammanfoga till samt gren att hämta från.
-pulls.compare_base=merga in i
-pulls.compare_compare=pulla från
+pulls.compare_base=sammanfoga till
+pulls.compare_compare=hämta från
 pulls.filter_branch=Filtrera gren
 pulls.no_results=Inga resultat hittades.
-pulls.nothing_to_compare=Dessa brancher är ekvivalenta. Det finns ingen anledning att skapa en pull-request.
+pulls.nothing_to_compare=Dessa grenar är likvärdigt. Det finns ingen anledning att skapa en ändringsförfrågan.
 pulls.create=Skapa ändringsförfrågan
 pulls.change_target_branch_at=`ändrade mål-branch från <b>%s</b> till <b>%s</b>%s`
 pulls.tab_conversation=Konversation
@@ -1502,8 +1502,8 @@ pulls.required_status_check_failed=Vissa tvingande kontroller lyckades inte.
 pulls.required_status_check_missing=Vissa tvingande kontroller saknas.
 pulls.required_status_check_administrator=Som administratör kan du fortfarande merga den här pull requesten.
 pulls.can_auto_merge_desc=Denna pull-förfrågan kan sammanfogas automatiskt.
-pulls.cannot_auto_merge_desc=Pull-requesten kan inte bli mergad automatiskt på grund av konflikter.
-pulls.cannot_auto_merge_helper=Merga manuellt för att lösa konlifterna.
+pulls.cannot_auto_merge_desc=Ändringsförfrågan kan inte sammanfogas automatiskt på grund av konflikter.
+pulls.cannot_auto_merge_helper=Sammanfoga manuellt för att lösa konflikterna.
 
 pulls.no_merge_desc=Det går inte att sammafoga denna ändringsförfrågan då alla alternativ för det är inaktiverade.
 pulls.no_merge_helper=Aktivera sammanfogningsalternativ i kodförrådsinställningarna, eller sammanfoga manuellt.
@@ -1607,7 +1607,7 @@ activity.no_git_activity=Det har inte gjorts några commit under den här period
 activity.git_stats_exclude_merges=Exkludera merger,
 activity.git_stats_author_1=%d författare
 activity.git_stats_author_n=%d författare
-activity.git_stats_push_to_all_branches=till alla brancher.
+activity.git_stats_push_to_all_branches=till alla grenar.
 activity.git_stats_on_default_branch=På %s,
 activity.git_stats_file_1=%d fil
 activity.git_stats_file_n=%d filer
@@ -1630,7 +1630,7 @@ settings.collaboration.write=Skriva
 settings.collaboration.read=Läsa
 settings.collaboration.owner=Ägare
 settings.collaboration.undefined=Odefinierad
-settings.hooks=Webbhookar
+settings.hooks=Webbkrokar
 settings.githooks=Git-krokar
 settings.basic_settings=Basinställningar
 settings.mirror_settings=Inställningar för spegling
@@ -1778,7 +1778,7 @@ settings.key_name_used=En distributionsnyckel med samma namn finns redan.
 settings.deploy_key_deletion=Ta bort distributionsnyckel
 settings.deploy_key_deletion_desc=Borttagning utav en distributionsnyckel kommer att återkalla dess åtkomst till kodförrådet. Vill du fortsätta?
 settings.deploy_key_deletion_success=Distributionsnyckeln har blivit borttagen.
-settings.branches=Brancher
+settings.branches=Grenar
 settings.protected_branch=Grenskydd
 settings.branch_protection=Skyddsregler för gren "<b>%s</b>"
 settings.protect_disable_push=Inaktivera skickning
@@ -1804,7 +1804,7 @@ settings.protected_branch_deletion=Inaktivera grenskydd
 settings.protected_branch_deletion_desc=Genom att inaktivera branchskyddet tillåts användare med skrivrättigheter att pusha till branchen. Vill du fortsätta?
 settings.default_branch_desc=Välj en standard branch för Pull Requests och Code Commits:
 settings.choose_branch=Välj en branch…
-settings.no_protected_branch=Det finns inga skyddade brancher.
+settings.no_protected_branch=Det finns inga skyddade grenar.
 settings.edit_protected_branch=Ändra
 settings.protected_branch_required_approvals_min=Antal erforderliga godkännanden kan inte vara negativa.
 settings.bot_token=Bottoken
@@ -2058,7 +2058,7 @@ adopt_preexisting_label = Adoptera filer
 adopt_preexisting = Adoptera befintliga filer
 adopt_preexisting_success = Adopterade filer och skapade kodförråd från %s
 delete_preexisting_success = Raderade oadopterade filer i %s
-blame_prior = Visa klander före denna ändring
+blame_prior = Visa blame före denna ändring
 blame.ignore_revs = Ignorerar revisioner i <a href="%s">.git-blame-ignore-revs</a>. Klicka <a href="%s">här för att kringgå</a> och se normal klandervy.
 blame.ignore_revs.failed = Det gick inte att ignorera revisioner i <a href="%s">.git-blame-ignore-revs</a>.
 author_search_tooltip = Visar maximalt 30 användare
@@ -2074,7 +2074,7 @@ transfer.no_permission_to_reject = Du har inte behörighet att avvisa denna öve
 template.git_hooks_tooltip = Du kan för närvarande inte modifiera eller ta bort Git-krokar när de väl lagts till. Välj detta endast om du litar på mallens kodförråd.
 archive.title = Detta kodförråd är arkiverat. Du kan visa filer och klona det, men du kan inte göra några ändringar av dess tillstånd, såsom att skicka och skapa nya ärenden, ändringsförfrågningar eller kommentarer.
 archive.title_date = Detta kodförråd arkiverades %s. Du kan visa filer och klona det, men du kan inte göra några ändringar av dess tillstånd, såsom att skicka och skapa nya ärenden, ändringsförfrågningar eller kommentarer.
-archive.nocomment = Kommentering är inte möjlig eftersom kodförrådet är arkiverat.
+archive.nocomment = Det är inte möjligt att kommentera då kodförrådet är arkiverat.
 archive.pull.noreview = Detta kodförråd är arkiverat. Du kan inte granska ändringsförfrågningar.
 sync_fork.branch_behind_one = Denna gren ligger %[1]d incheckning efter %[2]s
 sync_fork.branch_behind_few = Denna gren ligger %[1]d incheckningar efter %[2]s
@@ -2088,7 +2088,7 @@ need_auth = Auktorisering
 migrate_options_mirror_helper = Detta kodförråd kommer vara en spegling
 migrate_options_lfs = Migrera LFS-filer
 migrate_options_lfs_endpoint.label = LFS-slutpunkt
-migrate_options_lfs_endpoint.description = Migreringen kommer försöka använda din Git-remote för att <a target="_blank" rel="noopener noreferrer" href="%s">bestämma LFS-servern</a>. Du kan också ange en anpassad slutpunkt om kodförrådets LFS-data lagras någon annanstans.
+migrate_options_lfs_endpoint.description = Migreringen kommer försöka använda din Git-remote för att <a target="_blank" rel="noopener noreferrer" href="%s">bestämma LFS-servern</a>. Du kan också ange en anpassad ändpunkt om kodförrådets LFS-data lagras någon annanstans.
 migrate_options_lfs_endpoint.description.local = En lokal serversökväg stöds också.
 migrate_options_lfs_endpoint.placeholder = Om den lämnas tom kommer slutpunkten härledas från klonings-URL:en
 migrate.repo_desc_helper = Lämna tomt för att importera befintlig beskrivning
@@ -2170,7 +2170,7 @@ editor.unable_to_upload_files = Det gick inte att ladda upp filer till "%s" med
 editor.upload_file_is_locked = Filen "%s" är låst av %s.
 editor.upload_files_to_dir = Ladda upp filer till "%s"
 editor.cannot_commit_to_protected_branch = Det går inte att checka in till skyddad gren "%s".
-editor.cherry_pick = Russinplocka %s till:
+editor.cherry_pick = Handplocka %s till:
 editor.revert = Återställ %s till:
 editor.commit_email = E-post för incheckning
 commits.no_commits = Inga gemensamma incheckningar. "%s" och "%s" har helt olika historik.
@@ -2185,9 +2185,9 @@ commit.operations = Åtgärder
 commit.revert = Återställ
 commit.revert-header = Återställ: %s
 commit.revert-content = Välj gren att återställa till:
-commit.cherry-pick = Russinplocka
-commit.cherry-pick-header = Russinplocka: %s
-commit.cherry-pick-content = Välj gren att russinplocka till:
+commit.cherry-pick = Handplocka
+commit.cherry-pick-header = Handplocka: %s
+commit.cherry-pick-content = Välj gren att handplocka till:
 projects.description = Beskrivning (valfri)
 projects.new_subheader = Koordinera, spåra och uppdatera ditt arbete på ett ställe, så att projekten förblir transparenta och håller schemat.
 projects.create_success = Projektet "%s" har skapats.
@@ -2276,7 +2276,7 @@ issues.pin_comment = fäste detta %s
 issues.unpin_comment = lossade detta %s
 issues.start_tracking_short = Starta timer
 issues.stop_tracking = Stoppa timer
-issues.cancel_tracking = Kassera
+issues.cancel_tracking = Förkasta
 issues.cancel_tracking_history = `avbröt tidspårning %s`
 issues.del_time = Radera denna tidslogg
 issues.force_push_codes = `tvångsskickade %[1]s från <a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s till <a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s %[6]s`
@@ -2285,15 +2285,15 @@ issues.dependency.issue_no_dependencies = Inga beroenden satta.
 issues.dependency.pr_no_dependencies = Inga beroenden satta.
 issues.dependency.no_permission_1 = Du har inte behörighet att läsa %d beroende
 issues.dependency.no_permission_n = Du har inte behörighet att läsa %d beroenden
-issues.dependency.no_permission.can_remove = Du har inte behörighet att läsa detta beroende men kan ta bort detta beroende
+issues.dependency.no_permission.can_remove = Du har inte behörighet att läsa detta beroende men kan ta bort det
 issues.dependency.pr_closing_blockedby = Stängning av denna ändringsförfrågan blockeras av följande ärenden
 issues.dependency.issue_closing_blockedby = Stängning av detta ärende blockeras av följande ärenden
 issues.dependency.issue_batch_close_blocked = Det går inte att batchstänga valda ärenden, eftersom ärende #%d fortfarande har öppna beroenden
 issues.review.dismissed = avfärdade %s:s granskning %s
 issues.review.dismissed_label = Avfärdad
 issues.review.add_review_requests = begärde granskningar från %[1]s %[2]s
-issues.review.remove_review_requests = tog bort granskningsbegäranden för %[1]s %[2]s
-issues.review.add_remove_review_requests = begärde granskningar från %[1]s och tog bort granskningsbegäranden för %[2]s %[3]s
+issues.review.remove_review_requests = tog bort granskningsförfrågan för %[1]s %[2]s
+issues.review.add_remove_review_requests = begärde granskningar från %[1]s och tog bort granskningsförfrågan för %[2]s %[3]s
 issues.review.pending.tooltip = Denna kommentar är för närvarande inte synlig för andra användare. För att skicka dina väntande kommentarer, välj "%s" -> "%s/%s/%s" högst upp på sidan.
 issues.review.outdated = Föråldrad
 issues.review.outdated_description = Innehållet har ändrats sedan denna kommentar gjordes
@@ -2333,7 +2333,7 @@ pulls.closed = Ändringsförfrågan stängd
 pulls.manually_merged = Manuellt sammanfogad
 pulls.merged_info_text = Grenen %s kan nu raderas.
 pulls.cannot_merge_work_in_progress = Denna ändringsförfrågan är markerad som pågående arbete.
-pulls.still_in_progress = Fortfarande pågående?
+pulls.still_in_progress = Ännu pågående?
 pulls.add_prefix = Lägg till <strong>%s</strong>-prefix
 pulls.ready_for_review = Redo för granskning?
 pulls.remove_prefix = Ta bort <strong>%s</strong>-prefix
@@ -3521,7 +3521,7 @@ variables.creation = Lägg till variabel
 variables.deletion = Ta bort variabel
 variables.edit = Redigera variabel
 runs.no_workflows.help_write_access = Vet du inte hur du kommer igång med Forgejo Actions? Se <a target="_blank" rel="noopener noreferrer" href="%s">snabbstarten i användardokumentationen</a> för att skriva ditt första arbetsflöde, sedan <a target="_blank" rel="noopener noreferrer" href="%s">konfigurera en Forgejo-körare</a> för att köra dina jobb.
-runs.no_workflows.help_no_write_access = För att lära dig om Forgejo Actions, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
+runs.no_workflows.help_no_write_access = För att lära dig mer om Forgejo Actions, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
 runs.no_runs = Arbetsflödet har inga körningar ännu.
 runs.empty_commit_message = (tomt incheckningsmeddelande)
 runs.expire_log_message = Loggar har rensats eftersom de var för gamla.
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 53ef8c4b0b..6292177a32 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -181,7 +181,7 @@ buttons.bold.tooltip = Додати грубий шрифт (Ctrl+B / ⌘B)
 buttons.italic.tooltip = Додати курсив (Ctrl+I / ⌘I)
 buttons.quote.tooltip = Цитувати текст
 buttons.code.tooltip = Додати код
-buttons.link.tooltip = Додати посилання
+buttons.link.tooltip = Додати посилання (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip = Додати маркований список
 buttons.list.ordered.tooltip = Додати нумерований список
 buttons.list.task.tooltip = Додати список завдань
@@ -965,7 +965,7 @@ valid_until_date = Дійсний до %s
 added_on = Додано %s
 key_signature_ssh_placeholder = Починається з «-----BEGIN SSH SIGNATURE-----»
 user_block_yourself = Ви не можете заблокувати себе.
-repo_and_org_access = Доступ до репозиторію та організації
+repo_and_org_access = Доступ до репозиторіїв та організацій
 change_username_redirect_prompt.with_cooldown.few = Старе ім’я користувача буде доступне всім після періоду захисту, який триватиме %[1]d днів. Протягом періоду захисту ви ще можете повернути собі старе ім’я.
 change_username_redirect_prompt.with_cooldown.one = Старе ім’я користувача буде доступне всім після періоду захисту, який триватиме %[1]d день. Протягом періоду захисту ви ще можете повернути собі старе ім’я.
 change_username_redirect_prompt = Старе ім’я користувача буде переспрямуванням, поки хтось не присвоїть ім’я собі.
@@ -974,7 +974,7 @@ webauthn_alternative_tip = Можливо, ви бажаєте налаштув
 user_unblock_success = Користувач_ку успішно розблоковано.
 webauthn = Двофакторний вхід (ключі безпеки)
 keep_activity_private.description = Вашу <a href="%s">загальнодоступну діяльність</a> буде видно лише вам і адміністрації сервера.
-hidden_comment_types_description = Позначені тут типи коментарів не буде показано на сторінках завдань. Наприклад, якщо тут позначена «Мітка», то всі коментарі «<user> додає/вилучає <label>» буде вилучено.
+hidden_comment_types_description = Позначені тут типи коментарів не буде показано на сторінках задач. Наприклад, якщо тут позначена «Мітка», то всі коментарі «<user> додає/вилучає <label>» буде вилучено.
 comment_type_group_deadline = Крайній термін
 oauth2_redirect_uris = URI-адреси переспрямувань. Пишіть кожну з нового рядка.
 user_block_success = Користувач_ку успішно заблоковано.
@@ -1918,7 +1918,7 @@ settings.githook_edit_desc=Якщо хук неактивний, буде пре
 settings.githook_name=Ім’я хука
 settings.githook_content=Вміст хука
 settings.update_githook=Оновити хук
-settings.add_webhook_desc=Forgejo надсилатиме <code>POST</code>-запити із вказаним Content-Type на цільову URL-адресу. Докладніше — в <a target="_blank" rel="noopener" href="%s">посібнику з вебхуків</a>.
+settings.add_webhook_desc=Forgejo надсилатиме <code>POST</code>-запити з указаним Content-Type на цільову URL-адресу. Докладніше — в <a target="_blank" rel="noopener" href="%s">посібнику з вебхуків</a>.
 settings.payload_url=Цільова URL-адреса
 settings.http_method=Метод HTTP
 settings.content_type=Тип вмісту POST
@@ -2608,7 +2608,7 @@ settings.admin_indexer_unindexed = Не індексовано
 settings.push_mirror_sync_in_progress = Триває надсилання змін до віддаленого репозиторію %s.
 settings.releases_desc = Увімкнути випуски в репозиторії
 settings.admin_code_indexer = Індексатор коду
-settings.protect_status_check_patterns_desc = Уведіть шаблони, щоб вказати, які перевірки стану повинні пройти гілки, перш ніж їх буде об’єднано у гілку, що відповідає цьому правилу. Кожен рядок визначає шаблон. Шаблони не можуть бути порожніми.
+settings.protect_status_check_patterns_desc = Уведіть шаблони, щоб указати, які перевірки стану повинні пройти гілки, перш ніж їх буде об’єднано у гілку, що відповідає цьому правилу. Кожен рядок визначає шаблон. Шаблони не можуть бути порожніми.
 settings.add_webhook.invalid_path = Шлях не повинен містити частини «.» або «..» і не повинен бути порожнім. Він не може починатися або закінчуватися косою рискою.
 settings.matrix.access_token_helper = Рекомендується створити окремий обліковий запис Matrix. Токен доступу можна отримати у вебклієнті Element (у приватній/інкогніто вкладці): Меню користувача (вгорі ліворуч) > Усі налаштування > Допомога та про програму > Подробиці > Токен доступу (під URL-адресою «Домашній сервер»). Закрийте приватну вкладку (вихід із системи зробить токен недійсним).
 settings.protect_patterns = Шаблони
@@ -3449,7 +3449,7 @@ config.open_with_editor_app_help = Редактори «Відкрити в» д
 [action]
 create_repo=створює репозиторій <a href="%s">%s</a>
 rename_repo=перейменовує репозиторій з <code>%[1]s</code> на <a href="%[2]s">%[3]s</a>
-commit_repo=надслає зміни (push) до <a href="%[2]s">%[3]s</a> о <a href="%[1]s">%[4]s</a>
+commit_repo=надслає зміни (push) до <a href="%[2]s">%[3]s</a> в <a href="%[1]s">%[4]s</a>
 create_issue=`відкриває задачу <a href="%[1]s">%[3]s#%[2]s</a>`
 close_issue=`закриває задачу <a href="%[1]s">%[3]s#%[2]s</a>`
 reopen_issue=`повторно відкриває задачу <a href="%[1]s">%[3]s#%[2]s</a>`
diff --git a/options/locale/locale_vi.ini b/options/locale/locale_vi.ini
index d76007c48e..61d7117b73 100644
--- a/options/locale/locale_vi.ini
+++ b/options/locale/locale_vi.ini
@@ -706,7 +706,7 @@ update_hints = Cập nhật các gợi ý
 update_hints_success = Đã cập nhật các gợi ý.
 hidden_comment_types = Loại bình luận bị ẩn
 hidden_comment_types_description = Các loại bình luận được chọn ở đây sẽ không hiện trên các trang vấn đề. Ví dụ: Chọn "Nhãn" thì sẽ loại bỏ tất cả các bình luận "<user> đã thêm/bỏ <label>".
-hidden_comment_types.ref_tooltip = 
+hidden_comment_types.ref_tooltip =
 hidden_comment_types.issue_ref_tooltip = Các bình luận mà người dùng đổi nhánh/nhãn gắn với vấn đề
 comment_type_group_reference = Đề cập
 comment_type_group_label = Nhãn
@@ -782,7 +782,7 @@ key_content_gpg_placeholder = Bắt đầu bằng "-----BEGIN PGP PUBLIC KEY BLO
 ssh_key_been_used = Mã SSH này đã được thêm vào máy chủ rồi.
 ssh_key_name_used = Một mã SSH cùng tên đã tồn tại trong tài khoản của bạn.
 gpg_key_id_used = Một mã GPG công khai cùng ID đã tồn tại.
-gpg_no_key_email_found = 
+gpg_no_key_email_found =
 gpg_key_matched_identities = Các danh tính khớp:
 gpg_key_verify = Xác thực
 gpg_token_help = Bạn có thể tạo chữ kí bằng:
@@ -803,7 +803,7 @@ delete_key = Gỡ
 ssh_key_deletion = Gỡ mã SSH
 gpg_key_deletion = Gỡ mã GPG
 ssh_key_deletion_desc = Việc gỡ mã SSH sẽ tước quyền truy cập của nó đến tài khoản của bạn. Tiếp tục?
-gpg_key_deletion_desc = 
+gpg_key_deletion_desc =
 ssh_key_deletion_success = Đã gỡ mã SSH.
 gpg_key_deletion_success = Đã gỡ mã GPG.
 added_on = Đã được thêm từ %s
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index a391412199..5b685e36ae 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -182,7 +182,7 @@ buttons.bold.tooltip=添加粗体文本（Ctrl+B / ⌘B）
 buttons.italic.tooltip=添加斜体文本（Ctrl+I / ⌘I）
 buttons.quote.tooltip=引用文本
 buttons.code.tooltip=添加代码
-buttons.link.tooltip=添加链接
+buttons.link.tooltip=添加链接（Ctrl+K / ⌘K）
 buttons.list.unordered.tooltip=添加待办清单
 buttons.list.ordered.tooltip=添加编号列表
 buttons.list.task.tooltip=添加任务列表
@@ -1664,7 +1664,7 @@ issues.time_spent_from_all_authors=总花费时间：%s
 issues.due_date=到期时间
 issues.push_commit_1=于%[2]s推送了%[1]d个提交
 issues.push_commits_n=于%[2]s推送了%[1]d个提交
-issues.force_push_codes=于%[6]s强制推送%[1]s，从<a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s至<a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s
+issues.force_push_codes=于%[6]s强制推送了%[1]s，从<a class="%[7]s" href="%[3]s"><code>%[2]s</code></a>%[8]s至<a class="%[7]s" href="%[5]s"><code>%[4]s</code></a>%[9]s
 issues.force_push_compare=比较
 issues.due_date_form=yyyy年mm月dd日
 issues.due_date_form_edit=编辑
@@ -1792,7 +1792,7 @@ pulls.still_in_progress=仍在进行中？
 pulls.add_prefix=添加<strong>%s</strong>前缀
 pulls.remove_prefix=删除<strong>%s</strong>前缀
 pulls.data_broken=此合并请求因为派生仓库信息缺失而中断。
-pulls.files_conflicted=此合并请求有变更与目标分支冲突。
+pulls.files_conflicted=有更改与目标分支冲突。
 pulls.is_checking=正在进行合并冲突检测，请稍后再试。
 pulls.is_ancestor=此分支已经包含在目标分支中，没有更改可以合并。
 pulls.is_empty=此分支上的更改已经在目标分支上。这将是一个空提交。
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index 87290333de..b1b1156ef6 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -182,7 +182,7 @@ buttons.bold.tooltip=新增粗體文字（Ctrl+B／⌘B）
 buttons.italic.tooltip=新增斜體文字（Ctrl+I／⌘I）
 buttons.quote.tooltip=引用文字
 buttons.code.tooltip=新增程式碼
-buttons.link.tooltip=新增連結
+buttons.link.tooltip=新增連結 (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip=新增項目符號清單
 buttons.list.ordered.tooltip=新增編號清單
 buttons.list.task.tooltip=新增工作項目清單
@@ -3461,7 +3461,7 @@ auto_merge_pull_request=`自動合併了合併請求 <a href="%[1]s">%[3]s#%[2]s
 transfer_repo=將儲存庫 <code>%s</code> 轉移至 <a href="%s">%s</a>
 push_tag=推送了標籤 <a href="%[2]s">%[3]s</a> 到 <a href="%[1]s">%[4]s</a>
 delete_tag=刪除了 <a href="%[1]s">%[3]s</a> 的標籤 %[2]s
-delete_branch=刪除了 <a href="%[1]s">%[3]s</a> 的 <code>%[2]s</code> 分支
+delete_branch=刪除版次 <code>%[2]s</code> 從 <a href="%[1]s">%[3]s</a>
 compare_branch=比較
 compare_commits=比較 %d 個提交
 compare_commits_general=比較提交
diff --git a/options/locale_next/locale_ar.json b/options/locale_next/locale_ar.json
index 20ed138baf..6eb05e75c4 100644
--- a/options/locale_next/locale_ar.json
+++ b/options/locale_next/locale_ar.json
@@ -16,33 +16,24 @@
 	"actions.runners.status.idle": "خامل",
 	"actions.runners.status.active": "نشيط",
 	"actions.runners.status.offline": "غير متصل",
-	"actions.runners.id": "المعرّف",
 	"actions.runners.name": "الاسم",
 	"actions.runners.owner_type": "النوع",
 	"actions.runners.description": "الوصف",
 	"actions.runners.labels": "التصنيفات",
 	"actions.runners.last_online": "آخر مرة كان متصلا",
-	"actions.runners.runner_title": "مشغّل",
-	"actions.runners.task_list": "المهام الأخيرة على هذا المشغّل",
+	"actions.runners.runner_title": "",
 	"actions.runners.task_list.no_tasks": "لا توجد مهام بعد.",
 	"actions.runners.task_list.run": "شغّل",
 	"actions.runners.task_list.status": "الحالة",
 	"actions.runners.task_list.repository": "المستودع",
 	"actions.runners.task_list.commit": "الإيداع",
 	"actions.runners.task_list.done_at": "تم عند",
-	"actions.runners.edit_runner": "عدّل المشغّل",
-	"actions.runners.update_runner.button": "حدّث التغييرات",
 	"actions.runners.update_runner.success": "نجح تحديث المشغّل",
 	"actions.runners.update_runner.failed": "تعذر تحديث المشغّل",
-	"actions.runners.delete_runner.button": "احذف هذا المشغّل",
 	"actions.runners.delete_runner.success": "نجح حذف المشغّل",
 	"actions.runners.delete_runner.failed": "تعذر حذف المشغّل",
 	"actions.runners.delete_runner.header": "تأكيد حذف هذا المشغّل",
 	"actions.runners.none": "لا مشغّل متاح",
-	"actions.runners.version": "النسخة",
-	"actions.runs.commit": "إيداع",
-	"actions.runs.scheduled": "مُجدوَل",
-	"actions.runs.pushed_by": "دفعه",
 	"actions.runs.no_matching_online_runner.helper": "لا يوجد",
 	"actions.runs.status": "الحالة",
 	"actions.runs.status_no_select": "كل الحالات",
diff --git a/options/locale_next/locale_arq.json b/options/locale_next/locale_arq.json
new file mode 100644
index 0000000000..0967ef424b
--- /dev/null
+++ b/options/locale_next/locale_arq.json
@@ -0,0 +1 @@
+{}
diff --git a/options/locale_next/locale_bg.json b/options/locale_next/locale_bg.json
index 43de5d6955..2525e1c239 100644
--- a/options/locale_next/locale_bg.json
+++ b/options/locale_next/locale_bg.json
@@ -11,7 +11,6 @@
 	"actions.runners.description": "Описание",
 	"actions.runners.labels": "Етикети",
 	"actions.runners.task_list.repository": "Хранилище",
-	"actions.runners.version": "Версия",
 	"gpg.default_key": "Подписано с ключ по подразбиране",
 	"gpg.error.extract_sign": "Неуспешно извличане на подпис",
 	"gpg.error.generate_hash": "Неуспешно генериране на хеш на подаването",
@@ -213,7 +212,7 @@
 	},
 	"repo.form.cannot_create": "Всички пространства, в които можете да създавате хранилища, са достигнали лимита си на хранилища.",
 	"moderation.report_remarks": "Подробности",
-	"moderation.submit_report": "Изпращане на доклада",
+	"moderation.submit_report": "Изпращане на докладването",
 	"followers.incoming.list.self.none": "Никой не следва вашия профил.",
 	"followers.incoming.list.none": "Никой не следва този потребител.",
 	"relativetime.now": "сега",
@@ -230,8 +229,8 @@
 	"repo.issue_indexer.title": "Индексатор на задачи",
 	"moderation.report_abuse_form.details": "Този формуляр трябва да се използва за докладване на потребители, които създават спам профили, хранилища, задачи, коментари или се държат неподходящо.",
 	"moderation.report_remarks.placeholder": "Моля, предоставете подробности относно злоупотребата, за която докладвате.",
-	"moderation.reporting_failed": "Не може да се изпрати новият доклад за злоупотреба: %v",
-	"moderation.reported_thank_you": "Благодарим ви за доклада. Администрацията е уведомена.",
+	"moderation.reporting_failed": "Не може да се изпрати новото докладване за злоупотреба: %v",
+	"moderation.reported_thank_you": "Благодарим ви за докладването. Администрацията е уведомена.",
 	"error.not_found.title": "Страницата не е намерена",
 	"incorrect_root_url": "Тази инстанция на Forgejo е конфигурирана да се сервира на \"%s\". В момента разглеждате Forgejo през друг URL адрес, което може да доведе до неправилно функциониране на части от приложението. Каноничният URL адрес се контролира от администраторите на Forgejo чрез настройката ROOT_URL в app.ini.",
 	"themes.names.forgejo-dark": "Forgejo тъмна",
@@ -309,9 +308,9 @@
 	"issues.updated": "обновено %s",
 	"repo.pulls.poster_manage_approval": "Управление на одобренията",
 	"repo.pulls.poster_requires_approval": "Някои работни процеси са <a href=\"%[1]s\">в очакване на рецензия</a>.",
-	"repo.pulls.poster_requires_approval.tooltip": "На автора на тази заявка за сливане не се доверява да изпълнява работни потоци, задействани от заявка за сливане, създадено от разклонено хранилище или с AGit. Работните потоци, задействани от събитие `pull_request`, няма да се изпълняват, докато не бъдат одобрени.",
+	"repo.pulls.poster_requires_approval.tooltip": "На автора на тази заявка за сливане не се доверява да изпълнява работни процеси, задействани от заявка за сливане, създадено от разклонено хранилище или с AGit. Работните процеси, задействани от събитие `pull_request`, няма да се изпълняват, докато не бъдат одобрени.",
 	"repo.pulls.poster_is_trusted": "Авторът на тази заявка за сливане е <a href=\"%[1]s\">винаги надежден за изпълнение на работни процеси</a>.",
-	"repo.pulls.poster_is_trusted.tooltip": "На автора на тази заявка за сливане се предоставя изрично доверие да изпълнява работни потоци, задействани от събития `pull_request`.",
+	"repo.pulls.poster_is_trusted.tooltip": "На автора на тази заявка за сливане се предоставя изрично доверие да изпълнява работни процеси, задействани от събития `pull_request`.",
 	"repo.pulls.poster_trust_deny": "Отказване",
 	"repo.pulls.poster_trust_deny.tooltip": "Работните процеси, които чакат одобрение, ще бъдат отменени.",
 	"repo.pulls.poster_trust_once": "Одобряване веднъж",
@@ -329,5 +328,105 @@
 	"actions.runners.status": "Състояние",
 	"actions.runners.status.unspecified": "Неизвестно",
 	"actions.runners.status.idle": "В покой",
-	"actions.runners.status.active": "Активен"
+	"actions.runners.status.active": "Активен",
+	"repo.issues.filter_sort.hint_with_placeholder": "Подреждане по: %s",
+	"issues.filters.labels.exclude": "Изключване на етикет",
+	"issues.filters.labels.unexclude": "Изчистване на изключението",
+	"repo.pulls.auto_merge.no_permission": "Нямате разрешение да отмените автоматичното сливане на тази заявка за сливане.",
+	"repo.pulls.poster_trust_once.tooltip": "Работните процеси, задействани от събитие `pull_request`, ще се изпълнят за това подаване, но ще трябва да бъдат одобрени за всички бъдещи подавания, изпратени към тази заявка за сливане.",
+	"repo.pulls.poster_trust_always.tooltip": "Работните процеси, задействани от събитие `pull_request`, ще се изпълнят за това подаване и няма да има нужда да бъдат одобрявани изпълнения от тази заявка за сливане или бъдещи заявки за сливане, чийто автор е същият потребител.",
+	"repo.pulls.poster_trust_revoke.tooltip": "На автора на тази заявка за сливане вече няма да се доверява да изпълнява работни процеси, задействани от събитие `pull_request`, и всяко изпълнение ще трябва да бъде ръчно одобрявано.",
+	"repo.pulls.maintainers_can_edit": "Поддържащите могат да редактират тази заявка за сливане.",
+	"repo.pulls.maintainers_cannot_edit": "Поддържащите не могат да редактират тази заявка за сливане.",
+	"repo.view.gitmodules_too_large": "Файлът .gitmodules е твърде голям и ще бъде пренебрегнат (например при извиквания на API)",
+	"migrate.form.error.url_credentials": "URL адресът съдържа идентификационни данни, поставете ги в полетата за потребителско име и парола съответно",
+	"search.syntax": "Синтаксис за търсене",
+	"search.fuzzy": "Приблиз.",
+	"search.fuzzy_tooltip": "Включването на резултатите е приблизително съвпадение с термина за търсене",
+	"repo.settings.push_mirror.branch_filter.label": "Филтър на клонове (опционално)",
+	"repo.settings.push_mirror.branch_filter.description": "Клонове, които да бъдат огледални. Оставете празно, за да са огледални всички клонове. Вижте <a href=\"%[1]s\">документацията на %[2]s</a> за синтаксиса. Примери: <code>main, release/*</code>",
+	"warning.repository.out_of_sync": "Представянето на това хранилище в базата данни не е синхронизирано. Ако това предупреждение все още се показва след подаване в това хранилище, свържете се с администратора.",
+	"install.ssh_authorized_keys_inspection_error": "Неуспешна проверка на съществуващия файл authorized_keys: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Вкючването на SSH за Forgejo е в конфликт с файла, намиращ се на %s, който съдържа съществуващи SSH ключове. Предложения: използвайте специален системен потребител за Forgejo или изключете SSH.",
+	"keys.verify.token.hint": "Токенът е валиден само 1 минута. <a href=\"%[1]s\">Вземете нов, ако е изтекъл</a>.",
+	"admin.moderation.moderation_reports": "Докладвания за модерация",
+	"admin.moderation.reports": "Докладвания",
+	"admin.moderation.no_open_reports": "В момента няма отворени докладвания.",
+	"admin.moderation.deleted_content_ref": "Докладваното съдържание с тип %[1]v и id %[2]d вече не съществува",
+	"moderation.report.mark_as_handled": "Отбелязване като обработен",
+	"moderation.report.mark_as_ignored": "Отбелязване като пренебрегнат",
+	"moderation.action.account.delete": "Изтриване на акаунта",
+	"moderation.action.repo.delete": "Изтриване на хранилището",
+	"moderation.action.issue.delete": "Изтриване на задачата",
+	"moderation.action.comment.delete": "Изтриване на коментара",
+	"moderation.unknown_action": "Неизвестно действие",
+	"moderation.users.cannot_suspend_admins": "Потребители с администраторски права не могат да бъдат замразени.",
+	"moderation.users.cannot_suspend_org": "Организации не могат да бъдат замразявани.",
+	"moderation.users.already_suspended": "Потребителският акаунт вече е замразен.",
+	"moderation.users.suspend_success": "Потребителският акаунт е замразен.",
+	"moderation.users.cannot_delete_admins": "Потребители с администраторски права не могат да бъдат изтривани.",
+	"moderation.issue.deletion_success": "Задачата е изтрита.",
+	"moderation.comment.deletion_success": "Коментарът е изтрит.",
+	"mail.actions.successful_run_after_failure_subject": "Работният процес %[1]s се възстанови в хранилище %[2]s",
+	"mail.actions.not_successful_run_subject": "Работният процес %[1]s се провали в хранилище %[2]s",
+	"mail.actions.successful_run_after_failure": "Работният процес %[1]s се възстанови в хранилище %[2]s",
+	"mail.actions.not_successful_run": "Работният процес %[1]s се провали в хранилище %[2]s",
+	"mail.actions.run_info_cur_status": "Състояние на това изпълнение: %[1]s (току-що обновено от %[2]s)",
+	"mail.actions.run_info_previous_status": "Състояние на предишното изпълнение: %[1]s",
+	"mail.issue.action.close_by_commit": "%[1]s затвори %[2]s в подаване %[3]s.",
+	"repo.diff.commit.next-short": "Следв.",
+	"repo.diff.commit.previous-short": "Пред.",
+	"discussion.locked": "Това обсъждане е заключено. Коментирането е ограничено до допринеслите.",
+	"admin.auths.allow_username_change": "Разрешаване на промяна на потребителското име",
+	"admin.auths.allow_username_change.description": "Разрешаване на потребителите да променят потребителското си име в настройките на профила",
+	"admin.dashboard.cleanup_offline_runners": "Почистване на офлайн изпълнители",
+	"admin.dashboard.remove_resolved_reports": "Премахване на решените докладвания",
+	"admin.config.security": "Конфигурация на сигурността",
+	"admin.config.global_2fa_requirement.title": "Глобално изискване за двуфакторно удостоверяване",
+	"admin.config.global_2fa_requirement.none": "Не",
+	"admin.config.global_2fa_requirement.all": "Всички потребители",
+	"admin.config.global_2fa_requirement.admin": "Администратори",
+	"settings.visibility.description": "Видимостта на профила влияе на способността на другите да имат достъп до вашите не-частни хранилища. <a href=\"%s\" target=\"_blank\">Научете повече</a>.",
+	"settings.twofa_unroll_unavailable": "Двуфакторното удостоверяване е задължително за вашия акаунт и не може да бъде изключено.",
+	"avatar.constraints_hint": "Персонализираната профилна снимка не трябва да надвишава размер от %[1]s или да бъде по-голяма от %[2]dx%[3]d пиксела",
+	"user.ghost.tooltip": "Този потребител е изтрит или не може да бъде съпоставен.",
+	"og.repo.summary_card.alt_description": "Карта с обобщение на хранилище %[1]s, описано като: %[2]s",
+	"actions.runners.list_runners.details_column": "Подробности",
+	"actions.runners.list_runners.edit_column": "Редактиране",
+	"actions.runners.list_runners.delete_column": "Изтриване",
+	"actions.runners.list_runners.details_button": "Подробности",
+	"actions.runners.list_runners.details_button_aria": "Показване на подробности за %s",
+	"actions.runners.list_runners.delete_button": "Изтриване",
+	"actions.runners.list_runners.delete_button_aria": "Изтриване на %s",
+	"actions.runners.list_runners.edit_button": "Редактиране",
+	"actions.runners.list_runners.edit_button_aria": "Редактиране на %s",
+	"actions.runners.runner_title": "Изпълнител %s",
+	"actions.runners.ephemeral.yes": "да",
+	"actions.runners.ephemeral.no": "не",
+	"actions.runners.task_list.run": "Изпълнение",
+	"actions.runners.task_list.status": "Състояние",
+	"actions.runners.task_list.commit": "Подаване",
+	"actions.runners.task_list.done_at": "Завършено на",
+	"actions.runners.edit_runner_button": "Редактиране на изпълнителя",
+	"actions.runners.create_runner.page_title": "Създаване на нов изпълнител",
+	"actions.runners.create_runner.title": "Създаване на нов изпълнител",
+	"actions.runners.create_runner.properties_fieldset": "Свойства",
+	"actions.runners.create_runner.name_label": "Име",
+	"actions.runners.create_runner.description_label": "Описание",
+	"actions.runners.create_runner.create_button": "Създаване",
+	"actions.runners.create_runner.cancel_button": "Отказ",
+	"actions.runners.edit_runner.page_title": "Редактиране на изпълнител %s",
+	"actions.runners.edit_runner.title": "Редактиране на изпълнител %s",
+	"actions.runners.edit_runner.properties_fieldset": "Свойства",
+	"actions.runners.edit_runner.properties_options": "Опции",
+	"actions.runners.edit_runner.name_label": "Име",
+	"actions.runners.edit_runner.description_label": "Описание",
+	"actions.runners.edit_runner.save_button": "Запазване",
+	"actions.runners.edit_runner.cancel_button": "Отказ",
+	"actions.runs.all_workflows": "Всички работни процеси",
+	"teams.add_all_repos.modal.header": "Добавяне на всички хранилища",
+	"teams.remove_all_repos.modal.header": "Премахване на всички хранилища",
+	"editor.search": "Търсене",
+	"editor.replace": "Замяна",
+	"editor.replace_all": "Замяна на всички"
 }
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index a20495744f..1fd3ede667 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -172,7 +172,6 @@
 	"migrate.pagure.token.placeholder": "Només per crear un arxiu d'incidències privades",
 	"actions.runs.viewing_out_of_date_run": "Esteu veient una execució desactualitzada d'aquesta tasca que va ser executada %[1]s.",
 	"actions.runs.view_most_recent_run": "Veure l'execució més recent",
-	"actions.runs.commit": "Commit",
 	"actions.workflow.pre_execution_error": "No s'ha executat el flux de treball degut a un error que ha bloquejat l'intent d'execució.",
 	"actions.runners.name": "Nom",
 	"actions.runners.owner_type": "Tipus",
@@ -180,7 +179,6 @@
 	"actions.runners.labels": "Etiquetes",
 	"actions.runners.task_list.repository": "Repositori",
 	"actions.runners.task_list.commit": "Commit",
-	"actions.runners.version": "Versió",
 	"relativetime.future": "en el futur",
 	"migrate.pagure.private_issues.warning": "Assegureu-vos de configurar la visibilitat del repositori com a privada si esteu usant la clau API per importar incidències privades. Això evitarà exposar accidentalment el contingut privat en un repositori públic.",
 	"actions.runs.run_attempt_label": "Intent d'execució #%[1]s (%[2]s)",
@@ -207,8 +205,8 @@
 	"repo.issues.filter_mention.hint": "Filtra per l'usuari mencionat",
 	"repo.issues.filter_modified.hint": "Filtra per la darrera data de modificació",
 	"repo.pulls.poster_manage_approval": "Gestiona l'aprovació",
-	"repo.pulls.poster_requires_approval": "Alguns fluxos de treball encara estan <a href=\"%[1]s\">pendents de revisió.</a>",
-	"repo.pulls.poster_is_trusted": "L'autor d'aquesta «pull request» <a href=\"%[1]s\">sempre podrà executar fluxos de treball.</a>",
+	"repo.pulls.poster_requires_approval": "Alguns fluxos de treball encara estan <a href=\"%[1]s\">pendents de revisió</a>.",
+	"repo.pulls.poster_is_trusted": "L'autor d'aquesta «pull request» <a href=\"%[1]s\">sempre podrà executar fluxos de treball</a>.",
 	"repo.pulls.poster_is_trusted.tooltip": "L'autor d'aquesta «pull request» està explícitament autoritzat per a executar fluxos de treball a partir d'esdeveniments `pull_request`.",
 	"repo.pulls.poster_trust_deny": "Denega",
 	"repo.pulls.poster_trust_deny.tooltip": "Es cancel·laran els fluxos de treball pendents d'aprovació.",
@@ -256,5 +254,53 @@
 	"packages.alpine.repository.architectures": "Arquitectures",
 	"packages.debian.repository.architectures": "Arquitectures",
 	"packages.rpm.repository.architectures": "Arquitectures",
-	"packages.alt.repository.architectures": "Arquitectures"
+	"packages.alt.repository.architectures": "Arquitectures",
+	"repo.issues.filter_sort.hint_with_placeholder": "Ordenar per: %s",
+	"issues.updated": "actualitzat %s",
+	"issues.filters.labels.exclude": "Excloure etiqueta",
+	"issues.filters.labels.unexclude": "Netejar exclusió",
+	"repo.pulls.poster_requires_approval.tooltip": "A l'autor d'aquesta «pull request» no se li ha confiat l'execució de fluxos de treball disparats per una «pull request» creada desde un repositori bifurcat a amb AGit. Els fluxos de treball disparats per un event `pull_request` no s'executaran fins que siguin aprovats.",
+	"repo.pulls.auto_merge.no_permission": "No tens permís per a cancel·lar la fusió automàtica d'aquesta «pull request».",
+	"repo.view.gitmodules_too_large": "L'arxiu .gitmodules es massa gran i serà ignorat (en crides a l'API per exemple)",
+	"install.ssh_authorized_keys_inspection_error": "Error a l'inspeccionar l'arxiu authorized_keys existent: %v",
+	"settings.specific_repo_access": "Accés al repositori",
+	"gpg.default_key": "Signat amb la clau predeterminada",
+	"gpg.error.extract_sign": "S'ha fallat a l'extreure la signatura",
+	"gpg.error.generate_hash": "S'ha fallat al generar l'empremta del commit",
+	"gpg.error.no_committer_account": "Cap compte enllaçat a l'adreça de correu de l'autor/a",
+	"gpg.error.no_gpg_keys_found": "No hi ha cap clau coneguda per aquesta signatura a la base de dades",
+	"gpg.error.not_signed_commit": "No és un commit signat",
+	"gpg.error.failed_retrieval_gpg_keys": "S'ha fallat al recuperar una clau adjunta al compte de l'autor/a",
+	"gpg.error.probable_bad_signature": "ADVERTÈNCIA! Ja hi ha una clau amb el mateix ID a la base de dades, però aquesta no verifica aquest commit! Aquest commit es sospitós.",
+	"notification.mark_all_as_read": "Marcar-ho tot com a llegit",
+	"notification.subscriptions": "Subscripcions",
+	"notification.watching": "Observant",
+	"notification.no_subscriptions": "No tens cap subscripció.",
+	"dropzone.default_message": "Deixa caure els arxius o clica aquí per a pujar-ne.",
+	"dropzone.invalid_input_type": "No es poden pujar fitxers d'aquest tipus.",
+	"dropzone.file_too_big": "La mida de l'arxiu ({{filesize}} MB) excedeix la mida màxima de ({{maxFilesize}} MB).",
+	"dropzone.remove_file": "Eliminar arxiu",
+	"munits.data.b": "O",
+	"munits.data.kib": "KiO",
+	"munits.data.mib": "MiO",
+	"munits.data.gib": "GiO",
+	"munits.data.tib": "TiO",
+	"munits.data.pib": "PiO",
+	"munits.data.eib": "EiO",
+	"packages.title": "Paquets",
+	"packages.empty": "Encara no hi ha paquets.",
+	"packages.empty.documentation": "Per a mes informació sobre el registre de paquets, vegeu <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentació</a>.",
+	"packages.empty.repo": "Has pujat un paquet però no es mostra aquí? Ves a <a href=\"%[1]s\">configuració del paquet</a> i enllaça'l a aquest repositori.",
+	"packages.registry.documentation": "Per a mes informació sobre el registre %s, vegeu <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentació</a>.",
+	"packages.filter.no_result": "El teu filtre no ha produït cap resultat.",
+	"packages.filter.container.tagged": "Etiquetat",
+	"packages.filter.container.untagged": "Desetiquetat",
+	"packages.published_by": "Publicat %[1]s per <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Publicat %[1]s per <a href=\"%[2]s\">%[3]s</a> en <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Per instal·lar el paquet amb Dart, executa la següent ordre:",
+	"packages.installation": "Instal·lació",
+	"packages.about": "Sobre aquest paquet",
+	"packages.requirements": "Requisits",
+	"packages.dependencies": "Dependències",
+	"packages.keywords": "Paraules clau"
 }
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index f037ecce2f..d352f29aec 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -1,8 +1,8 @@
 {
 	"gpg.default_key": "Podepsáno výchozím klíčem",
-	"gpg.error.extract_sign": "Selhalo získání podpisu",
-	"gpg.error.generate_hash": "Selhalo vygenerování hashe revize",
-	"gpg.error.no_committer_account": "Žádný účet není propojen s e-mailovou adresou přispěvatele",
+	"gpg.error.extract_sign": "Nepodařilo se získat podpis",
+	"gpg.error.generate_hash": "Nepodařilo se vygenerovat hash revize",
+	"gpg.error.no_committer_account": "S e-mailovou adresou přispěvatele není propojen žádný účet",
 	"gpg.error.no_gpg_keys_found": "V databázi nebyl nalezen žádný známý klíč pro tento podpis",
 	"gpg.error.not_signed_commit": "Nepodepsaná revize",
 	"gpg.error.failed_retrieval_gpg_keys": "Nepodařilo se získat žádný klíč propojený s účtem přispěvatele",
@@ -221,7 +221,7 @@
 	"alert.asset_load_failed": "Nepodařilo se načíst soubory příloh z {path}. Ujistěte se, že jsou dané soubory přístupné.",
 	"install.invalid_lfs_path": "Nepodařilo se vytvořit kořen LFS na zvolené cestě: %[1]s",
 	"alert.range_error": " musí být číslo mezi %[1]s a %[2]s.",
-	"meta.last_line": "Díky všem přispěvatelům za pomoc!",
+	"meta.last_line": "Díky všem přispěvatelům za pomoc!.",
 	"mail.actions.not_successful_run_subject": "Workflow %[1]s selhal v repozitáři %[2]s",
 	"mail.actions.not_successful_run": "Workflow %[1]s selhal v repozitáři %[2]s",
 	"mail.actions.run_info_cur_status": "Stav tohoto procesu: %[1]s (právě aktualizováno z %[2]s)",
@@ -350,55 +350,46 @@
 	"actions.runs.run_attempt_label": "Pokus o běh #%[1]s (%[2]s)",
 	"actions.runs.view_most_recent_run": "Zobrazit nejnovější běh",
 	"actions.runs.all_workflows": "Všechny workflowy",
-	"actions.runs.commit": "Revize",
-	"actions.runs.scheduled": "Naplánováno",
-	"actions.runs.pushed_by": "pushnuta uživatelem",
 	"actions.runs.workflow": "Workflow",
-	"actions.runs.invalid_workflow_helper": "Konfigurační soubor pracovního postupu je neplatný. Zkontrolujte prosím konfigurační soubor: %s",
-	"actions.runs.no_matching_online_runner.helper": "Žádný odpovídající online runner s popiskem: %s",
-	"actions.runs.no_job_without_needs": "Workflow musí obsahovat alespoň jednu práci bez závislostí.",
+	"actions.runs.invalid_workflow_helper": "Konfigurační soubor workflow je neplatný. Zkontrolujte prosím konfigurační soubor: %s",
+	"actions.runs.no_matching_online_runner.helper": "Žádný odpovídající online runner se štítkem: %s",
+	"actions.runs.no_job_without_needs": "Workflow musí obsahovat alespoň jednu úlohu bez závislostí.",
 	"actions.runs.no_job": "Workflow musí obsahovat alespoň jednu úlohu",
 	"actions.runs.actor": "Aktér",
-	"actions.runs.status": "Status",
+	"actions.runs.status": "Stav",
 	"actions.runs.actors_no_select": "Všichni aktéři",
 	"actions.runs.status_no_select": "Všechny stavy",
-	"actions.runs.no_results": "Nebyly nalezeny žádné výsledky.",
-	"actions.runs.no_workflows": "Zatím nebyly vytvořeny žádné pracovní postupy.",
+	"actions.runs.no_results": "Neodpovídají žádné výsledky.",
+	"actions.runs.no_workflows": "Zatím nebyly vytvořeny žádné postupy workflow.",
 	"actions.actions": "Akce",
 	"actions.runners": "Runnery",
 	"actions.runners.runner_manage_panel": "Správa runnerů",
 	"actions.runners.new": "Vytvořit nový runner",
 	"actions.runners.new_notice": "Jak spustit runner",
-	"actions.runners.status": "Status",
+	"actions.runners.status": "Stav",
 	"actions.runners.status.unspecified": "Neznámý",
 	"actions.runners.status.idle": "Nečinný",
 	"actions.runners.status.active": "Aktivní",
 	"actions.runners.status.offline": "Offline",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Název",
 	"actions.runners.owner_type": "Typ",
 	"actions.runners.description": "Popis",
 	"actions.runners.labels": "Štítky",
 	"actions.runners.last_online": "Naposledy online",
-	"actions.runners.runner_title": "Runner",
-	"actions.runners.task_list": "Nedávné úlohy na tomto runneru",
+	"actions.runners.runner_title": "Runner %s",
 	"actions.runners.task_list.no_tasks": "Zatím zde nejsou žádné úlohy.",
 	"actions.runners.task_list.run": "Spustit",
-	"actions.runners.task_list.status": "Status",
+	"actions.runners.task_list.status": "Stav",
 	"actions.runners.task_list.repository": "Repozitář",
 	"actions.runners.task_list.commit": "Revize",
 	"actions.runners.task_list.done_at": "Dokončeno v",
-	"actions.runners.edit_runner": "Upravit runner",
-	"actions.runners.update_runner.button": "Uložit změny",
 	"actions.runners.update_runner.success": "Runner byl úspěšně upraven",
 	"actions.runners.update_runner.failed": "Nepodařilo se upravit runner",
-	"actions.runners.delete_runner.button": "Odstranit tento runner",
 	"actions.runners.delete_runner.success": "Runner byl úspěšně odstraněn",
-	"actions.runners.delete_runner.failed": "Odstranění runneru selhalo",
+	"actions.runners.delete_runner.failed": "Nepodařilo se odstranit runner",
 	"actions.runners.delete_runner.header": "Potvrdit odstranění tohoto runneru",
 	"actions.runners.delete_runner.notice": "Pokud na tomto runneru běží úloha, bude ukončena a označena jako neúspěšná. Může dojít k přerušení vytváření workflow.",
 	"actions.runners.none": "Nejsou dostupné žádné runnery",
-	"actions.runners.version": "Verze",
 	"actions.runners.reset_registration_token.button": "Resetovat registrační token",
 	"actions.runners.reset_registration_token.success": "Registrační token runneru byl úspěšně obnoven",
 	"pulse.n_active_issues": {
@@ -448,7 +439,7 @@
 		"other": "Čekání na runner s následujícími štítky: %s"
 	},
 	"actions.status.unknown": "Neznámý",
-	"actions.status.waiting": "Čekání",
+	"actions.status.waiting": "Čeká",
 	"actions.status.running": "Probíhá",
 	"actions.status.success": "Úspěch",
 	"actions.status.failure": "Chyba",
@@ -523,5 +514,72 @@
 	"packages.common.registry": "Nastavte tento registr z příkazového řádku:",
 	"packages.common.repository": "Informace o repozitáři",
 	"actions.runs.all_runs_link": "všechny běhy",
-	"repo.issues.filter_sort.hint_with_placeholder": "Řadit podle: %s"
+	"repo.issues.filter_sort.hint_with_placeholder": "Řadit podle: %s",
+	"access_token.error.specified_repos_none": "Přístupové tokeny se zadanými repozitáři musí mít alespoň jeden repozitář.",
+	"access_token.error.specified_repos_and_public_only": "Přístupové tokeny se zadanými repozitáři nelze kombinovat s veřejným rozsahem.",
+	"access_token.error.specified_repos_and_invalid_scope": "Přístupové tokeny se zadanými repozitáři lze použít pouze s rozsahy read:issue, write:issue, read:repository a write:repository.",
+	"repo.pulls.auto_merge.no_permission": "Nemáte oprávnění ke zrušení automatického sloučení této žádosti.",
+	"settings.specific_repo_access": "Přístup k repozitářům",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Token",
+	"actions.runners.ephemeral": "Dočasný",
+	"actions.runners.list_runners.details_column": "Podrobnosti",
+	"actions.runners.list_runners.edit_column": "Upravit",
+	"actions.runners.list_runners.delete_column": "Odstranit",
+	"actions.runners.list_runners.details_button": "Podrobnosti",
+	"actions.runners.list_runners.details_button_aria": "Zobrazit podrobnosti %s",
+	"actions.runners.list_runners.delete_button": "Odstranit",
+	"actions.runners.list_runners.delete_button_aria": "Odstranit %s",
+	"actions.runners.list_runners.edit_button": "Upravit",
+	"actions.runners.list_runners.edit_button_aria": "Upravit %s",
+	"actions.runners.ephemeral.yes": "ano",
+	"actions.runners.ephemeral.no": "ne",
+	"actions.runners.edit_runner_button": "Upravit runner",
+	"actions.runners.create_runner.page_title": "Vytvořit nový runner",
+	"actions.runners.create_runner.title": "Vytvořit nový runner",
+	"actions.runners.create_runner.properties_fieldset": "Vlastnosti",
+	"actions.runners.create_runner.name_label": "Název",
+	"actions.runners.create_runner.description_label": "Popis",
+	"actions.runners.create_runner.create_button": "Vytvořit",
+	"actions.runners.create_runner.cancel_button": "Zrušit",
+	"actions.runners.edit_runner.page_title": "Upravit runner %s",
+	"actions.runners.edit_runner.title": "Upravit runner %s",
+	"actions.runners.edit_runner.properties_fieldset": "Vlastnosti",
+	"actions.runners.edit_runner.properties_options": "Možnosti",
+	"actions.runners.edit_runner.name_label": "Název",
+	"actions.runners.edit_runner.description_label": "Popis",
+	"actions.runners.edit_runner.regenerate_token_label": "Znovu vygenerovat token",
+	"actions.runners.edit_runner.regenerate_token_help": "Existující token bude okamžitě zneplatněn. Na další stránce obdržíte nový token.",
+	"actions.runners.edit_runner.save_button": "Uložit",
+	"actions.runners.edit_runner.cancel_button": "Zrušit",
+	"actions.runners.runner_setup.title": "Nastavit runner %s",
+	"actions.runners.show_registration_token": "Zobrazit registrační token",
+	"actions.runners.runner_details.page_title": "Runner %s",
+	"actions.runners.runner_details.labels_note": "Štítky runnerů jsou definovány v konfiguračním souboru runneru Forgejo nebo předány jako možnosti v příkazovém řádku. Jsou aktualizovány vždy, když runner Forgejo naváže spojení s Forgejo.",
+	"actions.runners.runner_setup.page_title": "Nastavit runner %s",
+	"actions.runners.runner_setup.list_of_runners_link": "Seznam runnerů",
+	"actions.runners.runner_setup.last_chance_copying_token": "Nyní si zkopírujte token – už jej znovu neuvidíte!",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Kopírovat UUID runneru",
+	"actions.runners.runner_setup.button_copy_token_aria": "Kopírovat token runneru",
+	"actions.runners.runner_setup.heading_using_configuration": "Používám konfigurační soubor runneru",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Část k vložení do konfigurace runneru",
+	"actions.runners.runner_setup.program_options_snippet_aria": "Jak spustit forgejo-runner",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Nahraďte název spojení (<code>forgejo</code> v příkladu) vlastní hodnotou.",
+	"actions.runners.runner_setup.heading_using_options": "Používám možnosti programu",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Pro nastavení runneru Forgejo běžícího v kontejnerech nebo pokročilých konfiguracích si přečtěte <a href=\"https://TO-BE-REPLACED.COM\">dokumentaci</a>.",
+	"actions.runners.reset_registration_token.token": "Registrační token (zastaralý)",
+	"form.RunnerName": "Název",
+	"actions.runners.task_list_repo": "Nedávné úlohy tohoto repozitáře na tomto runneru",
+	"actions.runners.task_list_org": "Nedávné úlohy na tomto runneru v této organizaci",
+	"actions.runners.task_list_admin": "Nedávné úlohy na tomto runneru",
+	"actions.runners.task_list_user": "Nedávné úlohy tohoto uživatele na tomto runneru",
+	"settings.new_access_token": "Nový přístupový token",
+	"graphs.recent_commits.title": "Počet revizí v posledním roce",
+	"graphs.code_frequency.title": "Frekvence kódu v historii {0}",
+	"actions.secrets.edit_button": "Upravit tajný klíč „%s“",
+	"actions.secrets.mutation.header": "Upravit tajný klíč „%s“",
+	"actions.secrets.mutation.success_message": "Tajný klíč „%s“ byl upraven.",
+	"actions.secrets.mutation.failure_message": "Tajný klíč „%s“ se nepodařilo upravit.",
+	"actions.secrets.mutation.name_description": "Název tajného klíče může obsahovat pouze písmena, číslice a podtržítka. Nemůže začínat textem FORGEJO_, GITEA_, GITHUB_ nebo číslem. Forgejo jej automaticky převede na velká písmena.",
+	"actions.secrets.mutation.value_description": "Existující hodnota nebude zobrazena. Ponechte pole prázdné, pokud jej nechcete upravit. Zvláštní znaky zůstanou zachovány. CRLF (zakončení řádků ve stylu Windows) budou automaticky převedeny na LF. Pokud chcete zachovat zakončení řádků, zakódujte hodnotu pomocí Base64."
 }
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index f6845d4853..949283dc56 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -17,37 +17,28 @@
 	"actions.runners.status.idle": "Tomgang",
 	"actions.runners.status.active": "Aktiv",
 	"actions.runners.status.offline": "Offline",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Navn",
 	"actions.runners.owner_type": "Type",
 	"actions.runners.description": "Beskrivelse",
 	"actions.runners.labels": "Etiketter",
 	"actions.runners.last_online": "Sidste online tid",
-	"actions.runners.runner_title": "Runner",
-	"actions.runners.task_list": "Seneste opgaver på denne løber",
+	"actions.runners.runner_title": "Runner %s",
 	"actions.runners.task_list.no_tasks": "Der er ingen opgave endnu.",
 	"actions.runners.task_list.run": "Kør",
 	"actions.runners.task_list.status": "Status",
 	"actions.runners.task_list.repository": "Depot",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Udført kl",
-	"actions.runners.edit_runner": "Rediger Runner",
-	"actions.runners.update_runner.button": "Opdater ændringer",
 	"actions.runners.update_runner.success": "Runner blev opdateret",
 	"actions.runners.update_runner.failed": "Løberen kunne ikke opdateres",
-	"actions.runners.delete_runner.button": "Slet denne runner",
 	"actions.runners.delete_runner.success": "Runner blev slettet",
 	"actions.runners.delete_runner.failed": "Runner kunne ikke slettes",
 	"actions.runners.delete_runner.header": "Bekræft for at slette denne runner",
 	"actions.runners.delete_runner.notice": "Hvis en opgave kører på denne runner, vil den blive afsluttet og markeret som mislykket. Det kan bryde bygningens arbejdsgang.",
 	"actions.runners.none": "Ingen runners tilgængelige",
-	"actions.runners.version": "Version",
 	"actions.runners.reset_registration_token.button": "Nulstil registreringstoken",
 	"actions.runners.reset_registration_token.success": "Runner registreringstoken blev nulstillet",
 	"actions.runs.all_workflows": "Alle arbejdsgange",
-	"actions.runs.commit": "Commit",
-	"actions.runs.scheduled": "Planlagt",
-	"actions.runs.pushed_by": "pushed af",
 	"actions.runs.workflow": "Arbejdsgang",
 	"actions.runs.invalid_workflow_helper": "Workflow-konfigurationsfilen er ugyldig. Tjek venligst din konfigurationsfil: %s",
 	"actions.runs.no_matching_online_runner.helper": "Ingen matchende online-runner med etiket: %s",
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 0f93d35113..15137fd5e8 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -338,9 +338,6 @@
 	"actions.runs.viewing_out_of_date_run": "Sie sehen einen veralteten Run dieses Jobs, der %[1]s ausgeführt wurde.",
 	"actions.runs.run_attempt_label": "Run-Versuch #%[1]s (%[2]s)",
 	"actions.runs.all_workflows": "Alle Workflows",
-	"actions.runs.commit": "Commit",
-	"actions.runs.scheduled": "Geplant",
-	"actions.runs.pushed_by": "gepusht von",
 	"actions.runs.workflow": "Workflow",
 	"actions.runs.invalid_workflow_helper": "Die Workflow-Konfigurationsdatei ist ungültig. Bitte überprüfe deine Konfigurationsdatei: %s",
 	"actions.runs.no_matching_online_runner.helper": "Es existiert kein passender Online-Runner mit dem Label: %s",
@@ -362,31 +359,25 @@
 	"actions.runners.status.idle": "Inaktiv",
 	"actions.runners.status.active": "Aktiv",
 	"actions.runners.status.offline": "Offline",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Name",
 	"actions.runners.owner_type": "Typ",
 	"actions.runners.description": "Beschreibung",
 	"actions.runners.labels": "Labels",
 	"actions.runners.last_online": "Letzte Online-Zeit",
-	"actions.runners.runner_title": "Runner",
-	"actions.runners.task_list": "Letzte Aufgaben dieses Runners",
+	"actions.runners.runner_title": "Runner %s",
 	"actions.runners.task_list.no_tasks": "Es gibt noch keine Aufgaben.",
 	"actions.runners.task_list.run": "Ausführen",
 	"actions.runners.task_list.status": "Status",
 	"actions.runners.task_list.repository": "Repository",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Fertig um",
-	"actions.runners.edit_runner": "Runner bearbeiten",
-	"actions.runners.update_runner.button": "Änderungen speichern",
 	"actions.runners.update_runner.success": "Runner erfolgreich aktualisiert",
 	"actions.runners.update_runner.failed": "Der Runner konnte nicht aktualisiert werden",
-	"actions.runners.delete_runner.button": "Diesen Runner löschen",
 	"actions.runners.delete_runner.success": "Runner erfolgreich gelöscht",
 	"actions.runners.delete_runner.failed": "Der Runner konnte nicht gelöscht werden",
 	"actions.runners.delete_runner.header": "Bestätigen, um diesen Runner zu löschen",
 	"actions.runners.delete_runner.notice": "Wenn eine Aufgabe auf diesem Runner ausgeführt wird, wird sie beendet und als fehlgeschlagen markiert. Dies könnte Workflows zerstören.",
 	"actions.runners.none": "Keine Runner verfügbar",
-	"actions.runners.version": "Version",
 	"actions.runners.reset_registration_token.button": "Registrierungs-Token zurücksetzen",
 	"actions.runners.reset_registration_token.success": "Runner-Registrierungstoken erfolgreich zurückgesetzt",
 	"migrate.form.error.url_credentials": "Die URL enthält Anmeldedaten; diese sollten in das jeweilige Benutzername- und Passwortfeld eingetragen werden",
@@ -508,5 +499,66 @@
 	"packages.common.registry": "Diese Registry von der Befehlszeile aus einrichten:",
 	"packages.common.repository": "Repository-Infos",
 	"actions.runs.all_runs_link": "alle Durchläufe",
-	"repo.issues.filter_sort.hint_with_placeholder": "Sortieren nach: %"
+	"repo.issues.filter_sort.hint_with_placeholder": "Sortieren nach: %",
+	"repo.pulls.auto_merge.no_permission": "Du hast nicht die Erlaubnis, die automatische Zusammenführung dieses Pull-Requests abzubrechen.",
+	"access_token.error.specified_repos_none": "Zugangstokens mit den festgelegten Repositorys müssen mindestens ein Repository haben.",
+	"access_token.error.specified_repos_and_public_only": "Zugangstokens mit den festgelegten Repositorys können nicht mit dem Scope „Nur öffentlich“ kombiniert werden.",
+	"access_token.error.specified_repos_and_invalid_scope": "Zugangstokens mit den festgelegten Repositorys können nur mit den Scopes read:issue, write:issue, read:repository und write:repository benutzt werden.",
+	"settings.specific_repo_access": "Repositoryzugang",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Token",
+	"actions.runners.ephemeral": "Vorrübergehend",
+	"actions.runners.list_runners.details_column": "Details",
+	"actions.runners.list_runners.edit_column": "Bearbeiten",
+	"actions.runners.list_runners.delete_column": "Löschen",
+	"actions.runners.list_runners.details_button": "Details",
+	"actions.runners.list_runners.details_button_aria": "Details für %s anzeigen",
+	"actions.runners.list_runners.delete_button": "Löschen",
+	"actions.runners.list_runners.delete_button_aria": "%s löschen",
+	"actions.runners.list_runners.edit_button": "Bearbeiten",
+	"actions.runners.list_runners.edit_button_aria": "%s bearbeiten",
+	"actions.runners.ephemeral.yes": "ja",
+	"actions.runners.ephemeral.no": "nein",
+	"actions.runners.edit_runner_button": "Runner bearbeiten",
+	"actions.runners.create_runner.page_title": "Neuen Runner erstellen",
+	"actions.runners.create_runner.title": "Neuen Runner erstellen",
+	"actions.runners.create_runner.properties_fieldset": "Eigenschaften",
+	"actions.runners.create_runner.name_label": "Name",
+	"actions.runners.create_runner.description_label": "Beschreibung",
+	"actions.runners.create_runner.create_button": "Erstellen",
+	"actions.runners.create_runner.cancel_button": "Abbrechen",
+	"actions.runners.edit_runner.page_title": "Runner %s bearbeiten",
+	"actions.runners.edit_runner.title": "Runner %s bearbeiten",
+	"actions.runners.edit_runner.properties_fieldset": "Eigenschaften",
+	"actions.runners.edit_runner.properties_options": "Optionen",
+	"actions.runners.edit_runner.name_label": "Name",
+	"actions.runners.edit_runner.description_label": "Beschreibung",
+	"actions.runners.edit_runner.regenerate_token_label": "Token neu erzeugen",
+	"actions.runners.edit_runner.regenerate_token_help": "Das existierende Token wird sofort für ungültig erklärt. Du wirst ein neues Token auf der nächsten Seite erhalten.",
+	"actions.runners.edit_runner.save_button": "Speichern",
+	"actions.runners.edit_runner.cancel_button": "Abbrechen",
+	"actions.runners.runner_setup.title": "Runner %s einstellen",
+	"actions.runners.show_registration_token": "Registrierungstoken anzeigen",
+	"actions.runners.runner_details.page_title": "Runner %s",
+	"actions.runners.runner_details.labels_note": "Die Labels des Runners werden in der Konfigurationsdatei von Forgejo Runner definiert oder als Kommandozeilenoption übergeben. Sie werden jedes Mal, wenn Forgejo Runner eine Verbindung zu Forgejo aufbaut, aktualisiert.",
+	"actions.runners.runner_setup.page_title": "Runner %s einstellen",
+	"actions.runners.runner_setup.list_of_runners_link": "Liste der Runner",
+	"actions.runners.runner_setup.last_chance_copying_token": "Kopiere das Token jetzt, da du es nicht erneut sehen kannst!",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Runner-UUID kopieren",
+	"actions.runners.runner_setup.button_copy_token_aria": "Runner-Token kopieren",
+	"actions.runners.runner_setup.heading_using_configuration": "Unter Benutzung der Runner-Konfigurationsdatei",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Schnipsel zum Einfügen in die Runner-Konfiguration",
+	"actions.runners.runner_setup.program_options_snippet_aria": "Wie man forgejo-runner aufruft",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Ersetze den Verbindungsnamen (<code>forgejo</code> im Beispiel) mit einem Wert deiner Wahl.",
+	"actions.runners.runner_setup.heading_using_options": "Unter Benutzung der Programmoptionen",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Um Forgejo Runner so zu konfigurieren, dass er in Containern oder mit einer fortgeschrittenen Konfigurationen läuft, siehe die <a href=\"https://TO-BE-REPLACED.COM\">Dokumentation</a>.",
+	"actions.runners.reset_registration_token.token": "Registrierungs-Token (missbilligt)",
+	"form.RunnerName": "Name",
+	"actions.runners.task_list_repo": "Neuliche Aufgaben dieses Repositorys auf diesem Runner",
+	"actions.runners.task_list_org": "Neuliche Aufgaben dieses Runners innerhalb dieser Organisation",
+	"actions.runners.task_list_admin": "Neuliche Aufgaben auf diesem Runner",
+	"actions.runners.task_list_user": "Neuliche Aufgaben dieses Benutzers auf diesem Runner",
+	"settings.new_access_token": "Neuer Zugangstoken",
+	"graphs.recent_commits.title": "Anzahl der Commits im letzten Jahr",
+	"graphs.code_frequency.title": "Code-Frequenz über die Geschichte von {0}"
 }
diff --git a/options/locale_next/locale_el-GR.json b/options/locale_next/locale_el-GR.json
index d1c069af67..b83629006d 100644
--- a/options/locale_next/locale_el-GR.json
+++ b/options/locale_next/locale_el-GR.json
@@ -19,9 +19,9 @@
 	"notification.mark_all_as_read": "Σήμανση όλων ως αναγνωσμένες",
 	"notification.subscriptions": "Συνδρομές",
 	"notification.watching": "Παρακολούθηση",
-	"notification.no_subscriptions": "Καμία συνδρομή",
+	"notification.no_subscriptions": "Δεν έχετε συνδρομές.",
 	"dropzone.default_message": "Σύρετε αρχεία ή κάντε κλικ εδώ για να τα ανεβάσετε.",
-	"dropzone.invalid_input_type": "Δεν μπορείτε να ανεβάσετε αρχεία αυτού του τύπου.",
+	"dropzone.invalid_input_type": "Δεν μπορούν να ανέβουν αρχεία αυτού του τύπου.",
 	"dropzone.file_too_big": "Το μέγεθος αρχείου ({{filesize}} MB) υπερβαίνει το μέγιστο μέγεθος ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Αφαίρεση αρχείου",
 	"munits.data.b": "B",
@@ -75,13 +75,13 @@
 	"packages.arch.version.properties": "Πληροφορίες έκδοσης",
 	"packages.arch.version.description": "Περιγραφή",
 	"packages.arch.version.provides": "Προσφέρει",
-	"packages.arch.version.groups": "Γκρουπ",
-	"packages.arch.version.optdepends": "Εξαρτάται προαιρετικά από",
+	"packages.arch.version.groups": "Ομάδα",
+	"packages.arch.version.optdepends": "Προαιρετικές εξαρτήσεις",
 	"packages.arch.version.makedepends": "Εξαρτήσεις make",
 	"packages.arch.version.checkdepends": "Εξαρτήσεις ελέγχου",
 	"packages.arch.version.conflicts": "Συγκρούεται με",
-	"packages.arch.version.replaces": "Αντικαταστά",
-	"packages.arch.version.backup": "Αντίγραφο",
+	"packages.arch.version.replaces": "Αντικαθιστά",
+	"packages.arch.version.backup": "Αντίγραφο ασφαλείας",
 	"packages.cargo.registry": "Ρυθμίστε αυτό το μητρώο στις ρυθμίσεις του Cargo (για παράδειγμα <code>~/.cargo/config.toml</code>):",
 	"packages.cargo.install": "Για να εγκαταστήσετε το πακέτο χρησιμοποιώντας το Cargo, εκτελέστε την ακόλουθη εντολή:",
 	"packages.chef.registry": "Ρυθμίστε αυτό το μητρώο στο αρχείο <code>~/.chef/config.rb</code>:",
@@ -195,12 +195,12 @@
 		"other": "%s λήψεις"
 	},
 	"repo.pulls.merged_title_desc": {
-		"one": "συγχώνευθηκε %[1]d υποβολή από τον κλάδο <code>%[2]s</code> στον κλάδο <code>%[3]s</code> %[4]s",
-		"other": "συγχώνευσε %[1]d υποβολές από <code>%[2]s</code> σε <code>%[3]s</code> %[4]s"
+		"one": "συγχώνευσε %[1]d υποβολή από <code>%[2]s</code> στο <code>%[3]s</code> %[4]s",
+		"other": "συγχώνευσε %[1]d υποβολές από <code>%[2]s</code> στο <code>%[3]s</code> %[4]s"
 	},
 	"repo.pulls.title_desc": {
-		"one": ": θα ήθελε να συγχωνεύσει %[1]d υποβολή από τον κλάδο <code>%[2]s</code> στον κλάδο <code id=\"%[4]s\">%[3]s</code>",
-		"other": "θέλει να συγχωνεύσει %[1]d υποβολές από <code>%[2]s</code> σε <code id=\"%[4]s\">%[3]s</code>"
+		"one": "θέλει να συγχωνεύσει %[1]d υποβολή από <code>%[2]s</code> στο <code id=\"%[4]s\">%[3]s</code>",
+		"other": "θέλει να συγχωνεύσει %[1]d υποβολές από <code>%[2]s</code> στο <code id=\"%[4]s\">%[3]s</code>"
 	},
 	"search.milestone_kind": "Αναζήτηση ορόσημων…",
 	"home.welcome.no_activity": "Καμιά δραστηριότητα",
@@ -339,13 +339,10 @@
 	"actions.runs.viewing_out_of_date_run": "Εμφανίζεται μια παρωχημένη εκτέλεση αυτής της εργασίας που έτρεξε %[1]s.",
 	"actions.runs.view_most_recent_run": "Εμφάνιση της πιο πρόσφατης εκτέλεσης",
 	"actions.runs.all_workflows": "Όλες οι ροές εργασίας",
-	"actions.runs.commit": "Υποβολή",
-	"actions.runs.scheduled": "Προγραμματισμένα",
-	"actions.runs.pushed_by": "ωθήθηκε από",
 	"actions.runs.workflow": "Ροή εργασίας",
 	"actions.runs.invalid_workflow_helper": "Το αρχείο ροής εργασίας δεν είναι έγκυρο. Ελέγξτε το αρχείο σας: %s",
 	"actions.runs.no_matching_online_runner.helper": "Κανένας δικτυακός δρομέας με ετικέτα: %s",
-	"actions.runs.no_job_without_needs": "Η ροή εργασίας πρέπει να περιέχει τουλάχιστον ένα έργο που δεν εξαρτάται από κάποιο άλλο έργο.",
+	"actions.runs.no_job_without_needs": "Η ροή εργασίας πρέπει να περιέχει τουλάχιστον ένα έργο χωρίς εξαρτήσεις.",
 	"actions.runs.no_job": "Η ροή εργασιών πρέπει να περιέχει τουλάχιστον μία εργασία (job)",
 	"actions.runs.actor": "Φορέας",
 	"actions.runs.status": "Κατάσταση",
@@ -371,31 +368,25 @@
 	"actions.runners.status.idle": "Αδρανής",
 	"actions.runners.status.active": "Ενεργό",
 	"actions.runners.status.offline": "Χωρίς Σύνδεση",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Όνομα",
 	"actions.runners.owner_type": "Τύπος",
 	"actions.runners.description": "Περιγραφή",
 	"actions.runners.labels": "Ετικέτες",
 	"actions.runners.last_online": "Τελευταία ώρα σύνδεσης",
-	"actions.runners.runner_title": "Εκτελεστής",
-	"actions.runners.task_list": "Πρόσφατες εργασίες στον εκτελεστή",
-	"actions.runners.task_list.no_tasks": "Δεν υπάρχει καμία εργασία ακόμα.",
+	"actions.runners.runner_title": "Εκτελεστής %s",
+	"actions.runners.task_list.no_tasks": "Δεν υπάρχουν εργασίες ακόμη.",
 	"actions.runners.task_list.run": "Εκτέλεση",
 	"actions.runners.task_list.status": "Κατάσταση",
 	"actions.runners.task_list.repository": "Αποθετήριο",
 	"actions.runners.task_list.commit": "Υποβολή",
 	"actions.runners.task_list.done_at": "Έτοιμο στις",
-	"actions.runners.edit_runner": "Επεξεργασία Εκτελεστή",
-	"actions.runners.update_runner.button": "Ενημέρωση αλλαγών",
-	"actions.runners.update_runner.success": "Ο εκτελεστής ενημερώθηκε επιτυχώς",
-	"actions.runners.update_runner.failed": "Αποτυχία ενημέρωσης εκτελεστή",
-	"actions.runners.delete_runner.button": "Διαγραφή του εκτελεστή",
+	"actions.runners.update_runner.success": "Ο εκτελεστής επεξεργάστηκε επιτυχώς",
+	"actions.runners.update_runner.failed": "Αποτυχία επεξεργασίας εκτελεστή",
 	"actions.runners.delete_runner.success": "Ο εκτελεστής διαγράφηκε επιτυχώς",
 	"actions.runners.delete_runner.failed": "Αποτυχία διαγραφής εκτελεστή",
 	"actions.runners.delete_runner.header": "Επιβεβαιώστε για τη διαγραφή του εκτελεστή",
 	"actions.runners.delete_runner.notice": "Αν μια εργασία εκτελείται σε αυτόν τον εκτελεστή, θα τερματιστεί και θα επισημανθεί ως αποτυχημένη. Μπορεί να χαλάσει τη ροή εργασίας του χτισίματος.",
 	"actions.runners.none": "Δεν υπάρχουν διαθέσιμοι εκτελεστές",
-	"actions.runners.version": "Έκδοση",
 	"actions.runners.reset_registration_token.button": "Επαναφορά διακριτικού εγγραφής",
 	"actions.runners.reset_registration_token.success": "Επιτυχής επανέκδοση διακριτικού εγγραφής του εκτελεστή",
 	"pulse.n_active_issues": {
@@ -416,7 +407,7 @@
 	"repo.issues.filter_modified.hint": "Φίλτρο με βάση την τελευταία τροποποίηση",
 	"repo.pulls.poster_manage_approval": "Διαχείριση έγκρισης",
 	"repo.issues.filter_reviewers.hint": "Φίλτρο με βάση το χρήστη που αναθεώρησε",
-	"repo.pulls.poster_requires_approval": "Κάποιες ροές εργασίας <a href=\"%[1]s\">περιμένουν για αναθεώρηση.</a>",
+	"repo.pulls.poster_requires_approval": "Κάποιες ροές εργασίας <a href=\"%[1]s\">περιμένουν για αναθεώρηση</a>.",
 	"issues.updated": "ενημερώθηκε %s",
 	"repo.pulls.poster_trust_revoke": "Ανάκληση",
 	"repo.pulls.poster_trust_deny": "Απόρριψη",
@@ -453,5 +444,59 @@
 	"repo.issues.filter_sort.hint_with_placeholder": "Ταξινόμηση κατά: %s",
 	"issues.filters.labels.exclude": "Εξαίρεση ετικέτας",
 	"issues.filters.labels.unexclude": "Καθαρισμός εξαίρεσης",
-	"migrate.pagure.token.placeholder": "Μόνο για δημιουργία ιδιωτικού αρχείου ζητημάτων"
+	"migrate.pagure.token.placeholder": "Μόνο για δημιουργία ιδιωτικού αρχείου ζητημάτων",
+	"packages.common.install": "Για να εγκαταστήσετε το πακέτο, εκτελέστε την ακόλουθη εντολή:",
+	"packages.common.registry": "Ρυθμίστε αυτό το μητρώο από την γραμμή εντολών:",
+	"packages.common.repository": "Πληροφορίες αποθετηρίου",
+	"moderation.report.mark_as_ignored": "Σήμανση ως αγνοήθηκε",
+	"moderation.report.mark_as_handled": "Σήμανση ως αντιμετωπίστηκε",
+	"mail.issue.action.close_by_commit": "Ο/Η %[1]s έκλεισε το %[2]s στην υποβολή %[3]s.",
+	"actions.runs.all_runs_link": "όλες οι εκτελέσεις",
+	"actions.workflow.event_detection_error": "Αδυναμία ανάλυσης των υποστηριζόμενων συμβάντων στη ροή εργασίας: %v",
+	"pulls.manual_merge.helper": "Βοηθός χειροκίνητης συγχώνευσης",
+	"pulls.manual_merge.helpder.description": "Να χρησιμοποιείται αυτό το μήνυμα υποβολής συγχώνευσης όταν ολοκληρώνεται η συγχώνευση χειροκίνητα.",
+	"pulls.manual_merge.commit.title": "Τίτλος υποβολής συγχώνευσης",
+	"pulls.manual_merge.commit.body": "Σώμα υποβολής συγχώνευσης",
+	"pulls.manual_merge.copy.button": "Αντιγραφή μηνύματος υποβολής συγχώνευσης",
+	"actions.status.diagnostics.waiting": {
+		"one": "Αναμονή για έναν εκτελεστή με την ακόλουθη ετικέτα: %s",
+		"other": "Αναμονή για έναν εκτελεστή με τις ακόλουθες ετικέτες: %s"
+	},
+	"repo.pulls.poster_trust_deny.tooltip": "Οι ροές εργασίας που αναμένουν έγκριση θα ακυρωθούν.",
+	"actions.runners.runner_details.page_title": "Εκτελεστής %s",
+	"actions.runners.edit_runner.name_label": "Όνομα",
+	"actions.runners.edit_runner.description_label": "Περιγραφή",
+	"actions.runners.create_runner.description_label": "Περιγραφή",
+	"actions.runners.ephemeral.yes": "ναι",
+	"actions.runners.ephemeral.no": "όχι",
+	"actions.runners.list_runners.details_column": "Λεπτομέρειες",
+	"actions.runners.list_runners.edit_column": "Επεξεργασία",
+	"actions.runners.list_runners.delete_column": "Διαγραφή",
+	"actions.runners.list_runners.delete_button": "Διαγραφή",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.list_runners.details_button": "Λεπτομέρειες",
+	"actions.runners.list_runners.details_button_aria": "Εμφάνιση λεπτομερειών για %s",
+	"actions.runners.list_runners.delete_button_aria": "Διαγραφή %s",
+	"actions.runners.list_runners.edit_button": "Επεξεργασία",
+	"actions.runners.list_runners.edit_button_aria": "Επεξεργασία %s",
+	"actions.runners.edit_runner_button": "Επεξεργασία εκτελεστή",
+	"actions.runners.create_runner.page_title": "Δημιουργία νέου εκτελεστή",
+	"actions.runners.create_runner.title": "Δημιουργία νέου εκτελεστή",
+	"actions.runners.create_runner.properties_fieldset": "Ιδιότητες",
+	"actions.runners.edit_runner.properties_fieldset": "Ιδιότητες",
+	"actions.runners.edit_runner.properties_options": "Επιλογές",
+	"actions.runners.create_runner.name_label": "Όνομα",
+	"actions.runners.create_runner.create_button": "Δημιουργία",
+	"actions.runners.create_runner.cancel_button": "Ακύρωση",
+	"actions.runners.edit_runner.page_title": "Επεξεργασία εκτελεστή %s",
+	"actions.runners.edit_runner.title": "Επεξεργασία εκτελεστή %s",
+	"actions.runners.edit_runner.save_button": "Αποθήκευση",
+	"actions.runners.edit_runner.cancel_button": "Ακύρωση",
+	"form.RunnerName": "Όνομα",
+	"actions.runners.runner_setup.list_of_runners_link": "Λίστα εκτελεστών",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Αντιγραφή UUID εκτελεστή",
+	"actions.runners.runner_setup.button_copy_token_aria": "Αντιγραφή διακριτικού εκτελεστή",
+	"actions.runners.show_registration_token": "Εμφάνιση διακριτικού εγγραφής",
+	"actions.runners.token": "Διακριτικό",
+	"settings.specific_repo_access": "Πρόσβαση Αποθετηρίου"
 }
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index c2ebbfdb6e..cae0fc7db3 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -17,37 +17,28 @@
 	"actions.runners.status.idle": "Inactivo",
 	"actions.runners.status.active": "Activo",
 	"actions.runners.status.offline": "Desconectado",
-	"actions.runners.id": "Id.",
 	"actions.runners.name": "Nombre",
 	"actions.runners.owner_type": "Tipo",
 	"actions.runners.description": "Descripción",
 	"actions.runners.labels": "Etiquetas",
 	"actions.runners.last_online": "Última hora en línea",
-	"actions.runners.runner_title": "Nodo",
-	"actions.runners.task_list": "Tareas recientes en este nodo",
+	"actions.runners.runner_title": "Nodo %s",
 	"actions.runners.task_list.no_tasks": "Todavía no hay tarea.",
 	"actions.runners.task_list.run": "Ejecutar",
 	"actions.runners.task_list.status": "Estado",
 	"actions.runners.task_list.repository": "Repositorio",
 	"actions.runners.task_list.commit": "Confirmación",
 	"actions.runners.task_list.done_at": "Hecho en",
-	"actions.runners.edit_runner": "Editar nodo",
-	"actions.runners.update_runner.button": "Actualizar cambios",
 	"actions.runners.update_runner.success": "Nodo actualizado correctamente",
 	"actions.runners.update_runner.failed": "Fallo al actualizar el nodo",
-	"actions.runners.delete_runner.button": "Eliminar este nodo",
 	"actions.runners.delete_runner.success": "Nodo eliminado con éxito",
 	"actions.runners.delete_runner.failed": "Fallo al eliminar el nodo",
 	"actions.runners.delete_runner.header": "Confirma para eliminar el nodo",
 	"actions.runners.delete_runner.notice": "Si una tarea se está ejecutando en este nodo, se terminará y marcará como fallida. Puede romper el flujo de trabajo en curso.",
 	"actions.runners.none": "No hay nodos disponibles",
-	"actions.runners.version": "Versión",
 	"actions.runners.reset_registration_token.button": "Restablecer token de registro",
 	"actions.runners.reset_registration_token.success": "Se ha restablecido correctamente el token de registro del nodo",
 	"actions.runs.all_workflows": "Todos los flujos de trabajo",
-	"actions.runs.commit": "Commit",
-	"actions.runs.scheduled": "Programado",
-	"actions.runs.pushed_by": "push enviado por",
 	"actions.runs.workflow": "Flujo de trabajo",
 	"actions.runs.invalid_workflow_helper": "El archivo de configuración del trabajo no es válido. Revisa tu archivo de configuración: %s",
 	"actions.runs.actor": "Actor",
diff --git a/options/locale_next/locale_fa-IR.json b/options/locale_next/locale_fa-IR.json
index 6f1e2c8794..72dec1fc85 100644
--- a/options/locale_next/locale_fa-IR.json
+++ b/options/locale_next/locale_fa-IR.json
@@ -6,7 +6,6 @@
 	"actions.runners.task_list.repository": "مخزن",
 	"actions.runners.task_list.commit": "کامیت",
 	"actions.runners.status.active": "فعال",
-	"actions.runs.commit": "کامیت",
 	"gpg.default_key": "ثبت شده با کلید پیش فرض",
 	"gpg.error.extract_sign": "خطا در استخراج امضا",
 	"gpg.error.generate_hash": "خطا در ساختن هش کامیت",
diff --git a/options/locale_next/locale_fi-FI.json b/options/locale_next/locale_fi-FI.json
index 767e871db7..e2862e49a2 100644
--- a/options/locale_next/locale_fi-FI.json
+++ b/options/locale_next/locale_fi-FI.json
@@ -297,9 +297,6 @@
 	"repo.commit.load_tags_failed": "Tagien lataaminen epäonnistui sisäisen virheen vuoksi",
 	"actions.runs.run_attempt_label": "Suoritusyritys #%[1]s (%[2]s)",
 	"actions.runs.all_workflows": "Kaikki työnkulut",
-	"actions.runs.commit": "Kommitti",
-	"actions.runs.scheduled": "Ajastettu",
-	"actions.runs.pushed_by": "työntänyt",
 	"actions.runs.workflow": "Työnkulku",
 	"actions.runs.invalid_workflow_helper": "Työnkulun asetustiedosto on virheellinen. Tarkista asetustiedosto: %s",
 	"actions.runs.no_matching_online_runner.helper": "Testiajajaa nimilapulla %s ei löytynyt",
@@ -329,31 +326,25 @@
 	"actions.runners.status.idle": "Jouten",
 	"actions.runners.status.active": "Aktiivinen",
 	"actions.runners.status.offline": "Ei-verkkotilassa",
-	"actions.runners.id": "Tunniste",
 	"actions.runners.name": "Nimi",
 	"actions.runners.owner_type": "Tyyppi",
 	"actions.runners.description": "Kuvaus",
 	"actions.runners.labels": "Nimilaput",
 	"actions.runners.last_online": "Viimeisin käynnissäoloajankohta",
-	"actions.runners.runner_title": "Testinajaja",
-	"actions.runners.task_list": "Ajajan viimeisimmät tehtävät",
+	"actions.runners.runner_title": "Testinajaja %s",
 	"actions.runners.task_list.no_tasks": "Tehtäviä ei ole vielä määritelty.",
 	"actions.runners.task_list.run": "Suorita",
 	"actions.runners.task_list.status": "Tila",
 	"actions.runners.task_list.repository": "Tietovarasto",
 	"actions.runners.task_list.commit": "Kommitti",
 	"actions.runners.task_list.done_at": "Valmistunut ajankohtana",
-	"actions.runners.edit_runner": "Muokkaa testinajajaa",
-	"actions.runners.update_runner.button": "Päivitä muutokset",
 	"actions.runners.update_runner.success": "Testinajaja päivitetty onnistuneesti",
 	"actions.runners.update_runner.failed": "Testinajajan päivitys epäonnistui",
-	"actions.runners.delete_runner.button": "Poista testinajaja",
 	"actions.runners.delete_runner.success": "Testinajaja poistettu onnistuneesti",
 	"actions.runners.delete_runner.failed": "Testinajajan poisto epäonnistui",
 	"actions.runners.delete_runner.header": "Varmista testinajajan poisto",
 	"actions.runners.delete_runner.notice": "Jos tehtävä on käynnissä tällä testinajajalla, se lopetetaan ja merkitään epäonnistuneeksi. Se voi rikkoa koonnin työnkulun.",
 	"actions.runners.none": "Testinajajia ei saatavilla",
-	"actions.runners.version": "Versio",
 	"actions.runners.reset_registration_token.button": "Uudelleenaseta rekisteröintipoletti",
 	"actions.runners.reset_registration_token.success": "Testiajajan rekisteröintipoletti asetettu uudelleen onnistuneesti",
 	"migrate.pagure.description": "Tee migraatio pagure.io:sta tai muista Pagure-instansseista.",
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 7e45c98e7c..8f9949cd30 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -339,9 +339,6 @@
 	"actions.runs.view_most_recent_run": "Tignan ang pinakabagong pagtakbo",
 	"actions.runs.run_attempt_label": "Tangka sa pagtakbo #%[1]s (%[2]s)",
 	"actions.runs.all_workflows": "Lahat ng mga workflow",
-	"actions.runs.commit": "Commit",
-	"actions.runs.scheduled": "Naka-iskedyul",
-	"actions.runs.pushed_by": "itinulak ni/ng",
 	"actions.runs.workflow": "Workflow",
 	"actions.runs.invalid_workflow_helper": "Hindi wasto ang workflow config file. Pakisuri ang iyong config file: %s",
 	"actions.runs.no_matching_online_runner.helper": "Walang tumutugmang online runner na may label: %s",
@@ -363,31 +360,25 @@
 	"actions.runners.status.idle": "Idle",
 	"actions.runners.status.active": "Aktibo",
 	"actions.runners.status.offline": "Offline",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Pangalan",
 	"actions.runners.owner_type": "Uri",
 	"actions.runners.description": "Paglalarawan",
 	"actions.runners.labels": "Mga label",
 	"actions.runners.last_online": "Huling oras na online",
-	"actions.runners.runner_title": "Runner",
-	"actions.runners.task_list": "Mga kamakailang trabaho sa runner na ito",
+	"actions.runners.runner_title": "Runner %s",
 	"actions.runners.task_list.no_tasks": "Wala pang mga trabaho sa ngayon.",
 	"actions.runners.task_list.run": "Patakbuhin",
 	"actions.runners.task_list.status": "Status",
 	"actions.runners.task_list.repository": "Repositoryo",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Natapos sa",
-	"actions.runners.edit_runner": "I-edit ang runner",
-	"actions.runners.update_runner.button": "I-save ang mga pagbabago",
 	"actions.runners.update_runner.success": "Matagumpay na na-edit ang runner",
 	"actions.runners.update_runner.failed": "Nabigong i-edit ang runner",
-	"actions.runners.delete_runner.button": "Burahin ang runner na ito",
 	"actions.runners.delete_runner.success": "Matagumpay na nabura ang runner",
 	"actions.runners.delete_runner.failed": "Nabigong burahin ang runner",
 	"actions.runners.delete_runner.header": "Kumpirmahin na burahin ang runner",
 	"actions.runners.delete_runner.notice": "Kapag may trabaho na tumatakbo sa runner na ito, titigilan ito at mamarkahan bilang nabigo. Maaaring sirain ang building workflow.",
 	"actions.runners.none": "Walang mga available na runner",
-	"actions.runners.version": "Bersyon",
 	"actions.runners.reset_registration_token.button": "I-reset ang token ng pagrehistro",
 	"actions.runners.reset_registration_token.success": "Matagumpay na na-reset ang token ng pagrehistro ng runner",
 	"pulse.n_active_issues": {
@@ -508,5 +499,6 @@
 	"packages.common.install": "Para i-install ang package, patakbuhin ang sumusunod na command:",
 	"packages.common.registry": "I-setup ang registry na ito mula sa command line:",
 	"packages.common.repository": "Info ng repositoryo",
-	"actions.runs.all_runs_link": "lahat ng mga takbo"
+	"actions.runs.all_runs_link": "lahat ng mga takbo",
+	"repo.pulls.auto_merge.no_permission": "Wala kang pahintulot na kanselahin ang auto merge sa hiling sa paghila."
 }
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index 9cf9a4f5fa..ca3635c641 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -21,7 +21,7 @@
 	"notification.watching": "Suivi",
 	"notification.no_subscriptions": "Pas d'abonnements",
 	"dropzone.default_message": "Déposez les fichiers ou cliquez ici pour téléverser.",
-	"dropzone.invalid_input_type": "Vous ne pouvez pas téléverser des fichiers de ce type.",
+	"dropzone.invalid_input_type": "Les fichiers de ce type ne peuvent pas être téléversés.",
 	"dropzone.file_too_big": "La taille du fichier ({{filesize}} Mo) dépasse la taille maximale ({{maxFilesize}} Mo).",
 	"dropzone.remove_file": "Supprimer le fichier",
 	"munits.data.b": "o",
@@ -32,7 +32,7 @@
 	"munits.data.pib": "Pio",
 	"munits.data.eib": "Eio",
 	"packages.title": "Paquets",
-	"packages.empty": "Il n'y pas de paquet pour le moment.",
+	"packages.empty": "Il n'y a pas de paquets pour le moment.",
 	"packages.empty.documentation": "Pour plus d'informations sur le registre de paquets, voir <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentation</a>.",
 	"packages.empty.repo": "Avez-vous téléchargé un paquet, mais il n'est pas affiché ici ? Allez dans les <a href=\"%[1]s\">paramètres du paquet</a> et liez le à ce dépôt.",
 	"packages.registry.documentation": "Pour plus d’informations sur le registre %s, voir <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">la documentation</a>.",
@@ -245,8 +245,8 @@
 	"alert.asset_load_failed": "Échec du chargement des fichiers d'asset de {path}. Faites en sorte que les fichiers d'asset puissent être accessibles.",
 	"install.invalid_lfs_path": "Impossible de créer le root LFS au chemin spécifié : %[1]s",
 	"alert.range_error": " doit être un nombre entre %[1]s et %[2]s.",
-	"home.welcome.no_activity": "Pas d'activité",
-	"home.welcome.activity_hint": "Il n'y a rien dans votre fil d'actualité. Vos actions et activités de vos dépôts que vous suivez s'afficheront ici.",
+	"home.welcome.no_activity": "Aucune activité",
+	"home.welcome.activity_hint": "Il n'y a rien dans votre fil d'actualité. Les actions et activités sur les dépôts que vous suivez s'afficheront ici.",
 	"home.explore_repos": "Explorer les dépôts",
 	"home.explore_users": "Explorer les utilisateurs",
 	"home.explore_orgs": "Explorer les organisations",
@@ -283,10 +283,10 @@
 	"moderation.report_remarks.placeholder": "Veuillez fournir quelques détails en rapport avec l'abus que vous signalez.",
 	"moderation.submit_report": "Soumettre le signalement",
 	"moderation.reporting_failed": "Impossible de soumettre le nouveau signalement : %v",
-	"followers.incoming.list.self.none": "Personne ne suit votre profile.",
+	"followers.incoming.list.self.none": "Personne ne suit votre profil.",
 	"followers.incoming.list.none": "Personne ne suit cet utilisateur.",
 	"followers.outgoing.list.self.none": "Vous ne suivez personne.",
-	"followers.outgoing.list.none": "%s ne vous suit plus.",
+	"followers.outgoing.list.none": "%s ne suit personne.",
 	"repo.issue_indexer.title": "Indexeur de problèmes",
 	"stars.list.none": "Personne n'a mis en favori ce dépôt.",
 	"watch.list.none": "Personne ne suit ce dépôt.",
@@ -345,9 +345,6 @@
 	"actions.runs.viewing_out_of_date_run": "Vous consultez une exécution obsolète de cette tâche qui a été lancée le %[1]s.",
 	"actions.runs.run_attempt_label": "Tentative d'exécution #%[1]s (%[2]s)",
 	"actions.runs.all_workflows": "Tous les workflows",
-	"actions.runs.commit": "Révision",
-	"actions.runs.scheduled": "Planifié",
-	"actions.runs.pushed_by": "soumis par",
 	"actions.runs.workflow": "Workflow",
 	"actions.runs.invalid_workflow_helper": "La configuration du flux de travail est invalide. Veuillez vérifier votre fichier %s",
 	"actions.runs.no_matching_online_runner.helper": "Aucun exécuteur en ligne correspondant au libellé %s",
@@ -369,31 +366,25 @@
 	"actions.runners.status.idle": "Inactif",
 	"actions.runners.status.active": "Actif",
 	"actions.runners.status.offline": "Hors-ligne",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Nom",
 	"actions.runners.owner_type": "Type",
 	"actions.runners.description": "Description",
 	"actions.runners.labels": "Labels",
 	"actions.runners.last_online": "Dernière fois en ligne",
-	"actions.runners.runner_title": "Exécuteur",
-	"actions.runners.task_list": "Tâches récentes sur cet exécuteur",
+	"actions.runners.runner_title": "Exécuteur %s",
 	"actions.runners.task_list.no_tasks": "Il n'y a pas de tâche ici.",
 	"actions.runners.task_list.run": "Exécuter",
 	"actions.runners.task_list.status": "Statut",
 	"actions.runners.task_list.repository": "Dépôt",
 	"actions.runners.task_list.commit": "Révision",
 	"actions.runners.task_list.done_at": "Fait à",
-	"actions.runners.edit_runner": "Éditer l'Exécuteur",
-	"actions.runners.update_runner.button": "Appliquer les modifications",
-	"actions.runners.update_runner.success": "Exécuteur mis à jour avec succès",
+	"actions.runners.update_runner.success": "Exécuteur édité avec succès",
 	"actions.runners.update_runner.failed": "Impossible d'actualiser l'Exécuteur",
-	"actions.runners.delete_runner.button": "Supprimer cet exécuteur",
 	"actions.runners.delete_runner.success": "Exécuteur supprimé avec succès",
 	"actions.runners.delete_runner.failed": "Impossible de supprimer l'Exécuteur",
 	"actions.runners.delete_runner.header": "Confirmer la suppression de cet exécuteur",
 	"actions.runners.delete_runner.notice": "Si une tâche est en cours sur cet exécuteur, elle sera terminée et marquée comme échouée. Cela risque d’interrompre le flux de travail.",
 	"actions.runners.none": "Aucun exécuteur disponible",
-	"actions.runners.version": "Version",
 	"actions.runners.reset_registration_token.button": "Réinitialiser le jeton d'enregistrement",
 	"actions.runners.reset_registration_token.success": "Le jeton d’inscription de l’exécuteur a été réinitialisé avec succès",
 	"migrate.pagure.description": "Migrer les données depuis pagure.io ou d'autres instances Pagure.",
@@ -499,10 +490,78 @@
 	"pulls.manual_merge.commit.title": "Titre de la fusion de commit",
 	"pulls.manual_merge.commit.body": "Contenue de la fusion de commit",
 	"install.ssh_authorized_keys_inspection_error": "Échec de l'inspection du fichier authorized_keys existant : %v",
-	"install.ssh_authorized_keys_unexpected_key": "Activer SSH pour Forgejo est en conflit avec le fichier situé à %s qui contient les clés SSH existantes. Suggestions : utilisez un utilisateur dédié du système pour Forgejo ou désactivez SSH.",
+	"install.ssh_authorized_keys_unexpected_key": "L'activation de SSH pour Forgejo entre en conflit avec le fichier situé à %s qui contient des clés SSH existantes. Suggestions : utilisez un utilisateur système dédié à Forgejo, ou désactivez SSH.",
 	"admin.dashboard.actions_action_user": "Révoquer les Actions Forgejo autorisé pour les utilisateurs inactifs",
 	"actions.secrets.creation.name_description": "Le nom d'un secret ne peut contenir que des lettres, nombres, ou `_`. Il ne peut pas commencer par FORGEJO_, GITEA_, GITHUB_, ou un nombre. Forgejo le convertira automatiquement en majuscules.",
 	"actions.secrets.creation.value_description": "La valeur d'un secret peut être n'importe quel texte. Les caractères spéciaux sont conservés. Les CRLF (saut de ligne au format Microsoft) sont automatiquement convertis en LF. Encodez la valeur en Base64 si les sauts de ligne doivent être conservés.",
 	"actions.variables.mutation.name_description": "Le nom d'une variable ne peut contenir que des lettres, nombres, ou `_`. Il ne peut pas être nommé CI ou commencer par FORGEJO_, GITEA_, GITHUB_, ou un nombre. Forgejo le convertira automatiquement en majuscules.",
-	"actions.variables.mutation.value_description": "La valeur d'une variable peut être n'importe quel texte. Les caractères spéciaux sont conservés. Les CRLF (saut de ligne au format Microsoft) sont automatiquement convertis en LF. Encodez la valeur en Base64 si les sauts de ligne doivent être conservés."
+	"actions.variables.mutation.value_description": "La valeur d'une variable peut être n'importe quel texte. Les caractères spéciaux sont conservés. Les CRLF (saut de ligne au format Microsoft) sont automatiquement convertis en LF. Encodez la valeur en Base64 si les sauts de ligne doivent être conservés.",
+	"repo.issues.filter_sort.hint_with_placeholder": "Trier par: %s",
+	"packages.common.install": "Pour installer le paquet, exécutez la commande suivante :",
+	"packages.common.registry": "Configurez ce registre à partir de la ligne de commande suivante :",
+	"packages.common.repository": "Informations sur le dépôt",
+	"repo.pulls.poster_requires_approval": "Certains workflows sont <a href=\"%[1]s\">en attente de révision</a>.",
+	"editor.replace_all": "Tout remplacer",
+	"access_token.error.specified_repos_none": "Les jetons d'accès avec des dépôts spécifiés doivent avoir au moins un dépôt.",
+	"editor.toggle_whole_word": "Activer/désactiver la correspondance des mots entiers",
+	"issues.filters.labels.exclude": "Exclure l'étiquette",
+	"issues.filters.labels.unexclude": "Enlever les exclusions",
+	"repo.pulls.auto_merge.no_permission": "Vous n'avez pas la permission d'annuler la fusion automatique de cette pull request.",
+	"settings.specific_repo_access": "Accès au dépôt",
+	"actions.runners.list_runners.details_column": "Détails",
+	"actions.runners.list_runners.edit_column": "Modifier",
+	"actions.runners.list_runners.delete_column": "Supprimer",
+	"actions.runners.list_runners.details_button_aria": "Afficher les détails de %s",
+	"actions.runners.create_runner.properties_fieldset": "Propriétés",
+	"actions.runners.create_runner.create_button": "Créer",
+	"actions.runners.edit_runner.properties_fieldset": "Propriétés",
+	"actions.runners.edit_runner.properties_options": "Options",
+	"actions.runners.edit_runner.description_label": "Description",
+	"actions.runners.edit_runner.regenerate_token_label": "Regénérer le jeton",
+	"actions.runners.show_registration_token": "Afficher le jeton d'enregistrement",
+	"settings.new_access_token": "Nouveau jeton d'accès",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.ephemeral": "Éphémère",
+	"actions.runners.list_runners.details_button": "Détails",
+	"actions.runners.list_runners.delete_button": "Supprimer",
+	"actions.runners.list_runners.delete_button_aria": "Supprimer %s",
+	"actions.runners.list_runners.edit_button": "Modifier",
+	"actions.runners.list_runners.edit_button_aria": "Modifier %s",
+	"actions.runners.ephemeral.yes": "oui",
+	"repo.pulls.poster_requires_approval.tooltip": "L'auteur de cette pull request n'est pas autorisé à exécuter des workflows déclenchés par une pull request créée depuis un dépôt forké ou avec AGit. Les workflows déclenchés par un événement `pull_request` ne s'exécuteront pas tant qu'ils n'auront pas été approuvés.",
+	"actions.runners.task_list_repo": "Tâches récentes de ce dépôt sur cet exécuteur",
+	"actions.runners.task_list_org": "Tâches récentes de cet exécuteur dans cette organisation",
+	"actions.runners.task_list_admin": "Tâches récentes de cet exécuteur",
+	"actions.runners.task_list_user": "Tâches récentes de cet utilisateur sur cet exécuteur",
+	"actions.runners.edit_runner_button": "Éditer l'exécuteur",
+	"actions.runners.create_runner.page_title": "Créer un nouvel exécuteur",
+	"actions.runners.create_runner.title": "Créer un nouvel exécuteur",
+	"actions.runners.create_runner.name_label": "Nom",
+	"actions.runners.create_runner.description_label": "Description",
+	"actions.runners.create_runner.cancel_button": "Annuler",
+	"actions.runners.edit_runner.page_title": "Éditer l'exécuteur %s",
+	"actions.runners.edit_runner.title": "Éditer l'exécuteur %s",
+	"actions.runners.edit_runner.name_label": "Nom",
+	"actions.runners.edit_runner.regenerate_token_help": "Le jeton existant sera immédiatement invalidé. Vous recevrez un nouveau jeton sur la page suivante.",
+	"actions.runners.edit_runner.save_button": "Enregistrer",
+	"actions.runners.edit_runner.cancel_button": "Annuler",
+	"actions.runners.runner_setup.title": "Configuration de l'exécuteur %s",
+	"actions.runners.runner_details.page_title": "Exécuteur %s",
+	"actions.runners.runner_setup.page_title": "Configuration de l'exécuteur %s",
+	"actions.runners.runner_setup.list_of_runners_link": "Liste des exécuteurs",
+	"actions.runners.runner_setup.last_chance_copying_token": "Copiez le jeton maintenant, vous ne pourrez pas le revoir !",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Copier l'UUID de l'exécuteur",
+	"actions.runners.runner_setup.button_copy_token_aria": "Copier le jeton de l'exécuteur",
+	"actions.runners.runner_setup.program_options_snippet_aria": "Comment invoquer forgejo-runner",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Remplacer le nom de connexion (<code>forgejo</code> dans l'exemple) par une valeur de votre choix.",
+	"actions.runners.reset_registration_token.token": "Jeton d'enregistrement (Déprécié)",
+	"actions.runs.all_runs_link": "toutes les exécutions",
+	"actions.secrets.edit_button": "Éditer le secret \"%s\"",
+	"actions.secrets.mutation.header": "Éditer le secret \"%s\"",
+	"actions.secrets.mutation.success_message": "Le secret \"%s\" a été mis à jour.",
+	"actions.secrets.mutation.failure_message": "Le secret \"%s\" n'a pas pu être mis à jour.",
+	"actions.secrets.mutation.name_description": "Le nom d'un secret ne peut contenir que des lettres, des chiffres et des `_`. Il ne peut pas démarrer avec FORGEJO_ , GITEA_ , GITHUB_ , ou un nombre. Forgejo le convertira automatiquement en majuscules.",
+	"form.RunnerName": "Nom",
+	"graphs.recent_commits.title": "Nombre de commits au cours de l'année écoulée",
+	"graphs.code_frequency.title": "Fréquence de code sur l'historique de {0}"
 }
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index dcb262bfdc..4943232f8c 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -14,9 +14,9 @@
 	"notification.mark_all_as_read": "Marcáil gach ceann mar léite",
 	"notification.subscriptions": "Síntiúis",
 	"notification.watching": "Ag féachaint",
-	"notification.no_subscriptions": "Gan síntiúis",
+	"notification.no_subscriptions": "Níl aon síntiúis agat.",
 	"dropzone.default_message": "Scaoil comhaid nó cliceáil anseo chun iad a uaslódáil.",
-	"dropzone.invalid_input_type": "Ní féidir leat comhaid den chineál seo a uaslódáil.",
+	"dropzone.invalid_input_type": "Ní féidir comhaid den chineál seo a uaslódáil.",
 	"dropzone.file_too_big": "Sáraíonn méid comhaid ({{filesize}} MB) an t-uasmhéid de ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Bain an comhad",
 	"packages.title": "Pacáistí",
@@ -253,9 +253,9 @@
 	"repo.issues.filter_modified.hint": "Scag de réir an dáta deiridh a ndearnadh an modhnú air",
 	"issues.updated": "nuashonraithe %s",
 	"repo.pulls.poster_manage_approval": "Bainistigh ceadú",
-	"repo.pulls.poster_requires_approval": "Tá roinnt sreafaí oibre <a href=\"%[1]s\">ag fanacht le hathbhreithniú.</a>",
+	"repo.pulls.poster_requires_approval": "Tá roinnt sreafaí oibre <a href=\"%[1]s\">ag fanacht le hathbhreithniú</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "Níl muinín ag údar an iarratais tarraingthe seo chun sreafaí oibre a rith a spreagtar ag iarratas tarraingthe a cruthaíodh ó stór forcaithe nó le AGit. Ní rithfidh na sreafaí oibre a spreagtar ag imeacht `pull_request` go dtí go gceadófar iad.",
-	"repo.pulls.poster_is_trusted": "Tá <a href=\"%[1]s\">iontaointe i gcónaí as údar an iarratais tarraingthe seo chun sreafaí oibre a rith.</a>",
+	"repo.pulls.poster_is_trusted": "Tá <a href=\"%[1]s\">iontaointe i gcónaí as údar an iarratais tarraingthe seo chun sreafaí oibre a rith</a>.",
 	"repo.pulls.poster_is_trusted.tooltip": "Tá muinín shoiléir as údar an iarratais tarraingthe seo chun sreafaí oibre a rith arna spreagadh ag imeachtaí `pull_request`.",
 	"repo.pulls.poster_trust_deny": "Diúltaigh",
 	"repo.pulls.poster_trust_deny.tooltip": "Cuirfear na sreafaí oibre atá ag fanacht le ceadú ar ceal.",
@@ -411,9 +411,6 @@
 	"actions.runs.viewing_out_of_date_run": "Tá tú ag féachaint ar rith atá as dáta den phost seo a cuireadh i gcrích %[1]s.",
 	"actions.runs.view_most_recent_run": "Féach ar an rith is déanaí",
 	"actions.runs.all_workflows": "Gach Sreafaí Oibre",
-	"actions.runs.commit": "Tiomantas",
-	"actions.runs.scheduled": "Sceidealaithe",
-	"actions.runs.pushed_by": "bhrú ag",
 	"actions.runs.invalid_workflow_helper": "Tá comhad cumraíochta sreabhadh oibre nebhailí. Seiceáil do chomhad cumraithe le do thoil: %s",
 	"actions.runs.no_matching_online_runner.helper": "Gan aon reathaí ar líne a mheaitseáil le lipéad: %s",
 	"actions.runs.no_job_without_needs": "Caithfidh post amháin ar a laghad a bheith sa sreabhadh oibre gan spleáchas.",
@@ -448,31 +445,25 @@
 	"actions.runners.status.idle": "Díomhaoin",
 	"actions.runners.status.active": "Gníomhach",
 	"actions.runners.status.offline": "As líne",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Ainm",
 	"actions.runners.owner_type": "Cineál",
 	"actions.runners.description": "Cur síos",
 	"actions.runners.labels": "Lipéid",
 	"actions.runners.last_online": "Am Ar Líne Deiridh",
-	"actions.runners.runner_title": "Reathaí",
-	"actions.runners.task_list": "Tascanna le déanaí ar an reathaí seo",
-	"actions.runners.task_list.no_tasks": "Níl aon tasc ann fós.",
+	"actions.runners.runner_title": "Reathaí %s",
+	"actions.runners.task_list.no_tasks": "Níl aon tascanna ann fós.",
 	"actions.runners.task_list.run": "Rith",
 	"actions.runners.task_list.status": "Stádas",
 	"actions.runners.task_list.repository": "Stóras",
 	"actions.runners.task_list.commit": "Tiomantas",
 	"actions.runners.task_list.done_at": "Déanta ag",
-	"actions.runners.edit_runner": "Cuir Reathaí in Eagar",
-	"actions.runners.update_runner.button": "Nuashonrú Athruithe",
-	"actions.runners.update_runner.success": "Nuashonraíodh an Reathaí",
-	"actions.runners.update_runner.failed": "Theip ar an reathaí a nuashonrú",
-	"actions.runners.delete_runner.button": "Scrios an reathaí seo",
+	"actions.runners.update_runner.success": "Rithire curtha in eagar go rathúil",
+	"actions.runners.update_runner.failed": "Theip ar an ritheoir a chur in eagar",
 	"actions.runners.delete_runner.success": "Scriosadh an reathaí go rathúil",
 	"actions.runners.delete_runner.failed": "Theip ar an reathaí a scriosadh",
 	"actions.runners.delete_runner.header": "Deimhnigh an reathaí seo a scriosadh",
 	"actions.runners.delete_runner.notice": "Má tá tasc ar siúl ar an reathaí seo, cuirfear deireadh leis agus marcáil mar theip. Féadfaidh sé sreabhadh oibre tógála a bhriseadh.",
 	"actions.runners.none": "Níl aon reathaí ar fáil",
-	"actions.runners.version": "Leagan",
 	"actions.runners.reset_registration_token.button": "Athshocraigh comhartha clár",
 	"actions.runners.reset_registration_token.success": "D'éirigh le hathshocrú comhartha clárúcháin an dara háit",
 	"teams.add_all_repos.modal.header": "Cuir na stórais uile leis",
@@ -492,5 +483,66 @@
 	"editor.replace_all": "Cuir gach rud in ionad",
 	"editor.toggle_case": "Íogaireacht cás a scoránaigh",
 	"editor.toggle_regex": "Scoránaigh ag baint úsáide as nathanna rialta",
-	"editor.toggle_whole_word": "Athraigh focail iomlána meaitseála"
+	"editor.toggle_whole_word": "Athraigh focail iomlána meaitseála",
+	"repo.issues.filter_sort.hint_with_placeholder": "Sórtáil de réir: %s",
+	"issues.filters.labels.exclude": "Lipéad a eisiamh",
+	"issues.filters.labels.unexclude": "Glan an t-eisiamh",
+	"install.ssh_authorized_keys_inspection_error": "Theip ar an gcomhad authorized_keys atá ann cheana a iniúchadh: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Tá coimhlint idir cumasú SSH do Forgejo agus an comhad atá suite ag %s ina bhfuil eochracha SSH atá ann cheana féin. Moltaí: bain úsáid as úsáideoir córais tiomnaithe do Forgejo, nó díchumasaigh SSH.",
+	"gpg.error.no_gpg_keys_found": "Níor aimsíodh aon eochair aitheanta don síniú seo sa bhunachar sonraí",
+	"gpg.error.not_signed_commit": "Ní gealltanas sínithe é",
+	"gpg.error.failed_retrieval_gpg_keys": "Theip ar aon eochair atá ceangailte le cuntas an tiomnóra a aisghabháil",
+	"gpg.error.probable_bad_signature": "RABHADH! Cé go bhfuil eochair leis an ID seo sa bhunachar sonraí ní fhíoraíonn sé an tiomantas seo! Tá amhras ar an tiomantas seo.",
+	"gpg.error.probable_bad_default_signature": "RABHADH! Cé go bhfuil an ID seo ag an eochair réamhshocraithe, ní fhíoraíonn sé an tiomantas seo! Tá amhras ar an tiomantas seo.",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
+	"packages.details.project_site": "Suíomh Gréasáin an tionscadail",
+	"packages.details.repository_site": "Suíomh Gréasáin an stórais",
+	"packages.details.documentation_site": "Suíomh Gréasáin doiciméadachta",
+	"packages.common.install": "Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas:",
+	"packages.common.registry": "Socraigh an chlárlann seo ón líne ordaithe:",
+	"packages.common.repository": "Eolas faoin stór",
+	"packages.arch.pacman.helper.gpg": "Cuir teastas iontaoibhe leis do pacman:",
+	"packages.arch.pacman.repo.multi": "Tá an leagan céanna ag %s i ndáiltí éagsúla.",
+	"packages.arch.pacman.repo.multi.item": "Cumraíocht do %s",
+	"packages.arch.pacman.conf": "Cuir freastalaí leis an dáileadh agus an ailtireacht ghaolmhar le <code>/etc/pacman.conf</code>:",
+	"packages.arch.pacman.sync": "Pacáiste sioncrónaithe le pacman:",
+	"packages.arch.version.properties": "Airíonna leagan",
+	"packages.arch.version.description": "Cur síos",
+	"packages.arch.version.provides": "Soláthraíonn",
+	"packages.arch.version.groups": "Grúpa",
+	"packages.arch.version.optdepends": "Spleáchais roghnacha",
+	"packages.arch.version.makedepends": "Déan spleáchais",
+	"packages.arch.version.checkdepends": "Seiceáil spleáchais",
+	"packages.arch.version.conflicts": "Coimhlintí",
+	"packages.arch.version.replaces": "Ionadaíonn",
+	"packages.arch.version.backup": "Cúltaca",
+	"packages.container.images.title": "Íomhánna",
+	"packages.alt.install": "Suiteáil pacáiste",
+	"packages.alt.setup": "Cuir stórlann leis an liosta de stórlanna nasctha (roghnaigh an ailtireacht riachtanach in ionad \"_arch_\"):",
+	"packages.alt.repository.architectures": "Ailtireachtaí",
+	"packages.alt.repository.multiple_groups": "Tá an pacáiste seo ar fáil i roinnt grúpaí.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Ní féidir atógáil, níl aon innéacs tosaithe.",
+	"packages.owner.settings.cleanuprules.title": "Rialacha glantacháin",
+	"packages.owner.settings.cleanuprules.none": "Níl aon rialacha glantacháin ann go fóill.",
+	"actions.status.unknown": "Anaithnid",
+	"actions.status.waiting": "Ag fanacht",
+	"actions.status.running": "Ag rith",
+	"actions.status.success": "Rath",
+	"actions.status.failure": "Teip",
+	"actions.status.cancelled": "Cealaithe",
+	"actions.status.skipped": "Scipeáilte",
+	"actions.status.blocked": "Blocáilte",
+	"actions.runners.runner_manage_panel": "Bainistigh reathaithe",
+	"actions.runs.workflow": "Sreabhadh Oibre",
+	"actions.runs.all_runs_link": "gach rith",
+	"actions.secrets.creation.name_description": "Ní féidir ach litreacha, uimhreacha agus fo-línte a bheith in ainm rúnda. Ní féidir leis tosú le FORGEJO_, GITEA_, GITHUB_, ná uimhir. Déanfaidh Forgejo é a thiontú go huachtarlitir go huathoibríoch.",
+	"actions.secrets.creation.value_description": "Is féidir luach rúnda a bheith ina théacs ar bith. Coinnítear carachtair speisialta. Déantar CRLF (briseadh líne stíl Windows) a thiontú go huathoibríoch go LF. Ionchódaigh an luach le Base64 más ceart briseadh líne a choinneáil.",
+	"actions.variables.mutation.name_description": "Ní féidir ach litreacha, uimhreacha agus fo-línte a bheith in ainm athróige. Ní féidir CI a thabhairt air ná tosú le FORGEJO_, GITEA_, GITHUB_, ná uimhir. Déanfaidh Forgejo é a thiontú go huachtarlitir go huathoibríoch.",
+	"actions.variables.mutation.value_description": "Is féidir luach athróg a bheith ina théacs ar bith. Coinnítear carachtair speisialta. Déantar CRLF (briseadh líne stíl Windows) a thiontú go huathoibríoch go LF. Ionchódaigh an luach le Base64 más ceart briseadh líne a choinneáil."
 }
diff --git a/options/locale_next/locale_hu-HU.json b/options/locale_next/locale_hu-HU.json
index fc1dbc01f7..2b9b2b5181 100644
--- a/options/locale_next/locale_hu-HU.json
+++ b/options/locale_next/locale_hu-HU.json
@@ -6,7 +6,6 @@
 	"actions.runners.task_list.repository": "Tároló",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.status.active": "Aktív",
-	"actions.runs.commit": "Commit",
 	"gpg.error.extract_sign": "Nem sikerült kinyerni az aláírást",
 	"gpg.error.generate_hash": "Nem sikerült létrehozni a commitot azonosító hash-t",
 	"gpg.error.no_gpg_keys_found": "Nem található kulcs ehhez az aláíráshoz az adatbázisban",
diff --git a/options/locale_next/locale_id-ID.json b/options/locale_next/locale_id-ID.json
index 8923bb149d..5f0ab19bf1 100644
--- a/options/locale_next/locale_id-ID.json
+++ b/options/locale_next/locale_id-ID.json
@@ -145,7 +145,6 @@
 	"actions.runs.run_attempt_label": "Upaya eksekusi #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Anda sedang melihat hasil eksekusi yang sudah kadaluwarsa dari tugas ini yang dijalankan pada %[1]s.",
 	"actions.runs.view_most_recent_run": "Lihat hasil terbaru",
-	"actions.runs.commit": "Memperbuat",
 	"actions.runs.no_matching_online_runner.helper": "Tidak ada runner online yang cocok dengan label: %s",
 	"actions.runs.actor": "Aktor",
 	"actions.runs.status": "Status",
diff --git a/options/locale_next/locale_is-IS.json b/options/locale_next/locale_is-IS.json
index fe44a7ee44..ff203bc503 100644
--- a/options/locale_next/locale_is-IS.json
+++ b/options/locale_next/locale_is-IS.json
@@ -1,5 +1,4 @@
 {
-	"actions.runners.id": "Auðkenni",
 	"actions.runners.name": "Heiti",
 	"actions.runners.owner_type": "Tegund",
 	"actions.runners.description": "Lýsing",
@@ -8,8 +7,6 @@
 	"actions.runners.task_list.repository": "Hugbúnaðarsafn",
 	"actions.runners.task_list.commit": "Framlag",
 	"actions.runners.status.active": "Virkt",
-	"actions.runners.version": "Útgáfa",
-	"actions.runs.commit": "Framlag",
 	"notification.notifications": "Tilkynningar",
 	"notification.unread": "Ólesnar",
 	"notification.read": "Lesnar",
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index f31ecdd067..f1fb401608 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -335,9 +335,6 @@
 	"actions.runs.viewing_out_of_date_run": "Stai visualizzando un'esecuzione obsoleta di questo lavoro che è stata eseguita il %[1]s.",
 	"actions.runs.view_most_recent_run": "Visualizza l'esecuzione più recente",
 	"actions.runs.all_workflows": "Tutti i flussi di lavoro",
-	"actions.runs.commit": "Commit",
-	"actions.runs.scheduled": "Pianificato",
-	"actions.runs.pushed_by": "immesso da",
 	"actions.runs.workflow": "Workflow",
 	"actions.runs.invalid_workflow_helper": "Il file di configurazione del flusso di lavoro è invalido. Controlla il tuo file di configurazione: %s",
 	"actions.runs.no_matching_online_runner.helper": "Nessun esecutore online corrispondente con etichetta: %s",
@@ -367,31 +364,25 @@
 	"actions.runners.status.idle": "Inattivo",
 	"actions.runners.status.active": "Attivo",
 	"actions.runners.status.offline": "Offline",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Nome",
 	"actions.runners.owner_type": "Tipo",
 	"actions.runners.description": "Descrizione",
 	"actions.runners.labels": "Etichette",
 	"actions.runners.last_online": "Ultima volta online",
-	"actions.runners.runner_title": "Esecutore",
-	"actions.runners.task_list": "Attività recenti su questo esecutore",
+	"actions.runners.runner_title": "Esecutore %s",
 	"actions.runners.task_list.no_tasks": "Non c'è ancora nessuna attività.",
 	"actions.runners.task_list.run": "Esegui",
 	"actions.runners.task_list.status": "Stato",
 	"actions.runners.task_list.repository": "Repository",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Eseguito",
-	"actions.runners.edit_runner": "Modifica esecutore",
-	"actions.runners.update_runner.button": "Aggiorna cambiamenti",
 	"actions.runners.update_runner.success": "Esecutore aggiornato correttamente",
 	"actions.runners.update_runner.failed": "Impossibile aggiornare l'esecutore",
-	"actions.runners.delete_runner.button": "Elimina questo esecutore",
 	"actions.runners.delete_runner.success": "Esecutore eliminato correttamente",
 	"actions.runners.delete_runner.failed": "Impossibile eliminare l'esecutore",
 	"actions.runners.delete_runner.header": "Conferma l'eliminazione di questo esecutore",
 	"actions.runners.delete_runner.notice": "Se un'attività è in esecuzione su questo esecutore sarà terminata ed etichettata fallito. Potrebbe rompere flussi di lavoro di costruzione.",
 	"actions.runners.none": "Nessun esecutore disponibile",
-	"actions.runners.version": "Versione",
 	"actions.runners.reset_registration_token.button": "Reimposta token di registrazione",
 	"actions.runners.reset_registration_token.success": "Reimpostazione del token di registrazione dell'esecutore fallita",
 	"settings.visibility.description": "La visibilità del profilo influisce sulla capacità degli altri di accedere ai tuoi repository non privati. <a href=\"%s\" target=\"_blank\">Scopri di più</a>.",
@@ -441,5 +432,20 @@
 	"moderation.action.account.suspend": "Sospendi profilo",
 	"repo.issues.filter_reviewers.hint": "Filtra per utente che ha recensito",
 	"repo.issues.filter_mention.hint": "Filtra per utente menzionato",
-	"repo.issues.filter_modified.hint": "Filtra per ultima data modificata"
+	"repo.issues.filter_modified.hint": "Filtra per ultima data modificata",
+	"repo.issues.filter_sort.hint_with_placeholder": "Ordina per: %s",
+	"issues.updated": "aggiornato %s",
+	"issues.filters.labels.exclude": "Escludi etichetta",
+	"issues.filters.labels.unexclude": "Rimuovi esclusioni",
+	"repo.pulls.poster_requires_approval": "Alcuni flussi di lavoro sono <a href=\"%[1]s\">in attesa di revisione</a>.",
+	"repo.pulls.poster_requires_approval.tooltip": "L'autore di questa richiesta di modifica non è autorizzato ad eseguire i flussi di lavoro attivati da una richiesta di modifica o da un repository forkato o con AGit. I flussi di lavoro attivati da un evento `pull_request` non verranno eseguiti fino a quando non saranno approvati.",
+	"repo.pulls.poster_is_trusted": "L'autore di questa richiesta di modifica è <a href=\"%[1]s\">sempre autorizzato ad eseguire flussi di lavoro</a>.",
+	"repo.pulls.poster_trust_always.tooltip": "I flussi di lavoro attivati da un evento `pull_request` verranno eseguiti su questo commit e non sarà necessario approvare successive esecuzioni da questa proposta di modifica definita dallo stesso utente.",
+	"repo.pulls.poster_trust_revoke": "Revoca",
+	"repo.pulls.poster_trust_revoke.tooltip": "L'autore di questa richiesta di modifica non sarà più attendibile per eseguire flussi di lavoro avviati da un evento `pull request`, ogni esecuzione dovrà essere approvata manualmente.",
+	"repo.view.gitmodules_too_large": "Il file .gitmodules è troppo grande e verrà ignorato (durante le chiamate API per esempio)",
+	"search.syntax": "Sintassi di ricerca",
+	"search.fuzzy": "Fuzzy",
+	"search.fuzzy_tooltip": "Includere i risultati è una corrispondenza approssimativa al termine di ricerca",
+	"install.ssh_authorized_keys_inspection_error": "Ispezione del file authorized_keys esistente fallito: %v"
 }
diff --git a/options/locale_next/locale_ja-JP.json b/options/locale_next/locale_ja-JP.json
index a0f998c0a9..bc9038e648 100644
--- a/options/locale_next/locale_ja-JP.json
+++ b/options/locale_next/locale_ja-JP.json
@@ -17,37 +17,28 @@
 	"actions.runners.status.idle": "アイドル",
 	"actions.runners.status.active": "稼働中",
 	"actions.runners.status.offline": "オフライン",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "名称",
 	"actions.runners.owner_type": "タイプ",
 	"actions.runners.description": "説明",
 	"actions.runners.labels": "ラベル",
 	"actions.runners.last_online": "最終オンライン時刻",
-	"actions.runners.runner_title": "ランナー",
-	"actions.runners.task_list": "このランナーの最近のタスク",
+	"actions.runners.runner_title": "ランナー %s",
 	"actions.runners.task_list.no_tasks": "タスクはまだありません。",
 	"actions.runners.task_list.run": "実行",
 	"actions.runners.task_list.status": "ステータス",
 	"actions.runners.task_list.repository": "リポジトリ",
 	"actions.runners.task_list.commit": "コミット",
 	"actions.runners.task_list.done_at": "終了時刻",
-	"actions.runners.edit_runner": "ランナーの編集",
-	"actions.runners.update_runner.button": "変更を保存",
 	"actions.runners.update_runner.success": "ランナーを更新しました",
 	"actions.runners.update_runner.failed": "ランナーの更新に失敗しました",
-	"actions.runners.delete_runner.button": "このランナーを削除",
 	"actions.runners.delete_runner.success": "ランナーを削除しました",
 	"actions.runners.delete_runner.failed": "ランナーの削除に失敗しました",
 	"actions.runners.delete_runner.header": "ランナー削除の確認",
 	"actions.runners.delete_runner.notice": "このランナーでタスクが実行されている場合、タスクは停止され失敗扱いとなります。 それによりビルドワークフローが途中で終了することになるかもしれません。",
 	"actions.runners.none": "利用可能なランナーはありません",
-	"actions.runners.version": "バージョン",
 	"actions.runners.reset_registration_token.button": "登録トークンをリセット",
 	"actions.runners.reset_registration_token.success": "ランナー登録トークンをリセットしました",
 	"actions.runs.all_workflows": "すべてのワークフロー",
-	"actions.runs.commit": "コミット",
-	"actions.runs.scheduled": "スケジュール済み",
-	"actions.runs.pushed_by": "pushed by",
 	"actions.runs.workflow": "ワークフロー",
 	"actions.runs.invalid_workflow_helper": "ワークフロー設定ファイルは無効です。あなたの設定ファイルを確認してください: %s",
 	"actions.runs.no_matching_online_runner.helper": "ラベルに一致するオンラインのランナーが見つかりません: %s",
diff --git a/options/locale_next/locale_ka.json b/options/locale_next/locale_ka.json
index 06287b4fe7..37fd5b4a8b 100644
--- a/options/locale_next/locale_ka.json
+++ b/options/locale_next/locale_ka.json
@@ -14,19 +14,15 @@
 	"actions.runners.status.idle": "უქმე",
 	"actions.runners.status.active": "აქტიურია",
 	"actions.runners.status.offline": "ქსელგარეშე",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "სახელი",
 	"actions.runners.owner_type": "ტიპი",
 	"actions.runners.description": "აღწერა",
 	"actions.runners.labels": "ჭდეები",
-	"actions.runners.runner_title": "გამშვები",
+	"actions.runners.runner_title": "გამშვები %s",
 	"actions.runners.task_list.run": "გაშვება",
 	"actions.runners.task_list.status": "სტატუსი",
 	"actions.runners.task_list.repository": "რეპოზიტორია",
 	"actions.runners.task_list.commit": "კომიტი",
-	"actions.runners.version": "ვერსია",
-	"actions.runs.commit": "კომიტი",
-	"actions.runs.scheduled": "დაგეგმილია",
 	"actions.runs.workflow": "შრომის პროცესი",
 	"actions.runs.actor": "ავტორი",
 	"actions.runs.status": "სტატუსი",
diff --git a/options/locale_next/locale_ko-KR.json b/options/locale_next/locale_ko-KR.json
index 052730a299..08b746eba9 100644
--- a/options/locale_next/locale_ko-KR.json
+++ b/options/locale_next/locale_ko-KR.json
@@ -6,7 +6,6 @@
 	"actions.runners.task_list.repository": "저장소",
 	"actions.runners.task_list.commit": "커밋",
 	"actions.runners.status.active": "사용",
-	"actions.runs.commit": "커밋",
 	"gpg.error.extract_sign": "서명 추출에 실패",
 	"gpg.error.generate_hash": "커밋의 해시 생성에 실패",
 	"gpg.error.not_signed_commit": "서명되지 않은 커밋",
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 58e7dcb167..30b0ea23c4 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -350,9 +350,6 @@
 	"actions.runs.run_attempt_label": "Palaišanas mēģinājums #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Tu skati novecojušu šī darba palaišanu, kas tika izpildīta %[1]s.",
 	"actions.runs.all_workflows": "Visas darbplūsmas",
-	"actions.runs.commit": "Iesūtījumu",
-	"actions.runs.scheduled": "Ieplānots",
-	"actions.runs.pushed_by": "aizgādāja",
 	"actions.runs.workflow": "Darbplūsma",
 	"actions.runs.invalid_workflow_helper": "Darbplūsmas konfigurācijas datne ir nederīga. Lūgums pārbaudīt konfigurācijas datni: %s",
 	"actions.runs.no_matching_online_runner.helper": "Nav tiešsaistē esošu izpildītāju, kas atbilstu iezīmei: %s",
@@ -374,31 +371,25 @@
 	"actions.runners.status.idle": "Dīkstāvē",
 	"actions.runners.status.active": "Darbojas",
 	"actions.runners.status.offline": "Bezsaistē",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Nosaukums",
 	"actions.runners.owner_type": "Veids",
 	"actions.runners.description": "Apraksts",
 	"actions.runners.labels": "Iezīmes",
 	"actions.runners.last_online": "Pēdējo reizi tiešsaistē",
-	"actions.runners.runner_title": "Izpildītājs",
-	"actions.runners.task_list": "Pēdējās darbības, kas izpildītas",
+	"actions.runners.runner_title": "Izpildītājs %s",
 	"actions.runners.task_list.no_tasks": "Vēl nav uzdevumu.",
 	"actions.runners.task_list.run": "Izpildījums",
 	"actions.runners.task_list.status": "Stāvoklis",
 	"actions.runners.task_list.repository": "Glabātava",
 	"actions.runners.task_list.commit": "Iesūtījums",
 	"actions.runners.task_list.done_at": "Pabeigts",
-	"actions.runners.edit_runner": "Labot izpildītāju",
-	"actions.runners.update_runner.button": "Saglabāt izmaiņas",
 	"actions.runners.update_runner.success": "Izpildītājs sekmīgi labots",
 	"actions.runners.update_runner.failed": "Neizdevās labot izpildītāju",
-	"actions.runners.delete_runner.button": "Dzēst izpildītāju",
 	"actions.runners.delete_runner.success": "Izpildītājs sekmīgi izdzēsts",
 	"actions.runners.delete_runner.failed": "Neizdevās izdzēst izpildītāju",
 	"actions.runners.delete_runner.header": "Apstiprināt izpildītāja izdzēšanu",
 	"actions.runners.delete_runner.notice": "Ja šis izpildītājs veic kādus uzdevumus, tad tie tiks apturēti un atzīmēti kā neizdevušies. Tas var sabojāt būvēšanas darbplūsmas.",
 	"actions.runners.none": "Nav pieejami izpildītāji",
-	"actions.runners.version": "Versija",
 	"actions.runners.reset_registration_token.button": "Atiestatīt reģistrācijas pilnvaru",
 	"actions.runners.reset_registration_token.success": "Izpildītāja reģistrācijas pilnvara tika sekmīgi atiestatīta",
 	"repo.pulls.maintainers_can_edit": "Uzturētāji var labot šo izmaiņu pieprasījumu.",
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 0ebdb84036..71d6d8dfbc 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -339,9 +339,6 @@
 	"actions.runs.view_most_recent_run": "Neeisten Loop ankieken",
 	"actions.runs.run_attempt_label": "Loop-Versöök #%[1]s (%[2]s)",
 	"actions.runs.all_workflows": "All Warkwiesen",
-	"actions.runs.commit": "Kommitteren",
-	"actions.runs.scheduled": "Na Tiedplaan",
-	"actions.runs.pushed_by": "schuven vun",
 	"actions.runs.workflow": "Warkwies",
 	"actions.runs.invalid_workflow_helper": "Warkwies-Instellens-Datei is ungültig. Bidde kiek diene Instellens-Datei na: %s",
 	"actions.runs.no_matching_online_runner.helper": "Keen verbunnen Loper, wat passt, mit de Vermark funnen: %s",
@@ -363,31 +360,25 @@
 	"actions.runners.status.idle": "Nix to doon",
 	"actions.runners.status.active": "Aktiiv",
 	"actions.runners.status.offline": "Nich verbunnen",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Naam",
 	"actions.runners.owner_type": "Aard",
 	"actions.runners.description": "Beschrieven",
 	"actions.runners.labels": "Vermarkens",
 	"actions.runners.last_online": "Tolest verbunnen",
-	"actions.runners.runner_title": "Loper",
-	"actions.runners.task_list": "Leste Upgaven up deesem Loper",
+	"actions.runners.runner_title": "Loper %s",
 	"actions.runners.task_list.no_tasks": "Dat gifft noch keene Upgaven.",
 	"actions.runners.task_list.run": "Utföhren",
 	"actions.runners.task_list.status": "Tostand",
 	"actions.runners.task_list.repository": "Repositorium",
 	"actions.runners.task_list.commit": "Kommitteren",
 	"actions.runners.task_list.done_at": "Daan um",
-	"actions.runners.edit_runner": "Loper bewarken",
-	"actions.runners.update_runner.button": "Ännerns sekern",
 	"actions.runners.update_runner.success": "Loper bewarkt",
 	"actions.runners.update_runner.failed": "Kunn Loper nich bewarken",
-	"actions.runners.delete_runner.button": "Deesen Loper wegdoon",
 	"actions.runners.delete_runner.success": "Loper wegdaan",
 	"actions.runners.delete_runner.failed": "Kunn Loper nich wegdoon",
 	"actions.runners.delete_runner.header": "Wies ut, dat du deesen Loper wegdoon willst",
 	"actions.runners.delete_runner.notice": "Wenn eene Upgaav up deesem Loper löppt, word se ofbroken un as fehlslagen markeert. Dat kann Bau-Warkwiesen stören.",
 	"actions.runners.none": "Keene Lopers verföögbaar",
-	"actions.runners.version": "Versioon",
 	"actions.runners.reset_registration_token.button": "Registrerens-Teken torüggsetten",
 	"actions.runners.reset_registration_token.success": "Loper-Registrerens-Teken torüggsett",
 	"repo.pulls.maintainers_can_edit": "Liddmaten könen deesen Haalvörslag bewarken.",
@@ -508,5 +499,88 @@
 	"packages.common.registry": "Richt deese Paketlist vun de Oorderrieg in:",
 	"packages.common.repository": "Repositoriums-Informatioon",
 	"actions.runs.all_runs_link": "All Utföhrens",
-	"repo.issues.filter_sort.hint_with_placeholder": "Sorteren na: %s"
+	"repo.issues.filter_sort.hint_with_placeholder": "Sorteren na: %s",
+	"access_token.error.specified_repos_none": "Togang-Tekens mit angeven Repositoriums mutten tominnst een Repositorium hebben.",
+	"access_token.error.specified_repos_and_public_only": "Togang-Tekens mit angeven Repositoriums könen nich tosamen mit de blots-publik-Rebeet bruukt worden.",
+	"access_token.error.specified_repos_and_invalid_scope": "Togang-Tekens mit angeven Repositoriums könen blots mit de Rebeeten »read:issue«, »write:issue«, »read:repository« un »write:repository« bruukt worden.",
+	"repo.pulls.auto_merge.no_permission": "Du hest nich de nödigen Rechten, um dat automatisk Tosamenföhren vun deesem Haalvörslag oftobreken.",
+	"settings.specific_repo_access": "Repositoriums-Togang",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Teken",
+	"actions.runners.list_runners.details_column": "Mehr Informationen",
+	"actions.runners.list_runners.edit_column": "Bewarken",
+	"actions.runners.list_runners.delete_column": "Lösken",
+	"actions.runners.list_runners.details_button": "Mehr Informationen",
+	"actions.runners.list_runners.details_button_aria": "Mehr Informatioonen över %s wiesen",
+	"actions.runners.list_runners.delete_button": "Lösken",
+	"actions.runners.list_runners.delete_button_aria": "%s lösken",
+	"actions.runners.list_runners.edit_button": "Bewarken",
+	"actions.runners.list_runners.edit_button_aria": "%s bewarken",
+	"actions.runners.ephemeral.yes": "Jau",
+	"actions.runners.ephemeral.no": "Nee",
+	"actions.runners.edit_runner_button": "Loper bewarken",
+	"actions.runners.create_runner.page_title": "Nejen Loper maken",
+	"actions.runners.create_runner.title": "Nejen Loper maken",
+	"actions.runners.create_runner.properties_fieldset": "Eegenskuppen",
+	"actions.runners.create_runner.name_label": "Naam",
+	"actions.runners.create_runner.description_label": "Beschrieven",
+	"actions.runners.create_runner.create_button": "Maken",
+	"actions.runners.create_runner.cancel_button": "Ofbreken",
+	"actions.runners.edit_runner.page_title": "Loper %s bewarken",
+	"actions.runners.edit_runner.title": "Loper %s bewarken",
+	"actions.runners.edit_runner.properties_fieldset": "Eegenskuppen",
+	"actions.runners.edit_runner.properties_options": "Instellens",
+	"actions.runners.edit_runner.name_label": "Naam",
+	"actions.runners.edit_runner.description_label": "Beschrieven",
+	"actions.runners.edit_runner.regenerate_token_label": "Teken neei maken",
+	"actions.runners.edit_runner.regenerate_token_help": "Dat bestahn Teken word stracks glieks ungültig. Du kriggst up de anner Sied een nejes Teken.",
+	"actions.runners.edit_runner.save_button": "Sekern",
+	"actions.runners.edit_runner.cancel_button": "Ofbreken",
+	"actions.runners.runner_setup.title": "Loper %s inrichten",
+	"actions.runners.show_registration_token": "Registrerens-Teken wiesen",
+	"actions.runners.runner_details.page_title": "Loper %s",
+	"actions.runners.runner_setup.page_title": "Loper %s inrichten",
+	"actions.runners.runner_setup.list_of_runners_link": "List vun Lopers",
+	"actions.runners.runner_setup.last_chance_copying_token": "Kopeer dat neje Teken nu, denn du worst dat nich weer to sehn kriegen!",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Loper-UUID koperen",
+	"actions.runners.runner_setup.button_copy_token_aria": "Loper-Teken koperen",
+	"actions.runners.runner_setup.heading_using_configuration": "De Loper-Inrichtens-Datei bruken",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Text tum Infögen in de Loper-Inrichten",
+	"actions.runners.runner_setup.program_options_snippet_aria": "Wo man forgejo-runner utföhrt",
+	"actions.runners.runner_setup.heading_using_options": "Programm-Instellens bruken",
+	"actions.runners.reset_registration_token.token": "Registrerens-Teken (verollt)",
+	"form.RunnerName": "Naam",
+	"actions.runners.ephemeral": "Körttiedig",
+	"actions.runners.runner_details.labels_note": "De Vermarkens vun de Loper worden in de Inrichtens-Datei vun Forgejo Runner fastleggt of as Oorderreeg-Instellen angeven. Se worden elkeen Maal verneeit, wenn Forgejo Runner sik mit Forgejo verbinnt.",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Wessel de Verbinnens-Naam (<code>forgejo</code> im Bispööl) mit eenem Weert na dienem Smaak ut.",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Um Forgejo Runner so intorichten, dat dat in Behälters löppt, of för kumplizeertere Inrichtens, bekiek de <a href=\"https://TO-BE-REPLACED.COM\">Dokumenteren</a>.",
+	"actions.runners.task_list_repo": "Leste Upgaven vun deesem Repositorium up deesem Loper",
+	"actions.runners.task_list_org": "Leste Upgaven up deesem Loper in deeser Vereenigung",
+	"actions.runners.task_list_admin": "Leste Upgaven up deesem Loper",
+	"actions.runners.task_list_user": "Leste Upgaven vun deesem Bruker up deesem Loper",
+	"settings.new_access_token": "Nejes Togang-Teken",
+	"graphs.recent_commits.title": "Tahl vun Kommitterens im lesten Jahr",
+	"graphs.code_frequency.title": "Quelltext-Frequenz langs de Histoorje vun {0}",
+	"actions.secrets.edit_button": "Geheemst »%s« bewarken",
+	"actions.secrets.mutation.header": "Geheemst »%s« bewarken",
+	"actions.secrets.mutation.success_message": "Dat Geheemst »%s« is verneeit worden.",
+	"actions.secrets.mutation.failure_message": "Dat Geheemst »%s« kunn nich verneeit worden.",
+	"actions.secrets.mutation.name_description": "De Naam vun eenem Geheemst kann blots Bookstaven, Tahlen un Unnerstreken enthollen. ’t kann nich mit FORGEJO_, GITEA_, GITHUB_ of eener Tahl begünnen. Forgejo word ’t automatisk in Grotbookstaven umwanneln.",
+	"actions.secrets.mutation.value_description": "De bestahn Weert word nich wiest. Laat dat Feld leeg, wenn du ’t nich ännern willst. Besünnere Bookstavens worden bibehollen. CRLF (Riegenennen na Windows-Aard) word automatisk in LF umwannelt. Kodeer de Weert mit Base64, wenn Riegenennen bibehollen worden sallen.",
+	"settings.permissions_access_specific_repositories": "Enkelte Repositoriums",
+	"settings.access_token.selected_repositories": {
+		"one": "Utköört Repositorium (%d)",
+		"other": "Utköört Repositoriums (%d)"
+	},
+	"settings.access_token.available_repositories": "Verföögbaar Repositoriums",
+	"settings.access_token.no_repositories_selected": "Keene Repositoriums utköört.",
+	"settings.access_token.no_repositories_found": "Keene Repositoriums funnen.",
+	"settings.access_token.remove": "%s wegdoon",
+	"settings.access_token.resource_all_help": "Togang to all Ressourcen verlöven.",
+	"settings.access_token.resource_public_only_help": "Togang begrenzen up Repositoriums un Vereenigungen, wat publik sünd.",
+	"settings.access_token.resource_specific_repo_help": "Begrenz Togang up eene List vun enkelten Repositoriums. Blots-Lesen-Togang is för all publike Repositoriums verlöövt. Blots Rechten, wat Togang to Repositoriums un Gefallens verlöven, könen anknipst worden.",
+	"settings.access_token.admin_disabled": "Chef-Rechten sünd utknipst.",
+	"actions.runs.scheduled_description": "Utföhren na Tiedplaan vun Kommitteren <a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "Utföhren vun Kommitteren <a href=\"%[1]s\">%[2]s</a> vun <a href=\"%[3]s\">%[4]s</a> utlööst",
+	"actions.runs.on_push_description": "Kommitteren <a href=\"%[1]s\">%[2]s</a> vun <a href=\"%[3]s\">%[4]s</a> schuven"
 }
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index d342a8ddf0..978fe5b3c5 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -19,9 +19,9 @@
 	"notification.mark_all_as_read": "Markeer alles als gelezen",
 	"notification.subscriptions": "Abonnementen",
 	"notification.watching": "Kijken naar",
-	"notification.no_subscriptions": "Geen abonnementen",
+	"notification.no_subscriptions": "U heeft geen abonnementen.",
 	"dropzone.default_message": "Sleep bestanden hier heen of klik om te uploaden.",
-	"dropzone.invalid_input_type": "U kunt geen bestanden van dit type uploaden.",
+	"dropzone.invalid_input_type": "Bestanden van dit type kunnen niet worden geüpload.",
 	"dropzone.file_too_big": "Bestandsgrootte ({{filesize}} MB) overschrijdt de maximale grootte ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Verwijder bestand",
 	"munits.data.b": "B",
@@ -76,9 +76,9 @@
 	"packages.arch.version.description": "Beschrijving",
 	"packages.arch.version.provides": "Biedt",
 	"packages.arch.version.groups": "Groep",
-	"packages.arch.version.optdepends": "Optioneel is afhankelijk van",
-	"packages.arch.version.makedepends": "Maken is afhankelijk van",
-	"packages.arch.version.checkdepends": "Controleer is afhankelijk van",
+	"packages.arch.version.optdepends": "Optionele afhankelijkheden",
+	"packages.arch.version.makedepends": "Maak afhankelijkheden",
+	"packages.arch.version.checkdepends": "Controleer afhankelijkheden",
 	"packages.arch.version.conflicts": "Conflicten",
 	"packages.arch.version.replaces": "Vervangt",
 	"packages.arch.version.backup": "Back-up",
@@ -134,7 +134,7 @@
 	"packages.alt.repository.multiple_groups": "Dit pakket is beschikbaar in meerdere groepen.",
 	"packages.rubygems.install": "Voer het volgende commando uit om het pakket met gem te installeren:",
 	"packages.rubygems.install2": "of voeg het toe aan het Gemfile:",
-	"packages.rubygems.dependencies.runtime": "Runtime dependencies",
+	"packages.rubygems.dependencies.runtime": "Runtime-afhankelijkheden",
 	"packages.rubygems.dependencies.development": "Ontwikkelings dependencies",
 	"packages.rubygems.required.ruby": "Vereist Ruby versie",
 	"packages.rubygems.required.rubygems": "Vereist RubyGem versie",
@@ -339,9 +339,6 @@
 	"actions.runs.run_attempt_label": "Uitvoerpoging #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "U bekijkt een verouderde uitvoer van deze opdracht die %[1]s is uitgevoerd.",
 	"actions.runs.all_workflows": "Alle workflows",
-	"actions.runs.commit": "Commit",
-	"actions.runs.scheduled": "Gepland",
-	"actions.runs.pushed_by": "gepusht door",
 	"actions.runs.workflow": "Workflow",
 	"actions.runs.invalid_workflow_helper": "Workflow config bestand is ongeldig. Controleer uw configuratiebestand: %s",
 	"actions.runs.no_matching_online_runner.helper": "Geen overeenkomende online runner met label: %s",
@@ -363,31 +360,25 @@
 	"actions.runners.status.idle": "Inactief",
 	"actions.runners.status.active": "Actief",
 	"actions.runners.status.offline": "Offline",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Naam",
 	"actions.runners.owner_type": "Type",
 	"actions.runners.description": "Omschrijving",
 	"actions.runners.labels": "Labels",
 	"actions.runners.last_online": "Laatste online tijd",
-	"actions.runners.runner_title": "Runner",
-	"actions.runners.task_list": "Recente taken op deze runner",
-	"actions.runners.task_list.no_tasks": "Er is nog geen taak.",
+	"actions.runners.runner_title": "Runner %s",
+	"actions.runners.task_list.no_tasks": "Er zijn nog geen taken.",
 	"actions.runners.task_list.run": "Uitvoeren",
 	"actions.runners.task_list.status": "Status",
 	"actions.runners.task_list.repository": "Opslagplaats",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Gedaan op",
-	"actions.runners.edit_runner": "Runner bewerken",
-	"actions.runners.update_runner.button": "Wijzigingen bijwerken",
 	"actions.runners.update_runner.success": "Runner succesvol bijgewerkt",
-	"actions.runners.update_runner.failed": "Mislukt om runner bij te werken",
-	"actions.runners.delete_runner.button": "Verwijder deze runner",
+	"actions.runners.update_runner.failed": "Kan runner niet bewerken",
 	"actions.runners.delete_runner.success": "Runner succesvol verwijderd",
 	"actions.runners.delete_runner.failed": "Het verwijderen van de runner is mislukt",
 	"actions.runners.delete_runner.header": "Bevestigen om deze runner te verwijderen",
 	"actions.runners.delete_runner.notice": "Als er een taak op deze runner draait, wordt deze beëindigd en gemarkeerd als mislukt. Dit kan het bouwen van de workflow onderbreken.",
 	"actions.runners.none": "Geen runners beschikbaar",
-	"actions.runners.version": "Versie",
 	"actions.runners.reset_registration_token.button": "Registratie token resetten",
 	"actions.runners.reset_registration_token.success": "Runner registratie token met succes gereset",
 	"repo.pulls.maintainers_can_edit": "Maintainers kan deze pull request bewerken.",
@@ -415,9 +406,9 @@
 	"teams.add_all_repos.modal.header": "Alle repositories toevoegen",
 	"teams.remove_all_repos.modal.header": "Alle repositories verwijderen",
 	"repo.pulls.poster_manage_approval": "Goedkeuring beheren",
-	"repo.pulls.poster_requires_approval": "Sommige werkstromen zijn <a href=\"%[1]s\">wachtend om beoordeeld te worden.</a>",
+	"repo.pulls.poster_requires_approval": "Sommige werkstromen zijn <a href=\"%[1]s\">wachtend om beoordeeld te worden</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "De auteur van dit pull request wordt niet vertrouwd om workflows uit te voeren die worden getriggerd door een pull request dat is aangemaakt vanuit een forked repository of met AGit. De werkstromen die worden geactiveerd door een `pull_request` evenement zullen niet worden uitgevoerd totdat ze zijn goedgekeurd.",
-	"repo.pulls.poster_is_trusted": "De auteur van dit pull request is <a href=\"%[1]s\">altijd vertrouwd om werkstromen uit te voeren.</a>",
+	"repo.pulls.poster_is_trusted": "De auteur van dit pull request is <a href=\"%[1]s\">altijd vertrouwd om werkstromen uit te voeren</a>.",
 	"repo.pulls.poster_is_trusted.tooltip": "De auteur van dit pull request is expliciet vertrouwd om workflows uit te voeren die worden geactiveerd door een `pull_request` evenement.",
 	"repo.pulls.poster_trust_deny": "Weigeren",
 	"repo.pulls.poster_trust_deny.tooltip": "De workflows die op goedkeuring wachten, worden geannuleerd.",
@@ -446,7 +437,7 @@
 	"issues.updated": "bijgewerkt %s",
 	"repo.issues.filter_mention.hint": "Filteren op genoemde gebruiker",
 	"repo.issues.filter_reviewers.hint": "Filteren op gebruiker die beoordeelde",
-	"repo.issues.filter_modified.hint": "Filteren op laatst gewijzigde datum",
+	"repo.issues.filter_modified.hint": "Filter op laatst gemodificeerd",
 	"repo.view.gitmodules_too_large": "Het .gitmodules-bestand is te groot en wordt genegeerd (bijvoorbeeld bij API-aanroepen)",
 	"search.syntax": "Syntaxis zoeken",
 	"search.fuzzy": "Fuzzy",
@@ -501,5 +492,12 @@
 	"editor.replace_all": "Vervang alles",
 	"editor.toggle_case": "Hoofdlettergevoeligheid in- of uitschakelen",
 	"editor.toggle_regex": "Schakelen met behulp van reguliere expressies",
-	"editor.toggle_whole_word": "Schakel het matchen van hele woorden in of uit"
+	"editor.toggle_whole_word": "Schakel het matchen van hele woorden in of uit",
+	"repo.issues.filter_sort.hint_with_placeholder": "Sorteer bij: %s",
+	"issues.filters.labels.exclude": "Label uitsluiten",
+	"issues.filters.labels.unexclude": "Uitsluitingen wissen",
+	"packages.common.install": "Voer de volgende opdracht uit om het pakket te installeren:",
+	"packages.common.registry": "Stel dit register in vanaf de opdrachtregel:",
+	"packages.common.repository": "Repository informatie",
+	"actions.runs.all_runs_link": "alle runs"
 }
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index d559a3f776..0d169466e0 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -360,31 +360,25 @@
 	"actions.runners.status.idle": "Bezczynne",
 	"actions.runners.status.active": "Aktywne",
 	"actions.runners.status.offline": "Offline",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Nazwa",
 	"actions.runners.owner_type": "Typ",
 	"actions.runners.description": "Opis",
 	"actions.runners.labels": "Etykiety",
 	"actions.runners.last_online": "Ostatni czas online",
-	"actions.runners.runner_title": "Runner",
-	"actions.runners.task_list": "Ostatnie zadania w tym runnerze",
+	"actions.runners.runner_title": "Runner %s",
 	"actions.runners.task_list.no_tasks": "Nie ma jeszcze zadań.",
 	"actions.runners.task_list.run": "Uruchom",
 	"actions.runners.task_list.status": "Status",
 	"actions.runners.task_list.repository": "Repozytorium",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Ukończone W",
-	"actions.runners.edit_runner": "Edytuj Runnera",
-	"actions.runners.update_runner.button": "Aktualizuj zmiany",
 	"actions.runners.update_runner.success": "Runner zaktualizowany pomyślnie",
 	"actions.runners.update_runner.failed": "Nie udało się zaktualizować runnera",
-	"actions.runners.delete_runner.button": "Usuń ten runner",
 	"actions.runners.delete_runner.success": "Runner usunięty pomyślnie",
 	"actions.runners.delete_runner.failed": "Nie udało się usunąć runnera",
 	"actions.runners.delete_runner.header": "Potwierdź usunięcie tego runnera",
 	"actions.runners.delete_runner.notice": "Jeżeli zadanie nadal jest wykonywane przez ten runner, zostanie ono zakończone i oznaczone jako niepowodzenie. Może to przerwać proces pracy.",
 	"actions.runners.none": "Brak dostępnych runnerów",
-	"actions.runners.version": "Wersja",
 	"actions.runners.reset_registration_token.button": "Resetuj token rejestracji",
 	"actions.runners.reset_registration_token.success": "Rejestracja tokenu resetu runnera pomyślna",
 	"mail.actions.run_info_cur_status": "Stan tego uruchomienia: %[1]s (dopiero zmieniony z %[2]s)",
@@ -457,9 +451,6 @@
 	"actions.runs.view_most_recent_run": "Pokaż ostatnie uruchomienie",
 	"actions.runs.run_attempt_label": "Próba uruchomienia #%[1]s (%[2]s)",
 	"actions.runs.all_workflows": "Wszystkie procesy prac",
-	"actions.runs.commit": "Commit",
-	"actions.runs.scheduled": "Zaplanowane",
-	"actions.runs.pushed_by": "wypchnięty przez",
 	"actions.runs.workflow": "Proces pracy",
 	"actions.runs.invalid_workflow_helper": "Plik konfiguracyjny procesu pracy jest nieprawidłowy. Proszę sprawdź swój plik konfiguracyjny: %s",
 	"actions.runs.no_matching_online_runner.helper": "Brak pasujących runnerów online z etykietą: %s",
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index e1b167a90a..074d7239af 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -19,9 +19,9 @@
 	"notification.mark_all_as_read": "Marcar todas como lidas",
 	"notification.subscriptions": "Inscrições",
 	"notification.watching": "Observando",
-	"notification.no_subscriptions": "Nenhuma inscrição",
+	"notification.no_subscriptions": "Você não tem inscrições.",
 	"dropzone.default_message": "Arraste e solte arquivos aqui, ou clique para selecioná-los.",
-	"dropzone.invalid_input_type": "Você não pode enviar arquivos deste tipo.",
+	"dropzone.invalid_input_type": "Arquivos deste tipo não podem ser enviados.",
 	"dropzone.file_too_big": "Tamanho de arquivo ({{filesize}} MB) excede o máximo de ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Remover arquivo",
 	"munits.data.b": "B",
@@ -64,7 +64,7 @@
 	"packages.alpine.registry": "Configure este registro adicionando o URL no arquivo <code>/etc/apk/repositories</code>:",
 	"packages.alpine.registry.key": "Baixe a chave RSA pública do registro para a pasta <code>/etc/apk/keys/</code> para verificar a assinatura do índice:",
 	"packages.alpine.registry.info": "Escolha o $branch e $repository da lista abaixo.",
-	"packages.alpine.repository.branches": "Branches",
+	"packages.alpine.repository.branches": "Ramos",
 	"packages.alpine.repository.repositories": "Repositórios",
 	"packages.alpine.repository.architectures": "Arquiteturas",
 	"packages.arch.pacman.helper.gpg": "Adicionar certificado de confiança para o pacman:",
@@ -76,7 +76,7 @@
 	"packages.arch.version.description": "Descrição",
 	"packages.arch.version.provides": "Fornece",
 	"packages.arch.version.groups": "Grupo",
-	"packages.arch.version.optdepends": "Depende opcionalmente",
+	"packages.arch.version.optdepends": "Dependências opcionais",
 	"packages.arch.version.makedepends": "Dependências do make",
 	"packages.arch.version.checkdepends": "Verificar dependências",
 	"packages.arch.version.conflicts": "Conflitos",
@@ -95,14 +95,14 @@
 	"packages.container.details.type": "Tipo de imagem",
 	"packages.container.details.platform": "Plataforma",
 	"packages.container.pull": "Puxe a imagem pela linha de comando:",
-	"packages.container.digest": "Digest",
+	"packages.container.digest": "Sinopse",
 	"packages.container.multi_arch": "S.O. / Arquitetura",
 	"packages.container.layers": "Camadas da imagem",
 	"packages.container.labels": "Rótulos",
 	"packages.container.labels.key": "Chave",
 	"packages.container.labels.value": "Valor",
 	"packages.cran.registry": "Configure este registro no arquivo <code>Rprofile.site</code>:",
-	"packages.debian.registry.info": "Escolha uma $distribution e um $component da lista abaixo:",
+	"packages.debian.registry.info": "Escolha uma $distribution e um $component da lista abaixo.",
 	"packages.debian.repository.distributions": "Distribuições",
 	"packages.debian.repository.components": "Componentes",
 	"packages.debian.repository.architectures": "Arquiteturas",
@@ -350,10 +350,7 @@
 	"actions.runs.view_most_recent_run": "Ver execução mais recente",
 	"actions.runs.run_attempt_label": "Tentativa de execução #%[1]s (%[2]s)",
 	"actions.runs.all_workflows": "Todos os workflows",
-	"actions.runs.commit": "Commit",
-	"actions.runs.scheduled": "Programadas",
-	"actions.runs.pushed_by": "push feito por",
-	"actions.runs.workflow": "Workflow",
+	"actions.runs.workflow": "Fluxo",
 	"actions.runs.invalid_workflow_helper": "O arquivo de configuração do workflow é inválido. Por favor, verifique seu arquivo de configuração: %s",
 	"actions.runs.no_matching_online_runner.helper": "Nenhum runner online encontrado com o rótulo: %s",
 	"actions.runs.no_job_without_needs": "O workflow deve conter pelo menos um trabalho sem dependências.",
@@ -365,7 +362,7 @@
 	"actions.runs.no_results": "Nenhum resultado.",
 	"actions.runs.no_workflows": "Não há workflows ainda.",
 	"actions.actions": "Ações",
-	"actions.runners": "Runners",
+	"actions.runners": "Executores",
 	"actions.runners.runner_manage_panel": "Gerenciar runners",
 	"actions.runners.new": "Criar novo runner",
 	"actions.runners.new_notice": "Como iniciar um runner",
@@ -374,31 +371,25 @@
 	"actions.runners.status.idle": "Inativo",
 	"actions.runners.status.active": "Ativo",
 	"actions.runners.status.offline": "Offline",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Nome",
 	"actions.runners.owner_type": "Tipo",
 	"actions.runners.description": "Descrição",
 	"actions.runners.labels": "Rótulos",
 	"actions.runners.last_online": "Última vez online",
-	"actions.runners.runner_title": "Runner",
-	"actions.runners.task_list": "Tarefas recentes neste runner",
-	"actions.runners.task_list.no_tasks": "Ainda não há nenhuma tarefa.",
+	"actions.runners.runner_title": "Executor %s",
+	"actions.runners.task_list.no_tasks": "Ainda não há tarefas.",
 	"actions.runners.task_list.run": "Executar",
 	"actions.runners.task_list.status": "Estado",
 	"actions.runners.task_list.repository": "Repositório",
 	"actions.runners.task_list.commit": "Commit",
 	"actions.runners.task_list.done_at": "Realizada em",
-	"actions.runners.edit_runner": "Editar Runner",
-	"actions.runners.update_runner.button": "Salvar alterações",
-	"actions.runners.update_runner.success": "Runner atualizado com sucesso",
-	"actions.runners.update_runner.failed": "Falha ao atualizar runner",
-	"actions.runners.delete_runner.button": "Deletar esse runner",
+	"actions.runners.update_runner.success": "Executor editado com sucesso",
+	"actions.runners.update_runner.failed": "Falha ao editar executor",
 	"actions.runners.delete_runner.success": "Runner excluído com sucesso",
 	"actions.runners.delete_runner.failed": "Falha ao excluir runner",
 	"actions.runners.delete_runner.header": "Confirme para excluir este runner",
 	"actions.runners.delete_runner.notice": "Se uma tarefa estiver sendo executada neste runner, ela será encerrada e marcada como falha. Pode quebrar o workflow de construção.",
 	"actions.runners.none": "Nenhum runner disponível",
-	"actions.runners.version": "Versão",
 	"actions.runners.reset_registration_token.button": "Resetar token de registro",
 	"actions.runners.reset_registration_token.success": "Token de registro de runner redefinido com sucesso",
 	"repo.pulls.maintainers_can_edit": "Mantenedores podem editar este pull request.",
@@ -429,9 +420,9 @@
 	"teams.add_all_repos.modal.header": "Adicionar todos os repositórios",
 	"teams.remove_all_repos.modal.header": "Remover todos os repositórios",
 	"repo.pulls.poster_manage_approval": "Gerenciar aprovação",
-	"repo.pulls.poster_requires_approval": "Alguns workflows estão <a href=\"%[1]s\">aguardando revisão.</a>",
+	"repo.pulls.poster_requires_approval": "Alguns workflows estão <a href=\"%[1]s\">aguardando revisão</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "O autor deste pull request não foi marcado como confiável para executar workflows acionados por um pull request criado de um repositório como fork ou com o AGit. Os workflows acionados por eventos `pull_request` não serão executados até que tenham sido aprovados.",
-	"repo.pulls.poster_is_trusted": "O autor desse pull request foi <a href=\"%[1]s\">marcado como sempre confiável para executar workflows.</a>",
+	"repo.pulls.poster_is_trusted": "O autor desse pull request foi <a href=\"%[1]s\">marcado como sempre confiável para executar workflows</a>.",
 	"repo.pulls.poster_is_trusted.tooltip": "O autor deste pull request está marcado explicitamente como confiável para executar workflows acionados por eventos `pull_request`.",
 	"repo.pulls.poster_trust_deny": "Negar",
 	"repo.pulls.poster_trust_deny.tooltip": "Os workflows aguardando aprovação serão cancelados.",
@@ -484,10 +475,10 @@
 	"moderation.issue.deletion_success": "A questão foi excluída.",
 	"moderation.comment.deletion_success": "O comentário foi excluído.",
 	"actions.workflow.incomplete_matrix_missing_job": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: trabalho %[2]s não está na lista de `needs` do trabalho %[1]s (%[3]s).",
-	"actions.workflow.incomplete_matrix_missing_output": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: o trabalho %[2]s não tem uma saída %[3]s.",
+	"actions.workflow.incomplete_matrix_missing_output": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: falta o resultado %[3]s no trabalho %[2]s.",
 	"actions.workflow.incomplete_matrix_unknown_cause": "Não foi possível avaliar `strategy.matrix` do trabalho %[1]s: erro desconhecido.",
 	"actions.workflow.incomplete_runson_missing_job": "Não foi possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não está na lista `needs` do trabalho %[1]s (%[3]s).",
-	"actions.workflow.incomplete_runson_missing_output": "Não é possível avaliar `runs-on` do trabalho %[1]s: o trabalho %[2]s não tem uma saída %[3]s.",
+	"actions.workflow.incomplete_runson_missing_output": "Não é possível avaliar `runs-on` do trabalho %[1]s: falta saída de %[3]s no trabalho %[2]s.",
 	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Não é possível avaliar `runs-on` do trabalho %[1]s: a dimensão da matriz %[2]s não existe.",
 	"actions.workflow.incomplete_runson_unknown_cause": "Não é possível avaliar `runs-on` do trabalho %[1]s: erro desconhecido.",
 	"repo.view.gitmodules_too_large": "O arquivo .gitmodules é muito grande e portanto será ignorado (em chamadas de API nesta instância)",
@@ -497,10 +488,31 @@
 	"issues.updated": "%s atualizado",
 	"search.fuzzy": "Difusa",
 	"actions.workflow.incomplete_with_missing_job": "Não é possível avaliar `with` do trabalho %[1]s: o trabalho %[2]s não está na lista de `needs` do trabalho %[1]s (%[3]s).",
-	"actions.workflow.incomplete_with_missing_output": "Não é possível avaliar `with` do trabalho %[1]s: falta o resultado %[3]s no trabalho %[2]s.",
+	"actions.workflow.incomplete_with_missing_output": "Não é possível avaliar `with` do trabalho %[1]s: falta a saída de %[3]s no trabalho %[2]s.",
 	"actions.workflow.incomplete_with_missing_matrix_dimension": "Não é possível avaliar `with` do trabalho %[1]s: a dimensão da matriz %[2]s não existe.",
 	"actions.workflow.incomplete_with_unknown_cause": "Não é possível avaliar `with` do trabalho %[1]s: erro desconhecido.",
 	"repo.issues.filter_sort.hint_with_placeholder": "Ordenar por: %s",
 	"issues.filters.labels.exclude": "Remover rótulo",
-	"issues.filters.labels.unexclude": "Limpar exclusão"
+	"issues.filters.labels.unexclude": "Limpar exclusão",
+	"packages.common.install": "Para instalar o pacote, execute o seguinte comando:",
+	"packages.common.registry": "Configure este registro a partir da linha de comando:",
+	"packages.common.repository": "Informações do repositório",
+	"actions.runs.all_runs_link": "todas as execuções",
+	"actions.secrets.creation.name_description": "O nome de um segredo só pode conter letras, números e sublinhados. Não pode começar com FORGEJO_, GITEA_, GITHUB_ ou um número. O Forgejo irá convertê-lo automaticamente para maiúsculas.",
+	"actions.secrets.creation.value_description": "O valor de um segredo pode ser qualquer texto. Os caracteres especiais são mantidos. CRLF (quebras de linha no estilo Windows) é automaticamente convertido para LF. Codifique o valor com Base64 se as quebras de linha devem ser mantidas.",
+	"actions.variables.mutation.name_description": "O nome de uma variável só pode conter letras, números e sublinhados. Não pode ser nomeado CI nem começar por FORGEJO_, GITEA_, GITHUB_ ou um número. O Forgejo irá convertê-lo automaticamente para maiúsculas.",
+	"actions.variables.mutation.value_description": "O valor de uma variável pode ser qualquer texto. Os caracteres especiais são mantidos. CRLF (quebras de linha no estilo Windows) é automaticamente convertido para LF. Codifique o valor com Base64 se as quebras de linha devem ser mantidas.",
+	"pulls.manual_merge.helpder.description": "Use esta mensagem de commit da mescla ao concluir a mescla manualmente.",
+	"pulls.manual_merge.commit.title": "Título do commit de mescla",
+	"pulls.manual_merge.commit.body": "Corpo do commit de mescla",
+	"pulls.manual_merge.copy.button": "Copiar mensagem do commit de mescla",
+	"editor.replace": "Substituir",
+	"editor.replace_all": "Substituir todos",
+	"editor.toggle_case": "Alternar sensibilidade a maiúsculas/minúsculas",
+	"editor.toggle_regex": "Alternar o uso de expressões regulares",
+	"pulls.manual_merge.helper": "Assistente de mesclagem manual",
+	"editor.search": "Busca",
+	"editor.find_previous": "Ocorrência anterior",
+	"editor.find_next": "Ocorrência seguinte",
+	"editor.toggle_whole_word": "Alternar correspondência completa de palavras"
 }
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index e0aad4484e..e884f34fa3 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -173,7 +173,7 @@
 	"packages.owner.settings.cleanuprules.keep.title": "As versões que correspondem a estas regras serão mantidas, mesmo que correspondam à regra de remoção abaixo.",
 	"packages.owner.settings.cleanuprules.keep.count": "Manter a mais recente",
 	"packages.owner.settings.cleanuprules.keep.pattern": "Manter as versões correspondentes",
-	"packages.owner.settings.cleanuprules.keep.pattern.container": "A <code>última</code> versão será sempre mantida para pacotes de contentor.",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "A versão <code>latest</code> será sempre mantida para pacotes de Container.",
 	"packages.owner.settings.cleanuprules.remove.title": "Versões que correspondam a estas regras serão removidos, a não ser que a regra acima diga para os manter.",
 	"packages.owner.settings.cleanuprules.remove.days": "Remover versões mais antigas do que",
 	"packages.owner.settings.cleanuprules.remove.pattern": "Remover as versões correspondentes",
@@ -334,7 +334,7 @@
 	"migrate.pagure.incorrect_url": "Foi fornecida uma URL incorreta do repositório de origem",
 	"migrate.pagure.project_url": "URL do projeto Pagure",
 	"migrate.pagure.project_example": "URL do projeto Pagure, por exemplo, https://pagure.io/pagure",
-	"migrate.pagure.token_label": "Código da API do Pagure",
+	"migrate.pagure.token_label": "Token da API do Pagure",
 	"migrate.github.description": "Migrar dados do github.com ou do GitHub Enterprise server.",
 	"migrate.git.description": "Migrar um repositório somente de qualquer serviço Git.",
 	"migrate.gitea.description": "Migrar dados de gitea.com ou de outras instâncias do Gitea.",
@@ -350,9 +350,6 @@
 	"actions.runs.viewing_out_of_date_run": "Está a visualizar uma execução desatualizada deste trabalho que foi executado %[1]s.",
 	"actions.runs.view_most_recent_run": "Ver execução mais recente",
 	"actions.runs.all_workflows": "Todas as sequências de trabalho",
-	"actions.runs.commit": "Cometimento",
-	"actions.runs.scheduled": "Agendadas",
-	"actions.runs.pushed_by": "enviado por",
 	"actions.runs.workflow": "Sequência de trabalho",
 	"actions.runs.invalid_workflow_helper": "O ficheiro de configuração da sequência de trabalho é inválido. Verifique o seu ficheiro de configuração: %s",
 	"actions.runs.no_matching_online_runner.helper": "Não existem executores ligados que tenham o rótulo %s",
@@ -374,33 +371,27 @@
 	"actions.runners.status.idle": "Parado",
 	"actions.runners.status.active": "Em funcionamento",
 	"actions.runners.status.offline": "Desconectado",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Nome",
 	"actions.runners.owner_type": "Tipo",
 	"actions.runners.description": "Descrição",
 	"actions.runners.labels": "Rótulos",
 	"actions.runners.last_online": "Última vez que esteve ligado",
-	"actions.runners.runner_title": "Executor",
-	"actions.runners.task_list": "Tarefas recentes deste executor",
+	"actions.runners.runner_title": "Executor %s",
 	"actions.runners.task_list.no_tasks": "Ainda não há tarefas.",
 	"actions.runners.task_list.run": "Executar",
 	"actions.runners.task_list.status": "Estado",
 	"actions.runners.task_list.repository": "Repositório",
 	"actions.runners.task_list.commit": "Cometimento",
 	"actions.runners.task_list.done_at": "Feito em",
-	"actions.runners.edit_runner": "Editar executor",
-	"actions.runners.update_runner.button": "Guardar alterações",
 	"actions.runners.update_runner.success": "O executor foi modificado com sucesso",
 	"actions.runners.update_runner.failed": "Falhou ao modificar o executor",
-	"actions.runners.delete_runner.button": "Eliminar este executor",
 	"actions.runners.delete_runner.success": "O executor foi eliminado com sucesso",
 	"actions.runners.delete_runner.failed": "Falhou ao eliminar o executor",
 	"actions.runners.delete_runner.header": "Confirme que quer eliminar este executor",
 	"actions.runners.delete_runner.notice": "Se uma tarefa estiver a correr neste executor, será terminada e marcada como tendo falhado. Isso poderá quebrar a sequência de trabalho de construção.",
 	"actions.runners.none": "Não há executores disponíveis",
-	"actions.runners.version": "Versão",
-	"actions.runners.reset_registration_token.button": "Repor código de registo",
-	"actions.runners.reset_registration_token.success": "O código de incrição do executor foi reposto com sucesso",
+	"actions.runners.reset_registration_token.button": "Repor token de registo",
+	"actions.runners.reset_registration_token.success": "O token de registo do executor foi reposto com sucesso",
 	"pulse.n_active_issues": {
 		"one": "%s questão vigente",
 		"many": "%s questões vigentes",
@@ -415,9 +406,9 @@
 	"repo.pulls.maintainers_cannot_edit": "Os responsáveis não podem editar este pedido de integração.",
 	"mail.issue.action.close_by_commit": "%[1]s fechou %[2]s no cometimento %[3]s.",
 	"migrate.pagure.private_issues.summary": "Questões privadas (opcional)",
-	"migrate.pagure.private_issues.description": "Esta funcionalidade está desenhada para criar um segundo repositório contendo apenas questões privadas do seu repositório Pagure para efeitos de arquivo. Primeiro, faça uma migração normal (sem um código) para importar todo o conteúdo público. Depois, se tiver questões privadas a preservar, crie um repositório separado usando esta opção com código para arquivar essas questões privadas.",
+	"migrate.pagure.private_issues.description": "Esta funcionalidade está desenhada para criar um segundo repositório contendo apenas questões privadas do seu repositório Pagure para efeitos de arquivo. Primeiro, faça uma migração normal (sem um token) para importar todo o conteúdo público. Depois, se tiver questões privadas a preservar, crie um repositório separado usando esta opção com token para arquivar essas questões privadas.",
 	"migrate.pagure.private_issues.warning": "Certifique-se que passa a visibilidade do repositório para Privado se estiver a usar a chave de API para importar questões privadas. Isso irá evitar que exponha acidentalmente conteúdo privado num repositório público.",
-	"migrate.pagure.token.placeholder": "Somente para criar arquivo com questões privadas",
+	"migrate.pagure.token.placeholder": "Apenas para criar arquivo com questões privadas",
 	"actions.workflow.job_parsing_error": "Não foi possível analisar os trabalhos na sequência de trabalho: %v",
 	"actions.workflow.event_detection_error": "Não foi possível analisar eventos suportados na sequência de trabalho: %v",
 	"actions.workflow.pre_execution_error": "A sequência de trabalho não foi executada por causa de um erro que bloqueou a tentativa de execução.",
@@ -442,7 +433,7 @@
 	"repo.pulls.poster_trust_revoke": "Revogar",
 	"repo.pulls.poster_trust_revoke.tooltip": "O autor deste pedido de integração deixará de ser considerado confiável para executar sequências de trabalho acionadas por um evento `pull_request`, cada execução terá que ser aprovada manualmente.",
 	"admin.dashboard.actions_action_user": "Revogar a confiança em Forgejo Actions para utilizadores inativos",
-	"keys.verify.token.hint": "O código é válido apenas por 1 minuto. <a href=\"%[1]s\">Obtenha um novo se ele expirou</a>.",
+	"keys.verify.token.hint": "O token é válido apenas por 1 minuto. <a href=\"%[1]s\">Obtenha um novo se ele expirou</a>.",
 	"actions.status.diagnostics.waiting": {
 		"one": "Aguardando por um executor com o seguinte rótulo: %s",
 		"many": "Aguardando por um executor com os seguintes rótulos: %s",
@@ -523,5 +514,86 @@
 	"packages.common.install": "Para instalar o pacote, execute o seguinte comando:",
 	"packages.common.registry": "Configure este registo a partir da linha de comandos:",
 	"packages.common.repository": "Informações sobre o repositório",
-	"actions.runs.all_runs_link": "todas as execuções"
+	"actions.runs.all_runs_link": "todas as execuções",
+	"repo.pulls.auto_merge.no_permission": "Não tem permissão para cancelar a integração automática deste pedido de integração.",
+	"access_token.error.specified_repos_none": "Os tokens de acesso com repositórios especificados devem ter pelo menos um repositório.",
+	"access_token.error.specified_repos_and_public_only": "Os tokens de acesso com repositórios especificados não podem ser combinados com o âmbito apenas público.",
+	"access_token.error.specified_repos_and_invalid_scope": "Os tokens de acesso com repositórios especificados só podem ser usados com os âmbitos read:issue, write:issue, read:repository e write:repository.",
+	"settings.specific_repo_access": "Acesso ao repositório",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Token",
+	"actions.runners.edit_runner.regenerate_token_label": "Regenerar token",
+	"actions.runners.edit_runner.regenerate_token_help": "O token atual será invalidado imediatamente. Receberá um novo token na página seguinte.",
+	"actions.runners.show_registration_token": "Mostrar token de registo",
+	"actions.runners.runner_setup.last_chance_copying_token": "Copie o token agora, pois não poderá voltar a vê-lo!",
+	"actions.runners.runner_setup.button_copy_token_aria": "Copiar token do executor",
+	"actions.runners.reset_registration_token.token": "Token de Registo (Obsoleto)",
+	"actions.runners.ephemeral": "Efémero",
+	"actions.runners.list_runners.details_column": "Detalhes",
+	"actions.runners.list_runners.edit_column": "Editar",
+	"actions.runners.list_runners.delete_column": "Eliminar",
+	"actions.runners.list_runners.details_button": "Detalhes",
+	"actions.runners.list_runners.details_button_aria": "Mostrar detalhes de %s",
+	"actions.runners.list_runners.delete_button": "Eliminar",
+	"actions.runners.list_runners.delete_button_aria": "Eliminar %s",
+	"actions.runners.list_runners.edit_button": "Editar",
+	"actions.runners.list_runners.edit_button_aria": "Editar %s",
+	"actions.runners.ephemeral.yes": "sim",
+	"actions.runners.ephemeral.no": "não",
+	"actions.runners.edit_runner_button": "Editar executor",
+	"actions.runners.create_runner.page_title": "Criar novo executor",
+	"actions.runners.create_runner.title": "Criar novo executor",
+	"actions.runners.create_runner.properties_fieldset": "Propriedades",
+	"actions.runners.create_runner.name_label": "Nome",
+	"actions.runners.create_runner.description_label": "Descrição",
+	"actions.runners.create_runner.create_button": "Criar",
+	"actions.runners.create_runner.cancel_button": "Cancelar",
+	"actions.runners.edit_runner.page_title": "Editar executor %s",
+	"actions.runners.edit_runner.title": "Editar executor %s",
+	"actions.runners.edit_runner.properties_fieldset": "Propriedades",
+	"actions.runners.edit_runner.properties_options": "Opções",
+	"actions.runners.edit_runner.name_label": "Nome",
+	"actions.runners.edit_runner.description_label": "Descrição",
+	"actions.runners.edit_runner.save_button": "Guardar",
+	"actions.runners.edit_runner.cancel_button": "Cancelar",
+	"actions.runners.runner_setup.title": "Configurar o executor %s",
+	"actions.runners.runner_details.page_title": "Executor %s",
+	"actions.runners.runner_details.labels_note": "Os rótulos do Forgejo Runner são definidos no ficheiro de configuração do Forgejo Runner ou passadas como opção de linha de comandos. São atualizados sempre que o Forgejo Runner estabelece uma ligação ao Forgejo.",
+	"actions.runners.runner_setup.page_title": "Configurar o executor %s",
+	"actions.runners.runner_setup.list_of_runners_link": "Lista de executores",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Copiar UUID do executor",
+	"actions.runners.runner_setup.heading_using_configuration": "Utilizando o ficheiro de configuração do executor",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Trecho para inserir na configuração do executor",
+	"actions.runners.runner_setup.program_options_snippet_aria": "Como iniciar o forgejo-runner",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Substitua o nome da ligação (<code>forgejo</code> no exemplo) por um valor à sua escolha.",
+	"actions.runners.runner_setup.heading_using_options": "Utilizando as opções do programa",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Para configurar o Forgejo Runner em containers ou em configurações avançadas, consulte a <a href=\"https://TO-BE-REPLACED.COM\">documentação</a>.",
+	"form.RunnerName": "Nome",
+	"settings.new_access_token": "Novo token de acesso",
+	"settings.permissions_access_specific_repositories": "Repositórios específicos",
+	"settings.access_token.selected_repositories": {
+		"one": "Repositório selecionado (%d)",
+		"many": "Repositórios selecionados (%d)",
+		"other": "Repositórios selecionados (%d)"
+	},
+	"settings.access_token.available_repositories": "Repositórios disponíveis",
+	"settings.access_token.no_repositories_selected": "Nenhum repositório selecionado.",
+	"settings.access_token.no_repositories_found": "Nenhum repositório encontrado.",
+	"settings.access_token.remove": "Remover %s",
+	"settings.access_token.resource_all_help": "Permitir o acesso a todos os recursos.",
+	"settings.access_token.resource_public_only_help": "Limitar o acesso a repositórios e organizações que sejam públicos.",
+	"settings.access_token.resource_specific_repo_help": "Limitar o acesso a uma lista específica de repositórios. É permitido o acesso apenas de leitura a todos os repositórios públicos. Apenas podem ser ativadas as permissões que permitem o acesso a repositórios e questões.",
+	"settings.access_token.admin_disabled": "As permissões administrativas estão desativadas.",
+	"actions.runners.task_list_repo": "Tarefas recentes deste repositório neste executor",
+	"actions.runners.task_list_org": "Tarefas recentes neste executor dentro desta organização",
+	"actions.runners.task_list_admin": "Tarefas recentes neste executor",
+	"actions.runners.task_list_user": "Tarefas recentes deste utilizador neste executor",
+	"actions.secrets.edit_button": "Editar segredo \"%s\"",
+	"actions.secrets.mutation.header": "Editar segredo \"%s\"",
+	"actions.secrets.mutation.success_message": "O segredo \"%s\" foi atualizado.",
+	"actions.secrets.mutation.failure_message": "Não foi possível atualizar o segredo \"%s\".",
+	"actions.secrets.mutation.name_description": "O nome de um segredo só pode conter letras, números e sublinhados. Não pode começar por FORGEJO_, GITEA_, GITHUB_ ou um número. O Forgejo irá convertê-lo automaticamente para maiúsculas.",
+	"actions.secrets.mutation.value_description": "O valor atual não será apresentado. Deixe o campo em branco se não pretender alterá-lo. Os caracteres especiais são mantidos. CRLF (quebras de linha no estilo Windows) é automaticamente convertido para LF. Codifique o valor com Base64 se as quebras de linha devem ser mantidas.",
+	"graphs.recent_commits.title": "Número de cometimentos no último ano",
+	"graphs.code_frequency.title": "Frequência do código ao longo da história de {0}"
 }
diff --git a/options/locale_next/locale_ro.json b/options/locale_next/locale_ro.json
index e1940e1e14..0f3e8af7ee 100644
--- a/options/locale_next/locale_ro.json
+++ b/options/locale_next/locale_ro.json
@@ -1,3 +1,4 @@
 {
-	"meta.last_line": " "
+	"meta.last_line": " ",
+	"packages.empty": "Momentan nu există pachete."
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 92b66653ed..c710490152 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -350,9 +350,6 @@
 	"actions.runs.viewing_out_of_date_run": "Это устаревший результат задания, которое выполнялось %[1]s.",
 	"actions.runs.view_most_recent_run": "Перейти к актуальному",
 	"actions.runs.all_workflows": "Все рабочие потоки",
-	"actions.runs.commit": "коммит",
-	"actions.runs.scheduled": "Запланировано",
-	"actions.runs.pushed_by": "отправлен",
 	"actions.runs.workflow": "Рабочий поток",
 	"actions.runs.invalid_workflow_helper": "Файл конфигурации рабочего потока некорректен. Пожалуйста, проверьте конфигурационный файл: %s",
 	"actions.runs.no_matching_online_runner.helper": "Нет работающего исполнителя с меткой: %s",
@@ -374,31 +371,25 @@
 	"actions.runners.status.idle": "Простаивает",
 	"actions.runners.status.active": "Активен",
 	"actions.runners.status.offline": "Недоступен",
-	"actions.runners.id": "ИД",
 	"actions.runners.name": "Название",
 	"actions.runners.owner_type": "Тип",
 	"actions.runners.description": "Описание",
 	"actions.runners.labels": "Метки",
 	"actions.runners.last_online": "Был в сети",
-	"actions.runners.runner_title": "Исполнитель",
-	"actions.runners.task_list": "Недавние задания исполнителя",
+	"actions.runners.runner_title": "Исполнитель %s",
 	"actions.runners.task_list.no_tasks": "Заданий пока нет.",
 	"actions.runners.task_list.run": "Запуск",
 	"actions.runners.task_list.status": "Состояние",
 	"actions.runners.task_list.repository": "Репозиторий",
 	"actions.runners.task_list.commit": "Коммит",
 	"actions.runners.task_list.done_at": "Завершено",
-	"actions.runners.edit_runner": "Изменить исполнителя",
-	"actions.runners.update_runner.button": "Сохранить изменения",
 	"actions.runners.update_runner.success": "Исполнитель успешно изменён",
 	"actions.runners.update_runner.failed": "Не удалось изменить исполнителя",
-	"actions.runners.delete_runner.button": "Удалить этого исполнителя",
 	"actions.runners.delete_runner.success": "Исполнитель успешно удалён",
 	"actions.runners.delete_runner.failed": "Не удалось удалить исполнителя",
 	"actions.runners.delete_runner.header": "Подтвердите удаление исполнителя",
 	"actions.runners.delete_runner.notice": "Если на этом исполнителе выполняется задание, оно будет завершено и помечено как неудачное. Это может нарушить собирающийся раб. поток.",
 	"actions.runners.none": "Нет доступных исполнителей",
-	"actions.runners.version": "Версия",
 	"actions.runners.reset_registration_token.button": "Сбросить токен регистрации",
 	"actions.runners.reset_registration_token.success": "Токен регистрации исполнителя успешно сброшен",
 	"repo.pulls.maintainers_can_edit": "Сопровождающие могут вносить правки.",
@@ -523,5 +514,44 @@
 	"packages.common.install": "Чтобы установить пакет, выполните следующую команду:",
 	"packages.common.registry": "Добавьте реестр командой:",
 	"actions.runs.all_runs_link": "все запуски",
-	"repo.issues.filter_sort.hint_with_placeholder": "Сортировать по: %s"
+	"repo.issues.filter_sort.hint_with_placeholder": "Сортировать по: %s",
+	"repo.pulls.auto_merge.no_permission": "У вас нет права отменить автоматическое слияние этого запроса на слияние.",
+	"settings.specific_repo_access": "Доступ к репозиториям",
+	"access_token.error.specified_repos_none": "Токен доступа для конкретных репозиториев должен иметь хотя бы один указанный репозиторий.",
+	"access_token.error.specified_repos_and_public_only": "Токен доступа для конкретных репозиториев не может иметь доступ лишь к публичным репозиториям.",
+	"access_token.error.specified_repos_and_invalid_scope": "Токен доступа для конкретных репозиториев может иметь только следующие разрешения: read:issue, write:issue, read:repository и write:repository.",
+	"actions.runners.uuid": "УУИД",
+	"actions.runners.token": "Токен",
+	"actions.runners.ephemeral": "Одноразовый",
+	"actions.runners.list_runners.details_column": "Подробности",
+	"actions.runners.list_runners.delete_column": "Удалить",
+	"actions.runners.runner_setup.list_of_runners_link": "Список исполнителей",
+	"actions.runners.runner_setup.last_chance_copying_token": "Скопируйте токен сейчас – потом он не будет отображаться!",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Копировать УУИД исполнителя",
+	"actions.runners.runner_setup.button_copy_token_aria": "Копировать токен исполнителя",
+	"actions.runners.reset_registration_token.token": "Токен регистрации (устаревший вариант)",
+	"form.RunnerName": "Название",
+	"actions.runners.task_list_repo": "Недавние задания из этого репозитория для этого исполнителя",
+	"actions.runners.task_list_org": "Недавние задания из этой организации для этого исполнителя",
+	"actions.runners.task_list_admin": "Недавние задания этого исполнителя",
+	"actions.runners.task_list_user": "Недавние задания от этого пользователя для этого исполнителя",
+	"actions.runners.edit_runner.name_label": "Название",
+	"actions.runners.create_runner.name_label": "Название",
+	"settings.new_access_token": "Новый токен доступа",
+	"settings.permissions_access_specific_repositories": "Конкретные репозитории",
+	"settings.access_token.selected_repositories": {
+		"one": "Избранный репозиторий (%d)",
+		"few": "Избранные репозитории (%d)",
+		"many": "Избранные репозитории (%d)"
+	},
+	"settings.access_token.available_repositories": "Доступные репозитории",
+	"settings.access_token.no_repositories_selected": "Репозитории не выбраны.",
+	"settings.access_token.no_repositories_found": "Репозитории не найдены.",
+	"actions.runners.create_runner.title": "Добавить нового исполнителя",
+	"actions.runners.create_runner.properties_fieldset": "Свойства",
+	"actions.runners.create_runner.description_label": "Описание",
+	"actions.runners.runner_setup.heading_using_configuration": "Используя файл конфигурации исполнителя",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Часть конфигурации, которую нужно добавить",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Замените название подключения (в примере – <code>forgejo</code>) на нужное.",
+	"actions.runners.runner_setup.heading_using_options": "Используя параметры запуска"
 }
diff --git a/options/locale_next/locale_si-LK.json b/options/locale_next/locale_si-LK.json
index 9c847c6f1c..42f249b0a8 100644
--- a/options/locale_next/locale_si-LK.json
+++ b/options/locale_next/locale_si-LK.json
@@ -6,7 +6,6 @@
 	"actions.runners.task_list.repository": "කෝෂ්ඨය",
 	"actions.runners.task_list.commit": "කැප",
 	"actions.runners.status.active": "ක්රියාකාරී",
-	"actions.runs.commit": "කැප",
 	"notification.notifications": "දැනුම්දීම්",
 	"notification.unread": "නොකියවූ",
 	"notification.read": "කියවූ",
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index b456cb4691..c8c8f188ee 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -21,7 +21,7 @@
 	"notification.watching": "Bevakar",
 	"notification.no_subscriptions": "Inga prenumerationer.",
 	"dropzone.default_message": "Släpp filer här eller klicka för att ladda upp.",
-	"dropzone.invalid_input_type": "Du kan inte ladda upp filer av denna typen.",
+	"dropzone.invalid_input_type": "Filer av den här typen kan inte laddas upp.",
 	"dropzone.file_too_big": "Filstorleken ({{filesize}} MB) överskrider maxstorleken ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Ta bort fil",
 	"munits.data.b": "B",
@@ -62,7 +62,7 @@
 	"packages.dependency.version": "Version",
 	"packages.search_in_external_registry": "Sök i %s",
 	"packages.alpine.registry": "Konfigurera detta register genom att lägga till URL:en i din <code>/etc/apk/repositories</code>-fil:",
-	"packages.alpine.registry.key": "Ladda ner registrets offentliga RSA-nyckel till <code>/etc/apk/keys/</code>-mappen för att verifiera indexsignaturen:",
+	"packages.alpine.registry.key": "Ladda ner registrets offentliga RSA-nyckel till <code>/etc/apk/keys/</code>-katalogen för att verifiera indexsignaturen:",
 	"packages.alpine.registry.info": "Välj $gren och $kodförråd från listan nedan.",
 	"packages.alpine.repository.branches": "Grenar",
 	"packages.alpine.repository.repositories": "Kodförråd",
@@ -77,8 +77,8 @@
 	"packages.arch.version.provides": "Tillhandahåller",
 	"packages.arch.version.groups": "Grupp",
 	"packages.arch.version.optdepends": "Valfria beroenden",
-	"packages.arch.version.makedepends": "Byggberoenden",
-	"packages.arch.version.checkdepends": "Kontrollberoenden",
+	"packages.arch.version.makedepends": "Skapa beroenden",
+	"packages.arch.version.checkdepends": "Kontrollera beroenden",
 	"packages.arch.version.conflicts": "Konflikter",
 	"packages.arch.version.replaces": "Ersätter",
 	"packages.arch.version.backup": "Säkerhetskopia",
@@ -111,10 +111,10 @@
 	"packages.maven.registry": "Konfigurera detta register i ditt projekts <code>pom.xml</code>-fil:",
 	"packages.maven.install": "För att använda paketet, inkludera följande i <code>dependencies</code>-blocket i <code>pom.xml</code>-filen:",
 	"packages.maven.install2": "Kör via kommandoraden:",
-	"packages.maven.download": "För att ladda ner beroendet, kör via kommandoraden:",
+	"packages.maven.download": "För att hämta ned beroendet, kör via kommandoraden:",
 	"packages.nuget.install": "För att installera paketet med NuGet, kör följande kommando:",
 	"packages.nuget.dependency.framework": "Målramverk",
-	"packages.npm.registry": "Konfigurera detta register i ditt projekts <code>.npmrc</code>-fil:",
+	"packages.npm.registry": "Konfigurera registret i ditt projekts <code>.npmrc</code>-fil:",
 	"packages.npm.install": "För att installera paketet med npm, kör följande kommando:",
 	"packages.npm.install2": "eller lägg till det i package.json-filen:",
 	"packages.npm.dependencies.development": "Utvecklingsberoenden",
@@ -292,8 +292,8 @@
 		"other": "%s aktiva ärenden"
 	},
 	"pulse.n_active_prs": {
-		"one": "%s aktiv pull-förfrågan",
-		"other": "%s aktiva pull-förfrågningar"
+		"one": "%s aktiv ändringsförfrågan",
+		"other": "%s aktiva ändringsförfrågningar"
 	},
 	"migrate.form.error.url_credentials": "URL:en innehåller inloggningsuppgifter, sätt dem i respektive användarnamn- och lösenordsfält",
 	"migrate.git.description": "Migrera ett kodförråd från en Git-tjänst.",
@@ -330,12 +330,9 @@
 	"migrate.pagure.token_label": "Pagure API-token",
 	"actions.runs.run_attempt_label": "Kör försök #%[1]s (%[2]s)",
 	"actions.runs.all_workflows": "Alla arbetsflöden",
-	"actions.runs.commit": "Commit",
-	"actions.runs.scheduled": "Schemalagd",
-	"actions.runs.pushed_by": "skickad av",
 	"actions.runs.workflow": "Arbetsflöde",
 	"actions.runs.invalid_workflow_helper": "Arbetsflödets konfigurationsfil är ogiltig. Kontrollera din konfigurationsfil: %s",
-	"actions.runs.no_matching_online_runner.helper": "Ingen matchande körare online med etikett: %s",
+	"actions.runs.no_matching_online_runner.helper": "Ingen matchande anslutna körare med etikett: %s",
 	"actions.runs.no_job_without_needs": "Arbetsflödet måste innehålla minst ett jobb utan beroenden.",
 	"actions.runs.no_job": "Arbetsflödet måste innehålla minst ett jobb",
 	"actions.runs.actor": "Aktör",
@@ -353,32 +350,26 @@
 	"actions.runners.status.unspecified": "Okänd",
 	"actions.runners.status.idle": "Inaktiv",
 	"actions.runners.status.active": "Aktiv",
-	"actions.runners.status.offline": "Offline",
-	"actions.runners.id": "ID",
+	"actions.runners.status.offline": "Frånkopplad",
 	"actions.runners.name": "Namn",
 	"actions.runners.owner_type": "Typ",
 	"actions.runners.description": "Beskrivning",
 	"actions.runners.labels": "Etiketter",
-	"actions.runners.last_online": "Senast online",
-	"actions.runners.runner_title": "Körare",
-	"actions.runners.task_list": "Senaste uppgifter på denna körare",
-	"actions.runners.task_list.no_tasks": "Det finns ingen uppgift ännu.",
+	"actions.runners.last_online": "Senast ansluten",
+	"actions.runners.runner_title": "Körare %s",
+	"actions.runners.task_list.no_tasks": "Det finns inga uppgifter ännu.",
 	"actions.runners.task_list.run": "Kör",
 	"actions.runners.task_list.status": "Status",
 	"actions.runners.task_list.repository": "Kodförråd",
-	"actions.runners.task_list.commit": "Commit",
+	"actions.runners.task_list.commit": "Incheckning",
 	"actions.runners.task_list.done_at": "Klar",
-	"actions.runners.edit_runner": "Redigera körare",
-	"actions.runners.update_runner.button": "Uppdatera ändringar",
-	"actions.runners.update_runner.success": "Körare uppdaterad framgångsrikt",
-	"actions.runners.update_runner.failed": "Misslyckades med att uppdatera körare",
-	"actions.runners.delete_runner.button": "Ta bort denna körare",
+	"actions.runners.update_runner.success": "Köraren uppdaterades",
+	"actions.runners.update_runner.failed": "Misslyckades med att redigera körare",
 	"actions.runners.delete_runner.success": "Körare borttagen framgångsrikt",
 	"actions.runners.delete_runner.failed": "Misslyckades med att ta bort körare",
 	"actions.runners.delete_runner.header": "Bekräfta för att ta bort denna körare",
 	"actions.runners.delete_runner.notice": "Om en uppgift körs på denna körare kommer den att avbrytas och markeras som misslyckad. Det kan bryta byggarbetsflödet.",
 	"actions.runners.none": "Inga körare tillgängliga",
-	"actions.runners.version": "Version",
 	"actions.runners.reset_registration_token.button": "Återställ registreringstoken",
 	"actions.runners.reset_registration_token.success": "Körarens registreringstoken återställd framgångsrikt",
 	"migrate.github.description": "Migrera data från github.com eller GitHub Enterprise server.",
@@ -419,8 +410,8 @@
 	"admin.dashboard.actions_action_user": "Återkalla Forgejo Actions-förtroende för inaktiva användare",
 	"admin.dashboard.transfer_lingering_logs": "Överför loggar över slutförda åtgärder från databasen till lagringsutrymmet",
 	"actions.workflow.persistent_incomplete_matrix": "Det går inte att utvärdera `strategy.matrix` för jobb %[1]s på grund av ett ogiltigt `needs`-uttryck. Det kan hänvisa till ett jobb som inte finns i dess ’needs’-lista (%[2]s) eller en utdata som inte finns i något av dessa jobb.",
-	"teams.add_all_repos.modal.header": "Lägg till arkiv",
-	"teams.remove_all_repos.modal.header": "Ta bort alla arkiv",
+	"teams.add_all_repos.modal.header": "Lägg till alla kodförråd",
+	"teams.remove_all_repos.modal.header": "Ta bort alla kodförråd",
 	"admin.auths.oauth2_quota_group_map_removal": "Ta bort användare från synkroniserade kvotgrupper om användaren inte tillhör motsvarande grupp.",
 	"issues.updated": "uppdaterade %s",
 	"repo.pulls.poster_requires_approval": "Några arbetsflöden <a href=\"%[1]s\">väntar på att bli undersökta.</a>.",
@@ -508,5 +499,80 @@
 	"packages.common.install": "För att installera paketet, kör följande kommando:",
 	"packages.common.registry": "Konfigurera upp registret från kommandoraden:",
 	"packages.common.repository": "Kodförrådsinfo",
-	"actions.runs.all_runs_link": "alla körningar"
+	"actions.runs.all_runs_link": "alla körningar",
+	"repo.pulls.auto_merge.no_permission": "Du har inte behörighet att avbryta auto-sammanfogning av denna ändringsförfrågan.",
+	"access_token.error.specified_repos_none": "Åtkomsttoken med specificerade kodförråd måste ha minst ett kodförråd.",
+	"access_token.error.specified_repos_and_public_only": "Åtkomsttoken med specificerade kodförråd kan inte kombineras med public-only-scope.",
+	"access_token.error.specified_repos_and_invalid_scope": "Åtkomsttoken med specificerade kodförråd kan endast användas med read:issue-, write:issue-, read:repository-, och write:repository-scopes.",
+	"settings.specific_repo_access": "Kodförrådsåtkomst",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Token",
+	"actions.runners.list_runners.details_column": "Detaljer",
+	"actions.runners.list_runners.edit_column": "Redigera",
+	"actions.runners.list_runners.delete_column": "Ta bort",
+	"actions.runners.list_runners.details_button_aria": "Visa detaljer för %",
+	"actions.runners.list_runners.delete_button_aria": "Ta bort %s",
+	"actions.runners.list_runners.edit_button": "Redigera",
+	"actions.runners.list_runners.edit_button_aria": "Redigera %s",
+	"actions.runners.ephemeral.yes": "Ja",
+	"actions.runners.ephemeral.no": "nej",
+	"actions.runners.edit_runner_button": "Redigera körare",
+	"actions.runners.create_runner.page_title": "Skapa ny körare",
+	"actions.runners.create_runner.title": "Skapa ny körare",
+	"actions.runners.create_runner.properties_fieldset": "Egenskaper",
+	"actions.runners.create_runner.name_label": "Namn",
+	"actions.runners.create_runner.description_label": "Beskrivning",
+	"actions.runners.create_runner.create_button": "Skapa",
+	"actions.runners.create_runner.cancel_button": "Avbryt",
+	"actions.runners.edit_runner.page_title": "Redigera körare %s",
+	"actions.runners.edit_runner.title": "Redigera körare %s",
+	"actions.runners.edit_runner.properties_fieldset": "Egenskaper",
+	"actions.runners.edit_runner.properties_options": "Alternativ",
+	"actions.runners.edit_runner.name_label": "Name",
+	"actions.runners.edit_runner.description_label": "Beskrivning",
+	"actions.runners.edit_runner.regenerate_token_label": "Återskapa token",
+	"actions.runners.edit_runner.regenerate_token_help": "Befintlig token kommer att bli ogiltig omedelbart. Du kommer att erhålla en ny token på nästa sida.",
+	"actions.runners.edit_runner.save_button": "Spara",
+	"actions.runners.edit_runner.cancel_button": "Avbryt",
+	"actions.runners.runner_setup.title": "Konfigurera körare %s",
+	"actions.runners.show_registration_token": "Visa registreringstoken",
+	"actions.runners.runner_details.page_title": "Körare %s",
+	"actions.runners.runner_details.labels_note": "Körarens etiketter definieras i konfigurationsfilen för Forgejo Runner eller skickas som en kommandoradsflagga. De uppdateras var gång Forgejo Runner etablerar en anslutning til Forgejo.",
+	"actions.runners.runner_setup.page_title": "Konfigurera körare %s",
+	"actions.runners.runner_setup.list_of_runners_link": "Lista körare",
+	"actions.runners.runner_setup.last_chance_copying_token": "Kopiera nu din token eftersom du inte kommer att kunna se den igen!",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Kopiera körarens UUID",
+	"actions.runners.runner_setup.button_copy_token_aria": "Kopiera körarens token",
+	"actions.runners.runner_setup.heading_using_configuration": "Använd körarens konfigurationsfil",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Textavsnitt att infoga i körarens konfiguration",
+	"actions.runners.runner_setup.program_options_snippet_aria": "Hur man anropar forgejo-runner",
+	"actions.runners.ephemeral": "Tillfällig",
+	"actions.runners.list_runners.details_button": "Detaljer",
+	"actions.runners.list_runners.delete_button": "Ta bort",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Ersätt anslutningsnamnet (<code>forgejo</code> i exemplet) med ett värde.",
+	"actions.runners.runner_setup.heading_using_options": "Använder programval",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "För konfiguration av Forgejo Runner i containrar eller för avancerade konfigurationer, se <a href=\"https://TO-BE-REPLACED.COM\">dokumentationen.</a>.",
+	"actions.runners.reset_registration_token.token": "Registreringstoken (Föråldrad)",
+	"form.RunnerName": "Namn",
+	"settings.new_access_token": "Ny åtkomsttoken",
+	"actions.runners.task_list_repo": "Senaste kodförrådshändelserna på denna körare",
+	"actions.runners.task_list_org": "Senaste händelserna på köraren i denna organisation",
+	"actions.runners.task_list_admin": "Senaste händelserna på denna körare",
+	"actions.runners.task_list_user": "Senaste händelserna för denna användare på denna körare",
+	"graphs.recent_commits.title": "Antal incheckningar senaste året",
+	"graphs.code_frequency.title": "Kodfrekvens genom hela historiken för {0}",
+	"settings.permissions_access_specific_repositories": "Specifika kodförråd",
+	"settings.access_token.selected_repositories": {
+		"one": "Valt kodförråd (%d)",
+		"other": "Valda kodförråd (%d)"
+	},
+	"settings.access_token.available_repositories": "Tillgängliga kodförråd",
+	"settings.access_token.no_repositories_selected": "Inga valda kodförråd",
+	"settings.access_token.no_repositories_found": "Fann inga kodförråd.",
+	"settings.access_token.remove": "Ta bort %s",
+	"settings.access_token.resource_all_help": "Tillåt åtkomst till alla resurser",
+	"settings.access_token.resource_public_only_help": "Begränsa tillgången till publika kodförråd och organisationer.",
+	"settings.access_token.admin_disabled": "Administrativa rättigheter är inaktiverade.",
+	"actions.secrets.edit_button": "Redigera hemlighet \"%s\"",
+	"actions.secrets.mutation.header": "Redigera hemlighet \"%s\""
 }
diff --git a/options/locale_next/locale_ta.json b/options/locale_next/locale_ta.json
index 242fcde9d5..3b9b69d2f6 100644
--- a/options/locale_next/locale_ta.json
+++ b/options/locale_next/locale_ta.json
@@ -349,9 +349,6 @@
 	"actions.runs.viewing_out_of_date_run": "%[1]s செயல்படுத்தப்பட்ட இந்த வேலையின் காலாவதியான ஓட்டத்தை நீங்கள் பார்க்கிறீர்கள்.",
 	"actions.runs.view_most_recent_run": "அண்மைக் கால ஓட்டத்தைக் காண்க",
 	"actions.runs.all_workflows": "அனைத்து பணிப்பாய்வுகளும்",
-	"actions.runs.commit": "உறுதி",
-	"actions.runs.scheduled": "திட்டமிடப்பட்டது",
-	"actions.runs.pushed_by": "மூலம் தள்ளப்பட்டது",
 	"actions.runs.workflow": "பணிப்பாய்வு",
 	"actions.runs.invalid_workflow_helper": "பணிப்பாய்வு கட்டமைப்பு கோப்பு தவறானது. உங்கள் கட்டமைப்பு கோப்பை சரிபார்க்கவும்: %s",
 	"actions.runs.no_matching_online_runner.helper": "லேபிளுடன் பொருந்தக்கூடிய நிகழ்நிலை ரன்னர் இல்லை: %s",
@@ -376,31 +373,25 @@
 	"actions.runners.status.idle": "நிலையிக்கம்",
 	"actions.runners.status.active": "செயலில்",
 	"actions.runners.status.offline": "இணையமில்லாமல்",
-	"actions.runners.id": "ஐடி",
 	"actions.runners.name": "பெயர்",
 	"actions.runners.owner_type": "வகை",
 	"actions.runners.description": "விவரம்",
 	"actions.runners.labels": "சிட்டைகள்",
 	"actions.runners.last_online": "கடைசி நிகழ்நிலை நேரம்",
-	"actions.runners.runner_title": "ஓடுபவர்",
-	"actions.runners.task_list": "இந்த ரன்னரின் அண்மைக் கால பணிகள்",
+	"actions.runners.runner_title": "ஓடுபவர் %s",
 	"actions.runners.task_list.no_tasks": "இன்னும் பணிகள் எதுவும் இல்லை.",
 	"actions.runners.task_list.run": "ஓடு",
 	"actions.runners.task_list.status": "நிலை",
 	"actions.runners.task_list.repository": "களஞ்சியம்",
 	"actions.runners.task_list.commit": "உறுதி",
 	"actions.runners.task_list.done_at": "மணிக்கு முடிந்தது",
-	"actions.runners.edit_runner": "திருத்து இயக்கி",
-	"actions.runners.update_runner.button": "மாற்றங்களைச் சேமி",
 	"actions.runners.update_runner.success": "இயக்கி வெற்றிகரமாகத் திருத்தப்பட்டது",
 	"actions.runners.update_runner.failed": "இயக்கியைத் திருத்த முடியவில்லை",
-	"actions.runners.delete_runner.button": "இந்த ரன்னரை நீக்கு",
 	"actions.runners.delete_runner.success": "ரன்னர் வெற்றிகரமாக நீக்கப்பட்டது",
 	"actions.runners.delete_runner.failed": "ரன்னரை நீக்க முடியவில்லை",
 	"actions.runners.delete_runner.header": "இந்த ரன்னரை நீக்குவதை உறுதிப்படுத்தவும்",
 	"actions.runners.delete_runner.notice": "இந்த ரன்னரில் ஒரு பணி இயங்கினால், அது நிறுத்தப்பட்டு தோல்வியடைந்ததாகக் குறிக்கப்படும். இது கட்டுமான பணியை உடைக்கக்கூடும்.",
 	"actions.runners.none": "ஓட்டப்பந்தய வீரர்கள் இல்லை",
-	"actions.runners.version": "பதிப்பு",
 	"actions.runners.reset_registration_token.button": "பதிவு கிள்ளாக்கை மீட்டமைக்கவும்",
 	"actions.runners.reset_registration_token.success": "ரன்னர் பதிவு கிள்ளாக்கு வெற்றிகரமாக மீட்டமைக்கப்பட்டது",
 	"pulse.n_active_issues": {
diff --git a/options/locale_next/locale_th.json b/options/locale_next/locale_th.json
index 741c24594e..a0bad37ae5 100644
--- a/options/locale_next/locale_th.json
+++ b/options/locale_next/locale_th.json
@@ -313,9 +313,6 @@
 	"actions.runs.viewing_out_of_date_run": "คุณกำลังดูการรันงานนี้ที่ล้าสมัยซึ่งดำเนินการเมื่อ %[1]s",
 	"actions.runs.view_most_recent_run": "ดูการรันล่าสุด",
 	"actions.runs.all_workflows": "เวิร์กโฟลว์ทั้งหมด",
-	"actions.runs.commit": "คอมมิต",
-	"actions.runs.scheduled": "กำหนดเวลาแล้ว",
-	"actions.runs.pushed_by": "พุชโดย",
 	"actions.runs.workflow": "เวิร์กโฟลว์",
 	"actions.runs.invalid_workflow_helper": "ไฟล์การกำหนดค่าเวิร์กโฟลว์ไม่ถูกต้อง โปรดตรวจสอบไฟล์การกำหนดค่าของคุณ: %s",
 	"actions.runs.no_matching_online_runner.helper": "ไม่มี Runner ออนไลน์ที่ตรงกันพร้อมป้ายกำกับ: %s",
@@ -348,31 +345,25 @@
 	"actions.runners.status.idle": "ว่าง",
 	"actions.runners.status.active": "ใช้งานอยู่",
 	"actions.runners.status.offline": "ออฟไลน์",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "ชื่อ",
 	"actions.runners.owner_type": "ประเภท",
 	"actions.runners.description": "คำอธิบาย",
 	"actions.runners.labels": "ป้ายกำกับ",
 	"actions.runners.last_online": "เวลาออนไลน์ล่าสุด",
-	"actions.runners.runner_title": "Runner",
-	"actions.runners.task_list": "งานล่าสุดบน Runner นี้",
+	"actions.runners.runner_title": "Runner %s",
 	"actions.runners.task_list.no_tasks": "ยังไม่มีงาน",
 	"actions.runners.task_list.run": "เรียกใช้",
 	"actions.runners.task_list.status": "สถานะ",
 	"actions.runners.task_list.repository": "ที่เก็บ",
 	"actions.runners.task_list.commit": "คอมมิต",
 	"actions.runners.task_list.done_at": "เสร็จสิ้นเมื่อ",
-	"actions.runners.edit_runner": "แก้ไข Runner",
-	"actions.runners.update_runner.button": "อัปเดตการเปลี่ยนแปลง",
 	"actions.runners.update_runner.success": "อัปเดต Runner สำเร็จแล้ว",
 	"actions.runners.update_runner.failed": "ไม่สามารถอัปเดต Runner ได้",
-	"actions.runners.delete_runner.button": "ลบ Runner นี้",
 	"actions.runners.delete_runner.success": "ลบ Runner สำเร็จแล้ว",
 	"actions.runners.delete_runner.failed": "ไม่สามารถลบ Runner ได้",
 	"actions.runners.delete_runner.header": "ยืนยันที่จะลบ Runner นี้",
 	"actions.runners.delete_runner.notice": "หากมีงานกำลังทำงานบน Runner นี้ งานนั้นจะถูกยกเลิกและทำเครื่องหมายว่าล้มเหลว อาจทำให้เวิร์กโฟลว์การสร้างเสียหายได้",
 	"actions.runners.none": "ไม่มี Runner ที่พร้อมใช้งาน",
-	"actions.runners.version": "เวอร์ชัน",
 	"actions.runners.reset_registration_token.button": "รีเซ็ตโทเค็นการลงทะเบียน",
 	"actions.runners.reset_registration_token.success": "รีเซ็ตโทเค็นการลงทะเบียน Runner สำเร็จแล้ว",
 	"pulse.n_active_issues": "%s ปัญหาที่ใช้งานอยู่",
diff --git a/options/locale_next/locale_tr-TR.json b/options/locale_next/locale_tr-TR.json
index de2af238cb..c55ece68a6 100644
--- a/options/locale_next/locale_tr-TR.json
+++ b/options/locale_next/locale_tr-TR.json
@@ -335,9 +335,6 @@
 	"actions.runs.viewing_out_of_date_run": "Bu işin %[1]s çalışmış olan eski bir çalıştırmasını görüntülüyorsun.",
 	"actions.runs.view_most_recent_run": "En yeni çalıştırmayı görüntüle",
 	"actions.runs.all_workflows": "Tüm İş Akışları",
-	"actions.runs.commit": "İşle",
-	"actions.runs.scheduled": "Zamanlanmış",
-	"actions.runs.pushed_by": "iten",
 	"actions.runs.invalid_workflow_helper": "İş akışı yapılandırma dosyası geçersiz. Lütfen yapılandırma dosyanızı denetleyin: %s",
 	"actions.runs.no_matching_online_runner.helper": "Şu etiket ile eşleşen çevrimiçi çalıştırıcı bulunamadı: %s",
 	"actions.runs.no_job_without_needs": "İş akışı en azından bağımlılığı olmayan bir görev içermelidir.",
@@ -369,31 +366,25 @@
 	"actions.runners.status.idle": "Boşta",
 	"actions.runners.status.active": "Etkin",
 	"actions.runners.status.offline": "Çevrimdışı",
-	"actions.runners.id": "Kimlik",
 	"actions.runners.name": "İsim",
 	"actions.runners.owner_type": "Tür",
 	"actions.runners.description": "Açıklama",
 	"actions.runners.labels": "Etiketler",
 	"actions.runners.last_online": "Son Görülme Zamanı",
-	"actions.runners.runner_title": "Çalıştırıcı",
-	"actions.runners.task_list": "Bu çalıştırıcıdaki son görevler",
+	"actions.runners.runner_title": "Çalıştırıcı %s",
 	"actions.runners.task_list.no_tasks": "Henüz bir görev yok.",
 	"actions.runners.task_list.run": "Çalıştır",
 	"actions.runners.task_list.status": "Durum",
 	"actions.runners.task_list.repository": "Depo",
 	"actions.runners.task_list.commit": "İşle",
 	"actions.runners.task_list.done_at": "Tamamlanma zamanı",
-	"actions.runners.edit_runner": "Çalıştırıcıyı Düzenle",
-	"actions.runners.update_runner.button": "Değişiklikleri güncelle",
 	"actions.runners.update_runner.success": "Çalıştırıcı başarıyla güncellendi",
 	"actions.runners.update_runner.failed": "Çalıştırıcı güncellenemedi",
-	"actions.runners.delete_runner.button": "Bu çalıştırıcıyı sil",
 	"actions.runners.delete_runner.success": "Çalıştırıcı başarıyla silindi",
 	"actions.runners.delete_runner.failed": "Çalıştırıcı silinemedi",
 	"actions.runners.delete_runner.header": "Çalıştırıcıyı silmeyi onaylayın",
 	"actions.runners.delete_runner.notice": "Eğer bu çalıştırıcıda bir görev çalışıyorsa, sonlandırılacak ve başarısız olarak işaretlenecek. Yapım iş akışını bozabilir.",
 	"actions.runners.none": "Hiç çalıştırıcı yok",
-	"actions.runners.version": "Sürüm",
 	"actions.runners.reset_registration_token.button": "Kayıt tokenini sıfırla",
 	"actions.runners.reset_registration_token.success": "Çalıştırıcı kayıt belirteci başarıyla sıfırlandı",
 	"teams.add_all_repos.modal.header": "Tüm depoları ekle",
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index 7cd96a3a63..dde95ff019 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -350,9 +350,6 @@
 	"actions.runs.view_most_recent_run": "Переглянути останній запуск",
 	"actions.runs.viewing_out_of_date_run": "Ви переглядаєте застарілий запуск цього завдання, який було виконано %[1]s.",
 	"actions.runs.all_workflows": "Усі робочі потоки",
-	"actions.runs.commit": "Коміт",
-	"actions.runs.scheduled": "Заплановано",
-	"actions.runs.pushed_by": "надіслано",
 	"actions.runs.workflow": "Робочий потік",
 	"actions.runs.invalid_workflow_helper": "Недійсний файл конфігурації робочого потоку. Будь ласка, перевірте файл конфігурації: %s",
 	"actions.runs.no_matching_online_runner.helper": "Не знайдено ранера в мережі з міткою: %s",
@@ -374,31 +371,25 @@
 	"actions.runners.status.idle": "Простоює",
 	"actions.runners.status.active": "Активний",
 	"actions.runners.status.offline": "Неактивний",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "Назва",
 	"actions.runners.owner_type": "Тип",
 	"actions.runners.description": "Опис",
 	"actions.runners.labels": "Мітки",
 	"actions.runners.last_online": "Востаннє в мережі",
-	"actions.runners.runner_title": "Ранер",
-	"actions.runners.task_list": "Нещодавні завдання ранера",
+	"actions.runners.runner_title": "Ранер %s",
 	"actions.runners.task_list.no_tasks": "Завдань поки що немає.",
 	"actions.runners.task_list.run": "Запустити",
 	"actions.runners.task_list.status": "Стан",
 	"actions.runners.task_list.repository": "Репозиторій",
 	"actions.runners.task_list.commit": "Коміт",
 	"actions.runners.task_list.done_at": "Завершено",
-	"actions.runners.edit_runner": "Редагувати ранер",
-	"actions.runners.update_runner.button": "Зберегти зміни",
 	"actions.runners.update_runner.success": "Ранер успішно змінено",
 	"actions.runners.update_runner.failed": "Не вдалося змінити ранер",
-	"actions.runners.delete_runner.button": "Видалити цей ранер",
 	"actions.runners.delete_runner.success": "Ранер успішно видалено",
 	"actions.runners.delete_runner.failed": "Не вдалося видалити ранер",
 	"actions.runners.delete_runner.header": "Підтвердіть видалення ранера",
 	"actions.runners.delete_runner.notice": "Якщо на цьому ранері виконується завдання, його буде завершено і позначено як невдале. Це може порушити робочий потік збірки.",
 	"actions.runners.none": "Немає доступних ранерів",
-	"actions.runners.version": "Версія",
 	"actions.runners.reset_registration_token.button": "Скинути токен реєстрації",
 	"actions.runners.reset_registration_token.success": "Токен реєстрації ранера успішно скинуто",
 	"repo.pulls.maintainers_can_edit": "Супроводжувачі можуть редагувати цей запит на злиття.",
@@ -523,5 +514,89 @@
 	"packages.common.install": "Щоб установити пакунок, виконайте команду:",
 	"packages.common.registry": "Налаштуйте цей реєстр із командного рядка:",
 	"actions.runs.all_runs_link": "усі запуски",
-	"repo.issues.filter_sort.hint_with_placeholder": "Сортувати за: %s"
+	"repo.issues.filter_sort.hint_with_placeholder": "Сортувати за: %s",
+	"access_token.error.specified_repos_none": "Токени доступу з указаними репозиторіями повинні мати принаймні один репозиторій.",
+	"access_token.error.specified_repos_and_public_only": "Токени доступу з указаними репозиторіями не можна використовувати з налаштуванням «Тільки публічні».",
+	"access_token.error.specified_repos_and_invalid_scope": "Токени доступу з указаними репозиторіями можна використовувати лише з дозволами read:issue, write:issue, read:repository та write:repository.",
+	"repo.pulls.auto_merge.no_permission": "У вас немає дозволу скасувати автоматичне об’єднання цього запиту на злиття.",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Токен",
+	"actions.runners.ephemeral.yes": "так",
+	"actions.runners.ephemeral.no": "ні",
+	"actions.runners.create_runner.description_label": "Опис",
+	"actions.runners.edit_runner.description_label": "Опис",
+	"actions.runners.runner_details.page_title": "Ранер %s",
+	"actions.runners.list_runners.details_column": "Подробиці",
+	"actions.runners.list_runners.details_button": "Подробиці",
+	"actions.runners.list_runners.edit_column": "Редагувати",
+	"actions.runners.list_runners.edit_button": "Редагувати",
+	"actions.runners.list_runners.edit_button_aria": "Редагувати %s",
+	"actions.runners.edit_runner_button": "Редагувати ранер",
+	"actions.runners.edit_runner.page_title": "Редагувати ранер %s",
+	"actions.runners.edit_runner.title": "Редагувати ранер %s",
+	"actions.runners.list_runners.delete_column": "Видалити",
+	"actions.runners.list_runners.delete_button": "Видалити",
+	"actions.runners.list_runners.delete_button_aria": "Видалити %s",
+	"actions.runners.create_runner.page_title": "Створити новий ранер",
+	"actions.runners.create_runner.title": "Створити новий ранер",
+	"actions.runners.create_runner.create_button": "Створити",
+	"actions.runners.create_runner.properties_fieldset": "Властивості",
+	"actions.runners.edit_runner.properties_fieldset": "Властивості",
+	"actions.runners.create_runner.name_label": "Назва",
+	"actions.runners.edit_runner.name_label": "Назва",
+	"form.RunnerName": "Назва",
+	"actions.runners.create_runner.cancel_button": "Скасувати",
+	"actions.runners.edit_runner.cancel_button": "Скасувати",
+	"actions.runners.edit_runner.properties_options": "Параметри",
+	"actions.runners.edit_runner.regenerate_token_label": "Згенерувати новий токен",
+	"actions.runners.edit_runner.save_button": "Зберегти",
+	"actions.runners.show_registration_token": "Показати токен реєстрації",
+	"actions.runners.reset_registration_token.token": "Токен реєстрації (застаріле)",
+	"actions.runners.runner_setup.list_of_runners_link": "Список ранерів",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Копіювати UUID ранера",
+	"actions.runners.runner_setup.button_copy_token_aria": "Копіювати токен ранера",
+	"actions.runners.list_runners.details_button_aria": "Показати дані про %s",
+	"actions.runners.runner_setup.title": "Налаштувати ранер %s",
+	"actions.runners.runner_setup.page_title": "Налаштувати ранер %s",
+	"actions.runners.edit_runner.regenerate_token_help": "Існуючий токен негайно втратить чинність. Ви отримаєте новий токен на наступній сторінці.",
+	"actions.runners.runner_setup.last_chance_copying_token": "Скопіюйте токен зараз, оскільки ви більше його не побачите!",
+	"actions.runners.runner_setup.program_options_snippet_aria": "Як викликати forgejo-runner",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Замініть назву з’єднання (у прикладі — <code>forgejo</code>) на значення, яке вам до вподоби.",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Щоб налаштувати роботу Forgejo Runner у контейнерах або про розширені налаштування читайте в <a href=\"https://TO-BE-REPLACED.COM\">документації</a>.",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Фрагмент для вставки в конфігурацію ранера",
+	"actions.runners.runner_details.labels_note": "Мітки ранера вказуються у файлі конфігурації Forgejo Runner або передаються як параметри командного рядка. Вони оновлюються щоразу, коли Forgejo Runner встановлює з’єднання з Forgejo.",
+	"actions.runners.runner_setup.heading_using_options": "Використання налаштувань програми",
+	"actions.runners.runner_setup.heading_using_configuration": "Використання файлу конфігурації ранера",
+	"settings.specific_repo_access": "Доступ до репозиторіїв",
+	"actions.runners.ephemeral": "Одноразовий",
+	"actions.runners.task_list_repo": "Нещодавні завдання репозиторію на цьому ранері",
+	"actions.runners.task_list_admin": "Нещодавні завдання на цьому ранері",
+	"actions.runners.task_list_user": "Нещодавні завдання користувача на цьому ранері",
+	"actions.runners.task_list_org": "Нещодавні завдання на ранері в цій організації",
+	"settings.new_access_token": "Новий токен доступу",
+	"graphs.recent_commits.title": "Кількість комітів за минулий рік",
+	"graphs.code_frequency.title": "Частота кодування за період {0}",
+	"actions.secrets.edit_button": "Редагувати секрет «%s»",
+	"actions.secrets.mutation.header": "Редагувати секрет «%s»",
+	"actions.secrets.mutation.success_message": "Секрет «%s» оновлено.",
+	"actions.secrets.mutation.failure_message": "Не вдалося оновити секрет «%s».",
+	"actions.secrets.mutation.name_description": "Ім’я секрету може містити тільки літери, цифри та підкреслення. Не може починатися з FORGEJO_, GITEA_, GITHUB_ або цифри. Forgejo автоматично переводить його у верхній регістр.",
+	"actions.secrets.mutation.value_description": "Поточне значення не буде показано. Залиште поле порожнім, якщо не хочете його змінювати. Спеціальні символи зберігаються. CRLF (розриви рядків у форматі Windows) автоматично замінюються на LF. Якщо розриви рядків потрібно зберегти, закодуйте значення за допомогою Base64.",
+	"settings.access_token.available_repositories": "Доступні репозиторії",
+	"settings.access_token.remove": "Видалити %s",
+	"settings.access_token.resource_all_help": "Дозволити доступ до всіх ресурсів.",
+	"settings.access_token.selected_repositories": {
+		"one": "Вибраний репозиторій (%d)",
+		"few": "Вибрані репозиторії (%d)",
+		"many": "Вибрані репозиторії (%d)"
+	},
+	"settings.access_token.admin_disabled": "Адміністративні дозволи вимкнено.",
+	"actions.runs.scheduled_description": "Заплановане виконання коміту <a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "Виконання коміту <a href=\"%[1]s\">%[2]s</a>, ініційоване <a href=\"%[3]s\">%[4]s</a>",
+	"actions.runs.on_push_description": "Коміт <a href=\"%[1]s\">%[2]s</a>, надісланий <a href=\"%[3]s\">%[4]s</a>",
+	"settings.access_token.no_repositories_selected": "Не вибрано жодного репозиторію.",
+	"settings.access_token.no_repositories_found": "Не знайдено жодного репозиторію.",
+	"settings.access_token.resource_public_only_help": "Дозволити доступ лише до публічних репозиторіїв та організацій.",
+	"settings.access_token.resource_specific_repo_help": "Дозволити доступ лише до окремих репозиторіїв. Доступ тільки для читання дозволено до всіх публічних репозиторіїв. Можна ввімкнути лише дозволи, що надають доступ до репозиторіїв і задач.",
+	"settings.permissions_access_specific_repositories": "Визначені репозиторії"
 }
diff --git a/options/locale_next/locale_vi.json b/options/locale_next/locale_vi.json
index 2c6e780df1..dee83ccaa0 100644
--- a/options/locale_next/locale_vi.json
+++ b/options/locale_next/locale_vi.json
@@ -118,7 +118,6 @@
 	"actions.runs.run_attempt_label": "Lần chạy #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Bạn đang xem một lần chạy lỗi thời của công việc này mà đã chạy %[1]s.",
 	"actions.runs.view_most_recent_run": "Xem lần chạy gần đây nhất",
-	"actions.runs.pushed_by": "đẩy bởi",
 	"meta.last_line": "\"xóa thần tượng\"",
 	"home.welcome.activity_hint": "Hiện chưa có gì trên bảng tin của bạn cả. Những hành động của bạn và hoạt động từ kho mã mà bạn theo dõi sẽ xuất hiện ở đây."
 }
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index 8d7a06ff5d..dc54cb4990 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -42,7 +42,7 @@
 	"packages.filter.container.tagged": "已加标签",
 	"packages.filter.container.untagged": "未加标签",
 	"packages.published_by": "由<a href=\"%[2]s\">%[3]s</a>于%[1]s发布",
-	"packages.published_by_in": "<a href=\"%[2]s\">%[3]s</a>于%[1]s发布了<a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.published_by_in": "由<a href=\"%[2]s\">%[3]s</a>发布于%[1]s：<a href=\"%[4]s\"><strong>%[5]s</strong></a>",
 	"packages.pub.install": "请运行以下命令以使用Dart安装软件包：",
 	"packages.installation": "安装",
 	"packages.about": "关于此软件包",
@@ -306,9 +306,6 @@
 	"actions.runs.run_attempt_label": "运行尝试#%[1]s（%[2]s）",
 	"actions.runs.viewing_out_of_date_run": "您正在查看于%[1]s执行的过期运行。",
 	"actions.runs.all_workflows": "所有工作流",
-	"actions.runs.commit": "提交",
-	"actions.runs.scheduled": "已排队",
-	"actions.runs.pushed_by": "推送者：",
 	"actions.runs.workflow": "工作流：",
 	"actions.runs.invalid_workflow_helper": "工作流配置文件无效。请检查您的配置文件：%s",
 	"actions.runs.no_matching_online_runner.helper": "没有匹配标签且在线的运行器：%s",
@@ -330,31 +327,25 @@
 	"actions.runners.status.idle": "空闲",
 	"actions.runners.status.active": "在线",
 	"actions.runners.status.offline": "离线",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "名称",
 	"actions.runners.owner_type": "类型",
 	"actions.runners.description": "描述",
 	"actions.runners.labels": "标签",
 	"actions.runners.last_online": "最后在线时间",
-	"actions.runners.runner_title": "运行器",
-	"actions.runners.task_list": "最近在此运行器上的任务",
+	"actions.runners.runner_title": "运行器“%s”",
 	"actions.runners.task_list.no_tasks": "尚无任何任务",
 	"actions.runners.task_list.run": "运行",
 	"actions.runners.task_list.status": "状态",
 	"actions.runners.task_list.repository": "仓库",
 	"actions.runners.task_list.commit": "提交",
 	"actions.runners.task_list.done_at": "完成于",
-	"actions.runners.edit_runner": "编辑运行器",
-	"actions.runners.update_runner.button": "保存更改",
 	"actions.runners.update_runner.success": "成功更新运行器设置",
 	"actions.runners.update_runner.failed": "更新运行器设置失败",
-	"actions.runners.delete_runner.button": "删除此运行器",
 	"actions.runners.delete_runner.success": "成功删除运行器",
 	"actions.runners.delete_runner.failed": "删除运行器失败",
 	"actions.runners.delete_runner.header": "确认要删除此运行器",
 	"actions.runners.delete_runner.notice": "如果有任务正在此运行器上运行，它将被终止并标记为失败。这可能会中断正在构建的工作流。",
 	"actions.runners.none": "无可用运行器",
-	"actions.runners.version": "版本",
 	"actions.runners.reset_registration_token.button": "重置注册令牌",
 	"actions.runners.reset_registration_token.success": "已重置运行器注册令牌",
 	"pulse.n_active_issues": "%s项活动的议题",
@@ -463,5 +454,66 @@
 	"packages.common.registry": "运行以下命令以配置此注册表：",
 	"packages.common.repository": "仓库信息",
 	"repo.issues.filter_sort.hint_with_placeholder": "排序依据：%s",
-	"actions.runs.all_runs_link": "所有运行记录"
+	"actions.runs.all_runs_link": "所有运行记录",
+	"access_token.error.specified_repos_none": "限定仓库的访问令牌必须包含至少一个仓库。",
+	"access_token.error.specified_repos_and_public_only": "限定仓库的访问令牌不能与“仅公开”一同使用。",
+	"access_token.error.specified_repos_and_invalid_scope": "限定仓库的访问令牌只能与read:issue、write:issue、read:repository、write:repository权限一同使用。",
+	"repo.pulls.auto_merge.no_permission": "您没有权限取消此合并请求的自动合并。",
+	"settings.specific_repo_access": "仓库访问",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "令牌",
+	"actions.runners.ephemeral": "一次性",
+	"actions.runners.list_runners.details_column": "详情",
+	"actions.runners.list_runners.edit_column": "编辑",
+	"actions.runners.list_runners.delete_column": "删除",
+	"actions.runners.list_runners.details_button": "详情",
+	"actions.runners.list_runners.details_button_aria": "显示%s的细节",
+	"actions.runners.list_runners.delete_button": "删除",
+	"actions.runners.list_runners.delete_button_aria": "删除%s",
+	"actions.runners.list_runners.edit_button": "编辑",
+	"actions.runners.list_runners.edit_button_aria": "编辑%s",
+	"actions.runners.ephemeral.yes": "是",
+	"actions.runners.ephemeral.no": "否",
+	"actions.runners.edit_runner_button": "编辑运行器",
+	"actions.runners.create_runner.page_title": "创建新运行器",
+	"actions.runners.create_runner.title": "创建新运行器",
+	"actions.runners.create_runner.properties_fieldset": "属性",
+	"actions.runners.create_runner.name_label": "名称",
+	"actions.runners.create_runner.description_label": "描述",
+	"actions.runners.create_runner.create_button": "创建",
+	"actions.runners.create_runner.cancel_button": "取消",
+	"actions.runners.edit_runner.page_title": "编辑运行器%s",
+	"actions.runners.edit_runner.title": "编辑运行器%s",
+	"actions.runners.edit_runner.properties_fieldset": "属性",
+	"actions.runners.edit_runner.properties_options": "选项",
+	"actions.runners.edit_runner.name_label": "名称",
+	"actions.runners.edit_runner.description_label": "描述",
+	"actions.runners.edit_runner.regenerate_token_label": "重新生成令牌",
+	"actions.runners.edit_runner.regenerate_token_help": "现存令牌将立即无效化，新令牌会在下一页显示。",
+	"actions.runners.edit_runner.save_button": "保存",
+	"actions.runners.edit_runner.cancel_button": "取消",
+	"actions.runners.runner_setup.title": "设置运行器“%s”",
+	"actions.runners.show_registration_token": "显示注册令牌",
+	"actions.runners.runner_details.page_title": "运行器“%s”",
+	"actions.runners.runner_details.labels_note": "运行器标签由Forgejo Runner配置文件或命令行选项指定，并在Forgejo Runner每次连接至Forgejo时更新。",
+	"actions.runners.runner_setup.page_title": "设置运行器“%s”",
+	"actions.runners.runner_setup.list_of_runners_link": "运行器列表",
+	"actions.runners.runner_setup.last_chance_copying_token": "现在复制令牌，此后将无法再次查看令牌！",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "复制运行器UUID",
+	"actions.runners.runner_setup.button_copy_token_aria": "复制运行器令牌",
+	"actions.runners.runner_setup.heading_using_configuration": "使用运行器配置文件",
+	"actions.runners.runner_setup.configuration_snippet_aria": "运行器配置的代码片段",
+	"actions.runners.runner_setup.program_options_snippet_aria": "如何调用forgejo-runner",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "将连接名（例子中的<code>forgejo</code>）替换为你喜欢的值。",
+	"actions.runners.runner_setup.heading_using_options": "使用命令行选项",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "参见<a href=\"https://TO-BE-REPLACED.COM\">文档</a>以了解如何配置运行在容器中的Forgejo Runner及其他高级配置。",
+	"actions.runners.reset_registration_token.token": "注册令牌（已弃用）",
+	"form.RunnerName": "名称",
+	"settings.new_access_token": "创建访问令牌",
+	"actions.runners.task_list_repo": "最近在此运行器上的本仓库的任务",
+	"actions.runners.task_list_org": "最近在此运行器上的本组织的任务",
+	"actions.runners.task_list_admin": "最近在此运行器上的任务",
+	"actions.runners.task_list_user": "最近在此运行器上的此用户的任务",
+	"graphs.recent_commits.title": "过去一年的提交总数",
+	"graphs.code_frequency.title": "{0}的历史提交频率"
 }
diff --git a/options/locale_next/locale_zh-TW.json b/options/locale_next/locale_zh-TW.json
index 29a5084b2c..08649ca69a 100644
--- a/options/locale_next/locale_zh-TW.json
+++ b/options/locale_next/locale_zh-TW.json
@@ -17,37 +17,28 @@
 	"actions.runners.status.idle": "閒置",
 	"actions.runners.status.active": "啟用",
 	"actions.runners.status.offline": "離線",
-	"actions.runners.id": "ID",
 	"actions.runners.name": "名稱",
 	"actions.runners.owner_type": "類型",
 	"actions.runners.description": "描述",
 	"actions.runners.labels": "標籤",
 	"actions.runners.last_online": "最後上線時間",
-	"actions.runners.runner_title": "Runner",
-	"actions.runners.task_list": "最近在此 Runner 上的任務",
+	"actions.runners.runner_title": "Runner %s",
 	"actions.runners.task_list.no_tasks": "目前沒有任何工作。",
 	"actions.runners.task_list.run": "執行",
 	"actions.runners.task_list.status": "狀態",
 	"actions.runners.task_list.repository": "儲存庫",
 	"actions.runners.task_list.commit": "提交",
 	"actions.runners.task_list.done_at": "完成於",
-	"actions.runners.edit_runner": "編輯 Runner",
-	"actions.runners.update_runner.button": "更新變更",
-	"actions.runners.update_runner.success": "更新 Runner 成功",
-	"actions.runners.update_runner.failed": "更新 Runner 失敗",
-	"actions.runners.delete_runner.button": "刪除此 Runner",
+	"actions.runners.update_runner.success": "編輯 Runner 成功",
+	"actions.runners.update_runner.failed": "編輯 Runner 失敗",
 	"actions.runners.delete_runner.success": "刪除 Runner 成功",
 	"actions.runners.delete_runner.failed": "刪除 Runner 失敗",
 	"actions.runners.delete_runner.header": "確認刪除此 Runner",
 	"actions.runners.delete_runner.notice": "如果有任務正在此 Runner 上執行，它可能會被中止並標記為失敗，這可能會打斷建置工作流程。",
 	"actions.runners.none": "沒有可用的 Runner",
-	"actions.runners.version": "版本",
 	"actions.runners.reset_registration_token.button": "重置註冊符記",
 	"actions.runners.reset_registration_token.success": "成功重設了 Runner 註冊符記",
 	"actions.runs.all_workflows": "所有工作流程",
-	"actions.runs.commit": "提交",
-	"actions.runs.scheduled": "已排程",
-	"actions.runs.pushed_by": "推送者",
 	"actions.runs.workflow": "工作流程",
 	"actions.runs.invalid_workflow_helper": "工作流程設定檔無效。請檢查您的設定檔：%s",
 	"actions.runs.no_matching_online_runner.helper": "沒有在線的執行器且匹配標籤：%s",
@@ -79,9 +70,9 @@
 	"notification.mark_all_as_read": "標記所有為已讀",
 	"notification.subscriptions": "訂閱",
 	"notification.watching": "正在關注",
-	"notification.no_subscriptions": "沒有訂閱",
+	"notification.no_subscriptions": "您沒有任何訂閱。",
 	"dropzone.default_message": "拖放檔案或是點擊此處上傳。",
-	"dropzone.invalid_input_type": "您無法上傳此類型的檔案。",
+	"dropzone.invalid_input_type": "無法上傳此類型的檔案。",
 	"dropzone.file_too_big": "檔案大小（{{filesize}} MB）超過了最大允許大小（{{maxFilesize}} MB）。",
 	"dropzone.remove_file": "移除文件",
 	"munits.data.b": "B",
@@ -250,9 +241,9 @@
 	"search.milestone_kind": "搜尋里程碑…",
 	"home.welcome.no_activity": "沒有活動",
 	"home.welcome.activity_hint": "您的動態摘要目前沒有任何內容。 您對關注的儲存庫所做的操作與活動將會顯示在這裡。",
-	"stars.list.none": "沒有人標星這個儲存庫。",
+	"stars.list.none": "沒有人收藏這個儲存庫。",
 	"watch.list.none": "沒有人關注這個儲存庫。",
-	"home.explore_repos": "探索儲存庫",
+	"home.explore_repos": "探索專案",
 	"home.explore_users": "探索使用者",
 	"home.explore_orgs": "探索組織",
 	"alert.range_error": " 必須是一個介於 %[1]s 和 %[2]s 之間的數字。",
@@ -277,8 +268,8 @@
 	"themes.names.forgejo-auto": "Forgejo（遵循系統主題）",
 	"themes.names.forgejo-light": "Forgejo 淺色",
 	"themes.names.forgejo-dark": "Forgejo 深色",
-	"followers.incoming.list.self.none": "沒有人關注您的個人資料。",
-	"followers.incoming.list.none": "沒有人關注這位使用者。",
+	"followers.incoming.list.self.none": "沒有人追蹤您的個人資料。",
+	"followers.incoming.list.none": "沒有人追蹤這位使用者。",
 	"followers.outgoing.list.none": "%s 沒有追蹤任何人。",
 	"followers.outgoing.list.self.none": "您沒有追蹤任何人。",
 	"relativetime.mins": "%d 分鐘前",
@@ -309,9 +300,9 @@
 	"moderation.report_abuse_form.details": "這個表單是用來檢舉用戶建立垃圾帳號、儲存庫、問題、留言，或其他不當行為。",
 	"moderation.report_abuse_form.invalid": "無效參數",
 	"moderation.report_abuse_form.already_reported": "您已檢舉此內容",
-	"meta.last_line": "Rubi-chan? Hai! Nani ga suki? Choko minto yori mo a･na･ta♡ Ayumu-chan? Hai! Nani ga suki? Sutoroberii fureibaa yori mo a･na･ta♡ Shiki-chan! Hai! Nani ga suki? Kukkii and kuriimu yori mo a･na･ta♡ Minna? Hai! Nani ga suki? Mochiron daisuki AiScReam.",
+	"meta.last_line": "ㄍㄢˇ ㄒㄧㄝˋ ㄋㄧˇ ㄈㄢ ㄧˋ Forgejo！ㄓㄜˋ ㄏㄤˊ ㄕˇ ㄩㄥˋ ㄓㄜˇ ㄎㄢˋ ㄅㄨˊ ㄉㄠˋ，ㄋㄧˇ ㄎㄜˇ ㄧˇ ㄈㄤˋ ㄍㄜˋ ㄧㄡˇ ㄑㄩˋ ㄉㄜ˙ ㄋㄟˋ ㄖㄨㄥˊ ㄉㄞˋ ㄊㄧˋ ㄈㄢ ㄧˋ。",
 	"admin.dashboard.cleanup_offline_runners": "清理離線 runners",
-	"settings.visibility.description": "個人資料的可見度會影響他人存取您非私人儲存庫的能力。<a href=\"%s\" target=\"_blank\">了解更多</a>",
+	"settings.visibility.description": "個人資料的可見度會影響他人存取您非私人儲存庫的能力。<a href=\"%s\" target=\"_blank\">了解更多</a>。",
 	"avatar.constraints_hint": "自定義大頭貼的大小不得超過 %[1]s，且解析度不得大於 %[2]d×%[3]d 像素",
 	"repo.diff.commit.next-short": "下一個",
 	"repo.diff.commit.previous-short": "上一個",
@@ -336,7 +327,136 @@
 	"issues.updated": "更新與 %s",
 	"issues.filters.labels.exclude": "排除標籤",
 	"issues.filters.labels.unexclude": "清除排除",
-	"repo.pulls.poster_manage_approval": "管理批准",
+	"repo.pulls.poster_manage_approval": "管理審核",
 	"repo.pulls.poster_requires_approval": "有工作流正<a href=\"%[1]s\">等待審閱</a>。",
-	"repo.pulls.poster_requires_approval.tooltip": "此合併請求的提交者,不信任執行由衍生儲存庫或 AGit 所建立的 PR 所觸發的工作流程。由 `pull_request` 事件觸發的工作流程,將不會持續執行,直到核准為止。"
+	"repo.pulls.poster_requires_approval.tooltip": "此合併請求的提交者,不信任執行由衍生儲存庫或 AGit 所建立的 PR 所觸發的工作流程。由 `pull_request` 事件觸發的工作流程,將不會持續執行,直到核准為止。",
+	"repo.pulls.poster_is_trusted": "此合併請求的作者<a href=\"%[1]s\">將始終受信任以執行工作流程</a>。",
+	"repo.pulls.poster_is_trusted.tooltip": "此合併請求的作者明確受信任，可執行由 `pull_request` 事件觸發的工作流程。",
+	"repo.pulls.poster_trust_deny": "拒絕",
+	"repo.pulls.poster_trust_deny.tooltip": "等待批准的工作流程將被取消。",
+	"repo.pulls.poster_trust_once": "批准一次",
+	"repo.pulls.poster_trust_once.tooltip": "由 `pull_request` 事件觸發的工作流程將基於此提交執行，但仍需為未來對此合併請求推送的所有提交進行批准。",
+	"repo.pulls.poster_trust_always": "始終批准",
+	"repo.pulls.poster_trust_always.tooltip": "由 `pull_request` 事件觸發的工作流程將基於此提交執行，且來自此合併請求或同一作者之未來合併請求的執行將不需要批准。",
+	"repo.pulls.poster_trust_revoke": "撤銷",
+	"repo.pulls.already_merged": "合併失敗：此合併請求已被合併。",
+	"repo.pulls.maintainers_can_edit": "維護者可以編輯此合併請求。",
+	"repo.pulls.maintainers_cannot_edit": "維護者無法編輯此合併請求。",
+	"repo.view.gitmodules_too_large": ".gitmodules 檔案太大，將被忽略（例如 API 呼叫）",
+	"migrate.form.error.url_credentials": "URL 包含憑證，請分別將其填入使用者名稱和密碼欄位",
+	"search.syntax": "搜尋語法",
+	"search.fuzzy": "模糊",
+	"search.fuzzy_tooltip": "包含與搜尋字詞近似相符的結果",
+	"repo.settings.push_mirror.branch_filter.label": "分支篩選器（可選）",
+	"warning.repository.out_of_sync": "此儲存庫在資料庫中的表示狀態目前不同步。若您在向此儲存庫推送一次提交後仍然看到此警告，請聯絡系統管理員。",
+	"install.ssh_authorized_keys_inspection_error": "無法檢查已存在的 authorized_keys 檔案：%v",
+	"install.ssh_authorized_keys_unexpected_key": "為 Forgejo 啟用 SSH 與位於 %s 的檔案衝突，該檔案包含已存在的 SSH 金鑰。建議：為 Forgejo 使用獨立的系統使用者或停用 SSH。",
+	"profile.actions.tooltip": "更多操作",
+	"profile.edit.link": "編輯個人資料",
+	"feed.atom.link": "Atom 訂閱源",
+	"keys.ssh.link": "SSH 金鑰",
+	"keys.gpg.link": "GPG 金鑰",
+	"keys.verify.token.hint": "此權杖僅在一分鐘內有效。<a href=\"%[1]s\">如果已過期，請重新取得</a>。",
+	"admin.moderation.reports": "檢舉",
+	"admin.moderation.no_open_reports": "目前沒有待處理的檢舉。",
+	"admin.moderation.deleted_content_ref": "回報的內容（類型 %[1]v，ID %[2]d）已不存在",
+	"moderation.report.mark_as_handled": "標記為已處理",
+	"moderation.report.mark_as_ignored": "標記為已忽略",
+	"moderation.action.account.delete": "刪除帳戶",
+	"moderation.action.account.suspend": "停用帳戶",
+	"moderation.action.repo.delete": "刪除儲存庫",
+	"moderation.action.issue.delete": "刪除問題",
+	"moderation.unknown_action": "未知操作",
+	"moderation.users.cannot_suspend_self": "您無法停用自己。",
+	"moderation.users.cannot_suspend_admins": "具有管理員權限的使用者無法被停用。",
+	"moderation.users.cannot_suspend_org": "組織無法被停用。",
+	"moderation.users.already_suspended": "該帳戶已經處於停用狀態。",
+	"moderation.users.suspend_success": "該帳戶已被停用。",
+	"moderation.users.cannot_delete_admins": "具有管理員權限的使用者無法被刪除。",
+	"moderation.issue.deletion_success": "問題已被刪除。",
+	"moderation.comment.deletion_success": "評論已被刪除。",
+	"mail.issue.action.close_by_commit": "%[1]s 在提交 %[3]s 中關閉了 %[2]s。",
+	"discussion.sidebar.reference": "引用",
+	"admin.auths.allow_username_change": "允許變更使用者者名稱",
+	"admin.auths.allow_username_change.description": "允許使用者在個人資料設定中變更其使用者名稱",
+	"admin.dashboard.remove_resolved_reports": "移除已解決的檢舉報告",
+	"admin.dashboard.actions_action_user": "撤銷不活躍使用者的 Forgejo Actions 信任",
+	"admin.dashboard.transfer_lingering_logs": "將已完成 Actions 工作的日誌從資料庫轉移至儲存空間",
+	"admin.config.security": "安全性設定",
+	"admin.config.global_2fa_requirement.title": "全域兩步驟驗證要求",
+	"admin.config.global_2fa_requirement.all": "所有使用者",
+	"admin.config.global_2fa_requirement.admin": "管理員",
+	"settings.twofa_unroll_unavailable": "您的帳戶必須啟用兩步驟驗證，無法停用。",
+	"settings.twofa_reenroll": "重新註冊兩步驟驗證",
+	"settings.twofa_reenroll.description": "重新註冊您的兩步驟驗證",
+	"settings.must_enable_2fa": "此 Forgejo 執行個體要求使用者在存取帳戶前啟用兩步驟驗證。",
+	"error.must_enable_2fa": "此 Forgejo 執行個體要求使用者在存取帳戶前啟用兩步驟驗證。請至以下位置啟用：%s",
+	"user.ghost.tooltip": "此使用者已被刪除，或無法比對。",
+	"repo.pulls.poster_trust_revoke.tooltip": "此合併請求的作者將不再被信任以執行由 `pull_request` 事件觸發的工作流程，所有執行都必須手動批准。",
+	"repo.settings.push_mirror.branch_filter.description": "欲鏡像的分支。留空以鏡像所有分支。關於語法，請參見 <a href=\"%[1]s\">%[2]s 文件</a>。例如：<code>main, release/*</code>",
+	"admin.moderation.moderation_reports": "檢舉案件",
+	"moderation.action.comment.delete": "刪除評論",
+	"mail.actions.run_info_sha": "提交：%[1]s",
+	"admin.config.global_2fa_requirement.none": "無",
+	"og.repo.summary_card.alt_description": "儲存庫 %[1]s 的摘要卡片，描述為：%[2]s",
+	"repo.commit.load_tags_failed": "由於內部錯誤，無法載入標籤",
+	"compare.branches.title": "比較分支",
+	"migrate.pagure.description": "從 pagure.io 或其他 Pagure 執行個體遷移資料。",
+	"migrate.pagure.incorrect_url": "提供了錯誤的來源儲存庫 URL",
+	"migrate.pagure.project_url": "Pagure 專案 URL",
+	"migrate.pagure.project_example": "Pagure 專案 URL，例如：https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Pagure API 權杖",
+	"migrate.pagure.private_issues.summary": "私人問題（選用）",
+	"migrate.pagure.private_issues.description": "此功能旨在為您的 Pagure 專案建立一個僅包含私人問題的第二個儲存庫以進行歸檔。首先，執行一般遷移（不使用權杖）來匯入所有公開內容。然後，如果您有需要保留的私人問題，請使用此權杖選項建立個別的儲存庫來歸檔這些私人問題。",
+	"migrate.pagure.private_issues.warning": "如果您使用 API 金鑰匯入私人問題，請務必將上方的儲存庫可見性設為「私人」。這能防止意外將私人內容暴露在公開儲存庫中。",
+	"migrate.pagure.token.placeholder": "僅用於建立私人問題歸檔",
+	"packages.common.install": "若要安裝此套件，請執行以下指令：",
+	"packages.common.registry": "從命令列設定此註冊表：",
+	"packages.common.repository": "儲存庫資訊",
+	"actions.status.diagnostics.waiting": "等待具有以下標籤的 Runner：%s",
+	"actions.runs.run_attempt_label": "執行嘗試 #%[1]s (%[2]s)",
+	"actions.runs.viewing_out_of_date_run": "您正在檢視此任務於 %[1]s 執行的過時執行。",
+	"actions.runs.view_most_recent_run": "檢視最近一次執行",
+	"actions.runs.all_runs_link": "所有執行記錄",
+	"actions.workflow.job_parsing_error": "無法解析工作流程中的任務：%v",
+	"actions.workflow.event_detection_error": "無法解析工作流程中支援的事件：%v",
+	"actions.workflow.persistent_incomplete_matrix": "由於 `needs` 運算式無效，無法評估任務 %[1]s 的 `strategy.matrix`。它可能參考了不在其 'needs' 清單中的任務 (%[2]s)，或該清單中某個任務不存在的輸出。",
+	"actions.workflow.incomplete_matrix_missing_job": "無法評估任務 %[1]s 的 `strategy.matrix`：任務 %[2]s 不在任務 %[1]s 的 `needs` 清單中 (%[3]s)。",
+	"actions.workflow.incomplete_matrix_missing_output": "無法評估任務 %[1]s 的 `strategy.matrix`：任務 %[2]s 缺少輸出 %[3]s。",
+	"actions.workflow.incomplete_matrix_unknown_cause": "無法評估任務 %[1]s 的 `strategy.matrix`：未知錯誤。",
+	"actions.workflow.incomplete_runson_missing_job": "無法評估任務 %[1]s 的 `runs-on`：任務 %[2]s 不在任務 %[1]s 的 `needs` 清單中 (%[3]s)。",
+	"actions.workflow.incomplete_runson_missing_output": "無法評估任務 %[1]s 的 `runs-on`：任務 %[2]s 缺少輸出 %[3]s。",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "無法評估任務 %[1]s 的 `runs-on`：矩陣維度 %[2]s 不存在。",
+	"actions.workflow.incomplete_runson_unknown_cause": "無法評估任務 %[1]s 的 `runs-on`：未知錯誤。",
+	"actions.workflow.incomplete_with_missing_job": "無法評估任務 %[1]s 的 `with`：任務 %[2]s 不在任務 %[1]s 的 `needs` 清單中 (%[3]s)。",
+	"actions.workflow.incomplete_with_missing_output": "無法評估任務 %[1]s 的 `with`：任務 %[2]s 缺少輸出 %[3]s。",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "無法評估任務 %[1]s 的 `with`：矩陣維度 %[2]s 不存在。",
+	"actions.workflow.incomplete_with_unknown_cause": "無法評估任務 %[1]s 的 `with`：未知錯誤。",
+	"actions.workflow.pre_execution_error": "由於錯誤阻止了執行嘗試，工作流程未被執行。",
+	"actions.secrets.creation.name_description": "秘密名稱只能包含字母、數字和底線，且不能以 FORGEJO_、GITEA_、GITHUB_ 或數字開頭。Forgejo 會自動將其轉換為大寫。",
+	"actions.secrets.creation.value_description": "秘密值可以是任意文字。特殊字元會被保留。CRLF（Windows 風格的換行符）會自動轉換為 LF。若要保留換行符，請使用 Base64 編碼值。",
+	"actions.variables.mutation.name_description": "變數名稱只能包含字母、數字和底線，且不能命名為 CI 或以 FORGEJO_、GITEA_、GITHUB_ 或數字開頭。Forgejo 會自動將其轉換為大寫。",
+	"actions.variables.mutation.value_description": "變數值可以是任意文字。特殊字元會被保留。CRLF（Windows 風格的換行符）會自動轉換為 LF。若要保留換行符，請使用 Base64 編碼值。",
+	"teams.add_all_repos.modal.header": "新增所有儲存庫",
+	"teams.remove_all_repos.modal.header": "移除所有儲存庫",
+	"pulls.manual_merge.helper": "手動合併助手",
+	"pulls.manual_merge.helpder.description": "手動完成合併時，使用此合併提交訊息。",
+	"pulls.manual_merge.commit.title": "合併提交標題",
+	"pulls.manual_merge.commit.body": "合併提交內文",
+	"pulls.manual_merge.copy.button": "複製合併提交訊息",
+	"admin.auths.oauth2_quota_group_claim_name": "用於配額管理的聲明名稱。（選填）",
+	"admin.auths.oauth2_quota_group_map": "將聲明群組對應至配額群組。（選填 - 需填寫上方聲明名稱）",
+	"admin.auths.oauth2_quota_group_map_removal": "如果使用者不屬於對應群組，則從同步的配額群組中移除該使用者。",
+	"editor.search": "搜尋",
+	"editor.find_previous": "上一個結果",
+	"editor.find_next": "下一個結果",
+	"editor.replace": "取代",
+	"editor.replace_all": "全部取代",
+	"editor.toggle_case": "切換大小寫敏感",
+	"editor.toggle_regex": "切換正規表達式",
+	"editor.toggle_whole_word": "切換全詞匹配",
+	"access_token.error.specified_repos_and_invalid_scope": "已指定專案範圍的存取權杖，只能搭配讀取:議題、寫入:議題、讀取:專案、寫入:專案這四種權限使用。",
+	"access_token.error.specified_repos_and_public_only": "已指定專案範圍的存取權杖，無法與「僅限公開」範圍同時使用。",
+	"access_token.error.specified_repos_none": "已指定專案範圍的存取權杖，至少要選擇一個專案。",
+	"repo.pulls.auto_merge.no_permission": "您沒有權限取消此提交要求的自動合併。"
 }

From 5e1c13f50ee92e1eb061306bbbeae7e70207fa76 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Wed, 25 Mar 2026 17:27:05 +0100
Subject: [PATCH 567/854] feat: allow runners to request a particular job
 (#11676)

Forgejo Runner can optionally ask for a particular job. Example: `forgejo-runner one-job --handle 9d52c7d8-aebe-426b-b015-dd453aacaada`. This change adds the necessary job filtering to Forgejo.

See https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/76 for the motivation and design considerations.

PR for the extension of the runner protocol: https://code.forgejo.org/forgejo/actions-proto/pulls/18

Related change in Forgejo Runner with usage example: https://code.forgejo.org/forgejo/runner/pulls/1443

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11676): <!--number 11676 --><!--line 0 --><!--description YWxsb3cgcnVubmVycyB0byByZXF1ZXN0IGEgcGFydGljdWxhciBqb2I=-->allow runners to request a particular job<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11676
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 models/actions/run_job.go                     |   9 ++
 models/actions/run_job_test.go                |  33 ++++-
 models/actions/task.go                        |   8 +-
 models/fixtures/action_run_job.yml            |   3 +
 .../forgejo_migrations/v15c_add_job_handle.go |  23 ++++
 modules/structs/action.go                     |   2 +
 routers/api/actions/runner/runner.go          | 124 ++++++++++++++----
 routers/api/v1/shared/runners.go              |   1 +
 routers/web/repo/actions/view.go              |   2 +-
 services/actions/task.go                      |   4 +-
 templates/swagger/v1_json.tmpl                |   5 +
 tests/integration/actions_fetch_task_test.go  |  86 ++++++++++++
 tests/integration/actions_runner_test.go      |  10 ++
 tests/integration/api_admin_actions_test.go   |   1 +
 tests/integration/api_org_actions_test.go     |   1 +
 tests/integration/api_repo_actions_test.go    |   1 +
 tests/integration/api_user_actions_test.go    |   1 +
 17 files changed, 278 insertions(+), 36 deletions(-)
 create mode 100644 models/forgejo_migrations/v15c_add_job_handle.go

diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index a9fbdfaed4..412e60aefd 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -15,6 +15,7 @@ import (
 	"forgejo.org/modules/util"
 
 	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
+	gouuid "github.com/google/uuid"
 	"go.yaml.in/yaml/v3"
 	"xorm.io/builder"
 )
@@ -30,6 +31,7 @@ type ActionRunJob struct {
 	IsForkPullRequest bool
 	Name              string `xorm:"VARCHAR(255)"`
 	Attempt           int64
+	Handle            string `xorm:"unique"`
 	WorkflowPayload   []byte
 	JobID             string   `xorm:"VARCHAR(255)"` // job id in workflow, not job's id
 	Needs             []string `xorm:"JSON TEXT"`
@@ -108,6 +110,12 @@ func (job *ActionRunJob) LoadAttributes(ctx context.Context) error {
 	return job.Run.LoadAttributes(ctx)
 }
 
+// IsRequestedByRunner returns true if this attempt of this ActionRunJob was explicitly requested by the runner or if
+// the runner expressed no preference.
+func (job *ActionRunJob) IsRequestedByRunner(handle *string) bool {
+	return handle == nil || job.Handle == *handle
+}
+
 func (job *ActionRunJob) ItRunsOn(labels []string) bool {
 	if len(labels) == 0 || len(job.RunsOn) == 0 {
 		return false
@@ -126,6 +134,7 @@ func (job *ActionRunJob) PrepareNextAttempt(initialStatus Status) error {
 	job.Started = 0
 	job.Stopped = 0
 	job.TaskID = 0
+	job.Handle = gouuid.New().String()
 	job.Status = initialStatus
 
 	return nil
diff --git a/models/actions/run_job_test.go b/models/actions/run_job_test.go
index 945b2d150f..05c504cf64 100644
--- a/models/actions/run_job_test.go
+++ b/models/actions/run_job_test.go
@@ -304,16 +304,21 @@ func TestRunHasOtherJobs(t *testing.T) {
 }
 
 func TestActionRunJobPrepareNextAttempt(t *testing.T) {
-	job := ActionRunJob{ID: 46}
+	lastHandle := "original-handle"
+	job := ActionRunJob{ID: 46, Handle: lastHandle}
+
 	err := job.PrepareNextAttempt(StatusWaiting)
 	require.NoError(t, err)
 
+	assert.NotEqual(t, lastHandle, job.Handle)
+	assert.NotEmpty(t, job.Handle)
 	assert.Equal(t, int64(1), job.Attempt)
 	assert.Zero(t, job.Started)
 	assert.Zero(t, job.Stopped)
 	assert.Zero(t, job.TaskID)
 	assert.Equal(t, StatusWaiting, job.Status)
 
+	lastHandle = job.Handle
 	job.Started = timeutil.TimeStampNow()
 	job.Stopped = timeutil.TimeStampNow()
 	job.TaskID = int64(59)
@@ -322,19 +327,45 @@ func TestActionRunJobPrepareNextAttempt(t *testing.T) {
 	err = job.PrepareNextAttempt(StatusBlocked)
 	require.NoError(t, err)
 
+	assert.NotEqual(t, lastHandle, job.Handle)
+	assert.NotEmpty(t, job.Handle)
 	assert.Equal(t, int64(2), job.Attempt)
 	assert.Zero(t, job.Started)
 	assert.Zero(t, job.Stopped)
 	assert.Zero(t, job.TaskID)
 	assert.Equal(t, StatusBlocked, job.Status)
 
+	lastHandle = job.Handle
+
 	// The job hasn't finished yet. Preparing a next attempt should not be possible. It should be left untouched.
 	err = job.PrepareNextAttempt(StatusWaiting)
 	require.ErrorContains(t, err, "cannot prepare next attempt because job 46 is active: blocked")
 
+	assert.Equal(t, lastHandle, job.Handle)
 	assert.Equal(t, int64(2), job.Attempt)
 	assert.Zero(t, job.Started)
 	assert.Zero(t, job.Stopped)
 	assert.Zero(t, job.TaskID)
 	assert.Equal(t, StatusBlocked, job.Status)
 }
+
+func TestIsRequestedByRunner(t *testing.T) {
+	sameHandle := "4a1ca0be-4470-486d-8504-89b4a5ac00cf"
+	differentHandle := "88423da3-67af-4f2d-9a92-a0db822697e9"
+	emptyHandle := ""
+
+	job := &ActionRunJob{ID: 422, Attempt: 5, Handle: sameHandle}
+
+	assert.True(t, job.IsRequestedByRunner(nil))
+	assert.True(t, job.IsRequestedByRunner(&sameHandle))
+	assert.False(t, job.IsRequestedByRunner(&differentHandle))
+	assert.False(t, job.IsRequestedByRunner(&emptyHandle))
+
+	// Old jobs that were created before the introduction of Handle do not have one.
+	emptyHandleJob := &ActionRunJob{ID: 422, Attempt: 5, Handle: ""}
+
+	assert.True(t, emptyHandleJob.IsRequestedByRunner(nil))
+	assert.True(t, emptyHandleJob.IsRequestedByRunner(&emptyHandle))
+
+	assert.False(t, emptyHandleJob.IsRequestedByRunner(&differentHandle))
+}
diff --git a/models/actions/task.go b/models/actions/task.go
index 6b169de3c0..1a208dad9d 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -347,7 +347,7 @@ func GetAvailableJobsForRunner(e db.Engine, runner *ActionRunner) ([]*ActionRunJ
 	return jobs, nil
 }
 
-func CreateTaskForRunner(ctx context.Context, runner *ActionRunner, requestKey *string) (*ActionTask, bool, error) {
+func CreateTaskForRunner(ctx context.Context, runner *ActionRunner, requestKey, handle *string) (*ActionTask, bool, error) {
 	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return nil, false, err
@@ -364,9 +364,9 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner, requestKey *
 	// TODO: a more efficient way to filter labels
 	var job *ActionRunJob
 	log.Trace("runner labels: %v", runner.AgentLabels)
-	for _, v := range jobs {
-		if v.ItRunsOn(runner.AgentLabels) {
-			job = v
+	for _, j := range jobs {
+		if j.IsRequestedByRunner(handle) && j.ItRunsOn(runner.AgentLabels) {
+			job = j
 			break
 		}
 	}
diff --git a/models/fixtures/action_run_job.yml b/models/fixtures/action_run_job.yml
index 2d8ea9ff6f..a3afaa8461 100644
--- a/models/fixtures/action_run_job.yml
+++ b/models/fixtures/action_run_job.yml
@@ -152,6 +152,7 @@
   is_fork_pull_request: false
   name: job_2
   attempt: 1
+  handle: 18e9cf40-c2f6-409f-b832-b945ea7dc79b
   job_id: job_2
   task_id: 47
   status: 5
@@ -167,6 +168,7 @@
   is_fork_pull_request: false
   name: job_2
   attempt: 2
+  handle: a723d3e3-49a1-4e6b-947f-e987e60bfbd6
   job_id: job_2
   task_id: 47
   status: 5
@@ -182,6 +184,7 @@
   is_fork_pull_request: false
   name: job_2
   attempt: 1
+  handle: 40317a2f-2f00-4a82-8cc4-57347989a493
   job_id: job_2
   task_id: 47
   status: 5
diff --git a/models/forgejo_migrations/v15c_add_job_handle.go b/models/forgejo_migrations/v15c_add_job_handle.go
new file mode 100644
index 0000000000..59dca1b991
--- /dev/null
+++ b/models/forgejo_migrations/v15c_add_job_handle.go
@@ -0,0 +1,23 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add handle to action_run_job",
+		Upgrade:     addActionRunJobHandle,
+	})
+}
+
+func addActionRunJobHandle(x *xorm.Engine) error {
+	type ActionRunJob struct {
+		Handle string `xorm:"unique"`
+	}
+	_, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, new(ActionRunJob))
+	return err
+}
diff --git a/modules/structs/action.go b/modules/structs/action.go
index 93aab4206c..a39ae11d65 100644
--- a/modules/structs/action.go
+++ b/modules/structs/action.go
@@ -14,6 +14,8 @@ type ActionRunJob struct {
 	ID int64 `json:"id"`
 	// How many times the job has been attempted including the current attempt.
 	Attempt int64 `json:"attempt"`
+	// Opaque identifier that uniquely identifies a single attempt of a job.
+	Handle string `json:"handle"`
 	// the repository id
 	RepoID int64 `json:"repo_id"`
 	// the owner id
diff --git a/routers/api/actions/runner/runner.go b/routers/api/actions/runner/runner.go
index 41e33fc476..2020bae89c 100644
--- a/routers/api/actions/runner/runner.go
+++ b/routers/api/actions/runner/runner.go
@@ -142,49 +142,31 @@ func (s *Service) FetchTask(
 
 	requestKey := getRequestKey(ctx)
 	if requestKey != nil {
-		// Search for previous tasks is based upon both the runner and the request key in order to reduce the security
-		// risk. If a request key is leaked (eg. it appears in a log file, log file gets published in a bug report) it
-		// could be used indefinitely to retrieve the associated task(s), so requiring the correctly authenticated
-		// runner reduces that risk.
-		recoveredTasks, err := actions_model.GetTasksByRunnerRequestKey(ctx, runner, *requestKey)
+		recoveredTasks, err := recoverTasks(ctx, runner, *requestKey)
 		if err != nil {
-			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("query by request key failed: %w", err))
+			return nil, connect.NewError(connect.CodeInternal, err)
 		} else if len(recoveredTasks) > 0 {
-			// Recovered tasks from a repeat request key
-			tasks, err := actions_service.RecoverTasks(ctx, recoveredTasks)
-			if err != nil {
-				return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("recover tasks failed: %w", err))
-			}
 			resp := &runnerv1.FetchTaskResponse{
-				Task:            tasks[0],
+				Task:            recoveredTasks[0],
 				TasksVersion:    0,
-				AdditionalTasks: tasks[1:],
+				AdditionalTasks: recoveredTasks[1:],
 			}
 			return connect.NewResponse(resp), nil
 		}
 	}
 
-	var task *runnerv1.Task
-	tasksVersion := req.Msg.TasksVersion // task version from runner
-	latestVersion, err := actions_model.GetTasksVersionByScope(ctx, runner.OwnerID, runner.RepoID)
+	latestVersion, err := getLatestTasksVersion(ctx, runner.OwnerID, runner.RepoID)
 	if err != nil {
-		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("query tasks version failed: %w", err))
-	} else if latestVersion == 0 {
-		if err := actions_model.IncreaseTaskVersion(ctx, runner.OwnerID, runner.RepoID); err != nil {
-			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("fail to increase task version: %w", err))
-		}
-		// if we don't increase the value of `latestVersion` here,
-		// the response of FetchTask will return tasksVersion as zero.
-		// and the runner will treat it as an old version of Gitea.
-		latestVersion++
+		return nil, connect.NewError(connect.CodeInternal, err)
 	}
 
+	var task *runnerv1.Task
 	var additionalTasks []*runnerv1.Task
-	if tasksVersion != latestVersion {
+	if req.Msg.TasksVersion != latestVersion {
 		// if the task version in request is not equal to the version in db,
 		// it means there may still be some tasks not be assigned.
 		// try to pick a task for the runner that send the request.
-		if t, ok, err := actions_service.PickTask(ctx, runner, requestKey); err != nil {
+		if t, ok, err := actions_service.PickTask(ctx, runner, requestKey, nil); err != nil {
 			log.Error("pick task failed: %v", err)
 			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("pick task: %w", err))
 		} else if ok {
@@ -193,7 +175,7 @@ func (s *Service) FetchTask(
 			taskCapacity := req.Msg.GetTaskCapacity()
 			taskCapacity-- // remove 1 for the task already fetched as `task`
 			for taskCapacity > 0 {
-				if t, ok, err := actions_service.PickTask(ctx, runner, requestKey); err != nil {
+				if t, ok, err := actions_service.PickTask(ctx, runner, requestKey, nil); err != nil {
 					// Don't return an error to the client/runner -- we've already assigned one-or-more tasks to the runner
 					// and if we don't return them, they can't be picked up by another runner and will become zombie tasks.
 					// Log the error and return the tasks we've assigned so far.
@@ -216,6 +198,55 @@ func (s *Service) FetchTask(
 	return res, nil
 }
 
+func (s *Service) FetchSingleTask(
+	ctx context.Context,
+	req *connect.Request[runnerv1.FetchSingleTaskRequest],
+) (*connect.Response[runnerv1.FetchSingleTaskResponse], error) {
+	runner := GetRunner(ctx)
+
+	requestKey := getRequestKey(ctx)
+	if requestKey != nil {
+		recoveredTasks, err := recoverTasks(ctx, runner, *requestKey)
+		if err != nil {
+			return nil, connect.NewError(connect.CodeInternal, err)
+		} else if len(recoveredTasks) == 1 {
+			resp := &runnerv1.FetchSingleTaskResponse{
+				TasksVersion: 0,
+				Task:         recoveredTasks[0],
+			}
+			return connect.NewResponse(resp), nil
+		} else if len(recoveredTasks) > 1 {
+			return nil, connect.NewError(connect.CodeInternal,
+				fmt.Errorf("cannot recover %d tasks because runner requested only one", len(recoveredTasks)))
+		}
+	}
+
+	latestVersion, err := getLatestTasksVersion(ctx, runner.OwnerID, runner.RepoID)
+	if err != nil {
+		return nil, connect.NewError(connect.CodeInternal, err)
+	}
+
+	var task *runnerv1.Task
+	if req.Msg.TasksVersion != latestVersion {
+		var handle *string
+		if req.Msg.Handle != nil && *req.Msg.Handle != "" {
+			handle = req.Msg.Handle
+		}
+
+		if t, ok, err := actions_service.PickTask(ctx, runner, requestKey, handle); err != nil {
+			log.Error("pick task failed: %v", err)
+			return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("pick task: %w", err))
+		} else if ok {
+			task = t
+		}
+	}
+	res := connect.NewResponse(&runnerv1.FetchSingleTaskResponse{
+		TasksVersion: latestVersion,
+		Task:         task,
+	})
+	return res, nil
+}
+
 // UpdateTask updates the task status.
 func (s *Service) UpdateTask(
 	ctx context.Context,
@@ -354,3 +385,40 @@ func (s *Service) UpdateLog(
 
 	return res, nil
 }
+
+func recoverTasks(ctx context.Context, runner *actions_model.ActionRunner, requestKey string) ([]*runnerv1.Task, error) {
+	// Search for previous tasks is based upon both the runner and the request key in order to reduce the security
+	// risk. If a request key is leaked (eg. it appears in a log file, log file gets published in a bug report) it
+	// could be used indefinitely to retrieve the associated task(s), so requiring the correctly authenticated
+	// runner reduces that risk.
+	recoveredTasks, err := actions_model.GetTasksByRunnerRequestKey(ctx, runner, requestKey)
+	if err != nil {
+		return nil, fmt.Errorf("query by request key failed: %w", err)
+	} else if len(recoveredTasks) > 0 {
+		// Recovered tasks from a repeat request key
+		tasks, err := actions_service.RecoverTasks(ctx, recoveredTasks)
+		if err != nil {
+			return nil, fmt.Errorf("recover tasks failed: %w", err)
+		}
+		return tasks, nil
+	}
+
+	return []*runnerv1.Task{}, nil
+}
+
+func getLatestTasksVersion(ctx context.Context, ownerID, repoID int64) (int64, error) {
+	latestVersion, err := actions_model.GetTasksVersionByScope(ctx, ownerID, repoID)
+	if err != nil {
+		return 0, fmt.Errorf("query tasks version failed: %w", err)
+	} else if latestVersion == 0 {
+		if err := actions_model.IncreaseTaskVersion(ctx, ownerID, repoID); err != nil {
+			return 0, fmt.Errorf("fail to increase task version: %w", err)
+		}
+		// if we don't increase the value of `latestVersion` here,
+		// the response of FetchTask will return tasksVersion as zero.
+		// and the runner will treat it as an old version of Gitea.
+		latestVersion++
+	}
+
+	return latestVersion, nil
+}
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index 7a5c363f13..21021e4076 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -77,6 +77,7 @@ func fromRunJobModelToResponse(job []*actions_model.ActionRunJob, labels []strin
 			res = append(res, &structs.ActionRunJob{
 				ID:      job[i].ID,
 				Attempt: job[i].Attempt,
+				Handle:  job[i].Handle,
 				RepoID:  job[i].RepoID,
 				OwnerID: job[i].OwnerID,
 				Name:    job[i].Name,
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index c775de7ef5..a645f317f9 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -587,7 +587,7 @@ func rerunJob(ctx *app_context.Context, job *actions_model.ActionRunJob, shouldB
 	}
 
 	if err := db.WithTx(ctx, func(ctx context.Context) error {
-		_, err := actions_service.UpdateRunJob(ctx, job, builder.Eq{"status": status}, "attempt", "task_id", "status", "started", "stopped")
+		_, err := actions_service.UpdateRunJob(ctx, job, builder.Eq{"status": status}, "handle", "attempt", "task_id", "status", "started", "stopped")
 		return err
 	}); err != nil {
 		return err
diff --git a/services/actions/task.go b/services/actions/task.go
index 4f78092bdb..ce43180b7b 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -20,7 +20,7 @@ import (
 	"google.golang.org/protobuf/types/known/timestamppb"
 )
 
-func PickTask(ctx context.Context, runner *actions_model.ActionRunner, requestKey *string) (*runnerv1.Task, bool, error) {
+func PickTask(ctx context.Context, runner *actions_model.ActionRunner, requestKey, handle *string) (*runnerv1.Task, bool, error) {
 	var (
 		task *runnerv1.Task
 		job  *actions_model.ActionRunJob
@@ -40,7 +40,7 @@ func PickTask(ctx context.Context, runner *actions_model.ActionRunner, requestKe
 	}
 
 	if err := db.WithTx(ctx, func(ctx context.Context) error {
-		t, ok, err := actions_model.CreateTaskForRunner(ctx, runner, requestKey)
+		t, ok, err := actions_model.CreateTaskForRunner(ctx, runner, requestKey, handle)
 		if err != nil {
 			return fmt.Errorf("CreateTaskForRunner: %w", err)
 		}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 9737239467..d45f9b2893 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -22401,6 +22401,11 @@
           "format": "int64",
           "x-go-name": "Attempt"
         },
+        "handle": {
+          "description": "Opaque identifier that uniquely identifies a single attempt of a job.",
+          "type": "string",
+          "x-go-name": "Handle"
+        },
         "id": {
           "description": "Identifier of this job.",
           "type": "integer",
diff --git a/tests/integration/actions_fetch_task_test.go b/tests/integration/actions_fetch_task_test.go
index 95502b7424..7796286565 100644
--- a/tests/integration/actions_fetch_task_test.go
+++ b/tests/integration/actions_fetch_task_test.go
@@ -191,3 +191,89 @@ jobs:
 		assert.NotEqual(t, task1.Id, task2.Id)
 	})
 }
+
+func TestActionFetchTask_RequestedJob(t *testing.T) {
+	if !setting.Database.Type.IsSQLite3() {
+		// mock repo runner only supported on SQLite testing
+		t.Skip()
+	}
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		// create the repo
+		repo, _, f := tests.CreateDeclarativeRepo(t, user2, "repo-many-tasks",
+			[]unit_model.Type{unit_model.TypeActions}, nil,
+			[]*files_service.ChangeRepoFile{
+				{
+					Operation: "create",
+					TreePath:  ".forgejo/workflows/simple.yml",
+					ContentReader: strings.NewReader(`
+on:
+  push:
+jobs:
+  job1:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo OK
+  job2:
+    runs-on: debian
+    steps:
+      - run: echo OK
+  job3:
+    runs-on: debian
+    steps:
+      - run: echo OK
+`),
+				},
+			},
+		)
+		defer f()
+
+		debianRunner := newMockRunner()
+		debianRunner.registerAsRepoRunner(t, user2.Name, repo.Name, "debian-runner", []string{"debian"})
+
+		ubuntuRunner := newMockRunner()
+		ubuntuRunner.registerAsRepoRunner(t, user2.Name, repo.Name, "ubuntu-runner", []string{"ubuntu-latest"})
+
+		job1 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RepoID: repo.ID, Name: "job1"})
+		job2 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RepoID: repo.ID, Name: "job2"})
+		job3 := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RepoID: repo.ID, Name: "job3"})
+
+		assert.NotEmpty(t, job1.Handle)
+		assert.NotEmpty(t, job2.Handle)
+		assert.NotEmpty(t, job3.Handle)
+
+		nonExistingHandle := "does-not-exist"
+		emptyHandle := ""
+
+		// The runner's labels do not match. Therefore, it does not receive the job despite explicitly asking for it.
+		task := debianRunner.maybeFetchSingleTask(t, &job1.Handle)
+		require.Nil(t, task)
+
+		// If the requested job does not exist or is not ready, the runner does not receive any job.
+		task = ubuntuRunner.maybeFetchSingleTask(t, &nonExistingHandle)
+		require.Nil(t, task)
+
+		ubuntuRunner.lastTasksVersion = 0
+		debianRunner.lastTasksVersion = 0
+
+		// The next job waiting in line for the debian-runner is job2. But because the runner explicitly asks for job3,
+		// it receives job3 instead.
+		task = debianRunner.maybeFetchSingleTask(t, &job3.Handle)
+		require.NotNil(t, task)
+		assert.Contains(t, string(task.GetWorkflowPayload()), "name: job3")
+
+		ubuntuRunner.lastTasksVersion = 0
+		debianRunner.lastTasksVersion = 0
+
+		// Without explicitly asking for a job, the runners receives the next job waiting in line.
+		task = debianRunner.maybeFetchSingleTask(t, nil)
+		require.NotNil(t, task)
+		assert.Contains(t, string(task.GetWorkflowPayload()), "name: job2")
+
+		task = ubuntuRunner.maybeFetchSingleTask(t, &emptyHandle)
+		require.NotNil(t, task)
+		assert.Contains(t, string(task.GetWorkflowPayload()), "name: job1")
+	})
+}
diff --git a/tests/integration/actions_runner_test.go b/tests/integration/actions_runner_test.go
index 70784c1f64..28be946712 100644
--- a/tests/integration/actions_runner_test.go
+++ b/tests/integration/actions_runner_test.go
@@ -150,6 +150,16 @@ func (r *mockRunner) maybeFetchTask(t *testing.T) *runnerv1.Task {
 	return resp.Msg.Task
 }
 
+func (r *mockRunner) maybeFetchSingleTask(t *testing.T, handle *string) *runnerv1.Task {
+	resp, err := r.client.runnerServiceClient.FetchSingleTask(t.Context(), connect.NewRequest(&runnerv1.FetchSingleTaskRequest{
+		TasksVersion: r.lastTasksVersion,
+		Handle:       handle,
+	}))
+	require.NoError(t, err)
+	r.lastTasksVersion = resp.Msg.TasksVersion
+	return resp.Msg.Task
+}
+
 func (r *mockRunner) fetchTask(t *testing.T, timeout ...time.Duration) *runnerv1.Task {
 	fetchTimeout := 10 * time.Second
 	if len(timeout) > 0 {
diff --git a/tests/integration/api_admin_actions_test.go b/tests/integration/api_admin_actions_test.go
index 5f71a41c83..173e22ca91 100644
--- a/tests/integration/api_admin_actions_test.go
+++ b/tests/integration/api_admin_actions_test.go
@@ -47,6 +47,7 @@ func TestAPIAdminActionsGetJobs(t *testing.T) {
 		expected := api.ActionRunJob{
 			ID:      393,
 			Attempt: 1,
+			Handle:  "18e9cf40-c2f6-409f-b832-b945ea7dc79b",
 			RepoID:  1,
 			OwnerID: 1,
 			Name:    "job_2",
diff --git a/tests/integration/api_org_actions_test.go b/tests/integration/api_org_actions_test.go
index 1d71f02d83..08de84cdf2 100644
--- a/tests/integration/api_org_actions_test.go
+++ b/tests/integration/api_org_actions_test.go
@@ -38,6 +38,7 @@ func TestActionsAPISearchActionJobs_OrgRunner(t *testing.T) {
 	job395 := api.ActionRunJob{
 		ID:      395,
 		Attempt: 1,
+		Handle:  "40317a2f-2f00-4a82-8cc4-57347989a493",
 		RepoID:  1,
 		OwnerID: 3,
 		Name:    "job_2",
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index c3808c2058..fa56346a27 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -52,6 +52,7 @@ func TestActionsAPISearchActionJobs_RepoRunner(t *testing.T) {
 	job393 := api.ActionRunJob{
 		ID:      393,
 		Attempt: 1,
+		Handle:  "18e9cf40-c2f6-409f-b832-b945ea7dc79b",
 		RepoID:  1,
 		OwnerID: 1,
 		Name:    "job_2",
diff --git a/tests/integration/api_user_actions_test.go b/tests/integration/api_user_actions_test.go
index 2e22686bea..b9a0b16ab4 100644
--- a/tests/integration/api_user_actions_test.go
+++ b/tests/integration/api_user_actions_test.go
@@ -39,6 +39,7 @@ func TestActionsAPISearchActionJobs_UserRunner(t *testing.T) {
 	job394 := api.ActionRunJob{
 		ID:      394,
 		Attempt: 2,
+		Handle:  "a723d3e3-49a1-4e6b-947f-e987e60bfbd6",
 		RepoID:  1,
 		OwnerID: 2,
 		Name:    "job_2",

From c6a1d64dc138902f81d21691c952d67d427e2fd4 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <forgejo-release-manager@noreply.codeberg.org>
Date: Thu, 26 Mar 2026 08:40:03 +0100
Subject: [PATCH 568/854] chore: 15.0.0 is now stable - development tag [skip
 ci]

---
 release-notes-published/15.0.0.md | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 release-notes-published/15.0.0.md

diff --git a/release-notes-published/15.0.0.md b/release-notes-published/15.0.0.md
new file mode 100644
index 0000000000..e69de29bb2

From 75906efe932ed520efcda55c08471d8d4291ab9f Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <forgejo-release-manager@noreply.codeberg.org>
Date: Thu, 26 Mar 2026 08:40:14 +0100
Subject: [PATCH 569/854] chore: 15.0.0 is now stable - first commit

---
 release-notes-published/15.0.0.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/release-notes-published/15.0.0.md b/release-notes-published/15.0.0.md
index e69de29bb2..48cdce8528 100644
--- a/release-notes-published/15.0.0.md
+++ b/release-notes-published/15.0.0.md
@@ -0,0 +1 @@
+placeholder

From 8707cc10d0a5459d82f23bb391864a38501211d7 Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Thu, 26 Mar 2026 11:00:37 +0100
Subject: [PATCH 570/854] chore: run renovate on v15 branch (#11823)

ToDo: After merge schedule a PR to remove v14 when it is EoL
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11823
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
---
 .forgejo/renovate.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.forgejo/renovate.json b/.forgejo/renovate.json
index 34c5c1f958..f3360b6647 100644
--- a/.forgejo/renovate.json
+++ b/.forgejo/renovate.json
@@ -9,7 +9,8 @@
   "baseBranchPatterns": [
     "$default",
     "/^v11\\.\\d+/forgejo$/",
-    "/^v14\\.\\d+/forgejo$/"
+    "/^v14\\.\\d+/forgejo$/",
+    "/^v15\\.\\d+/forgejo$/"
   ],
   "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths", "npmDedupe"],
   "prConcurrentLimit": 10,

From 989804fcc33451b4a57560c6661186df4568f0c2 Mon Sep 17 00:00:00 2001
From: Guangxiong Lin <hi@gxlin.org>
Date: Thu, 26 Mar 2026 15:30:16 +0100
Subject: [PATCH 571/854] fix(api): package name in route not properly
 unescaped (#11822)

This pull fixes the issue described in https://codeberg.org/forgejo/forgejo/issues/11427 .

The api handler of link/unlink packages use escaped path params to find packages. It causes errors when it comes to npm packages, which contains characters like `@` and `/`.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11822
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Guangxiong Lin <hi@gxlin.org>
Co-committed-by: Guangxiong Lin <hi@gxlin.org>
---
 routers/api/v1/packages/package.go         |  6 +++---
 tests/integration/api_packages_npm_test.go | 19 +++++++++++++++++++
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/routers/api/v1/packages/package.go b/routers/api/v1/packages/package.go
index 03057c4feb..1f7bf89027 100644
--- a/routers/api/v1/packages/package.go
+++ b/routers/api/v1/packages/package.go
@@ -249,7 +249,7 @@ func LinkPackage(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	pkg, err := packages.GetPackageByName(ctx, ctx.ContextUser.ID, packages.Type(ctx.PathParamRaw("type")), ctx.PathParamRaw("name"))
+	pkg, err := packages.GetPackageByName(ctx, ctx.ContextUser.ID, packages.Type(ctx.Params("type")), ctx.Params("name"))
 	if err != nil {
 		if errors.Is(err, util.ErrNotExist) {
 			ctx.Error(http.StatusNotFound, "GetPackageByName", err)
@@ -259,7 +259,7 @@ func LinkPackage(ctx *context.APIContext) {
 		return
 	}
 
-	repo, err := repo_model.GetRepositoryByName(ctx, ctx.ContextUser.ID, ctx.PathParamRaw("repo_name"))
+	repo, err := repo_model.GetRepositoryByName(ctx, ctx.ContextUser.ID, ctx.Params("repo_name"))
 	if err != nil {
 		if errors.Is(err, util.ErrNotExist) {
 			ctx.Error(http.StatusNotFound, "GetRepositoryByName", err)
@@ -311,7 +311,7 @@ func UnlinkPackage(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	pkg, err := packages.GetPackageByName(ctx, ctx.ContextUser.ID, packages.Type(ctx.PathParamRaw("type")), ctx.PathParamRaw("name"))
+	pkg, err := packages.GetPackageByName(ctx, ctx.ContextUser.ID, packages.Type(ctx.Params("type")), ctx.Params("name"))
 	if err != nil {
 		if errors.Is(err, util.ErrNotExist) {
 			ctx.Error(http.StatusNotFound, "GetPackageByName", err)
diff --git a/tests/integration/api_packages_npm_test.go b/tests/integration/api_packages_npm_test.go
index 38c7ee54c0..78c683c4e4 100644
--- a/tests/integration/api_packages_npm_test.go
+++ b/tests/integration/api_packages_npm_test.go
@@ -14,6 +14,7 @@ import (
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	"forgejo.org/models/packages"
+	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/packages/npm"
@@ -28,6 +29,8 @@ func TestPackageNpm(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	session := loginUser(t, user.Name)
+	tokenWritePackage := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWritePackage)
 
 	token := fmt.Sprintf("Bearer %s", getTokenForLoggedInUser(t, loginUser(t, user.Name), auth_model.AccessTokenScopeWritePackage))
 
@@ -117,6 +120,22 @@ func TestPackageNpm(t *testing.T) {
 		assert.Equal(t, int64(192), pb.Size)
 	})
 
+	t.Run("RepositoryLink", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// create a repository
+		repo, _, f := tests.CreateDeclarativeRepo(t, user, "", []unit_model.Type{unit_model.TypeCode}, nil, nil)
+		defer f()
+
+		// link to public repository
+		req := NewRequest(t, "POST", fmt.Sprintf("/api/v1/packages/%s/npm/%s/-/link/%s", user.Name, url.QueryEscape(packageName), repo.Name)).AddTokenAuth(tokenWritePackage)
+		MakeRequest(t, req, http.StatusCreated)
+
+		// remove link
+		req = NewRequest(t, "POST", fmt.Sprintf("/api/v1/packages/%s/npm/%s/-/unlink", user.Name, url.QueryEscape(packageName))).AddTokenAuth(tokenWritePackage)
+		MakeRequest(t, req, http.StatusNoContent)
+	})
+
 	t.Run("UploadExists", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 

From 7c7c6ba3b7e3678b54cc371aeb604bd318ec1e65 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 26 Mar 2026 15:32:35 +0100
Subject: [PATCH 572/854] Update module golang.org/x/image to v0.38.0
 [SECURITY] (forgejo) (#11818)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [golang.org/x/image](https://pkg.go.dev/golang.org/x/image) | [`v0.37.0` → `v0.38.0`](https://cs.opensource.google/go/x/image/+/refs/tags/v0.37.0...refs/tags/v0.38.0) | ![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fimage/v0.38.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fimage/v0.37.0/v0.38.0?slim=true) |

---

### OOM from malicious IFD offset in golang.org/x/image/tiff
[CVE-2026-33809](https://nvd.nist.gov/vuln/detail/CVE-2026-33809) / [GO-2026-4815](https://pkg.go.dev/vuln/GO-2026-4815)

<details>
<summary>More information</summary>

#### Details
A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.

#### Severity
Unknown

#### References
- [https://go.dev/cl/757660](https://go.dev/cl/757660)
- [https://go.dev/issue/78267](https://go.dev/issue/78267)

This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-4815) and the [Go Vulnerability Database](https://github.com/golang/vulndb) ([CC-BY 4.0](https://github.com/golang/vulndb#license)).
</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My44Ni4wIiwidXBkYXRlZEluVmVyIjoiNDMuODYuMCIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11818
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b7c217def8..68381a87a7 100644
--- a/go.mod
+++ b/go.mod
@@ -103,7 +103,7 @@ require (
 	go.uber.org/mock v0.6.0
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.49.0
-	golang.org/x/image v0.37.0
+	golang.org/x/image v0.38.0
 	golang.org/x/net v0.52.0
 	golang.org/x/oauth2 v0.36.0
 	golang.org/x/sync v0.20.0
diff --git a/go.sum b/go.sum
index 33570a84d1..410025ae97 100644
--- a/go.sum
+++ b/go.sum
@@ -738,8 +738,8 @@ golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2
 golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.37.0 h1:ZiRjArKI8GwxZOoEtUfhrBtaCN+4b/7709dlT6SSnQA=
-golang.org/x/image v0.37.0/go.mod h1:/3f6vaXC+6CEanU4KJxbcUZyEePbyKbaLoDOe4ehFYY=
+golang.org/x/image v0.38.0 h1:5l+q+Y9JDC7mBOMjo4/aPhMDcxEptsX+Tt3GgRQRPuE=
+golang.org/x/image v0.38.0/go.mod h1:/3f6vaXC+6CEanU4KJxbcUZyEePbyKbaLoDOe4ehFYY=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

From 9c41a5f717589b86fcf55814f46899ef4691a7e3 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 26 Mar 2026 17:11:10 +0100
Subject: [PATCH 573/854] fix: out of synchronization error after interrupting
 a PR merge by user-agent disconnect (#11821)

If the HTTP request to `/user/repo/pulls/N/merge` is cancelled by the user agent, don't stop work once we've passed validation and started to merge the PR.  Go will automatically cancel the context if the user-agent disconnects, but that can leave Forgejo in an inconsistent state -- the `git` command can be cancelled at an arbitrary location, the `branch` database table update may not be completed, timers may not be stopped, cross-references may not be populated, etc.

Added test `TestMergeHTTPRequestCancellation` stress-tests the fix by cancelling merge requests, and then verifying that the in-database repository state and in-repository database state are consistent.  I've verified that this test fails if the fix is removed -- the in-database commit and commit messages don't match the repository in all PRs.

This is a problem that likely affects other Forgejo endpoints.  For example, even the PR merge API would be impacted.  But this will be one of the most common real-world places for it to occur, so my thought is we'll see how well this fix works and what (if any) side-effects it has.  We can apply a similar pattern in other areas if they are identified as problems.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11821
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 routers/web/repo/pull.go             |  20 ++-
 tests/integration/pull_merge_test.go | 228 ++++++++++++++++++++-------
 2 files changed, 182 insertions(+), 66 deletions(-)

diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index 83e3a3cef3..c4b8583e2d 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -7,6 +7,7 @@
 package repo
 
 import (
+	stdCtx "context"
 	"errors"
 	"fmt"
 	"html"
@@ -16,6 +17,7 @@ import (
 	"path"
 	"strconv"
 	"strings"
+	"time"
 
 	"forgejo.org/models"
 	actions_model "forgejo.org/models/actions"
@@ -1420,7 +1422,15 @@ func MergePullRequest(ctx *context.Context) {
 		}
 	}
 
-	if err := pull_service.Merge(ctx, pr, ctx.Doer, ctx.Repo.GitRepo, repo_model.MergeStyle(form.Do), form.HeadCommitID, message, false); err != nil {
+	// If the HTTP request is cancelled by the user agent, don't stop work. We've started a merge and need to finish all
+	// the related work. All usage of `ctx` throughout the rest of this function should be only for error handling or UI
+	// interactions, and all effective work should use `workCtx` instead.
+	workCtx, cancelWorkCtx := stdCtx.WithTimeout(
+		stdCtx.WithoutCancel(ctx),
+		time.Duration(setting.Git.Timeout.Default)*time.Second)
+	defer cancelWorkCtx()
+
+	if err := pull_service.Merge(workCtx, pr, ctx.Doer, ctx.Repo.GitRepo, repo_model.MergeStyle(form.Do), form.HeadCommitID, message, false); err != nil {
 		if models.IsErrInvalidMergeStyle(err) {
 			ctx.JSONError(ctx.Tr("repo.pulls.invalid_merge_option"))
 		} else if models.IsErrMergeConflicts(err) {
@@ -1491,7 +1501,7 @@ func MergePullRequest(ctx *context.Context) {
 	}
 	log.Trace("Pull request merged: %d", pr.ID)
 
-	if err := stopTimerIfAvailable(ctx, ctx.Doer, issue); err != nil {
+	if err := stopTimerIfAvailable(workCtx, ctx.Doer, issue); err != nil {
 		ctx.ServerError("stopTimerIfAvailable", err)
 		return
 	}
@@ -1504,7 +1514,7 @@ func MergePullRequest(ctx *context.Context) {
 			headRepo = ctx.Repo.GitRepo
 		} else {
 			var err error
-			headRepo, err = gitrepo.OpenRepository(ctx, pr.HeadRepo)
+			headRepo, err = gitrepo.OpenRepository(workCtx, pr.HeadRepo)
 			if err != nil {
 				ctx.ServerError(fmt.Sprintf("OpenRepository[%s]", pr.HeadRepo.FullName()), err)
 				return
@@ -1512,7 +1522,7 @@ func MergePullRequest(ctx *context.Context) {
 			defer headRepo.Close()
 		}
 
-		if err := repo_service.DeleteBranchAfterMerge(ctx, ctx.Doer, pr, headRepo); err != nil {
+		if err := repo_service.DeleteBranchAfterMerge(workCtx, ctx.Doer, pr, headRepo); err != nil {
 			switch {
 			case errors.Is(err, repo_service.ErrBranchIsDefault):
 				ctx.Flash.Error(ctx.Tr("repo.pulls.delete_after_merge.head_branch.is_default"))
@@ -1557,7 +1567,7 @@ func CancelAutoMergePullRequest(ctx *context.Context) {
 	ctx.Redirect(issue.HTMLURL())
 }
 
-func stopTimerIfAvailable(ctx *context.Context, user *user_model.User, issue *issues_model.Issue) error {
+func stopTimerIfAvailable(ctx stdCtx.Context, user *user_model.User, issue *issues_model.Issue) error {
 	if issues_model.StopwatchExists(ctx, user.ID, issue.ID) {
 		if err := issues_model.CreateOrStopIssueStopwatch(ctx, user, issue); err != nil {
 			return err
diff --git a/tests/integration/pull_merge_test.go b/tests/integration/pull_merge_test.go
index b12ced9073..a987603ce7 100644
--- a/tests/integration/pull_merge_test.go
+++ b/tests/integration/pull_merge_test.go
@@ -5,6 +5,7 @@ package integration
 
 import (
 	"bytes"
+	"context"
 	"encoding/base64"
 	"fmt"
 	"math/rand/v2"
@@ -1197,6 +1198,68 @@ func shuffleSlice(slice []int64) {
 	})
 }
 
+func bulkCreatePRs(t *testing.T, prCount int, repo *repo_model.Repository, token string, labelIDs []int64, milestoneID int64) {
+	var createAllPRs sync.WaitGroup
+	var errorListMutex sync.Mutex
+	var errorList []any
+	for i := range prCount {
+		createAllPRs.Add(1)
+		go func(i int) {
+			defer createAllPRs.Done()
+			defer func() {
+				if r := recover(); r != nil {
+					errorListMutex.Lock()
+					defer errorListMutex.Unlock()
+					errorList = append(errorList, r)
+				}
+			}()
+
+			// We're going to create two branches; a new target branch where the PR will merge *into*, and a new
+			// head branch where the PR will merge *from*.  This test is about finding internal concurrency
+			// conflicts within Forgejo that prevent merges, and, merging simultaneously into the *same branch*
+			// would have natural conflicts that aren't what we're attempting to test.
+			targetBranchName := fmt.Sprintf("target-branch-%d", i)
+			req := NewRequestWithJSON(t,
+				"POST",
+				fmt.Sprintf("/api/v1/repos/%s/%s/branches", repo.OwnerName, repo.Name),
+				&api.CreateBranchRepoOption{
+					OldRefName: "main",
+					BranchName: targetBranchName,
+				}).AddTokenAuth(token)
+			MakeRequest(t, req, http.StatusCreated)
+
+			// Create the head branch that we'll be trying to merge from, with a file change:
+			headBranchName := fmt.Sprintf("update-%d", i)
+			req = NewRequestWithJSON(t,
+				"POST",
+				fmt.Sprintf("/api/v1/repos/%s/%s/contents/README-%d.md", repo.OwnerName, repo.Name, i),
+				&api.CreateFileOptions{
+					FileOptions: api.FileOptions{
+						NewBranchName: headBranchName,
+					},
+					ContentBase64: base64.StdEncoding.EncodeToString(fmt.Appendf(nil, "Hello, world %d!\n", i)),
+				}).AddTokenAuth(token)
+			MakeRequest(t, req, http.StatusCreated)
+
+			// Create a PR for the branch
+			myLabelIDs := slices.Clone(labelIDs)
+			shuffleSlice(myLabelIDs) // use a random ordering for labels as it may cause deadlocks when their count of assigned issues is updated
+			req = NewRequestWithJSON(t, http.MethodPost,
+				fmt.Sprintf("/api/v1/repos/%s/%s/pulls", repo.OwnerName, repo.Name),
+				&api.CreatePullRequestOption{
+					Head:      headBranchName,
+					Base:      targetBranchName,
+					Title:     fmt.Sprintf("create PR from branch %s", headBranchName),
+					Labels:    myLabelIDs,
+					Milestone: milestoneID,
+				}).AddTokenAuth(token)
+			MakeRequest(t, req, http.StatusCreated)
+		}(i)
+	}
+	createAllPRs.Wait()
+	assert.Empty(t, errorList)
+}
+
 func TestMergeConcurrency(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
@@ -1241,67 +1304,7 @@ func TestMergeConcurrency(t *testing.T) {
 		var apiMilestone api.Milestone
 		DecodeJSON(t, resp, &apiMilestone)
 
-		{
-			var createAllPRs sync.WaitGroup
-			var errorListMutex sync.Mutex
-			var errorList []any
-			for i := range concurrentCount {
-				createAllPRs.Add(1)
-				go func(i int) {
-					defer createAllPRs.Done()
-					defer func() {
-						if r := recover(); r != nil {
-							errorListMutex.Lock()
-							defer errorListMutex.Unlock()
-							errorList = append(errorList, r)
-						}
-					}()
-
-					// We're going to create two branches; a new target branch where the PR will merge *into*, and a new
-					// head branch where the PR will merge *from*.  This test is about finding internal concurrency
-					// conflicts within Forgejo that prevent merges, and, merging simultaneously into the *same branch*
-					// would have natural conflicts that aren't what we're attempting to test.
-					targetBranchName := fmt.Sprintf("target-branch-%d", i)
-					req := NewRequestWithJSON(t,
-						"POST",
-						fmt.Sprintf("/api/v1/repos/%s/%s/branches", repo.OwnerName, repo.Name),
-						&api.CreateBranchRepoOption{
-							OldRefName: "main",
-							BranchName: targetBranchName,
-						}).AddTokenAuth(token)
-					MakeRequest(t, req, http.StatusCreated)
-
-					// Create the head branch that we'll be trying to merge from, with a file change:
-					headBranchName := fmt.Sprintf("update-%d", i)
-					req = NewRequestWithJSON(t,
-						"POST",
-						fmt.Sprintf("/api/v1/repos/%s/%s/contents/README-%d.md", repo.OwnerName, repo.Name, i),
-						&api.CreateFileOptions{
-							FileOptions: api.FileOptions{
-								NewBranchName: headBranchName,
-							},
-							ContentBase64: base64.StdEncoding.EncodeToString(fmt.Appendf(nil, "Hello, world %d!\n", i)),
-						}).AddTokenAuth(token)
-					MakeRequest(t, req, http.StatusCreated)
-
-					// Create a PR for the branch
-					myLabelIDs := slices.Clone(labelIDs)
-					shuffleSlice(myLabelIDs) // use a random ordering for labels as it may cause deadlocks when their count of assigned issues is updated
-					req = NewRequestWithJSON(t, http.MethodPost,
-						fmt.Sprintf("/api/v1/repos/%s/%s/pulls", repo.OwnerName, repo.Name),
-						&api.CreatePullRequestOption{
-							Head:      headBranchName,
-							Base:      targetBranchName,
-							Title:     fmt.Sprintf("create PR from branch %s", headBranchName),
-							Labels:    myLabelIDs,
-							Milestone: apiMilestone.ID,
-						}).AddTokenAuth(token)
-					MakeRequest(t, req, http.StatusCreated)
-				}(i)
-			}
-			createAllPRs.Wait()
-			assert.Empty(t, errorList)
-		}
+		bulkCreatePRs(t, concurrentCount, repo, token, labelIDs, apiMilestone.ID)
 
 		// All our PRs are created; now let's try to merge them concurrently.
 
@@ -1377,3 +1380,106 @@ func TestMergeConcurrency(t *testing.T) {
 		}
 	})
 }
+
+func TestMergeHTTPRequestCancellation(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		user2Session := loginUser(t, "user2")
+		token := getUserToken(t, "user2", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteIssue)
+
+		// The purpose of this test is to interrupt the HTTP request to "/%s/%s/pulls/%d/merge" by cancelling the
+		// context at various times during the request, and ensuring that we don't get into any states where the request
+		// has partially succeeded but then been cancelled -- for example, wrote the merge to the repo, but didn't
+		// update Forgejo's database. To do this we're going to create a bunch of PRs, merge them, and cancel request
+		// during merge -- evenly distributing the cancellation times like this:
+		cancellationChecks := 5                                                       // number of pull requests to create and attempt to merge
+		measuredMergeTime := 283 * time.Millisecond                                   // time measured on a test system for one POST /%s/%s/pulls/%d/merge
+		cancellationDuration := measuredMergeTime / time.Duration(cancellationChecks) // cancel after (i+1) * cancellationDuration for each PR
+
+		repo, _, deferrer := tests.CreateDeclarativeRepo(t, user2, "concurrency-test", nil, nil, nil)
+		defer deferrer()
+
+		bulkCreatePRs(t, cancellationChecks, repo, token, nil, 0)
+
+		// All our PRs are created; now let's try to merge them concurrently. This technically doesn't have to be
+		// concurrent, but `TestMergeConcurrency` already had all this logic for this test to copy, and it reduces the
+		// test runtime:
+		{
+			var mergeAllPRs sync.WaitGroup
+			var errorListMutex sync.Mutex
+			var errorList []any
+			for i := range cancellationChecks {
+				mergeAllPRs.Add(1)
+				go func(i int) {
+					defer mergeAllPRs.Done()
+					defer func() {
+						if r := recover(); r != nil {
+							errorListMutex.Lock()
+							defer errorListMutex.Unlock()
+							errorList = append(errorList, r)
+						}
+					}()
+
+					targetBranchName := fmt.Sprintf("target-branch-%d", i)
+					headBranchName := fmt.Sprintf("update-%d", i)
+					pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{
+						HeadRepoID: repo.ID,
+						BaseRepoID: repo.ID,
+						HeadBranch: headBranchName,
+						BaseBranch: targetBranchName,
+					})
+
+					// Here's the major subject of this test: every merge request is fired with a different context
+					// timeout, causing the HTTP request to be interrupted in different places throughout the request.
+					reqCtx, cancel := context.WithTimeout(t.Context(), time.Duration(i+1)*cancellationDuration)
+					defer cancel()
+
+					req := NewRequestWithValues(t, "POST",
+						fmt.Sprintf("/%s/%s/pulls/%d/merge", repo.OwnerName, repo.Name, pr.Index), map[string]string{
+							"do":                        "merge",
+							"delete_branch_after_merge": "on",
+						})
+					req.Request = req.WithContext(reqCtx)
+					user2Session.MakeRequest(t, req, NoExpectedStatus)
+				}(i)
+			}
+			mergeAllPRs.Wait()
+			assert.Empty(t, errorList)
+		}
+
+		// Verify that all PRs are in a consistent state of merged or not (not a corrupt state):
+		gitRepo, err := gitrepo.OpenRepository(t.Context(), repo)
+		require.NoError(t, err)
+
+		for i := range cancellationChecks {
+			targetBranchName := fmt.Sprintf("target-branch-%d", i)
+			headBranchName := fmt.Sprintf("update-%d", i)
+			pr := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{
+				HeadRepoID: repo.ID,
+				BaseRepoID: repo.ID,
+				HeadBranch: headBranchName,
+				BaseBranch: targetBranchName,
+			})
+			targetBranchInDB := unittest.AssertExistsAndLoadBean(t, &git_model.Branch{
+				RepoID: repo.ID,
+				Name:   targetBranchName,
+			})
+
+			targetBranchCommitIDInRepo, err := gitRepo.GetBranchCommitID(targetBranchName)
+			require.NoError(t, err)
+			assert.Equal(t, targetBranchCommitIDInRepo, targetBranchInDB.CommitID, "real commit ID match for %s", targetBranchName)
+
+			targetBranchCommitInRepo, err := gitRepo.GetCommit(targetBranchCommitIDInRepo)
+			require.NoError(t, err)
+			assert.Equal(t, strings.TrimSpace(targetBranchCommitInRepo.CommitMessage), strings.TrimSpace(targetBranchInDB.CommitMessage))
+
+			if pr.HasMerged {
+				assert.Equal(t,
+					fmt.Sprintf("Merge pull request 'create PR from branch %[1]s' (#%[2]d) from %[1]s into %[3]s", headBranchName, pr.Index, targetBranchName),
+					targetBranchInDB.CommitMessage)
+			} else {
+				assert.Equal(t, "Initial commit", targetBranchInDB.CommitMessage)
+			}
+		}
+	})
+}

From bdb87ac3d3b4b187c5d17199a148d971e30db51b Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 26 Mar 2026 19:30:34 +0100
Subject: [PATCH 574/854] chore: remove duplicate release notes from Jan 8
 security release (#11791)

As the security patches in #10719 were backported to [v11](https://codeberg.org/forgejo/forgejo/pulls/10722), [v13](https://codeberg.org/forgejo/forgejo/pulls/10721), and [v14](https://codeberg.org/forgejo/forgejo/pulls/10720), they shouldn't be present in the [v15 release notes](https://codeberg.org/forgejo/forgejo/milestone/36366) as "Security bug fixes", but they presently are:

![image](/attachments/9b0ee1ce-5fcd-4d82-a705-a8f9014c2215)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11791
Reviewed-by: Antonin Delpeuch <wetneb@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 release-notes/10719.md | 5 -----
 1 file changed, 5 deletions(-)
 delete mode 100644 release-notes/10719.md

diff --git a/release-notes/10719.md b/release-notes/10719.md
deleted file mode 100644
index 807e660339..0000000000
--- a/release-notes/10719.md
+++ /dev/null
@@ -1,5 +0,0 @@
-fix: hide user profile anonymous options on public repo APIs
-fix: incorrect whitespace handling on pre&post receive hooks
-fix: reduce memory usage while processing large attachment uploads
-fix: load reviewer for pull review dismiss action notifier
-fix: use correct GPG key for export

From e823e8cd694e7fcbd18c59ca00b0e086f65be14a Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 26 Mar 2026 21:50:25 +0100
Subject: [PATCH 575/854] fix: duplicate key violates unique constraint in
 concurrent debian package uploads (#11776)

Fixes #11438.

Whenever a "unique constraint violation" error is encountered by package mutation, detect if a `xorm.ErrUniqueConstraintViolation` error occurs.  If it does, retry the entire transaction.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11776
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .deadcode-out                                 |   1 -
 go.mod                                        |   2 +-
 go.sum                                        |   4 +-
 models/db/context.go                          |  41 ++++++
 models/db/context_test.go                     |  56 ++++++++
 models/packages/package_version.go            |  21 +++
 services/packages/packages.go                 | 129 ++++++++++++------
 tests/integration/api_packages_debian_test.go | 111 ++++++++++-----
 8 files changed, 286 insertions(+), 79 deletions(-)

diff --git a/.deadcode-out b/.deadcode-out
index 6d2c35e374..45ad117ccd 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -19,7 +19,6 @@ forgejo.org/models/auth
 forgejo.org/models/db
 	TruncateBeans
 	TruncateBeansCascade
-	InTransaction
 	DumpTables
 	GetTableNames
 	extendBeansForCascade
diff --git a/go.mod b/go.mod
index 68381a87a7..c7a29c014c 100644
--- a/go.mod
+++ b/go.mod
@@ -274,4 +274,4 @@ replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-2024121
 
 replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
 
-replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.8
+replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.9
diff --git a/go.sum b/go.sum
index 410025ae97..594dbb4315 100644
--- a/go.sum
+++ b/go.sum
@@ -42,8 +42,8 @@ code.forgejo.org/go-chi/captcha v1.0.2 h1:vyHDPXkpjDv8bLO9NqtWzZayzstD/WpJ5xwEkA
 code.forgejo.org/go-chi/captcha v1.0.2/go.mod h1:lxiPLcJ76UCZHoH31/Wbum4GUi2NgjfFZLrJkKv1lLE=
 code.forgejo.org/go-chi/session v1.0.3 h1:ByJ9c/UC0AU57hxiGl53TXh+NdBOBwK/bhZ9jyadEwE=
 code.forgejo.org/go-chi/session v1.0.3/go.mod h1:xzGtFrV/agCJoZCUhFDlqAr1he6BrAdqlaprKOB1W90=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.8 h1:dsSKm2nus0NhHsqYxeuB3Gldk6TtlusD1CBGV6V1SS0=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.8/go.mod h1:A7sFd3BFmRp20h6drSsCXgQRQdF8Vz8HuCSrzFS3m90=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.9 h1:hzEXDa53opdp5nrGG4F6y8HzFzrGXd5GIvFyUHcvGmI=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.9/go.mod h1:A7sFd3BFmRp20h6drSsCXgQRQdF8Vz8HuCSrzFS3m90=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
 code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
 code.superseriousbusiness.org/exif-terminator v0.11.1 h1:qnujLH4/Yk/CFtFMmtjozbdV6Ry5G3Q/E/mLlWm/gQI=
diff --git a/models/db/context.go b/models/db/context.go
index 9be158ccca..f098b40a32 100644
--- a/models/db/context.go
+++ b/models/db/context.go
@@ -6,6 +6,8 @@ package db
 import (
 	"context"
 	"database/sql"
+	"errors"
+	"fmt"
 
 	"xorm.io/builder"
 	"xorm.io/xorm"
@@ -416,3 +418,42 @@ func inTransaction(ctx context.Context) (*xorm.Session, bool) {
 		return nil, false
 	}
 }
+
+type RetryConfig struct {
+	ErrorIs      []error
+	AttemptCount int
+}
+
+// Execute the given function in a transaction. RetryConfig will retry the function on an error, if it matches the
+// ErrorIs parameter, up to the total of AttemptCount number of tries. RetryTx cannot be invoked when already within a
+// transaction and will return an error immediately.
+func RetryTx(ctx context.Context, config RetryConfig, f func(ctx context.Context) error) error {
+	if InTransaction(ctx) {
+		return errors.New("unsupported operation: attempted to use RetryTx while already within a transaction")
+	} else if config.AttemptCount == 0 {
+		return errors.New("unsupported operation: attempted to use RetryTx with 0 attempts")
+	}
+
+	var lastError error
+	for range config.AttemptCount {
+		err := WithTx(ctx, f)
+		if err == nil {
+			return nil
+		}
+
+		foundMatch := false
+		for _, possibleError := range config.ErrorIs {
+			if errors.Is(err, possibleError) {
+				foundMatch = true
+				break
+			}
+		}
+		if !foundMatch {
+			return err
+		}
+
+		lastError = err
+	}
+
+	return fmt.Errorf("retry tx failed after %d attempts; last error: %w", config.AttemptCount, lastError)
+}
diff --git a/models/db/context_test.go b/models/db/context_test.go
index 525ab54d99..60ef8462cc 100644
--- a/models/db/context_test.go
+++ b/models/db/context_test.go
@@ -220,3 +220,59 @@ func TestAfterTx(t *testing.T) {
 		})
 	}
 }
+
+func TestRetryTx(t *testing.T) {
+	t.Run("success", func(t *testing.T) {
+		err := db.RetryTx(t.Context(), db.RetryConfig{AttemptCount: 1}, func(ctx context.Context) error {
+			assert.True(t, db.InTransaction(ctx))
+			return nil
+		})
+		require.NoError(t, err)
+	})
+
+	t.Run("fail constantly", func(t *testing.T) {
+		attemptCount := 0
+		testError := errors.New("hello")
+		err := db.RetryTx(t.Context(), db.RetryConfig{
+			AttemptCount: 2,
+			ErrorIs:      []error{testError},
+		}, func(ctx context.Context) error {
+			attemptCount++
+			return testError
+		})
+		require.ErrorIs(t, err, testError)
+		require.ErrorContains(t, err, "2 attempts")
+		assert.Equal(t, 2, attemptCount)
+	})
+
+	t.Run("fail w/ non retriable error", func(t *testing.T) {
+		attemptCount := 0
+		testError := errors.New("hello")
+		err := db.RetryTx(t.Context(), db.RetryConfig{
+			AttemptCount: 2,
+			ErrorIs:      []error{},
+		}, func(ctx context.Context) error {
+			attemptCount++
+			return testError
+		})
+		require.ErrorIs(t, err, testError)
+		assert.Equal(t, 1, attemptCount)
+	})
+
+	t.Run("succeed on retry", func(t *testing.T) {
+		attemptCount := 0
+		testError := errors.New("hello")
+		err := db.RetryTx(t.Context(), db.RetryConfig{
+			AttemptCount: 2,
+			ErrorIs:      []error{testError},
+		}, func(ctx context.Context) error {
+			attemptCount++
+			if attemptCount == 1 {
+				return testError
+			}
+			return nil
+		})
+		require.NoError(t, err)
+		assert.Equal(t, 2, attemptCount)
+	})
+}
diff --git a/models/packages/package_version.go b/models/packages/package_version.go
index 873f7bf9b6..545ad63eb4 100644
--- a/models/packages/package_version.go
+++ b/models/packages/package_version.go
@@ -5,11 +5,13 @@ package packages
 
 import (
 	"context"
+	"errors"
 	"strconv"
 	"strings"
 
 	"forgejo.org/models/db"
 	"forgejo.org/modules/optional"
+	"forgejo.org/modules/setting"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 
@@ -155,6 +157,25 @@ func HasVersionFileReferences(ctx context.Context, versionID int64) (bool, error
 	})
 }
 
+func (pv *PackageVersion) LockForUpdate(ctx context.Context) error {
+	if !db.InTransaction(ctx) {
+		return errors.New("invalid state for PackageVersion.LockForUpdate: database is not in a transaction")
+	} else if setting.Database.Type.IsSQLite3() {
+		// SQLite both doesn't support "SELECT ... FOR UPDATE", and it's irrelevant for SQLite as the entire database is
+		// locked for write when a write transaction is open.
+		return nil
+	}
+
+	pvfu := PackageVersion{}
+	has, err := db.GetEngine(ctx).ID(pv.ID).ForUpdate().Get(&pvfu)
+	if err != nil {
+		return err
+	} else if !has {
+		return ErrPackageNotExist
+	}
+	return nil
+}
+
 // SearchValue describes a value to search
 // If ExactMatch is true, the field must match the value otherwise a LIKE search is performed.
 type SearchValue struct {
diff --git a/services/packages/packages.go b/services/packages/packages.go
index 418ceab798..a1772cc1d9 100644
--- a/services/packages/packages.go
+++ b/services/packages/packages.go
@@ -23,6 +23,8 @@ import (
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/storage"
 	notify_service "forgejo.org/services/notify"
+
+	"xorm.io/xorm"
 )
 
 var (
@@ -76,38 +78,54 @@ func CreatePackageOrAddFileToExisting(ctx context.Context, pvci *PackageCreation
 }
 
 func createPackageAndAddFile(ctx context.Context, pvci *PackageCreationInfo, pfci *PackageFileCreationInfo, allowDuplicate bool) (*packages_model.PackageVersion, *packages_model.PackageFile, error) {
-	dbCtx, committer, err := db.TxContext(ctx)
-	if err != nil {
-		return nil, nil, err
-	}
-	defer committer.Close()
+	var pv *packages_model.PackageVersion
+	var pf *packages_model.PackageFile
+	var blobHash256Created optional.Option[string]
+	var createdPackage bool
 
-	pv, created, err := createPackageAndVersion(dbCtx, pvci, allowDuplicate)
-	if err != nil {
-		return nil, nil, err
-	}
+	// ErrUniqueConstraintViolation can occur when two concurrent updates occur to a package registry. Typically this
+	// occurs when a registry with an index of organization-level packages is modified (Debian, Alpine, Alt, Arch, RPM)
+	// and that index needs to be rebuilt -- even if two different packages are being updated, they can write the
+	// registry concurrently and that can cause ErrUniqueConstraintViolation errors from the database operations that
+	// "check if record exists, if not, create it".
+	//
+	// The simple approach of detecting the ErrUniqueConstraintViolation error inside the transaction and picking up the
+	// other write isn't possible for two reasons: (a) PostgreSQL can't continue a transaction with an error in it, a
+	// SAVEPOINT and ROLLBACK TO SAVEPOINT are required, and (b) xorm keeps internal state during a transaction that
+	// causes such a recovery from error to panic.  So, we retry the entire modification transaction if
+	// ErrUniqueConstraintViolation is encountered.
+	err := db.RetryTx(ctx, db.RetryConfig{
+		// A single retry is sufficient as any package index that was concurrently modified should now be present:
+		AttemptCount: 2,
+		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation},
+	}, func(ctx context.Context) error {
+		var err error
+		var pb *packages_model.PackageBlob
+		var blobCreated bool
 
-	pf, pb, blobCreated, err := addFileToPackageVersion(dbCtx, pv, &pvci.PackageInfo, pfci)
-	removeBlob := false
-	defer func() {
-		if blobCreated && removeBlob {
-			contentStore := packages_module.NewContentStore()
-			if err := contentStore.Delete(packages_module.BlobHash256Key(pb.HashSHA256)); err != nil {
+		pv, createdPackage, err = createPackageAndVersion(ctx, pvci, allowDuplicate)
+		if err != nil {
+			return err
+		}
+
+		pf, pb, blobCreated, err = addFileToPackageVersion(ctx, pv, &pvci.PackageInfo, pfci)
+		if blobCreated {
+			blobHash256Created = optional.Some(pb.HashSHA256)
+		}
+		return err
+	})
+	if err != nil {
+		// If we have an error later in the process after writing a blob to the content store, make our best effort to
+		// remove the content -- it won't be referenced in the DB because the transaction would be rolled back.
+		if has, hash := blobHash256Created.Get(); has {
+			if err := packages_module.NewContentStore().Delete(packages_module.BlobHash256Key(hash)); err != nil {
 				log.Error("Error deleting package blob from content store: %v", err)
 			}
 		}
-	}()
-	if err != nil {
-		removeBlob = true
 		return nil, nil, err
 	}
 
-	if err := committer.Commit(); err != nil {
-		removeBlob = true
-		return nil, nil, err
-	}
-
-	if created {
+	if createdPackage {
 		pd, err := packages_model.GetPackageDescriptor(ctx, pv)
 		if err != nil {
 			return nil, nil, err
@@ -213,29 +231,33 @@ func AddFileToPackageVersionInternal(ctx context.Context, pv *packages_model.Pac
 }
 
 func addFileToPackageWrapper(ctx context.Context, fn func(ctx context.Context) (*packages_model.PackageFile, *packages_model.PackageBlob, bool, error)) (*packages_model.PackageFile, error) {
-	ctx, committer, err := db.TxContext(ctx)
-	if err != nil {
-		return nil, err
-	}
-	defer committer.Close()
+	var pf *packages_model.PackageFile
+	var pb *packages_model.PackageBlob
+	var blobHash256Created optional.Option[string]
 
-	pf, pb, blobCreated, err := fn(ctx)
-	removeBlob := false
-	defer func() {
-		if removeBlob {
-			contentStore := packages_module.NewContentStore()
-			if err := contentStore.Delete(packages_module.BlobHash256Key(pb.HashSHA256)); err != nil {
+	// See comment in createPackageAndAddFile which explains why RetryTx is used with ErrUniqueConstraintViolation.
+	err := db.RetryTx(ctx, db.RetryConfig{
+		// A single retry is sufficient as any package index that was concurrently modified should now be present:
+		AttemptCount: 2,
+		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation},
+	}, func(ctx context.Context) error {
+		var err error
+		var blobCreated bool
+
+		pf, pb, blobCreated, err = fn(ctx)
+		if blobCreated {
+			blobHash256Created = optional.Some(pb.HashSHA256)
+		}
+		return err
+	})
+	if err != nil {
+		// If we have an error later in the process after writing a blob to the content store, make our best effort to
+		// remove the content -- it won't be referenced in the DB because the transaction would be rolled back.
+		if has, hash := blobHash256Created.Get(); has {
+			if err := packages_module.NewContentStore().Delete(packages_module.BlobHash256Key(hash)); err != nil {
 				log.Error("Error deleting package blob from content store: %v", err)
 			}
 		}
-	}()
-	if err != nil {
-		removeBlob = blobCreated
-		return nil, err
-	}
-
-	if err := committer.Commit(); err != nil {
-		removeBlob = blobCreated
 		return nil, err
 	}
 
@@ -267,6 +289,20 @@ func addFileToPackageVersion(ctx context.Context, pv *packages_model.PackageVers
 func addFileToPackageVersionUnchecked(ctx context.Context, pv *packages_model.PackageVersion, pfci *PackageFileCreationInfo, packageType packages_model.Type) (*packages_model.PackageFile, *packages_model.PackageBlob, bool, error) {
 	log.Trace("Adding package file: %v, %s", pv.ID, pfci.Filename)
 
+	// The `OverwriteExisting` capability in this method has a race condition in it -- it will check if the file already
+	// exists in the package, and delete the file's properties and the file, and then it will attempt to insert the new
+	// file.  This can cause the `ErrDuplicatePackageFile` error to be returned even when `OverwriteExisting` in
+	// concurrent modifications, as both modifications will attempt to delete the existing file, one will succeed, one
+	// will delete zero records and think it succeeded, and then both will attempt to add the file and one will hit
+	// `ErrDuplicatePackageFile`.
+	//
+	// To address this, lock the package version being modified by performing a `SELECT ... FOR UPDATE` on it,
+	// guaranteeing only one `addFileToPackageVersionUnchecked` is running on a specific package version.
+	err := pv.LockForUpdate(ctx)
+	if err != nil {
+		return nil, nil, false, err
+	}
+
 	pb, exists, err := packages_model.GetOrInsertBlob(ctx, NewPackageBlob(pfci.Data))
 	if err != nil {
 		log.Error("Error inserting package blob: %v", err)
@@ -430,7 +466,12 @@ func CheckSizeQuotaExceeded(ctx context.Context, doer, owner *user_model.User, p
 func GetOrCreateInternalPackageVersion(ctx context.Context, ownerID int64, packageType packages_model.Type, name, version string) (*packages_model.PackageVersion, error) {
 	var pv *packages_model.PackageVersion
 
-	return pv, db.WithTx(ctx, func(ctx context.Context) error {
+	// See comment in createPackageAndAddFile which explains why RetryTx is used with ErrUniqueConstraintViolation.
+	return pv, db.RetryTx(ctx, db.RetryConfig{
+		// A single retry is sufficient as any package index that was concurrently modified should now be present:
+		AttemptCount: 2,
+		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation},
+	}, func(ctx context.Context) error {
 		p := &packages_model.Package{
 			OwnerID:    ownerID,
 			Type:       packageType,
diff --git a/tests/integration/api_packages_debian_test.go b/tests/integration/api_packages_debian_test.go
index e22165c44b..4dc5288bc5 100644
--- a/tests/integration/api_packages_debian_test.go
+++ b/tests/integration/api_packages_debian_test.go
@@ -11,6 +11,7 @@ import (
 	"io"
 	"net/http"
 	"strings"
+	"sync"
 	"testing"
 
 	"forgejo.org/models/db"
@@ -19,6 +20,7 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/base"
 	debian_module "forgejo.org/modules/packages/debian"
+	"forgejo.org/modules/setting"
 	"forgejo.org/tests"
 
 	"github.com/blakesmith/ar"
@@ -26,6 +28,32 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+func createDebianArchive(name, version, architecture, packageDescription string) io.Reader {
+	var cbuf bytes.Buffer
+	zw := gzip.NewWriter(&cbuf)
+	tw := tar.NewWriter(zw)
+	tw.WriteHeader(&tar.Header{
+		Name: "control",
+		Mode: 0o600,
+		Size: 50,
+	})
+	fmt.Fprintf(tw, "Package: %s\nVersion: %s\nArchitecture: %s\nDescription: %s\n", name, version, architecture, packageDescription)
+	tw.Close()
+	zw.Close()
+
+	var buf bytes.Buffer
+	aw := ar.NewWriter(&buf)
+	aw.WriteGlobalHeader()
+	hdr := &ar.Header{
+		Name: "control.tar.gz",
+		Mode: 0o600,
+		Size: int64(cbuf.Len()),
+	}
+	aw.WriteHeader(hdr)
+	aw.Write(cbuf.Bytes())
+	return &buf
+}
+
 func TestPackageDebian(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
@@ -35,32 +63,6 @@ func TestPackageDebian(t *testing.T) {
 	packageVersion2 := "1.0.4"
 	packageDescription := "Package Description"
 
-	createArchive := func(name, version, architecture string) io.Reader {
-		var cbuf bytes.Buffer
-		zw := gzip.NewWriter(&cbuf)
-		tw := tar.NewWriter(zw)
-		tw.WriteHeader(&tar.Header{
-			Name: "control",
-			Mode: 0o600,
-			Size: 50,
-		})
-		fmt.Fprintf(tw, "Package: %s\nVersion: %s\nArchitecture: %s\nDescription: %s\n", name, version, architecture, packageDescription)
-		tw.Close()
-		zw.Close()
-
-		var buf bytes.Buffer
-		aw := ar.NewWriter(&buf)
-		aw.WriteGlobalHeader()
-		hdr := &ar.Header{
-			Name: "control.tar.gz",
-			Mode: 0o600,
-			Size: int64(cbuf.Len()),
-		}
-		aw.WriteHeader(hdr)
-		aw.Write(cbuf.Bytes())
-		return &buf
-	}
-
 	distributions := []string{"test", "gitea"}
 	components := []string{"main", "stable"}
 	architectures := []string{"all", "amd64"}
@@ -97,16 +99,16 @@ func TestPackageDebian(t *testing.T) {
 								AddBasicAuth(user.Name)
 							MakeRequest(t, req, http.StatusBadRequest)
 
-							req = NewRequestWithBody(t, "PUT", uploadURL, createArchive("", "", "")).
+							req = NewRequestWithBody(t, "PUT", uploadURL, createDebianArchive("", "", "", packageDescription)).
 								AddBasicAuth(user.Name)
 							MakeRequest(t, req, http.StatusBadRequest)
 
-							req = NewRequestWithBody(t, "PUT", uploadURL, createArchive(packageName, packageVersion, architecture)).
+							req = NewRequestWithBody(t, "PUT", uploadURL, createDebianArchive(packageName, packageVersion, architecture, packageDescription)).
 								AddBasicAuth(user.Name).
 								SetHeader("content-type", "multipart/form-data")
 							MakeRequest(t, req, http.StatusBadRequest)
 
-							req = NewRequestWithBody(t, "PUT", uploadURL, createArchive(packageName, packageVersion, architecture)).
+							req = NewRequestWithBody(t, "PUT", uploadURL, createDebianArchive(packageName, packageVersion, architecture, packageDescription)).
 								AddBasicAuth(user.Name)
 							MakeRequest(t, req, http.StatusCreated)
 
@@ -154,7 +156,7 @@ func TestPackageDebian(t *testing.T) {
 								return seen
 							})
 
-							req = NewRequestWithBody(t, "PUT", uploadURL, createArchive(packageName, packageVersion, architecture)).
+							req = NewRequestWithBody(t, "PUT", uploadURL, createDebianArchive(packageName, packageVersion, architecture, packageDescription)).
 								AddBasicAuth(user.Name)
 							MakeRequest(t, req, http.StatusConflict)
 						})
@@ -171,7 +173,7 @@ func TestPackageDebian(t *testing.T) {
 						t.Run("Packages", func(t *testing.T) {
 							defer tests.PrintCurrentTest(t)()
 
-							req := NewRequestWithBody(t, "PUT", uploadURL, createArchive(packageName, packageVersion2, architecture)).
+							req := NewRequestWithBody(t, "PUT", uploadURL, createDebianArchive(packageName, packageVersion2, architecture, packageDescription)).
 								AddBasicAuth(user.Name)
 							MakeRequest(t, req, http.StatusCreated)
 
@@ -308,3 +310,50 @@ func TestPackageDebian(t *testing.T) {
 		require.Contains(t, body, fmt.Sprintf("Version: %s", packageVersion2))
 	})
 }
+
+func TestPackageDebianConcurrent(t *testing.T) {
+	if setting.Database.Type.IsSQLite3() {
+		// Concurrency test fails on SQLite w/ "database is locked"
+		t.Skip()
+	}
+
+	defer tests.PrepareTestEnv(t)()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+	distribution := "test"
+	component := "main"
+	architecture := "amd64"
+	packageName := "gitea"
+	packageDescription := "Package Description"
+
+	rootURL := fmt.Sprintf("/api/packages/%s/debian", user.Name)
+	uploadURL := fmt.Sprintf("%s/pool/%s/%s/upload", rootURL, distribution, component)
+
+	t.Run("Concurrent Upload", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		var wg sync.WaitGroup
+		packageCount := 10
+		for i := range packageCount {
+			wg.Go(func() {
+				req := NewRequestWithBody(t, "PUT", uploadURL,
+					createDebianArchive(packageName, fmt.Sprintf("1.0.%d", i), architecture, packageDescription)).
+					AddBasicAuth(user.Name)
+				MakeRequest(t, req, http.StatusCreated)
+			})
+		}
+		wg.Wait()
+
+		url := fmt.Sprintf("%s/dists/%s/%s/binary-%s/Packages", rootURL, distribution, component, architecture)
+
+		req := NewRequest(t, "GET", url)
+		resp := MakeRequest(t, req, http.StatusOK)
+		body := resp.Body.String()
+
+		assert.Contains(t, body, fmt.Sprintf("Package: %s\n", packageName))
+		for i := range packageCount {
+			assert.Contains(t, body, fmt.Sprintf("Version: 1.0.%d\n", i))
+		}
+	})
+}

From 326809a1334a91b3185ca76907ec5a8af47b6256 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 27 Mar 2026 06:50:09 +0100
Subject: [PATCH 576/854] Update dependency happy-dom to v20.8.8 [SECURITY]
 (forgejo) (#11836)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 60 ++++++++++++++++++++++++++++++++++++++++++-----
 package.json      |  2 +-
 2 files changed, 55 insertions(+), 7 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b6a45fb066..45e38ee021 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -108,7 +108,7 @@
         "eslint-plugin-vue-scoped-css": "2.12.0",
         "eslint-plugin-wc": "3.1.0",
         "globals": "17.4.0",
-        "happy-dom": "20.0.11",
+        "happy-dom": "20.8.8",
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.47.0",
         "postcss-html": "1.8.1",
@@ -4284,6 +4284,16 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@types/ws": {
+      "version": "8.18.1",
+      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
+      "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/@typescript-eslint/eslint-plugin": {
       "version": "8.56.1",
       "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.56.1.tgz",
@@ -9150,20 +9160,36 @@
       }
     },
     "node_modules/happy-dom": {
-      "version": "20.0.11",
-      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-20.0.11.tgz",
-      "integrity": "sha512-QsCdAUHAmiDeKeaNojb1OHOPF7NjcWPBR7obdu3NwH2a/oyQaLg5d0aaCy/9My6CdPChYF07dvz5chaXBGaD4g==",
+      "version": "20.8.8",
+      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-20.8.8.tgz",
+      "integrity": "sha512-5/F8wxkNxYtsN0bXfMwIyNLZ9WYsoOYPbmoluqVJqv8KBUbcyKZawJ7uYK4WTX8IHBLYv+VXIwfeNDPy1oKMwQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@types/node": "^20.0.0",
+        "@types/node": ">=20.0.0",
         "@types/whatwg-mimetype": "^3.0.2",
-        "whatwg-mimetype": "^3.0.0"
+        "@types/ws": "^8.18.1",
+        "entities": "^7.0.1",
+        "whatwg-mimetype": "^3.0.0",
+        "ws": "^8.18.3"
       },
       "engines": {
         "node": ">=20.0.0"
       }
     },
+    "node_modules/happy-dom/node_modules/entities": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.1.tgz",
+      "integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
     "node_modules/has-bigints": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.1.0.tgz",
@@ -16235,6 +16261,28 @@
         "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
       }
     },
+    "node_modules/ws": {
+      "version": "8.20.0",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.0.tgz",
+      "integrity": "sha512-sAt8BhgNbzCtgGbt2OxmpuryO63ZoDk/sqaB/znQm94T4fCEsy/yV+7CdC1kJhOU9lboAEU7R3kquuycDoibVA==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10.0.0"
+      },
+      "peerDependencies": {
+        "bufferutil": "^4.0.1",
+        "utf-8-validate": ">=5.0.2"
+      },
+      "peerDependenciesMeta": {
+        "bufferutil": {
+          "optional": true
+        },
+        "utf-8-validate": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/xml-name-validator": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-4.0.0.tgz",
diff --git a/package.json b/package.json
index 309a16ec1a..4e8988bd79 100644
--- a/package.json
+++ b/package.json
@@ -107,7 +107,7 @@
     "eslint-plugin-vue-scoped-css": "2.12.0",
     "eslint-plugin-wc": "3.1.0",
     "globals": "17.4.0",
-    "happy-dom": "20.0.11",
+    "happy-dom": "20.8.8",
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.47.0",
     "postcss-html": "1.8.1",

From b68caa311fe5e3b7118130c2894c5b396b319681 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 27 Mar 2026 06:51:45 +0100
Subject: [PATCH 577/854] Update module github.com/klauspost/compress to
 v1.18.5 (forgejo) (#11764)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11764
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c7a29c014c..b9163f8ed3 100644
--- a/go.mod
+++ b/go.mod
@@ -71,7 +71,7 @@ require (
 	github.com/jhillyerd/enmime/v2 v2.2.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
-	github.com/klauspost/compress v1.18.4
+	github.com/klauspost/compress v1.18.5
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.82.0
 	github.com/mattn/go-isatty v0.0.20
diff --git a/go.sum b/go.sum
index 594dbb4315..85de0b8246 100644
--- a/go.sum
+++ b/go.sum
@@ -479,8 +479,8 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNU
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/compress v1.18.4 h1:RPhnKRAQ4Fh8zU2FY/6ZFDwTVTxgJ/EMydqSTzE9a2c=
-github.com/klauspost/compress v1.18.4/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
+github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE=
+github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.11 h1:0OwqZRYI2rFrjS4kvkDnqJkKHdHaRnCm68/DY4OxRzU=

From 0a25c2a7fdfbee86512d6bbb80f92b22a20b55df Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sun, 29 Mar 2026 18:04:24 +0200
Subject: [PATCH 578/854] feat: use `--token-url` in runner setup instructions
 (#11874)

Use `--token-url` instead of `--token` in the runner setup instructions. `--token-url` is more secure. It was also decided [not to implement `--token`](https://code.forgejo.org/forgejo/runner/pulls/1457). The new instructions look as follows:

```
$ echo -n "a3bac733-079f-4917-ae9f-4acb99f1827b" > /path/to/runner-token
$ forgejo-runner daemon \
	--url http://192.168.178.62:3000/ \
	--uuid 5982831f-8ee7-42c7-abcc-49c7d6dba586 \
	--token-url file:///path/to/runner-token \
	--label docker:docker://node:lts
```

`--label` is also new because Forgejo Runner is inoperable when neither a runner configuration nor `--label` are present.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11874
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 templates/shared/actions/runner_setup.tmpl | 6 ++++--
 tests/e2e/runner-management.test.e2e.ts    | 6 +++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/templates/shared/actions/runner_setup.tmpl b/templates/shared/actions/runner_setup.tmpl
index b18c995b3b..a24f63d536 100644
--- a/templates/shared/actions/runner_setup.tmpl
+++ b/templates/shared/actions/runner_setup.tmpl
@@ -43,10 +43,12 @@
 </code></pre>
 		<p>{{ctx.Locale.Tr "actions.runners.runner_setup.instruction_replace_connection_name"}}</p>
 		<h5>{{ctx.Locale.Tr "actions.runners.runner_setup.heading_using_options"}}</h5>
-		<pre><code aria-label="{{ctx.Locale.Tr "actions.runners.runner_setup.program_options_snippet_aria"}}">forgejo-runner daemon \
+		<pre><code aria-label="{{ctx.Locale.Tr "actions.runners.runner_setup.program_options_snippet_aria"}}">$ echo -n &quot;{{.Runner.Token}}&quot; > /path/to/runner-token
+$ forgejo-runner daemon \
 	--url {{.AppURL}} \
 	--uuid {{.Runner.UUID}} \
-	--token {{.Runner.Token}}
+	--token-url file:///path/to/runner-token \
+	--label docker:docker://node:lts
 </code></pre>
 		<p>{{ctx.Locale.Tr "actions.runners.runner_setup.instruction_advanced_configurations"}}</p>
 	</div>
diff --git a/tests/e2e/runner-management.test.e2e.ts b/tests/e2e/runner-management.test.e2e.ts
index 8f4d5584be..cecde7a850 100644
--- a/tests/e2e/runner-management.test.e2e.ts
+++ b/tests/e2e/runner-management.test.e2e.ts
@@ -134,7 +134,7 @@ test.describe('Runners of user2', () => {
 
     await expect(page.getByRole('heading', {name: 'Using program options'})).toBeVisible();
     await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--uuid ${runnerUUID}`);
-    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--token ${runnerToken}`);
+    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`echo -n "${runnerToken}"`);
 
     // Go back to list of runners.
     await page.getByRole('link', {name: 'List of runners', exact: true}).click();
@@ -238,7 +238,7 @@ test.describe('Runners of user2', () => {
 
     await expect(page.getByRole('heading', {name: 'Using program options'})).toBeVisible();
     await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--uuid ${runnerUUID}`);
-    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--token ${runnerToken}`);
+    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`echo -n "${runnerToken}"`);
   });
 
   test('delete runner', async ({page}) => {
@@ -425,7 +425,7 @@ test.describe('Global runners', () => {
 
     await expect(page.getByRole('heading', {name: 'Using program options'})).toBeVisible();
     await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--uuid ${runnerUUID}`);
-    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`--token ${runnerToken}`);
+    await expect(page.getByLabel('How to invoke forgejo-runner')).toContainText(`echo -n "${runnerToken}"`);
 
     // Go back to list of runners.
     await page.getByRole('link', {name: 'List of runners', exact: true}).click();

From 5afb9467d5bc8592229bd885b11c8a7197e1e888 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 30 Mar 2026 01:02:38 +0200
Subject: [PATCH 579/854] Update dependency happy-dom to v20.8.9 [SECURITY]
 (forgejo) (#11883)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 45e38ee021..a5756c475f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -108,7 +108,7 @@
         "eslint-plugin-vue-scoped-css": "2.12.0",
         "eslint-plugin-wc": "3.1.0",
         "globals": "17.4.0",
-        "happy-dom": "20.8.8",
+        "happy-dom": "20.8.9",
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.47.0",
         "postcss-html": "1.8.1",
@@ -9160,9 +9160,9 @@
       }
     },
     "node_modules/happy-dom": {
-      "version": "20.8.8",
-      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-20.8.8.tgz",
-      "integrity": "sha512-5/F8wxkNxYtsN0bXfMwIyNLZ9WYsoOYPbmoluqVJqv8KBUbcyKZawJ7uYK4WTX8IHBLYv+VXIwfeNDPy1oKMwQ==",
+      "version": "20.8.9",
+      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-20.8.9.tgz",
+      "integrity": "sha512-Tz23LR9T9jOGVZm2x1EPdXqwA37G/owYMxRwU0E4miurAtFsPMQ1d2Jc2okUaSjZqAFz2oEn3FLXC5a0a+siyA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
diff --git a/package.json b/package.json
index 4e8988bd79..6aa43fa143 100644
--- a/package.json
+++ b/package.json
@@ -107,7 +107,7 @@
     "eslint-plugin-vue-scoped-css": "2.12.0",
     "eslint-plugin-wc": "3.1.0",
     "globals": "17.4.0",
-    "happy-dom": "20.8.8",
+    "happy-dom": "20.8.9",
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.47.0",
     "postcss-html": "1.8.1",

From 7d7e75c43fb187bdde95c32c57446fe85cff7d43 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 30 Mar 2026 01:08:14 +0200
Subject: [PATCH 580/854] Update dependency katex to v0.16.43 (forgejo)
 (#11782)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11782
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a5756c475f..76f7995551 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -54,7 +54,7 @@
         "htmx.org": "2.0.8",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
-        "katex": "0.16.38",
+        "katex": "0.16.43",
         "mermaid": "11.13.0",
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.4",
@@ -10552,9 +10552,9 @@
       "license": "MIT"
     },
     "node_modules/katex": {
-      "version": "0.16.38",
-      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.38.tgz",
-      "integrity": "sha512-cjHooZUmIAUmDsHBN+1n8LaZdpmbj03LtYeYPyuYB7OuloiaeaV6N4LcfjcnHVzGWjVQmKrxxTrpDcmSzEZQwQ==",
+      "version": "0.16.43",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.43.tgz",
+      "integrity": "sha512-K7NL5JtGrFEglipOAjY4UYA69CnTuNmjArxeXF6+bw7h2OGySUPv6QWRjfb1gmutJ4Mw/qLeBqiROOEDULp4nA==",
       "funding": [
         "https://opencollective.com/katex",
         "https://github.com/sponsors/katex"
diff --git a/package.json b/package.json
index 6aa43fa143..adaa47f3eb 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
     "htmx.org": "2.0.8",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
-    "katex": "0.16.38",
+    "katex": "0.16.43",
     "mermaid": "11.13.0",
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.4",

From edc8e19ab0747ac0c87644e807bd5c893023017e Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 30 Mar 2026 01:11:53 +0200
Subject: [PATCH 581/854] Update CodeMirror (forgejo) (#11854)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11854
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 16 ++++++++--------
 package.json      |  4 ++--
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 76f7995551..1f34b34913 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -26,8 +26,8 @@
         "@codemirror/lang-rust": "6.0.2",
         "@codemirror/lang-sass": "6.0.2",
         "@codemirror/lang-xml": "6.1.0",
-        "@codemirror/lang-yaml": "6.1.2",
-        "@codemirror/language": "6.12.2",
+        "@codemirror/lang-yaml": "6.1.3",
+        "@codemirror/language": "6.12.3",
         "@codemirror/search": "6.6.0",
         "@codemirror/state": "6.6.0",
         "@codemirror/view": "6.40.0",
@@ -716,9 +716,9 @@
       }
     },
     "node_modules/@codemirror/lang-yaml": {
-      "version": "6.1.2",
-      "resolved": "https://registry.npmjs.org/@codemirror/lang-yaml/-/lang-yaml-6.1.2.tgz",
-      "integrity": "sha512-dxrfG8w5Ce/QbT7YID7mWZFKhdhsaTNOYjOkSIMt1qmC4VQnXSDSYVHHHn8k6kJUfIhtLo8t1JJgltlxWdsITw==",
+      "version": "6.1.3",
+      "resolved": "https://registry.npmjs.org/@codemirror/lang-yaml/-/lang-yaml-6.1.3.tgz",
+      "integrity": "sha512-AZ8DJBuXGVHybpBQhmZtgew5//4hv3tdkXnr3vDmOUMJRuB6vn/uuwtmTOTlqEaQFg3hQSVeA90NmvIQyUV6FQ==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/autocomplete": "^6.0.0",
@@ -731,9 +731,9 @@
       }
     },
     "node_modules/@codemirror/language": {
-      "version": "6.12.2",
-      "resolved": "https://registry.npmjs.org/@codemirror/language/-/language-6.12.2.tgz",
-      "integrity": "sha512-jEPmz2nGGDxhRTg3lTpzmIyGKxz3Gp3SJES4b0nAuE5SWQoKdT5GoQ69cwMmFd+wvFUhYirtDTr0/DRHpQAyWg==",
+      "version": "6.12.3",
+      "resolved": "https://registry.npmjs.org/@codemirror/language/-/language-6.12.3.tgz",
+      "integrity": "sha512-QwCZW6Tt1siP37Jet9Tb02Zs81TQt6qQrZR2H+eGMcFsL1zMrk2/b9CLC7/9ieP1fjIUMgviLWMmgiHoJrj+ZA==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.0.0",
diff --git a/package.json b/package.json
index adaa47f3eb..321396bf9c 100644
--- a/package.json
+++ b/package.json
@@ -25,8 +25,8 @@
     "@codemirror/lang-rust": "6.0.2",
     "@codemirror/lang-sass": "6.0.2",
     "@codemirror/lang-xml": "6.1.0",
-    "@codemirror/lang-yaml": "6.1.2",
-    "@codemirror/language": "6.12.2",
+    "@codemirror/lang-yaml": "6.1.3",
+    "@codemirror/language": "6.12.3",
     "@codemirror/search": "6.6.0",
     "@codemirror/state": "6.6.0",
     "@codemirror/view": "6.40.0",

From a6ee3e61ccb0a27feedbdb27580bed9f82ead575 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 30 Mar 2026 01:52:22 +0200
Subject: [PATCH 582/854] Update module github.com/urfave/cli/v3 to v3.8.0
 (forgejo) (#11834)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11834
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b9163f8ed3..43a243f532 100644
--- a/go.mod
+++ b/go.mod
@@ -94,7 +94,7 @@ require (
 	github.com/stretchr/testify v1.11.1
 	github.com/syndtr/goleveldb v1.0.0
 	github.com/ulikunitz/xz v0.5.15
-	github.com/urfave/cli/v3 v3.7.0
+	github.com/urfave/cli/v3 v3.8.0
 	github.com/valyala/fastjson v1.6.10
 	github.com/yohcop/openid-go v1.0.1
 	github.com/yuin/goldmark v1.7.17
diff --git a/go.sum b/go.sum
index 85de0b8246..532ba82b5b 100644
--- a/go.sum
+++ b/go.sum
@@ -662,8 +662,8 @@ github.com/tinylib/msgp v1.6.1/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77ro
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
 github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/urfave/cli/v3 v3.7.0 h1:AGSnbUyjtLiM+WJUb4dzXKldl/gL+F8OwmRDtVr6g2U=
-github.com/urfave/cli/v3 v3.7.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
+github.com/urfave/cli/v3 v3.8.0 h1:XqKPrm0q4P0q5JpoclYoCAv0/MIvH/jZ2umzuf8pNTI=
+github.com/urfave/cli/v3 v3.8.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/valyala/fastjson v1.6.10 h1:/yjJg8jaVQdYR3arGxPE2X5z89xrlhS0eGXdv+ADTh4=
 github.com/valyala/fastjson v1.6.10/go.mod h1:e6FubmQouUNP73jtMLmcbxS6ydWIpOfhz34TSfO3JaE=

From cacbe76b13eb8154bbf87f6b21c8600635f921b4 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 30 Mar 2026 01:57:11 +0200
Subject: [PATCH 583/854] Update
 https://data.forgejo.org/actions/git-backporting action to v4.9.1 (forgejo)
 (#11767)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11767
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .forgejo/workflows/backport.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/backport.yml b/.forgejo/workflows/backport.yml
index 56956c4641..4854eb225e 100644
--- a/.forgejo/workflows/backport.yml
+++ b/.forgejo/workflows/backport.yml
@@ -47,7 +47,7 @@ jobs:
           cat <<'EOF'
           ${{ toJSON(github) }}
           EOF
-      - uses: https://data.forgejo.org/actions/git-backporting@v4.8.7
+      - uses: https://data.forgejo.org/actions/git-backporting@v4.9.1
         with:
           target-branch-pattern: "^backport/(?<target>(v.*))$"
           strategy: ort

From eaceb845ea8f5758cf09bee99fcfa3a435a26dec Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 30 Mar 2026 04:17:07 +0200
Subject: [PATCH 584/854] Update renovate Docker tag to v43.99.1 (forgejo)
 (#11889)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 61d5b22162..0008653790 100644
--- a/Makefile
+++ b/Makefile
@@ -48,7 +48,7 @@ GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasour
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.43.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.86.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.99.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From 3ec8e96646502eed8568726feb1c8bd1971c196e Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 31 Mar 2026 02:42:52 +0200
Subject: [PATCH 585/854] Update module github.com/mattn/go-sqlite3 to v1.14.38
 (forgejo) (#11902)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `v1.14.37` → `v1.14.38` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fmattn%2fgo-sqlite3/v1.14.38?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fmattn%2fgo-sqlite3/v1.14.37/v1.14.38?slim=true) |

---

### Release Notes

<details>
<summary>mattn/go-sqlite3 (github.com/mattn/go-sqlite3)</summary>

### [`v1.14.38`](https://github.com/mattn/go-sqlite3/compare/v1.14.37...v1.14.38)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.37...v1.14.38)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11902
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 43a243f532..e807add673 100644
--- a/go.mod
+++ b/go.mod
@@ -75,7 +75,7 @@ require (
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.82.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-sqlite3 v1.14.37
+	github.com/mattn/go-sqlite3 v1.14.38
 	github.com/meilisearch/meilisearch-go v0.36.0
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
diff --git a/go.sum b/go.sum
index 532ba82b5b..f3aa7a35f4 100644
--- a/go.sum
+++ b/go.sum
@@ -520,8 +520,8 @@ github.com/mattn/go-runewidth v0.0.17 h1:78v8ZlW0bP43XfmAfPsdXcoNCelfMHsDmd/pkEN
 github.com/mattn/go-runewidth v0.0.17/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/mattn/go-sqlite3 v1.14.37 h1:3DOZp4cXis1cUIpCfXLtmlGolNLp2VEqhiB/PARNBIg=
-github.com/mattn/go-sqlite3 v1.14.37/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.38 h1:tDUzL85kMvOrvpCt8P64SbGgVFtJB11GPi2AdmITgb4=
+github.com/mattn/go-sqlite3 v1.14.38/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/meilisearch/meilisearch-go v0.36.0 h1:N1etykTektXt5KPcSbhBO0d5Xx5NaKj4pJWEM7WA5dI=
 github.com/meilisearch/meilisearch-go v0.36.0/go.mod h1:HBfHzKMxcSbTOvqdfuRA/yf6Vk9IivcwKocWRuW7W78=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=

From 7886e74b257930504c8e53b7a901ea8936f47fed Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 31 Mar 2026 02:49:54 +0200
Subject: [PATCH 586/854] Update github.com/go-git/go-git/v5 (indirect) to
 v5.17.1 [SECURITY] (forgejo) (#11897)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `v5.17.0` → `v5.17.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgo-git%2fgo-git%2fv5/v5.17.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgo-git%2fgo-git%2fv5/v5.17.0/v5.17.1?slim=true) |

---

### go-git missing validation decoding Index v4 files leads to panic
[CVE-2026-33762](https://nvd.nist.gov/vuln/detail/CVE-2026-33762) / [GHSA-gm2x-2g9h-ccm8](https://github.com/advisories/GHSA-gm2x-2g9h-ccm8)

<details>
<summary>More information</summary>

#### Details
##### Impact

`go-git`’s index decoder for format version 4 fails to validate the path name prefix length before applying it to the previously decoded path name. A maliciously crafted index file can trigger an out-of-bounds slice operation, resulting in a runtime panic during normal index parsing.

This issue only affects Git index format version 4. Earlier formats (`go-git` supports only `v2` and `v3`) are not vulnerable to this issue.

An attacker able to supply a crafted `.git/index` file can cause applications using go-git to panic while reading the index. If the application does not recover from panics, this results in process termination, leading to a denial-of-service (DoS) condition.

Exploitation requires the ability to modify or inject a Git index file within the local repository in disk. This typically implies write access to the `.git` directory.

##### Patches

Users should upgrade to `v5.17.1`, or the latest `v6` [pseudo-version](https://go.dev/ref/mod#pseudo-versions), in order to mitigate this vulnerability.

##### Credit

go-git maintainers thank @&#8203;kq5y for finding and reporting this issue privately to the `go-git` project.

#### Severity
- CVSS Score: 2.8 / 10 (Low)
- Vector String: `CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L`

#### References
- [https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8](https://github.com/go-git/go-git/security/advisories/GHSA-gm2x-2g9h-ccm8)
- [https://github.com/go-git/go-git](https://github.com/go-git/go-git)

This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-gm2x-2g9h-ccm8) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### go-git: Maliciously crafted idx file can cause asymmetric memory consumption
[CVE-2026-34165](https://nvd.nist.gov/vuln/detail/CVE-2026-34165) / [GHSA-jhf3-xxhw-2wpp](https://github.com/advisories/GHSA-jhf3-xxhw-2wpp)

<details>
<summary>More information</summary>

#### Details
##### Impact

A vulnerability has been identified in which a maliciously crafted `.idx` file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service (DoS) condition.

Exploitation requires write access to the local repository's `.git` directory, it order to create or alter existing `.idx` files.

##### Patches

Users should upgrade to `v5.17.1`, or the latest `v6` [pseudo-version](https://go.dev/ref/mod#pseudo-versions), in order to mitigate this vulnerability.

##### Credit

The go-git maintainers thank @&#8203;kq5y for finding and reporting this issue privately to the `go-git` project.

#### Severity
- CVSS Score: 5.0 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H`

#### References
- [https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp](https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp)
- [https://github.com/go-git/go-git](https://github.com/go-git/go-git)
- [https://github.com/go-git/go-git/releases/tag/v5.17.1](https://github.com/go-git/go-git/releases/tag/v5.17.1)

This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-jhf3-xxhw-2wpp) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>go-git/go-git (github.com/go-git/go-git/v5)</summary>

### [`v5.17.1`](https://github.com/go-git/go-git/releases/tag/v5.17.1)

[Compare Source](https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1)

#### What's Changed

- build: Update module github.com/cloudflare/circl to v1.6.3 \[SECURITY] (releases/v5.x) by [@&#8203;go-git-renovate](https://github.com/go-git-renovate)\[bot] in [#&#8203;1930](https://github.com/go-git/go-git/pull/1930)
- \[v5] plumbing: format/index, Improve v4 entry name validation by [@&#8203;pjbgf](https://github.com/pjbgf) in [#&#8203;1935](https://github.com/go-git/go-git/pull/1935)
- \[v5] plumbing: format/idxfile, Fix version and fanout checks by [@&#8203;pjbgf](https://github.com/pjbgf) in [#&#8203;1937](https://github.com/go-git/go-git/pull/1937)

**Full Changelog**: <https://github.com/go-git/go-git/compare/v5.17.0...v5.17.1>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11897
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e807add673..53b90801b6 100644
--- a/go.mod
+++ b/go.mod
@@ -175,7 +175,7 @@ require (
 	github.com/go-fed/httpsig v1.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.8.0 // indirect
-	github.com/go-git/go-git/v5 v5.17.0 // indirect
+	github.com/go-git/go-git/v5 v5.17.1 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-openapi/jsonpointer v0.22.4 // indirect
 	github.com/go-openapi/jsonreference v0.21.4 // indirect
diff --git a/go.sum b/go.sum
index f3aa7a35f4..d6b747d096 100644
--- a/go.sum
+++ b/go.sum
@@ -284,8 +284,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.8.0 h1:I8hjc3LbBlXTtVuFNJuwYuMiHvQJDq1AT6u4DwDzZG0=
 github.com/go-git/go-billy/v5 v5.8.0/go.mod h1:RpvI/rw4Vr5QA+Z60c6d6LXH0rYJo0uD5SqfmrrheCY=
-github.com/go-git/go-git/v5 v5.17.0 h1:AbyI4xf+7DsjINHMu35quAh4wJygKBKBuXVjV/pxesM=
-github.com/go-git/go-git/v5 v5.17.0/go.mod h1:f82C4YiLx+Lhi8eHxltLeGC5uBTXSFa6PC5WW9o4SjI=
+github.com/go-git/go-git/v5 v5.17.1 h1:WnljyxIzSj9BRRUlnmAU35ohDsjRK0EKmL0evDqi5Jk=
+github.com/go-git/go-git/v5 v5.17.1/go.mod h1:pW/VmeqkanRFqR6AljLcs7EA7FbZaN5MQqO7oZADXpo=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=

From 5c135636823f62c9bc97b1bdd3a43773000d3c5b Mon Sep 17 00:00:00 2001
From: Antonin Delpeuch <antonin@delpeuch.eu>
Date: Tue, 31 Mar 2026 02:56:12 +0200
Subject: [PATCH 587/854] feat: "Add member" button in org members list
 (#11848)

Fixes #1529.

This adds an "Add member" button to the list of members of an organization, offering a more intuitive way to add a user to an organization (instead of going through the list of teams).
This follows the design proposed in #1529. This PR can already be reviewed as such, but I plan to work on follow-up improvements:
- adding a confirmation dialog when adding the new member to the "Owners" team, since they get absolute rights on the org
- adding a text input to filter the list of teams, making it easier to select the desired teams when there are many of them
- potentially, improving the team creation link so that it brings the user back to the modal dialog once the team is created (but I'm not sure there's a ton of value behind this added complexity, since currently, creating a team will lead the user to the team page, which is a good place to add the member to the team)

This new way of adding members does not support issuing email invites, since we decided in #9884 that the invite feature hasn't got good enough of a UX to advertise it yet. Following [this discussion](https://codeberg.org/forgejo/discussions/issues/441), I am planning to work on enabling invites everywhere (potentially even making it the default).

## Checklist

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

I plan to update https://docs.codeberg.org/collaborating/create-organization/#people once we are ready to take final screenshots of the feature.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

### Screenshots

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11848): <!--number 11848 --><!--line 0 --><!--description IkFkZCBtZW1iZXIiIGJ1dHRvbiBpbiBvcmcgbWVtYmVycyBsaXN0-->"Add member" button in org members list<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11848
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
---
 options/locale_next/locale_en-US.json    |   4 +
 routers/web/org/members.go               |  61 ++++++++
 templates/org/member/add_org_member.tmpl |  55 +++++++
 templates/org/member/members.tmpl        |   9 ++
 tests/e2e/org-members.test.e2e.ts        |  26 ++++
 tests/integration/org_members_test.go    | 175 +++++++++++++++++++++++
 web_src/css/base.css                     |   5 +
 web_src/css/org.css                      |   5 +
 web_src/js/features/add-org-member.ts    |  24 ++++
 web_src/js/index.js                      |   2 +
 10 files changed, 366 insertions(+)
 create mode 100644 templates/org/member/add_org_member.tmpl
 create mode 100644 web_src/js/features/add-org-member.ts

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 59edecac03..643b1388f5 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -563,6 +563,10 @@
 	},
 	"teams.add_all_repos.modal.header": "Add all repositories",
 	"teams.remove_all_repos.modal.header": "Remove all repositories",
+	"members.add_member": "Add member",
+	"members.user": "User",
+	"members.user_already_member": "This user is already a member of the organization.",
+	"members.no_team_selected": "Organization members must belong to at least one team.",
 	"pulls.manual_merge.helper": "Manual merge helper",
 	"pulls.manual_merge.helpder.description": "Use this merge commit message when completing the merge manually.",
 	"pulls.manual_merge.commit.title": "Merge commit title",
diff --git a/routers/web/org/members.go b/routers/web/org/members.go
index 65e2b032e8..4550d5f0e7 100644
--- a/routers/web/org/members.go
+++ b/routers/web/org/members.go
@@ -5,10 +5,12 @@
 package org
 
 import (
+	"fmt"
 	"net/http"
 
 	"forgejo.org/models"
 	"forgejo.org/models/organization"
+	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/base"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
@@ -67,8 +69,14 @@ func Members(ctx *context.Context) {
 		ctx.ServerError("GetMembers", err)
 		return
 	}
+	teams, err := organization.FindOrgTeams(ctx, org.ID)
+	if err != nil {
+		ctx.ServerError("GetTeams", err)
+		return
+	}
 	ctx.Data["Page"] = pager
 	ctx.Data["Members"] = members
+	ctx.Data["Teams"] = teams
 	ctx.Data["MembersIsPublicMember"] = membersIsPublic
 	ctx.Data["MembersIsUserOrgOwner"] = organization.IsUserOrgOwner(ctx, members, org.ID)
 	ctx.Data["MembersTwoFaStatus"] = members.GetTwoFaStatus(ctx)
@@ -110,6 +118,59 @@ func MembersAction(ctx *context.Context) {
 			ctx.JSONRedirect(ctx.Org.OrgLink + "/members")
 			return
 		}
+	case "add":
+		if !ctx.Org.IsOwner {
+			ctx.Error(http.StatusNotFound)
+			return
+		}
+		uname := ctx.FormString("uname")
+		var u *user_model.User
+		u, err = user_model.GetUserByName(ctx, uname)
+		if err != nil {
+			ctx.ServerError("GetUserByName", err)
+			return
+		}
+
+		if u.IsOrganization() {
+			ctx.Flash.Error(ctx.Tr("form.cannot_add_org_to_team"))
+			ctx.Redirect(ctx.Org.OrgLink + "/members")
+			return
+		}
+
+		alreadyMember, err := ctx.Org.Organization.IsOrgMember(ctx, u.ID)
+		if err != nil {
+			ctx.ServerError("IsOrgMember", err)
+			return
+		}
+		if alreadyMember {
+			ctx.Flash.Error(ctx.Tr("members.user_already_member"))
+			ctx.Redirect(ctx.Org.OrgLink + "/members")
+			return
+		}
+
+		teams, err := organization.FindOrgTeams(ctx, org.ID)
+		if err != nil {
+			ctx.ServerError("GetTeams", err)
+			return
+		}
+		addedToTeam := false
+		for _, team := range teams {
+			addToTeam := ctx.FormBool(fmt.Sprintf("team_%d", team.ID))
+			if addToTeam {
+				err = models.AddTeamMember(ctx, team, u.ID)
+				if err != nil {
+					ctx.ServerError("AddTeamMember", err)
+					return
+				}
+				addedToTeam = true
+			}
+		}
+
+		if !addedToTeam {
+			ctx.Flash.Error(ctx.Tr("members.no_team_selected"))
+		}
+		ctx.Redirect(ctx.Org.OrgLink + "/members")
+		return
 	case "leave":
 		err = models.RemoveOrgUser(ctx, org.ID, ctx.Doer.ID)
 		if err == nil {
diff --git a/templates/org/member/add_org_member.tmpl b/templates/org/member/add_org_member.tmpl
new file mode 100644
index 0000000000..e2b8f1b572
--- /dev/null
+++ b/templates/org/member/add_org_member.tmpl
@@ -0,0 +1,55 @@
+<div class="ui g-modal-confirm delete modal" id="delete-label">
+	<div class="header">
+		{{svg "octicon-trash"}}
+		{{ctx.Locale.Tr "repo.issues.label_deletion"}}
+	</div>
+	<div class="content">
+		<p>{{ctx.Locale.Tr "repo.issues.label_deletion_desc"}}</p>
+	</div>
+	{{template "base/modal_actions_confirm" .}}
+</div>
+
+<dialog id="add-member-modal">
+	<article>
+		<header>{{ctx.Locale.Tr "members.add_member"}}</header>
+		<form class="ui add-member form ignore-dirty" action="{{$.OrgLink}}/members/action/add" method="post">
+			<input type="hidden" name="uid" value="{{.SignedUser.ID}}">
+			<div class="content">
+				<div class="field">
+					<label>{{ctx.Locale.Tr "members.user"}}</label>
+					<div id="search-user-box" class="ui search tw-mr-2"{{if .IsEmailInviteEnabled}} data-allow-email="true" data-allow-email-description="{{ctx.Locale.Tr "org.teams.invite_team_member" $.Team.Name}}"{{end}}>
+						<div class="ui input">
+							<input class="prompt" name="uname" placeholder="{{ctx.Locale.Tr "search.user_kind"}}" autocomplete="off" required>
+						</div>
+					</div>
+				</div>
+
+				<div class="field">
+					<label>{{ctx.Locale.Tr "org.teams"}}</label>
+					<div class="ui negative message flash-message flash-error" id="no-team-selected-message" hidden>{{ctx.Locale.Tr "members.no_team_selected"}}</div>
+					<div class="team-list">
+						{{range .Teams}}
+						<div class="inline field">
+							<div class="ui checkbox">
+								<input name="team_{{.ID}}" id="add-member-team_{{.ID}}" type="checkbox">
+								<label for="add-member-team_{{.ID}}">{{.Name}}</label>
+							</div>
+						</div>
+						{{end}}
+						<div class="inline">
+							{{svg "octicon-plus"}} <a href="{{$.OrgLink}}/teams/new">{{ctx.Locale.Tr "org.create_new_team"}}</a>
+						</div>
+					</div>
+				</div>
+
+			</div>
+		</form>
+		<div class="actions">
+			<button class="secondary cancel button">
+				{{svg "octicon-x"}}
+				{{ctx.Locale.Tr "cancel"}}
+			</button>
+			<button class="primary ok button" type="submit">{{ctx.Locale.Tr "members.add_member"}}</button>
+		</div>
+	</article>
+</dialog>
diff --git a/templates/org/member/members.tmpl b/templates/org/member/members.tmpl
index 24d7fd09e0..08bb8b9894 100644
--- a/templates/org/member/members.tmpl
+++ b/templates/org/member/members.tmpl
@@ -4,6 +4,14 @@
 	<div class="ui container">
 		{{template "base/alert" .}}
 
+		{{if $.IsOrganizationOwner}}
+			<div class="text right">
+				<button class="primary button" id="add-org-member-button">
+				{{svg "octicon-plus"}} {{ctx.Locale.Tr "members.add_member"}}
+				</button>
+			</div>
+			<div class="divider"></div>
+		{{end}}
 		<div class="list">
 			{{range $idx, $_ := .Members}}
 				{{if ne $idx 0}}
@@ -87,5 +95,6 @@
 	</div>
 	{{template "base/modal_actions_confirm" .}}
 </div>
+{{template "org/member/add_org_member" .}}
 
 {{template "base/footer" .}}
diff --git a/tests/e2e/org-members.test.e2e.ts b/tests/e2e/org-members.test.e2e.ts
index b5cb9bd104..7be6714639 100644
--- a/tests/e2e/org-members.test.e2e.ts
+++ b/tests/e2e/org-members.test.e2e.ts
@@ -49,3 +49,29 @@ test('Leave org', async ({page}) => {
   // Getting error is enough to know that the correct request went though
   await expect(page.locator('.flash-error').getByText('You cannot remove the last user from the "owners" team.')).toBeVisible();
 });
+
+test('Add a new member to the org', async ({page}) => {
+  page.goto('/org/org3/members');
+
+  // Click the "Add member" button
+  const newMemberButton = page.locator('#add-org-member-button');
+  await newMemberButton.click();
+
+  // A modal dialog appears
+  await expect(page.locator('#add-member-modal')).toBeVisible();
+
+  // Fill in the name of the user to add
+  await page.locator('#search-user-box input').fill('user5');
+  // Pick the auto-complete suggestion
+  await page.locator('#search-user-box .results a.result').click();
+
+  // Choose some teams
+  await page.locator('#add-member-team_2').click();
+  await page.locator('#add-member-team_12').click();
+
+  // Click the button
+  await page.locator('#add-member-modal .actions button.ok').click();
+
+  // Getting error is enough to know that the correct request went though
+  await expect(page.locator('.organization.members .list a').getByText('user5 (User Five)')).toBeVisible();
+});
diff --git a/tests/integration/org_members_test.go b/tests/integration/org_members_test.go
index e51850126f..b0cdb2f3f0 100644
--- a/tests/integration/org_members_test.go
+++ b/tests/integration/org_members_test.go
@@ -4,12 +4,19 @@
 package integration
 
 import (
+	"fmt"
 	"net/http"
+	"strings"
 	"testing"
 
+	"forgejo.org/models/db"
+	"forgejo.org/models/organization"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestOrgMembersPage(t *testing.T) {
@@ -24,6 +31,8 @@ func TestOrgMembersPage(t *testing.T) {
 		/* No interactive buttons - though such evaluation is easy to break in rename */
 		assert.Equal(t, 0, doc.Find(".members .list .link-action").Length())
 		assert.Equal(t, 0, doc.Find(".members .list .delete-button").Length())
+		/* Guests cannot add members to organizations */
+		doc.AssertElement(t, "#add-org-member-button", false)
 	})
 
 	t.Run("Member PoV", func(t *testing.T) {
@@ -34,6 +43,8 @@ func TestOrgMembersPage(t *testing.T) {
 		/* Interactive buttons are only available for own entry in the list */
 		assert.Equal(t, 1, doc.Find(".members .list .link-action").Length())
 		assert.Equal(t, 1, doc.Find(".members .list .delete-button").Length())
+		/* Adding new members is not possible, as the member isn't an owner */
+		doc.AssertElement(t, "#add-org-member-button", false)
 	})
 
 	t.Run("Owner PoV", func(t *testing.T) {
@@ -44,5 +55,169 @@ func TestOrgMembersPage(t *testing.T) {
 		/* Interactive buttons are available for all entries in the list (> 2) */
 		assert.Less(t, 2, doc.Find(".members .list .link-action").Length())
 		assert.Less(t, 2, doc.Find(".members .list .delete-button").Length())
+		/* Adding new members is possible */
+		doc.AssertElement(t, "#add-org-member-button", true)
 	})
 }
+
+func TestOrgAddMember(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
+	team1 := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 1})
+	team2 := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+
+	isMember, err := organization.IsTeamMember(db.DefaultContext, team1.OrgID, team1.ID, user.ID)
+	require.NoError(t, err)
+	assert.False(t, isMember)
+	isMember, err = organization.IsTeamMember(db.DefaultContext, team2.OrgID, team2.ID, user.ID)
+	require.NoError(t, err)
+	assert.False(t, isMember)
+
+	session := loginUser(t, "user2")
+
+	teamURL := fmt.Sprintf("/org/%s/members", org.Name)
+	req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{
+		"uid":    "2",
+		"uname":  user.LoginName,
+		"team_1": "on",
+		"team_2": "on",
+	})
+	resp := session.MakeRequest(t, req, http.StatusSeeOther)
+	assert.Equal(t, teamURL, resp.Header().Get("Location"))
+
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+	isMember, err = organization.IsTeamMember(db.DefaultContext, team1.OrgID, team1.ID, user.ID)
+	require.NoError(t, err)
+	assert.True(t, isMember)
+	isMember, err = organization.IsTeamMember(db.DefaultContext, team2.OrgID, team2.ID, user.ID)
+	require.NoError(t, err)
+	assert.True(t, isMember)
+}
+
+func TestOrgAddMemberToNoTeam(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+
+	isOrgMember, err := org.IsOrgMember(db.DefaultContext, user.ID)
+	require.NoError(t, err)
+	assert.False(t, isOrgMember)
+
+	session := loginUser(t, "user2")
+
+	teamURL := fmt.Sprintf("/org/%s/members", org.Name)
+	resp := session.MakeRequest(t, NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{
+		"uid":   "2",
+		"uname": user.LoginName,
+	}), http.StatusSeeOther)
+	assert.Equal(t, teamURL, resp.Header().Get("Location"))
+
+	doc := NewHTMLParser(t, session.MakeRequest(t, NewRequest(t, "GET", teamURL), http.StatusOK).Body)
+	assert.Contains(t, strings.TrimSpace(doc.Find(".flash-error").Text()), "Organization members must belong to at least one team.")
+
+	isOrgMember, err = org.IsOrgMember(db.DefaultContext, user.ID)
+	require.NoError(t, err)
+	assert.False(t, isOrgMember)
+}
+
+func TestOrgAddMemberToForeignTeam(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
+	foreignTeam := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 5})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+
+	isOrgMember, err := org.IsOrgMember(db.DefaultContext, user.ID)
+	require.NoError(t, err)
+	assert.False(t, isOrgMember)
+
+	isForeignTeamMember, err := organization.IsTeamMember(db.DefaultContext, foreignTeam.OrgID, foreignTeam.ID, user.ID)
+	require.NoError(t, err)
+	assert.False(t, isForeignTeamMember)
+
+	session := loginUser(t, "user2")
+
+	teamURL := fmt.Sprintf("/org/%s/members", org.Name)
+	// This test scenario is here for security purposes as the UI will not offer adding the user to
+	// a foreign team in the first place (but a malicious request could be performed in other ways).
+	resp := session.MakeRequest(t, NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{
+		"uid":    "2",
+		"uname":  user.LoginName,
+		"team_5": "on",
+	}), http.StatusSeeOther)
+	assert.Equal(t, teamURL, resp.Header().Get("Location"))
+
+	doc := NewHTMLParser(t, session.MakeRequest(t, NewRequest(t, "GET", teamURL), http.StatusOK).Body)
+	// This error message isn't specific to this "exploit" attempt, but shows that no action was taken.
+	assert.Contains(t, strings.TrimSpace(doc.Find(".flash-error").Text()), "Organization members must belong to at least one team.")
+
+	isOrgMember, err = org.IsOrgMember(db.DefaultContext, user.ID)
+	require.NoError(t, err)
+	assert.False(t, isOrgMember)
+
+	isForeignTeamMember, err = organization.IsTeamMember(db.DefaultContext, foreignTeam.OrgID, foreignTeam.ID, user.ID)
+	require.NoError(t, err)
+	assert.False(t, isForeignTeamMember)
+}
+
+func TestOrgAddMemberWithoutProperRights(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+
+	isOrgMember, err := org.IsOrgMember(db.DefaultContext, user.ID)
+	require.NoError(t, err)
+	assert.False(t, isOrgMember)
+
+	session := loginUser(t, user.Name) // user5 is not a member of this org, so it cannot add anyone to it
+
+	teamURL := fmt.Sprintf("/org/%s/members", org.Name)
+	req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{
+		"uid":    "5",
+		"uname":  user.LoginName,
+		"team_2": "on",
+	})
+	session.MakeRequest(t, req, http.StatusNotFound)
+}
+
+func TestOrgAddExistingMemberFails(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3})
+	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 28})
+
+	members, _, err := organization.FindOrgMembers(db.DefaultContext, &organization.FindOrgMembersOpts{
+		OrgID: org.ID,
+	})
+	require.NoError(t, err)
+	assert.Len(t, members, 2)
+	isOrgMember, err := org.IsOrgMember(db.DefaultContext, user.ID)
+	require.NoError(t, err)
+	assert.True(t, isOrgMember)
+	isTeamMember, err := organization.IsTeamMember(db.DefaultContext, team.OrgID, team.ID, user.ID)
+	require.NoError(t, err)
+	assert.False(t, isTeamMember)
+
+	session := loginUser(t, "user2")
+
+	teamURL := fmt.Sprintf("/org/%s/members", org.Name)
+	req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{
+		"uid":    "2",
+		"uname":  user.LoginName,
+		"team_2": "on",
+	})
+	resp := session.MakeRequest(t, req, http.StatusSeeOther)
+	assert.Equal(t, teamURL, resp.Header().Get("Location"))
+	doc := NewHTMLParser(t, session.MakeRequest(t, NewRequest(t, "GET", teamURL), http.StatusOK).Body)
+	assert.Contains(t, strings.TrimSpace(doc.Find(".flash-error").Text()), "This user is already a member of the organization.")
+
+	user = unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 28})
+	isTeamMember, err = organization.IsTeamMember(db.DefaultContext, team.OrgID, team.ID, user.ID)
+	require.NoError(t, err)
+	assert.False(t, isTeamMember)
+}
diff --git a/web_src/css/base.css b/web_src/css/base.css
index 68b5c7b323..0ac81dca26 100644
--- a/web_src/css/base.css
+++ b/web_src/css/base.css
@@ -361,6 +361,11 @@ a.label,
   background: var(--color-hover);
 }
 
+.ui.search > .results .content {
+  padding: 0;
+  background: none;
+}
+
 .inline-code-block {
   padding: 2px 4px;
   border-radius: .24em;
diff --git a/web_src/css/org.css b/web_src/css/org.css
index 240ed5c98e..78cf2e2c61 100644
--- a/web_src/css/org.css
+++ b/web_src/css/org.css
@@ -202,3 +202,8 @@
 .org-team-navbar .active.item {
   background: var(--color-box-body) !important;
 }
+
+#add-member-modal .team-list {
+  max-height: 300px;
+  overflow-y: auto;
+}
diff --git a/web_src/js/features/add-org-member.ts b/web_src/js/features/add-org-member.ts
new file mode 100644
index 0000000000..fbb8c12423
--- /dev/null
+++ b/web_src/js/features/add-org-member.ts
@@ -0,0 +1,24 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+import {showModal} from '../modules/modal.ts';
+
+export function initAddOrgMemberButton() {
+  const addMemberButton = document.querySelector('#add-org-member-button');
+  addMemberButton?.addEventListener('click', () => {
+    showModal('add-member-modal', () => {
+      const form: HTMLFormElement = document.querySelector('.add-member.form');
+      if (!form.checkValidity()) {
+        form.reportValidity();
+        return false;
+      }
+      const selectedTeamCount = document.querySelectorAll('.add-member.form input[type=checkbox]:checked').length;
+      const noTeamSelectedMessage : HTMLElement = document.querySelector('#no-team-selected-message');
+      noTeamSelectedMessage.hidden = (selectedTeamCount !== 0);
+      if (selectedTeamCount === 0) {
+        return false;
+      }
+      form.requestSubmit();
+    });
+    return false;
+  });
+}
diff --git a/web_src/js/index.js b/web_src/js/index.js
index a3dabeacc0..c187780364 100644
--- a/web_src/js/index.js
+++ b/web_src/js/index.js
@@ -64,6 +64,7 @@ import {initOrgTeamSearchRepoBox} from './features/org-team.js';
 import {initUserAuthWebAuthn, initUserAuthWebAuthnRegister} from './features/user-auth-webauthn.js';
 import {initRepoRelease, initRepoReleaseNew} from './features/repo-release.js';
 import {initRepoEditor} from './features/repo-editor.js';
+import {initAddOrgMemberButton} from './features/add-org-member.ts';
 import {initCompSearchUserBox} from './features/comp/SearchUserBox.js';
 import {initInstall} from './features/install.js';
 import {initCompWebHookEditor} from './features/comp/WebHookEditor.js';
@@ -152,6 +153,7 @@ onDomReady(() => {
   initRepoEllipsisButton();
   initRepoDiffCommitBranchesAndTags();
   initRepoEditor();
+  initAddOrgMemberButton();
   initRepoGraphGit();
   initRepoIssueContentHistory();
   initRepoIssueDue();

From 8387974e2e16b19a2ceba1ca3d9a99de2749cafb Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 31 Mar 2026 02:56:43 +0200
Subject: [PATCH 588/854] ci: prevent usage of live application models &
 services in migrations (#11872)

Prevent access to "current" application models and services from migrations via `golangci` config:

eg:
```
models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go:18:2: import 'forgejo.org/models/user' is not allowed from list 'migration-isolation': Migrations must not import application models. Application models will be the most recent schema for Forgejo, while migrations will be operating against the database schema that existed when they were authored. (depguard)
	user_model "forgejo.org/models/user"
	^
models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go:21:2: import 'forgejo.org/services/user' is not allowed from list 'migration-isolation': Migrations must not import application services. Application services will reference application models which will use the most recent schema for Forgejo, while migrations will be operating against the database schema that existed when they were authored. (depguard)
	user_service "forgejo.org/services/user"
```

Fixes an existing migration issue where it isn't possible to add a new column to the `User` table ([test errors that occur](https://codeberg.org/forgejo/forgejo/actions/runs/148633/jobs/10/attempt/1#jobstep-5-323)), but also guarantees that future migrations don't stumble into the same issue by inadvertently referencing live application code from historical migrations.

Originally identified and draft fix by @codecat w/ proposed fix in #11870.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Co-authored-by: Melissa Geels <melissa@nimble.tools>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11872
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .golangci.yml                                 | 19 +++++
 .../v14a_actions-approval-and-trust.go        | 15 +++-
 .../v14a_actions-approval-and-trust_test.go   | 27 +++----
 .../v14a_ap-change-fedi-handle-structure.go   | 80 ++++++++++++-------
 .../v14a_migrate_task_secrets.go              | 21 ++++-
 .../v14a_migrate_webhook_authorization.go     | 16 +++-
 ...v14a_migrate_webhook_authorization_test.go |  6 +-
 .../v14a_rework-notification.go               |  6 +-
 .../v14a_set_remote_user_prohibit_login.go    | 47 +++++++++--
 9 files changed, 172 insertions(+), 65 deletions(-)

diff --git a/.golangci.yml b/.golangci.yml
index 1d0dcb489f..de3f3a9255 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -45,6 +45,25 @@ linters:
               desc: use forgejo.org/modules/git instead, see https://codeberg.org/forgejo/forgejo/pulls/4941
             - pkg: gopkg.in/yaml.v3
               desc: use go.yaml.in/yaml instead, see https://codeberg.org/forgejo/forgejo/pulls/8956
+        migration-isolation:
+          list-mode: lax
+          files:
+            - "**/models/forgejo_migrations/**"
+          deny:
+            - pkg: "forgejo.org/models"
+              desc: >
+                Migrations must not import application models. Application models will be the most recent schema for
+                Forgejo, while migrations will be operating against the database schema that existed when they were
+                authored.
+            - pkg: "forgejo.org/services"
+              desc: >
+                Migrations must not import application services. Application services will reference application
+                models which will use the most recent schema for Forgejo, while migrations will be operating against the
+                database schema that existed when they were authored.
+          allow:
+            - "forgejo.org/models/db"
+            - "forgejo.org/models/gitea_migrations/base"
+            - "forgejo.org/models/gitea_migrations/test"
     gocritic:
       disabled-checks:
         - ifElseChain
diff --git a/models/forgejo_migrations/v14a_actions-approval-and-trust.go b/models/forgejo_migrations/v14a_actions-approval-and-trust.go
index 9f6691c4f0..f8be109dda 100644
--- a/models/forgejo_migrations/v14a_actions-approval-and-trust.go
+++ b/models/forgejo_migrations/v14a_actions-approval-and-trust.go
@@ -6,7 +6,6 @@ package forgejo_migrations
 import (
 	"context"
 
-	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/timeutil"
@@ -59,6 +58,18 @@ type v14ActionsApprovalAndTrustTrusted struct {
 }
 
 func v14ActionsApprovalAndTrustPopulateTableActionUser(x *xorm.Engine) error {
+	type ActionUser struct {
+		ID                      int64 `xorm:"pk autoincr"`
+		UserID                  int64 `xorm:"INDEX UNIQUE(action_user_index) REFERENCES(user, id)"`
+		RepoID                  int64 `xorm:"INDEX UNIQUE(action_user_index) REFERENCES(repository, id)"`
+		TrustedWithPullRequests bool
+		LastAccess              timeutil.TimeStamp `xorm:"INDEX"`
+	}
+	insertActionUser := func(ctx context.Context, user *ActionUser) error {
+		user.LastAccess = timeutil.TimeStampNow()
+		return db.Insert(ctx, user)
+	}
+
 	//
 	// Users approved once were trusted before and are trusted now.
 	//
@@ -87,7 +98,7 @@ func v14ActionsApprovalAndTrustPopulateTableActionUser(x *xorm.Engine) error {
 	if err := db.WithTx(db.DefaultContext, func(ctx context.Context) error {
 		for _, trusted := range trustedList {
 			log.Debug("v14a_actions-approval-and-trust: repository %d trusts user %d", trusted.RepoID, trusted.UserID)
-			if err := actions_model.InsertActionUser(ctx, &actions_model.ActionUser{
+			if err := insertActionUser(ctx, &ActionUser{
 				RepoID:                  trusted.RepoID,
 				UserID:                  trusted.UserID,
 				TrustedWithPullRequests: true,
diff --git a/models/forgejo_migrations/v14a_actions-approval-and-trust_test.go b/models/forgejo_migrations/v14a_actions-approval-and-trust_test.go
index c639a0d2e9..8ff1b1c066 100644
--- a/models/forgejo_migrations/v14a_actions-approval-and-trust_test.go
+++ b/models/forgejo_migrations/v14a_actions-approval-and-trust_test.go
@@ -7,11 +7,8 @@ import (
 	"testing"
 	"time"
 
-	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
 	migration_tests "forgejo.org/models/gitea_migrations/test"
-	repo_model "forgejo.org/models/repo"
-	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/timeutil"
 	webhook_module "forgejo.org/modules/webhook"
 
@@ -20,6 +17,9 @@ import (
 )
 
 func Test_v14ActionsApprovalAndTrustPopulateTableActionUser(t *testing.T) {
+	type ConcurrencyMode int
+	type Status int
+
 	type ActionUser struct {
 		ID     int64 `xorm:"pk autoincr"`
 		UserID int64 `xorm:"INDEX UNIQUE(action_user_index) REFERENCES(user, id)"`
@@ -32,21 +32,18 @@ func Test_v14ActionsApprovalAndTrustPopulateTableActionUser(t *testing.T) {
 	type ActionRun struct {
 		ID            int64
 		Title         string
-		RepoID        int64                  `xorm:"index unique(repo_index) index(concurrency)"`
-		Repo          *repo_model.Repository `xorm:"-"`
-		OwnerID       int64                  `xorm:"index"`
-		WorkflowID    string                 `xorm:"index"`                    // the name of workflow file
-		Index         int64                  `xorm:"index unique(repo_index)"` // a unique number for each run of a repository
-		TriggerUserID int64                  `xorm:"index"`
-		TriggerUser   *user_model.User       `xorm:"-"`
+		RepoID        int64  `xorm:"index unique(repo_index) index(concurrency)"`
+		OwnerID       int64  `xorm:"index"`
+		WorkflowID    string `xorm:"index"`                    // the name of workflow file
+		Index         int64  `xorm:"index unique(repo_index)"` // a unique number for each run of a repository
+		TriggerUserID int64  `xorm:"index"`
 		ScheduleID    int64
 		Ref           string `xorm:"index"` // the commit/tag/… that caused the run
-		IsRefDeleted  bool   `xorm:"-"`
 		CommitSHA     string
 		Event         webhook_module.HookEventType // the webhook event that causes the workflow to run
 		EventPayload  string                       `xorm:"LONGTEXT"`
 		TriggerEvent  string                       // the trigger event defined in the `on` configuration of the triggered workflow
-		Status        actions_model.Status         `xorm:"index"`
+		Status        Status                       `xorm:"index"`
 		Version       int                          `xorm:"version default 0"` // Status could be updated concomitantly, so an optimistic lock is needed
 		// Started and Stopped is used for recording last run time, if rerun happened, they will be reset to 0
 		Started timeutil.TimeStamp
@@ -65,7 +62,7 @@ func Test_v14ActionsApprovalAndTrustPopulateTableActionUser(t *testing.T) {
 		ApprovedBy          int64 `xorm:"index"`
 
 		ConcurrencyGroup string `xorm:"'concurrency_group' index(concurrency)"`
-		ConcurrencyType  actions_model.ConcurrencyMode
+		ConcurrencyType  ConcurrencyMode
 
 		PreExecutionError string `xorm:"LONGTEXT"` // used to report errors that blocked execution of a workflow
 	}
@@ -83,10 +80,10 @@ func Test_v14ActionsApprovalAndTrustPopulateTableActionUser(t *testing.T) {
 
 	require.NoError(t, v14ActionsApprovalAndTrustPopulateTableActionUser(x))
 
-	var users []*actions_model.ActionUser
+	var users []*ActionUser
 	require.NoError(t, db.GetEngine(t.Context()).Select("`repo_id`, `user_id`").OrderBy("`id`").Find(&users))
 	// See models/gitea_migrations/fixtures/Test_v14ActionsApprovalAndTrustPopulateTableActionUser/action_run.yml
-	assert.Equal(t, []*actions_model.ActionUser{
+	assert.Equal(t, []*ActionUser{
 		{
 			UserID: 3,
 			RepoID: 15,
diff --git a/models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go b/models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go
index fe0a68489a..a412ceb737 100644
--- a/models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go
+++ b/models/forgejo_migrations/v14a_ap-change-fedi-handle-structure.go
@@ -10,15 +10,14 @@ package forgejo_migrations
 
 import (
 	"context"
+	"database/sql"
 	"fmt"
 	"strings"
 
 	"forgejo.org/models/db"
-	"forgejo.org/models/forgefed"
-	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/validation"
-	user_service "forgejo.org/services/user"
 
 	"xorm.io/xorm"
 )
@@ -31,6 +30,42 @@ func init() {
 }
 
 func changeActivityPubUsernameFormat(x *xorm.Engine) error {
+	type FederationHost struct {
+		ID         int64              `xorm:"pk autoincr"`
+		HostFqdn   string             `xorm:"host_fqdn UNIQUE(federation_host) INDEX VARCHAR(255) NOT NULL"`
+		HostPort   uint16             `xorm:" UNIQUE(federation_host) INDEX NOT NULL DEFAULT 443"`
+		HostSchema string             `xorm:"NOT NULL DEFAULT 'https'"`
+		Created    timeutil.TimeStamp `xorm:"created"`
+		Updated    timeutil.TimeStamp `xorm:"updated"`
+	}
+	type FederatedUser struct {
+		ID                    int64                  `xorm:"pk autoincr"`
+		UserID                int64                  `xorm:"NOT NULL INDEX user_id"`
+		ExternalID            string                 `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
+		FederationHostID      int64                  `xorm:"UNIQUE(federation_user_mapping) NOT NULL"`
+		KeyID                 sql.NullString         `xorm:"key_id UNIQUE"`
+		PublicKey             sql.Null[sql.RawBytes] `xorm:"BLOB"`
+		InboxPath             string
+		NormalizedOriginalURL string // This field is just to keep original information. Pls. do not use for search or as ID!
+	}
+	type User struct {
+		ID          int64              `xorm:"pk autoincr"`
+		LowerName   string             `xorm:"UNIQUE NOT NULL"`
+		Name        string             `xorm:"UNIQUE NOT NULL"`
+		CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
+		UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
+	}
+	deleteFederatedUser := func(ctx context.Context, userID int64) error {
+		_, err := db.GetEngine(ctx).Delete(&FederatedUser{UserID: userID})
+		return err
+	}
+	userLogString := func(u *User) string {
+		if u == nil {
+			return "<User nil>"
+		}
+		return fmt.Sprintf("<User %d:%s>", u.ID, u.Name)
+	}
+
 	// Normally, the db.WithTx statement ensures that the database transaction (aka. all changes made
 	// by this migration) will only be committed if the SQL operations inside of the iteration
 	// (db.Iterate) don't return an error.
@@ -45,9 +80,9 @@ func changeActivityPubUsernameFormat(x *xorm.Engine) error {
 	// migrations at a later point and has been kept as-is.
 	return db.WithTx(db.DefaultContext, func(ctx context.Context) error {
 		// The transaction is committed only if modifying all federated users is possible.
-		return db.Iterate(ctx, nil, func(ctx context.Context, federatedUser *user_model.FederatedUser) error {
+		return db.Iterate(ctx, nil, func(ctx context.Context, federatedUser *FederatedUser) error {
 			// localUser represents the "local" representation of an ActivityPub (federated) user
-			localUser := &user_model.User{}
+			localUser := &User{}
 			has, err := db.GetEngine(ctx).ID(federatedUser.UserID).Get(localUser)
 			if err != nil {
 				log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while getting local user (ID: %d), ignoring...: %e", federatedUser.UserID, err)
@@ -56,7 +91,7 @@ func changeActivityPubUsernameFormat(x *xorm.Engine) error {
 
 			if !has {
 				log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: User missing for federated user: %v", federatedUser)
-				err := user_model.DeleteFederatedUser(ctx, federatedUser.UserID)
+				err := deleteFederatedUser(ctx, federatedUser.UserID)
 				if err != nil {
 					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while deleting federated user (%s), ignoring...: %e", federatedUser, err)
 					return nil
@@ -68,24 +103,13 @@ func changeActivityPubUsernameFormat(x *xorm.Engine) error {
 			} else {
 				// Copied from models/forgefed/federationhost_repository.go (forgefed.GetFederationHost),
 				// minus some validation code for FederationHost which we do not otherwise manipulate here.
-				federationHost := new(forgefed.FederationHost)
+				federationHost := new(FederationHost)
 				has, err := db.GetEngine(ctx).ID(federatedUser.FederationHostID).Get(federationHost)
 				if err != nil {
 					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while looking up federation host info (for %v), ignoring...: %e", federatedUser, err)
 					return nil
 				} else if !has {
-					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Federation host for federated user missing, deleting: %v", federatedUser)
-					err := user_model.DeleteFederatedUser(ctx, federatedUser.UserID)
-					if err != nil {
-						log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while deleting federated user (%v), ignoring...: %e", federatedUser, err)
-						return nil
-					}
-
-					err = user_service.DeleteUser(ctx, localUser, true)
-					if err != nil {
-						log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while deleting user (%s), ignoring...: %v", localUser.LogString(), err)
-					}
-
+					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Federation host for federated user %s is missing", federatedUser)
 					return nil
 				}
 
@@ -117,10 +141,10 @@ func changeActivityPubUsernameFormat(x *xorm.Engine) error {
 
 				// Implicitly assumes that there won't be a lower name unique constraint violation.
 				// Potentially a bit paranoid, but why not?
-				userThatShouldntExist := &user_model.User{}
+				userThatShouldntExist := &User{}
 				lowernameTaken, err := db.GetEngine(ctx).Where("lower_name = ?", strings.ToLower(newUsername)).Table("user").Get(userThatShouldntExist)
 				if err != nil {
-					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred, skipping migration of %s: %e", localUser.LogString(), err)
+					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred, skipping migration of %s: %e", userLogString(localUser), err)
 					return nil
 				}
 
@@ -128,23 +152,23 @@ func changeActivityPubUsernameFormat(x *xorm.Engine) error {
 					log.Warn(
 						"Migration[v14a_ap-change-fedi-handle-structure]: New username %s for %s already taken by %s, deleting the former...",
 						newUsername,
-						localUser.LogString(),
-						userThatShouldntExist.LogString(),
+						userLogString(localUser),
+						userLogString(userThatShouldntExist),
 					)
-					err := user_model.DeleteFederatedUser(ctx, localUser.ID)
+					err := deleteFederatedUser(ctx, localUser.ID)
 					if err != nil {
-						log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while deleting federated user (%s), ignoring...: %e", localUser.LogString(), err)
+						log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred while deleting federated user (%s), ignoring...: %e", userLogString(localUser), err)
 					}
 					return nil
 				}
 
 				// Safe to assume that the following operations should just work now.
-				log.Info("Migration[v14a_ap-change-fedi-handle-structure]: Updating username of %s to %s", localUser.LogString(), newUsername)
-				if _, err := db.GetEngine(ctx).ID(localUser.ID).Cols("lower_name", "name").Update(&user_model.User{
+				log.Info("Migration[v14a_ap-change-fedi-handle-structure]: Updating username of %s to %s", userLogString(localUser), newUsername)
+				if _, err := db.GetEngine(ctx).ID(localUser.ID).Cols("lower_name", "name").Update(&User{
 					LowerName: strings.ToLower(newUsername),
 					Name:      newUsername,
 				}); err != nil {
-					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred when updating federated user's username (%s), ignoring...: %e", localUser.LogString(), err)
+					log.Warn("Migration[v14a_ap-change-fedi-handle-structure]: Database error occurred when updating federated user's username (%s), ignoring...: %e", userLogString(localUser), err)
 					return nil
 				}
 			}
diff --git a/models/forgejo_migrations/v14a_migrate_task_secrets.go b/models/forgejo_migrations/v14a_migrate_task_secrets.go
index a177dff92a..3484a024b2 100644
--- a/models/forgejo_migrations/v14a_migrate_task_secrets.go
+++ b/models/forgejo_migrations/v14a_migrate_task_secrets.go
@@ -8,7 +8,6 @@ import (
 	"encoding/base64"
 	"fmt"
 
-	admin_model "forgejo.org/models/admin"
 	"forgejo.org/models/db"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/keying"
@@ -17,6 +16,7 @@ import (
 	"forgejo.org/modules/secret"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/structs"
+	"forgejo.org/modules/timeutil"
 
 	"xorm.io/builder"
 	"xorm.io/xorm"
@@ -30,6 +30,19 @@ func init() {
 }
 
 func migrateTaskSecrets(x *xorm.Engine) error {
+	type Task struct {
+		ID             int64
+		DoerID         int64              `xorm:"index"`
+		OwnerID        int64              `xorm:"index"`
+		RepoID         int64              `xorm:"index"`
+		PayloadContent string             `xorm:"TEXT"`
+		Created        timeutil.TimeStamp `xorm:"created"`
+	}
+	taskUpdateCols := func(ctx context.Context, task *Task, cols ...string) error {
+		_, err := db.GetEngine(ctx).ID(task.ID).Cols(cols...).Update(task)
+		return err
+	}
+
 	return db.WithTx(db.DefaultContext, func(ctx context.Context) error {
 		sess := db.GetEngine(ctx)
 
@@ -39,7 +52,7 @@ func migrateTaskSecrets(x *xorm.Engine) error {
 		messages := make([]string, 0, 100)
 		ids := make([]int64, 0, 100)
 
-		err := db.Iterate(ctx, builder.Eq{"type": structs.TaskTypeMigrateRepo}, func(ctx context.Context, bean *admin_model.Task) error {
+		err := db.Iterate(ctx, builder.Eq{"type": structs.TaskTypeMigrateRepo}, func(ctx context.Context, bean *Task) error {
 			var opts migration.MigrateOptions
 			err := json.Unmarshal([]byte(bean.PayloadContent), &opts)
 			if err != nil {
@@ -96,7 +109,7 @@ func migrateTaskSecrets(x *xorm.Engine) error {
 			}
 			bean.PayloadContent = string(bs)
 
-			return bean.UpdateCols(ctx, "payload_content")
+			return taskUpdateCols(ctx, bean, "payload_content")
 		})
 
 		if err == nil {
@@ -106,7 +119,7 @@ func migrateTaskSecrets(x *xorm.Engine) error {
 					log.Error("v14a_migrate_task_secrets: %s", message)
 				}
 
-				_, err = sess.In("id", ids).NoAutoCondition().NoAutoTime().Delete(&admin_model.Task{})
+				_, err = sess.In("id", ids).NoAutoCondition().NoAutoTime().Delete(&Task{})
 			}
 		}
 		return err
diff --git a/models/forgejo_migrations/v14a_migrate_webhook_authorization.go b/models/forgejo_migrations/v14a_migrate_webhook_authorization.go
index 738841eb2b..5921329b3e 100644
--- a/models/forgejo_migrations/v14a_migrate_webhook_authorization.go
+++ b/models/forgejo_migrations/v14a_migrate_webhook_authorization.go
@@ -8,11 +8,11 @@ import (
 	"fmt"
 
 	"forgejo.org/models/db"
-	webhook_model "forgejo.org/models/webhook"
 	"forgejo.org/modules/keying"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/secret"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/timeutil"
 
 	"xorm.io/xorm"
 	"xorm.io/xorm/schemas"
@@ -26,6 +26,16 @@ func init() {
 }
 
 func migrateWebhookSecrets(x *xorm.Engine) error {
+	type Webhook struct {
+		ID                           int64  `xorm:"pk autoincr"`
+		RepoID                       int64  `xorm:"INDEX"` // An ID of 0 indicates either a default or system webhook
+		OwnerID                      int64  `xorm:"INDEX"`
+		HeaderAuthorizationEncrypted []byte `xorm:"BLOB"`
+
+		CreatedUnix timeutil.TimeStamp `xorm:"INDEX created"`
+		UpdatedUnix timeutil.TimeStamp `xorm:"INDEX updated"`
+	}
+
 	return db.WithTx(db.DefaultContext, func(ctx context.Context) error {
 		sess := db.GetEngine(ctx)
 
@@ -59,7 +69,7 @@ func migrateWebhookSecrets(x *xorm.Engine) error {
 		messages := make([]string, 0, 100)
 		ids := make([]int64, 0, 100)
 
-		err := db.Iterate(ctx, nil, func(ctx context.Context, bean *webhook_model.Webhook) error {
+		err := db.Iterate(ctx, nil, func(ctx context.Context, bean *Webhook) error {
 			if len(bean.HeaderAuthorizationEncrypted) == 0 {
 				return nil
 			}
@@ -83,7 +93,7 @@ func migrateWebhookSecrets(x *xorm.Engine) error {
 					log.Error("migration[v14a_migrate_webhook_authorization]: %s", message)
 				}
 
-				_, err = sess.In("id", ids).NoAutoCondition().NoAutoTime().Delete(&webhook_model.Webhook{})
+				_, err = sess.In("id", ids).NoAutoCondition().NoAutoTime().Delete(&Webhook{})
 			}
 		}
 		return err
diff --git a/models/forgejo_migrations/v14a_migrate_webhook_authorization_test.go b/models/forgejo_migrations/v14a_migrate_webhook_authorization_test.go
index 0b5701c88c..9da06f4baf 100644
--- a/models/forgejo_migrations/v14a_migrate_webhook_authorization_test.go
+++ b/models/forgejo_migrations/v14a_migrate_webhook_authorization_test.go
@@ -7,7 +7,6 @@ import (
 	"testing"
 
 	migration_tests "forgejo.org/models/gitea_migrations/test"
-	webhook_model "forgejo.org/models/webhook"
 	"forgejo.org/modules/keying"
 	"forgejo.org/modules/timeutil"
 	webhook_module "forgejo.org/modules/webhook"
@@ -17,6 +16,7 @@ import (
 )
 
 func Test_MigrateWebhookSecrets(t *testing.T) {
+	type HookContentType int
 	type Webhook struct {
 		ID              int64 `xorm:"pk autoincr"`
 		RepoID          int64 `xorm:"INDEX"`
@@ -24,7 +24,7 @@ func Test_MigrateWebhookSecrets(t *testing.T) {
 		IsSystemWebhook bool
 		URL             string `xorm:"url TEXT"`
 		HTTPMethod      string `xorm:"http_method"`
-		ContentType     webhook_model.HookContentType
+		ContentType     HookContentType
 		Secret          string                  `xorm:"TEXT"`
 		Events          string                  `xorm:"TEXT"`
 		IsActive        bool                    `xorm:"INDEX"`
@@ -45,7 +45,7 @@ func Test_MigrateWebhookSecrets(t *testing.T) {
 		IsSystemWebhook bool
 		URL             string `xorm:"url TEXT"`
 		HTTPMethod      string `xorm:"http_method"`
-		ContentType     webhook_model.HookContentType
+		ContentType     HookContentType
 		Secret          string                  `xorm:"TEXT"`
 		Events          string                  `xorm:"TEXT"`
 		IsActive        bool                    `xorm:"INDEX"`
diff --git a/models/forgejo_migrations/v14a_rework-notification.go b/models/forgejo_migrations/v14a_rework-notification.go
index 77ae79d86f..04303559e8 100644
--- a/models/forgejo_migrations/v14a_rework-notification.go
+++ b/models/forgejo_migrations/v14a_rework-notification.go
@@ -4,7 +4,6 @@
 package forgejo_migrations
 
 import (
-	activities_model "forgejo.org/models/activities"
 	"forgejo.org/modules/setting"
 
 	"xorm.io/xorm"
@@ -18,9 +17,10 @@ func init() {
 }
 
 func reworkNotification(x *xorm.Engine) error {
+	type NotificationStatus uint8
 	type Notification struct {
-		UserID int64                               `xorm:"NOT NULL INDEX(s)"`
-		Status activities_model.NotificationStatus `xorm:"SMALLINT NOT NULL INDEX(s)"`
+		UserID int64              `xorm:"NOT NULL INDEX(s)"`
+		Status NotificationStatus `xorm:"SMALLINT NOT NULL INDEX(s)"`
 	}
 
 	if err := dropIndexIfExists(x, "notification", "IDX_notification_user_id"); err != nil {
diff --git a/models/forgejo_migrations/v14a_set_remote_user_prohibit_login.go b/models/forgejo_migrations/v14a_set_remote_user_prohibit_login.go
index 3575dad832..9f453e05f3 100644
--- a/models/forgejo_migrations/v14a_set_remote_user_prohibit_login.go
+++ b/models/forgejo_migrations/v14a_set_remote_user_prohibit_login.go
@@ -5,10 +5,11 @@ package forgejo_migrations
 
 import (
 	"context"
+	"fmt"
 
 	"forgejo.org/models/db"
-	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/timeutil"
 
 	"xorm.io/builder"
 	"xorm.io/xorm"
@@ -22,13 +23,45 @@ func init() {
 }
 
 func setProhibitLoginActivityPubUser(x *xorm.Engine) error {
+	type UserType int
+	const (
+		UserTypeIndividual           UserType = iota // Historic reason to make it starts at 0.
+		UserTypeOrganization                         // 1
+		UserTypeUserReserved                         // 2
+		UserTypeOrganizationReserved                 // 3
+		UserTypeBot                                  // 4
+		UserTypeRemoteUser                           // 5
+		UserTypeActivityPubUser                      // 6
+	)
+	type User struct {
+		ID             int64  `xorm:"pk autoincr"`
+		Name           string `xorm:"UNIQUE NOT NULL"`
+		Passwd         string `xorm:"NOT NULL"`
+		PasswdHashAlgo string `xorm:"NOT NULL DEFAULT 'argon2'"`
+		Type           UserType
+		Salt           string             `xorm:"VARCHAR(32)"`
+		CreatedUnix    timeutil.TimeStamp `xorm:"INDEX created"`
+		UpdatedUnix    timeutil.TimeStamp `xorm:"INDEX updated"`
+		ProhibitLogin  bool               `xorm:"NOT NULL DEFAULT false"`
+	}
+	type FederatedUser struct {
+		UserID int64 `xorm:"NOT NULL INDEX user_id"`
+	}
+
+	userLogString := func(u *User) string {
+		if u == nil {
+			return "<User nil>"
+		}
+		return fmt.Sprintf("<User %d:%s>", u.ID, u.Name)
+	}
+
 	return db.WithTx(db.DefaultContext, func(ctx context.Context) error {
-		return db.Iterate(ctx, builder.Eq{"type": 5}, func(ctx context.Context, user *user_model.User) error {
-			log.Info("Checking if user %s is created from ActivityPub", user.LogString())
+		return db.Iterate(ctx, builder.Eq{"type": 5}, func(ctx context.Context, user *User) error {
+			log.Info("Checking if user %s is created from ActivityPub", userLogString(user))
 
 			// Users created from f3 also have the RemoteUser user type. All
 			// FederatedUser should reference exactly one User.
-			has, err := db.GetEngine(ctx).Table("federated_user").Get(&user_model.FederatedUser{UserID: user.ID})
+			has, err := db.GetEngine(ctx).Table("federated_user").Get(&FederatedUser{UserID: user.ID})
 			if err != nil {
 				return err
 			}
@@ -37,9 +70,9 @@ func setProhibitLoginActivityPubUser(x *xorm.Engine) error {
 				return nil
 			}
 
-			log.Info("Updating user %s", user.LogString())
-			_, err = db.GetEngine(ctx).Table("user").ID(user.ID).Cols("type", "prohibit_login", "passwd", "salt", "passwd_hash_algo").Update(&user_model.User{
-				Type:           user_model.UserTypeActivityPubUser,
+			log.Info("Updating user %s", userLogString(user))
+			_, err = db.GetEngine(ctx).Table("user").ID(user.ID).Cols("type", "prohibit_login", "passwd", "salt", "passwd_hash_algo").Update(&User{
+				Type:           UserTypeActivityPubUser,
 				ProhibitLogin:  true,
 				Passwd:         "",
 				Salt:           "",

From 2176403a8d925515e54c5f5dbdd5ebb6c25136f2 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 31 Mar 2026 03:54:28 +0200
Subject: [PATCH 589/854] fix: unique key violation in first-time concurrent
 debian package uploads to a user (#11881)

Fixes an intermittent test failure in `TestPackageDebianConcurrent`, [example](https://codeberg.org/forgejo/forgejo/actions/runs/148747/jobs/9/attempt/1#jobstep-5-981), introduced by testing in #11776.  This one is caused by duplicate writes to `user_setting` to store a GPG key (questionable place for that...).

Confirmed reproduced in local testing and test now passes:
```
=== TestPackageDebianConcurrent (tests/test_utils.go:344)
=== TestPackageDebianConcurrent/Concurrent_Upload (tests/integration/api_packages_debian_test.go:334)
... other duplicate key violations ...
// TestPackageDebianConcurrent/Concurrent_Upload
	"2026/03/29 10:31:57 ...dels/user/setting.go:210:func1() [E] [Error SQL Query] INSERT INTO \"gtestschema\".\"user_setting\" (\"user_id\",\"setting_key\",\"setting_value\") VALUES ($1,$2,$3) RETURNING \"id\" [2 debian.key.private -----BEGIN PGP PRIVATE KEY BLOCK-----\n\n...snip...\n-----END PGP PRIVATE KEY BLOCK-----] - ERROR: duplicate key value violates unique constraint \"UQE_user_setting_key_userid\" (SQLSTATE 23505)",
PASS
```

No additional test required as it is already tripping a test failure.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. (already present and failing)
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11881
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 services/packages/debian/repository.go | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/services/packages/debian/repository.go b/services/packages/debian/repository.go
index a8a401662e..ab8c4fdc45 100644
--- a/services/packages/debian/repository.go
+++ b/services/packages/debian/repository.go
@@ -14,6 +14,7 @@ import (
 	"strings"
 	"time"
 
+	"forgejo.org/models/db"
 	packages_model "forgejo.org/models/packages"
 	debian_model "forgejo.org/models/packages/debian"
 	user_model "forgejo.org/models/user"
@@ -28,6 +29,7 @@ import (
 	"github.com/ProtonMail/go-crypto/openpgp/clearsign"
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 	"github.com/ulikunitz/xz"
+	"xorm.io/xorm"
 )
 
 // GetOrCreateRepositoryVersion gets or creates the internal repository package
@@ -308,7 +310,21 @@ func buildReleaseFiles(ctx context.Context, ownerID int64, repoVersion *packages
 
 	sort.Strings(architectures)
 
-	priv, _, err := GetOrCreateKeyPair(ctx, ownerID)
+	// ErrUniqueConstraintViolation can occur rarely when two concurrent updates occur to the same organization and
+	// `GetOrCreateKeyPair` ends up being invoked simulatneously, which writes to `user_setting` to store a GPG key for
+	// the `Release.gpg` file.  In that event, retry the rebuild.
+	//
+	// See comment in package services' createPackageAndAddFile for why we cannot recover from the error in any other
+	// way.
+	var priv string
+	err = db.RetryTx(ctx, db.RetryConfig{
+		// A single retry is sufficient the user/org's key pair would have been created by the first successful tx.
+		AttemptCount: 2,
+		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation},
+	}, func(ctx context.Context) error {
+		priv, _, err = GetOrCreateKeyPair(ctx, ownerID)
+		return err
+	})
 	if err != nil {
 		return err
 	}

From 939a3ada66e7e74fe6a9690102aaf1e74cdee596 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 31 Mar 2026 05:02:59 +0200
Subject: [PATCH 590/854] Update dependency vue to v3.5.31 (forgejo) (#11871)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 150 +++++++++++++++++++++++++++-------------------
 package.json      |   2 +-
 2 files changed, 90 insertions(+), 62 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 1f34b34913..5670aec7a0 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -73,7 +73,7 @@
         "tributejs": "5.1.3",
         "uint8-to-base64": "0.2.1",
         "vanilla-colorful": "0.7.2",
-        "vue": "3.5.28",
+        "vue": "3.5.31",
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
@@ -214,9 +214,9 @@
       }
     },
     "node_modules/@babel/parser": {
-      "version": "7.29.0",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.0.tgz",
-      "integrity": "sha512-IyDgFV5GeDUVX4YdF/3CPULtVGSXXMLh1xVIgdCgxApktqnQV0r7/8Nqthg+8YLGaAtdyIlo2qIdZrbCv4+7ww==",
+      "version": "7.29.2",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.2.tgz",
+      "integrity": "sha512-4GgRzy/+fsBa72/RZVJmGKPmZu9Byn8o4MoLpmNe1m8ZfYnz5emHLQz3U4gLud6Zwl0RZIcgiLD7Uq7ySFuDLA==",
       "license": "MIT",
       "dependencies": {
         "@babel/types": "^7.29.0"
@@ -5040,13 +5040,13 @@
       }
     },
     "node_modules/@vue/compiler-core": {
-      "version": "3.5.28",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.28.tgz",
-      "integrity": "sha512-kviccYxTgoE8n6OCw96BNdYlBg2GOWfBuOW4Vqwrt7mSKWKwFVvI8egdTltqRgITGPsTFYtKYfxIG8ptX2PJHQ==",
+      "version": "3.5.31",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.31.tgz",
+      "integrity": "sha512-k/ueL14aNIEy5Onf0OVzR8kiqF/WThgLdFhxwa4e/KF/0qe38IwIdofoSWBTvvxQOesaz6riAFAUaYjoF9fLLQ==",
       "license": "MIT",
       "dependencies": {
-        "@babel/parser": "^7.29.0",
-        "@vue/shared": "3.5.28",
+        "@babel/parser": "^7.29.2",
+        "@vue/shared": "3.5.31",
         "entities": "^7.0.1",
         "estree-walker": "^2.0.2",
         "source-map-js": "^1.2.1"
@@ -5065,29 +5065,29 @@
       }
     },
     "node_modules/@vue/compiler-dom": {
-      "version": "3.5.28",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.28.tgz",
-      "integrity": "sha512-/1ZepxAb159jKR1btkefDP+J2xuWL5V3WtleRmxaT+K2Aqiek/Ab/+Ebrw2pPj0sdHO8ViAyyJWfhXXOP/+LQA==",
+      "version": "3.5.31",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.31.tgz",
+      "integrity": "sha512-BMY/ozS/xxjYqRFL+tKdRpATJYDTTgWSo0+AJvJNg4ig+Hgb0dOsHPXvloHQ5hmlivUqw1Yt2pPIqp4e0v1GUw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-core": "3.5.28",
-        "@vue/shared": "3.5.28"
+        "@vue/compiler-core": "3.5.31",
+        "@vue/shared": "3.5.31"
       }
     },
     "node_modules/@vue/compiler-sfc": {
-      "version": "3.5.28",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.28.tgz",
-      "integrity": "sha512-6TnKMiNkd6u6VeVDhZn/07KhEZuBSn43Wd2No5zaP5s3xm8IqFTHBj84HJah4UepSUJTro5SoqqlOY22FKY96g==",
+      "version": "3.5.31",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.31.tgz",
+      "integrity": "sha512-M8wpPgR9UJ8MiRGjppvx9uWJfLV7A/T+/rL8s/y3QG3u0c2/YZgff3d6SuimKRIhcYnWg5fTfDMlz2E6seUW8Q==",
       "license": "MIT",
       "dependencies": {
-        "@babel/parser": "^7.29.0",
-        "@vue/compiler-core": "3.5.28",
-        "@vue/compiler-dom": "3.5.28",
-        "@vue/compiler-ssr": "3.5.28",
-        "@vue/shared": "3.5.28",
+        "@babel/parser": "^7.29.2",
+        "@vue/compiler-core": "3.5.31",
+        "@vue/compiler-dom": "3.5.31",
+        "@vue/compiler-ssr": "3.5.31",
+        "@vue/shared": "3.5.31",
         "estree-walker": "^2.0.2",
         "magic-string": "^0.30.21",
-        "postcss": "^8.5.6",
+        "postcss": "^8.5.8",
         "source-map-js": "^1.2.1"
       }
     },
@@ -5100,64 +5100,92 @@
         "@jridgewell/sourcemap-codec": "^1.5.5"
       }
     },
-    "node_modules/@vue/compiler-ssr": {
-      "version": "3.5.28",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.28.tgz",
-      "integrity": "sha512-JCq//9w1qmC6UGLWJX7RXzrGpKkroubey/ZFqTpvEIDJEKGgntuDMqkuWiZvzTzTA5h2qZvFBFHY7fAAa9475g==",
+    "node_modules/@vue/compiler-sfc/node_modules/postcss": {
+      "version": "8.5.8",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.8.tgz",
+      "integrity": "sha512-OW/rX8O/jXnm82Ey1k44pObPtdblfiuWnrd8X7GJ7emImCOstunGbXUpp7HdBrFQX6rJzn3sPT397Wp5aCwCHg==",
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/postcss"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.28",
-        "@vue/shared": "3.5.28"
+        "nanoid": "^3.3.11",
+        "picocolors": "^1.1.1",
+        "source-map-js": "^1.2.1"
+      },
+      "engines": {
+        "node": "^10 || ^12 || >=14"
+      }
+    },
+    "node_modules/@vue/compiler-ssr": {
+      "version": "3.5.31",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.31.tgz",
+      "integrity": "sha512-h0xIMxrt/LHOvJKMri+vdYT92BrK3HFLtDqq9Pr/lVVfE4IyKZKvWf0vJFW10Yr6nX02OR4MkJwI0c1HDa1hog==",
+      "license": "MIT",
+      "dependencies": {
+        "@vue/compiler-dom": "3.5.31",
+        "@vue/shared": "3.5.31"
       }
     },
     "node_modules/@vue/reactivity": {
-      "version": "3.5.28",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.28.tgz",
-      "integrity": "sha512-gr5hEsxvn+RNyu9/9o1WtdYdwDjg5FgjUSBEkZWqgTKlo/fvwZ2+8W6AfKsc9YN2k/+iHYdS9vZYAhpi10kNaw==",
+      "version": "3.5.31",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.31.tgz",
+      "integrity": "sha512-DtKXxk9E/KuVvt8VxWu+6Luc9I9ETNcqR1T1oW1gf02nXaZ1kuAx58oVu7uX9XxJR0iJCro6fqBLw9oSBELo5g==",
       "license": "MIT",
       "dependencies": {
-        "@vue/shared": "3.5.28"
+        "@vue/shared": "3.5.31"
       }
     },
     "node_modules/@vue/runtime-core": {
-      "version": "3.5.28",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.28.tgz",
-      "integrity": "sha512-POVHTdbgnrBBIpnbYU4y7pOMNlPn2QVxVzkvEA2pEgvzbelQq4ZOUxbp2oiyo+BOtiYlm8Q44wShHJoBvDPAjQ==",
+      "version": "3.5.31",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.31.tgz",
+      "integrity": "sha512-AZPmIHXEAyhpkmN7aWlqjSfYynmkWlluDNPHMCZKFHH+lLtxP/30UJmoVhXmbDoP1Ng0jG0fyY2zCj1PnSSA6Q==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.28",
-        "@vue/shared": "3.5.28"
+        "@vue/reactivity": "3.5.31",
+        "@vue/shared": "3.5.31"
       }
     },
     "node_modules/@vue/runtime-dom": {
-      "version": "3.5.28",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.28.tgz",
-      "integrity": "sha512-4SXxSF8SXYMuhAIkT+eBRqOkWEfPu6nhccrzrkioA6l0boiq7sp18HCOov9qWJA5HML61kW8p/cB4MmBiG9dSA==",
+      "version": "3.5.31",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.31.tgz",
+      "integrity": "sha512-xQJsNRmGPeDCJq/u813tyonNgWBFjzfVkBwDREdEWndBnGdHLHgkwNBQxLtg4zDrzKTEcnikUy1UUNecb3lJ6g==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.28",
-        "@vue/runtime-core": "3.5.28",
-        "@vue/shared": "3.5.28",
+        "@vue/reactivity": "3.5.31",
+        "@vue/runtime-core": "3.5.31",
+        "@vue/shared": "3.5.31",
         "csstype": "^3.2.3"
       }
     },
     "node_modules/@vue/server-renderer": {
-      "version": "3.5.28",
-      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.28.tgz",
-      "integrity": "sha512-pf+5ECKGj8fX95bNincbzJ6yp6nyzuLDhYZCeFxUNp8EBrQpPpQaLX3nNCp49+UbgbPun3CeVE+5CXVV1Xydfg==",
+      "version": "3.5.31",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.31.tgz",
+      "integrity": "sha512-GJuwRvMcdZX/CriUnyIIOGkx3rMV3H6sOu0JhdKbduaeCji6zb60iOGMY7tFoN24NfsUYoFBhshZtGxGpxO4iA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-ssr": "3.5.28",
-        "@vue/shared": "3.5.28"
+        "@vue/compiler-ssr": "3.5.31",
+        "@vue/shared": "3.5.31"
       },
       "peerDependencies": {
-        "vue": "3.5.28"
+        "vue": "3.5.31"
       }
     },
     "node_modules/@vue/shared": {
-      "version": "3.5.28",
-      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.28.tgz",
-      "integrity": "sha512-cfWa1fCGBxrvaHRhvV3Is0MgmrbSCxYTXCSCau2I0a1Xw1N1pHAvkWCiXPRAqjvToILvguNyEwjevUqAuBQWvQ==",
+      "version": "3.5.31",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.31.tgz",
+      "integrity": "sha512-nBxuiuS9Lj5bPkPbWogPUnjxxWpkRniX7e5UBQDWl6Fsf4roq9wwV+cR7ezQ4zXswNvPIlsdj1slcLB7XCsRAw==",
       "license": "MIT"
     },
     "node_modules/@vue/test-utils": {
@@ -15704,16 +15732,16 @@
       "license": "MIT"
     },
     "node_modules/vue": {
-      "version": "3.5.28",
-      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.28.tgz",
-      "integrity": "sha512-BRdrNfeoccSoIZeIhyPBfvWSLFP4q8J3u8Ju8Ug5vu3LdD+yTM13Sg4sKtljxozbnuMu1NB1X5HBHRYUzFocKg==",
+      "version": "3.5.31",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.31.tgz",
+      "integrity": "sha512-iV/sU9SzOlmA/0tygSmjkEN6Jbs3nPoIPFhCMLD2STrjgOU8DX7ZtzMhg4ahVwf5Rp9KoFzcXeB1ZrVbLBp5/Q==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.28",
-        "@vue/compiler-sfc": "3.5.28",
-        "@vue/runtime-dom": "3.5.28",
-        "@vue/server-renderer": "3.5.28",
-        "@vue/shared": "3.5.28"
+        "@vue/compiler-dom": "3.5.31",
+        "@vue/compiler-sfc": "3.5.31",
+        "@vue/runtime-dom": "3.5.31",
+        "@vue/server-renderer": "3.5.31",
+        "@vue/shared": "3.5.31"
       },
       "peerDependencies": {
         "typescript": "*"
diff --git a/package.json b/package.json
index 321396bf9c..cb1dd3014d 100644
--- a/package.json
+++ b/package.json
@@ -72,7 +72,7 @@
     "tributejs": "5.1.3",
     "uint8-to-base64": "0.2.1",
     "vanilla-colorful": "0.7.2",
-    "vue": "3.5.28",
+    "vue": "3.5.31",
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",

From a9bd068d00be473fdeb424cc948022e08e12b98c Mon Sep 17 00:00:00 2001
From: doasu <me@doasu.dev>
Date: Tue, 31 Mar 2026 21:51:57 +0200
Subject: [PATCH 591/854] fix: URL-encode login provider name in the `href`
 attribute (#10301)

The authentication provider's name (`$provider.DisplayName`) is not URL-encoded, so any illegal characters (e.g., '/') will be put in the link's href attribute verbatim.
For example, if the provider's name is `foo/bar` (valid name), the href attribute will point to `/user/oauth2/foo/bar` instead of `/user/oauth2/foo%2Fbar`, resulting in a "404 Not found" error.

This patch fixes this behaviour by URL-encoding the provider's DisplayName before appending it to the href attribute.

Signed-off-by: doasu <me@doasu.dev>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10301
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: doasu <me@doasu.dev>
Co-committed-by: doasu <me@doasu.dev>
---
 templates/user/auth/oauth_container.tmpl |  2 +-
 tests/integration/signin_test.go         | 30 ++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/templates/user/auth/oauth_container.tmpl b/templates/user/auth/oauth_container.tmpl
index 7531320394..a50ca5f612 100644
--- a/templates/user/auth/oauth_container.tmpl
+++ b/templates/user/auth/oauth_container.tmpl
@@ -8,7 +8,7 @@
 	<div class="tw-flex tw-flex-col tw-justify-center">
 		<div id="oauth2-login-navigator-inner" class="tw-flex tw-flex-col tw-flex-wrap tw-items-center tw-gap-2">
 			{{range $provider := .OAuth2Providers}}
-				<a class="{{$provider.Name}} ui button tw-flex tw-items-center tw-justify-center tw-py-2 tw-w-full oauth-login-link" href="{{AppSubUrl}}/user/oauth2/{{$provider.DisplayName}}">
+				<a class="{{$provider.Name}} ui button tw-flex tw-items-center tw-justify-center tw-py-2 tw-w-full oauth-login-link" href="{{AppSubUrl}}/user/oauth2/{{$provider.DisplayName | PathEscape}}">
 					{{$provider.IconHTML 28}}
 					{{ctx.Locale.Tr "sign_in_with_provider" $provider.DisplayName}}
 				</a>
diff --git a/tests/integration/signin_test.go b/tests/integration/signin_test.go
index c9b2d6ed1c..0367bedd6e 100644
--- a/tests/integration/signin_test.go
+++ b/tests/integration/signin_test.go
@@ -97,6 +97,36 @@ func TestSigninWithRememberMe(t *testing.T) {
 	session.MakeRequest(t, req, http.StatusOK)
 }
 
+func TestProviderDisplayNameIsPathEscaped(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	testCases := []string{
+		"sla/shed",
+		"per%cent",
+		"que?ry=string",
+		"ha#sh",
+		"spa ce",     // doesn't break the path
+		"pl+us",      // unchanged by url.PathEscape
+		"amper&sand", // unchanged by url.PathEscape
+	}
+
+	for _, testCase := range testCases {
+		// GitLab is only used here for convenience.
+		addAuthSource(t, authSourcePayloadGitLabCustom(testCase))
+	}
+
+	request := NewRequest(t, "GET", "/user/login")
+	response := MakeRequest(t, request, http.StatusOK)
+	htmlDoc := NewHTMLParser(t, response.Body)
+
+	for _, testCase := range testCases {
+		t.Run(testCase, func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			htmlDoc.AssertElement(t, fmt.Sprintf("a.oauth-login-link[href='/user/oauth2/%s']", url.PathEscape(testCase)), true)
+		})
+	}
+}
+
 func TestDisableSignin(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	// Mock alternative auth ways as enabled

From 676940a853aabfcfa24d5ec7d2b9f2e2ed4c13ed Mon Sep 17 00:00:00 2001
From: Henry Catalini Smith <henry@catalinismith.se>
Date: Tue, 31 Mar 2026 23:02:10 +0200
Subject: [PATCH 592/854] Add aria-current="page" to active navbar items
 (#11887)

By setting `aria-current="page"` on the active navbar item we make the information about which one corresponds to the current page available in a non-visual way. Both the attached screen recordings were produced on http://localhost:3000/pulls, so the "Pull requests" link is the active one. In `before.mp4` all the links are announced identically, and in `after.mp4` the "Pull requests" link is announced like this.

> current page, visited, link, Pull requests

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11887
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Henry Catalini Smith <henry@catalinismith.se>
Co-committed-by: Henry Catalini Smith <henry@catalinismith.se>
---
 templates/base/head_navbar.tmpl | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/templates/base/head_navbar.tmpl b/templates/base/head_navbar.tmpl
index e4627451cd..f7405a743e 100644
--- a/templates/base/head_navbar.tmpl
+++ b/templates/base/head_navbar.tmpl
@@ -28,21 +28,21 @@
 			{{/* No links */}}
 		{{else if .IsSigned}}
 			{{if not .UnitIssuesGlobalDisabled}}
-				<a class="item{{if .PageIsIssues}} active{{end}}" href="{{AppSubUrl}}/issues">{{ctx.Locale.Tr "issues"}}</a>
+				<a class="item{{if .PageIsIssues}} active{{end}}" {{if .PageIsIssues}}aria-current="page" {{end}}href="{{AppSubUrl}}/issues">{{ctx.Locale.Tr "issues"}}</a>
 			{{end}}
 			{{if not .UnitPullsGlobalDisabled}}
-				<a class="item{{if .PageIsPulls}} active{{end}}" href="{{AppSubUrl}}/pulls">{{ctx.Locale.Tr "pull_requests"}}</a>
+				<a class="item{{if .PageIsPulls}} active{{end}}" {{if .PageIsPulls}}aria-current="page" {{end}}href="{{AppSubUrl}}/pulls">{{ctx.Locale.Tr "pull_requests"}}</a>
 			{{end}}
 			{{if not (and .UnitIssuesGlobalDisabled .UnitPullsGlobalDisabled)}}
 				{{if .ShowMilestonesDashboardPage}}
-					<a class="item{{if .PageIsMilestonesDashboard}} active{{end}}" href="{{AppSubUrl}}/milestones">{{ctx.Locale.Tr "milestones"}}</a>
+					<a class="item{{if .PageIsMilestonesDashboard}} active{{end}}" {{if .PageIsMilestonesDashboard}}aria-current="page" {{end}}href="{{AppSubUrl}}/milestones">{{ctx.Locale.Tr "milestones"}}</a>
 				{{end}}
 			{{end}}
-			<a class="item{{if .PageIsExplore}} active{{end}}" href="{{AppSubUrl}}/explore/repos">{{ctx.Locale.Tr "explore"}}</a>
+			<a class="item{{if .PageIsExplore}} active{{end}}" {{if .PageIsExplore}}aria-current="page" {{end}}href="{{AppSubUrl}}/explore/repos">{{ctx.Locale.Tr "explore"}}</a>
 		{{else if .IsLandingPageOrganizations}}
-			<a class="item{{if .PageIsExplore}} active{{end}}" href="{{AppSubUrl}}/explore/organizations">{{ctx.Locale.Tr "explore"}}</a>
+			<a class="item{{if .PageIsExplore}} active{{end}}" {{if .PageIsExplore}}aria-current="page" {{end}}href="{{AppSubUrl}}/explore/organizations">{{ctx.Locale.Tr "explore"}}</a>
 		{{else}}
-			<a class="item{{if .PageIsExplore}} active{{end}}" href="{{AppSubUrl}}/explore/repos">{{ctx.Locale.Tr "explore"}}</a>
+			<a class="item{{if .PageIsExplore}} active{{end}}" {{if .PageIsExplore}}aria-current="page" {{end}}href="{{AppSubUrl}}/explore/repos">{{ctx.Locale.Tr "explore"}}</a>
 		{{end}}
 
 		{{template "custom/extra_links" .}}

From 6726b6e3e909677d017c36a4e2abbcdfbef3eae8 Mon Sep 17 00:00:00 2001
From: Henry Catalini Smith <henry@catalinismith.se>
Date: Tue, 31 Mar 2026 23:22:20 +0200
Subject: [PATCH 593/854] Add aria-labels to ensure watch and star buttons
 always have a text label (#11878)

Fixes https://codeberg.org/forgejo/forgejo/issues/6621.

The attached screen recording `before.mp4` demos the problem as described by https://codeberg.org/forgejo/forgejo/issues/6621. And `after.mp4` is the fixed version.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11878
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Henry Catalini Smith <henry@catalinismith.se>
Co-committed-by: Henry Catalini Smith <henry@catalinismith.se>
---
 templates/repo/star_unstar.tmpl   | 2 +-
 templates/repo/watch_unwatch.tmpl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/repo/star_unstar.tmpl b/templates/repo/star_unstar.tmpl
index 74239fafa4..d483495dd4 100644
--- a/templates/repo/star_unstar.tmpl
+++ b/templates/repo/star_unstar.tmpl
@@ -1,6 +1,6 @@
 <form hx-boost="true" hx-target="this" method="post" action="{{$.RepoLink}}/action/{{if $.IsStaringRepo}}un{{end}}star">
 	<div class="ui labeled button" {{if not $.IsSigned}}data-tooltip-content="{{ctx.Locale.Tr "repo.star_guest_user"}}"{{end}}>
-		<button type="submit" class="ui compact small basic button"{{if not $.IsSigned}} disabled{{end}}>
+		<button type="submit" class="ui compact small basic button"{{if not $.IsSigned}} disabled{{end}} aria-label="{{if $.IsStaringRepo}}{{ctx.Locale.Tr "repo.unstar"}}{{else}}{{ctx.Locale.Tr "repo.star"}}{{end}}">
 			{{if $.IsStaringRepo}}
 				{{svg "octicon-star-fill"}}<span class="text not-mobile">{{ctx.Locale.Tr "repo.unstar"}}</span>
 			{{else}}
diff --git a/templates/repo/watch_unwatch.tmpl b/templates/repo/watch_unwatch.tmpl
index b0dbd9af92..35d527af98 100644
--- a/templates/repo/watch_unwatch.tmpl
+++ b/templates/repo/watch_unwatch.tmpl
@@ -1,6 +1,6 @@
 <form hx-boost="true" hx-target="this" method="post" action="{{$.RepoLink}}/action/{{if $.IsWatchingRepo}}un{{end}}watch">
 	<div class="ui labeled button" {{if not $.IsSigned}}data-tooltip-content="{{ctx.Locale.Tr "repo.watch_guest_user"}}"{{end}}>
-		<button type="submit" class="ui compact small basic button"{{if not $.IsSigned}} disabled{{end}}>
+		<button type="submit" class="ui compact small basic button"{{if not $.IsSigned}} disabled{{end}} aria-label="{{if $.IsWatchingRepo}}{{ctx.Locale.Tr "repo.unwatch"}}{{else}}{{ctx.Locale.Tr "repo.watch"}}{{end}}">
 			{{if $.IsWatchingRepo}}
 				{{svg "octicon-eye-closed" 16}}<span class="text not-mobile">{{ctx.Locale.Tr "repo.unwatch"}}</span>
 			{{else}}

From ba6794348ef70f40c4cc760743302a8250bddfa0 Mon Sep 17 00:00:00 2001
From: Henry Catalini Smith <henry@catalinismith.se>
Date: Tue, 31 Mar 2026 23:22:46 +0200
Subject: [PATCH 594/854] Make label dropdown menu items with .tw-hidden
 unselectable (#11858)

Fixes https://codeberg.org/forgejo/forgejo/issues/9894.

The dropdown menu items are being hidden with `.tw-hidden`. The Fomentic dropdown  makes items with `.disabled` and `.filtered` unselectable by default but can be [easily configured](https://fomantic-ui.com/modules/dropdown.html#/settings) to broaden this selector.

In the before & after GIFs attached, there is an archived label between "duplicate" and "help wanted". In the before GIF, focus disappears momentarily between the two, which is when the hidden, archived label has been programmatically focused by Fomentic. In the after GIF, focus hops instantaneously between the two selectable labels because of the broader `unselectable` selector.

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https
- [ ]
- [ ] ://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11858
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Henry Catalini Smith <henry@catalinismith.se>
Co-committed-by: Henry Catalini Smith <henry@catalinismith.se>
---
 web_src/js/features/repo-legacy.js | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/web_src/js/features/repo-legacy.js b/web_src/js/features/repo-legacy.js
index 4d2f25148c..523ce555c4 100644
--- a/web_src/js/features/repo-legacy.js
+++ b/web_src/js/features/repo-legacy.js
@@ -90,6 +90,9 @@ export function initRepoCommentForm() {
     $(`.${selector}`).dropdown({
       'action': 'nothing', // do not hide the menu if user presses Enter
       fullTextSearch: 'exact',
+      selector: {
+        unselectable: '.disabled, .filtered, .tw-hidden',
+      },
       async onHide() {
         hasUpdateAction = $listMenu.data('action') === 'update'; // Update the var
         if (hasUpdateAction) {

From bfebd42a3dd8cffca2958807e9f4657b344fb1e6 Mon Sep 17 00:00:00 2001
From: Henry Catalini Smith <henry@catalinismith.se>
Date: Wed, 1 Apr 2026 00:14:47 +0200
Subject: [PATCH 595/854] Fix @mention combobox semantics for screen reader
 accessibility (#11860)

Fixes https://codeberg.org/forgejo/forgejo/issues/7668.

This was simpler to fix than my theory I posted on https://codeberg.org/forgejo/forgejo/issues/7668 about needing to patch the upstream package. When testing in Firefox with the developer console open and warnings enabled, I noticed a `Empty string passed to getElementById()` warning coming from `@github/combobox-nav` while attempting to manage the `aria-activedescendant` attribute. Then I found this in the [README for that project](https://github.com/github/combobox-nav).

> Markup requirements:
> - Each option needs to have role="option" and a unique id

This was easy to miss, as we're using `@github/text-expander-element` and the combobox-nav package is one of _its_ dependencies. Without a unique ID on each dropdown menu item, `@github/text-expander-element` is unable to set an appropriate `aria-activedescendant` attribute on the textarea. Once that's in place, the screen reader announcements come to life beautifully.

While working on it I noticed the emoji picker combobox was affected by the same problem and patched that as well.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11860
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Henry Catalini Smith <henry@catalinismith.se>
Co-committed-by: Henry Catalini Smith <henry@catalinismith.se>
---
 tests/e2e/issue-comment.test.e2e.ts      | 2 +-
 web_src/js/features/comp/TextExpander.js | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/tests/e2e/issue-comment.test.e2e.ts b/tests/e2e/issue-comment.test.e2e.ts
index 94e4bb7243..ed1c79a585 100644
--- a/tests/e2e/issue-comment.test.e2e.ts
+++ b/tests/e2e/issue-comment.test.e2e.ts
@@ -331,7 +331,7 @@ test('Emoji suggestions', async ({page}) => {
   ];
 
   for (const {emoji, name} of expectedSuggestions) {
-    const item = suggestionList.locator(`li:has-text("${name}")`);
+    const item = suggestionList.locator(`[id="combobox-emoji-${name}"]`);
     await expect(item).toContainText(`${emoji} ${name}`);
   }
 
diff --git a/web_src/js/features/comp/TextExpander.js b/web_src/js/features/comp/TextExpander.js
index 8777f3a334..ae652a013b 100644
--- a/web_src/js/features/comp/TextExpander.js
+++ b/web_src/js/features/comp/TextExpander.js
@@ -12,6 +12,7 @@ export function initTextExpander(expander) {
       ul.classList.add('suggestions');
       for (const name of matches) {
         const li = document.createElement('li');
+        li.setAttribute('id', `combobox-emoji-${name}`);
         li.setAttribute('role', 'option');
         li.setAttribute('data-value', emojiString(name));
         if (customEmojis.has(name)) {
@@ -33,10 +34,12 @@ export function initTextExpander(expander) {
       ul.classList.add('suggestions');
       for (const {value, name, fullname, avatar} of matches) {
         const li = document.createElement('li');
+        li.setAttribute('id', `combobox-user-${name}`);
         li.setAttribute('role', 'option');
         li.setAttribute('data-value', `${key}${value}`);
 
         const img = document.createElement('img');
+        img.setAttribute('aria-hidden', 'true');
         img.src = avatar;
         li.append(img);
 

From 7a34a7fc6d8fd26e8c9fbe621556102ccf7623f0 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 01:57:20 +0200
Subject: [PATCH 596/854] Update dependency @axe-core/playwright to v4.11.1
 (forgejo) (#11921)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 10 +++++-----
 package.json      |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 5670aec7a0..ba3a2dfb4b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -82,7 +82,7 @@
         "wrap-ansi": "10.0.0"
       },
       "devDependencies": {
-        "@axe-core/playwright": "4.11.0",
+        "@axe-core/playwright": "4.11.1",
         "@eslint-community/eslint-plugin-eslint-comments": "4.7.1",
         "@playwright/test": "1.57.0",
         "@stoplight/spectral-cli": "6.15.0",
@@ -163,13 +163,13 @@
       }
     },
     "node_modules/@axe-core/playwright": {
-      "version": "4.11.0",
-      "resolved": "https://registry.npmjs.org/@axe-core/playwright/-/playwright-4.11.0.tgz",
-      "integrity": "sha512-70vBT/Ylqpm65RQz2iCG2o0JJCEG/WCNyefTr2xcOcr1CoSee60gNQYUMZZ7YukoKkFLv26I/jjlsvwwp532oQ==",
+      "version": "4.11.1",
+      "resolved": "https://registry.npmjs.org/@axe-core/playwright/-/playwright-4.11.1.tgz",
+      "integrity": "sha512-mKEfoUIB1MkVTht0BGZFXtSAEKXMJoDkyV5YZ9jbBmZCcWDz71tegNsdTkIN8zc/yMi5Gm2kx7Z5YQ9PfWNAWw==",
       "dev": true,
       "license": "MPL-2.0",
       "dependencies": {
-        "axe-core": "~4.11.0"
+        "axe-core": "~4.11.1"
       },
       "peerDependencies": {
         "playwright-core": ">= 1.0.0"
diff --git a/package.json b/package.json
index cb1dd3014d..87b1eee8a6 100644
--- a/package.json
+++ b/package.json
@@ -81,7 +81,7 @@
     "wrap-ansi": "10.0.0"
   },
   "devDependencies": {
-    "@axe-core/playwright": "4.11.0",
+    "@axe-core/playwright": "4.11.1",
     "@eslint-community/eslint-plugin-eslint-comments": "4.7.1",
     "@playwright/test": "1.57.0",
     "@stoplight/spectral-cli": "6.15.0",

From 34937d93054844f35d41f52705aaee6ef81eee7f Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 02:13:47 +0200
Subject: [PATCH 597/854] Update github.com/google/pprof digest to a15ffb7
 (forgejo) (#11920)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11920
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 53b90801b6..7bcd0f0510 100644
--- a/go.mod
+++ b/go.mod
@@ -59,7 +59,7 @@ require (
 	github.com/golang-jwt/jwt/v5 v5.3.1
 	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
 	github.com/google/go-github/v81 v81.0.0
-	github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8
+	github.com/google/pprof v0.0.0-20260302011040-a15ffb7f9dcc
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/feeds v1.2.0
 	github.com/gorilla/sessions v1.4.0
diff --git a/go.sum b/go.sum
index d6b747d096..e9b0dbbcfc 100644
--- a/go.sum
+++ b/go.sum
@@ -400,8 +400,8 @@ github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OI
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
-github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8 h1:3DsUAV+VNEQa2CUVLxCY3f87278uWfIDhJnbdvDjvmE=
-github.com/google/pprof v0.0.0-20251114195745-4902fdda35c8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U=
+github.com/google/pprof v0.0.0-20260302011040-a15ffb7f9dcc h1:VBbFa1lDYWEeV5FZKUiYKYT0VxCp9twUmmaq9eb8sXw=
+github.com/google/pprof v0.0.0-20260302011040-a15ffb7f9dcc/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=

From 5803c596b600995cad62d4147ed50bd7440eb73a Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 03:19:27 +0200
Subject: [PATCH 598/854] Update dependency katex to v0.16.44 (forgejo)
 (#11901)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11901
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ba3a2dfb4b..9f0f62cb70 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -54,7 +54,7 @@
         "htmx.org": "2.0.8",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
-        "katex": "0.16.43",
+        "katex": "0.16.44",
         "mermaid": "11.13.0",
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.4",
@@ -10580,9 +10580,9 @@
       "license": "MIT"
     },
     "node_modules/katex": {
-      "version": "0.16.43",
-      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.43.tgz",
-      "integrity": "sha512-K7NL5JtGrFEglipOAjY4UYA69CnTuNmjArxeXF6+bw7h2OGySUPv6QWRjfb1gmutJ4Mw/qLeBqiROOEDULp4nA==",
+      "version": "0.16.44",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.44.tgz",
+      "integrity": "sha512-EkxoDTk8ufHqHlf9QxGwcxeLkWRR3iOuYfRpfORgYfqc8s13bgb+YtRY59NK5ZpRaCwq1kqA6a5lpX8C/eLphQ==",
       "funding": [
         "https://opencollective.com/katex",
         "https://github.com/sponsors/katex"
diff --git a/package.json b/package.json
index 87b1eee8a6..b2ae24a7e4 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
     "htmx.org": "2.0.8",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
-    "katex": "0.16.43",
+    "katex": "0.16.44",
     "mermaid": "11.13.0",
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.4",

From 9e3c3e5d537d6740c4da7fa66e3cae36cb27b294 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 03:35:45 +0200
Subject: [PATCH 599/854] Update module github.com/yuin/goldmark to v1.8.2
 (forgejo) (#11808)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11808
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7bcd0f0510..b4634a30b6 100644
--- a/go.mod
+++ b/go.mod
@@ -97,7 +97,7 @@ require (
 	github.com/urfave/cli/v3 v3.8.0
 	github.com/valyala/fastjson v1.6.10
 	github.com/yohcop/openid-go v1.0.1
-	github.com/yuin/goldmark v1.7.17
+	github.com/yuin/goldmark v1.8.2
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	gitlab.com/gitlab-org/api/client-go v0.143.2
 	go.uber.org/mock v0.6.0
diff --git a/go.sum b/go.sum
index e9b0dbbcfc..97492a6fa2 100644
--- a/go.sum
+++ b/go.sum
@@ -676,8 +676,8 @@ github.com/yohcop/openid-go v1.0.1/go.mod h1:b/AvD03P0KHj4yuihb+VtLD6bYYgsy0zqBz
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
 github.com/yuin/goldmark v1.4.15/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yuin/goldmark v1.7.17 h1:p36OVWwRb246iHxA/U4p8OPEpOTESm4n+g+8t0EE5uA=
-github.com/yuin/goldmark v1.7.17/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
+github.com/yuin/goldmark v1.8.2 h1:kEGpgqJXdgbkhcOgBxkC0X0PmoPG1ZyoZ117rDVp4zE=
+github.com/yuin/goldmark v1.8.2/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc h1:+IAOyRda+RLrxa1WC7umKOZRsGq4QrFFMYApOeHzQwQ=
 github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc/go.mod h1:ovIvrum6DQJA4QsJSovrkC4saKHQVs7TvcaeO8AIl5I=
 github.com/zeebo/assert v1.3.0 h1:g7C04CbJuIDKNPFHmsk4hwZDO5O+kntRxzaUoNXj+IQ=

From 3763a88c671ca54ecbe6cfab92057af33ac1b31e Mon Sep 17 00:00:00 2001
From: Antonin Delpeuch <antonin@delpeuch.eu>
Date: Wed, 1 Apr 2026 04:23:13 +0200
Subject: [PATCH 600/854] fix: allow modals to be submitted multiple times
 (#11843)

Fixes #11842.

The `once: true` was likely added to prevent multiple concurrent
submissions of the same form. This could still be worth preventing,
but I suspect it would require wrapping the supplied `onApprove`
callback with the corresponding logic, implemented manually, as I
am not aware of any native API to prevent concurrent executions of
callbacks.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11843
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
---
 tests/e2e/repo-labels.test.e2e.ts | 20 ++++++++++++++++++++
 web_src/js/modules/modal.ts       |  2 +-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/tests/e2e/repo-labels.test.e2e.ts b/tests/e2e/repo-labels.test.e2e.ts
index ef33e91dda..956c4c19d5 100644
--- a/tests/e2e/repo-labels.test.e2e.ts
+++ b/tests/e2e/repo-labels.test.e2e.ts
@@ -41,3 +41,23 @@ test('Edit label', async ({page}) => {
 
   await expect(page.locator('.label-title').filter({hasText: labelName})).toBeVisible();
 });
+
+test('New label after a failed validation', async ({page}) => {
+  // for issue https://codeberg.org/forgejo/forgejo/issues/11842
+  const response = await page.goto('/user2/repo1/labels');
+  expect(response?.status()).toBe(200);
+
+  await page.getByRole('button', {name: 'New label'}).click();
+  await expect(page.locator('#new-label-modal')).toBeVisible();
+
+  // attempt to submit the form without having filled it first
+  await page.getByRole('button', {name: 'Create label'}).click();
+  await screenshot(page, page.locator('#new-label-modal'));
+
+  // then fill the form and submit it again
+  const labelName = dynamic_id();
+  await page.getByRole('textbox', {name: 'Label name'}).fill(labelName);
+  await page.getByRole('button', {name: 'Create label'}).click();
+
+  await expect(page.locator('.label-title').filter({hasText: labelName})).toBeVisible();
+});
diff --git a/web_src/js/modules/modal.ts b/web_src/js/modules/modal.ts
index 290dccee70..b6fef12b2b 100644
--- a/web_src/js/modules/modal.ts
+++ b/web_src/js/modules/modal.ts
@@ -13,7 +13,7 @@ export function showModal(modalID: string, onApprove: () => void) {
   modal.querySelector('.cancel')?.addEventListener('click', () => {
     modal.close();
   }, {once: true, passive: true});
-  modal.querySelector('.ok')?.addEventListener('click', onApprove, {once: true, passive: true});
+  modal.querySelector('.ok')?.addEventListener('click', onApprove, {passive: true});
 
   // The modal is ready to be shown.
   modal.showModal();

From 8d49d598776446dad91279c96b4fdccf9582e198 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 06:21:07 +0200
Subject: [PATCH 601/854] Update dependency vite-string-plugin to v2.0.2
 (forgejo) (#11924)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 9f0f62cb70..726f70073b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -120,7 +120,7 @@
         "svgo": "4.0.1",
         "typescript": "5.9.3",
         "typescript-eslint": "8.56.1",
-        "vite-string-plugin": "2.0.0",
+        "vite-string-plugin": "2.0.2",
         "vitest": "4.0.18"
       },
       "engines": {
@@ -15474,9 +15474,9 @@
       }
     },
     "node_modules/vite-string-plugin": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/vite-string-plugin/-/vite-string-plugin-2.0.0.tgz",
-      "integrity": "sha512-7p4aOvow1kphhZppt62A6Aj03NhUzOTiBgjHaTWDIdmtiUbjoJeVLarV52UjQNvLFC6BxJgV8r1AAwJfcxwZSQ==",
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/vite-string-plugin/-/vite-string-plugin-2.0.2.tgz",
+      "integrity": "sha512-pHU9lZuUoMSYyZixdn2XBYko9IAhk3dr41CG6VsXrjB+wN2th06SZsO9mJm6+2NhKBJKNfRERaRej8TBcoq9tQ==",
       "dev": true,
       "license": "BSD-2-Clause",
       "peerDependencies": {
diff --git a/package.json b/package.json
index b2ae24a7e4..c17c05b616 100644
--- a/package.json
+++ b/package.json
@@ -119,7 +119,7 @@
     "svgo": "4.0.1",
     "typescript": "5.9.3",
     "typescript-eslint": "8.56.1",
-    "vite-string-plugin": "2.0.0",
+    "vite-string-plugin": "2.0.2",
     "vitest": "4.0.18"
   },
   "browserslist": ["defaults"],

From 26da41171abadad719b9d116650a235e31f0cf13 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 07:58:08 +0200
Subject: [PATCH 602/854] Update dependency @vitejs/plugin-vue to v6.0.5
 (forgejo) (#11923)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 18 +++++++++---------
 package.json      |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 726f70073b..96065b8fd9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -88,7 +88,7 @@
         "@stoplight/spectral-cli": "6.15.0",
         "@stylistic/eslint-plugin": "5.10.0",
         "@stylistic/stylelint-plugin": "4.0.1",
-        "@vitejs/plugin-vue": "6.0.3",
+        "@vitejs/plugin-vue": "6.0.5",
         "@vitest/coverage-v8": "4.0.18",
         "@vitest/eslint-plugin": "1.6.9",
         "@vue/test-utils": "2.4.6",
@@ -2834,9 +2834,9 @@
       }
     },
     "node_modules/@rolldown/pluginutils": {
-      "version": "1.0.0-beta.53",
-      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-beta.53.tgz",
-      "integrity": "sha512-vENRlFU4YbrwVqNDZ7fLvy+JR1CRkyr01jhSiDpE1u6py3OMzQfztQU2jxykW3ALNxO4kSlqIDeYyD0Y9RcQeQ==",
+      "version": "1.0.0-rc.2",
+      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-rc.2.tgz",
+      "integrity": "sha512-izyXV/v+cHiRfozX62W9htOAvwMo4/bXKDrQ+vom1L1qRuexPock/7VZDAhnpHCLNejd3NJ6hiab+tO0D44Rgw==",
       "dev": true,
       "license": "MIT"
     },
@@ -4817,19 +4817,19 @@
       }
     },
     "node_modules/@vitejs/plugin-vue": {
-      "version": "6.0.3",
-      "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-6.0.3.tgz",
-      "integrity": "sha512-TlGPkLFLVOY3T7fZrwdvKpjprR3s4fxRln0ORDo1VQ7HHyxJwTlrjKU3kpVWTlaAjIEuCTokmjkZnr8Tpc925w==",
+      "version": "6.0.5",
+      "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-6.0.5.tgz",
+      "integrity": "sha512-bL3AxKuQySfk1iGcBsQnoRVexTPJq0Z/ixFVM8OhVJAP6ZXXXLtM7NFKWhLl30Kg7uTBqIaPXbh+nuQCuBDedg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@rolldown/pluginutils": "1.0.0-beta.53"
+        "@rolldown/pluginutils": "1.0.0-rc.2"
       },
       "engines": {
         "node": "^20.19.0 || >=22.12.0"
       },
       "peerDependencies": {
-        "vite": "^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0",
+        "vite": "^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0",
         "vue": "^3.2.25"
       }
     },
diff --git a/package.json b/package.json
index c17c05b616..ae2b34a98e 100644
--- a/package.json
+++ b/package.json
@@ -87,7 +87,7 @@
     "@stoplight/spectral-cli": "6.15.0",
     "@stylistic/eslint-plugin": "5.10.0",
     "@stylistic/stylelint-plugin": "4.0.1",
-    "@vitejs/plugin-vue": "6.0.3",
+    "@vitejs/plugin-vue": "6.0.5",
     "@vitest/coverage-v8": "4.0.18",
     "@vitest/eslint-plugin": "1.6.9",
     "@vue/test-utils": "2.4.6",

From 46d2f15c949c5c09d0814499c82a5adcd84c7a42 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 09:04:13 +0200
Subject: [PATCH 603/854] Update linters (forgejo) (#11925)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 193 +++++++++++++++++++++++++---------------------
 package.json      |  12 +--
 2 files changed, 112 insertions(+), 93 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 96065b8fd9..f5b8036a2d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -90,20 +90,20 @@
         "@stylistic/stylelint-plugin": "4.0.1",
         "@vitejs/plugin-vue": "6.0.5",
         "@vitest/coverage-v8": "4.0.18",
-        "@vitest/eslint-plugin": "1.6.9",
+        "@vitest/eslint-plugin": "1.6.13",
         "@vue/test-utils": "2.4.6",
         "eslint": "9.39.4",
         "eslint-import-resolver-typescript": "4.4.4",
         "eslint-plugin-array-func": "5.1.1",
-        "eslint-plugin-import-x": "4.16.1",
+        "eslint-plugin-import-x": "4.16.2",
         "eslint-plugin-no-jquery": "3.1.1",
         "eslint-plugin-no-use-extend-native": "0.7.2",
-        "eslint-plugin-playwright": "2.9.0",
-        "eslint-plugin-regexp": "3.0.0",
+        "eslint-plugin-playwright": "2.10.1",
+        "eslint-plugin-regexp": "3.1.0",
         "eslint-plugin-sonarjs": "3.0.7",
         "eslint-plugin-toml": "0.13.1",
         "eslint-plugin-unicorn": "63.0.0",
-        "eslint-plugin-vitest-globals": "1.5.0",
+        "eslint-plugin-vitest-globals": "1.6.1",
         "eslint-plugin-vue": "10.8.0",
         "eslint-plugin-vue-scoped-css": "2.12.0",
         "eslint-plugin-wc": "3.1.0",
@@ -119,7 +119,7 @@
         "stylelint-value-no-unknown-custom-properties": "6.1.1",
         "svgo": "4.0.1",
         "typescript": "5.9.3",
-        "typescript-eslint": "8.56.1",
+        "typescript-eslint": "8.57.2",
         "vite-string-plugin": "2.0.2",
         "vitest": "4.0.18"
       },
@@ -2787,6 +2787,13 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@package-json/types": {
+      "version": "0.0.12",
+      "resolved": "https://registry.npmjs.org/@package-json/types/-/types-0.0.12.tgz",
+      "integrity": "sha512-uu43FGU34B5VM9mCNjXCwLaGHYjXdNincqKLaraaCW+7S2+SmiBg1Nv8bPnmschrIfZmfKNY9f3fC376MRrObw==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@pkgjs/parseargs": {
       "version": "0.11.0",
       "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
@@ -4295,17 +4302,17 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.56.1.tgz",
-      "integrity": "sha512-Jz9ZztpB37dNC+HU2HI28Bs9QXpzCz+y/twHOwhyrIRdbuVDxSytJNDl6z/aAKlaRIwC7y8wJdkBv7FxYGgi0A==",
+      "version": "8.57.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
+      "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.12.2",
-        "@typescript-eslint/scope-manager": "8.56.1",
-        "@typescript-eslint/type-utils": "8.56.1",
-        "@typescript-eslint/utils": "8.56.1",
-        "@typescript-eslint/visitor-keys": "8.56.1",
+        "@typescript-eslint/scope-manager": "8.57.2",
+        "@typescript-eslint/type-utils": "8.57.2",
+        "@typescript-eslint/utils": "8.57.2",
+        "@typescript-eslint/visitor-keys": "8.57.2",
         "ignore": "^7.0.5",
         "natural-compare": "^1.4.0",
         "ts-api-utils": "^2.4.0"
@@ -4318,7 +4325,7 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.56.1",
+        "@typescript-eslint/parser": "^8.57.2",
         "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
         "typescript": ">=4.8.4 <6.0.0"
       }
@@ -4334,16 +4341,16 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.56.1.tgz",
-      "integrity": "sha512-klQbnPAAiGYFyI02+znpBRLyjL4/BrBd0nyWkdC0s/6xFLkXYQ8OoRrSkqacS1ddVxf/LDyODIKbQ5TgKAf/Fg==",
+      "version": "8.57.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
+      "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.56.1",
-        "@typescript-eslint/types": "8.56.1",
-        "@typescript-eslint/typescript-estree": "8.56.1",
-        "@typescript-eslint/visitor-keys": "8.56.1",
+        "@typescript-eslint/scope-manager": "8.57.2",
+        "@typescript-eslint/types": "8.57.2",
+        "@typescript-eslint/typescript-estree": "8.57.2",
+        "@typescript-eslint/visitor-keys": "8.57.2",
         "debug": "^4.4.3"
       },
       "engines": {
@@ -4359,14 +4366,14 @@
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.56.1.tgz",
-      "integrity": "sha512-TAdqQTzHNNvlVFfR+hu2PDJrURiwKsUvxFn1M0h95BB8ah5jejas08jUWG4dBA68jDMI988IvtfdAI53JzEHOQ==",
+      "version": "8.57.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
+      "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.56.1",
-        "@typescript-eslint/types": "^8.56.1",
+        "@typescript-eslint/tsconfig-utils": "^8.57.2",
+        "@typescript-eslint/types": "^8.57.2",
         "debug": "^4.4.3"
       },
       "engines": {
@@ -4381,14 +4388,14 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.56.1.tgz",
-      "integrity": "sha512-YAi4VDKcIZp0O4tz/haYKhmIDZFEUPOreKbfdAN3SzUDMcPhJ8QI99xQXqX+HoUVq8cs85eRKnD+rne2UAnj2w==",
+      "version": "8.57.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
+      "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.56.1",
-        "@typescript-eslint/visitor-keys": "8.56.1"
+        "@typescript-eslint/types": "8.57.2",
+        "@typescript-eslint/visitor-keys": "8.57.2"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4399,9 +4406,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.56.1.tgz",
-      "integrity": "sha512-qOtCYzKEeyr3aR9f28mPJqBty7+DBqsdd63eO0yyDwc6vgThj2UjWfJIcsFeSucYydqcuudMOprZ+x1SpF3ZuQ==",
+      "version": "8.57.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
+      "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4416,15 +4423,15 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.56.1.tgz",
-      "integrity": "sha512-yB/7dxi7MgTtGhZdaHCemf7PuwrHMenHjmzgUW1aJpO+bBU43OycnM3Wn+DdvDO/8zzA9HlhaJ0AUGuvri4oGg==",
+      "version": "8.57.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
+      "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.56.1",
-        "@typescript-eslint/typescript-estree": "8.56.1",
-        "@typescript-eslint/utils": "8.56.1",
+        "@typescript-eslint/types": "8.57.2",
+        "@typescript-eslint/typescript-estree": "8.57.2",
+        "@typescript-eslint/utils": "8.57.2",
         "debug": "^4.4.3",
         "ts-api-utils": "^2.4.0"
       },
@@ -4441,9 +4448,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.56.1.tgz",
-      "integrity": "sha512-dbMkdIUkIkchgGDIv7KLUpa0Mda4IYjo4IAMJUZ+3xNoUXxMsk9YtKpTHSChRS85o+H9ftm51gsK1dZReY9CVw==",
+      "version": "8.57.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
+      "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4455,16 +4462,16 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.56.1.tgz",
-      "integrity": "sha512-qzUL1qgalIvKWAf9C1HpvBjif+Vm6rcT5wZd4VoMb9+Km3iS3Cv9DY6dMRMDtPnwRAFyAi7YXJpTIEXLvdfPxg==",
+      "version": "8.57.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
+      "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.56.1",
-        "@typescript-eslint/tsconfig-utils": "8.56.1",
-        "@typescript-eslint/types": "8.56.1",
-        "@typescript-eslint/visitor-keys": "8.56.1",
+        "@typescript-eslint/project-service": "8.57.2",
+        "@typescript-eslint/tsconfig-utils": "8.57.2",
+        "@typescript-eslint/types": "8.57.2",
+        "@typescript-eslint/visitor-keys": "8.57.2",
         "debug": "^4.4.3",
         "minimatch": "^10.2.2",
         "semver": "^7.7.3",
@@ -4483,16 +4490,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.56.1.tgz",
-      "integrity": "sha512-HPAVNIME3tABJ61siYlHzSWCGtOoeP2RTIaHXFMPqjrQKCGB9OgUVdiNgH7TJS2JNIQ5qQ4RsAUDuGaGme/KOA==",
+      "version": "8.57.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
+      "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.56.1",
-        "@typescript-eslint/types": "8.56.1",
-        "@typescript-eslint/typescript-estree": "8.56.1"
+        "@typescript-eslint/scope-manager": "8.57.2",
+        "@typescript-eslint/types": "8.57.2",
+        "@typescript-eslint/typescript-estree": "8.57.2"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4507,13 +4514,13 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.56.1.tgz",
-      "integrity": "sha512-KiROIzYdEV85YygXw6BI/Dx4fnBlFQu6Mq4QE4MOH9fFnhohw6wX/OAvDY2/C+ut0I3RSPKenvZJIVYqJNkhEw==",
+      "version": "8.57.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
+      "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.56.1",
+        "@typescript-eslint/types": "8.57.2",
         "eslint-visitor-keys": "^5.0.0"
       },
       "engines": {
@@ -4865,9 +4872,9 @@
       }
     },
     "node_modules/@vitest/eslint-plugin": {
-      "version": "1.6.9",
-      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.6.9.tgz",
-      "integrity": "sha512-9WfPx1OwJ19QLCSRLkqVO7//1WcWnK3fE/3fJhKMAmDe8+9G4rB47xCNIIeCq3FdEzkIoLTfDlwDlPBaUTMhow==",
+      "version": "1.6.13",
+      "resolved": "https://registry.npmjs.org/@vitest/eslint-plugin/-/eslint-plugin-1.6.13.tgz",
+      "integrity": "sha512-ui7JGWBoQpS5NKKW0FDb1eTuFEZ5EupEv2Psemuyfba7DfA5K52SeDLelt6P4pQJJ/4UGkker/BgMk/KrjH3WQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4878,11 +4885,15 @@
         "node": ">=18"
       },
       "peerDependencies": {
+        "@typescript-eslint/eslint-plugin": "*",
         "eslint": ">=8.57.0",
         "typescript": ">=5.0.0",
         "vitest": "*"
       },
       "peerDependenciesMeta": {
+        "@typescript-eslint/eslint-plugin": {
+          "optional": true
+        },
         "typescript": {
           "optional": true
         },
@@ -8093,18 +8104,19 @@
       }
     },
     "node_modules/eslint-plugin-import-x": {
-      "version": "4.16.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-import-x/-/eslint-plugin-import-x-4.16.1.tgz",
-      "integrity": "sha512-vPZZsiOKaBAIATpFE2uMI4w5IRwdv/FpQ+qZZMR4E+PeOcM4OeoEbqxRMnywdxP19TyB/3h6QBB0EWon7letSQ==",
+      "version": "4.16.2",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-import-x/-/eslint-plugin-import-x-4.16.2.tgz",
+      "integrity": "sha512-rM9K8UBHcWKpzQzStn1YRN2T5NvdeIfSVoKu/lKF41znQXHAUcBbYXe5wd6GNjZjTrP7viQ49n1D83x/2gYgIw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "^8.35.0",
+        "@package-json/types": "^0.0.12",
+        "@typescript-eslint/types": "^8.56.0",
         "comment-parser": "^1.4.1",
         "debug": "^4.4.1",
         "eslint-import-context": "^0.1.9",
         "is-glob": "^4.0.3",
-        "minimatch": "^9.0.3 || ^10.0.1",
+        "minimatch": "^9.0.3 || ^10.1.2",
         "semver": "^7.7.2",
         "stable-hash-x": "^0.2.0",
         "unrs-resolver": "^1.9.2"
@@ -8116,8 +8128,8 @@
         "url": "https://opencollective.com/eslint-plugin-import-x"
       },
       "peerDependencies": {
-        "@typescript-eslint/utils": "^8.0.0",
-        "eslint": "^8.57.0 || ^9.0.0",
+        "@typescript-eslint/utils": "^8.56.0",
+        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
         "eslint-import-resolver-node": "*"
       },
       "peerDependenciesMeta": {
@@ -8159,9 +8171,9 @@
       }
     },
     "node_modules/eslint-plugin-playwright": {
-      "version": "2.9.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-playwright/-/eslint-plugin-playwright-2.9.0.tgz",
-      "integrity": "sha512-k3xrG6YzrallWNFMoGUjMNeu3SFFKXN79KJQBD2PkM4PasJegqV2Up+mPY5od2UmPKQGT+MeIhCmWH8r5eYuQQ==",
+      "version": "2.10.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-playwright/-/eslint-plugin-playwright-2.10.1.tgz",
+      "integrity": "sha512-qea3UxBOb8fTwJ77FMApZKvRye5DOluDHcev0LDJwID3RELeun0JlqzrNIXAB/SXCyB/AesCW/6sZfcT9q3Edg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8175,9 +8187,9 @@
       }
     },
     "node_modules/eslint-plugin-regexp": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-regexp/-/eslint-plugin-regexp-3.0.0.tgz",
-      "integrity": "sha512-iW7hgAV8NOG6E2dz+VeKpq67YLQ9jaajOKYpoOSic2/q8y9BMdXBKkSR9gcMtbqEhNQzdW41E3wWzvhp8ExYwQ==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-regexp/-/eslint-plugin-regexp-3.1.0.tgz",
+      "integrity": "sha512-qGXIC3DIKZHcK1H9A9+Byz9gmndY6TTSRkSMTZpNXdyCw2ObSehRgccJv35n9AdUakEjQp5VFNLas6BMXizCZg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -8303,11 +8315,18 @@
       }
     },
     "node_modules/eslint-plugin-vitest-globals": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-vitest-globals/-/eslint-plugin-vitest-globals-1.5.0.tgz",
-      "integrity": "sha512-ZSsVOaOIig0oVLzRTyk8lUfBfqzWxr/J3/NFMfGGRIkGQPejJYmDH3gXmSJxAojts77uzAGB/UmVrwi2DC4LYA==",
+      "version": "1.6.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-vitest-globals/-/eslint-plugin-vitest-globals-1.6.1.tgz",
+      "integrity": "sha512-ydMvr96XRaT913a8gy8TY/LLyGB49Wmj0+x/FCbaWSpWMSaWDLG63/5zSLLrdSGXJ0PTjWpYZOZ61YBuzNyyTw==",
       "dev": true,
-      "license": "MIT"
+      "license": "MIT",
+      "engines": {
+        "node": ">=16"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/saqqdy"
+      }
     },
     "node_modules/eslint-plugin-vue": {
       "version": "10.8.0",
@@ -15177,16 +15196,16 @@
       }
     },
     "node_modules/typescript-eslint": {
-      "version": "8.56.1",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.56.1.tgz",
-      "integrity": "sha512-U4lM6pjmBX7J5wk4szltF7I1cGBHXZopnAXCMXb3+fZ3B/0Z3hq3wS/CCUB2NZBNAExK92mCU2tEohWuwVMsDQ==",
+      "version": "8.57.2",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
+      "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.56.1",
-        "@typescript-eslint/parser": "8.56.1",
-        "@typescript-eslint/typescript-estree": "8.56.1",
-        "@typescript-eslint/utils": "8.56.1"
+        "@typescript-eslint/eslint-plugin": "8.57.2",
+        "@typescript-eslint/parser": "8.57.2",
+        "@typescript-eslint/typescript-estree": "8.57.2",
+        "@typescript-eslint/utils": "8.57.2"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
diff --git a/package.json b/package.json
index ae2b34a98e..432fc0791e 100644
--- a/package.json
+++ b/package.json
@@ -89,20 +89,20 @@
     "@stylistic/stylelint-plugin": "4.0.1",
     "@vitejs/plugin-vue": "6.0.5",
     "@vitest/coverage-v8": "4.0.18",
-    "@vitest/eslint-plugin": "1.6.9",
+    "@vitest/eslint-plugin": "1.6.13",
     "@vue/test-utils": "2.4.6",
     "eslint": "9.39.4",
     "eslint-import-resolver-typescript": "4.4.4",
     "eslint-plugin-array-func": "5.1.1",
-    "eslint-plugin-import-x": "4.16.1",
+    "eslint-plugin-import-x": "4.16.2",
     "eslint-plugin-no-jquery": "3.1.1",
     "eslint-plugin-no-use-extend-native": "0.7.2",
-    "eslint-plugin-playwright": "2.9.0",
-    "eslint-plugin-regexp": "3.0.0",
+    "eslint-plugin-playwright": "2.10.1",
+    "eslint-plugin-regexp": "3.1.0",
     "eslint-plugin-sonarjs": "3.0.7",
     "eslint-plugin-toml": "0.13.1",
     "eslint-plugin-unicorn": "63.0.0",
-    "eslint-plugin-vitest-globals": "1.5.0",
+    "eslint-plugin-vitest-globals": "1.6.1",
     "eslint-plugin-vue": "10.8.0",
     "eslint-plugin-vue-scoped-css": "2.12.0",
     "eslint-plugin-wc": "3.1.0",
@@ -118,7 +118,7 @@
     "stylelint-value-no-unknown-custom-properties": "6.1.1",
     "svgo": "4.0.1",
     "typescript": "5.9.3",
-    "typescript-eslint": "8.56.1",
+    "typescript-eslint": "8.57.2",
     "vite-string-plugin": "2.0.2",
     "vitest": "4.0.18"
   },

From 645b29395ca54513a7409cb7f41b1a19d41a2a14 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 09:30:22 +0200
Subject: [PATCH 604/854] Update dependency markdownlint-cli to v0.48.0
 (forgejo) (#11929)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 73 +++++++++++------------------------------------
 package.json      |  2 +-
 2 files changed, 18 insertions(+), 57 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index f5b8036a2d..9ecf2697b6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -110,7 +110,7 @@
         "globals": "17.4.0",
         "happy-dom": "20.8.9",
         "license-checker-rseidelsohn": "4.4.2",
-        "markdownlint-cli": "0.47.0",
+        "markdownlint-cli": "0.48.0",
         "postcss-html": "1.8.1",
         "sharp": "0.34.5",
         "stylelint": "16.26.1",
@@ -10956,9 +10956,9 @@
       "license": "MIT"
     },
     "node_modules/markdown-it": {
-      "version": "14.1.0",
-      "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.0.tgz",
-      "integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==",
+      "version": "14.1.1",
+      "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-14.1.1.tgz",
+      "integrity": "sha512-BuU2qnTti9YKgK5N+IeMubp14ZUKUUw7yeJbkjtosvHiP0AZ5c8IAgEMk79D0eC8F23r4Ac/q8cAIFdm2FtyoA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -10998,23 +10998,23 @@
       }
     },
     "node_modules/markdownlint-cli": {
-      "version": "0.47.0",
-      "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.47.0.tgz",
-      "integrity": "sha512-HOcxeKFAdDoldvoYDofd85vI8LgNWy8vmYpCwnlLV46PJcodmGzD7COSSBlhHwsfT4o9KrAStGodImVBus31Bg==",
+      "version": "0.48.0",
+      "resolved": "https://registry.npmjs.org/markdownlint-cli/-/markdownlint-cli-0.48.0.tgz",
+      "integrity": "sha512-NkZQNu2E0Q5qLEEHwWj674eYISTLD4jMHkBzDobujXd1kv+yCxi8jOaD/rZoQNW1FBBMMGQpuW5So8B51N/e0A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "commander": "~14.0.2",
+        "commander": "~14.0.3",
         "deep-extend": "~0.6.0",
         "ignore": "~7.0.5",
         "js-yaml": "~4.1.1",
         "jsonc-parser": "~3.3.1",
         "jsonpointer": "~5.0.1",
-        "markdown-it": "~14.1.0",
+        "markdown-it": "~14.1.1",
         "markdownlint": "~0.40.0",
-        "minimatch": "~10.1.1",
+        "minimatch": "~10.2.4",
         "run-con": "~1.3.2",
-        "smol-toml": "~1.5.2",
+        "smol-toml": "~1.6.0",
         "tinyglobby": "~0.2.15"
       },
       "bin": {
@@ -11024,33 +11024,10 @@
         "node": ">=20"
       }
     },
-    "node_modules/markdownlint-cli/node_modules/balanced-match": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.3.tgz",
-      "integrity": "sha512-1pHv8LX9CpKut1Zp4EXey7Z8OfH11ONNH6Dhi2WDUt31VVZFXZzKwXcysBgqSumFCmR+0dqjMK5v5JiFHzi0+g==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": "20 || >=22"
-      }
-    },
-    "node_modules/markdownlint-cli/node_modules/brace-expansion": {
-      "version": "5.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.2.tgz",
-      "integrity": "sha512-Pdk8c9poy+YhOgVWw1JNN22/HcivgKWwpxKq04M/jTmHyCZn12WPJebZxdjSa5TmBqISrUSgNYU3eRORljfCCw==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "balanced-match": "^4.0.2"
-      },
-      "engines": {
-        "node": "20 || >=22"
-      }
-    },
     "node_modules/markdownlint-cli/node_modules/commander": {
-      "version": "14.0.2",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.2.tgz",
-      "integrity": "sha512-TywoWNNRbhoD0BXs1P3ZEScW8W5iKrnbithIl0YH+uCmBd0QpPOA8yc82DS3BIE5Ma6FnBVUsJ7wVUDz4dvOWQ==",
+      "version": "14.0.3",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.3.tgz",
+      "integrity": "sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -11074,22 +11051,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/markdownlint-cli/node_modules/minimatch": {
-      "version": "10.1.3",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.1.3.tgz",
-      "integrity": "sha512-IF6URNyBX7Z6XfvjpaNy5meRxPZiIf2OqtOoSLs+hLJ9pJAScnM1RjrFcbCaD85y42KcI+oZmKjFIJKYDFjQfg==",
-      "dev": true,
-      "license": "BlueOak-1.0.0",
-      "dependencies": {
-        "brace-expansion": "^5.0.2"
-      },
-      "engines": {
-        "node": "20 || >=22"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/markdownlint/node_modules/ansi-regex": {
       "version": "6.2.2",
       "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
@@ -13979,9 +13940,9 @@
       }
     },
     "node_modules/smol-toml": {
-      "version": "1.5.2",
-      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.5.2.tgz",
-      "integrity": "sha512-QlaZEqcAH3/RtNyet1IPIYPsEWAaYyXXv1Krsi+1L/QHppjX4Ifm8MQsBISz9vE8cHicIq3clogsheili5vhaQ==",
+      "version": "1.6.1",
+      "resolved": "https://registry.npmjs.org/smol-toml/-/smol-toml-1.6.1.tgz",
+      "integrity": "sha512-dWUG8F5sIIARXih1DTaQAX4SsiTXhInKf1buxdY9DIg4ZYPZK5nGM1VRIYmEbDbsHt7USo99xSLFu5Q1IqTmsg==",
       "dev": true,
       "license": "BSD-3-Clause",
       "engines": {
diff --git a/package.json b/package.json
index 432fc0791e..c7d278dc4b 100644
--- a/package.json
+++ b/package.json
@@ -109,7 +109,7 @@
     "globals": "17.4.0",
     "happy-dom": "20.8.9",
     "license-checker-rseidelsohn": "4.4.2",
-    "markdownlint-cli": "0.47.0",
+    "markdownlint-cli": "0.48.0",
     "postcss-html": "1.8.1",
     "sharp": "0.34.5",
     "stylelint": "16.26.1",

From d23d895220407e2ee432b8a6ca4379fd20a59d13 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 10:17:54 +0200
Subject: [PATCH 605/854] Update dependency @playwright/test to v1.58.2
 (forgejo) (#11928)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 24 ++++++++++++------------
 package.json      |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 9ecf2697b6..45ab3e14bf 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -84,7 +84,7 @@
       "devDependencies": {
         "@axe-core/playwright": "4.11.1",
         "@eslint-community/eslint-plugin-eslint-comments": "4.7.1",
-        "@playwright/test": "1.57.0",
+        "@playwright/test": "1.58.2",
         "@stoplight/spectral-cli": "6.15.0",
         "@stylistic/eslint-plugin": "5.10.0",
         "@stylistic/stylelint-plugin": "4.0.1",
@@ -2806,13 +2806,13 @@
       }
     },
     "node_modules/@playwright/test": {
-      "version": "1.57.0",
-      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.57.0.tgz",
-      "integrity": "sha512-6TyEnHgd6SArQO8UO2OMTxshln3QMWBtPGrOCgs3wVEmQmwyuNtB10IZMfmYDE0riwNR1cu4q+pPcxMVtaG3TA==",
+      "version": "1.58.2",
+      "resolved": "https://registry.npmjs.org/@playwright/test/-/test-1.58.2.tgz",
+      "integrity": "sha512-akea+6bHYBBfA9uQqSYmlJXn61cTa+jbO87xVLCWbTqbWadRVmhxlXATaOjOgcBaWU4ePo0wB41KMFv3o35IXA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright": "1.57.0"
+        "playwright": "1.58.2"
       },
       "bin": {
         "playwright": "cli.js"
@@ -12522,13 +12522,13 @@
       }
     },
     "node_modules/playwright": {
-      "version": "1.57.0",
-      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.57.0.tgz",
-      "integrity": "sha512-ilYQj1s8sr2ppEJ2YVadYBN0Mb3mdo9J0wQ+UuDhzYqURwSoW4n1Xs5vs7ORwgDGmyEh33tRMeS8KhdkMoLXQw==",
+      "version": "1.58.2",
+      "resolved": "https://registry.npmjs.org/playwright/-/playwright-1.58.2.tgz",
+      "integrity": "sha512-vA30H8Nvkq/cPBnNw4Q8TWz1EJyqgpuinBcHET0YVJVFldr8JDNiU9LaWAE1KqSkRYazuaBhTpB5ZzShOezQ6A==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "playwright-core": "1.57.0"
+        "playwright-core": "1.58.2"
       },
       "bin": {
         "playwright": "cli.js"
@@ -12541,9 +12541,9 @@
       }
     },
     "node_modules/playwright-core": {
-      "version": "1.57.0",
-      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.57.0.tgz",
-      "integrity": "sha512-agTcKlMw/mjBWOnD6kFZttAAGHgi/Nw0CZ2o6JqWSbMlI219lAFLZZCyqByTsvVAJq5XA5H8cA6PrvBRpBWEuQ==",
+      "version": "1.58.2",
+      "resolved": "https://registry.npmjs.org/playwright-core/-/playwright-core-1.58.2.tgz",
+      "integrity": "sha512-yZkEtftgwS8CsfYo7nm0KE8jsvm6i/PTgVtB8DL726wNf6H2IMsDuxCpJj59KDaxCtSnrWan2AeDqM7JBaultg==",
       "dev": true,
       "license": "Apache-2.0",
       "bin": {
diff --git a/package.json b/package.json
index c7d278dc4b..29bf0984dc 100644
--- a/package.json
+++ b/package.json
@@ -83,7 +83,7 @@
   "devDependencies": {
     "@axe-core/playwright": "4.11.1",
     "@eslint-community/eslint-plugin-eslint-comments": "4.7.1",
-    "@playwright/test": "1.57.0",
+    "@playwright/test": "1.58.2",
     "@stoplight/spectral-cli": "6.15.0",
     "@stylistic/eslint-plugin": "5.10.0",
     "@stylistic/stylelint-plugin": "4.0.1",

From 8f5dd8153719b23e497732767366f9d1cf86481d Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 1 Apr 2026 16:05:20 +0200
Subject: [PATCH 606/854] fix: allow repository deletion when referenced by a
 repo-specific access token (#11927)

Fixes #11919.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
    - Will be a fix before the feature is released, therefore not "visible to users".

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11927
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Antonin Delpeuch <wetneb@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 services/repository/delete.go          |  2 ++
 services/repository/repository_test.go | 17 +++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/services/repository/delete.go b/services/repository/delete.go
index 3ea7e51a9b..8766204f34 100644
--- a/services/repository/delete.go
+++ b/services/repository/delete.go
@@ -13,6 +13,7 @@ import (
 	activities_model "forgejo.org/models/activities"
 	admin_model "forgejo.org/models/admin"
 	asymkey_model "forgejo.org/models/asymkey"
+	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	git_model "forgejo.org/models/git"
 	issues_model "forgejo.org/models/issues"
@@ -189,6 +190,7 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
 		&actions_model.ActionUser{RepoID: repoID},
 		&repo_model.RepoArchiveDownloadCount{RepoID: repoID},
 		&actions_model.ActionRunnerToken{RepoID: optional.Some(repoID)},
+		&auth_model.AccessTokenResourceRepo{RepoID: repoID},
 	); err != nil {
 		return fmt.Errorf("deleteBeans: %w", err)
 	}
diff --git a/services/repository/repository_test.go b/services/repository/repository_test.go
index 5f63e4d9cb..e5ae3ecb32 100644
--- a/services/repository/repository_test.go
+++ b/services/repository/repository_test.go
@@ -6,6 +6,7 @@ package repository
 import (
 	"testing"
 
+	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unit"
@@ -62,3 +63,19 @@ func TestDeleteRepository(t *testing.T) {
 	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 	require.NoError(t, DeleteRepository(t.Context(), doer, repo, false))
 }
+
+func TestDeleteRepositoryWithReferences(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+	token1 := unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{ID: 1})
+	err := db.Insert(t.Context(), &auth_model.AccessTokenResourceRepo{
+		TokenID: token1.ID,
+		RepoID:  repo.ID,
+	})
+	require.NoError(t, err)
+
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	require.NoError(t, DeleteRepository(t.Context(), doer, repo, false))
+}

From 2469344824fbb0546243a3d0b4c565c0056455a3 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 20:16:03 +0200
Subject: [PATCH 607/854] Update module github.com/PuerkitoBio/goquery to
 v1.12.0 (forgejo) (#11941)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b4634a30b6..8b460a79c2 100644
--- a/go.mod
+++ b/go.mod
@@ -25,7 +25,7 @@ require (
 	github.com/42wim/sshsig v0.0.0-20250502153856-5100632e8920
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
 	github.com/ProtonMail/go-crypto v1.4.1
-	github.com/PuerkitoBio/goquery v1.11.0
+	github.com/PuerkitoBio/goquery v1.12.0
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0
 	github.com/alecthomas/chroma/v2 v2.23.1
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
diff --git a/go.sum b/go.sum
index 97492a6fa2..3fee3d98b3 100644
--- a/go.sum
+++ b/go.sum
@@ -73,8 +73,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/ProtonMail/go-crypto v1.4.1 h1:9RfcZHqEQUvP8RzecWEUafnZVtEvrBVL9BiF67IQOfM=
 github.com/ProtonMail/go-crypto v1.4.1/go.mod h1:e1OaTyu5SYVrO9gKOEhTc+5UcXtTUa+P3uLudwcgPqo=
-github.com/PuerkitoBio/goquery v1.11.0 h1:jZ7pwMQXIITcUXNH83LLk+txlaEy6NVOfTuP43xxfqw=
-github.com/PuerkitoBio/goquery v1.11.0/go.mod h1:wQHgxUOU3JGuj3oD/QFfxUdlzW6xPHfqyHre6VMY4DQ=
+github.com/PuerkitoBio/goquery v1.12.0 h1:pAcL4g3WRXekcB9AU/y1mbKez2dbY2AajVhtkO8RIBo=
+github.com/PuerkitoBio/goquery v1.12.0/go.mod h1:802ej+gV2y7bbIhOIoPY5sT183ZW0YFofScC4q/hIpQ=
 github.com/RoaringBitmap/roaring/v2 v2.4.5 h1:uGrrMreGjvAtTBobc0g5IrW1D5ldxDQYe2JW2gggRdg=
 github.com/RoaringBitmap/roaring/v2 v2.4.5/go.mod h1:FiJcsfkGje/nZBZgCu0ZxCPOKD/hVXDS2dXi7/eUFE0=
 github.com/STARRY-S/zip v0.2.3 h1:luE4dMvRPDOWQdeDdUxUoZkzUIpTccdKdhHHsQJ1fm4=

From 5add2e0dee5f80ea7604aea2860e604de4b96b1b Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 20:43:17 +0200
Subject: [PATCH 608/854] Update dependency webpack-cli to v7 (forgejo)
 (#11944)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11944
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 88 ++++++++++-------------------------------------
 package.json      |  2 +-
 2 files changed, 19 insertions(+), 71 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 45ab3e14bf..8ae8be8ac3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -78,7 +78,7 @@
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
         "webpack": "5.105.4",
-        "webpack-cli": "6.0.1",
+        "webpack-cli": "7.0.2",
         "wrap-ansi": "10.0.0"
       },
       "devDependencies": {
@@ -917,9 +917,9 @@
       }
     },
     "node_modules/@discoveryjs/json-ext": {
-      "version": "0.6.3",
-      "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-0.6.3.tgz",
-      "integrity": "sha512-4B4OijXeVNOPZlYA2oEwWOTkzyltLao+xbotHQeqN++Rv27Y6s818+n2Qkp8q+Fxhn0t/5lA5X1Mxktud8eayQ==",
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-1.0.0.tgz",
+      "integrity": "sha512-dDlz3W405VMFO4w5kIP9DOmELBcvFQGmLoKSdIRstBDubKFYwaNHV1NnlzMCQpXQFGWVALmeMORAuiLx18AvZQ==",
       "license": "MIT",
       "engines": {
         "node": ">=14.17.0"
@@ -5356,50 +5356,6 @@
         "@xtuc/long": "4.2.2"
       }
     },
-    "node_modules/@webpack-cli/configtest": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/@webpack-cli/configtest/-/configtest-3.0.1.tgz",
-      "integrity": "sha512-u8d0pJ5YFgneF/GuvEiDA61Tf1VDomHHYMjv/wc9XzYj7nopltpG96nXN5dJRstxZhcNpV1g+nT6CydO7pHbjA==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=18.12.0"
-      },
-      "peerDependencies": {
-        "webpack": "^5.82.0",
-        "webpack-cli": "6.x.x"
-      }
-    },
-    "node_modules/@webpack-cli/info": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/@webpack-cli/info/-/info-3.0.1.tgz",
-      "integrity": "sha512-coEmDzc2u/ffMvuW9aCjoRzNSPDl/XLuhPdlFRpT9tZHmJ/039az33CE7uH+8s0uL1j5ZNtfdv0HkfaKRBGJsQ==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=18.12.0"
-      },
-      "peerDependencies": {
-        "webpack": "^5.82.0",
-        "webpack-cli": "6.x.x"
-      }
-    },
-    "node_modules/@webpack-cli/serve": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/@webpack-cli/serve/-/serve-3.0.1.tgz",
-      "integrity": "sha512-sbgw03xQaCLiT6gcY/6u3qBDn01CWw/nbaXl3gTdTFuJJ75Gffv3E3DBpgvY2fkkrdS1fpjaXNOmJlnbtKauKg==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=18.12.0"
-      },
-      "peerDependencies": {
-        "webpack": "^5.82.0",
-        "webpack-cli": "6.x.x"
-      },
-      "peerDependenciesMeta": {
-        "webpack-dev-server": {
-          "optional": true
-        }
-      }
-    },
     "node_modules/@xtuc/ieee754": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/@xtuc/ieee754/-/ieee754-1.2.0.tgz",
@@ -6420,12 +6376,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/colorette": {
-      "version": "2.0.20",
-      "resolved": "https://registry.npmjs.org/colorette/-/colorette-2.0.20.tgz",
-      "integrity": "sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w==",
-      "license": "MIT"
-    },
     "node_modules/commander": {
       "version": "10.0.1",
       "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz",
@@ -15883,18 +15833,14 @@
       }
     },
     "node_modules/webpack-cli": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/webpack-cli/-/webpack-cli-6.0.1.tgz",
-      "integrity": "sha512-MfwFQ6SfwinsUVi0rNJm7rHZ31GyTcpVE5pgVA3hwFRb7COD4TzjUUwhGWKfO50+xdc2MQPuEBBJoqIMGt3JDw==",
+      "version": "7.0.2",
+      "resolved": "https://registry.npmjs.org/webpack-cli/-/webpack-cli-7.0.2.tgz",
+      "integrity": "sha512-dB0R4T+C/8YuvM+fabdvil6QE44/ChDXikV5lOOkrUeCkW5hTJv2pGLE3keh+D5hjYw8icBaJkZzpFoaHV4T+g==",
       "license": "MIT",
       "dependencies": {
-        "@discoveryjs/json-ext": "^0.6.1",
-        "@webpack-cli/configtest": "^3.0.1",
-        "@webpack-cli/info": "^3.0.1",
-        "@webpack-cli/serve": "^3.0.1",
-        "colorette": "^2.0.14",
-        "commander": "^12.1.0",
-        "cross-spawn": "^7.0.3",
+        "@discoveryjs/json-ext": "^1.0.0",
+        "commander": "^14.0.3",
+        "cross-spawn": "^7.0.6",
         "envinfo": "^7.14.0",
         "fastest-levenshtein": "^1.0.12",
         "import-local": "^3.0.2",
@@ -15906,14 +15852,16 @@
         "webpack-cli": "bin/cli.js"
       },
       "engines": {
-        "node": ">=18.12.0"
+        "node": ">=20.9.0"
       },
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/webpack"
       },
       "peerDependencies": {
-        "webpack": "^5.82.0"
+        "webpack": "^5.101.0",
+        "webpack-bundle-analyzer": "^4.0.0 || ^5.0.0",
+        "webpack-dev-server": "^5.0.0"
       },
       "peerDependenciesMeta": {
         "webpack-bundle-analyzer": {
@@ -15925,12 +15873,12 @@
       }
     },
     "node_modules/webpack-cli/node_modules/commander": {
-      "version": "12.1.0",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-12.1.0.tgz",
-      "integrity": "sha512-Vw8qHK3bZM9y/P10u3Vib8o/DdkvA2OtPtZvD871QKjy74Wj1WSKFILMPRPSdUSx5RFK1arlJzEtA4PkFgnbuA==",
+      "version": "14.0.3",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-14.0.3.tgz",
+      "integrity": "sha512-H+y0Jo/T1RZ9qPP4Eh1pkcQcLRglraJaSLoyOtHxu6AapkjWVCy2Sit1QQ4x3Dng8qDlSsZEet7g5Pq06MvTgw==",
       "license": "MIT",
       "engines": {
-        "node": ">=18"
+        "node": ">=20"
       }
     },
     "node_modules/webpack-merge": {
diff --git a/package.json b/package.json
index 29bf0984dc..e17bbf13ed 100644
--- a/package.json
+++ b/package.json
@@ -77,7 +77,7 @@
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",
     "webpack": "5.105.4",
-    "webpack-cli": "6.0.1",
+    "webpack-cli": "7.0.2",
     "wrap-ansi": "10.0.0"
   },
   "devDependencies": {

From b09cf32cb99b48a8a529201175ace366c89cd3ea Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 22:04:54 +0200
Subject: [PATCH 609/854] Update vitest monorepo to v4.1.2 (forgejo) (#11942)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 199 ++++++++++++++++++++++++----------------------
 package.json      |   4 +-
 2 files changed, 108 insertions(+), 95 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 8ae8be8ac3..e2d5d0e3bb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -89,7 +89,7 @@
         "@stylistic/eslint-plugin": "5.10.0",
         "@stylistic/stylelint-plugin": "4.0.1",
         "@vitejs/plugin-vue": "6.0.5",
-        "@vitest/coverage-v8": "4.0.18",
+        "@vitest/coverage-v8": "4.1.2",
         "@vitest/eslint-plugin": "1.6.13",
         "@vue/test-utils": "2.4.6",
         "eslint": "9.39.4",
@@ -121,7 +121,7 @@
         "typescript": "5.9.3",
         "typescript-eslint": "8.57.2",
         "vite-string-plugin": "2.0.2",
-        "vitest": "4.0.18"
+        "vitest": "4.1.2"
       },
       "engines": {
         "node": ">= 20.0.0"
@@ -4841,29 +4841,29 @@
       }
     },
     "node_modules/@vitest/coverage-v8": {
-      "version": "4.0.18",
-      "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-4.0.18.tgz",
-      "integrity": "sha512-7i+N2i0+ME+2JFZhfuz7Tg/FqKtilHjGyGvoHYQ6iLV0zahbsJ9sljC9OcFcPDbhYKCet+sG8SsVqlyGvPflZg==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-4.1.2.tgz",
+      "integrity": "sha512-sPK//PHO+kAkScb8XITeB1bf7fsk85Km7+rt4eeuRR3VS1/crD47cmV5wicisJmjNdfeokTZwjMk4Mj2d58Mgg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@bcoe/v8-coverage": "^1.0.2",
-        "@vitest/utils": "4.0.18",
-        "ast-v8-to-istanbul": "^0.3.10",
+        "@vitest/utils": "4.1.2",
+        "ast-v8-to-istanbul": "^1.0.0",
         "istanbul-lib-coverage": "^3.2.2",
         "istanbul-lib-report": "^3.0.1",
         "istanbul-reports": "^3.2.0",
-        "magicast": "^0.5.1",
+        "magicast": "^0.5.2",
         "obug": "^2.1.1",
-        "std-env": "^3.10.0",
-        "tinyrainbow": "^3.0.3"
+        "std-env": "^4.0.0-rc.1",
+        "tinyrainbow": "^3.1.0"
       },
       "funding": {
         "url": "https://opencollective.com/vitest"
       },
       "peerDependencies": {
-        "@vitest/browser": "4.0.18",
-        "vitest": "4.0.18"
+        "@vitest/browser": "4.1.2",
+        "vitest": "4.1.2"
       },
       "peerDependenciesMeta": {
         "@vitest/browser": {
@@ -4903,31 +4903,31 @@
       }
     },
     "node_modules/@vitest/expect": {
-      "version": "4.0.18",
-      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.0.18.tgz",
-      "integrity": "sha512-8sCWUyckXXYvx4opfzVY03EOiYVxyNrHS5QxX3DAIi5dpJAAkyJezHCP77VMX4HKA2LDT/Jpfo8i2r5BE3GnQQ==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-4.1.2.tgz",
+      "integrity": "sha512-gbu+7B0YgUJ2nkdsRJrFFW6X7NTP44WlhiclHniUhxADQJH5Szt9mZ9hWnJPJ8YwOK5zUOSSlSvyzRf0u1DSBQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@standard-schema/spec": "^1.0.0",
+        "@standard-schema/spec": "^1.1.0",
         "@types/chai": "^5.2.2",
-        "@vitest/spy": "4.0.18",
-        "@vitest/utils": "4.0.18",
-        "chai": "^6.2.1",
-        "tinyrainbow": "^3.0.3"
+        "@vitest/spy": "4.1.2",
+        "@vitest/utils": "4.1.2",
+        "chai": "^6.2.2",
+        "tinyrainbow": "^3.1.0"
       },
       "funding": {
         "url": "https://opencollective.com/vitest"
       }
     },
     "node_modules/@vitest/mocker": {
-      "version": "4.0.18",
-      "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.0.18.tgz",
-      "integrity": "sha512-HhVd0MDnzzsgevnOWCBj5Otnzobjy5wLBe4EdeeFGv8luMsGcYqDuFRMcttKWZA5vVO8RFjexVovXvAM4JoJDQ==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-4.1.2.tgz",
+      "integrity": "sha512-Ize4iQtEALHDttPRCmN+FKqOl2vxTiNUhzobQFFt/BM1lRUTG7zRCLOykG/6Vo4E4hnUdfVLo5/eqKPukcWW7Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/spy": "4.0.18",
+        "@vitest/spy": "4.1.2",
         "estree-walker": "^3.0.3",
         "magic-string": "^0.30.21"
       },
@@ -4936,7 +4936,7 @@
       },
       "peerDependencies": {
         "msw": "^2.4.9",
-        "vite": "^6.0.0 || ^7.0.0-0"
+        "vite": "^6.0.0 || ^7.0.0 || ^8.0.0"
       },
       "peerDependenciesMeta": {
         "msw": {
@@ -4975,26 +4975,26 @@
       }
     },
     "node_modules/@vitest/pretty-format": {
-      "version": "4.0.18",
-      "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.0.18.tgz",
-      "integrity": "sha512-P24GK3GulZWC5tz87ux0m8OADrQIUVDPIjjj65vBXYG17ZeU3qD7r+MNZ1RNv4l8CGU2vtTRqixrOi9fYk/yKw==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-4.1.2.tgz",
+      "integrity": "sha512-dwQga8aejqeuB+TvXCMzSQemvV9hNEtDDpgUKDzOmNQayl2OG241PSWeJwKRH3CiC+sESrmoFd49rfnq7T4RnA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "tinyrainbow": "^3.0.3"
+        "tinyrainbow": "^3.1.0"
       },
       "funding": {
         "url": "https://opencollective.com/vitest"
       }
     },
     "node_modules/@vitest/runner": {
-      "version": "4.0.18",
-      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.0.18.tgz",
-      "integrity": "sha512-rpk9y12PGa22Jg6g5M3UVVnTS7+zycIGk9ZNGN+m6tZHKQb7jrP7/77WfZy13Y/EUDd52NDsLRQhYKtv7XfPQw==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-4.1.2.tgz",
+      "integrity": "sha512-Gr+FQan34CdiYAwpGJmQG8PgkyFVmARK8/xSijia3eTFgVfpcpztWLuP6FttGNfPLJhaZVP/euvujeNYar36OQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/utils": "4.0.18",
+        "@vitest/utils": "4.1.2",
         "pathe": "^2.0.3"
       },
       "funding": {
@@ -5002,13 +5002,14 @@
       }
     },
     "node_modules/@vitest/snapshot": {
-      "version": "4.0.18",
-      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.0.18.tgz",
-      "integrity": "sha512-PCiV0rcl7jKQjbgYqjtakly6T1uwv/5BQ9SwBLekVg/EaYeQFPiXcgrC2Y7vDMA8dM1SUEAEV82kgSQIlXNMvA==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-4.1.2.tgz",
+      "integrity": "sha512-g7yfUmxYS4mNxk31qbOYsSt2F4m1E02LFqO53Xpzg3zKMhLAPZAjjfyl9e6z7HrW6LvUdTwAQR3HHfLjpko16A==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/pretty-format": "4.0.18",
+        "@vitest/pretty-format": "4.1.2",
+        "@vitest/utils": "4.1.2",
         "magic-string": "^0.30.21",
         "pathe": "^2.0.3"
       },
@@ -5027,9 +5028,9 @@
       }
     },
     "node_modules/@vitest/spy": {
-      "version": "4.0.18",
-      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.0.18.tgz",
-      "integrity": "sha512-cbQt3PTSD7P2OARdVW3qWER5EGq7PHlvE+QfzSC0lbwO+xnt7+XH06ZzFjFRgzUX//JmpxrCu92VdwvEPlWSNw==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-4.1.2.tgz",
+      "integrity": "sha512-DU4fBnbVCJGNBwVA6xSToNXrkZNSiw59H8tcuUspVMsBDBST4nfvsPsEHDHGtWRRnqBERBQu7TrTKskmjqTXKA==",
       "dev": true,
       "license": "MIT",
       "funding": {
@@ -5037,14 +5038,15 @@
       }
     },
     "node_modules/@vitest/utils": {
-      "version": "4.0.18",
-      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.0.18.tgz",
-      "integrity": "sha512-msMRKLMVLWygpK3u2Hybgi4MNjcYJvwTb0Ru09+fOyCXIgT5raYP041DRRdiJiI3k/2U6SEbAETB3YtBrUkCFA==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-4.1.2.tgz",
+      "integrity": "sha512-xw2/TiX82lQHA06cgbqRKFb5lCAy3axQ4H4SoUFhUsg+wztiet+co86IAMDtF6Vm1hc7J6j09oh/rgDn+JdKIQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/pretty-format": "4.0.18",
-        "tinyrainbow": "^3.0.3"
+        "@vitest/pretty-format": "4.1.2",
+        "convert-source-map": "^2.0.0",
+        "tinyrainbow": "^3.1.0"
       },
       "funding": {
         "url": "https://opencollective.com/vitest"
@@ -5664,15 +5666,15 @@
       }
     },
     "node_modules/ast-v8-to-istanbul": {
-      "version": "0.3.10",
-      "resolved": "https://registry.npmjs.org/ast-v8-to-istanbul/-/ast-v8-to-istanbul-0.3.10.tgz",
-      "integrity": "sha512-p4K7vMz2ZSk3wN8l5o3y2bJAoZXT3VuJI5OLTATY/01CYWumWvwkUw0SqDBnNq6IiTO3qDa1eSQDibAV8g7XOQ==",
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/ast-v8-to-istanbul/-/ast-v8-to-istanbul-1.0.0.tgz",
+      "integrity": "sha512-1fSfIwuDICFA4LKkCzRPO7F0hzFf0B7+Xqrl27ynQaa+Rh0e1Es0v6kWHPott3lU10AyAr7oKHa65OppjLn3Rg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@jridgewell/trace-mapping": "^0.3.31",
         "estree-walker": "^3.0.3",
-        "js-tokens": "^9.0.1"
+        "js-tokens": "^10.0.0"
       }
     },
     "node_modules/ast-v8-to-istanbul/node_modules/@types/estree": {
@@ -5692,6 +5694,13 @@
         "@types/estree": "^1.0.0"
       }
     },
+    "node_modules/ast-v8-to-istanbul/node_modules/js-tokens": {
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-10.0.0.tgz",
+      "integrity": "sha512-lM/UBzQmfJRo9ABXbPWemivdCW8V2G8FHaHdypQaIy523snUjog0W71ayWXTjiR+ixeMyVHN2XcpnTd/liPg/Q==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/astral-regex": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz",
@@ -6427,6 +6436,13 @@
         "proto-list": "~1.2.1"
       }
     },
+    "node_modules/convert-source-map": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-2.0.0.tgz",
+      "integrity": "sha512-Kvp459HrV2FEJ1CAsi1Ku+MY3kasH19TFykTz2xWmMeq6bk2NU3XXvfJ+Q61m0xktWwt+1HSYf3JZsTms3aRJg==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/core-js-compat": {
       "version": "3.48.0",
       "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.48.0.tgz",
@@ -7758,10 +7774,9 @@
       }
     },
     "node_modules/es-module-lexer": {
-      "version": "1.7.0",
-      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-1.7.0.tgz",
-      "integrity": "sha512-jEQoCwk8hyb2AZziIOLhDqpm5+2ww5uIE6lkO/6jcOCusfk6LhMHpXXfBLXTZ7Ydyt0j4VoUQv6uGNYbdW+kBA==",
-      "dev": true,
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-2.0.0.tgz",
+      "integrity": "sha512-5POEcUuZybH7IdmGsD8wlf0AI55wMecM9rVBTI/qEAy2c1kTOm3DjFYjrBdI2K3BaJjJYfYFeRtM0t9ssnRuxw==",
       "license": "MIT"
     },
     "node_modules/es-object-atoms": {
@@ -10871,14 +10886,14 @@
       }
     },
     "node_modules/magicast": {
-      "version": "0.5.1",
-      "resolved": "https://registry.npmjs.org/magicast/-/magicast-0.5.1.tgz",
-      "integrity": "sha512-xrHS24IxaLrvuo613F719wvOIv9xPHFWQHuvGUBmPnCA/3MQxKI3b+r7n1jAoDHmsbC5bRhTZYR77invLAxVnw==",
+      "version": "0.5.2",
+      "resolved": "https://registry.npmjs.org/magicast/-/magicast-0.5.2.tgz",
+      "integrity": "sha512-E3ZJh4J3S9KfwdjZhe2afj6R9lGIN5Pher1pF39UGrXRqq/VDaGVIGN13BjHd2u8B61hArAGOnso7nBOouW3TQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@babel/parser": "^7.28.5",
-        "@babel/types": "^7.28.5",
+        "@babel/parser": "^7.29.0",
+        "@babel/types": "^7.29.0",
         "source-map-js": "^1.2.1"
       }
     },
@@ -14086,9 +14101,9 @@
       }
     },
     "node_modules/std-env": {
-      "version": "3.10.0",
-      "resolved": "https://registry.npmjs.org/std-env/-/std-env-3.10.0.tgz",
-      "integrity": "sha512-5GS12FdOZNliM5mAOxFRg7Ir0pWz8MdpYm6AY6VPkGpbA7ZzmbzNcBJQ0GPvvyWgcY7QAhCgf9Uy89I03faLkg==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/std-env/-/std-env-4.0.0.tgz",
+      "integrity": "sha512-zUMPtQ/HBY3/50VbpkupYHbRroTRZJPRLvreamgErJVys0ceuzMkD44J/QjqhHjOzK42GQ3QZIeFG1OYfOtKqQ==",
       "dev": true,
       "license": "MIT"
     },
@@ -14879,9 +14894,9 @@
       }
     },
     "node_modules/tinyrainbow": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-3.0.3.tgz",
-      "integrity": "sha512-PSkbLUoxOFRzJYjjxHJt9xro7D+iilgMX/C9lawzVuYiIdcihh9DXmVibBe8lmcFrRi/VzlPjBxbN7rH24q8/Q==",
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/tinyrainbow/-/tinyrainbow-3.1.0.tgz",
+      "integrity": "sha512-Bf+ILmBgretUrdJxzXM0SgXLZ3XfiaUuOj/IKQHuTXip+05Xn+uyEYdVg0kYDipTBcLrCVyUzAPz7QmArb0mmw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -15512,31 +15527,31 @@
       }
     },
     "node_modules/vitest": {
-      "version": "4.0.18",
-      "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.0.18.tgz",
-      "integrity": "sha512-hOQuK7h0FGKgBAas7v0mSAsnvrIgAvWmRFjmzpJ7SwFHH3g1k2u37JtYwOwmEKhK6ZO3v9ggDBBm0La1LCK4uQ==",
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.1.2.tgz",
+      "integrity": "sha512-xjR1dMTVHlFLh98JE3i/f/WePqJsah4A0FK9cc8Ehp9Udk0AZk6ccpIZhh1qJ/yxVWRZ+Q54ocnD8TXmkhspGg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vitest/expect": "4.0.18",
-        "@vitest/mocker": "4.0.18",
-        "@vitest/pretty-format": "4.0.18",
-        "@vitest/runner": "4.0.18",
-        "@vitest/snapshot": "4.0.18",
-        "@vitest/spy": "4.0.18",
-        "@vitest/utils": "4.0.18",
-        "es-module-lexer": "^1.7.0",
-        "expect-type": "^1.2.2",
+        "@vitest/expect": "4.1.2",
+        "@vitest/mocker": "4.1.2",
+        "@vitest/pretty-format": "4.1.2",
+        "@vitest/runner": "4.1.2",
+        "@vitest/snapshot": "4.1.2",
+        "@vitest/spy": "4.1.2",
+        "@vitest/utils": "4.1.2",
+        "es-module-lexer": "^2.0.0",
+        "expect-type": "^1.3.0",
         "magic-string": "^0.30.21",
         "obug": "^2.1.1",
         "pathe": "^2.0.3",
         "picomatch": "^4.0.3",
-        "std-env": "^3.10.0",
+        "std-env": "^4.0.0-rc.1",
         "tinybench": "^2.9.0",
         "tinyexec": "^1.0.2",
         "tinyglobby": "^0.2.15",
-        "tinyrainbow": "^3.0.3",
-        "vite": "^6.0.0 || ^7.0.0",
+        "tinyrainbow": "^3.1.0",
+        "vite": "^6.0.0 || ^7.0.0 || ^8.0.0",
         "why-is-node-running": "^2.3.0"
       },
       "bin": {
@@ -15552,12 +15567,13 @@
         "@edge-runtime/vm": "*",
         "@opentelemetry/api": "^1.9.0",
         "@types/node": "^20.0.0 || ^22.0.0 || >=24.0.0",
-        "@vitest/browser-playwright": "4.0.18",
-        "@vitest/browser-preview": "4.0.18",
-        "@vitest/browser-webdriverio": "4.0.18",
-        "@vitest/ui": "4.0.18",
+        "@vitest/browser-playwright": "4.1.2",
+        "@vitest/browser-preview": "4.1.2",
+        "@vitest/browser-webdriverio": "4.1.2",
+        "@vitest/ui": "4.1.2",
         "happy-dom": "*",
-        "jsdom": "*"
+        "jsdom": "*",
+        "vite": "^6.0.0 || ^7.0.0 || ^8.0.0"
       },
       "peerDependenciesMeta": {
         "@edge-runtime/vm": {
@@ -15586,6 +15602,9 @@
         },
         "jsdom": {
           "optional": true
+        },
+        "vite": {
+          "optional": false
         }
       }
     },
@@ -15600,9 +15619,9 @@
       }
     },
     "node_modules/vitest/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -15911,12 +15930,6 @@
       "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
       "license": "MIT"
     },
-    "node_modules/webpack/node_modules/es-module-lexer": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-2.0.0.tgz",
-      "integrity": "sha512-5POEcUuZybH7IdmGsD8wlf0AI55wMecM9rVBTI/qEAy2c1kTOm3DjFYjrBdI2K3BaJjJYfYFeRtM0t9ssnRuxw==",
-      "license": "MIT"
-    },
     "node_modules/webpack/node_modules/eslint-scope": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.1.tgz",
diff --git a/package.json b/package.json
index e17bbf13ed..6cad44ea31 100644
--- a/package.json
+++ b/package.json
@@ -88,7 +88,7 @@
     "@stylistic/eslint-plugin": "5.10.0",
     "@stylistic/stylelint-plugin": "4.0.1",
     "@vitejs/plugin-vue": "6.0.5",
-    "@vitest/coverage-v8": "4.0.18",
+    "@vitest/coverage-v8": "4.1.2",
     "@vitest/eslint-plugin": "1.6.13",
     "@vue/test-utils": "2.4.6",
     "eslint": "9.39.4",
@@ -120,7 +120,7 @@
     "typescript": "5.9.3",
     "typescript-eslint": "8.57.2",
     "vite-string-plugin": "2.0.2",
-    "vitest": "4.0.18"
+    "vitest": "4.1.2"
   },
   "browserslist": ["defaults"],
   "scarfSettings": {

From 6fa7bf933aed973cae75e3cd27ed49d143c6ab6d Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 22:21:33 +0200
Subject: [PATCH 610/854] Update module github.com/inbucket/html2text to v1
 (forgejo) (#11946)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11946
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8b460a79c2..7a09fe7bba 100644
--- a/go.mod
+++ b/go.mod
@@ -66,7 +66,7 @@ require (
 	github.com/hashicorp/go-version v1.8.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/huandu/xstrings v1.5.0
-	github.com/inbucket/html2text v0.9.0
+	github.com/inbucket/html2text v1.0.0
 	github.com/jackc/pgx/v5 v5.9.1
 	github.com/jhillyerd/enmime/v2 v2.2.0
 	github.com/json-iterator/go v1.1.12
diff --git a/go.sum b/go.sum
index 3fee3d98b3..fb74d8b500 100644
--- a/go.sum
+++ b/go.sum
@@ -441,8 +441,8 @@ github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI
 github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw=
-github.com/inbucket/html2text v0.9.0 h1:ULJmVcBEMAcmLE+/rN815KG1Fx6+a4HhbUxiDiN+qks=
-github.com/inbucket/html2text v0.9.0/go.mod h1:QDaumzl+/OzlSVbNohhmg+yAy5pKjUjzCKW2BMvztKE=
+github.com/inbucket/html2text v1.0.0 h1:N5kza++4uBBDJ2Z3KUnTRyPNoBcW+YfOgNiNmNB+sgs=
+github.com/inbucket/html2text v1.0.0/go.mod h1:5TrhXQKGU+LXurODaSm55Y9eXoPBRnYiOz4x2XfUoJU=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=

From d728fddec51aa5248c66840084c7115fa2547ccb Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 1 Apr 2026 23:37:00 +0200
Subject: [PATCH 611/854] Update module
 github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.11.4 (forgejo)
 (#11940)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 0008653790..08e8632ac8 100644
--- a/Makefile
+++ b/Makefile
@@ -39,7 +39,7 @@ XGO_VERSION := go-1.21.x
 AIR_PACKAGE ?= github.com/air-verse/air@v1 # renovate: datasource=go
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker@v3.6.1 # renovate: datasource=go
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.9.2 # renovate: datasource=go
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.10.1 # renovate: datasource=go
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.11.4 # renovate: datasource=go
 GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.15 # renovate: datasource=go
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.2 # renovate: datasource=go
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest

From 77dbc3513864e420cef7d81c46425f3c38ce4c97 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Thu, 2 Apr 2026 03:29:37 +0200
Subject: [PATCH 612/854] chore: add modernizer linter (#11936)

- Go has a suite of small linters that helps with modernizing Go code by using newer functions and catching small mistakes, https://pkg.go.dev/golang.org/x/tools/go/analysis/passes/modernize.
- Enable this linter in golangci-lint.
- There's also [`go fix`](https://go.dev/blog/gofix), which is not yet released as a linter in golangci-lint: https://github.com/golangci/golangci-lint/pull/6385

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11936
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 .golangci.yml                                 |  1 +
 cmd/cert.go                                   |  4 +-
 cmd/dump.go                                   | 37 ++++++--------
 cmd/dump_repo.go                              |  4 +-
 models/actions/status.go                      |  9 ++--
 models/activities/action.go                   |  7 +--
 models/activities/notification_list.go        | 20 ++------
 models/activities/repo_activity.go            |  5 +-
 models/auth/access_token_scope.go             |  8 +--
 models/auth/oauth2.go                         |  2 +-
 models/auth/source.go                         |  2 +-
 models/db/iterate.go                          |  2 +-
 models/db/name.go                             |  7 ++-
 models/dbfs/dbfile.go                         | 20 ++------
 models/git/protected_branch.go                |  2 +-
 models/gitea_migrations/test/tests.go         |  2 +-
 models/gitea_migrations/v1_11/v111.go         |  7 ++-
 models/gitea_migrations/v1_11/v115.go         |  2 +-
 models/gitea_migrations/v1_20/v259.go         |  2 +-
 models/issues/comment.go                      | 10 ++--
 models/issues/comment_list.go                 | 35 +++----------
 models/issues/issue_list.go                   | 50 ++++---------------
 models/issues/issue_stats.go                  |  5 +-
 models/issues/issue_test.go                   |  7 +--
 models/issues/issue_update.go                 |  2 +-
 models/issues/review_list.go                  |  2 +-
 models/issues/tracked_time.go                 |  5 +-
 models/perm/access/repo_permission.go         | 12 +++--
 models/project/column_test.go                 |  2 +-
 models/pull/review_state.go                   |  5 +-
 models/repo/repo.go                           | 13 +++--
 models/repo/repo_list.go                      |  4 +-
 models/repo/repo_unit.go                      |  6 +--
 models/repo/upload.go                         |  2 +-
 models/unit/unit.go                           | 14 +-----
 models/unittest/fixture_loader.go             |  4 +-
 models/unittest/mock_http.go                  |  8 +--
 models/unittest/reflection.go                 |  2 +-
 models/user/avatar.go                         |  2 +-
 models/user/email_address_test.go             |  8 +--
 models/user/moderation.go                     |  2 +-
 models/user/user.go                           |  4 +-
 models/user/user_test.go                      |  4 +-
 models/webhook/webhook.go                     |  2 +-
 modules/actions/workflows.go                  | 15 ++----
 modules/auth/password/password.go             |  2 +-
 modules/auth/password/password_test.go        |  2 +-
 modules/auth/password/pwn/pwn.go              |  2 +-
 modules/avatar/identicon/block.go             |  4 +-
 modules/avatar/identicon/identicon.go         |  2 +-
 modules/charset/charset.go                    |  2 +-
 modules/charset/charset_test.go               |  2 +-
 modules/forgefed/actor.go                     |  8 +--
 modules/forgefed/repository.go                |  2 +-
 modules/git/commit.go                         |  4 +-
 modules/git/commit_info.go                    |  5 +-
 modules/git/foreachref/format.go              |  8 +--
 modules/git/hook.go                           |  8 +--
 modules/git/last_commit_cache.go              |  2 +-
 modules/git/log_name_status.go                |  5 +-
 modules/git/notes.go                          | 11 ++--
 modules/git/parse.go                          |  8 +--
 modules/git/pushoptions/pushoptions.go        |  2 +-
 modules/git/ref.go                            |  4 +-
 modules/git/repo.go                           |  4 +-
 modules/git/repo_attribute.go                 |  4 +-
 modules/git/repo_index.go                     |  2 +-
 modules/git/repo_tag.go                       |  6 +--
 modules/git/tag.go                            | 10 ++--
 modules/git/tree.go                           |  2 +-
 modules/git/tree_entry.go                     |  2 +-
 modules/git/tree_test.go                      |  2 +-
 modules/hostmatcher/hostmatcher.go            | 11 ++--
 modules/httpcache/httpcache.go                |  2 +-
 modules/httplib/serve.go                      |  5 +-
 modules/indexer/code/git.go                   |  4 +-
 modules/issue/template/template.go            |  8 +--
 modules/label/parser.go                       |  4 +-
 modules/log/event_format.go                   |  6 +--
 modules/log/event_writer_conn_test.go         |  6 +--
 modules/log/flags.go                          |  2 +-
 modules/log/level_test.go                     |  6 +--
 modules/markup/file_preview.go                |  4 +-
 modules/markup/html.go                        | 21 +++-----
 modules/markup/markdown/markdown.go           |  5 +-
 modules/markup/markdown/markdown_test.go      |  4 +-
 .../markup/markdown/math/block_renderer.go    |  2 +-
 modules/markup/markdown/meta_test.go          |  8 +--
 modules/markup/markdown/toc.go                |  2 +-
 modules/markup/markdown/transform_heading.go  |  2 +-
 modules/markup/renderer.go                    | 12 ++---
 modules/packages/npm/creator.go               |  4 +-
 modules/packages/npm/metadata.go              |  2 +-
 modules/packages/nuget/symbol_extractor.go    |  4 +-
 modules/packages/rubygems/marshal.go          |  4 +-
 modules/packages/swift/metadata.go            |  2 +-
 modules/private/serv.go                       | 12 +++--
 modules/public/public.go                      |  2 +-
 modules/queue/base_levelqueue_common.go       |  2 +-
 modules/queue/base_redis.go                   |  2 +-
 modules/queue/base_test.go                    |  2 +-
 modules/queue/manager.go                      |  5 +-
 modules/queue/workergroup.go                  |  8 +--
 modules/queue/workerqueue_test.go             | 22 ++++----
 modules/repository/init.go                    |  2 +-
 modules/setting/config.go                     |  7 +--
 modules/setting/config_env.go                 | 25 +++++-----
 modules/setting/indexer.go                    |  2 +-
 modules/setting/log.go                        |  4 +-
 modules/setting/markup.go                     |  4 +-
 modules/setting/mirror.go                     |  6 +--
 modules/setting/storage.go                    |  8 +--
 modules/structs/action.go                     |  8 +--
 modules/structs/issue.go                      |  2 +-
 modules/structs/repo.go                       |  2 +-
 modules/structs/user.go                       |  4 +-
 modules/structs/user_gpgkey.go                |  4 +-
 modules/structs/user_key.go                   |  2 +-
 modules/templates/eval/eval_test.go           |  2 +-
 modules/templates/htmlrenderer.go             |  2 +-
 modules/templates/scopedtmpl/scopedtmpl.go    | 13 ++---
 modules/templates/util_render.go              |  9 ++--
 modules/test/logchecker.go                    |  4 +-
 modules/testlogger/testlogger.go              |  2 +-
 modules/updatechecker/update_checker.go       |  4 +-
 modules/util/remove.go                        |  6 +--
 .../util/rotatingfilewriter/writer_test.go    |  2 +-
 modules/util/timer_test.go                    | 24 ++++-----
 modules/util/truncate.go                      |  2 +-
 modules/util/util_test.go                     |  2 +-
 modules/validation/binding.go                 | 10 ++--
 modules/validation/helpers.go                 |  8 +--
 modules/validation/validatable.go             |  7 ++-
 modules/web/handler.go                        |  8 +--
 modules/web/middleware/binding.go             |  6 +--
 modules/web/middleware/data.go                |  5 +-
 modules/web/route.go                          |  4 +-
 routers/api/actions/oidc.go                   |  3 +-
 routers/api/packages/cargo/cargo.go           |  5 +-
 routers/api/packages/composer/composer.go     |  5 +-
 routers/api/v1/repo/issue_dependency.go       | 10 +---
 routers/api/v1/repo/wiki.go                   | 10 +---
 routers/install/install.go                    |  8 ++-
 routers/private/serv.go                       | 17 +++----
 routers/web/admin/auths.go                    |  2 +-
 routers/web/admin/config.go                   |  2 +-
 routers/web/admin/notice.go                   |  5 +-
 routers/web/admin/packages.go                 |  5 +-
 routers/web/auth/oauth.go                     | 10 ++--
 routers/web/org/members.go                    |  5 +-
 routers/web/org/projects.go                   |  5 +-
 routers/web/repo/branch.go                    |  5 +-
 routers/web/repo/commit.go                    | 10 +---
 routers/web/repo/editor.go                    |  2 +-
 routers/web/repo/githttp.go                   |  8 +--
 routers/web/repo/issue.go                     | 12 ++---
 routers/web/repo/issue_label_test.go          |  9 ++--
 routers/web/repo/milestone.go                 |  5 +-
 routers/web/repo/packages.go                  |  5 +-
 routers/web/repo/projects.go                  |  5 +-
 routers/web/repo/repo.go                      |  2 +-
 routers/web/repo/setting/lfs.go               | 10 +---
 routers/web/repo/wiki.go                      |  5 +-
 routers/web/shared/actions/runners.go         | 10 +---
 routers/web/user/home.go                      |  7 +--
 routers/web/user/notification.go              | 10 +---
 routers/web/user/package.go                   | 10 +---
 services/actions/rerun.go                     | 13 +++--
 services/auth/oauth2.go                       |  2 +-
 services/auth/source/oauth2/urlmapping.go     | 10 ++--
 .../auth/source/pam/source_authenticate.go    |  6 +--
 .../auth/source/smtp/source_authenticate.go   | 12 ++---
 services/context/api.go                       |  9 +---
 services/context/context_model.go             | 10 ++--
 services/context/permission.go                | 13 ++---
 services/context/repo.go                      |  8 +--
 services/context/upload/upload.go             |  2 +-
 services/convert/activitypub_user_action.go   |  7 +--
 services/cron/tasks.go                        |  2 +-
 services/doctor/push_mirror_consistency.go    |  2 +-
 services/forms/repo_form.go                   |  9 +---
 services/gitdiff/csv.go                       | 10 ++--
 services/gitdiff/gitdiff.go                   |  5 +-
 services/gitdiff/gitdiff_test.go              |  6 +--
 services/gitdiff/highlightdiff_test.go        |  2 +-
 services/issue/issue.go                       |  8 ++-
 services/issue/milestone.go                   |  5 +-
 services/lfs/locks.go                         | 10 +---
 services/lfs/server.go                        |  5 +-
 services/mailer/mailer_test.go                |  4 +-
 services/migrations/gitea_uploader_test.go    |  4 +-
 services/migrations/github.go                 |  4 +-
 services/packages/alt/repository.go           | 15 +++---
 services/packages/arch/repository.go          |  4 +-
 services/pull/merge.go                        |  5 +-
 services/repository/adopt_test.go             |  2 +-
 .../repository/commitstatus/commitstatus.go   |  2 +-
 services/repository/create.go                 |  4 +-
 services/repository/create_test.go            |  2 +-
 services/repository/files/file.go             |  2 +-
 services/repository/files/temp_repo.go        |  2 +-
 services/repository/files/tree.go             |  6 +--
 services/repository/files/update.go           | 17 ++-----
 services/repository/gitgraph/graph_models.go  |  4 +-
 services/repository/gitgraph/graph_test.go    | 29 +++--------
 services/repository/gitgraph/parser.go        | 10 ++--
 services/webhook/deliver_test.go              |  2 -
 services/webhook/dingtalk.go                  | 10 ++--
 services/webhook/discord.go                   |  8 +--
 services/webhook/feishu.go                    | 11 ++--
 services/webhook/matrix.go                    |  9 ++--
 services/webhook/msteams.go                   |  8 +--
 services/webhook/slack.go                     |  8 +--
 services/webhook/telegram.go                  | 10 ++--
 services/webhook/wechatwork.go                |  8 +--
 services/wiki/wiki_path.go                    |  4 +-
 services/wiki/wiki_test.go                    |  4 +-
 tests/integration/actions_trigger_test.go     |  2 +-
 ...pi_activitypub_person_inbox_follow_test.go |  8 +--
 ...ivitypub_person_inbox_useractivity_test.go |  4 +-
 .../api_activitypub_repository_test.go        | 12 ++---
 .../api_helper_for_declarative_test.go        |  2 +-
 tests/integration/api_issue_test.go           | 16 +++---
 tests/integration/api_packages_alt_test.go    | 38 +++++++-------
 tests/integration/api_packages_chef_test.go   |  8 +--
 .../api_packages_container_test.go            |  2 +-
 tests/integration/api_packages_maven_test.go  |  2 +-
 tests/integration/api_repo_topic_test.go      |  2 +-
 tests/integration/cmd_forgejo_actions_test.go |  2 +-
 .../git_helper_for_declarative_test.go        |  4 +-
 tests/integration/git_push_test.go            | 12 ++---
 tests/integration/git_test.go                 | 13 +++--
 tests/integration/integration_test.go         |  4 +-
 tests/integration/issue_comment_test.go       |  9 +---
 tests/integration/issue_test.go               | 21 +++-----
 tests/integration/org_test.go                 |  2 +-
 tests/integration/project_test.go             |  2 +-
 tests/integration/pull_merge_test.go          |  5 +-
 tests/integration/quota_use_test.go           |  5 +-
 tests/integration/release_test.go             |  2 +-
 tests/integration/repo_commits_test.go        |  2 +-
 tests/integration/repo_flags_test.go          |  6 +--
 tests/integration/repo_topic_test.go          |  2 +-
 tests/integration/repo_webhook_test.go        |  9 ++--
 tests/integration/signing_git_test.go         |  2 +-
 tests/integration/signup_test.go              |  6 +--
 tests/integration/ssh_key_test.go             |  2 +-
 tests/integration/user_test.go                |  2 +-
 tests/test_utils.go                           | 32 ++++++------
 249 files changed, 659 insertions(+), 1010 deletions(-)

diff --git a/.golangci.yml b/.golangci.yml
index de3f3a9255..fea9195be2 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -15,6 +15,7 @@ linters:
     - govet
     - importas
     - ineffassign
+    - modernize
     - nakedret
     - nolintlint
     - revive
diff --git a/cmd/cert.go b/cmd/cert.go
index baadcbda85..516ac4ce84 100644
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -150,8 +150,8 @@ func runCert(ctx context.Context, c *cli.Command) error {
 		BasicConstraintsValid: true,
 	}
 
-	hosts := strings.Split(c.String("host"), ",")
-	for _, h := range hosts {
+	hosts := strings.SplitSeq(c.String("host"), ",")
+	for h := range hosts {
 		if ip := net.ParseIP(h); ip != nil {
 			template.IPAddresses = append(template.IPAddresses, ip)
 		} else {
diff --git a/cmd/dump.go b/cmd/dump.go
index b94277e529..25459c7731 100644
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -12,6 +12,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"slices"
 	"strings"
 	"sync"
 	"time"
@@ -83,11 +84,9 @@ func (o outputType) Join() string {
 }
 
 func (o *outputType) Set(value string) error {
-	for _, enum := range o.Enum {
-		if enum == value {
-			o.selected = value
-			return nil
-		}
+	if slices.Contains(o.Enum, value) {
+		o.selected = value
+		return nil
 	}
 
 	return fmt.Errorf("allowed values are %s", o.Join())
@@ -250,8 +249,8 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 		setupConsoleLogger(log.FATAL, log.CanColorStderr, os.Stderr)
 	} else {
 		for _, suffix := range outputTypeEnum.Enum {
-			if strings.HasSuffix(fileName, "."+suffix) {
-				fileName = strings.TrimSuffix(fileName, "."+suffix)
+			if before, ok := strings.CutSuffix(fileName, "."+suffix); ok {
+				fileName = before
 				break
 			}
 		}
@@ -330,14 +329,12 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 	go dumpDatabase(ctx, archiveJobs, &wg, verbose)
 
 	if len(setting.CustomConf) > 0 {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
+		wg.Go(func() {
 			log.Info("Adding custom configuration file from %s", setting.CustomConf)
 			if err := addFile(archiveJobs, "app.ini", setting.CustomConf, verbose); err != nil {
 				fatal("Failed to include specified app.ini: %v", err)
 			}
-		}()
+		})
 	}
 
 	if ctx.IsSet("skip-custom-dir") && ctx.Bool("skip-custom-dir") {
@@ -361,15 +358,13 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 	if ctx.IsSet("skip-attachment-data") && ctx.Bool("skip-attachment-data") {
 		log.Info("Skipping attachment data")
 	} else {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
+		wg.Go(func() {
 			if err := storage.Attachments.IterateObjects("", func(objPath string, object storage.Object) error {
 				return addObject(archiveJobs, object, path.Join("data", "attachments", objPath), verbose)
 			}); err != nil {
 				fatal("Failed to dump attachments: %v", err)
 			}
-		}()
+		})
 	}
 
 	if ctx.IsSet("skip-package-data") && ctx.Bool("skip-package-data") {
@@ -377,15 +372,13 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 	} else if !setting.Packages.Enabled {
 		log.Info("Package registry not enabled - skipping")
 	} else {
-		wg.Add(1)
-		go func() {
-			defer wg.Done()
+		wg.Go(func() {
 			if err := storage.Packages.IterateObjects("", func(objPath string, object storage.Object) error {
 				return addObject(archiveJobs, object, path.Join("data", "packages", objPath), verbose)
 			}); err != nil {
 				fatal("Failed to dump packages: %v", err)
 			}
-		}()
+		})
 	}
 
 	// Doesn't check if LogRootPath exists before processing --skip-log intentionally,
@@ -399,13 +392,11 @@ func runDump(stdCtx context.Context, ctx *cli.Command) error {
 			log.Error("Failed to check if %s exists: %v", setting.Log.RootPath, err)
 		}
 		if isExist {
-			wg.Add(1)
-			go func() {
-				defer wg.Done()
+			wg.Go(func() {
 				if err := addRecursiveExclude(archiveJobs, "log", setting.Log.RootPath, []string{absFileName}, verbose); err != nil {
 					fatal("Failed to include log: %v", err)
 				}
-			}()
+			})
 		}
 	}
 
diff --git a/cmd/dump_repo.go b/cmd/dump_repo.go
index 8e0ef0311f..60fffe1226 100644
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@@ -143,8 +143,8 @@ func runDumpRepository(stdCtx context.Context, ctx *cli.Command) error {
 		opts.PullRequests = true
 		opts.ReleaseAssets = true
 	} else {
-		units := strings.Split(ctx.String("units"), ",")
-		for _, unit := range units {
+		units := strings.SplitSeq(ctx.String("units"), ",")
+		for unit := range units {
 			switch strings.ToLower(strings.TrimSpace(unit)) {
 			case "":
 				continue
diff --git a/models/actions/status.go b/models/actions/status.go
index 1f6aa5e890..7f06b6231b 100644
--- a/models/actions/status.go
+++ b/models/actions/status.go
@@ -4,6 +4,8 @@
 package actions
 
 import (
+	"slices"
+
 	"forgejo.org/modules/translation"
 
 	runnerv1 "code.forgejo.org/forgejo/actions-proto/runner/v1"
@@ -107,12 +109,7 @@ func (s Status) IsBlocked() bool {
 
 // In returns whether s is one of the given statuses
 func (s Status) In(statuses ...Status) bool {
-	for _, v := range statuses {
-		if s == v {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(statuses, s)
 }
 
 func (s Status) AsResult() runnerv1.Result {
diff --git a/models/activities/action.go b/models/activities/action.go
index 8fd7709e81..6b3fabfae0 100644
--- a/models/activities/action.go
+++ b/models/activities/action.go
@@ -132,12 +132,7 @@ func (at ActionType) String() string {
 }
 
 func (at ActionType) InActions(actions ...string) bool {
-	for _, action := range actions {
-		if action == at.String() {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(actions, at.String())
 }
 
 // Action represents user operation type and other information to
diff --git a/models/activities/notification_list.go b/models/activities/notification_list.go
index 02206b1d6b..bf6356021e 100644
--- a/models/activities/notification_list.go
+++ b/models/activities/notification_list.go
@@ -213,10 +213,7 @@ func (nl NotificationList) LoadRepos(ctx context.Context) (repo_model.Repository
 	repos := make(map[int64]*repo_model.Repository, len(repoIDs))
 	left := len(repoIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).
 			In("id", repoIDs[:limit]).
 			Rows(new(repo_model.Repository))
@@ -287,10 +284,7 @@ func (nl NotificationList) LoadIssues(ctx context.Context) ([]int, error) {
 	issues := make(map[int64]*issues_model.Issue, len(issueIDs))
 	left := len(issueIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).
 			In("id", issueIDs[:limit]).
 			Rows(new(issues_model.Issue))
@@ -382,10 +376,7 @@ func (nl NotificationList) LoadUsers(ctx context.Context) ([]int, error) {
 	users := make(map[int64]*user_model.User, len(userIDs))
 	left := len(userIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).
 			In("id", userIDs[:limit]).
 			Rows(new(user_model.User))
@@ -433,10 +424,7 @@ func (nl NotificationList) LoadComments(ctx context.Context) ([]int, error) {
 	comments := make(map[int64]*issues_model.Comment, len(commentIDs))
 	left := len(commentIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).
 			In("id", commentIDs[:limit]).
 			Rows(new(issues_model.Comment))
diff --git a/models/activities/repo_activity.go b/models/activities/repo_activity.go
index 3d15c22e19..0b9522be1b 100644
--- a/models/activities/repo_activity.go
+++ b/models/activities/repo_activity.go
@@ -138,10 +138,7 @@ func GetActivityStatsTopAuthors(ctx context.Context, repo *repo_model.Repository
 		return v[i].Commits > v[j].Commits
 	})
 
-	cnt := count
-	if cnt > len(v) {
-		cnt = len(v)
-	}
+	cnt := min(count, len(v))
 
 	return v[:cnt], nil
 }
diff --git a/models/auth/access_token_scope.go b/models/auth/access_token_scope.go
index d14838cf02..6dc143b122 100644
--- a/models/auth/access_token_scope.go
+++ b/models/auth/access_token_scope.go
@@ -5,6 +5,7 @@ package auth
 
 import (
 	"fmt"
+	"slices"
 	"strings"
 
 	"forgejo.org/models/perm"
@@ -204,12 +205,7 @@ func GetRequiredScopes(level AccessTokenScopeLevel, scopeCategories ...AccessTok
 
 // ContainsCategory checks if a list of categories contains a specific category
 func ContainsCategory(categories []AccessTokenScopeCategory, category AccessTokenScopeCategory) bool {
-	for _, c := range categories {
-		if c == category {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(categories, category)
 }
 
 // GetScopeLevelFromAccessMode converts permission access mode to scope level
diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go
index fa68197cf0..9acd9a46b0 100644
--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@@ -505,7 +505,7 @@ func (grant *OAuth2Grant) IncreaseCounter(ctx context.Context) error {
 
 // ScopeContains returns true if the grant scope contains the specified scope
 func (grant *OAuth2Grant) ScopeContains(scope string) bool {
-	for _, currentScope := range strings.Split(grant.Scope, " ") {
+	for currentScope := range strings.SplitSeq(grant.Scope, " ") {
 		if scope == currentScope {
 			return true
 		}
diff --git a/models/auth/source.go b/models/auth/source.go
index db566c7039..fd016e02da 100644
--- a/models/auth/source.go
+++ b/models/auth/source.go
@@ -91,7 +91,7 @@ var registeredConfigs = map[Type]func() Config{}
 
 // RegisterTypeConfig register a config for a provided type
 func RegisterTypeConfig(typ Type, exemplar Config) {
-	if reflect.TypeOf(exemplar).Kind() == reflect.Ptr {
+	if reflect.TypeOf(exemplar).Kind() == reflect.Pointer {
 		// Pointer:
 		registeredConfigs[typ] = func() Config {
 			return reflect.New(reflect.ValueOf(exemplar).Elem().Type()).Interface().(Config)
diff --git a/models/db/iterate.go b/models/db/iterate.go
index d2315cb12c..c56871d503 100644
--- a/models/db/iterate.go
+++ b/models/db/iterate.go
@@ -80,7 +80,7 @@ func Iterate[Bean any](ctx context.Context, cond builder.Cond, f func(ctx contex
 
 func extractFieldValue(bean any, fieldName string) any {
 	v := reflect.ValueOf(bean)
-	if v.Kind() == reflect.Ptr {
+	if v.Kind() == reflect.Pointer {
 		v = v.Elem()
 	}
 	field := v.FieldByName(fieldName)
diff --git a/models/db/name.go b/models/db/name.go
index d456f49d9c..efd1c2b5f3 100644
--- a/models/db/name.go
+++ b/models/db/name.go
@@ -6,6 +6,7 @@ package db
 import (
 	"fmt"
 	"regexp"
+	"slices"
 	"strings"
 	"unicode/utf8"
 
@@ -114,10 +115,8 @@ func IsUsableName(names, patterns []string, name string) error {
 		return ErrNameEmpty
 	}
 
-	for i := range names {
-		if name == names[i] {
-			return ErrNameReserved{name}
-		}
+	if slices.Contains(names, name) {
+		return ErrNameReserved{name}
 	}
 
 	for _, pat := range patterns {
diff --git a/models/dbfs/dbfile.go b/models/dbfs/dbfile.go
index 8cd64177dd..7e7c58cc6c 100644
--- a/models/dbfs/dbfile.go
+++ b/models/dbfs/dbfile.go
@@ -46,10 +46,7 @@ func (f *file) readAt(fileMeta *DbfsMeta, offset int64, p []byte) (n int, err er
 	blobPos := int(offset % f.blockSize)
 	blobOffset := offset - int64(blobPos)
 	blobRemaining := int(f.blockSize) - blobPos
-	needRead := len(p)
-	if needRead > blobRemaining {
-		needRead = blobRemaining
-	}
+	needRead := min(len(p), blobRemaining)
 	if blobOffset+int64(blobPos)+int64(needRead) > fileMeta.FileSize {
 		needRead = int(fileMeta.FileSize - blobOffset - int64(blobPos))
 	}
@@ -66,14 +63,8 @@ func (f *file) readAt(fileMeta *DbfsMeta, offset int64, p []byte) (n int, err er
 		blobData = nil
 	}
 
-	canCopy := len(blobData) - blobPos
-	if canCopy <= 0 {
-		canCopy = 0
-	}
-	realRead := needRead
-	if realRead > canCopy {
-		realRead = canCopy
-	}
+	canCopy := max(len(blobData)-blobPos, 0)
+	realRead := min(needRead, canCopy)
 	if realRead > 0 {
 		copy(p[:realRead], fileData.BlobData[blobPos:blobPos+realRead])
 	}
@@ -113,10 +104,7 @@ func (f *file) Write(p []byte) (n int, err error) {
 		blobPos := int(f.offset % f.blockSize)
 		blobOffset := f.offset - int64(blobPos)
 		blobRemaining := int(f.blockSize) - blobPos
-		needWrite := len(p)
-		if needWrite > blobRemaining {
-			needWrite = blobRemaining
-		}
+		needWrite := min(len(p), blobRemaining)
 		buf := make([]byte, f.blockSize)
 		readBytes, err := f.readAt(fileMeta, blobOffset, buf)
 		if err != nil && !errors.Is(err, io.EOF) {
diff --git a/models/git/protected_branch.go b/models/git/protected_branch.go
index c1eb750230..3eaada2fdd 100644
--- a/models/git/protected_branch.go
+++ b/models/git/protected_branch.go
@@ -213,7 +213,7 @@ func (protectBranch *ProtectedBranch) GetUnprotectedFilePatterns() []glob.Glob {
 
 func getFilePatterns(filePatterns string) []glob.Glob {
 	extarr := make([]glob.Glob, 0, 10)
-	for _, expr := range strings.Split(strings.ToLower(filePatterns), ";") {
+	for expr := range strings.SplitSeq(strings.ToLower(filePatterns), ";") {
 		expr = strings.TrimSpace(expr)
 		if expr != "" {
 			if g, err := glob.Compile(expr, '.', '/'); err != nil {
diff --git a/models/gitea_migrations/test/tests.go b/models/gitea_migrations/test/tests.go
index fc54b65626..086127a2e8 100644
--- a/models/gitea_migrations/test/tests.go
+++ b/models/gitea_migrations/test/tests.go
@@ -265,7 +265,7 @@ func deleteDB() error {
 
 func removeAllWithRetry(dir string) error {
 	var err error
-	for i := 0; i < 20; i++ {
+	for range 20 {
 		err = os.RemoveAll(dir)
 		if err == nil {
 			break
diff --git a/models/gitea_migrations/v1_11/v111.go b/models/gitea_migrations/v1_11/v111.go
index fcd2ee7be3..59ca416af0 100644
--- a/models/gitea_migrations/v1_11/v111.go
+++ b/models/gitea_migrations/v1_11/v111.go
@@ -5,6 +5,7 @@ package v1_11
 
 import (
 	"fmt"
+	"slices"
 
 	"xorm.io/xorm"
 )
@@ -345,10 +346,8 @@ func AddBranchProtectionCanPushAndEnableWhitelist(x *xorm.Engine) error {
 			}
 			return AccessModeWrite <= perm.UnitsMode[UnitTypeCode], nil
 		}
-		for _, id := range protectedBranch.ApprovalsWhitelistUserIDs {
-			if id == reviewer.ID {
-				return true, nil
-			}
+		if slices.Contains(protectedBranch.ApprovalsWhitelistUserIDs, reviewer.ID) {
+			return true, nil
 		}
 
 		// isUserInTeams
diff --git a/models/gitea_migrations/v1_11/v115.go b/models/gitea_migrations/v1_11/v115.go
index 65094df93d..84364e310b 100644
--- a/models/gitea_migrations/v1_11/v115.go
+++ b/models/gitea_migrations/v1_11/v115.go
@@ -146,7 +146,7 @@ func copyOldAvatarToNewLocation(userID int64, oldAvatar string) (string, error)
 		return "", fmt.Errorf("io.ReadAll: %w", err)
 	}
 
-	newAvatar := fmt.Sprintf("%x", md5.Sum([]byte(fmt.Sprintf("%d-%x", userID, md5.Sum(data)))))
+	newAvatar := fmt.Sprintf("%x", md5.Sum(fmt.Appendf(nil, "%d-%x", userID, md5.Sum(data))))
 	if newAvatar == oldAvatar {
 		return newAvatar, nil
 	}
diff --git a/models/gitea_migrations/v1_20/v259.go b/models/gitea_migrations/v1_20/v259.go
index 9b2b68263e..1ae8b2e30f 100644
--- a/models/gitea_migrations/v1_20/v259.go
+++ b/models/gitea_migrations/v1_20/v259.go
@@ -329,7 +329,7 @@ func ConvertScopedAccessTokens(x *xorm.Engine) error {
 	for _, token := range tokens {
 		var scopes []string
 		allNewScopesMap := make(map[AccessTokenScope]bool)
-		for _, oldScope := range strings.Split(token.Scope, ",") {
+		for oldScope := range strings.SplitSeq(token.Scope, ",") {
 			if newScopes, exists := accessTokenScopeMap[OldAccessTokenScope(oldScope)]; exists {
 				for _, newScope := range newScopes {
 					allNewScopesMap[newScope] = true
diff --git a/models/issues/comment.go b/models/issues/comment.go
index 325fcbe30b..fd0f595945 100644
--- a/models/issues/comment.go
+++ b/models/issues/comment.go
@@ -9,6 +9,7 @@ import (
 	"context"
 	"fmt"
 	"html/template"
+	"slices"
 	"strconv"
 	"unicode/utf8"
 
@@ -198,12 +199,7 @@ func (t CommentType) HasMailReplySupport() bool {
 }
 
 func (t CommentType) CountedAsConversation() bool {
-	for _, ct := range ConversationCountedCommentType() {
-		if t == ct {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(ConversationCountedCommentType(), t)
 }
 
 // ConversationCountedCommentType returns the comment types that are counted as a conversation
@@ -619,7 +615,7 @@ func (c *Comment) UpdateAttachments(ctx context.Context, uuids []string) error {
 	if err != nil {
 		return fmt.Errorf("FindRepoAttachmentsByUUID[uuids=%q,repoID=%d]: %w", uuids, c.Issue.RepoID, err)
 	}
-	for i := 0; i < len(attachments); i++ {
+	for i := range attachments {
 		attachments[i].IssueID = c.IssueID
 		attachments[i].CommentID = c.ID
 		if err := repo_model.UpdateAttachment(ctx, attachments[i]); err != nil {
diff --git a/models/issues/comment_list.go b/models/issues/comment_list.go
index 3996dcb29a..53903bea31 100644
--- a/models/issues/comment_list.go
+++ b/models/issues/comment_list.go
@@ -54,10 +54,7 @@ func (comments CommentList) loadLabels(ctx context.Context) error {
 	commentLabels := make(map[int64]*Label, len(labelIDs))
 	left := len(labelIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).
 			In("id", labelIDs[:limit]).
 			Rows(new(Label))
@@ -104,10 +101,7 @@ func (comments CommentList) loadMilestones(ctx context.Context) error {
 	milestones := make(map[int64]*Milestone, len(milestoneIDs))
 	left := len(milestoneIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		err := db.GetEngine(ctx).
 			In("id", milestoneIDs[:limit]).
 			Find(&milestones)
@@ -143,10 +137,7 @@ func (comments CommentList) loadOldMilestones(ctx context.Context) error {
 	milestones := make(map[int64]*Milestone, len(milestoneIDs))
 	left := len(milestoneIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		err := db.GetEngine(ctx).
 			In("id", milestoneIDs[:limit]).
 			Find(&milestones)
@@ -178,10 +169,7 @@ func (comments CommentList) loadAssignees(ctx context.Context) error {
 	assignees := make(map[int64]*user_model.User, len(assigneeIDs))
 	left := len(assigneeIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).
 			In("id", assigneeIDs[:limit]).
 			Rows(new(user_model.User))
@@ -246,10 +234,7 @@ func (comments CommentList) LoadIssues(ctx context.Context) error {
 	issues := make(map[int64]*Issue, len(issueIDs))
 	left := len(issueIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).
 			In("id", issueIDs[:limit]).
 			Rows(new(Issue))
@@ -300,10 +285,7 @@ func (comments CommentList) loadDependentIssues(ctx context.Context) error {
 	issues := make(map[int64]*Issue, len(issueIDs))
 	left := len(issueIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := e.
 			In("id", issueIDs[:limit]).
 			Rows(new(Issue))
@@ -379,10 +361,7 @@ func (comments CommentList) LoadAttachments(ctx context.Context) (err error) {
 	commentsIDs := comments.getAttachmentCommentIDs()
 	left := len(commentsIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).
 			In("comment_id", commentsIDs[:limit]).
 			Rows(new(repo_model.Attachment))
diff --git a/models/issues/issue_list.go b/models/issues/issue_list.go
index 5a02baa428..34cfe35475 100644
--- a/models/issues/issue_list.go
+++ b/models/issues/issue_list.go
@@ -43,10 +43,7 @@ func (issues IssueList) LoadRepositories(ctx context.Context) (repo_model.Reposi
 	repoMaps := make(map[int64]*repo_model.Repository, len(repoIDs))
 	left := len(repoIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		err := db.GetEngine(ctx).
 			In("id", repoIDs[:limit]).
 			Find(&repoMaps)
@@ -99,10 +96,7 @@ func getPostersByIDs(ctx context.Context, posterIDs []int64) (map[int64]*user_mo
 	posterMaps := make(map[int64]*user_model.User, len(posterIDs))
 	left := len(posterIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		err := db.GetEngine(ctx).
 			In("id", posterIDs[:limit]).
 			Find(&posterMaps)
@@ -137,10 +131,7 @@ func (issues IssueList) LoadLabels(ctx context.Context) error {
 	issueIDs := issues.getIssueIDs()
 	left := len(issueIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).Table("label").
 			Join("LEFT", "issue_label", "issue_label.label_id = label.id").
 			In("issue_label.issue_id", issueIDs[:limit]).
@@ -192,10 +183,7 @@ func (issues IssueList) LoadMilestones(ctx context.Context) error {
 	milestoneMaps := make(map[int64]*Milestone, len(milestoneIDs))
 	left := len(milestoneIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		err := db.GetEngine(ctx).
 			In("id", milestoneIDs[:limit]).
 			Find(&milestoneMaps)
@@ -224,10 +212,7 @@ func (issues IssueList) LoadProjects(ctx context.Context) error {
 	}
 
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 
 		projects := make([]*projectWithIssueID, 0, limit)
 		err := db.GetEngine(ctx).
@@ -266,10 +251,7 @@ func (issues IssueList) LoadAssignees(ctx context.Context) error {
 	issueIDs := issues.getIssueIDs()
 	left := len(issueIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).Table("issue_assignees").
 			Join("INNER", "`user`", "`user`.id = `issue_assignees`.assignee_id").
 			In("`issue_assignees`.issue_id", issueIDs[:limit]).OrderBy(user_model.GetOrderByName()).
@@ -327,10 +309,7 @@ func (issues IssueList) LoadPullRequests(ctx context.Context) error {
 	pullRequestMaps := make(map[int64]*PullRequest, len(issuesIDs))
 	left := len(issuesIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).
 			In("issue_id", issuesIDs[:limit]).
 			Rows(new(PullRequest))
@@ -375,10 +354,7 @@ func (issues IssueList) LoadAttachments(ctx context.Context) (err error) {
 	issuesIDs := issues.getIssueIDs()
 	left := len(issuesIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).
 			In("issue_id", issuesIDs[:limit]).
 			Rows(new(repo_model.Attachment))
@@ -420,10 +396,7 @@ func (issues IssueList) loadComments(ctx context.Context, cond builder.Cond) (er
 	issuesIDs := issues.getIssueIDs()
 	left := len(issuesIDs)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 		rows, err := db.GetEngine(ctx).Table("comment").
 			Join("INNER", "issue", "issue.id = comment.issue_id").
 			In("issue.id", issuesIDs[:limit]).
@@ -486,10 +459,7 @@ func (issues IssueList) loadTotalTrackedTimes(ctx context.Context) (err error) {
 
 	left := len(ids)
 	for left > 0 {
-		limit := db.DefaultMaxInSize
-		if left < limit {
-			limit = left
-		}
+		limit := min(left, db.DefaultMaxInSize)
 
 		// select issue_id, sum(time) from tracked_time where issue_id in (<issue ids in current page>) group by issue_id
 		rows, err := db.GetEngine(ctx).Table("tracked_time").
diff --git a/models/issues/issue_stats.go b/models/issues/issue_stats.go
index 2fd2641d92..03660803a4 100644
--- a/models/issues/issue_stats.go
+++ b/models/issues/issue_stats.go
@@ -94,10 +94,7 @@ func GetIssueStats(ctx context.Context, opts *IssuesOptions) (*IssueStats, error
 	// ids in a temporary table and join from them.
 	accum := &IssueStats{}
 	for i := 0; i < len(opts.IssueIDs); {
-		chunk := i + MaxQueryParameters
-		if chunk > len(opts.IssueIDs) {
-			chunk = len(opts.IssueIDs)
-		}
+		chunk := min(i+MaxQueryParameters, len(opts.IssueIDs))
 		stats, err := getIssueStatsChunk(ctx, opts, opts.IssueIDs[i:chunk])
 		if err != nil {
 			return nil, err
diff --git a/models/issues/issue_test.go b/models/issues/issue_test.go
index e9617548e9..0c5da6a2aa 100644
--- a/models/issues/issue_test.go
+++ b/models/issues/issue_test.go
@@ -5,6 +5,7 @@ package issues_test
 
 import (
 	"fmt"
+	"slices"
 	"sort"
 	"sync"
 	"testing"
@@ -311,7 +312,7 @@ func TestIssue_ResolveMentions(t *testing.T) {
 		for i, user := range resolved {
 			ids[i] = user.ID
 		}
-		sort.Slice(ids, func(i, j int) bool { return ids[i] < ids[j] })
+		slices.Sort(ids)
 		assert.Equal(t, expected, ids)
 	}
 
@@ -338,7 +339,7 @@ func TestResourceIndex(t *testing.T) {
 	require.NoError(t, err)
 
 	var wg sync.WaitGroup
-	for i := 0; i < 100; i++ {
+	for i := range 100 {
 		wg.Add(1)
 		t.Run(fmt.Sprintf("issue %d", i+1), func(t *testing.T) {
 			t.Parallel()
@@ -369,7 +370,7 @@ func TestCorrectIssueStats(t *testing.T) {
 	issueAmount := issues_model.MaxQueryParameters + 10
 
 	var wg sync.WaitGroup
-	for i := 0; i < issueAmount; i++ {
+	for i := range issueAmount {
 		wg.Add(1)
 		go func(i int) {
 			testInsertIssue(t, fmt.Sprintf("Issue %d", i+1), "Bugs are nasty", 0)
diff --git a/models/issues/issue_update.go b/models/issues/issue_update.go
index 22e6fcb8d4..35f69e3a0b 100644
--- a/models/issues/issue_update.go
+++ b/models/issues/issue_update.go
@@ -244,7 +244,7 @@ func UpdateIssueAttachments(ctx context.Context, issue *Issue, uuids []string) (
 	if err != nil {
 		return fmt.Errorf("FindRepoAttachmentsByUUID[uuids=%q,repoID=%d]: %w", uuids, issue.RepoID, err)
 	}
-	for i := 0; i < len(attachments); i++ {
+	for i := range attachments {
 		attachments[i].IssueID = issue.ID
 		if err := repo_model.UpdateAttachment(ctx, attachments[i]); err != nil {
 			return fmt.Errorf("update attachment [id: %d]: %w", attachments[i].ID, err)
diff --git a/models/issues/review_list.go b/models/issues/review_list.go
index 04c08bc5c4..878ceac9ce 100644
--- a/models/issues/review_list.go
+++ b/models/issues/review_list.go
@@ -20,7 +20,7 @@ type ReviewList []*Review
 // LoadReviewers loads reviewers
 func (reviews ReviewList) LoadReviewers(ctx context.Context) error {
 	reviewerIDs := make([]int64, len(reviews))
-	for i := 0; i < len(reviews); i++ {
+	for i := range reviews {
 		reviewerIDs[i] = reviews[i].ReviewerID
 	}
 	reviewers, err := user_model.GetPossibleUserByIDs(ctx, reviewerIDs)
diff --git a/models/issues/tracked_time.go b/models/issues/tracked_time.go
index 2f050759d2..54173681bd 100644
--- a/models/issues/tracked_time.go
+++ b/models/issues/tracked_time.go
@@ -350,10 +350,7 @@ func GetIssueTotalTrackedTime(ctx context.Context, opts *IssuesOptions, isClosed
 	// we get the statistics in smaller chunks and get accumulates
 	var accum int64
 	for i := 0; i < len(opts.IssueIDs); {
-		chunk := i + MaxQueryParameters
-		if chunk > len(opts.IssueIDs) {
-			chunk = len(opts.IssueIDs)
-		}
+		chunk := min(i+MaxQueryParameters, len(opts.IssueIDs))
 		time, err := getIssueTotalTrackedTimeChunk(ctx, opts, isClosed, opts.IssueIDs[i:chunk])
 		if err != nil {
 			return 0, err
diff --git a/models/perm/access/repo_permission.go b/models/perm/access/repo_permission.go
index 22639d1e42..fd1b93c867 100644
--- a/models/perm/access/repo_permission.go
+++ b/models/perm/access/repo_permission.go
@@ -6,6 +6,7 @@ package access
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
@@ -115,7 +116,8 @@ func (p *Permission) CanWriteIssuesOrPulls(isPull bool) bool {
 }
 
 func (p *Permission) LogString() string {
-	format := "<Permission AccessMode=%s, %d Units, %d UnitsMode(s): [ "
+	var format strings.Builder
+	format.WriteString("<Permission AccessMode=%s, %d Units, %d UnitsMode(s): [ ")
 	args := []any{p.AccessMode.String(), len(p.Units), len(p.UnitsMode)}
 
 	for i, unit := range p.Units {
@@ -127,15 +129,15 @@ func (p *Permission) LogString() string {
 				config = err.Error()
 			}
 		}
-		format += "\nUnits[%d]: ID: %d RepoID: %d Type: %s Config: %s"
+		format.WriteString("\nUnits[%d]: ID: %d RepoID: %d Type: %s Config: %s")
 		args = append(args, i, unit.ID, unit.RepoID, unit.Type.LogString(), config)
 	}
 	for key, value := range p.UnitsMode {
-		format += "\nUnitMode[%-v]: %-v"
+		format.WriteString("\nUnitMode[%-v]: %-v")
 		args = append(args, key.LogString(), value.LogString())
 	}
-	format += " ]>"
-	return fmt.Sprintf(format, args...)
+	format.WriteString(" ]>")
+	return fmt.Sprintf(format.String(), args...)
 }
 
 func GetActionRepoPermission(ctx context.Context, repo *repo_model.Repository, task *actions_model.ActionTask) (Permission, error) {
diff --git a/models/project/column_test.go b/models/project/column_test.go
index aef7a6f9d4..2f4cc79367 100644
--- a/models/project/column_test.go
+++ b/models/project/column_test.go
@@ -164,7 +164,7 @@ func Test_NewColumn(t *testing.T) {
 	require.NoError(t, err)
 	assert.Len(t, columns, 3)
 
-	for i := 0; i < maxProjectColumns-3; i++ {
+	for i := range maxProjectColumns - 3 {
 		err := NewColumn(db.DefaultContext, &Column{
 			Title:     fmt.Sprintf("column-%d", i+4),
 			ProjectID: project1.ID,
diff --git a/models/pull/review_state.go b/models/pull/review_state.go
index 2702d5d5a1..3fc3ab65c2 100644
--- a/models/pull/review_state.go
+++ b/models/pull/review_state.go
@@ -6,6 +6,7 @@ package pull
 import (
 	"context"
 	"fmt"
+	"maps"
 
 	"forgejo.org/models/db"
 	"forgejo.org/modules/log"
@@ -100,9 +101,7 @@ func mergeFiles(oldFiles, newFiles map[string]ViewedState) map[string]ViewedStat
 		return oldFiles
 	}
 
-	for file, viewed := range newFiles {
-		oldFiles[file] = viewed
-	}
+	maps.Copy(oldFiles, newFiles)
 	return oldFiles
 }
 
diff --git a/models/repo/repo.go b/models/repo/repo.go
index cdb30aa1a9..0c45f483e4 100644
--- a/models/repo/repo.go
+++ b/models/repo/repo.go
@@ -9,6 +9,7 @@ import (
 	"errors"
 	"fmt"
 	"html/template"
+	"maps"
 	"net"
 	"net/url"
 	"path/filepath"
@@ -543,9 +544,7 @@ func (repo *Repository) ComposeMetas(ctx context.Context) map[string]string {
 func (repo *Repository) ComposeDocumentMetas(ctx context.Context) map[string]string {
 	if len(repo.DocumentRenderingMetas) == 0 {
 		metas := map[string]string{}
-		for k, v := range repo.ComposeMetas(ctx) {
-			metas[k] = v
-		}
+		maps.Copy(metas, repo.ComposeMetas(ctx))
 		metas["mode"] = "document"
 		repo.DocumentRenderingMetas = metas
 	}
@@ -786,8 +785,8 @@ func GetRepositoryByName(ctx context.Context, ownerID int64, name string) (*Repo
 
 // getRepositoryURLPathSegments returns segments (owner, reponame) extracted from a url
 func getRepositoryURLPathSegments(repoURL string) []string {
-	if strings.HasPrefix(repoURL, setting.AppURL) {
-		return strings.Split(strings.TrimPrefix(repoURL, setting.AppURL), "/")
+	if after, ok := strings.CutPrefix(repoURL, setting.AppURL); ok {
+		return strings.Split(after, "/")
 	}
 
 	sshURLVariants := [4]string{
@@ -798,8 +797,8 @@ func getRepositoryURLPathSegments(repoURL string) []string {
 	}
 
 	for _, sshURL := range sshURLVariants {
-		if strings.HasPrefix(repoURL, sshURL) {
-			return strings.Split(strings.TrimPrefix(repoURL, sshURL), "/")
+		if after, ok := strings.CutPrefix(repoURL, sshURL); ok {
+			return strings.Split(after, "/")
 		}
 	}
 
diff --git a/models/repo/repo_list.go b/models/repo/repo_list.go
index 732d7b627c..daa60c81e9 100644
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@@ -401,7 +401,7 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 	if opts.Keyword != "" {
 		// separate keyword
 		subQueryCond := builder.NewCond()
-		for _, v := range strings.Split(opts.Keyword, ",") {
+		for v := range strings.SplitSeq(opts.Keyword, ",") {
 			if opts.TopicOnly {
 				subQueryCond = subQueryCond.Or(builder.Eq{"topic.name": strings.ToLower(v)})
 			} else {
@@ -416,7 +416,7 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 		keywordCond := builder.In("id", subQuery)
 		if !opts.TopicOnly {
 			likes := builder.NewCond()
-			for _, v := range strings.Split(opts.Keyword, ",") {
+			for v := range strings.SplitSeq(opts.Keyword, ",") {
 				likes = likes.Or(builder.Like{"lower_name", strings.ToLower(v)})
 
 				// If the string looks like "org/repo", match against that pattern too
diff --git a/models/repo/repo_unit.go b/models/repo/repo_unit.go
index aa6f2fa0ae..3db6dc95e8 100644
--- a/models/repo/repo_unit.go
+++ b/models/repo/repo_unit.go
@@ -237,10 +237,8 @@ func (cfg *ActionsConfig) IsWorkflowDisabled(file string) bool {
 }
 
 func (cfg *ActionsConfig) DisableWorkflow(file string) {
-	for _, workflow := range cfg.DisabledWorkflows {
-		if file == workflow {
-			return
-		}
+	if slices.Contains(cfg.DisabledWorkflows, file) {
+		return
 	}
 
 	cfg.DisabledWorkflows = append(cfg.DisabledWorkflows, file)
diff --git a/models/repo/upload.go b/models/repo/upload.go
index a213cb1986..67b5409650 100644
--- a/models/repo/upload.go
+++ b/models/repo/upload.go
@@ -117,7 +117,7 @@ func DeleteUploads(ctx context.Context, uploads ...*Upload) (err error) {
 	defer committer.Close()
 
 	ids := make([]int64, len(uploads))
-	for i := 0; i < len(uploads); i++ {
+	for i := range uploads {
 		ids[i] = uploads[i].ID
 	}
 	if err = db.DeleteByIDs[Upload](ctx, ids...); err != nil {
diff --git a/models/unit/unit.go b/models/unit/unit.go
index 434e5f0acc..2a31c804aa 100644
--- a/models/unit/unit.go
+++ b/models/unit/unit.go
@@ -248,22 +248,12 @@ func LoadUnitConfig() error {
 
 // UnitGlobalDisabled checks if unit type is global disabled
 func (u Type) UnitGlobalDisabled() bool {
-	for _, ud := range DisabledRepoUnitsGet() {
-		if u == ud {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(DisabledRepoUnitsGet(), u)
 }
 
 // CanBeDefault checks if the unit type can be a default repo unit
 func (u *Type) CanBeDefault() bool {
-	for _, nadU := range NotAllowedDefaultRepoUnits {
-		if *u == nadU {
-			return false
-		}
-	}
-	return true
+	return !slices.Contains(NotAllowedDefaultRepoUnits, *u)
 }
 
 // Unit is a section of one repository
diff --git a/models/unittest/fixture_loader.go b/models/unittest/fixture_loader.go
index 5aea06550c..3cf2efdced 100644
--- a/models/unittest/fixture_loader.go
+++ b/models/unittest/fixture_loader.go
@@ -151,8 +151,8 @@ func (l *loader) buildFixtureFile(fixturePath string) (*fixtureFile, error) {
 			switch v := value.(type) {
 			case string:
 				// Try to decode hex.
-				if strings.HasPrefix(v, "0x") {
-					value, err = hex.DecodeString(strings.TrimPrefix(v, "0x"))
+				if after, ok := strings.CutPrefix(v, "0x"); ok {
+					value, err = hex.DecodeString(after)
 					if err != nil {
 						return nil, err
 					}
diff --git a/models/unittest/mock_http.go b/models/unittest/mock_http.go
index b8413104b3..5e420533d8 100644
--- a/models/unittest/mock_http.go
+++ b/models/unittest/mock_http.go
@@ -102,13 +102,13 @@ func NewMockWebServer(t *testing.T, liveServerBaseURL, testDataDir string, liveM
 		// parse back the fixture file into a series of HTTP headers followed by response body
 		lines := strings.Split(stringFixture, "\n")
 		for idx, line := range lines {
-			colonIndex := strings.Index(line, ": ")
-			if colonIndex != -1 {
+			before, after, ok := strings.Cut(line, ": ")
+			if ok {
 				// Because we modified the body with ReplaceAll() above, we need to
 				// remove Content-Length. w.Write() should add it back.
-				header := line[0:colonIndex]
+				header := before
 				if !strings.EqualFold(header, "Content-Length") {
-					w.Header().Set(line[0:colonIndex], line[colonIndex+2:])
+					w.Header().Set(before, after)
 				}
 			} else {
 				// we reached the end of the headers (empty line), so what follows is the body
diff --git a/models/unittest/reflection.go b/models/unittest/reflection.go
index 141fc66b99..939891283d 100644
--- a/models/unittest/reflection.go
+++ b/models/unittest/reflection.go
@@ -9,7 +9,7 @@ import (
 )
 
 func fieldByName(v reflect.Value, field string) reflect.Value {
-	if v.Kind() == reflect.Ptr {
+	if v.Kind() == reflect.Pointer {
 		v = v.Elem()
 	}
 	f := v.FieldByName(field)
diff --git a/models/user/avatar.go b/models/user/avatar.go
index cc1b1b7b9d..726d67f5e0 100644
--- a/models/user/avatar.go
+++ b/models/user/avatar.go
@@ -108,7 +108,7 @@ func (u *User) IsUploadAvatarChanged(data []byte) bool {
 	if !u.UseCustomAvatar || len(u.Avatar) == 0 {
 		return true
 	}
-	avatarID := fmt.Sprintf("%x", md5.Sum([]byte(fmt.Sprintf("%d-%x", u.ID, md5.Sum(data)))))
+	avatarID := fmt.Sprintf("%x", md5.Sum(fmt.Appendf(nil, "%d-%x", u.ID, md5.Sum(data))))
 	return u.Avatar != avatarID
 }
 
diff --git a/models/user/email_address_test.go b/models/user/email_address_test.go
index 85f5b16c65..35b33933c2 100644
--- a/models/user/email_address_test.go
+++ b/models/user/email_address_test.go
@@ -5,6 +5,7 @@ package user_test
 
 import (
 	"fmt"
+	"slices"
 	"testing"
 
 	"forgejo.org/models/db"
@@ -77,12 +78,7 @@ func TestListEmails(t *testing.T) {
 	assert.Greater(t, count, int64(5))
 
 	contains := func(match func(s *user_model.SearchEmailResult) bool) bool {
-		for _, v := range emails {
-			if match(v) {
-				return true
-			}
-		}
-		return false
+		return slices.ContainsFunc(emails, match)
 	}
 
 	assert.True(t, contains(func(s *user_model.SearchEmailResult) bool { return s.UID == 18 }))
diff --git a/models/user/moderation.go b/models/user/moderation.go
index 7bc857489a..765414acc0 100644
--- a/models/user/moderation.go
+++ b/models/user/moderation.go
@@ -87,7 +87,7 @@ func newUserData(user *User) UserData {
 // (e.g. FieldName -> field_name) corresponding to UserData struct fields.
 var userDataColumnNames = sync.OnceValue(func() []string {
 	mapper := new(names.GonicMapper)
-	udType := reflect.TypeOf(UserData{})
+	udType := reflect.TypeFor[UserData]()
 	columnNames := make([]string, 0, udType.NumField())
 	for i := 0; i < udType.NumField(); i++ {
 		columnNames = append(columnNames, mapper.Obj2Table(udType.Field(i).Name))
diff --git a/models/user/user.go b/models/user/user.go
index 7e2101d7cc..2c20cd977d 100644
--- a/models/user/user.go
+++ b/models/user/user.go
@@ -1243,8 +1243,8 @@ func GetUserByEmail(ctx context.Context, email string) (*User, error) {
 	}
 
 	// Finally, if email address is the protected email address:
-	if strings.HasSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress)) {
-		username := strings.TrimSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress))
+	if before, ok := strings.CutSuffix(email, fmt.Sprintf("@%s", setting.Service.NoReplyAddress)); ok {
+		username := before
 		user := &User{}
 		has, err := db.GetEngine(ctx).Where("lower_name=?", username).Get(user)
 		if err != nil {
diff --git a/models/user/user_test.go b/models/user/user_test.go
index d1af3a750f..6da645d672 100644
--- a/models/user/user_test.go
+++ b/models/user/user_test.go
@@ -273,9 +273,9 @@ func TestHashPasswordDeterministic(t *testing.T) {
 	b := make([]byte, 16)
 	u := &user_model.User{}
 	algos := hash.RecommendedHashAlgorithms
-	for j := 0; j < len(algos); j++ {
+	for j := range algos {
 		u.PasswdHashAlgo = algos[j]
-		for i := 0; i < 50; i++ {
+		for range 50 {
 			// generate a random password
 			rand.Read(b)
 			pass := string(b)
diff --git a/models/webhook/webhook.go b/models/webhook/webhook.go
index b23f3fd348..196a5313bc 100644
--- a/models/webhook/webhook.go
+++ b/models/webhook/webhook.go
@@ -429,7 +429,7 @@ func CreateWebhooks(ctx context.Context, ws []*Webhook) error {
 	if len(ws) == 0 {
 		return nil
 	}
-	for i := 0; i < len(ws); i++ {
+	for i := range ws {
 		ws[i].Type = strings.TrimSpace(ws[i].Type)
 	}
 	return db.Insert(ctx, ws)
diff --git a/modules/actions/workflows.go b/modules/actions/workflows.go
index 99c9446805..ed54ccc98b 100644
--- a/modules/actions/workflows.go
+++ b/modules/actions/workflows.go
@@ -7,6 +7,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"slices"
 	"strings"
 
 	actions_model "forgejo.org/models/actions"
@@ -609,11 +610,8 @@ func matchPullRequestReviewEvent(prPayload *api.PullRequestPayload, evt *jobpars
 
 			matched := false
 			for _, val := range vals {
-				for _, action := range actions {
-					if glob.MustCompile(val, '/').Match(action) {
-						matched = true
-						break
-					}
+				if slices.ContainsFunc(actions, glob.MustCompile(val, '/').Match) {
+					matched = true
 				}
 				if matched {
 					break
@@ -658,11 +656,8 @@ func matchPullRequestReviewCommentEvent(prPayload *api.PullRequestPayload, evt *
 
 			matched := false
 			for _, val := range vals {
-				for _, action := range actions {
-					if glob.MustCompile(val, '/').Match(action) {
-						matched = true
-						break
-					}
+				if slices.ContainsFunc(actions, glob.MustCompile(val, '/').Match) {
+					matched = true
 				}
 				if matched {
 					break
diff --git a/modules/auth/password/password.go b/modules/auth/password/password.go
index fdbc4ff291..744a431ea8 100644
--- a/modules/auth/password/password.go
+++ b/modules/auth/password/password.go
@@ -101,7 +101,7 @@ func Generate(n int) (string, error) {
 	buffer := make([]byte, n)
 	max := big.NewInt(int64(len(validChars)))
 	for {
-		for j := 0; j < n; j++ {
+		for j := range n {
 			rnd, err := rand.Int(rand.Reader, max)
 			if err != nil {
 				return "", err
diff --git a/modules/auth/password/password_test.go b/modules/auth/password/password_test.go
index 1fe3fb5ce1..8f5d64514c 100644
--- a/modules/auth/password/password_test.go
+++ b/modules/auth/password/password_test.go
@@ -51,7 +51,7 @@ func TestComplexity_Generate(t *testing.T) {
 
 	test := func(t *testing.T, modes []string) {
 		testComplextity(modes)
-		for i := 0; i < maxCount; i++ {
+		for range maxCount {
 			pwd, err := Generate(pwdLen)
 			require.NoError(t, err)
 			assert.Len(t, pwd, pwdLen)
diff --git a/modules/auth/password/pwn/pwn.go b/modules/auth/password/pwn/pwn.go
index 10693ec663..f3277ff616 100644
--- a/modules/auth/password/pwn/pwn.go
+++ b/modules/auth/password/pwn/pwn.go
@@ -101,7 +101,7 @@ func (c *Client) CheckPassword(pw string, padding bool) (int, error) {
 	}
 	defer resp.Body.Close()
 
-	for _, pair := range strings.Split(string(body), "\n") {
+	for pair := range strings.SplitSeq(string(body), "\n") {
 		parts := strings.Split(pair, ":")
 		if len(parts) != 2 {
 			continue
diff --git a/modules/avatar/identicon/block.go b/modules/avatar/identicon/block.go
index cb1803a231..fc8ce90212 100644
--- a/modules/avatar/identicon/block.go
+++ b/modules/avatar/identicon/block.go
@@ -24,8 +24,8 @@ func drawBlock(img *image.Paletted, x, y, size, angle int, points []int) {
 		rotate(points, m, m, angle)
 	}
 
-	for i := 0; i < size; i++ {
-		for j := 0; j < size; j++ {
+	for i := range size {
+		for j := range size {
 			if pointInPolygon(i, j, points) {
 				img.SetColorIndex(x+i, y+j, 1)
 			}
diff --git a/modules/avatar/identicon/identicon.go b/modules/avatar/identicon/identicon.go
index 13e8ec88e6..19f87da85a 100644
--- a/modules/avatar/identicon/identicon.go
+++ b/modules/avatar/identicon/identicon.go
@@ -134,7 +134,7 @@ func drawBlocks(p *image.Paletted, size int, c, b1, b2 blockFunc, b1Angle, b2Ang
 
 	// then we make it left-right mirror, so we didn't draw 3/6/9 before
 	for x := 0; x < size/2; x++ {
-		for y := 0; y < size; y++ {
+		for y := range size {
 			p.SetColorIndex(size-x, y, p.ColorIndexAt(x, y))
 		}
 	}
diff --git a/modules/charset/charset.go b/modules/charset/charset.go
index cb03deb966..d4121fb27f 100644
--- a/modules/charset/charset.go
+++ b/modules/charset/charset.go
@@ -164,7 +164,7 @@ func DetectEncoding(content []byte) (string, error) {
 		}
 		times := 1024 / len(content)
 		detectContent = make([]byte, 0, times*len(content))
-		for i := 0; i < times; i++ {
+		for range times {
 			detectContent = append(detectContent, content...)
 		}
 	} else {
diff --git a/modules/charset/charset_test.go b/modules/charset/charset_test.go
index 358220494b..c29987beb6 100644
--- a/modules/charset/charset_test.go
+++ b/modules/charset/charset_test.go
@@ -243,7 +243,7 @@ func stringMustEndWith(t *testing.T, expected, value string) {
 func TestToUTF8WithFallbackReader(t *testing.T) {
 	resetDefaultCharsetsOrder()
 
-	for testLen := 0; testLen < 2048; testLen++ {
+	for testLen := range 2048 {
 		pattern := "    test { () }\n"
 		input := ""
 		for len(input) < testLen {
diff --git a/modules/forgefed/actor.go b/modules/forgefed/actor.go
index 5383d5adaf..1f6e1f1fdf 100644
--- a/modules/forgefed/actor.go
+++ b/modules/forgefed/actor.go
@@ -6,6 +6,7 @@ package forgefed
 import (
 	"fmt"
 	"net/url"
+	"slices"
 	"strconv"
 	"strings"
 
@@ -107,12 +108,7 @@ func newActorID(uri string) (ActorID, error) {
 }
 
 func containsEmptyString(ar []string) bool {
-	for _, elem := range ar {
-		if elem == "" {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(ar, "")
 }
 
 func removeEmptyStrings(ls []string) []string {
diff --git a/modules/forgefed/repository.go b/modules/forgefed/repository.go
index 63680ccd35..1e85d1e64c 100644
--- a/modules/forgefed/repository.go
+++ b/modules/forgefed/repository.go
@@ -88,7 +88,7 @@ func ToRepository(it ap.Item) (*Repository, error) {
 		return (*Repository)(unsafe.Pointer(&i)), nil
 	default:
 		// NOTE(marius): this is an ugly way of dealing with the interface conversion error: types from different scopes
-		typ := reflect.TypeOf(new(Repository))
+		typ := reflect.TypeFor[*Repository]()
 		if i, ok := reflect.ValueOf(it).Convert(typ).Interface().(*Repository); ok {
 			return i, nil
 		}
diff --git a/modules/git/commit.go b/modules/git/commit.go
index 4fb13ecd4f..36ba8ef8ca 100644
--- a/modules/git/commit.go
+++ b/modules/git/commit.go
@@ -269,8 +269,8 @@ func NewSearchCommitsOptions(searchString string, forAllRefs bool) SearchCommits
 	var keywords, authors, committers []string
 	var after, before string
 
-	fields := strings.Fields(searchString)
-	for _, k := range fields {
+	fields := strings.FieldsSeq(searchString)
+	for k := range fields {
 		switch {
 		case strings.HasPrefix(k, "author:"):
 			authors = append(authors, strings.TrimPrefix(k, "author:"))
diff --git a/modules/git/commit_info.go b/modules/git/commit_info.go
index 6511a1689a..62f58f8767 100644
--- a/modules/git/commit_info.go
+++ b/modules/git/commit_info.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"maps"
 	"path"
 	"sort"
 
@@ -45,9 +46,7 @@ func (tes Entries) GetCommitsInfo(ctx context.Context, commit *Commit, treePath
 				return nil, nil, err
 			}
 
-			for pth, found := range commits {
-				revs[pth] = found
-			}
+			maps.Copy(revs, commits)
 		}
 	} else {
 		sort.Strings(entryPaths)
diff --git a/modules/git/foreachref/format.go b/modules/git/foreachref/format.go
index 2f5ec08991..87c1c9a4ff 100644
--- a/modules/git/foreachref/format.go
+++ b/modules/git/foreachref/format.go
@@ -75,9 +75,9 @@ func (f Format) Parser(r io.Reader) *Parser {
 // hexEscaped produces hex-escaped characters from a string. For example, "\n\0"
 // would turn into "%0a%00".
 func (f Format) hexEscaped(delim []byte) string {
-	escaped := ""
-	for i := 0; i < len(delim); i++ {
-		escaped += "%" + hex.EncodeToString([]byte{delim[i]})
+	var escaped strings.Builder
+	for i := range delim {
+		escaped.WriteString("%" + hex.EncodeToString([]byte{delim[i]}))
 	}
-	return escaped
+	return escaped.String()
 }
diff --git a/modules/git/hook.go b/modules/git/hook.go
index bef4d024c8..3b650fe9db 100644
--- a/modules/git/hook.go
+++ b/modules/git/hook.go
@@ -9,6 +9,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"slices"
 	"strings"
 
 	"forgejo.org/modules/log"
@@ -27,12 +28,7 @@ var ErrNotValidHook = errors.New("not a valid Git hook")
 
 // IsValidHookName returns true if given name is a valid Git hook.
 func IsValidHookName(name string) bool {
-	for _, hn := range hookNames {
-		if hn == name {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(hookNames, name)
 }
 
 // Hook represents a Git hook.
diff --git a/modules/git/last_commit_cache.go b/modules/git/last_commit_cache.go
index 1d7e74a0d7..9b49a18aaa 100644
--- a/modules/git/last_commit_cache.go
+++ b/modules/git/last_commit_cache.go
@@ -21,7 +21,7 @@ type Cache interface {
 }
 
 func getCacheKey(repoPath, commitID, entryPath string) string {
-	hashBytes := sha256.Sum256([]byte(fmt.Sprintf("%s:%s:%s", repoPath, commitID, entryPath)))
+	hashBytes := sha256.Sum256(fmt.Appendf(nil, "%s:%s:%s", repoPath, commitID, entryPath))
 	return fmt.Sprintf("last_commit:%x", hashBytes)
 }
 
diff --git a/modules/git/log_name_status.go b/modules/git/log_name_status.go
index 50786e7a42..800e83c4a4 100644
--- a/modules/git/log_name_status.go
+++ b/modules/git/log_name_status.go
@@ -346,10 +346,7 @@ func WalkGitLog(ctx context.Context, repo *Repository, head *Commit, treepath st
 
 	results := make([]string, len(paths))
 	remaining := len(paths)
-	nextRestart := (len(paths) * 3) / 4
-	if nextRestart > 70 {
-		nextRestart = 70
-	}
+	nextRestart := min((len(paths)*3)/4, 70)
 	lastEmptyParent := head.ID.String()
 	commitSinceLastEmptyParent := uint64(0)
 	commitSinceNextRestart := uint64(0)
diff --git a/modules/git/notes.go b/modules/git/notes.go
index a52314bdd7..1bc68b6366 100644
--- a/modules/git/notes.go
+++ b/modules/git/notes.go
@@ -8,6 +8,7 @@ import (
 	"context"
 	"io"
 	"os"
+	"strings"
 
 	"forgejo.org/modules/log"
 )
@@ -33,7 +34,7 @@ func GetNote(ctx context.Context, repo *Repository, commitID string) (*Note, err
 		return nil, err
 	}
 
-	path := ""
+	var path strings.Builder
 
 	tree := &notes.Tree
 	log.Trace("Found tree with ID %q while searching for git note corresponding to the commit %q", tree.ID, commitID)
@@ -43,12 +44,12 @@ func GetNote(ctx context.Context, repo *Repository, commitID string) (*Note, err
 	for len(commitID) > 2 {
 		entry, err = tree.GetTreeEntryByPath(commitID)
 		if err == nil {
-			path += commitID
+			path.WriteString(commitID)
 			break
 		}
 		if IsErrNotExist(err) {
 			tree, err = tree.SubTree(commitID[0:2])
-			path += commitID[0:2] + "/"
+			path.WriteString(commitID[0:2] + "/")
 			commitID = commitID[2:]
 		}
 		if err != nil {
@@ -80,9 +81,9 @@ func GetNote(ctx context.Context, repo *Repository, commitID string) (*Note, err
 	_ = dataRc.Close()
 	closed = true
 
-	lastCommit, err := repo.getCommitByPathWithID(notes.ID, path)
+	lastCommit, err := repo.getCommitByPathWithID(notes.ID, path.String())
 	if err != nil {
-		log.Error("Unable to get the commit for the path %q. Error: %v", path, err)
+		log.Error("Unable to get the commit for the path %q. Error: %v", path.String(), err)
 		return nil, err
 	}
 
diff --git a/modules/git/parse.go b/modules/git/parse.go
index c7b84d7198..d2d70d4cfa 100644
--- a/modules/git/parse.go
+++ b/modules/git/parse.go
@@ -33,16 +33,16 @@ func parseTreeEntries(data []byte, ptree *Tree) ([]*TreeEntry, error) {
 			posEnd += pos
 		}
 		line := data[pos:posEnd]
-		posTab := bytes.IndexByte(line, '\t')
-		if posTab == -1 {
+		before, after, ok := bytes.Cut(line, []byte{'\t'})
+		if !ok {
 			return nil, fmt.Errorf("invalid ls-tree output (no tab): %q", line)
 		}
 
 		entry := new(TreeEntry)
 		entry.ptree = ptree
 
-		entryAttrs := line[:posTab]
-		entryName := line[posTab+1:]
+		entryAttrs := before
+		entryName := after
 
 		entryMode, entryAttrs, _ := bytes.Cut(entryAttrs, sepSpace)
 		_ /* entryType */, entryAttrs, _ = bytes.Cut(entryAttrs, sepSpace) // the type is not used, the mode is enough to determine the type
diff --git a/modules/git/pushoptions/pushoptions.go b/modules/git/pushoptions/pushoptions.go
index 3fa2e01c44..14e2c5d283 100644
--- a/modules/git/pushoptions/pushoptions.go
+++ b/modules/git/pushoptions/pushoptions.go
@@ -52,7 +52,7 @@ func NewFromMap(o *map[string]string) Interface {
 
 func (o *gitPushOptions) ReadEnv() Interface {
 	if pushCount, err := strconv.Atoi(os.Getenv(EnvCount)); err == nil {
-		for idx := 0; idx < pushCount; idx++ {
+		for idx := range pushCount {
 			_ = o.Parse(os.Getenv(fmt.Sprintf(EnvFormat, idx)))
 		}
 	}
diff --git a/modules/git/ref.go b/modules/git/ref.go
index 1475d4dc5a..fdccd2b2e2 100644
--- a/modules/git/ref.go
+++ b/modules/git/ref.go
@@ -105,8 +105,8 @@ func (ref RefName) IsFor() bool {
 }
 
 func (ref RefName) nameWithoutPrefix(prefix string) string {
-	if strings.HasPrefix(string(ref), prefix) {
-		return strings.TrimPrefix(string(ref), prefix)
+	if after, ok := strings.CutPrefix(string(ref), prefix); ok {
+		return after
 	}
 	return ""
 }
diff --git a/modules/git/repo.go b/modules/git/repo.go
index 21845d9b55..6bd03f8e3c 100644
--- a/modules/git/repo.go
+++ b/modules/git/repo.go
@@ -46,9 +46,9 @@ func (repo *Repository) parsePrettyFormatLogToList(logs []byte) ([]*Commit, erro
 		return commits, nil
 	}
 
-	parts := bytes.Split(logs, []byte{'\n'})
+	parts := bytes.SplitSeq(logs, []byte{'\n'})
 
-	for _, commitID := range parts {
+	for commitID := range parts {
 		commit, err := repo.GetCommit(string(commitID))
 		if err != nil {
 			return nil, err
diff --git a/modules/git/repo_attribute.go b/modules/git/repo_attribute.go
index 2b07513162..56a86bde14 100644
--- a/modules/git/repo_attribute.go
+++ b/modules/git/repo_attribute.go
@@ -96,8 +96,8 @@ func (ca GitAttribute) String() string {
 // sometimes used within gitlab-language: https://docs.gitlab.com/ee/user/project/highlighting.html#override-syntax-highlighting-for-a-file-type
 func (ca GitAttribute) Prefix() string {
 	s := ca.String()
-	if i := strings.IndexByte(s, '?'); i >= 0 {
-		return s[:i]
+	if before, _, ok := strings.Cut(s, "?"); ok {
+		return before
 	}
 	return s
 }
diff --git a/modules/git/repo_index.go b/modules/git/repo_index.go
index f58757a9a2..7fc5c573dd 100644
--- a/modules/git/repo_index.go
+++ b/modules/git/repo_index.go
@@ -95,7 +95,7 @@ func (repo *Repository) LsFiles(filenames ...string) ([]string, error) {
 		return nil, err
 	}
 	filelist := make([]string, 0, len(filenames))
-	for _, line := range bytes.Split(res, []byte{'\000'}) {
+	for line := range bytes.SplitSeq(res, []byte{'\000'}) {
 		filelist = append(filelist, string(line))
 	}
 
diff --git a/modules/git/repo_tag.go b/modules/git/repo_tag.go
index f7f04e1f10..bd851a3be3 100644
--- a/modules/git/repo_tag.go
+++ b/modules/git/repo_tag.go
@@ -42,8 +42,8 @@ func (repo *Repository) GetTagNameBySHA(sha string) (string, error) {
 		return "", err
 	}
 
-	tagRefs := strings.Split(stdout, "\n")
-	for _, tagRef := range tagRefs {
+	tagRefs := strings.SplitSeq(stdout, "\n")
+	for tagRef := range tagRefs {
 		if len(strings.TrimSpace(tagRef)) > 0 {
 			fields := strings.Fields(tagRef)
 			if strings.HasPrefix(fields[0], sha) && strings.HasPrefix(fields[1], TagPrefix) {
@@ -65,7 +65,7 @@ func (repo *Repository) GetTagID(name string) (string, error) {
 		return "", err
 	}
 	// Make sure exact match is used: "v1" != "release/v1"
-	for _, line := range strings.Split(stdout, "\n") {
+	for line := range strings.SplitSeq(stdout, "\n") {
 		fields := strings.Fields(line)
 		if len(fields) == 2 && fields[1] == "refs/tags/"+name {
 			return fields[0], nil
diff --git a/modules/git/tag.go b/modules/git/tag.go
index edbe54b853..3af062a51a 100644
--- a/modules/git/tag.go
+++ b/modules/git/tag.go
@@ -50,20 +50,20 @@ l:
 		switch {
 		case eol > 0:
 			line := data[nextline : nextline+eol]
-			spacepos := bytes.IndexByte(line, ' ')
-			reftype := line[:spacepos]
+			before, after, _ := bytes.Cut(line, []byte{' '})
+			reftype := before
 			switch string(reftype) {
 			case "object":
-				id, err := NewIDFromString(string(line[spacepos+1:]))
+				id, err := NewIDFromString(string(after))
 				if err != nil {
 					return nil, err
 				}
 				tag.Object = id
 			case "type":
 				// A commit can have one or more parents
-				tag.Type = string(line[spacepos+1:])
+				tag.Type = string(after)
 			case "tagger":
-				tag.Tagger = parseSignatureFromCommitLine(util.UnsafeBytesToString(line[spacepos+1:]))
+				tag.Tagger = parseSignatureFromCommitLine(util.UnsafeBytesToString(after))
 			}
 			nextline += eol + 1
 		case eol == 0:
diff --git a/modules/git/tree.go b/modules/git/tree.go
index f6201f6cc9..9a91787c9e 100644
--- a/modules/git/tree.go
+++ b/modules/git/tree.go
@@ -170,7 +170,7 @@ func (repo *Repository) LsTree(ref string, filenames ...string) ([]string, error
 		return nil, err
 	}
 	filelist := make([]string, 0, len(filenames))
-	for _, line := range bytes.Split(res, []byte{'\000'}) {
+	for line := range bytes.SplitSeq(res, []byte{'\000'}) {
 		filelist = append(filelist, string(line))
 	}
 
diff --git a/modules/git/tree_entry.go b/modules/git/tree_entry.go
index 8b6c4c467c..5e3bb8ac21 100644
--- a/modules/git/tree_entry.go
+++ b/modules/git/tree_entry.go
@@ -171,7 +171,7 @@ func (te *TreeEntry) FollowLinks() (*TreeEntry, string, error) {
 	}
 	entry := te
 	entryLink := ""
-	for i := 0; i < 999; i++ {
+	for range 999 {
 		if entry.IsLink() {
 			next, link, err := entry.FollowLink()
 			entryLink = link
diff --git a/modules/git/tree_test.go b/modules/git/tree_test.go
index aa092cc56b..6277154acd 100644
--- a/modules/git/tree_test.go
+++ b/modules/git/tree_test.go
@@ -20,7 +20,7 @@ func TestSubTree_Issue29101(t *testing.T) {
 	require.NoError(t, err)
 
 	// old code could produce a different error if called multiple times
-	for i := 0; i < 10; i++ {
+	for range 10 {
 		_, err = commit.SubTree("file1.txt")
 		require.Error(t, err)
 		assert.True(t, IsErrNotExist(err))
diff --git a/modules/hostmatcher/hostmatcher.go b/modules/hostmatcher/hostmatcher.go
index 1069310316..15c6371422 100644
--- a/modules/hostmatcher/hostmatcher.go
+++ b/modules/hostmatcher/hostmatcher.go
@@ -6,6 +6,7 @@ package hostmatcher
 import (
 	"net"
 	"path/filepath"
+	"slices"
 	"strings"
 )
 
@@ -38,7 +39,7 @@ func isBuiltin(s string) bool {
 // ParseHostMatchList parses the host list HostMatchList
 func ParseHostMatchList(settingKeyHint, hostList string) *HostMatchList {
 	hl := &HostMatchList{SettingKeyHint: settingKeyHint, SettingValue: hostList}
-	for _, s := range strings.Split(hostList, ",") {
+	for s := range strings.SplitSeq(hostList, ",") {
 		s = strings.ToLower(strings.TrimSpace(s))
 		if s == "" {
 			continue
@@ -61,7 +62,7 @@ func ParseSimpleMatchList(settingKeyHint, matchList string) *HostMatchList {
 		SettingKeyHint: settingKeyHint,
 		SettingValue:   matchList,
 	}
-	for _, s := range strings.Split(matchList, ",") {
+	for s := range strings.SplitSeq(matchList, ",") {
 		s = strings.ToLower(strings.TrimSpace(s))
 		if s == "" {
 			continue
@@ -98,10 +99,8 @@ func (hl *HostMatchList) checkPattern(host string) bool {
 }
 
 func (hl *HostMatchList) checkIP(ip net.IP) bool {
-	for _, pattern := range hl.patterns {
-		if pattern == "*" {
-			return true
-		}
+	if slices.Contains(hl.patterns, "*") {
+		return true
 	}
 	for _, builtin := range hl.builtins {
 		switch builtin {
diff --git a/modules/httpcache/httpcache.go b/modules/httpcache/httpcache.go
index 7978fc38a1..311f7215b2 100644
--- a/modules/httpcache/httpcache.go
+++ b/modules/httpcache/httpcache.go
@@ -59,7 +59,7 @@ func HandleGenericETagCache(req *http.Request, w http.ResponseWriter, etag strin
 func checkIfNoneMatchIsValid(req *http.Request, etag string) bool {
 	ifNoneMatch := req.Header.Get("If-None-Match")
 	if len(ifNoneMatch) > 0 {
-		for _, item := range strings.Split(ifNoneMatch, ",") {
+		for item := range strings.SplitSeq(ifNoneMatch, ",") {
 			item = strings.TrimPrefix(strings.TrimSpace(item), "W/") // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag#directives
 			if item == etag {
 				return true
diff --git a/modules/httplib/serve.go b/modules/httplib/serve.go
index d385ac21c9..4c71437fc5 100644
--- a/modules/httplib/serve.go
+++ b/modules/httplib/serve.go
@@ -8,6 +8,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"maps"
 	"net/http"
 	"net/url"
 	"path"
@@ -86,9 +87,7 @@ func ServeSetHeaders(w http.ResponseWriter, opts *ServeHeaderOptions) {
 	}
 
 	if opts.AdditionalHeaders != nil {
-		for k, v := range opts.AdditionalHeaders {
-			header[k] = v
-		}
+		maps.Copy(header, opts.AdditionalHeaders)
 	}
 }
 
diff --git a/modules/indexer/code/git.go b/modules/indexer/code/git.go
index 14a43cf3be..8ec3c1181f 100644
--- a/modules/indexer/code/git.go
+++ b/modules/indexer/code/git.go
@@ -129,8 +129,8 @@ func nonGenesisChanges(ctx context.Context, repo *repo_model.Repository, revisio
 		changes.Updates = append(changes.Updates, updates...)
 		return nil
 	}
-	lines := strings.Split(stdout, "\n")
-	for _, line := range lines {
+	lines := strings.SplitSeq(stdout, "\n")
+	for line := range lines {
 		line = strings.TrimSpace(line)
 		if len(line) == 0 {
 			continue
diff --git a/modules/issue/template/template.go b/modules/issue/template/template.go
index 08c1b21c26..09dfe10e08 100644
--- a/modules/issue/template/template.go
+++ b/modules/issue/template/template.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"net/url"
 	"regexp"
+	"slices"
 	"strconv"
 	"strings"
 
@@ -447,12 +448,7 @@ func (o *valuedOption) IsChecked() bool {
 	case api.IssueFormFieldTypeDropdown:
 		checks := strings.Split(o.field.Get(fmt.Sprintf("form-field-%s", o.field.ID)), ",")
 		idx := strconv.Itoa(o.index)
-		for _, v := range checks {
-			if v == idx {
-				return true
-			}
-		}
-		return false
+		return slices.Contains(checks, idx)
 	case api.IssueFormFieldTypeCheckboxes:
 		return o.field.Get(fmt.Sprintf("form-field-%s-%d", o.field.ID, o.index)) == "on"
 	}
diff --git a/modules/label/parser.go b/modules/label/parser.go
index 12fc176967..b27b2c9ee6 100644
--- a/modules/label/parser.go
+++ b/modules/label/parser.go
@@ -72,7 +72,7 @@ func parseYamlFormat(fileName string, data []byte) ([]*Label, error) {
 func parseLegacyFormat(fileName string, data []byte) ([]*Label, error) {
 	lines := strings.Split(string(data), "\n")
 	list := make([]*Label, 0, len(lines))
-	for i := 0; i < len(lines); i++ {
+	for i := range lines {
 		line := strings.TrimSpace(lines[i])
 		if len(line) == 0 {
 			continue
@@ -108,7 +108,7 @@ func LoadTemplateDescription(fileName string) (string, error) {
 		return "", err
 	}
 
-	for i := 0; i < len(list); i++ {
+	for i := range list {
 		if i > 0 {
 			buf.WriteString(", ")
 		}
diff --git a/modules/log/event_format.go b/modules/log/event_format.go
index 6835a4ca5b..70df2cbce2 100644
--- a/modules/log/event_format.go
+++ b/modules/log/event_format.go
@@ -208,7 +208,7 @@ func EventFormatTextMessage(mode *WriterMode, event *Event, msgFormat string, ms
 			}
 		}
 		if hasColorValue {
-			msg = []byte(fmt.Sprintf(msgFormat, msgArgs...))
+			msg = fmt.Appendf(nil, msgFormat, msgArgs...)
 		}
 	}
 	// try to reuse the pre-formatted simple text message
@@ -227,8 +227,8 @@ func EventFormatTextMessage(mode *WriterMode, event *Event, msgFormat string, ms
 	buf = append(buf, msg...)
 
 	if event.Stacktrace != "" && mode.StacktraceLevel <= event.Level {
-		lines := bytes.Split([]byte(event.Stacktrace), []byte("\n"))
-		for _, line := range lines {
+		lines := bytes.SplitSeq([]byte(event.Stacktrace), []byte("\n"))
+		for line := range lines {
 			buf = append(buf, "\n\t"...)
 			buf = append(buf, line...)
 		}
diff --git a/modules/log/event_writer_conn_test.go b/modules/log/event_writer_conn_test.go
index 0cf447149a..6d528a68d1 100644
--- a/modules/log/event_writer_conn_test.go
+++ b/modules/log/event_writer_conn_test.go
@@ -63,11 +63,9 @@ func TestConnLogger(t *testing.T) {
 	}
 	expected := fmt.Sprintf("%s%s %s:%d:%s [%c] %s\n", prefix, dateString, event.Filename, event.Line, event.Caller, strings.ToUpper(event.Level.String())[0], event.MsgSimpleText)
 	var wg sync.WaitGroup
-	wg.Add(1)
-	go func() {
-		defer wg.Done()
+	wg.Go(func() {
 		listenReadAndClose(t, l, expected)
-	}()
+	})
 	logger.SendLogEvent(&event)
 	wg.Wait()
 
diff --git a/modules/log/flags.go b/modules/log/flags.go
index 1e4fe830c1..c428d58a1d 100644
--- a/modules/log/flags.go
+++ b/modules/log/flags.go
@@ -124,7 +124,7 @@ func FlagsFromString(from string, def ...uint32) Flags {
 		return Flags{defined: true, flags: def[0]}
 	}
 	flags := uint32(0)
-	for _, flag := range strings.Split(strings.ToLower(from), ",") {
+	for flag := range strings.SplitSeq(strings.ToLower(from), ",") {
 		flags |= flagFromString[strings.TrimSpace(flag)]
 	}
 	return Flags{defined: true, flags: flags}
diff --git a/modules/log/level_test.go b/modules/log/level_test.go
index e6cacc723b..73e2355960 100644
--- a/modules/log/level_test.go
+++ b/modules/log/level_test.go
@@ -33,11 +33,11 @@ func TestLevelMarshalUnmarshalJSON(t *testing.T) {
 	require.NoError(t, err)
 	assert.Equal(t, INFO, testLevel.Level)
 
-	err = json.Unmarshal([]byte(fmt.Sprintf(`{"level":%d}`, 2)), &testLevel)
+	err = json.Unmarshal(fmt.Appendf(nil, `{"level":%d}`, 2), &testLevel)
 	require.NoError(t, err)
 	assert.Equal(t, INFO, testLevel.Level)
 
-	err = json.Unmarshal([]byte(fmt.Sprintf(`{"level":%d}`, 10012)), &testLevel)
+	err = json.Unmarshal(fmt.Appendf(nil, `{"level":%d}`, 10012), &testLevel)
 	require.NoError(t, err)
 	assert.Equal(t, INFO, testLevel.Level)
 
@@ -52,5 +52,5 @@ func TestLevelMarshalUnmarshalJSON(t *testing.T) {
 }
 
 func makeTestLevelBytes(level string) []byte {
-	return []byte(fmt.Sprintf(`{"level":"%s"}`, level))
+	return fmt.Appendf(nil, `{"level":"%s"}`, level)
 }
diff --git a/modules/markup/file_preview.go b/modules/markup/file_preview.go
index dab6057cf4..22dcf93d75 100644
--- a/modules/markup/file_preview.go
+++ b/modules/markup/file_preview.go
@@ -80,8 +80,8 @@ func newFilePreview(ctx *RenderContext, node *html.Node, locale translation.Loca
 	filePath := node.Data[m[6]:m[7]]
 	hash := node.Data[m[8]:m[9]]
 	urlFullSource := urlFull
-	if strings.HasSuffix(filePath, "?display=source") {
-		filePath = strings.TrimSuffix(filePath, "?display=source")
+	if before, ok := strings.CutSuffix(filePath, "?display=source"); ok {
+		filePath = before
 	} else if Type(filePath) != "" {
 		urlFullSource = node.Data[m[0]:m[6]] + filePath + "?display=source#" + hash
 	}
diff --git a/modules/markup/html.go b/modules/markup/html.go
index d60021bfbb..5bca4c4596 100644
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -11,6 +11,7 @@ import (
 	"path"
 	"path/filepath"
 	"regexp"
+	"slices"
 	"strings"
 	"sync"
 
@@ -124,13 +125,7 @@ func CustomLinkURLSchemes(schemes []string) {
 		if !validScheme.MatchString(s) {
 			continue
 		}
-		without := false
-		for _, sna := range xurls.SchemesNoAuthority {
-			if s == sna {
-				without = true
-				break
-			}
-		}
+		without := slices.Contains(xurls.SchemesNoAuthority, s)
 		if without {
 			s += ":"
 		} else {
@@ -675,9 +670,9 @@ func shortLinkProcessor(ctx *RenderContext, node *html.Node) {
 		// It makes page handling terrible, but we prefer GitHub syntax
 		// And fall back to MediaWiki only when it is obvious from the look
 		// Of text and link contents
-		sl := strings.Split(content, "|")
-		for _, v := range sl {
-			if equalPos := strings.IndexByte(v, '='); equalPos == -1 {
+		sl := strings.SplitSeq(content, "|")
+		for v := range sl {
+			if found := strings.Contains(v, "="); !found {
 				// There is no equal in this argument; this is a mandatory arg
 				if props["name"] == "" {
 					if IsLinkStr(v) {
@@ -699,8 +694,8 @@ func shortLinkProcessor(ctx *RenderContext, node *html.Node) {
 			} else {
 				// There is an equal; optional argument.
 
-				sep := strings.IndexByte(v, '=')
-				key, val := v[:sep], html.UnescapeString(v[sep+1:])
+				before, after, _ := strings.Cut(v, "=")
+				key, val := before, html.UnescapeString(after)
 
 				// When parsing HTML, x/net/html will change all quotes which are
 				// not used for syntax into UTF-8 quotes. So checking val[0] won't
@@ -1148,7 +1143,7 @@ func comparePatternProcessor(ctx *RenderContext, node *html.Node) {
 		}
 
 		// Ensure that every group (m[0]...m[9]) has a match
-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			if m[i] == -1 {
 				return
 			}
diff --git a/modules/markup/markdown/markdown.go b/modules/markup/markdown/markdown.go
index 2b19e0f1c9..9a112109dd 100644
--- a/modules/markup/markdown/markdown.go
+++ b/modules/markup/markdown/markdown.go
@@ -182,10 +182,7 @@ func actualRender(ctx *markup.RenderContext, input io.Reader, output io.Writer)
 	}
 	buf, _ = ExtractMetadataBytes(buf, rc)
 
-	metaLength := bufWithMetadataLength - len(buf)
-	if metaLength < 0 {
-		metaLength = 0
-	}
+	metaLength := max(bufWithMetadataLength-len(buf), 0)
 	rc.metaLength = metaLength
 
 	pc.Set(markdownutil.RenderConfigKey, rc)
diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go
index 82c2c7fe8c..61ded3cedc 100644
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@@ -319,7 +319,7 @@ func TestTotal_RenderWiki(t *testing.T) {
 
 	answers := testAnswers(util.URLJoin(FullURL, "wiki"), util.URLJoin(FullURL, "wiki", "raw"))
 
-	for i := 0; i < len(sameCases); i++ {
+	for i := range sameCases {
 		line, err := markdown.RenderString(&markup.RenderContext{
 			Ctx: git.DefaultContext,
 			Links: markup.Links{
@@ -363,7 +363,7 @@ func TestTotal_RenderString(t *testing.T) {
 
 	answers := testAnswers(util.URLJoin(FullURL, "src", "master"), util.URLJoin(FullURL, "media", "master"))
 
-	for i := 0; i < len(sameCases); i++ {
+	for i := range sameCases {
 		line, err := markdown.RenderString(&markup.RenderContext{
 			Ctx: git.DefaultContext,
 			Links: markup.Links{
diff --git a/modules/markup/markdown/math/block_renderer.go b/modules/markup/markdown/math/block_renderer.go
index 84817ef1e4..d27318c623 100644
--- a/modules/markup/markdown/math/block_renderer.go
+++ b/modules/markup/markdown/math/block_renderer.go
@@ -24,7 +24,7 @@ func (r *BlockRenderer) RegisterFuncs(reg renderer.NodeRendererFuncRegisterer) {
 
 func (r *BlockRenderer) writeLines(w util.BufWriter, source []byte, n gast.Node) {
 	l := n.Lines().Len()
-	for i := 0; i < l; i++ {
+	for i := range l {
 		line := n.Lines().At(i)
 		_, _ = w.Write(util.EscapeHTML(line.Value(source)))
 	}
diff --git a/modules/markup/markdown/meta_test.go b/modules/markup/markdown/meta_test.go
index aaf116ff20..9345dd528a 100644
--- a/modules/markup/markdown/meta_test.go
+++ b/modules/markup/markdown/meta_test.go
@@ -63,7 +63,7 @@ func TestExtractMetadata(t *testing.T) {
 func TestExtractMetadataBytes(t *testing.T) {
 	t.Run("ValidFrontAndBody", func(t *testing.T) {
 		var meta IssueTemplate
-		body, err := ExtractMetadataBytes([]byte(fmt.Sprintf("%s\n%s\n%s\n%s", sepTest, frontTest, sepTest, bodyTest)), &meta)
+		body, err := ExtractMetadataBytes(fmt.Appendf(nil, "%s\n%s\n%s\n%s", sepTest, frontTest, sepTest, bodyTest), &meta)
 		require.NoError(t, err)
 		assert.Equal(t, bodyTest, string(body))
 		assert.Equal(t, metaTest, meta)
@@ -72,19 +72,19 @@ func TestExtractMetadataBytes(t *testing.T) {
 
 	t.Run("NoFirstSeparator", func(t *testing.T) {
 		var meta IssueTemplate
-		_, err := ExtractMetadataBytes([]byte(fmt.Sprintf("%s\n%s\n%s", frontTest, sepTest, bodyTest)), &meta)
+		_, err := ExtractMetadataBytes(fmt.Appendf(nil, "%s\n%s\n%s", frontTest, sepTest, bodyTest), &meta)
 		require.Error(t, err)
 	})
 
 	t.Run("NoLastSeparator", func(t *testing.T) {
 		var meta IssueTemplate
-		_, err := ExtractMetadataBytes([]byte(fmt.Sprintf("%s\n%s\n%s", sepTest, frontTest, bodyTest)), &meta)
+		_, err := ExtractMetadataBytes(fmt.Appendf(nil, "%s\n%s\n%s", sepTest, frontTest, bodyTest), &meta)
 		require.Error(t, err)
 	})
 
 	t.Run("NoBody", func(t *testing.T) {
 		var meta IssueTemplate
-		body, err := ExtractMetadataBytes([]byte(fmt.Sprintf("%s\n%s\n%s", sepTest, frontTest, sepTest)), &meta)
+		body, err := ExtractMetadataBytes(fmt.Appendf(nil, "%s\n%s\n%s", sepTest, frontTest, sepTest), &meta)
 		require.NoError(t, err)
 		assert.Empty(t, string(body))
 		assert.Equal(t, metaTest, meta)
diff --git a/modules/markup/markdown/toc.go b/modules/markup/markdown/toc.go
index dbfab3e9dc..53add219f5 100644
--- a/modules/markup/markdown/toc.go
+++ b/modules/markup/markdown/toc.go
@@ -44,7 +44,7 @@ func createTOCNode(toc []markup.Header, lang string, detailsAttrs map[string]str
 		}
 		li := ast.NewListItem(currentLevel * 2)
 		a := ast.NewLink()
-		a.Destination = []byte(fmt.Sprintf("#%s", url.QueryEscape(header.ID)))
+		a.Destination = fmt.Appendf(nil, "#%s", url.QueryEscape(header.ID))
 		a.AppendChild(a, ast.NewString([]byte(header.Text)))
 		li.AppendChild(li, a)
 		ul.AppendChild(ul, li)
diff --git a/modules/markup/markdown/transform_heading.go b/modules/markup/markdown/transform_heading.go
index eedaf58556..16779d5099 100644
--- a/modules/markup/markdown/transform_heading.go
+++ b/modules/markup/markdown/transform_heading.go
@@ -17,7 +17,7 @@ import (
 func (g *ASTTransformer) transformHeading(_ *markup.RenderContext, v *ast.Heading, reader text.Reader, tocList *[]markup.Header) {
 	for _, attr := range v.Attributes() {
 		if _, ok := attr.Value.([]byte); !ok {
-			v.SetAttribute(attr.Name, []byte(fmt.Sprintf("%v", attr.Value)))
+			v.SetAttribute(attr.Name, fmt.Appendf(nil, "%v", attr.Value))
 		}
 	}
 	txt := mdutil.Text(v, reader.Source())
diff --git a/modules/markup/renderer.go b/modules/markup/renderer.go
index b1c3d35e73..0a66caf1d5 100644
--- a/modules/markup/renderer.go
+++ b/modules/markup/renderer.go
@@ -319,23 +319,19 @@ func render(ctx *RenderContext, renderer Renderer, input io.Reader, output io.Wr
 			_ = pw2.Close()
 		}()
 
-		wg.Add(1)
-		go func() {
+		wg.Go(func() {
 			err = donotpanic.SafeFuncWithError(func() error { return SanitizeReader(pr2, renderer.Name(), output) })
 			_ = pr2.Close()
-			wg.Done()
-		}()
+		})
 	} else {
 		pw2 = nopCloser{output}
 	}
 
-	wg.Add(1)
-	go func() {
+	wg.Go(func() {
 		err = donotpanic.SafeFuncWithError(func() error { return postProcessOrCopy(ctx, renderer, pr, pw2) })
 		_ = pr.Close()
 		_ = pw2.Close()
-		wg.Done()
-	}()
+	})
 
 	if err1 := renderer.Render(ctx, input, pw); err1 != nil {
 		return err1
diff --git a/modules/packages/npm/creator.go b/modules/packages/npm/creator.go
index ed163d30ac..2f83d2ee7b 100644
--- a/modules/packages/npm/creator.go
+++ b/modules/packages/npm/creator.go
@@ -58,7 +58,7 @@ type PackageMetadata struct {
 	Time           map[string]time.Time               `json:"time,omitempty"`
 	Homepage       string                             `json:"homepage,omitempty"`
 	Keywords       []string                           `json:"keywords,omitempty"`
-	Repository     Repository                         `json:"repository,omitempty"`
+	Repository     Repository                         `json:"repository"`
 	Author         User                               `json:"author"`
 	ReadmeFilename string                             `json:"readmeFilename,omitempty"`
 	Users          map[string]bool                    `json:"users,omitempty"`
@@ -75,7 +75,7 @@ type PackageMetadataVersion struct {
 	Author               User                `json:"author"`
 	Homepage             string              `json:"homepage,omitempty"`
 	License              string              `json:"license,omitempty"`
-	Repository           Repository          `json:"repository,omitempty"`
+	Repository           Repository          `json:"repository"`
 	Keywords             []string            `json:"keywords,omitempty"`
 	Dependencies         map[string]string   `json:"dependencies,omitempty"`
 	BundleDependencies   []string            `json:"bundleDependencies,omitempty"`
diff --git a/modules/packages/npm/metadata.go b/modules/packages/npm/metadata.go
index 6bb77f302b..0e5bf19ce7 100644
--- a/modules/packages/npm/metadata.go
+++ b/modules/packages/npm/metadata.go
@@ -22,5 +22,5 @@ type Metadata struct {
 	OptionalDependencies    map[string]string `json:"optional_dependencies,omitempty"`
 	Bin                     map[string]string `json:"bin,omitempty"`
 	Readme                  string            `json:"readme,omitempty"`
-	Repository              Repository        `json:"repository,omitempty"`
+	Repository              Repository        `json:"repository"`
 }
diff --git a/modules/packages/nuget/symbol_extractor.go b/modules/packages/nuget/symbol_extractor.go
index 992ade7e8f..dd9fac96c6 100644
--- a/modules/packages/nuget/symbol_extractor.go
+++ b/modules/packages/nuget/symbol_extractor.go
@@ -142,8 +142,8 @@ func ParseDebugHeaderID(r io.ReadSeeker) (string, error) {
 			if _, err := r.Read(b); err != nil {
 				return "", err
 			}
-			if i := bytes.IndexByte(b, 0); i != -1 {
-				buf.Write(b[:i])
+			if before, _, ok := bytes.Cut(b, []byte{0}); ok {
+				buf.Write(before)
 				return buf.String(), nil
 			}
 			buf.Write(b)
diff --git a/modules/packages/rubygems/marshal.go b/modules/packages/rubygems/marshal.go
index 191efc7c0e..7d498c66b8 100644
--- a/modules/packages/rubygems/marshal.go
+++ b/modules/packages/rubygems/marshal.go
@@ -91,7 +91,7 @@ func (e *MarshalEncoder) marshal(v any) error {
 	val := reflect.ValueOf(v)
 	typ := reflect.TypeOf(v)
 
-	if typ.Kind() == reflect.Ptr {
+	if typ.Kind() == reflect.Pointer {
 		val = val.Elem()
 		typ = typ.Elem()
 	}
@@ -250,7 +250,7 @@ func (e *MarshalEncoder) marshalArray(arr reflect.Value) error {
 		return err
 	}
 
-	for i := 0; i < length; i++ {
+	for i := range length {
 		if err := e.marshal(arr.Index(i).Interface()); err != nil {
 			return err
 		}
diff --git a/modules/packages/swift/metadata.go b/modules/packages/swift/metadata.go
index 34fc4f1784..094fa0c7a4 100644
--- a/modules/packages/swift/metadata.go
+++ b/modules/packages/swift/metadata.go
@@ -47,7 +47,7 @@ type Metadata struct {
 	Keywords      []string             `json:"keywords,omitempty"`
 	RepositoryURL string               `json:"repository_url,omitempty"`
 	License       string               `json:"license,omitempty"`
-	Author        Person               `json:"author,omitempty"`
+	Author        Person               `json:"author"`
 	Manifests     map[string]*Manifest `json:"manifests,omitempty"`
 }
 
diff --git a/modules/private/serv.go b/modules/private/serv.go
index fb8496930e..1e04b2ce29 100644
--- a/modules/private/serv.go
+++ b/modules/private/serv.go
@@ -7,6 +7,7 @@ import (
 	"context"
 	"fmt"
 	"net/url"
+	"strings"
 
 	asymkey_model "forgejo.org/models/asymkey"
 	"forgejo.org/models/perm"
@@ -47,17 +48,18 @@ type ServCommandResults struct {
 
 // ServCommand preps for a serv call
 func ServCommand(ctx context.Context, keyID int64, ownerName, repoName string, mode perm.AccessMode, verbs ...string) (*ServCommandResults, ResponseExtra) {
-	reqURL := setting.LocalURL + fmt.Sprintf("api/internal/serv/command/%d/%s/%s?mode=%d",
+	var reqURL strings.Builder
+	fmt.Fprintf(&reqURL, "%sapi/internal/serv/command/%d/%s/%s?mode=%d",
+		setting.LocalURL,
 		keyID,
 		url.PathEscape(ownerName),
 		url.PathEscape(repoName),
-		mode,
-	)
+		mode)
 	for _, verb := range verbs {
 		if verb != "" {
-			reqURL += fmt.Sprintf("&verb=%s", url.QueryEscape(verb))
+			fmt.Fprintf(&reqURL, "&verb=%s", url.QueryEscape(verb))
 		}
 	}
-	req := newInternalRequest(ctx, reqURL, "GET")
+	req := newInternalRequest(ctx, reqURL.String(), "GET")
 	return requestJSONResp(req, &ServCommandResults{})
 }
diff --git a/modules/public/public.go b/modules/public/public.go
index a7db5b62e9..52cb8757a0 100644
--- a/modules/public/public.go
+++ b/modules/public/public.go
@@ -45,7 +45,7 @@ func FileHandlerFunc() http.HandlerFunc {
 func parseAcceptEncoding(val string) container.Set[string] {
 	parts := strings.Split(val, ";")
 	types := make(container.Set[string])
-	for _, v := range strings.Split(parts[0], ",") {
+	for v := range strings.SplitSeq(parts[0], ",") {
 		types.Add(strings.TrimSpace(v))
 	}
 	return types
diff --git a/modules/queue/base_levelqueue_common.go b/modules/queue/base_levelqueue_common.go
index 8b4f35c47d..c57bf8597b 100644
--- a/modules/queue/base_levelqueue_common.go
+++ b/modules/queue/base_levelqueue_common.go
@@ -83,7 +83,7 @@ func prepareLevelDB(cfg *BaseConfig) (conn string, db *leveldb.DB, err error) {
 		}
 		conn = cfg.ConnStr
 	}
-	for i := 0; i < 10; i++ {
+	for range 10 {
 		if db, err = nosql.GetManager().GetLevelDB(conn); err == nil {
 			break
 		}
diff --git a/modules/queue/base_redis.go b/modules/queue/base_redis.go
index ec3c6dc16d..8b20e0b443 100644
--- a/modules/queue/base_redis.go
+++ b/modules/queue/base_redis.go
@@ -49,7 +49,7 @@ func newBaseRedisGeneric(cfg *BaseConfig, unique bool, client nosql.RedisClient)
 	}
 
 	var err error
-	for i := 0; i < 10; i++ {
+	for range 10 {
 		err = client.Ping(graceful.GetManager().ShutdownContext()).Err()
 		if err == nil {
 			break
diff --git a/modules/queue/base_test.go b/modules/queue/base_test.go
index caa930158c..758faf1459 100644
--- a/modules/queue/base_test.go
+++ b/modules/queue/base_test.go
@@ -88,7 +88,7 @@ func testQueueBasic(t *testing.T, newFn func(cfg *BaseConfig) (baseQueue, error)
 
 		// test blocking push if queue is full
 		for i := 0; i < cfg.Length; i++ {
-			err = q.PushItem(ctx, []byte(fmt.Sprintf("item-%d", i)))
+			err = q.PushItem(ctx, fmt.Appendf(nil, "item-%d", i))
 			require.NoError(t, err)
 		}
 		ctxTimed, cancel = context.WithTimeout(ctx, 10*time.Millisecond)
diff --git a/modules/queue/manager.go b/modules/queue/manager.go
index 8f1a93f273..9c655b7fdc 100644
--- a/modules/queue/manager.go
+++ b/modules/queue/manager.go
@@ -5,6 +5,7 @@ package queue
 
 import (
 	"context"
+	"maps"
 	"sync"
 	"time"
 
@@ -68,9 +69,7 @@ func (m *Manager) ManagedQueues() map[int64]ManagedWorkerPoolQueue {
 	defer m.mu.Unlock()
 
 	queues := make(map[int64]ManagedWorkerPoolQueue, len(m.Queues))
-	for k, v := range m.Queues {
-		queues[k] = v
-	}
+	maps.Copy(queues, m.Queues)
 	return queues
 }
 
diff --git a/modules/queue/workergroup.go b/modules/queue/workergroup.go
index 2d1228db2c..87f01755aa 100644
--- a/modules/queue/workergroup.go
+++ b/modules/queue/workergroup.go
@@ -142,11 +142,7 @@ func (q *WorkerPoolQueue[T]) basePushForShutdown(items ...T) bool {
 
 // doStartNewWorker starts a new worker for the queue, the worker reads from worker's channel and handles the items.
 func (q *WorkerPoolQueue[T]) doStartNewWorker(wp *workerGroup[T]) {
-	wp.wg.Add(1)
-
-	go func() {
-		defer wp.wg.Done()
-
+	wp.wg.Go(func() {
 		log.Debug("Queue %q starts new worker", q.GetName())
 		defer log.Debug("Queue %q stops idle worker", q.GetName())
 
@@ -187,7 +183,7 @@ func (q *WorkerPoolQueue[T]) doStartNewWorker(wp *workerGroup[T]) {
 				q.workerNumMu.Unlock()
 			}
 		}
-	}()
+	})
 }
 
 // doFlush flushes the queue: it tries to read all items from the queue and handles them.
diff --git a/modules/queue/workerqueue_test.go b/modules/queue/workerqueue_test.go
index 8d907ed8cd..da857b9405 100644
--- a/modules/queue/workerqueue_test.go
+++ b/modules/queue/workerqueue_test.go
@@ -78,17 +78,17 @@ func TestWorkerPoolQueueUnhandled(t *testing.T) {
 
 	runCount := 2 // we can run these tests even hundreds times to see its stability
 	t.Run("1/1", func(t *testing.T) {
-		for i := 0; i < runCount; i++ {
+		for range runCount {
 			test(t, setting.QueueSettings{BatchLength: 1, MaxWorkers: 1})
 		}
 	})
 	t.Run("3/1", func(t *testing.T) {
-		for i := 0; i < runCount; i++ {
+		for range runCount {
 			test(t, setting.QueueSettings{BatchLength: 3, MaxWorkers: 1})
 		}
 	})
 	t.Run("4/5", func(t *testing.T) {
-		for i := 0; i < runCount; i++ {
+		for range runCount {
 			test(t, setting.QueueSettings{BatchLength: 4, MaxWorkers: 5})
 		}
 	})
@@ -97,17 +97,17 @@ func TestWorkerPoolQueueUnhandled(t *testing.T) {
 func TestWorkerPoolQueuePersistence(t *testing.T) {
 	runCount := 2 // we can run these tests even hundreds times to see its stability
 	t.Run("1/1", func(t *testing.T) {
-		for i := 0; i < runCount; i++ {
+		for range runCount {
 			testWorkerPoolQueuePersistence(t, setting.QueueSettings{BatchLength: 1, MaxWorkers: 1, Length: 100})
 		}
 	})
 	t.Run("3/1", func(t *testing.T) {
-		for i := 0; i < runCount; i++ {
+		for range runCount {
 			testWorkerPoolQueuePersistence(t, setting.QueueSettings{BatchLength: 3, MaxWorkers: 1, Length: 100})
 		}
 	})
 	t.Run("4/5", func(t *testing.T) {
-		for i := 0; i < runCount; i++ {
+		for range runCount {
 			testWorkerPoolQueuePersistence(t, setting.QueueSettings{BatchLength: 4, MaxWorkers: 5, Length: 100})
 		}
 	})
@@ -142,7 +142,7 @@ func testWorkerPoolQueuePersistence(t *testing.T, queueSetting setting.QueueSett
 
 		q, _ := newWorkerPoolQueueForTest("pr_patch_checker_test", queueSetting, testHandler, true)
 		stop := runWorkerPoolQueue(q)
-		for i := 0; i < testCount; i++ {
+		for i := range testCount {
 			_ = q.Push("task-" + strconv.Itoa(i))
 		}
 		close(startWhenAllReady)
@@ -187,7 +187,7 @@ func TestWorkerPoolQueueActiveWorkers(t *testing.T) {
 
 	q, _ := newWorkerPoolQueueForTest("test-workpoolqueue", setting.QueueSettings{Type: "channel", BatchLength: 1, MaxWorkers: 1, Length: 100}, handler, false)
 	stop := runWorkerPoolQueue(q)
-	for i := 0; i < 5; i++ {
+	for i := range 5 {
 		require.NoError(t, q.Push(i))
 	}
 
@@ -203,7 +203,7 @@ func TestWorkerPoolQueueActiveWorkers(t *testing.T) {
 
 	q, _ = newWorkerPoolQueueForTest("test-workpoolqueue", setting.QueueSettings{Type: "channel", BatchLength: 1, MaxWorkers: 3, Length: 100}, handler, false)
 	stop = runWorkerPoolQueue(q)
-	for i := 0; i < 15; i++ {
+	for i := range 15 {
 		require.NoError(t, q.Push(i))
 	}
 
@@ -264,12 +264,12 @@ func TestWorkerPoolQueueWorkerIdleReset(t *testing.T) {
 	stop := runWorkerPoolQueue(q)
 
 	const workloadSize = 12
-	for i := 0; i < workloadSize; i++ {
+	for i := range workloadSize {
 		require.NoError(t, q.Push(i))
 	}
 
 	workerIDs := make(map[string]struct{})
-	for i := 0; i < workloadSize; i++ {
+	for i := range workloadSize {
 		c := <-chGoroutineIDs
 		workerIDs[c] = struct{}{}
 		t.Logf("%d workers: overall=%d current=%d", i, len(workerIDs), q.GetWorkerNumber())
diff --git a/modules/repository/init.go b/modules/repository/init.go
index 7b1442be93..66a65599a8 100644
--- a/modules/repository/init.go
+++ b/modules/repository/init.go
@@ -152,7 +152,7 @@ func InitializeLabels(ctx context.Context, id int64, labelTemplate string, isOrg
 	}
 
 	labels := make([]*issues_model.Label, len(list))
-	for i := 0; i < len(list); i++ {
+	for i := range list {
 		labels[i] = &issues_model.Label{
 			Name:        list[i].Name,
 			Exclusive:   list[i].Exclusive,
diff --git a/modules/setting/config.go b/modules/setting/config.go
index 6299640e61..90f3d12d11 100644
--- a/modules/setting/config.go
+++ b/modules/setting/config.go
@@ -4,6 +4,7 @@
 package setting
 
 import (
+	"strings"
 	"sync"
 
 	"forgejo.org/modules/log"
@@ -23,11 +24,11 @@ type OpenWithEditorApp struct {
 type OpenWithEditorAppsType []OpenWithEditorApp
 
 func (t OpenWithEditorAppsType) ToTextareaString() string {
-	ret := ""
+	var ret strings.Builder
 	for _, app := range t {
-		ret += app.DisplayName + " = " + app.OpenURL + "\n"
+		ret.WriteString(app.DisplayName + " = " + app.OpenURL + "\n")
 	}
-	return ret
+	return ret.String()
 }
 
 func DefaultOpenWithEditorApps() OpenWithEditorAppsType {
diff --git a/modules/setting/config_env.go b/modules/setting/config_env.go
index 458dbb51bb..68a7c94db2 100644
--- a/modules/setting/config_env.go
+++ b/modules/setting/config_env.go
@@ -51,10 +51,10 @@ func decodeEnvSectionKey(encoded string) (ok bool, section, key string) {
 	for _, unescapeIdx := range escapeStringIndices {
 		preceding := encoded[last:unescapeIdx[0]]
 		if !inKey {
-			if splitter := strings.Index(preceding, "__"); splitter > -1 {
-				section += preceding[:splitter]
+			if before, after, ok := strings.Cut(preceding, "__"); ok {
+				section += before
 				inKey = true
-				key += preceding[splitter+2:]
+				key += after
 			} else {
 				section += preceding
 			}
@@ -77,9 +77,9 @@ func decodeEnvSectionKey(encoded string) (ok bool, section, key string) {
 	}
 	remaining := encoded[last:]
 	if !inKey {
-		if splitter := strings.Index(remaining, "__"); splitter > -1 {
-			section += remaining[:splitter]
-			key += remaining[splitter+2:]
+		if before, after, ok := strings.Cut(remaining, "__"); ok {
+			section += before
+			key += after
 		} else {
 			section += remaining
 		}
@@ -113,25 +113,24 @@ func decodeEnvironmentKey(prefixRegexp *regexp.Regexp, suffixFile, envKey string
 func EnvironmentToConfig(cfg ConfigProvider, envs []string) (changed bool) {
 	prefixRegexp := regexp.MustCompile(EnvConfigKeyPrefixGitea)
 	for _, kv := range envs {
-		idx := strings.IndexByte(kv, '=')
-		if idx < 0 {
+		before, after, ok0 := strings.Cut(kv, "=")
+		if !ok0 {
 			continue
 		}
 
 		// parse the environment variable to config section name and key name
-		envKey := kv[:idx]
-		envValue := kv[idx+1:]
+		envKey := before
+		keyValue := after
 		ok, sectionName, keyName, useFileValue := decodeEnvironmentKey(prefixRegexp, EnvConfigKeySuffixFile, envKey)
 		if !ok {
 			continue
 		}
 
 		// use environment value as config value, or read the file content as value if the key indicates a file
-		keyValue := envValue
 		if useFileValue {
-			fileContent, err := os.ReadFile(envValue)
+			fileContent, err := os.ReadFile(keyValue)
 			if err != nil {
-				log.Error("Error reading file for %s : %v", envKey, envValue, err)
+				log.Error("Error reading file for %s : %v", envKey, keyValue, err)
 				continue
 			}
 			if bytes.HasSuffix(fileContent, []byte("\r\n")) {
diff --git a/modules/setting/indexer.go b/modules/setting/indexer.go
index b112a50cfa..948dae0bea 100644
--- a/modules/setting/indexer.go
+++ b/modules/setting/indexer.go
@@ -108,7 +108,7 @@ func loadIndexerFrom(rootCfg ConfigProvider) {
 // IndexerGlobFromString parses a comma separated list of patterns and returns a glob.Glob slice suited for repo indexing
 func IndexerGlobFromString(globstr string) []Glob {
 	extarr := make([]Glob, 0, 10)
-	for _, expr := range strings.Split(strings.ToLower(globstr), ",") {
+	for expr := range strings.SplitSeq(strings.ToLower(globstr), ",") {
 		expr = strings.TrimSpace(expr)
 		if expr != "" {
 			if g, err := glob.Compile(expr, '.', '/'); err != nil {
diff --git a/modules/setting/log.go b/modules/setting/log.go
index ecc591fd35..7799f8187b 100644
--- a/modules/setting/log.go
+++ b/modules/setting/log.go
@@ -269,8 +269,8 @@ func initLoggerByName(manager *log.LoggerManager, rootCfg ConfigProvider, logger
 	}
 
 	var eventWriters []log.EventWriter
-	modes := strings.Split(modeVal, ",")
-	for _, modeName := range modes {
+	modes := strings.SplitSeq(modeVal, ",")
+	for modeName := range modes {
 		modeName = strings.TrimSpace(modeName)
 		if modeName == "" {
 			continue
diff --git a/modules/setting/markup.go b/modules/setting/markup.go
index 4ab9e7b2d1..0ece86dfd1 100644
--- a/modules/setting/markup.go
+++ b/modules/setting/markup.go
@@ -85,8 +85,8 @@ func loadMarkupFrom(rootCfg ConfigProvider) {
 func newMarkupSanitizer(name string, sec ConfigSection) {
 	rule, ok := createMarkupSanitizerRule(name, sec)
 	if ok {
-		if strings.HasPrefix(name, "sanitizer.") {
-			names := strings.SplitN(strings.TrimPrefix(name, "sanitizer."), ".", 2)
+		if after, ok0 := strings.CutPrefix(name, "sanitizer."); ok0 {
+			names := strings.SplitN(after, ".", 2)
 			name = names[0]
 		}
 		for _, renderer := range ExternalMarkupRenderers {
diff --git a/modules/setting/mirror.go b/modules/setting/mirror.go
index 58c57c5c95..083c67db45 100644
--- a/modules/setting/mirror.go
+++ b/modules/setting/mirror.go
@@ -48,11 +48,7 @@ func loadMirrorFrom(rootCfg ConfigProvider) {
 		Mirror.MinInterval = 1 * time.Minute
 	}
 	if Mirror.DefaultInterval < Mirror.MinInterval {
-		if time.Hour*8 < Mirror.MinInterval {
-			Mirror.DefaultInterval = Mirror.MinInterval
-		} else {
-			Mirror.DefaultInterval = time.Hour * 8
-		}
+		Mirror.DefaultInterval = max(time.Hour*8, Mirror.MinInterval)
 		log.Warn("Mirror.DefaultInterval is less than Mirror.MinInterval, set to %s", Mirror.DefaultInterval.String())
 	}
 }
diff --git a/modules/setting/storage.go b/modules/setting/storage.go
index e458300727..93958219a8 100644
--- a/modules/setting/storage.go
+++ b/modules/setting/storage.go
@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"path/filepath"
+	"slices"
 	"strings"
 )
 
@@ -27,12 +28,7 @@ var storageTypes = []StorageType{
 
 // IsValidStorageType returns true if the given storage type is valid
 func IsValidStorageType(storageType StorageType) bool {
-	for _, t := range storageTypes {
-		if t == storageType {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(storageTypes, storageType)
 }
 
 // MinioStorageConfig represents the configuration for a minio storage
diff --git a/modules/structs/action.go b/modules/structs/action.go
index a39ae11d65..cb6d76f3e3 100644
--- a/modules/structs/action.go
+++ b/modules/structs/action.go
@@ -70,13 +70,13 @@ type ActionRun struct {
 	// the current status of this run
 	Status string `json:"status"`
 	// when the action run was started
-	Started time.Time `json:"started,omitempty"`
+	Started time.Time `json:"started"`
 	// when the action run was stopped
-	Stopped time.Time `json:"stopped,omitempty"`
+	Stopped time.Time `json:"stopped"`
 	// when the action run was created
-	Created time.Time `json:"created,omitempty"`
+	Created time.Time `json:"created"`
 	// when the action run was last updated
-	Updated time.Time `json:"updated,omitempty"`
+	Updated time.Time `json:"updated"`
 	// how long the action run ran for
 	Duration time.Duration `json:"duration,omitempty"`
 	// the url of this action run
diff --git a/modules/structs/issue.go b/modules/structs/issue.go
index 6208c28be1..37c71f5736 100644
--- a/modules/structs/issue.go
+++ b/modules/structs/issue.go
@@ -204,7 +204,7 @@ func (l *IssueTemplateLabels) UnmarshalYAML(value *yaml.Node) error {
 		if err != nil {
 			return err
 		}
-		for _, v := range strings.Split(str, ",") {
+		for v := range strings.SplitSeq(str, ",") {
 			if v = strings.TrimSpace(v); v == "" {
 				continue
 			}
diff --git a/modules/structs/repo.go b/modules/structs/repo.go
index 059f19c2bb..3fa43ce0cb 100644
--- a/modules/structs/repo.go
+++ b/modules/structs/repo.go
@@ -118,7 +118,7 @@ type Repository struct {
 	// enum: ["sha1", "sha256"]
 	ObjectFormatName string `json:"object_format_name"`
 	// swagger:strfmt date-time
-	MirrorUpdated time.Time     `json:"mirror_updated,omitempty"`
+	MirrorUpdated time.Time     `json:"mirror_updated"`
 	RepoTransfer  *RepoTransfer `json:"repo_transfer"`
 	Topics        []string      `json:"topics"`
 }
diff --git a/modules/structs/user.go b/modules/structs/user.go
index 49e4c495cf..e0767071d0 100644
--- a/modules/structs/user.go
+++ b/modules/structs/user.go
@@ -34,9 +34,9 @@ type User struct {
 	// Is the user an administrator
 	IsAdmin bool `json:"is_admin"`
 	// swagger:strfmt date-time
-	LastLogin time.Time `json:"last_login,omitempty"`
+	LastLogin time.Time `json:"last_login"`
 	// swagger:strfmt date-time
-	Created time.Time `json:"created,omitempty"`
+	Created time.Time `json:"created"`
 	// Is user restricted
 	Restricted bool `json:"restricted"`
 	// Is user active
diff --git a/modules/structs/user_gpgkey.go b/modules/structs/user_gpgkey.go
index ff9b0aea1d..deae70de33 100644
--- a/modules/structs/user_gpgkey.go
+++ b/modules/structs/user_gpgkey.go
@@ -21,9 +21,9 @@ type GPGKey struct {
 	CanCertify        bool           `json:"can_certify"`
 	Verified          bool           `json:"verified"`
 	// swagger:strfmt date-time
-	Created time.Time `json:"created_at,omitempty"`
+	Created time.Time `json:"created_at"`
 	// swagger:strfmt date-time
-	Expires time.Time `json:"expires_at,omitempty"`
+	Expires time.Time `json:"expires_at"`
 }
 
 // GPGKeyEmail an email attached to a GPGKey
diff --git a/modules/structs/user_key.go b/modules/structs/user_key.go
index 08eed59a89..b92552b200 100644
--- a/modules/structs/user_key.go
+++ b/modules/structs/user_key.go
@@ -15,7 +15,7 @@ type PublicKey struct {
 	Title       string `json:"title,omitempty"`
 	Fingerprint string `json:"fingerprint,omitempty"`
 	// swagger:strfmt date-time
-	Created  time.Time `json:"created_at,omitempty"`
+	Created  time.Time `json:"created_at"`
 	Owner    *User     `json:"user,omitempty"`
 	ReadOnly bool      `json:"read_only,omitempty"`
 	KeyType  string    `json:"key_type,omitempty"`
diff --git a/modules/templates/eval/eval_test.go b/modules/templates/eval/eval_test.go
index 3e68203638..6b13d14007 100644
--- a/modules/templates/eval/eval_test.go
+++ b/modules/templates/eval/eval_test.go
@@ -13,7 +13,7 @@ import (
 )
 
 func tokens(s string) (a []any) {
-	for _, v := range strings.Fields(s) {
+	for v := range strings.FieldsSeq(s) {
 		a = append(a, v)
 	}
 	return a
diff --git a/modules/templates/htmlrenderer.go b/modules/templates/htmlrenderer.go
index d60397df08..4290e1c29f 100644
--- a/modules/templates/htmlrenderer.go
+++ b/modules/templates/htmlrenderer.go
@@ -248,7 +248,7 @@ func extractErrorLine(code []byte, lineNum, posNum int, target string) string {
 	b := bufio.NewReader(bytes.NewReader(code))
 	var line []byte
 	var err error
-	for i := 0; i < lineNum; i++ {
+	for i := range lineNum {
 		if line, err = b.ReadBytes('\n'); err != nil {
 			if i == lineNum-1 && errors.Is(err, io.EOF) {
 				err = nil
diff --git a/modules/templates/scopedtmpl/scopedtmpl.go b/modules/templates/scopedtmpl/scopedtmpl.go
index 41a8ca86e9..d9866b3513 100644
--- a/modules/templates/scopedtmpl/scopedtmpl.go
+++ b/modules/templates/scopedtmpl/scopedtmpl.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"html/template"
 	"io"
+	"maps"
 	"reflect"
 	"sync"
 	texttemplate "text/template"
@@ -40,9 +41,7 @@ func (t *ScopedTemplate) Funcs(funcMap template.FuncMap) {
 		panic("cannot add new functions to frozen template set")
 	}
 	t.all.Funcs(funcMap)
-	for k, v := range funcMap {
-		t.parseFuncs[k] = v
-	}
+	maps.Copy(t.parseFuncs, funcMap)
 }
 
 func (t *ScopedTemplate) New(name string) *template.Template {
@@ -159,9 +158,7 @@ func newScopedTemplateSet(all *template.Template, name string) (*scopedTemplateS
 
 	textTmplPtr.muFuncs.Lock()
 	ts.execFuncs = map[string]reflect.Value{}
-	for k, v := range textTmplPtr.execFuncs {
-		ts.execFuncs[k] = v
-	}
+	maps.Copy(ts.execFuncs, textTmplPtr.execFuncs)
 	textTmplPtr.muFuncs.Unlock()
 
 	var collectTemplates func(nodes []parse.Node)
@@ -220,9 +217,7 @@ func (ts *scopedTemplateSet) newExecutor(funcMap map[string]any) TemplateExecuto
 	tmpl := texttemplate.New("")
 	tmplPtr := ptr[textTemplate](tmpl)
 	tmplPtr.execFuncs = map[string]reflect.Value{}
-	for k, v := range ts.execFuncs {
-		tmplPtr.execFuncs[k] = v
-	}
+	maps.Copy(tmplPtr.execFuncs, ts.execFuncs)
 	if funcMap != nil {
 		tmpl.Funcs(funcMap)
 	}
diff --git a/modules/templates/util_render.go b/modules/templates/util_render.go
index 02851ed75d..e1ad83b88d 100644
--- a/modules/templates/util_render.go
+++ b/modules/templates/util_render.go
@@ -246,7 +246,8 @@ func RenderMarkdownToHtml(ctx context.Context, input string) template.HTML { //n
 }
 
 func RenderLabels(ctx *Context, labels []*issues_model.Label, repoLink string, isPull bool) template.HTML {
-	htmlCode := `<span class="labels-list">`
+	var htmlCode strings.Builder
+	htmlCode.WriteString(`<span class="labels-list">`)
 	for _, label := range labels {
 		// Protect against nil value in labels - shouldn't happen but would cause a panic if so
 		if label == nil {
@@ -257,11 +258,11 @@ func RenderLabels(ctx *Context, labels []*issues_model.Label, repoLink string, i
 		if isPull {
 			issuesOrPull = "pulls"
 		}
-		htmlCode += fmt.Sprintf("<a href='%s/%s?labels=%d' rel='nofollow'>%s</a> ",
+		fmt.Fprintf(&htmlCode, "<a href='%s/%s?labels=%d' rel='nofollow'>%s</a> ",
 			repoLink, issuesOrPull, label.ID, RenderLabel(ctx, label))
 	}
-	htmlCode += "</span>"
-	return template.HTML(htmlCode)
+	htmlCode.WriteString("</span>")
+	return template.HTML(htmlCode.String())
 }
 
 func RenderUser(ctx context.Context, user user_model.User) template.HTML {
diff --git a/modules/test/logchecker.go b/modules/test/logchecker.go
index 8e8fc32216..af82ff0461 100644
--- a/modules/test/logchecker.go
+++ b/modules/test/logchecker.go
@@ -53,11 +53,11 @@ func (lc *LogChecker) checkLogEvent(event *log.EventFormatted) {
 	}
 }
 
-var checkerIndex int64
+var checkerIndex atomic.Int64
 
 func NewLogChecker(namePrefix string, level log.Level) (logChecker *LogChecker, cancel func()) {
 	logger := log.GetManager().GetLogger(namePrefix)
-	newCheckerIndex := atomic.AddInt64(&checkerIndex, 1)
+	newCheckerIndex := checkerIndex.Add(1)
 	writerName := namePrefix + "-" + fmt.Sprint(newCheckerIndex)
 
 	lc := &LogChecker{}
diff --git a/modules/testlogger/testlogger.go b/modules/testlogger/testlogger.go
index 6ced5f6780..54f0462703 100644
--- a/modules/testlogger/testlogger.go
+++ b/modules/testlogger/testlogger.go
@@ -501,7 +501,7 @@ func PrintCurrentTest(t testing.TB, skip ...int) func() {
 // Printf takes a format and args and prints the string to os.Stdout
 func Printf(format string, args ...any) {
 	if log.CanColorStdout {
-		for i := 0; i < len(args); i++ {
+		for i := range args {
 			args[i] = log.NewColoredValue(args[i])
 		}
 	}
diff --git a/modules/updatechecker/update_checker.go b/modules/updatechecker/update_checker.go
index b0932ba663..8b524b6519 100644
--- a/modules/updatechecker/update_checker.go
+++ b/modules/updatechecker/update_checker.go
@@ -60,9 +60,9 @@ func getVersionDNS(domainEndpoint string) (version string, err error) {
 	}
 
 	for _, record := range records {
-		if strings.HasPrefix(record, "forgejo_versions=") {
+		if after, ok := strings.CutPrefix(record, "forgejo_versions="); ok {
 			// Get all supported versions, separated by a comma.
-			supportedVersions := strings.Split(strings.TrimPrefix(record, "forgejo_versions="), ",")
+			supportedVersions := strings.Split(after, ",")
 			// For now always return the latest supported version.
 			return supportedVersions[len(supportedVersions)-1], nil
 		}
diff --git a/modules/util/remove.go b/modules/util/remove.go
index 2a65a6b0aa..e2cffc92c9 100644
--- a/modules/util/remove.go
+++ b/modules/util/remove.go
@@ -12,7 +12,7 @@ import (
 // Remove removes the named file or (empty) directory with at most 5 attempts.
 func Remove(name string) error {
 	var err error
-	for i := 0; i < 5; i++ {
+	for range 5 {
 		err = os.Remove(name)
 		if err == nil {
 			break
@@ -35,7 +35,7 @@ func Remove(name string) error {
 // RemoveAll removes the named file or (empty) directory with at most 5 attempts.
 func RemoveAll(name string) error {
 	var err error
-	for i := 0; i < 5; i++ {
+	for range 5 {
 		err = os.RemoveAll(name)
 		if err == nil {
 			break
@@ -58,7 +58,7 @@ func RemoveAll(name string) error {
 // Rename renames (moves) oldpath to newpath with at most 5 attempts.
 func Rename(oldpath, newpath string) error {
 	var err error
-	for i := 0; i < 5; i++ {
+	for i := range 5 {
 		err = os.Rename(oldpath, newpath)
 		if err == nil {
 			break
diff --git a/modules/util/rotatingfilewriter/writer_test.go b/modules/util/rotatingfilewriter/writer_test.go
index 5b3b351667..c3664d8c4f 100644
--- a/modules/util/rotatingfilewriter/writer_test.go
+++ b/modules/util/rotatingfilewriter/writer_test.go
@@ -24,7 +24,7 @@ func TestCompressOldFile(t *testing.T) {
 	ng, err := os.OpenFile(nonGzip, os.O_CREATE|os.O_WRONLY, 0o660)
 	require.NoError(t, err)
 
-	for i := 0; i < 999; i++ {
+	for range 999 {
 		f.WriteString("This is a test file\n")
 		ng.WriteString("This is a test file\n")
 	}
diff --git a/modules/util/timer_test.go b/modules/util/timer_test.go
index 602800c248..1f9a4ac586 100644
--- a/modules/util/timer_test.go
+++ b/modules/util/timer_test.go
@@ -12,19 +12,19 @@ import (
 )
 
 func TestDebounce(t *testing.T) {
-	var c int64
+	var c atomic.Int64
 	d := Debounce(50 * time.Millisecond)
-	d(func() { atomic.AddInt64(&c, 1) })
-	assert.EqualValues(t, 0, atomic.LoadInt64(&c))
-	d(func() { atomic.AddInt64(&c, 1) })
-	d(func() { atomic.AddInt64(&c, 1) })
+	d(func() { c.Add(1) })
+	assert.EqualValues(t, 0, c.Load())
+	d(func() { c.Add(1) })
+	d(func() { c.Add(1) })
 	time.Sleep(100 * time.Millisecond)
-	assert.EqualValues(t, 1, atomic.LoadInt64(&c))
-	d(func() { atomic.AddInt64(&c, 1) })
-	assert.EqualValues(t, 1, atomic.LoadInt64(&c))
-	d(func() { atomic.AddInt64(&c, 1) })
-	d(func() { atomic.AddInt64(&c, 1) })
-	d(func() { atomic.AddInt64(&c, 1) })
+	assert.EqualValues(t, 1, c.Load())
+	d(func() { c.Add(1) })
+	assert.EqualValues(t, 1, c.Load())
+	d(func() { c.Add(1) })
+	d(func() { c.Add(1) })
+	d(func() { c.Add(1) })
 	time.Sleep(100 * time.Millisecond)
-	assert.EqualValues(t, 2, atomic.LoadInt64(&c))
+	assert.EqualValues(t, 2, c.Load())
 }
diff --git a/modules/util/truncate.go b/modules/util/truncate.go
index 7207a89177..35836f745c 100644
--- a/modules/util/truncate.go
+++ b/modules/util/truncate.go
@@ -47,7 +47,7 @@ func SplitTrimSpace(input, sep string) []string {
 	input = strings.ReplaceAll(input, "\r\n", "\n")
 
 	var stringList []string
-	for _, s := range strings.Split(input, sep) {
+	for s := range strings.SplitSeq(input, sep) {
 		// trim leading and trailing space
 		stringList = append(stringList, strings.TrimSpace(s))
 	}
diff --git a/modules/util/util_test.go b/modules/util/util_test.go
index a85113b2f4..24fca75e7b 100644
--- a/modules/util/util_test.go
+++ b/modules/util/util_test.go
@@ -243,7 +243,7 @@ func TestGeneratingEd25519Keypair(t *testing.T) {
 	// And another 32 bytes are required, which is included as random value
 	// in the OpenSSH format.
 	b := make([]byte, 64)
-	for i := 0; i < 64; i++ {
+	for i := range 64 {
 		b[i] = byte(i)
 	}
 	rand.Reader = bytes.NewReader(b)
diff --git a/modules/validation/binding.go b/modules/validation/binding.go
index 463e7e8f7a..23d0622de4 100644
--- a/modules/validation/binding.go
+++ b/modules/validation/binding.go
@@ -266,17 +266,17 @@ func addEmailBindingRules() {
 }
 
 func portOnly(hostport string) string {
-	colon := strings.IndexByte(hostport, ':')
-	if colon == -1 {
+	_, after, ok := strings.Cut(hostport, ":")
+	if !ok {
 		return ""
 	}
-	if i := strings.Index(hostport, "]:"); i != -1 {
-		return hostport[i+len("]:"):]
+	if _, after, ok := strings.Cut(hostport, "]:"); ok {
+		return after
 	}
 	if strings.Contains(hostport, "]") {
 		return ""
 	}
-	return hostport[colon+len(":"):]
+	return after
 }
 
 func validPort(p string) bool {
diff --git a/modules/validation/helpers.go b/modules/validation/helpers.go
index 848fb70af5..ce451b8ff4 100644
--- a/modules/validation/helpers.go
+++ b/modules/validation/helpers.go
@@ -7,6 +7,7 @@ import (
 	"net"
 	"net/url"
 	"regexp"
+	"slices"
 	"strings"
 
 	"forgejo.org/modules/setting"
@@ -40,12 +41,7 @@ func IsValidSiteURL(uri string) bool {
 		return false
 	}
 
-	for _, scheme := range setting.Service.ValidSiteURLSchemes {
-		if scheme == u.Scheme {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(setting.Service.ValidSiteURLSchemes, u.Scheme)
 }
 
 // IsAPIURL checks if URL is current Gitea instance API URL
diff --git a/modules/validation/validatable.go b/modules/validation/validatable.go
index 1b0d4aa382..1751e727f3 100644
--- a/modules/validation/validatable.go
+++ b/modules/validation/validatable.go
@@ -6,6 +6,7 @@ package validation
 import (
 	"fmt"
 	"reflect"
+	"slices"
 	"strings"
 	"unicode/utf8"
 
@@ -87,10 +88,8 @@ func ValidateMaxLen(value string, maxLen int, name string) []string {
 }
 
 func ValidateOneOf(value any, allowed []any, name string) []string {
-	for _, allowedElem := range allowed {
-		if value == allowedElem {
-			return []string{}
-		}
+	if slices.Contains(allowed, value) {
+		return []string{}
 	}
 	return []string{fmt.Sprintf("Field %s contains the value %v, which is not in allowed subset %v", name, value, allowed)}
 }
diff --git a/modules/web/handler.go b/modules/web/handler.go
index 4a7f28b1fa..e3f0b029fd 100644
--- a/modules/web/handler.go
+++ b/modules/web/handler.go
@@ -17,7 +17,7 @@ import (
 var responseStatusProviders = map[reflect.Type]func(req *http.Request) types.ResponseStatusProvider{}
 
 func RegisterResponseStatusProvider[T any](fn func(req *http.Request) types.ResponseStatusProvider) {
-	responseStatusProviders[reflect.TypeOf((*T)(nil)).Elem()] = fn
+	responseStatusProviders[reflect.TypeFor[T]()] = fn
 }
 
 // responseWriter is a wrapper of http.ResponseWriter, to check whether the response has been written
@@ -49,9 +49,9 @@ func (r *responseWriter) WriteHeader(statusCode int) {
 }
 
 var (
-	httpReqType    = reflect.TypeOf((*http.Request)(nil))
-	respWriterType = reflect.TypeOf((*http.ResponseWriter)(nil)).Elem()
-	cancelFuncType = reflect.TypeOf((*goctx.CancelFunc)(nil)).Elem()
+	httpReqType    = reflect.TypeFor[*http.Request]()
+	respWriterType = reflect.TypeFor[http.ResponseWriter]()
+	cancelFuncType = reflect.TypeFor[goctx.CancelFunc]()
 )
 
 // preCheckHandler checks whether the handler is valid, developers could get first-time feedback, all mistakes could be found at startup
diff --git a/modules/web/middleware/binding.go b/modules/web/middleware/binding.go
index 123eb29015..06bf55b571 100644
--- a/modules/web/middleware/binding.go
+++ b/modules/web/middleware/binding.go
@@ -30,7 +30,7 @@ func AssignForm(form any, data map[string]any) {
 	typ := reflect.TypeOf(form)
 	val := reflect.ValueOf(form)
 
-	for typ.Kind() == reflect.Ptr {
+	for typ.Kind() == reflect.Pointer {
 		typ = typ.Elem()
 		val = val.Elem()
 	}
@@ -51,7 +51,7 @@ func AssignForm(form any, data map[string]any) {
 }
 
 func getRuleBody(field reflect.StructField, prefix string) string {
-	for _, rule := range strings.Split(field.Tag.Get("binding"), ";") {
+	for rule := range strings.SplitSeq(field.Tag.Get("binding"), ";") {
 		if strings.HasPrefix(rule, prefix) {
 			return rule[len(prefix) : len(rule)-1]
 		}
@@ -99,7 +99,7 @@ func Validate(errs binding.Errors, data map[string]any, f any, l translation.Loc
 
 	typ := reflect.TypeOf(f)
 
-	if typ.Kind() == reflect.Ptr {
+	if typ.Kind() == reflect.Pointer {
 		typ = typ.Elem()
 	}
 
diff --git a/modules/web/middleware/data.go b/modules/web/middleware/data.go
index 4603e64052..c8bb8276c5 100644
--- a/modules/web/middleware/data.go
+++ b/modules/web/middleware/data.go
@@ -5,6 +5,7 @@ package middleware
 
 import (
 	"context"
+	"maps"
 	"time"
 
 	"forgejo.org/modules/setting"
@@ -22,9 +23,7 @@ func (ds ContextData) GetData() ContextData {
 }
 
 func (ds ContextData) MergeFrom(other ContextData) ContextData {
-	for k, v := range other {
-		ds[k] = v
-	}
+	maps.Copy(ds, other)
 	return ds
 }
 
diff --git a/modules/web/route.go b/modules/web/route.go
index ceb97ba333..dc83178f74 100644
--- a/modules/web/route.go
+++ b/modules/web/route.go
@@ -107,8 +107,8 @@ func (r *Route) Methods(methods, pattern string, h ...any) {
 	middlewares, handlerFunc := r.wrapMiddlewareAndHandler(h)
 	fullPattern := r.getPattern(pattern)
 	if strings.Contains(methods, ",") {
-		methods := strings.Split(methods, ",")
-		for _, method := range methods {
+		methods := strings.SplitSeq(methods, ",")
+		for method := range methods {
 			r.R.With(middlewares...).Method(strings.TrimSpace(method), fullPattern, handlerFunc)
 		}
 	} else {
diff --git a/routers/api/actions/oidc.go b/routers/api/actions/oidc.go
index 92341e4f66..d824030ca7 100644
--- a/routers/api/actions/oidc.go
+++ b/routers/api/actions/oidc.go
@@ -99,8 +99,7 @@ func OIDCRoutes(prefix string) *web.Route {
 
 	// Add custom claims by iterating over [actions_service.IDTokenCustomClaims]
 	// and inspecting the names of the json struct tags
-	customClaims := actions_service.IDTokenCustomClaims{}
-	rt := reflect.TypeOf(customClaims)
+	rt := reflect.TypeFor[actions_service.IDTokenCustomClaims]()
 
 	for i := 0; i < rt.NumField(); i++ {
 		f := rt.Field(i)
diff --git a/routers/api/packages/cargo/cargo.go b/routers/api/packages/cargo/cargo.go
index 50dc8d1c3d..9d4539a732 100644
--- a/routers/api/packages/cargo/cargo.go
+++ b/routers/api/packages/cargo/cargo.go
@@ -95,10 +95,7 @@ type SearchResultMeta struct {
 
 // https://doc.rust-lang.org/cargo/reference/registries.html#search
 func SearchPackages(ctx *context.Context) {
-	page := ctx.FormInt("page")
-	if page < 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	perPage := ctx.FormInt("per_page")
 	paginator := db.ListOptions{
 		Page:     page,
diff --git a/routers/api/packages/composer/composer.go b/routers/api/packages/composer/composer.go
index 9e67d419ec..8f87d27f3f 100644
--- a/routers/api/packages/composer/composer.go
+++ b/routers/api/packages/composer/composer.go
@@ -53,10 +53,7 @@ func ServiceIndex(ctx *context.Context) {
 // SearchPackages searches packages, only "q" is supported
 // https://packagist.org/apidoc#search-packages
 func SearchPackages(ctx *context.Context) {
-	page := ctx.FormInt("page")
-	if page < 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	perPage := ctx.FormInt("per_page")
 	paginator := db.ListOptions{
 		Page:     page,
diff --git a/routers/api/v1/repo/issue_dependency.go b/routers/api/v1/repo/issue_dependency.go
index 7c087e28b9..3d3ca58bd4 100644
--- a/routers/api/v1/repo/issue_dependency.go
+++ b/routers/api/v1/repo/issue_dependency.go
@@ -78,10 +78,7 @@ func GetIssueDependencies(ctx *context.APIContext) {
 		return
 	}
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	limit := ctx.FormInt("limit")
 	if limit == 0 {
 		limit = setting.API.DefaultPagingNum
@@ -332,10 +329,7 @@ func GetIssueBlocks(ctx *context.APIContext) {
 		return
 	}
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	limit := ctx.FormInt("limit")
 	if limit <= 1 {
 		limit = setting.API.DefaultPagingNum
diff --git a/routers/api/v1/repo/wiki.go b/routers/api/v1/repo/wiki.go
index 71d29d026b..2b14bacf89 100644
--- a/routers/api/v1/repo/wiki.go
+++ b/routers/api/v1/repo/wiki.go
@@ -303,10 +303,7 @@ func ListWikiPages(ctx *context.APIContext) {
 		return
 	}
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	limit := ctx.FormInt("limit")
 	if limit <= 1 {
 		limit = setting.API.DefaultPagingNum
@@ -439,10 +436,7 @@ func ListPageRevisions(ctx *context.APIContext) {
 	// get commit count - wiki revisions
 	commitsCount, _ := wikiRepo.FileCommitsCount(ctx.Repo.Repository.GetWikiBranchName(), pageFilename)
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	// get Commit Count
 	commitsHistory, err := wikiRepo.CommitsByFileAndRange(
diff --git a/routers/install/install.go b/routers/install/install.go
index 243f4a8f19..95452e64dd 100644
--- a/routers/install/install.go
+++ b/routers/install/install.go
@@ -11,6 +11,7 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
+	"slices"
 	"strconv"
 	"strings"
 	"time"
@@ -103,11 +104,8 @@ func Install(ctx *context.Context) {
 
 	curDBType := setting.Database.Type.String()
 	var isCurDBTypeSupported bool
-	for _, dbType := range setting.SupportedDatabaseTypes {
-		if dbType == curDBType {
-			isCurDBTypeSupported = true
-			break
-		}
+	if slices.Contains(setting.SupportedDatabaseTypes, curDBType) {
+		isCurDBTypeSupported = true
 	}
 	if !isCurDBTypeSupported {
 		curDBType = "mysql"
diff --git a/routers/private/serv.go b/routers/private/serv.go
index 7c4a5b8bb7..26f7e288cd 100644
--- a/routers/private/serv.go
+++ b/routers/private/serv.go
@@ -6,6 +6,7 @@ package private
 import (
 	"fmt"
 	"net/http"
+	"slices"
 	"strings"
 
 	asymkey_model "forgejo.org/models/asymkey"
@@ -165,15 +166,13 @@ func ServCommand(ctx *context.PrivateContext) {
 	if err != nil {
 		if repo_model.IsErrRepoNotExist(err) {
 			repoExist = false
-			for _, verb := range ctx.FormStrings("verb") {
-				if verb == "git-upload-pack" {
-					// User is fetching/cloning a non-existent repository
-					sshLogger.Warn("Failed authentication attempt (cannot find repository: %s/%s) from %s", results.OwnerName, results.RepoName, ctx.RemoteAddr())
-					ctx.JSON(http.StatusNotFound, private.Response{
-						UserMsg: fmt.Sprintf("Cannot find repository: %s/%s", results.OwnerName, results.RepoName),
-					})
-					return
-				}
+			if slices.Contains(ctx.FormStrings("verb"), "git-upload-pack") {
+				// User is fetching/cloning a non-existent repository
+				sshLogger.Warn("Failed authentication attempt (cannot find repository: %s/%s) from %s", results.OwnerName, results.RepoName, ctx.RemoteAddr())
+				ctx.JSON(http.StatusNotFound, private.Response{
+					UserMsg: fmt.Sprintf("Cannot find repository: %s/%s", results.OwnerName, results.RepoName),
+				})
+				return
 			}
 		} else {
 			sshLogger.Error("Unable to get repository: %s/%s Error: %v", results.OwnerName, results.RepoName, err)
diff --git a/routers/web/admin/auths.go b/routers/web/admin/auths.go
index 27a241f508..e03fea9da2 100644
--- a/routers/web/admin/auths.go
+++ b/routers/web/admin/auths.go
@@ -166,7 +166,7 @@ func parseOAuth2Config(form forms.AuthenticationForm) *oauth2.Source {
 		customURLMapping = nil
 	}
 	var scopes []string
-	for _, s := range strings.Split(form.Oauth2Scopes, ",") {
+	for s := range strings.SplitSeq(form.Oauth2Scopes, ",") {
 		s = strings.TrimSpace(s)
 		if s != "" {
 			scopes = append(scopes, s)
diff --git a/routers/web/admin/config.go b/routers/web/admin/config.go
index e1c3a5f9ee..2d3ea78052 100644
--- a/routers/web/admin/config.go
+++ b/routers/web/admin/config.go
@@ -62,7 +62,7 @@ func TestCache(ctx *context.Context) {
 
 func shadowPasswordKV(cfgItem, splitter string) string {
 	fields := strings.Split(cfgItem, splitter)
-	for i := 0; i < len(fields); i++ {
+	for i := range fields {
 		if strings.HasPrefix(fields[i], "password=") {
 			fields[i] = "password=******"
 			break
diff --git a/routers/web/admin/notice.go b/routers/web/admin/notice.go
index 8bcaadf915..f67430f386 100644
--- a/routers/web/admin/notice.go
+++ b/routers/web/admin/notice.go
@@ -26,10 +26,7 @@ func Notices(ctx *context.Context) {
 	ctx.Data["PageIsAdminNotices"] = true
 
 	total := system_model.CountNotices(ctx)
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	notices, err := system_model.Notices(ctx, page, setting.UI.Admin.NoticePagingNum)
 	if err != nil {
diff --git a/routers/web/admin/packages.go b/routers/web/admin/packages.go
index 5c80a1eada..032d10fc41 100644
--- a/routers/web/admin/packages.go
+++ b/routers/web/admin/packages.go
@@ -24,10 +24,7 @@ const (
 
 // Packages shows all packages
 func Packages(ctx *context.Context) {
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	query := ctx.FormTrim("q")
 	packageType := ctx.FormTrim("type")
 	sort := ctx.FormTrim("sort")
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 89d2fd37ce..eba2b441c4 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -283,8 +283,8 @@ type userInfoResponse struct {
 
 func ifOnlyPublicGroups(scopes string) bool {
 	scopes = strings.ReplaceAll(scopes, ",", " ")
-	scopesList := strings.Fields(scopes)
-	for _, scope := range scopesList {
+	scopesList := strings.FieldsSeq(scopes)
+	for scope := range scopesList {
 		if scope == "all" || scope == "read:organization" || scope == "read:admin" {
 			return false
 		}
@@ -424,11 +424,11 @@ func AuthorizeOAuth(ctx *context.Context) {
 	errs := binding.Errors{}
 	errs = form.Validate(ctx.Req, errs)
 	if len(errs) > 0 {
-		errstring := ""
+		var errstring strings.Builder
 		for _, e := range errs {
-			errstring += e.Error() + "\n"
+			errstring.WriteString(e.Error() + "\n")
 		}
-		ctx.ServerError("AuthorizeOAuth: Validate: ", fmt.Errorf("errors occurred during validation: %s", errstring))
+		ctx.ServerError("AuthorizeOAuth: Validate: ", fmt.Errorf("errors occurred during validation: %s", errstring.String()))
 		return
 	}
 
diff --git a/routers/web/org/members.go b/routers/web/org/members.go
index 4550d5f0e7..8a8c5122de 100644
--- a/routers/web/org/members.go
+++ b/routers/web/org/members.go
@@ -29,10 +29,7 @@ func Members(ctx *context.Context) {
 	ctx.Data["Title"] = org.FullName
 	ctx.Data["PageIsOrgMembers"] = true
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	opts := &organization.FindOrgMembersOpts{
 		Doer:  ctx.Doer,
diff --git a/routers/web/org/projects.go b/routers/web/org/projects.go
index a492d85d84..6e5f4079ac 100644
--- a/routers/web/org/projects.go
+++ b/routers/web/org/projects.go
@@ -48,10 +48,7 @@ func Projects(ctx *context.Context) {
 
 	isShowClosed := strings.ToLower(ctx.FormTrim("state")) == "closed"
 	keyword := ctx.FormTrim("q")
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	var projectType project_model.Type
 	if ctx.ContextUser.IsOrganization() {
diff --git a/routers/web/repo/branch.go b/routers/web/repo/branch.go
index 0fe52bfb48..3c32a3b9e5 100644
--- a/routers/web/repo/branch.go
+++ b/routers/web/repo/branch.go
@@ -46,10 +46,7 @@ func Branches(ctx *context.Context) {
 	ctx.Data["PageIsViewCode"] = true
 	ctx.Data["PageIsBranches"] = true
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	pageSize := setting.Git.BranchesRangeSize
 
 	kw := ctx.FormString("q")
diff --git a/routers/web/repo/commit.go b/routers/web/repo/commit.go
index 3db8a091b0..5b8f35f5b1 100644
--- a/routers/web/repo/commit.go
+++ b/routers/web/repo/commit.go
@@ -68,10 +68,7 @@ func Commits(ctx *context.Context) {
 		return
 	}
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	pageSize := ctx.FormInt("limit")
 	if pageSize <= 0 {
@@ -241,10 +238,7 @@ func FileHistory(ctx *context.Context) {
 		return
 	}
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	commits, err := ctx.Repo.GitRepo.CommitsByFileAndRange(
 		git.CommitsByFileAndRangeOptions{
diff --git a/routers/web/repo/editor.go b/routers/web/repo/editor.go
index 2948c1db3c..fb1aaf042a 100644
--- a/routers/web/repo/editor.go
+++ b/routers/web/repo/editor.go
@@ -832,7 +832,7 @@ func cleanUploadFileName(name string) string {
 	// Rebase the filename
 	name = util.PathJoinRel(name)
 	// Git disallows any filenames to have a .git directory in them.
-	for _, part := range strings.Split(name, "/") {
+	for part := range strings.SplitSeq(name, "/") {
 		if strings.ToLower(part) == ".git" {
 			return ""
 		}
diff --git a/routers/web/repo/githttp.go b/routers/web/repo/githttp.go
index 403245596d..de05d99a3e 100644
--- a/routers/web/repo/githttp.go
+++ b/routers/web/repo/githttp.go
@@ -13,6 +13,7 @@ import (
 	"os"
 	"path/filepath"
 	"regexp"
+	"slices"
 	"strconv"
 	"strings"
 	"sync"
@@ -363,12 +364,7 @@ func containsParentDirectorySeparator(v string) bool {
 	if !strings.Contains(v, "..") {
 		return false
 	}
-	for _, ent := range strings.FieldsFunc(v, isSlashRune) {
-		if ent == ".." {
-			return true
-		}
-	}
-	return false
+	return slices.Contains(strings.FieldsFunc(v, isSlashRune), "..")
 }
 
 func isSlashRune(r rune) bool { return r == '/' || r == '\\' }
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index cc09651e97..3852c4c18f 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -11,6 +11,7 @@ import (
 	"errors"
 	"fmt"
 	"html/template"
+	"maps"
 	"math/big"
 	"net/http"
 	"net/url"
@@ -267,10 +268,7 @@ func issues(ctx *context.Context, milestoneID, projectID int64, isPullOption opt
 
 	archived := ctx.FormBool("archived")
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	var total int
 	switch {
@@ -1014,9 +1012,7 @@ func NewIssue(ctx *context.Context) {
 
 	_, templateErrs := issue_service.GetTemplatesFromDefaultBranch(ctx.Repo.Repository, ctx.Repo.GitRepo)
 	templateLoaded, errs := setTemplateIfExists(ctx, issueTemplateKey, issueTemplateCandidates)
-	for k, v := range errs {
-		templateErrs[k] = v
-	}
+	maps.Copy(templateErrs, errs)
 	if ctx.Written() {
 		return
 	}
@@ -2190,7 +2186,7 @@ func getActionIssues(ctx *context.Context) issues_model.IssueList {
 		return nil
 	}
 	issueIDs := make([]int64, 0, 10)
-	for _, stringIssueID := range strings.Split(commaSeparatedIssueIDs, ",") {
+	for stringIssueID := range strings.SplitSeq(commaSeparatedIssueIDs, ",") {
 		issueID, err := strconv.ParseInt(stringIssueID, 10, 64)
 		if err != nil {
 			ctx.ServerError("ParseInt", err)
diff --git a/routers/web/repo/issue_label_test.go b/routers/web/repo/issue_label_test.go
index 0adcc39499..b4d350b31d 100644
--- a/routers/web/repo/issue_label_test.go
+++ b/routers/web/repo/issue_label_test.go
@@ -6,6 +6,7 @@ package repo
 import (
 	"net/http"
 	"strconv"
+	"strings"
 	"testing"
 
 	issues_model "forgejo.org/models/issues"
@@ -21,14 +22,14 @@ import (
 )
 
 func int64SliceToCommaSeparated(a []int64) string {
-	s := ""
+	var s strings.Builder
 	for i, n := range a {
 		if i > 0 {
-			s += ","
+			s.WriteString(",")
 		}
-		s += strconv.Itoa(int(n))
+		s.WriteString(strconv.Itoa(int(n)))
 	}
-	return s
+	return s.String()
 }
 
 func TestInitializeLabels(t *testing.T) {
diff --git a/routers/web/repo/milestone.go b/routers/web/repo/milestone.go
index 920a9ee12a..5ede62d992 100644
--- a/routers/web/repo/milestone.go
+++ b/routers/web/repo/milestone.go
@@ -40,10 +40,7 @@ func Milestones(ctx *context.Context) {
 	isShowClosed := ctx.FormString("state") == "closed"
 	sortType := ctx.FormString("sort")
 	keyword := ctx.FormTrim("q")
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	miles, total, err := db.FindAndCount[issues_model.Milestone](ctx, issues_model.FindMilestoneOptions{
 		ListOptions: db.ListOptions{
diff --git a/routers/web/repo/packages.go b/routers/web/repo/packages.go
index c947fb99bf..fd7e886557 100644
--- a/routers/web/repo/packages.go
+++ b/routers/web/repo/packages.go
@@ -21,10 +21,7 @@ const (
 
 // Packages displays a list of all packages in the repository
 func Packages(ctx *context.Context) {
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	query := ctx.FormTrim("q")
 	packageType := ctx.FormTrim("type")
 
diff --git a/routers/web/repo/projects.go b/routers/web/repo/projects.go
index e3e9ce0eb7..98e4c35fa2 100644
--- a/routers/web/repo/projects.go
+++ b/routers/web/repo/projects.go
@@ -57,10 +57,7 @@ func Projects(ctx *context.Context) {
 	isShowClosed := strings.ToLower(ctx.FormTrim("state")) == "closed"
 	keyword := ctx.FormTrim("q")
 	repo := ctx.Repo.Repository
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	ctx.Data["OpenCount"] = repo.NumOpenProjects
 	ctx.Data["ClosedCount"] = repo.NumClosedProjects
diff --git a/routers/web/repo/repo.go b/routers/web/repo/repo.go
index 6b6ec55720..e5ede13bf5 100644
--- a/routers/web/repo/repo.go
+++ b/routers/web/repo/repo.go
@@ -92,7 +92,7 @@ func checkContextUser(ctx *context.Context, uid int64) *user_model.User {
 
 	if !ctx.Doer.IsAdmin {
 		orgsAvailable := []*organization.Organization{}
-		for i := 0; i < len(orgs); i++ {
+		for i := range orgs {
 			if orgs[i].CanCreateRepo() {
 				orgsAvailable = append(orgsAvailable, orgs[i])
 			}
diff --git a/routers/web/repo/setting/lfs.go b/routers/web/repo/setting/lfs.go
index 78184930d3..40181ebb52 100644
--- a/routers/web/repo/setting/lfs.go
+++ b/routers/web/repo/setting/lfs.go
@@ -44,10 +44,7 @@ func LFSFiles(ctx *context.Context) {
 		ctx.NotFound("LFSFiles", nil)
 		return
 	}
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	total, err := git_model.CountLFSMetaObjects(ctx, ctx.Repo.Repository.ID)
 	if err != nil {
 		ctx.ServerError("LFSFiles", err)
@@ -76,10 +73,7 @@ func LFSLocks(ctx *context.Context) {
 	}
 	ctx.Data["LFSFilesLink"] = ctx.Repo.RepoLink + "/settings/lfs"
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	total, err := git_model.CountLFSLockByRepoID(ctx, ctx.Repo.Repository.ID)
 	if err != nil {
 		ctx.ServerError("LFSLocks", err)
diff --git a/routers/web/repo/wiki.go b/routers/web/repo/wiki.go
index 1b5265978a..8153288312 100644
--- a/routers/web/repo/wiki.go
+++ b/routers/web/repo/wiki.go
@@ -374,10 +374,7 @@ func renderRevisionPage(ctx *context.Context) (*git.Repository, *git.TreeEntry)
 	ctx.Data["CommitCount"] = commitsCount
 
 	// get page
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	// get Commit Count
 	commitsHistory, err := wikiRepo.CommitsByFileAndRange(
diff --git a/routers/web/shared/actions/runners.go b/routers/web/shared/actions/runners.go
index 012ec246fd..93543f92df 100644
--- a/routers/web/shared/actions/runners.go
+++ b/routers/web/shared/actions/runners.go
@@ -134,10 +134,7 @@ func RunnersList(ctx *context.Context) {
 		return
 	}
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	opts := actions_model.FindRunnerOptions{
 		ListOptions: db.ListOptions{
@@ -216,10 +213,7 @@ func RunnerDetails(ctx *context.Context) {
 	}
 
 	runnerID := ctx.ParamsInt64(":runnerid")
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	runner, err := actions_model.GetVisibleRunnerByID(ctx, runnerID, rCtx.OwnerID, rCtx.RepoID)
 	if errors.Is(err, util.ErrNotExist) {
diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index 9c40236475..60d6fc2bd0 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -191,7 +191,7 @@ func Milestones(ctx *context.Context) {
 			reposQuery = reposQuery[1 : len(reposQuery)-1]
 			// for each ID (delimiter ",") add to int to repoIDs
 
-			for _, rID := range strings.Split(reposQuery, ",") {
+			for rID := range strings.SplitSeq(reposQuery, ",") {
 				// Ensure nonempty string entries
 				if rID != "" && rID != "0" {
 					rIDint64, err := strconv.ParseInt(rID, 10, 64)
@@ -532,10 +532,7 @@ func buildIssueOverview(ctx *context.Context, unitType unit.Type) {
 	opts.IsClosed = optional.Some(isShowClosed)
 
 	// Make sure page number is at least 1. Will be posted to ctx.Data.
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	opts.Paginator = &db.ListOptions{
 		Page:     page,
 		PageSize: setting.UI.IssuePagingNum,
diff --git a/routers/web/user/notification.go b/routers/web/user/notification.go
index 3b69e5bddf..1445658c18 100644
--- a/routers/web/user/notification.go
+++ b/routers/web/user/notification.go
@@ -226,10 +226,7 @@ func NotificationPurgePost(ctx *context.Context) {
 
 // NotificationSubscriptions returns the list of subscribed issues
 func NotificationSubscriptions(ctx *context.Context) {
-	page := ctx.FormInt("page")
-	if page < 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	sortType := ctx.FormString("sort")
 	ctx.Data["SortType"] = sortType
@@ -358,10 +355,7 @@ func NotificationSubscriptions(ctx *context.Context) {
 
 // NotificationWatching returns the list of watching repos
 func NotificationWatching(ctx *context.Context) {
-	page := ctx.FormInt("page")
-	if page < 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	keyword := ctx.FormTrim("q")
 	ctx.Data["Keyword"] = keyword
diff --git a/routers/web/user/package.go b/routers/web/user/package.go
index 9a77af0bb2..0c403a2613 100644
--- a/routers/web/user/package.go
+++ b/routers/web/user/package.go
@@ -42,10 +42,7 @@ const (
 // ListPackages displays a list of all packages of the context user
 func ListPackages(ctx *context.Context) {
 	shared_user.PrepareContextForProfileBigAvatar(ctx)
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	query := ctx.FormTrim("q")
 	packageType := ctx.FormTrim("type")
 
@@ -314,10 +311,7 @@ func ListPackageVersions(ctx *context.Context) {
 		return
 	}
 
-	page := ctx.FormInt("page")
-	if page <= 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 	pagination := &db.ListOptions{
 		PageSize: setting.UI.PackagesPagingNum,
 		Page:     page,
diff --git a/services/actions/rerun.go b/services/actions/rerun.go
index f6dd4af5c7..61aede5d7c 100644
--- a/services/actions/rerun.go
+++ b/services/actions/rerun.go
@@ -4,6 +4,8 @@
 package actions
 
 import (
+	"slices"
+
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/modules/container"
 )
@@ -20,13 +22,10 @@ func GetAllRerunJobs(job *actions_model.ActionRunJob, allJobs []*actions_model.A
 			if rerunJobsIDSet.Contains(j.JobID) {
 				continue
 			}
-			for _, need := range j.Needs {
-				if rerunJobsIDSet.Contains(need) {
-					found = true
-					rerunJobs = append(rerunJobs, j)
-					rerunJobsIDSet.Add(j.JobID)
-					break
-				}
+			if slices.ContainsFunc(j.Needs, rerunJobsIDSet.Contains) {
+				found = true
+				rerunJobs = append(rerunJobs, j)
+				rerunJobsIDSet.Add(j.JobID)
 			}
 		}
 		if !found {
diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go
index 1c1809b092..a23f586ffd 100644
--- a/services/auth/oauth2.go
+++ b/services/auth/oauth2.go
@@ -39,7 +39,7 @@ func grantAdditionalScopes(grantScopes string) string {
 	}
 
 	var apiTokenScopes []string
-	for _, apiTokenScope := range strings.Split(grantScopes, " ") {
+	for apiTokenScope := range strings.SplitSeq(grantScopes, " ") {
 		if slices.Index(scopesSupported, apiTokenScope) == -1 {
 			apiTokenScopes = append(apiTokenScopes, apiTokenScope)
 		}
diff --git a/services/auth/source/oauth2/urlmapping.go b/services/auth/source/oauth2/urlmapping.go
index d0442d58a8..b9f445caa7 100644
--- a/services/auth/source/oauth2/urlmapping.go
+++ b/services/auth/source/oauth2/urlmapping.go
@@ -14,11 +14,11 @@ type CustomURLMapping struct {
 
 // CustomURLSettings describes the urls values and availability to use when customizing OAuth2 provider URLs
 type CustomURLSettings struct {
-	AuthURL    Attribute `json:",omitempty"`
-	TokenURL   Attribute `json:",omitempty"`
-	ProfileURL Attribute `json:",omitempty"`
-	EmailURL   Attribute `json:",omitempty"`
-	Tenant     Attribute `json:",omitempty"`
+	AuthURL    Attribute
+	TokenURL   Attribute
+	ProfileURL Attribute
+	EmailURL   Attribute
+	Tenant     Attribute
 }
 
 // Attribute describes the availability, and required status for a custom url configuration
diff --git a/services/auth/source/pam/source_authenticate.go b/services/auth/source/pam/source_authenticate.go
index 8a84683d29..f368d7e0b1 100644
--- a/services/auth/source/pam/source_authenticate.go
+++ b/services/auth/source/pam/source_authenticate.go
@@ -37,9 +37,9 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
 	// Allow PAM sources with `@` in their name, like from Active Directory
 	username := pamLogin
 	email := pamLogin
-	idx := strings.Index(pamLogin, "@")
-	if idx > -1 {
-		username = pamLogin[:idx]
+	before, _, ok := strings.Cut(pamLogin, "@")
+	if ok {
+		username = before
 	}
 	if validation.ValidateEmail(email) != nil {
 		if source.EmailDomain != "" {
diff --git a/services/auth/source/smtp/source_authenticate.go b/services/auth/source/smtp/source_authenticate.go
index 3d7ccd0669..919a7d0b5b 100644
--- a/services/auth/source/smtp/source_authenticate.go
+++ b/services/auth/source/smtp/source_authenticate.go
@@ -21,10 +21,10 @@ import (
 func (source *Source) Authenticate(ctx context.Context, user *user_model.User, userName, password string) (*user_model.User, error) {
 	// Verify allowed domains.
 	if len(source.AllowedDomains) > 0 {
-		idx := strings.Index(userName, "@")
-		if idx == -1 {
+		_, after, ok := strings.Cut(userName, "@")
+		if !ok {
 			return nil, user_model.ErrUserNotExist{Name: userName}
-		} else if !util.SliceContainsString(strings.Split(source.AllowedDomains, ","), userName[idx+1:], true) {
+		} else if !util.SliceContainsString(strings.Split(source.AllowedDomains, ","), after, true) {
 			return nil, user_model.ErrUserNotExist{Name: userName}
 		}
 	}
@@ -61,9 +61,9 @@ func (source *Source) Authenticate(ctx context.Context, user *user_model.User, u
 	}
 
 	username := userName
-	idx := strings.Index(userName, "@")
-	if idx > -1 {
-		username = userName[:idx]
+	before, _, ok := strings.Cut(userName, "@")
+	if ok {
+		username = before
 	}
 
 	user = &user_model.User{
diff --git a/services/context/api.go b/services/context/api.go
index 434da29906..1064b1ab4a 100644
--- a/services/context/api.go
+++ b/services/context/api.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"slices"
 	"strings"
 
 	issues_model "forgejo.org/models/issues"
@@ -466,13 +467,7 @@ func (ctx *APIContext) IsUserRepoAdmin() bool {
 
 // IsUserRepoWriter returns true if current user has write privilege in current repo
 func (ctx *APIContext) IsUserRepoWriter(unitTypes []unit.Type) bool {
-	for _, unitType := range unitTypes {
-		if ctx.Repo.CanWrite(unitType) {
-			return true
-		}
-	}
-
-	return false
+	return slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite)
 }
 
 // Returns true when the requests indicates that it accepts a Github response.
diff --git a/services/context/context_model.go b/services/context/context_model.go
index 1a8751ee63..dae244f843 100644
--- a/services/context/context_model.go
+++ b/services/context/context_model.go
@@ -4,6 +4,8 @@
 package context
 
 import (
+	"slices"
+
 	"forgejo.org/models/unit"
 )
 
@@ -19,11 +21,5 @@ func (ctx *Context) IsUserRepoAdmin() bool {
 
 // IsUserRepoWriter returns true if current user has write privilege in current repo
 func (ctx *Context) IsUserRepoWriter(unitTypes []unit.Type) bool {
-	for _, unitType := range unitTypes {
-		if ctx.Repo.CanWrite(unitType) {
-			return true
-		}
-	}
-
-	return false
+	return slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite)
 }
diff --git a/services/context/permission.go b/services/context/permission.go
index 49504e5043..f898bd98ae 100644
--- a/services/context/permission.go
+++ b/services/context/permission.go
@@ -5,6 +5,7 @@ package context
 
 import (
 	"net/http"
+	"slices"
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/perm"
@@ -47,10 +48,8 @@ func CanEnableEditor() func(ctx *Context) {
 // RequireRepoWriterOr returns a middleware for requiring repository write to one of the unit permission
 func RequireRepoWriterOr(unitTypes ...unit.Type) func(ctx *Context) {
 	return func(ctx *Context) {
-		for _, unitType := range unitTypes {
-			if ctx.Repo.CanWrite(unitType) {
-				return
-			}
+		if slices.ContainsFunc(unitTypes, ctx.Repo.CanWrite) {
+			return
 		}
 		ctx.NotFound(ctx.Req.URL.RequestURI(), nil)
 	}
@@ -85,10 +84,8 @@ func RequireRepoReader(unitType unit.Type) func(ctx *Context) {
 // RequireRepoReaderOr returns a middleware for requiring repository write to one of the unit permission
 func RequireRepoReaderOr(unitTypes ...unit.Type) func(ctx *Context) {
 	return func(ctx *Context) {
-		for _, unitType := range unitTypes {
-			if ctx.Repo.CanRead(unitType) {
-				return
-			}
+		if slices.ContainsFunc(unitTypes, ctx.Repo.CanRead) {
+			return
 		}
 		if log.IsTrace() {
 			var format string
diff --git a/services/context/repo.go b/services/context/repo.go
index ebc9109c96..583eb35474 100644
--- a/services/context/repo.go
+++ b/services/context/repo.go
@@ -395,14 +395,14 @@ func repoAssignment(ctx *Context, repo *repo_model.Repository) {
 
 	followingRepoList, err := repo_model.FindFollowingReposByRepoID(ctx, repo.ID)
 	if err == nil {
-		followingRepoString := ""
+		var followingRepoString strings.Builder
 		for idx, followingRepo := range followingRepoList {
 			if idx > 0 {
-				followingRepoString += ";"
+				followingRepoString.WriteString(";")
 			}
-			followingRepoString += followingRepo.URI
+			followingRepoString.WriteString(followingRepo.URI)
 		}
-		ctx.Data["FollowingRepos"] = followingRepoString
+		ctx.Data["FollowingRepos"] = followingRepoString.String()
 	} else if err != repo_model.ErrMirrorNotExist {
 		ctx.ServerError("FindFollowingRepoByRepoID", err)
 		return
diff --git a/services/context/upload/upload.go b/services/context/upload/upload.go
index e71fc50c1f..79f4d66f5f 100644
--- a/services/context/upload/upload.go
+++ b/services/context/upload/upload.go
@@ -38,7 +38,7 @@ func Verify(buf []byte, fileName, allowedTypesStr string) error {
 	allowedTypesStr = strings.ReplaceAll(allowedTypesStr, "|", ",") // compat for old config format
 
 	allowedTypes := []string{}
-	for _, entry := range strings.Split(allowedTypesStr, ",") {
+	for entry := range strings.SplitSeq(allowedTypesStr, ",") {
 		entry = strings.ToLower(strings.TrimSpace(entry))
 		if entry != "" {
 			allowedTypes = append(allowedTypes, entry)
diff --git a/services/convert/activitypub_user_action.go b/services/convert/activitypub_user_action.go
index b08eaa14c7..6db3834ef2 100644
--- a/services/convert/activitypub_user_action.go
+++ b/services/convert/activitypub_user_action.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"html"
 	"net/url"
+	"strings"
 	"time"
 
 	activities_model "forgejo.org/models/activities"
@@ -73,7 +74,7 @@ func ActionToForgeUserActivity(ctx context.Context, action *activities_model.Act
 		if err := json.Unmarshal([]byte(action.GetContent()), commits); err != nil {
 			return fm.ForgeUserActivity{}, err
 		}
-		commitsHTML := ""
+		var commitsHTML strings.Builder
 		renderCommit := func(commit *PushCommit) string {
 			return fmt.Sprintf(`<li><a href="%s" rel="nofollow">%s</a> <pre>%s</pre></li>`,
 				fmt.Sprintf("%s/commit/%s", action.GetRepoAbsoluteLink(ctx), url.PathEscape(commit.Sha1)),
@@ -82,9 +83,9 @@ func ActionToForgeUserActivity(ctx context.Context, action *activities_model.Act
 			)
 		}
 		for _, commit := range commits.Commits {
-			commitsHTML += renderCommit(commit)
+			commitsHTML.WriteString(renderCommit(commit))
 		}
-		return makeUserActivity("pushed to %s at %s: <ul>%s</ul>", renderBranch(), renderRepo(), commitsHTML)
+		return makeUserActivity("pushed to %s at %s: <ul>%s</ul>", renderBranch(), renderRepo(), commitsHTML.String())
 	case activities_model.ActionCreateIssue:
 		if err := action.LoadIssue(ctx); err != nil {
 			return fm.ForgeUserActivity{}, err
diff --git a/services/cron/tasks.go b/services/cron/tasks.go
index b547acdf05..bd64dd081d 100644
--- a/services/cron/tasks.go
+++ b/services/cron/tasks.go
@@ -54,7 +54,7 @@ func (t *Task) IsEnabled() bool {
 
 // GetConfig will return a copy of the task's config
 func (t *Task) GetConfig() Config {
-	if reflect.TypeOf(t.config).Kind() == reflect.Ptr {
+	if reflect.TypeOf(t.config).Kind() == reflect.Pointer {
 		// Pointer:
 		return reflect.New(reflect.ValueOf(t.config).Elem().Type()).Interface().(Config)
 	}
diff --git a/services/doctor/push_mirror_consistency.go b/services/doctor/push_mirror_consistency.go
index 07986770b2..e85b1740a4 100644
--- a/services/doctor/push_mirror_consistency.go
+++ b/services/doctor/push_mirror_consistency.go
@@ -23,7 +23,7 @@ func FixPushMirrorsWithoutGitRemote(ctx context.Context, logger log.Logger, auto
 			return err
 		}
 
-		for i := 0; i < len(pushMirrors); i++ {
+		for i := range pushMirrors {
 			_, err = repo_model.GetPushMirrorRemoteAddress(repo.OwnerName, repo.Name, pushMirrors[i].RemoteName)
 			if err != nil {
 				if strings.Contains(err.Error(), "No such remote") {
diff --git a/services/forms/repo_form.go b/services/forms/repo_form.go
index e894b79a14..f9443b8b6c 100644
--- a/services/forms/repo_form.go
+++ b/services/forms/repo_form.go
@@ -10,6 +10,7 @@ import (
 	"net/http"
 	"net/url"
 	"regexp"
+	"slices"
 	"strings"
 
 	"forgejo.org/models"
@@ -383,13 +384,7 @@ func (i IssueLockForm) HasValidReason() bool {
 		return true
 	}
 
-	for _, v := range setting.Repository.Issue.LockReasons {
-		if v == i.Reason {
-			return true
-		}
-	}
-
-	return false
+	return slices.Contains(setting.Repository.Issue.LockReasons, i.Reason)
 }
 
 // CreateProjectForm form for creating a project
diff --git a/services/gitdiff/csv.go b/services/gitdiff/csv.go
index 8db73c56a3..c10ee14490 100644
--- a/services/gitdiff/csv.go
+++ b/services/gitdiff/csv.go
@@ -134,7 +134,7 @@ func createCsvDiffSingle(reader *csv.Reader, celltype TableDiffCellType) ([]*Tab
 			return nil, err
 		}
 		cells := make([]*TableDiffCell, len(row))
-		for j := 0; j < len(row); j++ {
+		for j := range row {
 			if celltype == TableDiffCellDel {
 				cells[j] = &TableDiffCell{LeftCell: row[j], Type: celltype}
 			} else {
@@ -365,11 +365,11 @@ func getColumnMapping(baseCSVReader, headCSVReader *csvReader) ([]int, []int) {
 	}
 
 	// Loops through the baseRow and see if there is a match in the head row
-	for i := 0; i < len(baseRow); i++ {
+	for i := range baseRow {
 		base2HeadColMap[i] = unmappedColumn
 		baseCell, err := getCell(baseRow, i)
 		if err == nil {
-			for j := 0; j < len(headRow); j++ {
+			for j := range headRow {
 				if head2BaseColMap[j] == -1 {
 					headCell, err := getCell(headRow, j)
 					if err == nil && baseCell == headCell {
@@ -390,7 +390,7 @@ func getColumnMapping(baseCSVReader, headCSVReader *csvReader) ([]int, []int) {
 
 // tryMapColumnsByContent tries to map missing columns by the content of the first lines.
 func tryMapColumnsByContent(baseCSVReader *csvReader, base2HeadColMap []int, headCSVReader *csvReader, head2BaseColMap []int) {
-	for i := 0; i < len(base2HeadColMap); i++ {
+	for i := range base2HeadColMap {
 		headStart := 0
 		for base2HeadColMap[i] == unmappedColumn && headStart < len(head2BaseColMap) {
 			if head2BaseColMap[headStart] == unmappedColumn {
@@ -424,7 +424,7 @@ func getCell(row []string, column int) (string, error) {
 // countUnmappedColumns returns the count of unmapped columns.
 func countUnmappedColumns(mapping []int) int {
 	count := 0
-	for i := 0; i < len(mapping); i++ {
+	for i := range mapping {
 		if mapping[i] == unmappedColumn {
 			count++
 		}
diff --git a/services/gitdiff/gitdiff.go b/services/gitdiff/gitdiff.go
index 544c664ca2..c1d0bc0107 100644
--- a/services/gitdiff/gitdiff.go
+++ b/services/gitdiff/gitdiff.go
@@ -524,10 +524,7 @@ func ParsePatch(ctx context.Context, maxLines, maxLineCharacters, maxFiles int,
 
 	// OK let's set a reasonable buffer size.
 	// This should be at least the size of maxLineCharacters or 4096 whichever is larger.
-	readerSize := maxLineCharacters
-	if readerSize < 4096 {
-		readerSize = 4096
-	}
+	readerSize := max(maxLineCharacters, 4096)
 
 	input := bufio.NewReaderSize(reader, readerSize)
 	line, err := input.ReadString('\n')
diff --git a/services/gitdiff/gitdiff_test.go b/services/gitdiff/gitdiff_test.go
index d4d1cd4460..7ba439be35 100644
--- a/services/gitdiff/gitdiff_test.go
+++ b/services/gitdiff/gitdiff_test.go
@@ -445,7 +445,7 @@ index 0000000..6bb8f39
 `
 	diffBuilder.WriteString(diff)
 
-	for i := 0; i < 35; i++ {
+	for i := range 35 {
 		diffBuilder.WriteString("+line" + strconv.Itoa(i) + "\n")
 	}
 	diff = diffBuilder.String()
@@ -482,11 +482,11 @@ index 0000000..6bb8f39
 	diffBuilder.Reset()
 	diffBuilder.WriteString(diff)
 
-	for i := 0; i < 33; i++ {
+	for i := range 33 {
 		diffBuilder.WriteString("+line" + strconv.Itoa(i) + "\n")
 	}
 	diffBuilder.WriteString("+line33")
-	for i := 0; i < 512; i++ {
+	for range 512 {
 		diffBuilder.WriteString("0123456789ABCDEF")
 	}
 	diffBuilder.WriteByte('\n')
diff --git a/services/gitdiff/highlightdiff_test.go b/services/gitdiff/highlightdiff_test.go
index 0070173b9f..f5486b3f34 100644
--- a/services/gitdiff/highlightdiff_test.go
+++ b/services/gitdiff/highlightdiff_test.go
@@ -101,7 +101,7 @@ func TestDiffWithHighlightPlaceholderExhausted(t *testing.T) {
 
 func TestDiffWithHighlightTagMatch(t *testing.T) {
 	totalOverflow := 0
-	for i := 0; i < 100; i++ {
+	for i := range 100 {
 		hcd := NewHighlightCodeDiff()
 		hcd.placeholderMaxCount = i
 		diffs := hcd.diffWithHighlight(
diff --git a/services/issue/issue.go b/services/issue/issue.go
index ab42916017..41a6000d52 100644
--- a/services/issue/issue.go
+++ b/services/issue/issue.go
@@ -8,6 +8,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"slices"
 	"time"
 
 	activities_model "forgejo.org/models/activities"
@@ -127,11 +128,8 @@ func UpdateAssignees(ctx context.Context, issue *issues_model.Issue, oneAssignee
 	if oneAssignee != "" {
 		// Prevent double adding assignees
 		var isDouble bool
-		for _, assignee := range multipleAssignees {
-			if assignee == oneAssignee {
-				isDouble = true
-				break
-			}
+		if slices.Contains(multipleAssignees, oneAssignee) {
+			isDouble = true
 		}
 
 		if !isDouble {
diff --git a/services/issue/milestone.go b/services/issue/milestone.go
index 928979d74e..158abb0663 100644
--- a/services/issue/milestone.go
+++ b/services/issue/milestone.go
@@ -26,10 +26,7 @@ func updateMilestoneCounters(ctx context.Context, issue *issues_model.Issue, id
 		if err != nil {
 			return fmt.Errorf("GetMilestoneByRepoID: %w", err)
 		}
-		updatedUnix := milestone.UpdatedUnix
-		if issue.UpdatedUnix > updatedUnix {
-			updatedUnix = issue.UpdatedUnix
-		}
+		updatedUnix := max(issue.UpdatedUnix, milestone.UpdatedUnix)
 		stats.QueueRecalcMilestoneByIDWithDate(ctx, id, updatedUnix)
 	} else {
 		stats.QueueRecalcMilestoneByID(ctx, id)
diff --git a/services/lfs/locks.go b/services/lfs/locks.go
index a45b2cc93b..16f6dc1631 100644
--- a/services/lfs/locks.go
+++ b/services/lfs/locks.go
@@ -74,10 +74,7 @@ func GetListLockHandler(ctx *context.Context) {
 	}
 	ctx.Resp.Header().Set("Content-Type", lfs_module.MediaType)
 
-	cursor := ctx.FormInt("cursor")
-	if cursor < 0 {
-		cursor = 0
-	}
+	cursor := max(ctx.FormInt("cursor"), 0)
 	limit := ctx.FormInt("limit")
 	if limit > setting.LFS.LocksPagingNum && setting.LFS.LocksPagingNum > 0 {
 		limit = setting.LFS.LocksPagingNum
@@ -239,10 +236,7 @@ func VerifyLockHandler(ctx *context.Context) {
 
 	ctx.Resp.Header().Set("Content-Type", lfs_module.MediaType)
 
-	cursor := ctx.FormInt("cursor")
-	if cursor < 0 {
-		cursor = 0
-	}
+	cursor := max(ctx.FormInt("cursor"), 0)
 	limit := ctx.FormInt("limit")
 	if limit > setting.LFS.LocksPagingNum && setting.LFS.LocksPagingNum > 0 {
 		limit = setting.LFS.LocksPagingNum
diff --git a/services/lfs/server.go b/services/lfs/server.go
index 30878d8edd..cc8afc2aa8 100644
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@@ -11,6 +11,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"maps"
 	"net/http"
 	"net/url"
 	"path"
@@ -503,9 +504,7 @@ func buildObjectResponse(rc *requestContext, pointer lfs_module.Pointer, downloa
 			rep.Actions["upload"] = &lfs_module.Link{Href: rc.UploadLink(pointer), Header: header}
 
 			verifyHeader := make(map[string]string)
-			for key, value := range header {
-				verifyHeader[key] = value
-			}
+			maps.Copy(verifyHeader, header)
 
 			// This is only needed to workaround https://github.com/git-lfs/git-lfs/issues/3662
 			verifyHeader["Accept"] = lfs_module.AcceptHeader
diff --git a/services/mailer/mailer_test.go b/services/mailer/mailer_test.go
index 34fd847c05..855e424ab2 100644
--- a/services/mailer/mailer_test.go
+++ b/services/mailer/mailer_test.go
@@ -114,9 +114,9 @@ func extractMailHeaderAndContent(t *testing.T, mail string) (map[string]string,
 	}
 	content := strings.TrimSpace("boundary=" + parts[1])
 
-	hParts := strings.Split(parts[0], "\n")
+	hParts := strings.SplitSeq(parts[0], "\n")
 
-	for _, hPart := range hParts {
+	for hPart := range hParts {
 		parts := strings.SplitN(hPart, ":", 2)
 		hk := strings.TrimSpace(parts[0])
 		if hk != "" {
diff --git a/services/migrations/gitea_uploader_test.go b/services/migrations/gitea_uploader_test.go
index e33d597cdc..dc0210a8cc 100644
--- a/services/migrations/gitea_uploader_test.go
+++ b/services/migrations/gitea_uploader_test.go
@@ -361,7 +361,7 @@ func TestGiteaUploadUpdateGitForPullRequest(t *testing.T) {
 	require.NoError(t, git.InitRepository(git.DefaultContext, fromRepo.RepoPath(), false, fromRepo.ObjectFormatName))
 	err := git.NewCommand(git.DefaultContext, "symbolic-ref").AddDynamicArguments("HEAD", git.BranchPrefix+baseRef).Run(&git.RunOpts{Dir: fromRepo.RepoPath()})
 	require.NoError(t, err)
-	require.NoError(t, os.WriteFile(filepath.Join(fromRepo.RepoPath(), "README.md"), []byte(fmt.Sprintf("# Testing Repository\n\nOriginally created in: %s", fromRepo.RepoPath())), 0o644))
+	require.NoError(t, os.WriteFile(filepath.Join(fromRepo.RepoPath(), "README.md"), fmt.Appendf(nil, "# Testing Repository\n\nOriginally created in: %s", fromRepo.RepoPath()), 0o644))
 	require.NoError(t, git.AddChanges(fromRepo.RepoPath(), true))
 	signature := git.Signature{
 		Email: "test@example.com",
@@ -409,7 +409,7 @@ func TestGiteaUploadUpdateGitForPullRequest(t *testing.T) {
 	}))
 	_, _, err = git.NewCommand(git.DefaultContext, "checkout", "-b").AddDynamicArguments(forkHeadRef).RunStdString(&git.RunOpts{Dir: forkRepo.RepoPath()})
 	require.NoError(t, err)
-	require.NoError(t, os.WriteFile(filepath.Join(forkRepo.RepoPath(), "README.md"), []byte(fmt.Sprintf("# branch2 %s", forkRepo.RepoPath())), 0o644))
+	require.NoError(t, os.WriteFile(filepath.Join(forkRepo.RepoPath(), "README.md"), fmt.Appendf(nil, "# branch2 %s", forkRepo.RepoPath()), 0o644))
 	require.NoError(t, git.AddChanges(forkRepo.RepoPath(), true))
 	require.NoError(t, git.CommitChanges(forkRepo.RepoPath(), git.CommitChangesOptions{
 		Committer: &signature,
diff --git a/services/migrations/github.go b/services/migrations/github.go
index 7cfb626a15..540dfdd9d4 100644
--- a/services/migrations/github.go
+++ b/services/migrations/github.go
@@ -108,8 +108,8 @@ func NewGithubDownloaderV3(ctx context.Context, baseURL string, getPullRequests,
 	downloader.SetContext(ctx)
 
 	if token != "" {
-		tokens := strings.Split(token, ",")
-		for _, token := range tokens {
+		tokens := strings.SplitSeq(token, ",")
+		for token := range tokens {
 			token = strings.TrimSpace(token)
 			ts := oauth2.StaticTokenSource(
 				&oauth2.Token{AccessToken: token},
diff --git a/services/packages/alt/repository.go b/services/packages/alt/repository.go
index 9693f4322e..5eed86fb67 100644
--- a/services/packages/alt/repository.go
+++ b/services/packages/alt/repository.go
@@ -12,6 +12,7 @@ import (
 	"fmt"
 	"io"
 	"path"
+	"strings"
 	"time"
 
 	packages_model "forgejo.org/models/packages"
@@ -734,15 +735,15 @@ NotAutomatic: false
 		codename := time.Now().Unix()
 		date := time.Now().UTC().Format(time.RFC1123)
 
-		var md5Sum string
-		var blake2b string
+		var md5Sum strings.Builder
+		var blake2b strings.Builder
 
 		for _, pkglistByArch := range pkglist[architecture] {
-			md5Sum += fmt.Sprintf(" %s %d %s\n", pkglistByArch.MD5Checksum.Value, pkglistByArch.Size, "base/"+pkglistByArch.Type)
-			blake2b += fmt.Sprintf(" %s %d %s\n", pkglistByArch.Blake2bHash.Value, pkglistByArch.Size, "base/"+pkglistByArch.Type)
+			fmt.Fprintf(&md5Sum, " %s %d %s\n", pkglistByArch.MD5Checksum.Value, pkglistByArch.Size, "base/"+pkglistByArch.Type)
+			fmt.Fprintf(&blake2b, " %s %d %s\n", pkglistByArch.Blake2bHash.Value, pkglistByArch.Size, "base/"+pkglistByArch.Type)
 		}
-		md5Sum += fmt.Sprintf(" %s %d %s\n", fileInfo.MD5Checksum.Value, fileInfo.Size, "base/"+fileInfo.Type)
-		blake2b += fmt.Sprintf(" %s %d %s\n", fileInfo.Blake2bHash.Value, fileInfo.Size, "base/"+fileInfo.Type)
+		fmt.Fprintf(&md5Sum, " %s %d %s\n", fileInfo.MD5Checksum.Value, fileInfo.Size, "base/"+fileInfo.Type)
+		fmt.Fprintf(&blake2b, " %s %d %s\n", fileInfo.Blake2bHash.Value, fileInfo.Size, "base/"+fileInfo.Type)
 
 		data = fmt.Sprintf(`Origin: %s
 Label: %s
@@ -755,7 +756,7 @@ MD5Sum:
 %s
 
 `,
-			origin, label, codename, date, architecture, md5Sum, blake2b)
+			origin, label, codename, date, architecture, md5Sum.String(), blake2b.String())
 		_, err = addReleaseAsFileToRepo(ctx, pv, "release", data, group, architecture)
 		if err != nil {
 			return err
diff --git a/services/packages/arch/repository.go b/services/packages/arch/repository.go
index 2a865e6dbd..384895fd65 100644
--- a/services/packages/arch/repository.go
+++ b/services/packages/arch/repository.go
@@ -47,8 +47,8 @@ func BuildAllRepositoryFiles(ctx context.Context, ownerID int64) error {
 		return err
 	}
 	for _, pf := range pfs {
-		if strings.HasSuffix(pf.Name, ".db") {
-			arch := strings.TrimSuffix(pf.Name, ".db")
+		if before, ok := strings.CutSuffix(pf.Name, ".db"); ok {
+			arch := before
 			if err := BuildPacmanDB(ctx, ownerID, pf.CompositeKey, arch); err != nil {
 				return err
 			}
diff --git a/services/pull/merge.go b/services/pull/merge.go
index 1d5e82e969..aa9b25d738 100644
--- a/services/pull/merge.go
+++ b/services/pull/merge.go
@@ -7,6 +7,7 @@ package pull
 import (
 	"context"
 	"fmt"
+	"maps"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -139,9 +140,7 @@ func getMergeMessage(ctx context.Context, baseGitRepo *git.Repository, pr *issue
 				vars["HeadRepoOwnerName"] = pr.HeadRepo.OwnerName
 				vars["HeadRepoName"] = pr.HeadRepo.Name
 			}
-			for extraKey, extraValue := range extraVars {
-				vars[extraKey] = extraValue
-			}
+			maps.Copy(vars, extraVars)
 			refs, err := pr.ResolveCrossReferences(ctx)
 			if err == nil {
 				closeIssueIndexes := make([]string, 0, len(refs))
diff --git a/services/repository/adopt_test.go b/services/repository/adopt_test.go
index 79e4fc0023..b133deb7c1 100644
--- a/services/repository/adopt_test.go
+++ b/services/repository/adopt_test.go
@@ -28,7 +28,7 @@ func TestCheckUnadoptedRepositories_Add(t *testing.T) {
 	}
 
 	total := 30
-	for i := 0; i < total; i++ {
+	for range total {
 		unadopted.add("something")
 	}
 
diff --git a/services/repository/commitstatus/commitstatus.go b/services/repository/commitstatus/commitstatus.go
index 23b4a6a132..5a48aa64b4 100644
--- a/services/repository/commitstatus/commitstatus.go
+++ b/services/repository/commitstatus/commitstatus.go
@@ -23,7 +23,7 @@ import (
 )
 
 func getCacheKey(repoID int64, branchName string) string {
-	hashBytes := sha256.Sum256([]byte(fmt.Sprintf("%d:%s", repoID, branchName)))
+	hashBytes := sha256.Sum256(fmt.Appendf(nil, "%d:%s", repoID, branchName))
 	return fmt.Sprintf("commit_status:%x", hashBytes)
 }
 
diff --git a/services/repository/create.go b/services/repository/create.go
index 4491b12497..b7232b27cc 100644
--- a/services/repository/create.go
+++ b/services/repository/create.go
@@ -97,8 +97,8 @@ func prepareRepoCommit(ctx context.Context, repo *repo_model.Repository, tmpDir,
 	// .gitignore
 	if len(opts.Gitignores) > 0 {
 		var buf bytes.Buffer
-		names := strings.Split(opts.Gitignores, ",")
-		for _, name := range names {
+		names := strings.SplitSeq(opts.Gitignores, ",")
+		for name := range names {
 			data, err = options.Gitignore(name)
 			if err != nil {
 				return fmt.Errorf("GetRepoInitFile[%s]: %w", name, err)
diff --git a/services/repository/create_test.go b/services/repository/create_test.go
index 0a6c34b6fe..bd14a5e520 100644
--- a/services/repository/create_test.go
+++ b/services/repository/create_test.go
@@ -54,7 +54,7 @@ func TestIncludesAllRepositoriesTeams(t *testing.T) {
 
 	// Create repos.
 	repoIDs := make([]int64, 0)
-	for i := 0; i < 3; i++ {
+	for i := range 3 {
 		r, err := CreateRepositoryDirectly(db.DefaultContext, user, org.AsUser(), CreateRepoOptions{Name: fmt.Sprintf("repo-%d", i)})
 		require.NoError(t, err, "CreateRepository %d", i)
 		if r != nil {
diff --git a/services/repository/files/file.go b/services/repository/files/file.go
index 5b93258840..2e9ba628af 100644
--- a/services/repository/files/file.go
+++ b/services/repository/files/file.go
@@ -151,7 +151,7 @@ func CleanUploadFileName(name string) string {
 	// Rebase the filename
 	name = util.PathJoinRel(name)
 	// Git disallows any filenames to have a .git directory in them.
-	for _, part := range strings.Split(name, "/") {
+	for part := range strings.SplitSeq(name, "/") {
 		if strings.ToLower(part) == ".git" {
 			return ""
 		}
diff --git a/services/repository/files/temp_repo.go b/services/repository/files/temp_repo.go
index 3ce6a3413c..17a8467e01 100644
--- a/services/repository/files/temp_repo.go
+++ b/services/repository/files/temp_repo.go
@@ -128,7 +128,7 @@ func (t *TemporaryUploadRepository) LsFiles(filenames ...string) ([]string, erro
 	}
 
 	fileList := make([]string, 0, len(filenames))
-	for _, line := range bytes.Split(stdOut.Bytes(), []byte{'\000'}) {
+	for line := range bytes.SplitSeq(stdOut.Bytes(), []byte{'\000'}) {
 		fileList = append(fileList, string(line))
 	}
 
diff --git a/services/repository/files/tree.go b/services/repository/files/tree.go
index 5a369b27a5..3e99655261 100644
--- a/services/repository/files/tree.go
+++ b/services/repository/files/tree.go
@@ -69,11 +69,7 @@ func GetTreeBySHA(ctx context.Context, repo *repo_model.Repository, gitRepo *git
 	if len(entries) > perPage {
 		tree.Truncated = true
 	}
-	if rangeStart+perPage < len(entries) {
-		rangeEnd = rangeStart + perPage
-	} else {
-		rangeEnd = len(entries)
-	}
+	rangeEnd = min(rangeStart+perPage, len(entries))
 	tree.Entries = make([]api.GitEntry, rangeEnd-rangeStart)
 	for e := rangeStart; e < rangeEnd; e++ {
 		i := e - rangeStart
diff --git a/services/repository/files/update.go b/services/repository/files/update.go
index 9c2fde1c0e..e97c487846 100644
--- a/services/repository/files/update.go
+++ b/services/repository/files/update.go
@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"io"
 	"path"
+	"slices"
 	"strings"
 	"time"
 
@@ -187,13 +188,7 @@ func ChangeRepoFiles(ctx context.Context, repo *repo_model.Repository, doer *use
 			}
 
 			// Find the file we want to delete in the index
-			inFilelist := false
-			for _, indexFile := range filesInIndex {
-				if indexFile == file.TreePath {
-					inFilelist = true
-					break
-				}
-			}
+			inFilelist := slices.Contains(filesInIndex, file.TreePath)
 			if !inFilelist {
 				return nil, models.ErrRepoFileDoesNotExist{
 					Path: file.TreePath,
@@ -390,11 +385,9 @@ func CreateOrUpdateFile(ctx context.Context, t *TemporaryUploadRepository, file
 	}
 	// If is a new file (not updating) then the given path shouldn't exist
 	if file.Operation == "create" {
-		for _, indexFile := range filesInIndex {
-			if indexFile == file.TreePath {
-				return models.ErrRepoFileAlreadyExists{
-					Path: file.TreePath,
-				}
+		if slices.Contains(filesInIndex, file.TreePath) {
+			return models.ErrRepoFileAlreadyExists{
+				Path: file.TreePath,
 			}
 		}
 	}
diff --git a/services/repository/gitgraph/graph_models.go b/services/repository/gitgraph/graph_models.go
index 2c4133e1f2..4b5f630679 100644
--- a/services/repository/gitgraph/graph_models.go
+++ b/services/repository/gitgraph/graph_models.go
@@ -304,8 +304,8 @@ func newRefsFromRefNames(refNames []byte) []git.Reference {
 			continue
 		}
 		refName := string(refNameBytes)
-		if strings.HasPrefix(refName, "tag: ") {
-			refName = strings.TrimPrefix(refName, "tag: ")
+		if after, ok := strings.CutPrefix(refName, "tag: "); ok {
+			refName = after
 		} else {
 			refName = strings.TrimPrefix(refName, "HEAD -> ")
 		}
diff --git a/services/repository/gitgraph/graph_test.go b/services/repository/gitgraph/graph_test.go
index 6dafaf03fd..776b8cacab 100644
--- a/services/repository/gitgraph/graph_test.go
+++ b/services/repository/gitgraph/graph_test.go
@@ -6,6 +6,7 @@ package gitgraph
 import (
 	"bytes"
 	"fmt"
+	"slices"
 	"strings"
 	"testing"
 
@@ -118,13 +119,7 @@ func TestReleaseUnusedColors(t *testing.T) {
 		if parser.firstAvailable == -1 {
 			// All in use
 			for _, color := range parser.availableColors {
-				found := false
-				for _, oldColor := range parser.oldColors {
-					if oldColor == color {
-						found = true
-						break
-					}
-				}
+				found := slices.Contains(parser.oldColors, color)
 				if !found {
 					t.Errorf("In testcase:\n%d\t%d\t%d %d =>\n%d\t%d\t%d %d: %d should be available but is not",
 						testcase.availableColors,
@@ -142,13 +137,7 @@ func TestReleaseUnusedColors(t *testing.T) {
 			// Some in use
 			for i := parser.firstInUse; i != parser.firstAvailable; i = (i + 1) % len(parser.availableColors) {
 				color := parser.availableColors[i]
-				found := false
-				for _, oldColor := range parser.oldColors {
-					if oldColor == color {
-						found = true
-						break
-					}
-				}
+				found := slices.Contains(parser.oldColors, color)
 				if !found {
 					t.Errorf("In testcase:\n%d\t%d\t%d %d =>\n%d\t%d\t%d %d: %d should be available but is not",
 						testcase.availableColors,
@@ -164,13 +153,7 @@ func TestReleaseUnusedColors(t *testing.T) {
 			}
 			for i := parser.firstAvailable; i != parser.firstInUse; i = (i + 1) % len(parser.availableColors) {
 				color := parser.availableColors[i]
-				found := false
-				for _, oldColor := range parser.oldColors {
-					if oldColor == color {
-						found = true
-						break
-					}
-				}
+				found := slices.Contains(parser.oldColors, color)
 				if found {
 					t.Errorf("In testcase:\n%d\t%d\t%d %d =>\n%d\t%d\t%d %d: %d should not be available but is",
 						testcase.availableColors,
@@ -258,8 +241,8 @@ func TestCommitStringParsing(t *testing.T) {
 	for _, test := range tests {
 		t.Run(test.testName, func(t *testing.T) {
 			testString := fmt.Sprintf("%s%s", dataFirstPart, test.commitMessage)
-			idx := strings.Index(testString, "DATA:")
-			commit, err := NewCommit(0, 0, []byte(testString[idx+5:]))
+			_, after, _ := strings.Cut(testString, "DATA:")
+			commit, err := NewCommit(0, 0, []byte(after))
 			if err != nil && test.shouldPass {
 				t.Errorf("Could not parse %s", testString)
 				return
diff --git a/services/repository/gitgraph/parser.go b/services/repository/gitgraph/parser.go
index fcbc666f7e..2331e02207 100644
--- a/services/repository/gitgraph/parser.go
+++ b/services/repository/gitgraph/parser.go
@@ -44,11 +44,11 @@ func (parser *Parser) Reset() {
 
 // AddLineToGraph adds the line as a row to the graph
 func (parser *Parser) AddLineToGraph(graph *Graph, row int, line []byte) error {
-	idx := bytes.Index(line, []byte("DATA:"))
-	if idx < 0 {
+	before, after, ok := bytes.Cut(line, []byte("DATA:"))
+	if !ok {
 		parser.ParseGlyphs(line)
 	} else {
-		parser.ParseGlyphs(line[:idx])
+		parser.ParseGlyphs(before)
 	}
 
 	var err error
@@ -72,7 +72,7 @@ func (parser *Parser) AddLineToGraph(graph *Graph, row int, line []byte) error {
 				}
 			}
 			commitDone = true
-			if idx < 0 {
+			if !ok {
 				if err != nil {
 					err = fmt.Errorf("missing data section on line %d with commit: %s. %w", row, string(line), err)
 				} else {
@@ -83,7 +83,7 @@ func (parser *Parser) AddLineToGraph(graph *Graph, row int, line []byte) error {
 			if column < len(parser.oldGlyphs) && parser.oldGlyphs[column] == '|' {
 				graph.continuationAbove[[2]int{row, column}] = true
 			}
-			err2 := graph.AddCommit(row, column, flowID, line[idx+5:])
+			err2 := graph.AddCommit(row, column, flowID, after)
 			if err != nil && err2 != nil {
 				err = fmt.Errorf("%v %w", err2, err)
 				continue
diff --git a/services/webhook/deliver_test.go b/services/webhook/deliver_test.go
index 13890621c6..303a3d9bb1 100644
--- a/services/webhook/deliver_test.go
+++ b/services/webhook/deliver_test.go
@@ -281,8 +281,6 @@ func TestWebhookDeliverSpecificTypes(t *testing.T) {
 	require.NoError(t, err)
 
 	for typ, hc := range cases {
-		typ := typ
-		hc := hc
 		t.Run(typ, func(t *testing.T) {
 			t.Parallel()
 			hook := &webhook_model.Webhook{
diff --git a/services/webhook/dingtalk.go b/services/webhook/dingtalk.go
index e7dece30d3..96d4c18c11 100644
--- a/services/webhook/dingtalk.go
+++ b/services/webhook/dingtalk.go
@@ -110,22 +110,22 @@ func (dc dingtalkConvertor) Push(p *api.PushPayload) (DingtalkPayload, error) {
 
 	title := fmt.Sprintf("[%s:%s] %s", p.Repo.FullName, branchName, commitDesc)
 
-	var text string
+	var text strings.Builder
 	// for each commit, generate attachment text
 	for i, commit := range p.Commits {
 		var authorName string
 		if commit.Author != nil {
 			authorName = " - " + commit.Author.Name
 		}
-		text += fmt.Sprintf("[%s](%s) %s", commit.ID[:7], commit.URL,
-			strings.TrimRight(commit.Message, "\r\n")) + authorName
+		text.WriteString(fmt.Sprintf("[%s](%s) %s", commit.ID[:7], commit.URL,
+			strings.TrimRight(commit.Message, "\r\n")) + authorName)
 		// add linebreak to each commit but the last
 		if i < len(p.Commits)-1 {
-			text += "\r\n"
+			text.WriteString("\r\n")
 		}
 	}
 
-	return createDingtalkPayload(title, text, linkText, titleLink), nil
+	return createDingtalkPayload(title, text.String(), linkText, titleLink), nil
 }
 
 // Issue implements PayloadConvertor Issue method
diff --git a/services/webhook/discord.go b/services/webhook/discord.go
index 2383a1402b..cb7584e157 100644
--- a/services/webhook/discord.go
+++ b/services/webhook/discord.go
@@ -210,7 +210,7 @@ func (d discordConvertor) Push(p *api.PushPayload) (DiscordPayload, error) {
 
 	title := fmt.Sprintf("[%s:%s] %s", p.Repo.FullName, branchName, commitDesc)
 
-	var text string
+	var text strings.Builder
 	// for each commit, generate attachment text
 	for i, commit := range p.Commits {
 		// limit the commit message display to just the summary, otherwise it would be hard to read
@@ -223,14 +223,14 @@ func (d discordConvertor) Push(p *api.PushPayload) (DiscordPayload, error) {
 		if utf8.RuneCountInString(message) > 50 {
 			message = fmt.Sprintf("%.47s...", message)
 		}
-		text += fmt.Sprintf("[`%s`](%s) %s \\- %s", commit.ID[:7], commit.URL, message, commit.Author.Name)
+		fmt.Fprintf(&text, "[`%s`](%s) %s \\- %s", commit.ID[:7], commit.URL, message, commit.Author.Name)
 		// add linebreak to each commit but the last
 		if i < len(p.Commits)-1 {
-			text += "\n"
+			text.WriteString("\n")
 		}
 	}
 
-	return d.createPayload(p.Sender, title, text, titleLink, greenColor), nil
+	return d.createPayload(p.Sender, title, text.String(), titleLink, greenColor), nil
 }
 
 // Issue implements PayloadConvertor Issue method
diff --git a/services/webhook/feishu.go b/services/webhook/feishu.go
index f6ffea9acc..ffbd4eb469 100644
--- a/services/webhook/feishu.go
+++ b/services/webhook/feishu.go
@@ -95,22 +95,23 @@ func (fc feishuConvertor) Push(p *api.PushPayload) (FeishuPayload, error) {
 		commitDesc string
 	)
 
-	text := fmt.Sprintf("[%s:%s] %s\r\n", p.Repo.FullName, branchName, commitDesc)
+	var text strings.Builder
+	fmt.Fprintf(&text, "[%s:%s] %s\r\n", p.Repo.FullName, branchName, commitDesc)
 	// for each commit, generate attachment text
 	for i, commit := range p.Commits {
 		var authorName string
 		if commit.Author != nil {
 			authorName = " - " + commit.Author.Name
 		}
-		text += fmt.Sprintf("[%s](%s) %s", commit.ID[:7], commit.URL,
-			strings.TrimRight(commit.Message, "\r\n")) + authorName
+		text.WriteString(fmt.Sprintf("[%s](%s) %s", commit.ID[:7], commit.URL,
+			strings.TrimRight(commit.Message, "\r\n")) + authorName)
 		// add linebreak to each commit but the last
 		if i < len(p.Commits)-1 {
-			text += "\r\n"
+			text.WriteString("\r\n")
 		}
 	}
 
-	return newFeishuTextPayload(text), nil
+	return newFeishuTextPayload(text.String()), nil
 }
 
 // Issue implements PayloadConvertor Issue method
diff --git a/services/webhook/matrix.go b/services/webhook/matrix.go
index d11933f16a..a4bd774f50 100644
--- a/services/webhook/matrix.go
+++ b/services/webhook/matrix.go
@@ -206,18 +206,19 @@ func (m matrixConvertor) Push(p *api.PushPayload) (MatrixPayload, error) {
 	}
 
 	refName := html.EscapeString(git.RefName(p.Ref).ShortName())
-	text := fmt.Sprintf("[%s] %s pushed %s to %s:<br>", p.Repo.FullName, p.Pusher.UserName, commitDesc, refName)
+	var text strings.Builder
+	fmt.Fprintf(&text, "[%s] %s pushed %s to %s:<br>", p.Repo.FullName, p.Pusher.UserName, commitDesc, refName)
 
 	// for each commit, generate a new line text
 	for i, commit := range p.Commits {
-		text += fmt.Sprintf("%s: %s - %s", htmlLinkFormatter(commit.URL, commit.ID[:7]), commit.Message, commit.Author.Name)
+		fmt.Fprintf(&text, "%s: %s - %s", htmlLinkFormatter(commit.URL, commit.ID[:7]), commit.Message, commit.Author.Name)
 		// add linebreak to each commit but the last
 		if i < len(p.Commits)-1 {
-			text += "<br>"
+			text.WriteString("<br>")
 		}
 	}
 
-	return m.newPayload(text, p.Commits...)
+	return m.newPayload(text.String(), p.Commits...)
 }
 
 // PullRequest implements payloadConvertor PullRequest method
diff --git a/services/webhook/msteams.go b/services/webhook/msteams.go
index 798d7fb5fc..43ab588230 100644
--- a/services/webhook/msteams.go
+++ b/services/webhook/msteams.go
@@ -154,14 +154,14 @@ func (m msteamsConvertor) Push(p *api.PushPayload) (MSTeamsPayload, error) {
 
 	title := fmt.Sprintf("[%s:%s] %s", p.Repo.FullName, branchName, commitDesc)
 
-	var text string
+	var text strings.Builder
 	// for each commit, generate attachment text
 	for i, commit := range p.Commits {
-		text += fmt.Sprintf("[%s](%s) %s - %s", commit.ID[:7], commit.URL,
+		fmt.Fprintf(&text, "[%s](%s) %s - %s", commit.ID[:7], commit.URL,
 			strings.TrimRight(commit.Message, "\r\n"), commit.Author.Name)
 		// add linebreak to each commit but the last
 		if i < len(p.Commits)-1 {
-			text += "\n\n"
+			text.WriteString("\n\n")
 		}
 	}
 
@@ -169,7 +169,7 @@ func (m msteamsConvertor) Push(p *api.PushPayload) (MSTeamsPayload, error) {
 		p.Repo,
 		p.Sender,
 		title,
-		text,
+		text.String(),
 		titleLink,
 		greenColor,
 		&MSTeamsFact{"Commit count:", fmt.Sprintf("%d", p.TotalCommits)},
diff --git a/services/webhook/slack.go b/services/webhook/slack.go
index 1804c866f4..fe1bfc8aa4 100644
--- a/services/webhook/slack.go
+++ b/services/webhook/slack.go
@@ -245,13 +245,13 @@ func (s slackConvertor) Push(p *api.PushPayload) (SlackPayload, error) {
 	branchLink := SlackLinkToRef(p.Repo.HTMLURL, p.Ref)
 	text := fmt.Sprintf("[%s:%s] %s pushed by %s", p.Repo.FullName, branchLink, commitString, SlackNameFormatter(p.Pusher.UserName))
 
-	var attachmentText string
+	var attachmentText strings.Builder
 	// for each commit, generate attachment text
 	for i, commit := range p.Commits {
-		attachmentText += fmt.Sprintf("%s: %s - %s", SlackLinkFormatter(commit.URL, commit.ID[:7]), SlackShortTextFormatter(commit.Message), SlackNameFormatter(commit.Author.Name))
+		fmt.Fprintf(&attachmentText, "%s: %s - %s", SlackLinkFormatter(commit.URL, commit.ID[:7]), SlackShortTextFormatter(commit.Message), SlackNameFormatter(commit.Author.Name))
 		// add linebreak to each commit but the last
 		if i < len(p.Commits)-1 {
-			attachmentText += "\n"
+			attachmentText.WriteString("\n")
 		}
 	}
 
@@ -259,7 +259,7 @@ func (s slackConvertor) Push(p *api.PushPayload) (SlackPayload, error) {
 		Color:     s.Color,
 		Title:     p.Repo.HTMLURL,
 		TitleLink: p.Repo.HTMLURL,
-		Text:      attachmentText,
+		Text:      attachmentText.String(),
 	}}), nil
 }
 
diff --git a/services/webhook/telegram.go b/services/webhook/telegram.go
index f8fdea7ae9..47a7514968 100644
--- a/services/webhook/telegram.go
+++ b/services/webhook/telegram.go
@@ -116,22 +116,22 @@ func (t telegramConvertor) Push(p *api.PushPayload) (TelegramPayload, error) {
 
 	title := fmt.Sprintf(`[%s:%s] %s`, p.Repo.FullName, branchName, commitDesc)
 
-	var text string
+	var text strings.Builder
 	// for each commit, generate attachment text
 	for i, commit := range p.Commits {
 		var authorName string
 		if commit.Author != nil {
 			authorName = " - " + commit.Author.Name
 		}
-		text += fmt.Sprintf(`[<a href="%s">%s</a>] %s`, commit.URL, commit.ID[:7],
-			strings.TrimRight(commit.Message, "\r\n")) + authorName
+		text.WriteString(fmt.Sprintf(`[<a href="%s">%s</a>] %s`, commit.URL, commit.ID[:7],
+			strings.TrimRight(commit.Message, "\r\n")) + authorName)
 		// add linebreak to each commit but the last
 		if i < len(p.Commits)-1 {
-			text += "\n"
+			text.WriteString("\n")
 		}
 	}
 
-	return createTelegramPayload(title + "\n" + text), nil
+	return createTelegramPayload(title + "\n" + text.String()), nil
 }
 
 // Issue implements PayloadConvertor Issue method
diff --git a/services/webhook/wechatwork.go b/services/webhook/wechatwork.go
index 01db3f0cd9..b22935be81 100644
--- a/services/webhook/wechatwork.go
+++ b/services/webhook/wechatwork.go
@@ -104,7 +104,7 @@ func (wc wechatworkConvertor) Push(p *api.PushPayload) (WechatworkPayload, error
 
 	title := fmt.Sprintf("# %s:%s <font color=\"warning\">  %s  </font>", p.Repo.FullName, branchName, commitDesc)
 
-	var text string
+	var text strings.Builder
 	// for each commit, generate attachment text
 	for i, commit := range p.Commits {
 		var authorName string
@@ -113,15 +113,15 @@ func (wc wechatworkConvertor) Push(p *api.PushPayload) (WechatworkPayload, error
 		}
 
 		message := strings.ReplaceAll(commit.Message, "\n\n", "\r\n")
-		text += fmt.Sprintf(" > [%s](%s) \r\n ><font color=\"info\">%s</font> \n ><font color=\"warning\">%s</font>", commit.ID[:7], commit.URL,
+		fmt.Fprintf(&text, " > [%s](%s) \r\n ><font color=\"info\">%s</font> \n ><font color=\"warning\">%s</font>", commit.ID[:7], commit.URL,
 			message, authorName)
 
 		// add linebreak to each commit but the last
 		if i < len(p.Commits)-1 {
-			text += "\n"
+			text.WriteString("\n")
 		}
 	}
-	return newWechatworkMarkdownPayload(title + "\r\n\r\n" + text), nil
+	return newWechatworkMarkdownPayload(title + "\r\n\r\n" + text.String()), nil
 }
 
 // Issue implements PayloadConvertor Issue method
diff --git a/services/wiki/wiki_path.go b/services/wiki/wiki_path.go
index ca312388af..a7963e9be4 100644
--- a/services/wiki/wiki_path.go
+++ b/services/wiki/wiki_path.go
@@ -129,8 +129,8 @@ func GitPathToWebPath(s string) (wp WebPath, err error) {
 func WebPathToUserTitle(s WebPath) (dir, display string) {
 	dir = path.Dir(string(s))
 	display = path.Base(string(s))
-	if strings.HasSuffix(display, ".md") {
-		display = strings.TrimSuffix(display, ".md")
+	if before, ok := strings.CutSuffix(display, ".md"); ok {
+		display = before
 		display, _ = url.PathUnescape(display)
 	}
 	display, _ = unescapeSegment(display)
diff --git a/services/wiki/wiki_test.go b/services/wiki/wiki_test.go
index 9471904e38..551c251d97 100644
--- a/services/wiki/wiki_test.go
+++ b/services/wiki/wiki_test.go
@@ -116,9 +116,9 @@ func TestGitPathToWebPath(t *testing.T) {
 func TestUserWebGitPathConsistency(t *testing.T) {
 	maxLen := 20
 	b := make([]byte, maxLen)
-	for i := 0; i < 1000; i++ {
+	for range 1000 {
 		l := rand.Intn(maxLen)
-		for j := 0; j < l; j++ {
+		for j := range l {
 			r := rand.Intn(0x80-0x20) + 0x20
 			b[j] = byte(r)
 		}
diff --git a/tests/integration/actions_trigger_test.go b/tests/integration/actions_trigger_test.go
index 925434204c..4de8d625ab 100644
--- a/tests/integration/actions_trigger_test.go
+++ b/tests/integration/actions_trigger_test.go
@@ -88,7 +88,7 @@ jobs:
 		labelStr := "/api/v1/repos/user2/repo-pull-request/labels"
 		labelsCount := 2
 		labels := make([]*api.Label, labelsCount)
-		for i := 0; i < labelsCount; i++ {
+		for i := range labelsCount {
 			color := "abcdef"
 			req := NewRequestWithJSON(t, "POST", labelStr, &api.CreateLabelOption{
 				Name:  fmt.Sprintf("label%d", i),
diff --git a/tests/integration/api_activitypub_person_inbox_follow_test.go b/tests/integration/api_activitypub_person_inbox_follow_test.go
index 7270d46a0c..5a0b452447 100644
--- a/tests/integration/api_activitypub_person_inbox_follow_test.go
+++ b/tests/integration/api_activitypub_person_inbox_follow_test.go
@@ -48,13 +48,13 @@ func TestActivityPubPersonInboxFollow(t *testing.T) {
 		ctx, _ := contexttest.MockAPIContext(t, localUser2Inbox)
 
 		// distant follows local
-		followActivity := []byte(fmt.Sprintf(
+		followActivity := fmt.Appendf(nil,
 			`{"type":"Follow",`+
 				`"actor":"%s",`+
 				`"object":"%s"}`,
 			distantUser15URL,
 			localUser2URL,
-		))
+		)
 		cf, err := activitypub.NewClientFactoryWithTimeout(60 * time.Second)
 		require.NoError(t, err)
 		c, err := cf.WithKeysDirect(ctx, mock.ApActor.PrivKey,
@@ -84,7 +84,7 @@ func TestActivityPubPersonInboxFollow(t *testing.T) {
 		assert.Contains(t, mock.LastPost, "\"type\":\"Accept\"")
 
 		// distant undoes follow
-		undoFollowActivity := []byte(fmt.Sprintf(
+		undoFollowActivity := fmt.Appendf(nil,
 			`{"type":"Undo",`+
 				`"actor":"%s",`+
 				`"object":{"type":"Follow",`+
@@ -93,7 +93,7 @@ func TestActivityPubPersonInboxFollow(t *testing.T) {
 			distantUser15URL,
 			distantUser15URL,
 			localUser2URL,
-		))
+		)
 		c, err = cf.WithKeysDirect(ctx, mock.ApActor.PrivKey,
 			mock.ApActor.KeyID(federatedSrv.URL))
 		require.NoError(t, err)
diff --git a/tests/integration/api_activitypub_person_inbox_useractivity_test.go b/tests/integration/api_activitypub_person_inbox_useractivity_test.go
index 4201fd94bf..55fd62a3fe 100644
--- a/tests/integration/api_activitypub_person_inbox_useractivity_test.go
+++ b/tests/integration/api_activitypub_person_inbox_useractivity_test.go
@@ -53,13 +53,13 @@ func TestActivityPubPersonInboxNoteToDistant(t *testing.T) {
 		defer f()
 
 		// follow (distant follows local)
-		followActivity := []byte(fmt.Sprintf(
+		followActivity := fmt.Appendf(nil,
 			`{"type":"Follow",`+
 				`"actor":"%s",`+
 				`"object":"%s"}`,
 			distantUser15URL,
 			localUser2URL,
-		))
+		)
 		ctx, _ := contexttest.MockAPIContext(t, localUser2Inbox)
 		cf, err := activitypub.NewClientFactoryWithTimeout(60 * time.Second)
 		require.NoError(t, err)
diff --git a/tests/integration/api_activitypub_repository_test.go b/tests/integration/api_activitypub_repository_test.go
index 29221bb682..3d17f9b281 100644
--- a/tests/integration/api_activitypub_repository_test.go
+++ b/tests/integration/api_activitypub_repository_test.go
@@ -89,13 +89,13 @@ func TestActivityPubRepositoryInboxValid(t *testing.T) {
 			mock.Persons[0].KeyID(federatedSrv.URL))
 		require.NoError(t, err)
 
-		activity1 := []byte(fmt.Sprintf(
+		activity1 := fmt.Appendf(nil,
 			`{"type":"Like",`+
 				`"startTime":"%s",`+
 				`"actor":"%s/api/v1/activitypub/user-id/15",`+
 				`"object":"%s"}`,
 			timeNow.Format(time.RFC3339),
-			federatedSrv.URL, u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d", repositoryID)).String()))
+			federatedSrv.URL, u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d", repositoryID)).String())
 		t.Logf("activity: %s", activity1)
 		resp, err := c.Post(activity1, localRepoInbox)
 
@@ -107,14 +107,14 @@ func TestActivityPubRepositoryInboxValid(t *testing.T) {
 		unittest.AssertExistsAndLoadBean(t, &user.User{ID: federatedUser.UserID})
 
 		// A like activity by a different user of the same federated host.
-		activity2 := []byte(fmt.Sprintf(
+		activity2 := fmt.Appendf(nil,
 			`{"type":"Like",`+
 				`"startTime":"%s",`+
 				`"actor":"%s/api/v1/activitypub/user-id/30",`+
 				`"object":"%s"}`,
 			// Make sure this activity happens later then the one before
 			timeNow.Add(time.Second).Format(time.RFC3339),
-			federatedSrv.URL, u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d", repositoryID)).String()))
+			federatedSrv.URL, u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d", repositoryID)).String())
 		t.Logf("activity: %s", activity2)
 		resp, err = c.Post(activity2, localRepoInbox)
 
@@ -127,14 +127,14 @@ func TestActivityPubRepositoryInboxValid(t *testing.T) {
 		// The same user sends another like activity
 		otherRepositoryID := 3
 		otherRepoInboxURL := u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d/inbox", otherRepositoryID)).String()
-		activity3 := []byte(fmt.Sprintf(
+		activity3 := fmt.Appendf(nil,
 			`{"type":"Like",`+
 				`"startTime":"%s",`+
 				`"actor":"%s/api/v1/activitypub/user-id/30",`+
 				`"object":"%s"}`,
 			// Make sure this activity happens later then the ones before
 			timeNow.Add(time.Second*2).Format(time.RFC3339),
-			federatedSrv.URL, u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d", otherRepositoryID)).String()))
+			federatedSrv.URL, u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d", otherRepositoryID)).String())
 		t.Logf("activity: %s", activity3)
 		resp, err = c.Post(activity3, otherRepoInboxURL)
 
diff --git a/tests/integration/api_helper_for_declarative_test.go b/tests/integration/api_helper_for_declarative_test.go
index ada6a2c311..6f33322253 100644
--- a/tests/integration/api_helper_for_declarative_test.go
+++ b/tests/integration/api_helper_for_declarative_test.go
@@ -273,7 +273,7 @@ func doAPIMergePullRequestForm(t *testing.T, ctx APITestContext, owner, repo str
 	var req *RequestWrapper
 	var resp *httptest.ResponseRecorder
 
-	for i := 0; i < 6; i++ {
+	for range 6 {
 		req = NewRequestWithJSON(t, http.MethodPost, urlStr, merge).AddTokenAuth(ctx.Token)
 
 		resp = ctx.Session.MakeRequest(t, req, NoExpectedStatus)
diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go
index 6267065602..7f601fa303 100644
--- a/tests/integration/api_issue_test.go
+++ b/tests/integration/api_issue_test.go
@@ -228,7 +228,7 @@ func TestAPICreateIssueParallel(t *testing.T) {
 	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issues?state=all", owner.Name, repoBefore.Name)
 
 	var wg sync.WaitGroup
-	for i := 0; i < 100; i++ {
+	for i := range 100 {
 		wg.Add(1)
 		go func(parentT *testing.T, i int) {
 			parentT.Run(fmt.Sprintf("ParallelCreateIssue_%d", i), func(t *testing.T) {
@@ -499,10 +499,9 @@ func TestAPISearchIssues(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	// as this API was used in the frontend, it uses UI page size
-	expectedIssueCount := 20 // from the fixtures
-	if expectedIssueCount > setting.UI.IssuePagingNum {
-		expectedIssueCount = setting.UI.IssuePagingNum
-	}
+	expectedIssueCount := min(
+		// from the fixtures
+		20, setting.UI.IssuePagingNum)
 
 	link, _ := url.Parse("/api/v1/repos/issues/search")
 	token := getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue)
@@ -603,10 +602,9 @@ func TestAPISearchIssuesWithLabels(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
 	// as this API was used in the frontend, it uses UI page size
-	expectedIssueCount := 20 // from the fixtures
-	if expectedIssueCount > setting.UI.IssuePagingNum {
-		expectedIssueCount = setting.UI.IssuePagingNum
-	}
+	expectedIssueCount := min(
+		// from the fixtures
+		20, setting.UI.IssuePagingNum)
 
 	link, _ := url.Parse("/api/v1/repos/issues/search")
 	token := getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue)
diff --git a/tests/integration/api_packages_alt_test.go b/tests/integration/api_packages_alt_test.go
index a15accdbbd..fe299ac14f 100644
--- a/tests/integration/api_packages_alt_test.go
+++ b/tests/integration/api_packages_alt_test.go
@@ -181,9 +181,9 @@ enabled=1`,
 
 					var result ReleaseClassic
 
-					lines := strings.Split(resp, "\n")
+					lines := strings.SplitSeq(resp, "\n")
 
-					for _, line := range lines {
+					for line := range lines {
 						parts := strings.SplitN(line, ": ", 2)
 						if len(parts) < 2 {
 							continue
@@ -406,7 +406,7 @@ enabled=1`,
 
 							if typ == 6 || typ == 8 || typ == 9 {
 								elem := data[offset:]
-								for j := uint32(0); j < count; j++ {
+								for range count {
 									strEnd := bytes.IndexByte(elem, 0)
 									if strEnd == -1 {
 										require.NoError(t, err)
@@ -420,13 +420,13 @@ enabled=1`,
 										result.Release = string(elem[:strEnd])
 									case 1004:
 										var summaries []string
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											summaries = append(summaries, string(elem[:strEnd]))
 										}
 										result.Summary = summaries
 									case 1005:
 										var descriptions []string
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											descriptions = append(descriptions, string(elem[:strEnd]))
 										}
 										result.Description = descriptions
@@ -436,7 +436,7 @@ enabled=1`,
 										result.Packager = string(elem[:strEnd])
 									case 1016:
 										var groups []string
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											groups = append(groups, string(elem[:strEnd]))
 										}
 										result.Group = groups
@@ -448,49 +448,49 @@ enabled=1`,
 										result.SourceRpm = string(elem[:strEnd])
 									case 1047:
 										var provideNames []string
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											provideNames = append(provideNames, string(elem[:strEnd]))
 										}
 										result.ProvideNames = provideNames
 									case 1049:
 										var requireNames []string
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											requireNames = append(requireNames, string(elem[:strEnd]))
 										}
 										result.RequireNames = requireNames
 									case 1050:
 										var requireVersions []string
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											requireVersions = append(requireVersions, string(elem[:strEnd]))
 										}
 										result.RequireVersions = requireVersions
 									case 1081:
 										var changeLogNames []string
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											changeLogNames = append(changeLogNames, string(elem[:strEnd]))
 										}
 										result.ChangeLogNames = changeLogNames
 									case 1082:
 										var changeLogTexts []string
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											changeLogTexts = append(changeLogTexts, string(elem[:strEnd]))
 										}
 										result.ChangeLogTexts = changeLogTexts
 									case 1113:
 										var provideVersions []string
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											provideVersions = append(provideVersions, string(elem[:strEnd]))
 										}
 										result.ProvideVersions = provideVersions
 									case 1117:
 										var baseNames []string
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											baseNames = append(baseNames, string(elem[:strEnd]))
 										}
 										result.BaseNames = baseNames
 									case 1118:
 										var dirNames []string
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											dirNames = append(dirNames, string(elem[:strEnd]))
 										}
 										result.DirNames = dirNames
@@ -509,7 +509,7 @@ enabled=1`,
 								}
 							} else if typ == 4 {
 								elem := data[offset:]
-								for j := uint32(0); j < count; j++ {
+								for range count {
 									val := binary.BigEndian.Uint32(elem)
 									switch tag {
 									case 1006:
@@ -518,25 +518,25 @@ enabled=1`,
 										result.Size = int(val)
 									case 1048:
 										var requireFlags []int
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											requireFlags = append(requireFlags, int(val))
 										}
 										result.RequireFlags = requireFlags
 									case 1080:
 										var changeLogTimes []int
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											changeLogTimes = append(changeLogTimes, int(val))
 										}
 										result.ChangeLogTimes = changeLogTimes
 									case 1112:
 										var provideFlags []int
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											provideFlags = append(provideFlags, int(val))
 										}
 										result.ProvideFlags = provideFlags
 									case 1116:
 										var dirIndexes []int
-										for i := uint32(0); i < count; i++ {
+										for range count {
 											dirIndexes = append(dirIndexes, int(val))
 										}
 										result.DirIndexes = dirIndexes
diff --git a/tests/integration/api_packages_chef_test.go b/tests/integration/api_packages_chef_test.go
index 390ac50688..cadf46b03f 100644
--- a/tests/integration/api_packages_chef_test.go
+++ b/tests/integration/api_packages_chef_test.go
@@ -182,7 +182,7 @@ nwIDAQAB
 
 				var data []byte
 				if version == "1.3" {
-					data = []byte(fmt.Sprintf(
+					data = fmt.Appendf(nil,
 						"Method:%s\nPath:%s\nX-Ops-Content-Hash:%s\nX-Ops-Sign:version=%s\nX-Ops-Timestamp:%s\nX-Ops-UserId:%s\nX-Ops-Server-API-Version:%s",
 						req.Method,
 						path.Clean(req.URL.Path),
@@ -191,17 +191,17 @@ nwIDAQAB
 						req.Header.Get("X-Ops-Timestamp"),
 						username,
 						req.Header.Get("X-Ops-Server-Api-Version"),
-					))
+					)
 				} else {
 					sum := sha1.Sum([]byte(path.Clean(req.URL.Path)))
-					data = []byte(fmt.Sprintf(
+					data = fmt.Appendf(nil,
 						"Method:%s\nHashed Path:%s\nX-Ops-Content-Hash:%s\nX-Ops-Timestamp:%s\nX-Ops-UserId:%s",
 						req.Method,
 						base64.StdEncoding.EncodeToString(sum[:]),
 						req.Header.Get("X-Ops-Content-Hash"),
 						req.Header.Get("X-Ops-Timestamp"),
 						username,
-					))
+					)
 				}
 
 				for k := range req.Header {
diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go
index 6775f3d228..13ce7dc136 100644
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -873,7 +873,7 @@ func TestPackageContainer(t *testing.T) {
 		url := fmt.Sprintf("%sv2/%s/parallel", setting.AppURL, user.Name)
 
 		var wg sync.WaitGroup
-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			wg.Add(1)
 
 			content := []byte{byte(i)}
diff --git a/tests/integration/api_packages_maven_test.go b/tests/integration/api_packages_maven_test.go
index 74e7883443..2fa43b6b61 100644
--- a/tests/integration/api_packages_maven_test.go
+++ b/tests/integration/api_packages_maven_test.go
@@ -291,7 +291,7 @@ func TestPackageMavenConcurrent(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 
 		var wg sync.WaitGroup
-		for i := 0; i < 10; i++ {
+		for i := range 10 {
 			wg.Add(1)
 			go func(i int) {
 				putFile(t, fmt.Sprintf("/%s/%s.jar", packageVersion, strconv.Itoa(i)), "test", http.StatusCreated)
diff --git a/tests/integration/api_repo_topic_test.go b/tests/integration/api_repo_topic_test.go
index 69008bbf64..a43e49b0ff 100644
--- a/tests/integration/api_repo_topic_test.go
+++ b/tests/integration/api_repo_topic_test.go
@@ -31,7 +31,7 @@ func TestAPITopicSearchPaging(t *testing.T) {
 	token2 := getUserToken(t, user2.Name, auth_model.AccessTokenScopeWriteRepository)
 	repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 	repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
-	for i := 0; i < 20; i++ {
+	for i := range 20 {
 		req := NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/paging-topic-%d", user2.Name, repo2.Name, i).
 			AddTokenAuth(token2)
 		MakeRequest(t, req, http.StatusNoContent)
diff --git a/tests/integration/cmd_forgejo_actions_test.go b/tests/integration/cmd_forgejo_actions_test.go
index 653ff65a9d..088cb5860b 100644
--- a/tests/integration/cmd_forgejo_actions_test.go
+++ b/tests/integration/cmd_forgejo_actions_test.go
@@ -183,7 +183,7 @@ func TestActions_CmdForgejo_Actions(t *testing.T) {
 				//
 				// Run twice to verify it is idempotent
 				//
-				for i := 0; i < 2; i++ {
+				for range 2 {
 					uuid, err := runMainApp("forgejo-cli", cmd...)
 					require.NoError(t, err)
 					if assert.Equal(t, testCase.uuid, uuid) {
diff --git a/tests/integration/git_helper_for_declarative_test.go b/tests/integration/git_helper_for_declarative_test.go
index 1d8f44c8dc..e1f08509df 100644
--- a/tests/integration/git_helper_for_declarative_test.go
+++ b/tests/integration/git_helper_for_declarative_test.go
@@ -143,7 +143,7 @@ func doGitInitTestRepository(dstPath string, objectFormat git.ObjectFormat) func
 		// forcibly set default branch to master
 		_, _, err := git.NewCommand(git.DefaultContext, "symbolic-ref", "HEAD", git.BranchPrefix+"master").RunStdString(&git.RunOpts{Dir: dstPath})
 		require.NoError(t, err)
-		require.NoError(t, os.WriteFile(filepath.Join(dstPath, "README.md"), []byte(fmt.Sprintf("# Testing Repository\n\nOriginally created in: %s", dstPath)), 0o644))
+		require.NoError(t, os.WriteFile(filepath.Join(dstPath, "README.md"), fmt.Appendf(nil, "# Testing Repository\n\nOriginally created in: %s", dstPath), 0o644))
 		require.NoError(t, git.AddChanges(dstPath, true))
 		signature := git.Signature{
 			Email: "test@example.com",
@@ -194,7 +194,7 @@ func doGitAddSomeCommits(dstPath, branch string) func(*testing.T) {
 	return func(t *testing.T) {
 		doGitCheckoutBranch(dstPath, branch)(t)
 
-		require.NoError(t, os.WriteFile(filepath.Join(dstPath, fmt.Sprintf("file-%s.txt", branch)), []byte(fmt.Sprintf("file %s", branch)), 0o644))
+		require.NoError(t, os.WriteFile(filepath.Join(dstPath, fmt.Sprintf("file-%s.txt", branch)), fmt.Appendf(nil, "file %s", branch), 0o644))
 		require.NoError(t, git.AddChanges(dstPath, true))
 		signature := git.Signature{
 			Email: "test@test.test",
diff --git a/tests/integration/git_push_test.go b/tests/integration/git_push_test.go
index bf8ad8ac12..c7c4f6750e 100644
--- a/tests/integration/git_push_test.go
+++ b/tests/integration/git_push_test.go
@@ -45,7 +45,7 @@ func testGitPush(t *testing.T, u *url.URL) {
 	forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
 		t.Run("Push branches at once", func(t *testing.T) {
 			runTestGitPush(t, u, objectFormat, func(t *testing.T, gitPath string) (pushed, deleted []string) {
-				for i := 0; i < 10; i++ {
+				for i := range 10 {
 					branchName := fmt.Sprintf("branch-%d", i)
 					pushed = append(pushed, branchName)
 					doGitCreateBranch(gitPath, branchName)(t)
@@ -58,7 +58,7 @@ func testGitPush(t *testing.T, u *url.URL) {
 
 		t.Run("Push branches exists", func(t *testing.T) {
 			runTestGitPush(t, u, objectFormat, func(t *testing.T, gitPath string) (pushed, deleted []string) {
-				for i := 0; i < 10; i++ {
+				for i := range 10 {
 					branchName := fmt.Sprintf("branch-%d", i)
 					if i < 5 {
 						pushed = append(pushed, branchName)
@@ -72,7 +72,7 @@ func testGitPush(t *testing.T, u *url.URL) {
 
 				pushed = pushed[:0]
 				// do some changes for the first 5 branches created above
-				for i := 0; i < 5; i++ {
+				for i := range 5 {
 					branchName := fmt.Sprintf("branch-%d", i)
 					pushed = append(pushed, branchName)
 
@@ -93,7 +93,7 @@ func testGitPush(t *testing.T, u *url.URL) {
 
 		t.Run("Push branches one by one", func(t *testing.T) {
 			runTestGitPush(t, u, objectFormat, func(t *testing.T, gitPath string) (pushed, deleted []string) {
-				for i := 0; i < 10; i++ {
+				for i := range 10 {
 					branchName := fmt.Sprintf("branch-%d", i)
 					doGitCreateBranch(gitPath, branchName)(t)
 					doGitPushTestRepository(gitPath, "origin", branchName)(t)
@@ -108,14 +108,14 @@ func testGitPush(t *testing.T, u *url.URL) {
 				doGitPushTestRepository(gitPath, "origin", "master")(t) // make sure master is the default branch instead of a branch we are going to delete
 				pushed = append(pushed, "master")
 
-				for i := 0; i < 10; i++ {
+				for i := range 10 {
 					branchName := fmt.Sprintf("branch-%d", i)
 					pushed = append(pushed, branchName)
 					doGitCreateBranch(gitPath, branchName)(t)
 				}
 				doGitPushTestRepository(gitPath, "origin", "--all")(t)
 
-				for i := 0; i < 10; i++ {
+				for i := range 10 {
 					branchName := fmt.Sprintf("branch-%d", i)
 					doGitPushTestRepository(gitPath, "origin", "--delete", branchName)(t)
 					deleted = append(deleted, branchName)
diff --git a/tests/integration/git_test.go b/tests/integration/git_test.go
index f61338e4ee..a5a242b912 100644
--- a/tests/integration/git_test.go
+++ b/tests/integration/git_test.go
@@ -9,6 +9,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
+	"maps"
 	"net/http"
 	"net/url"
 	"os"
@@ -487,9 +488,7 @@ func doProtectBranch(ctx APITestContext, branch string, addParameter ...paramete
 			"rule_name": branch,
 		}
 		if len(addParameter) > 0 {
-			for k, v := range addParameter[0] {
-				parameter[k] = v
-			}
+			maps.Copy(parameter, addParameter[0])
 		}
 
 		// Change branch to protected
@@ -1162,15 +1161,15 @@ func doLFSNoAccess(ctx APITestContext, publicKeyID int64, objectFormat git.Objec
 }
 
 func extractRemoteMessages(stderr string) string {
-	var remoteMsg string
+	var remoteMsg strings.Builder
 	for line := range strings.SplitSeq(stderr, "\n") {
 		msg, found := strings.CutPrefix(line, "remote: ")
 		if found {
-			remoteMsg += msg
-			remoteMsg += "\n"
+			remoteMsg.WriteString(msg)
+			remoteMsg.WriteString("\n")
 		}
 	}
-	return remoteMsg
+	return remoteMsg.String()
 }
 
 func doTestForkPushMessages(apictx APITestContext, dstPath string) func(*testing.T) {
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index 8657af839c..6cde9be4df 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -471,14 +471,14 @@ func loginUserMaybeTOTP(t testing.TB, user *user_model.User, useTOTP bool) *Test
 }
 
 // token has to be unique this counter take care of
-var tokenCounter int64
+var tokenCounter atomic.Int64
 
 // getTokenForLoggedInUser returns a token for a logged in user.
 // The scope is an optional list of snake_case strings like the frontend form fields,
 // but without the "scope_" prefix.
 func getTokenForLoggedInUser(t testing.TB, session *TestSession, scopes ...auth.AccessTokenScope) string {
 	t.Helper()
-	accessTokenName := fmt.Sprintf("api-testing-token-%d", atomic.AddInt64(&tokenCounter, 1))
+	accessTokenName := fmt.Sprintf("api-testing-token-%d", tokenCounter.Add(1))
 	createApplicationSettingsToken(t, session, accessTokenName, scopes...)
 	token := assertAccessToken(t, session)
 	return token
diff --git a/tests/integration/issue_comment_test.go b/tests/integration/issue_comment_test.go
index a6c4d6c923..2f72ab766e 100644
--- a/tests/integration/issue_comment_test.go
+++ b/tests/integration/issue_comment_test.go
@@ -5,6 +5,7 @@ package integration
 
 import (
 	"net/http"
+	"slices"
 	"strconv"
 	"strings"
 	"testing"
@@ -71,13 +72,7 @@ func testIssueCommentChangeEvent(t *testing.T, htmlDoc *HTMLDoc, commentID, badg
 
 	// Check links (href)
 	issueCommentLink := "#issuecomment-" + commentID
-	found := false
-	for _, link := range links {
-		if link == issueCommentLink {
-			found = true
-			break
-		}
-	}
+	found := slices.Contains(links, issueCommentLink)
 	if !found {
 		links = append(links, issueCommentLink)
 	}
diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go
index 19fe59a10a..d764870bab 100644
--- a/tests/integration/issue_test.go
+++ b/tests/integration/issue_test.go
@@ -114,14 +114,11 @@ func TestViewIssuesSortByType(t *testing.T) {
 
 		htmlDoc := NewHTMLParser(t, resp.Body)
 		issuesSelection := getIssuesSelection(t, htmlDoc)
-		expectedNumIssues := unittest.GetCount(t,
+		expectedNumIssues := min(unittest.GetCount(t,
 			&issues_model.Issue{RepoID: repo.ID, PosterID: user.ID},
 			unittest.Cond("is_closed=?", false),
 			unittest.Cond("is_pull=?", false),
-		)
-		if expectedNumIssues > setting.UI.IssuePagingNum {
-			expectedNumIssues = setting.UI.IssuePagingNum
-		}
+		), setting.UI.IssuePagingNum)
 		assert.Equal(t, expectedNumIssues, issuesSelection.Length())
 
 		issuesSelection.Each(func(_ int, selection *goquery.Selection) {
@@ -891,10 +888,9 @@ func TestSearchIssues(t *testing.T) {
 
 	session := loginUser(t, "user2")
 
-	expectedIssueCount := 20 // from the fixtures
-	if expectedIssueCount > setting.UI.IssuePagingNum {
-		expectedIssueCount = setting.UI.IssuePagingNum
-	}
+	expectedIssueCount := min(
+		// from the fixtures
+		20, setting.UI.IssuePagingNum)
 
 	req := NewRequest(t, "GET", "/issues/search")
 	resp := session.MakeRequest(t, req, http.StatusOK)
@@ -1017,10 +1013,9 @@ func TestSearchIssues(t *testing.T) {
 func TestSearchIssuesWithLabels(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	expectedIssueCount := 20 // from the fixtures
-	if expectedIssueCount > setting.UI.IssuePagingNum {
-		expectedIssueCount = setting.UI.IssuePagingNum
-	}
+	expectedIssueCount := min(
+		// from the fixtures
+		20, setting.UI.IssuePagingNum)
 
 	session := loginUser(t, "user1")
 	link, _ := url.Parse("/issues/search")
diff --git a/tests/integration/org_test.go b/tests/integration/org_test.go
index 157ed5dbcd..ddfaf2fa55 100644
--- a/tests/integration/org_test.go
+++ b/tests/integration/org_test.go
@@ -46,7 +46,7 @@ func TestOrgRepos(t *testing.T) {
 
 				sel := htmlDoc.doc.Find("a.name")
 				assert.Len(t, repos, len(sel.Nodes))
-				for i := 0; i < len(repos); i++ {
+				for i := range repos {
 					assert.Equal(t, repos[i], strings.TrimSpace(sel.Eq(i).Text()))
 				}
 			}
diff --git a/tests/integration/project_test.go b/tests/integration/project_test.go
index 955caaf6f7..629793602b 100644
--- a/tests/integration/project_test.go
+++ b/tests/integration/project_test.go
@@ -45,7 +45,7 @@ func TestMoveRepoProjectColumns(t *testing.T) {
 	err := project_model.NewProject(db.DefaultContext, &project1)
 	require.NoError(t, err)
 
-	for i := 0; i < 3; i++ {
+	for i := range 3 {
 		err = project_model.NewColumn(db.DefaultContext, &project_model.Column{
 			Title:     fmt.Sprintf("column %d", i+1),
 			ProjectID: project1.ID,
diff --git a/tests/integration/pull_merge_test.go b/tests/integration/pull_merge_test.go
index a987603ce7..14399fc936 100644
--- a/tests/integration/pull_merge_test.go
+++ b/tests/integration/pull_merge_test.go
@@ -8,6 +8,7 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
+	"maps"
 	"math/rand/v2"
 	"net/http"
 	"net/http/httptest"
@@ -71,9 +72,7 @@ func testPullMergeForm(t *testing.T, session *TestSession, expectedCode int, use
 	link := path.Join(user, repo, "pulls", pullnum, "merge")
 
 	options := map[string]string{}
-	for k, v := range addOptions {
-		options[k] = v
-	}
+	maps.Copy(options, addOptions)
 
 	req := NewRequestWithValues(t, "POST", link, options)
 	resp := session.MakeRequest(t, req, expectedCode)
diff --git a/tests/integration/quota_use_test.go b/tests/integration/quota_use_test.go
index 33d987af36..dd5afd1aed 100644
--- a/tests/integration/quota_use_test.go
+++ b/tests/integration/quota_use_test.go
@@ -7,6 +7,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"maps"
 	"mime/multipart"
 	"net/http"
 	"net/http/httptest"
@@ -656,9 +657,7 @@ func (ctx *quotaWebEnvAsContext) With(opts Context) *quotaWebEnvAsContext {
 		ctx.Repo = opts.Repo
 	}
 	if opts.Payload != nil {
-		for key, value := range *opts.Payload {
-			ctx.Payload[key] = value
-		}
+		maps.Copy(ctx.Payload, *opts.Payload)
 	}
 	return ctx
 }
diff --git a/tests/integration/release_test.go b/tests/integration/release_test.go
index 483822e2ac..b54e921fa4 100644
--- a/tests/integration/release_test.go
+++ b/tests/integration/release_test.go
@@ -231,7 +231,7 @@ func TestCreateReleasePaging(t *testing.T) {
 
 	session := loginUser(t, "user2")
 	// Create enough releases to have paging
-	for i := 0; i < 12; i++ {
+	for i := range 12 {
 		version := fmt.Sprintf("v0.0.%d", i)
 		createNewRelease(t, session, "/user2/repo1", version, version, false, false)
 	}
diff --git a/tests/integration/repo_commits_test.go b/tests/integration/repo_commits_test.go
index 47cf7e8534..d2bb4e8849 100644
--- a/tests/integration/repo_commits_test.go
+++ b/tests/integration/repo_commits_test.go
@@ -146,7 +146,7 @@ func TestRepoCommitsStatusParallel(t *testing.T) {
 	assert.NotEmpty(t, commitURL)
 
 	var wg sync.WaitGroup
-	for i := 0; i < 10; i++ {
+	for i := range 10 {
 		wg.Add(1)
 		go func(parentT *testing.T, i int) {
 			parentT.Run(fmt.Sprintf("ParallelCreateStatus_%d", i), func(t *testing.T) {
diff --git a/tests/integration/repo_flags_test.go b/tests/integration/repo_flags_test.go
index bb489f678c..279feefe73 100644
--- a/tests/integration/repo_flags_test.go
+++ b/tests/integration/repo_flags_test.go
@@ -135,7 +135,7 @@ func TestRepositoryFlagsAPI(t *testing.T) {
 		assert.Empty(t, flags)
 
 		// Replacing all tags works, twice in a row
-		for i := 0; i < 2; i++ {
+		for range 2 {
 			req = NewRequestWithJSON(t, "PUT", fmt.Sprintf(baseURLFmtStr, ""), &api.ReplaceFlagsOption{
 				Flags: []string{"flag-1", "flag-2", "flag-3"},
 			}).AddTokenAuth(token)
@@ -160,7 +160,7 @@ func TestRepositoryFlagsAPI(t *testing.T) {
 		MakeRequest(t, req, http.StatusNotFound)
 
 		// We can add the same flag twice
-		for i := 0; i < 2; i++ {
+		for range 2 {
 			req = NewRequestf(t, "PUT", baseURLFmtStr, "/brand-new-flag").AddTokenAuth(token)
 			MakeRequest(t, req, http.StatusNoContent)
 		}
@@ -170,7 +170,7 @@ func TestRepositoryFlagsAPI(t *testing.T) {
 		MakeRequest(t, req, http.StatusNoContent)
 
 		// We can delete a flag, twice
-		for i := 0; i < 2; i++ {
+		for range 2 {
 			req = NewRequestf(t, "DELETE", baseURLFmtStr, "/flag-3").AddTokenAuth(token)
 			MakeRequest(t, req, http.StatusNoContent)
 		}
diff --git a/tests/integration/repo_topic_test.go b/tests/integration/repo_topic_test.go
index 0f11d451d6..7331f23218 100644
--- a/tests/integration/repo_topic_test.go
+++ b/tests/integration/repo_topic_test.go
@@ -62,7 +62,7 @@ func TestTopicSearchPaging(t *testing.T) {
 	token2 := getUserToken(t, user2.Name, auth_model.AccessTokenScopeWriteRepository)
 	repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 	repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
-	for i := 0; i < 20; i++ {
+	for i := range 20 {
 		req := NewRequestf(t, "PUT", "/api/v1/repos/%s/%s/topics/paging-topic-%d", user2.Name, repo2.Name, i).
 			AddTokenAuth(token2)
 		MakeRequest(t, req, http.StatusNoContent)
diff --git a/tests/integration/repo_webhook_test.go b/tests/integration/repo_webhook_test.go
index 5320c85de1..bbde44892e 100644
--- a/tests/integration/repo_webhook_test.go
+++ b/tests/integration/repo_webhook_test.go
@@ -4,6 +4,7 @@
 package integration
 
 import (
+	"maps"
 	"net/http"
 	"net/http/httptest"
 	"net/url"
@@ -408,9 +409,7 @@ func testWebhookFormsShared(t *testing.T, endpoint, name string, session *TestSe
 				payload := map[string]string{
 					"events": "send_everything",
 				}
-				for k, v := range validFields {
-					payload[k] = v
-				}
+				maps.Copy(payload, validFields)
 				for k, v := range invalidPatch {
 					if v == "" {
 						delete(payload, k)
@@ -448,9 +447,7 @@ func assertHasFlashMessages(t *testing.T, resp *httptest.ResponseRecorder, expec
 		for key, value := range flash {
 			// the key is itself url-encoded
 			if flash, err := url.ParseQuery(key); err == nil {
-				for key, value := range flash {
-					seenKeys[key] = value
-				}
+				maps.Copy(seenKeys, flash)
 			} else {
 				seenKeys[key] = value
 			}
diff --git a/tests/integration/signing_git_test.go b/tests/integration/signing_git_test.go
index 5dee5b4801..2fbdb22b6f 100644
--- a/tests/integration/signing_git_test.go
+++ b/tests/integration/signing_git_test.go
@@ -433,7 +433,7 @@ func crudActionCreateFile(_ *testing.T, ctx APITestContext, user *user_model.Use
 				Email: user.Email,
 			},
 		},
-		ContentBase64: base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("This is new text for %s", path))),
+		ContentBase64: base64.StdEncoding.EncodeToString(fmt.Appendf(nil, "This is new text for %s", path)),
 	}, callback...)
 }
 
diff --git a/tests/integration/signup_test.go b/tests/integration/signup_test.go
index e66b193e15..eee022f7ab 100644
--- a/tests/integration/signup_test.go
+++ b/tests/integration/signup_test.go
@@ -185,10 +185,10 @@ func TestSignupImageCaptcha(t *testing.T) {
 	assert.True(t, ok)
 	assert.Len(t, digits, 6)
 
-	digitStr := ""
+	var digitStr strings.Builder
 	// Convert digits to ASCII digits.
 	for _, digit := range digits {
-		digitStr += string(digit + '0')
+		digitStr.WriteString(string(digit + '0'))
 	}
 
 	req = NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
@@ -197,7 +197,7 @@ func TestSignupImageCaptcha(t *testing.T) {
 		"password":             "examplePassword!1",
 		"retype":               "examplePassword!1",
 		"img-captcha-id":       idCaptcha,
-		"img-captcha-response": digitStr,
+		"img-captcha-response": digitStr.String(),
 	})
 	MakeRequest(t, req, http.StatusSeeOther)
 
diff --git a/tests/integration/ssh_key_test.go b/tests/integration/ssh_key_test.go
index 156bcb137e..747b6c4eb0 100644
--- a/tests/integration/ssh_key_test.go
+++ b/tests/integration/ssh_key_test.go
@@ -28,7 +28,7 @@ func doCheckRepositoryEmptyStatus(ctx APITestContext, isEmpty bool) func(*testin
 
 func doAddChangesToCheckout(dstPath, filename string) func(*testing.T) {
 	return func(t *testing.T) {
-		require.NoError(t, os.WriteFile(filepath.Join(dstPath, filename), []byte(fmt.Sprintf("# Testing Repository\n\nOriginally created in: %s at time: %v", dstPath, time.Now())), 0o644))
+		require.NoError(t, os.WriteFile(filepath.Join(dstPath, filename), fmt.Appendf(nil, "# Testing Repository\n\nOriginally created in: %s at time: %v", dstPath, time.Now()), 0o644))
 		require.NoError(t, git.AddChanges(dstPath, true))
 		signature := git.Signature{
 			Email: "test@example.com",
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index f1acafbde8..0f7c099c70 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -1030,7 +1030,7 @@ func TestUserRepos(t *testing.T) {
 
 		sel := htmlDoc.doc.Find("a.name")
 		assert.Len(t, repos, len(sel.Nodes))
-		for i := 0; i < len(repos); i++ {
+		for i := range repos {
 			assert.Equal(t, repos[i], strings.TrimSpace(sel.Eq(i).Text()))
 		}
 	}
diff --git a/tests/test_utils.go b/tests/test_utils.go
index dff1c283d0..5e5b04c860 100644
--- a/tests/test_utils.go
+++ b/tests/test_utils.go
@@ -15,6 +15,7 @@ import (
 	"path"
 	"path/filepath"
 	"runtime"
+	"slices"
 	"strings"
 	"sync/atomic"
 	"testing"
@@ -524,23 +525,20 @@ func CreateDeclarativeRepo(t *testing.T, owner *user_model.User, name string, en
 	if enabledUnits != nil {
 		opts.EnabledUnits = optional.Some(enabledUnits)
 
-		for _, unitType := range enabledUnits {
-			if unitType == unit_model.TypePullRequests {
-				opts.UnitConfig = optional.Some(map[unit_model.Type]convert.Conversion{
-					unit_model.TypePullRequests: &repo_model.PullRequestsConfig{
-						AllowMerge:           true,
-						AllowRebase:          true,
-						AllowRebaseMerge:     true,
-						AllowSquash:          true,
-						AllowFastForwardOnly: true,
-						AllowManualMerge:     true,
-						AllowRebaseUpdate:    true,
-						DefaultMergeStyle:    repo_model.MergeStyleMerge,
-						DefaultUpdateStyle:   repo_model.UpdateStyleMerge,
-					},
-				})
-				break
-			}
+		if slices.Contains(enabledUnits, unit_model.TypePullRequests) {
+			opts.UnitConfig = optional.Some(map[unit_model.Type]convert.Conversion{
+				unit_model.TypePullRequests: &repo_model.PullRequestsConfig{
+					AllowMerge:           true,
+					AllowRebase:          true,
+					AllowRebaseMerge:     true,
+					AllowSquash:          true,
+					AllowFastForwardOnly: true,
+					AllowManualMerge:     true,
+					AllowRebaseUpdate:    true,
+					DefaultMergeStyle:    repo_model.MergeStyleMerge,
+					DefaultUpdateStyle:   repo_model.UpdateStyleMerge,
+				},
+			})
 		}
 	}
 	if disabledUnits != nil {

From f37f7946709d723126dd6b2ad73f54ac4f1a55d9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 2 Apr 2026 03:39:15 +0200
Subject: [PATCH 613/854] Update dependency swagger-ui-dist to v5.32.1
 (forgejo) (#11766)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11766
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e2d5d0e3bb..6a5b946d0f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -64,7 +64,7 @@
         "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
         "sortablejs": "1.15.7",
-        "swagger-ui-dist": "5.31.2",
+        "swagger-ui-dist": "5.32.1",
         "tailwindcss": "3.4.19",
         "throttle-debounce": "5.0.0",
         "tinycolor2": "1.6.0",
@@ -14615,9 +14615,9 @@
       }
     },
     "node_modules/swagger-ui-dist": {
-      "version": "5.31.2",
-      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.31.2.tgz",
-      "integrity": "sha512-uIoesCjDcxnAKj/C/HG5pjHZMQs2K/qmqpUlwLxxaVryGKlgm8Ri+VOza5xywAqf//pgg/hW16RYa6dDuTCOSg==",
+      "version": "5.32.1",
+      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.32.1.tgz",
+      "integrity": "sha512-6HQoo7+j8PA2QqP5kgAb9dl1uxUjvR0SAoL/WUp1sTEvm0F6D5npgU2OGCLwl++bIInqGlEUQ2mpuZRZYtyCzQ==",
       "license": "Apache-2.0",
       "dependencies": {
         "@scarf/scarf": "=1.4.0"
diff --git a/package.json b/package.json
index 6cad44ea31..f2ac77f224 100644
--- a/package.json
+++ b/package.json
@@ -63,7 +63,7 @@
     "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",
     "sortablejs": "1.15.7",
-    "swagger-ui-dist": "5.31.2",
+    "swagger-ui-dist": "5.32.1",
     "tailwindcss": "3.4.19",
     "throttle-debounce": "5.0.0",
     "tinycolor2": "1.6.0",

From 8fb287f9d88634353baff89994d0ccd0f21abb0d Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 2 Apr 2026 03:39:28 +0200
Subject: [PATCH 614/854] Lock file maintenance (forgejo) (#11784)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11784
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json                  | 2373 ++++++++++++++++------------
 web_src/fomantic/package-lock.json |  265 ++--
 2 files changed, 1537 insertions(+), 1101 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6a5b946d0f..6e4d59fdce 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -153,9 +153,9 @@
       }
     },
     "node_modules/@asyncapi/specs": {
-      "version": "6.10.0",
-      "resolved": "https://registry.npmjs.org/@asyncapi/specs/-/specs-6.10.0.tgz",
-      "integrity": "sha512-vB5oKLsdrLUORIZ5BXortZTlVyGWWMC1Nud/0LtgxQ3Yn2738HigAD6EVqScvpPsDUI/bcLVsYEXN4dtXQHVng==",
+      "version": "6.11.1",
+      "resolved": "https://registry.npmjs.org/@asyncapi/specs/-/specs-6.11.1.tgz",
+      "integrity": "sha512-A3WBLqAKGoJ2+6FWFtpjBlCQ1oFCcs4GxF7zsIGvNqp/klGUHjlA3aAcZ9XMMpLGE8zPeYDz2x9FmO6DSuKraQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -176,9 +176,9 @@
       }
     },
     "node_modules/@babel/code-frame": {
-      "version": "7.28.6",
-      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.28.6.tgz",
-      "integrity": "sha512-JYgintcMjRiCvS8mMECzaEn+m3PfoQiyqukOMCCVQtoJGYJw8j/8LBJEiqkHLkfwCcs74E3pbAUFNg7d9VNJ+Q==",
+      "version": "7.29.0",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
+      "integrity": "sha512-9NhCeYjq9+3uxgdtp20LSiJXJvN0FeCtNGpJxuMFZ1Kv3cWUNb6DOhJwUvcVCzKGR66cw4njwM6hrJLqgOwbcw==",
       "license": "MIT",
       "dependencies": {
         "@babel/helper-validator-identifier": "^7.28.5",
@@ -229,9 +229,9 @@
       }
     },
     "node_modules/@babel/runtime": {
-      "version": "7.28.6",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.6.tgz",
-      "integrity": "sha512-05WQkdpL9COIMz4LjTxGpPNCdlpyimKppYNoJ5Di5EUObifl8t4tuLuUBBZEpoLYOmfvIWrsp9fCl0HoPRVTdA==",
+      "version": "7.29.2",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.29.2.tgz",
+      "integrity": "sha512-JiDShH45zKHWyGe4ZNVRrCjBz8Nh9TMmZG1kh4QTK8hCBTWBi8Da+i7s1fJw7/lYpM4ccepSNfqzZ/QvABBi5g==",
       "license": "MIT",
       "engines": {
         "node": ">=6.9.0"
@@ -261,22 +261,22 @@
       }
     },
     "node_modules/@braintree/sanitize-url": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-7.1.1.tgz",
-      "integrity": "sha512-i1L7noDNxtFyL5DmZafWy1wRVhGehQmzZaz1HiN5e7iylJMSZR7ekOV7NsIqa5qBldlLrsKv4HbgFUVlQrz8Mw==",
+      "version": "7.1.2",
+      "resolved": "https://registry.npmjs.org/@braintree/sanitize-url/-/sanitize-url-7.1.2.tgz",
+      "integrity": "sha512-jigsZK+sMF/cuiB7sERuo9V7N9jx+dhmHHnQyDSVdpZwVutaBu7WvNYqMDLSgFgfB30n452TP3vjDAvFC973mA==",
       "license": "MIT"
     },
     "node_modules/@cacheable/memory": {
-      "version": "2.0.7",
-      "resolved": "https://registry.npmjs.org/@cacheable/memory/-/memory-2.0.7.tgz",
-      "integrity": "sha512-RbxnxAMf89Tp1dLhXMS7ceft/PGsDl1Ip7T20z5nZ+pwIAsQ1p2izPjVG69oCLv/jfQ7HDPHTWK0c9rcAWXN3A==",
+      "version": "2.0.8",
+      "resolved": "https://registry.npmjs.org/@cacheable/memory/-/memory-2.0.8.tgz",
+      "integrity": "sha512-FvEb29x5wVwu/Kf93IWwsOOEuhHh6dYCJF3vcKLzXc0KXIW181AOzv6ceT4ZpBHDvAfG60eqb+ekmrnLHIy+jw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@cacheable/utils": "^2.3.3",
-        "@keyv/bigmap": "^1.3.0",
-        "hookified": "^1.14.0",
-        "keyv": "^5.5.5"
+        "@cacheable/utils": "^2.4.0",
+        "@keyv/bigmap": "^1.3.1",
+        "hookified": "^1.15.1",
+        "keyv": "^5.6.0"
       }
     },
     "node_modules/@cacheable/memory/node_modules/@keyv/bigmap": {
@@ -307,14 +307,14 @@
       }
     },
     "node_modules/@cacheable/utils": {
-      "version": "2.3.3",
-      "resolved": "https://registry.npmjs.org/@cacheable/utils/-/utils-2.3.3.tgz",
-      "integrity": "sha512-JsXDL70gQ+1Vc2W/KUFfkAJzgb4puKwwKehNLuB+HrNKWf91O736kGfxn4KujXCCSuh6mRRL4XEB0PkAFjWS0A==",
+      "version": "2.4.1",
+      "resolved": "https://registry.npmjs.org/@cacheable/utils/-/utils-2.4.1.tgz",
+      "integrity": "sha512-eiFgzCbIneyMlLOmNG4g9xzF7Hv3Mga4LjxjcSC/ues6VYq2+gUbQI8JqNuw/ZM8tJIeIaBGpswAsqV2V7ApgA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "hashery": "^1.3.0",
-        "keyv": "^5.5.5"
+        "hashery": "^1.5.1",
+        "keyv": "^5.6.0"
       }
     },
     "node_modules/@cacheable/utils/node_modules/keyv": {
@@ -328,42 +328,42 @@
       }
     },
     "node_modules/@chevrotain/cst-dts-gen": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@chevrotain/cst-dts-gen/-/cst-dts-gen-11.1.1.tgz",
-      "integrity": "sha512-fRHyv6/f542qQqiRGalrfJl/evD39mAvbJLCekPazhiextEatq1Jx1K/i9gSd5NNO0ds03ek0Cbo/4uVKmOBcw==",
+      "version": "11.1.2",
+      "resolved": "https://registry.npmjs.org/@chevrotain/cst-dts-gen/-/cst-dts-gen-11.1.2.tgz",
+      "integrity": "sha512-XTsjvDVB5nDZBQB8o0o/0ozNelQtn2KrUVteIHSlPd2VAV2utEb6JzyCJaJ8tGxACR4RiBNWy5uYUHX2eji88Q==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@chevrotain/gast": "11.1.1",
-        "@chevrotain/types": "11.1.1",
+        "@chevrotain/gast": "11.1.2",
+        "@chevrotain/types": "11.1.2",
         "lodash-es": "4.17.23"
       }
     },
     "node_modules/@chevrotain/gast": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@chevrotain/gast/-/gast-11.1.1.tgz",
-      "integrity": "sha512-Ko/5vPEYy1vn5CbCjjvnSO4U7GgxyGm+dfUZZJIWTlQFkXkyym0jFYrWEU10hyCjrA7rQtiHtBr0EaZqvHFZvg==",
+      "version": "11.1.2",
+      "resolved": "https://registry.npmjs.org/@chevrotain/gast/-/gast-11.1.2.tgz",
+      "integrity": "sha512-Z9zfXR5jNZb1Hlsd/p+4XWeUFugrHirq36bKzPWDSIacV+GPSVXdk+ahVWZTwjhNwofAWg/sZg58fyucKSQx5g==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@chevrotain/types": "11.1.1",
+        "@chevrotain/types": "11.1.2",
         "lodash-es": "4.17.23"
       }
     },
     "node_modules/@chevrotain/regexp-to-ast": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@chevrotain/regexp-to-ast/-/regexp-to-ast-11.1.1.tgz",
-      "integrity": "sha512-ctRw1OKSXkOrR8VTvOxrQ5USEc4sNrfwXHa1NuTcR7wre4YbjPcKw+82C2uylg/TEwFRgwLmbhlln4qkmDyteg==",
+      "version": "11.1.2",
+      "resolved": "https://registry.npmjs.org/@chevrotain/regexp-to-ast/-/regexp-to-ast-11.1.2.tgz",
+      "integrity": "sha512-nMU3Uj8naWer7xpZTYJdxbAs6RIv/dxYzkYU8GSwgUtcAAlzjcPfX1w+RKRcYG8POlzMeayOQ/znfwxEGo5ulw==",
       "license": "Apache-2.0"
     },
     "node_modules/@chevrotain/types": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-11.1.1.tgz",
-      "integrity": "sha512-wb2ToxG8LkgPYnKe9FH8oGn3TMCBdnwiuNC5l5y+CtlaVRbCytU0kbVsk6CGrqTL4ZN4ksJa0TXOYbxpbthtqw==",
+      "version": "11.1.2",
+      "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-11.1.2.tgz",
+      "integrity": "sha512-U+HFai5+zmJCkK86QsaJtoITlboZHBqrVketcO2ROv865xfCMSFpELQoz1GkX5GzME8pTa+3kbKrZHQtI0gdbw==",
       "license": "Apache-2.0"
     },
     "node_modules/@chevrotain/utils": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/@chevrotain/utils/-/utils-11.1.1.tgz",
-      "integrity": "sha512-71eTYMzYXYSFPrbg/ZwftSaSDld7UYlS8OQa3lNnn9jzNtpFbaReRRyghzqS7rI3CDaorqpPJJcXGHK+FE1TVQ==",
+      "version": "11.1.2",
+      "resolved": "https://registry.npmjs.org/@chevrotain/utils/-/utils-11.1.2.tgz",
+      "integrity": "sha512-4mudFAQ6H+MqBTfqLmU7G1ZwRzCLfJEooL/fsF6rCX5eePMbGhoy5n4g+G4vlh2muDcsCTJtL+uKbOzWxs5LHA==",
       "license": "Apache-2.0"
     },
     "node_modules/@citation-js/core": {
@@ -745,9 +745,9 @@
       }
     },
     "node_modules/@codemirror/lint": {
-      "version": "6.9.2",
-      "resolved": "https://registry.npmjs.org/@codemirror/lint/-/lint-6.9.2.tgz",
-      "integrity": "sha512-sv3DylBiIyi+xKwRCJAAsBZZZWo82shJ/RTMymLabAdtbkV5cSKwWDeCgtUq3v8flTaXS2y1kKkICuRYtUswyQ==",
+      "version": "6.9.5",
+      "resolved": "https://registry.npmjs.org/@codemirror/lint/-/lint-6.9.5.tgz",
+      "integrity": "sha512-GElsbU9G7QT9xXhpUg1zWGmftA/7jamh+7+ydKRuT0ORpWS3wOSP0yT1FOlIZa7mIJjpVPipErsyvVqB9cfTFA==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.0.0",
@@ -811,9 +811,9 @@
       }
     },
     "node_modules/@csstools/css-syntax-patches-for-csstree": {
-      "version": "1.0.26",
-      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.0.26.tgz",
-      "integrity": "sha512-6boXK0KkzT5u5xOgF6TKB+CLq9SOpEGmkZw0g5n9/7yg85wab3UzSxB8TxhLJ31L4SGJ6BCFRw/iftTha1CJXA==",
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.1.2.tgz",
+      "integrity": "sha512-5GkLzz4prTIpoyeUiIu3iV6CSG3Plo7xRVOFPKI7FVEJ3mZ0A8SwK0XU3Gl7xAkiQ+mDyam+NNp875/C5y+jSA==",
       "dev": true,
       "funding": [
         {
@@ -825,7 +825,15 @@
           "url": "https://opencollective.com/csstools"
         }
       ],
-      "license": "MIT-0"
+      "license": "MIT-0",
+      "peerDependencies": {
+        "css-tree": "^3.2.1"
+      },
+      "peerDependenciesMeta": {
+        "css-tree": {
+          "optional": true
+        }
+      }
     },
     "node_modules/@csstools/css-tokenizer": {
       "version": "3.0.4",
@@ -894,10 +902,9 @@
       }
     },
     "node_modules/@csstools/selector-specificity": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz",
-      "integrity": "sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==",
-      "dev": true,
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-6.0.0.tgz",
+      "integrity": "sha512-4sSgl78OtOXEX/2d++8A83zHNTgwCJMaR24FvsYL7Uf/VS8HZk9PTwR51elTbGqMuwH3szLvvOXEaVnqn0Z3zA==",
       "funding": [
         {
           "type": "github",
@@ -910,10 +917,10 @@
       ],
       "license": "MIT-0",
       "engines": {
-        "node": ">=18"
+        "node": ">=20.19.0"
       },
       "peerDependencies": {
-        "postcss-selector-parser": "^7.0.0"
+        "postcss-selector-parser": "^7.1.1"
       }
     },
     "node_modules/@discoveryjs/json-ext": {
@@ -937,21 +944,21 @@
       }
     },
     "node_modules/@emnapi/core": {
-      "version": "1.8.1",
-      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.8.1.tgz",
-      "integrity": "sha512-AvT9QFpxK0Zd8J0jopedNm+w/2fIzvtPKPjqyw9jwvBaReTTqPBk9Hixaz7KbjimP+QNz605/XnjFcDAL2pqBg==",
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.9.1.tgz",
+      "integrity": "sha512-mukuNALVsoix/w1BJwFzwXBN/dHeejQtuVzcDsfOEsdpCumXb/E9j8w11h5S54tT1xhifGfbbSm/ICrObRb3KA==",
       "dev": true,
       "license": "MIT",
       "optional": true,
       "dependencies": {
-        "@emnapi/wasi-threads": "1.1.0",
+        "@emnapi/wasi-threads": "1.2.0",
         "tslib": "^2.4.0"
       }
     },
     "node_modules/@emnapi/runtime": {
-      "version": "1.8.1",
-      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.8.1.tgz",
-      "integrity": "sha512-mehfKSMWjjNol8659Z8KxEMrdSJDDot5SXMq00dM8BN4o+CLNXQ0xH2V7EchNHV4RmbZLmmPdEaXZc5H2FXmDg==",
+      "version": "1.9.1",
+      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.9.1.tgz",
+      "integrity": "sha512-VYi5+ZVLhpgK4hQ0TAjiQiZ6ol0oe4mBx7mVv7IflsiEp0OWoVsp/+f9Vc1hOhE0TtkORVrI1GvzyreqpgWtkA==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -960,9 +967,9 @@
       }
     },
     "node_modules/@emnapi/wasi-threads": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.1.0.tgz",
-      "integrity": "sha512-WI0DdZ8xFSbgMjR1sFsKABJ/C5OnRrjT06JXbZKexJGrDuPTzZdDYfFlsgcCXCyf+suG5QU2e/y1Wo2V/OapLQ==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.2.0.tgz",
+      "integrity": "sha512-N10dEJNSsUx41Z6pZsXU8FjPjpBEplgH24sfkmITrBED1/U2Esum9F3lfLrMjKHHjmi557zQn7kR9R+XWXu5Rg==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -971,9 +978,9 @@
       }
     },
     "node_modules/@esbuild/aix-ppc64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.2.tgz",
-      "integrity": "sha512-GZMB+a0mOMZs4MpDbj8RJp4cw+w1WV5NYD6xzgvzUJ5Ek2jerwfO2eADyI6ExDSUED+1X8aMbegahsJi+8mgpw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.4.tgz",
+      "integrity": "sha512-cQPwL2mp2nSmHHJlCyoXgHGhbEPMrEEU5xhkcy3Hs/O7nGZqEpZ2sUtLaL9MORLtDfRvVl2/3PAuEkYZH0Ty8Q==",
       "cpu": [
         "ppc64"
       ],
@@ -987,9 +994,9 @@
       }
     },
     "node_modules/@esbuild/android-arm": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.2.tgz",
-      "integrity": "sha512-DVNI8jlPa7Ujbr1yjU2PfUSRtAUZPG9I1RwW4F4xFB1Imiu2on0ADiI/c3td+KmDtVKNbi+nffGDQMfcIMkwIA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.4.tgz",
+      "integrity": "sha512-X9bUgvxiC8CHAGKYufLIHGXPJWnr0OCdR0anD2e21vdvgCI8lIfqFbnoeOz7lBjdrAGUhqLZLcQo6MLhTO2DKQ==",
       "cpu": [
         "arm"
       ],
@@ -1003,9 +1010,9 @@
       }
     },
     "node_modules/@esbuild/android-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.2.tgz",
-      "integrity": "sha512-pvz8ZZ7ot/RBphf8fv60ljmaoydPU12VuXHImtAs0XhLLw+EXBi2BLe3OYSBslR4rryHvweW5gmkKFwTiFy6KA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.4.tgz",
+      "integrity": "sha512-gdLscB7v75wRfu7QSm/zg6Rx29VLdy9eTr2t44sfTW7CxwAtQghZ4ZnqHk3/ogz7xao0QAgrkradbBzcqFPasw==",
       "cpu": [
         "arm64"
       ],
@@ -1019,9 +1026,9 @@
       }
     },
     "node_modules/@esbuild/android-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.2.tgz",
-      "integrity": "sha512-z8Ank4Byh4TJJOh4wpz8g2vDy75zFL0TlZlkUkEwYXuPSgX8yzep596n6mT7905kA9uHZsf/o2OJZubl2l3M7A==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.4.tgz",
+      "integrity": "sha512-PzPFnBNVF292sfpfhiyiXCGSn9HZg5BcAz+ivBuSsl6Rk4ga1oEXAamhOXRFyMcjwr2DVtm40G65N3GLeH1Lvw==",
       "cpu": [
         "x64"
       ],
@@ -1035,9 +1042,9 @@
       }
     },
     "node_modules/@esbuild/darwin-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.2.tgz",
-      "integrity": "sha512-davCD2Zc80nzDVRwXTcQP/28fiJbcOwvdolL0sOiOsbwBa72kegmVU0Wrh1MYrbuCL98Omp5dVhQFWRKR2ZAlg==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.4.tgz",
+      "integrity": "sha512-b7xaGIwdJlht8ZFCvMkpDN6uiSmnxxK56N2GDTMYPr2/gzvfdQN8rTfBsvVKmIVY/X7EM+/hJKEIbbHs9oA4tQ==",
       "cpu": [
         "arm64"
       ],
@@ -1051,9 +1058,9 @@
       }
     },
     "node_modules/@esbuild/darwin-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.2.tgz",
-      "integrity": "sha512-ZxtijOmlQCBWGwbVmwOF/UCzuGIbUkqB1faQRf5akQmxRJ1ujusWsb3CVfk/9iZKr2L5SMU5wPBi1UWbvL+VQA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.4.tgz",
+      "integrity": "sha512-sR+OiKLwd15nmCdqpXMnuJ9W2kpy0KigzqScqHI3Hqwr7IXxBp3Yva+yJwoqh7rE8V77tdoheRYataNKL4QrPw==",
       "cpu": [
         "x64"
       ],
@@ -1067,9 +1074,9 @@
       }
     },
     "node_modules/@esbuild/freebsd-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.2.tgz",
-      "integrity": "sha512-lS/9CN+rgqQ9czogxlMcBMGd+l8Q3Nj1MFQwBZJyoEKI50XGxwuzznYdwcav6lpOGv5BqaZXqvBSiB/kJ5op+g==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.4.tgz",
+      "integrity": "sha512-jnfpKe+p79tCnm4GVav68A7tUFeKQwQyLgESwEAUzyxk/TJr4QdGog9sqWNcUbr/bZt/O/HXouspuQDd9JxFSw==",
       "cpu": [
         "arm64"
       ],
@@ -1083,9 +1090,9 @@
       }
     },
     "node_modules/@esbuild/freebsd-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.2.tgz",
-      "integrity": "sha512-tAfqtNYb4YgPnJlEFu4c212HYjQWSO/w/h/lQaBK7RbwGIkBOuNKQI9tqWzx7Wtp7bTPaGC6MJvWI608P3wXYA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.4.tgz",
+      "integrity": "sha512-2kb4ceA/CpfUrIcTUl1wrP/9ad9Atrp5J94Lq69w7UwOMolPIGrfLSvAKJp0RTvkPPyn6CIWrNy13kyLikZRZQ==",
       "cpu": [
         "x64"
       ],
@@ -1099,9 +1106,9 @@
       }
     },
     "node_modules/@esbuild/linux-arm": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.2.tgz",
-      "integrity": "sha512-vWfq4GaIMP9AIe4yj1ZUW18RDhx6EPQKjwe7n8BbIecFtCQG4CfHGaHuh7fdfq+y3LIA2vGS/o9ZBGVxIDi9hw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.4.tgz",
+      "integrity": "sha512-aBYgcIxX/wd5n2ys0yESGeYMGF+pv6g0DhZr3G1ZG4jMfruU9Tl1i2Z+Wnj9/KjGz1lTLCcorqE2viePZqj4Eg==",
       "cpu": [
         "arm"
       ],
@@ -1115,9 +1122,9 @@
       }
     },
     "node_modules/@esbuild/linux-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.2.tgz",
-      "integrity": "sha512-hYxN8pr66NsCCiRFkHUAsxylNOcAQaxSSkHMMjcpx0si13t1LHFphxJZUiGwojB1a/Hd5OiPIqDdXONia6bhTw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.4.tgz",
+      "integrity": "sha512-7nQOttdzVGth1iz57kxg9uCz57dxQLHWxopL6mYuYthohPKEK0vU0C3O21CcBK6KDlkYVcnDXY099HcCDXd9dA==",
       "cpu": [
         "arm64"
       ],
@@ -1131,9 +1138,9 @@
       }
     },
     "node_modules/@esbuild/linux-ia32": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.2.tgz",
-      "integrity": "sha512-MJt5BRRSScPDwG2hLelYhAAKh9imjHK5+NE/tvnRLbIqUWa+0E9N4WNMjmp/kXXPHZGqPLxggwVhz7QP8CTR8w==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.4.tgz",
+      "integrity": "sha512-oPtixtAIzgvzYcKBQM/qZ3R+9TEUd1aNJQu0HhGyqtx6oS7qTpvjheIWBbes4+qu1bNlo2V4cbkISr8q6gRBFA==",
       "cpu": [
         "ia32"
       ],
@@ -1147,9 +1154,9 @@
       }
     },
     "node_modules/@esbuild/linux-loong64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.2.tgz",
-      "integrity": "sha512-lugyF1atnAT463aO6KPshVCJK5NgRnU4yb3FUumyVz+cGvZbontBgzeGFO1nF+dPueHD367a2ZXe1NtUkAjOtg==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.4.tgz",
+      "integrity": "sha512-8mL/vh8qeCoRcFH2nM8wm5uJP+ZcVYGGayMavi8GmRJjuI3g1v6Z7Ni0JJKAJW+m0EtUuARb6Lmp4hMjzCBWzA==",
       "cpu": [
         "loong64"
       ],
@@ -1163,9 +1170,9 @@
       }
     },
     "node_modules/@esbuild/linux-mips64el": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.2.tgz",
-      "integrity": "sha512-nlP2I6ArEBewvJ2gjrrkESEZkB5mIoaTswuqNFRv/WYd+ATtUpe9Y09RnJvgvdag7he0OWgEZWhviS1OTOKixw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.4.tgz",
+      "integrity": "sha512-1RdrWFFiiLIW7LQq9Q2NES+HiD4NyT8Itj9AUeCl0IVCA459WnPhREKgwrpaIfTOe+/2rdntisegiPWn/r/aAw==",
       "cpu": [
         "mips64el"
       ],
@@ -1179,9 +1186,9 @@
       }
     },
     "node_modules/@esbuild/linux-ppc64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.2.tgz",
-      "integrity": "sha512-C92gnpey7tUQONqg1n6dKVbx3vphKtTHJaNG2Ok9lGwbZil6DrfyecMsp9CrmXGQJmZ7iiVXvvZH6Ml5hL6XdQ==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.4.tgz",
+      "integrity": "sha512-tLCwNG47l3sd9lpfyx9LAGEGItCUeRCWeAx6x2Jmbav65nAwoPXfewtAdtbtit/pJFLUWOhpv0FpS6GQAmPrHA==",
       "cpu": [
         "ppc64"
       ],
@@ -1195,9 +1202,9 @@
       }
     },
     "node_modules/@esbuild/linux-riscv64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.2.tgz",
-      "integrity": "sha512-B5BOmojNtUyN8AXlK0QJyvjEZkWwy/FKvakkTDCziX95AowLZKR6aCDhG7LeF7uMCXEJqwa8Bejz5LTPYm8AvA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.4.tgz",
+      "integrity": "sha512-BnASypppbUWyqjd1KIpU4AUBiIhVr6YlHx/cnPgqEkNoVOhHg+YiSVxM1RLfiy4t9cAulbRGTNCKOcqHrEQLIw==",
       "cpu": [
         "riscv64"
       ],
@@ -1211,9 +1218,9 @@
       }
     },
     "node_modules/@esbuild/linux-s390x": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.2.tgz",
-      "integrity": "sha512-p4bm9+wsPwup5Z8f4EpfN63qNagQ47Ua2znaqGH6bqLlmJ4bx97Y9JdqxgGZ6Y8xVTixUnEkoKSHcpRlDnNr5w==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.4.tgz",
+      "integrity": "sha512-+eUqgb/Z7vxVLezG8bVB9SfBie89gMueS+I0xYh2tJdw3vqA/0ImZJ2ROeWwVJN59ihBeZ7Tu92dF/5dy5FttA==",
       "cpu": [
         "s390x"
       ],
@@ -1227,9 +1234,9 @@
       }
     },
     "node_modules/@esbuild/linux-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.2.tgz",
-      "integrity": "sha512-uwp2Tip5aPmH+NRUwTcfLb+W32WXjpFejTIOWZFw/v7/KnpCDKG66u4DLcurQpiYTiYwQ9B7KOeMJvLCu/OvbA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.4.tgz",
+      "integrity": "sha512-S5qOXrKV8BQEzJPVxAwnryi2+Iq5pB40gTEIT69BQONqR7JH1EPIcQ/Uiv9mCnn05jff9umq/5nqzxlqTOg9NA==",
       "cpu": [
         "x64"
       ],
@@ -1243,9 +1250,9 @@
       }
     },
     "node_modules/@esbuild/netbsd-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.2.tgz",
-      "integrity": "sha512-Kj6DiBlwXrPsCRDeRvGAUb/LNrBASrfqAIok+xB0LxK8CHqxZ037viF13ugfsIpePH93mX7xfJp97cyDuTZ3cw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.4.tgz",
+      "integrity": "sha512-xHT8X4sb0GS8qTqiwzHqpY00C95DPAq7nAwX35Ie/s+LO9830hrMd3oX0ZMKLvy7vsonee73x0lmcdOVXFzd6Q==",
       "cpu": [
         "arm64"
       ],
@@ -1259,9 +1266,9 @@
       }
     },
     "node_modules/@esbuild/netbsd-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.2.tgz",
-      "integrity": "sha512-HwGDZ0VLVBY3Y+Nw0JexZy9o/nUAWq9MlV7cahpaXKW6TOzfVno3y3/M8Ga8u8Yr7GldLOov27xiCnqRZf0tCA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.4.tgz",
+      "integrity": "sha512-RugOvOdXfdyi5Tyv40kgQnI0byv66BFgAqjdgtAKqHoZTbTF2QqfQrFwa7cHEORJf6X2ht+l9ABLMP0dnKYsgg==",
       "cpu": [
         "x64"
       ],
@@ -1275,9 +1282,9 @@
       }
     },
     "node_modules/@esbuild/openbsd-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.2.tgz",
-      "integrity": "sha512-DNIHH2BPQ5551A7oSHD0CKbwIA/Ox7+78/AWkbS5QoRzaqlev2uFayfSxq68EkonB+IKjiuxBFoV8ESJy8bOHA==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.4.tgz",
+      "integrity": "sha512-2MyL3IAaTX+1/qP0O1SwskwcwCoOI4kV2IBX1xYnDDqthmq5ArrW94qSIKCAuRraMgPOmG0RDTA74mzYNQA9ow==",
       "cpu": [
         "arm64"
       ],
@@ -1291,9 +1298,9 @@
       }
     },
     "node_modules/@esbuild/openbsd-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.2.tgz",
-      "integrity": "sha512-/it7w9Nb7+0KFIzjalNJVR5bOzA9Vay+yIPLVHfIQYG/j+j9VTH84aNB8ExGKPU4AzfaEvN9/V4HV+F+vo8OEg==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.4.tgz",
+      "integrity": "sha512-u8fg/jQ5aQDfsnIV6+KwLOf1CmJnfu1ShpwqdwC0uA7ZPwFws55Ngc12vBdeUdnuWoQYx/SOQLGDcdlfXhYmXQ==",
       "cpu": [
         "x64"
       ],
@@ -1307,9 +1314,9 @@
       }
     },
     "node_modules/@esbuild/openharmony-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.2.tgz",
-      "integrity": "sha512-LRBbCmiU51IXfeXk59csuX/aSaToeG7w48nMwA6049Y4J4+VbWALAuXcs+qcD04rHDuSCSRKdmY63sruDS5qag==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.4.tgz",
+      "integrity": "sha512-JkTZrl6VbyO8lDQO3yv26nNr2RM2yZzNrNHEsj9bm6dOwwu9OYN28CjzZkH57bh4w0I2F7IodpQvUAEd1mbWXg==",
       "cpu": [
         "arm64"
       ],
@@ -1323,9 +1330,9 @@
       }
     },
     "node_modules/@esbuild/sunos-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.2.tgz",
-      "integrity": "sha512-kMtx1yqJHTmqaqHPAzKCAkDaKsffmXkPHThSfRwZGyuqyIeBvf08KSsYXl+abf5HDAPMJIPnbBfXvP2ZC2TfHg==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.4.tgz",
+      "integrity": "sha512-/gOzgaewZJfeJTlsWhvUEmUG4tWEY2Spp5M20INYRg2ZKl9QPO3QEEgPeRtLjEWSW8FilRNacPOg8R1uaYkA6g==",
       "cpu": [
         "x64"
       ],
@@ -1339,9 +1346,9 @@
       }
     },
     "node_modules/@esbuild/win32-arm64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.2.tgz",
-      "integrity": "sha512-Yaf78O/B3Kkh+nKABUF++bvJv5Ijoy9AN1ww904rOXZFLWVc5OLOfL56W+C8F9xn5JQZa3UX6m+IktJnIb1Jjg==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.4.tgz",
+      "integrity": "sha512-Z9SExBg2y32smoDQdf1HRwHRt6vAHLXcxD2uGgO/v2jK7Y718Ix4ndsbNMU/+1Qiem9OiOdaqitioZwxivhXYg==",
       "cpu": [
         "arm64"
       ],
@@ -1355,9 +1362,9 @@
       }
     },
     "node_modules/@esbuild/win32-ia32": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.2.tgz",
-      "integrity": "sha512-Iuws0kxo4yusk7sw70Xa2E2imZU5HoixzxfGCdxwBdhiDgt9vX9VUCBhqcwY7/uh//78A1hMkkROMJq9l27oLQ==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.4.tgz",
+      "integrity": "sha512-DAyGLS0Jz5G5iixEbMHi5KdiApqHBWMGzTtMiJ72ZOLhbu/bzxgAe8Ue8CTS3n3HbIUHQz/L51yMdGMeoxXNJw==",
       "cpu": [
         "ia32"
       ],
@@ -1371,9 +1378,9 @@
       }
     },
     "node_modules/@esbuild/win32-x64": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.2.tgz",
-      "integrity": "sha512-sRdU18mcKf7F+YgheI/zGf5alZatMUTKj/jNS6l744f9u3WFu4v7twcUI9vu4mknF4Y9aDlblIie0IM+5xxaqQ==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.4.tgz",
+      "integrity": "sha512-+knoa0BDoeXgkNvvV1vvbZX4+hizelrkwmGJBdT17t8FNPwG2lKemmuMZlmaNQ3ws3DKKCxpb4zRZEIp3UxFCg==",
       "cpu": [
         "x64"
       ],
@@ -1406,16 +1413,6 @@
         "eslint": "^6.0.0 || ^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0"
       }
     },
-    "node_modules/@eslint-community/eslint-plugin-eslint-comments/node_modules/ignore": {
-      "version": "7.0.5",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz",
-      "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">= 4"
-      }
-    },
     "node_modules/@eslint-community/eslint-utils": {
       "version": "4.9.1",
       "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.1.tgz",
@@ -1473,6 +1470,24 @@
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
       }
     },
+    "node_modules/@eslint/config-array/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@eslint/config-array/node_modules/brace-expansion": {
+      "version": "1.1.13",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
     "node_modules/@eslint/config-array/node_modules/minimatch": {
       "version": "3.1.5",
       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
@@ -1553,6 +1568,24 @@
         "url": "https://github.com/sponsors/epoberezkin"
       }
     },
+    "node_modules/@eslint/eslintrc/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@eslint/eslintrc/node_modules/brace-expansion": {
+      "version": "1.1.13",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
     "node_modules/@eslint/eslintrc/node_modules/globals": {
       "version": "14.0.0",
       "resolved": "https://registry.npmjs.org/globals/-/globals-14.0.0.tgz",
@@ -1566,6 +1599,16 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/@eslint/eslintrc/node_modules/ignore": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
+      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
     "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
@@ -1737,9 +1780,9 @@
       }
     },
     "node_modules/@img/colour": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@img/colour/-/colour-1.0.0.tgz",
-      "integrity": "sha512-A5P/LfWGFSl6nsckYtjw9da+19jB8hkJ6ACTGcDfEJ0aE+l2n2El7dsVM7UVHZQ9s2lmYMWlrS21YLy2IR1LUw==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@img/colour/-/colour-1.1.0.tgz",
+      "integrity": "sha512-Td76q7j57o/tLVdgS746cYARfSyxk8iEfRxewL9h4OMzYhbW4TAcppl0mT4eyqXddh6L/jwoM75mo7ixa/pCeQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -1834,6 +1877,9 @@
         "arm"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1851,6 +1897,9 @@
         "arm64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1868,6 +1917,9 @@
         "ppc64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1885,6 +1937,9 @@
         "riscv64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1902,6 +1957,9 @@
         "s390x"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1919,6 +1977,9 @@
         "x64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1936,6 +1997,9 @@
         "arm64"
       ],
       "dev": true,
+      "libc": [
+        "musl"
+      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1953,6 +2017,9 @@
         "x64"
       ],
       "dev": true,
+      "libc": [
+        "musl"
+      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1970,6 +2037,9 @@
         "arm"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -1993,6 +2063,9 @@
         "arm64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -2016,6 +2089,9 @@
         "ppc64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -2039,6 +2115,9 @@
         "riscv64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -2062,6 +2141,9 @@
         "s390x"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -2085,6 +2167,9 @@
         "x64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -2108,6 +2193,9 @@
         "arm64"
       ],
       "dev": true,
+      "libc": [
+        "musl"
+      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -2131,6 +2219,9 @@
         "x64"
       ],
       "dev": true,
+      "libc": [
+        "musl"
+      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -2319,13 +2410,13 @@
       }
     },
     "node_modules/@isaacs/cliui/node_modules/strip-ansi": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz",
-      "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
+      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "ansi-regex": "^6.0.1"
+        "ansi-regex": "^6.2.2"
       },
       "engines": {
         "node": ">=12"
@@ -2450,9 +2541,9 @@
       "license": "MIT"
     },
     "node_modules/@lezer/common": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/@lezer/common/-/common-1.5.0.tgz",
-      "integrity": "sha512-PNGcolp9hr4PJdXR4ix7XtixDrClScvtSCYW3rQG106oVMOOI+jFb+0+J3mbeL/53g1Zd6s0kJzaw6Ri68GmAA==",
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/@lezer/common/-/common-1.5.1.tgz",
+      "integrity": "sha512-6YRVG9vBkaY7p1IVxL4s44n5nUnaNnGM2/AckNgYOnxTG2kWh1vR8BMxPseWPjRNpb5VtXnMpeYAEAADoRV1Iw==",
       "license": "MIT"
     },
     "node_modules/@lezer/cpp": {
@@ -2467,9 +2558,9 @@
       }
     },
     "node_modules/@lezer/css": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/@lezer/css/-/css-1.3.0.tgz",
-      "integrity": "sha512-pBL7hup88KbI7hXnZV3PQsn43DHy6TWyzuyk2AO9UyoXcDltvIdqWKE1dLL/45JVZ+YZkHe1WVHqO6wugZZWcw==",
+      "version": "1.3.3",
+      "resolved": "https://registry.npmjs.org/@lezer/css/-/css-1.3.3.tgz",
+      "integrity": "sha512-RzBo8r+/6QJeow7aPHIpGVIH59xTcJXp399820gZoMo9noQDRVpJLheIBUicYwKcsbOYoBRoLZlf2720dG/4Tg==",
       "license": "MIT",
       "dependencies": {
         "@lezer/common": "^1.2.0",
@@ -2616,9 +2707,9 @@
       }
     },
     "node_modules/@lezer/yaml": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/@lezer/yaml/-/yaml-1.0.3.tgz",
-      "integrity": "sha512-GuBLekbw9jDBDhGur82nuwkxKQ+a3W5H0GfaAthDXcAu+XdpS43VlnxA9E9hllkpSP5ellRDKjLLj7Lu9Wr6xA==",
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/@lezer/yaml/-/yaml-1.0.4.tgz",
+      "integrity": "sha512-2lrrHqxalACEbxIbsjhqGpSW8kWpUKuY6RHgnSAFZa6qK62wvnPxA8hGOwOoDbwHcOFs5M4o27mjGu+P7TvBmw==",
       "license": "MIT",
       "dependencies": {
         "@lezer/common": "^1.2.0",
@@ -2699,9 +2790,9 @@
       }
     },
     "node_modules/@mermaid-js/parser": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-1.0.1.tgz",
-      "integrity": "sha512-opmV19kN1JsK0T6HhhokHpcVkqKpF+x2pPDKKM2ThHtZAB5F4PROopk0amuVYK5qMrIA4erzpNm8gmPNJgMDxQ==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-1.1.0.tgz",
+      "integrity": "sha512-gxK9ZX2+Fex5zu8LhRQoMeMPEHbc73UKZ0FQ54YrQtUxE1VVhMwzeNtKRPAu5aXks4FasbMe4xB4bWrmq6Jlxw==",
       "license": "MIT",
       "dependencies": {
         "langium": "^4.0.0"
@@ -2787,6 +2878,16 @@
       "dev": true,
       "license": "MIT"
     },
+    "node_modules/@oxc-project/types": {
+      "version": "0.122.0",
+      "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.122.0.tgz",
+      "integrity": "sha512-oLAl5kBpV4w69UtFZ9xqcmTi+GENWOcPF7FCrczTiBbmC0ibXxCwyvZGbO39rCVEuLGAZM84DH0pUIyyv/YJzA==",
+      "dev": true,
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/Boshen"
+      }
+    },
     "node_modules/@package-json/types": {
       "version": "0.0.12",
       "resolved": "https://registry.npmjs.org/@package-json/types/-/types-0.0.12.tgz",
@@ -2840,6 +2941,298 @@
         "object-assign": "^4.1.1"
       }
     },
+    "node_modules/@rolldown/binding-android-arm64": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-android-arm64/-/binding-android-arm64-1.0.0-rc.12.tgz",
+      "integrity": "sha512-pv1y2Fv0JybcykuiiD3qBOBdz6RteYojRFY1d+b95WVuzx211CRh+ytI/+9iVyWQ6koTh5dawe4S/yRfOFjgaA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-darwin-arm64": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-arm64/-/binding-darwin-arm64-1.0.0-rc.12.tgz",
+      "integrity": "sha512-cFYr6zTG/3PXXF3pUO+umXxt1wkRK/0AYT8lDwuqvRC+LuKYWSAQAQZjCWDQpAH172ZV6ieYrNnFzVVcnSflAg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-darwin-x64": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-x64/-/binding-darwin-x64-1.0.0-rc.12.tgz",
+      "integrity": "sha512-ZCsYknnHzeXYps0lGBz8JrF37GpE9bFVefrlmDrAQhOEi4IOIlcoU1+FwHEtyXGx2VkYAvhu7dyBf75EJQffBw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-freebsd-x64": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-freebsd-x64/-/binding-freebsd-x64-1.0.0-rc.12.tgz",
+      "integrity": "sha512-dMLeprcVsyJsKolRXyoTH3NL6qtsT0Y2xeuEA8WQJquWFXkEC4bcu1rLZZSnZRMtAqwtrF/Ib9Ddtpa/Gkge9Q==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-arm-gnueabihf": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.0.0-rc.12.tgz",
+      "integrity": "sha512-YqWjAgGC/9M1lz3GR1r1rP79nMgo3mQiiA+Hfo+pvKFK1fAJ1bCi0ZQVh8noOqNacuY1qIcfyVfP6HoyBRZ85Q==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-arm64-gnu": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.0.0-rc.12.tgz",
+      "integrity": "sha512-/I5AS4cIroLpslsmzXfwbe5OmWvSsrFuEw3mwvbQ1kDxJ822hFHIx+vsN/TAzNVyepI/j/GSzrtCIwQPeKCLIg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-arm64-musl": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.0.0-rc.12.tgz",
+      "integrity": "sha512-V6/wZztnBqlx5hJQqNWwFdxIKN0m38p8Jas+VoSfgH54HSj9tKTt1dZvG6JRHcjh6D7TvrJPWFGaY9UBVOaWPw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-ppc64-gnu": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.0.0-rc.12.tgz",
+      "integrity": "sha512-AP3E9BpcUYliZCxa3w5Kwj9OtEVDYK6sVoUzy4vTOJsjPOgdaJZKFmN4oOlX0Wp0RPV2ETfmIra9x1xuayFB7g==",
+      "cpu": [
+        "ppc64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-s390x-gnu": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.0.0-rc.12.tgz",
+      "integrity": "sha512-nWwpvUSPkoFmZo0kQazZYOrT7J5DGOJ/+QHHzjvNlooDZED8oH82Yg67HvehPPLAg5fUff7TfWFHQS8IV1n3og==",
+      "cpu": [
+        "s390x"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-x64-gnu": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.0.0-rc.12.tgz",
+      "integrity": "sha512-RNrafz5bcwRy+O9e6P8Z/OCAJW/A+qtBczIqVYwTs14pf4iV1/+eKEjdOUta93q2TsT/FI0XYDP3TCky38LMAg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-linux-x64-musl": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-musl/-/binding-linux-x64-musl-1.0.0-rc.12.tgz",
+      "integrity": "sha512-Jpw/0iwoKWx3LJ2rc1yjFrj+T7iHZn2JDg1Yny1ma0luviFS4mhAIcd1LFNxK3EYu3DHWCps0ydXQ5i/rrJ2ig==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-openharmony-arm64": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-openharmony-arm64/-/binding-openharmony-arm64-1.0.0-rc.12.tgz",
+      "integrity": "sha512-vRugONE4yMfVn0+7lUKdKvN4D5YusEiPilaoO2sgUWpCvrncvWgPMzK00ZFFJuiPgLwgFNP5eSiUlv2tfc+lpA==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "openharmony"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-wasm32-wasi": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-wasm32-wasi/-/binding-wasm32-wasi-1.0.0-rc.12.tgz",
+      "integrity": "sha512-ykGiLr/6kkiHc0XnBfmFJuCjr5ZYKKofkx+chJWDjitX+KsJuAmrzWhwyOMSHzPhzOHOy7u9HlFoa5MoAOJ/Zg==",
+      "cpu": [
+        "wasm32"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@napi-rs/wasm-runtime": "^1.1.1"
+      },
+      "engines": {
+        "node": ">=14.0.0"
+      }
+    },
+    "node_modules/@rolldown/binding-wasm32-wasi/node_modules/@napi-rs/wasm-runtime": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.2.tgz",
+      "integrity": "sha512-sNXv5oLJ7ob93xkZ1XnxisYhGYXfaG9f65/ZgYuAu3qt7b3NadcOEhLvx28hv31PgX8SZJRYrAIPQilQmFpLVw==",
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "dependencies": {
+        "@tybys/wasm-util": "^0.10.1"
+      },
+      "funding": {
+        "type": "github",
+        "url": "https://github.com/sponsors/Brooooooklyn"
+      },
+      "peerDependencies": {
+        "@emnapi/core": "^1.7.1",
+        "@emnapi/runtime": "^1.7.1"
+      }
+    },
+    "node_modules/@rolldown/binding-win32-arm64-msvc": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.0.0-rc.12.tgz",
+      "integrity": "sha512-5eOND4duWkwx1AzCxadcOrNeighiLwMInEADT0YM7xeEOOFcovWZCq8dadXgcRHSf3Ulh1kFo/qvzoFiCLOL1Q==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
+    "node_modules/@rolldown/binding-win32-x64-msvc": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.0.0-rc.12.tgz",
+      "integrity": "sha512-PyqoipaswDLAZtot351MLhrlrh6lcZPo2LSYE+VDxbVk24LVKAGOuE4hb8xZQmrPAuEtTZW8E6D2zc5EUZX4Lw==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MIT",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      }
+    },
     "node_modules/@rolldown/pluginutils": {
       "version": "1.0.0-rc.2",
       "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-rc.2.tgz",
@@ -2894,356 +3287,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.56.0.tgz",
-      "integrity": "sha512-LNKIPA5k8PF1+jAFomGe3qN3bbIgJe/IlpDBwuVjrDKrJhVWywgnJvflMt/zkbVNLFtF1+94SljYQS6e99klnw==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ]
-    },
-    "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.56.0.tgz",
-      "integrity": "sha512-lfbVUbelYqXlYiU/HApNMJzT1E87UPGvzveGg2h0ktUNlOCxKlWuJ9jtfvs1sKHdwU4fzY7Pl8sAl49/XaEk6Q==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "android"
-      ]
-    },
-    "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.56.0.tgz",
-      "integrity": "sha512-EgxD1ocWfhoD6xSOeEEwyE7tDvwTgZc8Bss7wCWe+uc7wO8G34HHCUH+Q6cHqJubxIAnQzAsyUsClt0yFLu06w==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ]
-    },
-    "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.56.0.tgz",
-      "integrity": "sha512-1vXe1vcMOssb/hOF8iv52A7feWW2xnu+c8BV4t1F//m9QVLTfNVpEdja5ia762j/UEJe2Z1jAmEqZAK42tVW3g==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "darwin"
-      ]
-    },
-    "node_modules/@rollup/rollup-freebsd-arm64": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.56.0.tgz",
-      "integrity": "sha512-bof7fbIlvqsyv/DtaXSck4VYQ9lPtoWNFCB/JY4snlFuJREXfZnm+Ej6yaCHfQvofJDXLDMTVxWscVSuQvVWUQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ]
-    },
-    "node_modules/@rollup/rollup-freebsd-x64": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.56.0.tgz",
-      "integrity": "sha512-KNa6lYHloW+7lTEkYGa37fpvPq+NKG/EHKM8+G/g9WDU7ls4sMqbVRV78J6LdNuVaeeK5WB9/9VAFbKxcbXKYg==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "freebsd"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.56.0.tgz",
-      "integrity": "sha512-E8jKK87uOvLrrLN28jnAAAChNq5LeCd2mGgZF+fGF5D507WlG/Noct3lP/QzQ6MrqJ5BCKNwI9ipADB6jyiq2A==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.56.0.tgz",
-      "integrity": "sha512-jQosa5FMYF5Z6prEpTCCmzCXz6eKr/tCBssSmQGEeozA9tkRUty/5Vx06ibaOP9RCrW1Pvb8yp3gvZhHwTDsJw==",
-      "cpu": [
-        "arm"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.56.0.tgz",
-      "integrity": "sha512-uQVoKkrC1KGEV6udrdVahASIsaF8h7iLG0U0W+Xn14ucFwi6uS539PsAr24IEF9/FoDtzMeeJXJIBo5RkbNWvQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.56.0.tgz",
-      "integrity": "sha512-vLZ1yJKLxhQLFKTs42RwTwa6zkGln+bnXc8ueFGMYmBTLfNu58sl5/eXyxRa2RarTkJbXl8TKPgfS6V5ijNqEA==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-loong64-gnu": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.56.0.tgz",
-      "integrity": "sha512-FWfHOCub564kSE3xJQLLIC/hbKqHSVxy8vY75/YHHzWvbJL7aYJkdgwD/xGfUlL5UV2SB7otapLrcCj2xnF1dg==",
-      "cpu": [
-        "loong64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-loong64-musl": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.56.0.tgz",
-      "integrity": "sha512-z1EkujxIh7nbrKL1lmIpqFTc/sr0u8Uk0zK/qIEFldbt6EDKWFk/pxFq3gYj4Bjn3aa9eEhYRlL3H8ZbPT1xvA==",
-      "cpu": [
-        "loong64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-ppc64-gnu": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.56.0.tgz",
-      "integrity": "sha512-iNFTluqgdoQC7AIE8Q34R3AuPrJGJirj5wMUErxj22deOcY7XwZRaqYmB6ZKFHoVGqRcRd0mqO+845jAibKCkw==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-ppc64-musl": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.56.0.tgz",
-      "integrity": "sha512-MtMeFVlD2LIKjp2sE2xM2slq3Zxf9zwVuw0jemsxvh1QOpHSsSzfNOTH9uYW9i1MXFxUSMmLpeVeUzoNOKBaWg==",
-      "cpu": [
-        "ppc64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.56.0.tgz",
-      "integrity": "sha512-in+v6wiHdzzVhYKXIk5U74dEZHdKN9KH0Q4ANHOTvyXPG41bajYRsy7a8TPKbYPl34hU7PP7hMVHRvv/5aCSew==",
-      "cpu": [
-        "riscv64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-riscv64-musl": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.56.0.tgz",
-      "integrity": "sha512-yni2raKHB8m9NQpI9fPVwN754mn6dHQSbDTwxdr9SE0ks38DTjLMMBjrwvB5+mXrX+C0npX0CVeCUcvvvD8CNQ==",
-      "cpu": [
-        "riscv64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.56.0.tgz",
-      "integrity": "sha512-zhLLJx9nQPu7wezbxt2ut+CI4YlXi68ndEve16tPc/iwoylWS9B3FxpLS2PkmfYgDQtosah07Mj9E0khc3Y+vQ==",
-      "cpu": [
-        "s390x"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.56.0.tgz",
-      "integrity": "sha512-MVC6UDp16ZSH7x4rtuJPAEoE1RwS8N4oK9DLHy3FTEdFoUTCFVzMfJl/BVJ330C+hx8FfprA5Wqx4FhZXkj2Kw==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.56.0.tgz",
-      "integrity": "sha512-ZhGH1eA4Qv0lxaV00azCIS1ChedK0V32952Md3FtnxSqZTBTd6tgil4nZT5cU8B+SIw3PFYkvyR4FKo2oyZIHA==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "linux"
-      ]
-    },
-    "node_modules/@rollup/rollup-openbsd-x64": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.56.0.tgz",
-      "integrity": "sha512-O16XcmyDeFI9879pEcmtWvD/2nyxR9mF7Gs44lf1vGGx8Vg2DRNx11aVXBEqOQhWb92WN4z7fW/q4+2NYzCbBA==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openbsd"
-      ]
-    },
-    "node_modules/@rollup/rollup-openharmony-arm64": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.56.0.tgz",
-      "integrity": "sha512-LhN/Reh+7F3RCgQIRbgw8ZMwUwyqJM+8pXNT6IIJAqm2IdKkzpCh/V9EdgOMBKuebIrzswqy4ATlrDgiOwbRcQ==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "openharmony"
-      ]
-    },
-    "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.56.0.tgz",
-      "integrity": "sha512-kbFsOObXp3LBULg1d3JIUQMa9Kv4UitDmpS+k0tinPBz3watcUiV2/LUDMMucA6pZO3WGE27P7DsfaN54l9ing==",
-      "cpu": [
-        "arm64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
-    },
-    "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.56.0.tgz",
-      "integrity": "sha512-vSSgny54D6P4vf2izbtFm/TcWYedw7f8eBrOiGGecyHyQB9q4Kqentjaj8hToe+995nob/Wv48pDqL5a62EWtg==",
-      "cpu": [
-        "ia32"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
-    },
-    "node_modules/@rollup/rollup-win32-x64-gnu": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.56.0.tgz",
-      "integrity": "sha512-FeCnkPCTHQJFbiGG49KjV5YGW/8b9rrXAM2Mz2kiIoktq2qsJxRD5giEMEOD2lPdgs72upzefaUvS+nc8E3UzQ==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
-    },
-    "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.56.0.tgz",
-      "integrity": "sha512-H8AE9Ur/t0+1VXujj90w0HrSOuv0Nq9r1vSZF2t5km20NTfosQsGGUXDaKdQZzwuLts7IyL1fYT4hM95TI9c4g==",
-      "cpu": [
-        "x64"
-      ],
-      "dev": true,
-      "license": "MIT",
-      "optional": true,
-      "os": [
-        "win32"
-      ]
-    },
     "node_modules/@scarf/scarf": {
       "version": "1.4.0",
       "resolved": "https://registry.npmjs.org/@scarf/scarf/-/scarf-1.4.0.tgz",
@@ -3252,12 +3295,12 @@
       "license": "Apache-2.0"
     },
     "node_modules/@solid-primitives/refs": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@solid-primitives/refs/-/refs-1.1.2.tgz",
-      "integrity": "sha512-K7tf2thy7L+YJjdqXspXOg5xvNEOH8tgEWsp0+1mQk3obHBRD6hEjYZk7p7FlJphSZImS35je3UfmWuD7MhDfg==",
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@solid-primitives/refs/-/refs-1.1.3.tgz",
+      "integrity": "sha512-aam02fjNKpBteewF/UliPSQCVJsIIGOLEWQOh+ll6R/QePzBOOBMcC4G+5jTaO75JuUS1d/14Q1YXT3X0Ow6iA==",
       "license": "MIT",
       "dependencies": {
-        "@solid-primitives/utils": "^6.3.2"
+        "@solid-primitives/utils": "^6.4.0"
       },
       "peerDependencies": {
         "solid-js": "^1.6.12"
@@ -3273,9 +3316,9 @@
       }
     },
     "node_modules/@solid-primitives/utils": {
-      "version": "6.3.2",
-      "resolved": "https://registry.npmjs.org/@solid-primitives/utils/-/utils-6.3.2.tgz",
-      "integrity": "sha512-hZ/M/qr25QOCcwDPOHtGjxTD8w2mNyVAYvcfgwzBHq2RwNqHNdDNsMZYap20+ruRwW4A3Cdkczyoz0TSxLCAPQ==",
+      "version": "6.4.0",
+      "resolved": "https://registry.npmjs.org/@solid-primitives/utils/-/utils-6.4.0.tgz",
+      "integrity": "sha512-AeGTBg8Wtkh/0s+evyLtP8piQoS4wyqqQaAFs2HJcFMMjYAtUgo+ZPduRXLjPlqKVc2ejeR544oeqpbn8Egn8A==",
       "license": "MIT",
       "peerDependencies": {
         "solid-js": "^1.6.12"
@@ -3451,9 +3494,9 @@
       }
     },
     "node_modules/@stoplight/spectral-core": {
-      "version": "1.20.0",
-      "resolved": "https://registry.npmjs.org/@stoplight/spectral-core/-/spectral-core-1.20.0.tgz",
-      "integrity": "sha512-5hBP81nCC1zn1hJXL/uxPNRKNcB+/pEIHgCjPRpl/w/qy9yC9ver04tw1W0l/PMiv0UeB5dYgozXVQ4j5a6QQQ==",
+      "version": "1.21.0",
+      "resolved": "https://registry.npmjs.org/@stoplight/spectral-core/-/spectral-core-1.21.0.tgz",
+      "integrity": "sha512-oj4e/FrDLUhBRocIW+lRMKlJ/q/rDZw61HkLbTFsdMd+f/FTkli2xHNB1YC6n1mrMKjjvy7XlUuFkC7XxtgbWw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3471,7 +3514,7 @@
         "ajv-formats": "~2.1.1",
         "es-aggregate-error": "^1.0.7",
         "jsonpath-plus": "^10.3.0",
-        "lodash": "~4.17.21",
+        "lodash": "~4.17.23",
         "lodash.topath": "^4.5.2",
         "minimatch": "3.1.2",
         "nimma": "0.2.3",
@@ -3497,6 +3540,24 @@
         "node": "^12.20 || >=14.13"
       }
     },
+    "node_modules/@stoplight/spectral-core/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@stoplight/spectral-core/node_modules/brace-expansion": {
+      "version": "1.1.13",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
     "node_modules/@stoplight/spectral-core/node_modules/minimatch": {
       "version": "3.1.2",
       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
@@ -3817,9 +3878,9 @@
       }
     },
     "node_modules/@stylistic/eslint-plugin/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4142,9 +4203,9 @@
       }
     },
     "node_modules/@types/debug": {
-      "version": "4.1.12",
-      "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.12.tgz",
-      "integrity": "sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==",
+      "version": "4.1.13",
+      "resolved": "https://registry.npmjs.org/@types/debug/-/debug-4.1.13.tgz",
+      "integrity": "sha512-KSVgmQmzMwPlmtljOomayoR89W4FynCAi3E8PPs7vmDVPe84hT+vGPKkJfThkmXs0x0jAaa9U8uW8bbfyS2fWw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4240,12 +4301,12 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "20.19.30",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.30.tgz",
-      "integrity": "sha512-WJtwWJu7UdlvzEAUm484QNg5eAoq5QR08KDNx7g45Usrs2NtOPiX8ugDqmKdXkyL03rBqU5dYNYVQetEpBHq2g==",
+      "version": "25.5.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
+      "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~6.21.0"
+        "undici-types": "~7.18.0"
       }
     },
     "node_modules/@types/sarif": {
@@ -4330,16 +4391,6 @@
         "typescript": ">=4.8.4 <6.0.0"
       }
     },
-    "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
-      "version": "7.0.5",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz",
-      "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">= 4"
-      }
-    },
     "node_modules/@typescript-eslint/parser": {
       "version": "8.57.2",
       "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
@@ -4650,6 +4701,9 @@
         "arm64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -4664,6 +4718,9 @@
         "arm64"
       ],
       "dev": true,
+      "libc": [
+        "musl"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -4678,6 +4735,9 @@
         "ppc64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -4692,6 +4752,9 @@
         "riscv64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -4706,6 +4769,9 @@
         "riscv64"
       ],
       "dev": true,
+      "libc": [
+        "musl"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -4720,6 +4786,9 @@
         "s390x"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -4734,6 +4803,9 @@
         "x64"
       ],
       "dev": true,
+      "libc": [
+        "glibc"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -4748,6 +4820,9 @@
         "x64"
       ],
       "dev": true,
+      "libc": [
+        "musl"
+      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -5065,18 +5140,6 @@
         "source-map-js": "^1.2.1"
       }
     },
-    "node_modules/@vue/compiler-core/node_modules/entities": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.1.tgz",
-      "integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
-      "license": "BSD-2-Clause",
-      "engines": {
-        "node": ">=0.12"
-      },
-      "funding": {
-        "url": "https://github.com/fb55/entities?sponsor=1"
-      }
-    },
     "node_modules/@vue/compiler-dom": {
       "version": "3.5.31",
       "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.31.tgz",
@@ -5428,9 +5491,9 @@
       }
     },
     "node_modules/ajv": {
-      "version": "8.17.1",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.17.1.tgz",
-      "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
+      "version": "8.18.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz",
+      "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==",
       "license": "MIT",
       "dependencies": {
         "fast-deep-equal": "^3.1.3",
@@ -5694,13 +5757,6 @@
         "@types/estree": "^1.0.0"
       }
     },
-    "node_modules/ast-v8-to-istanbul/node_modules/js-tokens": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-10.0.0.tgz",
-      "integrity": "sha512-lM/UBzQmfJRo9ABXbPWemivdCW8V2G8FHaHdypQaIy523snUjog0W71ayWXTjiR+ixeMyVHN2XcpnTd/liPg/Q==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/astral-regex": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-2.0.0.tgz",
@@ -5761,9 +5817,9 @@
       }
     },
     "node_modules/axe-core": {
-      "version": "4.11.1",
-      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.11.1.tgz",
-      "integrity": "sha512-BASOg+YwO2C+346x3LZOeoovTIoTrRqEsqMa6fmfAV0P+U9mFr9NsyOEpiYvFjbc64NMrSswhV50WdXzdb/Z5A==",
+      "version": "4.11.2",
+      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.11.2.tgz",
+      "integrity": "sha512-byD6KPdvo72y/wj2T/4zGEvvlis+PsZsn/yPS3pEO+sFpcrqRpX/TJCxvVaEsNeMrfQbCr7w163YqoD9IYwHXw==",
       "dev": true,
       "license": "MPL-2.0",
       "engines": {
@@ -5771,11 +5827,13 @@
       }
     },
     "node_modules/balanced-match": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-2.0.0.tgz",
-      "integrity": "sha512-1ugUSr8BHXRnK23KfuYS+gVMC3LB8QGH9W1iGtDPsNWoQbgtXSExkBu2aDR4epiGWZOjZsj6lDl/N/AqqTC3UA==",
-      "dev": true,
-      "license": "MIT"
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
+      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
+      "license": "MIT",
+      "engines": {
+        "node": "18 || 20 || >=22"
+      }
     },
     "node_modules/base64-js": {
       "version": "1.5.1",
@@ -5798,12 +5856,15 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.9.18",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.18.tgz",
-      "integrity": "sha512-e23vBV1ZLfjb9apvfPk4rHVu2ry6RIr2Wfs+O324okSidrX7pTAnEJPCh/O5BtRlr7QtZI7ktOP3vsqr7Z5XoA==",
+      "version": "2.10.13",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.13.tgz",
+      "integrity": "sha512-BL2sTuHOdy0YT1lYieUxTw/QMtPBC3pmlJC6xk8BBYVv6vcw3SGdKemQ+Xsx9ik2F/lYDO9tqsFQH1r9PFuHKw==",
       "license": "Apache-2.0",
       "bin": {
-        "baseline-browser-mapping": "dist/cli.js"
+        "baseline-browser-mapping": "dist/cli.cjs"
+      },
+      "engines": {
+        "node": ">=6.0.0"
       }
     },
     "node_modules/big.js": {
@@ -5835,23 +5896,17 @@
       "license": "ISC"
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
-      "dev": true,
+      "version": "5.0.5",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
+      "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
       "license": "MIT",
       "dependencies": {
-        "balanced-match": "^1.0.0",
-        "concat-map": "0.0.1"
+        "balanced-match": "^4.0.2"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
       }
     },
-    "node_modules/brace-expansion/node_modules/balanced-match": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/braces": {
       "version": "3.0.3",
       "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
@@ -5865,9 +5920,9 @@
       }
     },
     "node_modules/browserslist": {
-      "version": "4.28.1",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.1.tgz",
-      "integrity": "sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA==",
+      "version": "4.28.2",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.2.tgz",
+      "integrity": "sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==",
       "funding": [
         {
           "type": "opencollective",
@@ -5884,11 +5939,11 @@
       ],
       "license": "MIT",
       "dependencies": {
-        "baseline-browser-mapping": "^2.9.0",
-        "caniuse-lite": "^1.0.30001759",
-        "electron-to-chromium": "^1.5.263",
-        "node-releases": "^2.0.27",
-        "update-browserslist-db": "^1.2.0"
+        "baseline-browser-mapping": "^2.10.12",
+        "caniuse-lite": "^1.0.30001782",
+        "electron-to-chromium": "^1.5.328",
+        "node-releases": "^2.0.36",
+        "update-browserslist-db": "^1.2.3"
       },
       "bin": {
         "browserslist": "cli.js"
@@ -5958,17 +6013,17 @@
       }
     },
     "node_modules/cacheable": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-2.3.2.tgz",
-      "integrity": "sha512-w+ZuRNmex9c1TR9RcsxbfTKCjSL0rh1WA5SABbrWprIHeNBdmyQLSYonlDy9gpD+63XT8DgZ/wNh1Smvc9WnJA==",
+      "version": "2.3.4",
+      "resolved": "https://registry.npmjs.org/cacheable/-/cacheable-2.3.4.tgz",
+      "integrity": "sha512-djgxybDbw9fL/ZWMI3+CE8ZilNxcwFkVtDc1gJ+IlOSSWkSMPQabhV/XCHTQ6pwwN6aivXPZ43omTooZiX06Ew==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@cacheable/memory": "^2.0.7",
-        "@cacheable/utils": "^2.3.3",
+        "@cacheable/memory": "^2.0.8",
+        "@cacheable/utils": "^2.4.0",
         "hookified": "^1.15.0",
-        "keyv": "^5.5.5",
-        "qified": "^0.6.0"
+        "keyv": "^5.6.0",
+        "qified": "^0.9.0"
       }
     },
     "node_modules/cacheable/node_modules/keyv": {
@@ -6050,9 +6105,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001766",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001766.tgz",
-      "integrity": "sha512-4C0lfJ0/YPjJQHagaE9x2Elb69CIqEPZeG0anQt9SIvIoOH4a4uaRl73IavyO+0qZh6MDLH//DrXThEYKHkmYA==",
+      "version": "1.0.30001784",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001784.tgz",
+      "integrity": "sha512-WU346nBTklUV9YfUl60fqRbU5ZqyXlqvo1SgigE1OAXK5bFL8LL9q1K7aap3N739l4BvNqnkm3YrGHiY9sfUQw==",
       "funding": [
         {
           "type": "opencollective",
@@ -6174,16 +6229,16 @@
       }
     },
     "node_modules/chevrotain": {
-      "version": "11.1.1",
-      "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-11.1.1.tgz",
-      "integrity": "sha512-f0yv5CPKaFxfsPTBzX7vGuim4oIC1/gcS7LUGdBSwl2dU6+FON6LVUksdOo1qJjoUvXNn45urgh8C+0a24pACQ==",
+      "version": "11.1.2",
+      "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-11.1.2.tgz",
+      "integrity": "sha512-opLQzEVriiH1uUQ4Kctsd49bRoFDXGGSC4GUqj7pGyxM3RehRhvTlZJc1FL/Flew2p5uwxa1tUDWKzI4wNM8pg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@chevrotain/cst-dts-gen": "11.1.1",
-        "@chevrotain/gast": "11.1.1",
-        "@chevrotain/regexp-to-ast": "11.1.1",
-        "@chevrotain/types": "11.1.1",
-        "@chevrotain/utils": "11.1.1",
+        "@chevrotain/cst-dts-gen": "11.1.2",
+        "@chevrotain/gast": "11.1.2",
+        "@chevrotain/regexp-to-ast": "11.1.2",
+        "@chevrotain/types": "11.1.2",
+        "@chevrotain/utils": "11.1.2",
         "lodash-es": "4.17.23"
       }
     },
@@ -6245,9 +6300,9 @@
       }
     },
     "node_modules/ci-info": {
-      "version": "4.3.1",
-      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-4.3.1.tgz",
-      "integrity": "sha512-Wdy2Igu8OcBpI2pZePZ5oWjPC38tmDVx5WKUXKwlLYkA0ozo85sLsLvkBbBn/sZaSCMFOGZJ14fvW9t5/d7kdA==",
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/ci-info/-/ci-info-4.4.0.tgz",
+      "integrity": "sha512-77PSwercCZU2Fc4sX94eF8k8Pxte6JAwL4/ICZLFjJLqegs7kCuAsqqj/70NQF6TvDpgFjkubQB2FW2ZZddvQg==",
       "dev": true,
       "funding": [
         {
@@ -6346,9 +6401,9 @@
       }
     },
     "node_modules/codemirror": {
-      "version": "5.65.20",
-      "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.65.20.tgz",
-      "integrity": "sha512-i5dLDDxwkFCbhjvL2pNjShsojoL3XHyDwsGv1jqETUoW+lzpBKKqNTUWgQwVAOa0tUm4BwekT455ujafi8payA==",
+      "version": "5.65.21",
+      "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.65.21.tgz",
+      "integrity": "sha512-6teYk0bA0nR3QP0ihGMoxuKzpl5W80FpnHpBJpgy66NK3cZv5b/d/HY8PnRvfSsCG1MTfr92u2WUl+wT0E40mQ==",
       "license": "MIT"
     },
     "node_modules/codemirror-spell-checker": {
@@ -6396,9 +6451,9 @@
       }
     },
     "node_modules/comment-parser": {
-      "version": "1.4.5",
-      "resolved": "https://registry.npmjs.org/comment-parser/-/comment-parser-1.4.5.tgz",
-      "integrity": "sha512-aRDkn3uyIlCFfk5NUA+VdwMmMsh8JGhc4hapfV4yxymHGQ3BVskMQfoXGpCo5IoBuQ9tS5iiVKhCpTcB4pW4qw==",
+      "version": "1.4.6",
+      "resolved": "https://registry.npmjs.org/comment-parser/-/comment-parser-1.4.6.tgz",
+      "integrity": "sha512-ObxuY6vnbWTN6Od72xfwN9DbzC7Y2vv8u1Soi9ahRKL37gb6y1qk6/dgjs+3JWuXJHWvsg3BXIwzd/rkmAwavg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6444,9 +6499,9 @@
       "license": "MIT"
     },
     "node_modules/core-js-compat": {
-      "version": "3.48.0",
-      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.48.0.tgz",
-      "integrity": "sha512-OM4cAF3D6VtH/WkLtWvyNC56EZVXsZdU3iqaMG2B4WvYrlqU831pc4UtG5yp0sE9z8Y02wVN7PjW5Zf9Gt0f1Q==",
+      "version": "3.49.0",
+      "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.49.0.tgz",
+      "integrity": "sha512-VQXt1jr9cBz03b331DFDCCP90b3fanciLkgiOoy8SBHy06gNf+vQ1A3WFLqG7I8TipYIKeYK9wxd0tUrvHcOZA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -6467,9 +6522,9 @@
       }
     },
     "node_modules/cosmiconfig": {
-      "version": "9.0.0",
-      "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.0.tgz",
-      "integrity": "sha512-itvL5h8RETACmOTFc4UfIyB2RfEHi71Ax6E/PivVxq9NseKbOWpeyHEOIbmAw1rs8Ak0VursQNww7lf7YtUwzg==",
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-9.0.1.tgz",
+      "integrity": "sha512-hr4ihw+DBqcvrsEDioRO31Z17x71pUYoNe/4h6Z0wB72p7MU7/9gH8Q3s12NFhHPfYBBOV3qyfUxmr/Yn3shnQ==",
       "license": "MIT",
       "dependencies": {
         "env-paths": "^2.2.1",
@@ -6525,13 +6580,13 @@
       }
     },
     "node_modules/css-functions-list": {
-      "version": "3.2.3",
-      "resolved": "https://registry.npmjs.org/css-functions-list/-/css-functions-list-3.2.3.tgz",
-      "integrity": "sha512-IQOkD3hbR5KrN93MtcYuad6YPuTSUhntLHDuLEbFWE+ff2/XSZNdZG+LcbbIW5AXKg/WFIfYItIzVoHngHXZzA==",
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/css-functions-list/-/css-functions-list-3.3.3.tgz",
+      "integrity": "sha512-8HFEBPKhOpJPEPu70wJJetjKta86Gw9+CCyCnB3sui2qQfOvRyqBy4IKLKKAwdMpWb2lHXWk9Wb4Z6AmaUT1Pg==",
       "dev": true,
       "license": "MIT",
       "engines": {
-        "node": ">=12 || >=16"
+        "node": ">=12"
       }
     },
     "node_modules/css-loader": {
@@ -6587,14 +6642,14 @@
       }
     },
     "node_modules/css-tree": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-3.1.0.tgz",
-      "integrity": "sha512-0eW44TGN5SQXU1mWSkKwFstI/22X2bG1nYzZTYMAWjylYURhse752YgbE4Cx46AC+bAvI+/dYTPRk1LqSUnu6w==",
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-3.2.1.tgz",
+      "integrity": "sha512-X7sjQzceUhu1u7Y/ylrRZFU2FS6LRiFVp6rKLPg23y3x3c3DOKAwuXGDp+PAGjh6CSnCjYeAul8pcT8bAl+lSA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "mdn-data": "2.12.2",
-        "source-map-js": "^1.0.1"
+        "mdn-data": "2.27.1",
+        "source-map-js": "^1.2.1"
       },
       "engines": {
         "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0"
@@ -7332,9 +7387,9 @@
       }
     },
     "node_modules/delaunator": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/delaunator/-/delaunator-5.0.1.tgz",
-      "integrity": "sha512-8nvh+XBe96aCESrGOqMp/84b13H9cdKbG5P2ejQCh4d4sK9RL4371qou9drQjMhvnPmhWl5hnmqbEE0fXr9Xnw==",
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/delaunator/-/delaunator-5.1.0.tgz",
+      "integrity": "sha512-AGrQ4QSgssa1NGmWmLPqN5NY2KajF5MqxetNEO+o0n3ZwZZeTmt7bBnvzHWrmkZFxGgr4HdyFgelzgi06otLuQ==",
       "license": "ISC",
       "dependencies": {
         "robust-predicates": "^3.0.2"
@@ -7433,6 +7488,19 @@
         "url": "https://github.com/cheeriojs/dom-serializer?sponsor=1"
       }
     },
+    "node_modules/dom-serializer/node_modules/entities": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
+      "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
     "node_modules/domelementtype": {
       "version": "2.3.0",
       "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz",
@@ -7463,9 +7531,9 @@
       }
     },
     "node_modules/dompurify": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.1.tgz",
-      "integrity": "sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q==",
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.3.tgz",
+      "integrity": "sha512-Oj6pzI2+RqBfFG+qOaOLbFXLQ90ARpcGG6UePL82bJLtdsa6CYJD7nmiU8MW9nQNOtCHV3lZ/Bzq1X0QYbBZCA==",
       "license": "(MPL-2.0 OR Apache-2.0)",
       "optionalDependencies": {
         "@types/trusted-types": "^2.0.7"
@@ -7532,15 +7600,15 @@
       }
     },
     "node_modules/editorconfig": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz",
-      "integrity": "sha512-L9Qe08KWTlqYMVvMcTIvMAdl1cDUubzRNYL+WfA4bLDMHe4nemKkpmYzkznE1FwLKu0EEmy6obgQKzMJrg4x9Q==",
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.7.tgz",
+      "integrity": "sha512-e0GOtq/aTQhVdNyDU9e02+wz9oDDM+SIOQxWME2QRjzRX5yyLAuHDE+0aE8vHb9XRC8XD37eO2u57+F09JqFhw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@one-ini/wasm": "0.1.1",
         "commander": "^10.0.0",
-        "minimatch": "9.0.1",
+        "minimatch": "^9.0.1",
         "semver": "^7.5.3"
       },
       "bin": {
@@ -7558,9 +7626,9 @@
       "license": "MIT"
     },
     "node_modules/editorconfig/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7568,13 +7636,13 @@
       }
     },
     "node_modules/editorconfig/node_modules/minimatch": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz",
-      "integrity": "sha512-0jWhJpD/MdhPXwPuiRkCbfYfSKp2qnn2eOc279qI7f+osl/l+prKSrvhg157zSYvx/1nmgn2NqdT6k2Z7zSH9w==",
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
-        "brace-expansion": "^2.0.1"
+        "brace-expansion": "^2.0.2"
       },
       "engines": {
         "node": ">=16 || 14 >=14.17"
@@ -7584,9 +7652,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.278",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.278.tgz",
-      "integrity": "sha512-dQ0tM1svDRQOwxnXxm+twlGTjr9Upvt8UFWAgmLsxEzFQxhbti4VwxmMjsDxVC51Zo84swW7FVCXEV+VAkhuPw==",
+      "version": "1.5.330",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.330.tgz",
+      "integrity": "sha512-jFNydB5kFtYUobh4IkWUnXeyDbjf/r9gcUEXe1xcrcUxIGfTdzPXA+ld6zBRbwvgIGVzDll/LTIiDztEtckSnA==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -7606,9 +7674,9 @@
       }
     },
     "node_modules/enhanced-resolve": {
-      "version": "5.20.0",
-      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.20.0.tgz",
-      "integrity": "sha512-/ce7+jQ1PQ6rVXwe+jKEg5hW5ciicHwIQUagZkp6IufBoY3YDgdTTY1azVs0qoRgVmvsNB+rbjLJxDAeHHtwsQ==",
+      "version": "5.20.1",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.20.1.tgz",
+      "integrity": "sha512-Qohcme7V1inbAfvjItgw0EaxVX5q2rdVEZHRBrEQdRZTssLDGsL8Lwrznl8oQ/6kuTJONLaDcGjkNP247XEhcA==",
       "license": "MIT",
       "dependencies": {
         "graceful-fs": "^4.2.4",
@@ -7619,10 +7687,9 @@
       }
     },
     "node_modules/entities": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
-      "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
-      "dev": true,
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.1.tgz",
+      "integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
       "license": "BSD-2-Clause",
       "engines": {
         "node": ">=0.12"
@@ -7827,9 +7894,9 @@
       }
     },
     "node_modules/esbuild": {
-      "version": "0.27.2",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.2.tgz",
-      "integrity": "sha512-HyNQImnsOC7X9PMNaCIeAm4ISCQXs5a5YasTXVliKv4uuBo1dKrG0A+uQS8M5eXjVMnLg3WgXaKvprHlFJQffw==",
+      "version": "0.27.4",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.4.tgz",
+      "integrity": "sha512-Rq4vbHnYkK5fws5NF7MYTU68FPRE1ajX7heQ/8QXXWqNgqqJ/GkmmyxIzUnf2Sr/bakf8l54716CcMGHYhMrrQ==",
       "hasInstallScript": true,
       "license": "MIT",
       "bin": {
@@ -7839,32 +7906,32 @@
         "node": ">=18"
       },
       "optionalDependencies": {
-        "@esbuild/aix-ppc64": "0.27.2",
-        "@esbuild/android-arm": "0.27.2",
-        "@esbuild/android-arm64": "0.27.2",
-        "@esbuild/android-x64": "0.27.2",
-        "@esbuild/darwin-arm64": "0.27.2",
-        "@esbuild/darwin-x64": "0.27.2",
-        "@esbuild/freebsd-arm64": "0.27.2",
-        "@esbuild/freebsd-x64": "0.27.2",
-        "@esbuild/linux-arm": "0.27.2",
-        "@esbuild/linux-arm64": "0.27.2",
-        "@esbuild/linux-ia32": "0.27.2",
-        "@esbuild/linux-loong64": "0.27.2",
-        "@esbuild/linux-mips64el": "0.27.2",
-        "@esbuild/linux-ppc64": "0.27.2",
-        "@esbuild/linux-riscv64": "0.27.2",
-        "@esbuild/linux-s390x": "0.27.2",
-        "@esbuild/linux-x64": "0.27.2",
-        "@esbuild/netbsd-arm64": "0.27.2",
-        "@esbuild/netbsd-x64": "0.27.2",
-        "@esbuild/openbsd-arm64": "0.27.2",
-        "@esbuild/openbsd-x64": "0.27.2",
-        "@esbuild/openharmony-arm64": "0.27.2",
-        "@esbuild/sunos-x64": "0.27.2",
-        "@esbuild/win32-arm64": "0.27.2",
-        "@esbuild/win32-ia32": "0.27.2",
-        "@esbuild/win32-x64": "0.27.2"
+        "@esbuild/aix-ppc64": "0.27.4",
+        "@esbuild/android-arm": "0.27.4",
+        "@esbuild/android-arm64": "0.27.4",
+        "@esbuild/android-x64": "0.27.4",
+        "@esbuild/darwin-arm64": "0.27.4",
+        "@esbuild/darwin-x64": "0.27.4",
+        "@esbuild/freebsd-arm64": "0.27.4",
+        "@esbuild/freebsd-x64": "0.27.4",
+        "@esbuild/linux-arm": "0.27.4",
+        "@esbuild/linux-arm64": "0.27.4",
+        "@esbuild/linux-ia32": "0.27.4",
+        "@esbuild/linux-loong64": "0.27.4",
+        "@esbuild/linux-mips64el": "0.27.4",
+        "@esbuild/linux-ppc64": "0.27.4",
+        "@esbuild/linux-riscv64": "0.27.4",
+        "@esbuild/linux-s390x": "0.27.4",
+        "@esbuild/linux-x64": "0.27.4",
+        "@esbuild/netbsd-arm64": "0.27.4",
+        "@esbuild/netbsd-x64": "0.27.4",
+        "@esbuild/openbsd-arm64": "0.27.4",
+        "@esbuild/openbsd-x64": "0.27.4",
+        "@esbuild/openharmony-arm64": "0.27.4",
+        "@esbuild/sunos-x64": "0.27.4",
+        "@esbuild/win32-arm64": "0.27.4",
+        "@esbuild/win32-ia32": "0.27.4",
+        "@esbuild/win32-x64": "0.27.4"
       }
     },
     "node_modules/esbuild-loader": {
@@ -8420,6 +8487,34 @@
         "url": "https://github.com/sponsors/epoberezkin"
       }
     },
+    "node_modules/eslint/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/eslint/node_modules/brace-expansion": {
+      "version": "1.1.13",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "node_modules/eslint/node_modules/ignore": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
+      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
     "node_modules/eslint/node_modules/json-schema-traverse": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
@@ -8741,9 +8836,9 @@
       }
     },
     "node_modules/flatted": {
-      "version": "3.3.3",
-      "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.3.3.tgz",
-      "integrity": "sha512-GX+ysw4PBCz0PzosHDepZGANEuFCMLrnRTiEy9McGjmkCQYwRq4A/X786G/fjM/+OjsWSU1ZrY5qyARZmO/uwg==",
+      "version": "3.4.2",
+      "resolved": "https://registry.npmjs.org/flatted/-/flatted-3.4.2.tgz",
+      "integrity": "sha512-PjDse7RzhcPkIJwy5t7KPWQSZ9cAbzQXcafsetQoD7sOJRQlGikNbx7yZp2OotDnJyrDcbyRq3Ttb18iYOqkxA==",
       "dev": true,
       "license": "ISC"
     },
@@ -8974,9 +9069,9 @@
       }
     },
     "node_modules/get-tsconfig": {
-      "version": "4.13.0",
-      "resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.13.0.tgz",
-      "integrity": "sha512-1VKTZJCwBrvbd+Wn3AOgQP/2Av+TfTCOlE4AcRJE72W1ksZXbAx8PPBR9RzgTeSPzlPMHrbANMH3LbltH73wxQ==",
+      "version": "4.13.7",
+      "resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.13.7.tgz",
+      "integrity": "sha512-7tN6rFgBlMgpBML5j8typ92BKFi2sFQvIdpAqLA2beia5avZDrMs0FLZiM5etShWq5irVyGcGMEA1jcDaK7A/Q==",
       "license": "MIT",
       "dependencies": {
         "resolve-pkg-maps": "^1.0.0"
@@ -8989,7 +9084,7 @@
       "version": "7.2.3",
       "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
       "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
-      "deprecated": "Glob versions prior to v9 are no longer supported",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -9025,10 +9120,28 @@
       "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==",
       "license": "BSD-2-Clause"
     },
+    "node_modules/glob/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/glob/node_modules/brace-expansion": {
+      "version": "1.1.13",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
     "node_modules/glob/node_modules/minimatch": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -9130,6 +9243,16 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/globby/node_modules/ignore": {
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
+      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
     "node_modules/globjoin": {
       "version": "0.1.4",
       "resolved": "https://registry.npmjs.org/globjoin/-/globjoin-0.1.4.tgz",
@@ -9189,19 +9312,6 @@
         "node": ">=20.0.0"
       }
     },
-    "node_modules/happy-dom/node_modules/entities": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.1.tgz",
-      "integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
-      "dev": true,
-      "license": "BSD-2-Clause",
-      "engines": {
-        "node": ">=0.12"
-      },
-      "funding": {
-        "url": "https://github.com/fb55/entities?sponsor=1"
-      }
-    },
     "node_modules/has-bigints": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/has-bigints/-/has-bigints-1.1.0.tgz",
@@ -9289,13 +9399,13 @@
       "license": "MIT"
     },
     "node_modules/hashery": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/hashery/-/hashery-1.4.0.tgz",
-      "integrity": "sha512-Wn2i1In6XFxl8Az55kkgnFRiAlIAushzh26PTjL2AKtQcEfXrcLa7Hn5QOWGZEf3LU057P9TwwZjFyxfS1VuvQ==",
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/hashery/-/hashery-1.5.1.tgz",
+      "integrity": "sha512-iZyKG96/JwPz1N55vj2Ie2vXbhu440zfUfJvSwEqEbeLluk7NnapfGqa7LH0mOsnDxTF85Mx8/dyR6HfqcbmbQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "hookified": "^1.14.0"
+        "hookified": "^1.15.0"
       },
       "engines": {
         "node": ">=20"
@@ -9314,9 +9424,9 @@
       }
     },
     "node_modules/hookified": {
-      "version": "1.15.0",
-      "resolved": "https://registry.npmjs.org/hookified/-/hookified-1.15.0.tgz",
-      "integrity": "sha512-51w+ZZGt7Zw5q7rM3nC4t3aLn/xvKDETsXqMczndvwyVQhAHfUmUuFBRFcos8Iyebtk7OAE9dL26wFNzZVVOkw==",
+      "version": "1.15.1",
+      "resolved": "https://registry.npmjs.org/hookified/-/hookified-1.15.1.tgz",
+      "integrity": "sha512-MvG/clsADq1GPM2KGo2nyfaWVyn9naPiXrqIe4jYjXNZQt238kWyOGrsyc/DmRAQ+Re6yeo6yX/yoNCG5KAEVg==",
       "dev": true,
       "license": "MIT"
     },
@@ -9383,6 +9493,19 @@
         "entities": "^4.4.0"
       }
     },
+    "node_modules/htmlparser2/node_modules/entities": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
+      "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
     "node_modules/htmx.org": {
       "version": "2.0.8",
       "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-2.0.8.tgz",
@@ -9440,9 +9563,9 @@
       "license": "BSD-3-Clause"
     },
     "node_modules/ignore": {
-      "version": "5.3.2",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
-      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
+      "version": "7.0.5",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz",
+      "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -10332,9 +10455,9 @@
       "license": "MIT"
     },
     "node_modules/js-beautify/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -10345,6 +10468,7 @@
       "version": "10.5.0",
       "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
       "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -10363,13 +10487,13 @@
       }
     },
     "node_modules/js-beautify/node_modules/minimatch": {
-      "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
-        "brace-expansion": "^2.0.1"
+        "brace-expansion": "^2.0.2"
       },
       "engines": {
         "node": ">=16 || 14 >=14.17"
@@ -10396,9 +10520,9 @@
       "license": "MIT"
     },
     "node_modules/js-tokens": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-9.0.1.tgz",
-      "integrity": "sha512-mxa9E9ITFOt0ban3j6L5MpjwegGz6lBQmM1IJkWeBZGcMxto50+eWdjC/52xDbS2vy0k7vIMK0Fe2wfL9OQSpQ==",
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-10.0.0.tgz",
+      "integrity": "sha512-lM/UBzQmfJRo9ABXbPWemivdCW8V2G8FHaHdypQaIy523snUjog0W71ayWXTjiR+ixeMyVHN2XcpnTd/liPg/Q==",
       "dev": true,
       "license": "MIT"
     },
@@ -10428,9 +10552,9 @@
       }
     },
     "node_modules/jsdoc-type-pratt-parser": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/jsdoc-type-pratt-parser/-/jsdoc-type-pratt-parser-7.1.1.tgz",
-      "integrity": "sha512-/2uqY7x6bsrpi3i9LVU6J89352C0rpMk0as8trXxCtvd4kPk1ke/Eyif6wqfSLvoNJqcDG9Vk4UsXgygzCt2xA==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/jsdoc-type-pratt-parser/-/jsdoc-type-pratt-parser-7.2.0.tgz",
+      "integrity": "sha512-dh140MMgjyg3JhJZY/+iEzW+NO5xR2gpbDFKHqotCmexElVntw7GjWjt511+C/Ef02RU5TKYrJo/Xlzk+OLaTw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -10519,9 +10643,9 @@
       }
     },
     "node_modules/jsonpath-plus": {
-      "version": "10.3.0",
-      "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.3.0.tgz",
-      "integrity": "sha512-8TNmfeTCk2Le33A3vRRwtuworG/L5RrgMvdjhKZxvyShO+mBu2fP50OWUjRLNtvw344DdDarFh9buFAZs5ujeA==",
+      "version": "10.4.0",
+      "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.4.0.tgz",
+      "integrity": "sha512-T92WWatJXmhBbKsgH/0hl+jxjdXrifi5IKeMY02DWggRxX0UElcbVzPlmgLTbvsPeW1PasQ6xE2Q75stkhGbsA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -10702,6 +10826,279 @@
         "immediate": "~3.0.5"
       }
     },
+    "node_modules/lightningcss": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss/-/lightningcss-1.32.0.tgz",
+      "integrity": "sha512-NXYBzinNrblfraPGyrbPoD19C1h9lfI/1mzgWYvXUTe414Gz/X1FD2XBZSZM7rRTrMA8JL3OtAaGifrIKhQ5yQ==",
+      "dev": true,
+      "license": "MPL-2.0",
+      "dependencies": {
+        "detect-libc": "^2.0.3"
+      },
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      },
+      "optionalDependencies": {
+        "lightningcss-android-arm64": "1.32.0",
+        "lightningcss-darwin-arm64": "1.32.0",
+        "lightningcss-darwin-x64": "1.32.0",
+        "lightningcss-freebsd-x64": "1.32.0",
+        "lightningcss-linux-arm-gnueabihf": "1.32.0",
+        "lightningcss-linux-arm64-gnu": "1.32.0",
+        "lightningcss-linux-arm64-musl": "1.32.0",
+        "lightningcss-linux-x64-gnu": "1.32.0",
+        "lightningcss-linux-x64-musl": "1.32.0",
+        "lightningcss-win32-arm64-msvc": "1.32.0",
+        "lightningcss-win32-x64-msvc": "1.32.0"
+      }
+    },
+    "node_modules/lightningcss-android-arm64": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-android-arm64/-/lightningcss-android-arm64-1.32.0.tgz",
+      "integrity": "sha512-YK7/ClTt4kAK0vo6w3X+Pnm0D2cf2vPHbhOXdoNti1Ga0al1P4TBZhwjATvjNwLEBCnKvjJc2jQgHXH0NEwlAg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "android"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-darwin-arm64": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-darwin-arm64/-/lightningcss-darwin-arm64-1.32.0.tgz",
+      "integrity": "sha512-RzeG9Ju5bag2Bv1/lwlVJvBE3q6TtXskdZLLCyfg5pt+HLz9BqlICO7LZM7VHNTTn/5PRhHFBSjk5lc4cmscPQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-darwin-x64": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-darwin-x64/-/lightningcss-darwin-x64-1.32.0.tgz",
+      "integrity": "sha512-U+QsBp2m/s2wqpUYT/6wnlagdZbtZdndSmut/NJqlCcMLTWp5muCrID+K5UJ6jqD2BFshejCYXniPDbNh73V8w==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "darwin"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-freebsd-x64": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-freebsd-x64/-/lightningcss-freebsd-x64-1.32.0.tgz",
+      "integrity": "sha512-JCTigedEksZk3tHTTthnMdVfGf61Fky8Ji2E4YjUTEQX14xiy/lTzXnu1vwiZe3bYe0q+SpsSH/CTeDXK6WHig==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "freebsd"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-linux-arm-gnueabihf": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-linux-arm-gnueabihf/-/lightningcss-linux-arm-gnueabihf-1.32.0.tgz",
+      "integrity": "sha512-x6rnnpRa2GL0zQOkt6rts3YDPzduLpWvwAF6EMhXFVZXD4tPrBkEFqzGowzCsIWsPjqSK+tyNEODUBXeeVHSkw==",
+      "cpu": [
+        "arm"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-linux-arm64-gnu": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-gnu/-/lightningcss-linux-arm64-gnu-1.32.0.tgz",
+      "integrity": "sha512-0nnMyoyOLRJXfbMOilaSRcLH3Jw5z9HDNGfT/gwCPgaDjnx0i8w7vBzFLFR1f6CMLKF8gVbebmkUN3fa/kQJpQ==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-linux-arm64-musl": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-linux-arm64-musl/-/lightningcss-linux-arm64-musl-1.32.0.tgz",
+      "integrity": "sha512-UpQkoenr4UJEzgVIYpI80lDFvRmPVg6oqboNHfoH4CQIfNA+HOrZ7Mo7KZP02dC6LjghPQJeBsvXhJod/wnIBg==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-linux-x64-gnu": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-linux-x64-gnu/-/lightningcss-linux-x64-gnu-1.32.0.tgz",
+      "integrity": "sha512-V7Qr52IhZmdKPVr+Vtw8o+WLsQJYCTd8loIfpDaMRWGUZfBOYEJeyJIkqGIDMZPwPx24pUMfwSxxI8phr/MbOA==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "libc": [
+        "glibc"
+      ],
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-linux-x64-musl": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-linux-x64-musl/-/lightningcss-linux-x64-musl-1.32.0.tgz",
+      "integrity": "sha512-bYcLp+Vb0awsiXg/80uCRezCYHNg1/l3mt0gzHnWV9XP1W5sKa5/TCdGWaR/zBM2PeF/HbsQv/j2URNOiVuxWg==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "libc": [
+        "musl"
+      ],
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "linux"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-win32-arm64-msvc": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-win32-arm64-msvc/-/lightningcss-win32-arm64-msvc-1.32.0.tgz",
+      "integrity": "sha512-8SbC8BR40pS6baCM8sbtYDSwEVQd4JlFTOlaD3gWGHfThTcABnNDBda6eTZeqbofalIJhFx0qKzgHJmcPTnGdw==",
+      "cpu": [
+        "arm64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
+    "node_modules/lightningcss-win32-x64-msvc": {
+      "version": "1.32.0",
+      "resolved": "https://registry.npmjs.org/lightningcss-win32-x64-msvc/-/lightningcss-win32-x64-msvc-1.32.0.tgz",
+      "integrity": "sha512-Amq9B/SoZYdDi1kFrojnoqPLxYhQ4Wo5XiL8EVJrVsB8ARoC1PWW6VGtT0WKCemjy8aC+louJnjS7U18x3b06Q==",
+      "cpu": [
+        "x64"
+      ],
+      "dev": true,
+      "license": "MPL-2.0",
+      "optional": true,
+      "os": [
+        "win32"
+      ],
+      "engines": {
+        "node": ">= 12.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/parcel"
+      }
+    },
     "node_modules/lilconfig": {
       "version": "3.1.3",
       "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.3.tgz",
@@ -10938,6 +11335,19 @@
         "markdown-it": "bin/markdown-it.mjs"
       }
     },
+    "node_modules/markdown-it/node_modules/entities": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
+      "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
     "node_modules/markdownlint": {
       "version": "0.40.0",
       "resolved": "https://registry.npmjs.org/markdownlint/-/markdownlint-0.40.0.tgz",
@@ -10999,16 +11409,6 @@
         "node": ">=20"
       }
     },
-    "node_modules/markdownlint-cli/node_modules/ignore": {
-      "version": "7.0.5",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz",
-      "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">= 4"
-      }
-    },
     "node_modules/markdownlint-cli/node_modules/jsonc-parser": {
       "version": "3.3.1",
       "resolved": "https://registry.npmjs.org/jsonc-parser/-/jsonc-parser-3.3.1.tgz",
@@ -11047,13 +11447,13 @@
       }
     },
     "node_modules/markdownlint/node_modules/strip-ansi": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz",
-      "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
+      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "ansi-regex": "^6.0.1"
+        "ansi-regex": "^6.2.2"
       },
       "engines": {
         "node": ">=12"
@@ -11096,9 +11496,9 @@
       }
     },
     "node_modules/mdn-data": {
-      "version": "2.12.2",
-      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.12.2.tgz",
-      "integrity": "sha512-IEn+pegP1aManZuckezWCO+XZQDplx1366JoVhTpMpBB1sPey/SbveZQUosKiKiGYjg1wH4pMlNgXbCiYgihQA==",
+      "version": "2.27.1",
+      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.27.1.tgz",
+      "integrity": "sha512-9Yubnt3e8A0OKwxYSXyhLymGW4sCufcLG6VdiDdUGVkPhpqLxlvP5vl1983gQjJl3tqbrM731mjaZaP68AgosQ==",
       "dev": true,
       "license": "CC0-1.0"
     },
@@ -11783,27 +12183,6 @@
         "url": "https://github.com/sponsors/isaacs"
       }
     },
-    "node_modules/minimatch/node_modules/balanced-match": {
-      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
-      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
-      "license": "MIT",
-      "engines": {
-        "node": "18 || 20 || >=22"
-      }
-    },
-    "node_modules/minimatch/node_modules/brace-expansion": {
-      "version": "5.0.4",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.4.tgz",
-      "integrity": "sha512-h+DEnpVvxmfVefa4jFbCf5HdH5YMDXRsmKflpf1pILZWRFlTbJpxeU55nJl4Smt5HQaGzg1o6RHFPJaOqnmBDg==",
-      "license": "MIT",
-      "dependencies": {
-        "balanced-match": "^4.0.2"
-      },
-      "engines": {
-        "node": "18 || 20 || >=22"
-      }
-    },
     "node_modules/minimist": {
       "version": "1.2.8",
       "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
@@ -11815,11 +12194,11 @@
       }
     },
     "node_modules/minipass": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
-      "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==",
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz",
+      "integrity": "sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==",
       "dev": true,
-      "license": "ISC",
+      "license": "BlueOak-1.0.0",
       "engines": {
         "node": ">=16 || 14 >=14.17"
       }
@@ -11838,21 +12217,21 @@
       }
     },
     "node_modules/mlly": {
-      "version": "1.8.0",
-      "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.8.0.tgz",
-      "integrity": "sha512-l8D9ODSRWLe2KHJSifWGwBqpTZXIXTeo8mlKjY+E2HAakaTeNpqAyBZ8GSqLzHgw4XmHmC8whvpjJNMbFZN7/g==",
+      "version": "1.8.2",
+      "resolved": "https://registry.npmjs.org/mlly/-/mlly-1.8.2.tgz",
+      "integrity": "sha512-d+ObxMQFmbt10sretNDytwt85VrbkhhUA/JBGm1MPaWJ65Cl4wOgLaB1NYvJSZ0Ef03MMEU/0xpPMXUIQ29UfA==",
       "license": "MIT",
       "dependencies": {
-        "acorn": "^8.15.0",
+        "acorn": "^8.16.0",
         "pathe": "^2.0.3",
         "pkg-types": "^1.3.1",
-        "ufo": "^1.6.1"
+        "ufo": "^1.6.3"
       }
     },
     "node_modules/moo": {
-      "version": "0.5.2",
-      "resolved": "https://registry.npmjs.org/moo/-/moo-0.5.2.tgz",
-      "integrity": "sha512-iSAJLHYKnX41mKcJKjqvnAN9sf0LMDTXDEvFv+ffuRR9a1MIuXLjMNL6EsnDHSkKLTWNqQQ5uo61P4EbU4NU+Q==",
+      "version": "0.5.3",
+      "resolved": "https://registry.npmjs.org/moo/-/moo-0.5.3.tgz",
+      "integrity": "sha512-m2fmM2dDm7GZQsY7KK2cme8agi+AAljILjQnof7p1ZMDe6dQ4bdnSMx0cPppudoeNv5hEFQirN6u+O4fDE0IWA==",
       "license": "BSD-3-Clause"
     },
     "node_modules/ms": {
@@ -11961,9 +12340,9 @@
       }
     },
     "node_modules/node-releases": {
-      "version": "2.0.27",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.27.tgz",
-      "integrity": "sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA==",
+      "version": "2.0.36",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.36.tgz",
+      "integrity": "sha512-TdC8FSgHz8Mwtw9g5L4gR/Sh9XhSP/0DEkQxfEFXOpiul5IiHgHan2VhYYb6agDSfp4KuvltmGApc8HMgUrIkA==",
       "license": "MIT"
     },
     "node_modules/node-sarif-builder": {
@@ -12382,9 +12761,9 @@
       "license": "ISC"
     },
     "node_modules/picomatch": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
-      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.2.tgz",
+      "integrity": "sha512-V7+vQEJ06Z+c5tSye8S+nHUfI51xoXIXjHQ99cQtKUkQqqO1kO/KCJUfZXuB47h/YBlDhah2H3hdUGXn8ie0oA==",
       "license": "MIT",
       "engines": {
         "node": ">=8.6"
@@ -12608,6 +12987,13 @@
         "node": "^12 || >=14"
       }
     },
+    "node_modules/postcss-html/node_modules/js-tokens": {
+      "version": "9.0.1",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-9.0.1.tgz",
+      "integrity": "sha512-mxa9E9ITFOt0ban3j6L5MpjwegGz6lBQmM1IJkWeBZGcMxto50+eWdjC/52xDbS2vy0k7vIMK0Fe2wfL9OQSpQ==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/postcss-import": {
       "version": "15.1.0",
       "resolved": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz",
@@ -12847,28 +13233,6 @@
         "postcss": "^8.4"
       }
     },
-    "node_modules/postcss-nesting/node_modules/@csstools/selector-specificity": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-6.0.0.tgz",
-      "integrity": "sha512-4sSgl78OtOXEX/2d++8A83zHNTgwCJMaR24FvsYL7Uf/VS8HZk9PTwR51elTbGqMuwH3szLvvOXEaVnqn0Z3zA==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/csstools"
-        },
-        {
-          "type": "opencollective",
-          "url": "https://opencollective.com/csstools"
-        }
-      ],
-      "license": "MIT-0",
-      "engines": {
-        "node": ">=20.19.0"
-      },
-      "peerDependencies": {
-        "postcss-selector-parser": "^7.1.1"
-      }
-    },
     "node_modules/postcss-resolve-nested-selector": {
       "version": "0.1.6",
       "resolved": "https://registry.npmjs.org/postcss-resolve-nested-selector/-/postcss-resolve-nested-selector-0.1.6.tgz",
@@ -13009,9 +13373,9 @@
       "license": "ISC"
     },
     "node_modules/prototype-properties": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/prototype-properties/-/prototype-properties-5.0.0.tgz",
-      "integrity": "sha512-uCWE2QqnGlwvvJXTwiHTPTyHE62+zORO5hpFWhAwBGDtEtTmNZZleNLJDoFsqHCL4p/CeAP2Q1uMKFUKALuRGQ==",
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/prototype-properties/-/prototype-properties-5.1.0.tgz",
+      "integrity": "sha512-lq/vK1+nYV/bbjZ70pDmaTzin143xX9hVAU5CrsNQL57A8j4Q6AfjsY8kRFoUpCBncaUdfkz9MdsQ8PFtiKrUQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -13042,18 +13406,25 @@
       }
     },
     "node_modules/qified": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/qified/-/qified-0.6.0.tgz",
-      "integrity": "sha512-tsSGN1x3h569ZSU1u6diwhltLyfUWDp3YbFHedapTmpBl0B3P6U3+Qptg7xu+v+1io1EwhdPyyRHYbEw0KN2FA==",
+      "version": "0.9.1",
+      "resolved": "https://registry.npmjs.org/qified/-/qified-0.9.1.tgz",
+      "integrity": "sha512-n7mar4T0xQ+39dE2vGTAlbxUEpndwPANH0kDef1/MYsB8Bba9wshkybIRx74qgcvKQPEWErf9AqAdYjhzY2Ilg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "hookified": "^1.14.0"
+        "hookified": "^2.1.1"
       },
       "engines": {
         "node": ">=20"
       }
     },
+    "node_modules/qified/node_modules/hookified": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/hookified/-/hookified-2.1.1.tgz",
+      "integrity": "sha512-AHb76R16GB5EsPBE2J7Ko5kiEyXwviB9P5SMrAKcuAu4vJPZttViAbj9+tZeaQE5zjDme+1vcHP78Yj/WoAveA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/queue-microtask": {
       "version": "1.2.3",
       "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
@@ -13128,9 +13499,9 @@
       "license": "MIT"
     },
     "node_modules/read-package-json/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -13141,6 +13512,7 @@
       "version": "10.5.0",
       "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
       "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -13169,13 +13541,13 @@
       }
     },
     "node_modules/read-package-json/node_modules/minimatch": {
-      "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
-        "brace-expansion": "^2.0.1"
+        "brace-expansion": "^2.0.2"
       },
       "engines": {
         "node": ">=16 || 14 >=14.17"
@@ -13400,11 +13772,52 @@
       }
     },
     "node_modules/robust-predicates": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/robust-predicates/-/robust-predicates-3.0.2.tgz",
-      "integrity": "sha512-IXgzBWvWQwE6PrDI05OvmXUIruQTcoMDzRsOd5CDvHCVLcLHMTSYvOK5Cm46kWqlV3yAbuSpBZdJ5oP5OUoStg==",
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/robust-predicates/-/robust-predicates-3.0.3.tgz",
+      "integrity": "sha512-NS3levdsRIUOmiJ8FZWCP7LG3QpJyrs/TE0Zpf1yvZu8cAJJ6QMW92H1c7kWpdIHo8RvmLxN/o2JXTKHp74lUA==",
       "license": "Unlicense"
     },
+    "node_modules/rolldown": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/rolldown/-/rolldown-1.0.0-rc.12.tgz",
+      "integrity": "sha512-yP4USLIMYrwpPHEFB5JGH1uxhcslv6/hL0OyvTuY+3qlOSJvZ7ntYnoWpehBxufkgN0cvXxppuTu5hHa/zPh+A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@oxc-project/types": "=0.122.0",
+        "@rolldown/pluginutils": "1.0.0-rc.12"
+      },
+      "bin": {
+        "rolldown": "bin/cli.mjs"
+      },
+      "engines": {
+        "node": "^20.19.0 || >=22.12.0"
+      },
+      "optionalDependencies": {
+        "@rolldown/binding-android-arm64": "1.0.0-rc.12",
+        "@rolldown/binding-darwin-arm64": "1.0.0-rc.12",
+        "@rolldown/binding-darwin-x64": "1.0.0-rc.12",
+        "@rolldown/binding-freebsd-x64": "1.0.0-rc.12",
+        "@rolldown/binding-linux-arm-gnueabihf": "1.0.0-rc.12",
+        "@rolldown/binding-linux-arm64-gnu": "1.0.0-rc.12",
+        "@rolldown/binding-linux-arm64-musl": "1.0.0-rc.12",
+        "@rolldown/binding-linux-ppc64-gnu": "1.0.0-rc.12",
+        "@rolldown/binding-linux-s390x-gnu": "1.0.0-rc.12",
+        "@rolldown/binding-linux-x64-gnu": "1.0.0-rc.12",
+        "@rolldown/binding-linux-x64-musl": "1.0.0-rc.12",
+        "@rolldown/binding-openharmony-arm64": "1.0.0-rc.12",
+        "@rolldown/binding-wasm32-wasi": "1.0.0-rc.12",
+        "@rolldown/binding-win32-arm64-msvc": "1.0.0-rc.12",
+        "@rolldown/binding-win32-x64-msvc": "1.0.0-rc.12"
+      }
+    },
+    "node_modules/rolldown/node_modules/@rolldown/pluginutils": {
+      "version": "1.0.0-rc.12",
+      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-rc.12.tgz",
+      "integrity": "sha512-HHMwmarRKvoFsJorqYlFeFRzXZqCt2ETQlEDOb9aqssrnVBB1/+xgTGtuTrIk5vzLNX1MjMtTf7W9z3tsSbrxw==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/rollup": {
       "version": "2.79.2",
       "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.79.2.tgz",
@@ -13610,18 +14023,18 @@
       }
     },
     "node_modules/seroval": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/seroval/-/seroval-1.5.0.tgz",
-      "integrity": "sha512-OE4cvmJ1uSPrKorFIH9/w/Qwuvi/IMcGbv5RKgcJ/zjA/IohDLU6SVaxFN9FwajbP7nsX0dQqMDes1whk3y+yw==",
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/seroval/-/seroval-1.5.1.tgz",
+      "integrity": "sha512-OwrZRZAfhHww0WEnKHDY8OM0U/Qs8OTfIDWhUD4BLpNJUfXK4cGmjiagGze086m+mhI+V2nD0gfbHEnJjb9STA==",
       "license": "MIT",
       "engines": {
         "node": ">=10"
       }
     },
     "node_modules/seroval-plugins": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/seroval-plugins/-/seroval-plugins-1.5.0.tgz",
-      "integrity": "sha512-EAHqADIQondwRZIdeW2I636zgsODzoBDwb3PT/+7TLDWyw1Dy/Xv7iGUIEXXav7usHDE9HVhOU61irI3EnyyHA==",
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/seroval-plugins/-/seroval-plugins-1.5.1.tgz",
+      "integrity": "sha512-4FbuZ/TMl02sqv0RTFexu0SP6V+ywaIe5bAWCCEik0fk17BhALgwvUDVF7e3Uvf9pxmwCEJsRPmlkUE6HdzLAw==",
       "license": "MIT",
       "engines": {
         "node": ">=10"
@@ -13918,9 +14331,9 @@
       }
     },
     "node_modules/solid-js": {
-      "version": "1.9.11",
-      "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.9.11.tgz",
-      "integrity": "sha512-WEJtcc5mkh/BnHA6Yrg4whlF8g6QwpmXXRg4P2ztPmcKeHHlH4+djYecBLhSpecZY2RRECXYUwIc/C2r3yzQ4Q==",
+      "version": "1.9.12",
+      "resolved": "https://registry.npmjs.org/solid-js/-/solid-js-1.9.12.tgz",
+      "integrity": "sha512-QzKaSJq2/iDrWR1As6MHZQ8fQkdOBf8GReYb7L5iKwMGceg7HxDcaOHk0at66tNgn9U2U7dXo8ZZpLIAmGMzgw==",
       "license": "MIT",
       "dependencies": {
         "csstype": "^3.1.0",
@@ -14047,9 +14460,9 @@
       }
     },
     "node_modules/spdx-license-ids": {
-      "version": "3.0.22",
-      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.22.tgz",
-      "integrity": "sha512-4PRT4nh1EImPbt2jASOKHX7PB7I+e4IWNLvkKFDxNhJlfjbYlleYQh285Z/3mPTHSAK/AvdMmw5BNNuYH8ShgQ==",
+      "version": "3.0.23",
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.23.tgz",
+      "integrity": "sha512-CWLcCCH7VLu13TgOH+r8p1O/Znwhqv/dbb6lqWy67G+pT1kHmeD/+V36AVb/vq8QMIQwVShJ6Ssl5FPh0fuSdw==",
       "dev": true,
       "license": "CC0-1.0"
     },
@@ -14090,9 +14503,9 @@
       "license": "MIT"
     },
     "node_modules/stacktracey": {
-      "version": "2.1.8",
-      "resolved": "https://registry.npmjs.org/stacktracey/-/stacktracey-2.1.8.tgz",
-      "integrity": "sha512-Kpij9riA+UNg7TnphqjH7/CzctQ/owJGNbFkfEeve4Z4uxT5+JapVLFXcsurIfN34gnTWZNJ/f7NMG0E8JDzTw==",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/stacktracey/-/stacktracey-2.2.0.tgz",
+      "integrity": "sha512-ETyQEz+CzXiLjEbyJqpbp+/T79RQD/6wqFucRBIlVNZfYq2Ay7wbretD4cxpbymZlaPWx58aIhPEY1Cr8DlVvg==",
       "dev": true,
       "license": "Unlicense",
       "dependencies": {
@@ -14384,6 +14797,36 @@
         "stylelint": ">=16"
       }
     },
+    "node_modules/stylelint/node_modules/@csstools/selector-specificity": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/selector-specificity/-/selector-specificity-5.0.0.tgz",
+      "integrity": "sha512-PCqQV3c4CoVm3kdPhyeZ07VmBRdH2EpMFA/pd9OASpOEC3aXNGoqPDAZ80D0cLpMBxnmk0+yNhGsEx31hq7Gtw==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT-0",
+      "engines": {
+        "node": ">=18"
+      },
+      "peerDependencies": {
+        "postcss-selector-parser": "^7.0.0"
+      }
+    },
+    "node_modules/stylelint/node_modules/balanced-match": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-2.0.0.tgz",
+      "integrity": "sha512-1ugUSr8BHXRnK23KfuYS+gVMC3LB8QGH9W1iGtDPsNWoQbgtXSExkBu2aDR4epiGWZOjZsj6lDl/N/AqqTC3UA==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/stylelint/node_modules/file-entry-cache": {
       "version": "11.1.2",
       "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-11.1.2.tgz",
@@ -14395,27 +14838,17 @@
       }
     },
     "node_modules/stylelint/node_modules/flat-cache": {
-      "version": "6.1.20",
-      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-6.1.20.tgz",
-      "integrity": "sha512-AhHYqwvN62NVLp4lObVXGVluiABTHapoB57EyegZVmazN+hhGhLTn3uZbOofoTw4DSDvVCadzzyChXhOAvy8uQ==",
+      "version": "6.1.22",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-6.1.22.tgz",
+      "integrity": "sha512-N2dnzVJIphnNsjHcrxGW7DePckJ6haPrSFqpsBUhHYgwtKGVq4JrBGielEGD2fCVnsGm1zlBVZ8wGhkyuetgug==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "cacheable": "^2.3.2",
-        "flatted": "^3.3.3",
+        "cacheable": "^2.3.4",
+        "flatted": "^3.4.2",
         "hookified": "^1.15.0"
       }
     },
-    "node_modules/stylelint/node_modules/ignore": {
-      "version": "7.0.5",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz",
-      "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">= 4"
-      }
-    },
     "node_modules/stylelint/node_modules/postcss-safe-parser": {
       "version": "7.0.1",
       "resolved": "https://registry.npmjs.org/postcss-safe-parser/-/postcss-safe-parser-7.0.1.tgz",
@@ -14605,9 +15038,9 @@
       }
     },
     "node_modules/svgo/node_modules/sax": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/sax/-/sax-1.5.0.tgz",
-      "integrity": "sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA==",
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.6.0.tgz",
+      "integrity": "sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "engines": {
@@ -14713,9 +15146,9 @@
       }
     },
     "node_modules/tapable": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.3.0.tgz",
-      "integrity": "sha512-g9ljZiwki/LfxmQADO3dEY1CbpmXT5Hm2fJ+QaGKwSXUylMybePR7/67YW7jOrrvjEgL1Fmz5kzyAjWVWLlucg==",
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.3.2.tgz",
+      "integrity": "sha512-1MOpMXuhGzGL5TTCZFItxCc0AARf1EZFQkGqMm7ERKj8+Hgr5oLvJOVFcC+lRmR8hCe2S3jC4T5D7Vg/d7/fhA==",
       "license": "MIT",
       "engines": {
         "node": ">=6"
@@ -14726,9 +15159,9 @@
       }
     },
     "node_modules/terser": {
-      "version": "5.46.0",
-      "resolved": "https://registry.npmjs.org/terser/-/terser-5.46.0.tgz",
-      "integrity": "sha512-jTwoImyr/QbOWFFso3YoU3ik0jBBDJ6JTOQiy/J2YxVJdZCc+5u7skhNwiOR3FQIygFqVUPHl7qbbxtjW2K3Qg==",
+      "version": "5.46.1",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.46.1.tgz",
+      "integrity": "sha512-vzCjQO/rgUuK9sf8VJZvjqiqiHFaZLnOiimmUuOKODxWL8mm/xua7viT7aqX7dgPY60otQjUotzFMmCB4VdmqQ==",
       "license": "BSD-2-Clause",
       "dependencies": {
         "@jridgewell/source-map": "^0.3.3",
@@ -14744,9 +15177,9 @@
       }
     },
     "node_modules/terser-webpack-plugin": {
-      "version": "5.3.17",
-      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.17.tgz",
-      "integrity": "sha512-YR7PtUp6GMU91BgSJmlaX/rS2lGDbAF7D+Wtq7hRO+MiljNmodYvqslzCFiYVAgW+Qoaaia/QUIP4lGXufjdZw==",
+      "version": "5.4.0",
+      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.4.0.tgz",
+      "integrity": "sha512-Bn5vxm48flOIfkdl5CaD2+1CiUVbonWQ3KQPyP7/EuIl9Gbzq/gQFOzaMFUEgVjB1396tcK0SG8XcNJ/2kDH8g==",
       "license": "MIT",
       "dependencies": {
         "@jridgewell/trace-mapping": "^0.3.25",
@@ -14840,9 +15273,9 @@
       "license": "MIT"
     },
     "node_modules/tinyexec": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.0.2.tgz",
-      "integrity": "sha512-W/KYk+NFhkmsYpuHq5JykngiOCnxeVL8v8dFnqxSD8qEEdRfXk1SDM6JzNqcERbcGYj9tMrDQBYV9cjgnunFIg==",
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.0.4.tgz",
+      "integrity": "sha512-u9r3uZC0bdpGOXtlxUIdwf9pkmvhqJdrVCH9fapQtgy/OeTTMZ1nqH7agtvEfmGui6e1XxjcdrlxvxJvc3sMqw==",
       "license": "MIT",
       "engines": {
         "node": ">=18"
@@ -14882,9 +15315,9 @@
       }
     },
     "node_modules/tinyglobby/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "license": "MIT",
       "engines": {
         "node": ">=12"
@@ -14982,9 +15415,9 @@
       "license": "MIT"
     },
     "node_modules/ts-api-utils": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.4.0.tgz",
-      "integrity": "sha512-3TaVTaAv2gTiMB35i3FiGJaRfwb3Pyn/j3m/bfAvGe8FB7CF6u+LMYqYlDh7reQf7UNvoTvdfAqHGmPGOSsPmA==",
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/ts-api-utils/-/ts-api-utils-2.5.0.tgz",
+      "integrity": "sha512-OJ/ibxhPlqrMM0UiNHJ/0CKQkoKF243/AEmplt3qpRgkW8VG7IfOS41h7V8TjITqdByHzrjcS/2si+y4lIh8NA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -15190,9 +15623,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "6.21.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
-      "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
+      "version": "7.18.2",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
+      "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
       "license": "MIT"
     },
     "node_modules/universalify": {
@@ -15344,17 +15777,16 @@
       "license": "MIT"
     },
     "node_modules/vite": {
-      "version": "7.3.1",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-7.3.1.tgz",
-      "integrity": "sha512-w+N7Hifpc3gRjZ63vYBXA56dvvRlNWRczTdmCBBa+CotUzAPf5b7YMdMR/8CQoeYE5LX3W4wj6RYTgonm1b9DA==",
+      "version": "8.0.3",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.3.tgz",
+      "integrity": "sha512-B9ifbFudT1TFhfltfaIPgjo9Z3mDynBTJSUYxTjOQruf/zHH+ezCQKcoqO+h7a9Pw9Nm/OtlXAiGT1axBgwqrQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "esbuild": "^0.27.0",
-        "fdir": "^6.5.0",
-        "picomatch": "^4.0.3",
-        "postcss": "^8.5.6",
-        "rollup": "^4.43.0",
+        "lightningcss": "^1.32.0",
+        "picomatch": "^4.0.4",
+        "postcss": "^8.5.8",
+        "rolldown": "1.0.0-rc.12",
         "tinyglobby": "^0.2.15"
       },
       "bin": {
@@ -15371,9 +15803,10 @@
       },
       "peerDependencies": {
         "@types/node": "^20.19.0 || >=22.12.0",
+        "@vitejs/devtools": "^0.1.0",
+        "esbuild": "^0.27.0",
         "jiti": ">=1.21.0",
         "less": "^4.0.0",
-        "lightningcss": "^1.21.0",
         "sass": "^1.70.0",
         "sass-embedded": "^1.70.0",
         "stylus": ">=0.54.8",
@@ -15386,15 +15819,18 @@
         "@types/node": {
           "optional": true
         },
+        "@vitejs/devtools": {
+          "optional": true
+        },
+        "esbuild": {
+          "optional": true
+        },
         "jiti": {
           "optional": true
         },
         "less": {
           "optional": true
         },
-        "lightningcss": {
-          "optional": true
-        },
         "sass": {
           "optional": true
         },
@@ -15428,31 +15864,6 @@
         "vite": "*"
       }
     },
-    "node_modules/vite/node_modules/@types/estree": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
-      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/vite/node_modules/fdir": {
-      "version": "6.5.0",
-      "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz",
-      "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=12.0.0"
-      },
-      "peerDependencies": {
-        "picomatch": "^3 || ^4"
-      },
-      "peerDependenciesMeta": {
-        "picomatch": {
-          "optional": true
-        }
-      }
-    },
     "node_modules/vite/node_modules/fsevents": {
       "version": "2.3.3",
       "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
@@ -15469,9 +15880,9 @@
       }
     },
     "node_modules/vite/node_modules/picomatch": {
-      "version": "4.0.3",
-      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
-      "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.4.tgz",
+      "integrity": "sha512-QP88BAKvMam/3NxH6vj2o21R6MjxZUAd6nlwAS/pnGvN9IVLocLHxGYIzFhg6fUQ+5th6P4dv4eW9jX3DSIj7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -15481,49 +15892,33 @@
         "url": "https://github.com/sponsors/jonschlinkert"
       }
     },
-    "node_modules/vite/node_modules/rollup": {
-      "version": "4.56.0",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.56.0.tgz",
-      "integrity": "sha512-9FwVqlgUHzbXtDg9RCMgodF3Ua4Na6Gau+Sdt9vyCN4RhHfVKX2DCHy3BjMLTDd47ITDhYAnTwGulWTblJSDLg==",
+    "node_modules/vite/node_modules/postcss": {
+      "version": "8.5.8",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.8.tgz",
+      "integrity": "sha512-OW/rX8O/jXnm82Ey1k44pObPtdblfiuWnrd8X7GJ7emImCOstunGbXUpp7HdBrFQX6rJzn3sPT397Wp5aCwCHg==",
       "dev": true,
+      "funding": [
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/postcss/"
+        },
+        {
+          "type": "tidelift",
+          "url": "https://tidelift.com/funding/github/npm/postcss"
+        },
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
       "license": "MIT",
       "dependencies": {
-        "@types/estree": "1.0.8"
-      },
-      "bin": {
-        "rollup": "dist/bin/rollup"
+        "nanoid": "^3.3.11",
+        "picocolors": "^1.1.1",
+        "source-map-js": "^1.2.1"
       },
       "engines": {
-        "node": ">=18.0.0",
-        "npm": ">=8.0.0"
-      },
-      "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.56.0",
-        "@rollup/rollup-android-arm64": "4.56.0",
-        "@rollup/rollup-darwin-arm64": "4.56.0",
-        "@rollup/rollup-darwin-x64": "4.56.0",
-        "@rollup/rollup-freebsd-arm64": "4.56.0",
-        "@rollup/rollup-freebsd-x64": "4.56.0",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.56.0",
-        "@rollup/rollup-linux-arm-musleabihf": "4.56.0",
-        "@rollup/rollup-linux-arm64-gnu": "4.56.0",
-        "@rollup/rollup-linux-arm64-musl": "4.56.0",
-        "@rollup/rollup-linux-loong64-gnu": "4.56.0",
-        "@rollup/rollup-linux-loong64-musl": "4.56.0",
-        "@rollup/rollup-linux-ppc64-gnu": "4.56.0",
-        "@rollup/rollup-linux-ppc64-musl": "4.56.0",
-        "@rollup/rollup-linux-riscv64-gnu": "4.56.0",
-        "@rollup/rollup-linux-riscv64-musl": "4.56.0",
-        "@rollup/rollup-linux-s390x-gnu": "4.56.0",
-        "@rollup/rollup-linux-x64-gnu": "4.56.0",
-        "@rollup/rollup-linux-x64-musl": "4.56.0",
-        "@rollup/rollup-openbsd-x64": "4.56.0",
-        "@rollup/rollup-openharmony-arm64": "4.56.0",
-        "@rollup/rollup-win32-arm64-msvc": "4.56.0",
-        "@rollup/rollup-win32-ia32-msvc": "4.56.0",
-        "@rollup/rollup-win32-x64-gnu": "4.56.0",
-        "@rollup/rollup-win32-x64-msvc": "4.56.0",
-        "fsevents": "~2.3.2"
+        "node": "^10 || ^12 || >=14"
       }
     },
     "node_modules/vitest": {
@@ -15719,17 +16114,17 @@
       "license": "MIT"
     },
     "node_modules/vue-eslint-parser": {
-      "version": "10.2.0",
-      "resolved": "https://registry.npmjs.org/vue-eslint-parser/-/vue-eslint-parser-10.2.0.tgz",
-      "integrity": "sha512-CydUvFOQKD928UzZhTp4pr2vWz1L+H99t7Pkln2QSPdvmURT0MoC4wUccfCnuEaihNsu9aYYyk+bep8rlfkUXw==",
+      "version": "10.4.0",
+      "resolved": "https://registry.npmjs.org/vue-eslint-parser/-/vue-eslint-parser-10.4.0.tgz",
+      "integrity": "sha512-Vxi9pJdbN3ZnVGLODVtZ7y4Y2kzAAE2Cm0CZ3ZDRvydVYxZ6VrnBhLikBsRS+dpwj4Jv4UCv21PTEwF5rQ9WXg==",
       "dev": true,
       "license": "MIT",
       "peer": true,
       "dependencies": {
         "debug": "^4.4.0",
-        "eslint-scope": "^8.2.0",
-        "eslint-visitor-keys": "^4.2.0",
-        "espree": "^10.3.0",
+        "eslint-scope": "^8.2.0 || ^9.0.0",
+        "eslint-visitor-keys": "^4.2.0 || ^5.0.0",
+        "espree": "^10.3.0 || ^11.0.0",
         "esquery": "^1.6.0",
         "semver": "^7.6.3"
       },
@@ -15740,7 +16135,7 @@
         "url": "https://github.com/sponsors/mysticatea"
       },
       "peerDependencies": {
-        "eslint": "^8.57.0 || ^9.0.0"
+        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0"
       }
     },
     "node_modules/vue-loader": {
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index b8f6c9e298..d3cc9367a7 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -91,12 +91,12 @@
       }
     },
     "node_modules/@isaacs/cliui/node_modules/strip-ansi": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.2.tgz",
-      "integrity": "sha512-gmBGslpoQJtgnMAvOVqGZpEz9dyoKTCzy2nfz/n8aIFhN/jCE/rCmcxabB6jOOHV+0WNnylOxaxBQPSvcWklhA==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
+      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
       "license": "MIT",
       "dependencies": {
-        "ansi-regex": "^6.0.1"
+        "ansi-regex": "^6.2.2"
       },
       "engines": {
         "node": ">=12"
@@ -136,6 +136,7 @@
       "resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.6.tgz",
       "integrity": "sha512-DhGl4xMVFGVIyMwswXeyzdL4uXD5OGILGX5N8Y+f6W7LhC1Ze2poSNrkF/fedpVDHEEZ+PHFW0vL14I+mm8K3Q==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@octokit/auth-token": "^6.0.0",
         "@octokit/graphql": "^9.0.3",
@@ -154,15 +155,17 @@
       "resolved": "https://registry.npmjs.org/@octokit/auth-token/-/auth-token-6.0.0.tgz",
       "integrity": "sha512-P4YJBPdPSpWTQ1NU4XYdvHvXJJDxM6YwpS0FZHRgP7YFkdVxsWcpWGy/NVqlAA7PcPCnMacXlRm1y2PFZRWL/w==",
       "license": "MIT",
+      "peer": true,
       "engines": {
         "node": ">= 20"
       }
     },
     "node_modules/@octokit/core/node_modules/@octokit/endpoint": {
-      "version": "11.0.2",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.2.tgz",
-      "integrity": "sha512-4zCpzP1fWc7QlqunZ5bSEjxc6yLAlRTnDwKtgXfcI/FxxGoqedDG8V2+xJ60bV2kODqcGB+nATdtap/XYq2NZQ==",
+      "version": "11.0.3",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.3.tgz",
+      "integrity": "sha512-FWFlNxghg4HrXkD3ifYbS/IdL/mDHjh9QcsNyhQjN8dplUoZbejsdpmuqdA76nxj2xoWPs7p8uX2SNr9rYu0Ag==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@octokit/types": "^16.0.0",
         "universal-user-agent": "^7.0.2"
@@ -175,18 +178,21 @@
       "version": "27.0.0",
       "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-27.0.0.tgz",
       "integrity": "sha512-whrdktVs1h6gtR+09+QsNk2+FO+49j6ga1c55YZudfEG+oKJVvJLQi3zkOm5JjiUXAagWK2tI2kTGKJ2Ys7MGA==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/@octokit/core/node_modules/@octokit/request": {
-      "version": "10.0.7",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.7.tgz",
-      "integrity": "sha512-v93h0i1yu4idj8qFPZwjehoJx4j3Ntn+JhXsdJrG9pYaX6j/XRz2RmasMUHtNgQD39nrv/VwTWSqK0RNXR8upA==",
+      "version": "10.0.8",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.8.tgz",
+      "integrity": "sha512-SJZNwY9pur9Agf7l87ywFi14W+Hd9Jg6Ifivsd33+/bGUQIjNujdFiXII2/qSlN2ybqUHfp5xpekMEjIBTjlSw==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
-        "@octokit/endpoint": "^11.0.2",
+        "@octokit/endpoint": "^11.0.3",
         "@octokit/request-error": "^7.0.2",
         "@octokit/types": "^16.0.0",
         "fast-content-type-parse": "^3.0.0",
+        "json-with-bigint": "^3.5.3",
         "universal-user-agent": "^7.0.2"
       },
       "engines": {
@@ -198,6 +204,7 @@
       "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.1.0.tgz",
       "integrity": "sha512-KMQIfq5sOPpkQYajXHwnhjCC0slzCNScLHs9JafXc4RAJI+9f+jNDlBNaIMTvazOPLgb4BnlhGJOTbnN0wIjPw==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@octokit/types": "^16.0.0"
       },
@@ -210,6 +217,7 @@
       "resolved": "https://registry.npmjs.org/@octokit/types/-/types-16.0.0.tgz",
       "integrity": "sha512-sKq+9r1Mm4efXW1FCk7hFSeJo4QKreL/tTbR0rz/qx/r1Oa2VV83LTA/H/MuCOX7uCIJmQVRKBcbmWoySjAnSg==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@octokit/openapi-types": "^27.0.0"
       }
@@ -218,13 +226,15 @@
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-4.0.0.tgz",
       "integrity": "sha512-q6tR3RPqIB1pMiTRMFcZwuG5T8vwp+vUvEG0vuI6B+Rikh5BfPp2fQ82c925FOs+b0lcFQ8CFrL+KbilfZFhOQ==",
-      "license": "Apache-2.0"
+      "license": "Apache-2.0",
+      "peer": true
     },
     "node_modules/@octokit/core/node_modules/universal-user-agent": {
       "version": "7.0.3",
       "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-7.0.3.tgz",
       "integrity": "sha512-TmnEAEAsBJVZM/AADELsK76llnwcf9vMKuPz8JflO1frO8Lchitr0fNaN9d+Ap0BjKtqWqd/J17qeDnXh8CL2A==",
-      "license": "ISC"
+      "license": "ISC",
+      "peer": true
     },
     "node_modules/@octokit/endpoint": {
       "version": "6.0.12",
@@ -248,6 +258,7 @@
       "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.3.tgz",
       "integrity": "sha512-grAEuupr/C1rALFnXTv6ZQhFuL1D8G5y8CN04RgrO4FIPMrtm+mcZzFG7dcBm+nq+1ppNixu+Jd78aeJOYxlGA==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@octokit/request": "^10.0.6",
         "@octokit/types": "^16.0.0",
@@ -258,10 +269,11 @@
       }
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/endpoint": {
-      "version": "11.0.2",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.2.tgz",
-      "integrity": "sha512-4zCpzP1fWc7QlqunZ5bSEjxc6yLAlRTnDwKtgXfcI/FxxGoqedDG8V2+xJ60bV2kODqcGB+nATdtap/XYq2NZQ==",
+      "version": "11.0.3",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.3.tgz",
+      "integrity": "sha512-FWFlNxghg4HrXkD3ifYbS/IdL/mDHjh9QcsNyhQjN8dplUoZbejsdpmuqdA76nxj2xoWPs7p8uX2SNr9rYu0Ag==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@octokit/types": "^16.0.0",
         "universal-user-agent": "^7.0.2"
@@ -274,18 +286,21 @@
       "version": "27.0.0",
       "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-27.0.0.tgz",
       "integrity": "sha512-whrdktVs1h6gtR+09+QsNk2+FO+49j6ga1c55YZudfEG+oKJVvJLQi3zkOm5JjiUXAagWK2tI2kTGKJ2Ys7MGA==",
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/@octokit/graphql/node_modules/@octokit/request": {
-      "version": "10.0.7",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.7.tgz",
-      "integrity": "sha512-v93h0i1yu4idj8qFPZwjehoJx4j3Ntn+JhXsdJrG9pYaX6j/XRz2RmasMUHtNgQD39nrv/VwTWSqK0RNXR8upA==",
+      "version": "10.0.8",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.8.tgz",
+      "integrity": "sha512-SJZNwY9pur9Agf7l87ywFi14W+Hd9Jg6Ifivsd33+/bGUQIjNujdFiXII2/qSlN2ybqUHfp5xpekMEjIBTjlSw==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
-        "@octokit/endpoint": "^11.0.2",
+        "@octokit/endpoint": "^11.0.3",
         "@octokit/request-error": "^7.0.2",
         "@octokit/types": "^16.0.0",
         "fast-content-type-parse": "^3.0.0",
+        "json-with-bigint": "^3.5.3",
         "universal-user-agent": "^7.0.2"
       },
       "engines": {
@@ -297,6 +312,7 @@
       "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.1.0.tgz",
       "integrity": "sha512-KMQIfq5sOPpkQYajXHwnhjCC0slzCNScLHs9JafXc4RAJI+9f+jNDlBNaIMTvazOPLgb4BnlhGJOTbnN0wIjPw==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@octokit/types": "^16.0.0"
       },
@@ -309,6 +325,7 @@
       "resolved": "https://registry.npmjs.org/@octokit/types/-/types-16.0.0.tgz",
       "integrity": "sha512-sKq+9r1Mm4efXW1FCk7hFSeJo4QKreL/tTbR0rz/qx/r1Oa2VV83LTA/H/MuCOX7uCIJmQVRKBcbmWoySjAnSg==",
       "license": "MIT",
+      "peer": true,
       "dependencies": {
         "@octokit/openapi-types": "^27.0.0"
       }
@@ -317,7 +334,8 @@
       "version": "7.0.3",
       "resolved": "https://registry.npmjs.org/universal-user-agent/-/universal-user-agent-7.0.3.tgz",
       "integrity": "sha512-TmnEAEAsBJVZM/AADELsK76llnwcf9vMKuPz8JflO1frO8Lchitr0fNaN9d+Ap0BjKtqWqd/J17qeDnXh8CL2A==",
-      "license": "ISC"
+      "license": "ISC",
+      "peer": true
     },
     "node_modules/@octokit/openapi-types": {
       "version": "12.11.0",
@@ -478,12 +496,12 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "25.0.10",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.0.10.tgz",
-      "integrity": "sha512-zWW5KPngR/yvakJgGOmZ5vTBemDoSqF3AcV/LrO5u5wTWyEAVVh+IT39G4gtyAkh3CtTZs8aX/yRM82OfzHJRg==",
+      "version": "25.5.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
+      "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~7.16.0"
+        "undici-types": "~7.18.0"
       }
     },
     "node_modules/@types/vinyl": {
@@ -1014,12 +1032,15 @@
       }
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.9.18",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.9.18.tgz",
-      "integrity": "sha512-e23vBV1ZLfjb9apvfPk4rHVu2ry6RIr2Wfs+O324okSidrX7pTAnEJPCh/O5BtRlr7QtZI7ktOP3vsqr7Z5XoA==",
+      "version": "2.10.13",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.13.tgz",
+      "integrity": "sha512-BL2sTuHOdy0YT1lYieUxTw/QMtPBC3pmlJC6xk8BBYVv6vcw3SGdKemQ+Xsx9ik2F/lYDO9tqsFQH1r9PFuHKw==",
       "license": "Apache-2.0",
       "bin": {
-        "baseline-browser-mapping": "dist/cli.js"
+        "baseline-browser-mapping": "dist/cli.cjs"
+      },
+      "engines": {
+        "node": ">=6.0.0"
       }
     },
     "node_modules/beeper": {
@@ -1079,9 +1100,9 @@
       }
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.12",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
-      "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==",
+      "version": "1.1.13",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
+      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
@@ -1110,9 +1131,9 @@
       }
     },
     "node_modules/browserslist": {
-      "version": "4.28.1",
-      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.1.tgz",
-      "integrity": "sha512-ZC5Bd0LgJXgwGqUknZY/vkUQ04r8NXnJZ3yYi4vDmSiZmC/pdSN0NbNRPxZpbtO4uAfDUAFffO8IZoM3Gj8IkA==",
+      "version": "4.28.2",
+      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.28.2.tgz",
+      "integrity": "sha512-48xSriZYYg+8qXna9kwqjIVzuQxi+KYWp2+5nCYnYKPTr0LvD89Jqk2Or5ogxz0NUMfIjhh2lIUX/LyX9B4oIg==",
       "funding": [
         {
           "type": "opencollective",
@@ -1128,13 +1149,12 @@
         }
       ],
       "license": "MIT",
-      "peer": true,
       "dependencies": {
-        "baseline-browser-mapping": "^2.9.0",
-        "caniuse-lite": "^1.0.30001759",
-        "electron-to-chromium": "^1.5.263",
-        "node-releases": "^2.0.27",
-        "update-browserslist-db": "^1.2.0"
+        "baseline-browser-mapping": "^2.10.12",
+        "caniuse-lite": "^1.0.30001782",
+        "electron-to-chromium": "^1.5.328",
+        "node-releases": "^2.0.36",
+        "update-browserslist-db": "^1.2.3"
       },
       "bin": {
         "browserslist": "cli.js"
@@ -1244,9 +1264,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001766",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001766.tgz",
-      "integrity": "sha512-4C0lfJ0/YPjJQHagaE9x2Elb69CIqEPZeG0anQt9SIvIoOH4a4uaRl73IavyO+0qZh6MDLH//DrXThEYKHkmYA==",
+      "version": "1.0.30001784",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001784.tgz",
+      "integrity": "sha512-WU346nBTklUV9YfUl60fqRbU5ZqyXlqvo1SgigE1OAXK5bFL8LL9q1K7aap3N739l4BvNqnkm3YrGHiY9sfUQw==",
       "funding": [
         {
           "type": "opencollective",
@@ -1946,14 +1966,14 @@
       "license": "MIT"
     },
     "node_modules/editorconfig": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.4.tgz",
-      "integrity": "sha512-L9Qe08KWTlqYMVvMcTIvMAdl1cDUubzRNYL+WfA4bLDMHe4nemKkpmYzkznE1FwLKu0EEmy6obgQKzMJrg4x9Q==",
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/editorconfig/-/editorconfig-1.0.7.tgz",
+      "integrity": "sha512-e0GOtq/aTQhVdNyDU9e02+wz9oDDM+SIOQxWME2QRjzRX5yyLAuHDE+0aE8vHb9XRC8XD37eO2u57+F09JqFhw==",
       "license": "MIT",
       "dependencies": {
         "@one-ini/wasm": "0.1.1",
         "commander": "^10.0.0",
-        "minimatch": "9.0.1",
+        "minimatch": "^9.0.1",
         "semver": "^7.5.3"
       },
       "bin": {
@@ -1964,21 +1984,21 @@
       }
     },
     "node_modules/editorconfig/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0"
       }
     },
     "node_modules/editorconfig/node_modules/minimatch": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.1.tgz",
-      "integrity": "sha512-0jWhJpD/MdhPXwPuiRkCbfYfSKp2qnn2eOc279qI7f+osl/l+prKSrvhg157zSYvx/1nmgn2NqdT6k2Z7zSH9w==",
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
       "license": "ISC",
       "dependencies": {
-        "brace-expansion": "^2.0.1"
+        "brace-expansion": "^2.0.2"
       },
       "engines": {
         "node": ">=16 || 14 >=14.17"
@@ -1988,9 +2008,9 @@
       }
     },
     "node_modules/editorconfig/node_modules/semver": {
-      "version": "7.7.3",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz",
-      "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==",
+      "version": "7.7.4",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
+      "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
       "license": "ISC",
       "bin": {
         "semver": "bin/semver.js"
@@ -2000,9 +2020,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.278",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.278.tgz",
-      "integrity": "sha512-dQ0tM1svDRQOwxnXxm+twlGTjr9Upvt8UFWAgmLsxEzFQxhbti4VwxmMjsDxVC51Zo84swW7FVCXEV+VAkhuPw==",
+      "version": "1.5.330",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.330.tgz",
+      "integrity": "sha512-jFNydB5kFtYUobh4IkWUnXeyDbjf/r9gcUEXe1xcrcUxIGfTdzPXA+ld6zBRbwvgIGVzDll/LTIiDztEtckSnA==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -2341,7 +2361,8 @@
           "url": "https://opencollective.com/fastify"
         }
       ],
-      "license": "MIT"
+      "license": "MIT",
+      "peer": true
     },
     "node_modules/fast-levenshtein": {
       "version": "1.1.4",
@@ -2781,9 +2802,9 @@
       }
     },
     "node_modules/get-stream/node_modules/pump": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.3.tgz",
-      "integrity": "sha512-todwxLMY7/heScKmntwQG8CXVkWUOdYxIvY2s0VWAAMh/nd8SoYiRaKjlr7+iCs984f2P8zvrfWcDDYVb73NfA==",
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/pump/-/pump-3.0.4.tgz",
+      "integrity": "sha512-VS7sjc6KR7e1ukRFhQSY5LM2uBWAUPiOPa/A3mkKmiMwSmRFUITt0xuj+/lesgnCv+dPIEYlkzrcyXgquIHMcA==",
       "license": "MIT",
       "dependencies": {
         "end-of-stream": "^1.1.0",
@@ -2803,7 +2824,7 @@
       "version": "7.2.3",
       "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
       "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
-      "deprecated": "Glob versions prior to v9 are no longer supported",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
       "license": "ISC",
       "dependencies": {
         "fs.realpath": "^1.0.0",
@@ -2977,7 +2998,6 @@
       "resolved": "https://registry.npmjs.org/gulp/-/gulp-4.0.2.tgz",
       "integrity": "sha512-dvEs27SCZt2ibF29xYgmnwwCYZxdxhQ/+LFWlbAW8y7jt68L/65402Lz3+CKy0Ov4rOs+NERmDq7YlZaDqUIfA==",
       "license": "MIT",
-      "peer": true,
       "dependencies": {
         "glob-watcher": "^5.0.3",
         "gulp-cli": "^2.2.0",
@@ -3630,15 +3650,15 @@
       }
     },
     "node_modules/gulp-header": {
-      "version": "2.0.9",
-      "resolved": "https://registry.npmjs.org/gulp-header/-/gulp-header-2.0.9.tgz",
-      "integrity": "sha512-LMGiBx+qH8giwrOuuZXSGvswcIUh0OiioNkUpLhNyvaC6/Ga8X6cfAeme2L5PqsbXMhL8o8b/OmVqIQdxprhcQ==",
+      "version": "2.0.12",
+      "resolved": "https://registry.npmjs.org/gulp-header/-/gulp-header-2.0.12.tgz",
+      "integrity": "sha512-7PFW56tRISOroZ3N5R+f1Bn4wvdtE5LZXfZqz4ubEAXLEsLS7kSifgsk/lF26hSqnYO786GniQCxCuLxQZ0SoA==",
       "license": "MIT",
       "dependencies": {
         "concat-with-sourcemaps": "^1.1.0",
-        "lodash.template": "^4.5.0",
-        "map-stream": "0.0.7",
-        "through2": "^2.0.0"
+        "lodash": "^4.17.21",
+        "map-stream": "^0.0.7",
+        "through2": "^4.0.2"
       }
     },
     "node_modules/gulp-header/node_modules/map-stream": {
@@ -3647,14 +3667,27 @@
       "integrity": "sha512-C0X0KQmGm3N2ftbTGBhSyuydQ+vV1LC3f3zPvT3RXHXNZrvfPZcoXp/N5DOa8vedX/rTMm2CjTtivFg2STJMRQ==",
       "license": "MIT"
     },
-    "node_modules/gulp-header/node_modules/through2": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/through2/-/through2-2.0.5.tgz",
-      "integrity": "sha512-/mrRod8xqpA+IHSLyGCQ2s8SPHiCDEeQJSep1jqLYeEUClOFG2Qsh+4FU6G9VeqpZnGW/Su8LQGc4YKni5rYSQ==",
+    "node_modules/gulp-header/node_modules/readable-stream": {
+      "version": "3.6.2",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
+      "integrity": "sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA==",
       "license": "MIT",
       "dependencies": {
-        "readable-stream": "~2.3.6",
-        "xtend": "~4.0.1"
+        "inherits": "^2.0.3",
+        "string_decoder": "^1.1.1",
+        "util-deprecate": "^1.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
+    "node_modules/gulp-header/node_modules/through2": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/through2/-/through2-4.0.2.tgz",
+      "integrity": "sha512-iOqSav00cVxEEICeD7TjLB1sueEL+81Wpzp2bY17uZjZN0pWZPuo4suZ/61VujxmqSGFfgOcNuTZ85QJwNZQpw==",
+      "license": "MIT",
+      "dependencies": {
+        "readable-stream": "3"
       }
     },
     "node_modules/gulp-if": {
@@ -5014,9 +5047,9 @@
       }
     },
     "node_modules/js-beautify/node_modules/brace-expansion": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.2.tgz",
-      "integrity": "sha512-Jt0vHyM+jmUBqojB7E1NIYadt0vI0Qxjxd2TErW94wDz+E2LAm5vKMXXwg6ZZBTHPuUlDgQHKXvjGBdfcF1ZDQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
+      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0"
@@ -5026,6 +5059,7 @@
       "version": "10.5.0",
       "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
       "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
       "license": "ISC",
       "dependencies": {
         "foreground-child": "^3.1.0",
@@ -5043,12 +5077,12 @@
       }
     },
     "node_modules/js-beautify/node_modules/minimatch": {
-      "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.5.tgz",
-      "integrity": "sha512-G6T0ZX48xgozx7587koeX9Ys2NYy6Gmv//P89sEte9V9whIapMNF4idKxnW2QtCcLiTWlb/wfCabAtAFWhhBow==",
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
       "license": "ISC",
       "dependencies": {
-        "brace-expansion": "^2.0.1"
+        "brace-expansion": "^2.0.2"
       },
       "engines": {
         "node": ">=16 || 14 >=14.17"
@@ -5072,6 +5106,13 @@
       "integrity": "sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw==",
       "license": "MIT"
     },
+    "node_modules/json-with-bigint": {
+      "version": "3.5.8",
+      "resolved": "https://registry.npmjs.org/json-with-bigint/-/json-with-bigint-3.5.8.tgz",
+      "integrity": "sha512-eq/4KP6K34kwa7TcFdtvnftvHCD9KvHOGGICWwMFc4dOOKF5t4iYqnfLK8otCRCRv06FXOzGGyqE8h8ElMvvdw==",
+      "license": "MIT",
+      "peer": true
+    },
     "node_modules/just-debounce": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/just-debounce/-/just-debounce-1.1.0.tgz",
@@ -5448,10 +5489,10 @@
       "license": "MIT"
     },
     "node_modules/lodash.template": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/lodash.template/-/lodash.template-4.5.0.tgz",
-      "integrity": "sha512-84vYFxIkmidUiFxidA/KjjH9pAycqW+h980j7Fuz5qxRtO9pgB7MDFTdys1N7A5mcucRiDyEq4fusljItR1T/A==",
-      "deprecated": "This package is deprecated. Use https://socket.dev/npm/package/eta instead.",
+      "version": "4.18.0",
+      "resolved": "https://registry.npmjs.org/lodash.template/-/lodash.template-4.18.0.tgz",
+      "integrity": "sha512-VbCU2mYTHF/JUjasKG50ozrbli//eixCFmKBiAfvmz0cGt7iywc087M7zxflSoEQFS0Xtv0RqpE8ko8BXv3TOQ==",
+      "deprecated": "Bad release. Please use lodash.template@4.5.0 instead.",
       "license": "MIT",
       "dependencies": {
         "lodash._reinterpolate": "^3.0.0",
@@ -5736,9 +5777,9 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "license": "ISC",
       "dependencies": {
         "brace-expansion": "^1.1.7"
@@ -5757,10 +5798,10 @@
       }
     },
     "node_modules/minipass": {
-      "version": "7.1.2",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
-      "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==",
-      "license": "ISC",
+      "version": "7.1.3",
+      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.3.tgz",
+      "integrity": "sha512-tEBHqDnIoM/1rXME1zgka9g6Q2lcoCkxHLuc7ODJ5BxbP5d4c2Z5cGgtXAku59200Cx7diuHTOYfSBD8n6mm8A==",
+      "license": "BlueOak-1.0.0",
       "engines": {
         "node": ">=16 || 14 >=14.17"
       }
@@ -5845,9 +5886,9 @@
       "license": "ISC"
     },
     "node_modules/nan": {
-      "version": "2.25.0",
-      "resolved": "https://registry.npmjs.org/nan/-/nan-2.25.0.tgz",
-      "integrity": "sha512-0M90Ag7Xn5KMLLZ7zliPWP3rT90P6PN+IzVFS0VqmnPktBk3700xUVv8Ikm9EUaUE5SDWdp/BIxdENzVznpm1g==",
+      "version": "2.26.2",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.26.2.tgz",
+      "integrity": "sha512-0tTvBTYkt3tdGw22nrAy50x7gpbGCCFH3AFcyS5WiUu7Eu4vWlri1woE6qHBSfy11vksDqkiwjOnlR7WV8G1Hw==",
       "license": "MIT",
       "optional": true
     },
@@ -5972,9 +6013,9 @@
       }
     },
     "node_modules/node-releases": {
-      "version": "2.0.27",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.27.tgz",
-      "integrity": "sha512-nmh3lCkYZ3grZvqcCH+fjmQ7X+H0OeZgP40OierEaAptX4XofMh5kwNbWh7lBduUzCcV/8kZ+NDLCwm2iorIlA==",
+      "version": "2.0.36",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.36.tgz",
+      "integrity": "sha512-TdC8FSgHz8Mwtw9g5L4gR/Sh9XhSP/0DEkQxfEFXOpiul5IiHgHan2VhYYb6agDSfp4KuvltmGApc8HMgUrIkA==",
       "license": "MIT"
     },
     "node_modules/node.extend": {
@@ -7029,7 +7070,7 @@
       "version": "5.0.15",
       "resolved": "https://registry.npmjs.org/glob/-/glob-5.0.15.tgz",
       "integrity": "sha512-c9IPMazfRITpmAAKi22dK1VKxGDX9ehhqfABDriL/lzO92xcUKEJPQHrVA/2YHSNFB4iFlykVmWvwo48nr3OxA==",
-      "deprecated": "Glob versions prior to v9 are no longer supported",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
       "license": "ISC",
       "dependencies": {
         "inflight": "^1.0.4",
@@ -7504,9 +7545,9 @@
       }
     },
     "node_modules/spdx-license-ids": {
-      "version": "3.0.22",
-      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.22.tgz",
-      "integrity": "sha512-4PRT4nh1EImPbt2jASOKHX7PB7I+e4IWNLvkKFDxNhJlfjbYlleYQh285Z/3mPTHSAK/AvdMmw5BNNuYH8ShgQ==",
+      "version": "3.0.23",
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.23.tgz",
+      "integrity": "sha512-CWLcCCH7VLu13TgOH+r8p1O/Znwhqv/dbb6lqWy67G+pT1kHmeD/+V36AVb/vq8QMIQwVShJ6Ssl5FPh0fuSdw==",
       "license": "CC0-1.0"
     },
     "node_modules/split-string": {
@@ -8221,9 +8262,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "7.16.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
-      "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==",
+      "version": "7.18.2",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
+      "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
       "license": "MIT"
     },
     "node_modules/union-value": {

From c01b13d119a49ba8c3ea10442e63ab2be6a36741 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 2 Apr 2026 03:45:37 +0200
Subject: [PATCH 615/854] Update dependency @codemirror/view to v6.41.0
 (forgejo) (#11939)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11939
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6e4d59fdce..a1b819adc7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -30,7 +30,7 @@
         "@codemirror/language": "6.12.3",
         "@codemirror/search": "6.6.0",
         "@codemirror/state": "6.6.0",
-        "@codemirror/view": "6.40.0",
+        "@codemirror/view": "6.41.0",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.9.4",
@@ -776,9 +776,9 @@
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.40.0",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.40.0.tgz",
-      "integrity": "sha512-WA0zdU7xfF10+5I3HhUUq3kqOx3KjqmtQ9lqZjfK7jtYk4G72YW9rezcSywpaUMCWOMlq+6E0pO1IWg1TNIhtg==",
+      "version": "6.41.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.41.0.tgz",
+      "integrity": "sha512-6H/qadXsVuDY219Yljhohglve8xf4B8xJkVOEWfA5uiYKiTFppjqsvsfR5iPA0RbvRBoOyTZpbLIxe9+0UR8xA==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.6.0",
diff --git a/package.json b/package.json
index f2ac77f224..b95738195e 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "@codemirror/language": "6.12.3",
     "@codemirror/search": "6.6.0",
     "@codemirror/state": "6.6.0",
-    "@codemirror/view": "6.40.0",
+    "@codemirror/view": "6.41.0",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.9.4",

From 6e8939952c157393daecffd354d11971a1ae5746 Mon Sep 17 00:00:00 2001
From: Eloy <degeneloy@gmail.com>
Date: Thu, 2 Apr 2026 03:46:55 +0200
Subject: [PATCH 616/854] enh: add suggestion to document reason for repository
 archival (#11375)

Fixes #11370

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11375
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Co-authored-by: Eloy <degeneloy@gmail.com>
Co-committed-by: Eloy <degeneloy@gmail.com>
---
 options/locale/locale_en-US.ini | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 6ec0ba978c..2df0b3a728 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -2569,7 +2569,7 @@ settings.matrix.access_token_helper = It is recommended to setup a dedicated Mat
 settings.matrix.room_id_helper = The Room ID can be retrieved from the Element web client > Room Settings > Advanced > Internal room ID. Example: %s.
 settings.archive.button = Archive repo
 settings.archive.header = Archive this repo
-settings.archive.text = Archiving the repo will make it entirely read-only. It will be hidden from the dashboard. Nobody (not even you!) will be able to make new commits, or open any issues or pull requests.
+settings.archive.text = Archiving the repo will make it entirely read-only. It will be hidden from the dashboard. Nobody (not even you!) will be able to make new commits, or open any issues or pull requests. Documenting the archival reason is recommended to guide future developers who plan to fork the repository.
 settings.archive.success = The repo was successfully archived.
 settings.archive.error = An error occurred while trying to archive the repo. See the log for more details.
 settings.archive.error_ismirror = You cannot archive a mirrored repo.

From 4121d5ec8514bb93a92b7c5cee7b93145d3d53af Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 2 Apr 2026 20:52:09 +0200
Subject: [PATCH 617/854] Update linters (forgejo) (#11938)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 146 +++++++++++++++++++++++-----------------------
 package.json      |   2 +-
 2 files changed, 74 insertions(+), 74 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a1b819adc7..96688e44ef 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -119,7 +119,7 @@
         "stylelint-value-no-unknown-custom-properties": "6.1.1",
         "svgo": "4.0.1",
         "typescript": "5.9.3",
-        "typescript-eslint": "8.57.2",
+        "typescript-eslint": "8.58.0",
         "vite-string-plugin": "2.0.2",
         "vitest": "4.1.2"
       },
@@ -4363,20 +4363,20 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.57.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.57.2.tgz",
-      "integrity": "sha512-NZZgp0Fm2IkD+La5PR81sd+g+8oS6JwJje+aRWsDocxHkjyRw0J5L5ZTlN3LI1LlOcGL7ph3eaIUmTXMIjLk0w==",
+      "version": "8.58.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.58.0.tgz",
+      "integrity": "sha512-RLkVSiNuUP1C2ROIWfqX+YcUfLaSnxGE/8M+Y57lopVwg9VTYYfhuz15Yf1IzCKgZj6/rIbYTmJCUSqr76r0Wg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.12.2",
-        "@typescript-eslint/scope-manager": "8.57.2",
-        "@typescript-eslint/type-utils": "8.57.2",
-        "@typescript-eslint/utils": "8.57.2",
-        "@typescript-eslint/visitor-keys": "8.57.2",
+        "@typescript-eslint/scope-manager": "8.58.0",
+        "@typescript-eslint/type-utils": "8.58.0",
+        "@typescript-eslint/utils": "8.58.0",
+        "@typescript-eslint/visitor-keys": "8.58.0",
         "ignore": "^7.0.5",
         "natural-compare": "^1.4.0",
-        "ts-api-utils": "^2.4.0"
+        "ts-api-utils": "^2.5.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4386,22 +4386,22 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.57.2",
+        "@typescript-eslint/parser": "^8.58.0",
         "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.57.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.57.2.tgz",
-      "integrity": "sha512-30ScMRHIAD33JJQkgfGW1t8CURZtjc2JpTrq5n2HFhOefbAhb7ucc7xJwdWcrEtqUIYJ73Nybpsggii6GtAHjA==",
+      "version": "8.58.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.58.0.tgz",
+      "integrity": "sha512-rLoGZIf9afaRBYsPUMtvkDWykwXwUPL60HebR4JgTI8mxfFe2cQTu3AGitANp4b9B2QlVru6WzjgB2IzJKiCSA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.57.2",
-        "@typescript-eslint/types": "8.57.2",
-        "@typescript-eslint/typescript-estree": "8.57.2",
-        "@typescript-eslint/visitor-keys": "8.57.2",
+        "@typescript-eslint/scope-manager": "8.58.0",
+        "@typescript-eslint/types": "8.58.0",
+        "@typescript-eslint/typescript-estree": "8.58.0",
+        "@typescript-eslint/visitor-keys": "8.58.0",
         "debug": "^4.4.3"
       },
       "engines": {
@@ -4413,18 +4413,18 @@
       },
       "peerDependencies": {
         "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.57.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.57.2.tgz",
-      "integrity": "sha512-FuH0wipFywXRTHf+bTTjNyuNQQsQC3qh/dYzaM4I4W0jrCqjCVuUh99+xd9KamUfmCGPvbO8NDngo/vsnNVqgw==",
+      "version": "8.58.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.58.0.tgz",
+      "integrity": "sha512-8Q/wBPWLQP1j16NxoPNIKpDZFMaxl7yWIoqXWYeWO+Bbd2mjgvoF0dxP2jKZg5+x49rgKdf7Ck473M8PC3V9lg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.57.2",
-        "@typescript-eslint/types": "^8.57.2",
+        "@typescript-eslint/tsconfig-utils": "^8.58.0",
+        "@typescript-eslint/types": "^8.58.0",
         "debug": "^4.4.3"
       },
       "engines": {
@@ -4435,18 +4435,18 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.57.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.57.2.tgz",
-      "integrity": "sha512-snZKH+W4WbWkrBqj4gUNRIGb/jipDW3qMqVJ4C9rzdFc+wLwruxk+2a5D+uoFcKPAqyqEnSb4l2ULuZf95eSkw==",
+      "version": "8.58.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.58.0.tgz",
+      "integrity": "sha512-W1Lur1oF50FxSnNdGp3Vs6P+yBRSmZiw4IIjEeYxd8UQJwhUF0gDgDD/W/Tgmh73mxgEU3qX0Bzdl/NGuSPEpQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.57.2",
-        "@typescript-eslint/visitor-keys": "8.57.2"
+        "@typescript-eslint/types": "8.58.0",
+        "@typescript-eslint/visitor-keys": "8.58.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4457,9 +4457,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.57.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.57.2.tgz",
-      "integrity": "sha512-3Lm5DSM+DCowsUOJC+YqHHnKEfFh5CoGkj5Z31NQSNF4l5wdOwqGn99wmwN/LImhfY3KJnmordBq/4+VDe2eKw==",
+      "version": "8.58.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.58.0.tgz",
+      "integrity": "sha512-doNSZEVJsWEu4htiVC+PR6NpM+pa+a4ClH9INRWOWCUzMst/VA9c4gXq92F8GUD1rwhNvRLkgjfYtFXegXQF7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4470,21 +4470,21 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.57.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.57.2.tgz",
-      "integrity": "sha512-Co6ZCShm6kIbAM/s+oYVpKFfW7LBc6FXoPXjTRQ449PPNBY8U0KZXuevz5IFuuUj2H9ss40atTaf9dlGLzbWZg==",
+      "version": "8.58.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.58.0.tgz",
+      "integrity": "sha512-aGsCQImkDIqMyx1u4PrVlbi/krmDsQUs4zAcCV6M7yPcPev+RqVlndsJy9kJ8TLihW9TZ0kbDAzctpLn5o+lOg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.57.2",
-        "@typescript-eslint/typescript-estree": "8.57.2",
-        "@typescript-eslint/utils": "8.57.2",
+        "@typescript-eslint/types": "8.58.0",
+        "@typescript-eslint/typescript-estree": "8.58.0",
+        "@typescript-eslint/utils": "8.58.0",
         "debug": "^4.4.3",
-        "ts-api-utils": "^2.4.0"
+        "ts-api-utils": "^2.5.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4495,13 +4495,13 @@
       },
       "peerDependencies": {
         "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.57.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.57.2.tgz",
-      "integrity": "sha512-/iZM6FnM4tnx9csuTxspMW4BOSegshwX5oBDznJ7S4WggL7Vczz5d2W11ecc4vRrQMQHXRSxzrCsyG5EsPPTbA==",
+      "version": "8.58.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.58.0.tgz",
+      "integrity": "sha512-O9CjxypDT89fbHxRfETNoAnHj/i6IpRK0CvbVN3qibxlLdo5p5hcLmUuCCrHMpxiWSwKyI8mCP7qRNYuOJ0Uww==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -4513,21 +4513,21 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.57.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.57.2.tgz",
-      "integrity": "sha512-2MKM+I6g8tJxfSmFKOnHv2t8Sk3T6rF20A1Puk0svLK+uVapDZB/4pfAeB7nE83uAZrU6OxW+HmOd5wHVdXwXA==",
+      "version": "8.58.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.58.0.tgz",
+      "integrity": "sha512-7vv5UWbHqew/dvs+D3e1RvLv1v2eeZ9txRHPnEEBUgSNLx5ghdzjHa0sgLWYVKssH+lYmV0JaWdoubo0ncGYLA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.57.2",
-        "@typescript-eslint/tsconfig-utils": "8.57.2",
-        "@typescript-eslint/types": "8.57.2",
-        "@typescript-eslint/visitor-keys": "8.57.2",
+        "@typescript-eslint/project-service": "8.58.0",
+        "@typescript-eslint/tsconfig-utils": "8.58.0",
+        "@typescript-eslint/types": "8.58.0",
+        "@typescript-eslint/visitor-keys": "8.58.0",
         "debug": "^4.4.3",
         "minimatch": "^10.2.2",
         "semver": "^7.7.3",
         "tinyglobby": "^0.2.15",
-        "ts-api-utils": "^2.4.0"
+        "ts-api-utils": "^2.5.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4537,20 +4537,20 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.57.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.57.2.tgz",
-      "integrity": "sha512-krRIbvPK1ju1WBKIefiX+bngPs+odIQUtR7kymzPfo1POVw3jlF+nLkmexdSSd4UCbDcQn+wMBATOOmpBbqgKg==",
+      "version": "8.58.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.58.0.tgz",
+      "integrity": "sha512-RfeSqcFeHMHlAWzt4TBjWOAtoW9lnsAGiP3GbaX9uVgTYYrMbVnGONEfUCiSss+xMHFl+eHZiipmA8WkQ7FuNA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.57.2",
-        "@typescript-eslint/types": "8.57.2",
-        "@typescript-eslint/typescript-estree": "8.57.2"
+        "@typescript-eslint/scope-manager": "8.58.0",
+        "@typescript-eslint/types": "8.58.0",
+        "@typescript-eslint/typescript-estree": "8.58.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -4561,17 +4561,17 @@
       },
       "peerDependencies": {
         "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.57.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.57.2.tgz",
-      "integrity": "sha512-zhahknjobV2FiD6Ee9iLbS7OV9zi10rG26odsQdfBO/hjSzUQbkIYgda+iNKK1zNiW2ey+Lf8MU5btN17V3dUw==",
+      "version": "8.58.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.58.0.tgz",
+      "integrity": "sha512-XJ9UD9+bbDo4a4epraTwG3TsNPeiB9aShrUneAVXy8q4LuwowN+qu89/6ByLMINqvIMeI9H9hOHQtg/ijrYXzQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.57.2",
+        "@typescript-eslint/types": "8.58.0",
         "eslint-visitor-keys": "^5.0.0"
       },
       "engines": {
@@ -15555,16 +15555,16 @@
       }
     },
     "node_modules/typescript-eslint": {
-      "version": "8.57.2",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.57.2.tgz",
-      "integrity": "sha512-VEPQ0iPgWO/sBaZOU1xo4nuNdODVOajPnTIbog2GKYr31nIlZ0fWPoCQgGfF3ETyBl1vn63F/p50Um9Z4J8O8A==",
+      "version": "8.58.0",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.58.0.tgz",
+      "integrity": "sha512-e2TQzKfaI85fO+F3QywtX+tCTsu/D3WW5LVU6nz8hTFKFZ8yBJ6mSYRpXqdR3mFjPWmO0eWsTa5f+UpAOe/FMA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.57.2",
-        "@typescript-eslint/parser": "8.57.2",
-        "@typescript-eslint/typescript-estree": "8.57.2",
-        "@typescript-eslint/utils": "8.57.2"
+        "@typescript-eslint/eslint-plugin": "8.58.0",
+        "@typescript-eslint/parser": "8.58.0",
+        "@typescript-eslint/typescript-estree": "8.58.0",
+        "@typescript-eslint/utils": "8.58.0"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -15575,7 +15575,7 @@
       },
       "peerDependencies": {
         "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
-        "typescript": ">=4.8.4 <6.0.0"
+        "typescript": ">=4.8.4 <6.1.0"
       }
     },
     "node_modules/typo-js": {
diff --git a/package.json b/package.json
index b95738195e..cb734aab0c 100644
--- a/package.json
+++ b/package.json
@@ -118,7 +118,7 @@
     "stylelint-value-no-unknown-custom-properties": "6.1.1",
     "svgo": "4.0.1",
     "typescript": "5.9.3",
-    "typescript-eslint": "8.57.2",
+    "typescript-eslint": "8.58.0",
     "vite-string-plugin": "2.0.2",
     "vitest": "4.1.2"
   },

From 2fc3144de4cc157b4f6bd4c7f79724d51effd277 Mon Sep 17 00:00:00 2001
From: famfo <famfo@famfo.xyz>
Date: Thu, 2 Apr 2026 23:57:13 +0200
Subject: [PATCH 618/854] chore: update github.com/go-ap/activitypub to 902f6cf
 (#11301)

Picks the update commit from https://codeberg.org/forgejo/forgejo/pulls/11200 and fixes the new incompatibilities.

I ran full end-to-end tests against Forgejo and basic end-to-end tests against GoToSocial which appear to be working.

Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11301
Reviewed-by: elle <0xllx0@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
---
 go.mod                                             |  4 ++--
 go.sum                                             | 10 ++++------
 modules/forgefed/activity_follow.go                |  4 ++--
 modules/forgefed/activity_follow_test.go           |  2 +-
 modules/forgefed/activity_like.go                  |  4 ++--
 modules/forgefed/activity_like_test.go             |  6 +++---
 modules/forgefed/activity_undo_like.go             |  8 ++++----
 modules/forgefed/activity_undo_like_test.go        |  4 ++--
 modules/forgefed/activity_user_activity.go         |  4 ++--
 modules/forgefed/activity_user_activity_test.go    |  9 +++------
 modules/forgefed/actor_person.go                   |  4 ++--
 modules/forgefed/actor_person_test.go              |  8 ++++----
 modules/forgefed/object_user_activity_note.go      |  9 +++------
 modules/forgefed/object_user_activity_note_test.go |  7 ++-----
 modules/validation/validatable.go                  |  2 ++
 routers/api/v1/activitypub/actor.go                |  2 +-
 routers/api/v1/activitypub/repository.go           |  2 +-
 services/convert/activitypub_person.go             |  6 +++---
 tests/integration/repo_star_federation_test.go     |  4 +++-
 19 files changed, 46 insertions(+), 53 deletions(-)

diff --git a/go.mod b/go.mod
index 7a09fe7bba..24de250644 100644
--- a/go.mod
+++ b/go.mod
@@ -43,7 +43,7 @@ require (
 	github.com/felixge/fgprof v0.9.5
 	github.com/fsnotify/fsnotify v1.9.0
 	github.com/gliderlabs/ssh v0.3.8
-	github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9
+	github.com/go-ap/activitypub v0.0.0-20260208110334-902f6cf8c2cc
 	github.com/go-ap/jsonld v0.0.0-20251216162253-e38fa664ea77
 	github.com/go-chi/chi/v5 v5.2.5
 	github.com/go-chi/cors v1.2.2
@@ -168,7 +168,7 @@ require (
 	github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43 // indirect
 	github.com/fatih/color v1.18.0 // indirect
 	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
-	github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7 // indirect
+	github.com/go-ap/errors v0.0.0-20260208110149-e1b309365966 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
diff --git a/go.sum b/go.sum
index fb74d8b500..11678e62ab 100644
--- a/go.sum
+++ b/go.sum
@@ -253,11 +253,10 @@ github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
 github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
-github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9 h1:j2TrkUG/NATGi/EQS+MvEoF79CxiRUmT16ErFroNcKI=
-github.com/go-ap/activitypub v0.0.0-20231114162308-e219254dc5c9/go.mod h1:cJ9Ye0ZNSMN7RzZDBRY3E+8M3Bpf/R1JX22Ir9yX6WI=
-github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7 h1:I2nuhyVI/48VXoRCCZR2hYBgnSXa+EuDJf/VyX06TC0=
-github.com/go-ap/errors v0.0.0-20231003111023-183eef4b31b7/go.mod h1:5x8a6P/dhmMGFxWLcyYlyOuJ2lRNaHGhRv+yu8BaTSI=
-github.com/go-ap/jsonld v0.0.0-20221030091449-f2a191312c73/go.mod h1:jyveZeGw5LaADntW+UEsMjl3IlIwk+DxlYNsbofQkGA=
+github.com/go-ap/activitypub v0.0.0-20260208110334-902f6cf8c2cc h1:yLe7YJhK+XNjNV4SqDxAjpWAgft+KU+XwKZS4AKEUV0=
+github.com/go-ap/activitypub v0.0.0-20260208110334-902f6cf8c2cc/go.mod h1:jUs8eczo1EAT4ByRpZ4mQmNvjarw9eNf7Nm5udpMRhY=
+github.com/go-ap/errors v0.0.0-20260208110149-e1b309365966 h1:tV+3kZgqFMKVUf+JPKBV400ISM8440+6y/SQCS0WZwQ=
+github.com/go-ap/errors v0.0.0-20260208110149-e1b309365966/go.mod h1:zkp58Q5yXpCxZbh3d0GDvwqiYclfVuHEHjc9SZKAj6I=
 github.com/go-ap/jsonld v0.0.0-20251216162253-e38fa664ea77 h1:yHAmoR6avNy84PlLmjHt1z9flAp2Qs2ens5QDE/CNWk=
 github.com/go-ap/jsonld v0.0.0-20251216162253-e38fa664ea77/go.mod h1:4h93IBxgfnE/DEleMLgJ/XCeu/RtQ+MUh3ucANseeXA=
 github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo=
@@ -664,7 +663,6 @@ github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
 github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/urfave/cli/v3 v3.8.0 h1:XqKPrm0q4P0q5JpoclYoCAv0/MIvH/jZ2umzuf8pNTI=
 github.com/urfave/cli/v3 v3.8.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
-github.com/valyala/fastjson v1.6.4/go.mod h1:CLCAqky6SMuOcxStkYQvblddUtoRxhYMGLrsQns1aXY=
 github.com/valyala/fastjson v1.6.10 h1:/yjJg8jaVQdYR3arGxPE2X5z89xrlhS0eGXdv+ADTh4=
 github.com/valyala/fastjson v1.6.10/go.mod h1:e6FubmQouUNP73jtMLmcbxS6ydWIpOfhz34TSfO3JaE=
 github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
diff --git a/modules/forgefed/activity_follow.go b/modules/forgefed/activity_follow.go
index 5cb45ca885..928321a00a 100644
--- a/modules/forgefed/activity_follow.go
+++ b/modules/forgefed/activity_follow.go
@@ -48,8 +48,8 @@ func (follow *ForgeFollow) UnmarshalJSON(data []byte) error {
 
 func (follow ForgeFollow) Validate() []string {
 	var result []string
-	result = append(result, validation.ValidateNotEmpty(string(follow.Type), "type")...)
-	result = append(result, validation.ValidateOneOf(string(follow.Type), []any{"Follow"}, "type")...)
+	result = append(result, validation.ValidateNotEmpty(follow.Type, "type")...)
+	result = append(result, validation.ValidateOneOf(follow.Type, []any{ap.FollowType}, "type")...)
 	result = append(result, validation.ValidateIDExists(follow.Actor, "actor")...)
 	result = append(result, validation.ValidateIDExists(follow.Object, "object")...)
 
diff --git a/modules/forgefed/activity_follow_test.go b/modules/forgefed/activity_follow_test.go
index 18fbef33aa..e0142a39f2 100644
--- a/modules/forgefed/activity_follow_test.go
+++ b/modules/forgefed/activity_follow_test.go
@@ -15,7 +15,7 @@ import (
 
 func Test_NewForgeFollowValidation(t *testing.T) {
 	sut := forgefed.ForgeFollow{}
-	sut.Type = "Follow"
+	sut.Type = ap.FollowType
 	sut.Actor = ap.IRI("example.org/alice")
 	sut.Object = ap.IRI("example.org/bob")
 
diff --git a/modules/forgefed/activity_like.go b/modules/forgefed/activity_like.go
index e52d0a9af6..7849aec568 100644
--- a/modules/forgefed/activity_like.go
+++ b/modules/forgefed/activity_like.go
@@ -44,8 +44,8 @@ func (like ForgeLike) IsNewer(compareTo time.Time) bool {
 
 func (like ForgeLike) Validate() []string {
 	var result []string
-	result = append(result, validation.ValidateNotEmpty(string(like.Type), "type")...)
-	result = append(result, validation.ValidateOneOf(string(like.Type), []any{"Like"}, "type")...)
+	result = append(result, validation.ValidateNotEmpty(like.Type, "type")...)
+	result = append(result, validation.ValidateOneOf(like.Type, []any{ap.LikeType}, "type")...)
 
 	if like.Actor == nil {
 		result = append(result, "Actor should not be nil.")
diff --git a/modules/forgefed/activity_like_test.go b/modules/forgefed/activity_like_test.go
index c0b565f4db..dc2d8efdc7 100644
--- a/modules/forgefed/activity_like_test.go
+++ b/modules/forgefed/activity_like_test.go
@@ -51,7 +51,7 @@ func Test_LikeMarshalJSON(t *testing.T) {
 			item: forgefed.ForgeLike{
 				Activity: ap.Activity{
 					Actor:  ap.IRI("https://repo.prod.meissa.de/api/v1/activitypub/user-id/1"),
-					Type:   "Like",
+					Type:   ap.LikeType,
 					Object: ap.IRI("https://codeberg.org/api/v1/activitypub/repository-id/1"),
 				},
 			},
@@ -80,7 +80,7 @@ func Test_LikeUnmarshalJSON(t *testing.T) {
 			item: []byte(`{"type":"Like","actor":"https://repo.prod.meissa.de/api/activitypub/user-id/1","object":"https://codeberg.org/api/activitypub/repository-id/1"}`),
 			want: &forgefed.ForgeLike{
 				Activity: ap.Activity{
-					Type:   "Like",
+					Type:   ap.LikeType,
 					Actor:  ap.IRI("https://repo.prod.meissa.de/api/activitypub/user-id/1"),
 					Object: ap.IRI("https://codeberg.org/api/activitypub/repository-id/1"),
 				},
@@ -124,7 +124,7 @@ func Test_ForgeLikeValidation(t *testing.T) {
 	validate := sut.Validate()
 	assert.Len(t, validate, 2)
 	assert.Equal(t,
-		"Field type contains the value , which is not in allowed subset [Like]",
+		"Field type contains the value <nil>, which is not in allowed subset [Like]",
 		validate[1])
 
 	sut.UnmarshalJSON([]byte(`{"type":"bad-type",
diff --git a/modules/forgefed/activity_undo_like.go b/modules/forgefed/activity_undo_like.go
index 8b7df582ad..eaf32ab09f 100644
--- a/modules/forgefed/activity_undo_like.go
+++ b/modules/forgefed/activity_undo_like.go
@@ -42,8 +42,8 @@ func (undo *ForgeUndoLike) UnmarshalJSON(data []byte) error {
 
 func (undo ForgeUndoLike) Validate() []string {
 	var result []string
-	result = append(result, validation.ValidateNotEmpty(string(undo.Type), "type")...)
-	result = append(result, validation.ValidateOneOf(string(undo.Type), []any{"Undo"}, "type")...)
+	result = append(result, validation.ValidateNotEmpty(undo.Type, "type")...)
+	result = append(result, validation.ValidateOneOf(undo.Type, []any{ap.UndoType}, "type")...)
 
 	if undo.Actor == nil {
 		result = append(result, "Actor should not be nil.")
@@ -61,8 +61,8 @@ func (undo ForgeUndoLike) Validate() []string {
 	} else if activity, ok := undo.Object.(*ap.Activity); !ok {
 		result = append(result, "object is not of type Activity")
 	} else {
-		result = append(result, validation.ValidateNotEmpty(string(activity.Type), "type")...)
-		result = append(result, validation.ValidateOneOf(string(activity.Type), []any{"Like"}, "type")...)
+		result = append(result, validation.ValidateNotEmpty(activity.Type, "type")...)
+		result = append(result, validation.ValidateOneOf(activity.Type, []any{ap.LikeType}, "type")...)
 
 		if activity.Actor == nil {
 			result = append(result, "Object.Actor should not be nil.")
diff --git a/modules/forgefed/activity_undo_like_test.go b/modules/forgefed/activity_undo_like_test.go
index 18db688c48..cbb309afc5 100644
--- a/modules/forgefed/activity_undo_like_test.go
+++ b/modules/forgefed/activity_undo_like_test.go
@@ -64,7 +64,7 @@ func Test_UndoLikeMarshalJSON(t *testing.T) {
 				Activity: ap.Activity{
 					StartTime: startTime,
 					Actor:     ap.IRI("https://repo.prod.meissa.de/api/v1/activitypub/user-id/1"),
-					Type:      "Undo",
+					Type:      ap.UndoType,
 					Object:    like,
 				},
 			},
@@ -117,7 +117,7 @@ func Test_UndoLikeUnmarshalJSON(t *testing.T) {
 				Activity: ap.Activity{
 					StartTime: startTime,
 					Actor:     ap.IRI("https://repo.prod.meissa.de/api/v1/activitypub/user-id/1"),
-					Type:      "Undo",
+					Type:      ap.UndoType,
 					Object:    like,
 				},
 			},
diff --git a/modules/forgefed/activity_user_activity.go b/modules/forgefed/activity_user_activity.go
index 82353245c9..69e7bc3ead 100644
--- a/modules/forgefed/activity_user_activity.go
+++ b/modules/forgefed/activity_user_activity.go
@@ -60,8 +60,8 @@ func NewForgeUserActivity(doer *user_model.User, actionID int64, content string)
 
 func (userActivity ForgeUserActivity) Validate() []string {
 	var result []string
-	result = append(result, validation.ValidateNotEmpty(string(userActivity.Type), "type")...)
-	result = append(result, validation.ValidateOneOf(string(userActivity.Type), []any{"Create"}, "type")...)
+	result = append(result, validation.ValidateNotEmpty(userActivity.Type, "type")...)
+	result = append(result, validation.ValidateOneOf(userActivity.Type, []any{ap.CreateType}, "type")...)
 	result = append(result, validation.ValidateIDExists(userActivity.Actor, "actor")...)
 
 	if len(userActivity.To) == 0 {
diff --git a/modules/forgefed/activity_user_activity_test.go b/modules/forgefed/activity_user_activity_test.go
index 49137c7ab4..106f0ac73c 100644
--- a/modules/forgefed/activity_user_activity_test.go
+++ b/modules/forgefed/activity_user_activity_test.go
@@ -15,17 +15,14 @@ import (
 
 func Test_ForgeUserActivityValidation(t *testing.T) {
 	note := forgefed.ForgeUserActivityNote{}
-	note.Type = "Note"
+	note.Type = ap.NoteType
 	note.Content = ap.NaturalLanguageValues{
-		{
-			Ref:   ap.NilLangRef,
-			Value: ap.Content("Any Content!"),
-		},
+		ap.NilLangRef: ap.Content("Any Content!"),
 	}
 	note.URL = ap.IRI("example.org/user-id/57")
 
 	sut := forgefed.ForgeUserActivity{}
-	sut.Type = "Create"
+	sut.Type = ap.CreateType
 	sut.Actor = ap.IRI("example.org/user-id/23")
 	sut.CC = ap.ItemCollection{
 		ap.IRI("example.org/registration/public#2nd"),
diff --git a/modules/forgefed/actor_person.go b/modules/forgefed/actor_person.go
index 72768f4815..cde2dea9ce 100644
--- a/modules/forgefed/actor_person.go
+++ b/modules/forgefed/actor_person.go
@@ -115,8 +115,8 @@ func (s *ForgePerson) UnmarshalJSON(data []byte) error {
 
 func (s ForgePerson) Validate() []string {
 	var result []string
-	result = append(result, validation.ValidateNotEmpty(string(s.Type), "Type")...)
-	result = append(result, validation.ValidateOneOf(string(s.Type), []any{string(ap.PersonType)}, "Type")...)
+	result = append(result, validation.ValidateNotEmpty(s.Type, "Type")...)
+	result = append(result, validation.ValidateOneOf(s.Type, []any{ap.PersonType}, "Type")...)
 	result = append(result, validation.ValidateNotEmpty(s.PreferredUsername.String(), "PreferredUsername")...)
 
 	return result
diff --git a/modules/forgefed/actor_person_test.go b/modules/forgefed/actor_person_test.go
index 82bd9fabc3..f673aabba1 100644
--- a/modules/forgefed/actor_person_test.go
+++ b/modules/forgefed/actor_person_test.go
@@ -194,9 +194,9 @@ func TestShouldThrowErrorOnInvalidInput(t *testing.T) {
 
 func Test_PersonMarshalJSON(t *testing.T) {
 	sut := forgefed.ForgePerson{}
-	sut.Type = "Person"
+	sut.Type = ap.PersonType
 	sut.PreferredUsername = ap.NaturalLanguageValuesNew()
-	sut.PreferredUsername.Set("en", ap.Content("MaxMuster"))
+	sut.PreferredUsername.Set(ap.English, ap.Content("MaxMuster"))
 	result, _ := sut.MarshalJSON()
 	assert.JSONEq(t, `{"type":"Person","preferredUsername":"MaxMuster"}`, string(result), "Expected string is not equal")
 }
@@ -204,9 +204,9 @@ func Test_PersonMarshalJSON(t *testing.T) {
 func Test_PersonUnmarshalJSON(t *testing.T) {
 	expected := &forgefed.ForgePerson{
 		Actor: ap.Actor{
-			Type: "Person",
+			Type: ap.PersonType,
 			PreferredUsername: ap.NaturalLanguageValues{
-				ap.LangRefValue{Ref: "en", Value: []byte("MaxMuster")},
+				ap.English: []byte("MaxMuster"),
 			},
 		},
 	}
diff --git a/modules/forgefed/object_user_activity_note.go b/modules/forgefed/object_user_activity_note.go
index 758c25aef8..b8e09ecf94 100644
--- a/modules/forgefed/object_user_activity_note.go
+++ b/modules/forgefed/object_user_activity_note.go
@@ -35,10 +35,7 @@ func newNote(doer *user_model.User, content, id string, published time.Time) (Fo
 	note.Type = ap.NoteType
 	note.AttributedTo = ap.IRI(doer.APActorID())
 	note.Content = ap.NaturalLanguageValues{
-		{
-			Ref:   ap.NilLangRef,
-			Value: ap.Content(content),
-		},
+		ap.NilLangRef: ap.Content(content),
 	}
 	note.ID = ap.IRI(id)
 	note.Published = published
@@ -59,8 +56,8 @@ func newNote(doer *user_model.User, content, id string, published time.Time) (Fo
 
 func (note ForgeUserActivityNote) Validate() []string {
 	var result []string
-	result = append(result, validation.ValidateNotEmpty(string(note.Type), "type")...)
-	result = append(result, validation.ValidateOneOf(string(note.Type), []any{"Note"}, "type")...)
+	result = append(result, validation.ValidateNotEmpty(note.Type, "type")...)
+	result = append(result, validation.ValidateOneOf(note.Type, []any{ap.NoteType}, "type")...)
 	result = append(result, validation.ValidateNotEmpty(note.Content.String(), "content")...)
 	result = append(result, validation.ValidateIDExists(note.URL, "url")...)
 
diff --git a/modules/forgefed/object_user_activity_note_test.go b/modules/forgefed/object_user_activity_note_test.go
index 4f790033bc..e559ce84f7 100644
--- a/modules/forgefed/object_user_activity_note_test.go
+++ b/modules/forgefed/object_user_activity_note_test.go
@@ -15,12 +15,9 @@ import (
 
 func Test_UserActivityNoteValidation(t *testing.T) {
 	sut := forgefed.ForgeUserActivityNote{}
-	sut.Type = "Note"
+	sut.Type = ap.NoteType
 	sut.Content = ap.NaturalLanguageValues{
-		{
-			Ref:   ap.NilLangRef,
-			Value: ap.Content("Any Content!"),
-		},
+		ap.NilLangRef: ap.Content("Any Content!"),
 	}
 	sut.URL = ap.IRI("example.org/user-id/57")
 
diff --git a/modules/validation/validatable.go b/modules/validation/validatable.go
index 1751e727f3..6c58a9148e 100644
--- a/modules/validation/validatable.go
+++ b/modules/validation/validatable.go
@@ -70,6 +70,8 @@ func ValidateNotEmpty(value any, name string) []string {
 		if v == 0 {
 			isValid = false
 		}
+	case ap.Typer:
+		isValid = len(value.(ap.Typer).AsTypes()) > 0
 	default:
 		isValid = false
 	}
diff --git a/routers/api/v1/activitypub/actor.go b/routers/api/v1/activitypub/actor.go
index f8b08e92c3..4bbeb7e7f2 100644
--- a/routers/api/v1/activitypub/actor.go
+++ b/routers/api/v1/activitypub/actor.go
@@ -32,7 +32,7 @@ func Actor(ctx *context.APIContext) {
 	actor := ap.ActorNew(ap.IRI(link), ap.ApplicationType)
 
 	actor.PreferredUsername = ap.NaturalLanguageValuesNew()
-	err := actor.PreferredUsername.Set("en", ap.Content("ghost"))
+	err := actor.PreferredUsername.Set(ap.NilLangRef, ap.Content("ghost"))
 	if err != nil {
 		ctx.ServerError("PreferredUsername.Set", err)
 		return
diff --git a/routers/api/v1/activitypub/repository.go b/routers/api/v1/activitypub/repository.go
index 178f4b246f..153719478f 100644
--- a/routers/api/v1/activitypub/repository.go
+++ b/routers/api/v1/activitypub/repository.go
@@ -45,7 +45,7 @@ func Repository(ctx *context.APIContext) {
 	repo.Outbox = ap.IRI(link + "/outbox")
 
 	repo.Name = ap.NaturalLanguageValuesNew()
-	err := repo.Name.Set("en", ap.Content(ctx.Repo.Repository.Name))
+	err := repo.Name.Set(ap.NilLangRef, ap.Content(ctx.Repo.Repository.Name))
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "Set Name", err)
 		return
diff --git a/services/convert/activitypub_person.go b/services/convert/activitypub_person.go
index 2c05f8c1c0..e4186cf30d 100644
--- a/services/convert/activitypub_person.go
+++ b/services/convert/activitypub_person.go
@@ -16,7 +16,7 @@ import (
 func ToActivityPubPersonFeedItem(item *activities.FederatedUserActivity) ap.Note {
 	return ap.Note{
 		AttributedTo: ap.IRI(item.ActorURI),
-		Content:      ap.NaturalLanguageValues{{Value: ap.Content(item.NoteContent), Ref: ap.NilLangRef}},
+		Content:      ap.NaturalLanguageValues{ap.NilLangRef: ap.Content(item.NoteContent)},
 		ID:           ap.IRI(item.NoteURL),
 		URL:          ap.IRI(item.OriginalNote),
 	}
@@ -27,13 +27,13 @@ func ToActivityPubPerson(ctx context.Context, user *user_model.User) (*ap.Person
 	person := ap.PersonNew(ap.IRI(link))
 
 	person.Name = ap.NaturalLanguageValuesNew()
-	err := person.Name.Set("en", ap.Content(user.FullName))
+	err := person.Name.Set(ap.NilLangRef, ap.Content(user.FullName))
 	if err != nil {
 		return nil, err
 	}
 
 	person.PreferredUsername = ap.NaturalLanguageValuesNew()
-	err = person.PreferredUsername.Set("en", ap.Content(user.Name))
+	err = person.PreferredUsername.Set(ap.NilLangRef, ap.Content(user.Name))
 	if err != nil {
 		return nil, err
 	}
diff --git a/tests/integration/repo_star_federation_test.go b/tests/integration/repo_star_federation_test.go
index d6f31ed246..3b5fc0d802 100644
--- a/tests/integration/repo_star_federation_test.go
+++ b/tests/integration/repo_star_federation_test.go
@@ -18,6 +18,8 @@ import (
 	"forgejo.org/modules/test"
 	"forgejo.org/modules/validation"
 	"forgejo.org/tests"
+
+	ap "github.com/go-ap/activitypub"
 )
 
 func TestActivityPubRepoFollowing(t *testing.T) {
@@ -69,7 +71,7 @@ func TestActivityPubRepoFollowing(t *testing.T) {
 		}
 		activityType := like.Type
 		object := like.Object.GetLink().String()
-		isLikeType := activityType == "Like"
+		isLikeType := activityType == ap.LikeType
 		isCorrectObject := strings.HasSuffix(object, "/api/v1/activitypub/repository-id/1")
 		if !isLikeType || !isCorrectObject {
 			t.Error("Activity is not a like for this repo")

From 728936ccd90cc87a9a59de02a2ed6f40f4f6a014 Mon Sep 17 00:00:00 2001
From: Codeberg Translate <translate@codeberg.org>
Date: Fri, 3 Apr 2026 10:28:39 +0000
Subject: [PATCH 619/854] i18n: update of translations from Codeberg Translate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: AndreiSerban <andreiserban@noreply.codeberg.org>
Co-authored-by: AshyPinguin <ashypinguin@noreply.codeberg.org>
Co-authored-by: Benedikt Straub <benedikt-straub@web.de>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Co-authored-by: Fjuro <fjuro@noreply.codeberg.org>
Co-authored-by: Languages add-on <noreply-addon-languages@weblate.org>
Co-authored-by: Lzebulon <lzebulon@noreply.codeberg.org>
Co-authored-by: SomeTr <sometr@noreply.codeberg.org>
Co-authored-by: Wuzzy <wuzzy@disroot.org>
Co-authored-by: Yago Raña Gayoso <yago.rana.gayoso@gmail.com>
Co-authored-by: bittin <bittin@noreply.codeberg.org>
Co-authored-by: dyniec <dyniec@noreply.codeberg.org>
Co-authored-by: hanklank <hanklank@noreply.codeberg.org>
Co-authored-by: justbispo <justbispo@noreply.codeberg.org>
Co-authored-by: krisfremen <krisfremen@noreply.codeberg.org>
Co-authored-by: mahlzahn <mahlzahn@posteo.de>
Co-authored-by: main_void <main_void@noreply.codeberg.org>
Co-authored-by: markinosags <markinosags@noreply.codeberg.org>
Co-authored-by: sindrenm <sindrenm@noreply.codeberg.org>
Co-authored-by: vitoravelino <vitoravelino@noreply.codeberg.org>
Co-authored-by: vmtj <vmtj@noreply.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Co-authored-by: yeager <yeager@noreply.codeberg.org>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/mk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/nb_NO/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ro/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/zh_Hans/
Translation: Forgejo/forgejo
Translation: Forgejo/forgejo-next
---
 options/locale/locale_ca.ini          | 359 +++++++++++++++++++++++++-
 options/locale/locale_cs-CZ.ini       |   2 +-
 options/locale/locale_de-DE.ini       |   2 +-
 options/locale/locale_es-ES.ini       |  16 +-
 options/locale/locale_mk.ini          |  14 +
 options/locale/locale_nb_NO.ini       |  18 +-
 options/locale/locale_nds.ini         |   2 +-
 options/locale/locale_ro.ini          | 209 ++++++++++++++-
 options/locale/locale_ru-RU.ini       |   2 +-
 options/locale/locale_sv-SE.ini       | 240 ++++++++---------
 options/locale/locale_uk-UA.ini       |   6 +-
 options/locale/locale_zh-CN.ini       |  14 +-
 options/locale_next/locale_cs-CZ.json |  23 +-
 options/locale_next/locale_de-DE.json |  28 +-
 options/locale_next/locale_es-ES.json |   4 +-
 options/locale_next/locale_fr-FR.json |  26 +-
 options/locale_next/locale_mk.json    |   1 +
 options/locale_next/locale_nds.json   |   6 +-
 options/locale_next/locale_nl-NL.json |  11 +-
 options/locale_next/locale_pl-PL.json |  21 +-
 options/locale_next/locale_pt-BR.json |  17 +-
 options/locale_next/locale_pt-PT.json |   5 +-
 options/locale_next/locale_ru-RU.json |  29 ++-
 options/locale_next/locale_sv-SE.json |  14 +-
 options/locale_next/locale_uk-UA.json |   6 +-
 options/locale_next/locale_zh-CN.json |  25 +-
 26 files changed, 922 insertions(+), 178 deletions(-)
 create mode 100644 options/locale/locale_mk.ini
 create mode 100644 options/locale_next/locale_mk.json

diff --git a/options/locale/locale_ca.ini b/options/locale/locale_ca.ini
index e6f3cac5e2..3342aab4a5 100644
--- a/options/locale/locale_ca.ini
+++ b/options/locale/locale_ca.ini
@@ -246,25 +246,25 @@ admin_password = Contrasenya
 err_empty_admin_password = La contrasenya de l'administrador no por ser buida.
 ssh_port = Por del servidor SSH
 disable_gravatar = Deshabilitar Gravatar
-disable_registration = Deshabilitar l'auto-registre
+disable_registration = Deshabilita l'auto-registre
 openid_signin = Habilita l'inici de sessió amb OpenID
 enable_captcha = Habilita el CAPTCHA al registre
-default_keep_email_private = Amaga les direccions de correu per defecte
+default_keep_email_private = Amaga les adreces de correu, per defecte
 app_slogan = Eslogan de la instància
 app_slogan_helper = Escriu l'eslogan de la teva instància aquí. Deixa buit per deshabilitar.
-repo_path = Ruta de l'arrel del repositori
+repo_path = Camí arrel del repositori
 log_root_path_helper = Els arxius dels registres es s'escriuran en aquest directori.
 optional_title = Configuracions opcionals
 host = Amfitrió
 lfs_path = Ruta arreal de Git LFS
-run_user = Executar com a usuari
+run_user = Executa com a usuari
 domain_helper = Domini o adreça de l'hosta per al servidor.
 http_port = Port d'escolta HTTP
 app_url_helper = Adreces base per a clonació HTTP(S) i notificacions per correu.
 log_root_path = Ruta dels registres
 smtp_from_invalid = L'adreça d'"Enviar correu com a" és invalida
 smtp_from_helper = L'adreça de correu que Forgejo utilitzarà. Entri el correu en pla o en format "Nom" <correu@example.com>.
-register_confirm = Requereix confirmació de correu per a registrar-se
+register_confirm = Requereix una confirmació de correu per a registrar-se
 disable_gravatar.description = Deshabilitar l'ús de Gravatar o d'altres serveis d'avatars de tercers. S'utilitzaran imatges per defecte per als avatars dels uauris fins que pujin el seu propi a la instància.
 federated_avatar_lookup.description = Cerca d'avatars amb Libravatar.
 allow_only_external_registration = Permet el registre només amb serveis externs
@@ -272,8 +272,8 @@ allow_only_external_registration.description = Els usuaris nomes podràn crear n
 enable_captcha.description = Requereix als usuaris passar el CAPTCHA per a poder-se crear comptes.
 require_sign_in_view = Requereix inciar sessió per a veure el contingut de la instància
 default_keep_email_private.description = Habilita l'ocultament de les direccions de correu per a nous usuaris per defecte, amb tal que aquesta informació no sigui filtrada immediatament despres de registrar-se.
-default_allow_create_organization = Per defecte permet crear organitzacions
-default_enable_timetracking = Per defecta habilita el seguiment de temps
+default_allow_create_organization = Permet crear organitzacions, per defecte
+default_enable_timetracking = Habilita el seguiment de temps, per defecte
 default_enable_timetracking.description = Per defecte activa el de seguiment de temps als nous repositoris.
 admin_name = Nom d'usuari de l'administrador
 install_btn_confirm = Instaŀlar Forgejo
@@ -287,7 +287,7 @@ env_config_keys = configuració de l'entorn
 db_type = Tipus de base de dades
 lfs_path_helper = Els arxius seguits per Git LFS es desaran en aquest directory. Deixa buit per deshabilitar.
 http_port_helper = Numero de port que utilitzarà el servidor web de Forgejo.
-repo_path_helper = Els repositoris Git remotes es desaran en aquest diectori.
+repo_path_helper = Els repositoris Git remots es desaran en aquest directori.
 run_user_helper = El nom d'usuari del sistema operatiu sota el que Forgejo s'executa. Notis que aquest usuari ha de tenir accés a la ruta arrel del repositori.
 ssh_port_helper = Numero del port que utilitzarà el servidor SSH. Deixa buit per deshablitar el servidor SSH.
 require_sign_in_view.description = Limita l'accès al contingut per als usuaris connectats. Els visitatnts només podran veure les pàgines d'autenticació.
@@ -948,7 +948,7 @@ settings.basic_settings = Configuració bàsica
 settings.event_issues = Modificació
 settings.web_hook_name_msteams = Microsoft Teams
 settings.tracker_issue_style.numeric = Numèric
-settings.allow_only_contributors_to_track_time = Permet només als contribuidors fer un seguiment del temps
+settings.allow_only_contributors_to_track_time = Fes que només els contribuïdors puguin fer un seguiment de temps
 settings.admin_stats_indexer = Indexador d'estadístiques del codi
 settings.admin_code_indexer = Indexador del codi
 issue_labels = Etiquetes
@@ -2189,8 +2189,8 @@ settings.use_external_wiki = Usar una wiki externa
 settings.external_wiki_url = URL de la wiki externa
 settings.external_wiki_url_error = L'URL de la wiki externa no és vàlida.
 settings.external_wiki_url_desc = Els visitants es redirigiran a l'URL de la wiki externa quan facin clic a la pestanya wiki.
-settings.enable_timetracker = Activar el seguiment de temps
-settings.pulls_desc = Activar les «pull requests» del repositori
+settings.enable_timetracker = Habilita el seguiment de temps
+settings.pulls_desc = Activa les «pull requests» del repositori
 settings.pulls.enable_autodetect_manual_merge = Activar la detecció automàtica de les fusions manuals (Nota: En alguns casos, la detecció es pot equivocar)
 settings.projects_desc = Activar els projectes del repositori
 settings.actions_desc = Activar la «pipeline» CI/CD integrada amb Forgejo Actions
@@ -2609,6 +2609,8 @@ settings.web_hook_name_larksuite_only = Lark Suite
 settings.web_hook_name_wechatwork = WeCom (Wechat Work)
 settings.lfs_pointers.found = S'ha trobat %d punters de blob - %d associats, %d no associats (%d no són a l'emmagatzematge)
 settings.lfs_pointers.associateAccessible = Associar %d OIDs accessibles
+settings.matrix.access_token_helper = Es recomana muntar un compte de Matrix dedicat per això. El testimoni d'accés el podeu trobar al client web Element (en una pestanya privada/d'incògnit) > User menu (cantó superior esquerre) > All settings > Help & About > Advanced > Access Token (sota de l'URL del homeserver). Tanqueu la pestanya privada/d'incògnit (tancar la sessió invalidaria el testimoni).
+settings.matrix.room_id_helper = L'ID de sala el podeu trobar al client web Element > Room Settings > Advanced > Internal room ID. Per exemple: %s.
 
 [user]
 unblock = Desbloquejar
@@ -2852,6 +2854,341 @@ dashboard.operations = Operacions de manteniment
 dashboard.system_status = Estat del sistema
 dashboard.operation_name = Nom d'operació
 dashboard.clean_unbind_oauth = Neteja les connexions OAuth desenllaçades
+dashboard.operation_run = Executar
+dashboard.clean_unbind_oauth_success = S'han eliminat totes les connexions OAuth desenllaçades.
+dashboard.task.started = Tasca iniciada: %[1]s
+dashboard.task.process = Tasca: %[1]s
+dashboard.task.cancelled = Tasca: %[1]s cancel·lada: %[3]s
+dashboard.task.error = Error en la tasca: %[1]s: %[3]s
+dashboard.task.finished = Tasca: %[1] iniciada per %[2s] ha finalitzat
+dashboard.task.unknown = Tasca desconeguda: %[1]s
+dashboard.cron.started = Cron iniciat: %[1]s
+dashboard.cron.cancelled = Cron: %[1]s cancel·lat: %[3]s
+dashboard.cron.error = Error amb Cron: %s: %[3]s
+dashboard.sync_repo_branches = La sincronització ha ignorat branques de les dades Git a la base de dades
+dashboard.check_repo_stats = Comprovar totes les estadístiques del repositori
+dashboard.deleted_branches_cleanup = Netejar branques eliminades
+dashboard.update_migration_poster_id =Actualitza les ID de l'autor de migració
+dashboard.git_gc_repos = Recull la brossa de tots els repositoris
+dashboard.resync_all_sshkeys = Actualitzar el fitxer ".ssh/authorized_keys" amb les claus SSH de Forgejo.
+dashboard.resync_all_sshprincipals = Actualitzar el fitxer ".ssh/authorized_principals" amb els principals SSH de Forgejo.
+dashboard.resync_all_hooks = Resincronitzar els ganxos Git de tots els repositoris (pre-receive, update, post-receive, proc-receive, …)
+dashboard.reinit_missing_repos = Reinicialitza tots els repositoris Git que falten i que tenen registres
+dashboard.sync_external_users = Sincronitzar dades d'usuari externes
+dashboard.cleanup_hook_task_table = Netejar la taula hook_task
+dashboard.cleanup_packages = Netejar paquets caducats
+dashboard.cleanup_actions = Netejar registres i artefactes d'accions caducats
+dashboard.server_uptime = Temps de funcionament del servidor
+dashboard.current_goroutine = Goroutines actuals
+dashboard.current_memory_usage = Ús de memòria actual
+dashboard.total_memory_allocated = Total de memòria adjudicada
+dashboard.memory_obtained = Memòria rebuda
+dashboard.pointer_lookup_times = Temps de consulta dels punters
+dashboard.memory_free_times = Alliberaments de memòria
+dashboard.current_heap_usage = Ús del heap actual
+dashboard.heap_memory_obtained = Memòria de heap rebuda
+dashboard.heap_memory_idle = Memòria del heap en repòs
+dashboard.heap_memory_in_use = Memòria del heap en ús
+dashboard.heap_memory_released = Memòria del heap alliberada
+dashboard.heap_objects = Objectes del heap
+dashboard.bootstrap_stack_usage = Ús de l'arrancada de la pila (stack)
+dashboard.stack_memory_obtained = Memòria de la pila (stack) rebuda
+dashboard.mspan_structures_usage = Ús de les estructures MSpan
+dashboard.mspan_structures_obtained = Estructures MSpan rebudes
+dashboard.mcache_structures_usage = Ús de les estructures MCache
+dashboard.mcache_structures_obtained = Estructures MCache rebudes
+dashboard.gc_metadata_obtained = Metadades del GC rebudes
+dashboard.next_gc_recycle = Proper cicle de GC
+dashboard.last_gc_time = Temps des del darrer GC
+dashboard.total_gc_pause = Pausa total de GC
+dashboard.last_gc_pause = Darrera pausa de GC
+dashboard.delete_old_actions = Eliminar totes les activitats antigues de la base de dades
+dashboard.delete_old_actions.started = Eliminar totes les activitats antigues des que s'ha iniciat la base de dades.
+dashboard.delete_old_system_notices = Eliminar totes les notificacions de sistema antigues de la base de dades
+dashboard.gc_lfs = Recull la brossa d'objectes meta LFS
+dashboard.stop_zombie_tasks = Aturar tasques d'accions zombi
+dashboard.stop_endless_tasks = Aturar tasques d'accions infinites
+dashboard.cancel_abandoned_jobs = Cancel·lar feines d'accions abandonades
+dashboard.sync_branch.started = S'ha iniciat la sincronització de branca
+dashboard.sync_tag.started = S'ha iniciat la sincronització d'etiquetes
+dashboard.cron.process = Cron: %[1]s
+notices = Notificacions del sistema
+dashboard.rebuild_issue_indexer = Reconstruir l'indexador d'incidències
+users.user_manage_panel = Gestionar comptes d'usuari
+users.new_account = Crear compte d'usuari
+users.restricted = Restringit
+users.reserved = Reservat
+users.bot = Bot
+users.remote = Remot
+users.repos = Repos
+users.created = Creats
+users.last_login = Darrer inici de sessió
+users.never_login = Mai ha iniciat sessió
+users.send_register_notify = Notificar sobre el registre per correu
+users.new_success = S'ha creat l'usuari "%s".
+users.edit = Editar
+users.auth_source = Font d'autenticació
+users.local = Local
+users.auth_login_name = Nom d'autenticació de sessió
+users.password_helper = Deixeu la contrasenya buida si no la voleu canviar.
+users.update_profile_success = S'ha actualitzat el compte d'usuari.
+users.edit_account = Editar compte d'usuari
+users.max_repo_creation = Nombre màxim de repositoris
+users.max_repo_creation_desc = (Introduïu -1 per usar el límit global predeterminat.)
+users.is_activated = Compte actiu
+users.activated.description = Completar la verificació per correu. L'usuari d'un compte inactiu no podrà iniciar-hi sessió fins que n'hagi verificat el correu.
+users.prohibit_login = Compte suspès
+users.block.description = Fa que l'usuari no pugui interactuar amb aquest servei a través del seu compte i en prohibeix l'inici de sessió.
+users.is_admin = Compte d'administrador
+users.admin.description = Dona accés complet a totes les funcions d'administració a través de la interfície web i l'API.
+users.is_restricted = Compte restringit
+users.restricted.description = Només permet interactuar amb repositoris i organitzacions quan l'usuari n'és col·laborador. Això no permet l'accés als repositoris públics d'aquesta instància.
+users.allow_git_hook = Pot crear ganxos Git
+users.allow_git_hook_tooltip = Els ganxos Git s'executen com a l'usuari del sistema operatiu on corre Forgejo, i tenen el mateix nivell d'accés a l'amfitrió. Per tant, els usuaris amb aquest privilegi especial poden accedir i modificar tots els repositoris de Forgejo, així com la base de dades que fa servir Forgejo. Això també els permet obtenir privilegis d'administrador a Forgejo.
+users.allow_import_local = Pot importar repositoris locals
+users.local_import.description = Permet la importació de repositoris des del sistema de fitxers local del servidor. Això pot ser un problema de seguretat.
+users.allow_create_organization = Pot crear organitzacions
+users.organization_creation.description = Permet crear noves organitzacions.
+users.update_profile = Actualitzar compte d'usuari
+users.delete_account = Eliminar compte d'usuari
+users.cannot_delete_self = No podeu eliminar-vos vós mateix
+users.still_own_repo = Aquest usuari encara té un o més repositoris. Elimineu-los o transferiu-los abans.
+users.still_has_org = Aquest usuari és membre d'una organització. Elimineu-lo de totes les organitzacions abans.
+users.purge = Purgar usuari
+users.purge_help = Elimina forçosament l'usuari i tots els seus repositoris, organitzacions i paquets. També s'eliminaran tots els seus comentaris i incidències.
+users.still_own_packages = Aquest usuari encara té un o més paquets. Elimineu-los abans.
+users.deletion_success = S'ha eliminat l'usuari.
+users.list_status_filter.menu_text = Filtrar
+users.list_status_filter.reset = Restaurar
+users.list_status_filter.is_active = Actiu
+users.list_status_filter.not_active = Inactiu
+users.list_status_filter.not_admin = No administrador
+users.list_status_filter.is_restricted = Restringit
+users.list_status_filter.not_restricted = No restringit
+users.list_status_filter.is_prohibit_login = Inici de sessió prohibit
+users.list_status_filter.not_prohibit_login = Inici de sessió permès
+users.details = Detalls d'usuari
+emails.email_manage_panel = Gestionar correus d'usuari
+emails.primary = Principal
+emails.filter_sort.email_reverse = Correu (invers)
+emails.filter_sort.name_reverse = Nom d'usuari (invers)
+emails.updated = Correu actualitzat
+emails.not_updated = No s'ha pogut actualitzar l'adreça de correu: %v
+emails.duplicate_active = Aquesta adreça de correu ja pertany a un altre usuari.
+emails.change_email_header = Actualitzar propietats del correu
+emails.change_email_text = Esteu segur que voleu modificar aquesta adreça de correu?
+emails.delete = Eliminar adreça de correu
+emails.delete_desc = Esteu segur que voleu eliminar aquesta adreça de correu?
+emails.deletion_success = S'ha eliminat l'adreça de correu.
+emails.delete_primary_email_error = No podeu eliminar l'adreça de correu principal.
+orgs.org_manage_panel = Gestionar organitzacions
+repos.repo_manage_panel = Gestionar repositoris
+repos.unadopted = Repositoris no-adoptats
+repos.unadopted.no_more = No s'han trobat repositoris no-adoptats.
+repos.owner = Propietari
+repos.lfs_size = Mida LFS
+packages.package_manage_panel = Gestionar paquets
+packages.total_size = Mida total: %s
+packages.unreferenced_size = Mida sense referenciar: %s
+packages.cleanup = Netejar les dades caducades
+packages.cleanup.success = S'han netejat les dades caducades satisfactòriament
+packages.owner = Propietari
+packages.creator = Creador
+packages.published = Publicat
+defaulthooks = Webhooks predeterminats
+defaulthooks.desc = Els webhooks fan una petició automàtica HTTP POST a un servidor quan s'activen alguns esdeveniments de Forgejo. Els webhooks definits aquí són predeterminats i es copiaran a tots els nous repositoris. Llegiu-ne més en la <a target="_blank" rel="noopener" href="%s">guia de webhooks</a>.
+defaulthooks.add_webhook = Afegir webhook per defecte
+defaulthooks.update_webhook = Actualitzar webhook per defecte
+systemhooks = Webhooks del sistema
+systemhooks.desc = Els webhooks fan una petició automàtica HTTP POST a un servidor quan s'activen alguns esdeveniments de Forgejo. Els webhooks definits aquí s'aplicaran a tots els repositoris del sistema, així que considereu l'impacte que poden tenir en el rendiment. Llegiu-ne més en la <a target="_blank" rel="noopener" href="%s">guia de webhooks</a>.
+systemhooks.add_webhook = Afegir webhook de sistema
+systemhooks.update_webhook = Actualitzar webhook de sistema
+auths.auth_manage_panel = Gestionar fonts d'autenticació
+auths.new = Afegir font d'autenticació
+auths.syncenabled = Activar la sincronització d'usuaris
+auths.updated = Actualitzat
+auths.auth_type = Tipus d'autenticació
+auths.auth_name = Nom d'autenticació
+auths.security_protocol = Protocol de seguretat
+auths.attribute_username = Atribut de nom d'usuari
+auths.attribute_username_placeholder = Deixeu-ho buit per usar el nom d'usuari de Forgejo.
+auths.attribute_name = Atribut de nom
+auths.attribute_surname = Atribut de cognom
+auths.attribute_mail = Atribut de correu electrònic
+auths.attribute_ssh_public_key = Atribut de clau pública SSH
+auths.attribute_avatar = Atribut d'avatar
+auths.use_paged_search = Usar cerca en pàgines
+auths.search_page_size = Mida de pàgina
+auths.filter = Filtre d'usuari
+auths.admin_filter = Filtre d'administrador
+auths.restricted_filter = Filtre restringit
+auths.restricted_filter_helper = Deixeu-ho buit per no marcar cap usuari com a restringit. Useu un asterisc ("*") per marcar tots els usuaris que no coincideixin amb el Filtre d'administrador com a restringits.
+auths.verify_group_membership = Verificar l'adhesió de grup a LDAP (deixeu el filtre buit per ignorar-ho)
+auths.enable_ldap_groups = Activar grups LDAP
+auths.smtp_auth = Tipus d'autenticació SMTP
+auths.smtphost = Amfitrió SMTP
+auths.smtpport = Port SMTP
+auths.allowed_domains = Dominis permesos
+auths.allowed_domains_helper = Deixeu-ho buit per permetre tots els dominis. Separeu múltiples dominis amb una coma (",").
+auths.skip_tls_verify = Salta't la verificació TLS
+auths.force_smtps = Força l'SMTPS
+auths.force_smtps_helper = L'SMTPS sempre usa el port 465. Indiqueu això per forçar l'SMTPS en un altre port. (Sinó s'usarà l'STARTTLS en altres ports, sempre que l'amfitrió ho suporti.)
+auths.pam_service_name = Nom de servei PAM
+auths.pam_email_domain = Domini de correu PAM (opcional)
+auths.oauth2_provider = Proveïdor OAuth2
+auths.oauth2_icon_url = URL d'icona
+auths.oauth2_clientID = ID de client (clau)
+auths.oauth2_clientSecret = Secret de client
+auths.openIdConnectAutoDiscoveryURL = URL d'OpenID Connect Auto Discovery
+auths.oauth2_use_custom_url = Usar URL personalitzades enlloc d'URL predeterminades
+auths.oauth2_tokenURL = URL de testimoni (token)
+auths.oauth2_authURL = URL d'autorització
+auths.oauth2_profileURL = URL de perfil
+auths.oauth2_emailURL = URL de correu
+auths.edit = Editar font d'autenticació
+auths.activated = S'ha activat aquesta font d'autenticació
+auths.new_success = S'ha afegit l'autenticació "%s".
+auths.update_success = S'ha actualitzat la font d'autenticació.
+auths.update = Actualitzar font d'autenticació
+auths.delete = Eliminar font d'autenticació
+auths.delete_auth_title = Eliminar font d'autenticació
+auths.delete_auth_desc = Eliminar una font d'autenticació fa que els usuaris que en fan ús no puguin iniciar sessió. Continuar?
+auths.still_in_used = Aquesta font d'autenticació encara s'utilitza. Convertiu o elimineu els usuaris que en fan ús abans.
+auths.deletion_success = S'ha eliminat la font d'autenticació.
+auths.login_source_exist = La font d'autenticació "%s" ja existeix.
+config.server_config = Configuració de servidor
+config.app_name = Títol de la instància
+config.app_slogan = Eslògan de la instància
+config.app_ver = Versió de Forgejo
+config.app_url = URL base
+config.custom_conf = Camí al fitxer de configuració
+config.domain = Domini del servidor
+config.offline_mode = Mode local
+config.git_version = Versió de Git
+config.ssh_config = Configuració SSH
+config.run_user = Executa com a usuari
+auths.tips.oauth2.general = Autenticació OAuth2
+auths.tips.oauth2.general.tip = Quan registreu una nova autenticació OAuth2, l'URL de crida/redirecció serà:
+auths.tip.oauth2_provider = Proveïdor OAuth2
+auths.tip.bitbucket = Registreu un nou consumidor OAuth2 a %s i afegiu els permisos "Compte" - "Lectura"
+auths.tip.nextcloud = Registreu un nou consumidor OAuth en la vostra instància amb el menú "Configuració -> Seguretat -> Client OAuth 2.0"
+auths.tip.dropbox = Crea una nova aplicació a %s
+auths.tip.facebook = Registreu una nova aplicació a %s i afegiu el producte "Facebook Login"
+config.repo_root_path = Camí arrel del repositori
+auths.bind_dn = DN bind
+auths.bind_password = Contrasenya bind
+auths.user_base = Base de cerca d'usuari
+auths.user_dn = DN d'usuari
+auths.attributes_in_bind = Recupera els atributs del context bind DN
+auths.default_domain_name = Nom de domini per defecte usat per l'adreça de correu
+auths.allow_deactivate_all = Permet que un resultat de cerca buit desactivi tots els usuaris
+auths.oauth2_required_claim_value_helper = Assigneu aquest valor per restringir l'inici de sessió des d'aquesta font als usuaris que declarin aquest nom i valor
+auths.tip.mastodon = Introduïu l'URL a una instància diferent de Mastodon amb la que voleu autenticar-vos (o bé useu la instància per defecte)
+auths.unable_to_initialize_openid = No s'ha pogut inicialitzar el proveïdor d'OpenID Connect: %s
+auths.invalid_openIdConnectAutoDiscoveryURL = URL d'Auto Discovery invàlida (ha de ser una URL vàlida començant amb http:// o https://)
+config.custom_file_root_path = Camí arrel dels fitxers personalitzada
+config.disable_router_log = Desactiva els registres de l'encaminador
+config.run_mode = Mode d'execució
+config.app_data_path = Camí a les dades d'aplicació
+config.log_file_root_path = Camí de registres
+config.script_type = Tipus d'script
+config.reverse_auth_user = Usuari d'autenticació al servidor intermediari revers
+config.ssh_start_builtin_server = Usa el servidor integrat
+config.ssh_domain = Domini del servidor SSH
+config.ssh_listen_port = Port d'escolta
+config.ssh_root_path = Camí arrel
+config.ssh_key_test_path = Camí al test de clau
+config.ssh_keygen_path = Camí keygen ("ssh-keygen")
+config.ssh_minimum_key_size_check = Comprovació mínima de la mida de clau
+config.ssh_minimum_key_sizes = Mides mínimes de clau
+config.lfs_config = Configuració LFS
+config.lfs_content_path = Camí de contingut LFS
+config.lfs_http_auth_expiry = Temps de caducitat d'autenticació HTTP de l'LFS
+config.db_config = Configuració de la base de dades
+config.service_config = Configuració del servei
+config.register_email_confirm = Requereix una confirmació de correu per a registrar-se
+config.disable_register = Deshabilita l'auto-registre
+config.allow_only_internal_registration = Permet el registre només a través de Forgejo
+config.allow_only_external_registration = Permet el registre només a través de serveis externs
+config.enable_openid_signup = Habilita l'auto-registre amb OpenID
+config.enable_openid_signin = Habilita l'inici de sessió amb OpenID
+config.show_registration_button = Mostra el botó de registre
+config.require_sign_in_view = Requereix iniciar sessió per veure el contingut
+config.mail_notify = Habilita les notificacions per correu
+config.enable_captcha = Habilita el CAPTCHA
+config.active_code_lives = Temps de caducitat del codi d'activació
+config.reset_password_code_lives = Temps de caducitat del codi de recuperació
+config.default_keep_email_private = Amaga les adreces de correu, per defecte
+config.default_allow_create_organization = Permet crear organitzacions, per defecte
+config.enable_timetracking = Habilita el seguiment de temps
+config.default_enable_timetracking = Habilita el seguiment de temps, per defecte
+config.allow_dots_in_usernames = Permet que el usuaris utilitzin punts en el nom d'usuari. Això no afecta als comptes que ja existeixen.
+config.default_allow_only_contributors_to_track_time = Fes que només els contribuïdors puguin fer un seguiment de temps
+config.no_reply_address = Domini del correu ocult
+config.default_visibility_organization = Visibilitat per defecte de les noves organitzacions
+config.default_enable_dependencies = Habilita les dependències d'incidències, per defecte
+config.webhook_config = Configuració dels Webhooks
+config.queue_length = Longitud de la cua
+config.deliver_timeout = Temps d'espera d'entrega
+config.skip_tls_verify = Salta't la verificació TLS
+config.mailer_config = Configuració del remitent
+config.mailer_enable_helo = Habilita HELO
+config.mailer_protocol = Protocol
+config.mailer_smtp_addr = Amfitrió SMTP
+config.mailer_smtp_port = Port SMTP
+config.mailer_user = Usuari
+config.mailer_use_sendmail = Usa Sendmail
+config.mailer_sendmail_path = Camí de Sendmail
+config.mailer_sendmail_args = Arguments extra per Sendmail
+config.mailer_sendmail_timeout = Temps d'espera per Sendmail
+config.test_email_placeholder = Correu electrònic (ex. test@example.com)
+config.send_test_mail = Envia un correu de prova
+config.send_test_mail_submit = Envia
+config.test_mail_failed = No s'ha pogut enviar el correu de prova a "%s": %v
+config.test_mail_sent = S'ha enviat un correu de prova a "%s".
+config.cache_config =
+config.cache_adapter =Adaptador de la memòria cau
+config.cache_interval =Interval de la memòria cau
+config.cache_conn =Connexió de la memòria cau
+config.cache_item_ttl = TTL dels ítems de la memòria cau
+config.cache_test = Prova la memòria cau
+config.cache_test_failed = No s'ha pogut examinar la memòria cau: %v.
+config.cache_test_slow = La memòria cau s'ha provat correctament, però la resposta és lenta: %s.
+config.cache_test_succeeded = La memòria cau s'ha provat correctament, s'ha rebut una resposta en %s.
+config.session_config = Configuració de la sessió
+config.session_provider = Proveïdor de la sessió
+config.provider_config = Configuració del proveïdor
+config.cookie_name = Nom de la galeta
+config.gc_interval_time = Interval de temps del GC
+config.session_life_time = Temps de vida de la sessió
+config.https_only = Només HTTPS
+config.picture_config = Configuració d'imatge i avatar
+config.disable_gravatar = Deshabilita Gravatar
+config.enable_federated_avatar = Habilita els avatars federats
+dashboard.operation_switch = Intercanvia
+users.2fa = A2F
+users.reset_2fa = Restableix l'A2F
+users.list_status_filter.is_2fa_enabled = A2F activada
+users.list_status_filter.not_2fa_enabled = A2F desactivada
+auths.group_search_base = DN base de cerca de grup
+auths.group_attribute_list_users = Atribut de grup amb la llista d'usuaris
+auths.user_attribute_in_group = Atribut d'usuari llistat en el grup
+auths.map_group_to_team = Assigna els grups LDAP a equips d'organització (deixeu-ho buit per saltar-ho)
+auths.map_group_to_team_removal = Elimina els usuaris dels equips sincronitzats si no pertanyen al grup LDAP corresponent
+auths.helo_hostname = Hostname HELO
+auths.helo_hostname_helper = Hostname enviat amb HELO. Deixeu-ho en blanc per enviar el hostname actual.
+auths.disable_helo = Deshabilita HELO
+auths.skip_local_two_fa = Salta l'A2F local
+auths.skip_local_two_fa_helper = No marcar aquesta opció farà que els usuaris que tenen l'A2F definida igualment hauran de passar l'A2F per iniciar sessió
+auths.oauth2_tenant = Tenant
+auths.oauth2_scopes = Àmbits addicionals
+auths.oauth2_map_group_to_team_removal = Elimina els usuaris dels equips sincronitzats si no pertanyen al grup corresponent.
+auths.tips = Consells
+auths.tips.gmail_settings = Configuracions de Gmail:
+auths.tip.github = Registra una aplicació OAuth nova a %s
+auths.tip.gitlab_new = Registra una aplicació nova a %s
+auths.tip.google_plus = Obté les credencials del client OAuth2 amb la consola del Google API a %s
+auths.tip.openid_connect = Usa l'URL d'OpenID Connect Discovery (<server>/.well-known/openid-configuration) per a especificar els endpoints
 
 [actions]
 variables = Variables
diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index f1893024ce..91e5e8dbc5 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -2381,7 +2381,7 @@ settings.matrix.room_id=ID místnosti
 settings.matrix.message_type=Typ zprávy
 settings.archive.button=Archivovat repozitář
 settings.archive.header=Archivovat tento repozitář
-settings.archive.text = Archivováním repozitáře jej celý převedete do stavu pouze pro čtení. Bude skryt z nástěnky. Nikdo (ani vy!) nebude moci vytvářet nové revize ani otevírat problémy a žádosti o sloučení.
+settings.archive.text = Archivováním repozitáře jej celý převedete do stavu pouze pro čtení. Bude skryt z nástěnky. Nikdo (ani vy!) nebude moci vytvářet nové revize ani otevírat problémy a žádosti o sloučení. Je doporučena dokumentace důvodu archivace pro budoucí vývojáře, kteří chtějí vytvořit fork repozitáře.
 settings.archive.success=Repozitář byl úspěšně archivován.
 settings.archive.error=Nastala chyba při archivování repozitáře. Prohlédněte si záznam pro více detailů.
 settings.archive.error_ismirror=Nemůžete archivovat zrcadlený repozitář.
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index c34f152934..897d335cb8 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -2382,7 +2382,7 @@ settings.matrix.room_id=Raum-ID
 settings.matrix.message_type=Nachrichtentyp
 settings.archive.button=Repo archivieren
 settings.archive.header=Dieses Repo archivieren
-settings.archive.text=Durch das Archivieren wird ein Repo vollständig schreibgeschützt. Es wird von der Übersichtsseite versteckt. Niemand (nicht einmal du!) wird in der Lage sein, neue Commits zu erstellen oder Issues oder Pull-Requests zu öffnen.
+settings.archive.text=Durch das Archivieren wird ein Repo vollständig schreibgeschützt. Es wird von der Übersichtsseite versteckt. Niemand (nicht einmal du!) wird in der Lage sein, neue Commits zu erstellen oder Issues oder Pull-Requests zu öffnen. Es wird empfohlen, den Archivierungsgrund zu dokumentieren, um zukünftigen Entwicklern, die planen, das Repository zu forken, zu helfen.
 settings.archive.success=Das Repo wurde erfolgreich archiviert.
 settings.archive.error=Beim Versuch, das Repository zu archivieren, ist ein Fehler aufgetreten. Weitere Details finden sich im Log.
 settings.archive.error_ismirror=Du kannst kein gespiegeltes Repo archivieren.
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index a7aa0f17ae..8809dca726 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -32,7 +32,7 @@ password=Contraseña
 access_token=Token de acceso
 re_type=Confirmar contraseña
 captcha=CAPTCHA
-twofa=Autenticación de dos factores
+twofa=Autenticación de doble factor
 twofa_scratch=Código de respaldo
 passcode=Código de acceso
 
@@ -147,7 +147,7 @@ filter.private = Privado
 toggle_menu = Alternar menú
 invalid_data = Datos inválidos: %v
 confirm_delete_artifact = ¿Estás seguro de que deseas eliminar el artefacto "%s"?
-more_items = Mas cosas
+more_items = Mas elementos
 copy_generic = Copiar al portapapeles
 filter.not_fork = No hay bifurcaciones
 filter.is_fork = Bifurcaciones
@@ -3138,7 +3138,7 @@ auths.allow_deactivate_all=Permitir un resultado de búsqueda vacío para desact
 auths.use_paged_search=Usar búsqueda paginada
 auths.search_page_size=Tamaño de página
 auths.filter=Filtro de usuario
-auths.admin_filter=Filtro de aministrador
+auths.admin_filter=Filtro de administrador
 auths.restricted_filter=Filtro restringido
 auths.restricted_filter_helper=Dejar en blanco para no establecer ningún usuario como restringido. Utilice un asterisco ('*') para establecer todos los usuarios que no coincidan con el filtro de administración como restringido.
 auths.verify_group_membership=Verificar pertenencia al grupo en LDAP (dejar el filtro vacío para saltar)
@@ -3152,15 +3152,15 @@ auths.ms_ad_sa=Atributos de búsqueda de MS AD
 auths.smtp_auth=Tipo de autenticación SMTP
 auths.smtphost=Servidor SMTP
 auths.smtpport=Puerto SMTP
-auths.allowed_domains=Dominios Permitidos
-auths.allowed_domains_helper=Dejar vacío para permitir todos los dominios. Separa múltiples dominios con una coma (',').
+auths.allowed_domains=Dominios permitidos
+auths.allowed_domains_helper=Dejar vacío para permitir todos los dominios. Separa múltiples dominios con una coma (",").
 auths.skip_tls_verify=Omitir la verificación TLS
 auths.force_smtps=Forzar SMTPS
 auths.force_smtps_helper=SMTPS se utiliza siempre en el puerto 465. Establezca esto para forzar SMTPS en otros puertos. (De lo contrario, STARTTLS se utilizará en otros puertos si es soportado por el host.)
 auths.helo_hostname=Nombre de anfitrión HELO
 auths.helo_hostname_helper=Nombre de anfitrión enviado con HELO. Déjelo vacío para enviar el nombre de anfitrión actual.
 auths.disable_helo=Desactivar HELO
-auths.pam_service_name=Nombre del Servicio PAM
+auths.pam_service_name=Nombre del servicio PAM
 auths.pam_email_domain=Dominio de correo de PAM (opcional)
 auths.oauth2_provider=Proveedor OAuth2
 auths.oauth2_icon_url=URL de icono
@@ -3217,9 +3217,9 @@ auths.unable_to_initialize_openid=No se puede inicializar el proveedor de OpenID
 auths.invalid_openIdConnectAutoDiscoveryURL=URL de auto descubrimiento no válida (esta debe ser una URL válida comenzando con http:// o https://)
 
 config.server_config=Configuración del servidor
-config.app_name=Título del sitio
+config.app_name=Título de la instancia
 config.app_ver=Versión de Forgejo
-config.app_url=URL base de Forgejo
+config.app_url=URL base
 config.custom_conf=Ruta del fichero de configuración
 config.custom_file_root_path=Ruta raíz de los archivos personalizada
 config.domain=Dominio del Servidor
diff --git a/options/locale/locale_mk.ini b/options/locale/locale_mk.ini
new file mode 100644
index 0000000000..5bc16b4700
--- /dev/null
+++ b/options/locale/locale_mk.ini
@@ -0,0 +1,14 @@
+
+
+
+[common]
+home = Дома
+dashboard = Контролна табла
+help = Помош
+logo = Лого
+version = Верзија
+notifications = Нотификации
+sign_in_or = или
+password = Лозинка
+username = Корисничко име
+your_profile = Профил
\ No newline at end of file
diff --git a/options/locale/locale_nb_NO.ini b/options/locale/locale_nb_NO.ini
index ada3a5bc39..692a70e350 100644
--- a/options/locale/locale_nb_NO.ini
+++ b/options/locale/locale_nb_NO.ini
@@ -510,4 +510,20 @@ admin.new_user.user_info = Bruker informasjon
 admin.new_user.text = Vennligst <a href="%s">Trykk her</a> for å administrere denne brukeren fra admin panelet.
 register_notify = Velkommen til %s
 register_notify.text_1 = Dette er e-posten som bekrefter din registrering for %s!
-register_notify.text_2 = Du kan logge in på din konto med bruk av ditt brukernavn: %s
\ No newline at end of file
+register_notify.text_2 = Du kan logge in på din konto med bruk av ditt brukernavn: %s
+register_notify.text_3 = Hvis noen andre laget denne kontoen for deg, må du <a href="%s">sette et passord</a> først.
+reset_password = Gjenopprett kontoen din
+reset_password.text = Hvis dette var deg, vennligst klikk følgende lenge for å gjenopprette kontoen din innen <b>%s</b>:
+password_change.subject = Passordet ditt har blitt endret
+password_change.text_1 = Passordet for kontoen din ble akkurat endret.
+primary_mail_change.subject = Din hoved-e-postadresse er endret
+primary_mail_change.text_1 = Din hoved-e-postadresse ble akkurat endret til %[1]s. Dette betyr at denne e-postadressen ikke lenger vil motta e-postvarsler for kontoen din.
+totp_disabled.subject = TOTP has blitt slått av
+totp_disabled.text_1 = Tidsbasert engangskode (TOTP) ble nettopp slått av på din konto.
+totp_disabled.no_2fa = Det er ikke lenger satt opp noen 2FA-metoder, hvilket betyr at det ikke lenger er nødvendig å bruke 2FA for å logge inn på kontoen din.
+removed_security_key.subject = En sikkerhetsnøkkel har blitt fjernet
+removed_security_key.text_1 = Sikkerhetsnøkkelen «%[1]s» ble akkurat fjernet fra din konto.
+account_security_caution.text_1 = Hvis dette var deg, så kan du trygt ignorere denne e-posten.
+account_security_caution.text_2 = Hvis dette ikke var deg, så kan noen ha fått uautorisert tilgang til kontoen din. Ta kontakt med administratorene for denne siden.
+totp_enrolled.subject = Du har aktivert TOTP som 2FA-metode
+totp_enrolled.text_1.no_webauthn = Du har akkurat slått på TOTP for kontoen din. Dette betyr at for alle fremtidige innlogginger må du bruke TOTP som en 2FA-metode.
\ No newline at end of file
diff --git a/options/locale/locale_nds.ini b/options/locale/locale_nds.ini
index d8b97b61cf..6825b38fe9 100644
--- a/options/locale/locale_nds.ini
+++ b/options/locale/locale_nds.ini
@@ -2308,7 +2308,7 @@ settings.archive.mirrors_unavailable = Spegels sünd in archiveert Repos nich ve
 settings.tags.protection.create = Örder hentofögen
 settings.bot_token = Bot-Teken
 settings.matrix.message_type = Narichten-Aard
-settings.archive.text = Wenn dat Repo archiveert word, kann man daar blots noch lesen. Dat word vum Kontor verburgen. Nüms (ok nich du sülvst!) kann noch neje Kommitterens maken of Gefallens of Haalvörslagen opmaken.
+settings.archive.text = Wenn dat Repo archiveert word, kann man daar blots noch lesen. Dat word vum Kontor verburgen. Nüms (ok nich du sülvst!) kann noch neje Kommitterens maken of Gefallens of Haalvörslagen opmaken. Dat word anraden, to dokumenteren, um wat dat archiveert worden is, um tokünftig Entwicklers to hülpen, well deeses Repositorium gabeln wullen.
 settings.archive.success = Dat Repo is archiveert worden.
 settings.archive.error = Een Fehler is bi’m Archiveren vum Repo uptreden. Kiek in de Utgaav för mehr Informatioonen.
 settings.archive.branchsettings_unavailable = Twieg-Instellens sünd in archiveert Repos nich verföögbaar.
diff --git a/options/locale/locale_ro.ini b/options/locale/locale_ro.ini
index 5540c32d77..e2b404808c 100644
--- a/options/locale/locale_ro.ini
+++ b/options/locale/locale_ro.ini
@@ -303,6 +303,11 @@ default_enable_timetracking = Activează urmărirea timpului în mod implicit
 default_enable_timetracking.description = Permite utilizarea funcției de urmărire a timpului pentru depozitele noi în mod implicit.
 invalid_repo_path = Calea rădăcină a depozitului este invalidă: %v
 run_user_not_match = Numele de utilizator „utilizatorul sub care rulează" nu este același cu numele de utilizator curent: %s -> %s
+enable_update_checker_helper_forgejo = Se va verifica periodic noi versiuni de Forgejo prin interogarea unei înregistrări DNS de tip TXT la release.forgejo.org.
+invalid_log_root_path = Calea către fișierul de loguri este invalidă: %v
+password_algorithm_helper = Setează algoritmul de hashing al parolei. Algoritmii au cerințe și puncte forte diferite. Algoritmul argon2 este foarte sigur, însă folosește multă memorie și poate fi nepotrivit pentru sistemele slabe.
+env_config_keys = Configurări de Mediu
+env_config_keys_prompt = Următoarele variabile de mediu vor fi aplicate fișierului tău de configurații:
 
 [search]
 user_kind = Căutați utilizatori…
@@ -344,4 +349,206 @@ contributions_few = contribuții
 less = Mai puțin
 number_of_contributions_in_the_last_12_months = %s contribuții în ultimele 12 luni
 more = Mai mult
-contributions_one = contribuție
\ No newline at end of file
+contributions_one = contribuție
+
+[home]
+uname_holder = Numele de utilizator sau adresa de email
+switch_dashboard_context = Schimbă contextul tabloului de bord
+my_repos = Repozitorii
+my_orgs = Organizații
+view_home = Vezi %s
+filter = Alte filtre
+filter_by_team_repositories = Filtrează după repozitoriile echipei
+feed_of = Fluxul lui "%s"
+show_archived = Arhivat
+show_both_archived_unarchived = Se afișează atât arhivate cât și nearhivate
+show_only_archived = Se afișează doar arhivate
+show_only_unarchived = Se afișează doar nearhivate
+show_private = Privat
+show_both_private_public = Se afișează atât publice cât și private
+show_only_private = Se afișează doar private
+show_only_public = Se afișează doar publice
+issues.in_your_repos = In repozitoriile tale
+
+[explore]
+repos = Repozitorii
+users = Utilizatori
+organizations = Organizații
+go_to = Mergi la
+code = Cod
+code_last_indexed_at = Ultima indexare %s
+relevant_repositories_tooltip = Repozitorii care sunt fork-uri sau care nu au niciun subiect, nicio pictogramă sau nicio descriere sunt ascunse.
+relevant_repositories = Doar repozitoriile relevante sunt arătate, <a href="%s">arată rezultatele nefiltrate</a>.
+
+[auth]
+create_new_account = Înregistrează un cont
+disable_register_prompt = Înregistrarea este oprită. Vă rugăm contactați administratorul site-ului.
+disable_register_mail = Confirmarea emailului pentru înregistrare este oprită.
+manual_activation_only = Contactați administratorul site-ului pentru a completa activarea.
+remember_me = Ține minte acest dispozitiv
+forgot_password_title = Am uitat parola
+forgot_password = Ai uitat parola?
+hint_login = Ai deja un cont? <a href="%s">Autentifică-te acum!</a>
+hint_register = Ai nevoie de un cont? <a href="%s">Înregistrează-te acum.</a>
+sign_up_button = Înregistrează-te acum.
+sign_up_successful = Contul a fost creat cu succes. Bine ai venit!
+confirmation_mail_sent_prompt = Un nou email de confirmare a fost trimis către <b>%s</b>. Pentru a finaliza procesul de înregistrare, vă rugăm să verificați căsuța poștală și să accesați link-ul primit în următoarele %s. Dacă adresa de email este greșită, vă puteți autentifica, și puteți cere un alt email de confirmare către o altă adresă.
+must_change_password = Actualizează parola
+allow_password_change = Solicită utilizatorului să schimbe parola (recomandat)
+reset_password_mail_sent_prompt = Un email de confirmare a fost trimis către <b>%s</b>. Pentru a finaliza procesul de recuperare, vă rugăm să vă verificați căsuța poștală și să accesați link-ul în următoarele %s.
+active_your_account = Activați-vă contul
+account_activated = Contul a fost activat
+prohibit_login = Contul este suspendat
+prohibit_login_desc = Contul dumneavoastră a fost suspendat din a interacționa cu această instanță. Vă rugăm să contactați administratorul instanței pentru a reprimi acces.
+resent_limit_prompt = Ați cerut recent deja un email de activare. Vă rugăm să așteptați 3 minute și să încercați din nou.
+has_unconfirmed_mail = Bună %s, ai o adresă de email neconfirmată (<b>%s</b>). Dacă nu ai primit un mesaj de confirmare sau trebuie să îți trimitem unul nou, te rog apasă pe butonul de mai jos.
+change_unconfirmed_email_summary = Schimbă adresa de email către care mesajul de activare este trimis.
+change_unconfirmed_email = Dacă ai pus adresa de email greșită în timpul înregistrării, o poți schimba mai jos, și o confirmare va fi trimisă la adresa nouă de email.
+change_unconfirmed_email_error = Nu s-a putut schimba adresa de email: %v
+resend_mail = Apasă aici pentru a retrimite mesajul de activare
+send_reset_mail = Trimite mesajul de activare
+reset_password = Recuperarea contului
+invalid_code = Codul tău de confirmare este invalid sau a expirat.
+invalid_code_forgot_password = Codul tău de confirmare este invalid sau a expirat. Apasă <a href="%s">aici</a> pentru a începe o nouă sesiune.
+invalid_password = Parola ta nu se potrivește cu parola care a fost folosită pentru a crea contul.
+reset_password_helper = Recuperează Contul
+reset_password_wrong_user = Ești autentificat ca %s, dar link-ul pentru recuperarea contului era pentru %s
+password_too_short = Lungimea parolei nu poate fi mai mică de %d caractere.
+non_local_account = Utilizatorii externi nu își pot actualiza parola prin intermediul interfeței web Forgejo.
+verify = Verifică
+unauthorized_credentials = Credențialele sunt incorecte sau au expirat. Reîncearcă comanda sau vezi %s pentru mai multe informații
+scratch_code = Cod de rezervă
+use_scratch_code = Folosește un cod de rezervă
+use_onetime_code = Folosește un cod de unică folosință
+twofa_scratch_used = Ai folosit codul tău de rezervă. Ai fost redirecționat către pagina de autentificare în doi pași pentru a putea să vă ștergeți înrolarea dispozitivului sau să vă generați un nou cod de rezervă.
+twofa_passcode_incorrect = Codul tău de acces este incorect. Dacă ți-ai pierdut dispozitivul, folosește codul de rezervă pentru a te autentifica.
+twofa_scratch_token_incorrect = Codul tău de rezervă este incorect.
+login_userpass = Autentificare
+oauth_signup_tab = Înregistrează un cont nou
+oauth_signup_title = Finalizare cont nou
+oauth_signup_submit = Finalizare cont
+oauth_signin_tab = Asociază cu un cont existent
+oauth_signin_title = Autentifică-te pentru a autoriza asocierea contului
+oauth_signin_submit = Asociază cont
+oauth.signin.error = A apărut o eroare la procesarea cererii de autorizare. Dacă această eroare persistă, contactați administratorul site-ului.
+oauth.signin.error.access_denied = Cererea de autorizare a fost respinsă.
+oauth.signin.error.temporarily_unavailable = Autorizarea a eșuat deoarece serverul de autentificare este temporar indisponibil. Vă rugăm să încercați din nou mai târziu.
+openid_connect_submit = Conectare
+openid_connect_title = Conectează-te la un cont existent
+openid_connect_desc = URI-ul OpenID ales este necunoscut. Asociați-l cu un cont nou aici.
+openid_register_title = Creează un cont nou
+openid_register_desc = URI-ul OpenID ales este necunoscut. Asociați-l cu un cont nou aici.
+openid_signin_desc = Introduceți URI-ul vostru OpenID. De exemplu: alice.openid.example.org sau https://openid.example.org/alice.
+disable_forgot_password_mail = Recuperarea contului este dezactivată deoarece niciun cont de email nu este setat. Vă rugăm să contactați administratorul site-ului.
+disable_forgot_password_mail_admin = Recuperarea contului este activă doar atunci când un cont de email este setat. Vă rugăm să vă setați adresa de email pentru a activa recuperarea contului.
+email_domain_blacklisted = Nu te poți înregistra cu adresa ta de email.
+authorize_application = Autorizează Aplicația
+authorize_redirect_notice = Vei fi redirecționat către %s dacă autorizezi aplicația.
+authorize_application_created_by = Aplicația a fost creată de către %s.
+authorize_application_description = Dacă îi acorzi acces, va putea să îți acceseze și să scrie toate informațiile contului tău, incluzând repozitoarele private și organizațiile.
+authorize_title = Autorizează "%s" să îți acceseze contul?
+authorization_failed = Autorizarea a eșuat
+authorization_failed_desc = Autorizarea a eșuat deoarece am detectat o cerere invalidă. Vă rugăm să contactați responsabilul aplicației pe care ați încercat să o autorizați.
+password_pwned = Parola pe care ai ales-o este pe <a target="_blank" rel="noopener noreferrer" href="%s">o listă de parole furate</a> obținute anterior dintr-o bază de date expusă public. Vă rugăm să încercați cu o parolă diferită și să considerați schimbarea parolei și oriunde altundeva mai este folosită.
+password_pwned_err = Nu s-a putut completa cererea către HaveIBeenPwned
+last_admin = Nu poți șterge ultimul administrator. Trebuie să existe cel puțin un administrator.
+back_to_sign_in = Înapoi la Autentificare
+sign_in_openid = Continuă cu OpenID
+
+[mail]
+view_it_on = Vezi pe %s
+reply = sau răspunde direct la acest mesaj
+link_not_working_do_paste = Link-ul nu a mers? Încearcă să îl copiezi și să îl lipești în bara URL a browserului.
+hi_user_x = Bună <b>%s</b>,
+activate_account = Vă rugăm activați-vă contul
+activate_account.text_1 = Bună <b>%[1]s</b>, mulțumim pentru înregistrarea pe %[2]s!
+activate_account.text_2 = Vă rugăm urmăriți pe următorul link pentru a vă activa contul în <b>%s</b>:
+activate_email = Verifică-ți adresa de email
+activate_email.text = Vă rugăm apăsați pe următorul link pentru a vă activa contul în <b>%s</b>:
+admin.new_user.subject = Un nou utilizator, %s, s-a înregistrat
+admin.new_user.user_info = Informațiile utilizatorului
+admin.new_user.text = Vă rugăm <a href="%s">apăsați aici</a> pentru a administra acest utilizator din tabloul de administrator.
+register_notify = Bine ai venit pe %s
+register_notify.text_1 = acesta este mesajul tău de confirmarea a înregistrării pentru %s!
+register_notify.text_2 = Te poți autentifica în contul tău folosind numele tău de utilizator: %s
+register_notify.text_3 = Dacă altcineva a făcut acest cont pentru tine, va trebui <a href="%s">să îți setezi parola</a> prima dată.
+reset_password = Recuperează-ți contul
+reset_password.text = Dacă ai fost tu, te rugăm să accesezi link-ul pentru a îți recupera contul în <b>%s</b>:
+password_change.subject = Parola ta a fost schimbată
+password_change.text_1 = Parola pentru contul tău tocmai a fost schimbată.
+primary_mail_change.subject = Adresa ta de email principală a fost schimbată
+primary_mail_change.text_1 = Adresa de email principală a contului tău tocmai a fost schimbată la %[1]s. Asta înseamnă că această adresă de email nu va mai primi notificări email pentru contul tău.
+totp_disabled.subject = TOTP a fost dezactivat
+totp_disabled.text_1 = Parola de unică folosință bazată pe timp (TOTP) pentru contul tău tocmai a fost dezactivată.
+totp_disabled.no_2fa = Nu mai sunt configurate alte metode de autentificare în doi pași, ceea ce înseamnă că nu mai este necesar să vă autentificați în cont cu 2FA.
+removed_security_key.subject = O cheie de securitate a fost scoasă
+removed_security_key.text_1 = Cheia de securitate "%[1]s" tocmai a fost scoasă din contul tău.
+removed_security_key.no_2fa = Nu mai sunt configurate alte metode de autentificare în doi pași, ceea ce înseamnă că nu mai este necesar să vă autentificați în cont cu 2FA.
+account_security_caution.text_1 = Dacă ai fost tu, poți ignora acest email.
+account_security_caution.text_2 = Dacă nu ai fost tu, contul tău este compromis. Te rugăm să contactezi administratorii acestui site.
+totp_enrolled.subject = Ai activat TOTP ca metodă de 2FA
+totp_enrolled.text_1.no_webauthn = Tocmai ai activat TOTP pentru contul tău. Asta înseamnă că pentru autentificările viitoare în contul tău, trebuie să folosești TOTP ca metodă de 2FA.
+totp_enrolled.text_1.has_webauthn = Tocmai ai activat TOTP pentru contul tău. Asta înseamnă că pentru autentificările viitoare, poți folosi TOTP ca metodă de autentificare 2FA sau oricare din cheile tale de securitate.
+issue_assigned.pull = @%[1]s te-a atribuit la pull request-ul %[2]s în repozitoriul %[3]s.
+issue_assigned.issue = @%[1]s ți-a atribuit problema %[2]s în repozitoriul %[3]s.
+issue.x_mentioned_you = <b>@%s</b> te-a menționat:
+issue.action.force_push = <b>%[1]s</b> a împins cu forța <b>%[2]s</b> de la %[3]s la %[4]s.
+issue.action.push_1 = <b>@%[1]s</b> a împins %[3]d commit la %[2]s
+issue.action.push_n = <b>@%[1]s</b> a împins %[3]d commit-uri la %[2]s
+issue.action.close = <b>@%[1]s</b> a închis #%[2]d.
+issue.action.reopen = <b>@%[1]s</b> a redeschis #%[2]d.
+issue.action.merge = <b>@%[1]s</b> a merge-uit #%[2]d în %[3]s.
+issue.action.approve = <b>@%[1]s</b> a aprobat acest pull request.
+issue.action.reject = <b>@%[1]s</b> a cerut modificări pe acest pull request.
+issue.action.review = <b>@%[1]s</b> a comentat pe acest pull request.
+issue.action.review_dismissed = <b>@%[1]s</b> a scos ultima recenzie a lui %[2]s de pe acest pull request.
+issue.action.ready_for_review = <b>@%[1]s</b> a marcat acest pull request ca pregătită pentru recenzie.
+issue.action.new = <b>@%[1]s</b> a creat #%[2]d.
+issue.in_tree_path = În %s:
+release.new.subject = %s în %s a fost lansat
+release.new.text = <b>@%[1]s</b> a lansat %[2]s în %[3]s
+release.title = Titlu: %s
+release.note = Notă:
+release.downloads = Descărcări:
+release.download.zip = Cod Sursă (ZIP)
+release.download.targz = Cod Sursă (TAR.GZ)
+repo.transfer.subject_to = %s vrea să transfere repozitoriul "%s" către %s
+repo.transfer.subject_to_you = %s vrea să transfere repozitoriul "%s" către tine
+repo.transfer.to_you = tu
+repo.transfer.body = Pentru a îl accepta sau a refuza vizitează %s sau doar ignoră-l.
+repo.collaborator.added.subject = %s te-a adăugat la %s ca și colaborator
+repo.collaborator.added.text = Ai fost adăugat ca și colaborator la repozitoriul:
+team_invite.subject = %[1]s te-a invitat sa intrii în organizația %[2]s
+team_invite.text_1 = %[1]s te-a invitat să intrii in echipa %[2]s din organizația %[3]s.
+team_invite.text_2 = Te rugăm să accesezi următorul link pentru a te alătura la echipă:
+team_invite.text_3 = Notă: Această invitație îi este adresată lui %[1]s. Dacă nu te așteptai la această invitație, poți ignora acest mesaj.
+
+[modal]
+yes = Da
+no = Nu
+confirm = Confirmă
+cancel = Anulează
+
+[form]
+UserName = Nume de utilizator
+FullName = Numele complet
+Description = Descriere
+Pronouns = Pronume
+Biography = Biografie
+Website = Website
+Location = Locație
+RepoName = Numele repozitoriului
+Email = Adresă de email
+Password = Parolă
+Retype = Confirmă parola
+TeamName = Numele echipei
+AuthName = Numele autorizării
+AdminEmail = Emailul administratorului
+To = Numele branch-ului
+AccessToken = Token de acces
+NewBranchName = Nume nou pentru branch
+CommitSummary = Rezumatul commit-urilor
+CommitMessage = Mesajul commit-ului
+CommitChoice = Alegerea commit-ului
+TreeName = Locația fișierului
+Content = Conținut
\ No newline at end of file
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index e74f0a2b81..8a80a02284 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -852,7 +852,7 @@ added_on=Добавлено %s
 valid_until_date=Действительно до %s
 valid_forever=Действителен навсегда
 last_used=Последний раз использовался
-no_activity=Еще не применялся
+no_activity=Еще не использовался
 can_read_info=Чтение
 can_write_info=Запись
 key_state_desc=Этот ключ использовался в течение последних 7 дней
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 92268e33a8..b619a6904a 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -1439,14 +1439,14 @@ issues.dependency.remove_info=Ta bort detta beroende
 issues.dependency.added_dependency=`lade till ett nytt beroende %s`
 issues.dependency.removed_dependency=`tog bort ett beroende %s`
 issues.dependency.issue_close_blocks=Detta ärende blockerar en stängning av följande ärenden
-issues.dependency.pr_close_blocks=Denna pull-förfrågan blockerar stängning av följande ärenden
+issues.dependency.pr_close_blocks=Denna ändringsförfrågan blockerar stängning av följande ärenden
 issues.dependency.issue_close_blocked=Du måste stänga alla ärenden som blockerar det här ärendet innan du kan stänga det.
-issues.dependency.pr_close_blocked=Du måste stänga alla ärenden som blockerar denna pull-förfrågan innan du kan merga det.
+issues.dependency.pr_close_blocked=Du måste stänga alla ärenden som blockerar denna ändringsförfrågan innan du kan sammanfoga den.
 issues.dependency.blocks_short=Blockerar
 issues.dependency.blocked_by_short=Beroende av
 issues.dependency.remove_header=Ta bort beroende
 issues.dependency.issue_remove_text=Detta tar bort beroendet från det här ärendet. Vill du fortsätta?
-issues.dependency.pr_remove_text=Det här kommer att ta bort beroendet från denna pull-förfrågan. Vill du fortsätta?
+issues.dependency.pr_remove_text=Det här kommer att ta bort beroendet från den här ändringsförfrågan. Vill du fortsätta?
 issues.dependency.setting=Aktivera beroenden för ärenden och ändringsförfrågningar
 issues.dependency.add_error_same_issue=Ett ärende kan inte bero på sig själv.
 issues.dependency.add_error_dep_issue_not_exist=Ärendet du beror på, finns inte.
@@ -1454,8 +1454,8 @@ issues.dependency.add_error_dep_not_exist=Beroendet finns inte.
 issues.dependency.add_error_dep_exists=Beroendet finns redan.
 issues.dependency.add_error_cannot_create_circular=Du kan inte skapa ett beroende med två ärenden som blockerar varandra.
 issues.dependency.add_error_dep_not_same_repo=Båda ärendena måste vara i samma kodförråd.
-issues.review.self.approval=Du kan inte godkänna din egen pull-begäran.
-issues.review.self.rejection=Du kan inte begära ändringar för din egna pull-förfrågan.
+issues.review.self.approval=Du kan inte godkänna din egen ändringsförfrågan.
+issues.review.self.rejection=Du kan inte begära ändringar för din egna ändringsförfrågan.
 issues.review.approve=godkände dessa ändringar %s
 issues.review.comment=granskad av %s
 issues.review.left_comment=lämnade en kommentar
@@ -1486,22 +1486,22 @@ pulls.filter_branch=Filtrera gren
 pulls.no_results=Inga resultat hittades.
 pulls.nothing_to_compare=Dessa grenar är likvärdigt. Det finns ingen anledning att skapa en ändringsförfrågan.
 pulls.create=Skapa ändringsförfrågan
-pulls.change_target_branch_at=`ändrade mål-branch från <b>%s</b> till <b>%s</b>%s`
+pulls.change_target_branch_at=`ändrade målgrenen från <b>%s</b> till <b>%s</b>%s`
 pulls.tab_conversation=Konversation
 pulls.tab_commits=Incheckningar
 pulls.tab_files=Ändrade filer
-pulls.reopen_to_merge=Vänligen återöppna denna Pull-förfrågan igen för att utföra sammanfogningen.
-pulls.cant_reopen_deleted_branch=Denna pull-förfrågan kan inte öppnas igen eftersom branchen tagits bort.
+pulls.reopen_to_merge=Återöppna denna ändringsförfrågan för att utföra sammanslagningen.
+pulls.cant_reopen_deleted_branch=Denna ändringsförfrågan kan inte öppnas eftersom grenen har tagits bort.
 pulls.merged=Sammanfogat
-pulls.is_closed=Pull-förfrågan har stängts.
-pulls.title_wip_desc=`<a href="#">Börja titeln med <strong>%s</strong></a> för att förhindra att pull-förfrågan sammanfogas av misstag`
-pulls.data_broken=Ändringsbegäran är trasig på grund av saknad information on avgreningen.
-pulls.files_conflicted=Den här pull-förfrågan ha ändringar som är i konflikt med mål-branchen.
+pulls.is_closed=Denna ändringsförfrågan har stängts.
+pulls.title_wip_desc=`<a href="#">Börja titeln med <strong>%s</strong></a> för att förhindra att ändringsförfrågan sammanfogas av misstag`
+pulls.data_broken=Ändringsförfrågan är trasig på grund av saknad information on avgreningen.
+pulls.files_conflicted=Den här ändringsförfrågningen har ändringar som är i konflikt med målgrenen.
 pulls.is_checking=Sammanfognings-konfliktkontroll pågår. Försök igen senare.
 pulls.required_status_check_failed=Vissa tvingande kontroller lyckades inte.
 pulls.required_status_check_missing=Vissa tvingande kontroller saknas.
-pulls.required_status_check_administrator=Som administratör kan du fortfarande merga den här pull requesten.
-pulls.can_auto_merge_desc=Denna pull-förfrågan kan sammanfogas automatiskt.
+pulls.required_status_check_administrator=Som administratör kan du fortfarande sammanfoga denna ändringsförfrågan.
+pulls.can_auto_merge_desc=Den här ändringsförfrågningen kan sammanfogas automatiskt.
 pulls.cannot_auto_merge_desc=Ändringsförfrågan kan inte sammanfogas automatiskt på grund av konflikter.
 pulls.cannot_auto_merge_helper=Sammanfoga manuellt för att lösa konflikterna.
 
@@ -1512,7 +1512,7 @@ pulls.invalid_merge_option=Du kan inte använda detta mergealternativet för den
 pulls.open_unmerged_pull_exists=`Du kan inte återuppliva denna pull-request då det redan finns en identisk pull-request öppen (#%d).`
 pulls.update_branch_success=Uppdatering av branchen lyckades
 pulls.update_not_allowed=Du är inte behörig att uppdatera grenen
-pulls.outdated_with_base_branch=Denna branch är föråldrad gentemot bas-branchen
+pulls.outdated_with_base_branch=Den här grenen är föråldrad gentemot basgrenen
 
 
 
@@ -1673,7 +1673,7 @@ settings.convert_confirm=Konvertera kodförråd
 settings.convert_succeed=Speglingen har blivit konverterad till ett vanligt kodförråd.
 settings.convert_fork=Konvertera till vanligt kodförråd
 settings.convert_fork_confirm=Konvertera kodförråd
-settings.transfer.title=Överför Ägarskap
+settings.transfer.title=Överför ägarskap
 settings.transfer_desc=Överför detta kodförråd till en användare eller organisation för vilken du har administratörsrättigheter till.
 settings.transfer_notices_1=- Du kommer förlora åtkomst till kodförrådet om du för över den till en individuell användare.
 settings.transfer_notices_2=- Du kommer behålla åtkomst till kodförrådet om du för över den till en organisation som du antingen äger eller är delägare i.
@@ -1685,7 +1685,7 @@ settings.wiki_delete_desc=Borttagning av kodförrådets wiki-data är permanent
 settings.wiki_delete_notices_1=- Detta kommer permanent ta bort och inaktivera kodförrådets wiki för %s.
 settings.confirm_wiki_delete=Ta bort wikidata
 settings.wiki_deletion_success=Kodförrådets wiki-data har tagits bort.
-settings.delete=Ta bort detta kodförråd
+settings.delete=Ta bort kodförrådet
 settings.delete_desc=Borttagning av en kodförrådet är permanent och kan ej ångras.
 settings.delete_notices_1=- Denna åtgärd kan <strong>INTE</strong> ångras.
 settings.delete_notices_2=- Denna åtgärd kommer permanent ta bort kodförrådet <strong>%s</strong> inklusive kod, ärenden, kommentarer, wiki-data samt medarbetarinställningar.
@@ -1708,7 +1708,7 @@ settings.add_team_duplicate=Teamet har redan kodförrådet
 settings.add_team_success=Teamet har nu tillgång till kodförrådet.
 settings.remove_team_success=Teamets åtkomst till kodförrådet har tagits bort.
 settings.add_webhook=Lägg till webbkrok
-settings.hooks_desc=Webhooks gör automatiskt ett HTTP POST anrop mot en server när vissa Forgejo events triggas. Läs mer om detta i <a target="_blank" rel="noopener noreferrer" href="%s">webhooks guiden</a>.
+settings.hooks_desc=Webbkrokar gör automatiskt ett HTTP POST-anrop mot en server när vissa Forgejo events triggas. Läs mer om detta i <a target="_blank" rel="noopener noreferrer" href="%s">guiden för webbkrokar</a>.
 settings.webhook_deletion=Ta bort webbkrok
 settings.webhook_deletion_desc=Borttagning utav en webhook tar även bort dess inställningar och leveranshistorik. Vill du fortsätta?
 settings.webhook_deletion_success=Webhooken har blivit borttagen.
@@ -1723,7 +1723,7 @@ settings.githook_edit_desc=Om kroken är inaktiv visas exempelinnehåll. Inaktiv
 settings.githook_name=Kroknamn
 settings.githook_content=Krokinnehåll
 settings.update_githook=Uppdatera krok
-settings.add_webhook_desc=Forgejo kommer skicka ett <code>POST</code>-anrop med en specificerad Content-Type till måladressen. Läs mer om detta i <a target="_blank" rel="noopener noreferrer" href="%s">webbkroksguiden</a>.
+settings.add_webhook_desc=Forgejo kommer skicka ett <code>POST</code>-anrop med en specificerad Content-Type till måladressen. Läs mer om det här i <a target="_blank" rel="noopener noreferrer" href="%s">webbkroksguiden</a>.
 settings.payload_url=Mål-URL
 settings.http_method=HTTP-metod
 settings.content_type=POST-innehållstyp
@@ -1812,7 +1812,7 @@ settings.chat_id=Chatt-ID
 settings.matrix.room_id=Rum-ID
 settings.matrix.message_type=Typ av meddelande
 settings.archive.button=Arkivera kodförråd
-settings.archive.header=Arkivera detta kodförråd
+settings.archive.header=Arkivera kodförrådet
 settings.archive.success=Förrådet arkiverades.
 settings.archive.error=Ett fel uppstod när kodförrådet arkiverades. Se loggen för fler detaljer.
 settings.archive.error_ismirror=Du kan inte arkivera ett speglat förråd.
@@ -1822,7 +1822,7 @@ settings.lfs=LFS
 settings.lfs_filelist=LFS filer lagrade i detta kodförråd
 settings.lfs_no_lfs_files=Inga LFS filer är lagrade i detta kodförråd
 settings.lfs_findcommits=Hitta commits
-settings.lfs_lfs_file_no_commits=Ingen incheckning hittad för denna LFS-fil
+settings.lfs_lfs_file_no_commits=Ingen incheckning hittad för den här LFS-fil
 settings.lfs_locks=Lås
 settings.lfs_invalid_locking_path=Ogiltig sökväg: %s
 settings.lfs_invalid_lock_directory=Kan inte låsa katalog: %s
@@ -2303,7 +2303,7 @@ issues.review.un_resolve_conversation = Återöppna konversation
 issues.reference_issue.body = Brödtext
 issues.content_history.delete_from_history = Radera från historik
 issues.content_history.delete_from_history_confirm = Radera från historik?
-issues.blocked_by_user = Du kan inte skapa ärenden i detta kodförråd eftersom du är blockerad av kodförrådets ägare.
+issues.blocked_by_user = Du kan inte skapa ärenden i det här kodförråd eftersom du är blockerad av kodförrådets ägare.
 comment.blocked_by_user = Kommentering är inte möjlig eftersom du är blockerad av kodförrådets ägare eller författaren.
 issues.summary_card_alt = Sammanfattningskort för ett ärende med titel "%s" i kodförråd %s
 compare.compare_base = bas
@@ -2311,7 +2311,7 @@ pulls.view = Visa ändringsförfrågan
 pulls.edit.already_changed = Det gick inte att spara ändringar till ändringsförfrågan. Det verkar som att innehållet redan har ändrats av en annan användare. Uppdatera sidan och försök redigera igen för att undvika att skriva över deras ändringar
 pulls.sign_in_require = <a href="%s">Logga in</a> för att skapa en ny ändringsförfrågan.
 pulls.allow_edits_from_maintainers = Tillåt redigeringar från underhållare
-pulls.allow_edits_from_maintainers_desc = Användare med skrivåtkomst till basgrenen kan också skicka till denna gren
+pulls.allow_edits_from_maintainers_desc = Användare med skrivåtkomst till basgrenen kan också skicka till den här gren
 pulls.allow_edits_from_maintainers_err = Uppdatering misslyckades
 pulls.has_changed_since_last_review = Ändrad sedan din senaste granskning
 pulls.viewed_files_label = %[1]d / %[2]d filer visade
@@ -2326,38 +2326,38 @@ pulls.showing_specified_commit_range = Visar endast ändringar mellan %[1]s..%[2
 pulls.select_commit_hold_shift_for_range = Välj incheckning. Håll shift + klicka för att välja ett intervall
 pulls.filter_changes_by_commit = Filtrera efter incheckning
 pulls.nothing_to_compare_have_tag = De valda grenarna/taggarna är identiska.
-pulls.nothing_to_compare_and_allow_empty_pr = Dessa grenar är identiska. Denna PR kommer vara tom.
-pulls.has_pull_request = `En ändringsförfrågan mellan dessa grenar finns redan: <a href="%[1]s">%[2]s#%[3]d</a>`
+pulls.nothing_to_compare_and_allow_empty_pr = de här grenar är identiska. den här PR kommer vara tom.
+pulls.has_pull_request = `En ändringsförfrågan mellan de här grenar finns redan: <a href="%[1]s">%[2]s#%[3]d</a>`
 pulls.merged_success = Ändringsförfrågan sammanfogad och stängd
 pulls.closed = Ändringsförfrågan stängd
 pulls.manually_merged = Manuellt sammanfogad
 pulls.merged_info_text = Grenen %s kan nu raderas.
-pulls.cannot_merge_work_in_progress = Denna ändringsförfrågan är markerad som pågående arbete.
+pulls.cannot_merge_work_in_progress = den här ändringsförfrågan är markerad som pågående arbete.
 pulls.still_in_progress = Ännu pågående?
 pulls.add_prefix = Lägg till <strong>%s</strong>-prefix
 pulls.ready_for_review = Redo för granskning?
 pulls.remove_prefix = Ta bort <strong>%s</strong>-prefix
-pulls.is_ancestor = Denna gren ingår redan i målgrenen. Det finns inget att sammanfoga.
-pulls.is_empty = Ändringarna på denna gren finns redan på målgrenen. Detta blir en tom incheckning.
-pulls.blocked_by_approvals = Denna ändringsförfrågan har inte tillräckligt med godkännanden ännu. %d av %d godkännanden beviljade.
-pulls.blocked_by_rejection = Denna ändringsförfrågan har ändringar begärda av en officiell granskare.
-pulls.blocked_by_official_review_requests = Denna ändringsförfrågan är blockerad eftersom den saknar godkännande från en eller flera officiella granskare.
-pulls.blocked_by_outdated_branch = Denna ändringsförfrågan är blockerad eftersom den är föråldrad.
-pulls.blocked_by_changed_protected_files_1 = Denna ändringsförfrågan är blockerad eftersom den ändrar en skyddad fil:
-pulls.blocked_by_changed_protected_files_n = Denna ändringsförfrågan är blockerad eftersom den ändrar skyddade filer:
+pulls.is_ancestor = den här gren ingår redan i målgrenen. Det finns inget att sammanfoga.
+pulls.is_empty = Ändringarna på den här gren finns redan på målgrenen. Det här blir en tom incheckning.
+pulls.blocked_by_approvals = den här ändringsförfrågan har inte tillräckligt med godkännanden ännu. %d av %d godkännanden beviljade.
+pulls.blocked_by_rejection = den här ändringsförfrågan har ändringar begärda av en officiell granskare.
+pulls.blocked_by_official_review_requests = den här ändringsförfrågan är blockerad eftersom den saknar godkännande från en eller flera officiella granskare.
+pulls.blocked_by_outdated_branch = den här ändringsförfrågan är blockerad eftersom den är föråldrad.
+pulls.blocked_by_changed_protected_files_1 = den här ändringsförfrågan är blockerad eftersom den ändrar en skyddad fil:
+pulls.blocked_by_changed_protected_files_n = den här ändringsförfrågan är blockerad eftersom den ändrar skyddade filer:
 pulls.num_conflicting_files_1 = %d konfliktande fil
 pulls.num_conflicting_files_n = %d konfliktande filer
 pulls.approve_count_1 = %d godkännande
 pulls.approve_count_n = %d godkännanden
-pulls.reject_count_1 = %d ändringsbegäran
-pulls.reject_count_n = %d ändringsbegäranden
+pulls.reject_count_1 = %d ändringsförfrågan
+pulls.reject_count_n = %d ändringsförfrågan
 pulls.waiting_count_1 = %d väntande granskning
 pulls.waiting_count_n = %d väntande granskningar
 pulls.wrong_commit_id = inchecknings-id måste vara ett inchecknings-id på målgrenen
-pulls.blocked_by_user = Du kan inte skapa en ändringsförfrågan på detta kodförråd eftersom du är blockerad av kodförrådets ägare.
-pulls.no_merge_wip = Denna ändringsförfrågan kan inte sammanfogas eftersom den är markerad som pågående arbete.
-pulls.no_merge_not_ready = Denna ändringsförfrågan är inte redo att sammanfogas, kontrollera granskningsstatus och statuskontroller.
-pulls.no_merge_access = Du är inte behörig att sammanfoga denna ändringsförfrågan.
+pulls.blocked_by_user = Du kan inte skapa en ändringsförfrågan på det här kodförråd eftersom du är blockerad av kodförrådets ägare.
+pulls.no_merge_wip = den här ändringsförfrågan kan inte sammanfogas eftersom den är markerad som pågående arbete.
+pulls.no_merge_not_ready = den här ändringsförfrågan är inte redo att sammanfogas, kontrollera granskningsstatus och statuskontroller.
+pulls.no_merge_access = Du är inte behörig att sammanfoga den här ändringsförfrågan.
 pulls.merge_pull_request = Skapa sammanfogningsincheckning
 pulls.rebase_merge_pull_request = Ombasera sedan snabbspola
 pulls.rebase_merge_commit_pull_request = Ombasera sedan skapa sammanfogningsincheckning
@@ -2365,16 +2365,16 @@ pulls.squash_merge_pull_request = Slå samman till en incheckning
 pulls.fast_forward_only_merge_pull_request = Endast snabbspolning
 pulls.merge_manually = Manuellt sammanfogad
 pulls.merge_commit_id = Sammanfogningsincheckningens ID
-pulls.require_signed_wont_sign = Grenen kräver signerade incheckningar men denna sammanfogning kommer inte signeras
+pulls.require_signed_wont_sign = Grenen kräver signerade incheckningar men den här sammanfogning kommer inte signeras
 pulls.merge_conflict = Sammanfogning misslyckades: Det uppstod en konflikt vid sammanfogning. Tips: Prova en annan strategi
 pulls.rebase_conflict = Sammanfogning misslyckades: Det uppstod en konflikt vid ombasering av incheckning: %[1]s. Tips: Prova en annan strategi
 pulls.unrelated_histories = Sammanfogning misslyckades: Sammanfogningshuvudet och basen delar ingen gemensam historik. Tips: Prova en annan strategi
 pulls.merge_out_of_date = Sammanfogning misslyckades: Under sammanfogningen uppdaterades basen. Tips: Försök igen.
 pulls.head_out_of_date = Sammanfogning misslyckades: Under sammanfogningen uppdaterades huvudet. Tips: Försök igen.
 pulls.has_merged = Misslyckades: Ändringsförfrågan har redan sammanfogats, du kan inte sammanfoga igen eller ändra målgren.
-pulls.push_rejected = Skickning misslyckades: Skickningen avvisades. Granska Git-krokarna för detta kodförråd.
+pulls.push_rejected = Skickning misslyckades: Skickningen avvisades. Granska Git-krokarna för det här kodförråd.
 pulls.push_rejected_summary = Fullständigt avvisningsmeddelande
-pulls.push_rejected_no_message = Skickning misslyckades: Skickningen avvisades men det fanns inget fjärrmeddelande. Granska Git-krokarna för detta kodförråd
+pulls.push_rejected_no_message = Skickning misslyckades: Skickningen avvisades men det fanns inget fjärrmeddelande. Granska Git-krokarna för det här kodförråd
 pulls.status_checking = Vissa kontroller väntar
 pulls.status_checks_success = Alla kontroller lyckades
 pulls.status_checks_warning = Vissa kontroller rapporterade varningar
@@ -2386,36 +2386,36 @@ pulls.status_checks_show_all = Visa alla kontroller
 pulls.update_branch = Uppdatera gren via sammanfogning
 pulls.update_branch_rebase = Uppdatera gren via ombasering
 pulls.close = Stäng ändringsförfrågan
-pulls.closed_at = `stängde denna ändringsförfrågan %s`
-pulls.reopened_at = `återöppnade denna ändringsförfrågan %s`
-pulls.commit_ref_at = `refererade denna ändringsförfrågan från en incheckning %s`
+pulls.closed_at = `stängde den här ändringsförfrågan %s`
+pulls.reopened_at = `återöppnade den här ändringsförfrågan %s`
+pulls.commit_ref_at = `refererade den här ändringsförfrågan från en incheckning %s`
 pulls.cmd_instruction_hint = Visa kommandoradsinstruktioner
 pulls.cmd_instruction_checkout_title = Checka ut
 pulls.cmd_instruction_checkout_desc = Från din projektkatalog, checka ut en ny gren och testa ändringarna.
 pulls.cmd_instruction_merge_title = Sammanfoga
 pulls.cmd_instruction_merge_desc = Sammanfoga ändringarna och uppdatera på Forgejo.
-pulls.cmd_instruction_merge_warning = <b>Varning:</b> Inställningen "Automatisk identifiering av manuell sammanfogning" är inte aktiverad för detta kodförråd, du måste markera denna ändringsförfrågan som manuellt sammanfogad efteråt.
+pulls.cmd_instruction_merge_warning = <b>Varning:</b> Inställningen "Automatisk identifiering av manuell sammanfogning" är inte aktiverad för det här kodförråd, du måste markera den här ändringsförfrågan som manuellt sammanfogad efteråt.
 pulls.clear_merge_message = Rensa sammanfogningsmeddelande
 pulls.clear_merge_message_hint = Att rensa sammanfogningsmeddelandet tar endast bort incheckningsmeddelandes innehåll och behåller genererade git-trailers som "Co-Authored-By …".
 pulls.reopen_failed.head_branch = Ändringsförfrågan kan inte återöppnas eftersom huvudgrenen inte längre existerar.
 pulls.reopen_failed.base_branch = Ändringsförfrågan kan inte återöppnas eftersom basgrenen inte längre existerar.
 pulls.made_using_agit = AGit
 pulls.agit_explanation = Skapad med AGit-arbetsflödet. AGit låter bidragsgivare föreslå ändringar med "git-skickning" utan att skapa en avgrening eller en ny gren.
-pulls.editable_explanation = Denna ändringsförfrågan tillåter redigeringar från underhållare. Du kan bidra direkt till den.
+pulls.editable_explanation = den här ändringsförfrågan tillåter redigeringar från underhållare. Du kan bidra direkt till den.
 pulls.auto_merge_button_when_succeed = (När kontroller lyckas)
 pulls.auto_merge_when_succeed = Automatisk sammanfogning när alla kontroller lyckas
 pulls.auto_merge_newly_scheduled = Ändringsförfrågan schemalagdes att sammanfogas när alla kontroller lyckas.
-pulls.auto_merge_has_pending_schedule = %[1]s schemalade denna ändringsförfrågan för automatisk sammanfogning när alla kontroller lyckas %[2]s.
+pulls.auto_merge_has_pending_schedule = %[1]s schemalade den här ändringsförfrågan för automatisk sammanfogning när alla kontroller lyckas %[2]s.
 pulls.auto_merge_cancel_schedule = Avbryt automatisk sammanfogning
-pulls.auto_merge_not_scheduled = Denna ändringsförfrågan är inte schemalagd för automatisk sammanfogning.
-pulls.auto_merge_canceled_schedule = Automatisk sammanfogning avbröts för denna ändringsförfrågan.
-pulls.auto_merge_newly_scheduled_comment = `schemalade denna ändringsförfrågan för automatisk sammanfogning när alla kontroller lyckas %[1]s`
-pulls.auto_merge_canceled_schedule_comment = `avbröt automatisk sammanfogning av denna ändringsförfrågan när alla kontroller lyckas %[1]s`
+pulls.auto_merge_not_scheduled = den här ändringsförfrågan är inte schemalagd för automatisk sammanfogning.
+pulls.auto_merge_canceled_schedule = Automatisk sammanfogning avbröts för den här ändringsförfrågan.
+pulls.auto_merge_newly_scheduled_comment = `schemalade den här ändringsförfrågan för automatisk sammanfogning när alla kontroller lyckas %[1]s`
+pulls.auto_merge_canceled_schedule_comment = `avbröt automatisk sammanfogning av den här ändringsförfrågan när alla kontroller lyckas %[1]s`
 pulls.delete_after_merge.head_branch.is_default = Huvudgrenen du vill radera är standardgrenen och kan inte raderas.
 pulls.delete_after_merge.head_branch.is_protected = Huvudgrenen du vill radera är en skyddad gren och kan inte raderas.
 pulls.delete_after_merge.head_branch.insufficient_branch = Du har inte behörighet att radera huvudgrenen.
-pulls.delete.title = Radera denna ändringsförfrågan?
-pulls.delete.text = Vill du verkligen radera denna ändringsförfrågan? (Detta tar permanent bort allt innehåll. Överväg att stänga den istället om du vill behålla den arkiverad)
+pulls.delete.title = Radera den här ändringsförfrågan?
+pulls.delete.text = Vill du verkligen radera den här ändringsförfrågan? (Det här tar permanent bort allt innehåll. Överväg att stänga den istället om du vill behålla den arkiverad)
 pulls.recently_pushed_new_branches = Du skickade till gren <a href="%[3]s"><strong>%[1]s</strong></a> %[2]s
 pull.deleted_branch = (raderad):%s
 comments.edit.already_changed = Det gick inte att spara ändringar till kommentaren. Det verkar som att innehållet redan har ändrats av en annan användare. Uppdatera sidan och försök redigera igen för att undvika att skriva över deras ändringar
@@ -2425,9 +2425,9 @@ milestones.create_success = Milstolpen "%s" har skapats.
 milestones.edit_success = Milstolpen "%s" har uppdaterats.
 milestones.filter_sort.earliest_due_data = Närmaste förfallodatum
 milestones.filter_sort.latest_due_date = Avlägsnaste förfallodatum
-signing.will_sign = Denna incheckning kommer signeras med nyckel "%s".
+signing.will_sign = den här incheckning kommer signeras med nyckel "%s".
 signing.wont_sign.error = Det uppstod ett fel vid kontroll om incheckningen kunde signeras.
-signing.wont_sign.nokey = Denna instans har ingen nyckel att signera denna incheckning med.
+signing.wont_sign.nokey = den här instans har ingen nyckel att signera den här incheckning med.
 signing.wont_sign.never = Incheckningar signeras aldrig.
 signing.wont_sign.always = Incheckningar signeras alltid.
 signing.wont_sign.pubkey = Incheckningen kommer inte signeras eftersom du inte har en offentlig nyckel kopplad till ditt konto.
@@ -2442,7 +2442,7 @@ wiki.file_revision = Sidrevision
 wiki.wiki_page_revisions = Sidrevisioner
 wiki.delete_page_notice_1 = Borttagning av wiki-sidan "%s" kan inte ångras. Vill du fortsätta?
 wiki.reserved_page = Wiki-sidnamnet "%s" är reserverat.
-wiki.page_name_desc = Ange ett namn för denna wiki-sida. Vissa speciella namn är: "Home", "_Sidebar" och "_Footer".
+wiki.page_name_desc = Ange ett namn för den här wiki-sida. Vissa speciella namn är: "Home", "_Sidebar" och "_Footer".
 wiki.original_git_entry_tooltip = Visa ursprunglig Git-fil istället för att använda vänlig länk.
 activity.navbar.contributors = Bidragsgivare
 activity.navbar.recent_commits = Senaste incheckningar
@@ -2459,18 +2459,18 @@ contributors.contribution_type.filter_label = Bidragstyp:
 contributors.contribution_type.additions = Tillägg
 contributors.contribution_type.deletions = Borttagningar
 settings.federation_settings = Federationsinställningar
-settings.federation_apapiurl = Federations-URL för detta kodförråd. Kopiera och klistra in detta i Federationsinställningar för ett annat kodförråd som en URL för ett följt kodförråd.
+settings.federation_apapiurl = Federations-URL för det här kodförråd. Kopiera och klistra in det här i Federationsinställningar för ett annat kodförråd som en URL för ett följt kodförråd.
 settings.federation_following_repos = URL:er för följda kodförråd. Separerade med ";", inga mellanslag.
 settings.federation_not_enabled = Federation är inte aktiverat på din instans.
 settings.mirror_settings.docs = Konfigurera ditt kodförråd för att automatiskt synkronisera incheckningar, taggar och grenar med ett annat kodförråd.
-settings.mirror_settings.docs.disabled_pull_mirror.instructions = Konfigurera ditt projekt för att automatiskt skicka incheckningar, taggar och grenar till ett annat kodförråd. Dra-speglingar har inaktiverats av din webbplatsadministratör.
+settings.mirror_settings.docs.disabled_pull_mirror.instructions = Konfigurera ditt projekt för att automatiskt skicka incheckningar, taggar och grenar till ett annat kodförråd. Hämtningspeglingar har inaktiverats av din webbplatsadministratör.
 settings.mirror_settings.docs.disabled_push_mirror.instructions = Konfigurera ditt projekt för att automatiskt hämta incheckningar, taggar och grenar från ett annat kodförråd.
-settings.mirror_settings.docs.disabled_push_mirror.pull_mirror_warning = Just nu kan detta endast göras i menyn "Ny migrering". För mer information, se:
+settings.mirror_settings.docs.disabled_push_mirror.pull_mirror_warning = Just nu kan det här endast göras i menyn "Ny migrering". För mer information, se:
 settings.mirror_settings.docs.disabled_push_mirror.info = Skicka-speglingar har inaktiverats av din webbplatsadministratör.
 settings.mirror_settings.docs.no_new_mirrors = Ditt kodförråd speglar ändringar till eller från ett annat kodförråd. Observera att du inte kan skapa några nya speglingar just nu.
 settings.mirror_settings.docs.can_still_use = Även om du inte kan ändra befintliga speglingar eller skapa nya, kan du fortfarande använda din befintliga spegling.
 settings.mirror_settings.docs.pull_mirror_instructions = För att konfigurera en dra-spegling, se:
-settings.mirror_settings.docs.more_information_if_disabled = Du kan läsa mer om skicka- och dra-speglingar här:
+settings.mirror_settings.docs.more_information_if_disabled = Du kan läsa mer om skicka- och hämtaspeglingar här:
 settings.mirror_settings.docs.doc_link_title = Hur speglar jag kodförråd?
 settings.mirror_settings.docs.doc_link_pull_section = avsnittet "Hämta från ett fjärr-kodförråd" i dokumentationen.
 settings.mirror_settings.docs.pulling_remote_title = Hämta från ett fjärr-kodförråd
@@ -2519,27 +2519,27 @@ settings.transfer.success = Överföring av kodförråd lyckades.
 settings.transfer_abort_invalid = Du kan inte avbryta en obefintlig överföring av kodförråd.
 settings.transfer_abort_success = Överföringen av kodförrådet till %s avbröts framgångsrikt.
 settings.confirmation_string = Bekräftelsesträng
-settings.transfer_in_progress = Det pågår för närvarande en överföring. Avbryt den om du vill överföra detta kodförråd till en annan användare.
-settings.transfer_notices_3 = - Om kodförrådet är privat och överförs till en enskild användare, ser denna åtgärd till att användaren har åtminstone läsbehörighet (och ändrar behörigheter vid behov).
+settings.transfer_in_progress = Det pågår för närvarande en överföring. Avbryt den om du vill överföra det här kodförråd till en annan användare.
+settings.transfer_notices_3 = - Om kodförrådet är privat och överförs till en enskild användare, ser den här åtgärd till att användaren har åtminstone läsbehörighet (och ändrar behörigheter vid behov).
 settings.transfer_perform = Genomför överföring
-settings.transfer_started = Detta kodförråd har markerats för överföring och väntar på bekräftelse från "%s"
+settings.transfer_started = Det här kodförråd har markerats för överföring och väntar på bekräftelse från "%s"
 settings.transfer_quota_exceeded = Den nya ägaren (%s) har överskridit kvoten. Kodförrådet har inte överförts.
 settings.signing_settings = Inställningar för signaturverifiering
 settings.trust_model = Förtroendemodell för signaturer
 settings.trust_model.default = Standardförtroendemodell
-settings.trust_model.default.desc = Använd standardförtroendemodell för kodförråd i denna installation.
+settings.trust_model.default.desc = Använd standardförtroendemodell för kodförråd i den här installation.
 settings.trust_model.collaborator.long = Medarbetare: Lita på signaturer från medarbetare
-settings.trust_model.collaborator.desc = Giltiga signaturer från medarbetare i detta kodförråd markeras som "betrodda" - (oavsett om de matchar incheckaren eller inte). Annars markeras giltiga signaturer som "ej betrodda" om signaturen matchar incheckaren och "ej matchande" om inte.
+settings.trust_model.collaborator.desc = Giltiga signaturer från medarbetare i det här kodförråd markeras som "betrodda" - (oavsett om de matchar incheckaren eller inte). Annars markeras giltiga signaturer som "ej betrodda" om signaturen matchar incheckaren och "ej matchande" om inte.
 settings.trust_model.committer = Incheckare
-settings.trust_model.committer.long = Incheckare: Lita på signaturer som matchar incheckare (Detta matchar GitHub och tvingar Forgejo-signerade incheckningar att ha Forgejo som incheckare)
-settings.trust_model.committer.desc = Giltiga signaturer markeras endast som "betrodda" om de matchar incheckaren, annars markeras de som "ej matchande". Detta tvingar Forgejo att vara incheckare på signerade incheckningar med den faktiska incheckaren markerad som Co-authored-by: och Co-committed-by: i incheckningens avslutning. Forgejos standardnyckel måste matcha en användare i databasen.
+settings.trust_model.committer.long = Incheckare: Lita på signaturer som matchar incheckare (Det här matchar GitHub och tvingar Forgejo-signerade incheckningar att ha Forgejo som incheckare)
+settings.trust_model.committer.desc = Giltiga signaturer markeras endast som "betrodda" om de matchar incheckaren, annars markeras de som "ej matchande". Det här tvingar Forgejo att vara incheckare på signerade incheckningar med den faktiska incheckaren markerad som Co-authored-by: och Co-committed-by: i incheckningens avslutning. Forgejos standardnyckel måste matcha en användare i databasen.
 settings.trust_model.collaboratorcommitter = Medarbetare+Incheckare
 settings.trust_model.collaboratorcommitter.long = Medarbetare+Incheckare: Lita på signaturer från medarbetare som matchar incheckaren
-settings.trust_model.collaboratorcommitter.desc = Giltiga signaturer från medarbetare i detta kodförråd markeras som "betrodda" om de matchar incheckaren. Annars markeras giltiga signaturer som "ej betrodda" om signaturen matchar incheckaren och "ej matchande" annars. Detta tvingar Forgejo att markeras som incheckare på signerade incheckningar med den faktiska incheckaren markerad som Co-Authored-By: och Co-Committed-By: i incheckningens avslutning. Forgejos standardnyckel måste matcha en användare i databasen.
+settings.trust_model.collaboratorcommitter.desc = Giltiga signaturer från medarbetare i det här kodförråd markeras som "betrodda" om de matchar incheckaren. Annars markeras giltiga signaturer som "ej betrodda" om signaturen matchar incheckaren och "ej matchande" annars. Det här tvingar Forgejo att markeras som incheckare på signerade incheckningar med den faktiska incheckaren markerad som Co-Authored-By: och Co-Committed-By: i incheckningens avslutning. Forgejos standardnyckel måste matcha en användare i databasen.
 settings.wiki_rename_branch_main = Normalisera wiki-grenens namn
-settings.wiki_rename_branch_main_desc = Byt namn på grenen som används internt av wikin till "%s". Denna ändring är permanent och kan inte ångras.
-settings.wiki_rename_branch_main_notices_1 = Denna åtgärd kan <strong>INTE</strong> ångras.
-settings.wiki_rename_branch_main_notices_2 = Detta kommer permanent byta namn på den interna grenen för %s:s wiki. Befintliga utcheckningar behöver uppdateras.
+settings.wiki_rename_branch_main_desc = Byt namn på grenen som används internt av wikin till "%s". den här ändring är permanent och kan inte ångras.
+settings.wiki_rename_branch_main_notices_1 = den här åtgärd kan <strong>INTE</strong> ångras.
+settings.wiki_rename_branch_main_notices_2 = Det här kommer permanent byta namn på den interna grenen för %s:s wiki. Befintliga utcheckningar behöver uppdateras.
 settings.wiki_branch_rename_success = Kodförrådets wiki-grennamn har normaliserats framgångsrikt.
 settings.wiki_branch_rename_failure = Misslyckades med att normalisera kodförrådets wiki-grennamn.
 settings.confirm_wiki_branch_rename = Byt namn på wiki-grenen
@@ -2549,12 +2549,12 @@ settings.add_collaborator_owner = Det går inte att lägga till en ägare som me
 settings.add_collaborator_blocked_our = Det går inte att lägga till medarbetaren, eftersom kodförrådets ägare har blockerat dem.
 settings.add_collaborator_blocked_them = Det går inte att lägga till medarbetaren, eftersom de har blockerat kodförrådets ägare.
 settings.change_team_permission_tip = Teamets behörighet ställs in på teaminställningssidan och kan inte ändras per kodförråd
-settings.delete_team_tip = Detta team har åtkomst till alla kodförråd och kan inte tas bort
+settings.delete_team_tip = Det här team har åtkomst till alla kodförråd och kan inte tas bort
 settings.add_webhook.invalid_channel_name = Webbkrok-kanalnamn kan inte vara tomt och kan inte bara innehålla ett #-tecken.
 settings.add_webhook.invalid_path = Sökvägen får inte innehålla en del som är "." eller ".." eller en tom sträng. Den kan inte börja eller sluta med ett snedstreck.
-settings.webhook.test_delivery_desc_disabled = För att testa denna webbkrok med en simulerad händelse, aktivera den.
-settings.webhook.replay.description = Spela upp denna webbkrok igen.
-settings.webhook.replay.description_disabled = För att spela upp denna webbkrok igen, aktivera den.
+settings.webhook.test_delivery_desc_disabled = För att testa den här webbkrok med en simulerad händelse, aktivera den.
+settings.webhook.replay.description = Spela upp den här webbkrok igen.
+settings.webhook.replay.description_disabled = För att spela upp den här webbkrok igen, aktivera den.
 settings.webhook.delivery.success = Ett händelse har lagts till i leveranskön. Det kan ta några sekunder innan det visas i leveranshistoriken.
 settings.githooks_desc = Git-krokar drivs av Git själv. Du kan redigera krokfiler nedan för att sätta upp anpassade operationer.
 settings.discord_icon_url.exceeds_max_length = Ikon-URL måste vara 2048 tecken eller färre
@@ -2592,7 +2592,7 @@ settings.event_package_desc = Paket skapat eller borttaget i ett kodförråd.
 settings.branch_filter_desc = Vitlista för grenar vid skicka-, grenskapande- och grenborttagningshändelser, angivet som glob-mönster. Om tomt eller <code>*</code>, rapporteras händelser för alla grenar. Se <a href="%[1]s">%[2]s</a>-dokumentationen för syntax. Exempel: <code>master</code>, <code>{master,release*}</code>.
 settings.authorization_header = Auktoriseringshuvud
 settings.authorization_header_desc = Kommer att inkluderas som auktoriseringshuvud för förfrågningar när det finns. Exempel: %s.
-settings.active_helper = Information om utlösta händelser kommer att skickas till denna webbkrok-URL.
+settings.active_helper = Information om utlösta händelser kommer att skickas till den här webbkrok-URL.
 settings.add_web_hook_desc = Integrera <a target="_blank" rel="noreferrer" href="%s">%s</a> i ditt kodförråd.
 settings.web_hook_name_gitea = Gitea
 settings.web_hook_name_forgejo = Forgejo
@@ -2615,11 +2615,11 @@ settings.sourcehut_builds.access_token_helper = Åtkomsttoken som har JOBS:RW-be
 settings.add_key_success = Distributionsnyckeln "%s" har lagts till.
 settings.protect_new_rule = Skapa en ny grenskyddsregel
 settings.protect_enable_merge = Aktivera sammanfogning
-settings.protect_enable_merge_desc = Alla med skrivåtkomst kommer att kunna sammanfoga ändringsförfrågningar till denna gren.
+settings.protect_enable_merge_desc = Alla med skrivåtkomst kommer att kunna sammanfoga ändringsförfrågningar till den här gren.
 settings.protect_whitelist_committers = Vitlista begränsad skickning
-settings.protect_whitelist_committers_desc = Endast vitlistade användare eller team kommer att kunna skicka till denna gren (men inte tvångsskicka).
+settings.protect_whitelist_committers_desc = Endast vitlistade användare eller team kommer att kunna skicka till den här gren (men inte tvångsskicka).
 settings.protect_status_check_patterns = Mönster för statuskontroller
-settings.protect_status_check_patterns_desc = Ange mönster för att specificera vilka statuskontroller som måste godkännas innan grenar kan sammanfogas till en gren som matchar denna regel. Varje rad anger ett mönster. Mönster kan inte vara tomma.
+settings.protect_status_check_patterns_desc = Ange mönster för att specificera vilka statuskontroller som måste godkännas innan grenar kan sammanfogas till en gren som matchar den här regel. Varje rad anger ett mönster. Mönster kan inte vara tomma.
 settings.protect_status_check_matched = Matchad
 settings.protect_invalid_status_check_pattern = Ogiltigt mönster för statuskontroll: "%s".
 settings.protect_no_valid_status_check_patterns = Inga giltiga mönster för statuskontroll.
@@ -2633,7 +2633,7 @@ settings.ignore_stale_approvals_desc = Räkna inte godkännanden som gjordes på
 settings.protect_branch_name_pattern = Mönster för skyddat grennamn
 settings.protect_branch_name_pattern_desc = Mönster för skyddade grennamn. Se <a href="%s">dokumentationen</a> för mönstersyntax. Exempel: main, release/**
 settings.protect_protected_file_patterns = Mönster för skyddade filer (separerade med semikolon ";")
-settings.protect_protected_file_patterns_desc = Skyddade filer får inte ändras direkt även om användaren har rättigheter att lägga till, redigera, eller ta bort filer i denna gren. Flera mönster kan separeras med semikolon (";"). Se <a href="%[1]s">%[2]s</a>-dokumentationen för mönstersyntax. Exempel: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
+settings.protect_protected_file_patterns_desc = Skyddade filer får inte ändras direkt även om användaren har rättigheter att lägga till, redigera, eller ta bort filer i den här gren. Flera mönster kan separeras med semikolon (";"). Se <a href="%[1]s">%[2]s</a>-dokumentationen för mönstersyntax. Exempel: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.protect_unprotected_file_patterns = Mönster för oskyddade filer (separerade med semikolon ";")
 settings.protect_unprotected_file_patterns_desc = Oskyddade filer som kan ändras direkt om användaren har skrivåtkomst, förbi push-begränsningen. Flera mönster kan separeras med semikolon (";"). Se <a href="%[1]s">%[2]s</a>-dokumentationen för mönstersyntax. Exempel: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
 settings.update_protect_branch_success = Grenskydd för regeln "%s" har uppdaterats.
@@ -2645,29 +2645,29 @@ settings.block_on_official_review_requests = Blockera sammanfogning vid officiel
 settings.block_on_official_review_requests_desc = Sammanfogning kommer inte vara möjlig när det finns officiella granskningsförfrågningar, även om det finns tillräckligt med godkännanden.
 settings.block_outdated_branch = Blockera sammanfogning om ändringsförfrågan är inaktuell
 settings.block_outdated_branch_desc = Sammanfogning kommer inte vara möjlig när head-grenen ligger efter basgrenen.
-settings.enforce_on_admins = Tillämpa denna regel för kodförrådsadministratörer
-settings.enforce_on_admins_desc = Kodförrådsadministratörer kan inte kringgå denna regel.
+settings.enforce_on_admins = Tillämpa den här regel för kodförrådsadministratörer
+settings.enforce_on_admins_desc = Kodförrådsadministratörer kan inte kringgå den här regel.
 settings.merge_style_desc = Sammanfogningsstilar
 settings.default_merge_style_desc = Standard sammanfogningsstil
 settings.protected_branch_required_rule_name = Obligatoriskt regelnamn
-settings.protected_branch_duplicate_rule_name = Det finns redan en regel för denna uppsättning grenar
+settings.protected_branch_duplicate_rule_name = Det finns redan en regel för den här uppsättning grenar
 settings.tags.protection = Taggskydd
 settings.tags.protection.pattern = Taggmönster
 settings.tags.protection.allowed = Tillåtna
 settings.tags.protection.none = Det finns inga skyddade taggar.
 settings.tags.protection.pattern.description = Du kan använda ett enda namn eller ett glob-mönster eller reguljärt uttryck för att matcha flera taggar. Läs mer i <a target="_blank" rel="noopener" href="%s">guiden för skyddade taggar</a>.
 settings.matrix.homeserver_url = Homeserver URL
-settings.matrix.access_token_helper = Det rekommenderas att skapa ett dedikerat Matrix-konto för detta. Åtkomsttoken kan hämtas från Element-webbklienten (i en privat/inkognito-flik) > Användarmeny (uppe till vänster) > Alla inställningar > Hjälp & Om > Avancerat > Åtkomsttoken (precis under Homeserver-URL). Stäng den privata/inkognito-fliken (att logga ut skulle ogiltigförklara token).
+settings.matrix.access_token_helper = Det rekommenderas att skapa ett dedikerat Matrix-konto för det här. Åtkomsttoken kan hämtas från Element-webbklienten (i en privat/inkognito-flik) > Användarmeny (uppe till vänster) > Alla inställningar > Hjälp & Om > Avancerat > Åtkomsttoken (precis under Homeserver-URL). Stäng den privata/inkognito-fliken (att logga ut skulle ogiltigförklara token).
 settings.matrix.room_id_helper = Rum-ID kan hämtas från Element-webbklienten > Rumsinställningar > Avancerat > Internt rum-ID. Exempel: %s.
-settings.archive.text = Arkivering av kodförrådet gör det helt skrivskyddat. Det kommer att döljas från instrumentpanelen. Ingen (inte ens du!) kommer att kunna göra nya incheckningar, eller öppna ärenden eller ändringsförfrågningar.
+settings.archive.text = Arkivering av kodförrådet gör det helt skrivskyddat. Det kommer att döljas från instrumentpanelen. Ingen (inte ens du!) kommer att kunna göra nya incheckningar, eller öppna ärenden eller ändringsförfrågningar. Att dokumentera arkiveringsorsaken rekommenderas för att vägleda framtida utvecklare som planerar att avgrena arkivet.
 settings.archive.tagsettings_unavailable = Tagginställningar är inte tillgängliga i arkiverade kodförråd.
 settings.archive.mirrors_unavailable = Speglingar är inte tillgängliga i arkiverade kodförråd.
 settings.unarchive.button = Avarkivera kodförråd
-settings.unarchive.header = Avarkivera detta kodförråd
+settings.unarchive.header = Avarkivera kodförrådet
 settings.unarchive.text = Avarkivering av kodförrådet återställer dess förmåga att ta emot incheckningar och skickar, samt nya ärenden och ändringsförfrågningar.
 settings.unarchive.success = Kodförrådet avarkiverades framgångsrikt.
 settings.unarchive.error = Ett fel uppstod vid försök att avarkivera kodförrådet. Se loggen för mer detaljer.
-settings.lfs_noattribute = Denna sökväg har inte attributet låsbar i standardgrenen
+settings.lfs_noattribute = den här sökväg har inte attributet låsbar i standardgrenen
 settings.lfs_delete = Ta bort LFS-fil med OID %s
 settings.lfs_delete_warning = Borttagning av en LFS-fil kan orsaka "objekt finns inte"-fel vid utcheckning. Är du säker?
 settings.lfs_findpointerfiles = Hitta pekarfiler
@@ -2681,14 +2681,14 @@ settings.rename_branch_failed_exist = Det går inte att byta namn på grenen eft
 settings.rename_branch_success = Grenen %s byttes framgångsrikt namn till %s.
 diff.git-notes.add = Lägg till anteckning
 diff.git-notes.remove-header = Ta bort anteckning
-diff.git-notes.remove-body = Denna anteckning kommer att tas bort.
+diff.git-notes.remove-body = den här anteckning kommer att tas bort.
 diff.options_button = Diff-alternativ
 diff.download_patch = Ladda ner programfixfil
 diff.download_diff = Ladda ner diff-fil
 diff.stats_desc_file = %d ändringar: %d tillägg och %d borttagningar
 diff.bin_not_shown = Binärfil visas inte.
 diff.file_suppressed_line_too_long = Fil-diff undertryckt eftersom en eller flera rader är för långa
-diff.too_many_files = Vissa filer visades inte eftersom för många filer har ändrats i denna diff
+diff.too_many_files = Vissa filer visades inte eftersom för många filer har ändrats i den här diff
 diff.load = Ladda diff
 diff.generated = genererad
 diff.vendored = tredjepartspaketerad
@@ -2703,7 +2703,7 @@ diff.image.overlay = Överlägga
 diff.show_file_tree = Visa filträd
 diff.hide_file_tree = Dölj filträd
 release.detail = Utgåvedetaljer
-release.tag_helper_new = Ny tagg. Denna tagg kommer att skapas från målet.
+release.tag_helper_new = Ny tagg. den här tagg kommer att skapas från målet.
 release.title = Utgåvetitel
 release.title_empty = Titeln kan inte vara tom.
 release.message = Beskriv denna utgåva
@@ -2730,7 +2730,7 @@ branch.deletion_success = Grenen "%s" har tagits bort.
 branch.deletion_failed = Misslyckades med att ta bort grenen "%s".
 branch.delete_branch_has_new_commits = Grenen "%s" kan inte tas bort eftersom nya incheckningar har lagts till efter sammanfogning.
 branch.create_success = Grenen "%s" har skapats.
-branch.branch_already_exists = Grenen "%s" finns redan i detta kodförråd.
+branch.branch_already_exists = Grenen "%s" finns redan i det här kodförråd.
 branch.branch_name_conflict = Grennamnet "%s" är i konflikt med den redan befintliga grenen "%s".
 branch.tag_collision = Grenen "%s" kan inte skapas eftersom en tagg med samma namn redan finns i kodförrådet.
 branch.restore_success = Grenen "%s" har återställts.
@@ -2740,7 +2740,7 @@ branch.default_deletion_failed = Grenen "%s" är standardgrenen. Den kan inte ta
 branch.restore = Återställ grenen "%s"
 branch.download = Ladda ner grenen "%s"
 branch.rename = Byt namn på grenen "%s"
-branch.included_desc = Denna gren är en del av standardgrenen
+branch.included_desc = den här gren är en del av standardgrenen
 branch.included = Inkluderad
 branch.create_new_branch = Skapa gren från gren:
 branch.warning_rename_default_branch = Du byter namn på standardgrenen.
@@ -2754,9 +2754,9 @@ tag.create_success = Taggen "%s" har skapats.
 topic.format_prompt = Ämnen måste börja med en bokstav eller siffra, kan innehålla bindestreck ("-") och punkter ("."), och kan vara upp till 35 tecken långa. Bokstäver måste vara gemener.
 find_file.go_to_file = Hitta en fil
 find_file.no_matching = Ingen matchande fil hittades
-error.csv.too_large = Det går inte att rendera denna fil eftersom den är för stor.
-error.csv.unexpected = Det går inte att rendera denna fil eftersom den innehåller ett oväntat tecken på rad %d och kolumn %d.
-error.csv.invalid_field_count = Det går inte att rendera denna fil eftersom den har fel antal fält på rad %d.
+error.csv.too_large = Det går inte att rendera den här fil eftersom den är för stor.
+error.csv.unexpected = Det går inte att rendera den här fil eftersom den innehåller ett oväntat tecken på rad %d och kolumn %d.
+error.csv.invalid_field_count = Det går inte att rendera den här fil eftersom den har fel antal fält på rad %d.
 
 
 
@@ -2764,7 +2764,7 @@ error.csv.invalid_field_count = Det går inte att rendera denna fil eftersom den
 component_loading = Laddar %s…
 code_frequency.what = kodfrekvens
 component_loading_failed = Det gick inte att ladda %s
-component_loading_info = Detta kan ta en stund…
+component_loading_info = Det här kan ta en stund…
 component_failed_to_load = Ett oväntat fel inträffade.
 contributors.what = bidrag
 recent_commits.what = senaste incheckningar
@@ -2809,7 +2809,7 @@ settings.update_settings=Uppdatera inställningar
 settings.update_setting_success=Organisationsinställningarna har uppdaterats.
 settings.update_avatar_success=Organisationens avatar har uppdateras.
 settings.delete=Tag bort organisation
-settings.delete_account=Ta bort denna organisation
+settings.delete_account=Ta bort den här organisation
 settings.delete_prompt=Organisationen kommer tas bort permanent, och det går <strong>INTE</strong> att ångra detta!
 settings.confirm_delete_account=Bekräfta borttagning
 settings.delete_org_title=Ta bort organisation
@@ -2848,7 +2848,7 @@ teams.add_team_member=Lägg till teammedlem
 teams.delete_team_title=Ta bort team
 teams.delete_team_desc=Borttagning av ett team återkallar åtkomsten till kodförråd för dess medlemmar. Vill du fortsätta?
 teams.delete_team_success=Teamet har blivit borttaget.
-teams.admin_permission_desc=Medlemskap i detta team ger <strong>administratörsrättigheter</strong>: medlemmar kan läsa från, skicka till och lägga till medarbetare till teamets kodförråd.
+teams.admin_permission_desc=Medlemskap i det här team ger <strong>administratörsrättigheter</strong>: medlemmar kan läsa från, skicka till och lägga till medarbetare till teamets kodförråd.
 teams.create_repo_permission_desc=Vidare så ger detta team <strong>Skapa utvecklingskatalog</strong> rättigheten: medlemmar can skapa nya utvecklingskataloger i organisationen.
 teams.repositories=Lagets utvecklingskataloger
 teams.remove_all_repos_title=Ta bort alla utvecklingskataloger för teamet
@@ -2869,7 +2869,7 @@ teams.none_access = Ingen åtkomst
 teams.general_access = Anpassad åtkomst
 teams.invite_team_member.list = Väntande inbjudningar
 open_dashboard = Öppna instrumentpanel
-follow_blocked_user = Du kan inte följa denna organisation eftersom denna organisation har blockerat dig.
+follow_blocked_user = Du kan inte följa den här organisation eftersom den här organisation har blockerat dig.
 form.name_reserved = Organisationsnamnet "%s" är reserverat.
 form.name_pattern_not_allowed = Mönstret "%s" är inte tillåtet i ett organisationsnamn.
 settings.email = Kontakt-e-post
@@ -3062,10 +3062,10 @@ auths.tip.facebook=Registrera en ny appliaktion på %s och lägg till produkten
 auths.tip.github=Registrera en ny OAuth applikation på %s
 auths.tip.google_plus=Erhåll inloggningsuppgifter för OAuth2 från Google API-konsolen på %s
 auths.tip.openid_connect=Använd OpenID Connect Discovery länken (<server>/.well-known/openid-configuration) för att ange slutpunkterna
-auths.tip.twitter=Gå till %s, skapa en applikation och försäkra att alternativet "Tillåt att denna applikation används för att logga in med Twitter" är aktiverat
+auths.tip.twitter=Gå till %s, skapa en applikation och försäkra att alternativet "Tillåt att den här applikation används för att logga in med Twitter" är aktiverat
 auths.tip.discord=Registrera en ny applikation på %s
 auths.edit=Redigera autentiseringskälla
-auths.activated=Denna autentiseringskälla är aktiverad
+auths.activated=den här autentiseringskälla är aktiverad
 auths.update_success=Autentiseringskällan har uppdaterats.
 auths.update=Uppdatera autentiseringskälla
 auths.delete=Ta bort autentiseringskälla
@@ -3223,7 +3223,7 @@ users.bot = Bott
 users.remote = Fjärråtkomst
 users.restricted.description = Tillåt endast interaktion med kodförråd och organisationer där den här användaren finns tillagd som medarbetare. Det förhindrar tillgång till allmänna kodförråd i den här instansen.
 users.is_restricted = Begränsat konto
-self_check.database_inconsistent_collation_columns = Databasen använder kollateringen %s, men dessa kolumner använder felanpassade kollateringar. Det kan komma att orsaka oväntade problem.
+self_check.database_inconsistent_collation_columns = Databasen använder kollateringen %s, men de här kolumner använder felanpassade kollateringar. Det kan komma att orsaka oväntade problem.
 hooks = webbkrokar
 integrations = Integrationer
 users.list_status_filter.menu_text = Filter
@@ -3296,15 +3296,15 @@ dashboard.rebuild_issue_indexer = Återuppbygg ärendeindexerare
 users.restricted = Begränsad
 users.new_success = Användarkontot "%s" har skapats.
 users.activated.description = Slutförande av e-postverifiering. Ägaren av ett oaktiverat konto kommer inte kunna logga in förrän e-postverifieringen är slutförd.
-users.block.description = Blockera denna användare från att interagera med denna tjänst genom deras konto och förbjud inloggning.
-users.admin.description = Ge denna användare full åtkomst till alla administrativa funktioner tillgängliga via webbgränssnittet och API:et.
-users.allow_git_hook_tooltip = Git-krokar körs som OS-användaren som kör Forgejo och kommer ha samma nivå av värdåtkomst. Som ett resultat kan användare med denna speciella Git-hook-behörighet komma åt och modifiera alla Forgejo-kodförråd samt databasen som används av Forgejo. Följaktligen kan de också få Forgejo-administratörsbehörigheter.
-users.local_import.description = Tillåt import av kodförråd från serverns lokala filsystem. Detta kan vara ett säkerhetsproblem.
+users.block.description = Blockera den här användare från att interagera med den här tjänst genom deras konto och förbjud inloggning.
+users.admin.description = Ge den här användare full åtkomst till alla administrativa funktioner tillgängliga via webbgränssnittet och API:et.
+users.allow_git_hook_tooltip = Git-krokar körs som OS-användaren som kör Forgejo och kommer ha samma nivå av värdåtkomst. Som ett resultat kan användare med den här speciella Git-hook-behörighet komma åt och modifiera alla Forgejo-kodförråd samt databasen som används av Forgejo. Följaktligen kan de också få Forgejo-administratörsbehörigheter.
+users.local_import.description = Tillåt import av kodförråd från serverns lokala filsystem. Det här kan vara ett säkerhetsproblem.
 users.organization_creation.description = Tillåt skapande av nya organisationer.
 users.cannot_delete_self = Du kan inte radera dig själv
 users.purge = Rensa användare
-users.purge_help = Tvångsradera användare och alla kodförråd, organisationer och paket som ägs av användaren. Alla kommentarer och ärenden skapade av denna användare kommer också raderas.
-users.still_own_packages = Denna användare äger fortfarande ett eller flera paket, radera dessa paket först.
+users.purge_help = Tvångsradera användare och alla kodförråd, organisationer och paket som ägs av användaren. Alla kommentarer och ärenden skapade av den här användare kommer också raderas.
+users.still_own_packages = den här användare äger fortfarande ett eller flera paket, radera de här paket först.
 users.reset_2fa = Återställ 2FA
 users.list_status_filter.reset = Återställ
 users.list_status_filter.not_active = Inaktiv
@@ -3315,11 +3315,11 @@ users.list_status_filter.is_2fa_enabled = 2FA aktiverad
 users.list_status_filter.not_2fa_enabled = 2FA inaktiverad
 emails.email_manage_panel = Hantera användares e-postadresser
 emails.not_updated = Det gick inte att uppdatera den begärda e-postadressen: %v
-emails.duplicate_active = Denna e-postadress är redan aktiv för en annan användare.
+emails.duplicate_active = den här e-postadress är redan aktiv för en annan användare.
 emails.change_email_header = Uppdatera e-postegenskaper
-emails.change_email_text = Är du säker på att du vill uppdatera denna e-postadress?
+emails.change_email_text = Är du säker på att du vill uppdatera den här e-postadress?
 emails.delete = Radera e-postadress
-emails.delete_desc = Är du säker på att du vill radera denna e-postadress?
+emails.delete_desc = Är du säker på att du vill radera den här e-postadress?
 emails.deletion_success = E-postadressen har raderats.
 emails.delete_primary_email_error = Du kan inte radera den primära e-postadressen.
 repos.unadopted = Oadopterade kodförråd
@@ -3349,7 +3349,7 @@ auths.user_attribute_in_group = Användarattribut listat i grupp
 auths.map_group_to_team = Mappa LDAP-grupper till organisationsteam (lämna fältet tomt för att hoppa över)
 auths.map_group_to_team_removal = Ta bort användare från synkroniserade team om användaren inte tillhör motsvarande LDAP-grupp
 auths.enable_ldap_groups = Aktivera LDAP-grupper
-auths.force_smtps_helper = SMTPS används alltid på port 465. Ställ in detta för att tvinga SMTPS på andra portar. (Annars används STARTTLS på andra portar om det stöds av värden.)
+auths.force_smtps_helper = SMTPS används alltid på port 465. Ställ in det här för att tvinga SMTPS på andra portar. (Annars används STARTTLS på andra portar om det stöds av värden.)
 auths.helo_hostname = HELO-värdnamn
 auths.helo_hostname_helper = Värdnamn som skickas med HELO. Lämna tomt för att skicka nuvarande värdnamn.
 auths.disable_helo = Inaktivera HELO
@@ -3359,10 +3359,10 @@ auths.skip_local_two_fa_helper = Att lämna det omarkerat innebär att lokala an
 auths.oauth2_tenant = Klient
 auths.oauth2_scopes = Ytterligare scopes
 auths.oauth2_required_claim_name = Obligatoriskt claim-namn
-auths.oauth2_required_claim_name_helper = Ange detta namn för att begränsa inloggning från denna källa till användare med ett claim med detta namn
+auths.oauth2_required_claim_name_helper = Ange det här namn för att begränsa inloggning från den här källa till användare med ett claim med det här namn
 auths.oauth2_required_claim_value = Obligatoriskt claim-värde
-auths.oauth2_required_claim_value_helper = Ange detta värde för att begränsa inloggning från denna källa till användare med ett claim med detta namn och värde
-auths.oauth2_group_claim_name = Claim-namn som ger gruppnamn för denna källa. (Valfritt)
+auths.oauth2_required_claim_value_helper = Ange det här värde för att begränsa inloggning från den här källa till användare med ett claim med det här namn och värde
+auths.oauth2_group_claim_name = Claim-namn som ger gruppnamn för den här källa. (Valfritt)
 auths.oauth2_admin_group = Grupp-claim-värde för administratörsanvändare. (Valfritt - kräver claim-namn ovan)
 auths.oauth2_restricted_group = Grupp-claim-värde för begränsade användare. (Valfritt - kräver claim-namn ovan)
 auths.oauth2_map_group_to_team = Mappa claimade grupper till organisationsteam. (Valfritt - kräver claim-namn ovan)
@@ -3376,7 +3376,7 @@ auths.tip.mastodon = Ange en anpassad instans-URL för Mastodon-instansen du vil
 auths.new_success = Autentiseringen "%s" har lagts till.
 auths.login_source_exist = Autentiseringskällan "%s" finns redan.
 auths.unable_to_initialize_openid = Det gick inte att initiera OpenID Connect-leverantör: %s
-auths.invalid_openIdConnectAutoDiscoveryURL = Ogiltig Auto Discovery-URL (detta måste vara en giltig URL som börjar med http:// eller https://)
+auths.invalid_openIdConnectAutoDiscoveryURL = Ogiltig Auto Discovery-URL (det här måste vara en giltig URL som börjar med http:// eller https://)
 config.app_slogan = Instansslogan
 config.custom_file_root_path = Anpassad filrotsökväg
 config.app_data_path = Sökväg för appdata
@@ -3530,7 +3530,7 @@ workflow.disable_success = Arbetsflödet "%s" inaktiverat framgångsrikt.
 workflow.enable = Aktivera arbetsflöde
 workflow.enable_success = Arbetsflödet "%s" aktiverat framgångsrikt.
 workflow.disabled = Arbetsflödet är inaktiverat.
-workflow.dispatch.trigger_found = Detta arbetsflöde har en <c>workflow_dispatch</c>-händelseutlösare.
+workflow.dispatch.trigger_found = Det här arbetsflöde har en <c>workflow_dispatch</c>-händelseutlösare.
 workflow.dispatch.use_from = Använd arbetsflöde från
 workflow.dispatch.run = Kör arbetsflöde
 workflow.dispatch.success = Arbetsflödeskörning begärdes framgångsrikt.
@@ -3597,7 +3597,7 @@ keyword_search_unavailable = Sökning på nyckelord är för närvarande inte ti
 
 
 [translation_meta]
-test = Det här är en teststräng. Den visas inte i Forgejo UI men används vid testtillfälle. Vänligen skriv in "ok" för att spara tid (eller en intressant fakta du själv väljer) för att nå upp till 100% komplett :)
+test = Det här är en teststräng. Den visas inte i Forgejo UI men används vid testtillfälle. skriv in "ok" för att spara tid (eller en intressant fakta du själv väljer) för att nå upp till 100% komplett :)
 
 [munits.data]
 
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 6292177a32..9c02d496f9 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -2311,7 +2311,7 @@ pulls.clear_merge_message_hint = Очищення повідомлення пр
 branch.delete_branch_has_new_commits = Гілку «%s» не можна видалити, оскільки після об’єднання було додано нові коміти.
 settings.graphql_url = Посилання GraphQL
 settings.packagist_api_token = Токен API
-settings.archive.text = Архівування репозиторію зробить його доступним тільки для читання. Він буде прихований з панелі управління. Ніхто (навіть ви!) не зможе робити нові коміти, створювати задачі чи запити на злиття.
+settings.archive.text = Архівування репозиторію зробить його доступним тільки для читання. Він буде прихований з панелі управління. Ніхто (навіть ви!) не зможе робити нові коміти, створювати задачі чи запити на злиття. Рекомендуємо вказати причину архівування для тих, хто у майбутньому захоче створити форк цього репозиторію.
 settings.protected_branch.delete_rule = Видалити правило
 settings.branches.add_new_rule = Додати нове правило
 settings.add_key_success = Ключ розгортання «%s» додано.
@@ -2877,7 +2877,7 @@ teams.add_all_repos_desc=Усі репозиторії організації б
 teams.add_duplicate_users=Користувач уже є учасником команди.
 teams.repos.none=Для команди немає доступних репозиторіїв.
 teams.members.none=У цій команді немає учасників.
-teams.specific_repositories=Конкретні репозиторії
+teams.specific_repositories=Визначені репозиторії
 teams.specific_repositories_helper=Учасники матимуть доступ лише до репозиторіїв, які були явно додані до команди. Вибір цього пункту <strong>не призводить</strong> до автоматичного видалення репозиторіїв, доданих з <i>Усі репозиторії</i>.
 teams.all_repositories=Усі репозиторії
 teams.all_repositories_helper=Команда має доступ до всіх репозиторіїв. Вибір цього пункту <strong>додасть усі наявні</strong> репозиторії до команди.
@@ -3019,7 +3019,7 @@ users.allow_create_organization=Може створювати організац
 users.update_profile=Оновити обліковий запис
 users.delete_account=Видалити обліковий запис
 users.still_own_repo=Цьому користувачу досі належать один чи більше репозиторіїв. Спершу видаліть або передайте їх.
-users.still_has_org=Цей обліковий запис все ще є учасником однієї або декількох організацій. Для продовження, покиньте або видаліть організації.
+users.still_has_org=Цей користувач є учасником однієї або декількох організацій. Спочатку видаліть користувача з усіх організацій.
 users.deletion_success=Обліковий запис користувача видалено.
 users.reset_2fa=Скинути 2FA
 users.list_status_filter.menu_text=Фільтр
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 5b685e36ae..e278b425c9 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -347,7 +347,7 @@ app_slogan_helper = 在此处输入您的实例标语。留空则禁用。
 [home]
 uname_holder=用户名或电子邮件地址
 switch_dashboard_context=切换控制面板用户
-my_repos=仓库列表
+my_repos=仓库
 my_orgs=我的组织
 view_home=访问%s
 filter=其他过滤器
@@ -641,7 +641,7 @@ email_domain_is_not_allowed = 用户电子邮件地址的域名<b>%s</b>与EMAIL
 [user]
 change_avatar=修改头像……
 joined_on=加入于%s
-repositories=仓库列表
+repositories=仓库
 activity=公开活动
 followers_few=%d位关注者
 starred=已点赞
@@ -691,7 +691,7 @@ avatar=头像设置
 ssh_gpg_keys=SSH / GPG公钥
 applications=应用
 orgs=组织
-repos=仓库列表
+repos=仓库
 delete=删除账号
 twofa=两步验证（TOTP）
 organization=组织
@@ -1350,7 +1350,7 @@ editor.cherry_pick=Cherry-pick %s到：
 editor.revert=将%s还原到：
 
 commits.desc=浏览代码修改历史。
-commits.commits=次代码提交
+commits.commits=次提交
 commits.no_commits=没有共同的提交。%s和%s的历史完全不同。
 commits.nothing_to_compare=这些分支是相同的。
 commits.search.tooltip=您可以在关键词前加上前缀"author:"、"committer:"、"after:"或"before:"，例如"revert author:Alice before:2019-01-13"。
@@ -1574,7 +1574,7 @@ issues.role.member=成员
 issues.role.member_helper=该用户是拥有该仓库的组织成员。
 issues.role.collaborator=协作者
 issues.role.collaborator_helper=该用户已被邀请在仓库上进行协作。
-issues.role.first_time_contributor=首次贡献者
+issues.role.first_time_contributor=初次贡献者
 issues.role.first_time_contributor_helper=这是该用户对仓库的第一次贡献。
 issues.role.contributor=贡献者
 issues.role.contributor_helper=该用户之前已提交至该仓库。
@@ -1776,7 +1776,7 @@ pulls.has_pull_request=这些分支之间的合并请求已存在：<a href="%[1
 pulls.create=创建合并请求
 pulls.change_target_branch_at=将目标分支从<b>%s</b>更改为<b>%s</b> %s
 pulls.tab_conversation=对话
-pulls.tab_commits=代码提交
+pulls.tab_commits=提交
 pulls.tab_files=文件更改
 pulls.reopen_to_merge=请重新创建此合并请求。
 pulls.cant_reopen_deleted_branch=无法重新打开此合并请求，因为分支已删除。
@@ -2404,7 +2404,7 @@ settings.matrix.room_id=房间ID
 settings.matrix.message_type=消息类型
 settings.archive.button=存档仓库
 settings.archive.header=存档此仓库
-settings.archive.text=存档仓库将使其完全只读。它将在首页隐藏。没有人（甚至包括你！）能够进行新的提交，或打开议题及合并请求。
+settings.archive.text=存档仓库将使其完全只读。它将在首页隐藏。没有人（甚至包括你！）能够进行新的提交，或打开议题及合并请求。建议记载存档的原因以便引导未来计划从本仓库派生新仓库的开发者。
 settings.archive.success=仓库已成功存档。
 settings.archive.error=仓库在存档时出现异常。请通过日志获取详细信息。
 settings.archive.error_ismirror=不能存档镜像仓库。
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index d352f29aec..74e66831e9 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -581,5 +581,26 @@
 	"actions.secrets.mutation.success_message": "Tajný klíč „%s“ byl upraven.",
 	"actions.secrets.mutation.failure_message": "Tajný klíč „%s“ se nepodařilo upravit.",
 	"actions.secrets.mutation.name_description": "Název tajného klíče může obsahovat pouze písmena, číslice a podtržítka. Nemůže začínat textem FORGEJO_, GITEA_, GITHUB_ nebo číslem. Forgejo jej automaticky převede na velká písmena.",
-	"actions.secrets.mutation.value_description": "Existující hodnota nebude zobrazena. Ponechte pole prázdné, pokud jej nechcete upravit. Zvláštní znaky zůstanou zachovány. CRLF (zakončení řádků ve stylu Windows) budou automaticky převedeny na LF. Pokud chcete zachovat zakončení řádků, zakódujte hodnotu pomocí Base64."
+	"actions.secrets.mutation.value_description": "Existující hodnota nebude zobrazena. Ponechte pole prázdné, pokud jej nechcete upravit. Zvláštní znaky zůstanou zachovány. CRLF (zakončení řádků ve stylu Windows) budou automaticky převedeny na LF. Pokud chcete zachovat zakončení řádků, zakódujte hodnotu pomocí Base64.",
+	"settings.permissions_access_specific_repositories": "Konkrétní repozitáře",
+	"settings.access_token.selected_repositories": {
+		"one": "Vybrán repozitář (%d)",
+		"few": "Vybrány repozitáře (%d)",
+		"other": "Vybrány repozitáře (%d)"
+	},
+	"settings.access_token.available_repositories": "Dostupné repozitáře",
+	"settings.access_token.no_repositories_selected": "Nejsou vybrány žádné repozitáře.",
+	"settings.access_token.no_repositories_found": "Nenalezeny žádné repozitáře.",
+	"settings.access_token.remove": "Odstranit %s",
+	"settings.access_token.resource_all_help": "Povolit přístup ke všem zdrojům.",
+	"settings.access_token.resource_public_only_help": "Omezit přístup k veřejným repozitářům a organizacím.",
+	"settings.access_token.resource_specific_repo_help": "Omezit přístup ke konkrétním repozitářům. Přístup pouze ke čtení je udělen všem veřejným repozitářům. Povolena mohou být pouze oprávnění, která povolují přístup k repozitářům a problémům.",
+	"settings.access_token.admin_disabled": "Administrativní oprávnění jsou zakázána.",
+	"actions.runs.scheduled_description": "Naplánovaný běh revize <a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "Běh revize <a href=\"%[1]s\">%[2]s</a> spuštěný službou <a href=\"%[3]s\">%[4]s</a>",
+	"actions.runs.on_push_description": "Revize <a href=\"%[1]s\">%[2]s</a> odeslaná uživatelem <a href=\"%[3]s\">%[4]s</a>",
+	"members.add_member": "Přidat člena",
+	"members.user": "Uživatel",
+	"members.user_already_member": "Tento uživatel již je členem organizace.",
+	"members.no_team_selected": "Členové organizace musí patřit do alespoň jednoho týmu."
 }
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 15137fd5e8..253b3188c7 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -560,5 +560,31 @@
 	"actions.runners.task_list_user": "Neuliche Aufgaben dieses Benutzers auf diesem Runner",
 	"settings.new_access_token": "Neuer Zugangstoken",
 	"graphs.recent_commits.title": "Anzahl der Commits im letzten Jahr",
-	"graphs.code_frequency.title": "Code-Frequenz über die Geschichte von {0}"
+	"graphs.code_frequency.title": "Code-Frequenz über die Geschichte von {0}",
+	"settings.permissions_access_specific_repositories": "Bestimmte Repositorys",
+	"settings.access_token.selected_repositories": {
+		"one": "Ausgewähltes Repository (%d)",
+		"other": "Ausgewählte Repositorys (%d)"
+	},
+	"settings.access_token.available_repositories": "Verfügbare Repositorys",
+	"settings.access_token.no_repositories_selected": "Keine Repositorys ausgewählt.",
+	"settings.access_token.no_repositories_found": "Keine Repositorys gefunden.",
+	"settings.access_token.remove": "%s entfernen",
+	"settings.access_token.resource_all_help": "Erlaube den Zugang zu allen Ressourcen.",
+	"settings.access_token.resource_public_only_help": "Beschränke den Zugang auf Repositorys und Organisationen, die öffentlich sind.",
+	"settings.access_token.resource_specific_repo_help": "Beschränke den Zugang auf eine Liste bestimmter Repositorys. Der Lesezugriff wird auf alle öffentlichen Repositorys gewährt. Nur Berechtigungen, die den Zugriff auf Repositorys und Issues erlauben, können aktiviert werden.",
+	"settings.access_token.admin_disabled": "Verwaltungsberechtigungen sind deaktiviert.",
+	"actions.runs.scheduled_description": "Planmäßiger Run des Commits <a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "Run des Commits <a href=\"%[1]s\">%[2]s</a>, ausgelöst von <a href=\"%[3]s\">%[4]s</a>",
+	"actions.runs.on_push_description": "Commit <a href=\"%[1]s\">%[2]s</a>, gepusht von <a href=\"%[3]s\">%[4]s</a>",
+	"actions.secrets.edit_button": "Geheimnis „%s“ bearbeiten",
+	"actions.secrets.mutation.header": "Geheimnis „%s“ bearbeiten",
+	"actions.secrets.mutation.success_message": "Das Geheimnis „%s“ wurde aktualisiert.",
+	"actions.secrets.mutation.failure_message": "Das Geheimnis „%s“ konnte nicht aktualisiert werden.",
+	"actions.secrets.mutation.name_description": "Der Name eines Geheimnisses darf nur Buchstaben, Ziffern und Unterstriche enthalten. Er darf nicht mit „FORGEJO_“, „GITEA_“, „GITHUB_“ oder einer Zahl anfangen. Forgejo wird ihn automatisch in Großbuchstaben umwandeln.",
+	"actions.secrets.mutation.value_description": "Ein bereits existierender Wert wird nicht angezeigt. Lasse das Feld leer, wenn es nicht geändert werden soll. Sonderzeichen bleiben erhalten. CRLF (Windows-Zeilenumbrüche) werden automatisch in LF umgewandelt. Kodiere den Wert mit Base64, wenn Zeilenumbrüche beibehalten werden sollen.",
+	"members.add_member": "Mitglied hinzufügen",
+	"members.user": "Benutzer",
+	"members.user_already_member": "Dieser Benutzer ist bereits ein Mitglied der Organisation.",
+	"members.no_team_selected": "Organisationsmitglieder müssen mindestens einem Team angehören."
 }
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index cae0fc7db3..fff792b714 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -411,5 +411,7 @@
 	"moderation.comment.deletion_success": "El comentario ha sido eliminado.",
 	"mail.actions.run_info_sha": "Confirmación: %[1]s",
 	"mail.issue.action.close_by_commit": "%[1]s cerró %[2]s en la confirmación %[3]s.",
-	"repo.diff.commit.next-short": "Siguiente"
+	"repo.diff.commit.next-short": "Siguiente",
+	"admin.config.global_2fa_requirement.all": "Todos los usuarios",
+	"admin.config.global_2fa_requirement.admin": "Administradores"
 }
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index ca3635c641..d80cb70025 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -19,7 +19,7 @@
 	"notification.mark_all_as_read": "Tout marquer comme lu",
 	"notification.subscriptions": "Abonnements",
 	"notification.watching": "Suivi",
-	"notification.no_subscriptions": "Pas d'abonnements",
+	"notification.no_subscriptions": "Vous n'avez pas d'abonnements.",
 	"dropzone.default_message": "Déposez les fichiers ou cliquez ici pour téléverser.",
 	"dropzone.invalid_input_type": "Les fichiers de ce type ne peuvent pas être téléversés.",
 	"dropzone.file_too_big": "La taille du fichier ({{filesize}} Mo) dépasse la taille maximale ({{maxFilesize}} Mo).",
@@ -372,14 +372,14 @@
 	"actions.runners.labels": "Labels",
 	"actions.runners.last_online": "Dernière fois en ligne",
 	"actions.runners.runner_title": "Exécuteur %s",
-	"actions.runners.task_list.no_tasks": "Il n'y a pas de tâche ici.",
+	"actions.runners.task_list.no_tasks": "Il n'y a pas de tâches ici.",
 	"actions.runners.task_list.run": "Exécuter",
 	"actions.runners.task_list.status": "Statut",
 	"actions.runners.task_list.repository": "Dépôt",
 	"actions.runners.task_list.commit": "Révision",
 	"actions.runners.task_list.done_at": "Fait à",
 	"actions.runners.update_runner.success": "Exécuteur édité avec succès",
-	"actions.runners.update_runner.failed": "Impossible d'actualiser l'Exécuteur",
+	"actions.runners.update_runner.failed": "Impossible d'éditer l'exécuteur",
 	"actions.runners.delete_runner.success": "Exécuteur supprimé avec succès",
 	"actions.runners.delete_runner.failed": "Impossible de supprimer l'Exécuteur",
 	"actions.runners.delete_runner.header": "Confirmer la suppression de cet exécuteur",
@@ -563,5 +563,23 @@
 	"actions.secrets.mutation.name_description": "Le nom d'un secret ne peut contenir que des lettres, des chiffres et des `_`. Il ne peut pas démarrer avec FORGEJO_ , GITEA_ , GITHUB_ , ou un nombre. Forgejo le convertira automatiquement en majuscules.",
 	"form.RunnerName": "Nom",
 	"graphs.recent_commits.title": "Nombre de commits au cours de l'année écoulée",
-	"graphs.code_frequency.title": "Fréquence de code sur l'historique de {0}"
+	"graphs.code_frequency.title": "Fréquence de code sur l'historique de {0}",
+	"settings.permissions_access_specific_repositories": "Dépôts spécifiques",
+	"settings.access_token.selected_repositories": {
+		"one": "Dépôt sélectionné (%d)",
+		"many": "Dépôts sélectionnés (%d)",
+		"other": "Dépôts sélectionnés (%d)"
+	},
+	"settings.access_token.available_repositories": "Dépôts disponibles",
+	"settings.access_token.no_repositories_selected": "Aucun dépôt sélectionné.",
+	"settings.access_token.no_repositories_found": "Aucun dépôt trouvé.",
+	"settings.access_token.remove": "Supprimer %s",
+	"settings.access_token.resource_public_only_help": "Limiter l'accès aux dépôts et aux organisations publiques.",
+	"settings.access_token.resource_specific_repo_help": "Limiter l'accès à une liste spécifique de dépôts. L'accès en lecture seule est autorisé sur tous les dépôts publiques. Seules les permissions permettant l'accès aux dépôts et aux tickets peuvent être activées.",
+	"settings.access_token.admin_disabled": "Les autorisations administratives sont désactivées.",
+	"actions.runners.token": "Jeton",
+	"actions.runners.ephemeral.no": "non",
+	"actions.runs.scheduled_description": "Exécution planifiée du commit <a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "Exécution du commit <a href=\"%[1]s\">%[2]s</a> déclenché par <a href=\"%[3]s\">%[4]s</a>",
+	"actions.runs.on_push_description": "Commit <a href=\"%[1]s\">%[2]s</a> poussé par <a href=\"%[3]s\">%[4]s</a>"
 }
diff --git a/options/locale_next/locale_mk.json b/options/locale_next/locale_mk.json
new file mode 100644
index 0000000000..0967ef424b
--- /dev/null
+++ b/options/locale_next/locale_mk.json
@@ -0,0 +1 @@
+{}
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 71d6d8dfbc..5806fe1eeb 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -582,5 +582,9 @@
 	"settings.access_token.admin_disabled": "Chef-Rechten sünd utknipst.",
 	"actions.runs.scheduled_description": "Utföhren na Tiedplaan vun Kommitteren <a href=\"%[1]s\">%[2]s</a>",
 	"actions.runs.workflow_dispatch_description": "Utföhren vun Kommitteren <a href=\"%[1]s\">%[2]s</a> vun <a href=\"%[3]s\">%[4]s</a> utlööst",
-	"actions.runs.on_push_description": "Kommitteren <a href=\"%[1]s\">%[2]s</a> vun <a href=\"%[3]s\">%[4]s</a> schuven"
+	"actions.runs.on_push_description": "Kommitteren <a href=\"%[1]s\">%[2]s</a> vun <a href=\"%[3]s\">%[4]s</a> schuven",
+	"members.add_member": "Liddmaat hentofögen",
+	"members.user": "Bruker",
+	"members.user_already_member": "Deeser Bruker is al een Liddmaat vun deeser Vereenigung.",
+	"members.no_team_selected": "Vereenigungs-Liddmaten mutten to tominnst eener Klottje tohören."
 }
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index 978fe5b3c5..f740233d69 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -499,5 +499,14 @@
 	"packages.common.install": "Voer de volgende opdracht uit om het pakket te installeren:",
 	"packages.common.registry": "Stel dit register in vanaf de opdrachtregel:",
 	"packages.common.repository": "Repository informatie",
-	"actions.runs.all_runs_link": "alle runs"
+	"actions.runs.all_runs_link": "alle runs",
+	"settings.specific_repo_access": "Repositories toegang",
+	"settings.permissions_access_specific_repositories": "Specifieke repositories",
+	"settings.access_token.available_repositories": "Beschikbare repositories",
+	"settings.access_token.no_repositories_selected": "Geen repositories geselecteerd.",
+	"settings.access_token.no_repositories_found": "Geen repositories gevonden.",
+	"settings.access_token.remove": "Verwijder %s",
+	"settings.access_token.resource_all_help": "Toegang tot alle bronnen toestaan.",
+	"settings.access_token.resource_public_only_help": "Toegang tot repositories en organisaties die openbaar zijn beperken.",
+	"actions.runners.list_runners.delete_column": "Verwijder"
 }
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index 0d169466e0..4f74217753 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -19,7 +19,7 @@
 	"notification.mark_all_as_read": "Oznacz wszystkie jako przeczytane",
 	"notification.subscriptions": "Subskrypcje",
 	"notification.watching": "Obserwowane",
-	"notification.no_subscriptions": "Brak subskrypcji",
+	"notification.no_subscriptions": "Nie masz żadnych subskrypcji.",
 	"dropzone.default_message": "Upuść pliki tutaj lub kliknij, aby przesłać.",
 	"dropzone.invalid_input_type": "Nie można przesłać plików tego typu.",
 	"dropzone.file_too_big": "Rozmiar pliku ({{filesize}} MB) przekracza maksymalny rozmiar ({{maxFilesize}} MB).",
@@ -195,7 +195,7 @@
 	"release.n_downloads": {
 		"one": "%s pobranie",
 		"few": "%s pobrania",
-		"many": ""
+		"many": "%s pobrań"
 	},
 	"repo.pulls.merged_title_desc": {
 		"one": "scala %[1]d commit z <code>%[2]s</code> do <code>%[3]s</code> %[4]s",
@@ -327,9 +327,9 @@
 	"repo.issues.filter_modified.hint": "Filtruj według daty ostatniej modyfikacji",
 	"issues.updated": "ostatnia aktualizacja: %s",
 	"repo.pulls.poster_manage_approval": "Zarządzaj zatwierdzeniami",
-	"repo.pulls.poster_requires_approval": "Kilka workflowów <a href=\"%[1]s\">oczekuje na sprawdzenie.</a>",
+	"repo.pulls.poster_requires_approval": "Kilka workflowów <a href=\"%[1]s\">oczekuje na sprawdzenie</a>.",
 	"repo.pulls.poster_requires_approval.tooltip": "Autor tego pull requesta nie jest zaufany do uruchamiania workflowów wyzwalanych przez pull requesty utworzone z forkowanego repozytorium lub z AGit. Workflowy wyzwalane przez zdarzenie `pull_request` nie zostaną uruchomione, dopóki nie zostaną zatwierdzone.",
-	"repo.pulls.poster_is_trusted": "Autor tego pull requesta jest <a href=\"%[1]s\">zawsze zaufany do uruchamiania workflowów.</a>",
+	"repo.pulls.poster_is_trusted": "Autor tego pull requesta jest <a href=\"%[1]s\">zawsze zaufany do uruchamiania workflowów</a>.",
 	"repo.pulls.poster_is_trusted.tooltip": "Autor tego pull requesta jest jawnie zaufany do uruchamiania workflowów wyzwalanych przez zdarzenia `pull_request`.",
 	"repo.pulls.poster_trust_deny.tooltip": "Workflowy oczekujące na zatwierdzenie zostaną anulowane.",
 	"repo.pulls.poster_trust_once.tooltip": "Workflowy wyzwalane przez zdarzenie `pull_request` zostaną uruchomione dla tego commita, ale będą wymagały zatwierdzenia dla wszystkich przyszłych commitów pushowanych do tego pull requesta.",
@@ -401,7 +401,7 @@
 	"repo.commit.load_tags_failed": "Wczytywanie tagów nie powiodło się z powodu wewnętrznego błędu serwera",
 	"teams.remove_all_repos.modal.header": "Usuń wszystkie repozytoria",
 	"teams.add_all_repos.modal.header": "Dodaj wszystkie repozytoria",
-	"search.fuzzy": "fFzzy",
+	"search.fuzzy": "fuzzy",
 	"moderation.comment.deletion_success": "Komentarz został usunięty.",
 	"moderation.issue.deletion_success": "Zgłoszenie zostało usunięte.",
 	"moderation.users.cannot_delete_admins": "Użytkownik z uprawnieniami administratora nie może zostać usunięty.",
@@ -462,5 +462,14 @@
 	"actions.runs.status_no_select": "Wszystkie stany",
 	"actions.runs.no_results": "Brak pasujących wyników.",
 	"actions.runs.no_workflows": "Nie ma jeszcze żadnych procesów pracy.",
-	"meta.last_line": " "
+	"meta.last_line": " ",
+	"repo.issues.filter_sort.hint_with_placeholder": "Sortuj wg: %s",
+	"issues.filters.labels.exclude": "Wyklucz etykietę",
+	"issues.filters.labels.unexclude": "Usuń wykluczenie",
+	"repo.pulls.auto_merge.no_permission": "Nie masz uprawnień aby anulować auto merge tego pull requesta.",
+	"settings.access_token.selected_repositories": {
+		"one": "Wybrane (%d) repozytorium",
+		"few": "Wybrane (%d) repozytoria",
+		"many": "Wybrane (%d) repozytoriów"
+	}
 }
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index 074d7239af..e9ef391e49 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -514,5 +514,20 @@
 	"editor.search": "Busca",
 	"editor.find_previous": "Ocorrência anterior",
 	"editor.find_next": "Ocorrência seguinte",
-	"editor.toggle_whole_word": "Alternar correspondência completa de palavras"
+	"editor.toggle_whole_word": "Alternar correspondência completa de palavras",
+	"settings.specific_repo_access": "Acesso ao repositório",
+	"settings.new_access_token": "Novo token de acesso",
+	"settings.permissions_access_specific_repositories": "Repositórios específicos",
+	"settings.access_token.available_repositories": "Repositórios disponíveis",
+	"settings.access_token.no_repositories_selected": "Nenhum repositório selecionado.",
+	"settings.access_token.no_repositories_found": "Nenhum repositório encontrado.",
+	"settings.access_token.remove": "Remova %s",
+	"actions.runners.edit_runner.title": "Editar executor %s",
+	"actions.runners.edit_runner.page_title": "Editar executor %s",
+	"actions.runners.create_runner.name_label": "Noe",
+	"actions.runners.create_runner.title": "Criar novo executor",
+	"actions.runners.create_runner.page_title": "Criar novo executor",
+	"actions.runners.edit_runner_button": "Editar executor",
+	"actions.runners.task_list_user": "Tarefas recentes deste usuário neste executor",
+	"actions.runners.task_list_admin": "Tarefas recentes neste executor"
 }
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index e884f34fa3..f3a6c5c9ff 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -595,5 +595,8 @@
 	"actions.secrets.mutation.name_description": "O nome de um segredo só pode conter letras, números e sublinhados. Não pode começar por FORGEJO_, GITEA_, GITHUB_ ou um número. O Forgejo irá convertê-lo automaticamente para maiúsculas.",
 	"actions.secrets.mutation.value_description": "O valor atual não será apresentado. Deixe o campo em branco se não pretender alterá-lo. Os caracteres especiais são mantidos. CRLF (quebras de linha no estilo Windows) é automaticamente convertido para LF. Codifique o valor com Base64 se as quebras de linha devem ser mantidas.",
 	"graphs.recent_commits.title": "Número de cometimentos no último ano",
-	"graphs.code_frequency.title": "Frequência do código ao longo da história de {0}"
+	"graphs.code_frequency.title": "Frequência do código ao longo da história de {0}",
+	"actions.runs.scheduled_description": "Execução agendada do cometimento <a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "Execução do commit <a href=\"%[1]s\">%[2]s</a> acionada por <a href=\"%[3]s\">%[4]s</a>",
+	"actions.runs.on_push_description": "Cometimento <a href=\"%[1]s\">%[2]s</a> enviado por <a href=\"%[3]s\">%[4]s</a>"
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index c710490152..9009203114 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -523,8 +523,8 @@
 	"actions.runners.uuid": "УУИД",
 	"actions.runners.token": "Токен",
 	"actions.runners.ephemeral": "Одноразовый",
-	"actions.runners.list_runners.details_column": "Подробности",
-	"actions.runners.list_runners.delete_column": "Удалить",
+	"actions.runners.list_runners.details_column": "Свойства",
+	"actions.runners.list_runners.delete_column": "Удаление",
 	"actions.runners.runner_setup.list_of_runners_link": "Список исполнителей",
 	"actions.runners.runner_setup.last_chance_copying_token": "Скопируйте токен сейчас – потом он не будет отображаться!",
 	"actions.runners.runner_setup.button_copy_uuid_aria": "Копировать УУИД исполнителя",
@@ -553,5 +553,28 @@
 	"actions.runners.runner_setup.heading_using_configuration": "Используя файл конфигурации исполнителя",
 	"actions.runners.runner_setup.configuration_snippet_aria": "Часть конфигурации, которую нужно добавить",
 	"actions.runners.runner_setup.instruction_replace_connection_name": "Замените название подключения (в примере – <code>forgejo</code>) на нужное.",
-	"actions.runners.runner_setup.heading_using_options": "Используя параметры запуска"
+	"actions.runners.runner_setup.heading_using_options": "Используя параметры запуска",
+	"members.add_member": "Добавить участника",
+	"members.user": "Пользователь",
+	"members.user_already_member": "Этот пользователь уже состоит в организации.",
+	"members.no_team_selected": "Участники организации должны состоять хотя бы в одной команде.",
+	"settings.access_token.remove": "Исключить %s",
+	"settings.access_token.resource_all_help": "Разрешить доступ ко всем ресурсам.",
+	"settings.access_token.resource_public_only_help": "Разрешить доступ только к публичным репозиториям и организациям.",
+	"settings.access_token.resource_specific_repo_help": "Разрешить доступ только к списку выбранных репозиториев. Доступ на чтение разрешён для всех публичных репозиториев. Могут быть выбраны только разрешения, относящиеся к репозиториям и задачам.",
+	"settings.access_token.admin_disabled": "Административные разрешения выключены.",
+	"actions.runners.list_runners.edit_column": "Правка",
+	"actions.runners.list_runners.details_button": "Свойства",
+	"actions.runners.list_runners.details_button_aria": "Открыть свойства %s",
+	"actions.runners.list_runners.delete_button": "Удалить",
+	"actions.runners.list_runners.delete_button_aria": "Удалить %s",
+	"actions.runners.list_runners.edit_button": "Изменить",
+	"actions.runners.list_runners.edit_button_aria": "Изменить %s",
+	"actions.runners.ephemeral.yes": "да",
+	"actions.runners.ephemeral.no": "нет",
+	"actions.runners.edit_runner_button": "Изменить исполнителя",
+	"actions.runners.create_runner.page_title": "Новый исполнитель",
+	"actions.runners.create_runner.create_button": "Создать",
+	"actions.runners.create_runner.cancel_button": "Отмена",
+	"actions.runners.show_registration_token": "Показать токен регистрации"
 }
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index c8c8f188ee..af72a4c8f8 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -574,5 +574,17 @@
 	"settings.access_token.resource_public_only_help": "Begränsa tillgången till publika kodförråd och organisationer.",
 	"settings.access_token.admin_disabled": "Administrativa rättigheter är inaktiverade.",
 	"actions.secrets.edit_button": "Redigera hemlighet \"%s\"",
-	"actions.secrets.mutation.header": "Redigera hemlighet \"%s\""
+	"actions.secrets.mutation.header": "Redigera hemlighet \"%s\"",
+	"settings.access_token.resource_specific_repo_help": "Begränsa åtkomsten till en specifik lista med kodförråd. Skrivskyddad åtkomst är tillåten till alla publika kodförråd. Endast behörigheter som ger åtkomst till kodförråd och ärenden kan aktiveras.",
+	"actions.runs.scheduled_description": "Schemalagd körning av incheckning <a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "Körning av incheckning <a href=\"%[1]s\">%[2]s</a> utlöst av <a href=\"%[3]s\">%[4]s</a>",
+	"actions.runs.on_push_description": "Incheckning <a href=\"%[1]s\">%[2]s</a> skickades av <a href=\"%[3]s\">%[4]s</a>",
+	"actions.secrets.mutation.success_message": "Hemligheten \"%s\" har uppdaterats.",
+	"actions.secrets.mutation.failure_message": "Hemligheten \"%s\" kunde inte uppdateras.",
+	"actions.secrets.mutation.name_description": "Namnet på en hemlighet får bara innehålla bokstäver, siffror och understreck. Den får inte börja med FORGEJO_, GITEA_, GITHUB_ eller en siffra. Forgejo konverterar den automatiskt till versaler.",
+	"actions.secrets.mutation.value_description": "Det existerande värdet visas inte. Lämna fältet tomt om du inte vill ändra det. Specialtecken behålls. CRLF (radbrytningar i Windows-stil) konverteras automatiskt till LF. Koda värdet med Base64 om radbrytningar ska behållas.",
+	"members.add_member": "Lägg till medlem",
+	"members.user": "Användare",
+	"members.user_already_member": "Den här användaren är redan medlem i organisationen.",
+	"members.no_team_selected": "Organisationsmedlemmar måste tillhöra minst ett lag."
 }
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index dde95ff019..e2b90565ab 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -598,5 +598,9 @@
 	"settings.access_token.no_repositories_found": "Не знайдено жодного репозиторію.",
 	"settings.access_token.resource_public_only_help": "Дозволити доступ лише до публічних репозиторіїв та організацій.",
 	"settings.access_token.resource_specific_repo_help": "Дозволити доступ лише до окремих репозиторіїв. Доступ тільки для читання дозволено до всіх публічних репозиторіїв. Можна ввімкнути лише дозволи, що надають доступ до репозиторіїв і задач.",
-	"settings.permissions_access_specific_repositories": "Визначені репозиторії"
+	"settings.permissions_access_specific_repositories": "Визначені репозиторії",
+	"members.add_member": "Додати учасника",
+	"members.user": "Користувач",
+	"members.user_already_member": "Цей користувач уже є учасником організації.",
+	"members.no_team_selected": "Учасники організації повинні входити принаймні до однієї команди."
 }
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index dc54cb4990..f8591727b8 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -515,5 +515,28 @@
 	"actions.runners.task_list_admin": "最近在此运行器上的任务",
 	"actions.runners.task_list_user": "最近在此运行器上的此用户的任务",
 	"graphs.recent_commits.title": "过去一年的提交总数",
-	"graphs.code_frequency.title": "{0}的历史提交频率"
+	"graphs.code_frequency.title": "{0}的历史提交频率",
+	"settings.permissions_access_specific_repositories": "仅限部分仓库",
+	"settings.access_token.selected_repositories": "选中的仓库（%d）",
+	"settings.access_token.available_repositories": "可用的仓库",
+	"settings.access_token.no_repositories_selected": "未选中任何仓库。",
+	"settings.access_token.no_repositories_found": "没有找到任何仓库。",
+	"settings.access_token.remove": "移除“%s”",
+	"settings.access_token.resource_all_help": "允许访问所有资源。",
+	"settings.access_token.resource_public_only_help": "仅允许访问公开的仓库和组织。",
+	"settings.access_token.resource_specific_repo_help": "仅允许访问特定的一组仓库，允许对所有公开仓库的只读访问，仅能启用对仓库和工单的访问权限。",
+	"settings.access_token.admin_disabled": "禁用管理权限。",
+	"actions.runs.scheduled_description": "计划运行，提交<a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "运行提交<a href=\"%[1]s\">%[2]s</a>，由<a href=\"%[3]s\">%[4]s</a>触发",
+	"actions.runs.on_push_description": "提交<a href=\"%[1]s\">%[2]s</a>，由<a href=\"%[3]s\">%[4]s</a>推送",
+	"actions.secrets.edit_button": "编辑机密“%s”",
+	"actions.secrets.mutation.header": "编辑机密“%s”",
+	"actions.secrets.mutation.success_message": "机密“%s”已更新。",
+	"actions.secrets.mutation.failure_message": "无法更新机密“%s”。",
+	"actions.secrets.mutation.name_description": "机密的名字只能包含字母、数字和下划线，不能以FORGEJO_、GITEA_、GITHUB_或数字开头，会自动转换为大写格式。",
+	"actions.secrets.mutation.value_description": "现有值不会显示，留空以保留现有值。特殊字符会被保留，CRLF（Windows式换行符）会被转换为LF；要保留换行符，请使用Base64编码。",
+	"members.add_member": "添加成员",
+	"members.user": "用户",
+	"members.user_already_member": "该用户已经是当前组织的成员。",
+	"members.no_team_selected": "组织成员至少属于一个团队。"
 }

From fd489b69631a7e54247ac7bcfabc0a8ab9c7ea39 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Fri, 3 Apr 2026 14:11:48 +0200
Subject: [PATCH 620/854] chore(i18n): migrate strings to json, unhardcode one,
 improve plurals (#11879)

* migrate 17 strings related to repository migrations from INI to JSON
    * changed templates to get rid of unhelpful prefix `repo`
* migrate 4 strings related to counters
    * also changed templates to get rid of `repo`, but it had to be done anyway to use `TrPluralString`
* Unhardcode the header on migraiton type selector page, which I haven't noticed in https://codeberg.org/forgejo/forgejo/pulls/6795 or in two other PRs I did on this template since

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11879
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
---
 options/locale/locale_ar.ini           | 25 -------------------
 options/locale/locale_bg.ini           | 25 -------------------
 options/locale/locale_ca.ini           | 27 +-------------------
 options/locale/locale_cs-CZ.ini        | 26 --------------------
 options/locale/locale_da.ini           | 25 -------------------
 options/locale/locale_de-DE.ini        | 26 --------------------
 options/locale/locale_el-GR.ini        | 26 --------------------
 options/locale/locale_en-US.ini        | 27 --------------------
 options/locale/locale_eo.ini           |  5 +---
 options/locale/locale_es-ES.ini        | 26 --------------------
 options/locale/locale_et.ini           |  2 --
 options/locale/locale_fa-IR.ini        | 16 ------------
 options/locale/locale_fi-FI.ini        | 26 --------------------
 options/locale/locale_fil.ini          | 25 -------------------
 options/locale/locale_fr-FR.ini        | 26 --------------------
 options/locale/locale_ga-IE.ini        | 17 -------------
 options/locale/locale_he.ini           | 13 +---------
 options/locale/locale_hu-HU.ini        |  6 -----
 options/locale/locale_id-ID.ini        |  6 -----
 options/locale/locale_is-IS.ini        |  9 -------
 options/locale/locale_it-IT.ini        | 26 --------------------
 options/locale/locale_ja-JP.ini        | 26 --------------------
 options/locale/locale_ka.ini           |  5 ----
 options/locale/locale_kab.ini          |  3 ---
 options/locale/locale_ko-KR.ini        |  7 +-----
 options/locale/locale_lv-LV.ini        | 26 --------------------
 options/locale/locale_ml-IN.ini        |  7 ------
 options/locale/locale_nb_NO.ini        |  1 -
 options/locale/locale_nds.ini          | 25 -------------------
 options/locale/locale_nl-NL.ini        | 26 --------------------
 options/locale/locale_pl-PL.ini        | 26 --------------------
 options/locale/locale_pt-BR.ini        | 26 --------------------
 options/locale/locale_pt-PT.ini        | 26 --------------------
 options/locale/locale_ru-RU.ini        | 26 --------------------
 options/locale/locale_si-LK.ini        | 16 ------------
 options/locale/locale_sk-SK.ini        |  5 ----
 options/locale/locale_sv-SE.ini        | 26 --------------------
 options/locale/locale_ta.ini           | 25 -------------------
 options/locale/locale_th.ini           | 25 -------------------
 options/locale/locale_tr-TR.ini        | 26 --------------------
 options/locale/locale_uk-UA.ini        | 26 --------------------
 options/locale/locale_vi.ini           | 27 +++-----------------
 options/locale/locale_zh-CN.ini        | 26 --------------------
 options/locale/locale_zh-HK.ini        |  6 -----
 options/locale/locale_zh-TW.ini        | 26 --------------------
 options/locale_next/locale_ar.json     | 33 +++++++++++++++++++++++++
 options/locale_next/locale_bg.json     | 33 +++++++++++++++++++++++++
 options/locale_next/locale_ca.json     | 33 +++++++++++++++++++++++++
 options/locale_next/locale_cs-CZ.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_da.json     | 33 +++++++++++++++++++++++++
 options/locale_next/locale_de-DE.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_el-GR.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_en-US.json  | 34 ++++++++++++++++++++++++++
 options/locale_next/locale_eo.json     |  3 +++
 options/locale_next/locale_es-ES.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_et.json     |  4 +++
 options/locale_next/locale_fa-IR.json  | 15 ++++++++++++
 options/locale_next/locale_fi-FI.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_fil.json    | 33 +++++++++++++++++++++++++
 options/locale_next/locale_fr-FR.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_ga.json     | 17 +++++++++++++
 options/locale_next/locale_he.json     | 11 +++++++++
 options/locale_next/locale_hu-HU.json  |  6 +++++
 options/locale_next/locale_id-ID.json  |  6 +++++
 options/locale_next/locale_is-IS.json  |  8 ++++++
 options/locale_next/locale_it-IT.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_ja-JP.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_ka.json     |  5 ++++
 options/locale_next/locale_kab.json    |  3 +++
 options/locale_next/locale_ko-KR.json  |  5 ++++
 options/locale_next/locale_lv-LV.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_ml-IN.json  |  7 ++++++
 options/locale_next/locale_nb_NO.json  |  1 +
 options/locale_next/locale_nds.json    | 33 +++++++++++++++++++++++++
 options/locale_next/locale_nl-NL.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_pl-PL.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_pt-BR.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_pt-PT.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_ru-RU.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_si-LK.json  | 15 ++++++++++++
 options/locale_next/locale_sk-SK.json  |  5 ++++
 options/locale_next/locale_sv-SE.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_ta.json     | 33 +++++++++++++++++++++++++
 options/locale_next/locale_th.json     | 33 +++++++++++++++++++++++++
 options/locale_next/locale_tr-TR.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_uk-UA.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_vi.json     | 27 ++++++++++++++++++++
 options/locale_next/locale_zh-CN.json  | 33 +++++++++++++++++++++++++
 options/locale_next/locale_zh-HK.json  |  6 +++++
 options/locale_next/locale_zh-TW.json  | 33 +++++++++++++++++++++++++
 services/migrations/migrate.go         | 14 +++++------
 templates/repo/commits_table.tmpl      |  2 +-
 templates/repo/migrate/codebase.tmpl   | 10 ++++----
 templates/repo/migrate/gitbucket.tmpl  | 14 +++++------
 templates/repo/migrate/gitea.tmpl      | 14 +++++------
 templates/repo/migrate/github.tmpl     | 14 +++++------
 templates/repo/migrate/gitlab.tmpl     | 14 +++++------
 templates/repo/migrate/gogs.tmpl       | 14 +++++------
 templates/repo/migrate/migrate.tmpl    |  2 +-
 templates/repo/migrate/migrating.tmpl  |  4 +--
 templates/repo/migrate/onedev.tmpl     | 10 ++++----
 templates/repo/migrate/pagure.tmpl     | 10 ++++----
 templates/repo/release_tag_header.tmpl |  4 +--
 templates/repo/sub_menu.tmpl           |  6 ++---
 104 files changed, 1142 insertions(+), 933 deletions(-)

diff --git a/options/locale/locale_ar.ini b/options/locale/locale_ar.ini
index 5e9808d2f0..9d719a4e5e 100644
--- a/options/locale/locale_ar.ini
+++ b/options/locale/locale_ar.ini
@@ -722,12 +722,9 @@ issues.blocked_by_user = لا يمكنك أن ترسل مسألة في هذا ا
 mirror_sync = متزامن
 settings.archive.mirrors_unavailable = المرايا ليست متاحة إذا تم أرشفة المستودع.
 pulls.blocked_by_user = لا يمكنك أن ترسل طلب سحب في هذا المستودع لأنك محظور من قبل مالك المستودع.
-migrate.migrating_milestones = ترحيل الأهداف
-migrate_items_milestones = أهداف
 repo_size = حجم المستودع
 object_format = تنسيق الكائنات
 use_template = استخدم هذا القالب
-migrate_items_merge_requests = طلبات الدمج
 repo_name = اسم المستودع
 template = القالب
 projects.modify = عدّل المشروع
@@ -745,23 +742,19 @@ template.git_hooks = خطاطيف Git
 template_description = المستودع القالب هو مستودع يستخدمه المستخدمون لتوليد مستودعات جديدة لها الإعدادات والملفات وهيكلة المجلدات نفسها.
 projects.edit = عدّل المشروع
 template.avatar = الصورة الرمزية
-migrate_items_wiki = الموسوعة
 repo_desc = الوصف
 template_select = اختر قالبا
 repo_name_helper = الأسماء الحسنة للمستودعات تستخدم كلمات مفتاحية قصيرة وسهلة التذكر وفريدة.
 default_branch = الفرع الافتراضي
 all_branches = كل الفروع
-migrate_items_issues = البلاغات
 projects.deletion_desc = حذف مشروع يحذف كل المسائل المرتبطة به. أتريد الاستمرار؟
 repo_desc_helper = أدخل وصفاً قصيراً (اختياري)
 create_repo = إنشاء مستودع
-migrate_items_releases = الإصدارات
 already_forked = لقد اشتققت %s بالفعل
 license_helper = اختر ملف ترخيص.
 tree_path_not_found.tag = المسار %[1]s غير موجود في الوسم %[2]s
 object_format_helper = صيغة كائنات المستودع. لا يمكن تغييرها بعد ذلك. SHA1 هي الأكثر توافقية.
 forks = الاشتقاقات
-migrate_items_pullrequests = طلبات السحب
 fork_to_different_account = اشتق إلى حساب مختلف
 tree_path_not_found.branch = المسار %[1]s غير موجود في الفرع %[2]s
 projects.edit_success = حدِّث المشروع "%s".
@@ -885,7 +878,6 @@ release.publish = انشر الإصدار
 issues.lock_duplicate = لا يمكن إقفال مسألة مقفلة.
 issues.filter_type.assigned_to_you = كُلِّفت بها
 issues.save = احفظ
-migrate_items_labels = تصنيفات
 issues.add_assignee_at = `كلّفه <b>%s</b> بها %s`
 milestones.filter_sort.least_complete = الأقل اكتمالا
 branch.create_branch = أنشئ الفرع %s
@@ -1507,7 +1499,6 @@ transfer.accept = قبول النقل
 blame.ignore_revs.failed = فشل تجاهل المراجعات في <a href="%s">.git-blame-ignore-revs</a>.
 form.name_pattern_not_allowed = النمط ”%s“ غير مسموح به في اسم المستودع.
 migrate_options_lfs_endpoint.description = سيحاول الترحيل استخدام مسار Git البعيد (remote) لـ <a target="_blank" rel="noopener noreferrer" href="%s">تحديد خادم LFS</a>. يمكنك أيضًا تحديد نقطة نهاية مخصصة إذا كانت بيانات LFS للمستودع مخزنة في مكان آخر.
-migrate_items = عناصر الترحيل
 adopt_preexisting_content = إنشاء مستودع من %s
 migrate_repo = ترحيل المستودع
 mirror_password_placeholder = (لم يتم تعديله)
@@ -1526,16 +1517,12 @@ form.reach_limit_of_creation_1 = لقد وصل المالك بالفعل إلى
 form.name_reserved = تم حجز اسم المستودع ”%s“.
 mirror_address_url_invalid = عنوان URL المقدم غير صالح. تأكد من تحرير مكونات عنوان URL بشكل صحيح.
 migrate.migrate = الترحيل من %s
-migrate.migrating_topics = ترحيل المواضيع
-migrate.cancel_migrating_title = إلغاء الترحيل
 generated_from = تم توليده من
 star_guest_user = قم بتسجيل الدخول لإعطاء نجمة لهذا المستودع.
 subscribe.pull.guest.tooltip = سجّل الدخول للاشتراك في طلب السحب هذا.
 unwatch = إلغاء المشاهدة
 quick_guide = دليل سريع
 empty_message = لا يحتوي هذا المستودع على أي محتوى.
-migrate.migrating_labels = ترحيل الوسوم
-migrate.migrating_releases = ترحيل الإصدارات
 watch_guest_user = سجّل الدخول لمشاهدة هذا المستودع.
 star = نجمة
 cite_this_repo = الاستشهاد بهذا المستودع
@@ -1549,8 +1536,6 @@ more_operations = المزيد من العمليات
 push_exist_repo = دفع مستودع موجود من موجّه الأوامر
 broken_message = لا يمكن قراءة بيانات Git التي يستند إليها هذا المستودع. اتصل بمسؤول هذا المثيل أو احذف هذا المستودع.
 watch = شاهد
-migrate.migrating_git = ترحيل بيانات Git
-migrate.cancel_migrating_confirm = تريد إلغاء عملية الترحيل هذه؟
 migrate.permission_denied_blocked = لا يمكنك الاستيراد من مضيفين غير مسموح بهم، يُرجى الطلب من المسؤول التحقق من إعدادات ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS.
 migrate.migrating = الترحيل من <b>%s</b> …
 migrate.migrating_failed.error = أخفق الترحيل: %s
@@ -1565,8 +1550,6 @@ create_new_repo_command = إنشاء مستودع جديد على موجّه ا
 fork = اشتقاق
 migrate.migrating_failed_no_addr = أخفق الترحيل.
 unstar = إزالة النجمة
-migrate.migrating_issues = ترحيل البلاغات
-migrate.migrating_pulls = ترحيل طلبات السحب
 code = الكود
 migrate.invalid_lfs_endpoint = نقطة نهاية LFS غير صالحة.
 migrate.migrating_failed = فشل الترحيل من <b>%s</b>.
@@ -1581,19 +1564,15 @@ find_tag = البحث عن علامة
 commit_graph = الرسم البياني للإيداع
 editor.edit_this_file = عدل الملف
 editor.signoff_desc = أضف مقطورة موقّعة من قِبل المُجرّد في نهاية رسالة سجل الدخول.
-n_release_one = %s إصدار
 symbolic_link = رابط رمزي
 editor.cannot_edit_lfs_files = لا يمكن تحرير ملفات LFS في واجهة الويب.
 editor.this_file_locked = الملف مقفل
-n_commit_few = %s إيداعات
 editor.file_delete_success = تم حذف الملف "%s".
 editor.edit_file = عدّل الملف
 commit.contained_in_default_branch = هذا الإيداع جزء من الفرع الافتراضي
 line = سطر
 lines = أسطر
 normal_view = عرض عادي
-n_branch_one = %s فرع
-n_commit_one = %s إيداع
 view_git_blame = عرض مسؤول تعديل git
 editor.add_tmpl.filename = اسم الملف
 editor.name_your_file = اسم ملفك…
@@ -1605,10 +1584,6 @@ no_eol.tooltip = هذا الملف لا يحتوي على نهاية لخط ال
 stored_lfs = مخزن مع Git LFS
 commit.contained_in = هذا الإيداع موجود في:
 file_view_rendered = عرض المُخرج النهائي
-n_branch_few = %s فروع
-n_tag_one = %s علامة
-n_tag_few = ‪%s علامات
-n_release_few = %s إصدارات
 file.title = %s عند %s
 vendored = مضمن
 file_follow = متابعة الروابط الرمزية
diff --git a/options/locale/locale_bg.ini b/options/locale/locale_bg.ini
index 762f50afa6..be9ef509d7 100644
--- a/options/locale/locale_bg.ini
+++ b/options/locale/locale_bg.ini
@@ -545,7 +545,6 @@ forks = Разклонения
 editor.or = или
 issues.new_label_desc_placeholder = Описание
 watch_guest_user = Влезте, за да наблюдавате това хранилище.
-migrate_items_milestones = Етапи
 unstar = Премахване на звездата
 owner = Притежател
 issues.num_comments_1 = %d коментар
@@ -623,7 +622,6 @@ readme_helper_desc = Това е мястото, където можете да
 repo_gitignore_helper = Изберете .gitignore шаблони
 auto_init = Да се инициализира хранилище
 template.issue_labels = Етикети за задачите
-migrate_items_labels = Етикети
 issues.label_templates.title = Зареждане на предв. зададен набор от етикети
 issues.label_templates.helper = Изберете предв. зададен набор от етикети
 projects.template.desc = Шаблон
@@ -657,8 +655,6 @@ milestones.new = Нов етап
 milestones.cancel = Отказ
 settings.http_method = HTTP метод
 clone_helper = Нуждаете се от помощ за клониране? Посетете <a target="_blank" rel="noopener noreferrer" href="%s">Помощ</a>.
-migrate_items_pullrequests = Заявки за сливане
-migrate_items_wiki = Уики
 quick_guide = Бързо ръководство
 clone_this_repo = Клонирайте това хранилище
 push_exist_repo = Изтласкване на съществуващо хранилище от командния ред
@@ -724,7 +720,6 @@ wiki.desc = Пишете и споделяйте документация със
 wiki.default_commit_message = Напишете бележка относно това обновяване на страницата (опционално).
 release.releases = Издания
 wiki.last_commit_info = %s редактира тази страница %s
-migrate_items_releases = Издания
 release = Издание
 releases = Издания
 settings.desc = Настройките са мястото, където можете да управлявате настройките за хранилището
@@ -904,8 +899,6 @@ download_tar = Изтегляне на TAR.GZ
 desc.public = Публично
 desc.archived = Архивирано
 desc.internal = Вътрешно
-migrate_items_merge_requests = Заявки за сливане
-migrate_items_issues = Задачи
 fork_guest_user = Влезте, за да разклоните това хранилище.
 actions = Действия
 more_operations = Още операции
@@ -1189,16 +1182,10 @@ activity.git_stats_pushed_1 = е изтласкал
 activity.git_stats_push_to_branch = към %s и
 contributors.contribution_type.commits = Подавания
 stars = Звезди
-n_commit_few = %s подавания
-n_branch_one = %s клон
-n_branch_few = %s клона
-n_tag_one = %s маркер
-n_tag_few = %s маркера
 commit_graph = Граф с подавания
 commits.renamed_from = Преименувано от %s
 commits.view_path = Преглед на този момент в историята
 commits.search_branch = Този клон
-n_commit_one = %s подаване
 release.ahead.commits = <strong>%d</strong> подавания
 release.stable = Стабилно
 commits.gpg_key_id = ID на GPG ключ
@@ -1321,8 +1308,6 @@ issues.review.option.show_outdated_comments = Показване на остар
 issues.content_history.delete_from_history_confirm = Да се изтрие ли от историята?
 project = Проекти
 issues.content_history.delete_from_history = Изтриване от историята
-n_release_few = %s издания
-n_release_one = %s издание
 editor.cannot_edit_non_text_files = Двоични файлове не могат да се редактират през уеб интерфейса.
 settings.mirror_settings.push_mirror.copy_public_key = Копиране на публичния ключ
 activity.published_tag_label = Маркер
@@ -1451,7 +1436,6 @@ file_follow = Последване на символната връзка
 commitstatus.failure = Неуспех
 issues.filter_label_exclude = Използвайте <kbd>Alt</kbd> + <kbd>Click</kbd>, за да изключите етикети
 migrate.migrating_failed = Мигрирането от <b>%s</b> е неуспешно.
-migrate.migrating_issues = Мигриране на задачи
 mirror_from = огледално на
 fork_from_self = Не можете да разклоните хранилище, което притежавате.
 commit_graph.hide_pr_refs = Скриване на заявките за сливане
@@ -1468,12 +1452,9 @@ form.reach_limit_of_creation_1 = Притежателят вече е дости
 editor.patching = Прилагане на кръпка:
 editor.fail_to_apply_patch = Неуспешно прилагане на кръпка „%s“
 commits.no_commits = Няма общи подавания. „%s“ и „%s“ имат напълно различни истории.
-migrate.migrating_pulls = Мигриране на заявки за сливане
-migrate.migrating_topics = Мигриране на теми
 projects.desc = Управлявайте задачи и заявки за сливане в проектни табла.
 issues.choose.invalid_templates = %v невалидни шаблона са намерени
 pulls.edit.already_changed = Неуспешно запазване на промените в заявката за сливане. Изглежда съдържанието вече е променено от друг потребител. Моля, презаредете страницата и опитайте да редактирате отново, за да избегнете презаписването на техните промени
-migrate.migrating_git = Мигриране на Git данни
 commits.newer = По-нови
 issues.choose.blank_about = Създаване на задача от стандартен шаблон.
 issues.filter_no_results = Няма резултати
@@ -1483,8 +1464,6 @@ transfer.no_permission_to_accept = Нямате разрешение да при
 transfer.no_permission_to_reject = Нямате разрешение да отхвърлите това прехвърляне.
 editor.file_changed_while_editing = Съдържанието на файла е променено, откакто сте го отворили. <a target="_blank" rel="noopener noreferrer" href="%s">Щракнете тук</a>, за да го видите, или <strong>Подайте промените отново</strong>, за да ги презапишете.
 sync_fork.button = Синхронизиране
-migrate.migrating_labels = Мигриране на етикети
-migrate.migrating_releases = Мигриране на издания
 editor.push_rejected_no_message = Промяната беше отхвърлена от сървъра без съобщение. Моля, проверете Git куките.
 issues.choose.open_external_link = Отваряне
 comments.edit.already_changed = Неуспешно запазване на промените в коментара. Изглежда съдържанието вече е променено от друг потребител. Моля, презаредете страницата и опитайте да редактирате отново, за да избегнете презаписването на техните промени
@@ -1511,7 +1490,6 @@ editor.commit_id_not_matching = Файлът е променен, докато 
 editor.user_no_push_to_branch = Потребителят не може да изтласква в клона
 archive.pull.noreview = Това хранилище е архивирано. Не можете да рецензирате заявки за сливане.
 migrate.migrating_failed.error = Неуспешно мигриране: %s
-migrate.migrating_milestones = Мигриране на етапи
 migrate.failed = Мигрирането е неуспешно: %v
 pulls.nothing_to_compare_and_allow_empty_pr = Тези клонове са равни. Тази заявка за сливане ще бъде празна.
 pulls.has_pull_request = `Вече съществува заявка за сливане между тези клонове: <a href="%[1]s">%[2]s#%[3]d</a>`
@@ -1552,7 +1530,6 @@ issues.time_spent_from_all_authors = `Общо изразходвано врем
 issues.attachment.download = `Щракнете, за да изтеглите „%s“`
 issues.attachment.open_tab = `Щракнете, за да видите „%s“ в нов раздел`
 pulls.update_branch = Обновяване на клона чрез сливане
-migrate_items = Елементи за мигриране
 commit.load_referencing_branches_and_tags = Зареждане на клонове и маркери, препращащи към това подаване
 pulls.files_conflicted = Тази заявка за сливане има промени, които са в конфликт с целевия клон.
 pulls.still_in_progress = Все още е в процес на работа?
@@ -1574,8 +1551,6 @@ editor.cannot_edit_lfs_files = LFS файлове не могат да се ре
 commits.ssh_key_fingerprint = Отпечатък на SSH ключ
 issues.comment_on_locked = Не можете да коментирате заключена задача.
 commit.revert = Връщане
-migrate.cancel_migrating_title = Отказ от миграцията
-migrate.cancel_migrating_confirm = Искате ли да откажете тази миграция?
 issues.choose.invalid_config = Конфигурацията на задачите съдържа грешки:
 unit_disabled = Администраторът на сайта е изключил тази секция на хранилището.
 issues.blocked_by_user = Не можете да създавате задачи в това хранилище, защото сте блокирани от притежателя на хранилището.
diff --git a/options/locale/locale_ca.ini b/options/locale/locale_ca.ini
index 3342aab4a5..4902188c7e 100644
--- a/options/locale/locale_ca.ini
+++ b/options/locale/locale_ca.ini
@@ -1130,11 +1130,6 @@ template.webhooks = Webhooks
 template.topics = Temes
 template.avatar = Avatar
 need_auth = Autorització
-migrate_items_wiki = Wiki
-migrate_items_milestones = Fites
-migrate_items_labels = Etiquetes
-migrate_items_issues = Problemes
-migrate_items_releases = Publicacions
 unwatch = Deixa de seguir
 watch = Segueix
 unstar = Treu l'estrella
@@ -1652,7 +1647,6 @@ form.string_too_long = El text introduït té més de %d caràcters.
 migrate_options = Opcions de migració
 migrate_options_mirror_helper = Aquest repositori serà un mirall
 migrate_options_lfs_endpoint.description.local = També s'accepta un camí al servidor local.
-migrate_items = Elements de migració
 open_with_editor = Obre amb %s
 mirror_prune_desc = Elimina les referències de seguiment remot obsoletes
 mirror_sync_on_commit = Sincronitza quan es pugin commits
@@ -1679,7 +1673,6 @@ migrate_options_lfs = Migra els fitxers LFS
 migrate_options_lfs_endpoint.label = Punt final LFS
 migrate_options_lfs_endpoint.description = En migrar, s'intentarà utilitzar el vostre remot git per a <a target="_blank" rel="noopener noreferrer" href="%s">determinar el servidor LFS</a>. També podeu especificar un punt final personalitzat si les dades LFS del repositori són en un altre lloc.
 migrate_options_lfs_endpoint.placeholder = Si ho deixeu en blanc, el punt final derivarà de l'URL de clonació
-migrate_items_pullrequests = Pull requests
 generated_from = generat des de
 editor.update = Actualitzar %s
 diff.whitespace_ignore_at_eol = Ignorar els canvis en els espais en blanc al final de la línia
@@ -1807,15 +1800,6 @@ migrate.migrating = S'està migrant des de <b>%s</b> …
 migrate.migrating_failed = La migració des de <b>%s</b> ha fallat.
 migrate.migrating_failed.error = No s'ha pogut migrar: %s
 migrate.migrating_failed_no_addr = La migració ha fallat.
-migrate.migrating_git = Migrant dades Git
-migrate.migrating_topics = Migrant tòpics
-migrate.migrating_milestones = Migrant fites
-migrate.migrating_labels = Migrant etiquetes
-migrate.migrating_releases = Migrant publicacions
-migrate.migrating_issues = Migrant problemes
-migrate.migrating_pulls = Migrant «pull requests»
-migrate.cancel_migrating_title = Cancel·la la migració
-migrate.cancel_migrating_confirm = Voleu cancel·lar aquesta migració?
 mirror_from = mirall de
 forked_from = bifurcat des de
 fork_from_self = No podeu bifurcar un repositori que us pertany.
@@ -1833,18 +1817,9 @@ repo_gitignore_helper_desc = Escolliu de quins fitxers no s'ha de fer seguiment
 readme_helper_desc = Aquí podeu escriure una descripció completa del vostre projecte.
 mirror_interval = Interval de rèplica (les unitats de temps vàlides són "h", "m", "s"). 0 per desactivar la sincronització periòdica. (Interval mínim: %s)
 mirror_use_ssh.helper = Si seleccioneu aquesta opció, Forgejo replicarà el repositori mitjançant Git per SSH i us crearà una parella de claus. Heu d'assegurar-vos que la clau pública generada estigui autoritzada per publicar al repositori de destí. No podreu fer servir autenticació basada en contrasenyes.
-n_commit_one = %s commit
-n_commit_few = %s commits
-n_branch_one = Branca %s
-n_branch_few = Branques %s
-n_tag_one = Etiqueta %s
-n_tag_few = Etiquetes %s
-migrate_items_merge_requests = Sol·licituds de fusió
 migrate.github_token_desc = Podeu posar un o més testimonis separats amb comes per fer que la migració sigui més ràpida, evitant així el límit de taxa de l'API de GitHub. ATENCIÓ: Abusar aquesta funció pot anar en contra de la política de servei del proveïdor i pot comportar el bloqueig del/s vostre/s compte/s.
 migrate.clone_local_path = o el camí a un servidor local
 migrate.permission_denied_blocked = No podeu importar des d'amfitrions rebutjats, si us plau, demaneu a l'administrador que comprovi les configuracions ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS.
-n_release_one = Publicació %s
-n_release_few = Publicacions %s
 file.title = %s a %s
 file_view_rendered = Veure renderitzat
 file_view_raw = Veure cru
@@ -3146,7 +3121,7 @@ config.send_test_mail = Envia un correu de prova
 config.send_test_mail_submit = Envia
 config.test_mail_failed = No s'ha pogut enviar el correu de prova a "%s": %v
 config.test_mail_sent = S'ha enviat un correu de prova a "%s".
-config.cache_config =
+config.cache_config = 
 config.cache_adapter =Adaptador de la memòria cau
 config.cache_interval =Interval de la memòria cau
 config.cache_conn =Connexió de la memòria cau
diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 91e5e8dbc5..8272952312 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -1154,14 +1154,6 @@ migrate_options_lfs_endpoint.label=Endpoint LFS
 migrate_options_lfs_endpoint.description=Migrace se pokusí použít váš vzdálený Git pro <a target="_blank" rel="noopener noreferrer" href="%s">určení LFS serveru</a>. Můžete také zadat vlastní koncový bod, pokud jsou data LFS repozitáře uložena někde jinde.
 migrate_options_lfs_endpoint.description.local=Podporována je také cesta k lokálnímu serveru.
 migrate_options_lfs_endpoint.placeholder=Ponecháte-li prázdné, koncový bod bude odvozen z adresy URL klonu
-migrate_items=Položky pro migrování
-migrate_items_wiki=Wiki
-migrate_items_milestones=Milníky
-migrate_items_labels=Štítky
-migrate_items_issues=Problémy
-migrate_items_pullrequests=Žádosti o sloučení
-migrate_items_merge_requests=Sloučit žádosti
-migrate_items_releases=Vydání
 migrate_repo=Migrovat repozitář
 migrate.clone_address=Migrovat / klonovat z URL
 migrate.clone_address_desc=HTTP(S) nebo URL Git „clone“ existujícího repozitáře
@@ -1180,16 +1172,6 @@ migrate.migrating=Probíhá migrace z <b>%s</b> …
 migrate.migrating_failed=Migrace z <b>%s</b> se nezdařila.
 migrate.migrating_failed.error=Nepodařilo se migrovat: %s
 migrate.migrating_failed_no_addr=Migrace se nezdařila.
-migrate.migrating_git=Migrace dat z Gitu
-migrate.migrating_topics=Migrace témat
-migrate.migrating_milestones=Migrace milníků
-migrate.migrating_labels=Migrace štítků
-migrate.migrating_releases=Migrace vydání
-migrate.migrating_issues=Migrace problémů
-migrate.migrating_pulls=Migrace žádostí o sloučení
-migrate.cancel_migrating_title=Zrušit migraci
-migrate.cancel_migrating_confirm=Chcete zrušit tuto migraci?
-
 mirror_from=zrcadlo
 forked_from=forknuto z
 generated_from=generováno z
@@ -2647,12 +2629,6 @@ pulls.ready_for_review = Připraveni na posouzení?
 settings.rename_branch_failed_protected = Nepodařilo se přejmenovat větev %s, jelikož se jedná o chráněnou větev.
 editor.push_out_of_date = Push je nejspíše zastaralý.
 stars = Oblíbení
-n_commit_one = %s revize
-n_commit_few = %s revizí
-n_branch_one = %s větev
-n_tag_one = %s značka
-n_tag_few = %s značek
-n_branch_few = %s větví
 settings.event_pull_request_enforcement = Vynucení
 settings.enforce_on_admins = Vynutit toto pravidlo pro správce repozitáře
 settings.enforce_on_admins_desc = Správci repozitáře nemohou obejít toto pravidlo.
@@ -2676,8 +2652,6 @@ settings.transfer.button = Převést vlastnictví
 settings.transfer.modal.title = Převést vlastnictví
 wiki.search = Hledat na wiki
 wiki.no_search_results = Žádné výsledky
-n_release_one = %s vydání
-n_release_few = %s vydání
 settings.federation_settings = Nastavení federace
 settings.federation_apapiurl = Adresa URL federace tohoto repozitáře. Zkopírujte a vložte tuto adresu do nastavení federace jiného repozitáře jako adresu sledovaného repozitáře.
 settings.federation_not_enabled = Na vaší instanci není dostupná federace.
diff --git a/options/locale/locale_da.ini b/options/locale/locale_da.ini
index 869fd0b734..83f5b14ea2 100644
--- a/options/locale/locale_da.ini
+++ b/options/locale/locale_da.ini
@@ -1134,14 +1134,6 @@ migrate_options_mirror_helper = Dette depot vil være et spejl
 migrate_options_lfs = Migrer LFS-filer
 migrate_options_lfs_endpoint.label = LFS endepunkt
 migrate_options_lfs_endpoint.description.local = En lokal serversti understøttes også.
-migrate_items = Migration Elementer
-migrate_items_wiki = Wiki
-migrate_items_milestones = Milepæle
-migrate_items_labels = Etiketter
-migrate_items_issues = Problemmer
-migrate_items_pullrequests = Pull-anmodninger
-migrate_items_merge_requests = Flet anmodninger
-migrate_items_releases = Udgivelser
 migrate_repo = Migrer depot
 migrate.clone_address_desc = HTTP(S) eller Git "klone" URL'en for et eksisterende depot
 migrate.clone_local_path = eller en lokal serversti
@@ -1157,14 +1149,6 @@ migrate.migrating = Migrerer fra <b>%s</b> …
 migrate.migrating_failed = Migrering fra <b>%s</b> mislykkedes.
 migrate.migrating_failed.error = Kunne ikke migrere: %s
 migrate.migrating_failed_no_addr = Migration mislykkedes.
-migrate.migrating_git = Migrering af Git-data
-migrate.migrating_topics = Migrering af emner
-migrate.migrating_milestones = Migrerende milepæle
-migrate.migrating_labels = Migrering af etiketter
-migrate.migrating_releases = Migrering af udgivelser
-migrate.migrating_issues = Migrering af problemer
-migrate.migrating_pulls = Migrering af pull-anmodninger
-migrate.cancel_migrating_title = Annuller migrering
 mirror_from = spejl af
 forked_from = forked fra
 generated_from = genereret fra
@@ -1175,7 +1159,6 @@ migrate_options_lfs_endpoint.description = Migration vil forsøge at bruge din f
 form.name_pattern_not_allowed = Mønsteret "%s" er ikke tilladt i et depotnavn.
 migrate_options_lfs_endpoint.placeholder = Hvis det efterlades tomt, vil endepunktet blive afledt fra klonens URL
 migrate.clone_address = Migrer / Klon fra URL
-migrate.cancel_migrating_confirm = Vil du annullere denne migrering?
 more_operations = Flere operationer
 new_from_template = Brug en skabelon
 new_from_template_description = Du kan vælge en eksisterende depotskabelon på denne instans og anvende dens indstillinger.
@@ -1269,15 +1252,10 @@ packages = Pakker
 actions = Handlinger
 labels = Etiketter
 milestones = Milepæle
-n_commit_few = %s commits
-n_branch_one = %s gren
-n_branch_few = %s grene
 org_labels_desc_manage = Styr
 commits = Commits
 commit = Commit
 org_labels_desc = Etiketter på organisationsniveau, der kan bruges med <strong>alle depoter</strong> under denne organisation
-n_commit_one = %s commit
-n_release_few = %s udgivelser
 released_this = udgivet dette
 file.title = %s ved %s
 file_raw = Rå
@@ -1287,9 +1265,6 @@ editor.fail_to_update_file_summary = Fejlmeddelelse:
 editor.push_rejected_summary = Fuldstændig afvisningsmeddelelse:
 editor.add_subdir = Tilføj en mappe…
 editor.unable_to_upload_files = Kunne ikke uploade filer til "%s" med fejl: %v
-n_tag_one = %s tag
-n_tag_few = %s tags
-n_release_one = %s udgivelse
 file_history = Historie
 file_view_source = Se kilde
 file_view_rendered = Vis gengivet
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 897d335cb8..494d64a6f7 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -1153,14 +1153,6 @@ migrate_options_lfs_endpoint.label=LFS-Endpunkt
 migrate_options_lfs_endpoint.description=Migration wird versuchen, über den entfernten Git-Server <a target="_blank" rel="noopener noreferrer" href="%s">den LFS-Server zu bestimmen</a>. Du kannst auch einen eigenen Endpunkt angeben, wenn die LFS-Dateien woanders gespeichert werden.
 migrate_options_lfs_endpoint.description.local=Ein lokaler Serverpfad wird ebenfalls unterstützt.
 migrate_options_lfs_endpoint.placeholder=Wenn leer gelassen, wird der Endpunkt von der Klon-URL abgeleitet
-migrate_items=Migrationselemente
-migrate_items_wiki=Wiki
-migrate_items_milestones=Meilensteine
-migrate_items_labels=Labels
-migrate_items_issues=Issues
-migrate_items_pullrequests=Pull-Requests
-migrate_items_merge_requests=Merge-Requests
-migrate_items_releases=Releases
 migrate_repo=Repository migrieren
 migrate.clone_address=Migrations-/Klon-URL
 migrate.clone_address_desc=Die HTTP(S)- oder „git clone“-URL eines bereits existierenden Repositorys
@@ -1179,16 +1171,6 @@ migrate.migrating=Migriere von <b>%s</b> …
 migrate.migrating_failed=Migrieren von <b>%s</b> fehlgeschlagen.
 migrate.migrating_failed.error=Migration fehlgeschlagen: %s
 migrate.migrating_failed_no_addr=Migration fehlgeschlagen.
-migrate.migrating_git=Git-Daten werden migriert
-migrate.migrating_topics=Themen werden migriert
-migrate.migrating_milestones=Meilensteine werden migriert
-migrate.migrating_labels=Labels werden migriert
-migrate.migrating_releases=Releases werden migriert
-migrate.migrating_issues=Issues werden migriert
-migrate.migrating_pulls=Pull-Requests werden migriert
-migrate.cancel_migrating_title=Migration abbrechen
-migrate.cancel_migrating_confirm=Möchtest du diese Migration abbrechen?
-
 mirror_from=Spiegel von
 forked_from=geforkt von
 generated_from=erzeugt von
@@ -2647,13 +2629,7 @@ pulls.ready_for_review = Bereit zur Sichtung?
 settings.rename_branch_failed_protected = Branch %s kann nicht umbenannt werden, weil er ein geschützter Branch ist.
 editor.commit_id_not_matching = Die Datei wurde geändert, während du sie bearbeitet hast. Committe in einen neuen Branch, dann führe einen Merge durch.
 editor.push_out_of_date = Der Push scheint veraltet zu sein.
-n_commit_few = %s Commits
-n_branch_one = %s Branch
-n_branch_few = %s Branches
-n_tag_one = %s Tag
-n_tag_few = %s Tags
 stars = Favorisierungen
-n_commit_one = %s Commit
 issues.num_participants_one = %d Beteiligter
 settings.enforce_on_admins_desc = Repositoryadministratoren können diese Regel nicht umgehen.
 settings.enforce_on_admins = Erzwinge diese Regel für alle Repositoryadministratoren
@@ -2677,8 +2653,6 @@ settings.transfer.button = Besitz übertragen
 settings.transfer.modal.title = Besitz übertragen
 wiki.no_search_results = Keine Ergebnisse
 wiki.search = Wiki durchsuchen
-n_release_one = %s freigegeben
-n_release_few = %s Veröffentlichungen
 form.string_too_long = Die Zeichenkette ist länger als %d Zeichen.
 settings.federation_settings = Föderationseinstellungen
 settings.federation_following_repos = URLs folgender Repositorys. Durch „;“ getrennt, keine Leerzeichen.
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index 682af86f78..a4c2cb14f6 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -1154,14 +1154,6 @@ migrate_options_lfs_endpoint.label=Άκρο LFS
 migrate_options_lfs_endpoint.description=Η μεταφορά θα προσπαθήσει να χρησιμοποιήσει το Git remote για να <a target="_blank" rel="noopener noreferrer" href="%s">καθορίσει τον διακομιστή LFS</a>. Μπορείτε επίσης να καθορίσετε ένα δικό σας endpoint αν τα δεδομένα LFS του αποθετηρίου αποθηκεύονται κάπου αλλού.
 migrate_options_lfs_endpoint.description.local=Μια διαδρομή στο τοπικό διακομιστή επίσης υποστηρίζεται.
 migrate_options_lfs_endpoint.placeholder=Αν αφεθεί κενό, το άκρο θα προκύψει από το URL του κλώνου
-migrate_items=Αντικείμενα μεταφοράς
-migrate_items_wiki=Wiki
-migrate_items_milestones=Ορόσημα
-migrate_items_labels=Σήματα
-migrate_items_issues=Ζητήματα
-migrate_items_pullrequests=Pull requests
-migrate_items_merge_requests=Merge requests
-migrate_items_releases=Κυκλοφορίες
 migrate_repo=Μεταφορά αποθετηρίου
 migrate.clone_address=Μεταφορά / Κλωνοποίηση από το URL
 migrate.clone_address_desc=Το HTTP(S) ή το Git URL «κλωνοποίησης» ενός υπάρχοντος αποθετηρίου
@@ -1180,16 +1172,6 @@ migrate.migrating=Γίνεται μεταφορά από το <b>%s</b>…
 migrate.migrating_failed=Η μεταφορά από το <b>%s</b> απέτυχε.
 migrate.migrating_failed.error=Αποτυχία μεταφοράς: %s
 migrate.migrating_failed_no_addr=Η μεταφορά απέτυχε.
-migrate.migrating_git=Τα δεδομένα Git μεταφέρονται
-migrate.migrating_topics=Τα θέματα μεταφέρονται
-migrate.migrating_milestones=Τα ορόσημα μεταφέρονται
-migrate.migrating_labels=Τα σήματα μεταφέρονται
-migrate.migrating_releases=Οι κυκλοφορίες μεταφέρονται
-migrate.migrating_issues=Τα ζητήματα μεταφέρονται
-migrate.migrating_pulls=Μεταφέρονται τα pull requests
-migrate.cancel_migrating_title=Ακύρωση μεταφοράς
-migrate.cancel_migrating_confirm=Θέλετε να ακυρώσετε αυτή τη μεταφορά;
-
 mirror_from=είδωλο του
 forked_from=forked από
 generated_from=παραγμένο από
@@ -2634,14 +2616,8 @@ activity.navbar.pulse = Παλμός
 settings.add_collaborator_blocked_them = Δεν είναι δυνατή η προσθήκη του χρήστη ως συνεργάτη, καθώς έχει αποκλείσει τον κάτοχο του αποθετηρίου.
 settings.wiki_rename_branch_main_notices_2 = Θα αλλάξει το όνομα του εσωτερικού κλάδου για το wiki του αποθετηρίου %s. Οι υπάρχουσες υποβολές θα πρέπει να ενημερωθούν.
 settings.add_collaborator_blocked_our = Δεν είναι δυνατή η προσθήκη του χρήστη ως συνεργάτη, καθώς ο κάτοχος του αποθετηρίου τον έχει αποκλείσει.
-n_branch_few = %s κλάδοι
-n_tag_one = %s ετικέτα
-n_tag_few = %s ετικέτες
-n_commit_one = %s υποβολή
 stars = Αστέρια
-n_branch_one = %s κλάδος
 commits.search_branch = Αυτός ο κλάδος
-n_commit_few = %s υποβολές
 settings.sourcehut_builds.secrets = Μυστικά
 settings.add_webhook.invalid_path = Η τοποθεσία του αρχείου δεν μπορεί να περιέχει κενά, «.» ή «..». Δεν μπορεί να αρχίζει ή να τελειώνει με μία κάθετο.
 commits.browse_further = Περιήγηση περισσοτέρων
@@ -2690,8 +2666,6 @@ settings.transfer.button = Παραχώρηση ιδιοκτησίας
 settings.matrix.room_id_helper = Το ID δωματίου μπορείτε να το βρείτε στο πρόγραμμα Element > Room Settings > Advanced > Internal room ID. Παράδειγμα: %s.
 wiki.search = Αναζήτηση wiki
 wiki.no_search_results = Κανένα αποτέλεσμα
-n_release_one = %s κυκλοφορία
-n_release_few = %s κυκλοφορίες
 release.hide_archive_links_helper = Απόκρυψη των αρχείων πηγαίου κώδικα που δημιουργούνται αυτόματα για αυτή την δημιοσίευση. Αυτή η ρύθμιση είναι χρήσιμη αν ανεβάζετε τα δικά σας αρχεία.
 release.type_attachment = Συνημμένο
 activity.published_prerelease_label = Προδημοσίευση
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 2df0b3a728..1fdced67c2 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -1208,14 +1208,6 @@ migrate_options_lfs_endpoint.label = LFS endpoint
 migrate_options_lfs_endpoint.description = Migration will attempt to use your Git remote to <a target="_blank" rel="noopener noreferrer" href="%s">determine the LFS server</a>. You can also specify a custom endpoint if the repository LFS data is stored somewhere else.
 migrate_options_lfs_endpoint.description.local = A local server path is supported too.
 migrate_options_lfs_endpoint.placeholder = If left blank, the endpoint will be derived from the clone URL
-migrate_items = Migration items
-migrate_items_wiki = Wiki
-migrate_items_milestones = Milestones
-migrate_items_labels = Labels
-migrate_items_issues = Issues
-migrate_items_pullrequests = Pull requests
-migrate_items_merge_requests = Merge requests
-migrate_items_releases = Releases
 migrate_repo = Migrate repository
 migrate.repo_desc_helper = Leave empty to import existing description
 migrate.clone_address = Migrate / Clone from URL
@@ -1235,16 +1227,6 @@ migrate.migrating = Migrating from <b>%s</b> …
 migrate.migrating_failed = Migrating from <b>%s</b> failed.
 migrate.migrating_failed.error = Failed to migrate: %s
 migrate.migrating_failed_no_addr = Migration failed.
-migrate.migrating_git = Migrating Git data
-migrate.migrating_topics = Migrating topics
-migrate.migrating_milestones = Migrating milestones
-migrate.migrating_labels = Migrating labels
-migrate.migrating_releases = Migrating releases
-migrate.migrating_issues = Migrating issues
-migrate.migrating_pulls = Migrating pull requests
-migrate.cancel_migrating_title = Cancel migration
-migrate.cancel_migrating_confirm = Do you want to cancel this migration?
-
 mirror_from = mirror of
 forked_from = forked from
 generated_from = generated from
@@ -1289,15 +1271,6 @@ milestones = Milestones
 org_labels_desc = Organization level labels that can be used with <strong>all repositories</strong> under this organization
 org_labels_desc_manage = manage
 
-n_commit_one=%s commit
-n_commit_few=%s commits
-n_branch_one=%s branch
-n_branch_few=%s branches
-n_tag_one=%s tag
-n_tag_few=%s tags
-n_release_one = %s release
-n_release_few = %s releases
-
 released_this = released this
 file.title = %s at %s
 file_raw = Raw
diff --git a/options/locale/locale_eo.ini b/options/locale/locale_eo.ini
index 249597b718..015c11c5b1 100644
--- a/options/locale/locale_eo.ini
+++ b/options/locale/locale_eo.ini
@@ -772,7 +772,7 @@ enable_custom_avatar = Uzi propran profilbildon
 change_password = Ŝanĝi pasvorton
 keep_pronouns_private = Montri pronomojn nur al la aŭtentikigitaj uzantoj
 keep_pronouns_private.description = Tio maskos viajn pronomojn kontraŭ neaŭtentikigitaj vizitantoj.
-add_new_principal =
+add_new_principal = 
 gpg_token_required = Vi devas disponigi signaturon por la malsupran ĵetono
 gpg_token = Ĵetono
 gpg_token_help = Vi povas generi signaturon uzante:
@@ -879,8 +879,6 @@ form.name_pattern_not_allowed = La ŝablono "%s" ne estas permesata en uzantnomo
 editor.add_file = Aldoni dosieron
 settings.tags = Etikedoj
 archive.title_date = Ĉi tiu deponejo arĥiviĝis je %s. Vi povas vidi kaj elŝuti dosierojn, sed ne povas puŝi nek raporti problemojn nek tirpeti.
-migrate_items_pullrequests = Tirpetoj
-migrate.migrating_pulls = Migrante tirpetojn
 unwatch = Malspuri
 watch = Spuri
 star = Stelumi
@@ -919,7 +917,6 @@ settings.default_branch_desc = Elekti implicutan deponejan branĉon por tirpetoj
 archive.title = Ĉi tiu deponejo estas arĥivigita. Vi povas vidi kaj elŝuti dosierojn, sed ne povas puŝi nek raporti problemojn nek tirpeti.
 activity.active_prs_count_n = <strong>%d</strong> aktivaj tirpetoj
 settings.archive.text = Arĥivigi la deponejon igus ĝin sole legebla. Ĝi kaŝiĝos de la labortablo. Neniu (ne eĉ vi!) povos fari enmetojn, raportojn, kaj tirpetojn.
-migrate_items_releases = Eldonoj
 commits.commits = Enmetoj
 rss.must_be_on_branch = Vi devas esti en branĉo por havi RSS-fluon.
 repo_name = Deponejonomo
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 8809dca726..5fb0a270eb 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -1153,14 +1153,6 @@ migrate_options_lfs_endpoint.label=Destino LFS
 migrate_options_lfs_endpoint.description=Migración intentará usar su mando Git para <a target="_blank" rel="noopener noreferrer" href="%s">determinar el servidor LFS</a>. También puede especificar un punto final personalizado si los datos LFS del repositorio se almacenan en otro lugar.
 migrate_options_lfs_endpoint.description.local=También se admite una ruta del servidor local.
 migrate_options_lfs_endpoint.placeholder=Si se deja en blanco, el punto final se derivará de la URL de clonación
-migrate_items=Objetos de migración
-migrate_items_wiki=Wiki
-migrate_items_milestones=Hitos
-migrate_items_labels=Etiquetas
-migrate_items_issues=Incidencias
-migrate_items_pullrequests=Solicitudes de extracción
-migrate_items_merge_requests=Solicitudes de fusión
-migrate_items_releases=Lanzamientos
 migrate_repo=Migrar repositorio
 migrate.clone_address=Migrar / Clonar desde URL
 migrate.clone_address_desc=La URL HTTP(S) o de Git "clone" de un repositorio existente
@@ -1179,16 +1171,6 @@ migrate.migrating=Migrando desde <b>%s</b>…
 migrate.migrating_failed=La migración desde <b>%s</b> ha fallado.
 migrate.migrating_failed.error=Error al migrar: %s
 migrate.migrating_failed_no_addr=Migración fallida.
-migrate.migrating_git=Migrando datos de Git
-migrate.migrating_topics=Migrando temas
-migrate.migrating_milestones=Migrando hitos
-migrate.migrating_labels=Migrando etiquetas
-migrate.migrating_releases=Migrar versiones
-migrate.migrating_issues=Migrando incidencias
-migrate.migrating_pulls=Migrando solicitudes de incorporación de cambios
-migrate.cancel_migrating_title=Cancelar la migración
-migrate.cancel_migrating_confirm=¿Quiere cancelar esta migración?
-
 mirror_from=réplica de
 forked_from=bifurcado de
 generated_from=generado desde
@@ -2583,24 +2565,16 @@ error.csv.invalid_field_count=No se puede procesar este archivo porque tiene un
 rss.must_be_on_branch = Debes estar en una rama para tener un feed RSS.
 desc.sha256 = SHA256
 issues.num_participants_one = %d participante
-n_commit_few = %s commits
-n_branch_few = %s ramas
-n_tag_one = %s etiqueta
-n_tag_few = %s etiquetas
 file_follow = Seguir enlace simbólico
 vendored = Vendored
 open_with_editor = Abrir con %s
-n_branch_one = %s rama
 issues.archived_label_description = (Archivado) %s
-n_commit_one = %s commit
 generated = Generado
 pulls.nothing_to_compare_have_tag = Las ramas/etiquetas seleccionadas son iguales.
 commits.search_branch = Esta rama
 commits.renamed_from = Renombrado de %s
 form.string_too_long = El texto introducido tiene más de %d caracteres.
 object_format = Formato de objetos
-n_release_one = %s lanzamiento
-n_release_few = %s versiones
 stars = Estrellas
 editor.invalid_commit_mail = Correo no válido para crear un commit.
 project = Proyectos
diff --git a/options/locale/locale_et.ini b/options/locale/locale_et.ini
index e86a0669dd..a18e593213 100644
--- a/options/locale/locale_et.ini
+++ b/options/locale/locale_et.ini
@@ -468,8 +468,6 @@ default_branch_label = vaikimisi
 code.desc = Ligipääs lähtekoodile, failidele, sissekannetele ja alamharudele.
 filter_branch_and_tag = Filtreeri alamharu või sildi alusel
 branches = Alamharud
-n_branch_one = %s alamharu
-n_branch_few = %s alamharu
 commit_graph.select = Vali alamharud
 commit.contained_in_default_branch = See sissekanne on vaikimisi alamharu osa
 editor.new_branch_name_desc = Alamharu uus nimi…
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index 64639e80a1..0e5fcc4e68 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -883,14 +883,6 @@ migrate_options_lfs=مهاجرت فایلهای LFS
 migrate_options_lfs_endpoint.label=نشانهای پایانی LFS
 migrate_options_lfs_endpoint.description=Migration سعی خواهد کرد از کنترل از راه دور Git شما برای <a target="_blank" rel="noopener noreferrer" href="%s">تعیین سرور LFS</a> استفاده کند. همچنین اگر داده های LFS مخزن در جای دیگری ذخیره شده باشد، می توانید یک نقطه پایانی سفارشی را مشخص کنید.
 migrate_options_lfs_endpoint.description.local=مسیر سرور محلی نیز پشتیبانی می شود.
-migrate_items=مولفه های مهاجرت
-migrate_items_wiki=دانشنامه
-migrate_items_milestones=نقاط عطف
-migrate_items_labels=برچسب‌ها
-migrate_items_issues=مسائل
-migrate_items_pullrequests=تقاضاهای واکشی
-migrate_items_merge_requests=تقاضاهای واکشی
-migrate_items_releases=انتشارها
 migrate_repo=انتقال مخزن
 migrate.clone_address=انتقال / همسان‌سازی از نشانی
 migrate.clone_address_desc=HTTP(S) or Git 'همسان‌سازی' نشانی‌های موجود در این مخزن
@@ -906,14 +898,6 @@ migrate.migrate=مهاجرت از %s
 migrate.migrating=مهاجرت از <b>%s</b> ...
 migrate.migrating_failed=مهاجرت از <b>%s</b> ناموفق بود.
 migrate.migrating_failed_no_addr=مهاجرت ناموفق بود.
-migrate.migrating_git=انتقال داده های Git
-migrate.migrating_topics=موضوعات مهاجرت
-migrate.migrating_milestones=نقاط عطف مهاجرت
-migrate.migrating_labels=برچسب های مهاجرت
-migrate.migrating_releases=انتشارات مهاجرت
-migrate.migrating_issues=مشکلات مهاجرت
-migrate.migrating_pulls=مهاجرت درخواست های pull
-
 mirror_from=قرینه از
 forked_from=انشعاب شده از
 generated_from=ساخته شده از
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 763e036069..c98bdebeea 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -1070,13 +1070,6 @@ template.issue_labels=Ongelmanimilaput
 
 
 
-migrate_items=Migraation kohteet
-migrate_items_wiki=Wiki
-migrate_items_milestones=Merkkipaalut
-migrate_items_labels=Nimilaput
-migrate_items_issues=Ongelmat
-migrate_items_pullrequests=Vetopyynnöt
-migrate_items_releases=Julkaisut
 migrate_repo=Suorita tietovaraston migraatio
 migrate.clone_address=Migraatio/kloonaus URL-osoitteesta
 migrate.github_token_desc=Voit lisätä tähän yhden tai useamman tunnuksen pilkuilla erotettuna nopeuttaaksesi migraatiota kiertämällä GitHub API:n nopeusrajoituksen. Varoitus: Tämän ominaisuuden väärinkäyttö voi rikkoa palveluntarjoajan käytäntöä ja johtaa tiliesi sulkemiseen.
@@ -1085,8 +1078,6 @@ migrate.failed=Migraatio epäonnistui: %v
 migrate.migrate_items_options=Lisäkohteiden migraatiota varten vaaditaan pääsypoletti
 migrate.migrating=Suoritetaan migraatio lähteestä <b>%s</b> …
 migrate.migrating_failed=Migraatio lähteestä <b>%s</b> epäonnistui.
-migrate.migrating_git=Suoritetaan Git-datan migraatiota
-
 mirror_from=peili kohteelle
 forked_from=forkattu tietovarastosta
 unwatch=Lopeta tarkkailu
@@ -1680,7 +1671,6 @@ fork_to_different_account = Forkkaa toiselle tilille
 release.compare = Vertaa
 release.ahead.commits = <strong>%d</strong> kommittia
 all_branches = Kaikki haarat
-n_tag_few = %s tagia
 settings.event_fork_desc = Tietovarasto forkattu.
 actions = Toiminnat
 fork_guest_user = Kirjaudu sisään forkataksesi tämän tietovaraston.
@@ -1689,19 +1679,16 @@ visibility_fork_helper = (Tämän muuttaminen vaikuttaa kaikkien forkkien näkyv
 fork = Forkkaa
 activity.git_stats_commit_n = %d kommittia
 commits.search_branch = Tämä haara
-n_branch_few = %s haaraa
 pulls.show_all_commits = Näytä kaikki kommitit
 commit_graph.select = Valitse haarat
 activity.navbar.recent_commits = Viimeaikaiset kommitit
 settings.branches.add_new_rule = Lisää uusi sääntö
-n_commit_few = %s kommittia
 issues.force_push_compare = Vertaa
 commits.desc = Selaa lähdekoodin muutoshistoriaa.
 clone_helper = Tarvitseko apua kloonauksen kanssa? Siirry <a target="_blank" rel="noopener noreferrer" href="%s">tukisivulle</a>.
 settings.mirror_settings.push_mirror.copy_public_key = Kopioi julkinen avain
 object_format = Objektimuoto
 editor.fail_to_update_file_summary = Virheviesti:
-n_branch_one = %s haara
 issues.content_history.delete_from_history_confirm = Poistetaanko historiasta?
 editor.new_patch = Uusi paikkaus
 pulls.merged_success = Vetopyyntö yhdistetty onnistuneesti ja suljettu
@@ -1751,8 +1738,6 @@ issues.dependency.add_error_dep_exists = Riippuvuus on jo olemassa.
 wiki.page_content = Sivun sisältö
 wiki.page_title = Sivun otsikko
 activity.navbar.contributors = Avustajat
-n_release_few = %s julkaisua
-n_release_one = %s julkaisu
 symbolic_link = Symbolinen linkki
 mirror_last_synced = Viimeksi synkronoitu
 find_file.go_to_file = Löydä tiedosto
@@ -1875,7 +1860,6 @@ issues.filter_label_select_no_label = Ei nimilappua
 projects.column.set_default = Aseta oletukseksi
 projects.edit_success = Projekti "%s" on päivitetty.
 desc.sha256 = SHA256
-n_commit_one = %s kommitti
 transfer.accept = Hyväksy siirto
 transfer.reject = Hylkää siirto
 default_branch_label = oletus
@@ -1932,7 +1916,6 @@ milestones.deletion = Poista merkkipaalu
 more_operations = Lisää toimintoja
 settings.branches.switch_default_branch = Vaihda oletushaara
 tag.confirm_create_tag = Luo tagi
-n_tag_one = %s tagi
 branch.renamed = Haaran %s uudeksi nimeksi asetettiin %s.
 release.tag_name_protected = Tagin nimi on suojattu.
 pulls.merge_conflict_summary = Virheviesti
@@ -1985,7 +1968,6 @@ milestones.filter_sort.earliest_due_data = Lähin eräpäivä
 issues.filter_type.reviewed_by_you = Katselmoitu toimestasi
 settings.units.overview = Yleisnäkymä
 settings.remove_team_success = Tiimin pääsy tietovarastoon on poistettu.
-migrate.cancel_migrating_confirm = Haluatko perua tämän migraation?
 settings.units.units = Yksiköt
 settings.update_settings_no_unit = Tietovaraston tulisi sallia edes jonkinlainen vuorovaikutus.
 settings.units.add_more = Ota lisää käyttöön
@@ -2059,7 +2041,6 @@ release.title_empty = Nimi ei voi olla tyhjä.
 archive.title = Tämä tietovarasto on arkistoitu. Voit tarkastella sen tiedostoja ja kloonata sen, mutta et voi tehdä muutoksia sen tilaan, kuten tehdä työntöjä tai luoda uusia ongelmia, vetopyyntöjä tai kommentteja.
 reactions_more = ja %d lisää
 mirror_address = Kloonaa URL-osoitteesta
-migrate_items_merge_requests = Yhdistämispyynnöt
 stars_remove_warning = Tämä poistaa kaikki tähdet tästä tietovarastosta.
 settings.webhook_deletion_desc = Webkoukun poistaminen poistaa sen asetukset ja toimitushistorian. Jatketaanko?
 settings.discord_icon_url.exceeds_max_length = Kuvakkeen URL-osoite voi sisältää enintään 2048 merkkiä
@@ -2228,8 +2209,6 @@ issues.dismiss_review_warning = Haluatko hylätä katselmoinnin?
 commit.operations = Toimenpiteet
 commits.view_single_diff = Näytä tässä kommitissa tähän tiedostoon kohdistuneet muutokset
 issues.choose.ignore_invalid_templates = Virheelliset mallipohjat on jätetty huomiotta
-migrate.migrating_milestones = Suoritetaan merkkipaalujen migraatiota
-migrate.migrating_issues = Suoritetaan ongelmien migraatiota
 migrate.clone_local_path = tai paikallisen palvelimen polku
 pulls.filter_changes_by_commit = Suodata kommitin perusteella
 pulls.show_changes_since_your_last_review = Näytä viimeisimmän katselmointisi jälkeiset muutokset
@@ -2244,7 +2223,6 @@ migrate.invalid_lfs_endpoint = LFS-päätepiste ei ole kelvollinen.
 issues.new.clear_projects = Tyhjennä projektit
 mirror_denied_combination = Julkiseen avaimeen ja salasanaan pohjautuvaa todennusta ei voi käyttää yhdessä.
 template.git_content = Git-sisältö (Oletushaara)
-migrate.migrating_releases = Suoritetaan julkaisujen migraatiota
 unit_disabled = Sivuston ylläpitäjä on poistanut käytöstä tämän tietovarasto-osion.
 issues.filter_sort.relevance = Asiaankuuluvuus
 pulls.reopen_to_merge = Avaa tämä vetopyyntö uudelleen suorittaaksesi yhdistämisen.
@@ -2256,9 +2234,6 @@ issues.dismiss_review = Hylkää katselmointi
 editor.file_changed_while_editing = Tiedoston sisältö on muuttunut sen avaamisen jälkeen. <a target="_blank" rel="noopener noreferrer" href="%s">Napsauta tästä</a> nähdäksesi muutokset tai <strong>kommitoi muutokset uudelleen</strong> korvataksesi muutokset.
 sync_fork.button = Synkronoi
 migrated_from = Suoritettu migraatio lähteestä <a href="%[1]s">%[2]s</a>
-migrate.migrating_topics = Suoritetaan aiheiden migraatiota
-migrate.migrating_pulls = Suoritetaan vetopyyntöjen migraatiota
-migrate.cancel_migrating_title = Peruuta migraatio
 file_follow = Seuraa symbolista linkkiä
 commit.load_referencing_branches_and_tags = Lataa haarat ja tagit, jotka viittaavat tähän kommittiin
 editor.commit_id_not_matching = Tiedosto muuttui sillä aikaa, kun muokkasit sitä. Kommitoi uuteen haaraan ja yhdistä sen jälkeen.
@@ -2282,7 +2257,6 @@ projects.column.deletion_desc = Projektin sarakkeen poistaminen siirtää kaikki
 issues.del_time = Poista tämä aikaloki
 migrated_from_fake = Suoritettu migraatio lähteestä %[1]s
 migrate.migrate = Tee migraatio lähteestä %s
-migrate.migrating_labels = Suoritetaan nimilappujen migraatiota
 file_view_rendered = Näytä renderöitynä
 editor.invalid_commit_mail = Virheellinen sähköposti kommitin luomista varten.
 sync_fork.branch_behind_one = Tämä haara on %[1]d kommitin jäljessä %[2]s
diff --git a/options/locale/locale_fil.ini b/options/locale/locale_fil.ini
index 0181f32452..8c8db3045e 100644
--- a/options/locale/locale_fil.ini
+++ b/options/locale/locale_fil.ini
@@ -1091,7 +1091,6 @@ delete_preexisting = Burahin ang mga dating umiiral na file
 delete_preexisting_content = Burahin ang mga file sa %s
 tree_path_not_found_commit = Hindi umiiral ang path na %[1]s sa commit %[2]s
 tree_path_not_found_branch = Hindi umiiral ang daanang %[1]s sa branch %[2]s
-migrate_items_pullrequests = Mga hiling sa paghila
 archive.title = Naka-archive ang repositoryong ito. Maaari mong itignan ang mga file at i-clone ito, pero hindi ka makakagawa ng anumang pagbabago sa estado ito, tulad ng pagtulak at paggawa ng mga isyu, pull request o mga komento.
 archive.title_date = Naka-archive ang repositoryo na ito noong %s. Maaari mong itignan ang mga file at i-clone ito, pero hindi ka makakagawa ng anumang pagbabago sa estado nito, tulad ng pagtulak o paggawa ng mga bagong isyu, mga pull request, o komento.
 pulls = Mga hiling sa paghila
@@ -1143,13 +1142,7 @@ form.name_pattern_not_allowed = Hindi pinapayagan ang pattern na "%s" sa pangala
 migrate_options_lfs = I-migrate ang mga LFS file
 migrate_options_lfs_endpoint.label = Endpoint ng LFS
 migrate_options_lfs_endpoint.placeholder = Kung iwanang blangko, ang endpoint ay magmumula sa clone URL
-migrate_items_milestones = Mga milestone
-migrate_items_labels = Mga label
-migrate_items_issues = Mga isyu
-migrate_items_merge_requests = Mga merge request
 migrate.clone_address = Magmigrate / Mag-clone mula sa URL
-migrate_items = Mga item sa pagmigrate
-migrate_items_releases = Mga paglabas
 migrate_repo = I-migrate ang repositoryo
 size_format = %[1]s: %[2]s, %[3]s: %[4]s
 template.git_hooks_tooltip = Kasalukuyang hindi mo mababago o matatanggal ang mga hook ng Git kapag nadagdag. Piliin lang ito kapag pinagkakatiwalaan mo ang template na repositoryo.
@@ -1157,7 +1150,6 @@ template.webhooks = Mga webhook
 template.topics = Mga paksa
 template.issue_labels = Mga label ng isyu
 template.one_item = Kailangang pumili ng kahit isang template item
-migrate_items_wiki = Wiki
 migrate.clone_local_path = o isang lokal na path ng server
 adopt_preexisting_success = Pinagtibay ang mga file at ginawa ang repositoryo mula sa %s
 delete_preexisting_success = Burahin ang mga hindi pinatibay na file sa %s
@@ -1168,12 +1160,6 @@ migrate.invalid_local_path = Hindi wasto ang lokal na path. Hindi ito umiiral o
 migrate.invalid_lfs_endpoint = Hindi wasto ang LFS endpoint.
 migrate.migrating_failed = Nabigo ang pag-migrate mula sa <b>%s</b>.
 migrate.migrating_failed_no_addr = Nabigo ang pagmigrate.
-migrate.migrating_topics = Nililipat ang mga paksa
-migrate.migrating_milestones = Nililipat ang mga milestone
-migrate.migrating_releases = Nililipat ang mga paglabas
-migrate.migrating_pulls = Nililipat ang mga pull request
-migrate.cancel_migrating_title = Kanselahin ang pag-migrate
-migrate.cancel_migrating_confirm = Gusto mo bang kanselahin ang migration na ito?
 mirror_from = mirror ng
 forked_from = na-fork mula sa
 generated_from = na-generate mula sa
@@ -1227,7 +1213,6 @@ from_comment = (komento)
 editor.add_file = Magdagdag ng file
 editor.upload_file = Mag-upload ng file
 editor.cannot_edit_lfs_files = Hindi mababago ang mga LFS file sa web interface.
-migrate.migrating_issues = Nililipat ang mga isyu
 fork_from_self = Hindi ka makaka-fork ng repositoryo na minamay-ari mo.
 broken_message = Ang Git data na pinagbabatayan sa repositoryo na ito ay hindi mabasa. Makipag-ugnayan sa tagapangasiwa ng instansya na ito o burahin ang repositoryo na ito.
 file_history = Kasaysayan
@@ -1235,7 +1220,6 @@ invisible_runes_header = `Nalalaman ng file na ito ng mga hindi nakikitang Unico
 file_too_large = Masyadong malaki ang file para ipakita.
 invisible_runes_description = `Ang file na ito ay naglalaman ng mga hindi nakikitang Unicode character na hindi nakikilala ng mga tao ngunit maaaring maproseso ng ibang paraan ng isang computer. Kung sa tingin mo ay sinasadya ito, maaari mong ligtas na hindi pansinin ang babala na ito. Gamitin ang I-escape na button para ipakita sila.`
 commit.contained_in_default_branch = Ang commit na ito ay bahagi ng default na branch
-migrate.migrating_labels = Nililipat ang mga label
 filter_branch_and_tag = I-filter ang branch o tag
 clear_ref = `Burahin ang kasalukuyang sanggunian`
 actions = Mga Aksyon
@@ -1248,12 +1232,6 @@ commits = Mga Commit
 file_permalink = Permalink
 migrate.migrating_failed.error = Nabigong magmigrate: %s
 unwatch = I-unwatch
-n_commit_one = %s commit
-n_commit_few = %s mga commit
-n_branch_one = %s branch
-n_branch_few = %s mga branch
-n_tag_one = %s tag
-n_tag_few = %s mga tag
 editor.cannot_edit_non_text_files = Hindi mababago ang mga binary file sa web interface.
 migrated_from = Na-migrate mula sa <a href="%[1]s">%[2]s</a>
 migrated_from_fake = Na-migrate mula sa %[1]s
@@ -1272,7 +1250,6 @@ unescape_control_characters = I-unescape
 invisible_runes_line = `Ang linya na ito ay may mga hindi nakikitang Unicode character`
 ambiguous_runes_line = `Ang linya na ito ay may mga hindi tiyak na Unicode character`
 tag = Tag
-migrate.migrating_git = Nililipat ang Git data
 vendored = Naka-vendor
 editor.delete = Burahin ang %s
 editor.add = Idagdag ang %s
@@ -1612,7 +1589,6 @@ issues.new.clear_assignees = I-clear ang mga mangangasiwa
 issues.new.no_assignees = Walang mga mangangasiwa
 issues.choose.invalid_config = Ang config ng isyu ay naglalaman ng mga error:
 issues.label_templates.info = Walang pang mga umiiral na label. Gumawa ng label gamit ang "Bagong label" o gumamit ng label preset:
-n_release_one = %s release
 issues.action_label = Label
 issues.action_milestone = Milestone
 issues.action_milestone_no_select = Walang milestone
@@ -1646,7 +1622,6 @@ issues.remove_project_at = `tinanggal ito mula sa <b>%s</b> na proyekto %s`
 issues.filter_label_select_no_label = Walang label
 issues.filter_sort.fewestforks = Pinakakaunting fork
 issues.add_assignee_at = `ay itinalaga ni/ng <b>%s</b> %s`
-n_release_few = %s mga release
 issues.remove_ref_at = `tinanggal ang sangguni na <b>%s</b> %s`
 issues.add_ref_at = `idinagdag ang sangguni na <b>%s</b> %s`
 issues.filter_milestone = Milestone
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index d48753763a..c513bc9ca5 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -1153,14 +1153,6 @@ migrate_options_lfs_endpoint.label=Point d'accès LFS
 migrate_options_lfs_endpoint.description=La migration va tenter d'utiliser votre dépôt Git distant pour <a target="_blank" rel="noopener noreferrer" href="%s">déterminer le serveur LFS</a>. Vous pouvez également spécifier un point d'accès personnalisé si les données LFS du dépôt sont stockées ailleurs.
 migrate_options_lfs_endpoint.description.local=Un chemin de serveur local est également pris en charge.
 migrate_options_lfs_endpoint.placeholder=Si laissé vide, le point de terminaison sera dérivé de l'URL du clone
-migrate_items=Éléments à migrer
-migrate_items_wiki=Wiki
-migrate_items_milestones=Jalons
-migrate_items_labels=Labels
-migrate_items_issues=Tickets
-migrate_items_pullrequests=Demandes d'ajout
-migrate_items_merge_requests=Demandes de fusion
-migrate_items_releases=Publications
 migrate_repo=Migrer le dépôt
 migrate.clone_address=Migrer/Cloner depuis une URL
 migrate.clone_address_desc=L'URL HTTP(S) ou Git "clone" d'un dépôt existant
@@ -1179,16 +1171,6 @@ migrate.migrating=Migration de <b>%s</b> …
 migrate.migrating_failed=La migration de <b>%s</b> a échoué.
 migrate.migrating_failed.error=Échec de la migration : %s
 migrate.migrating_failed_no_addr=Échec de la migration.
-migrate.migrating_git=Migration des données Git
-migrate.migrating_topics=Migration des sujets
-migrate.migrating_milestones=Migration des jalons
-migrate.migrating_labels=Migration des labels
-migrate.migrating_releases=Migration des publications
-migrate.migrating_issues=Migration des tickets
-migrate.migrating_pulls=Migration des demandes d'ajout
-migrate.cancel_migrating_title=Annuler la migration
-migrate.cancel_migrating_confirm=Voulez-vous abandonner cette migration ?
-
 mirror_from=miroir de
 forked_from=bifurqué depuis
 generated_from=généré depuis
@@ -2639,16 +2621,10 @@ file_follow = Suivre le lien symbolique
 settings.confirmation_string = Chaine de confirmation
 pulls.agit_explanation = Créé par le workflow AGit. AGit permet aux contributeurs de proposer des modifications en utilisant "git push" sans créer une bifurcation ou une nouvelle branche.
 stars = Étoiles
-n_tag_few = %s étiquettes
 editor.commit_id_not_matching = Le fichier a été modifié pendant que vous l'éditiez. Appliquez les modifications à une nouvelle branche puis procédez à la fusion.
 commits.search_branch = Cette branche
 open_with_editor = Ouvrir avec %s
 pulls.ready_for_review = Prêt à être évalué ?
-n_commit_one = %s commit
-n_commit_few = %s commits
-n_branch_one = %s branch
-n_branch_few = %s branches
-n_tag_one = %s étiquettes
 editor.push_out_of_date = Le push semble obsolète.
 issues.num_participants_one = %d participant
 issues.archived_label_description = (Archivé) %s
@@ -2679,8 +2655,6 @@ settings.federation_settings = Paramètres de féderation
 project = Projets
 subscribe.issue.guest.tooltip = Authentifiez vous pour vous abonner à ce ticket.
 subscribe.pull.guest.tooltip = Authentifiez vous pour suivre cette demande d'ajout.
-n_release_one = %s publication
-n_release_few = %s publications
 issues.author.tooltip.pr = Cet utilisateur est l'auteur de cette pull request.
 issues.author.tooltip.issue = Cet utilisateur est l'auteur de ce ticket.
 issues.edit.already_changed = Impossible de sauvegarder les changements du ticket car son contenu a déjà été modifié par un autre utilisateur. Veuillez recharger la page et essayer de l'éditer à nouveau pour éviter d'écraser ses changements
diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini
index 27e61dd0ac..9f72c9b2f6 100644
--- a/options/locale/locale_ga-IE.ini
+++ b/options/locale/locale_ga-IE.ini
@@ -895,14 +895,6 @@ migrate_options_lfs_endpoint.label = Críochphointe LFS
 migrate_options_lfs_endpoint.description = Déanfaidh imirce iarracht do chianda Git a úsáid chun <a target="_blank" rel="noopener noreferrer" href="%s">freastalaí LFS a chinneadh</a>. Is féidir leat críochphointe saincheaptha a shonrú freisin má tá na sonraí LFS stórtha stóráilte áit éigin eile.
 migrate_options_lfs_endpoint.description.local = Tacaítear le cosán freastalaí áitiúil freisin.
 migrate_options_lfs_endpoint.placeholder = Má fhágtar bán, díorthófar an críochphointe ón URL clóin
-migrate_items = Míreanna Imirce
-migrate_items_wiki = Wiki
-migrate_items_milestones = Clocha míle
-migrate_items_labels = Lipéid
-migrate_items_issues = Saincheisteanna
-migrate_items_pullrequests = Iarrataí Tarraing
-migrate_items_merge_requests = Iarrataí Cumaisc
-migrate_items_releases = Eisiúintí
 migrate_repo = Stóras Imirc
 migrate.clone_address = Aimirce/ Clón Ó URL
 migrate.github_token_desc = Is féidir leat comhartha amháin nó níos mó a chur le camóg scartha anseo chun imirce a dhéanamh níos gasta mar gheall ar theorainn ráta API GitHub. RABHADH: D'fhéadfadh mí-úsáid na ngné seo beartas an sholáthraí seirbhíse a shárú agus blocáil cuntais a bheith mar thoradh air.
@@ -919,15 +911,6 @@ migrate.migrating = Ag aistriú ó <b>%s</b> ...
 migrate.migrating_failed = Theip ar aistriú ó <b>%s</b>.
 migrate.migrating_failed.error = Theip ar aistriú: %s
 migrate.migrating_failed_no_addr = Theip ar an imirce.
-migrate.migrating_git = Sonraí Git a Aimirce
-migrate.migrating_topics = Ábhair Imirce
-migrate.migrating_milestones = Clocha Míle a Imirce
-migrate.migrating_labels = Lipéid Imirce
-migrate.migrating_releases = Eisiúintí Imirce
-migrate.migrating_issues = Saincheisteanna Imirce
-migrate.migrating_pulls = Iarratais Tarraingthe á n-Imirce
-migrate.cancel_migrating_title = Cealaigh Imirce
-migrate.cancel_migrating_confirm = Ar mhaith leat an imirce seo a chealú?
 mirror_from = scáthán de
 forked_from = forcailte ó
 generated_from = a ghintear ó
diff --git a/options/locale/locale_he.ini b/options/locale/locale_he.ini
index 047e4d7bd6..b176332689 100644
--- a/options/locale/locale_he.ini
+++ b/options/locale/locale_he.ini
@@ -520,7 +520,7 @@ remove_account_link_success = החשבון המקושר הוסר.
 
 [repo]
 new_advanced = הגדרות מתקדמות
-new_advanced_expand =
+new_advanced_expand = 
 owner = בעלים
 repo_name = שם הקרפיף
 repo_name_helper = שמות קרפיפים טובים הם זכירים, קצרים וייחודיים.
@@ -571,9 +571,6 @@ desc.archived = בארכיון
 archive.pull.noreview = קרפיף זה בארכיון. אי אפשר לבקר בקשות מיזוג.
 form.reach_limit_of_creation_n = החשבון של הבעלים כבר הגיע לכמות הקרפיפים המקסימלית (%s).
 form.name_reserved = שם הקרפיף "%s" שמור.
-migrate_items_wiki = ויקי
-migrate_items_issues = סוגיות
-migrate_items_pullrequests = בקשות מיזוג
 migrate.clone_address = ייבוא \ שכפול מ־URL
 migrated_from = יובא מ‏־<a href="%[1]s">%[2]s</a>
 migrated_from_fake = יובא מ־%[1]s
@@ -582,8 +579,6 @@ migrate.migrating = פורג'ו בתהליכי יבוא מ־<b>%s</b>...
 migrate.migrating_failed = היבוא מ<b>%s</b> נכשל.
 migrate.migrating_failed.error = הייבוא נכשל: %s
 migrate.migrating_failed_no_addr = הייבוא נכשל.
-migrate.migrating_topics = ייבוא נושאים
-migrate.migrating_milestones = ייבוא אבני דרך
 editor.delete_this_file = מחיקת קובץ
 editor.name_your_file = שם הקובץ…
 editor.or = או
@@ -600,8 +595,6 @@ default_branch = ענף ברירת המחדל
 migrate_options_mirror_helper = קרפיף זה יהיה מראה
 migrate_options_lfs = ייבוא אחסון קבצים גדולים (LFS)
 migrate_options = אפשרויות ייבוא
-migrate.migrating_labels = ייבוא תוויות
-migrate.migrating_releases = ייבוא גרסאות
 editor.file_delete_success = הקובץ "%s" נמחק.
 editor.commit_message_desc = תיאור ארוך לא חובה…
 already_forked = כבר מזלגת את %s
@@ -631,7 +624,6 @@ template.topics = נושאים
 stars_remove_warning = פעולה זו תסיר מהקרפיף את כל הכוכבים.
 owner_helper = ארגונים שכבר יצרו את כמות הקרפיפים המקסימלית לא מוצגים בתפריט.
 fork_to_different_account = מזלוג לחשבון אחר
-migrate_items_releases = גרסאות
 migrate.permission_denied = אין לך הרשאה לייבא קרפיפים מהשרת הנוכחי.
 fork_repo = מזלוג
 watchers = מנויים
@@ -642,14 +634,11 @@ archive.title_date = קרפיך זה בארכיון כבר %s. אפשר לצפו
 form.name_pattern_not_allowed = התבנית "%s" לא חוקית בתוך שם של קרפיף.
 mirror_use_ssh.helper = פורג'ו ישקף את הקרפיף דרך התמיכה המובנית של גיט ב־SSH, ויצור בשבילך זוג מפתחות אוטומטית. באחריותך לוודא שלמפתח הציבורי שיווצר יהיה גישה לקרפיף היעד. אי אפשר להשתמש בכניסה על־בסיס סיסמה עם אפשרות זו.
 mirror_lfs = אחסון קבצים גדולים (LFS)
-migrate_items_labels = תוויות
 migrate_repo = ייבוא קרפיף
 transfer.no_permission_to_accept = אין לך הרשאה לאשר את העברת הקרפיף הזו.
 form.string_too_long = הטקסט הנתון ארוך מ־%d תווים.
-migrate_items_milestones = אבני דרך
 migrate.failed = הייבוא נכשל: %v
 migrate.migrate_items_options = פורג'ו צריך קוד גישה כדי לייבא מידע נוסף
-migrate.migrating_git = ייבוא הקרפיף עצמו
 editor.filename_help = אפשר להפריד בין תיקיות עם סלאשים, ו"למחוק" תיקיות עם backspace, כאילו זוהי תיבת טקסט רגילה.
 editor.filename_is_a_directory = אי אפשר לקרוא לקובץ "%s"; כבר קיימת תיקייה תחת אותו שם.
 editor.file_editing_no_longer_exists = הקובץ הנערך שהיה ידוע כ־"%s" לא קיים יותר בקרפיף זה.
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index 6810f20c1e..481159fd3c 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -685,12 +685,6 @@ template.issue_labels=Hibajegy címkék
 template.one_item=Legalább egy sablonelemet ki kell választani
 template.invalid=Ki kell választani egy sablon tárolót
 
-migrate_items_wiki=Wiki
-migrate_items_milestones=Mérföldkövek
-migrate_items_labels=Címkék
-migrate_items_issues=Hibajegyek
-migrate_items_pullrequests=Pull request-ek
-migrate_items_releases=Kiadások
 migrate_repo=Tároló migrációja
 migrate.clone_address=Migráció / Másolás URL-ről
 migrate.clone_address_desc=HTTP(S) vagy Git URL-e egy már létező tárolónak
diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini
index 18ec4df928..297f110135 100644
--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@@ -587,12 +587,6 @@ template.topics=Topik
 template.avatar=Avatar
 template.issue_labels=Label Masalah
 
-migrate_items=Ihwal Migrasi
-migrate_items_wiki=Wiki
-migrate_items_milestones=Tonggak
-migrate_items_issues=Masalah
-migrate_items_pullrequests=Tarik Permintaan
-migrate_items_releases=Rilis
 migrate_repo=Migrasi Repositori
 migrate.permission_denied=Anda tidak diizinkan untuk mengimpor repositori lokal.
 migrate.failed=Migrasi gagal: %v
diff --git a/options/locale/locale_is-IS.ini b/options/locale/locale_is-IS.ini
index 41d35e2738..805024281b 100644
--- a/options/locale/locale_is-IS.ini
+++ b/options/locale/locale_is-IS.ini
@@ -590,17 +590,8 @@ template.issue_labels=Vandamálslýsingar
 
 migrate_options_lfs=Flytja LFS skrár
 migrate_options_lfs_endpoint.label=LFS Endapunktur
-migrate_items_wiki=Handbók
-migrate_items_milestones=Tímamót
-migrate_items_labels=Skýringar
-migrate_items_issues=Vandamál
-migrate_items_pullrequests=Sameiningarbeiðnir
-migrate_items_merge_requests=Sameiningarbeiðnir
-migrate_items_releases=Útgáfur
 migrate_repo=Flytja Hugbúnaðarsafn
 migrate.migrate=Flytja Frá %s
-migrate.migrating_labels=Að færa Lýsingar
-
 mirror_from=speglun af
 forked_from=tvískipt frá
 generated_from=myndað frá
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index 2869750807..3eb67a2f59 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -1132,14 +1132,6 @@ migrate_options_lfs=Migra file LFS
 migrate_options_lfs_endpoint.label=Punto d'accesso LFS
 migrate_options_lfs_endpoint.description=La migrazione tenterà di utilizzare il tuo Git remote per <a target="_blank" rel="noopener noreferrer" href="%s">determinare il server LFS</a>. È inoltre possibile specificare un endpoint personalizzato se il repositorio dati LFS è memorizzato da qualche altra parte.
 migrate_options_lfs_endpoint.description.local=È supportato anche un percorso server locale.
-migrate_items=Elementi di migrazione
-migrate_items_wiki=Wiki
-migrate_items_milestones=Traguardi
-migrate_items_labels=Etichette
-migrate_items_issues=Segnalazioni
-migrate_items_pullrequests=Richieste di modifica
-migrate_items_merge_requests=Richieste di fusione
-migrate_items_releases=Rilasci
 migrate_repo=Migra repositorio
 migrate.clone_address=Migra / Clona da URL
 migrate.clone_address_desc=URL HTTP(S) o Git "clone" di un repositorio esistente
@@ -1156,14 +1148,6 @@ migrate.migrate=Migra da %s
 migrate.migrating=Migrazione da <b>%s</b>...
 migrate.migrating_failed=Migrazione da <b>%s</b> fallita.
 migrate.migrating_failed_no_addr=Migrazione non riuscita.
-migrate.migrating_git=Migrazione dei dati Git
-migrate.migrating_topics=Migrazione degli argomenti
-migrate.migrating_milestones=Migrazione dei traguardi
-migrate.migrating_labels=Migrazione delle etichette
-migrate.migrating_releases=Migrazione dei rilasci
-migrate.migrating_issues=Migrazione delle segnalazioni
-migrate.migrating_pulls=Migrazione delle richieste di modifica
-
 mirror_from=mirror da
 forked_from=derivato da
 generated_from=generato da
@@ -2316,7 +2300,6 @@ pulls.cmd_instruction_merge_title = Merge
 pulls.cmd_instruction_checkout_desc = Dalla tua repository del progetto, accedi a un nuovo ramo e prova le modifiche.
 milestones.new_subheader = I traguardi possono aiutarti ad organizzare le segnalazioni e a tracciarne i progressi.
 activity.navbar.contributors = Contributori
-migrate.cancel_migrating_title = Annulla migrazione
 more_operations = Ulteriori operazioni
 actions = Azioni
 commit.operations = Operazioni
@@ -2526,7 +2509,6 @@ tree_path_not_found.tag = Il percorso %[1]s non esiste nel tag %[2]s
 transfer.no_permission_to_accept = Non hai i permessi per accettare questo trasferimento.
 transfer.no_permission_to_reject = Non hai i permessi per rifiutare questo trasferimento.
 migrate_options_lfs_endpoint.placeholder = Se lasciato vuoto il punto di accesso sarà derivato dall'URL usato per clonare
-migrate.cancel_migrating_confirm = Vuoi annullare questa migrazione?
 editor.filename_is_invalid = Nome file invalido: "%s".
 editor.unable_to_upload_files = Impossibile caricare i file su "%s" con errore: %v
 projects.create_success = Il progetto "%s" è stato creato.
@@ -2645,9 +2627,6 @@ settings.event_pull_request_review_request_desc = Richiesta la revisione della r
 stars = Stelle
 issues.num_participants_one = %d partecipante
 open_with_editor = Apri con %s
-n_commit_few = %s commit
-n_branch_one = %s ramo
-n_tag_few = %s etichette
 settings.web_hook_name_sourcehut_builds = Build SourceHut
 settings.sourcehut_builds.manifest_path = Percorso manifest della build
 settings.sourcehut_builds.visibility = Visibilità attività
@@ -2658,13 +2637,10 @@ editor.push_out_of_date = Il push sembra essere obsoleto.
 issues.archived_label_description = (Archiviato) %s
 settings.sourcehut_builds.secrets_helper = Fornisci l'accesso ai segreti della build all'incarico (richiede il permesso SECRETS:RO)
 settings.add_webhook.invalid_path = Il percorso non deve contenere dei componenti quali ".", "..", o una stringa vuota. Non può iniziare o finire con uno slash.
-n_commit_one = %s commit
 settings.enforce_on_admins = Imponi questa regola agli amministratori del repository
 release.system_generated = Questo allegato è stato generato automaticamente.
 pulls.ready_for_review = Pronto alla revisione?
 editor.commit_id_not_matching = L'ID del commit non combacia con quello del commit che stavi modificando. Conferma le tue modifiche su un nuovo ramo, poi fondilo col ramo desiderato.
-n_branch_few = %s rami
-n_tag_one = %s etichetta
 commits.search_branch = Questo ramo
 settings.rename_branch_failed_protected = Non è possibile rinominare il ramo %s perché è un ramo protetto.
 settings.event_pull_request_enforcement = Imposizione
@@ -2678,8 +2654,6 @@ project = Progetti
 issues.edit.already_changed = Impossibile salvare le modifiche alla segnalazione. Sembra che il contenuto sia già stato modificato da un*altrə utente. Aggiornare la pagina e provare a modificare nuovamente per evitare di sovrascrivere le modifiche
 subscribe.pull.guest.tooltip = Accedi per iscriverti a questa richiesta di modifica.
 subscribe.issue.guest.tooltip = Accedere per seguire questa segnalazione.
-n_release_one = %s rilascio
-n_release_few = %s rilasci
 issues.author.tooltip.pr = Quest'utente è l'autorə di questa richiesta di modifica.
 release.hide_archive_links = Nascondi automaticamente gli archivi generati
 settings.federation_settings = Impostazioni di federazione
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 89da29c8a4..5a1acddeef 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -1149,14 +1149,6 @@ migrate_options_lfs_endpoint.label=LFS エンドポイント
 migrate_options_lfs_endpoint.description=マイグレーションでは、リモート側のGitをもとに<a target="_blank" rel="noopener noreferrer" href="%s">LFSサーバーを決定</a>しようとします。 リポジトリのLFSデータがほかの場所に保存されている場合は、独自のエンドポイントを指定することができます。
 migrate_options_lfs_endpoint.description.local=ローカルサーバーのパスもサポートされています。
 migrate_options_lfs_endpoint.placeholder=空にするとエンドポイントはクローン URL から決定されます
-migrate_items=移行する項目
-migrate_items_wiki=Wiki
-migrate_items_milestones=マイルストーン
-migrate_items_labels=ラベル
-migrate_items_issues=イシュー
-migrate_items_pullrequests=プルリクエスト
-migrate_items_merge_requests=マージリクエスト
-migrate_items_releases=リリース
 migrate_repo=リポジトリを移行
 migrate.clone_address=移行 / クローンするURL
 migrate.clone_address_desc=既存リポジトリの、HTTP(S)またはGit形式のクローンURL
@@ -1175,16 +1167,6 @@ migrate.migrating=<b>%s</b> から移行しています …
 migrate.migrating_failed=<b>%s</b> からの移行が失敗しました。
 migrate.migrating_failed.error=移行に失敗しました: %s
 migrate.migrating_failed_no_addr=移行に失敗しました。
-migrate.migrating_git=Gitデータ移行中
-migrate.migrating_topics=トピック移行中
-migrate.migrating_milestones=マイルストーン移行中
-migrate.migrating_labels=ラベル移行中
-migrate.migrating_releases=リリース移行中
-migrate.migrating_issues=イシュー移行中
-migrate.migrating_pulls=プルリクエスト移行中
-migrate.cancel_migrating_title=移行のキャンセル
-migrate.cancel_migrating_confirm=この移行をキャンセルしますか？
-
 mirror_from=ミラー元
 forked_from=フォーク元
 generated_from=generated from
@@ -2624,9 +2606,7 @@ settings.wiki_globally_editable = 誰でもWikiを編集できる様にする
 settings.confirmation_string = 確認
 settings.wiki_rename_branch_main_notices_1 = この操作は 取り消し<strong>できません</strong> 。
 stars = スター
-n_tag_few = %s のタグ
 settings.graphql_url = GraphQL URL
-n_branch_one = %s のブランチ
 settings.units.units = 機能設定
 settings.wiki_rename_branch_main_notices_2 = これにより、%s のリポジトリ wiki の内部ブランチの名前が永久に変更されます。既存のチェックアウトを更新する必要があります。
 settings.sourcehut_builds.access_token_helper = JOBS:RW 権限を持つアクセス トークン。meta.sr.ht で <a target="_blank" rel="noopener noreferrer" href="%s">builds.sr.ht トークン</a> または <a target="_blank" rel="noopener noreferrer" href="%s">シークレット アクセスを持つ builds.sr.ht トークン</a> を生成します。
@@ -2638,9 +2618,6 @@ open_with_editor = %s で開く
 release.system_generated = この添付ファイルは自動的に生成されます。
 settings.archive.mirrors_unavailable = リポジトリがアーカイブされている場合、ミラーは利用できません。
 settings.rename_branch_failed_protected = 保護されたブランチのため、ブランチ %s の名前を変更できません。
-n_tag_one = %s のタグ
-n_branch_few = %s のブランチ
-n_commit_few = %s のコミット
 settings.confirm_wiki_branch_rename = Wikiブランチの名前を変更する
 settings.add_collaborator_blocked_our = リポジトリ所有者が共同作業者をブロックしているため、共同作業者を追加できません。
 settings.sourcehut_builds.visibility = ジョブの可視性
@@ -2648,7 +2625,6 @@ settings.sourcehut_builds.secrets = シークレット
 settings.ignore_stale_approvals_desc = 古いコミット (古いレビュー) に対して行われた承認を、PR の承認数にカウントしないでください。古いレビューがすでに却下されている場合は関係ありません。
 settings.enforce_on_admins_desc = リポジトリ管理者はこのルールを回避できません。
 release.hide_archive_links = 自動生成されたアーカイブを非表示にする
-n_commit_one = %s のコミット
 settings.wiki_branch_rename_success = リポジトリ wiki のブランチ名が正常に正規化されました。
 settings.add_collaborator_blocked_them = リポジトリ所有者がブロックされているため、共同作業者を追加できません。
 settings.add_webhook.invalid_path = パスには「.」や「..」や空の文字列を含めることはできません。また、スラッシュで開始または終了することはできません。
@@ -2683,8 +2659,6 @@ issues.edit.already_changed = イシューの変更を保存できません。
 no_eol.text = EOLなし
 pulls.edit.already_changed = プルリクエストの変更を保存できません。コンテンツは既に別のユーザーによって変更されているようです。変更が上書きされないように、ページを更新して再度編集してください
 pulls.cmd_instruction_merge_warning = <b>警告:</b> このリポジトリでは「手動マージの自動検出」設定が有効になっていません。後でこのプル リクエストを手動でマージ済みとしてマークする必要があります。
-n_release_one = %s リリース
-n_release_few = %s リリース
 milestones.filter_sort.name = 名前
 mirror_use_ssh.not_available = SSH認証は利用できません。
 mirror_denied_combination = 公開鍵とパスワードベースの認証を組み合わせて使用することはできません。
diff --git a/options/locale/locale_ka.ini b/options/locale/locale_ka.ini
index 8e47c125b8..f5dff16977 100644
--- a/options/locale/locale_ka.ini
+++ b/options/locale/locale_ka.ini
@@ -285,10 +285,6 @@ template.webhooks = ვებჰუკები
 template.topics = თემები
 template.avatar = ავატარი
 need_auth = ავტორიზაცია
-migrate_items_wiki = ვიკი
-migrate_items_labels = ჭდეები
-migrate_items_issues = პრობლემები
-migrate_items_releases = რელიზები
 star = ვარსკვლავი
 unstar = ვარსკვლავის მოხსნა
 fork = ფორკი
@@ -579,7 +575,6 @@ diff.vendored = გარედან შემოტანილია
 release.edit = ჩასწორება
 release.type_attachment = მიმაგრებული ფაილი
 topic.done = დასრულება
-migrate_items_milestones = მისაღწევი გეგმები
 issues.subscribe = გამოწერა
 issues.review.outdated = ვადაგადაცილებული
 activity.merged_prs_label = შერწყმულია
diff --git a/options/locale/locale_kab.ini b/options/locale/locale_kab.ini
index 605a69e2dc..795ecd2a6b 100644
--- a/options/locale/locale_kab.ini
+++ b/options/locale/locale_kab.ini
@@ -138,8 +138,6 @@ desc.sha256 = SHA256
 template.topics = Isental
 template.avatar = Avaṭar
 sync_fork.button = Mtawi
-migrate_items_wiki = Wiki
-migrate_items_labels = Tibzimin
 tags = Tibzimin
 project = Isenfaren
 packages = Ikemmusen
@@ -167,7 +165,6 @@ projects.title = Azwel
 projects.type.none = Ula yiwen
 projects.template.desc = Tamudemt
 mirror_sync = yemtawa
-migrate_items_issues = Uguren
 star = Rnu-yas itri
 branches = Tiṣeḍwa
 issues = Uguren
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index 5409c84818..7a45572463 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -387,7 +387,7 @@ allow_password_change=사용자에게 비밀번호 변경을 요청 (권장됨)
 reset_password_mail_sent_prompt=확인 메일이 <b>%s</b>로 전송되었습니다. 받은 편지함으로 도착한 메일을 %s 안에 확인해서 비밀번호 찾기 절차를 완료하십시오.
 active_your_account=계정 활성화
 account_activated=계정이 활성화 되었습니다
-prohibit_login =
+prohibit_login = 
 resent_limit_prompt=활성화를 위한 이메일을 이미 전송했습니다. 3분 내로 이메일을 받지 못한 경우 재시도해주세요.
 has_unconfirmed_mail=안녕하세요 %s, 이메일 주소(<b>%s</b>)가 확인되지 않았습니다. 확인 메일을 받으시지 못하겼거나 새로운 확인 메일이 필요하다면, 아래 버튼을 클릭해 재발송하실 수 있습니다.
 resend_mail=여기를 눌러 확인 메일 재전송
@@ -752,11 +752,6 @@ template.avatar=아바타
 
 
 
-migrate_items_wiki=위키
-migrate_items_milestones=마일스톤
-migrate_items_issues=이슈
-migrate_items_pullrequests=풀 리퀘스트
-migrate_items_releases=릴리즈
 migrate_repo=저장소 마이그레이션
 migrate.clone_address=URL로 부터 마이그레이트 / 클론
 migrate.clone_local_path=또는 로컬 서버의 경로
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index 4ffc1d37a7..6531335974 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -1155,14 +1155,6 @@ migrate_options_lfs_endpoint.label=LFS galapunkts
 migrate_options_lfs_endpoint.description=Pārcelšana mēģinās izmantot attālo Git, lai <a target="_blank" rel="noopener noreferrer" href="%s">noteiktu LFS serveri</a>. Var arī norādīt pielāgotu galapunktu, ja glabātavas LFS dati tiek glabāti kaut kur citur.
 migrate_options_lfs_endpoint.description.local=Iespējams norādīt arī servera ceļu.
 migrate_options_lfs_endpoint.placeholder=Ja nav norādīts, galamērķis tiks atvasināts no klonēšanas URL
-migrate_items=Pārcelšanas vienumi
-migrate_items_wiki=Vikivietni
-migrate_items_milestones=Atskaites punktus
-migrate_items_labels=Iezīmes
-migrate_items_issues=Pieteikumi
-migrate_items_pullrequests=Izmaiņu pieprasījumus
-migrate_items_merge_requests=Iekļaušanas pieprasījumi
-migrate_items_releases=Laidienus
 migrate_repo=Pārcelt glabātavu
 migrate.clone_address=Pārcelt/klonēt no URL
 migrate.clone_address_desc=Esošas glabātavas HTTP(S) vai Git "clone" URL
@@ -1181,16 +1173,6 @@ migrate.migrating=Pārceļ no <b>%s</b> …
 migrate.migrating_failed=Pārcelšana no <b>%s</b> neizdevās.
 migrate.migrating_failed.error=Neizdevās pārcelt: %s
 migrate.migrating_failed_no_addr=Pārcelšana neizdevās.
-migrate.migrating_git=Pārceļ Git datus
-migrate.migrating_topics=Pārceļ tēmas
-migrate.migrating_milestones=Pārceļ atskaites punktus
-migrate.migrating_labels=Pārceļ iezīmes
-migrate.migrating_releases=Pārceļ laidienus
-migrate.migrating_issues=Pārnes pieteikumus
-migrate.migrating_pulls=Pārceļ izmaiņu pieprasījumus
-migrate.cancel_migrating_title=Atcelt pārcelšanu
-migrate.cancel_migrating_confirm=Vai atcelt šo pārcelšanu?
-
 mirror_from=spoguļota no
 forked_from=atzarota no
 generated_from=izveidots no
@@ -2591,14 +2573,11 @@ find_file.no_matching=Netika atrasta neviena atbilstoša datne
 error.csv.too_large=Nevar atveidot šo datni, jo tā ir pārāk liela.
 error.csv.unexpected=Nevar atveidot šo datni, jo tā satur neparedzētu rakstzīmi %d. rindas %d. slejā.
 error.csv.invalid_field_count=Nevar atveidot šo datni, jo tā satur nepareizu lauku skaitu %d. rindā.
-n_release_one = %s laidiens
-n_release_few = %s laidieni
 issues.new.assign_to_me = Piešķirt man
 admin.flags_replaced = Glabātavas karogi aizvietoti
 admin.failed_to_replace_flags = Neizdevās aizvietot glabātavas karogus
 admin.manage_flags = Pārvaldīt karogus
 admin.enabled_flags = Glabātavā iespējotie karogi:
-n_commit_one = %s iesūtījums
 editor.push_out_of_date = Aizgādājums izskatās novecojis.
 file_follow = Sekot simboliskajai saitei
 stars = Zvaigznes
@@ -2612,16 +2591,11 @@ generated = Izveidota
 commits.search_branch = Šis zars
 editor.commit_id_not_matching = Datne labošanas laikā tika izmainīta. Jāiesūta jaunā zarā, tad jāapvieno.
 object_format = Objektu veidols
-n_tag_one = %s birka
-n_tag_few = %s birkas
-n_branch_few = %s zari
-n_branch_one = %s zars
 object_format_helper = Glabātavas objektu veidols. Vēlak to nevarēs mainīt. SHA1 ir vissaderīgākais.
 commits.renamed_from = Pārdēvēts no %s
 rss.must_be_on_branch = Jāatrodas zarā, lai iegūtu RSS barotni.
 admin.update_flags = Atjaunināt karogus
 open_with_editor = Atvērt ar %s
-n_commit_few = %s iesūtījumi
 no_eol.text = Nav EOL
 size_format = %[1]s: %[2]s; %[3]s: %[4]s
 mirror_public_key = Publiskā SSH atslēga
diff --git a/options/locale/locale_ml-IN.ini b/options/locale/locale_ml-IN.ini
index f7eb04495e..e68ec7e99e 100644
--- a/options/locale/locale_ml-IN.ini
+++ b/options/locale/locale_ml-IN.ini
@@ -525,13 +525,6 @@ archive.title=ഈ കലവറ ചരിത്രരേഖാപരമായി
 form.name_reserved='%s' എന്ന കലവറയുടെ പേരു് മറ്റാവശ്യങ്ങള്‍ക്കായി നീക്കിവച്ചിരിക്കുന്നു.
 form.name_pattern_not_allowed=കലവറനാമത്തിൽ '%s' എന്ന ശ്രേണി അനുവദനീയമല്ല.
 
-migrate_items=മൈഗ്രേഷൻ ഇനങ്ങൾ
-migrate_items_wiki=വിക്കി
-migrate_items_milestones=നാഴികക്കല്ലുകള്‍
-migrate_items_labels=ലേബലുകള്‍
-migrate_items_issues=പ്രശ്നങ്ങൾ
-migrate_items_pullrequests=ലയന അഭ്യർത്ഥനകൾ
-migrate_items_releases=പ്രസിദ്ധീകരണങ്ങള്‍
 migrate_repo=കലവറ മൈഗ്രേറ്റ് ചെയ്യുക
 migrate.clone_address=URL- ൽ നിന്ന് മൈഗ്രേറ്റ് / ക്ലോൺ ചെയ്യുക
 migrate.clone_address_desc=നിലവിലുള്ള ഒരു കലവറയുടെ HTTP(S) അല്ലെങ്കിൽ ഗിറ്റു് 'ക്ലോൺ' URL
diff --git a/options/locale/locale_nb_NO.ini b/options/locale/locale_nb_NO.ini
index 692a70e350..268302b1e7 100644
--- a/options/locale/locale_nb_NO.ini
+++ b/options/locale/locale_nb_NO.ini
@@ -454,7 +454,6 @@ relevant_repositories_tooltip = Depoter som er en forgrening eller har ingen tem
 relevant_repositories = Kun relevante depoter er vist, <a href="%s">vis ufiltrerte resultater</a>.
 
 [repo]
-migrate_items_releases = Utgivelser
 releases = Utgivelser
 n_release_few = %s utgivelser
 activity.title.releases_1 = %d utgivelse
diff --git a/options/locale/locale_nds.ini b/options/locale/locale_nds.ini
index 6825b38fe9..358ad5dc6a 100644
--- a/options/locale/locale_nds.ini
+++ b/options/locale/locale_nds.ini
@@ -980,11 +980,6 @@ template.one_item = Tominnst een Vörlaag-Ding mutt utköört worden
 template.invalid = Een Vörlaag-Repositorium mutt utköört worden
 migrate_options_lfs_endpoint.label = LFS-Ennpunkt
 migrate_options_lfs_endpoint.placeholder = Wenn leeg laten, word de Ennpunkt vun de Kloon-URL avleit
-migrate_items = Umtreck-Dingen
-migrate_items_wiki = Wiki
-migrate_items_milestones = Markstenen
-migrate_items_pullrequests = Haalvörslagen
-migrate_items_releases = Publizerens
 migrate_repo = Repositorium umtrecken
 migrate.clone_address = Umtrecken / Klonen vun URL
 migrate.failed = Umtreck fehlslagen: %v
@@ -992,12 +987,6 @@ migrate.migrate_items_options = Togang-Teken is nödig, um mehr Dingen umtotreck
 migrated_from = Vun <a href="%[1]s">%[2]s</a> umtrucken
 migrate.migrate = Vun %s umtrecken
 migrate.migrating = Treckt vun <b>%s</b> um …
-migrate.migrating_git = Git-Daten worden umtrucken
-migrate.migrating_topics = Themen worden umtrucken
-migrate.migrating_labels = Vermarkens worden umtrucken
-migrate.migrating_releases = Publizerens worden umtrucken
-migrate.migrating_issues = Gefallens worden umtrucken
-migrate.cancel_migrating_title = Umtreck ofbreken
 mirror_from = Spegel vun
 forked_from = gabelt vun
 fork_from_self = Du kannst dien eegen Repositorium nich gabeln.
@@ -1027,7 +1016,6 @@ mirror_password_help = Änner de Brukernaam, um een sekert Passwoord to lösken.
 author_search_tooltip = Wiest bit to 30 Brukers
 transfer.reject_desc = Överdragen to »%s« ofbreken
 migrate_options_lfs = LFS-Dateien umtrecken
-migrate_items_labels = Vermarkens
 migrate.clone_address_desc = De HTTP(S) of Git »clone« URL vun eenem bestahn Repositorium
 migrate.invalid_local_path = De stedenwies Padd is ungültig. ’t gifft dat nich of dat is keen Verteeknis.
 fork_guest_user = Mell di an, um deeses Repositorium to gabeln.
@@ -1050,13 +1038,11 @@ archive.title_date = Deeses Repositorium is am %s archiveert worden. Du kannst d
 form.reach_limit_of_creation_1 = De Eegner is al bi de Grenz vun %d Repositorium.
 form.name_reserved = De Repositoriums-Naam »%s« is vörbehollen.
 form.string_too_long = De angeven Text is langer as %d Bookstavens.
-migrate_items_issues = Gefallens
 template.items = Vörlaag-Dingen
 template.git_hooks_tooltip = Du kannst jüüst keene Git-Hakens bewarken of lösken, nadeem se hentoföögt sünd. Köör dat blots ut, wenn du de Vörlaag-Repositorium vertraust.
 form.reach_limit_of_creation_n = De Eegner is al bi de Grenz vun %d Repositoriums.
 migrate_options_mirror_helper = Deeses Repositorium word een Spegel wesen
 migrate_options_lfs_endpoint.description.local = Een stedenwies Server-Padd word ok unnerstütt.
-migrate_items_merge_requests = Tosamenföhren-Vörslagen
 migrate.permission_denied = Du düürst keene stedenwies Repositoriums importeren.
 archive.title = Deeses Repositorium is archiveert. Du kannst de Dateien ankieken un ’t klonen, aver du kannst sienen Tostand nich ännern, also nix schuven un keene nejen Gefallens, Haalvörslagen of Kommentaren maken.
 need_auth = Anmellen
@@ -1064,15 +1050,12 @@ migrate_options = Umtreck-Instellens
 migrate.clone_local_path = of een stedenwies Server-Padd
 migrate.migrating_failed.error = Umtrecken fehlslagen: %s
 migrate.migrating_failed_no_addr = Umtreck fehlslagen.
-migrate.migrating_pulls = Haalvörslagen worden umtrucken
 empty_message = Deeses Repositorium hett noch keenen Inholl.
 migrate.invalid_lfs_endpoint = De LFS-Ennpunkt is nich gültig.
 migrated_from_fake = Vun %[1]s umtrucken
 generated_from = maakt vun
 migrate.migrating_failed = Umtrecken un <b>%s</b> fehlslagen.
-migrate.migrating_milestones = Markstenen worden umtrucken
 create_new_repo_command = Een nejes Repositorium in de Oorderreeg maken
-migrate.cancel_migrating_confirm = Willst du deesen Umtreck ofbreken?
 subscribe.pull.guest.tooltip = Mell di an, um deesen Haalvörslag to abonneren.
 more_operations = Mehr doon
 find_tag = Mark finnen
@@ -1088,13 +1071,6 @@ milestones = Markstenen
 org_labels_desc_manage = Verwalten
 commits = Kommitterens
 commit = Kommitteren
-n_commit_one = %s Kommitteren
-n_commit_few = %s Kommitterens
-n_branch_one = %s Twieg
-n_tag_one = %s Mark
-n_tag_few = %s Markens
-n_release_one = %s Publizeren
-n_release_few = %s Publizerens
 file.title = %s am %s
 file_history = Histoorje
 file_view_source = Quelltext wiesen
@@ -1259,7 +1235,6 @@ symbolic_link = Symbolisk Verwies
 editor.cannot_edit_non_text_files = Binäärdateien könen nich in de Internett-Schnittstee bewarkt worden.
 editor.must_be_on_a_branch = Du muttst up eenem Twieg wesen, um Ännerns an deeser Datei to maken of vörtoslagen.
 editor.fork_before_edit = Du muttst deeses Repositorium gabeln, um Ännerns an deeser Datei to maken of vörtoslagen.
-n_branch_few = %s Twiegen
 released_this = hett dat publizeert
 escape_control_characters = Utkielen
 editor.edit_this_file = Datei bewarken
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index 5ab06e61d0..c8e8428628 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -1132,14 +1132,6 @@ migrate_options_lfs=Migreer LFS bestanden
 migrate_options_lfs_endpoint.label=LFS eindpunt
 migrate_options_lfs_endpoint.description=Migratie zal proberen om je Git remote te gebruiken om <a target="_blank" rel="noopener noreferrer" href="%s">de LFS-server</a> te bepalen. Je kan ook een aangepast eindpunt opgeven als de LFS-gegevens ergens anders zijn opgeslagen.
 migrate_options_lfs_endpoint.description.local=Een lokaal serverpad wordt ook ondersteund.
-migrate_items=Migratie items
-migrate_items_wiki=Wiki
-migrate_items_milestones=Mijlpalen
-migrate_items_labels=Labels
-migrate_items_issues=Issues
-migrate_items_pullrequests=Pull requests
-migrate_items_merge_requests=Samenvoeg verzoeken
-migrate_items_releases=Releases
 migrate_repo=Migreer repository
 migrate.clone_address=Migreer / kloon van URL
 migrate.clone_address_desc=De HTTP(S) of Git "kloon" URL van een bestaande repository
@@ -1156,14 +1148,6 @@ migrate.migrate=Migreer van %s
 migrate.migrating=Migreren van <b>%s</b>…
 migrate.migrating_failed=Migreren van <b>%s</b> is mislukt.
 migrate.migrating_failed_no_addr=Migratie is mislukt.
-migrate.migrating_git=Git gegevens migreren
-migrate.migrating_topics=Onderwerpen migreren
-migrate.migrating_milestones=Mijlpalen migreren
-migrate.migrating_labels=Labels migreren
-migrate.migrating_releases=Releases migreren
-migrate.migrating_issues=Issues migreren
-migrate.migrating_pulls=Pull requests migreren
-
 mirror_from=kopie van
 forked_from=geforked van
 generated_from=gegenereerd van
@@ -2355,8 +2339,6 @@ form.name_reserved = De repository naam "%s" is gereserveerd.
 form.name_pattern_not_allowed = Het patroon "%s" is niet toegestaan in een repository naam.
 migrate.invalid_local_path = Het lokale pad is niet geldig. Het bestaat niet of is geen folder.
 migrate.migrating_failed.error = Fout bij migreren: %s
-migrate.cancel_migrating_title = Annuleer migratie
-migrate.cancel_migrating_confirm = Wil je deze migratie annuleren?
 more_operations = Meer operaties
 cite_this_repo = Citeer deze repository
 actions = Acties
@@ -2643,12 +2625,6 @@ editor.push_out_of_date = De push lijkt verouderd.
 editor.commit_id_not_matching = Het bestand is gewijzigd terwijl je het aan het bewerken was. Committeer naar een nieuwe branch en voeg dan samen.
 settings.rename_branch_failed_protected = Kan branch %s niet hernoemen omdat het een beschermde branch is.
 stars = Sterren
-n_commit_few = %s commits
-n_branch_one = %s branch
-n_branch_few = %s branches
-n_tag_one = %s tag
-n_tag_few = %s tags
-n_commit_one = %s commit
 issues.num_participants_one = %d deelnemer
 size_format = %[1]s: %[2]s, %[3]s: %[4]s
 settings.enforce_on_admins = Handhaaf deze regel voor repository admins
@@ -2675,8 +2651,6 @@ wiki.search = Zoek wiki
 wiki.no_search_results = Geen resultaten
 settings.sourcehut_builds.visibility = Job zichtbaarheid
 settings.sourcehut_builds.manifest_path = Bouw manifestpad
-n_release_one = %s release
-n_release_few = %s releases
 issues.author.tooltip.issue = Deze gebruiker is de auteur van deze issue.
 issues.author.tooltip.pr = Deze gebruiker is de auteur van deze pull request.
 settings.matrix.room_id_helper = De kamer-ID kan worden opgehaald uit de Element webclient > Kamerinstellingen > Geavanceerd > Interne ruimte ID. Voorbeeld: %s.
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index ed49655922..708ab6b6ef 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -1122,14 +1122,6 @@ migrate_options_lfs=Migruj pliki LFS
 migrate_options_lfs_endpoint.label=Punkt końcowy LFS
 migrate_options_lfs_endpoint.description=Migracja spróbuje użyć Git remote, aby <a target="_blank" rel="noopener noreferrer" href="%s">określić serwer LFS</a>. Możesz również określić niestandardowy punkt końcowy, jeśli dane repozytorium LFS są przechowywane gdzieś indziej.
 migrate_options_lfs_endpoint.description.local=Obsługiwana jest również lokalna ścieżka serwera.
-migrate_items=Elementy migracji
-migrate_items_wiki=Wiki
-migrate_items_milestones=Kamienie milowe
-migrate_items_labels=Etykiety
-migrate_items_issues=Zgłoszenia
-migrate_items_pullrequests=Pull requesty
-migrate_items_merge_requests=Requesty scalające
-migrate_items_releases=Wydania
 migrate_repo=Migruj repozytorium
 migrate.clone_address=Migruj / Klonuj z adresu URL
 migrate.clone_address_desc=Adres HTTP(S) lub "klona" Gita istniejącego repozytorium
@@ -1145,14 +1137,6 @@ migrate.migrate=Migracja z %s
 migrate.migrating=Migrowanie z <b>%s</b>…
 migrate.migrating_failed=Migrowanie z <b>%s</b> nie powiodło się.
 migrate.migrating_failed_no_addr=Migracja nie powiodła się.
-migrate.migrating_git=Migracja danych Git
-migrate.migrating_topics=Migracja tematów
-migrate.migrating_milestones=Migracja kamieni milowych
-migrate.migrating_labels=Migracja etykiet
-migrate.migrating_releases=Migracja wydań
-migrate.migrating_issues=Migracja zgłoszeń
-migrate.migrating_pulls=Migracja pull requestów
-
 mirror_from=kopia lustrzana
 forked_from=sforkowany z
 generated_from=wygenerowane z
@@ -2233,8 +2217,6 @@ summary_card_alt = Karta podsumowania repozytorium %s
 tree_path_not_found.tag = Ścieżka %[1]s nie istnieje w tagu %[2]s
 archive.pull.noreview = To repozytorium jest zarchiwizowane. Nie możesz recenzować pull requestów.
 migrate.migrating_failed.error = Nie udało się migrować: %s
-migrate.cancel_migrating_title = Anuluj migrację
-migrate.cancel_migrating_confirm = Czy chcesz anulować tę migrację?
 migrate.github_token_desc = Możesz wprowadzić tutaj jeden lub więcej tokenów oddzielonych przecinkiem by przeprowadzić migrację szybciej w związku z ograniczeniem GitHub API. OSTRZEŻENIE: Nadużywanie tej funkcjonalności może naruszyć politykę dostawcy usług i doprowadzić do zablokowania konta.
 migrate.invalid_local_path = Ścieżka lokalna jest niepoprawna. Nie istnieje lub nie jest katalogiem.
 issues.review.add_remove_review_requests = poprosił o recenzje od %[1]s i cofnął prośby o recenzje od %[2]s %[3]s
@@ -2370,7 +2352,6 @@ settings.packagist_package_url = URL pakietu Packagist
 settings.update_protect_branch_success = Ochrona gałęzi dla reguły "%s" została zaktualizowana.
 topic.format_prompt = Tematy muszą zaczynać się od litery lub liczby, mogą zawierać myślniki ("-") i kropki ("."), mogą być długie do 35 znaków. Litery muszą być małe.
 find_file.go_to_file = Szukaj pliku
-n_branch_few = %s gałęzie
 issues.dismiss_review = Odrzuć recenzję
 settings.trust_model.collaboratorcommitter = Współpracownik+Commitujący
 release.type_attachment = Załącznik
@@ -2430,9 +2411,6 @@ activity.navbar.recent_commits = Ostatnie commity
 signing.wont_sign.headsigned = To scalenie nie będzie podpisane ponieważ head commit nie jest podpisany.
 pulls.has_changed_since_last_review = Zmiany od twojej ostatniej recenzji
 find_file.no_matching = Nie znaleziono pasujących plików
-n_tag_one = %s tag
-n_tag_few = %s tagi
-n_release_few = %s wydań
 no_eol.text = Brak znaku końca linii
 editor.add_file = Dodaj plik
 pulls.has_merged = Niepowodzenie: Pull request został scalony, nie możesz scalić ponownie lub zmienić gałęzi docelowej.
@@ -2459,11 +2437,7 @@ pulls.blocked_by_official_review_requests = Ten pull request jest zablokowany po
 pulls.wrong_commit_id = Identyfikator commitu musi być identyfikatorem commitu na gałęzi docelowej
 pulls.rebase_merge_commit_pull_request = Zmiana bazy, potem utwórz commit scalający
 branch.tag_collision = Gałąź "%s" nie może zostać utworzona, ponieważ tag z tą samą nazwą już istnieje w tym repozytorium.
-n_commit_one = %s commit
-n_commit_few = %s commity
 file_follow = Podążaj za dowiązaniem
-n_branch_one = %s gałąź
-n_release_one = %s wydanie
 editor.new_branch_name = Nazwij nową gałąź dla tego commita
 issues.action_check = Zaznacz/Odznacz
 issues.close = Zamknij zgłoszenie
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index c1e3cac697..ad3ebebf55 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -1146,14 +1146,6 @@ migrate_options_lfs_endpoint.label=Destino LFS
 migrate_options_lfs_endpoint.description=A migração tentará usar seu controle remoto Git para <a target="_blank" rel="noopener noreferrer" href="%s">determinar o servidor LFS</a>. Você também pode especificar um destino personalizado se os dados do repositório LFS forem armazenados em outro lugar.
 migrate_options_lfs_endpoint.description.local=Um caminho de servidor local também é suportado.
 migrate_options_lfs_endpoint.placeholder=Se for deixado em branco, o endpoint será derivado do URL do clone
-migrate_items=Itens da migração
-migrate_items_wiki=Wiki
-migrate_items_milestones=Marcos
-migrate_items_labels=Etiquetas
-migrate_items_issues=Issues
-migrate_items_pullrequests=Propostas de revisão
-migrate_items_merge_requests=Pedidos de merge
-migrate_items_releases=Versões
 migrate_repo=Migrar repositório
 migrate.clone_address=Migrar / Clonar de URL
 migrate.clone_address_desc=URL HTTP(S) ou comando git "clone" de um repositório existente
@@ -1172,16 +1164,6 @@ migrate.migrating=Migrando de <b>%s</b> …
 migrate.migrating_failed=Migração a partir de <b>%s</b> falhou.
 migrate.migrating_failed.error=Falha ao migrar: %s
 migrate.migrating_failed_no_addr=A migração falhou.
-migrate.migrating_git=Migrando dados Git
-migrate.migrating_topics=Migrando tópicos
-migrate.migrating_milestones=Migrando marcos
-migrate.migrating_labels=Migrando rótulos
-migrate.migrating_releases=Migrando releases
-migrate.migrating_issues=Migrando issues
-migrate.migrating_pulls=Migrando propostas de revisão
-migrate.cancel_migrating_title=Cancelar migração
-migrate.cancel_migrating_confirm=Você quer cancelar essa migração?
-
 mirror_from=espelhamento de
 forked_from=feito fork de
 generated_from=gerado a partir de
@@ -2580,10 +2562,7 @@ settings.units.units = Unidades
 vendored = Externo
 issues.num_participants_one = %d participante
 issues.archived_label_description = (arquivada) %s
-n_branch_few = %s ramos
 stars = Favoritos
-n_commit_one = %s commit
-n_tag_few = %s etiquetas
 settings.federation_settings = Configurações de federação
 settings.confirm_wiki_branch_rename = Renomar o ramo da wiki
 activity.navbar.recent_commits = Commits recentes
@@ -2595,15 +2574,10 @@ contributors.contribution_type.additions = Adições
 contributors.contribution_type.deletions = Remoções
 settings.transfer.button = Transferir titularidade
 settings.transfer.modal.title = Transferir titularidade
-n_commit_few = %s commits
-n_branch_one = %s ramo
-n_tag_one = %s etiqueta
 file_follow = Seguir ligação simbólica
 open_with_editor = Abrir com %s
 wiki.search = Pesquisar na wiki
 wiki.no_search_results = Nenhum resultado
-n_release_one = %s versão
-n_release_few = %s versões
 form.string_too_long = O texto fornecido possui mais que %d caracteres.
 branch.branch_name_conflict = O nome do ramo "%s" está em conflito com o ramo "%s" já existente.
 settings.graphql_url = URL do GraphQL
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 564293ce73..5884a9e65a 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -1158,14 +1158,6 @@ migrate_options_lfs_endpoint.label=Destino LFS
 migrate_options_lfs_endpoint.description=A migração irá tentar usar o seu controlo remoto do Git para <a target="_blank" rel="noopener noreferrer" href="%s">determinar o servidor LFS</a>. Também pode especificar um destino personalizado se os dados do repositório LFS forem armazenados noutro lugar.
 migrate_options_lfs_endpoint.description.local=Uma localização de servidor local também é suportada.
 migrate_options_lfs_endpoint.placeholder=Se for deixado em branco, o destino será determinado a partir do URL do clone
-migrate_items=Itens da migração
-migrate_items_wiki=Wiki
-migrate_items_milestones=Etapas
-migrate_items_labels=Rótulos
-migrate_items_issues=Questões
-migrate_items_pullrequests=Pedidos de integração
-migrate_items_merge_requests=Pedidos de integração
-migrate_items_releases=Lançamentos
 migrate_repo=Migrar o repositório
 migrate.clone_address=Migrar / clonar a partir do URL
 migrate.clone_address_desc=O URL de clonagem HTTP(S) ou Git de um repositório existente
@@ -1184,16 +1176,6 @@ migrate.migrating=Migrando a partir de <b>%s</b> …
 migrate.migrating_failed=A migração de <b>%s</b> falhou.
 migrate.migrating_failed.error=Falhou a migração: %s
 migrate.migrating_failed_no_addr=A migração falhou.
-migrate.migrating_git=Migrando dados Git
-migrate.migrating_topics=Migrando tópicos
-migrate.migrating_milestones=Migrando etapas
-migrate.migrating_labels=Migrando rótulos
-migrate.migrating_releases=Migrando lançamentos
-migrate.migrating_issues=Migrando questões
-migrate.migrating_pulls=Migrando pedidos de integração
-migrate.cancel_migrating_title=Cancelar migração
-migrate.cancel_migrating_confirm=Quer cancelar esta migração?
-
 mirror_from=réplica de
 forked_from=derivado de
 generated_from=gerado a partir de
@@ -2623,12 +2605,6 @@ open_with_editor = Abrir com %s
 admin.manage_flags = Gerir marcadores
 file_follow = Seguir ligação simbólica
 rss.must_be_on_branch = Tem que estar num ramo que tenha uma fonte RSS.
-n_commit_few = %s cometimentos
-n_branch_one = %s ramo
-n_branch_few = %s ramos
-n_tag_one = %s etiqueta
-n_tag_few = %s etiquetas
-n_commit_one = %s cometimento
 editor.commit_id_not_matching = O ficheiro foi modificado enquanto o estava a editar. Cometa para um ramo novo e depois integre.
 commits.search_branch = Este ramo
 pulls.reopen_failed.base_branch = O pedido de integração não pode ser reaberto porque o ramo base já não existe.
@@ -2689,8 +2665,6 @@ subscribe.pull.guest.tooltip = Inicie sessão para subscrever este pedido de int
 comments.edit.already_changed = Não foi possível guardar as modificações do comentário. O conteúdo parece ter sido modificado por outro utilizador. Refresque a página e tente editar novamente para evitar sobrescrever as modificações que fizeram
 settings.federation_following_repos = URLs de repositórios que estão a ser seguidos. Separe-os com ";" sem espaços em branco.
 settings.federation_not_enabled = A federação não está a habilitada na sua instância.
-n_release_one = %s lançamento
-n_release_few = %s lançamentos
 issues.author.tooltip.issue = Este/a utilizador/a é o/a autor/a desta questão.
 issues.author.tooltip.pr = Este/a utilizador/a é o/a autor/a deste pedido de integração.
 activity.commit = Cometimentos feitos
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 8a80a02284..3d410c87f8 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -1143,14 +1143,6 @@ migrate_options_lfs=Перенос LFS файлов
 migrate_options_lfs_endpoint.label=Конечная точка LFS
 migrate_options_lfs_endpoint.description=При переносе будет произведена попытка <a target="_blank" rel="noopener noreferrer" href="%s">определить сервер LFS</a> автоматически через Git. Если данные LFS хранятся в другом месте, укажите конечную точку самостоятельно.
 migrate_options_lfs_endpoint.description.local=Также поддерживается путь на локальном сервере.
-migrate_items=Переносимые элементы
-migrate_items_wiki=Вики
-migrate_items_milestones=Этапы
-migrate_items_labels=Метки
-migrate_items_issues=Задачи
-migrate_items_pullrequests=Запросы на слияние
-migrate_items_merge_requests=Запросы на слияние
-migrate_items_releases=Выпуски
 migrate_repo=Перенос репозитория
 migrate.clone_address=Перенос / Клонирование по URL
 migrate.clone_address_desc=HTTP/HTTPS или Git адрес существующего репозитория
@@ -1169,16 +1161,6 @@ migrate.migrating=Перенос из <b>%s</b>…
 migrate.migrating_failed=Перенос из <b>%s</b> не удался.
 migrate.migrating_failed.error=Не удалось перенести: %s
 migrate.migrating_failed_no_addr=Перенос не удался.
-migrate.migrating_git=Перенос данных Git
-migrate.migrating_topics=Перенос тем
-migrate.migrating_milestones=Перенос этапов
-migrate.migrating_labels=Перенос меток
-migrate.migrating_releases=Перенос выпусков
-migrate.migrating_issues=Перенос задач
-migrate.migrating_pulls=Перенос запросов на слияние
-migrate.cancel_migrating_title=Отменить перенос
-migrate.cancel_migrating_confirm=Вы хотите отменить перенос?
-
 mirror_from=зеркало из
 forked_from=ответвлён от
 generated_from=создано из
@@ -2643,12 +2625,6 @@ wiki.original_git_entry_tooltip = Перейти по настоящему пу
 open_with_editor = Открыть в %s
 commits.search_branch = В этой ветви
 stars = Добавившие в избранное
-n_tag_one = %s тег
-n_branch_few = %s ветвей
-n_commit_few = %s коммитов
-n_commit_one = %s коммит
-n_tag_few = %s тегов
-n_branch_one = %s ветвь
 pulls.ready_for_review = Готово к рецензии?
 editor.commit_id_not_matching = Файл был изменён кем-то другим, пока вы его редактировали. Сохраните изменения в новую ветвь и выполните слияние.
 editor.push_out_of_date = Похоже, отправка устарела.
@@ -2686,8 +2662,6 @@ comments.edit.already_changed = Не удалось отредактироват
 settings.federation_settings = Настройки федерации
 settings.federation_apapiurl = Федеративная ссылка на этот репозиторий. Скопируйте и вставьте её в настройки федерации другого репозитория как ссылку отслеживаемого репозитория.
 settings.federation_following_repos = Ссылки на отслеживаемые репозитории. Разделяются с помощью «;», без пробелов.
-n_release_one = %s выпуск
-n_release_few = %s выпусков
 subscribe.issue.guest.tooltip = Войдите, чтобы подписаться на эту задачу.
 subscribe.pull.guest.tooltip = Войдите, чтобы подписаться на это слияние.
 issues.author.tooltip.issue = Автор этой задачи.
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index df801ec30a..38bcbdbe6d 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -750,14 +750,6 @@ migrate_options_lfs=LFS ගොනු සංක්රමණය
 migrate_options_lfs_endpoint.label=LFS එන්පොයින්ට්
 migrate_options_lfs_endpoint.description=සංක්රමණය ඔබගේ Git දුරස්ථ භාවිතා කිරීමට උත්සාහ කරනු ඇත <a target="_blank" rel="noopener noreferrer" href="%s">LFS සේවාදායකය තීරණය</a>. නිධිය LFS දත්ත වෙන කොහේ හරි ගබඩා කර තිබේ නම් ඔබට අභිරුචි අන්ත ලක්ෂ්යයක් නියම කළ හැකිය.
 migrate_options_lfs_endpoint.description.local=දේශීය සේවාදායක මාර්ගයක් ද සහාය දක්වයි.
-migrate_items=සංක්රමණ අයිතම
-migrate_items_wiki=විකි
-migrate_items_milestones=සන්ධිස්ථාන
-migrate_items_labels=ලේබල
-migrate_items_issues=ගැටළු
-migrate_items_pullrequests=ඉල්ලීම් අදින්න
-migrate_items_merge_requests=සංයුක්ත කිරීමේ ඉල්ලීම්
-migrate_items_releases=නිකුතු
 migrate_repo=නිධිය සංක්රමණය කරන්න
 migrate.clone_address=URL එක සිට සංක්රමණය/පරිගණක ක්රිඩාවට සමාන
 migrate.clone_address_desc=පවතින ගබඩාවේ HTTP (S) හෝ Git 'පරිගණක ක්රිඩාවට සමාන' URL
@@ -773,14 +765,6 @@ migrate.migrate=%sසිට සංක්රමණය
 migrate.migrating=<b>%s</b> සිට සංක්රමණය වීම...
 migrate.migrating_failed=<b>%s</b> සිට සංක්රමණය වීම අසාර්ථක විය.
 migrate.migrating_failed_no_addr=සංක්රමණය අසාර්ථකයි.
-migrate.migrating_git=Git දත්ත සංක්රමණය
-migrate.migrating_topics=සංක්රමණය මාතෘකා
-migrate.migrating_milestones=සංක්රමික සන්ධිස්ථාන
-migrate.migrating_labels=සංක්රමණය ලේබල
-migrate.migrating_releases=සංක්රමණ නිකුතු
-migrate.migrating_issues=සංක්රමණ ගැටළු
-migrate.migrating_pulls=අදින්න ඉල්ලීම් සංක්රමණය
-
 mirror_from=කැඩපත
 forked_from=සිට දෙබලක
 generated_from=වෙතින් ජනනය කරන ලද
diff --git a/options/locale/locale_sk-SK.ini b/options/locale/locale_sk-SK.ini
index e2be661dcf..cab953088e 100644
--- a/options/locale/locale_sk-SK.ini
+++ b/options/locale/locale_sk-SK.ini
@@ -1004,11 +1004,6 @@ migrate_options_lfs=Migrovať LFS súbory
 migrate_options_lfs_endpoint.label=Koncový bod LFS
 migrate_options_lfs_endpoint.description=Migrácia sa pokúsi použiť váš vzdialený Git na <a target="_blank" rel="noopener noreferrer" href="%s">určenie servera LFS</a>. Môžete tiež zadať vlastný koncový bod, ak sú dáta repozitára LFS uložené niekde inde.
 migrate_options_lfs_endpoint.description.local=Podporovaná je aj cesta k lokálnemu serveru.
-migrate_items=Položky migrácie
-migrate_items_wiki=Wiki
-migrate_items_milestones=Míľniky
-migrate_items_labels=Štítky
-migrate_items_pullrequests=Pull requesty
 migrate_repo=Migrovať repozitár
 migrate.clone_address_desc=HTTP(S) alebo Git 'clone' URL pre klonovanie existujúceho repozitára
 migrate.github_token_desc=Sem môžete vložiť jeden alebo viac tokenov oddelených čiarkami, aby sa migrácia zrýchlila z dôvodu limitu rýchlosti rozhrania GitHub API. UPOZORNENIE: Zneužitie tejto funkcie môže porušiť zásady poskytovateľa služieb a viesť k zablokovaniu účtu.
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index b619a6904a..22213cebf4 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -1093,14 +1093,6 @@ template.one_item=Du måste välja minst ett mallobjekt
 template.invalid=Du måste välja ett mallkodförråd
 
 migrate_options=Migreringsalternativ
-migrate_items=Migrationsobjekt
-migrate_items_wiki=Wiki
-migrate_items_milestones=Milstolpar
-migrate_items_labels=Etiketter
-migrate_items_issues=Ärenden
-migrate_items_pullrequests=Ändringsförfrågningar
-migrate_items_merge_requests=Ändringsförfrågningar
-migrate_items_releases=Utgåvor
 migrate_repo=Migrera kodförråd
 migrate.clone_address=Migrera eller klona från URL
 migrate.clone_address_desc=HTTP(S)- eller Git "clone"-länk för ett befintligt kodförråd
@@ -1113,8 +1105,6 @@ migrated_from_fake=Migrerad från %[1]s
 migrate.migrate=Migrera från %s
 migrate.migrating=Migrerar från <b>%s</b> …
 migrate.migrating_failed=Migrering från <b>%s</b> misslyckades.
-migrate.migrating_issues=Migrerar ärenden
-
 mirror_from=spegling av
 forked_from=avgrenad från
 generated_from=skapad från
@@ -2098,28 +2088,12 @@ migrate.invalid_local_path = Den lokala sökvägen är ogiltig. Den finns inte e
 migrate.invalid_lfs_endpoint = LFS-slutpunkten är inte giltig.
 migrate.migrating_failed.error = Misslyckades med att migrera: %s
 migrate.migrating_failed_no_addr = Migreringen misslyckades.
-migrate.migrating_git = Migrerar Git-data
-migrate.migrating_topics = Migrerar ämnen
-migrate.migrating_milestones = Migrerar milstolpar
-migrate.migrating_labels = Migrerar etiketter
-migrate.migrating_releases = Migrerar utgåvor
-migrate.migrating_pulls = Migrerar ändringsförfrågningar
-migrate.cancel_migrating_title = Avbryt migrering
-migrate.cancel_migrating_confirm = Vill du avbryta denna migrering?
 subscribe.issue.guest.tooltip = Logga in för att prenumerera på detta ärende.
 subscribe.pull.guest.tooltip = Logga in för att prenumerera på denna ändringsförfrågan.
 more_operations = Fler åtgärder
 cite_this_repo = Citera detta kodförråd
 broken_message = Git-datan som ligger till grund för detta kodförråd kan inte läsas. Kontakta administratören för denna instans eller ta bort detta kodförråd.
 actions = Actions
-n_commit_one = %s incheckning
-n_commit_few = %s incheckningar
-n_branch_one = %s gren
-n_branch_few = %s grenar
-n_tag_one = %s tagg
-n_tag_few = %s taggar
-n_release_one = %s utgåva
-n_release_few = %s utgåvor
 released_this = publicerade detta
 file.title = %s vid %s
 file_follow = Följ symlänk
diff --git a/options/locale/locale_ta.ini b/options/locale/locale_ta.ini
index a4874f6c48..74fef432c4 100644
--- a/options/locale/locale_ta.ini
+++ b/options/locale/locale_ta.ini
@@ -1124,14 +1124,6 @@ migrate_options_lfs_endpoint.label = LFS இறுதிப்புள்ளி
 migrate_options_lfs_endpoint.description = <a target="_blank" rel="noopener noreferrer" href="%s">LFS சர்வரைத் தீர்மானிக்க</a> உங்கள் Git ரிமோட்டைப் பயன்படுத்துவதற்கு இடம்பெயர்வு முயற்சிக்கும். களஞ்சியமான LFS தரவு வேறு எங்காவது சேமிக்கப்பட்டிருந்தால் தனிப்பயன் இறுதிப்புள்ளியையும் நீங்கள் குறிப்பிடலாம்.
 migrate_options_lfs_endpoint.description.local = உள்ளக சர்வர் பாதையும் ஆதரிக்கப்படுகிறது.
 migrate_options_lfs_endpoint.placeholder = காலியாக விடப்பட்டால், இறுதிப்புள்ளியானது நகலி முகவரி இலிருந்து பெறப்படும்
-migrate_items = இடம்பெயர்வு பொருட்கள்
-migrate_items_wiki = விக்கி
-migrate_items_milestones = மைல்கற்கள்
-migrate_items_labels = சிட்டைகள்
-migrate_items_issues = சிக்கல்கள்
-migrate_items_pullrequests = கோரிக்கைகளை இழுக்கவும்
-migrate_items_merge_requests = கோரிக்கைகளை ஒன்றிணைக்கவும்
-migrate_items_releases = வெளியிடுகிறது
 migrate_repo = களஞ்சியத்தை நகர்த்தவும்
 migrate.repo_desc_helper = ஏற்கனவே உள்ள விளக்கத்தை இறக்குமதி செய்ய காலியாக விடவும்
 migrate.clone_address = முகவரி இலிருந்து நகர்த்தவும் / நகலி செய்யவும்
@@ -1151,15 +1143,6 @@ migrate.migrating = <b>%s</b> இலிருந்து நகர்கிற
 migrate.migrating_failed = <b>%s</b> இலிருந்து நகர்த்துவது தோல்வியடைந்தது.
 migrate.migrating_failed.error = நகர்த்துவதில் தோல்வி: %s
 migrate.migrating_failed_no_addr = இடம்பெயர்வு தோல்வியடைந்தது.
-migrate.migrating_git = Git தரவை நகர்த்துகிறது
-migrate.migrating_topics = இடம்பெயர்ந்த தலைப்புகள்
-migrate.migrating_milestones = இடம்பெயரும் மைல்கற்கள்
-migrate.migrating_labels = இடம்பெயர்தல் லேபிள்கள்
-migrate.migrating_releases = இடம்பெயர்ந்த வெளியீடுகள்
-migrate.migrating_issues = இடம்பெயர்வு பிரச்சினைகள்
-migrate.migrating_pulls = இழுக்கும் கோரிக்கைகளை நகர்த்துகிறது
-migrate.cancel_migrating_title = இடம்பெயர்வை நீக்கறல்
-migrate.cancel_migrating_confirm = இந்த இடம்பெயர்வை ரத்துசெய்ய விரும்புகிறீர்களா?
 mirror_from = கண்ணாடி
 forked_from = இருந்து முட்கரண்டி
 generated_from = இருந்து உருவாக்கப்பட்டது
@@ -1200,14 +1183,6 @@ labels = சிட்டைகள்
 milestones = மைல்கற்கள்
 org_labels_desc = இந்த நிறுவனத்தின் கீழ் உள்ள <strong>அனைத்து களஞ்சியங்களுடனும்</strong> பயன்படுத்தக்கூடிய நிறுவன நிலை லேபிள்கள்
 org_labels_desc_manage = நிர்வகிக்க
-n_commit_one = %s உறுதி
-n_commit_few = %s உறுதியளிக்கிறது
-n_branch_one = %s கிளை
-n_branch_few = %s கிளைகள்
-n_tag_one = %s குறிச்சொல்
-n_tag_few = %s குறிச்சொற்கள்
-n_release_one = %s வெளியீடு
-n_release_few = %s வெளியீடுகள்
 released_this = இதை வெளியிட்டது
 file.title = %s இல் %s
 file_raw = மூல
diff --git a/options/locale/locale_th.ini b/options/locale/locale_th.ini
index de5c22ccc5..d873f72e47 100644
--- a/options/locale/locale_th.ini
+++ b/options/locale/locale_th.ini
@@ -1124,14 +1124,6 @@ migrate_options_lfs_endpoint.label = ปลายทาง LFS
 migrate_options_lfs_endpoint.description = การย้ายจะพยายามใช้ Git remote ของคุณเพื่อ <a target="_blank" rel="noopener noreferrer" href="%s">กำหนดเซิร์ฟเวอร์ LFS</a> คุณยังสามารถระบุปลายทางที่กำหนดเองได้หากข้อมูล LFS ของที่เก็บถูกเก็บไว้ที่อื่น
 migrate_options_lfs_endpoint.description.local = รองรับพาธเซิร์ฟเวอร์โลคัลด้วย
 migrate_options_lfs_endpoint.placeholder = หากเว้นว่างไว้ ปลายทางจะถูกสืบทอดจาก URL การโคลน
-migrate_items = รายการการย้าย
-migrate_items_wiki = วิกิ
-migrate_items_milestones = เหตุการณ์สำคัญ
-migrate_items_labels = ป้ายกำกับ
-migrate_items_issues = ปัญหา
-migrate_items_pullrequests = คำขอดึง
-migrate_items_merge_requests = คำขอผสาน
-migrate_items_releases = รีลีส
 migrate_repo = ย้ายที่เก็บ
 migrate.repo_desc_helper = เว้นว่างไว้เพื่อนำเข้าคำอธิบายที่มีอยู่
 migrate.clone_address = ย้าย / โคลนจาก URL
@@ -1151,15 +1143,6 @@ migrate.migrating = กำลังย้ายจาก <b>%s</b> …
 migrate.migrating_failed = การย้ายจาก <b>%s</b> ล้มเหลว
 migrate.migrating_failed.error = ไม่สามารถย้าย: %s
 migrate.migrating_failed_no_addr = การย้ายล้มเหลว
-migrate.migrating_git = กำลังย้ายข้อมูล Git
-migrate.migrating_topics = กำลังย้ายหัวข้อ
-migrate.migrating_milestones = กำลังย้ายเหตุการณ์สำคัญ
-migrate.migrating_labels = กำลังย้ายป้ายกำกับ
-migrate.migrating_releases = กำลังย้ายรีลีส
-migrate.migrating_issues = กำลังย้ายปัญหา
-migrate.migrating_pulls = กำลังย้ายคำขอดึง
-migrate.cancel_migrating_title = ยกเลิกการย้าย
-migrate.cancel_migrating_confirm = คุณต้องการยกเลิกการย้ายนี้หรือไม่?
 mirror_from = มิเรอร์ของ
 forked_from = แยกจาก
 generated_from = สร้างจาก
@@ -1200,14 +1183,6 @@ labels = ป้ายกำกับ
 milestones = เหตุการณ์สำคัญ
 org_labels_desc = ป้ายกำกับระดับองค์กรที่สามารถใช้กับ <strong>ที่เก็บทั้งหมด</strong> ภายใต้องค์กรนี้
 org_labels_desc_manage = จัดการ
-n_commit_one = %s คอมมิต
-n_commit_few = %s คอมมิต
-n_branch_one = %s สาขา
-n_branch_few = %s สาขา
-n_tag_one = %s แท็ก
-n_tag_few = %s แท็ก
-n_release_one = %s รีลีส
-n_release_few = %s รีลีส
 released_this = ปล่อยสิ่งนี้
 file.title = %s ที่ %s
 file_raw = ดิบ
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index 1622c29942..def4980a19 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -1156,14 +1156,6 @@ migrate_options_lfs_endpoint.label=LFS uç noktası
 migrate_options_lfs_endpoint.description=Taşıma, <a target="_blank" rel="noopener noreferrer" href="%s"> LFS sunucusunu belirlemek</a> için Git uzak sunucusunu kullanmaya çalışacak. Eğer LFS veri deposu başka yerdeyse özel bir uç nokta da belirtebilirsiniz.
 migrate_options_lfs_endpoint.description.local=Yerel bir sunucu yolu da destekleniyor.
 migrate_options_lfs_endpoint.placeholder=Boş bırakılırsa, uç nokta klon URL'sinden türetilecektir
-migrate_items=Taşıma öğeleri
-migrate_items_wiki=Wiki
-migrate_items_milestones=Kilometre Taşları
-migrate_items_labels=Etiketler
-migrate_items_issues=Konular
-migrate_items_pullrequests=Birleştirme istekleri
-migrate_items_merge_requests=Birleştirme istekleri
-migrate_items_releases=Sürümler
 migrate_repo=Depoyu taşı
 migrate.clone_address=URL'den Taşı / Klonla
 migrate.clone_address_desc=Varolan bir deponun HTTP(S) veya Git 'klonlama' URL'si
@@ -1182,16 +1174,6 @@ migrate.migrating=<b>%s</b> konumundan taşınıyor ...
 migrate.migrating_failed=<b>%s</b> konumundan taşıma başarısız oldu.
 migrate.migrating_failed.error=Göç yapılamadı: %s
 migrate.migrating_failed_no_addr=Göç başarısız oldu.
-migrate.migrating_git=Git Verilerini Taşıma
-migrate.migrating_topics=Konuları taşıma
-migrate.migrating_milestones=Kilometre Taşlarını Taşıma
-migrate.migrating_labels=Etiketleri Taşıma
-migrate.migrating_releases=Sürümleri Taşıma
-migrate.migrating_issues=Konuları Taşıma
-migrate.migrating_pulls=Değişiklik İsteklerini Taşıma
-migrate.cancel_migrating_title=Göçü iptal et
-migrate.cancel_migrating_confirm=Bu göçü iptal etmek istiyor musunuz?
-
 mirror_from=şunun yansıması
 forked_from=şundan çatallanmış
 generated_from=şuradan oluşturuldu
@@ -2642,13 +2624,9 @@ mirror_use_ssh.text = SSH yetkilendirme kullan
 settings.default_update_style_desc = Temel dalın ardındaki çekme isteklerini güncellemek için kullanılan varsayılan güncelleme stili.
 mirror_denied_combination = Ortak anahtar ve parola tabanlı kimlik doğrulama birlikte kullanılamaz.
 mirror_public_key = Ortak SSH anahtarı
-n_branch_few = %s dal
-n_commit_few = %s gönderi
-n_tag_few = %s etiket
 settings.wiki_rename_branch_main = Viki dal adını normalleştir
 mirror_use_ssh.not_available = SSH yetkilendirme kullanılamıyor.
 mirror_use_ssh.helper = Forgejo, bu seçeneği seçtiğinizde deponuzu SSH üzerinden Git üzerinden yansıtacak ve sizin için bir anahtar çifti oluşturacaktır. Oluşturulan ortak anahtarın hedef depoya gönderilmek üzere yetkilendirildiğinden emin olmalısınız. Bunu seçerken parola tabanlı yetkilendirme kullanamazsınız.
-n_branch_one = %s dal
 settings.units.add_more = Daha fazlasını etkinleştir
 settings.wiki_globally_editable = Vikiyi herkesin düzenlemesine izin ver
 issues.filter_no_results_placeholder = Arama filtrelerini değiştirmeyi deneyin.
@@ -2674,10 +2652,6 @@ migrate.repo_desc_helper = Var olan açıklamayı içe aktarmak için boş bıra
 subscribe.issue.guest.tooltip = Bu soruna abone olmak için oturum açın.
 subscribe.pull.guest.tooltip = Bu birleştirme isteğine abone olmak için oturum açın.
 project = Projeler
-n_commit_one = %s katkı
-n_tag_one = %s etiket
-n_release_one = %s sürüm
-n_release_few = %s sürüm
 file_follow = Sembolik bağlantıyı takip et
 no_eol.text = EOL bulunamadı
 no_eol.tooltip = Bu dosya, en sonunda satır sonu karakterini içermiyor.
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 9c02d496f9..a1e7455471 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -1126,14 +1126,6 @@ migrate_options_lfs=Перенесення файлів LFS
 migrate_options_lfs_endpoint.label=Кінцева точка LFS
 migrate_options_lfs_endpoint.description=Під час перенесення буде виконано спробу <a target="_blank" rel="noopener noreferrer" href="%s">визначити сервер LFS</a> через ваш віддалений сервер Git. Ви також можете вказати свою кінцеву точку, якщо дані LFS репозиторію зберігаються в іншому місці.
 migrate_options_lfs_endpoint.description.local=Також підтримується шлях на локальному сервері.
-migrate_items=Елементи для перенесення
-migrate_items_wiki=Вікі
-migrate_items_milestones=Етапи
-migrate_items_labels=Мітки
-migrate_items_issues=Задачі
-migrate_items_pullrequests=Запити на злиття
-migrate_items_merge_requests=Запити на об’єднання
-migrate_items_releases=Випуски
 migrate_repo=Перенести репозиторій
 migrate.clone_address=Перенести / клонувати з URL-адреси
 migrate.clone_address_desc=URL-адреса HTTP(S) або Git «clone» існуючого репозиторію
@@ -1149,14 +1141,6 @@ migrate.migrate=Перенесення з %s
 migrate.migrating=Перенесення з <b>%s</b>…
 migrate.migrating_failed=Перенесення з <b>%s</b> не вдалося.
 migrate.migrating_failed_no_addr=Перенесення не вдалося.
-migrate.migrating_git=Перенесення даних Git
-migrate.migrating_topics=Перенесення тем
-migrate.migrating_milestones=Перенесення етапів
-migrate.migrating_labels=Перенесення міток
-migrate.migrating_releases=Перенесення випусків
-migrate.migrating_issues=Перенесення задач
-migrate.migrating_pulls=Перенесення запитів на злиття
-
 mirror_from=дзеркало
 forked_from=форк від
 generated_from=згенеровано з
@@ -2350,14 +2334,11 @@ pull.deleted_branch = (видалено): %s
 milestones.update_ago = Оновлено %s
 size_format = %[1]s: %[2]s; %[3]s: %[4]s
 settings.units.add_more = Увімкнути ще
-migrate.cancel_migrating_title = Скасувати перенесення
 settings.units.units = Розділи
 settings.units.overview = Огляд
 projects.create_success = Проєкт «%s» створено.
 issues.no_content = Немає опису.
 settings.mirror_settings.docs.doc_link_title = Як дзеркалювати репозиторії?
-n_commit_one = %s коміт
-n_commit_few = %s комітів
 signing.will_sign = Коміт буде підписано ключем «%s».
 signing.wont_sign.error = Під час перевірки можливості підписати коміт сталася помилка.
 commits.search_branch = У цій гілці
@@ -2371,8 +2352,6 @@ project = Проєкти
 issues.review.outdated_description = Вміст змінився з моменту написання цього коментаря
 commits.browse_further = Дивитися далі
 issues.unpin_issue = Відкріпити задачу
-n_branch_one = %s гілка
-n_branch_few = %s гілок
 executable_file = Виконуваний файл
 migrate_options_mirror_helper = Цей репозиторій буде дзеркалом
 projects.edit_success = Проєкт «%s» оновлено.
@@ -2457,10 +2436,8 @@ archive.title_date = Цей репозиторій архівовано %s. Ви
 settings.event_pull_request_review_request_desc = Створено або видалено запит на відгук до запиту на злиття.
 archive.pull.noreview = Цей репозиторій архівовано. Ви не можете рецензувати запити на злиття.
 issues.num_reviews_few = %d відгуків
-n_release_few = %s випусків
 release.releases_for = Випуски %s
 release.type_attachment = Вкладення
-n_release_one = %s випуск
 issues.reopen.blocked_by_user = Ви не можете знову відкрити цю задачу, оскільки вас заблокував власник репозиторію або автор задачі.
 settings.actions_desc = Увімкнути вбудовані конвеєри CI/CD з Діями Forgejo
 tree_path_not_found_commit = Шлях %[1]s не існує в коміті %[2]s
@@ -2498,8 +2475,6 @@ pulls.nothing_to_compare_have_tag = Вибрані гілки/теги одна
 pulls.delete_after_merge.head_branch.is_protected = Головна гілка, яку ви намагаєтеся видалити, є захищеною і її неможливо видалити.
 settings.default_update_style_desc = Типовий стиль оновлення для запитів на злиття, що знаходяться позаду базової гілки.
 commit.load_referencing_branches_and_tags = Завантажити гілки і теги, які посилаються на цей коміт
-n_tag_few = %s тегів
-n_tag_one = %s тег
 settings.branches.switch_default_branch = Змінити типову гілку
 branch.branch_already_exists = Гілка «%s» вже є у цьому репозиторії.
 commit.contained_in_default_branch = Цей коміт — частина типової гілки
@@ -2696,7 +2671,6 @@ settings.mirror_settings.docs.disabled_push_mirror.instructions = Налашту
 settings.mirror_settings.docs.disabled_push_mirror.info = Push-дзеркала вимкнено адміністрацією сайту.
 settings.mirror_settings.docs.disabled_pull_mirror.instructions = Налаштуйте свій проєкт на автоматичне надсилання комітів, тегів і гілок до іншого репозиторію. Pull-дзеркала вимкнено адміністрацією сайту.
 issues.label_templates.fail_to_load_file = Не вдалося завантажити файл шаблону міток «%s»: %v
-migrate.cancel_migrating_confirm = Бажаєте скасувати перенесення?
 transfer.no_permission_to_accept = У вас немає дозволу прийняти цю передачу.
 transfer.no_permission_to_reject = У вас немає дозволу відхилити цю передачу.
 issues.choose.ignore_invalid_templates = Недійсні шаблони проігноровано
diff --git a/options/locale/locale_vi.ini b/options/locale/locale_vi.ini
index 61d7117b73..3c51eb51b9 100644
--- a/options/locale/locale_vi.ini
+++ b/options/locale/locale_vi.ini
@@ -706,7 +706,7 @@ update_hints = Cập nhật các gợi ý
 update_hints_success = Đã cập nhật các gợi ý.
 hidden_comment_types = Loại bình luận bị ẩn
 hidden_comment_types_description = Các loại bình luận được chọn ở đây sẽ không hiện trên các trang vấn đề. Ví dụ: Chọn "Nhãn" thì sẽ loại bỏ tất cả các bình luận "<user> đã thêm/bỏ <label>".
-hidden_comment_types.ref_tooltip =
+hidden_comment_types.ref_tooltip = 
 hidden_comment_types.issue_ref_tooltip = Các bình luận mà người dùng đổi nhánh/nhãn gắn với vấn đề
 comment_type_group_reference = Đề cập
 comment_type_group_label = Nhãn
@@ -782,7 +782,7 @@ key_content_gpg_placeholder = Bắt đầu bằng "-----BEGIN PGP PUBLIC KEY BLO
 ssh_key_been_used = Mã SSH này đã được thêm vào máy chủ rồi.
 ssh_key_name_used = Một mã SSH cùng tên đã tồn tại trong tài khoản của bạn.
 gpg_key_id_used = Một mã GPG công khai cùng ID đã tồn tại.
-gpg_no_key_email_found =
+gpg_no_key_email_found = 
 gpg_key_matched_identities = Các danh tính khớp:
 gpg_key_verify = Xác thực
 gpg_token_help = Bạn có thể tạo chữ kí bằng:
@@ -803,7 +803,7 @@ delete_key = Gỡ
 ssh_key_deletion = Gỡ mã SSH
 gpg_key_deletion = Gỡ mã GPG
 ssh_key_deletion_desc = Việc gỡ mã SSH sẽ tước quyền truy cập của nó đến tài khoản của bạn. Tiếp tục?
-gpg_key_deletion_desc =
+gpg_key_deletion_desc = 
 ssh_key_deletion_success = Đã gỡ mã SSH.
 gpg_key_deletion_success = Đã gỡ mã GPG.
 added_on = Đã được thêm từ %s
@@ -1043,11 +1043,6 @@ need_auth = Cấp phép
 migrate_options = Cài đặt nhập
 migrate_options_lfs = Nhập các tệp LFS
 migrate_options_lfs_endpoint.description.local = Đường dẫn máy chủ cục bộ cũng được hỗ trợ.
-migrate_items_milestones = Cột mốc
-migrate_items_labels = Nhãn
-migrate_items_issues = Vấn đề
-migrate_items_merge_requests = Yêu cầu hợp
-migrate_items_releases = Bản phát hành
 migrate_repo = Nhập kho mã
 migrate.repo_desc_helper = Bỏ trống để nhập mô tả có sẵn
 migrate.clone_local_path = hoặc một đường dẫn máy chủ cục bộ
@@ -1062,15 +1057,6 @@ migrate.migrating = Đang nhập từ <b>%s</b>…
 migrate.migrating_failed = Nhập từ <b>%s</b> thất bại.
 migrate.migrating_failed.error = Nhập thất bại: %s
 migrate.migrating_failed_no_addr = Nhập thất bại.
-migrate.migrating_git = Đang nhập dữ liệu Git
-migrate.migrating_topics = Đang nhập các chủ đề
-migrate.migrating_milestones = Đang nhập các cột mốc
-migrate.migrating_labels = Đang nhập các nhãn
-migrate.migrating_releases = Đang nhập các bản phát hành
-migrate.migrating_issues = Đang nhập các vấn đề
-migrate.migrating_pulls = Đang nhập các yêu cầu kéo
-migrate.cancel_migrating_title = Huỷ nhập
-migrate.cancel_migrating_confirm = Bạn có muốn huỷ nhập không?
 forked_from = phân nhánh từ
 generated_from = tạo từ
 fork_from_self = Bạn không thể phân nhánh kho mã của bạn.
@@ -1088,7 +1074,6 @@ more_operations = Thêm thao tác
 no_desc = Không có mô tả
 quick_guide = Chỉ dẫn nhanh
 fork_branch = Nhánh để nhân bản đến phân nhánh
-migrate_items_pullrequests = Yêu cầu kéo
 archive.pull.noreview = Kho mã này được lưu trữ. Bạn không thể xem xét yêu cầu kéo.
 archive.title_date = Kho mã này đã được lưu trữ vào %s. Bạn có thể xem tệp và nhân bản nó, nhưng bạn không thể thay đổi trạng thái của nó, như việc tạo vấn đề, yêu cầu kéo hay bình luận.
 archive.title = Kho mã này được lưu trữ. Bạn có thể xem tệp và nhân bản nó, nhưng bạn không thể thay đổi trạng thái của nó, như việc tạo vấn đề, yêu cầu kéo hay bình luận.
@@ -1174,8 +1159,6 @@ settings.packagist_api_token = Mã API
 filter_branch_and_tag = Lọc nhánh hoặc nhãn
 find_tag = Tìm nhãn
 tags = Nhãn
-n_tag_one = %s nhãn
-n_tag_few = %s nhãn
 video_not_supported_in_browser = Trình duyệt của bạn không hỗ trợ thẻ "video" HTML5.
 audio_not_supported_in_browser = Trình duyệt của bạn không hỗ trợ thẻ "audio" HTML5.
 pulls.nothing_to_compare_have_tag = Các nhánh/nhãn đã chọn bằng nhau.
@@ -1268,10 +1251,6 @@ labels = Nhãn
 milestones = Cột mốc
 org_labels_desc = Nhãn cấp tổ chức mà có thể được dùng với <strong>tất cả các kho mã</strong> của tổ chức này
 org_labels_desc_manage = quản lí
-n_branch_one = %s nhánh
-n_branch_few = %s nhánh
-n_release_one = %s bản phát hành
-n_release_few = %s bản phát hành
 released_this = đã phát hành bản này
 file.title = %s tại %s
 file_raw = Thô
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index e278b425c9..d292f171df 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -1156,14 +1156,6 @@ migrate_options_lfs_endpoint.label=LFS网址
 migrate_options_lfs_endpoint.description=迁移将尝试使用你的Git remote来<a target="_blank" rel="noopener noreferrer" href="%s">确定LFS服务器</a>。如果仓库LFS数据存储在其他位置，你还可以指定自定义网址。
 migrate_options_lfs_endpoint.description.local=支持本地服务器路径。
 migrate_options_lfs_endpoint.placeholder=如果留空，网址将从克隆URL中得到
-migrate_items=迁移项目
-migrate_items_wiki=百科
-migrate_items_milestones=里程碑
-migrate_items_labels=标签
-migrate_items_issues=议题
-migrate_items_pullrequests=合并请求
-migrate_items_merge_requests=合并请求
-migrate_items_releases=版本发布
 migrate_repo=迁移仓库
 migrate.clone_address=从URL迁移/克隆
 migrate.clone_address_desc=现有仓库的HTTP(S)或Git“clone”URL
@@ -1182,16 +1174,6 @@ migrate.migrating=正在从<b>%s</b>迁移……
 migrate.migrating_failed=从<b>%s</b>迁移失败。
 migrate.migrating_failed.error=迁移失败：%s
 migrate.migrating_failed_no_addr=迁移失败。
-migrate.migrating_git=迁移Git数据
-migrate.migrating_topics=正在迁移主题
-migrate.migrating_milestones=正在迁移里程碑
-migrate.migrating_labels=正在迁移标签
-migrate.migrating_releases=正在迁移发布
-migrate.migrating_issues=正在迁移议题
-migrate.migrating_pulls=正在迁移合并请求
-migrate.cancel_migrating_title=取消迁移
-migrate.cancel_migrating_confirm=您想要取消此次迁移吗？
-
 mirror_from=镜像自地址
 forked_from=派生自
 generated_from=生成自
@@ -2644,12 +2626,6 @@ open_with_editor = 使用%s打开
 settings.rename_branch_failed_protected = 无法重命名受保护的分支%s。
 stars = 点赞
 settings.confirmation_string = 确认输入
-n_commit_one = %s提交
-n_commit_few = %s提交
-n_branch_one = %s分支
-n_branch_few = %s分支
-n_tag_one = %s标签
-n_tag_few = %s标签
 editor.commit_id_not_matching = 您在编辑文件时该文件已被更改。请提交到一个新的分支，然后再将这个新的分支合并回当前分支。
 issues.num_participants_one = %d位参与者
 issues.archived_label_description = （已存档）%s
@@ -2677,8 +2653,6 @@ settings.transfer.button = 转移所有权
 wiki.search = 搜索百科
 wiki.no_search_results = 无结果
 form.string_too_long = 给定的字符串长度超过%d个字符。
-n_release_one = %s版本发布
-n_release_few = %s版本发布
 project = 项目
 issues.edit.already_changed = 无法保存对议题的更改。议题似乎已经被另一个用户修改了，为了防止修改被覆盖，请刷新页面后再次尝试编辑
 pulls.edit.already_changed = 无法保存对合并请求的更改。内容似乎已经被另一个用户修改了，为了防止修改被覆盖，请刷新页面后再次尝试编辑
diff --git a/options/locale/locale_zh-HK.ini b/options/locale/locale_zh-HK.ini
index dcec0908ef..790012ecd9 100644
--- a/options/locale/locale_zh-HK.ini
+++ b/options/locale/locale_zh-HK.ini
@@ -420,9 +420,6 @@ template.avatar=頭像
 
 
 
-migrate_items_issues=問題數
-migrate_items_pullrequests=合併請求
-migrate_items_releases=版本發佈
 migrate_repo=遷移儲存庫
 migrate.permission_denied=您並沒有導入本地儲存庫的權限。
 migrate.failed=遷移失敗：%v
@@ -725,7 +722,6 @@ release.downloads=下載附件
 mirror_password_blank_placeholder = （未設定）
 settings.trust_model.default = 預設信任模型
 issue_labels = 標籤
-migrate_items_milestones = 里程碑
 settings.default_merge_style_desc = 預設合併方式
 language_other = 其他
 delete_preexisting_label = 刪除
@@ -742,8 +738,6 @@ mirror_password_placeholder = （未變更）
 readme = 讀我檔案
 release = 發佈
 commit = 提交
-migrate_items_wiki = 維基
-migrate_items_labels = 標籤
 tag = 標籤
 settings.branches.switch_default_branch = 切換預設分支
 mirror_sync = 已同步
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index b1b1156ef6..09052f05b2 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -1133,14 +1133,6 @@ migrate_options_lfs=遷移 LFS 檔案
 migrate_options_lfs_endpoint.label=LFS 端點
 migrate_options_lfs_endpoint.description=遷移將會嘗試使用您的 Git 遠端來<a target="_blank" rel="noopener noreferrer" href="%s">確認 LFS 伺服器</a>。如果存儲庫的 LFS 資料放在其他地方，您也可以指定自訂的端點。
 migrate_options_lfs_endpoint.description.local=同時也支援本地伺服器路徑。
-migrate_items=遷移項目
-migrate_items_wiki=Wiki
-migrate_items_milestones=里程碑
-migrate_items_labels=標籤
-migrate_items_issues=問題
-migrate_items_pullrequests=合併請求
-migrate_items_merge_requests=合併請求
-migrate_items_releases=版本發布
 migrate_repo=遷移儲存庫
 migrate.clone_address=從 URL 遷移 / Clone
 migrate.clone_address_desc=現有儲存庫的 HTTP(S) 或 Git 「clone」 URL
@@ -1158,14 +1150,6 @@ migrate.migrate=從 %s 遷移
 migrate.migrating=正在從 <b>%s</b> 遷移…
 migrate.migrating_failed=從 <b>%s</b> 遷移失敗。
 migrate.migrating_failed_no_addr=遷移失敗。
-migrate.migrating_git=正在遷移 Git 資料
-migrate.migrating_topics=正在遷移主題
-migrate.migrating_milestones=正在遷移里程碑
-migrate.migrating_labels=正在遷移標籤
-migrate.migrating_releases=正在遷移版本發佈
-migrate.migrating_issues=正在遷移問題
-migrate.migrating_pulls=正在遷移合併請求
-
 mirror_from=鏡像自
 forked_from=分叉自
 generated_from=產生自
@@ -2447,7 +2431,6 @@ tree_path_not_found.branch = 路徑 %[1]s 不存在於分支 %[2]s 中
 transfer.no_permission_to_accept = 您沒有權限接受這項轉讓。
 archive.title = 這個儲存庫已被封存。您可以檢視其中的檔案或拓製儲存庫，但您無法提交推送和創建新議題、合併請求或評論。
 archive.title_date = 這個儲存庫在 %s 被封存了。您可以檢視其中的檔案或拓製儲存庫，但您無法提交推送和創建新議題、合併請求或評論。
-migrate.cancel_migrating_title = 取消遷移
 executable_file = 可執行檔
 all_branches = 所有分支
 object_format_helper = 儲存庫的物件格式。一旦設定便無法更改。SHA1 的相容性最好。
@@ -2459,7 +2442,6 @@ admin.manage_flags = 管理旗標
 visibility_helper = 將儲存庫設為私有
 mirror_address_url_invalid = 提供的網址無效。必須確保正確的跳脫（escape）此網址的每個部份。
 migrate.migrating_failed.error = 遷移失敗：%s
-migrate.cancel_migrating_confirm = 您確定要取消這次的遷移嗎？
 invisible_runes_header = `此檔案內含不可見的 Unicode 字元`
 ambiguous_runes_header = `這個檔案內含模棱兩可的 Unicode 字元`
 rss.must_be_on_branch = 您必須在一個分支上才能訂閱 RSS。
@@ -2478,17 +2460,11 @@ generated = 自動生成的
 object_format = 物件格式
 open_with_editor = 用 %s 打開
 stars = 星星
-n_tag_few = %s 個標籤
 migrate_options_lfs_endpoint.placeholder =如果留空，將利用拓製 URL 推導出 endpoint
 signing.wont_sign.nokey = 這個站點沒有可以用來簽署的金鑰。
-n_branch_few = %s 條分支
-n_tag_one = %s 個標籤
 settings.transfer.button = 轉移所有權
 settings.transfer.modal.title = 轉移所有權
 commits.view_path = 在歷史中檢視這個時間點
-n_commit_one = %s 個提交
-n_commit_few = %s 個提交
-n_branch_one = %s 條分支
 commits.search_branch = 此分支
 commits.browse_further = 進一步瀏覽
 commits.renamed_from = 自 %s 重新命名
@@ -2629,8 +2605,6 @@ milestones.new_subheader = 里程碑可以幫助你組織問題並追蹤其進
 comments.edit.already_changed = 無法儲存對評論的變更。內容似乎已被其他使用者變更。請重新整理頁面並再次嘗試編輯以避免覆蓋其變更
 activity.published_prerelease_label = 預發行
 no_eol.tooltip = 此檔案不包含行尾字元。
-n_release_one = %s 發行
-n_release_few = %s 發行
 no_eol.text = 無檔案結尾符
 issues.all_title = 全部
 mirror_public_key = 公共 SSH 金鑰
diff --git a/options/locale_next/locale_ar.json b/options/locale_next/locale_ar.json
index 6eb05e75c4..7861f67193 100644
--- a/options/locale_next/locale_ar.json
+++ b/options/locale_next/locale_ar.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s إيداع",
+		"other": "%s إيداعات"
+	},
+	"counters.n_branches": {
+		"one": "%s فرع",
+		"other": "%s فروع"
+	},
+	"counters.n_tags": {
+		"one": "%s علامة",
+		"other": "‪%s علامات"
+	},
+	"counters.n_releases": {
+		"one": "%s إصدار",
+		"other": "%s إصدارات"
+	},
 	"actions.actions": "الإجراءات",
 	"actions.status.unknown": "مجهول",
 	"actions.status.waiting": "ينتظر",
@@ -254,6 +270,23 @@
 	"migrate.gitbucket.description": "ترحيل البيانات من مثيلات GitBucket.",
 	"migrate.codebase.description": "ترحيل البيانات من codebasehq.com.",
 	"migrate.forgejo.description": "ترحيل المعلومات من كودبيرج أو خوادم فورجيو الأخرى.",
+	"migrate.items.label": "عناصر الترحيل",
+	"migrate.items.wiki": "الموسوعة",
+	"migrate.items.milestones": "أهداف",
+	"migrate.items.labels": "تصنيفات",
+	"migrate.items.issues": "البلاغات",
+	"migrate.items.pull_requests": "طلبات السحب",
+	"migrate.items.merge_requests": "طلبات الدمج",
+	"migrate.items.releases": "الإصدارات",
+	"migrate.in_progress.git": "ترحيل بيانات Git",
+	"migrate.in_progress.topics": "ترحيل المواضيع",
+	"migrate.in_progress.milestones": "ترحيل الأهداف",
+	"migrate.in_progress.labels": "ترحيل الوسوم",
+	"migrate.in_progress.releases": "ترحيل الإصدارات",
+	"migrate.in_progress.issues": "ترحيل البلاغات",
+	"migrate.in_progress.pulls": "ترحيل طلبات السحب",
+	"migrate.cancel.title": "إلغاء الترحيل",
+	"migrate.cancel.confirmation": "تريد إلغاء عملية الترحيل هذه؟",
 	"user.ghost.tooltip": "تم حذف هذا المستخدم أو لا يمكن مطابقته.",
 	"migrate.form.error.url_credentials": "يحتوي عنوان الرابط على بيانات اعتماد، ضعها في حقلي اسم المستخدم وكلمة المرور على التوالي",
 	"pulse.n_active_issues": {
diff --git a/options/locale_next/locale_bg.json b/options/locale_next/locale_bg.json
index 2525e1c239..625961ffca 100644
--- a/options/locale_next/locale_bg.json
+++ b/options/locale_next/locale_bg.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s подаване",
+		"other": "%s подавания"
+	},
+	"counters.n_branches": {
+		"one": "%s клон",
+		"other": "%s клона"
+	},
+	"counters.n_tags": {
+		"one": "%s маркер",
+		"other": "%s маркера"
+	},
+	"counters.n_releases": {
+		"one": "%s издание",
+		"other": "%s издания"
+	},
 	"actions.actions": "Действия",
 	"actions.status.unknown": "Неизвестно",
 	"actions.status.waiting": "Изчаква се",
@@ -283,6 +299,23 @@
 	"migrate.gitbucket.description": "Мигриране на данни от GitBucket инстанции.",
 	"migrate.codebase.description": "Мигриране на данни от codebasehq.com.",
 	"migrate.forgejo.description": "Мигриране на данни от codeberg.org или други Forgejo инстанции.",
+	"migrate.items.label": "Елементи за мигриране",
+	"migrate.items.wiki": "Уики",
+	"migrate.items.milestones": "Етапи",
+	"migrate.items.labels": "Етикети",
+	"migrate.items.issues": "Задачи",
+	"migrate.items.pull_requests": "Заявки за сливане",
+	"migrate.items.merge_requests": "Заявки за сливане",
+	"migrate.items.releases": "Издания",
+	"migrate.in_progress.git": "Мигриране на Git данни",
+	"migrate.in_progress.topics": "Мигриране на теми",
+	"migrate.in_progress.milestones": "Мигриране на етапи",
+	"migrate.in_progress.labels": "Мигриране на етикети",
+	"migrate.in_progress.releases": "Мигриране на издания",
+	"migrate.in_progress.issues": "Мигриране на задачи",
+	"migrate.in_progress.pulls": "Мигриране на заявки за сливане",
+	"migrate.cancel.title": "Отказ от миграцията",
+	"migrate.cancel.confirmation": "Искате ли да откажете тази миграция?",
 	"keys.ssh.link": "SSH ключове",
 	"feed.atom.link": "Atom емисия",
 	"keys.gpg.link": "GPG ключове",
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index 1fd3ede667..989e404f46 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s commit",
+		"other": "%s commits"
+	},
+	"counters.n_branches": {
+		"one": "Branca %s",
+		"other": "Branques %s"
+	},
+	"counters.n_tags": {
+		"one": "Etiqueta %s",
+		"other": "Etiquetes %s"
+	},
+	"counters.n_releases": {
+		"one": "Publicació %s",
+		"other": "Publicacions %s"
+	},
 	"fork.n_forks": {
 		"one": "%s fork",
 		"many": "%s forks",
@@ -65,6 +81,23 @@
 	"migrate.gitbucket.description": "Migrar dades d'instàncies de GitBucket.",
 	"migrate.codebase.description": "Migrar dades de codebasehq.com.",
 	"migrate.forgejo.description": "Migrar dades de codeberg.org o d'altres instàncies de Forgejo.",
+	"migrate.items.label": "Elements de migració",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Fites",
+	"migrate.items.labels": "Etiquetes",
+	"migrate.items.issues": "Problemes",
+	"migrate.items.pull_requests": "Pull requests",
+	"migrate.items.merge_requests": "Sol·licituds de fusió",
+	"migrate.items.releases": "Publicacions",
+	"migrate.in_progress.git": "Migrant dades Git",
+	"migrate.in_progress.topics": "Migrant tòpics",
+	"migrate.in_progress.milestones": "Migrant fites",
+	"migrate.in_progress.labels": "Migrant etiquetes",
+	"migrate.in_progress.releases": "Migrant publicacions",
+	"migrate.in_progress.issues": "Migrant problemes",
+	"migrate.in_progress.pulls": "Migrant «pull requests»",
+	"migrate.cancel.title": "Cancel·la la migració",
+	"migrate.cancel.confirmation": "Voleu cancel·lar aquesta migració?",
 	"repo.issue_indexer.title": "Indexador d'incidències",
 	"repo.settings.push_mirror.branch_filter.label": "Filtre de branca (opcional)",
 	"incorrect_root_url": "Aquesta instància de Forejo està configurada per ser servida a \"%s\". Actualment esteu veient Forgejo des d'una URL diferent, la qual cosa pot provocar que algunes parts de l'aplicació no funcionin correctament. Els administradors de Forgejo controlen l'URL canònica mitjançant el paràmetre ROOT_URL a app.ini.",
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 74e66831e9..7acc2453d8 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s revize",
+		"other": "%s revizí"
+	},
+	"counters.n_branches": {
+		"one": "%s větev",
+		"other": "%s větví"
+	},
+	"counters.n_tags": {
+		"one": "%s značka",
+		"other": "%s značek"
+	},
+	"counters.n_releases": {
+		"one": "%s vydání",
+		"other": "%s vydání"
+	},
 	"gpg.default_key": "Podepsáno výchozím klíčem",
 	"gpg.error.extract_sign": "Nepodařilo se získat podpis",
 	"gpg.error.generate_hash": "Nepodařilo se vygenerovat hash revize",
@@ -334,6 +350,23 @@
 	"migrate.gitbucket.description": "Migrovat data z instancí GitBucket.",
 	"migrate.codebase.description": "Migrovat data z codebasehq.com.",
 	"migrate.forgejo.description": "Migrovat data z codeberg.org nebo jiných instancí Forgejo.",
+	"migrate.items.label": "Položky pro migrování",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Milníky",
+	"migrate.items.labels": "Štítky",
+	"migrate.items.issues": "Problémy",
+	"migrate.items.pull_requests": "Žádosti o sloučení",
+	"migrate.items.merge_requests": "Sloučit žádosti",
+	"migrate.items.releases": "Vydání",
+	"migrate.in_progress.git": "Migrace dat z Gitu",
+	"migrate.in_progress.topics": "Migrace témat",
+	"migrate.in_progress.milestones": "Migrace milníků",
+	"migrate.in_progress.labels": "Migrace štítků",
+	"migrate.in_progress.releases": "Migrace vydání",
+	"migrate.in_progress.issues": "Migrace problémů",
+	"migrate.in_progress.pulls": "Migrace žádostí o sloučení",
+	"migrate.cancel.title": "Zrušit migraci",
+	"migrate.cancel.confirmation": "Chcete zrušit tuto migraci?",
 	"admin.config.security": "Nastavení zabezpečení",
 	"admin.config.global_2fa_requirement.title": "Globální požadavek dvoufázového ověření",
 	"error.must_enable_2fa": "Tato instance Forgejo vyžaduje, aby si všichni uživatelé zapnuli dvoufázové ověření, než začnou používat svůj účet. Povolíte jej zde: %s",
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index 949283dc56..3244a0cc7c 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s commit",
+		"other": "%s commits"
+	},
+	"counters.n_branches": {
+		"one": "%s gren",
+		"other": "%s grene"
+	},
+	"counters.n_tags": {
+		"one": "%s tag",
+		"other": "%s tags"
+	},
+	"counters.n_releases": {
+		"one": "%s udgivelse",
+		"other": "%s udgivelser"
+	},
 	"actions.actions": "Handlinger",
 	"actions.status.unknown": "Ukendt",
 	"actions.status.waiting": "Venter",
@@ -353,6 +369,23 @@
 	"migrate.gitbucket.description": "Migrer data fra GitBucket-instanser.",
 	"migrate.codebase.description": "Migrer data fra codebasehq.com.",
 	"migrate.forgejo.description": "Migrer data fra codeberg.org eller andre Forgejo-instanser.",
+	"migrate.items.label": "Migration Elementer",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Milepæle",
+	"migrate.items.labels": "Etiketter",
+	"migrate.items.issues": "Problemmer",
+	"migrate.items.pull_requests": "Pull-anmodninger",
+	"migrate.items.merge_requests": "Flet anmodninger",
+	"migrate.items.releases": "Udgivelser",
+	"migrate.in_progress.git": "Migrering af Git-data",
+	"migrate.in_progress.topics": "Migrering af emner",
+	"migrate.in_progress.milestones": "Migrerende milepæle",
+	"migrate.in_progress.labels": "Migrering af etiketter",
+	"migrate.in_progress.releases": "Migrering af udgivelser",
+	"migrate.in_progress.issues": "Migrering af problemer",
+	"migrate.in_progress.pulls": "Migrering af pull-anmodninger",
+	"migrate.cancel.title": "Annuller migrering",
+	"migrate.cancel.confirmation": "Vil du annullere denne migrering?",
 	"pulse.n_active_issues": {
 		"one": "%s aktivt problem",
 		"other": "%s aktive problemer"
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 253b3188c7..af1132e371 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s Commit",
+		"other": "%s Commits"
+	},
+	"counters.n_branches": {
+		"one": "%s Branch",
+		"other": "%s Branches"
+	},
+	"counters.n_tags": {
+		"one": "%s Tag",
+		"other": "%s Tags"
+	},
+	"counters.n_releases": {
+		"one": "%s freigegeben",
+		"other": "%s Veröffentlichungen"
+	},
 	"gpg.default_key": "Mit Standardschlüssel signiert",
 	"gpg.error.extract_sign": "Die Signatur konnte nicht extrahiert werden",
 	"gpg.error.generate_hash": "Es konnte kein Hash vom Commit generiert werden",
@@ -317,6 +333,23 @@
 	"migrate.gitbucket.description": "Daten von GitBucket-Instanzen migrieren.",
 	"migrate.codebase.description": "Daten von codebasehq.com migrieren.",
 	"migrate.forgejo.description": "Daten von codeberg.org oder anderen Forgejo-Instanzen migrieren.",
+	"migrate.items.label": "Migrationselemente",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Meilensteine",
+	"migrate.items.labels": "Labels",
+	"migrate.items.issues": "Issues",
+	"migrate.items.pull_requests": "Pull-Requests",
+	"migrate.items.merge_requests": "Merge-Requests",
+	"migrate.items.releases": "Releases",
+	"migrate.in_progress.git": "Git-Daten werden migriert",
+	"migrate.in_progress.topics": "Themen werden migriert",
+	"migrate.in_progress.milestones": "Meilensteine werden migriert",
+	"migrate.in_progress.labels": "Labels werden migriert",
+	"migrate.in_progress.releases": "Releases werden migriert",
+	"migrate.in_progress.issues": "Issues werden migriert",
+	"migrate.in_progress.pulls": "Pull-Requests werden migriert",
+	"migrate.cancel.title": "Migration abbrechen",
+	"migrate.cancel.confirmation": "Möchtest du diese Migration abbrechen?",
 	"repo.pulls.already_merged": "Zusammenführung fehlgeschlagen. Der Pull-Request wurde bereits zusammengeführt.",
 	"migrate.pagure.incorrect_url": "Falsche Quellrepository-URL wurde angegeben",
 	"migrate.pagure.project_example": "Die URL des Pagure-Projekts, z. B. https://pagure.io/pagure",
diff --git a/options/locale_next/locale_el-GR.json b/options/locale_next/locale_el-GR.json
index b83629006d..e755e6d90a 100644
--- a/options/locale_next/locale_el-GR.json
+++ b/options/locale_next/locale_el-GR.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s υποβολή",
+		"other": "%s υποβολές"
+	},
+	"counters.n_branches": {
+		"one": "%s κλάδος",
+		"other": "%s κλάδοι"
+	},
+	"counters.n_tags": {
+		"one": "%s ετικέτα",
+		"other": "%s ετικέτες"
+	},
+	"counters.n_releases": {
+		"one": "%s κυκλοφορία",
+		"other": "%s κυκλοφορίες"
+	},
 	"gpg.default_key": "Υπογραφή με το προεπιλεγμένο κλειδί",
 	"gpg.error.extract_sign": "Αποτυχία εξαγωγής υπογραφής",
 	"gpg.error.generate_hash": "Αποτυχία δημιουργίας hash της υποβολής",
@@ -224,6 +240,23 @@
 	"migrate.gitbucket.description": "Μεταφορά δεδομένων από διακομιστές GitBucket.",
 	"migrate.codebase.description": "Μεταφορά δεδομένων από το codebasehq.com.",
 	"migrate.forgejo.description": "Μεταφορά δεδομένων από το codeberg.org ή άλλων υπηρεσιών Forgejo.",
+	"migrate.items.label": "Αντικείμενα μεταφοράς",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Ορόσημα",
+	"migrate.items.labels": "Σήματα",
+	"migrate.items.issues": "Ζητήματα",
+	"migrate.items.pull_requests": "Pull requests",
+	"migrate.items.merge_requests": "Merge requests",
+	"migrate.items.releases": "Κυκλοφορίες",
+	"migrate.in_progress.git": "Τα δεδομένα Git μεταφέρονται",
+	"migrate.in_progress.topics": "Τα θέματα μεταφέρονται",
+	"migrate.in_progress.milestones": "Τα ορόσημα μεταφέρονται",
+	"migrate.in_progress.labels": "Τα σήματα μεταφέρονται",
+	"migrate.in_progress.releases": "Οι κυκλοφορίες μεταφέρονται",
+	"migrate.in_progress.issues": "Τα ζητήματα μεταφέρονται",
+	"migrate.in_progress.pulls": "Μεταφέρονται τα pull requests",
+	"migrate.cancel.title": "Ακύρωση μεταφοράς",
+	"migrate.cancel.confirmation": "Θέλετε να ακυρώσετε αυτή τη μεταφορά;",
 	"relativetime.future": "στο μέλλον",
 	"relativetime.now": "τώρα",
 	"repo.form.cannot_create": "Όλοι οι χώροι που μπορείτε να δημιουργήσετε αποθετήρια έχουν φτάσει στο μέγιστο όριο αποθετηρίων.",
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 643b1388f5..c0ed083b66 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -88,6 +88,7 @@
 	"repo.pulls.maintainers_cannot_edit": "Maintainers cannot edit this pull request.",
 	"repo.form.cannot_create": "All spaces in which you can create repositories have reached the limit of repositories.",
 	"repo.view.gitmodules_too_large": "The .gitmodules file is too large and will be ignored (on API calls for instance)",
+	"migrate.select.title": "Migrate repository",
 	"migrate.form.error.url_credentials": "The URL contains credentials, put them in the username and password fields respectively",
 	"migrate.github.description": "Migrate data from github.com or GitHub Enterprise server.",
 	"migrate.git.description": "Migrate a repository only from any Git service.",
@@ -98,6 +99,23 @@
 	"migrate.gitbucket.description": "Migrate data from GitBucket instances.",
 	"migrate.codebase.description": "Migrate data from codebasehq.com.",
 	"migrate.forgejo.description": "Migrate data from codeberg.org or other Forgejo instances.",
+	"migrate.items.label": "Migration items",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Milestones",
+	"migrate.items.labels": "Labels",
+	"migrate.items.issues": "Issues",
+	"migrate.items.pull_requests": "Pull requests",
+	"migrate.items.merge_requests": "Merge requests",
+	"migrate.items.releases": "Releases",
+	"migrate.in_progress.git": "Migrating Git data",
+	"migrate.in_progress.topics": "Migrating topics",
+	"migrate.in_progress.milestones": "Migrating milestones",
+	"migrate.in_progress.labels": "Migrating labels",
+	"migrate.in_progress.releases": "Migrating releases",
+	"migrate.in_progress.issues": "Migrating issues",
+	"migrate.in_progress.pulls": "Migrating pull requests",
+	"migrate.cancel.title": "Cancel migration",
+	"migrate.cancel.confirmation": "Do you want to cancel this migration?",
 	"repo.issue_indexer.title": "Issue Indexer",
 	"search.milestone_kind": "Search milestones…",
 	"search.syntax": "Search syntax",
@@ -257,6 +275,22 @@
 	"munits.data.tib": "TiB",
 	"munits.data.pib": "PiB",
 	"munits.data.eib": "EiB",
+	"counters.n_commits": {
+		"one": "%s commit",
+		"other": "%s commits"
+	},
+	"counters.n_branches": {
+		"one": "%s branch",
+		"other": "%s branches"
+	},
+	"counters.n_tags": {
+		"one": "%s tag",
+		"other": "%s tags"
+	},
+	"counters.n_releases": {
+		"one": "%s release",
+		"other": "%s releases"
+	},
 	"packages.title": "Packages",
 	"packages.empty": "There are no packages yet.",
 	"packages.empty.documentation": "For more information on the package registry, see <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">the documentation</a>.",
diff --git a/options/locale_next/locale_eo.json b/options/locale_next/locale_eo.json
index 20d9f4515c..721b708a63 100644
--- a/options/locale_next/locale_eo.json
+++ b/options/locale_next/locale_eo.json
@@ -52,6 +52,9 @@
 	"migrate.gitbucket.description": "Migrigi datumojn el GitBucket instancoj.",
 	"migrate.codebase.description": "Migrigi datumojn el codebasehq.com.",
 	"migrate.forgejo.description": "Migrigi datumojn el codeberg.org aŭ aliaj Forgejo instancoj.",
+	"migrate.items.pull_requests": "Tirpetoj",
+	"migrate.items.releases": "Eldonoj",
+	"migrate.in_progress.pulls": "Migrante tirpetojn",
 	"repo.settings.push_mirror.branch_filter.label": "Branĉa filtrilo (malnepra)",
 	"themes.names.forgejo-auto": "Forgejo (konformi kun sistema etoso)",
 	"themes.names.forgejo-light": "Forgejo hela",
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index fff792b714..1d39325ed3 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s commit",
+		"other": "%s commits"
+	},
+	"counters.n_branches": {
+		"one": "%s rama",
+		"other": "%s ramas"
+	},
+	"counters.n_tags": {
+		"one": "%s etiqueta",
+		"other": "%s etiquetas"
+	},
+	"counters.n_releases": {
+		"one": "%s lanzamiento",
+		"other": "%s versiones"
+	},
 	"actions.actions": "Acciones",
 	"actions.status.unknown": "Desconocido",
 	"actions.status.waiting": "Esperando",
@@ -355,6 +371,23 @@
 	"migrate.gitbucket.description": "Migrar datos de instancias de GitBucket.",
 	"migrate.codebase.description": "Migrar datos desde codebasehq.com.",
 	"migrate.forgejo.description": "Migrar datos desde codeberg.org u otras instancias de Forgejo.",
+	"migrate.items.label": "Objetos de migración",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Hitos",
+	"migrate.items.labels": "Etiquetas",
+	"migrate.items.issues": "Incidencias",
+	"migrate.items.pull_requests": "Solicitudes de extracción",
+	"migrate.items.merge_requests": "Solicitudes de fusión",
+	"migrate.items.releases": "Lanzamientos",
+	"migrate.in_progress.git": "Migrando datos de Git",
+	"migrate.in_progress.topics": "Migrando temas",
+	"migrate.in_progress.milestones": "Migrando hitos",
+	"migrate.in_progress.labels": "Migrando etiquetas",
+	"migrate.in_progress.releases": "Migrar versiones",
+	"migrate.in_progress.issues": "Migrando incidencias",
+	"migrate.in_progress.pulls": "Migrando solicitudes de incorporación de cambios",
+	"migrate.cancel.title": "Cancelar la migración",
+	"migrate.cancel.confirmation": "¿Quiere cancelar esta migración?",
 	"moderation.abuse_category.spam": "Spam",
 	"pulse.n_active_issues": {
 		"one": "%s incidencia activa",
diff --git a/options/locale_next/locale_et.json b/options/locale_next/locale_et.json
index 884f7da179..d7138925cf 100644
--- a/options/locale_next/locale_et.json
+++ b/options/locale_next/locale_et.json
@@ -1,4 +1,8 @@
 {
+	"counters.n_branches": {
+		"one": "%s alamharu",
+		"other": "%s alamharu"
+	},
 	"packages.alpine.repository.branches": "Alamharud",
 	"stars.n_stars": {
 		"one": "%s tärn",
diff --git a/options/locale_next/locale_fa-IR.json b/options/locale_next/locale_fa-IR.json
index 72dec1fc85..75190f2fbf 100644
--- a/options/locale_next/locale_fa-IR.json
+++ b/options/locale_next/locale_fa-IR.json
@@ -52,6 +52,21 @@
 	"migrate.onedev.description": "مهاجرت داده از code.onedev.io یا پیاده‌سازی‌های دیگر OneDev.",
 	"migrate.gitbucket.description": "مهاجرت داده از نمونه های GitBucket",
 	"migrate.codebase.description": "مهاجر داده ها از codebasehq.com.",
+	"migrate.items.label": "مولفه های مهاجرت",
+	"migrate.items.wiki": "دانشنامه",
+	"migrate.items.milestones": "نقاط عطف",
+	"migrate.items.labels": "برچسب‌ها",
+	"migrate.items.issues": "مسائل",
+	"migrate.items.pull_requests": "تقاضاهای واکشی",
+	"migrate.items.merge_requests": "تقاضاهای واکشی",
+	"migrate.items.releases": "انتشارها",
+	"migrate.in_progress.git": "انتقال داده های Git",
+	"migrate.in_progress.topics": "موضوعات مهاجرت",
+	"migrate.in_progress.milestones": "نقاط عطف مهاجرت",
+	"migrate.in_progress.labels": "برچسب های مهاجرت",
+	"migrate.in_progress.releases": "انتشارات مهاجرت",
+	"migrate.in_progress.issues": "مشکلات مهاجرت",
+	"migrate.in_progress.pulls": "مهاجرت درخواست های pull",
 	"pulse.n_active_issues": {
 		"one": "%s مسئله فعال",
 		"other": "%s مسئله فعال"
diff --git a/options/locale_next/locale_fi-FI.json b/options/locale_next/locale_fi-FI.json
index e2862e49a2..7993d9ae12 100644
--- a/options/locale_next/locale_fi-FI.json
+++ b/options/locale_next/locale_fi-FI.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s kommitti",
+		"other": "%s kommittia"
+	},
+	"counters.n_branches": {
+		"one": "%s haara",
+		"other": "%s haaraa"
+	},
+	"counters.n_tags": {
+		"one": "%s tagi",
+		"other": "%s tagia"
+	},
+	"counters.n_releases": {
+		"one": "%s julkaisu",
+		"other": "%s julkaisua"
+	},
 	"gpg.default_key": "Allekirjoitettu oletusavaimella",
 	"gpg.error.extract_sign": "Allekirjoituksen purkaminen epäonnistui",
 	"gpg.error.generate_hash": "Kommitin tiivisteen luominen epäonnistui",
@@ -284,6 +300,23 @@
 	"migrate.gitbucket.description": "Tee migraatio GitBucket-instansseista.",
 	"migrate.codebase.description": "Tee migraatio codebasehq.comista.",
 	"migrate.forgejo.description": "Tee migraatio codeberg.orgista tai muista Forgejo-instansseista.",
+	"migrate.items.label": "Migraation kohteet",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Merkkipaalut",
+	"migrate.items.labels": "Nimilaput",
+	"migrate.items.issues": "Ongelmat",
+	"migrate.items.pull_requests": "Vetopyynnöt",
+	"migrate.items.merge_requests": "Yhdistämispyynnöt",
+	"migrate.items.releases": "Julkaisut",
+	"migrate.in_progress.git": "Suoritetaan Git-datan migraatiota",
+	"migrate.in_progress.topics": "Suoritetaan aiheiden migraatiota",
+	"migrate.in_progress.milestones": "Suoritetaan merkkipaalujen migraatiota",
+	"migrate.in_progress.labels": "Suoritetaan nimilappujen migraatiota",
+	"migrate.in_progress.releases": "Suoritetaan julkaisujen migraatiota",
+	"migrate.in_progress.issues": "Suoritetaan ongelmien migraatiota",
+	"migrate.in_progress.pulls": "Suoritetaan vetopyyntöjen migraatiota",
+	"migrate.cancel.title": "Peruuta migraatio",
+	"migrate.cancel.confirmation": "Haluatko perua tämän migraation?",
 	"moderation.report_abuse_form.invalid": "Virheelliset argumentit",
 	"admin.config.security": "Turvallisuusasetukset",
 	"admin.config.global_2fa_requirement.title": "Globaali kaksivaiheisen tunnistuksen vaatimus",
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 8f9949cd30..1319c71f64 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s commit",
+		"other": "%s mga commit"
+	},
+	"counters.n_branches": {
+		"one": "%s branch",
+		"other": "%s mga branch"
+	},
+	"counters.n_tags": {
+		"one": "%s tag",
+		"other": "%s mga tag"
+	},
+	"counters.n_releases": {
+		"one": "%s release",
+		"other": "%s mga release"
+	},
 	"gpg.default_key": "Naka-sign gamit ang default key",
 	"gpg.error.extract_sign": "Nabigong i-extract ang signature",
 	"gpg.error.generate_hash": "Nabigong i-generate ang hash ng commit",
@@ -323,6 +339,23 @@
 	"migrate.gitbucket.description": "Mag-migrate ng data mula sa mga GitBucket na instansya.",
 	"migrate.codebase.description": "Mag-migrate ng data mula sa codebasehq.com.",
 	"migrate.forgejo.description": "Mag-migrate ng data mula sa codeberg.org o iba pang mga Forgejo na instansya.",
+	"migrate.items.label": "Mga item sa pagmigrate",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Mga milestone",
+	"migrate.items.labels": "Mga label",
+	"migrate.items.issues": "Mga isyu",
+	"migrate.items.pull_requests": "Mga hiling sa paghila",
+	"migrate.items.merge_requests": "Mga merge request",
+	"migrate.items.releases": "Mga paglabas",
+	"migrate.in_progress.git": "Nililipat ang Git data",
+	"migrate.in_progress.topics": "Nililipat ang mga paksa",
+	"migrate.in_progress.milestones": "Nililipat ang mga milestone",
+	"migrate.in_progress.labels": "Nililipat ang mga label",
+	"migrate.in_progress.releases": "Nililipat ang mga paglabas",
+	"migrate.in_progress.issues": "Nililipat ang mga isyu",
+	"migrate.in_progress.pulls": "Nililipat ang mga pull request",
+	"migrate.cancel.title": "Kanselahin ang pag-migrate",
+	"migrate.cancel.confirmation": "Gusto mo bang kanselahin ang migration na ito?",
 	"admin.config.security": "Pagsasaayos sa seguridad",
 	"error.must_enable_2fa": "Kinakailangan ng instansyang ito na ang mga user ay paganahin ang authentikasyong two-factor bago nila i-access ang kani-kanilang account. Paganahin ito sa: %s",
 	"admin.config.global_2fa_requirement.title": "Global na pangangailangan ng two-factor",
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index d80cb70025..84e53d0311 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s commit",
+		"other": "%s commits"
+	},
+	"counters.n_branches": {
+		"one": "%s branch",
+		"other": "%s branches"
+	},
+	"counters.n_tags": {
+		"one": "%s étiquettes",
+		"other": "%s étiquettes"
+	},
+	"counters.n_releases": {
+		"one": "%s publication",
+		"other": "%s publications"
+	},
 	"gpg.default_key": "Signé avec la clé par défaut",
 	"gpg.error.extract_sign": "Impossible d'extraire la signature",
 	"gpg.error.generate_hash": "Impossible de générer la chaine de hachage de la révision",
@@ -326,6 +342,23 @@
 	"migrate.gitbucket.description": "Migrer les données depuis des instances GitBucket.",
 	"migrate.codebase.description": "Migrer les données depuis codebasehq.com.",
 	"migrate.forgejo.description": "Migrer les données depuis codeberg.org ou une autre instance Forgejo.",
+	"migrate.items.label": "Éléments à migrer",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Jalons",
+	"migrate.items.labels": "Labels",
+	"migrate.items.issues": "Tickets",
+	"migrate.items.pull_requests": "Demandes d'ajout",
+	"migrate.items.merge_requests": "Demandes de fusion",
+	"migrate.items.releases": "Publications",
+	"migrate.in_progress.git": "Migration des données Git",
+	"migrate.in_progress.topics": "Migration des sujets",
+	"migrate.in_progress.milestones": "Migration des jalons",
+	"migrate.in_progress.labels": "Migration des labels",
+	"migrate.in_progress.releases": "Migration des publications",
+	"migrate.in_progress.issues": "Migration des tickets",
+	"migrate.in_progress.pulls": "Migration des demandes d'ajout",
+	"migrate.cancel.title": "Annuler la migration",
+	"migrate.cancel.confirmation": "Voulez-vous abandonner cette migration ?",
 	"admin.dashboard.remove_resolved_reports": "Supprimer les signalements résolus",
 	"admin.auths.allow_username_change": "Autoriser le changement de nom d'utilisateur",
 	"admin.auths.allow_username_change.description": "Autoriser les utilisateurs à changer leur nom d'utilisateur dans les paramètres du profil",
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index 4943232f8c..f41ecfb09f 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -151,6 +151,23 @@
 	"migrate.onedev.description": "Imirce sonraí ó code.onedev.io nó ó chásanna OneDev eile.",
 	"migrate.gitbucket.description": "Imirce sonraí ó chásanna GitBucket.",
 	"migrate.codebase.description": "Imirce sonraí ó codebasehq.com.",
+	"migrate.items.label": "Míreanna Imirce",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Clocha míle",
+	"migrate.items.labels": "Lipéid",
+	"migrate.items.issues": "Saincheisteanna",
+	"migrate.items.pull_requests": "Iarrataí Tarraing",
+	"migrate.items.merge_requests": "Iarrataí Cumaisc",
+	"migrate.items.releases": "Eisiúintí",
+	"migrate.in_progress.git": "Sonraí Git a Aimirce",
+	"migrate.in_progress.topics": "Ábhair Imirce",
+	"migrate.in_progress.milestones": "Clocha Míle a Imirce",
+	"migrate.in_progress.labels": "Lipéid Imirce",
+	"migrate.in_progress.releases": "Eisiúintí Imirce",
+	"migrate.in_progress.issues": "Saincheisteanna Imirce",
+	"migrate.in_progress.pulls": "Iarratais Tarraingthe á n-Imirce",
+	"migrate.cancel.title": "Cealaigh Imirce",
+	"migrate.cancel.confirmation": "Ar mhaith leat an imirce seo a chealú?",
 	"pulse.n_active_issues": {
 		"one": "%s saincheist ghníomhach",
 		"two": "%s saincheisteanna ghníomhach",
diff --git a/options/locale_next/locale_he.json b/options/locale_next/locale_he.json
index c06efd2497..3837b8a1de 100644
--- a/options/locale_next/locale_he.json
+++ b/options/locale_next/locale_he.json
@@ -18,6 +18,17 @@
 	"migrate.gitbucket.description": "יבוא מידע משרת GitBucket.",
 	"migrate.codebase.description": "ייבוא מידע מ־codebasehq.com.",
 	"migrate.forgejo.description": "ייבוא מידע מקודברג או שרת פורג'ו אחר.",
+	"migrate.items.wiki": "ויקי",
+	"migrate.items.milestones": "אבני דרך",
+	"migrate.items.labels": "תוויות",
+	"migrate.items.issues": "סוגיות",
+	"migrate.items.pull_requests": "בקשות מיזוג",
+	"migrate.items.releases": "גרסאות",
+	"migrate.in_progress.git": "ייבוא הקרפיף עצמו",
+	"migrate.in_progress.topics": "ייבוא נושאים",
+	"migrate.in_progress.milestones": "ייבוא אבני דרך",
+	"migrate.in_progress.labels": "ייבוא תוויות",
+	"migrate.in_progress.releases": "ייבוא גרסאות",
 	"home.welcome.no_activity": "אין פעילות",
 	"home.explore_users": "גלה משתמשים",
 	"home.explore_orgs": "גלה ארגונים",
diff --git a/options/locale_next/locale_hu-HU.json b/options/locale_next/locale_hu-HU.json
index 2b9b2b5181..f43220464c 100644
--- a/options/locale_next/locale_hu-HU.json
+++ b/options/locale_next/locale_hu-HU.json
@@ -1,4 +1,10 @@
 {
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Mérföldkövek",
+	"migrate.items.labels": "Címkék",
+	"migrate.items.issues": "Hibajegyek",
+	"migrate.items.pull_requests": "Pull request-ek",
+	"migrate.items.releases": "Kiadások",
 	"actions.runners.name": "Név",
 	"actions.runners.owner_type": "Típus",
 	"actions.runners.description": "Leírás",
diff --git a/options/locale_next/locale_id-ID.json b/options/locale_next/locale_id-ID.json
index 5f0ab19bf1..db7579d252 100644
--- a/options/locale_next/locale_id-ID.json
+++ b/options/locale_next/locale_id-ID.json
@@ -59,6 +59,12 @@
 	"migrate.gitbucket.description": "Migrasikan data dari instance GitBucket.",
 	"migrate.codebase.description": "Migrasikan data dari codebasehq.com.",
 	"migrate.forgejo.description": "Migrasikan data dari codeberg.org atau instance Forgejo lainnya.",
+	"migrate.items.label": "Ihwal Migrasi",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Tonggak",
+	"migrate.items.issues": "Masalah",
+	"migrate.items.pull_requests": "Tarik Permintaan",
+	"migrate.items.releases": "Rilis",
 	"repo.issue_indexer.title": "Indeks Masalah",
 	"search.milestone_kind": "Cari milestone…",
 	"repo.settings.push_mirror.branch_filter.label": "Filter cabang (opsional)",
diff --git a/options/locale_next/locale_is-IS.json b/options/locale_next/locale_is-IS.json
index ff203bc503..0b3dca401f 100644
--- a/options/locale_next/locale_is-IS.json
+++ b/options/locale_next/locale_is-IS.json
@@ -32,5 +32,13 @@
 	"packages.pypi.requires": "Þarfnast Python",
 	"repo.pulls.title_desc": "vill sameina %[1]d framlög frá <code>%[2]s</code> í <code id=\"%[4]s\">%[3]s</code>",
 	"migrate.git.description": "Flytja hugbúnaðarsafn aðeins frá Git þjónustu.",
+	"migrate.items.wiki": "Handbók",
+	"migrate.items.milestones": "Tímamót",
+	"migrate.items.labels": "Skýringar",
+	"migrate.items.issues": "Vandamál",
+	"migrate.items.pull_requests": "Sameiningarbeiðnir",
+	"migrate.items.merge_requests": "Sameiningarbeiðnir",
+	"migrate.items.releases": "Útgáfur",
+	"migrate.in_progress.labels": "Að færa Lýsingar",
 	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index f1fb401608..4380c58640 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s commit",
+		"other": "%s commit"
+	},
+	"counters.n_branches": {
+		"one": "%s ramo",
+		"other": "%s rami"
+	},
+	"counters.n_tags": {
+		"one": "%s etichetta",
+		"other": "%s etichette"
+	},
+	"counters.n_releases": {
+		"one": "%s rilascio",
+		"other": "%s rilasci"
+	},
 	"gpg.default_key": "Firmato con la chiave predefinita",
 	"gpg.error.extract_sign": "Impossibile ricavare la firma",
 	"gpg.error.generate_hash": "Impossibile generare hash del commit",
@@ -296,6 +312,23 @@
 	"migrate.gitbucket.description": "Migra i dati dalle istanze di GitBucket.",
 	"migrate.codebase.description": "Migrare i dati da codebasehq.com.",
 	"migrate.forgejo.description": "Migra dati da codeberg.org o da altre istanze Forgejo.",
+	"migrate.items.label": "Elementi di migrazione",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Traguardi",
+	"migrate.items.labels": "Etichette",
+	"migrate.items.issues": "Segnalazioni",
+	"migrate.items.pull_requests": "Richieste di modifica",
+	"migrate.items.merge_requests": "Richieste di fusione",
+	"migrate.items.releases": "Rilasci",
+	"migrate.in_progress.git": "Migrazione dei dati Git",
+	"migrate.in_progress.topics": "Migrazione degli argomenti",
+	"migrate.in_progress.milestones": "Migrazione dei traguardi",
+	"migrate.in_progress.labels": "Migrazione delle etichette",
+	"migrate.in_progress.releases": "Migrazione dei rilasci",
+	"migrate.in_progress.issues": "Migrazione delle segnalazioni",
+	"migrate.in_progress.pulls": "Migrazione delle richieste di modifica",
+	"migrate.cancel.title": "Annulla migrazione",
+	"migrate.cancel.confirmation": "Vuoi annullare questa migrazione?",
 	"repo.settings.push_mirror.branch_filter.label": "Filtro ramo (opzionale)",
 	"alert.range_error": " deve essere un numero tra %[1]s e %[2]s.",
 	"keys.gpg.link": "Chiavi GPG",
diff --git a/options/locale_next/locale_ja-JP.json b/options/locale_next/locale_ja-JP.json
index bc9038e648..5ad5f68868 100644
--- a/options/locale_next/locale_ja-JP.json
+++ b/options/locale_next/locale_ja-JP.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s のコミット",
+		"other": "%s のコミット"
+	},
+	"counters.n_branches": {
+		"one": "%s のブランチ",
+		"other": "%s のブランチ"
+	},
+	"counters.n_tags": {
+		"one": "%s のタグ",
+		"other": "%s のタグ"
+	},
+	"counters.n_releases": {
+		"one": "%s リリース",
+		"other": "%s リリース"
+	},
 	"actions.actions": "Actions",
 	"actions.status.unknown": "不明",
 	"actions.status.waiting": "待機中",
@@ -229,6 +245,23 @@
 	"migrate.gitbucket.description": "GitBucket インスタンスからデータを移行します。",
 	"migrate.codebase.description": "codebasehq.com からデータを移行します。",
 	"migrate.forgejo.description": "codeberg.orgまたは他のインスタンスからデータを移行する。",
+	"migrate.items.label": "移行する項目",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "マイルストーン",
+	"migrate.items.labels": "ラベル",
+	"migrate.items.issues": "イシュー",
+	"migrate.items.pull_requests": "プルリクエスト",
+	"migrate.items.merge_requests": "マージリクエスト",
+	"migrate.items.releases": "リリース",
+	"migrate.in_progress.git": "Gitデータ移行中",
+	"migrate.in_progress.topics": "トピック移行中",
+	"migrate.in_progress.milestones": "マイルストーン移行中",
+	"migrate.in_progress.labels": "ラベル移行中",
+	"migrate.in_progress.releases": "リリース移行中",
+	"migrate.in_progress.issues": "イシュー移行中",
+	"migrate.in_progress.pulls": "プルリクエスト移行中",
+	"migrate.cancel.title": "移行のキャンセル",
+	"migrate.cancel.confirmation": "この移行をキャンセルしますか？",
 	"pulse.n_active_issues": "%s件のアクティブなイシュー",
 	"pulse.n_active_prs": "%s件のアクティブなプルリクエスト",
 	"meta.last_line": " ",
diff --git a/options/locale_next/locale_ka.json b/options/locale_next/locale_ka.json
index 37fd5b4a8b..7f8a474f4e 100644
--- a/options/locale_next/locale_ka.json
+++ b/options/locale_next/locale_ka.json
@@ -1,4 +1,9 @@
 {
+	"migrate.items.wiki": "ვიკი",
+	"migrate.items.milestones": "მისაღწევი გეგმები",
+	"migrate.items.labels": "ჭდეები",
+	"migrate.items.issues": "პრობლემები",
+	"migrate.items.releases": "რელიზები",
 	"actions.actions": "ქმედებები",
 	"actions.status.unknown": "უცნობი",
 	"actions.status.waiting": "ველოდები",
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index e83f329d38..1b777db276 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -29,6 +29,9 @@
 	"admin.config.global_2fa_requirement.none": "Uhu",
 	"admin.config.global_2fa_requirement.admin": "Inedbalen",
 	"migrate.pagure.token_label": "Ajiṭun API n Pagure",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.labels": "Tibzimin",
+	"migrate.items.issues": "Uguren",
 	"home.explore_repos": "Snirem ikufan",
 	"home.explore_users": "Snirem iseqdacen",
 	"relativetime.1week": "dduṛt yezrin",
diff --git a/options/locale_next/locale_ko-KR.json b/options/locale_next/locale_ko-KR.json
index 08b746eba9..0c725dfef2 100644
--- a/options/locale_next/locale_ko-KR.json
+++ b/options/locale_next/locale_ko-KR.json
@@ -1,4 +1,9 @@
 {
+	"migrate.items.wiki": "위키",
+	"migrate.items.milestones": "마일스톤",
+	"migrate.items.issues": "이슈",
+	"migrate.items.pull_requests": "풀 리퀘스트",
+	"migrate.items.releases": "릴리즈",
 	"actions.runners.name": "이름",
 	"actions.runners.owner_type": "유형",
 	"actions.runners.description": "설명",
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 30b0ea23c4..3910315bd6 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s iesūtījums",
+		"other": "%s iesūtījumi"
+	},
+	"counters.n_branches": {
+		"one": "%s zars",
+		"other": "%s zari"
+	},
+	"counters.n_tags": {
+		"one": "%s birka",
+		"other": "%s birkas"
+	},
+	"counters.n_releases": {
+		"one": "%s laidiens",
+		"other": "%s laidieni"
+	},
 	"gpg.default_key": "Parakstīts ar noklusējuma atslēgu",
 	"gpg.error.extract_sign": "Neizdevās izgūt parakstu",
 	"gpg.error.generate_hash": "Neizdevās izveidot iesūtījuma jaucējkodu",
@@ -333,6 +349,23 @@
 	"migrate.gitbucket.description": "Pārcelt datus no GitBucket serveriem.",
 	"migrate.codebase.description": "Pārcelt datus no codebasehq.com.",
 	"migrate.forgejo.description": "Pārcelt datus no codeberg.org vai citiem Fogejo serveriem.",
+	"migrate.items.label": "Pārcelšanas vienumi",
+	"migrate.items.wiki": "Vikivietni",
+	"migrate.items.milestones": "Atskaites punktus",
+	"migrate.items.labels": "Iezīmes",
+	"migrate.items.issues": "Pieteikumi",
+	"migrate.items.pull_requests": "Izmaiņu pieprasījumus",
+	"migrate.items.merge_requests": "Iekļaušanas pieprasījumi",
+	"migrate.items.releases": "Laidienus",
+	"migrate.in_progress.git": "Pārceļ Git datus",
+	"migrate.in_progress.topics": "Pārceļ tēmas",
+	"migrate.in_progress.milestones": "Pārceļ atskaites punktus",
+	"migrate.in_progress.labels": "Pārceļ iezīmes",
+	"migrate.in_progress.releases": "Pārceļ laidienus",
+	"migrate.in_progress.issues": "Pārnes pieteikumus",
+	"migrate.in_progress.pulls": "Pārceļ izmaiņu pieprasījumus",
+	"migrate.cancel.title": "Atcelt pārcelšanu",
+	"migrate.cancel.confirmation": "Vai atcelt šo pārcelšanu?",
 	"repo.pulls.already_merged": "Apvienošana neizdevās: šis izmaiņu pieprasījums jau ir iekļauts.",
 	"admin.config.security": "Drošības konfigurācija",
 	"settings.twofa_reenroll.description": "Atkārtoti ieslēgt savu divpakāpju autentificēšanos",
diff --git a/options/locale_next/locale_ml-IN.json b/options/locale_next/locale_ml-IN.json
index e1940e1e14..c960db3be9 100644
--- a/options/locale_next/locale_ml-IN.json
+++ b/options/locale_next/locale_ml-IN.json
@@ -1,3 +1,10 @@
 {
+	"migrate.items.label": "മൈഗ്രേഷൻ ഇനങ്ങൾ",
+	"migrate.items.wiki": "വിക്കി",
+	"migrate.items.milestones": "നാഴികക്കല്ലുകള്‍",
+	"migrate.items.labels": "ലേബലുകള്‍",
+	"migrate.items.issues": "പ്രശ്നങ്ങൾ",
+	"migrate.items.pull_requests": "ലയന അഭ്യർത്ഥനകൾ",
+	"migrate.items.releases": "പ്രസിദ്ധീകരണങ്ങള്‍",
 	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_nb_NO.json b/options/locale_next/locale_nb_NO.json
index 3fe643bf12..d18da5792b 100644
--- a/options/locale_next/locale_nb_NO.json
+++ b/options/locale_next/locale_nb_NO.json
@@ -144,6 +144,7 @@
 	"migrate.gitbucket.description": "Migrer data fra GitBucket instanser.",
 	"migrate.codebase.description": "Migrer data fra codebasehq.com.",
 	"migrate.forgejo.description": "Migrer data fra codeberg.org eller andre Forgejo instanser.",
+	"migrate.items.releases": "Utgivelser",
 	"search.syntax": "Søkesyntaks",
 	"search.fuzzy": "Fuzzy",
 	"search.fuzzy_tooltip": "Inkluder resultater som er omtrent like søkeordet",
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 5806fe1eeb..d409733f59 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s Kommitteren",
+		"other": "%s Kommitterens"
+	},
+	"counters.n_branches": {
+		"one": "%s Twieg",
+		"other": "%s Twiegen"
+	},
+	"counters.n_tags": {
+		"one": "%s Mark",
+		"other": "%s Markens"
+	},
+	"counters.n_releases": {
+		"one": "%s Publizeren",
+		"other": "%s Publizerens"
+	},
 	"gpg.default_key": "Mit normaalem Slötel unnerschrieven",
 	"gpg.error.extract_sign": "Kunn Unnerschrift nich uttrecken",
 	"gpg.error.generate_hash": "Kunn Prüfsumm vum Kommitteren nich bereken",
@@ -323,6 +339,23 @@
 	"migrate.gitbucket.description": "Daten vun GitBucket-Instanzen umtrecken.",
 	"migrate.codebase.description": "Daten vun codebasehq.com umtrecken.",
 	"migrate.forgejo.description": "Daten vun codeberg.org of anner Forgejo-Instanzen umtrecken.",
+	"migrate.items.label": "Umtreck-Dingen",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Markstenen",
+	"migrate.items.labels": "Vermarkens",
+	"migrate.items.issues": "Gefallens",
+	"migrate.items.pull_requests": "Haalvörslagen",
+	"migrate.items.merge_requests": "Tosamenföhren-Vörslagen",
+	"migrate.items.releases": "Publizerens",
+	"migrate.in_progress.git": "Git-Daten worden umtrucken",
+	"migrate.in_progress.topics": "Themen worden umtrucken",
+	"migrate.in_progress.milestones": "Markstenen worden umtrucken",
+	"migrate.in_progress.labels": "Vermarkens worden umtrucken",
+	"migrate.in_progress.releases": "Publizerens worden umtrucken",
+	"migrate.in_progress.issues": "Gefallens worden umtrucken",
+	"migrate.in_progress.pulls": "Haalvörslagen worden umtrucken",
+	"migrate.cancel.title": "Umtreck ofbreken",
+	"migrate.cancel.confirmation": "Willst du deesen Umtreck ofbreken?",
 	"admin.config.security": "Sekerheids-Instellens",
 	"admin.config.global_2fa_requirement.all": "All Brukers",
 	"error.must_enable_2fa": "Deese Forgejo-Instanz verlangt, dat Brukers Twee-Faktooren-Anmellen anknipsen, ehr se up hör Konten togriepen könen. Knips dat hier an: %s",
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index f740233d69..c824dd23fc 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s commit",
+		"other": "%s commits"
+	},
+	"counters.n_branches": {
+		"one": "%s branch",
+		"other": "%s branches"
+	},
+	"counters.n_tags": {
+		"one": "%s tag",
+		"other": "%s tags"
+	},
+	"counters.n_releases": {
+		"one": "%s release",
+		"other": "%s releases"
+	},
 	"gpg.default_key": "Ondertekend met standaard sleutel",
 	"gpg.error.extract_sign": "Handtekening uitpakken mislukt",
 	"gpg.error.generate_hash": "Genereren van commit hash mislukt",
@@ -323,6 +339,23 @@
 	"migrate.gitbucket.description": "Gegevens migreren van GitBucket instanties.",
 	"migrate.codebase.description": "Gegevens migreren van codebasehq.com.",
 	"migrate.forgejo.description": "Migreer data van codeberg.org of andere Forgejo instanties.",
+	"migrate.items.label": "Migratie items",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Mijlpalen",
+	"migrate.items.labels": "Labels",
+	"migrate.items.issues": "Issues",
+	"migrate.items.pull_requests": "Pull requests",
+	"migrate.items.merge_requests": "Samenvoeg verzoeken",
+	"migrate.items.releases": "Releases",
+	"migrate.in_progress.git": "Git gegevens migreren",
+	"migrate.in_progress.topics": "Onderwerpen migreren",
+	"migrate.in_progress.milestones": "Mijlpalen migreren",
+	"migrate.in_progress.labels": "Labels migreren",
+	"migrate.in_progress.releases": "Releases migreren",
+	"migrate.in_progress.issues": "Issues migreren",
+	"migrate.in_progress.pulls": "Pull requests migreren",
+	"migrate.cancel.title": "Annuleer migratie",
+	"migrate.cancel.confirmation": "Wil je deze migratie annuleren?",
 	"settings.twofa_unroll_unavailable": "Tweefactorauthenticatie is vereist voor uw account en kan niet worden uitgeschakeld.",
 	"admin.config.security": "Beveiligingsconfiguratie",
 	"admin.config.global_2fa_requirement.title": "Globale vereiste van tweefactorauthenticatie",
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index 4f74217753..08f6f99c96 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s commit",
+		"many": "%s commity"
+	},
+	"counters.n_branches": {
+		"one": "%s gałąź",
+		"many": "%s gałęzie"
+	},
+	"counters.n_tags": {
+		"one": "%s tag",
+		"many": "%s tagi"
+	},
+	"counters.n_releases": {
+		"one": "%s wydanie",
+		"many": "%s wydań"
+	},
 	"gpg.default_key": "Podpisano domyślnym kluczem",
 	"gpg.error.extract_sign": "Nie udało się wyłuskać podpisu",
 	"gpg.error.generate_hash": "Nie udało się wygenerować skrótu dla commitu",
@@ -236,6 +252,23 @@
 	"migrate.gitbucket.description": "Migruj dane z instancji GitBucket.",
 	"migrate.codebase.description": "Migracja danych z codebasehq.com.",
 	"migrate.forgejo.description": "Migruj dane z codeberg.org lub innych instancji Forgejo.",
+	"migrate.items.label": "Elementy migracji",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Kamienie milowe",
+	"migrate.items.labels": "Etykiety",
+	"migrate.items.issues": "Zgłoszenia",
+	"migrate.items.pull_requests": "Pull requesty",
+	"migrate.items.merge_requests": "Requesty scalające",
+	"migrate.items.releases": "Wydania",
+	"migrate.in_progress.git": "Migracja danych Git",
+	"migrate.in_progress.topics": "Migracja tematów",
+	"migrate.in_progress.milestones": "Migracja kamieni milowych",
+	"migrate.in_progress.labels": "Migracja etykiet",
+	"migrate.in_progress.releases": "Migracja wydań",
+	"migrate.in_progress.issues": "Migracja zgłoszeń",
+	"migrate.in_progress.pulls": "Migracja pull requestów",
+	"migrate.cancel.title": "Anuluj migrację",
+	"migrate.cancel.confirmation": "Czy chcesz anulować tę migrację?",
 	"relativetime.hours": {
 		"one": "godzinę temu",
 		"few": "%d godziny temu",
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index e9ef391e49..ab46f4b038 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s commit",
+		"other": "%s commits"
+	},
+	"counters.n_branches": {
+		"one": "%s ramo",
+		"other": "%s ramos"
+	},
+	"counters.n_tags": {
+		"one": "%s etiqueta",
+		"other": "%s etiquetas"
+	},
+	"counters.n_releases": {
+		"one": "%s versão",
+		"other": "%s versões"
+	},
 	"gpg.default_key": "Assinado com a chave padrão",
 	"gpg.error.extract_sign": "Falha ao extrair assinatura",
 	"gpg.error.generate_hash": "Falha ao gerar hash de commit",
@@ -328,6 +344,23 @@
 	"migrate.gitbucket.description": "Migrar dados de instâncias do GitBucket.",
 	"migrate.codebase.description": "Migrar dados de codebasehq.com.",
 	"migrate.forgejo.description": "Migrar dados do codeberg.org ou outras servidores Forgejo.",
+	"migrate.items.label": "Itens da migração",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Marcos",
+	"migrate.items.labels": "Etiquetas",
+	"migrate.items.issues": "Issues",
+	"migrate.items.pull_requests": "Propostas de revisão",
+	"migrate.items.merge_requests": "Pedidos de merge",
+	"migrate.items.releases": "Versões",
+	"migrate.in_progress.git": "Migrando dados Git",
+	"migrate.in_progress.topics": "Migrando tópicos",
+	"migrate.in_progress.milestones": "Migrando marcos",
+	"migrate.in_progress.labels": "Migrando rótulos",
+	"migrate.in_progress.releases": "Migrando releases",
+	"migrate.in_progress.issues": "Migrando issues",
+	"migrate.in_progress.pulls": "Migrando propostas de revisão",
+	"migrate.cancel.title": "Cancelar migração",
+	"migrate.cancel.confirmation": "Você quer cancelar essa migração?",
 	"warning.repository.out_of_sync": "A representação deste repositório no banco de dados está fora de sincronia. Se este aviso ainda aparecer após fazer push de um commit para este repositório, contate o administrador.",
 	"repo.pulls.already_merged": "Mescla falhou: Este pull request já foi mesclado.",
 	"migrate.pagure.incorrect_url": "Uma URL incorreta do repositório fonte foi fornecida",
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index f3a6c5c9ff..0b1177271d 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s cometimento",
+		"other": "%s cometimentos"
+	},
+	"counters.n_branches": {
+		"one": "%s ramo",
+		"other": "%s ramos"
+	},
+	"counters.n_tags": {
+		"one": "%s etiqueta",
+		"other": "%s etiquetas"
+	},
+	"counters.n_releases": {
+		"one": "%s lançamento",
+		"other": "%s lançamentos"
+	},
 	"gpg.default_key": "Assinado com a chave padrão",
 	"gpg.error.extract_sign": "Falhou ao extrair a assinatura",
 	"gpg.error.generate_hash": "Falhou ao gerar o <i>hash</i> do cometimento",
@@ -345,6 +361,23 @@
 	"migrate.codebase.description": "Migrar dados de codebasehq.com.",
 	"migrate.forgejo.description": "Migrar dados de codeberg.org ou de outras instâncias Forgejo.",
 	"migrate.form.error.url_credentials": "O URL contém credenciais, insira-as nos campos do nome de utilizador e palavra-passe, respetivamente",
+	"migrate.items.label": "Itens da migração",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Etapas",
+	"migrate.items.labels": "Rótulos",
+	"migrate.items.issues": "Questões",
+	"migrate.items.pull_requests": "Pedidos de integração",
+	"migrate.items.merge_requests": "Pedidos de integração",
+	"migrate.items.releases": "Lançamentos",
+	"migrate.in_progress.git": "Migrando dados Git",
+	"migrate.in_progress.topics": "Migrando tópicos",
+	"migrate.in_progress.milestones": "Migrando etapas",
+	"migrate.in_progress.labels": "Migrando rótulos",
+	"migrate.in_progress.releases": "Migrando lançamentos",
+	"migrate.in_progress.issues": "Migrando questões",
+	"migrate.in_progress.pulls": "Migrando pedidos de integração",
+	"migrate.cancel.title": "Cancelar migração",
+	"migrate.cancel.confirmation": "Quer cancelar esta migração?",
 	"user.ghost.tooltip": "Este utilizador foi eliminado ou não é possível encontrar uma correspondência.",
 	"actions.runs.run_attempt_label": "Tentativa de execução #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Está a visualizar uma execução desatualizada deste trabalho que foi executado %[1]s.",
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 9009203114..5837e7d425 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s коммит",
+		"many": "%s коммитов"
+	},
+	"counters.n_branches": {
+		"one": "%s ветвь",
+		"many": "%s ветвей"
+	},
+	"counters.n_tags": {
+		"one": "%s тег",
+		"many": "%s тегов"
+	},
+	"counters.n_releases": {
+		"one": "%s выпуск",
+		"many": "%s выпусков"
+	},
 	"gpg.default_key": "Подписано ключом по умолчанию",
 	"gpg.error.extract_sign": "Не удалось извлечь подпись",
 	"gpg.error.generate_hash": "Не удалось создать хеш коммита",
@@ -344,6 +360,23 @@
 	"migrate.gitbucket.description": "Перенести данные с сервера GitBucket.",
 	"migrate.codebase.description": "Перенести данные с codebasehq.com.",
 	"migrate.forgejo.description": "Перенести данные с codeberg.org или другого сервера Forgejo.",
+	"migrate.items.label": "Переносимые элементы",
+	"migrate.items.wiki": "Вики",
+	"migrate.items.milestones": "Этапы",
+	"migrate.items.labels": "Метки",
+	"migrate.items.issues": "Задачи",
+	"migrate.items.pull_requests": "Запросы на слияние",
+	"migrate.items.merge_requests": "Запросы на слияние",
+	"migrate.items.releases": "Выпуски",
+	"migrate.in_progress.git": "Перенос данных Git",
+	"migrate.in_progress.topics": "Перенос тем",
+	"migrate.in_progress.milestones": "Перенос этапов",
+	"migrate.in_progress.labels": "Перенос меток",
+	"migrate.in_progress.releases": "Перенос выпусков",
+	"migrate.in_progress.issues": "Перенос задач",
+	"migrate.in_progress.pulls": "Перенос запросов на слияние",
+	"migrate.cancel.title": "Отменить перенос",
+	"migrate.cancel.confirmation": "Вы хотите отменить перенос?",
 	"user.ghost.tooltip": "Пользователь удалён или неизвестен.",
 	"migrate.form.error.url_credentials": "Ссылка содержит данные авторизации. Поместите их в соответствующие поля",
 	"actions.runs.run_attempt_label": "Попытка №%[1]s (%[2]s)",
diff --git a/options/locale_next/locale_si-LK.json b/options/locale_next/locale_si-LK.json
index 42f249b0a8..b8cb8a863a 100644
--- a/options/locale_next/locale_si-LK.json
+++ b/options/locale_next/locale_si-LK.json
@@ -24,6 +24,21 @@
 	"migrate.gogs.description": "notabug.org හෝ වෙනත් Gogs අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
 	"migrate.onedev.description": "code.onedev.io හෝ වෙනත් OnedeV අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
 	"migrate.gitbucket.description": "GitBucket අවස්ථා වලින් දත්ත සංක්රමණය කරන්න.",
+	"migrate.items.label": "සංක්රමණ අයිතම",
+	"migrate.items.wiki": "විකි",
+	"migrate.items.milestones": "සන්ධිස්ථාන",
+	"migrate.items.labels": "ලේබල",
+	"migrate.items.issues": "ගැටළු",
+	"migrate.items.pull_requests": "ඉල්ලීම් අදින්න",
+	"migrate.items.merge_requests": "සංයුක්ත කිරීමේ ඉල්ලීම්",
+	"migrate.items.releases": "නිකුතු",
+	"migrate.in_progress.git": "Git දත්ත සංක්රමණය",
+	"migrate.in_progress.topics": "සංක්රමණය මාතෘකා",
+	"migrate.in_progress.milestones": "සංක්රමික සන්ධිස්ථාන",
+	"migrate.in_progress.labels": "සංක්රමණය ලේබල",
+	"migrate.in_progress.releases": "සංක්රමණ නිකුතු",
+	"migrate.in_progress.issues": "සංක්රමණ ගැටළු",
+	"migrate.in_progress.pulls": "අදින්න ඉල්ලීම් සංක්රමණය",
 	"pulse.n_active_issues": {
 		"one": "%s ක්රියාකාරී නිකුතුව",
 		"other": "%s ක්රියාකාරී ගැටළු"
diff --git a/options/locale_next/locale_sk-SK.json b/options/locale_next/locale_sk-SK.json
index 2844fd9645..4be4418e1a 100644
--- a/options/locale_next/locale_sk-SK.json
+++ b/options/locale_next/locale_sk-SK.json
@@ -113,6 +113,11 @@
 	"migrate.onedev.description": "Migrovať dáta z code.onedev.io alebo iných inštancií OneDev.",
 	"migrate.gitbucket.description": "Migrovať dáta z inštancií GitBucket.",
 	"migrate.codebase.description": "Migrovať dáta z codebasehq.com.",
+	"migrate.items.label": "Položky migrácie",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Míľniky",
+	"migrate.items.labels": "Štítky",
+	"migrate.items.pull_requests": "Pull requesty",
 	"repo.pulls.title_desc": {
 		"one": "je potrebné zlúčiť %[1]d revíziu z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>",
 		"few": "je potrebné zlúčiť %[1]d revízie z <code>%[2]s</code> do <code id=\"%[4]s\">%[3]s</code>",
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index af72a4c8f8..90e27fb73a 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s incheckning",
+		"other": "%s incheckningar"
+	},
+	"counters.n_branches": {
+		"one": "%s gren",
+		"other": "%s grenar"
+	},
+	"counters.n_tags": {
+		"one": "%s tagg",
+		"other": "%s taggar"
+	},
+	"counters.n_releases": {
+		"one": "%s utgåva",
+		"other": "%s utgåvor"
+	},
 	"gpg.default_key": "Signerad med standardnyckeln",
 	"gpg.error.extract_sign": "Det gick inte att extrahera signatur",
 	"gpg.error.generate_hash": "Misslyckades att generera en hashsumma för incheckningen",
@@ -304,6 +320,23 @@
 	"migrate.gitbucket.description": "Migrera data från GitBucket-instans.",
 	"migrate.codebase.description": "Migrera data från codebasehq.com.",
 	"migrate.forgejo.description": "Migrera data från codeberg.org eller annan Forgejo-instans.",
+	"migrate.items.label": "Migrationsobjekt",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Milstolpar",
+	"migrate.items.labels": "Etiketter",
+	"migrate.items.issues": "Ärenden",
+	"migrate.items.pull_requests": "Ändringsförfrågningar",
+	"migrate.items.merge_requests": "Ändringsförfrågningar",
+	"migrate.items.releases": "Utgåvor",
+	"migrate.in_progress.git": "Migrerar Git-data",
+	"migrate.in_progress.topics": "Migrerar ämnen",
+	"migrate.in_progress.milestones": "Migrerar milstolpar",
+	"migrate.in_progress.labels": "Migrerar etiketter",
+	"migrate.in_progress.releases": "Migrerar utgåvor",
+	"migrate.in_progress.issues": "Migrerar ärenden",
+	"migrate.in_progress.pulls": "Migrerar ändringsförfrågningar",
+	"migrate.cancel.title": "Avbryt migrering",
+	"migrate.cancel.confirmation": "Vill du avbryta denna migrering?",
 	"repo.settings.push_mirror.branch_filter.label": "Grenfilter (frivilligt)",
 	"repo.settings.push_mirror.branch_filter.description": "Grenar att speglas. Lämna tom för att spegla alla grenar. Se <a href=\"%[1]s\">%[2]s dokumentation</a> för syntax. Exempel: <code>main, release/*</code>",
 	"admin.moderation.moderation_reports": "Modereringsrapporter",
diff --git a/options/locale_next/locale_ta.json b/options/locale_next/locale_ta.json
index 3b9b69d2f6..03aae7e0ef 100644
--- a/options/locale_next/locale_ta.json
+++ b/options/locale_next/locale_ta.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s உறுதி",
+		"other": "%s உறுதியளிக்கிறது"
+	},
+	"counters.n_branches": {
+		"one": "%s கிளை",
+		"other": "%s கிளைகள்"
+	},
+	"counters.n_tags": {
+		"one": "%s குறிச்சொல்",
+		"other": "%s குறிச்சொற்கள்"
+	},
+	"counters.n_releases": {
+		"one": "%s வெளியீடு",
+		"other": "%s வெளியீடுகள்"
+	},
 	"gpg.default_key": "இயல்புநிலை விசையுடன் கையொப்பமிடப்பட்டது",
 	"gpg.error.extract_sign": "கையொப்பத்தைப் பிரித்தெடுக்க முடியவில்லை",
 	"gpg.error.generate_hash": "உறுதியின் ஆச் உருவாக்க முடியவில்லை",
@@ -257,6 +273,23 @@
 	"migrate.gitbucket.description": "GitBucket நிகழ்வுகளிலிருந்து தரவை நகர்த்தவும்.",
 	"migrate.codebase.description": "codebasehq.com இலிருந்து தரவை நகர்த்தவும்.",
 	"migrate.forgejo.description": "codeberg.org அல்லது பிற Forgejo நிகழ்வுகளில் இருந்து தரவை நகர்த்தவும்.",
+	"migrate.items.label": "இடம்பெயர்வு பொருட்கள்",
+	"migrate.items.wiki": "விக்கி",
+	"migrate.items.milestones": "மைல்கற்கள்",
+	"migrate.items.labels": "சிட்டைகள்",
+	"migrate.items.issues": "சிக்கல்கள்",
+	"migrate.items.pull_requests": "கோரிக்கைகளை இழுக்கவும்",
+	"migrate.items.merge_requests": "கோரிக்கைகளை ஒன்றிணைக்கவும்",
+	"migrate.items.releases": "வெளியிடுகிறது",
+	"migrate.in_progress.git": "Git தரவை நகர்த்துகிறது",
+	"migrate.in_progress.topics": "இடம்பெயர்ந்த தலைப்புகள்",
+	"migrate.in_progress.milestones": "இடம்பெயரும் மைல்கற்கள்",
+	"migrate.in_progress.labels": "இடம்பெயர்தல் லேபிள்கள்",
+	"migrate.in_progress.releases": "இடம்பெயர்ந்த வெளியீடுகள்",
+	"migrate.in_progress.issues": "இடம்பெயர்வு பிரச்சினைகள்",
+	"migrate.in_progress.pulls": "இழுக்கும் கோரிக்கைகளை நகர்த்துகிறது",
+	"migrate.cancel.title": "இடம்பெயர்வை நீக்கறல்",
+	"migrate.cancel.confirmation": "இந்த இடம்பெயர்வை ரத்துசெய்ய விரும்புகிறீர்களா?",
 	"repo.issue_indexer.title": "வெளியீட்டு அட்டவணை",
 	"search.milestone_kind": "மைல்கற்களைத் தேடு…",
 	"repo.settings.push_mirror.branch_filter.label": "கிளை வடிகட்டி (விரும்பினால்)",
diff --git a/options/locale_next/locale_th.json b/options/locale_next/locale_th.json
index a0bad37ae5..01dcb1522a 100644
--- a/options/locale_next/locale_th.json
+++ b/options/locale_next/locale_th.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s คอมมิต",
+		"other": "%s คอมมิต"
+	},
+	"counters.n_branches": {
+		"one": "%s สาขา",
+		"other": "%s สาขา"
+	},
+	"counters.n_tags": {
+		"one": "%s แท็ก",
+		"other": "%s แท็ก"
+	},
+	"counters.n_releases": {
+		"one": "%s รีลีส",
+		"other": "%s รีลีส"
+	},
 	"gpg.default_key": "ลงนามด้วยคีย์เริ่มต้น",
 	"gpg.error.extract_sign": "ไม่สามารถแยกข้อมูลลายเซ็นได้",
 	"gpg.error.generate_hash": "ไม่สามารถสร้างแฮชของคอมมิตได้",
@@ -224,6 +240,23 @@
 	"migrate.gitbucket.description": "ย้ายข้อมูลจากอินสแตนซ์ GitBucket",
 	"migrate.codebase.description": "ย้ายข้อมูลจาก codebasehq.com",
 	"migrate.forgejo.description": "ย้ายข้อมูลจาก codeberg.org หรืออินสแตนซ์ Forgejo อื่นๆ",
+	"migrate.items.label": "รายการการย้าย",
+	"migrate.items.wiki": "วิกิ",
+	"migrate.items.milestones": "เหตุการณ์สำคัญ",
+	"migrate.items.labels": "ป้ายกำกับ",
+	"migrate.items.issues": "ปัญหา",
+	"migrate.items.pull_requests": "คำขอดึง",
+	"migrate.items.merge_requests": "คำขอผสาน",
+	"migrate.items.releases": "รีลีส",
+	"migrate.in_progress.git": "กำลังย้ายข้อมูล Git",
+	"migrate.in_progress.topics": "กำลังย้ายหัวข้อ",
+	"migrate.in_progress.milestones": "กำลังย้ายเหตุการณ์สำคัญ",
+	"migrate.in_progress.labels": "กำลังย้ายป้ายกำกับ",
+	"migrate.in_progress.releases": "กำลังย้ายรีลีส",
+	"migrate.in_progress.issues": "กำลังย้ายปัญหา",
+	"migrate.in_progress.pulls": "กำลังย้ายคำขอดึง",
+	"migrate.cancel.title": "ยกเลิกการย้าย",
+	"migrate.cancel.confirmation": "คุณต้องการยกเลิกการย้ายนี้หรือไม่?",
 	"repo.issue_indexer.title": "ตัวจัดทำดัชนี Issue",
 	"search.milestone_kind": "ค้นหาเหตุการณ์สำคัญ…",
 	"repo.settings.push_mirror.branch_filter.label": "ตัวกรองสาขา (ไม่บังคับ)",
diff --git a/options/locale_next/locale_tr-TR.json b/options/locale_next/locale_tr-TR.json
index c55ece68a6..2c11db6ff4 100644
--- a/options/locale_next/locale_tr-TR.json
+++ b/options/locale_next/locale_tr-TR.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s katkı",
+		"other": "%s gönderi"
+	},
+	"counters.n_branches": {
+		"one": "%s dal",
+		"other": "%s dal"
+	},
+	"counters.n_tags": {
+		"one": "%s etiket",
+		"other": "%s etiket"
+	},
+	"counters.n_releases": {
+		"one": "%s sürüm",
+		"other": "%s sürüm"
+	},
 	"gpg.default_key": "Varsayılan anahtarla imzalanmış",
 	"gpg.error.extract_sign": "İmza çıkarılamadı",
 	"gpg.error.generate_hash": "İşlemenin sağlama kodu oluşturulamadı",
@@ -186,6 +202,23 @@
 	"migrate.onedev.description": "code.onedev.io veya diğer OneDev oluşumlarından veri aktar.",
 	"migrate.gitbucket.description": "GitBucket oluşumlarından veri aktar.",
 	"migrate.codebase.description": "codebasehq.com'dan veri aktar.",
+	"migrate.items.label": "Taşıma öğeleri",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "Kilometre Taşları",
+	"migrate.items.labels": "Etiketler",
+	"migrate.items.issues": "Konular",
+	"migrate.items.pull_requests": "Birleştirme istekleri",
+	"migrate.items.merge_requests": "Birleştirme istekleri",
+	"migrate.items.releases": "Sürümler",
+	"migrate.in_progress.git": "Git Verilerini Taşıma",
+	"migrate.in_progress.topics": "Konuları taşıma",
+	"migrate.in_progress.milestones": "Kilometre Taşlarını Taşıma",
+	"migrate.in_progress.labels": "Etiketleri Taşıma",
+	"migrate.in_progress.releases": "Sürümleri Taşıma",
+	"migrate.in_progress.issues": "Konuları Taşıma",
+	"migrate.in_progress.pulls": "Değişiklik İsteklerini Taşıma",
+	"migrate.cancel.title": "Göçü iptal et",
+	"migrate.cancel.confirmation": "Bu göçü iptal etmek istiyor musunuz?",
 	"pulse.n_active_issues": {
 		"one": "%s aktif sorun",
 		"other": "%s aktif sorun"
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index e2b90565ab..d58c1dbd76 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s коміт",
+		"many": "%s комітів"
+	},
+	"counters.n_branches": {
+		"one": "%s гілка",
+		"many": "%s гілок"
+	},
+	"counters.n_tags": {
+		"one": "%s тег",
+		"many": "%s тегів"
+	},
+	"counters.n_releases": {
+		"one": "%s випуск",
+		"many": "%s випусків"
+	},
 	"gpg.default_key": "Підписано типовим ключем",
 	"gpg.error.extract_sign": "Не вдалося витягти підпис",
 	"gpg.error.generate_hash": "Не вдалося згенерувати хеш коміту",
@@ -334,6 +350,23 @@
 	"migrate.gitbucket.description": "Перенести дані з екземплярів GitBucket.",
 	"migrate.codebase.description": "Перенести дані з codebasehq.com.",
 	"migrate.forgejo.description": "Перенести дані з codeberg.org або інших екземплярів Forgejo.",
+	"migrate.items.label": "Елементи для перенесення",
+	"migrate.items.wiki": "Вікі",
+	"migrate.items.milestones": "Етапи",
+	"migrate.items.labels": "Мітки",
+	"migrate.items.issues": "Задачі",
+	"migrate.items.pull_requests": "Запити на злиття",
+	"migrate.items.merge_requests": "Запити на об’єднання",
+	"migrate.items.releases": "Випуски",
+	"migrate.in_progress.git": "Перенесення даних Git",
+	"migrate.in_progress.topics": "Перенесення тем",
+	"migrate.in_progress.milestones": "Перенесення етапів",
+	"migrate.in_progress.labels": "Перенесення міток",
+	"migrate.in_progress.releases": "Перенесення випусків",
+	"migrate.in_progress.issues": "Перенесення задач",
+	"migrate.in_progress.pulls": "Перенесення запитів на злиття",
+	"migrate.cancel.title": "Скасувати перенесення",
+	"migrate.cancel.confirmation": "Бажаєте скасувати перенесення?",
 	"settings.must_enable_2fa": "На цьому екземплярі Forgejo для доступу до облікового запису вам необхідно захистити його двофакторною автентифікацією.",
 	"error.must_enable_2fa": "На цьому екземплярі Forgejo для доступу до облікового запису вам необхідно захистити його двофакторною автентифікацією. Увімкніть її тут: %s",
 	"admin.config.global_2fa_requirement.none": "Немає",
diff --git a/options/locale_next/locale_vi.json b/options/locale_next/locale_vi.json
index dee83ccaa0..79148e1fee 100644
--- a/options/locale_next/locale_vi.json
+++ b/options/locale_next/locale_vi.json
@@ -1,4 +1,16 @@
 {
+	"counters.n_branches": {
+		"one": "%s nhánh",
+		"other": "%s nhánh"
+	},
+	"counters.n_tags": {
+		"one": "%s nhãn",
+		"other": "%s nhãn"
+	},
+	"counters.n_releases": {
+		"one": "%s bản phát hành",
+		"other": "%s bản phát hành"
+	},
 	"packages.filter.container.tagged": "Được gắn nhãn",
 	"packages.filter.container.untagged": "Không được gắn nhãn",
 	"packages.details.project_site": "Trang mạng dự án",
@@ -30,6 +42,21 @@
 	"migrate.form.error.url_credentials": "URL có chứa thông tin đăng nhập, điền chúng vào các ô tên người dùng và mật khẩu tương ứng",
 	"migrate.github.description": "Nhập dữ liệu từ github.com hoặc máy chủ GitHub Enterprise.",
 	"migrate.git.description": "Chỉ nhập kho mã từ dịch vụ Git bất kì.",
+	"migrate.items.milestones": "Cột mốc",
+	"migrate.items.labels": "Nhãn",
+	"migrate.items.issues": "Vấn đề",
+	"migrate.items.pull_requests": "Yêu cầu kéo",
+	"migrate.items.merge_requests": "Yêu cầu hợp",
+	"migrate.items.releases": "Bản phát hành",
+	"migrate.in_progress.git": "Đang nhập dữ liệu Git",
+	"migrate.in_progress.topics": "Đang nhập các chủ đề",
+	"migrate.in_progress.milestones": "Đang nhập các cột mốc",
+	"migrate.in_progress.labels": "Đang nhập các nhãn",
+	"migrate.in_progress.releases": "Đang nhập các bản phát hành",
+	"migrate.in_progress.issues": "Đang nhập các vấn đề",
+	"migrate.in_progress.pulls": "Đang nhập các yêu cầu kéo",
+	"migrate.cancel.title": "Huỷ nhập",
+	"migrate.cancel.confirmation": "Bạn có muốn huỷ nhập không?",
 	"home.explore_repos": "Khám phá kho mã",
 	"stars.list.none": "Chưa ai tặng sao cho kho mã này.",
 	"watch.list.none": "Không có ai đang theo dõi kho mã này.",
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index f8591727b8..fc00da3eb7 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s提交",
+		"other": "%s提交"
+	},
+	"counters.n_branches": {
+		"one": "%s分支",
+		"other": "%s分支"
+	},
+	"counters.n_tags": {
+		"one": "%s标签",
+		"other": "%s标签"
+	},
+	"counters.n_releases": {
+		"one": "%s版本发布",
+		"other": "%s版本发布"
+	},
 	"gpg.default_key": "使用默认密钥签名",
 	"gpg.error.extract_sign": "无法提取签名",
 	"gpg.error.generate_hash": "无法生成提交散列",
@@ -284,6 +300,23 @@
 	"migrate.gitbucket.description": "从GitBucket实例迁移数据。",
 	"migrate.codebase.description": "从codebasehq.com迁移数据。",
 	"migrate.forgejo.description": "从codeberg.org或其他Forgejo实例迁移数据。",
+	"migrate.items.label": "迁移项目",
+	"migrate.items.wiki": "百科",
+	"migrate.items.milestones": "里程碑",
+	"migrate.items.labels": "标签",
+	"migrate.items.issues": "议题",
+	"migrate.items.pull_requests": "合并请求",
+	"migrate.items.merge_requests": "合并请求",
+	"migrate.items.releases": "版本发布",
+	"migrate.in_progress.git": "迁移Git数据",
+	"migrate.in_progress.topics": "正在迁移主题",
+	"migrate.in_progress.milestones": "正在迁移里程碑",
+	"migrate.in_progress.labels": "正在迁移标签",
+	"migrate.in_progress.releases": "正在迁移发布",
+	"migrate.in_progress.issues": "正在迁移议题",
+	"migrate.in_progress.pulls": "正在迁移合并请求",
+	"migrate.cancel.title": "取消迁移",
+	"migrate.cancel.confirmation": "您想要取消此次迁移吗？",
 	"warning.repository.out_of_sync": "此仓库的数据库表示已脱同步。如果在向此仓库推送提交后仍出现此警告，请联系管理员。",
 	"admin.config.security": "安全设置",
 	"settings.twofa_unroll_unavailable": "你的账户必须启用双因子认证，无法禁用。",
diff --git a/options/locale_next/locale_zh-HK.json b/options/locale_next/locale_zh-HK.json
index a595ec54f5..d81aa3f202 100644
--- a/options/locale_next/locale_zh-HK.json
+++ b/options/locale_next/locale_zh-HK.json
@@ -1,4 +1,10 @@
 {
+	"migrate.items.wiki": "維基",
+	"migrate.items.milestones": "里程碑",
+	"migrate.items.labels": "標籤",
+	"migrate.items.issues": "問題數",
+	"migrate.items.pull_requests": "合併請求",
+	"migrate.items.releases": "版本發佈",
 	"actions.runners.name": "名稱",
 	"actions.runners.owner_type": "認證類型",
 	"actions.runners.description": "描述",
diff --git a/options/locale_next/locale_zh-TW.json b/options/locale_next/locale_zh-TW.json
index 08649ca69a..ac46e41245 100644
--- a/options/locale_next/locale_zh-TW.json
+++ b/options/locale_next/locale_zh-TW.json
@@ -1,4 +1,20 @@
 {
+	"counters.n_commits": {
+		"one": "%s 個提交",
+		"other": "%s 個提交"
+	},
+	"counters.n_branches": {
+		"one": "%s 條分支",
+		"other": "%s 條分支"
+	},
+	"counters.n_tags": {
+		"one": "%s 個標籤",
+		"other": "%s 個標籤"
+	},
+	"counters.n_releases": {
+		"one": "%s 發行",
+		"other": "%s 發行"
+	},
 	"actions.actions": "Actions",
 	"actions.status.unknown": "未知的",
 	"actions.status.waiting": "等待中",
@@ -315,6 +331,23 @@
 	"migrate.gitbucket.description": "從 GitBucket 站點遷移資料。",
 	"migrate.codebase.description": "從 codebasehq.com 遷移資料。",
 	"migrate.forgejo.description": "從 codeberg.org 或其他 Forgejo 站點遷移資料。",
+	"migrate.items.label": "遷移項目",
+	"migrate.items.wiki": "Wiki",
+	"migrate.items.milestones": "里程碑",
+	"migrate.items.labels": "標籤",
+	"migrate.items.issues": "問題",
+	"migrate.items.pull_requests": "合併請求",
+	"migrate.items.merge_requests": "合併請求",
+	"migrate.items.releases": "版本發布",
+	"migrate.in_progress.git": "正在遷移 Git 資料",
+	"migrate.in_progress.topics": "正在遷移主題",
+	"migrate.in_progress.milestones": "正在遷移里程碑",
+	"migrate.in_progress.labels": "正在遷移標籤",
+	"migrate.in_progress.releases": "正在遷移版本發佈",
+	"migrate.in_progress.issues": "正在遷移問題",
+	"migrate.in_progress.pulls": "正在遷移合併請求",
+	"migrate.cancel.title": "取消遷移",
+	"migrate.cancel.confirmation": "您確定要取消這次的遷移嗎？",
 	"pulse.n_active_issues": "%s 個問題",
 	"pulse.n_active_prs": "%s 個合併請求",
 	"watch.n_watchers": "%s 位關注者",
diff --git a/services/migrations/migrate.go b/services/migrations/migrate.go
index 61630d9c6d..6746a8c915 100644
--- a/services/migrations/migrate.go
+++ b/services/migrations/migrate.go
@@ -236,14 +236,14 @@ func migrateRepository(_ context.Context, doer *user_model.User, downloader base
 	}
 
 	log.Trace("migrating git data from %s", repo.CloneURL)
-	messenger("repo.migrate.migrating_git")
+	messenger("migrate.in_progress.git")
 	if err = uploader.CreateRepo(repo, opts); err != nil {
 		return err
 	}
 	defer uploader.Close()
 
 	log.Trace("migrating topics")
-	messenger("repo.migrate.migrating_topics")
+	messenger("migrate.in_progress.topics")
 	topics, err := downloader.GetTopics()
 	if err != nil {
 		if !base.IsErrNotSupported(err) {
@@ -259,7 +259,7 @@ func migrateRepository(_ context.Context, doer *user_model.User, downloader base
 
 	if opts.Milestones {
 		log.Trace("migrating milestones")
-		messenger("repo.migrate.migrating_milestones")
+		messenger("migrate.in_progress.milestones")
 		milestones, err := downloader.GetMilestones()
 		if err != nil {
 			if !base.IsErrNotSupported(err) {
@@ -282,7 +282,7 @@ func migrateRepository(_ context.Context, doer *user_model.User, downloader base
 
 	if opts.Labels {
 		log.Trace("migrating labels")
-		messenger("repo.migrate.migrating_labels")
+		messenger("migrate.in_progress.labels")
 		labels, err := downloader.GetLabels()
 		if err != nil {
 			if !base.IsErrNotSupported(err) {
@@ -306,7 +306,7 @@ func migrateRepository(_ context.Context, doer *user_model.User, downloader base
 
 	if opts.Releases {
 		log.Trace("migrating releases")
-		messenger("repo.migrate.migrating_releases")
+		messenger("migrate.in_progress.releases")
 		releases, err := downloader.GetReleases()
 		if err != nil {
 			if !base.IsErrNotSupported(err) {
@@ -342,7 +342,7 @@ func migrateRepository(_ context.Context, doer *user_model.User, downloader base
 
 	if opts.Issues {
 		log.Trace("migrating issues and comments")
-		messenger("repo.migrate.migrating_issues")
+		messenger("migrate.in_progress.issues")
 		issueBatchSize := uploader.MaxBatchInsertSize("issue")
 
 		for i := 1; ; i++ {
@@ -397,7 +397,7 @@ func migrateRepository(_ context.Context, doer *user_model.User, downloader base
 
 	if opts.PullRequests {
 		log.Trace("migrating pull requests and comments")
-		messenger("repo.migrate.migrating_pulls")
+		messenger("migrate.in_progress.pulls")
 		prBatchSize := uploader.MaxBatchInsertSize("pullrequest")
 		for i := 1; ; i++ {
 			prs, isEnd, err := downloader.GetPullRequests(i, prBatchSize)
diff --git a/templates/repo/commits_table.tmpl b/templates/repo/commits_table.tmpl
index be6462b269..87feb06a98 100644
--- a/templates/repo/commits_table.tmpl
+++ b/templates/repo/commits_table.tmpl
@@ -1,7 +1,7 @@
 <h4 class="ui top attached header commits-table tw-flex tw-items-center tw-justify-between">
 	<div class="commits-table-left tw-flex tw-items-center">
 		{{if or .PageIsCommits (gt .CommitCount 0)}}
-			{{ctx.Locale.TrN .CommitCount "repo.n_commit_one" "repo.n_commit_few" (ctx.Locale.PrettyNumber .CommitCount)}}
+			{{ctx.Locale.TrPluralString .CommitCount "counters.n_commits" (ctx.Locale.PrettyNumber .CommitCount)}}
 		{{else if .IsNothingToCompare}}
 			{{ctx.Locale.Tr "repo.commits.nothing_to_compare"}}
 		{{else}}
diff --git a/templates/repo/migrate/codebase.tmpl b/templates/repo/migrate/codebase.tmpl
index c921a3bdbc..037185b8a0 100644
--- a/templates/repo/migrate/codebase.tmpl
+++ b/templates/repo/migrate/codebase.tmpl
@@ -31,31 +31,31 @@
 
 					<div id="migrate_items">
 						<div class="inline field">
-							<label>{{ctx.Locale.Tr "repo.migrate_items"}}</label>
+							<label>{{ctx.Locale.Tr "migrate.items.label"}}</label>
 							<div class="ui checkbox">
 								<input name="issues" type="checkbox" {{if .issues}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_issues"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.issues"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="pull_requests" type="checkbox" {{if .pull_requests}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_merge_requests"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.merge_requests"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="labels" type="checkbox" {{if .labels}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_labels"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.labels"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="milestones" type="checkbox" {{if .milestones}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_milestones"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.milestones"}}</label>
 							</div>
 						</div>
 					</div>
diff --git a/templates/repo/migrate/gitbucket.tmpl b/templates/repo/migrate/gitbucket.tmpl
index eae80bccc6..33a14b678f 100644
--- a/templates/repo/migrate/gitbucket.tmpl
+++ b/templates/repo/migrate/gitbucket.tmpl
@@ -30,10 +30,10 @@
 					{{template "repo/migrate/options" .}}
 
 					<div class="inline field">
-						<label>{{ctx.Locale.Tr "repo.migrate_items"}}</label>
+						<label>{{ctx.Locale.Tr "migrate.items.label"}}</label>
 						<div class="ui checkbox">
 							<input name="wiki" type="checkbox" {{if .wiki}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "repo.migrate_items_wiki"}}</label>
+							<label>{{ctx.Locale.Tr "migrate.items.wiki"}}</label>
 						</div>
 					</div>
 
@@ -43,35 +43,35 @@
 							<label></label>
 							<div class="ui checkbox">
 								<input name="issues" type="checkbox" {{if .issues}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_issues"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.issues"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="pull_requests" type="checkbox" {{if .pull_requests}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_pullrequests"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.pull_requests"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="labels" type="checkbox" {{if .labels}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_labels"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.labels"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="milestones" type="checkbox" {{if .milestones}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_milestones"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.milestones"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="releases" type="checkbox" {{if .releases}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_releases"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.releases"}}</label>
 							</div>
 						</div>
 					</div>
diff --git a/templates/repo/migrate/gitea.tmpl b/templates/repo/migrate/gitea.tmpl
index e000e3bb93..fd59124841 100644
--- a/templates/repo/migrate/gitea.tmpl
+++ b/templates/repo/migrate/gitea.tmpl
@@ -26,10 +26,10 @@
 					{{template "repo/migrate/options" .}}
 
 					<div class="inline field">
-						<label>{{ctx.Locale.Tr "repo.migrate_items"}}</label>
+						<label>{{ctx.Locale.Tr "migrate.items.label"}}</label>
 						<div class="ui checkbox">
 							<input name="wiki" type="checkbox" {{if .wiki}} checked{{end}}>
-							<label>{{ctx.Locale.Tr "repo.migrate_items_wiki"}}</label>
+							<label>{{ctx.Locale.Tr "migrate.items.wiki"}}</label>
 						</div>
 					</div>
 
@@ -39,35 +39,35 @@
 							<label></label>
 							<div class="ui checkbox">
 								<input name="issues" type="checkbox" {{if .issues}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_issues"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.issues"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="pull_requests" type="checkbox" {{if .pull_requests}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_pullrequests"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.pull_requests"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="labels" type="checkbox" {{if .labels}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_labels"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.labels"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="milestones" type="checkbox" {{if .milestones}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_milestones"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.milestones"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="releases" type="checkbox" {{if .releases}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_releases"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.releases"}}</label>
 							</div>
 						</div>
 					</div>
diff --git a/templates/repo/migrate/github.tmpl b/templates/repo/migrate/github.tmpl
index c4ebfddd9a..ab1be1f575 100644
--- a/templates/repo/migrate/github.tmpl
+++ b/templates/repo/migrate/github.tmpl
@@ -29,10 +29,10 @@
 					{{template "repo/migrate/options" .}}
 
 					<div class="inline field">
-						<label>{{ctx.Locale.Tr "repo.migrate_items"}}</label>
+						<label>{{ctx.Locale.Tr "migrate.items.label"}}</label>
 						<div class="ui checkbox">
 							<input name="wiki" type="checkbox" {{if .wiki}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "repo.migrate_items_wiki"}}</label>
+							<label>{{ctx.Locale.Tr "migrate.items.wiki"}}</label>
 						</div>
 					</div>
 					<div id="migrate_items">
@@ -41,35 +41,35 @@
 							<label></label>
 							<div class="ui checkbox">
 								<input name="issues" type="checkbox" {{if .issues}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_issues"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.issues"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="pull_requests" type="checkbox" {{if .pull_requests}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_pullrequests"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.pull_requests"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="labels" type="checkbox" {{if .labels}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_labels"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.labels"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="milestones" type="checkbox" {{if .milestones}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_milestones"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.milestones"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="releases" type="checkbox" {{if .releases}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_releases"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.releases"}}</label>
 							</div>
 						</div>
 					</div>
diff --git a/templates/repo/migrate/gitlab.tmpl b/templates/repo/migrate/gitlab.tmpl
index 13cdddb992..a406091394 100644
--- a/templates/repo/migrate/gitlab.tmpl
+++ b/templates/repo/migrate/gitlab.tmpl
@@ -26,10 +26,10 @@
 					{{template "repo/migrate/options" .}}
 
 					<div class="inline field">
-						<label>{{ctx.Locale.Tr "repo.migrate_items"}}</label>
+						<label>{{ctx.Locale.Tr "migrate.items.label"}}</label>
 						<div class="ui checkbox">
 							<input name="wiki" type="checkbox" {{if .wiki}}checked{{end}}>
-							<label>{{ctx.Locale.Tr "repo.migrate_items_wiki"}}</label>
+							<label>{{ctx.Locale.Tr "migrate.items.wiki"}}</label>
 						</div>
 					</div>
 					<div id="migrate_items">
@@ -38,35 +38,35 @@
 							<label></label>
 							<div class="ui checkbox">
 								<input name="issues" type="checkbox" {{if .issues}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_issues"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.issues"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="pull_requests" type="checkbox" {{if .pull_requests}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_merge_requests"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.merge_requests"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="labels" type="checkbox" {{if .labels}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_labels"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.labels"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="milestones" type="checkbox" {{if .milestones}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_milestones"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.milestones"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="releases" type="checkbox" {{if .releases}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_releases"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.releases"}}</label>
 							</div>
 						</div>
 					</div>
diff --git a/templates/repo/migrate/gogs.tmpl b/templates/repo/migrate/gogs.tmpl
index 58e3fff035..e70976c730 100644
--- a/templates/repo/migrate/gogs.tmpl
+++ b/templates/repo/migrate/gogs.tmpl
@@ -26,10 +26,10 @@
 					{{template "repo/migrate/options" .}}
 
 					<div class="inline field">
-						<label>{{ctx.Locale.Tr "repo.migrate_items"}}</label>
+						<label>{{ctx.Locale.Tr "migrate.items.label"}}</label>
 						<div class="ui checkbox">
 							<input name="wiki" type="checkbox" {{if .wiki}} checked{{end}}>
-							<label>{{ctx.Locale.Tr "repo.migrate_items_wiki"}}</label>
+							<label>{{ctx.Locale.Tr "migrate.items.wiki"}}</label>
 						</div>
 					</div>
 
@@ -39,21 +39,21 @@
 							<label></label>
 							<div class="ui checkbox">
 								<input name="issues" type="checkbox" {{if .issues}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_issues"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.issues"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="labels" type="checkbox" {{if .labels}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_labels"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.labels"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="milestones" type="checkbox" {{if .milestones}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_milestones"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.milestones"}}</label>
 							</div>
 						</div>
 						<!-- Gogs do not support it
@@ -61,11 +61,11 @@
 							<label></label>
 							<div class="ui checkbox">
 								<input name="pull_requests" type="checkbox" {{if .pull_requests}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_merge_requests"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.merge_requests"}}</label>
 							</div>
 							<div class="ui checkbox">
 								<input name="releases" type="checkbox" {{if .releases}} checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_releases"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.releases"}}</label>
 							</div>
 						</div>
 						-->
diff --git a/templates/repo/migrate/migrate.tmpl b/templates/repo/migrate/migrate.tmpl
index 48ee678a13..f3fb53895a 100644
--- a/templates/repo/migrate/migrate.tmpl
+++ b/templates/repo/migrate/migrate.tmpl
@@ -1,7 +1,7 @@
 {{template "base/head" .}}
 <div role="main" aria-label="{{.Title}}" class="page-content repository new migrate">
 	<div class="ui container">
-		<h2 class="tw-mt-4">Migrate repository</h1>
+		<h2 class="tw-mt-4">{{ctx.Locale.Tr "migrate.select.title"}}</h1>
 		{{template "repo/migrate/helper" .}}
 		<div class="migrate-entries">
 			{{range .Services}}
diff --git a/templates/repo/migrate/migrating.tmpl b/templates/repo/migrate/migrating.tmpl
index a3a1baf57b..6b2db26aaf 100644
--- a/templates/repo/migrate/migrating.tmpl
+++ b/templates/repo/migrate/migrating.tmpl
@@ -86,11 +86,11 @@
 
 <div class="ui g-modal-confirm modal" id="cancel-repo-modal">
 	<div class="header">
-		{{ctx.Locale.Tr "repo.migrate.cancel_migrating_title"}}
+		{{ctx.Locale.Tr "migrate.cancel.title"}}
 	</div>
 	<form action="{{.Link}}/settings/migrate/cancel" method="post">
 		<div class="content">
-			{{ctx.Locale.Tr "repo.migrate.cancel_migrating_confirm"}}
+			{{ctx.Locale.Tr "migrate.cancel.confirmation"}}
 		</div>
 		{{template "base/modal_actions_confirm" .}}
 	</form>
diff --git a/templates/repo/migrate/onedev.tmpl b/templates/repo/migrate/onedev.tmpl
index 3024142648..377fbf2881 100644
--- a/templates/repo/migrate/onedev.tmpl
+++ b/templates/repo/migrate/onedev.tmpl
@@ -31,31 +31,31 @@
 
 					<div id="migrate_items">
 						<div class="inline field">
-							<label>{{ctx.Locale.Tr "repo.migrate_items"}}</label>
+							<label>{{ctx.Locale.Tr "migrate.items.label"}}</label>
 							<div class="ui checkbox">
 								<input name="issues" type="checkbox" {{if .issues}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_issues"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.issues"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="pull_requests" type="checkbox" {{if .pull_requests}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_pullrequests"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.pull_requests"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="labels" type="checkbox" {{if .labels}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_labels"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.labels"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="milestones" type="checkbox" {{if .milestones}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_milestones"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.milestones"}}</label>
 							</div>
 						</div>
 					</div>
diff --git a/templates/repo/migrate/pagure.tmpl b/templates/repo/migrate/pagure.tmpl
index be71827e7f..6f48cbc7fe 100644
--- a/templates/repo/migrate/pagure.tmpl
+++ b/templates/repo/migrate/pagure.tmpl
@@ -27,31 +27,31 @@
 					{{template "repo/migrate/options" .}}
 					<div id="migrate_items">
 						<div class="inline field">
-							<label>{{ctx.Locale.Tr "repo.migrate_items"}}</label>
+							<label>{{ctx.Locale.Tr "migrate.items.label"}}</label>
 							<div class="ui checkbox">
 								<input name="issues" type="checkbox" {{if .issues}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_issues"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.issues"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="pull_requests" type="checkbox" {{if .pull_requests}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_pullrequests"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.pull_requests"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="labels" type="checkbox" {{if .labels}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_labels"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.labels"}}</label>
 							</div>
 						</div>
 						<div class="inline field">
 							<label></label>
 							<div class="ui checkbox">
 								<input name="milestones" type="checkbox" {{if .milestones}}checked{{end}}>
-								<label>{{ctx.Locale.Tr "repo.migrate_items_milestones"}}</label>
+								<label>{{ctx.Locale.Tr "migrate.items.milestones"}}</label>
 							</div>
 						</div>
 					</div>
diff --git a/templates/repo/release_tag_header.tmpl b/templates/repo/release_tag_header.tmpl
index 9044bd6043..0e39076aca 100644
--- a/templates/repo/release_tag_header.tmpl
+++ b/templates/repo/release_tag_header.tmpl
@@ -4,9 +4,9 @@
 {{if $canReadReleases}}
 	<div class="list-header tw-justify-between">
 		<div class="switch">
-			<a class="{{if and .PageIsReleaseList (not .PageIsSingleTag)}}active {{end}}item" href="{{.RepoLink}}/releases{{if .Keyword}}?q={{.Keyword}}{{end}}">{{ctx.Locale.TrN .NumReleases "repo.n_release_one" "repo.n_release_few" (ctx.Locale.PrettyNumber .NumReleases)}}</a>
+			<a class="{{if and .PageIsReleaseList (not .PageIsSingleTag)}}active {{end}}item" href="{{.RepoLink}}/releases{{if .Keyword}}?q={{.Keyword}}{{end}}">{{ctx.Locale.TrPluralString .NumReleases "counters.n_releases" (ctx.Locale.PrettyNumber .NumReleases)}}</a>
 			{{if $canReadCode}}
-				<a class="{{if or .PageIsTagList .PageIsSingleTag}}active {{end}}item" href="{{.RepoLink}}/tags{{if .Keyword}}?q={{.Keyword}}{{end}}">{{ctx.Locale.TrN .NumTags "repo.n_tag_one" "repo.n_tag_few" (ctx.Locale.PrettyNumber .NumTags)}}</a>
+				<a class="{{if or .PageIsTagList .PageIsSingleTag}}active {{end}}item" href="{{.RepoLink}}/tags{{if .Keyword}}?q={{.Keyword}}{{end}}">{{ctx.Locale.TrPluralString .NumTags "counters.n_tags" (ctx.Locale.PrettyNumber .NumTags)}}</a>
 			{{end}}
 		</div>
 		{{if .ShowReleaseSearch}}
diff --git a/templates/repo/sub_menu.tmpl b/templates/repo/sub_menu.tmpl
index 96ecfdb50c..c476df0e7a 100644
--- a/templates/repo/sub_menu.tmpl
+++ b/templates/repo/sub_menu.tmpl
@@ -3,14 +3,14 @@
 	<div class="ui segment repository-menu">
 		{{if and (.Permission.CanRead $.UnitTypeCode) (not .IsEmptyRepo)}}
 			<a class="item muted {{if .PageIsCommits}}active{{end}}" href="{{.RepoLink}}/commits/{{.BranchNameSubURL}}">
-				{{svg "octicon-history"}} {{ctx.Locale.TrN .CommitsCount "repo.n_commit_one" "repo.n_commit_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .CommitsCount) | TrustHTML)}}
+				{{svg "octicon-history"}} {{ctx.Locale.TrPluralString .CommitsCount "counters.n_commits" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .CommitsCount) | TrustHTML)}}
 			</a>
 			<a class="item muted {{if .PageIsBranches}}active{{end}}" href="{{.RepoLink}}/branches">
-				{{svg "octicon-git-branch"}} {{ctx.Locale.TrN .BranchesCount "repo.n_branch_one" "repo.n_branch_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .BranchesCount) | TrustHTML)}}
+				{{svg "octicon-git-branch"}} {{ctx.Locale.TrPluralString .BranchesCount "counters.n_branches" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .BranchesCount) | TrustHTML)}}
 			</a>
 			{{if $.Permission.CanRead $.UnitTypeCode}}
 				<a class="item muted {{if .PageIsTagList}}active{{end}}" href="{{.RepoLink}}/tags">
-					{{svg "octicon-tag"}} {{ctx.Locale.TrN .NumTags "repo.n_tag_one" "repo.n_tag_few" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .NumTags) | TrustHTML)}}
+					{{svg "octicon-tag"}} {{ctx.Locale.TrPluralString .NumTags "counters.n_tags" (printf "<b>%s</b>" (ctx.Locale.PrettyNumber .NumTags) | TrustHTML)}}
 				</a>
 			{{end}}
 			<span class="item" {{if not (eq .Repository.Size 0)}}data-tooltip-content="{{.Repository.SizeDetailsString ctx.Locale}}"{{end}}>

From ce27a5993cc71f3d0877e54b66584df85b0943f9 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Fri, 3 Apr 2026 16:05:09 +0200
Subject: [PATCH 621/854] fix: superfluous increment of ActionTask attempt
 breaks job view (#11956)

https://codeberg.org/forgejo/forgejo/pulls/11750 missed a place where the attempt number is incremented independently. This caused the job view to break when running a reusable workflow with workflow expansion.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11956
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 models/actions/task.go                                      | 4 +---
 .../Test_tryHandleWorkflowCallOuterJob/action_run_job.yml   | 6 +++++-
 services/actions/job_emitter.go                             | 1 -
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/models/actions/task.go b/models/actions/task.go
index 1a208dad9d..ed2cab60e8 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -451,9 +451,7 @@ func CreateTaskForRunner(ctx context.Context, runner *ActionRunner, requestKey,
 }
 
 // Placeholder tasks are created when the status/content of an [ActionRunJob] is resolved by Forgejo without dispatch to
-// a runner, specifically in the case of a workflow call's outer job. It is the responsibility of the caller to
-// increment the job's Attempt field before invoking this method, and to update that field in the database, so that
-// reruns can function for placeholder tasks and provide updated outputs.
+// a runner, specifically in the case of a workflow call's outer job.
 func CreatePlaceholderTask(ctx context.Context, job *ActionRunJob, outputs map[string]string) (*ActionTask, error) {
 	actionTask := &ActionTask{
 		JobID:             job.ID,
diff --git a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml
index 03449040ca..f710f4bf2e 100644
--- a/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml
+++ b/services/actions/Test_tryHandleWorkflowCallOuterJob/action_run_job.yml
@@ -1,6 +1,7 @@
 # Case 600 -- workflow that is not a workflow call outer job
 -
   id: 600
+  attempt: 1
   status: 1 # success
   started: 1683636528
   workflow_payload: |
@@ -18,6 +19,7 @@
 # contexts should be considered as those in `on.workflow_call.outputs`.
 -
   id: 601
+  attempt: 1
   run_id: 900
   status: 1 # success
   started: 1683636528
@@ -44,6 +46,7 @@
       workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
 - # inner job of run 601
   id: 602
+  attempt: 1
   run_id: 900
   status: 1 # success
   job_id: outer-job.inner-job
@@ -54,7 +57,7 @@
 -
   id: 603
   run_id: 901
-  attempt: 1
+  attempt: 2
   status: 1 # success
   started: 1683636528
   needs: ["outer-job.inner-job"]
@@ -81,6 +84,7 @@
 - # inner job of run 603
   id: 604
   run_id: 901
+  attempt: 2
   status: 1 # success
   job_id: outer-job.inner-job
   task_id: 101
diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index 02ad9d66f5..b23918e42f 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -597,7 +597,6 @@ func tryHandleWorkflowCallOuterJob(ctx context.Context, job *actions_model.Actio
 	)
 
 	// Insert a placeholder task with all the computed outputs
-	job.Attempt++
 	actionTask, err := actions_model.CreatePlaceholderTask(ctx, job, outputs)
 	if err != nil {
 		return nil, fmt.Errorf("failure to insert placeholder task: %w", err)

From 1d0503d6b5597d8245b064d22804fec594d7f45e Mon Sep 17 00:00:00 2001
From: Henry Catalini Smith <henry@catalinismith.se>
Date: Fri, 3 Apr 2026 16:57:53 +0200
Subject: [PATCH 622/854] Add aria-label="Copy" to copy button (#11895)

This copy button on the pull request page lacks an accessible name. You can hear the screen reader announce it as just "button" in the screen recording `button.mp4`, and then hear the amended version in `copy.mp4` where it's announced as "copy, button".

The most relevant WCAG success criteria here is [1.1.1 Non-text content](https://www.w3.org/WAI/WCAG21/Understanding/non-text-content.html).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11895
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Henry Catalini Smith <henry@catalinismith.se>
Co-committed-by: Henry Catalini Smith <henry@catalinismith.se>
---
 templates/repo/issue/view_content/sidebar/reference.tmpl | 2 +-
 tests/e2e/issue-sidebar.test.e2e.ts                      | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/templates/repo/issue/view_content/sidebar/reference.tmpl b/templates/repo/issue/view_content/sidebar/reference.tmpl
index 5083b97fc2..1b02769ad1 100644
--- a/templates/repo/issue/view_content/sidebar/reference.tmpl
+++ b/templates/repo/issue/view_content/sidebar/reference.tmpl
@@ -13,7 +13,7 @@
 	<div class="ui equal width compact grid">
 		<div class="row tw-items-center" data-tooltip-content="{{$issueReferenceLink}}">
 			<span class="text column truncate">{{$issueReferenceLink}}</span>
-			<button class="ui two wide button column tw-p-2" data-clipboard-text="{{$issueReferenceLink}}">{{svg "octicon-copy" 14}}</button>
+			<button class="ui two wide button column tw-p-2" data-tooltip-content="{{ctx.Locale.Tr "copy"}}" data-clipboard-text="{{$issueReferenceLink}}">{{svg "octicon-copy" 14}}</button>
 		</div>
 	</div>
 </div>
diff --git a/tests/e2e/issue-sidebar.test.e2e.ts b/tests/e2e/issue-sidebar.test.e2e.ts
index 6eb44be856..cf3fe607d2 100644
--- a/tests/e2e/issue-sidebar.test.e2e.ts
+++ b/tests/e2e/issue-sidebar.test.e2e.ts
@@ -378,4 +378,8 @@ test('Issue: Reference', async ({page}) => {
   await expect(page.locator('.ui.reference .truncate')).toContainText(
     'user2/repo1#1',
   );
+
+  await page.getByRole('button', {name: 'Copy'}).click();
+  const reference = await page.evaluate(() => navigator.clipboard.readText());
+  expect(reference).toBe('user2/repo1#1');
 });

From 2027ccd994158587944b24b07adf209c2a60a921 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 4 Apr 2026 02:41:07 +0200
Subject: [PATCH 623/854] Update module github.com/mattn/go-sqlite3 to v1.14.40
 (forgejo) (#11977)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `v1.14.38` → `v1.14.40` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fmattn%2fgo-sqlite3/v1.14.40?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fmattn%2fgo-sqlite3/v1.14.38/v1.14.40?slim=true) |

---

### Release Notes

<details>
<summary>mattn/go-sqlite3 (github.com/mattn/go-sqlite3)</summary>

### [`v1.14.40`](https://github.com/mattn/go-sqlite3/compare/v1.14.39...v1.14.40)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.39...v1.14.40)

### [`v1.14.39`](https://github.com/mattn/go-sqlite3/compare/v1.14.38...v1.14.39)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.38...v1.14.39)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11977
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 24de250644..317dd8ac3a 100644
--- a/go.mod
+++ b/go.mod
@@ -75,7 +75,7 @@ require (
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.82.0
 	github.com/mattn/go-isatty v0.0.20
-	github.com/mattn/go-sqlite3 v1.14.38
+	github.com/mattn/go-sqlite3 v1.14.40
 	github.com/meilisearch/meilisearch-go v0.36.0
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
diff --git a/go.sum b/go.sum
index 11678e62ab..438aa11cfa 100644
--- a/go.sum
+++ b/go.sum
@@ -519,8 +519,8 @@ github.com/mattn/go-runewidth v0.0.17 h1:78v8ZlW0bP43XfmAfPsdXcoNCelfMHsDmd/pkEN
 github.com/mattn/go-runewidth v0.0.17/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/mattn/go-sqlite3 v1.14.38 h1:tDUzL85kMvOrvpCt8P64SbGgVFtJB11GPi2AdmITgb4=
-github.com/mattn/go-sqlite3 v1.14.38/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.40 h1:f7+saIsbq4EF86mUqe0uiecQOJYMOdfi5uATADmUG94=
+github.com/mattn/go-sqlite3 v1.14.40/go.mod h1:pjEuOr8IwzLJP2MfGeTb0A35jauH+C2kbHKBr7yXKVQ=
 github.com/meilisearch/meilisearch-go v0.36.0 h1:N1etykTektXt5KPcSbhBO0d5Xx5NaKj4pJWEM7WA5dI=
 github.com/meilisearch/meilisearch-go v0.36.0/go.mod h1:HBfHzKMxcSbTOvqdfuRA/yf6Vk9IivcwKocWRuW7W78=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=

From 267f90c97a46b333c6f8db897f6554be664c38a6 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 4 Apr 2026 03:54:32 +0200
Subject: [PATCH 624/854] Update module code.forgejo.org/go-chi/session to
 v1.0.4 (forgejo) (#11976)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/go-chi/session](https://code.forgejo.org/go-chi/session) | `v1.0.3` → `v1.0.4` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fgo-chi%2fsession/v1.0.4?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fgo-chi%2fsession/v1.0.3/v1.0.4?slim=true) |

---

### Release Notes

<details>
<summary>go-chi/session (code.forgejo.org/go-chi/session)</summary>

### [`v1.0.4`](https://code.forgejo.org/go-chi/session/compare/v1.0.3...v1.0.4)

[Compare Source](https://code.forgejo.org/go-chi/session/compare/v1.0.3...v1.0.4)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11976
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 assets/go-licenses.json | 5 -----
 go.mod                  | 3 +--
 go.sum                  | 6 ++----
 3 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index dd1d033d1a..330b5cbed6 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -869,11 +869,6 @@
     "path": "github.com/klauspost/pgzip/LICENSE",
     "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2014 Klaus Post\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n\n"
   },
-  {
-    "name": "github.com/lib/pq",
-    "path": "github.com/lib/pq/LICENSE",
-    "licenseText": "MIT License\n\nCopyright (c) 2011-2013, 'pq' Contributors. Portions Copyright (c) 2011 Blake Mizerany\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n"
-  },
   {
     "name": "github.com/libdns/libdns",
     "path": "github.com/libdns/libdns/LICENSE",
diff --git a/go.mod b/go.mod
index 317dd8ac3a..c02310548b 100644
--- a/go.mod
+++ b/go.mod
@@ -15,7 +15,7 @@ require (
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
-	code.forgejo.org/go-chi/session v1.0.3
+	code.forgejo.org/go-chi/session v1.0.4
 	code.gitea.io/sdk/gitea v0.21.0
 	code.superseriousbusiness.org/exif-terminator v0.11.1
 	code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0
@@ -208,7 +208,6 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/klauspost/crc32 v1.3.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
-	github.com/lib/pq v1.11.2 // indirect
 	github.com/libdns/libdns v1.0.0 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/markbates/going v1.0.3 // indirect
diff --git a/go.sum b/go.sum
index 438aa11cfa..8c06077317 100644
--- a/go.sum
+++ b/go.sum
@@ -40,8 +40,8 @@ code.forgejo.org/go-chi/cache v1.0.1 h1:w6IsDcPbeEnEYZn7M2HJe3/3/Ehtcw/72VjcVK7+
 code.forgejo.org/go-chi/cache v1.0.1/go.mod h1:K3aQSyRIN4xiuqV1kanfQ6O4ToDpzDpY3bNOyGjFe3U=
 code.forgejo.org/go-chi/captcha v1.0.2 h1:vyHDPXkpjDv8bLO9NqtWzZayzstD/WpJ5xwEkAaqZGQ=
 code.forgejo.org/go-chi/captcha v1.0.2/go.mod h1:lxiPLcJ76UCZHoH31/Wbum4GUi2NgjfFZLrJkKv1lLE=
-code.forgejo.org/go-chi/session v1.0.3 h1:ByJ9c/UC0AU57hxiGl53TXh+NdBOBwK/bhZ9jyadEwE=
-code.forgejo.org/go-chi/session v1.0.3/go.mod h1:xzGtFrV/agCJoZCUhFDlqAr1he6BrAdqlaprKOB1W90=
+code.forgejo.org/go-chi/session v1.0.4 h1:WQ1NaVxcCpxYwCliEGypKclZnOCjh3p1fk8XciJc62U=
+code.forgejo.org/go-chi/session v1.0.4/go.mod h1:+sSTiomM5C8AUPtxZyTENIbcTz22kcVottKO0lnmDRk=
 code.forgejo.org/xorm/xorm v1.3.9-forgejo.9 h1:hzEXDa53opdp5nrGG4F6y8HzFzrGXd5GIvFyUHcvGmI=
 code.forgejo.org/xorm/xorm v1.3.9-forgejo.9/go.mod h1:A7sFd3BFmRp20h6drSsCXgQRQdF8Vz8HuCSrzFS3m90=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
@@ -500,8 +500,6 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
-github.com/lib/pq v1.11.2 h1:x6gxUeu39V0BHZiugWe8LXZYZ+Utk7hSJGThs8sdzfs=
-github.com/lib/pq v1.11.2/go.mod h1:/p+8NSbOcwzAEI7wiMXFlgydTwcgTr3OSKMsD2BitpA=
 github.com/libdns/libdns v1.0.0 h1:IvYaz07JNz6jUQ4h/fv2R4sVnRnm77J/aOuC9B+TQTA=
 github.com/libdns/libdns v1.0.0/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=

From e4bd84b574f66c6ef8a25e29561832f44a6dbcc4 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 4 Apr 2026 04:32:32 +0200
Subject: [PATCH 625/854] Update https://data.forgejo.org/actions/setup-forgejo
 action to v3.1.9 (forgejo) (#11980)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/setup-forgejo](https://code.forgejo.org/actions/setup-forgejo) | action | patch | `v3.1.8` → `v3.1.9` |

---

### Release Notes

<details>
<summary>actions/setup-forgejo (https://data.forgejo.org/actions/setup-forgejo)</summary>

### [`v3.1.9`](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.8...v3.1.9)

[Compare Source](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.8...v3.1.9)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11980
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 1bec8b7dfa..25a7a6cf44 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -32,7 +32,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.8
+        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.9
         with:
           user: root
           password: admin1234

From 6a99b6b0c163cf7fd845add6af5394d2e158b522 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 4 Apr 2026 13:53:22 +0200
Subject: [PATCH 626/854] fix: store pull mirror creds encrypted with keying
 (#11909)

Fixes #9629.

New pull mirrors have credentials stored encrypted in the database, the same as push mirrors, rather than in the repository's `config` file.  `git fetch` on the pull mirror is updated to use the credential store.  Pull mirrors will have their credentials migrated to the encrypted storage in the database as they're synced or otherwise accessed via the web UI.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11909
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 .../v15c_add_mirror_remoteaddressauth.go      |  30 +
 models/repo/mirror.go                         |  79 ++-
 modules/git/command.go                        |  49 ++
 modules/git/repo.go                           |  42 +-
 modules/keying/keying.go                      |   2 +
 modules/templates/util_misc.go                |  15 +-
 routers/web/repo/setting/setting.go           |  28 +-
 services/mirror/mirror_pull.go                | 110 ++--
 services/repository/migrate.go                |   7 +-
 templates/repo/header.tmpl                    |   3 +-
 templates/repo/settings/options.tmpl          |   4 +-
 tests/integration/mirror_pull_test.go         | 587 ++++++++++++++++--
 12 files changed, 774 insertions(+), 182 deletions(-)
 create mode 100644 models/forgejo_migrations/v15c_add_mirror_remoteaddressauth.go

diff --git a/models/forgejo_migrations/v15c_add_mirror_remoteaddressauth.go b/models/forgejo_migrations/v15c_add_mirror_remoteaddressauth.go
new file mode 100644
index 0000000000..b2f30235ad
--- /dev/null
+++ b/models/forgejo_migrations/v15c_add_mirror_remoteaddressauth.go
@@ -0,0 +1,30 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "replace remote_address with encrypted_remote_address in table mirror",
+		Upgrade:     addMirrorRemoteAddressAuth,
+	})
+}
+
+func addMirrorRemoteAddressAuth(x *xorm.Engine) error {
+	type Mirror struct {
+		EncryptedRemoteAddress []byte `xorm:"BLOB NULL"`
+	}
+	if _, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, new(Mirror)); err != nil {
+		return err
+	}
+	// No data migration is necessary or desired.  `remote_address` contains sanitized URLs which don't have
+	// credentials, so they can't be migrated to `encrypted_remote_address`. Instead, as this data is accessed,
+	// `DecryptOrRecoverRemoteAddress` will recover the fully credentialed contents of the remote address from the git
+	// repo's `origin` remote address.
+	_, err := x.Exec("ALTER TABLE `mirror` DROP COLUMN `remote_address`")
+	return err
+}
diff --git a/models/repo/mirror.go b/models/repo/mirror.go
index 1fe9afd8e9..c64f9dc734 100644
--- a/models/repo/mirror.go
+++ b/models/repo/mirror.go
@@ -6,10 +6,14 @@ package repo
 
 import (
 	"context"
+	"errors"
+	"net/url"
 	"time"
 
 	"forgejo.org/models/db"
+	"forgejo.org/modules/keying"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 )
@@ -31,7 +35,9 @@ type Mirror struct {
 	LFS         bool   `xorm:"lfs_enabled NOT NULL DEFAULT false"`
 	LFSEndpoint string `xorm:"lfs_endpoint TEXT"`
 
-	RemoteAddress string `xorm:"VARCHAR(2048)"`
+	// Encrypted remote address w/ credentials; can be NULL if a mirror has not performed a sync since this field was
+	// introduced, in which case the remote address exists only in the repo's configured git remote on disk.
+	EncryptedRemoteAddress []byte `xorm:"BLOB NULL"`
 }
 
 func init() {
@@ -73,6 +79,71 @@ func (m *Mirror) ScheduleNextUpdate() {
 	}
 }
 
+// InsertMirror inserts a mirror to database. RemoteAddress must be provided so that it can be encrypted and stored
+// during the insert process.
+func (m *Mirror) InsertWithAddress(ctx context.Context, addr string) error {
+	return db.WithTx(ctx, func(ctx context.Context) error {
+		if _, err := db.GetEngine(ctx).Insert(m); err != nil {
+			return err
+		}
+		return m.UpdateRemoteAddress(ctx, addr)
+	})
+}
+
+// Stores a credential-free version of the address in `RemoteAddress`, encrypts the original into `RemoteAddressAuth`,
+// and stores both in the database. The ID of the mirror must be known, so this must be done after the mirror is
+// inserted.
+func (m *Mirror) UpdateRemoteAddress(ctx context.Context, addr string) error {
+	if m.ID == 0 {
+		return errors.New("must persist mirror to database before using UpdateRemoteAddress")
+	}
+
+	m.EncryptedRemoteAddress = keying.PullMirror.Encrypt(
+		[]byte(addr),
+		keying.ColumnAndID("remote_address_auth", m.ID),
+	)
+	_, err := db.GetEngine(ctx).ID(m.ID).Cols("encrypted_remote_address").Update(m)
+	return err
+}
+
+// Retrieves the encrypted remote address and decrypts it. Note that this field is expected to be absent for mirrors
+// created before the introduction of EncryptedRemoteAddress, in which case credentials are not known to Forgejo
+// directly (but may be on-disk in the repository's config file) and None will be returned.
+func (m *Mirror) DecryptRemoteAddress() (optional.Option[string], error) {
+	if m.EncryptedRemoteAddress == nil {
+		return optional.None[string](), nil
+	}
+
+	contents, err := keying.PullMirror.Decrypt(m.EncryptedRemoteAddress, keying.ColumnAndID("remote_address_auth", m.ID))
+	if err != nil {
+		return optional.None[string](), err
+	}
+	return optional.Some(string(contents)), nil
+}
+
+// Retrieves the remote address but sanitizes it of sensitive credentials. May be absent for mirrors created before the
+// introduction of EncryptedRemoteAddress.
+func (m *Mirror) SanitizedRemoteAddress() (optional.Option[string], error) {
+	maybeAddr, err := m.DecryptRemoteAddress()
+	if err != nil {
+		return optional.None[string](), err
+	} else if has, addr := maybeAddr.Get(); has {
+		parsedURL, err := url.Parse(addr)
+		if err != nil {
+			return optional.None[string](), err
+		}
+
+		// Remove the password if present.  Retain the username for consistency with `AddAuthCredentialHelperForRemote`
+		// which retains the username for the `git clone` command line, which ends up as the remote URL in the mirror's
+		// git config.
+		if parsedURL.User != nil {
+			parsedURL.User = url.User(parsedURL.User.Username())
+		}
+		return optional.Some(parsedURL.String()), nil
+	}
+	return optional.None[string](), nil
+}
+
 // GetMirrorByRepoID returns mirror information of a repository.
 func GetMirrorByRepoID(ctx context.Context, repoID int64) (*Mirror, error) {
 	m := &Mirror{RepoID: repoID}
@@ -115,9 +186,3 @@ func MirrorsIterate(ctx context.Context, limit int, f func(idx int, bean any) er
 	}
 	return sess.Iterate(new(Mirror), f)
 }
-
-// InsertMirror inserts a mirror to database
-func InsertMirror(ctx context.Context, mirror *Mirror) error {
-	_, err := db.GetEngine(ctx).Insert(mirror)
-	return err
-}
diff --git a/modules/git/command.go b/modules/git/command.go
index bf1d624dbf..4ab081418b 100644
--- a/modules/git/command.go
+++ b/modules/git/command.go
@@ -10,6 +10,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"net/url"
 	"os"
 	"os/exec"
 	"runtime/trace"
@@ -446,6 +447,54 @@ func (c *Command) RunStdBytes(opts *RunOpts) (stdout, stderr []byte, runErr RunS
 	return stdoutBuf.Bytes(), stderr, nil
 }
 
+// If `remoteURL` is a URL with a password in it, add parameters to the git command that will read that password from a
+// credential store file, and return the URL that should be used in the command instead of the original, and a cleanup
+// function to call to remove the credential file. If `remoteURL` doesn't have a password, then it is returned as-is.
+// This function must be invoked on the the git command before the git sub-command -- eg. before the `clone` or `fetch`
+// parameter is added to the command's args.
+func (c *Command) AddAuthCredentialHelperForRemote(remoteURL string) (commandURL string, cleanup func(), err error) {
+	parsedFromURL, _ := url.Parse(remoteURL)
+
+	// If the clone URL has credentials, build a credential file for usage by git-credential-store
+	// to prevent credential leak in the process list.
+	// https://git-scm.com/docs/git-credential-store#_storage_format
+	// credential.helper adjustment must be set before the git subcommand
+	if strings.Contains(remoteURL, "://") && strings.Contains(remoteURL, "@") && parsedFromURL != nil {
+		credentialsFile, err := os.CreateTemp("", "forgejo-clone-credentials-")
+		if err != nil {
+			return "", nil, err
+		}
+		credentialsPath := credentialsFile.Name()
+
+		cleanup := func() {
+			_ = credentialsFile.Close()
+			if err := util.Remove(credentialsPath); err != nil {
+				log.Warn("Unable to remove temporary file %q: %v", credentialsPath, err)
+			}
+		}
+		_, err = credentialsFile.Write([]byte(parsedFromURL.String()))
+		if err != nil {
+			cleanup()
+			return "", nil, err
+		}
+		err = credentialsFile.Close()
+		if err != nil {
+			cleanup()
+			return "", nil, err
+		}
+
+		c.AddArguments("-c").AddDynamicArguments("credential.helper=store --file=" + credentialsPath)
+
+		// remove the password from the URL argument
+		parsedFromURL.User = url.User(parsedFromURL.User.Username())
+		commandURL = parsedFromURL.String()
+
+		return commandURL, cleanup, nil
+	}
+
+	return remoteURL, func() {}, nil
+}
+
 // AllowLFSFiltersArgs return globalCommandArgs with lfs filter, it should only be used for tests
 func AllowLFSFiltersArgs() TrustedCmdArgs {
 	// Now here we should explicitly allow lfs filters to run
diff --git a/modules/git/repo.go b/modules/git/repo.go
index 6bd03f8e3c..8f9b95f1f2 100644
--- a/modules/git/repo.go
+++ b/modules/git/repo.go
@@ -18,7 +18,6 @@ import (
 	"strings"
 	"time"
 
-	"forgejo.org/modules/log"
 	"forgejo.org/modules/proxy"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
@@ -141,44 +140,13 @@ func CloneWithArgs(ctx context.Context, args TrustedCmdArgs, from, to string, op
 		envs = proxy.EnvWithProxy(parsedFromURL)
 	}
 
-	fromURL := from
-	sanitizedFrom := from
+	sanitizedFrom := util.SanitizeCredentialURLs(from)
 
-	// If the clone URL has credentials, build a credential file for usage by git-credential-store
-	// to prevent credential leak in the process list.
-	// https://git-scm.com/docs/git-credential-store#_storage_format
-	// credential.helper adjustment must be set before the git subcommand
-	if strings.Contains(from, "://") && strings.Contains(from, "@") {
-		sanitizedFrom = util.SanitizeCredentialURLs(from)
-		if parsedFromURL != nil {
-			credentialsFile, err := os.CreateTemp("", "forgejo-clone-credentials-")
-			if err != nil {
-				return err
-			}
-			credentialsPath := credentialsFile.Name()
-
-			defer func() {
-				_ = credentialsFile.Close()
-				if err := util.Remove(credentialsPath); err != nil {
-					log.Warn("Unable to remove temporary file %q: %v", credentialsPath, err)
-				}
-			}()
-			_, err = credentialsFile.Write([]byte(parsedFromURL.String()))
-			if err != nil {
-				return err
-			}
-			err = credentialsFile.Close()
-			if err != nil {
-				return err
-			}
-
-			cmd.AddArguments("-c").AddDynamicArguments("credential.helper=store --file=" + credentialsPath)
-
-			// remove the password from the URL argument
-			parsedFromURL.User = url.User(parsedFromURL.User.Username())
-			fromURL = parsedFromURL.String()
-		}
+	fromURL, cleanup, err := cmd.AddAuthCredentialHelperForRemote(from)
+	if err != nil {
+		return err
 	}
+	defer cleanup()
 
 	cmd.AddArguments("clone")
 
diff --git a/modules/keying/keying.go b/modules/keying/keying.go
index 751fd77521..14fbaaca98 100644
--- a/modules/keying/keying.go
+++ b/modules/keying/keying.go
@@ -41,6 +41,8 @@ var (
 	MigrateTask = deriveKey("migrate_repo_task")
 	// Used for the `webhook` table.
 	Webhook = deriveKey("webhook")
+	// Used for the `mirror` table.
+	PullMirror = deriveKey("pullmirror")
 )
 
 var (
diff --git a/modules/templates/util_misc.go b/modules/templates/util_misc.go
index 60f918be47..8e1ef71f5d 100644
--- a/modules/templates/util_misc.go
+++ b/modules/templates/util_misc.go
@@ -17,12 +17,11 @@ import (
 	asymkey_model "forgejo.org/models/asymkey"
 	repo_model "forgejo.org/models/repo"
 	user_model "forgejo.org/models/user"
-	"forgejo.org/modules/git"
-	giturl "forgejo.org/modules/git/url"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/repository"
 	"forgejo.org/modules/svg"
+	mirror_service "forgejo.org/services/mirror"
 
 	"github.com/editorconfig/editorconfig-core-go/v2"
 )
@@ -164,17 +163,11 @@ type remoteAddress struct {
 	Password string
 }
 
-func mirrorRemoteAddress(ctx context.Context, m *repo_model.Repository, remoteName string) remoteAddress {
+func mirrorRemoteAddress(ctx context.Context, mirror *repo_model.Mirror) remoteAddress {
 	ret := remoteAddress{}
-	remoteURL, err := git.GetRemoteAddress(ctx, m.RepoPath(), remoteName)
+	u, err := mirror_service.DecryptOrRecoverRemoteAddress(ctx, mirror)
 	if err != nil {
-		log.Error("GetRemoteURL %v", err)
-		return ret
-	}
-
-	u, err := giturl.Parse(remoteURL)
-	if err != nil {
-		log.Error("giturl.Parse %v", err)
+		log.Error("DecryptOrRecoverRemoteAddress %v", err)
 		return ret
 	}
 
diff --git a/routers/web/repo/setting/setting.go b/routers/web/repo/setting/setting.go
index f7d0348634..b001cf961e 100644
--- a/routers/web/repo/setting/setting.go
+++ b/routers/web/repo/setting/setting.go
@@ -462,12 +462,12 @@ func SettingsPost(ctx *context.Context) {
 			return
 		}
 
-		u, err := git.GetRemoteURL(ctx, ctx.Repo.Repository.RepoPath(), pullMirror.GetRemoteName())
+		u, err := mirror_service.DecryptOrRecoverRemoteAddress(ctx, pullMirror)
 		if err != nil {
-			ctx.Data["Err_MirrorAddress"] = true
-			handleSettingRemoteAddrError(ctx, err, form)
+			ctx.ServerError("DecryptOrRecoverRemoteAddress", err)
 			return
 		}
+
 		if u.User != nil && form.MirrorPassword == "" && form.MirrorUsername == u.User.Username() {
 			form.MirrorPassword, _ = u.User.Password()
 		}
@@ -482,17 +482,25 @@ func SettingsPost(ctx *context.Context) {
 			return
 		}
 
-		if err := mirror_service.UpdateAddress(ctx, pullMirror, address); err != nil {
-			ctx.ServerError("UpdateAddress", err)
-			return
-		}
-		remoteAddress, err := util.SanitizeURL(address)
-		if err != nil {
+		if err := pullMirror.UpdateRemoteAddress(ctx, address); err != nil {
 			ctx.Data["Err_MirrorAddress"] = true
 			handleSettingRemoteAddrError(ctx, err, form)
 			return
 		}
-		pullMirror.RemoteAddress = remoteAddress
+
+		// Update the unencrypted address stored in the git config, so that future `git fetch` will access the right
+		// address. pullMirror.RemoteAddress is the sanitized no-creds version from UpdateRemoteAddress.
+		if maybeSanitizedURL, err := pullMirror.SanitizedRemoteAddress(); err != nil {
+			ctx.ServerError("SanitizedRemoteAddress", err)
+			return
+		} else if has, sanitizedURL := maybeSanitizedURL.Get(); !has {
+			// SanitizedRemoteAddress must be present after we just stored it
+			ctx.ServerError("SanitizedRemoteAddress", err)
+			return
+		} else if err := mirror_service.UpdateAddress(ctx, pullMirror, sanitizedURL); err != nil {
+			ctx.ServerError("UpdateAddress", err)
+			return
+		}
 
 		form.LFS = form.LFS && setting.LFS.StartServer
 
diff --git a/services/mirror/mirror_pull.go b/services/mirror/mirror_pull.go
index d6e1ff6c51..c5adc6105f 100644
--- a/services/mirror/mirror_pull.go
+++ b/services/mirror/mirror_pull.go
@@ -31,55 +31,27 @@ const gitShortEmptySha = "0000000"
 
 // UpdateAddress writes new address to Git repository and database
 func UpdateAddress(ctx context.Context, m *repo_model.Mirror, addr string) error {
-	u, err := giturl.Parse(addr)
-	if err != nil {
-		return fmt.Errorf("invalid addr: %v", err)
-	}
-
 	remoteName := m.GetRemoteName()
 	repoPath := m.GetRepository(ctx).RepoPath()
-	// Remove old remote
-	_, _, err = git.NewCommand(ctx, "remote", "rm").AddDynamicArguments(remoteName).RunStdString(&git.RunOpts{Dir: repoPath})
-	if err != nil && !git.IsRemoteNotExistError(err) {
-		return err
-	}
-
-	cmd := git.NewCommand(ctx, "remote", "add").AddDynamicArguments(remoteName).AddArguments("--mirror=fetch").AddDynamicArguments(addr)
-	if strings.Contains(addr, "://") && strings.Contains(addr, "@") {
-		cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, util.SanitizeCredentialURLs(addr), repoPath))
-	} else {
-		cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, addr, repoPath))
-	}
-	_, _, err = cmd.RunStdString(&git.RunOpts{Dir: repoPath})
-	if err != nil && !git.IsRemoteNotExistError(err) {
+	_, _, err := git.NewCommand(ctx, "remote", "set-url").
+		AddDynamicArguments(remoteName, addr).
+		RunStdString(&git.RunOpts{Dir: repoPath})
+	if err != nil {
 		return err
 	}
 
 	if m.Repo.HasWiki() {
 		wikiPath := m.Repo.WikiPath()
 		wikiRemotePath := repo_module.WikiRemoteURL(ctx, addr)
-		// Remove old remote of wiki
-		_, _, err = git.NewCommand(ctx, "remote", "rm").AddDynamicArguments(remoteName).RunStdString(&git.RunOpts{Dir: wikiPath})
-		if err != nil && !git.IsRemoteNotExistError(err) {
-			return err
-		}
-
-		cmd = git.NewCommand(ctx, "remote", "add").AddDynamicArguments(remoteName).AddArguments("--mirror=fetch").AddDynamicArguments(wikiRemotePath)
-		if strings.Contains(wikiRemotePath, "://") && strings.Contains(wikiRemotePath, "@") {
-			cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, util.SanitizeCredentialURLs(wikiRemotePath), wikiPath))
-		} else {
-			cmd.SetDescription(fmt.Sprintf("remote add %s --mirror=fetch %s [repo_path: %s]", remoteName, wikiRemotePath, wikiPath))
-		}
-		_, _, err = cmd.RunStdString(&git.RunOpts{Dir: wikiPath})
-		if err != nil && !git.IsRemoteNotExistError(err) {
+		_, _, err = git.NewCommand(ctx, "remote", "set-url").
+			AddDynamicArguments(remoteName, wikiRemotePath).
+			RunStdString(&git.RunOpts{Dir: wikiPath})
+		if err != nil {
 			return err
 		}
 	}
 
-	// erase authentication before storing in database
-	u.User = nil
-	m.Repo.OriginalURL = u.String()
-	return repo_model.UpdateRepositoryCols(ctx, m.Repo, "original_url")
+	return nil
 }
 
 // mirrorSyncResult contains information of a updated reference.
@@ -262,6 +234,46 @@ func checkRecoverableSyncError(stderrMessage string) bool {
 	}
 }
 
+// Decrypt RemoteAddressAuth from the mirror. If absent on the mirror database table, fallback to the older method where
+// credentials are stored in the git config file as the remote's address, encrypt those credentials and store them in
+// the database, and wipe them from the git config file so that they're only stored in the one encrypted location in DB.
+func DecryptOrRecoverRemoteAddress(ctx context.Context, m *repo_model.Mirror) (*giturl.GitURL, error) {
+	decryptedRemoteURL, err := m.DecryptRemoteAddress()
+	if err != nil {
+		return nil, fmt.Errorf("failed to decrypt remote address: %w", err)
+	}
+
+	if has, url := decryptedRemoteURL.Get(); has {
+		remoteURL, err := giturl.Parse(url)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse decrypted remote address: %w", err)
+		}
+		return remoteURL, nil
+	}
+
+	// fallback to reading remote URL from the git config file for repos that predate DecryptRemoteAddress
+	repoPath := m.GetRepository(ctx).RepoPath()
+	remoteURL, err := git.GetRemoteURL(ctx, repoPath, m.GetRemoteName())
+	if err != nil {
+		return nil, fmt.Errorf("GetRemoteAddress error: %w", err)
+	}
+
+	// Store the full address in the database
+	if err := m.UpdateRemoteAddress(ctx, remoteURL.URL.String()); err != nil {
+		return nil, fmt.Errorf("UpdateRemoteAddress error: %w", err)
+	}
+
+	// Update the git config file to just contain the sanitized address
+	if maybeSanitizedURL, err := m.SanitizedRemoteAddress(); err != nil {
+		return nil, fmt.Errorf("SanitizedRemoteAddress error: %w", err)
+	} else if has, sanitizedURL := maybeSanitizedURL.Get(); !has {
+		return nil, fmt.Errorf("SanitizedRemoteAddress must be present after we just stored it, but had error: %w", err)
+	} else if err := UpdateAddress(ctx, m, sanitizedURL); err != nil {
+		return nil, fmt.Errorf("UpdateAddress error: %w", err)
+	}
+	return remoteURL, nil
+}
+
 // runSync returns true if sync finished without error.
 func runSync(ctx context.Context, m *repo_model.Mirror) ([]*mirrorSyncResult, bool) {
 	repoPath := m.Repo.RepoPath()
@@ -270,19 +282,29 @@ func runSync(ctx context.Context, m *repo_model.Mirror) ([]*mirrorSyncResult, bo
 
 	log.Trace("SyncMirrors [repo: %-v]: running git remote update...", m.Repo)
 
+	remoteURL, err := DecryptOrRecoverRemoteAddress(ctx, m)
+	if err != nil {
+		log.Error("SyncMirrors [repo: %-v]: failed to get remote address: %v", m.Repo, err)
+		return nil, false
+	}
+
+	cmd := git.NewCommand(ctx)
+
+	// Setup credential helper to authenticate the fetch; needs to occur before the `fetch` arg.
+	_, credCleanup, err := cmd.AddAuthCredentialHelperForRemote(remoteURL.URL.String())
+	if err != nil {
+		log.Error("SyncMirrors [repo: %-v]: AddAuthCredentialHelperForRemote Error %v", m.Repo, err)
+		return nil, false
+	}
+	defer credCleanup()
+
 	// use fetch but not remote update because git fetch support --tags but remote update doesn't
-	cmd := git.NewCommand(ctx, "fetch")
+	cmd.AddArguments("fetch")
 	if m.EnablePrune {
 		cmd.AddArguments("--prune")
 	}
 	cmd.AddArguments("--tags").AddDynamicArguments(m.GetRemoteName())
 
-	remoteURL, remoteErr := git.GetRemoteURL(ctx, repoPath, m.GetRemoteName())
-	if remoteErr != nil {
-		log.Error("SyncMirrors [repo: %-v]: GetRemoteAddress Error %v", m.Repo, remoteErr)
-		return nil, false
-	}
-
 	envs := proxy.EnvWithProxy(remoteURL.URL)
 
 	stdoutBuilder := strings.Builder{}
diff --git a/services/repository/migrate.go b/services/repository/migrate.go
index 80f5d68231..46b48d02d3 100644
--- a/services/repository/migrate.go
+++ b/services/repository/migrate.go
@@ -182,17 +182,12 @@ func MigrateRepositoryGitData(ctx context.Context, u *user_model.User,
 	defer committer.Close()
 
 	if opts.Mirror {
-		remoteAddress, err := util.SanitizeURL(opts.CloneAddr)
-		if err != nil {
-			return repo, err
-		}
 		mirrorModel := repo_model.Mirror{
 			RepoID:         repo.ID,
 			Interval:       setting.Mirror.DefaultInterval,
 			EnablePrune:    true,
 			NextUpdateUnix: timeutil.TimeStampNow().AddDuration(setting.Mirror.DefaultInterval),
 			LFS:            opts.LFS,
-			RemoteAddress:  remoteAddress,
 		}
 		if opts.LFS {
 			mirrorModel.LFSEndpoint = opts.LFSEndpoint
@@ -217,7 +212,7 @@ func MigrateRepositoryGitData(ctx context.Context, u *user_model.User,
 			}
 		}
 
-		if err = repo_model.InsertMirror(ctx, &mirrorModel); err != nil {
+		if err = mirrorModel.InsertWithAddress(ctx, opts.CloneAddr); err != nil {
 			return repo, fmt.Errorf("InsertOne: %w", err)
 		}
 
diff --git a/templates/repo/header.tmpl b/templates/repo/header.tmpl
index 513758a149..44254aae82 100644
--- a/templates/repo/header.tmpl
+++ b/templates/repo/header.tmpl
@@ -77,9 +77,10 @@
 			{{end}}
 		</div>
 		{{if $.PullMirror}}
+			{{$address := MirrorRemoteAddress $.Context $.PullMirror}}
 			<div class="fork-flag">
 				{{ctx.Locale.Tr "repo.mirror_from"}}
-				<a target="_blank" rel="noopener noreferrer" href="{{$.PullMirror.RemoteAddress}}">{{$.PullMirror.RemoteAddress}}</a>
+				<a target="_blank" rel="noopener noreferrer" href="{{$address.Address}}">{{$address.Address}}</a>
 				{{if $.PullMirror.UpdatedUnix}}{{ctx.Locale.Tr "repo.mirror_sync"}} {{DateUtils.TimeSince $.PullMirror.UpdatedUnix}}{{end}}
 			</div>
 		{{end}}
diff --git a/templates/repo/settings/options.tmpl b/templates/repo/settings/options.tmpl
index fa25f4630a..137be0f334 100644
--- a/templates/repo/settings/options.tmpl
+++ b/templates/repo/settings/options.tmpl
@@ -148,9 +148,10 @@
 								</tr>
 							</tbody>
 						{{else if $isWorkingPullMirror}}
+						{{$address := MirrorRemoteAddress $.Context .PullMirror}}
 						<tbody>
 							<tr>
-								<td>{{.PullMirror.RemoteAddress}}</td>
+								<td>{{$address.Address}}</td>
 								<td>{{ctx.Locale.Tr "repo.settings.mirror_settings.direction.pull"}}</td>
 								<td>{{DateUtils.FullTime .PullMirror.UpdatedUnix}}</td>
 								<td class="right aligned">
@@ -176,7 +177,6 @@
 											<label for="interval">{{ctx.Locale.Tr "repo.mirror_interval" .MinimumMirrorInterval}}</label>
 											<input id="interval" name="interval" value="{{.PullMirror.Interval}}">
 										</div>
-										{{$address := MirrorRemoteAddress $.Context .Repository .PullMirror.GetRemoteName}}
 										<div class="field {{if .Err_MirrorAddress}}error{{end}}">
 											<label for="mirror_address">{{ctx.Locale.Tr "repo.mirror_address"}}</label>
 											<input id="mirror_address" name="mirror_address" value="{{$address.Address}}" required>
diff --git a/tests/integration/mirror_pull_test.go b/tests/integration/mirror_pull_test.go
index 03d4bdcf92..a0de586aaa 100644
--- a/tests/integration/mirror_pull_test.go
+++ b/tests/integration/mirror_pull_test.go
@@ -5,9 +5,16 @@
 package integration
 
 import (
+	"fmt"
 	"net/http"
+	"net/url"
+	"os"
+	"path"
+	"strings"
 	"testing"
+	"time"
 
+	"forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
@@ -15,94 +22,546 @@ import (
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/migration"
+	"forgejo.org/modules/optional"
+	"forgejo.org/modules/process"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/structs"
 	app_context "forgejo.org/services/context"
+	"forgejo.org/services/forms"
+	"forgejo.org/services/migrations"
 	mirror_service "forgejo.org/services/mirror"
 	release_service "forgejo.org/services/release"
 	repo_service "forgejo.org/services/repository"
+	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
 
+	"github.com/PuerkitoBio/goquery"
+	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
 func TestMirrorPull(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
+	t.Run("Basic", func(t *testing.T) {
+		defer tests.PrepareTestEnv(t)()
 
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
-	repoPath := repo_model.RepoPath(user.Name, repo.Name)
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		repoPath := repo_model.RepoPath(user.Name, repo.Name)
 
-	opts := migration.MigrateOptions{
-		RepoName:    "test_mirror",
-		Description: "Test mirror",
-		Private:     false,
-		Mirror:      true,
-		CloneAddr:   repoPath,
-		Wiki:        true,
-		Releases:    false,
-	}
+		opts := migration.MigrateOptions{
+			RepoName:    "test_mirror",
+			Description: "Test mirror",
+			Private:     false,
+			Mirror:      true,
+			CloneAddr:   repoPath,
+			Wiki:        true,
+			Releases:    false,
+		}
 
-	mirrorRepo, err := repo_service.CreateRepositoryDirectly(db.DefaultContext, user, user, repo_service.CreateRepoOptions{
-		Name:        opts.RepoName,
-		Description: opts.Description,
-		IsPrivate:   opts.Private,
-		IsMirror:    opts.Mirror,
-		Status:      repo_model.RepositoryBeingMigrated,
+		mirrorRepo, err := repo_service.CreateRepositoryDirectly(db.DefaultContext, user, user, repo_service.CreateRepoOptions{
+			Name:        opts.RepoName,
+			Description: opts.Description,
+			IsPrivate:   opts.Private,
+			IsMirror:    opts.Mirror,
+			Status:      repo_model.RepositoryBeingMigrated,
+		})
+		require.NoError(t, err)
+		assert.True(t, mirrorRepo.IsMirror, "expected pull-mirror repo to be marked as a mirror immediately after its creation")
+
+		ctx := t.Context()
+
+		mirror, err := repo_service.MigrateRepositoryGitData(ctx, user, mirrorRepo, opts, nil)
+		require.NoError(t, err)
+
+		gitRepo, err := gitrepo.OpenRepository(git.DefaultContext, repo)
+		require.NoError(t, err)
+		defer gitRepo.Close()
+
+		findOptions := repo_model.FindReleasesOptions{
+			IncludeDrafts: true,
+			IncludeTags:   true,
+			RepoID:        mirror.ID,
+		}
+		initCount, err := db.Count[repo_model.Release](db.DefaultContext, findOptions)
+		require.NoError(t, err)
+
+		require.NoError(t, release_service.CreateRelease(gitRepo, &repo_model.Release{
+			RepoID:       repo.ID,
+			Repo:         repo,
+			PublisherID:  user.ID,
+			Publisher:    user,
+			TagName:      "v0.2",
+			Target:       "master",
+			Title:        "v0.2 is released",
+			Note:         "v0.2 is released",
+			IsDraft:      false,
+			IsPrerelease: false,
+			IsTag:        true,
+		}, "", []*release_service.AttachmentChange{}))
+
+		_, err = repo_model.GetMirrorByRepoID(ctx, mirror.ID)
+		require.NoError(t, err)
+
+		ok := mirror_service.SyncPullMirror(ctx, mirror.ID)
+		assert.True(t, ok)
+
+		count, err := db.Count[repo_model.Release](db.DefaultContext, findOptions)
+		require.NoError(t, err)
+		assert.Equal(t, initCount+1, count)
+
+		release, err := repo_model.GetRelease(db.DefaultContext, repo.ID, "v0.2")
+		require.NoError(t, err)
+		require.NoError(t, release_service.DeleteReleaseByID(ctx, repo, release, user, true))
+
+		ok = mirror_service.SyncPullMirror(ctx, mirror.ID)
+		assert.True(t, ok)
+
+		count, err = db.Count[repo_model.Release](db.DefaultContext, findOptions)
+		require.NoError(t, err)
+		assert.Equal(t, initCount, count)
 	})
-	require.NoError(t, err)
-	assert.True(t, mirrorRepo.IsMirror, "expected pull-mirror repo to be marked as a mirror immediately after its creation")
 
-	ctx := t.Context()
-
-	mirror, err := repo_service.MigrateRepositoryGitData(ctx, user, mirrorRepo, opts, nil)
-	require.NoError(t, err)
-
-	gitRepo, err := gitrepo.OpenRepository(git.DefaultContext, repo)
-	require.NoError(t, err)
-	defer gitRepo.Close()
-
-	findOptions := repo_model.FindReleasesOptions{
-		IncludeDrafts: true,
-		IncludeTags:   true,
-		RepoID:        mirror.ID,
+	// How will we interact with the pull mirror during this test?
+	interactionMethod := []struct {
+		name                        string
+		useAPI                      bool
+		createPullMirror            func(t *testing.T, sourceRepo *repo_model.Repository, authenticate bool) (repoName string)
+		verifyMirrorDetails         func(t *testing.T, sourceRepo *repo_model.Repository, mirrorName string, authenticate bool)
+		triggerPullMirror           func(t *testing.T, mirrorName string)
+		changePullMirrorCredentials func(t *testing.T, sourceRepo *repo_model.Repository, mirrorName string, authenticate bool)
+		changePullMirrorAddress     func(t *testing.T, sourceRepo *repo_model.Repository, mirrorName string, authenticate bool)
+	}{
+		{
+			name:              "API",
+			useAPI:            true,
+			createPullMirror:  createPullMirrorViaAPI,
+			triggerPullMirror: triggerPullMirrorViaAPI,
+			verifyMirrorDetails: func(t *testing.T, sourceRepo *repo_model.Repository, mirrorName string, authenticate bool) {
+				// API provides no visibility into a repo's mirror settings right now
+			},
+		},
+		{
+			name:                        "Web",
+			useAPI:                      false,
+			createPullMirror:            createPullMirrorViaWeb,
+			triggerPullMirror:           triggerPullMirrorViaWeb,
+			verifyMirrorDetails:         verifyPullMirrorViaWeb,
+			changePullMirrorCredentials: changePullMirrorCredentialsViaWeb,
+			changePullMirrorAddress:     changePullMirrorCredentialsViaWeb, // one endpoint, so same as creds
+		},
 	}
-	initCount, err := db.Count[repo_model.Release](db.DefaultContext, findOptions)
+
+	mirrorConfiguration := []struct {
+		name          string
+		privateSource bool
+	}{
+		{
+			name: "HTTP Without Auth",
+		},
+		{
+			name:          "HTTP With Auth",
+			privateSource: true,
+		},
+	}
+
+	// Not using MockVariableValue due to need to undo `migrations.Init()`
+	prev := setting.Migrations.AllowedDomains
+	setting.Migrations.AllowedDomains = "localhost"
+	migrations.Init() // reinitialize for changed allowList
+	defer func() {
+		setting.Migrations.AllowedDomains = prev
+		migrations.Init() // reinitialize for changed allowList
+	}()
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		for _, im := range interactionMethod {
+			for _, mc := range mirrorConfiguration {
+				t.Run(fmt.Sprintf("%s/%s", im.name, mc.name), func(t *testing.T) {
+					defer tests.PrintCurrentTest(t)()
+
+					user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+					// Create the source repository that will be mirrored.
+					sourceRepo, sourceRepoSha, cleanupSource := tests.CreateDeclarativeRepoWithOptions(t, user2,
+						tests.DeclarativeRepoOptions{
+							IsPrivate: optional.Some(mc.privateSource),
+							Files: optional.Some([]*files_service.ChangeRepoFile{
+								{
+									Operation:     "create",
+									TreePath:      "docs.md",
+									ContentReader: strings.NewReader("hello, world"),
+								},
+							}),
+						},
+					)
+					defer cleanupSource()
+					require.NotEmpty(t, sourceRepoSha)
+
+					// Create pull mirror
+					mirror := im.createPullMirror(t, sourceRepo, mc.privateSource)
+					verifyPullMirrorContents(t, mirror, sourceRepoSha)
+					verifyPullMirrorConfig(t, mirror, sourceRepo, mc.privateSource)
+					im.verifyMirrorDetails(t, sourceRepo, mirror, mc.privateSource)
+
+					// Push a change to the source and refresh the mirror
+					sourceRepoSha = changePullMirrorSource(t, sourceRepo, sourceRepoSha)
+					im.triggerPullMirror(t, mirror)
+					waitForPullMirror(t, mirror, sourceRepoSha)
+
+					// Test changing the mirror's authentication method (if available)
+					if mc.privateSource && im.changePullMirrorCredentials != nil {
+						sourceRepoSha = changePullMirrorSource(t, sourceRepo, sourceRepoSha)
+						im.changePullMirrorCredentials(t, sourceRepo, mirror, mc.privateSource)
+						verifyPullMirrorConfig(t, mirror, sourceRepo, mc.privateSource)
+						im.verifyMirrorDetails(t, sourceRepo, mirror, mc.privateSource)
+						im.triggerPullMirror(t, mirror)
+						waitForPullMirror(t, mirror, sourceRepoSha)
+					}
+
+					// Test changing the mirror's address (if available)
+					if im.changePullMirrorAddress != nil {
+						sourceRepo = renamePullMirrorSourceRepo(t, sourceRepo)
+						sourceRepoSha = changePullMirrorSource(t, sourceRepo, sourceRepoSha)
+						im.changePullMirrorAddress(t, sourceRepo, mirror, mc.privateSource)
+						verifyPullMirrorConfig(t, mirror, sourceRepo, mc.privateSource)
+						im.verifyMirrorDetails(t, sourceRepo, mirror, mc.privateSource)
+						im.triggerPullMirror(t, mirror)
+						waitForPullMirror(t, mirror, sourceRepoSha)
+					}
+				})
+			}
+		}
+	})
+
+	t.Run("migrate from repo config credentials", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		mirrorRepo, _, cleanupMirror := tests.CreateDeclarativeRepoWithOptions(t, user2,
+			tests.DeclarativeRepoOptions{},
+		)
+		defer cleanupMirror()
+
+		// Write to the repo a config file that would have plausibly existed before EncryptedRemoteAddress was
+		// introduced:
+		repoPath := mirrorRepo.RepoPath()
+		err := os.WriteFile(path.Join(repoPath, "config"), []byte(`
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
+[remote "origin"]
+	url = https://user:password@example.com/org/repo.git
+	tagOpt = --no-tags
+	fetch = +refs/*:refs/*
+	mirror = true
+	fetch = +refs/tags/*:refs/tags/*
+`), 0o644)
+		require.NoError(t, err)
+
+		// Create a Mirror record without an EncryptedRemoteAddress:
+		mirror := &repo_model.Mirror{
+			RepoID:      mirrorRepo.ID,
+			Interval:    8 * time.Hour,
+			EnablePrune: true,
+		}
+		_, err = db.GetEngine(t.Context()).Insert(mirror)
+		require.NoError(t, err)
+		require.Nil(t, mirror.EncryptedRemoteAddress)
+
+		remoteURL, err := mirror_service.DecryptOrRecoverRemoteAddress(t.Context(), mirror)
+		require.NoError(t, err)
+		assert.Equal(t, "https://user:password@example.com/org/repo.git", remoteURL.URL.String())
+
+		// EncryptedRemoteAddress should now be populated from the recovery:
+		assert.NotNil(t, mirror.EncryptedRemoteAddress)
+		maybeDecryptedURL, err := mirror.DecryptRemoteAddress()
+		require.NoError(t, err)
+		has, decryptedURL := maybeDecryptedURL.Get()
+		require.True(t, has)
+		assert.Equal(t, "https://user:password@example.com/org/repo.git", decryptedURL)
+
+		// SanitizedRemoteAddress can be fetched:
+		maybeSanitizedURL, err := mirror.SanitizedRemoteAddress()
+		require.NoError(t, err)
+		has, sanitizedURL := maybeSanitizedURL.Get()
+		require.True(t, has)
+		assert.Equal(t, "https://user@example.com/org/repo.git", sanitizedURL)
+
+		// Database record is updated in the database:
+		refetchMirror := unittest.AssertExistsAndLoadBean(t, &repo_model.Mirror{RepoID: mirrorRepo.ID})
+		assert.Equal(t, mirror.EncryptedRemoteAddress, refetchMirror.EncryptedRemoteAddress)
+
+		// Config file is rewritten:
+		config, err := os.ReadFile(path.Join(repoPath, "config"))
+		require.NoError(t, err)
+		assert.Equal(t, `
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
+[remote "origin"]
+	url = https://user@example.com/org/repo.git
+	tagOpt = --no-tags
+	fetch = +refs/*:refs/*
+	mirror = true
+	fetch = +refs/tags/*:refs/tags/*
+`, string(config))
+	})
+}
+
+func createPullMirrorViaWeb(t *testing.T, sourceRepo *repo_model.Repository, authenticate bool) string {
+	session := loginUser(t, "user2")
+
+	mirrorName := fmt.Sprintf("pullmirror-%s", sourceRepo.Name)
+	form := &forms.MigrateRepoForm{
+		CloneAddr: sourceRepo.CloneLink().HTTPS,
+		Service:   structs.PlainGitService,
+		UID:       2,
+		RepoName:  mirrorName,
+		Mirror:    true,
+	}
+	if authenticate {
+		form.AuthUsername = "user2"
+		form.AuthPassword = getTokenForLoggedInUser(t, session, auth.AccessTokenScopeReadRepository)
+	}
+
+	resp := session.MakeRequest(t,
+		NewRequestWithJSON(t, "POST", "/repo/migrate", form),
+		http.StatusSeeOther)
+	location := resp.Header().Get("Location")
+	assert.Equal(t, fmt.Sprintf("/user2/pullmirror-%s", sourceRepo.Name), location)
+
+	var lastBody string
+	if !assert.Eventuallyf(t,
+		func() bool {
+			resp := session.MakeRequest(t,
+				NewRequest(t, "GET", location),
+				http.StatusOK)
+			body := resp.Body.String()
+			lastBody = body
+			// Looking for the repo page to be fully populated indicating that the migration is complete:
+			// Check that the first commit message is present:
+			if !strings.Contains(body, "Initial commit") {
+				return false
+			}
+			// Check that the fork button is present:
+			if !strings.Contains(body, fmt.Sprintf("/user2/%s/fork", mirrorName)) {
+				return false
+			}
+			return true
+		},
+		15*time.Second, 1*time.Second,
+		"expected migration to complete and repo page to render") {
+		t.Logf("last received page body: %s", lastBody)
+	}
+
+	return mirrorName
+}
+
+func createPullMirrorViaAPI(t *testing.T, sourceRepo *repo_model.Repository, authenticate bool) string {
+	session := loginUser(t, "user2")
+	apiToken := getTokenForLoggedInUser(t, session, auth.AccessTokenScopeWriteRepository)
+
+	mirrorName := fmt.Sprintf("pullmirror-%s", sourceRepo.Name)
+	form := &structs.MigrateRepoOptions{
+		CloneAddr: sourceRepo.CloneLink().HTTPS,
+		Service:   "git",
+		RepoOwner: "user2",
+		RepoName:  mirrorName,
+		Mirror:    true,
+	}
+	if authenticate {
+		form.AuthUsername = "user2"
+		form.AuthPassword = getTokenForLoggedInUser(t, session, auth.AccessTokenScopeReadRepository)
+	}
+
+	resp := session.MakeRequest(t,
+		NewRequestWithJSON(t, "POST", "/api/v1/repos/migrate", form).AddTokenAuth(apiToken),
+		http.StatusCreated)
+	var repo structs.Repository
+	DecodeJSON(t, resp, &repo)
+	assert.NotNil(t, repo)
+	assert.True(t, repo.Mirror)
+	assert.False(t, repo.Empty)
+
+	return mirrorName
+}
+
+func verifyPullMirrorViaWeb(t *testing.T, sourceRepo *repo_model.Repository, mirrorName string, authenticate bool) {
+	session := loginUser(t, "user2")
+	resp := session.MakeRequest(t,
+		NewRequestf(t, "GET", "/user2/%s/settings", mirrorName),
+		http.StatusOK)
+	htmlDoc := NewHTMLParser(t, resp.Body)
+	htmlDoc.AssertAttrEqual(t, "#mirror_address", "value", sourceRepo.CloneLink().HTTPS)
+	if authenticate {
+		htmlDoc.AssertAttrEqual(t, "#mirror_username", "value", "user2")
+		htmlDoc.AssertAttrEqual(t, "#mirror_password", "value", "")
+		htmlDoc.AssertAttrEqual(t, "#mirror_password", "placeholder", "(Unchanged)")
+	} else {
+		htmlDoc.AssertAttrEqual(t, "#mirror_username", "value", "")
+		htmlDoc.AssertAttrEqual(t, "#mirror_password", "value", "")
+		htmlDoc.AssertAttrEqual(t, "#mirror_password", "placeholder", "(Unset)")
+	}
+
+	resp = session.MakeRequest(t,
+		NewRequestf(t, "GET", "/user2/%s", mirrorName),
+		http.StatusOK)
+	htmlDoc = NewHTMLParser(t, resp.Body)
+	htmlDoc.AssertElementPredicate(t, ".fork-flag", func(selection *goquery.Selection) bool {
+		text := strings.TrimSpace(selection.Text())
+		assert.Contains(t, text, "mirror of")
+		assert.Contains(t, text, sourceRepo.CloneLink().HTTPS)
+		return true
+	})
+}
+
+func triggerPullMirrorViaWeb(t *testing.T, mirrorName string) {
+	session := loginUser(t, "user2")
+
+	resp := session.MakeRequest(t,
+		NewRequestWithValues(t, "POST", fmt.Sprintf("/user2/%s/settings", mirrorName), map[string]string{"action": "mirror-sync"}),
+		http.StatusSeeOther)
+	location := resp.Header().Get("Location")
+	assert.Equal(t, fmt.Sprintf("/user2/%s/settings", mirrorName), location)
+}
+
+func triggerPullMirrorViaAPI(t *testing.T, mirrorName string) {
+	session := loginUser(t, "user2")
+	apiToken := getTokenForLoggedInUser(t, session, auth.AccessTokenScopeWriteRepository)
+
+	// Trigger sync...
+	session.MakeRequest(t,
+		NewRequestf(t, "POST", "/api/v1/repos/user2/%s/mirror-sync", mirrorName).AddTokenAuth(apiToken),
+		http.StatusOK)
+}
+
+func changePullMirrorCredentialsViaWeb(t *testing.T, sourceRepo *repo_model.Repository, mirrorName string, authenticate bool) {
+	session := loginUser(t, "user2")
+
+	form := map[string]string{
+		"action":         "mirror",
+		"enable_prune":   "on",
+		"interval":       "8h0m0s",
+		"mirror_address": sourceRepo.CloneLink().HTTPS,
+	}
+	if authenticate {
+		form["mirror_username"] = "user2"
+		form["mirror_password"] = getTokenForLoggedInUser(t, session, auth.AccessTokenScopeReadRepository)
+	}
+
+	resp := session.MakeRequest(t,
+		NewRequestWithValues(t, "POST", fmt.Sprintf("/user2/%s/settings", mirrorName), form),
+		http.StatusSeeOther)
+	location := resp.Header().Get("Location")
+	assert.Equal(t, fmt.Sprintf("/user2/%s/settings", mirrorName), location)
+}
+
+func verifyPullMirrorContents(t *testing.T, mirrorName, expectedSha string) {
+	session := loginUser(t, "user2")
+	apiToken := getTokenForLoggedInUser(t, session, auth.AccessTokenScopeReadRepository)
+	resp := session.MakeRequest(t,
+		NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/%s/commits?sha=main&limit=1", mirrorName)).AddTokenAuth(apiToken),
+		http.StatusOK)
+	var commits []*structs.Commit
+	DecodeJSON(t, resp, &commits)
+	require.Len(t, commits, 1)
+	assert.Equal(t, expectedSha, commits[0].SHA)
+}
+
+func waitForPullMirror(t *testing.T, mirrorName, expectedSha string) {
+	session := loginUser(t, "user2")
+	apiToken := getTokenForLoggedInUser(t, session, auth.AccessTokenScopeReadRepository)
+
+	var commits []*structs.Commit
+	if !assert.Eventually(t,
+		func() bool {
+			resp := session.MakeRequest(t,
+				NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/user2/%s/commits?sha=main&limit=1", mirrorName)).AddTokenAuth(apiToken),
+				http.StatusOK)
+			DecodeJSON(t, resp, &commits)
+			require.Len(t, commits, 1)
+			return commits[0].SHA == expectedSha
+		},
+		15*time.Second, 1*time.Second) {
+		t.Logf("sync was supposed to bring repo to commit %s, but observed commits = %#v", expectedSha, commits)
+	}
+}
+
+func getGitConfig(t *testing.T, configFile, configPath string) string {
+	stdout, stderr, err := process.GetManager().Exec("getGitConfig", "git", "config", "get", "--file", configFile, configPath)
+	require.NoError(t, err, "fetch config %s failed: git stderr: %s", configPath, stderr)
+	return strings.TrimSpace(stdout)
+}
+
+func verifyPullMirrorConfig(t *testing.T, mirrorName string, sourceRepo *repo_model.Repository, authenticate bool) {
+	mirrorRepo, err := repo_model.GetRepositoryByOwnerAndName(t.Context(), "user2", mirrorName)
 	require.NoError(t, err)
 
-	require.NoError(t, release_service.CreateRelease(gitRepo, &repo_model.Release{
-		RepoID:       repo.ID,
-		Repo:         repo,
-		PublisherID:  user.ID,
-		Publisher:    user,
-		TagName:      "v0.2",
-		Target:       "master",
-		Title:        "v0.2 is released",
-		Note:         "v0.2 is released",
-		IsDraft:      false,
-		IsPrerelease: false,
-		IsTag:        true,
-	}, "", []*release_service.AttachmentChange{}))
+	repoPath := mirrorRepo.RepoPath()
+	configPath := path.Join(repoPath, "config")
 
-	_, err = repo_model.GetMirrorByRepoID(ctx, mirror.ID)
+	expectedURL := sourceRepo.CloneLink().HTTPS
+	if authenticate {
+		expectedURL = strings.Replace(expectedURL, "http://", "http://user2@", 1)
+	}
+	assert.Equal(t, expectedURL, getGitConfig(t, configPath, "remote.origin.url"))
+	assert.Equal(t, "true", getGitConfig(t, configPath, "remote.origin.mirror"))
+	assert.Equal(t, "+refs/tags/*:refs/tags/*", getGitConfig(t, configPath, "remote.origin.fetch"))
+}
+
+func changePullMirrorSource(t *testing.T, sourceRepo *repo_model.Repository, sourceRepoSha string) string {
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	resp, err := files_service.ChangeRepoFiles(git.DefaultContext, sourceRepo, user2,
+		&files_service.ChangeRepoFilesOptions{
+			Files: []*files_service.ChangeRepoFile{
+				{
+					Operation:     "update",
+					TreePath:      "docs.md",
+					ContentReader: strings.NewReader(uuid.NewString()),
+				},
+			},
+			Message:   "add files",
+			OldBranch: "main",
+			NewBranch: "main",
+			Author: &files_service.IdentityOptions{
+				Name:  user2.Name,
+				Email: user2.Email,
+			},
+			Committer: &files_service.IdentityOptions{
+				Name:  user2.Name,
+				Email: user2.Email,
+			},
+			Dates: &files_service.CommitDateOptions{
+				Author:    time.Now(),
+				Committer: time.Now(),
+			},
+			LastCommitID: sourceRepoSha,
+		})
 	require.NoError(t, err)
+	assert.NotEmpty(t, resp)
+	return resp.Commit.SHA
+}
 
-	ok := mirror_service.SyncPullMirror(ctx, mirror.ID)
-	assert.True(t, ok)
+func renamePullMirrorSourceRepo(t *testing.T, sourceRepo *repo_model.Repository) *repo_model.Repository {
+	session := loginUser(t, "user2")
+	apiToken := getTokenForLoggedInUser(t, session, auth.AccessTokenScopeWriteRepository)
 
-	count, err := db.Count[repo_model.Release](db.DefaultContext, findOptions)
-	require.NoError(t, err)
-	assert.Equal(t, initCount+1, count)
+	newName := uuid.NewString()
+	session.MakeRequest(t,
+		NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/repos/user2/%s", sourceRepo.Name),
+			&structs.EditRepoOption{
+				Name: &newName,
+			}).AddTokenAuth(apiToken),
+		http.StatusOK)
 
-	release, err := repo_model.GetRelease(db.DefaultContext, repo.ID, "v0.2")
-	require.NoError(t, err)
-	require.NoError(t, release_service.DeleteReleaseByID(ctx, repo, release, user, true))
-
-	ok = mirror_service.SyncPullMirror(ctx, mirror.ID)
-	assert.True(t, ok)
-
-	count, err = db.Count[repo_model.Release](db.DefaultContext, findOptions)
-	require.NoError(t, err)
-	assert.Equal(t, initCount, count)
+	newRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: sourceRepo.ID})
+	assert.Equal(t, newRepo.Name, newName)
+	assert.NotEqual(t, newRepo.CloneLink().HTTPS, sourceRepo.CloneLink().HTTPS) // should have changed to new name
+	return newRepo
 }
 
 func TestPullMirrorRedactCredentials(t *testing.T) {

From 2d2029c5982e898b39e826a5eee76d6107d12b50 Mon Sep 17 00:00:00 2001
From: limiting-factor <limiting-factor@posteo.com>
Date: Sat, 4 Apr 2026 16:29:14 +0200
Subject: [PATCH 627/854] tests: make buffer log writer thread safe (#11962)

When two goroutines attempt to access the content of the buffer log writer, they must be made thread safe with a write mutex.

The buffer log writer is only used in testing.

## Checklist

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11962
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: limiting-factor <limiting-factor@posteo.com>
Co-committed-by: limiting-factor <limiting-factor@posteo.com>
---
 .deadcode-out                           |  3 ++
 modules/log/event_writer_buffer.go      | 42 ++++++++++++++++++++-----
 modules/log/event_writer_buffer_test.go | 12 +++----
 modules/log/logger_impl_test.go         |  2 +-
 4 files changed, 44 insertions(+), 15 deletions(-)

diff --git a/.deadcode-out b/.deadcode-out
index 45ad117ccd..0c44d2bdfd 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -134,6 +134,9 @@ forgejo.org/modules/json
 	StdJSON.Indent
 
 forgejo.org/modules/log
+	eventWriterBuffer.Close
+	eventWriterBuffer.Write
+	eventWriterBuffer.GetString
 	NewEventWriterBuffer
 
 forgejo.org/modules/markup
diff --git a/modules/log/event_writer_buffer.go b/modules/log/event_writer_buffer.go
index 28857c2189..a7557618a8 100644
--- a/modules/log/event_writer_buffer.go
+++ b/modules/log/event_writer_buffer.go
@@ -5,18 +5,44 @@ package log
 
 import (
 	"bytes"
+	"sync"
 )
 
-type EventWriterBuffer struct {
-	*EventWriterBaseImpl
-	Buffer *bytes.Buffer
+type EventWriterBuffer interface {
+	EventWriter
+	GetString() string
 }
 
-var _ EventWriter = (*EventWriterBuffer)(nil)
+type eventWriterBuffer struct {
+	*EventWriterBaseImpl
+	buffer *bytes.Buffer
+	mu     sync.RWMutex
+}
 
-func NewEventWriterBuffer(name string, mode WriterMode) *EventWriterBuffer {
-	w := &EventWriterBuffer{EventWriterBaseImpl: NewEventWriterBase(name, "buffer", mode)}
-	w.Buffer = new(bytes.Buffer)
-	w.OutputWriteCloser = nopCloser{w.Buffer}
+var _ EventWriterBuffer = (*eventWriterBuffer)(nil)
+
+func (*eventWriterBuffer) Close() error {
+	return nil
+}
+
+func (o *eventWriterBuffer) Write(p []byte) (n int, err error) {
+	o.mu.Lock()
+	defer o.mu.Unlock()
+	return o.buffer.Write(p)
+}
+
+func (o *eventWriterBuffer) GetString() string {
+	o.mu.Lock()
+	defer o.mu.Unlock()
+	b := o.buffer.Bytes()
+	s := make([]byte, len(b))
+	copy(s, b)
+	return string(s)
+}
+
+func NewEventWriterBuffer(name string, mode WriterMode) EventWriter {
+	w := &eventWriterBuffer{EventWriterBaseImpl: NewEventWriterBase(name, "buffer", mode)}
+	w.buffer = new(bytes.Buffer)
+	w.OutputWriteCloser = w
 	return w
 }
diff --git a/modules/log/event_writer_buffer_test.go b/modules/log/event_writer_buffer_test.go
index d1e37c3673..ac0759ad0b 100644
--- a/modules/log/event_writer_buffer_test.go
+++ b/modules/log/event_writer_buffer_test.go
@@ -29,7 +29,7 @@ func TestBufferLogger(t *testing.T) {
 		MsgSimpleText: expected,
 	})
 	logger.Close()
-	assert.Contains(t, bufferWriter.Buffer.String(), expected)
+	assert.Contains(t, bufferWriter.(log.EventWriterBuffer).GetString(), expected)
 }
 
 func TestBufferLoggerWithExclusion(t *testing.T) {
@@ -41,7 +41,7 @@ func TestBufferLoggerWithExclusion(t *testing.T) {
 		Level:     level,
 		Prefix:    prefix,
 		Exclusion: message,
-	})
+	}).(log.EventWriterBuffer)
 
 	logger := log.NewLoggerWithWriters(t.Context(), "test", bufferWriter)
 
@@ -50,7 +50,7 @@ func TestBufferLoggerWithExclusion(t *testing.T) {
 		MsgSimpleText: message,
 	})
 	logger.Close()
-	assert.NotContains(t, bufferWriter.Buffer.String(), message)
+	assert.NotContains(t, bufferWriter.GetString(), message)
 }
 
 func TestBufferLoggerWithExpressionAndExclusion(t *testing.T) {
@@ -64,7 +64,7 @@ func TestBufferLoggerWithExpressionAndExclusion(t *testing.T) {
 		Prefix:     prefix,
 		Expression: expression,
 		Exclusion:  exclusion,
-	})
+	}).(log.EventWriterBuffer)
 
 	logger := log.NewLoggerWithWriters(t.Context(), "test", bufferWriter)
 
@@ -74,6 +74,6 @@ func TestBufferLoggerWithExpressionAndExclusion(t *testing.T) {
 	logger.SendLogEvent(&log.Event{Level: log.INFO, MsgSimpleText: "none"})
 	logger.Close()
 
-	assert.Contains(t, bufferWriter.Buffer.String(), "foo expression")
-	assert.NotContains(t, bufferWriter.Buffer.String(), "bar")
+	assert.Contains(t, bufferWriter.GetString(), "foo expression")
+	assert.NotContains(t, bufferWriter.GetString(), "bar")
 }
diff --git a/modules/log/logger_impl_test.go b/modules/log/logger_impl_test.go
index 59276a83f4..1d77ae0c25 100644
--- a/modules/log/logger_impl_test.go
+++ b/modules/log/logger_impl_test.go
@@ -23,5 +23,5 @@ func TestLog(t *testing.T) {
 	testGeneric(logger, "I'm the generic value!")
 	logger.Close()
 
-	assert.Contains(t, bufferWriter.Buffer.String(), ".../logger_impl_test.go:13:testGeneric() [I] Just testing the logging of a generic function I'm the generic value!")
+	assert.Contains(t, bufferWriter.(EventWriterBuffer).GetString(), ".../logger_impl_test.go:13:testGeneric() [I] Just testing the logging of a generic function I'm the generic value!")
 }

From df86b495dc76204c1a8c188ef1a8833c7a8cc8b4 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sat, 4 Apr 2026 18:23:06 +0200
Subject: [PATCH 628/854] feat: support `timezone` in scheduled workflows
 (#11851)

GitHub recently added the ability to [specify a time zone for scheduled workflows](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#onschedule), thereby making it possible to run scheduled workflows at a certain local time, no matter whether daylight saving time (DST) is currently active or not. Example copied from GitHub's documentation:

```yaml
on:
  schedule:
    - cron: '30 5 * * 1-5'
      timezone: "America/New_York"
```

The workflow would run at 05:30 each morning in the America/New_York timezone every Monday through Friday. `timezone` accepts IANA time zone names. If `timezone` is absent, `Etc/UTC` is used. GitHub runs workflows that were scheduled during DST jumps forward, for example, between 2 o'clock and 3 o'clock, directly after the clock jumped forward. In this case, that would be 3 o'clock.

Forgejo already supports time zones by prepending cron schedules with `TZ=<zone-id>` or `CRON_TZ=<zone-id>`:

```yaml
on:
  schedule:
    - cron: 'CRON_TZ=America/New_York 30 5 * * 1-5'
```

However, that capability is not documented. Workflows that are scheduled to run during DST changes are skipped when the clock jumps forward and run twice when it jumps backward.

This two-part PR adds support for `timezone` to improve compatibility with GitHub. `TZ` and `CRON_TZ` continue working. When both `timezone` and `TZ` or `CRON_TZ` are present, `timezone` takes precedence. When neither `timezone` nor `TZ` nor `CRON_TZ` are present, `Etc/UTC` is used as before. Because `TZ` and `CRON_TZ` were already supported by Forgejo before GitHub introduced `timezone`, `timezone` behaves during DST changes as previous versions of Forgejo, thereby deviating from GitHub. That means that workflows that are scheduled to run during DST changes are skipped when the clock jumps forward. And they run twice when it jumps backwards. However, it is generally recommended not to schedule workflows during the time of day when DST changes occur.

This part of the PR integrates the [workflow validation and parsing of the `timezone` field](https://code.forgejo.org/forgejo/runner/pulls/1454) supplied by Forgejo Runner.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - https://codeberg.org/forgejo/docs/pulls/1853
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11851): <!--number 11851 --><!--line 0 --><!--description c3VwcG9ydCBgdGltZXpvbmVgIGluIHNjaGVkdWxlZCB3b3JrZmxvd3M=-->support `timezone` in scheduled workflows<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: Renovate Bot <bot@kriese.eu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11851
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 go.mod                                        |   2 +-
 go.sum                                        |   4 +-
 models/actions/schedule.go                    |  22 +---
 models/actions/schedule_spec.go               |  44 ++++++--
 models/actions/schedule_spec_test.go          |  79 ++++++++++++--
 models/actions/schedule_test.go               | 102 ++++++++++++++++++
 .../v15c_add_schedule_spec_time_zones.go      |  31 ++++++
 .../action_schedule.yml                       |   4 -
 services/actions/notifier_helper.go           |  14 ++-
 services/actions/schedule_tasks_test.go       |  30 ++++--
 tests/integration/actions_trigger_test.go     |  49 ++++++++-
 11 files changed, 323 insertions(+), 58 deletions(-)
 create mode 100644 models/actions/schedule_test.go
 create mode 100644 models/forgejo_migrations/v15c_add_schedule_spec_time_zones.go

diff --git a/go.mod b/go.mod
index c02310548b..37039873c8 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.7.3
+	code.forgejo.org/forgejo/runner/v12 v12.8.0
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index 8c06077317..cd477466b7 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.7.3 h1:+thSawVfLeAZaWB6sYeUPvLj4lxYjCIDt/ktvkfX5Rs=
-code.forgejo.org/forgejo/runner/v12 v12.7.3/go.mod h1:OO+Vy9Dww6WNV7GG/6VUWo/0WwXY+ASGlINmAfEA9Ws=
+code.forgejo.org/forgejo/runner/v12 v12.8.0 h1:/MqOseYbsGaQ2qzepaZr3VyuqpESvSP/ZnC2aKfmU3g=
+code.forgejo.org/forgejo/runner/v12 v12.8.0/go.mod h1:sgDAYfO4NJI1kUzGuD7klHuoFLQzWmZPw0erg7QlbJU=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=
diff --git a/models/actions/schedule.go b/models/actions/schedule.go
index 05c9f15d38..8c410b9d38 100644
--- a/models/actions/schedule.go
+++ b/models/actions/schedule.go
@@ -5,7 +5,6 @@ package actions
 
 import (
 	"context"
-	"time"
 
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
@@ -21,7 +20,7 @@ import (
 type ActionSchedule struct {
 	ID                int64
 	Title             string
-	Specs             []string
+	Specs             []*ActionScheduleSpec  `xorm:"-"`
 	RepoID            int64                  `xorm:"index"`
 	Repo              *repo_model.Repository `xorm:"-"`
 	OwnerID           int64                  `xorm:"index"`
@@ -73,25 +72,12 @@ func CreateScheduleTask(ctx context.Context, rows []*ActionSchedule) error {
 			return err
 		}
 
-		// Loop through each schedule spec and create a new spec row
-		now := time.Now()
-
 		for _, spec := range row.Specs {
-			specRow := &ActionScheduleSpec{
-				RepoID:     row.RepoID,
-				ScheduleID: row.ID,
-				Spec:       spec,
-			}
-			// Parse the spec and check for errors
-			schedule, err := specRow.Parse()
-			if err != nil {
-				continue // skip to the next spec if there's an error
-			}
-
-			specRow.Next = timeutil.TimeStamp(schedule.Next(now).Unix())
+			spec.ScheduleID = row.ID
+			spec.RepoID = row.RepoID
 
 			// Insert the new schedule spec row
-			if err = db.Insert(ctx, specRow); err != nil {
+			if err = db.Insert(ctx, spec); err != nil {
 				return err
 			}
 		}
diff --git a/models/actions/schedule_spec.go b/models/actions/schedule_spec.go
index 83bdceb850..bcaee8bd6f 100644
--- a/models/actions/schedule_spec.go
+++ b/models/actions/schedule_spec.go
@@ -10,6 +10,7 @@ import (
 
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/timeutil"
 
 	"github.com/robfig/cron/v3"
@@ -27,13 +28,28 @@ type ActionScheduleSpec struct {
 	// started or this entry's schedule is unsatisfiable
 	Next timeutil.TimeStamp `xorm:"index"`
 	// Prev is the last time this job was run, or the zero time if never.
-	Prev timeutil.TimeStamp
-	Spec string
+	Prev     timeutil.TimeStamp
+	Spec     string
+	TimeZone optional.Option[string]
 
 	Created timeutil.TimeStamp `xorm:"created"`
 	Updated timeutil.TimeStamp `xorm:"updated"`
 }
 
+func NewActionScheduleSpec(cron string, tz optional.Option[string], referenceTime time.Time) (*ActionScheduleSpec, error) {
+	spec := &ActionScheduleSpec{
+		Spec:     cron,
+		TimeZone: tz,
+	}
+	cronSchedule, err := spec.Parse()
+	if err != nil {
+		return nil, err
+	}
+
+	spec.Next = timeutil.TimeStamp(cronSchedule.Next(referenceTime).Unix())
+	return spec, nil
+}
+
 // Parse parses the spec and returns a cron.Schedule
 // Unlike the default cron parser, Parse uses UTC timezone as the default if none is specified.
 func (s *ActionScheduleSpec) Parse() (cron.Schedule, error) {
@@ -43,19 +59,29 @@ func (s *ActionScheduleSpec) Parse() (cron.Schedule, error) {
 		return nil, err
 	}
 
-	// If the spec has specified a timezone, use it
-	if strings.HasPrefix(s.Spec, "TZ=") || strings.HasPrefix(s.Spec, "CRON_TZ=") {
-		return schedule, nil
-	}
-
 	specSchedule, ok := schedule.(*cron.SpecSchedule)
 	// If it's not a spec schedule, like "@every 5m", timezone is not relevant
 	if !ok {
 		return schedule, nil
 	}
 
-	// Set the timezone to UTC
-	specSchedule.Location = time.UTC
+	// If `timezone` is not defined in the workflow, but the spec includes a timezone, use it.
+	if !s.TimeZone.Has() && (strings.HasPrefix(s.Spec, "TZ=") || strings.HasPrefix(s.Spec, "CRON_TZ=")) {
+		return schedule, nil
+	}
+
+	var location *time.Location
+	if present, tz := s.TimeZone.Get(); present {
+		location, err = time.LoadLocation(tz)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		// UTC is the default time zone.
+		location = time.UTC
+	}
+
+	specSchedule.Location = location
 	return specSchedule, nil
 }
 
diff --git a/models/actions/schedule_spec_test.go b/models/actions/schedule_spec_test.go
index 0c26fce4b2..eb3a83d0a6 100644
--- a/models/actions/schedule_spec_test.go
+++ b/models/actions/schedule_spec_test.go
@@ -7,6 +7,8 @@ import (
 	"testing"
 	"time"
 
+	"forgejo.org/modules/optional"
+
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -21,50 +23,105 @@ func TestActionScheduleSpec_Parse(t *testing.T) {
 	}()
 	time.Local = tz
 
-	now, err := time.Parse(time.RFC3339, "2024-07-31T15:47:55+08:00")
-	require.NoError(t, err)
-
 	tests := []struct {
-		name    string
-		spec    string
-		want    string
-		wantErr assert.ErrorAssertionFunc
+		name     string
+		refTime  time.Time
+		spec     string
+		timeZone string
+		want     string
+		wantErr  assert.ErrorAssertionFunc
 	}{
 		{
 			name:    "regular",
+			refTime: time.Date(2024, 7, 31, 15, 47, 55, 0, time.Local),
 			spec:    "0 10 * * *",
 			want:    "2024-07-31T10:00:00Z",
 			wantErr: assert.NoError,
 		},
 		{
 			name:    "invalid",
+			refTime: time.Date(2024, 7, 31, 15, 47, 55, 0, time.Local),
 			spec:    "0 10 * *",
 			want:    "",
 			wantErr: assert.Error,
 		},
 		{
-			name:    "with timezone",
+			name:    "with TZ in cron schedule",
+			refTime: time.Date(2024, 7, 31, 15, 47, 55, 0, time.Local),
 			spec:    "TZ=America/New_York 0 10 * * *",
 			want:    "2024-07-31T14:00:00Z",
 			wantErr: assert.NoError,
 		},
 		{
-			name:    "timezone irrelevant",
+			name:    "with CRON_TZ in cron schedule",
+			refTime: time.Date(2024, 7, 31, 15, 47, 55, 0, time.Local),
+			spec:    "CRON_TZ=America/New_York 0 10 * * *",
+			want:    "2024-07-31T14:00:00Z",
+			wantErr: assert.NoError,
+		},
+		{
+			name:     "with separate time zone",
+			refTime:  time.Date(2024, 7, 31, 15, 47, 55, 0, time.Local),
+			spec:     "0 10 * * *",
+			timeZone: "America/New_York",
+			want:     "2024-07-31T14:00:00Z",
+			wantErr:  assert.NoError,
+		},
+		{
+			name:     "separate time zone takes precedence over inlined time zone",
+			refTime:  time.Date(2024, 7, 31, 15, 47, 55, 0, time.Local),
+			spec:     "CRON_TZ=Europe/Berlin 0 10 * * *",
+			timeZone: "America/New_York",
+			want:     "2024-07-31T14:00:00Z",
+			wantErr:  assert.NoError,
+		},
+		{
+			name:    "time zone irrelevant",
+			refTime: time.Date(2024, 7, 31, 15, 47, 55, 0, time.Local),
 			spec:    "@every 5m",
 			want:    "2024-07-31T07:52:55Z",
 			wantErr: assert.NoError,
 		},
+		{
+			// The various cron implementations handle the DST jump forwards differently. The most popular approaches
+			// are (a) scheduling all jobs at 3 o'clock that were supposed to run between 2 and 3 o'clock, or (b)
+			// skipping the execution on that day because any time between 2 and 3 o'clock never happened. Forgejo uses
+			// option B because the code it inherited already did that and was exposed to users.
+			name:     "skips execution during DST jump forwards",
+			refTime:  time.Date(2025, 3, 30, 1, 5, 0, 0, time.UTC),
+			spec:     "10 2 * * *", // The clock jumps at 2 o'clock to 3 o'clock.
+			timeZone: "Europe/Berlin",
+			want:     "2025-03-31T00:10:00Z",
+			wantErr:  assert.NoError,
+		},
+		{
+			name:     "executes a first time before DST jump backwards",
+			refTime:  time.Date(2025, 10, 26, 0, 5, 0, 0, time.UTC),
+			spec:     "10 2 * * *", // The clock jumps at 3 o'clock to 2 o'clock.
+			timeZone: "Europe/Berlin",
+			want:     "2025-10-26T00:10:00Z",
+			wantErr:  assert.NoError,
+		},
+		{
+			name:     "executes a second time after DST jump backwards",
+			refTime:  time.Date(2025, 10, 26, 1, 5, 0, 0, time.UTC),
+			spec:     "10 2 * * *", // The clock jumps at 3 o'clock to 2 o'clock.
+			timeZone: "Europe/Berlin",
+			want:     "2025-10-26T01:10:00Z",
+			wantErr:  assert.NoError,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			s := &ActionScheduleSpec{
-				Spec: tt.spec,
+				Spec:     tt.spec,
+				TimeZone: optional.FromNonDefault(tt.timeZone),
 			}
 			got, err := s.Parse()
 			tt.wantErr(t, err)
 
 			if err == nil {
-				assert.Equal(t, tt.want, got.Next(now).UTC().Format(time.RFC3339))
+				assert.Equal(t, tt.want, got.Next(tt.refTime).UTC().Format(time.RFC3339))
 			}
 		})
 	}
diff --git a/models/actions/schedule_test.go b/models/actions/schedule_test.go
new file mode 100644
index 0000000000..016185cb42
--- /dev/null
+++ b/models/actions/schedule_test.go
@@ -0,0 +1,102 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"testing"
+	"time"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+	"forgejo.org/models/user"
+	"forgejo.org/modules/optional"
+	"forgejo.org/modules/timeutil"
+	"forgejo.org/modules/webhook"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestScheduleCreateScheduleTask(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user.User{ID: 2})
+	repo62 := unittest.AssertExistsAndLoadBean(t, &repo.Repository{ID: 62, Name: "test_workflows", OwnerID: user2.ID})
+
+	content := `
+on:
+  push:
+  schedule:
+    - cron: "2 13 * * *"
+    - cron: "03 13 * * *"
+      timezone: Europe/Paris
+jobs:
+  test:
+    runs-on: debian
+    steps:
+      - run: |
+          echo "OK"
+`
+
+	referenceTime := time.Date(2026, 3, 27, 17, 41, 21, 0, time.UTC)
+
+	specWithoutTZ, err := NewActionScheduleSpec("2 13 * * *", optional.None[string](), referenceTime)
+	require.NoError(t, err)
+
+	specWithTZ, err := NewActionScheduleSpec("3 13 * * *", optional.Some("Europe/Paris"), referenceTime)
+	require.NoError(t, err)
+
+	schedule := &ActionSchedule{
+		Title:             ".forgejo/workflows/test.yaml",
+		Specs:             []*ActionScheduleSpec{specWithoutTZ, specWithTZ},
+		RepoID:            repo62.ID,
+		OwnerID:           user2.ID,
+		WorkflowID:        "test.yaml",
+		WorkflowDirectory: ".forgejo/workflows",
+		TriggerUserID:     -2,
+		Ref:               "main",
+		CommitSHA:         "6af834a5bc97c1a337eb3a21d26903c5cdceca0c",
+		Event:             webhook.HookEventPush,
+		EventPayload:      "{\"action\":\"schedule\"}",
+		Content:           []byte(content),
+	}
+
+	err = CreateScheduleTask(t.Context(), []*ActionSchedule{schedule})
+	require.NoError(t, err)
+
+	schedules, err := db.Find[ActionSchedule](t.Context(), FindScheduleOptions{OwnerID: user2.ID, RepoID: repo62.ID})
+	require.NoError(t, err)
+	require.Len(t, schedules, 1)
+
+	assert.NotZero(t, schedules[0].ID)
+	assert.Equal(t, ".forgejo/workflows/test.yaml", schedules[0].Title)
+	assert.Equal(t, "test.yaml", schedules[0].WorkflowID)
+	assert.Equal(t, ".forgejo/workflows", schedules[0].WorkflowDirectory)
+	assert.Equal(t, int64(-2), schedules[0].TriggerUserID)
+	assert.Equal(t, "main", schedules[0].Ref)
+	assert.Equal(t, "6af834a5bc97c1a337eb3a21d26903c5cdceca0c", schedules[0].CommitSHA)
+	assert.Equal(t, webhook.HookEventPush, schedules[0].Event)
+	assert.JSONEq(t, "{\"action\":\"schedule\"}", schedules[0].EventPayload)
+	assert.Equal(t, []byte(content), schedules[0].Content)
+
+	specs, total, err := FindSpecs(t.Context(), FindSpecOptions{RepoID: repo62.ID})
+	require.NoError(t, err)
+
+	assert.Equal(t, int64(2), total)
+
+	assert.NotZero(t, specs[0].ID)
+	assert.Equal(t, schedules[0].ID, specs[0].ScheduleID)
+	assert.Equal(t, timeutil.TimeStamp(1774699380), specs[0].Next)
+	assert.Equal(t, "3 13 * * *", specs[0].Spec)
+	assert.Equal(t, optional.Some("Europe/Paris"), specs[0].TimeZone)
+	assert.Zero(t, specs[0].Prev)
+
+	assert.NotZero(t, specs[1].ID)
+	assert.Equal(t, schedules[0].ID, specs[1].ScheduleID)
+	assert.Equal(t, timeutil.TimeStamp(1774702920), specs[1].Next)
+	assert.Equal(t, "2 13 * * *", specs[1].Spec)
+	assert.Equal(t, optional.None[string](), specs[1].TimeZone)
+	assert.Zero(t, specs[1].Prev)
+}
diff --git a/models/forgejo_migrations/v15c_add_schedule_spec_time_zones.go b/models/forgejo_migrations/v15c_add_schedule_spec_time_zones.go
new file mode 100644
index 0000000000..d72d585725
--- /dev/null
+++ b/models/forgejo_migrations/v15c_add_schedule_spec_time_zones.go
@@ -0,0 +1,31 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"forgejo.org/modules/optional"
+
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add time zone support to action_schedule_spec",
+		Upgrade:     addActionScheduleSpecTimeZone,
+	})
+}
+
+func addActionScheduleSpecTimeZone(x *xorm.Engine) error {
+	type ActionScheduleSpec struct {
+		TimeZone optional.Option[string]
+	}
+
+	_, err := x.SyncWithOptions(xorm.SyncOptions{IgnoreDropIndices: true}, new(ActionScheduleSpec))
+	if err != nil {
+		return err
+	}
+
+	_, err = x.Exec("ALTER TABLE action_schedule DROP COLUMN `specs`")
+	return err
+}
diff --git a/services/actions/TestServiceActions_startTask/action_schedule.yml b/services/actions/TestServiceActions_startTask/action_schedule.yml
index d0e7234475..8102e3f9e3 100644
--- a/services/actions/TestServiceActions_startTask/action_schedule.yml
+++ b/services/actions/TestServiceActions_startTask/action_schedule.yml
@@ -2,8 +2,6 @@
 -
   id: 1
   title: schedule_title1
-  specs:
-    - '* * * * *'
   repo_id: 4
   owner_id: 2
   workflow_id: 'workflow1.yml'
@@ -23,8 +21,6 @@
 -
   id: 2
   title: schedule_title2
-  specs:
-    - '* * * * *'
   repo_id: 4
   owner_id: 2
   workflow_id: 'workflow2.yml'
diff --git a/services/actions/notifier_helper.go b/services/actions/notifier_helper.go
index c6af9b5b82..5e048a83ad 100644
--- a/services/actions/notifier_helper.go
+++ b/services/actions/notifier_helper.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"slices"
 	"strings"
+	"time"
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
@@ -24,6 +25,7 @@ import (
 	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/util"
@@ -574,6 +576,16 @@ func handleSchedules(
 			continue
 		}
 
+		now := time.Now()
+		specs := make([]*actions_model.ActionScheduleSpec, 0, len(schedules))
+		for _, schedule := range schedules {
+			scheduleSpec, err := actions_model.NewActionScheduleSpec(schedule.Cron, optional.FromNonDefault(schedule.TimeZone), now)
+			if err != nil {
+				return err
+			}
+			specs = append(specs, scheduleSpec)
+		}
+
 		title := workflow.Name
 		if len(title) < 1 {
 			title = dwf.GetWorkflowPath()
@@ -590,7 +602,7 @@ func handleSchedules(
 			CommitSHA:         commit.ID.String(),
 			Event:             input.Event,
 			EventPayload:      string(p),
-			Specs:             schedules,
+			Specs:             specs,
 			Content:           dwf.Content,
 		}
 		crons = append(crons, run)
diff --git a/services/actions/schedule_tasks_test.go b/services/actions/schedule_tasks_test.go
index 9bf964fd90..57ee6b955a 100644
--- a/services/actions/schedule_tasks_test.go
+++ b/services/actions/schedule_tasks_test.go
@@ -6,12 +6,14 @@ package actions
 import (
 	"context"
 	"testing"
+	"time"
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/test"
 	"forgejo.org/modules/timeutil"
 	webhook_module "forgejo.org/modules/webhook"
@@ -29,6 +31,9 @@ func TestServiceActions_startTask(t *testing.T) {
 	// Load fixtures that are corrupted and create one valid scheduled workflow
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
 
+	spec, err := actions_model.NewActionScheduleSpec("* * * * *", optional.None[string](), time.Now())
+	require.NoError(t, err)
+
 	workflowID := "some.yml"
 	schedules := []*actions_model.ActionSchedule{
 		{
@@ -42,7 +47,7 @@ func TestServiceActions_startTask(t *testing.T) {
 			CommitSHA:         "fakeSHA",
 			Event:             webhook_module.HookEventSchedule,
 			EventPayload:      "fakepayload",
-			Specs:             []string{"* * * * *"},
+			Specs:             []*actions_model.ActionScheduleSpec{spec},
 			Content: []byte(
 				`
 jobs:
@@ -57,7 +62,7 @@ jobs:
 	require.Equal(t, 2, unittest.GetCount(t, actions_model.ActionScheduleSpec{}))
 	require.NoError(t, actions_model.CreateScheduleTask(t.Context(), schedules))
 	require.Equal(t, 3, unittest.GetCount(t, actions_model.ActionScheduleSpec{}))
-	_, err := db.GetEngine(db.DefaultContext).Exec("UPDATE `action_schedule_spec` SET next = 1")
+	_, err = db.GetEngine(db.DefaultContext).Exec("UPDATE `action_schedule_spec` SET next = 1")
 	require.NoError(t, err)
 
 	// After running startTasks an ActionRun row is created for the valid scheduled workflow
@@ -291,6 +296,9 @@ func TestServiceActions_DynamicMatrix(t *testing.T) {
 	// Load fixtures that are corrupted and create one valid scheduled workflow
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
 
+	spec, err := actions_model.NewActionScheduleSpec("* * * * *", optional.None[string](), time.Now())
+	require.NoError(t, err)
+
 	workflowID := "some.yml"
 	schedules := []*actions_model.ActionSchedule{
 		{
@@ -304,7 +312,7 @@ func TestServiceActions_DynamicMatrix(t *testing.T) {
 			CommitSHA:         "fakeSHA",
 			Event:             webhook_module.HookEventSchedule,
 			EventPayload:      "fakepayload",
-			Specs:             []string{"* * * * *"},
+			Specs:             []*actions_model.ActionScheduleSpec{spec},
 			Content: []byte(
 				`
 jobs:
@@ -322,7 +330,7 @@ jobs:
 	require.Equal(t, 2, unittest.GetCount(t, actions_model.ActionScheduleSpec{}))
 	require.NoError(t, actions_model.CreateScheduleTask(t.Context(), schedules))
 	require.Equal(t, 3, unittest.GetCount(t, actions_model.ActionScheduleSpec{}))
-	_, err := db.GetEngine(db.DefaultContext).Exec("UPDATE `action_schedule_spec` SET next = 1")
+	_, err = db.GetEngine(db.DefaultContext).Exec("UPDATE `action_schedule_spec` SET next = 1")
 	require.NoError(t, err)
 
 	// After running startTasks an ActionRun row is created for the valid scheduled workflow
@@ -354,6 +362,9 @@ func TestServiceActions_RunsOnNeeds(t *testing.T) {
 	// Load fixtures that are corrupted and create one valid scheduled workflow
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
 
+	spec, err := actions_model.NewActionScheduleSpec("* * * * *", optional.None[string](), time.Now())
+	require.NoError(t, err)
+
 	workflowID := "some.yml"
 	schedules := []*actions_model.ActionSchedule{
 		{
@@ -366,7 +377,7 @@ func TestServiceActions_RunsOnNeeds(t *testing.T) {
 			CommitSHA:     "fakeSHA",
 			Event:         webhook_module.HookEventSchedule,
 			EventPayload:  "fakepayload",
-			Specs:         []string{"* * * * *"},
+			Specs:         []*actions_model.ActionScheduleSpec{spec},
 			Content: []byte(
 				`
 jobs:
@@ -381,7 +392,7 @@ jobs:
 	require.Equal(t, 2, unittest.GetCount(t, actions_model.ActionScheduleSpec{}))
 	require.NoError(t, actions_model.CreateScheduleTask(t.Context(), schedules))
 	require.Equal(t, 3, unittest.GetCount(t, actions_model.ActionScheduleSpec{}))
-	_, err := db.GetEngine(db.DefaultContext).Exec("UPDATE `action_schedule_spec` SET next = 1")
+	_, err = db.GetEngine(db.DefaultContext).Exec("UPDATE `action_schedule_spec` SET next = 1")
 	require.NoError(t, err)
 
 	// After running startTasks an ActionRun row is created for the valid scheduled workflow
@@ -440,6 +451,9 @@ func TestServiceActions_ExpandReusableWorkflow(t *testing.T) {
 	// Load fixtures that are corrupted and create one valid scheduled workflow
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
 
+	spec, err := actions_model.NewActionScheduleSpec("* * * * *", optional.None[string](), time.Now())
+	require.NoError(t, err)
+
 	workflowID := "some.yml"
 	schedules := []*actions_model.ActionSchedule{
 		{
@@ -452,7 +466,7 @@ func TestServiceActions_ExpandReusableWorkflow(t *testing.T) {
 			CommitSHA:     "fakeSHA",
 			Event:         webhook_module.HookEventSchedule,
 			EventPayload:  "fakepayload",
-			Specs:         []string{"* * * * *"},
+			Specs:         []*actions_model.ActionScheduleSpec{spec},
 			Content: []byte(
 				`
 jobs:
@@ -467,7 +481,7 @@ jobs:
 	require.Equal(t, 2, unittest.GetCount(t, actions_model.ActionScheduleSpec{}))
 	require.NoError(t, actions_model.CreateScheduleTask(t.Context(), schedules))
 	require.Equal(t, 3, unittest.GetCount(t, actions_model.ActionScheduleSpec{}))
-	_, err := db.GetEngine(db.DefaultContext).Exec("UPDATE `action_schedule_spec` SET next = 1")
+	_, err = db.GetEngine(db.DefaultContext).Exec("UPDATE `action_schedule_spec` SET next = 1")
 	require.NoError(t, err)
 
 	// After running startTasks an ActionRun row is created for the valid scheduled workflow
diff --git a/tests/integration/actions_trigger_test.go b/tests/integration/actions_trigger_test.go
index 4de8d625ab..914acadf14 100644
--- a/tests/integration/actions_trigger_test.go
+++ b/tests/integration/actions_trigger_test.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"slices"
 	"strings"
 	"testing"
 	"time"
@@ -23,6 +24,7 @@ import (
 	actions_module "forgejo.org/modules/actions"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
@@ -1136,13 +1138,18 @@ func TestActionsWorkflowDispatchConcurrencyGroup(t *testing.T) {
 }
 
 func TestActionsScheduledWorkflow(t *testing.T) {
+	type expectedSpec struct {
+		cron     string
+		timeZone optional.Option[string]
+	}
+
 	testCases := []struct {
 		name                  string
 		workflowID            string
 		workflowDirectory     string
 		workflowContent       string
 		expectedWorkflowTitle string
-		expectedCronSpecs     []string
+		expectedCronSpecs     []expectedSpec
 	}{
 		{
 			name:              "GitHub",
@@ -1158,7 +1165,7 @@ jobs:
       - run: echo OK
 `,
 			expectedWorkflowTitle: ".github/workflows/scheduled.yml",
-			expectedCronSpecs:     []string{"30 5,17 * * *"},
+			expectedCronSpecs:     []expectedSpec{{cron: "30 5,17 * * *", timeZone: optional.None[string]()}},
 		},
 		{
 			name:              "Gitea",
@@ -1175,7 +1182,28 @@ jobs:
       - run: echo OK
 `,
 			expectedWorkflowTitle: "My scheduled workflow",
-			expectedCronSpecs:     []string{"* * * * *"},
+			expectedCronSpecs:     []expectedSpec{{cron: "* * * * *", timeZone: optional.None[string]()}},
+		},
+		{
+			name:              "Forgejo with time zone",
+			workflowID:        "tz.yml",
+			workflowDirectory: ".forgejo/workflows",
+			workflowContent: `
+on:
+  schedule:
+    - cron: "44 10 * * *"
+    - cron: "25 19 * * *"
+      timezone: Europe/Madrid
+jobs:
+  test:
+    steps:
+      - run: echo OK
+`,
+			expectedWorkflowTitle: ".forgejo/workflows/tz.yml",
+			expectedCronSpecs: []expectedSpec{
+				{cron: "44 10 * * *", timeZone: optional.None[string]()},
+				{cron: "25 19 * * *", timeZone: optional.Some("Europe/Madrid")},
+			},
 		},
 	}
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
@@ -1201,7 +1229,6 @@ jobs:
 				require.Len(t, schedules, 1)
 
 				assert.Equal(t, testCase.expectedWorkflowTitle, schedules[0].Title)
-				assert.Equal(t, testCase.expectedCronSpecs, schedules[0].Specs)
 				assert.Equal(t, repo.ID, schedules[0].RepoID)
 				assert.Equal(t, repo.OwnerID, schedules[0].OwnerID)
 				assert.Equal(t, testCase.workflowID, schedules[0].WorkflowID)
@@ -1210,6 +1237,20 @@ jobs:
 				assert.Equal(t, sha, schedules[0].CommitSHA)
 				assert.Equal(t, webhook_module.HookEventPush, schedules[0].Event)
 				assert.Equal(t, []byte(testCase.workflowContent), schedules[0].Content)
+
+				specs, total, err := actions_model.FindSpecs(t.Context(), actions_model.FindSpecOptions{RepoID: repo.ID})
+				require.NoError(t, err)
+
+				assert.Equal(t, int64(len(testCase.expectedCronSpecs)), total)
+
+				// The query to return cron specs orders by `id DESC`.
+				slices.Reverse(testCase.expectedCronSpecs)
+
+				for i, expected := range testCase.expectedCronSpecs {
+					assert.Equal(t, schedules[0].ID, specs[i].ScheduleID)
+					assert.Equal(t, expected.cron, specs[i].Spec)
+					assert.Equal(t, expected.timeZone, specs[i].TimeZone)
+				}
 			})
 		}
 	})

From 80d840c1284e4f44b9efac208811b9ed26455ade Mon Sep 17 00:00:00 2001
From: grangelouis <grangelouis@noreply.codeberg.org>
Date: Sat, 4 Apr 2026 21:58:16 +0200
Subject: [PATCH 629/854] fix: missing syntax dialog rounded corners (#11945)

Fixes #11299

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11945
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: grangelouis <grangelouis@noreply.codeberg.org>
Co-committed-by: grangelouis <grangelouis@noreply.codeberg.org>
---
 web_src/css/modules/dialog.css | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/web_src/css/modules/dialog.css b/web_src/css/modules/dialog.css
index 897eb838cf..3f9a1a44bf 100644
--- a/web_src/css/modules/dialog.css
+++ b/web_src/css/modules/dialog.css
@@ -88,6 +88,11 @@ dialog .actions {
   padding: 1rem;
 }
 
+dialog footer {
+  border-bottom-left-radius: var(--border-radius);
+  border-bottom-right-radius: var(--border-radius);
+}
+
 /* positive/negative action buttons */
 dialog .actions .ui.button {
   display: inline-flex;

From 90ca6116954c0471280c6576e36c67577ff22c88 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 5 Apr 2026 02:15:52 +0200
Subject: [PATCH 630/854] Update dependency mermaid to v11.14.0 (forgejo)
 (#11990)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [mermaid](https://github.com/mermaid-js/mermaid) | [`11.13.0` → `11.14.0`](https://renovatebot.com/diffs/npm/mermaid/11.13.0/11.14.0) | ![age](https://developer.mend.io/api/mc/badges/age/npm/mermaid/11.14.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/mermaid/11.13.0/11.14.0?slim=true) |

---

### Release Notes

<details>
<summary>mermaid-js/mermaid (mermaid)</summary>

### [`v11.14.0`](https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.14.0)

[Compare Source](https://github.com/mermaid-js/mermaid/compare/mermaid@11.13.0...mermaid@11.14.0)

Thanks to our awesome mermaid community that contributed to this release: [@&#8203;ashishjain0512](https://github.com/ashishjain0512), [@&#8203;tractorjuice](https://github.com/tractorjuice), [@&#8203;autofix-ci\[bot\]](https://github.com/autofix-ci%5Bbot%5D), [@&#8203;aloisklink](https://github.com/aloisklink), [@&#8203;knsv](https://github.com/knsv), [@&#8203;kibanana](https://github.com/kibanana), [@&#8203;chandershekhar22](https://github.com/chandershekhar22), [@&#8203;khalil](https://github.com/khalil), [@&#8203;ytatsuno](https://github.com/ytatsuno), [@&#8203;sidharthv96](https://github.com/sidharthv96), [@&#8203;github-actions\[bot\]](https://github.com/github-actions%5Bbot%5D), [@&#8203;dripcoding](https://github.com/dripcoding), [@&#8203;knsv-bot](https://github.com/knsv-bot), [@&#8203;jeroensmink98](https://github.com/jeroensmink98), [@&#8203;Alex9583](https://github.com/Alex9583), [@&#8203;GhassenS](https://github.com/GhassenS), [@&#8203;omkarht](https://github.com/omkarht), [@&#8203;darshanr0107](https://github.com/darshanr0107), [@&#8203;leentaylor](https://github.com/leentaylor), [@&#8203;lee-treehouse](https://github.com/lee-treehouse), [@&#8203;veeceey](https://github.com/veeceey), [@&#8203;turntrout](https://github.com/turntrout), [@&#8203;Mermaid-Chart](https://github.com/Mermaid-Chart), [@&#8203;BambioGaming](https://github.com/BambioGaming), Claude

### Releases

#### [@&#8203;mermaid-js/examples](https://github.com/mermaid-js/examples)@&#8203;1.2.0

##### Minor Changes

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - add new TreeView diagram

#### mermaid\@&#8203;11.14.0

##### Minor Changes

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - Add Wardley Maps diagram type (beta)

  Adds Wardley Maps as a new diagram type to Mermaid (available as `wardley-beta`). Wardley Maps are visual representations of business strategy that help map value chains and component evolution.

  Features:

  - Component positioning with \[visibility, evolution] coordinates (OWM format)
  - Anchors for users/customers
  - Multiple link types: dependencies, flows, labeled links
  - Evolution arrows and trend indicators
  - Custom evolution stages with optional dual labels
  - Custom stage widths using [@&#8203;boundary](https://github.com/boundary) notation
  - Pipeline components with visibility inheritance
  - Annotations, notes, and visual elements
  - Source strategy markers: build, buy, outsource, market
  - Inertia indicators
  - Theme integration

  Implementation includes parser, D3.js renderer, unit tests, E2E tests, and comprehensive documentation.

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look styling for state diagrams

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look support for sequence diagrams with drop shadows, and enhanced styling

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: add `randomize` config option for architecture diagrams, defaulting to `false` for deterministic layout

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - feat: Add option to change timeline direction

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - Fix duplicate SVG element IDs when rendering multiple diagrams on the same page. Internal element IDs (nodes, edges, markers, clusters) are now prefixed with the diagram's SVG element ID across all diagram types. Custom CSS or JS using exact ID selectors like `#arrowhead` should use attribute-ending selectors like `[id$="-arrowhead"]` instead.

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look styling for ER diagrams

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look styling for requirement diagrams

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - feat: add theme support for data label colour in xy chart

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - feat: implement neo look styling for mindmap diagrams

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - feat: implement neo look for mermaid flowchart diagrams

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - feat: implement neo look and themes for class diagram

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - feat: add showDataLabelOutsideBar option for xy chart

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look support for timeline diagram with drop shadows, additoinal redux themes and enhanced styling

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look and themes for gitGraph diagram

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - add new TreeView diagram

##### Patch Changes

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - add link to ishikawa diagram on mermaid.js.org

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - docs: document valid duration token formats in gantt.md

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - fix: ER diagram parsing when using "1" as entity identifier on right side

  The parser was incorrectly tokenizing the second "1" in patterns like `a many to 1 1:` because the lookahead rule only checked for alphabetic characters after whitespace, not digits. Added a new lookahead pattern `"1"(?=\s+[0-9])` to correctly identify the cardinality alias before a numeric entity name.

  Fixes [#&#8203;7472](https://github.com/mermaid-js/mermaid/issues/7472)

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: scope cytoscape label style mapping to edges with labels to prevent console warnings

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - fix: support inline annotation syntax in class diagrams (class Shape <<interface>>)

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: Align branch label background with text for multi-line labels in LR GitGraph layout

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - fix: preserve cause hierarchy when ishikawa effect is indented more than causes

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - refactor: remove unused createGraphWithElements function and add regression test for open edge arrowheads

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: Prevent long pie chart titles from being clipped by expanding the viewBox

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - fix: prevent sequence diagram hang when "as" is used without a trailing space in participant declarations

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: warn when `style` statement targets a non-existent node in flowcharts

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - fix: group state diagram SVG children under single root <g> element

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - fix: Allow :::className syntax inside composite state blocks

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) Thanks [@&#8203;aloisklink](https://github.com/aloisklink), [@&#8203;BambioGaming](https://github.com/BambioGaming)! - fix: prevent escaping `<` and `&` when `htmlLabels: false`

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: treemap title and labels use theme-aware colors for dark backgrounds

- Updated dependencies \[[`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)]:
  - [@&#8203;mermaid-js/parser](https://github.com/mermaid-js/parser)@&#8203;1.1.0

#### [@&#8203;mermaid-js/parser](https://github.com/mermaid-js/parser)@&#8203;1.1.0

##### Minor Changes

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - add new TreeView diagram

#### [@&#8203;mermaid-js/tiny](https://github.com/mermaid-js/tiny)@&#8203;11.14.0

##### Minor Changes

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - Add Wardley Maps diagram type (beta)

  Adds Wardley Maps as a new diagram type to Mermaid (available as `wardley-beta`). Wardley Maps are visual representations of business strategy that help map value chains and component evolution.

  Features:

  - Component positioning with \[visibility, evolution] coordinates (OWM format)
  - Anchors for users/customers
  - Multiple link types: dependencies, flows, labeled links
  - Evolution arrows and trend indicators
  - Custom evolution stages with optional dual labels
  - Custom stage widths using [@&#8203;boundary](https://github.com/boundary) notation
  - Pipeline components with visibility inheritance
  - Annotations, notes, and visual elements
  - Source strategy markers: build, buy, outsource, market
  - Inertia indicators
  - Theme integration

  Implementation includes parser, D3.js renderer, unit tests, E2E tests, and comprehensive documentation.

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - feat: implement neo look styling for state diagrams

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look support for sequence diagrams with drop shadows, and enhanced styling

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - feat: add `randomize` config option for architecture diagrams, defaulting to `false` for deterministic layout

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: Add option to change timeline direction

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) - Fix duplicate SVG element IDs when rendering multiple diagrams on the same page. Internal element IDs (nodes, edges, markers, clusters) are now prefixed with the diagram's SVG element ID across all diagram types. Custom CSS or JS using exact ID selectors like `#arrowhead` should use attribute-ending selectors like `[id$="-arrowhead"]` instead.

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look styling for ER diagrams

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look styling for requirement diagrams

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: add theme support for data label colour in xy chart

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look styling for mindmap diagrams

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look for mermaid flowchart diagrams

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look and themes for class diagram

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: add showDataLabelOutsideBar option for xy chart

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look support for timeline diagram with drop shadows, additoinal redux themes and enhanced styling

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - feat: implement neo look and themes for gitGraph diagram

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - add new TreeView diagram

##### Patch Changes

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - add link to ishikawa diagram on mermaid.js.org

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - docs: document valid duration token formats in gantt.md

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: ER diagram parsing when using "1" as entity identifier on right side

  The parser was incorrectly tokenizing the second "1" in patterns like `a many to 1 1:` because the lookahead rule only checked for alphabetic characters after whitespace, not digits. Added a new lookahead pattern `"1"(?=\s+[0-9])` to correctly identify the cardinality alias before a numeric entity name.

  Fixes [#&#8203;7472](https://github.com/mermaid-js/mermaid/issues/7472)

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: scope cytoscape label style mapping to edges with labels to prevent console warnings

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: support inline annotation syntax in class diagrams (class Shape <<interface>>)

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: Align branch label background with text for multi-line labels in LR GitGraph layout

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: preserve cause hierarchy when ishikawa effect is indented more than causes

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - refactor: remove unused createGraphWithElements function and add regression test for open edge arrowheads

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: Prevent long pie chart titles from being clipped by expanding the viewBox

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: prevent sequence diagram hang when "as" is used without a trailing space in participant declarations

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: warn when `style` statement targets a non-existent node in flowcharts

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: group state diagram SVG children under single root <g> element

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: Allow :::className syntax inside composite state blocks

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519) Thanks [@&#8203;aloisklink](https://github.com/aloisklink), [@&#8203;BambioGaming](https://github.com/BambioGaming)! - fix: prevent escaping `<` and `&` when `htmlLabels: false`

- [#&#8203;7526](https://github.com/mermaid-js/mermaid/pull/7526) [`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)  - fix: treemap title and labels use theme-aware colors for dark backgrounds

- Updated dependencies \[[`efe218a`](https://github.com/mermaid-js/mermaid/commit/efe218a47fb5a4c2bd5489b48ce69213b141e519)]:
  - [@&#8203;mermaid-js/parser](https://github.com/mermaid-js/parser)@&#8203;1.1.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC), Automerge - Between 12:00 AM and 03:59 AM ( * 0-3 * * * ) (UTC).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My45OS4xIiwidXBkYXRlZEluVmVyIjoiNDMuOTkuMSIsInRhcmdldEJyYW5jaCI6ImZvcmdlam8iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeS11cGdyYWRlIiwidGVzdC9ub3QtbmVlZGVkIl19-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11990
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 10 +++++-----
 package.json      |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 96688e44ef..72aeb9821b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -55,7 +55,7 @@
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
         "katex": "0.16.44",
-        "mermaid": "11.13.0",
+        "mermaid": "11.14.0",
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.4",
         "pdfobject": "2.3.0",
@@ -11538,14 +11538,14 @@
       }
     },
     "node_modules/mermaid": {
-      "version": "11.13.0",
-      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.13.0.tgz",
-      "integrity": "sha512-fEnci+Immw6lKMFI8sqzjlATTyjLkRa6axrEgLV2yHTfv8r+h1wjFbV6xeRtd4rUV1cS4EpR9rwp3Rci7TRWDw==",
+      "version": "11.14.0",
+      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.14.0.tgz",
+      "integrity": "sha512-GSGloRsBs+JINmmhl0JDwjpuezCsHB4WGI4NASHxL3fHo3o/BRXTxhDLKnln8/Q0lRFRyDdEjmk1/d5Sn1Xz8g==",
       "license": "MIT",
       "dependencies": {
         "@braintree/sanitize-url": "^7.1.1",
         "@iconify/utils": "^3.0.2",
-        "@mermaid-js/parser": "^1.0.1",
+        "@mermaid-js/parser": "^1.1.0",
         "@types/d3": "^7.4.3",
         "@upsetjs/venn.js": "^2.0.0",
         "cytoscape": "^3.33.1",
diff --git a/package.json b/package.json
index cb734aab0c..3c368c5b1a 100644
--- a/package.json
+++ b/package.json
@@ -54,7 +54,7 @@
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
     "katex": "0.16.44",
-    "mermaid": "11.13.0",
+    "mermaid": "11.14.0",
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.4",
     "pdfobject": "2.3.0",

From e14e2206513f38589665229d7a786e0de41b78fa Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 5 Apr 2026 14:37:09 +0200
Subject: [PATCH 631/854] perf: bulk load resolvers & reactions on pull request
 comments (#11988)

Optimize loading pull request review comments, which currently perform separate database queries for each comment in order to load the resolver of the comment, and the reactions on that comment, and the users on each reaction of the comments.

I stumbled across this ugly code, which enticed me to look into this:

https://codeberg.org/forgejo/forgejo/src/commit/80d840c1284e4f44b9efac208811b9ed26455ade/routers/web/repo/pull.go#L1107-L1120

It appeared to load the attachments from each comment on the pull request review page in separate database queries.  It turned out to be a noop, as the attachments are already loaded in bulk:

https://codeberg.org/forgejo/forgejo/src/commit/80d840c1284e4f44b9efac208811b9ed26455ade/models/issues/comment_code.go#L120-L122

but the `findCodeComments` method loads the "resolver doer" and the reactions one-by-one for each comment.  So I fixed that instead, and removed the ineffective deeply nested for loop.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11988
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/issues/comment.go             |  15 ----
 models/issues/comment_code.go        |  22 +++---
 models/issues/comment_list.go        |  79 ++++++++++++++++++++
 models/issues/comment_list_test.go   | 108 +++++++++++++++++++++++++++
 models/issues/comment_test.go        |  25 ++++++-
 models/issues/reaction.go            |  31 ++++++++
 routers/api/v1/repo/issue_comment.go |   5 ++
 routers/web/repo/issue.go            |   9 ++-
 routers/web/repo/pull.go             |  15 ----
 services/convert/issue_comment.go    |   6 --
 10 files changed, 261 insertions(+), 54 deletions(-)

diff --git a/models/issues/comment.go b/models/issues/comment.go
index fd0f595945..bfad3935fb 100644
--- a/models/issues/comment.go
+++ b/models/issues/comment.go
@@ -663,21 +663,6 @@ func (c *Comment) LoadAssigneeUserAndTeam(ctx context.Context) error {
 	return nil
 }
 
-// LoadResolveDoer if comment.Type is CommentTypeCode and ResolveDoerID not zero, then load resolveDoer
-func (c *Comment) LoadResolveDoer(ctx context.Context) (err error) {
-	if c.ResolveDoerID == 0 || c.Type != CommentTypeCode {
-		return nil
-	}
-	c.ResolveDoer, err = user_model.GetUserByID(ctx, c.ResolveDoerID)
-	if err != nil {
-		if user_model.IsErrUserNotExist(err) {
-			c.ResolveDoer = user_model.NewGhostUser()
-			err = nil
-		}
-	}
-	return err
-}
-
 // IsResolved check if an code comment is resolved
 func (c *Comment) IsResolved() bool {
 	return c.ResolveDoerID != 0 && c.Type == CommentTypeCode
diff --git a/models/issues/comment_code.go b/models/issues/comment_code.go
index 3c87a1b41a..800d1e830e 100644
--- a/models/issues/comment_code.go
+++ b/models/issues/comment_code.go
@@ -133,7 +133,7 @@ func findCodeComments(ctx context.Context, opts FindCommentsOptions, issue *Issu
 		return nil, err
 	}
 
-	n := 0
+	readyComments := make(CommentList, 0, len(comments))
 	for _, comment := range comments {
 		if re, ok := reviews[comment.ReviewID]; ok && re != nil {
 			// If the review is pending only the author can see the comments (except if the review is set)
@@ -143,17 +143,18 @@ func findCodeComments(ctx context.Context, opts FindCommentsOptions, issue *Issu
 			}
 			comment.Review = re
 		}
-		comments[n] = comment
-		n++
+		readyComments = append(readyComments, comment)
+	}
 
-		if err := comment.LoadResolveDoer(ctx); err != nil {
-			return nil, err
-		}
+	if err := readyComments.LoadResolveDoers(ctx); err != nil {
+		return nil, err
+	}
 
-		if err := comment.LoadReactions(ctx, issue.Repo); err != nil {
-			return nil, err
-		}
+	if err := readyComments.LoadReactions(ctx, issue.Repo); err != nil {
+		return nil, err
+	}
 
+	for _, comment := range readyComments {
 		var err error
 		if comment.RenderedContent, err = markdown.RenderString(&markup.RenderContext{
 			Ctx: ctx,
@@ -165,7 +166,8 @@ func findCodeComments(ctx context.Context, opts FindCommentsOptions, issue *Issu
 			return nil, err
 		}
 	}
-	return comments[:n], nil
+
+	return readyComments, nil
 }
 
 // FetchCodeConversation fetches the code conversation of a given comment (same review, treePath and line number)
diff --git a/models/issues/comment_list.go b/models/issues/comment_list.go
index 53903bea31..9a5c22244b 100644
--- a/models/issues/comment_list.go
+++ b/models/issues/comment_list.go
@@ -5,6 +5,7 @@ package issues
 
 import (
 	"context"
+	"errors"
 
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
@@ -390,6 +391,84 @@ func (comments CommentList) LoadAttachments(ctx context.Context) (err error) {
 	return nil
 }
 
+func (comments CommentList) LoadResolveDoers(ctx context.Context) (err error) {
+	relevant := func(c *Comment) bool {
+		return c.ResolveDoerID != 0 && c.Type == CommentTypeCode
+	}
+	userIDs := make(container.Set[int64])
+	for _, comment := range comments {
+		if relevant(comment) {
+			userIDs.Add(comment.ResolveDoerID)
+		}
+	}
+
+	if len(userIDs) == 0 {
+		return nil
+	}
+
+	userMap := make(map[int64]*user_model.User)
+	users, err := user_model.GetUsersByIDs(ctx, userIDs.Slice())
+	if err != nil {
+		return err
+	}
+	for _, user := range users {
+		userMap[user.ID] = user
+	}
+
+	for _, comment := range comments {
+		if !relevant(comment) {
+			continue
+		}
+		resolveDoer, ok := userMap[comment.ResolveDoerID]
+		if !ok {
+			comment.ResolveDoer = user_model.NewGhostUser()
+		} else {
+			comment.ResolveDoer = resolveDoer
+		}
+	}
+
+	return nil
+}
+
+func (comments CommentList) LoadReactions(ctx context.Context, repo *repo_model.Repository) (err error) {
+	loadIssueID := int64(0)
+	loadCommentIDs := make([]int64, 0, len(comments))
+
+	for _, comment := range comments {
+		if loadIssueID == 0 {
+			loadIssueID = comment.IssueID
+		} else if loadIssueID != comment.IssueID {
+			return errors.New("unable to load reactions from comments on different issues than each other")
+		}
+		if comment.Reactions == nil {
+			loadCommentIDs = append(loadCommentIDs, comment.ID)
+		}
+	}
+
+	if loadIssueID == 0 {
+		return nil
+	}
+
+	reactions, err := getReactionsForComments(ctx, loadIssueID, loadCommentIDs)
+	if err != nil {
+		return err
+	}
+
+	allReactions := make(ReactionList, 0, len(reactions))
+	for _, comment := range comments {
+		if comment.Reactions == nil {
+			comment.Reactions = reactions[comment.ID]
+			allReactions = append(allReactions, comment.Reactions...)
+		}
+	}
+
+	if _, err := allReactions.LoadUsers(ctx, repo); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func (comments CommentList) getReviewIDs() []int64 {
 	return container.FilterSlice(comments, func(comment *Comment) (int64, bool) {
 		return comment.ReviewID, comment.ReviewID > 0
diff --git a/models/issues/comment_list_test.go b/models/issues/comment_list_test.go
index 062a710b84..12a9144722 100644
--- a/models/issues/comment_list_test.go
+++ b/models/issues/comment_list_test.go
@@ -84,3 +84,111 @@ func TestCommentListLoadUser(t *testing.T) {
 		})
 	}
 }
+
+func TestCommentListLoadResolveDoers(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	issue := unittest.AssertExistsAndLoadBean(t, &Issue{})
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: issue.RepoID})
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+	empty := CommentList{}
+	require.NoError(t, empty.LoadResolveDoers(t.Context()))
+
+	comment1, err := CreateComment(db.DefaultContext, &CreateCommentOptions{
+		Type:    CommentTypeCode,
+		Doer:    doer,
+		Repo:    repo,
+		Issue:   issue,
+		Content: "Hello",
+	})
+	require.NoError(t, err)
+	require.NoError(t, MarkConversation(t.Context(), comment1, doer, true))
+	comment1 = unittest.AssertExistsAndLoadBean(t, &Comment{ID: comment1.ID}) // reload after change
+	comment1List := CommentList{comment1}
+	require.NoError(t, comment1List.LoadResolveDoers(t.Context()))
+	require.NotNil(t, comment1.ResolveDoer)
+	assert.Equal(t, doer.ID, comment1.ResolveDoer.ID)
+
+	comment2, err := CreateComment(db.DefaultContext, &CreateCommentOptions{
+		Type:    CommentTypeCode,
+		Doer:    doer,
+		Repo:    repo,
+		Issue:   issue,
+		Content: "Hello again",
+	})
+	require.NoError(t, err)
+	require.NoError(t, MarkConversation(t.Context(), comment2, user_model.NewGhostUser(), true))
+
+	// Reload for fresh objects
+	comment1 = unittest.AssertExistsAndLoadBean(t, &Comment{ID: comment1.ID})
+	comment2 = unittest.AssertExistsAndLoadBean(t, &Comment{ID: comment2.ID})
+
+	comment2List := CommentList{comment1, comment2}
+	require.NoError(t, comment2List.LoadResolveDoers(t.Context()))
+	require.NotNil(t, comment1.ResolveDoer)
+	assert.Equal(t, doer.ID, comment1.ResolveDoer.ID)
+	require.NotNil(t, comment2.ResolveDoer)
+	assert.EqualValues(t, -1, comment2.ResolveDoer.ID)
+}
+
+func TestCommentListLoadReactions(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	issue := unittest.AssertExistsAndLoadBean(t, &Issue{})
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: issue.RepoID})
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+	empty := CommentList{}
+	require.NoError(t, empty.LoadReactions(t.Context(), repo))
+
+	comment1, err := CreateComment(db.DefaultContext, &CreateCommentOptions{
+		Type:    CommentTypeCode,
+		Doer:    doer,
+		Repo:    repo,
+		Issue:   issue,
+		Content: "Hello",
+	})
+	require.NoError(t, err)
+	_, err = CreateReaction(t.Context(), &ReactionOptions{
+		Type:      "eyes",
+		DoerID:    doer.ID,
+		IssueID:   issue.ID,
+		CommentID: comment1.ID,
+	})
+	require.NoError(t, err)
+
+	comment1 = unittest.AssertExistsAndLoadBean(t, &Comment{ID: comment1.ID}) // reload after change
+	comment1List := CommentList{comment1}
+	require.NoError(t, comment1List.LoadReactions(t.Context(), repo))
+	require.Len(t, comment1.Reactions, 1)
+	assert.Equal(t, "eyes", comment1.Reactions[0].Type)
+	assert.NotNil(t, comment1.Reactions[0].User)
+
+	comment2, err := CreateComment(db.DefaultContext, &CreateCommentOptions{
+		Type:    CommentTypeCode,
+		Doer:    doer,
+		Repo:    repo,
+		Issue:   issue,
+		Content: "Hello again",
+	})
+	require.NoError(t, err)
+	_, err = CreateReaction(t.Context(), &ReactionOptions{
+		Type:      "rocket",
+		DoerID:    doer.ID,
+		IssueID:   issue.ID,
+		CommentID: comment2.ID,
+	})
+	require.NoError(t, err)
+
+	// Reload for fresh objects
+	comment1 = unittest.AssertExistsAndLoadBean(t, &Comment{ID: comment1.ID})
+	comment2 = unittest.AssertExistsAndLoadBean(t, &Comment{ID: comment2.ID})
+
+	comment2List := CommentList{comment1, comment2}
+	require.NoError(t, comment2List.LoadReactions(t.Context(), repo))
+	require.Len(t, comment1.Reactions, 1)
+	require.Len(t, comment2.Reactions, 1)
+	assert.Equal(t, "rocket", comment2.Reactions[0].Type)
+	assert.NotNil(t, comment2.Reactions[0].User)
+}
diff --git a/models/issues/comment_test.go b/models/issues/comment_test.go
index c7adf6f62e..da87b8ec2f 100644
--- a/models/issues/comment_test.go
+++ b/models/issues/comment_test.go
@@ -52,12 +52,29 @@ func TestFetchCodeConversations(t *testing.T) {
 
 	issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 2})
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	_, err := issues_model.CreateReaction(t.Context(), &issues_model.ReactionOptions{
+		Type:      "eyes",
+		DoerID:    2,
+		IssueID:   issue.ID,
+		CommentID: 4,
+	})
+	require.NoError(t, err)
+	require.NoError(t, issues_model.MarkConversation(t.Context(),
+		unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 4}),
+		user, true))
+
 	res, err := issues_model.FetchCodeConversations(db.DefaultContext, issue, user, false)
 	require.NoError(t, err)
-	assert.Contains(t, res, "README.md")
-	assert.Contains(t, res["README.md"], int64(4))
-	assert.Len(t, res["README.md"][4], 1)
-	assert.Equal(t, int64(4), res["README.md"][4][0][0].ID)
+	require.Contains(t, res, "README.md")
+	require.Contains(t, res["README.md"], int64(4))
+	require.Len(t, res["README.md"][4], 1)
+	require.Len(t, res["README.md"][4][0], 1)
+	comment := res["README.md"][4][0][0]
+	assert.Equal(t, int64(4), comment.ID)
+	assert.NotNil(t, comment.ResolveDoer)
+	require.Len(t, comment.Reactions, 1)
+	r := comment.Reactions[0]
+	assert.NotNil(t, r.User)
 
 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 	res, err = issues_model.FetchCodeConversations(db.DefaultContext, issue, user2, false)
diff --git a/models/issues/reaction.go b/models/issues/reaction.go
index 522040c022..9a277a8c12 100644
--- a/models/issues/reaction.go
+++ b/models/issues/reaction.go
@@ -176,6 +176,37 @@ func FindReactions(ctx context.Context, opts FindReactionsOptions) (ReactionList
 	return reactions, count, err
 }
 
+func getReactionsForComments(ctx context.Context, issueID int64, commentIDs []int64) (map[int64]ReactionList, error) {
+	reactions := make(map[int64]ReactionList, len(commentIDs))
+	left := len(commentIDs)
+	for left > 0 {
+		limit := min(left, db.DefaultMaxInSize)
+		rows, err := db.GetEngine(ctx).
+			Where(builder.Eq{"issue_id": issueID}).
+			In("reaction.`type`", setting.UI.Reactions).
+			In("comment_id", commentIDs[:limit]).
+			Rows(&Reaction{})
+		if err != nil {
+			return nil, err
+		}
+
+		for rows.Next() {
+			var reaction Reaction
+			err = rows.Scan(&reaction)
+			if err != nil {
+				_ = rows.Close()
+				return nil, err
+			}
+			reactions[reaction.CommentID] = append(reactions[reaction.CommentID], &reaction)
+		}
+
+		_ = rows.Close()
+		left -= limit
+		commentIDs = commentIDs[limit:]
+	}
+	return reactions, nil
+}
+
 func createReaction(ctx context.Context, opts *ReactionOptions) (*Reaction, error) {
 	reaction := &Reaction{
 		Type:      opts.Type,
diff --git a/routers/api/v1/repo/issue_comment.go b/routers/api/v1/repo/issue_comment.go
index ceebb41f9e..3f58e4e271 100644
--- a/routers/api/v1/repo/issue_comment.go
+++ b/routers/api/v1/repo/issue_comment.go
@@ -215,6 +215,11 @@ func ListIssueCommentsAndTimeline(ctx *context.APIContext) {
 		return
 	}
 
+	if err := comments.LoadResolveDoers(ctx); err != nil {
+		ctx.Error(http.StatusInternalServerError, "LoadResolveDoers", err)
+		return
+	}
+
 	var apiComments []*api.TimelineComment
 	for _, comment := range comments {
 		if comment.Type != issues_model.CommentTypeCode && isXRefCommentAccessible(ctx, ctx.Doer, comment, issue.RepoID, ctx.Reducer) {
diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index 3852c4c18f..bb4185f785 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -1663,6 +1663,11 @@ func ViewIssue(ctx *context.Context) {
 		return
 	}
 
+	if err := issue.Comments.LoadResolveDoers(ctx); err != nil {
+		ctx.ServerError("LoadResolveDoers", err)
+		return
+	}
+
 	for commentIdx, comment = range issue.Comments {
 		comment.Issue = issue
 		metas := ctx.Repo.Repository.ComposeMetas(ctx)
@@ -1801,10 +1806,6 @@ func ViewIssue(ctx *context.Context) {
 					}
 				}
 			}
-			if err = comment.LoadResolveDoer(ctx); err != nil {
-				ctx.ServerError("LoadResolveDoer", err)
-				return
-			}
 		} else if comment.Type == issues_model.CommentTypePullRequestPush {
 			participants = addParticipant(comment.Poster, participants)
 			if err = comment.LoadPushCommits(ctx); err != nil {
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index c4b8583e2d..e9cdfc5ac7 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -1104,21 +1104,6 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 		return
 	}
 
-	for _, file := range diff.Files {
-		for _, section := range file.Sections {
-			for _, line := range section.Lines {
-				for _, comments := range line.Conversations {
-					for _, comment := range comments {
-						if err := comment.LoadAttachments(ctx); err != nil {
-							ctx.ServerError("LoadAttachments", err)
-							return
-						}
-					}
-				}
-			}
-		}
-	}
-
 	pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pull.BaseRepoID, pull.BaseBranch)
 	if err != nil {
 		ctx.ServerError("LoadProtectedBranch", err)
diff --git a/services/convert/issue_comment.go b/services/convert/issue_comment.go
index 9ea315aee6..2f9af9be7c 100644
--- a/services/convert/issue_comment.go
+++ b/services/convert/issue_comment.go
@@ -43,12 +43,6 @@ func ToTimelineComment(ctx context.Context, repo *repo_model.Repository, c *issu
 		return nil
 	}
 
-	err = c.LoadResolveDoer(ctx)
-	if err != nil {
-		log.Error("LoadResolveDoer: %v", err)
-		return nil
-	}
-
 	err = c.LoadDepIssueDetails(ctx)
 	if err != nil {
 		log.Error("LoadDepIssueDetails: %v", err)

From 15b4c5efe81ba47b6415a9c188981813aec7f775 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 5 Apr 2026 16:36:57 +0200
Subject: [PATCH 632/854] chore(deps): bump xorm to v1.3.9-forgejo.10 (#11992)

Brings [deadlock error type](https://code.forgejo.org/xorm/xorm/pulls/95), which should allow fixing #11968.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11992
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 37039873c8..9ec653792b 100644
--- a/go.mod
+++ b/go.mod
@@ -273,4 +273,4 @@ replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-2024121
 
 replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
 
-replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.9
+replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.10
diff --git a/go.sum b/go.sum
index cd477466b7..1f79a74863 100644
--- a/go.sum
+++ b/go.sum
@@ -42,8 +42,8 @@ code.forgejo.org/go-chi/captcha v1.0.2 h1:vyHDPXkpjDv8bLO9NqtWzZayzstD/WpJ5xwEkA
 code.forgejo.org/go-chi/captcha v1.0.2/go.mod h1:lxiPLcJ76UCZHoH31/Wbum4GUi2NgjfFZLrJkKv1lLE=
 code.forgejo.org/go-chi/session v1.0.4 h1:WQ1NaVxcCpxYwCliEGypKclZnOCjh3p1fk8XciJc62U=
 code.forgejo.org/go-chi/session v1.0.4/go.mod h1:+sSTiomM5C8AUPtxZyTENIbcTz22kcVottKO0lnmDRk=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.9 h1:hzEXDa53opdp5nrGG4F6y8HzFzrGXd5GIvFyUHcvGmI=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.9/go.mod h1:A7sFd3BFmRp20h6drSsCXgQRQdF8Vz8HuCSrzFS3m90=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.10 h1:DCProZz7GP10ue7NoVr1vreuADhH9tEImYFye2+aDG8=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.10/go.mod h1:ly5tUt9l3b+y7HdXDM1UucQXuS58ahNxB9tPM5/6LfM=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
 code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
 code.superseriousbusiness.org/exif-terminator v0.11.1 h1:qnujLH4/Yk/CFtFMmtjozbdV6Ry5G3Q/E/mLlWm/gQI=

From 6a879e79dfaf32bc2876e39815cc7d53a5e5eb6a Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 5 Apr 2026 18:38:33 +0200
Subject: [PATCH 633/854] test: fix intermittent test failure in
 TestPackageDebianConcurrent (#11997)

Fixes #11968.

Adds deadlocks to the package `RetryTx` operations, and bumps the attempt count to 3.  Technically this affects production code, not just test code, but the resulting failure is only likely to occur in highly concurrent operations when uploading packages to the debian registry for the first time for a user, which is more of a test artifact than a production likelihood.

Manually tested by modifying the `Makefile` to add the `-test.count=25` option to the test command.  This failed consistently on my dev system before this change, failed consistently after the deadlock err was added, and then succeeded consistently (multiple runs) after both changes were combined, giving me confidence that the intermittent failure is squashed.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
      - Fixing a test failure, so no new tests added, but they already failed.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11997
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 services/packages/debian/repository.go |  7 ++++---
 services/packages/packages.go          | 21 ++++++++++++---------
 2 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/services/packages/debian/repository.go b/services/packages/debian/repository.go
index ab8c4fdc45..e84ae45ebe 100644
--- a/services/packages/debian/repository.go
+++ b/services/packages/debian/repository.go
@@ -318,9 +318,10 @@ func buildReleaseFiles(ctx context.Context, ownerID int64, repoVersion *packages
 	// way.
 	var priv string
 	err = db.RetryTx(ctx, db.RetryConfig{
-		// A single retry is sufficient the user/org's key pair would have been created by the first successful tx.
-		AttemptCount: 2,
-		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation},
+		// A single retry is sufficient the user/org's key pair would have been created by the first successful tx; an
+		// additional retry may be necessary if a deadlock occurs with concurrent updates.
+		AttemptCount: 3,
+		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation, xorm.ErrDeadlock},
 	}, func(ctx context.Context) error {
 		priv, _, err = GetOrCreateKeyPair(ctx, ownerID)
 		return err
diff --git a/services/packages/packages.go b/services/packages/packages.go
index a1772cc1d9..c75b4559c8 100644
--- a/services/packages/packages.go
+++ b/services/packages/packages.go
@@ -95,9 +95,10 @@ func createPackageAndAddFile(ctx context.Context, pvci *PackageCreationInfo, pfc
 	// causes such a recovery from error to panic.  So, we retry the entire modification transaction if
 	// ErrUniqueConstraintViolation is encountered.
 	err := db.RetryTx(ctx, db.RetryConfig{
-		// A single retry is sufficient as any package index that was concurrently modified should now be present:
-		AttemptCount: 2,
-		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation},
+		// A single retry is sufficient as any package index that was concurrently modified should now be present; an
+		// additional retry may be necessary if a deadlock occurs with concurrent updates.
+		AttemptCount: 3,
+		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation, xorm.ErrDeadlock},
 	}, func(ctx context.Context) error {
 		var err error
 		var pb *packages_model.PackageBlob
@@ -237,9 +238,10 @@ func addFileToPackageWrapper(ctx context.Context, fn func(ctx context.Context) (
 
 	// See comment in createPackageAndAddFile which explains why RetryTx is used with ErrUniqueConstraintViolation.
 	err := db.RetryTx(ctx, db.RetryConfig{
-		// A single retry is sufficient as any package index that was concurrently modified should now be present:
-		AttemptCount: 2,
-		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation},
+		// A single retry is sufficient as any package index that was concurrently modified should now be present; an
+		// additional retry may be necessary if a deadlock occurs with concurrent updates.
+		AttemptCount: 3,
+		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation, xorm.ErrDeadlock},
 	}, func(ctx context.Context) error {
 		var err error
 		var blobCreated bool
@@ -468,9 +470,10 @@ func GetOrCreateInternalPackageVersion(ctx context.Context, ownerID int64, packa
 
 	// See comment in createPackageAndAddFile which explains why RetryTx is used with ErrUniqueConstraintViolation.
 	return pv, db.RetryTx(ctx, db.RetryConfig{
-		// A single retry is sufficient as any package index that was concurrently modified should now be present:
-		AttemptCount: 2,
-		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation},
+		// A single retry is sufficient as any package index that was concurrently modified should now be present; an
+		// additional retry may be necessary if a deadlock occurs with concurrent updates.
+		AttemptCount: 3,
+		ErrorIs:      []error{xorm.ErrUniqueConstraintViolation, xorm.ErrDeadlock},
 	}, func(ctx context.Context) error {
 		p := &packages_model.Package{
 			OwnerID:    ownerID,

From 9abc1b0144feaf053176ff80bd94d694a3cfce13 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 5 Apr 2026 22:03:45 +0200
Subject: [PATCH 634/854] refactor: reduce code duplication when accessing
 `DefaultMaxInSize` (#11999)

`DefaultMaxInSize` is an internal parameter for limiting the size of `field IN (...)` clauses in DB queries, which is a reasonable thing to do -- in addition to the errors noted when [originally introduced](https://github.com/go-gitea/gitea/pull/4594), there are technical limits that apply to each of PostgreSQL, MySQL, and SQLite which would prevent an unbounded size for a query like this.  However: the size is incredibly small at 50, and, the implementation of `DefaultMaxInSize` is really wasteful with copy-and-paste coding.

This PR:
- introduces `GetByIDs` which fetches a `map[int64]*Model` from the database for an array of ID values, while respecting `IN` clause size limits
- introduces `GetByFieldIn` which fetches a `map[int64][]*Model` from the database for an array of field values, while respecting `IN` clause size limits
- uses `slices.Chunk` for other locations where queries are too complex for these implementations
- bumps the `DefaultMaxInSize` parameter from 50 to 500, a conservative increase well under known limits, but 10x the current value:
    - PostgreSQL supports up to 1GB query text size with 65,535 parameters, but I've experienced performance degradation at high value counts
    - MySQL supports 64MB query text size without known limits of parameter count
    - SQLite supports 32,766 parameters in a query

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
      - Refactored functions are assumed to be covered by existing tests to some extent; that assumption is probably wrong but the changes here are relatively easily reviewed for correctness as well.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11999
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/activities/notification_list.go | 112 ++---------------
 models/db/context.go                   |  86 +++++++++++++
 models/db/list.go                      |   2 +-
 models/issues/comment_list.go          | 168 ++++---------------------
 models/issues/issue_list.go            | 151 ++++------------------
 models/issues/reaction.go              |  10 +-
 tests/integration/db_query_test.go     |  64 ++++++++++
 7 files changed, 215 insertions(+), 378 deletions(-)
 create mode 100644 tests/integration/db_query_test.go

diff --git a/models/activities/notification_list.go b/models/activities/notification_list.go
index bf6356021e..3f3a48eaa5 100644
--- a/models/activities/notification_list.go
+++ b/models/activities/notification_list.go
@@ -210,31 +210,9 @@ func (nl NotificationList) LoadRepos(ctx context.Context) (repo_model.Repository
 	}
 
 	repoIDs := nl.getPendingRepoIDs()
-	repos := make(map[int64]*repo_model.Repository, len(repoIDs))
-	left := len(repoIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		rows, err := db.GetEngine(ctx).
-			In("id", repoIDs[:limit]).
-			Rows(new(repo_model.Repository))
-		if err != nil {
-			return nil, nil, err
-		}
-
-		for rows.Next() {
-			var repo repo_model.Repository
-			err = rows.Scan(&repo)
-			if err != nil {
-				rows.Close()
-				return nil, nil, err
-			}
-
-			repos[repo.ID] = &repo
-		}
-		_ = rows.Close()
-
-		left -= limit
-		repoIDs = repoIDs[limit:]
+	repos, err := db.GetByIDs(ctx, "id", repoIDs, &repo_model.Repository{})
+	if err != nil {
+		return nil, nil, err
 	}
 
 	failed := []int{}
@@ -281,31 +259,9 @@ func (nl NotificationList) LoadIssues(ctx context.Context) ([]int, error) {
 	}
 
 	issueIDs := nl.getPendingIssueIDs()
-	issues := make(map[int64]*issues_model.Issue, len(issueIDs))
-	left := len(issueIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		rows, err := db.GetEngine(ctx).
-			In("id", issueIDs[:limit]).
-			Rows(new(issues_model.Issue))
-		if err != nil {
-			return nil, err
-		}
-
-		for rows.Next() {
-			var issue issues_model.Issue
-			err = rows.Scan(&issue)
-			if err != nil {
-				rows.Close()
-				return nil, err
-			}
-
-			issues[issue.ID] = &issue
-		}
-		_ = rows.Close()
-
-		left -= limit
-		issueIDs = issueIDs[limit:]
+	issues, err := db.GetByIDs(ctx, "id", issueIDs, &issues_model.Issue{})
+	if err != nil {
+		return nil, err
 	}
 
 	failures := []int{}
@@ -373,31 +329,9 @@ func (nl NotificationList) LoadUsers(ctx context.Context) ([]int, error) {
 	}
 
 	userIDs := nl.getUserIDs()
-	users := make(map[int64]*user_model.User, len(userIDs))
-	left := len(userIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		rows, err := db.GetEngine(ctx).
-			In("id", userIDs[:limit]).
-			Rows(new(user_model.User))
-		if err != nil {
-			return nil, err
-		}
-
-		for rows.Next() {
-			var user user_model.User
-			err = rows.Scan(&user)
-			if err != nil {
-				rows.Close()
-				return nil, err
-			}
-
-			users[user.ID] = &user
-		}
-		_ = rows.Close()
-
-		left -= limit
-		userIDs = userIDs[limit:]
+	users, err := db.GetByIDs(ctx, "id", userIDs, &user_model.User{})
+	if err != nil {
+		return nil, err
 	}
 
 	failures := []int{}
@@ -421,31 +355,9 @@ func (nl NotificationList) LoadComments(ctx context.Context) ([]int, error) {
 	}
 
 	commentIDs := nl.getPendingCommentIDs()
-	comments := make(map[int64]*issues_model.Comment, len(commentIDs))
-	left := len(commentIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		rows, err := db.GetEngine(ctx).
-			In("id", commentIDs[:limit]).
-			Rows(new(issues_model.Comment))
-		if err != nil {
-			return nil, err
-		}
-
-		for rows.Next() {
-			var comment issues_model.Comment
-			err = rows.Scan(&comment)
-			if err != nil {
-				rows.Close()
-				return nil, err
-			}
-
-			comments[comment.ID] = &comment
-		}
-		_ = rows.Close()
-
-		left -= limit
-		commentIDs = commentIDs[limit:]
+	comments, err := db.GetByIDs(ctx, "id", commentIDs, &issues_model.Comment{})
+	if err != nil {
+		return nil, err
 	}
 
 	failures := []int{}
diff --git a/models/db/context.go b/models/db/context.go
index f098b40a32..18237bb2a2 100644
--- a/models/db/context.go
+++ b/models/db/context.go
@@ -8,6 +8,7 @@ import (
 	"database/sql"
 	"errors"
 	"fmt"
+	"slices"
 
 	"xorm.io/builder"
 	"xorm.io/xorm"
@@ -270,6 +271,91 @@ func GetByID[T any](ctx context.Context, id int64) (object *T, exist bool, err e
 	return &bean, true, nil
 }
 
+// Retrieves multiple objects with database queries similar to an xorm `.In(idField, idList)`. idField must be a unique
+// field on the database table, as a map[id]obj is returned and the usage of a non-unique field would result in objects
+// being overwritten in the map.
+//
+// The length of the IN list is constrained to DefaultMaxInSize for each database query, resulting in multiple database
+// queries if the length of the idList exceeds that setting; this constraint prevents exceeding bind parameter
+// limitations or query length limitations in the database engine.
+func GetByIDs[Bean any, Id comparable](ctx context.Context, idField string, idList []Id, bean *Bean) (map[Id]*Bean, error) {
+	retval := make(map[Id]*Bean, len(idList))
+	if len(idList) == 0 {
+		return retval, nil
+	}
+
+	table, err := TableInfo(bean)
+	if err != nil {
+		return nil, fmt.Errorf("unable to fetch table info for bean %v: %w", bean, err)
+	}
+
+	var structFieldName string
+	for _, c := range table.Columns() {
+		if c.Name == idField {
+			structFieldName = c.FieldName
+			break
+		}
+	}
+	if structFieldName == "" {
+		return nil, fmt.Errorf("unable to identify struct field for id field %s", idField)
+	}
+
+	for idChunk := range slices.Chunk(idList, DefaultMaxInSize) {
+		beans := make([]*Bean, 0, len(idChunk))
+		if err := GetEngine(ctx).In(idField, idChunk).Find(&beans); err != nil {
+			return nil, err
+		}
+		for _, bean := range beans {
+			retval[extractFieldValue(bean, structFieldName).(Id)] = bean
+		}
+	}
+
+	return retval, nil
+}
+
+// Retrieves multiple objects with database queries similar to an xorm `.In(field, valueList)`. Similar to GetByIDs,
+// except that a map[Id][]*Bean is returned as the field value is not assumed to be a unique value -- if there are
+// multiple rows in the table for each value, all of them are returned.
+//
+// The length of the IN list is constrained to DefaultMaxInSize for each database query, resulting in multiple database
+// queries if the length of the idList exceeds that setting; this constraint prevents exceeding bind parameter
+// limitations or query length limitations in the database engine.
+func GetByFieldIn[Bean any, Id comparable](ctx context.Context, field string, valueList []Id, bean *Bean) (map[Id][]*Bean, error) {
+	retval := make(map[Id][]*Bean, len(valueList))
+	if len(valueList) == 0 {
+		return retval, nil
+	}
+
+	table, err := TableInfo(bean)
+	if err != nil {
+		return nil, fmt.Errorf("unable to fetch table info for bean %v: %w", bean, err)
+	}
+
+	var structFieldName string
+	for _, c := range table.Columns() {
+		if c.Name == field {
+			structFieldName = c.FieldName
+			break
+		}
+	}
+	if structFieldName == "" {
+		return nil, fmt.Errorf("unable to identify struct field for field %s", field)
+	}
+
+	for idChunk := range slices.Chunk(valueList, DefaultMaxInSize) {
+		beans := make([]*Bean, 0, len(idChunk))
+		if err := GetEngine(ctx).In(field, idChunk).Find(&beans); err != nil {
+			return nil, err
+		}
+		for _, bean := range beans {
+			fieldValue := extractFieldValue(bean, structFieldName).(Id)
+			retval[fieldValue] = append(retval[fieldValue], bean)
+		}
+	}
+
+	return retval, nil
+}
+
 func Exist[T any](ctx context.Context, cond builder.Cond) (bool, error) {
 	if !cond.IsValid() {
 		panic("cond is invalid in db.Exist(ctx, cond). This should not be possible.")
diff --git a/models/db/list.go b/models/db/list.go
index 057221936c..71e9a0b1d2 100644
--- a/models/db/list.go
+++ b/models/db/list.go
@@ -14,7 +14,7 @@ import (
 
 const (
 	// DefaultMaxInSize represents default variables number on IN () in SQL
-	DefaultMaxInSize     = 50
+	DefaultMaxInSize     = 500
 	defaultFindSliceSize = 10
 )
 
diff --git a/models/issues/comment_list.go b/models/issues/comment_list.go
index 9a5c22244b..b218f11dfa 100644
--- a/models/issues/comment_list.go
+++ b/models/issues/comment_list.go
@@ -52,29 +52,9 @@ func (comments CommentList) loadLabels(ctx context.Context) error {
 	}
 
 	labelIDs := comments.getLabelIDs()
-	commentLabels := make(map[int64]*Label, len(labelIDs))
-	left := len(labelIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		rows, err := db.GetEngine(ctx).
-			In("id", labelIDs[:limit]).
-			Rows(new(Label))
-		if err != nil {
-			return err
-		}
-
-		for rows.Next() {
-			var label Label
-			err = rows.Scan(&label)
-			if err != nil {
-				_ = rows.Close()
-				return err
-			}
-			commentLabels[label.ID] = &label
-		}
-		_ = rows.Close()
-		left -= limit
-		labelIDs = labelIDs[limit:]
+	commentLabels, err := db.GetByIDs(ctx, "id", labelIDs, &Label{})
+	if err != nil {
+		return err
 	}
 
 	for _, comment := range comments {
@@ -99,18 +79,9 @@ func (comments CommentList) loadMilestones(ctx context.Context) error {
 		return nil
 	}
 
-	milestones := make(map[int64]*Milestone, len(milestoneIDs))
-	left := len(milestoneIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		err := db.GetEngine(ctx).
-			In("id", milestoneIDs[:limit]).
-			Find(&milestones)
-		if err != nil {
-			return err
-		}
-		left -= limit
-		milestoneIDs = milestoneIDs[limit:]
+	milestones, err := db.GetByIDs(ctx, "id", milestoneIDs, &Milestone{})
+	if err != nil {
+		return err
 	}
 
 	for _, comment := range comments {
@@ -135,18 +106,9 @@ func (comments CommentList) loadOldMilestones(ctx context.Context) error {
 		return nil
 	}
 
-	milestones := make(map[int64]*Milestone, len(milestoneIDs))
-	left := len(milestoneIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		err := db.GetEngine(ctx).
-			In("id", milestoneIDs[:limit]).
-			Find(&milestones)
-		if err != nil {
-			return err
-		}
-		left -= limit
-		milestoneIDs = milestoneIDs[limit:]
+	milestones, err := db.GetByIDs(ctx, "id", milestoneIDs, &Milestone{})
+	if err != nil {
+		return err
 	}
 
 	for _, comment := range comments {
@@ -167,31 +129,9 @@ func (comments CommentList) loadAssignees(ctx context.Context) error {
 	}
 
 	assigneeIDs := comments.getAssigneeIDs()
-	assignees := make(map[int64]*user_model.User, len(assigneeIDs))
-	left := len(assigneeIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		rows, err := db.GetEngine(ctx).
-			In("id", assigneeIDs[:limit]).
-			Rows(new(user_model.User))
-		if err != nil {
-			return err
-		}
-
-		for rows.Next() {
-			var user user_model.User
-			err = rows.Scan(&user)
-			if err != nil {
-				rows.Close()
-				return err
-			}
-
-			assignees[user.ID] = &user
-		}
-		_ = rows.Close()
-
-		left -= limit
-		assigneeIDs = assigneeIDs[limit:]
+	assignees, err := db.GetByIDs(ctx, "id", assigneeIDs, &user_model.User{})
+	if err != nil {
+		return err
 	}
 
 	for _, comment := range comments {
@@ -232,31 +172,9 @@ func (comments CommentList) LoadIssues(ctx context.Context) error {
 	}
 
 	issueIDs := comments.getIssueIDs()
-	issues := make(map[int64]*Issue, len(issueIDs))
-	left := len(issueIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		rows, err := db.GetEngine(ctx).
-			In("id", issueIDs[:limit]).
-			Rows(new(Issue))
-		if err != nil {
-			return err
-		}
-
-		for rows.Next() {
-			var issue Issue
-			err = rows.Scan(&issue)
-			if err != nil {
-				rows.Close()
-				return err
-			}
-
-			issues[issue.ID] = &issue
-		}
-		_ = rows.Close()
-
-		left -= limit
-		issueIDs = issueIDs[limit:]
+	issues, err := db.GetByIDs(ctx, "id", issueIDs, &Issue{})
+	if err != nil {
+		return err
 	}
 
 	for _, comment := range comments {
@@ -281,33 +199,10 @@ func (comments CommentList) loadDependentIssues(ctx context.Context) error {
 		return nil
 	}
 
-	e := db.GetEngine(ctx)
 	issueIDs := comments.getDependentIssueIDs()
-	issues := make(map[int64]*Issue, len(issueIDs))
-	left := len(issueIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		rows, err := e.
-			In("id", issueIDs[:limit]).
-			Rows(new(Issue))
-		if err != nil {
-			return err
-		}
-
-		for rows.Next() {
-			var issue Issue
-			err = rows.Scan(&issue)
-			if err != nil {
-				_ = rows.Close()
-				return err
-			}
-
-			issues[issue.ID] = &issue
-		}
-		_ = rows.Close()
-
-		left -= limit
-		issueIDs = issueIDs[limit:]
+	issues, err := db.GetByIDs(ctx, "id", issueIDs, &Issue{})
+	if err != nil {
+		return err
 	}
 
 	for _, comment := range comments {
@@ -358,31 +253,10 @@ func (comments CommentList) LoadAttachments(ctx context.Context) (err error) {
 		return nil
 	}
 
-	attachments := make(map[int64][]*repo_model.Attachment, len(comments))
 	commentsIDs := comments.getAttachmentCommentIDs()
-	left := len(commentsIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		rows, err := db.GetEngine(ctx).
-			In("comment_id", commentsIDs[:limit]).
-			Rows(new(repo_model.Attachment))
-		if err != nil {
-			return err
-		}
-
-		for rows.Next() {
-			var attachment repo_model.Attachment
-			err = rows.Scan(&attachment)
-			if err != nil {
-				_ = rows.Close()
-				return err
-			}
-			attachments[attachment.CommentID] = append(attachments[attachment.CommentID], &attachment)
-		}
-
-		_ = rows.Close()
-		left -= limit
-		commentsIDs = commentsIDs[limit:]
+	attachments, err := db.GetByFieldIn(ctx, "comment_id", commentsIDs, &repo_model.Attachment{})
+	if err != nil {
+		return err
 	}
 
 	for _, comment := range comments {
diff --git a/models/issues/issue_list.go b/models/issues/issue_list.go
index 34cfe35475..e4fd9eef2b 100644
--- a/models/issues/issue_list.go
+++ b/models/issues/issue_list.go
@@ -6,6 +6,7 @@ package issues
 import (
 	"context"
 	"fmt"
+	"slices"
 
 	"forgejo.org/models/db"
 	project_model "forgejo.org/models/project"
@@ -40,18 +41,9 @@ func (issues IssueList) LoadRepositories(ctx context.Context) (repo_model.Reposi
 	}
 
 	repoIDs := issues.getRepoIDs()
-	repoMaps := make(map[int64]*repo_model.Repository, len(repoIDs))
-	left := len(repoIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		err := db.GetEngine(ctx).
-			In("id", repoIDs[:limit]).
-			Find(&repoMaps)
-		if err != nil {
-			return nil, fmt.Errorf("find repository: %w", err)
-		}
-		left -= limit
-		repoIDs = repoIDs[limit:]
+	repoMaps, err := db.GetByIDs(ctx, "id", repoIDs, &repo_model.Repository{})
+	if err != nil {
+		return nil, fmt.Errorf("find repository: %w", err)
 	}
 
 	for _, issue := range issues {
@@ -93,18 +85,9 @@ func (issues IssueList) LoadPosters(ctx context.Context) error {
 }
 
 func getPostersByIDs(ctx context.Context, posterIDs []int64) (map[int64]*user_model.User, error) {
-	posterMaps := make(map[int64]*user_model.User, len(posterIDs))
-	left := len(posterIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		err := db.GetEngine(ctx).
-			In("id", posterIDs[:limit]).
-			Find(&posterMaps)
-		if err != nil {
-			return nil, err
-		}
-		left -= limit
-		posterIDs = posterIDs[limit:]
+	posterMaps, err := db.GetByIDs(ctx, "id", posterIDs, &user_model.User{})
+	if err != nil {
+		return nil, err
 	}
 	return posterMaps, nil
 }
@@ -129,18 +112,15 @@ func (issues IssueList) LoadLabels(ctx context.Context) error {
 
 	issueLabels := make(map[int64][]*Label, len(issues)*3)
 	issueIDs := issues.getIssueIDs()
-	left := len(issueIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
+	for issueIDChunk := range slices.Chunk(issueIDs, db.DefaultMaxInSize) {
 		rows, err := db.GetEngine(ctx).Table("label").
 			Join("LEFT", "issue_label", "issue_label.label_id = label.id").
-			In("issue_label.issue_id", issueIDs[:limit]).
+			In("issue_label.issue_id", issueIDChunk).
 			Asc("label.name").
 			Rows(new(LabelIssue))
 		if err != nil {
 			return err
 		}
-
 		for rows.Next() {
 			var labelIssue LabelIssue
 			err = rows.Scan(&labelIssue)
@@ -157,8 +137,6 @@ func (issues IssueList) LoadLabels(ctx context.Context) error {
 		if err1 := rows.Close(); err1 != nil {
 			return fmt.Errorf("IssueList.LoadLabels: Close: %w", err1)
 		}
-		left -= limit
-		issueIDs = issueIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -180,18 +158,9 @@ func (issues IssueList) LoadMilestones(ctx context.Context) error {
 		return nil
 	}
 
-	milestoneMaps := make(map[int64]*Milestone, len(milestoneIDs))
-	left := len(milestoneIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		err := db.GetEngine(ctx).
-			In("id", milestoneIDs[:limit]).
-			Find(&milestoneMaps)
-		if err != nil {
-			return err
-		}
-		left -= limit
-		milestoneIDs = milestoneIDs[limit:]
+	milestoneMaps, err := db.GetByIDs(ctx, "id", milestoneIDs, &Milestone{})
+	if err != nil {
+		return err
 	}
 
 	for _, issue := range issues {
@@ -204,22 +173,19 @@ func (issues IssueList) LoadMilestones(ctx context.Context) error {
 func (issues IssueList) LoadProjects(ctx context.Context) error {
 	issueIDs := issues.getIssueIDs()
 	projectMaps := make(map[int64]*project_model.Project, len(issues))
-	left := len(issueIDs)
 
 	type projectWithIssueID struct {
 		*project_model.Project `xorm:"extends"`
 		IssueID                int64
 	}
 
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-
-		projects := make([]*projectWithIssueID, 0, limit)
+	for issueIDChunk := range slices.Chunk(issueIDs, db.DefaultMaxInSize) {
+		projects := make([]*projectWithIssueID, 0, len(issueIDChunk))
 		err := db.GetEngine(ctx).
 			Table("project").
 			Select("project.*, project_issue.issue_id").
 			Join("INNER", "project_issue", "project.id = project_issue.project_id").
-			In("project_issue.issue_id", issueIDs[:limit]).
+			In("project_issue.issue_id", issueIDChunk).
 			Find(&projects)
 		if err != nil {
 			return err
@@ -227,8 +193,6 @@ func (issues IssueList) LoadProjects(ctx context.Context) error {
 		for _, project := range projects {
 			projectMaps[project.IssueID] = project.Project
 		}
-		left -= limit
-		issueIDs = issueIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -249,12 +213,10 @@ func (issues IssueList) LoadAssignees(ctx context.Context) error {
 
 	assignees := make(map[int64][]*user_model.User, len(issues))
 	issueIDs := issues.getIssueIDs()
-	left := len(issueIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
+	for issueIDChunk := range slices.Chunk(issueIDs, db.DefaultMaxInSize) {
 		rows, err := db.GetEngine(ctx).Table("issue_assignees").
 			Join("INNER", "`user`", "`user`.id = `issue_assignees`.assignee_id").
-			In("`issue_assignees`.issue_id", issueIDs[:limit]).OrderBy(user_model.GetOrderByName()).
+			In("`issue_assignees`.issue_id", issueIDChunk).OrderBy(user_model.GetOrderByName()).
 			Rows(new(AssigneeIssue))
 		if err != nil {
 			return err
@@ -275,8 +237,6 @@ func (issues IssueList) LoadAssignees(ctx context.Context) error {
 		if err1 := rows.Close(); err1 != nil {
 			return fmt.Errorf("IssueList.loadAssignees: Close: %w", err1)
 		}
-		left -= limit
-		issueIDs = issueIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -306,33 +266,9 @@ func (issues IssueList) LoadPullRequests(ctx context.Context) error {
 		return nil
 	}
 
-	pullRequestMaps := make(map[int64]*PullRequest, len(issuesIDs))
-	left := len(issuesIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		rows, err := db.GetEngine(ctx).
-			In("issue_id", issuesIDs[:limit]).
-			Rows(new(PullRequest))
-		if err != nil {
-			return err
-		}
-
-		for rows.Next() {
-			var pr PullRequest
-			err = rows.Scan(&pr)
-			if err != nil {
-				if err1 := rows.Close(); err1 != nil {
-					return fmt.Errorf("IssueList.loadPullRequests: Close: %w", err1)
-				}
-				return err
-			}
-			pullRequestMaps[pr.IssueID] = &pr
-		}
-		if err1 := rows.Close(); err1 != nil {
-			return fmt.Errorf("IssueList.loadPullRequests: Close: %w", err1)
-		}
-		left -= limit
-		issuesIDs = issuesIDs[limit:]
+	pullRequestMaps, err := db.GetByIDs(ctx, "issue_id", issuesIDs, &PullRequest{})
+	if err != nil {
+		return err
 	}
 
 	for _, issue := range issues {
@@ -350,34 +286,10 @@ func (issues IssueList) LoadAttachments(ctx context.Context) (err error) {
 		return nil
 	}
 
-	attachments := make(map[int64][]*repo_model.Attachment, len(issues))
 	issuesIDs := issues.getIssueIDs()
-	left := len(issuesIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-		rows, err := db.GetEngine(ctx).
-			In("issue_id", issuesIDs[:limit]).
-			Rows(new(repo_model.Attachment))
-		if err != nil {
-			return err
-		}
-
-		for rows.Next() {
-			var attachment repo_model.Attachment
-			err = rows.Scan(&attachment)
-			if err != nil {
-				if err1 := rows.Close(); err1 != nil {
-					return fmt.Errorf("IssueList.loadAttachments: Close: %w", err1)
-				}
-				return err
-			}
-			attachments[attachment.IssueID] = append(attachments[attachment.IssueID], &attachment)
-		}
-		if err1 := rows.Close(); err1 != nil {
-			return fmt.Errorf("IssueList.loadAttachments: Close: %w", err1)
-		}
-		left -= limit
-		issuesIDs = issuesIDs[limit:]
+	attachments, err := db.GetByFieldIn(ctx, "issue_id", issuesIDs, &repo_model.Attachment{})
+	if err != nil {
+		return err
 	}
 
 	for _, issue := range issues {
@@ -394,12 +306,10 @@ func (issues IssueList) loadComments(ctx context.Context, cond builder.Cond) (er
 
 	comments := make(map[int64][]*Comment, len(issues))
 	issuesIDs := issues.getIssueIDs()
-	left := len(issuesIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
+	for issueIDChunk := range slices.Chunk(issuesIDs, db.DefaultMaxInSize) {
 		rows, err := db.GetEngine(ctx).Table("comment").
 			Join("INNER", "issue", "issue.id = comment.issue_id").
-			In("issue.id", issuesIDs[:limit]).
+			In("issue.id", issueIDChunk).
 			Where(cond).
 			Rows(new(Comment))
 		if err != nil {
@@ -420,8 +330,6 @@ func (issues IssueList) loadComments(ctx context.Context, cond builder.Cond) (er
 		if err1 := rows.Close(); err1 != nil {
 			return fmt.Errorf("IssueList.loadComments: Close: %w", err1)
 		}
-		left -= limit
-		issuesIDs = issuesIDs[limit:]
 	}
 
 	for _, issue := range issues {
@@ -457,15 +365,12 @@ func (issues IssueList) loadTotalTrackedTimes(ctx context.Context) (err error) {
 		}
 	}
 
-	left := len(ids)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
-
+	for idChunk := range slices.Chunk(ids, db.DefaultMaxInSize) {
 		// select issue_id, sum(time) from tracked_time where issue_id in (<issue ids in current page>) group by issue_id
 		rows, err := db.GetEngine(ctx).Table("tracked_time").
 			Where("deleted = ?", false).
 			Select("issue_id, sum(time) as time").
-			In("issue_id", ids[:limit]).
+			In("issue_id", idChunk).
 			GroupBy("issue_id").
 			Rows(new(totalTimesByIssue))
 		if err != nil {
@@ -486,8 +391,6 @@ func (issues IssueList) loadTotalTrackedTimes(ctx context.Context) (err error) {
 		if err1 := rows.Close(); err1 != nil {
 			return fmt.Errorf("IssueList.loadTotalTrackedTimes: Close: %w", err1)
 		}
-		left -= limit
-		ids = ids[limit:]
 	}
 
 	for _, issue := range issues {
diff --git a/models/issues/reaction.go b/models/issues/reaction.go
index 9a277a8c12..21975c6b00 100644
--- a/models/issues/reaction.go
+++ b/models/issues/reaction.go
@@ -7,6 +7,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"slices"
 
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
@@ -178,13 +179,12 @@ func FindReactions(ctx context.Context, opts FindReactionsOptions) (ReactionList
 
 func getReactionsForComments(ctx context.Context, issueID int64, commentIDs []int64) (map[int64]ReactionList, error) {
 	reactions := make(map[int64]ReactionList, len(commentIDs))
-	left := len(commentIDs)
-	for left > 0 {
-		limit := min(left, db.DefaultMaxInSize)
+
+	for commentIDChunk := range slices.Chunk(commentIDs, db.DefaultMaxInSize) {
 		rows, err := db.GetEngine(ctx).
 			Where(builder.Eq{"issue_id": issueID}).
 			In("reaction.`type`", setting.UI.Reactions).
-			In("comment_id", commentIDs[:limit]).
+			In("comment_id", commentIDChunk).
 			Rows(&Reaction{})
 		if err != nil {
 			return nil, err
@@ -201,8 +201,6 @@ func getReactionsForComments(ctx context.Context, issueID int64, commentIDs []in
 		}
 
 		_ = rows.Close()
-		left -= limit
-		commentIDs = commentIDs[limit:]
 	}
 	return reactions, nil
 }
diff --git a/tests/integration/db_query_test.go b/tests/integration/db_query_test.go
new file mode 100644
index 0000000000..799d3219e8
--- /dev/null
+++ b/tests/integration/db_query_test.go
@@ -0,0 +1,64 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"fmt"
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/db"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// These are basically unit tests, but by running them in the integration test suite they are tested against all
+// supported database types.
+
+func TestDatabaseDefaultMaxInSize(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	// Ensure there are more than db.DefaultMaxInSize objects in a table:
+	targetCount := db.DefaultMaxInSize * 2
+	for i := range targetCount {
+		_, err := actions_model.InsertVariable(t.Context(), 2, 2, fmt.Sprintf("VAR_%d", i), fmt.Sprintf("Value %d", i))
+		require.NoError(t, err)
+	}
+
+	t.Run("GetByIDs", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allActionVariables := make([]*actions_model.ActionVariable, 0, targetCount)
+		err := db.GetEngine(t.Context()).Find(&allActionVariables)
+		require.NoError(t, err)
+
+		allIDs := make([]int64, len(allActionVariables))
+		for i := range allActionVariables {
+			allIDs[i] = allActionVariables[i].ID
+		}
+
+		allActionVariablesAgain, err := db.GetByIDs(t.Context(), "id", allIDs, &actions_model.ActionVariable{})
+		require.NoError(t, err)
+		assert.Len(t, allActionVariablesAgain, len(allActionVariables))
+	})
+
+	t.Run("GetByFieldIn", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		allActionVariables := make([]*actions_model.ActionVariable, 0, targetCount)
+		err := db.GetEngine(t.Context()).Find(&allActionVariables)
+		require.NoError(t, err)
+
+		allIDs := make([]int64, len(allActionVariables))
+		for i := range allActionVariables {
+			allIDs[i] = allActionVariables[i].ID
+		}
+
+		allActionVariablesAgain, err := db.GetByFieldIn(t.Context(), "id", allIDs, &actions_model.ActionVariable{})
+		require.NoError(t, err)
+		assert.Len(t, allActionVariablesAgain, len(allActionVariables))
+	})
+}

From f18873f83be2369b34222bbf1c4a5a6bd85b5d4f Mon Sep 17 00:00:00 2001
From: elbaro <elbaro@noreply.codeberg.org>
Date: Mon, 6 Apr 2026 03:43:41 +0200
Subject: [PATCH 635/854] feat: add /actions/runs/{id}/jobs (#11915)

This PR is a minimal implementation to add `/actions/runs/{id}/jobs` (#11859).
This endpoint is also required by `/actions/jobs/{id}/logs`.

The pagination, filtering, custom sorting, more response fields are left to future work.

## Usage

```
curl -X 'GET' \
  'https://hostname/api/v1/repos/{owner}/{repo}/actions/runs/{id}/jobs' \
  -H 'accept: application/json'
```

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Co-authored-by: elbaro <elbaro@users.noreply.github.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11915
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: elbaro <elbaro@noreply.codeberg.org>
Co-committed-by: elbaro <elbaro@noreply.codeberg.org>
---
 routers/api/v1/api.go                      |   1 +
 routers/api/v1/repo/action.go              |  65 +++++++++++++
 routers/api/v1/shared/runners.go           |  13 +--
 routers/api/v1/swagger/repo.go             |   7 ++
 services/convert/action.go                 |  19 ++++
 templates/swagger/v1_json.tmpl             |  59 ++++++++++++
 tests/integration/api_repo_actions_test.go | 107 +++++++++++++++++++++
 7 files changed, 259 insertions(+), 12 deletions(-)

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 2c10464438..d0b8531aea 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -1238,6 +1238,7 @@ func Routes() *web.Route {
 					m.Group("/runs", func() {
 						m.Get("", repo.ListActionRuns)
 						m.Get("/{run_id}", repo.GetActionRun)
+						m.Get("/{run_id}/jobs", repo.ListActionRunJobs)
 					})
 
 					m.Group("/workflows", func() {
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index 63baaf4437..ba430d2e64 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -1031,3 +1031,68 @@ func GetActionRun(ctx *context.APIContext) {
 
 	ctx.JSON(http.StatusOK, convert.ToActionRun(ctx, run, ctx.Doer))
 }
+
+// ListActionRunJobs return a filtered list of jobs that belong to a single workflow run
+func ListActionRunJobs(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs repository ListActionRunJobs
+	// ---
+	// summary: List jobs of a workflow run
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: run_id
+	//   in: path
+	//   description: ID of the workflow run
+	//   type: integer
+	//   format: int64
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/ActionRunJobList"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	run, err := actions_model.GetRunByID(ctx, ctx.ParamsInt64(":run_id"))
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			ctx.Error(http.StatusNotFound, "GetRunById", err)
+		} else {
+			ctx.Error(http.StatusInternalServerError, "GetRunByID", err)
+		}
+		return
+	}
+
+	// Action runs lives in its own table, therefore we check that the
+	// run with the requested ID is owned by the repository
+	if ctx.Repo.Repository.ID != run.RepoID {
+		ctx.Error(http.StatusNotFound, "GetRunById", util.ErrNotExist)
+		return
+	}
+
+	jobs, err := actions_model.GetRunJobsByRunID(ctx, run.ID)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "GetRunJobsByRunID", err)
+		return
+	}
+
+	response := make([]*api.ActionRunJob, 0, len(jobs))
+	for _, job := range jobs {
+		response = append(response, convert.ToActionRunJob(job))
+	}
+
+	ctx.JSON(http.StatusOK, response)
+}
diff --git a/routers/api/v1/shared/runners.go b/routers/api/v1/shared/runners.go
index 21021e4076..6c99630ae1 100644
--- a/routers/api/v1/shared/runners.go
+++ b/routers/api/v1/shared/runners.go
@@ -74,18 +74,7 @@ func fromRunJobModelToResponse(job []*actions_model.ActionRunJob, labels []strin
 	var res []*structs.ActionRunJob
 	for i := range job {
 		if len(labels) == 0 || labels[0] == "" && len(job[i].RunsOn) == 0 || job[i].ItRunsOn(labels) {
-			res = append(res, &structs.ActionRunJob{
-				ID:      job[i].ID,
-				Attempt: job[i].Attempt,
-				Handle:  job[i].Handle,
-				RepoID:  job[i].RepoID,
-				OwnerID: job[i].OwnerID,
-				Name:    job[i].Name,
-				Needs:   job[i].Needs,
-				RunsOn:  job[i].RunsOn,
-				TaskID:  job[i].TaskID,
-				Status:  job[i].Status.String(),
-			})
+			res = append(res, convert.ToActionRunJob(job[i]))
 		}
 	}
 	return res
diff --git a/routers/api/v1/swagger/repo.go b/routers/api/v1/swagger/repo.go
index 31da865bb5..5ad16b21ae 100644
--- a/routers/api/v1/swagger/repo.go
+++ b/routers/api/v1/swagger/repo.go
@@ -526,3 +526,10 @@ type swaggerActionRun struct {
 	// in:body
 	Body api.ActionRun `json:"body"`
 }
+
+// ActionRunJobList
+// swagger:response ActionRunJobList
+type swaggerActionRunJobList struct {
+	// in:body
+	Body []api.ActionRunJob `json:"body"`
+}
diff --git a/services/convert/action.go b/services/convert/action.go
index 703c1f1261..204139e3aa 100644
--- a/services/convert/action.go
+++ b/services/convert/action.go
@@ -47,3 +47,22 @@ func ToActionRun(ctx context.Context, run *actions_model.ActionRun, doer *user_m
 		HTMLURL:           run.HTMLURL(),
 	}
 }
+
+func ToActionRunJob(job *actions_model.ActionRunJob) *api.ActionRunJob {
+	if job == nil {
+		return nil
+	}
+
+	return &api.ActionRunJob{
+		ID:      job.ID,
+		Attempt: job.Attempt,
+		Handle:  job.Handle,
+		RepoID:  job.RepoID,
+		OwnerID: job.OwnerID,
+		Name:    job.Name,
+		Needs:   job.Needs,
+		RunsOn:  job.RunsOn,
+		TaskID:  job.TaskID,
+		Status:  job.Status.String(),
+	}
+}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index d45f9b2893..e9b10e1e52 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -5882,6 +5882,56 @@
         }
       }
     },
+    "/repos/{owner}/{repo}/actions/runs/{run_id}/jobs": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "List jobs of a workflow run",
+        "operationId": "ListActionRunJobs",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "integer",
+            "format": "int64",
+            "description": "ID of the workflow run",
+            "name": "run_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/ActionRunJobList"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
     "/repos/{owner}/{repo}/actions/secrets": {
       "get": {
         "produces": [
@@ -30327,6 +30377,15 @@
         "$ref": "#/definitions/ActionRun"
       }
     },
+    "ActionRunJobList": {
+      "description": "ActionRunJobList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/ActionRunJob"
+        }
+      }
+    },
     "ActionRunList": {
       "description": "ActionRunList",
       "schema": {
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index fa56346a27..ccf333191e 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -4,6 +4,7 @@
 package integration
 
 import (
+	"context"
 	"fmt"
 	"io"
 	"net/http"
@@ -668,3 +669,109 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 		MakeRequest(t, request, http.StatusNotFound)
 	})
 }
+
+func TestActionsAPIListActionRunJobs(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Jobs", func(t *testing.T) {
+		for _, setup := range []struct {
+			runID, repoID int64
+		}{
+			{793, 4},
+			{895, 4},
+		} {
+			repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: setup.repoID})
+			user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+			token := getUserToken(t, user.LowerName, auth_model.AccessTokenScopeReadRepository)
+			req := NewRequest(t, http.MethodGet,
+				fmt.Sprintf("/api/v1/repos/%s/%s/actions/runs/%d/jobs",
+					repo.OwnerName, repo.Name, setup.runID,
+				),
+			).AddTokenAuth(token)
+			res := MakeRequest(t, req, http.StatusOK)
+			var jobList []*api.ActionRunJob
+			DecodeJSON(t, res, &jobList)
+
+			correctJobList, err := actions_model.GetRunJobsByRunID(context.Background(), setup.runID)
+			require.NoError(t, err, "GetRunJobsByRunID")
+			assert.Len(t, jobList, len(correctJobList))
+
+			for i := range jobList {
+				expected := correctJobList[i]
+				actual := jobList[i]
+				assert.Equal(t, expected.ID, actual.ID)
+				assert.Equal(t, expected.Attempt, actual.Attempt)
+				assert.Equal(t, expected.Handle, actual.Handle)
+				assert.Equal(t, expected.RepoID, actual.RepoID)
+				assert.Equal(t, expected.OwnerID, actual.OwnerID)
+				assert.Equal(t, expected.Name, actual.Name)
+				assert.Equal(t, expected.Needs, actual.Needs)
+				assert.Equal(t, expected.RunsOn, actual.RunsOn)
+				assert.Equal(t, expected.TaskID, actual.TaskID)
+				assert.Equal(t, expected.Status.String(), actual.Status)
+
+				if expected.ID == 195 {
+					assert.Equal(t, &api.ActionRunJob{
+						ID:      195,
+						Attempt: 1,
+						Handle:  "",
+						RepoID:  4,
+						OwnerID: 1,
+						Name:    "job1 (2)",
+						Needs:   nil,
+						RunsOn:  nil,
+						TaskID:  50,
+						Status:  "success",
+					}, actual)
+				} else if expected.ID == 197 {
+					assert.Equal(t, &api.ActionRunJob{
+						ID:      197,
+						Attempt: 0,
+						Handle:  "",
+						RepoID:  4,
+						OwnerID: 1,
+						Name:    "job1 (1)",
+						Needs:   nil,
+						RunsOn:  []string{"postmarketOS"},
+						TaskID:  54,
+						Status:  "failure",
+					}, actual)
+				}
+			}
+		}
+	})
+
+	repoID := int64(4)
+	runID := int64(793)
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: repoID})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+	token := getUserToken(t, user.LowerName, auth_model.AccessTokenScopeReadRepository)
+
+	t.Run("Wrong Run ID", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/runs/%d/jobs",
+				repo.OwnerName, repo.Name, runID+9999,
+			),
+		).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+
+	t.Run("Wrong Repo Name", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/runs/%d/jobs",
+				repo.OwnerName, repo.Name+"_wrong_repo", runID,
+			),
+		).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+
+	t.Run("Wrong Owner", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/runs/%d/jobs",
+				repo.OwnerName+"_wrong_owner", repo.Name, runID,
+			),
+		).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+}

From 92f1b6fdd2851bb522b8b153d77f51eaf67ad309 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Tue, 7 Apr 2026 05:03:26 +0200
Subject: [PATCH 636/854] test: fix test that was supposed to test DST
 behaviour but did not (#12007)

https://codeberg.org/forgejo/forgejo/pulls/11851 introduced tests that verify the scheduling of Forgejo Actions workflows during daylight saving time (DST) changes. Unfortunately, one test didn't test what it was supposed to because it used a reference time in UTC that was already after the clock change has happened.

This change also adds tests that verify that `NewActionScheduleSpec()` respects time zones when calculating the initial execution time of a scheduled workflow.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12007
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 models/actions/schedule_spec_test.go | 50 ++++++++++++++++++++++++----
 1 file changed, 44 insertions(+), 6 deletions(-)

diff --git a/models/actions/schedule_spec_test.go b/models/actions/schedule_spec_test.go
index eb3a83d0a6..6b9db9f39a 100644
--- a/models/actions/schedule_spec_test.go
+++ b/models/actions/schedule_spec_test.go
@@ -13,6 +13,44 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+func TestActionScheduleSpec_NewActionScheduleSpec(t *testing.T) {
+	tests := []struct {
+		name        string
+		refTime     time.Time
+		cronPattern string
+		timeZone    string
+		want        string
+		wantErr     assert.ErrorAssertionFunc
+	}{
+		{
+			name:        "without timezone",
+			refTime:     time.Date(2026, 4, 6, 11, 56, 0, 0, time.UTC),
+			cronPattern: "58 14 * * *",
+			want:        "2026-04-06T14:58:00Z",
+			wantErr:     assert.NoError,
+		},
+		{
+			name:        "with separate timezone",
+			refTime:     time.Date(2026, 4, 6, 11, 56, 0, 0, time.UTC),
+			cronPattern: "58 14 * * *",
+			timeZone:    "Europe/Tallinn", // +03 (EEST)
+			want:        "2026-04-06T11:58:00Z",
+			wantErr:     assert.NoError,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+			s, err := NewActionScheduleSpec(test.cronPattern, optional.FromNonDefault(test.timeZone), test.refTime)
+			test.wantErr(t, err)
+
+			if err == nil {
+				assert.Equal(t, test.want, s.Next.AsTime().UTC().Format(time.RFC3339))
+			}
+		})
+	}
+}
+
 func TestActionScheduleSpec_Parse(t *testing.T) {
 	// Mock the local timezone is not UTC
 	local := time.Local
@@ -88,24 +126,24 @@ func TestActionScheduleSpec_Parse(t *testing.T) {
 			// skipping the execution on that day because any time between 2 and 3 o'clock never happened. Forgejo uses
 			// option B because the code it inherited already did that and was exposed to users.
 			name:     "skips execution during DST jump forwards",
-			refTime:  time.Date(2025, 3, 30, 1, 5, 0, 0, time.UTC),
-			spec:     "10 2 * * *", // The clock jumps at 2 o'clock to 3 o'clock.
+			refTime:  time.Date(2025, 3, 30, 0, 55, 0, 0, time.UTC), // 01:55 local time
+			spec:     "10 2 * * *",                                  // The clock jumps at 2 o'clock to 3 o'clock.
 			timeZone: "Europe/Berlin",
 			want:     "2025-03-31T00:10:00Z",
 			wantErr:  assert.NoError,
 		},
 		{
 			name:     "executes a first time before DST jump backwards",
-			refTime:  time.Date(2025, 10, 26, 0, 5, 0, 0, time.UTC),
-			spec:     "10 2 * * *", // The clock jumps at 3 o'clock to 2 o'clock.
+			refTime:  time.Date(2025, 10, 26, 0, 5, 0, 0, time.UTC), // 02:05 local time
+			spec:     "10 2 * * *",                                  // The clock jumps at 3 o'clock to 2 o'clock.
 			timeZone: "Europe/Berlin",
 			want:     "2025-10-26T00:10:00Z",
 			wantErr:  assert.NoError,
 		},
 		{
 			name:     "executes a second time after DST jump backwards",
-			refTime:  time.Date(2025, 10, 26, 1, 5, 0, 0, time.UTC),
-			spec:     "10 2 * * *", // The clock jumps at 3 o'clock to 2 o'clock.
+			refTime:  time.Date(2025, 10, 26, 1, 5, 0, 0, time.UTC), // 02:05 local time
+			spec:     "10 2 * * *",                                  // The clock jumps at 3 o'clock to 2 o'clock.
 			timeZone: "Europe/Berlin",
 			want:     "2025-10-26T01:10:00Z",
 			wantErr:  assert.NoError,

From 0b9e11d96bce9660ce9becdf6ed08d1ae90071e7 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 7 Apr 2026 06:50:24 +0200
Subject: [PATCH 637/854] Update renovate Docker tag to v43.104.4 (forgejo)
 (#12002)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 08e8632ac8..665d8b5f38 100644
--- a/Makefile
+++ b/Makefile
@@ -48,7 +48,7 @@ GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasour
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.43.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.99.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.104.8 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From dd968f147d500920b80dbbf3fc0faf9034ca8ddd Mon Sep 17 00:00:00 2001
From: Henry Catalini Smith <henry@catalinismith.se>
Date: Wed, 8 Apr 2026 02:20:35 +0200
Subject: [PATCH 638/854] Improve repo file list table semantics for screen
 readers (#11846)

https://codeberg.org/forgejo/forgejo/issues/11116

To understand the impact of this you really need to listen to the before and after screen recordings attached. https://codeberg.org/forgejo/forgejo/issues/11116 is a really great bug report, and I was surprised by how disorienting this actually was when testing manually compared to my expectation after reading the issue. This is an impactful improvement!

This is my first time adding new translation strings. Excited to learn more about that if I've guessed wrong about how to do it.

To summarise, what we're doing here is as follows.

1. Address the core issue by changing the existing `<th>` elements to `<td>` so that screen readers stop semantically associating them with each row and reading them out for every table cell.
2. Replace them with real `<th>` elements that communicate the true semantic role of each column.
3. Add a `<caption>`. This serves a dual purpose: it gives the table an accessible name which improves the navigability of the page, and it gives us a place to explain to the user that the first row of the table is a little bit different because it's the latest commit rather than a file in the repo.
4. Visually hide the new caption and headings so that only screen reader users get them.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for JavaScript changes

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11846
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Henry Catalini Smith <henry@catalinismith.se>
Co-committed-by: Henry Catalini Smith <henry@catalinismith.se>
---
 options/locale_next/locale_en-US.json |  4 ++++
 templates/repo/view_list.tmpl         | 18 ++++++++++++------
 tests/integration/repo_test.go        |  4 ++--
 web_src/css/repo.css                  |  2 +-
 4 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index c0ed083b66..3ffcb45bce 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -52,6 +52,10 @@
 	"relativetime.1week": "last week",
 	"relativetime.1month": "last month",
 	"relativetime.1year": "last year",
+	"repo.files.caption": "Repository files (latest commit first)",
+	"repo.files.filename": "Filename",
+	"repo.files.last_commit_message": "Latest commit message",
+	"repo.files.last_commit_date": "Latest commit date",
 	"repo.issues.filter_poster.hint": "Filter by the author",
 	"repo.issues.filter_assignee.hint": "Filter by assigned user",
 	"repo.issues.filter_reviewers.hint": "Filter by user who reviewed",
diff --git a/templates/repo/view_list.tmpl b/templates/repo/view_list.tmpl
index ffd8b1a515..75f53c1b5f 100644
--- a/templates/repo/view_list.tmpl
+++ b/templates/repo/view_list.tmpl
@@ -1,17 +1,23 @@
 <table id="repo-files-table" class="ui single line table tw-mt-0" {{if .HasFilesWithoutLatestCommit}}hx-indicator="tr.notready td.message span" hx-trigger="load" hx-swap="morph" hx-post="{{.LastCommitLoaderURL}}"{{end}}>
-	<thead>
+	<caption class="tw-sr-only">
+		{{ctx.Locale.Tr "repo.files.caption"}}
+	</caption>
+	<thead class="tw-sr-only">
+		<th>{{ctx.Locale.Tr "repo.files.filename"}}</th>
+		<th>{{ctx.Locale.Tr "repo.files.last_commit_message"}}</th>
+		<th>{{ctx.Locale.Tr "repo.files.last_commit_date"}}</th>
+	</thead>
+	<tbody>
 		<tr class="commit-list">
-			<th class="tw-overflow-hidden" colspan="2">
+			<td class="tw-overflow-hidden" colspan="2">
 				<div class="tw-flex">
 					<div class="latest-commit">
 						{{template "repo/latest_commit" .}}
 					</div>
 				</div>
-			</th>
-			<th class="text grey right age">{{if .LatestCommit}}{{if .LatestCommit.Committer}}{{DateUtils.TimeSince .LatestCommit.Committer.When}}{{end}}{{end}}</th>
+			</td>
+			<td class="text grey right age">{{if .LatestCommit}}{{if .LatestCommit.Committer}}{{DateUtils.TimeSince .LatestCommit.Committer.When}}{{end}}{{end}}</td>
 		</tr>
-	</thead>
-	<tbody>
 		{{if .HasParentPath}}
 			<tr class="has-parent">
 				<td colspan="3"><a class="muted" href="{{.BranchLink}}{{if .ParentPath}}{{PathEscapeSegments .ParentPath}}{{end}}">{{svg "octicon-reply" 16 "tw-mr-2"}}..</a></td>
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index 1b4a574f13..2f189bf7a8 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -70,7 +70,7 @@ func testViewRepo(t *testing.T) {
 	resp := session.MakeRequest(t, req, http.StatusOK)
 
 	htmlDoc := NewHTMLParser(t, resp.Body)
-	files := htmlDoc.doc.Find("#repo-files-table  > TBODY > TR")
+	files := htmlDoc.doc.Find("#repo-files-table > tbody > tr:not(.commit-list)")
 
 	type file struct {
 		fileName   string
@@ -1039,7 +1039,7 @@ func TestRepoFilesList(t *testing.T) {
 		resp := MakeRequest(t, req, http.StatusOK)
 
 		htmlDoc := NewHTMLParser(t, resp.Body)
-		filesList := htmlDoc.Find("#repo-files-table tbody tr").Map(func(_ int, s *goquery.Selection) string {
+		filesList := htmlDoc.Find("#repo-files-table tbody tr:not(.commit-list)").Map(func(_ int, s *goquery.Selection) string {
 			return s.AttrOr("data-entryname", "")
 		})
 
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index 00f159f33b..66b1d5df71 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -237,7 +237,7 @@ td .commit-summary {
   max-width: calc(calc(min(100vw, 1280px)) - 145px - calc(2 * var(--page-margin-x)));
 }
 
-.repository.file.list #repo-files-table thead th {
+.repo-files-table-latest-commit-row td {
   font-weight: var(--font-weight-normal);
 }
 

From 8a6d76cff4800b459f0d8bd03f49d24638598214 Mon Sep 17 00:00:00 2001
From: Henry Catalini Smith <henry@catalinismith.se>
Date: Wed, 8 Apr 2026 02:32:14 +0200
Subject: [PATCH 639/854] Preserve focus on star/unstar & watch/unwatch buttons
 after click (#11932)

Fixes https://codeberg.org/forgejo/forgejo/issues/11880.

Adding `hx-on::after-settle="this.querySelector('button').focus()"` restores focus after the content has been swapped and the DOM has been setled. I tried `hx-on::after-swap` first since it's mentioned more often in https://github.com/bigskysoftware/htmx/issues/1869, but it didn't work.

The demo attached in `focus.mp4` runs through a series of repeated clicks on both buttons. You can hear the screen reader announce the button's new label when focus is restored.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11932
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Henry Catalini Smith <henry@catalinismith.se>
Co-committed-by: Henry Catalini Smith <henry@catalinismith.se>
---
 templates/repo/star_unstar.tmpl   |  2 +-
 templates/repo/watch_unwatch.tmpl |  2 +-
 tests/e2e/repo-home.test.e2e.ts   | 14 ++++++++++++++
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/templates/repo/star_unstar.tmpl b/templates/repo/star_unstar.tmpl
index d483495dd4..f3c1afc53c 100644
--- a/templates/repo/star_unstar.tmpl
+++ b/templates/repo/star_unstar.tmpl
@@ -1,4 +1,4 @@
-<form hx-boost="true" hx-target="this" method="post" action="{{$.RepoLink}}/action/{{if $.IsStaringRepo}}un{{end}}star">
+<form hx-boost="true" hx-target="this" method="post" action="{{$.RepoLink}}/action/{{if $.IsStaringRepo}}un{{end}}star" hx-on::after-settle="this.querySelector('button').focus()">
 	<div class="ui labeled button" {{if not $.IsSigned}}data-tooltip-content="{{ctx.Locale.Tr "repo.star_guest_user"}}"{{end}}>
 		<button type="submit" class="ui compact small basic button"{{if not $.IsSigned}} disabled{{end}} aria-label="{{if $.IsStaringRepo}}{{ctx.Locale.Tr "repo.unstar"}}{{else}}{{ctx.Locale.Tr "repo.star"}}{{end}}">
 			{{if $.IsStaringRepo}}
diff --git a/templates/repo/watch_unwatch.tmpl b/templates/repo/watch_unwatch.tmpl
index 35d527af98..d846e17dce 100644
--- a/templates/repo/watch_unwatch.tmpl
+++ b/templates/repo/watch_unwatch.tmpl
@@ -1,4 +1,4 @@
-<form hx-boost="true" hx-target="this" method="post" action="{{$.RepoLink}}/action/{{if $.IsWatchingRepo}}un{{end}}watch">
+<form hx-boost="true" hx-target="this" method="post" action="{{$.RepoLink}}/action/{{if $.IsWatchingRepo}}un{{end}}watch" hx-on::after-settle="this.querySelector('button').focus()">
 	<div class="ui labeled button" {{if not $.IsSigned}}data-tooltip-content="{{ctx.Locale.Tr "repo.watch_guest_user"}}"{{end}}>
 		<button type="submit" class="ui compact small basic button"{{if not $.IsSigned}} disabled{{end}} aria-label="{{if $.IsWatchingRepo}}{{ctx.Locale.Tr "repo.unwatch"}}{{else}}{{ctx.Locale.Tr "repo.watch"}}{{end}}">
 			{{if $.IsWatchingRepo}}
diff --git a/tests/e2e/repo-home.test.e2e.ts b/tests/e2e/repo-home.test.e2e.ts
index 5a10c719c7..2869147429 100644
--- a/tests/e2e/repo-home.test.e2e.ts
+++ b/tests/e2e/repo-home.test.e2e.ts
@@ -12,6 +12,8 @@ import {expect} from '@playwright/test';
 import {test} from './utils_e2e.ts';
 import {screenshot} from './shared/screenshots.ts';
 
+test.use({user: 'user2'});
+
 test('Language stats bar', async ({browser}) => {
   // This test doesn't need JS and runs a little faster without it
   const context = await browser.newContext({javaScriptEnabled: false});
@@ -55,3 +57,15 @@ test('Branch selector commit icon', async ({page}) => {
   await expect(page.locator('.branch-dropdown-button svg.octicon-git-commit')).toBeVisible();
   await expect(page.locator('.branch-dropdown-button')).toHaveText('65f1bf27bc');
 });
+
+test('Star button focus retention', async ({page}) => {
+  const response = await page.goto('/user2/repo1');
+  expect(response?.status()).toBe(200);
+
+  const starButton = page.locator('button[aria-label="Star"], button[aria-label="Unstar"]');
+  await starButton.click();
+
+  await expect(
+    page.locator('button[aria-label="Star"]:focus, button[aria-label="Unstar"]:focus'),
+  ).toBeVisible();
+});

From 8f48841c683cc53c3de941e2f0c029874e786541 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 8 Apr 2026 15:30:57 +0200
Subject: [PATCH 640/854] Update dependency go to v1.26.2 (forgejo) (#12025)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12025
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 9ec653792b..290c39dcdf 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module forgejo.org
 
 go 1.25.0
 
-toolchain go1.26.1
+toolchain go1.26.2
 
 require (
 	code.forgejo.org/f3/gof3/v3 v3.11.15

From bdd2a1def7a2364f3f8175d5ef29b6c48b88d486 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 8 Apr 2026 15:42:39 +0200
Subject: [PATCH 641/854] fix: prevent actions workflows from generating OIDC
 tokens if not authorized in workflow (#12030)

When using Forgejo's `enable-openid-connect: true`, a URL is generated into the actions under `$ACTIONS_ID_TOKEN_REQUEST_URL` that can be used to generate a JWT for accessing third-party resources authenticated as the action executing in this server on this repo.  However, the endpoint of that url (`.../idtoken`) had unintentionally missed a `return` on an internal server error, and was missing a check that the action actually had `enable-openid-connect: true` on it.  As a result, it was possible to generate a JWT for accessing third-party resources from an action that wasn't expected to be generating JWTs.

In terms of real-world vulnerability, the most likely risk is that the JWT could be generated from a forked pull request.  By not using the `$ACTIONS_ID_TOKEN_REQUEST_URL` and instead going directly to the `.../idtoken` endpoint, and parsing a generated JWT response that will be mixed with an error response, it's possible to retrieve a JWT in a forked pull request.  It would require a slight misconfiguration on a third-party system to allow that JWT access, but it's a plausible risk.

As this is a feature in Forgejo 15 that hasn't been released, it will be fixed in-public.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
    - Feature is not yet released.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12030
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 routers/api/actions/id_token.go                | 9 +++++++++
 tests/integration/api_actions_id_token_test.go | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/routers/api/actions/id_token.go b/routers/api/actions/id_token.go
index 5eacc77fc9..ab9b2c8d22 100644
--- a/routers/api/actions/id_token.go
+++ b/routers/api/actions/id_token.go
@@ -6,6 +6,7 @@ package actions
 import (
 	"fmt"
 	"net/http"
+	"slices"
 	"strings"
 	"time"
 
@@ -72,6 +73,7 @@ func IDTokenContexter() func(next http.Handler) http.Handler {
 			if err != nil {
 				log.Error("Error runner api parsing custom claims: %v", err)
 				ctx.Error(http.StatusInternalServerError, "Error runner api parsing custom claims")
+				return
 			}
 
 			task, err := actions.GetTaskByID(req.Context(), authorizationTokenClaims.TaskID)
@@ -99,6 +101,13 @@ func IDTokenContexter() func(next http.Handler) http.Handler {
 				return
 			}
 
+			generateIDTokenScp := fmt.Sprintf("generate_id_token:%d:%d", task.Job.RunID, task.Job.ID)
+			scp := strings.Split(authorizationTokenClaims.Scp, " ")
+			if !slices.Contains(scp, generateIDTokenScp) {
+				ctx.Error(http.StatusForbidden, "missing scp generate_id_token")
+				return
+			}
+
 			audience := req.URL.Query().Get("audience")
 			if audience == "" {
 				// Default to organization that owns the repo if no audience is provided
diff --git a/tests/integration/api_actions_id_token_test.go b/tests/integration/api_actions_id_token_test.go
index d5c7301ad1..53a0a5b269 100644
--- a/tests/integration/api_actions_id_token_test.go
+++ b/tests/integration/api_actions_id_token_test.go
@@ -47,6 +47,8 @@ func TestActionsIDToken(t *testing.T) {
 
 	token, err := actions_service.CreateAuthorizationToken(task, gitCtx, true)
 	require.NoError(t, err)
+	tokenWithoutOIDCAccess, err := actions_service.CreateAuthorizationToken(task, gitCtx, false)
+	require.NoError(t, err)
 
 	// get JWKs information
 	req := NewRequest(t, "GET", "/api/actions/.well-known/keys")
@@ -118,6 +120,13 @@ func TestActionsIDToken(t *testing.T) {
 		doAssertions("testingAud", claims)
 	})
 
+	t.Run("with token that doesn't support OIDC", func(t *testing.T) {
+		req = NewRequest(t, "GET", "/api/actions/_apis/pipelines/workflows/792/idtoken?placeholder=true").AddTokenAuth(tokenWithoutOIDCAccess)
+		resp = MakeRequest(t, req, http.StatusInternalServerError)
+		assert.Contains(t, resp.Body.String(), "Error runner api parsing custom claims")
+		assert.NotContains(t, resp.Body.String(), "value") // must not leak an actual `getTokenResponse`
+	})
+
 	t.Run("with no auth header", func(t *testing.T) {
 		req = NewRequest(t, "GET", "/api/actions/_apis/pipelines/workflows/792/idtoken?placeholder=true&audience=testingAud")
 		resp = MakeRequest(t, req, http.StatusUnauthorized)

From 8154ea5beaf13ed815a137ab65bcd0df5925f46f Mon Sep 17 00:00:00 2001
From: Saibotk <git@saibotk.de>
Date: Wed, 8 Apr 2026 16:20:19 +0200
Subject: [PATCH 642/854] fix(doctor): remove broken mergebase check (#12023)

Fixes https://codeberg.org/forgejo/forgejo/issues/6163
Fixes https://codeberg.org/forgejo/forgejo/issues/3343

The merge base doctor check & fix was broken and could introduce irreversible "fixes" to wrong merge bases for PRs using the `fast-forward` and `rebase-and-merge` strategies.

The mergebase fix was originally introduced in a migration [0] to fix an existing issue [1] in the merge code in 2020.
Later added as a doctor command without explanation [2].

We decided to remove this check, as there is no apparent reason for it to still be necessary or any PR merge base state being out of sync with the current implementation.
It does more harm to keep the code in and there is no way to fix `fast-forward` and `rebase-and-merge` PRs, due to their merge implementation.

`fast-forward`: The git state inherently cannot reconstruct a merge base in this scenario by design.
`rebase-and-merge`: Is rebased on a temporary repository clone and thus might receive a different merge base, depending on how far the target branch is ahead.

[0]: https://codeberg.org/forgejo/forgejo/commit/4a2b76d9c8e00769d81eed2f149b6da20cc2d339
[1]: https://codeberg.org/forgejo/forgejo/commit/4a2b76d9c8e00769d81eed2f149b6da20cc2d339
[2]: https://codeberg.org/forgejo/forgejo/commit/d26885e2bf0a53af1c5c97c9d062f329250d8d20#diff-84d6d60112991392d6ba2cae4cd919fb3ee8afb8

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12023
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Saibotk <git@saibotk.de>
Co-committed-by: Saibotk <git@saibotk.de>
---
 services/doctor/mergebase.go | 114 -----------------------------------
 1 file changed, 114 deletions(-)
 delete mode 100644 services/doctor/mergebase.go

diff --git a/services/doctor/mergebase.go b/services/doctor/mergebase.go
deleted file mode 100644
index bebde30bee..0000000000
--- a/services/doctor/mergebase.go
+++ /dev/null
@@ -1,114 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package doctor
-
-import (
-	"context"
-	"fmt"
-	"strings"
-
-	"forgejo.org/models/db"
-	issues_model "forgejo.org/models/issues"
-	repo_model "forgejo.org/models/repo"
-	"forgejo.org/modules/git"
-	"forgejo.org/modules/log"
-
-	"xorm.io/builder"
-)
-
-func iteratePRs(ctx context.Context, repo *repo_model.Repository, each func(*repo_model.Repository, *issues_model.PullRequest) error) error {
-	return db.Iterate(
-		ctx,
-		builder.Eq{"base_repo_id": repo.ID},
-		func(ctx context.Context, bean *issues_model.PullRequest) error {
-			return each(repo, bean)
-		},
-	)
-}
-
-func checkPRMergeBase(ctx context.Context, logger log.Logger, autofix bool) error {
-	numRepos := 0
-	numPRs := 0
-	numPRsUpdated := 0
-	err := iterateRepositories(ctx, func(repo *repo_model.Repository) error {
-		numRepos++
-		return iteratePRs(ctx, repo, func(repo *repo_model.Repository, pr *issues_model.PullRequest) error {
-			numPRs++
-			pr.BaseRepo = repo
-			repoPath := repo.RepoPath()
-
-			oldMergeBase := pr.MergeBase
-
-			if !pr.HasMerged {
-				var err error
-				pr.MergeBase, _, err = git.NewCommand(ctx, "merge-base").AddDashesAndList(pr.BaseBranch, pr.GetGitRefName()).RunStdString(&git.RunOpts{Dir: repoPath})
-				if err != nil {
-					var err2 error
-					pr.MergeBase, _, err2 = git.NewCommand(ctx, "rev-parse").AddDynamicArguments(git.BranchPrefix + pr.BaseBranch).RunStdString(&git.RunOpts{Dir: repoPath})
-					if err2 != nil {
-						logger.Warn("Unable to get merge base for PR ID %d, #%d onto %s in %s/%s. Error: %v & %v", pr.ID, pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, err, err2)
-						return nil
-					}
-				}
-			} else {
-				parentsString, _, err := git.NewCommand(ctx, "rev-list", "--parents", "-n", "1").AddDynamicArguments(pr.MergedCommitID).RunStdString(&git.RunOpts{Dir: repoPath})
-				if err != nil {
-					logger.Warn("Unable to get parents for merged PR ID %d, #%d onto %s in %s/%s. Error: %v", pr.ID, pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, err)
-					return nil
-				}
-				parents := strings.Split(strings.TrimSpace(parentsString), " ")
-				if len(parents) < 2 {
-					return nil
-				}
-
-				refs := append([]string{}, parents[1:]...)
-				refs = append(refs, pr.GetGitRefName())
-				cmd := git.NewCommand(ctx, "merge-base").AddDashesAndList(refs...)
-				pr.MergeBase, _, err = cmd.RunStdString(&git.RunOpts{Dir: repoPath})
-				if err != nil {
-					logger.Warn("Unable to get merge base for merged PR ID %d, #%d onto %s in %s/%s. Error: %v", pr.ID, pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, err)
-					return nil
-				}
-			}
-			pr.MergeBase = strings.TrimSpace(pr.MergeBase)
-			if pr.MergeBase != oldMergeBase {
-				if autofix {
-					if err := pr.UpdateCols(ctx, "merge_base"); err != nil {
-						logger.Critical("Failed to update merge_base. ERROR: %v", err)
-						return fmt.Errorf("Failed to update merge_base. ERROR: %w", err)
-					}
-				} else {
-					logger.Info("#%d onto %s in %s/%s: MergeBase should be %s but is %s", pr.Index, pr.BaseBranch, pr.BaseRepo.OwnerName, pr.BaseRepo.Name, oldMergeBase, pr.MergeBase)
-				}
-				numPRsUpdated++
-			}
-			return nil
-		})
-	})
-
-	if autofix {
-		logger.Info("%d PR mergebases updated of %d PRs total in %d repos", numPRsUpdated, numPRs, numRepos)
-	} else {
-		if numPRsUpdated == 0 {
-			logger.Info("All %d PRs in %d repos have a correct mergebase", numPRs, numRepos)
-		} else if err == nil {
-			logger.Critical("%d PRs with incorrect mergebases of %d PRs total in %d repos", numPRsUpdated, numPRs, numRepos)
-			return fmt.Errorf("%d PRs with incorrect mergebases of %d PRs total in %d repos", numPRsUpdated, numPRs, numRepos)
-		} else {
-			logger.Warn("%d PRs with incorrect mergebases of %d PRs total in %d repos", numPRsUpdated, numPRs, numRepos)
-		}
-	}
-
-	return err
-}
-
-func init() {
-	Register(&Check{
-		Title:     "Recalculate merge bases",
-		Name:      "recalculate-merge-bases",
-		IsDefault: false,
-		Run:       checkPRMergeBase,
-		Priority:  7,
-	})
-}

From 8b7327c34498f32532bb11ddee8ae7c67297e921 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 8 Apr 2026 17:13:10 +0200
Subject: [PATCH 643/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.8.2 (forgejo) (#12011)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.8.0` → `v12.8.2` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.8.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.8.0/v12.8.2?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.8.2`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.8.2)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.8.1...v12.8.2)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1477): <!--number 1477 --><!--line 0 --><!--description Zml4OiByZXR1cm4gZXJyb3Igd2hlbiBgb25lLWpvYmAgcmVjZWl2ZXMgbm8gdGFzaw==-->fix: return error when `one-job` receives no task<!--description-->

<!--end release-notes-assistant-->

### [`v12.8.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.8.1)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.8.0...v12.8.1)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1476): <!--number 1476 --><!--line 0 --><!--description Zml4OiB1c2UgYF57Y29tbWl0fWAgdG8gYWN0dWFsbHkgbGV0IGByZXYtcGFyc2VgIHJlc29sdmUgdG8gdGhlIGNvbW1pdA==-->fix: use `^{commit}` to actually let `rev-parse` resolve to the commit<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1474): <!--number 1474 --><!--line 0 --><!--description Y2hvcmU6IHVwZ3JhZGUgTW9ja2VyeSB0byB2Mw==-->chore: upgrade Mockery to v3<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDQuNCIsInVwZGF0ZWRJblZlciI6IjQzLjEwNC40IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12011
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 290c39dcdf..f0d14e8c44 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.8.0
+	code.forgejo.org/forgejo/runner/v12 v12.8.2
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index 1f79a74863..be7eb7100c 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.8.0 h1:/MqOseYbsGaQ2qzepaZr3VyuqpESvSP/ZnC2aKfmU3g=
-code.forgejo.org/forgejo/runner/v12 v12.8.0/go.mod h1:sgDAYfO4NJI1kUzGuD7klHuoFLQzWmZPw0erg7QlbJU=
+code.forgejo.org/forgejo/runner/v12 v12.8.2 h1:jhSs/gQQAz0OiHnSxMx297jreLctfm52/rcXlCFMb58=
+code.forgejo.org/forgejo/runner/v12 v12.8.2/go.mod h1:sgDAYfO4NJI1kUzGuD7klHuoFLQzWmZPw0erg7QlbJU=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=

From 503bcf1237bbef7bcda87b974800a24aedc9c2fa Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 8 Apr 2026 18:41:12 +0200
Subject: [PATCH 644/854] Update dependency vue to v3.5.32 (forgejo) (#12010)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 108 +++++++++++++++++++++++-----------------------
 package.json      |   2 +-
 2 files changed, 55 insertions(+), 55 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 72aeb9821b..aa3ef539c2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -73,7 +73,7 @@
         "tributejs": "5.1.3",
         "uint8-to-base64": "0.2.1",
         "vanilla-colorful": "0.7.2",
-        "vue": "3.5.31",
+        "vue": "3.5.32",
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
@@ -5128,39 +5128,39 @@
       }
     },
     "node_modules/@vue/compiler-core": {
-      "version": "3.5.31",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.31.tgz",
-      "integrity": "sha512-k/ueL14aNIEy5Onf0OVzR8kiqF/WThgLdFhxwa4e/KF/0qe38IwIdofoSWBTvvxQOesaz6riAFAUaYjoF9fLLQ==",
+      "version": "3.5.32",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.32.tgz",
+      "integrity": "sha512-4x74Tbtqnda8s/NSD6e1Dr5p1c8HdMU5RWSjMSUzb8RTcUQqevDCxVAitcLBKT+ie3o0Dl9crc/S/opJM7qBGQ==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.29.2",
-        "@vue/shared": "3.5.31",
+        "@vue/shared": "3.5.32",
         "entities": "^7.0.1",
         "estree-walker": "^2.0.2",
         "source-map-js": "^1.2.1"
       }
     },
     "node_modules/@vue/compiler-dom": {
-      "version": "3.5.31",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.31.tgz",
-      "integrity": "sha512-BMY/ozS/xxjYqRFL+tKdRpATJYDTTgWSo0+AJvJNg4ig+Hgb0dOsHPXvloHQ5hmlivUqw1Yt2pPIqp4e0v1GUw==",
+      "version": "3.5.32",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.32.tgz",
+      "integrity": "sha512-ybHAu70NtiEI1fvAUz3oXZqkUYEe5J98GjMDpTGl5iHb0T15wQYLR4wE3h9xfuTNA+Cm2f4czfe8B4s+CCH57Q==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-core": "3.5.31",
-        "@vue/shared": "3.5.31"
+        "@vue/compiler-core": "3.5.32",
+        "@vue/shared": "3.5.32"
       }
     },
     "node_modules/@vue/compiler-sfc": {
-      "version": "3.5.31",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.31.tgz",
-      "integrity": "sha512-M8wpPgR9UJ8MiRGjppvx9uWJfLV7A/T+/rL8s/y3QG3u0c2/YZgff3d6SuimKRIhcYnWg5fTfDMlz2E6seUW8Q==",
+      "version": "3.5.32",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.32.tgz",
+      "integrity": "sha512-8UYUYo71cP/0YHMO814TRZlPuUUw3oifHuMR7Wp9SNoRSrxRQnhMLNlCeaODNn6kNTJsjFoQ/kqIj4qGvya4Xg==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.29.2",
-        "@vue/compiler-core": "3.5.31",
-        "@vue/compiler-dom": "3.5.31",
-        "@vue/compiler-ssr": "3.5.31",
-        "@vue/shared": "3.5.31",
+        "@vue/compiler-core": "3.5.32",
+        "@vue/compiler-dom": "3.5.32",
+        "@vue/compiler-ssr": "3.5.32",
+        "@vue/shared": "3.5.32",
         "estree-walker": "^2.0.2",
         "magic-string": "^0.30.21",
         "postcss": "^8.5.8",
@@ -5205,63 +5205,63 @@
       }
     },
     "node_modules/@vue/compiler-ssr": {
-      "version": "3.5.31",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.31.tgz",
-      "integrity": "sha512-h0xIMxrt/LHOvJKMri+vdYT92BrK3HFLtDqq9Pr/lVVfE4IyKZKvWf0vJFW10Yr6nX02OR4MkJwI0c1HDa1hog==",
+      "version": "3.5.32",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.32.tgz",
+      "integrity": "sha512-Gp4gTs22T3DgRotZ8aA/6m2jMR+GMztvBXUBEUOYOcST+giyGWJ4WvFd7QLHBkzTxkfOt8IELKNdpzITLbA2rw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.31",
-        "@vue/shared": "3.5.31"
+        "@vue/compiler-dom": "3.5.32",
+        "@vue/shared": "3.5.32"
       }
     },
     "node_modules/@vue/reactivity": {
-      "version": "3.5.31",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.31.tgz",
-      "integrity": "sha512-DtKXxk9E/KuVvt8VxWu+6Luc9I9ETNcqR1T1oW1gf02nXaZ1kuAx58oVu7uX9XxJR0iJCro6fqBLw9oSBELo5g==",
+      "version": "3.5.32",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.32.tgz",
+      "integrity": "sha512-/ORasxSGvZ6MN5gc+uE364SxFdJ0+WqVG0CENXaGW58TOCdrAW76WWaplDtECeS1qphvtBZtR+3/o1g1zL4xPQ==",
       "license": "MIT",
       "dependencies": {
-        "@vue/shared": "3.5.31"
+        "@vue/shared": "3.5.32"
       }
     },
     "node_modules/@vue/runtime-core": {
-      "version": "3.5.31",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.31.tgz",
-      "integrity": "sha512-AZPmIHXEAyhpkmN7aWlqjSfYynmkWlluDNPHMCZKFHH+lLtxP/30UJmoVhXmbDoP1Ng0jG0fyY2zCj1PnSSA6Q==",
+      "version": "3.5.32",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.32.tgz",
+      "integrity": "sha512-pDrXCejn4UpFDFmMd27AcJEbHaLemaE5o4pbb7sLk79SRIhc6/t34BQA7SGNgYtbMnvbF/HHOftYBgFJtUoJUQ==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.31",
-        "@vue/shared": "3.5.31"
+        "@vue/reactivity": "3.5.32",
+        "@vue/shared": "3.5.32"
       }
     },
     "node_modules/@vue/runtime-dom": {
-      "version": "3.5.31",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.31.tgz",
-      "integrity": "sha512-xQJsNRmGPeDCJq/u813tyonNgWBFjzfVkBwDREdEWndBnGdHLHgkwNBQxLtg4zDrzKTEcnikUy1UUNecb3lJ6g==",
+      "version": "3.5.32",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.32.tgz",
+      "integrity": "sha512-1CDVv7tv/IV13V8Nip1k/aaObVbWqRlVCVezTwx3K07p7Vxossp5JU1dcPNhJk3w347gonIUT9jQOGutyJrSVQ==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.31",
-        "@vue/runtime-core": "3.5.31",
-        "@vue/shared": "3.5.31",
+        "@vue/reactivity": "3.5.32",
+        "@vue/runtime-core": "3.5.32",
+        "@vue/shared": "3.5.32",
         "csstype": "^3.2.3"
       }
     },
     "node_modules/@vue/server-renderer": {
-      "version": "3.5.31",
-      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.31.tgz",
-      "integrity": "sha512-GJuwRvMcdZX/CriUnyIIOGkx3rMV3H6sOu0JhdKbduaeCji6zb60iOGMY7tFoN24NfsUYoFBhshZtGxGpxO4iA==",
+      "version": "3.5.32",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.32.tgz",
+      "integrity": "sha512-IOjm2+JQwRFS7W28HNuJeXQle9KdZbODFY7hFGVtnnghF51ta20EWAZJHX+zLGtsHhaU6uC9BGPV52KVpYryMQ==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-ssr": "3.5.31",
-        "@vue/shared": "3.5.31"
+        "@vue/compiler-ssr": "3.5.32",
+        "@vue/shared": "3.5.32"
       },
       "peerDependencies": {
-        "vue": "3.5.31"
+        "vue": "3.5.32"
       }
     },
     "node_modules/@vue/shared": {
-      "version": "3.5.31",
-      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.31.tgz",
-      "integrity": "sha512-nBxuiuS9Lj5bPkPbWogPUnjxxWpkRniX7e5UBQDWl6Fsf4roq9wwV+cR7ezQ4zXswNvPIlsdj1slcLB7XCsRAw==",
+      "version": "3.5.32",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.32.tgz",
+      "integrity": "sha512-ksNyrmRQzWJJ8n3cRDuSF7zNNontuJg1YHnmWRJd2AMu8Ij2bqwiiri2lH5rHtYPZjj4STkNcgcmiQqlOjiYGg==",
       "license": "MIT"
     },
     "node_modules/@vue/test-utils": {
@@ -16076,16 +16076,16 @@
       "license": "MIT"
     },
     "node_modules/vue": {
-      "version": "3.5.31",
-      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.31.tgz",
-      "integrity": "sha512-iV/sU9SzOlmA/0tygSmjkEN6Jbs3nPoIPFhCMLD2STrjgOU8DX7ZtzMhg4ahVwf5Rp9KoFzcXeB1ZrVbLBp5/Q==",
+      "version": "3.5.32",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.32.tgz",
+      "integrity": "sha512-vM4z4Q9tTafVfMAK7IVzmxg34rSzTFMyIe0UUEijUCkn9+23lj0WRfA83dg7eQZIUlgOSGrkViIaCfqSAUXsMw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.31",
-        "@vue/compiler-sfc": "3.5.31",
-        "@vue/runtime-dom": "3.5.31",
-        "@vue/server-renderer": "3.5.31",
-        "@vue/shared": "3.5.31"
+        "@vue/compiler-dom": "3.5.32",
+        "@vue/compiler-sfc": "3.5.32",
+        "@vue/runtime-dom": "3.5.32",
+        "@vue/server-renderer": "3.5.32",
+        "@vue/shared": "3.5.32"
       },
       "peerDependencies": {
         "typescript": "*"
diff --git a/package.json b/package.json
index 3c368c5b1a..684bee7999 100644
--- a/package.json
+++ b/package.json
@@ -72,7 +72,7 @@
     "tributejs": "5.1.3",
     "uint8-to-base64": "0.2.1",
     "vanilla-colorful": "0.7.2",
-    "vue": "3.5.31",
+    "vue": "3.5.32",
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",

From c55d7ba9d417e7a4e742dfeece0a2706b0e8125f Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 8 Apr 2026 19:49:28 +0200
Subject: [PATCH 645/854] Update dependency esbuild-loader to v4.4.3 (forgejo)
 (#12003)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12003
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 36 ++++++++++--------------------------
 package.json      |  2 +-
 2 files changed, 11 insertions(+), 27 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index aa3ef539c2..93619d5f13 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -48,7 +48,7 @@
         "dayjs": "1.11.19",
         "dropzone": "6.0.0-beta.2",
         "easymde": "2.18.0",
-        "esbuild-loader": "4.4.2",
+        "esbuild-loader": "4.4.3",
         "escape-goat": "4.0.0",
         "fast-glob": "3.3.3",
         "htmx.org": "2.0.8",
@@ -7935,15 +7935,15 @@
       }
     },
     "node_modules/esbuild-loader": {
-      "version": "4.4.2",
-      "resolved": "https://registry.npmjs.org/esbuild-loader/-/esbuild-loader-4.4.2.tgz",
-      "integrity": "sha512-8LdoT9sC7fzfvhxhsIAiWhzLJr9yT3ggmckXxsgvM07wgrRxhuT98XhLn3E7VczU5W5AFsPKv9DdWcZIubbWkQ==",
+      "version": "4.4.3",
+      "resolved": "https://registry.npmjs.org/esbuild-loader/-/esbuild-loader-4.4.3.tgz",
+      "integrity": "sha512-Wpui03EzqC151xFteKlgJQhbyZl5CgnBpUHXVuao02nItULlkaTeiLdEMPTmR2zdwpEBWkXVNoT5dDOYJluUzg==",
       "license": "MIT",
       "dependencies": {
         "esbuild": "^0.27.1",
         "get-tsconfig": "^4.10.1",
         "loader-utils": "^2.0.4",
-        "webpack-sources": "^1.4.3"
+        "webpack-sources": "^3.3.4"
       },
       "funding": {
         "url": "https://github.com/privatenumber/esbuild-loader?sponsor=1"
@@ -14364,12 +14364,6 @@
       "integrity": "sha512-Kk8wLQPlS+yi1ZEf48a4+fzHa4yxjC30M/Sr2AnQu+f/MPwvvX9XjZ6OWejiz8crBsLwSq8GHqaxaET7u6ux0A==",
       "license": "MIT"
     },
-    "node_modules/source-list-map": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/source-list-map/-/source-list-map-2.0.1.tgz",
-      "integrity": "sha512-qnQ7gVMxGNxsiL4lEuJwe/To8UnK7fAnmbGEEH8RpLouuKbeEm0lhbQVFIrNSuB+G7tVrAlVsZgETT5nljf+Iw==",
-      "license": "MIT"
-    },
     "node_modules/source-map": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
@@ -16310,13 +16304,12 @@
       }
     },
     "node_modules/webpack-sources": {
-      "version": "1.4.3",
-      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-1.4.3.tgz",
-      "integrity": "sha512-lgTS3Xhv1lCOKo7SA5TjKXMjpSM4sBjNV5+q2bqesbSPs5FjGmU6jjtBSkX9b4qW87vDIsCIlUPOEhbZrMdjeQ==",
+      "version": "3.3.4",
+      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.3.4.tgz",
+      "integrity": "sha512-7tP1PdV4vF+lYPnkMR0jMY5/la2ub5Fc/8VQrrU+lXkiM6C4TjVfGw7iKfyhnTQOsD+6Q/iKw0eFciziRgD58Q==",
       "license": "MIT",
-      "dependencies": {
-        "source-list-map": "^2.0.0",
-        "source-map": "~0.6.1"
+      "engines": {
+        "node": ">=10.13.0"
       }
     },
     "node_modules/webpack/node_modules/@types/estree": {
@@ -16347,15 +16340,6 @@
         "node": ">=4.0"
       }
     },
-    "node_modules/webpack/node_modules/webpack-sources": {
-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.3.4.tgz",
-      "integrity": "sha512-7tP1PdV4vF+lYPnkMR0jMY5/la2ub5Fc/8VQrrU+lXkiM6C4TjVfGw7iKfyhnTQOsD+6Q/iKw0eFciziRgD58Q==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=10.13.0"
-      }
-    },
     "node_modules/whatwg-mimetype": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-3.0.0.tgz",
diff --git a/package.json b/package.json
index 684bee7999..65f6ace31d 100644
--- a/package.json
+++ b/package.json
@@ -47,7 +47,7 @@
     "dayjs": "1.11.19",
     "dropzone": "6.0.0-beta.2",
     "easymde": "2.18.0",
-    "esbuild-loader": "4.4.2",
+    "esbuild-loader": "4.4.3",
     "escape-goat": "4.0.0",
     "fast-glob": "3.3.3",
     "htmx.org": "2.0.8",

From 24af9cf8ee9c4cb3cd8c923c472bf4668c1145bb Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 8 Apr 2026 19:59:58 +0200
Subject: [PATCH 646/854] Update module github.com/go-enry/go-enry/v2 to v2.9.6
 (forgejo) (#11989)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11989
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f0d14e8c44..554e03e181 100644
--- a/go.mod
+++ b/go.mod
@@ -48,7 +48,7 @@ require (
 	github.com/go-chi/chi/v5 v5.2.5
 	github.com/go-chi/cors v1.2.2
 	github.com/go-co-op/gocron v1.37.0
-	github.com/go-enry/go-enry/v2 v2.9.5
+	github.com/go-enry/go-enry/v2 v2.9.6
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-openapi/spec v0.22.3
 	github.com/go-sql-driver/mysql v1.9.3
diff --git a/go.sum b/go.sum
index be7eb7100c..7398064c4d 100644
--- a/go.sum
+++ b/go.sum
@@ -268,8 +268,8 @@ github.com/go-chi/cors v1.2.2 h1:Jmey33TE+b+rB7fT8MUy1u0I4L+NARQlK6LhzKPSyQE=
 github.com/go-chi/cors v1.2.2/go.mod h1:sSbTewc+6wYHBBCW7ytsFSn836hqM7JxpglAy2Vzc58=
 github.com/go-co-op/gocron v1.37.0 h1:ZYDJGtQ4OMhTLKOKMIch+/CY70Brbb1dGdooLEhh7b0=
 github.com/go-co-op/gocron v1.37.0/go.mod h1:3L/n6BkO7ABj+TrfSVXLRzsP26zmikL4ISkLQ0O8iNY=
-github.com/go-enry/go-enry/v2 v2.9.5 h1:HPhAQQHYwJgihL2PxBZiUMFWiROsGwOBdB6/D8zCUhY=
-github.com/go-enry/go-enry/v2 v2.9.5/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
+github.com/go-enry/go-enry/v2 v2.9.6 h1:np63eOtMV56zfYDHnFVgpEVOk8fr2kmylcMnAZUDbSs=
+github.com/go-enry/go-enry/v2 v2.9.6/go.mod h1:9yrj4ES1YrbNb1Wb7/PWYr2bpaCXUGRt0uafN0ISyG8=
 github.com/go-enry/go-oniguruma v1.2.1 h1:k8aAMuJfMrqm/56SG2lV9Cfti6tC4x8673aHCcBk+eo=
 github.com/go-enry/go-oniguruma v1.2.1/go.mod h1:bWDhYP+S6xZQgiRL7wlTScFYBe023B6ilRZbCAD5Hf4=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=

From 3982685c35c27866b54671cc65de0d16412965cb Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 8 Apr 2026 20:01:56 +0200
Subject: [PATCH 647/854] Lock file maintenance (forgejo) (#12005)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12005
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json                  | 282 ++++++++++++++---------------
 web_src/fomantic/package-lock.json |  44 ++---
 2 files changed, 163 insertions(+), 163 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 93619d5f13..81bf558b03 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -944,21 +944,21 @@
       }
     },
     "node_modules/@emnapi/core": {
-      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.9.1.tgz",
-      "integrity": "sha512-mukuNALVsoix/w1BJwFzwXBN/dHeejQtuVzcDsfOEsdpCumXb/E9j8w11h5S54tT1xhifGfbbSm/ICrObRb3KA==",
+      "version": "1.9.2",
+      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.9.2.tgz",
+      "integrity": "sha512-UC+ZhH3XtczQYfOlu3lNEkdW/p4dsJ1r/bP7H8+rhao3TTTMO1ATq/4DdIi23XuGoFY+Cz0JmCbdVl0hz9jZcA==",
       "dev": true,
       "license": "MIT",
       "optional": true,
       "dependencies": {
-        "@emnapi/wasi-threads": "1.2.0",
+        "@emnapi/wasi-threads": "1.2.1",
         "tslib": "^2.4.0"
       }
     },
     "node_modules/@emnapi/runtime": {
-      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.9.1.tgz",
-      "integrity": "sha512-VYi5+ZVLhpgK4hQ0TAjiQiZ6ol0oe4mBx7mVv7IflsiEp0OWoVsp/+f9Vc1hOhE0TtkORVrI1GvzyreqpgWtkA==",
+      "version": "1.9.2",
+      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.9.2.tgz",
+      "integrity": "sha512-3U4+MIWHImeyu1wnmVygh5WlgfYDtyf0k8AbLhMFxOipihf6nrWC4syIm/SwEeec0mNSafiiNnMJwbza/Is6Lw==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -967,9 +967,9 @@
       }
     },
     "node_modules/@emnapi/wasi-threads": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.2.0.tgz",
-      "integrity": "sha512-N10dEJNSsUx41Z6pZsXU8FjPjpBEplgH24sfkmITrBED1/U2Esum9F3lfLrMjKHHjmi557zQn7kR9R+XWXu5Rg==",
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.2.1.tgz",
+      "integrity": "sha512-uTII7OYF+/Mes/MrcIOYp5yOtSMLBWSIoLPpcgwipoiKbli6k322tcoFsxoIIxPDqW01SQGAgko4EzZi2BNv2w==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -978,9 +978,9 @@
       }
     },
     "node_modules/@esbuild/aix-ppc64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.4.tgz",
-      "integrity": "sha512-cQPwL2mp2nSmHHJlCyoXgHGhbEPMrEEU5xhkcy3Hs/O7nGZqEpZ2sUtLaL9MORLtDfRvVl2/3PAuEkYZH0Ty8Q==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.27.7.tgz",
+      "integrity": "sha512-EKX3Qwmhz1eMdEJokhALr0YiD0lhQNwDqkPYyPhiSwKrh7/4KRjQc04sZ8db+5DVVnZ1LmbNDI1uAMPEUBnQPg==",
       "cpu": [
         "ppc64"
       ],
@@ -994,9 +994,9 @@
       }
     },
     "node_modules/@esbuild/android-arm": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.4.tgz",
-      "integrity": "sha512-X9bUgvxiC8CHAGKYufLIHGXPJWnr0OCdR0anD2e21vdvgCI8lIfqFbnoeOz7lBjdrAGUhqLZLcQo6MLhTO2DKQ==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.27.7.tgz",
+      "integrity": "sha512-jbPXvB4Yj2yBV7HUfE2KHe4GJX51QplCN1pGbYjvsyCZbQmies29EoJbkEc+vYuU5o45AfQn37vZlyXy4YJ8RQ==",
       "cpu": [
         "arm"
       ],
@@ -1010,9 +1010,9 @@
       }
     },
     "node_modules/@esbuild/android-arm64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.4.tgz",
-      "integrity": "sha512-gdLscB7v75wRfu7QSm/zg6Rx29VLdy9eTr2t44sfTW7CxwAtQghZ4ZnqHk3/ogz7xao0QAgrkradbBzcqFPasw==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.27.7.tgz",
+      "integrity": "sha512-62dPZHpIXzvChfvfLJow3q5dDtiNMkwiRzPylSCfriLvZeq0a1bWChrGx/BbUbPwOrsWKMn8idSllklzBy+dgQ==",
       "cpu": [
         "arm64"
       ],
@@ -1026,9 +1026,9 @@
       }
     },
     "node_modules/@esbuild/android-x64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.4.tgz",
-      "integrity": "sha512-PzPFnBNVF292sfpfhiyiXCGSn9HZg5BcAz+ivBuSsl6Rk4ga1oEXAamhOXRFyMcjwr2DVtm40G65N3GLeH1Lvw==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.27.7.tgz",
+      "integrity": "sha512-x5VpMODneVDb70PYV2VQOmIUUiBtY3D3mPBG8NxVk5CogneYhkR7MmM3yR/uMdITLrC1ml/NV1rj4bMJuy9MCg==",
       "cpu": [
         "x64"
       ],
@@ -1042,9 +1042,9 @@
       }
     },
     "node_modules/@esbuild/darwin-arm64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.4.tgz",
-      "integrity": "sha512-b7xaGIwdJlht8ZFCvMkpDN6uiSmnxxK56N2GDTMYPr2/gzvfdQN8rTfBsvVKmIVY/X7EM+/hJKEIbbHs9oA4tQ==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.27.7.tgz",
+      "integrity": "sha512-5lckdqeuBPlKUwvoCXIgI2D9/ABmPq3Rdp7IfL70393YgaASt7tbju3Ac+ePVi3KDH6N2RqePfHnXkaDtY9fkw==",
       "cpu": [
         "arm64"
       ],
@@ -1058,9 +1058,9 @@
       }
     },
     "node_modules/@esbuild/darwin-x64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.4.tgz",
-      "integrity": "sha512-sR+OiKLwd15nmCdqpXMnuJ9W2kpy0KigzqScqHI3Hqwr7IXxBp3Yva+yJwoqh7rE8V77tdoheRYataNKL4QrPw==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.27.7.tgz",
+      "integrity": "sha512-rYnXrKcXuT7Z+WL5K980jVFdvVKhCHhUwid+dDYQpH+qu+TefcomiMAJpIiC2EM3Rjtq0sO3StMV/+3w3MyyqQ==",
       "cpu": [
         "x64"
       ],
@@ -1074,9 +1074,9 @@
       }
     },
     "node_modules/@esbuild/freebsd-arm64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.4.tgz",
-      "integrity": "sha512-jnfpKe+p79tCnm4GVav68A7tUFeKQwQyLgESwEAUzyxk/TJr4QdGog9sqWNcUbr/bZt/O/HXouspuQDd9JxFSw==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-B48PqeCsEgOtzME2GbNM2roU29AMTuOIN91dsMO30t+Ydis3z/3Ngoj5hhnsOSSwNzS+6JppqWsuhTp6E82l2w==",
       "cpu": [
         "arm64"
       ],
@@ -1090,9 +1090,9 @@
       }
     },
     "node_modules/@esbuild/freebsd-x64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.4.tgz",
-      "integrity": "sha512-2kb4ceA/CpfUrIcTUl1wrP/9ad9Atrp5J94Lq69w7UwOMolPIGrfLSvAKJp0RTvkPPyn6CIWrNy13kyLikZRZQ==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.27.7.tgz",
+      "integrity": "sha512-jOBDK5XEjA4m5IJK3bpAQF9/Lelu/Z9ZcdhTRLf4cajlB+8VEhFFRjWgfy3M1O4rO2GQ/b2dLwCUGpiF/eATNQ==",
       "cpu": [
         "x64"
       ],
@@ -1106,9 +1106,9 @@
       }
     },
     "node_modules/@esbuild/linux-arm": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.4.tgz",
-      "integrity": "sha512-aBYgcIxX/wd5n2ys0yESGeYMGF+pv6g0DhZr3G1ZG4jMfruU9Tl1i2Z+Wnj9/KjGz1lTLCcorqE2viePZqj4Eg==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.27.7.tgz",
+      "integrity": "sha512-RkT/YXYBTSULo3+af8Ib0ykH8u2MBh57o7q/DAs3lTJlyVQkgQvlrPTnjIzzRPQyavxtPtfg0EopvDyIt0j1rA==",
       "cpu": [
         "arm"
       ],
@@ -1122,9 +1122,9 @@
       }
     },
     "node_modules/@esbuild/linux-arm64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.4.tgz",
-      "integrity": "sha512-7nQOttdzVGth1iz57kxg9uCz57dxQLHWxopL6mYuYthohPKEK0vU0C3O21CcBK6KDlkYVcnDXY099HcCDXd9dA==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.27.7.tgz",
+      "integrity": "sha512-RZPHBoxXuNnPQO9rvjh5jdkRmVizktkT7TCDkDmQ0W2SwHInKCAV95GRuvdSvA7w4VMwfCjUiPwDi0ZO6Nfe9A==",
       "cpu": [
         "arm64"
       ],
@@ -1138,9 +1138,9 @@
       }
     },
     "node_modules/@esbuild/linux-ia32": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.4.tgz",
-      "integrity": "sha512-oPtixtAIzgvzYcKBQM/qZ3R+9TEUd1aNJQu0HhGyqtx6oS7qTpvjheIWBbes4+qu1bNlo2V4cbkISr8q6gRBFA==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.27.7.tgz",
+      "integrity": "sha512-GA48aKNkyQDbd3KtkplYWT102C5sn/EZTY4XROkxONgruHPU72l+gW+FfF8tf2cFjeHaRbWpOYa/uRBz/Xq1Pg==",
       "cpu": [
         "ia32"
       ],
@@ -1154,9 +1154,9 @@
       }
     },
     "node_modules/@esbuild/linux-loong64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.4.tgz",
-      "integrity": "sha512-8mL/vh8qeCoRcFH2nM8wm5uJP+ZcVYGGayMavi8GmRJjuI3g1v6Z7Ni0JJKAJW+m0EtUuARb6Lmp4hMjzCBWzA==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.27.7.tgz",
+      "integrity": "sha512-a4POruNM2oWsD4WKvBSEKGIiWQF8fZOAsycHOt6JBpZ+JN2n2JH9WAv56SOyu9X5IqAjqSIPTaJkqN8F7XOQ5Q==",
       "cpu": [
         "loong64"
       ],
@@ -1170,9 +1170,9 @@
       }
     },
     "node_modules/@esbuild/linux-mips64el": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.4.tgz",
-      "integrity": "sha512-1RdrWFFiiLIW7LQq9Q2NES+HiD4NyT8Itj9AUeCl0IVCA459WnPhREKgwrpaIfTOe+/2rdntisegiPWn/r/aAw==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.27.7.tgz",
+      "integrity": "sha512-KabT5I6StirGfIz0FMgl1I+R1H73Gp0ofL9A3nG3i/cYFJzKHhouBV5VWK1CSgKvVaG4q1RNpCTR2LuTVB3fIw==",
       "cpu": [
         "mips64el"
       ],
@@ -1186,9 +1186,9 @@
       }
     },
     "node_modules/@esbuild/linux-ppc64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.4.tgz",
-      "integrity": "sha512-tLCwNG47l3sd9lpfyx9LAGEGItCUeRCWeAx6x2Jmbav65nAwoPXfewtAdtbtit/pJFLUWOhpv0FpS6GQAmPrHA==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.27.7.tgz",
+      "integrity": "sha512-gRsL4x6wsGHGRqhtI+ifpN/vpOFTQtnbsupUF5R5YTAg+y/lKelYR1hXbnBdzDjGbMYjVJLJTd2OFmMewAgwlQ==",
       "cpu": [
         "ppc64"
       ],
@@ -1202,9 +1202,9 @@
       }
     },
     "node_modules/@esbuild/linux-riscv64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.4.tgz",
-      "integrity": "sha512-BnASypppbUWyqjd1KIpU4AUBiIhVr6YlHx/cnPgqEkNoVOhHg+YiSVxM1RLfiy4t9cAulbRGTNCKOcqHrEQLIw==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.27.7.tgz",
+      "integrity": "sha512-hL25LbxO1QOngGzu2U5xeXtxXcW+/GvMN3ejANqXkxZ/opySAZMrc+9LY/WyjAan41unrR3YrmtTsUpwT66InQ==",
       "cpu": [
         "riscv64"
       ],
@@ -1218,9 +1218,9 @@
       }
     },
     "node_modules/@esbuild/linux-s390x": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.4.tgz",
-      "integrity": "sha512-+eUqgb/Z7vxVLezG8bVB9SfBie89gMueS+I0xYh2tJdw3vqA/0ImZJ2ROeWwVJN59ihBeZ7Tu92dF/5dy5FttA==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.27.7.tgz",
+      "integrity": "sha512-2k8go8Ycu1Kb46vEelhu1vqEP+UeRVj2zY1pSuPdgvbd5ykAw82Lrro28vXUrRmzEsUV0NzCf54yARIK8r0fdw==",
       "cpu": [
         "s390x"
       ],
@@ -1234,9 +1234,9 @@
       }
     },
     "node_modules/@esbuild/linux-x64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.4.tgz",
-      "integrity": "sha512-S5qOXrKV8BQEzJPVxAwnryi2+Iq5pB40gTEIT69BQONqR7JH1EPIcQ/Uiv9mCnn05jff9umq/5nqzxlqTOg9NA==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.27.7.tgz",
+      "integrity": "sha512-hzznmADPt+OmsYzw1EE33ccA+HPdIqiCRq7cQeL1Jlq2gb1+OyWBkMCrYGBJ+sxVzve2ZJEVeePbLM2iEIZSxA==",
       "cpu": [
         "x64"
       ],
@@ -1250,9 +1250,9 @@
       }
     },
     "node_modules/@esbuild/netbsd-arm64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.4.tgz",
-      "integrity": "sha512-xHT8X4sb0GS8qTqiwzHqpY00C95DPAq7nAwX35Ie/s+LO9830hrMd3oX0ZMKLvy7vsonee73x0lmcdOVXFzd6Q==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-b6pqtrQdigZBwZxAn1UpazEisvwaIDvdbMbmrly7cDTMFnw/+3lVxxCTGOrkPVnsYIosJJXAsILG9XcQS+Yu6w==",
       "cpu": [
         "arm64"
       ],
@@ -1266,9 +1266,9 @@
       }
     },
     "node_modules/@esbuild/netbsd-x64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.4.tgz",
-      "integrity": "sha512-RugOvOdXfdyi5Tyv40kgQnI0byv66BFgAqjdgtAKqHoZTbTF2QqfQrFwa7cHEORJf6X2ht+l9ABLMP0dnKYsgg==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.27.7.tgz",
+      "integrity": "sha512-OfatkLojr6U+WN5EDYuoQhtM+1xco+/6FSzJJnuWiUw5eVcicbyK3dq5EeV/QHT1uy6GoDhGbFpprUiHUYggrw==",
       "cpu": [
         "x64"
       ],
@@ -1282,9 +1282,9 @@
       }
     },
     "node_modules/@esbuild/openbsd-arm64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.4.tgz",
-      "integrity": "sha512-2MyL3IAaTX+1/qP0O1SwskwcwCoOI4kV2IBX1xYnDDqthmq5ArrW94qSIKCAuRraMgPOmG0RDTA74mzYNQA9ow==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.27.7.tgz",
+      "integrity": "sha512-AFuojMQTxAz75Fo8idVcqoQWEHIXFRbOc1TrVcFSgCZtQfSdc1RXgB3tjOn/krRHENUB4j00bfGjyl2mJrU37A==",
       "cpu": [
         "arm64"
       ],
@@ -1298,9 +1298,9 @@
       }
     },
     "node_modules/@esbuild/openbsd-x64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.4.tgz",
-      "integrity": "sha512-u8fg/jQ5aQDfsnIV6+KwLOf1CmJnfu1ShpwqdwC0uA7ZPwFws55Ngc12vBdeUdnuWoQYx/SOQLGDcdlfXhYmXQ==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.27.7.tgz",
+      "integrity": "sha512-+A1NJmfM8WNDv5CLVQYJ5PshuRm/4cI6WMZRg1by1GwPIQPCTs1GLEUHwiiQGT5zDdyLiRM/l1G0Pv54gvtKIg==",
       "cpu": [
         "x64"
       ],
@@ -1314,9 +1314,9 @@
       }
     },
     "node_modules/@esbuild/openharmony-arm64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.4.tgz",
-      "integrity": "sha512-JkTZrl6VbyO8lDQO3yv26nNr2RM2yZzNrNHEsj9bm6dOwwu9OYN28CjzZkH57bh4w0I2F7IodpQvUAEd1mbWXg==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.27.7.tgz",
+      "integrity": "sha512-+KrvYb/C8zA9CU/g0sR6w2RBw7IGc5J2BPnc3dYc5VJxHCSF1yNMxTV5LQ7GuKteQXZtspjFbiuW5/dOj7H4Yw==",
       "cpu": [
         "arm64"
       ],
@@ -1330,9 +1330,9 @@
       }
     },
     "node_modules/@esbuild/sunos-x64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.4.tgz",
-      "integrity": "sha512-/gOzgaewZJfeJTlsWhvUEmUG4tWEY2Spp5M20INYRg2ZKl9QPO3QEEgPeRtLjEWSW8FilRNacPOg8R1uaYkA6g==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.27.7.tgz",
+      "integrity": "sha512-ikktIhFBzQNt/QDyOL580ti9+5mL/YZeUPKU2ivGtGjdTYoqz6jObj6nOMfhASpS4GU4Q/Clh1QtxWAvcYKamA==",
       "cpu": [
         "x64"
       ],
@@ -1346,9 +1346,9 @@
       }
     },
     "node_modules/@esbuild/win32-arm64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.4.tgz",
-      "integrity": "sha512-Z9SExBg2y32smoDQdf1HRwHRt6vAHLXcxD2uGgO/v2jK7Y718Ix4ndsbNMU/+1Qiem9OiOdaqitioZwxivhXYg==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.27.7.tgz",
+      "integrity": "sha512-7yRhbHvPqSpRUV7Q20VuDwbjW5kIMwTHpptuUzV+AA46kiPze5Z7qgt6CLCK3pWFrHeNfDd1VKgyP4O+ng17CA==",
       "cpu": [
         "arm64"
       ],
@@ -1362,9 +1362,9 @@
       }
     },
     "node_modules/@esbuild/win32-ia32": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.4.tgz",
-      "integrity": "sha512-DAyGLS0Jz5G5iixEbMHi5KdiApqHBWMGzTtMiJ72ZOLhbu/bzxgAe8Ue8CTS3n3HbIUHQz/L51yMdGMeoxXNJw==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.27.7.tgz",
+      "integrity": "sha512-SmwKXe6VHIyZYbBLJrhOoCJRB/Z1tckzmgTLfFYOfpMAx63BJEaL9ExI8x7v0oAO3Zh6D/Oi1gVxEYr5oUCFhw==",
       "cpu": [
         "ia32"
       ],
@@ -1378,9 +1378,9 @@
       }
     },
     "node_modules/@esbuild/win32-x64": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.4.tgz",
-      "integrity": "sha512-+knoa0BDoeXgkNvvV1vvbZX4+hizelrkwmGJBdT17t8FNPwG2lKemmuMZlmaNQ3ws3DKKCxpb4zRZEIp3UxFCg==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.27.7.tgz",
+      "integrity": "sha512-56hiAJPhwQ1R4i+21FVF7V8kSD5zZTdHcVuRFMW0hn753vVfQN8xlx4uOPT4xoGH0Z/oVATuR82AiqSTDIpaHg==",
       "cpu": [
         "x64"
       ],
@@ -4301,9 +4301,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "25.5.0",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
-      "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
+      "version": "25.5.2",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.2.tgz",
+      "integrity": "sha512-tO4ZIRKNC+MDWV4qKVZe3Ql/woTnmHDr5JD8UI5hn2pwBrHEwOEMZK7WlNb5RKB6EoJ02gwmQS9OrjuFnZYdpg==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~7.18.0"
@@ -5856,9 +5856,9 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.10.13",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.13.tgz",
-      "integrity": "sha512-BL2sTuHOdy0YT1lYieUxTw/QMtPBC3pmlJC6xk8BBYVv6vcw3SGdKemQ+Xsx9ik2F/lYDO9tqsFQH1r9PFuHKw==",
+      "version": "2.10.15",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.15.tgz",
+      "integrity": "sha512-1nfKCq9wuAZFTkA2ey/3OXXx7GzFjLdkTiFVNwlJ9WqdI706CZRIhEqjuwanjMIja+84jDLa9rcyZDPDiVkASQ==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.cjs"
@@ -6105,9 +6105,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001784",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001784.tgz",
-      "integrity": "sha512-WU346nBTklUV9YfUl60fqRbU5ZqyXlqvo1SgigE1OAXK5bFL8LL9q1K7aap3N739l4BvNqnkm3YrGHiY9sfUQw==",
+      "version": "1.0.30001785",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001785.tgz",
+      "integrity": "sha512-blhOL/WNR+Km1RI/LCVAvA73xplXA7ZbjzI4YkMK9pa6T/P3F2GxjNpEkyw5repTw9IvkyrjyHpwjnhZ5FOvYQ==",
       "funding": [
         {
           "type": "opencollective",
@@ -7652,9 +7652,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.330",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.330.tgz",
-      "integrity": "sha512-jFNydB5kFtYUobh4IkWUnXeyDbjf/r9gcUEXe1xcrcUxIGfTdzPXA+ld6zBRbwvgIGVzDll/LTIiDztEtckSnA==",
+      "version": "1.5.331",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.331.tgz",
+      "integrity": "sha512-IbxXrsTlD3hRodkLnbxAPP4OuJYdWCeM3IOdT+CpcMoIwIoDfCmRpEtSPfwBXxVkg9xmBeY7Lz2Eo2TDn/HC3Q==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -7894,9 +7894,9 @@
       }
     },
     "node_modules/esbuild": {
-      "version": "0.27.4",
-      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.4.tgz",
-      "integrity": "sha512-Rq4vbHnYkK5fws5NF7MYTU68FPRE1ajX7heQ/8QXXWqNgqqJ/GkmmyxIzUnf2Sr/bakf8l54716CcMGHYhMrrQ==",
+      "version": "0.27.7",
+      "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.7.tgz",
+      "integrity": "sha512-IxpibTjyVnmrIQo5aqNpCgoACA/dTKLTlhMHihVHhdkxKyPO1uBBthumT0rdHmcsk9uMonIWS0m4FljWzILh3w==",
       "hasInstallScript": true,
       "license": "MIT",
       "bin": {
@@ -7906,32 +7906,32 @@
         "node": ">=18"
       },
       "optionalDependencies": {
-        "@esbuild/aix-ppc64": "0.27.4",
-        "@esbuild/android-arm": "0.27.4",
-        "@esbuild/android-arm64": "0.27.4",
-        "@esbuild/android-x64": "0.27.4",
-        "@esbuild/darwin-arm64": "0.27.4",
-        "@esbuild/darwin-x64": "0.27.4",
-        "@esbuild/freebsd-arm64": "0.27.4",
-        "@esbuild/freebsd-x64": "0.27.4",
-        "@esbuild/linux-arm": "0.27.4",
-        "@esbuild/linux-arm64": "0.27.4",
-        "@esbuild/linux-ia32": "0.27.4",
-        "@esbuild/linux-loong64": "0.27.4",
-        "@esbuild/linux-mips64el": "0.27.4",
-        "@esbuild/linux-ppc64": "0.27.4",
-        "@esbuild/linux-riscv64": "0.27.4",
-        "@esbuild/linux-s390x": "0.27.4",
-        "@esbuild/linux-x64": "0.27.4",
-        "@esbuild/netbsd-arm64": "0.27.4",
-        "@esbuild/netbsd-x64": "0.27.4",
-        "@esbuild/openbsd-arm64": "0.27.4",
-        "@esbuild/openbsd-x64": "0.27.4",
-        "@esbuild/openharmony-arm64": "0.27.4",
-        "@esbuild/sunos-x64": "0.27.4",
-        "@esbuild/win32-arm64": "0.27.4",
-        "@esbuild/win32-ia32": "0.27.4",
-        "@esbuild/win32-x64": "0.27.4"
+        "@esbuild/aix-ppc64": "0.27.7",
+        "@esbuild/android-arm": "0.27.7",
+        "@esbuild/android-arm64": "0.27.7",
+        "@esbuild/android-x64": "0.27.7",
+        "@esbuild/darwin-arm64": "0.27.7",
+        "@esbuild/darwin-x64": "0.27.7",
+        "@esbuild/freebsd-arm64": "0.27.7",
+        "@esbuild/freebsd-x64": "0.27.7",
+        "@esbuild/linux-arm": "0.27.7",
+        "@esbuild/linux-arm64": "0.27.7",
+        "@esbuild/linux-ia32": "0.27.7",
+        "@esbuild/linux-loong64": "0.27.7",
+        "@esbuild/linux-mips64el": "0.27.7",
+        "@esbuild/linux-ppc64": "0.27.7",
+        "@esbuild/linux-riscv64": "0.27.7",
+        "@esbuild/linux-s390x": "0.27.7",
+        "@esbuild/linux-x64": "0.27.7",
+        "@esbuild/netbsd-arm64": "0.27.7",
+        "@esbuild/netbsd-x64": "0.27.7",
+        "@esbuild/openbsd-arm64": "0.27.7",
+        "@esbuild/openbsd-x64": "0.27.7",
+        "@esbuild/openharmony-arm64": "0.27.7",
+        "@esbuild/sunos-x64": "0.27.7",
+        "@esbuild/win32-arm64": "0.27.7",
+        "@esbuild/win32-ia32": "0.27.7",
+        "@esbuild/win32-x64": "0.27.7"
       }
     },
     "node_modules/esbuild-loader": {
@@ -12340,9 +12340,9 @@
       }
     },
     "node_modules/node-releases": {
-      "version": "2.0.36",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.36.tgz",
-      "integrity": "sha512-TdC8FSgHz8Mwtw9g5L4gR/Sh9XhSP/0DEkQxfEFXOpiul5IiHgHan2VhYYb6agDSfp4KuvltmGApc8HMgUrIkA==",
+      "version": "2.0.37",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.37.tgz",
+      "integrity": "sha512-1h5gKZCF+pO/o3Iqt5Jp7wc9rH3eJJ0+nh/CIoiRwjRxde/hAHyLPXYN4V3CqKAbiZPSeJFSWHmJsbkicta0Eg==",
       "license": "MIT"
     },
     "node_modules/node-sarif-builder": {
@@ -13662,9 +13662,9 @@
       }
     },
     "node_modules/regjsparser": {
-      "version": "0.13.0",
-      "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.13.0.tgz",
-      "integrity": "sha512-NZQZdC5wOE/H3UT28fVGL+ikOZcEzfMGk/c3iN9UGxzWHMa1op7274oyiUVrAG4B2EuFhus8SvkaYnhvW92p9Q==",
+      "version": "0.13.1",
+      "resolved": "https://registry.npmjs.org/regjsparser/-/regjsparser-0.13.1.tgz",
+      "integrity": "sha512-dLsljMd9sqwRkby8zhO1gSg3PnJIBFid8f4CQj/sXx+7cKx+E7u0PKhZ+U4wmhx7EfmtvnA318oVaIkAB1lRJw==",
       "dev": true,
       "license": "BSD-2-Clause",
       "dependencies": {
@@ -14023,18 +14023,18 @@
       }
     },
     "node_modules/seroval": {
-      "version": "1.5.1",
-      "resolved": "https://registry.npmjs.org/seroval/-/seroval-1.5.1.tgz",
-      "integrity": "sha512-OwrZRZAfhHww0WEnKHDY8OM0U/Qs8OTfIDWhUD4BLpNJUfXK4cGmjiagGze086m+mhI+V2nD0gfbHEnJjb9STA==",
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/seroval/-/seroval-1.5.2.tgz",
+      "integrity": "sha512-xcRN39BdsnO9Tf+VzsE7b3JyTJASItIV1FVFewJKCFcW4s4haIKS3e6vj8PGB9qBwC7tnuOywQMdv5N4qkzi7Q==",
       "license": "MIT",
       "engines": {
         "node": ">=10"
       }
     },
     "node_modules/seroval-plugins": {
-      "version": "1.5.1",
-      "resolved": "https://registry.npmjs.org/seroval-plugins/-/seroval-plugins-1.5.1.tgz",
-      "integrity": "sha512-4FbuZ/TMl02sqv0RTFexu0SP6V+ywaIe5bAWCCEik0fk17BhALgwvUDVF7e3Uvf9pxmwCEJsRPmlkUE6HdzLAw==",
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/seroval-plugins/-/seroval-plugins-1.5.2.tgz",
+      "integrity": "sha512-qpY0Cl+fKYFn4GOf3cMiq6l72CpuVaawb6ILjubOQ+diJ54LfOWaSSPsaswN8DRPIPW4Yq+tE1k5aKd7ILyaFg==",
       "license": "MIT",
       "engines": {
         "node": ">=10"
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index d3cc9367a7..3e8b18f00e 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -496,9 +496,9 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "25.5.0",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.0.tgz",
-      "integrity": "sha512-jp2P3tQMSxWugkCUKLRPVUpGaL5MVFwF8RDuSRztfwgN1wmqJeMSbKlnEtQqU8UrhTmzEmZdu2I6v2dpp7XIxw==",
+      "version": "25.5.2",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.2.tgz",
+      "integrity": "sha512-tO4ZIRKNC+MDWV4qKVZe3Ql/woTnmHDr5JD8UI5hn2pwBrHEwOEMZK7WlNb5RKB6EoJ02gwmQS9OrjuFnZYdpg==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~7.18.0"
@@ -1032,9 +1032,9 @@
       }
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.10.13",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.13.tgz",
-      "integrity": "sha512-BL2sTuHOdy0YT1lYieUxTw/QMtPBC3pmlJC6xk8BBYVv6vcw3SGdKemQ+Xsx9ik2F/lYDO9tqsFQH1r9PFuHKw==",
+      "version": "2.10.15",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.15.tgz",
+      "integrity": "sha512-1nfKCq9wuAZFTkA2ey/3OXXx7GzFjLdkTiFVNwlJ9WqdI706CZRIhEqjuwanjMIja+84jDLa9rcyZDPDiVkASQ==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.cjs"
@@ -1264,9 +1264,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001784",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001784.tgz",
-      "integrity": "sha512-WU346nBTklUV9YfUl60fqRbU5ZqyXlqvo1SgigE1OAXK5bFL8LL9q1K7aap3N739l4BvNqnkm3YrGHiY9sfUQw==",
+      "version": "1.0.30001785",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001785.tgz",
+      "integrity": "sha512-blhOL/WNR+Km1RI/LCVAvA73xplXA7ZbjzI4YkMK9pa6T/P3F2GxjNpEkyw5repTw9IvkyrjyHpwjnhZ5FOvYQ==",
       "funding": [
         {
           "type": "opencollective",
@@ -2020,9 +2020,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.330",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.330.tgz",
-      "integrity": "sha512-jFNydB5kFtYUobh4IkWUnXeyDbjf/r9gcUEXe1xcrcUxIGfTdzPXA+ld6zBRbwvgIGVzDll/LTIiDztEtckSnA==",
+      "version": "1.5.331",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.331.tgz",
+      "integrity": "sha512-IbxXrsTlD3hRodkLnbxAPP4OuJYdWCeM3IOdT+CpcMoIwIoDfCmRpEtSPfwBXxVkg9xmBeY7Lz2Eo2TDn/HC3Q==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -5268,9 +5268,9 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.23",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
       "license": "MIT"
     },
     "node_modules/lodash._baseassign": {
@@ -5489,10 +5489,10 @@
       "license": "MIT"
     },
     "node_modules/lodash.template": {
-      "version": "4.18.0",
-      "resolved": "https://registry.npmjs.org/lodash.template/-/lodash.template-4.18.0.tgz",
-      "integrity": "sha512-VbCU2mYTHF/JUjasKG50ozrbli//eixCFmKBiAfvmz0cGt7iywc087M7zxflSoEQFS0Xtv0RqpE8ko8BXv3TOQ==",
-      "deprecated": "Bad release. Please use lodash.template@4.5.0 instead.",
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash.template/-/lodash.template-4.18.1.tgz",
+      "integrity": "sha512-5urZrLnV/VD6zHK5KsVtZgt7H19v51mIzoS0aBNH8yp3I8tbswrEjOABOPY8m8uB7NuibubLrMX+Y0PXsU9X+w==",
+      "deprecated": "This package is deprecated. Use https://socket.dev/npm/package/eta instead.",
       "license": "MIT",
       "dependencies": {
         "lodash._reinterpolate": "^3.0.0",
@@ -6013,9 +6013,9 @@
       }
     },
     "node_modules/node-releases": {
-      "version": "2.0.36",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.36.tgz",
-      "integrity": "sha512-TdC8FSgHz8Mwtw9g5L4gR/Sh9XhSP/0DEkQxfEFXOpiul5IiHgHan2VhYYb6agDSfp4KuvltmGApc8HMgUrIkA==",
+      "version": "2.0.37",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.37.tgz",
+      "integrity": "sha512-1h5gKZCF+pO/o3Iqt5Jp7wc9rH3eJJ0+nh/CIoiRwjRxde/hAHyLPXYN4V3CqKAbiZPSeJFSWHmJsbkicta0Eg==",
       "license": "MIT"
     },
     "node_modules/node.extend": {

From 64d19661cece9d428815a542b181f262d878f1bc Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 8 Apr 2026 20:02:23 +0200
Subject: [PATCH 648/854] Update dependency minimatch to v10.2.5 (forgejo)
 (#11937)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11937
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 10 +++++-----
 package.json      |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 81bf558b03..14ff10ddca 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -57,7 +57,7 @@
         "katex": "0.16.44",
         "mermaid": "11.14.0",
         "mini-css-extract-plugin": "2.10.0",
-        "minimatch": "10.2.4",
+        "minimatch": "10.2.5",
         "pdfobject": "2.3.0",
         "postcss": "8.5.6",
         "postcss-loader": "8.2.1",
@@ -12169,12 +12169,12 @@
       }
     },
     "node_modules/minimatch": {
-      "version": "10.2.4",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.4.tgz",
-      "integrity": "sha512-oRjTw/97aTBN0RHbYCdtF1MQfvusSIBQM0IZEgzl6426+8jSC0nF1a/GmnVLpfB9yyr6g6FTqWqiZVbxrtaCIg==",
+      "version": "10.2.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-10.2.5.tgz",
+      "integrity": "sha512-MULkVLfKGYDFYejP07QOurDLLQpcjk7Fw+7jXS2R2czRQzR56yHRveU5NDJEOviH+hETZKSkIk5c+T23GjFUMg==",
       "license": "BlueOak-1.0.0",
       "dependencies": {
-        "brace-expansion": "^5.0.2"
+        "brace-expansion": "^5.0.5"
       },
       "engines": {
         "node": "18 || 20 || >=22"
diff --git a/package.json b/package.json
index 65f6ace31d..b4622b469c 100644
--- a/package.json
+++ b/package.json
@@ -56,7 +56,7 @@
     "katex": "0.16.44",
     "mermaid": "11.14.0",
     "mini-css-extract-plugin": "2.10.0",
-    "minimatch": "10.2.4",
+    "minimatch": "10.2.5",
     "pdfobject": "2.3.0",
     "postcss": "8.5.6",
     "postcss-loader": "8.2.1",

From 4b2969ab848bbcd90956c5505c9a810098089cc2 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Wed, 8 Apr 2026 20:03:10 +0200
Subject: [PATCH 649/854] fix: incorrect identification of outdated run
 attempts (#12021)

Since https://codeberg.org/forgejo/forgejo/pulls/11750, the attempt number of a Forgejo Actions job is set eagerly. When an job is ultimately not run, for example, because its `needs` weren't satisfied, it leads to discontinuous attempt numbers of completed attempts that the component for viewing action logs could not handle. This has been rectified by actually determining the number of the last attempt.

Resolves https://codeberg.org/forgejo/forgejo/issues/11994.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12021
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 web_src/js/components/RepoActionView.test.js | 13 ++++++------
 web_src/js/components/RepoActionView.vue     | 22 +++++++++++---------
 2 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/web_src/js/components/RepoActionView.test.js b/web_src/js/components/RepoActionView.test.js
index 12c201916f..fb6af25dd0 100644
--- a/web_src/js/components/RepoActionView.test.js
+++ b/web_src/js/components/RepoActionView.test.js
@@ -183,7 +183,8 @@ function configureForMultipleAttemptTests({viewHistorical}) {
         },
       ],
       allAttempts: [
-        {number: 2, time_since_started_html: 'yesterday', status: 'success', status_diagnostics: ['Success']},
+        {number: 3, time_since_started_html: 'yesterday', status: 'success', status_diagnostics: ['Success']},
+        // Omit one attempt to simulate the case when a job isn't run because a `needs:` failed.
         {number: 1, time_since_started_html: 'two days ago', status: 'failure', status_diagnostics: ['Failure']},
       ],
     },
@@ -218,7 +219,7 @@ function configureForMultipleAttemptTests({viewHistorical}) {
     props: {
       ...defaultTestProps,
       runIndex: '123',
-      attemptNumber: viewHistorical ? '1' : '2',
+      attemptNumber: viewHistorical ? '1' : '3',
       actionsURL: toAbsoluteUrl('/user1/repo2/actions'),
       initialJobData: {...minimalInitialJobData, state: myJobState},
     },
@@ -243,7 +244,7 @@ test('display baseline with most-recent attempt', async () => {
   // Attempt selector dropdown...
   expect(wrapper.findAll('.job-attempt-dropdown').length).toEqual(1);
   expect(wrapper.findAll('.job-attempt-dropdown .svg.octicon-check-circle-fill.text.green').length).toEqual(1);
-  expect(wrapper.get('.job-attempt-dropdown .ui.dropdown').text()).toEqual('Run attempt 2 yesterday');
+  expect(wrapper.get('.job-attempt-dropdown .ui.dropdown').text()).toEqual('Run attempt 3 yesterday');
 
   // Attempt status
   expect(wrapper.get('.job-info-header h3').text()).toEqual('test');
@@ -302,7 +303,7 @@ test('historical attempt dropdown interactions', async () => {
   const attemptsExpanded = () => {
     expect(wrapper.findAll('.job-attempt-dropdown .action-job-menu').length).toEqual(1);
     expect(wrapper.get('.job-attempt-dropdown .action-job-menu').isVisible()).toBe(true);
-    expect(wrapper.findAll('.job-attempt-dropdown .action-job-menu a').filter((a) => a.text() === 'Run attempt 2 yesterday').length).toEqual(1);
+    expect(wrapper.findAll('.job-attempt-dropdown .action-job-menu a').filter((a) => a.text() === 'Run attempt 3 yesterday').length).toEqual(1);
     expect(wrapper.findAll('.job-attempt-dropdown .action-job-menu a').filter((a) => a.text() === 'Run attempt 1 two days ago').length).toEqual(1);
   };
   attemptsExpanded();
@@ -332,8 +333,8 @@ test('historical attempt dropdown interactions', async () => {
   attemptsExpanded();
 
   // Click on the other option in the dropdown to verify it navigates to the target attempt
-  wrapper.findAll('.job-attempt-dropdown .action-job-menu a').find((a) => a.text() === 'Run attempt 2 yesterday').trigger('click');
-  expect(window.location.href).toEqual(toAbsoluteUrl('/user1/repo2/actions/runs/123/jobs/1/attempt/2'));
+  wrapper.findAll('.job-attempt-dropdown .action-job-menu a').find((a) => a.text() === 'Run attempt 3 yesterday').trigger('click');
+  expect(window.location.href).toEqual(toAbsoluteUrl('/user1/repo2/actions/runs/123/jobs/1/attempt/3'));
 });
 
 test('run approval interaction', async () => {
diff --git a/web_src/js/components/RepoActionView.vue b/web_src/js/components/RepoActionView.vue
index e42ae52fe7..5c00eecc6b 100644
--- a/web_src/js/components/RepoActionView.vue
+++ b/web_src/js/components/RepoActionView.vue
@@ -124,10 +124,10 @@ export default {
         ],
         // All available attempts for the job we're currently viewing.
         //
-        // initial value here is configured so that currentingViewingMostRecentAttempt() -> true on the default `data()`, so that the
+        // initial value here is configured so that currentlyViewingMostRecentAttempt() -> true on the default `data()`, so that the
         // initial render (before `loadJob`'s first execution is complete) doesn't display "You are viewing an
         // out-of-date run..."
-        allAttempts: new Array(parseInt(this.attemptNumber)).fill({index: 0, time_since_started_html: '', status: 'success', status_diagnostics: []}),
+        allAttempts: [],
       },
     };
   },
@@ -138,19 +138,19 @@ export default {
     },
 
     displayOtherJobs() {
-      return this.currentingViewingMostRecentAttempt;
+      return this.currentlyViewingMostRecentAttempt;
     },
 
     canApprove() {
-      return this.currentingViewingMostRecentAttempt && this.run.canApprove;
+      return this.currentlyViewingMostRecentAttempt && this.run.canApprove;
     },
 
     canCancel() {
-      return this.currentingViewingMostRecentAttempt && this.run.canCancel;
+      return this.currentlyViewingMostRecentAttempt && this.run.canCancel;
     },
 
     canRerun() {
-      return this.currentingViewingMostRecentAttempt && this.run.canRerun;
+      return this.currentlyViewingMostRecentAttempt && this.run.canRerun;
     },
 
     viewingAttemptNumber() {
@@ -167,11 +167,13 @@ export default {
       return attempt || fallback;
     },
 
-    currentingViewingMostRecentAttempt() {
-      if (!this.currentJob.allAttempts) {
+    currentlyViewingMostRecentAttempt() {
+      if (!this.currentJob.allAttempts || this.currentJob.allAttempts.length === 0) {
         return true;
       }
-      return this.viewingAttemptNumber === this.currentJob.allAttempts.length;
+
+      const mostRecentAttemptNumber = this.currentJob.allAttempts[0].number;
+      return this.viewingAttemptNumber === mostRecentAttemptNumber;
     },
 
     displayGearDropdown() {
@@ -452,7 +454,7 @@ export default {
 </script>
 <template>
   <div class="ui container fluid padded action-view-container" :class="{ 'interval-pending': intervalID }">
-    <div class="action-view-header job-out-of-date-warning" v-if="!currentingViewingMostRecentAttempt">
+    <div class="action-view-header job-out-of-date-warning" v-if="!currentlyViewingMostRecentAttempt">
       <div class="ui warning message">
         <!-- eslint-disable-next-line vue/no-v-html -->
         <span v-html="viewingOutOfDateRunLabel"/>

From ace9bd2a685e53cf9e3274e8b644cd3071958655 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 9 Apr 2026 09:25:26 +0200
Subject: [PATCH 650/854] Update dependency katex to v0.16.45 (forgejo)
 (#12048)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12048
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 14ff10ddca..ce85a04de5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -54,7 +54,7 @@
         "htmx.org": "2.0.8",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
-        "katex": "0.16.44",
+        "katex": "0.16.45",
         "mermaid": "11.14.0",
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.5",
@@ -10688,9 +10688,9 @@
       "license": "MIT"
     },
     "node_modules/katex": {
-      "version": "0.16.44",
-      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.44.tgz",
-      "integrity": "sha512-EkxoDTk8ufHqHlf9QxGwcxeLkWRR3iOuYfRpfORgYfqc8s13bgb+YtRY59NK5ZpRaCwq1kqA6a5lpX8C/eLphQ==",
+      "version": "0.16.45",
+      "resolved": "https://registry.npmjs.org/katex/-/katex-0.16.45.tgz",
+      "integrity": "sha512-pQpZbdBu7wCTmQUh7ufPmLr0pFoObnGUoL/yhtwJDgmmQpbkg/0HSVti25Fu4rmd1oCR6NGWe9vqTWuWv3GcNA==",
       "funding": [
         "https://opencollective.com/katex",
         "https://github.com/sponsors/katex"
diff --git a/package.json b/package.json
index b4622b469c..f5d96c8372 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
     "htmx.org": "2.0.8",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
-    "katex": "0.16.44",
+    "katex": "0.16.45",
     "mermaid": "11.14.0",
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.5",

From 7069203e3ed0949ce62a9e7920cad3abda7e8f0b Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 9 Apr 2026 09:26:30 +0200
Subject: [PATCH 651/854] Update module github.com/mattn/go-isatty to v0.0.21
 (forgejo) (#12049)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12049
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 554e03e181..c32c7e3c27 100644
--- a/go.mod
+++ b/go.mod
@@ -74,7 +74,7 @@ require (
 	github.com/klauspost/compress v1.18.5
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.82.0
-	github.com/mattn/go-isatty v0.0.20
+	github.com/mattn/go-isatty v0.0.21
 	github.com/mattn/go-sqlite3 v1.14.40
 	github.com/meilisearch/meilisearch-go v0.36.0
 	github.com/mholt/archives v0.1.5
diff --git a/go.sum b/go.sum
index 7398064c4d..63c74eebf6 100644
--- a/go.sum
+++ b/go.sum
@@ -511,8 +511,8 @@ github.com/markbates/goth v1.82.0 h1:8j/c34AjBSTNzO7zTsOyP5IYCQCMBTRBHAbBt/PI0bQ
 github.com/markbates/goth v1.82.0/go.mod h1:/DRlcq0pyqkKToyZjsL2KgiA1zbF1HIjE7u2uC79rUk=
 github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE=
 github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8=
-github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
-github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.21 h1:xYae+lCNBP7QuW4PUnNG61ffM4hVIfm+zUzDuSzYLGs=
+github.com/mattn/go-isatty v0.0.21/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
 github.com/mattn/go-runewidth v0.0.17 h1:78v8ZlW0bP43XfmAfPsdXcoNCelfMHsDmd/pkENfrjQ=
 github.com/mattn/go-runewidth v0.0.17/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=

From b2617cf0bb84384aed62e12bafa365ae9e5740e1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 9 Apr 2026 09:29:43 +0200
Subject: [PATCH 652/854] Update module golang.org/x/sys to v0.43.0 (forgejo)
 (#12052)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12052
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index c32c7e3c27..9486551c71 100644
--- a/go.mod
+++ b/go.mod
@@ -107,7 +107,7 @@ require (
 	golang.org/x/net v0.52.0
 	golang.org/x/oauth2 v0.36.0
 	golang.org/x/sync v0.20.0
-	golang.org/x/sys v0.42.0
+	golang.org/x/sys v0.43.0
 	golang.org/x/text v0.35.0
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
diff --git a/go.sum b/go.sum
index 63c74eebf6..ffb418ecfd 100644
--- a/go.sum
+++ b/go.sum
@@ -847,8 +847,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
-golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
+golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=

From 703256e50eebc66701750bdca8604d9788a0549c Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Thu, 9 Apr 2026 12:21:44 +0200
Subject: [PATCH 653/854] Revert "fix: add challenge for HTTP Basic
 Authentication to container registry" (#12058)

This reverts commit 79ed45d39a05533f55a4694cd62176eaa99dae16.

Testing has shown that it breaks Docker 26 which is the version included in Debian Trixie.

It was originally introduced with https://codeberg.org/forgejo/forgejo/pulls/11678.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12058
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 routers/api/packages/container/container.go                  | 3 +--
 .../api_packages_container_cleanup_sha256_test.go            | 5 +----
 tests/integration/api_packages_container_test.go             | 5 +----
 3 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go
index f79bea2c84..6781f511c8 100644
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@@ -118,8 +118,7 @@ func apiErrorDefined(ctx *context.Context, err *container_service.NamedError) {
 func APIUnauthorizedError(ctx *context.Context) {
 	// Do not include more than one challenge in the same header field. That breaks clients even though the HTTP RFC
 	// allows it.
-	ctx.Resp.Header().Add("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)
-	ctx.Resp.Header().Add("WWW-Authenticate", `Basic realm="Forgejo Container Registry"`)
+	ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm="`+setting.AppURL+`v2/token",service="container_registry",scope="*"`)
 	apiErrorDefined(ctx, container_service.ErrUnauthorized)
 }
 
diff --git a/tests/integration/api_packages_container_cleanup_sha256_test.go b/tests/integration/api_packages_container_cleanup_sha256_test.go
index 50106e6834..19b73f7698 100644
--- a/tests/integration/api_packages_container_cleanup_sha256_test.go
+++ b/tests/integration/api_packages_container_cleanup_sha256_test.go
@@ -63,10 +63,7 @@ func TestPackageContainerCleanupSHA256(t *testing.T) {
 			Token string `json:"token"`
 		}
 
-		authenticate := []string{
-			`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
-			`Basic realm="Forgejo Container Registry"`,
-		}
+		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
 
 		t.Run("User", func(t *testing.T) {
 			req := NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL))
diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go
index 13ce7dc136..70e3f40d6c 100644
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -91,10 +91,7 @@ func TestPackageContainer(t *testing.T) {
 			Token string `json:"token"`
 		}
 
-		authenticate := []string{
-			`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`,
-			`Basic realm="Forgejo Container Registry"`,
-		}
+		authenticate := []string{`Bearer realm="` + setting.AppURL + `v2/token",service="container_registry",scope="*"`}
 
 		t.Run("Anonymous", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()

From 73ad72949a7a1c1bb108bc9b4f3769946a406a6f Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Thu, 9 Apr 2026 16:51:16 +0200
Subject: [PATCH 654/854] fix: display runner version on details page (#12059)

Display the version of Forgejo Runner on the runner's detail page. That is useful for diagnostics.

Originally, the version was displayed on the overview page, but removed in https://codeberg.org/forgejo/forgejo/pulls/11516 due to space constraints. It should have been moved to the details page, but that never happened.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12059
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 options/locale_next/locale_en-US.json        |  1 +
 templates/shared/actions/runner_details.tmpl | 10 ++++++++++
 tests/e2e/runner-management.test.e2e.ts      | 12 ++++++++++++
 3 files changed, 23 insertions(+)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 3ffcb45bce..09b5d3fd69 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -481,6 +481,7 @@
 	"actions.runners.token": "Token",
 	"actions.runners.ephemeral": "Ephemeral",
 	"actions.runners.labels": "Labels",
+	"actions.runners.version": "Version",
 	"actions.runners.last_online": "Last online time",
 	"actions.runners.list_runners.details_column": "Details",
 	"actions.runners.list_runners.edit_column": "Edit",
diff --git a/templates/shared/actions/runner_details.tmpl b/templates/shared/actions/runner_details.tmpl
index 7e4cad3b35..f50e96482a 100644
--- a/templates/shared/actions/runner_details.tmpl
+++ b/templates/shared/actions/runner_details.tmpl
@@ -78,6 +78,16 @@
 					{{end}}
 				</dd>
 			</div>
+			<div class="item">
+				<dt>{{ctx.Locale.Tr "actions.runners.version"}}</dt>
+				<dd>
+					{{if .Runner.Version}}
+						{{.Runner.Version}}
+					{{else}}
+						&mdash;
+					{{end}}
+				</dd>
+			</div>
 			<div class="item">
 				<dt>{{ctx.Locale.Tr "actions.runners.description"}}</dt>
 				<dd>
diff --git a/tests/e2e/runner-management.test.e2e.ts b/tests/e2e/runner-management.test.e2e.ts
index cecde7a850..41808f72d1 100644
--- a/tests/e2e/runner-management.test.e2e.ts
+++ b/tests/e2e/runner-management.test.e2e.ts
@@ -80,6 +80,8 @@ test.describe('Runners of user2', () => {
       - definition: Offline
       - term: Ephemeral
       - definition: "no"
+      - term: Version
+      - definition: 12.2.0
       - term: Description
       - definition: A runner for everyone
     `);
@@ -200,6 +202,8 @@ test.describe('Runners of user2', () => {
       - definition: Offline
       - term: Ephemeral
       - definition: "no"
+      - term: Version
+      - definition: —
       - term: Description
       - definition: Description of runner-46636
     `);
@@ -370,6 +374,8 @@ test.describe('Global runners', () => {
       - definition: Offline
       - term: Ephemeral
       - definition: "no"
+      - term: Version
+      - definition: 12.2.0
       - term: Description
       - definition: A runner for everyone
     `);
@@ -491,6 +497,8 @@ test.describe('Global runners', () => {
       - definition: Offline
       - term: Ephemeral
       - definition: "no"
+      - term: Version
+      - definition: —
       - term: Description
       - definition: Description of runner-956858
     `);
@@ -594,6 +602,8 @@ test.describe('Organization runners', () => {
       - definition: Offline
       - term: Ephemeral
       - definition: "no"
+      - term: Version
+      - definition: 12.2.0
       - term: Description
       - definition: A runner for everyone
     `);
@@ -722,6 +732,8 @@ test.describe('Repository runners', () => {
       - definition: Offline
       - term: Ephemeral
       - definition: "no"
+      - term: Version
+      - definition: 12.2.0
       - term: Description
       - definition: A runner for everyone
     `);

From 65044ca76526a39a83cea27f8237c92c3daa4d34 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 9 Apr 2026 18:01:45 +0200
Subject: [PATCH 655/854] Update module github.com/mattn/go-sqlite3 to v1.14.42
 (forgejo) (#12051)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `v1.14.40` → `v1.14.42` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fmattn%2fgo-sqlite3/v1.14.42?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fmattn%2fgo-sqlite3/v1.14.40/v1.14.42?slim=true) |

---

### Release Notes

<details>
<summary>mattn/go-sqlite3 (github.com/mattn/go-sqlite3)</summary>

### [`v1.14.42`](https://github.com/mattn/go-sqlite3/compare/v1.14.41...v1.14.42)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.41...v1.14.42)

### [`v1.14.41`](https://github.com/mattn/go-sqlite3/compare/v1.14.40...v1.14.41)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.40...v1.14.41)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDQuNCIsInVwZGF0ZWRJblZlciI6IjQzLjEwNC40IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12051
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 9486551c71..f931c40a5c 100644
--- a/go.mod
+++ b/go.mod
@@ -75,7 +75,7 @@ require (
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.82.0
 	github.com/mattn/go-isatty v0.0.21
-	github.com/mattn/go-sqlite3 v1.14.40
+	github.com/mattn/go-sqlite3 v1.14.42
 	github.com/meilisearch/meilisearch-go v0.36.0
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
diff --git a/go.sum b/go.sum
index ffb418ecfd..c294d1c993 100644
--- a/go.sum
+++ b/go.sum
@@ -517,8 +517,8 @@ github.com/mattn/go-runewidth v0.0.17 h1:78v8ZlW0bP43XfmAfPsdXcoNCelfMHsDmd/pkEN
 github.com/mattn/go-runewidth v0.0.17/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/mattn/go-sqlite3 v1.14.40 h1:f7+saIsbq4EF86mUqe0uiecQOJYMOdfi5uATADmUG94=
-github.com/mattn/go-sqlite3 v1.14.40/go.mod h1:pjEuOr8IwzLJP2MfGeTb0A35jauH+C2kbHKBr7yXKVQ=
+github.com/mattn/go-sqlite3 v1.14.42 h1:MigqEP4ZmHw3aIdIT7T+9TLa90Z6smwcthx+Azv4Cgo=
+github.com/mattn/go-sqlite3 v1.14.42/go.mod h1:pjEuOr8IwzLJP2MfGeTb0A35jauH+C2kbHKBr7yXKVQ=
 github.com/meilisearch/meilisearch-go v0.36.0 h1:N1etykTektXt5KPcSbhBO0d5Xx5NaKj4pJWEM7WA5dI=
 github.com/meilisearch/meilisearch-go v0.36.0/go.mod h1:HBfHzKMxcSbTOvqdfuRA/yf6Vk9IivcwKocWRuW7W78=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=

From 4e6a782a8945cf4074da57d990ff8e847d4e6482 Mon Sep 17 00:00:00 2001
From: Florian Pallas <mail@fpallas.com>
Date: Thu, 9 Apr 2026 19:38:33 +0200
Subject: [PATCH 656/854] feat: add admin views for federation configuration,
 hosts and users (#11115)

Fixes #9282

Adds a new admin panel category for federation related administration.

Includes views for:
- Instance Federation Configuration
- List of Federation Hosts
- (Per-Instance) List of Federated Users

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11115
Reviewed-by: elle <0xllx0@noreply.codeberg.org>
Reviewed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Florian Pallas <mail@fpallas.com>
Co-committed-by: Florian Pallas <mail@fpallas.com>
---
 models/forgefed/federationhost_repository.go  |  25 ++
 models/user/user_repository.go                |  51 ++++
 modules/setting/ui.go                         |  30 ++-
 options/locale_next/locale_en-US.json         |  31 +++
 routers/web/admin/config.go                   |   2 +
 routers/web/admin/federation_host.go          |  65 ++++++
 routers/web/admin/federation_hosts.go         |  58 +++++
 routers/web/admin/federation_users.go         |  56 +++++
 routers/web/web.go                            |   8 +
 services/context/context.go                   |   1 +
 templates/admin/config.tmpl                   |  27 +++
 templates/admin/federation/host.tmpl          |  39 ++++
 templates/admin/federation/hosts.tmpl         |  56 +++++
 templates/admin/federation/user_list.tmpl     |  28 +++
 templates/admin/federation/users.tmpl         |  11 +
 templates/admin/navbar.tmpl                   |  13 ++
 tests/integration/admin_federation_test.go    | 128 ++++++++++
 .../federated_user.yml                        |  17 ++
 .../federation_host.yml                       |  13 ++
 .../user.yml                                  | 107 +++++++++
 tests/integration/repo_forgefed_test.go       | 219 ++++++++++++++++++
 21 files changed, 973 insertions(+), 12 deletions(-)
 create mode 100644 routers/web/admin/federation_host.go
 create mode 100644 routers/web/admin/federation_hosts.go
 create mode 100644 routers/web/admin/federation_users.go
 create mode 100644 templates/admin/federation/host.tmpl
 create mode 100644 templates/admin/federation/hosts.tmpl
 create mode 100644 templates/admin/federation/user_list.tmpl
 create mode 100644 templates/admin/federation/users.tmpl
 create mode 100644 tests/integration/admin_federation_test.go
 create mode 100644 tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/federated_user.yml
 create mode 100644 tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/federation_host.yml
 create mode 100644 tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/user.yml
 create mode 100644 tests/integration/repo_forgefed_test.go

diff --git a/models/forgefed/federationhost_repository.go b/models/forgefed/federationhost_repository.go
index a44b502ba1..c889c1140b 100644
--- a/models/forgefed/federationhost_repository.go
+++ b/models/forgefed/federationhost_repository.go
@@ -16,6 +16,31 @@ func init() {
 	db.RegisterModel(new(FederationHost))
 }
 
+func CountFederationHosts(ctx context.Context) (int64, error) {
+	return db.GetEngine(ctx).Count(FederationHost{})
+}
+
+func FindFederationHosts(ctx context.Context, opts db.ListOptions) (hosts []*FederationHost, err error) {
+	sess := db.GetEngine(ctx)
+
+	if opts.PageSize > 0 {
+		sess = db.SetSessionPagination(sess, &opts)
+	}
+
+	err = sess.Find(&hosts)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, host := range hosts {
+		if res, err := validation.IsValid(host); !res {
+			return nil, err
+		}
+	}
+
+	return hosts, nil
+}
+
 func GetFederationHost(ctx context.Context, ID int64) (*FederationHost, error) {
 	log.Trace("GetFederationHost: %v", ID)
 	host := new(FederationHost)
diff --git a/models/user/user_repository.go b/models/user/user_repository.go
index 9692bd7304..1ec0906e4b 100644
--- a/models/user/user_repository.go
+++ b/models/user/user_repository.go
@@ -83,6 +83,57 @@ func FindFederatedUser(ctx context.Context, externalID string, federationHostID
 	return user, federatedUser, nil
 }
 
+func CountFederatedUsers(ctx context.Context) (int64, error) {
+	return db.GetEngine(ctx).Count(FederatedUser{})
+}
+
+func FindFederatedUsers(ctx context.Context, opts db.ListOptions) (users []*FederatedUser, err error) {
+	sess := db.GetEngine(ctx)
+
+	if opts.PageSize > 0 {
+		sess = db.SetSessionPagination(sess, &opts)
+	}
+
+	err = sess.Find(&users)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, user := range users {
+		if res, err := validation.IsValid(user); !res {
+			return nil, err
+		}
+	}
+
+	return users, err
+}
+
+func CountFederatedUsersByHostID(ctx context.Context, federationHostID int64) (int64, error) {
+	return db.GetEngine(ctx).Where("federation_host_id = ?", federationHostID).Count(FederatedUser{})
+}
+
+func FindFederatedUsersByHostID(ctx context.Context, federationHostID int64, opts db.ListOptions) ([]*FederatedUser, error) {
+	var users []*FederatedUser
+	sess := db.GetEngine(ctx).Where("federation_host_id = ?", federationHostID)
+
+	if opts.PageSize > 0 {
+		sess = db.SetSessionPagination(sess, &opts)
+	}
+
+	err := sess.Find(&users)
+	if err != nil {
+		return nil, err
+	}
+
+	for _, user := range users {
+		if res, err := validation.IsValid(user); !res {
+			return nil, err
+		}
+	}
+
+	return users, nil
+}
+
 func GetFederatedUser(ctx context.Context, externalID string, federationHostID int64) (*User, *FederatedUser, error) {
 	user, federatedUser, err := FindFederatedUser(ctx, externalID, federationHostID)
 	if err != nil {
diff --git a/modules/setting/ui.go b/modules/setting/ui.go
index 61378e0596..abe902dfc6 100644
--- a/modules/setting/ui.go
+++ b/modules/setting/ui.go
@@ -55,10 +55,12 @@ var UI = struct {
 	} `ini:"ui.csv"`
 
 	Admin struct {
-		UserPagingNum   int
-		RepoPagingNum   int
-		NoticePagingNum int
-		OrgPagingNum    int
+		UserPagingNum           int
+		RepoPagingNum           int
+		NoticePagingNum         int
+		OrgPagingNum            int
+		FederationHostPagingNum int
+		FederationUserPagingNum int
 	} `ini:"ui.admin"`
 	User struct {
 		RepoPagingNum int
@@ -114,15 +116,19 @@ var UI = struct {
 		MaxRows:     2500,
 	},
 	Admin: struct {
-		UserPagingNum   int
-		RepoPagingNum   int
-		NoticePagingNum int
-		OrgPagingNum    int
+		UserPagingNum           int
+		RepoPagingNum           int
+		NoticePagingNum         int
+		OrgPagingNum            int
+		FederationHostPagingNum int
+		FederationUserPagingNum int
 	}{
-		UserPagingNum:   50,
-		RepoPagingNum:   50,
-		NoticePagingNum: 25,
-		OrgPagingNum:    50,
+		UserPagingNum:           50,
+		RepoPagingNum:           50,
+		NoticePagingNum:         25,
+		OrgPagingNum:            50,
+		FederationHostPagingNum: 50,
+		FederationUserPagingNum: 50,
 	},
 	User: struct {
 		RepoPagingNum int
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 09b5d3fd69..aab1be7e1b 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -144,6 +144,37 @@
 	"keys.ssh.link": "SSH keys",
 	"keys.gpg.link": "GPG keys",
 	"keys.verify.token.hint": "The token is only valid for 1 minute. <a href=\"%[1]s\">Get a new one if it expired</a>.",
+	"admin.federation.federation": "Federation",
+	"admin.federation.hosts": "Hosts",
+	"admin.federation.hosts.title": "Federation hosts",
+	"admin.federation.hosts.manage_panel": "Manage federation hosts",
+	"admin.federation.hosts.details_panel": "Federation host details",
+	"admin.federation.hosts.show_details": "Show host details",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "Schema",
+	"admin.federation.host.port": "Port",
+	"admin.federation.host.software_name": "Software",
+	"admin.federation.host.created": "Created",
+	"admin.federation.host.updated": "Updated",
+	"admin.federation.host.latest_activity": "Latest activity",
+	"admin.federation.users": "Users",
+	"admin.federation.users.title": "Federated users",
+	"admin.federation.users.manage_panel": "Manage federated users",
+	"admin.federation.users.show_local_user": "Show local user details",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "Local user ID",
+	"admin.federation.user.external_id": "External user ID",
+	"admin.federation.user.inbox_path": "Inbox path",
+	"admin.config.federation": "Federation configuration",
+	"admin.config.federation.enabled": "Enabled",
+	"admin.config.federation.share_user_statistics": "Share user statistics with other hosts",
+	"admin.config.federation.max_size": "Max allowed response size",
+	"admin.config.federation.signature_enforced": "Require HTTP signatures",
+	"admin.config.federation.signature_algorithms": "Signature algorithms",
+	"admin.config.federation.digest_algorithm": "Signature digest algorithm",
+	"admin.config.federation.get_headers": "Signed GET headers",
+	"admin.config.federation.post_headers": "Signed POST headers",
 	"admin.config.moderation_config": "Moderation configuration",
 	"admin.moderation.moderation_reports": "Moderation reports",
 	"admin.moderation.reports": "Reports",
diff --git a/routers/web/admin/config.go b/routers/web/admin/config.go
index 2d3ea78052..c0eae0846b 100644
--- a/routers/web/admin/config.go
+++ b/routers/web/admin/config.go
@@ -148,6 +148,8 @@ func Config(ctx *context.Context) {
 	ctx.Data["DbCfg"] = setting.Database
 	ctx.Data["Webhook"] = setting.Webhook
 	ctx.Data["Moderation"] = setting.Moderation
+	ctx.Data["Federation"] = setting.Federation
+	ctx.Data["FederationMaxSize"] = setting.Federation.MaxSize / 1024 / 1024 // in MiB
 
 	ctx.Data["MailerEnabled"] = false
 	if setting.MailService != nil {
diff --git a/routers/web/admin/federation_host.go b/routers/web/admin/federation_host.go
new file mode 100644
index 0000000000..278509f217
--- /dev/null
+++ b/routers/web/admin/federation_host.go
@@ -0,0 +1,65 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package admin
+
+import (
+	"net/http"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/forgefed"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/base"
+	"forgejo.org/modules/setting"
+	"forgejo.org/services/context"
+)
+
+const (
+	tplFederationHost base.TplName = "admin/federation/host"
+)
+
+func FederationHost(ctx *context.Context) {
+	federationHostID := ctx.ParamsInt64("id")
+	page := ctx.FormInt("page")
+	if page < 1 {
+		page = 1
+	}
+
+	host, err := forgefed.GetFederationHost(ctx, federationHostID)
+	if err != nil {
+		ctx.ServerError("GetFederationHost", err)
+		return
+	}
+
+	users, err := user_model.FindFederatedUsersByHostID(ctx, federationHostID, db.ListOptions{
+		PageSize: setting.UI.Admin.FederationUserPagingNum,
+		Page:     int(page),
+	})
+	if err != nil {
+		ctx.ServerError("FindFederatedUsersByHostID", err)
+		return
+	}
+
+	total, err := user_model.CountFederatedUsersByHostID(ctx, federationHostID)
+	if err != nil {
+		ctx.ServerError("CountFederatedUsersByHostID", err)
+		return
+	}
+
+	ctx.Data["Host"] = host
+	ctx.Data["Users"] = users
+	ctx.Data["UsersTotal"] = int(total)
+	ctx.Data["Title"] = ctx.Tr("admin.federation.hosts.details_panel")
+	ctx.Data["PageIsAdminFederationHosts"] = true
+
+	numPages := 0
+	if total > 0 {
+		numPages = (int(total) - 1/setting.UI.Admin.FederationUserPagingNum)
+	}
+
+	pager := context.NewPagination(int(total), setting.UI.Admin.FederationUserPagingNum, page, numPages)
+	pager.SetDefaultParams(ctx)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplFederationHost)
+}
diff --git a/routers/web/admin/federation_hosts.go b/routers/web/admin/federation_hosts.go
new file mode 100644
index 0000000000..e710f0aba5
--- /dev/null
+++ b/routers/web/admin/federation_hosts.go
@@ -0,0 +1,58 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package admin
+
+import (
+	"net/http"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/forgefed"
+	"forgejo.org/modules/base"
+	"forgejo.org/modules/setting"
+	"forgejo.org/services/context"
+)
+
+const (
+	tplFederationHosts base.TplName = "admin/federation/hosts"
+)
+
+func FederationHosts(ctx *context.Context) {
+	sort := ctx.FormTrim("sort")
+	page := ctx.FormInt("page")
+	if page < 1 {
+		page = 1
+	}
+
+	hosts, err := forgefed.FindFederationHosts(ctx, db.ListOptions{
+		Page:     page,
+		PageSize: setting.UI.Admin.FederationHostPagingNum,
+	})
+	if err != nil {
+		ctx.ServerError("GetFederationHosts", err)
+		return
+	}
+
+	total, err := forgefed.CountFederationHosts(ctx)
+	if err != nil {
+		ctx.ServerError("CountFederationHosts", err)
+		return
+	}
+
+	ctx.Data["Title"] = ctx.Tr("admin.federation.hosts.title")
+	ctx.Data["PageIsAdminFederationHosts"] = true
+	ctx.Data["SortType"] = sort
+	ctx.Data["TotalCount"] = int(total)
+	ctx.Data["Hosts"] = hosts
+
+	numPages := 0
+	if total > 0 {
+		numPages = (int(total) - 1/setting.UI.Admin.FederationHostPagingNum)
+	}
+
+	pager := context.NewPagination(int(total), setting.UI.Admin.FederationHostPagingNum, page, numPages)
+	pager.SetDefaultParams(ctx)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplFederationHosts)
+}
diff --git a/routers/web/admin/federation_users.go b/routers/web/admin/federation_users.go
new file mode 100644
index 0000000000..098479dcc1
--- /dev/null
+++ b/routers/web/admin/federation_users.go
@@ -0,0 +1,56 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package admin
+
+import (
+	"net/http"
+
+	"forgejo.org/models/db"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/base"
+	"forgejo.org/modules/setting"
+	"forgejo.org/services/context"
+)
+
+const (
+	tplFederationUsers base.TplName = "admin/federation/users"
+)
+
+func FederationUsers(ctx *context.Context) {
+	page := ctx.FormInt("page")
+	if page < 1 {
+		page = 1
+	}
+
+	users, err := user_model.FindFederatedUsers(ctx, db.ListOptions{
+		Page:     page,
+		PageSize: setting.UI.Admin.FederationUserPagingNum,
+	})
+	if err != nil {
+		ctx.ServerError("FindFederatedUsers", err)
+		return
+	}
+
+	total, err := user_model.CountFederatedUsers(ctx)
+	if err != nil {
+		ctx.ServerError("CountFederatedUsers", err)
+		return
+	}
+
+	ctx.Data["Users"] = users
+	ctx.Data["TotalCount"] = int(total)
+	ctx.Data["Title"] = ctx.Tr("admin.federation.users.title")
+	ctx.Data["PageIsAdminFederationUsers"] = true
+
+	numPages := 0
+	if total > 0 {
+		numPages = (int(total) - 1/setting.UI.Admin.FederationUserPagingNum)
+	}
+
+	pager := context.NewPagination(int(total), setting.UI.Admin.FederationUserPagingNum, page, numPages)
+	pager.SetDefaultParams(ctx)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplFederationUsers)
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index 7463bf3ea2..766c39fa57 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -837,6 +837,14 @@ func registerRoutes(m *web.Route) {
 			})
 			m.Post("/abuse_reports/act", admin.PerformAction)
 		}
+
+		if setting.Federation.Enabled {
+			m.Group("/federation", func() {
+				m.Get("/hosts", admin.FederationHosts)
+				m.Get("/users", admin.FederationUsers)
+				m.Get("/hosts/{id}", admin.FederationHost)
+			})
+		}
 	}, adminReq, ctxDataSet("EnableOAuth2", setting.OAuth2.Enabled, "EnablePackages", setting.Packages.Enabled, "EnableModeration", setting.Moderation.Enabled))
 	// ***** END: Admin *****
 
diff --git a/services/context/context.go b/services/context/context.go
index f0502b32fe..8ced686aac 100644
--- a/services/context/context.go
+++ b/services/context/context.go
@@ -184,6 +184,7 @@ func Contexter() func(next http.Handler) http.Handler {
 			ctx.Data["DisableStars"] = setting.Repository.DisableStars
 			ctx.Data["DisableForks"] = setting.Repository.DisableForks
 			ctx.Data["EnableActions"] = setting.Actions.Enabled
+			ctx.Data["EnableFederation"] = setting.Federation.Enabled
 
 			ctx.Data["UnitWikiGlobalDisabled"] = unit.TypeWiki.UnitGlobalDisabled()
 			ctx.Data["UnitIssuesGlobalDisabled"] = unit.TypeIssues.UnitGlobalDisabled()
diff --git a/templates/admin/config.tmpl b/templates/admin/config.tmpl
index 0962c6bfc7..c4688922dd 100644
--- a/templates/admin/config.tmpl
+++ b/templates/admin/config.tmpl
@@ -344,6 +344,33 @@
 			</dl>
 		</div>
 
+		<h4 class="ui top attached header">
+			{{ctx.Locale.Tr "admin.config.federation"}}
+		</h4>
+		<div class="ui attached table segment">
+			<dl class="admin-dl-horizontal">
+				<dt>{{ctx.Locale.Tr "admin.config.federation.enabled"}}</dt>
+				<dd>{{if .Federation.Enabled}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.config.federation.share_user_statistics"}}</dt>
+				<dd>{{if .Federation.ShareUserStatistics}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.config.federation.max_size"}}</dt>
+				<dd>{{.FederationMaxSize}} MiB</dd>
+
+				<div class="divider"></div>
+
+				<dt>{{ctx.Locale.Tr "admin.config.federation.signature_enforced"}}</dt>
+				<dd>{{if .Federation.SignatureEnforced}}{{svg "octicon-check"}}{{else}}{{svg "octicon-x"}}{{end}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.config.federation.signature_algorithms"}}</dt>
+				<dd>{{.Federation.SignatureAlgorithms}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.config.federation.digest_algorithm"}}</dt>
+				<dd>{{.Federation.DigestAlgorithm}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.config.federation.get_headers"}}</dt>
+				<dd>{{.Federation.GetHeaders}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.config.federation.post_headers"}}</dt>
+				<dd>{{.Federation.PostHeaders}}</dd>
+			</dl>
+		</div>
+
 		<h4 class="ui top attached header">
 			{{ctx.Locale.Tr "admin.config.log_config"}}
 		</h4>
diff --git a/templates/admin/federation/host.tmpl b/templates/admin/federation/host.tmpl
new file mode 100644
index 0000000000..92fbd1ee2a
--- /dev/null
+++ b/templates/admin/federation/host.tmpl
@@ -0,0 +1,39 @@
+{{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin config")}}
+	<div class="admin-setting-content">
+		{{if .Host}}
+		<h4 class="ui top attached header">
+			{{ctx.Locale.Tr "admin.federation.hosts.details_panel"}}
+		</h4>
+		<div class="ui attached table segment">
+			<dl class="admin-dl-horizontal">
+				<dt>{{ctx.Locale.Tr "admin.federation.host.id"}}</dt>
+				<dd>{{.Host.ID}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.federation.host.fqdn"}}</dt>
+				<dd>{{.Host.HostFqdn}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.federation.host.port"}}</dt>
+				<dd>{{.Host.HostPort}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.federation.host.schema"}}</dt>
+				<dd>{{.Host.HostSchema}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.federation.host.software_name"}}</dt>
+				<dd>{{.Host.NodeInfo.SoftwareName}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.federation.host.created"}}</dt>
+				<dd>{{DateUtils.AbsoluteShort .Host.Created}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.federation.host.updated"}}</dt>
+				<dd>{{DateUtils.AbsoluteShort .Host.Updated}}</dd>
+				<dt>{{ctx.Locale.Tr "admin.federation.host.latest_activity"}}</dt>
+				<dd>{{DateUtils.FullTime .Host.LatestActivity}}</dd>
+			</dl>
+		</div>
+		{{end}}
+		<h4 class="ui top attached header">
+			{{ctx.Locale.Tr "admin.federation.users.manage_panel"}}
+			<div class="ui right">
+				{{.UsersTotal}}
+			</div>
+		</h4>
+		<div class="ui attached table segment">
+			{{template "admin/federation/user_list" .}}
+		</div>
+		{{template "base/paginate" .}}
+	</div>
+{{template "admin/layout_footer" .}}
diff --git a/templates/admin/federation/hosts.tmpl b/templates/admin/federation/hosts.tmpl
new file mode 100644
index 0000000000..2222873805
--- /dev/null
+++ b/templates/admin/federation/hosts.tmpl
@@ -0,0 +1,56 @@
+{{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin user")}}
+	<div class="admin-setting-content">
+		<h4 class="ui top attached header">
+			{{ctx.Locale.Tr "admin.federation.hosts.manage_panel"}} ({{ctx.Locale.Tr "admin.total" .TotalCount}})
+		</h4>
+		<div class="ui attached table segment">
+			<table class="ui very basic striped table unstackable">
+				<thead>
+					<tr>
+						<th data-sortt-asc="id_asc" data-sortt-desc="id_desc">
+							{{ctx.Locale.Tr "admin.federation.host.id"}}
+							{{SortArrow "id_asc" "id_desc" .SortType true}}
+						</th>
+						<th data-sortt-asc="fqdn_asc" data-sortt-desc="fqdn_desc">
+							{{ctx.Locale.Tr "admin.federation.host.fqdn"}}
+							{{SortArrow "fqdn_asc" "fqdn_desc" .SortType false}}
+						</th>
+						<th>{{ctx.Locale.Tr "admin.federation.host.schema"}}</th>
+						<th>{{ctx.Locale.Tr "admin.federation.host.port"}}</th>
+						<th>{{ctx.Locale.Tr "admin.federation.host.software_name"}}</th>
+						<th data-sortt-asc="created_asc" data-sortt-desc="created_desc">
+							{{ctx.Locale.Tr "admin.federation.host.created"}}
+							{{SortArrow "created_asc" "created_desc" .SortType true}}
+						</th>
+						<th data-sortt-asc="activity_asc" data-sortt-desc="activity_desc">
+							{{ctx.Locale.Tr "admin.federation.host.latest_activity"}}
+							{{SortArrow "activity_asc" "activity_desc" .SortType true}}
+						</th>
+						<th></th>
+					</tr>
+				</thead>
+				<tbody>
+					{{range .Hosts}}
+						<tr>
+							<td>{{.ID}}</td>
+							<td>{{.HostFqdn}}</td>
+							<td>{{.HostSchema}}</td>
+							<td>{{.HostPort}}</td>
+							<td>{{.NodeInfo.SoftwareName}}</td>
+							<td>{{DateUtils.AbsoluteShort .Created}}</td>
+							<td>{{DateUtils.FullTime .LatestActivity}}</td>
+							<td>
+								<div class="tw-flex tw-gap-2">
+									<a href="{{$.Link}}/{{.ID}}" data-tooltip-content="{{ctx.Locale.Tr "admin.federation.hosts.show_details"}}">{{svg "octicon-server"}}</a>
+								</div>
+							</td>
+						</tr>
+					{{else}}
+						<tr><td class="tw-text-center" colspan="10">{{ctx.Locale.Tr "repo.pulls.no_results"}}</td></tr>
+					{{end}}
+				</tbody>
+			</table>
+		</div>
+		{{template "base/paginate" .}}
+	</div>
+{{template "admin/layout_footer" .}}
diff --git a/templates/admin/federation/user_list.tmpl b/templates/admin/federation/user_list.tmpl
new file mode 100644
index 0000000000..18ff34b848
--- /dev/null
+++ b/templates/admin/federation/user_list.tmpl
@@ -0,0 +1,28 @@
+<table class="ui very basic striped table unstackable">
+	<thead>
+		<tr>
+			<th>{{ctx.Locale.Tr "admin.federation.user.id"}}</th>
+			<th>{{ctx.Locale.Tr "admin.federation.user.user_id"}}</th>
+			<th>{{ctx.Locale.Tr "admin.federation.user.external_id"}}</th>
+			<th>{{ctx.Locale.Tr "admin.federation.user.inbox_path"}}</th>
+			<th></th>
+		</tr>
+	</thead>
+	<tbody>
+		{{range .Users}}
+			<tr>
+				<td>{{.ID}}</td>
+				<td>{{.UserID}}</td>
+				<td>{{.ExternalID}}</td>
+				<td>{{.InboxPath}}</td>
+				<td>
+					<div class="tw-flex tw-gap-2">
+						<a href="{{AppUrl}}admin/users/{{.UserID}}" data-tooltip-content="{{ctx.Locale.Tr "admin.federation.users.show_local_user"}}">{{svg "octicon-person"}}</a>
+					</div>
+				</td>
+			</tr>
+		{{else}}
+			<tr><td class="tw-text-center" colspan="10">{{ctx.Locale.Tr "repo.pulls.no_results"}}</td></tr>
+		{{end}}
+	</tbody>
+</table>
diff --git a/templates/admin/federation/users.tmpl b/templates/admin/federation/users.tmpl
new file mode 100644
index 0000000000..8ddcff3dad
--- /dev/null
+++ b/templates/admin/federation/users.tmpl
@@ -0,0 +1,11 @@
+{{template "admin/layout_head" (dict "ctxData" . "pageClass" "admin user")}}
+	<div class="admin-setting-content">
+		<h4 class="ui top attached header">
+			{{ctx.Locale.Tr "admin.federation.users.manage_panel"}} ({{ctx.Locale.Tr "admin.total" .TotalCount}})
+		</h4>
+		<div class="ui attached table segment">
+			{{template "admin/federation/user_list" .}}
+		</div>
+		{{template "base/paginate" .}}
+	</div>
+{{template "admin/layout_footer" .}}
diff --git a/templates/admin/navbar.tmpl b/templates/admin/navbar.tmpl
index 7ca8538bce..fa1500341d 100644
--- a/templates/admin/navbar.tmpl
+++ b/templates/admin/navbar.tmpl
@@ -77,6 +77,19 @@
 			</div>
 		</details>
 		{{end}}
+		{{if .EnableFederation}}
+		<details class="item toggleable-item" {{if or .PageIsAdminFederationHosts .PageIsAdminFederationUsers}}open{{end}}>
+			<summary>{{ctx.Locale.Tr "admin.federation.federation"}}</summary>
+			<div class="menu">
+				<a class="{{if .PageIsAdminFederationHosts}}active {{end}}item" href="{{AppSubUrl}}/admin/federation/hosts">
+					{{ctx.Locale.Tr "admin.federation.hosts"}}
+				</a>
+				<a class="{{if .PageIsAdminFederationUsers}}active {{end}}item" href="{{AppSubUrl}}/admin/federation/users">
+					{{ctx.Locale.Tr "admin.federation.users"}}
+				</a>
+			</div>
+		</details>
+		{{end}}
 		<details class="item toggleable-item" {{if or .PageIsAdminConfig}}open{{end}}>
 			<summary>{{ctx.Locale.Tr "admin.config"}}</summary>
 			<div class="menu">
diff --git a/tests/integration/admin_federation_test.go b/tests/integration/admin_federation_test.go
new file mode 100644
index 0000000000..75b94c3167
--- /dev/null
+++ b/tests/integration/admin_federation_test.go
@@ -0,0 +1,128 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+	"forgejo.org/routers"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAdminFederationViewHostsAndUsers(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAdminFederationViewHostsAndUsers")()
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("Federation enabled", func(t *testing.T) {
+		defer test.MockVariableValue(&setting.Federation.Enabled, true)()
+		defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
+
+		t.Run("Anonymous user", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequest(t, "GET", "/admin/federation/hosts")
+			MakeRequest(t, req, http.StatusSeeOther)
+			req = NewRequest(t, "GET", "/admin/federation/hosts/1")
+			MakeRequest(t, req, http.StatusSeeOther)
+			req = NewRequest(t, "GET", "/admin/federation/users")
+			MakeRequest(t, req, http.StatusSeeOther)
+		})
+
+		t.Run("Normal user", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, "user2")
+
+			req := NewRequest(t, "GET", "/admin/federation/hosts")
+			session.MakeRequest(t, req, http.StatusForbidden)
+			req = NewRequest(t, "GET", "/admin/federation/hosts/1")
+			session.MakeRequest(t, req, http.StatusForbidden)
+			req = NewRequest(t, "GET", "/admin/federation/users")
+			session.MakeRequest(t, req, http.StatusForbidden)
+		})
+
+		t.Run("Admin user", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, "user1")
+
+			req := NewRequest(t, "GET", "/admin/federation/hosts")
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			hostRows := htmlDoc.Find(".admin-setting-content table tbody tr")
+			assert.Equal(t, 2, hostRows.Length())
+			assert.Contains(t, hostRows.Text(), "bob.example.com")
+			assert.Contains(t, hostRows.Text(), "alice.example.com")
+
+			req = NewRequest(t, "GET", "/admin/federation/users")
+			resp = session.MakeRequest(t, req, http.StatusOK)
+			htmlDoc = NewHTMLParser(t, resp.Body)
+			userRows := htmlDoc.Find(".admin-setting-content table tbody tr")
+			assert.Equal(t, 3, userRows.Length())
+			assert.Contains(t, userRows.Text(), "/api/v1/activitypub/user-id/1/inbox#bob")
+			assert.Contains(t, userRows.Text(), "/api/v1/activitypub/user-id/1/inbox#alice")
+			assert.Contains(t, userRows.Text(), "/api/v1/activitypub/user-id/2/inbox#eve")
+
+			req = NewRequest(t, "GET", "/admin/federation/hosts/1")
+			resp = session.MakeRequest(t, req, http.StatusOK)
+			htmlDoc = NewHTMLParser(t, resp.Body)
+			userRows = htmlDoc.Find(".admin-setting-content table tbody tr")
+			assert.Equal(t, 1, userRows.Length())
+			assert.Contains(t, userRows.Text(), "/api/v1/activitypub/user-id/1/inbox#bob")
+
+			req = NewRequest(t, "GET", "/admin/federation/hosts/2")
+			resp = session.MakeRequest(t, req, http.StatusOK)
+			htmlDoc = NewHTMLParser(t, resp.Body)
+			userRows = htmlDoc.Find(".admin-setting-content table tbody tr")
+			assert.Equal(t, 2, userRows.Length())
+			assert.Contains(t, userRows.Text(), "/api/v1/activitypub/user-id/1/inbox#alice")
+			assert.Contains(t, userRows.Text(), "/api/v1/activitypub/user-id/2/inbox#eve")
+		})
+	})
+
+	t.Run("Federation disabled", func(t *testing.T) {
+		t.Run("Anonymous user", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			req := NewRequest(t, "GET", "/admin/federation/hosts")
+			MakeRequest(t, req, http.StatusNotFound)
+			req = NewRequest(t, "GET", "/admin/federation/hosts/1")
+			MakeRequest(t, req, http.StatusNotFound)
+			req = NewRequest(t, "GET", "/admin/federation/users")
+			MakeRequest(t, req, http.StatusNotFound)
+		})
+
+		t.Run("Normal user", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, "user2")
+
+			req := NewRequest(t, "GET", "/admin/federation/hosts")
+			session.MakeRequest(t, req, http.StatusNotFound)
+			req = NewRequest(t, "GET", "/admin/federation/hosts/1")
+			session.MakeRequest(t, req, http.StatusNotFound)
+			req = NewRequest(t, "GET", "/admin/federation/users")
+			session.MakeRequest(t, req, http.StatusNotFound)
+		})
+
+		t.Run("Admin user", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, "user1")
+
+			req := NewRequest(t, "GET", "/admin/federation/hosts")
+			session.MakeRequest(t, req, http.StatusNotFound)
+			req = NewRequest(t, "GET", "/admin/federation/hosts/1")
+			session.MakeRequest(t, req, http.StatusNotFound)
+			req = NewRequest(t, "GET", "/admin/federation/users")
+			session.MakeRequest(t, req, http.StatusNotFound)
+		})
+	})
+}
diff --git a/tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/federated_user.yml b/tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/federated_user.yml
new file mode 100644
index 0000000000..be6299fd2c
--- /dev/null
+++ b/tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/federated_user.yml
@@ -0,0 +1,17 @@
+- id: 1
+  user_id: 1001
+  external_id: "1"
+  federation_host_id: 1
+  inbox_path: /api/v1/activitypub/user-id/1/inbox#bob
+
+- id: 2
+  user_id: 1002
+  external_id: "1"
+  federation_host_id: 2
+  inbox_path: /api/v1/activitypub/user-id/1/inbox#alice
+
+- id: 3
+  user_id: 1003
+  external_id: "2"
+  federation_host_id: 2
+  inbox_path: /api/v1/activitypub/user-id/2/inbox#eve
diff --git a/tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/federation_host.yml b/tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/federation_host.yml
new file mode 100644
index 0000000000..4fb334ee70
--- /dev/null
+++ b/tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/federation_host.yml
@@ -0,0 +1,13 @@
+- id: 1
+  host_fqdn: bob.example.com
+  host_port: 80
+  host_schema: http
+  software_name: forgejo
+  latest_activity: 2023-01-01T00:00:00Z
+
+- id: 2
+  host_fqdn: alice.example.com
+  host_port: 443
+  host_schema: https
+  software_name: gitea
+  latest_activity: 2023-01-01T00:00:00Z
diff --git a/tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/user.yml b/tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/user.yml
new file mode 100644
index 0000000000..45460029e9
--- /dev/null
+++ b/tests/integration/fixtures/TestAdminFederationViewHostsAndUsers/user.yml
@@ -0,0 +1,107 @@
+- id: 1001
+  lower_name: "@bob@bob.example.com"
+  name: "@bob@bob.example.com"
+  full_name: "@bob@bob.example.com"
+  email: bob@bob.example.com
+  keep_email_private: false
+  email_notifications_preference: enabled
+  passwd: ZogKvWdyEx:password
+  passwd_hash_algo: dummy
+  must_change_password: false
+  login_source: 0
+  login_name: bob
+  type: 0
+  salt: ZogKvWdyEx
+  max_repo_creation: -1
+  is_active: true
+  is_admin: false
+  is_restricted: false
+  allow_git_hook: false
+  allow_import_local: false
+  allow_create_organization: true
+  prohibit_login: false
+  avatar: avatar1001
+  avatar_email: bob@bob.example.com
+  use_custom_avatar: false
+  num_followers: 0
+  num_following: 0
+  num_stars: 0
+  num_repos: 0
+  num_teams: 0
+  num_members: 0
+  visibility: 0
+  repo_admin_change_team_access: false
+  theme: ""
+  keep_activity_private: false
+
+- id: 1002
+  lower_name: "@alice@alice.example.com"
+  name: "@alice@alice.example.com"
+  full_name: "@alice@alice.example.com"
+  email: alice@alice.example.com
+  keep_email_private: false
+  email_notifications_preference: enabled
+  passwd: ZogKvWdyEx:password
+  passwd_hash_algo: dummy
+  must_change_password: false
+  login_source: 0
+  login_name: alice
+  type: 0
+  salt: ZogKvWdyEx
+  max_repo_creation: -1
+  is_active: true
+  is_admin: false
+  is_restricted: false
+  allow_git_hook: false
+  allow_import_local: false
+  allow_create_organization: true
+  prohibit_login: false
+  avatar: avatar1002
+  avatar_email: alice@alice.example.com
+  use_custom_avatar: false
+  num_followers: 0
+  num_following: 0
+  num_stars: 0
+  num_repos: 0
+  num_teams: 0
+  num_members: 0
+  visibility: 0
+  repo_admin_change_team_access: false
+  theme: ""
+  keep_activity_private: false
+
+- id: 1003
+  lower_name: "@eve@alice.example.com"
+  name: "@eve@alice.example.com"
+  full_name: "@eve@alice.example.com"
+  email: eve@alice.example.com
+  keep_email_private: false
+  email_notifications_preference: enabled
+  passwd: ZogKvWdyEx:password
+  passwd_hash_algo: dummy
+  must_change_password: false
+  login_source: 0
+  login_name: eve
+  type: 0
+  salt: ZogKvWdyEx
+  max_repo_creation: -1
+  is_active: true
+  is_admin: false
+  is_restricted: false
+  allow_git_hook: false
+  allow_import_local: false
+  allow_create_organization: true
+  prohibit_login: false
+  avatar: avatar1003
+  avatar_email: eve@alice.example.com
+  use_custom_avatar: false
+  num_followers: 0
+  num_following: 0
+  num_stars: 0
+  num_repos: 0
+  num_teams: 0
+  num_members: 0
+  visibility: 0
+  repo_admin_change_team_access: false
+  theme: ""
+  keep_activity_private: false
diff --git a/tests/integration/repo_forgefed_test.go b/tests/integration/repo_forgefed_test.go
new file mode 100644
index 0000000000..dbad115082
--- /dev/null
+++ b/tests/integration/repo_forgefed_test.go
@@ -0,0 +1,219 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/url"
+	"testing"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/forgefed"
+	"forgejo.org/models/unittest"
+	"forgejo.org/models/user"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+	"forgejo.org/routers"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestForgefedRepositoryCreateHostValid(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		// Arrange
+		ctx := t.Context()
+
+		// Act
+		err := forgefed.CreateFederationHost(ctx, &forgefed.FederationHost{
+			HostFqdn:   "forgejo.example.com",
+			HostPort:   80,
+			HostSchema: "http",
+			NodeInfo: forgefed.NodeInfo{
+				SoftwareName: "forgejo",
+			},
+		})
+
+		// Assert
+		require.NoError(t, err)
+		unittest.AssertExistsAndLoadBean(t, &forgefed.FederationHost{HostFqdn: "forgejo.example.com"})
+	})
+}
+
+func TestForgefedRepositoryCreateHostInvalid(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		// Arrange
+		ctx := t.Context()
+
+		// Act
+		err := forgefed.CreateFederationHost(ctx, &forgefed.FederationHost{
+			// invalid
+		})
+
+		// Assert
+		require.Error(t, err)
+		unittest.AssertNotExistsBean(t, &forgefed.FederationHost{HostFqdn: "forgejo.example.com"})
+	})
+}
+
+func TestForgefedRepositoryCreateUserValid(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		// Arrange
+		ctx := t.Context()
+
+		err := forgefed.CreateFederationHost(ctx, &forgefed.FederationHost{
+			HostFqdn:   "forgejo.example.com",
+			HostPort:   80,
+			HostSchema: "http",
+			NodeInfo: forgefed.NodeInfo{
+				SoftwareName: "forgejo",
+			},
+		})
+		require.NoError(t, err)
+
+		// Act
+		err = user.CreateFederatedUser(ctx, &user.User{
+			Name:  "@bob@forgejo.example.com",
+			Email: "bob@forgejo.example.com",
+		}, &user.FederatedUser{
+			ExternalID:       "1",
+			FederationHostID: 1,
+			InboxPath:        "/inbox",
+		})
+
+		// Assert
+		require.NoError(t, err)
+		localUser := unittest.AssertExistsAndLoadBean(t, &user.User{Name: "@bob@forgejo.example.com", Email: "bob@forgejo.example.com"})
+		unittest.AssertExistsAndLoadBean(t, &user.FederatedUser{UserID: localUser.ID, FederationHostID: 1})
+	})
+}
+
+func TestForgefedRepositoryCreateUserInvalid(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		// Arrange
+		ctx := t.Context()
+
+		err := forgefed.CreateFederationHost(ctx, &forgefed.FederationHost{
+			HostFqdn:   "forgejo.example.com",
+			HostPort:   80,
+			HostSchema: "http",
+			NodeInfo: forgefed.NodeInfo{
+				SoftwareName: "forgejo",
+			},
+		})
+		require.NoError(t, err)
+
+		// Act
+		err = user.CreateFederatedUser(ctx, &user.User{
+			Name:  "@bob@forgejo.example.com",
+			Email: "bob@forgejo.example.com",
+		}, &user.FederatedUser{
+			// invalid
+		})
+
+		// Assert
+		require.Error(t, err)
+		unittest.AssertNotExistsBean(t, &user.User{Email: "bob@forgejo.example.com"})
+		unittest.AssertNotExistsBean(t, &user.FederatedUser{FederationHostID: 1})
+	})
+}
+
+func TestForgefedRepositoryFindHostsAndUsers(t *testing.T) {
+	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
+	defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
+	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
+
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		// Arrange
+		ctx := t.Context()
+
+		err := forgefed.CreateFederationHost(ctx, &forgefed.FederationHost{
+			HostFqdn:   "bob.example.com",
+			HostPort:   80,
+			HostSchema: "http",
+			NodeInfo: forgefed.NodeInfo{
+				SoftwareName: "forgejo",
+			},
+		})
+		require.NoError(t, err)
+
+		err = forgefed.CreateFederationHost(ctx, &forgefed.FederationHost{
+			HostFqdn:   "alice.example.com",
+			HostPort:   443,
+			HostSchema: "https",
+			NodeInfo: forgefed.NodeInfo{
+				SoftwareName: "gitea",
+			},
+		})
+		require.NoError(t, err)
+
+		err = user.CreateFederatedUser(ctx, &user.User{
+			Name:  "@bob@bob.example.com",
+			Email: "bob@bob.example.com",
+		}, &user.FederatedUser{
+			ExternalID:       "1",
+			FederationHostID: 1,
+			InboxPath:        "/inbox",
+		})
+		require.NoError(t, err)
+
+		err = user.CreateFederatedUser(ctx, &user.User{
+			Name:  "@alice@alice.example.com",
+			Email: "alice@alice.example.com",
+		}, &user.FederatedUser{
+			ExternalID:       "1",
+			FederationHostID: 2,
+			InboxPath:        "/inbox",
+		})
+		require.NoError(t, err)
+
+		err = user.CreateFederatedUser(ctx, &user.User{
+			Name:  "@eve@alice.example.com",
+			Email: "eve@alice.example.com",
+		}, &user.FederatedUser{
+			ExternalID:       "2",
+			FederationHostID: 2,
+			InboxPath:        "/inbox",
+		})
+		require.NoError(t, err)
+
+		// Act & Assert
+		hosts, err := forgefed.FindFederationHosts(ctx, db.ListOptions{PageSize: 100, Page: 1})
+		require.NoError(t, err)
+		assert.Len(t, hosts, 2)
+		hostFqdns := []string{hosts[0].HostFqdn, hosts[1].HostFqdn}
+		assert.Contains(t, hostFqdns, "bob.example.com")
+		assert.Contains(t, hostFqdns, "alice.example.com")
+
+		count, err := forgefed.CountFederationHosts(ctx)
+		require.NoError(t, err)
+		assert.Equal(t, int64(2), count)
+
+		users, err := user.FindFederatedUsers(ctx, db.ListOptions{PageSize: 100, Page: 1})
+		require.NoError(t, err)
+		assert.Len(t, users, 3) // Bob, Alice and Eve
+
+		count, err = user.CountFederatedUsers(ctx)
+		require.NoError(t, err)
+		assert.Equal(t, int64(3), count)
+
+		users, err = user.FindFederatedUsersByHostID(ctx, 1, db.ListOptions{PageSize: 100, Page: 1})
+		require.NoError(t, err)
+		assert.Len(t, users, 1) // Only Bob belongs to the host with ID 1
+		assert.Equal(t, int64(1), users[0].FederationHostID)
+
+		count, err = user.CountFederatedUsersByHostID(ctx, 1)
+		require.NoError(t, err)
+		assert.Equal(t, int64(1), count)
+
+		users, err = user.FindFederatedUsersByHostID(ctx, 2, db.ListOptions{PageSize: 100, Page: 1})
+		require.NoError(t, err)
+		assert.Len(t, users, 2) // Alice and Eve belong to the host with ID 2
+		assert.Equal(t, int64(2), users[0].FederationHostID)
+		assert.Equal(t, int64(2), users[1].FederationHostID)
+
+		count, err = user.CountFederatedUsersByHostID(ctx, 2)
+		require.NoError(t, err)
+		assert.Equal(t, int64(2), count)
+	})
+}

From e16dc2ebfdb8b6b09a60c63f651eed2a86c30afe Mon Sep 17 00:00:00 2001
From: abdo <dev@abdo.wtf>
Date: Thu, 9 Apr 2026 20:26:27 +0200
Subject: [PATCH 657/854] fix: apply signed-merge checks by merge style
 (#11403)

Fixes #6438

When a protected branch requires signed commits and no signing key is available, fast-forward-only merges should still be allowed because they do not create a new commit.

This patch applies signing checks by merge behaviour/style instead of one global gate:

- pass `mergeStyle` through `CheckPullMergeable(...)` in web/API/automerge paths
- require signing for commit-creating styles (`merge`, `rebase`, `rebase-merge`, `squash`)
- bypass signing precheck only for `fast-forward-only`
- align merge UI options with backend behaviour so signing-dependent styles are unavailable when signing cannot happen
- add Go unit tests for merge-style signing requirements
- add frontend unit coverage for the no-allowed-merge-styles guard

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11403
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: abdo <dev@abdo.wtf>
Co-committed-by: abdo <dev@abdo.wtf>
---
 routers/api/v1/repo/pull.go                   |  5 +-
 routers/web/repo/pull.go                      |  5 +-
 services/automerge/automerge.go               |  2 +-
 services/pull/check.go                        | 17 +++++--
 services/pull/check_test.go                   | 51 +++++++++++++++++++
 templates/repo/issue/view_content/pull.tmpl   | 33 +++++++-----
 .../components/PullRequestMergeForm.test.js   | 32 ++++++++++++
 .../js/components/PullRequestMergeForm.vue    |  9 ++--
 8 files changed, 129 insertions(+), 25 deletions(-)

diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 3c3eb66d5c..1f82bfce1b 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -922,7 +922,8 @@ func MergePullRequest(ctx *context.APIContext) {
 		}
 	}
 
-	manuallyMerged := repo_model.MergeStyle(form.Do) == repo_model.MergeStyleManuallyMerged
+	mergeStyle := repo_model.MergeStyle(form.Do)
+	manuallyMerged := mergeStyle == repo_model.MergeStyleManuallyMerged
 
 	mergeCheckType := pull_service.MergeCheckTypeGeneral
 	if form.MergeWhenChecksSucceed {
@@ -933,7 +934,7 @@ func MergePullRequest(ctx *context.APIContext) {
 	}
 
 	// start with merging by checking
-	if err := pull_service.CheckPullMergeable(ctx, ctx.Doer, &ctx.Repo.Permission, pr, mergeCheckType, form.ForceMerge); err != nil {
+	if err := pull_service.CheckPullMergeable(ctx, ctx.Doer, &ctx.Repo.Permission, pr, mergeCheckType, form.ForceMerge, mergeStyle); err != nil {
 		if errors.Is(err, pull_service.ErrIsClosed) {
 			ctx.NotFound()
 		} else if errors.Is(err, pull_service.ErrUserNotAllowedToMerge) {
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index e9cdfc5ac7..dc36d2de68 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -1317,7 +1317,8 @@ func MergePullRequest(ctx *context.Context) {
 	pr.Issue = issue
 	pr.Issue.Repo = ctx.Repo.Repository
 
-	manuallyMerged := repo_model.MergeStyle(form.Do) == repo_model.MergeStyleManuallyMerged
+	mergeStyle := repo_model.MergeStyle(form.Do)
+	manuallyMerged := mergeStyle == repo_model.MergeStyleManuallyMerged
 
 	mergeCheckType := pull_service.MergeCheckTypeGeneral
 	if form.MergeWhenChecksSucceed {
@@ -1328,7 +1329,7 @@ func MergePullRequest(ctx *context.Context) {
 	}
 
 	// start with merging by checking
-	if err := pull_service.CheckPullMergeable(ctx, ctx.Doer, &ctx.Repo.Permission, pr, mergeCheckType, form.ForceMerge); err != nil {
+	if err := pull_service.CheckPullMergeable(ctx, ctx.Doer, &ctx.Repo.Permission, pr, mergeCheckType, form.ForceMerge, mergeStyle); err != nil {
 		switch {
 		case errors.Is(err, pull_service.ErrIsClosed):
 			if issue.IsPull {
diff --git a/services/automerge/automerge.go b/services/automerge/automerge.go
index 099d048927..4c5459adf6 100644
--- a/services/automerge/automerge.go
+++ b/services/automerge/automerge.go
@@ -215,7 +215,7 @@ func handlePullRequestAutoMerge(pullID int64, sha string) {
 		return
 	}
 
-	if err := pull_service.CheckPullMergeable(ctx, doer, &perm, pr, pull_service.MergeCheckTypeGeneral, false); err != nil {
+	if err := pull_service.CheckPullMergeable(ctx, doer, &perm, pr, pull_service.MergeCheckTypeGeneral, false, scheduledPRM.MergeStyle); err != nil {
 		if errors.Is(err, pull_service.ErrUserNotAllowedToMerge) {
 			log.Info("%-v was scheduled to automerge by an unauthorized user", pr)
 			return
diff --git a/services/pull/check.go b/services/pull/check.go
index 64bddf497c..0e74973456 100644
--- a/services/pull/check.go
+++ b/services/pull/check.go
@@ -65,7 +65,7 @@ const (
 )
 
 // CheckPullMergeable check if the pull mergeable based on all conditions (branch protection, merge options, ...)
-func CheckPullMergeable(stdCtx context.Context, doer *user_model.User, perm *access_model.Permission, pr *issues_model.PullRequest, mergeCheckType MergeCheckType, adminSkipProtectionCheck bool) error {
+func CheckPullMergeable(stdCtx context.Context, doer *user_model.User, perm *access_model.Permission, pr *issues_model.PullRequest, mergeCheckType MergeCheckType, adminSkipProtectionCheck bool, mergeStyle repo_model.MergeStyle) error {
 	return db.WithTx(stdCtx, func(ctx context.Context) error {
 		if pr.HasMerged {
 			return ErrHasMerged
@@ -136,7 +136,7 @@ func CheckPullMergeable(stdCtx context.Context, doer *user_model.User, perm *acc
 			}
 		}
 
-		if _, err := isSignedIfRequired(ctx, pr, doer); err != nil {
+		if _, err := isSignedIfRequired(ctx, pr, doer, mergeStyle); err != nil {
 			return err
 		}
 
@@ -151,7 +151,7 @@ func CheckPullMergeable(stdCtx context.Context, doer *user_model.User, perm *acc
 }
 
 // isSignedIfRequired check if merge will be signed if required
-func isSignedIfRequired(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.User) (bool, error) {
+func isSignedIfRequired(ctx context.Context, pr *issues_model.PullRequest, doer *user_model.User, mergeStyle repo_model.MergeStyle) (bool, error) {
 	pb, err := git_model.GetFirstMatchProtectedBranchRule(ctx, pr.BaseRepoID, pr.BaseBranch)
 	if err != nil {
 		return false, err
@@ -161,11 +161,22 @@ func isSignedIfRequired(ctx context.Context, pr *issues_model.PullRequest, doer
 		return true, nil
 	}
 
+	if !isMergeSigningRequired(mergeStyle) {
+		return true, nil
+	}
+
 	sign, _, _, err := asymkey_service.SignMerge(ctx, pr, doer, pr.BaseRepo.RepoPath(), pr.BaseBranch, pr.GetGitRefName())
 
 	return sign, err
 }
 
+func isMergeSigningRequired(mergeStyle repo_model.MergeStyle) bool {
+	// Only fast-forward-only is guaranteed not to create a new commit. Rebase
+	// rewrites commits when the pull request is behind, and it can also amend
+	// the tip commit when a REBASE_TEMPLATE is configured.
+	return mergeStyle != repo_model.MergeStyleFastForwardOnly
+}
+
 // checkAndUpdateStatus checks if pull request is possible to leaving checking status,
 // and set to be either conflict or mergeable.
 func checkAndUpdateStatus(ctx context.Context, pr *issues_model.PullRequest) bool {
diff --git a/services/pull/check_test.go b/services/pull/check_test.go
index 9b7e1660bc..3115bb7a21 100644
--- a/services/pull/check_test.go
+++ b/services/pull/check_test.go
@@ -11,6 +11,7 @@ import (
 
 	"forgejo.org/models/db"
 	issues_model "forgejo.org/models/issues"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	"forgejo.org/modules/queue"
 	"forgejo.org/modules/setting"
@@ -67,3 +68,53 @@ func TestPullRequest_AddToTaskQueue(t *testing.T) {
 	prPatchCheckerQueue.ShutdownWait(5 * time.Second)
 	prPatchCheckerQueue = nil
 }
+
+func TestIsMergeSigningRequired(t *testing.T) {
+	testCases := []struct {
+		name       string
+		mergeStyle repo_model.MergeStyle
+		expected   bool
+	}{
+		{
+			name:       "fast-forward never requires signing",
+			mergeStyle: repo_model.MergeStyleFastForwardOnly,
+			expected:   false,
+		},
+		{
+			name:       "rebase requires signing even when up to date",
+			mergeStyle: repo_model.MergeStyleRebase,
+			expected:   true,
+		},
+		{
+			name:       "rebase-merge requires signing",
+			mergeStyle: repo_model.MergeStyleRebaseMerge,
+			expected:   true,
+		},
+		{
+			name:       "squash commits require signing",
+			mergeStyle: repo_model.MergeStyleSquash,
+			expected:   true,
+		},
+		{
+			name:       "merge commits require signing",
+			mergeStyle: repo_model.MergeStyleMerge,
+			expected:   true,
+		},
+		{
+			name:       "rebase-update style still requires signing",
+			mergeStyle: repo_model.MergeStyleRebaseUpdate,
+			expected:   true,
+		},
+		{
+			name:       "empty merge style requires signing",
+			mergeStyle: "",
+			expected:   true,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			assert.Equal(t, testCase.expected, isMergeSigningRequired(testCase.mergeStyle))
+		})
+	}
+}
diff --git a/templates/repo/issue/view_content/pull.tmpl b/templates/repo/issue/view_content/pull.tmpl
index b5cce664a3..ca9b943fa2 100644
--- a/templates/repo/issue/view_content/pull.tmpl
+++ b/templates/repo/issue/view_content/pull.tmpl
@@ -1,3 +1,9 @@
+{{$prUnit := .Repository.MustGetUnit $.Context $.UnitTypePullRequests}}
+{{$prConfig := $prUnit.PullRequestsConfig}}
+{{$fastForwardStyleAllowed := and $prConfig.AllowFastForwardOnly (eq .Issue.PullRequest.CommitsBehind 0)}}
+{{$manualMergeStyleAllowed := $prConfig.AllowManualMerge}}
+{{$hasUnsignedMergeStyle := or $fastForwardStyleAllowed $manualMergeStyleAllowed}}
+{{$signingBlocksAllMergeStyles := and .AllowMerge .RequireSigned (not .WillSign) (not $hasUnsignedMergeStyle)}}
 {{if and .Issue.PullRequest.HasMerged (not .IsPullBranchDeletable)}}
 {{/* Then the merge box will not be displayed because this page already contains enough information */}}
 {{else}}
@@ -14,7 +20,7 @@
 	{{- else if .IsBlockedByChangedProtectedFiles}}red
 	{{- else if and .EnableStatusCheck (or .RequiredStatusCheckState.IsFailure .RequiredStatusCheckState.IsError)}}red
 	{{- else if and .EnableStatusCheck (or (not $.LatestCommitStatus) .RequiredStatusCheckState.IsPending .RequiredStatusCheckState.IsWarning)}}yellow
-	{{- else if and .AllowMerge .RequireSigned (not .WillSign)}}red
+	{{- else if $signingBlocksAllMergeStyles}}red
 	{{- else if .Issue.PullRequest.IsChecking}}yellow
 	{{- else if .Issue.PullRequest.IsEmpty}}grey
 	{{- else if .Issue.PullRequest.CanAutoMerge}}green
@@ -148,7 +154,7 @@
 						{{svg "octicon-x"}}
 						{{ctx.Locale.Tr "repo.pulls.required_status_check_missing"}}
 					</div>
-				{{else if and .AllowMerge .RequireSigned (not .WillSign)}}
+				{{else if $signingBlocksAllMergeStyles}}
 					<div class="item">
 						{{svg "octicon-x"}}
 						{{ctx.Locale.Tr "repo.pulls.require_signed_wont_sign"}}
@@ -162,7 +168,7 @@
 				{{$notAllOverridableChecksOk := or .IsBlockedByApprovals .IsBlockedByRejection .IsBlockedByOfficialReviewRequests .IsBlockedByOutdatedBranch .IsBlockedByChangedProtectedFiles (and .EnableStatusCheck (not .RequiredStatusCheckState.IsSuccess))}}
 
 				{{/* admin can merge without checks, writer can merge when checks succeed */}}
-				{{$canMergeNow := and (or (and $.IsRepoAdmin (not .ProtectedBranch.ApplyToAdmins)) (not $notAllOverridableChecksOk)) (or (not .AllowMerge) (not .RequireSigned) .WillSign)}}
+				{{$canMergeNow := and (or (and $.IsRepoAdmin (not .ProtectedBranch.ApplyToAdmins)) (not $notAllOverridableChecksOk)) (or (not .AllowMerge) (not $signingBlocksAllMergeStyles))}}
 				{{/* admin and writer both can make an auto merge schedule */}}
 
 				{{if $canMergeNow}}
@@ -201,8 +207,7 @@
 				{{end}}
 
 				{{if .AllowMerge}} {{/* user is allowed to merge */}}
-					{{$prUnit := .Repository.MustGetUnit $.Context $.UnitTypePullRequests}}
-					{{if or $prUnit.PullRequestsConfig.AllowMerge $prUnit.PullRequestsConfig.AllowRebase $prUnit.PullRequestsConfig.AllowRebaseMerge $prUnit.PullRequestsConfig.AllowSquash $prUnit.PullRequestsConfig.AllowFastForwardOnly $prUnit.PullRequestsConfig.AllowManualMerge}}
+					{{if or $prConfig.AllowMerge $prConfig.AllowRebase $prConfig.AllowRebaseMerge $prConfig.AllowSquash $prConfig.AllowFastForwardOnly $prConfig.AllowManualMerge}}
 						{{$hasPendingPullRequestMergeTip := ""}}
 						{{if .HasPendingPullRequestMerge}}
 							{{$createdPRMergeStr := DateUtils.TimeSince .PendingPullRequestMerge.CreatedUnix}}
@@ -231,7 +236,7 @@
 								'pullHeadCommitID': {{.PullHeadCommitID}},
 								'isPullBranchDeletable': {{.IsPullBranchDeletable}},
 								'defaultMergeStyle': {{.MergeStyle}},
-								'defaultDeleteBranchAfterMerge': {{$prUnit.PullRequestsConfig.DefaultDeleteBranchAfterMerge}},
+								'defaultDeleteBranchAfterMerge': {{$prConfig.DefaultDeleteBranchAfterMerge}},
 								'mergeMessageFieldPlaceHolder': {{ctx.Locale.Tr "repo.editor.commit_message_desc"}},
 								'defaultMergeMessage': defaultMergeMessage,
 
@@ -243,7 +248,7 @@
 							mergeForm['mergeStyles'] = [
 								{
 									'name': 'merge',
-									'allowed': {{$prUnit.PullRequestsConfig.AllowMerge}},
+									'allowed': {{and $prConfig.AllowMerge (or (not .RequireSigned) .WillSign)}},
 									'textDoMerge': {{ctx.Locale.Tr "repo.pulls.merge_pull_request"}},
 									'mergeTitleFieldText': defaultMergeTitle,
 									'mergeMessageFieldText': defaultMergeMessage,
@@ -251,14 +256,14 @@
 								},
 								{
 									'name': 'rebase',
-									'allowed': {{$prUnit.PullRequestsConfig.AllowRebase}},
+									'allowed': {{and $prConfig.AllowRebase (or (not .RequireSigned) .WillSign)}},
 									'textDoMerge': {{ctx.Locale.Tr "repo.pulls.rebase_merge_pull_request"}},
 									'hideMergeMessageTexts': true,
 									'hideAutoMerge': generalHideAutoMerge,
 								},
 								{
 									'name': 'rebase-merge',
-									'allowed': {{$prUnit.PullRequestsConfig.AllowRebaseMerge}},
+									'allowed': {{and $prConfig.AllowRebaseMerge (or (not .RequireSigned) .WillSign)}},
 									'textDoMerge': {{ctx.Locale.Tr "repo.pulls.rebase_merge_commit_pull_request"}},
 									'mergeTitleFieldText': defaultMergeTitle,
 									'mergeMessageFieldText': defaultMergeMessage,
@@ -266,7 +271,7 @@
 								},
 								{
 									'name': 'squash',
-									'allowed': {{$prUnit.PullRequestsConfig.AllowSquash}},
+									'allowed': {{and $prConfig.AllowSquash (or (not .RequireSigned) .WillSign)}},
 									'textDoMerge': {{ctx.Locale.Tr "repo.pulls.squash_merge_pull_request"}},
 									'mergeTitleFieldText': defaultSquashMergeTitle,
 									'mergeMessageFieldText': {{.GetCommitMessages}} + defaultSquashMergeMessage,
@@ -274,14 +279,14 @@
 								},
 								{
 									'name': 'fast-forward-only',
-									'allowed': {{and $prUnit.PullRequestsConfig.AllowFastForwardOnly (eq .Issue.PullRequest.CommitsBehind 0)}},
+									'allowed': {{$fastForwardStyleAllowed}},
 									'textDoMerge': {{ctx.Locale.Tr "repo.pulls.fast_forward_only_merge_pull_request"}},
 									'hideMergeMessageTexts': true,
 									'hideAutoMerge': generalHideAutoMerge,
 								},
 								{
 									'name': 'manually-merged',
-									'allowed': {{$prUnit.PullRequestsConfig.AllowManualMerge}},
+									'allowed': {{$manualMergeStyleAllowed}},
 									'textDoMerge': {{ctx.Locale.Tr "repo.pulls.merge_manually"}},
 									'hideMergeMessageTexts': true,
 									'hideAutoMerge': true,
@@ -293,7 +298,7 @@
 						{{$showGeneralMergeForm = true}}
 						<div id="pull-request-merge-form"></div>
 					{{else}}
-						{{/* no merge style was set in repo setting: not or ($prUnit.PullRequestsConfig.AllowMerge ...) */}}
+						{{/* no merge style was set in repo setting: not or ($prConfig.AllowMerge ...) */}}
 						<div class="divider"></div>
 						<div class="item text red">
 							{{svg "octicon-x"}}
@@ -349,7 +354,7 @@
 						{{svg "octicon-x"}}
 						{{ctx.Locale.Tr "repo.pulls.required_status_check_failed"}}
 					</div>
-				{{else if and .RequireSigned (not .WillSign)}}
+				{{else if $signingBlocksAllMergeStyles}}
 					<div class="item text red">
 						{{svg "octicon-x"}}
 						{{ctx.Locale.Tr "repo.pulls.require_signed_wont_sign"}}
diff --git a/web_src/js/components/PullRequestMergeForm.test.js b/web_src/js/components/PullRequestMergeForm.test.js
index 7b856e0b88..86402eebc6 100644
--- a/web_src/js/components/PullRequestMergeForm.test.js
+++ b/web_src/js/components/PullRequestMergeForm.test.js
@@ -32,3 +32,35 @@ test('renders escaped branch name', async () => {
   mergeform = await renderMergeForm('<script class="evil">alert("evil message");</script>');
   expect(mergeform.get('label[for="delete-branch-after-merge"]').text()).toBe('Delete branch "<script class="evil">alert("evil message");</script>"');
 });
+
+test('hides merge controls when no merge style is allowed', () => {
+  window.config.pageData.pullRequestMergeForm = {
+    textDeleteBranch: 'Delete branch',
+    textAutoMergeButtonWhenSucceed: 'when checks succeed',
+    textAutoMergeWhenSucceed: 'Auto merge when checks succeed',
+    textAutoMergeCancelSchedule: 'Cancel schedule',
+    textCancel: 'Cancel',
+    defaultDeleteBranchAfterMerge: false,
+    defaultMergeMessage: '',
+    defaultMergeStyle: 'merge',
+    emptyCommit: false,
+    hasPendingPullRequestMerge: false,
+    hasPendingPullRequestMergeTip: '',
+    isPullBranchDeletable: false,
+    canMergeNow: true,
+    allOverridableChecksOk: true,
+    pullHeadCommitID: 'abc123',
+    mergeStyles: [{
+      name: 'merge',
+      allowed: false,
+      textDoMerge: 'Merge',
+      mergeTitleFieldText: '',
+      mergeMessageFieldText: '',
+      hideAutoMerge: false,
+    }],
+  };
+
+  const mergeform = mount(PullRequestMergeForm);
+  expect(mergeform.find('.merge-button').exists()).toBe(false);
+  expect(mergeform.find('form.form-fetch-action').exists()).toBe(false);
+});
diff --git a/web_src/js/components/PullRequestMergeForm.vue b/web_src/js/components/PullRequestMergeForm.vue
index df123f5e2f..56265b10dd 100644
--- a/web_src/js/components/PullRequestMergeForm.vue
+++ b/web_src/js/components/PullRequestMergeForm.vue
@@ -38,7 +38,8 @@ export default {
   },
   watch: {
     mergeStyle(val) {
-      this.mergeStyleDetail = this.mergeForm.mergeStyles.find((e) => e.name === val);
+      const mergeStyleDetail = this.mergeForm.mergeStyles.find((e) => e.name === val);
+      if (mergeStyleDetail) this.mergeStyleDetail = mergeStyleDetail;
       for (const elem of document.querySelectorAll('[data-pull-merge-style]')) {
         toggleElem(elem, elem.getAttribute('data-pull-merge-style') === val);
       }
@@ -49,6 +50,7 @@ export default {
 
     let mergeStyle = this.mergeForm.mergeStyles.find((e) => e.allowed && e.name === this.mergeForm.defaultMergeStyle)?.name;
     if (!mergeStyle) mergeStyle = this.mergeForm.mergeStyles.find((e) => e.allowed)?.name;
+    if (!mergeStyle) return;
     this.switchMergeStyle(mergeStyle, !this.mergeForm.canMergeNow);
   },
   mounted() {
@@ -62,6 +64,7 @@ export default {
       this.showMergeStyleMenu = false;
     },
     toggleActionForm(show) {
+      if (show && this.mergeStyleAllowedCount === 0) return;
       this.showActionForm = show;
       if (!show) return;
       this.deleteBranchAfterMerge = this.mergeForm.defaultDeleteBranchAfterMerge;
@@ -134,7 +137,7 @@ export default {
       </div>
     </form>
 
-    <div v-if="!showActionForm" class="tw-flex">
+    <div v-if="!showActionForm && mergeStyleAllowedCount > 0" class="tw-flex">
       <!-- the merge button -->
       <div class="ui buttons merge-button" :class="[mergeForm.emptyCommit ? 'grey' : mergeForm.allOverridableChecksOk ? 'primary' : 'red']" @click="toggleActionForm(true)">
         <button class="ui button">
@@ -146,7 +149,7 @@ export default {
             </template>
           </span>
         </button>
-        <div class="ui dropdown icon button" @click.stop="showMergeStyleMenu = !showMergeStyleMenu" v-if="mergeStyleAllowedCount>1">
+        <div class="ui dropdown icon button" @click.stop="showMergeStyleMenu = !showMergeStyleMenu" v-if="mergeStyleAllowedCount > 1">
           <svg-icon name="octicon-triangle-down" :size="14"/>
           <div class="menu" :class="{'show':showMergeStyleMenu}">
             <template v-for="msd in mergeForm.mergeStyles">

From 6a5dda711628a4ed826846f208839561b9a6b1c3 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Thu, 9 Apr 2026 21:34:33 +0200
Subject: [PATCH 658/854] chore: modernize code (#12065)

Followup of !11115, it was not checked against the the modernizer linter.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12065
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 routers/web/admin/federation_host.go  | 7 ++-----
 routers/web/admin/federation_hosts.go | 5 +----
 routers/web/admin/federation_users.go | 5 +----
 3 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/routers/web/admin/federation_host.go b/routers/web/admin/federation_host.go
index 278509f217..fa7ac80c30 100644
--- a/routers/web/admin/federation_host.go
+++ b/routers/web/admin/federation_host.go
@@ -20,10 +20,7 @@ const (
 
 func FederationHost(ctx *context.Context) {
 	federationHostID := ctx.ParamsInt64("id")
-	page := ctx.FormInt("page")
-	if page < 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	host, err := forgefed.GetFederationHost(ctx, federationHostID)
 	if err != nil {
@@ -33,7 +30,7 @@ func FederationHost(ctx *context.Context) {
 
 	users, err := user_model.FindFederatedUsersByHostID(ctx, federationHostID, db.ListOptions{
 		PageSize: setting.UI.Admin.FederationUserPagingNum,
-		Page:     int(page),
+		Page:     page,
 	})
 	if err != nil {
 		ctx.ServerError("FindFederatedUsersByHostID", err)
diff --git a/routers/web/admin/federation_hosts.go b/routers/web/admin/federation_hosts.go
index e710f0aba5..a371b2c064 100644
--- a/routers/web/admin/federation_hosts.go
+++ b/routers/web/admin/federation_hosts.go
@@ -19,10 +19,7 @@ const (
 
 func FederationHosts(ctx *context.Context) {
 	sort := ctx.FormTrim("sort")
-	page := ctx.FormInt("page")
-	if page < 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	hosts, err := forgefed.FindFederationHosts(ctx, db.ListOptions{
 		Page:     page,
diff --git a/routers/web/admin/federation_users.go b/routers/web/admin/federation_users.go
index 098479dcc1..f7e89e164f 100644
--- a/routers/web/admin/federation_users.go
+++ b/routers/web/admin/federation_users.go
@@ -18,10 +18,7 @@ const (
 )
 
 func FederationUsers(ctx *context.Context) {
-	page := ctx.FormInt("page")
-	if page < 1 {
-		page = 1
-	}
+	page := max(ctx.FormInt("page"), 1)
 
 	users, err := user_model.FindFederatedUsers(ctx, db.ListOptions{
 		Page:     page,

From 16fbcff8fa356a83276b4956108ae53220dbec51 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Fri, 10 Apr 2026 14:50:29 +0200
Subject: [PATCH 659/854] chore(release-notes): Forgejo v11.0.12 [skip ci]
 (#12073)

https://codeberg.org/forgejo/forgejo/milestone/67351
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12073
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/11.0.12.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 release-notes-published/11.0.12.md

diff --git a/release-notes-published/11.0.12.md b/release-notes-published/11.0.12.md
new file mode 100644
index 0000000000..34b91c3460
--- /dev/null
+++ b/release-notes-published/11.0.12.md
@@ -0,0 +1,18 @@
+
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12027): <!--number 12027 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuOSAodjExLjAvZm9yZ2Vqbyk=-->Update dependency go to v1.25.9 (v11.0/forgejo)<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11642) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11679)): <!--number 11679 --><!--line 0 --><!--description Zml4OiBkb24ndCB0cmlwIGRlbGV0aW5nIGF0dGFjaG1lbnQgd2l0aCBtaXNzaW5nIHBlcm1pc3Npb24gZXJyb3I=-->fix: don't trip deleting attachment with missing permission error<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11884): <!--number 11884 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMC44LjkgW1NFQ1VSSVRZXSAodjExLjAvZm9yZ2Vqbyk=-->Update dependency happy-dom to v20.8.9 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11898): <!--number 11898 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTcuMSBbU0VDVVJJVFldICh2MTEuMC9mb3JnZWpvKQ==-->Update module github.com/go-git/go-git/v5 to v5.17.1 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11837): <!--number 11837 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMC44LjggW1NFQ1VSSVRZXSAodjExLjAvZm9yZ2Vqbyk=-->Update dependency happy-dom to v20.8.8 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11831): <!--number 11831 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjUxLjAgW1NFQ1VSSVRZXSAodjExLjAvZm9yZ2Vqbyk=-->Update module golang.org/x/net to v0.51.0 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11819): <!--number 11819 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzguMCBbU0VDVVJJVFldICh2MTEuMC9mb3JnZWpvKQ==-->Update module golang.org/x/image to v0.38.0 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11801) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11803)): <!--number 11803 --><!--line 0 --><!--description Y2k6IHVwZGF0ZSB0ZXN0cyB0byBydW4gZGViaWFuIHRyaXhpZSwgcmVtb3ZlIG1hbnVhbCBpbnN0YWxsYXRpb24gZnJvbSBgdGVzdGluZ2A=-->ci: update tests to run debian trixie, remove manual installation from `testing`<!--description-->
+<!--end release-notes-assistant-->

From 43075c080a2c524f0676809fba7247acadc939e6 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Fri, 10 Apr 2026 14:50:59 +0200
Subject: [PATCH 660/854] chore(release-notes): Forgejo v14.0.4 [skip ci]
 (#12074)

https://codeberg.org/forgejo/forgejo/milestone/67354
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: viceice <michael.kriese@gmx.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12074
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 release-notes-published/14.0.4.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 release-notes-published/14.0.4.md

diff --git a/release-notes-published/14.0.4.md b/release-notes-published/14.0.4.md
new file mode 100644
index 0000000000..533378dc21
--- /dev/null
+++ b/release-notes-published/14.0.4.md
@@ -0,0 +1,30 @@
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12028): <!--number 12028 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuOSAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency go to v1.25.9 (v14.0/forgejo)<!--description-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11614) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11725)): <!--number 11725 --><!--line 0 --><!--description TWFrZSBvdmVyZmxvdy1tZW51IFdlYiBDb21wb25lbnQgc2Nyb2xsIC8gb3ZlcmZsb3cgd2l0aCBKUyBvZmY=-->Make overflow-menu Web Component scroll / overflow with JS off<!--description-->
+- Localization
+  - Updates from from Codeberg Translate: [#12039](https://codeberg.org/forgejo/forgejo/pulls/12039) (backport of [#11460](https://codeberg.org/forgejo/forgejo/pulls/11460), [#11810](https://codeberg.org/forgejo/forgejo/pulls/11810))
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11821) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11850)): <!--number 11850 --><!--line 0 --><!--description Zml4OiBvdXQgb2Ygc3luY2hyb25pemF0aW9uIGVycm9yIGFmdGVyIGludGVycnVwdGluZyBhIFBSIG1lcmdlIGJ5IHVzZXItYWdlbnQgZGlzY29ubmVjdA==-->fix: out of synchronization error after interrupting a PR merge by user-agent disconnect<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11623) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11742)): <!--number 11742 --><!--line 0 --><!--description Zml4OiBjb21tZW50IGF0dGFjaG1lbnQgQVBJIGlzIG1vcmUgcmVzdHJpY3RpdmUgdGhhbiB0aGUgd2ViIFVJ-->fix: comment attachment API is more restrictive than the web UI<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11642) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11658)): <!--number 11658 --><!--line 0 --><!--description Zml4OiBkb24ndCB0cmlwIGRlbGV0aW5nIGF0dGFjaG1lbnQgd2l0aCBtaXNzaW5nIHBlcm1pc3Npb24gZXJyb3I=-->fix: don't trip deleting attachment with missing permission error<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11885): <!--number 11885 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMC44LjkgW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency happy-dom to v20.8.9 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11296) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11317)): <!--number 11317 --><!--line 0 --><!--description UEFNOiBwb3J0YWJsZSBlcnJvciByZXBvcnRpbmc=-->PAM: portable error reporting<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11899): <!--number 11899 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ28tZ2l0L2dvLWdpdC92NSAoaW5kaXJlY3QpIHRvIHY1LjE3LjEgW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2Vqbyk=-->Update github.com/go-git/go-git/v5 (indirect) to v5.17.1 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11838): <!--number 11838 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMC44LjggW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2Vqbyk=-->Update dependency happy-dom to v20.8.8 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11828): <!--number 11828 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjUxLjAgW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2Vqbyk=-->Update module golang.org/x/net to v0.51.0 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11820): <!--number 11820 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzguMCBbU0VDVVJJVFldICh2MTQuMC9mb3JnZWpvKQ==-->Update module golang.org/x/image to v0.38.0 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11801) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11802)): <!--number 11802 --><!--line 0 --><!--description Y2k6IHVwZGF0ZSB0ZXN0cyB0byBydW4gZGViaWFuIHRyaXhpZSwgcmVtb3ZlIG1hbnVhbCBpbnN0YWxsYXRpb24gZnJvbSBgdGVzdGluZ2A=-->ci: update tests to run debian trixie, remove manual installation from `testing`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11733) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11737)): <!--number 11737 --><!--line 0 --><!--description Zml4OiBwcmV2ZW50IGNvbnRhaW5lciByZWdpc3RyeSBoZWFkZXJzIGZyb20gbGVha2luZyBpbnRvIG90aGVyIHJlZ2lzdHJpZXM=-->fix: prevent container registry headers from leaking into other registries<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11691) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11722)): <!--number 11722 --><!--line 0 --><!--description Zml4OiByZW1vdmUgdGVtcGxhdGUgZmlsZSBmcm9tIGdlbmVyYXRlZCByZXBv-->fix: remove template file from generated repo<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11624) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11626)): <!--number 11626 --><!--line 0 --><!--description Y2hvcmUoZGVwcyk6IGJ1bXAgeG9ybSB0byB2MS4zLjktZm9yZ2Vqby44-->chore(deps): bump xorm to v1.3.9-forgejo.8<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11616) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11625)): <!--number 11625 --><!--line 0 --><!--description OiBmaXg6IHJlbW92ZSBzZWNvbmQgY2hhbGxlbmdlIGZyb20gV1dXLUF1dGhlbnRpY2F0ZSBoZWFkZXI=-->fix: remove second challenge from WWW-Authenticate header<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11588) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11613)): <!--number 11613 --><!--line 0 --><!--description Zml4OiB3ZWJob29rL2Rpc2NvcmQ6IG9taXQgZW1wdHkgZW1iZWRzLmZvb3RlciBmcm9tIHRoZSBwYXlsb2FkIGZvciBTcGFjZWJhciBjb21wYXRpYmlsaXR5-->fix: webhook/discord: omit empty embeds.footer from the payload for Spacebar compatibility<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11585) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11596)): <!--number 11596 --><!--line 0 --><!--description Zml4KGlzc3VlLXNlYXJjaCk6IGRlbGV0ZSBpc3N1ZSBmcm9tIGluZGV4ZXIgb24gRGVsZXRlSXNzdWU=-->fix(issue-search): delete issue from indexer on DeleteIssue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11442) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11594)): <!--number 11594 --><!--line 0 --><!--description Zml4OiBlbmZvcmNlIHBhY2thZ2UgcXVvdGEgYWdhaW5zdCBwYWNrYWdlIG93bmVyLCBub3QgdXBsb2FkZXI=-->fix: enforce package quota against package owner, not uploader<!--description-->
+<!--end release-notes-assistant-->

From d1b69632aa7a40a249b667b8d6a759214e4ddd9b Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Fri, 10 Apr 2026 15:40:08 +0200
Subject: [PATCH 661/854] fix: prevent jobs with unknown needs from running
 (#12046)

If Forgejo encounters an Actions workflow with unknown jobs in a needs definition, Forgejo will ignore those and run the job anyway. That is bad. For example, releases could be published without any testing because the name of the testing job was misspelt.

Workflow that demonstrates the problem:

```yaml
on:
  push:
  workflow_dispatch:
jobs:
  build:
    runs-on: debian
    steps:
      - run: |
          echo "OK"
  test:
    runs-on: debian
    needs: [does-not-exist]
    steps:
      - run: |
          echo "OK"
```

Now, before a workflow is run, Forgejo will check whether all jobs referenced in `needs` exist. If any of them does not, it raises a pre-execution error which fails the workflow immediately. It also displays an appropriate error to the user, for example:

```
Workflow was not executed due to an error that blocked the execution attempt.
Job with ID test references unknown jobs in `needs`: does-not-exist.
```

Futhermore, workflows with pre-execution errors can no longer be rerun, which was previously possible.

Original issue: https://code.forgejo.org/forgejo/runner/issues/977.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12046
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 models/actions/pre_execution_errors.go        |   3 +
 models/actions/run.go                         |  13 ++
 models/actions/run_job.go                     |  23 ++++
 models/actions/run_job_list.go                |   8 ++
 models/actions/run_job_list_test.go           |  21 +++
 models/actions/run_job_test.go                | 124 ++++++++++++++++++
 models/actions/run_test.go                    |  80 +++++++++++
 options/locale_next/locale_en-US.json         |   3 +
 .../actions/TestActionsRerun/action_run.yml   |  20 +++
 .../TestActionsRerun/action_run_job.yml       |  15 +++
 routers/web/repo/actions/view.go              |  18 ++-
 routers/web/repo/actions/view_test.go         |  61 ++++++---
 .../action_run.yml                            |  18 +++
 .../action_run_job.yml                        |  44 +++++++
 services/actions/job_emitter.go               |  14 +-
 services/actions/job_emitter_test.go          |  24 ++++
 services/actions/run.go                       |   6 +
 services/actions/run_test.go                  |   6 +
 18 files changed, 478 insertions(+), 23 deletions(-)
 create mode 100644 models/actions/run_job_list_test.go

diff --git a/models/actions/pre_execution_errors.go b/models/actions/pre_execution_errors.go
index 64c9b17727..000d59d71d 100644
--- a/models/actions/pre_execution_errors.go
+++ b/models/actions/pre_execution_errors.go
@@ -30,6 +30,7 @@ const (
 	ErrorCodeIncompleteWithMissingOutput
 	ErrorCodeIncompleteWithMissingMatrixDimension
 	ErrorCodeIncompleteWithUnknownCause
+	ErrorCodeUnknownJobInNeeds
 )
 
 func TranslatePreExecutionError(lang translation.Locale, run *ActionRun) string {
@@ -69,6 +70,8 @@ func TranslatePreExecutionError(lang translation.Locale, run *ActionRun) string
 		return lang.TrString("actions.workflow.incomplete_with_missing_matrix_dimension", run.PreExecutionErrorDetails...)
 	case ErrorCodeIncompleteWithUnknownCause:
 		return lang.TrString("actions.workflow.incomplete_with_unknown_cause", run.PreExecutionErrorDetails...)
+	case ErrorCodeUnknownJobInNeeds:
+		return lang.TrString("actions.workflow.unknown_job_in_needs", run.PreExecutionErrorDetails...)
 	}
 	return fmt.Sprintf("<unsupported error: code=%v details=%#v", run.PreExecutionErrorCode, run.PreExecutionErrorDetails)
 }
diff --git a/models/actions/run.go b/models/actions/run.go
index 6e01715f74..a9c458c86d 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -255,6 +255,19 @@ func (run *ActionRun) IsDispatchedRun() bool {
 	return run.TriggerEvent == "workflow_dispatch"
 }
 
+// IsRunnable indicates whether this ActionRun can generally be run.
+func (run *ActionRun) IsRunnable() bool {
+	return run.PreExecutionErrorCode == 0 && run.PreExecutionError == ""
+}
+
+// CanBeRerun indicates whether this ActionRun can be rerun.
+func (run *ActionRun) CanBeRerun() bool {
+	if !run.IsRunnable() {
+		return false
+	}
+	return run.Status.IsDone()
+}
+
 func actionsCountOpenCacheKey(repoID int64) string {
 	return fmt.Sprintf("Actions:CountOpenActionRuns:%d", repoID)
 }
diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index 412e60aefd..5d3a8aad80 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -140,6 +140,15 @@ func (job *ActionRunJob) PrepareNextAttempt(initialStatus Status) error {
 	return nil
 }
 
+// CanBeRerun answers whether this ActionRunJob can be rerun. Returns true if it is done and the Run it belongs to
+// is runnable. Returns false in all other cases, including when Run is nil.
+func (job *ActionRunJob) CanBeRerun() bool {
+	if job.Run == nil || !job.Run.IsRunnable() {
+		return false
+	}
+	return job.Status.IsDone()
+}
+
 func GetRunJobByID(ctx context.Context, id int64) (*ActionRunJob, error) {
 	var job ActionRunJob
 	has, err := db.GetEngine(ctx).Where("id=?", id).Get(&job)
@@ -338,3 +347,17 @@ func (job *ActionRunJob) EnableOpenIDConnect() (bool, error) {
 	}
 	return jobWorkflow.EnableOpenIDConnect, nil
 }
+
+// AllNeedsExist checks whether this ActionRunJob's Needs can theoretically be met by comparing them with the supplied
+// list of all job IDs that part of a particular workflow run. Returns the list of unknown job IDs found in Needs
+// alongside an indicator whether the check was successful.
+func (job *ActionRunJob) AllNeedsExist(allExistingJobIDs container.Set[string]) ([]string, bool) {
+	unknownJobIDs := []string{}
+	for _, need := range job.Needs {
+		if !allExistingJobIDs.Contains(need) {
+			unknownJobIDs = append(unknownJobIDs, need)
+		}
+	}
+
+	return unknownJobIDs, len(unknownJobIDs) == 0
+}
diff --git a/models/actions/run_job_list.go b/models/actions/run_job_list.go
index e7ad87239b..207da30334 100644
--- a/models/actions/run_job_list.go
+++ b/models/actions/run_job_list.go
@@ -22,6 +22,14 @@ func (jobs ActionJobList) GetRunIDs() []int64 {
 	})
 }
 
+func (jobs ActionJobList) GetJobIDs() container.Set[string] {
+	jobIDs := container.SetOf[string]()
+	for _, job := range jobs {
+		jobIDs.Add(job.JobID)
+	}
+	return jobIDs
+}
+
 func (jobs ActionJobList) LoadRuns(ctx context.Context, withRepo bool) error {
 	runIDs := jobs.GetRunIDs()
 	runs := make(map[int64]*ActionRun, len(runIDs))
diff --git a/models/actions/run_job_list_test.go b/models/actions/run_job_list_test.go
new file mode 100644
index 0000000000..223dd3b411
--- /dev/null
+++ b/models/actions/run_job_list_test.go
@@ -0,0 +1,21 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"testing"
+
+	"forgejo.org/modules/container"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestActionJobList_GetJobIDs(t *testing.T) {
+	jobs := ActionJobList{
+		&ActionRunJob{JobID: "job 1"},
+		&ActionRunJob{JobID: "job 2"},
+	}
+
+	assert.Equal(t, container.SetOf("job 2", "job 1"), jobs.GetJobIDs())
+}
diff --git a/models/actions/run_job_test.go b/models/actions/run_job_test.go
index 05c504cf64..6753fb0315 100644
--- a/models/actions/run_job_test.go
+++ b/models/actions/run_job_test.go
@@ -8,6 +8,7 @@ import (
 
 	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/container"
 	"forgejo.org/modules/timeutil"
 
 	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
@@ -369,3 +370,126 @@ func TestIsRequestedByRunner(t *testing.T) {
 
 	assert.False(t, emptyHandleJob.IsRequestedByRunner(&differentHandle))
 }
+
+func TestAllNeedsExist(t *testing.T) {
+	testCases := []struct {
+		name               string
+		job                ActionRunJob
+		existingJobIDs     container.Set[string]
+		expectedUnknownIDs []string
+		ok                 bool
+	}{
+		{
+			name:               "no needs",
+			job:                ActionRunJob{Needs: nil},
+			existingJobIDs:     container.Set[string]{},
+			expectedUnknownIDs: []string{},
+			ok:                 true,
+		},
+		{
+			name:               "empty needs",
+			job:                ActionRunJob{Needs: []string{}},
+			existingJobIDs:     container.Set[string]{},
+			expectedUnknownIDs: []string{},
+			ok:                 true,
+		},
+		{
+			name:               "satisfied needs",
+			job:                ActionRunJob{Needs: []string{"job1", "job2"}},
+			existingJobIDs:     container.SetOf("job2", "job1"),
+			expectedUnknownIDs: []string{},
+			ok:                 true,
+		},
+		{
+			name:               "unsatisfied needs",
+			job:                ActionRunJob{Needs: []string{"unknown", "job2"}},
+			existingJobIDs:     container.SetOf("job2", "job1"),
+			expectedUnknownIDs: []string{"unknown"},
+			ok:                 false,
+		},
+		{
+			name:               "comparison is case-sensitive",
+			job:                ActionRunJob{Needs: []string{"Job1", "job2"}},
+			existingJobIDs:     container.SetOf("job2", "job1"),
+			expectedUnknownIDs: []string{"Job1"},
+			ok:                 false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			unknownIDs, ok := testCase.job.AllNeedsExist(testCase.existingJobIDs)
+
+			assert.Equal(t, testCase.ok, ok)
+			assert.Equal(t, testCase.expectedUnknownIDs, unknownIDs)
+		})
+	}
+}
+
+func TestActionRunJob_CanBeRerun(t *testing.T) {
+	testCases := []struct {
+		name       string
+		job        ActionRunJob
+		canBeRerun bool
+	}{
+		{
+			name:       "job with unknown status",
+			job:        ActionRunJob{Run: &ActionRun{Status: StatusSuccess}, Status: StatusUnknown},
+			canBeRerun: false,
+		},
+		{
+			name:       "successful job",
+			job:        ActionRunJob{Run: &ActionRun{Status: StatusSuccess}, Status: StatusSuccess},
+			canBeRerun: true,
+		},
+		{
+			name:       "failed job",
+			job:        ActionRunJob{Run: &ActionRun{Status: StatusSuccess}, Status: StatusFailure},
+			canBeRerun: true,
+		},
+		{
+			name:       "cancelled job",
+			job:        ActionRunJob{Run: &ActionRun{Status: StatusSuccess}, Status: StatusCancelled},
+			canBeRerun: true,
+		},
+		{
+			name:       "skipped job",
+			job:        ActionRunJob{Run: &ActionRun{Status: StatusSuccess}, Status: StatusSkipped},
+			canBeRerun: true,
+		},
+		{
+			name:       "waiting job",
+			job:        ActionRunJob{Run: &ActionRun{Status: StatusSuccess}, Status: StatusWaiting},
+			canBeRerun: false,
+		},
+		{
+			name:       "blocked job",
+			job:        ActionRunJob{Run: &ActionRun{Status: StatusSuccess}, Status: StatusBlocked},
+			canBeRerun: false,
+		},
+		{
+			name:       "ActionRun is nil",
+			job:        ActionRunJob{Run: nil, Status: StatusSuccess},
+			canBeRerun: false,
+		},
+		{
+			name:       "with busy run but completed job",
+			job:        ActionRunJob{Run: &ActionRun{Status: StatusRunning}, Status: StatusSuccess},
+			canBeRerun: true,
+		},
+		{
+			name: "with run that cannot be run",
+			job: ActionRunJob{
+				Run:    &ActionRun{Status: StatusRunning, PreExecutionErrorCode: ErrorCodeEventDetectionError},
+				Status: StatusSuccess,
+			},
+			canBeRerun: false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			assert.Equal(t, testCase.canBeRerun, testCase.job.CanBeRerun())
+		})
+	}
+}
diff --git a/models/actions/run_test.go b/models/actions/run_test.go
index 541fb059cd..9a5eb99537 100644
--- a/models/actions/run_test.go
+++ b/models/actions/run_test.go
@@ -96,6 +96,86 @@ func TestIsManualRun(t *testing.T) {
 	assert.False(t, pushRun.IsDispatchedRun())
 }
 
+func TestActionRun_IsRunnable(t *testing.T) {
+	testCases := []struct {
+		name       string
+		run        ActionRun
+		isRunnable bool
+	}{
+		{
+			name:       "valid run",
+			run:        ActionRun{},
+			isRunnable: true,
+		},
+		{
+			name:       "with pre-execution error",
+			run:        ActionRun{PreExecutionErrorCode: ErrorCodeIncompleteRunsOnMissingOutput},
+			isRunnable: false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			assert.Equal(t, testCase.isRunnable, testCase.run.IsRunnable())
+		})
+	}
+}
+
+func TestActionRun_CanBeRerun(t *testing.T) {
+	testCases := []struct {
+		name       string
+		run        ActionRun
+		canBeRerun bool
+	}{
+		{
+			name:       "run with unknown status",
+			run:        ActionRun{Status: StatusUnknown},
+			canBeRerun: false,
+		},
+		{
+			name:       "successful run",
+			run:        ActionRun{Status: StatusSuccess},
+			canBeRerun: true,
+		},
+		{
+			name:       "failed run",
+			run:        ActionRun{Status: StatusFailure},
+			canBeRerun: true,
+		},
+		{
+			name:       "cancelled run",
+			run:        ActionRun{Status: StatusCancelled},
+			canBeRerun: true,
+		},
+		{
+			name:       "skipped run",
+			run:        ActionRun{Status: StatusSkipped},
+			canBeRerun: true,
+		},
+		{
+			name:       "waiting run",
+			run:        ActionRun{Status: StatusWaiting},
+			canBeRerun: false,
+		},
+		{
+			name:       "blocked run",
+			run:        ActionRun{Status: StatusBlocked},
+			canBeRerun: false,
+		},
+		{
+			name:       "with pre-execution error",
+			run:        ActionRun{PreExecutionErrorCode: ErrorCodeIncompleteRunsOnMissingOutput, Status: StatusSuccess},
+			canBeRerun: false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			assert.Equal(t, testCase.canBeRerun, testCase.run.CanBeRerun())
+		})
+	}
+}
+
 func TestRepoNumOpenActions(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	err := cache.Init()
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index aab1be7e1b..3195d6f6f1 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -612,7 +612,10 @@
 	"actions.workflow.incomplete_with_missing_output": "Unable to evaluate `with` of job %[1]s: job %[2]s is missing output %[3]s.",
 	"actions.workflow.incomplete_with_missing_matrix_dimension": "Unable to evaluate `with` of job %[1]s: matrix dimension %[2]s does not exist.",
 	"actions.workflow.incomplete_with_unknown_cause": "Unable to evaluate `with` of job %[1]s: unknown error.",
+	"actions.workflow.unknown_job_in_needs": "Job with ID %[1]s references unknown jobs in `needs`: %[2]s.",
 	"actions.workflow.pre_execution_error": "Workflow was not executed due to an error that blocked the execution attempt.",
+	"actions.workflow.rerun_impossible": "The workflow cannot be rerun.",
+	"actions.workflow.job_rerun_impossible": "The job cannot be rerun.",
 	"actions.secrets.creation.name_description": "The name of a secret can only contain letters, numbers, and underscores. It cannot start with FORGEJO_, GITEA_, GITHUB_, or a number. Forgejo will automatically convert it to uppercase.",
 	"actions.secrets.creation.value_description": "The value of a secret can be any text. Special characters are retained. CRLF (Windows-style line breaks) is automatically converted to LF. Encode the value with Base64 if linebreaks should be retained.",
 	"actions.variables.mutation.name_description": "The name of a variable can only contain letters, numbers, and underscores. It cannot be named CI or start with FORGEJO_, GITEA_, GITHUB_, or a number. Forgejo will automatically convert it to uppercase.",
diff --git a/routers/web/repo/actions/TestActionsRerun/action_run.yml b/routers/web/repo/actions/TestActionsRerun/action_run.yml
index 9db0954b7c..18444ac6c4 100644
--- a/routers/web/repo/actions/TestActionsRerun/action_run.yml
+++ b/routers/web/repo/actions/TestActionsRerun/action_run.yml
@@ -16,4 +16,24 @@
   updated: 1683636626
   need_approval: false
   approved_by: 0
+  event_payload: '{"head_commit":{"id":"5f22f7d0d95d614d25a5b68592adb345a4b5c7fd"}}'
+- id: 83732
+  title: "not runnable"
+  repo_id: 1
+  owner_id: 5
+  workflow_id: "invalid.yaml"
+  index: 138575
+  trigger_user_id: 1
+  ref: "refs/heads/branch2"
+  commit_sha: "985f0301dba5e7b34be866819cd15ad3d8f508ee"
+  event: "push"
+  is_fork_pull_request: false
+  status: 2 # failure
+  started: 0
+  stopped: 1683636626
+  created: 1683636108
+  updated: 1683636626
+  pre_execution_error_code: 10
+  need_approval: false
+  approved_by: 0
   event_payload: '{"head_commit":{"id":"5f22f7d0d95d614d25a5b68592adb345a4b5c7fd"}}'
\ No newline at end of file
diff --git a/routers/web/repo/actions/TestActionsRerun/action_run_job.yml b/routers/web/repo/actions/TestActionsRerun/action_run_job.yml
index 3d97591281..a3bde7a2aa 100644
--- a/routers/web/repo/actions/TestActionsRerun/action_run_job.yml
+++ b/routers/web/repo/actions/TestActionsRerun/action_run_job.yml
@@ -56,3 +56,18 @@
   runs_on: '["fedora"]'
   started: 1683636528
   stopped: 1683636626
+
+- id: 248954
+  run_id: 83732
+  repo_id: 1
+  owner_id: 3
+  commit_sha: 985f0301dba5e7b34be866819cd15ad3d8f508ee
+  is_fork_pull_request: false
+  name: job_2
+  attempt: 1
+  job_id: job_2
+  task_id: 47
+  status: 2 # failure
+  runs_on: '["fedora"]'
+  started: 1683636528
+  stopped: 1683636626
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index a645f317f9..63db9d0997 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -296,7 +296,7 @@ func getViewResponse(ctx *app_context.Context, req *ViewRequest, runIndex, jobIn
 	resp.State.Run.TitleHTML = templates.RenderCommitMessage(ctx, run.Title, metas)
 	resp.State.Run.Link = run.Link()
 	resp.State.Run.CanApprove = run.NeedApproval && ctx.Repo.CanWrite(unit.TypeActions)
-	resp.State.Run.CanRerun = run.Status.IsDone() && ctx.Repo.CanWrite(unit.TypeActions)
+	resp.State.Run.CanRerun = run.CanBeRerun() && ctx.Repo.CanWrite(unit.TypeActions)
 	resp.State.Run.CanDeleteArtifact = run.Status.IsDone() && ctx.Repo.CanWrite(unit.TypeActions)
 	resp.State.Run.Jobs = make([]*ViewJob, 0, len(jobs)) // marshal to '[]' instead of 'null' in json
 	resp.State.Run.Status = run.Status.String()
@@ -318,7 +318,7 @@ func getViewResponse(ctx *app_context.Context, req *ViewRequest, runIndex, jobIn
 			ID:       v.ID,
 			Name:     v.Name,
 			Status:   v.Status.String(),
-			CanRerun: v.Status.IsDone() && ctx.Repo.CanWrite(unit.TypeActions),
+			CanRerun: v.CanBeRerun() && ctx.Repo.CanWrite(unit.TypeActions),
 			Duration: v.Duration().String(),
 		})
 	}
@@ -495,6 +495,10 @@ func Rerun(ctx *app_context.Context) {
 		ctx.Error(http.StatusInternalServerError, err.Error())
 		return
 	}
+	if jobIndexStr == "" && !run.CanBeRerun() {
+		ctx.JSONError(ctx.Locale.Tr("actions.workflow.rerun_impossible"))
+		return
+	}
 
 	// can not rerun job when workflow is disabled
 	cfgUnit := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions)
@@ -523,6 +527,11 @@ func Rerun(ctx *app_context.Context) {
 	if jobIndexStr == "" { // rerun all jobs
 		var redirectURL string
 		for _, j := range jobs {
+			if !j.CanBeRerun() {
+				ctx.JSONError(ctx.Locale.Tr("actions.workflow.job_rerun_impossible"))
+				return
+			}
+
 			// if the job has needs, it should be set to "blocked" status to wait for other jobs
 			shouldBlock := len(j.Needs) > 0
 			if err := rerunJob(ctx, j, shouldBlock); err != nil {
@@ -550,6 +559,11 @@ func Rerun(ctx *app_context.Context) {
 
 	var redirectURL string
 	for _, j := range rerunJobs {
+		if !j.CanBeRerun() {
+			ctx.JSONError(ctx.Locale.Tr("actions.workflow.job_rerun_impossible"))
+			return
+		}
+
 		// jobs other than the specified one should be set to "blocked" status
 		shouldBlock := j.JobID != job.JobID
 		if err := rerunJob(ctx, j, shouldBlock); err != nil {
diff --git a/routers/web/repo/actions/view_test.go b/routers/web/repo/actions/view_test.go
index 8d8e82a007..04d32f191b 100644
--- a/routers/web/repo/actions/view_test.go
+++ b/routers/web/repo/actions/view_test.go
@@ -520,31 +520,48 @@ func TestActionsViewRedirectToLatestAttempt(t *testing.T) {
 }
 
 func TestActionsRerun(t *testing.T) {
-	defer unittest.OverrideFixtures("routers/web/repo/actions/TestActionsRerun")()
-	unittest.PrepareTestEnv(t)
-
 	tests := []struct {
 		name         string
 		runIndex     int64
 		jobIndex     int64
 		expectedCode int
 		expectedURL  string
+		expectedBody string
 	}{
 		{
-			name:        "rerun all",
-			runIndex:    138574,
-			jobIndex:    -1,
-			expectedURL: "https://try.gitea.io/user2/repo1/actions/runs/138574/jobs/0/attempt/3",
+			name:         "rerun all",
+			runIndex:     138574,
+			jobIndex:     -1,
+			expectedCode: 200,
+			expectedURL:  "https://try.gitea.io/user2/repo1/actions/runs/138574/jobs/0/attempt/3",
 		},
 		{
-			name:        "rerun job",
-			runIndex:    138574,
-			jobIndex:    2,
-			expectedURL: "https://try.gitea.io/user2/repo1/actions/runs/138574/jobs/2/attempt/6",
+			name:         "rerun job",
+			runIndex:     138574,
+			jobIndex:     2,
+			expectedCode: 200,
+			expectedURL:  "https://try.gitea.io/user2/repo1/actions/runs/138574/jobs/2/attempt/6",
+		},
+		{
+			name:         "rerun workflow that cannot be run",
+			runIndex:     138575,
+			jobIndex:     -1,
+			expectedCode: 400,
+			expectedBody: "{\"errorMessage\":\"actions.workflow.rerun_impossible\",\"renderFormat\":\"html\"}\n",
+		},
+		{
+			name:         "rerun job that cannot be run",
+			runIndex:     138575,
+			jobIndex:     1,
+			expectedCode: 400,
+			expectedBody: "{\"errorMessage\":\"actions.workflow.job_rerun_impossible\",\"renderFormat\":\"html\"}\n",
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
+			defer unittest.OverrideFixtures("routers/web/repo/actions/TestActionsRerun")()
+			unittest.PrepareTestEnv(t)
+
 			ctx, resp := contexttest.MockContext(t, "user2/repo1/actions/runs/138574/rerun")
 			contexttest.LoadUser(t, ctx, 2)
 			contexttest.LoadRepo(t, ctx, 1)
@@ -554,16 +571,22 @@ func TestActionsRerun(t *testing.T) {
 			}
 
 			Rerun(ctx)
-			require.Equal(t, http.StatusOK, resp.Result().StatusCode, "failure in Rerun(): %q", resp.Body.String())
 
-			var actual redirectObject
-			err := json.Unmarshal(resp.Body.Bytes(), &actual)
-			require.NoError(t, err)
+			if tt.expectedCode < 300 {
+				require.Equal(t, tt.expectedCode, resp.Result().StatusCode, "failure in Rerun(): %q", resp.Body.String())
 
-			// Note: this test isn't doing any functional testing of the Rerun handler's actual ability to set up a job
-			// rerun.  This test was added when the redirect to the correct `attempt` was added and only covers that
-			// addition at this time.
-			assert.Equal(t, redirectObject{Redirect: tt.expectedURL}, actual)
+				var actual redirectObject
+				err := json.Unmarshal(resp.Body.Bytes(), &actual)
+				require.NoError(t, err)
+
+				// Note: this test isn't doing any functional testing of the Rerun handler's actual ability to set up a job
+				// rerun.  This test was added when the redirect to the correct `attempt` was added and only covers that
+				// addition at this time.
+				assert.Equal(t, redirectObject{Redirect: tt.expectedURL}, actual)
+			} else {
+				require.Equal(t, tt.expectedCode, resp.Result().StatusCode)
+				assert.Equal(t, tt.expectedBody, resp.Body.String())
+			}
 		})
 	}
 }
diff --git a/services/actions/TestActions_consistencyCheckRun/action_run.yml b/services/actions/TestActions_consistencyCheckRun/action_run.yml
index 321600adf9..0872f69b3a 100644
--- a/services/actions/TestActions_consistencyCheckRun/action_run.yml
+++ b/services/actions/TestActions_consistencyCheckRun/action_run.yml
@@ -88,3 +88,21 @@
   updated: 1683636626
   need_approval: 0
   approved_by: 0
+-
+  id: 905
+  title: "waiting workflow_dispatch run"
+  repo_id: 63
+  owner_id: 2
+  workflow_id: "running.yaml"
+  index: 9
+  trigger_user_id: 2
+  ref: "refs/heads/main"
+  commit_sha: "97f29ee599c373c729132a5c46a046978311e0ee"
+  trigger_event: "workflow_dispatch"
+  is_fork_pull_request: 0
+  status: 5 # waiting
+  started: 1683636528
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
diff --git a/services/actions/TestActions_consistencyCheckRun/action_run_job.yml b/services/actions/TestActions_consistencyCheckRun/action_run_job.yml
index 8d0adf3f58..e917d7d9a3 100644
--- a/services/actions/TestActions_consistencyCheckRun/action_run_job.yml
+++ b/services/actions/TestActions_consistencyCheckRun/action_run_job.yml
@@ -172,3 +172,47 @@
     incomplete_runs_on_matrix:
       dimension: platform-oops-wrong-dimension
     incomplete_matrix: true
+-
+  id: 607
+  run_id: 905
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: job_1
+  attempt: 1
+  job_id: job_1
+  task_id: 0
+  status: 7 # blocked
+  runs_on: '["fedora"]'
+  needs: '[]'
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      job_1:
+        runs-on: fedora
+        steps:
+          - run: echo "OK!"
+-
+  id: 608
+  run_id: 905
+  repo_id: 63
+  owner_id: 2
+  commit_sha: 97f29ee599c373c729132a5c46a046978311e0ee
+  is_fork_pull_request: 0
+  name: job_2
+  attempt: 1
+  job_id: job_2
+  task_id: 0
+  status: 7 # blocked
+  runs_on: '["fedora"]'
+  needs: '["unknown","Job_1"]' # invalid capitalization of job_1
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      job_2:
+        runs-on: fedora
+        steps:
+          - run: echo "OK!"
diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index b23918e42f..593e17517a 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -136,6 +136,10 @@ type jobStatusResolver struct {
 	jobMap   map[int64]*actions_model.ActionRunJob
 }
 
+// unknownJobID stores the ID of an unknown job that might be referenced in the workflow. The ID can be any number as
+// long it does not match the ID of an existing job.
+var unknownJobID int64 = -1
+
 func newJobStatusResolver(jobs actions_model.ActionJobList) *jobStatusResolver {
 	idToJobs := make(map[string][]*actions_model.ActionRunJob, len(jobs))
 	jobMap := make(map[int64]*actions_model.ActionRunJob)
@@ -149,8 +153,14 @@ func newJobStatusResolver(jobs actions_model.ActionJobList) *jobStatusResolver {
 	for _, job := range jobs {
 		statuses[job.ID] = job.Status
 		for _, need := range job.Needs {
-			for _, v := range idToJobs[need] {
-				needs[job.ID] = append(needs[job.ID], v.ID)
+			neededJobs, ok := idToJobs[need]
+			if ok {
+				for _, v := range neededJobs {
+					needs[job.ID] = append(needs[job.ID], v.ID)
+				}
+			} else {
+				// Handles the case of an unknown job being referenced in `needs`, for example, `needs: ["unknown"]`.
+				needs[job.ID] = append(needs[job.ID], unknownJobID)
 			}
 		}
 	}
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index 7d5853ce1a..44e9163102 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -231,6 +231,30 @@ __metadata:
 				3: actions_model.StatusFailure,
 			},
 		},
+		{
+			name: "blocked if needs are unknown",
+			jobs: actions_model.ActionJobList{
+				{ID: 1, JobID: "build", Status: actions_model.StatusSuccess, Needs: []string{}},
+				{ID: 2, JobID: "test", Status: actions_model.StatusBlocked, Needs: []string{"build", "unknown"}},
+			},
+			want: map[int64]actions_model.Status{},
+		},
+		{
+			name: "blocked if needs are unknown despite always()",
+			jobs: actions_model.ActionJobList{
+				{ID: 1, JobID: "build", Status: actions_model.StatusSuccess, Needs: []string{}},
+				{ID: 45, JobID: "test", Needs: []string{"build", "unknown"}, Status: actions_model.StatusBlocked, WorkflowPayload: []byte(`
+on: push
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    needs: [build, unknown]
+    if: always()
+    steps: []
+`)},
+			},
+			want: map[int64]actions_model.Status{},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/services/actions/run.go b/services/actions/run.go
index ed795f2a63..bee0b1581d 100644
--- a/services/actions/run.go
+++ b/services/actions/run.go
@@ -97,11 +97,17 @@ func FailRunPreExecutionError(ctx context.Context, run *actions_model.ActionRun,
 
 // Perform pre-execution checks that would affect the ability for a job to reach an executing stage.
 func consistencyCheckRun(ctx context.Context, run *actions_model.ActionRun) error {
+	var jobs actions_model.ActionJobList
 	jobs, err := actions_model.GetRunJobsByRunID(ctx, run.ID)
 	if err != nil {
 		return err
 	}
+	validJobIDs := jobs.GetJobIDs()
 	for _, job := range jobs {
+		if unknownJobIDs, ok := job.AllNeedsExist(validJobIDs); !ok {
+			return FailRunPreExecutionError(ctx, run, actions_model.ErrorCodeUnknownJobInNeeds,
+				[]any{job.JobID, strings.Join(unknownJobIDs, ", ")})
+		}
 		if stop, err := checkJobWillRevisit(ctx, job); err != nil {
 			return err
 		} else if stop {
diff --git a/services/actions/run_test.go b/services/actions/run_test.go
index e8a198c446..61e580aed1 100644
--- a/services/actions/run_test.go
+++ b/services/actions/run_test.go
@@ -137,6 +137,12 @@ func TestActions_consistencyCheckRun(t *testing.T) {
 			name:  "consistent: matrix missing dimension but matrix is dynamic",
 			runID: 904,
 		},
+		{
+			name:                     "unknown job in needs",
+			runID:                    905,
+			preExecutionError:        actions_model.ErrorCodeUnknownJobInNeeds,
+			preExecutionErrorDetails: []any{"job_2", "unknown, Job_1"},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

From 72e57743d9089ca8763b87f83f46949b5d60a848 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 10 Apr 2026 18:03:19 +0200
Subject: [PATCH 662/854] Update module golang.org/x/tools/cmd/deadcode to
 v0.44.0 (forgejo) (#12071)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 665d8b5f38..a83ed31bfa 100644
--- a/Makefile
+++ b/Makefile
@@ -45,7 +45,7 @@ SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.2 # renova
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses/v2@v2.0.1 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.43.0 # renovate: datasource=go
+DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.44.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
 RENOVATE_NPM_PACKAGE ?= renovate@43.104.8 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate

From 543c2d93ad8c61b77d66cf57fc7c2c4cc6f92e40 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 11 Apr 2026 02:37:46 +0200
Subject: [PATCH 663/854] Update data.forgejo.org/forgejo/forgejo Docker tag to
 v11.0.12 (forgejo) (#12084)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [data.forgejo.org/forgejo/forgejo](https://forgejo.org) ([source](https://codeberg.org/forgejo/forgejo)) | patch | `11.0.11` → `11.0.12` |

---

### Release Notes

<details>
<summary>forgejo/forgejo (data.forgejo.org/forgejo/forgejo)</summary>

### [`v11.0.12`](https://codeberg.org/forgejo/forgejo/releases/tag/v11.0.12)

[Compare Source](https://codeberg.org/forgejo/forgejo/compare/v11.0.11...v11.0.12)

See <https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.12.md>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDQuNCIsInVwZGF0ZWRJblZlciI6IjQzLjEwNC40IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12084
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 25a7a6cf44..723af018c4 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -2,7 +2,7 @@ name: Integration tests for the release process
 enable-email-notifications: true
 
 env:
-  FORGEJO_VERSION: 11.0.11 # renovate: datasource=docker depName=data.forgejo.org/forgejo/forgejo
+  FORGEJO_VERSION: 11.0.12 # renovate: datasource=docker depName=data.forgejo.org/forgejo/forgejo
 
 on:
   push:

From e636cd276574e486ef124a2c7840440308b8fb66 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 11 Apr 2026 03:29:02 +0200
Subject: [PATCH 664/854] Update dependency postcss to v8.5.9 (forgejo)
 (#12086)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12086
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 65 +++--------------------------------------------
 package.json      |  2 +-
 2 files changed, 5 insertions(+), 62 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ce85a04de5..53fd189835 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -59,7 +59,7 @@
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.5",
         "pdfobject": "2.3.0",
-        "postcss": "8.5.6",
+        "postcss": "8.5.9",
         "postcss-loader": "8.2.1",
         "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
@@ -5176,34 +5176,6 @@
         "@jridgewell/sourcemap-codec": "^1.5.5"
       }
     },
-    "node_modules/@vue/compiler-sfc/node_modules/postcss": {
-      "version": "8.5.8",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.8.tgz",
-      "integrity": "sha512-OW/rX8O/jXnm82Ey1k44pObPtdblfiuWnrd8X7GJ7emImCOstunGbXUpp7HdBrFQX6rJzn3sPT397Wp5aCwCHg==",
-      "funding": [
-        {
-          "type": "opencollective",
-          "url": "https://opencollective.com/postcss/"
-        },
-        {
-          "type": "tidelift",
-          "url": "https://tidelift.com/funding/github/npm/postcss"
-        },
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/ai"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "nanoid": "^3.3.11",
-        "picocolors": "^1.1.1",
-        "source-map-js": "^1.2.1"
-      },
-      "engines": {
-        "node": "^10 || ^12 || >=14"
-      }
-    },
     "node_modules/@vue/compiler-ssr": {
       "version": "3.5.32",
       "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.32.tgz",
@@ -12944,9 +12916,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.5.6",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
-      "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==",
+      "version": "8.5.9",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.9.tgz",
+      "integrity": "sha512-7a70Nsot+EMX9fFU3064K/kdHWZqGVY+BADLyXc8Dfv+mTLLVl6JzJpPaCZ2kQL9gIJvKXSLMHhqdRRjwQeFtw==",
       "funding": [
         {
           "type": "opencollective",
@@ -15886,35 +15858,6 @@
         "url": "https://github.com/sponsors/jonschlinkert"
       }
     },
-    "node_modules/vite/node_modules/postcss": {
-      "version": "8.5.8",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.8.tgz",
-      "integrity": "sha512-OW/rX8O/jXnm82Ey1k44pObPtdblfiuWnrd8X7GJ7emImCOstunGbXUpp7HdBrFQX6rJzn3sPT397Wp5aCwCHg==",
-      "dev": true,
-      "funding": [
-        {
-          "type": "opencollective",
-          "url": "https://opencollective.com/postcss/"
-        },
-        {
-          "type": "tidelift",
-          "url": "https://tidelift.com/funding/github/npm/postcss"
-        },
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/ai"
-        }
-      ],
-      "license": "MIT",
-      "dependencies": {
-        "nanoid": "^3.3.11",
-        "picocolors": "^1.1.1",
-        "source-map-js": "^1.2.1"
-      },
-      "engines": {
-        "node": "^10 || ^12 || >=14"
-      }
-    },
     "node_modules/vitest": {
       "version": "4.1.2",
       "resolved": "https://registry.npmjs.org/vitest/-/vitest-4.1.2.tgz",
diff --git a/package.json b/package.json
index f5d96c8372..30f48dea2c 100644
--- a/package.json
+++ b/package.json
@@ -58,7 +58,7 @@
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.5",
     "pdfobject": "2.3.0",
-    "postcss": "8.5.6",
+    "postcss": "8.5.9",
     "postcss-loader": "8.2.1",
     "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",

From b0267f7d792d17438f6894bb1ab757293f3c7206 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 11 Apr 2026 04:17:47 +0200
Subject: [PATCH 665/854] Update dependency swagger-ui-dist to v5.32.2
 (forgejo) (#12085)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 53fd189835..588a3e7570 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -64,7 +64,7 @@
         "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
         "sortablejs": "1.15.7",
-        "swagger-ui-dist": "5.32.1",
+        "swagger-ui-dist": "5.32.2",
         "tailwindcss": "3.4.19",
         "throttle-debounce": "5.0.0",
         "tinycolor2": "1.6.0",
@@ -15014,9 +15014,9 @@
       }
     },
     "node_modules/swagger-ui-dist": {
-      "version": "5.32.1",
-      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.32.1.tgz",
-      "integrity": "sha512-6HQoo7+j8PA2QqP5kgAb9dl1uxUjvR0SAoL/WUp1sTEvm0F6D5npgU2OGCLwl++bIInqGlEUQ2mpuZRZYtyCzQ==",
+      "version": "5.32.2",
+      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.32.2.tgz",
+      "integrity": "sha512-t6Ns52nS8LU2hqi0+rezMjFO1ZrCsCrnommXrU7Nfrg2va2dWahdvM6TuSwzdHpG29v6BHJyU1c/UWFhgVZzVQ==",
       "license": "Apache-2.0",
       "dependencies": {
         "@scarf/scarf": "=1.4.0"
diff --git a/package.json b/package.json
index 30f48dea2c..aa6d80b52a 100644
--- a/package.json
+++ b/package.json
@@ -63,7 +63,7 @@
     "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",
     "sortablejs": "1.15.7",
-    "swagger-ui-dist": "5.32.1",
+    "swagger-ui-dist": "5.32.2",
     "tailwindcss": "3.4.19",
     "throttle-debounce": "5.0.0",
     "tinycolor2": "1.6.0",

From 988d7024804c666c4b991d5c61c3ba9a85b793b1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 11 Apr 2026 04:33:53 +0200
Subject: [PATCH 666/854] Update module
 code.superseriousbusiness.org/exif-terminator to v0.11.2 (forgejo) (#12087)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12087
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f931c40a5c..28e940eaab 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
 	code.forgejo.org/go-chi/captcha v1.0.2
 	code.forgejo.org/go-chi/session v1.0.4
 	code.gitea.io/sdk/gitea v0.21.0
-	code.superseriousbusiness.org/exif-terminator v0.11.1
+	code.superseriousbusiness.org/exif-terminator v0.11.2
 	code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
 	connectrpc.com/connect v1.19.1
diff --git a/go.sum b/go.sum
index c294d1c993..4a4eb60bbe 100644
--- a/go.sum
+++ b/go.sum
@@ -46,8 +46,8 @@ code.forgejo.org/xorm/xorm v1.3.9-forgejo.10 h1:DCProZz7GP10ue7NoVr1vreuADhH9tEI
 code.forgejo.org/xorm/xorm v1.3.9-forgejo.10/go.mod h1:ly5tUt9l3b+y7HdXDM1UucQXuS58ahNxB9tPM5/6LfM=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
 code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
-code.superseriousbusiness.org/exif-terminator v0.11.1 h1:qnujLH4/Yk/CFtFMmtjozbdV6Ry5G3Q/E/mLlWm/gQI=
-code.superseriousbusiness.org/exif-terminator v0.11.1/go.mod h1:/Z+3DHSrefCzzN5ePkGjVYKFErRimoeUf694Gz8Pn/Y=
+code.superseriousbusiness.org/exif-terminator v0.11.2 h1:nkTdaghZb6I0oGYFhTLSALhA2ShgkPnYAJryE5IE9+0=
+code.superseriousbusiness.org/exif-terminator v0.11.2/go.mod h1:/Z+3DHSrefCzzN5ePkGjVYKFErRimoeUf694Gz8Pn/Y=
 code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0 h1:r9uq8StaSHYKJ8DklR9Xy+E9c40G1Z8yj5TRGi8L6+4=
 code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0/go.mod h1:IK1OlR6APjVB3E9tuYGvf0qXMrwP+TrzcHS5rf4wffQ=
 code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0 h1:I512jiIeXDC4//2BeSPrRM2ZS4wpBKUaPeTPxakMNGA=

From d9176897d0e0c77cb656f76f30304f54351424ec Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 11 Apr 2026 19:18:41 +0200
Subject: [PATCH 667/854] Update module golang.org/x/text to v0.36.0 (forgejo)
 (#12070)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12070
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod |  6 +++---
 go.sum | 12 ++++++------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 28e940eaab..a7e5f48e15 100644
--- a/go.mod
+++ b/go.mod
@@ -108,7 +108,7 @@ require (
 	golang.org/x/oauth2 v0.36.0
 	golang.org/x/sync v0.20.0
 	golang.org/x/sys v0.43.0
-	golang.org/x/text v0.35.0
+	golang.org/x/text v0.36.0
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
@@ -256,9 +256,9 @@ require (
 	go.uber.org/zap/exp v0.3.0 // indirect
 	go.yaml.in/yaml/v4 v4.0.0-rc.3 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
-	golang.org/x/mod v0.33.0 // indirect
+	golang.org/x/mod v0.34.0 // indirect
 	golang.org/x/time v0.15.0 // indirect
-	golang.org/x/tools v0.42.0 // indirect
+	golang.org/x/tools v0.43.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index 4a4eb60bbe..71f10a9709 100644
--- a/go.sum
+++ b/go.sum
@@ -757,8 +757,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
-golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
+golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI=
+golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -873,8 +873,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
-golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
+golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
+golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=
@@ -908,8 +908,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
-golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
+golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s=
+golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From bf68be21e7ec6470e6ee4b2d8e10d2dc5f8c9567 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 11 Apr 2026 19:18:59 +0200
Subject: [PATCH 668/854] Update module golang.org/x/image to v0.39.0 (forgejo)
 (#12068)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12068
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index a7e5f48e15..9f2c848503 100644
--- a/go.mod
+++ b/go.mod
@@ -103,7 +103,7 @@ require (
 	go.uber.org/mock v0.6.0
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.49.0
-	golang.org/x/image v0.38.0
+	golang.org/x/image v0.39.0
 	golang.org/x/net v0.52.0
 	golang.org/x/oauth2 v0.36.0
 	golang.org/x/sync v0.20.0
diff --git a/go.sum b/go.sum
index 71f10a9709..3602c0aec6 100644
--- a/go.sum
+++ b/go.sum
@@ -734,8 +734,8 @@ golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2
 golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.38.0 h1:5l+q+Y9JDC7mBOMjo4/aPhMDcxEptsX+Tt3GgRQRPuE=
-golang.org/x/image v0.38.0/go.mod h1:/3f6vaXC+6CEanU4KJxbcUZyEePbyKbaLoDOe4ehFYY=
+golang.org/x/image v0.39.0 h1:skVYidAEVKgn8lZ602XO75asgXBgLj9G/FE3RbuPFww=
+golang.org/x/image v0.39.0/go.mod h1:sIbmppfU+xFLPIG0FoVUTvyBMmgng1/XAMhQ2ft0hpA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

From 92b95414e8edd553427681ea295668a3c0f30b11 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 11 Apr 2026 21:21:46 +0200
Subject: [PATCH 669/854] Update module github.com/go-webauthn/webauthn to
 v0.16.4 (forgejo) (#11958)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11958
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 10 +++++-----
 go.sum | 24 ++++++++++++------------
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/go.mod b/go.mod
index 9f2c848503..d38a349c21 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-openapi/spec v0.22.3
 	github.com/go-sql-driver/mysql v1.9.3
-	github.com/go-webauthn/webauthn v0.16.1
+	github.com/go-webauthn/webauthn v0.16.4
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
@@ -102,7 +102,7 @@ require (
 	gitlab.com/gitlab-org/api/client-go v0.143.2
 	go.uber.org/mock v0.6.0
 	go.yaml.in/yaml/v3 v3.0.4
-	golang.org/x/crypto v0.49.0
+	golang.org/x/crypto v0.50.0
 	golang.org/x/image v0.39.0
 	golang.org/x/net v0.52.0
 	golang.org/x/oauth2 v0.36.0
@@ -167,7 +167,7 @@ require (
 	github.com/dsoprea/go-utility/v2 v2.0.0-20221003172846-a3e1774ef349 // indirect
 	github.com/emersion/go-sasl v0.0.0-20231106173351-e73c9f7bad43 // indirect
 	github.com/fatih/color v1.18.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.9.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.9.1 // indirect
 	github.com/go-ap/errors v0.0.0-20260208110149-e1b309365966 // indirect
 	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
@@ -187,7 +187,7 @@ require (
 	github.com/go-openapi/swag/typeutils v0.25.4 // indirect
 	github.com/go-openapi/swag/yamlutils v0.25.4 // indirect
 	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
-	github.com/go-webauthn/x v0.2.2 // indirect
+	github.com/go-webauthn/x v0.2.3 // indirect
 	github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect
@@ -245,7 +245,7 @@ require (
 	github.com/spf13/afero v1.15.0 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
-	github.com/tinylib/msgp v1.6.1 // indirect
+	github.com/tinylib/msgp v1.6.3 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/zeebo/assert v1.3.0 // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
diff --git a/go.sum b/go.sum
index 3602c0aec6..da2abee521 100644
--- a/go.sum
+++ b/go.sum
@@ -251,8 +251,8 @@ github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
-github.com/fxamacker/cbor/v2 v2.9.0 h1:NpKPmjDBgUfBms6tr6JZkTHtfFGcMKsw3eGcmD/sapM=
-github.com/fxamacker/cbor/v2 v2.9.0/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/fxamacker/cbor/v2 v2.9.1 h1:2rWm8B193Ll4VdjsJY28jxs70IdDsHRWgQYAI80+rMQ=
+github.com/fxamacker/cbor/v2 v2.9.1/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/go-ap/activitypub v0.0.0-20260208110334-902f6cf8c2cc h1:yLe7YJhK+XNjNV4SqDxAjpWAgft+KU+XwKZS4AKEUV0=
 github.com/go-ap/activitypub v0.0.0-20260208110334-902f6cf8c2cc/go.mod h1:jUs8eczo1EAT4ByRpZ4mQmNvjarw9eNf7Nm5udpMRhY=
 github.com/go-ap/errors v0.0.0-20260208110149-e1b309365966 h1:tV+3kZgqFMKVUf+JPKBV400ISM8440+6y/SQCS0WZwQ=
@@ -324,10 +324,10 @@ github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPEgAXnvj1Ro=
 github.com/go-viper/mapstructure/v2 v2.5.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
-github.com/go-webauthn/webauthn v0.16.1 h1:x5/SSki5/aIfogaRukqvbg/RXa3Sgxy/9vU7UfFPHKU=
-github.com/go-webauthn/webauthn v0.16.1/go.mod h1:RBS+rtQJMkE5VfMQ4diDA2VNrEL8OeUhp4Srz37FHbQ=
-github.com/go-webauthn/x v0.2.2 h1:zIiipvMbr48CXi5RG0XdBJR94kd8I5LfzHPb/q+YYmk=
-github.com/go-webauthn/x v0.2.2/go.mod h1:IpJ5qyWB9NRhLX3C7gIfjTU7RZLXEP6kzFkoVSE7Fz4=
+github.com/go-webauthn/webauthn v0.16.4 h1:R9jqR/cYZa7hRquFF7Za/8qoH/K/TIs1/Q/4CyGN+1Q=
+github.com/go-webauthn/webauthn v0.16.4/go.mod h1:SU2ljAgToTV/YLPI0C05QS4qn+e04WpB5g1RMfcZfS4=
+github.com/go-webauthn/x v0.2.3 h1:8oArS+Rc1SWFLXhE17KZNx258Z4kUSyaDgsSncCO5RA=
+github.com/go-webauthn/x v0.2.3/go.mod h1:tM04GF3V6VYq79AZMl7vbj4q6pz9r7L2criWRzbWhPk=
 github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b h1:khEcpUM4yFcxg4/FHQWkvVRmgijNXRfzkIDHh23ggEo=
 github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
@@ -654,8 +654,8 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
-github.com/tinylib/msgp v1.6.1 h1:ESRv8eL3u+DNHUoSAAQRE50Hm162zqAnBoGv9PzScPY=
-github.com/tinylib/msgp v1.6.1/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
+github.com/tinylib/msgp v1.6.3 h1:bCSxiTz386UTgyT1i0MSCvdbWjVW+8sG3PjkGsZQt4s=
+github.com/tinylib/msgp v1.6.3/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
 github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
@@ -720,8 +720,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
-golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
+golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI=
+golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -858,8 +858,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.41.0 h1:QCgPso/Q3RTJx2Th4bDLqML4W6iJiaXFq2/ftQF13YU=
-golang.org/x/term v0.41.0/go.mod h1:3pfBgksrReYfZ5lvYM0kSO0LIkAl4Yl2bXOkKP7Ec2A=
+golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
+golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

From 9fe0cbee02c055757ed182c2bb09484969ae70e5 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 11 Apr 2026 21:45:39 +0200
Subject: [PATCH 670/854] fix: relocate PR review comments using `git blame
 --reverse`, improving comment placement (#12015)

When a review comment is placed on a PR in Forgejo, Forgejo performs a `git blame` to identify which commit originated the line, and records that commit and line number in the comment's database record.  Later when the review is viewed, Forgejo currently makes no effort to place that comment in the correct *current* location, which may vary -- for example, if a PR had two commits and the comment was made on a line in the first commit, but the second commit changes line numbers in that file, the comment will appear in the incorrect location.

This PR adds the usage of `git blame --reverse` to calculate the correct location to display the comment in the current view (whether reviewing the PR commit-by-commit, or "Files changed").  It certainly does not fix all problems with comment placement (see comments).

Another major addition in this PR is a test harness for making relatively complex PRs and reviewing the diffs on the per-commit view and PR-diff views.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12015): <!--number 12015 --><!--line 0 --><!--description cmVsb2NhdGUgUFIgcmV2aWV3IGNvbW1lbnRzIHVzaW5nIGBnaXQgYmxhbWUgLS1yZXZlcnNlYCwgaW1wcm92aW5nIGNvbW1lbnQgcGxhY2VtZW50-->relocate PR review comments using `git blame --reverse`, improving comment placement<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12015
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/issues/comment.go              |  53 ++
 models/issues/comment_code.go         |  56 ++-
 models/issues/comment_test.go         |   4 +-
 modules/git/repo_blame.go             |  94 ++++
 modules/git/repo_blame_test.go        |  75 +++
 routers/web/repo/pull.go              |   2 +-
 services/gitdiff/gitdiff.go           |   4 +-
 services/gitdiff/gitdiff_test.go      |   4 +-
 tests/integration/pull_review_test.go | 663 ++++++++++++++++++++++++++
 9 files changed, 936 insertions(+), 19 deletions(-)

diff --git a/models/issues/comment.go b/models/issues/comment.go
index bfad3935fb..61d49cf7b6 100644
--- a/models/issues/comment.go
+++ b/models/issues/comment.go
@@ -19,7 +19,9 @@ import (
 	project_model "forgejo.org/models/project"
 	repo_model "forgejo.org/models/repo"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/cache"
 	"forgejo.org/modules/container"
+	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
@@ -321,6 +323,8 @@ type Comment struct {
 	CommitsNum  int64                               `xorm:"-"`
 	IsForcePush bool                                `xorm:"-"`
 
+	reverseLineBlame *git.ReverseLineBlame `xorm:"-"`
+
 	// If you add new fields that might be used to store abusive content (mainly string fields),
 	// please also add them in the CommentData struct and the corresponding constructor.
 }
@@ -744,6 +748,55 @@ func (c *Comment) UnsignedLine() uint64 {
 	return uint64(c.Line)
 }
 
+func (c *Comment) ResolveCurrentLine(ctx context.Context, repo *repo_model.Repository, currentHead string) (*git.ReverseLineBlame, error) {
+	if c.reverseLineBlame != nil {
+		return c.reverseLineBlame, nil
+	}
+
+	// When a PR is viewed, the requirement to perform `git blame --reverse...` on every comment is a bit of a
+	// performance risk. To minimize this risk, cache the results relative to the requested head, so it only needs to be
+	// recalculated when head changes (or on cache eviction).
+	//
+	// Some performance testing was done which showed that a hot cache is much faster than the blame reverse
+	// operation -- 500-1000x runtime difference:
+	//
+	// - cache miss (Forgejo repo)      took 7,690,574 ns
+	// - cache miss (~1000 commit repo) took 1,671,223 ns
+	// - cache hit (in-memory adapter)  took     3,710 ns
+	// - cache hit (redis adapter)      took    77,311 ns
+	resolveJSON, err := cache.GetString(fmt.Sprintf("comment.Resolve;ID=%d;HEAD=%s", c.ID, currentHead), func() (string, error) {
+		gitRepo, closer, err := gitrepo.RepositoryFromContextOrOpen(ctx, repo)
+		if err != nil {
+			return "", fmt.Errorf("failed to open repo: %w", err)
+		}
+		defer closer.Close()
+
+		reverseBlame, err := gitRepo.ReverseLineBlame(c.CommitSHA, c.TreePath, c.UnsignedLine(), currentHead)
+		if err != nil {
+			return "", fmt.Errorf("failed to perform `git blame --reverse` to resolve current line for comment (id=%d): %w", c.ID, err)
+		}
+
+		data, err := json.Marshal(reverseBlame)
+		if err != nil {
+			return "", err
+		}
+
+		return string(data), nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var reverseBlame *git.ReverseLineBlame
+	err = json.Unmarshal([]byte(resolveJSON), &reverseBlame)
+	if err != nil {
+		return nil, err
+	}
+
+	c.reverseLineBlame = reverseBlame
+	return c.reverseLineBlame, nil
+}
+
 // CodeCommentLink returns the url to a comment in code
 func (c *Comment) CodeCommentLink(ctx context.Context) string {
 	err := c.LoadIssue(ctx)
diff --git a/models/issues/comment_code.go b/models/issues/comment_code.go
index 800d1e830e..cc46541743 100644
--- a/models/issues/comment_code.go
+++ b/models/issues/comment_code.go
@@ -7,7 +7,10 @@ import (
 	"context"
 
 	"forgejo.org/models/db"
+	repo_model "forgejo.org/models/repo"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
+	"forgejo.org/modules/log"
 	"forgejo.org/modules/markup"
 	"forgejo.org/modules/markup/markdown"
 
@@ -23,33 +26,62 @@ type CodeConversationsAtLine map[int64][]CodeConversation
 // CodeConversationsAtLineAndTreePath contains the conversations for a given TreePath and line
 type CodeConversationsAtLineAndTreePath map[string]CodeConversationsAtLine
 
-func newCodeConversationsAtLineAndTreePath(comments []*Comment) CodeConversationsAtLineAndTreePath {
+func newCodeConversationsAtLineAndTreePath(ctx context.Context, comments []*Comment, repo *repo_model.Repository, headCommitID string) (CodeConversationsAtLineAndTreePath, error) {
 	tree := make(CodeConversationsAtLineAndTreePath)
 	for _, comment := range comments {
-		tree.insertComment(comment)
+		blame, err := comment.ResolveCurrentLine(ctx, repo, headCommitID)
+		if err != nil {
+			// ResolveCurrentLine can fail in at least one known situation -- where a comment is left on a line in a
+			// file that is being deleted. The blame would be for the commit that deleted the file, and a reverse git
+			// blame won't work because the file is missing in the target sha.
+			log.Warn("ResolveCurrentLine failed: %s", err.Error())
+			// handle gracefully -- insertComment will use the original values which may be usable
+			blame = nil
+		} else if blame.CommitID != headCommitID {
+			// Commit was made on a line that can't be reverse-blamed to the currently viewing head. This can happen
+			// because:
+			//  - line of code was removed between the commit it was tagged on, and the head commit
+			//  - force push on the repo caused there to be no git relationship between blame.CommitID->headCommitID
+			// We won't insert this comment into the comment tree because we don't know where to place it; it may appear
+			// when the user views a different commit in the PR, and it will always appear on the "Conversations" tab.
+			continue
+		}
+		tree.insertComment(comment, blame)
 	}
-	return tree
+	return tree, nil
 }
 
-func (tree CodeConversationsAtLineAndTreePath) insertComment(comment *Comment) {
+func (tree CodeConversationsAtLineAndTreePath) insertComment(comment *Comment, blame *git.ReverseLineBlame) {
+	treePath := comment.TreePath
+	line := comment.Line
+	if blame != nil {
+		treePath = blame.FilePath
+		line = int64(blame.LineNumber)
+		if comment.Line < 0 {
+			line *= -1
+		}
+	}
+
 	// attempt to append comment to existing conversations (i.e. list of comments belonging to the same review)
-	for i, conversation := range tree[comment.TreePath][comment.Line] {
+	for i, conversation := range tree[treePath][line] {
 		if conversation[0].ReviewID == comment.ReviewID {
-			tree[comment.TreePath][comment.Line][i] = append(conversation, comment)
+			tree[treePath][line][i] = append(conversation, comment)
 			return
 		}
 	}
 
 	// no previous conversation was found at this line, create it
-	if tree[comment.TreePath] == nil {
-		tree[comment.TreePath] = make(map[int64][]CodeConversation)
+	if tree[treePath] == nil {
+		tree[treePath] = make(map[int64][]CodeConversation)
 	}
 
-	tree[comment.TreePath][comment.Line] = append(tree[comment.TreePath][comment.Line], CodeConversation{comment})
+	tree[treePath][line] = append(tree[treePath][line], CodeConversation{comment})
 }
 
-// FetchCodeConversations will return a 2d-map: ["Path"]["Line"] = List of CodeConversation (one per review) for this line
-func FetchCodeConversations(ctx context.Context, issue *Issue, doer *user_model.User, showOutdatedComments bool) (CodeConversationsAtLineAndTreePath, error) {
+// FetchCodeConversations will return a 2d-map: ["Path"]["Line"] = List of CodeConversation (one per review) for this
+// line. headCommitID will be used to reverse-blame the comment into the correct path & line for the current context
+// that is being viewed.
+func FetchCodeConversations(ctx context.Context, issue *Issue, doer *user_model.User, showOutdatedComments bool, headCommitID string) (CodeConversationsAtLineAndTreePath, error) {
 	opts := FindCommentsOptions{
 		Type:    CommentTypeCode,
 		IssueID: issue.ID,
@@ -59,7 +91,7 @@ func FetchCodeConversations(ctx context.Context, issue *Issue, doer *user_model.
 		return nil, err
 	}
 
-	return newCodeConversationsAtLineAndTreePath(comments), nil
+	return newCodeConversationsAtLineAndTreePath(ctx, comments, issue.Repo, headCommitID)
 }
 
 // CodeComments represents comments on code by using this structure: FILENAME -> LINE (+ == proposed; - == previous) -> COMMENTS
diff --git a/models/issues/comment_test.go b/models/issues/comment_test.go
index da87b8ec2f..ea59d4f215 100644
--- a/models/issues/comment_test.go
+++ b/models/issues/comment_test.go
@@ -63,7 +63,7 @@ func TestFetchCodeConversations(t *testing.T) {
 		unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: 4}),
 		user, true))
 
-	res, err := issues_model.FetchCodeConversations(db.DefaultContext, issue, user, false)
+	res, err := issues_model.FetchCodeConversations(db.DefaultContext, issue, user, false, "")
 	require.NoError(t, err)
 	require.Contains(t, res, "README.md")
 	require.Contains(t, res["README.md"], int64(4))
@@ -77,7 +77,7 @@ func TestFetchCodeConversations(t *testing.T) {
 	assert.NotNil(t, r.User)
 
 	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-	res, err = issues_model.FetchCodeConversations(db.DefaultContext, issue, user2, false)
+	res, err = issues_model.FetchCodeConversations(db.DefaultContext, issue, user2, false, "")
 	require.NoError(t, err)
 	assert.Len(t, res, 1)
 }
diff --git a/modules/git/repo_blame.go b/modules/git/repo_blame.go
index 50f4c572d5..d760898ac6 100644
--- a/modules/git/repo_blame.go
+++ b/modules/git/repo_blame.go
@@ -65,3 +65,97 @@ func (repo *Repository) LineBlame(revision, file string, line uint64) (*Commit,
 
 	return commit, originalLineNo, nil
 }
+
+type ReverseLineBlame struct {
+	CommitID   string
+	LineNumber uint64
+	FilePath   string
+}
+
+// Reverses the effect of [LineBlame]. If a file was modified at originalLine number in originalRevision,
+// ReverseLineBlame will identify the last commit up-to-and-including currentRevision where that line exists, including
+// its new path and line number. If the returned commit is not the same as currentRevision, then it indicates that
+// content can no longer be located in currentRevision, and the returned commit is the last commit that had it.
+func (repo *Repository) ReverseLineBlame(originalRevision, file string, originalLine uint64, currentRevision string) (*ReverseLineBlame, error) {
+	if originalRevision == currentRevision {
+		// Would cause an error to run the reverse, "fatal: More than one commit to dig up from, (N) and (N)"
+		return &ReverseLineBlame{
+			CommitID:   originalRevision,
+			LineNumber: originalLine,
+			FilePath:   file,
+		}, nil
+	}
+
+	res, _, gitErr := NewCommand(repo.Ctx, "blame").
+		AddOptionValues("--reverse").
+		AddDynamicArguments(fmt.Sprintf("%s..%s", originalRevision, currentRevision)).
+		AddOptionFormat("-L %d,%d", originalLine, originalLine).
+		AddOptionValues("-p").
+		AddDashesAndList(file).RunStdString(&RunOpts{Dir: repo.Path})
+	if gitErr != nil {
+		return nil, gitErr
+	}
+
+	// Example output:
+	//
+	// 74be0e8aa338d1374ab7ca0a25a4f594955a69c2 16 9 1
+	// author FirstName LastName
+	// author-mail <author@example.org>
+	// author-time 1775492007
+	// author-tz -0600
+	// committer FirstName LastName
+	// committer-mail <author@example.org>
+	// committer-time 1775492007
+	// committer-tz -0600
+	// summary restore file-in-base to orig, now not present in diff
+	// filename README.md
+	//
+	// Header (https://git-scm.com/docs/git-blame#_the_porcelain_format):
+	// - 40-byte SHA-1 of the commit the line is attributed to;
+	// - the line number of the line in the original file; [note: opposite in reverse]
+	// - the line number of the line in the final file; [note: opposite in reverse]
+	// - on a line that starts a group of lines from a different commit than the previous one, the number of lines in
+	//   this group. On subsequent lines this field is absent.
+
+	lines := strings.Split(res, "\n")
+
+	header := lines[0]
+	headerValues := strings.Split(header, " ")
+	if len(headerValues) < 2 {
+		return nil, fmt.Errorf("failed to parse blame --reverse header: %q", header)
+	}
+
+	objectFormat, err := repo.GetObjectFormat()
+	if err != nil {
+		return nil, err
+	}
+	objectIDLen := objectFormat.FullLength()
+	objectID := headerValues[0]
+	if len(objectID) != objectIDLen {
+		return nil, fmt.Errorf("output of blame is invalid, cannot contain commit ID: %s", objectID)
+	}
+	commit, err := repo.GetCommit(objectID)
+	if err != nil {
+		return nil, fmt.Errorf("GetCommit: %w", err)
+	}
+
+	currentLineStr := headerValues[1]
+	currentLineNo, err := strconv.ParseUint(currentLineStr, 10, 64)
+	if err != nil {
+		return nil, fmt.Errorf("strconv.ParseUint: %w", err)
+	}
+
+	var filename string
+	for _, otherLine := range lines {
+		if strings.HasPrefix(otherLine, "filename ") {
+			filename = otherLine[len("filename "):]
+			break
+		}
+	}
+
+	return &ReverseLineBlame{
+		CommitID:   commit.ID.String(),
+		LineNumber: currentLineNo,
+		FilePath:   filename,
+	}, nil
+}
diff --git a/modules/git/repo_blame_test.go b/modules/git/repo_blame_test.go
index 4ddd5d9c3f..5803d082f0 100644
--- a/modules/git/repo_blame_test.go
+++ b/modules/git/repo_blame_test.go
@@ -89,11 +89,23 @@ func TestLineBlame(t *testing.T) {
 			assert.Equal(t, firstCommit, commit.ID.String())
 			assert.EqualValues(t, 1, lineno)
 
+			rev, err := gitRepo.ReverseLineBlame(commit.ID.String(), "ANSWER", lineno, secondCommit)
+			require.NoError(t, err)
+			assert.Equal(t, secondCommit, rev.CommitID)
+			assert.Equal(t, "ANSWER", rev.FilePath)
+			assert.EqualValues(t, 10, rev.LineNumber)
+
 			for i := range uint64(9) {
 				commit, lineno, err = gitRepo.LineBlame("HEAD", "ANSWER", i+1)
 				require.NoError(t, err)
 				assert.Equal(t, secondCommit, commit.ID.String())
 				assert.Equal(t, i+1, lineno)
+
+				rev, err := gitRepo.ReverseLineBlame(commit.ID.String(), "ANSWER", lineno, secondCommit)
+				require.NoError(t, err)
+				assert.Equal(t, secondCommit, rev.CommitID)
+				assert.Equal(t, "ANSWER", rev.FilePath)
+				assert.Equal(t, i+1, rev.LineNumber)
 			}
 		}
 
@@ -108,3 +120,66 @@ func TestLineBlame(t *testing.T) {
 		})
 	})
 }
+
+func TestReverseLineBlame(t *testing.T) {
+	t.Run("single commit", func(t *testing.T) {
+		tmpDir := t.TempDir()
+		require.NoError(t, InitRepository(t.Context(), tmpDir, false, Sha1ObjectFormat.Name()))
+
+		gitRepo, err := OpenRepository(t.Context(), tmpDir)
+		require.NoError(t, err)
+		defer gitRepo.Close()
+
+		require.NoError(t, os.WriteFile(path.Join(tmpDir, "file1.md"), []byte("abba\n"), 0o666))
+		require.NoError(t, AddChanges(tmpDir, true))
+		require.NoError(t, CommitChanges(tmpDir, CommitChangesOptions{Message: "abba spelt backwards"}))
+
+		commit, err := gitRepo.GetRefCommitID("HEAD")
+		require.NoError(t, err)
+
+		blameCommit, lineno, err := gitRepo.LineBlame("HEAD", "file1.md", 1)
+		require.NoError(t, err)
+		assert.Equal(t, commit, blameCommit.ID.String())
+		assert.EqualValues(t, 1, lineno)
+
+		rev, err := gitRepo.ReverseLineBlame(commit, "file1.md", lineno, commit)
+		require.NoError(t, err)
+		assert.Equal(t, commit, rev.CommitID)
+		assert.Equal(t, "file1.md", rev.FilePath)
+		assert.EqualValues(t, 1, rev.LineNumber)
+	})
+
+	t.Run("move file", func(t *testing.T) {
+		tmpDir := t.TempDir()
+		require.NoError(t, InitRepository(t.Context(), tmpDir, false, Sha1ObjectFormat.Name()))
+
+		gitRepo, err := OpenRepository(t.Context(), tmpDir)
+		require.NoError(t, err)
+		defer gitRepo.Close()
+
+		require.NoError(t, os.WriteFile(path.Join(tmpDir, "file1.md"), []byte("abba\n"), 0o666))
+		require.NoError(t, AddChanges(tmpDir, true))
+		require.NoError(t, CommitChanges(tmpDir, CommitChangesOptions{Message: "abba spelt backwards"}))
+
+		firstCommit, err := gitRepo.GetRefCommitID("HEAD")
+		require.NoError(t, err)
+
+		require.NoError(t, os.Rename(path.Join(tmpDir, "file1.md"), path.Join(tmpDir, "file2.md")))
+		require.NoError(t, AddChanges(tmpDir, true))
+		require.NoError(t, CommitChanges(tmpDir, CommitChangesOptions{Message: "move file"}))
+
+		secondCommit, err := gitRepo.GetRefCommitID("HEAD")
+		require.NoError(t, err)
+
+		blameCommit, lineno, err := gitRepo.LineBlame("HEAD", "file2.md", 1)
+		require.NoError(t, err)
+		assert.Equal(t, firstCommit, blameCommit.ID.String())
+		assert.EqualValues(t, 1, lineno)
+
+		rev, err := gitRepo.ReverseLineBlame(firstCommit, "file1.md", lineno, secondCommit)
+		require.NoError(t, err)
+		assert.Equal(t, secondCommit, rev.CommitID)
+		assert.Equal(t, "file2.md", rev.FilePath)
+		assert.EqualValues(t, 1, rev.LineNumber)
+	})
+}
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index dc36d2de68..4a8217c719 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -1099,7 +1099,7 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 		"numberOfViewedFiles": diff.NumViewedFiles,
 	}
 
-	if err = diff.LoadComments(ctx, issue, ctx.Doer, ctx.Data["ShowOutdatedComments"].(bool)); err != nil {
+	if err = diff.LoadComments(ctx, issue, ctx.Doer, ctx.Data["ShowOutdatedComments"].(bool), endCommitID); err != nil {
 		ctx.ServerError("LoadComments", err)
 		return
 	}
diff --git a/services/gitdiff/gitdiff.go b/services/gitdiff/gitdiff.go
index c1d0bc0107..fa3c26f149 100644
--- a/services/gitdiff/gitdiff.go
+++ b/services/gitdiff/gitdiff.go
@@ -487,8 +487,8 @@ type Diff struct {
 }
 
 // LoadComments loads comments into each line
-func (diff *Diff) LoadComments(ctx context.Context, issue *issues_model.Issue, currentUser *user_model.User, showOutdatedComments bool) error {
-	allConversations, err := issues_model.FetchCodeConversations(ctx, issue, currentUser, showOutdatedComments)
+func (diff *Diff) LoadComments(ctx context.Context, issue *issues_model.Issue, currentUser *user_model.User, showOutdatedComments bool, headCommitID string) error {
+	allConversations, err := issues_model.FetchCodeConversations(ctx, issue, currentUser, showOutdatedComments, headCommitID)
 	if err != nil {
 		return err
 	}
diff --git a/services/gitdiff/gitdiff_test.go b/services/gitdiff/gitdiff_test.go
index 7ba439be35..9748bf3828 100644
--- a/services/gitdiff/gitdiff_test.go
+++ b/services/gitdiff/gitdiff_test.go
@@ -600,7 +600,7 @@ func TestDiff_LoadCommentsNoOutdated(t *testing.T) {
 	issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 2})
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 	diff := setupDefaultDiff()
-	require.NoError(t, diff.LoadComments(db.DefaultContext, issue, user, false))
+	require.NoError(t, diff.LoadComments(db.DefaultContext, issue, user, false, ""))
 	assert.Len(t, diff.Files[0].Sections[0].Lines[0].Conversations, 2)
 }
 
@@ -610,7 +610,7 @@ func TestDiff_LoadCommentsWithOutdated(t *testing.T) {
 	issue := unittest.AssertExistsAndLoadBean(t, &issues_model.Issue{ID: 2})
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
 	diff := setupDefaultDiff()
-	require.NoError(t, diff.LoadComments(db.DefaultContext, issue, user, true))
+	require.NoError(t, diff.LoadComments(db.DefaultContext, issue, user, true, ""))
 	assert.Len(t, diff.Files[0].Sections[0].Lines[0].Conversations, 2)
 	assert.Len(t, diff.Files[0].Sections[0].Lines[0].Conversations[0], 2)
 	assert.Len(t, diff.Files[0].Sections[0].Lines[0].Conversations[1], 1)
diff --git a/tests/integration/pull_review_test.go b/tests/integration/pull_review_test.go
index 69628e08b5..1a60c1ea11 100644
--- a/tests/integration/pull_review_test.go
+++ b/tests/integration/pull_review_test.go
@@ -6,6 +6,7 @@ package integration
 
 import (
 	"bytes"
+	"encoding/base64"
 	"fmt"
 	"io"
 	"net/http"
@@ -13,11 +14,13 @@ import (
 	"net/url"
 	"os"
 	"path"
+	"slices"
 	"strconv"
 	"strings"
 	"testing"
 	"time"
 
+	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	issues_model "forgejo.org/models/issues"
 	repo_model "forgejo.org/models/repo"
@@ -26,7 +29,9 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
+	"forgejo.org/modules/optional"
 	repo_module "forgejo.org/modules/repository"
+	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
 	issue_service "forgejo.org/services/issue"
 	"forgejo.org/services/mailer"
@@ -35,8 +40,10 @@ import (
 	"forgejo.org/tests"
 
 	"github.com/PuerkitoBio/goquery"
+	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"golang.org/x/net/html"
 )
 
 func TestPullView_ReviewerMissed(t *testing.T) {
@@ -1048,3 +1055,659 @@ func TestPullRequestStaleReview(t *testing.T) {
 		})
 	})
 }
+
+func TestPullRequestCommentPlacement(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		t.Run("comment directly on change in PR", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			commitSHA := tester.changeFile("file1.md",
+				strings.Replace(tester.fileContent, "Line 50\n", "Line 50--modified\n", 1))
+			tester.createPR()
+
+			comment := tester.commentFromFilesChanged("file1.md", 50)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -48,3 +48,3 @@
+ Line 48
+ Line 49
+-Line 50
++Line 50--modified`, comment.PatchQuoted)
+			assert.Equal(t, "proposed", comment.DiffSide())
+			assert.EqualValues(t, 50, comment.Line)
+			assert.Equal(t, commitSHA, comment.CommitSHA)
+
+			diff := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowDelCode, code: "Line 50"},
+				{rowType: RowAddCode, code: "Line 50--modified"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertFilesChangedDiff(diff)
+			tester.assertCommitDiff(commitSHA, diff)
+		})
+
+		t.Run("comment lands on blame from commit within PR", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Modify an earlier part of the file in one commit, and a later part of the file in a second commit.
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 25\n", "Line 25--modified\n", 1)
+			commit1 := tester.changeFile("file1.md", content)
+			content = strings.Replace(content, "Line 75\n", "Line 75--modified\n", 1)
+			commit2 := tester.changeFile("file1.md", content)
+			tester.createPR()
+
+			// Comment on the earlier change, from the "Files changed" view; this should "git blame" and be asociated
+			// with the first commit where that change was made, therefore appearing on the commit-specific diff later:
+			comment := tester.commentFromFilesChanged("file1.md", 25)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -23,3 +23,3 @@
+ Line 23
+ Line 24
+-Line 25
++Line 25--modified`, comment.PatchQuoted)
+			assert.Equal(t, "proposed", comment.DiffSide())
+			assert.EqualValues(t, 25, comment.Line)
+			assert.Equal(t, commit1, comment.CommitSHA)
+
+			diff25 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 24"},
+				{rowType: RowDelCode, code: "Line 25"},
+				{rowType: RowAddCode, code: "Line 25--modified"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowHasCode, code: "Line 26"},
+			}
+			tester.assertFilesChangedDiff(diff25)
+			tester.assertCommitDiff(commit1, diff25)
+
+			diff75 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 74"},
+				{rowType: RowDelCode, code: "Line 75"},
+				{rowType: RowAddCode, code: "Line 75--modified"},
+				{rowType: RowHasCode, code: "Line 76"},
+			}
+			tester.assertFilesChangedDiff(diff75)
+			tester.assertCommitDiff(commit2, diff75)
+		})
+
+		t.Run("comment lands on blame commit from before PR", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Modify line 50...
+			commitSHA := tester.changeFile("file1.md",
+				strings.Replace(tester.fileContent, "Line 50\n", "Line 50--modified\n", 1))
+			tester.createPR()
+
+			// But while viewing line 50's diff, place a comment on line 49.  This will "git blame" to a commit outside
+			// of this PR, but that's fine...
+			comment := tester.commentFromFilesChanged("file1.md", 49)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -47,7 +47,7 @@ Line 46
+ Line 47
+ Line 48
+ Line 49`, comment.PatchQuoted)
+			assert.Equal(t, "proposed", comment.DiffSide())
+			assert.EqualValues(t, 49, comment.Line)
+			assert.NotEqual(t, commitSHA, comment.CommitSHA)
+
+			diff := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 48"},
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowDelCode, code: "Line 50"},
+				{rowType: RowAddCode, code: "Line 50--modified"},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertFilesChangedDiff(diff)
+			tester.assertCommitDiff(commitSHA, diff)
+		})
+
+		t.Run("comment on line moves due to a following commit", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Modify line 50
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 50\n", "Line 50--modified\n", 1)
+			commit1 := tester.changeFile("file1.md", content)
+			tester.createPR()
+
+			// Place a comment on "Line 50--modified"
+			comment := tester.commentFromFilesChanged("file1.md", 50)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -48,3 +48,3 @@
+ Line 48
+ Line 49
+-Line 50
++Line 50--modified`, comment.PatchQuoted)
+			assert.Equal(t, "proposed", comment.DiffSide())
+			assert.EqualValues(t, 50, comment.Line)
+			assert.Equal(t, commit1, comment.CommitSHA)
+
+			// Add a second commit to the PR which removes  "Line 1" - "Line 10".
+			content = strings.Replace(content, "Line 1\nLine 2\nLine 3\nLine 4\nLine 5\nLine 6\nLine 7\nLine 8\nLine 9\nLine 10\n", "", 1)
+			commit2 := tester.changeFile("file1.md", content)
+
+			diff2 := []diffTableRow{
+				{rowType: RowDelCode, code: "Line 9"},
+				{rowType: RowDelCode, code: "Line 10"},
+				{rowType: RowHasCode, code: "Line 11"},
+			}
+			tester.assertFilesChangedDiff(diff2, "checking commit2 contents in full PR diff")
+			tester.assertCommitDiff(commit2, diff2, "checking commit2 contents in single-commit diff")
+
+			diff1 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowDelCode, code: "Line 50"},
+				{rowType: RowAddCode, code: "Line 50--modified"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertFilesChangedDiff(diff1, "checking commit1 contents in full PR diff")
+			tester.assertCommitDiff(commit1, diff1, "checking commit1 contents in single-commit diff")
+		})
+
+		t.Run("comment on line moves due to a following commit, following commit is rewritten and force-push'd", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Modify line 50
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 50\n", "Line 50--modified\n", 1)
+			commit1 := tester.changeFile("file1.md", content)
+			tester.createPR()
+
+			// Place a comment on "Line 50--modified"
+			comment := tester.commentFromFilesChanged("file1.md", 50)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -48,3 +48,3 @@
+ Line 48
+ Line 49
+-Line 50
++Line 50--modified`, comment.PatchQuoted)
+			assert.Equal(t, "proposed", comment.DiffSide())
+			assert.EqualValues(t, 50, comment.Line)
+			assert.Equal(t, commit1, comment.CommitSHA)
+
+			// Add a second commit to the PR which removes  "Line 1" - "Line 10".
+			content = strings.Replace(content, "Line 1\nLine 2\nLine 3\nLine 4\nLine 5\nLine 6\nLine 7\nLine 8\nLine 9\nLine 10\n", "", 1)
+			tester.changeFile("file1.md", content)
+
+			// Now amend commit2v1 with an additional change, causing a force push of the branch
+			tester.withBranchCheckout(func(repoPath string) {
+				content = strings.Replace(content, "Line 11\n", "", 1) // Remove Line 11 as well
+				require.NoError(t, os.WriteFile(path.Join(repoPath, "file1.md"), []byte(content), 0o644))
+				require.NoError(t, git.NewCommand(t.Context(), "commit", "-a", "--amend", "--no-edit").Run(&git.RunOpts{Dir: repoPath}))
+				require.NoError(t, git.NewCommand(t.Context(), "push", "--force").Run(&git.RunOpts{Dir: repoPath}))
+			})
+
+			diff2 := []diffTableRow{
+				{rowType: RowDelCode, code: "Line 10"},
+				{rowType: RowDelCode, code: "Line 11"},
+				{rowType: RowHasCode, code: "Line 12"},
+			}
+			tester.assertFilesChangedDiff(diff2, "checking commit2 (force push) contents in full PR diff")
+
+			diff1 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowDelCode, code: "Line 50"},
+				{rowType: RowAddCode, code: "Line 50--modified"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertFilesChangedDiff(diff1, "checking commit1 contents in full PR diff")
+			tester.assertCommitDiff(commit1, diff1, "checking commit1 contents in single-commit diff")
+		})
+
+		t.Run("comment on line commit is rewritten and force-push'd", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Modify line 50
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 50\n", "Line 50--modified\n", 1)
+			commit1 := tester.changeFile("file1.md", content)
+			tester.createPR()
+
+			// Place a comment on "Line 50--modified"
+			comment := tester.commentFromFilesChanged("file1.md", 50)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -48,3 +48,3 @@
+ Line 48
+ Line 49
+-Line 50
++Line 50--modified`, comment.PatchQuoted)
+			assert.Equal(t, "proposed", comment.DiffSide())
+			assert.EqualValues(t, 50, comment.Line)
+			assert.Equal(t, commit1, comment.CommitSHA)
+
+			// Add a second commit to the PR which removes  "Line 1" - "Line 10".
+			content = strings.Replace(content, "Line 1\nLine 2\nLine 3\nLine 4\nLine 5\nLine 6\nLine 7\nLine 8\nLine 9\nLine 10\n", "", 1)
+			commit2 := tester.changeFile("file1.md", content)
+
+			// Now, reorganize these commits, so that it's main->commit2->commit1 on the branch, rather than
+			// main->commit1->commit2. Then force push the branch.
+			tester.withBranchCheckout(func(repoPath string) {
+				// move commit2 onto main, off commit1
+				require.NoError(t,
+					git.NewCommand(t.Context(), "rebase").
+						AddArguments("--onto").AddDynamicArguments(tester.initialSHA).
+						AddDynamicArguments(commit1).
+						AddDynamicArguments(commit2).
+						Run(&git.RunOpts{Dir: repoPath}))
+				// move commit1 onto HEAD, off main
+				require.NoError(t,
+					git.NewCommand(t.Context(), "rebase").
+						AddArguments("--onto").AddDynamicArguments("HEAD").
+						AddDynamicArguments(tester.initialSHA).
+						AddDynamicArguments(commit1).
+						Run(&git.RunOpts{Dir: repoPath}))
+
+				// delete branch for the PR
+				has, branch := tester.branch.Get()
+				require.True(t, has)
+				require.NoError(t,
+					git.NewCommand(t.Context(), "branch").
+						AddArguments("-D").AddDynamicArguments(branch).
+						Run(&git.RunOpts{Dir: repoPath}))
+				// call HEAD as the branch
+				require.NoError(t,
+					git.NewCommand(t.Context(), "branch").
+						AddDynamicArguments(branch).
+						Run(&git.RunOpts{Dir: repoPath}))
+
+				// force push the rebuilt branch
+				require.NoError(t, git.NewCommand(t.Context(), "push", "--force", "origin").AddDynamicArguments(branch).Run(&git.RunOpts{Dir: repoPath}))
+			})
+
+			diff2 := []diffTableRow{
+				{rowType: RowDelCode, code: "Line 10"},
+				{rowType: RowHasCode, code: "Line 11"},
+			}
+			tester.assertFilesChangedDiff(diff2, "checking commit2 (force push) contents in full PR diff")
+
+			diff1 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowDelCode, code: "Line 50"},
+				{rowType: RowAddCode, code: "Line 50--modified"},
+				// no comment visible anymore; force push has lost its place at this time
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertFilesChangedDiff(diff1, "checking commit1 contents in full PR diff")
+		})
+
+		t.Run("comment lands on blame with original line number varying from current", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Remove "Line 1" - "Line 10", on the base branch. If you "git blame" Line 50 at that point, it will have
+			// an original line number 50, but actually be appearing at line number index 40, causing wrong outputs.
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 1\nLine 2\nLine 3\nLine 4\nLine 5\nLine 6\nLine 7\nLine 8\nLine 9\nLine 10\n", "", 1)
+			tester.changeFileOnBase("file1.md", content)
+
+			// Now modify "Line 51" in a PR:
+			commitSHA := tester.changeFile("file1.md", strings.Replace(content, "Line 51\n", "Line 51--modified\n", 1))
+			tester.createPR()
+
+			// Place a comment on "Line 50", which would "git blame" to the original commit and line number 50, even
+			// though it's now actually at line number 40.
+			comment := tester.commentFromFilesChanged("file1.md", lineNumber(content, "Line 50"))
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -38,7 +38,7 @@ Line 47
+ Line 48
+ Line 49
+ Line 50`, comment.PatchQuoted)
+			assert.Equal(t, "proposed", comment.DiffSide())
+			assert.EqualValues(t, 50, comment.Line)
+			assert.Equal(t, tester.initialSHA, comment.CommitSHA)
+
+			diff := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowHasCode, code: "Line 50"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowDelCode, code: "Line 51"},
+				{rowType: RowAddCode, code: "Line 51--modified"},
+				{rowType: RowHasCode, code: "Line 52"},
+			}
+			tester.assertFilesChangedDiff(diff)
+			tester.assertCommitDiff(commitSHA, diff)
+		})
+	})
+}
+
+type PullRequestCommentPlacementTester struct {
+	t           *testing.T
+	user        *user_model.User
+	session     *TestSession
+	apiToken    string
+	fileContent string
+	repo        *repo_model.Repository
+	initialSHA  string
+	branch      optional.Option[string]
+	pr          *api.PullRequest
+}
+
+func newPullRequestCommentPlacementTester(t *testing.T) *PullRequestCommentPlacementTester {
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	token := getUserToken(t, "user2", auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeWriteIssue)
+	session := loginUser(t, user2.Name)
+
+	var content strings.Builder
+	for i := range 100 {
+		content.WriteString(fmt.Sprintf("Line %d\n", i+1)) // +1 -> make "Line N" appear on the Nth line and avoid off-by-one confusions
+	}
+
+	repo, initialSHA, reset := tests.CreateDeclarativeRepoWithOptions(t, user2, tests.DeclarativeRepoOptions{
+		Files: optional.Some([]*files_service.ChangeRepoFile{
+			{
+				Operation:     "create",
+				TreePath:      "file1.md",
+				ContentReader: strings.NewReader(content.String()),
+			},
+			{
+				Operation:     "create",
+				TreePath:      "file2.md",
+				ContentReader: strings.NewReader(content.String()),
+			},
+		}),
+	})
+	t.Cleanup(reset)
+
+	return &PullRequestCommentPlacementTester{
+		t:           t,
+		user:        user2,
+		session:     session,
+		apiToken:    token,
+		fileContent: content.String(),
+		repo:        repo,
+		initialSHA:  initialSHA,
+	}
+}
+
+func (tester *PullRequestCommentPlacementTester) changeFileOnBranch(sourceBranch, targetBranch string, targetBranchIsNew bool, filename, newContent string) string {
+	req := NewRequest(tester.t,
+		"GET",
+		fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?ref=%s", tester.repo.OwnerName, tester.repo.Name, filename, sourceBranch)).
+		AddTokenAuth(tester.apiToken)
+	resp := MakeRequest(tester.t, req, http.StatusOK)
+	var existingFile api.ContentsResponse
+	DecodeJSON(tester.t, resp, &existingFile)
+
+	opts := api.UpdateFileOptions{
+		DeleteFileOptions: api.DeleteFileOptions{
+			SHA: existingFile.SHA,
+		},
+		ContentBase64: base64.StdEncoding.EncodeToString([]byte(newContent)),
+	}
+	if targetBranchIsNew {
+		opts.DeleteFileOptions.FileOptions.NewBranchName = targetBranch
+	} else {
+		opts.DeleteFileOptions.FileOptions.BranchName = targetBranch
+	}
+	req = NewRequestWithJSON(tester.t,
+		"PUT",
+		fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", tester.repo.OwnerName, tester.repo.Name, filename),
+		opts).AddTokenAuth(tester.apiToken)
+	resp = MakeRequest(tester.t, req, http.StatusOK)
+	var updateFileResponse api.FileResponse
+	DecodeJSON(tester.t, resp, &updateFileResponse)
+
+	return updateFileResponse.Commit.SHA
+}
+
+func (tester *PullRequestCommentPlacementTester) changeFileOnBase(filename, newContent string) string {
+	return tester.changeFileOnBranch(tester.repo.DefaultBranch, tester.repo.DefaultBranch, false, filename, newContent)
+}
+
+func (tester *PullRequestCommentPlacementTester) changeFile(filename, newContent string) string {
+	var sourceBranch string // where to get the file's last SHA from
+	branchExists, branch := tester.branch.Get()
+	if !branchExists {
+		branch = fmt.Sprintf("branch-%s", uuid.New().String())
+		tester.branch = optional.Some(branch)
+		sourceBranch = tester.repo.DefaultBranch
+	} else {
+		sourceBranch = branch
+	}
+	return tester.changeFileOnBranch(sourceBranch, branch, !branchExists, filename, newContent)
+}
+
+func (tester *PullRequestCommentPlacementTester) createPR() {
+	branchExists, branch := tester.branch.Get()
+	require.True(tester.t, branchExists)
+	req := NewRequestWithJSON(tester.t, "POST",
+		fmt.Sprintf("/api/v1/repos/%s/%s/pulls", tester.repo.OwnerName, tester.repo.Name),
+		&api.CreatePullRequestOption{
+			Head:  branch,
+			Base:  tester.repo.DefaultBranch,
+			Title: fmt.Sprintf("PR from branch %s", tester.branch),
+		}).AddTokenAuth(tester.apiToken)
+	resp := MakeRequest(tester.t, req, http.StatusCreated)
+	var pr api.PullRequest
+	DecodeJSON(tester.t, resp, &pr)
+	tester.pr = &pr
+}
+
+func (tester *PullRequestCommentPlacementTester) commentFromFilesChanged(filename string, line int) *issues_model.Comment {
+	commentContent := uuid.New().String()
+
+	req := NewRequest(tester.t, "GET",
+		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/new_comment", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index))
+	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
+
+	doc := NewHTMLParser(tester.t, resp.Body)
+	req = NewRequestWithValues(tester.t, "POST",
+		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/comments", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index),
+		map[string]string{
+			"origin":           doc.GetInputValueByName("origin"),
+			"latest_commit_id": doc.GetInputValueByName("latest_commit_id"),
+			"side":             "proposed", // "proposed" (RHS) or "previous" (LHS)
+			"line":             strconv.Itoa(line),
+			"path":             filename,
+			"diff_start_cid":   doc.GetInputValueByName("diff_start_cid"),
+			"diff_end_cid":     doc.GetInputValueByName("diff_end_cid"),
+			"diff_base_cid":    doc.GetInputValueByName("diff_base_cid"),
+			"content":          commentContent,
+			"single_review":    "true",
+		})
+	tester.session.MakeRequest(tester.t, req, http.StatusOK)
+
+	comment := unittest.AssertExistsAndLoadBean(tester.t, &issues_model.Comment{Content: commentContent})
+	return comment
+}
+
+func (tester *PullRequestCommentPlacementTester) withBranchCheckout(action func(string)) {
+	dstPath := tester.t.TempDir()
+	cloneURL, _ := url.Parse(tester.repo.CloneLink().HTTPS)
+	cloneURL.User = url.UserPassword(tester.user.LoginName, userPassword)
+	require.NoError(tester.t, git.CloneWithArgs(tester.t.Context(), nil, cloneURL.String(), dstPath, git.CloneRepoOptions{}))
+	doGitSetRemoteURL(dstPath, "origin", cloneURL)(tester.t)
+
+	branchExists, branch := tester.branch.Get()
+	require.True(tester.t, branchExists)
+	require.NoError(tester.t, git.NewCommand(tester.t.Context(), "checkout").AddDynamicArguments(branch).Run(&git.RunOpts{Dir: dstPath}))
+
+	action(dstPath)
+}
+
+func (tester *PullRequestCommentPlacementTester) assertFilesChangedDiff(rowAssertions []diffTableRow, note ...string) {
+	req := NewRequest(tester.t, "GET",
+		fmt.Sprintf("/%s/%s/pulls/%d/files?show-outdated=true", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index))
+	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
+	doc := NewHTMLParser(tester.t, resp.Body)
+	var testNote string
+	if len(note) == 0 {
+		testNote = "contents in single-commit diff"
+	} else {
+		testNote = note[0]
+	}
+	assertDiffTable(tester.t, doc, rowAssertions, testNote)
+}
+
+func (tester *PullRequestCommentPlacementTester) assertCommitDiff(commitSHA string, rowAssertions []diffTableRow, note ...string) {
+	req := NewRequest(tester.t, "GET",
+		fmt.Sprintf("/%s/%s/pulls/%d/commits/%s?show-outdated=true", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index, commitSHA))
+	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
+	doc := NewHTMLParser(tester.t, resp.Body)
+	var testNote string
+	if len(note) == 0 {
+		testNote = "contents in full PR diff"
+	} else {
+		testNote = note[0]
+	}
+	assertDiffTable(tester.t, doc, rowAssertions, testNote)
+}
+
+func lineNumber(content, line string) int {
+	return slices.Index(strings.Split(content, "\n"), line) + 1
+}
+
+type diffTableRowType int
+
+const (
+	RowHasCode diffTableRowType = iota
+	RowAddCode
+	RowDelCode
+	RowComment
+)
+
+type diffTableRow struct {
+	rowType diffTableRowType
+	// RowHasCode, RowAddCode, RowDelCode
+	code string
+	// RowComment
+	commentID int64
+}
+
+func nodeText(node *html.Node) string {
+	if node.Type == html.TextNode {
+		return node.Data
+	}
+	var builder strings.Builder
+	for child := range node.ChildNodes() {
+		childText := strings.TrimSpace(nodeText(child))
+		builder.WriteString(childText)
+	}
+	return builder.String()
+}
+
+func nodeAttr(node *html.Node, key string) string {
+	for _, attr := range node.Attr {
+		if attr.Key == key {
+			return attr.Val
+		}
+	}
+	return ""
+}
+
+func checkDiffTableRow(t *testing.T, tableRow *html.Node, rowAssertion diffTableRow) string {
+	switch rowAssertion.rowType {
+	case RowHasCode:
+		text := nodeText(tableRow)
+		if text != rowAssertion.code {
+			return fmt.Sprintf("wanted diff %q, but found diff %q", rowAssertion.code, text)
+		}
+	case RowDelCode:
+		dataLineType := nodeAttr(tableRow, "data-line-type")
+		if dataLineType != "del" {
+			return fmt.Sprintf("wanted delete code in diff, but found data-line-type=%q", dataLineType)
+		}
+		text := nodeText(tableRow)
+		if text != rowAssertion.code {
+			return fmt.Sprintf("wanted delete code with line %q, but found diff %q", rowAssertion.code, text)
+		}
+	case RowAddCode:
+		dataLineType := nodeAttr(tableRow, "data-line-type")
+		if dataLineType != "add" {
+			return fmt.Sprintf("wanted add code in diff, but found data-line-type=%q", dataLineType)
+		}
+		text := nodeText(tableRow)
+		if text != rowAssertion.code {
+			return fmt.Sprintf("wanted add code with line %q, but found diff %q", rowAssertion.code, text)
+		}
+	case RowComment:
+		class := nodeAttr(tableRow, "class")
+		if class != "add-comment" {
+			return fmt.Sprintf("wanted comment in diff, but found class=%q", class)
+		}
+		found := false
+		for desc := range tableRow.Descendants() {
+			descID := nodeAttr(desc, "id")
+			if descID == fmt.Sprintf("code-comments-%d", rowAssertion.commentID) {
+				found = true
+				break
+			}
+		}
+		if !found {
+			return fmt.Sprintf("wanted comment with ID %d, but could not be identified", rowAssertion.commentID)
+		}
+	}
+	return ""
+}
+
+func assertDiffTable(t *testing.T, doc *HTMLDoc, rowAssertions []diffTableRow, note string) {
+	require.NotEmpty(t, rowAssertions)
+
+	diffTable := doc.Find("table.chroma")
+	require.Equal(t, 1, diffTable.Length())
+
+	rows := diffTable.Find("tbody > tr[data-line-type]") // [data-line-type] is used to avoid matching tables within comment boxes
+
+	// Find the first row to match rowAssertions[0], and then we'll iterate from there matching each row exactly.
+	tableFirstRowIndex := 0
+	foundFirst := false
+	firstRowMismatches := []string{}
+	for ; tableFirstRowIndex < rows.Length(); tableFirstRowIndex++ {
+		mismatch := checkDiffTableRow(t, rows.Get(tableFirstRowIndex), rowAssertions[0])
+		if mismatch == "" {
+			foundFirst = true
+			break
+		}
+		firstRowMismatches = append(firstRowMismatches, mismatch)
+	}
+	if !foundFirst {
+		// We're going to fail because we couldn't find the first row in rowAssertions -- this can be tricky to debug so
+		// help out by outputting all the rows we looked at that didn't match:
+		t.Log("first row mismatches:")
+		for _, mm := range firstRowMismatches {
+			t.Logf("\t%s", mm)
+		}
+		require.Failf(t, "unable to find first row", "test %s: failed to find first row assertion", note)
+	}
+
+	for idx, assertion := range rowAssertions {
+		if idx == 0 { // skip first row assertion, already checked to find tableFirstRowIndex
+			continue
+		}
+
+		tableIdx := tableFirstRowIndex + idx
+		if tableIdx >= rows.Length() {
+			require.Failf(t, "ran out of table rows", "test %s: row assertion at index %d couldn't be satisfied", note, idx)
+		}
+
+		tableRow := rows.Get(tableIdx)
+		check := checkDiffTableRow(t, tableRow, assertion)
+		if check != "" {
+			assert.Failf(t, check, "test %s: row assertion at index %d couldn't be satisfied", note, idx)
+		}
+	}
+}

From 160cd930ff8dad7a880fc5890d255f7dfb237111 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 11 Apr 2026 22:16:09 +0200
Subject: [PATCH 671/854] Update module golang.org/x/net to v0.53.0 (forgejo)
 (#12069)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12069
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d38a349c21..0088bd43ef 100644
--- a/go.mod
+++ b/go.mod
@@ -104,7 +104,7 @@ require (
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.50.0
 	golang.org/x/image v0.39.0
-	golang.org/x/net v0.52.0
+	golang.org/x/net v0.53.0
 	golang.org/x/oauth2 v0.36.0
 	golang.org/x/sync v0.20.0
 	golang.org/x/sys v0.43.0
diff --git a/go.sum b/go.sum
index da2abee521..82b1a02a3e 100644
--- a/go.sum
+++ b/go.sum
@@ -789,8 +789,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
-golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
+golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA=
+golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 40aa3a5c7d2e5a69bb395391876f8ebce4aface7 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 11 Apr 2026 23:10:34 +0200
Subject: [PATCH 672/854] fix: mark code comments as Outdated based upon
 line-of-code existence in current PR commit (#12054)

Currently when a commit is pushed to a branch, code comments are marked as Outdated if a `git blame` on the current commit's code returns the same commit as the `git blame` did when the comment was originally created.  This implementation doesn't make sense:
- It doesn't handle the case correctly where the same line of code exists unaltered in the new commit, but it has been relocated (eg. new lines entered or removed above the location).
- It falsely keeps the commit valid if the line of code that the comment was made upon has been removed, if, coincidentally, the line of code that now exists at the commit came from the same source commit.  For example, if the line of code that the comment was on was deleted, but the next line of code came from the same commit, the comment will be kept as valid.

This PR uses the logic introduced in #12015, using a `git blame --reverse` -- the commit & line that was identified as having the comment on it is reversed, and if it still exists in the new head, then the comment is considered valid.  Otherwise it is marked as outdated.

Automated tests are added primarily by revising the automated tests in #12015 -- a comment in an existing test case was marked as outdated, even though it shouldn't have been.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12054): <!--number 12054 --><!--line 0 --><!--description bWFyayBjb2RlIGNvbW1lbnRzIGFzIE91dGRhdGVkIGJhc2VkIHVwb24gbGluZS1vZi1jb2RlIGV4aXN0ZW5jZSBpbiBjdXJyZW50IFBSIGNvbW1pdA==-->mark code comments as Outdated based upon line-of-code existence in current PR commit<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12054
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/unittest/unit_tests.go         |  2 +-
 services/pull/pull.go                 | 11 +++--------
 services/pull/review.go               | 28 ++++++++++++++++++++++++---
 tests/integration/pull_review_test.go | 22 +++++++++++++++++++--
 4 files changed, 49 insertions(+), 14 deletions(-)

diff --git a/models/unittest/unit_tests.go b/models/unittest/unit_tests.go
index 2fa49e443a..411777cb17 100644
--- a/models/unittest/unit_tests.go
+++ b/models/unittest/unit_tests.go
@@ -67,7 +67,7 @@ func BeanExists(t testing.TB, bean any, conditions ...any) bool {
 }
 
 // AssertExistsAndLoadBean assert that a bean exists and load it from the test database
-func AssertExistsAndLoadBean[T any](t testing.TB, bean T, conditions ...any) T {
+func AssertExistsAndLoadBean[T any](t require.TestingT, bean T, conditions ...any) T {
 	exists, err := LoadBeanIfExists(bean, conditions...)
 	require.NoError(t, err)
 	assert.True(t, exists,
diff --git a/services/pull/pull.go b/services/pull/pull.go
index 9cb957d021..03b7ce531b 100644
--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@@ -263,22 +263,17 @@ func ChangeTargetBranch(ctx context.Context, pr *issues_model.PullRequest, doer
 	return nil
 }
 
-func checkForInvalidation(ctx context.Context, requests issues_model.PullRequestList, repoID int64, doer *user_model.User, branch string) error {
+func checkForInvalidation(ctx context.Context, requests issues_model.PullRequestList, repoID int64, doer *user_model.User, branch, newCommitID string) error {
 	repo, err := repo_model.GetRepositoryByID(ctx, repoID)
 	if err != nil {
 		return fmt.Errorf("GetRepositoryByIDCtx: %w", err)
 	}
-	gitRepo, err := gitrepo.OpenRepository(ctx, repo)
-	if err != nil {
-		return fmt.Errorf("gitrepo.OpenRepository: %w", err)
-	}
 	go func() {
 		// FIXME: graceful: We need to tell the manager we're doing something...
-		err := InvalidateCodeComments(ctx, requests, doer, gitRepo, branch)
+		err := InvalidateCodeComments(ctx, requests, doer, repo, branch, newCommitID)
 		if err != nil {
 			log.Error("PullRequestList.InvalidateCodeComments: %v", err)
 		}
-		gitRepo.Close()
 	}()
 	return nil
 }
@@ -340,7 +335,7 @@ func TestPullRequest(ctx context.Context, doer *user_model.User, repoID, olderTh
 		if err = requests.LoadAttributes(ctx); err != nil {
 			log.Error("PullRequestList.LoadAttributes: %v", err)
 		}
-		if invalidationErr := checkForInvalidation(ctx, requests, repoID, doer, branch); invalidationErr != nil {
+		if invalidationErr := checkForInvalidation(ctx, requests, repoID, doer, branch, newCommitID); invalidationErr != nil {
 			log.Error("checkForInvalidation: %v", invalidationErr)
 		}
 		if err == nil {
diff --git a/services/pull/review.go b/services/pull/review.go
index 760235325d..b8d4a30be8 100644
--- a/services/pull/review.go
+++ b/services/pull/review.go
@@ -42,7 +42,29 @@ func (err ErrDismissRequestOnClosedPR) Unwrap() error {
 
 // checkInvalidation checks if the line of code comment got changed by another commit.
 // If the line got changed the comment is going to be invalidated.
-func checkInvalidation(ctx context.Context, c *issues_model.Comment, repo *git.Repository, branch string) error {
+func checkInvalidation(ctx context.Context, c *issues_model.Comment, repo *repo_model.Repository, branch, newCommitID string) error {
+	if c.Line < 0 {
+		// Comment is on a removed line of code -- the `git blame --reverse` codepath doesn't work for this. Retain the
+		// originalbehaviour until a revision is done specific to removed lines:
+		gitRepo, closer, err := gitrepo.RepositoryFromContextOrOpen(ctx, repo)
+		if err != nil {
+			return fmt.Errorf("failed to open repo: %w", err)
+		}
+		defer closer.Close()
+		return obsoleteCheckInvalidation(ctx, c, gitRepo, branch)
+	}
+
+	reverseBlame, err := c.ResolveCurrentLine(ctx, repo, newCommitID)
+	if err != nil {
+		log.Warn("ResolveCurrentLine failed: %s", err.Error())
+	} else if reverseBlame.CommitID != newCommitID {
+		c.Invalidated = true
+		return issues_model.UpdateCommentInvalidate(ctx, c)
+	}
+	return nil
+}
+
+func obsoleteCheckInvalidation(ctx context.Context, c *issues_model.Comment, repo *git.Repository, branch string) error {
 	// FIXME differentiate between previous and proposed line
 	commit, _, err := repo.LineBlame(branch, c.TreePath, c.UnsignedLine())
 	if err != nil && (errors.Is(err, git.ErrBlameFileDoesNotExist) || errors.Is(err, git.ErrBlameFileNotEnoughLines)) {
@@ -60,7 +82,7 @@ func checkInvalidation(ctx context.Context, c *issues_model.Comment, repo *git.R
 }
 
 // InvalidateCodeComments will lookup the prs for code comments which got invalidated by change
-func InvalidateCodeComments(ctx context.Context, prs issues_model.PullRequestList, doer *user_model.User, repo *git.Repository, branch string) error {
+func InvalidateCodeComments(ctx context.Context, prs issues_model.PullRequestList, doer *user_model.User, repo *repo_model.Repository, branch, newCommitID string) error {
 	if len(prs) == 0 {
 		return nil
 	}
@@ -76,7 +98,7 @@ func InvalidateCodeComments(ctx context.Context, prs issues_model.PullRequestLis
 		return fmt.Errorf("find code comments: %v", err)
 	}
 	for _, comment := range codeComments {
-		if err := checkInvalidation(ctx, comment, repo, branch); err != nil {
+		if err := checkInvalidation(ctx, comment, repo, branch, newCommitID); err != nil {
 			return err
 		}
 	}
diff --git a/tests/integration/pull_review_test.go b/tests/integration/pull_review_test.go
index 1a60c1ea11..3c0ea62a9c 100644
--- a/tests/integration/pull_review_test.go
+++ b/tests/integration/pull_review_test.go
@@ -1242,6 +1242,7 @@ func TestPullRequestCommentPlacement(t *testing.T) {
 			assert.Equal(t, "proposed", comment.DiffSide())
 			assert.EqualValues(t, 50, comment.Line)
 			assert.Equal(t, commit1, comment.CommitSHA)
+			assert.False(t, comment.Invalidated)
 
 			// Add a second commit to the PR which removes  "Line 1" - "Line 10".
 			content = strings.Replace(content, "Line 1\nLine 2\nLine 3\nLine 4\nLine 5\nLine 6\nLine 7\nLine 8\nLine 9\nLine 10\n", "", 1)
@@ -1271,6 +1272,11 @@ func TestPullRequestCommentPlacement(t *testing.T) {
 			}
 			tester.assertFilesChangedDiff(diff1, "checking commit1 contents in full PR diff")
 			tester.assertCommitDiff(commit1, diff1, "checking commit1 contents in single-commit diff")
+
+			// This comment can still be located in the diff, so it should not be marked as Invalidated/Outdated --
+			// which is kinda guaranteed by it being loaded in the diff, but for test sanity assert specifically.
+			commentReloaded := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: comment.ID})
+			assert.False(t, commentReloaded.Invalidated)
 		})
 
 		t.Run("comment on line commit is rewritten and force-push'd", func(t *testing.T) {
@@ -1296,6 +1302,7 @@ func TestPullRequestCommentPlacement(t *testing.T) {
 			assert.Equal(t, "proposed", comment.DiffSide())
 			assert.EqualValues(t, 50, comment.Line)
 			assert.Equal(t, commit1, comment.CommitSHA)
+			assert.False(t, comment.Invalidated)
 
 			// Add a second commit to the PR which removes  "Line 1" - "Line 10".
 			content = strings.Replace(content, "Line 1\nLine 2\nLine 3\nLine 4\nLine 5\nLine 6\nLine 7\nLine 8\nLine 9\nLine 10\n", "", 1)
@@ -1350,6 +1357,17 @@ func TestPullRequestCommentPlacement(t *testing.T) {
 				{rowType: RowHasCode, code: "Line 51"},
 			}
 			tester.assertFilesChangedDiff(diff1, "checking commit1 contents in full PR diff")
+
+			// After the force push, the comment we originally left should be marked as invalidated since it can no
+			// longer be resolved to a code location in the PR head. The above tests validate that it no longer appears
+			// in the diff, but this will also happen because of the diff-side check for the correct location -- so
+			// let's check that it's invalidated as well, indicating that it will be shown in the UI as "Outdated". This
+			// usually passes on the first check but is wrapped in Eventually because the async goroutine used in the
+			// pull request testing when the branch is pushed may not be immediately complete.
+			assert.EventuallyWithT(t, func(t *assert.CollectT) {
+				commentReloaded := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: comment.ID})
+				assert.True(t, commentReloaded.Invalidated)
+			}, 1*time.Second, 50*time.Millisecond)
 		})
 
 		t.Run("comment lands on blame with original line number varying from current", func(t *testing.T) {
@@ -1551,7 +1569,7 @@ func (tester *PullRequestCommentPlacementTester) withBranchCheckout(action func(
 
 func (tester *PullRequestCommentPlacementTester) assertFilesChangedDiff(rowAssertions []diffTableRow, note ...string) {
 	req := NewRequest(tester.t, "GET",
-		fmt.Sprintf("/%s/%s/pulls/%d/files?show-outdated=true", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index))
+		fmt.Sprintf("/%s/%s/pulls/%d/files", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index))
 	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
 	doc := NewHTMLParser(tester.t, resp.Body)
 	var testNote string
@@ -1565,7 +1583,7 @@ func (tester *PullRequestCommentPlacementTester) assertFilesChangedDiff(rowAsser
 
 func (tester *PullRequestCommentPlacementTester) assertCommitDiff(commitSHA string, rowAssertions []diffTableRow, note ...string) {
 	req := NewRequest(tester.t, "GET",
-		fmt.Sprintf("/%s/%s/pulls/%d/commits/%s?show-outdated=true", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index, commitSHA))
+		fmt.Sprintf("/%s/%s/pulls/%d/commits/%s", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index, commitSHA))
 	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
 	doc := NewHTMLParser(tester.t, resp.Body)
 	var testNote string

From ca00f99c3fbc45550fb5d4e63e3ff29df5ee0886 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 12 Apr 2026 01:20:54 +0200
Subject: [PATCH 673/854] fix: when reviewing in PRs, make comments relative to
 the visible code's commit (#12055)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When performing `git blame` to identify the commit that a line of code came from, limit the blame to the commit that is currently being viewed in the UI.  Before this change, the blame always occurred on the current head of the PR, causing these problems:
- When you click ➕ to load the comment form, the form that is dynamically loaded would have it's commit field pulled from the current PR head.  That may not actually reflect the code that you were viewing at the time you authored the comment -- it could be a newer commit that occurred by the author while you were reviewing.
- When viewing a specific commit within a PR and leaving a comment, the blame would occur from the head -- if the file was changed in a later commit and the line-of-code moved up or down, the comment would be misplaced.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12055): <!--number 12055 --><!--line 0 --><!--description d2hlbiByZXZpZXdpbmcgaW4gUFJzLCBtYWtlIGNvbW1lbnRzIHJlbGF0aXZlIHRvIHRoZSB2aXNpYmxlIGNvZGUncyBjb21taXQ=-->when reviewing in PRs, make comments relative to the visible code's commit<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12055
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 routers/api/v1/repo/pull_review.go      |   1 +
 routers/web/repo/pull_review.go         |  13 +-
 routers/web/repo/pull_review_test.go    |  12 +-
 services/pull/review.go                 |   6 +-
 templates/repo/diff/box.tmpl            |   2 +-
 tests/integration/comment_roles_test.go |  22 +++-
 tests/integration/pull_review_test.go   | 164 +++++++++++++++++-------
 7 files changed, 158 insertions(+), 62 deletions(-)

diff --git a/routers/api/v1/repo/pull_review.go b/routers/api/v1/repo/pull_review.go
index 97c5dcee78..e478f93655 100644
--- a/routers/api/v1/repo/pull_review.go
+++ b/routers/api/v1/repo/pull_review.go
@@ -337,6 +337,7 @@ func CreatePullReviewComment(ctx *context.APIContext) {
 		pr.Issue,
 		opts.Body,
 		opts.Path,
+		review.CommitID,
 		line,
 		review.ID,
 		nil,
diff --git a/routers/web/repo/pull_review.go b/routers/web/repo/pull_review.go
index 941e428039..c2e30770d3 100644
--- a/routers/web/repo/pull_review.go
+++ b/routers/web/repo/pull_review.go
@@ -44,12 +44,15 @@ func RenderNewCodeCommentForm(ctx *context.Context) {
 	ctx.Data["PageIsPullFiles"] = true
 	ctx.Data["Issue"] = issue
 	ctx.Data["CurrentReview"] = currentReview
-	pullHeadCommitID, err := ctx.Repo.GitRepo.GetRefCommitID(issue.PullRequest.GetGitRefName())
-	if err != nil {
-		ctx.ServerError("GetRefCommitID", err)
-		return
+	afterCommitID := ctx.FormString("after_commit_id")
+	if afterCommitID == "" {
+		afterCommitID, err = ctx.Repo.GitRepo.GetRefCommitID(issue.PullRequest.GetGitRefName())
+		if err != nil {
+			ctx.ServerError("GetRefCommitID", err)
+			return
+		}
 	}
-	ctx.Data["AfterCommitID"] = pullHeadCommitID
+	ctx.Data["AfterCommitID"] = afterCommitID
 	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
 	upload.AddUploadContext(ctx, "comment")
 	ctx.HTML(http.StatusOK, tplNewComment)
diff --git a/routers/web/repo/pull_review_test.go b/routers/web/repo/pull_review_test.go
index 14e6714a63..dd0fa7df29 100644
--- a/routers/web/repo/pull_review_test.go
+++ b/routers/web/repo/pull_review_test.go
@@ -11,6 +11,7 @@ import (
 	"forgejo.org/models/db"
 	issues_model "forgejo.org/models/issues"
 	"forgejo.org/models/unittest"
+	"forgejo.org/modules/git"
 	"forgejo.org/modules/templates"
 	"forgejo.org/services/context"
 	"forgejo.org/services/contexttest"
@@ -28,6 +29,13 @@ func TestRenderConversation(t *testing.T) {
 	_ = pr.Issue.LoadPoster(db.DefaultContext)
 	_ = pr.Issue.LoadRepo(db.DefaultContext)
 
+	require.NoError(t, pr.LoadHeadRepo(t.Context()))
+	repo, err := git.OpenRepository(t.Context(), pr.HeadRepo.RepoPath())
+	defer repo.Close()
+	require.NoError(t, err)
+	prHeadCommitID, err := repo.GetBranchCommitID(pr.HeadBranch)
+	require.NoError(t, err)
+
 	run := func(name string, cb func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder)) {
 		t.Run(name, func(t *testing.T) {
 			ctx, resp := contexttest.MockContext(t, "/")
@@ -42,7 +50,9 @@ func TestRenderConversation(t *testing.T) {
 
 	var preparedComment *issues_model.Comment
 	run("prepare", func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder) {
-		comment, err := pull.CreateCodeComment(ctx, pr.Issue.Poster, ctx.Repo.GitRepo, pr.Issue, 1, "content", "", false, 0, pr.HeadCommitID, nil)
+		comment, err := pull.CreateCodeComment(ctx, pr.Issue.Poster, ctx.Repo.GitRepo, pr.Issue,
+			1, "content", "", false, 0,
+			prHeadCommitID, nil)
 		require.NoError(t, err)
 
 		comment.Invalidated = true
diff --git a/services/pull/review.go b/services/pull/review.go
index b8d4a30be8..5500ce4582 100644
--- a/services/pull/review.go
+++ b/services/pull/review.go
@@ -137,6 +137,7 @@ func CreateCodeComment(ctx context.Context, doer *user_model.User, gitRepo *git.
 			issue,
 			content,
 			treePath,
+			latestCommitID,
 			line,
 			replyReviewID,
 			attachments,
@@ -178,6 +179,7 @@ func CreateCodeComment(ctx context.Context, doer *user_model.User, gitRepo *git.
 		issue,
 		content,
 		treePath,
+		latestCommitID,
 		line,
 		review.ID,
 		attachments,
@@ -199,7 +201,7 @@ func CreateCodeComment(ctx context.Context, doer *user_model.User, gitRepo *git.
 }
 
 // CreateCodeCommentKnownReviewID creates a plain code comment at the specified line / path
-func CreateCodeCommentKnownReviewID(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, issue *issues_model.Issue, content, treePath string, line, reviewID int64, attachments []string) (*issues_model.Comment, error) {
+func CreateCodeCommentKnownReviewID(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, issue *issues_model.Issue, content, treePath, afterCommitID string, line, reviewID int64, attachments []string) (*issues_model.Comment, error) {
 	var commitID, blamedCommitID, patch string
 	blamedLine := line
 	if err := issue.LoadPullRequest(ctx); err != nil {
@@ -249,7 +251,7 @@ func CreateCodeCommentKnownReviewID(ctx context.Context, doer *user_model.User,
 			// FIXME validate treePath
 			// Get latest commit referencing the commented line
 			// No need for get commit for base branch changes
-			commit, lineres, err := gitRepo.LineBlame(head, treePath, uint64(line))
+			commit, lineres, err := gitRepo.LineBlame(afterCommitID, treePath, uint64(line))
 			if err == nil {
 				blamedCommitID = commit.ID.String()
 				blamedLine = int64(lineres)
diff --git a/templates/repo/diff/box.tmpl b/templates/repo/diff/box.tmpl
index f3c0c0989d..5bd9a50b3b 100644
--- a/templates/repo/diff/box.tmpl
+++ b/templates/repo/diff/box.tmpl
@@ -201,7 +201,7 @@
 										{{end}}
 									</div>
 								{{else}}
-									<table class="chroma" data-new-comment-url="{{$.Issue.Link}}/files/reviews/new_comment" data-path="{{$file.Name}}">
+									<table class="chroma" data-new-comment-url="{{$.Issue.Link}}/files/reviews/new_comment?after_commit_id={{$.AfterCommitID}}" data-path="{{$file.Name}}">
 										{{if $.IsSplitStyle}}
 											{{template "repo/diff/section_split" dict "file" . "root" $}}
 										{{else}}
diff --git a/tests/integration/comment_roles_test.go b/tests/integration/comment_roles_test.go
index df1c5b1188..f9eebf34ff 100644
--- a/tests/integration/comment_roles_test.go
+++ b/tests/integration/comment_roles_test.go
@@ -4,6 +4,7 @@
 package integration
 
 import (
+	"fmt"
 	"net/http"
 	"net/url"
 	"path"
@@ -188,16 +189,23 @@ func testEasyLeavePRComment(t *testing.T, session *TestSession, user, repo, id,
 // testEasyLeavePRReviewComment is used to add review comments to specific lines of changed files in the diff of the PR.
 func testEasyLeavePRReviewComment(t *testing.T, session *TestSession, user, repo, id, file, line, message, replyID string) {
 	t.Helper()
+	req := NewRequestf(t, "GET", "/%s/%s/pulls/%s/files/reviews/new_comment", user, repo, id)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	doc := NewHTMLParser(t, resp.Body)
 	values := map[string]string{
-		"origin":        "diff",
-		"side":          "proposed",
-		"line":          line,
-		"path":          file,
-		"content":       message,
-		"single_review": "true",
+		"origin":           doc.GetInputValueByName("origin"),
+		"latest_commit_id": doc.GetInputValueByName("latest_commit_id"),
+		"side":             "proposed",
+		"line":             line,
+		"path":             file,
+		"diff_start_cid":   doc.GetInputValueByName("diff_start_cid"),
+		"diff_end_cid":     doc.GetInputValueByName("diff_end_cid"),
+		"diff_base_cid":    doc.GetInputValueByName("diff_base_cid"),
+		"content":          message,
+		"single_review":    "true",
 	}
 	if len(replyID) > 0 {
 		values["reply"] = replyID
 	}
-	session.MakeRequest(t, NewRequestWithValues(t, "POST", path.Join(user, repo, "pulls", id, "files/reviews/comments"), values), http.StatusOK)
+	session.MakeRequest(t, NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/pulls/%s/files/reviews/comments", user, repo, id), values), http.StatusOK)
 }
diff --git a/tests/integration/pull_review_test.go b/tests/integration/pull_review_test.go
index 3c0ea62a9c..262733f72b 100644
--- a/tests/integration/pull_review_test.go
+++ b/tests/integration/pull_review_test.go
@@ -214,27 +214,27 @@ func TestPullView_ResolveInvalidatedReviewComment(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 		req := NewRequest(t, "GET", "/user2/repo1/pulls/3/files/reviews/new_comment")
 		resp := session.MakeRequest(t, req, http.StatusOK)
-		doc := NewHTMLParser(t, resp.Body)
+		newCommentForm := NewHTMLParser(t, resp.Body)
 
 		var firstReviewID int64
 		{
 			// first (outdated) review
 			req = NewRequestWithValues(t, "POST", "/user2/repo1/pulls/3/files/reviews/comments", map[string]string{
-				"origin":           doc.GetInputValueByName("origin"),
-				"latest_commit_id": doc.GetInputValueByName("latest_commit_id"),
+				"origin":           newCommentForm.GetInputValueByName("origin"),
+				"latest_commit_id": newCommentForm.GetInputValueByName("latest_commit_id"),
 				"side":             "proposed",
 				"line":             "2",
 				"path":             "iso-8859-1.txt",
-				"diff_start_cid":   doc.GetInputValueByName("diff_start_cid"),
-				"diff_end_cid":     doc.GetInputValueByName("diff_end_cid"),
-				"diff_base_cid":    doc.GetInputValueByName("diff_base_cid"),
+				"diff_start_cid":   newCommentForm.GetInputValueByName("diff_start_cid"),
+				"diff_end_cid":     newCommentForm.GetInputValueByName("diff_end_cid"),
+				"diff_base_cid":    newCommentForm.GetInputValueByName("diff_base_cid"),
 				"content":          "nitpicking comment",
 				"pending_review":   "",
 			})
 			session.MakeRequest(t, req, http.StatusOK)
 
 			req = NewRequestWithValues(t, "POST", "/user2/repo1/pulls/3/files/reviews/submit", map[string]string{
-				"commit_id": doc.GetInputValueByName("latest_commit_id"),
+				"commit_id": newCommentForm.GetInputValueByName("latest_commit_id"),
 				"content":   "looks good",
 				"type":      "comment",
 			})
@@ -243,7 +243,7 @@ func TestPullView_ResolveInvalidatedReviewComment(t *testing.T) {
 			// retrieve comment_id by reloading the comment page
 			req = NewRequest(t, "GET", "/user2/repo1/pulls/3")
 			resp = session.MakeRequest(t, req, http.StatusOK)
-			doc = NewHTMLParser(t, resp.Body)
+			doc := NewHTMLParser(t, resp.Body)
 			commentID, ok := doc.Find(`[data-action="Resolve"]`).Attr("data-comment-id")
 			assert.True(t, ok)
 
@@ -266,21 +266,21 @@ func TestPullView_ResolveInvalidatedReviewComment(t *testing.T) {
 			// second (up-to-date) review on the same line
 			// make a second review
 			req = NewRequestWithValues(t, "POST", "/user2/repo1/pulls/3/files/reviews/comments", map[string]string{
-				"origin":           doc.GetInputValueByName("origin"),
-				"latest_commit_id": doc.GetInputValueByName("latest_commit_id"),
+				"origin":           newCommentForm.GetInputValueByName("origin"),
+				"latest_commit_id": newCommentForm.GetInputValueByName("latest_commit_id"),
 				"side":             "proposed",
 				"line":             "2",
 				"path":             "iso-8859-1.txt",
-				"diff_start_cid":   doc.GetInputValueByName("diff_start_cid"),
-				"diff_end_cid":     doc.GetInputValueByName("diff_end_cid"),
-				"diff_base_cid":    doc.GetInputValueByName("diff_base_cid"),
+				"diff_start_cid":   newCommentForm.GetInputValueByName("diff_start_cid"),
+				"diff_end_cid":     newCommentForm.GetInputValueByName("diff_end_cid"),
+				"diff_base_cid":    newCommentForm.GetInputValueByName("diff_base_cid"),
 				"content":          "nitpicking comment",
 				"pending_review":   "",
 			})
 			session.MakeRequest(t, req, http.StatusOK)
 
 			req = NewRequestWithValues(t, "POST", "/user2/repo1/pulls/3/files/reviews/submit", map[string]string{
-				"commit_id": doc.GetInputValueByName("latest_commit_id"),
+				"commit_id": newCommentForm.GetInputValueByName("latest_commit_id"),
 				"content":   "looks better",
 				"type":      "comment",
 			})
@@ -289,7 +289,7 @@ func TestPullView_ResolveInvalidatedReviewComment(t *testing.T) {
 			// retrieve comment_id by reloading the comment page
 			req = NewRequest(t, "GET", "/user2/repo1/pulls/3")
 			resp = session.MakeRequest(t, req, http.StatusOK)
-			doc = NewHTMLParser(t, resp.Body)
+			doc := NewHTMLParser(t, resp.Body)
 
 			commentIDs := doc.Find(`[data-action="Resolve"]`).Map(func(i int, elt *goquery.Selection) string {
 				v, _ := elt.Attr("data-comment-id")
@@ -318,7 +318,7 @@ func TestPullView_ResolveInvalidatedReviewComment(t *testing.T) {
 
 		// even on template error, the page returns HTTP 200
 		// count the comments to ensure success.
-		doc = NewHTMLParser(t, resp.Body)
+		doc := NewHTMLParser(t, resp.Body)
 		comments := doc.Find(`.comment-code-cloud > .comment`)
 		assert.Len(t, comments.Nodes, 1) // the outdated comment belongs to another review and should not be shown
 	})
@@ -674,13 +674,17 @@ func TestPullRequestReplyMail(t *testing.T) {
 
 		review := unittest.AssertExistsAndLoadBean(t, &issues_model.Review{ID: 1002}, "type = 0")
 
-		req := NewRequestWithValues(t, "POST", "/user2/repo1/pulls/2/files/reviews/comments", map[string]string{
-			"origin":  "diff",
-			"content": "Just a comment!",
-			"side":    "proposed",
-			"line":    "4",
-			"path":    "README.md",
-			"reply":   strconv.FormatInt(review.ID, 10),
+		req := NewRequest(t, "GET", "/user2/repo1/pulls/2/files/reviews/new_comment")
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		doc := NewHTMLParser(t, resp.Body)
+		req = NewRequestWithValues(t, "POST", "/user2/repo1/pulls/2/files/reviews/comments", map[string]string{
+			"origin":           "diff",
+			"latest_commit_id": doc.GetInputValueByName("latest_commit_id"),
+			"content":          "Just a comment!",
+			"side":             "proposed",
+			"line":             "4",
+			"path":             "README.md",
+			"reply":            strconv.FormatInt(review.ID, 10),
 		})
 		session.MakeRequest(t, req, http.StatusOK)
 
@@ -696,12 +700,16 @@ func TestPullRequestReplyMail(t *testing.T) {
 			called = true
 		})()
 
-		req := NewRequestWithValues(t, "POST", "/user2/repo1/pulls/2/files/reviews/comments", map[string]string{
-			"origin":  "diff",
-			"content": "Notification time 2!",
-			"side":    "proposed",
-			"line":    "2",
-			"path":    "README.md",
+		req := NewRequest(t, "GET", "/user2/repo1/pulls/2/files/reviews/new_comment")
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		doc := NewHTMLParser(t, resp.Body)
+		req = NewRequestWithValues(t, "POST", "/user2/repo1/pulls/2/files/reviews/comments", map[string]string{
+			"origin":           "diff",
+			"latest_commit_id": doc.GetInputValueByName("latest_commit_id"),
+			"content":          "Notification time 2!",
+			"side":             "proposed",
+			"line":             "2",
+			"path":             "README.md",
 		})
 		session.MakeRequest(t, req, http.StatusOK)
 
@@ -725,13 +733,17 @@ func TestPullRequestReplyMail(t *testing.T) {
 
 			review := unittest.AssertExistsAndLoadBean(t, &issues_model.Review{ID: 1001, Type: issues_model.ReviewTypeComment})
 
-			req := NewRequestWithValues(t, "POST", "/user2/repo1/pulls/2/files/reviews/comments", map[string]string{
-				"origin":  "diff",
-				"content": "Notification time!",
-				"side":    "proposed",
-				"line":    "3",
-				"path":    "README.md",
-				"reply":   strconv.FormatInt(review.ID, 10),
+			req := NewRequest(t, "GET", "/user2/repo1/pulls/2/files/reviews/new_comment")
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			doc := NewHTMLParser(t, resp.Body)
+			req = NewRequestWithValues(t, "POST", "/user2/repo1/pulls/2/files/reviews/comments", map[string]string{
+				"origin":           "diff",
+				"latest_commit_id": doc.GetInputValueByName("latest_commit_id"),
+				"content":          "Notification time!",
+				"side":             "proposed",
+				"line":             "3",
+				"path":             "README.md",
+				"reply":            strconv.FormatInt(review.ID, 10),
 			})
 			session.MakeRequest(t, req, http.StatusOK)
 
@@ -751,13 +763,17 @@ func TestPullRequestReplyMail(t *testing.T) {
 				called = true
 			})()
 
-			req := NewRequestWithValues(t, "POST", "/user2/repo1/pulls/2/files/reviews/comments", map[string]string{
-				"origin":        "diff",
-				"content":       "Notification time 2!",
-				"side":          "proposed",
-				"line":          "5",
-				"path":          "README.md",
-				"single_review": "true",
+			req := NewRequest(t, "GET", "/user2/repo1/pulls/2/files/reviews/new_comment")
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			doc := NewHTMLParser(t, resp.Body)
+			req = NewRequestWithValues(t, "POST", "/user2/repo1/pulls/2/files/reviews/comments", map[string]string{
+				"origin":           "diff",
+				"latest_commit_id": doc.GetInputValueByName("latest_commit_id"),
+				"content":          "Notification time 2!",
+				"side":             "proposed",
+				"line":             "5",
+				"path":             "README.md",
+				"single_review":    "true",
 			})
 			session.MakeRequest(t, req, http.StatusOK)
 
@@ -1409,6 +1425,52 @@ func TestPullRequestCommentPlacement(t *testing.T) {
 			tester.assertFilesChangedDiff(diff)
 			tester.assertCommitDiff(commitSHA, diff)
 		})
+
+		t.Run("comment on specific commit adjusts correctly to later changes in the PR", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Modify an earlier part of the file in one commit, and then change line numbers in a second commit by
+			// removing some content from the file earlier than the first commit
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 50\n", "Line 50--modified\n", 1)
+			commit1 := tester.changeFile("file1.md", content)
+			content = strings.Replace(content, "Line 1\nLine 2\nLine 3\nLine 4\nLine 5\nLine 6\nLine 7\nLine 8\nLine 9\nLine 10\n", "", 1)
+			commit2 := tester.changeFile("file1.md", content)
+			tester.createPR()
+
+			// Create a comment on commit1's "Line 50" change, from the commit-specific view:
+			comment := tester.commentFromSpecificCommit(commit1, "file1.md", 50)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -48,3 +48,3 @@
+ Line 48
+ Line 49
+-Line 50
++Line 50--modified`, comment.PatchQuoted)
+			assert.Equal(t, "proposed", comment.DiffSide())
+			assert.EqualValues(t, 50, comment.Line)
+			assert.Equal(t, commit1, comment.CommitSHA)
+
+			diff50 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowDelCode, code: "Line 50"},
+				{rowType: RowAddCode, code: "Line 50--modified"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertFilesChangedDiff(diff50)
+			tester.assertCommitDiff(commit1, diff50)
+
+			diff10 := []diffTableRow{
+				{rowType: RowDelCode, code: "Line 9"},
+				{rowType: RowDelCode, code: "Line 10"},
+				{rowType: RowHasCode, code: "Line 11"},
+			}
+			tester.assertFilesChangedDiff(diff10)
+			tester.assertCommitDiff(commit2, diff10)
+		})
 	})
 }
 
@@ -1526,14 +1588,24 @@ func (tester *PullRequestCommentPlacementTester) createPR() {
 }
 
 func (tester *PullRequestCommentPlacementTester) commentFromFilesChanged(filename string, line int) *issues_model.Comment {
-	commentContent := uuid.New().String()
-
 	req := NewRequest(tester.t, "GET",
+		// omit after_commit_id -- new_comment form defaults to fetching the PR head
 		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/new_comment", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index))
 	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
+	return tester.commentFromNewCommentForm(resp, filename, line)
+}
 
+func (tester *PullRequestCommentPlacementTester) commentFromSpecificCommit(commitID, filename string, line int) *issues_model.Comment {
+	req := NewRequest(tester.t, "GET",
+		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/new_comment?after_commit_id=%s", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index, commitID))
+	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
+	return tester.commentFromNewCommentForm(resp, filename, line)
+}
+
+func (tester *PullRequestCommentPlacementTester) commentFromNewCommentForm(resp *httptest.ResponseRecorder, filename string, line int) *issues_model.Comment {
+	commentContent := uuid.New().String()
 	doc := NewHTMLParser(tester.t, resp.Body)
-	req = NewRequestWithValues(tester.t, "POST",
+	req := NewRequestWithValues(tester.t, "POST",
 		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/comments", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index),
 		map[string]string{
 			"origin":           doc.GetInputValueByName("origin"),

From 9de142eb7f91c71dc8f4c98a942b4ba73a48b499 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 12 Apr 2026 02:38:50 +0200
Subject: [PATCH 674/854] Update dependency webpack to v5.106.0 (forgejo)
 (#12093)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12093
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 588a3e7570..364c1527cb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -77,7 +77,7 @@
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
-        "webpack": "5.105.4",
+        "webpack": "5.106.0",
         "webpack-cli": "7.0.2",
         "wrap-ansi": "10.0.0"
       },
@@ -16136,9 +16136,9 @@
       "license": "BSD-2-Clause"
     },
     "node_modules/webpack": {
-      "version": "5.105.4",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.105.4.tgz",
-      "integrity": "sha512-jTywjboN9aHxFlToqb0K0Zs9SbBoW4zRUlGzI2tYNxVYcEi/IPpn+Xi4ye5jTLvX2YeLuic/IvxNot+Q1jMoOw==",
+      "version": "5.106.0",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.106.0.tgz",
+      "integrity": "sha512-Pkx5joZ9RrdgO5LBkyX1L2ZAJeK/Taz3vqZ9CbcP0wS5LEMx5QkKsEwLl29QJfihZ+DKRBFldzy1O30pJ1MDpA==",
       "license": "MIT",
       "dependencies": {
         "@types/eslint-scope": "^3.7.7",
diff --git a/package.json b/package.json
index aa6d80b52a..73ed4f86fa 100644
--- a/package.json
+++ b/package.json
@@ -76,7 +76,7 @@
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",
-    "webpack": "5.105.4",
+    "webpack": "5.106.0",
     "webpack-cli": "7.0.2",
     "wrap-ansi": "10.0.0"
   },

From fd28fd896bbe7cd676618589ddf3f094906756e8 Mon Sep 17 00:00:00 2001
From: famfo <famfo@famfo.xyz>
Date: Sun, 12 Apr 2026 03:31:03 +0200
Subject: [PATCH 675/854] feat: Follow remote users; feed tab (#10380)

This is hopefully the final part of PR #4767, rebased and squashed.

More thorough federation tests are at https://code.forgejo.org/forgejo/end-to-end/pulls/1276 but the mock has been extended to hopefully cover a good chunk as well.

Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-authored-by: zam <mirco.zachmann@meissa.de>
Co-authored-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10380
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
---
 .deadcode-out                                 |   4 -
 models/activities/federated_user_activity.go  |   2 +-
 models/user/federated_user.go                 |  16 +++
 modules/forgefed/inbox.go                     |  15 +++
 modules/templates/helper.go                   |  25 +++--
 .../test/distant_federation_server_mock.go    | 102 ++++++++++++++----
 options/locale_next/locale_en-US.json         |   6 ++
 public/assets/img/svg/fediverse-small.svg     |   1 +
 release-notes/10380.md                        |   1 +
 routers/api/v1/api.go                         |   5 +
 routers/api/v1/swagger/options.go             |   3 +
 routers/api/v1/user/follower.go               |  32 ++++++
 routers/web/user/profile.go                   |  22 ++++
 services/federation/federation_service.go     |  77 +++++++------
 services/federation/signature_service.go      |   5 -
 templates/base/head.tmpl                      |   3 +
 templates/swagger/v1_json.tmpl                |  42 ++++++++
 templates/user/dashboard/ap_feed.tmpl         |  26 +++++
 templates/user/dashboard/ap_feed_guide.tmpl   |   6 ++
 templates/user/overview/header.tmpl           |   5 +
 templates/user/profile.tmpl                   |   8 ++
 ...pi_activitypub_person_inbox_follow_test.go |  55 +++++++++-
 ...ivitypub_person_inbox_useractivity_test.go |  83 +++++++++++++-
 .../api_user_follow_federation_test.go        |  55 ++++++++++
 .../federation_home_template_test.go          |  53 +++++++++
 web_src/svg/fediverse-small.svg               |  31 ++++++
 26 files changed, 599 insertions(+), 84 deletions(-)
 create mode 100644 modules/forgefed/inbox.go
 create mode 100644 public/assets/img/svg/fediverse-small.svg
 create mode 100644 release-notes/10380.md
 create mode 100644 templates/user/dashboard/ap_feed.tmpl
 create mode 100644 templates/user/dashboard/ap_feed_guide.tmpl
 create mode 100644 tests/integration/api_user_follow_federation_test.go
 create mode 100644 tests/integration/federation_home_template_test.go
 create mode 100644 web_src/svg/fediverse-small.svg

diff --git a/.deadcode-out b/.deadcode-out
index 0c44d2bdfd..a42b499a9f 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -88,7 +88,6 @@ forgejo.org/modules/eventsource
 	Event.String
 
 forgejo.org/modules/forgefed
-	NewForgeFollow
 	NewForgeUndoLike
 	ForgeUndoLike.UnmarshalJSON
 	ForgeUndoLike.Validate
@@ -227,9 +226,6 @@ forgejo.org/routers/web/org
 forgejo.org/services/context
 	GetPrivateContext
 
-forgejo.org/services/federation
-	FollowRemoteActor
-
 forgejo.org/services/notify
 	UnregisterNotifier
 
diff --git a/models/activities/federated_user_activity.go b/models/activities/federated_user_activity.go
index 1ff3a855d0..a9f509e8f7 100644
--- a/models/activities/federated_user_activity.go
+++ b/models/activities/federated_user_activity.go
@@ -82,7 +82,7 @@ func GetFollowingFeeds(ctx context.Context, actorID int64, opts GetFollowingFeed
 	sess = db.SetSessionPagination(sess, &opts)
 
 	actions := make([]*FederatedUserActivity, 0, opts.PageSize)
-	count, err := sess.FindAndCount(&actions)
+	count, err := sess.Desc("`federated_user_activity`.created").FindAndCount(&actions)
 	if err != nil {
 		return nil, 0, fmt.Errorf("FindAndCount: %w", err)
 	}
diff --git a/models/user/federated_user.go b/models/user/federated_user.go
index d2a9c34c9e..8199a9cd22 100644
--- a/models/user/federated_user.go
+++ b/models/user/federated_user.go
@@ -5,6 +5,7 @@ package user
 
 import (
 	"database/sql"
+	"fmt"
 
 	"forgejo.org/modules/validation"
 )
@@ -42,3 +43,18 @@ func (federatedUser FederatedUser) Validate() []string {
 	result = append(result, validation.ValidateNotEmpty(federatedUser.InboxPath, "InboxPath")...)
 	return result
 }
+
+func (federatedUser *FederatedUser) LogString() string {
+	if federatedUser == nil {
+		return "<FederatedUser nil>"
+	}
+
+	return fmt.Sprintf(
+		"<FederatedUser ID: %d, UserID: %d, ExternalID: %s, NormalizedOriginalURL: %s, InboxPath: %s>",
+		federatedUser.ID,
+		federatedUser.UserID,
+		federatedUser.ExternalID,
+		federatedUser.NormalizedOriginalURL,
+		federatedUser.InboxPath,
+	)
+}
diff --git a/modules/forgefed/inbox.go b/modules/forgefed/inbox.go
new file mode 100644
index 0000000000..c02aedd38c
--- /dev/null
+++ b/modules/forgefed/inbox.go
@@ -0,0 +1,15 @@
+// Copyright 2024, 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgefed
+
+import (
+	ap "github.com/go-ap/activitypub"
+)
+
+// ForgeFollow activity data type
+// swagger:model
+type ForgeInbox struct {
+	// swagger:ignore
+	ap.InboxStream
+}
diff --git a/modules/templates/helper.go b/modules/templates/helper.go
index a6235c37ba..44f5da24cb 100644
--- a/modules/templates/helper.go
+++ b/modules/templates/helper.go
@@ -52,16 +52,17 @@ func NewFuncMap() template.FuncMap {
 
 		// -----------------------------------------------------------------
 		// html/template related functions
-		"dict":         dict, // it's lowercase because this name has been widely used. Our other functions should have uppercase names.
-		"Eval":         Eval,
-		"TrustHTML":    TrustHTML,
-		"HTMLFormat":   HTMLFormat,
-		"HTMLEscape":   HTMLEscape,
-		"QueryEscape":  QueryEscape,
-		"JSEscape":     JSEscapeSafe,
-		"SanitizeHTML": SanitizeHTML,
-		"URLJoin":      util.URLJoin,
-		"DotEscape":    DotEscape,
+		"dict":               dict, // it's lowercase because this name has been widely used. Our other functions should have uppercase names.
+		"Eval":               Eval,
+		"TrustHTML":          TrustHTML,
+		"HTMLFormat":         HTMLFormat,
+		"HTMLEscape":         HTMLEscape,
+		"QueryEscape":        QueryEscape,
+		"JSEscape":           JSEscapeSafe,
+		"SanitizeHTML":       SanitizeHTML,
+		"SanitizeHTMLStrict": SanitizeHTMLStrict,
+		"URLJoin":            util.URLJoin,
+		"DotEscape":          DotEscape,
 
 		"PathEscape":         url.PathEscape,
 		"PathEscapeSegments": util.PathEscapeSegments,
@@ -257,6 +258,10 @@ func SanitizeHTML(s string) template.HTML {
 	return template.HTML(markup.Sanitize(s))
 }
 
+func SanitizeHTMLStrict(s string) template.HTML {
+	return template.HTML(markup.SanitizeDescription(s))
+}
+
 func HTMLEscape(s any) template.HTML {
 	switch v := s.(type) {
 	case string:
diff --git a/modules/test/distant_federation_server_mock.go b/modules/test/distant_federation_server_mock.go
index ea8a69e9b4..abbc82c196 100644
--- a/modules/test/distant_federation_server_mock.go
+++ b/modules/test/distant_federation_server_mock.go
@@ -4,29 +4,38 @@
 package test
 
 import (
+	"bytes"
 	"fmt"
 	"io"
 	"net/http"
 	"net/http/httptest"
+	"net/url"
 	"strings"
 	"testing"
 
 	"forgejo.org/modules/util"
+
+	ap "github.com/go-ap/activitypub"
+	"github.com/go-ap/jsonld"
+	"github.com/google/uuid"
 )
 
+type ApActorMock struct {
+	PrivKey string
+	PubKey  string
+}
+
 type FederationServerMockPerson struct {
 	ID      int64
 	Name    string
 	PubKey  string
 	PrivKey string
 }
+
 type FederationServerMockRepository struct {
 	ID int64
 }
-type ApActorMock struct {
-	PrivKey string
-	PubKey  string
-}
+
 type FederationServerMock struct {
 	ApActor      ApActorMock
 	Persons      []FederationServerMockPerson
@@ -34,6 +43,35 @@ type FederationServerMock struct {
 	LastPost     string
 }
 
+func NewApActorMock() ApActorMock {
+	priv, pub, _ := util.GenerateKeyPair(1024)
+	return ApActorMock{
+		PrivKey: priv,
+		PubKey:  pub,
+	}
+}
+
+func (u *ApActorMock) KeyID(host string) string {
+	return fmt.Sprintf("%s/api/v1/activitypub/actor#main-key", host)
+}
+
+func (u *ApActorMock) marshal(host string) string {
+	baseID := fmt.Sprintf("http://%s/api/v1/activitypub/actor", host)
+
+	return fmt.Sprintf(
+		`{ "@context": ["https://www.w3.org/ns/activitystreams", "https://w3id.org/security/v1"],`+
+			`"id": "%[1]s",`+
+			`"type": "Application",`+
+			`"preferredUsername": "ghost",`+
+			`"publicKey": {`+
+			` "id": "%[1]s#main-key",`+
+			` "owner": "%[1]s",`+
+			` "publicKeyPem": %[2]q }}`,
+		baseID,
+		u.PubKey,
+	)
+}
+
 func NewFederationServerMockPerson(id int64, name string) FederationServerMockPerson {
 	priv, pub, _ := util.GenerateKeyPair(3072)
 	return FederationServerMockPerson{
@@ -48,24 +86,6 @@ func (p *FederationServerMockPerson) KeyID(host string) string {
 	return fmt.Sprintf("%[1]v/api/v1/activitypub/user-id/%[2]v#main-key", host, p.ID)
 }
 
-func NewFederationServerMockRepository(id int64) FederationServerMockRepository {
-	return FederationServerMockRepository{
-		ID: id,
-	}
-}
-
-func NewApActorMock() ApActorMock {
-	priv, pub, _ := util.GenerateKeyPair(1024)
-	return ApActorMock{
-		PrivKey: priv,
-		PubKey:  pub,
-	}
-}
-
-func (u *ApActorMock) KeyID(host string) string {
-	return fmt.Sprintf("%[1]v/api/v1/activitypub/actor#main-key", host)
-}
-
 func (p FederationServerMockPerson) marshal(host string) string {
 	return fmt.Sprintf(`{"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1"],`+
 		`"id":"http://%[1]v/api/v1/activitypub/user-id/%[2]v",`+
@@ -80,6 +100,12 @@ func (p FederationServerMockPerson) marshal(host string) string {
 		`"publicKeyPem":%[4]q}}`, host, p.ID, p.Name, p.PubKey)
 }
 
+func NewFederationServerMockRepository(id int64) FederationServerMockRepository {
+	return FederationServerMockRepository{
+		ID: id,
+	}
+}
+
 func NewFederationServerMock() *FederationServerMock {
 	return &FederationServerMock{
 		ApActor: NewApActorMock(),
@@ -103,6 +129,26 @@ func (mock *FederationServerMock) recordLastPost(t *testing.T, req *http.Request
 	mock.LastPost = strings.ReplaceAll(buf.String(), req.Host, "DISTANT_FEDERATION_HOST")
 }
 
+func (mock *FederationServerMock) FollowActorUnsigned(host string, localID int64, uri, inboxURL url.URL) error {
+	apID := fmt.Sprintf("%s/api/v1/activitypub/user-id/%d", host, localID)
+
+	activity := ap.Follow{}
+	activity.Type = ap.FollowType
+	activity.ID = ap.IRI(apID + "/follows/" + uuid.New().String())
+	activity.Actor = ap.IRI(apID)
+	activity.Object = ap.IRI(uri.String())
+
+	payload, err := jsonld.WithContext(jsonld.IRI(ap.ActivityBaseURI)).Marshal(activity)
+	if err != nil {
+		return err
+	}
+
+	reader := bytes.NewReader(payload)
+	_, err = http.Post(inboxURL.String(), "application/activity+json", reader)
+
+	return err
+}
+
 func (mock *FederationServerMock) DistantServer(t *testing.T) *httptest.Server {
 	federatedRoutes := http.NewServeMux()
 
@@ -122,6 +168,10 @@ func (mock *FederationServerMock) DistantServer(t *testing.T) *httptest.Server {
 		})
 
 	for _, person := range mock.Persons {
+		federatedRoutes.HandleFunc(fmt.Sprintf("/api/v1/activitypub/user-id/alias%v", person.ID),
+			func(res http.ResponseWriter, req *http.Request) {
+				fmt.Fprint(res, person.marshal(req.Host))
+			})
 		federatedRoutes.HandleFunc(fmt.Sprintf("/api/v1/activitypub/user-id/%v", person.ID),
 			func(res http.ResponseWriter, req *http.Request) {
 				// curl -H "Accept: application/json" https://federated-repo.prod.meissa.de/api/v1/activitypub/user-id/2
@@ -139,10 +189,18 @@ func (mock *FederationServerMock) DistantServer(t *testing.T) *httptest.Server {
 				mock.recordLastPost(t, req)
 			})
 	}
+
+	federatedRoutes.HandleFunc("GET /api/v1/activitypub/actor",
+		func(res http.ResponseWriter, req *http.Request) {
+			fmt.Fprint(res, mock.ApActor.marshal(req.Host))
+		})
+
 	federatedRoutes.HandleFunc("/",
 		func(res http.ResponseWriter, req *http.Request) {
 			t.Errorf("Unhandled %v request: %q", req.Method, req.URL.EscapedPath())
 		})
+
 	federatedSrv := httptest.NewServer(federatedRoutes)
+
 	return federatedSrv
 }
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 3195d6f6f1..c0c73ec860 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -261,6 +261,12 @@
 	"settings.access_token.admin_disabled": "Administrative permissions are disabled.",
 	"error.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts. Enable it at: %s",
 	"avatar.constraints_hint": "Custom avatar may not exceed %[1]s in size or be larger than %[2]dx%[3]d pixels",
+	"user.activitypub_feed.feed": "Fediverse Feed",
+	"user.activitypub_feed.no_activity": "No fediverse activity",
+	"user.activitypub_feed.is_empty": "Your fediverse feed is empty.",
+	"user.activitypub_feed.hint": "This feed shows activities from fediverse accounts that you follow, as well as federated posts that mentioned you.",
+	"user.activitypub_feed.posted_on": "Posted on %[1]s",
+	"user.activitypub_feed.original_source": "Original source",
 	"user.ghost.tooltip": "This user has been deleted, or cannot be matched.",
 	"og.repo.summary_card.alt_description": "Summary card of repository %[1]s, described as: %[2]s",
 	"repo.commit.load_tags_failed": "Load tags failed because of internal error",
diff --git a/public/assets/img/svg/fediverse-small.svg b/public/assets/img/svg/fediverse-small.svg
new file mode 100644
index 0000000000..90f9a79ef5
--- /dev/null
+++ b/public/assets/img/svg/fediverse-small.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 6.35 6.35" class="svg fediverse-small" width="16" height="16" aria-hidden="true"><path d="M3.59 1.16a.204.204 0 0 0-.24.16.204.204 0 0 0 .158.24 1.63 1.63 0 0 1 .832.45 1.64 1.64 0 0 1 .353 1.806.204.204 0 0 0 .11.268.204.204 0 0 0 .265-.11A2.055 2.055 0 0 0 3.59 1.16M1.547 2.266a.204.204 0 0 0-.266.109 2.054 2.054 0 0 0 1.48 2.814.204.204 0 0 0 .241-.158.204.204 0 0 0-.16-.242 1.63 1.63 0 0 1-.832-.45 1.64 1.64 0 0 1-.483-1.163c0-.228.046-.446.13-.643a.204.204 0 0 0-.11-.267" style="stroke-linecap:round" transform="matrix(1.28704 0 0 1.31102 -.911 -.987)"/><path d="M1.72.264C1.065.264.53.802.53 1.456c0 .655.535 1.19 1.19 1.19s1.19-.535 1.19-1.19S2.373.264 1.72.264m0 .53c.368 0 .661.294.661.662a.66.66 0 0 1-.661.662.66.66 0 0 1-.662-.662c0-.368.293-.661.662-.661M4.63 3.705c-.654 0-1.19.535-1.19 1.19s.536 1.19 1.19 1.19c.655 0 1.19-.536 1.19-1.19 0-.655-.535-1.19-1.19-1.19m0 .527c.37 0 .661.294.661.663a.657.657 0 0 1-.66.662.66.66 0 0 1-.662-.662c0-.369.293-.663.662-.663"/></svg>
\ No newline at end of file
diff --git a/release-notes/10380.md b/release-notes/10380.md
new file mode 100644
index 0000000000..04c1b7c665
--- /dev/null
+++ b/release-notes/10380.md
@@ -0,0 +1 @@
+Allow forgejo users to follow remote users and display federated notes. This feature is still missing some some other basic features for "production use": there is no moderation support, UI for following federated users, and federation is still limited to forgejo, Mastodon, and GoToSocial.
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index d0b8531aea..efd10b567f 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -1036,6 +1036,11 @@ func Routes() *web.Route {
 					m.Delete("", user.Unfollow)
 				}, context.UserAssignmentAPI())
 			})
+			if setting.Federation.Enabled {
+				m.Group("/activitypub", func() {
+					m.Post("/follow", bind(api.APRemoteFollowOption{}), user.ActivityPubFollow)
+				})
+			}
 
 			// (admin:public_key scope)
 			m.Group("/keys", func() {
diff --git a/routers/api/v1/swagger/options.go b/routers/api/v1/swagger/options.go
index 1cc77b319a..7df4d42c34 100644
--- a/routers/api/v1/swagger/options.go
+++ b/routers/api/v1/swagger/options.go
@@ -19,6 +19,9 @@ type swaggerParameterBodies struct {
 	// in:body
 	ForgeLike ffed.ForgeLike
 
+	// in:body
+	APRemoteFollowOption api.APRemoteFollowOption `json:"body"`
+
 	// in:body
 	AddCollaboratorOption api.AddCollaboratorOption
 
diff --git a/routers/api/v1/user/follower.go b/routers/api/v1/user/follower.go
index 643ad49b80..508632a6e7 100644
--- a/routers/api/v1/user/follower.go
+++ b/routers/api/v1/user/follower.go
@@ -10,9 +10,11 @@ import (
 
 	user_model "forgejo.org/models/user"
 	api "forgejo.org/modules/structs"
+	"forgejo.org/modules/web"
 	"forgejo.org/routers/api/v1/utils"
 	"forgejo.org/services/context"
 	"forgejo.org/services/convert"
+	"forgejo.org/services/federation"
 )
 
 func responseAPIUsers(ctx *context.APIContext, users []*user_model.User) {
@@ -279,3 +281,33 @@ func Unfollow(ctx *context.APIContext) {
 	}
 	ctx.Status(http.StatusNoContent)
 }
+
+// Follow follow a remote activitypub account
+func ActivityPubFollow(ctx *context.APIContext) {
+	// swagger:operation POST /user/activitypub/follow user userCurrentActivityPubFollow
+	// ---
+	// summary: Follow a remote activitypub account
+	// parameters:
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/APRemoteFollowOption"
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	//   "401":
+	//     "$ref": "#/responses/unauthorized"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+
+	form := web.GetForm(ctx).(*api.APRemoteFollowOption)
+
+	if err := federation.FollowRemoteActor(ctx, ctx.Doer, form.Target); err != nil {
+		ctx.Error(http.StatusInternalServerError, "federation.FollowRemoteActor", err)
+		return
+	}
+
+	ctx.Status(http.StatusNoContent)
+}
diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
index 2a3893f80e..ec3cb4a5d3 100644
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@@ -176,6 +176,28 @@ func prepareUserProfileTabData(ctx *context.Context, showPrivate bool, profileDb
 		} else {
 			ctx.Data["CardsNoneMsg"] = ctx.Tr("followers.outgoing.list.none", ctx.ContextUser.Name)
 		}
+	case "feed":
+		if setting.Federation.Enabled {
+			pagingNum = setting.UI.FeedPagingNum
+			var items []*activities_model.FederatedUserActivity
+			var count int64
+			if ctx.Doer != nil {
+				items, count, err = activities_model.GetFollowingFeeds(ctx,
+					ctx.Doer.ID,
+					activities_model.GetFollowingFeedsOptions{
+						ListOptions: db.ListOptions{
+							PageSize: pagingNum,
+							Page:     page,
+						},
+					})
+				if err != nil {
+					ctx.ServerError("GetFollowingFeeds", err)
+					return
+				}
+			}
+			ctx.Data["FollowingFeeds"] = items
+			total = int(count)
+		}
 	case "activity":
 		// prepare heatmap data
 		if setting.Service.EnableUserHeatmap {
diff --git a/services/federation/federation_service.go b/services/federation/federation_service.go
index d0336881a8..04cc4e878a 100644
--- a/services/federation/federation_service.go
+++ b/services/federation/federation_service.go
@@ -11,7 +11,7 @@ import (
 	"strings"
 
 	"forgejo.org/models/forgefed"
-	"forgejo.org/models/user"
+	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/activitypub"
 	fm "forgejo.org/modules/forgefed"
 	"forgejo.org/modules/log"
@@ -47,32 +47,51 @@ func FindOrCreateFederationHost(ctx context.Context, actorURI string) (*forgefed
 	return federationHost, nil
 }
 
-func FindOrCreateFederatedUser(ctx context.Context, actorURI string) (*user.User, *user.FederatedUser, *forgefed.FederationHost, error) {
+func FindOrCreateFederatedUser(ctx context.Context, actorURI string) (*user_model.User, *user_model.FederatedUser, *forgefed.FederationHost, error) {
 	user, federatedUser, federationHost, err := findFederatedUser(ctx, actorURI)
 	if err != nil {
 		return nil, nil, nil, err
 	}
+
 	personID, err := fm.NewPersonID(actorURI, string(federationHost.NodeInfo.SoftwareName))
 	if err != nil {
 		return nil, nil, nil, err
 	}
 
 	if user != nil {
-		log.Trace("Local ActivityPub user found (actorURI: %#v, user: %#v)", actorURI, user)
+		log.Trace("Local ActivityPub user found (actorURI: %#v, user: %v)", actorURI, user.Name)
 	} else {
 		log.Trace("Attempting to create new user and federatedUser for actorURI: %#v", actorURI)
-		user, federatedUser, err = createUserFromAP(ctx, personID, federationHost.ID)
+		apUser, apFederatedUser, err := fetchUserFromAP(ctx, personID, federationHost)
 		if err != nil {
 			return nil, nil, nil, err
 		}
-		log.Trace("Created user %#v with federatedUser %#v from distant server", user, federatedUser)
+
+		user, federatedUser, federationHost, err = findFederatedUser(ctx, apFederatedUser.NormalizedOriginalURL)
+		if err != nil {
+			return nil, nil, nil, err
+		}
+
+		if user != nil {
+			log.Trace("Resolved alias %s to %s", actorURI, apFederatedUser.NormalizedOriginalURL)
+		} else {
+			user = apUser
+			federatedUser = apFederatedUser
+
+			err := user_model.CreateFederatedUser(ctx, user, federatedUser)
+			if err != nil {
+				return nil, nil, nil, err
+			}
+
+			log.Trace("Created user %s with federatedUser %s from distant server", user.LogString(), federatedUser.LogString())
+		}
 	}
 	log.Trace("Got user: %v", user.Name)
 
 	return user, federatedUser, federationHost, nil
 }
 
-func findFederatedUser(ctx context.Context, actorURI string) (*user.User, *user.FederatedUser, *forgefed.FederationHost, error) {
+func findFederatedUser(ctx context.Context, actorURI string) (*user_model.User, *user_model.FederatedUser, *forgefed.FederationHost, error) {
 	federationHost, err := FindOrCreateFederationHost(ctx, actorURI)
 	if err != nil {
 		return nil, nil, nil, err
@@ -82,7 +101,7 @@ func findFederatedUser(ctx context.Context, actorURI string) (*user.User, *user.
 		return nil, nil, nil, err
 	}
 
-	user, federatedUser, err := user.FindFederatedUser(ctx, actorID.ID, federationHost.ID)
+	user, federatedUser, err := user_model.FindFederatedUser(ctx, actorID.ID, federationHost.ID)
 	if err != nil {
 		return nil, nil, nil, err
 	}
@@ -91,7 +110,7 @@ func findFederatedUser(ctx context.Context, actorURI string) (*user.User, *user.
 }
 
 func createFederationHostFromAP(ctx context.Context, actorID fm.ActorID) (*forgefed.FederationHost, error) {
-	actionsUser := user.NewAPServerActor()
+	actionsUser := user_model.NewAPServerActor()
 
 	clientFactory, err := activitypub.GetClientFactory(ctx)
 	if err != nil {
@@ -137,8 +156,8 @@ func createFederationHostFromAP(ctx context.Context, actorID fm.ActorID) (*forge
 	return &result, nil
 }
 
-func fetchUserFromAP(ctx context.Context, personID fm.PersonID, federationHostID int64) (*user.User, *user.FederatedUser, error) {
-	actionsUser := user.NewAPServerActor()
+func fetchUserFromAP(ctx context.Context, personID fm.PersonID, federationHost *forgefed.FederationHost) (*user_model.User, *user_model.FederatedUser, error) {
+	actionsUser := user_model.NewAPServerActor()
 	clientFactory, err := activitypub.GetClientFactory(ctx)
 	if err != nil {
 		return nil, nil, err
@@ -164,16 +183,18 @@ func fetchUserFromAP(ctx context.Context, personID fm.PersonID, federationHostID
 		return nil, nil, err
 	}
 
-	log.Info("Fetched valid person from distant server: %q", person)
-
 	localFqdn, err := url.ParseRequestURI(setting.AppURL)
 	if err != nil {
 		return nil, nil, err
 	}
 
+	personIDFromActor, err := fm.NewPersonID(person.ID.GetLink().String(), string(federationHost.NodeInfo.SoftwareName))
+	if err != nil {
+		return nil, nil, err
+	}
 	email := fmt.Sprintf("f%v@%v", uuid.New().String(), localFqdn.Hostname())
-	loginName := personID.AsLoginName()
-	name := fmt.Sprintf("@%v%v", person.PreferredUsername.String(), personID.HostSuffix())
+	loginName := personIDFromActor.AsLoginName()
+	name := fmt.Sprintf("@%v%v", person.PreferredUsername.String(), personIDFromActor.HostSuffix())
 	fullName := person.Name.String()
 
 	if len(person.Name) == 0 {
@@ -190,7 +211,7 @@ func fetchUserFromAP(ctx context.Context, personID fm.PersonID, federationHostID
 		return nil, nil, err
 	}
 
-	newUser := user.User{
+	newUser := user_model.User{
 		LowerName:                    strings.ToLower(name),
 		Name:                         name,
 		FullName:                     fullName,
@@ -201,15 +222,15 @@ func fetchUserFromAP(ctx context.Context, personID fm.PersonID, federationHostID
 		Salt:                         "",
 		PasswdHashAlgo:               "",
 		LoginName:                    loginName,
-		Type:                         user.UserTypeActivityPubUser,
+		Type:                         user_model.UserTypeActivityPubUser,
 		IsAdmin:                      false,
 	}
 
-	federatedUser := user.FederatedUser{
-		ExternalID:            personID.ID,
-		FederationHostID:      federationHostID,
+	federatedUser := user_model.FederatedUser{
+		ExternalID:            personIDFromActor.ID,
+		FederationHostID:      federationHost.ID,
 		InboxPath:             inbox.Path,
-		NormalizedOriginalURL: personID.AsURI(),
+		NormalizedOriginalURL: personIDFromActor.AsURI(),
 		KeyID: sql.NullString{
 			String: person.PublicKey.ID.String(),
 			Valid:  true,
@@ -220,20 +241,6 @@ func fetchUserFromAP(ctx context.Context, personID fm.PersonID, federationHostID
 		},
 	}
 
-	log.Info("Fetched person's %q federatedUser from distant server: %q", person, federatedUser)
+	log.Trace("Fetched person's %v federatedUser from distant server: %s", person, federatedUser.LogString())
 	return &newUser, &federatedUser, nil
 }
-
-func createUserFromAP(ctx context.Context, personID fm.PersonID, federationHostID int64) (*user.User, *user.FederatedUser, error) {
-	newUser, federatedUser, err := fetchUserFromAP(ctx, personID, federationHostID)
-	if err != nil {
-		return nil, nil, err
-	}
-	err = user.CreateFederatedUser(ctx, newUser, federatedUser)
-	if err != nil {
-		return nil, nil, err
-	}
-
-	log.Info("Created federatedUser: %q", federatedUser)
-	return newUser, federatedUser, nil
-}
diff --git a/services/federation/signature_service.go b/services/federation/signature_service.go
index 25e4e270bc..bd40a37beb 100644
--- a/services/federation/signature_service.go
+++ b/services/federation/signature_service.go
@@ -82,11 +82,6 @@ func FindOrCreateFederatedUserKey(ctx context.Context, keyID string) (pubKey any
 		if err != nil {
 			return nil, err
 		}
-	} else {
-		_, err = forgefed.GetFederationHost(ctx, federatedUser.FederationHostID)
-		if err != nil {
-			return nil, err
-		}
 	}
 
 	if federatedUser.PublicKey.Valid {
diff --git a/templates/base/head.tmpl b/templates/base/head.tmpl
index d31d25db46..8b4f661b57 100644
--- a/templates/base/head.tmpl
+++ b/templates/base/head.tmpl
@@ -19,6 +19,9 @@
 {{end}}
 	<link rel="icon" href="{{AssetUrlPrefix}}/img/favicon.svg" type="image/svg+xml">
 	<link rel="alternate icon" href="{{AssetUrlPrefix}}/img/favicon.png" type="image/png">
+{{if and FederationEnabled .PageIsUserProfile .ContextUser .ContextUser.IsIndividual}}
+	<link rel="alternate" type="application/activity+json" href="{{.ContextUser.APActorID}}">
+{{end}}
 	{{template "base/head_script" .}}
 	{{template "shared/user/mention_highlight" .}}
 	{{template "base/head_opengraph" .}}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index e9b10e1e52..8ca012823a 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -19583,6 +19583,38 @@
         }
       }
     },
+    "/user/activitypub/follow": {
+      "post": {
+        "tags": [
+          "user"
+        ],
+        "summary": "Follow a remote activitypub account",
+        "operationId": "userCurrentActivityPubFollow",
+        "parameters": [
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "$ref": "#/definitions/APRemoteFollowOption"
+            }
+          }
+        ],
+        "responses": {
+          "204": {
+            "$ref": "#/responses/empty"
+          },
+          "401": {
+            "$ref": "#/responses/unauthorized"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
     "/user/applications/oauth2": {
       "get": {
         "produces": [
@@ -22279,6 +22311,16 @@
       },
       "x-go-package": "forgejo.org/services/context"
     },
+    "APRemoteFollowOption": {
+      "type": "object",
+      "properties": {
+        "target": {
+          "type": "string",
+          "x-go-name": "Target"
+        }
+      },
+      "x-go-package": "forgejo.org/modules/structs"
+    },
     "AccessToken": {
       "type": "object",
       "title": "AccessToken represents an API access token.",
diff --git a/templates/user/dashboard/ap_feed.tmpl b/templates/user/dashboard/ap_feed.tmpl
new file mode 100644
index 0000000000..1127026139
--- /dev/null
+++ b/templates/user/dashboard/ap_feed.tmpl
@@ -0,0 +1,26 @@
+<div id="activity-feed" class="flex-list">
+	{{range .FollowingFeeds}}
+		<div class="flex-item">
+			{{if not (eq .Actor.ID 0)}}
+				<div class="flex-item-leading">
+					{{ctx.AvatarUtils.Avatar . 48}}
+				</div>
+			{{end}}
+			<div class="flex-item-main">
+				<div class="flex-item-title">
+					<a class="text muted" href="{{.ActorURI}}">{{.Actor.Name}}</a>
+				</div>
+				<div class="render-content markup">
+					{{.NoteContent | SanitizeHTMLStrict}}
+				</div>
+				{{if .NoteURL}}
+					<div class="flex-item-footer">
+						<span class="flex-text-inline">{{svg "octicon-calendar"}}{{ctx.Locale.Tr "user.activitypub_feed.posted_on" (DateUtils.TimeSince .Created)}}</span>
+						<a class="flex-text-inline" href="{{.NoteURL}}">{{svg "octicon-link-external"}}{{ctx.Locale.Tr "user.activitypub_feed.original_source"}}</a>
+					</div>
+				{{end}}
+			</div>
+		</div>
+	{{end}}
+	{{template "base/paginate" .}}
+</div>
diff --git a/templates/user/dashboard/ap_feed_guide.tmpl b/templates/user/dashboard/ap_feed_guide.tmpl
new file mode 100644
index 0000000000..a3a29abbed
--- /dev/null
+++ b/templates/user/dashboard/ap_feed_guide.tmpl
@@ -0,0 +1,6 @@
+<div id="empty-ap-feed" class="tw-text-center tw-p-8">
+	{{svg "octicon-people" 64 "tw-text-placeholder-text"}}
+	<h2>{{ctx.Locale.Tr "user.activitypub_feed.no_activity"}}</h2>
+	<p class="help">{{ctx.Locale.Tr "user.activitypub_feed.is_empty"}}</p>
+	<p class="help">{{ctx.Locale.Tr "user.activitypub_feed.hint"}}</p>
+</div>
diff --git a/templates/user/overview/header.tmpl b/templates/user/overview/header.tmpl
index ea5d8052f4..cc306cc571 100644
--- a/templates/user/overview/header.tmpl
+++ b/templates/user/overview/header.tmpl
@@ -41,6 +41,11 @@
 					{{svg "octicon-rss"}} {{ctx.Locale.Tr "user.activity"}}
 				</a>
 			{{end}}
+			{{if and FederationEnabled (eq .SignedUserID .ContextUser.ID)}}
+			<a class="{{if eq .TabName "feed"}}active {{end}}item" href="{{.ContextUser.HomeLink}}?tab=feed">
+				{{svg "fediverse-small"}} {{ctx.Locale.Tr "user.activitypub_feed.feed"}}
+			</a>
+			{{end}}
 			{{if not .DisableStars}}
 			<a class="{{if eq .TabName "stars"}}active {{end}}item" href="{{.ContextUser.HomeLink}}?tab=stars">
 				{{svg "octicon-star"}} {{ctx.Locale.Tr "user.starred"}}
diff --git a/templates/user/profile.tmpl b/templates/user/profile.tmpl
index 30210a1775..6fd533767f 100644
--- a/templates/user/profile.tmpl
+++ b/templates/user/profile.tmpl
@@ -58,6 +58,14 @@
 						{{.ProfileReadme}}
 					{{end}}
 					</div>
+				{{else if and FederationEnabled (eq .TabName "feed")}}
+					{{if eq .SignedUserID .ContextUser.ID}}
+						{{if .FollowingFeeds}}
+							{{template "user/dashboard/ap_feed" .}}
+						{{else}}
+							{{template "user/dashboard/ap_feed_guide" .}}
+						{{end}}
+					{{end}}
 				{{else}}
 					{{template "shared/repo_search" .}}
 					{{template "explore/repo_list" .}}
diff --git a/tests/integration/api_activitypub_person_inbox_follow_test.go b/tests/integration/api_activitypub_person_inbox_follow_test.go
index 5a0b452447..f31e7e9011 100644
--- a/tests/integration/api_activitypub_person_inbox_follow_test.go
+++ b/tests/integration/api_activitypub_person_inbox_follow_test.go
@@ -10,6 +10,7 @@ import (
 	"testing"
 	"time"
 
+	"forgejo.org/models/db"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/activitypub"
@@ -26,7 +27,6 @@ import (
 // Flow of this test is documented at: https://codeberg.org/forgejo-contrib/federation/src/branch/main/doc/user-activity-following.md
 func TestActivityPubPersonInboxFollow(t *testing.T) {
 	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
-	defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
 	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
 
 	federation.Init()
@@ -40,6 +40,7 @@ func TestActivityPubPersonInboxFollow(t *testing.T) {
 
 		distantURL := federatedSrv.URL
 		distantUser15URL := fmt.Sprintf("%s/api/v1/activitypub/user-id/15", distantURL)
+		distantUser15AliasURL := fmt.Sprintf("%s/api/v1/activitypub/user-id/alias15", distantURL)
 
 		localUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		localUser2URL := localUrl.JoinPath("/api/v1/activitypub/user-id/2").String()
@@ -52,14 +53,16 @@ func TestActivityPubPersonInboxFollow(t *testing.T) {
 			`{"type":"Follow",`+
 				`"actor":"%s",`+
 				`"object":"%s"}`,
-			distantUser15URL,
+			distantUser15AliasURL,
 			localUser2URL,
 		)
+
 		cf, err := activitypub.NewClientFactoryWithTimeout(60 * time.Second)
 		require.NoError(t, err)
-		c, err := cf.WithKeysDirect(ctx, mock.ApActor.PrivKey,
-			mock.ApActor.KeyID(federatedSrv.URL))
+
+		c, err := cf.WithKeysDirect(ctx, mock.ApActor.PrivKey, mock.ApActor.KeyID(federatedSrv.URL))
 		require.NoError(t, err)
+
 		resp, err := c.Post(followActivity, localUser2Inbox)
 		require.NoError(t, err)
 		assert.Equal(t, http.StatusAccepted, resp.StatusCode)
@@ -94,9 +97,12 @@ func TestActivityPubPersonInboxFollow(t *testing.T) {
 			distantUser15URL,
 			localUser2URL,
 		)
+
 		c, err = cf.WithKeysDirect(ctx, mock.ApActor.PrivKey,
 			mock.ApActor.KeyID(federatedSrv.URL))
+
 		require.NoError(t, err)
+
 		resp, err = c.Post(undoFollowActivity, localUser2Inbox)
 		require.NoError(t, err)
 		assert.Equal(t, http.StatusNoContent, resp.StatusCode)
@@ -110,3 +116,44 @@ func TestActivityPubPersonInboxFollow(t *testing.T) {
 		)
 	})
 }
+
+func TestActivityPubFollowRefollow(t *testing.T) {
+	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
+	defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
+	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
+
+	require.NoError(t, federation.Init())
+
+	mock := test.NewFederationServerMock()
+	federatedSrv := mock.DistantServer(t)
+	defer federatedSrv.Close()
+
+	onApplicationRun(t, func(t *testing.T, localUrl *url.URL) {
+		defer test.MockVariableValue(&setting.AppURL, localUrl.String())()
+
+		distantURL := federatedSrv.URL
+		distantUser15AliasURL := fmt.Sprintf("%s/api/v1/activitypub/user-id/alias15", distantURL)
+
+		localUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		localUser2URL := localUrl.JoinPath("/api/v1/activitypub/user-id/2")
+		localUser2Inbox := localUrl.JoinPath("/api/v1/activitypub/user-id/2/inbox")
+
+		ctx := t.Context()
+
+		var follow user_model.FederatedUserFollower
+		has, err := db.GetEngine(ctx).Get(&follow)
+		require.NoError(t, err)
+		assert.False(t, has)
+
+		require.NoError(t, mock.FollowActorUnsigned(federatedSrv.URL, 15, *localUser2URL, *localUser2Inbox))
+
+		has, err = db.GetEngine(ctx).Get(&follow)
+		require.NoError(t, err)
+		assert.True(t, has)
+		assert.Equal(t, int64(2), follow.FollowedUserID)
+
+		apiCtx, _ := contexttest.MockAPIContext(t, localUser2Inbox.String())
+		err = federation.FollowRemoteActor(apiCtx, localUser, distantUser15AliasURL)
+		require.NoError(t, err)
+	})
+}
diff --git a/tests/integration/api_activitypub_person_inbox_useractivity_test.go b/tests/integration/api_activitypub_person_inbox_useractivity_test.go
index 55fd62a3fe..fa51050045 100644
--- a/tests/integration/api_activitypub_person_inbox_useractivity_test.go
+++ b/tests/integration/api_activitypub_person_inbox_useractivity_test.go
@@ -10,6 +10,7 @@ import (
 	"testing"
 	"time"
 
+	"forgejo.org/models/activities"
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
@@ -26,9 +27,80 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+func TestActivityPubPersonInboxNoteFromDistant(t *testing.T) {
+	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
+	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
+
+	federation.Init()
+
+	mock := test.NewFederationServerMock()
+	federatedSrv := mock.DistantServer(t)
+	defer federatedSrv.Close()
+
+	onApplicationRun(t, func(t *testing.T, localUrl *url.URL) {
+		defer test.MockVariableValue(&setting.AppURL, localUrl.String())()
+
+		distantURL := federatedSrv.URL
+		distantUser15URL := fmt.Sprintf("%s/api/v1/activitypub/user-id/15", distantURL)
+
+		localUser2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		localUser2URL := localUrl.JoinPath("/api/v1/activitypub/user-id/2").String()
+		localUser2Inbox := localUrl.JoinPath("/api/v1/activitypub/user-id/2/inbox").String()
+		localSession2 := loginUser(t, localUser2.LoginName)
+		localSecssion2Token := getTokenForLoggedInUser(t, localSession2, auth_model.AccessTokenScopeWriteUser)
+
+		// view own empty feed on web UI
+		feedPage := NewHTMLParser(t, localSession2.MakeRequest(t, NewRequest(t, "GET", "/user2?tab=feed"), http.StatusOK).Body)
+		feedPage.AssertElement(t, "#empty-ap-feed", true)
+
+		// follow (local follows distant)
+		req := NewRequestWithJSON(t, "POST",
+			"/api/v1/user/activitypub/follow",
+			&structs.APRemoteFollowOption{
+				Target: distantUser15URL,
+			}).
+			AddTokenAuth(localSecssion2Token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		// send note (distant -> local)
+		distantNoteURL := fmt.Sprintf("%s/api/v1/activitypub/note/104", distantURL)
+
+		userActivity := fmt.Appendf(
+			[]byte{},
+			`{"type":"Create",`+
+				`"actor":"%s",`+
+				`"to": ["https://www.w3.org/ns/activitystreams#Public"],`+
+				`"cc": ["%s"],`+
+				`"object": {"type":"Note","content":"The Content!",`+
+				`"url":"%s"}}`,
+			distantUser15URL,
+			localUser2URL,
+			distantNoteURL,
+		)
+
+		ctx, _ := contexttest.MockAPIContext(t, localUser2Inbox)
+		cf, err := activitypub.NewClientFactoryWithTimeout(60 * time.Second)
+		require.NoError(t, err)
+
+		c, err := cf.WithKeysDirect(ctx, mock.ApActor.PrivKey, mock.ApActor.KeyID(federatedSrv.URL))
+		require.NoError(t, err)
+
+		resp, err := c.Post(userActivity, localUser2Inbox)
+		require.NoError(t, err)
+
+		assert.Equal(t, http.StatusNoContent, resp.StatusCode)
+
+		// check whether user activity exists in local instance
+		unittest.AssertExistsAndLoadBean(t, &activities.FederatedUserActivity{NoteURL: distantNoteURL})
+
+		// view own non-empty feed on web UI
+		feedPage = NewHTMLParser(t, localSession2.MakeRequest(t, NewRequest(t, "GET", "/user2?tab=feed"), http.StatusOK).Body)
+		feedPage.AssertElement(t, "#empty-ap-feed", false)
+	})
+}
+
 func TestActivityPubPersonInboxNoteToDistant(t *testing.T) {
 	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
-	defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
 	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
 
 	federation.Init()
@@ -60,14 +132,17 @@ func TestActivityPubPersonInboxNoteToDistant(t *testing.T) {
 			distantUser15URL,
 			localUser2URL,
 		)
+
 		ctx, _ := contexttest.MockAPIContext(t, localUser2Inbox)
 		cf, err := activitypub.NewClientFactoryWithTimeout(60 * time.Second)
 		require.NoError(t, err)
-		c, err := cf.WithKeysDirect(ctx, mock.ApActor.PrivKey,
-			mock.ApActor.KeyID(federatedSrv.URL))
+
+		c, err := cf.WithKeysDirect(ctx, mock.ApActor.PrivKey, mock.ApActor.KeyID(federatedSrv.URL))
 		require.NoError(t, err)
+
 		resp, err := c.Post(followActivity, localUser2Inbox)
 		require.NoError(t, err)
+
 		assert.Equal(t, http.StatusAccepted, resp.StatusCode)
 
 		// local action which triggers a user activity
@@ -87,9 +162,11 @@ func TestActivityPubPersonInboxNoteToDistant(t *testing.T) {
 		// distant request activity & activity note
 		localUser2ActivityNote := fmt.Sprintf("%v/activities/1", localUser2URL)
 		localUser2Activity := fmt.Sprintf("%v/activities/1/activity", localUser2URL)
+
 		resp, err = c.Get(localUser2ActivityNote)
 		require.NoError(t, err)
 		assert.Equal(t, http.StatusOK, resp.StatusCode)
+
 		resp, err = c.Get(localUser2Activity)
 		require.NoError(t, err)
 		assert.Equal(t, http.StatusOK, resp.StatusCode)
diff --git a/tests/integration/api_user_follow_federation_test.go b/tests/integration/api_user_follow_federation_test.go
new file mode 100644
index 0000000000..e3dc72b264
--- /dev/null
+++ b/tests/integration/api_user_follow_federation_test.go
@@ -0,0 +1,55 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/forgefed"
+	"forgejo.org/models/unittest"
+	"forgejo.org/models/user"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/structs"
+	"forgejo.org/modules/test"
+	"forgejo.org/routers"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestActivityPubFollowFederated(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
+	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
+
+	mock := test.NewFederationServerMock()
+	federatedSrv := mock.DistantServer(t)
+	defer federatedSrv.Close()
+
+	localUser10Name := "user10"
+	localSession10 := loginUser(t, localUser10Name)
+	localSecssion10Token := getTokenForLoggedInUser(t, localSession10, auth_model.AccessTokenScopeWriteUser)
+
+	distantURL := federatedSrv.URL
+	distantUser15URL := fmt.Sprintf("%s/api/v1/activitypub/user-id/15", distantURL)
+
+	// local user follow distant
+	req := NewRequestWithJSON(t, "POST",
+		"/api/v1/user/activitypub/follow",
+		&structs.APRemoteFollowOption{
+			Target: distantUser15URL,
+		}).
+		AddTokenAuth(localSecssion10Token)
+	MakeRequest(t, req, http.StatusNoContent)
+
+	// check: federated actors now exist local
+	federationHost := unittest.AssertExistsAndLoadBean(t, &forgefed.FederationHost{HostFqdn: "127.0.0.1"})
+	unittest.AssertExistsAndLoadBean(t, &user.FederatedUser{ExternalID: "15", FederationHostID: federationHost.ID})
+
+	// check: follow request arrived at distant
+	assert.Contains(t, mock.LastPost, "\"object\":\"http://DISTANT_FEDERATION_HOST/api/v1/activitypub/user-id/15\"")
+}
diff --git a/tests/integration/federation_home_template_test.go b/tests/integration/federation_home_template_test.go
new file mode 100644
index 0000000000..806fe31b7b
--- /dev/null
+++ b/tests/integration/federation_home_template_test.go
@@ -0,0 +1,53 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+	"forgejo.org/routers"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/net/html"
+)
+
+func getLinks(t *testing.T, url string) []*html.Node {
+	req := NewRequest(t, "GET", url)
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	htmlDoc := NewHTMLParser(t, resp.Body)
+	links := htmlDoc.doc.Find("link[type=\"application/activity+json\"]").Nodes
+
+	return links
+}
+
+func TestFederationBaseHead(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
+
+	t.Run("Federation disabled", func(t *testing.T) {
+		defer test.MockVariableValue(&setting.Federation.Enabled, false)()
+
+		links := getLinks(t, "/user1")
+		assert.Empty(t, links)
+	})
+
+	t.Run("Federation enabled", func(t *testing.T) {
+		defer test.MockVariableValue(&setting.Federation.Enabled, true)()
+
+		links := getLinks(t, "/user1")
+		assert.Len(t, links, 1)
+	})
+
+	t.Run("Organization", func(t *testing.T) {
+		defer test.MockVariableValue(&setting.Federation.Enabled, true)()
+
+		links := getLinks(t, "/org3")
+		assert.Empty(t, links)
+	})
+}
diff --git a/web_src/svg/fediverse-small.svg b/web_src/svg/fediverse-small.svg
new file mode 100644
index 0000000000..43baee480e
--- /dev/null
+++ b/web_src/svg/fediverse-small.svg
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   width="24"
+   height="24"
+   viewBox="0 0 6.3499999 6.35"
+   version="1.1"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <metadata
+    xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+    xmlns:cc="http://creativecommons.org/ns#"
+    xmlns:dc="http://purl.org/dc/elements/1.1/"
+  >
+    <rdf:RDF>
+      <cc:Work rdf:about="https://codeberg.org/forgejo/forgejo/src/web_src/svg/fediverse-small.svg">
+        <dc:title>Forgejo small Fediverse icon</dc:title>
+        <cc:attributionName>The Forgejo Authors</cc:attributionName>
+        <cc:license>MIT</cc:license>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <path
+     style="stroke-linecap:round"
+     d="M 3.5898438,1.1601562 A 0.203686,0.203686 0 0 0 3.3496094,1.3203125 0.203686,0.203686 0 0 0 3.5078125,1.5605469 c 0.1072344,0.021943 0.2100638,0.054028 0.3085938,0.095703 0.1970601,0.08335 0.3741719,0.2042501 0.5234374,0.3535156 0.2985315,0.2985315 0.4843751,0.7096169 0.484375,1.1660157 0,0.2281995 -0.04751,0.4435652 -0.1308593,0.640625 a 0.203686,0.203686 0 0 0 0.109375,0.2675781 0.203686,0.203686 0 0 0 0.265625,-0.109375 C 5.1724517,3.7285087 5.2304688,3.4590205 5.2304687,3.1757813 5.2304687,2.6093024 5.0006974,2.0924942 4.6289062,1.7207031 4.4430106,1.5348075 4.2207091,1.3853417 3.9746094,1.28125 3.8515589,1.2292038 3.7237416,1.1875557 3.5898438,1.1601562 Z M 1.546875,2.265625 A 0.203686,0.203686 0 0 0 1.28125,2.375 C 1.1771594,2.6210999 1.1191406,2.8925415 1.1191406,3.1757813 c 0,0.5664787 0.2297714,1.0813338 0.6015625,1.4531249 0.1858956,0.1858957 0.408197,0.3353614 0.6542969,0.4394532 0.1230501,0.052046 0.2528205,0.093694 0.3867188,0.1210937 A 0.203686,0.203686 0 0 0 3.0019531,5.03125 0.203686,0.203686 0 0 0 2.8417969,4.7890625 C 2.7345627,4.7671193 2.6317332,4.7350342 2.5332031,4.6933594 2.3361428,4.6100096 2.1590312,4.4891093 2.0097656,4.3398437 1.7112341,4.0413123 1.5273438,3.6321799 1.5273437,3.1757813 c 0,-0.2281991 0.045557,-0.4455169 0.1289063,-0.6425782 A 0.203686,0.203686 0 0 0 1.546875,2.265625 Z"
+     transform="matrix(1.2870397,0,0,1.3110209,-0.91132678,-0.98749822)" />
+  <path
+     d="m 1.984375,0.921875 c -0.467452,2e-8 -0.8496094,0.3841105 -0.8496094,0.8515625 0,0.467452 0.3821574,0.8496094 0.8496094,0.8496094 0.467452,0 0.8496094,-0.3821574 0.8496094,-0.8496094 0,-0.467452 -0.3821574,-0.85156248 -0.8496094,-0.8515625 z m 0,0.3789062 c 0.2631744,10e-8 0.4726562,0.2094819 0.4726563,0.4726563 -1e-7,0.2631744 -0.2094819,0.4726562 -0.4726563,0.4726563 -0.2631744,-1e-7 -0.4726562,-0.2094819 -0.4726563,-0.4726563 10e-8,-0.2631744 0.2094819,-0.4726562 0.4726563,-0.4726563 z"
+     transform="matrix(1.3999375,0,0,1.4000066,-1.0582509,-1.0265909)" />
+  <path
+     d="m 4.6308594,3.7050781 c -0.6544307,10e-8 -1.1914062,0.5350214 -1.1914063,1.1894531 10e-8,0.6544318 0.5369756,1.1914062 1.1914063,1.1914063 0.6544307,0 1.1894531,-0.5369745 1.1894531,-1.1914063 0,-0.6544317 -0.5350224,-1.1894531 -1.1894531,-1.1894531 z m 0,0.5273438 c 0.3684464,0 0.6601562,0.2936593 0.6601562,0.6621093 0,0.3684501 -0.2917098,0.6621094 -0.6601562,0.6621094 -0.3684464,0 -0.6621094,-0.2936593 -0.6621094,-0.6621094 0,-0.36845 0.293663,-0.6621093 0.6621094,-0.6621093 z" />
+</svg>
\ No newline at end of file

From 2b42fdaa2617a0cd348000817afd5d6b01ea4171 Mon Sep 17 00:00:00 2001
From: TurtleArmy <turtlearmy@noreply.codeberg.org>
Date: Sun, 12 Apr 2026 18:30:30 +0200
Subject: [PATCH 676/854] feat(ui): Fix comma separated attributes in code
 blocks language preventing syntax-highlighting (#12056)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Currently, forgejo does not support syntax highlighting code-blocks that have comma separated attributes after the language. This is a pattern sometimes seen in Rust code blocks, with tests like this:

\`\`\`rust
#[test]
fn run_this_test() { /* ... */ }
\`\`\`

\`\`\`rust,ignore
#[test]
fn skip_this_test() { /* ... */ }
\`\`\`

Currently, forgejo only does syntax highlighting in the first case:

```rust
#[test]
fn run_this_test() { /* ... */ }
```

```rust,ignore
#[test]
fn skip_this_test() { /* ... */ }
```

An example of this causing problems can be seen in this commit (https://codeberg.org/zesterer/ariadne/commit/5be9c5b7d2a2eeeefbc014a1ba873b53f1afaee9) causing the following issue (https://codeberg.org/zesterer/ariadne/issues/188).

This PR fixes fixes the second case not getting proper syntax highlighting.

Co-authored-by: TurtleArmy <44322335+TurtleArmyMc@users.noreply.github.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12056
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Ellen Εμίλια Άννα Zscheile <fogti@noreply.codeberg.org>
Co-authored-by: TurtleArmy <turtlearmy@noreply.codeberg.org>
Co-committed-by: TurtleArmy <turtlearmy@noreply.codeberg.org>
---
 modules/markup/markdown/goldmark.go           |  2 ++
 modules/markup/markdown/markdown_test.go      | 24 +++++++++++++++++
 .../markdown/transform_codeblock_lang.go      | 27 +++++++++++++++++++
 3 files changed, 53 insertions(+)
 create mode 100644 modules/markup/markdown/transform_codeblock_lang.go

diff --git a/modules/markup/markdown/goldmark.go b/modules/markup/markdown/goldmark.go
index 1ea3375ab5..aec710fd46 100644
--- a/modules/markup/markdown/goldmark.go
+++ b/modules/markup/markdown/goldmark.go
@@ -90,6 +90,8 @@ func (g *ASTTransformer) Transform(node *ast.Document, reader text.Reader, pc pa
 			}
 		case *ast.RawHTML:
 			g.transformRawHTML(ctx, v, reader)
+		case *ast.FencedCodeBlock:
+			g.transformCodeblockLanguage(v, reader)
 		}
 		return ast.WalkContinue, nil
 	})
diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go
index 61ded3cedc..fc4a515f72 100644
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@@ -1488,3 +1488,27 @@ func TestCallout(t *testing.T) {
 <p>Bad stuff is brewing here</p>
 </blockquote>`)
 }
+
+func TestCodeblockLanguageStripping(t *testing.T) {
+	test := func(input, expected string) {
+		buffer, err := markdown.RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, input)
+		require.NoError(t, err)
+		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(string(buffer)))
+	}
+
+	// Unstripped
+	test(
+		"```rust\n"+
+			"fn main() {}\n"+
+			"```",
+		`<pre class="code-block"><code class="chroma language-rust display"><span class="k">fn</span> <span class="nf">main</span><span class="p">()</span><span class="w"> </span><span class="p">{}</span><span class="w">
+</span></code></pre>`)
+
+	// Stripped
+	test(
+		"```rust,ignore\n"+
+			"fn main() {}\n"+
+			"```",
+		`<pre class="code-block"><code class="chroma language-rust display"><span class="k">fn</span> <span class="nf">main</span><span class="p">()</span><span class="w"> </span><span class="p">{}</span><span class="w">
+</span></code></pre>`)
+}
diff --git a/modules/markup/markdown/transform_codeblock_lang.go b/modules/markup/markdown/transform_codeblock_lang.go
new file mode 100644
index 0000000000..2c90373c4e
--- /dev/null
+++ b/modules/markup/markdown/transform_codeblock_lang.go
@@ -0,0 +1,27 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package markdown
+
+import (
+	"bytes"
+
+	"github.com/yuin/goldmark/ast"
+	"github.com/yuin/goldmark/text"
+)
+
+func (g *ASTTransformer) transformCodeblockLanguage(v *ast.FencedCodeBlock, reader text.Reader) {
+	src := reader.Source()
+	info := v.Info.Segment.Value(src)
+	// Strip language after commas
+	//
+	// For example,
+	// ```rust,ignore
+	// ...
+	// ```
+	// Should have a language of "rust", not "rust,ignore"
+	if i := bytes.IndexByte(info, ','); i != -1 {
+		start := v.Info.Segment.Start
+		v.Info = ast.NewTextSegment(text.NewSegment(start, start+i))
+	}
+}

From aad64a9508c0134095e4433a29c04ebc671b0218 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 13 Apr 2026 02:17:33 +0200
Subject: [PATCH 677/854] Update renovate Docker tag to v43.111.0 (forgejo)
 (#12100)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index a83ed31bfa..bc5c481a15 100644
--- a/Makefile
+++ b/Makefile
@@ -48,7 +48,7 @@ GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasour
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.44.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.104.8 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.111.0 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From a1be012c4a1e99cfc482a723ebb32af26baad65c Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 13 Apr 2026 02:25:39 +0200
Subject: [PATCH 678/854] Lock file maintenance (forgejo) (#12101)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12101
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json                  | 397 +++++++++++++++--------------
 web_src/fomantic/package-lock.json |  69 ++---
 2 files changed, 235 insertions(+), 231 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 364c1527cb..ac1dbdcc19 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -328,42 +328,40 @@
       }
     },
     "node_modules/@chevrotain/cst-dts-gen": {
-      "version": "11.1.2",
-      "resolved": "https://registry.npmjs.org/@chevrotain/cst-dts-gen/-/cst-dts-gen-11.1.2.tgz",
-      "integrity": "sha512-XTsjvDVB5nDZBQB8o0o/0ozNelQtn2KrUVteIHSlPd2VAV2utEb6JzyCJaJ8tGxACR4RiBNWy5uYUHX2eji88Q==",
+      "version": "12.0.0",
+      "resolved": "https://registry.npmjs.org/@chevrotain/cst-dts-gen/-/cst-dts-gen-12.0.0.tgz",
+      "integrity": "sha512-fSL4KXjTl7cDgf0B5Rip9Q05BOrYvkJV/RrBTE/bKDN096E4hN/ySpcBK5B24T76dlQ2i32Zc3PAE27jFnFrKg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@chevrotain/gast": "11.1.2",
-        "@chevrotain/types": "11.1.2",
-        "lodash-es": "4.17.23"
+        "@chevrotain/gast": "12.0.0",
+        "@chevrotain/types": "12.0.0"
       }
     },
     "node_modules/@chevrotain/gast": {
-      "version": "11.1.2",
-      "resolved": "https://registry.npmjs.org/@chevrotain/gast/-/gast-11.1.2.tgz",
-      "integrity": "sha512-Z9zfXR5jNZb1Hlsd/p+4XWeUFugrHirq36bKzPWDSIacV+GPSVXdk+ahVWZTwjhNwofAWg/sZg58fyucKSQx5g==",
+      "version": "12.0.0",
+      "resolved": "https://registry.npmjs.org/@chevrotain/gast/-/gast-12.0.0.tgz",
+      "integrity": "sha512-1ne/m3XsIT8aEdrvT33so0GUC+wkctpUPK6zU9IlOyJLUbR0rg4G7ZiApiJbggpgPir9ERy3FRjT6T7lpgetnQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@chevrotain/types": "11.1.2",
-        "lodash-es": "4.17.23"
+        "@chevrotain/types": "12.0.0"
       }
     },
     "node_modules/@chevrotain/regexp-to-ast": {
-      "version": "11.1.2",
-      "resolved": "https://registry.npmjs.org/@chevrotain/regexp-to-ast/-/regexp-to-ast-11.1.2.tgz",
-      "integrity": "sha512-nMU3Uj8naWer7xpZTYJdxbAs6RIv/dxYzkYU8GSwgUtcAAlzjcPfX1w+RKRcYG8POlzMeayOQ/znfwxEGo5ulw==",
+      "version": "12.0.0",
+      "resolved": "https://registry.npmjs.org/@chevrotain/regexp-to-ast/-/regexp-to-ast-12.0.0.tgz",
+      "integrity": "sha512-p+EW9MaJwgaHguhoqwOtx/FwuGr+DnNn857sXWOi/mClXIkPGl3rn7hGNWvo31HA3vyeQxjqe+H36yZJwYU8cA==",
       "license": "Apache-2.0"
     },
     "node_modules/@chevrotain/types": {
-      "version": "11.1.2",
-      "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-11.1.2.tgz",
-      "integrity": "sha512-U+HFai5+zmJCkK86QsaJtoITlboZHBqrVketcO2ROv865xfCMSFpELQoz1GkX5GzME8pTa+3kbKrZHQtI0gdbw==",
+      "version": "12.0.0",
+      "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-12.0.0.tgz",
+      "integrity": "sha512-S+04vjFQKeuYw0/eW3U52LkAHQsB1ASxsPGsLPUyQgrZ2iNNibQrsidruDzjEX2JYfespXMG0eZmXlhA6z7nWA==",
       "license": "Apache-2.0"
     },
     "node_modules/@chevrotain/utils": {
-      "version": "11.1.2",
-      "resolved": "https://registry.npmjs.org/@chevrotain/utils/-/utils-11.1.2.tgz",
-      "integrity": "sha512-4mudFAQ6H+MqBTfqLmU7G1ZwRzCLfJEooL/fsF6rCX5eePMbGhoy5n4g+G4vlh2muDcsCTJtL+uKbOzWxs5LHA==",
+      "version": "12.0.0",
+      "resolved": "https://registry.npmjs.org/@chevrotain/utils/-/utils-12.0.0.tgz",
+      "integrity": "sha512-lB59uJoaGIfOOL9knQqQRfhl9g7x8/wqFkp13zTdkRu1huG9kg6IJs1O8hqj9rs6h7orGxHJUKb+mX3rPbWGhA==",
       "license": "Apache-2.0"
     },
     "node_modules/@citation-js/core": {
@@ -811,9 +809,9 @@
       }
     },
     "node_modules/@csstools/css-syntax-patches-for-csstree": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.1.2.tgz",
-      "integrity": "sha512-5GkLzz4prTIpoyeUiIu3iV6CSG3Plo7xRVOFPKI7FVEJ3mZ0A8SwK0XU3Gl7xAkiQ+mDyam+NNp875/C5y+jSA==",
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.1.3.tgz",
+      "integrity": "sha512-SH60bMfrRCJF3morcdk57WklujF4Jr/EsQUzqkarfHXEFcAR1gg7fS/chAE922Sehgzc1/+Tz5H3Ypa1HiEKrg==",
       "dev": true,
       "funding": [
         {
@@ -1478,9 +1476,9 @@
       "license": "MIT"
     },
     "node_modules/@eslint/config-array/node_modules/brace-expansion": {
-      "version": "1.1.13",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
-      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "version": "1.1.14",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
+      "integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1576,9 +1574,9 @@
       "license": "MIT"
     },
     "node_modules/@eslint/eslintrc/node_modules/brace-expansion": {
-      "version": "1.1.13",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
-      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "version": "1.1.14",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
+      "integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -2541,9 +2539,9 @@
       "license": "MIT"
     },
     "node_modules/@lezer/common": {
-      "version": "1.5.1",
-      "resolved": "https://registry.npmjs.org/@lezer/common/-/common-1.5.1.tgz",
-      "integrity": "sha512-6YRVG9vBkaY7p1IVxL4s44n5nUnaNnGM2/AckNgYOnxTG2kWh1vR8BMxPseWPjRNpb5VtXnMpeYAEAADoRV1Iw==",
+      "version": "1.5.2",
+      "resolved": "https://registry.npmjs.org/@lezer/common/-/common-1.5.2.tgz",
+      "integrity": "sha512-sxQE460fPZyU3sdc8lafxiPwJHBzZRy/udNFynGQky1SePYBdhkBl1kOagA9uT3pxR8K09bOrmTUqA9wb/PjSQ==",
       "license": "MIT"
     },
     "node_modules/@lezer/cpp": {
@@ -2879,9 +2877,9 @@
       "license": "MIT"
     },
     "node_modules/@oxc-project/types": {
-      "version": "0.122.0",
-      "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.122.0.tgz",
-      "integrity": "sha512-oLAl5kBpV4w69UtFZ9xqcmTi+GENWOcPF7FCrczTiBbmC0ibXxCwyvZGbO39rCVEuLGAZM84DH0pUIyyv/YJzA==",
+      "version": "0.124.0",
+      "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.124.0.tgz",
+      "integrity": "sha512-VBFWMTBvHxS11Z5Lvlr3IWgrwhMTXV+Md+EQF0Xf60+wAdsGFTBx7X7K/hP4pi8N7dcm1RvcHwDxZ16Qx8keUg==",
       "dev": true,
       "license": "MIT",
       "funding": {
@@ -2942,9 +2940,9 @@
       }
     },
     "node_modules/@rolldown/binding-android-arm64": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-android-arm64/-/binding-android-arm64-1.0.0-rc.12.tgz",
-      "integrity": "sha512-pv1y2Fv0JybcykuiiD3qBOBdz6RteYojRFY1d+b95WVuzx211CRh+ytI/+9iVyWQ6koTh5dawe4S/yRfOFjgaA==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-android-arm64/-/binding-android-arm64-1.0.0-rc.15.tgz",
+      "integrity": "sha512-YYe6aWruPZDtHNpwu7+qAHEMbQ/yRl6atqb/AhznLTnD3UY99Q1jE7ihLSahNWkF4EqRPVC4SiR4O0UkLK02tA==",
       "cpu": [
         "arm64"
       ],
@@ -2959,9 +2957,9 @@
       }
     },
     "node_modules/@rolldown/binding-darwin-arm64": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-arm64/-/binding-darwin-arm64-1.0.0-rc.12.tgz",
-      "integrity": "sha512-cFYr6zTG/3PXXF3pUO+umXxt1wkRK/0AYT8lDwuqvRC+LuKYWSAQAQZjCWDQpAH172ZV6ieYrNnFzVVcnSflAg==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-arm64/-/binding-darwin-arm64-1.0.0-rc.15.tgz",
+      "integrity": "sha512-oArR/ig8wNTPYsXL+Mzhs0oxhxfuHRfG7Ikw7jXsw8mYOtk71W0OkF2VEVh699pdmzjPQsTjlD1JIOoHkLP1Fg==",
       "cpu": [
         "arm64"
       ],
@@ -2976,9 +2974,9 @@
       }
     },
     "node_modules/@rolldown/binding-darwin-x64": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-x64/-/binding-darwin-x64-1.0.0-rc.12.tgz",
-      "integrity": "sha512-ZCsYknnHzeXYps0lGBz8JrF37GpE9bFVefrlmDrAQhOEi4IOIlcoU1+FwHEtyXGx2VkYAvhu7dyBf75EJQffBw==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-x64/-/binding-darwin-x64-1.0.0-rc.15.tgz",
+      "integrity": "sha512-YzeVqOqjPYvUbJSWJ4EDL8ahbmsIXQpgL3JVipmN+MX0XnXMeWomLN3Fb+nwCmP/jfyqte5I3XRSm7OfQrbyxw==",
       "cpu": [
         "x64"
       ],
@@ -2993,9 +2991,9 @@
       }
     },
     "node_modules/@rolldown/binding-freebsd-x64": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-freebsd-x64/-/binding-freebsd-x64-1.0.0-rc.12.tgz",
-      "integrity": "sha512-dMLeprcVsyJsKolRXyoTH3NL6qtsT0Y2xeuEA8WQJquWFXkEC4bcu1rLZZSnZRMtAqwtrF/Ib9Ddtpa/Gkge9Q==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-freebsd-x64/-/binding-freebsd-x64-1.0.0-rc.15.tgz",
+      "integrity": "sha512-9Erhx956jeQ0nNTyif1+QWAXDRD38ZNjr//bSHrt6wDwB+QkAfl2q6Mn1k6OBPerznjRmbM10lgRb1Pli4xZPw==",
       "cpu": [
         "x64"
       ],
@@ -3010,9 +3008,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-arm-gnueabihf": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.0.0-rc.12.tgz",
-      "integrity": "sha512-YqWjAgGC/9M1lz3GR1r1rP79nMgo3mQiiA+Hfo+pvKFK1fAJ1bCi0ZQVh8noOqNacuY1qIcfyVfP6HoyBRZ85Q==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.0.0-rc.15.tgz",
+      "integrity": "sha512-cVwk0w8QbZJGTnP/AHQBs5yNwmpgGYStL88t4UIaqcvYJWBfS0s3oqVLZPwsPU6M0zlW4GqjP0Zq5MnAGwFeGA==",
       "cpu": [
         "arm"
       ],
@@ -3027,9 +3025,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-arm64-gnu": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.0.0-rc.12.tgz",
-      "integrity": "sha512-/I5AS4cIroLpslsmzXfwbe5OmWvSsrFuEw3mwvbQ1kDxJ822hFHIx+vsN/TAzNVyepI/j/GSzrtCIwQPeKCLIg==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.0.0-rc.15.tgz",
+      "integrity": "sha512-eBZ/u8iAK9SoHGanqe/jrPnY0JvBN6iXbVOsbO38mbz+ZJsaobExAm1Iu+rxa4S1l2FjG0qEZn4Rc6X8n+9M+w==",
       "cpu": [
         "arm64"
       ],
@@ -3047,9 +3045,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-arm64-musl": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.0.0-rc.12.tgz",
-      "integrity": "sha512-V6/wZztnBqlx5hJQqNWwFdxIKN0m38p8Jas+VoSfgH54HSj9tKTt1dZvG6JRHcjh6D7TvrJPWFGaY9UBVOaWPw==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.0.0-rc.15.tgz",
+      "integrity": "sha512-ZvRYMGrAklV9PEkgt4LQM6MjQX2P58HPAuecwYObY2DhS2t35R0I810bKi0wmaYORt6m/2Sm+Z+nFgb0WhXNcQ==",
       "cpu": [
         "arm64"
       ],
@@ -3067,9 +3065,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-ppc64-gnu": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.0.0-rc.12.tgz",
-      "integrity": "sha512-AP3E9BpcUYliZCxa3w5Kwj9OtEVDYK6sVoUzy4vTOJsjPOgdaJZKFmN4oOlX0Wp0RPV2ETfmIra9x1xuayFB7g==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.0.0-rc.15.tgz",
+      "integrity": "sha512-VDpgGBzgfg5hLg+uBpCLoFG5kVvEyafmfxGUV0UHLcL5irxAK7PKNeC2MwClgk6ZAiNhmo9FLhRYgvMmedLtnQ==",
       "cpu": [
         "ppc64"
       ],
@@ -3087,9 +3085,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-s390x-gnu": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.0.0-rc.12.tgz",
-      "integrity": "sha512-nWwpvUSPkoFmZo0kQazZYOrT7J5DGOJ/+QHHzjvNlooDZED8oH82Yg67HvehPPLAg5fUff7TfWFHQS8IV1n3og==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.0.0-rc.15.tgz",
+      "integrity": "sha512-y1uXY3qQWCzcPgRJATPSOUP4tCemh4uBdY7e3EZbVwCJTY3gLJWnQABgeUetvED+bt1FQ01OeZwvhLS2bpNrAQ==",
       "cpu": [
         "s390x"
       ],
@@ -3107,9 +3105,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-x64-gnu": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.0.0-rc.12.tgz",
-      "integrity": "sha512-RNrafz5bcwRy+O9e6P8Z/OCAJW/A+qtBczIqVYwTs14pf4iV1/+eKEjdOUta93q2TsT/FI0XYDP3TCky38LMAg==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.0.0-rc.15.tgz",
+      "integrity": "sha512-023bTPBod7J3Y/4fzAN6QtpkSABR0rigtrwaP+qSEabUh5zf6ELr9Nc7GujaROuPY3uwdSIXWrvhn1KxOvurWA==",
       "cpu": [
         "x64"
       ],
@@ -3127,9 +3125,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-x64-musl": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-musl/-/binding-linux-x64-musl-1.0.0-rc.12.tgz",
-      "integrity": "sha512-Jpw/0iwoKWx3LJ2rc1yjFrj+T7iHZn2JDg1Yny1ma0luviFS4mhAIcd1LFNxK3EYu3DHWCps0ydXQ5i/rrJ2ig==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-musl/-/binding-linux-x64-musl-1.0.0-rc.15.tgz",
+      "integrity": "sha512-witB2O0/hU4CgfOOKUoeFgQ4GktPi1eEbAhaLAIpgD6+ZnhcPkUtPsoKKHRzmOoWPZue46IThdSgdo4XneOLYw==",
       "cpu": [
         "x64"
       ],
@@ -3147,9 +3145,9 @@
       }
     },
     "node_modules/@rolldown/binding-openharmony-arm64": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-openharmony-arm64/-/binding-openharmony-arm64-1.0.0-rc.12.tgz",
-      "integrity": "sha512-vRugONE4yMfVn0+7lUKdKvN4D5YusEiPilaoO2sgUWpCvrncvWgPMzK00ZFFJuiPgLwgFNP5eSiUlv2tfc+lpA==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-openharmony-arm64/-/binding-openharmony-arm64-1.0.0-rc.15.tgz",
+      "integrity": "sha512-UCL68NJ0Ud5zRipXZE9dF5PmirzJE4E4BCIOOssEnM7wLDsxjc6Qb0sGDxTNRTP53I6MZpygyCpY8Aa8sPfKPg==",
       "cpu": [
         "arm64"
       ],
@@ -3164,9 +3162,9 @@
       }
     },
     "node_modules/@rolldown/binding-wasm32-wasi": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-wasm32-wasi/-/binding-wasm32-wasi-1.0.0-rc.12.tgz",
-      "integrity": "sha512-ykGiLr/6kkiHc0XnBfmFJuCjr5ZYKKofkx+chJWDjitX+KsJuAmrzWhwyOMSHzPhzOHOy7u9HlFoa5MoAOJ/Zg==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-wasm32-wasi/-/binding-wasm32-wasi-1.0.0-rc.15.tgz",
+      "integrity": "sha512-ApLruZq/ig+nhaE7OJm4lDjayUnOHVUa77zGeqnqZ9pn0ovdVbbNPerVibLXDmWeUZXjIYIT8V3xkT58Rm9u5Q==",
       "cpu": [
         "wasm32"
       ],
@@ -3174,16 +3172,18 @@
       "license": "MIT",
       "optional": true,
       "dependencies": {
-        "@napi-rs/wasm-runtime": "^1.1.1"
+        "@emnapi/core": "1.9.2",
+        "@emnapi/runtime": "1.9.2",
+        "@napi-rs/wasm-runtime": "^1.1.3"
       },
       "engines": {
         "node": ">=14.0.0"
       }
     },
     "node_modules/@rolldown/binding-wasm32-wasi/node_modules/@napi-rs/wasm-runtime": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.2.tgz",
-      "integrity": "sha512-sNXv5oLJ7ob93xkZ1XnxisYhGYXfaG9f65/ZgYuAu3qt7b3NadcOEhLvx28hv31PgX8SZJRYrAIPQilQmFpLVw==",
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.3.tgz",
+      "integrity": "sha512-xK9sGVbJWYb08+mTJt3/YV24WxvxpXcXtP6B172paPZ+Ts69Re9dAr7lKwJoeIx8OoeuimEiRZ7umkiUVClmmQ==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -3200,9 +3200,9 @@
       }
     },
     "node_modules/@rolldown/binding-win32-arm64-msvc": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.0.0-rc.12.tgz",
-      "integrity": "sha512-5eOND4duWkwx1AzCxadcOrNeighiLwMInEADT0YM7xeEOOFcovWZCq8dadXgcRHSf3Ulh1kFo/qvzoFiCLOL1Q==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.0.0-rc.15.tgz",
+      "integrity": "sha512-KmoUoU7HnN+Si5YWJigfTws1jz1bKBYDQKdbLspz0UaqjjFkddHsqorgiW1mxcAj88lYUE6NC/zJNwT+SloqtA==",
       "cpu": [
         "arm64"
       ],
@@ -3217,9 +3217,9 @@
       }
     },
     "node_modules/@rolldown/binding-win32-x64-msvc": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.0.0-rc.12.tgz",
-      "integrity": "sha512-PyqoipaswDLAZtot351MLhrlrh6lcZPo2LSYE+VDxbVk24LVKAGOuE4hb8xZQmrPAuEtTZW8E6D2zc5EUZX4Lw==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.0.0-rc.15.tgz",
+      "integrity": "sha512-3P2A8L+x75qavWLe/Dll3EYBJLQmtkJN8rfh+U/eR3MqMgL/h98PhYI+JFfXuDPgPeCB7iZAKiqii5vqOvnA0g==",
       "cpu": [
         "x64"
       ],
@@ -3548,9 +3548,9 @@
       "license": "MIT"
     },
     "node_modules/@stoplight/spectral-core/node_modules/brace-expansion": {
-      "version": "1.1.13",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
-      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "version": "1.1.14",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
+      "integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -4301,12 +4301,12 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "25.5.2",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.2.tgz",
-      "integrity": "sha512-tO4ZIRKNC+MDWV4qKVZe3Ql/woTnmHDr5JD8UI5hn2pwBrHEwOEMZK7WlNb5RKB6EoJ02gwmQS9OrjuFnZYdpg==",
+      "version": "25.6.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.6.0.tgz",
+      "integrity": "sha512-+qIYRKdNYJwY3vRCZMdJbPLJAtGjQBudzZzdzwQYkEPQd+PJGixUL5QfvCLDaULoLv+RhT3LDkwEfKaAkgSmNQ==",
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~7.18.0"
+        "undici-types": "~7.19.0"
       }
     },
     "node_modules/@types/sarif": {
@@ -5828,9 +5828,9 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.10.15",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.15.tgz",
-      "integrity": "sha512-1nfKCq9wuAZFTkA2ey/3OXXx7GzFjLdkTiFVNwlJ9WqdI706CZRIhEqjuwanjMIja+84jDLa9rcyZDPDiVkASQ==",
+      "version": "2.10.18",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.18.tgz",
+      "integrity": "sha512-VSnGQAOLtP5mib/DPyg2/t+Tlv65NTBz83BJBJvmLVHHuKJVaDOBvJJykiT5TR++em5nfAySPccDZDa4oSrn8A==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.cjs"
@@ -6009,15 +6009,15 @@
       }
     },
     "node_modules/call-bind": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.8.tgz",
-      "integrity": "sha512-oKlSFMcMwpUg2ednkhQ454wfWiU/ul3CkJe/PEHcTKuiX6RpbehUiFMXu13HalGZxfUwCQzZG747YXBn1im9ww==",
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.9.tgz",
+      "integrity": "sha512-a/hy+pNsFUTR+Iz8TCJvXudKVLAnz/DyeSUo10I5yvFDQJBFU2s9uqQpoSrJlroHUKoKqzg+epxyP9lqFdzfBQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "call-bind-apply-helpers": "^1.0.0",
-        "es-define-property": "^1.0.0",
-        "get-intrinsic": "^1.2.4",
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "get-intrinsic": "^1.3.0",
         "set-function-length": "^1.2.2"
       },
       "engines": {
@@ -6077,9 +6077,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001785",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001785.tgz",
-      "integrity": "sha512-blhOL/WNR+Km1RI/LCVAvA73xplXA7ZbjzI4YkMK9pa6T/P3F2GxjNpEkyw5repTw9IvkyrjyHpwjnhZ5FOvYQ==",
+      "version": "1.0.30001787",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001787.tgz",
+      "integrity": "sha512-mNcrMN9KeI68u7muanUpEejSLghOKlVhRqS/Za2IeyGllJ9I9otGpR9g3nsw7n4W378TE/LyIteA0+/FOZm4Kg==",
       "funding": [
         {
           "type": "opencollective",
@@ -6201,29 +6201,31 @@
       }
     },
     "node_modules/chevrotain": {
-      "version": "11.1.2",
-      "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-11.1.2.tgz",
-      "integrity": "sha512-opLQzEVriiH1uUQ4Kctsd49bRoFDXGGSC4GUqj7pGyxM3RehRhvTlZJc1FL/Flew2p5uwxa1tUDWKzI4wNM8pg==",
+      "version": "12.0.0",
+      "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-12.0.0.tgz",
+      "integrity": "sha512-csJvb+6kEiQaqo1woTdSAuOWdN0WTLIydkKrBnS+V5gZz0oqBrp4kQ35519QgK6TpBThiG3V1vNSHlIkv4AglQ==",
       "license": "Apache-2.0",
       "dependencies": {
-        "@chevrotain/cst-dts-gen": "11.1.2",
-        "@chevrotain/gast": "11.1.2",
-        "@chevrotain/regexp-to-ast": "11.1.2",
-        "@chevrotain/types": "11.1.2",
-        "@chevrotain/utils": "11.1.2",
-        "lodash-es": "4.17.23"
+        "@chevrotain/cst-dts-gen": "12.0.0",
+        "@chevrotain/gast": "12.0.0",
+        "@chevrotain/regexp-to-ast": "12.0.0",
+        "@chevrotain/types": "12.0.0",
+        "@chevrotain/utils": "12.0.0"
+      },
+      "engines": {
+        "node": ">=22.0.0"
       }
     },
     "node_modules/chevrotain-allstar": {
-      "version": "0.3.1",
-      "resolved": "https://registry.npmjs.org/chevrotain-allstar/-/chevrotain-allstar-0.3.1.tgz",
-      "integrity": "sha512-b7g+y9A0v4mxCW1qUhf3BSVPg+/NvGErk/dOkrDaHA0nQIQGAtrOjlX//9OQtRlSCy+x9rfB5N8yC71lH1nvMw==",
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/chevrotain-allstar/-/chevrotain-allstar-0.4.1.tgz",
+      "integrity": "sha512-PvVJm3oGqrveUVW2Vt/eZGeiAIsJszYweUcYwcskg9e+IubNYKKD+rHHem7A6XVO22eDAL+inxNIGAzZ/VIWlA==",
       "license": "MIT",
       "dependencies": {
         "lodash-es": "^4.17.21"
       },
       "peerDependencies": {
-        "chevrotain": "^11.0.0"
+        "chevrotain": "^12.0.0"
       }
     },
     "node_modules/chokidar": {
@@ -6695,9 +6697,9 @@
       "license": "MIT"
     },
     "node_modules/cytoscape": {
-      "version": "3.33.1",
-      "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.33.1.tgz",
-      "integrity": "sha512-iJc4TwyANnOGR1OmWhsS9ayRS3s+XQ185FmuHObThD+5AeJCakAAbWv8KimMTt08xCCLNgneQwFp+JRJOr9qGQ==",
+      "version": "3.33.2",
+      "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.33.2.tgz",
+      "integrity": "sha512-sj4HXd3DokGhzZAdjDejGvTPLqlt84vNFN8m7bGsOzDY5DyVcxIb2ejIXat2Iy7HxWhdT/N1oKyheJ5YdpsGuw==",
       "license": "MIT",
       "engines": {
         "node": ">=0.10"
@@ -7598,9 +7600,9 @@
       "license": "MIT"
     },
     "node_modules/editorconfig/node_modules/brace-expansion": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
-      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+      "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7624,9 +7626,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.331",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.331.tgz",
-      "integrity": "sha512-IbxXrsTlD3hRodkLnbxAPP4OuJYdWCeM3IOdT+CpcMoIwIoDfCmRpEtSPfwBXxVkg9xmBeY7Lz2Eo2TDn/HC3Q==",
+      "version": "1.5.335",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.335.tgz",
+      "integrity": "sha512-q9n5T4BR4Xwa2cwbrwcsDJtHD/enpQ5S1xF1IAtdqf5AAgqDFmR/aakqH3ChFdqd/QXJhS3rnnXFtexU7rax6Q==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -7701,9 +7703,9 @@
       }
     },
     "node_modules/es-abstract": {
-      "version": "1.24.1",
-      "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.24.1.tgz",
-      "integrity": "sha512-zHXBLhP+QehSSbsS9Pt23Gg964240DPd6QCf8WpkqEXxQ7fhdZzYsocOr5u7apWonsS5EjZDmTF+/slGMyasvw==",
+      "version": "1.24.2",
+      "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.24.2.tgz",
+      "integrity": "sha512-2FpH9Q5i2RRwyEP1AylXe6nYLR5OhaJTZwmlcP0dL/+JCbgg7yyEo/sEK6HeGZRf3dFpWwThaRHVApXSkW3xeg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -7806,7 +7808,6 @@
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
       "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
-      "dev": true,
       "license": "MIT",
       "engines": {
         "node": ">= 0.4"
@@ -8467,9 +8468,9 @@
       "license": "MIT"
     },
     "node_modules/eslint/node_modules/brace-expansion": {
-      "version": "1.1.13",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
-      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "version": "1.1.14",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
+      "integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9100,9 +9101,9 @@
       "license": "MIT"
     },
     "node_modules/glob/node_modules/brace-expansion": {
-      "version": "1.1.13",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
-      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "version": "1.1.14",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
+      "integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9807,9 +9808,9 @@
       }
     },
     "node_modules/is-builtin-module/node_modules/builtin-modules": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-5.0.0.tgz",
-      "integrity": "sha512-bkXY9WsVpY7CvMhKSR6pZilZu9Ln5WDrKVBUXf2S443etkmEO4V58heTecXcUIsNsi4Rx8JUO4NfX1IcQl4deg==",
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-5.1.0.tgz",
+      "integrity": "sha512-c5JxaDrzwRjq3WyJkI1AGR5xy6Gr6udlt7sQPbl09+3ckB+Zo2qqQ2KhCTBr7Q8dHB43bENGYEk4xddrFH/b7A==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -10427,9 +10428,9 @@
       "license": "MIT"
     },
     "node_modules/js-beautify/node_modules/brace-expansion": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
-      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+      "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -10716,13 +10717,14 @@
       "license": "MIT"
     },
     "node_modules/langium": {
-      "version": "4.2.1",
-      "resolved": "https://registry.npmjs.org/langium/-/langium-4.2.1.tgz",
-      "integrity": "sha512-zu9QWmjpzJcomzdJQAHgDVhLGq5bLosVak1KVa40NzQHXfqr4eAHupvnPOVXEoLkg6Ocefvf/93d//SB7du4YQ==",
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/langium/-/langium-4.2.2.tgz",
+      "integrity": "sha512-JUshTRAfHI4/MF9dH2WupvjSXyn8JBuUEWazB8ZVJUtXutT0doDlAv1XKbZ1Pb5sMexa8FF4CFBc0iiul7gbUQ==",
       "license": "MIT",
       "dependencies": {
-        "chevrotain": "~11.1.1",
-        "chevrotain-allstar": "~0.3.1",
+        "@chevrotain/regexp-to-ast": "~12.0.0",
+        "chevrotain": "~12.0.0",
+        "chevrotain-allstar": "~0.4.1",
         "vscode-languageserver": "~9.0.1",
         "vscode-languageserver-textdocument": "~1.0.11",
         "vscode-uri": "~3.1.0"
@@ -11181,9 +11183,9 @@
       "license": "MIT"
     },
     "node_modules/lodash-es": {
-      "version": "4.17.23",
-      "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.17.23.tgz",
-      "integrity": "sha512-kVI48u3PZr38HdYz98UmfPnXl2DXrpdctLrFLCd3kOx1xUkOmpFPx7gCWWM5MPkL/fD8zb+Ph0QzjGFs4+hHWg==",
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash-es/-/lodash-es-4.18.1.tgz",
+      "integrity": "sha512-J8xewKD/Gk22OZbhpOVSwcs60zhd95ESDwezOFuA3/099925PdHJ7OFHNTGtajL3AlZkykD32HykiMo+BIBI8A==",
       "license": "MIT"
     },
     "node_modules/lodash.clonedeep": {
@@ -13471,9 +13473,9 @@
       "license": "MIT"
     },
     "node_modules/read-package-json/node_modules/brace-expansion": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
-      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+      "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -13675,11 +13677,12 @@
       }
     },
     "node_modules/resolve": {
-      "version": "1.22.11",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.11.tgz",
-      "integrity": "sha512-RfqAvLnMl313r7c9oclB1HhUEAezcpLjz95wFH4LVuhk9JF/r22qmVP9AMmOU4vMX7Q8pN8jwNg/CSpdFnMjTQ==",
+      "version": "1.22.12",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz",
+      "integrity": "sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==",
       "license": "MIT",
       "dependencies": {
+        "es-errors": "^1.3.0",
         "is-core-module": "^2.16.1",
         "path-parse": "^1.0.7",
         "supports-preserve-symlinks-flag": "^1.0.0"
@@ -13750,14 +13753,14 @@
       "license": "Unlicense"
     },
     "node_modules/rolldown": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/rolldown/-/rolldown-1.0.0-rc.12.tgz",
-      "integrity": "sha512-yP4USLIMYrwpPHEFB5JGH1uxhcslv6/hL0OyvTuY+3qlOSJvZ7ntYnoWpehBxufkgN0cvXxppuTu5hHa/zPh+A==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/rolldown/-/rolldown-1.0.0-rc.15.tgz",
+      "integrity": "sha512-Ff31guA5zT6WjnGp0SXw76X6hzGRk/OQq2hE+1lcDe+lJdHSgnSX6nK3erbONHyCbpSj9a9E+uX/OvytZoWp2g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@oxc-project/types": "=0.122.0",
-        "@rolldown/pluginutils": "1.0.0-rc.12"
+        "@oxc-project/types": "=0.124.0",
+        "@rolldown/pluginutils": "1.0.0-rc.15"
       },
       "bin": {
         "rolldown": "bin/cli.mjs"
@@ -13766,27 +13769,27 @@
         "node": "^20.19.0 || >=22.12.0"
       },
       "optionalDependencies": {
-        "@rolldown/binding-android-arm64": "1.0.0-rc.12",
-        "@rolldown/binding-darwin-arm64": "1.0.0-rc.12",
-        "@rolldown/binding-darwin-x64": "1.0.0-rc.12",
-        "@rolldown/binding-freebsd-x64": "1.0.0-rc.12",
-        "@rolldown/binding-linux-arm-gnueabihf": "1.0.0-rc.12",
-        "@rolldown/binding-linux-arm64-gnu": "1.0.0-rc.12",
-        "@rolldown/binding-linux-arm64-musl": "1.0.0-rc.12",
-        "@rolldown/binding-linux-ppc64-gnu": "1.0.0-rc.12",
-        "@rolldown/binding-linux-s390x-gnu": "1.0.0-rc.12",
-        "@rolldown/binding-linux-x64-gnu": "1.0.0-rc.12",
-        "@rolldown/binding-linux-x64-musl": "1.0.0-rc.12",
-        "@rolldown/binding-openharmony-arm64": "1.0.0-rc.12",
-        "@rolldown/binding-wasm32-wasi": "1.0.0-rc.12",
-        "@rolldown/binding-win32-arm64-msvc": "1.0.0-rc.12",
-        "@rolldown/binding-win32-x64-msvc": "1.0.0-rc.12"
+        "@rolldown/binding-android-arm64": "1.0.0-rc.15",
+        "@rolldown/binding-darwin-arm64": "1.0.0-rc.15",
+        "@rolldown/binding-darwin-x64": "1.0.0-rc.15",
+        "@rolldown/binding-freebsd-x64": "1.0.0-rc.15",
+        "@rolldown/binding-linux-arm-gnueabihf": "1.0.0-rc.15",
+        "@rolldown/binding-linux-arm64-gnu": "1.0.0-rc.15",
+        "@rolldown/binding-linux-arm64-musl": "1.0.0-rc.15",
+        "@rolldown/binding-linux-ppc64-gnu": "1.0.0-rc.15",
+        "@rolldown/binding-linux-s390x-gnu": "1.0.0-rc.15",
+        "@rolldown/binding-linux-x64-gnu": "1.0.0-rc.15",
+        "@rolldown/binding-linux-x64-musl": "1.0.0-rc.15",
+        "@rolldown/binding-openharmony-arm64": "1.0.0-rc.15",
+        "@rolldown/binding-wasm32-wasi": "1.0.0-rc.15",
+        "@rolldown/binding-win32-arm64-msvc": "1.0.0-rc.15",
+        "@rolldown/binding-win32-x64-msvc": "1.0.0-rc.15"
       }
     },
     "node_modules/rolldown/node_modules/@rolldown/pluginutils": {
-      "version": "1.0.0-rc.12",
-      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-rc.12.tgz",
-      "integrity": "sha512-HHMwmarRKvoFsJorqYlFeFRzXZqCt2ETQlEDOb9aqssrnVBB1/+xgTGtuTrIk5vzLNX1MjMtTf7W9z3tsSbrxw==",
+      "version": "1.0.0-rc.15",
+      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-rc.15.tgz",
+      "integrity": "sha512-UromN0peaE53IaBRe9W7CjrZgXl90fqGpK+mIZbA3qSTeYqg3pqpROBdIPvOG3F5ereDHNwoHBI2e50n1BDr1g==",
       "dev": true,
       "license": "MIT"
     },
@@ -14163,14 +14166,14 @@
       }
     },
     "node_modules/side-channel-list": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz",
-      "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.1.tgz",
+      "integrity": "sha512-mjn/0bi/oUURjc5Xl7IaWi/OJJJumuoJFQJfDDyO46+hBWsfaVM65TBHq2eoZBhzl9EchxOijpkbRC8SVBQU0w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "es-errors": "^1.3.0",
-        "object-inspect": "^1.13.3"
+        "object-inspect": "^1.13.4"
       },
       "engines": {
         "node": ">= 0.4"
@@ -15239,22 +15242,22 @@
       "license": "MIT"
     },
     "node_modules/tinyexec": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.0.4.tgz",
-      "integrity": "sha512-u9r3uZC0bdpGOXtlxUIdwf9pkmvhqJdrVCH9fapQtgy/OeTTMZ1nqH7agtvEfmGui6e1XxjcdrlxvxJvc3sMqw==",
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.1.1.tgz",
+      "integrity": "sha512-VKS/ZaQhhkKFMANmAOhhXVoIfBXblQxGX1myCQ2faQrfmobMftXeJPcZGp0gS07ocvGJWDLZGyOZDadDBqYIJg==",
       "license": "MIT",
       "engines": {
         "node": ">=18"
       }
     },
     "node_modules/tinyglobby": {
-      "version": "0.2.15",
-      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz",
-      "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==",
+      "version": "0.2.16",
+      "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.16.tgz",
+      "integrity": "sha512-pn99VhoACYR8nFHhxqix+uvsbXineAasWm5ojXoN8xEwK5Kd3/TrhNn1wByuD52UxWRLy8pu+kRMniEi6Eq9Zg==",
       "license": "MIT",
       "dependencies": {
         "fdir": "^6.5.0",
-        "picomatch": "^4.0.3"
+        "picomatch": "^4.0.4"
       },
       "engines": {
         "node": ">=12.0.0"
@@ -15589,9 +15592,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "7.18.2",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
-      "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
+      "version": "7.19.2",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.19.2.tgz",
+      "integrity": "sha512-qYVnV5OEm2AW8cJMCpdV20CDyaN3g0AjDlOGf1OW4iaDEx8MwdtChUp4zu4H0VP3nDRF/8RKWH+IPp9uW0YGZg==",
       "license": "MIT"
     },
     "node_modules/universalify": {
@@ -15743,16 +15746,16 @@
       "license": "MIT"
     },
     "node_modules/vite": {
-      "version": "8.0.3",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.3.tgz",
-      "integrity": "sha512-B9ifbFudT1TFhfltfaIPgjo9Z3mDynBTJSUYxTjOQruf/zHH+ezCQKcoqO+h7a9Pw9Nm/OtlXAiGT1axBgwqrQ==",
+      "version": "8.0.8",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.8.tgz",
+      "integrity": "sha512-dbU7/iLVa8KZALJyLOBOQ88nOXtNG8vxKuOT4I2mD+Ya70KPceF4IAmDsmU0h1Qsn5bPrvsY9HJstCRh3hG6Uw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "lightningcss": "^1.32.0",
         "picomatch": "^4.0.4",
         "postcss": "^8.5.8",
-        "rolldown": "1.0.0-rc.12",
+        "rolldown": "1.0.0-rc.15",
         "tinyglobby": "^0.2.15"
       },
       "bin": {
@@ -15770,7 +15773,7 @@
       "peerDependencies": {
         "@types/node": "^20.19.0 || >=22.12.0",
         "@vitejs/devtools": "^0.1.0",
-        "esbuild": "^0.27.0",
+        "esbuild": "^0.27.0 || ^0.28.0",
         "jiti": ">=1.21.0",
         "less": "^4.0.0",
         "sass": "^1.70.0",
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index 3e8b18f00e..18f0eaa586 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -496,12 +496,12 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "25.5.2",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.5.2.tgz",
-      "integrity": "sha512-tO4ZIRKNC+MDWV4qKVZe3Ql/woTnmHDr5JD8UI5hn2pwBrHEwOEMZK7WlNb5RKB6EoJ02gwmQS9OrjuFnZYdpg==",
+      "version": "25.6.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-25.6.0.tgz",
+      "integrity": "sha512-+qIYRKdNYJwY3vRCZMdJbPLJAtGjQBudzZzdzwQYkEPQd+PJGixUL5QfvCLDaULoLv+RhT3LDkwEfKaAkgSmNQ==",
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~7.18.0"
+        "undici-types": "~7.19.0"
       }
     },
     "node_modules/@types/vinyl": {
@@ -1032,9 +1032,9 @@
       }
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.10.15",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.15.tgz",
-      "integrity": "sha512-1nfKCq9wuAZFTkA2ey/3OXXx7GzFjLdkTiFVNwlJ9WqdI706CZRIhEqjuwanjMIja+84jDLa9rcyZDPDiVkASQ==",
+      "version": "2.10.18",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.18.tgz",
+      "integrity": "sha512-VSnGQAOLtP5mib/DPyg2/t+Tlv65NTBz83BJBJvmLVHHuKJVaDOBvJJykiT5TR++em5nfAySPccDZDa4oSrn8A==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.cjs"
@@ -1100,9 +1100,9 @@
       }
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.13",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
-      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "version": "1.1.14",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
+      "integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
@@ -1208,14 +1208,14 @@
       }
     },
     "node_modules/call-bind": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.8.tgz",
-      "integrity": "sha512-oKlSFMcMwpUg2ednkhQ454wfWiU/ul3CkJe/PEHcTKuiX6RpbehUiFMXu13HalGZxfUwCQzZG747YXBn1im9ww==",
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.9.tgz",
+      "integrity": "sha512-a/hy+pNsFUTR+Iz8TCJvXudKVLAnz/DyeSUo10I5yvFDQJBFU2s9uqQpoSrJlroHUKoKqzg+epxyP9lqFdzfBQ==",
       "license": "MIT",
       "dependencies": {
-        "call-bind-apply-helpers": "^1.0.0",
-        "es-define-property": "^1.0.0",
-        "get-intrinsic": "^1.2.4",
+        "call-bind-apply-helpers": "^1.0.2",
+        "es-define-property": "^1.0.1",
+        "get-intrinsic": "^1.3.0",
         "set-function-length": "^1.2.2"
       },
       "engines": {
@@ -1264,9 +1264,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001785",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001785.tgz",
-      "integrity": "sha512-blhOL/WNR+Km1RI/LCVAvA73xplXA7ZbjzI4YkMK9pa6T/P3F2GxjNpEkyw5repTw9IvkyrjyHpwjnhZ5FOvYQ==",
+      "version": "1.0.30001787",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001787.tgz",
+      "integrity": "sha512-mNcrMN9KeI68u7muanUpEejSLghOKlVhRqS/Za2IeyGllJ9I9otGpR9g3nsw7n4W378TE/LyIteA0+/FOZm4Kg==",
       "funding": [
         {
           "type": "opencollective",
@@ -1984,9 +1984,9 @@
       }
     },
     "node_modules/editorconfig/node_modules/brace-expansion": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
-      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+      "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0"
@@ -2020,9 +2020,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.331",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.331.tgz",
-      "integrity": "sha512-IbxXrsTlD3hRodkLnbxAPP4OuJYdWCeM3IOdT+CpcMoIwIoDfCmRpEtSPfwBXxVkg9xmBeY7Lz2Eo2TDn/HC3Q==",
+      "version": "1.5.335",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.335.tgz",
+      "integrity": "sha512-q9n5T4BR4Xwa2cwbrwcsDJtHD/enpQ5S1xF1IAtdqf5AAgqDFmR/aakqH3ChFdqd/QXJhS3rnnXFtexU7rax6Q==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -5047,9 +5047,9 @@
       }
     },
     "node_modules/js-beautify/node_modules/brace-expansion": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.3.tgz",
-      "integrity": "sha512-MCV/fYJEbqx68aE58kv2cA/kiky1G8vux3OR6/jbS+jIMe/6fJWa0DTzJU7dqijOWYwHi1t29FlfYI9uytqlpA==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+      "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0"
@@ -6969,11 +6969,12 @@
       "license": "ISC"
     },
     "node_modules/resolve": {
-      "version": "1.22.11",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.11.tgz",
-      "integrity": "sha512-RfqAvLnMl313r7c9oclB1HhUEAezcpLjz95wFH4LVuhk9JF/r22qmVP9AMmOU4vMX7Q8pN8jwNg/CSpdFnMjTQ==",
+      "version": "1.22.12",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.12.tgz",
+      "integrity": "sha512-TyeJ1zif53BPfHootBGwPRYT1RUt6oGWsaQr8UyZW/eAm9bKoijtvruSDEmZHm92CwS9nj7/fWttqPCgzep8CA==",
       "license": "MIT",
       "dependencies": {
+        "es-errors": "^1.3.0",
         "is-core-module": "^2.16.1",
         "path-parse": "^1.0.7",
         "supports-preserve-symlinks-flag": "^1.0.0"
@@ -8262,9 +8263,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "7.18.2",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.18.2.tgz",
-      "integrity": "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w==",
+      "version": "7.19.2",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.19.2.tgz",
+      "integrity": "sha512-qYVnV5OEm2AW8cJMCpdV20CDyaN3g0AjDlOGf1OW4iaDEx8MwdtChUp4zu4H0VP3nDRF/8RKWH+IPp9uW0YGZg==",
       "license": "MIT"
     },
     "node_modules/union-value": {

From 86898a7d0570205eeb751711426db2f1113ca659 Mon Sep 17 00:00:00 2001
From: Henry Catalini Smith <henry@catalinismith.se>
Date: Mon, 13 Apr 2026 15:06:10 +0200
Subject: [PATCH 679/854] Revert "Improve repo file list table semantics for
 screen readers (#11846)" (#12088)

Fixes https://codeberg.org/forgejo/forgejo/issues/12082 by reverting commit dd968f147d500920b80dbbf3fc0faf9034ca8ddd.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12088
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Henry Catalini Smith <henry@catalinismith.se>
Co-committed-by: Henry Catalini Smith <henry@catalinismith.se>
---
 options/locale_next/locale_en-US.json |  4 ----
 templates/repo/view_list.tmpl         | 18 ++++++------------
 tests/integration/repo_test.go        |  4 ++--
 web_src/css/repo.css                  |  2 +-
 4 files changed, 9 insertions(+), 19 deletions(-)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index c0c73ec860..33efb50b75 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -52,10 +52,6 @@
 	"relativetime.1week": "last week",
 	"relativetime.1month": "last month",
 	"relativetime.1year": "last year",
-	"repo.files.caption": "Repository files (latest commit first)",
-	"repo.files.filename": "Filename",
-	"repo.files.last_commit_message": "Latest commit message",
-	"repo.files.last_commit_date": "Latest commit date",
 	"repo.issues.filter_poster.hint": "Filter by the author",
 	"repo.issues.filter_assignee.hint": "Filter by assigned user",
 	"repo.issues.filter_reviewers.hint": "Filter by user who reviewed",
diff --git a/templates/repo/view_list.tmpl b/templates/repo/view_list.tmpl
index 75f53c1b5f..ffd8b1a515 100644
--- a/templates/repo/view_list.tmpl
+++ b/templates/repo/view_list.tmpl
@@ -1,23 +1,17 @@
 <table id="repo-files-table" class="ui single line table tw-mt-0" {{if .HasFilesWithoutLatestCommit}}hx-indicator="tr.notready td.message span" hx-trigger="load" hx-swap="morph" hx-post="{{.LastCommitLoaderURL}}"{{end}}>
-	<caption class="tw-sr-only">
-		{{ctx.Locale.Tr "repo.files.caption"}}
-	</caption>
-	<thead class="tw-sr-only">
-		<th>{{ctx.Locale.Tr "repo.files.filename"}}</th>
-		<th>{{ctx.Locale.Tr "repo.files.last_commit_message"}}</th>
-		<th>{{ctx.Locale.Tr "repo.files.last_commit_date"}}</th>
-	</thead>
-	<tbody>
+	<thead>
 		<tr class="commit-list">
-			<td class="tw-overflow-hidden" colspan="2">
+			<th class="tw-overflow-hidden" colspan="2">
 				<div class="tw-flex">
 					<div class="latest-commit">
 						{{template "repo/latest_commit" .}}
 					</div>
 				</div>
-			</td>
-			<td class="text grey right age">{{if .LatestCommit}}{{if .LatestCommit.Committer}}{{DateUtils.TimeSince .LatestCommit.Committer.When}}{{end}}{{end}}</td>
+			</th>
+			<th class="text grey right age">{{if .LatestCommit}}{{if .LatestCommit.Committer}}{{DateUtils.TimeSince .LatestCommit.Committer.When}}{{end}}{{end}}</th>
 		</tr>
+	</thead>
+	<tbody>
 		{{if .HasParentPath}}
 			<tr class="has-parent">
 				<td colspan="3"><a class="muted" href="{{.BranchLink}}{{if .ParentPath}}{{PathEscapeSegments .ParentPath}}{{end}}">{{svg "octicon-reply" 16 "tw-mr-2"}}..</a></td>
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index 2f189bf7a8..1b4a574f13 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -70,7 +70,7 @@ func testViewRepo(t *testing.T) {
 	resp := session.MakeRequest(t, req, http.StatusOK)
 
 	htmlDoc := NewHTMLParser(t, resp.Body)
-	files := htmlDoc.doc.Find("#repo-files-table > tbody > tr:not(.commit-list)")
+	files := htmlDoc.doc.Find("#repo-files-table  > TBODY > TR")
 
 	type file struct {
 		fileName   string
@@ -1039,7 +1039,7 @@ func TestRepoFilesList(t *testing.T) {
 		resp := MakeRequest(t, req, http.StatusOK)
 
 		htmlDoc := NewHTMLParser(t, resp.Body)
-		filesList := htmlDoc.Find("#repo-files-table tbody tr:not(.commit-list)").Map(func(_ int, s *goquery.Selection) string {
+		filesList := htmlDoc.Find("#repo-files-table tbody tr").Map(func(_ int, s *goquery.Selection) string {
 			return s.AttrOr("data-entryname", "")
 		})
 
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index 66b1d5df71..00f159f33b 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -237,7 +237,7 @@ td .commit-summary {
   max-width: calc(calc(min(100vw, 1280px)) - 145px - calc(2 * var(--page-margin-x)));
 }
 
-.repo-files-table-latest-commit-row td {
+.repository.file.list #repo-files-table thead th {
   font-weight: var(--font-weight-normal);
 }
 

From a797a71dea127edd3d93d976131d21d93988c246 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Mon, 13 Apr 2026 18:26:53 +0200
Subject: [PATCH 680/854] fix: display code comments on removed lines-of-code
 to correct locations in PR view (#12092)

With the completion of #12015, when a comment is left on a changed line in a pull request, we track the comment against the line of code with `git blame` and then identify where it currently is in any diff with `git blame --reverse`.  However, this strategy only works for the *modified* lines of code -- eg. the `+...` in diffs, and not the `-...` in diffs.  The reason is that `git blame --reverse` can't track a line of code's location past the commit that it was removed in.

To permit comments that are left on lines of code that are removed to appear correctly in the UI, a separate approach is required for those comments.  This PR performs two major changes, which have been complex to figure out, but are reasonably easy to understand:

- When a comment is placed on a removed line in a PR, perform a `git blame --reverse` from the PR's base to the currently viewed commit, and use this information to record in the comment:
    - the **last commit that the line of code existed in** (stored in the `commit_sha` field)
    - the **line of code as of that commit** (stored in the `line` field, negative, to indicate that the comment is on a removal).
    - the **patch** where the comment was placed (stored in the field `patch`); existing functionality unchanged in this PR
- When viewing any diff in the PR, for each comment on a removal, perform a diff from the `commit_sha` (last commit that the line of code existed in) to the current commit being viewed, and verify that within that diff the left-hand-side line removal still exists at the same line of code in the diff, by comparing the current diff with the stored patch.
    - If present, place the commit in the UI at the line number.
    - If the line of code no longer exists in the diff at that point (for example, it was removed, commented upon, and then re-added in a later commit), then the comment is considered outdated and isn't displayed.

The algorithm used for marking a comment as "outdated" is also updated to use this approach.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12092
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/issues/comment.go                     |  43 ++-
 modules/git/diff.go                          |  71 +++++
 modules/git/diff_test.go                     | 212 ++++++++++++++
 services/mailer/incoming/incoming_handler.go |  22 +-
 services/pull/pull.go                        |   6 +-
 services/pull/review.go                      |  59 ++--
 tests/integration/api_pull_review_test.go    |   6 +-
 tests/integration/pull_review_test.go        | 282 ++++++++++++++++++-
 8 files changed, 656 insertions(+), 45 deletions(-)

diff --git a/models/issues/comment.go b/models/issues/comment.go
index 61d49cf7b6..b42cd8aa40 100644
--- a/models/issues/comment.go
+++ b/models/issues/comment.go
@@ -6,11 +6,14 @@
 package issues
 
 import (
+	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"html/template"
 	"slices"
 	"strconv"
+	"strings"
 	"unicode/utf8"
 
 	"forgejo.org/models/db"
@@ -771,9 +774,43 @@ func (c *Comment) ResolveCurrentLine(ctx context.Context, repo *repo_model.Repos
 		}
 		defer closer.Close()
 
-		reverseBlame, err := gitRepo.ReverseLineBlame(c.CommitSHA, c.TreePath, c.UnsignedLine(), currentHead)
-		if err != nil {
-			return "", fmt.Errorf("failed to perform `git blame --reverse` to resolve current line for comment (id=%d): %w", c.ID, err)
+		var reverseBlame *git.ReverseLineBlame
+		if c.Line > 0 {
+			var err error
+			reverseBlame, err = gitRepo.ReverseLineBlame(c.CommitSHA, c.TreePath, c.UnsignedLine(), currentHead)
+			if err != nil {
+				return "", fmt.Errorf("failed to perform `git blame --reverse` to resolve current line for comment (id=%d): %w", c.ID, err)
+			}
+		} else {
+			// For comments on removed lines, perform a `git diff` between the last commit that the line of code was
+			// known to exist (which is recorded as CommitSHA) and the requested head. Then inspect the diff to verify
+			// that the removed line of code is present in the diff.
+			buffer := bytes.Buffer{}
+			err := git.GetRepoRawDiffForFile(gitRepo, c.CommitSHA, currentHead, git.RawDiffNormal, c.TreePath, &buffer)
+			if err != nil {
+				return "", fmt.Errorf("failed to get diff: %w", err)
+			}
+
+			diff := buffer.String()
+			adjustedLine, err := git.FindAdjustedLineNumber(c.Patch, int64(c.UnsignedLine()), strings.NewReader(diff))
+			if err != nil && errors.Is(err, git.ErrLineNotFound) {
+				// Line not found in the diff. Don't treat this as an error, because that would break the caching --
+				// instead, return a blame where CommitID != headCommitID, which will be an indicator to callers (for
+				// both resolution methods) that the line of code is outdated in the diff.
+				reverseBlame = &git.ReverseLineBlame{
+					CommitID:   c.CommitSHA, // not currentHead
+					LineNumber: c.UnsignedLine(),
+					FilePath:   c.TreePath,
+				}
+			} else if err != nil {
+				return "", fmt.Errorf("failed in finding adjusted line number: %w", err)
+			} else {
+				reverseBlame = &git.ReverseLineBlame{
+					CommitID:   currentHead,
+					LineNumber: uint64(adjustedLine.Left),
+					FilePath:   c.TreePath,
+				}
+			}
 		}
 
 		data, err := json.Marshal(reverseBlame)
diff --git a/modules/git/diff.go b/modules/git/diff.go
index 507dc5b2f5..c954a933ba 100644
--- a/modules/git/diff.go
+++ b/modules/git/diff.go
@@ -7,6 +7,7 @@ import (
 	"bufio"
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"os"
@@ -277,6 +278,76 @@ func CutDiffAroundLine(originalDiff io.Reader, line int64, old bool, numbersOfLi
 	return strings.Join(newHunk, "\n"), nil
 }
 
+var ErrLineNotFound = errors.New("line not found in diff")
+
+type LinePlacement struct {
+	Left  int64
+	Right int64
+}
+
+// Find the line of code where an old line of code from an old patch is, if present, in a new patch. Given a cutDiff
+// (from CutDiffAroundLine) and the line of code that it was cut from, and, given a single-file diff from the commit
+// where that patch came into a new head, this routine will read through the diff and identify the new line number. It
+// will only return successful if the line is exactly the same as the original line, but just placed in a new location
+// due to added or removed lines in the diff before the target line of code.
+func FindAdjustedLineNumber(cutDiff string, originalLine int64, fullDiff io.Reader) (LinePlacement, error) {
+	cutDiffSplit := strings.Split(cutDiff, "\n")
+	if len(cutDiffSplit) == 0 {
+		return LinePlacement{}, errors.New("cutDiff has no contents")
+	}
+	endOfCutDiff := cutDiffSplit[len(cutDiffSplit)-1]
+
+	scanner := bufio.NewScanner(fullDiff)
+	inHunk := false // used to skip header lines before the first hunk
+	leftLine := int64(-1)
+	rightLine := int64(-1)
+
+	for scanner.Scan() {
+		lineText := scanner.Text()
+		if strings.HasPrefix(lineText, "@@") {
+			// A map with named groups of our regex to recognize them later more easily
+			submatches := hunkRegex.FindStringSubmatch(lineText)
+			groups := make(map[string]string)
+			for i, name := range hunkRegex.SubexpNames() {
+				if i != 0 && name != "" {
+					groups[name] = submatches[i]
+				}
+			}
+			beginLeft, _ := strconv.ParseInt(groups["beginOld"], 10, 64)
+			beginRight, _ := strconv.ParseInt(groups["beginNew"], 10, 64)
+			leftLine = beginLeft
+			rightLine = beginRight
+			inHunk = true
+		} else if inHunk {
+			if leftLine == originalLine {
+				if lineText != endOfCutDiff {
+					return LinePlacement{}, fmt.Errorf(
+						"line was adjusted from index %d to %d, but contents changed from %q to %q: %w",
+						originalLine, leftLine, endOfCutDiff, lineText, ErrLineNotFound)
+				}
+				return LinePlacement{Left: leftLine, Right: rightLine}, nil
+			}
+			switch lineText[0] {
+			case '+':
+				rightLine++
+			case '-':
+				leftLine++
+			case '\\':
+				// Should be the end-of-file with "\ No newline at end of file" -- nothing to do here.
+				break
+			default:
+				rightLine++
+				leftLine++
+			}
+		}
+	}
+	if err := scanner.Err(); err != nil {
+		return LinePlacement{}, err
+	}
+
+	return LinePlacement{}, fmt.Errorf("line is no longer in diff: %w", ErrLineNotFound)
+}
+
 // GetAffectedFiles returns the affected files between two commits
 func GetAffectedFiles(repo *Repository, oldCommitID, newCommitID string, env []string) ([]string, error) {
 	objectFormat, err := repo.GetObjectFormat()
diff --git a/modules/git/diff_test.go b/modules/git/diff_test.go
index 34e0695fea..e4b7ce6ace 100644
--- a/modules/git/diff_test.go
+++ b/modules/git/diff_test.go
@@ -167,3 +167,215 @@ func TestParseDiffHunkString(t *testing.T) {
 	assert.Equal(t, 19, rightLine)
 	assert.Equal(t, 5, rightHunk)
 }
+
+func TestFindAdjustedLineNumber(t *testing.T) {
+	commentCutDiff := `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -47,7 +47,6 @@ Line 46
+ Line 47
+ Line 48
+ Line 49
+-Line 50`
+
+	t.Run("no additional changes", func(t *testing.T) {
+		diff := `diff --git a/file1.md b/file1.md
+index 2d203fb..b21df3f 100644
+--- a/file1.md
++++ b/file1.md
+@@ -47,7 +47,6 @@ Line 46
+ Line 47
+ Line 48
+ Line 49
+-Line 50
+ Line 51
+ Line 52
+ Line 53`
+		lineNumber, err := FindAdjustedLineNumber(commentCutDiff, 50, strings.NewReader(diff))
+		require.NoError(t, err)
+		assert.Equal(t, LinePlacement{Left: 50, Right: 50}, lineNumber)
+	})
+
+	t.Run("removed lines before location", func(t *testing.T) {
+		diff := `diff --git a/file1.md b/file1.md
+index 2d203fb..c85b903 100644
+--- a/file1.md
++++ b/file1.md
+@@ -1,13 +1,3 @@
+-Line 1
+-Line 2
+-Line 3
+-Line 4
+-Line 5
+-Line 6
+-Line 7
+-Line 8
+-Line 9
+-Line 10
+ Line 11
+ Line 12
+ Line 13
+@@ -47,7 +37,6 @@ Line 46
+ Line 47
+ Line 48
+ Line 49
+-Line 50
+ Line 51
+ Line 52
+ Line 53`
+		lineNumber, err := FindAdjustedLineNumber(commentCutDiff, 50, strings.NewReader(diff))
+		require.NoError(t, err)
+		assert.Equal(t, LinePlacement{Left: 50, Right: 40}, lineNumber)
+	})
+
+	t.Run("added lines before location", func(t *testing.T) {
+		diff := `diff --git a/file1.md b/file1.md
+index 2d203fb..24b1aa6 100644
+--- a/file1.md
++++ b/file1.md
+@@ -8,6 +8,11 @@ Line 7
+ Line 8
+ Line 9
+ Line 10
++Line 10.1
++Line 10.2
++Line 10.3
++Line 10.4
++Line 10.5
+ Line 11
+ Line 12
+ Line 13
+@@ -47,7 +52,6 @@ Line 46
+ Line 47
+ Line 48
+ Line 49
+-Line 50
+ Line 51
+ Line 52
+ Line 53`
+		lineNumber, err := FindAdjustedLineNumber(commentCutDiff, 50, strings.NewReader(diff))
+		require.NoError(t, err)
+		assert.Equal(t, LinePlacement{Left: 50, Right: 55}, lineNumber)
+	})
+
+	t.Run("added and removed in lines before location", func(t *testing.T) {
+		diff := `diff --git a/file1.md b/file1.md
+index 2d203fb..d0cb63f 100644
+--- a/file1.md
++++ b/file1.md
+@@ -5,9 +5,11 @@ Line 4
+ Line 5
+ Line 6
+ Line 7
+-Line 8
+-Line 9
+-Line 10
++Line 10.1
++Line 10.2
++Line 10.3
++Line 10.4
++Line 10.5
+ Line 11
+ Line 12
+ Line 13
+@@ -47,7 +49,6 @@ Line 46
+ Line 47
+ Line 48
+ Line 49
+-Line 50
+ Line 51
+ Line 52
+ Line 53`
+		lineNumber, err := FindAdjustedLineNumber(commentCutDiff, 50, strings.NewReader(diff))
+		require.NoError(t, err)
+		assert.Equal(t, LinePlacement{Left: 50, Right: 52}, lineNumber)
+	})
+
+	t.Run("changes above in the same hunk", func(t *testing.T) {
+		diff := `diff --git a/file1.md b/file1.md
+index 2d203fb..f35a466 100644
+--- a/file1.md
++++ b/file1.md
+@@ -42,12 +42,6 @@ Line 41
+ Line 42
+ Line 43
+ Line 44
+-Line 45
+-Line 46
+-Line 47
+-Line 48
+-Line 49
+-Line 50
+ Line 51
+ Line 52
+ Line 53`
+		lineNumber, err := FindAdjustedLineNumber(commentCutDiff, 50, strings.NewReader(diff))
+		require.NoError(t, err)
+		assert.Equal(t, LinePlacement{Left: 50, Right: 45}, lineNumber)
+	})
+
+	t.Run("first line in diff", func(t *testing.T) {
+		commentCutDiff := `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -1,4 +1,3 @@
+-Line 1`
+		diff := `diff --git a/file1.md b/file1.md
+index 2d203fb..a490028 100644
+--- a/file1.md
++++ b/file1.md
+@@ -1,4 +1,3 @@
+-Line 1
+ Line 2
+ Line 3
+ Line 4`
+		lineNumber, err := FindAdjustedLineNumber(commentCutDiff, 1, strings.NewReader(diff))
+		require.NoError(t, err)
+		assert.Equal(t, LinePlacement{Left: 1, Right: 1}, lineNumber)
+	})
+
+	t.Run("adjusted line not found", func(t *testing.T) {
+		// "Line 50" is present here but it's no longer "-Line 50", so it should not be identified as present
+		diff := `diff --git a/file1.md b/file1.md
+index 2d203fb..09dd95a 100644
+--- a/file1.md
++++ b/file1.md
+@@ -42,10 +42,6 @@ Line 41
+ Line 42
+ Line 43
+ Line 44
+-Line 45
+-Line 46
+-Line 47
+-Line 48
+ Line 49
+ Line 50
+ Line 51`
+		_, err := FindAdjustedLineNumber(commentCutDiff, 50, strings.NewReader(diff))
+		require.ErrorIs(t, err, ErrLineNotFound)
+	})
+
+	t.Run("adjusted line hunk not present - not changed anymore", func(t *testing.T) {
+		diff := `diff --git a/file1.md b/file1.md
+index 2d203fb..d0cb63f 100644
+--- a/file1.md
++++ b/file1.md
+@@ -5,9 +5,11 @@ Line 4
+ Line 5
+ Line 6
+ Line 7
+-Line 8
+-Line 9
+-Line 10
++Line 10.1
++Line 10.2
++Line 10.3
++Line 10.4
++Line 10.5
+ Line 11
+ Line 12
+ Line 13`
+		_, err := FindAdjustedLineNumber(commentCutDiff, 50, strings.NewReader(diff))
+		require.ErrorIs(t, err, ErrLineNotFound)
+	})
+}
diff --git a/services/mailer/incoming/incoming_handler.go b/services/mailer/incoming/incoming_handler.go
index 7505148978..e2a2852b07 100644
--- a/services/mailer/incoming/incoming_handler.go
+++ b/services/mailer/incoming/incoming_handler.go
@@ -12,6 +12,7 @@ import (
 	access_model "forgejo.org/models/perm/access"
 	repo_model "forgejo.org/models/repo"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
@@ -124,7 +125,24 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
 				return fmt.Errorf("CreateIssueComment failed: %w", err)
 			}
 		case issues_model.CommentTypeCode:
-			_, err := pull_service.CreateCodeComment(
+			err := issue.LoadRepo(ctx)
+			if err != nil {
+				return fmt.Errorf("LoadRepo failed: %w", err)
+			}
+			err = issue.LoadPullRequest(ctx)
+			if err != nil {
+				return fmt.Errorf("LoadPullRequest failed: %w", err)
+			}
+			repo, err := gitrepo.OpenRepository(ctx, issue.Repo)
+			defer repo.Close()
+			if err != nil {
+				return fmt.Errorf("OpenRepository failed: %w", err)
+			}
+			afterCommitID, err := repo.GetRefCommitID(issue.PullRequest.GetGitRefName())
+			if err != nil {
+				return fmt.Errorf("GetRefCommitID failed: %w", err)
+			}
+			_, err = pull_service.CreateCodeComment(
 				ctx,
 				doer,
 				nil,
@@ -134,7 +152,7 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
 				comment.TreePath,
 				false, // not pending review but a single review
 				comment.ReviewID,
-				"",
+				afterCommitID,
 				attachmentIDs,
 			)
 			if err != nil {
diff --git a/services/pull/pull.go b/services/pull/pull.go
index 03b7ce531b..617d5d0806 100644
--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@@ -263,14 +263,14 @@ func ChangeTargetBranch(ctx context.Context, pr *issues_model.PullRequest, doer
 	return nil
 }
 
-func checkForInvalidation(ctx context.Context, requests issues_model.PullRequestList, repoID int64, doer *user_model.User, branch, newCommitID string) error {
+func checkForInvalidation(ctx context.Context, requests issues_model.PullRequestList, repoID int64, doer *user_model.User, newCommitID string) error {
 	repo, err := repo_model.GetRepositoryByID(ctx, repoID)
 	if err != nil {
 		return fmt.Errorf("GetRepositoryByIDCtx: %w", err)
 	}
 	go func() {
 		// FIXME: graceful: We need to tell the manager we're doing something...
-		err := InvalidateCodeComments(ctx, requests, doer, repo, branch, newCommitID)
+		err := InvalidateCodeComments(ctx, requests, doer, repo, newCommitID)
 		if err != nil {
 			log.Error("PullRequestList.InvalidateCodeComments: %v", err)
 		}
@@ -335,7 +335,7 @@ func TestPullRequest(ctx context.Context, doer *user_model.User, repoID, olderTh
 		if err = requests.LoadAttributes(ctx); err != nil {
 			log.Error("PullRequestList.LoadAttributes: %v", err)
 		}
-		if invalidationErr := checkForInvalidation(ctx, requests, repoID, doer, branch, newCommitID); invalidationErr != nil {
+		if invalidationErr := checkForInvalidation(ctx, requests, repoID, doer, newCommitID); invalidationErr != nil {
 			log.Error("checkForInvalidation: %v", invalidationErr)
 		}
 		if err == nil {
diff --git a/services/pull/review.go b/services/pull/review.go
index 5500ce4582..9fc9862823 100644
--- a/services/pull/review.go
+++ b/services/pull/review.go
@@ -42,18 +42,7 @@ func (err ErrDismissRequestOnClosedPR) Unwrap() error {
 
 // checkInvalidation checks if the line of code comment got changed by another commit.
 // If the line got changed the comment is going to be invalidated.
-func checkInvalidation(ctx context.Context, c *issues_model.Comment, repo *repo_model.Repository, branch, newCommitID string) error {
-	if c.Line < 0 {
-		// Comment is on a removed line of code -- the `git blame --reverse` codepath doesn't work for this. Retain the
-		// originalbehaviour until a revision is done specific to removed lines:
-		gitRepo, closer, err := gitrepo.RepositoryFromContextOrOpen(ctx, repo)
-		if err != nil {
-			return fmt.Errorf("failed to open repo: %w", err)
-		}
-		defer closer.Close()
-		return obsoleteCheckInvalidation(ctx, c, gitRepo, branch)
-	}
-
+func checkInvalidation(ctx context.Context, c *issues_model.Comment, repo *repo_model.Repository, newCommitID string) error {
 	reverseBlame, err := c.ResolveCurrentLine(ctx, repo, newCommitID)
 	if err != nil {
 		log.Warn("ResolveCurrentLine failed: %s", err.Error())
@@ -64,25 +53,8 @@ func checkInvalidation(ctx context.Context, c *issues_model.Comment, repo *repo_
 	return nil
 }
 
-func obsoleteCheckInvalidation(ctx context.Context, c *issues_model.Comment, repo *git.Repository, branch string) error {
-	// FIXME differentiate between previous and proposed line
-	commit, _, err := repo.LineBlame(branch, c.TreePath, c.UnsignedLine())
-	if err != nil && (errors.Is(err, git.ErrBlameFileDoesNotExist) || errors.Is(err, git.ErrBlameFileNotEnoughLines)) {
-		c.Invalidated = true
-		return issues_model.UpdateCommentInvalidate(ctx, c)
-	}
-	if err != nil {
-		return err
-	}
-	if c.CommitSHA != "" && c.CommitSHA != commit.ID.String() {
-		c.Invalidated = true
-		return issues_model.UpdateCommentInvalidate(ctx, c)
-	}
-	return nil
-}
-
 // InvalidateCodeComments will lookup the prs for code comments which got invalidated by change
-func InvalidateCodeComments(ctx context.Context, prs issues_model.PullRequestList, doer *user_model.User, repo *repo_model.Repository, branch, newCommitID string) error {
+func InvalidateCodeComments(ctx context.Context, prs issues_model.PullRequestList, doer *user_model.User, repo *repo_model.Repository, newCommitID string) error {
 	if len(prs) == 0 {
 		return nil
 	}
@@ -98,7 +70,7 @@ func InvalidateCodeComments(ctx context.Context, prs issues_model.PullRequestLis
 		return fmt.Errorf("find code comments: %v", err)
 	}
 	for _, comment := range codeComments {
-		if err := checkInvalidation(ctx, comment, repo, branch, newCommitID); err != nil {
+		if err := checkInvalidation(ctx, comment, repo, newCommitID); err != nil {
 			return err
 		}
 	}
@@ -261,6 +233,31 @@ func CreateCodeCommentKnownReviewID(ctx context.Context, doer *user_model.User,
 		} else {
 			blamedCommitID = commitID
 		}
+	} else {
+		// Commenting on a line that was removed. In this case, what we want to track in the comment is which line of
+		// code was this, in the last commit that the line of code actually existed in. We'll use a reverse git blame to
+		// identify this, from the PR base -> commit being viewed.
+		blame, err := gitRepo.ReverseLineBlame(pr.MergeBase, treePath, uint64(-1*line), afterCommitID)
+		if err != nil {
+			return nil, fmt.Errorf("ReverseLineBlame[%s, %s, %d, %s]: %w", pr.MergeBase, treePath, -1*line, afterCommitID, err)
+		} else if blame.CommitID == afterCommitID {
+			// Although this is a comment on the "previous" side of the diff, the reverse blame indicates that the line
+			// of code still exists in the commit being viewed (eg. it was a comment on a white line in the left-side of
+			// the diff, not a red removed line). In order to record the right information for where to place this
+			// commit, we'll convert this into a right-hand comment -- using the present line number that the reverse
+			// blame gave us:
+			commit, lineres, err := gitRepo.LineBlame(afterCommitID, treePath, blame.LineNumber)
+			if err == nil {
+				blamedCommitID = commit.ID.String()
+				blamedLine = int64(lineres)
+			} else if !errors.Is(err, git.ErrBlameFileDoesNotExist) && !errors.Is(err, git.ErrBlameFileNotEnoughLines) {
+				return nil, fmt.Errorf("LineBlame[%s, %s, %s, %d]: %w", pr.GetGitRefName(), gitRepo.Path, treePath, line, err)
+			}
+		} else {
+			blamedCommitID = blame.CommitID
+			// retain negative line numbering to identify we're commenting on the "previous" side of the diff
+			blamedLine = -1 * int64(blame.LineNumber)
+		}
 	}
 
 	// Only fetch diff if comment is review comment
diff --git a/tests/integration/api_pull_review_test.go b/tests/integration/api_pull_review_test.go
index 5ff8bd4adf..0ec229f554 100644
--- a/tests/integration/api_pull_review_test.go
+++ b/tests/integration/api_pull_review_test.go
@@ -112,8 +112,10 @@ func TestAPIPullReviewCreateDeleteComment(t *testing.T) {
 				DecodeJSON(t, resp, &reviewComment)
 				assert.Equal(t, review.ID, reviewComment.ReviewID)
 				assert.Equal(t, newCommentBody, reviewComment.Body)
-				assert.EqualValues(t, reviewLine, reviewComment.OldLineNum)
-				assert.EqualValues(t, 0, reviewComment.LineNum)
+				// we sent OldLineNum: 1, but that line of code isn't modified in this PR, triggering the PR's logic
+				// which standardizes comments on non-modified lines of code to be on the right-hand-side of the diff:
+				assert.EqualValues(t, 0, reviewComment.OldLineNum)
+				assert.EqualValues(t, reviewLine, reviewComment.LineNum)
 				assert.Equal(t, path, reviewComment.Path)
 			}
 
diff --git a/tests/integration/pull_review_test.go b/tests/integration/pull_review_test.go
index 262733f72b..b91fdab6d4 100644
--- a/tests/integration/pull_review_test.go
+++ b/tests/integration/pull_review_test.go
@@ -1471,6 +1471,265 @@ func TestPullRequestCommentPlacement(t *testing.T) {
 			tester.assertFilesChangedDiff(diff10)
 			tester.assertCommitDiff(commit2, diff10)
 		})
+
+		t.Run("comment on removed line", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Remove line 50, place a comment on the removed line.
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 50\n", "", 1)
+			commit := tester.changeFile("file1.md", content)
+			tester.createPR()
+
+			comment := tester.commentOnPreviousFromFilesChanged("file1.md", 50)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -47,7 +47,6 @@ Line 46
+ Line 47
+ Line 48
+ Line 49
+-Line 50`, comment.PatchQuoted)
+			assert.Equal(t, "previous", comment.DiffSide())
+			assert.EqualValues(t, -50, comment.Line)
+			assert.Equal(t, tester.initialSHA, comment.CommitSHA) // tracked back to the previous commit where it was line num 50
+
+			diff50 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowDelCode, code: "Line 50"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertFilesChangedDiff(diff50)
+			tester.assertCommitDiff(commit, diff50)
+		})
+
+		t.Run("comment on removed line moves due to a following commit", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Remove line 50, place a comment on the removed line.
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 50\n", "", 1)
+			commit1 := tester.changeFile("file1.md", content)
+			tester.createPR()
+
+			comment := tester.commentOnPreviousFromFilesChanged("file1.md", 50)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -47,7 +47,6 @@ Line 46
+ Line 47
+ Line 48
+ Line 49
+-Line 50`, comment.PatchQuoted)
+			assert.Equal(t, "previous", comment.DiffSide())
+			assert.EqualValues(t, -50, comment.Line)
+			assert.Equal(t, tester.initialSHA, comment.CommitSHA) // tracked back to the previous commit where it was line num 50
+
+			// Add a second commit to the PR which removes "Line 1" - "Line 10".
+			content = strings.Replace(content, "Line 1\nLine 2\nLine 3\nLine 4\nLine 5\nLine 6\nLine 7\nLine 8\nLine 9\nLine 10\n", "", 1)
+			commit2 := tester.changeFile("file1.md", content)
+
+			diff2 := []diffTableRow{
+				{rowType: RowDelCode, code: "Line 9"},
+				{rowType: RowDelCode, code: "Line 10"},
+				{rowType: RowHasCode, code: "Line 11"},
+			}
+			tester.assertFilesChangedDiff(diff2, "checking commit2 contents in full PR diff")
+			tester.assertCommitDiff(commit2, diff2, "checking commit2 contents in single-commit diff")
+
+			diff1 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowDelCode, code: "Line 50"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertFilesChangedDiff(diff1, "checking commit1 contents in full PR diff")
+			tester.assertCommitDiff(commit1, diff1, "checking commit1 contents in single-commit diff")
+
+			// This comment can still be located in the diff, so it should not be marked as Invalidated/Outdated --
+			// which is kinda guaranteed by it being loaded in the diff, but for test sanity assert specifically.
+			commentReloaded := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: comment.ID})
+			assert.False(t, commentReloaded.Invalidated)
+		})
+
+		t.Run("comment on previous side line unchanged by PR appears", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Change line 50
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 50\n", "Line 50--modified\n", 1)
+			commit1 := tester.changeFile("file1.md", content)
+			content = strings.Replace(content, "Line 1\nLine 2\nLine 3\nLine 4\nLine 5\nLine 6\nLine 7\nLine 8\nLine 9\nLine 10\n", "", 1)
+			tester.changeFile("file1.md", content)
+			tester.createPR()
+
+			// While viewing the PR, the reviewer made a comment on the previous side on a line of code that wasn't
+			// actually changed in the PR:
+			comment := tester.commentOnPreviousFromFilesChanged("file1.md", 49)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -47,7 +37,7 @@ Line 46
+ Line 47
+ Line 48
+ Line 49`, comment.PatchQuoted)
+			assert.Equal(t, "proposed", comment.DiffSide()) // will be moved from previous(LHS)->proposed(RHS) because it wasn't a comment on a change in the PR
+			assert.EqualValues(t, 49, comment.Line)
+			assert.Equal(t, tester.initialSHA, comment.CommitSHA)
+
+			diff := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowDelCode, code: "Line 50"},
+				{rowType: RowAddCode, code: "Line 50--modified"},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertFilesChangedDiff(diff, "checking commit1 contents in full PR diff")
+			tester.assertCommitDiff(commit1, diff, "checking commit1 contents in single-commit diff")
+		})
+
+		t.Run("comment on first line of file removed", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Remove the first line of the file which will then be commented on, as an edge-case
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 1\n", "", 1)
+			commit1 := tester.changeFile("file1.md", content)
+			tester.createPR()
+
+			comment := tester.commentOnPreviousFromSpecificCommit(commit1, "file1.md", 1)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -1,4 +1,3 @@
+-Line 1`, comment.PatchQuoted)
+			assert.Equal(t, "previous", comment.DiffSide())
+			assert.EqualValues(t, -1, comment.Line)
+			assert.Equal(t, tester.initialSHA, comment.CommitSHA)
+
+			diff := []diffTableRow{
+				{rowType: RowDelCode, code: "Line 1"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowHasCode, code: "Line 2"},
+			}
+			tester.assertFilesChangedDiff(diff, "checking commit1 contents in full PR diff")
+			tester.assertCommitDiff(commit1, diff, "checking commit1 contents in single-commit diff")
+		})
+
+		t.Run("comment on removed line moves due to a following commit, following commit is rewritten and force-push'd", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Modify line 50
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 50\n", "Line 50--modified\n", 1)
+			commit1 := tester.changeFile("file1.md", content)
+			tester.createPR()
+
+			// Place a comment on "Line 50" (removed side)
+			comment := tester.commentOnPreviousFromFilesChanged("file1.md", 50)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -47,7 +47,7 @@ Line 46
+ Line 47
+ Line 48
+ Line 49
+-Line 50`, comment.PatchQuoted)
+			assert.Equal(t, "previous", comment.DiffSide())
+			assert.EqualValues(t, -50, comment.Line)
+			assert.Equal(t, tester.initialSHA, comment.CommitSHA)
+			assert.False(t, comment.Invalidated)
+
+			// Add a second commit to the PR which removes  "Line 1" - "Line 10".
+			content = strings.Replace(content, "Line 1\nLine 2\nLine 3\nLine 4\nLine 5\nLine 6\nLine 7\nLine 8\nLine 9\nLine 10\n", "", 1)
+			tester.changeFile("file1.md", content)
+
+			// Now amend commit2v1 with an additional change, causing a force push of the branch
+			tester.withBranchCheckout(func(repoPath string) {
+				content = strings.Replace(content, "Line 11\n", "", 1) // Remove Line 11 as well
+				require.NoError(t, os.WriteFile(path.Join(repoPath, "file1.md"), []byte(content), 0o644))
+				require.NoError(t, git.NewCommand(t.Context(), "commit", "-a", "--amend", "--no-edit").Run(&git.RunOpts{Dir: repoPath}))
+				require.NoError(t, git.NewCommand(t.Context(), "push", "--force").Run(&git.RunOpts{Dir: repoPath}))
+			})
+
+			diff2 := []diffTableRow{
+				{rowType: RowDelCode, code: "Line 10"},
+				{rowType: RowDelCode, code: "Line 11"},
+				{rowType: RowHasCode, code: "Line 12"},
+			}
+			tester.assertFilesChangedDiff(diff2, "checking commit2 (force push) contents in full PR diff")
+
+			diff1 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowDelCode, code: "Line 50"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowAddCode, code: "Line 50--modified"},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertFilesChangedDiff(diff1, "checking commit1 contents in full PR diff")
+			tester.assertCommitDiff(commit1, diff1, "checking commit1 contents in single-commit diff")
+
+			// This comment can still be located in the diff, so it should not be marked as Invalidated/Outdated --
+			// which is kinda guaranteed by it being loaded in the diff, but for test sanity assert specifically.
+			commentReloaded := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: comment.ID})
+			assert.False(t, commentReloaded.Invalidated)
+		})
+
+		t.Run("comment on removed line invalidated due to force push", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// Modify line 50
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 50\n", "", 1)
+			tester.changeFile("file1.md", content)
+			tester.createPR()
+
+			// Place a comment on "Line 50" (removed side)
+			comment := tester.commentOnPreviousFromFilesChanged("file1.md", 50)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -47,7 +47,6 @@ Line 46
+ Line 47
+ Line 48
+ Line 49
+-Line 50`, comment.PatchQuoted)
+			assert.Equal(t, "previous", comment.DiffSide())
+			assert.EqualValues(t, -50, comment.Line)
+			assert.Equal(t, tester.initialSHA, comment.CommitSHA)
+			assert.False(t, comment.Invalidated)
+
+			// Now amend commit1 with an additional change that undoes the earlier change, changes something else instead
+			tester.withBranchCheckout(func(repoPath string) {
+				content = strings.Replace(content, "Line 49\n", "Line 49\nLine 50\n", 1)
+				content = strings.Replace(content, "Line 52\n", "", 1)
+				require.NoError(t, os.WriteFile(path.Join(repoPath, "file1.md"), []byte(content), 0o644))
+				require.NoError(t, git.NewCommand(t.Context(), "commit", "-a", "--amend", "--no-edit").Run(&git.RunOpts{Dir: repoPath}))
+				require.NoError(t, git.NewCommand(t.Context(), "push", "--force").Run(&git.RunOpts{Dir: repoPath}))
+			})
+
+			diff := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowHasCode, code: "Line 50"},
+				{rowType: RowHasCode, code: "Line 51"},
+				{rowType: RowDelCode, code: "Line 52"},
+				{rowType: RowHasCode, code: "Line 53"},
+			}
+			tester.assertFilesChangedDiff(diff, "checking commit2 (force push) contents in full PR diff")
+
+			// The comment on "Line 50" can't be valid anymore since that's not in the diff:
+			assert.EventuallyWithT(t, func(t *assert.CollectT) {
+				commentReloaded := unittest.AssertExistsAndLoadBean(t, &issues_model.Comment{ID: comment.ID})
+				assert.True(t, commentReloaded.Invalidated)
+			}, 1*time.Second, 50*time.Millisecond)
+		})
 	})
 }
 
@@ -1592,17 +1851,32 @@ func (tester *PullRequestCommentPlacementTester) commentFromFilesChanged(filenam
 		// omit after_commit_id -- new_comment form defaults to fetching the PR head
 		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/new_comment", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index))
 	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
-	return tester.commentFromNewCommentForm(resp, filename, line)
+	return tester.commentFromNewCommentForm(resp, filename, line, "proposed")
+}
+
+func (tester *PullRequestCommentPlacementTester) commentOnPreviousFromFilesChanged(filename string, line int) *issues_model.Comment {
+	req := NewRequest(tester.t, "GET",
+		// omit after_commit_id -- new_comment form defaults to fetching the PR head
+		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/new_comment", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index))
+	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
+	return tester.commentFromNewCommentForm(resp, filename, line, "previous")
 }
 
 func (tester *PullRequestCommentPlacementTester) commentFromSpecificCommit(commitID, filename string, line int) *issues_model.Comment {
 	req := NewRequest(tester.t, "GET",
 		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/new_comment?after_commit_id=%s", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index, commitID))
 	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
-	return tester.commentFromNewCommentForm(resp, filename, line)
+	return tester.commentFromNewCommentForm(resp, filename, line, "proposed")
 }
 
-func (tester *PullRequestCommentPlacementTester) commentFromNewCommentForm(resp *httptest.ResponseRecorder, filename string, line int) *issues_model.Comment {
+func (tester *PullRequestCommentPlacementTester) commentOnPreviousFromSpecificCommit(commitID, filename string, line int) *issues_model.Comment {
+	req := NewRequest(tester.t, "GET",
+		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/new_comment?after_commit_id=%s", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index, commitID))
+	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
+	return tester.commentFromNewCommentForm(resp, filename, line, "previous")
+}
+
+func (tester *PullRequestCommentPlacementTester) commentFromNewCommentForm(resp *httptest.ResponseRecorder, filename string, line int, side string) *issues_model.Comment {
 	commentContent := uuid.New().String()
 	doc := NewHTMLParser(tester.t, resp.Body)
 	req := NewRequestWithValues(tester.t, "POST",
@@ -1610,7 +1884,7 @@ func (tester *PullRequestCommentPlacementTester) commentFromNewCommentForm(resp
 		map[string]string{
 			"origin":           doc.GetInputValueByName("origin"),
 			"latest_commit_id": doc.GetInputValueByName("latest_commit_id"),
-			"side":             "proposed", // "proposed" (RHS) or "previous" (LHS)
+			"side":             side, // "proposed" (RHS) or "previous" (LHS)
 			"line":             strconv.Itoa(line),
 			"path":             filename,
 			"diff_start_cid":   doc.GetInputValueByName("diff_start_cid"),

From 5f432e32c854b8c8da92cc9c791d5fba1113f864 Mon Sep 17 00:00:00 2001
From: famfo <famfo@famfo.xyz>
Date: Mon, 13 Apr 2026 22:05:29 +0200
Subject: [PATCH 681/854] chore(federation): re-enable nilnil lint (#11253)

First round of patches to re-enable some lints from my side.

This PR also refactors the general key fetching code quite a bit due to the way it currently worked
with relying on some values being nil sometimes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11253
Reviewed-by: elle <0xllx0@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
---
 .deadcode-out                                 |   1 -
 .golangci.yml                                 |   9 -
 models/forgefed/error.go                      |  22 ++
 models/forgefed/federationhost_repository.go  |  18 +-
 models/user/error.go                          |  13 +
 models/user/user_repository.go                |  14 +-
 modules/forgefed/actor_person.go              |   9 +-
 modules/forgefed/actor_person_test.go         |  42 +++
 routers/api/v1/activitypub/reqsignature.go    |  10 +-
 services/federation/error.go                  |   8 +
 services/federation/federation_service.go     | 100 ++++---
 services/federation/person_inbox_create.go    |   6 +-
 services/federation/person_inbox_undo.go      |  30 +--
 services/federation/signature_service.go      | 252 +++++++-----------
 .../integration/api_activitypub_actor_test.go |  30 ---
 .../api_federation_httpsig_test.go            |  32 +--
 16 files changed, 291 insertions(+), 305 deletions(-)
 create mode 100644 models/forgefed/error.go

diff --git a/.deadcode-out b/.deadcode-out
index a42b499a9f..b70be3e800 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -58,7 +58,6 @@ forgejo.org/models/user
 	IsErrUserSettingIsNotExist
 	GetUserAllSettings
 	DeleteUserSetting
-	GetFederatedUser
 
 forgejo.org/modules/activitypub
 	NewContext
diff --git a/.golangci.yml b/.golangci.yml
index fea9195be2..b16bb8beb2 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -224,9 +224,6 @@ linters:
       - path: models/dbfs/dbfile.go
         linters:
           - nilnil
-      - path: models/forgefed/federationhost_repository.go
-        linters:
-          - nilnil
       - path: models/forgejo_migrations_legacy/v32.go
         linters:
           - nilnil
@@ -284,9 +281,6 @@ linters:
       - path: models/repo/repo.go
         linters:
           - nilnil
-      - path: models/user/user_repository.go
-        linters:
-          - nilnil
       - path: modules/git/commit.go
         linters:
           - nilnil
@@ -380,9 +374,6 @@ linters:
       - path: routers/api/packages/conan/auth.go
         linters:
           - nilnil
-      - path: services/federation/signature_service.go
-        linters:
-          - nilnil
       - path: services/issue/commit.go
         linters:
           - nilnil
diff --git a/models/forgefed/error.go b/models/forgefed/error.go
new file mode 100644
index 0000000000..f8b5ef852e
--- /dev/null
+++ b/models/forgefed/error.go
@@ -0,0 +1,22 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgefed
+
+import (
+	"fmt"
+)
+
+type ErrFederationHostNotFound struct {
+	SearchKey   string
+	SearchValue string
+}
+
+func (err ErrFederationHostNotFound) Error() string {
+	return fmt.Sprintf("ErrFederationHostNotFound: search key: %s, search value: %s", err.SearchKey, err.SearchValue)
+}
+
+func IsErrFederationHostNotFound(err error) bool {
+	_, ok := err.(ErrFederationHostNotFound)
+	return ok
+}
diff --git a/models/forgefed/federationhost_repository.go b/models/forgefed/federationhost_repository.go
index c889c1140b..0b3329313e 100644
--- a/models/forgefed/federationhost_repository.go
+++ b/models/forgefed/federationhost_repository.go
@@ -57,13 +57,13 @@ func GetFederationHost(ctx context.Context, ID int64) (*FederationHost, error) {
 	return host, nil
 }
 
-func findFederationHostFromDB(ctx context.Context, searchKey, searchValue string) (*FederationHost, error) {
+func findFederationHostFromDB(ctx context.Context, searchKey string, searchValue ...any) (*FederationHost, error) {
 	host := new(FederationHost)
-	has, err := db.GetEngine(ctx).Where(searchKey, searchValue).Get(host)
+	has, err := db.GetEngine(ctx).Where(searchKey, searchValue...).Get(host)
 	if err != nil {
 		return nil, err
 	} else if !has {
-		return nil, nil
+		return nil, ErrFederationHostNotFound{SearchKey: searchKey, SearchValue: fmt.Sprintf("%v", searchValue)}
 	}
 	if res, err := validation.IsValid(host); !res {
 		return nil, err
@@ -72,17 +72,7 @@ func findFederationHostFromDB(ctx context.Context, searchKey, searchValue string
 }
 
 func FindFederationHostByFqdnAndPort(ctx context.Context, fqdn string, port uint16) (*FederationHost, error) {
-	host := new(FederationHost)
-	has, err := db.GetEngine(ctx).Where("host_fqdn=? AND host_port=?", fqdn, port).Get(host)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, nil
-	}
-	if res, err := validation.IsValid(host); !res {
-		return nil, err
-	}
-	return host, nil
+	return findFederationHostFromDB(ctx, "host_fqdn=? AND host_port=?", fqdn, port)
 }
 
 func FindFederationHostByKeyID(ctx context.Context, keyID string) (*FederationHost, error) {
diff --git a/models/user/error.go b/models/user/error.go
index 264b3fdcd2..7f23758768 100644
--- a/models/user/error.go
+++ b/models/user/error.go
@@ -105,3 +105,16 @@ func IsErrUserIsNotLocal(err error) bool {
 	_, ok := err.(ErrUserIsNotLocal)
 	return ok
 }
+
+type ErrFederatedUserNotExists struct {
+	Identifier string
+}
+
+func (err ErrFederatedUserNotExists) Error() string {
+	return fmt.Sprintf("No cached federated user found for identifier %s", err.Identifier)
+}
+
+func IsErrFederatedUserNotExists(err error) bool {
+	_, ok := err.(ErrFederatedUserNotExists)
+	return ok
+}
diff --git a/models/user/user_repository.go b/models/user/user_repository.go
index 1ec0906e4b..506d1cfb15 100644
--- a/models/user/user_repository.go
+++ b/models/user/user_repository.go
@@ -65,7 +65,7 @@ func FindFederatedUser(ctx context.Context, externalID string, federationHostID
 	if err != nil {
 		return nil, nil, err
 	} else if !has {
-		return nil, nil, nil
+		return nil, nil, ErrFederatedUserNotExists{Identifier: externalID}
 	}
 	has, err = db.GetEngine(ctx).ID(federatedUser.UserID).Get(user)
 	if err != nil {
@@ -134,16 +134,6 @@ func FindFederatedUsersByHostID(ctx context.Context, federationHostID int64, opt
 	return users, nil
 }
 
-func GetFederatedUser(ctx context.Context, externalID string, federationHostID int64) (*User, *FederatedUser, error) {
-	user, federatedUser, err := FindFederatedUser(ctx, externalID, federationHostID)
-	if err != nil {
-		return nil, nil, err
-	} else if federatedUser == nil {
-		return nil, nil, fmt.Errorf("FederatedUser not found (given externalId: %v, federationHostId: %v)", externalID, federationHostID)
-	}
-	return user, federatedUser, nil
-}
-
 func GetFederatedUserByUserID(ctx context.Context, userID int64) (*User, *FederatedUser, error) {
 	federatedUser := new(FederatedUser)
 	user := new(User)
@@ -177,7 +167,7 @@ func FindFederatedUserByKeyID(ctx context.Context, keyID string) (*User, *Federa
 	if err != nil {
 		return nil, nil, err
 	} else if !has {
-		return nil, nil, nil
+		return nil, nil, ErrFederatedUserNotExists{Identifier: keyID}
 	}
 	has, err = db.GetEngine(ctx).ID(federatedUser.UserID).Get(user)
 	if err != nil {
diff --git a/modules/forgefed/actor_person.go b/modules/forgefed/actor_person.go
index cde2dea9ce..aee7d3c37f 100644
--- a/modules/forgefed/actor_person.go
+++ b/modules/forgefed/actor_person.go
@@ -20,6 +20,8 @@ type PersonID struct {
 const (
 	personIDapiPathV1       = "api/v1/activitypub/user-id"
 	personIDapiPathV1Latest = "api/activitypub/user-id"
+	actorIDapiPathV1        = "api/v1/activitypub"
+	actorIDapiPathLatest    = "api/activitypub"
 )
 
 // Factory function for PersonID. Created struct is asserted to be valid
@@ -88,8 +90,11 @@ func (id PersonID) Validate() []string {
 	result = append(result, validation.ValidateOneOf(id.Source, []any{"forgejo", "gitea", "mastodon", "gotosocial"}, "Source")...)
 	if id.Source == "forgejo" {
 		result = append(result, validation.ValidateNotEmpty(id.Path, "path")...)
-		if strings.ToLower(id.Path) != personIDapiPathV1 && strings.ToLower(id.Path) != personIDapiPathV1Latest {
-			result = append(result, fmt.Sprintf("path: %q has to be a person specific api path", id.Path))
+		lowerPath := strings.ToLower(id.Path)
+		if lowerPath != personIDapiPathV1 && lowerPath != personIDapiPathV1Latest {
+			if lowerPath != actorIDapiPathV1 && lowerPath != actorIDapiPathLatest || id.ID != "actor" {
+				result = append(result, fmt.Sprintf("path: %q has to be a person specific api path", id.Path))
+			}
 		}
 	}
 
diff --git a/modules/forgefed/actor_person_test.go b/modules/forgefed/actor_person_test.go
index f673aabba1..72ff976688 100644
--- a/modules/forgefed/actor_person_test.go
+++ b/modules/forgefed/actor_person_test.go
@@ -159,6 +159,48 @@ func TestPersonIdValidation(t *testing.T) {
 	result, err = validation.IsValid(sut)
 	assert.False(t, result)
 	require.EqualError(t, err, "Validation Error: forgefed.PersonID: Field Source contains the value forgejox, which is not in allowed subset [forgejo gitea mastodon gotosocial]")
+
+	sut = forgefed.PersonID{}
+	sut.ID = "actor"
+	sut.Source = "forgejo"
+	sut.HostSchema = "https"
+	sut.Path = "api/v1/activitypub"
+	sut.Host = "example.com"
+	sut.HostPort = 443
+	sut.IsPortSupplemented = true
+	sut.UnvalidatedInput = "https://example.com/api/v1/activitypub/actor"
+
+	result, err = validation.IsValid(sut)
+	assert.True(t, result)
+	require.NoError(t, err)
+
+	sut = forgefed.PersonID{}
+	sut.ID = "actor"
+	sut.Source = "forgejo"
+	sut.HostSchema = "https"
+	sut.Path = "api/activitypub"
+	sut.Host = "example.com"
+	sut.HostPort = 443
+	sut.IsPortSupplemented = true
+	sut.UnvalidatedInput = "https://example.com/api/activitypub/actor"
+
+	result, err = validation.IsValid(sut)
+	assert.True(t, result)
+	require.NoError(t, err)
+
+	sut = forgefed.PersonID{}
+	sut.ID = "1"
+	sut.Source = "forgejo"
+	sut.HostSchema = "https"
+	sut.Path = "api/v1/activitypub"
+	sut.Host = "example.com"
+	sut.HostPort = 443
+	sut.IsPortSupplemented = true
+	sut.UnvalidatedInput = "https://example.com/api/v1/activitypub/1"
+
+	result, err = validation.IsValid(sut)
+	assert.False(t, result)
+	require.EqualError(t, err, "Validation Error: forgefed.PersonID: path: \"api/v1/activitypub\" has to be a person specific api path")
 }
 
 func TestWebfingerId(t *testing.T) {
diff --git a/routers/api/v1/activitypub/reqsignature.go b/routers/api/v1/activitypub/reqsignature.go
index 2c17d953d0..100378b5f1 100644
--- a/routers/api/v1/activitypub/reqsignature.go
+++ b/routers/api/v1/activitypub/reqsignature.go
@@ -30,13 +30,9 @@ func verifyHTTPSignature(ctx app_context.APIContext) (authenticated bool, err er
 
 	log.Debug("Verify %q, signed by KeyId: %v", r.URL.Path, v.KeyId())
 	signatureAlgorithm := httpsig.Algorithm(setting.Federation.SignatureAlgorithms[0])
-	pubKey, err := federation.FindOrCreateFederatedUserKey(ctx, v.KeyId())
-	if err != nil || pubKey == nil {
-		pubKey, err = federation.FindOrCreateFederationHostKey(ctx, v.KeyId())
-		if err != nil {
-			log.Debug("For %q verification failed: %v", r.URL.Path, err)
-			return false, err
-		}
+	pubKey, err := federation.FindOrCreateActorKey(ctx, v.KeyId())
+	if err != nil {
+		return false, err
 	}
 
 	err = v.Verify(pubKey, signatureAlgorithm)
diff --git a/services/federation/error.go b/services/federation/error.go
index 425035d0d5..7ba954dab6 100644
--- a/services/federation/error.go
+++ b/services/federation/error.go
@@ -42,3 +42,11 @@ func HTTPStatus(err error) int {
 		return http.StatusInternalServerError
 	}
 }
+
+type ErrKeyNotFound struct {
+	KeyID string
+}
+
+func (err ErrKeyNotFound) Error() string {
+	return fmt.Sprintf("No key found for key ID: %s", err.KeyID)
+}
diff --git a/services/federation/federation_service.go b/services/federation/federation_service.go
index 04cc4e878a..0b023791ea 100644
--- a/services/federation/federation_service.go
+++ b/services/federation/federation_service.go
@@ -33,80 +33,92 @@ func FindOrCreateFederationHost(ctx context.Context, actorURI string) (*forgefed
 	if err != nil {
 		return nil, err
 	}
+
 	federationHost, err := forgefed.FindFederationHostByFqdnAndPort(ctx, rawActorID.Host, rawActorID.HostPort)
 	if err != nil {
-		return nil, err
-	}
-	if federationHost == nil {
-		result, err := createFederationHostFromAP(ctx, rawActorID)
-		if err != nil {
+		if !forgefed.IsErrFederationHostNotFound(err) {
 			return nil, err
 		}
-		federationHost = result
+
+		federationHost, err = createFederationHostFromAP(ctx, rawActorID)
 	}
-	return federationHost, nil
+
+	return federationHost, err
 }
 
 func FindOrCreateFederatedUser(ctx context.Context, actorURI string) (*user_model.User, *user_model.FederatedUser, *forgefed.FederationHost, error) {
-	user, federatedUser, federationHost, err := findFederatedUser(ctx, actorURI)
+	federationHost, personID, err := findFederationHost(ctx, actorURI)
 	if err != nil {
 		return nil, nil, nil, err
 	}
 
-	personID, err := fm.NewPersonID(actorURI, string(federationHost.NodeInfo.SoftwareName))
+	user, federatedUser, err := findFederatedUser(ctx, actorURI)
+	if err == nil {
+		log.Trace("Found local user: %v", user.Name)
+		return user, federatedUser, federationHost, nil
+	}
+
+	if !user_model.IsErrFederatedUserNotExists(err) {
+		return nil, nil, nil, err
+	}
+
+	// Fetch the remote user
+	apUser, apFederatedUser, err := fetchUserFromAP(ctx, *personID, federationHost)
 	if err != nil {
 		return nil, nil, nil, err
 	}
 
-	if user != nil {
-		log.Trace("Local ActivityPub user found (actorURI: %#v, user: %v)", actorURI, user.Name)
-	} else {
-		log.Trace("Attempting to create new user and federatedUser for actorURI: %#v", actorURI)
-		apUser, apFederatedUser, err := fetchUserFromAP(ctx, personID, federationHost)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-
-		user, federatedUser, federationHost, err = findFederatedUser(ctx, apFederatedUser.NormalizedOriginalURL)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-
-		if user != nil {
-			log.Trace("Resolved alias %s to %s", actorURI, apFederatedUser.NormalizedOriginalURL)
-		} else {
-			user = apUser
-			federatedUser = apFederatedUser
-
-			err := user_model.CreateFederatedUser(ctx, user, federatedUser)
-			if err != nil {
-				return nil, nil, nil, err
-			}
-
-			log.Trace("Created user %s with federatedUser %s from distant server", user.LogString(), federatedUser.LogString())
-		}
+	// User is an alias, for example in newer Mastodon versions
+	// - example.com/@example
+	// - example.com/users/example
+	// have the ID
+	// - example.com/ap/users/<id>
+	user, federatedUser, err = findFederatedUser(ctx, apFederatedUser.NormalizedOriginalURL)
+	if err == nil {
+		log.Trace("Resolved alias %s to %s", actorURI, apFederatedUser.NormalizedOriginalURL)
+		return user, federatedUser, federationHost, nil
 	}
-	log.Trace("Got user: %v", user.Name)
 
-	return user, federatedUser, federationHost, nil
+	err = user_model.CreateFederatedUser(ctx, apUser, apFederatedUser)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	log.Trace("Created user %s with federatedUser %s from distant server", user.LogString(), federatedUser.LogString())
+	return apUser, apFederatedUser, federationHost, nil
 }
 
-func findFederatedUser(ctx context.Context, actorURI string) (*user_model.User, *user_model.FederatedUser, *forgefed.FederationHost, error) {
+func findFederationHost(ctx context.Context, actorURI string) (*forgefed.FederationHost, *fm.PersonID, error) {
 	federationHost, err := FindOrCreateFederationHost(ctx, actorURI)
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, err
 	}
+
 	actorID, err := fm.NewPersonID(actorURI, string(federationHost.NodeInfo.SoftwareName))
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, err
 	}
 
-	user, federatedUser, err := user_model.FindFederatedUser(ctx, actorID.ID, federationHost.ID)
+	return federationHost, &actorID, nil
+}
+
+func findFederatedUser(ctx context.Context, actorURI string) (*user_model.User, *user_model.FederatedUser, error) {
+	federationHost, _, err := findFederationHost(ctx, actorURI)
 	if err != nil {
-		return nil, nil, nil, err
+		return nil, nil, err
 	}
 
-	return user, federatedUser, federationHost, nil
+	actorID, err := fm.NewPersonID(actorURI, string(federationHost.NodeInfo.SoftwareName))
+	if err != nil {
+		return nil, nil, err
+	}
+
+	localUser, federatedUser, err := user_model.FindFederatedUser(ctx, actorID.ID, federationHost.ID)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return localUser, federatedUser, nil
 }
 
 func createFederationHostFromAP(ctx context.Context, actorID fm.ActorID) (*forgefed.FederationHost, error) {
diff --git a/services/federation/person_inbox_create.go b/services/federation/person_inbox_create.go
index 2132c7ede1..9353c687d0 100644
--- a/services/federation/person_inbox_create.go
+++ b/services/federation/person_inbox_create.go
@@ -23,15 +23,11 @@ func processPersonInboxCreate(ctx context.Context, user *user.User, activity *ap
 	}
 
 	actorURI := createAct.Actor.GetLink().String()
-	federatedBaseUser, _, _, err := findFederatedUser(ctx, actorURI)
+	federatedBaseUser, _, err := findFederatedUser(ctx, actorURI)
 	if err != nil {
 		log.Error("Federated user not found (%s): %v", actorURI, err)
 		return ServiceResult{}, NewErrNotAcceptablef("federated user not found (%s): %v", actorURI, err)
 	}
-	if federatedBaseUser == nil {
-		log.Error("Federated user not found (%s): %v", actorURI, err)
-		return ServiceResult{}, NewErrNotAcceptablef("federated user not found (%s): %v", actorURI, err)
-	}
 
 	federatedUserActivity, err := activities.NewFederatedUserActivity(
 		user.ID,
diff --git a/services/federation/person_inbox_undo.go b/services/federation/person_inbox_undo.go
index 4379cf242a..c7593adace 100644
--- a/services/federation/person_inbox_undo.go
+++ b/services/federation/person_inbox_undo.go
@@ -20,27 +20,25 @@ func processPersonInboxUndo(ctx context.Context, ctxUser *user.User, activity *a
 	}
 
 	actorURI := activity.Actor.GetLink().String()
-	_, federatedUser, _, err := findFederatedUser(ctx, actorURI)
+	_, federatedUser, err := findFederatedUser(ctx, actorURI)
 	if err != nil {
 		log.Error("User not found: %v", err)
 		return ServiceResult{}, NewErrInternalf("User not found: %v", err)
 	}
 
-	if federatedUser != nil {
-		following, err := user.IsFollowingAp(ctx, ctxUser, federatedUser)
-		if err != nil {
-			log.Error("forgefed.IsFollowing: %v", err)
-			return ServiceResult{}, NewErrInternalf("forgefed.IsFollowing: %v", err)
-		}
-		if !following {
-			// The local user is not following the federated one, nothing to do.
-			log.Trace("Local user[%d] is not following federated user[%d]", ctxUser.ID, federatedUser.ID)
-			return NewServiceResultStatusOnly(http.StatusNoContent), nil
-		}
-		if err := user.RemoveFollower(ctx, ctxUser, federatedUser); err != nil {
-			log.Error("Unable to remove follower", err)
-			return ServiceResult{}, NewErrInternalf("Unable to remove follower: %v", err)
-		}
+	following, err := user.IsFollowingAp(ctx, ctxUser, federatedUser)
+	if err != nil {
+		log.Error("forgefed.IsFollowing: %v", err)
+		return ServiceResult{}, NewErrInternalf("forgefed.IsFollowing: %v", err)
+	}
+	if !following {
+		// The local user is not following the federated one, nothing to do.
+		log.Trace("Local user[%d] is not following federated user[%d]", ctxUser.ID, federatedUser.ID)
+		return NewServiceResultStatusOnly(http.StatusNoContent), nil
+	}
+	if err := user.RemoveFollower(ctx, ctxUser, federatedUser); err != nil {
+		log.Error("Unable to remove follower", err)
+		return ServiceResult{}, NewErrInternalf("Unable to remove follower: %v", err)
 	}
 
 	return NewServiceResultStatusOnly(http.StatusNoContent), nil
diff --git a/services/federation/signature_service.go b/services/federation/signature_service.go
index bd40a37beb..cd7992605d 100644
--- a/services/federation/signature_service.go
+++ b/services/federation/signature_service.go
@@ -15,180 +15,128 @@ import (
 	"forgejo.org/models/forgefed"
 	"forgejo.org/models/user"
 	"forgejo.org/modules/activitypub"
-	fm "forgejo.org/modules/forgefed"
 	"forgejo.org/modules/log"
 
 	ap "github.com/go-ap/activitypub"
 )
 
-// Factory function for ActorID. Created struct is asserted to be valid
-func NewActorIDFromKeyID(ctx context.Context, uri string) (fm.ActorID, error) {
-	parsedURI, err := url.Parse(uri)
-	if err != nil {
-		return fm.ActorID{}, err
-	}
-
-	parsedURI.Fragment = ""
-
-	actionsUser := user.NewAPServerActor()
-	clientFactory, err := activitypub.GetClientFactory(ctx)
-	if err != nil {
-		return fm.ActorID{}, err
-	}
-
-	apClient, err := clientFactory.WithKeys(ctx, actionsUser, actionsUser.KeyID())
-	if err != nil {
-		return fm.ActorID{}, err
-	}
-
-	userResponse, err := apClient.GetBody(parsedURI.String())
-	if err != nil {
-		return fm.ActorID{}, err
-	}
-
-	var actor ap.Actor
-	err = actor.UnmarshalJSON(userResponse)
-	if err != nil {
-		return fm.ActorID{}, err
-	}
-
-	result, err := fm.NewActorID(actor.PublicKey.Owner.String())
-	return result, err
-}
-
-func FindOrCreateFederatedUserKey(ctx context.Context, keyID string) (pubKey any, err error) {
-	log.Trace("KeyID: %v", keyID)
-	var federatedUser *user.FederatedUser
-	var keyURL *url.URL
-
-	keyURL, err = url.Parse(keyID)
-	if err != nil {
-		return nil, err
-	}
-
-	// Try if the signing actor is an already known federated user
-	_, federatedUser, err = user.FindFederatedUserByKeyID(ctx, keyURL.String())
-	if err != nil {
-		return nil, err
-	}
-
-	if federatedUser == nil {
-		rawActorID, err := NewActorIDFromKeyID(ctx, keyID)
-		if err != nil {
-			return nil, err
-		}
-
-		_, federatedUser, _, err = FindOrCreateFederatedUser(ctx, rawActorID.AsURI())
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	if federatedUser.PublicKey.Valid {
-		pubKey, err := x509.ParsePKIXPublicKey(federatedUser.PublicKey.V)
-		if err != nil {
-			return nil, err
-		}
-		log.Trace("For KeyID %v found pubKey %v", keyID, pubKey)
-		return pubKey, nil
-	}
-
-	// Fetch missing public key
-	pubKey, pubKeyBytes, apPerson, err := fetchKeyFromAp(ctx, *keyURL)
-	if err != nil {
-		return nil, err
-	}
-	if apPerson.Type == ap.ActivityVocabularyType("Person") {
-		// Check federatedUser.id = person.id
-		if federatedUser.ExternalID != apPerson.ID.String() {
-			return nil, fmt.Errorf("federated user fetched (%v) does not match the stored one %v", apPerson, federatedUser)
-		}
-		// update federated user
-		federatedUser.KeyID = sql.NullString{
-			String: apPerson.PublicKey.ID.String(),
-			Valid:  true,
-		}
-		federatedUser.PublicKey = sql.Null[sql.RawBytes]{
-			V:     pubKeyBytes,
-			Valid: true,
-		}
-		err = user.UpdateFederatedUser(ctx, federatedUser)
-		if err != nil {
-			return nil, err
-		}
-		log.Trace("For %v found pubKey %v", keyID, pubKey)
-		return pubKey, nil
-	}
-	log.Trace("For %v found no pubKey", keyID)
-	return nil, nil
-}
-
-func FindOrCreateFederationHostKey(ctx context.Context, keyID string) (pubKey any, err error) {
+func FindOrCreateActorKey(ctx context.Context, keyID string) (pubKey any, err error) {
 	log.Trace("KeyID: %v", keyID)
 	keyURL, err := url.Parse(keyID)
 	if err != nil {
 		return nil, err
 	}
-	rawActorID, err := NewActorIDFromKeyID(ctx, keyID)
-	if err != nil {
-		return nil, err
-	}
 
-	// Is there an already known federation host?
-	federationHost, err := forgefed.FindFederationHostByKeyID(ctx, keyURL.String())
+	// Check for existing user key
+	_, federatedUser, err := user.FindFederatedUserByKeyID(ctx, keyURL.String())
 	if err != nil {
-		return nil, err
-	}
+		if !user.IsErrFederatedUserNotExists(err) {
+			return nil, err
+		}
 
-	if federationHost == nil {
-		federationHost, err = FindOrCreateFederationHost(ctx, rawActorID.AsURI())
+		// Check for existing federation host key
+		federationHost, err := forgefed.FindFederationHostByKeyID(ctx, keyURL.String())
+		if err != nil {
+			if !forgefed.IsErrFederationHostNotFound(err) {
+				return nil, err
+			}
+		} else if federationHost.PublicKey.Valid {
+			pubKey, err := x509.ParsePKIXPublicKey(federationHost.PublicKey.V)
+			if err != nil {
+				return nil, err
+			}
+
+			return pubKey, nil
+		}
+	} else if federatedUser.PublicKey.Valid {
+		pubKey, err := x509.ParsePKIXPublicKey(federatedUser.PublicKey.V)
 		if err != nil {
 			return nil, err
 		}
-	}
 
-	// Is there an already an key?
-	if federationHost.PublicKey.Valid {
-		pubKey, err := x509.ParsePKIXPublicKey(federationHost.PublicKey.V)
-		if err != nil {
-			return nil, err
-		}
-		log.Trace("For %v found pubKey: %v", keyID, pubKey)
 		return pubKey, nil
 	}
 
-	// If not, fetch missing public key
-	pubKey, pubKeyBytes, apPerson, err := fetchKeyFromAp(ctx, *keyURL)
+	// Fetch missing key
+	pubKey, pubKeyBytes, actor, err := fetchKeyFromAp(ctx, *keyURL)
 	if err != nil {
 		return nil, err
 	}
-	if apPerson.Type == ap.ActivityVocabularyType("Application") {
-		// Check federationhost.id = person.id
-		if federationHost.HostPort != rawActorID.HostPort || federationHost.HostFqdn != rawActorID.Host ||
-			federationHost.HostSchema != rawActorID.HostSchema {
-			return nil, fmt.Errorf("federation host fetched (%v) does not match the stored one %v", apPerson, federationHost)
-		}
-		// update federation host
-		federationHost.KeyID = sql.NullString{
-			String: apPerson.PublicKey.ID.String(),
-			Valid:  true,
-		}
-		federationHost.PublicKey = sql.Null[sql.RawBytes]{
-			V:     pubKeyBytes,
-			Valid: true,
-		}
-		err = forgefed.UpdateFederationHost(ctx, federationHost)
+
+	switch actor.Type {
+	case ap.PersonType:
+		_, federatedUser, _, err := FindOrCreateFederatedUser(ctx, actor.ID.String())
 		if err != nil {
 			return nil, err
 		}
-		log.Trace("For %v found pubKey: %v", keyID, pubKey)
-		return pubKey, nil
+
+		err = updateFederatedUserKey(ctx, federatedUser, pubKeyBytes, actor)
+		if err != nil {
+			return nil, err
+		}
+	case ap.ApplicationType:
+		federationHost, err := FindOrCreateFederationHost(ctx, actor.ID.String())
+		if err != nil {
+			return nil, err
+		}
+
+		err = updateFederationHostKey(ctx, federationHost, pubKeyBytes, actor)
+		if err != nil {
+			return nil, err
+		}
+	default:
+		return nil, fmt.Errorf("Fetched actortype (%s) is unhandled", actor.Type)
 	}
-	log.Trace("For %v found no pubKey.", keyID)
-	return nil, nil
+
+	return pubKey, nil
 }
 
-func fetchKeyFromAp(ctx context.Context, keyURL url.URL) (pubKey any, pubKeyBytes []byte, apPerson *ap.Person, err error) {
+func updateFederatedUserKey(ctx context.Context, federatedUser *user.FederatedUser, pubKeyBytes []byte, actor *ap.Actor) (err error) {
+	if actor.Type != ap.PersonType {
+		return fmt.Errorf("Fetched user type (%s) is not of user type Person", actor.Type)
+	}
+
+	if federatedUser.NormalizedOriginalURL != actor.ID.String() {
+		return fmt.Errorf("federated user (%s) does not match the stored one %s", actor.ID, federatedUser.NormalizedOriginalURL)
+	}
+
+	federatedUser.KeyID = sql.NullString{
+		String: actor.PublicKey.ID.String(),
+		Valid:  true,
+	}
+
+	federatedUser.PublicKey = sql.Null[sql.RawBytes]{
+		V:     pubKeyBytes,
+		Valid: true,
+	}
+
+	return user.UpdateFederatedUser(ctx, federatedUser)
+}
+
+func updateFederationHostKey(ctx context.Context, federationHost *forgefed.FederationHost, pubKeyBytes []byte, actor *ap.Actor) (err error) {
+	if actor.Type != ap.ApplicationType {
+		return fmt.Errorf("Fetched user type (%s) is not of user type Application", actor.Type)
+	}
+
+	federationHost.KeyID = sql.NullString{
+		String: actor.PublicKey.ID.String(),
+		Valid:  true,
+	}
+
+	federationHost.PublicKey = sql.Null[sql.RawBytes]{
+		V:     pubKeyBytes,
+		Valid: true,
+	}
+
+	err = forgefed.UpdateFederationHost(ctx, federationHost)
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func fetchKeyFromAp(ctx context.Context, keyURL url.URL) (pubKey any, pubKeyBytes []byte, apPerson *ap.Actor, err error) {
 	log.Trace("keyURL %v", keyURL)
 	actionsUser := user.NewAPServerActor()
 
@@ -207,13 +155,17 @@ func fetchKeyFromAp(ctx context.Context, keyURL url.URL) (pubKey any, pubKeyByte
 		return nil, nil, nil, err
 	}
 
-	person := ap.PersonNew(ap.IRI(keyURL.String()))
-	err = person.UnmarshalJSON(b)
+	actor := ap.ActorNew(ap.IRI(keyURL.String()), ap.ActorType)
+	err = actor.UnmarshalJSON(b)
 	if err != nil {
-		return nil, nil, nil, fmt.Errorf("ActivityStreams type cannot be converted to one known to have publicKey property: %w", err)
+		return nil, nil, nil, fmt.Errorf("ActivityStreams object cannot be converted to actor: %w", err)
+	}
+
+	pubKeyFromAp := actor.PublicKey
+	if pubKeyFromAp.PublicKeyPem == "" {
+		return nil, nil, nil, ErrKeyNotFound{KeyID: keyURL.String()}
 	}
 
-	pubKeyFromAp := person.PublicKey
 	if pubKeyFromAp.ID.String() != keyURL.String() {
 		return nil, nil, nil, fmt.Errorf("cannot find publicKey with id: %v in %v", keyURL, string(b))
 	}
@@ -229,7 +181,7 @@ func fetchKeyFromAp(ctx context.Context, keyURL url.URL) (pubKey any, pubKeyByte
 	}
 
 	log.Trace("For %v fetched pubKey %v", keyURL, pubKey)
-	return pubKey, pubKeyBytes, person, err
+	return pubKey, pubKeyBytes, actor, err
 }
 
 func decodePublicKeyPem(pubKeyPem string) ([]byte, error) {
diff --git a/tests/integration/api_activitypub_actor_test.go b/tests/integration/api_activitypub_actor_test.go
index 30e8934e1b..2a758f5424 100644
--- a/tests/integration/api_activitypub_actor_test.go
+++ b/tests/integration/api_activitypub_actor_test.go
@@ -4,19 +4,13 @@
 package integration
 
 import (
-	"fmt"
 	"io"
 	"net/http"
-	"net/url"
-	"strconv"
 	"testing"
 
-	"forgejo.org/modules/forgefed"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
 	"forgejo.org/routers"
-	"forgejo.org/services/contexttest"
-	"forgejo.org/services/federation"
 	"forgejo.org/tests"
 
 	ap "github.com/go-ap/activitypub"
@@ -76,27 +70,3 @@ func TestActivityPubActor(t *testing.T) {
 		assert.Nil(t, outboxCollection.Last)
 	})
 }
-
-func TestActorNewFromKeyId(t *testing.T) {
-	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
-	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
-
-	onApplicationRun(t, func(t *testing.T, u *url.URL) {
-		ctx, _ := contexttest.MockAPIContext(t, "/api/v1/activitypub/actor")
-		sut, err := federation.NewActorIDFromKeyID(ctx.Base, fmt.Sprintf("%sapi/v1/activitypub/actor#main-key", u))
-		require.NoError(t, err)
-
-		port, err := strconv.ParseUint(u.Port(), 10, 16)
-		require.NoError(t, err)
-
-		assert.Equal(t, forgefed.ActorID{
-			ID:                 "actor",
-			HostSchema:         "http",
-			Path:               "api/v1/activitypub",
-			Host:               setting.Domain,
-			HostPort:           uint16(port),
-			UnvalidatedInput:   fmt.Sprintf("http://%s:%d/api/v1/activitypub/actor", setting.Domain, port),
-			IsPortSupplemented: false,
-		}, sut)
-	})
-}
diff --git a/tests/integration/api_federation_httpsig_test.go b/tests/integration/api_federation_httpsig_test.go
index 5003f691d4..2f62efb2af 100644
--- a/tests/integration/api_federation_httpsig_test.go
+++ b/tests/integration/api_federation_httpsig_test.go
@@ -19,7 +19,6 @@ import (
 	"forgejo.org/modules/test"
 	"forgejo.org/routers"
 	"forgejo.org/services/contexttest"
-	"forgejo.org/services/federation"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -42,12 +41,29 @@ func TestFederationHttpSigValidation(t *testing.T) {
 		apClient, err := clientFactory.WithKeys(ctx, user1, user1.KeyID())
 		require.NoError(t, err)
 
+		// HACK HACK HACK: the host part of the URL gets set to which IP forgejo is
+		// listening on, NOT localhost, which is the Domain given to forgejo which
+		// is then used for eg. the keyID all requests
+		applicationKeyID := fmt.Sprintf("%sapi/v1/activitypub/actor#main-key", setting.AppURL)
+		actorKeyID := fmt.Sprintf("%sapi/v1/activitypub/user-id/1#main-key", setting.AppURL)
+
 		// Unsigned request
 		t.Run("UnsignedRequest", func(t *testing.T) {
 			req := NewRequest(t, "GET", userURL)
 			MakeRequest(t, req, http.StatusBadRequest)
 		})
 
+		// Check for missing public keys
+		t.Run("ValidateEmptyCaches", func(t *testing.T) {
+			_, err := forgefed.FindFederationHostByKeyID(db.DefaultContext, applicationKeyID)
+			require.Error(t, err)
+			assert.True(t, forgefed.IsErrFederationHostNotFound(err))
+
+			_, _, err = user.FindFederatedUserByKeyID(db.DefaultContext, actorKeyID)
+			require.Error(t, err)
+			assert.True(t, user.IsErrFederatedUserNotExists(err))
+		})
+
 		// Signed request
 		t.Run("SignedRequest", func(t *testing.T) {
 			resp, err := apClient.Get(userURL)
@@ -55,12 +71,6 @@ func TestFederationHttpSigValidation(t *testing.T) {
 			assert.Equal(t, http.StatusOK, resp.StatusCode)
 		})
 
-		// HACK HACK HACK: the host part of the URL gets set to which IP forgejo is
-		// listening on, NOT localhost, which is the Domain given to forgejo which
-		// is then used for eg. the keyID all requests
-		applicationKeyID := fmt.Sprintf("%sapi/v1/activitypub/actor#main-key", setting.AppURL)
-		actorKeyID := fmt.Sprintf("%sapi/v1/activitypub/user-id/1#main-key", setting.AppURL)
-
 		// Check for cached public keys
 		t.Run("ValidateCaches", func(t *testing.T) {
 			host, err := forgefed.FindFederationHostByKeyID(db.DefaultContext, applicationKeyID)
@@ -74,14 +84,6 @@ func TestFederationHttpSigValidation(t *testing.T) {
 			assert.True(t, user.PublicKey.Valid)
 		})
 
-		t.Run("ValidateActorFromKeyID", func(t *testing.T) {
-			_, err := federation.NewActorIDFromKeyID(ctx, actorKeyID)
-			require.NoError(t, err)
-
-			_, err = federation.NewActorIDFromKeyID(ctx, "http://bad.url/%^&")
-			require.Error(t, err)
-		})
-
 		// Disable signature validation
 		defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
 

From cf26e4c891c728db0c4729fac70763cb37319aea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=CE=88=CE=BB=CE=BB=CE=B5=CE=BD=20=CE=95=CE=BC=CE=AF=CE=BB?=
 =?UTF-8?q?=CE=B9=CE=B1=20=CE=86=CE=BD=CE=BD=CE=B1=20Zscheile?=
 <fogti+devel@ytrizja.de>
Date: Tue, 14 Apr 2026 06:27:39 +0200
Subject: [PATCH 682/854] feat(asymkey/llu): Only interpret .Reason as msgid if
 .Verified=false (#12019)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Split out from #12013.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12019
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>
Co-committed-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>
---
 models/asymkey/lint-locale-usage/llu.go | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/models/asymkey/lint-locale-usage/llu.go b/models/asymkey/lint-locale-usage/llu.go
index 256b5ca12b..2d6a02ff44 100644
--- a/models/asymkey/lint-locale-usage/llu.go
+++ b/models/asymkey/lint-locale-usage/llu.go
@@ -20,14 +20,32 @@ func HandleCompositeErrorReason(handler llu.Handler, fset *token.FileSet, n *ast
 	}
 
 	// fields are normally named
+	var reason ast.Expr
+	verified := false
 	for _, i := range n.Elts {
 		if kve, ok := i.(*ast.KeyValueExpr); ok {
 			ident, ok = kve.Key.(*ast.Ident)
-			if ok && ident.Name == "Reason" {
-				handler.HandleGoTrArgument(fset, kve.Value, "")
+			if !ok {
+				continue
+			}
+			switch ident.Name {
+			case "Reason":
+				reason = kve.Value
+			case "Verified":
+				if valueIdent, ok := kve.Value.(*ast.Ident); ok {
+					switch valueIdent.Name {
+					case "true":
+						verified = true
+					case "false":
+						verified = false
+					}
+				}
 			}
 		} else {
 			handler.OnWarning(fset, i.Pos(), "unable to parse ObjectVerification field assignment")
 		}
 	}
+	if !verified && reason != nil {
+		handler.HandleGoTrArgument(fset, reason, "")
+	}
 }

From 94a55fc666d0581973bb7db9fac3f9532735780d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=CE=88=CE=BB=CE=BB=CE=B5=CE=BD=20=CE=95=CE=BC=CE=AF=CE=BB?=
 =?UTF-8?q?=CE=B9=CE=B1=20=CE=86=CE=BD=CE=BD=CE=B1=20Zscheile?=
 <fogti+devel@ytrizja.de>
Date: Tue, 14 Apr 2026 07:20:16 +0200
Subject: [PATCH 683/854] i18n(mailer): Fix special usage of .Locale in
 admin_new_user (#12009)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR is in reaction to https://codeberg.org/forgejo/forgejo/issues/1711 .

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12009
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>
Co-committed-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>
---
 build/lint-locale-usage/handle-tmpl.go    | 6 +++++-
 services/mailer/mail_admin_new_user.go    | 2 +-
 templates/mail/notify/admin_new_user.tmpl | 4 ++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/build/lint-locale-usage/handle-tmpl.go b/build/lint-locale-usage/handle-tmpl.go
index 8d03291205..7fbda8ffd5 100644
--- a/build/lint-locale-usage/handle-tmpl.go
+++ b/build/lint-locale-usage/handle-tmpl.go
@@ -60,9 +60,13 @@ func (handler Handler) handleTemplateNode(fset *token.FileSet, node tmplParser.N
 
 		case tmplParser.NodeField:
 			nodeField := nodeCommand.Args[0].(*tmplParser.FieldNode)
-			if len(nodeField.Ident) != 2 || !(nodeField.Ident[0] == "locale" || nodeField.Ident[0] == "Locale") {
+			if len(nodeField.Ident) != 2 || nodeField.Ident[0] != "locale" {
 				return
 			}
+			resolvedPos := fset.PositionFor(token.Pos(nodeCommand.Pos), false)
+			if !strings.Contains(resolvedPos.Filename, "templates/mail/") {
+				handler.OnWarning(fset, token.Pos(nodeCommand.Pos), "encountered unexpected .locale usage")
+			}
 			funcname = nodeField.Ident[1]
 
 		case tmplParser.NodeVariable:
diff --git a/services/mailer/mail_admin_new_user.go b/services/mailer/mail_admin_new_user.go
index ffb03197b7..9b94950235 100644
--- a/services/mailer/mail_admin_new_user.go
+++ b/services/mailer/mail_admin_new_user.go
@@ -57,7 +57,7 @@ func mailNewUser(_ context.Context, u *user_model.User, lang string, tos []strin
 		"Subject":      subject,
 		"Body":         body,
 		"Language":     locale.Language(),
-		"Locale":       locale,
+		"locale":       locale,
 		"SanitizeHTML": templates.SanitizeHTML,
 	}
 
diff --git a/templates/mail/notify/admin_new_user.tmpl b/templates/mail/notify/admin_new_user.tmpl
index 655c7ce5c5..121fa9aa17 100644
--- a/templates/mail/notify/admin_new_user.tmpl
+++ b/templates/mail/notify/admin_new_user.tmpl
@@ -12,8 +12,8 @@
 
 <body>
 	<ul>
-		<h3>{{.Locale.Tr "mail.admin.new_user.user_info"}}: <a href="{{.NewUserUrl}}">@{{.NewUser.Name}}</a></h3>
-		<li>{{.Locale.Tr "admin.users.created"}}: {{DateTime "full" .NewUser.CreatedUnix}}</li>
+		<h3>{{.locale.Tr "mail.admin.new_user.user_info"}}: <a href="{{.NewUserUrl}}">@{{.NewUser.Name}}</a></h3>
+		<li>{{.locale.Tr "admin.users.created"}}: {{DateTime "full" .NewUser.CreatedUnix}}</li>
 	</ul>
 	<p> {{.Body | SanitizeHTML}} </p>
 </body>

From 0d97b8e9da86978baddf9cada4be420998eedb6a Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 14 Apr 2026 07:25:05 +0200
Subject: [PATCH 684/854] chore: don't load settings twice for running `web`
 (#12111)

- It's quite hard to determine when and why this was added here, my best
  guess is that this being the "oldest" subcommand at some point loading
  the configuration was not unified. Now it is unified in
  `prepareWorkPathAndCustomConf` which is run before any subcommand is
  run. It determines the work path, custom path and (custom) config and
  then loads the settings by calling `LoadCommonSettings`.
- Between `prepareWorkPathAndCustomConf` being called and
  `serveInstalled` being called the `setting.CustomConf` is not changed.
  There was a possibility this being necessary for install page ->
  installed, but the install code already ensures that the new config is
  loaded and used.
- Thus calling to load the settings again here is not necessary. There's
  a small possibility some settings loading code was written to only work
  after being loaded the second time. That's a bug that needs to be fixed,
  because all other subcommands does not load the settings twice and would
  see a different view of the settings in that case. I don't fear such
  code being present here.
- Resolves forgejo/forgejo#11024

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12111
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 cmd/web.go                 | 2 --
 modules/setting/setting.go | 2 +-
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/cmd/web.go b/cmd/web.go
index 683b19c82a..4a2a1de1fe 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -164,8 +164,6 @@ func serveInstall(_ context.Context, ctx *cli.Command) error {
 }
 
 func serveInstalled(_ context.Context, ctx *cli.Command) error {
-	setting.InitCfgProvider(setting.CustomConf)
-	setting.LoadCommonSettings()
 	setting.MustInstalled()
 
 	showWebStartupMessage("Prepare to run web server")
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index fac6e54fb1..44dad1fab1 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -119,8 +119,8 @@ func loadCommonSettingsFrom(cfg ConfigProvider) error {
 
 	mustCurrentRunUserMatch(cfg) // it depends on the SSH config, only non-builtin SSH server requires this check
 
-	loadOAuth2From(cfg)
 	loadSecurityFrom(cfg)
+	loadOAuth2From(cfg)
 	if err := loadAttachmentFrom(cfg); err != nil {
 		return err
 	}

From 179fbdb04e90a73f64e1910f8ca157fa6e1f678f Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 14 Apr 2026 17:18:14 +0200
Subject: [PATCH 685/854] fix: when reviewing in PRs, make comments relative to
 viewed base & head, not just viewed head (#12107)

While developing tests for #12092, I came across a case where making a comment on a single-commit doesn't include the correct diff for the comment.  This is because code comment placement occurs between the PR's base and the commit being viewed, but, that diff could be different from the commit's parent to the commit, which is what is being viewed on a single-commit diff.

Similar to #12055, this PR changes code comments to be more precise in their diff generation by providing the backend with both the base commit (`before_commit_id`) and head commit (`after_commit_id`) currently being viewed.  As a result, the diffs attached to comments should exactly match the diffs being viewed by the user when the comment was placed.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12107
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/issues/comment.go                     |  2 +-
 routers/api/v1/repo/pull_review.go           |  2 +
 routers/web/repo/pull.go                     |  6 +-
 routers/web/repo/pull_review.go              | 10 +++
 routers/web/repo/pull_review_test.go         |  2 +-
 services/forms/repo_form.go                  |  1 +
 services/mailer/incoming/incoming_handler.go |  1 +
 services/pull/review.go                      | 20 +++--
 templates/repo/diff/box.tmpl                 |  2 +-
 templates/repo/diff/comment_form.tmpl        |  1 +
 tests/integration/pull_review_test.go        | 81 +++++++++++++++++++-
 11 files changed, 116 insertions(+), 12 deletions(-)

diff --git a/models/issues/comment.go b/models/issues/comment.go
index b42cd8aa40..e0ea1e111d 100644
--- a/models/issues/comment.go
+++ b/models/issues/comment.go
@@ -798,7 +798,7 @@ func (c *Comment) ResolveCurrentLine(ctx context.Context, repo *repo_model.Repos
 				// instead, return a blame where CommitID != headCommitID, which will be an indicator to callers (for
 				// both resolution methods) that the line of code is outdated in the diff.
 				reverseBlame = &git.ReverseLineBlame{
-					CommitID:   c.CommitSHA, // not currentHead
+					CommitID:   "", // not currentHead
 					LineNumber: c.UnsignedLine(),
 					FilePath:   c.TreePath,
 				}
diff --git a/routers/api/v1/repo/pull_review.go b/routers/api/v1/repo/pull_review.go
index e478f93655..e28c1edafc 100644
--- a/routers/api/v1/repo/pull_review.go
+++ b/routers/api/v1/repo/pull_review.go
@@ -337,6 +337,7 @@ func CreatePullReviewComment(ctx *context.APIContext) {
 		pr.Issue,
 		opts.Body,
 		opts.Path,
+		pr.MergeBase,
 		review.CommitID,
 		line,
 		review.ID,
@@ -509,6 +510,7 @@ func CreatePullReview(ctx *context.APIContext) {
 			c.Path,
 			true, // pending review
 			0,    // no reply
+			pr.MergeBase,
 			opts.CommitID,
 			nil,
 		); err != nil {
diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go
index 4a8217c719..2c5c7f94f3 100644
--- a/routers/web/repo/pull.go
+++ b/routers/web/repo/pull.go
@@ -1027,7 +1027,11 @@ func viewPullFiles(ctx *context.Context, specifiedStartCommit, specifiedEndCommi
 		}
 
 		endCommitID = commitID
-		startCommitID = prInfo.MergeBase
+		if prevCommit != nil {
+			startCommitID = prevCommit.ID.String()
+		} else {
+			startCommitID = prInfo.MergeBase
+		}
 		ctx.Data["IsShowingAllCommits"] = false
 	} else if willShowSpecifiedCommitRange {
 		if len(specifiedEndCommit) > 0 {
diff --git a/routers/web/repo/pull_review.go b/routers/web/repo/pull_review.go
index c2e30770d3..401f100d84 100644
--- a/routers/web/repo/pull_review.go
+++ b/routers/web/repo/pull_review.go
@@ -53,6 +53,15 @@ func RenderNewCodeCommentForm(ctx *context.Context) {
 		}
 	}
 	ctx.Data["AfterCommitID"] = afterCommitID
+	beforeCommitID := ctx.FormString("before_commit_id")
+	if beforeCommitID == "" {
+		if err := issue.LoadPullRequest(ctx); err != nil {
+			ctx.ServerError("LoadPullRequest", err)
+			return
+		}
+		beforeCommitID = issue.PullRequest.MergeBase
+	}
+	ctx.Data["BeforeCommitID"] = beforeCommitID
 	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
 	upload.AddUploadContext(ctx, "comment")
 	ctx.HTML(http.StatusOK, tplNewComment)
@@ -112,6 +121,7 @@ func CreateCodeComment(ctx *context.Context) {
 		form.TreePath,
 		pendingReview,
 		form.Reply,
+		form.BeforeCommitID,
 		form.LatestCommitID,
 		attachments,
 	)
diff --git a/routers/web/repo/pull_review_test.go b/routers/web/repo/pull_review_test.go
index dd0fa7df29..c068f575dd 100644
--- a/routers/web/repo/pull_review_test.go
+++ b/routers/web/repo/pull_review_test.go
@@ -51,7 +51,7 @@ func TestRenderConversation(t *testing.T) {
 	var preparedComment *issues_model.Comment
 	run("prepare", func(t *testing.T, ctx *context.Context, resp *httptest.ResponseRecorder) {
 		comment, err := pull.CreateCodeComment(ctx, pr.Issue.Poster, ctx.Repo.GitRepo, pr.Issue,
-			1, "content", "", false, 0,
+			1, "content", "", false, 0, pr.MergeBase,
 			prHeadCommitID, nil)
 		require.NoError(t, err)
 
diff --git a/services/forms/repo_form.go b/services/forms/repo_form.go
index f9443b8b6c..d1a5b521f8 100644
--- a/services/forms/repo_form.go
+++ b/services/forms/repo_form.go
@@ -472,6 +472,7 @@ type CodeCommentForm struct {
 	TreePath       string `form:"path" binding:"Required"`
 	SingleReview   bool   `form:"single_review"`
 	Reply          int64  `form:"reply"`
+	BeforeCommitID string
 	LatestCommitID string
 	Files          []string
 }
diff --git a/services/mailer/incoming/incoming_handler.go b/services/mailer/incoming/incoming_handler.go
index e2a2852b07..6fdf00ca59 100644
--- a/services/mailer/incoming/incoming_handler.go
+++ b/services/mailer/incoming/incoming_handler.go
@@ -152,6 +152,7 @@ func (h *ReplyHandler) Handle(ctx context.Context, content *MailContent, doer *u
 				comment.TreePath,
 				false, // not pending review but a single review
 				comment.ReviewID,
+				issue.PullRequest.MergeBase,
 				afterCommitID,
 				attachmentIDs,
 			)
diff --git a/services/pull/review.go b/services/pull/review.go
index 9fc9862823..d8e04675ea 100644
--- a/services/pull/review.go
+++ b/services/pull/review.go
@@ -78,7 +78,10 @@ func InvalidateCodeComments(ctx context.Context, prs issues_model.PullRequestLis
 }
 
 // CreateCodeComment creates a comment on the code line
-func CreateCodeComment(ctx context.Context, doer *user_model.User, gitRepo *git.Repository, issue *issues_model.Issue, line int64, content, treePath string, pendingReview bool, replyReviewID int64, latestCommitID string, attachments []string) (*issues_model.Comment, error) {
+func CreateCodeComment(ctx context.Context, doer *user_model.User, gitRepo *git.Repository,
+	issue *issues_model.Issue, line int64, content, treePath string, pendingReview bool,
+	replyReviewID int64, beforeCommitID, latestCommitID string, attachments []string,
+) (*issues_model.Comment, error) {
 	var (
 		existsReview bool
 		err          error
@@ -109,6 +112,7 @@ func CreateCodeComment(ctx context.Context, doer *user_model.User, gitRepo *git.
 			issue,
 			content,
 			treePath,
+			beforeCommitID,
 			latestCommitID,
 			line,
 			replyReviewID,
@@ -151,6 +155,7 @@ func CreateCodeComment(ctx context.Context, doer *user_model.User, gitRepo *git.
 		issue,
 		content,
 		treePath,
+		beforeCommitID,
 		latestCommitID,
 		line,
 		review.ID,
@@ -173,7 +178,10 @@ func CreateCodeComment(ctx context.Context, doer *user_model.User, gitRepo *git.
 }
 
 // CreateCodeCommentKnownReviewID creates a plain code comment at the specified line / path
-func CreateCodeCommentKnownReviewID(ctx context.Context, doer *user_model.User, repo *repo_model.Repository, issue *issues_model.Issue, content, treePath, afterCommitID string, line, reviewID int64, attachments []string) (*issues_model.Comment, error) {
+func CreateCodeCommentKnownReviewID(ctx context.Context, doer *user_model.User, repo *repo_model.Repository,
+	issue *issues_model.Issue, content, treePath, beforeCommitID, afterCommitID string,
+	line, reviewID int64, attachments []string,
+) (*issues_model.Comment, error) {
 	var commitID, blamedCommitID, patch string
 	blamedLine := line
 	if err := issue.LoadPullRequest(ctx); err != nil {
@@ -237,9 +245,9 @@ func CreateCodeCommentKnownReviewID(ctx context.Context, doer *user_model.User,
 		// Commenting on a line that was removed. In this case, what we want to track in the comment is which line of
 		// code was this, in the last commit that the line of code actually existed in. We'll use a reverse git blame to
 		// identify this, from the PR base -> commit being viewed.
-		blame, err := gitRepo.ReverseLineBlame(pr.MergeBase, treePath, uint64(-1*line), afterCommitID)
+		blame, err := gitRepo.ReverseLineBlame(beforeCommitID, treePath, uint64(-1*line), afterCommitID)
 		if err != nil {
-			return nil, fmt.Errorf("ReverseLineBlame[%s, %s, %d, %s]: %w", pr.MergeBase, treePath, -1*line, afterCommitID, err)
+			return nil, fmt.Errorf("ReverseLineBlame[%s, %s, %d, %s]: %w", beforeCommitID, treePath, -1*line, afterCommitID, err)
 		} else if blame.CommitID == afterCommitID {
 			// Although this is a comment on the "previous" side of the diff, the reverse blame indicates that the line
 			// of code still exists in the commit being viewed (eg. it was a comment on a white line in the left-side of
@@ -277,8 +285,8 @@ func CreateCodeCommentKnownReviewID(ctx context.Context, doer *user_model.User,
 			_ = writer.Close()
 		}()
 		go func() {
-			if err := git.GetRepoRawDiffForFile(gitRepo, pr.MergeBase, commitID, git.RawDiffNormal, treePath, writer); err != nil {
-				_ = writer.CloseWithError(fmt.Errorf("GetRawDiffForLine[%s, %s, %s, %s]: %w", gitRepo.Path, pr.MergeBase, commitID, treePath, err))
+			if err := git.GetRepoRawDiffForFile(gitRepo, beforeCommitID, afterCommitID, git.RawDiffNormal, treePath, writer); err != nil {
+				_ = writer.CloseWithError(fmt.Errorf("GetRawDiffForLine[%s, %s, %s, %s]: %w", gitRepo.Path, pr.MergeBase, afterCommitID, treePath, err))
 				return
 			}
 			_ = writer.Close()
diff --git a/templates/repo/diff/box.tmpl b/templates/repo/diff/box.tmpl
index 5bd9a50b3b..7577ff0921 100644
--- a/templates/repo/diff/box.tmpl
+++ b/templates/repo/diff/box.tmpl
@@ -201,7 +201,7 @@
 										{{end}}
 									</div>
 								{{else}}
-									<table class="chroma" data-new-comment-url="{{$.Issue.Link}}/files/reviews/new_comment?after_commit_id={{$.AfterCommitID}}" data-path="{{$file.Name}}">
+									<table class="chroma" data-new-comment-url="{{$.Issue.Link}}/files/reviews/new_comment?before_commit_id={{$.BeforeCommitID}}&after_commit_id={{$.AfterCommitID}}" data-path="{{$file.Name}}">
 										{{if $.IsSplitStyle}}
 											{{template "repo/diff/section_split" dict "file" . "root" $}}
 										{{else}}
diff --git a/templates/repo/diff/comment_form.tmpl b/templates/repo/diff/comment_form.tmpl
index 922f3f3d73..7b64be71a0 100644
--- a/templates/repo/diff/comment_form.tmpl
+++ b/templates/repo/diff/comment_form.tmpl
@@ -1,6 +1,7 @@
 {{if and $.root.SignedUserID (not $.Repository.IsArchived)}}
 	<form class="ui form {{if $.hidden}}tw-hidden comment-form tw-mt-2{{end}}" action="{{$.root.Issue.Link}}/files/reviews/comments" method="post">
 		<input type="hidden" name="origin" value="{{if $.root.PageIsPullFiles}}diff{{else}}timeline{{end}}">
+		<input type="hidden" name="before_commit_id" value="{{$.root.BeforeCommitID}}">
 		<input type="hidden" name="latest_commit_id" value="{{$.root.AfterCommitID}}">
 		<input type="hidden" name="side" value="{{if $.Side}}{{$.Side}}{{end}}">
 		<input type="hidden" name="line" value="{{if $.Line}}{{$.Line}}{{end}}">
diff --git a/tests/integration/pull_review_test.go b/tests/integration/pull_review_test.go
index b91fdab6d4..8c7b302c68 100644
--- a/tests/integration/pull_review_test.go
+++ b/tests/integration/pull_review_test.go
@@ -1730,6 +1730,67 @@ func TestPullRequestCommentPlacement(t *testing.T) {
 				assert.True(t, commentReloaded.Invalidated)
 			}, 1*time.Second, 50*time.Millisecond)
 		})
+
+		t.Run("comment on removed line in specific commit adjusts to correct location", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			tester := newPullRequestCommentPlacementTester(t)
+
+			// 3 commits: modify line 50, remove line 50, remove some earlier lines
+			content := tester.fileContent
+			content = strings.Replace(content, "Line 50\n", "Line 50--modified\n", 1)
+			commit1 := tester.changeFile("file1.md", content)
+			t.Logf("commit1 = %q", commit1)
+			content = strings.Replace(content, "Line 50--modified\n", "", 1)
+			commit2 := tester.changeFile("file1.md", content)
+			t.Logf("commit2 = %q", commit2)
+			content = strings.Replace(content, "Line 1\nLine 2\nLine 3\nLine 4\nLine 5\nLine 6\nLine 7\nLine 8\nLine 9\nLine 10\n", "", 1)
+			commit3 := tester.changeFile("file1.md", content)
+			t.Logf("commit3 = %q", commit3)
+			tester.createPR()
+
+			comment := tester.commentOnPreviousFromSpecificCommit(commit2, "file1.md", 50)
+			assert.Equal(t, `diff --git a/file1.md b/file1.md
+--- a/file1.md
++++ b/file1.md
+@@ -47,7 +47,6 @@ Line 46
+ Line 47
+ Line 48
+ Line 49
+-Line 50--modified`, comment.PatchQuoted)
+			assert.Equal(t, "previous", comment.DiffSide())
+			assert.EqualValues(t, -50, comment.Line)
+			assert.Equal(t, commit1, comment.CommitSHA)
+
+			diff1 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowDelCode, code: "Line 50"},
+				{rowType: RowAddCode, code: "Line 50--modified"},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertCommitDiff(commit1, diff1, "checking commit1 contents in single-commit diff")
+
+			diff2 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowDelCode, code: "Line 50--modified"},
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertCommitDiff(commit2, diff2, "checking commit2 contents in single-commit diff")
+
+			diff3 := []diffTableRow{
+				{rowType: RowHasCode, code: "Line 49"},
+				{rowType: RowDelCode, code: "Line 50"},
+				// This is a small bug -- the comment was placed on the code "Line 50--modified" in commit1, which was
+				// later amended by commit2. This comment should be marked out-of-date and not appear here. But the
+				// comment's `ResolveCurrentLine` doesn't quite detect this case correctly -- as the comment's CommitSHA
+				// is commit1, it performs a diff commit1..PR-HEAD, not mergebase..PR-HEAD, and it believes that this
+				// line of code still exists because it exists in that diff range. It's a rare edge case that is defered
+				// for future repair.
+				{rowType: RowComment, commentID: comment.ID},
+				{rowType: RowHasCode, code: "Line 51"},
+			}
+			tester.assertFilesChangedDiff(diff3, "checking overall contents in full PR diff")
+		})
 	})
 }
 
@@ -1862,16 +1923,29 @@ func (tester *PullRequestCommentPlacementTester) commentOnPreviousFromFilesChang
 	return tester.commentFromNewCommentForm(resp, filename, line, "previous")
 }
 
+func (tester *PullRequestCommentPlacementTester) getCommitParent(commitID string) string {
+	repo, err := gitrepo.OpenRepository(tester.t.Context(), tester.repo)
+	require.NoError(tester.t, err)
+	defer repo.Close()
+	commit, err := repo.GetCommit(commitID)
+	require.NoError(tester.t, err)
+	require.Len(tester.t, commit.Parents, 1)
+	return commit.Parents[0].String()
+}
+
 func (tester *PullRequestCommentPlacementTester) commentFromSpecificCommit(commitID, filename string, line int) *issues_model.Comment {
+	beforeCommitID := tester.getCommitParent(commitID)
 	req := NewRequest(tester.t, "GET",
-		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/new_comment?after_commit_id=%s", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index, commitID))
+		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/new_comment?before_commit_id=%s&after_commit_id=%s", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index, beforeCommitID, commitID))
 	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
 	return tester.commentFromNewCommentForm(resp, filename, line, "proposed")
 }
 
 func (tester *PullRequestCommentPlacementTester) commentOnPreviousFromSpecificCommit(commitID, filename string, line int) *issues_model.Comment {
+	beforeCommitID := tester.getCommitParent(commitID)
+	tester.t.Logf("beforeCommitID(%q) = %q", commitID, beforeCommitID)
 	req := NewRequest(tester.t, "GET",
-		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/new_comment?after_commit_id=%s", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index, commitID))
+		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/new_comment?before_commit_id=%s&after_commit_id=%s", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index, beforeCommitID, commitID))
 	resp := tester.session.MakeRequest(tester.t, req, http.StatusOK)
 	return tester.commentFromNewCommentForm(resp, filename, line, "previous")
 }
@@ -1879,10 +1953,13 @@ func (tester *PullRequestCommentPlacementTester) commentOnPreviousFromSpecificCo
 func (tester *PullRequestCommentPlacementTester) commentFromNewCommentForm(resp *httptest.ResponseRecorder, filename string, line int, side string) *issues_model.Comment {
 	commentContent := uuid.New().String()
 	doc := NewHTMLParser(tester.t, resp.Body)
+	tester.t.Logf("doc.before = %q", doc.GetInputValueByName("before_commit_id"))
+	tester.t.Logf("doc.latest = %q", doc.GetInputValueByName("latest_commit_id"))
 	req := NewRequestWithValues(tester.t, "POST",
 		fmt.Sprintf("/%s/%s/pulls/%d/files/reviews/comments", tester.repo.OwnerName, tester.repo.Name, tester.pr.Index),
 		map[string]string{
 			"origin":           doc.GetInputValueByName("origin"),
+			"before_commit_id": doc.GetInputValueByName("before_commit_id"),
 			"latest_commit_id": doc.GetInputValueByName("latest_commit_id"),
 			"side":             side, // "proposed" (RHS) or "previous" (LHS)
 			"line":             strconv.Itoa(line),

From 1b6e12408702c81b1ad762be02f7b304d8d73161 Mon Sep 17 00:00:00 2001
From: viceice <michael.kriese@gmx.de>
Date: Tue, 14 Apr 2026 17:25:48 +0200
Subject: [PATCH 686/854] chore(renovate): disable updates on old stable
 branches (#12122)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12122
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: viceice <michael.kriese@gmx.de>
Co-committed-by: viceice <michael.kriese@gmx.de>
---
 .forgejo/renovate.json | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.forgejo/renovate.json b/.forgejo/renovate.json
index f3360b6647..ee6b7212ce 100644
--- a/.forgejo/renovate.json
+++ b/.forgejo/renovate.json
@@ -153,6 +153,12 @@
       "matchUpdateTypes": ["major"],
       "enabled": false
     },
+    {
+      "description": "Disable updates for old stable branches but still allow security updates",
+      "matchBaseBranches": ["v11.0/forgejo", "v14.0/forgejo"],
+      "matchUpdateTypes": ["minor", "patch", "digest"],
+      "enabled": false
+    },
     {
       "description": "Require approval for stable branches (must be last rule to override all others)",
       "matchBaseBranches": ["/^v\\d+\\.\\d+\\/forgejo$/"],

From 8cdfe1d57a020ec91995637eab40d2a2154c1569 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Tue, 14 Apr 2026 18:50:29 +0200
Subject: [PATCH 687/854] fix(ui): a few small runners UI fixes (#12115)

Followup to https://codeberg.org/forgejo/forgejo/pulls/11516

The string will be fixed in other languages though Weblate after this PR is merged

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12115
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 options/locale_next/locale_en-US.json      | 2 +-
 templates/shared/actions/runner_setup.tmpl | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 33efb50b75..5581806e80 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -576,7 +576,7 @@
 	"actions.runners.runner_setup.program_options_snippet_aria": "How to invoke forgejo-runner",
 	"actions.runners.runner_setup.instruction_replace_connection_name": "Replace the connection name (<code>forgejo</code> in the example) with a value of your liking.",
 	"actions.runners.runner_setup.heading_using_options": "Using program options",
-	"actions.runners.runner_setup.instruction_advanced_configurations": "For configuring Forgejo Runner running in containers or advanced configurations, see the <a href=\"https://TO-BE-REPLACED.COM\">documentation</a>.",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "For configuring Forgejo Runner running in containers or advanced configurations, see the <a href=\"%s\">documentation</a>.",
 	"actions.runners.none": "No runners available",
 	"actions.runners.reset_registration_token.token": "Registration Token (Deprecated)",
 	"actions.runners.reset_registration_token.button": "Reset registration token",
diff --git a/templates/shared/actions/runner_setup.tmpl b/templates/shared/actions/runner_setup.tmpl
index a24f63d536..35a96600ef 100644
--- a/templates/shared/actions/runner_setup.tmpl
+++ b/templates/shared/actions/runner_setup.tmpl
@@ -2,7 +2,7 @@
 	<h4 class="ui top attached header">
 		{{ctx.Locale.Tr "actions.runners.runner_setup.title" .Runner.Name}}
 		<div class="ui right">
-			<a class="ui secondary tiny button" href="{{.RunnersListLink}}" tabindex="0">
+			<a class="ui basic tiny button" href="{{.RunnersListLink}}" tabindex="0">
 				{{ctx.Locale.Tr "actions.runners.runner_setup.list_of_runners_link"}}
 			</a>
 		</div>
@@ -50,6 +50,6 @@ $ forgejo-runner daemon \
 	--token-url file:///path/to/runner-token \
 	--label docker:docker://node:lts
 </code></pre>
-		<p>{{ctx.Locale.Tr "actions.runners.runner_setup.instruction_advanced_configurations"}}</p>
+		<p>{{ctx.Locale.Tr "actions.runners.runner_setup.instruction_advanced_configurations" "https://forgejo.org/docs/latest/admin/actions/"}}</p>
 	</div>
 </div>

From 88a0551f544383a51425781e1795942f9045faa7 Mon Sep 17 00:00:00 2001
From: Codeberg Translate <translate@codeberg.org>
Date: Wed, 15 Apr 2026 16:24:17 +0000
Subject: [PATCH 688/854] i18n: update of translations from Codeberg Translate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Aindriú Mac Giolla Eoin <aindriu80@noreply.codeberg.org>
Co-authored-by: AshyPinguin <ashypinguin@noreply.codeberg.org>
Co-authored-by: Atalanttore <atalanttore@noreply.codeberg.org>
Co-authored-by: Benedikt Straub <benedikt-straub@web.de>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Co-authored-by: Coral Pink <coral.pink@disr.it>
Co-authored-by: Edgarsons <edgarsons@noreply.codeberg.org>
Co-authored-by: Fjuro <fjuro@noreply.codeberg.org>
Co-authored-by: Lzebulon <lzebulon@noreply.codeberg.org>
Co-authored-by: Shadow_Glider <shadow_glider@noreply.codeberg.org>
Co-authored-by: SomeTr <sometr@noreply.codeberg.org>
Co-authored-by: Vyxie <kitakita@disroot.org>
Co-authored-by: Wuzzy <wuzzy@disroot.org>
Co-authored-by: Zughy <zughy@noreply.codeberg.org>
Co-authored-by: alissonlauffer <alissonlauffer@noreply.codeberg.org>
Co-authored-by: artnay <artnay@noreply.codeberg.org>
Co-authored-by: augustd <augustd@noreply.codeberg.org>
Co-authored-by: bahrom04 <bahrom04@noreply.codeberg.org>
Co-authored-by: bittin <bittin@noreply.codeberg.org>
Co-authored-by: butterflyoffire <butterflyoffire@noreply.codeberg.org>
Co-authored-by: cirilla <cirilla@noreply.codeberg.org>
Co-authored-by: hanklank <hanklank@noreply.codeberg.org>
Co-authored-by: justbispo <justbispo@noreply.codeberg.org>
Co-authored-by: kwoot <kwoot@noreply.codeberg.org>
Co-authored-by: mahlzahn <mahlzahn@posteo.de>
Co-authored-by: michi-onl <michi-onl@noreply.codeberg.org>
Co-authored-by: mkljczk <mkljczk@noreply.codeberg.org>
Co-authored-by: ospalh <ospalh@noreply.codeberg.org>
Co-authored-by: pakus <pakus@noreply.codeberg.org>
Co-authored-by: pixelcode <pixelcode@noreply.codeberg.org>
Co-authored-by: vmtj <vmtj@noreply.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fil/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ga/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/it/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/kab/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/kw/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/lv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/mk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uz/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/eo/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fil/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ga/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/kab/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/kw/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/mk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pt_PT/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/sv/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/tok/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/zh_Hans/
Translation: Forgejo/forgejo
Translation: Forgejo/forgejo-next
---
 options/locale/locale_ca.ini          |   6 +-
 options/locale/locale_cs-CZ.ini       |   8 +-
 options/locale/locale_de-DE.ini       | 126 ++--
 options/locale/locale_eo.ini          |   5 +-
 options/locale/locale_fi-FI.ini       |   2 +-
 options/locale/locale_fil.ini         |   4 +-
 options/locale/locale_ga-IE.ini       | 803 +++++++++++++++++++--
 options/locale/locale_kab.ini         |  54 +-
 options/locale/locale_kw.ini          | 995 ++++++++++++++++++++++++++
 options/locale/locale_mk.ini          |  87 ++-
 options/locale/locale_pl-PL.ini       |   6 +-
 options/locale/locale_pt-BR.ini       |   4 +-
 options/locale/locale_pt-PT.ini       |   2 +-
 options/locale/locale_ru-RU.ini       |   2 +-
 options/locale/locale_sv-SE.ini       |  80 +--
 options/locale/locale_tok.ini         |  13 +-
 options/locale/locale_uk-UA.ini       |  32 +-
 options/locale/locale_zh-CN.ini       |  86 +--
 options/locale_next/locale_ca.json    | 109 ++-
 options/locale_next/locale_cs-CZ.json |  52 +-
 options/locale_next/locale_de-DE.json | 128 ++--
 options/locale_next/locale_fil.json   |  59 +-
 options/locale_next/locale_fr-FR.json |  31 +-
 options/locale_next/locale_ga.json    | 162 ++++-
 options/locale_next/locale_it-IT.json |  22 +-
 options/locale_next/locale_kab.json   |  30 +-
 options/locale_next/locale_kw.json    |   3 +
 options/locale_next/locale_lv-LV.json |  92 ++-
 options/locale_next/locale_mk.json    |   5 +-
 options/locale_next/locale_nds.json   |  46 +-
 options/locale_next/locale_nl-NL.json | 108 ++-
 options/locale_next/locale_pt-PT.json |  62 +-
 options/locale_next/locale_ru-RU.json |  44 +-
 options/locale_next/locale_sv-SE.json |  50 +-
 options/locale_next/locale_uk-UA.json |  52 +-
 options/locale_next/locale_uz.json    |  20 +-
 options/locale_next/locale_zh-CN.json |  35 +-
 37 files changed, 3037 insertions(+), 388 deletions(-)
 create mode 100644 options/locale/locale_kw.ini
 create mode 100644 options/locale_next/locale_kw.json

diff --git a/options/locale/locale_ca.ini b/options/locale/locale_ca.ini
index 4902188c7e..c18b662900 100644
--- a/options/locale/locale_ca.ini
+++ b/options/locale/locale_ca.ini
@@ -1,6 +1,6 @@
 [common]
 home = Inici
-dashboard = Panell de control
+dashboard = Tauler de control
 explore = Explorar
 help = Ajuda
 logo = Logotip
@@ -2586,6 +2586,7 @@ settings.lfs_pointers.found = S'ha trobat %d punters de blob - %d associats, %d
 settings.lfs_pointers.associateAccessible = Associar %d OIDs accessibles
 settings.matrix.access_token_helper = Es recomana muntar un compte de Matrix dedicat per això. El testimoni d'accés el podeu trobar al client web Element (en una pestanya privada/d'incògnit) > User menu (cantó superior esquerre) > All settings > Help & About > Advanced > Access Token (sota de l'URL del homeserver). Tanqueu la pestanya privada/d'incògnit (tancar la sessió invalidaria el testimoni).
 settings.matrix.room_id_helper = L'ID de sala el podeu trobar al client web Element > Room Settings > Advanced > Internal room ID. Per exemple: %s.
+diff.parent = pare
 
 [user]
 unblock = Desbloquejar
@@ -3121,7 +3122,7 @@ config.send_test_mail = Envia un correu de prova
 config.send_test_mail_submit = Envia
 config.test_mail_failed = No s'ha pogut enviar el correu de prova a "%s": %v
 config.test_mail_sent = S'ha enviat un correu de prova a "%s".
-config.cache_config = 
+config.cache_config =
 config.cache_adapter =Adaptador de la memòria cau
 config.cache_interval =Interval de la memòria cau
 config.cache_conn =Connexió de la memòria cau
@@ -3164,6 +3165,7 @@ auths.tip.github = Registra una aplicació OAuth nova a %s
 auths.tip.gitlab_new = Registra una aplicació nova a %s
 auths.tip.google_plus = Obté les credencials del client OAuth2 amb la consola del Google API a %s
 auths.tip.openid_connect = Usa l'URL d'OpenID Connect Discovery (<server>/.well-known/openid-configuration) per a especificar els endpoints
+dashboard.update_checker = Comprovador d'actualització
 
 [actions]
 variables = Variables
diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index 8272952312..ef5c1ff762 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -609,7 +609,7 @@ organization_leave_success=Úspěšně jste opustili organizaci %s.
 
 invalid_ssh_key=Nepodařilo se ověřit váš klíč SSH: %s
 invalid_gpg_key=Nepodařilo se ověřit váš klíč GPG: %s
-invalid_ssh_principal=Neplatný SSH Principal certifikát: %s
+invalid_ssh_principal=Neplatný principal: %s
 must_use_public_key=Zadaný klíč je soukromý klíč. Nenahrávejte svůj soukromý klíč nikde. Místo toho použijte váš veřejný klíč.
 unable_verify_ssh_key=Nepodařilo se ověřit klíč SSH, zkontrolujte, zda neobsahuje chyby.
 auth_failed=Ověření selhalo: %v
@@ -805,7 +805,7 @@ key_content_gpg_placeholder=Začíná s „-----BEGIN PGP PUBLIC KEY BLOCK-----
 add_new_principal=Přidat principal
 ssh_key_been_used=Tento klíč SSH byl na server již přidán.
 ssh_key_name_used=U vašeho účtu již existuje klíč SSH se stejným názvem.
-ssh_principal_been_used=Tento SSH Principal certifikát již byl přidán na server.
+ssh_principal_been_used=Tento principal již byl přidán na server.
 gpg_key_id_used=Veřejný klíč GPG se stejným ID již existuje.
 gpg_no_key_email_found=Tento klíč GPG neodpovídá žádné aktivované e-mailové adrese spojené s vaším účtem. Může být stále přidán, pokud podepíšete zadaný token.
 gpg_key_matched_identities=Odpovídající identity:
@@ -847,7 +847,7 @@ gpg_key_deletion_desc=Odstraněním klíče GPG zneplatníte ověření revizí,
 ssh_principal_deletion_desc=Odstranění SSH Principal certifikátu zruší jeho přístup k vašemu účtu. Pokračovat?
 ssh_key_deletion_success=Klíč SSH byl odstraněn.
 gpg_key_deletion_success=Klíč GPG byl odstraněn.
-ssh_principal_deletion_success=SSH Principal certifikát byl odstraněn.
+ssh_principal_deletion_success=Principal byl odstraněn.
 added_on=Přidáno %s
 valid_until_date=Platné do %s
 valid_forever=Platné navždy
@@ -857,7 +857,7 @@ can_read_info=Čtení
 can_write_info=Zápis
 key_state_desc=Tento klíč byl použit během posledních 7 dní
 token_state_desc=Tento token byl použit během posledních 7 dní
-principal_state_desc=Tento SSH Principal certifikát byl použit během posledních 7 dní
+principal_state_desc=Tento principal certifikát byl použit během posledních 7 dní
 show_openid=Zobrazit na profilu
 hide_openid=Odstranit z profilu
 ssh_disabled=SSH je zakázáno
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index 494d64a6f7..d777732c65 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -80,7 +80,7 @@ rerun_all=Alle Jobs neu starten
 save=Speichern
 add=Hinzufügen
 add_all=Alle hinzufügen
-remove=Löschen
+remove=Entfernen
 remove_all=Alle entfernen
 remove_label_str=Element „%s“ entfernen
 edit=Bearbeiten
@@ -100,7 +100,7 @@ copy_type_unsupported=Dieser Dateityp kann nicht kopiert werden
 
 write=Verfassen
 preview=Vorschau
-loading=Laden …
+loading=Wird geladen …
 
 error=Fehler
 error404=Die Seite, die du versuchst aufzurufen, <strong>existiert nicht</strong> oder <strong>wurde entfernt</strong>, oder <strong>du bist nicht berechtigt</strong>, diese anzusehen.
@@ -202,7 +202,7 @@ table_modal.label.columns = Spalten
 link_modal.header = Einen Link hinzufügen
 link_modal.url = URL
 link_modal.description = Beschreibung
-link_modal.paste_reminder = Hinweis: Wenn du einen URL in der Zwischenablage hast, kannst du durch Einfügen im Editor direkt einen Link erstellen.
+link_modal.paste_reminder = Hinweis: Wenn du eine URL in der Zwischenablage hast, kannst du durch Einfügen im Editor direkt einen Link erstellen.
 
 [filter]
 string.asc=A–Z
@@ -257,7 +257,7 @@ err_admin_name_is_invalid=Administratornutzername ist ungültig
 
 general_title=Allgemeine Einstellungen
 app_name=Instanztitel
-app_name_helper=Hier Ihren Instanznamen eingeben. Er wird auf jeder Seite angezeigt.
+app_name_helper=Gib hier den Instanznamen ein. Er wird auf jeder Seite angezeigt.
 repo_path=Repository-Verzeichnis
 repo_path_helper=Remote-Git-Repositorys werden in diesem Verzeichnis gespeichert.
 lfs_path=Git-LFS-Wurzelpfad
@@ -287,7 +287,7 @@ register_confirm=E-Mail-Bestätigung benötigt zum Registrieren
 mail_notify=E-Mail-Benachrichtigungen aktivieren
 server_service_title=Sonstige Server- und Drittserviceeinstellungen
 offline_mode=Offline-Modus aktivieren
-offline_mode.description=Drittanbieter-CDNs deaktivieren und alle Ressourcen lokal bereitstellen.
+offline_mode.description=Content Delivery Networks von Drittanbietern deaktivieren und alle Ressourcen lokal bereitstellen.
 disable_gravatar=Gravatar deaktivieren
 disable_gravatar.description=Gravatar und andere Drittanbieter-Avatar-Quellen deaktivieren. Ein Standardavatar wird verwendet, bis der Nutzer einen eigenen Avatar auf deren Instanz hochlädt.
 federated_avatar_lookup=Föderierte Profilbilder einschalten
@@ -332,7 +332,7 @@ no_reply_address=Versteckte E-Mail-Domain
 no_reply_address_helper=Domain-Name für Benutzer mit einer versteckten Emailadresse. Zum Beispiel wird der Benutzername „Joe“ in Git als „joe@noreply.example.org“ protokolliert, wenn die versteckte E-Mail-Domain „noreply.example.org“ festgelegt ist.
 password_algorithm=Passwort-Hashing-Algorithmus
 invalid_password_algorithm=Ungültiger Passwort-Hash-Algorithmus
-password_algorithm_helper=Lege einen Passwort-Hashing-Algorithmus fest. Algorithmen haben unterschiedliche Anforderungen und Stärken. Der argon2-Algorithmus ist ziemlich sicher, aber er verbraucht viel Speicher und kann für kleine Systeme ungeeignet sein.
+password_algorithm_helper=Lege einen Passwort-Hashing-Algorithmus fest. Algorithmen haben unterschiedliche Anforderungen und Stärken. Der Argon2-Algorithmus ist ziemlich sicher, aber er verbraucht viel Speicher und kann für kleine Systeme ungeeignet sein.
 enable_update_checker=Aktualisierungsprüfung aktivieren
 env_config_keys=Umgebungskonfiguration
 env_config_keys_prompt=Die folgenden Umgebungsvariablen werden auch auf Ihre Konfigurationsdatei angewendet:
@@ -385,10 +385,10 @@ remember_me=Dieses Gerät speichern
 forgot_password_title=Passwort vergessen
 forgot_password=Passwort vergessen?
 sign_up_successful=Konto wurde erfolgreich erstellt. Willkommen!
-confirmation_mail_sent_prompt=Eine neue Bestätigungs-E-Mail wurde an <b>%s</b> gesendet. Um den Registrierungsprozess abzuschließen, überprüfe bitte deinen Posteingang und folge dem angegebenen Link innerhalb von: %s. Falls die E-Mail inkorrekt sein sollte, kannst du dich einloggen und anfragen, eine weitere Bestätigungs-E-Mail an eine andere Adresse zu senden.
+confirmation_mail_sent_prompt=Eine neue Bestätigungs-E-Mail wurde an <b>%s</b> gesendet. Um den Registrierung abzuschließen, überprüfe bitte deinen Posteingang und folge dem angegebenen Link innerhalb von: %s. Falls die E-Mail inkorrekt sein sollte, kannst du dich einloggen und anfragen, eine weitere Bestätigungs-E-Mail an eine andere Adresse zu senden.
 must_change_password=Aktualisiere dein Passwort
 allow_password_change=Verlange vom Benutzer das Passwort zu ändern (empfohlen)
-reset_password_mail_sent_prompt=Eine Bestätigungs-E-Mail wurde an <b>%s</b> gesendet. Um den Kontowiederherstellungsprozess abzuschließen, überprüfe bitte deinen Posteingang und folge dem angegebenen Link innerhalb von %s.
+reset_password_mail_sent_prompt=Eine Bestätigungs-E-Mail wurde an <b>%s</b> gesendet. Um den Kontowiederherstellung abzuschließen, überprüfe bitte deinen Posteingang und folge dem angegebenen Link innerhalb von %s.
 active_your_account=Aktiviere dein Konto
 account_activated=Konto wurde aktiviert
 prohibit_login=Das Konto ist gesperrt
@@ -448,7 +448,7 @@ back_to_sign_in = Zurück zur Anmeldung
 sign_in_openid = Mit OpenID fortfahren
 hint_login = Hast du bereits ein Konto? <a href="%s">Jetzt anmelden!</a>
 hint_register = Brauchst du ein Konto? <a href="%s">Jetzt registrieren.</a>
-unauthorized_credentials = Die Zugangsdaten sind inkorrekt oder abgelaufen. Versuchen es erneut oder siehe %s für mehr Informationen
+unauthorized_credentials = Die Zugangsdaten sind inkorrekt oder abgelaufen. Versuche es erneut oder siehe %s für mehr Informationen
 use_onetime_code = Einen Einmal-Code benutzen
 
 [mail]
@@ -634,7 +634,7 @@ Biography = Biografie
 Website = Webseite
 Location = Ort
 To = Branchname
-AccessToken = Zugangstoken
+AccessToken = Zugriffstoken
 username_claiming_cooldown = Der Benutzername kann nicht beansprucht werden, weil seine Schutzzeit noch nicht vorbei ist. Er kann am %[1]s beansprucht werden.
 email_domain_is_not_allowed = Die Domain der E-Mail-Adresse des Benutzers <b>%s</b> steht in Konflikt mit EMAIL_DOMAIN_ALLOWLIST oder EMAIL_DOMAIN_BLOCKLIST. Bitte stelle sicher, dass du die E-Mail-Adresse richtig gesetzt hast.
 
@@ -664,10 +664,10 @@ form.name_pattern_not_allowed=Das Muster „%s“ ist nicht in einem Benutzernam
 form.name_chars_not_allowed=Benutzername „%s“ enthält ungültige Zeichen.
 block_user = Benutzer blockieren
 block_user.detail = Bitte beachte, dass die Blockierung eines Benutzers auch andere Auswirkungen hat, so wie:
-block_user.detail_2 = Dieser Benutzer wird nicht mehr nicht mit deinen Repositorys oder von dir erstellten Issues und Kommentaren interagieren können.
+block_user.detail_2 = Dieser Benutzer wird nicht mehr mit deinen Repositorys oder von dir erstellten Issues und Kommentaren interagieren können.
 block_user.detail_1 = Ihr werdet euch nicht mehr gegenseitig folgen und es auch nicht mehr können.
 block = Blockieren
-follow_blocked_user = Du kannst diesen Benutzer nicht folgen, weil du ihn blockiert hast, oder er dich blockiert hat.
+follow_blocked_user = Du kannst diesem Benutzer nicht folgen, weil du ihn blockiert hast oder er dich blockiert hat.
 block_user.detail_3 = Ihr werdet nicht mehr in der Lage sein, euch gegenseitig als Repository-Mitarbeiter hinzuzufügen.
 unblock = Nicht mehr blockieren
 followers_one = %d Follower
@@ -741,7 +741,7 @@ comment_type_group_issue_ref=Issue-Referenz
 saved_successfully=Die Einstellungen wurden erfolgreich gespeichert.
 privacy=Datenschutz
 keep_activity_private=Aktivität auf der Profilseite ausblenden
-lookup_avatar_by_mail=Profilbild anhand der E-Mail-Addresse suchen
+lookup_avatar_by_mail=Profilbild anhand der E-Mail-Adresse suchen
 enable_custom_avatar=Benutzerdefiniertes Profilbild verwenden
 choose_new_avatar=Neues Profilbild auswählen
 update_avatar=Profilbild aktualisieren
@@ -763,7 +763,7 @@ manage_emails=E-Mail-Adressen verwalten
 manage_themes=Standard-Theme
 manage_openid=OpenID-Adressen
 email_desc=Deine primäre E-Mail-Adresse wird für Benachrichtigungen, Passwort-Wiederherstellung und, sofern sie nicht versteckt ist, web-basierte Git-Operationen verwendet.
-theme_desc=Dieses Thema wird für die Weboberfläche verwendet, wenn du angemeldet bist.
+theme_desc=Dieses Theme wird für die Weboberfläche verwendet, wenn du angemeldet bist.
 primary=Primär
 activated=Aktiviert
 requires_activation=Erfordert Aktivierung
@@ -773,7 +773,7 @@ activations_pending=Aktivierung ausstehend
 can_not_add_email_activations_pending=Es gibt eine ausstehende Aktivierung, versuche es in ein paar Minuten erneut, wenn du eine neue E-Mail hinzufügen möchtest.
 delete_email=Löschen
 email_deletion=E-Mail-Adresse entfernen
-email_deletion_desc=Diese E-Mail-Adresse und die damit verbundenen Informationen werden von deinem Konto entfernt. Git-Commits von dieser E-Mail-Addresse bleiben unverändert. Fortfahren?
+email_deletion_desc=Diese E-Mail-Adresse und die damit verbundenen Informationen werden von deinem Konto entfernt. Git-Commits von dieser E-Mail-Adresse bleiben unverändert. Fortfahren?
 email_deletion_success=Die E-Mail-Adresse wurde entfernt.
 theme_update_success=Deine Theme-Auswahl wurde gespeichert.
 theme_update_error=Das ausgewählte Theme existiert nicht.
@@ -808,7 +808,7 @@ ssh_key_been_used=Dieser SSH-Schlüssel wird auf diesem Server bereits verwendet
 ssh_key_name_used=Ein gleichnamiger SSH-Key existiert bereits in deinem Account.
 ssh_principal_been_used=Diese Identität ist bereits auf dem Server vorhanden.
 gpg_key_id_used=Ein öffentlicher GPG-Schlüssel mit der gleichen ID existiert bereits.
-gpg_no_key_email_found=Dieser GPG-Schlüssel entspricht keiner mit deinem Konto verbundenen aktivierten E-Mail-Addresse. Er kann trotzdem hinzugefügt werden, wenn du den gegebenen Token signierst.
+gpg_no_key_email_found=Dieser GPG-Schlüssel entspricht keiner mit deinem Konto verbundenen aktivierten E-Mail-Adresse. Er kann trotzdem hinzugefügt werden, wenn du den gegebenen Token signierst.
 gpg_key_matched_identities=Passende Identitäten:
 gpg_key_matched_identities_long=Die eingebetteten Identitäten in diesem Schlüssel stimmen mit den folgenden aktivierten E-Mail-Adressen für diesen Benutzer überein. Commits, die mit diesen E-Mail-Addressen committed wurden, können mit diesem Schlüssel verifiziert werden.
 gpg_key_verified=Verifizierter Schlüssel
@@ -825,9 +825,9 @@ ssh_key_verified=Verifizierter Schlüssel
 ssh_key_verified_long=Der Schlüssel wurde mit einem Token verifiziert. Er kann verwendet werden, um Commits zu verifizieren, die mit irgendeiner für diesen Nutzer aktivierten E-Mail-Adresse und irgendeiner Identität dieses Schlüssels übereinstimmen.
 ssh_key_verify=Verifizieren
 ssh_invalid_token_signature=Der gegebene SSH-Schlüssel, Signatur oder Token stimmen nicht überein oder der Token ist veraltet.
-ssh_token_required=Sie müssen eine Signatur für das Token unten angeben
+ssh_token_required=Du musst eine Signatur für das folgende Token angeben
 ssh_token=Token
-ssh_token_help=Sie können eine Signatur wie folgt generieren:
+ssh_token_help=Du kannst eine Signatur wie folgt generieren:
 ssh_token_signature=SSH-Textsignatur (armored signature)
 key_signature_ssh_placeholder=Beginnt mit „-----BEGIN SSH SIGNATURE-----“
 verify_ssh_key_success=SSH-Schlüssel „%s“ wurde verifiziert.
@@ -864,7 +864,7 @@ hide_openid=Nicht im Profil anzeigen
 ssh_disabled=SSH ist deaktiviert
 ssh_signonly=SSH ist derzeit deaktiviert, sodass diese Schlüssel nur zur Commit-Signaturverifizierung verwendet werden.
 ssh_externally_managed=Dieser SSH-Schlüssel wird extern für diesen Benutzer verwaltet
-manage_access_token=Zugriffstokens
+manage_access_token=Zugriffstoken
 generate_new_token=Neuen Token erzeugen
 tokens_desc=Diese Tokens gewähren vollen Zugriff auf dein Konto via Forgejo-API.
 token_name=Token-Name
@@ -917,7 +917,7 @@ revoke_oauth2_grant=Autorisierung widerrufen
 revoke_oauth2_grant_description=Wenn du die Autorisierung widerrufst, kann die Anwendung nicht mehr auf deine Daten zugreifen. Bist du dir sicher?
 revoke_oauth2_grant_success=Zugriff erfolgreich widerrufen.
 
-twofa_desc=Um dein Konto gegen Passwortdiebstahl zu schützen, kannst du eine Smartphone oder ein anderes Gerät verwenden, um zeitbasierte Einmalpasswörter („TOTP“) zu erhalten.
+twofa_desc=Um dein Konto gegen Passwortdiebstahl zu schützen, kannst du ein Smartphone oder ein anderes Gerät verwenden, um zeitbasierte Einmalpasswörter („TOTP“) zu erhalten.
 twofa_is_enrolled=Für dein Konto ist die Zwei-Faktor-Authentifizierung <strong>eingeschaltet</strong>.
 twofa_not_enrolled=Für dein Konto ist die Zwei-Faktor-Authentifizierung momentan nicht eingeschaltet.
 twofa_disable=Zwei-Faktor-Authentifizierung deaktivieren
@@ -935,7 +935,7 @@ passcode_invalid=Die PIN ist falsch. Probiere es erneut.
 twofa_enrolled=Die Zwei-Faktor-Authentifizierung wurde für dein Konto aktiviert. Bewahre deinen einmalig verwendbaren Wiederherstellungsschlüssel (%s) an einem sicheren Ort auf, da er nicht wieder angezeigt werden wird.
 twofa_failed_get_secret=Fehler beim Abrufen des Geheimnisses.
 
-webauthn_desc=Sicherheitsschlüssel sind Geräte, die kryptografische Schlüssel beeinhalten. Diese können für die Zwei-Faktor-Authentifizierung verwendet werden. Der Sicherheitsschlüssel muss den Standard „<a rel="noreferrer" target="_blank" href="%s">WebAuthn</a>“ unterstützen.
+webauthn_desc=Sicherheitsschlüssel sind Geräte, die kryptografische Schlüssel beinhalten. Diese können für die Zwei-Faktor-Authentifizierung verwendet werden. Der Sicherheitsschlüssel muss den Standard „<a rel="noreferrer" target="_blank" href="%s">WebAuthn</a>“ unterstützen.
 webauthn_register_key=Sicherheitsschlüssel hinzufügen
 webauthn_nickname=Nickname
 webauthn_delete_key=Sicherheitsschlüssel entfernen
@@ -974,7 +974,7 @@ visibility.limited_tooltip=Nur für angemeldete Benutzer sichtbar
 visibility.private=Privat
 visibility.private_tooltip=Sichtbar nur für Mitglieder von Organisationen, denen du beigetreten bist
 user_block_success = Dieser Benutzer wurde erfolgreich blockiert.
-twofa_recovery_tip = Falls du dein Gerät verlierst, wirst du in der Lage sein, einen einmalig verwendbaren Wiederherstellungsschlüssel zu verwenden, um den auf dein Konto wiederherzustellen.
+twofa_recovery_tip = Falls du dein Gerät verlierst, kannst du einen einmalig verwendbaren Wiederherstellungsschlüssel benutzen, um den Zugriff auf dein Konto wiederherzustellen.
 webauthn_alternative_tip = Du möchtest vielleicht eine zusätzliche Authentifizierungsmethode einrichten.
 blocked_users_none = Keine Benutzer blockiert.
 webauthn_key_loss_warning = Falls du deine Sicherheitsschlüssel verlierst, wirst du Zugang zu deinem Konto verlieren.
@@ -990,7 +990,7 @@ additional_repo_units_hint_description = Einen „Mehr aktivieren“-Hinweis fü
 pronouns = Pronomen
 pronouns_unspecified = Nicht spezifiziert
 language.title = Standardsprache
-keep_activity_private.description = Deine <a href="%s">öffentliche Aktivität</a> wird nur für dich selbst und die Instanzadminstratoren sichtbar sein.
+keep_activity_private.description = Deine <a href="%s">öffentliche Aktivität</a> wird nur für dich selbst und die Instanzadministratoren sichtbar sein.
 language.localization_project = Hilf uns, Forgejo in deine Sprache zu übersetzen! <a href="%s">Mehr erfahren</a>.
 language.description = Diese Sprache wird in deinem Konto gespeichert und standardmäßig nach dem Anmelden benutzt.
 user_block_yourself = Du kannst dich nicht selbst blockieren.
@@ -1019,10 +1019,10 @@ quota.sizes.assets.attachments.all = Anhänge
 quota.sizes.assets.packages.all = Pakete
 quota.sizes.wiki = Wiki
 regenerate_token_success = Der Token wurde regeneriert. Anwendungen, die ihn benutzen, haben nicht länger Zugriff auf dein Konto und müssen mit dem neuen Token aktualisiert werden.
-access_token_regeneration = Zugangstoken regenerieren
-access_token_regeneration_desc = Einen Token zu regenerieren, wird den Zugriff auf dein Konto von Anwendungen, die ihn nutzen, zurückziehen. Dies kann nicht rückgängig gemacht werden. Fortsetzen?
-regenerate_token = Regenerieren
-ssh_token_help_ssh_agent = , oder, falls Sie einen SSH-Agenten benutzen (mit der Variable SSH_AUTH_SOCK gesetzt):
+access_token_regeneration = Zugriffstoken neu generieren
+access_token_regeneration_desc = Wenn du einen Token neu generierst, verlieren Anwendungen, die ihn nutzen, den Zugriff auf dein Konto. Dies kann nicht rückgängig gemacht werden. Fortfahren?
+regenerate_token = Neu generieren
+ssh_token_help_ssh_agent = , oder, falls du einen SSH-Agenten benutzt (mit der Variable SSH_AUTH_SOCK gesetzt):
 
 [repo]
 owner=Besitzer
@@ -1082,7 +1082,7 @@ mirror_address_desc=Gib alle erforderlichen Anmeldedaten im Abschnitt „Authent
 mirror_address_url_invalid=Die angegebene URL ist ungültig. Achte darauf, dass alle Komponenten der URL korrekt escapt wurden.
 mirror_address_protocol_invalid=Die angegebene URL ist ungültig. Nur Orte mit „http(s)://“ oder „git://“ können fürs Spiegeln benutzt werden.
 mirror_lfs=Großdatei-Speicher (LFS)
-mirror_lfs_desc=Spiegeln von LFS-Dateien aktivieren.
+mirror_lfs_desc=Spiegeln von LFS-Daten aktivieren.
 mirror_lfs_endpoint=LFS-Endpunkt
 mirror_lfs_endpoint_desc=Sync wird versuchen, die Klon-URL zu verwenden, um <a target="_blank" rel="noopener noreferrer" href="%s">den LFS-Server zu bestimmen</a>. Du kannst auch einen eigenen Endpunkt angeben, wenn die LFS-Dateien woanders gespeichert werden.
 mirror_last_synced=Zuletzt synchronisiert
@@ -1141,7 +1141,7 @@ template.invalid=Es muss ein Vorlagen-Repository ausgewählt werden
 archive.title=Dieses Repository ist archiviert. Du kannst Dateien ansehen und es klonen, kannst aber seinen Status nicht verändern, zum Beispiel nichts pushen, keine Issues eröffnen und keine Pull-Requests oder Kommentare erstellen.
 archive.title_date=Dieses Repository wurde am %s archiviert. Du kannst Dateien ansehen und es klonen, kannst aber seinen Status nicht verändern, zum Beispiel nichts pushen, und keine Issues eröffnen oder Pull-Requests oder Kommentare erstellen.
 form.reach_limit_of_creation_1=Du hast bereits dein Limit von %d Repository erreicht.
-form.reach_limit_of_creation_n=Du hast bereits dein Limit von %d Repositorys erreicht.
+form.reach_limit_of_creation_n=Der Besitzer hat bereits das Limit von %d Repositorys erreicht.
 form.name_reserved=Der Repository-Name „%s“ ist reserviert.
 form.name_pattern_not_allowed=Das Muster „%s“ ist in Repository-Namen nicht erlaubt.
 
@@ -1218,12 +1218,12 @@ commit=Commit
 release=Release
 releases=Releases
 tag=Tag
-released_this=hat releast
+released_this=hat es veröffentlicht
 file.title=%s an %s
 file_raw=Originalformat
 file_history=Verlauf
 file_view_source=Quelltext anzeigen
-file_view_rendered=Ansicht rendern
+file_view_rendered=Gerendert anzeigen
 file_view_raw=Originalformat anzeigen
 file_permalink=Permalink
 file_too_large=Die Datei ist zu groß zum Anzeigen.
@@ -1606,7 +1606,7 @@ issues.unlock_comment=hat diese Diskussion %s entsperrt
 issues.lock_confirm=Sperren
 issues.unlock_confirm=Entsperren
 issues.lock.notice_1=- Andere Nutzer können keine neuen Kommentare beisteuern.
-issues.lock.notice_2=– Du und andere Mitarbeiter mit Zugriff auf dieses Repository können weiterhin für andere sichtbare Kommentare hinterlassen.
+issues.lock.notice_2=- Du und andere Mitarbeiter mit Zugriff auf dieses Repository können weiterhin für andere sichtbare Kommentare hinterlassen.
 issues.lock.notice_3=- Du kannst die Diskussion jederzeit wieder entsperren.
 issues.unlock.notice_1=- Jeder wird wieder in der Lage sein, zu diesem Issue zu kommentieren.
 issues.unlock.notice_2=- Du kannst den Issue jederzeit wieder sperren.
@@ -1727,7 +1727,7 @@ pulls.compare_changes=Neuer Pull-Request
 pulls.allow_edits_from_maintainers=Änderungen von Maintainern erlauben
 pulls.allow_edits_from_maintainers_desc=Nutzer mit Schreibzugriff auf den Basisbranch können auch auf diesen Branch pushen
 pulls.allow_edits_from_maintainers_err=Aktualisieren fehlgeschlagen
-pulls.compare_changes_desc=Wähle den Zielbranch, in das zusammengeführt werden soll, und den Quellbranch, von dem gepullt werden soll, aus.
+pulls.compare_changes_desc=Wähle den Zielbranch, in den zusammengeführt werden soll, und den Quellbranch, von dem gepullt werden soll, aus.
 pulls.has_viewed_file=Gesehen
 pulls.has_changed_since_last_review=Seit deiner letzten Sichtung geändert
 pulls.viewed_files_label=%[1]d / %[2]d Dateien betrachtet
@@ -2069,7 +2069,7 @@ settings.pulls.default_allow_edits_from_maintainers=Änderungen von Maintainern
 settings.releases_desc=Repository-Releases aktivieren
 settings.packages_desc=Repository-Paket-Registry aktivieren
 settings.projects_desc=Repository-Projekte aktivieren
-settings.actions_desc=Aktiviere integrierte CI/CD-Pipelines mit Forgejo-Actions
+settings.actions_desc=Integrierte CI/CD-Pipelines mit Forgejo-Actions aktivieren
 settings.admin_settings=Administratoreinstellungen
 settings.admin_enable_health_check=Repository-Health-Checks aktivieren (git fsck)
 settings.admin_code_indexer=Code-Indexer
@@ -2174,7 +2174,7 @@ settings.githook_edit_desc=Wenn ein Hook nicht aktiv ist, wird der Standardinhal
 settings.githook_name=Hook-Name
 settings.githook_content=Hook-Inhalt
 settings.update_githook=Hook aktualisieren
-settings.add_webhook_desc=Forgejo sendet eine <code>POST</code>-Anfrage mit festgelegtem Content-Type an die Ziel-URL. Mehr Informationen findest du in der <a target="_blank" rel="noopener noreferrer" href="%s">Anleitung zu Webhooks (Englisch)</a>.
+settings.add_webhook_desc=Forgejo sendet eine <code>POST</code>-Anfrage mit festgelegtem Content-Type an die Ziel-URL. Mehr dazu in der <a target="_blank" rel="noopener noreferrer" href="%s">Anleitung zu Webhooks (auf Englisch)</a>.
 settings.payload_url=Ziel-URL
 settings.http_method=HTTP-Methode
 settings.content_type=POST-Content-Type
@@ -2334,7 +2334,7 @@ settings.protected_branch_deletion_desc=Wenn du den Branch-Schutz deaktivierst,
 settings.block_rejected_reviews=Zusammenführung bei abgelehnten Sichtungen blockieren
 settings.block_rejected_reviews_desc=Zusammenführen ist nicht möglich, wenn Änderungen durch offizielle Prüfer angefragt werden, auch wenn genügend Genehmigungen existieren.
 settings.block_on_official_review_requests=Merge bei offiziellen Sichtungsanfragen blockieren
-settings.block_on_official_review_requests_desc=Merge ist nicht möglich, wenn offizielle Sichtungsanfrangen vorliegen, selbst wenn genügend Genehmigungen existieren.
+settings.block_on_official_review_requests_desc=Merge ist nicht möglich, wenn offizielle Sichtungsanfragen vorliegen, selbst wenn genügend Genehmigungen existieren.
 settings.block_outdated_branch=Merge blockieren, wenn der Pull-Request veraltet ist
 settings.block_outdated_branch_desc=Merge ist nicht möglich, wenn der Head-Branch hinter dem Basis-Branch ist.
 settings.default_branch_desc=Wähle einen Standardbranch für Pull-Requests und Code-Commits:
@@ -2355,7 +2355,7 @@ settings.tags.protection.allowed.teams=Erlaubte Teams
 settings.tags.protection.allowed.noone=Niemand
 settings.tags.protection.create=Regel hinzufügen
 settings.tags.protection.none=Es gibt keine geschützten Tags.
-settings.tags.protection.pattern.description=Du kannst einen einzigen Namen oder ein globales Schema oder einen regulären Ausdruck verwenden, um mehrere Tags zu schützen. Mehr dazu im <a target="_blank" rel="noopener" href="%s">Guide für geschützte Tags (Englisch)</a>.
+settings.tags.protection.pattern.description=Du kannst einen einzigen Namen oder ein globales Schema oder einen regulären Ausdruck verwenden, um mehrere Tags zu schützen. Mehr dazu in der <a target="_blank" rel="noopener" href="%s">Anleitung für geschützte Tags (auf Englisch)</a>.
 settings.bot_token=Bot-Token
 settings.chat_id=Chat-ID
 settings.thread_id=Thread-ID
@@ -2368,8 +2368,8 @@ settings.archive.text=Durch das Archivieren wird ein Repo vollständig schreibge
 settings.archive.success=Das Repo wurde erfolgreich archiviert.
 settings.archive.error=Beim Versuch, das Repository zu archivieren, ist ein Fehler aufgetreten. Weitere Details finden sich im Log.
 settings.archive.error_ismirror=Du kannst kein gespiegeltes Repo archivieren.
-settings.archive.branchsettings_unavailable=Branch-Einstellungen sind nicht verfügbar in archivierten Repos.
-settings.archive.tagsettings_unavailable=Tag-Einstellungen sind nicht verfügbar in archivierten Repos.
+settings.archive.branchsettings_unavailable=In archivierten Repos sind Branch-Einstellungen nicht verfügbar.
+settings.archive.tagsettings_unavailable=In archivierten Repos sind Tag-Einstellungen nicht verfügbar.
 settings.unarchive.button=Archivierung zurücksetzen
 settings.unarchive.header=Archivierung dieses Repositorys zurücksetzen
 settings.unarchive.text=Durch das Aufheben der Archivierung kann das Repo wieder Commits und Pushes sowie neue Issues und Pull-Requests empfangen.
@@ -2537,7 +2537,7 @@ branch.included=Enthalten
 branch.create_new_branch=Branch aus Branch erstellen:
 branch.confirm_create_branch=Branch erstellen
 branch.warning_rename_default_branch=Du benennst den Standard-Branch um.
-branch.rename_branch_to=Umbenennung des Zweigs "%s".
+branch.rename_branch_to=Branch "%s" wird umbenannt.
 branch.create_branch_operation=Branch erstellen
 branch.new_branch=Neue Branch erstellen
 branch.new_branch_from=Neuen Branch von „%s“ erstellen
@@ -2574,7 +2574,7 @@ settings.add_collaborator_blocked_them = Der Mitarbeiter konnte nicht hinzugefü
 settings.wiki_rename_branch_main = Den Wiki-Branch-Namen normalisieren
 settings.enter_repo_name = Gib den Besitzer- und den Repository-Namen genau wie angezeigt ein:
 settings.wiki_branch_rename_success = Der Branch-Name des Repository-Wikis wurde erfolgreich normalisiert.
-settings.archive.mirrors_unavailable = Spiegel sind nicht verfügbar in archivierten Repos.
+settings.archive.mirrors_unavailable = In archivierten Repos sind Spiegel nicht verfügbar.
 pulls.blocked_by_user = Du kannst keinen Pull-Request in diesem Repository erstellen, weil du vom Repository-Besitzer blockiert wurdest.
 settings.add_collaborator_blocked_our = Der Mitarbeiter konnte nicht hinzugefügt werden, weil der Repository-Besitzer ihn blockiert hat.
 issues.blocked_by_user = Du kannst keine Issues in diesem Repository erstellen, weil du vom Repository-Besitzer blockiert wurdest.
@@ -2610,7 +2610,7 @@ settings.units.overview = Übersicht
 settings.wiki_rename_branch_main_notices_1 = Diese Aktion <strong>KANN NICHT</strong> rückgängig gemacht werden.
 settings.wiki_rename_branch_main_notices_2 = Dies wird den internen Branch des Repository-Wikis von %s permanent umbenennen. Existierende Checkouts müssen aktualisiert werden.
 settings.wiki_branch_rename_failure = Der Branch-Name des Repository-Wiki konnte nicht normalisiert werden.
-settings.confirm_wiki_branch_rename = Den Wiki-Branch umbenenennen
+settings.confirm_wiki_branch_rename = Den Wiki-Branch umbenennen
 activity.navbar.contributors = Mitwirkende
 contributors.contribution_type.deletions = Löschungen
 contributors.contribution_type.additions = Einfügungen
@@ -2641,7 +2641,7 @@ settings.add_webhook.invalid_path = Der Pfad darf kein „.“ oder „..“ enh
 settings.sourcehut_builds.manifest_path = Build-Manifest-Pfad
 settings.sourcehut_builds.visibility = Job-Sichtbarkeit
 settings.sourcehut_builds.secrets = Geheimnisse
-settings.sourcehut_builds.secrets_helper = Dem Job zugriff auf die Build-Geheimnisse geben (benötigt die SECRETS:RO-Berechtigung)
+settings.sourcehut_builds.secrets_helper = Dem Job Zugriff auf die Build-Geheimnisse geben (benötigt die SECRETS:RO-Berechtigung)
 settings.web_hook_name_sourcehut_builds = SourceHut-Builds
 settings.graphql_url = GraphQL-URL
 settings.matrix.room_id_helper = Die Raum-ID kann über den Element-Webclient ermittelt werden: Raumeinstellungen > erweitert > interne Raum-ID. Beispielsweise %s.
@@ -2662,8 +2662,8 @@ project = Projekte
 comments.edit.already_changed = Die Änderungen an diesem Kommentar können nicht gespeichert werden. Es scheint, als seien die Inhalte bereits durch einen anderen Benutzer verändert worden. Bitte die Seite neu laden und das Bearbeiten erneut versuchen, um dessen Änderungen nicht zu überschreiben
 issues.edit.already_changed = Die Änderungen an diesem Issue können nicht gespeichert werden. Es scheint, als seien die Inhalte bereits durch einen anderen Benutzer verändert worden. Bitte die Seite neu laden und das Bearbeiten erneut versuchen, um deren Änderungen nicht zu überschreiben
 pulls.edit.already_changed = Die Änderungen an diesem Pull-Request können nicht gespeichert werden. Es scheint, als seien die Inhalte bereits durch einen anderen Benutzer verändert worden. Bitte die Seite neu laden und das Bearbeiten erneut versuchen, um dessen Änderungen nicht zu überschreiben
-subscribe.pull.guest.tooltip = Anmelden, um diesen Pull-Request zu abbonieren.
-subscribe.issue.guest.tooltip = Anmelden, um dieses Issue zu abbonieren.
+subscribe.pull.guest.tooltip = Anmelden, um diesen Pull-Request zu abonnieren.
+subscribe.issue.guest.tooltip = Anmelden, um dieses Issue zu abonnieren.
 issues.author.tooltip.pr = Dieser Benutzer ist der Autor dieses Pull-Requests.
 issues.author.tooltip.issue = Dieser Benutzer ist der Autor dieses Issues.
 activity.commit = Commit-Aktivität
@@ -2676,8 +2676,8 @@ release.add_external_asset = Externes Asset hinzufügen
 release.invalid_external_url = Ungültige externe URL: „%s“
 activity.published_prerelease_label = Pre-Release
 activity.published_tag_label = Tag
-settings.pull_mirror_sync_quota_exceeded = Quota überschritten, Änderungen werden nicht gepullt.
-settings.transfer_quota_exceeded = Der neue Eigentümer (%s) hat die Quota überschritten. Das Repository wurde nicht übertragen.
+settings.pull_mirror_sync_quota_exceeded = Kontingent überschritten, Änderungen werden nicht gepullt.
+settings.transfer_quota_exceeded = Der neue Eigentümer (%s) hat das Kontingent überschritten. Das Repository wurde nicht übertragen.
 no_eol.text = Kein EOL
 no_eol.tooltip = Diese Datei enthält am Ende kein Zeilenende-Zeichen (EOL).
 pulls.cmd_instruction_merge_warning = <b>Achtung</b>: Die Einstellung „Autoerkennung von manuellen Zusammenführungen“ ist für dieses Repository nicht aktiviert. Du musst hinterher diesen Pull-Request als manuell zusammengeführt markieren.
@@ -2915,7 +2915,7 @@ dashboard.cron.error=Fehler in Cron: %s: %[3]s
 dashboard.cron.finished=Cron: %[1]s ist beendet
 dashboard.delete_inactive_accounts=Alle nicht aktivierten Konten löschen
 dashboard.delete_inactive_accounts.started=Löschen aller nicht aktivierten Account-Aufgabe gestartet.
-dashboard.delete_repo_archives=Lösche alle Repository-Archive (ZIP, TAR.GZ, etc.)
+dashboard.delete_repo_archives=Lösche alle Repository-Archive (ZIP, TAR.GZ usw.)
 dashboard.delete_repo_archives.started=Löschen aller Repository-Archive gestartet.
 dashboard.delete_missing_repos=Alle Repository-Datensätze mit verloren gegangenen Git-Dateien löschen
 dashboard.delete_missing_repos.started=Alle Repositorys löschen, die den Git-Dateien-Task nicht gestartet haben.
@@ -3158,8 +3158,8 @@ auths.oauth2_required_claim_value=Benötigter Claim-Wert
 auths.oauth2_required_claim_value_helper=Setze diesen Wert, damit Nutzer aus dieser Quelle sich nur anmelden dürfen, wenn sie einen Claim mit diesem Namen und Wert besitzen
 auths.oauth2_group_claim_name=Claim-Name, der Gruppennamen für diese Quelle angibt (optional).
 auths.oauth2_admin_group=Gruppen-Claim-Wert für Administratoren (optional – erfordert Claim-Namen oben).
-auths.oauth2_restricted_group=Gruppen-Claim-Wert für eingeschränkte User. (Optional – erfordert Claim-Namen oben)
-auths.oauth2_map_group_to_team=Gruppen aus OAuth-Claims den Organisationsteams zuordnen (optional – oben muss der Name des Claims angegeben werden).
+auths.oauth2_restricted_group=Gruppen-Claim-Wert für eingeschränkte Benutzer (optional – erfordert Claim-Namen oben).
+auths.oauth2_map_group_to_team=Gruppen aus OAuth-Claims den Organisationsteams zuordnen (optional – erfordert Claim-Namen oben).
 auths.oauth2_map_group_to_team_removal=Benutzer aus synchronisierten Teams entfernen, wenn der Benutzer nicht zur entsprechenden Gruppe gehört.
 auths.tips=Tipps
 auths.tips.oauth2.general=OAuth2-Authentifizierung
@@ -3176,13 +3176,13 @@ auths.tip.twitter=Gehe auf %s, erstelle eine Anwendung und stelle sicher, dass d
 auths.tip.discord=Registriere unter %s eine neue Anwendung
 auths.tip.gitea=Registriere eine neue OAuth2-Anwendung. Eine Anleitung findest du unter %s
 auths.tip.yandex=`Erstelle eine neue Anwendung auf %s. Wähle folgende Berechtigungen aus dem Abschnitt „Yandex.Passport API“: „Zugriff auf E-Mail-Adresse“, „Zugriff auf Benutzeravatar“ und „Zugriff auf Benutzername, Vor- und Nachname, Geschlecht“`
-auths.tip.mastodon=Gib eine benutzerdefinierte URL für die Mastodon-Instanz ein, mit der du dich authentifizieren möchtest (oder benutze die standardmäßige)
-auths.edit=Authentifikationsquelle bearbeiten
-auths.activated=Diese Authentifikationsquelle ist aktiviert
+auths.tip.mastodon=Gib eine benutzerdefinierte URL für die Mastodon-Instanz ein, mit der du dich authentifizieren möchtest (oder verwende die Standard-URL)
+auths.edit=Authentifizierungsquelle bearbeiten
+auths.activated=Diese Authentifizierungsquelle ist aktiviert
 auths.new_success=Die Authentifizierung „%s“ wurde hinzugefügt.
 auths.update_success=Diese Authentifizierungsquelle wurde aktualisiert.
 auths.update=Authentifizierungsquelle aktualisieren
-auths.delete=Authentifikationsquelle löschen
+auths.delete=Authentifizierungsquelle löschen
 auths.delete_auth_title=Authentifizierungsquelle löschen
 auths.delete_auth_desc=Das Löschen einer Authentifizierungsquelle verhindert, dass Benutzer sich darüber anmelden können. Fortfahren?
 auths.still_in_used=Diese Authentifizierungsquelle wird noch verwendet. Bearbeite oder lösche zuerst alle Benutzer, die diese Authentifizierungsquelle benutzen.
@@ -3202,7 +3202,7 @@ config.domain=Server-Domain
 config.offline_mode=Lokaler Modus
 config.disable_router_log=Router-Log deaktivieren
 config.run_user=Ausführen als
-config.run_mode=Laufzeit-Modus
+config.run_mode=Betriebsmodus
 config.git_version=Git-Version
 config.app_data_path=App-Datenpfad
 config.repo_root_path=Repository-Wurzelpfad
@@ -3238,7 +3238,7 @@ config.db_ssl_mode=SSL
 config.db_path=Verzeichnis
 
 config.service_config=Service-Konfiguration
-config.register_email_confirm=E-Mail-Bestätigung benötigt zum Registrieren
+config.register_email_confirm=E-Mail-Bestätigung zur Registrierung erforderlich
 config.disable_register=Selbstregistrierung deaktivieren
 config.allow_only_internal_registration=Registrierung nur über Forgejo selbst erlauben
 config.allow_only_external_registration=Registrierung nur über externe Dienste erlauben
@@ -3295,14 +3295,14 @@ config.cache_item_ttl=Cache-Item-TTL
 
 config.session_config=Session-Konfiguration
 config.session_provider=Session-Anbieter
-config.provider_config=Provider-Einstellungen
+config.provider_config=Anbieter-Einstellungen
 config.cookie_name=Cookie-Name
 config.gc_interval_time=GC-Intervall
 config.session_life_time=Session-Lebensdauer
 config.https_only=Nur HTTPS
 config.cookie_life_time=Cookie-Lebensdauer
 
-config.picture_config=Bild-und-Profilbild-Konfiguration
+config.picture_config=Bild- und Avatar-Konfiguration
 config.picture_service=Bilderdienst
 config.disable_gravatar=Gravatar deaktivieren
 config.enable_federated_avatar=Föderierte Profilbilder einschalten
@@ -3357,7 +3357,7 @@ monitor.queue.exemplar=Beispieltyp
 monitor.queue.numberworkers=Anzahl der Worker
 monitor.queue.activeworkers=Aktive Worker
 monitor.queue.maxnumberworkers=Maximale Anzahl der Worker
-monitor.queue.numberinqueue=Nummer in der Warteschlange
+monitor.queue.numberinqueue=Anzahl in der Warteschlange
 monitor.queue.review_add=Worker hinzufügen/prüfen
 monitor.queue.settings.title=Pool-Einstellungen
 monitor.queue.settings.desc=Pools wachsen dynamisch basierend auf der Blockierung der Arbeitswarteschlange.
@@ -3385,7 +3385,7 @@ notices.op=Aktion
 notices.delete_success=Diese Systemmeldung wurde gelöscht.
 self_check.database_fix_mysql = Für MySQL-/MariaDB-Benutzer: Du kannst den Befehl „forgejo doctor convert“ verwenden, um die Collation-Probleme zu lösen, oder du kannst das Problem mit „ALTER … COLLATE …“-SQLs manuell lösen.
 dashboard.sync_tag.started = Tag-Synchronisierung gestartet
-self_check.database_collation_case_insensitive = Datenbank benutzt eine Collation %s, welcher der Groß-/Kleinschreibung egal ist. Obwohl Forgejo damit arbeiten könnte, könnte es ein paar seltene Fälle geben, bei denen es nicht wie erwartet funktioniert.
+self_check.database_collation_case_insensitive = Die Datenbank verwendet die Collation %s, die nicht zwischen Groß- und Kleinschreibung unterscheidet. Forgejo kann damit arbeiten, es gibt aber seltene Fälle, in denen es nicht wie erwartet funktioniert.
 self_check = Selbstprüfung
 dashboard.sync_repo_tags = Tags aus Git-Daten zu Datenbank synchronisieren
 emails.change_email_text = Bist du dir sicher, dass du diese E-Mail-Addresse aktualisieren möchtest?
@@ -3401,7 +3401,7 @@ auths.tip.gitlab_new = Registriere eine neue Anwendung auf %s
 auths.default_domain_name = Standarddomainname, der für die E-Mail-Adresse benutzt wird
 config.app_slogan = Instanz-Slogan
 config.cache_test_failed = Konnte den Cache nicht untersuchen: %v.
-config.cache_test_succeeded = Cache-Test erfolgreich, eine Antwort erhalten in %s.
+config.cache_test_succeeded = Cache-Test erfolgreich, Antwort in %s erhalten.
 config.cache_test = Cache testen
 config.cache_test_slow = Cache-Test erfolgreich, aber die Antwort ist langsam: %s.
 users.block.description = Diesem Benutzer verbieten, durch sein Konto mit diesem Dienst zu interagieren, und ihn am Einloggen hindern.
@@ -3541,7 +3541,7 @@ workflow.dispatch.trigger_found = Dieser Workflow hat einen <c>workflow_dispatch
 workflow.dispatch.success = Ausführung des Workflows wurde erfolgreich angefragt.
 runs.expire_log_message = Logs wurden gelöscht, weil sie zu alt waren.
 runs.no_workflows.help_write_access = Keine Ahnung, wie man mit Forgejo Actions anfangen soll? Schau im <a target="_blank" rel="noopener noreferrer" href="%s">Schnellstart in der Benutzerdokumentation</a> vorbei, um deinen ersten Workflow zu schreiben, dann <a target="_blank" rel="noopener noreferrer" href="%s">setze einen Forgejo-Runner auf</a>, um deine Jobs auszuführen.
-runs.no_workflows.help_no_write_access = Um über Forgejo Actions zu lernen, siehe <a target="_blank" rel="noopener noreferrer" href="%s">die Dokumentation</a>.
+runs.no_workflows.help_no_write_access = Um mehr über Forgejo Actions zu erfahren, siehe <a target="_blank" rel="noopener noreferrer" href="%s">die Dokumentation</a>.
 variables.not_found = Die Variable wurde nicht gefunden.
 
 [projects]
@@ -3576,7 +3576,7 @@ branch_kind = Branches suchen …
 commit_kind = Commits suchen …
 runner_kind = Runner suchen …
 no_results = Keine passenden Ergebnisse gefunden.
-code_search_unavailable = Die Code-Suche ist momentan nicht verfügbar. Bitte kontaktiere den Webseitenadministrator.
+code_search_unavailable = Die Code-Suche ist momentan nicht verfügbar. Bitte kontaktiere den Instanz-Administrator.
 keyword_search_unavailable = Die Suche mittels Schlüsselwort ist momentan nicht verfügbar. Bitte kontaktiere den Webseitenadministrator.
 exact = Exakt
 exact_tooltip = Nur Ergebnisse einbinden, die auf den exakten Suchbegriff passen
diff --git a/options/locale/locale_eo.ini b/options/locale/locale_eo.ini
index 015c11c5b1..a6b3a57428 100644
--- a/options/locale/locale_eo.ini
+++ b/options/locale/locale_eo.ini
@@ -772,7 +772,7 @@ enable_custom_avatar = Uzi propran profilbildon
 change_password = Ŝanĝi pasvorton
 keep_pronouns_private = Montri pronomojn nur al la aŭtentikigitaj uzantoj
 keep_pronouns_private.description = Tio maskos viajn pronomojn kontraŭ neaŭtentikigitaj vizitantoj.
-add_new_principal = 
+add_new_principal =
 gpg_token_required = Vi devas disponigi signaturon por la malsupran ĵetono
 gpg_token = Ĵetono
 gpg_token_help = Vi povas generi signaturon uzante:
@@ -923,6 +923,9 @@ repo_name = Deponejonomo
 size_format = %[1]s: %[2]s; %[3]s: %[4]s
 template = Ŝablono
 template_select = Elektu ŝablonon
+editor.name_your_file = Nomu vian dosieron…
+editor.or = aŭ
+editor.add_tmpl.filename = dosiernomo
 
 [org]
 code = Fontkodo
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index c98bdebeea..b741795e1a 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -2586,7 +2586,7 @@ repo_updated=Päivitetty %s
 members=Jäsenet
 teams=Tiimit
 lower_members=jäsentä
-lower_repositories=tietovarastot
+lower_repositories=tietovarastoa
 create_new_team=Uusi tiimi
 create_team=Luo tiimi
 org_desc=Kuvaus
diff --git a/options/locale/locale_fil.ini b/options/locale/locale_fil.ini
index 8c8db3045e..e63c5f0307 100644
--- a/options/locale/locale_fil.ini
+++ b/options/locale/locale_fil.ini
@@ -832,7 +832,7 @@ generate_token_success = Nag-generate na ang iyong bagong token. Kopyahin ito ng
 delete_token = Burahin
 access_token_deletion = Burahin ang access token
 access_token_deletion_desc = Ang pagbura ng isang token ay babawiin ang pag-access sa iyong account para sa mga application gamit ito. Ang gawaing ito ay hindi pwedeng baguhin. Magpatuloy?
-repo_and_org_access = Access sa Repositoryo at Organisasyon
+repo_and_org_access = Access sa repositoryo at organisasyon
 permissions_public_only = Publiko lamang
 permissions_access_all = Lahat (publiko, pribado, at limitado)
 select_permissions = Pumili ng mga pahintulot
@@ -2453,7 +2453,7 @@ settings.chat_id = ID ng chat
 settings.matrix.message_type = Uri ng mensahe
 settings.tags.protection.allowed.noone = Walang sinuman
 settings.archive.header = I-archive ang repo na ito
-settings.archive.text = Ang pag-archive ng repo ay gagawin itong buo na read-only. Itatago ito sa dashboard. Walang tao (kahit ikaw rin!) ay makakagawa ng bagong commit, o magbukas ng mga isyu o hiling sa paghila.
+settings.archive.text = Gagawing read-only ang buong repositoryo ang pag-archive. Itatago ito sa dashboard. Hindi magagawa ng anumang tao (kahit ikaw rin!) ang paggawa ng mga bagong commit at makapagbukas ng mga isyu at hiling sa paghila. Inirerekomenda ang pagdokumento ng dahilan ng pagka-archive para bigyan ng tagubilin ang mga developer na nagpaplanong i-fork ang repositoryo sa lalong madaling panahon.
 settings.archive.error = May naganap na error habang sinusubukang i-archive ang repo. Tignan ang log para sa mga detalye.
 settings.archive.error_ismirror = Hindi ka makaka-archive ng naka-mirror na repo.
 settings.unarchive.button = I-unarchive ang repo
diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini
index 9f72c9b2f6..1b9135785b 100644
--- a/options/locale/locale_ga-IE.ini
+++ b/options/locale/locale_ga-IE.ini
@@ -96,7 +96,7 @@ copy_error = Theip ar an gcóipeáil
 copy_type_unsupported = Ní féidir an cineál comhaid seo a chóipeáil
 write = Scríobh
 preview = Réamhamharc
-loading = Á lódáil...
+loading = Á lódáil…
 error = Earráid
 error404 = Níl an leathanach atá tú <strong>ag iarraidh a bhaint amach ann</strong>, <strong>nó baineadh é</strong> nó <strong>níl údarú </strong>agat é a fheiceáil.
 go_back = Ar ais
@@ -190,7 +190,7 @@ buttons.bold.tooltip = Cuir téacs trom leis (Ctrl+B / ⌘B)
 buttons.italic.tooltip = Cuir téacs iodálach leis (Ctrl+I / ⌘I)
 buttons.quote.tooltip = Téacs luaigh
 buttons.code.tooltip = Cuir cód leis
-buttons.link.tooltip = Cuir nasc leis
+buttons.link.tooltip = Cuir nasc leis (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip = Cuir liosta piléar leis
 buttons.list.ordered.tooltip = Cuir liosta uimhrithe
 buttons.list.task.tooltip = Cuir liosta tascanna leis
@@ -261,7 +261,7 @@ repo_path = Cosán Fréimhe an Stór
 repo_path_helper = Sábhálfar stórais iargúlta Git chuig an eolaire seo.
 lfs_path = Cosán Fréamh Git LFS
 lfs_path_helper = Stórálfar comhaid a rianóidh Git LFS san eolaire seo. Fág folamh le díchumasú.
-domain = Fearann ​​Freastalaí
+domain = Fearann freastalaí
 domain_helper = Seoladh fearainn nó óstach don fhreastalaí.
 ssh_port = Port Freastalaí SSH
 app_url_helper = Seoladh bonn le haghaidh URLanna clóin HTTP(S) agus fógraí ríomhphoist.
@@ -305,11 +305,49 @@ invalid_log_root_path = Tá an cosán logála neamhbhailí:%v
 no_reply_address = Fearann Ríomhphoist Folaite
 password_algorithm = Algartam Hais Pasfhocal
 invalid_password_algorithm = Algartam hais pasfhocail neamhbhailí
-password_algorithm_helper = Socraigh an algartam hashing pasfhocal. Tá riachtanais agus neart éagsúla ag halgartaim. Tá an algartam argon2 sách slán ach úsáideann sé go leor cuimhne agus d'fhéadfadh sé a bheith míchuí do chórais bheaga.
+password_algorithm_helper = Socraigh an algartam haiseála pasfhocail. Bíonn riachtanais agus láidreachtaí difriúla ag halgartaim. Tá an algartam argon2 sách slán ach úsáideann sé go leor cuimhne agus d'fhéadfadh sé a bheith mí-oiriúnach do chórais bheaga.
 enable_update_checker = Cumasaigh Seiceoir Nuashonraithe
 env_config_keys = Cumraíocht Comhshaoil
 env_config_keys_prompt = Cuirfear na hathróga comhshaoil seo a leanas i bhfeidhm ar do chomhad cumraíochta freisin:
 docker_helper = Má ritheann tú Forgejo taobh istigh de Docker, léigh an <a target="_blank" rel="noopener noreferrer" href="%s">doiciméadú</a> le do thoil sula n-athraíonn tú aon socruithe.
+require_db_desc = Éilíonn Forgejo MySQL, PostgreSQL, SQLite3 nó TiDB (prótacal MySQL).
+sqlite_helper = Cosán comhaid don bhunachar sonraí SQLite3.<br>Cuir isteach cosán absalóideach má ritheann tú Forgejo mar sheirbhís.
+reinstall_error = Tá tú ag iarraidh suiteáil i mbunachar sonraí Forgejo atá ann cheana féin
+reinstall_confirm_message = Is féidir go leor fadhbanna a chruthú má athshuiteáiltear é le bunachar sonraí Forgejo atá ann cheana féin. I bhformhór na gcásanna, ba chóir duit d'"app.ini" atá ann cheana a úsáid chun Forgejo a rith. Má tá a fhios agat cad atá á dhéanamh agat, deimhnigh an méid seo a leanas:
+reinstall_confirm_check_3 = Deimhníonn tú go bhfuil tú cinnte go hiomlán go bhfuil an Forgejo seo ag rith leis an suíomh app.ini ceart agus go bhfuil tú cinnte go gcaithfidh tú athshuiteáil a dhéanamh. Deimhníonn tú go n-aithníonn tú na rioscaí thuas.
+app_name = Teideal an sampla
+app_name_helper = Cuir isteach ainm d’eiseamláire anseo. Taispeánfar é ar gach leathanach.
+app_slogan = Slogan samplach
+app_slogan_helper = Cuir isteach mana do shampla anseo. Fág folamh chun é a dhíchumasú.
+run_user = Úsáideoir le rith mar
+run_user_helper = Ainm úsáideora an chórais oibriúcháin a ritheann Forgejo mar úsáid. Tabhair faoi deara go gcaithfidh rochtain a bheith ag an úsáideoir seo ar chonair fréimhe an stórais.
+ssh_port_helper = Uimhir an phoirt a úsáidfidh an freastalaí SSH. Fág folamh chun an freastalaí SSH a dhíchumasú.
+http_port = Port éisteachta HTTP
+http_port_helper = Uimhir an phoirt a úsáidfidh freastalaí gréasáin Forgejo.
+app_url = Bun-URL
+smtp_from_helper = Seoladh ríomhphoist a úsáidfidh Forgejo. Cuir isteach seoladh ríomhphoist simplí nó bain úsáid as an bhformáid "Ainm" <email@example.com>.
+offline_mode.description = Díchumasaigh líonraí seachadta ábhair tríú páirtí agus freastalaigh na hacmhainní go léir go háitiúil.
+disable_gravatar.description = Díchumasaigh úsáid Gravatar nó foinsí avatar tríú páirtí eile. Úsáidfear íomhánna réamhshocraithe d’avatars úsáideoirí mura n-uaslódálann siad a n-avatar féin chuig an gcás.
+federated_avatar_lookup.description = Cuardaigh avatars ag baint úsáide as Libravatar.
+disable_registration.description = Ní bheidh ach riarthóirí samplaí in ann cuntais úsáideora nua a chruthú. Moltar go mór clárú a choinneáil díchumasaithe mura bhfuil sé ar intinn agat sampla poiblí a óstáil do gach duine agus má tá tú réidh le déileáil le líon mór cuntas turscair.
+allow_only_external_registration = Ceadaigh clárú trí sheirbhísí seachtracha amháin
+allow_only_external_registration.description = Ní bheidh úsáideoirí in ann cuntais nua a chruthú ach trí sheirbhísí seachtracha cumraithe a úsáid.
+openid_signin.description = Ceadaigh d’úsáideoirí síniú isteach trí OpenID.
+openid_signup.description = Ceadaigh d’úsáideoirí cuntais a chruthú trí OpenID má tá féinchlárú cumasaithe.
+enable_captcha.description = Éiligh ar úsáideoirí CAPTCHA a úsáid chun cuntais a chruthú.
+require_sign_in_view = Éilítear síniú isteach chun ábhar an sampla a fheiceáil
+require_sign_in_view.description = Teorainn a chur le rochtain ar ábhar d'úsáideoirí atá sínithe isteach. Ní bheidh aíonna in ann cuairt a thabhairt ach ar na leathanaigh fíordheimhnithe.
+default_keep_email_private.description = Cumasaigh seoladh ríomhphoist a cheilt d’úsáideoirí nua de réir réamhshocraithe ionas nach sceithfear an fhaisnéis seo díreach tar éis clárúcháin.
+default_allow_create_organization.description = Ceadaigh d’úsáideoirí nua eagraíochtaí a chruthú de réir réamhshocraithe. Nuair a bhíonn an rogha seo díchumasaithe, beidh ar riarthóir cead a thabhairt d’úsáideoirí nua eagraíochtaí a chruthú.
+default_enable_timetracking.description = Ceadaigh úsáid ghné rianaithe ama do stórtha nua de réir réamhshocraithe.
+admin_setting.description = Is rogha é cuntas riarthóra a chruthú. Beidh an chéad úsáideoir cláraithe ina riarthóir go huathoibríoch.
+config_location_hint = Sábhálfar na roghanna cumraíochta seo i:
+install_btn_confirm = Suiteáil Forgejo
+test_git_failed = Níorbh fhéidir an t-ordú "git" a thástáil: %v
+sqlite3_not_available = Ní thacaíonn an leagan seo de Forgejo le SQLite3. Íoslódáil an leagan dénártha oifigiúil ó %s (ní an leagan "gobuild").
+run_user_not_match = Ní hé an t-ainm úsáideora "úsáideoir le rith mar" an t-ainm úsáideora reatha: %s -> %s
+enable_update_checker_helper_forgejo = Déanfaidh sé seiceáil tréimhsiúil le haghaidh leaganacha nua de Forgejo trí thaifead DNS TXT a sheiceáil ag release.forgejo.org.
+no_reply_address_helper = Ainm fearainn d'úsáideoirí a bhfuil seoladh ríomhphoist i bhfolach acu. Mar shampla, logálfar an t-ainm úsáideora "joe" i Git mar "joe@noreply.example.org" má shocraítear an fearann ríomhphoist i bhfolach go "noreply.example.org".
 
 [home]
 uname_holder = Ainm Úsáideora nó Seoladh Ríomhphoist
@@ -328,6 +366,7 @@ show_both_private_public = Ag taispeáint poiblí agus príobháideach araon
 show_only_private = Ag taispeáint príobháideach amháin
 show_only_public = Ag taispeáint poiblí amháin
 issues.in_your_repos = I do stórais
+my_orgs = Eagraíochtaí
 
 [explore]
 repos = Stórais
@@ -342,7 +381,7 @@ relevant_repositories = Níl ach stórtha ábhartha á dtaispeáint, <a href="%s
 [auth]
 create_new_account = Cláraigh Cuntas
 disable_register_prompt = Tá clárú faoi dhíchumasú. Téigh i dteagmháil le do riarthóir suíomh.
-disable_register_mail = Tá deimhniú ríomhphoist le haghaidh clárú faoi dhíchum
+disable_register_mail = Tá deimhniú ríomhphoist le haghaidh clárúcháin díchumasaithe.
 manual_activation_only = Déan teagmháil le riarthóir do tsuímh chun gníomhachtú a chur i gcrích.
 remember_me = Cuimhnigh ar an nGléas seo
 forgot_password_title = Dearmad ar an bPasfhocal
@@ -384,7 +423,7 @@ openid_register_title = Cruthaigh cuntas nua
 openid_register_desc = Níl an URI OpenID roghnaithe ar eolas. Comhcheangail é le cuntas nua anseo.
 openid_signin_desc = Cuir isteach do URI OpenID. Mar shampla: alice.openid.example.org nó https://openid.example.org/alice.
 disable_forgot_password_mail = Tá aisghabháil cuntas díchumasaithe toisc nach bhfuil aon ríomhphost ar bun. Téigh i dteagmháil le do riarthóir suíomh.
-disable_forgot_password_mail_admin = Níl aisghabháil cuntas ar fáil ach amháin nuair a bhíonn ríomhphost ar bun. Bunaigh ríomhphost le do thoil chun aisghabháil cuntas a chumasú
+disable_forgot_password_mail_admin = Ní féidir cuntas a aisghabháil ach amháin nuair a bhíonn ríomhphost socraithe. Socraigh ríomhphost le go mbeidh tú in ann cuntas a aisghabháil.
 email_domain_blacklisted = Ní féidir leat clárú le do sheoladh ríomhphoist.
 authorize_application = Údaraigh an Feidhmchlár
 authorize_redirect_notice = Déanfar tú a atreorú chuig %s má údaraíonn tú an feidhmchlár seo.
@@ -396,6 +435,23 @@ password_pwned = Tá an pasfhocal a roghnaigh tú ar <a target="_blank" rel="noo
 password_pwned_err = Ní fhéadfaí iarratas a chomhlánú ar HaveIBeenPwned
 last_admin = Ní féidir leat an riarachán deireanach a bhaint. Caithfidh riarachán amháin ar a laghad a bheith ann.
 back_to_sign_in = Ar ais go Sínigh Isteach
+hint_login = An bhfuil cuntas agat cheana féin? <a href="%s">Sínigh isteach anois!</a>
+hint_register = An bhfuil cuntas uait? <a href="%s">Cláraigh anois.</a>
+sign_up_button = Cláraigh anois.
+confirmation_mail_sent_prompt = Tá ríomhphost deimhnithe nua seolta chuig <b>%s</b>. Chun an próiseas clárúcháin a chríochnú, seiceáil do bhosca isteach agus lean an nasc a cuireadh ar fáil laistigh den chéad %s eile. Mura bhfuil an ríomhphost ceart, is féidir leat logáil isteach agus ríomhphost deimhnithe eile a iarraidh chuig seoladh difriúil.
+reset_password_mail_sent_prompt = Tá ríomhphost deimhnithe seolta chuig <b>%s</b>. Chun an próiseas aisghabhála cuntais a chríochnú, seiceáil do bhosca isteach agus lean an nasc a chuirtear ar fáil laistigh den chéad %s eile.
+prohibit_login = Tá an cuntas ar fionraí
+prohibit_login_desc = Tá do chuntas curtha ar fionraí ó idirghníomhú leis an gcás. Téigh i dteagmháil le riarthóir an chás chun rochtain a fháil ar ais.
+change_unconfirmed_email_summary = Athraigh an seoladh ríomhphoist a seoltar ríomhphost gníomhachtaithe chuige.
+change_unconfirmed_email = Má thug tú an seoladh ríomhphoist mícheart le linn clárúcháin, is féidir leat é a athrú thíos, agus seolfar dearbhú chuig an seoladh nua ina ionad.
+change_unconfirmed_email_error = Ní féidir an seoladh ríomhphoist a athrú: %v
+send_reset_mail = Seol ríomhphost aisghabhála
+non_local_account = Ní féidir le húsáideoirí nach áitiúla iad a bpasfhocal a nuashonrú tríd an gcomhéadan gréasáin Forgejo.
+unauthorized_credentials = Tá na dintiúir mícheart nó imithe in éag. Déan iarracht d’ordú a athdhéanamh nó féach %s le haghaidh tuilleadh eolais
+use_onetime_code = Úsáid cód aonuaire
+oauth_signin_tab = Nasc le cuntas atá ann cheana féin
+authorize_application_description = Má dheonaíonn tú rochtain, beidh sé in ann rochtain a fháil ar fhaisnéis do chuntais go léir agus scríobh chuici, lena n-áirítear stórtha príobháideacha agus eagraíochtaí.
+sign_in_openid = Lean ar aghaidh le OpenID
 
 [mail]
 view_it_on = Féach air ar %s
@@ -439,6 +495,32 @@ team_invite.subject = Tá cuireadh tugtha agat ag %[1]s chun dul le heagraíocht
 team_invite.text_1 = Tá cuireadh tugtha ag %[1]s duit chun dul le foireann %[2]s in eagraíocht %[3]s.
 team_invite.text_2 = Cliceáil ar an nasc seo a leanas le do thoil chun dul isteach san fhoireann:
 team_invite.text_3 = Nóta: Bhí an cuireadh seo beartaithe do %[1]s. Mura raibh tú ag súil leis an gcuireadh seo, is féidir leat neamhaird a dhéanamh den ríomhphost seo.
+link_not_working_do_paste = Nach bhfuil an nasc ag obair? Bain triail as é a chóipeáil agus a ghreamú i mbarra URL do bhrabhsálaí.
+admin.new_user.subject = Úsáideoir nua %s díreach cláraithe
+admin.new_user.user_info = Faisnéis úsáideora
+admin.new_user.text = Le do thoil, <a href="%s">cliceáil anseo</a> chun an t-úsáideoir seo a bhainistiú ón bpainéal riaracháin.
+register_notify.text_2 = Is féidir leat síniú isteach i do chuntas ag baint úsáide as d'ainm úsáideora: %s
+register_notify.text_3 = Más duine eile a chruthaigh an cuntas seo duit, beidh ort <a href="%s">do phasfhocal a shocrú</a> ar dtús.
+reset_password.text = Más tusa a bhí ann, cliceáil an nasc seo a leanas le do chuntas a aisghabháil laistigh de <b>%s</b>:
+password_change.subject = Tá d’fhocal faire athraithe
+password_change.text_1 = Athraíodh pasfhocal do chuntais díreach anois.
+primary_mail_change.subject = Tá do phríomhphost athraithe
+primary_mail_change.text_1 = Athraíodh príomhsheoladh ríomhphoist do chuntais go %[1]s díreach anois. Ciallaíonn sé seo nach bhfaighidh an seoladh ríomhphoist seo fógraí ríomhphoist a thuilleadh chun do chuntas.
+totp_disabled.subject = Tá TOTP díchumasaithe
+totp_disabled.text_1 = Díchumasaíodh pasfhocal aonuaire bunaithe ar am (TOTP) ar do chuntas díreach anois.
+totp_disabled.no_2fa = Níl aon mhodhanna 2FA eile cumraithe a thuilleadh, rud a chiallaíonn nach gá logáil isteach i do chuntas le 2FA a thuilleadh.
+removed_security_key.subject = Baineadh eochair slándála
+removed_security_key.text_1 = Baineadh an eochair slándála "%[1]s" as do chuntas díreach anois.
+removed_security_key.no_2fa = Níl aon mhodhanna 2FA eile cumraithe a thuilleadh, rud a chiallaíonn nach gá logáil isteach i do chuntas le 2FA a thuilleadh.
+account_security_caution.text_1 = Más tusa a bhí ann, is féidir leat neamhaird a dhéanamh den ríomhphost seo go sábháilte.
+account_security_caution.text_2 = Mura tusa a bhí ann, tá do chuntas i mbaol. Téigh i dteagmháil le riarthóirí an tsuímh seo, le do thoil.
+totp_enrolled.subject = Tá TOTP gníomhachtaithe agat mar mhodh 2FA
+totp_enrolled.text_1.no_webauthn = Tá TOTP cumasaithe agat chun do chuntas díreach anois. Ciallaíonn sé seo go gcaithfidh tú TOTP a úsáid mar mhodh 2FA i ngach logáil isteach chuig do chuntas amach anseo.
+totp_enrolled.text_1.has_webauthn = Tá TOTP cumasaithe agat chun do chuntas díreach anois. Ciallaíonn sé seo, i gcás gach logáil isteach chuig do chuntas amach anseo, gur féidir leat TOTP a úsáid mar mhodh 2FA nó aon cheann de do chuid eochracha slándála a úsáid.
+repo.transfer.subject_to = Tá %s ag iarraidh stórlann "%s" a aistriú go %s
+repo.transfer.subject_to_you = Tá %s ag iarraidh stórlann "%s" a aistriú chugat
+repo.collaborator.added.subject = Chuir %s le %s thú mar chomhoibrí
+repo.collaborator.added.text = Cuireadh leis an stór thú mar chomhoibrí:
 
 [modal]
 yes = Tá
@@ -467,7 +549,7 @@ require_error = ` ní féidir a bheith folamh.`
 git_ref_name_error = ` caithfidh gur ainm tagartha Git dea-chruthaithe é.`
 size_error = ` ní mór méid %s.`
 min_size_error = ` ní mór go mbeadh carachtar %s ar a laghad ann.`
-max_size_error = caithfidh %s carachtar ar a mhéad a bheith ann.
+max_size_error = `ní mór %s carachtar ar a mhéad a bheith ann.`
 email_error = `ní seoladh ríomhphoist bailí é.`
 url_error = `ní URL bailí é "%s".`
 include_error = ` ní mór fotheaghrán a bheith ann "%s".`
@@ -518,6 +600,28 @@ must_use_public_key = Is eochair phríobháideach an eochair a sholáthraíonn t
 auth_failed = Theip ar fhíordheimhniú:%v
 target_branch_not_exist = Níl spriocbhrainse ann.
 admin_cannot_delete_self = Ní féidir leat tú féin a scriosadh nuair is riarachán tú. Bain do phribhléidí riaracháin ar dtús.
+FullName = Ainm iomlán
+Description = Cur síos
+Pronouns = Forainmneacha
+Biography = Beathaisnéis
+Website = Suíomh Gréasáin
+Location = Suíomh
+To = Ainm na brainse
+AccessToken = Comhartha rochtana
+alpha_dash_error = `Níor cheart ach carachtair alfa-uimhriúla, fleascáin ("-") agus fo-líne ("_") a bheith sa.`
+alpha_dash_dot_error = `Níor cheart ach carachtair alfa-uimhriúla, fleasc ("-"), fo-líne ("_") agus ponc (".") a bheith sa.`
+username_error = `Ní féidir ach carachtair alfa-uimhriúla ("0-9", "a-z", "A-Z"), fleasc ("-"), fo-líne ("_") agus ponc (".") a bheith ann. Ní féidir é a thosú ná a chríochnú le carachtair neamh-alfa-uimhriúla, agus tá cosc ar charachtair neamh-alfa-uimhriúla as a chéile ach an oiread.`
+username_error_no_dots = `Ní féidir ach carachtair alfa-uimhriúla ("0-9", "a-z", "A-Z"), fleasc ("-") agus fo-líne ("_") a bheith ann. Ní féidir é a thosú ná a chríochnú le carachtair neamh-alfa-uimhriúla, agus tá cosc ar charachtair neamh-alfa-uimhriúla as a chéile ach an oiread.`
+username_claiming_cooldown = Ní féidir an t-ainm úsáideora a éileamh, mar níl a thréimhse fuaraithe thart fós. Is féidir é a éileamh ar %[1]s.
+email_domain_is_not_allowed = Tá coimhlint idir fearann seoladh ríomhphoist an úsáideora <b>%s</b> agus EMAIL_DOMAIN_ALLOWLIST nó EMAIL_DOMAIN_BLOCKLIST. Cinntigh go bhfuil an seoladh ríomhphoist socraithe i gceart agat.
+last_org_owner = Ní féidir leat an t-úsáideoir deireanach a bhaint den fhoireann "úinéirí". Ní mór úinéir amháin ar a laghad a bheith ann d'eagraíocht.
+unable_verify_ssh_key = Ní féidir an eochair SSH a fhíorú, déan seiceáil dhúbailte uirthi le haghaidh earráidí.
+still_own_repo = Tá stór amháin nó níos mó i do chuntas, scrios nó aistrigh iad ar dtús.
+still_has_org = Is ball d'eagraíocht amháin nó níos mó do chuntas, fág iad ar dtús.
+still_own_packages = Tá pacáiste amháin nó níos mó i do chuntas, scrios iad ar dtús.
+org_still_own_repo = Tá stór amháin nó níos mó fós faoi úinéireacht na heagraíochta seo, scrios nó aistrigh iad ar dtús.
+org_still_own_packages = Tá pacáiste amháin nó níos mó fós ag an eagraíocht seo, scrios iad ar dtús.
+required_prefix = Ní mór an ionchur a thosú le "%s"
 
 [user]
 change_avatar = Athraigh do abhatár…
@@ -538,6 +642,28 @@ settings = Socruithe Úsáideora
 disabled_public_activity = Dhíchumasaigh an t-úsáideoir seo infheictheacht phoiblí na gníomhaíochta.
 form.name_reserved = Tá an t-ainm úsáideora "%s" in áirithe.
 form.name_pattern_not_allowed = Ní cheadaítear an patrún "%s" in ainm úsáideora.
+followers.title.one = Leantóir
+followers.title.few = Leantóirí
+following.title.one = Ag leanúint
+following.title.few = Ag leanúint
+followers_one = %d leantóir
+followers_few = %d leantóirí
+following_one = %d ag leanúint
+following_few = %d ag leanúint
+block_user = Úsáideoir blocáilte
+block_user.detail = Tabhair faoi deara go bhfuil éifeachtaí eile ag baint le húsáideoir a bhlocáil, amhail:
+block_user.detail_1 = Scoirfidh sibh de bheith ag leanúint a chéile agus ní bheidh sibh in ann leanúint a chéile.
+block_user.detail_2 = Ní bheidh an t-úsáideoir seo in ann idirghníomhú leis na stórtha atá i do sheilbh, ná leis na saincheisteanna agus na tuairimí atá cruthaithe agat.
+block_user.detail_3 = Ní bheidh sibh in ann a chéile a chur leis mar chomhoibritheoirí stóir.
+follow_blocked_user = Ní féidir leat an t-úsáideoir seo a leanúint mar gur chuir tú bac air nó mar gur chuir an t-úsáideoir seo bac ort.
+block = Bloc
+unblock = Díbhlocáil
+public_activity.visibility_hint.self_public = Tá do ghníomhaíocht le feiceáil ag gach duine, seachas idirghníomhaíochtaí i spásanna príobháideacha. <a href="%s">Cumraigh</a>.
+public_activity.visibility_hint.admin_public = Tá an ghníomhaíocht seo le feiceáil ag gach duine, ach mar riarthóir is féidir leat idirghníomhaíochtaí i spásanna príobháideacha a fheiceáil freisin.
+public_activity.visibility_hint.self_private = Ní féidir ach leatsa agus le riarthóirí an cháis do ghníomhaíocht a fheiceáil. <a href="%s">Cumraigh</a>.
+public_activity.visibility_hint.admin_private = Tá an ghníomhaíocht seo le feiceáil agat mar is riarthóir thú, ach ba mhaith leis an úsáideoir go bhfanfadh sí príobháideach.
+public_activity.visibility_hint.self_private_profile = Ní féidir ach leatsa agus le riarthóirí an cháis do ghníomhaíocht a fheiceáil mar go bhfuil do phróifíl príobháideach. <a href="%s">Cumraigh</a>.
+form.name_chars_not_allowed = Tá carachtair neamhbhailí san ainm úsáideora "%s".
 
 [settings]
 profile = Próifíl
@@ -565,13 +691,13 @@ update_language_success = Tá an teanga nuashonraithe.
 update_profile_success = Nuashonraíodh do phróifíl.
 change_username = Tá d'ainm úsáideora athraithe.
 change_username_prompt = Nóta: Athraíonn athrú d'ainm úsáideora URL do chuntais freisin.
-change_username_redirect_prompt = Athreoróidh an sean-ainm úsáideora go dtí go n-éilíonn duine é
+change_username_redirect_prompt = Déanfar an seanainm úsáideora a atreorú go dtí go n-éileoidh duine éigin é.
 continue = Lean ar aghaidh
 cancel = Cealaigh
 language = Teanga
 ui = Téama
 hidden_comment_types = Cineálacha tráchtaireachta ceilte
-hidden_comment_types.ref_tooltip = Tuairimí ina dtagraíodh an tsaincheist seo ó shaincheiste/coiste eile...
+hidden_comment_types.ref_tooltip = Tráchtanna inar tagraíodh don cheist seo ó cheist/tiomantas/… eile
 hidden_comment_types.issue_ref_tooltip = Tuairimí ina n-athraíonn an t-úsáideoir an brainse/clib a bhaineann leis an tsaincheist
 comment_type_group_reference = Tagairt
 comment_type_group_label = Lipéad
@@ -603,7 +729,7 @@ new_password = Pasfhocal Nua
 retype_new_password = Deimhnigh Pasfhocal Nua
 password_incorrect = Tá an pasfhocal reatha mícheart.
 manage_emails = Bainistigh Seoltaí Ríomhphoist
-email_desc = Úsáidfear do phríomhsheoladh ríomhphoist le haghaidh fógraí, aisghabháil pasfhocal agus, ar choinníoll nach bhfuil sé i bhfolach, oibríochtaí Git bunaithe ar an ngréas
+email_desc = Úsáidfear do phríomhsheoladh ríomhphoist le haghaidh fógraí, aisghabháil pasfhocail agus, ar choinníoll nach bhfuil sé i bhfolach, oibríochtaí Git gréasánbhunaithe.
 primary = Príomhúil
 activated = Gníomhachtaithe
 requires_activation = Éilíonn gníomhachtú
@@ -613,7 +739,7 @@ activations_pending = Gníomhartha ar Feitheamh
 can_not_add_email_activations_pending = Tá gníomhachtú ar feitheamh, déan iarracht arís i gceann cúpla nóiméad más mian leat ríomhphost nua a chur leis.
 delete_email = Bain
 email_deletion = Bain Seoladh R-phoist
-email_deletion_desc = Bainfear an seoladh ríomhphoist agus an fhaisnéis ghaolmhar as do chuntas. Ní bheidh na tiomáintí Git a bhaineann leis an seoladh ríomhphoist seo athraithe. Lean ar aghaidh?
+email_deletion_desc = Bainfear an seoladh ríomhphoist seo agus faisnéis ghaolmhar as do chuntas. Fanfaidh na gealltanais Git ón seoladh ríomhphoist seo gan athrú. Ar mhaith leat leanúint ar aghaidh?
 email_deletion_success = Tá an seoladh ríomhphoist bainte.
 theme_update_success = Nuashonraíodh do théama.
 theme_update_error = Níl an téama roghnaithe ann.
@@ -695,12 +821,12 @@ generate_new_token = Gin Comhartha Nua
 token_name = Ainm Comhartha
 generate_token = Gin Comhartha
 generate_token_success = Gintear do chomhartha nua. Cóipeáil é anois mar ní thaispeánfar é arís.
-generate_token_name_duplicate = <strong>Úsáideadh %s</strong> mar ainm feidhmchláir cheana féin. Úsáid ceann nua le do thoil.
+generate_token_name_duplicate = Tá <strong>%s</strong> in úsáid mar ainm feidhmchláir cheana féin. Bain úsáid as ceann nua le do thoil.
 delete_token = Scrios
 access_token_deletion = Scrios Comhartha Rochtana
 access_token_deletion_desc = Cúlghairfear rochtain ar do chuntas le haghaidh feidhmchláir a úsáideann é a scriosadh comhartha. Ní féidir é seo a chur ar ais. Lean ar aghaidh?
 delete_token_success = Tá an comhartha scriosta. Níl rochtain ag iarratais a úsáideann é ar do chuntas a thuilleadh.
-repo_and_org_access = Rochtain Stórála agus Eagraíochta
+repo_and_org_access = Rochtain ar stórtha agus ar eagraíochta
 permissions_public_only = Poiblí amháin
 permissions_access_all = Gach (poiblí, príobháideach agus teoranta)
 select_permissions = Roghnaigh ceadanna
@@ -753,7 +879,7 @@ then_enter_passcode = Agus cuir isteach an paschód a léirítear san fheidhmchl
 passcode_invalid = Tá an pascód mícheart. Bain triail as arís.
 twofa_enrolled = Tá do chuntas cláraithe go rathúil. Stóráil d'eochair aisghabhála aonúsáide (%s) in áit shábháilte, mar ní thaispeánfar é arís.
 twofa_failed_get_secret = Theip ar rún a fháil.
-webauthn_desc = Is feistí crua-earraí iad eochracha slándála ina bhfuil eochracha cripte Is féidir iad a úsáid le haghaidh fíordheimhniú dhá fhachtóir. Caithfidh eochracha slándála tacú le caigh <a rel="noreferrer" target="_blank" href="%s">deán Fíordheimhnithe WebAuthn</a>
+webauthn_desc = Is gléasanna crua-earraí iad eochracha slándála ina bhfuil eochracha cripteagrafacha. Is féidir iad a úsáid le haghaidh fíordheimhniú dhá fhachtóir. Ní mór d'eochracha slándála tacú leis an gcaighdeán <a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a>.
 webauthn_register_key = Cuir Eochair Slándála
 webauthn_nickname = Leasainm
 webauthn_delete_key = Bain Eochair Slándála
@@ -783,6 +909,88 @@ visibility.public_tooltip = Infheicthe do gach duine
 visibility.limited = Teoranta
 visibility.private = Príobháideach
 visibility.private_tooltip = Ní fheictear ach do bhaill d'eagraíochtaí a chuaigh tú isteach
+orgs = Eagraíochtaí
+blocked_users = Úsáideoirí blocáilte
+storage_overview = Forbhreathnú ar stóráil
+quota = Cuóta
+biography_placeholder = Inis beagán do dhaoine eile fút féin! (Tacaítear le Markdown)
+profile_desc = Fút féin
+password_username_disabled = Ní cheadaítear d’úsáideoirí nach úsáideoirí áitiúla iad a n-ainm úsáideora a athrú. Téigh i dteagmháil le riarthóir do shuíomh le haghaidh tuilleadh sonraí.
+pronouns = Forainmneacha
+pronouns_unspecified = Gan sonrú
+update_theme = Athraigh téama
+update_language = Athraigh teanga
+change_username_redirect_prompt.with_cooldown.one = Beidh an seanainm úsáideora ar fáil do gach duine tar éis tréimhse fuaraithe %[1]d lá. Is féidir leat an seanainm úsáideora a éileamh ar ais fós le linn na tréimhse fuaraithe.
+change_username_redirect_prompt.with_cooldown.few = Beidh an seanainm úsáideora ar fáil do gach duine tar éis tréimhse fuaraithe %[1]d lá. Is féidir leat an seanainm úsáideora a éileamh ar ais fós le linn na tréimhse fuaraithe.
+language.title = Teanga réamhshocraithe
+language.description = Sábhálfar an teanga seo chuig do chuntas agus úsáidfear í mar an teanga réamhshocraithe tar éis duit logáil isteach.
+language.localization_project = Cabhraigh linn Forgejo a aistriú go do theanga féin! <a href="%s">Foghlaim tuilleadh</a>.
+hints = Leideanna
+additional_repo_units_hint = Moltar aonaid stórtha breise a chumasú
+additional_repo_units_hint_description = Taispeáin leid "Cumasaigh níos mó" do stórtha nach bhfuil na haonaid uile atá ar fáil cumasaithe iontu.
+update_hints = Leideanna nuashonraithe
+update_hints_success = Tá na leideanna nuashonraithe.
+hidden_comment_types_description = Ní thaispeánfar cineálacha tráchta atá seiceáilte anseo laistigh de leathanaigh eagráin. Má sheiceálann tú "Lipéad", mar shampla, baintear na tráchtanna uile a dúirt "<user> chuir <label> leis/bhain sé".
+keep_activity_private.description = Ní bheidh do <a href="%s">ghníomhaíocht phoiblí</a> le feiceáil ach agatsa agus ag riarthóirí an cháis.
+lookup_avatar_by_mail = Cuardaigh abhatár de réir seoladh ríomhphoist
+change_password = Athraigh an focal faire
+update_password = Nuashonraigh an focal faire
+change_password_success = Tá do phasfhocal nuashonraithe. As seo amach, bain úsáid as do phasfhocal nua chun síniú isteach.
+password_change_disabled = Ní féidir le húsáideoirí nach áitiúla iad a bpasfhocal a nuashonrú tríd an gcomhéadan gréasáin Forgejo.
+manage_themes = Téama réamhshocraithe
+manage_openid = Seoltaí OpenID
+theme_desc = Úsáidfear an téama seo don chomhéadan gréasáin nuair a bheidh tú logáilte isteach.
+add_new_email = Cuir seoladh ríomhphoist leis
+add_email_confirmation_sent = Tá ríomhphost deimhnithe seolta chuig "%s". Chun do sheoladh ríomhphoist a dheimhniú, seiceáil do bhosca isteach agus lean an nasc a chuirtear ar fáil laistigh den chéad %s eile.
+keep_email_private_popup = Ní thaispeánfar an seoladh ríomhphoist ar an leathanach próifíle agus ní bheidh sé mar an seoladh réamhshocraithe le haghaidh gealltanais a dhéantar tríd an gcomhéadan gréasáin, amhail uaslódálacha comhad, eagarthóireachtaí, agus gealltanais chumasc. Ina áit sin, is féidir seoladh speisialta %s a úsáid chun gealltanais a nascadh leis an gcuntas úsáideora. Ní bheidh tionchar ag an rogha seo ar ghealltanais atá ann cheana féin.
+keep_pronouns_private = Taispeáin forainmneacha d'úsáideoirí fíordheimhnithe amháin
+keep_pronouns_private.description = Cuirfidh sé seo do fhorainmneacha i bhfolach ó chuairteoirí nach bhfuil logáilte isteach.
+ssh_desc = Tá na heochracha SSH poiblí seo bainteach le do chuntas. Ceadaíonn na heochracha príobháideacha comhfhreagracha rochtain iomlán ar do stórtha. Is féidir eochracha SSH atá fíoraithe a úsáid chun gealltanais Git sínithe le SSH a fhíorú.
+gpg_desc = Tá na heochracha GPG poiblí seo ceangailte le do chuntas agus úsáidtear iad chun do thiomnais a fhíorú. Coinnigh d’eochracha príobháideacha slán mar go gceadaíonn siad duit tiomnais a shíniú le do chéannacht.
+ssh_helper = <strong>An bhfuil cabhair uait?</strong> Féach ar an treoir chun <a href="%s">d'eochracha SSH féin a chruthú</a> nó chun <a href="%s">fadhbanna coitianta</a> a d'fhéadfadh teacht ort agus SSH á úsáid agat a réiteach.
+gpg_helper = <strong>An bhfuil cabhair uait?</strong> Féach ar an treoir <a href="%s">faoi GPG</a>.
+key_content_ssh_placeholder = Tosaíonn le "ssh-ed25519", "ssh-rsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "sk-ecdsa-sha2-nistp256@openssh.com", nó "sk-5sh.com"
+key_content_gpg_placeholder = Tosaíonn sé le "-----BEGIN PGP PUBLIC ELECTRONIC BLOCK-----"
+key_signature_gpg_placeholder = Tosaíonn le "-----TOSAIGH SÍNIÚ PGP-----"
+ssh_token_help_ssh_agent = nó, má tá gníomhaire SSH in úsáid agat (leis an athróg SSH_AUTH_SOCK socraithe):
+key_signature_ssh_placeholder = Tosaíonn le "-----TOSAIGH SÍNIÚ SSH-----"
+ssh_disabled = Tá SSH díchumasaithe
+manage_access_token = Comharthaí rochtana
+tokens_desc = Tugann na comharthaí seo rochtain ar do chuntas ag baint úsáide as API Forgejo.
+regenerate_token = Athghiniúint
+access_token_regeneration = Athghin an comhartha rochtana
+access_token_regeneration_desc = Má athghintear comhartha, cuirfear deireadh le rochtain ar do chuntas d’fheidhmchláir a úsáideann é. Ní féidir é seo a chealú. Ar mhaith leat leanúint ar aghaidh?
+regenerate_token_success = Tá an comhartha athghinte. Níl rochtain ag feidhmchláir a úsáideann é ar do chuntas a thuilleadh agus ní mór iad a nuashonrú leis an gcomhartha nua.
+access_token_desc = Ní chuireann ceadanna comhartha roghnaithe teorainn leis an údarú ach amháin do na bealaí <a href="%[1]s" target="_blank">API</a> comhfhreagracha. Léigh an <a href="%[2]s" target="_blank">doiciméadú</a> le haghaidh tuilleadh eolais.
+oauth2_application_locked = Réamhchláraíonn Forgejo roinnt feidhmchlár OAuth2 ar am tosaithe má tá sé cumasaithe sa chumraíocht. Chun iompar gan choinne a chosc, ní féidir iad seo a chur in eagar ná a bhaint. Féach ar dhoiciméadú OAuth2 le haghaidh tuilleadh eolais.
+authorized_oauth2_applications_description = Tá rochtain tugtha agat do na feidhmchláir tríú páirtí seo ar do chuntas pearsanta Forgejo. Le do thoil, cuir rochtain ar ceal i gcás feidhmchlár nach bhfuil in úsáid a thuilleadh.
+manage_account_links = Cuntais nasctha
+manage_account_links_desc = Tá na cuntais sheachtracha seo nasctha le do chuntas Forgejo.
+remove_account_link_desc = Má bhaintear cuntas nasctha, cuirfear deireadh leis an rochtain atá aige ar do chuntas Forgejo. Ar aghaidh?
+blocked_users_none = Níl aon úsáideoirí blocáilte ann.
+visibility.limited_tooltip = Le feiceáil ag úsáideoirí atá sínithe isteach amháin
+blocked_since = Blocáilte ó %s
+user_unblock_success = Tá an t-úsáideoir díbhlocáilte go rathúil.
+user_block_success = Tá an t-úsáideoir blocáilte go rathúil.
+user_block_yourself = Ní féidir leat tú féin a bhac.
+quota.applies_to_user = Baineann na rialacha cuóta seo a leanas le do chuntas
+quota.applies_to_org = Tá feidhm ag na rialacha cuóta seo a leanas maidir leis an eagraíocht seo
+quota.rule.exceeded = Sáraíodh
+quota.rule.exceeded.helper = Tá an cuóta sáraithe ag méid iomlán na réad don riail seo.
+quota.rule.no_limit = Gan teorainn
+quota.sizes.all = Gach
+quota.sizes.repos.all = Stórtha
+quota.sizes.repos.public = Stórtha poiblí
+quota.sizes.repos.private = Stórtha príobháideacha
+quota.sizes.git.all = Ábhar Git
+quota.sizes.git.lfs = Git LFS
+quota.sizes.assets.all = Sócmhainní
+quota.sizes.assets.attachments.all = Ceangaltáin
+quota.sizes.assets.attachments.issues = Ceangaltáin na heisiúna
+quota.sizes.assets.attachments.releases = Scaoil ceangaltáin
+quota.sizes.assets.artifacts = Déantáin
+quota.sizes.assets.packages.all = Pacáistí
+quota.sizes.wiki = Vicí
 
 [repo]
 owner = Úinéir
@@ -830,7 +1038,7 @@ mirror_sync = sioncronaithe
 mirror_sync_on_commit = Sioncrónaigh nuair a bhrúitear geallúintí
 mirror_address = Clón Ó URL
 mirror_address_desc = Cuir aon dhintiúir riachtanacha sa chuid Údaraithe.
-mirror_address_url_invalid = Tá an URL curtha ar fáil neamhbhailí. Caithfidh tú gach comhpháirt den url a éalú i gceart.
+mirror_address_url_invalid = Tá an URL a cuireadh ar fáil neamhbhailí. Cinntigh go bhfuil comhpháirteanna an URL éalaithe i gceart.
 mirror_address_protocol_invalid = Tá an URL curtha ar fáil neamhbhailí. Ní féidir ach suíomhanna http (s)://nó git://a úsáid le haghaidh scátháin.
 mirror_lfs = Stóráil Comhad Móra (LFS)
 mirror_lfs_desc = Gníomhachtaigh scáthú sonraí LFS.
@@ -848,7 +1056,7 @@ stars = Réaltaí
 reactions_more = agus %d níos mó
 unit_disabled = Tá an chuid stórais seo díchumasaithe ag riarthóir an láithreáin.
 language_other = Eile
-adopt_search = Iontráil ainm úsáideora chun stórais neamhghlactha a chuardach... (fág bán chun gach rud a fháil)
+adopt_search = Cuir isteach ainm úsáideora chun cuardach a dhéanamh ar stórtha neamhuchtaithe… (fág bán chun gach ceann a aimsiú)
 adopt_preexisting_label = Glacadh le Comhaid
 adopt_preexisting = Glac le comhaid atá ann cheana
 adopt_preexisting_content = Cruthaigh stór ó %s
@@ -882,7 +1090,7 @@ template.avatar = Abhatár
 template.issue_labels = Lipéid Eisiúna
 template.one_item = Ní mór mír teimpléad amháin ar a laghad a roghnú
 template.invalid = Ní mór stór teimpléad a roghnú
-archive.title_date = Tá an stóras seo cartlannaithe ar %s. Is féidir leat comhaid a fheiceáil agus é a chlónú, ach ní féidir leat saincheisteanna a bhrú nó a oscailt ná iarratais a tharraingt.
+archive.title_date = Tá an stórlann seo cartlannaithe ar %s. Is féidir leat comhaid a fheiceáil agus é a chlónáil, ach ní féidir leat aon athruithe a dhéanamh ar a staid, amhail saincheisteanna nua a bhrú agus a chruthú, iarratais tarraingthe nó tuairimí.
 form.reach_limit_of_creation_1 = Tá úinéir an stóras tar éis teorainn de %d stóras a bhaint amach cheana féin.
 form.reach_limit_of_creation_n = Tá úinéir an stórais tar éis teorainn de %d stórtha a bhaint amach cheana féin.
 form.name_reserved = Tá ainm an stór "%s" in áirithe.
@@ -897,7 +1105,7 @@ migrate_options_lfs_endpoint.description.local = Tacaítear le cosán freastala
 migrate_options_lfs_endpoint.placeholder = Má fhágtar bán, díorthófar an críochphointe ón URL clóin
 migrate_repo = Stóras Imirc
 migrate.clone_address = Aimirce/ Clón Ó URL
-migrate.github_token_desc = Is féidir leat comhartha amháin nó níos mó a chur le camóg scartha anseo chun imirce a dhéanamh níos gasta mar gheall ar theorainn ráta API GitHub. RABHADH: D'fhéadfadh mí-úsáid na ngné seo beartas an sholáthraí seirbhíse a shárú agus blocáil cuntais a bheith mar thoradh air.
+migrate.github_token_desc = Is féidir leat comhartha amháin nó níos mó a chur anseo scartha le camóga chun an t-aistriú a dhéanamh níos tapúla trí theorainn ráta API GitHub a sheachaint. RABHADH: D’fhéadfadh mí-úsáid a bhaint as an ngné seo sárú a dhéanamh ar pholasaí an tsoláthraí seirbhíse agus d’fhéadfadh sé go gcuirfí bac ar do chuntas(í).
 migrate.clone_local_path = nó cosán freastalaí áitiúil
 migrate.permission_denied = Ní cheadaítear duit stórais áitiúla a iompórtáil.
 migrate.permission_denied_blocked = Ní féidir leat allmhairiú ó óstaigh neamh-cheadaithe, iarr ar an riarachán socruithe ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS a sheiceáil le do thoil.
@@ -907,7 +1115,7 @@ migrate.migrate_items_options = Teastaíonn Comhartha Rochtana chun míreanna br
 migrated_from = Aistríodh ó <a href="%[1]s">%[2]s</a>
 migrated_from_fake = Aistrithe ó %[1]s
 migrate.migrate = Aistrigh Ó %s
-migrate.migrating = Ag aistriú ó <b>%s</b> ...
+migrate.migrating = Ag aistriú ó <b>%s</b> …
 migrate.migrating_failed = Theip ar aistriú ó <b>%s</b>.
 migrate.migrating_failed.error = Theip ar aistriú: %s
 migrate.migrating_failed_no_addr = Theip ar an imirce.
@@ -1036,7 +1244,7 @@ editor.file_is_a_symlink = Is nasc siombalach é "%s". Ní féidir naisc shiomba
 editor.filename_is_a_directory = Úsáidtear ainm comhaid "%s" cheana féin mar ainm eolaire sa stóras seo.
 editor.file_editing_no_longer_exists = Níl an comhad atá á chur in eagar, "%s", ann sa stóras seo a thuilleadh.
 editor.file_deleting_no_longer_exists = Níl an comhad atá á scriosadh, "%s", ann sa stóras seo a thuilleadh.
-editor.file_changed_while_editing = Tá athrú tagtha ar ábhar an chomhad ó thosaigh tú ag eagarthóireacht <a target="_blank" rel="noopener noreferrer" href="%s">Cliceáil anseo</a> chun iad a fheiceáil nó Athru <strong>ithe a Tiomantas arís</strong> chun iad a fhorscríobh.
+editor.file_changed_while_editing = Tá athrú tagtha ar ábhar an chomhaid ó d’oscail tú an comhad. <a target="_blank" rel="noopener noreferrer" href="%s">Cliceáil anseo</a> chun iad a fheiceáil nó <strong>Cuir athruithe i bhfeidhm arís</strong> chun iad a athscríobh.
 editor.file_already_exists = Tá comhad darb ainm "%s" ann cheana féin sa stóras seo.
 editor.push_out_of_date = Is cosúil go bhfuil an brú as dáta.
 editor.commit_empty_file_header = Tiomantas comhad folamh
@@ -1106,11 +1314,11 @@ projects.open = Oscailte
 projects.close = Dún
 projects.column.assigned_to = Sannta do
 issues.desc = Eagraigh tuarascálacha fabht, tascanna agus cloch mhíle.
-issues.filter_assignees = Scagaire Sannaitheoir
-issues.filter_milestones = Cloch Mhíle Scagaire
-issues.filter_projects = Tionscadal Scagaire
-issues.filter_labels = Lipéad Scagaire
-issues.filter_reviewers = Athbhreithneoir Scagaire
+issues.filter_assignees = Sannaí scagaire
+issues.filter_milestones = Scagaire cloch mhíle
+issues.filter_projects = Scagaire tionscadail
+issues.filter_labels = Lipéad scagaire
+issues.filter_reviewers = Athbhreithneoir scagaire
 issues.new = Eagrán Nua
 issues.new.title_empty = Ní féidir leis an teideal a bheith folamh
 issues.new.labels = Lipéid
@@ -1152,8 +1360,8 @@ issues.add_milestone_at = `chuir seo leis an gcloch mhíle <b>%s</b> %s`
 issues.add_project_at = `chuir seo leis an tionscadal <b>%s</b> %s`
 issues.change_milestone_at = `mionathraithe an chloch mhíle ó <b>%s</b> go <b>%s</b> %s`
 issues.change_project_at = `mionathraithe an tionscadal ó <b>%s</b> go <b>%s</b> %s`
-issues.remove_milestone_at = ` bhain seo den <b>%s</b>chloch mhíle %s`
-issues.remove_project_at = `bhain sé seo den <b>%s</b>an tionscadal %s`
+issues.remove_milestone_at = `baineadh é seo ón gcloch mhíle <b>%s</b> %s`
+issues.remove_project_at = `baineadh é seo as an tionscadal <b>%s</b> %s`
 issues.deleted_milestone = `(scriosta)`
 issues.deleted_project = `(scriosta)`
 issues.self_assign_at = `féin-shannta an %s seo`
@@ -1213,9 +1421,9 @@ issues.action_check_all = Seiceáil/Dísheiceáil gach mireanna
 issues.opened_by = oscail %[1]s le <a href="%[2]s">%[3]s</a>
 pulls.merged_by = le <a href="%[2]s">%[3]s</a> cumasc %[1]s
 pulls.merged_by_fake = le %[2]s a chumasc %[1]s
-issues.closed_by = le <a href="%[2]s">dúnadh %[3]s</a> %[1]s
+issues.closed_by = ag <a href="%[2]s">%[3]s</a> dúnadh %[1]s
 issues.opened_by_fake = oscail %[1]s le %[2]s
-issues.closed_by_fake = faoi ​​%[2]s dúnadh %[1]s
+issues.closed_by_fake = faoi %[2]s dúnta %[1]s
 issues.previous = Roimhe Seo
 issues.next = Ar Aghaidh
 issues.open_title = Oscailte
@@ -1238,14 +1446,14 @@ issues.reopen_issue = Athoscail
 issues.reopen_comment_issue = Athoscail le trácht
 issues.create_comment = Trácht
 issues.closed_at = `dhún an cheist seo %s`
-issues.reopened_at = `athoscail an t-eagrán seo %s`
-issues.commit_ref_at = `rinne tagairt don cheist seo ó ghealltanas %s`
-issues.ref_issue_from = `<a href="%[2]s">rinne dagairt don cheist seo %[3]s</a> %[1]s`
-issues.ref_pull_from = `<a href="%[2]s">rinne dagairt don iarratas tarraingthe seo %[3]s</a> %[1]s`
+issues.reopened_at = `athoscail an cheist seo %s`
+issues.commit_ref_at = `tagairt déanta don cheist seo ó thiomantas %s`
+issues.ref_issue_from = `<a href="%[2]s">tagairt don cheist seo %[3]s</a> %[1]s`
+issues.ref_pull_from = `<a href="%[2]s">tagairt don iarratas tarraingthe seo %[3]s</a> %[1]s`
 issues.ref_from = `ó %[1]s`
 issues.author = Údar
 issues.role.owner = Úinéir
-issues.role.owner_helper = Is é an t-úsáideoir seo úinéir an stór seo.
+issues.role.owner_helper = Is úinéir an stórais seo an t-úsáideoir seo.
 issues.role.member = Comhalta
 issues.role.member_helper = Is ball den eagraíocht é an t-úsáideoir seo a bhfuil an stór seo ina úinéireacht.
 issues.role.collaborator = Comhoibritheoir
@@ -1300,8 +1508,8 @@ issues.lock.notice_3 = - Is féidir leat an tsaincheist seo a dhíghlasáil arí
 issues.unlock.notice_1 = - Bheadh gach duine in ann trácht a dhéanamh ar an gceist seo arís.
 issues.unlock.notice_2 = - Is féidir leat an tsaincheist seo a ghlasáil arís sa todhchaí i gcónaí.
 issues.lock.reason = Cúis le glasáil
-issues.lock.title = Glas comhrá ar an gceist seo.
-issues.unlock.title = Díghlasáil comhrá ar an gceist seo.
+issues.lock.title = Glasáil an comhrá
+issues.unlock.title = Díghlasáil comhrá
 issues.comment_on_locked = Ní féidir leat trácht a dhéanamh ar shaincheist faoi ghlas.
 issues.delete = Scrios
 issues.delete.title = Scrios an t-eagrán seo?
@@ -1401,7 +1609,7 @@ pulls.select_commit_hold_shift_for_range = Roghnaigh tiomantas. Coinnigh shift +
 pulls.review_only_possible_for_full_diff = Ní féidir athbhreithniú a dhéanamh ach amháin nuair a bhreathnaítear ar an difríocht iomlán
 pulls.filter_changes_by_commit = Scagaigh de réir tiomantas
 pulls.nothing_to_compare = Tá na brainsí seo cothrom. Ní gá iarratas tarraingthe a chruthú.
-pulls.nothing_to_compare_have_tag = Tá an brainse/clib roghnaithe cothrom.
+pulls.nothing_to_compare_have_tag = Tá na brainsí/clibeanna roghnaithe comhionann.
 pulls.nothing_to_compare_and_allow_empty_pr = Tá na brainsí seo cothrom. Beidh an PR seo folamh.
 pulls.has_pull_request = `Tá iarratas tarraingthe idir na brainsí seo ann cheana: <a href="%[1]s">%[2]s#%[3]d</a>`
 pulls.create = Cruthaigh Iarratas Tarraing
@@ -1471,8 +1679,8 @@ pulls.update_branch_success = Bhí nuashonrú brainse rathúil
 pulls.update_not_allowed = Ní cheadaítear duit brainse a nuashonrú
 pulls.outdated_with_base_branch = Tá an brainse seo as dáta leis an mbunbhrainse
 pulls.close = Dún Iarratas Tarraing
-pulls.closed_at = `dhún an t-iarratas tarraingthe seo %s`
-pulls.reopened_at = `athoscail an t-iarratas tarraingthe seo %s`
+pulls.closed_at = `dhún an iarratas tarraingthe seo %s`
+pulls.reopened_at = `athoscail an iarratas tarraingthe seo %s`
 pulls.cmd_instruction_checkout_title = Seiceáil
 pulls.cmd_instruction_checkout_desc = Ó stór tionscadail, seiceáil brainse nua agus déan tástáil ar na hathruithe.
 pulls.cmd_instruction_merge_title = Cumaisc
@@ -1519,7 +1727,7 @@ milestones.filter_sort.most_complete = Is mó críochnaithe
 milestones.filter_sort.most_issues = Saincheisteanna is mó
 milestones.filter_sort.least_issues = Saincheisteanna is lú
 signing.will_sign = Síneofar an gealltanas seo le heochair "%s".
-signing.wont_sign.error = Bhí earráid ann agus tú ag seiceáil an féidir an tiomantas a shíniú.
+signing.wont_sign.error = Tharla earráid agus seiceáil á dhéanamh an bhféadfaí an tiomnú a shíniú.
 signing.wont_sign.never = Ní shínítear tiomáintí riamh.
 signing.wont_sign.always = Sínítear tiomáintí i gcónaí.
 signing.wont_sign.pubkey = Ní shíníofar an tiomantas toisc nach bhfuil eochair phoiblí agat a bhaineann le do chuntas.
@@ -1531,7 +1739,7 @@ signing.wont_sign.commitssigned = Ní shínífear an cumasc toisc nach bhfuil na
 signing.wont_sign.approved = Ní shíníofar an cumaisc toisc nach bhfuil an PR ceadaithe.
 signing.wont_sign.not_signed_in = Níl tú sínithe isteach.
 wiki = Vicí
-wiki.welcome = Fáilte go dtí an Vicí.
+wiki.welcome = Fáilte go dtí an vicí.
 wiki.welcome_desc = Ligeann an vicí duit cáipéisíocht a scríobh agus a roinnt le comhoibrithe.
 wiki.desc = Scríobh agus roinn cáipéisíocht le comhoibrithe.
 wiki.create_first_page = Cruthaigh an Chéad Leathanach
@@ -1733,7 +1941,7 @@ settings.transfer_succeed = Tá an stóras aistrithe.
 settings.signing_settings = Socruithe Fíoraithe Sínithe
 settings.trust_model = Samhail Iontaobhas Sínithe
 settings.trust_model.default = Múnla Iontaobhais Réamhshocraithe
-settings.trust_model.default.desc = Úsáid an tsamhail iontaobhais stórais réamhshocraithe don suiteáil
+settings.trust_model.default.desc = Úsáid an tsamhail iontaobhais réamhshocraithe don stóras seo.
 settings.trust_model.collaborator = Comhoibritheoir
 settings.trust_model.collaborator.long = Comhoibritheoir: Sínithe muinín ag comhoibrithe
 settings.trust_model.collaborator.desc = Déanfar sínithe bailí ó chomhoibritheoirí an stóras seo a mharcáil mar 'iontaofa' – (cibé acu a mheaitseálann siad an tiomnóir nó nach bhfuil). Seachas sin, marcálfar sínithe bailí mar 'neamhiontaofa' má mheaitseálann an síniú an tiomnóir agus mar 'neamh-mheaitseáilte' mura bhfuil.
@@ -1760,7 +1968,7 @@ settings.add_collaborator_inactive_user = Ní féidir úsáideoir neamhghníomha
 settings.add_collaborator_owner = Ní féidir úinéir a chur leis mar chomhoibritheoir.
 settings.add_collaborator_duplicate = Tá an comhoibrí curtha leis an stóras seo cheana féin.
 settings.delete_collaborator = Bain
-settings.collaborator_deletion = Bain Comhoibritheoir
+settings.collaborator_deletion = Bain comhoibrí
 settings.collaborator_deletion_desc = Má dhéantar comhoibrí a bhaint, déanfar a rochtain ar an stóras seo a chúlghairm. Lean ort?
 settings.remove_collaborator_success = Tá an comhoibritheoir bainte.
 settings.org_not_allowed_to_be_collaborator = Ní féidir eagraíochtaí a chur leis mar chomhoibritheoir.
@@ -1865,7 +2073,7 @@ settings.packagist_api_token = Comhartha API
 settings.packagist_package_url = URL pacáiste Packagist
 settings.deploy_keys = Eochracha a imscaradh
 settings.add_deploy_key = Cuir Eochair Imscartha leis
-settings.deploy_key_desc = Tá rochtain tarraingthe léite amháin ag eochracha imscartha ar an stóras.
+settings.deploy_key_desc = Is féidir rochtain léite amháin nó rochtain léite-scríofa a bheith ag eochracha imscartha ar an stór.
 settings.is_writable = Cumasaigh Rochtain Scríobh
 settings.is_writable_info = Lig don eochair imlonnaithe seo <strong>a bhrú</strong> chuig an stóras.
 settings.no_deploy_keys = Níl aon eochracha imscartha ann fós.
@@ -1938,7 +2146,7 @@ settings.matrix.room_id = ID seomra
 settings.matrix.message_type = Cineál teachtaireachta
 settings.archive.button = Cartlann Stóras
 settings.archive.header = Cartlann an Stóras seo
-settings.archive.text = Má dhéantar an stóras a chartlannú, beidh sé léite go hiomlán amháin. Beidh sé i bhfolach ón bpainéal. Aon duine (ní fiú tú!) beidh siad in ann tiomantas nua a dhéanamh, nó aon saincheisteanna nó iarratais a tharraingt a oscailt.
+settings.archive.text = Trí an stór a chartlannú, beidh sé inléite amháin go hiomlán. Beidh sé i bhfolach ón deais. Ní bheidh aon duine (fiú tusa!) in ann gealltanais nua a dhéanamh, ná aon saincheisteanna ná iarratais tarraingthe a oscailt. Moltar an chúis cartlannúcháin a dhoiciméadú chun treoir a thabhairt do fhorbróirí amach anseo a bhfuil sé beartaithe acu an stór a fhorcadh.
 settings.archive.success = Rinneadh an stóras a chartlannú go rathúil.
 settings.archive.error = Tharla earráid agus tú ag iarraidh an stóras a chartlannú. Féach an logáil le haghaidh tuilleadh sonraí.
 settings.archive.error_ismirror = Ní féidir leat stóras scátháin a chartlannú.
@@ -1960,7 +2168,7 @@ settings.lfs_invalid_locking_path = Cosan neamhbhailí: %s
 settings.lfs_invalid_lock_directory = Ní féidir eolaire a ghlasáil: %s
 settings.lfs_lock_already_exists = Tá an glas ann cheana féin: %s
 settings.lfs_lock = Glas
-settings.lfs_lock_path = Cosán comhad le haghaidh glasáil...
+settings.lfs_lock_path = Cosán comhaid le glasáil…
 settings.lfs_locks_no_locks = Gan Glais
 settings.lfs_lock_file_no_exist = Níl an comhad faoi ghlas sa bhrainse réamhshocraithe
 settings.lfs_force_unlock = Díghlasáil Fórsa
@@ -2040,7 +2248,7 @@ release.ahead.commits = Geallann <strong>%d</strong>
 release.ahead.target = go %s ón scaoileadh seo
 tag.ahead.target = chuig %s ón gclib seo
 release.source_code = Cód Foinse
-release.new_subheader = Eagraíonn eiseachtaí leaganacha tionscadail
+release.new_subheader = Eagraíonn eisiúintí leaganacha tionscadail.
 release.edit_subheader = Eagraíonn eisiúintí leaganacha tionscadal.
 release.tag_name = Ainm chlib
 release.target = Sprioc
@@ -2098,7 +2306,7 @@ branch.included = San áireamh
 branch.create_new_branch = Cruthaigh brainse ón mbrainse:
 branch.confirm_create_branch = Cruthaigh brainse
 branch.warning_rename_default_branch = Tá tú ag athainmniú an bhrainse réamhshocraithe.
-branch.rename_branch_to = Athainmnigh "%s" go:
+branch.rename_branch_to = Ag athainmniú na brainse "%s".
 branch.create_branch_operation = Cruthaigh brainse
 branch.new_branch = Cruthaigh brainse nua
 branch.new_branch_from = `Cruthaigh brainse nua ó "%s"`
@@ -2115,9 +2323,353 @@ find_file.no_matching = Níl aon chomhad meaitseála le fáil
 error.csv.too_large = Ní féidir an comhad seo a rinneadh toisc go bhfuil sé ró-mhór.
 error.csv.unexpected = Ní féidir an comhad seo a rindreáil toisc go bhfuil carachtar ann gan súil leis i líne %d agus i gcolún %d.
 error.csv.invalid_field_count = Ní féidir an comhad seo a rindreáil toisc go bhfuil líon mícheart réimsí i líne %d.
+rss.must_be_on_branch = Ní mór duit a bheith ar bhrainse le go mbeidh fotha RSS agat.
+admin.manage_flags = Bainistigh bratacha
+admin.enabled_flags = Bratacha cumasaithe don stórlann:
+admin.update_flags = Bratacha nuashonraithe
+admin.failed_to_replace_flags = Theip ar bhrataí an stórais a athsholáthar
+admin.flags_replaced = Bratacha stórais athsholáthair
+new_repo_helper = Tá gach comhad tionscadail i stórlann, lena n-áirítear stair athbhreithnithe. An bhfuil ceann á óstáil in áit eile cheana féin? <a href="%s">Aistrigh an stórlann</a>.
+new_from_template = Úsáid teimpléad
+new_from_template_description = Is féidir leat teimpléad stórtha atá ann cheana a roghnú ar an gcás seo agus a shocruithe a chur i bhfeidhm.
+new_advanced = Socruithe ardleibhéil
+new_advanced_expand = Cliceáil chun leathnú
+repo_name_helper = Úsáideann ainmneacha maithe stórtha eochairfhocail ghearra, cuimhneacháin agus uathúla.
+size_format = %[1]s: %[2]s, %[3]s: %[4]s
+template_select = Roghnaigh teimpléad
+visibility_fork_helper = (Má athraítear seo, beidh tionchar aige ar infheictheacht na bhforcanna uile.)
+repo_gitignore_helper = Roghnaigh teimpléid .gitignore
+issue_labels = Lipéid
+issue_labels_helper = Roghnaigh tacar lipéad
+license_helper = Roghnaigh comhad ceadúnais
+license_helper_desc = Rialaíonn ceadúnas cad is féidir agus nach féidir le daoine eile a dhéanamh le do chód. Níl tú cinnte cé acu ceann atá ceart chun do thionscadal? Féach <a target="_blank" rel="noopener noreferrer" href="%s">Roghnaigh ceadúnas</a>.
+object_format_helper = Formáid réada an stórais. Ní féidir é a athrú níos déanaí. Is é SHA1 an ceann is comhoiriúnaí.
+readme_helper = Roghnaigh teimpléad comhaid README
+auto_init = Tosaigh an stórlann
+auto_init_description = Tosaigh stair Git le README agus cuir comhaid Ceadúnais agus .gitignore leis más mian leat.
+mirror_interval = Eatramh scátháin (is iad na haonaid ama bailí ná "h", "m", "s"). 0 chun sioncrónú tréimhsiúil a dhíchumasú. (Eatramh íosta: %s)
+mirror_public_key = Eochair SSH phoiblí
+mirror_use_ssh.text = Úsáid fíordheimhniú SSH
+mirror_use_ssh.helper = Déanfaidh Forgejo an stór a scáthánú trí Git thar SSH agus cruthóidh sé péire eochracha duit nuair a roghnaíonn tú an rogha seo. Ní mór duit a chinntiú go bhfuil údarú ag an eochair phoiblí a ghintear chun brú chuig an stór ceann scríbe. Ní féidir leat údarú bunaithe ar phasfhocal a úsáid agus é seo á roghnú agat.
+mirror_use_ssh.not_available = Níl fíordheimhniú SSH ar fáil.
+mirror_denied_combination = Ní féidir fíordheimhniú bunaithe ar eochair phoiblí agus pasfhocal a úsáid i gcomhar.
+author_search_tooltip = Taispeánann sé uasmhéid de 30 úsáideoir
+summary_card_alt = Cárta achoimre den stórlann %s
+tree_path_not_found.commit = Níl an cosán %[1]s ann i ngealltanas %[2]s
+tree_path_not_found.branch = Níl an cosán %[1]s ann i mbrainse %[2]s
+tree_path_not_found.tag = Níl an cosán %[1]s ann sa chlib %[2]s
+archive.title = Tá an stórlann seo cartlannaithe. Is féidir leat comhaid a fheiceáil agus é a chlónáil, ach ní féidir leat aon athruithe a dhéanamh ar a staid, amhail saincheisteanna nua a bhrú agus a chruthú, iarratais tarraingthe nó tuairimí.
+archive.nocomment = Ní féidir trácht a dhéanamh mar go bhfuil an stór cartlannaithe.
+archive.pull.noreview = Tá an stórlann seo cartlannaithe. Ní féidir leat iarratais tarraingthe a athbhreithniú.
+sync_fork.branch_behind_one = Tá an brainse seo %[1]d tiomantas taobh thiar de %[2]s
+sync_fork.branch_behind_few = Tá an brainse seo %[1]d tiomnuithe taobh thiar de %[2]s
+sync_fork.button = Sioncrónaigh
+form.string_too_long = Tá an teaghrán tugtha níos faide ná %d carachtar.
+migrate.repo_desc_helper = Fág folamh chun cur síos atá ann cheana a allmhairiú
+migrate.clone_address_desc = URL "clónála" HTTP(S) nó Git de stórlann atá ann cheana féin
+migrate.invalid_local_path = Tá an cosán áitiúil neamhbhailí. Níl sé ann nó ní eolaire é.
+subscribe.issue.guest.tooltip = Sínigh isteach chun liostáil leis an eagrán seo.
+subscribe.pull.guest.tooltip = Sínigh isteach chun liostáil leis an iarratas tarraingthe seo.
+no_desc = Gan cur síos
+project = Tionscadail
+file_follow = Lean nasc siombalach
+video_not_supported_in_browser = Ní thacaíonn do bhrabhsálaí leis an gclib "físeán" HTML5.
+audio_not_supported_in_browser = Ní thacaíonn do bhrabhsálaí leis an gclib "fuaime" HTML5.
+no_eol.text = Gan EOL
+no_eol.tooltip = Níl carachtar deireadh líne sa chomhad seo.
+editor.filename_help = Cuir eolaire leis trína ainm a chlóscríobh agus slais ("/") ina dhiaidh. Bain eolaire trí chúlspás a chlóscríobh ag tús an réimse ionchuir.
+editor.add_tmpl = Cuir "<%s>" leis
+editor.add_tmpl.filename = ainm comhaid
+editor.commit_directly_to_this_branch = Tiomnaigh go díreach chuig an mbrainse <strong class="%[2]s">%[1]s</strong>.
+editor.invalid_commit_mail = Ríomhphost neamhbhailí le haghaidh cruthú tiomantais.
+editor.commit_id_not_matching = Athraíodh an comhad agus tú á chur in eagar. Cuir i mbrainse nua é agus ansin cumasc é.
+commits.browse_further = Brabhsáil tuilleadh
+commits.renamed_from = Athainmnithe ó %s
+commits.view_single_diff = Féach ar athruithe ar an gcomhad seo a tugadh isteach sa tiomantas seo
+ext_issues = Saincheisteanna seachtracha
+projects.type.none = Dada
+projects.type.basic_kanban = Kanban bunúsach
+projects.type.bug_triage = Triage fabhtanna
+projects.template.desc = Teimpléad
+projects.template.desc_helper = Roghnaigh teimpléad tionscadail le tosú
+projects.column.edit = Cuir colún in eagar
+projects.column.edit_title = Ainm
+projects.column.new_title = Ainm
+projects.column.new_submit = Cruthaigh colún
+projects.column.new = Colún nua
+projects.column.set_default = Socraigh réamhshocrú
+projects.column.set_default_desc = Socraigh an colún seo mar réamhshocrú le haghaidh saincheisteanna agus tarraingtí neamhchatagóirithe
+projects.column.delete = Scrios colún
+projects.column.deletion_desc = Má scriostar colún tionscadail, bogtar na saincheisteanna gaolmhara go léir chuig an gcolún réamhshocraithe. Ar aghaidh?
+projects.column.color = Dath
+projects.card_type.desc = Réamhamhairc cártaí
+projects.card_type.images_and_text = Íomhánna agus téacs
+projects.card_type.text_only = Téacs amháin
+issues.filter_no_results = Gan aon torthaí
+issues.filter_no_results_placeholder = Bain triail as do scagairí cuardaigh a choigeartú.
+issues.new.no_label = Gan lipéid
+issues.new.open_milestone = Clocha míle oscailte
+issues.new.closed_milestone = Clocha míle dúnta
+issues.new.assign_to_me = Sannadh dom
+issues.label_templates.info = Níl aon lipéid ann fós. Cruthaigh lipéad le "Lipéad nua" nó bain úsáid as réamhshocrú lipéid:
+issues.label_templates.helper = Roghnaigh réamhshocrú lipéid
+issues.label_templates.use = Úsáid réamhshocrú lipéid
+issues.filter_poster_no_select = Gach údar
+issues.filter_type.all_pull_requests = Gach iarratas tarraingthe
+issues.filter_sort.relevance = Ábharthacht
+issues.all_title = Gach
+issues.num_reviews_one = %d athbhreithniú
+issues.num_reviews_few = %d athbhreithnithe
+issues.reaction.add = Cuir imoibriú leis
+issues.reaction.alt_few = D’fhreagair %[1] %[2].
+issues.reaction.alt_many = D’imoibrigh %[1]s agus %[2]d eile %[3].
+issues.reaction.alt_remove = Bain imoibriú %[1] ón trácht.
+issues.reaction.alt_add = Cuir imoibriú %[1] leis an trácht.
+issues.context.menu = Roghchlár tráchta
+issues.context.reference_issue = Tagairt in eagrán nua
+issues.ref_closing_from = `<a href="%[2]s">tagairt don cheist seo ó iarratas tarraingthe %[3]s a dhúnfaidh é</a>, %[1]s`
+issues.ref_reopening_from = `<a href="%[2]s">tagairt don cheist seo ó iarratas tarraingthe %[3]s a athosclóidh é</a>, %[1]s`
+issues.author.tooltip.issue = Is é an t-úsáideoir seo údar an tsaincheist seo.
+issues.author.tooltip.pr = Is é an t-úsáideoir seo údar an iarratais tarraingthe seo.
+issues.role.contributor_helper = Tá an t-úsáideoir seo tar éis gealltanas a thabhairt sa stórlann seo roimhe seo.
+issues.archived_label_description = (Cartlannaithe) %s
+issues.num_participants_one = %d rannpháirtí
+issues.num_participants_few = %d rannpháirtí
+issues.unpin_issue = Fadhb le díphionáil
+issues.max_pinned = Ní féidir leat níos mó saincheisteanna a phionáil
+issues.pin_comment = phionáil an %s seo
+issues.unpin_comment = díphionáilte an %s seo
+issues.lock_with_reason = faoi ghlas mar <strong>%s</strong> agus comhrá teoranta do chomhoibritheoirí %s
+issues.lock_no_reason = comhrá faoi ghlas agus teoranta do chomhoibritheoirí %s
+issues.unlock_comment = díghlasáil an comhrá seo %s
+issues.lock.notice_1 = - Ní féidir le húsáideoirí eile tuairimí nua a chur leis an gceist seo.
+issues.start_tracking_short = Tosaigh an lasc ama
+issues.start_tracking = Tosaigh ag rianú ama
+issues.start_tracking_history = `thosaigh ag obair %s`
+issues.stop_tracking = Stop an lasc ama
+issues.stop_tracking_history = `stop ag obair %s`
+issues.cancel_tracking = Caith uait
+issues.add_time = Cuir am leis de láimh
+issues.add_time_short = Cuir am leis
+issues.add_time_cancel = Cealaigh
+issues.add_time_history = `cuirtear am caite %s leis`
+issues.push_commit_1 = cuireadh %d tiomantas %s leis
+issues.push_commits_n = %d tiomantais %s curtha leis
+issues.force_push_codes = `brúite le fórsa %[1]s ó <a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s go <a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s %[6]s`
+issues.due_date_form = bbbb-mm-ll
+issues.due_date_form_edit = Cuir in Eagar
+issues.due_date_form_remove = Bain
+issues.due_date_not_set = Níl aon dáta dlite socraithe.
+issues.due_date_added = cuireadh an dáta dlite %s %s leis
+issues.due_date_modified = athraíodh an dáta dlite ó %[2]s go %[1]s %[3]s
+issues.due_date_remove = baineadh an dáta dlite %s %s
+issues.due_date_overdue = Thar téarma
+issues.due_date_invalid = Tá an dáta dlite neamhbhailí nó lasmuigh den raon. Úsáid an fhormáid "bbbb-mm-ll" le do thoil.
+issues.dependency.no_permission_1 = Níl cead agat %d spleáchas a léamh
+issues.dependency.no_permission_n = Níl cead agat %d spleáchas a léamh
+issues.dependency.no_permission.can_remove = Níl cead agat an spleáchas seo a léamh ach is féidir leat é a bhaint
+issues.dependency.issue_batch_close_blocked = Ní féidir na saincheisteanna roghnaithe a dhúnadh i mbaisceanna, mar tá spleáchais oscailte fós ag saincheist #%d
+issues.review.approve = ceadaíodh na hathruithe seo %s
+issues.review.comment = athbhreithnithe %s
+issues.review.dismissed = léirmheas %s %s curtha ar ceal
+issues.review.reject = athruithe iarrtha %s
+issues.review.add_review_request = iarradh athbhreithniú ó %[1]s %[2]s
+issues.review.add_review_requests = athbhreithnithe iarrtha ó %[1]s %[2]s
+issues.review.remove_review_request = iarratas athbhreithnithe bainte as %[1]s %[2]s
+issues.review.remove_review_requests = bainte iarratais athbhreithnithe do %[1]s %[2]s
+issues.review.remove_review_request_self = dhiúltaigh athbhreithniú a dhéanamh ar %s
+issues.review.add_remove_review_requests = iarradh léirmheasanna ó %[1]s agus baineadh iarratais ar léirmheasanna ó %[2]s %[3]s
+issues.blocked_by_user = Ní féidir leat saincheisteanna a chruthú sa stórlann seo mar go bhfuil tú blocáilte ag úinéir an stórlainne.
+comment.blocked_by_user = Ní féidir trácht a dhéanamh mar go bhfuil bac ort ag úinéir an stórais nó ag an údar.
+issues.summary_card_alt = Cárta achoimre ar shaincheist dar teideal "%s" sa stórlann %s
+pulls.sign_in_require = <a href="%s">Sínigh isteach</a> chun iarratas tarraingthe nua a chruthú.
+pulls.no_results = Níor aimsíodh aon torthaí.
+pulls.ready_for_review = Réidh le haghaidh athbhreithnithe?
+pulls.is_checking = Tá seiceáil coinbhleachta cumaisc ar siúl. Déan iarracht arís i gceann cúpla nóiméad.
+pulls.is_ancestor = Tá an brainse seo san áireamh cheana féin sa bhrainse sprice. Níl aon rud le cumasc.
+pulls.is_empty = Tá na hathruithe ar an mbrainse seo ar an mbrainse sprice cheana féin. Beidh sé seo ina thiomantas folamh.
+pulls.blocked_by_approvals = Níl dóthain ceaduithe faighte ag an iarratas tarraingthe seo go fóill. %d de %d ceaduithe deonaithe.
+pulls.blocked_by_rejection = Tá athruithe iarrtha ag athbhreithnitheoir oifigiúil ar an iarratas tarraingthe seo.
+pulls.blocked_by_official_review_requests = Tá an t-iarratas tarraingthe seo blocáilte mar níl cead faighte aige ó athbhreithneoir oifigiúil amháin nó níos mó.
+pulls.blocked_by_outdated_branch = Tá an t-iarratas tarraingthe seo blocáilte mar go bhfuil sé as dáta.
+pulls.blocked_by_changed_protected_files_1 = Tá an iarratas tarraingthe seo blocáilte mar go n-athraíonn sé comhad cosanta:
+pulls.blocked_by_changed_protected_files_n = Tá an t-iarratas tarraingthe seo blocáilte mar go n-athraíonn sé comhaid chosanta:
+pulls.num_conflicting_files_1 = %d comhad contrártha
+pulls.num_conflicting_files_n = %d comhad contrártha
+pulls.approve_count_1 = %d ceadú
+pulls.approve_count_n = %d ceaduithe
+pulls.reject_count_1 = %d iarratas athraithe
+pulls.reject_count_n = %d iarratais athraithe
+pulls.waiting_count_1 = %d ag fanacht le hathbhreithniú
+pulls.waiting_count_n = %d léirmheasanna ag fanacht
+pulls.wrong_commit_id = Ní mór don aitheantas tiomantais a bheith ina aitheantas tiomantais ar an mbrainse sprice
+pulls.blocked_by_user = Ní féidir leat iarratas tarraingthe a chruthú ar an stórlann seo mar go bhfuil tú blocáilte ag úinéir an stórlainne.
+pulls.commit_ref_at = `tagairt déanta don iarratas tarraingthe seo ó thiomnadh %s`
+pulls.cmd_instruction_hint = Féach treoracha líne ordaithe
+pulls.cmd_instruction_merge_desc = Cumaisc na hathruithe agus nuashonraigh ar Forgejo.
+pulls.cmd_instruction_merge_warning = <b>Rabhadh:</b> Níl an socrú "Braith cumasc láimhe go huathoibríoch" cumasaithe don stór seo, beidh ort an t-iarratas tarraingthe seo a mharcáil mar chumasctha de láimh ina dhiaidh sin.
+pulls.reopen_failed.head_branch = Ní féidir an t-iarratas tarraingthe a athoscailt, mar nach bhfuil an brainse ceann ann a thuilleadh.
+pulls.reopen_failed.base_branch = Ní féidir an t-iarratas tarraingthe a athoscailt, mar nach bhfuil an brainse bonn ann a thuilleadh.
+pulls.made_using_agit = AGit
+pulls.agit_explanation = Cruthaithe ag baint úsáide as sreabhadh oibre AGit. Ligeann AGit do rannpháirtithe athruithe a mholadh ag baint úsáide as "git push" gan forc ná brainse nua a chruthú.
+pulls.editable = In-eagarthóireacht
+pulls.editable_explanation = Ceadaíonn an iarratas tarraingthe seo eagarthóireachtaí ó chothaitheoirí. Is féidir leat cur leis go díreach.
+pulls.delete_after_merge.head_branch.is_default = Is é an brainse ceann is mian leat a scriosadh an brainse réamhshocraithe agus ní féidir é a scriosadh.
+pulls.delete_after_merge.head_branch.is_protected = Is brainse cosanta an ceannbhrainse is mian leat a scriosadh agus ní féidir í a scriosadh.
+pulls.delete_after_merge.head_branch.insufficient_branch = Níl cead agat an brainse ceann a scriosadh.
+pulls.recently_pushed_new_branches = Bhrúigh tú ar bhrainse <a href="%[3]s"><strong>%[1]s</strong></a> %[2]s
+milestones.invalid_due_date_format = Ní mór don dáta dlite a bheith i bhformáid "bbbb-mm-ll".
+milestones.filter_sort.earliest_due_data = Dáta dlite is gaire
+milestones.filter_sort.latest_due_date = An dáta dlite is faide
+signing.wont_sign.nokey = Níl aon eochair ag an gcás seo chun an tiomantas seo a shíniú leis.
+ext_wiki = Vicí Sheachtrach
+wiki.cancel = Cealaigh
+wiki.wiki_page_revisions = Athbhreithnithe leathanaigh
+wiki.page_name_desc = Cuir isteach ainm don leathanach Vicí seo. Seo a leanas roinnt ainmneacha speisialta: "Baile", "_Barra Taobh" agus "_Buntásc".
+wiki.search = Cuardaigh vicí
+wiki.no_search_results = Gan aon torthaí
+activity.published_release_label = Scaoileadh
+activity.published_prerelease_label = Réamh-eisiúint
+activity.published_tag_label = Clib
+activity.commit = Gníomhaíocht tiomanta
+settings.federation_settings = Socruithe Cónaidhme
+settings.federation_apapiurl = URL Cónaidhme an stórais seo. Cóipeáil agus greamaigh é seo i Socruithe Cónaidhme stórais eile mar URL Stórais ina dhiaidh sin.
+settings.federation_following_repos = URLanna na Stórtha Seo a Leanas. Scartha le ";", gan spás bán.
+settings.federation_not_enabled = Níl cónaidhm cumasaithe ar do chás.
+settings.mirror_settings.push_mirror.none_ssh = Dada
+settings.units.units = Aonaid
+settings.units.overview = Forbhreathnú
+settings.units.add_more = Cumasaigh níos mó
+settings.mirror_settings.push_mirror.copy_public_key = Cóipeáil eochair phoiblí
+settings.pull_mirror_sync_quota_exceeded = Cuóta sáraithe, níl athruithe á dtarraingt.
+settings.update_settings = Sábháil socruithe
+settings.wiki_globally_editable = Ceadaigh d'aon duine an vicí a chur in eagar
+settings.default_update_style_desc = Stíl nuashonraithe réamhshocraithe a úsáidtear chun iarratais tarraingthe atá taobh thiar den bhrainse bonn a nuashonrú.
+settings.packages_desc = Cumasaigh clárlann pacáiste stórtha
+settings.projects_desc = Cumasaigh tionscadail stórtha
+settings.actions_desc = Cumasaigh píblínte comhtháite CI/CD le Gníomhartha Forgejo
+settings.admin_indexer_commit_sha = An tiomnú innéacsaithe deireanach
+settings.new_owner_blocked_doer = Tá an t-úinéir nua tar éis bac a chur ort.
+settings.transfer.title = Aistrigh úinéireacht
+settings.transfer.button = Aistrigh úinéireacht
+settings.transfer.modal.title = Aistrigh úinéireacht
+settings.enter_repo_name = Cuir isteach ainm an úinéara agus an stórais díreach mar a thaispeántar:
+settings.confirmation_string = Teaghrán dearbhaithe
+settings.transfer_quota_exceeded = Tá an t-úinéir nua (%s) thar an gcuóta. Níor aistríodh an stórlann.
+settings.trust_model.committer.long = Tiomnóir: Sínithe muiníne a mheaitseálann tiomnóirí (Meaitseálann sé seo GitHub agus cuirfidh sé iallach ar thiomnuithe sínithe Forgejo a bheith mar an tiomnóir)
+settings.trust_model.committer.desc = Ní mharcálfar sínithe bailí mar "iontaofa" ach amháin má mheaitseálann siad an tiomnóir, nó marcálfar iad mar "gan mheaitseáil". Cuireann sé seo iallach ar Forgejo a bheith ina thiomnóir ar thiomnuithe sínithe agus an tiomnóir iarbhír marcáilte mar Chomhúdaraithe ag: agus Co-thiomnaithe ag: leantóir sa thiomnú. Caithfidh eochair réamhshocraithe Forgejo a bheith ag teacht le hÚsáideoir sa bhunachar sonraí.
+settings.trust_model.collaboratorcommitter.desc = Marcálfar sínithe bailí ó chomhoibritheoirí an stórais seo mar "iontaofa" má mheaitseálann siad an tiomnóir. Seachas sin, marcálfar sínithe bailí mar "neamhiontaofa" má mheaitseálann an síniú an tiomnóir agus "gan mheaitseáil" murach sin. Cuirfidh sé seo iallach ar Forgejo a bheith marcáilte mar an tiomnóir ar thiomnuithe sínithe agus an tiomnóir iarbhír marcáilte mar Chomhúdaraithe ag: agus Co-Tiomnaithe ag: leantóir sa tiomnú. Ní mór don eochair réamhshocraithe Forgejo a bheith ag teacht le hÚsáideoir sa bhunachar sonraí.
+settings.wiki_rename_branch_main = Normalú ainm na brainse Vicí
+settings.wiki_rename_branch_main_desc = Athainmnigh an brainse a úsáideann an Vicí go hinmheánach go "%s". Tá an t-athrú seo buan agus ní féidir é a chealú.
+settings.wiki_rename_branch_main_notices_1 = <strong>NÍ FÉIDIR</strong> an oibríocht seo a chealú.
+settings.wiki_rename_branch_main_notices_2 = Athróidh sé seo ainm buan an bhrainse inmheánaigh de vicí stórtha %s. Beidh gá na seiceálacha atá ann cheana a nuashonrú.
+settings.wiki_branch_rename_success = Tá ainm brainse vicí an stórais déanta ar normalú go rathúil.
+settings.wiki_branch_rename_failure = Theip ar ainm brainse vicí an stórais a normalú.
+settings.confirm_wiki_branch_rename = Athainmnigh an brainse vicí
+settings.add_collaborator_blocked_our = Ní féidir an comhoibrí a chur leis, mar tá bac curtha ag úinéir an stórais air/uirthi.
+settings.add_collaborator_blocked_them = Ní féidir an comhoibrí a chur leis, mar tá úinéir an stórais blocáilte acu.
+settings.add_webhook.invalid_path = Ní féidir cuid den chonair a bheith ann arb ionann í agus "." nó ".." nó an teaghrán folamh. Ní féidir léi tosú ná críochnú le slais.
+settings.hooks_desc = Déanann Webhooks iarratais HTTP POST chuig freastalaí go huathoibríoch nuair a spreagtar imeachtaí Forgejo áirithe. Léigh tuilleadh sa <a target="_blank" rel="noopener noreferrer" href="%s">treoir crúcaí gréasáin</a>.
+settings.githooks_desc = Tá Git féin ag tiomáint crúcaí Git. Is féidir leat comhaid crúcaí a chur in eagar thíos chun oibríochtaí saincheaptha a shocrú.
+settings.add_webhook_desc = Seolfaidh Forgejo iarratais <code>POST</code> le Cineál Ábhair sonraithe chuig an URL sprice. Léigh tuilleadh sa <a target="_blank" rel="noopener noreferrer" href="%s">treoir crúcaí gréasáin</a>.
+settings.discord_icon_url.exceeds_max_length = Ní mór URL an deilbhín a bheith níos lú ná nó cothrom le 2048 carachtar
+settings.event_issues = Modhnú
+settings.event_issue_assign = Sannadh
+settings.event_issue_label = Lipéid
+settings.event_issue_label_desc = Lipéid eisiúna curtha leis nó bainte.
+settings.event_issue_milestone = Clocha míle
+settings.event_issue_milestone_desc = Cloch mhíle curtha leis, bainte nó modhnaithe.
+settings.event_issue_comment = Tráchtanna
+settings.event_pull_request = Modhnú
+settings.event_pull_request_assign = Sannadh
+settings.event_pull_request_label = Lipéid
+settings.event_pull_request_label_desc = Lipéid iarrata tarraingthe curtha leis nó bainte.
+settings.event_pull_request_milestone = Clocha míle
+settings.event_pull_request_milestone_desc = Cloch mhíle curtha leis, bainte nó modhnaithe.
+settings.event_pull_request_comment = Tráchtanna
+settings.event_pull_request_review = Léirmheasanna
+settings.event_pull_request_review_desc = Iarratas tarraingthe ceadaithe, diúltaithe, nó tuairimí athbhreithnithe curtha leis.
+settings.event_pull_request_sync = Sioncrónaithe
+settings.event_pull_request_sync_desc = Brainse nuashonraithe go huathoibríoch leis an mbrainse sprice.
+settings.event_pull_request_review_request = Iarratais athbhreithnithe
+settings.event_pull_request_enforcement = Forfheidhmiú
+settings.event_header_action = Imeachtaí Rith Gníomhaíochta
+settings.event_action_failure = Teip
+settings.event_action_failure_desc = Chríochnaigh an Rith Gníomhaíochta mar theip.
+settings.event_action_recover = Aisghabháil
+settings.event_action_recover_desc = D’éirigh leis an Rith Gníomhaíochta tar éis don Rith Gníomhaíochta deireanach sa sreabhadh oibre céanna teip.
+settings.event_action_success = Rath
+settings.event_action_success_desc = D’éirigh leis an Rith Gníomhaíochta.
+settings.graphql_url = URL GraphQL
+settings.web_hook_name_forgejo = Forgejo
+settings.web_hook_name_feishu = Feishu / Lark Suite
+settings.web_hook_name_feishu_only = Feishu
+settings.web_hook_name_larksuite_only = Sraith Lark
+settings.web_hook_name_sourcehut_builds = Tógálacha SourceHut
+settings.sourcehut_builds.manifest_path = Tóg cosán léirithe
+settings.sourcehut_builds.visibility = Infheictheacht poist
+settings.sourcehut_builds.secrets = Rúin
+settings.sourcehut_builds.secrets_helper = Tabhair rochtain don phost ar na rúin tógála (éilíonn sé seo an deontas SECRETS:RO)
+settings.sourcehut_builds.access_token_helper = Comhartha rochtana a bhfuil deontas JOBS:RW aige. Gin <a target="_blank" rel="noopener noreferrer" href="%s">comhartha builds.sr.ht</a> nó comhartha <a target="_blank" rel="noopener noreferrer" href="%s">builds.sr.ht le rochtain rúnda</a> ar meta.sr.ht.
+settings.branch_protection = Rialacha cosanta don bhrainse "<b>%s</b>"
+settings.protect_new_rule = Cruthaigh riail nua um chosaint brainse
+settings.protect_whitelist_committers = Brú srianta ar an liosta bán
+settings.protect_whitelist_committers_desc = Ní cheadófar ach d'úsáideoirí nó foirne atá ar an liosta bán brú a chur chuig an mbrainse seo (ach ní bheidh cead acu brú fórsaithe a chur orthu).
+settings.protect_whitelist_deploy_keys = Cuir eochracha imscartha le rochtain scríbhneoireachta ar bhrú ar an liosta bán.
+settings.protect_whitelist_users = Úsáideoirí ar an liosta bán le haghaidh brú
+settings.protect_whitelist_teams = Foirne ar an liosta bán le haghaidh brú
+settings.protect_merge_whitelist_committers = Cumasaigh liosta bán cumaiscthe
+settings.protect_merge_whitelist_committers_desc = Lig d’úsáideoirí nó foirne atá ar an liosta bán amháin iarratais tarraingthe a chumasc isteach sa bhrainse seo.
+settings.protect_merge_whitelist_users = Úsáideoirí ar an liosta bán le haghaidh cumasc
+settings.protect_merge_whitelist_teams = Foirne ar an liosta bán le haghaidh cumasc
+settings.protect_status_check_patterns = Patrúin seiceála stádais
+settings.protect_required_approvals = Ceaduithe riachtanacha
+settings.protect_required_approvals_desc = Ní cheadaítear ach iarratas tarraingthe a chumasc le dóthain léirmheasanna dearfacha.
+settings.protect_approvals_whitelist_enabled = Srian a chur le ceaduithe d'úsáideoirí nó foirne atá ar an liosta bán
+settings.protect_approvals_whitelist_enabled_desc = Ní chuirfear san áireamh ach léirmheasanna ó úsáideoirí nó foirne atá ar an liosta bán sna ceaduithe riachtanacha. Gan cheadú ar an liosta bán, cuirfear san áireamh léirmheasanna ó aon duine a bhfuil rochtain scríbhneoireachta acu sna ceaduithe riachtanacha.
+settings.protect_approvals_whitelist_users = Athbhreithneoirí ar an liosta bán
+settings.protect_approvals_whitelist_teams = Foirne ar liosta bán le haghaidh athbhreithnithe
+settings.protect_branch_name_pattern_desc = Patrúin ainmneacha brainse faoi chosaint. Féach <a href="%s">an doiciméadacht</a> le haghaidh comhréir na patrún. Samplaí: main, release/**
+settings.protect_protected_file_patterns = Patrúin chomhaid chosanta (scartha ag baint úsáide as leathstad ";")
+settings.protect_protected_file_patterns_desc = Ní cheadaítear comhaid chosanta a athrú go díreach fiú má tá cearta ag an úsáideoir comhaid a chur leis, a chur in eagar nó a scriosadh sa bhrainse seo. Is féidir patrúin iolracha a dheighilt le leathstad (";"). Féach ar dhoiciméadú <a href="%[1]s">%[2]s</a> le haghaidh comhréir patrún. Samplaí: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
+settings.protect_unprotected_file_patterns = Patrúin chomhaid neamhchosanta (scartha ag baint úsáide as leathstad ";")
+settings.protect_unprotected_file_patterns_desc = Comhaid neamhchosanta a cheadaítear a athrú go díreach má tá rochtain scríbhneoireachta ag an úsáideoir, ag seachaint srianadh brú. Is féidir patrúin iolracha a dheighilt ag baint úsáide as leathstad (";"). Féach ar dhoiciméadú <a href="%[1]s">%[2]s</a> le haghaidh comhréir patrún. Samplaí: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
+settings.enforce_on_admins = Cuir an riail seo i bhfeidhm do riarthóirí stórtha
+settings.enforce_on_admins_desc = Ní féidir le riarthóirí stórtha an riail seo a sheachaint.
+settings.protected_branch_duplicate_rule_name = Tá riail ann cheana féin don tsraith brainsí seo
+settings.tags.protection.create = Cuir riail leis
+settings.matrix.access_token_helper = Moltar cuntas tiomnaithe Matrix a bhunú chuige seo. Is féidir an comhartha rochtana a aisghabháil ón gcliant gréasáin Element (i gcluaisín príobháideach/gan ainm) > Roghchlár Úsáideora (barr ar chlé) > Gach socrú > Cabhair & Maidir Linn > Ardleibhéil > Comhartha Rochtana (díreach faoin URL Homeserver). Dún an cluaisín príobháideach/gan ainm (chuirfeadh logáil amach an comhartha ar neamhní).
+settings.matrix.room_id_helper = Is féidir ID an tSeomra a aisghabháil ón gcliant gréasáin Element > Socruithe Seomra > Ardleibhéil > ID seomra inmheánach. Sampla: %s.
+settings.archive.branchsettings_unavailable = Níl socruithe brainse ar fáil i stórtha cartlannaithe.
+settings.archive.tagsettings_unavailable = Níl socruithe clibeanna ar fáil i stórtha cartlannaithe.
+settings.archive.mirrors_unavailable = Níl scátháin ar fáil i stórtha cartlannaithe.
+settings.unarchive.text = Má dhíchartlannaítear an stór, athbhunófar a chumas chun gealltanais agus brúnna a fháil, chomh maith le saincheisteanna nua agus iarratais tarraingthe.
+settings.lfs_delete_warning = D’fhéadfadh sé go mbeadh earráidí “níl an réad ann” mar thoradh ar chomhad LFS a scriosadh ag an tseiceáil amach. An bhfuil tú cinnte?
+settings.lfs_pointers.sha = Bloba hais
+settings.rename_branch_failed_protected = Ní féidir an brainse %s a athainmniú mar is brainse faoi chosaint é.
+diff.git-notes.add = Cuir nóta leis
+diff.git-notes.remove-header = Bain nóta
+diff.git-notes.remove-body = Bainfear an nóta seo.
+diff.data_not_available = Níl ábhar difriúil ar fáil
+diff.comment.markdown_info = Tacaítear le stíliú le Markdown.
+diff.review = Críochnaigh an t-athbhreithniú
+release.deletion_desc = Ní dhéanann scriosadh eisiúint ach é a bhaint as Forgejo. Ní dhéanfaidh sé difear don chlib Git, d'ábhar do stórtha ná dá stair. Lean ar aghaidh?
+release.hide_archive_links = Folaigh cartlanna a ghintear go huathoibríoch
+release.hide_archive_links_helper = Folaigh cartlanna cód foinse a ghintear go huathoibríoch don eisiúint seo. Mar shampla, má tá tú ag uaslódáil do chuid féin.
+release.add_tag = Cruthaigh clib
+release.system_generated = Gintear an ceangaltán seo go huathoibríoch.
+release.type_attachment = Ceangaltán
+release.type_external_asset = Sócmhainn sheachtrach
+release.asset_name = Ainm sócmhainne
+release.asset_external_url = URL seachtrach
+release.add_external_asset = Cuir sócmhainn sheachtrach leis
+release.invalid_external_url = URL seachtrach neamhbhailí: "%s"
+release.summary_card_alt = Cárta achoimre ar eisiúint dar teideal "%s" sa stórlann %s
+topic.format_prompt = Ní mór do thopaicí tosú le litir nó uimhir, féadfar fleascáin ("-") agus poncanna ("." a áireamh, agus féadfar suas le 35 carachtar a bheith iontu. Ní mór litreacha a bheith i litreacha beaga.
+find_file.go_to_file = Aimsigh comhad
 
 [graphs]
-component_loading = Á lódáil %s...
+component_loading = Ag lódáil %s…
 component_loading_failed = Ní fhéadfaí %s a luchtú
 component_loading_info = Seans go dtógfaidh sé seo beagán…
 component_failed_to_load = Tharla earráid gan choinne.
@@ -2226,6 +2778,18 @@ teams.all_repositories_helper = Tá rochtain ag an bhfoireann ar gach stórais.
 teams.invite.title = Tugadh cuireadh duit dul isteach i bhfoireann <strong>%s</strong> san eagraíocht <strong>%s</strong>.
 teams.invite.by = Ar cuireadh ó %s
 teams.invite.description = Cliceáil ar an gcnaipe thíos le do thoil chun dul isteach san fhoireann.
+open_dashboard = Oscail an painéal rialaithe
+repo_updated = Nuashonraithe %s
+follow_blocked_user = Ní féidir leat an eagraíocht seo a leanúint mar tá bac curtha ag an eagraíocht seo ort.
+settings.visibility.limited = Teoranta (le feiceáil ag úsáideoirí atá sínithe isteach amháin)
+settings.change_orgname_redirect_prompt.with_cooldown.one = Beidh seanainm na heagraíochta ar fáil do chách tar éis tréimhse fuaraithe %[1]d lá. Is féidir leat an seanainm a éileamh ar ais fós le linn na tréimhse fuaraithe.
+settings.change_orgname_redirect_prompt.with_cooldown.few = Beidh seanainm na heagraíochta ar fáil do chách tar éis tréimhse fuaraithe %[1]d lá. Is féidir leat an seanainm a éileamh ar ais fós le linn na tréimhse fuaraithe.
+members.leave.detail = An bhfuil tú cinnte gur mian leat imeacht as eagraíocht "%s"?
+teams.leave.detail = An bhfuil tú cinnte gur mian leat imeacht ón bhfoireann "%s"?
+teams.none_access_helper = Ní bhíonn éifeacht ag an rogha "gan rochtain" ach ar stórtha príobháideacha.
+teams.general_access = Rochtain saincheaptha
+teams.admin_permission_desc = Tugann an fhoireann seo rochtain don <strong>Riarthóir</strong>: is féidir le baill léamh ó stórtha foirne, brú chucu agus comhoibritheoirí a chur leo.
+teams.add_nonexistent_repo = Níl an stórlann atá tú ag iarraidh a chur leis ann, cruthaigh í ar dtús le do thoil.
 
 [admin]
 dashboard = Deais
@@ -2282,8 +2846,8 @@ dashboard.update_migration_poster_id = Nuashonraigh ID póstaer imir
 dashboard.git_gc_repos = Bailíonn truflais gach stórais
 dashboard.reinit_missing_repos = Aththosaigh gach stórais Git atá in easnamh a bhfuil taifid ann dóibh
 dashboard.sync_external_users = Sioncrónaigh sonraí úsáideoirí seachtracha
-dashboard.cleanup_hook_task_table = Tábla hook_task glantacháin
-dashboard.cleanup_packages = Pacáistí glanta in éag
+dashboard.cleanup_hook_task_table = Glan suas an tábla hook_task
+dashboard.cleanup_packages = Glan suas pacáistí atá imithe in éag
 dashboard.server_uptime = Aga fónaimh Freastalaí
 dashboard.current_goroutine = Goroutines Reatha
 dashboard.current_memory_usage = Úsáid Cuimhne Reatha
@@ -2368,9 +2932,9 @@ emails.filter_sort.email_reverse = Ríomhphost (droim ar ais)
 emails.updated = Nuashonraíodh an ríomhphost
 emails.not_updated = Theip ar an seoladh ríomhphoist iarrtha a nuashonrú: %v
 emails.duplicate_active = Tá an seoladh ríomhphoist seo gníomhach cheana féin d'úsáideoir difriúil.
-emails.change_email_header = Nuashonraigh Airíonna Ríomhphoist
+emails.change_email_header = Nuashonraigh airíonna ríomhphoist
 emails.change_email_text = An bhfuil tú cinnte gur mhaith leat an seoladh ríomhphoist seo a nuashonrú?
-emails.delete = Scrios Ríomhphost
+emails.delete = Scrios seoladh ríomhphoist
 emails.delete_desc = An bhfuil tú cinnte gur mhaith leat an seoladh ríomhphoist seo a scriosadh?
 emails.deletion_success = Tá an seoladh ríomhphoist scriosta.
 emails.delete_primary_email_error = Ní féidir leat an ríomhphost príomhúil a scriosadh.
@@ -2496,7 +3060,7 @@ auths.update_success = Nuashonraíodh an fhoinse fíordheimhnithe.
 auths.update = Nuashonraigh Foinse Fíordheimhnithe
 auths.delete = Scrios Foinse Fíordheimhnithe
 auths.delete_auth_title = Scrios Foinse Fíordheimhnithe
-auths.delete_auth_desc = Má scriosann tú foinse fíordheimhnithe cuirtear cosc ​​ar úsáideoirí í a úsáid chun síniú isteach. Lean ort?
+auths.delete_auth_desc = Má scriostar foinse fíordheimhnithe, cuirtear cosc ar úsáideoirí í a úsáid chun síniú isteach. Ar aghaidh?
 auths.still_in_used = Tá an fhoinse fíordheimhnithe fós in úsáid. Tiontaigh nó scrios aon úsáideoir a úsáideann an fhoinse fíordheimhnithe seo ar dtús.
 auths.deletion_success = Tá an fhoinse fíordheimhnithe scriosta.
 auths.login_source_exist = Tá an fhoinse fíordheimhnithe "%s" ann cheana.
@@ -2505,7 +3069,7 @@ auths.unable_to_initialize_openid = Ní féidir Soláthraí Ceangail OpenID a th
 auths.invalid_openIdConnectAutoDiscoveryURL = URL Neamhbhailí Fionnachtana Uathoibríoch (ní mór gur URL bailí é seo ag tosú le http:// nó https://)
 config.server_config = Cumraíocht Freastalaí
 config.custom_conf = Cosán Comhad Cumraíochta
-config.domain = Fearann ​​Freastalaí
+config.domain = Fearann freastalaí
 config.offline_mode = Mód Áitiúil
 config.disable_router_log = Díchumasaigh Loga an Ródaire
 config.run_mode = Mód Rith
@@ -2658,6 +3222,88 @@ notices.delete_success = Scriosadh na fógraí córais.
 self_check.no_problem_found = Níor aimsíodh aon fhadhb fós.
 self_check.database_collation_mismatch = Bí ag súil le comhthiomsú a úsáid sa bhunachar sonraí: %s
 self_check.database_inconsistent_collation_columns = Tá comhthiomsú %s in úsáid ag an mbunachar sonraí, ach tá comhthiomsuithe mímheaitseála á n-úsáid ag na colúin seo. D'fhéadfadh sé a bheith ina chúis le roinnt fadhbanna gan choinne.
+dashboard.new_version_hint = Tá Forgejo %s ar fáil anois, tá %s á rith agat. Seiceáil <a target="_blank" rel="noreferrer" href="%s">an blag</a> le haghaidh tuilleadh sonraí.
+dashboard.operations = Oibríochtaí cothabhála
+dashboard.delete_repo_archives = Scrios cartlanna na stórtha uile (ZIP, TAR.GZ, srl.)
+dashboard.sync_repo_branches = Sioncrónaigh brainsí caillte ó shonraí Git go bunachar sonraí
+dashboard.resync_all_sshkeys = Nuashonraigh an comhad ".ssh/authorized_keys" le heochracha SSH Forgejo.
+dashboard.resync_all_sshprincipals = Nuashonraigh an comhad ".ssh/authorized_principals" le príomhoidí SSH Forgejo.
+dashboard.resync_all_hooks = Athshioncrónaigh crúcaí Git na stórtha uile (réamhghlacadh, nuashonrú, iarghlacadh, próiseasghlacadh, ...)
+dashboard.cleanup_actions = Glan suas logaí agus déantáin atá imithe in éag ó ghníomhartha
+dashboard.last_gc_time = Am ó GC deireanach
+dashboard.stop_zombie_tasks = Stop tascanna gníomhartha zombie
+dashboard.stop_endless_tasks = Stop tascanna gníomhartha gan teorainn
+dashboard.cancel_abandoned_jobs = Cealaigh poist gníomhartha tréigthe
+dashboard.start_schedule_tasks = Tosaigh tascanna gníomhartha sceidealaithe
+dashboard.sync_branch.started = Tosaíodh sioncrónú brainse
+dashboard.sync_tag.started = Tosaíodh sioncrónú clibeanna
+users.user_manage_panel = Bainistigh cuntais úsáideoirí
+users.never_login = Níor shínigh tú isteach riamh
+users.send_register_notify = Fógra faoi chlárú trí ríomhphost
+users.is_activated = Cuntas gníomhachtaithe
+users.activated.description = Fíorú ríomhphoist críochnaithe. Ní bheidh úinéir cuntais neamhghníomhachtaithe in ann logáil isteach go dtí go mbeidh fíorú ríomhphoist críochnaithe.
+users.prohibit_login = Cuntas ar fionraí
+users.block.description = Bac an t-úsáideoir seo ó idirghníomhú leis an tseirbhís seo trína chuntas agus toirmisc síniú isteach.
+users.is_admin = Cuntas riarthóra
+users.admin.description = Tabhair rochtain iomlán don úsáideoir seo ar na gnéithe riaracháin go léir atá ar fáil tríd an gcomhéadan úsáideora gréasáin agus an API.
+users.is_restricted = Cuntas srianta
+users.restricted.description = Ní cheadaítear idirghníomhaíocht ach leis na stórtha agus na heagraíochtaí ina bhfuil an t-úsáideoir seo curtha leis mar chomhoibrí. Cuireann sé seo cosc ar rochtain ar stórtha poiblí ar an gcás seo.
+users.allow_git_hook = Is féidir crúcaí Git a chruthú
+users.allow_git_hook_tooltip = Déantar crúcaí Git a fhorghníomhú mar úsáideoir an chórais oibriúcháin atá ag rith Forgejo agus beidh an leibhéal céanna rochtana óstach acu. Mar thoradh air sin, is féidir le húsáideoirí leis an bpribhléid speisialta seo ar an gcrúca Git rochtain a fháil ar gach stór Forgejo agus iad a mhodhnú chomh maith leis an mbunachar sonraí a úsáideann Forgejo. Dá bhrí sin, is féidir leo pribhléidí riarthóra Forgejo a fháil freisin.
+users.allow_import_local = Is féidir stórtha áitiúla a allmhairiú
+users.local_import.description = Ceadaigh iompórtáil stórtha ó chóras comhad áitiúil an fhreastalaí. Is féidir gur fadhb slándála í seo.
+users.allow_create_organization = Is féidir eagraíochtaí a chruthú
+users.organization_creation.description = Ceadaigh cruthú eagraíochtaí nua.
+users.cannot_delete_self = Ní féidir leat tú féin a scriosadh
+users.purge_help = Scrios an t-úsáideoir agus aon stórtha, eagraíochtaí agus pacáistí atá faoi úinéireacht an úsáideora go foréigneach. Scriosfar gach trácht agus fadhb a phostáil an t-úsáideoir seo freisin.
+emails.email_manage_panel = Bainistigh ríomhphoist úsáideoirí
+emails.filter_sort.name = Ainm úsáideora
+emails.filter_sort.name_reverse = Ainm úsáideora (droim ar ais)
+orgs.org_manage_panel = Bainistigh eagraíochtaí
+repos.repo_manage_panel = Bainistigh stórtha
+repos.unadopted.no_more = Ní bhfuarthas aon stórtha neamhuchtaithe.
+packages.package_manage_panel = Bainistigh pacáistí
+defaulthooks.desc = Déanann crúcaí gréasáin iarratais HTTP POST chuig freastalaí go huathoibríoch nuair a spreagtar imeachtaí Forgejo áirithe. Is réamhshocruithe iad na crúcaí gréasáin atá sainmhínithe anseo agus déanfar iad a chóipeáil isteach i ngach stórlann nua. Léigh tuilleadh sa <a target="_blank" rel="noopener" href="%s">treoir na gcrúcaí gréasáin</a>.
+systemhooks.desc = Déanann crúcaí gréasáin iarratais HTTP POST chuig freastalaí go huathoibríoch nuair a spreagtar imeachtaí Forgejo áirithe. Gníomhóidh crúcaí gréasáin atá sainmhínithe anseo ar gach stórlann ar an gcóras, mar sin smaoinigh ar aon impleachtaí feidhmíochta a d'fhéadfadh a bheith aige seo. Léigh tuilleadh sa <a target="_blank" rel="noopener" href="%s">treoir crúcaí gréasáin</a>.
+auths.auth_manage_panel = Bainistigh foinsí fíordheimhnithe
+auths.attribute_username_placeholder = Fág folamh chun an t-ainm úsáideora a iontráladh i Forgejo a úsáid.
+auths.default_domain_name = Ainm fearainn réamhshocraithe a úsáidtear don seoladh ríomhphoist
+auths.restricted_filter_helper = Fág folamh le gan aon úsáideoirí a shocrú mar shrianta. Úsáid réalta ("*") chun gach úsáideoir nach bhfuil ag teacht le scagaire an Riarthóra a shocrú mar shrianta.
+auths.allowed_domains_helper = Fág folamh chun gach fearann a cheadú. Deighil fearainn iolracha le camóg (",").
+auths.skip_tls_verify = Seachain fíorú TLS
+auths.tips.gmail_settings = Socruithe Gmail:
+auths.tip.bitbucket = Cláraigh tomhaltóir OAuth nua ar %s agus cuir an cead "Cuntas" - "Léigh" leis
+auths.tip.openid_connect = Bain úsáid as URL OpenID Connect Discovery (<server>/.well-known/openid-configuration) chun na críochphointí a shonrú
+config.app_name = Teideal an sampla
+config.app_slogan = Slogan samplach
+config.app_ver = Leagan Forgejo
+config.app_url = Bun-URL
+config.custom_file_root_path = Cosán fréimhe comhaid saincheaptha
+config.run_user = Úsáideoir le rith mar
+config.reverse_auth_user = Úsáideoir fíordheimhnithe seachfhreastalaí droim ar ais
+config.ssh_keygen_path = Cosán Keygen ("ssh-keygen")
+config.lfs_http_auth_expiry = Am éaga údaraithe HTTP LFS
+config.allow_only_internal_registration = Ceadaigh clárú trí Forgejo féin amháin
+config.require_sign_in_view = Éilítear síniú isteach chun ábhar a fheiceáil
+config.active_code_lives = Am éaga an chóid ghníomhachtaithe
+config.reset_password_code_lives = Am éaga an chóid aisghabhála
+config.allow_dots_in_usernames = Ceadaigh d’úsáideoirí poncanna a úsáid ina n-ainmneacha úsáideora. Ní dhéanann sé difear do chuntais atá ann cheana féin.
+config.default_visibility_organization = Infheictheacht réamhshocraithe eagraíochtaí nua
+config.mailer_smtp_addr = Óstach SMTP
+config.send_test_mail = Seol ríomhphost tástála
+config.test_mail_failed = Theip ar ríomhphost tástála a sheoladh chuig "%s": %v
+config.test_mail_sent = Tá ríomhphost tástála seolta chuig "%s".
+config.session_life_time = Saolré na seisiún
+config.git_disable_diff_highlight = Díchumasaigh aibhsiú comhréir difríochta
+config.git_max_diff_lines = Uasmhéid línte difríochta in aghaidh an chomhaid
+config.git_max_diff_line_characters = Uasmhéid carachtair dhifriúla in aghaidh an líne
+config.git_max_diff_files = Uasmhéid comhaid difríochta a thaispeántar
+monitor.duration = Fad (s)
+monitor.process.cancel_desc = D’fhéadfadh caillteanas sonraí a bheith mar thoradh ar phróiseas a chealú
+monitor.process.cancel_notices = Cealaigh: <strong>%s</strong>?
+notices.view_detail_header = Sonraí fógra
+self_check.database_collation_case_insensitive = Tá an bunachar sonraí ag úsáid códaithe %s, ar códaithe neamhíogair é. Cé gur féidir le Forgejo oibriú leis, d'fhéadfadh go mbeadh roinnt cásanna neamhchoitianta ann nach n-oibreoidh mar a bhíothas ag súil leis.
+self_check.database_fix_mysql = I gcás úsáideoirí MySQL/MariaDB, d'fhéadfá an t-ordú "forgejo doctor convert" a úsáid chun na fadhbanna cóimheasa a shocrú, nó d'fhéadfá an fhadhb a shocrú trí "ALTER ... COLLATE ..." SQLanna a dhéanamh de láimh.
 
 [action]
 create_repo = stóras cruthaithe <a href="%s">%s</a>
@@ -2734,7 +3380,7 @@ owner.settings.cleanuprules.keep.count.n = Leaganacha %d in aghaidh an phacáist
 secrets = Rúin
 description = Cuirfear rúin ar aghaidh chuig gníomhartha áirithe agus ní féidir iad a léamh ar mhalairt.
 none = Níl aon rúin ann fós.
-creation = Cuir Rúnda leis
+creation = Cuir rún leis
 creation.name_placeholder = carachtair alfanumair nó íoslaghda amháin nach féidir a thosú le GITEA_ nó GITHUB_
 creation.value_placeholder = Ionchur ábhar ar bith. Fágfar spás bán ag tús agus ag deireadh ar lár.
 creation.success = Tá an rún "%s" curtha leis.
@@ -2743,6 +3389,7 @@ deletion = Bain rún
 deletion.description = Is buan rún a bhaint agus ní féidir é a chealú. Lean ort?
 deletion.success = Tá an rún bainte.
 deletion.failed = Theip ar rún a bhaint.
+management = Bainistigh rúin
 
 [actions]
 runs.no_runs = Níl aon rith ag an sreabhadh oibre fós.
@@ -2750,7 +3397,7 @@ runs.empty_commit_message = (teachtaireacht tiomantas folamh)
 runs.expire_log_message = Glanadh logaí toisc go raibh siad ró-sean.
 workflow.disable = Díchumasaigh sreabhadh oibre
 workflow.enable = Cumasaigh sreabhadh oibre
-workflow.disabled = Tá sreabhadh oibre díchumasaithe
+workflow.disabled = Tá an sreabhadh oibre díchumasaithe.
 need_approval_desc = Teastaíonn faomhadh chun sreafaí oibre a rith le haghaidh iarratas tarraingt forc.
 variables = Athróga
 variables.creation = Cuir Athróg leis
@@ -2766,6 +3413,19 @@ variables.creation.failed = Theip ar athróg a chur leis.
 variables.creation.success = Tá an athróg "%s" curtha leis.
 variables.update.failed = Theip ar athróg a chur in eagar.
 variables.update.success = Tá an t-athróg curtha in eagar.
+runs.no_workflows.help_write_access = Nach bhfuil a fhios agat conas tosú le Gníomhartha Forgejo? Féach ar an <a target="_blank" rel="noopener noreferrer" href="%s">tús tapa sa doiciméadacht úsáideora</a> chun do chéad sreabhadh oibre a scríobh, ansin <a target="_blank" rel="noopener noreferrer" href="%s">bunaigh rithire Forgejo</a> chun do phoist a fhorghníomhú.
+runs.no_workflows.help_no_write_access = Chun tuilleadh eolais a fháil faoi Ghníomhartha Forgejo, féach ar <a target="_blank" rel="noopener noreferrer" href="%s">an doiciméadacht</a>.
+workflow.disable_success = Sreabhadh oibre "%s" díchumasaithe go rathúil.
+workflow.enable_success = Cumasaíodh an sreabhadh oibre "%s" go rathúil.
+workflow.dispatch.trigger_found = Tá spreagadh imeachta <c>workflow_dispatch</c> ag an sreabhadh oibre seo.
+workflow.dispatch.use_from = Bain úsáid as sreabhadh oibre ó
+workflow.dispatch.run = Rith sreabhadh oibre
+workflow.dispatch.success = Iarradh an sreabhadh oibre go rathúil.
+workflow.dispatch.input_required = Éilítear luach don ionchur "%s".
+workflow.dispatch.invalid_input_type = Cineál ionchuir neamhbhailí "%s".
+workflow.dispatch.warn_input_limit = Ag taispeáint na chéad %d ionchur amháin.
+variables.management = Bainistigh athróga
+variables.not_found = Theip ar an athróg a aimsiú.
 
 [projects]
 deleted.display_name = Tionscadal scriosta
@@ -2780,3 +3440,32 @@ normal_file = Comhad gnáth
 executable_file = Comhad infheidhmithe
 symbolic_link = Nasc siombalach
 submodule = Fo-mhodúl
+
+
+[repo.permissions]
+code.read = <b>Léigh:</b> Rochtain a fháil ar chód an stórais agus é a chlónáil.
+code.write = <b>Scríobh:</b> Brúigh chuig an stórlann, cruthaigh brainsí agus clibeanna.
+issues.read = <b>Léigh:</b> Léigh agus cruthaigh saincheisteanna agus tuairimí.
+issues.write = <b>Scríobh:</b> Dún saincheisteanna agus bainistigh meiteashonraí cosúil le lipéid, clocha míle, sannaithe, dátaí dlite agus spleáchais.
+pulls.read = <b>Léigh:</b> Iarratais tarraingthe a léamh agus a chruthú.
+pulls.write = <b>Scríobh:</b> Dún iarratais tarraingthe agus bainistigh meiteashonraí cosúil le lipéid, clocha míle, sannaithe, dátaí dlite agus spleáchais.
+releases.read = <b>Léigh:</b> Féach ar eisiúintí agus íoslódáil iad.
+releases.write = <b>Scríobh:</b> Foilsigh, cuir in eagar agus scrios eisiúintí agus a sócmhainní.
+wiki.read = <b>Léigh:</b> Léigh an vicí comhtháite agus a stair.
+wiki.write = <b>Scríobh:</b> Cruthaigh, nuashonraigh agus scrios leathanaigh sa vicí chomhtháite.
+projects.read = <b>Léigh:</b> Rochtain ar bhoird tionscadail na stórtha.
+projects.write = <b>Scríobh:</b> Cruthaigh tionscadail agus colúin agus cuir in eagar iad.
+packages.read = <b>Léigh:</b> Féach ar na pacáistí atá sannta don stór agus íoslódáil iad.
+packages.write = <b>Scríobh:</b> Foilsigh agus scrios pacáistí atá sannta don stórlann.
+actions.read = <b>Léigh:</b> Féach ar ritheanna sreabha oibre agus a logaí.
+actions.write = <b>Scríobh:</b> Sreafaí oibre a spreagadh, a atosú agus a chealú. Bainistigh toscaireacht muiníne chun póstaeir iarratais a tharraingt.
+ext_issues = Rochtain ar an nasc chuig rianaitheoir saincheisteanna seachtrach. Déantar na ceadanna a bhainistiú go seachtrach.
+ext_wiki = Rochtain ar an nasc chuig vicí seachtrach. Déantar na ceadanna a bhainistiú go seachtrach.
+
+[markup]
+filepreview.line = Líne %[1]d i %[2]s
+filepreview.lines = Línte %[1]d go %[2]d i %[3]s
+filepreview.truncated = Tá an réamhamharc giorraithe
+
+[translation_meta]
+test = Is teaghrán tástála é seo. Ní thaispeántar é i gcomhéadan úsáideora Forgejo ach úsáidtear é chun críocha tástála. Ná bíodh drogall ort "ceart go leor" a iontráil chun am a shábháil (nó fíric spraíúil de do rogha féin) chun an marc críochnaithe 100% sin a bhaint amach :)
\ No newline at end of file
diff --git a/options/locale/locale_kab.ini b/options/locale/locale_kab.ini
index 795ecd2a6b..ebd2af5f63 100644
--- a/options/locale/locale_kab.ini
+++ b/options/locale/locale_kab.ini
@@ -76,6 +76,8 @@ return_to_forgejo = Tuɣalin ɣer Forgejo
 twofa = Asesteb s snat n tarrayin
 filter.not_template = Mačči d timudmiwin
 admin_panel = Tadbelt n wesmel
+add_all = Rnu-ten akk
+remove_all = Kkes-iten akk
 
 [user]
 code = Tangalt
@@ -113,6 +115,13 @@ create_new_team = Agraw amaynut
 create_team = Snulfu-d yiwen n ugraw
 team_name = Isem n ugraw
 settings = Iɣewwaren
+members.private_helper = Err-it ad yettban
+teams = Tirebbuyaɛ
+lower_members = Iɛeggalen
+team_permission_desc = Tasiregt
+teams.delete_team = Kkes tarbaɛt
+teams.update_settings = Leqqem iɣewwaren
+teams.delete_team_title = Kkes tarbaɛt
 
 [repo]
 release.source_code = Tangalt taɣbalut
@@ -366,6 +375,16 @@ settings.basic_settings = Iɣewwaren n taffa
 settings.tracker_issue_style.alphanumeric = Agmumḍin
 settings.tracker_issue_style.numeric = Umḍin
 settings.teams = Igrawen
+visibility_helper = Err akufi d uslig
+issues.filter_poster_no_select = Akk imeskaren
+activity.git_stats_author_1 = %d n umeskar
+activity.git_stats_author_n = %d n imeskaren
+settings.packagist_api_token = Tiddest API
+diff.view_file = Wali afaylu
+diff.show_more = Wali ugar
+diff.comment.add_review_comment = Rnu awennit
+diff.git-notes.add = Rnu tazmilt
+diff.git-notes.remove-header = Kkes tazmilt
 
 [install]
 admin_password = Awal n uɛeddi
@@ -449,6 +468,25 @@ config.mailer_use_sendmail = Seqdec Sendmail
 config.https_only = HTTPS kan
 config.git_config = Tawila n Git
 monitor.queue.settings.remove_all_items = Kkes-iten akk
+auths.oauth2_profileURL = URL n umaɣnu
+users.update_profile = Leqqem amiḍan n useqdac
+auths.type = Anaw
+auths.enabled = D urmid
+auths.host = Asenneftaɣ
+auths.port = Tawwurt
+config.ssh_port = Tawwurt
+config.lfs_enabled = D urmid
+config.db_type = Anaw
+config.db_host = Asenneftaɣ
+config.db_schema = Azenziɣ
+config.db_path = Abrid
+config.mailer_enabled = D urmid
+config.mailer_protocol = Aneggaf
+users.list_status_filter.is_active = D urmid
+users.list_status_filter.not_active = D arurmid
+monitor.stats = Tiddadanin
+config.enable_captcha = Sermed CAPTCHA
+notices.select_all = Fren-iten akk
 
 [search]
 code_kind = Nadi tangalt…
@@ -652,6 +690,14 @@ permissions_public_only = Azayez kan
 oauth2_application_name = Isem n usnas
 delete_account = Kkes amiḍan-ik
 quota.sizes.git.all = Agbur deg Git
+public_profile = Amaɣnu azayaz
+show_openid = Sken-it-id ɣef umaɣnu
+hide_openid = Ffer-it s ufella umaɣnu
+keep_activity_private = Ffer armud s ufella usebter n umaɣnu
+keep_email_private = Ffer tansa n yimayl
+quota.sizes.repos.private = Ikufan usligen
+create_oauth2_application_button = Snulfu-d asnas
+oauth2_client_id = Asulay ID n wemsaɣ
 
 [packages]
 
@@ -672,9 +718,15 @@ years = %d n iseggasen
 1mon = 1 n wayyur
 1y = 1 n useggas
 1d = 1 n wass
+now = tura
+raw_seconds = tasinin
+raw_minutes = tesdatin
 
 [dropzone]
 
 [filter]
 string.asc = A - Z
-string.desc = Z - A
\ No newline at end of file
+string.desc = Z - A
+
+[git.filemode]
+directory = Akaram
\ No newline at end of file
diff --git a/options/locale/locale_kw.ini b/options/locale/locale_kw.ini
new file mode 100644
index 0000000000..6c6c21f9d8
--- /dev/null
+++ b/options/locale/locale_kw.ini
@@ -0,0 +1,995 @@
+
+
+
+[common]
+home = Tre
+dashboard = Skostel
+explore = Trovya
+help = Gweres
+logo = Logo
+sign_in = Omgelmi
+sign_in_with_provider = Omgelmi gans %s
+sign_in_or = po
+sign_out = Omdhigelmi
+sign_up = Kovskrifa
+link_account = Keskelmi akont
+register = Kovskrifa
+version = Versyon
+powered_by = Gallosegys gans %s
+page = Folen
+template = Ensampel
+notifications = Gwarnyansow
+create_new = Gwruthyl…
+user_profile_and_more = Profil ha settyansow…
+signed_in_as = Omgelmys avel
+enable_javascript = An wiasva ma a rekwir JavaScript.
+toc = Mosen a Synsas
+licenses = Leshyansow
+return_to_forgejo = Dehweles dhe Forgejo
+toggle_menu = Dewis rol
+more_items = Moy taklow
+username = Hanow Devnydhyer
+email = Trigva ebost
+password = Ger-tremena
+access_token = Tokyn hedhas
+re_type = Afydhya ger-tremena
+captcha = CAPTCHA
+twofa = Gwirheans dewkamm
+twofa_scratch = Kod kravas dewkamm
+passcode = Kod-tremena
+webauthn_insert_key = Gorra a-bervedh agas alhwedh sawder
+webauthn_sign_in = Tavewgh an boton war agas alhwedh sawder. Mar nyns eus boton, gorrewgh a-bervedh arta.
+webauthn_press_button = Mar pleg gwaskewgh an boton war agas alhwedh sawder…
+webauthn_use_twofa = Devnydhyer kod dewkamm dhyworth agas klapkodh
+webauthn_error = Ny yllir redya agas alhwedh sawder.
+webauthn_unsupported_browser = Ny skoodhya a-lemmyn agas peurell WebAuthn.
+webauthn_error_unknown = Yth esa error ankoth. Mar pleg assayewgh arta.
+webauthn_error_insecure = WebAuthn a skoodh junyans saw yn unnik. Rag ow previ dres HTTP. ty a yll devnydhya an devedhyans "localhost" po "127.0.0.1"
+webauthn_error_unable_to_process = Ny yllir an servell argerdhes agas govyn.
+webauthn_error_duplicated = Nyns yw an alhwedh sawder gesys rag an govyn ma. Mar pleg, surhewgh nyns yw an alhwedh kovskrifys seulabrys.
+webauthn_error_empty = Res yw dhywgh settya hanow rag an alhwedh ma.
+webauthn_error_timeout = Termyn yn-mes hedhys kyns agas alhwedh y hyllys redys. Daskargewgh an folen ma mar pleg hag assayewgh arta.
+repository = Gwithva
+new_fork = Forgh gwithva nowydh
+new_project_column = Koloven nowydh
+admin_panel = Menystrans gwiasva
+settings = Settyansow
+your_profile = Profil
+your_starred = Drudh
+your_settings = Settyansow
+new_repo.title = Gwithva nowydh
+new_migrate.title = Divroans nowydh
+new_org.title = Kowethyans nowydh
+new_repo.link = Gwithva nowydh
+new_migrate.link = Divroans nowydh
+new_org.link = Kowethyans nowydh
+all = Oll
+sources = Pennfentynnyow
+mirrors = Gwedrow-mires
+collaborative = Kesoberus
+forks = Fergh
+activities = Aktivitys
+pull_requests = Profyansow
+issues = Kudynnow
+milestones = Meyn mildir
+ok = Da Lowr
+cancel = Hedhi
+retry = Assaya Arta
+rerun = Daseksekutya
+rerun_all = Daseksekutya oll oberennow
+save = Sawya
+add = Keworra
+add_all = Keworra oll
+remove = Remova
+remove_all = Remova oll
+remove_label_str = Remova tra "%s"
+edit = Golegi
+view = Gweles
+test = Prov
+enabled = Byw
+disabled = Marow
+locked = Alhwedhys
+copy = Kopia
+copy_url = Kopia Gorgevren
+copy_hash = Kopia hash
+copy_path = Kopia tyller
+copy_content = Kopia synsas
+copy_branch = Kopia hanow skorr
+copy_success = Kopys!
+copy_error = Ny yllir kopia
+copy_type_unsupported = Ny yllir an eghen restren ma bos kopys
+write = Skrifa
+preview = Ragweles
+loading = Ow Karga…
+error = Error
+error404 = An folen assayowgh os rag hedhes po <strong>nyns yw eksistya</strong>, <strong>re bos dileys</strong> po <strong>nyns os reythhes</strong> rag gweles.
+error413 = Hwi re spenys agas finweth.
+go_back = Dehweles
+invalid_data = Data anewn: %v
+never = Bythkweth
+unknown = Ankoth
+rss_feed = Strem RSS
+pin = Pynna
+unpin = Dispynna
+artifacts = Eskorransow
+confirm_delete_artifact = Esowgh hwi sur ty a vynn dilea an eskorrans "%s" ?
+archived = Gwithys yn Kovskrif
+concept_system_global = Ollvysel
+concept_user_individual = Unnik
+concept_code_repository = Gwithva
+concept_user_organization = Kowethyans
+show_timestamps = Diskwedhes termynyow
+show_log_seconds = Diskwedhes eylennow
+show_full_screen = Diskwedhes leun-skrin
+download_logs = Iskarga kovskrifow
+confirm_delete_selected = Afydhyewgh rag dilea oll taklow dewisys?
+name = Hanow
+value = Synsas
+filter = Sidhla
+filter.clear = Dilea sidhlow
+filter.is_archived = Gwithys yn kovskrif
+filter.not_archived = Na gwithys yn kovskrif
+filter.is_fork = Fergh
+filter.not_fork = Na fergh
+filter.is_mirror = Gwedrow-mires
+filter.not_mirror = Na gwedrow-mires
+filter.is_template = Ensamplys
+filter.not_template = Na ensamplys
+filter.public = Poblek
+filter.private = Privedh
+active_stopwatch = Hedheuryer byw
+tracked_time_summary = Berrskrif a dermyn helerghys selys war sidhlow a rol kudynnow
+
+[search]
+search = Hwilas…
+type_tooltip = Eghen hwithrans
+repo_kind = Hwilas gwithvaow…
+user_kind = Hwilas devnydhyoryon…
+org_kind = Hwilas kowethyansow…
+team_kind = Hwilas bagasow…
+code_kind = Hwilas kod…
+union = Kesunyans
+union_tooltip = Synsi sewyansow a omdhesedh neb a'n eryow diberthys gans spas
+exact = Kewar
+exact_tooltip = Synsi sewyansow a omdhesedh an term hwithrans kewar
+regexp = RegExp
+regexp_tooltip = Styrya an term hwithrans avel menegyn rewlys
+code_search_unavailable = Hwithrans kod nyns yw kavadow a-lemmyn. Kestavewgh an menystrer gwiasva mar pleg.
+package_kind = Hwilas fardellow…
+project_kind = Hwilas ragdresow…
+branch_kind = Hwilas skorrow…
+commit_kind = Hwilas gwriansow…
+runner_kind = Hwilas eksekutyoryon…
+no_results = Nyns eus sewyansow a omdhesedh.
+issue_kind = Hwilas kudynnow…
+pull_kind = Hwilas profyansow…
+keyword_search_unavailable = Ow hwilas gans ger alhwedh nyns yw kavadow a-lemmyn. Kestavewgh an menystrer gwiasva mar pleg.
+
+[aria]
+navbar = Barr navigacyon
+footer = Ben folen
+footer.software = A-dro dhe'n medhelweyth ma
+footer.links = Gorgevrennow
+
+[heatmap]
+number_of_contributions_in_the_last_12_months = %s kevrohow y'n 12 misyow yw passys
+contributions_zero = Kevrohow vyth
+contributions_format = {contributions} {day} {month} {year}
+contributions_one = kevro
+contributions_few = kevrohow
+less = Le
+more = Moy
+
+[editor]
+buttons.heading.tooltip = Keworra pennlinen
+buttons.bold.tooltip = Keworra tekst poos (Ctrl+B / ⌘B)
+buttons.italic.tooltip = Keworra tekst italek (Ctrl+I / ⌘I)
+buttons.quote.tooltip = Devyn tekst
+buttons.code.tooltip = Keworra kod
+buttons.link.tooltip = Keworra gorgevren (Ctrl+K / ⌘K)
+buttons.list.unordered.tooltip = Keworra rol pellen
+buttons.list.ordered.tooltip = Keworra rol niverys
+buttons.list.task.tooltip = Keworra rol a rannow ober
+buttons.mention.tooltip = Kampolla devnydhyer po bagas
+buttons.ref.tooltip = Kampolla kudyn po profyans
+buttons.switch_to_legacy.tooltip = Devnydhya an janjyell koth yn le
+buttons.enable_monospace_font = Bywhe font unspas
+buttons.disable_monospace_font = Marowhe font unspas
+buttons.indent.tooltip = Neytha taklow gans unn nivel
+buttons.unindent.tooltip = Dineytha taklow gans unn nivel
+buttons.new_table.tooltip = Keworra mosen
+table_modal.header = Keworra mosen
+table_modal.placeholder.header = Pennlinen
+table_modal.placeholder.content = Synsas
+table_modal.label.rows = Rewyow
+table_modal.label.columns = Kolovennow
+link_modal.header = Keworra gorgevren
+link_modal.url = Gorgevren
+link_modal.description = Deskrifans
+link_modal.paste_reminder = Hynt: Gans URL yn agas astel glypp, hwi a yll dasskrifa y'n janjyell distowgh rag gwruthyl gorgevren.
+
+[filter]
+string.asc = A - Z
+string.desc = Z - A
+
+[error]
+occurred = Yth esa error
+report_message = Mar krysowgh kudyn Forgejo yw hemma, hwilasewgh mar pleg rag kudynnow war <a href="%s" target="_blank">Codeberg</a> po ygeri kudyn nowydh mars yma res.
+not_found = Ny yllir kavos an gosten.
+network_error = Error rosweyth
+server_internal = Error a-bervedh servell
+
+[startpage]
+app_desc = Gonis Git dibayn omostys
+install = Es rag lea
+install_desc = Yn sempel <a target="_blank" rel="noopener noreferrer" href="%[1]s">eksekutya an dewek</a> rag agas bynk, danvon gans <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a>, po kavos <a target="_blank" rel="noopener noreferrer" href="%[3]s">fardellys</a>.
+platform = Treus-bynk
+platform_desc = Forgejo yw afydhys rag eksekutya war systemow oberyans rydh kepar ha Linux ha FreeBSD, ha pennsernethow CPU dyffrans. Dewisewgh an onan kyrrowgh!
+lightweight = Skav
+lightweight_desc = Y’s teves Forgejo edhommow ispoyntel isel hag y hyllir eksekutya war Raspberry Pi a bris isel. Difres tredan!
+license = Pennfenten Ygor
+license_desc = Kavewgh <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Omjunyewgh ni gans <a target="_blank" rel="noopener noreferrer" href="%[2]s">ow kevri</a> rag gwellhe an ragdres ma moy bryntin hogen. Na berthewgh meth rag bos kevriyas!
+
+[install]
+install = Leyans
+title = Selyans kynsa
+docker_helper = Mars eksekutyowgh Forgejo a-berth yn Docker, redyewgh mar pleg an <a target="_blank" rel="noopener noreferrer" href="%s">kowethlyver</a> kyns ow chanjya neb settyansow.
+require_db_desc = Forgejo a vynn MySQL, PostgreSQL, SQLite3 po TiDB (protokol MySQL).
+db_title = Settyansow sel dherivadow
+db_type = Eghen sel dherivadow
+host = Ost
+user = Hanow Devnydhyer
+password = Ger-tremena
+db_name = Hanow sel dherivadow
+db_schema = Skema
+db_schema_helper = Gwitha gwag rag defowt sel dherivadow ("poblek").
+ssl_mode = SSL
+path = Tyller
+sqlite_helper = Tyller rag an sel dherivadow SQLite3. <br>Ynworra tyller absolut mars eksekutyowgh Forgejo avel gonis.
+reinstall_error = Esowgh owth assaya rag lea yn sel dherivadow Forgejo seulabrys
+reinstall_confirm_message = Ow taslea gans sel dherivadow Forgejo a yll kawsya meur a gudynnow. Yn kasys moyha, y kodh dhywgh devnydhya agas "app.ini" seulabrys rag eksekutya Forgejo. Mar esowgh konnyk, afydhyewgh an pyth a sew:
+reinstall_confirm_check_1 = An data argelys gans an SECRET_KEY yn app.ini a yll bos kellys: martesen ny vydh devnydhyoryon omgelmi gans 2FA/OPT & gwedrow-mires na oberi yn ta. Gans ow checkya an gist ma afydhyowgh an restren app.ini synsi an SECRET_KEY ewn.
+reinstall_confirm_check_2 = Martesen y fydh edhom dhir daskettermynyegi an gwithvaow ha settyansow. Gans ow checkya an gist ma afydhyowgh hwi a wra daskettermynyegi an higennow rag an gwithvaow ha restren authorized_keys dre dhorn. Afydhyowgh hwi a wra surhe settyansow gwithva ha gweder-mires yw ewn.
+reinstall_confirm_check_3 = Afydhyowgh pur sur owgh hwi an Forgejo ma yw owth eksekutya gans an tyller ewn app.ini ha sur owgh hwi yma edhom dhywgh daslea. Afydhyowgh mayth aswonowgh an peryllow ma.
+err_empty_db_path = Ny yll an tyller sel dherivadow SQLite3 bos gwag.
+no_admin_and_disable_registration = Ny yllowgh marowhe omgovskrifans devnydhyer heb ow kwruthyl akont menystrer.
+err_empty_admin_password = Ny yll an ger-tremena menystrer bos gwag.
+err_empty_admin_email = Ny yll an drigva ebost menystrer bos gwag.
+err_admin_name_is_reserved = Anewn yw an hanow devnydhyer menystrer, ragerghys yw an hanow devnydhyer ma
+err_admin_name_pattern_not_allowed = Anewn yw an hanow devnydhyer menystrer, an hanow devnydhyer ma a omdhesedh patron ragerghys
+err_admin_name_is_invalid = Anewn yw an hanow devnydhyer
+general_title = Settyansow ollgemmyn
+app_name = Titel gweyth
+app_name_helper = Ynworrewgh agas hanow gweyth omma. An hanow na a vydh bos diskwedhys war bub folen.
+app_slogan = Lavar gweyth
+app_slogan_helper = Ynworrewgh agas lavar gweyth omma. Gwitha gwag rag marowhe.
+repo_path = Tyller gwreydhek gwithva
+repo_path_helper = Gwithvaow Git pell a vydh bos sawys dhe'n restrenva ma.
+lfs_path = Tyller gwreydhek Git LFS
+lfs_path_helper = Restrennow helerghys gans Git LFS a vydh bos gwithys y'n restrenva ma. Gwitha gwag rag marowhe.
+run_user = Devnydhyer rag eksekutya avel
+run_user_helper = An hanow devnydher rag an system oberyans mayth eksekutir Forgejo. Notyewgh: res yw dhodho kavos hedhas dhe'n tyller gwreydhek gwithva.
+domain = Arlotteth servell
+domain_helper = Arlotteth po trigva ost rag an servell.
+ssh_port = Porth servell SSH
+ssh_port_helper = Niver porth rag devnydh gans an servell SSH. Gwitha gwag rag marowhe servell SSH.
+http_port = Porth goslowes HTTP
+http_port_helper = Niver porth rag devnydh gans an servell gwi Forgejo.
+app_url = Gorgevren Sel
+app_url_helper = Trigva sel rag gorgevrennow HTTP(S) ha gwarnyansow ebost.
+log_root_path = Tyller kovadh
+log_root_path_helper = Restrennow kovadh a vydh bos skrifys war'n restrenva ma.
+optional_title = Settyansow dre dhewis
+email_title = Settyansow ebost
+smtp_addr = Ost SMTP
+smtp_port = Porth SMTP
+smtp_from = Danvon ebost avel
+smtp_from_invalid = Anewn yw an drigva "Danvon ebost avel"
+smtp_from_helper = An drigva ebost ma a vydh bos devnydhys gans Forgejo. Ynworrewgh trigva ebost sempel po devnydhyewgh an furvas "Hanow" <email@example.com>.
+mailer_user = Hanow devnydhyer SMTP
+mailer_password = Ger-tremena SMTP
+register_confirm = Rekwirya afydhyans ebost rag kovskrifa
+mail_notify = Bywhe gwarnyansow ebost
+server_service_title = Settyansow servell ha gonis parti-tressa
+offline_mode = Bywhe fordh leel
+offline_mode.description = Marowhe rosweythyow synsas parti-tressa ha dyghtya oll asnodhow yn leel.
+disable_gravatar = Marowhe Gravatar
+disable_gravatar.description = Marowhe denvydh a Ravatar op pennfentynnyow imach parti-tressa aral. Imajys defowt a vydh bos devnydhys rag imajys devnydhyer marna ughkarg aga honan dhe'n weyth.
+federated_avatar_lookup = Bywhe imajys keffrysek
+federated_avatar_lookup.description = Arhwilas imajys ow tevnydhya Libravatar.
+disable_registration = Marowhe omgovskrifans
+disable_registration.description = Menystroryon gweyth yn unnik a yll gwruthyl akontys devnydhyer nowydh. Pur gomendys yw rag gwitha kovskrifans marowhes marnas mynnowgh ostya gweyth poblek rag pubonan ha parys owgh hwi rag ardhyghtya mynsow bras a akontys atal.
+allow_only_external_registration = Gasa kovskrifans dre wonisyow a-ves yn unnik
+allow_only_external_registration.description = Devnydhyoryon a yll gwruthyl akontys nowydh ow tevnydhya gonisyow a-ves selys.
+openid_signin = Bywhe omgelmyans OpenID
+openid_signin.description = Gasa devnydhyoryon rag omgelmi der OpenID.
+openid_signup = Bywhe omgovskrifans OpenID
+openid_signup.description = Gasa devnydhyoryon rag gwruthyl akontys der OpenID mar bywhes yw omgovskrifans.
+enable_captcha = Bywhe CAPTCHA kovskrifans
+enable_captcha.description = Rekwirya devnydhyoryon tremena CAPTCHA rag gwruthyl akontys.
+require_sign_in_view = Rekwirya omgelmyans rag gweles synsas gweyth
+require_sign_in_view.description = Finwetha hedhas synsas dhe dhevnydhyoryon omgelmys. Ostysi a yll vysytya an folennow omgelmyans yn unnik.
+default_keep_email_private = Kudha trigvaow ebost yn defowt
+default_keep_email_private.description = Bywhe ow kudha trigvaow ebost rag devnydhyoryon nowydh yn defowt rag may nyns eus an kedhlow ma dyllys wosa kovskrifans.
+default_allow_create_organization = Gasa ow kwruthyl kowethyansow yn defowt
+default_allow_create_organization.description = Gasa devnydhyoryon nowydh gwruthyl kowethyansow yn defowt. Mar byw yw an dewis ma, res yw dhodho menystrer grontya kummyas rag gwruthyl kowethyansow dhe dhevnydhyoryon nowydh.
+default_enable_timetracking = Bywhe hedheuryer yn defowt
+default_enable_timetracking.description = Gasa devnydh a'n nas hedheuryer rag gwithvaow nowydh yn defowt.
+admin_title = Settyansow akont menystrer
+admin_setting.description = Dre dhewis yw ow kwruthyl akont menystrer. An devnydhyer kovskrifys kynsa a wra bos menystrer yn awtomatek.
+admin_name = Hanow devnydhyer menystrer
+admin_password = Ger-tremena
+confirm_password = Afydhya ger-tremena
+admin_email = Trigva ebost
+config_location_hint = An dhewisyow selyans ma a vydh bos sawys yn:
+install_btn_confirm = Lea ForgeJo
+test_git_failed = Ny yllir previ arghadow "git": %v
+sqlite3_not_available = Ny skoodhya SQLite3 an dyllans Forgejo ma. Iskargewgh mar pleg an dyllans dewek sodhogel dhyworth %s (nyns yw an dyllans "gobuild").
+invalid_db_setting = Anewn yw an settyansow sel dherivadow: %v
+invalid_db_table = Anewn yw an vosen sel dherivadow "%s": %v
+invalid_repo_path = Anewn yw an tyller gwreydhek gwithva: %v
+invalid_app_data_path = Anewn yw an tyller data app: %v
+run_user_not_match = Nyns yw an hanow devnydhyer "devnydhyer rag eksekutya avel" an hanow devnydhyer a-lemmyn: %s -> %s
+internal_token_failed = Ny yllir dinythi tokyn a-bervedh: %v
+save_config_failed = Ny yllir sawya selyans: %v
+enable_update_checker_helper_forgejo = Checkya a wra rag dyllansow Forgejo nowydh a dermyn dhe dermyn gans ow checkya kovadh DNS TXT yn release.forgejo.org.
+invalid_admin_setting = Anewn yw settyans akont menystrer: %v
+invalid_log_root_path = Anewn yw an tyller kovadh: %v
+no_reply_address = Arlotteth ebost kudh
+no_reply_address_helper = Hanow arlotteth rag devnydhyoryon gans trigva ebost kudh. Rag ensampel, an hanow devnydhyer "jago" a vydh bos kovadhys yn Git avel "jago@noreply.ensampel.org mars an arlotteth ebost kudh yw "noreply.ensampel.org".
+password_algorithm = Method hash ger-tremena
+invalid_password_algorithm = Method hash ger-tremena anewn
+password_algorithm_helper = Settyewgh an method hash ger-tremena. Yma edhommow ha sleyneth dyffrans. An method argon2 yw saw mes a wra devnydhya meur a gov hag a yll bos anwiw rag systemow byghan.
+enable_update_checker = Bwyhe checkyell nowedhyans
+env_config_keys = Selyans Kerghynnedh
+env_config_keys_prompt = An nowejynnow kerghynnedh a sew a vydh bos gweythys dh'gas restren selyans:
+
+[home]
+uname_holder = Hanow devnydhyer po trigva ebost
+switch_dashboard_context = Skwychella testen skostel
+my_repos = Gwithvaow
+my_orgs = Kowethyansow
+view_home = Gweles %s
+filter = Sidhlow aral
+filter_by_team_repositories = Sidhla gans gwithvaow bagas
+feed_of = Strem a "%s"
+show_archived = Gwithys yn kovskrif
+show_both_archived_unarchived = Ow tiskwedhes an dhew yn kovskrif ha na yn kovskrif
+show_only_archived = Ow tiskwedhes yn kovskrif yn unnik
+show_only_unarchived = Ow tiskwedhes na yn kovskrif yn unnik
+show_private = Privedh
+show_both_private_public = Ow tiskwedhes an dhew poblek ha privedh
+show_only_private = Ow tiskwedhes privedh yn unnik
+show_only_public = Ow tiskwedhes poblek yn unnik
+issues.in_your_repos = Yn agas gwithvaow
+
+[explore]
+repos = Gwithvaow
+users = Devnydhyoryon
+organizations = Kowethyansow
+go_to = Mos dhe
+code = Kod
+code_last_indexed_at = Arhwilys kyns %s
+relevant_repositories_tooltip = Kudh yw gwithvaow fergh po kavos testen vyth, arwodhik vyth, ha deskrifans vyth.
+relevant_repositories = Gwithvaow a vri yw diskwedhys yn unnik, <a href="%s">diskwedhes sewyansow ansidhlys</a>.
+
+[auth]
+create_new_account = Kovskrifa akont
+disable_register_prompt = Kovskrifans yw marow. Kestavewgh agas menystrer gwiasva mar pleg.
+disable_register_mail = Afydhyans ebost rag kovskrifans yw marow.
+manual_activation_only = Kestavewgh agas menystrer gwiasva rag kowlwul bywheans.
+remember_me = Kofhe an devis ma
+forgot_password_title = Ger-tremena ankevys
+forgot_password = Ger-tremena ankevys?
+hint_login = Eus akont dhywgh seulabrys? <a href="%s">Omgelmewgh lemmyn!</a>
+hint_register = Eus edhom dhywgh a akont? <a href="%s">Kovskrifewgh lemmyn.</a>
+sign_up_button = Kovskrifewgh lemmyn.
+sign_up_successful = Akont o gwrys yn sewen. Dynnargh!
+confirmation_mail_sent_prompt = Yma ebost afydhyans nowydh danvenys dhe <b>%s</b>. Rag kowlwul an argerdh kovskrifans, checkyewgh agas yngist mar pleg ha holyewgh an gorgevren provys a-ji dhe'n nessa %s. Mars an ebost yw anewn, hwi a yll omgelmi, ha govyn ebost afydhyans rag bos danvenys dhe drigva ebost aral.
+must_change_password = Nowedhi agas ger-tremena
+allow_password_change = Erghi devnydhyer rag chanjya ger-tremena (komendys)
+reset_password_mail_sent_prompt = Yma ebost afydhyans danvenys dhe <b>%s</b>. Rag kowlwul an argerdh yaghheans akont, checkyewgh agas yngist mar pleg ha holyewgh an gorgevren provys a-ji dhe'n nessa %s.
+active_your_account = Bywhe agas akont
+account_activated = Akont yw bywhes
+prohibit_login = Akont yw astelys
+prohibit_login_desc = Agas akont re beu astelys rag ow tevnydhya gans an weyth. Kestavewgh an menystrer weyth rag daskemeres hedhas.
+resent_limit_prompt = Hwi re govynys ebost bywheans seulabrys a-dhiwedhes. Gortewgh 3 mynysennow mar pleg hag ena assayewgh arta.
+has_unconfirmed_mail = Yow %s, yma trigva ebost anafydhys dhywgh (<b>%s</b>). Mar nyns eus ebost afydhyans yn agas yngist po yma edhom dhywgh danvon onan nowydh, klyckyewgh war'n boton a-woles mar pleg.
+change_unconfirmed_email_summary = Chanjya an drigva ebost devnydhys rag danvon an ebost bywheans.
+change_unconfirmed_email = Mar proviowgh an drigva ebost anewn dres kovskrifans, hwi a yll chanjya a-woles, hag yma afydhyans nowydh danvenys dhe'n drigva nowydh yn le.
+change_unconfirmed_email_error = Ny yllir chanjya an drigva ebost: %v
+resend_mail = Klyckyewgh omma rag dastanvon agas ebost bywheans
+send_reset_mail = Danvon ebost yaghheans
+reset_password = Yaghheans akont
+invalid_code = Agas kod afydhyans yw anewn po re diwedhys.
+invalid_code_forgot_password = Agas kod afydhyans yw anewn po re diwedhys. Klyckyewgh <a href="%s">omma</a> rag dalleth esedhek nowydh.
+invalid_password = An ger-tremena ma ny omdhesedha an ger-tremena devnydhys rag gwruthyl an akont.
+reset_password_helper = Daskavos Akont
+reset_password_wrong_user = Omgelmys owgh hwi avel %s, mes an gorgevren yaghheans akont yw rag %s
+password_too_short = An ger-tremena na yllir bos le hir es %d lytherennow.
+non_local_account = Devnydhyoryon anleel na yllir nowedhi aga ger-tremena dres an ynterfas gwi Forgejo.
+verify = Gwirhe
+unauthorized_credentials = Manylyon devnydhyer yw anewn po re diwedhys. Assayewgh arta agas arghadow po gweles %s rag moy kedhlow
+scratch_code = Kod kravas
+use_scratch_code = Devnydhya kod kravas
+use_onetime_code = Devnydhya kod unweyth
+twofa_scratch_used = Hwi re devnydhys agas kod kravas. Hwi re daskevarwodhys dhe'n folen settyansow dewkamm rag may hwi a yll remova agas kovskrifans devis po dinythi kod kravas nowydh.
+twofa_passcode_incorrect = Agas kod-tremena yw anewn. Mar kellowgh agas devis, devnydhya agas kod kravas rag omgelmi.
+twofa_scratch_token_incorrect = Agas kod kravas yw anewn.
+login_userpass = Omgelmi
+oauth_signup_tab = Kovskrifa akont nowydh
+oauth_signup_title = Kowlwul akont nowydh
+oauth_signup_submit = Kowlwul akont
+oauth_signin_tab = Keskelmi dhe akont seulabrys
+oauth_signin_title = Omgelmi rag reythhe akont keskelmys
+oauth_signin_submit = Keskelmi akont
+oauth.signin.error = Yth esa error owth argerdhes an govyn reythheans. Mar durya an error ma, kestavewgh an menystrer gwiasva mar pleg.
+oauth.signin.error.access_denied = An govyn reythheans o naghys.
+oauth.signin.error.temporarily_unavailable = Ny yllir reythhe drefen an ankavadewder a'n servell. Anbarghus yw hemma; assayewgh arta diwettha mar pleg.
+openid_connect_submit = Junya
+openid_connect_title = Junya dhe akont seulabrys
+openid_connect_desc = An URI OpenID dewisys yw ankoth. Kowethya gans akont nowydh omma.
+openid_register_title = Gwruthyl akont nowydh
+openid_register_desc = An URI OpenID dewisys yw ankoth. Kowethya gans akont nowydh omma.
+openid_signin_desc = Ynworrewgh agas URI OpenID. Rag ensampel: alice.openid.example.org po https://openid.example.org/alice.
+disable_forgot_password_mail = Yaghheans akont yw marow drefen nyns eus trigva ebost selys. Kestavewgh agas menystrer gwiasva mar pleg.
+disable_forgot_password_mail_admin = Yaghheans akont yw kavadow mar selys yw ebost. Selyewgh ebost rag bywhe yaghheans akont mar pleg.
+email_domain_blacklisted = Ny yllowgh kovskrifa gans agas trigva ebost.
+authorize_application = Reythhe App
+authorize_redirect_notice = Hwi a vydh daskevarwodhys dhe %s mar reythhowgh an app ma.
+authorize_application_created_by = An app ma o gwrys gans %s.
+authorize_application_description = Mar grontyowgh hedhes, y hyll drehedhes ha skrifa dhe oll agas kedhlow akont, ow synsi gwithvaow ha kowethyansow privedh.
+authorize_title = Reythhe "%s" rag drehedhes agas akont?
+authorization_failed = Reythheans fyllis
+authorization_failed_desc = An reythheans fyllis drefen helerghyn ni govyn anewn. Kestavewgh an mentenour a'n app hwi re assayys rag reythhe mar pleg.
+password_pwned = An ger-tremena hwi re dewisys yw war <a target="_blank" rel="noopener noreferrer" href="%s">rol a eryow ledrys</a> diskudhys kyns lemmyn yn torrvaow data poblek. Assayewgh arta gans ger-tremena aral mar pleg ha prederewgh ow chanjya an ger-tremena ma yn leow aral ynwedh.
+password_pwned_err = Ny yllir kowlwul govyn dhe HaveIBeenPwned
+last_admin = Ny yllowgh remova an menystrer finek. Res yw bos unn menystrer dhe'n lyha.
+back_to_sign_in = Dehweles dhe Omgelmyans
+sign_in_openid = Procedya gans OpenID
+
+[mail]
+view_it_on = Gweles war %s
+reply = po gorthebi dhe'n ebost ma distowgh
+link_not_working_do_paste = Yw an gorgevren terrys? Assayewgh ow kopia hag ow tasskrifa y'n barr a'gas peurell.
+hi_user_x = Yow <b>%s</b>,
+activate_account = Bywhewgh agas akont mar pleg
+activate_account.text_1 = Yow <b>%[1]s</b>, meur ras rag ow kovskrifa yn %[2]s!
+activate_account.text_2 = Klyckyewgh war'n gorgevren a sew mar pleg rag bywhe agas akont a-ji dhe <b>%s</b>:
+activate_email = Gwirhe agas trigva ebost
+activate_email.text = Klyckyewgh an gorgevren a sew mar pleg rag gwirhe agas trigva ebost a-ji dhe <b>%s</b>:
+admin.new_user.subject = Devnydhyer nowydh %s kovskrifys namnygen
+admin.new_user.user_info = Kedhlow devnydhyer
+admin.new_user.text = <a href="%s">Klyckyewgh omma</a> mar pleg rag dyghtya an devnydhyer ma y'n panel menystrer.
+register_notify = %s a'gas dynnargh
+register_notify.text_1 = agas ebost afydhyans kovskrifans yw hemma rag %s!
+register_notify.text_2 = Hwi a yll omgelmi yn agas akont ow tevnydhya dha hanow devnydhyer: %s
+register_notify.text_3 = Mars an akont ma o gwrys rag hwi gans nebonan aral, yma edhom dhywgh <a href="%s">settya agas ger-tremena</a> kyns.
+reset_password = Daskavos agas akont
+reset_password.text = Mar hwi o hemma, klyckyewgh an gorgevren a sew mar pleg rag daskavos agas akont a-ji dhe <b>%s</b>:
+password_change.subject = Agas ger-tremena re beu chanjys
+password_change.text_1 = An ger-tremena rag agas akont o chanjys namnygen.
+primary_mail_change.subject = Agas penntrigva ebost re beu chanjys
+primary_mail_change.text_1 = An penntrigva ebost a'gas akont o chanjys namnygen dhe %[1]s. Hemm a styr an drigva ebost ny vydh degemeres gwarnyans ebost rag agas akont na fella.
+totp_disabled.subject = TOTP re beu marowhes
+totp_disabled.text_1 = Ger-tremena termyn-selys unweyth (TOTP) war agas akont o marowhes namnygen.
+totp_disabled.no_2fa = Nyns eus methodys 2FA selys na fella, ha nyns yw res rag omgelmi yn agas akont gans 2FA.
+removed_security_key.subject = Alhwedh sawder re beu dileys
+removed_security_key.text_1 = Alhwedh sawder "%[1]s" re beu dileys rag agas akont namnygen.
+removed_security_key.no_2fa = Nyns eus methodys 2FA selys na fella, ha nyns yw res rag omgelmi yn agas akont gans 2FA.
+account_security_caution.text_1 = Mar hwi o hemma, hwi a yll skonya aswon an ebost ma.
+account_security_caution.text_2 = Mar nyns yw hwi, agas akont yw diantel. Kestavewgh an venystroryon a'n wiasva ma mar pleg.
+totp_enrolled.subject = Hwi re bywhes TOTP avel method 2FA
+totp_enrolled.text_1.no_webauthn = Hwi re bywhes TOTP rag agas akont namnygen. Hemm a styr rag oll omgelmyansow dh'gas akont, res yw dhywgh devnydhya TOTP avel method 2FA.
+totp_enrolled.text_1.has_webauthn = Hwi re bywhes TOTP rag agas akont namnygen. Hemm a styr rag oll omgelmyansow dh'gas akont, hwi a yll devnydhya TOTP avel method 2FA po devnydhya neb a'gas alhwedhow sawder.
+issue_assigned.pull = Yth ewgh hwi charjys gans @%[1]s dhe brofyans %[2]s yn gwithva %[3]s.
+issue_assigned.issue = Yth ewgh hwi charjys gans @%[1]s dhe gudyn %[2]s yn gwithva %[3]s.
+issue.x_mentioned_you = Yth ewgh hwi kampollys gans <b>@%s</b>:
+issue.action.force_push = <b>%[1]s</b> herdhys gans nerth an <b>%[2]s</b> dhyworth %[3]s dhe %[4]s.
+issue.action.push_1 = <b>@%[1]s</b> herdhys %[3]d gwrians dhe %[2]s
+issue.action.push_n = <b>@%[1]s</b> herdhys %[3]d gwriansow dhe %[2]s
+issue.action.close = <b>@%[1]s</b> deges #%[2]d.
+issue.action.reopen = <b>@%[1]s</b> dasygerys #%[2]d.
+issue.action.merge = <b>@%[1]s</b> kesunys #%[2]d yn %[3]s.
+issue.action.approve = <b>@%[1]s</b> komendys an profyans ma.
+issue.action.reject = <b>@%[1]s</b> govynnys chanjyow orth an profyans ma.
+issue.action.review = <b>@%[1]s</b> kampollys war'n profyans ma.
+issue.action.review_dismissed = <b>@%[1]s</b> naghys breusyans finek dhhyworth %[2]s rag an profyans ma.
+issue.action.ready_for_review = <b>@%[1]s</b> merkys an profyans ma avel parys rag breusyans.
+issue.action.new = <b>@%[1]s</b> gwrys #%[2]d.
+issue.in_tree_path = Yn %s:
+release.new.subject = %s yn %s dyllys
+release.new.text = <b>@%[1]s</b> dyllys %[2]s yn %[3]s
+release.title = Titel: %s
+release.note = Noten:
+release.downloads = Iskargow:
+release.download.zip = Kod Pennfenten (ZIP)
+release.download.targz = Kod Pennfenten (TAR.GZ)
+repo.transfer.subject_to = %s a vynn treusworra gwithva "%s" dhe %s
+repo.transfer.subject_to_you = %s a vynn treusworra gwithva "%s" dhe hwi
+repo.transfer.to_you = hwi
+repo.transfer.body = Rag degemeres po nagha vysytya %s po skonya aswon.
+repo.collaborator.added.subject = %s addys hwi dhe %s avel kesoberer
+repo.collaborator.added.text = Hwi re beu addys avel kesoberer dhe withva:
+team_invite.subject = %[1]s re welwys hwi rag junya an kowethyans %[2]s
+team_invite.text_1 = %[1]s re welwys hwi rag junya bagas %[2]s yn kowethyans %[3]s.
+team_invite.text_2 = Klyckyewgh an gorgevren a sew mar pleg rag junya an bagas:
+team_invite.text_3 = Noten: An galow ma o mynnys rag %[1]s. Mar na gwaytyowgh an galow ma, hwi a yll skonya aswon an ebost ma.
+
+[modal]
+yes = Ya
+no = Na
+confirm = Afydhya
+cancel = Hedhi
+
+[form]
+UserName = Hanow devnydhyer
+FullName = Hanow leun
+Description = Deskrifans
+Pronouns = Rakhenwyn
+Biography = Bewskrif
+Website = Gwiasva
+Location = Tyller
+RepoName = Hanow gwithva
+Email = Trigva ebost
+Password = Ger-tremena
+Retype = Afydhya ger-tremena
+PayloadUrl = Gorgevren karg
+TeamName = Hanow bagas
+AuthName = Hanow reythheans
+AdminEmail = Trigva ebost menystrer
+To = Hanow skorr
+AccessToken = Tokyn hedhas
+NewBranchName = Hanow skorr nowydh
+CommitSummary = Berrskrif gwrians
+CommitMessage = Messach gwrians
+CommitChoice = Dewis gwrians
+TreeName = Tyller restren
+Content = Synsas
+require_error = ` ny yllir bos gwag.`
+alpha_dash_error = ` y kodh synsi lytherennow y'n abecedari, niveryow, linen ("-") hag islinen ("_").`
+alpha_dash_dot_error = ` y kodh synsi lytherennow y'n abecedari, niveryow, linen ("-"), islinen ("_"), ha dyjyn (".").`
+git_ref_name_error = ` res yw bos hanow kampol Git gwrys yn ta.`
+size_error = ` res yw bos braster %s.`
+min_size_error = ` res yw synsi %s lytherennow dhe'n lyha.`
+max_size_error = ` res yw synsi %s lytherennow dhe'n moyha.`
+email_error = ` nyns yw trigva ebost ewn.`
+url_error = `"%s" nyns yw gorgevren ewn.`
+include_error = ` res yw synsi istekst "%s".`
+glob_pattern_error = ` patron glob yw anewn: %s.`
+regex_pattern_error = ` patron menegyn rewlys yw anewn: %s.`
+username_error = ` a yll synsi lytherennow ("0-9","a-z","A-Z"), linen ("-"), islinen ("_") ha dyjyn (".") yn unnik. Ny yllir dalleth po finsya gans lytherennow na'n par na, ha lytherennow na'n par na yw difennys ynwedh.`
+username_error_no_dots = ` a yll synsi lytherennow ("0-9","a-z","A-Z"), linen ("-"), hag islinen ("_") yn unnik. Ny yllir dalleth po finsya gans lytherennow na'n par na, ha lytherennow na'n par na yw difennys ynwedh.`
+invalid_group_team_map_error = ` mappyans yw anewn: %s`
+unknown_error = Error ankoth:
+captcha_incorrect = Anewn yw an kod CAPTCHA.
+password_not_match = Na omdhesedha an eryow-tremena.
+lang_select_error = Dewis yeth dhyworth an rol.
+username_been_taken = An hanow devnydhyer yw kemerys seulabrys.
+username_change_not_local_user = Nyns yw devnydhyoryon anleel gesys rag chanjya aga hanow devnydhyer.
+username_claiming_cooldown = Nyllir perghenegi an hanow devnydhyer drefen nyns yw deu y dermyn-mygla. Y hyll bos perghenegys %[1]s.
+repo_name_been_taken = An hanow gwithva yw devnydhys seulabrys.
+repository_force_private = Ynia Privedh yw byw: ny yllir dylla yn poblek gwithvaow privedh.
+repository_files_already_exist = Yma restrennow rag an gwithva ma seulabrys. Kestavewgh an menystrer system.
+repository_files_already_exist.adopt = Yma restrennow rag an gwithva ma seulabrys hag yllons bos Asvebys hepken.
+repository_files_already_exist.delete = Yma restrennow rag an gwithva ma seulabrys. Res yw dhywgh dilea.
+repository_files_already_exist.adopt_or_delete = Yma restrennow rag an gwithva ma seulabrys. Res yw dhywgh dilea po asvaba.
+visit_rate_limit = Vysytyans pell a ewnhe finweth.
+2fa_auth_required = Vysytyans pell rekwirys gwirheans dewkamm.
+org_name_been_taken = An hanow kowethyans yw kemerys seulabrys.
+team_name_been_taken = An hanow bagas yw kemerys seulabrys.
+team_no_units_error = Gasa hedhas dhe unn dregh gwithva dhe'n lyha.
+email_been_used = An drigva ebost yw devnydhys seulabrys.
+email_invalid = Anewn yw an drigva ebost.
+email_domain_is_not_allowed = Yma kas ynter an arlotteth a'n drigva ebost devnydhyer <b>%s</b> ha EMAIL_DOMAIN_ALLOWLIST po EMAIL_DOMAIN_BLOCKLIST. Surhewgh hwi re settys an drigva ebost yn ta.
+openid_been_used = An drigva OpenID "%s" yw devnydhys seulabrys.
+username_password_incorrect = Hanow devnydhyer po ger-tremena yw anewn.
+password_complexity = Ger-tremena ny hedhes edhommow komplegeth:
+password_lowercase_one = Unn lytheren byghan dhe'n lyha
+password_uppercase_one = Unn lytheren bras dhe'n lyha
+password_digit_one = Unn niver dhe'n lyha
+password_special_one = Unn lytheren arbennik (poyntyans, krommvaghow, devynys, h.e.) dhe'n lyha
+enterred_invalid_repo_name = Anewn yw an hanow gwithva ynworrys.
+enterred_invalid_org_name = Anewn yw an hanow kowethyans ynworrys.
+enterred_invalid_owner_name = Nyns yw ewn an hanow perghen nowydh.
+enterred_invalid_password = Anewn yw an ger-tremena ynworrys.
+unset_password = Ny veu an devnydhyer omgelmyans an ger-tremena settys.
+unsupported_login_type = Nyns yw skoodhys an eghen omgelmyans rag dilea akont.
+user_not_exist = Nyns eus an devnydhyer.
+team_not_exist = Nyns eus an bagas.
+last_org_owner = Ny yllowgh remova an devnydhyer diwettha rag an bagas "perghennow". Res yw bos unn perghen dhe'n lyha rag kowethyans.
+cannot_add_org_to_team = Ny yllir keworra Kowethyans avel esel bagas.
+duplicate_invite_to_team = An devnydhyer yw gelwys avel esel bagas seulabrys.
+organization_leave_success = Hwi re gesys an kowethyans %s yn sewen.
+invalid_ssh_key = Ny yllir gwirhe agas alhwedh SSH: %s
+invalid_gpg_key = Ny yllir gwirhe agas alhwedh GPG: %s
+must_use_public_key = An alhwedh provys yw alhwedh privedh. Na ughkargewgh agas alhwedh privedh yn neb le. Devnydhyewgh agas alhwedh poblek yn le.
+unable_verify_ssh_key = Ny yllir gwirhe an alhwedh SSH, checkyewgh rag kammgemeryansow.
+auth_failed = Ny yllir gwirhe: %v
+still_own_repo = Yma dh'gas akont unn po moy gwithvaow, dileewgh po treusperthi kyns.
+still_has_org = Agas akont yw esel a unn po moy kowethyansow, gasewgh kyns.
+still_own_packages = Yma dh'gas akont unn po moy fardellow, dileewgh kyns.
+org_still_own_repo = Yma dhe'n kowethyans ma unn po moy gwithvaow, dileewgh po treusperthewgh kyns.
+org_still_own_packages = Yma dhe'n kowethyans ma unn po moy fardellow, dileewgh kyns.
+target_branch_not_exist = Nyns eus an skorr kostennys.
+admin_cannot_delete_self = Ny yllowgh dilea agas honan mar menystrer owgh hwi. Removewgh agas pryvylejys menystrer kyns mar pleg.
+required_prefix = Res yw dhywgh dalleth ynworrans gans "%s"
+
+[user]
+change_avatar = Chanjya agas imach…
+joined_on = Omjunys %s
+repositories = Gwithvaow
+activity = Aktivita poblek
+followers.title.one = Holyer
+followers.title.few = Holyoryon
+following.title.one = Ow Holya
+following.title.few = Ow Holya
+followers_one = %d holyer
+followers_few = %d holyoryon
+following_one = %d ow holya
+following_few = %d ow holya
+follow = Holya
+unfollow = Diholya
+block_user = Lettya devnydhyer
+block_user.detail = Notyewgh yma effeythyow aral a ow lettya devnydhyer mar pleg, kepar ha:
+block_user.detail_1 = Hwi a vydh astel ow holya an eyl y gila ha ny yllir holya an eyl y gila.
+block_user.detail_2 = An devnydhyer ma ny yllir ynterweytha gans agas gwithvaow, po an gudynnow ha kampollansow hwi re gwrys.
+block_user.detail_3 = Ny yllowgh keworra an eyl y gila avel kesoberoryon gwithva.
+follow_blocked_user = Ny yllowgh holya an devnydhyer ma drefen hwi re lettys an devnydhyer ma po an devnydhyer ma re hwi lettys.
+starred = Gwithvaow drudh
+watched = Gwithvaow mirys
+code = Kod
+projects = Ragdresow
+overview = Gorwolok
+block = Lettya
+unblock = Dilettya
+user_bio = Bewskrif
+email_visibility.limited = Agas trigva ebost yw gweladow rag oll devnydhyoryon omgelmys
+show_on_map = Diskwedhes an tyller ma war vappa
+settings = Settyansow devnydhyer
+disabled_public_activity = An devnydhyer ma re marowhes an gweladewder poblek a'n aktivita.
+public_activity.visibility_hint.self_public = Agas aktivita yw gweladow rag pubonan, marnas keskowsow yn spassow privedh. <a href="%s">Chanjya</a>.
+public_activity.visibility_hint.admin_public = Agas aktivita yw gweladow rag pubonan mes, drefen menystrer owgh hwi, hwi a yll gweles keskowsow yn spassow privedh.
+public_activity.visibility_hint.self_private = Agas aktivita yw gweladow rag hwi ha'n venystroryon gweyth yn unnik. <a href="%s">Chanjya</a>.
+public_activity.visibility_hint.admin_private = An aktivita ma yw gweladow rag hwi drefen menystrer owgh hwi, mes an devnydhya mynnes gwitha privedh.
+public_activity.visibility_hint.self_private_profile = Agas aktivita yw gweladow rag hwi ha'n venystroryon gweyth yn unnik drefen agas profil yw privedh. <a href="%s">Chanjya</a>.
+form.name_reserved = An hanow devndyhyer "%s" yw ragerghys.
+form.name_pattern_not_allowed = An patron "%s" nyns yw gesys yn hanow devnydhyer.
+form.name_chars_not_allowed = Yma lytherennow anewn y'n hanow devnydhyer "%s".
+
+[settings]
+profile = Profil
+account = Akont
+appearance = Gis
+security = Sawder
+avatar = Imach
+ssh_gpg_keys = Alhwedhow SSH / GPG
+applications = Appys
+orgs = Kowethyansow
+repos = Gwithvaow
+twofa = Reythheans dewkamm (TOTP)
+organization = Kowethyansow
+webauthn = Reythheans dewkamm (Alhwedhow sawder)
+blocked_users = Devnydhyoryon lettys
+storage_overview = Gorwolok gwithans
+quota = Finweth
+public_profile = Profil poblek
+biography_placeholder = Kedhlewgh re erel nebes a-dro dhywgh! (Markdown yw skoodhys)
+location_placeholder = Kevrenna agas tyller nesogas gans re erel
+profile_desc = A-dro dhywgh
+password_username_disabled = Devnydhyoryon anleel nyns yw gesys chanjya aga hanow devnydhyer. Kestavewgh agas menystrer gwiasva rag moy manylyon mar pleg.
+full_name = Hanow leun
+website = Gwiasva
+location = Tyller
+pronouns = Rakhenwyn
+pronouns_unspecified = Anragnotys
+update_theme = Chanjya thema
+update_profile = Nowedhi profil
+update_language = Chanjya yeth
+update_language_not_found = Yeth "%s" nyns yw kavadow.
+update_language_success = Yeth re beu nowedhys.
+update_profile_success = Agas profil re beu nowedhys.
+change_username_prompt = Noten: Ow chanjya agas hanow devnydhyer a wra chanjya an URL a'gas akont.
+change_username_redirect_prompt = An hanow devnydhyer koth a wra daskevarwodha ernag yma nebonan ow perghenegi.
+change_username_redirect_prompt.with_cooldown.one = An hanow devnydhyer koth a wra bos kavadow rag pubonan wosa termyn-mygla a %[1]d dydh. Hwi a yll dasberghenegi an hanow devnydhyer koth dres an termyn-mygla.
+change_username_redirect_prompt.with_cooldown.few = An hanow devnydhyer koth a wra bos kavadow rag pubonan wosa termyn-mygla a %[1]d dedhyow. Hwi a yll dasberghenegi an hanow devnydhyer koth dres an termyn-mygla.
+language = Yeth
+language.title = Yeth defowt
+language.description = An yeth ma y fydh sawys dh'gas akont ha devnydhys avel an defowt wosa omgelmowgh.
+language.localization_project = Gweresewgh ni treylya Forgejo yn agas yeth! <a href="%s">Dyski moy</a>.
+ui = Thema
+hints = Hyntys
+additional_repo_units_hint = Profyewgh bywhe unses gwithva keworransel
+additional_repo_units_hint_description = Diskwedhes hynt "Bywhe moy" rag gwithvaow le may nyns eus oll unses kavadow bywhes.
+update_hints = Nowedhi hyntys
+update_hints_success = Hyntys re beu nowedhys.
+hidden_comment_types = Eghennow kampol kudh
+hidden_comment_types_description = Eghennow kampol checkys omma ny vydh diskwedhys yn folennow kudyn. Ow checkya "Label" rag ensampel a wra remova oll kampollys "<user> keworrys/removys <label>".
+hidden_comment_types.ref_tooltip = Kampollys le may an kudyn ma o kampollys dhyworth kudyn/gwrians/… aral
+hidden_comment_types.issue_ref_tooltip = Kampollys le may an devnydhyer chanjya an skorr/tagg kowethys gans an kudyn
+comment_type_group_reference = Kampol
+comment_type_group_label = Label
+comment_type_group_milestone = Men mildir
+comment_type_group_assignee = Charjyer
+comment_type_group_title = Titel
+comment_type_group_branch = Skorr
+comment_type_group_review_request = Govyn breusyans
+comment_type_group_pull_request_push = Gwriansow keworrys
+comment_type_group_project = Ragdres
+comment_type_group_issue_ref = Kampol kudyn
+saved_successfully = Agas settyansow o sawys yn sewen.
+privacy = Privetter
+keep_activity_private = Kudha aktivita rag folen profil
+keep_activity_private.description = Agas <a href="%s">aktivita poblek</a> y fydh gweladow rag gwi ha'n venystroryon gweyth yn unnik.
+lookup_avatar_by_mail = Hwilas imach gans trigva ebost
+enable_custom_avatar = Devnydhya imach a-vusur
+choose_new_avatar = Dewis imach nowydh
+update_avatar = Nowedhi imach
+delete_current_avatar = Dilea imach a-lemmyn
+uploaded_avatar_not_a_image = An restren ughkargys nyns yw skeusen.
+uploaded_avatar_is_too_big = An restren ughkargys (%d KiB) gordremena an braster moyha (%d KiB).
+update_avatar_success = Agas imach re beu nowedhys.
+update_user_avatar_success = An imach a'n devnydhyer re beu nowedhys.
+change_password = Chanjya ger-tremena
+update_password = Nowedhi ger-tremena
+old_password = Ger-tremena a-lemmyn
+new_password = Ger-tremena nowydh
+retype_new_password = Afydhya ger-tremena nowydh
+password_incorrect = An ger-tremena nowydh yw anewn.
+change_password_success = Agas ger-tremena re beu nowedhys. Alemma rag, devnydhya agas ger-tremena nowydh rag omgelmi.
+password_change_disabled = Devnydhyoryon anleel na yllir nowedhi aga ger-tremena dres an ynterfas gwi Forgejo.
+manage_emails = Dyghtya trigvaow ebost
+manage_themes = Thema defowt
+manage_openid = Trigvaow OpenID
+email_desc = Agas penntrigva ebost y fydh devnydhys rag gwarnyansow, yaghheans ger-tremena ha, mar nyns yw kudh, oberyans gwi-selys Git.
+theme_desc = An thema ma y fydh devnydhys rag an ynterfas gwi mars omgelmys owgh hwi.
+primary = Kynsa
+activated = Bywhes
+requires_activation = Bywheans a res
+primary_email = Bos kynsa
+activate_email = Danvon bywheans
+activations_pending = Bywheansow ow gortos
+can_not_add_email_activations_pending = Yma bywheans ow gortos, assayewgh arta yn nebes mynysennow mar mynnowgh keworra trigva ebost nowydh.
+delete_email = Remova
+email_deletion = Remova trigva ebost
+email_deletion_desc = An drigva ebost ma ha kedhlow keskelmys y fydh dileys rag agas akont. Gwriansow Git gans an drigva ebost a wra gwitha anchanjys. Pesya?
+email_deletion_success = An drigva ebost re beu dileys.
+theme_update_success = Agas thema o nowedhys.
+theme_update_error = Nyns eus an thema dewisys.
+openid_deletion = Remova Trigva OpenID
+openid_deletion_desc = Ow remova an drigva OpenID ma rag agas akont a wra lettya hwi dhyworth owth omgelmi gans an re ma. Pesya?
+openid_deletion_success = An drigva OpenID re beu dileys.
+add_new_email = Keworra trigva ebost
+add_new_openid = Keworra URI OpenID nowydh
+add_email = Keworra trigva ebost
+add_openid = Keworra URI OpenID
+add_email_confirmation_sent = Ebost afydhyans re beu danvenys dhe "%s". Rag afydhya dha trigva ebost, checkyewgh agas yngist mar pleg ha holya an gorgevren provys a-ji dhe'n nessa %s.
+add_email_success = An drigva ebost nowydh re beu keworrys.
+email_preference_set_success = Dewis ebost re beu settys yn sewen.
+add_openid_success = An drigva OpenID nowydh re beu keworrys.
+keep_email_private = Kudha trigva ebost
+keep_email_private_popup = Trigva ebost ny vydh diskwedhys war'n folen profil ha ny vydh an defowt rag gwriansow gwrys ow tevnydhya an ynterfas gwi, kepar ha ughkargys restren, golegyansow, ha gwriansow kesunyans. Yn le, trigva arbennik a yll bos devnydhys rag kevrenna gwriansow dhe'n akont devnydhyer. An dewis ma ny vydh menni gwriansow gwrys seulabrys.
+keep_pronouns_private = Diskwedhes rakhenwyn dhe dhevnydhyoryon reythhes yn unnik
+keep_pronouns_private.description = Hemm a wra kudha agas rakhenwyn rag vysytyoryon anomgelmys.
+manage_ssh_keys = Dyghtya alhwedhow SSH
+manage_ssh_principals = Dyghtya Penntestskifow SSH
+manage_gpg_keys = Dyghtya Alhwedhow GPG
+add_key = Keworra alhwedh
+ssh_desc = An alhwedhow poblek SSH ma yw kowethys gans agas akont. An alhwedhow privedh a omdhesedh gasa hedhas leun dhe agas gwithvaow. Alhwedhow SSH gwirhes a yll bos devnydhys rag gwirhe gwriansow Git sinys gans SSH.
+principal_desc = An penntestskrifow SSH ma yw kowethys gans agas akont ha gasa hedhas leun dh'gas gwithvaow.
+gpg_desc = An alhwedhow poblek GPG yw kowethys gans agas akont ha yw devnydhys rag gwirhe dha gwriansow. Gwitha saw agas alhwedhow privedh drefen gasons i rag sina gwriansow gans agas honanieth.
+webauthn_nickname = Leshanow
+delete_account = Dilea agas akont
+confirm_delete_account = Afydhya dileyans
+delete_account_title = Dilea akont devnydhyer
+delete_account_desc = Owgh hwi sur mynnowgh dilea an akont devnydhyer ma yn andileadow?
+email_notifications.enable = Bywhe gwarnyansow ebost
+visibility = Gweladewder devnydhyer
+visibility.public = Poblek
+visibility.public_tooltip = Gweladow rag oll
+visibility.limited = Strothys
+visibility.limited_tooltip = Gweladow rag devnydhyoryon omgelmys yn unnik
+visibility.private = Privedh
+visibility.private_tooltip = Gweladow yn unnik rag eseli a gowethyansow may rann owgh hwi
+blocked_since = Lettys a-dhia %s
+user_unblock_success = An devnydhya re beu dilettys yn sewen.
+user_block_success = An devnydhya re beu lettys yn sewen.
+user_block_yourself = Ny yllowgh lettya agas honan.
+quota.sizes.assets.artifacts = Eskorransow
+quota.sizes.assets.packages.all = Fardellow
+quota.sizes.wiki = Wiki
+cancel = Hedhi
+comment_type_group_time_tracking = Hedheuryer
+comment_type_group_deadline = Diwedhva
+comment_type_group_dependency = Serghek
+comment_type_group_lock = Studh alhwedha
+openid_desc = OpenID a asa hwi kanasa gwirheans dhe brovier a-ves.
+ssh_helper = <strong>Eus edhom dhywgh a weres?</strong> Gwelewgh an kowethlyver rag <a href="%s">gwruthyl agas honan alhwedhow SSH</a> po digelmi <a href="%s">kudynnow kemmyn</a> gans ow tevnydhya SSH.
+gpg_helper = <strong>Eus edhom dhywgh a weres?</strong> Gwelewgh an kowethlyver rag <a href="%s">a-dro dhe GPG</a>.
+key_content_ssh_placeholder = Dalleth gans "ssh-ed25519", "ssh-rsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "sk-ecdsa-sha2-nistp256@openssh.com", po "sk-ssh-ed25519@openssh.com"
+key_content_gpg_placeholder = Dalleth gans "-----BEGIN PGP PUBLIC KEY BLOCK-----"
+ssh_key_been_used = An alhwedh SSH ma re veu keworrys dhe'n servell seulabrys.
+ssh_key_name_used = Yma alhwedh SSH gans an hanow keth war agas akont seulabrys.
+gpg_key_id_used = Yma alhwedh GPG poblek gans an ID keth seulabrys.
+gpg_no_key_email_found = An alhwedh GPG ma ny omdhesedha neb trigva ebost byw kowethys gans agas akont. Possybyl yw rag keworra mar sinewgh an tokyn provys.
+gpg_key_matched_identities = Honaniethow Omdhesedhys:
+gpg_key_verified = Alhwedh gwirhys
+gpg_key_verify = Gwirhe
+gpg_token_required = Yma edhom dhywgh provia sinans rag an tokyn a-woles
+gpg_token = Tokyn
+gpg_token_help = Hwi a yll dinythi sinans ow tevnydhya:
+gpg_token_signature = Sinans GPG arvwiskys
+key_signature_gpg_placeholder = Dalleth gans "-----BEGIN PGP SIGNATURE-----"
+verify_gpg_key_success = Alhwedh GPG "%s" re beu gwirhys.
+ssh_key_verified = Alhwedh gwirhys
+ssh_key_verify = Gwirhe
+ssh_token_required = Yma edhom dhywgh provia sinans rag an tokyn a-woles
+ssh_token = Tokyn
+ssh_token_help = Hwi a yll dinythi sinans ow tevnydhya:
+ssh_token_help_ssh_agent = po, mar devnydhyowgh maynor SSH (gans an nowejyn SSH_AUTH_SOCK settys):
+ssh_token_signature = Sinans SSH arvwiskys
+key_signature_ssh_placeholder = Dalleth gans "-----BEGIN SSH SIGNATURE-----"
+verify_ssh_key_success = An alhwedh SSH "%s" re beu gwirhys.
+subkeys = Isalhwedhow
+key_id = ID Alhwedh
+key_name = Hanow alhwedh
+key_content = Synsas
+principal_content = Synsas
+add_key_success = An alhwedh SSH "%s" re beu keworrys.
+add_gpg_key_success = An alhwedh GPG "%s" re beu keworrys.
+delete_key = Remova
+ssh_key_deletion = Remova alhwedh SSH
+gpg_key_deletion = Remova alhwedh GPG
+ssh_key_deletion_success = An alhwedh SSH re beu removys.
+gpg_key_deletion_success = An alhwedh GPG re beu removys.
+added_on = Keworrys %s
+valid_until_date = Ewn bys %s
+valid_forever = Ewn bys vykken
+last_used = Devnydhys diwettha
+no_activity = Nyns eus aktivita a-dhiwedhes
+can_read_info = Redya
+can_write_info = Skrifa
+key_state_desc = An alhwedh ma re beu devnydhys y'n 7 dedhyow yw passys
+token_state_desc = An tokyn ma re beu devnydhys y'n 7 dedhyow yw passys
+show_openid = Diskwedhes war brofil
+hide_openid = Kudha rag profil
+ssh_disabled = SSH yw marow
+ssh_externally_managed = An alhwedh SSH ma yw dyghtys a-ves rag an devnydhyer ma
+manage_access_token = Toknys hedhas
+generate_new_token = Dinythi tokyn nowydh
+tokens_desc = An doknys ma ri hedhas dh'gas akont ow tevnydhya an API Forgejo.
+token_name = Hanow tokyn
+generate_token = Dinythi tokyn
+generate_token_success = Agas tokyn nowydh re beu dinythys. Kopiewgh lemmyn drefen ny vydh diskwedhys arta.
+generate_token_name_duplicate = <strong>%s</strong> re beu devnydhys avel hanow app seulabrys. Devnydhyewgh onan nowydh mar pleg.
+delete_token = Dilea
+access_token_deletion = Dilea tokyn hedhas
+access_token_deletion_desc = Ow tilea tokyn a wra dilea hedhas dh'gas akont rag appys ow tevnydhya. Hemma ny yllir bos diswul. Pesya?
+delete_token_success = An tokyn re beu dileys. Yma dhe appys ow tevnydhya hedhas dh'gas akont na fella.
+regenerate_token = Dasdinythi
+access_token_regeneration = Dasdinythi tokyn hedhas
+access_token_regeneration_desc = Ow tasdinythi tokyn a wra remova hedhas dh'gas akont rag appys ow tevnydhya. Hemma ny yllir bos digelmys. Pesya?
+regenerate_token_success = An tokyn re beu dasdinythys. Nyns eus hedhas dh'gas akont na fella rag appys ow tevnydhya ha res yw bos nowedhys gans an tokyn nowydh.
+repo_and_org_access = Hedhas gwithva ha kowethyans
+permissions_public_only = Poblek yn unnik
+permissions_access_all = Oll (poblek, privedh, ha strothys)
+select_permissions = Dewis kummyasow
+permission_no_access = Hedhas vyth
+permission_read = Redya
+permission_write = Redya ha skrifa
+permissions_list = Kummyasow:
+manage_oauth2_applications = Dyghtya appys OAuth2
+edit_oauth2_application = Golegi App OAuth2
+remove_oauth2_application = Remova App OAuth2
+remove_oauth2_application_success = An app re beu dileys.
+create_oauth2_application = Gwruthyl app OAuth2 nowydh
+create_oauth2_application_button = Gwruthyl app
+create_oauth2_application_success = Hwi re gwrys appys OAuth2 nowydh yn sewen.
+update_oauth2_application_success = Hwi re nowedhys appys OAuth2 nowydh yn sewen.
+oauth2_application_name = Hanow app
+save_application = Sawya
+oauth2_client_id = ID Kliens
+oauth2_client_secret = Kevrin kliens
+oauth2_regenerate_secret = Dasdinythi kevrin
+oauth2_application_edit = Golegi
+revoke_key = Remova
+revoke_oauth2_grant = Remova hedhas
+revoke_oauth2_grant_success = Hedhas removys yn sewen.
+twofa_disable_note = Hwi a yll marowhe gwirheans dewkamm mars yw res.
+or_enter_secret = Po ynworra an kevrin: %s
+then_enter_passcode = Hag ynworra an kod-tremena diskwedhys y'n app:
+passcode_invalid = Anewn yw an kod-tremena. Assayewgh arta.
+twofa_failed_get_secret = Ny yllir kerghes kevrin.
+webauthn_register_key = Keworra alhwedh sawder
+webauthn_delete_key = Remova alhwedh sawder
+manage_account_links = Akontys keskelmys
+link_account = Keskelmi akont
+remove_account_link = Remova akont keskelmys
+blocked_users_none = Nyns eus devnydhyoryon lettys.
+email_notifications.disable = Marowhe gwarnyansow ebost
+email_notifications.submit = Settya dewis ebost
+quota.sizes.all = Oll
+quota.sizes.repos.all = Gwithvaow
+quota.sizes.repos.public = Gwithvaow poblek
+quota.sizes.repos.private = Gwithvaow privedh
+quota.sizes.git.all = Synsas Git
+quota.sizes.git.lfs = Git LFS
+gpg_key_matched_identities_long = An honaniethow a-bervedh y'n alhwedh ma a omdhesedh an trigvaow ebost byw a sew rag an devnydhyer ma. Gwriansow a omdhesedh an trigvaow ebost ma a yll bos gwirhys gans an alhwedh ma.
+gpg_key_verified_long = Alhwedh re beu gwirhys gans tokyn ha'n alhwedh ma a yll bos devnydhys rag gwirhe gwriansow a omdhesedh neb trigvaow ebost byw rag an devnydhyer ma ha neb honaniethow omdhesedhys rag an alwhedh ma.
+gpg_invalid_token_signature = An alhwedh GPG provys, sinans ha tokyn ny omdhesedha po tokyn yw anterrus.
+ssh_key_verified_long = Alhwedh re beu gwirhys gans tokyn ha'n alhwedh ma a yll bos devnydhys rag gwirhe gwriansow a omdhesedh neb trigvaow ebost byw rag an devnydhyer ma.
+ssh_invalid_token_signature = An alhwedh SSH provys, sinans, po tokyn ny omdhesedha po tokyn yw anterrus.
+ssh_key_deletion_desc = Ow tilea alhwedh SSH a wra remova an hedhas dh'gas akont. Pesya?
+gpg_key_deletion_desc = Ow tilea alhwedh GPG an digwirhys gwriansow sinys dhir. Pesya?
+ssh_signonly = SSH yw marow a-lemmyn ytho an alhwedhow ma yw devnydhys rag gwirheans sinans gwrians hepken.
+access_token_desc = Kummyasow tokyn dewisys a finweth reythheans dhe'n hensyow <a href="%[1]s" target="_blank">API</a> a omdhesedh. Redyewgh an <a href="%[2]s" target="_blank">kowethlyver</a> rag moy kedhlow.
+at_least_one_permission = Res yw dhywgh dewis unn kummyas dhe'n lyha rag gwruthyl tokyn
+oauth2_confidential_client = Kliens kelfydhys. Dewis rag appys ow kwitha an kevrin kelfydhys, kepar hag appys gwi. Na dewisewgh rag appys teythiek ow synsi appys rag amontyellow ha klapkodhow.
+oauth2_redirect_uris = Daskevarwodha URIs. Devnydhyewgh linen nowydh rag pub URI mar pleg.
+oauth2_regenerate_secret_hint = Kellys agas kevrin?
+oauth2_application_create_description = Appys OAuth2 ri hedhas dhe akontys devnydhyer war'n weyth ma dh'gas app parti-tressa.
+oauth2_application_remove_description = Ow tilea app OAuth2 a wra lettya rag ow trehedhes akontys devnydhyer reythhys war'n weyth ma. Pesya?
+oauth2_application_locked = Forgejo a ragkovskrif neb appys OAuth2 dres dalleth mar byw yn selyans. Rag lettya fara anwaytys, an re ma ny yllir bos golegys po removys. Gwelewgh an kowethlyver OAuth2 mar pleg rag moy kedhlow.
+authorized_oauth2_applications = Appys OAuth2 reythhys
+authorized_oauth2_applications_description = Hwi re grontys hedhas dh'gas akont Forgejo personel dhe'n appys parti-tressa ma. Removewgh hedhas mar pleg rag appys yn devnydh na fella.
+revoke_oauth2_grant_description = Ow tilea hedhas rag an app parti-tressa ma a wra lettya an app ma rag ow trehedhes agas data. Owgh hwi sur?
+twofa_desc = Rag gwitha agas akont rag ladrans ger-tremena, hwi a yll devnydhya klapkodh po devis aral rag ow tegemeres geryow-tremena unweyth termyn-selys ("TOTP").
+twofa_recovery_tip = Mar kellowgh agas devis, hwi a yll bos abel rag devnydhya alhwedh yaghheans undevnydh rag daskemeres hedhas dh'gas akont.
+twofa_is_enrolled = Agas akont yw <strong>rolys</strong> yn gwirheans dewkamm a-lemmyn.
+twofa_not_enrolled = Nyns yw agas akont rolys yn gwirheans dewkamm.
+twofa_disable = Marowhe gwirheans dewkamm
+twofa_scratch_token_regenerate = Dasdinythi alhwedh yaghheans undevnydh
+twofa_scratch_token_regenerated = Agas alhwedh undevnydh yw %s lemmyn. Gwithewgh yn le saw, ny vydh diskwedhys arta.
+twofa_enroll = Rolya yn gwirheans dewkamm
+twofa_disable_desc = Ow marowhe gwirheans dewkamm a wra disdiogeli agas akont. Pesya?
+regenerate_scratch_token_desc = Mar kellowgh agas alhwedh yaghheans po hwi re devnydhys seulabrys, hwi a yll dassettya omma.
+twofa_disabled = Gwirheans dewkamm re beu marowhys.
+scan_this_image = Arhwilasewgh an skeusen ma gans agas app reythheans:
+twofa_enrolled = Agas akont re beu rolys yn sewen. Gwithewgh agas alhwedh yaghheans undevnydh yn le saw, ny vydh diskwedhys arta.
+
+[repo]
+repo_name = Hanow gwithva
+new_repo_helper = Gwithva syns oll restrennow ragdres, ow synsi istori amendyans. Owth ostyowgh onan yn le aral seulabrys? <a href="%s">Divroa gwithva</a>.
+new_from_template = Devnydhya ensampel
+new_from_template_description = Hwi a yll dewis ensampel gwithva seulabrys war'n weyth ma ha gweytha an settyansow.
+new_advanced = Settyansow avonsys
+new_advanced_expand = Klyckyewgh rag lesa
+owner = Perghen
+owner_helper = Martesen ny vydh nebes kowethyansow diskwedhes y'n rol drefen finweth somm gwithvaow moyha.
+repo_name_helper = Henwyn gwithvaow da devnydh geryow alhwedh berr, hegov hag unnik.
+repo_size = Braster Gwithva
+size_format = %[1]s: %[2]s, %[3]s: %[4]s
+template = Ensampel
+template_select = Dewis ensampel
+template_helper = Gwruthyl an withva ma ensampel
+template_description = Gwithvaow ensampel gasa devnydhyoryon dinythi gwithvaow nowydh gans an kesweyth restrenva, restrennow, ha settyansow dre dhewis keth.
+visibility = Gweladewder
+admin.manage_flags = Dyghtya baneryow
+admin.enabled_flags = Baneryow bywhys rag an gwithva:
+admin.update_flags = Nowedhi baneryow
+admin.failed_to_replace_flags = Ny yllir aslea baneryow gwithva
+admin.flags_replaced = Baneryow gwithva asleys
+visibility_helper = Gwruthyl gwithva privedh
+all_branches = Oll skorrow
+use_template = Devnydhya an ensampel ma
+open_with_editor = Ygeri gans %s
+download_zip = Iskarga ZIP
+download_tar = Iskarga TAR.GZ
+repo_desc = Deskrifans
+repo_desc_helper = Ynworra deskrifans berr (dre dhewis)
+repo_gitignore_helper = Dewis ensamplys .gitignore
+issue_labels = Labelyow
+issue_labels_helper = Dewis sett label
+license = Leshyans
+license_helper = Dewis restren leshyans
+auto_init = Selya gwithva
+create_repo = Gwruthyl gwithva
+default_branch = Skorr defowt
+default_branch_label = defowt
+mirror_prune = Skethra
+mirror_public_key = Alhwedh SSH poblek
+mirror_use_ssh.text = Devnydhya gwirheans SSH
+mirror_sync = kettermynyegys
+mirror_lfs_endpoint = Diwedhva LFS
+mirror_password_placeholder = (Anchanjys)
+mirror_password_blank_placeholder = (Ansettys)
\ No newline at end of file
diff --git a/options/locale/locale_mk.ini b/options/locale/locale_mk.ini
index 5bc16b4700..b776d0b80b 100644
--- a/options/locale/locale_mk.ini
+++ b/options/locale/locale_mk.ini
@@ -11,4 +11,89 @@ notifications = Нотификации
 sign_in_or = или
 password = Лозинка
 username = Корисничко име
-your_profile = Профил
\ No newline at end of file
+your_profile = Профил
+explore = Истражубај
+sign_in = Најавајте се
+sign_in_with_provider = Логин со %s
+sign_out = Одјавување
+sign_up = Најавење
+link_account = Конто поврзување
+register = Регистрирање
+powered_by = Поддржано од
+page = Страна
+template = Шаблон
+active_stopwatch = Активен следач на време
+tracked_time_summary = Резиме на следеното време врз основа на филтрите од листата на проблеми
+create_new = Содавање…
+user_profile_and_more = Профил и постапки…
+signed_in_as = Најавено како
+enable_javascript = Оваа вебстрана бара JavaScript.
+toc = Содржина
+licenses = Лиценци
+return_to_forgejo = Враќање до Форгејо
+toggle_menu = Преклопи мени
+more_items = Повеќе ставки
+email = Е-пошта адреса
+access_token = Пристапен токен
+re_type = Потврди лозинка
+captcha = Капча
+twofa = Двофакторска автентификација
+twofa_scratch = Двофакторски исцртан код
+passcode = Шифра
+webauthn_insert_key = Вметнете го вашиот безбедносен клуч
+webauthn_sign_in = Притиснете го копчето на вашиот безбедносен клуч. Ако вашиот безбедносен клуч нема копче, повторно вметнете го.
+webauthn_press_button = Притиснете го копчето на вашиот безбедносен клуч…
+webauthn_use_twofa = Користете еден двофакторски код од вашиот телефон
+webauthn_error = Неможно да се чита бесбедносен клуч.
+webauthn_unsupported_browser = Вашиот прелистувач во моментов не ја поддржува WebAuthn.
+webauthn_error_unknown = Се случи непозната грешка. Ве молиме обидете се повторно.
+webauthn_error_insecure = WebAuthn поддржува само сигурни врски. За тестирање преку HTTP, можете да го користите изворот "localhost" или "127.0.0.1"
+webauthn_error_unable_to_process = Серверот не можеше да ја обработи вашето барање.
+webauthn_error_duplicated = Безбедносниот клуч не е дозволен за овој барање. Ве молиме уверете се дека клучот не е веќе регистриран.
+webauthn_error_empty = Мора да е поставено име за овој клуч.
+webauthn_error_timeout = Времето истечало пред да може да се прочита вашиот клуч. Ве молиме освежете ја оваа страница и обидете се повторно.
+repository = Репозиториум
+new_fork = нов форк на репозиториум
+new_project_column = Нова колумна
+admin_panel = Администрација на страната
+settings = Поставки
+your_starred = со ѕвездичка
+your_settings = Поставки
+new_repo.title = Нов репозиториум
+new_migrate.title = Нова миграција
+new_org.title = Нова организација
+new_repo.link = Нов репозиториум
+new_migrate.link = Нова миграција
+new_org.link = Нова организација
+all = Сè
+sources = Извори
+mirrors = Огледала
+collaborative = Соработувачки
+forks = Форки
+activities = Активности
+pull_requests = Барања за спојување
+issues = Проблеми
+milestones = Важни прекретници
+ok = ОК
+cancel = Откажење
+retry = Повторно пробување
+rerun = Повторно изврши
+rerun_all = Сите задачи повторно ѓи изврши
+save = Сочување
+add = Додавање
+add_all = Додавајте сите
+remove = Отстранење
+remove_all = Одстранете сите
+remove_label_str = Одстрани ставка "%s"
+edit = Едитирање
+view = Гледајте
+test = Тест
+enabled = Овозможено
+disabled = Невозможено
+name = Име
+locked = Заклучено
+copy = Копирање
+copy_url = Копирајте УРЛ
+copy_hash = Копирајте Хеш
+copy_path = Копирајте патека
+copy_content = Копирајте содржина
\ No newline at end of file
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index 708ab6b6ef..955ba44bce 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -2719,7 +2719,7 @@ pulls.delete_after_merge.head_branch.is_protected = Head gałęzi który chcesz
 settings.protected_branch_required_rule_name = Wymagana nazwa reguły
 settings.protected_branch_duplicate_rule_name = Już istnieje reguła dla tego zbioru gałęzi
 release.summary_card_alt = Karta podsumowania wydania zatytułowanego "%s" w repozytorium %s
-settings.archive.text = Zarchiwizowanie tego repo sprawi, że będzie ono w całości tylko do odczytu. Będzie ukryte z pulpitu. Nikt (nawet ty!) nie będzie mógł utworzyć nowych commitów, lub otworzyć jakichkolwiek zgłoszeń lub pull requestów.
+settings.archive.text = Zarchiwizowanie tego repo sprawi, że będzie ono w całości tylko do odczytu. Będzie ukryte z pulpitu. Nikt (nawet ty!) nie będzie mógł utworzyć nowych commitów, lub otworzyć jakichkolwiek zgłoszeń lub pull requestów. Udokumentowanie powodu archwizacji jest zalecane jako wskazówka dla przyszłych deweloperów którzy planują sforkować to repozytorium.
 settings.unarchive.button = Odarchiwizuj repo
 commits.view_single_diff = Zobacz zmiany tego pliku wprowadzone w tym commicie
 tag.ahead.target = do %s od tego tagu
@@ -2728,8 +2728,8 @@ settings.matrix.access_token_helper = Zalecane jest skonfigurowanie dedykowany k
 pulls.editable = Edytowalne
 pulls.editable_explanation = Ten pull request zezwala na edycje przez opiekunów. Możesz uczestniczyć w nim bezpośrednio.
 archive.nocomment = Komentowanie nie jest możliwe ponieważ repozytorium jest zarchiwizowane.
-sync_fork.branch_behind_one = Ta gałąź jest %[l]d commit za %[2]s
-sync_fork.branch_behind_few = Ta gałąź jest %[l]d commitów za %[2]s
+sync_fork.branch_behind_one = Ta gałąź jest %[1]d commit za %[2]s
+sync_fork.branch_behind_few = Ta gałąź jest %[1]d commitów za %[2]s
 sync_fork.button = Synchronizuj
 migrate.repo_desc_helper = Pozostaw puste by zaimportować istniejący opis
 issues.filter_no_results = Brak wyników
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index ad3ebebf55..273c68fd8f 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -182,7 +182,7 @@ buttons.bold.tooltip=Adicionar texto em negrito (Ctrl+B / ⌘B)
 buttons.italic.tooltip=Adicionar texto em itálico (Ctrl+I / ⌘I)
 buttons.quote.tooltip=Citar texto
 buttons.code.tooltip=Adicionar código
-buttons.link.tooltip=Adicionar um link
+buttons.link.tooltip=Adicionar um link (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip=Adicionar uma lista com marcadores
 buttons.list.ordered.tooltip=Adicionar uma lista numerada
 buttons.list.task.tooltip=Adicionar uma lista de tarefas
@@ -875,7 +875,7 @@ delete_token=Excluir
 access_token_deletion=Excluir token de acesso
 access_token_deletion_desc=A exclusão de um token revoga o acesso à sua conta para aplicativos que o usam. Continuar?
 delete_token_success=O token foi excluído. Os aplicativos que o utilizam já não têm acesso à sua conta.
-repo_and_org_access=Acesso ao Repositório e Organização
+repo_and_org_access=Acesso ao repositório e organização
 permissions_public_only=Apenas público
 permissions_access_all=Todos (público, privado e limitado)
 select_permissions=Selecionar permissões
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index 5884a9e65a..ddba7440d5 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -2390,7 +2390,7 @@ settings.matrix.room_id=ID da sala
 settings.matrix.message_type=Tipo de mensagem
 settings.archive.button=Arquivar repositório
 settings.archive.header=Arquivar este repositório
-settings.archive.text=Arquivar o repositório irá torná-lo apenas de leitura. Ficará escondido do painel de controlo. Ninguém (nem você!) será capaz de fazer novos cometimentos, abrir questões ou pedidos de integração.
+settings.archive.text=Arquivar o repositório irá torná-lo apenas de leitura. Ficará escondido do painel de controlo. Ninguém (nem você!) será capaz de fazer novos cometimentos, abrir questões ou pedidos de integração. É recomendável documentar o motivo do arquivamento, para orientar futuros programadores que pretendam criar uma derivação do repositório.
 settings.archive.success=O repositório foi arquivado com sucesso.
 settings.archive.error=Ocorreu um erro enquanto decorria o processo de arquivo do repositório. Veja os registo para obter mais detalhes.
 settings.archive.error_ismirror=Não pode arquivar um repositório que tenha sido replicado.
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 3d410c87f8..5affdffb25 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -2611,7 +2611,7 @@ activity.navbar.contributors = Соавторы
 activity.navbar.code_frequency = Частота изменений
 activity.navbar.recent_commits = Недавние коммиты
 settings.confirmation_string = Строка подтверждения
-settings.archive.text = Архивация репозитория сделает всё его содержимое доступным только для чтения. Он будет скрыт с домашнего экрана. Никто (включая вас!) не сможет добавлять коммиты, открывать задачи и запросы слияний.
+settings.archive.text = Архивация репозитория сделает всё его содержимое доступным только для чтения. Он будет скрыт с домашнего экрана. Никто (включая вас!) не сможет добавлять коммиты, открывать задачи и запросы слияний. Укажите где-нибудь причину архивации, чтобы помочь разработчикам, которые, возможно, захотят сделать ответвление репозитория.
 release.deletion_desc = Удаление выпуска удаляет его только в Forgejo. Это действие не затронет тег в git, содержимое репозитория и его историю. Продолжить?
 pulls.agit_explanation = Создано через рабочий поток AGit. С ним можно предлагать изменения, используя команду «git push», без необходимости в создании ответвления или новой ветви.
 settings.webhook.replay.description_disabled = Активируйте веб-хук для повторения отправки.
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 22213cebf4..3e96385031 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -182,7 +182,7 @@ buttons.quote.tooltip = Citera text
 buttons.code.tooltip = Lägg till kod
 buttons.link.tooltip = Lägg till en länk (Ctrl+K / ⌘K)
 buttons.heading.tooltip = Lägg till rubrik
-buttons.bold.tooltip = Lägg till fetstilt text (CTRL+B / ⌘B)
+buttons.bold.tooltip = Lägg till fetstil (Ctrl+B / ⌘B)
 buttons.italic.tooltip = Lägg till kursiv text (CTRL+I / ⌘I)
 buttons.list.unordered.tooltip = Lägg till en punktlista
 buttons.list.ordered.tooltip = Lägg till en numrerad lista
@@ -279,7 +279,7 @@ register_confirm=Kräv bekräftelse via e-post för att registrera
 mail_notify=Aktivera e-postnotiser
 server_service_title=Inställningar för server- och tredjepartstjänster
 offline_mode=Aktivera lokalt läge
-offline_mode.description=Inaktivera CDN från tredjepart och distribuera samtliga resurser lokalt istället.
+offline_mode.description=Inaktivera innehållsleveransnätverk (CDN) från tredjepart och distribuera samtliga resurser lokalt istället.
 disable_gravatar=Inaktivera Gravatar
 disable_gravatar.description=Inaktivera Gravatar- och avatarskällor från tredjepart. Standardbilder kommer att användas för användprofilbilder om de inte laddar upp en egen profilbild till instansen.
 federated_avatar_lookup=Aktivera federerade profilbilder
@@ -761,7 +761,7 @@ add_key=Lägg till nyckel
 ssh_desc=Dessa offentliga SSH-nycklar är kopplade till ditt konto. De motsvarande privata nycklarna ger full åtkomst till dina kodförråd. SSH-nycklar som har verifierats kan användas för att verifiera SSH-signerade Git-incheckningar.
 gpg_desc=Dessa publika GPG-nycklar är kopplade till ditt konto. Håll dina privata nycklar säkra då de gör det möjligt att verifiera incheckningar.
 ssh_helper=<strong>Behöver du hjälp?</strong> Kolla in Github's guide för att <a href="%s">skapa din egen SSH-nycklar</a> eller lösa <a href="%s">vanliga problem</a> som kan uppstå med SSH.
-gpg_helper=<strong>Behöver du hjälp?</strong> Ta en titt på Github's guide <a href="%s"> om GPG</a>.
+gpg_helper=<strong>Behöver du hjälp?</strong> Ta en titt på Github's guide <a href="%s">om GPG</a>.
 key_content_gpg_placeholder=Börjar med "-----BEGIN PGP PUBLIC KEY BLOCK-----"
 ssh_key_been_used=Denna SSH-nyckel har redan lagts till på servern.
 gpg_key_id_used=En publik GPG-nyckel med samma ID existerar redan.
@@ -1595,8 +1595,8 @@ activity.title.releases_published_by=%s publicerad av %s
 activity.published_release_label=Utgåva
 activity.no_git_activity=Det har inte gjorts några commit under den här perioden.
 activity.git_stats_exclude_merges=Exkludera merger,
-activity.git_stats_author_1=%d författare
-activity.git_stats_author_n=%d författare
+activity.git_stats_author_1=%d upphovsperson
+activity.git_stats_author_n=%d upphovspersoner
 activity.git_stats_push_to_all_branches=till alla grenar.
 activity.git_stats_on_default_branch=På %s,
 activity.git_stats_file_1=%d fil
@@ -1759,7 +1759,7 @@ settings.deploy_keys=Distributionsnycklar
 settings.add_deploy_key=Lägg till distributionsnyckel
 settings.deploy_key_desc=Distributionsnycklar kan ha läs- eller läs- och skrivåtkomst till kodförrådet.
 settings.is_writable=Aktivera skrivåtkomst
-settings.is_writable_info=Tillåt denna distributionsnyckel att<strong>skicka</strong> till kodförrådet.
+settings.is_writable_info=Tillåt denna distributionsnyckel att <strong>skicka</strong> till kodförrådet.
 settings.no_deploy_keys=Det finns inga distributionsnycklar ännu.
 settings.title=Titel
 settings.deploy_key_content=Innehåll
@@ -2198,8 +2198,8 @@ issues.filter_milestone_all = Alla milstolpar
 issues.filter_milestone_none = Inga milstolpar
 issues.filter_milestone_open = Öppna milstolpar
 issues.filter_milestone_closed = Stängda milstolpar
-issues.filter_poster = Författare
-issues.filter_poster_no_select = Alla författare
+issues.filter_poster = Upphovsperson
+issues.filter_poster_no_select = Alla upphovspersoner
 issues.filter_type.all_pull_requests = Alla ändringsförfrågningar
 issues.filter_type.review_requested = Granskning begärd
 issues.filter_type.reviewed_by_you = Granskad av dig
@@ -2223,9 +2223,9 @@ issues.no_content = Ingen beskrivning angiven.
 issues.close = Stäng ärende
 issues.comment_pull_merged_at = sammanfogade incheckning %[1]s till %[2]s %[3]s
 issues.comment_manually_pull_merged_at = sammanfogade manuellt incheckning %[1]s till %[2]s %[3]s
-issues.author = Författare
-issues.author.tooltip.issue = Denna användare är författare till detta ärende.
-issues.author.tooltip.pr = Denna användare är författare till denna ändringsförfrågan.
+issues.author = Upphovsperson
+issues.author.tooltip.issue = Användaren är ärendets upphovsperson.
+issues.author.tooltip.pr = Användaren är upphovsperson till ändringsförfrågan.
 issues.role.owner_helper = Denna användare är ägare till detta kodförråd.
 issues.role.member_helper = Denna användare är medlem i organisationen som äger detta kodförråd.
 issues.role.collaborator = Medarbetare
@@ -2278,14 +2278,14 @@ issues.reference_issue.body = Brödtext
 issues.content_history.delete_from_history = Radera från historik
 issues.content_history.delete_from_history_confirm = Radera från historik?
 issues.blocked_by_user = Du kan inte skapa ärenden i det här kodförråd eftersom du är blockerad av kodförrådets ägare.
-comment.blocked_by_user = Kommentering är inte möjlig eftersom du är blockerad av kodförrådets ägare eller författaren.
+comment.blocked_by_user = Det är inte möjligt att kommentera eftersom du är blockerad av kodförrådets ägare eller upphovsperson.
 issues.summary_card_alt = Sammanfattningskort för ett ärende med titel "%s" i kodförråd %s
 compare.compare_base = bas
 pulls.view = Visa ändringsförfrågan
 pulls.edit.already_changed = Det gick inte att spara ändringar till ändringsförfrågan. Det verkar som att innehållet redan har ändrats av en annan användare. Uppdatera sidan och försök redigera igen för att undvika att skriva över deras ändringar
 pulls.sign_in_require = <a href="%s">Logga in</a> för att skapa en ny ändringsförfrågan.
-pulls.allow_edits_from_maintainers = Tillåt redigeringar från underhållare
-pulls.allow_edits_from_maintainers_desc = Användare med skrivåtkomst till basgrenen kan också skicka till den här gren
+pulls.allow_edits_from_maintainers = Tillåt redigeringar från underhållsansvariga
+pulls.allow_edits_from_maintainers_desc = Användare med skrivåtkomst till basgrenen kan också skicka till denna gren
 pulls.allow_edits_from_maintainers_err = Uppdatering misslyckades
 pulls.has_changed_since_last_review = Ändrad sedan din senaste granskning
 pulls.viewed_files_label = %[1]d / %[2]d filer visade
@@ -2295,18 +2295,18 @@ pulls.switch_comparison_type = Byt jämförelsetyp
 pulls.switch_head_and_base = Byt huvud och bas
 pulls.show_all_commits = Visa alla incheckningar
 pulls.show_changes_since_your_last_review = Visa ändringar sedan din senaste granskning
-pulls.showing_only_single_commit = Visar endast ändringar av incheckning %[1]s
+pulls.showing_only_single_commit = Visar endast ändringar för incheckning %[1]s
 pulls.showing_specified_commit_range = Visar endast ändringar mellan %[1]s..%[2]s
 pulls.select_commit_hold_shift_for_range = Välj incheckning. Håll shift + klicka för att välja ett intervall
 pulls.filter_changes_by_commit = Filtrera efter incheckning
 pulls.nothing_to_compare_have_tag = De valda grenarna/taggarna är identiska.
-pulls.nothing_to_compare_and_allow_empty_pr = de här grenar är identiska. den här PR kommer vara tom.
-pulls.has_pull_request = `En ändringsförfrågan mellan de här grenar finns redan: <a href="%[1]s">%[2]s#%[3]d</a>`
+pulls.nothing_to_compare_and_allow_empty_pr = De här grenarna är identiska. Denna PR kommer att vara tom.
+pulls.has_pull_request = `En ändringsförfrågan mellan grenarna finns redan: <a href="%[1]s">%[2]s#%[3]d</a>`
 pulls.merged_success = Ändringsförfrågan sammanfogad och stängd
 pulls.closed = Ändringsförfrågan stängd
 pulls.manually_merged = Manuellt sammanfogad
 pulls.merged_info_text = Grenen %s kan nu raderas.
-pulls.cannot_merge_work_in_progress = den här ändringsförfrågan är markerad som pågående arbete.
+pulls.cannot_merge_work_in_progress = Denna ändringsförfrågan är markerad som pågående arbete.
 pulls.still_in_progress = Ännu pågående?
 pulls.add_prefix = Lägg till <strong>%s</strong>-prefix
 pulls.ready_for_review = Redo för granskning?
@@ -2329,7 +2329,7 @@ pulls.waiting_count_1 = %d väntande granskning
 pulls.waiting_count_n = %d väntande granskningar
 pulls.wrong_commit_id = inchecknings-id måste vara ett inchecknings-id på målgrenen
 pulls.blocked_by_user = Du kan inte skapa en ändringsförfrågan på det här kodförråd eftersom du är blockerad av kodförrådets ägare.
-pulls.no_merge_wip = den här ändringsförfrågan kan inte sammanfogas eftersom den är markerad som pågående arbete.
+pulls.no_merge_wip = Det går inte att sammanfoga denna ändringsförfrågan eftersom den är markerad som pågående arbete.
 pulls.no_merge_not_ready = den här ändringsförfrågan är inte redo att sammanfogas, kontrollera granskningsstatus och statuskontroller.
 pulls.no_merge_access = Du är inte behörig att sammanfoga den här ändringsförfrågan.
 pulls.merge_pull_request = Skapa sammanfogningsincheckning
@@ -2346,43 +2346,43 @@ pulls.unrelated_histories = Sammanfogning misslyckades: Sammanfogningshuvudet oc
 pulls.merge_out_of_date = Sammanfogning misslyckades: Under sammanfogningen uppdaterades basen. Tips: Försök igen.
 pulls.head_out_of_date = Sammanfogning misslyckades: Under sammanfogningen uppdaterades huvudet. Tips: Försök igen.
 pulls.has_merged = Misslyckades: Ändringsförfrågan har redan sammanfogats, du kan inte sammanfoga igen eller ändra målgren.
-pulls.push_rejected = Skickning misslyckades: Skickningen avvisades. Granska Git-krokarna för det här kodförråd.
+pulls.push_rejected = Misslyckades med att skicka: Skickningen avvisades. Granska kodförrådets Git-krokar.
 pulls.push_rejected_summary = Fullständigt avvisningsmeddelande
-pulls.push_rejected_no_message = Skickning misslyckades: Skickningen avvisades men det fanns inget fjärrmeddelande. Granska Git-krokarna för det här kodförråd
-pulls.status_checking = Vissa kontroller väntar
+pulls.push_rejected_no_message = Misslyckades med att skicka: Skickningen avvisades men det fanns inget fjärrmeddelande. Granska kodförrådets Git-krokar
+pulls.status_checking = Väntande kontroller
 pulls.status_checks_success = Alla kontroller lyckades
-pulls.status_checks_warning = Vissa kontroller rapporterade varningar
-pulls.status_checks_failure = Vissa kontroller misslyckades
-pulls.status_checks_error = Vissa kontroller rapporterade fel
+pulls.status_checks_warning = Kontroller rapporterade varningar
+pulls.status_checks_failure = En del kontroller misslyckades
+pulls.status_checks_error = En del kontroller rapporterade fel
 pulls.status_checks_requested = Obligatorisk
 pulls.status_checks_hide_all = Dölj alla kontroller
 pulls.status_checks_show_all = Visa alla kontroller
 pulls.update_branch = Uppdatera gren via sammanfogning
 pulls.update_branch_rebase = Uppdatera gren via ombasering
 pulls.close = Stäng ändringsförfrågan
-pulls.closed_at = `stängde den här ändringsförfrågan %s`
-pulls.reopened_at = `återöppnade den här ändringsförfrågan %s`
-pulls.commit_ref_at = `refererade den här ändringsförfrågan från en incheckning %s`
+pulls.closed_at = `stängde denna ändringsförfrågan %s`
+pulls.reopened_at = `återöppnade denna ändringsförfrågan %s`
+pulls.commit_ref_at = `refererade denna ändringsförfrågan från en incheckning %s`
 pulls.cmd_instruction_hint = Visa kommandoradsinstruktioner
 pulls.cmd_instruction_checkout_title = Checka ut
-pulls.cmd_instruction_checkout_desc = Från din projektkatalog, checka ut en ny gren och testa ändringarna.
+pulls.cmd_instruction_checkout_desc = Checka ut en ny gren från din projektkatalog och testa ändringarna.
 pulls.cmd_instruction_merge_title = Sammanfoga
 pulls.cmd_instruction_merge_desc = Sammanfoga ändringarna och uppdatera på Forgejo.
-pulls.cmd_instruction_merge_warning = <b>Varning:</b> Inställningen "Automatisk identifiering av manuell sammanfogning" är inte aktiverad för det här kodförråd, du måste markera den här ändringsförfrågan som manuellt sammanfogad efteråt.
+pulls.cmd_instruction_merge_warning = <b>Varning:</b> Inställningen "Automatisk identifiering av manuell sammanfogning" är inte aktiverad för detta kodförråd, du måste markera denna ändringsförfrågan som manuellt sammanfogad efteråt.
 pulls.clear_merge_message = Rensa sammanfogningsmeddelande
 pulls.clear_merge_message_hint = Att rensa sammanfogningsmeddelandet tar endast bort incheckningsmeddelandes innehåll och behåller genererade git-trailers som "Co-Authored-By …".
-pulls.reopen_failed.head_branch = Ändringsförfrågan kan inte återöppnas eftersom huvudgrenen inte längre existerar.
-pulls.reopen_failed.base_branch = Ändringsförfrågan kan inte återöppnas eftersom basgrenen inte längre existerar.
+pulls.reopen_failed.head_branch = Det går inte att återöppna denna Ändringsförfrågan eftersom huvudgrenen inte längre existerar.
+pulls.reopen_failed.base_branch = Det går inte att återöppna denna ändringsförfrågan eftersom basgrenen inte längre existerar.
 pulls.made_using_agit = AGit
 pulls.agit_explanation = Skapad med AGit-arbetsflödet. AGit låter bidragsgivare föreslå ändringar med "git-skickning" utan att skapa en avgrening eller en ny gren.
-pulls.editable_explanation = den här ändringsförfrågan tillåter redigeringar från underhållare. Du kan bidra direkt till den.
+pulls.editable_explanation = Denna ändringsförfrågan tillåter redigeringar från underhållare. Du kan bidra direkt.
 pulls.auto_merge_button_when_succeed = (När kontroller lyckas)
-pulls.auto_merge_when_succeed = Automatisk sammanfogning när alla kontroller lyckas
-pulls.auto_merge_newly_scheduled = Ändringsförfrågan schemalagdes att sammanfogas när alla kontroller lyckas.
-pulls.auto_merge_has_pending_schedule = %[1]s schemalade den här ändringsförfrågan för automatisk sammanfogning när alla kontroller lyckas %[2]s.
+pulls.auto_merge_when_succeed = Sammanfoga automatiskt om alla kontroller lyckas
+pulls.auto_merge_newly_scheduled = Ändringsförfrågan har schemalagdes att sammanfogas om alla kontroller lyckas.
+pulls.auto_merge_has_pending_schedule = %[1]s schemalade ändringsförfrågan för automatisk sammanfogning om alla kontroller lyckas %[2]s.
 pulls.auto_merge_cancel_schedule = Avbryt automatisk sammanfogning
-pulls.auto_merge_not_scheduled = den här ändringsförfrågan är inte schemalagd för automatisk sammanfogning.
-pulls.auto_merge_canceled_schedule = Automatisk sammanfogning avbröts för den här ändringsförfrågan.
+pulls.auto_merge_not_scheduled = Denna ändringsförfrågan är inte schemalagd för automatisk sammanfogning.
+pulls.auto_merge_canceled_schedule = Avbröt automatisk sammanfogning avbröts för denna ändringsförfrågan.
 pulls.auto_merge_newly_scheduled_comment = `schemalade den här ändringsförfrågan för automatisk sammanfogning när alla kontroller lyckas %[1]s`
 pulls.auto_merge_canceled_schedule_comment = `avbröt automatisk sammanfogning av den här ändringsförfrågan när alla kontroller lyckas %[1]s`
 pulls.delete_after_merge.head_branch.is_default = Huvudgrenen du vill radera är standardgrenen och kan inte raderas.
@@ -2668,8 +2668,8 @@ diff.generated = genererad
 diff.vendored = tredjepartspaketerad
 diff.comment.add_line_comment = Lägg till radkommentar
 diff.review.header = Skicka granskning
-diff.review.self_reject = Ändringsförfrågan-författare kan inte begära ändringar på sin egen ändringsförfrågan
-diff.review.self_approve = Ändringsförfrågan-författare kan inte godkänna sin egen ändringsförfrågan
+diff.review.self_reject = En upphovsperson av en ändringsförfrågan kan inte begära ändringar på sin egen ändringsförfrågan
+diff.review.self_approve = Upphovspersonen av en ändringsförfrågan kan inte godkänna sin egen ändringsförfrågan
 diff.protected = Skyddad
 diff.image.side_by_side = Sida vid sida
 diff.image.swipe = Svep
diff --git a/options/locale/locale_tok.ini b/options/locale/locale_tok.ini
index 416c88d21b..bb485b94fb 100644
--- a/options/locale/locale_tok.ini
+++ b/options/locale/locale_tok.ini
@@ -6,4 +6,15 @@ home = open
 dashboard = ijo sin
 explore = o alasa
 help = o pana e sona
-logo = sitelen pi ilo Posejo li lon poka sewi. jan li ken ala lukin e sitelen la, ona li lukin e toki "sitelen".
\ No newline at end of file
+logo = sitelen pi ilo Posejo li lon poka sewi. jan li ken ala lukin e sitelen la, ona li lukin e toki "sitelen".
+link_account = o wan e nimi
+sign_up = o pali e nimi
+sign_in = o pana e nimi
+sign_in_with_provider = o pana e nimi kepeken %s
+sign_in_or = anu
+sign_out = o weka e nimi
+register = o pali e nimi
+powered_by = kepeken %s
+page = lipu
+template = nasin open
+notifications = kama sona lili
\ No newline at end of file
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index a1e7455471..3c9a7d4f61 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -298,7 +298,7 @@ openid_signin.description=Увімкнути вхід за допомогою Op
 openid_signup=Увімкнути самостійну реєстрацію за допомогою OpenID
 openid_signup.description=Увімкнути самореєстрацію користувачів тільки через OpenID.
 enable_captcha=Увімкнути CAPTCHA при реєстрації
-enable_captcha.description=Вимагати перевірку CAPTCHA для створення облікових записів.
+enable_captcha.description=Вимагати перевірки CAPTCHA для створення облікових записів.
 require_sign_in_view=Вимагати авторизації для перегляду вмісту екземпляра
 admin_setting.description=Створювати обліковий запис адміністратора необов’язково. Перший зареєстрований користувач автоматично стає адміністратором.
 admin_title=Налаштування облікового запису адміністратора
@@ -391,7 +391,7 @@ active_your_account=Активація облікового запису
 account_activated=Обліковий запис активовано
 prohibit_login=Обліковий запис призупинено
 resent_limit_prompt=Нещодавно ви вже запросили активацію по електронній пошті. Будь ласка, зачекайте 3 хвилини, а потім спробуйте ще раз.
-has_unconfirmed_mail=Привіт, %s! У вас є непідтверджена електронна адреса (<b>%s </b>). Якщо ви не отримали електронний лист із підтвердженням або вам потрібно надіслати новий, натисніть на кнопку нижче.
+has_unconfirmed_mail=Привіт, %s! У вас є непідтверджена електронна адреса (<b>%s</b>). Якщо ви не отримали електронний лист із підтвердженням або вам потрібно надіслати новий, натисніть на кнопку нижче.
 resend_mail=Натисніть тут, щоб вислати лист активації знову
 send_reset_mail=Надіслати листа для відновлення
 reset_password=Відновлення облікового запису
@@ -770,7 +770,7 @@ manage_gpg_keys=Керування ключами GPG
 add_key=Додати ключ
 ssh_desc=Ці відкриті ключі SSH пов’язані з вашим обліковим записом. Відповідні приватні ключі дозволяють отримати повний доступ до ваших репозиторіїв. Підтверджені ключі можна використати для підтвердження комітів Git, підписаних із SSH.
 principal_desc=Ці принципали SSH-сертифікатів пов’язані з вашим обліковим записом і надають повний доступ до ваших репозиторіїв.
-gpg_desc=Ці відкриті ключі GPG пов’язані з вашим обліковим записом і використовуються для підтвердження комітів. Тримайте свої приватні ключі в безпеці, оскільки вони дозволяють підписувати коміти вашим особистим підписом.
+gpg_desc=Ці відкриті ключі GPG пов’язані з вашим обліковим записом і використовуються для підтвердження комітів. Тримайте відповідні приватні ключі в безпеці, оскільки саме вони дозволяють підписувати коміти від вашого імені.
 ssh_helper=<strong>Потрібна допомога?</strong> Перегляньте посібник із <a href="%s">генерації ключів SSH</a> або виправлення <a href="%s">типових неполадок SSH</a>.
 gpg_helper=<strong>Потрібна допомога?</strong> Перегляньте посібник <a href="%s">про GPG</a>.
 key_content_ssh_placeholder=Починається з «ssh-ed25519», «ssh-rsa», «ecdsa-sha2-nistp256», «ecdsa-sha2-nistp384», «ecdsa-sha2-nistp521», «sk-ecdsa-sha2-nistp256@openssh.com» або «sk-ssh-ed25519@openssh.com»
@@ -781,7 +781,7 @@ ssh_key_name_used=Ключ SSH із такою назвою вже існує у
 ssh_principal_been_used=Цей принципал уже доданий на сервер.
 gpg_key_id_used=Відкритий ключ GPG з таким ідентифікатором уже існує.
 gpg_no_key_email_found=Цей ключ GPG не відповідає жодній активованій поштовій адресі, яка пов’язана з вашим обліковим записом. Його все одно можна додати, якщо ви підпишете наданий токен.
-gpg_key_matched_identities=Відповідні отримувачі:
+gpg_key_matched_identities=Відповідні ідентифікатори:
 gpg_key_matched_identities_long=Вбудовані ідентифікатори цього ключа збігаються з такими активованими адресами електронної пошти користувач_ки. Коміти, які відповідають цим адресам, можуть бути підтверджені цим ключем.
 gpg_key_verified=Перевірений ключ
 gpg_key_verified_long=Ключ перевірений за допомогою токена і може підтверджувати коміти з будь-яких активованих адрес електронної пошти користувач_ки на додачу до будь-яких відповідних ідентифікаторів цього ключа.
@@ -985,7 +985,7 @@ keep_pronouns_private.description = Ваші займенники не буде
 hidden_comment_types.ref_tooltip = Коментарі, в яких на цю задачу послалися з іншої задачі, коміту тощо
 hidden_comment_types.issue_ref_tooltip = Коментарі, в яких користувач_ка змінює гілку чи тег, пов’язані з задачею
 comment_type_group_review_request = Запит на відгук
-access_token_desc = При обраних для токена дозволах будуть авторизовані лише відповідні <a href="%[1]s" target="_blank">API</a>-роути. Докладніше в <a href="%[2]s" target="_blank">документації</a>.
+access_token_desc = При обраних для токена дозволах будуть авторизовані лише відповідні <a href="%[1]s" target="_blank">API</a>-роути. Докладніше — в <a href="%[2]s" target="_blank">документації</a>.
 update_oauth2_application_success = Програму OAuth2 успішно оновлено.
 oauth2_client_secret_hint = Ключ більше не буде показано після закриття чи оновлення сторінки. Обов'язково його збережіть.
 oauth2_application_remove_description = Видалена програма OAuth2 не зможе доступатись авторизованих користувацьких облікових записів на цьому сервері. Продовжити?
@@ -1131,7 +1131,7 @@ migrate.clone_address=Перенести / клонувати з URL-адрес
 migrate.clone_address_desc=URL-адреса HTTP(S) або Git «clone» існуючого репозиторію
 migrate.clone_local_path=або шлях до локального сервера
 migrate.permission_denied=Вам не дозволено імпортувати локальні репозиторії.
-migrate.permission_denied_blocked=Ви не можете імпортувати з заборонених вузлів. Будь ласка, попросіть адміністраторів перевірити налаштування ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS.
+migrate.permission_denied_blocked=Ви не можете імпортувати із заборонених хостів. Будь ласка, попросіть адміністраторів перевірити налаштування ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS.
 migrate.invalid_lfs_endpoint=Помилкова кінцева точка LFS.
 migrate.failed=Перенесення не вдалося: %v
 migrate.migrate_items_options=Для перенесення додаткових елементів потрібен токен доступу
@@ -1341,7 +1341,7 @@ issues.add_milestone_at=`додає до етапу <b>%s</b> %s`
 issues.add_project_at=`додає до проєкту <b>%s</b> %s`
 issues.change_milestone_at=`змінює етап з <b>%s</b> на <b>%s</b> %s`
 issues.change_project_at=`змінює проєкт із <b>%s</b> на <b>%s</b> %s`
-issues.remove_milestone_at=`видаляє з етапу<b>%s</b> %s`
+issues.remove_milestone_at=`видаляє з етапу <b>%s</b> %s`
 issues.remove_project_at=`видаляє з проєкту <b>%s</b> %s`
 issues.deleted_milestone=`(видалено)`
 issues.deleted_project=`(видалено)`
@@ -1595,7 +1595,7 @@ pulls.required_status_check_failed=Деякі необхідні перевір
 pulls.required_status_check_missing=Декілька з необхідних перевірок відсутні.
 pulls.required_status_check_administrator=Як адміністратор ви все одно можете об’єднати цей запит на злиття.
 pulls.can_auto_merge_desc=Цей запит можна об’єднати автоматично.
-pulls.cannot_auto_merge_desc=Цей запит на злиття не може бути злитий автоматично через конфлікти.
+pulls.cannot_auto_merge_desc=Цей запит на злиття неможливо злити автоматично через конфлікти.
 pulls.cannot_auto_merge_helper=Злийте вручну для вирішення конфліктів.
 pulls.num_conflicting_files_1=%d конфліктний файл
 pulls.num_conflicting_files_n=%d конфліктних файлів
@@ -1819,15 +1819,15 @@ settings.admin_enable_close_issues_via_commit_in_any_branch=Закрити за
 settings.danger_zone=Небезпечна зона
 settings.new_owner_has_same_repo=Новий власник уже має репозиторій з такою назвою. Будь ласка, виберіть іншу назву.
 settings.convert=Перетворити на звичайний репозиторій
-settings.convert_desc=Ви можете сконвертувати це дзеркало у звичайний репозиторій. Це не може бути скасовано.
-settings.convert_notices_1=Ця операція перетворить дзеркало у звичайний репозиторій і не може бути скасована.
+settings.convert_desc=Ви можете перетворити це дзеркало на звичайний репозиторій. Цю дію неможливо скасувати.
+settings.convert_notices_1=Ця операція перетворить дзеркало на звичайний репозиторій і не може бути скасована.
 settings.convert_confirm=Перетворити репозиторій
-settings.convert_succeed=Репозиторій успішно перетворений в звичайний.
+settings.convert_succeed=Репозиторій успішно перетворено на звичайний.
 settings.convert_fork=Перетворити на звичайний репозиторій
 settings.convert_fork_desc=Ви можете перетворити цей форк на звичайний репозиторій. Цю дію неможливо скасувати.
-settings.convert_fork_notices_1=Ця операція перетворить форк на звичайний репозиторій та не може бути скасованою.
+settings.convert_fork_notices_1=Ця операція перетворить форк на звичайний репозиторій і не може бути скасована.
 settings.convert_fork_confirm=Перетворити репозиторій
-settings.convert_fork_succeed=Цей форк успішно перетворено на звичайний репозиторій.
+settings.convert_fork_succeed=Форк успішно перетворено на звичайний репозиторій.
 settings.transfer.title=Передати новому власнику
 settings.transfer.rejected=Передачу репозиторію відхилено.
 settings.transfer.success=Передача репозиторію відбулася успішно.
@@ -2009,7 +2009,7 @@ settings.protect_approvals_whitelist_users=Білий список реценз
 settings.protect_approvals_whitelist_teams=Білий список команд рецензентів
 settings.dismiss_stale_approvals=Відхилити застарілі схвалення
 settings.dismiss_stale_approvals_desc=Коли нові коміти, що змінюють вміст запиту на злиття, надсилаються в гілку, старі схвалення будуть відхилені.
-settings.require_signed_commits=Вимагати підпис комітів
+settings.require_signed_commits=Вимагати підпису комітів
 settings.require_signed_commits_desc=Відхиляти push до цієї гілки, якщо вони не підписані або підпис неможливо перевірити.
 settings.protected_branch_deletion=Вимкнути захист гілки
 settings.protected_branch_deletion_desc=Будь-який користувач із дозволом на запис зможе виконувати push в цю гілку. Продовжити?
@@ -3334,7 +3334,7 @@ config_summary = Підсумок
 monitor.queue.review_add = Переглянути / додати обробники
 monitor.queue.activeworkers = Активні обробники
 monitor.queue.numberinqueue = Номер у черзі
-monitor.queue.settings.desc = Пули динамічно зростають у відповідь на блокування їхніх черг обробників.
+monitor.queue.settings.desc = Пули динамічно зростають у відповідь на блокування черг їхніх обробників.
 monitor.queue.settings.remove_all_items_done = Усі елементи в черзі видалено.
 monitor.queue.settings.remove_all_items = Видалити всі
 config.app_slogan = Гасло екземпляра
@@ -3402,7 +3402,7 @@ auths.oauth2_required_claim_value_helper = Вкажіть значення, що
 auths.oauth2_group_claim_name = Назва заявки, що надає назви груп для цього джерела. (Необов’язково)
 auths.oauth2_restricted_group = Значення групової заявки для обмежених користувачів. (Необов’язково — потрібна назва заявки вище)
 users.local_import.description = Дозволити імпорт репозиторіїв з локальної файлової системи сервера. Це може становити загрозу безпеці.
-identity_access = Особистість та доступ
+identity_access = Ідентифікація і доступ
 users.activated.description = Завершення перевірки електронної пошти. Власник неактивованого облікового запису не зможе ввійти, допоки не підтвердить свою адресу електронної пошти.
 users.block.description = Заборонити цьому користувачу користуватися цим сервісом через їх обліковий запис та заборонити вхід до їхнього облікового запису.
 users.admin.description = Надати цьому користувачу доступ до всіх адміністративних функцій через інтерфейс та API.
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index d292f171df..87087e3d20 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -1445,12 +1445,12 @@ issues.label_templates.info=还没有任何标签。您可以使用“创建标
 issues.label_templates.helper=选择标签模板
 issues.label_templates.use=使用标签集
 issues.label_templates.fail_to_load_file=加载标签模板文件%s时发生错误：%v
-issues.add_label=于%[2]s添加了标签%[1]s
-issues.add_labels=于%s添加%s标签
-issues.remove_label=于%[2]s删除了标签%[1]s
-issues.remove_labels=于%[2]s删除了标签%[1]s
-issues.add_remove_labels=于%[3]s添加了标签%[1]s，删除了标签%[2]s
-issues.add_milestone_at=于%[2]s添加了里程碑<b>%[1]s</b>
+issues.add_label=添加了标签%[1]s %[2]s
+issues.add_labels=添加了%s标签 %s
+issues.remove_label=删除了标签%[1]s %[2]s
+issues.remove_labels=删除了标签%[1]s %[2]s
+issues.add_remove_labels=添加了标签%[1]s，删除了标签%[2]s %[3]s
+issues.add_milestone_at=添加了里程碑<b>%[1]s</b> %[2]s
 issues.add_project_at=将此添加到<b>%s</b>项目%s
 issues.change_milestone_at=%[3]s修改了里程碑从<b>%[1]s</b>到<b>%[2]s</b>
 issues.change_project_at=修改项目从<b>%s</b>到<b>%s</b> %s
@@ -1458,15 +1458,15 @@ issues.remove_milestone_at=%[2]s删除了里程碑<b>%[1]s</b>
 issues.remove_project_at=从<b>%s</b>项目%s中删除
 issues.deleted_milestone=（已删除）
 issues.deleted_project=（已删除）
-issues.self_assign_at=于%s指派给自己
-issues.add_assignee_at=于%[2]s被<b>%[1]s</b>指派
+issues.self_assign_at=指派给了自己 %s
+issues.add_assignee_at=得到了<b>%[1]s</b>的指派 %[2]s
 issues.remove_assignee_at=<b>%s</b>取消了指派在%s
-issues.remove_self_assignment=于%s取消了指派
-issues.change_title_at=于%[3]s修改标题<b><strike>%[1]s</strike></b>为<b>%[2]s</b>
+issues.remove_self_assignment=取消了给自己的指派 %s
+issues.change_title_at=修改标题<b><strike>%[1]s</strike></b>为<b>%[2]s</b> %[3]s
 issues.change_ref_at=将引用从<b><strike>%s</strike></b>更改为了<b>%s</b> %s
 issues.remove_ref_at=删除了引用<b>%s</b> %s
 issues.add_ref_at=添加了引用<b>%s</b> %s
-issues.delete_branch_at=于%[2]s删除了分支<b>%[1]s</b>
+issues.delete_branch_at=删除了分支<b>%[1]s</b> %[2]s
 issues.filter_label=标签
 issues.filter_label_exclude=使用 <kbd>Alt</kbd> + <kbd>单击</kbd> 排除标签
 issues.filter_label_no_select=所有标签
@@ -1513,11 +1513,11 @@ issues.action_assignee=指派人筛选
 issues.action_assignee_no_select=未指派
 issues.action_check=选中/取消选中
 issues.action_check_all=选中/取消选中所有项目
-issues.opened_by=由<a href="%[2]s">%[3]s</a>创建于%[1]s
+issues.opened_by=由<a href="%[2]s">%[3]s</a>在%[1]s创建
 pulls.merged_by=由<a href="%[2]s">%[3]s</a>创建，合并于%[1]s
 pulls.merged_by_fake=由%[2]s创建，合并于%[1]s
 issues.closed_by=由<a href="%[2]s">%[3]s</a>创建，被关闭于%[1]s
-issues.opened_by_fake=由%[2]s于%[1]s打开
+issues.opened_by_fake=由%[2]s在%[1]s打开
 issues.closed_by_fake=由%[2]s创建，被关闭于%[1]s
 issues.previous=上一页
 issues.next=下一页
@@ -1542,12 +1542,12 @@ issues.reopen_issue=重新开放
 issues.reopen_comment_issue=重新打开并评论
 issues.create_comment=评论
 issues.closed_at=关闭了此议题%s
-issues.reopened_at=于%s重新打开了此议题
-issues.commit_ref_at=于%s从提交中引用了此议题
-issues.ref_issue_from=于%[1]s <a href="%[2]s">引用了此议题%[3]s</a>
+issues.reopened_at=重新打开了此议题 %s
+issues.commit_ref_at=从提交中引用了此议题 %s
+issues.ref_issue_from=<a href="%[2]s">引用了此议题%[3]s</a> %[1]s
 issues.ref_pull_from=<a href="%[2]s">引用了此合并请求%[3]s</a> %[1]s
-issues.ref_closing_from=于%[1]s <a href="%[2]s">从合并请求%[3]s引用了此议题，将关闭此议题</a>
-issues.ref_reopening_from=于%[1]s <a href="%[2]s">从合并请求%[3]s引用了此议题，将重新打开此议题</a>
+issues.ref_closing_from=a href="%[2]s">从合并请求%[3]s引用了此议题，该合并请求会关闭此议题</a> %[1]s
+issues.ref_reopening_from=<a href="%[2]s">从合并请求%[3]s引用了此议题，该合并请求会重新打开此议题</a> %[1]s
 issues.ref_from=来自%[1]s
 issues.author=作者
 issues.role.owner=所有者
@@ -1598,16 +1598,16 @@ issues.subscribe=订阅
 issues.unsubscribe=取消订阅
 issues.unpin_issue=取消置顶
 issues.max_pinned=您不能置顶更多议题
-issues.pin_comment=于%s置顶本议题
-issues.unpin_comment=于%s取消置顶本议题
+issues.pin_comment=置顶了本议题 %s
+issues.unpin_comment=取消了置顶本议题 %s
 issues.lock=锁定对话
 issues.unlock=解锁对话
 issues.lock.unknown_reason=由于未知原因无法锁定。
 issues.lock_duplicate=一个议题不能被锁定两次。
 issues.unlock_error=无法解锁一个未锁定的议题。
-issues.lock_with_reason=于%[2]s以<strong>%[1]s</strong>锁定本议题，并限制仅限协作者发言
-issues.lock_no_reason=于%s锁定本议题并限制仅协作者可发言
-issues.unlock_comment=于%s解锁此议题
+issues.lock_with_reason=因为<strong>%[1]s</strong>而锁定了本议题，并限制仅限协作者发言 %[2]s
+issues.lock_no_reason=锁定了本议题，并限制仅协作者可发言 %s
+issues.unlock_comment=解锁了此议题 %s
 issues.lock_confirm=锁定
 issues.unlock_confirm=解锁
 issues.lock.notice_1=-其他用户不能评论此议题。
@@ -1644,17 +1644,17 @@ issues.add_time_sum_to_small=没有输入时间。
 issues.time_spent_total=总用时
 issues.time_spent_from_all_authors=总花费时间：%s
 issues.due_date=到期时间
-issues.push_commit_1=于%[2]s推送了%[1]d个提交
-issues.push_commits_n=于%[2]s推送了%[1]d个提交
-issues.force_push_codes=于%[6]s强制推送了%[1]s，从<a class="%[7]s" href="%[3]s"><code>%[2]s</code></a>%[8]s至<a class="%[7]s" href="%[5]s"><code>%[4]s</code></a>%[9]s
+issues.push_commit_1=推送了%[1]d个提交 %[2]s
+issues.push_commits_n=推送了%[1]d个提交 %[2]s
+issues.force_push_codes=强制推送了%[1]s，从<a class="%[7]s" href="%[3]s"><code>%[2]s</code></a>%[8]s至<a class="%[7]s" href="%[5]s"><code>%[4]s</code></a>%[9]s %[6]s
 issues.force_push_compare=比较
 issues.due_date_form=yyyy年mm月dd日
 issues.due_date_form_edit=编辑
 issues.due_date_form_remove=删除
 issues.due_date_not_set=未设置到期时间。
-issues.due_date_added=于%[2]s设置到期时间为%[1]s
-issues.due_date_modified=于%[3]s将到期日从%[2]s修改为%[1]s
-issues.due_date_remove=于%[2]s删除了到期时间%[1]s
+issues.due_date_added=设置到期时间为%[1]s %[2]s
+issues.due_date_modified=将到期日从%[2]s修改为%[1]s %[3]s
+issues.due_date_remove=删除了到期时间%[1]s %[2]s
 issues.due_date_overdue=超期
 issues.due_date_invalid=到期日期无效或超出范围。请使用“yyyy-mm-dd”格式。
 issues.dependency.title=依赖议题
@@ -1690,17 +1690,17 @@ issues.dependency.add_error_cannot_create_circular=您不能创建依赖，使
 issues.dependency.add_error_dep_not_same_repo=这两个议题必须在同一仓库。
 issues.review.self.approval=您不能批准您自己的合并请求。
 issues.review.self.rejection=您不能请求对您自己的合并请求进行更改。
-issues.review.approve=于%s批准此合并请求
-issues.review.comment=评审于%s
-issues.review.dismissed=于%[2]s取消了%[1]s的评审
+issues.review.approve=批准了此合并请求 %s
+issues.review.comment=完成评审 %s
+issues.review.dismissed=取消了%[1]s的评审 %[2]s
 issues.review.dismissed_label=已取消
 issues.review.left_comment=留下了一条评论
 issues.review.content.empty=您需要留下一个注释，表明需要的更改。
-issues.review.reject=于%s请求更改
+issues.review.reject=请求更改 %s
 issues.review.wait=于 %s 请求评审
-issues.review.add_review_request=于%[2]s请求%[1]s评审
-issues.review.remove_review_request=于%[2]s取消对%[1]s的评审请求
-issues.review.remove_review_request_self=于%s拒绝评审
+issues.review.add_review_request=请求%[1]s评审 %[2]s
+issues.review.remove_review_request=取消对%[1]s的评审请求 %[2]s
+issues.review.remove_review_request_self=拒绝评审 %s
 issues.review.pending=待定
 issues.review.pending.tooltip=此评论目前对其他用户不可见。若要提交您的待定评论，请在页面顶部选择%s -> %s/%s/%s。
 issues.review.reviewers=评审人
@@ -1841,8 +1841,8 @@ pulls.update_branch_success=分支更新成功
 pulls.update_not_allowed=您无权更新分支
 pulls.outdated_with_base_branch=此分支相比基础分支已过期
 pulls.close=关闭
-pulls.closed_at=于%s关闭了此合并请求
-pulls.reopened_at=于%s重新打开了此合并请求
+pulls.closed_at=关闭了此合并请求 %s
+pulls.reopened_at=重新打开了此合并请求 %s
 pulls.cmd_instruction_hint=查看命令行说明
 pulls.cmd_instruction_checkout_title=检出
 pulls.cmd_instruction_checkout_desc=从你的仓库中检出一个新的分支并测试变更。
@@ -2386,7 +2386,7 @@ settings.matrix.room_id=房间ID
 settings.matrix.message_type=消息类型
 settings.archive.button=存档仓库
 settings.archive.header=存档此仓库
-settings.archive.text=存档仓库将使其完全只读。它将在首页隐藏。没有人（甚至包括你！）能够进行新的提交，或打开议题及合并请求。建议记载存档的原因以便引导未来计划从本仓库派生新仓库的开发者。
+settings.archive.text=存档后，仓库将变为完全只读并从首页隐藏。没有人能够推送新的提交（你也不能！）、打开议题及合并请求。建议记录存档的原因，以便引导未来计划从派生本仓库的开发者。
 settings.archive.success=仓库已成功存档。
 settings.archive.error=仓库在存档时出现异常。请通过日志获取详细信息。
 settings.archive.error_ismirror=不能存档镜像仓库。
@@ -2604,7 +2604,7 @@ settings.wiki_rename_branch_main = 标准化百科分支名称
 settings.wiki_rename_branch_main_notices_1 = 此操作<strong>无法</strong>撤消。
 settings.wiki_branch_rename_success = 百科仓库的分支名称已成功规范化。
 settings.confirm_wiki_branch_rename = 重命名百科分支
-pulls.commit_ref_at = 于%s从提交中引用了此合并请求
+pulls.commit_ref_at = 从提交中引用了此合并请求 %s
 settings.wiki_rename_branch_main_notices_2 = 这将永久重命名%s的仓库百科的内部分支。现存的检出方式需要更新。
 settings.wiki_branch_rename_failure = 无法标准化仓库百科的分支名称。
 settings.add_collaborator_blocked_our = 因仓库所有者已将其拉黑，不能添加该用户为协作者。
@@ -2691,9 +2691,9 @@ mirror_use_ssh.not_available = SSH验证不可用。
 issues.new.assign_to_me = 指派给我
 issues.all_title = 全部
 settings.discord_icon_url.exceeds_max_length = 图标URL必须小于或等于2048个字符
-issues.review.remove_review_requests = 于%[2]s取消对%[1]s的评审请求
-issues.review.add_review_requests = 于%[2]s请求%[1]s评审
-issues.review.add_remove_review_requests = 于%[3]s请求%[1]s评审，并取消对%[2]s的评审请求
+issues.review.remove_review_requests = 取消对%[1]s的评审请求 %[2]s
+issues.review.add_review_requests = 请求%[1]s评审 %[2]s
+issues.review.add_remove_review_requests = 请求%[1]s评审，并取消了对%[2]s的评审请求 %[3]s
 pulls.delete_after_merge.head_branch.is_protected = 您要删除的头部分支是受保护的分支，无法删除。
 pulls.delete_after_merge.head_branch.insufficient_branch = 您没有权限删除头部分支。
 pulls.delete_after_merge.head_branch.is_default = 您要删除的头部分支是默认分支，无法删除。
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index 989e404f46..faf20f2864 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -1,19 +1,23 @@
 {
 	"counters.n_commits": {
 		"one": "%s commit",
-		"other": "%s commits"
+		"many": "%s commits",
+		"other": ""
 	},
 	"counters.n_branches": {
 		"one": "Branca %s",
-		"other": "Branques %s"
+		"many": "Branques %s",
+		"other": ""
 	},
 	"counters.n_tags": {
 		"one": "Etiqueta %s",
-		"other": "Etiquetes %s"
+		"many": "Etiquetes %s",
+		"other": ""
 	},
 	"counters.n_releases": {
 		"one": "Publicació %s",
-		"other": "Publicacions %s"
+		"many": "Publicacions %s",
+		"other": ""
 	},
 	"fork.n_forks": {
 		"one": "%s fork",
@@ -335,5 +339,100 @@
 	"packages.about": "Sobre aquest paquet",
 	"packages.requirements": "Requisits",
 	"packages.dependencies": "Dependències",
-	"packages.keywords": "Paraules clau"
+	"packages.keywords": "Paraules clau",
+	"migrate.select.title": "Migra el repositori",
+	"install.ssh_authorized_keys_unexpected_key": "Activar l'SSH a Forgejo entra en conflicte amb el fitxer localitzat a %s que ja conté claus SSH. Consell: useu un usuari de sistema dedicat per a Forgejo, o bé desactiveu l'SSH.",
+	"admin.federation.federation": "Federació",
+	"admin.federation.hosts": "Amfitrions",
+	"admin.federation.hosts.title": "Amfitrions de federació",
+	"admin.federation.hosts.manage_panel": "Gestiona els amfitrions de la federació",
+	"admin.federation.hosts.details_panel": "Detalls de l'amfitrió de la federació",
+	"admin.federation.hosts.show_details": "Mostra els detalls de l'amfitrió",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "Esquema",
+	"admin.federation.host.port": "Port",
+	"admin.federation.host.software_name": "Programari",
+	"admin.federation.host.created": "Creat",
+	"admin.federation.host.updated": "Actualitzat",
+	"admin.federation.host.latest_activity": "Darrera activitat",
+	"admin.federation.users": "Usuaris",
+	"admin.federation.users.title": "Usuaris federats",
+	"admin.federation.users.manage_panel": "Gestiona usuaris federats",
+	"admin.federation.users.show_local_user": "Mostra detalls de l'usuari local",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "ID de l'usuari local",
+	"admin.federation.user.external_id": "ID de l'usuari extern",
+	"admin.federation.user.inbox_path": "Camí de la safata d'entrada",
+	"admin.config.federation": "Configuració de la federació",
+	"admin.config.federation.enabled": "Actiu",
+	"admin.config.federation.share_user_statistics": "Comparteix les estadístiques d'usuari amb altres amfitrions",
+	"admin.config.federation.max_size": "Mida màxima de resposta permesa",
+	"admin.config.federation.signature_enforced": "Requereix signatures HTTP",
+	"admin.config.federation.signature_algorithms": "Algoritmes de signatura",
+	"admin.config.federation.get_headers": "Capçaleres GET signades",
+	"admin.config.federation.post_headers": "Capçaleres POST signades",
+	"moderation.users.cannot_suspend_self": "No podeu suspendre-us.",
+	"settings.new_access_token": "Nou testimoni d'accés",
+	"settings.permissions_access_specific_repositories": "Repositoris específics",
+	"settings.access_token.selected_repositories": {
+		"one": "Repositori seleccionat (%d)",
+		"many": "Repositoris seleccionats (%d)",
+		"other": "Repositoris seleccionats (%d)"
+	},
+	"settings.access_token.available_repositories": "Repositoris disponibles",
+	"settings.access_token.no_repositories_selected": "No s'ha seleccionat cap repositori.",
+	"settings.access_token.no_repositories_found": "No s'ha trobat cap repositori.",
+	"settings.access_token.remove": "Elimina %s",
+	"settings.access_token.resource_all_help": "Permet l'accés a tots els recursos.",
+	"settings.access_token.resource_public_only_help": "Limita l'accés als repositoris i organitzacions públics.",
+	"settings.access_token.resource_specific_repo_help": "Limita l'accés a una llista específica de repositoris. L'accés de només-lectura es permet a tots els repositoris públics. Només es poden habilitar els permisos que permeten l'accés a repositoris i incidències.",
+	"settings.access_token.admin_disabled": "Els permisos d'administració estan deshabilitats.",
+	"user.activitypub_feed.no_activity": "Sense activitat al fedivers",
+	"user.activitypub_feed.posted_on": "Publicat a %[1]s",
+	"user.activitypub_feed.original_source": "Font original",
+	"gpg.error.probable_bad_default_signature": "COMPTE! Malgrat la clau per defecte té aquesta ID, no verifica aquest commit! Aquest commit és SOSPITÓS.",
+	"notification.notifications": "Notificacions",
+	"notification.unread": "Sense llegir",
+	"notification.read": "Llegides",
+	"notification.no_unread": "No hi ha notificacions sense llegir.",
+	"notification.no_read": "No hi ha notificacions llegides.",
+	"notification.mark_as_read": "Marca com a llegida",
+	"notification.mark_as_unread": "Marca com a no llegida",
+	"packages.details": "Detalls",
+	"packages.details.author": "Autor",
+	"packages.details.project_site": "Pàgina web del projecte",
+	"packages.details.repository_site": "Pàgina web del repositori",
+	"packages.details.documentation_site": "Pàgina web de documentació",
+	"packages.details.license": "Llicència",
+	"packages.versions": "Versions",
+	"packages.versions.view_all": "Veure-ho tot",
+	"packages.dependency.id": "ID",
+	"packages.search_in_external_registry": "Cerca a %s",
+	"packages.common.install": "Per instal·lar un paquet, executa la següent comanda:",
+	"packages.common.registry": "Configura aquest registre des de la línia de comandes:",
+	"packages.common.repository": "Informació del repositori",
+	"packages.alpine.repository.branches": "Branques",
+	"packages.arch.pacman.helper.gpg": "Afegiu un certificat de confiança pel pacman:",
+	"packages.arch.pacman.repo.multi": "%s té la mateix versió en diferents distribucions.",
+	"packages.arch.pacman.repo.multi.item": "Configuració per a %s",
+	"packages.arch.pacman.sync": "Sincronitzeu el paquet amb el pacman:",
+	"packages.arch.version.properties": "Característiques de la versió",
+	"packages.arch.version.provides": "Proveeix",
+	"packages.arch.version.groups": "Grup",
+	"packages.arch.version.optdepends": "Dependències opcionals",
+	"packages.arch.version.conflicts": "Conflictes",
+	"packages.arch.version.replaces": "Reemplaça",
+	"packages.arch.version.backup": "Còpia de seguretat",
+	"packages.container.images.title": "Imatges",
+	"packages.container.details.type": "Tipus d'imatge",
+	"packages.container.details.platform": "Plataforma",
+	"packages.container.pull": "Baixeu la imatge des de la línia de comandes:",
+	"packages.container.multi_arch": "SO / Arquitectura",
+	"packages.container.labels.key": "Clau",
+	"packages.container.labels.value": "Valor",
+	"packages.debian.repository.distributions": "Distribucions",
+	"packages.debian.repository.components": "Components",
+	"packages.generic.download": "Baixeu el paquet des de la línia de comandes:",
+	"packages.go.install": "Instal·leu el paquet des de la línia de comandes:"
 }
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 7acc2453d8..05f501b5cd 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -1,18 +1,22 @@
 {
 	"counters.n_commits": {
 		"one": "%s revize",
+		"few": "%s revize",
 		"other": "%s revizí"
 	},
 	"counters.n_branches": {
 		"one": "%s větev",
+		"few": "%s větve",
 		"other": "%s větví"
 	},
 	"counters.n_tags": {
 		"one": "%s značka",
+		"few": "%s značky",
 		"other": "%s značek"
 	},
 	"counters.n_releases": {
 		"one": "%s vydání",
+		"few": "%s vydání",
 		"other": "%s vydání"
 	},
 	"gpg.default_key": "Podepsáno výchozím klíčem",
@@ -356,7 +360,7 @@
 	"migrate.items.labels": "Štítky",
 	"migrate.items.issues": "Problémy",
 	"migrate.items.pull_requests": "Žádosti o sloučení",
-	"migrate.items.merge_requests": "Sloučit žádosti",
+	"migrate.items.merge_requests": "Žádosti o sloučení",
 	"migrate.items.releases": "Vydání",
 	"migrate.in_progress.git": "Migrace dat z Gitu",
 	"migrate.in_progress.topics": "Migrace témat",
@@ -599,7 +603,7 @@
 	"actions.runners.runner_setup.program_options_snippet_aria": "Jak spustit forgejo-runner",
 	"actions.runners.runner_setup.instruction_replace_connection_name": "Nahraďte název spojení (<code>forgejo</code> v příkladu) vlastní hodnotou.",
 	"actions.runners.runner_setup.heading_using_options": "Používám možnosti programu",
-	"actions.runners.runner_setup.instruction_advanced_configurations": "Pro nastavení runneru Forgejo běžícího v kontejnerech nebo pokročilých konfiguracích si přečtěte <a href=\"https://TO-BE-REPLACED.COM\">dokumentaci</a>.",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Pro nastavení runneru Forgejo běžícího v kontejnerech nebo pokročilých konfiguracích si přečtěte <a href=\"%s\">dokumentaci</a>.",
 	"actions.runners.reset_registration_token.token": "Registrační token (zastaralý)",
 	"form.RunnerName": "Název",
 	"actions.runners.task_list_repo": "Nedávné úlohy tohoto repozitáře na tomto runneru",
@@ -635,5 +639,47 @@
 	"members.add_member": "Přidat člena",
 	"members.user": "Uživatel",
 	"members.user_already_member": "Tento uživatel již je členem organizace.",
-	"members.no_team_selected": "Členové organizace musí patřit do alespoň jednoho týmu."
+	"members.no_team_selected": "Členové organizace musí patřit do alespoň jednoho týmu.",
+	"migrate.select.title": "Migrovat repozitář",
+	"admin.federation.federation": "Federace",
+	"admin.federation.hosts": "Hostitelé",
+	"admin.federation.hosts.title": "Hostitelé federace",
+	"admin.federation.hosts.manage_panel": "Spravovat hostitele federace",
+	"admin.federation.hosts.details_panel": "Podrobnosti o hostiteli federace",
+	"admin.federation.hosts.show_details": "Zobrazit podrobnosti o hostiteli",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "Schéma",
+	"admin.federation.host.port": "Port",
+	"admin.federation.host.software_name": "Software",
+	"admin.federation.host.created": "Vytvořeno",
+	"admin.federation.host.updated": "Aktualizováno",
+	"admin.federation.host.latest_activity": "Poslední aktivita",
+	"admin.federation.users": "Uživatelé",
+	"admin.federation.users.title": "Federovaní uživatelé",
+	"admin.federation.users.manage_panel": "Spravovat federované uživatele",
+	"admin.federation.users.show_local_user": "Zobrazit podrobnosti o místním uživateli",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "ID místního uživatele",
+	"admin.federation.user.external_id": "ID externího uživatele",
+	"admin.federation.user.inbox_path": "Cesta ke schránce",
+	"admin.config.federation": "Nastavení federace",
+	"admin.config.federation.enabled": "Povolena",
+	"admin.config.federation.share_user_statistics": "Sdílet statistiky uživatelů s ostatními hostiteli",
+	"admin.config.federation.max_size": "Maximální povolená velikost odpovědi",
+	"admin.config.federation.signature_enforced": "Vyžadovat HTTP podpisy",
+	"admin.config.federation.signature_algorithms": "Algoritmy podpisu",
+	"admin.config.federation.digest_algorithm": "Algoritmus výpočtu kontrolního součtu podpisu",
+	"admin.config.federation.get_headers": "Podepsané hlavičky GET",
+	"admin.config.federation.post_headers": "Podepsané hlavičky POST",
+	"actions.runners.version": "Verze",
+	"actions.workflow.unknown_job_in_needs": "Úloha s ID %[1]s odkazuje na neznámé úlohy v `needs`: %[2]s.",
+	"actions.workflow.rerun_impossible": "Workflow nelze znovu spustit.",
+	"actions.workflow.job_rerun_impossible": "Úlohu nelze znovu spustit.",
+	"user.activitypub_feed.feed": "Kanál Fediverse",
+	"user.activitypub_feed.no_activity": "Žádná aktivita ve Fediverse",
+	"user.activitypub_feed.is_empty": "Váš kanál Fediverse je prázdný.",
+	"user.activitypub_feed.hint": "Tento kanál zobrazuje aktivity z účtů Fediverse, které sledujete, a z federovaných příspěvků, které vás zmínily.",
+	"user.activitypub_feed.posted_on": "Zveřejněno na %[1]s",
+	"user.activitypub_feed.original_source": "Původní zdroj"
 }
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index af1132e371..45d8e5b233 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -12,7 +12,7 @@
 		"other": "%s Tags"
 	},
 	"counters.n_releases": {
-		"one": "%s freigegeben",
+		"one": "%s Veröffentlichung",
 		"other": "%s Veröffentlichungen"
 	},
 	"gpg.default_key": "Mit Standardschlüssel signiert",
@@ -24,7 +24,7 @@
 	"gpg.error.failed_retrieval_gpg_keys": "Fehler beim Abrufen eines Schlüssels des Committer-Kontos",
 	"gpg.error.probable_bad_signature": "WARNHINWEIS! Obwohl ein Schlüssel mit dieser ID in der Datenbank existiert, verifiziert er nicht diesen Commit! Dieser Commit ist VERDÄCHTIG.",
 	"gpg.error.probable_bad_default_signature": "WARNHINWEIS! Obwohl der Standardschlüssel diese ID hat, verifiziert er nicht diesen Commit! Dieser Commit ist VERDÄCHTIG.",
-	"notification.notifications": "Nachrichten",
+	"notification.notifications": "Benachrichtigungen",
 	"notification.unread": "Ungelesen",
 	"notification.read": "Gelesen",
 	"notification.no_unread": "Keine ungelesenen Benachrichtigungen.",
@@ -36,7 +36,7 @@
 	"notification.subscriptions": "Abonnements",
 	"notification.watching": "Beobachtet",
 	"notification.no_subscriptions": "Du hast keine Abonnements.",
-	"dropzone.default_message": "Zum Hochladen hier klicken oder Datei ablegen.",
+	"dropzone.default_message": "Dateien zum Hochladen hier ablegen oder klicken.",
 	"dropzone.invalid_input_type": "Dateien dieses Dateityps können nicht hochgeladen werden.",
 	"dropzone.file_too_big": "Dateigröße ({{filesize}} MB) überschreitet die Maximalgröße ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Datei entfernen",
@@ -77,7 +77,7 @@
 	"packages.dependency.id": "ID",
 	"packages.dependency.version": "Version",
 	"packages.search_in_external_registry": "In %s suchen",
-	"packages.alpine.registry": "Richte diese Registry ein, indem Du die URL in die <code>/etc/apk/repositories</code>-Datei hinzufügst:",
+	"packages.alpine.registry": "Richte diese Registry ein, indem du die URL in die <code>/etc/apk/repositories</code>-Datei hinzufügst:",
 	"packages.alpine.registry.key": "Lade den öffentlichen RSA-Key der Registry in den <code>/etc/apk/keys/</code>-Ordner, um die Signatur zu überprüfen:",
 	"packages.alpine.registry.info": "Wähle $branch und $repository aus der Liste unten.",
 	"packages.alpine.repository.branches": "Branches",
@@ -107,13 +107,13 @@
 	"packages.conan.install": "Um das Paket mit Conan zu installieren, führe den folgenden Befehl aus:",
 	"packages.conda.registry": "Richte diese Registry als Conda-Repository in deiner <code>.condarc</code>-Datei ein:",
 	"packages.conda.install": "Um das Paket mit Conda zu installieren, führe den folgenden Befehl aus:",
-	"packages.container.images.title": "Bilder",
-	"packages.container.details.type": "Abbildtyp",
+	"packages.container.images.title": "Images",
+	"packages.container.details.type": "Image-Typ",
 	"packages.container.details.platform": "Plattform",
 	"packages.container.pull": "Lade das Container-Image von der Kommandozeile aus herunter:",
-	"packages.container.digest": "Prüfsumme",
-	"packages.container.multi_arch": "Betriebsystem/Architektur",
-	"packages.container.layers": "Abbildebenen",
+	"packages.container.digest": "Digest",
+	"packages.container.multi_arch": "Betriebssystem/Architektur",
+	"packages.container.layers": "Image-Layer",
 	"packages.container.labels": "Labels",
 	"packages.container.labels.key": "Schlüssel",
 	"packages.container.labels.value": "Wert",
@@ -174,7 +174,7 @@
 	"packages.owner.settings.cargo.initialize.error": "Cargo-Index konnte nicht initialisiert werden: %v",
 	"packages.owner.settings.cargo.initialize.success": "Der Cargo-Index wurde erfolgreich erstellt.",
 	"packages.owner.settings.cargo.rebuild": "Index neu erstellen",
-	"packages.owner.settings.cargo.rebuild.description": "Neubauen kann hilfreich sein, wenn der Index nicht mit den gespeicherten Cargo-Paketen synchronisiert ist.",
+	"packages.owner.settings.cargo.rebuild.description": "Ein Neuaufbau kann hilfreich sein, wenn der Index nicht mit den gespeicherten Cargo-Paketen synchronisiert ist.",
 	"packages.owner.settings.cargo.rebuild.error": "Cargo-Index konnte nicht neu erstellt werden: %v",
 	"packages.owner.settings.cargo.rebuild.success": "Der Cargo-Index wurde erfolgreich neu erstellt.",
 	"packages.owner.settings.cargo.rebuild.no_index": "Kann nicht erneut erzeugen, es wurde kein Index initialisiert.",
@@ -223,9 +223,9 @@
 	"home.explore_repos": "Repositorys erkunden",
 	"home.explore_users": "Benutzer erkunden",
 	"home.explore_orgs": "Organisationen erkunden",
-	"home.welcome.activity_hint": "Es gibt noch nichts in deinem Feed. Deine Aktionen und Aktivitäten aus Repositorys, die du beobachtest, werden hier auftauchen.",
-	"incorrect_root_url": "Diese Forgejo-Instanz ist konfiguriert, auf „%s“ bereitgestellt zu werden. Du rufst Forgejo über einen anderen URL auf, was dazu führen könnte, dass einige Bereiche nicht funktionieren. Der anerkannte URL wird durch die Forgejo-Admins mittels der Einstellung ROOT_URL in der app.ini kontrolliert.",
-	"themes.names.forgejo-auto": "Forgejo (folge Systemthema)",
+	"home.welcome.activity_hint": "Es gibt noch nichts in deinem Feed. Deine Aktionen und Aktivitäten aus Repositorys, die du beobachtest, werden hier angezeigt.",
+	"incorrect_root_url": "Diese Forgejo-Instanz ist konfiguriert, auf „%s“ bereitgestellt zu werden. Du rufst Forgejo über eine andere URL auf, was dazu führen kann, dass einige Bereiche nicht funktionieren. Die kanonische URL wird von den Forgejo-Admins über die Einstellung ROOT_URL in der app.ini festgelegt.",
+	"themes.names.forgejo-auto": "Forgejo (Systemdesign folgen)",
 	"themes.names.forgejo-light": "Forgejo hell",
 	"themes.names.forgejo-dark": "Forgejo dunkel",
 	"error.not_found.title": "Seite nicht gefunden",
@@ -285,7 +285,7 @@
 	"moderation.abuse_category.illegal_content": "Illegaler Inhalt",
 	"moderation.abuse_category.other_violations": "Andere Verstöße gegen die Plattformregeln",
 	"moderation.report_remarks": "Anmerkungen",
-	"moderation.report_remarks.placeholder": "Bitte stelle Details über den von dir gemeldeten Missbrauch bereit.",
+	"moderation.report_remarks.placeholder": "Bitte beschreibe den Missbrauch, den du melden möchtest.",
 	"moderation.submit_report": "Meldung absenden",
 	"moderation.reporting_failed": "Kann die neue Missbrauchsmeldung nicht absenden: %v",
 	"moderation.reported_thank_you": "Danke für deine Meldung. Die Administration wurde darüber in Kenntnis gesetzt.",
@@ -293,13 +293,13 @@
 	"repo.issue_indexer.title": "Issue-Indexer",
 	"watch.list.none": "Niemand beobachtet dieses Repo.",
 	"followers.incoming.list.self.none": "Niemand folgt deinem Profil.",
-	"followers.outgoing.list.self.none": "Du folgst niemanden.",
-	"followers.outgoing.list.none": "%s folgt niemanden.",
+	"followers.outgoing.list.self.none": "Du folgst niemandem.",
+	"followers.outgoing.list.none": "%s folgt niemandem.",
 	"stars.list.none": "Niemand hat dieses Repo favorisiert.",
 	"followers.incoming.list.none": "Niemand folgt diesem Benutzer.",
 	"editor.textarea.tab_hint": "Zeile bereits eingerückt. Drücke nochmals <kbd>Tab</kbd> oder <kbd>Escape</kbd>, um den Editor zu verlassen.",
 	"editor.textarea.shift_tab_hint": "Keine Einrückung auf dieser Zeile. Drücke nochmals <kbd>Shift</kbd> + <kbd>Tab</kbd> oder <kbd>Escape</kbd>, um den Editor zu verlassen.",
-	"admin.dashboard.cleanup_offline_runners": "Aufräumen der Offline-Runner",
+	"admin.dashboard.cleanup_offline_runners": "Offline-Runner aufräumen",
 	"settings.visibility.description": "Die Profilsichtbarkeit beeinflusst die Möglichkeit anderer, auf deine nicht-privaten Repositorys zuzugreifen. <a href=\"%s\" target=\"_blank\">Erfahre mehr</a>.",
 	"avatar.constraints_hint": "Individuelles Profilbild darf %[1]s in der Größe nicht überschreiten, und nicht größer als %[2]d×%[3]d Pixel sein",
 	"repo.diff.commit.next-short": "Nächste",
@@ -309,7 +309,7 @@
 	"keys.ssh.link": "SSH-Schlüssel",
 	"keys.gpg.link": "GPG-Schlüssel",
 	"profile.actions.tooltip": "Mehr Aktionen",
-	"og.repo.summary_card.alt_description": "Zusammenfassungskarte des Repositorys %[1]s, beschrieben als %[2]s",
+	"og.repo.summary_card.alt_description": "Übersicht zum Repository %[1]s, beschrieben als %[2]s",
 	"mail.actions.run_info_sha": "Commit: %[1]s",
 	"repo.settings.push_mirror.branch_filter.label": "Branch-Filter (optional)",
 	"repo.settings.push_mirror.branch_filter.description": "Zu spiegelnde Branches. Leer lassen, um alle Branches zu spiegeln. Siehe die <a href=\"%[1]s\">„%[2]s“-Dokumentation</a> für die Syntax. Beispiele: <code>main, release/*</code>",
@@ -321,9 +321,9 @@
 	"admin.dashboard.remove_resolved_reports": "Erledigte Meldungen entfernen",
 	"compare.branches.title": "Branches vergleichen",
 	"repo.commit.load_tags_failed": "Laden von Tags aufgrund eines internen Fehlers fehlgeschlagen",
-	"admin.auths.allow_username_change": "Benutzernamen ändern zulassen",
+	"admin.auths.allow_username_change": "Ändern des Benutzernamens zulassen",
 	"admin.auths.allow_username_change.description": "Benutzern erlauben, ihren Benutzernamen in den Profileinstellungen zu ändern",
-	"warning.repository.out_of_sync": "Die Datenbankdarstellung dieses Repositorys ist nicht synchronisiert. Falls diese Warnung immer noch angezeigt wird, nachdem ein Commit zu diesem Repository gepusht wurde, kontaktieren Sie den Administrator.",
+	"warning.repository.out_of_sync": "Die Datenbankdarstellung dieses Repositorys ist nicht synchronisiert. Falls diese Warnung immer noch angezeigt wird, nachdem ein Commit zu diesem Repository gepusht wurde, kontaktiere den Administrator.",
 	"migrate.github.description": "Daten von github.com oder GitHub-Enterprise-Server migrieren.",
 	"migrate.git.description": "Ein Repository von einem beliebigen Git-Dienst klonen.",
 	"migrate.gitea.description": "Daten von gitea.com oder anderen Gitea-Instanzen migrieren.",
@@ -362,13 +362,13 @@
 	"admin.config.global_2fa_requirement.none": "Nein",
 	"admin.config.global_2fa_requirement.all": "Alle Benutzer",
 	"admin.config.global_2fa_requirement.admin": "Administratoren",
-	"settings.twofa_reenroll": "Zwei-Faktor-Authentifizierung neu ausrollen",
-	"settings.twofa_reenroll.description": "Deine Zwei-Faktor-Authentifizierung neu ausrollen",
+	"settings.twofa_reenroll": "Zwei-Faktor-Authentifizierung neu einrichten",
+	"settings.twofa_reenroll.description": "Deine Zwei-Faktor-Authentifizierung neu einrichten",
 	"error.must_enable_2fa": "Diese Forgejo-Instanz verlangt von den Benutzern, dass sie die Zwei-Faktor-Authentifizierung aktivieren, bevor sie auf ihren Accounts zugreifen können. Dies kann aktiviert werden bei: %s",
 	"admin.config.global_2fa_requirement.title": "Globale Zwei-Faktor-Anforderung",
 	"user.ghost.tooltip": "Dieser Benutzer wurde gelöscht oder konnte nicht gefunden werden.",
 	"actions.runs.view_most_recent_run": "Letzten Run betrachten",
-	"actions.runs.viewing_out_of_date_run": "Sie sehen einen veralteten Run dieses Jobs, der %[1]s ausgeführt wurde.",
+	"actions.runs.viewing_out_of_date_run": "Du siehst einen veralteten Run dieses Jobs, der %[1]s ausgeführt wurde.",
 	"actions.runs.run_attempt_label": "Run-Versuch #%[1]s (%[2]s)",
 	"actions.runs.all_workflows": "Alle Workflows",
 	"actions.runs.workflow": "Workflow",
@@ -469,9 +469,9 @@
 	"repo.issues.filter_assignee.hint": "Nach zugewiesenem Benutzer filtern",
 	"repo.issues.filter_reviewers.hint": "Nach Benutzer, der gesichtet hat, filtern",
 	"repo.issues.filter_mention.hint": "Nach erwähntem Benutzer filtern",
-	"repo.issues.filter_modified.hint": "Nach letzten modifiziertem Datum filtern",
+	"repo.issues.filter_modified.hint": "Nach zuletzt geändertem Datum filtern",
 	"search.syntax": "Suchsyntax",
-	"admin.dashboard.transfer_lingering_logs": "Aktionslogs von fertigen Aktions-Jobs aus der Datenbank in den Speicher übertragen",
+	"admin.dashboard.transfer_lingering_logs": "Actions-Logs von abgeschlossenen Actions-Jobs aus der Datenbank in den Speicher übertragen",
 	"actions.workflow.persistent_incomplete_matrix": "`strategy.matrix` vom Job %[1]s konnte aufgrund eines ungültigen `needs`-Ausdrucks nicht ausgewertet werden. Er könnte auf einen Job verweisen, der nicht in seiner „needs“-Liste (%[2]s) ist, oder auf eine Ausgabe, die in keinem dieser Jobs existiert.",
 	"admin.auths.oauth2_quota_group_map_removal": "Benutzer von synchronisierten Quotagruppen entfernen, falls Benutzer nicht zur entsprechenden Gruppe gehört.",
 	"moderation.action.account.delete": "Account löschen",
@@ -479,7 +479,7 @@
 	"moderation.action.repo.delete": "Repository löschen",
 	"moderation.action.issue.delete": "Issue löschen",
 	"moderation.action.comment.delete": "Kommentar löschen",
-	"moderation.unknown_action": "Unbekannte Action",
+	"moderation.unknown_action": "Unbekannte Aktion",
 	"moderation.users.cannot_suspend_self": "Du kannst dich nicht selbst sperren.",
 	"moderation.users.cannot_suspend_admins": "Benutzer mit Adminprivilegien können nicht gesperrt werden.",
 	"moderation.users.cannot_suspend_org": "Organisationen können nicht gesperrt werden.",
@@ -490,7 +490,7 @@
 	"moderation.comment.deletion_success": "Der Kommentar wurde gelöscht.",
 	"moderation.report.mark_as_handled": "Als bearbeitet markieren",
 	"moderation.report.mark_as_ignored": "Als ignoriert markieren",
-	"admin.auths.oauth2_quota_group_claim_name": "Der Claim-Name bietet Gruppennamen für diese Quelle, um für die Quotaverwaltung verwendet zu werden. (Optional)",
+	"admin.auths.oauth2_quota_group_claim_name": "Claim-Name, der Gruppennamen dieser Quelle für die Quotaverwaltung liefert. (Optional)",
 	"admin.auths.oauth2_quota_group_map": "Beanspruchte Gruppen an Quota-Gruppen zuordnen. (Optional – benötigt Claim-Namen oben)",
 	"actions.workflow.incomplete_matrix_missing_job": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: %[2]s ist nicht in der `needs`-Liste von Job %[1]s (%[3]s).",
 	"actions.workflow.incomplete_matrix_missing_output": "`strategy.matrix` vom Job %[1]s konnte nicht evaluiert werden: %[2]s fehlt die Ausgabe %[3]s.",
@@ -507,10 +507,10 @@
 	"actions.workflow.incomplete_with_missing_matrix_dimension": "`with` vom Job %[1]s konnte nicht evaluiert werden: Matrixdimension %[2]s existiert nicht.",
 	"actions.workflow.incomplete_with_unknown_cause": "`with` vom Job %[1]s konnte nicht evaluiert werden: Unbekannter Fehler.",
 	"pulls.manual_merge.helper": "Manueller Zusammenführungshelfer",
-	"pulls.manual_merge.helpder.description": "Diese Zusammenführungs-Commitnachricht benutzen, wenn die Zusammenführung manuell vorgenommen wird.",
+	"pulls.manual_merge.helpder.description": "Diese Zusammenführungs-Commit-Nachricht benutzen, wenn die Zusammenführung manuell vorgenommen wird.",
 	"pulls.manual_merge.commit.title": "Zusammenführungs-Commit-Titel",
 	"pulls.manual_merge.commit.body": "Zusammenführungs-Commit-Body",
-	"pulls.manual_merge.copy.button": "Zusammenführungs-Commitnachricht kopieren",
+	"pulls.manual_merge.copy.button": "Zusammenführungs-Commit-Nachricht kopieren",
 	"editor.toggle_case": "Beachtung der Groß-/Kleinschreibung umschalten",
 	"editor.toggle_regex": "Mit regulären Ausdrücken umschalten",
 	"editor.search": "Suchen",
@@ -521,18 +521,18 @@
 	"editor.toggle_whole_word": "Treffer auf ganze Wörter umschalten",
 	"repo.view.gitmodules_too_large": "Die .gitmodules-Datei ist zu groß und wird ignoriert (zum Beispiel für API-Aufrufe)",
 	"install.ssh_authorized_keys_inspection_error": "Existierende authorized_keys-Datei konnte nicht untersucht werden: %v",
-	"install.ssh_authorized_keys_unexpected_key": "Die Aktivierung von SSH für Forgejo steht im Konflikt mit der Datei, die sich bei %s befindet und existierende SSH-Keys enthält. Vorschlag: Benutzen Sie einen eigenen Systembenutzer für Forgejo oder deaktivieren Sie SSH.",
+	"install.ssh_authorized_keys_unexpected_key": "Die Aktivierung von SSH für Forgejo steht im Konflikt mit der Datei bei %s, die existierende SSH-Keys enthält. Vorschlag: Verwende einen eigenen Systembenutzer für Forgejo oder deaktiviere SSH.",
 	"actions.secrets.creation.name_description": "Der Name eines Geheimnisses darf nur Buchstaben, Ziffern und Unterstriche enthalten. Es darf nicht mit „FORGEJO_“, „GITEA_“, „GITHUB_“ oder einer Zahl anfangen. Forgejo wird es automatisch in Großbuchstaben umwandeln.",
-	"actions.secrets.creation.value_description": "Der Wert eines Geheimnisses kann jeder Text sein. Sonderzeichen werden beibehalten. CRLF (Zeilenumbrüche im Windows-Stil) werden automatisch zu LF konvertiert. Kodieren Sie den Wert mit Base64, falls Zeilenumbrüche beibehalten werden sollen.",
+	"actions.secrets.creation.value_description": "Der Wert eines Geheimnisses kann jeder Text sein. Sonderzeichen werden beibehalten. CRLF (Zeilenumbrüche im Windows-Stil) werden automatisch zu LF konvertiert. Kodiere den Wert mit Base64, falls Zeilenumbrüche beibehalten werden sollen.",
 	"actions.variables.mutation.name_description": "Der Name einer Variable kann nur Buchstaben, Ziffern und Unterstriche enthalten. Er darf nicht „CI“ lauten oder mit „FORGEJO_“, „GITEA_“, „GITHUB_“ oder einer Zahl beginnen. Forgejo wird ihn automatisch zu Großbuchstaben umwandeln.",
-	"actions.variables.mutation.value_description": "Der Wert einer Variablen kann jeder Text sein. Sonderzeichen werden beibehalten. CRLF (Zeilenumbrüche im Windows-Stil) werden automatisch zu LF konvertiert. Kodieren Sie den Wert mit Base64, falls Zeilenumbrüche beibehalten werden sollen.",
+	"actions.variables.mutation.value_description": "Der Wert einer Variablen kann jeder Text sein. Sonderzeichen werden beibehalten. CRLF (Zeilenumbrüche im Windows-Stil) werden automatisch zu LF konvertiert. Kodiere den Wert mit Base64, falls Zeilenumbrüche beibehalten werden sollen.",
 	"issues.filters.labels.exclude": "Label ausschließen",
-	"issues.filters.labels.unexclude": "Ausschließung aufheben",
+	"issues.filters.labels.unexclude": "Ausschluss aufheben",
 	"packages.common.install": "Um das Paket zu installieren, folgenden Befehl ausführen:",
 	"packages.common.registry": "Diese Registry von der Befehlszeile aus einrichten:",
 	"packages.common.repository": "Repository-Infos",
-	"actions.runs.all_runs_link": "alle Durchläufe",
-	"repo.issues.filter_sort.hint_with_placeholder": "Sortieren nach: %",
+	"actions.runs.all_runs_link": "alle Runs",
+	"repo.issues.filter_sort.hint_with_placeholder": "Sortieren nach: %s",
 	"repo.pulls.auto_merge.no_permission": "Du hast nicht die Erlaubnis, die automatische Zusammenführung dieses Pull-Requests abzubrechen.",
 	"access_token.error.specified_repos_none": "Zugangstokens mit den festgelegten Repositorys müssen mindestens ein Repository haben.",
 	"access_token.error.specified_repos_and_public_only": "Zugangstokens mit den festgelegten Repositorys können nicht mit dem Scope „Nur öffentlich“ kombiniert werden.",
@@ -540,7 +540,7 @@
 	"settings.specific_repo_access": "Repositoryzugang",
 	"actions.runners.uuid": "UUID",
 	"actions.runners.token": "Token",
-	"actions.runners.ephemeral": "Vorrübergehend",
+	"actions.runners.ephemeral": "Vorübergehend",
 	"actions.runners.list_runners.details_column": "Details",
 	"actions.runners.list_runners.edit_column": "Bearbeiten",
 	"actions.runners.list_runners.delete_column": "Löschen",
@@ -584,13 +584,13 @@
 	"actions.runners.runner_setup.program_options_snippet_aria": "Wie man forgejo-runner aufruft",
 	"actions.runners.runner_setup.instruction_replace_connection_name": "Ersetze den Verbindungsnamen (<code>forgejo</code> im Beispiel) mit einem Wert deiner Wahl.",
 	"actions.runners.runner_setup.heading_using_options": "Unter Benutzung der Programmoptionen",
-	"actions.runners.runner_setup.instruction_advanced_configurations": "Um Forgejo Runner so zu konfigurieren, dass er in Containern oder mit einer fortgeschrittenen Konfigurationen läuft, siehe die <a href=\"https://TO-BE-REPLACED.COM\">Dokumentation</a>.",
-	"actions.runners.reset_registration_token.token": "Registrierungs-Token (missbilligt)",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Um Forgejo Runner so zu konfigurieren, dass er in Containern oder mit fortgeschrittenen Konfigurationen läuft, siehe die <a href=\"%s\">Dokumentation</a>.",
+	"actions.runners.reset_registration_token.token": "Registrierungs-Token (veraltet)",
 	"form.RunnerName": "Name",
-	"actions.runners.task_list_repo": "Neuliche Aufgaben dieses Repositorys auf diesem Runner",
-	"actions.runners.task_list_org": "Neuliche Aufgaben dieses Runners innerhalb dieser Organisation",
-	"actions.runners.task_list_admin": "Neuliche Aufgaben auf diesem Runner",
-	"actions.runners.task_list_user": "Neuliche Aufgaben dieses Benutzers auf diesem Runner",
+	"actions.runners.task_list_repo": "Letzte Aufgaben dieses Repositorys auf diesem Runner",
+	"actions.runners.task_list_org": "Letzte Aufgaben dieses Runners innerhalb dieser Organisation",
+	"actions.runners.task_list_admin": "Letzte Aufgaben auf diesem Runner",
+	"actions.runners.task_list_user": "Letzte Aufgaben dieses Benutzers auf diesem Runner",
 	"settings.new_access_token": "Neuer Zugangstoken",
 	"graphs.recent_commits.title": "Anzahl der Commits im letzten Jahr",
 	"graphs.code_frequency.title": "Code-Frequenz über die Geschichte von {0}",
@@ -619,5 +619,47 @@
 	"members.add_member": "Mitglied hinzufügen",
 	"members.user": "Benutzer",
 	"members.user_already_member": "Dieser Benutzer ist bereits ein Mitglied der Organisation.",
-	"members.no_team_selected": "Organisationsmitglieder müssen mindestens einem Team angehören."
+	"members.no_team_selected": "Organisationsmitglieder müssen mindestens einem Team angehören.",
+	"migrate.select.title": "Repository migrieren",
+	"actions.runners.version": "Version",
+	"admin.federation.federation": "Föderation",
+	"admin.federation.hosts": "Hosts",
+	"admin.federation.hosts.title": "Föderations-Hosts",
+	"admin.federation.hosts.manage_panel": "Föderations-Hosts verwalten",
+	"admin.federation.hosts.details_panel": "Föderations-Host-Details",
+	"admin.federation.hosts.show_details": "Host-Details anzeigen",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "Schema",
+	"admin.federation.host.port": "Port",
+	"admin.federation.host.software_name": "Software",
+	"admin.federation.host.created": "Erstellt",
+	"admin.federation.host.updated": "Aktualisiert",
+	"admin.federation.host.latest_activity": "Neuste Aktivität",
+	"admin.federation.users": "Benutzer",
+	"admin.federation.users.title": "Föderierte Benutzer",
+	"admin.federation.users.manage_panel": "Föderierte Benutzer verwalten",
+	"admin.federation.users.show_local_user": "Lokale Benutzerdetails anzeigen",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "Lokale Benutzer-ID",
+	"admin.federation.user.external_id": "Externe Benutzer-ID",
+	"admin.federation.user.inbox_path": "Inbox-Pfad",
+	"admin.config.federation": "Föderations-Konfiguration",
+	"admin.config.federation.enabled": "Aktiviert",
+	"admin.config.federation.share_user_statistics": "Benutzerstatistik mit anderen Hosts teilen",
+	"admin.config.federation.max_size": "Max. erlaubte Antwortgröße",
+	"admin.config.federation.signature_enforced": "HTTP-Signaturen erfordern",
+	"admin.config.federation.signature_algorithms": "Signaturalgorithmen",
+	"admin.config.federation.digest_algorithm": "Signatur-Hashwert-Algorithmus",
+	"admin.config.federation.get_headers": "Signierte GET-Header",
+	"admin.config.federation.post_headers": "Signierte POST-Header",
+	"actions.workflow.unknown_job_in_needs": "Job mit ID %[1]s referenziert unbekannte Jobs in `needs`: %[2]s.",
+	"actions.workflow.rerun_impossible": "Der Workflow kann nicht erneut ausgeführt werden.",
+	"actions.workflow.job_rerun_impossible": "Der Job kann nicht erneut ausgeführt werden.",
+	"user.activitypub_feed.feed": "Fediverse-Feed",
+	"user.activitypub_feed.no_activity": "Keine Fediverse-Aktivität",
+	"user.activitypub_feed.is_empty": "Dein Fediverse-Feed ist leer.",
+	"user.activitypub_feed.hint": "Dieser Feed zeigt Aktivitäten aus Fediverse-Konten, denen du folgst sowie föderierten Posts, die dich erwähnt haben.",
+	"user.activitypub_feed.posted_on": "Auf %[1]s gepostet",
+	"user.activitypub_feed.original_source": "Ursprüngliche Quelle"
 }
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 1319c71f64..5d03276981 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -533,5 +533,62 @@
 	"packages.common.registry": "I-setup ang registry na ito mula sa command line:",
 	"packages.common.repository": "Info ng repositoryo",
 	"actions.runs.all_runs_link": "lahat ng mga takbo",
-	"repo.pulls.auto_merge.no_permission": "Wala kang pahintulot na kanselahin ang auto merge sa hiling sa paghila."
+	"repo.pulls.auto_merge.no_permission": "Wala kang pahintulot na kanselahin ang auto merge sa hiling sa paghila.",
+	"migrate.select.title": "I-migrate ang repositoryo",
+	"settings.specific_repo_access": "Access sa repositoryo",
+	"settings.new_access_token": "Bagong access token",
+	"settings.permissions_access_specific_repositories": "Ilang repositoryo",
+	"settings.access_token.selected_repositories": {
+		"one": "%d piniling repositoryo",
+		"other": "%d (na) piniling repositoryo"
+	},
+	"settings.access_token.available_repositories": "Mga available na repositoryo",
+	"settings.access_token.no_repositories_selected": "Walang mga piniling repositoryo.",
+	"settings.access_token.no_repositories_found": "Walang mga nahanap na repositoryo.",
+	"settings.access_token.remove": "Tanggalin ang %s",
+	"settings.access_token.resource_all_help": "Payagan ang access sa lahat ng mga resource.",
+	"settings.access_token.resource_public_only_help": "Limitahan ang access sa mga repositoryo at mga organisasyon na publiko.",
+	"settings.access_token.resource_specific_repo_help": "Limitahan ang access sa pasadyang listahan ng mga repositoryo. Pinapayagan lamang ang read-only na access sa lahat ng mga pampublikong repositoryo. Maaari lamang i-enable ang mga pahintulot na pinapayagan ang access sa mga repositoryo at isyu.",
+	"settings.access_token.admin_disabled": "Naka-disable ang administrative na pahintulot.",
+	"access_token.error.specified_repos_none": "Dapat may kahit isang repositoryo ang mga access token na may piniling repositoryo.",
+	"access_token.error.specified_repos_and_public_only": "Hindi maaaring ipagsama ang public-only na scope ang mga access token na may piniling repositoryo.",
+	"access_token.error.specified_repos_and_invalid_scope": "Maaari lamang gamitin ang read:issue, write:issue, read:repository, at write:repository na scope sa mga access token na may piniling repositoryo.",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Token",
+	"actions.runners.ephemeral": "Ephemeral",
+	"actions.runners.list_runners.details_column": "Mga detalye",
+	"actions.runners.list_runners.edit_column": "I-edit",
+	"actions.runners.list_runners.delete_column": "Burahin",
+	"actions.runners.list_runners.details_button": "Mga detalye",
+	"actions.runners.list_runners.details_button_aria": "Ipakita ang mga detalye ng %s",
+	"actions.runners.list_runners.delete_button": "Burahin",
+	"actions.runners.list_runners.delete_button_aria": "Burahin ang %s",
+	"actions.runners.list_runners.edit_button": "I-edit",
+	"actions.runners.list_runners.edit_button_aria": "I-edit ang %s",
+	"actions.runners.ephemeral.yes": "oo",
+	"actions.runners.ephemeral.no": "hindi",
+	"actions.runners.task_list_repo": "Mga kamakailang trabaho ng repositoryong ito sa runner",
+	"actions.runners.task_list_org": "Mga kamakailang trabaho sa runner na ito sa organisasyong ito",
+	"actions.runners.task_list_admin": "Mga kamakailang trabaho sa runner na ito",
+	"actions.runners.task_list_user": "Mga kamakailang trabaho ng user na ito sa runner",
+	"actions.runners.edit_runner_button": "I-edit ang runner",
+	"actions.runners.create_runner.page_title": "Gumawa ng bagong runner",
+	"actions.runners.create_runner.title": "Gumawa ng bagong runner",
+	"actions.runners.create_runner.properties_fieldset": "Mga property",
+	"actions.runners.create_runner.name_label": "Pangalan",
+	"actions.runners.create_runner.description_label": "Paglalarawan",
+	"actions.runners.create_runner.create_button": "Gumawa",
+	"actions.runners.create_runner.cancel_button": "Kanselahin",
+	"actions.runners.edit_runner.page_title": "I-edit ang runner na %s",
+	"actions.runners.edit_runner.title": "I-edit ang runner na %s",
+	"actions.runners.edit_runner.properties_fieldset": "Mga property",
+	"actions.runners.edit_runner.properties_options": "Mga opsyon",
+	"actions.runners.edit_runner.name_label": "Pangalan",
+	"actions.runners.edit_runner.description_label": "Paglalarawan",
+	"actions.runners.edit_runner.regenerate_token_label": "I-regenerate ang token",
+	"actions.runners.edit_runner.regenerate_token_help": "Ipapagwalang bisa agad ang umiiral na token. Makakakuha ka ng bagong token sa susunod na pahina.",
+	"actions.runners.edit_runner.save_button": "I-save",
+	"actions.runners.edit_runner.cancel_button": "Kanselahin",
+	"actions.runners.runner_setup.title": "I-set up ang runner na %s",
+	"actions.runners.show_registration_token": "Ipakita ang token ng pagrehistro"
 }
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index 84e53d0311..0fd20579db 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -1,19 +1,23 @@
 {
 	"counters.n_commits": {
 		"one": "%s commit",
-		"other": "%s commits"
+		"many": "%s commits",
+		"other": ""
 	},
 	"counters.n_branches": {
 		"one": "%s branch",
-		"other": "%s branches"
+		"many": "%s branches",
+		"other": ""
 	},
 	"counters.n_tags": {
 		"one": "%s étiquettes",
-		"other": "%s étiquettes"
+		"many": "%s étiquettes",
+		"other": ""
 	},
 	"counters.n_releases": {
 		"one": "%s publication",
-		"other": "%s publications"
+		"many": "%s publications",
+		"other": ""
 	},
 	"gpg.default_key": "Signé avec la clé par défaut",
 	"gpg.error.extract_sign": "Impossible d'extraire la signature",
@@ -614,5 +618,22 @@
 	"actions.runners.ephemeral.no": "non",
 	"actions.runs.scheduled_description": "Exécution planifiée du commit <a href=\"%[1]s\">%[2]s</a>",
 	"actions.runs.workflow_dispatch_description": "Exécution du commit <a href=\"%[1]s\">%[2]s</a> déclenché par <a href=\"%[3]s\">%[4]s</a>",
-	"actions.runs.on_push_description": "Commit <a href=\"%[1]s\">%[2]s</a> poussé par <a href=\"%[3]s\">%[4]s</a>"
+	"actions.runs.on_push_description": "Commit <a href=\"%[1]s\">%[2]s</a> poussé par <a href=\"%[3]s\">%[4]s</a>",
+	"migrate.select.title": "Migrer le dépôt",
+	"admin.federation.federation": "Fédération",
+	"admin.federation.hosts": "Hôtes",
+	"admin.federation.hosts.show_details": "Afficher les détails de l'hôte",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.schema": "Schéma",
+	"admin.federation.host.port": "Port",
+	"admin.federation.host.latest_activity": "Dernières activités",
+	"admin.federation.users": "Utilisateurs",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "ID utilisateur local",
+	"admin.federation.user.external_id": "ID utilisateur externe",
+	"admin.config.federation": "Configuration de la fédération",
+	"admin.config.federation.enabled": "Activé",
+	"settings.access_token.resource_all_help": "Autoriser l'accès à toutes les ressources.",
+	"user.activitypub_feed.posted_on": "Posté sur %[1]s",
+	"actions.runners.version": "Version"
 }
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index f41ecfb09f..70003eface 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -561,5 +561,165 @@
 	"actions.secrets.creation.name_description": "Ní féidir ach litreacha, uimhreacha agus fo-línte a bheith in ainm rúnda. Ní féidir leis tosú le FORGEJO_, GITEA_, GITHUB_, ná uimhir. Déanfaidh Forgejo é a thiontú go huachtarlitir go huathoibríoch.",
 	"actions.secrets.creation.value_description": "Is féidir luach rúnda a bheith ina théacs ar bith. Coinnítear carachtair speisialta. Déantar CRLF (briseadh líne stíl Windows) a thiontú go huathoibríoch go LF. Ionchódaigh an luach le Base64 más ceart briseadh líne a choinneáil.",
 	"actions.variables.mutation.name_description": "Ní féidir ach litreacha, uimhreacha agus fo-línte a bheith in ainm athróige. Ní féidir CI a thabhairt air ná tosú le FORGEJO_, GITEA_, GITHUB_, ná uimhir. Déanfaidh Forgejo é a thiontú go huachtarlitir go huathoibríoch.",
-	"actions.variables.mutation.value_description": "Is féidir luach athróg a bheith ina théacs ar bith. Coinnítear carachtair speisialta. Déantar CRLF (briseadh líne stíl Windows) a thiontú go huathoibríoch go LF. Ionchódaigh an luach le Base64 más ceart briseadh líne a choinneáil."
+	"actions.variables.mutation.value_description": "Is féidir luach athróg a bheith ina théacs ar bith. Coinnítear carachtair speisialta. Déantar CRLF (briseadh líne stíl Windows) a thiontú go huathoibríoch go LF. Ionchódaigh an luach le Base64 más ceart briseadh líne a choinneáil.",
+	"repo.pulls.auto_merge.no_permission": "Níl cead agat cumasc uathoibríoch an iarratais tarraingthe seo a chealú.",
+	"migrate.select.title": "Imirce stór",
+	"admin.federation.federation": "Cónaidhm",
+	"admin.federation.hosts": "Óstaigh",
+	"admin.federation.hosts.title": "Óstaigh an Chónaidhm",
+	"admin.federation.hosts.manage_panel": "Bainistigh óstach cónaidhme",
+	"admin.federation.hosts.details_panel": "Sonraí óstach cónaidhme",
+	"admin.federation.hosts.show_details": "Taispeáin sonraí an óstaigh",
+	"admin.federation.host.id": "Aitheantas",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "Scéim",
+	"admin.federation.host.port": "Port",
+	"admin.federation.host.software_name": "Bogearraí",
+	"admin.federation.host.created": "Cruthaithe",
+	"admin.federation.host.updated": "Nuashonraithe",
+	"admin.federation.host.latest_activity": "Gníomhaíocht is déanaí",
+	"admin.federation.users": "Úsáideoirí",
+	"admin.federation.users.title": "Úsáideoirí cónaidhme",
+	"admin.federation.users.manage_panel": "Bainistigh úsáideoirí cónaidhme",
+	"admin.federation.users.show_local_user": "Taispeáin sonraí úsáideora áitiúil",
+	"admin.federation.user.id": "Aitheantas",
+	"admin.federation.user.user_id": "Aitheantas úsáideora áitiúil",
+	"admin.federation.user.external_id": "Aitheantas úsáideora seachtrach",
+	"admin.federation.user.inbox_path": "Cosán an bhosca isteach",
+	"admin.config.federation": "Cumraíocht an Chónaidhm",
+	"admin.config.federation.enabled": "Cumasaithe",
+	"admin.config.federation.share_user_statistics": "Comhroinn staitisticí úsáideora le hóstach eile",
+	"admin.config.federation.max_size": "Uasmhéid freagartha ceadaithe",
+	"admin.config.federation.signature_enforced": "Éiligh sínithe HTTP",
+	"admin.config.federation.signature_algorithms": "Algartaim shínithe",
+	"admin.config.federation.digest_algorithm": "Algartam díleá sínithe",
+	"admin.config.federation.get_headers": "Ceanntásca GET sínithe",
+	"admin.config.federation.post_headers": "Ceanntásca POST sínithe",
+	"settings.specific_repo_access": "Rochtain ar an stór",
+	"settings.new_access_token": "Comhartha rochtana nua",
+	"settings.permissions_access_specific_repositories": "Stórtha sonracha",
+	"settings.access_token.selected_repositories": {
+		"one": "Stórlann roghnaithe (%d)",
+		"two": "Stórtha roghnaithe (%d)",
+		"few": "Stórtha roghnaithe (%d)",
+		"many": "Stórtha roghnaithe (%d)",
+		"other": "Stórtha roghnaithe (%d)"
+	},
+	"settings.access_token.available_repositories": "Stórtha atá ar fáil",
+	"settings.access_token.no_repositories_selected": "Níl aon stórtha roghnaithe.",
+	"settings.access_token.no_repositories_found": "Níor aimsíodh aon stórtha.",
+	"settings.access_token.remove": "Bain %s",
+	"settings.access_token.resource_all_help": "Ceadaigh rochtain ar na hacmhainní go léir.",
+	"settings.access_token.resource_public_only_help": "Teorainn a chur le rochtain ar stórtha agus ar eagraíochtaí atá poiblí.",
+	"settings.access_token.resource_specific_repo_help": "Teorainn a chur le rochtain ar liosta sonrach stórtha. Ceadaítear rochtain léite amháin do gach stór poiblí. Ní féidir ach ceadanna a chumasú a cheadaíonn rochtain ar stórtha agus ar shaincheisteanna.",
+	"settings.access_token.admin_disabled": "Tá ceadanna riaracháin díchumasaithe.",
+	"user.activitypub_feed.feed": "Beatha Fediverse",
+	"user.activitypub_feed.no_activity": "Gan aon ghníomhaíocht ilghnéitheach",
+	"user.activitypub_feed.is_empty": "Tá do bheatha fediverse folamh.",
+	"user.activitypub_feed.hint": "Taispeánann an fotha seo gníomhaíochtaí ó chuntais fediverse a leanann tú, chomh maith le poist chónaidhme inar luaigh tú.",
+	"user.activitypub_feed.posted_on": "Postáilte ar %[1]s",
+	"user.activitypub_feed.original_source": "Foinse bhunaidh",
+	"counters.n_commits": {
+		"one": "%s tiomantas",
+		"two": "%s tiomantais",
+		"few": "%s tiomantais",
+		"many": "%s tiomantais",
+		"other": "%s tiomantais"
+	},
+	"counters.n_branches": {
+		"one": "%s brainse",
+		"two": "%s brainsí",
+		"few": "%s brainsí",
+		"many": "%s brainsí",
+		"other": "%s brainsí"
+	},
+	"counters.n_tags": {
+		"one": "%s clib",
+		"two": "%s clibeanna",
+		"few": "%s clibeanna",
+		"many": "%s clibeanna",
+		"other": "%s clibeanna"
+	},
+	"counters.n_releases": {
+		"one": "%s eisiúint",
+		"two": "%s eisiúintí",
+		"few": "%s eisiúintí",
+		"many": "%s eisiúintí",
+		"other": "%s eisiúintí"
+	},
+	"access_token.error.specified_repos_none": "Ní mór stór amháin ar a laghad a bheith ag comharthaí rochtana le stórtha sonraithe.",
+	"access_token.error.specified_repos_and_public_only": "Ní féidir comharthaí rochtana le stórtha sonraithe a chomhcheangal leis an raon feidhme poiblí amháin.",
+	"access_token.error.specified_repos_and_invalid_scope": "Ní féidir comharthaí rochtana le stórtha sonraithe a úsáid ach leis na raonta read:issue, write:issue, read:repository, agus write:repository.",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Comhartha",
+	"actions.runners.ephemeral": "Sealadach",
+	"actions.runners.version": "Leagan",
+	"actions.runners.list_runners.details_column": "Sonraí",
+	"actions.runners.list_runners.edit_column": "Cuir in Eagar",
+	"actions.runners.list_runners.delete_column": "Scrios",
+	"actions.runners.list_runners.details_button": "Sonraí",
+	"actions.runners.list_runners.details_button_aria": "Taispeáin sonraí %s",
+	"actions.runners.list_runners.delete_button": "Scrios",
+	"actions.runners.list_runners.delete_button_aria": "Scrios %s",
+	"actions.runners.list_runners.edit_button": "Cuir in Eagar",
+	"actions.runners.list_runners.edit_button_aria": "Cuir in Eagar %s",
+	"actions.runners.ephemeral.yes": "tá",
+	"actions.runners.ephemeral.no": "níl",
+	"actions.runners.task_list_repo": "Tascanna le déanaí den stórlann seo ar an rithire seo",
+	"actions.runners.task_list_org": "Tascanna le déanaí ar an rithire seo laistigh den eagraíocht seo",
+	"actions.runners.task_list_admin": "Tascanna le déanaí ar an rithire seo",
+	"actions.runners.task_list_user": "Tascanna le déanaí an úsáideora seo ar an rithire seo",
+	"actions.runners.edit_runner_button": "Cuir an rithire in eagar",
+	"actions.runners.create_runner.page_title": "Cruthaigh reathaí nua",
+	"actions.runners.create_runner.title": "Cruthaigh reathaí nua",
+	"actions.runners.create_runner.properties_fieldset": "Airíonna",
+	"actions.runners.create_runner.name_label": "Ainm",
+	"actions.runners.create_runner.description_label": "Cur síos",
+	"actions.runners.create_runner.create_button": "Cruthaigh",
+	"actions.runners.create_runner.cancel_button": "Cealaigh",
+	"actions.runners.edit_runner.page_title": "Cuir an ritheoir %s in eagar",
+	"actions.runners.edit_runner.title": "Cuir an ritheoir %s in eagar",
+	"actions.runners.edit_runner.properties_fieldset": "Airíonna",
+	"actions.runners.edit_runner.properties_options": "Roghanna",
+	"actions.runners.edit_runner.name_label": "Ainm",
+	"actions.runners.edit_runner.description_label": "Cur síos",
+	"actions.runners.edit_runner.regenerate_token_label": "Athghin an comhartha",
+	"actions.runners.edit_runner.regenerate_token_help": "Cuirfear an comhartha atá ann cheana ar neamhní láithreach. Gheobhaidh tú comhartha nua ar an gcéad leathanach eile.",
+	"actions.runners.edit_runner.save_button": "Sábháil",
+	"actions.runners.edit_runner.cancel_button": "Cealaigh",
+	"actions.runners.runner_setup.title": "Socraigh an ritheoir %s",
+	"actions.runners.show_registration_token": "Taispeáin comhartha clárúcháin",
+	"actions.runners.runner_details.page_title": "Rithóir %s",
+	"actions.runners.runner_details.labels_note": "Sainmhínítear lipéid an rithóir i gcomhad cumraíochta Forgejo Runner nó cuirtear ar aghaidh iad mar rogha líne ordaithe. Nuashonraítear iad gach uair a bhunaíonn Forgejo Runner nasc le Forgejo.",
+	"actions.runners.runner_setup.page_title": "Socraigh an ritheoir %s",
+	"actions.runners.runner_setup.list_of_runners_link": "Liosta reathaithe",
+	"actions.runners.runner_setup.last_chance_copying_token": "Cóipeáil an comhartha anois mar ní bheidh tú in ann é a fheiceáil arís!",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Cóipeáil UUID an ritheora",
+	"actions.runners.runner_setup.button_copy_token_aria": "Cóipeáil comhartha reathaí",
+	"actions.runners.runner_setup.heading_using_configuration": "Ag baint úsáide as an gcomhad cumraíochta reathaí",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Sleachta le cur isteach i gcumraíocht an rithire",
+	"actions.runners.runner_setup.program_options_snippet_aria": "Conas forgejo-runner a ghairm",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Cuir luach de do thaitin leat in ionad ainm an naisc (<code>forgejo</code> sa sampla).",
+	"actions.runners.runner_setup.heading_using_options": "Ag baint úsáide as roghanna cláir",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Chun Forgejo Runner a chumrú agus é ag rith i gcoimeádáin nó i gcumraíochtaí ardleibhéil, féach ar an <a href=\"%s\">doiciméadú</a>.",
+	"actions.runners.reset_registration_token.token": "Comhartha Clárúcháin (Imithe as Feidhm)",
+	"actions.runs.scheduled_description": "Rith sceidealaithe de thiomnú <a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "Rith an tiomnúcháin <a href=\"%[1]s\">%[2]s</a> spreagtha ag <a href=\"%[3]s\">%[4]s</a>",
+	"actions.runs.on_push_description": "Tiomnú <a href=\"%[1]s\">%[2]s</a> brúite ag <a href=\"%[3]s\">%[4]s</a>",
+	"actions.workflow.unknown_job_in_needs": "Tagraíonn post leis an ID %[1]s do phoist anaithnide i `needs`: %[2]s.",
+	"actions.workflow.rerun_impossible": "Ní féidir an sreabhadh oibre a athrith.",
+	"actions.workflow.job_rerun_impossible": "Ní féidir an post a athrith.",
+	"actions.secrets.edit_button": "Cuir rún \"%s\" in eagar",
+	"actions.secrets.mutation.header": "Cuir rún \"%s\" in eagar",
+	"actions.secrets.mutation.success_message": "Tá an rún \"%s\" nuashonraithe.",
+	"actions.secrets.mutation.failure_message": "Níorbh fhéidir an rún \"%s\" a nuashonrú.",
+	"actions.secrets.mutation.name_description": "Ní féidir ach litreacha, uimhreacha agus fo-línte a bheith in ainm rúnda. Ní féidir leis tosú le FORGEJO_, GITEA_, GITHUB_, ná uimhir. Déanfaidh Forgejo é a thiontú go huachtarlitir go huathoibríoch.",
+	"actions.secrets.mutation.value_description": "Ní thaispeánfar an luach atá ann cheana. Fág an réimse folamh mura mian leat é a mhodhnú. Coinnítear carachtair speisialta. Déantar CRLF (briseadh líne de stíl Windows) a thiontú go huathoibríoch go LF. Ionchódaigh an luach le Base64 más ceart briseadh líne a choinneáil.",
+	"members.add_member": "Cuir ball leis",
+	"members.user": "Úsáideoir",
+	"members.user_already_member": "Is ball den eagraíocht an t-úsáideoir seo cheana féin.",
+	"members.no_team_selected": "Ní mór do bhaill na heagraíochta a bheith ina mbaill de fhoireann amháin ar a laghad.",
+	"form.RunnerName": "Ainm",
+	"graphs.recent_commits.title": "Líon na ngealltanas le bliain anuas",
+	"graphs.code_frequency.title": "Minicíocht chód thar stair {0}"
 }
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index 4380c58640..38e74714bc 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -1,19 +1,23 @@
 {
 	"counters.n_commits": {
 		"one": "%s commit",
-		"other": "%s commit"
+		"many": "%s commit",
+		"other": ""
 	},
 	"counters.n_branches": {
 		"one": "%s ramo",
-		"other": "%s rami"
+		"many": "%s rami",
+		"other": ""
 	},
 	"counters.n_tags": {
 		"one": "%s etichetta",
-		"other": "%s etichette"
+		"many": "%s etichette",
+		"other": ""
 	},
 	"counters.n_releases": {
 		"one": "%s rilascio",
-		"other": "%s rilasci"
+		"many": "%s rilasci",
+		"other": ""
 	},
 	"gpg.default_key": "Firmato con la chiave predefinita",
 	"gpg.error.extract_sign": "Impossibile ricavare la firma",
@@ -464,8 +468,8 @@
 	"moderation.action.comment.delete": "Elimina commento",
 	"moderation.action.account.suspend": "Sospendi profilo",
 	"repo.issues.filter_reviewers.hint": "Filtra per utente che ha recensito",
-	"repo.issues.filter_mention.hint": "Filtra per utente menzionato",
-	"repo.issues.filter_modified.hint": "Filtra per ultima data modificata",
+	"repo.issues.filter_mention.hint": "Filtra per utente menzionatə",
+	"repo.issues.filter_modified.hint": "Filtra per ultima modifica",
 	"repo.issues.filter_sort.hint_with_placeholder": "Ordina per: %s",
 	"issues.updated": "aggiornato %s",
 	"issues.filters.labels.exclude": "Escludi etichetta",
@@ -480,5 +484,9 @@
 	"search.syntax": "Sintassi di ricerca",
 	"search.fuzzy": "Fuzzy",
 	"search.fuzzy_tooltip": "Includere i risultati è una corrispondenza approssimativa al termine di ricerca",
-	"install.ssh_authorized_keys_inspection_error": "Ispezione del file authorized_keys esistente fallito: %v"
+	"install.ssh_authorized_keys_inspection_error": "Ispezione del file authorized_keys esistente fallito: %v",
+	"repo.issues.filter_poster.hint": "Filtra per autore",
+	"repo.issues.filter_assignee.hint": "Filtra per utente assegnatə",
+	"repo.pulls.auto_merge.no_permission": "Non hai i permessi di annullare l'immissione automatica di questa richiesta di modifica.",
+	"repo.pulls.poster_manage_approval": "Gestisci approvazione"
 }
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index 1b777db276..01329826e9 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -106,5 +106,33 @@
 		"one": "%d n wesrag aya",
 		"other": "%d n yesragen aya"
 	},
-	"packages.settings.delete": "Kkes akemmus"
+	"packages.settings.delete": "Kkes akemmus",
+	"actions.actions": "Tigawin",
+	"actions.runners.token": "Tiddest",
+	"actions.runners.list_runners.edit_column": "Ẓreg",
+	"actions.runners.list_runners.delete_column": "Kkes",
+	"actions.runners.list_runners.details_button": "Talqayt",
+	"actions.runners.list_runners.delete_button": "Kkes",
+	"actions.runners.list_runners.edit_button": "Ẓreg",
+	"actions.runners.ephemeral.yes": "ih",
+	"actions.runners.ephemeral.no": "uhu",
+	"actions.runners.list_runners.details_column": "Talqayt",
+	"actions.runners.create_runner.name_label": "Isem",
+	"actions.runners.create_runner.description_label": "Aglam",
+	"actions.runners.create_runner.create_button": "Snulfu-d",
+	"actions.runners.create_runner.cancel_button": "Semmet",
+	"actions.runners.edit_runner.properties_options": "Tixtiṛiyin",
+	"actions.runners.edit_runner.name_label": "Isem",
+	"actions.runners.edit_runner.description_label": "Aglam",
+	"actions.runners.edit_runner.save_button": "Sekles",
+	"actions.runners.edit_runner.cancel_button": "Semmet",
+	"form.RunnerName": "Isem",
+	"members.user": "Aseqdac",
+	"actions.runners.version": "Lqem",
+	"admin.federation.host.schema": "Azenziɣ",
+	"admin.federation.host.port": "Tawwurt",
+	"admin.federation.host.software_name": "Aseɣẓan",
+	"admin.federation.users": "Iseqdacen",
+	"admin.federation.user.id": "Asulay ID",
+	"admin.config.federation.enabled": "D urmid"
 }
diff --git a/options/locale_next/locale_kw.json b/options/locale_next/locale_kw.json
new file mode 100644
index 0000000000..00322101ea
--- /dev/null
+++ b/options/locale_next/locale_kw.json
@@ -0,0 +1,3 @@
+{
+	"home.welcome.no_activity": "Nyns eys aktivita"
+}
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 3910315bd6..0482456367 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -1,17 +1,21 @@
 {
 	"counters.n_commits": {
+		"zero": "%s iesūtījumu",
 		"one": "%s iesūtījums",
 		"other": "%s iesūtījumi"
 	},
 	"counters.n_branches": {
+		"zero": "%s zaru",
 		"one": "%s zars",
 		"other": "%s zari"
 	},
 	"counters.n_tags": {
+		"zero": "%s birku",
 		"one": "%s birka",
 		"other": "%s birkas"
 	},
 	"counters.n_releases": {
+		"zero": "%s laidienu",
 		"one": "%s laidiens",
 		"other": "%s laidieni"
 	},
@@ -102,17 +106,17 @@
 	"packages.cargo.install": "Lai uzstādītu pakotni ar Cargo, jāizpilda šī komanda:",
 	"packages.chef.registry": "Iestatīt šo reģistru datnē <code>~/.chef/config.rb</code>:",
 	"packages.composer.registry": "Iestatīt šo reģistru datnē <code>~/.composer/config.json</code>:",
-	"packages.composer.install": "Lai uzstādīt pakotni ar Composer, jāizpilda šī komanda:",
+	"packages.composer.install": "Lai uzstādītu pakotni ar Composer, jāizpilda šī komanda:",
 	"packages.composer.dependencies.development": "Izstrādes atkarības",
 	"packages.conan.install": "Lai uzstādītu pakotni ar Conan, jāizpilda šī komanda:",
-	"packages.conda.registry": "Izveidot šo reģistru kā Conda glabātavu datnē <code>.condarc</code>:",
+	"packages.conda.registry": "Iestatīt šo reģistru kā Conda glabātavu datnē <code>.condarc</code>:",
 	"packages.conda.install": "Lai uzstādītu pakotni ar Conda, jāizpilda šī komanda:",
 	"packages.container.images.title": "Attēli",
 	"packages.container.details.type": "Attēla veids",
 	"packages.container.details.platform": "Platforma",
 	"packages.container.pull": "Atgādāt attēlu komandrindā:",
 	"packages.container.digest": "Īssavilkums",
-	"packages.container.multi_arch": "OS / arhitektūra",
+	"packages.container.multi_arch": "OS/arhitektūra",
 	"packages.container.layers": "Attēla slāņi",
 	"packages.container.labels": "Iezīmes",
 	"packages.container.labels.key": "Atslēga",
@@ -120,19 +124,19 @@
 	"packages.cran.registry": "Iestatīt šo reģistru datnē <code>Rprofile.site</code>:",
 	"packages.debian.registry.info": "No zemāk esošā saraksta jāizvēlas $distribution un $component.",
 	"packages.debian.repository.distributions": "Distribūcijas",
-	"packages.debian.repository.components": "Komponentes",
+	"packages.debian.repository.components": "Sastāvdaļas",
 	"packages.debian.repository.architectures": "Arhitektūras",
-	"packages.generic.download": "Lejupielādēt pakotni, izmantojot, komandrindu:",
+	"packages.generic.download": "Lejupielādēt pakotni komandrindā:",
 	"packages.go.install": "Uzstādīt pakotni komandrindā:",
 	"packages.maven.registry": "Iestatīt šo reģistru sava projekta datnē <code>pom.xml</code>:",
 	"packages.maven.install": "Lai izmantotu pakotni, datnes <code>pom.xml</code> sadaļā <code>dependencies</code> jāievieto šīs rindas:",
 	"packages.maven.install2": "Jāizpilda komandrindā:",
-	"packages.maven.download": "Jāizpilda komandrindā, lai lejupielādētu šo atkarību:",
+	"packages.maven.download": "Lai lejupielādētu atkarību, komandrindā jāizpilda:",
 	"packages.nuget.install": "Lai uzstādītu pakotni ar NuGet, jāizpilda šī komanda:",
-	"packages.nuget.dependency.framework": "Mērķa ietvars",
+	"packages.nuget.dependency.framework": "Mērķa satvars",
 	"packages.npm.registry": "Iestatīt šo reģistru sava projekta datnē <code>.npmrc</code>:",
 	"packages.npm.install": "Lai uzstādītu pakotni ar npm, jāizpilda šī komanda:",
-	"packages.npm.install2": "vai datnē package.json jāpievieno:",
+	"packages.npm.install2": "vai jāpievieno datnē package.json:",
 	"packages.npm.dependencies.development": "Izstrādes atkarības",
 	"packages.npm.dependencies.bundle": "Iekļautās atkarības",
 	"packages.npm.dependencies.peer": "Līdzatkarības",
@@ -149,28 +153,28 @@
 	"packages.alt.repository.architectures": "Arhitektūras",
 	"packages.alt.repository.multiple_groups": "Šī pakotne ir pieejama vairākās kopās.",
 	"packages.rubygems.install": "Lai uzstādītu pakotni ar gem, jāizpilda šī komanda:",
-	"packages.rubygems.install2": "vai jāpievieno tas Gemfile:",
+	"packages.rubygems.install2": "vai jāpievieno tā Gemfile:",
 	"packages.rubygems.dependencies.runtime": "Izpildlaika atkarības",
 	"packages.rubygems.dependencies.development": "Izstrādes atkarības",
-	"packages.rubygems.required.ruby": "Nepieciešamā Ruby versija",
-	"packages.rubygems.required.rubygems": "Nepieciešamā RubyGem versija",
+	"packages.rubygems.required.ruby": "Nepieciešama Ruby versija",
+	"packages.rubygems.required.rubygems": "Nepieciešama RubyGem versija",
 	"packages.swift.install": "Pakotne jāpievieno datnē <code>Package.swift</code>:",
-	"packages.swift.install2": "vai jāpievieno tā Gemfile:",
+	"packages.swift.install2": "un jāizpilda šī komanda:",
 	"packages.vagrant.install": "Lai pievienotu Vagrant kasti, jāizpilda šī komanda:",
-	"packages.settings.link": "Piesaistīt šo pakotni glabātavai",
+	"packages.settings.link": "Sasaistīt šo pakotni ar glabātavu",
 	"packages.settings.link.description": "Ja pakotne tiek sasaistīta ar glabātavu, tā tiek attēlota glabātavas pakotņu sarakstā.",
 	"packages.settings.link.select": "Atlasīt glabātavu",
 	"packages.settings.link.button": "Atjaunināt glabātavas saiti",
 	"packages.settings.link.success": "Glabātavas saite tika sekmīgi atjaunināta.",
 	"packages.settings.link.error": "Neizdevās atjaunināt glabātavas saiti.",
 	"packages.settings.delete": "Izdzēst pakotni",
-	"packages.settings.delete.description": "Pakotne tiks neatgriezeniski izdzēsta.",
+	"packages.settings.delete.description": "Pakotnes izdzēšana ir neatgriezeniska, un to nevar atdarīt.",
 	"packages.settings.delete.notice": "Tiks izdzēsta pakotne %s (%s). Šī darbība ir neatgriezeniska. Tiešām turpināt?",
 	"packages.settings.delete.success": "Pakotne tika izdzēsta.",
 	"packages.settings.delete.error": "Neizdevās izdzēst pakotni.",
 	"packages.owner.settings.cargo.title": "Cargo reģistra inkdess",
 	"packages.owner.settings.cargo.initialize": "Sāknēt indeksu",
-	"packages.owner.settings.cargo.initialize.description": "Ir nepieciešams īpaša indeksa Git glabātava, lai izmantotu Cargo reģistru. Šīs iespējas izmantošana (atkārtoti) izveidos glabātavu un automātiski to iestatīs.",
+	"packages.owner.settings.cargo.initialize.description": "Ir nepieciešams īpaša indeksa Git glabātava, lai izmantotu Cargo reģistru. Šīs iespējas izmantošana (atkārtoti) izveidos glabātavu un to automātiski iestatīs.",
 	"packages.owner.settings.cargo.initialize.error": "Neizdevās sāknēt Cargo indeksu: %v",
 	"packages.owner.settings.cargo.initialize.success": "Cargo indekss tika sekmīgi izveidots.",
 	"packages.owner.settings.cargo.rebuild": "Pārbūvēt indeksu",
@@ -191,13 +195,13 @@
 	"packages.owner.settings.cleanuprules.keep.pattern": "Paturēt versijas, kas atbilst",
 	"packages.owner.settings.cleanuprules.keep.pattern.container": "Versija <code>latest</code> vienmēr tiks paturēta konteineru pakotnēm.",
 	"packages.owner.settings.cleanuprules.remove.title": "Versijas, kas atbilst šīm kārtulām, tiks noņemtas, ja vien augstāk esošā kārtula nenosaka, ka tās ir jāpatur.",
-	"packages.owner.settings.cleanuprules.remove.days": "Noņemt versijas vecākas kā",
+	"packages.owner.settings.cleanuprules.remove.days": "Noņemt versijas, kas ir vecākas par",
 	"packages.owner.settings.cleanuprules.remove.pattern": "Noņemt versijas, kas atbilst",
 	"packages.owner.settings.cleanuprules.success.update": "Notīrīšanas kārtula tika atjaunināta.",
 	"packages.owner.settings.cleanuprules.success.delete": "Notīrīšanas kārtula tika izdzēsta.",
 	"packages.owner.settings.chef.title": "Chef reģistrs",
 	"packages.owner.settings.chef.keypair": "Izveidot atslēgu pāri",
-	"packages.owner.settings.chef.keypair.description": "Pieprasījumiem, kuri tiek nosūtīti Chef reģistram, jābūt kriptogrāfiski parakstītam, kas ir autentificēšanās līdzeklis. Kad tiek izveidots atslēgu pāris, Forgejo tiek glabāta tikai publiskā atslēga. Privātā atslēga tiek sniegta, lai to izmantotu ar komandrindas rīku knife. Jauna atslēgu pāra izveidošana aizvietos iepriekšējo.",
+	"packages.owner.settings.chef.keypair.description": "Pieprasījumiem, kuri tiek nosūtīti Chef reģistram, jābūt kriptogrāfiski parakstītiem, kas ir autentificēšanās līdzeklis. Kad tiek izveidots atslēgu pāris, Forgejo tiek glabāta tikai publiskā atslēga. Privātā atslēga tiek sniegta, lai to izmantotu ar komandrindas rīku knife. Jauna atslēgu pāra izveidošana aizvietos iepriekšējo.",
 	"fork.n_forks": {
 		"zero": "%s atzarojumu",
 		"one": "%s atzarojums",
@@ -353,16 +357,16 @@
 	"migrate.items.wiki": "Vikivietni",
 	"migrate.items.milestones": "Atskaites punktus",
 	"migrate.items.labels": "Iezīmes",
-	"migrate.items.issues": "Pieteikumi",
+	"migrate.items.issues": "Pieteikumus",
 	"migrate.items.pull_requests": "Izmaiņu pieprasījumus",
-	"migrate.items.merge_requests": "Iekļaušanas pieprasījumi",
+	"migrate.items.merge_requests": "Iekļaušanas pieprasījumus",
 	"migrate.items.releases": "Laidienus",
 	"migrate.in_progress.git": "Pārceļ Git datus",
 	"migrate.in_progress.topics": "Pārceļ tēmas",
 	"migrate.in_progress.milestones": "Pārceļ atskaites punktus",
 	"migrate.in_progress.labels": "Pārceļ iezīmes",
 	"migrate.in_progress.releases": "Pārceļ laidienus",
-	"migrate.in_progress.issues": "Pārnes pieteikumus",
+	"migrate.in_progress.issues": "Pārceļ pieteikumus",
 	"migrate.in_progress.pulls": "Pārceļ izmaiņu pieprasījumus",
 	"migrate.cancel.title": "Atcelt pārcelšanu",
 	"migrate.cancel.confirmation": "Vai atcelt šo pārcelšanu?",
@@ -385,7 +389,7 @@
 	"actions.runs.all_workflows": "Visas darbplūsmas",
 	"actions.runs.workflow": "Darbplūsma",
 	"actions.runs.invalid_workflow_helper": "Darbplūsmas konfigurācijas datne ir nederīga. Lūgums pārbaudīt konfigurācijas datni: %s",
-	"actions.runs.no_matching_online_runner.helper": "Nav tiešsaistē esošu izpildītāju, kas atbilstu iezīmei: %s",
+	"actions.runs.no_matching_online_runner.helper": "Nav tiešsaistē esošu izpildītāju ar iezīmi: %s",
 	"actions.runs.no_job_without_needs": "Darbplūsmā ir jābūt vismaz vienam darbam bez atkarībām.",
 	"actions.runs.no_job": "Darbplūsmā ir jābūt vismaz vienam darbam",
 	"actions.runs.actor": "Izraisītājs",
@@ -398,7 +402,7 @@
 	"actions.runners": "Izpildītāji",
 	"actions.runners.runner_manage_panel": "Pārvaldīt izpildītājus",
 	"actions.runners.new": "Izveidot jaunu izpildītāju",
-	"actions.runners.new_notice": "Kā uzstādīt izpildītāju",
+	"actions.runners.new_notice": "Kā palaist izpildītāju",
 	"actions.runners.status": "Stāvoklis",
 	"actions.runners.status.unspecified": "Nezināms",
 	"actions.runners.status.idle": "Dīkstāvē",
@@ -408,7 +412,7 @@
 	"actions.runners.owner_type": "Veids",
 	"actions.runners.description": "Apraksts",
 	"actions.runners.labels": "Iezīmes",
-	"actions.runners.last_online": "Pēdējo reizi tiešsaistē",
+	"actions.runners.last_online": "Pēdējā reize tiešsaistē",
 	"actions.runners.runner_title": "Izpildītājs %s",
 	"actions.runners.task_list.no_tasks": "Vēl nav uzdevumu.",
 	"actions.runners.task_list.run": "Izpildījums",
@@ -422,9 +426,9 @@
 	"actions.runners.delete_runner.failed": "Neizdevās izdzēst izpildītāju",
 	"actions.runners.delete_runner.header": "Apstiprināt izpildītāja izdzēšanu",
 	"actions.runners.delete_runner.notice": "Ja šis izpildītājs veic kādus uzdevumus, tad tie tiks apturēti un atzīmēti kā neizdevušies. Tas var sabojāt būvēšanas darbplūsmas.",
-	"actions.runners.none": "Nav pieejami izpildītāji",
-	"actions.runners.reset_registration_token.button": "Atiestatīt reģistrācijas pilnvaru",
-	"actions.runners.reset_registration_token.success": "Izpildītāja reģistrācijas pilnvara tika sekmīgi atiestatīta",
+	"actions.runners.none": "Nav pieejams neviens izpildītājs",
+	"actions.runners.reset_registration_token.button": "Atiestatīt reģistrēšanās pilnvaru",
+	"actions.runners.reset_registration_token.success": "Izpildītāja reģistrēšanās pilnvara tika sekmīgi atiestatīta",
 	"repo.pulls.maintainers_can_edit": "Uzturētāji var labot šo izmaiņu pieprasījumu.",
 	"repo.pulls.maintainers_cannot_edit": "Uzturētāji nevar labot šo izmaiņu pieprasījumu.",
 	"pulse.n_active_issues": {
@@ -546,5 +550,39 @@
 	"packages.common.install": "Lai uzstādītu pakotni, jāizpilda šī komanda:",
 	"packages.common.registry": "Šis reģistrs ir iestatāms komandrindā:",
 	"packages.common.repository": "Informācija par glabātavu",
-	"actions.runs.all_runs_link": "visas izpildīšanas"
+	"actions.runs.all_runs_link": "visas izpildīšanas",
+	"settings.access_token.selected_repositories": {
+		"zero": "Atlasītās glabātavas (%d)",
+		"one": "Atlasītās glabātavas (%d)",
+		"other": "Atlasītās glabātavas (%d)"
+	},
+	"repo.issues.filter_sort.hint_with_placeholder": "Kārtot pēc: %s",
+	"repo.pulls.auto_merge.no_permission": "Nav atļaujas atcelt šī izmaiņu pieprasījuma automātisko iekļaušanu.",
+	"migrate.select.title": "Pārcelt glabātavu",
+	"admin.federation.host.id": "Id",
+	"admin.federation.host.port": "Ports",
+	"admin.federation.host.software_name": "Programmatūra",
+	"admin.federation.host.created": "Izveidots",
+	"admin.federation.host.updated": "Atjaunināts",
+	"admin.federation.host.latest_activity": "Pēdējā darbība",
+	"admin.federation.users": "Lietotāji",
+	"admin.federation.users.show_local_user": "Rādīt vietējo informāciju par lietotāju",
+	"admin.federation.user.id": "Id",
+	"admin.federation.user.user_id": "Vietējais lietotāja Id",
+	"admin.federation.user.external_id": "Ārējais lietotāja Id",
+	"admin.config.federation.enabled": "Iespējota",
+	"admin.config.federation.max_size": "Lielākais pieļaujamais atbildes izmērs",
+	"admin.config.federation.signature_enforced": "Pieprasīt HTTP parakstus",
+	"admin.config.federation.signature_algorithms": "Parakstu algoritmi",
+	"admin.config.federation.get_headers": "Parakstītas GET galvenes",
+	"admin.config.federation.post_headers": "Parakstītas POST galvenes",
+	"settings.specific_repo_access": "Glabātavas piekļuve",
+	"settings.new_access_token": "Jauna piekļuves pilnvara",
+	"settings.permissions_access_specific_repositories": "Noteiktām glabātavām",
+	"settings.access_token.available_repositories": "Pieejamās glabātavas",
+	"settings.access_token.no_repositories_selected": "Nav atlasīta neviena glabātava.",
+	"settings.access_token.no_repositories_found": "Nav atrasta neviena glabātava.",
+	"settings.access_token.remove": "Noņemt %s",
+	"settings.access_token.resource_all_help": "Ļaut piekļuvi visiem resursiem.",
+	"settings.access_token.resource_public_only_help": "Ļaut piekļuvi tikai visiem pieejamām glabātavām un apvienībām."
 }
diff --git a/options/locale_next/locale_mk.json b/options/locale_next/locale_mk.json
index 0967ef424b..c4c884f041 100644
--- a/options/locale_next/locale_mk.json
+++ b/options/locale_next/locale_mk.json
@@ -1 +1,4 @@
-{}
+{
+	"home.welcome.no_activity": "Нема активност",
+	"home.welcome.activity_hint": "Сè уште нема ништо во вашиот фид. Вашите активности и дејства од репозиториумите што ги следите ќе се појават овде."
+}
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index d409733f59..8a4cde599f 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -586,7 +586,7 @@
 	"actions.runners.ephemeral": "Körttiedig",
 	"actions.runners.runner_details.labels_note": "De Vermarkens vun de Loper worden in de Inrichtens-Datei vun Forgejo Runner fastleggt of as Oorderreeg-Instellen angeven. Se worden elkeen Maal verneeit, wenn Forgejo Runner sik mit Forgejo verbinnt.",
 	"actions.runners.runner_setup.instruction_replace_connection_name": "Wessel de Verbinnens-Naam (<code>forgejo</code> im Bispööl) mit eenem Weert na dienem Smaak ut.",
-	"actions.runners.runner_setup.instruction_advanced_configurations": "Um Forgejo Runner so intorichten, dat dat in Behälters löppt, of för kumplizeertere Inrichtens, bekiek de <a href=\"https://TO-BE-REPLACED.COM\">Dokumenteren</a>.",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Um Forgejo Runner so intorichten, dat dat in Behälters löppt, of för kumplizeertere Inrichtens, bekiek de <a href=\"%s\">Dokumenteren</a>.",
 	"actions.runners.task_list_repo": "Leste Upgaven vun deesem Repositorium up deesem Loper",
 	"actions.runners.task_list_org": "Leste Upgaven up deesem Loper in deeser Vereenigung",
 	"actions.runners.task_list_admin": "Leste Upgaven up deesem Loper",
@@ -619,5 +619,47 @@
 	"members.add_member": "Liddmaat hentofögen",
 	"members.user": "Bruker",
 	"members.user_already_member": "Deeser Bruker is al een Liddmaat vun deeser Vereenigung.",
-	"members.no_team_selected": "Vereenigungs-Liddmaten mutten to tominnst eener Klottje tohören."
+	"members.no_team_selected": "Vereenigungs-Liddmaten mutten to tominnst eener Klottje tohören.",
+	"migrate.select.title": "Repositorium umtrecken",
+	"actions.runners.version": "Versioon",
+	"admin.federation.federation": "Verdeeltheid",
+	"admin.federation.hosts": "Hosts",
+	"admin.federation.hosts.title": "Verdeeltheids-Hosts",
+	"admin.federation.hosts.manage_panel": "Verdeeltheid-Hosts verwalten",
+	"admin.federation.hosts.details_panel": "Verdeeltheids-Host-Informatioonen",
+	"admin.federation.hosts.show_details": "Informatioonen över de Host wiesen",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.schema": "Schema",
+	"admin.federation.host.port": "Poort",
+	"admin.federation.host.created": "Maakt",
+	"admin.federation.host.updated": "Verneeit",
+	"admin.federation.users": "Brukers",
+	"admin.federation.users.title": "Verdeelt Brukers",
+	"admin.federation.users.manage_panel": "Verdeelt Brukers verwalten",
+	"admin.federation.users.show_local_user": "Informatioonen över stedenwies Bruker wiesen",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "ID vum stedenwies Bruker",
+	"admin.federation.user.external_id": "ID vum frömden Bruker",
+	"admin.config.federation": "Verdeeltheids-Instellens",
+	"admin.config.federation.enabled": "Anknipst",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.software_name": "Programm",
+	"admin.federation.host.latest_activity": "Lestes Doon",
+	"admin.federation.user.inbox_path": "Ingangs-Padd",
+	"admin.config.federation.share_user_statistics": "Tahlen över Brukers mit anner Hosts delen",
+	"admin.config.federation.max_size": "Hoogste verlöövt Antwoord-Grött",
+	"admin.config.federation.signature_enforced": "HTTP-Unnerschrievens verlangen",
+	"admin.config.federation.signature_algorithms": "Unnerschriev-Programmen",
+	"admin.config.federation.digest_algorithm": "Unnerschrift-Prüüfsumm-Programm",
+	"admin.config.federation.get_headers": "Unnerschreven GET-Koppriegen",
+	"admin.config.federation.post_headers": "Unnerschreven POST-Koppriegen",
+	"actions.workflow.unknown_job_in_needs": "Upgaav mit ID %[1]s benöömt unbekannte Upgaven in `needs`: %[2]s.",
+	"actions.workflow.rerun_impossible": "De Warkwies kann nich weer lopen laten worden.",
+	"actions.workflow.job_rerun_impossible": "De Upgaav kann nich weer lopen laten worden.",
+	"user.activitypub_feed.feed": "Fediversum-Schuuv",
+	"user.activitypub_feed.no_activity": "Keen Fediversums-Doon",
+	"user.activitypub_feed.is_empty": "Dien Fediversum-Schuuv is leeg.",
+	"user.activitypub_feed.hint": "Deeser Schuuv wiest Doon vun Fediversums-Konten, wat du nagahst, un ok verdeelte Kommentaren, wat di benöömt hebben.",
+	"user.activitypub_feed.posted_on": "Up %[1]s schreven",
+	"user.activitypub_feed.original_source": "Eerste Quell"
 }
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index c824dd23fc..7764ee840f 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -541,5 +541,111 @@
 	"settings.access_token.remove": "Verwijder %s",
 	"settings.access_token.resource_all_help": "Toegang tot alle bronnen toestaan.",
 	"settings.access_token.resource_public_only_help": "Toegang tot repositories en organisaties die openbaar zijn beperken.",
-	"actions.runners.list_runners.delete_column": "Verwijder"
+	"actions.runners.list_runners.delete_column": "Verwijder",
+	"admin.federation.host.software_name": "Software",
+	"repo.pulls.auto_merge.no_permission": "U heeft geen rechten voor het afbreken van deze pull requets's auto merge",
+	"migrate.select.title": "Migreer repositorie",
+	"admin.federation.federation": "Federeren",
+	"admin.federation.hosts": "Servers",
+	"admin.federation.hosts.title": "Federeerservers",
+	"admin.federation.hosts.manage_panel": "Beheer federeerservers",
+	"admin.federation.hosts.details_panel": "Federeerserver details",
+	"admin.federation.hosts.show_details": "Toon server details",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "Schema",
+	"admin.federation.host.port": "Poort",
+	"admin.federation.host.created": "Aangemaakt",
+	"admin.federation.host.updated": "Bijgewerkt",
+	"admin.federation.host.latest_activity": "Laatste activiteit",
+	"admin.federation.users": "Gebruikers",
+	"admin.federation.users.title": "Gefedereerde gebruikers",
+	"admin.federation.users.manage_panel": "Beheer gefedereerde gebruikers",
+	"admin.federation.users.show_local_user": "Toon lokale gebruikerdetails",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "Lokale gebruikersID",
+	"admin.federation.user.external_id": "Externe gebruikersID",
+	"admin.federation.user.inbox_path": "Inboxpad",
+	"admin.config.federation": "Federeerconfiguratie",
+	"admin.config.federation.enabled": "Ingeschakeld",
+	"admin.config.federation.share_user_statistics": "Deel gebruikersstatistieken met andere servers",
+	"admin.config.federation.max_size": "Maximaal toegestane responsegrootte",
+	"admin.config.federation.signature_enforced": "Vereist HTTP handtekeningen",
+	"admin.config.federation.signature_algorithms": "Handtekeningalgoritmes",
+	"admin.config.federation.digest_algorithm": "Handtekening-hashalgoritme",
+	"admin.config.federation.get_headers": "Ondertekende GET headers",
+	"admin.config.federation.post_headers": "Ondertekende POST headers",
+	"settings.new_access_token": "Nieuw acces token",
+	"settings.access_token.selected_repositories": {
+		"one": "Geselecteerde repositorie (%d)",
+		"other": "Geselecteerde repositories (%d)"
+	},
+	"settings.access_token.resource_specific_repo_help": "Beperk toegang tot een specifieke lijst aan repositories. Alleen-lezen toegang is toegestaan voor alle openbare repositories. Alleen permissies die toegang geven tot repositories en issues kunnen aangezet worden.",
+	"settings.access_token.admin_disabled": "Beheerrechten zijn uitgeschakeld.",
+	"user.activitypub_feed.no_activity": "Geen fediverse-activiteit",
+	"user.activitypub_feed.is_empty": "Uw fediverse-feed is leeg.",
+	"user.activitypub_feed.hint": "Deze feed toont activiteiten van fediverse accounts die u volgt, alsook van gefedereerde boodschappen die u vermelden.",
+	"user.activitypub_feed.posted_on": "Gepost op %[1]s",
+	"actions.runners.list_runners.delete_button_aria": "Verwijder %s",
+	"actions.runners.list_runners.edit_button": "Wijzig",
+	"actions.runners.list_runners.edit_button_aria": "Wijzig %s",
+	"actions.runners.ephemeral.yes": "ja",
+	"actions.runners.ephemeral.no": "nee",
+	"actions.runners.task_list_repo": "Recente taken van deze repositorie op deze runner",
+	"actions.runners.task_list_org": "Recente taken van deze runner binnen deze organisatie",
+	"actions.runners.task_list_admin": "Recente taken op deze runner",
+	"actions.runners.task_list_user": "Recente taken van deze gebruiker op deze runner",
+	"actions.runners.edit_runner_button": "Wijzig runner",
+	"actions.runners.create_runner.page_title": "Maak nieuwe runner",
+	"actions.runners.create_runner.title": "Maak nieuwe runner",
+	"actions.runners.create_runner.properties_fieldset": "Eigenschappen",
+	"actions.runners.create_runner.name_label": "Naam",
+	"actions.runners.create_runner.description_label": "Omschrijving",
+	"actions.runners.create_runner.create_button": "Maak",
+	"actions.runners.create_runner.cancel_button": "Afbreken",
+	"actions.runners.edit_runner.page_title": "Wijzig runner %s",
+	"actions.runners.edit_runner.title": "Wijzig runner %s",
+	"actions.runners.edit_runner.properties_fieldset": "Eigenschappen",
+	"actions.runners.edit_runner.properties_options": "Opties",
+	"actions.runners.edit_runner.name_label": "Naam",
+	"actions.runners.edit_runner.description_label": "Omschrijving",
+	"actions.runners.edit_runner.regenerate_token_label": "Regenereer token",
+	"actions.runners.edit_runner.regenerate_token_help": "De bestaande token zal meteen ongeldig worden gemaakt. U krijgt een nieuwe token op de volgende pagina.",
+	"actions.runners.edit_runner.save_button": "Opslaan",
+	"actions.runners.edit_runner.cancel_button": "Afbreken",
+	"actions.runners.runner_setup.title": "Configureer runner %s",
+	"actions.runners.show_registration_token": "Toon registratie token",
+	"actions.runners.runner_details.page_title": "Runner %s",
+	"actions.runners.runner_details.labels_note": "De runner's labels zijn gedefinieerd in het configuratiebestand van de Forgejo Runner of gedefinieerd als optie op de commandoregel. Ze worden elke keer dat de Forgejo Runner een verbinding met Forgejo maakt geactualiseerd.",
+	"actions.runners.runner_setup.page_title": "Configureer runner %s",
+	"actions.runners.runner_setup.list_of_runners_link": "Lijst van runners",
+	"actions.runners.runner_setup.last_chance_copying_token": "Kopieer nu het token want u kunt het hierna niet meer raadplegen!",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Kopieer runner UUID",
+	"actions.runners.runner_setup.button_copy_token_aria": "Kopieer runner token",
+	"actions.runners.runner_setup.heading_using_configuration": "Gebruik van het runner-configuratiebestand",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Fragment om in de runnerconfiguratie op te nemen",
+	"actions.runners.runner_setup.program_options_snippet_aria": "Hoe de forgejo-runner te gebruiken",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Vervang de verbindingsnaam (<code>forgejo</code> in dit voorbeeld) met de door u gekozen waarde.",
+	"actions.runners.runner_setup.heading_using_options": "Programmaopties gebruiken",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Voor het configureren van Forgejo Runner die in containers draait of voor geavanceerde configuraties, zie de <a href=\"%s\">documentatie</a>.",
+	"actions.runners.reset_registration_token.token": "Registratietoken (verouderd)",
+	"actions.runs.scheduled_description": "Geplande run van commit <a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "Run van commit <a href=\"%[1]s\">%[2]s</a> getriggerd door <a href=\"%[3]s\">%[4]s</a>",
+	"actions.runs.on_push_description": "Commit <a href=\"%[1]s\">%[2]s</a> gepusht door <a href=\"%[3]s\">%[4]s</a>",
+	"actions.workflow.unknown_job_in_needs": "Taak met ID %[1]s refereert aan onbekende taken in `nodig`: %[2]s.",
+	"actions.workflow.rerun_impossible": "De workflow kan niet opnieuw gedraaid worden.",
+	"actions.workflow.job_rerun_impossible": "De taak kan niet opnieuw gedraaid worden.",
+	"actions.secrets.edit_button": "Wijzig geheim \"%s\"",
+	"actions.secrets.mutation.header": "Wijzig geheim \"%s\"",
+	"actions.secrets.mutation.success_message": "Het geheim \"%s\" is gewijzigd.",
+	"actions.secrets.mutation.failure_message": "Het geheim \"%s\" kon niet worden gewijzigd.",
+	"actions.secrets.mutation.name_description": "De naam van een geheim mag alleen letters, cijfers en underscores bevatten. Deze mag niet beginnen met FORGEJO_, GITEA_, GITHUB_ of een cijfer. Forgejo zet de naam automatisch om naar hoofdletters.",
+	"actions.secrets.mutation.value_description": "De bestaande waarde wordt niet weergegeven. Laat het veld leeg als je deze niet wilt wijzigen. Speciale tekens blijven behouden. CRLF (Windows-regelafbrekingen) wordt automatisch omgezet naar LF. Converteer de waarde naar Base64 als regelafbrekingen behouden moeten blijven.",
+	"members.add_member": "Voeg lid toe",
+	"members.user": "Gebruiker",
+	"members.user_already_member": "Deze gebruiker is al lid van deze organisatie.",
+	"members.no_team_selected": "Organisatieleden moeten bij minimaal één team zijn aangesloten.",
+	"form.RunnerName": "Naam",
+	"graphs.recent_commits.title": "Aantal commits in het afgelopen jaar",
+	"graphs.code_frequency.title": "Codefrequentie over de geschiedenis van {0}"
 }
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index 0b1177271d..5112d30036 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -1,19 +1,23 @@
 {
 	"counters.n_commits": {
 		"one": "%s cometimento",
-		"other": "%s cometimentos"
+		"many": "%s cometimentos",
+		"other": ""
 	},
 	"counters.n_branches": {
 		"one": "%s ramo",
-		"other": "%s ramos"
+		"many": "%s ramos",
+		"other": ""
 	},
 	"counters.n_tags": {
 		"one": "%s etiqueta",
-		"other": "%s etiquetas"
+		"many": "%s etiquetas",
+		"other": ""
 	},
 	"counters.n_releases": {
 		"one": "%s lançamento",
-		"other": "%s lançamentos"
+		"many": "%s lançamentos",
+		"other": ""
 	},
 	"gpg.default_key": "Assinado com a chave padrão",
 	"gpg.error.extract_sign": "Falhou ao extrair a assinatura",
@@ -600,7 +604,7 @@
 	"actions.runners.runner_setup.program_options_snippet_aria": "Como iniciar o forgejo-runner",
 	"actions.runners.runner_setup.instruction_replace_connection_name": "Substitua o nome da ligação (<code>forgejo</code> no exemplo) por um valor à sua escolha.",
 	"actions.runners.runner_setup.heading_using_options": "Utilizando as opções do programa",
-	"actions.runners.runner_setup.instruction_advanced_configurations": "Para configurar o Forgejo Runner em containers ou em configurações avançadas, consulte a <a href=\"https://TO-BE-REPLACED.COM\">documentação</a>.",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Para configurar o Forgejo Runner em containers ou em configurações avançadas, consulte a <a href=\"%s\">documentação</a>.",
 	"form.RunnerName": "Nome",
 	"settings.new_access_token": "Novo token de acesso",
 	"settings.permissions_access_specific_repositories": "Repositórios específicos",
@@ -631,5 +635,51 @@
 	"graphs.code_frequency.title": "Frequência do código ao longo da história de {0}",
 	"actions.runs.scheduled_description": "Execução agendada do cometimento <a href=\"%[1]s\">%[2]s</a>",
 	"actions.runs.workflow_dispatch_description": "Execução do commit <a href=\"%[1]s\">%[2]s</a> acionada por <a href=\"%[3]s\">%[4]s</a>",
-	"actions.runs.on_push_description": "Cometimento <a href=\"%[1]s\">%[2]s</a> enviado por <a href=\"%[3]s\">%[4]s</a>"
+	"actions.runs.on_push_description": "Cometimento <a href=\"%[1]s\">%[2]s</a> enviado por <a href=\"%[3]s\">%[4]s</a>",
+	"migrate.select.title": "Migrar repositório",
+	"members.add_member": "Adicionar membro",
+	"members.user": "Utilizador",
+	"members.user_already_member": "Este utilizador já é membro da organização.",
+	"members.no_team_selected": "Os membros da organização devem pertencer a, pelo menos, uma equipa.",
+	"admin.federation.federation": "Federação",
+	"admin.federation.hosts": "Servidores",
+	"admin.federation.hosts.title": "Servidores da federação",
+	"admin.federation.hosts.manage_panel": "Gerir servidores da federação",
+	"admin.federation.hosts.details_panel": "Detalhes do servidor da federação",
+	"admin.federation.hosts.show_details": "Mostrar detalhes do servidor",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "Esquema",
+	"admin.federation.host.port": "Porto",
+	"admin.federation.host.software_name": "Software",
+	"admin.federation.host.created": "Criado",
+	"admin.federation.host.updated": "Atualizado",
+	"admin.federation.host.latest_activity": "Atividade mais recente",
+	"admin.federation.users": "Utilizadores",
+	"admin.federation.users.title": "Utilizadores federados",
+	"admin.federation.users.manage_panel": "Gerir utilizadores federados",
+	"admin.federation.users.show_local_user": "Mostrar detalhes do utilizador local",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "ID do utilizador local",
+	"admin.federation.user.external_id": "ID do utilizador externo",
+	"admin.federation.user.inbox_path": "Caminho da caixa de entrada",
+	"admin.config.federation": "Configuração da federação",
+	"admin.config.federation.enabled": "Habilitado",
+	"admin.config.federation.share_user_statistics": "Partilhar estatísticas de utilizadores com outros servidores",
+	"admin.config.federation.max_size": "Tamanho máximo permitido da resposta",
+	"admin.config.federation.signature_enforced": "Exigir assinaturas HTTP",
+	"admin.config.federation.signature_algorithms": "Algoritmos de assinatura",
+	"admin.config.federation.digest_algorithm": "Algoritmo de resumo da assinatura",
+	"admin.config.federation.get_headers": "Cabeçalhos GET assinados",
+	"admin.config.federation.post_headers": "Cabeçalhos POST assinados",
+	"user.activitypub_feed.feed": "Feed do Fediverso",
+	"user.activitypub_feed.no_activity": "Sem atividade no fediverso",
+	"user.activitypub_feed.is_empty": "O seu feed do fediverso está vazio.",
+	"user.activitypub_feed.hint": "Este feed mostra as atividades das contas do fediverso que segue, bem como as publicações federadas que o mencionaram.",
+	"user.activitypub_feed.posted_on": "Publicado em %[1]s",
+	"user.activitypub_feed.original_source": "Fonte original",
+	"actions.runners.version": "Versão",
+	"actions.workflow.unknown_job_in_needs": "O trabalho com o ID %[1]s faz referência a trabalhos desconhecidos em `needs`: %[2]s.",
+	"actions.workflow.rerun_impossible": "A sequência de trabalho não pode ser executada novamente.",
+	"actions.workflow.job_rerun_impossible": "O trabalho não pode ser executado novamente."
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 5837e7d425..957ab7b848 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -1,18 +1,22 @@
 {
 	"counters.n_commits": {
 		"one": "%s коммит",
+		"few": "%s коммита",
 		"many": "%s коммитов"
 	},
 	"counters.n_branches": {
 		"one": "%s ветвь",
+		"few": "%s ветви",
 		"many": "%s ветвей"
 	},
 	"counters.n_tags": {
 		"one": "%s тег",
+		"few": "%s тега",
 		"many": "%s тегов"
 	},
 	"counters.n_releases": {
 		"one": "%s выпуск",
+		"few": "%s выпуска",
 		"many": "%s выпусков"
 	},
 	"gpg.default_key": "Подписано ключом по умолчанию",
@@ -360,13 +364,13 @@
 	"migrate.gitbucket.description": "Перенести данные с сервера GitBucket.",
 	"migrate.codebase.description": "Перенести данные с codebasehq.com.",
 	"migrate.forgejo.description": "Перенести данные с codeberg.org или другого сервера Forgejo.",
-	"migrate.items.label": "Переносимые элементы",
+	"migrate.items.label": "Элементы для переноса",
 	"migrate.items.wiki": "Вики",
 	"migrate.items.milestones": "Этапы",
 	"migrate.items.labels": "Метки",
 	"migrate.items.issues": "Задачи",
-	"migrate.items.pull_requests": "Запросы на слияние",
-	"migrate.items.merge_requests": "Запросы на слияние",
+	"migrate.items.pull_requests": "Запросы слияний",
+	"migrate.items.merge_requests": "Запросы слияний",
 	"migrate.items.releases": "Выпуски",
 	"migrate.in_progress.git": "Перенос данных Git",
 	"migrate.in_progress.topics": "Перенос тем",
@@ -374,9 +378,9 @@
 	"migrate.in_progress.labels": "Перенос меток",
 	"migrate.in_progress.releases": "Перенос выпусков",
 	"migrate.in_progress.issues": "Перенос задач",
-	"migrate.in_progress.pulls": "Перенос запросов на слияние",
+	"migrate.in_progress.pulls": "Перенос запросов слияний",
 	"migrate.cancel.title": "Отменить перенос",
-	"migrate.cancel.confirmation": "Вы хотите отменить перенос?",
+	"migrate.cancel.confirmation": "Отменить перенос репозитория?",
 	"user.ghost.tooltip": "Пользователь удалён или неизвестен.",
 	"migrate.form.error.url_credentials": "Ссылка содержит данные авторизации. Поместите их в соответствующие поля",
 	"actions.runs.run_attempt_label": "Попытка №%[1]s (%[2]s)",
@@ -609,5 +613,33 @@
 	"actions.runners.create_runner.page_title": "Новый исполнитель",
 	"actions.runners.create_runner.create_button": "Создать",
 	"actions.runners.create_runner.cancel_button": "Отмена",
-	"actions.runners.show_registration_token": "Показать токен регистрации"
+	"actions.runners.show_registration_token": "Показать токен регистрации",
+	"migrate.select.title": "Перенос репозитория",
+	"actions.runners.edit_runner.page_title": "Изменение исполнителя %s",
+	"actions.runners.edit_runner.save_button": "Сохранить",
+	"actions.runners.edit_runner.description_label": "Описание",
+	"actions.runners.runner_details.page_title": "Исполнитель %s",
+	"admin.federation.federation": "Федерация",
+	"admin.federation.host.id": "ИД",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "Схема",
+	"admin.federation.host.port": "Порт",
+	"admin.federation.host.created": "Создан",
+	"admin.federation.host.updated": "Обновлён",
+	"admin.federation.host.latest_activity": "Недавняя активность",
+	"admin.federation.users": "Пользователи",
+	"admin.federation.user.id": "ИД",
+	"admin.config.federation": "Настройки федерации",
+	"admin.config.federation.enabled": "Включена",
+	"admin.config.federation.max_size": "Макс. разрешённый размер ответа",
+	"admin.config.federation.signature_enforced": "Требовать подписи HTTP",
+	"admin.config.federation.signature_algorithms": "Алгоритмы подписей",
+	"user.activitypub_feed.feed": "Феди-лента",
+	"actions.runners.version": "Версия",
+	"actions.runners.edit_runner.title": "Изменить исполнителя %s",
+	"actions.runners.edit_runner.properties_fieldset": "Свойства",
+	"actions.runners.edit_runner.cancel_button": "Отмена",
+	"actions.workflow.rerun_impossible": "Раб. поток невозможно выполнить повторно.",
+	"actions.workflow.job_rerun_impossible": "Задание невозможно выполнить повторно.",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Для настройки исполнителя Forgejo Действий в контейнерах и др. расширенных настроек, обратитесь к <a href=\"%s\">документации</a>."
 }
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index 90e27fb73a..eace1abac5 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -584,7 +584,7 @@
 	"actions.runners.list_runners.delete_button": "Ta bort",
 	"actions.runners.runner_setup.instruction_replace_connection_name": "Ersätt anslutningsnamnet (<code>forgejo</code> i exemplet) med ett värde.",
 	"actions.runners.runner_setup.heading_using_options": "Använder programval",
-	"actions.runners.runner_setup.instruction_advanced_configurations": "För konfiguration av Forgejo Runner i containrar eller för avancerade konfigurationer, se <a href=\"https://TO-BE-REPLACED.COM\">dokumentationen.</a>.",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "För konfiguration av Forgejo Runner i containrar eller för avancerade konfigurationer, se <a href=\"%s\">dokumentationen</a>.",
 	"actions.runners.reset_registration_token.token": "Registreringstoken (Föråldrad)",
 	"form.RunnerName": "Namn",
 	"settings.new_access_token": "Ny åtkomsttoken",
@@ -600,10 +600,10 @@
 		"other": "Valda kodförråd (%d)"
 	},
 	"settings.access_token.available_repositories": "Tillgängliga kodförråd",
-	"settings.access_token.no_repositories_selected": "Inga valda kodförråd",
+	"settings.access_token.no_repositories_selected": "Inga valda kodförråd.",
 	"settings.access_token.no_repositories_found": "Fann inga kodförråd.",
 	"settings.access_token.remove": "Ta bort %s",
-	"settings.access_token.resource_all_help": "Tillåt åtkomst till alla resurser",
+	"settings.access_token.resource_all_help": "Tillåt åtkomst till alla resurser.",
 	"settings.access_token.resource_public_only_help": "Begränsa tillgången till publika kodförråd och organisationer.",
 	"settings.access_token.admin_disabled": "Administrativa rättigheter är inaktiverade.",
 	"actions.secrets.edit_button": "Redigera hemlighet \"%s\"",
@@ -619,5 +619,47 @@
 	"members.add_member": "Lägg till medlem",
 	"members.user": "Användare",
 	"members.user_already_member": "Den här användaren är redan medlem i organisationen.",
-	"members.no_team_selected": "Organisationsmedlemmar måste tillhöra minst ett lag."
+	"members.no_team_selected": "Organisationsmedlemmar måste tillhöra minst ett lag.",
+	"migrate.select.title": "Migrera kodförråd",
+	"admin.federation.federation": "Federation",
+	"admin.federation.hosts": "servrar",
+	"admin.federation.hosts.title": "Federationsservrar",
+	"admin.federation.hosts.manage_panel": "Hantera federationsservrar",
+	"admin.federation.hosts.details_panel": "Detaljer för federationsserver",
+	"admin.federation.hosts.show_details": "Visa serverdetaljer",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "Schema",
+	"admin.federation.host.port": "Port",
+	"admin.federation.host.software_name": "Programvara",
+	"admin.federation.host.created": "Skapad",
+	"admin.federation.host.updated": "Uppdaterad",
+	"admin.federation.host.latest_activity": "Senaste aktivitet",
+	"admin.federation.users": "Användare",
+	"admin.federation.users.title": "Federerade användare",
+	"admin.federation.users.manage_panel": "Hantera federerade användare",
+	"admin.federation.users.show_local_user": "Visa lokala användaruppgifter",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "Lokalt användar-ID",
+	"admin.federation.user.external_id": "Externt användar-ID",
+	"admin.config.federation": "Federationskonfiguration",
+	"admin.config.federation.enabled": "Aktiverad",
+	"admin.config.federation.share_user_statistics": "Dela användarstatistik med andra värdar",
+	"admin.config.federation.max_size": "Maximal tillåten svarsstorlek",
+	"admin.config.federation.signature_enforced": "Kräv HTTP-signaturer",
+	"admin.config.federation.signature_algorithms": "Signaturalgoritmer",
+	"admin.config.federation.digest_algorithm": "Signatursammanfattning algoritm",
+	"admin.config.federation.get_headers": "Signerade GET-rubriker",
+	"admin.config.federation.post_headers": "Signerade POST-rubriker",
+	"actions.runners.version": "Version",
+	"admin.federation.user.inbox_path": "Inkorgssökväg",
+	"user.activitypub_feed.feed": "Fediversum flöde",
+	"user.activitypub_feed.no_activity": "Ingen fediversum aktivitet",
+	"user.activitypub_feed.is_empty": "Ditt fediversum dlöde är tomt.",
+	"user.activitypub_feed.hint": "Detta flöde visar aktiviteter från fediversum konton som du följer, såväl som federerade inlägg som nämner dig.",
+	"user.activitypub_feed.posted_on": "Postat på %[1]s",
+	"user.activitypub_feed.original_source": "Ursprunglig källa",
+	"actions.workflow.unknown_job_in_needs": "Jobb med ID %[1]s refererar till okända jobb i `needs`: %[2]s.",
+	"actions.workflow.rerun_impossible": "Arbetsflödet kan inte köras om.",
+	"actions.workflow.job_rerun_impossible": "Jobbet kan inte köras om."
 }
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index d58c1dbd76..ba1b832e4c 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -1,25 +1,29 @@
 {
 	"counters.n_commits": {
 		"one": "%s коміт",
+		"few": "%s коміти",
 		"many": "%s комітів"
 	},
 	"counters.n_branches": {
 		"one": "%s гілка",
+		"few": "%s гілки",
 		"many": "%s гілок"
 	},
 	"counters.n_tags": {
 		"one": "%s тег",
+		"few": "%s теги",
 		"many": "%s тегів"
 	},
 	"counters.n_releases": {
 		"one": "%s випуск",
+		"few": "%s випуски",
 		"many": "%s випусків"
 	},
 	"gpg.default_key": "Підписано типовим ключем",
 	"gpg.error.extract_sign": "Не вдалося витягти підпис",
 	"gpg.error.generate_hash": "Не вдалося згенерувати хеш коміту",
 	"gpg.error.no_committer_account": "Електронна пошта автора не пов’язана із жодним обліковим записом",
-	"gpg.error.no_gpg_keys_found": "Не вдалося знайти GPG-ключ, що відповідає даному підпису",
+	"gpg.error.no_gpg_keys_found": "Не вдалося знайти ключ, що відповідає даному підпису",
 	"gpg.error.not_signed_commit": "Непідписаний коміт",
 	"gpg.error.failed_retrieval_gpg_keys": "Не вдалось отримати ключ, пов’язаний з обліковим записом комітера",
 	"gpg.error.probable_bad_signature": "УВАГА! Хоча ключ із таким ID і є в базі, цей коміт неможливо ним перевірити! Цей коміт ПІДОЗРІЛИЙ.",
@@ -595,7 +599,7 @@
 	"actions.runners.runner_setup.last_chance_copying_token": "Скопіюйте токен зараз, оскільки ви більше його не побачите!",
 	"actions.runners.runner_setup.program_options_snippet_aria": "Як викликати forgejo-runner",
 	"actions.runners.runner_setup.instruction_replace_connection_name": "Замініть назву з’єднання (у прикладі — <code>forgejo</code>) на значення, яке вам до вподоби.",
-	"actions.runners.runner_setup.instruction_advanced_configurations": "Щоб налаштувати роботу Forgejo Runner у контейнерах або про розширені налаштування читайте в <a href=\"https://TO-BE-REPLACED.COM\">документації</a>.",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Як налаштувати Forgejo Runner для роботи в контейнерах або з розширеними налаштуваннями, читайте в <a href=\"%s\">документації</a>.",
 	"actions.runners.runner_setup.configuration_snippet_aria": "Фрагмент для вставки в конфігурацію ранера",
 	"actions.runners.runner_details.labels_note": "Мітки ранера вказуються у файлі конфігурації Forgejo Runner або передаються як параметри командного рядка. Вони оновлюються щоразу, коли Forgejo Runner встановлює з’єднання з Forgejo.",
 	"actions.runners.runner_setup.heading_using_options": "Використання налаштувань програми",
@@ -635,5 +639,47 @@
 	"members.add_member": "Додати учасника",
 	"members.user": "Користувач",
 	"members.user_already_member": "Цей користувач уже є учасником організації.",
-	"members.no_team_selected": "Учасники організації повинні входити принаймні до однієї команди."
+	"members.no_team_selected": "Учасники організації повинні входити принаймні до однієї команди.",
+	"migrate.select.title": "Перенести репозиторій",
+	"actions.runners.version": "Версія",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.created": "Створено",
+	"admin.federation.host.updated": "Оновлено",
+	"admin.federation.federation": "Федерація",
+	"admin.federation.host.port": "Порт",
+	"admin.federation.host.software_name": "Програмне забезпечення",
+	"admin.config.federation.enabled": "Увімкнено",
+	"admin.federation.host.id": "ID",
+	"admin.federation.user.id": "ID",
+	"admin.federation.hosts": "Хости",
+	"admin.federation.hosts.title": "Хости федерації",
+	"admin.federation.host.schema": "Схема",
+	"admin.federation.users": "Користувачі",
+	"admin.config.federation": "Налаштування федерації",
+	"admin.config.federation.post_headers": "Підписані заголовки POST",
+	"admin.config.federation.get_headers": "Підписані заголовки GET",
+	"admin.config.federation.signature_algorithms": "Алгоритми підпису",
+	"admin.config.federation.signature_enforced": "Вимагати підписів HTTP",
+	"actions.workflow.rerun_impossible": "Робочий потік неможливо перезапустити.",
+	"actions.workflow.job_rerun_impossible": "Завдання неможливо перезапустити.",
+	"actions.workflow.unknown_job_in_needs": "Завдання з ID %[1]s посилається на невідомі завдання в `needs`: %[2]s.",
+	"admin.config.federation.digest_algorithm": "Алгоритм контрольної суми підпису",
+	"admin.config.federation.max_size": "Максимальний розмір відповіді",
+	"admin.config.federation.share_user_statistics": "Ділитися статистикою користувачів з іншими хостами",
+	"admin.federation.user.inbox_path": "Шлях до вхідних",
+	"admin.federation.hosts.manage_panel": "Керування хостами федерації",
+	"admin.federation.hosts.details_panel": "Інформація про хост",
+	"admin.federation.hosts.show_details": "Показати дані про хост",
+	"admin.federation.users.show_local_user": "Показати дані про локальних користувачів",
+	"admin.federation.host.latest_activity": "Остання активність",
+	"admin.federation.users.title": "Користувачі федерації",
+	"admin.federation.users.manage_panel": "Керування користувачами федерації",
+	"admin.federation.user.user_id": "Локальний ID користувача",
+	"admin.federation.user.external_id": "Зовнішній ID користувача",
+	"user.activitypub_feed.feed": "Стрічка Федісвіту",
+	"user.activitypub_feed.posted_on": "Опубліковано %[1]s",
+	"user.activitypub_feed.no_activity": "Немає подій Федісвіту",
+	"user.activitypub_feed.is_empty": "Ваша стрічка Федісвіту порожня.",
+	"user.activitypub_feed.original_source": "Першоджерело",
+	"user.activitypub_feed.hint": "У цій стрічці відображається діяльність облікових записів Федісвіту, на які ви підписані, а також федеративні публікації, в яких вас згадано."
 }
diff --git a/options/locale_next/locale_uz.json b/options/locale_next/locale_uz.json
index 21fc022cd5..e6199dd11f 100644
--- a/options/locale_next/locale_uz.json
+++ b/options/locale_next/locale_uz.json
@@ -1,37 +1,37 @@
 {
-	"home.explore_repos": "Omborlarni kashf etish",
-	"home.explore_users": "Foydalanuvchilarni kashf etish",
+	"home.explore_repos": "Repolarni kezish",
+	"home.explore_users": "Foydalanuvchilarni kezish",
 	"home.explore_orgs": "`tashkilotlarni` kashf etish",
-	"stars.list.none": "Hech kim bu omborga yulduz bosmagan.",
+	"stars.list.none": "Hech kim bu repoga yulduz bosmagan.",
 	"watch.list.none": "Bu ombor hech kimning ko'ruv'ida emas",
 	"followers.incoming.list.self.none": "Hech kim sizning profilingizga tirkalmagan.",
-	"followers.incoming.list.none": "Hech kim bu foydalanuvchiga tirkalmagan.",
+	"followers.incoming.list.none": "Hech kim bu foydalanuvchiga obuga boʻlmagan.",
 	"followers.outgoing.list.self.none": "Siz hech kimga tirkalmagansiz.",
 	"followers.outgoing.list.none": "%s hech kimga tirkalmagan.",
 	"relativetime.now": "hozir",
 	"relativetime.future": "kelajakda",
 	"relativetime.mins": {
-		"one": "%d daqiqa oldin.",
+		"one": "%d daqiqa oldin",
 		"other": "%d daqiqa oldin."
 	},
 	"relativetime.hours": {
-		"one": "%d soat oldin.",
+		"one": "%d soat oldin",
 		"other": "%d soat oldin."
 	},
 	"relativetime.days": {
-		"one": "%d kun oldin.",
+		"one": "%d kun oldin",
 		"other": "%d kun oldin."
 	},
 	"relativetime.weeks": {
-		"one": "%d hafta oldin.",
+		"one": "%d hafta oldin",
 		"other": "%d hafta oldin."
 	},
 	"relativetime.months": {
-		"one": "%d oy oldin.",
+		"one": "%d oy oldin",
 		"other": "%d oy oldin."
 	},
 	"relativetime.years": {
-		"one": "%d yil oldin.",
+		"one": "%d yil oldin",
 		"other": "%d yil oldin."
 	},
 	"relativetime.1day": "kecha",
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index fc00da3eb7..68a5344621 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -1,20 +1,8 @@
 {
-	"counters.n_commits": {
-		"one": "%s提交",
-		"other": "%s提交"
-	},
-	"counters.n_branches": {
-		"one": "%s分支",
-		"other": "%s分支"
-	},
-	"counters.n_tags": {
-		"one": "%s标签",
-		"other": "%s标签"
-	},
-	"counters.n_releases": {
-		"one": "%s版本发布",
-		"other": "%s版本发布"
-	},
+	"counters.n_commits": "%s笔提交",
+	"counters.n_branches": "%s个分支",
+	"counters.n_tags": "%s个标签",
+	"counters.n_releases": "%s个发布版本",
 	"gpg.default_key": "使用默认密钥签名",
 	"gpg.error.extract_sign": "无法提取签名",
 	"gpg.error.generate_hash": "无法生成提交散列",
@@ -300,7 +288,7 @@
 	"migrate.gitbucket.description": "从GitBucket实例迁移数据。",
 	"migrate.codebase.description": "从codebasehq.com迁移数据。",
 	"migrate.forgejo.description": "从codeberg.org或其他Forgejo实例迁移数据。",
-	"migrate.items.label": "迁移项目",
+	"migrate.items.label": "迁移内容",
 	"migrate.items.wiki": "百科",
 	"migrate.items.milestones": "里程碑",
 	"migrate.items.labels": "标签",
@@ -308,15 +296,15 @@
 	"migrate.items.pull_requests": "合并请求",
 	"migrate.items.merge_requests": "合并请求",
 	"migrate.items.releases": "版本发布",
-	"migrate.in_progress.git": "迁移Git数据",
+	"migrate.in_progress.git": "正在迁移Git数据",
 	"migrate.in_progress.topics": "正在迁移主题",
 	"migrate.in_progress.milestones": "正在迁移里程碑",
 	"migrate.in_progress.labels": "正在迁移标签",
-	"migrate.in_progress.releases": "正在迁移发布",
+	"migrate.in_progress.releases": "正在迁移版本发布",
 	"migrate.in_progress.issues": "正在迁移议题",
 	"migrate.in_progress.pulls": "正在迁移合并请求",
 	"migrate.cancel.title": "取消迁移",
-	"migrate.cancel.confirmation": "您想要取消此次迁移吗？",
+	"migrate.cancel.confirmation": "确定要取消此次迁移吗？",
 	"warning.repository.out_of_sync": "此仓库的数据库表示已脱同步。如果在向此仓库推送提交后仍出现此警告，请联系管理员。",
 	"admin.config.security": "安全设置",
 	"settings.twofa_unroll_unavailable": "你的账户必须启用双因子认证，无法禁用。",
@@ -539,7 +527,7 @@
 	"actions.runners.runner_setup.program_options_snippet_aria": "如何调用forgejo-runner",
 	"actions.runners.runner_setup.instruction_replace_connection_name": "将连接名（例子中的<code>forgejo</code>）替换为你喜欢的值。",
 	"actions.runners.runner_setup.heading_using_options": "使用命令行选项",
-	"actions.runners.runner_setup.instruction_advanced_configurations": "参见<a href=\"https://TO-BE-REPLACED.COM\">文档</a>以了解如何配置运行在容器中的Forgejo Runner及其他高级配置。",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "参见<a href=\"%s\">文档</a>以了解如何配置运行在容器中的Forgejo Runner及其他高级配置。",
 	"actions.runners.reset_registration_token.token": "注册令牌（已弃用）",
 	"form.RunnerName": "名称",
 	"settings.new_access_token": "创建访问令牌",
@@ -570,6 +558,7 @@
 	"actions.secrets.mutation.value_description": "现有值不会显示，留空以保留现有值。特殊字符会被保留，CRLF（Windows式换行符）会被转换为LF；要保留换行符，请使用Base64编码。",
 	"members.add_member": "添加成员",
 	"members.user": "用户",
-	"members.user_already_member": "该用户已经是当前组织的成员。",
-	"members.no_team_selected": "组织成员至少属于一个团队。"
+	"members.user_already_member": "该用户已是组织成员。",
+	"members.no_team_selected": "组织成员至少要属于一个团队。",
+	"migrate.select.title": "迁移仓库"
 }

From 1cd81146a9790be2574d8ddec78481cff1e09829 Mon Sep 17 00:00:00 2001
From: Michael Kriese <michael.kriese@visualon.de>
Date: Wed, 15 Apr 2026 20:25:23 +0200
Subject: [PATCH 689/854] fix: improve runner list and details view (#12113)

- shrink runner list width (use icons, move details link to runner name)
- add owner to runner details on admin view
- #11516 removed a lot details which makes it much harder for an admin to find a specific runner

---
### admin list
![image](/attachments/7dd28e5b-6332-48b1-b545-2fc2b83e5368)

### admin org runner details
![image](/attachments/da972377-d401-41fe-8a17-d78824d6d714)

### admin repo runner
![image](/attachments/489e71c2-6087-4441-ad72-695ef0e04161)

### individual list
![image](/attachments/5618b962-0964-415f-a820-e673001f4007)

### individual runner details
![image](/attachments/5799c212-37d5-4047-965f-60952ee7c74c)

### tooltips for edit and delete
![image](/attachments/bcfb9358-0bf3-4d3f-a73c-66fb8e63eb67) ![image](/attachments/63b1c9e5-2fd3-4cc3-9f88-e0a1cf410769)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12113
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
---
 options/locale_next/locale_en-US.json        |   3 -
 templates/shared/actions/runner_details.tmpl |   8 ++
 templates/shared/actions/runner_list.tmpl    |  16 ++-
 tests/e2e/runner-management.test.e2e.ts      | 124 +++++++++++--------
 4 files changed, 85 insertions(+), 66 deletions(-)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 5581806e80..85a21ef28d 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -516,11 +516,8 @@
 	"actions.runners.labels": "Labels",
 	"actions.runners.version": "Version",
 	"actions.runners.last_online": "Last online time",
-	"actions.runners.list_runners.details_column": "Details",
 	"actions.runners.list_runners.edit_column": "Edit",
 	"actions.runners.list_runners.delete_column": "Delete",
-	"actions.runners.list_runners.details_button": "Details",
-	"actions.runners.list_runners.details_button_aria": "Show details of %s",
 	"actions.runners.list_runners.delete_button": "Delete",
 	"actions.runners.list_runners.delete_button_aria": "Delete %s",
 	"actions.runners.list_runners.edit_button": "Edit",
diff --git a/templates/shared/actions/runner_details.tmpl b/templates/shared/actions/runner_details.tmpl
index f50e96482a..537dd766f6 100644
--- a/templates/shared/actions/runner_details.tmpl
+++ b/templates/shared/actions/runner_details.tmpl
@@ -23,6 +23,14 @@
 					{{.Runner.BelongsToOwnerType.LocaleString ctx.Locale}}
 				</dd>
 			</div>
+			{{if and $.PageIsAdmin .Runner.BelongsToOwnerName}}
+			<div class="item">
+				<dt>{{.Runner.BelongsToOwnerType.LocaleString ctx.Locale}}</dt>
+				<dd>
+					{{.Runner.BelongsToOwnerName}}
+				</dd>
+			</div>
+			{{end}}
 			<div class="item">
 				<dt>{{ctx.Locale.Tr "actions.runners.labels"}}</dt>
 				<dd class="tw-flex tw-items-start tw-flex-wrap tw-gap-2">
diff --git a/templates/shared/actions/runner_list.tmpl b/templates/shared/actions/runner_list.tmpl
index 88c354b7cf..bb5e292528 100644
--- a/templates/shared/actions/runner_list.tmpl
+++ b/templates/shared/actions/runner_list.tmpl
@@ -57,9 +57,6 @@
 						{{ctx.Locale.Tr "actions.runners.status"}}
 						{{SortArrow "online" "offline" .SortType false}}
 					</th>
-					<th scope="col">
-						<span class="tw-sr-only">{{ctx.Locale.Tr "actions.runners.list_runners.details_column"}}</span>
-					</th>
 					<th scope="col">
 						<span class="tw-sr-only">{{ctx.Locale.Tr "actions.runners.list_runners.edit_column"}}</span>
 					</th>
@@ -72,7 +69,7 @@
 				{{range .Runners}}
 				<tr>
 					<td>
-						<div class="tw-font-medium">{{.Name}}</div>
+						<div class="tw-font-medium"><a href="{{$.Link}}/{{.ID}}" class="runner-action-link" tabindex="0">{{.Name}}</a></div>
 						<div class="tw-mt-1">{{.UUID}}</div>
 					</td>
 					<td class="tw-flex tw-items-start tw-flex-wrap tw-gap-2">
@@ -86,6 +83,10 @@
 					</td>
 					<td>
 						{{.BelongsToOwnerType.LocaleString ctx.Locale}}
+						{{if and $.PageIsAdmin .BelongsToOwnerName}}
+							<br>
+							<small>{{.BelongsToOwnerName}}</small>
+						{{end}}
 					</td>
 					<td>
 						<div class="tw-flex tw-items-center tw-gap-x-2">
@@ -107,17 +108,14 @@
 							</div>
 						</div>
 					</td>
-					<td class="tw-text-right">
-						<a href="{{$.Link}}/{{.ID}}" class="runner-action-link" tabindex="0" aria-label="{{ctx.Locale.Tr "actions.runners.list_runners.details_button_aria" .Name}}">{{ctx.Locale.Tr "actions.runners.list_runners.details_button"}}</a>
-					</td>
 					<td class="tw-text-right">
 						{{if .Editable $.RunnerOwnerID $.RunnerRepoID}}
-							<a href="{{$.Link}}/{{.ID}}/edit" class="runner-action-link" tabindex="0" aria-label="{{ctx.Locale.Tr "actions.runners.list_runners.edit_button_aria" .Name}}">{{ctx.Locale.Tr "actions.runners.list_runners.edit_button"}}</a>
+							<a href="{{$.Link}}/{{.ID}}/edit" class="runner-action-link" tabindex="0" aria-label="{{ctx.Locale.Tr "actions.runners.list_runners.edit_button_aria" .Name}}" data-tooltip-content="{{ctx.Locale.Tr "actions.runners.list_runners.edit_button"}}">{{svg "octicon-pencil"}}</a>
 						{{end}}
 					</td>
 					<td class="tw-text-right">
 						{{if .Editable $.RunnerOwnerID $.RunnerRepoID}}
-							<button class="delete-button runner-delete-link" aria-label="{{ctx.Locale.Tr "actions.runners.list_runners.delete_button_aria" .Name}}" data-url="{{$.Link}}/{{.ID}}/delete" data-modal-id="runner-delete-modal">{{ctx.Locale.Tr "actions.runners.list_runners.delete_button"}}</button>
+							<button class="delete-button runner-delete-link" aria-label="{{ctx.Locale.Tr "actions.runners.list_runners.delete_button_aria" .Name}}" data-url="{{$.Link}}/{{.ID}}/delete" data-modal-id="runner-delete-modal" data-tooltip-content="{{ctx.Locale.Tr "actions.runners.list_runners.delete_button"}}">{{svg "octicon-trash"}}</button>
 						{{end}}
 					</td>
 				</tr>
diff --git a/tests/e2e/runner-management.test.e2e.ts b/tests/e2e/runner-management.test.e2e.ts
index 41808f72d1..1dba606a1b 100644
--- a/tests/e2e/runner-management.test.e2e.ts
+++ b/tests/e2e/runner-management.test.e2e.ts
@@ -30,39 +30,41 @@ test.describe('Runners of user2', () => {
 
     // We cannot assert the length of the table because it's influenced by global fixtures. It also changes depending on
     // the ordering of tests.
-    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Details Edit Delete');
+    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Edit Delete');
     await expect(page.locator('tbody tr:has-text("3a20ad8d-d5d6-4b7b-ba55-841ac8264c17")')).toMatchAriaSnapshot(`
-      - cell "runner-2 3a20ad8d-d5d6-4b7b-ba55-841ac8264c17"
+      - cell "runner-2 3a20ad8d-d5d6-4b7b-ba55-841ac8264c17":
+        - link "runner-2":
+          - /url: /user/settings/actions/runners/719932
       - cell "docker"
       - cell "Individual"
       - cell "Offline"
-      - cell "Show details of runner-2"
       - cell "Edit runner-2"
       - cell "Delete runner-2"
     `);
     await expect(page.locator('tbody tr:has-text("1ef59b64-93b7-4ad4-ade4-21ca13db49c0")')).toMatchAriaSnapshot(`
-      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0"
+      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0":
+        - link "runner-4":
+          - /url: /user/settings/actions/runners/719934
       - cell "docker"
       - cell "Global"
       - cell "Offline"
-      - cell "Show details of runner-4"
       - cell
       - cell
     `);
 
-    await page.getByRole('link', {name: 'Show details of runner-2', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-2', exact: true}).click();
     await expect(page).toHaveTitle(/^Runner runner-2 .*/);
 
     await page.goto('/user/settings/actions/runners');
 
-    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-4', exact: true}).click();
     await expect(page).toHaveTitle(/^Runner runner-4 .*/);
   });
 
   test('runner details with tasks of repositories owned by user', async ({page}) => {
     await page.goto('/user/settings/actions/runners');
 
-    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-4', exact: true}).click();
     await expect(page).toHaveTitle(/^Runner runner-4 .*/);
 
     await expect(page.getByRole('heading', {name: 'Runner runner-4'})).toBeVisible();
@@ -142,11 +144,12 @@ test.describe('Runners of user2', () => {
     await page.getByRole('link', {name: 'List of runners', exact: true}).click();
 
     await expect(page.locator(`tbody tr:has-text("${runnerUUID}")`)).toMatchAriaSnapshot(`
-      - cell "runner-991301 ${runnerUUID}"
+      - cell "runner-991301 ${runnerUUID}":
+        - link "runner-991301":
+          - /url: /user/settings/actions/runners/\\d+/
       - cell ""
       - cell "Individual"
       - cell "Offline"
-      - cell "Show details of runner-991301"
       - cell "Edit runner-991301"
       - cell "Delete runner-991301"
     `);
@@ -287,67 +290,74 @@ test.describe('Global runners', () => {
 
     // We cannot assert the length of the table because it's influenced by global fixtures. It also changes depending on
     // the ordering of tests.
-    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Details Edit Delete');
+    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Edit Delete');
     await expect(page.locator('tbody tr:has-text("8f940b0b-32a2-479a-9d48-06ab8d8a0b90")')).toMatchAriaSnapshot(`
-      - cell "runner-1 8f940b0b-32a2-479a-9d48-06ab8d8a0b90"
+      - cell "runner-1 8f940b0b-32a2-479a-9d48-06ab8d8a0b90":
+        - link "runner-1":
+          - /url: /admin/actions/runners/719931
       - cell "debian gpu"
-      - cell "Organization"
+      - cell "Organization org3"
       - cell "Offline"
-      - cell "Show details of runner-1"
       - cell "Edit runner-1"
       - cell "Delete runner-1"
     `);
     await expect(page.locator('tbody tr:has-text("3a20ad8d-d5d6-4b7b-ba55-841ac8264c17")')).toMatchAriaSnapshot(`
-      - cell "runner-2 3a20ad8d-d5d6-4b7b-ba55-841ac8264c17"
+      - cell "runner-2 3a20ad8d-d5d6-4b7b-ba55-841ac8264c17":
+        - link "runner-2":
+          - /url: /admin/actions/runners/719932
       - cell "docker"
-      - cell "Individual"
+      - cell "Individual user2"
       - cell "Offline"
-      - cell "Show details of runner-2"
       - cell "Edit runner-2"
       - cell "Delete runner-2"
     `);
     await expect(page.locator('tbody tr:has-text("11c9a6da-0a92-46ea-a4f1-b6c98f8c781c")')).toMatchAriaSnapshot(`
-      - cell "runner-3 11c9a6da-0a92-46ea-a4f1-b6c98f8c781c"
+      - cell "runner-3 11c9a6da-0a92-46ea-a4f1-b6c98f8c781c":
+        - link "runner-3":
+          - /url: /admin/actions/runners/719933
       - cell "fedora"
-      - cell "Organization"
+      - cell "Organization org17"
       - cell "Offline"
-      - cell "Show details of runner-3"
       - cell "Edit runner-3"
       - cell "Delete runner-3"
     `);
     await expect(page.locator('tbody tr:has-text("1ef59b64-93b7-4ad4-ade4-21ca13db49c0")')).toMatchAriaSnapshot(`
-      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0"
+      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0":
+        - link "runner-4":
+          - /url: /admin/actions/runners/719934
       - cell "docker"
       - cell "Global"
       - cell "Offline"
-      - cell "Show details of runner-4"
       - cell "Edit runner-4"
       - cell "Delete runner-4"
     `);
     await expect(page.locator('tbody tr:has-text("69d29449-1de5-4d17-845d-e3ae11a04a1b")')).toMatchAriaSnapshot(`
-      - cell "runner-5 69d29449-1de5-4d17-845d-e3ae11a04a1b"
+      - cell "runner-5 69d29449-1de5-4d17-845d-e3ae11a04a1b":
+        - link "runner-5":
+          - /url: /admin/actions/runners/719935
       - cell "debian"
-      - cell "Individual"
+      - cell "Individual user1"
       - cell "Offline"
-      - cell "Show details of runner-5"
       - cell "Edit runner-5"
       - cell "Delete runner-5"
     `);
     await expect(page.locator('tbody tr:has-text("9da25fbb-89a5-4520-a35a-d55fc94e4b76")')).toMatchAriaSnapshot(`
-      - cell "runner-6 9da25fbb-89a5-4520-a35a-d55fc94e4b76"
+      - cell "runner-6 9da25fbb-89a5-4520-a35a-d55fc94e4b76":
+        - link "runner-6":
+          - /url: /admin/actions/runners/719936
       - cell "debian"
-      - cell "Repository"
+      - cell "Repository user2/test_workflows"
       - cell "Offline"
-      - cell "Show details of runner-6"
       - cell "Edit runner-6"
       - cell "Delete runner-6"
     `);
     await expect(page.locator('tbody tr:has-text("d935307e-1d2d-4b61-8885-bc8a1c52c269")')).toMatchAriaSnapshot(`
-      - cell "runner-7 d935307e-1d2d-4b61-8885-bc8a1c52c269"
+      - cell "runner-7 d935307e-1d2d-4b61-8885-bc8a1c52c269":
+        - link "runner-7":
+          - /url: /admin/actions/runners/719937
       - cell "alpine"
-      - cell "Individual"
+      - cell "Individual user4"
       - cell "Offline"
-      - cell "Show details of runner-7"
       - cell "Edit runner-7"
       - cell "Delete runner-7"
     `);
@@ -356,7 +366,7 @@ test.describe('Global runners', () => {
   test('runner details with all tasks visible on details page', async ({page}) => {
     await page.goto('/admin/actions/runners');
 
-    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-4', exact: true}).click();
 
     await expect(page).toHaveTitle(/^Runner runner-4 .*/);
     await expect(page.getByRole('heading', {name: 'Runner runner-4'})).toBeVisible();
@@ -437,11 +447,12 @@ test.describe('Global runners', () => {
     await page.getByRole('link', {name: 'List of runners', exact: true}).click();
 
     await expect(page.locator(`tbody tr:has-text("${runnerUUID}")`)).toMatchAriaSnapshot(`
-      - cell "runner-473465 ${runnerUUID}"
+      - cell "runner-473465 ${runnerUUID}":
+        - link "runner-473465":
+          - /url: /admin/actions/runners/\\d+/
       - cell ""
       - cell "Global"
       - cell "Offline"
-      - cell "Show details of runner-473465"
       - cell "Edit runner-473465"
       - cell "Delete runner-473465"
     `);
@@ -546,22 +557,24 @@ test.describe('Organization runners', () => {
 
     // We cannot assert the length of the table because it's influenced by global fixtures. It also changes depending on
     // the ordering of tests.
-    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Details Edit Delete');
+    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Edit Delete');
     await expect(page.locator('tbody tr:has-text("8f940b0b-32a2-479a-9d48-06ab8d8a0b90")')).toMatchAriaSnapshot(`
-      - cell "runner-1 8f940b0b-32a2-479a-9d48-06ab8d8a0b90"
+      - cell "runner-1 8f940b0b-32a2-479a-9d48-06ab8d8a0b90":
+        - link "runner-1":
+          - /url: /org/org3/settings/actions/runners/719931
       - cell "debian gpu"
       - cell "Organization"
       - cell "Offline"
-      - cell "Show details of runner-1"
       - cell "Edit runner-1"
       - cell "Delete runner-1"
     `);
     await expect(page.locator('tbody tr:has-text("1ef59b64-93b7-4ad4-ade4-21ca13db49c0")')).toMatchAriaSnapshot(`
-      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0"
+      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0":
+        - link "runner-4":
+          - /url: /org/org3/settings/actions/runners/719934
       - cell "docker"
       - cell "Global"
       - cell "Offline"
-      - cell "Show details of runner-4"
       - cell
       - cell
     `);
@@ -572,19 +585,19 @@ test.describe('Organization runners', () => {
     await expect(page.locator('tbody tr:has-text("d935307e-1d2d-4b61-8885-bc8a1c52c269")')).toBeHidden();
 
     // Verify that details of usable runners are accessible.
-    await page.getByRole('link', {name: 'Show details of runner-1', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-1', exact: true}).click();
     await expect(page).toHaveTitle(/^Runner runner-1 .*/);
 
     await page.goto('/org/org3/settings/actions/runners');
 
-    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-4', exact: true}).click();
     await expect(page).toHaveTitle(/^Runner runner-4 .*/);
   });
 
   test('runner details with tasks of repositories owned by organization', async ({page}) => {
     await page.goto('/org/org3/settings/actions/runners');
 
-    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-4', exact: true}).click();
 
     await expect(page).toHaveTitle(/^Runner runner-4 .*/);
     await expect(page.getByRole('heading', {name: 'Runner runner-4'})).toBeVisible();
@@ -621,7 +634,7 @@ test.describe('Organization runners', () => {
   test('runner details with multiple pages of tasks', async ({page}) => {
     await page.goto('/org/org3/settings/actions/runners');
 
-    await page.getByRole('link', {name: 'Show details of runner-1', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-1', exact: true}).click();
 
     await expect(page).toHaveTitle(/^Runner runner-1 .*/);
     await expect(page.getByRole('heading', {name: 'Runner runner-1'})).toBeVisible();
@@ -664,31 +677,34 @@ test.describe('Repository runners', () => {
 
     // We cannot assert the length of the table because it's influenced by global fixtures. It also changes depending on
     // the ordering of tests.
-    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Details Edit Delete');
+    await expect(rows.nth(0)).toHaveAccessibleName('Name Labels Type Status Edit Delete');
     await expect(page.locator('tbody tr:has-text("3a20ad8d-d5d6-4b7b-ba55-841ac8264c17")')).toMatchAriaSnapshot(`
-      - cell "runner-2 3a20ad8d-d5d6-4b7b-ba55-841ac8264c17"
+      - cell "runner-2 3a20ad8d-d5d6-4b7b-ba55-841ac8264c17":
+        - link "runner-2":
+          - /url: /user2/test_workflows/settings/actions/runners/719932
       - cell "docker"
       - cell "Individual"
       - cell "Offline"
-      - cell "Show details of runner-2"
       - cell
       - cell
     `);
     await expect(page.locator('tbody tr:has-text("1ef59b64-93b7-4ad4-ade4-21ca13db49c0")')).toMatchAriaSnapshot(`
-      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0"
+      - cell "runner-4 1ef59b64-93b7-4ad4-ade4-21ca13db49c0":
+        - link "runner-4":
+          - /url: /user2/test_workflows/settings/actions/runners/719934
       - cell "docker"
       - cell "Global"
       - cell "Offline"
-      - cell "Show details of runner-4"
       - cell
       - cell
     `);
     await expect(page.locator('tbody tr:has-text("9da25fbb-89a5-4520-a35a-d55fc94e4b76")')).toMatchAriaSnapshot(`
-      - cell "runner-6 9da25fbb-89a5-4520-a35a-d55fc94e4b76"
+      - cell "runner-6 9da25fbb-89a5-4520-a35a-d55fc94e4b76":
+        - link "runner-6":
+          - /url: /user2/test_workflows/settings/actions/runners/719936
       - cell "debian"
       - cell "Repository"
       - cell "Offline"
-      - cell "Show details of runner-6"
       - cell "Edit runner-6"
       - cell "Delete runner-6"
     `);
@@ -697,24 +713,24 @@ test.describe('Repository runners', () => {
     await expect(page.locator('tbody tr:has-text("d935307e-1d2d-4b61-8885-bc8a1c52c269")')).toBeHidden();
 
     // Verify that details of usable runners are accessible.
-    await page.getByRole('link', {name: 'Show details of runner-2', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-2', exact: true}).click();
     await expect(page).toHaveTitle(/^Runner runner-2 .*/);
 
     await page.goto('/user2/test_workflows/settings/actions/runners');
 
-    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-4', exact: true}).click();
     await expect(page).toHaveTitle(/^Runner runner-4 .*/);
 
     await page.goto('/user2/test_workflows/settings/actions/runners');
 
-    await page.getByRole('link', {name: 'Show details of runner-6', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-6', exact: true}).click();
     await expect(page).toHaveTitle(/^Runner runner-6 .*/);
   });
 
   test('runner details with tasks of repository only', async ({page}) => {
     await page.goto('/user2/test_workflows/settings/actions/runners');
 
-    await page.getByRole('link', {name: 'Show details of runner-4', exact: true}).click();
+    await page.getByRole('link', {name: 'runner-4', exact: true}).click();
 
     await expect(page).toHaveTitle(/^Runner runner-4 .*/);
     await expect(page.getByRole('heading', {name: 'Runner runner-4'})).toBeVisible();

From 922573ba2d965895a4e9be2516e77b3324b8bffa Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Wed, 15 Apr 2026 22:13:13 +0200
Subject: [PATCH 690/854] chore: fix cookie name comments in example ini
 (#12131)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12131
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
---
 custom/conf/app.example.ini | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index da83d4636f..b0f6bd3d44 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -457,7 +457,7 @@ INTERNAL_TOKEN =
 ;GLOBAL_TWO_FACTOR_REQUIREMENT = none
 ;;
 ;; Name of cookie used to store authentication information.
-;COOKIE_REMEMBER_NAME = gitea_incredible
+;COOKIE_REMEMBER_NAME = persistent
 ;;
 ;; Reverse proxy authentication header name of user name, email, and full name
 ;REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
@@ -1895,7 +1895,7 @@ LEVEL = Info
 ;PROVIDER_CONFIG = data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_.
 ;;
 ;; Session cookie name
-;COOKIE_NAME = i_like_gitea
+;COOKIE_NAME = session
 ;;
 ;; If you use session in https only: true or false. If not set, it defaults to `true` if the ROOT_URL is an HTTPS URL.
 ;COOKIE_SECURE =

From 8cb776dcac4aca7bde86ff3ea2aa787af56da44d Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 16 Apr 2026 02:08:43 +0200
Subject: [PATCH 691/854] chore: fix TestMirrorPull on older git (2.34.1)
 installation (#12134)

`TestMirrorPull` is currently failing when run on git 2.34.1 in the `testing-integration.yml` workflow: https://codeberg.org/forgejo-integration/forgejo/actions/runs/16661/jobs/1/attempt/1#jobstep-5-2539  Began to fail after #11909 when additional checks on pull mirror configuration was added.

This PR addresses the issue and has been manually tested against the same git version:
```
$ git --version
git version 2.34.1

$ make test-sqlite#TestMirrorPull 2>&1
...
=== TestMirrorPull/migrate_from_repo_config_credentials (tests/integration/mirror_pull_test.go:238)
PASS
```

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12134
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 tests/integration/mirror_pull_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/integration/mirror_pull_test.go b/tests/integration/mirror_pull_test.go
index a0de586aaa..9a520ae5a5 100644
--- a/tests/integration/mirror_pull_test.go
+++ b/tests/integration/mirror_pull_test.go
@@ -492,7 +492,7 @@ func waitForPullMirror(t *testing.T, mirrorName, expectedSha string) {
 }
 
 func getGitConfig(t *testing.T, configFile, configPath string) string {
-	stdout, stderr, err := process.GetManager().Exec("getGitConfig", "git", "config", "get", "--file", configFile, configPath)
+	stdout, stderr, err := process.GetManager().Exec("getGitConfig", "git", "config", "--get", "--file", configFile, configPath)
 	require.NoError(t, err, "fetch config %s failed: git stderr: %s", configPath, stderr)
 	return strings.TrimSpace(stdout)
 }

From eea5ac963908b60b91d21282e37e652f66c284ff Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 16 Apr 2026 07:03:44 +0200
Subject: [PATCH 692/854] Update dependency globals to v17.5.0 (forgejo)
 (#12135)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ac1dbdcc19..e6c087cbd5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -107,7 +107,7 @@
         "eslint-plugin-vue": "10.8.0",
         "eslint-plugin-vue-scoped-css": "2.12.0",
         "eslint-plugin-wc": "3.1.0",
-        "globals": "17.4.0",
+        "globals": "17.5.0",
         "happy-dom": "20.8.9",
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.48.0",
@@ -9166,9 +9166,9 @@
       }
     },
     "node_modules/globals": {
-      "version": "17.4.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-17.4.0.tgz",
-      "integrity": "sha512-hjrNztw/VajQwOLsMNT1cbJiH2muO3OROCHnbehc8eY5JyD2gqz4AcMHPqgaOR59DjgUjYAYLeH699g/eWi2jw==",
+      "version": "17.5.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-17.5.0.tgz",
+      "integrity": "sha512-qoV+HK2yFl/366t2/Cb3+xxPUo5BuMynomoDmiaZBIdbs+0pYbjfZU+twLhGKp4uCZ/+NbtpVepH5bGCxRyy2g==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/package.json b/package.json
index 73ed4f86fa..0415b40868 100644
--- a/package.json
+++ b/package.json
@@ -106,7 +106,7 @@
     "eslint-plugin-vue": "10.8.0",
     "eslint-plugin-vue-scoped-css": "2.12.0",
     "eslint-plugin-wc": "3.1.0",
-    "globals": "17.4.0",
+    "globals": "17.5.0",
     "happy-dom": "20.8.9",
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.48.0",

From 60332ed111fd2a4ae853fd3589298feeb4c194b8 Mon Sep 17 00:00:00 2001
From: jaylinski <jaylinski@noreply.codeberg.org>
Date: Thu, 16 Apr 2026 09:58:57 +0200
Subject: [PATCH 693/854] chore(Dockerfile.rootless): update shadowed env
 variables (#11720)

This was missed in https://codeberg.org/forgejo/forgejo/pulls/11098.

See https://github.com/go-gitea/gitea/pull/17846 for why this was added in the first place.

Note that this is not backwards compatible. For users with a custom `app.ini`-config this won't work. But it also didn't work with the previous config. This change only aligns it with the default app.ini-path.

Co-authored-by: Jakob Linskeseder <jakob@linskeseder.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11720
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: jaylinski <jaylinski@noreply.codeberg.org>
Co-committed-by: jaylinski <jaylinski@noreply.codeberg.org>
---
 docker/rootless/usr/local/bin/gitea | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/rootless/usr/local/bin/gitea b/docker/rootless/usr/local/bin/gitea
index 9a9a569b12..d87ec84e86 100644
--- a/docker/rootless/usr/local/bin/gitea
+++ b/docker/rootless/usr/local/bin/gitea
@@ -9,7 +9,7 @@
 # And place the original in /usr/lib/gitea with working files in /data/gitea
 GITEA="/app/gitea/gitea"
 WORK_DIR="/var/lib/gitea"
-APP_INI="/etc/gitea/app.ini"
+APP_INI="/var/lib/gitea/custom/conf/app.ini"
 
 APP_INI_SET=""
 for i in "$@"; do

From da8898822c528a245a4cbe3e0ca02928262a4d5e Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Thu, 16 Apr 2026 14:09:39 +0200
Subject: [PATCH 694/854] chore(release-notes): Forgejo v15.0.0 [skip ci]
 (#12138)

https://codeberg.org/forgejo/forgejo/milestone/36366

https://codeberg.org/forgejo-release-manager/forgejo/src/branch/release-notes-15.0.0/release-notes-published/15.0.0.md
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12138
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Co-committed-by: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
---
 .release-notes-assistant.yaml     |   1 +
 release-notes-published/15.0.0.md | 598 +++++++++++++++++++++++++++++-
 2 files changed, 598 insertions(+), 1 deletion(-)

diff --git a/.release-notes-assistant.yaml b/.release-notes-assistant.yaml
index fe65dc3241..93b0e3d0b2 100644
--- a/.release-notes-assistant.yaml
+++ b/.release-notes-assistant.yaml
@@ -8,6 +8,7 @@ tag-from-version: 'v%[1]d.%[2]d.%[3]d'
 supported-release-count: 3
 branch-known:
   - 'v11.0/forgejo'
+  - 'v15.0/forgejo'
 cleanup-line: 'sed -Ee "s/^(feat|fix):\s*//g" -e "s/^\[WIP\] //" -e "s/^WIP: //" -e "s;\[(UI|BUG|FEAT|v.*?/forgejo)\]\s*;;g"'
 render-header: |
 
diff --git a/release-notes-published/15.0.0.md b/release-notes-published/15.0.0.md
index 48cdce8528..58859791b0 100644
--- a/release-notes-published/15.0.0.md
+++ b/release-notes-published/15.0.0.md
@@ -1 +1,597 @@
-placeholder
+A [companion blog post](https://forgejo.org/2026-04-release-v15-0/) provides additional context on this major release.
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10059): <!--number 10059 --><!--line 0 --><!--description dXNlIGBrZXlpbmdgIGZvciB3ZWJob29rIHNlY3JldHM=-->use `keying` for webhook secrets<!--description-->
+- Breaking features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11468): <!--number 11468 --><!--line 0 --><!--description cmVtb3ZlIGFkbWluLWxldmVsIHBlcm1pc3Npb25zIGZyb20gcmVwby1zcGVjaWZpYyAmIHB1YmxpYy1vbmx5IGFjY2VzcyB0b2tlbnM=-->remove admin-level permissions from repo-specific & public-only access tokens<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11736): <!--number 11736 --><!--line 0 --><!--description VGhlIHRlbXBsYXRlIGdlbmVyYXRpb24gKGBQT1NUIC9yZXBvcy97dGVtcGxhdGVfb3duZXJ9L3t0ZW1wbGF0ZV9yZXBvfS9nZW5lcmF0ZWApIGFuZCByZXBvc2l0b3J5IGRlbGV0aW9uIChgREVMRVRFIC9yZXBvcy97dXNlcm5hbWV9L3tyZXBvbmFtZX1gKSBBUElzIGhhdmUgYmVlbiB1cGRhdGVkIHRvIHJlcXVpcmUgdGhlIHNhbWUgcGVybWlzc2lvbiBzY29wZSBhcyBjcmVhdGluZyBhIG5ldyByZXBvc2l0b3J5LiBFaXRoZXIgYHdyaXRlOnVzZXJgIG9yIGB3cml0ZTpvcmdhbml6YXRpb25gIGlzIHJlcXVpcmVkLCBkZXBlbmRpbmcgb24gdGhlIG93bmVyIG9mIHRoZSByZXBvc2l0b3J5IGJlaW5nIGNyZWF0ZWQgb3IgZGVsZXRlZC4=-->The template generation (`POST /repos/{template_owner}/{template_repo}/generate`) and repository deletion (`DELETE /repos/{username}/{reponame}`) APIs have been updated to require the same permission scope as creating a new repository. Either `write:user` or `write:organization` is required, depending on the owner of the repository being created or deleted.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11457): <!--number 11457 --><!--line 0 --><!--description QWNjZXNzaW5nIHRoZSBgL3JlcG9zaXRvcmllcy97aWR9YCBBUEkgd2l0aCBhIHB1YmxpYy1vbmx5IGFjY2VzcyB0b2tlbiBkaWQgbm90IHJlc3RyaWN0IHJlYWQgYWNjZXNzIHRvIG9ubHkgcHVibGljIHJlcG9zaXRvcmllcywgd2hpY2ggaXMgbm93IHByZXZlbnRlZC4=-->Accessing the `/repositories/{id}` API with a public-only access token did not restrict read access to only public repositories, which is now prevented.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11457): <!--number 11457 --><!--line 1 --><!--description QWNjZXNzaW5nIHRoZSBgL3JlcG9zL3tvd25lcn0ve3JlcG99L2lzc3Vlcy97aW5kZXh9L2RlcGVuZGVuY2llc2AgYW5kIGAvcmVwb3Mve293bmVyfS97cmVwb30vaXNzdWVzL3tpbmRleH0vYmxvY2tzYCBBUElzIHdpdGggYSBwdWJsaWMtb25seSBhY2Nlc3MgdG9rZW4gaGFkIGFjY2VzcyB0byBtb2RpZmljYXRpb24gb3BlcmF0aW9ucyBhZ2FpbnN0IHByaXZhdGUgcmVwb3NpdG9yaWVzIGluIHRoZSAqZm9ybSogY29tcG9uZW50IG9mIHRoZSBBUEkgKG5vdCB0aGUgVVJMIGNvbXBvbmVudCksIHdoaWNoIGlzIG5vdyBwcmV2ZW50ZWQu-->Accessing the `/repos/{owner}/{repo}/issues/{index}/dependencies` and `/repos/{owner}/{repo}/issues/{index}/blocks` APIs with a public-only access token had access to modification operations against private repositories in the *form* component of the API (not the URL component), which is now prevented.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11457): <!--number 11457 --><!--line 2 --><!--description QWNjZXNzaW5nIHRoZSBgL3JlcG9zL3tvd25lcn0ve3JlcG99L2lzc3Vlcy97aW5kZXh9L2RlcGVuZGVuY2llc2AgYW5kIGAvcmVwb3Mve293bmVyfS97cmVwb30vaXNzdWVzL3tpbmRleH0vYmxvY2tzYCBBUElzIHdpdGggYSBwdWJsaWMtb25seSBhY2Nlc3MgdG9rZW4gY291bGQgdmlldyBkZXBlbmRlbmNpZXMgb3IgYmxvY2tpbmcgaXNzdWVzIGZyb20gcHJpdmF0ZSByZXBvc2l0b3JpZXMsIHdoaWNoIGlzIG5vdyBwcmV2ZW50ZWQu-->Accessing the `/repos/{owner}/{repo}/issues/{index}/dependencies` and `/repos/{owner}/{repo}/issues/{index}/blocks` APIs with a public-only access token could view dependencies or blocking issues from private repositories, which is now prevented.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11457): <!--number 11457 --><!--line 3 --><!--description QWNjZXNzaW5nIHRoZSBgL3JlcG9zL3tvd25lcn0ve3JlcG99L2lzc3Vlcy97aW5kZXh9L3RpbWVsaW5lYCBBUEkgd2l0aCBhIHB1YmxpYy1vbmx5IGFjY2VzcyB0b2tlbiBjb3VsZCB2aWV3IGNvbW1lbnQgY3Jvc3MtcmVmZXJlbmNlcyBmcm9tIHByaXZhdGUgcmVwb3NpdG9yaWVzLCB3aGljaCBpcyBub3cgcHJldmVudGVkLg==-->Accessing the `/repos/{owner}/{repo}/issues/{index}/timeline` API with a public-only access token could view comment cross-references from private repositories, which is now prevented.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11457): <!--number 11457 --><!--line 4 --><!--description QWNjZXNzaW5nIHRoZSBgL3RlYW1zL3tpZH0vcmVwb3Mve29yZ30ve3JlcG99YCBBUEkgd2l0aCBhIHB1YmxpYy1vbmx5IGFjY2VzcyB0b2tlbiBjb3VsZCB2aWV3IHByaXZhdGUgcmVwb3NpdG9yaWVzIGFzc2lnbmVkIHRvIGEgdGVhbSwgd2hpY2ggaXMgbm93IHByZXZlbnRlZC4=-->Accessing the `/teams/{id}/repos/{org}/{repo}` API with a public-only access token could view private repositories assigned to a team, which is now prevented.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11457): <!--number 11457 --><!--line 5 --><!--description QWNjZXNzIHRoZSB3YXRjaGVkIHJlcG9zIGFuZCBzdGFycmVkIHJlcG9zIG9mIGEgeW91ciBvd24gdXNlciB0aHJvdWdoIC91c2VyL3N1YnNjcmlwdGlvbnMgYW5kIC91c2VyL3N0YXJyZWQgQVBJcyB3aXRoIGEgcHVibGljLW9ubHkgYWNjZXNzIHRva2VuIGNvdWxkIHZpZXcgcHJpdmF0ZSByZXBvc2l0b3JpZXMsIHdoaWNoIGlzIG5vdyBwcmV2ZW50ZWQu-->Access the watched repos and starred repos of a your own user through /user/subscriptions and /user/starred APIs with a public-only access token could view private repositories, which is now prevented.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11458): <!--number 11458 --><!--line 0 --><!--description aW1wbGVtZW50IHJlcG8tc3BlY2lmaWMgYWNjZXNzIHRva2VucyBpbiByZWxldmFudCBzZWFyY2ggJiBsaXN0IEFQSXMuICAqKkJyZWFraW5nKio6IHRoZSBmb2xsb3dpbmcgQVBJcyBjb3VsZCBwcmV2aW91c2x5IHJldHVybiBwcml2YXRlIHJlcG9zaXRvcmllcyB3aGVuIHVzaW5nIGEgcHVibGljLW9ubHkgYWNjZXNzIHRva2VuLCBidXQgY2FuIG5vIGxvbmdlciBkbyBzbzogYC91c2VyL3JlcG9zYCwgYC91c2Vycy97dXNlcm5hbWV9L3JlcG9zYCwgYC9vcmdzL3tvcmd9L3JlcG9zYCwgYW5kIGAvdGVhbXMve2lkfS9yZXBvc2Au-->implement repo-specific access tokens in relevant search & list APIs. **Breaking**: the following APIs could previously return private repositories when using a public-only access token, but can no longer do so: `/user/repos`, `/users/{username}/repos`, `/orgs/{org}/repos`, and `/teams/{id}/repos`.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11437): <!--number 11437 --><!--line 0 --><!--description aW1wbGVtZW50IHJlcG8tc3BlY2lmaWMgYWNjZXNzIHRva2VucyBicm9hZGx5IGZvciB1bml2ZXJzYWwgQVBJIHBlcm1pc3Npb24gY2hlY2tzLiAgKipCcmVha2luZzoqKiBBUEkgYWNjZXNzIHdpdGggYSBwdWJsaWMtb25seSBhY2Nlc3MgdG9rZW4gd291bGQgcHJldmlvdXNseSByZXR1cm4gYSBgNDAzIEZvcmJpZGRlbmAgZXJyb3Igd2hlbiBhdHRlbXB0aW5nIHRvIGFjY2VzcyBhIHByaXZhdGUgcmVwb3NpdG9yeSB3aGVyZSB0aGUgcmVwb3NpdG9yeSBpcyBvbiB0aGUgQVBJIHBhdGguICBBcyBwYXJ0IG9mIGluY29ycG9yYXRpbmcgdGhlIHB1YmxpYy1vbmx5IGxvZ2ljIGludG8gdGhlIGNlbnRyYWxpemVkIHBlcm1pc3Npb24gY2hlY2ssIHRoZXNlIEFQSXMgd2lsbCBub3cgcmV0dXJuIGA0MDQgTm90IEZvdW5kYCBpbnN0ZWFkLCBjb25zaXN0ZW50IHdpdGggaG93IG1vc3QgcGVybWlzc2lvbiBjaGVja3MgYXJlIGltcGxlbWVudGVkIGluIG9yZGVyIHRvIHJlZHVjZSB0aGUgcmlzayBvZiBkYXRhIHByb2JpbmcgdGhyb3VnaCBlcnJvciBtZXNzYWdlcy4=-->implement repo-specific access tokens broadly for universal API permission checks. **Breaking:** API access with a public-only access token would previously return a `403 Forbidden` error when attempting to access a private repository where the repository is on the API path.  As part of incorporating the public-only logic into the centralized permission check, these APIs will now return `404 Not Found` instead, consistent with how most permission checks are implemented in order to reduce the risk of data probing through error messages.<!--description-->
+- Breaking bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11096): <!--number 11096 --><!--line 0 --><!--description Zml4KHVpKSE6IFJlbW92ZSB0aGUgaW5zdGFuY2UgY29uZmlndXJhdGlvbiBvcHRpb24gYHJlcG9zaXRvcnkucHVsbC1yZXF1ZXN0LkFERF9DT19DT01NSVRURVJfVFJBSUxFUlNgICh3YXMgZW5hYmxlZCBieSBkZWZhdWx0KS4gSXQgd2FzIHJlc3BvbnNpYmxlIGZvciBhZGRpdGlvbiBvZiB1bmV4cGVjdGVkIHRyYWlsZXJzIHRvIGNvbW1pdCBtZXNzYWdlcyBpbiBzcXVhc2ggbWVyZ2VzLiBUaGVzZSB0cmFpbGVycyB3ZXJlIGBDby1hdXRob3JlZC1ieTogYCBhbmQgYENvLWNvbW1pdHRlZC1ieTogYC4gQm90aCB1c2VkIHRoZSBwdWxsIHJlcXVlc3QgYXV0aG9yIGFzIHZhbHVlLCB3aG8gaXMgYWxzbyBhc3NpZ25lZCBhcyB0aGUgYXV0aG9yIG9mIHRoZSBzcXVhc2ggbWVyZ2UgY29tbWl0LCB3aGljaCB0aGV5IHdlcmUganVzdCByZXBlYXRpbmcuIEZ1cnRoZXJtb3JlLCBgQ28tY29tbWl0dGVkLWJ5OiBgIGlzIGFuIHVuY29tbW9uIGNvbW1pdCB0cmFpbGVyLCBhbmQgdGhlcmUgaXMgb25seSBvbmUgY29tbWl0dGVyIGZvciBhIGNvbW1pdC4gVGhlIHRyYWlsZXJzIHdlcmUgYmVpbmcgYWRkZWQgYnkgRm9yZ2VqbyB3aGlsZSBwZXJmb3JtaW5nIHRoZSBtZXJnZSwgYnlwYXNzaW5nIHVzZXIgaW5wdXQgaW4gdGhlIFVJIGFuZCB3ZXJlbid0IHNob3duIGluIGl0LiBTZWUgZnVydGhlciBkZXNjcmlwdGlvbiBhbmQgbW9yZSBleGFtcGxlcyBpbiBbIzExMDk3XShodHRwczovL2NvZGViZXJnLm9yZy9mb3JnZWpvL2Zvcmdlam8vaXNzdWVzLzExMDk3KS4=-->fix(ui)!: Remove the instance configuration option `repository.pull-request.ADD_CO_COMMITTER_TRAILERS` (was enabled by default). It was responsible for addition of unexpected trailers to commit messages in squash merges. These trailers were `Co-authored-by: ` and `Co-committed-by: `. Both used the pull request author as value, who is also assigned as the author of the squash merge commit, which they were just repeating. Furthermore, `Co-committed-by: ` is an uncommon commit trailer, and there is only one committer for a commit. The trailers were being added by Forgejo while performing the merge, bypassing user input in the UI and weren't shown in it. See further description and more examples in [#11097](https://codeberg.org/forgejo/forgejo/issues/11097).<!--description-->
+- Breaking changes without a feature or bug label
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11098): <!--number 11098 --><!--line 0 --><!--description SW4gRm9yZ2VqbyB2OC4wLjAsIHRoZSBkZWZhdWx0IGxvY2F0aW9uIGZvciB0aGUgY29uZmlnIGZpbGUgd2FzIGNoYW5nZWQgZnJvbSBgL2V0Yy9naXRlYS9hcHAuaW5pYCB0byBgL3Zhci9saWIvZ2l0ZWEvYXBwLmluaWAuIEJhY2t3YXJkIGNvbXBhdGliaWxpdHkgbG9naWMgYW5kIHN0YXJ0dXAgd2FybmluZ3Mgd2VyZSBhZGRlZCB0byBjb250YWluZXIgc2V0dXAgYW5kIGVudHJ5cG9pbnQgc2NyaXB0cy4gTm93IHRoZXkgYXJlIHJlbW92ZWQuIFRoaXMgY2hhbmdlIG9ubHkgYWZmZWN0cyB0aG9zZSB1c2luZyBjb250YWluZXIgZGVwbG95bWVudHMgd2l0aCByb290bGVzcyBpbWFnZXMuIElmIHlvdSBoYXZlIHRoZSBjb25maWcgZmlsZSBzdG9yZWQgaW4gYSB2b2x1bWUgYm91bmQgdG8gY29udGFpbmVyJ3MgL2V0Yy9naXRlYSwgbW92ZSBpdCB0byB0aGUgbmV3IGxvY2F0aW9uIG9yIG92ZXJyaWRlIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZSBgR0lURUFfQVBQX0lOSWAuIEFuIHVudXNlZCB2b2x1bWUgYC9ldGMvZ2l0ZWFgIGNhbiBiZSBzYWZlbHkgcmVtb3ZlZCBmcm9tIHRoZSBjb250YWluZXIgYWZ0ZXIgbW92aW5nIHRoZSBjb25maWcgb3IgaWYgdGhlIGRlcGxveW1lbnQgbmV2ZXIgdXNlZCB2ZXJzaW9ucyBwcmlvciB0byB2OC4wLjAu-->In Forgejo v8.0.0, the default location for the config file was changed from `/etc/gitea/app.ini` to `/var/lib/gitea/custom/conf/app.ini`. Backward compatibility logic and startup warnings were added to container setup and entrypoint scripts. Now they are removed. This change only affects those using container deployments with rootless images. If you have the config file stored in a volume bound to container's /etc/gitea, move it to the new location or override the environment variable `GITEA_APP_INI`. An unused volume `/etc/gitea` can be safely removed from the container after moving the config or if the deployment never used versions prior to v8.0.0.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11720) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12137)): <!--number 12137 --><!--line 0 --><!--description Y2hvcmUoRG9ja2VyZmlsZS5yb290bGVzcyk6IHVwZGF0ZSBzaGFkb3dlZCBlbnYgdmFyaWFibGVz-->chore(Dockerfile.rootless): update shadowed env variables<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10645): <!--number 10645 --><!--line 0 --><!--description TWFrZSBjb29raWUgbmFtZXMgYnJhbmQgaW5kZXBlbmRlbnQuPGJyPkF0dGVudGlvbjogQWxsIHVzZXJzIG5lZWQgdG8gcmUtbG9naW4sIGlmIHlvdSBoYXZlbid0IG1hbnVhbGx5IHNldCBhIGNvb2tpZSBuYW1lIGluIHRoZSBzZXR0aW5ncy4gVGhpcyBjYW4gYmUgcHJldmVudGVkIGJ5IGNoYW5naW5nIHRoZSBbcmVtZW1iZXIgbWUgY29va2llXShodHRwczovL2Zvcmdlam8ub3JnL2RvY3MvbGF0ZXN0L2FkbWluL2NvbmZpZy1jaGVhdC1zaGVldC8jc2VjdXJpdHktc2VjdXJpdHk6fjp0ZXh0PUNPT0tJRV9SRU1FTUJFUl9OQU1FKSBiYWNrIHRvIGBnaXRlYV9pbmNyZWRpYmxlYA==-->Make cookie names brand independent.<br>Attention: All users need to re-login, if you haven't manually set a cookie name in the settings. This can be prevented by changing the [remember me cookie](https://forgejo.org/docs/latest/admin/config-cheat-sheet/#security-security:~:text=COOKIE_REMEMBER_NAME) back to `gitea_incredible`<!--description-->
+- User Interface features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11516): <!--number 11516 --><!--line 0 --><!--description YWRkIGZvcm0tYmFzZWQgcnVubmVyIG1hbmFnZW1lbnQ=-->add form-based runner management<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10932): <!--number 10932 --><!--line 0 --><!--description ZmVhdChwZXJmKTogcmVtb3ZlIHVudXNlZCBzaXplIHVybCBwYXJhbWV0ZXIgZm9yIGxvY2FsIGF2YXRhcnM=-->feat(perf): remove unused size url parameter for local avatars<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11080): <!--number 11080 --><!--line 0 --><!--description ZmVhdCh1aSk6IHJlc3BvbnNpdmUgcmVsZWFzZXMgbGlzdA==-->feat(ui): responsive releases list<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11604): <!--number 11604 --><!--line 0 --><!--description ZmVhdCh1aSk6IGRpc3BsYXkgcmVwb3NpdG9yaWVzIGFjY2Vzc2libGUgYnkgcmVwby1zcGVjaWZpYyBhY2Nlc3MgdG9rZW5z-->feat(ui): display repositories accessible by repo-specific access tokens<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11375) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11950)): <!--number 11950 --><!--line 0 --><!--description ZW5oOiBhZGQgc3VnZ2VzdGlvbiB0byBkb2N1bWVudCByZWFzb24gZm9yIHJlcG9zaXRvcnkgYXJjaGl2YWw=-->enh: add suggestion to document reason for repository archival<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11770): <!--number 11770 --><!--line 0 --><!--description c2hvdyB3b3JrZmxvdyBuYW1lIGZvciBzY2hlZHVsZWQgcnVucw==-->show workflow name for scheduled runs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11659): <!--number 11659 --><!--line 0 --><!--description dWk6IG1vdmUgIk5ldyBhY2Nlc3MgdG9rZW4iIHRvIGEgc2VwYXJhdGUgVUkgcGFnZQ==-->ui: move "New access token" to a separate UI page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11439): <!--number 11439 --><!--line 0 --><!--description ZmVhdChtYXJrdXAtcmVuZGVyZXIpOiBtYXRjaCBvbiBjb21wb3VuZCBmaWxlbmFtZSBleHRlbnNpb25z-->feat(markup-renderer): match on compound filename extensions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11677): <!--number 11677 --><!--line 0 --><!--description ZmVhdCh1aSk6IHVzZSBiZXR0ZXIgY29udHJhc3QgY29sb3IgZm9yIHJlcXVpcmVkIGZpZWxkIGluZGljYXRvcg==-->feat(ui): use better contrast color for required field indicator<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11340): <!--number 11340 --><!--line 0 --><!--description ZmVhdCh1aSk6IGVuYWJsZSB0ZXh0IGF1dG8tc3BhY2luZw==-->feat(ui): enable text auto-spacing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11472): <!--number 11472 --><!--line 0 --><!--description ZmVhdCh1aSk6IGltcHJvdmUgdmlzaWJpbGl0eSBvZiBjb3VudGVycyBpbnNpZGUgb2Ygc3dpdGNoIGl0ZW1z-->feat(ui): improve visibility of counters inside of switch items<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11466): <!--number 11466 --><!--line 0 --><!--description QWRkIHNob3J0Y3V0IHRvIGxpbmsgbWFya2Rvd24gYWN0aW9u-->Add shortcut to link markdown action<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11127): <!--number 11127 --><!--line 0 --><!--description ZmVhdCh1aSk6IGNvbnZlcnQgb3JnIG1lbWJlcnMgbGlzdCB0byBncmlk-->feat(ui): convert org members list to grid<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11196): <!--number 11196 --><!--line 0 --><!--description ZmVhdCh1aSk6IGNvbnNpc3RlbnRseSB1c2UgQXBwVmVyTm9NZXRhZGF0YSBpbiBmb290ZXI=-->feat(ui): consistently use AppVerNoMetadata in footer<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10702): <!--number 10702 --><!--line 0 --><!--description aW1wcm92ZSBsYWJlbCBmaWx0ZXJpbmcgZXhjbHVzaW9u-->improve label filtering exclusion<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10873): <!--number 10873 --><!--line 0 --><!--description ZGVkaWNhdGVkIGljb24gZm9yIENJVEFUSU9OIGZpbGU=-->dedicated icon for CITATION file<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10559): <!--number 10559 --><!--line 0 --><!--description ZmVhdCh1aSk6IHJlcGxhY2UgTW9uYWNvIHdpdGggQ29kZU1pcnJvcg==-->feat(ui): replace Monaco with CodeMirror<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10530): <!--number 10530 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSByZW5kZXJpbmcgb2YgY29tbWl0IGxpbmtz-->fix(ui): improve rendering of commit links<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10022): <!--number 10022 --><!--line 0 --><!--description UmV0cmlldmUgZGVmYXVsdCBtZXJnZSBjb21taXQgbWVzc2FnZSBmb3IgcHVsbCByZXF1ZXN0cw==-->Retrieve default merge commit message for pull requests<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9261): <!--number 9261 --><!--line 0 --><!--description c2hvdyBjYW5jZWwgYnV0dG9uIGZvciBhY3Rpb25zIHJ1biB1bnRpbCBhbGwgam9icyBhcmUgZmluaXNoZWQ=-->show cancel button for actions run until all jobs are finished<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10488): <!--number 10488 --><!--line 0 --><!--description c2hvdyB1cGRhdGUgdGltZSB3aGVuIHNvcnRpbmcgYnkgcmVjZW50bHkgdXBkYXRlZA==-->show update time when sorting by recently updated<!--description-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11607): <!--number 11607 --><!--line 0 --><!--description Zml4KHVpKTogYWxsb3cgbGFiZWwgZGVzY3JpcHRpb25zIHRvIHdyYXAgaW4gZHJvcGRvd24=-->fix(ui): allow label descriptions to wrap in dropdown<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11365): <!--number 11365 --><!--line 0 --><!--description ZWRpdCByYXcgaW5zdGVhZCBvZiByZW5kZXJlZCBHaXQgbm90ZXMgd2hlbiBlZGl0aW5nIG5vdGVzIG9uIGNvbW1pdCBwYWdlcw==-->edit raw instead of rendered Git notes when editing notes on commit pages<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11365): <!--number 11365 --><!--line 1 --><!--description bWFrZSBlZGl0aW5nIEdpdCBub3RlcyBmcm9tIHNpbmdsZS1jb21taXQgUFIgcGFnZSBhY3R1YWxseSB3b3Jr-->make editing Git notes from single-commit PR page actually work<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11365): <!--number 11365 --><!--line 2 --><!--description YWRkIGNhbmNlbCBidXR0b24gdG8gR2l0IG5vdGUgYWRkaW5nIGFuZCBlZGl0aW5n-->add cancel button to Git note adding and editing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11315): <!--number 11315 --><!--line 0 --><!--description Zml4KHVpKTogYWRkIGFjdGl2ZSBiYWNrZ3JvdW5kIGNvbG9yIGZvciBtZW51IGl0ZW1zIGluIHRpcHB5IHRvb2x0aXBz-->fix(ui): add active background color for menu items in tippy tooltips<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11423): <!--number 11423 --><!--line 0 --><!--description Zml4KHVpKTogdXBkYXRlIHNvcnQgZHJvcGRvd24gc3RydWN0dXJlIGZvciBjb25zaXN0ZW5jeSBhY3Jvc3MgdGVtcGxhdGVz-->fix(ui): update sort dropdown structure for consistency across templates<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11190): <!--number 11190 --><!--line 0 --><!--description Zml4KCMxMTE4OSk6IG5vcm1hbGl6ZSBpc3N1ZSB0aXRsZSBjYXNlIHdoZW4gbWF0Y2hpbmcgcHJlZml4ZXM=-->fix(#11189): normalize issue title case when matching prefixes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11259): <!--number 11259 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBhbGlnbm1lbnQgb2YgaWNvbnMgaW4gbmF2YmFy-->fix(ui): improve alignment of icons in navbar<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11231): <!--number 11231 --><!--line 0 --><!--description Zml4KHVpKTogbWFrZSByZWxhdGl2ZSB0aW1lIGNvbnNpc3RlbnQgd2l0aCBvdGhlciB0ZXh0IHdoZW4gc2VsZWN0ZWQ=-->fix(ui): make relative time consistent with other text when selected<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11343): <!--number 11343 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBhIGZldyBFbmdsaXNoIHN0cmluZ3M=-->fix(ui): improve a few English strings<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11274): <!--number 11274 --><!--line 0 --><!--description Zml4KHVpKTogYXBwbHkgbmF2YmFyIG1pbi1oZWlnaHQgY29ycmVjdGx5LCBmaXggaml0dGVyIG9uIG1vYmlsZQ==-->fix(ui): apply navbar min-height correctly, fix jitter on mobile<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11262): <!--number 11262 --><!--line 0 --><!--description Zml4KHVpKTogZml4IGdhcCBjb25zaXN0ZW5jeSBiZXR3ZWVuIG5hdmJhciBpdGVtcyBvbiBtb2JpbGU=-->fix(ui): fix gap consistency between navbar items on mobile<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11469): <!--number 11469 --><!--line 0 --><!--description Zml4KHVpKTogdXNlIG92ZXJmbG93OmF1dG8gdG8gYXZvaWQgc2Nyb2xsYmFycyB3aGVuIHRoZXkgYXJlIG5vdCBuZWVkZWQ=-->fix(ui): use overflow:auto to avoid scrollbars when they are not needed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11461): <!--number 11461 --><!--line 0 --><!--description Zml4KHVpKTogZml4IGRhc2hib2FyZCBzb21lIHN0eWxlIGlzc3Vlcw==-->fix(ui): fix dashboard some style issues<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11057): <!--number 11057 --><!--line 0 --><!--description Zml4KHVpKTogY2VudGVyLWFsaWduIGVtb2ppcyB0byBuZWlnaGJvdXJpbmcgdGV4dA==-->fix(ui): center-align emojis to neighbouring text<!--description-->
+- Localization
+  - Updates from Codeberg Translate: [#10417](https://codeberg.org/forgejo/forgejo/pulls/10417), [#10599](https://codeberg.org/forgejo/forgejo/pulls/10599), [#10660](https://codeberg.org/forgejo/forgejo/pulls/10660), [#10978](https://codeberg.org/forgejo/forgejo/pulls/10978), [#11344](https://codeberg.org/forgejo/forgejo/pulls/11344), [#11460](https://codeberg.org/forgejo/forgejo/pulls/11460), [#12129](https://codeberg.org/forgejo/forgejo/pulls/12129) (backport of [#11810](https://codeberg.org/forgejo/forgejo/pulls/11810), [#11963](https://codeberg.org/forgejo/forgejo/pulls/11963))
+- Features
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10617): <!--number 10617 --><!--line 0 --><!--description QXV0by1saW5rIGNvbnRhaW5lciBpbWFnZXMgdG8gcmVwb3NpdG9yeQ==-->Auto-link container images to repository<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11687): <!--number 11687 --><!--line 0 --><!--description ZXhwb3NlIGF0dGVtcHQgbnVtYmVyIG9mIEFjdGlvblJ1bkpvYiBpbiBIVFRQIEFQSQ==-->expose attempt number of ActionRunJob in HTTP API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11584): <!--number 11584 --><!--line 0 --><!--description YWRkIG1vcmUgZmlsdGVycyB0byBhY3Rpb25zIHJ1biBhbmQgdGFza3MgYXBp-->add more filters to actions run and tasks api<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10941): <!--number 10941 --><!--line 0 --><!--description ZGV0YWlsZWQgcGVybWlzc2lvbiBkZW5pZWQgbWVzc2FnZSBvbiBwdXNo-->detailed permission denied message on push<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11013): <!--number 11013 --><!--line 0 --><!--description ZmlsdGVyIGFjdGlvbiBydW5zIGJ5IEdpdCByZWZlcmVuY2U=-->filter action runs by Git reference<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11846) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12031)): <!--number 12031 --><!--line 0 --><!--description SW1wcm92ZSByZXBvIGZpbGUgbGlzdCB0YWJsZSBzZW1hbnRpY3MgZm9yIHNjcmVlbiByZWFkZXJz-->Improve repo file list table semantics for screen readers<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11851) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11986)): <!--number 11986 --><!--line 0 --><!--description ZmVhdDogc3VwcG9ydCBgdGltZXpvbmVgIGluIHNjaGVkdWxlZCB3b3JrZmxvd3M=-->feat: support `timezone` in scheduled workflows<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11895) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11970)): <!--number 11970 --><!--line 0 --><!--description QWRkIGFyaWEtbGFiZWw9IkNvcHkiIHRvIGNvcHkgYnV0dG9u-->Add aria-label="Copy" to copy button<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11887) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11969)): <!--number 11969 --><!--line 0 --><!--description QWRkIGFyaWEtY3VycmVudD0icGFnZSIgdG8gYWN0aXZlIG5hdmJhciBpdGVtcw==-->Add aria-current="page" to active navbar items<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11676): <!--number 11676 --><!--line 0 --><!--description YWxsb3cgcnVubmVycyB0byByZXF1ZXN0IGEgcGFydGljdWxhciBqb2I=-->allow runners to request a particular job<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11589): <!--number 11589 --><!--line 0 --><!--description YWRkIHdpa2kgZ2l0IGluZm8gdG8gQVBJ-->add wiki git info to API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10677): <!--number 10677 --><!--line 0 --><!--description YWRkIEhUVFAgQVBJIGVuZHBvaW50IGZvciBydW5uZXIgcmVnaXN0cmF0aW9u-->add HTTP API endpoint for runner registration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11489): <!--number 11489 --><!--line 0 --><!--description QWRkIGBIRUFEYCBzdXBwb3J0IGZvciBkZWJpYW4gcmVwbyBmaWxlcyAoIzExNDg4KQ==-->Add `HEAD` support for debian repo files (#11488)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10573): <!--number 10573 --><!--line 0 --><!--description cmVmYWN0b3I6IHVwZGF0ZSBBY3Rpb25zIFJ1bm5lciBhZG1pbiBBUEkgZW5kcG9pbnQgVVJMcyB0byBiZSBjb25zaXN0ZW50IHcvIG90aGVyIGxldmVscw==-->refactor: update Actions Runner admin API endpoint URLs to be consistent w/ other levels<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11671): <!--number 11671 --><!--line 0 --><!--description bWFrZSBpdCBwb3NzaWJsZSB0byBzZWFyY2ggcnVubmVycyBieSBVVUlE-->make it possible to search runners by UUID<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11670): <!--number 11670 --><!--line 0 --><!--description YWRkIHZpc2libGUgZmxhZyB0byBIVFRQIEFQSSBlbmRwb2ludHMgdGhhdCByZXR1cm4gcnVubmVycw==-->add visible flag to HTTP API endpoints that return runners<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10627): <!--number 10627 --><!--line 0 --><!--description c3VwcG9ydCBqb2JzLjxqb2JfaWQ+LnNlY3JldHMgd2l0aCByZXVzYWJsZSB3b3JrZmxvdyBleHBhbnNpb24=-->support jobs.<job_id>.secrets with reusable workflow expansion<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10563): <!--number 10563 --><!--line 0 --><!--description aW5jcmVhc2UgZGVmYXVsdCBsaW1pdCBvZiBkaXNwYXRjaCBpbnB1dHMgdG8gMTAw-->increase default limit of dispatch inputs to 100<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11059): <!--number 11059 --><!--line 0 --><!--description ZW5hYmxlIFNRTGl0ZSBXQUwgYnkgZGVmYXVsdA==-->enable SQLite WAL by default<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10614): <!--number 10614 --><!--line 0 --><!--description c3VwcG9ydCB3b3JrZmxvdyBpbnB1dHMgb24gZXhwYW5kZWQgcmV1c2FibGUgd29ya2Zsb3dz-->support workflow inputs on expanded reusable workflows<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10388): <!--number 10388 --><!--line 0 --><!--description YWxsb3cgdG8gYWRkIHBhbSBzb3VyY2UgZnJvbSBjb21tYW5kIGxpbmU=-->allow to add pam source from command line<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10578): <!--number 10578 --><!--line 0 --><!--description c3VwcG9ydCB3b3JrZmxvdyBvdXRwdXRzIG9uIGV4cGFuZGVkIHJldXNhYmxlIHdvcmtmbG93cw==-->support workflow outputs on expanded reusable workflows<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11504): <!--number 11504 --><!--line 0 --><!--description cmVhZCwgY3JlYXRlLCAmIGRlbGV0ZSByZXBvLXNwZWNpZmljIGFjY2VzcyB0b2tlbnMgdmlhIEFQSQ==-->read, create, & delete repo-specific access tokens via API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11216): <!--number 11216 --><!--line 0 --><!--description bGluayBDSSBqb2IgdG8gaXRzIGRlZmluaW5nIHdvcmtmbG93IGZpbGU=-->link CI job to its defining workflow file<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9962): <!--number 9962 --><!--line 0 --><!--description SW1wbGVtZW50IEVwaGVtZXJhbCBydW5uZXJz-->Implement Ephemeral runners<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/5384): <!--number 5384 --><!--line 0 --><!--description W2FsbG93IGZvcmdlam8gdG8gcnVuIGFzIGEgcHdhIHN0YW5kYWxvbmUgYXBwbGljYXRpb24gJiBvdmVycmlkZSBvZiB0aGUgd2ViYXBwIG1hbmlmZXN0Lmpzb24gdmlhIHRoZSBhIGN1c3RvbSBmaWxlIGluIGBwdWJsaWMvbWFuaWZlc3QuanNvbmBdKGh0dHBzOi8vY29kZWJlcmcub3JnL2Zvcmdlam8vZm9yZ2Vqby9wdWxscy81Mzg0KQ==-->[allow forgejo to run as a pwa standalone application & override of the webapp manifest.json via the a custom file in `public/manifest.json`](https://codeberg.org/forgejo/forgejo/pulls/5384)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10647): <!--number 10647 --><!--line 0 --><!--description c3VwcG9ydCByZXVzYWJsZSB3b3JrZmxvdyBleHBhbnNpb24gd2hlbiBgd2l0aGAgb3IgYHN0cmF0ZWd5Lm1hdHJpeGAgY29udGFpbnMgJHt7IG5lZWRzLi4uIH19-->support reusable workflow expansion when `with` or `strategy.matrix` contains ${{ needs... }}<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10602): <!--number 10602 --><!--line 0 --><!--description cHJvdmlkZSBtdWx0aXBsZSB0YXNrcyB0byBSdW5uZXIgaW4gb25lIEZldGNoVGFzayB3aGVuIHJlcXVlc3RlZA==-->provide multiple tasks to Runner in one FetchTask when requested<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10642): <!--number 10642 --><!--line 0 --><!--description YWRkIEZvcmdlam8gc2VydmVyIHZlcnNpb24gdG8gcnVubmVyIGNvbnRleHQ=-->add Forgejo server version to runner context<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11715): <!--number 11715 --><!--line 0 --><!--description aW1wcm92ZSBPQXV0aDIgZXhwZXJpZW5jZQ==-->improve OAuth2 experience<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11401): <!--number 11401 --><!--line 0 --><!--description YWxsb3cgQWN0aW9ucyBydW5uZXIgdG8gcmVjb3ZlciB0YXNrcyBsb3N0IGR1cmluZyBmZXRjaGluZyBmcm9tIGludGVybWl0dGVudCBlcnJvcnM=-->allow Actions runner to recover tasks lost during fetching from intermittent errors<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11932) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12033)): <!--number 12033 --><!--line 0 --><!--description UHJlc2VydmUgZm9jdXMgb24gc3Rhci91bnN0YXIgJiB3YXRjaC91bndhdGNoIGJ1dHRvbnMgYWZ0ZXIgY2xpY2s=-->Preserve focus on star/unstar & watch/unwatch buttons after click<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11909) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11984)): <!--number 11984 --><!--line 0 --><!--description Zml4OiBzdG9yZSBwdWxsIG1pcnJvciBjcmVkcyBlbmNyeXB0ZWQgd2l0aCBrZXlpbmc=-->fix: store pull mirror creds encrypted with keying<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11878) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11967)): <!--number 11967 --><!--line 0 --><!--description QWRkIGFyaWEtbGFiZWxzIHRvIGVuc3VyZSB3YXRjaCBhbmQgc3RhciBidXR0b25zIGFsd2F5cyBoYXZlIGEgdGV4dCBsYWJlbA==-->Add aria-labels to ensure watch and star buttons always have a text label<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11858) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11966)): <!--number 11966 --><!--line 0 --><!--description TWFrZSBsYWJlbCBkcm9wZG93biBtZW51IGl0ZW1zIHdpdGggLnR3LWhpZGRlbiB1bnNlbGVjdGFibGU=-->Make label dropdown menu items with .tw-hidden unselectable<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11860) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11922)): <!--number 11922 --><!--line 0 --><!--description Rml4IEBtZW50aW9uIGNvbWJvYm94IHNlbWFudGljcyBmb3Igc2NyZWVuIHJlYWRlciBhY2Nlc3NpYmlsaXR5-->Fix @mention combobox semantics for screen reader accessibility<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11881) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11906)): <!--number 11906 --><!--line 0 --><!--description Zml4OiB1bmlxdWUga2V5IHZpb2xhdGlvbiBpbiBmaXJzdC10aW1lIGNvbmN1cnJlbnQgZGViaWFuIHBhY2thZ2UgdXBsb2FkcyB0byBhIHVzZXI=-->fix: unique key violation in first-time concurrent debian package uploads to a user<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11821) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11830)): <!--number 11830 --><!--line 0 --><!--description Zml4OiBvdXQgb2Ygc3luY2hyb25pemF0aW9uIGVycm9yIGFmdGVyIGludGVycnVwdGluZyBhIFBSIG1lcmdlIGJ5IHVzZXItYWdlbnQgZGlzY29ubmVjdA==-->fix: out of synchronization error after interrupting a PR merge by user-agent disconnect<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11292): <!--number 11292 --><!--line 0 --><!--description aW1wcm92ZSBTUUxpdGUgImRhdGFiYXNlIGlzIGxvY2tlZCIgZXJyb3JzIGJ5IGluY3JlYXNpbmcgZGVmYXVsdCBgU1FMSVRFX1RJTUVPVVRgICh0YWtlIDIp-->improve SQLite "database is locked" errors by increasing default `SQLITE_TIMEOUT` (take 2)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11735): <!--number 11735 --><!--line 0 --><!--description aTE4bjogaGFyZGNvZGVkIHN0cmluZ3MgaW4gcmVwb3NpdG9yeSBhY3Rpdml0eSBncmFwaHM=-->i18n: hardcoded strings in repository activity graphs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11052): <!--number 11052 --><!--line 0 --><!--description bm9ybWFsaXplIHNlY3JldHMgY29uc2lzdGVudGx5LCBkaXNwbGF5IGFjY3VyYXRlIGhlbHA=-->normalize secrets consistently, display accurate help<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11699): <!--number 11699 --><!--line 0 --><!--description VGhlIERCIGVudHJpZXMgYWJvdXQgdXNlcnMgZm9sbG93aW5nIGFuIG9yZ2FuaXphdGlvbiBhbmQgdXNlcnMgYmxvY2tlZCBieSBhbiBvcmdhbml6YXRpb24gd2VyZSBub3QgZGVsZXRlZCB3aGVuIGFuIG9yZ2FuaXphdGlvbiB3YXMgZGVsZXRlZC4gT3JwaGFuZWQgZW50cmllcyBjYW4gYmUgY2xlYW5lZCB1cCBieSBydW5uaW5nIGBmb3JnZWpvIGRvY3RvciBjaGVjayAtLXJ1biBjaGVjay1kYi1jb25zaXN0ZW5jeSAtLWZpeGAu-->The DB entries about users following an organization and users blocked by an organization were not deleted when an organization was deleted. Orphaned entries can be cleaned up by running `forgejo doctor check --run check-db-consistency --fix`.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9906): <!--number 9906 --><!--line 0 --><!--description Zml4KHVpKTogSG9ub3Igb3JnL3VzZXIgcHJvamVjdCBpbiBuZXcgaXNzdWUgKCM4NDg5KQ==-->fix(ui): Honor org/user project in new issue (#8489)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10008): <!--number 10008 --><!--line 0 --><!--description ZW5zdXJlIGFjdGlvbnMgbG9ncyBhcmUgdHJhbnNmZXJyZWQgd2hlbiBhIHRhc2sgaXMgZG9uZQ==-->ensure actions logs are transferred when a task is done<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10954): <!--number 10954 --><!--line 0 --><!--description Zml4KHBhY2thZ2VzKTogcmV0dXJuIGJhZCByZXF1ZXN0IG9uIG1hbGZvcm1lZCB1cGxvYWQgaW5wdXQ=-->fix(packages): return bad request on malformed upload input<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11240): <!--number 11240 --><!--line 0 --><!--description Y29ycmVjdCBSZXZpZXdlZC1vbiBVUkwgaW4gbWVyZ2UgbWVzc2FnZSBmb3Igc3VicGF0aCBkZXBsb3ltZW50cw==-->correct Reviewed-on URL in merge message for subpath deployments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11153): <!--number 11153 --><!--line 0 --><!--description cnVieSBwYWNrYWdlIHZlcnNpb25zOiBvbmx5IHNraXAgZXhwbGljaXQgPj0gMCBhbmQgbGVhdmUgcGVzc2ltaXN0aWMgdmVyc2lvbiBsb2NraW5nIGludGFjdA==-->ruby package versions: only skip explicit >= 0 and leave pessimistic version locking intact<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11109): <!--number 11109 --><!--line 0 --><!--description Zml4IHNlYXJjaGluZyBpc3N1ZXMgYnkgb3JnIGxhYmVscyB2aWEgYXBp-->fix searching issues by org labels via api<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10691): <!--number 10691 --><!--line 0 --><!--description Zml4KGkxOG4pOiByZW1vdmUgdW5uZWVkZWQgc3BlY2lhbCBjYXNlcyBmb3IgcmVsYXRpdmUgdGltZQ==-->fix(i18n): remove unneeded special cases for relative time<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10528): <!--number 10528 --><!--line 0 --><!--description Zml4KCMxMDE1NSk6IGRvbid0IGRpc3BsYXkgcGVuZGluZyByZXZpZXdzIGFzIHBhcnRpY2lwYW50cw==-->fix(#10155): don't display pending reviews as participants<!--description-->
+- User Interface changes without a feature or bug label
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10768): <!--number 10768 --><!--line 0 --><!--description Y2hvcmUodWkpOiBjbGVhbnVwIFBSIGNoZWNrcyBhcmVh-->chore(ui): cleanup PR checks area<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10524): <!--number 10524 --><!--line 0 --><!--description Zml4KHVpKTogYXZhdGFyIGZvciBkaXNtaXNzZWQgcmV2aWV3IGlzIHN0cmV0Y2hlZCBpZiBub3Qgc3F1YXJl-->fix(ui): avatar for dismissed review is stretched if not square<!--description-->
+- Other changes without a feature or bug label
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11822) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11829)): <!--number 11829 --><!--line 0 --><!--description Zml4KGFwaSk6IHBhY2thZ2UgbmFtZSBpbiByb3V0ZSBub3QgcHJvcGVybHkgdW5lc2NhcGVk-->fix(api): package name in route not properly unescaped<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11650): <!--number 11650 --><!--line 0 --><!--description Y2hvcmU6IGRlcHJlY2F0ZSBIVFRQIEFQSSBlbmRwb2ludHMgZm9yIG9idGFpbmluZyB0aGUgcnVubmVyIHJlZ2lzdHJhdGlvbiB0b2tlbg==-->chore: deprecate HTTP API endpoints for obtaining the runner registration token<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11232): <!--number 11232 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBkZXByZWNhdGVkIGF1dGggbWV0aG9kcyBmcm9tIEFQSSBkb2Nz-->chore: remove deprecated auth methods from API docs<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12134) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12136)): <!--number 12136 --><!--line 0 --><!--description Y2hvcmU6IGZpeCBUZXN0TWlycm9yUHVsbCBvbiBvbGRlciBnaXQgKDIuMzQuMSkgaW5zdGFsbGF0aW9u-->chore: fix TestMirrorPull on older git (2.34.1) installation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12131) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12132)): <!--number 12132 --><!--line 0 --><!--description Y2hvcmU6IGZpeCBjb29raWUgbmFtZSBjb21tZW50cyBpbiBleGFtcGxlIGluaQ==-->chore: fix cookie name comments in example ini<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12113) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12130)): <!--number 12130 --><!--line 0 --><!--description Zml4OiBpbXByb3ZlIHJ1bm5lciBsaXN0IGFuZCBkZXRhaWxzIHZpZXc=-->fix: improve runner list and details view<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12114): <!--number 12114 --><!--line 0 --><!--description Zml4KHVpKTogYSBmZXcgc21hbGwgcnVubmVycyBVSSBmaXhlcw==-->fix(ui): a few small runners UI fixes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11733): <!--number 11733 --><!--line 0 --><!--description cHJldmVudCBjb250YWluZXIgcmVnaXN0cnkgaGVhZGVycyBmcm9tIGxlYWtpbmcgaW50byBvdGhlciByZWdpc3RyaWVz-->prevent container registry headers from leaking into other registries<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11337): <!--number 11337 --><!--line 0 --><!--description Rm9yZ2VqbyBTZWN1cml0eSBQYXRjaGVzLCAyMDI2LTAzLTA5-->fix(e2e): use empty user for overflow menu test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11324): <!--number 11324 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2dvLWNoaS9zZXNzaW9uIHRvIHYxLjAuMyAoZm9yZ2Vqbyk=-->Update module code.forgejo.org/go-chi/session to v1.0.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10727): <!--number 10727 --><!--line 0 --><!--description dGhlIGVycm9yIG1lc3NhZ2Ugb2YgYSBmYWlsZWQgbWlncmF0aW9uIGJlY2F1c2Ugb2YgYSB3cm9uZyB0b2tlbiBpcyBjb25mdXNpbmc=-->the error message of a failed migration because of a wrong token is confusing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12009) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12112)): <!--number 12112 --><!--line 0 --><!--description aTE4bihtYWlsZXIpOiBGaXggc3BlY2lhbCB1c2FnZSBvZiAuTG9jYWxlIGluIGFkbWluX25ld191c2Vy-->i18n(mailer): Fix special usage of .Locale in admin_new_user<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10898): <!--number 10898 --><!--line 0 --><!--description Y2hvcmUodWkpOiByZW1vdmUgb2Jzb2xldGUgdmFyIC0tY29sb3ItbmF2LXRleHQ=-->chore(ui): remove obsolete var --color-nav-text<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12094): <!--number 12094 --><!--line 0 --><!--description UmV2ZXJ0ICJJbXByb3ZlIHJlcG8gZmlsZSBsaXN0IHRhYmxlIHNlbWFudGljcyBmb3Igc2NyZWVuIHJlYWRlcnMgKCMxMjAzMSki-->Revert "Improve repo file list table semantics for screen readers (#12031)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12046) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12077)): <!--number 12077 --><!--line 0 --><!--description Zml4OiBwcmV2ZW50IGpvYnMgd2l0aCB1bmtub3duIG5lZWRzIGZyb20gcnVubmluZw==-->fix: prevent jobs with unknown needs from running<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12059) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12063)): <!--number 12063 --><!--line 0 --><!--description Zml4OiBkaXNwbGF5IHJ1bm5lciB2ZXJzaW9uIG9uIGRldGFpbHMgcGFnZQ==-->fix: display runner version on details page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12058) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12060)): <!--number 12060 --><!--line 0 --><!--description UmV2ZXJ0ICJmaXg6IGFkZCBjaGFsbGVuZ2UgZm9yIEhUVFAgQmFzaWMgQXV0aGVudGljYXRpb24gdG8gY29udGFpbmVyIHJlZ2lzdHJ5Ig==-->Revert "fix: add challenge for HTTP Basic Authentication to container registry"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11678): <!--number 11678 --><!--line 0 --><!--description YWRkIGNoYWxsZW5nZSBmb3IgSFRUUCBCYXNpYyBBdXRoZW50aWNhdGlvbiB0byBjb250YWluZXIgcmVnaXN0cnk=-->add challenge for HTTP Basic Authentication to container registry<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12021) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12044)): <!--number 12044 --><!--line 0 --><!--description Zml4OiBpbmNvcnJlY3QgaWRlbnRpZmljYXRpb24gb2Ygb3V0ZGF0ZWQgcnVuIGF0dGVtcHRz-->fix: incorrect identification of outdated run attempts<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11750): <!--number 11750 --><!--line 0 --><!--description c2V0IGF0dGVtcHQgbnVtYmVyIG9mIGFjdGlvbiBydW4gam9icyBlYWdlcmx5-->set attempt number of action run jobs eagerly<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12023) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12040)): <!--number 12040 --><!--line 0 --><!--description Zml4KGRvY3Rvcik6IHJlbW92ZSBicm9rZW4gbWVyZ2ViYXNlIGNoZWNr-->fix(doctor): remove broken mergebase check<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12030) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12038)): <!--number 12038 --><!--line 0 --><!--description Zml4OiBwcmV2ZW50IGFjdGlvbnMgd29ya2Zsb3dzIGZyb20gZ2VuZXJhdGluZyBPSURDIHRva2VucyBpZiBub3QgYXV0aG9yaXplZCBpbiB3b3JrZmxvdw==-->fix: prevent actions workflows from generating OIDC tokens if not authorized in workflow<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12029): <!--number 12029 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjYuMiAodjE1LjAvZm9yZ2Vqbyk=-->Update dependency go to v1.26.2 (v15.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11997) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11998)): <!--number 11998 --><!--line 0 --><!--description dGVzdDogZml4IGludGVybWl0dGVudCB0ZXN0IGZhaWx1cmUgaW4gVGVzdFBhY2thZ2VEZWJpYW5Db25jdXJyZW50-->test: fix intermittent test failure in TestPackageDebianConcurrent<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11992) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11996)): <!--number 11996 --><!--line 0 --><!--description Y2hvcmUoZGVwcyk6IGJ1bXAgeG9ybSB0byB2MS4zLjktZm9yZ2Vqby4xMCAoIzExOTkyKQ==-->chore(deps): bump xorm to v1.3.9-forgejo.10 (#11992)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11945) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11987)): <!--number 11987 --><!--line 0 --><!--description Zml4OiBtaXNzaW5nIHN5bnRheCBkaWFsb2cgcm91bmRlZCBjb3JuZXJz-->fix: missing syntax dialog rounded corners<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11999) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12000)): <!--number 12000 --><!--line 0 --><!--description cmVmYWN0b3I6IHJlZHVjZSBjb2RlIGR1cGxpY2F0aW9uIHdoZW4gYWNjZXNzaW5nIGBEZWZhdWx0TWF4SW5TaXplYA==-->refactor: reduce code duplication when accessing `DefaultMaxInSize`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11988) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11995)): <!--number 11995 --><!--line 0 --><!--description cGVyZjogYnVsayBsb2FkIHJlc29sdmVycyAmIHJlYWN0aW9ucyBvbiBwdWxsIHJlcXVlc3QgY29tbWVudHM=-->perf: bulk load resolvers & reactions on pull request comments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11956) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11964)): <!--number 11964 --><!--line 0 --><!--description Zml4OiBzdXBlcmZsdW91cyBpbmNyZW1lbnQgb2YgQWN0aW9uVGFzayBhdHRlbXB0IGJyZWFrcyBqb2Igdmlldw==-->fix: superfluous increment of ActionTask attempt breaks job view<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11949): <!--number 11949 --><!--line 0 --><!--description OiBjaG9yZTogYWRkIG1vZGVybml6ZXIgbGludGVy-->: chore: add modernizer linter<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11296): <!--number 11296 --><!--line 0 --><!--description UEFNOiBwb3J0YWJsZSBlcnJvciByZXBvcnRpbmc=-->PAM: portable error reporting<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11948): <!--number 11948 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMTEuNCAodjE1LjAvZm9yZ2Vqbyk=-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.11.4 (v15.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11927) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11933)): <!--number 11933 --><!--line 0 --><!--description Zml4OiBhbGxvdyByZXBvc2l0b3J5IGRlbGV0aW9uIHdoZW4gcmVmZXJlbmNlZCBieSBhIHJlcG8tc3BlY2lmaWMgYWNjZXNzIHRva2Vu-->fix: allow repository deletion when referenced by a repo-specific access token<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11843) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11931)): <!--number 11931 --><!--line 0 --><!--description Zml4OiBhbGxvdyBtb2RhbHMgdG8gYmUgc3VibWl0dGVkIG11bHRpcGxlIHRpbWVz-->fix: allow modals to be submitted multiple times<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11872) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11907)): <!--number 11907 --><!--line 0 --><!--description Y2k6IHByZXZlbnQgdXNhZ2Ugb2YgbGl2ZSBhcHBsaWNhdGlvbiBtb2RlbHMgJiBzZXJ2aWNlcyBpbiBtaWdyYXRpb25z-->ci: prevent usage of live application models & services in migrations<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11432): <!--number 11432 --><!--line 0 --><!--description TW92ZSBDb250YWluZXIgQVBJIHByb2Nlc3NpbmcgbG9naWMgdG8gc2VydmljZQ==-->Move Container API processing logic to service<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11900): <!--number 11900 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ28tZ2l0L2dvLWdpdC92NSAoaW5kaXJlY3QpIHRvIHY1LjE3LjEgW1NFQ1VSSVRZXSAodjE1LjAvZm9yZ2Vqbyk=-->Update github.com/go-git/go-git/v5 (indirect) to v5.17.1 [SECURITY] (v15.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11886): <!--number 11886 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMC44LjkgW1NFQ1VSSVRZXSAodjE1LjAvZm9yZ2VqbykgLSBhdXRvY2xvc2Vk-->Update dependency happy-dom to v20.8.9 [SECURITY] (v15.0/forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11874) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11877)): <!--number 11877 --><!--line 0 --><!--description ZmVhdDogdXNlIGAtLXRva2VuLXVybGAgaW4gcnVubmVyIHNldHVwIGluc3RydWN0aW9ucw==-->feat: use `--token-url` in runner setup instructions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11696): <!--number 11696 --><!--line 0 --><!--description ZmVhdCh1aSk6IGNyZWF0ZSByZXBvLXNwZWNpZmljIGFjY2VzcyB0b2tlbnM=-->feat(ui): create repo-specific access tokens<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11839): <!--number 11839 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgaGFwcHktZG9tIHRvIHYyMC44LjggW1NFQ1VSSVRZXSAodjE1LjAvZm9yZ2Vqbyk=-->Update dependency happy-dom to v20.8.8 [SECURITY] (v15.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11776) ([backported](https://codeberg.org/forgejo/forgejo/pulls/11833)): <!--number 11833 --><!--line 0 --><!--description Zml4OiBkdXBsaWNhdGUga2V5IHZpb2xhdGVzIHVuaXF1ZSBjb25zdHJhaW50IGluIGNvbmN1cnJlbnQgZGViaWFuIHBhY2thZ2UgdXBsb2Fkcw==-->fix: duplicate key violates unique constraint in concurrent debian package uploads<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11801): <!--number 11801 --><!--line 0 --><!--description Y2k6IHVwZGF0ZSB0ZXN0cyB0byBydW4gZGViaWFuIHRyaXhpZSwgcmVtb3ZlIG1hbnVhbCBpbnN0YWxsYXRpb24gZnJvbSBgdGVzdGluZ2A=-->ci: update tests to run debian trixie, remove manual installation from `testing`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11825): <!--number 11825 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzguMCBbU0VDVVJJVFldICh2MTUuMC9mb3JnZWpvKQ==-->Update module golang.org/x/image to v0.38.0 [SECURITY] (v15.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11805): <!--number 11805 --><!--line 0 --><!--description VXBkYXRlIE5vZGUuanMgdG8gdjI0LjE0LjEgKGZvcmdlam8p-->Update Node.js to v24.14.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11806): <!--number 11806 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vYWN0aW9ucy1wcm90byB0byB2MC43LjAgKGZvcmdlam8p-->Update module code.forgejo.org/forgejo/actions-proto to v0.7.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11804): <!--number 11804 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNy4zIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.7.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11789): <!--number 11789 --><!--line 0 --><!--description Y2hvcmU6IGxpbmsgdG8gQUkgQWdyZWVtZW50IGluIFBSIHRlbXBsYXRl-->chore: link to AI Agreement in PR template<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11732): <!--number 11732 --><!--line 0 --><!--description YWxsb3cgcmVuYW1pbmcgYW5kIHJlcGxhY2luZyBzZWNyZXRz-->allow renaming and replacing secrets<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11781): <!--number 11781 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIERvY2tlciB0YWcgdG8gdjQzLjg2LjEgKGZvcmdlam8p-->Update renovate Docker tag to v43.86.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11772): <!--number 11772 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2phY2tjL3BneC92NSB0byB2NS45LjEgKGZvcmdlam8p-->Update module github.com/jackc/pgx/v5 to v5.9.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11717): <!--number 11717 --><!--line 0 --><!--description ZG9jdW1lbnQgbW9yZSBzdGF0dXMgY29kZXMgaW4gdGhlIEFQSQ==-->document more status codes in the API<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11217): <!--number 11217 --><!--line 0 --><!--description YnVpbGQ6IHBvbGlzaCBsaW50ZXIgZXJyb3IgdnMuIGRlYWQgY29kZSByZXBvcnRpbmc=-->build: polish linter error vs. dead code reporting<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11751): <!--number 11751 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3l1aW4vZ29sZG1hcmsgdG8gdjEuNy4xNyAoZm9yZ2Vqbyk=-->Update module github.com/yuin/goldmark to v1.7.17 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10541): <!--number 10541 --><!--line 0 --><!--description YWRkIG1hbmFnZV9jcmVkZW50aWFscyB0byB1c2VyIGRpc2FibGUgZmVhdHVyZXM=-->add manage_credentials to user disable features<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11745): <!--number 11745 --><!--line 0 --><!--description VXBkYXRlIE5vZGUuanMgdG8gdjI0LjE0LjAgKGZvcmdlam8p-->Update Node.js to v24.14.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11743): <!--number 11743 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvdG9vbHMvY21kL2RlYWRjb2RlIHRvIHYwLjQzLjAgKGZvcmdlam8p-->Update module golang.org/x/tools/cmd/deadcode to v0.43.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11741): <!--number 11741 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvb2F1dGgyIHRvIHYwLjM2LjAgKGZvcmdlam8p-->Update module golang.org/x/oauth2 to v0.36.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11674): <!--number 11674 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLXdlYmF1dGhuL3dlYmF1dGhuIHRvIHYwLjE2LjEgKGZvcmdlam8p-->Update module github.com/go-webauthn/webauthn to v0.16.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11744): <!--number 11744 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBtdmRhbi5jYy94dXJscy92MiB0byB2Mi42LjAgKGZvcmdlam8p-->Update module mvdan.cc/xurls/v2 to v2.6.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11632): <!--number 11632 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvb2dsZS9nby1saWNlbnNlcyB0byB2MiAoZm9yZ2VqbykgLSBhdXRvY2xvc2Vk-->Update module github.com/google/go-licenses to v2 (forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11740): <!--number 11740 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjUyLjAgKGZvcmdlam8p-->Update module golang.org/x/net to v0.52.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11264): <!--number 11264 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgY2xpcHBpZSB0byB2NC4xLjEwIChmb3JnZWpvKQ==-->Update dependency clippie to v4.1.10 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11738): <!--number 11738 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL1Byb3Rvbk1haWwvZ28tY3J5cHRvIHRvIHYxLjQuMSAoZm9yZ2Vqbyk=-->Update module github.com/ProtonMail/go-crypto to v1.4.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11739): <!--number 11739 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzcuMCAoZm9yZ2Vqbyk=-->Update module golang.org/x/image to v0.37.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11691): <!--number 11691 --><!--line 0 --><!--description cmVtb3ZlIHRlbXBsYXRlIGZpbGUgZnJvbSBnZW5lcmF0ZWQgcmVwbw==-->remove template file from generated repo<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11713): <!--number 11713 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3VyZmF2ZS9jbGkvdjMgdG8gdjMuNy4wIChmb3JnZWpvKQ==-->Update module github.com/urfave/cli/v3 to v3.7.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11729): <!--number 11729 --><!--line 0 --><!--description cGVyZjogcmVtb3ZlIHJlZHVuZGFudCAmIGluY29ycmVjdCBmaWx0ZXJzIG9uICdTZWFyY2hSZXBvT3B0aW9ucy5Pd25lcklEJw==-->perf: remove redundant & incorrect filters on 'SearchRepoOptions.OwnerID'<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11728): <!--number 11728 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjQ5LjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.49.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11718): <!--number 11718 --><!--line 0 --><!--description dXNlIENTUyBjbGFzcyB0byBpbmRpY2F0ZSB0aGF0IHJ1bm5lciBuYW1lIGlzIHJlcXVpcmVk-->use CSS class to indicate that runner name is required<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11709): <!--number 11709 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL1Byb3Rvbk1haWwvZ28tY3J5cHRvIHRvIHYxLjQuMCAoZm9yZ2Vqbyk=-->Update module github.com/ProtonMail/go-crypto to v1.4.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11700): <!--number 11700 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3BxdWVybmEvb3RwIHRvIHYxLjUuMCAoZm9yZ2VqbykgLSBhdXRvY2xvc2Vk-->Update module github.com/pquerna/otp to v1.5.0 (forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11719): <!--number 11719 --><!--line 0 --><!--description Zml4KHVpKTogY2xlYW51cCBjc3MgZGVhZGNvZGUgcmVsYXRlZCB0byBzdGFja2FibGUgbWVudXM=-->fix(ui): cleanup css deadcode related to stackable menus<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11707): <!--number 11707 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBmaWxsbW9yZS1sYWJzLmNvbS9lcnJvcnR5cGUgdG8gdjAuMC4xMSAoZm9yZ2Vqbyk=-->Update module fillmore-labs.com/errortype to v0.0.11 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11708): <!--number 11708 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21hdHRuL2dvLXNxbGl0ZTMgdG8gdjEuMTQuMzcgKGZvcmdlam8p-->Update module github.com/mattn/go-sqlite3 to v1.14.37 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11690): <!--number 11690 --><!--line 0 --><!--description c2NvcGUtc3BlY2lmaWMgaGVhZGluZ3MgZm9yIGxpc3Qgb2YgcmVjZW50IHRhc2tz-->scope-specific headings for list of recent tasks<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11616): <!--number 11616 --><!--line 0 --><!--description cmVtb3ZlIHNlY29uZCBjaGFsbGVuZ2UgZnJvbSBXV1ctQXV0aGVudGljYXRlIGhlYWRlcg==-->remove second challenge from WWW-Authenticate header<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11686): <!--number 11686 --><!--line 0 --><!--description dGVzdDogYXR0ZW1wdCB0byBmaXggZmxha3kgVGVzdEJsZXZlRGVsZXRlSXNzdWU=-->test: attempt to fix flaky TestBleveDeleteIssue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11053): <!--number 11053 --><!--line 0 --><!--description YnVpbGQ6IG1vdmUgYmFja2VuZC1jaGVja3MgQ0kgY2hlY2tzIHRvIE1ha2VmaWxlOiBgbWFrZSBwci1nb2A=-->build: move backend-checks CI checks to Makefile: `make pr-go`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11507): <!--number 11507 --><!--line 0 --><!--description UmVwbGFjZSByZWZlcmVuY2UgdG8gTW9uYWNvIHdpdGggQ29kZU1pcnJvciBpbiBhcHAuZXhhbXBsZS5pbmk=-->Replace reference to Monaco with CodeMirror in app.example.ini<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11295): <!--number 11295 --><!--line 0 --><!--description Zml4KHByb3h5cHJvdG9jb2wpOiByZW1vdmUgdHJhaWxpbmcgbnVsbCBieXRlIGZvciBsb2NhbCBjb25uZWN0aW9u-->fix(proxyprotocol): remove trailing null byte for local connection<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10525): <!--number 10525 --><!--line 0 --><!--description ZXhwYW5kIHJldXNhYmxlIHdvcmtmbG93IGNhbGxzIGludG8gdGhlaXIgaW5uZXIgam9icw==-->expand reusable workflow calls into their inner jobs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11692): <!--number 11692 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIERvY2tlciB0YWcgdG8gdjQzLjc2LjIgKGZvcmdlam8p-->Update renovate Docker tag to v43.76.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11697): <!--number 11697 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGdvb2dsZS9tb2RlbC12aWV3ZXIgdG8gdjQuMi4wIChmb3JnZWpvKQ==-->Update dependency @google/model-viewer to v4.2.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11695): <!--number 11695 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLXN3YWdnZXIvZ28tc3dhZ2dlci9jbWQvc3dhZ2dlciB0byB2MC4zMy4yIChmb3JnZWpvKQ==-->Update module github.com/go-swagger/go-swagger/cmd/swagger to v0.33.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11693): <!--number 11693 --><!--line 0 --><!--description VXBkYXRlIENvZGVNaXJyb3IgKGZvcmdlam8p-->Update CodeMirror (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11683): <!--number 11683 --><!--line 0 --><!--description Zml4KGkxOG4pOiByZXVzZSBzdHJpbmcgZm9yIHJlcG9zaXRvcnkgYWNjZXNzLCBmaXggY2FwaXRhbGl6YXRpb24gY29uc2lzdGVuY3k=-->fix(i18n): reuse string for repository access, fix capitalization consistency<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11675): <!--number 11675 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBjb25zaXN0ZW5jeSBpbiBuZXcgcnVubmVyIG1hbmFnZW1lbnQgcGFnZXM=-->fix(ui): improve consistency in new runner management pages<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11682): <!--number 11682 --><!--line 0 --><!--description aW5jb3JyZWN0IERCIGVycm9yIGhhbmRsaW5nIGluICdQT1NUIC91c2Vycy97dXNlcm5hbWV9L3Rva2Vucyc=-->incorrect DB error handling in 'POST /users/{username}/tokens'<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11585): <!--number 11585 --><!--line 0 --><!--description Zml4KGlzc3VlLXNlYXJjaCk6IGRlbGV0ZSBpc3N1ZSBmcm9tIGluZGV4ZXIgb24gRGVsZXRlSXNzdWU=-->fix(issue-search): delete issue from indexer on DeleteIssue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11672): <!--number 11672 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGNvZGVtaXJyb3IvdmlldyB0byB2Ni4zOS4xNyAoZm9yZ2Vqbyk=-->Update dependency @codemirror/view to v6.39.17 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11335): <!--number 11335 --><!--line 0 --><!--description c2tpcCByZXBvIGF2YXRhciB1cGxvYWQgd2hlbiBubyBmaWxlIGlzIHNlbGVjdGVk-->skip repo avatar upload when no file is selected<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11478): <!--number 11478 --><!--line 0 --><!--description UlBNIHJlZ2lzdHJ5IGFkZHJlcG8gaW5zdHJ1Y3Rpb25z-->RPM registry addrepo instructions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11525): <!--number 11525 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBtb3JlIGRpYWdub3N0aWMgb3V0cHV0IHRvIGRiZnMgU3RhdCBlcnJvcg==-->chore: add more diagnostic output to dbfs Stat error<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11280): <!--number 11280 --><!--line 0 --><!--description Y2k6IGVuc3VyZSBjb3JyZWN0IG5vZGUgdmVyc2lvbg==-->ci: ensure correct node version<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11542): <!--number 11542 --><!--line 0 --><!--description Y2hvcmU6IHNraXAgc2hhMjU2IHJlcG8gZm9yIG9sZGVyIGdpdCB2ZXJzaW9ucw==-->chore: skip sha256 repo for older git versions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11176): <!--number 11176 --><!--line 0 --><!--description ZW5zdXJlIGNvbnNpc3RlbnQgc29ydCBvcmRlciBpbiBUZXN0RmVlZCBmaXh0dXJl-->ensure consistent sort order in TestFeed fixture<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11007): <!--number 11007 --><!--line 0 --><!--description Zml4IE5ld01vY2tXZWJTZXJ2ZXIoKTogSGVhZGVycyBuZXZlciByZWFjaGVkIHRoZSBodHRwIGNsaWVudA==-->fix NewMockWebServer(): Headers never reached the http client<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10798): <!--number 10798 --><!--line 0 --><!--description bWlncmF0aW9ucy9naXRodWI6IGF2b2lkIGdldHRpbmcgdGhlIGZpcnN0IGlzc3VlcyBwYWdlIHR3aWNl-->migrations/github: avoid getting the first issues page twice<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10846): <!--number 10846 --><!--line 0 --><!--description bWlncmF0aW9ucy9naXRodWI6IFdhaXQgJiByZXRyeSB3aGVuIHByaW1hcnkgcmF0ZSBsaW1pdCBpcyBoaXQ=-->migrations/github: Wait & retry when primary rate limit is hit<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11038): <!--number 11038 --><!--line 0 --><!--description ZGV0ZWN0IHJlbmFtZXMgd2hlbiB1c2luZyBkaWZmLXRyZWU=-->detect renames when using diff-tree<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10883): <!--number 10883 --><!--line 0 --><!--description Y2k6IHRpZSBnbyBjYWNoZSB0byBnbyB2ZXJzaW9uIGFuZCBhZGQgYE1ha2VmaWxlYCB0byBrZXkgaGFzaA==-->ci: tie go cache to go version and add `Makefile` to key hash<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10893): <!--number 10893 --><!--line 0 --><!--description cmV0cnkgQWN0aW9uUnVuIHVwZGF0ZXMgd2hlbiBvcHRpbWlzdGljLWNvbmN1cnJlbmN5LWNvbnRyb2wgaW5kaWNhdGVzIHJlY29yZCBjaGFuZ2Vk-->retry ActionRun updates when optimistic-concurrency-control indicates record changed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10481): <!--number 10481 --><!--line 0 --><!--description YWRkIE9JREMgd29ya2xvYWQgaWRlbnRpdHkgZmVkZXJhdGlvbiBzdXBwb3J0-->add OIDC workload identity federation support<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11662): <!--number 11662 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvb2NpL2dvbGFuZyBEb2NrZXIgdGFnIHRvIHYxLjI2IChmb3JnZWpvKSAtIGF1dG9jbG9zZWQ=-->Update data.forgejo.org/oci/golang Docker tag to v1.26 (forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11660): <!--number 11660 --><!--line 0 --><!--description VXBkYXRlIGRhdGEuZm9yZ2Vqby5vcmcvZm9yZ2Vqby9mb3JnZWpvIERvY2tlciB0YWcgdG8gdjExLjAuMTEgKGZvcmdlam8p-->Update data.forgejo.org/forgejo/forgejo Docker tag to v11.0.11 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11663): <!--number 11663 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMTMuMCAoZm9yZ2Vqbyk=-->Update dependency mermaid to v11.13.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11657): <!--number 11657 --><!--line 0 --><!--description cmVmYWN0b3I6IHJlcGxhY2UgV2l0aEF2YWlsYWJsZSB3aXRoIFdpdGhWaXNpYmxlIHdoZW4gZmV0Y2hpbmcgcnVubmVycw==-->refactor: replace WithAvailable with WithVisible when fetching runners<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11653): <!--number 11653 --><!--line 0 --><!--description Y3JlYXRlIHJlcG8tc3BlY2lmaWMgYWNjZXNzIHRva2VuIHVuZXhwZWN0ZWQgYmVoYXZpb3VyIHdpdGggYCJyZXBvc2l0b3JpZXMiOiBbXWA=-->create repo-specific access token unexpected behaviour with `"repositories": []`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11627): <!--number 11627 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11320): <!--number 11320 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjYgKGZvcmdlam8p-->Update dependency go to v1.26 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11334): <!--number 11334 --><!--line 0 --><!--description Zml4KG1vZGVscyk6IGRlZHVwbGljYXRlIHByb2plY3Qgc29ydGluZyB2YWx1ZXMgYW5kIGFkZCB1bmlxdWUgY29uc3RyYWludHM=-->fix(models): deduplicate project sorting values and add unique constraints<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11644): <!--number 11644 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuOCAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.1.8 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11639): <!--number 11639 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNy4yIChmb3JnZWpvKSAtIGF1dG9jbG9zZWQ=-->Update module code.forgejo.org/forgejo/runner/v12 to v12.7.2 (forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11638): <!--number 11638 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMzggKGZvcmdlam8p-->Update dependency katex to v0.16.38 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11630): <!--number 11630 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vY29kZS5mb3JnZWpvLm9yZy9mb3JnZWpvL3VwbG9hZC1hcnRpZmFjdCBhY3Rpb24gdG8gdjUgKGZvcmdlam8pIC0gYXV0b2Nsb3NlZA==-->Update https://code.forgejo.org/forgejo/upload-artifact action to v5 (forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11631): <!--number 11631 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL3VwbG9hZC1hcnRpZmFjdCBhY3Rpb24gdG8gdjUgKGZvcmdlam8p-->Update https://data.forgejo.org/forgejo/upload-artifact action to v5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11629): <!--number 11629 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd3JhcC1hbnNpIHRvIHYxMCAoZm9yZ2Vqbyk=-->Update dependency wrap-ansi to v10 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11605): <!--number 11605 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgYXNjaWluZW1hLXBsYXllciB0byB2My4xNS4xIChmb3JnZWpvKQ==-->Update dependency asciinema-player to v3.15.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11624): <!--number 11624 --><!--line 0 --><!--description Y2hvcmUoZGVwcyk6IGJ1bXAgeG9ybSB0byB2MS4zLjktZm9yZ2Vqby44-->chore(deps): bump xorm to v1.3.9-forgejo.8<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11342): <!--number 11342 --><!--line 0 --><!--description Y2hvcmUocmVmYWN0b3IpOiBzcGxpdCBBZGRSZXBvc2l0b3J5IGFuZCBBZGRUZWFtTWVtYmVyIHRvIHJldHVybiB0aGUgaW5zZXJ0ZWQgdmFsdWU=-->chore(refactor): split AddRepository and AddTeamMember to return the inserted value<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11621): <!--number 11621 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ2xvYmFscyB0byB2MTcuNC4wIChmb3JnZWpvKQ==-->Update dependency globals to v17.4.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11588): <!--number 11588 --><!--line 0 --><!--description d2ViaG9vay9kaXNjb3JkOiBvbWl0IGVtcHR5IGVtYmVkcy5mb290ZXIgZnJvbSB0aGUgcGF5bG9hZCBmb3IgU3BhY2ViYXIgY29tcGF0aWJpbGl0eQ==-->webhook/discord: omit empty embeds.footer from the payload for Spacebar compatibility<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11601): <!--number 11601 --><!--line 0 --><!--description cmVmYWN0b3I6IHJlcGxhY2UgQWN0aW9uUnVubmVyVG9rZW4uT3duZXJJRCAmIFJlcG9JRCB3aXRoIG9wdGlvbmFsLk9wdGlvbltpbnQ2NF0=-->refactor: replace ActionRunnerToken.OwnerID & RepoID with optional.Option[int64]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11593): <!--number 11593 --><!--line 0 --><!--description Y2k6IGRldGVjdCBhbmQgcHJldmVudCBlbXB0eSBgY2FzZWAgc3RhdGVtZW50cyBpbiBHbyBjb2Rl-->ci: detect and prevent empty `case` statements in Go code<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11599): <!--number 11599 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMzcgKGZvcmdlam8p-->Update dependency katex to v0.16.37 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11595): <!--number 11595 --><!--line 0 --><!--description cmVmYWN0b3I6IHJlbmFtZSBBY2Nlc3NUb2tlbkVycm9yIHRvIEFjY2Vzc1Rva2VuRXJyb3JSZXNwb25zZQ==-->refactor: rename AccessTokenError to AccessTokenErrorResponse<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11442): <!--number 11442 --><!--line 0 --><!--description ZW5mb3JjZSBwYWNrYWdlIHF1b3RhIGFnYWluc3QgcGFja2FnZSBvd25lciwgbm90IHVwbG9hZGVy-->enforce package quota against package owner, not uploader<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11144): <!--number 11144 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBjb21tZW50IGZvciBhcCBtaWdyYXRpb24=-->chore: add comment for ap migration<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9254): <!--number 9254 --><!--line 0 --><!--description ZmVhdChhY3Rpdml0eXB1Yik6IHVzZSBzdHJ1Y3R1cmUgQFByZWZlcnJlZFVzZXJuYW1lQGhvc3QudGxkOnBvcnQgZm9yIGFjdG9ycw==-->feat(activitypub): use structure @PreferredUsername@host.tld:port for actors<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11568): <!--number 11568 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21pbmlvL21pbmlvLWdvL3Y3IHRvIHY3LjAuOTkgKGZvcmdlam8pIC0gYXV0b2Nsb3NlZA==-->Update module github.com/minio/minio-go/v7 to v7.0.99 (forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11576): <!--number 11576 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMzUgKGZvcmdlam8p-->Update dependency katex to v0.16.35 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11558): <!--number 11558 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDUuNCAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.105.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11587): <!--number 11587 --><!--line 0 --><!--description Y2hvcmU6IGNsZWFudXAgTWFrZWZpbGU=-->chore: cleanup Makefile<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11583): <!--number 11583 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjE0LjAuMyBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v14.0.3 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11582): <!--number 11582 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjExLjAuMTEgW3NraXAgY2ld-->chore(release-notes): Forgejo v11.0.11 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11553): <!--number 11553 --><!--line 0 --><!--description Y2hvcmU6IHN1cHBvcnQgYE9wdGlvbltUXWAgYXMgYSB0eXBlIG9uIGRhdGFiYXNlIHNjaGVtYSBzdHJ1Y3Rz-->chore: support `Option[T]` as a type on database schema structs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11564): <!--number 11564 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWVucnkvZ28tZW5yeS92MiB0byB2Mi45LjUgKGZvcmdlam8p-->Update module github.com/go-enry/go-enry/v2 to v2.9.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11559): <!--number 11559 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuNyAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.1.7 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11562): <!--number 11562 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNy4xIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.7.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11481): <!--number 11481 --><!--line 0 --><!--description Y2hvcmUodHJlZXdpZGUpOiByZW5hbWUgU2FmZUhUTUwgdG8gVHJ1c3RIVE1M-->chore(treewide): rename SafeHTML to TrustHTML<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11563): <!--number 11563 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2JsZXZlc2VhcmNoL2JsZXZlL3YyIHRvIHYyLjUuNyAoZm9yZ2Vqbyk=-->Update module github.com/blevesearch/bleve/v2 to v2.5.7 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11368): <!--number 11368 --><!--line 0 --><!--description ZmVhdChhcGkpOiBtb3JlIHZlcmJvc2UgZXJyb3IgbWVzc2FnZXMgYW5kIHN3YWdnZXIgY29tbWVudHMgZm9yIHBvc3RpbmcgaXNzdWUgY29tbWVudHM=-->feat(api): more verbose error messages and swagger comments for posting issue comments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11486): <!--number 11486 --><!--line 0 --><!--description VXBkYXRlIGNvZGUuZm9yZ2Vqby5vcmcvZm9yZ2Vqby1jb250cmliL2dvLWxpYnJhdmF0YXIgZGlnZXN0IHRvIGFkZDQ5NGUgKGZvcmdlam8p-->Update code.forgejo.org/forgejo-contrib/go-libravatar digest to add494e (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11545): <!--number 11545 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdGFpbHdpbmRjc3MgdG8gdjMuNC4xOSAoZm9yZ2Vqbyk=-->Update dependency tailwindcss to v3.4.19 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11538): <!--number 11538 --><!--line 0 --><!--description Y2hvcmUoZGVwcyk6IHVwZ3JhZGUgeG9ybSB0byB2MS4zLjktZm9yZ2Vqby43-->chore(deps): upgrade xorm to v1.3.9-forgejo.7<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11549): <!--number 11549 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdWludDgtdG8tYmFzZTY0IHRvIHYwLjIuMSAoZm9yZ2Vqbyk=-->Update dependency uint8-to-base64 to v0.2.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11543): <!--number 11543 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS42LjEgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.6.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11470): <!--number 11470 --><!--line 0 --><!--description Zml4KHRlc3RzKTogZG8gbm90IGxlYWsgZ2xvYmFsIHJlcG9zaXRvcnkgdW5pdCBkZWZhdWx0cw==-->fix(tests): do not leak global repository unit defaults<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11523): <!--number 11523 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWluaW1hdGNoIHRvIHYxMC4yLjQgKGZvcmdlam8p-->Update dependency minimatch to v10.2.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11521): <!--number 11521 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuOCAoZm9yZ2Vqbyk=-->Update dependency go to v1.25.8 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11520): <!--number 11520 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kga2F0ZXggdG8gdjAuMTYuMzMgKGZvcmdlam8p-->Update dependency katex to v0.16.33 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11519): <!--number 11519 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZGF5anMgdG8gdjEuMTEuMTkgKGZvcmdlam8p-->Update dependency dayjs to v1.11.19 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11517): <!--number 11517 --><!--line 0 --><!--description VXBkYXRlIENvZGVNaXJyb3IgKGZvcmdlam8p-->Update CodeMirror (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9873): <!--number 9873 --><!--line 0 --><!--description SGFuZGxlIGVycm9yIHR5cGVzIGNvbnNpc3RlbnRseQ==-->Handle error types consistently<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11450): <!--number 11450 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21hcmtiYXRlcy9nb3RoIHRvIHYxLjgyLjAgKGZvcmdlam8p-->Update module github.com/markbates/goth to v1.82.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11385): <!--number 11385 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMTIuMyAoZm9yZ2Vqbyk=-->Update dependency mermaid to v11.12.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11508): <!--number 11508 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgc3ZnbyB0byB2NC4wLjEgW1NFQ1VSSVRZXSAoZm9yZ2Vqbyk=-->Update dependency svgo to v4.0.1 [SECURITY] (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11388): <!--number 11388 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWluaW1hdGNoIHRvIHYxMC4yLjEgKGZvcmdlam8p-->Update dependency minimatch to v10.2.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11376): <!--number 11376 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS42LjAgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.6.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11384): <!--number 11384 --><!--line 0 --><!--description UmVwbGFjZSBOb2RlLmpzIHdpdGggZGF0YS5mb3JnZWpvLm9yZy9vY2kvbm9kZSAyNC10cml4aWUgKGZvcmdlam8p-->Replace Node.js with data.forgejo.org/oci/node 24-trixie (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11441): <!--number 11441 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWluaW1hdGNoIHRvIHYxMC4yLjMgW1NFQ1VSSVRZXSAoZm9yZ2Vqbyk=-->Update dependency minimatch to v10.2.3 [SECURITY] (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11359): <!--number 11359 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuNiAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.1.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11406): <!--number 11406 --><!--line 0 --><!--description UmV2ZXJ0ICJSZXBsYWNlIE5vZGUuanMgd2l0aCBkYXRhLmZvcmdlam8ub3JnL29jaS9ub2RlIDI0LXRyaXhpZSAoZm9yZ2VqbykgKCMxMTM4NCki-->Revert "Replace Node.js with data.forgejo.org/oci/node 24-trixie (forgejo) (#11384)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11392): <!--number 11392 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBwcmVwYXJlIGZvciBvcGVyYXRvcg==-->chore(renovate): prepare for operator<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11363): <!--number 11363 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNy4wIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.7.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11243): <!--number 11243 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiBkaXNhYmxlIG1ham9yIHVwZGF0ZXMgb24gc3RhYmxlIGJyYW5jaGVzIGJ5IGRlZmF1bHQ=-->chore(renovate): disable major updates on stable branches by default<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11293): <!--number 11293 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgc29ydGFibGVqcyB0byB2MS4xNS43IChmb3JnZWpvKQ==-->Update dependency sortablejs to v1.15.7 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11233): <!--number 11233 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21hdHRuL2dvLXNxbGl0ZTMgdG8gdjEuMTQuMzQgKGZvcmdlam8p-->Update module github.com/mattn/go-sqlite3 to v1.14.34 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11350): <!--number 11350 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBmaWVsZCBlcGhlbWVyYWwgZnJvbSBydW5uZXIgcmVnaXN0cmF0aW9uIHJlc3BvbnNl-->chore: remove field ephemeral from runner registration response<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11218): <!--number 11218 --><!--line 0 --><!--description cmVmYWN0b3I6IHJlcGxhY2UgYFZhbHVlKClgIGZyb20gT3B0aW9uW1RdIHdpdGggYEdldCgpYCAmIGBWYWx1ZU9yWmVyb1ZhbHVlKClg-->refactor: replace `Value()` from Option[T] with `Get()` & `ValueOrZeroValue()`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11222): <!--number 11222 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNi40IChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.6.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11319): <!--number 11319 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgcG9zdGNzcy1sb2FkZXIgdG8gdjguMi4xIChmb3JnZWpvKQ==-->Update dependency postcss-loader to v8.2.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11226): <!--number 11226 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzYuMCAoZm9yZ2Vqbyk=-->Update module golang.org/x/image to v0.36.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11241): <!--number 11241 --><!--line 0 --><!--description ZmVhdCh1aSk6IHN1cHBvcnQgQzMgbGFuZ3VhZ2UgaGlnaGxpZ2h0aW5nIGluIGZpbGUgZWRpdG9y-->feat(ui): support C3 language highlighting in file editor<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11210): <!--number 11210 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgcG9zdGNzcy1uZXN0aW5nIHRvIHYxNCAoZm9yZ2Vqbyk=-->Update dependency postcss-nesting to v14 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11201): <!--number 11201 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGNvZGVtaXJyb3IvY29tbWFuZHMgdG8gdjYuMTAuMiAoZm9yZ2Vqbyk=-->Update dependency @codemirror/commands to v6.10.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11237): <!--number 11237 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjUwLjAgKGZvcmdlam8p-->Update module golang.org/x/net to v0.50.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11333): <!--number 11333 --><!--line 0 --><!--description Zml4KGkxOG4pOiB1bmhhcmRjb2RlIGxhYmVsIGV4Y2x1c2lvbiB0b29sdGlwcw==-->fix(i18n): unhardcode label exclusion tooltips<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11235): <!--number 11235 --><!--line 0 --><!--description Y2hvcmUobGludCk6IGVuYWJsZSBuaWxuaWw=-->chore(lint): enable nilnil<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11325): <!--number 11325 --><!--line 0 --><!--description aTE4bigqKTogbWlncmF0ZSA5MiBzdHJpbmdzIHRvIGpzb24=-->i18n(*): migrate 92 strings to json<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11093): <!--number 11093 --><!--line 0 --><!--description Y29ycmVjdCBtYWxmb3JtZWQgQ3JlYXRlVGVhbU9wdGlvbiBleGFtcGxl-->correct malformed CreateTeamOption example<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11225): <!--number 11225 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvY3J5cHRvIHRvIHYwLjQ4LjAgKGZvcmdlam8p-->Update module golang.org/x/crypto to v0.48.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10979): <!--number 10979 --><!--line 0 --><!--description aTE4bigqKTogbWlncmF0ZSBpbmkgc2VjdGlvbiBbcGFja2FnZXNdIHRvIGpzb24=-->i18n(*): migrate ini section [packages] to json<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11345): <!--number 11345 --><!--line 0 --><!--description Y2hvcmUoaTE4bik6IGRlZHVwbGljYXRlIGNvbW1vbiBwYWNrYWdlcyByZWxhdGVkIHN0cmluZ3M=-->chore(i18n): deduplicate common packages related strings<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11277): <!--number 11277 --><!--line 0 --><!--description Q2hvcmUgbW9kdWxlcy9zZXNzaW9uL3ZpcnR1YWw6IGdjIF9vbGRfdWlkIGhhY2s=-->Chore modules/session/virtual: gc _old_uid hack<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11236): <!--number 11236 --><!--line 0 --><!--description VXBkYXRlIE5vZGUuanMgdG8gdjI0LjEzLjEgKGZvcmdlam8p-->Update Node.js to v24.13.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11156): <!--number 11156 --><!--line 0 --><!--description ZmVhdCh1aSk6IHN1cHBvcnQgYWRkaXRpb25hbCBqb2Igc3RhdHVzIHNlbGVjdGlvbiBpbiBkcm9wZG93biBtZW51IG9uIEFjdGlvbnMgdGFi-->feat(ui): support additional job status selection in dropdown menu on Actions tab<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11284): <!--number 11284 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDUuMiAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.105.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11251): <!--number 11251 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGNvZGVtaXJyb3IvdmlldyB0byB2Ni4zOS4xNCAoZm9yZ2Vqbyk=-->Update dependency @codemirror/view to v6.39.14 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11326): <!--number 11326 --><!--line 0 --><!--description VXNlclR5cGVSZW1vdGVVc2VyIGlzIGFuIGVsaWdpYmxlIG9yZ2FuaXphdGlvbiBtZW1iZXI=-->UserTypeRemoteUser is an eligible organization member<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11223): <!--number 11223 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2tsYXVzcG9zdC9jb21wcmVzcyB0byB2MS4xOC40IChmb3JnZWpvKQ==-->Update module github.com/klauspost/compress to v1.18.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11199): <!--number 11199 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0MyAoZm9yZ2VqbykgKG1ham9yKQ==-->Update renovate to v43 (forgejo) (major)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11318): <!--number 11318 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgYXNjaWluZW1hLXBsYXllciB0byB2My4xNC4xNSAoZm9yZ2Vqbyk=-->Update dependency asciinema-player to v3.14.15 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11142): <!--number 11142 --><!--line 0 --><!--description Y2k6IGludHJvZHVjZSBgc2VtZ3JlcGAgdG8gcHJldmVudCB1c2luZyBgeG9ybS5TeW5jKClgIGluY29ycmVjdGx5IGluIG5ldyBtaWdyYXRpb25z-->ci: introduce `semgrep` to prevent using `xorm.Sync()` incorrectly in new migrations<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11169): <!--number 11169 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS41LjIgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.5.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11197): <!--number 11197 --><!--line 0 --><!--description Y2hvcmUodWkpOiBhZGQgaW50ZWdyYXRpb24gdGVzdHMgZm9yIGZvb3RlciB0bXBsIGxvZ2lj-->chore(ui): add integration tests for footer tmpl logic<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11143): <!--number 11143 --><!--line 0 --><!--description c2hvdyBub3RlIHRoYXQgdXNlciBoYXMgbm8gU1NIIGtleXM=-->show note that user has no SSH keys<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11171): <!--number 11171 --><!--line 0 --><!--description cmVmbGVjdCBhbGxvd2VkIHVzZXJuYW1lIGNoYW5nZSBpbiBwcm9maWxlIHNldHRpbmc=-->reflect allowed username change in profile setting<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11136): <!--number 11136 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGNvZGVtaXJyb3IvdmlldyB0byB2Ni4zOS4xMiAoZm9yZ2Vqbyk=-->Update dependency @codemirror/view to v6.39.12 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11170): <!--number 11170 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWNoaS9jaGkvdjUgdG8gdjUuMi41IChmb3JnZWpvKQ==-->Update module github.com/go-chi/chi/v5 to v5.2.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11184): <!--number 11184 --><!--line 0 --><!--description bmV3bHkgZXhwYW5kZWQgZHluYW1pYyBtYXRyaXggam9icyBjYW4gYmVjb21lIHN0dWNrIGluIGEgJ2Jsb2NrZWQnIHN0YXRl-->newly expanded dynamic matrix jobs can become stuck in a 'blocked' state<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11067): <!--number 11067 --><!--line 0 --><!--description UmVmYWN0b3Igand0eC9zaWduaW5na2V5OiBBZGQgSldUKCkgbWV0aG9kIGZvciBjb252ZW5pZW5jZS9jbGFyaXR5-->Refactor jwtx/signingkey: Add JWT() method for convenience/clarity<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11183): <!--number 11183 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDUuMCAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.105.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11149): <!--number 11149 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNyAoZm9yZ2Vqbyk=-->Update dependency go to v1.25.7 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11104): <!--number 11104 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuNCAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.1.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10552): <!--number 10552 --><!--line 0 --><!--description ZmVhdChpc3N1ZS1zZWFyY2gpOiBzdXBwb3J0IGZpbHRlcmluZyBmb3IgaXNzdWVzIHdpdGggbXVsdGlwbGUgYXNzaWduZWVz-->feat(issue-search): support filtering for issues with multiple assignees<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11448): <!--number 11448 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11493): <!--number 11493 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVzdC9lc2xpbnQtcGx1Z2luIHRvIHYxLjYuOSAoZm9yZ2VqbykgLSBhdXRvY2xvc2Vk-->Update dependency @vitest/eslint-plugin to v1.6.9 (forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11492): <!--number 11492 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vY2xvdWRmbGFyZS9jaXJjbCAoaW5kaXJlY3QpIHRvIHYxLjYuMyBbU0VDVVJJVFldIChmb3JnZWpvKQ==-->Update github.com/cloudflare/circl (indirect) to v1.6.3 [SECURITY] (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11485): <!--number 11485 --><!--line 0 --><!--description Y2hvcmU6IHVwZGF0ZSBsaWNlbnNlIHRlc3Q=-->chore: update license test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11490): <!--number 11490 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiB1cGRhdGUgY29uZmln-->chore(renovate): update config<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11158): <!--number 11158 --><!--line 0 --><!--description Y2hvcmU6IHVwZGF0ZSBsaWNlbnNlcyBhbmQgZ2l0aWdub3JlcyBbc2tpcCBjaV0=-->chore: update licenses and gitignores [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10311): <!--number 10311 --><!--line 0 --><!--description cmVmYWN0b3I6IHVzZSBzaWduYWwuTm90aWZ5Q29udGV4dCBvdmVyIGN1c3RvbSBpbXBsZW1lbnRhdGlvbg==-->refactor: use signal.NotifyContext over custom implementation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11477): <!--number 11477 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3ZhbHlhbGEvZmFzdGpzb24gdG8gdjEuNi4xMCAoZm9yZ2Vqbyk=-->Update module github.com/valyala/fastjson to v1.6.10 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11476): <!--number 11476 --><!--line 0 --><!--description Y2k6IGFkZCBgc2VtZ3JlcGAgZGV0ZWN0aW9uIGZvciBBUEkgY29kZSBpZ25vcmluZyByZXBvLXNwZWNpZmljIGFjY2VzcyB0b2tlbnM=-->ci: add `semgrep` detection for API code ignoring repo-specific access tokens<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11374): <!--number 11374 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgc3dhZ2dlci11aS1kaXN0IHRvIHY1LjMxLjEgKGZvcmdlam8p-->Update dependency swagger-ui-dist to v5.31.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11462): <!--number 11462 --><!--line 0 --><!--description UmV2ZXJ0ICJmaXg6IGVuc3VyZSBhY3Rpb25zIGxvZ3MgYXJlIHRyYW5zZmVycmVkIHdoZW4gYSB0YXNrIGlzIGRvbmUgKCMxMDAwOCki-->Revert "fix: ensure actions logs are transferred when a task is done (#10008)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11447): <!--number 11447 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjUxLjAgW1NFQ1VSSVRZXSAoZm9yZ2Vqbyk=-->Update module golang.org/x/net to v0.51.0 [SECURITY] (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11451): <!--number 11451 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL1NhdmVUaGVSYnR6L3pzdGQtc2Vla2FibGUtZm9ybWF0LWdvL3BrZyB0byB2MC44LjAgKGZvcmdlam8p-->Update module github.com/SaveTheRbtz/zstd-seekable-format-go/pkg to v0.8.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11463): <!--number 11463 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLnN1cGVyc2VyaW91c2J1c2luZXNzLm9yZy9leGlmLXRlcm1pbmF0b3IgdG8gdjAuMTEuMSAoZm9yZ2Vqbyk=-->Update module code.superseriousbusiness.org/exif-terminator to v0.11.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11175): <!--number 11175 --><!--line 0 --><!--description QWRkIFRyYWNlIGxvZ2dpbmcgZm9yIEpXVCBzZXNzaW9u-->Add Trace logging for JWT session<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11449): <!--number 11449 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuMTAuMSAoZm9yZ2Vqbyk=-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.10.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11434): <!--number 11434 --><!--line 0 --><!--description Y29yZSBpbmZyYXN0cnVjdHVyZSBmb3IgcmVwb3NpdG9yeS1zcGVjaWZpYyBhY2Nlc3MgdG9rZW5z-->core infrastructure for repository-specific access tokens<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11452): <!--number 11452 --><!--line 0 --><!--description aW1wbGVtZW50IHJlcG8tc3BlY2lmaWMgYWNjZXNzIHRva2VucyBpbiBnaXQgb3BlcmF0aW9ucw==-->implement repo-specific access tokens in git operations<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11110): <!--number 11110 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgY3NzLWxvYWRlciB0byB2Ny4xLjMgKGZvcmdlam8p-->Update dependency css-loader to v7.1.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11121): <!--number 11121 --><!--line 0 --><!--description VXBkYXRlIHZpdGVzdCBtb25vcmVwbyB0byB2NC4wLjE4IChmb3JnZWpvKQ==-->Update vitest monorepo to v4.0.18 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11062): <!--number 11062 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21laWxpc2VhcmNoL21laWxpc2VhcmNoLWdvIHRvIHYwLjM2LjAgKGZvcmdlam8p-->Update module github.com/meilisearch/meilisearch-go to v0.36.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11103): <!--number 11103 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2NhY2hlIGFjdGlvbiB0byB2NS4wLjMgKGZvcmdlam8p-->Update https://data.forgejo.org/actions/cache action to v5.0.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10915): <!--number 10915 --><!--line 0 --><!--description d2ViL2F1dGg6IHNpZ251cCBwb2xpc2g=-->web/auth: signup polish<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10937): <!--number 10937 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3VyZmF2ZS9jbGkvdjMgdG8gdjMuNi4yIChmb3JnZWpvKQ==-->Update module github.com/urfave/cli/v3 to v3.6.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11090): <!--number 11090 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZy1qd3Qvand0L3Y1IHRvIHY1LjMuMSAoZm9yZ2Vqbyk=-->Update module github.com/golang-jwt/jwt/v5 to v5.3.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11077): <!--number 11077 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi45My4xIChmb3JnZWpvKQ==-->Update renovate to v42.93.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10753): <!--number 10753 --><!--line 0 --><!--description Zml4IHR5cG9zIHRocm91Z2hvdXQgdGhlIGNvZGViYXNl-->fix typos throughout the codebase<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10922): <!--number 10922 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGdpdGh1Yi90ZXh0LWV4cGFuZGVyLWVsZW1lbnQgdG8gdjIuOS40IChmb3JnZWpvKQ==-->Update dependency @github/text-expander-element to v2.9.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11066): <!--number 11066 --><!--line 0 --><!--description UG9saXNoIGp3dHgvc2lnbmluZ2tleTogQXZvaWQgbG9nLkZhdGFsKCk=-->Polish jwtx/signingkey: Avoid log.Fatal()<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11092): <!--number 11092 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjE0LjAuMiBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v14.0.2 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10936): <!--number 10936 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL3YyIHRvIHYyLjIzLjEgKGZvcmdlam8p-->Update module github.com/alecthomas/chroma/v2 to v2.23.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11095): <!--number 11095 --><!--line 0 --><!--description InJldmVydCBVcGRhdGUgbW9kdWxlIGdpdGh1Yi5jb20vdXJmYXZlL2NsaS92MyB0byB2My42LjIgKGZvcmdlam8pICgjMTA5MzcpIg==-->"revert Update module github.com/urfave/cli/v3 to v3.6.2 (forgejo) (#10937)"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11147): <!--number 11147 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ2xvYmFscyB0byB2MTcuMy4wIChmb3JnZWpvKQ==-->Update dependency globals to v17.3.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11061): <!--number 11061 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ2xvYmFscyB0byB2MTcuMS4wIChmb3JnZWpvKQ==-->Update dependency globals to v17.1.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11111): <!--number 11111 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ2xvYmFscyB0byB2MTcuMi4wIChmb3JnZWpvKQ==-->Update dependency globals to v17.2.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11105): <!--number 11105 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWVucnkvZ28tZW5yeS92MiB0byB2Mi45LjQgKGZvcmdlam8p-->Update module github.com/go-enry/go-enry/v2 to v2.9.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11088): <!--number 11088 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNi4zIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.6.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11047): <!--number 11047 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10975): <!--number 10975 --><!--line 0 --><!--description Y2k6IHVzZSBuZXdlciBmb3JnZWpvIGZvciByZWxlYXNlIHNpbXVsYXRpb24=-->ci: use newer forgejo for release simulation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10356): <!--number 10356 --><!--line 0 --><!--description ImRpc2FibGUgcm91dGVyIGxvZyIgaW5kaWNhdG9yIG9uIGNvbmZpZ3VyYXRpb24gc3VtbWFyeSBwYWdl-->"disable router log" indicator on configuration summary page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10847): <!--number 10847 --><!--line 0 --><!--description SW1wcm92ZSBpc3N1ZSB0ZW1wbGF0ZXMgZm9yIG5ldyB3b3JrZmxvdw==-->Improve issue templates for new workflow<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11019): <!--number 11019 --><!--line 0 --><!--description Y2hvcmUodWkpOiBjaGFuZ2UgL2RldnRlc3QgdG8gLy0vZGVtbw==-->chore(ui): change /devtest to /-/demo<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10919): <!--number 10919 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuMSAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.1.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10976): <!--number 10976 --><!--line 0 --><!--description Y2k6IGFkZCBuYW1lIHRvIHN0ZXA=-->ci: add name to step<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10987): <!--number 10987 --><!--line 0 --><!--description b3B0aW1pemF0aW9uOiB1c2UgZnMuUmVhZEZpbGU=-->optimization: use fs.ReadFile<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11035): <!--number 11035 --><!--line 0 --><!--description Rml4IHRlc3QgY2FzZXMgd2hlcmUgcmVxdWlyZS5FcnJvckNvbnRhaW5zKCkgaXMgaW50ZW5kZWQsIGJ1dCByZXF1aXJlLkVycm9yZigpIGlzIHVzZWQ=-->Fix test cases where require.ErrorContains() is intended, but require.Errorf() is used<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10890): <!--number 10890 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2NhY2hlIGFjdGlvbiB0byB2NS4wLjIgKGZvcmdlam8p-->Update https://data.forgejo.org/actions/cache action to v5.0.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11045): <!--number 11045 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3JlZGlzL2dvLXJlZGlzL3Y5IHRvIHY5LjE3LjMgKGZvcmdlam8p-->Update module github.com/redis/go-redis/v9 to v9.17.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10977): <!--number 10977 --><!--line 0 --><!--description InJldmVydCBVcGRhdGUgaHR0cHM6Ly9kYXRhLmZvcmdlam8ub3JnL2Zvcmdlam8vZm9yZ2Vqby1idWlsZC1wdWJsaXNoIGFjdGlvbiB0byB2NS41LjAi-->"revert Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.5.0"<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10999): <!--number 10999 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNi4wIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.6.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10889): <!--number 10889 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgcG9zdGNzcy1odG1sIHRvIHYxLjguMSAoZm9yZ2Vqbyk=-->Update dependency postcss-html to v1.8.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10880): <!--number 10880 --><!--line 0 --><!--description ZGVsZXRlIGRlYWQgY29kZSBpbiBXYXRjaElmQXV0byBhbmQgZ2VuZXJhbCBtb2RlbCBkb2N1bWVudGF0aW9u-->delete dead code in WatchIfAuto and general model documentation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10972): <!--number 10972 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuNS4wIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.5.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10966): <!--number 10966 --><!--line 0 --><!--description Zml4IHR5cG86IHNheSBnb29kIGJ5ZSB0byB0aGUgc2luZ2luZyBrZXk=-->fix typo: say good bye to the singing key<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10897): <!--number 10897 --><!--line 0 --><!--description ZXNjYXBlIEhUTUwgdGFncyBpbiBpbmxpbmUgY29kZSBibG9ja3MgaW4gZGVzY3JpcHRpb24=-->escape HTML tags in inline code blocks in description<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11004): <!--number 11004 --><!--line 0 --><!--description Zml4KGxvY2FsZSk6IHRvb2x0aXAgZm9yICJPd25lciIgcm9sZSBzaG91bGQgbm90IGltcGx5IHVuaXF1ZSBvd25lcg==-->fix(locale): tooltip for "Owner" role should not imply unique owner<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10934): <!--number 10934 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWluaS1jc3MtZXh0cmFjdC1wbHVnaW4gdG8gdjIuMTAuMCAoZm9yZ2Vqbyk=-->Update dependency mini-css-extract-plugin to v2.10.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11015): <!--number 11015 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNi4yIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.6.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10935): <!--number 10935 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9pbmZyYXN0cnVjdHVyZS9pc3N1ZS1hY3Rpb24gYWN0aW9uIHRvIHYxLjUuMCAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/infrastructure/issue-action action to v1.5.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11022): <!--number 11022 --><!--line 0 --><!--description Zml4IGNhc2UtaW5zZW5zaXRpdmUgd2hlbiB1c2luZyBibGV2ZQ==-->fix case-insensitive when using bleve<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11014): <!--number 11014 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuMyAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.1.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10980): <!--number 10980 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuNS4xIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.5.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11005): <!--number 11005 --><!--line 0 --><!--description UmVwbGFjZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vZm9yZ2VqbyBEb2NrZXIgdGFnIHdpdGggZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8gKGZvcmdlam8p-->Replace code.forgejo.org/forgejo/forgejo Docker tag with data.forgejo.org/forgejo/forgejo (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10967): <!--number 10967 --><!--line 0 --><!--description cG9saXNoIG9hdXRoOiBEbyBub3QgcGFzcyB0aGUgZnVsbCBzaWduaW5nIGtleSB0byB0ZW1wbGF0ZQ==-->polish oauth: Do not pass the full signing key to template<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11037): <!--number 11037 --><!--line 0 --><!--description UG9saXNoIG1vZHVsZXMvc3RvcmFnZSB0ZXN0IHVzZSBvZiByZXF1aXJlLkVycm9yZigp-->Polish modules/storage test use of require.Errorf()<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10911): <!--number 10911 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNS4zIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.5.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10891): <!--number 10891 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2tsYXVzcG9zdC9jb21wcmVzcyB0byB2MS4xOC4zIChmb3JnZWpvKQ==-->Update module github.com/klauspost/compress to v1.18.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10854): <!--number 10854 --><!--line 0 --><!--description cmVjcmVhdGUtdGFibGVzIGRvZXNuJ3Qgd29yayBvbiBQb3N0Z3JlU1FMIHdpdGggbXVsdGlwbGUgRm9yZ2VqbyBzY2hlbWFz-->recreate-tables doesn't work on PostgreSQL with multiple Forgejo schemas<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10799): <!--number 10799 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNS4yIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.5.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10850): <!--number 10850 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuNiAoZm9yZ2Vqbyk=-->Update dependency go to v1.25.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10802): <!--number 10802 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjQ5LjAgKGZvcmdlam8p-->Update module golang.org/x/net to v0.49.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10828): <!--number 10828 --><!--line 0 --><!--description cGluIGdpdGh1Yi5jb20vdXJmYXZlL2NsaSB0byB2My41LjA=-->pin github.com/urfave/cli to v3.5.0<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10837): <!--number 10837 --><!--line 0 --><!--description W3NraXAgY2ldIGNob3JlKHJlbGVhc2UpOiBkZWxldGUgMTAwMzcgYW5kIDk4NDAgcmVsZWFzZSBub3Rlcw==-->[skip ci] chore(release): delete 10037 and 9840 release notes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10894): <!--number 10894 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjExLjAuMTAgW3NraXAgY2ld-->chore(release-notes): Forgejo v11.0.10 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10841): <!--number 10841 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWNoaS9jaGkvdjUgdG8gdjUuMi40IChmb3JnZWpvKQ==-->Update module github.com/go-chi/chi/v5 to v5.2.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10842): <!--number 10842 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21pbmlvL21pbmlvLWdvL3Y3IHRvIHY3LjAuOTggKGZvcmdlam8p-->Update module github.com/minio/minio-go/v7 to v7.0.98 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10875): <!--number 10875 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGNpdGF0aW9uLWpzL3BsdWdpbi1zb2Z0d2FyZS1mb3JtYXRzIHRvIHYwLjYuMiAoZm9yZ2Vqbyk=-->Update dependency @citation-js/plugin-software-formats to v0.6.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10832): <!--number 10832 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjE0LjAuMCBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v14.0.0 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10865): <!--number 10865 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS41LjEgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.5.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10896): <!--number 10896 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEzLjAuNSBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v13.0.5 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10892): <!--number 10892 --><!--line 0 --><!--description VXBkYXRlIENvZGVNaXJyb3IgKGZvcmdlam8p-->Update CodeMirror (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10673): <!--number 10673 --><!--line 0 --><!--description Y2hvcmU6IHVwZGF0ZSBnb2YzL3YzIHYzLjExLjE1-->chore: update gof3/v3 v3.11.15<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10682): <!--number 10682 --><!--line 0 --><!--description YWN0aW9ucyB2YXJpYWJsZSBhbmQgc2VjcmV0IG5hbWVzIHZhbGlkYXRpb24=-->actions variable and secret names validation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10790): <!--number 10790 --><!--line 0 --><!--description Y2hvcmU6IFRlYWNoIE1ha2VmaWxlIHRvIGhhbmRsZSBub2RlIHByZS1yZWxlYXNlIHZlcnNpb25z-->chore: Teach Makefile to handle node pre-release versions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10867): <!--number 10867 --><!--line 0 --><!--description Y2k6IHVzZSBybmEgYmluYXJ5IGluc3RlYWQgb2Ygc291cmNl-->ci: use rna binary instead of source<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10821): <!--number 10821 --><!--line 0 --><!--description Y29uZmlnOiBMb3dlciBkZWZhdWx0IGBbZGF0YWJhc2VdLk1BWF9PUEVOX0NPTk5TYA==-->config: Lower default `[database].MAX_OPEN_CONNS`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10759): <!--number 10759 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgYXNjaWluZW1hLXBsYXllciB0byB2My4xNC4wIChmb3JnZWpvKQ==-->Update dependency asciinema-player to v3.14.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10895): <!--number 10895 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjE0LjAuMSBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v14.0.1 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10866): <!--number 10866 --><!--line 0 --><!--description W3NraXAgY2ldIGZpeChyZWxlYXNlKTogbW92ZSByZXZlcnRlZCB2MTQuMC4wIGZlYXR1cmUgbGluZSB0byBJbmNsdWRlZCBmb3IgY29tcGxldGVuZXNz-->[skip ci] fix(release): move reverted v14.0.0 feature line to Included for completeness<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10815): <!--number 10815 --><!--line 0 --><!--description bWFrZSBsYXN0Y29tbWl0IGF2YWlsYWJsZSBmb3Igbm9uLXNpZ25lZC1pbiB1c2Vycw==-->make lastcommit available for non-signed-in users<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10822): <!--number 10822 --><!--line 0 --><!--description VXBkYXRlIE5vZGUuanMgdG8gdjI0LjEzLjAgKGZvcmdlam8p-->Update Node.js to v24.13.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10761): <!--number 10761 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjEuMCAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.1.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10728): <!--number 10728 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjExLjAuOSBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v11.0.9 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10775): <!--number 10775 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ2xvYmFscyB0byB2MTcgKGZvcmdlam8p-->Update dependency globals to v17 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10756): <!--number 10756 --><!--line 0 --><!--description YWRkIGZvcmVpZ24ga2V5cyB0byB0aGUgYGFjdGlvbl9ydW5uZXJfdG9rZW5gIHRhYmxl-->add foreign keys to the `action_runner_token` table<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/9380): <!--number 9380 --><!--line 0 --><!--description c3dhZ2dlcjogQWRkIGhlYWRlciBhbm5vdGF0aW9ucyBmb3IgYWNjdXJhdGUgQVBJIGRvY3VtZW50YXRpb24=-->swagger: Add header annotations for accurate API documentation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10731): <!--number 10731 --><!--line 0 --><!--description Y2hvcmUocmVub3ZhdGUpOiB1c2UgYGZvcmdlam8tcmVsZWFzZXNgIGRhdGFzb3VyY2U=-->chore(renovate): use `forgejo-releases` datasource<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10700): <!--number 10700 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3l1aW4vZ29sZG1hcmsgdG8gdjEuNy4xNCAoZm9yZ2Vqbyk=-->Update module github.com/yuin/goldmark to v1.7.14 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10795): <!--number 10795 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNS4xIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.5.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10701): <!--number 10701 --><!--line 0 --><!--description VXBkYXRlIENvZGVNaXJyb3IgKGZvcmdlam8p-->Update CodeMirror (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10780): <!--number 10780 --><!--line 0 --><!--description Y2hvcmU6IGNvcnJlY3Qgc3BlbGxpbmcgZXJyb3IgaW4gY2xlYW51cC1jb21taXQtc3RhdHVzIENMSSBkb2Nz-->chore: correct spelling error in cleanup-commit-status CLI docs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10749): <!--number 10749 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS41LjAgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.5.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10755): <!--number 10755 --><!--line 0 --><!--description ZmVhdChidWlsZCk6IHRlYWNoIGxpbnQtbG9jYWxlLXVzYWdlIGFib3V0IE9iamVjdFZlcmlmaWNhdGlvbi5SZWFzb24=-->feat(build): teach lint-locale-usage about ObjectVerification.Reason<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10738): <!--number 10738 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNS4wIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.5.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10762): <!--number 10762 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL3YyIHRvIHYyLjIyLjAgKGZvcmdlam8p-->Update module github.com/alecthomas/chroma/v2 to v2.22.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10726): <!--number 10726 --><!--line 0 --><!--description ZGlzYWJsZSBhY3Rpb25zIGVuZHBvaW50cyBvZiByZXBvc2l0b3J5IGlmIGFjdGlvbnMgYXJlIGRpc2FibGVk-->disable actions endpoints of repository if actions are disabled<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10716): <!--number 10716 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBAMHhsbHgwIHRvIGZlZGVyYXRpb24gY29kZW93bmVycw==-->chore: add @0xllx0 to federation codeowners<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10737): <!--number 10737 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS40LjMgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.4.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10740): <!--number 10740 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvc3lzIHRvIHYwLjQwLjAgKGZvcmdlam8p-->Update module golang.org/x/sys to v0.40.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10696): <!--number 10696 --><!--line 0 --><!--description cmV0YWluIEZvcmdlam8gQWN0aW9uJ3MgY29tbWl0X3N0YXR1cyBlbnRyaWVzIHdpdGggZGlzdGluY3QgZGVzY3JpcHRpb25z-->retain Forgejo Action's commit_status entries with distinct descriptions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10713): <!--number 10713 --><!--line 0 --><!--description cHJldmVudCBpbnRlcm1pdHRlbnQgdGVzdCBmYWlsdXJlcyBjYXVzZWQgYnkgdW5jYW5jZWxsYWJsZSB0YXNrcw==-->prevent intermittent test failures caused by uncancellable tasks<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10715): <!--number 10715 --><!--line 0 --><!--description Rml4IGVycm9yIG1lc3NhZ2VzIGluIHB1bGwuZ28=-->Fix error messages in pull.go<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10758): <!--number 10758 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGNvZGVtaXJyb3IvdmlldyB0byB2Ni4zOS45IChmb3JnZWpvKQ==-->Update dependency @codemirror/view to v6.39.9 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10730): <!--number 10730 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IEZvcmdlam8gdjEzLjAuNCBbc2tpcCBjaV0=-->chore(release-notes): Forgejo v13.0.4 [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10699): <!--number 10699 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQGxlemVyL2hpZ2hsaWdodCB0byB2MS4yLjMgKGZvcmdlam8p-->Update dependency @lezer/highlight to v1.2.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10707): <!--number 10707 --><!--line 0 --><!--description W3NraXAgY2ldIGNob3JlOiBVcGRhdGUgcHVsbCByZXF1ZXN0IHRlbXBsYXRlIHJlZ2FyZGluZyB0aGUgcmVsZWFzZSBub3Rlcw==-->[skip ci] chore: Update pull request template regarding the release notes<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10724): <!--number 10724 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWVucnkvZ28tZW5yeS92MiB0byB2Mi45LjMgKGZvcmdlam8p-->Update module github.com/go-enry/go-enry/v2 to v2.9.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10619): <!--number 10619 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL3NldHVwLWZvcmdlam8gYWN0aW9uIHRvIHYzLjAuNyAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/setup-forgejo action to v3.0.7 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10709): <!--number 10709 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3l1aW4vZ29sZG1hcmsgdG8gdjEuNy4xNiAoZm9yZ2Vqbyk=-->Update module github.com/yuin/goldmark to v1.7.16 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10752): <!--number 10752 --><!--line 0 --><!--description Y2hvcmU6IHJ1biByZW5vdmF0ZSBvbiB2MTQgYnJhbmNoLCByZW1vdmUgdjEz-->chore: run renovate on v14 branch, remove v13<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10706): <!--number 10706 --><!--line 0 --><!--description Y2hvcmU6IGFkZCBmYW1mbyB0byBDT0RFT1dORVJTIGZvciBmZWRlcmF0aW9uIGNvZGU=-->chore: add famfo to CODEOWNERS for federation code<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10785): <!--number 10785 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10658): <!--number 10658 --><!--line 0 --><!--description ZHluYW1pYyBBY3Rpb24gam9icyBjYW4gc3RhbGwgYnkgbWFya2luZyB0aGVtc2VsdmVzIGJsb2NrZWQ=-->dynamic Action jobs can stall by marking themselves blocked<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10665): <!--number 10665 --><!--line 0 --><!--description c2ltdWx0YW5lb3VzbHkgZXhwZXJpZW5jaW5nIGEgUHJlRXhlY3V0aW9uRXJyb3IgYW5kIHVuYmxvY2tpbmcgYSBkaWZmZXJlbnQgam9iIGNhdXNlcyBlcnJvciBibG9ja2luZyBqb2IgZW1pdHRlciBxdWV1ZQ==-->simultaneously experiencing a PreExecutionError and unblocking a different job causes error blocking job emitter queue<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10632): <!--number 10632 --><!--line 0 --><!--description YnVpbGQtcmVsZWFzZSB3b3JrZmxvdyBzdG9wcyBpdHMgb3duIGVuZC10by1lbmQgY2hlY2tzIHdoZW4gcnVuIGNvbmN1cnJlbnRseQ==-->build-release workflow stops its own end-to-end checks when run concurrently<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10666): <!--number 10666 --><!--line 0 --><!--description cmUtcnVubmluZyBhbiBleHBhbmRlZCByZXVzYWJsZSB3b3JrZmxvdyBjYXVzZXMgZHVwbGljYXRlICJhdHRlbXB0IDEiIGpvYg==-->re-running an expanded reusable workflow causes duplicate "attempt 1" job<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10588): <!--number 10588 --><!--line 0 --><!--description TGlzdFRyYWNrZWRUaW1lcyBBUEkgaGFzIG5vIGRlZmluZWQgcmVjb3JkIG9yZGVyaW5n-->ListTrackedTimes API has no defined record ordering<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10661): <!--number 10661 --><!--line 0 --><!--description aTE4bihuZXh0KTogY29udmVydCBpbmRlbnRpb24gc3R5bGUgdG8gdGFiczogZW4sIGVkaXRvcmNvbmZpZw==-->i18n(next): convert indention style to tabs: en, editorconfig<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10591): <!--number 10591 --><!--line 0 --><!--description dGVzdDogcmVtb3ZlIGRpYWdub3N0aWMgb3V0cHV0IGluICdjb3B5IHRvIGV4cGVyaW1lbnRhbCc=-->test: remove diagnostic output in 'copy to experimental'<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10623): <!--number 10623 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10579): <!--number 10579 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLW9wZW5hcGkvc3BlYyB0byB2MC4yMi4zIChmb3JnZWpvKQ==-->Update module github.com/go-openapi/spec to v0.22.3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10668): <!--number 10668 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL21hdHRuL2dvLXNxbGl0ZTMgdG8gdjEuMTQuMzMgKGZvcmdlam8p-->Update module github.com/mattn/go-sqlite3 to v1.14.33 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10610): <!--number 10610 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vYWN0aW9ucy1wcm90byB0byB2MC42LjAgKGZvcmdlam8p-->Update module code.forgejo.org/forgejo/actions-proto to v0.6.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10596): <!--number 10596 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2phY2tjL3BneC92NSB0byB2NS44LjAgKGZvcmdlam8p-->Update module github.com/jackc/pgx/v5 to v5.8.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10655): <!--number 10655 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuNC4wIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.4.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10583): <!--number 10583 --><!--line 0 --><!--description ZXhwZXJpbWVudGFsIHJlbGVhc2VzIGFyZSBub3QgYmVpbmcgY29waWVkIHRvIGZvcmdlam8tZXhwZXJpbWVudGFs-->experimental releases are not being copied to forgejo-experimental<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10678): <!--number 10678 --><!--line 0 --><!--description ZG9uJ3QgZHVwbGljYXRlIGNvbW1pdCBzdGF0dXMgcmVjb3JkcyBvbiB3b3JrZmxvd3Mgd2l0aCBlbXB0eSBuYW1l-->don't duplicate commit status records on workflows with empty name<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10638): <!--number 10638 --><!--line 0 --><!--description Y2hvcmUocmVsZWFzZS1ub3Rlcyk6IHRlYWNoIHJlbGVhc2Utbm90ZXMtYXNzaXN0YW50IHRoYXQgdjExLjAgaXMgTFRT-->chore(release-notes): teach release-notes-assistant that v11.0 is LTS<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10587): <!--number 10587 --><!--line 0 --><!--description dGVzdDogZml4IGludGVybWl0dGVudCBQb3N0Z3JlU1FMIGZhaWx1cmUgaW4gVGVzdEFkbWluVmlld1JlcG9z-->test: fix intermittent PostgreSQL failure in TestAdminViewRepos<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10581): <!--number 10581 --><!--line 0 --><!--description Y2hvcmUodWkpOiByZW1vdmUgb2Jzb2xldGUgY29kZSBmcm9tIGJ1dHRvbi1sZWdhY3kuY3Nz-->chore(ui): remove obsolete code from button-legacy.css<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10683): <!--number 10683 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZm9yZ2Vqby9yZWxlYXNlLW5vdGVzLWFzc2lzdGFudCB0byB2MS40LjIgKGZvcmdlam8p-->Update dependency forgejo/release-notes-assistant to v1.4.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10662): <!--number 10662 --><!--line 0 --><!--description Y2hvcmUoY2xlYW51cCk6IG1vdmUgYWxsIHRlc3QgYmxhbmsgaW1wb3J0cyBpbiBhIHNpbmdsZSBwYWNrYWdl-->chore(cleanup): move all test blank imports in a single package<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10692): <!--number 10692 --><!--line 0 --><!--description Y2hvcmU6IGRvd25sb2FkIGdpdC1tYW4gb3ZlciBUTFM=-->chore: download git-man over TLS<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10586): <!--number 10586 --><!--line 0 --><!--description dXNlIFJVTk5FUl9URU1QIGluIGJ1aWxkLXJlbGVhc2UueW1s-->use RUNNER_TEMP in build-release.yml<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10608): <!--number 10608 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10667): <!--number 10667 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNidWlsZC1sb2FkZXIgdG8gdjQuNC4yIChmb3JnZWpvKQ==-->Update dependency esbuild-loader to v4.4.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10626): <!--number 10626 --><!--line 0 --><!--description aW1wcm92ZSBEaXNjb3JkIHdlYmhvb2sgbWVzc2FnZSBmb3JtYXR0aW5n-->improve Discord webhook message formatting<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10656): <!--number 10656 --><!--line 0 --><!--description aW4tcHJvZ3Jlc3Mgam9iIGljb24gZG9lc24ndCByb3RhdGUgb24gcmVwbydzIGFjdGlvbiBsaXN0-->in-progress job icon doesn't rotate on repo's action list<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10535): <!--number 10535 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuMy4wIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.3.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10492): <!--number 10492 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDQuMCAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.104.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10479): <!--number 10479 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2FsZWN0aG9tYXMvY2hyb21hL3YyIHRvIHYyLjIxLjEgKGZvcmdlam8p-->Update module github.com/alecthomas/chroma/v2 to v2.21.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10482): <!--number 10482 --><!--line 0 --><!--description Y2hvcmU6IDE0LjAgaXMgbm93IHN0YWJsZQ==-->chore: 14.0 is now stable<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10549): <!--number 10549 --><!--line 0 --><!--description Y2hvcmUoc2VhcmNoKTogbWlub3IgY29kZSBjbGVhbnVw-->chore(search): minor code cleanup<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10505): <!--number 10505 --><!--line 0 --><!--description VXBkYXRlIGdvLW9wZW5hcGkgcGFja2FnZXMgKGZvcmdlam8p-->Update go-openapi packages (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10575): <!--number 10575 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBjb2RlLmZvcmdlam8ub3JnL2Zvcmdlam8vcnVubmVyL3YxMiB0byB2MTIuMy4xIChmb3JnZWpvKQ==-->Update module code.forgejo.org/forgejo/runner/v12 to v12.3.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10545): <!--number 10545 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNidWlsZC1sb2FkZXIgdG8gdjQuNC4xIChmb3JnZWpvKQ==-->Update dependency esbuild-loader to v4.4.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10491): <!--number 10491 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgYXNjaWluZW1hLXBsYXllciB0byB2My4xMy41IChmb3JnZWpvKQ==-->Update dependency asciinema-player to v3.13.5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10450): <!--number 10450 --><!--line 0 --><!--description Y2hvcmU6IHJldmlzZSBydW5uZXIgUkVTVCBBUEkgZW5kcG9pbnRz-->chore: revise runner REST API endpoints<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10538): <!--number 10538 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgd2VicGFjayB0byB2NS4xMDQuMSAoZm9yZ2Vqbyk=-->Update dependency webpack to v5.104.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10550): <!--number 10550 --><!--line 0 --><!--description cG9ydChnaXRlYSk6IEZpeCBwYXNzd29yZCBsZWFrIGluIGxvZyBtZXNzYWdlcyAoZ28tZ2l0ZWEvZ2l0ZWEhMzU1ODQp-->port(gitea): Fix password leak in log messages (go-gitea/gitea!35584)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10537): <!--number 10537 --><!--line 0 --><!--description cmVmYWN0b3I6IHNwbGl0IGBBY3Rpb25Kb2JTdGVwTGlzdGAgb3V0IG9mIGBSZXBvQWN0aW9uVmlld2A=-->refactor: split `ActionJobStepList` out of `RepoActionView`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10539): <!--number 10539 --><!--line 0 --><!--description Y2hvcmUodGVzdCk6IHNlcGFyYXRlIGFuZCBtb3ZlIGFyb3VuZCBpMThuIHRlc3Rpbmc=-->chore(test): separate and move around i18n testing<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10551): <!--number 10551 --><!--line 0 --><!--description Y2hvcmU6IGRvY3VtZW50LCB0ZXN0IHBhZ2luYXRpb24gb2YgYC9ydW5uZXJzYCBBUEkgZW5kcG9pbnQ=-->chore: document, test pagination of `/runners` API endpoint<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10518): <!--number 10518 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2NoZWNrb3V0IGFjdGlvbiB0byB2NiAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/checkout action to v6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10490): <!--number 10490 --><!--line 0 --><!--description dGVzdDogaW5jcmVhc2UgdGVzdCBjb3ZlcmFnZSBvZiBydW5uZXIgbWFuYWdlbWVudA==-->test: increase test coverage of runner management<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8643): <!--number 8643 --><!--line 0 --><!--description bGlua2luZyBzaGExIGhhc2hlcyB3aXRoIHRyYWlsaW5nIHB1bmN0dWF0aW9u-->linking sha1 hashes with trailing punctuation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10519): <!--number 10519 --><!--line 0 --><!--description TG9jayBmaWxlIG1haW50ZW5hbmNlIChmb3JnZWpvKQ==-->Lock file maintenance (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10517): <!--number 10517 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9hY3Rpb25zL2NhY2hlIGFjdGlvbiB0byB2NSAoZm9yZ2Vqbyk=-->Update https://data.forgejo.org/actions/cache action to v5 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11409): <!--number 11409 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIERvY2tlciB0YWcgdG8gdjQzLjMxLjEgKGZvcmdlam8p-->Update renovate Docker tag to v43.31.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11321): <!--number 11321 --><!--line 0 --><!--description VXBkYXRlIHgvdG9vbHMgdG8gdjAuNDIuMCAoZm9yZ2Vqbyk=-->Update x/tools to v0.42.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11322): <!--number 11322 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNsaW50LXBsdWdpbi11bmljb3JuIHRvIHY2MyAoZm9yZ2Vqbyk=-->Update dependency eslint-plugin-unicorn to v63 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11302): <!--number 11302 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0My4xNS4xIChmb3JnZWpvKQ==-->Update renovate to v43.15.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11265): <!--number 11265 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdnVlIHRvIHYzLjUuMjggKGZvcmdlam8p-->Update dependency vue to v3.5.28 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11213): <!--number 11213 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdml0ZS1zdHJpbmctcGx1Z2luIHRvIHYyIChmb3JnZWpvKQ==-->Update dependency vite-string-plugin to v2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11207): <!--number 11207 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZXNsaW50LXBsdWdpbi1yZWdleHAgdG8gdjMgKGZvcmdlam8p-->Update dependency eslint-plugin-regexp to v3 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11202): <!--number 11202 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11203): <!--number 11203 --><!--line 0 --><!--description VXBkYXRlIHgvdG9vbHMgdG8gdjAuNDEuMCAoZm9yZ2Vqbyk=-->Update x/tools to v0.41.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11129): <!--number 11129 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi45NS4yIChmb3JnZWpvKQ==-->Update renovate to v42.95.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11162): <!--number 11162 --><!--line 0 --><!--description TW9yZSBqd3R4IHJlZmFjdG9yaW5nOiBHZXRTaWduaW5nTWV0aG9kKCksIGZpeCBvcGVuIG1vZGUsIHNwbGl0IGxvYWRPckNyZWF0ZUFzeW1tZXRyaWNLZXkoKQ==-->More jwtx refactoring: GetSigningMethod(), fix open mode, split loadOrCreateAsymmetricKey()<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11118): <!--number 11118 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHN0eWxpc3RpYy9zdHlsZWxpbnQtcGx1Z2luIHRvIHY0LjAuMSAoZm9yZ2Vqbyk=-->Update dependency @stylistic/stylelint-plugin to v4.0.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11119): <!--number 11119 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVzdC9lc2xpbnQtcGx1Z2luIHRvIHYxLjYuNiAoZm9yZ2Vqbyk=-->Update dependency @vitest/eslint-plugin to v1.6.6 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11120): <!--number 11120 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2VkaXRvcmNvbmZpZy1jaGVja2VyL2VkaXRvcmNvbmZpZy1jaGVja2VyL3YzL2NtZC9lZGl0b3Jjb25maWctY2hlY2tlciB0byB2My42LjEgKGZvcmdlam8p-->Update module github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker to v3.6.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10659): <!--number 10659 --><!--line 0 --><!--description aTE4bihuZXh0KTogY29udmVydCBpbmRlbnRpb24gdG8gdGFicw==-->i18n(next): convert indention to tabs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11044): <!--number 11044 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi45Mi4xMCAoZm9yZ2Vqbyk=-->Update renovate to v42.92.10 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10998): <!--number 10998 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdnVlIHRvIHYzLjUuMjcgKGZvcmdlam8p-->Update dependency vue to v3.5.27 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10918): <!--number 10918 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi44NC4yIChmb3JnZWpvKQ==-->Update renovate to v42.84.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10912): <!--number 10912 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL3VyZmF2ZS9jbGkvdjMgdG8gdjMuNi4yIChmb3JnZWpvKQ==-->Update module github.com/urfave/cli/v3 to v3.6.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10784): <!--number 10784 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi43OC4yIChmb3JnZWpvKQ==-->Update renovate to v42.78.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10698): <!--number 10698 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi43MS4wIChmb3JnZWpvKQ==-->Update renovate to v42.71.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10618): <!--number 10618 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi42Ni4xMSAoZm9yZ2Vqbyk=-->Update renovate to v42.66.11 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10607): <!--number 10607 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVzdC9lc2xpbnQtcGx1Z2luIHRvIHYxLjYuNCAoZm9yZ2Vqbyk=-->Update dependency @vitest/eslint-plugin to v1.6.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10605): <!--number 10605 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi42Ni45IChmb3JnZWpvKQ==-->Update renovate to v42.66.9 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10606): <!--number 10606 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdHlwZXNjcmlwdC1lc2xpbnQgdG8gdjguNTAuMSAoZm9yZ2Vqbyk=-->Update dependency typescript-eslint to v8.50.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10547): <!--number 10547 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgc3R5bGVsaW50LXZhbHVlLW5vLXVua25vd24tY3VzdG9tLXByb3BlcnRpZXMgdG8gdjYuMS4wIChmb3JnZWpvKQ==-->Update dependency stylelint-value-no-unknown-custom-properties to v6.1.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10546): <!--number 10546 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVzdC9lc2xpbnQtcGx1Z2luIHRvIHYxLjUuNCAoZm9yZ2Vqbyk=-->Update dependency @vitest/eslint-plugin to v1.5.4 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10504): <!--number 10504 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgdnVlIHRvIHYzLjUuMjYgKGZvcmdlam8p-->Update dependency vue to v3.5.26 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10514): <!--number 10514 --><!--line 0 --><!--description VXBkYXRlIHJlbm92YXRlIHRvIHY0Mi42NC4xIChmb3JnZWpvKQ==-->Update renovate to v42.64.1 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10507): <!--number 10507 --><!--line 0 --><!--description VXBkYXRlIHZpdGVzdCBtb25vcmVwbyB0byB2NC4wLjE2IChmb3JnZWpvKQ==-->Update vitest monorepo to v4.0.16 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10511): <!--number 10511 --><!--line 0 --><!--description VXBkYXRlIHgvdG9vbHMgdG8gdjAuNDAuMCAoZm9yZ2Vqbyk=-->Update x/tools to v0.40.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10510): <!--number 10510 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL1B1ZXJraXRvQmlvL2dvcXVlcnkgdG8gdjEuMTEuMCAoZm9yZ2Vqbyk=-->Update module github.com/PuerkitoBio/goquery to v1.11.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10509): <!--number 10509 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvbGFuZ2NpL2dvbGFuZ2NpLWxpbnQvdjIvY21kL2dvbGFuZ2NpLWxpbnQgdG8gdjIuNy4yIChmb3JnZWpvKQ==-->Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.7.2 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10508): <!--number 10508 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWFya2Rvd25saW50LWNsaSB0byB2MC40Ny4wIChmb3JnZWpvKQ==-->Update dependency markdownlint-cli to v0.47.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10506): <!--number 10506 --><!--line 0 --><!--description VXBkYXRlIGxpbnRlcnMgKGZvcmdlam8p-->Update linters (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10503): <!--number 10503 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgQHZpdGVqcy9wbHVnaW4tdnVlIHRvIHY2LjAuMyAoZm9yZ2Vqbyk=-->Update dependency @vitejs/plugin-vue to v6.0.3 (forgejo)<!--description-->
+- Already announced in the release notes of an older stable release
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11513): <!--number 11513 --><!--line 0 --><!--description LSBmaXg6IFBLQ0UgY2hhbGxlbmdlcyB0byBGb3JnZWpvJ3MgT0F1dGggaWRlbnRpdHkgcHJvdmlkZXIgd2VyZSBub3QgdmFsaWRhdGVkIHdoZW4gdXNpbmcgdGhlIGBTMjU2YCBhbGdvcml0aG0=-->- fix: PKCE challenges to Forgejo's OAuth identity provider were not validated when using the `S256` algorithm<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11513): <!--number 11513 --><!--line 1 --><!--description LSBmaXg6IEZvcmdlam8gc3VwcG9ydHMgdXNpbmcgYW4gT0F1dGggQmVhcmVyIHRva2VuIHdpdGggSFRUUCBiYXNpYyBhdXRoZW50aWNhdGlvbiwgcmF0aGVyIHRoYW4gQmVhcmVyIHRva2VuIGF1dGhlbnRpY2F0aW9uLCBidXQgZGlkIG5vdCBwcm9wZXJseSBhcHBseSB0aGUgbGltaXRlZCBzY29wZXMgb2YgdGhlIE9BdXRoIGdyYW50-->- fix: Forgejo supports using an OAuth Bearer token with HTTP basic authentication, rather than Bearer token authentication, but did not properly apply the limited scopes of the OAuth grant<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11513): <!--number 11513 --><!--line 2 --><!--description LSBmaXg6IG1pc3NpbmcgcGVybWlzc2lvbiBjaGVja3MgaW4gYXR0YWNobWVudC1yZWxhdGVkIHdlYiBlbmRwb2ludHMgYWxsb3dlZCBtb2RpZnlpbmcgYXR0YWNobWVudHMgdGhhdCBhIHVzZXIgZGlkIG5vdCBvd24=-->- fix: missing permission checks in attachment-related web endpoints allowed modifying attachments that a user did not own<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11513): <!--number 11513 --><!--line 3 --><!--description LSBmaXg6IGVtYWlsIG5vdGlmaWNhdGlvbnMgZm9yIG5ldyByZWxlYXNlcyBjb3VsZCBiZSBzZW50IHRvIHVzZXJzIHRoYXQgbm8gbG9uZ2VyIGFjY2VzcyB0byB0aGUgcmVwb3NpdG9yeSwgb3IgdG8gaW5hY3RpdmUgdXNlcnM=-->- fix: email notifications for new releases could be sent to users that no longer access to the repository, or to inactive users<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11513): <!--number 11513 --><!--line 4 --><!--description LSBmaXg6IG1pc3NpbmcgcGVybWlzc2lvbiBjaGVja3MgaW4gdXNlci9vcmctb3duZWQgcHJvamVjdHMgd291bGQgYWxsb3cgbW9kaWZpY2F0aW9ucyBvZiB0aGUgb3Blbi9jbG9zZWQgc3RhdGUgdG8gYmUgbWFkZSB0byBwcm9qZWN0cyB2aWEgaW5zZWN1cmUgZGlyZWN0IG9iamVjdCByZWZlcmVuY2Vz-->- fix: missing permission checks in user/org-owned projects would allow modifications of the open/closed state to be made to projects via insecure direct object references<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11513): <!--number 11513 --><!--line 5 --><!--description LSBmaXg6IG1pc3NpbmcgcGVybWlzc2lvbiBjaGVja3MgaW4gYSB3ZWIgZW5kcG9pbnQgYWxsb3dlZCBjYW5jZWxsYXRpb24gb2YgdGhlIGF1dG9tZXJnZSBvZiBhIFBS-->- fix: missing permission checks in a web endpoint allowed cancellation of the automerge of a PR<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11513): <!--number 11513 --><!--line 6 --><!--description LSBmaXg6IHByZXZlbnQgYWRkaXRpb25hbCBwYXRoLXRyYXZlcnNhbHMgaW4gcG9zdC1sb2dpbiByZWRpcmVjdCBwYXJhbWV0ZXJzIHRoYXQgYWxsb3dlZCBmb3IgYXJiaXRyYXJ5IHJlZGlyZWN0cw==-->- fix: prevent additional path-traversals in post-login redirect parameters that allowed for arbitrary redirects<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10719): <!--number 10719 --><!--line 0 --><!--description aGlkZSB1c2VyIHByb2ZpbGUgYW5vbnltb3VzIG9wdGlvbnMgb24gcHVibGljIHJlcG8gQVBJcw==-->hide user profile anonymous options on public repo APIs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10719): <!--number 10719 --><!--line 1 --><!--description aW5jb3JyZWN0IHdoaXRlc3BhY2UgaGFuZGxpbmcgb24gcHJlJnBvc3QgcmVjZWl2ZSBob29rcw==-->incorrect whitespace handling on pre&post receive hooks<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10719): <!--number 10719 --><!--line 2 --><!--description cmVkdWNlIG1lbW9yeSB1c2FnZSB3aGlsZSBwcm9jZXNzaW5nIGxhcmdlIGF0dGFjaG1lbnQgdXBsb2Fkcw==-->reduce memory usage while processing large attachment uploads<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10719): <!--number 10719 --><!--line 3 --><!--description bG9hZCByZXZpZXdlciBmb3IgcHVsbCByZXZpZXcgZGlzbWlzcyBhY3Rpb24gbm90aWZpZXI=-->load reviewer for pull review dismiss action notifier<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10719): <!--number 10719 --><!--line 4 --><!--description dXNlIGNvcnJlY3QgR1BHIGtleSBmb3IgZXhwb3J0-->use correct GPG key for export<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11393): <!--number 11393 --><!--line 0 --><!--description ZXh0ZW5kIGJhc2ljIGF1dGggdG8gL3YyLCBhbHdheXMgaW5jbHVkZSBXV1ctQXV0aGVudGljYXRlIGhlYWRlcg==-->extend basic auth to /v2, always include WWW-Authenticate header<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11282): <!--number 11282 --><!--line 0 --><!--description cHJldmVudCBwYW5pYyB3aGVuIGltcG9ydGluZyBpc3N1ZXMgZnJvbSBHaXRMYWI=-->prevent panic when importing issues from GitLab<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11282): <!--number 11282 --><!--line 1 --><!--description cHJldmVudCBwYW5pYyB3aGVuIGltcG9ydGluZyByZWxlYXNlcyB3aXRoIG1vcmUgdGhhbiA0IHJlbGVhc2UgYXNzZXRzIGZyb20gR2l0TGFi-->prevent panic when importing releases with more than 4 release assets from GitLab<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11282): <!--number 11282 --><!--line 2 --><!--description Y29ycmVjdCByZS1tYXBwaW5nIG9mIG1lcmdlLXJlcXVlc3QgbnVtYmVycyBtZW50aW9uZWQgaW4gR2l0TGFiIGNvbW1lbnRz-->correct re-mapping of merge-request numbers mentioned in GitLab comments<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11642): <!--number 11642 --><!--line 0 --><!--description ZG9uJ3QgdHJpcCBkZWxldGluZyBhdHRhY2htZW50IHdpdGggbWlzc2luZyBwZXJtaXNzaW9uIGVycm9y-->don't trip deleting attachment with missing permission error<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11145): <!--number 11145 --><!--line 0 --><!--description ZG9uJ3QgYWJhbmRvbiBBY3Rpb24gam9icyB3YWl0aW5nIGZvciBhcHByb3ZhbA==-->don't abandon Action jobs waiting for approval<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10812): <!--number 10812 --><!--line 0 --><!--description ZHJvcCBzcWxpdGUgc2hhcmVkIGNhY2hl-->drop sqlite shared cache<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11134): <!--number 11134 --><!--line 0 --><!--description Y2FuY2VsIHJ1bnMgcGVuZGluZyBhcHByb3ZhbCB3aGVuIGEgUFIgaXMgY2xvc2Vk-->cancel runs pending approval when a PR is closed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10568): <!--number 10568 --><!--line 0 --><!--description bWlncmF0aW9uOiB1cGRhdGUgZXhpc3RpbmcgZm9yZWlnbiBrZXkgbWlncmF0aW9ucyB0byBhdXRvbWF0aWNhbGx5IGZpeCBpbmNvbnNpc3RlbmNpZXM=-->migration: update existing foreign key migrations to automatically fix inconsistencies<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11623): <!--number 11623 --><!--line 0 --><!--description Y29tbWVudCBhdHRhY2htZW50IEFQSSBpcyBtb3JlIHJlc3RyaWN0aXZlIHRoYW4gdGhlIHdlYiBVSQ==-->comment attachment API is more restrictive than the web UI<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11614): <!--number 11614 --><!--line 0 --><!--description TWFrZSBvdmVyZmxvdy1tZW51IFdlYiBDb21wb25lbnQgc2Nyb2xsIC8gb3ZlcmZsb3cgd2l0aCBKUyBvZmY=-->Make overflow-menu Web Component scroll / overflow with JS off<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11547): <!--number 11547 --><!--line 0 --><!--description bW9kYWxzIG9uIHNtYWxsIHZpZXdwb3J0IGhlaWdodA==-->modals on small viewport height<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11381): <!--number 11381 --><!--line 0 --><!--description Zml4KHVpKTogaGFyZGNvZGUgc29ydCBvcHRpb25zIGluIHNlYXJjaCBzeW50YXggaGludCwgaW1wcm92ZSBsb29r-->fix(ui): hardcode sort options in search syntax hint, improve look<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11287): <!--number 11287 --><!--line 0 --><!--description Zml4KHVpKTogcHJldmVudCBsYWJlbCBvdmVyZmxvdyBpbiBQUiBDSSBjaGVja3Mgb24gbW9iaWxl-->fix(ui): prevent label overflow in PR CI checks on mobile<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11341): <!--number 11341 --><!--line 0 --><!--description Zml4KHVpL21kZSk6IGlucHV0cyBpbiB0YWJsZS9saW5rIGluc2VydGlvbiBtb2RhbHM=-->fix(ui/mde): inputs in table/link insertion modals<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11179): <!--number 11179 --><!--line 0 --><!--description aW1wcm92ZSBTUUxpdGUgImRhdGFiYXNlIGlzIGxvY2tlZCIgZXJyb3JzIGJ5IGluY3JlYXNpbmcgZGVmYXVsdCBgU1FMSVRFX1RJTUVPVVRg-->improve SQLite "database is locked" errors by increasing default `SQLITE_TIMEOUT`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11246): <!--number 11246 --><!--line 0 --><!--description Y2xlYW51cCBvZiBtdWx0aS1wbGF0Zm9ybSBjb250YWluZXIgaW1hZ2Vz-->cleanup of multi-platform container images<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10925): <!--number 10925 --><!--line 0 --><!--description Zml4KGFwaSk6IGRlZmF1bHQgbmV3IHJlbGVhc2UgJ3RpdGxlJyBmaWVsZCB0byBsYWJlbCBuYW1lLCBpZiBub3QgcHJvdmlkZWQ=-->fix(api): default new release 'title' field to label name, if not provided<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10969): <!--number 10969 --><!--line 0 --><!--description Zml4KHVpKTogdGlwcHkgbWVudSBzdHlsZXMgdG9vIGJyb2FkLCBhZmZlY3Rpbmcgc3dpdGNoIGluIFBSIHJldmlldw==-->fix(ui): tippy menu styles too broad, affecting switch in PR review<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10945): <!--number 10945 --><!--line 0 --><!--description cmVtb3ZlIGluZmluaXRlIGxvb3AgaW4gVXBkYXRlUnVuSm9iV2l0aG91dE5vdGlmaWNhdGlvbiB3aGVuIHJ1biBpbiB0cmFuc2FjdGlvbg==-->remove infinite loop in UpdateRunJobWithoutNotification when run in transaction<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11073): <!--number 11073 --><!--line 0 --><!--description YWxsb3cgdGVzdCBkZWxpdmVyeSBmb3Igd2ViaG9va3Mgbm90IGVuYWJsZWQgZm9yIHB1c2ggZXZlbnRz-->allow test delivery for webhooks not enabled for push events<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10948): <!--number 10948 --><!--line 0 --><!--description ZG9uJ3QgY2xvYmJlciBhdXRob3JpemVkX2tleXMgZmlsZSBkdXJpbmcgaW5zdGFsbGF0aW9u-->don't clobber authorized_keys file during installation<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10939): <!--number 10939 --><!--line 0 --><!--description Zml4KHVpKTogaW1wcm92ZSBmb3JjZS1wdXNoIGxheW91dCBhbGlnbm1lbnQ=-->fix(ui): improve force-push layout alignment<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10964): <!--number 10964 --><!--line 0 --><!--description Zml4KHVpKTogYWRkIG1pc3NpbmcgdHJhbnNsYXRpb24gZm9yIGNvZGUgc2VhcmNoIHdoZW4ga2V5d29yZCBpcyBlbXB0eSBzdHJpbmc=-->fix(ui): add missing translation for code search when keyword is empty string<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10888): <!--number 10888 --><!--line 0 --><!--description dXNlIEFMVEVSIFRBQkxFIGluIFNRTGl0ZSBEcm9wVGFibGVDb2x1bW5zKCksIGFsbG93aW5nIHVuZXhwZWN0ZWQgZGF0YWJhc2Ugc291cmNlcyB0byB3b3JrIGJldHRlciBpbiBtaWdyYXRpb25z-->use ALTER TABLE in SQLite DropTableColumns(), allowing unexpected database sources to work better in migrations<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10899): <!--number 10899 --><!--line 0 --><!--description ZG9uJ3QgcmV0dXJuIEFkZGl0aW9uYWxUYXNrcyBmcm9tIEZldGNoVGFzayBpZiB0aGVyZSBpcyBubyBUYXNr-->don't return AdditionalTasks from FetchTask if there is no Task<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10914): <!--number 10914 --><!--line 0 --><!--description c3RyaXAgbmV3bGluZXMgb24gb2cgaW1hZ2UgcmVuZGVyaW5n-->strip newlines on og image rendering<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11164): <!--number 11164 --><!--line 0 --><!--description d2hlbiBleHBhbmRpbmcgYSBkeW5hbWljIG1hdHJpeCwgb3JpZ2luYWwgJ25lZWRzJyBhY2Nlc3Mgd2FzIGxvc3Q=-->when expanding a dynamic matrix, original 'needs' access was lost<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10933): <!--number 10933 --><!--line 0 --><!--description dXNlIGFuIGFic29sdXRlIFVSTCBmb3IgY29tcGFyZSBsaW5rcyBpbiBhdG9tIGZlZWQ=-->use an absolute URL for compare links in atom feed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11063): <!--number 11063 --><!--line 0 --><!--description ZW1wdHkgZHluYW1pYyBtYXRyaXggY2FuIGxlYXZlIGFjdGlvbiBydW4gaGFuZ2luZyBpbmNvbXBsZXRl-->empty dynamic matrix can leave action run hanging incomplete<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10882): <!--number 10882 --><!--line 0 --><!--description Rml4IG5vdCBkZWNyZWFzaW5nIHdhdGNoIGNvdW50IHdoZW4gYmxvY2tpbmcgdXNlcg==-->Fix not decreasing watch count when blocking user<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10827): <!--number 10827 --><!--line 0 --><!--description cHJvcGVyIHN0eWxpbmcgZm9yIGdsb2JhbCB0aW1lIHRyYWNrZXIgcG9wdXA=-->proper styling for global time tracker popup<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10814): <!--number 10814 --><!--line 0 --><!--description Zml4KHVpKTogc2hvdyBzd2l0Y2ggZGVmYXVsdCBicmFuY2ggYnV0dG9uIGluIGJyYW5jaCBsaXN0IG9ubHkgZm9yIHJlcG8gYWRtaW5z-->fix(ui): show switch default branch button in branch list only for repo admins<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10863): <!--number 10863 --><!--line 0 --><!--description bWFrZSBjb25jdXJyZW5jeSBncm91cCBqb2IgY2FuY2VsbGF0aW9uIGVmZmVjdCBydW5zIHRoYXQgYXJlIGZhaWxlZA==-->make concurrency group job cancellation effect runs that are failed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10851): <!--number 10851 --><!--line 0 --><!--description dXNlIGBzdHJpY3Qtb3JpZ2luYCBhcyByZWZlcnJlciBwb2xpY3k=-->use `strict-origin` as referrer policy<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10648): <!--number 10648 --><!--line 0 --><!--description Zml4KHVpKTogYWN0aW9ucyBsaXN0IGxheW91dCBicmVha2FnZSB3aXRoIGxvbmcgY29udGVudA==-->fix(ui): actions list layout breakage with long content<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10686): <!--number 10686 --><!--line 0 --><!--description YWRkIGBmb3JnZWpvIGRvY3RvciBjbGVhbnVwLWNvbW1pdC1zdGF0dXNgIGNvbW1hbmQgdG8gcmVjb3ZlciBmcm9tICMxMDY3MQ==-->add `forgejo doctor cleanup-commit-status` command to recover from #10671<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10747): <!--number 10747 --><!--line 0 --><!--description Y29ycmVjdGx5IGNvbXB1dGUgcmVxdWlyZWQgY29tbWl0IHN0YXR1cw==-->correctly compute required commit status<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10744): <!--number 10744 --><!--line 0 --><!--description Zml4IDUwMCBlcnJvciBvbiBsYXJnZSAuZ2l0bW9kdWxlcw==-->fix 500 error on large .gitmodules<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10484): <!--number 10484 --><!--line 0 --><!--description ZGlzcGxheSBvcnBoYW4gYnJhbmNoZXMgc2VwYXJhdGVseSBpbiBjb21taXQgZ3JhcGg=-->display orphan branches separately in commit graph<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10652): <!--number 10652 --><!--line 0 --><!--description Zml4KHVpKTogcHVsbCByZXF1ZXN0IG1lcmdlIG1lbnUgaXRlbSBjbGlwcGluZyB0aGUgYXV0byBtZXJnZSB0aXA=-->fix(ui): pull request merge menu item clipping the auto merge tip<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10594): <!--number 10594 --><!--line 0 --><!--description YWxsb3cgQWN0aW9ucyB0cnVzdCBtYW5hZ2VtZW50IG9uIGNvbmZsaWN0ZWQgUFJz-->allow Actions trust management on conflicted PRs<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10572): <!--number 10572 --><!--line 0 --><!--description Zml4KHVpKTogcHJvY2VzcyBkeW5hbWljYWxseSBhZGRlZCBjb250ZW50IHZpYSBodG14-->fix(ui): process dynamically added content via htmx<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10556): <!--number 10556 --><!--line 0 --><!--description Zml4KHVpKTogZG9uJ3Qgc3RyZXRjaCBhY3Rpdml0eSB0b3AgYXV0aG9yIGltYWdl-->fix(ui): don't stretch activity top author image<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10486): <!--number 10486 --><!--line 0 --><!--description aWdub3JlIHByaXZhdGUgLnByb2ZpbGUgcmVwbyBvbiB1c2VyIHByb2ZpbGUgcGFnZQ==-->ignore private .profile repo on user profile page<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10521): <!--number 10521 --><!--line 0 --><!--description Zml4KHVpKTogYWRkIG1pc3Npbmcgc3BhY2UgYmVmb3JlICdDb21taXQnIGJhY2s=-->fix(ui): add missing space before 'Commit' back<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10520): <!--number 10520 --><!--line 0 --><!--description UHJldmVudCBmb3JtIHN1Ym1pc3Npb24gYnkgYnV0dG9ucyBpbiBVR0MgbWFya2Rvd24=-->Prevent form submission by buttons in UGC markdown<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10394): <!--number 10394 --><!--line 0 --><!--description YWx3YXlzIHNlYXJjaCBmb3IgaXNzdWUgcG9zdGVycyBieSB1c2VyIGFuZCBmdWxsIG5hbWU=-->always search for issue posters by user and full name<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/10489): <!--number 10489 --><!--line 0 --><!--description YWxpZ24gZHVlIGRhdGUgaWNvbiBpbiBpc3N1ZSBsaXN0-->align due date icon in issue list<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8244): <!--number 8244 --><!--line 0 --><!--description YWRkIGR5bmFtaWMgYXJpYS1sYWJlbCB0byBtb25vc3BhY2UgYnV0dG9uIGluIG1hcmtkb3duIGVkaXRvcg==-->add dynamic aria-label to monospace button in markdown editor<!--description-->
+<!--end release-notes-assistant-->

From 2c0c48f50e8a66ef007c1d92e7721e645e7138e1 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 16 Apr 2026 17:59:37 +0200
Subject: [PATCH 695/854] fix: continued API response processing after error in
 `/repos/search` API (#12143)

Prevent continued execution of some APIs with error responses that didn't correctly interrupt execution, resulting in bizarre outputs and possibly leaking secure data:

```
> GET /api/v1/repos/search?uid=-2&archived=false HTTP/2
> Host: example.org
> user-agent: curl/7.88.1
> accept: */*
> authorization: bearer ***
>
< HTTP/2 500
< server: nginx
< date: Thu, 16 Apr 2026 14:20:09 GMT
< content-type: application/json;charset=utf-8
< cache-control: max-age=0, private, must-revalidate, no-transform
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
<
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"message":"","url":"https://example.org/api/swagger"}
{"ok":true,"data":[{"id":68,"owner":{"id":1,"login":"mfenniak", ...
```

As these errors only occur on situations that shouldn't be reproducible (minus software bugs), test automation isn't practical.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12143
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Cyborus <cyborus@disroot.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 routers/api/v1/org/team.go  | 1 +
 routers/api/v1/repo/repo.go | 2 ++
 routers/api/v1/user/repo.go | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go
index 489b22892a..bd76e4d37e 100644
--- a/routers/api/v1/org/team.go
+++ b/routers/api/v1/org/team.go
@@ -591,6 +591,7 @@ func GetTeamRepos(ctx *context.APIContext) {
 			// Due to the pagination of the API it doesn't make sense to skip it, as we wouldn't be giving the right
 			// number of results back to the API consumer.
 			ctx.Error(http.StatusInternalServerError, "InvalidAuthorizationReducer", "Repository was available from GetTeamRepositories, but not readable.")
+			return
 		}
 		repos[i] = convert.ToRepo(ctx, repo, permission)
 	}
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index 5c11a2380f..793281bc79 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -234,11 +234,13 @@ func Search(ctx *context.APIContext) {
 				OK:    false,
 				Error: err.Error(),
 			})
+			return
 		} else if !permission.HasAccess() {
 			// It shouldn't happen that a repo is returned from GetTeamRepositories which we have no access to at all.
 			// Due to the pagination of the API it doesn't make sense to skip it, as we wouldn't be giving the right
 			// number of results back to the API consumer.
 			ctx.Error(http.StatusInternalServerError, "InvalidAuthorizationReducer", "Repository was available from SearchRepository, but not readable.")
+			return
 		}
 
 		results[i] = convert.ToRepo(ctx, repo, permission)
diff --git a/routers/api/v1/user/repo.go b/routers/api/v1/user/repo.go
index 92d86e10b0..6897d06ca0 100644
--- a/routers/api/v1/user/repo.go
+++ b/routers/api/v1/user/repo.go
@@ -153,11 +153,13 @@ func ListMyRepos(ctx *context.APIContext) {
 		permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermissionWithReducer", err)
+			return
 		} else if !permission.HasAccess() {
 			// It shouldn't happen that a repo is returned from SearchRepository which we have no access to at all. Due
 			// to the pagination of the API it doesn't make sense to skip it, as we wouldn't be giving the right number
 			// of results back to the API consumer.
 			ctx.Error(http.StatusInternalServerError, "InvalidAuthorizationReducer", "Repository was available from SearchRepository, but not readable.")
+			return
 		}
 		results[i] = convert.ToRepo(ctx, repo, permission)
 	}

From a4b575fd75ac5bf4c7ab3f9823d1d08f030f93ea Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 16 Apr 2026 19:26:28 +0200
Subject: [PATCH 696/854] fix: make /repos/search?uid=-2 return zero results,
 no repos with that owner (#12144)

API calls to `.../api/v1/repos/search?uid=-2&archived=false` currently do not apply the filter `uid` because of the negative value.  This can occur when APIs are interacting with `${{ forgejo.token }}` and believe they're operating as the Forgejo Actions user, which has UID -2.

In combination with the security checks that occur in the `/repos/search` API to validate that repositories accessed are visible to the user, this can result in 500 error responses when a more correct expectation would be to receive no repositories:

https://codeberg.org/forgejo/forgejo/src/commit/da8898822c528a245a4cbe3e0ca02928262a4d5e/routers/api/v1/repo/repo.go#L237-L242

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12144
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 models/repo/repo_list.go           | 2 +-
 tests/integration/api_repo_test.go | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/models/repo/repo_list.go b/models/repo/repo_list.go
index daa60c81e9..a0eb0ce7c2 100644
--- a/models/repo/repo_list.go
+++ b/models/repo/repo_list.go
@@ -361,7 +361,7 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 	}
 
 	// Restrict repositories to those the OwnerID owns or contributes to as per opts.Collaborate
-	if opts.OwnerID > 0 {
+	if opts.OwnerID != 0 {
 		accessCond := builder.NewCond()
 		if !opts.Collaborate.ValueOrZeroValue() {
 			accessCond = builder.Eq{"owner_id": opts.OwnerID}
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index 60c662c28a..29edff7ac0 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -149,6 +149,7 @@ func TestAPISearchRepo(t *testing.T) {
 	org3 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 18})
 	user4 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 20})
 	orgUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 17})
+	actionsUser := user_model.NewActionsUser()
 
 	oldAPIDefaultNum := setting.API.DefaultPagingNum
 	defer func() {
@@ -266,6 +267,12 @@ func TestAPISearchRepo(t *testing.T) {
 			user:  {count: 1, includesPrivate: true},
 			user4: {count: 1, includesPrivate: true},
 		}},
+		{name: "ForgejoActionsUser/UID", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", actionsUser.ID), expectedResults: expectedResults{
+			nil:         {count: 0},
+			actionsUser: {count: 0},
+			user:        {count: 0},
+			user4:       {count: 0},
+		}},
 	}
 
 	for _, testCase := range testCases {

From 39f677c0db822e3f7e3306fcf4ab21d522188349 Mon Sep 17 00:00:00 2001
From: RahulGautamSingh <rahultesnik@gmail.com>
Date: Thu, 16 Apr 2026 19:51:46 +0200
Subject: [PATCH 697/854] feat(api): add base and head query filters to list
 pull requests endpoint (#12104)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolves https://codeberg.org/forgejo/forgejo/issues/6919

Add `base` and `head` filter options to the `repoListPullRequests` API operation.

Co-authored-by: Rahul Gautam Singh <rere0095@Rahuls-MacBook-Air.local>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12104
Reviewed-by: Ellen Εμίλια Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Cyborus <cyborus@disroot.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: RahulGautamSingh <rahultesnik@gmail.com>
Co-committed-by: RahulGautamSingh <rahultesnik@gmail.com>
---
 models/issues/pull_list.go         | 10 ++++++
 routers/api/v1/repo/pull.go        | 10 ++++++
 templates/swagger/v1_json.tmpl     | 12 +++++++
 tests/integration/api_pull_test.go | 53 ++++++++++++++++++++++++++++++
 4 files changed, 85 insertions(+)

diff --git a/models/issues/pull_list.go b/models/issues/pull_list.go
index ddb813cf44..861ccace81 100644
--- a/models/issues/pull_list.go
+++ b/models/issues/pull_list.go
@@ -27,6 +27,8 @@ type PullRequestsOptions struct {
 	Labels      []int64
 	MilestoneID int64
 	PosterID    int64
+	BaseBranch  string
+	HeadBranch  string
 }
 
 func listPullRequestStatement(ctx context.Context, baseRepoID int64, opts *PullRequestsOptions) *xorm.Session {
@@ -51,6 +53,14 @@ func listPullRequestStatement(ctx context.Context, baseRepoID int64, opts *PullR
 		sess.And("issue.poster_id=?", opts.PosterID)
 	}
 
+	if opts.BaseBranch != "" {
+		sess.And("pull_request.base_branch=?", opts.BaseBranch)
+	}
+
+	if opts.HeadBranch != "" {
+		sess.And("pull_request.head_branch=?", opts.HeadBranch)
+	}
+
 	return sess
 }
 
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 1f82bfce1b..37be508512 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -90,6 +90,14 @@ func ListPullRequests(ctx *context.APIContext) {
 	//   in: query
 	//   description: Filter by pull request author
 	//   type: string
+	// - name: base
+	//   in: query
+	//   description: Filter by base branch name
+	//   type: string
+	// - name: head
+	//   in: query
+	//   description: Filter by head branch name
+	//   type: string
 	// - name: page
 	//   in: query
 	//   description: Page number of results to return (1-based)
@@ -137,6 +145,8 @@ func ListPullRequests(ctx *context.APIContext) {
 		Labels:      labelIDs,
 		MilestoneID: ctx.FormInt64("milestone"),
 		PosterID:    posterID,
+		BaseBranch:  ctx.FormTrim("base"),
+		HeadBranch:  ctx.FormTrim("head"),
 	})
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "PullRequests", err)
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 8ca012823a..e872051b18 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -14003,6 +14003,18 @@
             "name": "poster",
             "in": "query"
           },
+          {
+            "type": "string",
+            "description": "Filter by base branch name",
+            "name": "base",
+            "in": "query"
+          },
+          {
+            "type": "string",
+            "description": "Filter by head branch name",
+            "name": "head",
+            "in": "query"
+          },
           {
             "minimum": 1,
             "type": "integer",
diff --git a/tests/integration/api_pull_test.go b/tests/integration/api_pull_test.go
index c1b64cdb39..17fab07f9e 100644
--- a/tests/integration/api_pull_test.go
+++ b/tests/integration/api_pull_test.go
@@ -178,6 +178,59 @@ func TestAPIPullsFiles(t *testing.T) {
 	})
 }
 
+func TestAPIViewPullsFilterByBaseHead(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+	ctx := NewAPITestContext(t, "user2", repo.Name, auth_model.AccessTokenScopeReadRepository)
+
+	t.Run("FilterByBase", func(t *testing.T) {
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls?state=all&base=master", repo.OwnerName, repo.Name).
+			AddTokenAuth(ctx.Token)
+		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+
+		var pulls []*api.PullRequest
+		DecodeJSON(t, resp, &pulls)
+		assert.Len(t, pulls, 2)
+		for _, pr := range pulls {
+			assert.Equal(t, "master", pr.Base.Name)
+		}
+	})
+
+	t.Run("FilterByHead", func(t *testing.T) {
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls?state=all&head=branch2", repo.OwnerName, repo.Name).
+			AddTokenAuth(ctx.Token)
+		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+
+		var pulls []*api.PullRequest
+		DecodeJSON(t, resp, &pulls)
+		assert.Len(t, pulls, 1)
+		assert.Equal(t, "branch2", pulls[0].Head.Name)
+	})
+
+	t.Run("FilterByBaseAndHead", func(t *testing.T) {
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls?state=all&base=master&head=branch2", repo.OwnerName, repo.Name).
+			AddTokenAuth(ctx.Token)
+		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+
+		var pulls []*api.PullRequest
+		DecodeJSON(t, resp, &pulls)
+		assert.Len(t, pulls, 1)
+		assert.Equal(t, "master", pulls[0].Base.Name)
+		assert.Equal(t, "branch2", pulls[0].Head.Name)
+	})
+
+	t.Run("FilterByBaseNoMatch", func(t *testing.T) {
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/pulls?state=all&base=nonexistent", repo.OwnerName, repo.Name).
+			AddTokenAuth(ctx.Token)
+		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
+
+		var pulls []*api.PullRequest
+		DecodeJSON(t, resp, &pulls)
+		assert.Empty(t, pulls)
+	})
+}
+
 func TestAPIViewPullsByBaseHead(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})

From 6236a4cc9907424261e068e222ea4656d2bc59f1 Mon Sep 17 00:00:00 2001
From: Dominik Zyla <zylad@noreply.codeberg.org>
Date: Thu, 16 Apr 2026 19:52:56 +0200
Subject: [PATCH 698/854] feat: allow for getting 2fa enabled users via
 /api/v1/admin/users (#12091)

Allow for filtering users with 2fa enabled as admin. So that it is easy to audit users' settings compliance with iso27001, etc.

Resolves #11800

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12091
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Dominik Zyla <zylad@noreply.codeberg.org>
Co-committed-by: Dominik Zyla <zylad@noreply.codeberg.org>
---
 routers/api/v1/admin/user.go        | 17 +++++++++------
 templates/swagger/v1_json.tmpl      |  6 ++++++
 tests/integration/api_admin_test.go | 32 +++++++++++++++++++++++++++++
 3 files changed, 49 insertions(+), 6 deletions(-)

diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index f30ba8b5dd..be02d3e198 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -416,6 +416,10 @@ func SearchUsers(ctx *context.APIContext) {
 	//   in: query
 	//   description: user's login name to search for
 	//   type: string
+	// - name: is_2fa_enabled
+	//   in: query
+	//   description: whether or not to filter users with the 2fa enabled
+	//   type: boolean
 	// - name: sort
 	//   in: query
 	//   description: sort order of results
@@ -446,12 +450,13 @@ func SearchUsers(ctx *context.APIContext) {
 	}
 
 	users, maxResults, err := user_model.SearchUsers(ctx, &user_model.SearchUserOptions{
-		Actor:       ctx.Doer,
-		Type:        user_model.UserTypeIndividual,
-		LoginName:   ctx.FormTrim("login_name"),
-		SourceID:    sourceID,
-		OrderBy:     utils.GetDbSearchOrder(ctx),
-		ListOptions: listOptions,
+		Actor:              ctx.Doer,
+		Type:               user_model.UserTypeIndividual,
+		LoginName:          ctx.FormTrim("login_name"),
+		IsTwoFactorEnabled: ctx.FormOptionalBool("is_2fa_enabled"),
+		SourceID:           sourceID,
+		OrderBy:            utils.GetDbSearchOrder(ctx),
+		ListOptions:        listOptions,
 	})
 	if err != nil {
 		ctx.Error(http.StatusInternalServerError, "SearchUsers", err)
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index e872051b18..3401d42641 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -1509,6 +1509,12 @@
             "name": "login_name",
             "in": "query"
           },
+          {
+            "type": "boolean",
+            "description": "whether or not to filter users with the 2fa enabled",
+            "name": "is_2fa_enabled",
+            "in": "query"
+          },
           {
             "enum": [
               "oldest",
diff --git a/tests/integration/api_admin_test.go b/tests/integration/api_admin_test.go
index 70a921a0a4..513eac1155 100644
--- a/tests/integration/api_admin_test.go
+++ b/tests/integration/api_admin_test.go
@@ -169,6 +169,38 @@ func TestAPIListUsers(t *testing.T) {
 	assert.Len(t, users, numberOfUsers)
 }
 
+func TestAPIListUsersNo2FA(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	adminUsername := "user1"
+	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadAdmin)
+
+	req := NewRequest(t, "GET", "/api/v1/admin/users?is_2fa_enabled=0").
+		AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	total := resp.Header().Get("X-Total-Count")
+
+	numberOfUsers := "28"
+
+	assert.Equal(t, numberOfUsers, total)
+}
+
+func TestAPIListUsers2FA(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	adminUsername := "user1"
+	token := getUserToken(t, adminUsername, auth_model.AccessTokenScopeReadAdmin)
+
+	req := NewRequest(t, "GET", "/api/v1/admin/users?is_2fa_enabled=1").
+		AddTokenAuth(token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	total := resp.Header().Get("X-Total-Count")
+
+	numberOfUsers := "2"
+
+	assert.Equal(t, numberOfUsers, total)
+}
+
 func TestAPIListUsersNotLoggedIn(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	req := NewRequest(t, "GET", "/api/v1/admin/users")

From c7b5026f59411175f7b46ffc627ebb944f9802e8 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 16 Apr 2026 23:42:08 +0200
Subject: [PATCH 699/854] chore: bump xorm to v1.3.9-forgejo.11 (#12153)

Should fix intermittent test failures in Forgejo's integration test suite, in [`TestPackageDebianConcurrent`](https://codeberg.org/forgejo-integration/forgejo/actions/runs/16661/jobs/3/attempt/1#jobstep-5-1271), where this error is occurring.  Will be backported to v15 as the same test is present there, to keep the LTS tests healthy.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12153
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
---
 go.mod |  2 +-
 go.sum | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/go.mod b/go.mod
index 0088bd43ef..6db142399f 100644
--- a/go.mod
+++ b/go.mod
@@ -273,4 +273,4 @@ replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-2024121
 
 replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
 
-replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.10
+replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.11
diff --git a/go.sum b/go.sum
index 82b1a02a3e..9601411c69 100644
--- a/go.sum
+++ b/go.sum
@@ -42,8 +42,8 @@ code.forgejo.org/go-chi/captcha v1.0.2 h1:vyHDPXkpjDv8bLO9NqtWzZayzstD/WpJ5xwEkA
 code.forgejo.org/go-chi/captcha v1.0.2/go.mod h1:lxiPLcJ76UCZHoH31/Wbum4GUi2NgjfFZLrJkKv1lLE=
 code.forgejo.org/go-chi/session v1.0.4 h1:WQ1NaVxcCpxYwCliEGypKclZnOCjh3p1fk8XciJc62U=
 code.forgejo.org/go-chi/session v1.0.4/go.mod h1:+sSTiomM5C8AUPtxZyTENIbcTz22kcVottKO0lnmDRk=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.10 h1:DCProZz7GP10ue7NoVr1vreuADhH9tEImYFye2+aDG8=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.10/go.mod h1:ly5tUt9l3b+y7HdXDM1UucQXuS58ahNxB9tPM5/6LfM=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.11 h1:EXJVQ4feAFMkpFwtHAHuXkK6TLNYqabR7QTzqL8uObY=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.11/go.mod h1:C18NeM/SazG/q4eqpWnoNks7GeCyRUNQIe2onniRViU=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
 code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
 code.superseriousbusiness.org/exif-terminator v0.11.2 h1:nkTdaghZb6I0oGYFhTLSALhA2ShgkPnYAJryE5IE9+0=
@@ -730,8 +730,8 @@ golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE
 golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 h1:mgKeJMpvi0yx/sU5GsxQ7p6s2wtOnGAHZWCHUM4KGzY=
-golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546/go.mod h1:j/pmGrbnkbPtQfxEe5D0VQhZC6qKbfKifgD0oM7sR70=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.39.0 h1:skVYidAEVKgn8lZ602XO75asgXBgLj9G/FE3RbuPFww=
@@ -991,14 +991,14 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-modernc.org/libc v1.67.6 h1:eVOQvpModVLKOdT+LvBPjdQqfrZq+pC39BygcT+E7OI=
-modernc.org/libc v1.67.6/go.mod h1:JAhxUVlolfYDErnwiqaLvUqc8nfb2r6S6slAgZOnaiE=
+modernc.org/libc v1.70.0 h1:U58NawXqXbgpZ/dcdS9kMshu08aiA6b7gusEusqzNkw=
+modernc.org/libc v1.70.0/go.mod h1:OVmxFGP1CI/Z4L3E0Q3Mf1PDE0BucwMkcXjjLntvHJo=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
 modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
-modernc.org/sqlite v1.46.1 h1:eFJ2ShBLIEnUWlLy12raN0Z1plqmFX9Qe3rjQTKt6sU=
-modernc.org/sqlite v1.46.1/go.mod h1:CzbrU2lSB1DKUusvwGz7rqEKIq+NUd8GWuBBZDs9/nA=
+modernc.org/sqlite v1.48.2 h1:5CnW4uP8joZtA0LedVqLbZV5GD7F/0x91AXeSyjoh5c=
+modernc.org/sqlite v1.48.2/go.mod h1:hWjRO6Tj/5Ik8ieqxQybiEOUXy0NJFNp2tpvVpKlvig=
 mvdan.cc/xurls/v2 v2.6.0 h1:3NTZpeTxYVWNSokW3MKeyVkz/j7uYXYiMtXRUfmjbgI=
 mvdan.cc/xurls/v2 v2.6.0/go.mod h1:bCvEZ1XvdA6wDnxY7jPPjEmigDtvtvPXAD/Exa9IMSk=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=

From 00269b3a0b8d2fe28b6d2da8674aefbc1524b6e8 Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Fri, 17 Apr 2026 01:41:56 +0200
Subject: [PATCH 700/854] fix: CodeMirror e2e test (#12151)

I tried a lot, but this seems to work. I know it is ugly, but checking and waiting after every action seems to make it stable. At least it succeeded five times in a row and the CI seemed to be under load due to the dependency updates. Maybe it is worth a try...

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12151
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 tests/e2e/codemirror.test.e2e.ts | 66 ++++++++++++--------------------
 1 file changed, 25 insertions(+), 41 deletions(-)

diff --git a/tests/e2e/codemirror.test.e2e.ts b/tests/e2e/codemirror.test.e2e.ts
index 466b9f1fd3..c3dc6f0fcd 100644
--- a/tests/e2e/codemirror.test.e2e.ts
+++ b/tests/e2e/codemirror.test.e2e.ts
@@ -21,17 +21,21 @@ async function enterFilename(page: Page, filename: string) {
 }
 
 async function pressEnter(page: Page) {
-  // eslint-disable-next-line playwright/no-wait-for-timeout
-  await page.waitForTimeout(5);
   await page.keyboard.press('Enter', {delay: 5});
-  // eslint-disable-next-line playwright/no-wait-for-timeout
-  await page.waitForTimeout(10);
 }
 
 async function type(page: Page, text: string) {
   await page.keyboard.type(text, {delay: 10});
 }
 
+async function validate(page: Page, expected: string) {
+  await expect(async () => {
+    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
+    expect(internal).toStrictEqual(expected);
+  }).toPass();
+  await expect(page.locator('#edit_area')).toHaveValue(expected);
+}
+
 test('New file editor', async ({page}) => {
   const response = await page.goto('/user2/repo1/_new/master', {waitUntil: 'domcontentloaded'});
   expect(response?.status()).toBe(200);
@@ -39,21 +43,19 @@ test('New file editor', async ({page}) => {
   await enterFilename(page, `f.txt`);
 
   const editor = page.locator('.cm-content');
-  const backingTextArea = page.locator('#edit_area');
 
   await editor.click();
+
   await type(page, 'This');
   await pressEnter(page);
+  await validate(page, 'This\n');
+
   await type(page, 'is');
   await pressEnter(page);
-  await type(page, 'Frogejo!');
+  await validate(page, 'This\nis\n');
 
-  const expected = 'This\nis\nFrogejo!';
-  await expect(async () => {
-    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
-    expect(internal).toStrictEqual(expected);
-  }).toPass();
-  await expect(backingTextArea).toHaveValue(expected);
+  await type(page, 'Frogejo!');
+  await validate(page, 'This\nis\nFrogejo!');
 });
 
 test('New file with autocomplete and indent', async ({page}) => {
@@ -63,26 +65,20 @@ test('New file with autocomplete and indent', async ({page}) => {
   await enterFilename(page, 'f.html');
 
   const editor = page.locator('.cm-content');
-  const backingTextArea = page.locator('#edit_area');
 
   await expect(editor).toHaveAttribute('data-language', 'html', {timeout: 3000});
 
   await editor.click();
   await type(page, '<html>');
   await pressEnter(page);
-  await type(page, '<hea');
-  await page.locator('.cm-tooltip-autocomplete').waitFor({state: 'visible'});
-  await pressEnter(page);
-  await type(page, '>');
-  await pressEnter(page);
-  await type(page, '<title>Frogejo is the future');
+  await validate(page, '<html>\n  \n</html>');
 
-  const expected = '<html>\n  <head>\n    <title>Frogejo is the future</title>\n  </head>\n</html>';
-  await expect(async () => {
-    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
-    expect(internal).toStrictEqual(expected);
-  }).toPass();
-  await expect(backingTextArea).toHaveValue(expected);
+  await type(page, '<head>');
+  await pressEnter(page);
+  await validate(page, '<html>\n  <head>\n    \n  </head>\n</html>');
+
+  await type(page, '<title>Frogejo is the future');
+  await validate(page, '<html>\n  <head>\n    <title>Frogejo is the future</title>\n  </head>\n</html>');
 });
 
 test('Preview for markdown file', async ({page}) => {
@@ -105,10 +101,7 @@ test('Set from query', async ({page}) => {
   const response = await page.goto('/user2/repo1/_new/master?value=This\\nis\\\\nFrogejo!', {waitUntil: 'domcontentloaded'});
   expect(response?.status()).toBe(200);
 
-  await expect(async () => {
-    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
-    expect(internal).toStrictEqual('This\nis\\nFrogejo!');
-  }).toPass();
+  await validate(page, 'This\nis\\nFrogejo!');
 });
 
 test('Search in file', async ({page}) => {
@@ -122,10 +115,7 @@ test('Search in file', async ({page}) => {
   const toggleByWord = page.locator('label[for="search_by_word"]');
   const nextButton = page.locator('button[aria-label="Next find"]');
 
-  await expect(async () => {
-    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
-    expect(internal).toStrictEqual('This\nis\nFrogejo!\nthIs');
-  }).toPass();
+  await validate(page, 'This\nis\nFrogejo!\nthIs');
 
   await editor.click();
 
@@ -180,10 +170,7 @@ test('Replace in file', async ({page}) => {
   const searchField = page.locator('.fj-search input[name="search"]');
   const replaceField = page.locator('.fj-search input[name="replace"]');
 
-  await expect(async () => {
-    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
-    expect(internal).toStrictEqual('This\nis\nFrogejo!\nthIs');
-  }).toPass();
+  await validate(page, 'This\nis\nFrogejo!\nthIs');
 
   await editor.click();
 
@@ -196,10 +183,7 @@ test('Replace in file', async ({page}) => {
 
   await page.getByRole('button', {name: 'Replace all'}).click();
 
-  await expect(async () => {
-    const internal = await page.evaluate(() => Array.from(window.codeEditors)[0].state.doc.toString());
-    expect(internal).toStrictEqual('ThBlub\nBlub\nFrogejo!\nthBlub');
-  }).toPass();
+  await validate(page, 'ThBlub\nBlub\nFrogejo!\nthBlub');
 });
 
 test('Do not open search if search button not available', async ({page}) => {

From b6b5592e7ff2c3b84fb61a18390a7dc820d7ff75 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 17 Apr 2026 06:59:26 +0200
Subject: [PATCH 701/854] Update Node.js to v24.15.0 (forgejo) (#12157)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12157
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .node-version | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.node-version b/.node-version
index 045200741c..eefb690f4a 100644
--- a/.node-version
+++ b/.node-version
@@ -1 +1 @@
-24.14.1
\ No newline at end of file
+24.15.0
\ No newline at end of file

From 766c9c64f5a9f6c84b906ebd7cfad1aee87a203a Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Fri, 17 Apr 2026 15:24:58 +0200
Subject: [PATCH 702/854] fix(rna): prioritize breaking changes without a
 feature or bug label over non-breaking changes (#12124)

Related: https://codeberg.org/forgejo/website/pulls/843#issuecomment-13131897
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12124
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 release-notes-assistant.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/release-notes-assistant.sh b/release-notes-assistant.sh
index 4963edf286..9fdadc06f3 100755
--- a/release-notes-assistant.sh
+++ b/release-notes-assistant.sh
@@ -40,7 +40,7 @@ function test_main() {
   test "$(categorize)" = 'BB Breaking bug fixes'
 
   test_payload_labels $label_worth $label_breaking
-  test "$(categorize)" = 'ZB Breaking changes without a feature or bug label'
+  test "$(categorize)" = 'BC Breaking changes without a feature or bug label'
 
   test_payload_labels $label_worth $label_ui $label_feature
   test "$(categorize)" = 'CA User Interface features'
@@ -232,7 +232,7 @@ function categorize() {
     elif $is_bug; then
       echo -n BB Breaking bug fixes
     else
-      echo -n ZB Breaking changes without a feature or bug label
+      echo -n BC Breaking changes without a feature or bug label
     fi
   elif $is_ui; then
     if $is_feature; then

From 83459905d19d80c9d2b46fbaf269fd5b311b7d21 Mon Sep 17 00:00:00 2001
From: Alec Walsh <code@alecwalsh.name>
Date: Fri, 17 Apr 2026 17:17:29 +0200
Subject: [PATCH 703/854] Exclude SSH certificate principals from output when
 viewing user's SSH keys (#12079)

Fixes #11590

When viewing a user's SSH keys, SSH principals are now excluded from the output.  This would previously either result in a panic in [OmitEmail](https://codeberg.org/forgejo/forgejo/src/commit/cfd4d53e32/models/asymkey/ssh_key.go#L67), if the principal name didn't contain any spaces, or truncate the principal name, if it did contain spaces.

The TestExportUserSSHKeys test was also updated and fails if the fix(commit cfcbc33af0) is reverted.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing
  - [x] `make test`
  - [x] `make test-sqlite#TestExportUserSSHKeys`

I have also manually tested the change.

The full integration tests(`make test-sqlite`) report some errors, but I get the same errors without this PR(tested on commit [6a5dda7116](https://codeberg.org/forgejo/forgejo/commit/6a5dda711628a4ed826846f208839561b9a6b1c3)).

I have not tested with the other database backends.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12079
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Alec Walsh <code@alecwalsh.name>
Co-committed-by: Alec Walsh <code@alecwalsh.name>
---
 models/fixtures/public_key.yml             | 33 ++++++++++++++++++++++
 routers/web/user/home.go                   |  3 ++
 tests/integration/api_private_serv_test.go |  4 +--
 tests/integration/user_test.go             | 14 +++++++++
 4 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/models/fixtures/public_key.yml b/models/fixtures/public_key.yml
index ae620ee2d1..a1c7f4feb6 100644
--- a/models/fixtures/public_key.yml
+++ b/models/fixtures/public_key.yml
@@ -9,3 +9,36 @@
   created_unix: 1559593109
   updated_unix: 1565224552
   login_source_id: 0
+-
+  id: 2
+  owner_id: 5
+  name: user5
+  fingerprint: ""
+  content: "user5"
+  mode: 2
+  type: 3
+  created_unix: 1775805112
+  updated_unix: 1775805112
+  login_source_id: 0
+-
+  id: 3
+  owner_id: 9
+  name: user9@localhost
+  fingerprint: "SHA256:K3RfDvtQ/aYVzh6RfXGFxlffLLTRgksf9UQwTlwSM8M"
+  content: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN7KuFUnlztx/UM6PUTyiBAq5SeIqr+qSVFC6JzLQAh user9@localhost"
+  mode: 2
+  type: 1
+  created_unix: 1775805112
+  updated_unix: 1775805112
+  login_source_id: 0
+-
+  id: 4
+  owner_id: 9
+  name: user9
+  fingerprint: ""
+  content: "user9"
+  mode: 2
+  type: 3
+  created_unix: 1775805112
+  updated_unix: 1775805112
+  login_source_id: 0
diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index 60d6fc2bd0..4fe3f7c9a0 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -705,6 +705,9 @@ func ShowSSHKeys(ctx *context.Context) {
 
 	var buf bytes.Buffer
 	for i := range keys {
+		if keys[i].Type == asymkey_model.KeyTypePrincipal {
+			continue // Don't display SSH principals, only public keys
+		}
 		buf.WriteString(keys[i].OmitEmail())
 		buf.WriteString("\n")
 	}
diff --git a/tests/integration/api_private_serv_test.go b/tests/integration/api_private_serv_test.go
index 742d2d80d7..dd45f54c36 100644
--- a/tests/integration/api_private_serv_test.go
+++ b/tests/integration/api_private_serv_test.go
@@ -114,12 +114,12 @@ func TestAPIPrivateServ(t *testing.T) {
 		assert.Empty(t, results)
 
 		// Cannot pull from a private repo we're not associated with
-		results, extra = private.ServCommand(ctx, deployKey.ID, "user15", "big_test_private_2", perm.AccessModeRead, "git-upload-pack", "")
+		results, extra = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_2", perm.AccessModeRead, "git-upload-pack", "")
 		require.Error(t, extra.Error)
 		assert.Empty(t, results)
 
 		// Cannot pull from a public repo we're not associated with
-		results, extra = private.ServCommand(ctx, deployKey.ID, "user15", "big_test_public_1", perm.AccessModeRead, "git-upload-pack", "")
+		results, extra = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_public_1", perm.AccessModeRead, "git-upload-pack", "")
 		require.Error(t, extra.Error)
 		assert.Empty(t, results)
 
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index 0f7c099c70..f968f8df81 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -1286,4 +1286,18 @@ func TestExportUserSSHKeys(t *testing.T) {
 
 		assert.Equal(t, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWVj0fQ5N8wNc0LVNA41wDLYJ89ZIbejrPfg/avyj3u/ZohAKsQclxG4Ju0VirduBFF9EOiuxoiFBRr3xRpqzpsZtnMPkWVWb+akZwBFAx8p+jKdy4QXR/SZqbVobrGwip2UjSrri1CtBxpJikojRIZfCnDaMOyd9Jp6KkujvniFzUWdLmCPxUE9zhTaPu0JsEP7MW0m6yx7ZUhHyfss+NtqmFTaDO+QlMR7L2QkDliN2Jl3Xa3PhuWnKJfWhdAq1Cw4oraKUOmIgXLkuiuxVQ6mD3AiFupkmfqdHq6h+uHHmyQqv3gU+/sD8GbGAhf6ftqhTsXjnv1Aj4R8NoDf9BS6KRkzkeun5UisSzgtfQzjOMEiJtmrep2ZQrMGahrXa+q4VKr0aKJfm+KlLfwm/JztfsBcqQWNcTURiCFqz+fgZw0Ey/de0eyMzldYTdXXNRYCKjs9bvBK+6SSXRM7AhftfQ0ZuoW5+gtinPrnmoOaSCEJbAiEiTO/BzOHgowiM=\n", resp.Body.String())
 	})
+
+	t.Run("No exported keys and SSH principal", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		resp := MakeRequest(t, NewRequest(t, "GET", "/user5.keys"), http.StatusOK)
+
+		assert.Equal(t, "# Note: This user hasn't uploaded any SSH keys.\n", resp.Body.String())
+	})
+
+	t.Run("Exported key and SSH principal", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		resp := MakeRequest(t, NewRequest(t, "GET", "/user9.keys"), http.StatusOK)
+
+		assert.Equal(t, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN7KuFUnlztx/UM6PUTyiBAq5SeIqr+qSVFC6JzLQAh\n", resp.Body.String())
+	})
 }

From 46d890c8e15930921a7a4d6aaca4d1249bdf3089 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sat, 18 Apr 2026 00:56:08 +0200
Subject: [PATCH 704/854] fix: always include files set to be detectable for
 language stats (#11685)

- The documentation has the correct behavior about `linguist-detectable`: In cases where a file should be considered for language statistics, regardless of its category, the linguist-detectable attribute can be used.
- This patch follows that behavior by not skipping the file even if some heuristic would've said to skip the file.
- Document the conditions in more natural language.
- Resolves forgejo/forgejo#11248

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11685
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
---
 modules/git/fetch_test.go                     |   2 +-
 modules/git/grep_test.go                      |   2 +-
 modules/git/repo_language_stats.go            |  20 +++++++++++++-----
 modules/git/repo_language_stats_test.go       |  10 +++++++++
 ...1b1f6c24df14da4898b22c00ff8fb55303ac76.idx | Bin 1520 -> 0 bytes
 ...b1f6c24df14da4898b22c00ff8fb55303ac76.pack | Bin 2748 -> 0 bytes
 ...1b1f6c24df14da4898b22c00ff8fb55303ac76.rev | Bin 116 -> 0 bytes
 ...d0100ad5c382a7e8e1bacada4b66b927f29b72.idx | Bin 0 -> 1632 bytes
 ...0100ad5c382a7e8e1bacada4b66b927f29b72.pack | Bin 0 -> 3704 bytes
 ...d0100ad5c382a7e8e1bacada4b66b927f29b72.rev | Bin 0 -> 132 bytes
 .../repos/language_stats_repo/packed-refs     |   2 +-
 tests/integration/linguist_test.go            |   4 ++--
 12 files changed, 30 insertions(+), 10 deletions(-)
 delete mode 100644 modules/git/tests/repos/language_stats_repo/objects/pack/pack-371b1f6c24df14da4898b22c00ff8fb55303ac76.idx
 delete mode 100644 modules/git/tests/repos/language_stats_repo/objects/pack/pack-371b1f6c24df14da4898b22c00ff8fb55303ac76.pack
 delete mode 100644 modules/git/tests/repos/language_stats_repo/objects/pack/pack-371b1f6c24df14da4898b22c00ff8fb55303ac76.rev
 create mode 100644 modules/git/tests/repos/language_stats_repo/objects/pack/pack-7cd0100ad5c382a7e8e1bacada4b66b927f29b72.idx
 create mode 100644 modules/git/tests/repos/language_stats_repo/objects/pack/pack-7cd0100ad5c382a7e8e1bacada4b66b927f29b72.pack
 create mode 100644 modules/git/tests/repos/language_stats_repo/objects/pack/pack-7cd0100ad5c382a7e8e1bacada4b66b927f29b72.rev

diff --git a/modules/git/fetch_test.go b/modules/git/fetch_test.go
index 95a1fa387d..b7ead10d4a 100644
--- a/modules/git/fetch_test.go
+++ b/modules/git/fetch_test.go
@@ -26,7 +26,7 @@ func TestFetch(t *testing.T) {
 
 			fetchedCommitID, err := repo.Fetch(otherRepoPath, "refs/heads/master")
 			require.NoError(t, err)
-			assert.Equal(t, "95d3505f2db273e40be79f84416051ae85e9ea0d", fetchedCommitID)
+			assert.Equal(t, "5684d0c8cfdfb17fcd59101826efc9ff54b80df4", fetchedCommitID)
 
 			c, err := repo.getCommit(MustIDFromString(fetchedCommitID))
 			require.NoError(t, err)
diff --git a/modules/git/grep_test.go b/modules/git/grep_test.go
index 83ddb766af..5666a425f4 100644
--- a/modules/git/grep_test.go
+++ b/modules/git/grep_test.go
@@ -65,7 +65,7 @@ func TestGrepSearch(t *testing.T) {
 			return
 		}
 
-		res, err = GrepSearch(t.Context(), repo, "world", GrepOptions{MatchesPerFile: 1})
+		res, err = GrepSearch(t.Context(), repo, "world", GrepOptions{RefName: "95d3505f2db273e40be79f84416051ae85e9ea0d", MatchesPerFile: 1})
 		require.NoError(t, err)
 		assert.Equal(t, []*GrepResult{
 			{
diff --git a/modules/git/repo_language_stats.go b/modules/git/repo_language_stats.go
index ee4beb2f87..2832c4f572 100644
--- a/modules/git/repo_language_stats.go
+++ b/modules/git/repo_language_stats.go
@@ -168,11 +168,21 @@ func (repo *Repository) GetLanguageStats(commitID string) (map[string]int64, err
 			}
 		}
 
-		if isFalse(isDetectable) || isTrue(isVendored) || isTrue(isDocumentation) ||
-			(!isFalse(isVendored) && analyze.IsVendor(f.Name())) ||
-			enry.IsDotFile(f.Name()) ||
-			enry.IsConfiguration(f.Name()) ||
-			(!isFalse(isDocumentation) && enry.IsDocumentation(f.Name())) {
+		// Don't skip this file if it is explicitly set to be detectable.
+		// Skip this file if one of the following conditions holds:
+		// 1. Explicitly set to not be detectable.
+		// 2. Explicitly set that it is vendored.
+		// 3. Explicitly set that it is documentation.
+		// 4. Is not explicitly set to not be vendored and is by heuristic considered to be vendored.
+		// 5. It is considered to be a dot file.
+		// 6. It is considered to be a configuration file.
+		// 7. Is not explicitly set to not be documentation and is by heuristic considered to be documentation.
+		if !isTrue(isDetectable) &&
+			(isFalse(isDetectable) || isTrue(isVendored) || isTrue(isDocumentation) ||
+				(!isFalse(isVendored) && analyze.IsVendor(f.Name())) ||
+				enry.IsDotFile(f.Name()) ||
+				enry.IsConfiguration(f.Name()) ||
+				(!isFalse(isDocumentation) && enry.IsDocumentation(f.Name()))) {
 			continue
 		}
 
diff --git a/modules/git/repo_language_stats_test.go b/modules/git/repo_language_stats_test.go
index e3d8ba1f69..2bc57b56c5 100644
--- a/modules/git/repo_language_stats_test.go
+++ b/modules/git/repo_language_stats_test.go
@@ -34,6 +34,16 @@ func TestRepository_GetLanguageStats(t *testing.T) {
 		"Python": 67,
 		"Java":   112,
 	}, stats)
+
+	stats, err = gitRepo.GetLanguageStats("5684d0c8cfdfb17fcd59101826efc9ff54b80df4")
+	require.NoError(t, err)
+
+	assert.Equal(t, map[string]int64{
+		"Cobra":    67,
+		"Python":   67,
+		"Markdown": 15,
+		"Java":     112,
+	}, stats)
 }
 
 func TestMergeLanguageStats(t *testing.T) {
diff --git a/modules/git/tests/repos/language_stats_repo/objects/pack/pack-371b1f6c24df14da4898b22c00ff8fb55303ac76.idx b/modules/git/tests/repos/language_stats_repo/objects/pack/pack-371b1f6c24df14da4898b22c00ff8fb55303ac76.idx
deleted file mode 100644
index 186136cb126104a88a2d5b178914b1c1dbc86f17..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1520
zcmexg;-AdGz`z8=0|gj?79(SjTaYm`kWUU~0qP?MvjX*D!)!ot5N4+l<^Y<Dj5&e)
zp@6x7?&QXSd4S^7#=Jl?2NLrE?WY9u1ND=F1%T>lj^$n@L~4iL*%D*MH0Pj#qS4FW
zr8!F5R<U-3nR47{pU<XJaN_jwO`mqFO?%+BHQitPmQMSH+bcMNy-!LpnaH1tj$3>$
zGWSUHQy<+;ZN_Kyr#q>>`Soqr@AHf0mY%*LBx82dwV>7G6w{Z=RYtS@S3Ia(9Tt`(
zqTh4b>jZOhpLgd}kvyYWtPiIB(kWkHn{d;H@4#%U!|Uz`I!@O8QgZLmj8!Q<=4<Pp
zc^weCUl)0)YSLrjniRgit;u%;@@)TFUHH}beZkR33H}Xd``@+pF0IV{ZC>D>SRlRQ
z1;g5TpQm09h}Ydz{Dk}Y{1(TAz;&%JU-7P5B>lsuTbU)H*ZzccNrl5F*QA-J4z2$?
zW&NeM0_L$<-GzbD8>GagZ!KN@_~;j%b&-8$dR@KSG+a}!?S59Z?fsd3PbTes{r=<e
z13&7UUt0NY|G3!vre&q4gEK=2YuluKVW&jQ*jB%se4yBSzs#BE4m=9GnVi4ZU9;h`
zjR?#*zVT@Fvb&Q`w}r+U8)v$3J~_a^z-0i$z;cJ95m?;01G9c6ki7+nzX5SDkbey*
z?+BE82TTvZJjH1VEQ%C>VtGJ$26Jio9F_Ybw>)NS(qZ`DzcrY7O<6^|^kH*Z{o8Uv
P9(ikby)sPtbZa62Y)$41

diff --git a/modules/git/tests/repos/language_stats_repo/objects/pack/pack-371b1f6c24df14da4898b22c00ff8fb55303ac76.pack b/modules/git/tests/repos/language_stats_repo/objects/pack/pack-371b1f6c24df14da4898b22c00ff8fb55303ac76.pack
deleted file mode 100644
index 046061c688b93c0f08c8aef52e1d1e5470de40cf..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2748
zcma)*Ss>Jl7sr2NCuVRhNx8^2X0djokll<y)^S6W7{pbL<&I@s5<)4m#aOasCyYuW
zp}*OzBd+C+C5G%vMC7k~AMVTl;s0>nzUO?;`J8iXjZ82A0B{_KaF!{7l<`EjvC3T7
zJSeLBQ#v9(PxVq3D8|t3g@CYE=P$A#&kU~izjpPrw3JuNmm(*x=8?QrF^`K$=1xv1
zc%?uKT(+Cft>di5PqMt%Gwp<pK)9~xvIY;J^S!Et+lP$%P)nPcWRm#Pv>QP!J-(?v
z*{y{zv}}J1vyY$jF${WQ{XgrZEHH6*$m6Tz{$b<F9~>(6Bv}-k2BZ~1lX?oSj=)(r
zjv{`75CYY|uJ}O5C`~aDc%y6i0eh$R$JA^94(<Hcu!idL2DgQWWg%xXIxj4dVszgf
z-iIVUos-5jVVQH_i*rlzRbQtMY5axclG{fH8aKnfdLz#hz%mw29r1PV^4+dCL}{j^
z1e=u!u~5J1ZhP-t6hg|?>3eu^^=HVXr|%PFGUgX>m6bK6)6RdHIdFZjKT~lwwp!t$
zYEEs5!HesSEZkwGp#6s4O2K)Ms7J2W=HA!$%5rLOyOz?B>~3Pt)aS7d;kCqBclXWP
zsIBeD-^X{}33NQX-fb6rhF{bWe5+O2mGH*WA!c?-@X86Tb(cRQOM=5f9Vsg<;o<I!
zmb+ysPuiH8dq!K@=6BtFxUNay+vFK7#j{2tdRiDWY$D<Xg1Lw^AmH@DKDR7|-;j;g
z*1=!QGb4}}PQjX`sa#VtS$ya17F;Zs{qPsQJ~4PNc@!pH3{C0Wum1}>j!&7=(X*m3
z&l$Ybp@jL#xX#Xqyo)kmmn>hE^Bk^eR!I^>Zs$dCIez!X7*8xGz72Rj`d!dFc<NTD
zty$1F>SD@xUXlryibvGDglEBU+!tsHuS5IxoN`w<m*Sntdx;N4YCh{+dbaUFTC>ca
z#6bJru<(O5$VEe5k`+wUl%C{Y8O_nIfB%`SG};)8R?C0F){$BnsH?0FywD<W=4Mrb
z5`we!KRB!C@cW_5QoK?6yKR1tYIg}Pn~LhpfrIbhVG%!APS`V6qSM1$3-^*quDe%)
z&ifNJV4yY*$L_P1x`~0Sw5SRb$0wLzJy&Om+!Up}7KryH8!hX6AuQZ|_#hUzR4MbN
z>r$`p&PMwKIa|Bv=EaRMI_=i0Wg7qCHXh1Wv<N~U2zmT=MKB#gAm!1F0y*Ub4F~j}
zueW5F$4k{KCsn$0$D&iy)a7j=4x62OHZg1Cj&Z^Ya}QE=%g)I=<Hn@R>O~}w_9){M
z@~b@#YdjN<x_CzFj$>}M=_|X<d+zr#M1m&CHONaV{#GYPzSnG>oE2bWUiKZWUdSq*
zYiZg8<+nn*Or=|kErPu#0w=9J!X`J_4Sz0gYU_85;|>3KM?5f;(ro<3E$w1CkZX3_
z<`YV7l{sL#8)>#SAXKaoMNQ^7$%$)z@tVLJtaUk_C$`<drf9k0zI~NFnp~a+mJ#8Q
zw+!Xrb%>V`=GE%ye%$MsO4-rKTNQ@&M=A|M6=tL)5BW;KDGS_pAFbVH#dyq$G=5_Z
zz3RNPiAh+$6)mEZIqjDs0zzwPTbB^WGfx&Djr1l&ss^opdG6(;b$ZHA=GCd3v)nI}
z_nnVFIK6EnQxT2D^XFSSl|JXBfmyltT#m%Di`mNyzT&Yly_fAHG&P@QrMK=JQTWyS
z&1^ADqepg)^%YtkUig@uRoh^C`jkTWc<*;=HrlY@O^<(1@pnCo5V3O*jbTDA&~1bZ
z8(dKiNQn3KC(cR~I76usu-8+_wlhtfkKR_c^9)_37L2}JPOS-)`zZ&4Jp1l!6n*}x
zKJ$a9cedVu$z15fhts|8bYHt!hk!Lcmm%|s2=}^+gh}VD+2m@`>4?CqX@L8xxlXEH
zP;fpht^R-ywd)G$OI9{Gpyp&%E0*f6s?iT3+gKr{<N-x~oF1bzEQwFnknG9Ae{w<_
zuQr}&?Hs(Howph=@@LUR{h*xdg0#0U%<M&h)L3D?Sc65$prne(l;GhFA&-%qwekuX
z+7v^wH68rkcT%dfo*}oHO>{CI3P@?$DGzaq)cs&s*LLmGM^hm4!OpV@*UPG#mj1ex
zO$3u)LTRa&!{0_Cll1+9QCk9Ir-nCIzm1Rk*cO!UdOm<90X9)EW{7lGSd}Ex$Gs<f
zd<y3ianWn}`nQzpj8sa0f`#JM5Wm9eQ6@E6v80<iBn@ingY*5aFS>g=q~&8mEw0)w
z>S@OYH=A#SdUL;n8rD{vS8i0(Y~934D7FwE^GX&1g?AoET>O37siM{7@YUou^^|?j
z`O$<XwXU44;;r+Jc|3}7nQB>#yJeC%qZ~Q>Yhsiy&(pVL5?<-Vj$)BWeCXy)tUdk{
zt@aP-!`k+1_N2g%42{+nnaV|FP?T{xtcyi2@7-YCms8;DV7}zLrhWZ!hER^-j+~px
zXwsX=l%U{ljeNctm-#byJ&2h^#qmc+fW`)IF3d~18cZN*X{)PiY1s8+`rv3d6iT&H
zMW7Kl0+zgT_>_2AX@z+BeRhNM(&t<cm%W^mK#Z}aCtBX*y|r{3XJZYx?#<5&I#+fv
zl(!~YSSe#cD$|-iY|TWJ!zn#|L$GV>7dl82>`7fGg+5=2rC7iAV5;P(u@%)4j$txT
z3<|~PS2Aip;qpsOjB(u||5BPj!sS}D*0cFJCEWaCM(KR%C&|T_V0E2}w!JUEjjU}Y
z&t>Mf$tm0j9U>Qsd&+j%l&3-s=KYrn!p;b{cu0m-+#I|yog-!dICgn<zu+N|h6Z66
z28N<GNIUj)?4i&xY797XAdauB?6%*cxU6ZAXv~AIZAVx3K}nG*l88VY&U|{noajoU
zfAW-tJk!)ar$$zJ!Q~48RU`7*r5wk|Gysmce?>fGKgdLL**AaIpkMp#2yTn|T{Kh)
z*wq1_F8`ta2e1knfke~j=wTWHid)y|-Y&&w3<MmBLsXp;;uI4XcHMY@pE)4It(*kX
z2}%zfi#irNsUU0+SX7M)ngQ#j_c`<*Cu32n2s?nvp372EP)&D~D3MT>^p;4EKDTfO
z1mrWs3mdrzBnK>(??(}!$TV(-K5>`i7}sPaYnN8{I1M63`vKlrrB98Do}N)vq0(Uk
zwwpk5Tx?gm_G@6?O?>$8DgWua$C^$b`oYfYwmorcX}p%jmZTx{i6*EI%VqvXFo4%z
zSg@X#K!T}QQz=$hR4*Ei#IFCafc))HId88LjS|mN$OI}H4(MWW6J2z@hf`@q^w#Z#
zU*o!pwmq$p+=cdWQ`DI>rrX<tLD9Dyg#l=r{CLq(?Ku47J4u!~AKe7VZe%xrYM>-r
z@-Nh$A2uVfa<Bh+XB@zgl@MYTbkCbWis&R{-npB7f1>IhYNh|8t0z5s{<Nd5cKF^K
zZJ#2xC(t@AxPpsSCy+2rdDl97xB(s_D0CGRCr2QGWPs_TWe@}OSVC;9v}(3{8(w=Q
z<rieq!)6sT?~iX%(Zy^p2)ONdbN}zPjYm_{9vtW)kpP7)aqGPF&jAW7u`yJ30~|Pd
KM0Vh;4*f4W|3eG_

diff --git a/modules/git/tests/repos/language_stats_repo/objects/pack/pack-371b1f6c24df14da4898b22c00ff8fb55303ac76.rev b/modules/git/tests/repos/language_stats_repo/objects/pack/pack-371b1f6c24df14da4898b22c00ff8fb55303ac76.rev
deleted file mode 100644
index 7d8c6f3562cb7f404e217d88476d14054edda877..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 116
zcmWIYbctYKU|@t|ZXnGJ#9Tnk3&i|D%nrm%K+FonY(UHd#4JF}0mLAEAixR4eCE>f
sIV$%>Zh6euq{HyPe`_%FnzC!#o*g{p^>kaQuG6B;ywg|Kd}`_f04JCg+W-In

diff --git a/modules/git/tests/repos/language_stats_repo/objects/pack/pack-7cd0100ad5c382a7e8e1bacada4b66b927f29b72.idx b/modules/git/tests/repos/language_stats_repo/objects/pack/pack-7cd0100ad5c382a7e8e1bacada4b66b927f29b72.idx
new file mode 100644
index 0000000000000000000000000000000000000000..80e1ee36b5e03a9d7315b57de3ce8f7ff7ac4e2c
GIT binary patch
literal 1632
zcmexg;-AdGz`z8=0|gj?79(SjTaYm`kWUU~0qP?MvjX*D!)!ot5N0P4a{$#7gE@if
zkTDmKPcG&L>V;t*Ae)w$7ic~o4$Kb}r#2P<nmLeI5NJOoSO}<}6f6u>kBmite5zx)
zR|%2Yp?9{#m@&;csGw-{@^@*D(zaEs9bu*%H`?d3sT7<zeSFiW-D=YwxNS}M*S@9G
ze&O~Cj$rSTQcNcDr=sH)-;2yW()`p%cT=13S^eows&9UM+x7eWV!5TKZwSel-E=Kz
z^*F`!rE-<gZ2uJxDp!YvC5h<wT=qJ_oZRQ#IaMUjXcp^(X}@&J7ubfiTsU$5{>J*V
zkpdEG?@#^@*}?lI;ie7Wf!S7v*WC|voUHq$<ldnft5ST-*VaGtIv{kvF7i^<q{qTF
zDSXAsCsdYv^_Q+)<TX=aX2Rvl($o`WkB+V@`mp`5-mUnQcQ>mXnZ;iJ>D!uoM<CDk
zuhoTLjo%j>eU#weaJK(lYwyy^+~4K}?uiA`J6<rXo%ea_<$!qIO~p^RpU-b`ObA@p
z`tlX;szuU2e7coc5_;`VSeH~dd~!{idFs&mzf;y<dMjWao7G(yD7`^ST>941)sK&U
z(ODPSXQtQHyG_G2_1f-dRomX5+4p49-q-Ix9zXD-zWJq<@2j}i0y!QJ#IDT`DL6VS
zImG&k`=OZ1^ajKEy=e~43?Zy-llFz35;0?2{c`ewV(<O7l9P7JoO$lRqp+JvX5Z1s
zjEj5^x&KKP+i=-N1ZEuHc(i)i-RDYWYO%(~nc*uWE?i>~{mH<<`v!;)0*eA*S<BW4
zq+bHD2@sb7(-W|K;Jyr$4+GLMz+xu~$o>l~>NJ2wuNzQ$Cy?I?%;s7^dJ|C1?wSh%
sTvrb_Er0QF*Qs0HX*<<F%`Un&<;-36$-8Z}or`q3<K=mU8B*5*0LOM7+W-In

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/language_stats_repo/objects/pack/pack-7cd0100ad5c382a7e8e1bacada4b66b927f29b72.pack b/modules/git/tests/repos/language_stats_repo/objects/pack/pack-7cd0100ad5c382a7e8e1bacada4b66b927f29b72.pack
new file mode 100644
index 0000000000000000000000000000000000000000..94b6852051163b7124c7849e1843320c7d57a1e8
GIT binary patch
literal 3704
zcmYL|cRUpSAII-xB|9_aYn^rH%(7SJ*<_SW93pb4v-eEmY>tMJ>|G>#-5{Hc>{T3&
zoJ4;5eIJkC?~l)a@7L%3dOcr{w~4xjJ^%n9yL>D;nn-l!IEJ}g8xXs!Y&;tLy&vvX
zi8Z8PVKO0S0Y0OpYmC54DTRv4X4>76$JKm?T+|J4@GvzbGCK9bCA6;&tjI7+r47g}
z6eYOv3?#@6Gnc;zI^*oJ*Odp-aOU?zRwNi6CLiba9wt*$2zH|)NODmktcDLqkJR$x
znBFasnmPLwZfMV6<X*g8%nJB@MS|Kls*_I`cteWO40dnY<>tXf_{L+E)SG7~!Aa%Y
zY_+$!<^zUM{}fjILC}~)$eorB)*}Yjk2KAj2#(z>zM-Biw;FC8+LaAp^86lw3f5ZT
zc9Urgf!k+4SWGHz?XlLQ8%TVKP0#BDM<0a9%bQnzkQUuLR<XO9{1td`Ah>=bctz+y
z(`1EhAa9L@N2e<NHbPP12VP^MRaED$hYjd3>v)zw@F$h`Xv<SC_HzM3g_XeVMPRvX
zon*+J0AU{LzMC0&i`z*oU&n~cW1rcnjlG8`IYo>d7($T8Jv}Mh88`wnmq1vCoaA!K
z%@$9c$VA`8CRtCH>1$_@HszuiD~BfYZ$a5FPbyOmmDbZ;TRqW%HczbOG(<rU?T?b|
z{PW2gMhA7A!i+P$hBn?9##K2GNXG;rZSE)YC&~kM#9wi~Biyw+UitZk-F|K!Cvy7P
z>=fpYgE(?0DC@o*NQy>h%S#n~@E7XPO!NtV<}g0Vu*J%<9L*87@4Z0!X_~trgkK}&
zlc6R?-@H^9a1z9o^Tk#ZOkd7*&yj8`)=Ym@icMrctT}W|`&3M8vTgUe%2sMwG&6zh
z*1(kg$l=VI#YMxovGD-wt~&HsHpY-DJN``__?zp&D$zV2A2OUtJUcyiz3Q^PW~L?x
z;pC{2V<D5-9%=V=kd&S9Y#cL~Wnr*Zl{f|+NU11iKVBGr7G7NisOc6ua%C~?ge@a0
zn>8nPy1wHQ%Vd4Ixs8YI+MTCPfYMdyrx{QiZZM-rzTp(yW_WJ9`CEpuE^x);yvoXb
z#Tzw0-3V8OOv&wK{|pk042%e~8~-Q008H_9$}&vyBArat(-&!WAyZ^Ma3LC(G{$1S
zmTv6A5nhb!#c=eoQu1^63*3<S$-cc~XP*7{a?<4+Dzq83{lfazGQ{EvL{+nak!rSe
zG>k4icX)u#ndBYcNXpsLLWHs(Aq#c|Xjf7F)FQODg@rDpoTe4R(?@OF#V>iChsr6-
zlu;cB?~N#}cL4Nsi|W|+XC{c~8Ld1=v*w~6`n3+ar@7^{y#~X0Mp`GnTt!a>id@?t
z*hgp6hmyt}PS{V+8+OCVglo|}x)2-y^;RTl@Ri*(Wbxre@O1{Hx5UY=o5(DtF)|pT
z?pWyc>&EG<xDkL%rmzKEUs+afyY-?pfIqWG;RiZWzVkeRAu)HI3*Klsu}-hJ{)4aL
zWceI-^>tJ6lM5BeM}a4<P+25Bw~j?uTuo=8ty6uNR7#4!Rw>=0?qm5Q*I$ZsP~IA4
z2M6+zOx}!)QzUoh#umK1ysBi`>YLU*@_w^h@A;!E1r$Z|s*6?XoEjG4=jF6!2THrI
zWP!{M`O?H+C*4B4;t<o;l7O7P(7dJZvt5jPiL3VZ#3#CkM<LJVjyq|(UO4rc`ro?B
ztVZwCCS-&Bq<1fJ^#|>PYtsAHUqg!h1D~2>c3Xpj?6>tur77v{6H>p_4`sBY?A^#6
z*%0k~L#;)t>P$+~`dXHWVs&B@+fWrGT$$d@N00GSlltC1{ZH+zV5q_ka5EQ{d}$?{
zTGn*ST5rb#p>UF}(#?Jm$W<hg(sNq-&2kQrvLvTufSI_h@<9$0=)rBXy28{Mrm|VQ
zW5??}S=B6@L<>DC2qriG<Enpmekbv>*SncNw66Y3K2J@w{C;D%Q|1biG{}V=!aC#M
z_(R}7MN+8lbsVh=^#+lHd>3L8UocgDms5Rn(9b1RYK9(yxj)qL0N3+IFnnkd&=40)
zFMKeQCsW(~eN%9zAsQxLn7%2;xjR}@Ug@pSN^|Q`MZBQcm9_!6K}1l((;ZH#FlAD^
z$IEIG(wYd8m>50#LqEyn0nQ72vzTb{!e=YyIogKwz)#jQR1yqqCo}Kk*OO25Cg8%}
zYnZ3&`zzU4vE`=-7PK<Bsv1cf7SdTl>?hBn0jlNPKYLY&-H#7Cl6g%`Bbv7lX7M<m
zk2|=l=SK*UO^}Ws?2OLg@dMfn1|+%wr|x})msV|5`Q3hNrgj`>tx!_AJw-Gu4JE;6
z6nx%nHAvLon=_AP6j)DAlP|r^X9b_-Dy?N=gPQ5yy~alvythX=Z!V7*N;@{suhjf#
zN{q3O$z<|dXsUv$?s^(<O#i7m<XENI)c^41f}oIHwBFkI3s~63(5uPSR;1(aI`6$;
z;1IY#+^qk)LzGeOnnS3CcZQy+aY{A(rr@&H8_n0cw3&{nuFwW(l0vlhM(K(q!?4fE
zIIh5(>spXh{?f*Al+hh3MsIiO6U-{iU`=HxdTu5%KE0=8RQKZ87^$QO`%;IU(=f-9
z1q4R$NQmH=h`<Ub`#E(neaaR^)XTjmi;)hiObx#m$3OP?67}QveIl6TvX(tkn1C>8
z8N=exxh#&Ni|OI`5K+JVpYL2Oq;D>HaDTj!$4~L$`Ki_A1!uG$WPxCoh^vKq7A5bl
z;OH0gW2`S&a*8&0w%l2xBZrO6f~BN#voqR`FECdnMzl=yC)8h>Hq^eCc5p#N9urLb
z@fk}3L36`@usJZbSDyww2aEnF=>)LcW{{jj<^%fF;elhjLSFH4?w+BmY_F_Du)*M#
zC20Gt#w#yBmv>N(+hJeLeAr2=^5(ss#{lK;<PXDd*eOr+GrQ&}jcTkvo$tRnY>#(0
zUA^bEM{PZ>Js)geqljFv%3gh5$-ErwZHEHb6SU>hl>Gb)!Km6ZYF&~I!<XkmDreZd
z>`G9HJV6|P7Sg^LpxHDEx(ZhsDhW)Y=22^MUPP=}!0r+nuC?`yCFB$kyr#dtov$6^
zwb|lwbq8zJz2cmGUCUChQ#{5l%(O&%{*caLI&ZJ+JvVM?h`lX?zT16)v!r&2mzWc3
zad+G+rS-Thz#>GxU#+IyacxQykd=J=X5PkFl&I$^U*3q+xbqa3W*qc61e&Dm;jep0
zGkar_NccTB=VtP%jO3gQP68N(fhPjEdIKxiC*14@gXWgtZo!H!J5Ik-oQBdcBk?*Q
zy8w^Zl`|9A=b+*~>^K*&@e73dnKCo!W<cvyd^Nn%G%UC4fMSz+8vE$93me#8R8Xc~
z)oj?f7+<8rI_vVB4j9yP#-{je+2Vbh#`(vE-x4XO&KooFjpDs|hee07<^`0X*evnv
zp{P=JxOyHhq9ruUoig`x6B;3S?HKfyDefupk);`84Obm5@}j!K(G2Z9H6+>A%3Z!K
z1Pr^I0q$MImkl2*Ch!VScTIetc9d~S&7{jyJLa|3m`VB+lH%vzCs|0nV!d%I${{o>
z6g2np0w8%nl@E5|dc%Z7OUp<|NK2ZI=zoF0AR;1I15q)U7+ly=<xTxsMTh?`UrjEJ
z^mV9JR%xL`Oc^aA!2cj%5@+ayWF=Yi46H`ZH2vbG&~XFB-*@m;b#ZodbbOtPx{n%6
zeKH=m*XdQ!^MgR8U^I1ZhS(cPwlI;F3b^hUa6RCfsJ;~O@Q8+^%}7Fs6!^@D6(gP3
zcj`DRUO=R1W=yYV#xVy-oB1J#oR(s!Kg;7)c+`kzcz0`Y_j0=Dm_b=!OJZ(dkn8(E
zkzZOtJhy0#%6-B@=YIY^b8abl=R=LjS@0KgkL94QyZ*=}>E*B4Q#X667{auceR<x|
z{f~mN3;=(AFHkEL60L<-q>tcX)EX_cxNpo?*@?}h-H+l>p`@Jhc}ua283HMrhCDvq
zz}O^#l4o2mnC#QSvIL<{Pda@q=k9azjW5LFneAjXD`<t?A&We}*SX1rysl4N3%>`>
zP(`BeS?=o&VK7$0U&OI6(={>xNR7OrgzOT$B!Db-Wi5GPz88gGbEa(aV3=<%{q4Cp
z=F#yam_nzP1QQVikmTrZmi?Xnw<ckj7!-!X!zOWJBJh2=zM~RE=BU>ND}$(2d@Lw&
zi)2d)_=k*Pvh4~IeGM}RvDCdBwh$IG60_8;5{3<dhw)$Tja-T?bw$NY0ocv;Y+(V>
z40E<(HX(Lbwv33|TfRU*;SlTV2J*k&Evf&00(h$#yMmvOLYv1n8t|B+YEn@QEV%#2
zT3!(q#^S-FCPcvV*y!F2nHIo?E$ifeQ~v9F&=8Lw$LT@zU7nbQ9{!lCUfg8Ii7AI_
z==SfFda8o~RGy5qwU=dpg$=P7154du7zFw+IflRBmdiKHgd=oWvjwsM@9WR-EV1*w
zc%>IhsJHmGqpka~y>E}44WSgT&0?3ZE2s(E&u3%IpUGZ(!Hf#ym}g{S5vjgOdU;c}
zG)=Zmwg9Y(AW!lCp$`5{G7T<s*;nX7&u=csTL^q{XZsQD(czC}pCJQ`8_<anfU#gC
z8psV;zDOh60j9FCYy>s$;oH|xpMUHf40N7^M{g?_rWtqBQ!(4PL|Y=!6?*7YY5;jE
zaOhI&hD7HN`e*q@<s{5k#OUshDB3vVb2e_8o5%$H`XuA#{LL9qUr75A9>aL4tS@lv
z8KeMET?f7-0OR=ow|D68-r16h)xIN0^@Ef<(4-g5!dk9VpVGXG7I^8uwqLeBJ_gnw
z(#MF8{iSU_h{5ZN4?&=#vDBrdPdv6+c{Kf)Ba?fN%;zGosN^#xC=`I%Wb+9bVWgSt
TiF&uS+=`vmhqnk3^AZ06PcRwE

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/language_stats_repo/objects/pack/pack-7cd0100ad5c382a7e8e1bacada4b66b927f29b72.rev b/modules/git/tests/repos/language_stats_repo/objects/pack/pack-7cd0100ad5c382a7e8e1bacada4b66b927f29b72.rev
new file mode 100644
index 0000000000000000000000000000000000000000..c2e2e3aeae5ba8e39983452d5e8a8abd4ec4b528
GIT binary patch
literal 132
zcmWIYbctYKU|@t|b|B3M#LPg<3&h+&%mu{4K+FNeOhC*E#B4y!55z1$%n8H-Kr95r
zAag)~2Z#l0E(ma4J>0bX#lu~vZh5EeRR1))C{Jz43h}7an;Ys{iZ=-wa+XI<&;$UT
Ct`-mg

literal 0
HcmV?d00001

diff --git a/modules/git/tests/repos/language_stats_repo/packed-refs b/modules/git/tests/repos/language_stats_repo/packed-refs
index 63e01583a4..b046027fce 100644
--- a/modules/git/tests/repos/language_stats_repo/packed-refs
+++ b/modules/git/tests/repos/language_stats_repo/packed-refs
@@ -1,2 +1,2 @@
 # pack-refs with: peeled fully-peeled sorted 
-95d3505f2db273e40be79f84416051ae85e9ea0d refs/heads/master
+5684d0c8cfdfb17fcd59101826efc9ff54b80df4 refs/heads/master
diff --git a/tests/integration/linguist_test.go b/tests/integration/linguist_test.go
index efeaaabb98..06ff1bd22f 100644
--- a/tests/integration/linguist_test.go
+++ b/tests/integration/linguist_test.go
@@ -156,8 +156,8 @@ func TestLinguistSupport(t *testing.T) {
 
 			langs := getFreshLanguageStats(t, repo, sha)
 			assert.Len(t, langs, 2)
-			assert.Equal(t, "C", langs[0].Language)
-			assert.Equal(t, "Markdown", langs[1].Language)
+			assert.Equal(t, "Markdown", langs[0].Language)
+			assert.Equal(t, "C", langs[1].Language)
 		})
 
 		// 4. Marking foo.c as documentation

From bacd8f365d9645f654725d189192d99ea7610475 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 18 Apr 2026 05:10:44 +0200
Subject: [PATCH 705/854] Update github.com/go-git/go-git/v5 (indirect) to
 v5.18.0 [SECURITY] (forgejo) (#12174)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | `v5.17.1` → `v5.18.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fgo-git%2fgo-git%2fv5/v5.18.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fgo-git%2fgo-git%2fv5/v5.17.1/v5.18.0?slim=true) |

---

### go-git: Credential leak via cross-host redirect in smart HTTP transport
[GHSA-3xc5-wrhm-f963](https://github.com/advisories/GHSA-3xc5-wrhm-f963)

<details>
<summary>More information</summary>

#### Details
##### Impact
`go-git` may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations.

If a remote repository responds to the initial `/info/refs` request with a redirect to a different host, go-git updates the session endpoint to the redirected location and reuses the original authentication for subsequent requests. This can result in the credentials (e.g. Authorization headers) being sent to an unintended host.

An attacker controlling or influencing the redirect target can capture these credentials and potentially reuse them to access the victim’s repositories or other resources, depending on the scope of the credential.

**Clients using `go-git` exclusively with trusted remotes (for example, GitHub or GitLab), and over a secure HTTPS connection, are not affected by this issue.** The risk arises when interacting with untrusted or misconfigured Git servers, or when using unsecured HTTP connections, which is not recommended. Such configurations also expose clients to a broader class of security risks beyond this issue, including credential interception and tampering of repository data.

##### Patches
Users should upgrade to `v5.18.0`, or `v6.0.0-alpha.2`, in order to mitigate this vulnerability. Versions prior to v5 are likely to be affected, users are recommended to upgrade to a supported `go-git` version.

The patched versions add support for configuring [followRedirects](https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpfollowRedirects). In line with upstream behaviour, the default is now `initial`, while users can opt into `FollowRedirects` or `NoFollowRedirects` programmatically.

##### Credit
Thanks to the 3 separate reports from @&#8203;celinke97, @&#8203;N0zoM1z0 and @&#8203;AyushParkara. Thanks for finding and reporting this issue privately to the `go-git` project. :bow:

#### Severity
- CVSS Score: 4.7 / 10 (Medium)
- Vector String: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N`

#### References
- [https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963](https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963)
- [https://github.com/go-git/go-git](https://github.com/go-git/go-git)

This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-3xc5-wrhm-f963) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)).
</details>

---

### Release Notes

<details>
<summary>go-git/go-git (github.com/go-git/go-git/v5)</summary>

### [`v5.18.0`](https://github.com/go-git/go-git/releases/tag/v5.18.0)

[Compare Source](https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0)

#### What's Changed

- plumbing: transport/http, Add support for followRedirects policy by [@&#8203;pjbgf](https://github.com/pjbgf) in [#&#8203;2004](https://github.com/go-git/go-git/pull/2004)

**Full Changelog**: <https://github.com/go-git/go-git/compare/v5.17.2...v5.18.0>

### [`v5.17.2`](https://github.com/go-git/go-git/releases/tag/v5.17.2)

[Compare Source](https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2)

#### What's Changed

- build: Update module github.com/go-git/go-git/v5 to v5.17.1 \[SECURITY] (releases/v5.x) by [@&#8203;go-git-renovate](https://github.com/go-git-renovate)\[bot] in [#&#8203;1941](https://github.com/go-git/go-git/pull/1941)
- dotgit: skip writing pack files that already exist on disk by [@&#8203;pjbgf](https://github.com/pjbgf) in [#&#8203;1944](https://github.com/go-git/go-git/pull/1944)

:warning: This release fixes a bug ([#&#8203;1942](https://github.com/go-git/go-git/issues/1942)) that blocked some users from upgrading to `v5.17.1`. Thanks [@&#8203;pskrbasu](https://github.com/pskrbasu) for reporting it. :bow:

**Full Changelog**: <https://github.com/go-git/go-git/compare/v5.17.1...v5.17.2>

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - ""
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTEuMCIsInVwZGF0ZWRJblZlciI6IjQzLjExMS4wIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12174
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 6db142399f..3043c49651 100644
--- a/go.mod
+++ b/go.mod
@@ -175,7 +175,7 @@ require (
 	github.com/go-fed/httpsig v1.1.0 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.8.0 // indirect
-	github.com/go-git/go-git/v5 v5.17.1 // indirect
+	github.com/go-git/go-git/v5 v5.18.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-openapi/jsonpointer v0.22.4 // indirect
 	github.com/go-openapi/jsonreference v0.21.4 // indirect
diff --git a/go.sum b/go.sum
index 9601411c69..41c8d684b6 100644
--- a/go.sum
+++ b/go.sum
@@ -283,8 +283,8 @@ github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66D
 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
 github.com/go-git/go-billy/v5 v5.8.0 h1:I8hjc3LbBlXTtVuFNJuwYuMiHvQJDq1AT6u4DwDzZG0=
 github.com/go-git/go-billy/v5 v5.8.0/go.mod h1:RpvI/rw4Vr5QA+Z60c6d6LXH0rYJo0uD5SqfmrrheCY=
-github.com/go-git/go-git/v5 v5.17.1 h1:WnljyxIzSj9BRRUlnmAU35ohDsjRK0EKmL0evDqi5Jk=
-github.com/go-git/go-git/v5 v5.17.1/go.mod h1:pW/VmeqkanRFqR6AljLcs7EA7FbZaN5MQqO7oZADXpo=
+github.com/go-git/go-git/v5 v5.18.0 h1:O831KI+0PR51hM2kep6T8k+w0/LIAD490gvqMCvL5hM=
+github.com/go-git/go-git/v5 v5.18.0/go.mod h1:pW/VmeqkanRFqR6AljLcs7EA7FbZaN5MQqO7oZADXpo=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=

From a11d0db2e16a3be691abc00c31adce3412ad9988 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 18 Apr 2026 14:48:45 +0200
Subject: [PATCH 706/854] Update dependency webpack to v5.106.1 (forgejo)
 (#12109)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12109
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 41 ++++++++++++++---------------------------
 package.json      |  2 +-
 2 files changed, 15 insertions(+), 28 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e6c087cbd5..0e286628f7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -77,7 +77,7 @@
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
-        "webpack": "5.106.0",
+        "webpack": "5.106.2",
         "webpack-cli": "7.0.2",
         "wrap-ansi": "10.0.0"
       },
@@ -12101,27 +12101,6 @@
         "node": ">=8.6"
       }
     },
-    "node_modules/mime-db": {
-      "version": "1.52.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
-      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==",
-      "license": "MIT",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
-    "node_modules/mime-types": {
-      "version": "2.1.35",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
-      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
-      "license": "MIT",
-      "dependencies": {
-        "mime-db": "1.52.0"
-      },
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
     "node_modules/mini-css-extract-plugin": {
       "version": "2.10.0",
       "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.10.0.tgz",
@@ -16139,9 +16118,9 @@
       "license": "BSD-2-Clause"
     },
     "node_modules/webpack": {
-      "version": "5.106.0",
-      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.106.0.tgz",
-      "integrity": "sha512-Pkx5joZ9RrdgO5LBkyX1L2ZAJeK/Taz3vqZ9CbcP0wS5LEMx5QkKsEwLl29QJfihZ+DKRBFldzy1O30pJ1MDpA==",
+      "version": "5.106.2",
+      "resolved": "https://registry.npmjs.org/webpack/-/webpack-5.106.2.tgz",
+      "integrity": "sha512-wGN3qcrBQIFmQ/c0AiOAQBvrZ5lmY8vbbMv4Mxfgzqd/B6+9pXtLo73WuS1dSGXM5QYY3hZnIbvx+K1xxe6FyA==",
       "license": "MIT",
       "dependencies": {
         "@types/eslint-scope": "^3.7.7",
@@ -16160,9 +16139,8 @@
         "events": "^3.2.0",
         "glob-to-regexp": "^0.4.1",
         "graceful-fs": "^4.2.11",
-        "json-parse-even-better-errors": "^2.3.1",
         "loader-runner": "^4.3.1",
-        "mime-types": "^2.1.27",
+        "mime-db": "^1.54.0",
         "neo-async": "^2.6.2",
         "schema-utils": "^4.3.3",
         "tapable": "^2.3.0",
@@ -16286,6 +16264,15 @@
         "node": ">=4.0"
       }
     },
+    "node_modules/webpack/node_modules/mime-db": {
+      "version": "1.54.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz",
+      "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/whatwg-mimetype": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-3.0.0.tgz",
diff --git a/package.json b/package.json
index 0415b40868..969e77006c 100644
--- a/package.json
+++ b/package.json
@@ -76,7 +76,7 @@
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",
-    "webpack": "5.106.0",
+    "webpack": "5.106.2",
     "webpack-cli": "7.0.2",
     "wrap-ansi": "10.0.0"
   },

From 9ccaf473eba2a4424ea6f35bd0475d3765b030c6 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Sat, 18 Apr 2026 23:18:02 +0200
Subject: [PATCH 707/854] fix(i18n): don't log harmless missing translations as
 errors (#12183)

Followup to https://codeberg.org/forgejo/forgejo/pulls/6203

Currently it is logging an error wherever a template is rendered in language that doesn't have all plural strings covered. For example, Esperanto isn't well maintained.

Since more plural strings were migrated in v15 to new format, these errors became much more common. However, for all languages but the base one (English) they are completely harmless and just indicate an incomplete translation.

However, for base (English) they indicate a bug in either template or en-US.json, which should be still logged as an error.

The error is being logged by `LookupPluralByForm`, which is called by `TrPluralStringAllForms` and (`TrPluralString` through `LookupPluralByCount`). I originally intended to just pass log func directly to `LookupPluralByForm` from both, but since `TrPluralString` isn't calling `LookupPluralByForm` directly, it didn't look clean, so I went with passing a flag around instead and implemented logging logic in `LookupPluralByForm` itself.

I little concern is with that the so-called "default lang" is configurable, and if it is configured to something with less than 100% completion, it will cause fallback bugs, as well as a lot of logging of this as an error. But this is why changing "default lang" is a bad idea in the first place, and broken fallbacks should be greater concern than junk in the logs.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12183
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
---
 modules/translation/i18n/localestore.go | 23 +++++++++++++++--------
 1 file changed, 15 insertions(+), 8 deletions(-)

diff --git a/modules/translation/i18n/localestore.go b/modules/translation/i18n/localestore.go
index 89361088a4..d0f5841411 100644
--- a/modules/translation/i18n/localestore.go
+++ b/modules/translation/i18n/localestore.go
@@ -119,7 +119,7 @@ func (l *locale) LookupNewStyleMessage(trKey string) string {
 	return ""
 }
 
-func (l *locale) LookupPluralByCount(trKey string, count any) string {
+func (l *locale) LookupPluralByCount(trKey string, count any, isDefaultLang bool) string {
 	n, err := util.ToInt64(count)
 	if err != nil {
 		log.Error("Invalid plural count '%s'", count)
@@ -127,10 +127,10 @@ func (l *locale) LookupPluralByCount(trKey string, count any) string {
 	}
 
 	pluralForm := l.pluralRule(n)
-	return l.LookupPluralByForm(trKey, pluralForm)
+	return l.LookupPluralByForm(trKey, pluralForm, isDefaultLang)
 }
 
-func (l *locale) LookupPluralByForm(trKey string, pluralForm PluralFormIndex) string {
+func (l *locale) LookupPluralByForm(trKey string, pluralForm PluralFormIndex, isDefaultLang bool) string {
 	suffix := ""
 	switch pluralForm {
 	case PluralFormZero:
@@ -155,7 +155,14 @@ func (l *locale) LookupPluralByForm(trKey string, pluralForm PluralFormIndex) st
 		return result
 	}
 
-	log.Error("Missing translation for plural form %s", suffix)
+	// Severify depends on the lang. A missing string in default lang will affect
+	// all translations, while community translations may just be incomplete
+	logFunc := log.Debug
+	if isDefaultLang {
+		logFunc = log.Error
+	}
+
+	logFunc("Missing translation for key `%[1]s`, plural form `%[2]s`", trKey, suffix)
 	return ""
 }
 
@@ -266,11 +273,11 @@ func (l *locale) TrHTML(trKey string, trArgs ...any) template.HTML {
 }
 
 func (l *locale) TrPluralString(count any, trKey string, trArgs ...any) template.HTML {
-	message := l.LookupPluralByCount(trKey, count)
+	message := l.LookupPluralByCount(trKey, count, false)
 
 	if message == "" {
 		if defaultLang, ok := l.store.localeMap[l.store.defaultLang]; ok {
-			message = defaultLang.LookupPluralByCount(trKey, count)
+			message = defaultLang.LookupPluralByCount(trKey, count, true)
 		}
 		if message == "" {
 			message = trKey
@@ -294,7 +301,7 @@ func (l *locale) TrPluralStringAllForms(trKey string) ([]string, []string) {
 	allPresent := true
 
 	for i, form := range l.usedPluralForms {
-		result[i] = l.LookupPluralByForm(trKey, form)
+		result[i] = l.LookupPluralByForm(trKey, form, false)
 		if result[i] == "" {
 			allPresent = false
 		}
@@ -304,7 +311,7 @@ func (l *locale) TrPluralStringAllForms(trKey string) ([]string, []string) {
 		if hasDefaultLang {
 			fallback = make([]string, len(defaultLang.usedPluralForms))
 			for i, form := range defaultLang.usedPluralForms {
-				fallback[i] = defaultLang.LookupPluralByForm(trKey, form)
+				fallback[i] = defaultLang.LookupPluralByForm(trKey, form, true)
 			}
 		} else {
 			log.Error("Plural set for '%s' is incomplete and no fallback language is set.", trKey)

From f596bd032405adcfdfcc11229c92a97dfa25a8bd Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 19 Apr 2026 01:46:09 +0200
Subject: [PATCH 708/854] Update dependency swagger-ui-dist to v5.32.3
 (forgejo) (#12170)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 0e286628f7..a0eeb919d6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -64,7 +64,7 @@
         "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
         "sortablejs": "1.15.7",
-        "swagger-ui-dist": "5.32.2",
+        "swagger-ui-dist": "5.32.4",
         "tailwindcss": "3.4.19",
         "throttle-debounce": "5.0.0",
         "tinycolor2": "1.6.0",
@@ -14996,9 +14996,9 @@
       }
     },
     "node_modules/swagger-ui-dist": {
-      "version": "5.32.2",
-      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.32.2.tgz",
-      "integrity": "sha512-t6Ns52nS8LU2hqi0+rezMjFO1ZrCsCrnommXrU7Nfrg2va2dWahdvM6TuSwzdHpG29v6BHJyU1c/UWFhgVZzVQ==",
+      "version": "5.32.4",
+      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.32.4.tgz",
+      "integrity": "sha512-0AADFFQNJzExEN49SrD/34Nn9cxNxVLiydYl2MBwSZFPVXNkVwC/EFAjoezGGqE8oDegiDC+p47t8lKObCinMQ==",
       "license": "Apache-2.0",
       "dependencies": {
         "@scarf/scarf": "=1.4.0"
diff --git a/package.json b/package.json
index 969e77006c..c66dc318e2 100644
--- a/package.json
+++ b/package.json
@@ -63,7 +63,7 @@
     "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",
     "sortablejs": "1.15.7",
-    "swagger-ui-dist": "5.32.2",
+    "swagger-ui-dist": "5.32.4",
     "tailwindcss": "3.4.19",
     "throttle-debounce": "5.0.0",
     "tinycolor2": "1.6.0",

From 4b8d118cceebe3b55123089ddf0d905bd7c6fdc2 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 19 Apr 2026 01:46:45 +0200
Subject: [PATCH 709/854] Update dependency postcss to v8.5.10 (forgejo)
 (#12186)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12186
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a0eeb919d6..e4c056880b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -59,7 +59,7 @@
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.5",
         "pdfobject": "2.3.0",
-        "postcss": "8.5.9",
+        "postcss": "8.5.10",
         "postcss-loader": "8.2.1",
         "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
@@ -12897,9 +12897,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.5.9",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.9.tgz",
-      "integrity": "sha512-7a70Nsot+EMX9fFU3064K/kdHWZqGVY+BADLyXc8Dfv+mTLLVl6JzJpPaCZ2kQL9gIJvKXSLMHhqdRRjwQeFtw==",
+      "version": "8.5.10",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.10.tgz",
+      "integrity": "sha512-pMMHxBOZKFU6HgAZ4eyGnwXF/EvPGGqUr0MnZ5+99485wwW41kW91A4LOGxSHhgugZmSChL5AlElNdwlNgcnLQ==",
       "funding": [
         {
           "type": "opencollective",
diff --git a/package.json b/package.json
index c66dc318e2..0e0050c91c 100644
--- a/package.json
+++ b/package.json
@@ -58,7 +58,7 @@
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.5",
     "pdfobject": "2.3.0",
-    "postcss": "8.5.9",
+    "postcss": "8.5.10",
     "postcss-loader": "8.2.1",
     "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",

From 99299a5685442e53fcc20fc4414715730db41f25 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 19 Apr 2026 04:19:03 +0200
Subject: [PATCH 710/854] Update module github.com/jackc/pgx/v5 to v5.9.2
 (forgejo) (#12188)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) | `v5.9.1` → `v5.9.2` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fjackc%2fpgx%2fv5/v5.9.2?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fjackc%2fpgx%2fv5/v5.9.1/v5.9.2?slim=true) |

---

### Release Notes

<details>
<summary>jackc/pgx (github.com/jackc/pgx/v5)</summary>

### [`v5.9.2`](https://github.com/jackc/pgx/compare/v5.9.1...v5.9.2)

[Compare Source](https://github.com/jackc/pgx/compare/v5.9.1...v5.9.2)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTEuMCIsInVwZGF0ZWRJblZlciI6IjQzLjExMS4wIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12188
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 3043c49651..3310a438b5 100644
--- a/go.mod
+++ b/go.mod
@@ -67,7 +67,7 @@ require (
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/huandu/xstrings v1.5.0
 	github.com/inbucket/html2text v1.0.0
-	github.com/jackc/pgx/v5 v5.9.1
+	github.com/jackc/pgx/v5 v5.9.2
 	github.com/jhillyerd/enmime/v2 v2.2.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
diff --git a/go.sum b/go.sum
index 41c8d684b6..19a2fcb917 100644
--- a/go.sum
+++ b/go.sum
@@ -446,8 +446,8 @@ github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsI
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
 github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgx/v5 v5.9.1 h1:uwrxJXBnx76nyISkhr33kQLlUqjv7et7b9FjCen/tdc=
-github.com/jackc/pgx/v5 v5.9.1/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4=
+github.com/jackc/pgx/v5 v5.9.2 h1:3ZhOzMWnR4yJ+RW1XImIPsD1aNSz4T4fyP7zlQb56hw=
+github.com/jackc/pgx/v5 v5.9.2/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
 github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=

From 178a0a25f82579433875e607f8633248728e7654 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sun, 19 Apr 2026 04:24:09 +0200
Subject: [PATCH 711/854] chore: flag suspicious OwnerID comparisons (#12184)

Resources in Forgejo can also be owned by predefined system users like Ghost or Forgejo Actions. Those have negative user IDs, for example, -2 in the case of Forgejo Actions. `OwnerID` checks oftentimes do not take these users into account, because their existence and how they work isn't well known. A [semgrep](https://semgrep.dev/) check is added that flags such suspicious `OwnerID` checks.

See https://codeberg.org/forgejo/forgejo/pulls/12144 for background.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12184
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 .semgrep/config/logic.yaml          | 11 +++++++++
 .semgrep/tests/logic.go             | 35 +++++++++++++++++++++++++++++
 models/actions/run_job_list.go      |  2 +-
 models/actions/run_list.go          |  2 +-
 models/actions/runner.go            |  3 ++-
 models/actions/runner_list.go       |  1 +
 models/actions/schedule.go          |  2 +-
 models/actions/task_list.go         |  2 +-
 models/asymkey/gpg_key.go           |  2 +-
 models/asymkey/ssh_key.go           |  2 +-
 models/project/project.go           |  3 ++-
 models/repo/repo.go                 |  1 +
 routers/web/repo/setting/webhook.go |  2 +-
 13 files changed, 59 insertions(+), 9 deletions(-)
 create mode 100644 .semgrep/config/logic.yaml
 create mode 100644 .semgrep/tests/logic.go

diff --git a/.semgrep/config/logic.yaml b/.semgrep/config/logic.yaml
new file mode 100644
index 0000000000..85c43f5531
--- /dev/null
+++ b/.semgrep/config/logic.yaml
@@ -0,0 +1,11 @@
+rules:
+  - id: forgejo-logic-suspicious-OwnerID-check
+    pattern: |-
+      $X.OwnerID > 0
+    languages:
+      - go
+    severity: ERROR
+    message: >
+      Many resources like comments or runners cannot only be owned by regular users, which have positive IDs, but also
+      by predefined system users like Ghost or Forgejo Actions that have negative IDs. In those cases, ownership checks
+      should only exclude 0: `OwnerID != 0`.
diff --git a/.semgrep/tests/logic.go b/.semgrep/tests/logic.go
new file mode 100644
index 0000000000..32a2777ff6
--- /dev/null
+++ b/.semgrep/tests/logic.go
@@ -0,0 +1,35 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package actions
+
+import "xorm.io/builder"
+
+type FindRunJobOptions struct {
+	RepoID  int64
+	OwnerID int64
+}
+
+func (opts FindRunJobOptions) Bad() builder.Cond {
+	cond := builder.NewCond()
+	if opts.RepoID > 0 {
+		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
+	}
+	// ruleid:forgejo-logic-suspicious-OwnerID-check
+	if opts.OwnerID > 0 {
+		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
+	}
+	return cond
+}
+
+func (opts FindRunJobOptions) Good() builder.Cond {
+	cond := builder.NewCond()
+	if opts.RepoID > 0 {
+		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
+	}
+	// ok:forgejo-logic-suspicious-OwnerID-check
+	if opts.OwnerID != 0 {
+		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
+	}
+	return cond
+}
diff --git a/models/actions/run_job_list.go b/models/actions/run_job_list.go
index 207da30334..40a182082f 100644
--- a/models/actions/run_job_list.go
+++ b/models/actions/run_job_list.go
@@ -74,7 +74,7 @@ func (opts FindRunJobOptions) ToConds() builder.Cond {
 	if opts.RepoID > 0 {
 		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
 	}
-	if opts.OwnerID > 0 {
+	if opts.OwnerID != 0 {
 		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
 	}
 	if opts.CommitSHA != "" {
diff --git a/models/actions/run_list.go b/models/actions/run_list.go
index b296e2f477..11fa8441a5 100644
--- a/models/actions/run_list.go
+++ b/models/actions/run_list.go
@@ -85,7 +85,7 @@ func (opts FindRunOptions) ToConds() builder.Cond {
 	if opts.RepoID > 0 {
 		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
 	}
-	if opts.OwnerID > 0 {
+	if opts.OwnerID != 0 {
 		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
 	}
 	if opts.WorkflowID != "" {
diff --git a/models/actions/runner.go b/models/actions/runner.go
index 8061ccf37e..1a7fbb0b45 100644
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@@ -152,6 +152,7 @@ func (r *ActionRunner) Editable(ownerID, repoID int64) bool {
 
 // LoadAttributes loads the attributes of the runner
 func (r *ActionRunner) LoadAttributes(ctx context.Context) error {
+	// nosemgrep: forgejo-logic-suspicious-OwnerID-check (system users are not stored in the database)
 	if r.OwnerID > 0 {
 		var user user_model.User
 		has, err := db.GetEngine(ctx).ID(r.OwnerID).Get(&user)
@@ -214,7 +215,7 @@ func (opts FindRunnerOptions) ToConds() builder.Cond {
 			c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
 		}
 		cond = cond.And(c)
-	} else if opts.OwnerID > 0 { // OwnerID is ignored if RepoID is set
+	} else if opts.OwnerID != 0 { // OwnerID is ignored if RepoID is set
 		c := builder.NewCond().And(builder.Eq{"owner_id": opts.OwnerID})
 		if opts.WithVisible {
 			c = c.Or(builder.Eq{"repo_id": 0, "owner_id": 0})
diff --git a/models/actions/runner_list.go b/models/actions/runner_list.go
index 6a64c46596..4186ee60be 100644
--- a/models/actions/runner_list.go
+++ b/models/actions/runner_list.go
@@ -28,6 +28,7 @@ func (runners RunnerList) LoadOwners(ctx context.Context) error {
 		return err
 	}
 	for _, runner := range runners {
+		// nosemgrep: forgejo-logic-suspicious-OwnerID-check (system users are not stored in the database)
 		if runner.OwnerID > 0 && runner.Owner == nil {
 			runner.Owner = users[runner.OwnerID]
 		}
diff --git a/models/actions/schedule.go b/models/actions/schedule.go
index 8c410b9d38..bd6755621b 100644
--- a/models/actions/schedule.go
+++ b/models/actions/schedule.go
@@ -116,7 +116,7 @@ func (opts FindScheduleOptions) ToConds() builder.Cond {
 	if opts.RepoID > 0 {
 		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
 	}
-	if opts.OwnerID > 0 {
+	if opts.OwnerID != 0 {
 		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
 	}
 
diff --git a/models/actions/task_list.go b/models/actions/task_list.go
index f85e17b41b..4c0e060497 100644
--- a/models/actions/task_list.go
+++ b/models/actions/task_list.go
@@ -65,7 +65,7 @@ func (opts FindTaskOptions) ToConds() builder.Cond {
 	if opts.RepoID > 0 {
 		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
 	}
-	if opts.OwnerID > 0 {
+	if opts.OwnerID != 0 {
 		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
 	}
 	if opts.CommitSHA != "" {
diff --git a/models/asymkey/gpg_key.go b/models/asymkey/gpg_key.go
index cae717011e..620e0ef0ae 100644
--- a/models/asymkey/gpg_key.go
+++ b/models/asymkey/gpg_key.go
@@ -81,7 +81,7 @@ func (opts FindGPGKeyOptions) ToConds() builder.Cond {
 		cond = cond.And(builder.Eq{"primary_key_id": ""})
 	}
 
-	if opts.OwnerID > 0 {
+	if opts.OwnerID != 0 {
 		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
 	}
 	if opts.KeyID != "" {
diff --git a/models/asymkey/ssh_key.go b/models/asymkey/ssh_key.go
index 7f76009e7f..ea05195b5d 100644
--- a/models/asymkey/ssh_key.go
+++ b/models/asymkey/ssh_key.go
@@ -190,7 +190,7 @@ type FindPublicKeyOptions struct {
 
 func (opts FindPublicKeyOptions) ToConds() builder.Cond {
 	cond := builder.NewCond()
-	if opts.OwnerID > 0 {
+	if opts.OwnerID != 0 {
 		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
 	}
 	if opts.Fingerprint != "" {
diff --git a/models/project/project.go b/models/project/project.go
index 3a36613b49..8f3d09b956 100644
--- a/models/project/project.go
+++ b/models/project/project.go
@@ -136,6 +136,7 @@ func ProjectLinkForRepo(repo *repo_model.Repository, projectID int64) string { /
 
 // Link returns the project's relative URL.
 func (p *Project) Link(ctx context.Context) string {
+	// nosemgrep: forgejo-logic-suspicious-OwnerID-check (system users are not stored in the database)
 	if p.OwnerID > 0 {
 		err := p.LoadOwner(ctx)
 		if err != nil {
@@ -224,7 +225,7 @@ func (opts SearchOptions) ToConds() builder.Cond {
 	if opts.Type > 0 {
 		cond = cond.And(builder.Eq{"type": opts.Type})
 	}
-	if opts.OwnerID > 0 {
+	if opts.OwnerID != 0 {
 		cond = cond.And(builder.Eq{"owner_id": opts.OwnerID})
 	}
 
diff --git a/models/repo/repo.go b/models/repo/repo.go
index 0c45f483e4..1bd779b5a0 100644
--- a/models/repo/repo.go
+++ b/models/repo/repo.go
@@ -893,6 +893,7 @@ type CountRepositoryOptions struct {
 func CountRepositories(ctx context.Context, opts CountRepositoryOptions) (int64, error) {
 	sess := db.GetEngine(ctx).Where("id > 0")
 
+	// nosemgrep: forgejo-logic-suspicious-OwnerID-check (repositories cannot be owned by system users)
 	if opts.OwnerID > 0 {
 		sess.And("owner_id = ?", opts.OwnerID)
 	}
diff --git a/routers/web/repo/setting/webhook.go b/routers/web/repo/setting/webhook.go
index 9bd4422556..cf28983ba4 100644
--- a/routers/web/repo/setting/webhook.go
+++ b/routers/web/repo/setting/webhook.go
@@ -341,7 +341,7 @@ func checkWebhook(ctx *context.Context) (*ownerRepoCtx, *webhook.Webhook) {
 	var w *webhook.Webhook
 	if orCtx.RepoID > 0 {
 		w, err = webhook.GetWebhookByRepoID(ctx, orCtx.RepoID, ctx.ParamsInt64(":id"))
-	} else if orCtx.OwnerID > 0 {
+	} else if orCtx.OwnerID > 0 { // nosemgrep: forgejo-logic-suspicious-OwnerID-check (system users do not own webhooks)
 		w, err = webhook.GetWebhookByOwnerID(ctx, orCtx.OwnerID, ctx.ParamsInt64(":id"))
 	} else if orCtx.IsAdmin {
 		w, err = webhook.GetSystemOrDefaultWebhook(ctx, ctx.ParamsInt64(":id"))

From 6cd3f0263d48231a8df34f59aa059fb8878ecbcb Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sun, 19 Apr 2026 22:08:00 +0200
Subject: [PATCH 712/854] refactor: move rerun logic to services (#12141)

Move the logic for handling reruns of Forgejo Action workflows and individual jobs to services. That is a prerequisite for adding the corresponding HTTP API endpoints.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12141
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
---
 models/actions/run.go                         |  20 +-
 models/actions/run_job.go                     |  14 +-
 models/actions/run_job_test.go                |  23 +-
 models/actions/run_test.go                    |  22 +-
 routers/web/repo/actions/view.go              | 131 +++-------
 routers/web/repo/actions/view_test.go         |   2 +-
 .../TestRerun_RerunAllJobs/action_run.yml     |  82 ++++++
 .../TestRerun_RerunAllJobs/action_run_job.yml | 227 ++++++++++++++++
 .../actions/TestRerun_RerunJob/action_run.yml |  82 ++++++
 .../TestRerun_RerunJob/action_run_job.yml     | 244 ++++++++++++++++++
 services/actions/rerun.go                     | 178 ++++++++++++-
 services/actions/rerun_test.go                | 237 ++++++++++++++++-
 12 files changed, 1122 insertions(+), 140 deletions(-)
 create mode 100644 services/actions/TestRerun_RerunAllJobs/action_run.yml
 create mode 100644 services/actions/TestRerun_RerunAllJobs/action_run_job.yml
 create mode 100644 services/actions/TestRerun_RerunJob/action_run.yml
 create mode 100644 services/actions/TestRerun_RerunJob/action_run_job.yml

diff --git a/models/actions/run.go b/models/actions/run.go
index a9c458c86d..fbbc5f8f01 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -255,19 +255,33 @@ func (run *ActionRun) IsDispatchedRun() bool {
 	return run.TriggerEvent == "workflow_dispatch"
 }
 
-// IsRunnable indicates whether this ActionRun can generally be run.
-func (run *ActionRun) IsRunnable() bool {
+// IsValid indicates whether this ActionRun is valid and can be run.
+func (run *ActionRun) IsValid() bool {
 	return run.PreExecutionErrorCode == 0 && run.PreExecutionError == ""
 }
 
 // CanBeRerun indicates whether this ActionRun can be rerun.
 func (run *ActionRun) CanBeRerun() bool {
-	if !run.IsRunnable() {
+	if !run.IsValid() {
 		return false
 	}
 	return run.Status.IsDone()
 }
 
+func (run *ActionRun) PrepareNextAttempt() error {
+	if run.Status != StatusUnknown && !run.Status.IsDone() {
+		return fmt.Errorf("cannot prepare next attempt because run %d is active: %s", run.ID, run.Status.String())
+	}
+
+	run.PreviousDuration = run.Duration()
+
+	run.Status = StatusWaiting
+	run.Started = 0
+	run.Stopped = 0
+
+	return nil
+}
+
 func actionsCountOpenCacheKey(repoID int64) string {
 	return fmt.Sprintf("Actions:CountOpenActionRuns:%d", repoID)
 }
diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index 5d3a8aad80..0967ab87c3 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -141,12 +141,16 @@ func (job *ActionRunJob) PrepareNextAttempt(initialStatus Status) error {
 }
 
 // CanBeRerun answers whether this ActionRunJob can be rerun. Returns true if it is done and the Run it belongs to
-// is runnable. Returns false in all other cases, including when Run is nil.
-func (job *ActionRunJob) CanBeRerun() bool {
-	if job.Run == nil || !job.Run.IsRunnable() {
-		return false
+// is valid. Returns false in all other cases.
+func (job *ActionRunJob) CanBeRerun(ctx context.Context) (bool, error) {
+	if err := job.LoadRun(ctx); err != nil {
+		return false, fmt.Errorf("cannot load run %d of job %d: %w", job.RunID, job.ID, err)
 	}
-	return job.Status.IsDone()
+
+	if !job.Run.IsValid() {
+		return false, nil
+	}
+	return job.Status.IsDone(), nil
 }
 
 func GetRunJobByID(ctx context.Context, id int64) (*ActionRunJob, error) {
diff --git a/models/actions/run_job_test.go b/models/actions/run_job_test.go
index 6753fb0315..d9275a81ec 100644
--- a/models/actions/run_job_test.go
+++ b/models/actions/run_job_test.go
@@ -428,9 +428,10 @@ func TestAllNeedsExist(t *testing.T) {
 
 func TestActionRunJob_CanBeRerun(t *testing.T) {
 	testCases := []struct {
-		name       string
-		job        ActionRunJob
-		canBeRerun bool
+		name          string
+		job           ActionRunJob
+		canBeRerun    bool
+		expectedError string
 	}{
 		{
 			name:       "job with unknown status",
@@ -468,9 +469,9 @@ func TestActionRunJob_CanBeRerun(t *testing.T) {
 			canBeRerun: false,
 		},
 		{
-			name:       "ActionRun is nil",
-			job:        ActionRunJob{Run: nil, Status: StatusSuccess},
-			canBeRerun: false,
+			name:          "ActionRun is nil",
+			job:           ActionRunJob{ID: 12, Run: nil, Status: StatusSuccess},
+			expectedError: "cannot load run 0 of job 12",
 		},
 		{
 			name:       "with busy run but completed job",
@@ -489,7 +490,15 @@ func TestActionRunJob_CanBeRerun(t *testing.T) {
 
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			assert.Equal(t, testCase.canBeRerun, testCase.job.CanBeRerun())
+			result, err := testCase.job.CanBeRerun(t.Context())
+
+			if testCase.expectedError == "" {
+				require.NoError(t, err)
+			} else {
+				require.ErrorContains(t, err, testCase.expectedError)
+			}
+
+			assert.Equal(t, testCase.canBeRerun, result)
 		})
 	}
 }
diff --git a/models/actions/run_test.go b/models/actions/run_test.go
index 9a5eb99537..959753107b 100644
--- a/models/actions/run_test.go
+++ b/models/actions/run_test.go
@@ -96,27 +96,27 @@ func TestIsManualRun(t *testing.T) {
 	assert.False(t, pushRun.IsDispatchedRun())
 }
 
-func TestActionRun_IsRunnable(t *testing.T) {
+func TestActionRun_IsValid(t *testing.T) {
 	testCases := []struct {
-		name       string
-		run        ActionRun
-		isRunnable bool
+		name    string
+		run     ActionRun
+		isValid bool
 	}{
 		{
-			name:       "valid run",
-			run:        ActionRun{},
-			isRunnable: true,
+			name:    "valid run",
+			run:     ActionRun{},
+			isValid: true,
 		},
 		{
-			name:       "with pre-execution error",
-			run:        ActionRun{PreExecutionErrorCode: ErrorCodeIncompleteRunsOnMissingOutput},
-			isRunnable: false,
+			name:    "with pre-execution error",
+			run:     ActionRun{PreExecutionErrorCode: ErrorCodeIncompleteRunsOnMissingOutput},
+			isValid: false,
 		},
 	}
 
 	for _, testCase := range testCases {
 		t.Run(testCase.name, func(t *testing.T) {
-			assert.Equal(t, testCase.isRunnable, testCase.run.IsRunnable())
+			assert.Equal(t, testCase.isValid, testCase.run.IsValid())
 		})
 	}
 }
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index 63db9d0997..b1b7b5f2df 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -314,11 +314,16 @@ func getViewResponse(ctx *app_context.Context, req *ViewRequest, runIndex, jobIn
 			// Ah, another job is still running. Keep the frontend polling enabled then.
 			done = false
 		}
+		canBeRerun, err := v.CanBeRerun(ctx)
+		if err != nil {
+			ctx.Error(http.StatusInternalServerError, err.Error())
+			return nil
+		}
 		resp.State.Run.Jobs = append(resp.State.Run.Jobs, &ViewJob{
 			ID:       v.ID,
 			Name:     v.Name,
 			Status:   v.Status.String(),
-			CanRerun: v.CanBeRerun() && ctx.Repo.CanWrite(unit.TypeActions),
+			CanRerun: canBeRerun && ctx.Repo.CanWrite(unit.TypeActions),
 			Duration: v.Duration().String(),
 		})
 	}
@@ -495,120 +500,48 @@ func Rerun(ctx *app_context.Context) {
 		ctx.Error(http.StatusInternalServerError, err.Error())
 		return
 	}
-	if jobIndexStr == "" && !run.CanBeRerun() {
-		ctx.JSONError(ctx.Locale.Tr("actions.workflow.rerun_impossible"))
-		return
-	}
 
-	// can not rerun job when workflow is disabled
-	cfgUnit := ctx.Repo.Repository.MustGetUnit(ctx, unit.TypeActions)
-	cfg := cfgUnit.ActionsConfig()
-	if cfg.IsWorkflowDisabled(run.WorkflowID) {
-		ctx.JSONError(ctx.Locale.Tr("actions.workflow.disabled"))
-		return
-	}
-
-	// reset run's start and stop time when it is done
-	if run.Status.IsDone() {
-		run.PreviousDuration = run.Duration()
-		run.Started = 0
-		run.Stopped = 0
-		if err := actions_service.UpdateRun(ctx, run, "started", "stopped", "previous_duration"); err != nil {
-			ctx.Error(http.StatusInternalServerError, err.Error())
+	var rerunJobs []*actions_model.ActionRunJob
+	if jobIndexStr == "" { // Rerun the entire workflow.
+		rerunJobs, err = actions_service.RerunAllJobs(ctx, run)
+	} else { // Rerun a single job
+		job, _ := getRunJobs(ctx, runIndex, jobIndex)
+		if ctx.Written() {
 			return
 		}
+		rerunJobs, err = actions_service.RerunJob(ctx, job)
 	}
 
-	job, jobs := getRunJobs(ctx, runIndex, jobIndex)
-	if ctx.Written() {
-		return
-	}
-
-	if jobIndexStr == "" { // rerun all jobs
-		var redirectURL string
-		for _, j := range jobs {
-			if !j.CanBeRerun() {
-				ctx.JSONError(ctx.Locale.Tr("actions.workflow.job_rerun_impossible"))
-				return
-			}
-
-			// if the job has needs, it should be set to "blocked" status to wait for other jobs
-			shouldBlock := len(j.Needs) > 0
-			if err := rerunJob(ctx, j, shouldBlock); err != nil {
-				ctx.Error(http.StatusInternalServerError, err.Error())
-				return
-			}
-			if redirectURL == "" {
-				redirectURL, err = j.HTMLURL(ctx)
-				if err != nil {
-					ctx.Error(http.StatusInternalServerError, err.Error())
-					return
-				}
-			}
+	if err != nil {
+		if errors.Is(err, actions_service.ErrRerunWorkflowInvalid) ||
+			errors.Is(err, actions_service.ErrRerunWorkflowStillRunning) {
+			ctx.JSONError(ctx.Locale.Tr("actions.workflow.rerun_impossible"))
+			return
 		}
-
-		if redirectURL != "" {
-			ctx.JSON(http.StatusOK, &redirectObject{Redirect: redirectURL})
-		} else {
-			ctx.Error(http.StatusInternalServerError, "unable to determine redirectURL for job rerun")
+		if errors.Is(err, actions_service.ErrRerunWorkflowDisabled) {
+			ctx.JSONError(ctx.Locale.Tr("actions.workflow.disabled"))
+			return
 		}
-		return
-	}
-
-	rerunJobs := actions_service.GetAllRerunJobs(job, jobs)
-
-	var redirectURL string
-	for _, j := range rerunJobs {
-		if !j.CanBeRerun() {
+		if errors.Is(err, actions_service.ErrRerunJobStillRunning) {
 			ctx.JSONError(ctx.Locale.Tr("actions.workflow.job_rerun_impossible"))
 			return
 		}
-
-		// jobs other than the specified one should be set to "blocked" status
-		shouldBlock := j.JobID != job.JobID
-		if err := rerunJob(ctx, j, shouldBlock); err != nil {
-			ctx.Error(http.StatusInternalServerError, err.Error())
-			return
-		}
-		if j.JobID == job.JobID {
-			redirectURL, err = j.HTMLURL(ctx)
-			if err != nil {
-				ctx.Error(http.StatusInternalServerError, err.Error())
-				return
-			}
-		}
+		ctx.Error(http.StatusInternalServerError, err.Error())
+		return
 	}
 
-	if redirectURL != "" {
-		ctx.JSON(http.StatusOK, &redirectObject{Redirect: redirectURL})
-	} else {
-		ctx.Error(http.StatusInternalServerError, "unable to determine redirectURL for job rerun")
-	}
-}
-
-func rerunJob(ctx *app_context.Context, job *actions_model.ActionRunJob, shouldBlock bool) error {
-	status := job.Status
-	if !status.IsDone() {
-		return nil
+	if len(rerunJobs) == 0 {
+		ctx.Error(http.StatusInternalServerError, "no jobs were rerun")
+		return
 	}
 
-	initialStatus := actions_model.StatusWaiting
-	if shouldBlock {
-		initialStatus = actions_model.StatusBlocked
-	}
-	if err := job.PrepareNextAttempt(initialStatus); err != nil {
-		return err
+	redirectURL, err := rerunJobs[0].HTMLURL(ctx)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, err.Error())
+		return
 	}
 
-	if err := db.WithTx(ctx, func(ctx context.Context) error {
-		_, err := actions_service.UpdateRunJob(ctx, job, builder.Eq{"status": status}, "handle", "attempt", "task_id", "status", "started", "stopped")
-		return err
-	}); err != nil {
-		return err
-	}
-
-	actions_service.CreateCommitStatus(ctx, job)
-	return nil
+	ctx.JSON(http.StatusOK, &redirectObject{Redirect: redirectURL})
 }
 
 func Logs(ctx *app_context.Context) {
diff --git a/routers/web/repo/actions/view_test.go b/routers/web/repo/actions/view_test.go
index 04d32f191b..0b66b7f7b8 100644
--- a/routers/web/repo/actions/view_test.go
+++ b/routers/web/repo/actions/view_test.go
@@ -554,7 +554,7 @@ func TestActionsRerun(t *testing.T) {
 			runIndex:     138575,
 			jobIndex:     1,
 			expectedCode: 400,
-			expectedBody: "{\"errorMessage\":\"actions.workflow.job_rerun_impossible\",\"renderFormat\":\"html\"}\n",
+			expectedBody: "{\"errorMessage\":\"actions.workflow.rerun_impossible\",\"renderFormat\":\"html\"}\n",
 		},
 	}
 	for _, tt := range tests {
diff --git a/services/actions/TestRerun_RerunAllJobs/action_run.yml b/services/actions/TestRerun_RerunAllJobs/action_run.yml
new file mode 100644
index 0000000000..386a62d926
--- /dev/null
+++ b/services/actions/TestRerun_RerunAllJobs/action_run.yml
@@ -0,0 +1,82 @@
+- id: 455620
+  title: Completed workflow
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  workflow_id: test.yaml
+  workflow_directory: .forgejo/workflows
+  index: 110
+  trigger_user_id: 2
+  ref: refs/heads/main
+  commit_sha: 1ca7f0f9-81e7-4e27-85eb-b080c33d32d3
+  event: push
+  event_payload: "{}"
+  status: 1 # success
+  version: 4
+  started: 1776279254
+  stopped: 1776279265
+  previous_duration: 0
+  created: 1776263479
+  updated: 1776279265
+
+- id: 455630
+  title: Running workflow
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  workflow_id: test.yaml
+  workflow_directory: .forgejo/workflows
+  index: 111
+  trigger_user_id: 2
+  ref: refs/heads/main
+  commit_sha: e36900942550acf94ddd8c0a3b91cc0165b4bd02
+  event: push
+  event_payload: "{}"
+  status: 6 # running
+  version: 2
+  started: 1776281360
+  stopped: 0
+  previous_duration: 0
+  created: 1776281359
+  updated: 1776281367
+
+- id: 455640
+  title: Invalid workflow
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  workflow_id: invalid.yaml
+  workflow_directory: .forgejo/workflows
+  index: 112
+  trigger_user_id: 2
+  ref: refs/heads/main
+  commit_sha: 4055b3488bf960c9c9f5c1eb2d84e346faaad7dc
+  event: push
+  event_payload: "{}"
+  status: 2 # failure
+  version: 2
+  started: 0
+  stopped: 0
+  previous_duration: 0
+  created: 1776282729
+  updated: 1776282729
+  pre_execution_error_code: 1
+  pre_execution_error_details:
+    - "yaml: unmarshal errors:\n  line 7: cannot unmarshal !!map into []*model.Step"
+
+- id: 455650
+  title: Workflow with dependent jobs
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  workflow_id: dependent.yaml
+  workflow_directory: .forgejo/workflows
+  index: 113
+  trigger_user_id: 2
+  ref: refs/heads/main
+  commit_sha: ae36c1d75cc82cb9f9e54a86c8137ed05c3bd66e
+  event: push
+  event_payload: "{}"
+  status: 1 # success
+  version: 2
+  started: 1776331635
+  stopped: 1776331721
+  previous_duration: 0
+  created: 1776331495
+  updated: 1776331721
diff --git a/services/actions/TestRerun_RerunAllJobs/action_run_job.yml b/services/actions/TestRerun_RerunAllJobs/action_run_job.yml
new file mode 100644
index 0000000000..c04717ede9
--- /dev/null
+++ b/services/actions/TestRerun_RerunAllJobs/action_run_job.yml
@@ -0,0 +1,227 @@
+# Jobs of completed workflow run.
+- id: 683880
+  run_id: 455620
+  repo_id: 62
+  owner_id: 2
+  commit_sha: e36900942550acf94ddd8c0a3b91cc0165b4bd02
+  name: caller
+  attempt: 1
+  handle: 7ecf26bd-408d-485f-b162-f349f5fe95bc
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      caller:
+        name: caller
+        runs-on: []
+        if: false
+    __metadata:
+      workflow_call_inputs:
+        greet_target: Mona the Octocat
+      workflow_call_id: d4f799b5a5d27e303ab97a546708c2aca6c1672b3bbc5defa0d73b251bca7955
+  job_id: caller
+  needs: ["caller.callee"]
+  runs_on: []
+  task_id: 0
+  status: 1 # success
+  started: 0
+  stopped: 0
+  created: 1776263479
+  updated: 1776279265
+- id: 683881
+  run_id: 455620
+  repo_id: 62
+  owner_id: 2
+  commit_sha: e36900942550acf94ddd8c0a3b91cc0165b4bd02
+  name: callee
+  attempt: 1
+  handle: 24920992-6701-48cc-872d-d017b33ee90e
+  workflow_payload: |
+    "on":
+      workflow_call:
+        inputs:
+          greet_target:
+            default: Mona the Octocat
+            type: string
+    jobs:
+      caller.callee:
+        name: callee
+        runs-on: ubuntu-latest
+        steps:
+          - run: |
+              echo "Hello ${{ inputs.greet_target }}"
+    __metadata:
+      workflow_call_parent: d4f799b5a5d27e303ab97a546708c2aca6c1672b3bbc5defa0d73b251bca7955
+  job_id: caller.callee
+  needs: null
+  runs_on: ["ubuntu-latest"]
+  task_id: 989
+  status: 1 # success
+  started: 1776279254
+  stopped: 1776279264
+  created: 1776263479
+  updated: 1776279264
+
+# Jobs of running workflow run.
+- id: 683890
+  run_id: 455630
+  repo_id: 62
+  owner_id: 2
+  commit_sha: 41569413fe943e3f4e8e9625e14c1e01d85581af
+  name: caller
+  attempt: 1
+  handle: 0185f661-3b6b-4f49-8a56-f6585c9c396e
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      caller:
+        name: caller
+        runs-on: []
+        if: false
+    __metadata:
+      workflow_call_inputs:
+        greet_target: Mona the Octocat
+      workflow_call_id: d4f799b5a5d27e303ab97a546708c2aca6c1672b3bbc5defa0d73b251bca7955
+  job_id: caller
+  needs: ["caller.callee"]
+  runs_on: []
+  task_id: 0
+  status: 7 # blocked
+  started: 0
+  stopped: 0
+  created: 1776281359
+  updated: 1776281359
+- id: 683891
+  run_id: 455630
+  repo_id: 62
+  owner_id: 2
+  commit_sha: 41569413fe943e3f4e8e9625e14c1e01d85581af
+  name: callee
+  attempt: 1
+  handle: 4ee3bdf7-69f6-4174-9ffd-eb4a250188bc
+  workflow_payload: |
+    "on":
+      workflow_call:
+        inputs:
+          greet_target:
+            default: Mona the Octocat
+            type: string
+    jobs:
+      caller.callee:
+        name: callee
+        runs-on: ubuntu-latest
+        steps:
+          - run: |
+              echo "Hello ${{ inputs.greet_target }}"
+    __metadata:
+      workflow_call_parent: d4f799b5a5d27e303ab97a546708c2aca6c1672b3bbc5defa0d73b251bca7955
+  job_id: caller.callee
+  needs: null
+  runs_on: ["ubuntu-latest"]
+  task_id: 989
+  status: 6 # running
+  started: 1776281360
+  stopped: 0
+  created: 1776281359
+  updated: 1776281367
+
+# Jobs of invalid workflow.
+- id: 683900
+  run_id: 455640
+  repo_id: 62
+  owner_id: 2
+  commit_sha: 4055b3488bf960c9c9f5c1eb2d84e346faaad7dc
+  name: test
+  attempt: 1
+  handle: c60533ff-61b3-4f6f-9788-260911cda6ed
+  workflow_payload: ""
+  job_id:
+  needs: []
+  runs_on: []
+  task_id: 0
+  status: 2 # failure
+  started: 0
+  stopped: 0
+  created: 1776282729
+  updated: 1776282729
+
+# Jobs of workflow with dependent jobs.
+- id: 683910
+  run_id: 455650
+  repo_id: 62
+  owner_id: 2
+  commit_sha: ae36c1d75cc82cb9f9e54a86c8137ed05c3bd66e
+  name: lint
+  attempt: 1
+  handle: 0a721b46-36d1-4540-b070-d559cf87515b
+  workflow_payload: |
+    "on":
+        push:
+    jobs:
+        lint:
+            name: lint
+            runs-on: ubuntu-latest
+            steps:
+                - run: echo "Linting"
+  job_id: lint
+  needs: null
+  runs_on: ["ubuntu-latest"]
+  task_id: 0
+  status: 1 # success
+  started: 1776331495
+  stopped: 1776331523
+  created: 1776331495
+  updated: 1776331523
+- id: 683911
+  run_id: 455650
+  repo_id: 62
+  owner_id: 2
+  commit_sha: ae36c1d75cc82cb9f9e54a86c8137ed05c3bd66e
+  name: build
+  attempt: 1
+  handle: eec6b880-b013-4426-9361-8a4ad491ae91
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      build:
+        name: build
+        runs-on: ubuntu-latest
+        steps:
+          - run: echo "Building"
+  job_id: build
+  needs: [lint]
+  runs_on: ["ubuntu-latest"]
+  task_id: 0
+  status: 1 # success
+  started: 1776331693
+  stopped: 1776331721
+  created: 1776331495
+  updated: 1776331721
+- id: 683912
+  run_id: 455650
+  repo_id: 62
+  owner_id: 2
+  commit_sha: ae36c1d75cc82cb9f9e54a86c8137ed05c3bd66e
+  name: test
+  attempt: 1
+  handle: b6398b81-f644-4f4b-9ed9-0c596c090b2f
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      test:
+        name: test
+        runs-on: ubuntu-latest
+        steps:
+          - run: echo "Testing"
+  job_id: test
+  needs: [build]
+  runs_on: ["ubuntu-latest"]
+  task_id: 0
+  status: 1 # success
+  started: 1776331665
+  stopped: 1776331693
+  created: 1776331495
+  updated: 1776331693
diff --git a/services/actions/TestRerun_RerunJob/action_run.yml b/services/actions/TestRerun_RerunJob/action_run.yml
new file mode 100644
index 0000000000..bac9eb9531
--- /dev/null
+++ b/services/actions/TestRerun_RerunJob/action_run.yml
@@ -0,0 +1,82 @@
+- id: 455620
+  title: Completed workflow
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  workflow_id: test.yaml
+  workflow_directory: .forgejo/workflows
+  index: 110
+  trigger_user_id: 2
+  ref: refs/heads/main
+  commit_sha: 1ca7f0f9-81e7-4e27-85eb-b080c33d32d3
+  event: push
+  event_payload: "{}"
+  status: 1 # success
+  version: 4
+  started: 1776279254
+  stopped: 1776279265
+  previous_duration: 0
+  created: 1776263479
+  updated: 1776279265
+
+- id: 455630
+  title: Running workflow
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  workflow_id: test.yaml
+  workflow_directory: .forgejo/workflows
+  index: 111
+  trigger_user_id: 2
+  ref: refs/heads/main
+  commit_sha: e36900942550acf94ddd8c0a3b91cc0165b4bd02
+  event: push
+  event_payload: "{}"
+  status: 6 # running
+  version: 2
+  started: 1776281360
+  stopped: 0
+  previous_duration: 0
+  created: 1776281359
+  updated: 1776281367
+
+- id: 455640
+  title: Invalid workflow
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  workflow_id: invalid.yaml
+  workflow_directory: .forgejo/workflows
+  index: 112
+  trigger_user_id: 2
+  ref: refs/heads/main
+  commit_sha: 4055b3488bf960c9c9f5c1eb2d84e346faaad7dc
+  event: push
+  event_payload: "{}"
+  status: 2 # failure
+  version: 2
+  started: 0
+  stopped: 0
+  previous_duration: 0
+  created: 1776282729
+  updated: 1776282729
+  pre_execution_error_code: 1
+  pre_execution_error_details:
+    - "yaml: unmarshal errors:\n  line 7: cannot unmarshal !!map into []*model.Step"
+
+- id: 455650
+  title: Workflow with dependent jobs
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  workflow_id: dependent.yaml
+  workflow_directory: .forgejo/workflows
+  index: 113
+  trigger_user_id: 2
+  ref: refs/heads/main
+  commit_sha: ae36c1d75cc82cb9f9e54a86c8137ed05c3bd66e
+  event: push
+  event_payload: "{}"
+  status: 6 # running
+  version: 2
+  started: 1776331635
+  stopped: 0
+  previous_duration: 0
+  created: 1776331495
+  updated: 1776331721
diff --git a/services/actions/TestRerun_RerunJob/action_run_job.yml b/services/actions/TestRerun_RerunJob/action_run_job.yml
new file mode 100644
index 0000000000..7e219e6ffe
--- /dev/null
+++ b/services/actions/TestRerun_RerunJob/action_run_job.yml
@@ -0,0 +1,244 @@
+# Jobs of completed workflow run.
+- id: 683880
+  run_id: 455620
+  repo_id: 62
+  owner_id: 2
+  commit_sha: e36900942550acf94ddd8c0a3b91cc0165b4bd02
+  name: caller
+  attempt: 1
+  handle: 7ecf26bd-408d-485f-b162-f349f5fe95bc
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      caller:
+        name: caller
+        runs-on: []
+        if: false
+    __metadata:
+      workflow_call_inputs:
+        greet_target: Mona the Octocat
+      workflow_call_id: d4f799b5a5d27e303ab97a546708c2aca6c1672b3bbc5defa0d73b251bca7955
+  job_id: caller
+  needs: ["caller.callee"]
+  runs_on: []
+  task_id: 0
+  status: 1 # success
+  started: 0
+  stopped: 0
+  created: 1776263479
+  updated: 1776279265
+- id: 683881
+  run_id: 455620
+  repo_id: 62
+  owner_id: 2
+  commit_sha: e36900942550acf94ddd8c0a3b91cc0165b4bd02
+  name: callee
+  attempt: 1
+  handle: 24920992-6701-48cc-872d-d017b33ee90e
+  workflow_payload: |
+    "on":
+      workflow_call:
+        inputs:
+          greet_target:
+            default: Mona the Octocat
+            type: string
+    jobs:
+      caller.callee:
+        name: callee
+        runs-on: ubuntu-latest
+        steps:
+          - run: |
+              echo "Hello ${{ inputs.greet_target }}"
+    __metadata:
+      workflow_call_parent: d4f799b5a5d27e303ab97a546708c2aca6c1672b3bbc5defa0d73b251bca7955
+  job_id: caller.callee
+  needs: null
+  runs_on: ["ubuntu-latest"]
+  task_id: 989
+  status: 1 # success
+  started: 1776279254
+  stopped: 1776279264
+  created: 1776263479
+  updated: 1776279264
+
+# Jobs of running workflow run.
+- id: 683590
+  run_id: 455630
+  repo_id: 62
+  owner_id: 2
+  commit_sha: e36900942550acf94ddd8c0a3b91cc0165b4bd02
+  name: lint
+  attempt: 1
+  handle: d114a733-b364-4c08-b15d-77b6cc21a616
+  workflow_payload: |
+    "on":
+        push:
+    jobs:
+        lint:
+            name: lint
+            runs-on: ubuntu-latest
+            steps:
+                - run: echo "Linting"
+  job_id: lint
+  needs: null
+  runs_on: ["ubuntu-latest"]
+  task_id: 0
+  status: 1 # success
+  started: 1776331495
+  stopped: 1776331523
+  created: 1776331495
+  updated: 1776331523
+- id: 683591
+  run_id: 455630
+  repo_id: 62
+  owner_id: 2
+  commit_sha: e36900942550acf94ddd8c0a3b91cc0165b4bd02
+  name: build
+  attempt: 1
+  handle: afd58a3e-76e9-467a-9a9d-9d6250fcc905
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      build:
+        name: build
+        runs-on: ubuntu-latest
+        steps:
+          - run: echo "Building"
+  job_id: build
+  needs: [lint]
+  runs_on: ["ubuntu-latest"]
+  task_id: 0
+  status: 1 # success
+  started: 1776331693
+  stopped: 1776331721
+  created: 1776331495
+  updated: 1776331721
+- id: 683592
+  run_id: 455630
+  repo_id: 62
+  owner_id: 2
+  commit_sha: e36900942550acf94ddd8c0a3b91cc0165b4bd02
+  name: test
+  attempt: 1
+  handle: 2d9438cb-5067-4aff-9adb-9c1265fb42d5
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      test:
+        name: test
+        runs-on: ubuntu-latest
+        steps:
+          - run: echo "Testing"
+  job_id: test
+  needs: [build]
+  runs_on: ["ubuntu-latest"]
+  task_id: 0
+  status: 6 # StatusRunning
+  started: 1776331665
+  stopped: 0
+  created: 1776331495
+  updated: 1776331693
+
+
+# Jobs of invalid workflow.
+- id: 683900
+  run_id: 455640
+  repo_id: 62
+  owner_id: 2
+  commit_sha: 4055b3488bf960c9c9f5c1eb2d84e346faaad7dc
+  name: test
+  attempt: 1
+  handle: c60533ff-61b3-4f6f-9788-260911cda6ed
+  workflow_payload: ""
+  job_id:
+  needs: []
+  runs_on: []
+  task_id: 0
+  status: 2 # failure
+  started: 0
+  stopped: 0
+  created: 1776282729
+  updated: 1776282729
+
+# Jobs of successful workflow run with dependent jobs.
+- id: 683910
+  run_id: 455650
+  repo_id: 62
+  owner_id: 2
+  commit_sha: ae36c1d75cc82cb9f9e54a86c8137ed05c3bd66e
+  name: lint
+  attempt: 1
+  handle: 0a721b46-36d1-4540-b070-d559cf87515b
+  workflow_payload: |
+    "on":
+        push:
+    jobs:
+        lint:
+            name: lint
+            runs-on: ubuntu-latest
+            steps:
+                - run: echo "Linting"
+  job_id: lint
+  needs: null
+  runs_on: ["ubuntu-latest"]
+  task_id: 0
+  status: 1 # success
+  started: 1776331495
+  stopped: 1776331523
+  created: 1776331495
+  updated: 1776331523
+- id: 683911
+  run_id: 455650
+  repo_id: 62
+  owner_id: 2
+  commit_sha: ae36c1d75cc82cb9f9e54a86c8137ed05c3bd66e
+  name: build
+  attempt: 1
+  handle: eec6b880-b013-4426-9361-8a4ad491ae91
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      build:
+        name: build
+        runs-on: ubuntu-latest
+        steps:
+          - run: echo "Building"
+  job_id: build
+  needs: []
+  runs_on: ["ubuntu-latest"]
+  task_id: 0
+  status: 1 # success
+  started: 1776331693
+  stopped: 1776331721
+  created: 1776331495
+  updated: 1776331721
+- id: 683912
+  run_id: 455650
+  repo_id: 62
+  owner_id: 2
+  commit_sha: ae36c1d75cc82cb9f9e54a86c8137ed05c3bd66e
+  name: test
+  attempt: 1
+  handle: b6398b81-f644-4f4b-9ed9-0c596c090b2f
+  workflow_payload: |
+    "on":
+      push:
+    jobs:
+      test:
+        name: test
+        runs-on: ubuntu-latest
+        steps:
+          - run: echo "Testing"
+  job_id: test
+  needs: [build]
+  runs_on: ["ubuntu-latest"]
+  task_id: 0
+  status: 1 # success
+  started: 1776331665
+  stopped: 1776331693
+  created: 1776331495
+  updated: 1776331693
diff --git a/services/actions/rerun.go b/services/actions/rerun.go
index 61aede5d7c..59838e5f57 100644
--- a/services/actions/rerun.go
+++ b/services/actions/rerun.go
@@ -4,10 +4,30 @@
 package actions
 
 import (
+	"context"
+	"errors"
+	"fmt"
 	"slices"
 
 	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/db"
+	"forgejo.org/models/unit"
 	"forgejo.org/modules/container"
+
+	"xorm.io/builder"
+)
+
+var (
+	// ErrRerunWorkflowInvalid signals that the workflow cannot be run because it is invalid, for example, due to syntax
+	// errors.
+	ErrRerunWorkflowInvalid = errors.New("workflow is invalid")
+	// ErrRerunWorkflowDisabled indicates that the workflow cannot be run because it has been disabled by the user or
+	// Forgejo.
+	ErrRerunWorkflowDisabled = errors.New("workflow is disabled")
+	// ErrRerunWorkflowStillRunning signals that the workflow cannot be rerun because at least one job is still running.
+	ErrRerunWorkflowStillRunning = errors.New("workflow is still running")
+	// ErrRerunJobStillRunning signals that the job cannot be rerun because it is still running.
+	ErrRerunJobStillRunning = errors.New("job is still running")
 )
 
 // GetAllRerunJobs get all jobs that need to be rerun when job should be rerun
@@ -16,22 +36,154 @@ func GetAllRerunJobs(job *actions_model.ActionRunJob, allJobs []*actions_model.A
 	rerunJobsIDSet := make(container.Set[string])
 	rerunJobsIDSet.Add(job.JobID)
 
-	for {
-		found := false
-		for _, j := range allJobs {
-			if rerunJobsIDSet.Contains(j.JobID) {
-				continue
-			}
-			if slices.ContainsFunc(j.Needs, rerunJobsIDSet.Contains) {
-				found = true
-				rerunJobs = append(rerunJobs, j)
-				rerunJobsIDSet.Add(j.JobID)
-			}
+	for _, j := range allJobs {
+		if rerunJobsIDSet.Contains(j.JobID) {
+			continue
 		}
-		if !found {
-			break
+		if slices.ContainsFunc(j.Needs, rerunJobsIDSet.Contains) {
+			rerunJobs = append(rerunJobs, j)
+			rerunJobsIDSet.Add(j.JobID)
 		}
 	}
 
 	return rerunJobs
 }
+
+// RerunAllJobs reruns all jobs of the given run and returns them. For it to succeed, the workflow must be valid, and the
+// previous run must have completed.
+func RerunAllJobs(ctx context.Context, run *actions_model.ActionRun) ([]*actions_model.ActionRunJob, error) {
+	if !run.IsValid() {
+		return nil, ErrRerunWorkflowInvalid
+	}
+	if !run.Status.IsDone() {
+		return nil, ErrRerunWorkflowStillRunning
+	}
+
+	if err := run.LoadRepo(ctx); err != nil {
+		return nil, fmt.Errorf("cannot load repo of run %d: %w", run.ID, err)
+	}
+
+	actionsConfig := run.Repo.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
+	if actionsConfig.IsWorkflowDisabled(run.WorkflowID) {
+		return nil, ErrRerunWorkflowDisabled
+	}
+
+	var rerunJobs []*actions_model.ActionRunJob
+	if err := db.WithTx(ctx, func(ctx context.Context) error {
+		if run.Status != actions_model.StatusUnknown && !run.Status.IsDone() {
+			return fmt.Errorf("cannot prepare next attempt because run %d is active: %s", run.ID, run.Status.String())
+		}
+
+		run.PreviousDuration = run.Duration()
+
+		run.Status = actions_model.StatusWaiting
+		run.Started = 0
+		run.Stopped = 0
+
+		// The columns have to be specified here to work around a xorm quirk: It won't update columns that are set to
+		// their zero value without AllCols().
+		if err := UpdateRun(ctx, run, "status", "started", "stopped", "previous_duration"); err != nil {
+			return fmt.Errorf("cannot update run %d: %w", run.ID, err)
+		}
+
+		jobs, err := actions_model.GetRunJobsByRunID(ctx, run.ID)
+		if err != nil {
+			return fmt.Errorf("could not load jobs of run %d: %w", run.ID, err)
+		}
+
+		for _, job := range jobs {
+			initialStatus := actions_model.StatusWaiting
+			if len(job.Needs) > 0 {
+				initialStatus = actions_model.StatusBlocked
+			}
+
+			if err := rerunSingleJob(ctx, job, initialStatus); err != nil {
+				return fmt.Errorf("could not rerun job %d of run %d: %w", job.ID, run.ID, err)
+			}
+
+			rerunJobs = append(rerunJobs, job)
+		}
+
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+	return rerunJobs, nil
+}
+
+// RerunJob reruns the given job and all its dependent jobs. It returns all jobs that were rerun. For it to succeed, the
+// workflow that defines this job must be valid, and the previous run must have completed. Dependent jobs that have not
+// completed yet are ignored.
+func RerunJob(ctx context.Context, job *actions_model.ActionRunJob) ([]*actions_model.ActionRunJob, error) {
+	if err := job.LoadAttributes(ctx); err != nil {
+		return nil, fmt.Errorf("cannot load attributes of job %d: %w", job.ID, err)
+	}
+	if !job.Run.IsValid() {
+		return nil, ErrRerunWorkflowInvalid
+	}
+
+	actionsConfig := job.Run.Repo.MustGetUnit(ctx, unit.TypeActions).ActionsConfig()
+	if actionsConfig.IsWorkflowDisabled(job.Run.WorkflowID) {
+		return nil, ErrRerunWorkflowDisabled
+	}
+
+	if !job.Status.IsDone() {
+		return nil, ErrRerunJobStillRunning
+	}
+
+	var rerunJobs []*actions_model.ActionRunJob
+	if err := db.WithTx(ctx, func(ctx context.Context) error {
+		jobs, err := actions_model.GetRunJobsByRunID(ctx, job.RunID)
+		if err != nil {
+			return fmt.Errorf("could not load jobs of run %d: %w", job.RunID, err)
+		}
+
+		for _, jobToRerun := range GetAllRerunJobs(job, jobs) {
+			canBeRerun, err := jobToRerun.CanBeRerun(ctx)
+			if err != nil {
+				return fmt.Errorf("cannot determine whether job %d can be rerun: %w", jobToRerun.ID, err)
+			}
+
+			// Skipping jobs that cannot be rerun is wrong. They should be cancelled and rerun, instead, because they
+			// are dependent jobs and the old results might be worthless, anyway. But we keep that behaviour for now,
+			// because changing it requires more rework.
+			if !canBeRerun {
+				continue
+			}
+
+			// The job that should be rerun cannot be blocked, even if it has needs.
+			initialStatus := actions_model.StatusWaiting
+			if len(jobToRerun.Needs) > 0 && jobToRerun.ID != job.ID {
+				initialStatus = actions_model.StatusBlocked
+			}
+
+			if err := rerunSingleJob(ctx, jobToRerun, initialStatus); err != nil {
+				return fmt.Errorf("cannot rerun job %d: %w", jobToRerun.ID, err)
+			}
+			rerunJobs = append(rerunJobs, jobToRerun)
+		}
+		return nil
+	}); err != nil {
+		return nil, err
+	}
+
+	return rerunJobs, nil
+}
+
+func rerunSingleJob(ctx context.Context, job *actions_model.ActionRunJob, initialStatus actions_model.Status) error {
+	oldStatus := job.Status
+
+	if err := job.PrepareNextAttempt(initialStatus); err != nil {
+		return err
+	}
+
+	// The columns have to be specified here to work around a xorm quirk: It won't update columns that are set to their
+	// zero value without AllCols().
+	if _, err := UpdateRunJob(ctx, job, builder.Eq{"status": oldStatus}, "handle", "attempt", "task_id", "status", "started", "stopped"); err != nil {
+		return err
+	}
+
+	CreateCommitStatus(ctx, job)
+
+	return nil
+}
diff --git a/services/actions/rerun_test.go b/services/actions/rerun_test.go
index 4b822e8da1..93a000afd1 100644
--- a/services/actions/rerun_test.go
+++ b/services/actions/rerun_test.go
@@ -5,13 +5,18 @@ package actions
 
 import (
 	"testing"
+	"time"
 
 	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/unit"
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/timeutil"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
-func TestGetAllRerunJobs(t *testing.T) {
+func TestRerun_GetAllRerunJobs(t *testing.T) {
 	job1 := &actions_model.ActionRunJob{JobID: "job1"}
 	job2 := &actions_model.ActionRunJob{JobID: "job2", Needs: []string{"job1"}}
 	job3 := &actions_model.ActionRunJob{JobID: "job3", Needs: []string{"job2"}}
@@ -46,3 +51,233 @@ func TestGetAllRerunJobs(t *testing.T) {
 		assert.ElementsMatch(t, tc.rerunJobs, rerunJobs)
 	}
 }
+
+func TestRerun_RerunAllJobs(t *testing.T) {
+	t.Run("Reruns completed workflow", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestRerun_RerunAllJobs")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 455620})
+
+		rerunJobs, err := RerunAllJobs(t.Context(), run)
+		require.NoError(t, err)
+
+		run = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 455620})
+
+		assert.Equal(t, actions_model.StatusWaiting, run.Status)
+		assert.Equal(t, timeutil.TimeStamp(0), run.Started)
+		assert.Equal(t, timeutil.TimeStamp(0), run.Stopped)
+		assert.Equal(t, 11*time.Second, run.PreviousDuration)
+
+		assert.Len(t, rerunJobs, 2)
+		assert.Equal(t, int64(683880), rerunJobs[0].ID)
+		assert.Equal(t, int64(2), rerunJobs[0].Attempt)
+		assert.Equal(t, actions_model.StatusBlocked, rerunJobs[0].Status)
+		assert.Equal(t, timeutil.TimeStamp(0), rerunJobs[0].Started)
+		assert.Equal(t, timeutil.TimeStamp(0), rerunJobs[0].Stopped)
+
+		assert.Equal(t, int64(683881), rerunJobs[1].ID)
+		assert.Equal(t, int64(2), rerunJobs[1].Attempt)
+		assert.Equal(t, actions_model.StatusWaiting, rerunJobs[1].Status)
+		assert.Equal(t, timeutil.TimeStamp(0), rerunJobs[1].Started)
+		assert.Equal(t, timeutil.TimeStamp(0), rerunJobs[1].Stopped)
+	})
+
+	t.Run("Error if workflow running", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestRerun_RerunAllJobs")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 455630})
+
+		rerunJobs, err := RerunAllJobs(t.Context(), run)
+		require.ErrorContains(t, err, "workflow is still running")
+
+		run = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 455630})
+
+		assert.Equal(t, actions_model.StatusRunning, run.Status)
+		assert.Equal(t, timeutil.TimeStamp(1776281360), run.Started)
+		assert.Equal(t, timeutil.TimeStamp(0), run.Stopped)
+		assert.Equal(t, time.Duration(0), run.PreviousDuration)
+
+		assert.Empty(t, rerunJobs)
+	})
+
+	t.Run("Error if workflow invalid", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestRerun_RerunAllJobs")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 455640})
+
+		rerunJobs, err := RerunAllJobs(t.Context(), run)
+		require.ErrorContains(t, err, "workflow is invalid")
+
+		run = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 455640})
+
+		assert.Equal(t, actions_model.StatusFailure, run.Status)
+		assert.Equal(t, timeutil.TimeStamp(0), run.Started)
+		assert.Equal(t, timeutil.TimeStamp(0), run.Stopped)
+		assert.Equal(t, time.Duration(0), run.PreviousDuration)
+
+		assert.Empty(t, rerunJobs)
+	})
+
+	t.Run("Error if workflow disabled", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestRerun_RerunAllJobs")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 455620})
+
+		// Disable workflow
+		require.NoError(t, run.LoadAttributes(t.Context()))
+		actionsConfig := run.Repo.MustGetUnit(t.Context(), unit.TypeActions).ActionsConfig()
+		actionsConfig.DisableWorkflow(run.WorkflowID)
+
+		rerunJobs, err := RerunAllJobs(t.Context(), run)
+		require.ErrorContains(t, err, "workflow is disabled")
+
+		run = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 455620})
+
+		assert.Equal(t, actions_model.StatusSuccess, run.Status)
+		assert.Equal(t, timeutil.TimeStamp(1776279254), run.Started)
+		assert.Equal(t, timeutil.TimeStamp(1776279265), run.Stopped)
+		assert.Equal(t, time.Duration(0), run.PreviousDuration)
+
+		assert.Empty(t, rerunJobs)
+	})
+}
+
+func TestRerun_RerunJob(t *testing.T) {
+	t.Run("Rerun independent job", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestRerun_RerunJob")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683910})
+
+		rerunJobs, err := RerunJob(t.Context(), job)
+
+		require.NoError(t, err)
+
+		assert.Len(t, rerunJobs, 1)
+		assert.Equal(t, job.ID, rerunJobs[0].ID)
+
+		job = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683910})
+
+		assert.Equal(t, int64(2), job.Attempt)
+		assert.Equal(t, actions_model.StatusWaiting, job.Status)
+		assert.Equal(t, timeutil.TimeStamp(0), job.Started)
+		assert.Equal(t, timeutil.TimeStamp(0), job.Stopped)
+	})
+
+	t.Run("Rerun job needed by others", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestRerun_RerunJob")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683911})
+
+		rerunJobs, err := RerunJob(t.Context(), job)
+
+		require.NoError(t, err)
+
+		assert.Len(t, rerunJobs, 2)
+		assert.Equal(t, int64(683911), rerunJobs[0].ID)
+		assert.Equal(t, int64(683912), rerunJobs[1].ID)
+
+		job = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683911})
+
+		assert.Equal(t, int64(2), job.Attempt)
+		assert.Equal(t, actions_model.StatusWaiting, job.Status)
+		assert.Equal(t, timeutil.TimeStamp(0), job.Started)
+		assert.Equal(t, timeutil.TimeStamp(0), job.Stopped)
+
+		dependentJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683912})
+
+		assert.Equal(t, int64(2), dependentJob.Attempt)
+		assert.Equal(t, actions_model.StatusBlocked, dependentJob.Status)
+		assert.Equal(t, timeutil.TimeStamp(0), dependentJob.Started)
+		assert.Equal(t, timeutil.TimeStamp(0), dependentJob.Stopped)
+	})
+
+	t.Run("Rerun job with needs", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestRerun_RerunJob")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683912})
+
+		rerunJobs, err := RerunJob(t.Context(), job)
+
+		require.NoError(t, err)
+
+		assert.Len(t, rerunJobs, 1)
+		assert.Equal(t, int64(683912), rerunJobs[0].ID)
+
+		job = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683912})
+
+		assert.Len(t, job.Needs, 1)
+		assert.Equal(t, int64(2), job.Attempt)
+		assert.Equal(t, actions_model.StatusWaiting, job.Status)
+		assert.Equal(t, timeutil.TimeStamp(0), job.Started)
+		assert.Equal(t, timeutil.TimeStamp(0), job.Stopped)
+	})
+
+	t.Run("Error if workflow invalid", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestRerun_RerunJob")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683900})
+
+		rerunJobs, err := RerunJob(t.Context(), job)
+
+		require.ErrorContains(t, err, "workflow is invalid")
+		assert.Empty(t, rerunJobs)
+
+		job = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683900})
+
+		assert.Equal(t, int64(1), job.Attempt)
+		assert.Equal(t, actions_model.StatusFailure, job.Status)
+		assert.Equal(t, timeutil.TimeStamp(0), job.Started)
+		assert.Equal(t, timeutil.TimeStamp(0), job.Stopped)
+	})
+
+	t.Run("Error if workflow disabled", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestRerun_RerunJob")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683881})
+
+		// Disable workflow
+		require.NoError(t, job.LoadAttributes(t.Context()))
+		actionsConfig := job.Run.Repo.MustGetUnit(t.Context(), unit.TypeActions).ActionsConfig()
+		actionsConfig.DisableWorkflow(job.Run.WorkflowID)
+
+		rerunJobs, err := RerunJob(t.Context(), job)
+
+		require.ErrorContains(t, err, "workflow is disabled")
+		assert.Empty(t, rerunJobs)
+
+		job = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683881})
+
+		assert.Equal(t, int64(1), job.Attempt)
+		assert.Equal(t, actions_model.StatusSuccess, job.Status)
+		assert.Equal(t, timeutil.TimeStamp(1776279254), job.Started)
+		assert.Equal(t, timeutil.TimeStamp(1776279264), job.Stopped)
+	})
+
+	t.Run("Error if job still running", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestRerun_RerunJob")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683592})
+
+		rerunJobs, err := RerunJob(t.Context(), job)
+
+		require.ErrorContains(t, err, "job is still running")
+		assert.Empty(t, rerunJobs)
+
+		job = unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683592})
+
+		assert.Equal(t, int64(1), job.Attempt)
+		assert.Equal(t, actions_model.StatusRunning, job.Status)
+		assert.Equal(t, timeutil.TimeStamp(1776331665), job.Started)
+		assert.Equal(t, timeutil.TimeStamp(0), job.Stopped)
+	})
+}

From 8b4aa4478ffae75e4b6d9f677cd69d2a5f1b17f9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 20 Apr 2026 02:27:24 +0200
Subject: [PATCH 713/854] Update dependency clippie to v4.1.13 (forgejo)
 (#12192)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12192
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e4c056880b..56e4ce1605 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -43,7 +43,7 @@
         "chart.js": "4.5.1",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
-        "clippie": "4.1.10",
+        "clippie": "4.1.13",
         "css-loader": "7.1.3",
         "dayjs": "1.11.19",
         "dropzone": "6.0.0-beta.2",
@@ -6313,9 +6313,9 @@
       }
     },
     "node_modules/clippie": {
-      "version": "4.1.10",
-      "resolved": "https://registry.npmjs.org/clippie/-/clippie-4.1.10.tgz",
-      "integrity": "sha512-zUjK2fLH8/wju2lks5mH0u8wSRYCOJoHfT1KQ61+aCT5O1ouONnSrnKQ3BTKvIYLUYJarbLZo4FLHyce/SLF2g==",
+      "version": "4.1.13",
+      "resolved": "https://registry.npmjs.org/clippie/-/clippie-4.1.13.tgz",
+      "integrity": "sha512-0ofIc4H35mzuxkojnpUmDzWneL8XrGWuO3RbHbXmDdebzJYp2q8zIhenc85LMedIOoCuzWtFTqkOJETv2QYN7g==",
       "license": "BSD-2-Clause"
     },
     "node_modules/cliui": {
diff --git a/package.json b/package.json
index 0e0050c91c..a3bb47d52d 100644
--- a/package.json
+++ b/package.json
@@ -42,7 +42,7 @@
     "chart.js": "4.5.1",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",
-    "clippie": "4.1.10",
+    "clippie": "4.1.13",
     "css-loader": "7.1.3",
     "dayjs": "1.11.19",
     "dropzone": "6.0.0-beta.2",

From c37b4d38b18254119d64c75075b73bd4ef1a5e92 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 20 Apr 2026 02:27:49 +0200
Subject: [PATCH 714/854] Update module github.com/go-webauthn/webauthn to
 v0.16.5 (forgejo) (#12193)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12193
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 3310a438b5..8b27668dfa 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-openapi/spec v0.22.3
 	github.com/go-sql-driver/mysql v1.9.3
-	github.com/go-webauthn/webauthn v0.16.4
+	github.com/go-webauthn/webauthn v0.16.5
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
 	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
@@ -245,7 +245,7 @@ require (
 	github.com/spf13/afero v1.15.0 // indirect
 	github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
-	github.com/tinylib/msgp v1.6.3 // indirect
+	github.com/tinylib/msgp v1.6.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	github.com/zeebo/assert v1.3.0 // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
diff --git a/go.sum b/go.sum
index 19a2fcb917..e4b26aa113 100644
--- a/go.sum
+++ b/go.sum
@@ -324,8 +324,8 @@ github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPEgAXnvj1Ro=
 github.com/go-viper/mapstructure/v2 v2.5.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
-github.com/go-webauthn/webauthn v0.16.4 h1:R9jqR/cYZa7hRquFF7Za/8qoH/K/TIs1/Q/4CyGN+1Q=
-github.com/go-webauthn/webauthn v0.16.4/go.mod h1:SU2ljAgToTV/YLPI0C05QS4qn+e04WpB5g1RMfcZfS4=
+github.com/go-webauthn/webauthn v0.16.5 h1:x+vADHlaiIjta23kGhtwyCIlB5mayKx6SBlpwQ5NF9A=
+github.com/go-webauthn/webauthn v0.16.5/go.mod h1:mQC6L0lZ5Kiu35G70zeB2WnrW4+vbHjR8Koq4HdVaMg=
 github.com/go-webauthn/x v0.2.3 h1:8oArS+Rc1SWFLXhE17KZNx258Z4kUSyaDgsSncCO5RA=
 github.com/go-webauthn/x v0.2.3/go.mod h1:tM04GF3V6VYq79AZMl7vbj4q6pz9r7L2criWRzbWhPk=
 github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b h1:khEcpUM4yFcxg4/FHQWkvVRmgijNXRfzkIDHh23ggEo=
@@ -654,8 +654,8 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
-github.com/tinylib/msgp v1.6.3 h1:bCSxiTz386UTgyT1i0MSCvdbWjVW+8sG3PjkGsZQt4s=
-github.com/tinylib/msgp v1.6.3/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
+github.com/tinylib/msgp v1.6.4 h1:mOwYbyYDLPj35mkA2BjjYejgJk9BuHxDdvRnb6v2ZcQ=
+github.com/tinylib/msgp v1.6.4/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.15 h1:9DNdB5s+SgV3bQ2ApL10xRc35ck0DuIX/isZvIk+ubY=
 github.com/ulikunitz/xz v0.5.15/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=

From d49da9d238724b34ee90fef3d369555bcb17106f Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 20 Apr 2026 02:28:47 +0200
Subject: [PATCH 715/854] Lock file maintenance (forgejo) (#12195)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12195
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json                  | 248 +++++++++++++++++------------
 web_src/fomantic/package-lock.json |  24 +--
 2 files changed, 159 insertions(+), 113 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 56e4ce1605..a2adf74362 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1709,29 +1709,43 @@
       }
     },
     "node_modules/@humanfs/core": {
-      "version": "0.19.1",
-      "resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.1.tgz",
-      "integrity": "sha512-5DyQ4+1JEUzejeK1JGICcideyfUbGixgS9jNgex5nqkW+cY7WZhxBigmieN5Qnw9ZosSNVC9KQKyb+GUaGyKUA==",
+      "version": "0.19.2",
+      "resolved": "https://registry.npmjs.org/@humanfs/core/-/core-0.19.2.tgz",
+      "integrity": "sha512-UhXNm+CFMWcbChXywFwkmhqjs3PRCmcSa/hfBgLIb7oQ5HNb1wS0icWsGtSAUNgefHeI+eBrA8I1fxmbHsGdvA==",
       "dev": true,
       "license": "Apache-2.0",
+      "dependencies": {
+        "@humanfs/types": "^0.15.0"
+      },
       "engines": {
         "node": ">=18.18.0"
       }
     },
     "node_modules/@humanfs/node": {
-      "version": "0.16.7",
-      "resolved": "https://registry.npmjs.org/@humanfs/node/-/node-0.16.7.tgz",
-      "integrity": "sha512-/zUx+yOsIrG4Y43Eh2peDeKCxlRt/gET6aHfaKpuq267qXdYDFViVHfMaLyygZOnl0kGWxFIgsBy8QFuTLUXEQ==",
+      "version": "0.16.8",
+      "resolved": "https://registry.npmjs.org/@humanfs/node/-/node-0.16.8.tgz",
+      "integrity": "sha512-gE1eQNZ3R++kTzFUpdGlpmy8kDZD/MLyHqDwqjkVQI0JMdI1D51sy1H958PNXYkM2rAac7e5/CnIKZrHtPh3BQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
-        "@humanfs/core": "^0.19.1",
+        "@humanfs/core": "^0.19.2",
+        "@humanfs/types": "^0.15.0",
         "@humanwhocodes/retry": "^0.4.0"
       },
       "engines": {
         "node": ">=18.18.0"
       }
     },
+    "node_modules/@humanfs/types": {
+      "version": "0.15.0",
+      "resolved": "https://registry.npmjs.org/@humanfs/types/-/types-0.15.0.tgz",
+      "integrity": "sha512-ZZ1w0aoQkwuUuC7Yf+7sdeaNfqQiiLcSRbfI08oAxqLtpXQr9AIVX7Ay7HLDuiLYAaFPu8oBYNq/QIi9URHJ3Q==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=18.18.0"
+      }
+    },
     "node_modules/@humanwhocodes/module-importer": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/@humanwhocodes/module-importer/-/module-importer-1.0.1.tgz",
@@ -2631,9 +2645,9 @@
       }
     },
     "node_modules/@lezer/lr": {
-      "version": "1.4.8",
-      "resolved": "https://registry.npmjs.org/@lezer/lr/-/lr-1.4.8.tgz",
-      "integrity": "sha512-bPWa0Pgx69ylNlMlPvBPryqeLYQjyJjqPx+Aupm5zydLIF3NE+6MMLT8Yi23Bd9cif9VS00aUebn+6fDIGBcDA==",
+      "version": "1.4.10",
+      "resolved": "https://registry.npmjs.org/@lezer/lr/-/lr-1.4.10.tgz",
+      "integrity": "sha512-rnCpTIBafOx4mRp43xOxDJbFipJm/c0cia/V5TiGlhmMa+wsSdoGmUN3w5Bqrks/09Q/D4tNAmWaT8p6NRi77A==",
       "license": "MIT",
       "dependencies": {
         "@lezer/common": "^1.0.0"
@@ -3181,9 +3195,9 @@
       }
     },
     "node_modules/@rolldown/binding-wasm32-wasi/node_modules/@napi-rs/wasm-runtime": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.3.tgz",
-      "integrity": "sha512-xK9sGVbJWYb08+mTJt3/YV24WxvxpXcXtP6B172paPZ+Ts69Re9dAr7lKwJoeIx8OoeuimEiRZ7umkiUVClmmQ==",
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-1.1.4.tgz",
+      "integrity": "sha512-3NQNNgA1YSlJb/kMH1ildASP9HW7/7kYnRI2szWJaofaS1hWmbGI4H+d3+22aGzXXN9IJ+n+GiFVcGipJP18ow==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -3494,9 +3508,9 @@
       }
     },
     "node_modules/@stoplight/spectral-core": {
-      "version": "1.21.0",
-      "resolved": "https://registry.npmjs.org/@stoplight/spectral-core/-/spectral-core-1.21.0.tgz",
-      "integrity": "sha512-oj4e/FrDLUhBRocIW+lRMKlJ/q/rDZw61HkLbTFsdMd+f/FTkli2xHNB1YC6n1mrMKjjvy7XlUuFkC7XxtgbWw==",
+      "version": "1.22.0",
+      "resolved": "https://registry.npmjs.org/@stoplight/spectral-core/-/spectral-core-1.22.0.tgz",
+      "integrity": "sha512-4hTxMDs4TFUG4/jKjaZttA65gNuV2PCKI9+51I+J4nL6ylo17DlbW+sl6byKnBuV/85HxaV33ri5fEGlp8lTSA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3509,17 +3523,17 @@
         "@stoplight/types": "~13.6.0",
         "@types/es-aggregate-error": "^1.0.2",
         "@types/json-schema": "^7.0.11",
-        "ajv": "^8.17.1",
+        "ajv": "^8.18.0",
         "ajv-errors": "~3.0.0",
         "ajv-formats": "~2.1.1",
         "es-aggregate-error": "^1.0.7",
+        "expr-eval-fork": "^3.0.1",
         "jsonpath-plus": "^10.3.0",
-        "lodash": "~4.17.23",
+        "lodash": "^4.18.1",
         "lodash.topath": "^4.5.2",
-        "minimatch": "3.1.2",
+        "minimatch": "^3.1.4",
         "nimma": "0.2.3",
         "pony-cause": "^1.1.1",
-        "simple-eval": "1.0.1",
         "tslib": "^2.8.1"
       },
       "engines": {
@@ -3558,10 +3572,17 @@
         "concat-map": "0.0.1"
       }
     },
+    "node_modules/@stoplight/spectral-core/node_modules/lodash": {
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@stoplight/spectral-core/node_modules/minimatch": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
-      "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
+      "integrity": "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
@@ -3588,9 +3609,9 @@
       }
     },
     "node_modules/@stoplight/spectral-formatters": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/@stoplight/spectral-formatters/-/spectral-formatters-1.5.0.tgz",
-      "integrity": "sha512-lR7s41Z00Mf8TdXBBZQ3oi2uR8wqAtR6NO0KA8Ltk4FSpmAy0i6CKUmJG9hZQjanTnGmwpQkT/WP66p1GY3iXA==",
+      "version": "1.5.1",
+      "resolved": "https://registry.npmjs.org/@stoplight/spectral-formatters/-/spectral-formatters-1.5.1.tgz",
+      "integrity": "sha512-mGXaiIrPglPokSnbFqbkWN3DoozIbwrZAA6OgqSIl+djeD5+e6PMELg0g6r3ot3ZzntO+6/GXaDnxEQ/p9M/EQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3601,7 +3622,7 @@
         "@types/markdown-escape": "^1.1.3",
         "chalk": "4.1.2",
         "cliui": "7.0.4",
-        "lodash": "^4.17.21",
+        "lodash": "^4.18.1",
         "markdown-escape": "^2.0.0",
         "node-sarif-builder": "^2.0.3",
         "strip-ansi": "6.0",
@@ -3612,10 +3633,17 @@
         "node": "^16.20 || ^18.18 || >= 20.17"
       }
     },
+    "node_modules/@stoplight/spectral-formatters/node_modules/lodash": {
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@stoplight/spectral-functions": {
-      "version": "1.10.1",
-      "resolved": "https://registry.npmjs.org/@stoplight/spectral-functions/-/spectral-functions-1.10.1.tgz",
-      "integrity": "sha512-obu8ZfoHxELOapfGsCJixKZXZcffjg+lSoNuttpmUFuDzVLT3VmH8QkPXfOGOL5Pz80BR35ClNAToDkdnYIURg==",
+      "version": "1.10.2",
+      "resolved": "https://registry.npmjs.org/@stoplight/spectral-functions/-/spectral-functions-1.10.2.tgz",
+      "integrity": "sha512-PIfPUgTRo8EtAnL1MIrzhHoUuojSaE8shGSMaHS3BxGyc8d079BE5+TqJa1/WLUb9YT9JQnZ0Aj4xfi8NcJOIw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3624,17 +3652,24 @@
         "@stoplight/spectral-core": "^1.19.4",
         "@stoplight/spectral-formats": "^1.8.1",
         "@stoplight/spectral-runtime": "^1.1.2",
-        "ajv": "^8.17.1",
+        "ajv": "^8.18.0",
         "ajv-draft-04": "~1.0.0",
         "ajv-errors": "~3.0.0",
         "ajv-formats": "~2.1.1",
-        "lodash": "~4.17.21",
+        "lodash": "^4.18.1",
         "tslib": "^2.8.1"
       },
       "engines": {
         "node": "^16.20 || ^18.18 || >= 20.17"
       }
     },
+    "node_modules/@stoplight/spectral-functions/node_modules/lodash": {
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@stoplight/spectral-parsers": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/@stoplight/spectral-parsers/-/spectral-parsers-1.0.5.tgz",
@@ -3683,9 +3718,9 @@
       }
     },
     "node_modules/@stoplight/spectral-ruleset-bundler": {
-      "version": "1.6.3",
-      "resolved": "https://registry.npmjs.org/@stoplight/spectral-ruleset-bundler/-/spectral-ruleset-bundler-1.6.3.tgz",
-      "integrity": "sha512-AQFRO6OCKg8SZJUupnr3+OzI1LrMieDTEUHsYgmaRpNiDRPvzImE3bzM1KyQg99q58kTQyZ8kpr7sG8Lp94RRA==",
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/@stoplight/spectral-ruleset-bundler/-/spectral-ruleset-bundler-1.7.0.tgz",
+      "integrity": "sha512-PpIdj5Wje0T7ktxY8EUzBWLU0+mGGQHznT8nlQxTMnRhWLNYsm6HvSZDXLtMi+86yqvTuf7loJy6JvLBDzHGAA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3702,7 +3737,7 @@
         "@stoplight/types": "^13.6.0",
         "@types/node": "*",
         "pony-cause": "1.1.1",
-        "rollup": "~2.79.2",
+        "rollup": "~2.80.0",
         "tslib": "^2.8.1",
         "validate-npm-package-name": "3.0.0"
       },
@@ -3711,9 +3746,9 @@
       }
     },
     "node_modules/@stoplight/spectral-ruleset-migrator": {
-      "version": "1.11.3",
-      "resolved": "https://registry.npmjs.org/@stoplight/spectral-ruleset-migrator/-/spectral-ruleset-migrator-1.11.3.tgz",
-      "integrity": "sha512-+9Y1zFxYmSsneT5FPkgS1IlRQs0VgtdMT77f5xf6vzje9ezyhfs7oXwbZOCSZjEJew8iVZBKQtiOFndcBrdtqg==",
+      "version": "1.12.0",
+      "resolved": "https://registry.npmjs.org/@stoplight/spectral-ruleset-migrator/-/spectral-ruleset-migrator-1.12.0.tgz",
+      "integrity": "sha512-KINmItys8OhdmjudgcIu7siuxQ4hDdbMsTPW/UkXhoiEosiwok1xAyaYLBfckH9zH85TZBkDDbIbsiMoDCIxBw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3725,7 +3760,7 @@
         "@stoplight/types": "^13.6.0",
         "@stoplight/yaml": "~4.2.3",
         "@types/node": "*",
-        "ajv": "^8.17.1",
+        "ajv": "^8.18.0",
         "ast-types": "0.14.2",
         "astring": "^1.9.0",
         "reserved": "0.1.2",
@@ -3760,9 +3795,9 @@
       "license": "Apache-2.0"
     },
     "node_modules/@stoplight/spectral-rulesets": {
-      "version": "1.22.0",
-      "resolved": "https://registry.npmjs.org/@stoplight/spectral-rulesets/-/spectral-rulesets-1.22.0.tgz",
-      "integrity": "sha512-l2EY2jiKKLsvnPfGy+pXC0LeGsbJzcQP5G/AojHgf+cwN//VYxW1Wvv4WKFx/CLmLxc42mJYF2juwWofjWYNIQ==",
+      "version": "1.22.1",
+      "resolved": "https://registry.npmjs.org/@stoplight/spectral-rulesets/-/spectral-rulesets-1.22.1.tgz",
+      "integrity": "sha512-DaaQJioKuYkRsOuKIJfX2ek7G7f6OCU3CI3K7ABaOcTFMiHj29SJLDdb04mCjXZFXMlXHjmCl2ZpKW6heieXpw==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3775,21 +3810,28 @@
         "@stoplight/spectral-runtime": "^1.1.2",
         "@stoplight/types": "^13.6.0",
         "@types/json-schema": "^7.0.7",
-        "ajv": "^8.17.1",
+        "ajv": "^8.18.0",
         "ajv-formats": "~2.1.1",
         "json-schema-traverse": "^1.0.0",
         "leven": "3.1.0",
-        "lodash": "~4.17.21",
+        "lodash": "^4.18.1",
         "tslib": "^2.8.1"
       },
       "engines": {
         "node": "^16.20 || ^18.18 || >= 20.17"
       }
     },
+    "node_modules/@stoplight/spectral-rulesets/node_modules/lodash": {
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@stoplight/spectral-runtime": {
-      "version": "1.1.4",
-      "resolved": "https://registry.npmjs.org/@stoplight/spectral-runtime/-/spectral-runtime-1.1.4.tgz",
-      "integrity": "sha512-YHbhX3dqW0do6DhiPSgSGQzr6yQLlWybhKwWx0cqxjMwxej3TqLv3BXMfIUYFKKUqIwH4Q2mV8rrMM8qD2N0rQ==",
+      "version": "1.1.5",
+      "resolved": "https://registry.npmjs.org/@stoplight/spectral-runtime/-/spectral-runtime-1.1.5.tgz",
+      "integrity": "sha512-6/HSCQBKnI4M5qonCKos2W7oggXv+U/ml+m/cAd4eJAYfIVEmaLUo03qSWIIl4cBc5ujJPmn2WnCiRrz1++P7Q==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3797,7 +3839,7 @@
         "@stoplight/path": "^1.3.2",
         "@stoplight/types": "^13.6.0",
         "abort-controller": "^3.0.0",
-        "lodash": "^4.17.21",
+        "lodash": "^4.18.1",
         "node-fetch": "^2.7.0",
         "tslib": "^2.8.1"
       },
@@ -3805,6 +3847,13 @@
         "node": "^16.20 || ^18.18 || >= 20.17"
       }
     },
+    "node_modules/@stoplight/spectral-runtime/node_modules/lodash": {
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@stoplight/types": {
       "version": "13.20.0",
       "resolved": "https://registry.npmjs.org/@stoplight/types/-/types-13.20.0.tgz",
@@ -5789,9 +5838,9 @@
       }
     },
     "node_modules/axe-core": {
-      "version": "4.11.2",
-      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.11.2.tgz",
-      "integrity": "sha512-byD6KPdvo72y/wj2T/4zGEvvlis+PsZsn/yPS3pEO+sFpcrqRpX/TJCxvVaEsNeMrfQbCr7w163YqoD9IYwHXw==",
+      "version": "4.11.3",
+      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.11.3.tgz",
+      "integrity": "sha512-zBQouZixDTbo3jMGqHKyePxYxr1e5W8UdTmBQ7sNtaA9M2bE32daxxPLS/jojhKOHxQ7LWwPjfiwf/fhaJWzlg==",
       "dev": true,
       "license": "MPL-2.0",
       "engines": {
@@ -5828,9 +5877,9 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.10.18",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.18.tgz",
-      "integrity": "sha512-VSnGQAOLtP5mib/DPyg2/t+Tlv65NTBz83BJBJvmLVHHuKJVaDOBvJJykiT5TR++em5nfAySPccDZDa4oSrn8A==",
+      "version": "2.10.20",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.20.tgz",
+      "integrity": "sha512-1AaXxEPfXT+GvTBJFuy4yXVHWJBXa4OdbIebGN/wX5DlsIkU0+wzGnd2lOzokSk51d5LUmqjgBLRLlypLUqInQ==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.cjs"
@@ -6077,9 +6126,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001787",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001787.tgz",
-      "integrity": "sha512-mNcrMN9KeI68u7muanUpEejSLghOKlVhRqS/Za2IeyGllJ9I9otGpR9g3nsw7n4W378TE/LyIteA0+/FOZm4Kg==",
+      "version": "1.0.30001788",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001788.tgz",
+      "integrity": "sha512-6q8HFp+lOQtcf7wBK+uEenxymVWkGKkjFpCvw5W25cmMwEDU45p1xQFBQv8JDlMMry7eNxyBaR+qxgmTUZkIRQ==",
       "funding": [
         {
           "type": "opencollective",
@@ -7505,9 +7554,9 @@
       }
     },
     "node_modules/dompurify": {
-      "version": "3.3.3",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.3.tgz",
-      "integrity": "sha512-Oj6pzI2+RqBfFG+qOaOLbFXLQ90ARpcGG6UePL82bJLtdsa6CYJD7nmiU8MW9nQNOtCHV3lZ/Bzq1X0QYbBZCA==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.0.tgz",
+      "integrity": "sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==",
       "license": "(MPL-2.0 OR Apache-2.0)",
       "optionalDependencies": {
         "@types/trusted-types": "^2.0.7"
@@ -7626,9 +7675,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.335",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.335.tgz",
-      "integrity": "sha512-q9n5T4BR4Xwa2cwbrwcsDJtHD/enpQ5S1xF1IAtdqf5AAgqDFmR/aakqH3ChFdqd/QXJhS3rnnXFtexU7rax6Q==",
+      "version": "1.5.340",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.340.tgz",
+      "integrity": "sha512-908qahOGocRMinT2nM3ajCEM99H4iPdv84eagPP3FfZy/1ZGeOy2CZYzjhms81ckOPCXPlW7LkY4XpxD8r1DrA==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -8605,6 +8654,16 @@
         "node": ">=12.0.0"
       }
     },
+    "node_modules/expr-eval-fork": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/expr-eval-fork/-/expr-eval-fork-3.0.3.tgz",
+      "integrity": "sha512-BhC+hbc5lIVjygr840n5DEkW3MQq7H9o+mc1/N7Z5uIiCFVyESLL5DIE7LNq4CYUNxy+XjA+3jRrL/h0Kt2xcg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=16.9.0"
+      }
+    },
     "node_modules/fast-deep-equal": {
       "version": "3.1.3",
       "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
@@ -9042,9 +9101,9 @@
       }
     },
     "node_modules/get-tsconfig": {
-      "version": "4.13.7",
-      "resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.13.7.tgz",
-      "integrity": "sha512-7tN6rFgBlMgpBML5j8typ92BKFi2sFQvIdpAqLA2beia5avZDrMs0FLZiM5etShWq5irVyGcGMEA1jcDaK7A/Q==",
+      "version": "4.14.0",
+      "resolved": "https://registry.npmjs.org/get-tsconfig/-/get-tsconfig-4.14.0.tgz",
+      "integrity": "sha512-yTb+8DXzDREzgvYmh6s9vHsSVCHeC0G3PI5bEXNBHtmshPnO+S5O7qgLEOn0I5QvMy6kpZN8K1NKGyilLb93wA==",
       "license": "MIT",
       "dependencies": {
         "resolve-pkg-maps": "^1.0.0"
@@ -9385,9 +9444,9 @@
       }
     },
     "node_modules/hasown": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
-      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz",
+      "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==",
       "license": "MIT",
       "dependencies": {
         "function-bind": "^1.1.2"
@@ -12101,6 +12160,15 @@
         "node": ">=8.6"
       }
     },
+    "node_modules/mime-db": {
+      "version": "1.54.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz",
+      "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 0.6"
+      }
+    },
     "node_modules/mini-css-extract-plugin": {
       "version": "2.10.0",
       "resolved": "https://registry.npmjs.org/mini-css-extract-plugin/-/mini-css-extract-plugin-2.10.0.tgz",
@@ -13773,9 +13841,9 @@
       "license": "MIT"
     },
     "node_modules/rollup": {
-      "version": "2.79.2",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.79.2.tgz",
-      "integrity": "sha512-fS6iqSPZDs3dr/y7Od6y5nha8dW1YnbgtsyotCVvoFGKbERG++CVRFv1meyGDE1SNItQA8BrnCw7ScdAhRJ3XQ==",
+      "version": "2.80.0",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-2.80.0.tgz",
+      "integrity": "sha512-cIFJOD1DESzpjOBl763Kp1AH7UE/0fcdHe6rZXUdQ9c50uvgigvW97u3IcSeBwOkgqL/PXPBktBCh0KEu5L8XQ==",
       "dev": true,
       "license": "MIT",
       "bin": {
@@ -14220,19 +14288,6 @@
         "url": "https://github.com/sponsors/isaacs"
       }
     },
-    "node_modules/simple-eval": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/simple-eval/-/simple-eval-1.0.1.tgz",
-      "integrity": "sha512-LH7FpTAkeD+y5xQC4fzS+tFtaNlvt3Ib1zKzvhjv/Y+cioV4zIuw4IZr2yhRLu67CWL7FR9/6KXKnjRoZTvGGQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "jsep": "^1.3.6"
-      },
-      "engines": {
-        "node": ">=12"
-      }
-    },
     "node_modules/slash": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz",
@@ -14462,9 +14517,9 @@
       }
     },
     "node_modules/std-env": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/std-env/-/std-env-4.0.0.tgz",
-      "integrity": "sha512-zUMPtQ/HBY3/50VbpkupYHbRroTRZJPRLvreamgErJVys0ceuzMkD44J/QjqhHjOzK42GQ3QZIeFG1OYfOtKqQ==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/std-env/-/std-env-4.1.0.tgz",
+      "integrity": "sha512-Rq7ybcX2RuC55r9oaPVEW7/xu3tj8u4GeBYHBWCychFtzMIr86A7e3PPEBPT37sHStKX3+TiX/Fr/ACmJLVlLQ==",
       "dev": true,
       "license": "MIT"
     },
@@ -14835,9 +14890,9 @@
       }
     },
     "node_modules/stylis": {
-      "version": "4.3.6",
-      "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.3.6.tgz",
-      "integrity": "sha512-yQ3rwFWRfwNUY7H5vpU0wfdkNSnvnJinhF9830Swlaxl03zsOjCfmX0ugac+3LtK0lYSgwL/KXc8oYL3mG4YFQ==",
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/stylis/-/stylis-4.4.0.tgz",
+      "integrity": "sha512-5Z9ZpRzfuH6l/UAvCPAPUo3665Nk2wLaZU3x+TLHKVzIz33+sbJqbtrYoC3KD4/uVOr2Zp+L0LySezP9OHV9yA==",
       "license": "MIT"
     },
     "node_modules/stylus": {
@@ -16264,15 +16319,6 @@
         "node": ">=4.0"
       }
     },
-    "node_modules/webpack/node_modules/mime-db": {
-      "version": "1.54.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.54.0.tgz",
-      "integrity": "sha512-aU5EJuIN2WDemCcAp2vFBfp/m4EAhWJnUNSSw0ixs7/kXbd6Pg64EmwJkNdFhB8aWt1sH2CTXrLxo/iAGV3oPQ==",
-      "license": "MIT",
-      "engines": {
-        "node": ">= 0.6"
-      }
-    },
     "node_modules/whatwg-mimetype": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-3.0.0.tgz",
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index 18f0eaa586..9d6477ee33 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -1032,9 +1032,9 @@
       }
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.10.18",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.18.tgz",
-      "integrity": "sha512-VSnGQAOLtP5mib/DPyg2/t+Tlv65NTBz83BJBJvmLVHHuKJVaDOBvJJykiT5TR++em5nfAySPccDZDa4oSrn8A==",
+      "version": "2.10.20",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.20.tgz",
+      "integrity": "sha512-1AaXxEPfXT+GvTBJFuy4yXVHWJBXa4OdbIebGN/wX5DlsIkU0+wzGnd2lOzokSk51d5LUmqjgBLRLlypLUqInQ==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.cjs"
@@ -1264,9 +1264,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001787",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001787.tgz",
-      "integrity": "sha512-mNcrMN9KeI68u7muanUpEejSLghOKlVhRqS/Za2IeyGllJ9I9otGpR9g3nsw7n4W378TE/LyIteA0+/FOZm4Kg==",
+      "version": "1.0.30001788",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001788.tgz",
+      "integrity": "sha512-6q8HFp+lOQtcf7wBK+uEenxymVWkGKkjFpCvw5W25cmMwEDU45p1xQFBQv8JDlMMry7eNxyBaR+qxgmTUZkIRQ==",
       "funding": [
         {
           "type": "opencollective",
@@ -2020,9 +2020,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.335",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.335.tgz",
-      "integrity": "sha512-q9n5T4BR4Xwa2cwbrwcsDJtHD/enpQ5S1xF1IAtdqf5AAgqDFmR/aakqH3ChFdqd/QXJhS3rnnXFtexU7rax6Q==",
+      "version": "1.5.340",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.340.tgz",
+      "integrity": "sha512-908qahOGocRMinT2nM3ajCEM99H4iPdv84eagPP3FfZy/1ZGeOy2CZYzjhms81ckOPCXPlW7LkY4XpxD8r1DrA==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -4454,9 +4454,9 @@
       }
     },
     "node_modules/hasown": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
-      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.3.tgz",
+      "integrity": "sha512-ej4AhfhfL2Q2zpMmLo7U1Uv9+PyhIZpgQLGT1F9miIGmiCJIoCgSmczFdrc97mWT4kVY72KA+WnnhJ5pghSvSg==",
       "license": "MIT",
       "dependencies": {
         "function-bind": "^1.1.2"

From 469cd0847e5bef42546ea3f3b260d936b39e3d9b Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 20 Apr 2026 03:08:30 +0200
Subject: [PATCH 716/854] Update
 https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.6.0
 (forgejo) (#12156)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12156
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 .forgejo/workflows/build-release.yml   | 4 ++--
 .forgejo/workflows/publish-release.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
index 5794558a85..ca259f7e7b 100644
--- a/.forgejo/workflows/build-release.yml
+++ b/.forgejo/workflows/build-release.yml
@@ -164,7 +164,7 @@ jobs:
 
       - name: build container & release
         if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.5.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.6.0
         with:
           forgejo: "${{ env.GITHUB_SERVER_URL }}"
           owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
@@ -183,7 +183,7 @@ jobs:
 
       - name: build rootless container
         if: ${{ secrets.TOKEN != '' }}
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.5.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/build@v5.6.0
         with:
           forgejo: "${{ env.GITHUB_SERVER_URL }}"
           owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index 312ccfa9db..4695076581 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -44,7 +44,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - name: copy & sign
-        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.5.1
+        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.6.0
         with:
           from-forgejo: ${{ vars.FORGEJO }}
           to-forgejo: ${{ vars.FORGEJO }}

From f9b363091116968aacafb46a45d0c42cde7ce381 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 20 Apr 2026 03:37:57 +0200
Subject: [PATCH 717/854] Update renovate Docker tag to v43.132.0 (forgejo)
 (#12194)

Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index bc5c481a15..c744077a56 100644
--- a/Makefile
+++ b/Makefile
@@ -48,7 +48,7 @@ GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasour
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.44.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.111.0 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.132.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From a85c5277091f3e6faad88b3e2134924fa739cee8 Mon Sep 17 00:00:00 2001
From: ShellWen <me@shellwen.com>
Date: Mon, 20 Apr 2026 05:10:54 +0200
Subject: [PATCH 718/854] feat(api): add REST API endpoints for Actions
 artifacts (#12140)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(not applicable — Go-only change)

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

## Summary

Add public REST API endpoints under `/api/v1/` for listing, inspecting, downloading, and deleting Actions artifacts. Previously, artifacts could only be accessed through the web UI or the internal runner API.

### New endpoints

| Method | Path | Description |
|--------|------|-------------|
| `GET` | `/repos/{owner}/{repo}/actions/artifacts` | List all artifacts for a repository |
| `GET` | `/repos/{owner}/{repo}/actions/runs/{run_id}/artifacts` | List artifacts for a workflow run |
| `GET` | `/repos/{owner}/{repo}/actions/artifacts/{artifact_id}` | Get artifact metadata |
| `GET` | `/repos/{owner}/{repo}/actions/artifacts/{artifact_id}/zip` | Download artifact as zip |
| `DELETE` | `/repos/{owner}/{repo}/actions/artifacts/{artifact_id}` | Delete an artifact |

- List endpoints support `page`, `limit`, and `name` query parameters
- Both v1-v3 (multi-file, zip on-the-fly) and v4 (single zip) artifact backends are supported
- Expired artifacts are listed with `expired: true` but cannot be downloaded
- Delete requires write permission; all other endpoints require read permission

Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12140
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: ShellWen <me@shellwen.com>
Co-committed-by: ShellWen <me@shellwen.com>
---
 models/actions/artifact.go                    | 113 +++++-
 modules/structs/action.go                     |  23 ++
 routers/api/v1/api.go                         |   7 +
 routers/api/v1/repo/action.go                 | 314 ++++++++++++++++
 routers/api/v1/swagger/repo.go                |  14 +
 routers/web/repo/actions/view.go              |  64 +---
 services/actions/download.go                  |  96 +++++
 services/convert/action.go                    |  16 +
 templates/swagger/v1_json.tmpl                | 341 ++++++++++++++++++
 .../api_repo_action_artifact_test.go          | 285 +++++++++++++++
 10 files changed, 1210 insertions(+), 63 deletions(-)
 create mode 100644 services/actions/download.go
 create mode 100644 tests/integration/api_repo_action_artifact_test.go

diff --git a/models/actions/artifact.go b/models/actions/artifact.go
index 492e3f6cea..25bf58705a 100644
--- a/models/actions/artifact.go
+++ b/models/actions/artifact.go
@@ -9,6 +9,7 @@ package actions
 import (
 	"context"
 	"errors"
+	"fmt"
 	"time"
 
 	"forgejo.org/models/db"
@@ -88,6 +89,13 @@ func CreateArtifact(ctx context.Context, t *ActionTask, artifactName, artifactPa
 	return artifact, nil
 }
 
+// IsV4 reports whether the artifact was uploaded via the v4 backend.
+// The v4 backend stores the whole artifact as a single zip file;
+// v1-v3 stores each file as a separate row.
+func (a *ActionArtifact) IsV4() bool {
+	return a.ArtifactName+".zip" == a.ArtifactPath && a.ContentEncoding == "application/zip"
+}
+
 func getArtifactByNameAndPath(ctx context.Context, runID int64, name, fpath string) (*ActionArtifact, error) {
 	var art ActionArtifact
 	has, err := db.GetEngine(ctx).Where("run_id = ? AND artifact_name = ? AND artifact_path = ?", runID, name, fpath).Get(&art)
@@ -150,11 +158,32 @@ type ActionArtifactMeta struct {
 	Status       ArtifactStatus
 }
 
+// AggregatedArtifact is the aggregated view of a logical artifact
+// (one or more rows sharing the same run_id + artifact_name), used by the
+// public API to represent a single artifact to clients.
+type AggregatedArtifact struct {
+	ID           int64              `xorm:"id"`
+	RunID        int64              `xorm:"run_id"`
+	RepoID       int64              `xorm:"-"`
+	ArtifactName string             `xorm:"artifact_name"`
+	FileSize     int64              `xorm:"file_size"`
+	Status       ArtifactStatus     `xorm:"status"`
+	CreatedUnix  timeutil.TimeStamp `xorm:"created_unix"`
+	UpdatedUnix  timeutil.TimeStamp `xorm:"updated_unix"`
+	ExpiredUnix  timeutil.TimeStamp `xorm:"expired_unix"`
+}
+
+// APIDownloadURL returns the download URL for this artifact under the given
+// repository API URL prefix (e.g. "https://host/api/v1/repos/owner/name").
+func (a *AggregatedArtifact) APIDownloadURL(repoAPIURL string) string {
+	return fmt.Sprintf("%s/actions/artifacts/%d/zip", repoAPIURL, a.ID)
+}
+
 // ListUploadedArtifactsMeta returns all uploaded artifacts meta of a run
 func ListUploadedArtifactsMeta(ctx context.Context, runID int64) ([]*ActionArtifactMeta, error) {
 	arts := make([]*ActionArtifactMeta, 0, 10)
 	return arts, db.GetEngine(ctx).Table("action_artifact").
-		Where("run_id=? AND (status=? OR status=?)", runID, ArtifactStatusUploadConfirmed, ArtifactStatusExpired).
+		Where(builder.Eq{"run_id": runID}.And(builder.In("status", ArtifactStatusUploadConfirmed, ArtifactStatusExpired))).
 		GroupBy("artifact_name").
 		Select("artifact_name, sum(file_size) as file_size, max(status) as status").
 		Find(&arts)
@@ -192,3 +221,85 @@ func SetArtifactDeleted(ctx context.Context, artifactID int64) error {
 	_, err := db.GetEngine(ctx).ID(artifactID).Cols("status").Update(&ActionArtifact{Status: int64(ArtifactStatusDeleted)})
 	return err
 }
+
+// aggregatedArtifactConds returns the common WHERE clause used by aggregated
+// artifact queries: restrict to visible statuses and apply the caller's filters.
+// The Status field on opts is ignored — visibility is fixed to UploadConfirmed/Expired.
+func aggregatedArtifactConds(opts FindArtifactsOptions) builder.Cond {
+	opts.Status = 0
+	return opts.ToConds().And(builder.In("status", ArtifactStatusUploadConfirmed, ArtifactStatusExpired))
+}
+
+const aggregatedArtifactSelect = "min(id) as id, run_id, artifact_name, sum(file_size) as file_size, max(status) as status, min(created_unix) as created_unix, max(updated_unix) as updated_unix, max(expired_unix) as expired_unix"
+
+// ListAggregatedArtifacts returns paginated aggregated artifacts.
+// Each result represents one logical artifact: a (run_id, artifact_name) group,
+// with ID = MIN(id), FileSize = SUM(file_size), Status = MAX(status), and
+// timestamps aggregated accordingly. Status filter in opts is ignored; results
+// are always restricted to UploadConfirmed and Expired statuses.
+func ListAggregatedArtifacts(ctx context.Context, opts FindArtifactsOptions) ([]*AggregatedArtifact, int64, error) {
+	cond := aggregatedArtifactConds(opts)
+
+	var countKeys []struct {
+		ID int64 `xorm:"id"`
+	}
+	if err := db.GetEngine(ctx).Table("action_artifact").
+		Where(cond).
+		GroupBy("run_id, artifact_name").
+		Select("min(id) as id").
+		Find(&countKeys); err != nil {
+		return nil, 0, err
+	}
+	total := int64(len(countKeys))
+
+	sess := db.GetEngine(ctx).Table("action_artifact").
+		Where(cond).
+		GroupBy("run_id, artifact_name").
+		Select(aggregatedArtifactSelect).
+		OrderBy("id DESC")
+
+	capacity := 10
+	if opts.PageSize > 0 {
+		sess = sess.Limit(opts.PageSize, (opts.Page-1)*opts.PageSize)
+		capacity = opts.PageSize
+	}
+
+	arts := make([]*AggregatedArtifact, 0, capacity)
+	return arts, total, sess.Find(&arts)
+}
+
+// GetAggregatedArtifactByID returns the aggregated artifact by its canonical ID
+// (MIN(id) of the group), scoped to the given repository. Returns util.ErrNotExist
+// when the ID does not exist, is not canonical for its group, or does not belong to repoID.
+// The repoID scoping is performed in the query so callers don't need a follow-up check.
+func GetAggregatedArtifactByID(ctx context.Context, repoID, artifactID int64) (*AggregatedArtifact, error) {
+	var art ActionArtifact
+	has, err := db.GetEngine(ctx).Where(builder.Eq{"id": artifactID, "repo_id": repoID}).Get(&art)
+	if err != nil {
+		return nil, err
+	}
+	if !has {
+		return nil, util.ErrNotExist
+	}
+
+	cond := aggregatedArtifactConds(FindArtifactsOptions{
+		RunID:        art.RunID,
+		ArtifactName: art.ArtifactName,
+	})
+
+	meta := new(AggregatedArtifact)
+	has, err = db.GetEngine(ctx).Table("action_artifact").
+		Where(cond).
+		GroupBy("run_id, artifact_name").
+		Select(aggregatedArtifactSelect).
+		Get(meta)
+	if err != nil {
+		return nil, err
+	}
+	if !has || meta.ID != artifactID {
+		return nil, util.ErrNotExist
+	}
+
+	meta.RepoID = art.RepoID
+	return meta, nil
+}
diff --git a/modules/structs/action.go b/modules/structs/action.go
index cb6d76f3e3..1f015a08fb 100644
--- a/modules/structs/action.go
+++ b/modules/structs/action.go
@@ -88,3 +88,26 @@ type ListActionRunResponse struct {
 	Entries    []*ActionRun `json:"workflow_runs"`
 	TotalCount int64        `json:"total_count"`
 }
+
+// ActionArtifact represents an artifact of a workflow run
+// swagger:model
+type ActionArtifact struct {
+	// the artifact's ID
+	ID int64 `json:"id"`
+	// the artifact's name
+	Name string `json:"name"`
+	// the total size of the artifact in bytes
+	SizeInBytes int64 `json:"size_in_bytes"`
+	// the URL to download the artifact zip archive
+	ArchiveDownloadURL string `json:"archive_download_url"`
+	// whether the artifact has expired
+	Expired bool `json:"expired"`
+	// the ID of the workflow run that produced this artifact
+	RunID int64 `json:"run_id"`
+	// swagger:strfmt date-time
+	CreatedAt time.Time `json:"created_at"`
+	// swagger:strfmt date-time
+	UpdatedAt time.Time `json:"updated_at"`
+	// swagger:strfmt date-time
+	ExpiresAt time.Time `json:"expires_at"`
+}
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index efd10b567f..715aa9003b 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -1240,10 +1240,17 @@ func Routes() *web.Route {
 				}, reqToken(), reqAdmin())
 				m.Group("/actions", func() {
 					m.Get("/tasks", repo.ListActionTasks)
+					m.Group("/artifacts", func() {
+						m.Get("", repo.ListActionArtifacts)
+						m.Get("/{artifact_id}", repo.GetActionArtifact)
+						m.Delete("/{artifact_id}", reqToken(), reqRepoWriter(unit.TypeActions), repo.DeleteActionArtifact)
+						m.Get("/{artifact_id}/zip", repo.DownloadActionArtifact)
+					})
 					m.Group("/runs", func() {
 						m.Get("", repo.ListActionRuns)
 						m.Get("/{run_id}", repo.GetActionRun)
 						m.Get("/{run_id}/jobs", repo.ListActionRunJobs)
+						m.Get("/{run_id}/artifacts", repo.ListActionRunArtifacts)
 					})
 
 					m.Group("/workflows", func() {
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index ba430d2e64..63d9e830b7 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -1096,3 +1096,317 @@ func ListActionRunJobs(ctx *context.APIContext) {
 
 	ctx.JSON(http.StatusOK, response)
 }
+
+// ListActionArtifacts list artifacts for a repository
+func ListActionArtifacts(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/actions/artifacts repository ListActionArtifacts
+	// ---
+	// summary: List a repository's artifacts
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: name
+	//   in: query
+	//   description: filter by artifact name
+	//   type: string
+	// - name: page
+	//   in: query
+	//   description: page number of results to return (1-based)
+	//   type: integer
+	// - name: limit
+	//   in: query
+	//   description: page size of results, default maximum page size is 50
+	//   type: integer
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/ActionArtifactList"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+
+	opts := actions_model.FindArtifactsOptions{
+		ListOptions:  utils.GetListOptions(ctx),
+		RepoID:       ctx.Repo.Repository.ID,
+		ArtifactName: ctx.FormString("name"),
+	}
+
+	arts, total, err := actions_model.ListAggregatedArtifacts(ctx, opts)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "ListAggregatedArtifacts", err)
+		return
+	}
+
+	repoAPIURL := ctx.Repo.Repository.APIURL()
+
+	entries := make([]*api.ActionArtifact, len(arts))
+	for i, art := range arts {
+		entries[i] = convert.ToActionArtifact(repoAPIURL, art)
+	}
+
+	ctx.SetLinkHeader(int(total), opts.PageSize)
+	ctx.SetTotalCountHeader(total)
+	ctx.JSON(http.StatusOK, entries)
+}
+
+// ListActionRunArtifacts list artifacts for a workflow run
+func ListActionRunArtifacts(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts repository ListActionRunArtifacts
+	// ---
+	// summary: List artifacts of a workflow run
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: run_id
+	//   in: path
+	//   description: ID of the workflow run
+	//   type: integer
+	//   format: int64
+	//   required: true
+	// - name: name
+	//   in: query
+	//   description: filter by artifact name
+	//   type: string
+	// - name: page
+	//   in: query
+	//   description: page number of results to return (1-based)
+	//   type: integer
+	// - name: limit
+	//   in: query
+	//   description: page size of results, default maximum page size is 50
+	//   type: integer
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/ActionArtifactList"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	runID := ctx.ParamsInt64(":run_id")
+	run, err := actions_model.GetRunByID(ctx, runID)
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			ctx.Error(http.StatusNotFound, "GetRunByID", err)
+		} else {
+			ctx.Error(http.StatusInternalServerError, "GetRunByID", err)
+		}
+		return
+	}
+	if ctx.Repo.Repository.ID != run.RepoID {
+		ctx.Error(http.StatusNotFound, "GetRunByID", util.ErrNotExist)
+		return
+	}
+
+	opts := actions_model.FindArtifactsOptions{
+		ListOptions:  utils.GetListOptions(ctx),
+		RunID:        runID,
+		ArtifactName: ctx.FormString("name"),
+	}
+
+	arts, total, err := actions_model.ListAggregatedArtifacts(ctx, opts)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "ListAggregatedArtifacts", err)
+		return
+	}
+
+	repoAPIURL := ctx.Repo.Repository.APIURL()
+
+	entries := make([]*api.ActionArtifact, len(arts))
+	for i, art := range arts {
+		entries[i] = convert.ToActionArtifact(repoAPIURL, art)
+	}
+
+	ctx.SetLinkHeader(int(total), opts.PageSize)
+	ctx.SetTotalCountHeader(total)
+	ctx.JSON(http.StatusOK, entries)
+}
+
+// GetActionArtifact get an artifact by its ID
+func GetActionArtifact(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id} repository GetActionArtifact
+	// ---
+	// summary: Get an artifact by ID
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: artifact_id
+	//   in: path
+	//   description: ID of the artifact
+	//   type: integer
+	//   format: int64
+	//   required: true
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/ActionArtifact"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	meta, err := actions_model.GetAggregatedArtifactByID(ctx, ctx.Repo.Repository.ID, ctx.ParamsInt64(":artifact_id"))
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			ctx.Error(http.StatusNotFound, "GetAggregatedArtifactByID", err)
+		} else {
+			ctx.Error(http.StatusInternalServerError, "GetAggregatedArtifactByID", err)
+		}
+		return
+	}
+
+	ctx.JSON(http.StatusOK, convert.ToActionArtifact(ctx.Repo.Repository.APIURL(), meta))
+}
+
+// DownloadActionArtifact download an artifact by its ID
+func DownloadActionArtifact(ctx *context.APIContext) {
+	// swagger:operation GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}/zip repository DownloadActionArtifact
+	// ---
+	// summary: Download an artifact
+	// produces:
+	// - application/zip
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: artifact_id
+	//   in: path
+	//   description: ID of the artifact
+	//   type: integer
+	//   format: int64
+	//   required: true
+	// responses:
+	//   "200":
+	//     description: the artifact archive
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	meta, err := actions_model.GetAggregatedArtifactByID(ctx, ctx.Repo.Repository.ID, ctx.ParamsInt64(":artifact_id"))
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			ctx.Error(http.StatusNotFound, "GetAggregatedArtifactByID", err)
+		} else {
+			ctx.Error(http.StatusInternalServerError, "GetAggregatedArtifactByID", err)
+		}
+		return
+	}
+
+	// Load all artifact rows for this logical artifact
+	artifacts, err := db.Find[actions_model.ActionArtifact](ctx, actions_model.FindArtifactsOptions{
+		RunID:        meta.RunID,
+		ArtifactName: meta.ArtifactName,
+	})
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "FindArtifacts", err)
+		return
+	}
+
+	for _, art := range artifacts {
+		if art.Status != int64(actions_model.ArtifactStatusUploadConfirmed) {
+			ctx.Error(http.StatusNotFound, "DownloadActionArtifact", errors.New("artifact not confirmed"))
+			return
+		}
+	}
+
+	if err := actions_service.ServeArtifact(ctx.Base, artifacts); err != nil {
+		ctx.Error(http.StatusInternalServerError, "ServeArtifact", err)
+		return
+	}
+}
+
+// DeleteActionArtifact marks an artifact for deletion
+func DeleteActionArtifact(ctx *context.APIContext) {
+	// swagger:operation DELETE /repos/{owner}/{repo}/actions/artifacts/{artifact_id} repository DeleteActionArtifact
+	// ---
+	// summary: Mark an artifact for deletion
+	// description: |
+	//   Marks the artifact for deletion. Storage space will be reclaimed
+	//   asynchronously by a background job.
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: artifact_id
+	//   in: path
+	//   description: ID of the artifact
+	//   type: integer
+	//   format: int64
+	//   required: true
+	// responses:
+	//   "204":
+	//     description: artifact marked for deletion
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	meta, err := actions_model.GetAggregatedArtifactByID(ctx, ctx.Repo.Repository.ID, ctx.ParamsInt64(":artifact_id"))
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			ctx.Error(http.StatusNotFound, "GetAggregatedArtifactByID", err)
+		} else {
+			ctx.Error(http.StatusInternalServerError, "GetAggregatedArtifactByID", err)
+		}
+		return
+	}
+
+	if err := actions_model.SetArtifactNeedDelete(ctx, meta.RunID, meta.ArtifactName); err != nil {
+		ctx.Error(http.StatusInternalServerError, "SetArtifactNeedDelete", err)
+		return
+	}
+
+	ctx.Status(http.StatusNoContent)
+}
diff --git a/routers/api/v1/swagger/repo.go b/routers/api/v1/swagger/repo.go
index 5ad16b21ae..f93f523d8e 100644
--- a/routers/api/v1/swagger/repo.go
+++ b/routers/api/v1/swagger/repo.go
@@ -533,3 +533,17 @@ type swaggerActionRunJobList struct {
 	// in:body
 	Body []api.ActionRunJob `json:"body"`
 }
+
+// ActionArtifactList
+// swagger:response ActionArtifactList
+type swaggerActionArtifactList struct {
+	// in:body
+	Body []api.ActionArtifact `json:"body"`
+}
+
+// ActionArtifact
+// swagger:response ActionArtifact
+type swaggerActionArtifact struct {
+	// in:body
+	Body api.ActionArtifact `json:"body"`
+}
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index b1b7b5f2df..31b757d2b3 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -5,13 +5,10 @@
 package actions
 
 import (
-	"archive/zip"
-	"compress/gzip"
 	"context"
 	"errors"
 	"fmt"
 	"html/template"
-	"io"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -28,14 +25,11 @@ import (
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
-	"forgejo.org/modules/setting"
-	"forgejo.org/modules/storage"
 	"forgejo.org/modules/templates"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/translation"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
-	"forgejo.org/routers/common"
 	actions_service "forgejo.org/services/actions"
 	app_context "forgejo.org/services/context"
 
@@ -818,7 +812,6 @@ func ArtifactsDownloadView(ctx *app_context.Context) {
 		return
 	}
 
-	// if artifacts status is not uploaded-confirmed, treat it as not found
 	for _, art := range artifacts {
 		if art.Status != int64(actions_model.ArtifactStatusUploadConfirmed) {
 			ctx.Error(http.StatusNotFound, "artifact not found")
@@ -826,63 +819,10 @@ func ArtifactsDownloadView(ctx *app_context.Context) {
 		}
 	}
 
-	// Artifacts using the v4 backend are stored as a single combined zip file per artifact on the backend
-	// The v4 backend ensures ContentEncoding is set to "application/zip", which is not the case for the old backend
-	if len(artifacts) == 1 && artifacts[0].ArtifactName+".zip" == artifacts[0].ArtifactPath && artifacts[0].ContentEncoding == "application/zip" {
-		art := artifacts[0]
-		if setting.Actions.ArtifactStorage.MinioConfig.ServeDirect {
-			u, err := storage.ActionsArtifacts.URL(art.StoragePath, art.ArtifactPath, nil)
-
-			if u != nil && err == nil {
-				ctx.Redirect(u.String())
-				return
-			}
-		}
-		f, err := storage.ActionsArtifacts.Open(art.StoragePath)
-		if err != nil {
-			ctx.Error(http.StatusInternalServerError, err.Error())
-			return
-		}
-		common.ServeContentByReadSeeker(ctx.Base, artifacts[0].ArtifactName+".zip", util.ToPointer(art.UpdatedUnix.AsTime()), f)
+	if err := actions_service.ServeArtifact(ctx.Base, artifacts); err != nil {
+		ctx.Error(http.StatusInternalServerError, err.Error())
 		return
 	}
-
-	// Artifacts using the v1-v3 backend are stored as multiple individual files per artifact on the backend
-	// Those need to be zipped for download
-	artifactName := artifacts[0].ArtifactName
-
-	ctx.Resp.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s.zip; filename*=UTF-8''%s.zip", url.PathEscape(artifactName), artifactName))
-	writer := zip.NewWriter(ctx.Resp)
-	defer writer.Close()
-	for _, art := range artifacts {
-		f, err := storage.ActionsArtifacts.Open(art.StoragePath)
-		if err != nil {
-			ctx.Error(http.StatusInternalServerError, err.Error())
-			return
-		}
-
-		var r io.ReadCloser
-		if art.ContentEncoding == "gzip" {
-			r, err = gzip.NewReader(f)
-			if err != nil {
-				ctx.Error(http.StatusInternalServerError, err.Error())
-				return
-			}
-		} else {
-			r = f
-		}
-		defer r.Close()
-
-		w, err := writer.Create(art.ArtifactPath)
-		if err != nil {
-			ctx.Error(http.StatusInternalServerError, err.Error())
-			return
-		}
-		if _, err := io.Copy(w, r); err != nil {
-			ctx.Error(http.StatusInternalServerError, err.Error())
-			return
-		}
-	}
 }
 
 func DisableWorkflowFile(ctx *app_context.Context) {
diff --git a/services/actions/download.go b/services/actions/download.go
new file mode 100644
index 0000000000..04aa1ca289
--- /dev/null
+++ b/services/actions/download.go
@@ -0,0 +1,96 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"archive/zip"
+	"compress/gzip"
+	"errors"
+	"fmt"
+	"io"
+	"net/url"
+
+	actions_model "forgejo.org/models/actions"
+	"forgejo.org/modules/httplib"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/storage"
+	"forgejo.org/modules/util"
+	"forgejo.org/services/context"
+)
+
+// ServeArtifact writes an artifact archive to the response. The given rows
+// must all belong to the same logical artifact (same run_id + artifact_name)
+// and be in ArtifactStatusUploadConfirmed; callers are responsible for
+// validating status and repository ownership beforehand.
+//
+// When the artifact was produced by the v4 backend (a single zip already
+// sitting in storage), it is streamed or redirected to directly. Otherwise
+// (v1-v3 backend) the archive is assembled on the fly from the individual
+// file rows, applying gzip decompression where needed.
+func ServeArtifact(base *context.Base, artifacts []*actions_model.ActionArtifact) error {
+	if len(artifacts) == 0 {
+		return errors.New("no artifacts to serve")
+	}
+
+	if len(artifacts) == 1 && artifacts[0].IsV4() {
+		return serveV4Artifact(base, artifacts[0])
+	}
+	return serveLegacyArtifact(base, artifacts)
+}
+
+func serveV4Artifact(base *context.Base, art *actions_model.ActionArtifact) error {
+	if setting.Actions.ArtifactStorage.MinioConfig.ServeDirect {
+		u, err := storage.ActionsArtifacts.URL(art.StoragePath, art.ArtifactPath, nil)
+		if u != nil && err == nil {
+			base.Redirect(u.String())
+			return nil
+		}
+	}
+	f, err := storage.ActionsArtifacts.Open(art.StoragePath)
+	if err != nil {
+		return err
+	}
+	httplib.ServeContentByReadSeeker(base.Req, base.Resp, art.ArtifactName+".zip", util.ToPointer(art.UpdatedUnix.AsTime()), f)
+	return nil
+}
+
+func serveLegacyArtifact(base *context.Base, artifacts []*actions_model.ActionArtifact) error {
+	name := artifacts[0].ArtifactName
+	base.Resp.Header().Set("Content-Disposition", fmt.Sprintf("attachment; filename=%s.zip; filename*=UTF-8''%s.zip", url.PathEscape(name), name))
+
+	writer := zip.NewWriter(base.Resp)
+	defer writer.Close()
+
+	for _, art := range artifacts {
+		if err := writeArtifactFile(writer, art); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func writeArtifactFile(writer *zip.Writer, art *actions_model.ActionArtifact) error {
+	f, err := storage.ActionsArtifacts.Open(art.StoragePath)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+
+	var r io.Reader = f
+	if art.ContentEncoding == "gzip" {
+		gz, err := gzip.NewReader(f)
+		if err != nil {
+			return err
+		}
+		defer gz.Close()
+		r = gz
+	}
+
+	w, err := writer.Create(art.ArtifactPath)
+	if err != nil {
+		return err
+	}
+	_, err = io.Copy(w, r)
+	return err
+}
diff --git a/services/convert/action.go b/services/convert/action.go
index 204139e3aa..dd21b9fb87 100644
--- a/services/convert/action.go
+++ b/services/convert/action.go
@@ -48,6 +48,22 @@ func ToActionRun(ctx context.Context, run *actions_model.ActionRun, doer *user_m
 	}
 }
 
+// ToActionArtifact converts an AggregatedArtifact to an API ActionArtifact.
+// repoAPIURL is the API URL prefix for the repository (e.g. from Repository.APIURL()).
+func ToActionArtifact(repoAPIURL string, art *actions_model.AggregatedArtifact) *api.ActionArtifact {
+	return &api.ActionArtifact{
+		ID:                 art.ID,
+		Name:               art.ArtifactName,
+		SizeInBytes:        art.FileSize,
+		ArchiveDownloadURL: art.APIDownloadURL(repoAPIURL),
+		Expired:            art.Status == actions_model.ArtifactStatusExpired,
+		RunID:              art.RunID,
+		CreatedAt:          art.CreatedUnix.AsTime(),
+		UpdatedAt:          art.UpdatedUnix.AsTime(),
+		ExpiresAt:          art.ExpiredUnix.AsTime(),
+	}
+}
+
 func ToActionRunJob(job *actions_model.ActionRunJob) *api.ActionRunJob {
 	if job == nil {
 		return nil
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 3401d42641..e74f0039a6 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -5460,6 +5460,209 @@
         }
       }
     },
+    "/repos/{owner}/{repo}/actions/artifacts": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "List a repository's artifacts",
+        "operationId": "ListActionArtifacts",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "filter by artifact name",
+            "name": "name",
+            "in": "query"
+          },
+          {
+            "type": "integer",
+            "description": "page number of results to return (1-based)",
+            "name": "page",
+            "in": "query"
+          },
+          {
+            "type": "integer",
+            "description": "page size of results, default maximum page size is 50",
+            "name": "limit",
+            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/ActionArtifactList"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          }
+        }
+      }
+    },
+    "/repos/{owner}/{repo}/actions/artifacts/{artifact_id}": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Get an artifact by ID",
+        "operationId": "GetActionArtifact",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "integer",
+            "format": "int64",
+            "description": "ID of the artifact",
+            "name": "artifact_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/ActionArtifact"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      },
+      "delete": {
+        "description": "Marks the artifact for deletion. Storage space will be reclaimed\nasynchronously by a background job.\n",
+        "tags": [
+          "repository"
+        ],
+        "summary": "Mark an artifact for deletion",
+        "operationId": "DeleteActionArtifact",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "integer",
+            "format": "int64",
+            "description": "ID of the artifact",
+            "name": "artifact_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "artifact marked for deletion"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
+    "/repos/{owner}/{repo}/actions/artifacts/{artifact_id}/zip": {
+      "get": {
+        "produces": [
+          "application/zip"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Download an artifact",
+        "operationId": "DownloadActionArtifact",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "integer",
+            "format": "int64",
+            "description": "ID of the artifact",
+            "name": "artifact_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "the artifact archive"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
     "/repos/{owner}/{repo}/actions/runners": {
       "get": {
         "produces": [
@@ -5888,6 +6091,74 @@
         }
       }
     },
+    "/repos/{owner}/{repo}/actions/runs/{run_id}/artifacts": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "List artifacts of a workflow run",
+        "operationId": "ListActionRunArtifacts",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "integer",
+            "format": "int64",
+            "description": "ID of the workflow run",
+            "name": "run_id",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "filter by artifact name",
+            "name": "name",
+            "in": "query"
+          },
+          {
+            "type": "integer",
+            "description": "page number of results to return (1-based)",
+            "name": "page",
+            "in": "query"
+          },
+          {
+            "type": "integer",
+            "description": "page size of results, default maximum page size is 50",
+            "name": "limit",
+            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/ActionArtifactList"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
     "/repos/{owner}/{repo}/actions/runs/{run_id}/jobs": {
       "get": {
         "produces": [
@@ -22378,6 +22649,61 @@
       },
       "x-go-package": "forgejo.org/modules/structs"
     },
+    "ActionArtifact": {
+      "description": "ActionArtifact represents an artifact of a workflow run",
+      "type": "object",
+      "properties": {
+        "archive_download_url": {
+          "description": "the URL to download the artifact zip archive",
+          "type": "string",
+          "x-go-name": "ArchiveDownloadURL"
+        },
+        "created_at": {
+          "type": "string",
+          "format": "date-time",
+          "x-go-name": "CreatedAt"
+        },
+        "expired": {
+          "description": "whether the artifact has expired",
+          "type": "boolean",
+          "x-go-name": "Expired"
+        },
+        "expires_at": {
+          "type": "string",
+          "format": "date-time",
+          "x-go-name": "ExpiresAt"
+        },
+        "id": {
+          "description": "the artifact's ID",
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "ID"
+        },
+        "name": {
+          "description": "the artifact's name",
+          "type": "string",
+          "x-go-name": "Name"
+        },
+        "run_id": {
+          "description": "the ID of the workflow run that produced this artifact",
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "RunID"
+        },
+        "size_in_bytes": {
+          "description": "the total size of the artifact in bytes",
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "SizeInBytes"
+        },
+        "updated_at": {
+          "type": "string",
+          "format": "date-time",
+          "x-go-name": "UpdatedAt"
+        }
+      },
+      "x-go-package": "forgejo.org/modules/structs"
+    },
     "ActionRun": {
       "description": "ActionRun represents an action run",
       "type": "object",
@@ -30431,6 +30757,21 @@
         }
       }
     },
+    "ActionArtifact": {
+      "description": "ActionArtifact",
+      "schema": {
+        "$ref": "#/definitions/ActionArtifact"
+      }
+    },
+    "ActionArtifactList": {
+      "description": "ActionArtifactList",
+      "schema": {
+        "type": "array",
+        "items": {
+          "$ref": "#/definitions/ActionArtifact"
+        }
+      }
+    },
     "ActionRun": {
       "description": "ActionRun",
       "schema": {
diff --git a/tests/integration/api_repo_action_artifact_test.go b/tests/integration/api_repo_action_artifact_test.go
new file mode 100644
index 0000000000..f6486557cf
--- /dev/null
+++ b/tests/integration/api_repo_action_artifact_test.go
@@ -0,0 +1,285 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	auth_model "forgejo.org/models/auth"
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	api "forgejo.org/modules/structs"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAPIListActionArtifacts(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+	token := getUserToken(t, user.LowerName, auth_model.AccessTokenScopeReadRepository)
+
+	t.Run("ListRepoArtifacts", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+
+		res := MakeRequest(t, req, http.StatusOK)
+		var entries []*api.ActionArtifact
+		DecodeJSON(t, res, &entries)
+
+		// Fixture has 2 logical artifacts with confirmed status:
+		// "multi-file-download" (run 791, ids 19+20) and "artifact-v4-download" (run 792, id 22)
+		assert.Equal(t, "2", res.Header().Get("X-Total-Count"))
+		require.Len(t, entries, 2)
+
+		names := make([]string, len(entries))
+		for i, a := range entries {
+			names[i] = a.Name
+			assert.False(t, a.Expired)
+			assert.NotZero(t, a.SizeInBytes)
+			assert.Contains(t, a.ArchiveDownloadURL, "/actions/artifacts/")
+			assert.Contains(t, a.ArchiveDownloadURL, "/zip")
+		}
+		assert.ElementsMatch(t, []string{"multi-file-download", "artifact-v4-download"}, names)
+	})
+
+	t.Run("ListRepoArtifactsWithNameFilter", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts?name=multi-file-download", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+
+		res := MakeRequest(t, req, http.StatusOK)
+		var entries []*api.ActionArtifact
+		DecodeJSON(t, res, &entries)
+
+		assert.Equal(t, "1", res.Header().Get("X-Total-Count"))
+		require.Len(t, entries, 1)
+		assert.Equal(t, "multi-file-download", entries[0].Name)
+		// multi-file-download has 2 rows of 1024 bytes each
+		assert.Equal(t, int64(2048), entries[0].SizeInBytes)
+	})
+
+	t.Run("ListRunArtifacts", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/runs/791/artifacts", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+
+		res := MakeRequest(t, req, http.StatusOK)
+		var entries []*api.ActionArtifact
+		DecodeJSON(t, res, &entries)
+
+		// run 791 has only "multi-file-download" (id=1 is pending, not listed)
+		assert.Equal(t, "1", res.Header().Get("X-Total-Count"))
+		require.Len(t, entries, 1)
+		assert.Equal(t, "multi-file-download", entries[0].Name)
+	})
+
+	t.Run("ListRunArtifactsNotFound", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/runs/99999/artifacts", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+}
+
+func TestAPIGetActionArtifact(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+	token := getUserToken(t, user.LowerName, auth_model.AccessTokenScopeReadRepository)
+
+	t.Run("GetV1V3Artifact", func(t *testing.T) {
+		// id=19 is the MIN(id) for "multi-file-download" group
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/19", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+
+		res := MakeRequest(t, req, http.StatusOK)
+		var art api.ActionArtifact
+		DecodeJSON(t, res, &art)
+
+		assert.Equal(t, int64(19), art.ID)
+		assert.Equal(t, "multi-file-download", art.Name)
+		assert.Equal(t, int64(2048), art.SizeInBytes)
+		assert.Equal(t, int64(791), art.RunID)
+		assert.False(t, art.Expired)
+	})
+
+	t.Run("GetV4Artifact", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/22", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+
+		res := MakeRequest(t, req, http.StatusOK)
+		var art api.ActionArtifact
+		DecodeJSON(t, res, &art)
+
+		assert.Equal(t, int64(22), art.ID)
+		assert.Equal(t, "artifact-v4-download", art.Name)
+		assert.Equal(t, int64(1024), art.SizeInBytes)
+		assert.Equal(t, int64(792), art.RunID)
+		assert.False(t, art.Expired)
+	})
+
+	t.Run("GetNonCanonicalID", func(t *testing.T) {
+		// id=20 is part of "multi-file-download" but is NOT the MIN(id), so it should 404
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/20", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+
+	t.Run("GetPendingArtifact", func(t *testing.T) {
+		// id=1 has status=1 (upload pending), should not be accessible
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/1", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+
+	t.Run("GetNonExistent", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/99999", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+
+	t.Run("GetFromWrongRepository", func(t *testing.T) {
+		// artifact id=22 belongs to user5/repo4; requesting it through a repo
+		// the caller can access but that doesn't own the artifact must 404 —
+		// this is the load-bearing check that caller-side RepoID was replaced
+		// by a query-side constraint.
+		otherRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		otherUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: otherRepo.OwnerID})
+		otherToken := getUserToken(t, otherUser.LowerName, auth_model.AccessTokenScopeReadRepository)
+
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/22", otherRepo.OwnerName, otherRepo.Name),
+		)
+		req.AddTokenAuth(otherToken)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+}
+
+func TestAPIActionArtifactsRequireRepoScope(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+	wrongScopeToken := getUserToken(t, user.LowerName, auth_model.AccessTokenScopeReadNotification)
+
+	endpoints := []struct {
+		name string
+		path string
+	}{
+		{"list repo", fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts", repo.OwnerName, repo.Name)},
+		{"list run", fmt.Sprintf("/api/v1/repos/%s/%s/actions/runs/791/artifacts", repo.OwnerName, repo.Name)},
+		{"get", fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/19", repo.OwnerName, repo.Name)},
+		{"download", fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/19/zip", repo.OwnerName, repo.Name)},
+	}
+
+	for _, ep := range endpoints {
+		t.Run(ep.name, func(t *testing.T) {
+			req := NewRequest(t, http.MethodGet, ep.path)
+			req.AddTokenAuth(wrongScopeToken)
+			MakeRequest(t, req, http.StatusForbidden)
+		})
+	}
+}
+
+func TestAPIDownloadActionArtifact(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	tests.PrepareArtifactsStorage(t)
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+	token := getUserToken(t, user.LowerName, auth_model.AccessTokenScopeReadRepository)
+
+	t.Run("DownloadV1V3Artifact", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/19/zip", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+
+		res := MakeRequest(t, req, http.StatusOK)
+		assert.Contains(t, res.Header().Get("Content-Disposition"), "multi-file-download.zip")
+	})
+
+	t.Run("DownloadV4Artifact", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/22/zip", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+
+		res := MakeRequest(t, req, http.StatusOK)
+		assert.Equal(t, "bytes", res.Header().Get("Accept-Ranges"))
+	})
+
+	t.Run("DownloadPendingArtifact", func(t *testing.T) {
+		req := NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/1/zip", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+}
+
+func TestAPIDeleteActionArtifact(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+	t.Run("DeleteRequiresWritePermission", func(t *testing.T) {
+		readToken := getUserToken(t, user.LowerName, auth_model.AccessTokenScopeReadRepository)
+		req := NewRequest(t, http.MethodDelete,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/22", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(readToken)
+		MakeRequest(t, req, http.StatusForbidden)
+	})
+
+	t.Run("DeleteArtifact", func(t *testing.T) {
+		writeToken := getUserToken(t, user.LowerName, auth_model.AccessTokenScopeWriteRepository)
+		req := NewRequest(t, http.MethodDelete,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/22", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(writeToken)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		// Verify the artifact is no longer accessible
+		readToken := getUserToken(t, user.LowerName, auth_model.AccessTokenScopeReadRepository)
+		req = NewRequest(t, http.MethodGet,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/22", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(readToken)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+
+	t.Run("DeleteNonExistent", func(t *testing.T) {
+		writeToken := getUserToken(t, user.LowerName, auth_model.AccessTokenScopeWriteRepository)
+		req := NewRequest(t, http.MethodDelete,
+			fmt.Sprintf("/api/v1/repos/%s/%s/actions/artifacts/99999", repo.OwnerName, repo.Name),
+		)
+		req.AddTokenAuth(writeToken)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+}

From 23b541ce5ac03586fbed9b82d71cc23918d9a1dc Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 21 Apr 2026 01:50:24 +0200
Subject: [PATCH 719/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.9.0 (forgejo) (#12211)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.8.2` → `v12.9.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.9.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.8.2/v12.9.0?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.9.0`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.9.0)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.8.2...v12.9.0)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1488): <!--number 1488 --><!--line 0 --><!--description ZmVhdDogdHJpbSB3aGl0ZXNwYWNlIGFyb3VuZCB0b2tlbiwgdmFsaWRhdGUgaXQ=-->feat: trim whitespace around token, validate it<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1481): <!--number 1481 --><!--line 0 --><!--description Zml4OiBpbnRlcnBvbGF0aW9uIG9mIGB3b3JrZmxvd19jYWxsYCBpbnB1dHM=-->fix: interpolation of `workflow_call` inputs<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1485): <!--number 1485 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTguMCBbU0VDVVJJVFld-->Update module github.com/go-git/go-git/v5 to v5.18.0 \[SECURITY]<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1482): <!--number 1482 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgZ28gdG8gdjEuMjUuOQ==-->Update dependency go to v1.25.9<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1479): <!--number 1479 --><!--line 0 --><!--description VXBkYXRlIGdvLm9wZW50ZWxlbWV0cnkuaW8vb3RlbC9leHBvcnRlcnMvb3RscC9vdGxwdHJhY2Uvb3RscHRyYWNlaHR0cCAoaW5kaXJlY3QpIHRvIHYxLjQzLjAgW1NFQ1VSSVRZXQ==-->Update go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp (indirect) to v1.43.0 \[SECURITY]<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1478): <!--number 1478 --><!--line 0 --><!--description VXBkYXRlIGZvcmdlam8tcnVubmVyIHRvIHYxMi44LjI=-->Update forgejo-runner to v12.8.2<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEzMi4xIiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12211
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 8b27668dfa..7b4bd07614 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.8.2
+	code.forgejo.org/forgejo/runner/v12 v12.9.0
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index e4b26aa113..445acfee2f 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.8.2 h1:jhSs/gQQAz0OiHnSxMx297jreLctfm52/rcXlCFMb58=
-code.forgejo.org/forgejo/runner/v12 v12.8.2/go.mod h1:sgDAYfO4NJI1kUzGuD7klHuoFLQzWmZPw0erg7QlbJU=
+code.forgejo.org/forgejo/runner/v12 v12.9.0 h1:NjON7Io08kHxua/AorPuHQ1KXfx3lF8UjVBMvR7UMQQ=
+code.forgejo.org/forgejo/runner/v12 v12.9.0/go.mod h1:NEQXUvam9ofsTeSTAMnJXMyCZxKLoyQhVG6DAYSpOKw=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=

From 9c4fc72985661ec666b8e49a35609bc939f3fa66 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 21 Apr 2026 02:21:52 +0200
Subject: [PATCH 720/854] Update module connectrpc.com/connect to v1.19.2
 (forgejo) (#12210)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12210
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index 7b4bd07614..33a8152647 100644
--- a/go.mod
+++ b/go.mod
@@ -20,7 +20,7 @@ require (
 	code.superseriousbusiness.org/exif-terminator v0.11.2
 	code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0
 	codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570
-	connectrpc.com/connect v1.19.1
+	connectrpc.com/connect v1.19.2
 	github.com/42wim/httpsig v1.2.3
 	github.com/42wim/sshsig v0.0.0-20250502153856-5100632e8920
 	github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358
diff --git a/go.sum b/go.sum
index 445acfee2f..c88371b4f5 100644
--- a/go.sum
+++ b/go.sum
@@ -54,8 +54,8 @@ code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0 h1:I512jiIeXDC4//
 code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0/go.mod h1:SNHomXNW88o1pFfLHpD4KsCZLfcr4z5dm+xcX5SV10A=
 codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570 h1:TXbikPqa7YRtfU9vS6QJBg77pUvbEb6StRdZO8t1bEY=
 codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570/go.mod h1:IIAjsijsd8q1isWX8MACefDEgTQslQ4stk2AeeTt3kM=
-connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
-connectrpc.com/connect v1.19.1/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
+connectrpc.com/connect v1.19.2 h1:McQ83FGdzL+t60peksi0gXC7MQ/iLKgLduAnThbM0mo=
+connectrpc.com/connect v1.19.2/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 filippo.io/edwards25519 v1.1.1 h1:YpjwWWlNmGIDyXOn8zLzqiD+9TyIlPhGFG96P39uBpw=
 filippo.io/edwards25519 v1.1.1/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=

From 33d6ecfca667f51c99ef1b9a6fe2ff70cbc19a02 Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Tue, 21 Apr 2026 19:13:56 +0200
Subject: [PATCH 721/854] fix(ui): allow creating files with name starting with
 dash (#12214)

Closes: #12204

The underlying git option was already changed in git 2.0.0 to use format `<mode>,<object>,<path>`. See https://github.com/git/git/commit/ec160ae12b0ae938ed5076b9f604e88976fc429c.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12214
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
---
 services/repository/files/temp_repo.go      |  2 +-
 services/repository/files/temp_repo_test.go | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/services/repository/files/temp_repo.go b/services/repository/files/temp_repo.go
index 17a8467e01..d10689b1fc 100644
--- a/services/repository/files/temp_repo.go
+++ b/services/repository/files/temp_repo.go
@@ -189,7 +189,7 @@ func (t *TemporaryUploadRepository) HashObject(content io.Reader) (string, error
 
 // AddObjectToIndex adds the provided object hash to the index with the provided mode and path
 func (t *TemporaryUploadRepository) AddObjectToIndex(mode, objectHash, objectPath string) error {
-	if _, _, err := git.NewCommand(t.ctx, "update-index", "--add", "--replace", "--cacheinfo").AddDynamicArguments(mode, objectHash, objectPath).RunStdString(&git.RunOpts{Dir: t.basePath}); err != nil {
+	if _, _, err := git.NewCommand(t.ctx, "update-index", "--add", "--replace", "--cacheinfo").AddDynamicArguments(mode + "," + objectHash + "," + objectPath).RunStdString(&git.RunOpts{Dir: t.basePath}); err != nil {
 		stderr := err.Error()
 		if matched, _ := regexp.MatchString(".*Invalid path '.*", stderr); matched {
 			return models.ErrFilePathInvalid{
diff --git a/services/repository/files/temp_repo_test.go b/services/repository/files/temp_repo_test.go
index 852e762267..ac63dc677e 100644
--- a/services/repository/files/temp_repo_test.go
+++ b/services/repository/files/temp_repo_test.go
@@ -14,7 +14,7 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestRemoveFilesFromIndexSha256(t *testing.T) {
+func TestTemporaryUploadRepositoryRemoveFilesFromIndexSha256(t *testing.T) {
 	if git.CheckGitVersionAtLeast("2.42") != nil {
 		t.Skip("skipping because installed Git version doesn't support SHA256")
 	}
@@ -26,3 +26,13 @@ func TestRemoveFilesFromIndexSha256(t *testing.T) {
 	require.NoError(t, temp.Init("sha256"))
 	require.NoError(t, temp.RemoveFilesFromIndex("README.md"))
 }
+
+func TestTemporaryUploadRepositoryAddObjectToIndex(t *testing.T) {
+	unittest.PrepareTestEnv(t)
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+
+	temp, err := NewTemporaryUploadRepository(db.DefaultContext, repo)
+	require.NoError(t, err)
+	require.NoError(t, temp.Init("sha1"))
+	require.NoError(t, temp.AddObjectToIndex("100644", "e69de29bb2d1d6434b8b29ae775ad8c2e48c5391", "--test"))
+}

From 0034e55965262692f127d53a74fc176a37f0ef46 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Tue, 21 Apr 2026 19:39:33 +0200
Subject: [PATCH 722/854] chore: unify signing key configuration across modules
 (#11194)

## Context

the three commits in this series are the first step towards the goal of removing the special casing around `JWT_SECRET`, which is used for various modules via `GetGeneralTokenSigningSecret()`. Ultimately, I want to work towards enabling seamless migration away from general use of the common secret. To enable this, we need proper secret/key rotation support, that is, we need to allow for configuration of additional secrets/keys which are accepted for token validation, but not used to issue tokens.

I have this _Verifier_ support basically implemented, but this PR is not it.

This PR contains cleanup refactoring which I worked on before writing the _Verifier_ support, because I noticed that the existing secret/key handling across modules was inconsistent and required duplicated code.

I am submitting this part now to allow for incremental review of not too large a diff, and because these commits remained unchanged during two weeks since I moved on the the next task.

## The problem being addressed

Configuration of JWT signing secrets/keys was inconsistent:

Under `[oauth2]` the full configuration set was supported:

- `JWT_SIGNING_ALGORITHM` configured the algorithm
- `JWT_SECRET` configured a literal secret for symmetric algorithms
- `JWT_SECRET_URI` configured a `file:` uri of a secret for symmetric algorithms
- `JWT_SIGNING_PRIVATE_KEY_FILE` configured a file for asymmetric algorithms

For `[server]`, the LFS module only supported `LFS_JWT_SECRET`, and the signing method was hardcoded to `HS256`

For `[actions]`, only asymmetric signing methods were supported via `ID_TOKEN_SIGNING_ALGORITHM` and `ID_TOKEN_SIGNING_PRIVATE_KEY_FILE`.

## ini unification

The proposed code centralizes ini parsing to always support the following ini keys:

- `[pfx]SIGNING_ALGORITHM` determines the algorithm
- `[pfx]SECRET` is a literal secret for symmetric algorithms
- `[pfx]SECRET_URI` is the uri of a secret for symmetric algorithms
- `[pfx]SIGNING_PRIVATE_KEY_FILE` is a file with a private key for asymmetric algorithms

`[pfx]` is specific to the module and chosen to support the existing ini keys

Centralizing this code and unifying the ini keys will come handy for at least the following reasons:

- consistent behavior across modules is easier to understand
- less duplicated code
- easier to expand later, which is my main motivation

## implementation notes

as might be apparent by the _take3_ branch name, this is the third iteration of this patch series. The main reason why I abandoned the other two is that I first tried to move all the key initialization into the code called from settings.go when the ini file is parsed. But that lead to a lot of friction with test cases, because private key files which are configured, but do not exist will get created and hence require a writable `AppDataPath` and additional clean up.

To avoid a lot of noise and complications in test cases, I kept the existing two stage process, where

- the settings component creates missing symmetric signing keys and writes them to the .ini
- the settings component creates a simple configuration struct
- which is then used from the module init to create the actual key, which also includes creating a private key file if asymmetric crypto is configured and the key file does not exist.

I would have wished this patch was a net negative in terms of LOCs, but I hope it contributes to clarity and many added lines are in test cases.

## Commits

Because sometimes PRs are merged as squashes with the PR text remaining, I am repeating here the individual messages of the individual commits for future reference:

### Refactor signing key initalization and oauth2 use of it

This commit is the first in a series towards the goal of addressing the
FIXME comment in modules/setting/oauth2.go to remove
GeneralTokenSigningSecret

To do it properly, the task also requires addition of signing secret/key
rotation: We ultimately want to be able to change a signing key, but
continue to accept the previous one. This is particularly relevant to
offer a path from GeneralTokenSigningSecret aka JWT_SECRET to new,
specific component key configuration, where it should be possible to add
the former JWT_SECRET as a key accepted for verification to enable a
seamless transition.

This perspective, in turn, calls for refactoring of the existing secret
initialization code to centralize the common functions of parsing
signing key related configuration directives: The oauth2 module
currently is the only component accepting symmetric and asymmetric keys,
with the limitation of the symmetric key being also the
GeneralTokenSigningSecret. Other components either enforce HS256 or
public key algorithms.

We should really give the choice of algorithm selection and avoid code
duplication in other places, so this commit

- generalizes setting parsing into a configuration struct: A prefix can
  be provided, with which the common configuration directives are
  processed:

  - [pfx]SIGNING_ALGORITHM determines the algorithm
  - [pfx]SECRET is a literal secret for symmetric algorithms
  - [pfx]SECRET_URI is the uri of a secret for symmetric algorithms
  - [pfx]SIGNING_PRIVATE_KEY_FILE is a file with a private key for asymmetric algorithms

- which is then accepted by jwtx.InitSigningKey() to create an actual
  signing key

The reasons for the two stage process are explained in a long-ish
comment in modules/setting/security.go. In short, other options would
either violate sensible module boundaries or cause too much friction.
These other options have actually been tried, this is take 3 of the
proposed changes.

### Refactor services/lfs: Change token code to use SigningKey

This now also enables use of token algorithms other than HS256.

In this case, signing key initialization also happens during settings
initialization, because LFS is also used in CLI commands.

### Refactor api/actions to use new signingkey API

This now also enables use of symmetric token algorithms.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11194
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
---
 cmd/serv.go                         |   3 +-
 custom/conf/app.example.ini         |   6 +-
 modules/generate/generate.go        |   2 +-
 modules/jwtx/signingkey.go          |  65 ++++++-----
 modules/jwtx/signingkey_test.go     | 104 +++++++++++------
 modules/setting/actions.go          |  27 ++---
 modules/setting/actions_test.go     |  34 ++++--
 modules/setting/lfs.go              |  26 ++---
 modules/setting/oauth2.go           |  37 +++---
 modules/setting/security.go         | 173 ++++++++++++++++++++++++++--
 modules/storage/storage.go          |   1 +
 release-notes/11194.md              |   1 +
 routers/api/actions/oidc.go         |   4 +-
 services/auth/source/oauth2/init.go |   2 +-
 services/lfs/server.go              |   5 +-
 services/lfs/server_test.go         |  38 +++++-
 services/repository/lfs_test.go     |  18 ++-
 17 files changed, 389 insertions(+), 157 deletions(-)
 create mode 100644 release-notes/11194.md

diff --git a/cmd/serv.go b/cmd/serv.go
index 0e0551d297..3a92b0e5fb 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -290,10 +290,9 @@ func runServ(ctx context.Context, c *cli.Command) error {
 			Op:     lfsVerb,
 			UserID: results.UserID,
 		}
-		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 
 		// Sign and get the complete encoded token as a string using the secret
-		tokenString, err := token.SignedString(setting.LFS.JWTSecretBytes)
+		tokenString, err := setting.LFS.SigningKey.JWT(claims)
 		if err != nil {
 			return fail(ctx, "Failed to sign JWT Token", "Failed to sign JWT token: %v", err)
 		}
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index b0f6bd3d44..7a85d1e7ae 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -313,6 +313,9 @@ RUN_USER = ; git
 ;LFS_START_SERVER = false
 ;;
 ;;
+;; see JWT_* under [oauth2]
+;LFS_JWT_SIGNING_ALGORITHM = HS256
+;LFS_JWT_SIGNING_PRIVATE_KEY_FILE = jwt/lfs_private.pem
 ;; LFS authentication secret, change this yourself
 ;LFS_JWT_SECRET =
 ;;
@@ -544,6 +547,7 @@ ENABLED = true
 ;; Private key file path used to sign OAuth2 tokens. The path is relative to APP_DATA_PATH.
 ;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to RS256, RS384, RS512, ES256, ES384 or ES512.
 ;; The file must contain a RSA or ECDSA private key in the PKCS8 format. If no key exists a 4096 bit key will be created for you.
+;; XXX jwt/ is a misnomer, it should rather be oauth2/, because we use many JWTs
 ;JWT_SIGNING_PRIVATE_KEY_FILE = jwt/private.pem
 ;;
 ;; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://forgejo.org/docs/latest/admin/command-line/#generate-secret
@@ -2790,7 +2794,7 @@ LEVEL = Info
 ;; server and database workload due to more complex database queries and more frequent server task querying; this
 ;; feature can be disabled to reduce performance impact
 ;CONCURRENCY_GROUP_QUEUE_ENABLED = true
-;; Algorithm used to sign ID tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA.
+;; Algorithm used to sign ID tokens. Valid values: RS256, RS384, RS512, ES256, ES384, ES512, EdDSA.
 ;; RS256 will ensure compatibility with all relying parties.
 ;; If a different algorithm is chosen, verify that relying parties of interest support the signing algorithm.
 ;ID_TOKEN_SIGNING_ALGORITHM = RS256
diff --git a/modules/generate/generate.go b/modules/generate/generate.go
index 2df808fe9e..0dd5d071de 100644
--- a/modules/generate/generate.go
+++ b/modules/generate/generate.go
@@ -37,7 +37,7 @@ func DecodeJwtSecret(src string) ([]byte, error) {
 	encoding := base64.RawURLEncoding
 	decoded := make([]byte, encoding.DecodedLen(len(src))+3)
 	if n, err := encoding.Decode(decoded, []byte(src)); err != nil {
-		return nil, err
+		return nil, fmt.Errorf("JwtSecret decode failed: %v", err)
 	} else if n != defaultJwtSecretLen {
 		return nil, fmt.Errorf("invalid base64 decoded length: %d, expects: %d", n, defaultJwtSecretLen)
 	}
diff --git a/modules/jwtx/signingkey.go b/modules/jwtx/signingkey.go
index 2aef70440d..be1115cb15 100644
--- a/modules/jwtx/signingkey.go
+++ b/modules/jwtx/signingkey.go
@@ -25,6 +25,20 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 )
 
+// The ...KeyCfg types are only used for handover from setting to signingkey
+// see comment in setting/security.go
+
+type SigningKeyCfg struct {
+	Algorithm      string
+	SecretBytes    *[]byte
+	PrivateKeyPath *string
+}
+
+type KeyCfg struct {
+	Signing *SigningKeyCfg
+	// more later
+}
+
 // ErrInvalidAlgorithmType represents an invalid algorithm error.
 type ErrInvalidAlgorithmType struct {
 	Algorithm string
@@ -399,50 +413,39 @@ func loadOrCreateAsymmetricKey(keyPath, algorithm string) (any, error) {
 	return loadAsymmetricKey(keyPath)
 }
 
-// InitSigningKey creates a signing key from settings or creates a random key.
-func InitSigningKey(getGeneralTokenSigningSecret func() []byte, keyPath, algorithm string) (SigningKey, error) {
+// InitSigningKey creates a signing key from SigningKeyCfg
+// cfgP is set to nil to mark that is has been processed
+func InitSigningKey(cfgP **SigningKeyCfg) (SigningKey, error) {
+	cfg := *cfgP
+	*cfgP = nil
 	var err error
 	var key SigningKey
 
-	key, err = InitSymmetricSigningKey(getGeneralTokenSigningSecret, algorithm)
-	if err != nil {
-		key, err = InitAsymmetricSigningKey(keyPath, algorithm)
-		if err != nil {
-			return nil, err
-		}
+	if IsValidSymmetricAlgorithm(cfg.Algorithm) {
+		key, err = CreateSigningKey(cfg.Algorithm, *cfg.SecretBytes)
+	} else if IsValidAsymmetricAlgorithm(cfg.Algorithm) {
+		key, err = InitAsymmetricSigningKey(*cfg.PrivateKeyPath, cfg.Algorithm)
+	} else {
+		// should never happen, setting.loadSigningKeyCfg() ensures
+		err = ErrInvalidAlgorithmType{Algorithm: cfg.Algorithm}
 	}
 
-	return key, nil
+	return key, err
 }
 
+var (
+	ValidSymmetricAlgorighms  = []string{"HS256", "HS384", "HS512"}
+	ValidAsymmetricAlgorithms = []string{"RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "EdDSA"}
+)
+
 // IsValidSymmetricAlgorithm checks if the passed in algorithm is a supported symettric algorithm.
 func IsValidSymmetricAlgorithm(algorithm string) bool {
-	validAlgs := []string{"HS256", "HS384", "HS512"}
-
-	return slices.Contains(validAlgs, algorithm)
-}
-
-// InitSymmetricSigningKey creates a symmetric signing key from settings.
-func InitSymmetricSigningKey(getGeneralTokenSigningSecret func() []byte, algorithm string) (SigningKey, error) {
-	var err error
-
-	if !IsValidSymmetricAlgorithm(algorithm) {
-		return nil, fmt.Errorf("invalid algorithm: %s", algorithm)
-	}
-
-	signingKey, err := CreateSigningKey(algorithm, getGeneralTokenSigningSecret())
-	if err != nil {
-		return nil, err
-	}
-
-	return signingKey, nil
+	return slices.Contains(ValidSymmetricAlgorighms, algorithm)
 }
 
 // IsValidAsymmetricAlgorithm checks if the passed in algorithm is a supported asymmetric algorithm.
 func IsValidAsymmetricAlgorithm(algorithm string) bool {
-	validAlgs := []string{"RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "EdDSA"}
-
-	return slices.Contains(validAlgs, algorithm)
+	return slices.Contains(ValidAsymmetricAlgorithms, algorithm)
 }
 
 // InitAsymmetricSigningKey creates an asymmetric signing key from settings or creates a random key.
diff --git a/modules/jwtx/signingkey_test.go b/modules/jwtx/signingkey_test.go
index eb30473cad..96f6613b84 100644
--- a/modules/jwtx/signingkey_test.go
+++ b/modules/jwtx/signingkey_test.go
@@ -18,6 +18,36 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+func testSignVerify(t *testing.T, signKey, verifyKey SigningKey) {
+	t.Helper()
+	// test sign and verify
+	claimsIn := jwt.RegisteredClaims{
+		Issuer: "abc",
+		ID:     "0815",
+	}
+	token, err := signKey.JWT(claimsIn)
+	require.NoError(t, err)
+	require.NotEmpty(t, token)
+
+	var claimsOut jwt.RegisteredClaims
+	parsed, err := jwt.ParseWithClaims(token, &claimsOut, func(valToken *jwt.Token) (any, error) {
+		assert.NotNil(t, valToken.Method)
+		assert.Equal(t, signKey.SigningMethod().Alg(), valToken.Method.Alg())
+		assert.Equal(t, verifyKey.SigningMethod().Alg(), valToken.Method.Alg())
+		kid, ok := valToken.Header["kid"]
+		assert.True(t, ok)
+		assert.NotNil(t, kid)
+
+		return verifyKey.VerifyKey(), nil
+	})
+	require.NoError(t, err)
+	assert.NotNil(t, parsed)
+	assert.Equal(t, claimsIn, claimsOut)
+	assert.Equal(t, &claimsIn, parsed.Claims)
+}
+
+// creates private key
+// loads it back from the file
 func TestLoadOrCreateAsymmetricKey(t *testing.T) {
 	loadKey := func(t *testing.T, keyPath, algorithm string) any {
 		t.Helper()
@@ -35,6 +65,21 @@ func TestLoadOrCreateAsymmetricKey(t *testing.T) {
 
 		return parsedKey
 	}
+	useKey := func(t *testing.T, keyPath, algorithm string) {
+		t.Helper()
+		// duplicates loadKey() to some extent, but uses SigningKey
+		cfg := &SigningKeyCfg{
+			Algorithm:      algorithm,
+			PrivateKeyPath: &keyPath,
+		}
+
+		key, err := InitSigningKey(&cfg)
+		require.NoError(t, err)
+		assert.NotNil(t, key)
+		assert.Nil(t, cfg)
+
+		testSignVerify(t, key, key)
+	}
 	t.Run("RSA-2048", func(t *testing.T) {
 		keyPath := filepath.Join(t.TempDir(), "jwt-rsa-2048.priv")
 		algorithm := "RS256"
@@ -43,6 +88,9 @@ func TestLoadOrCreateAsymmetricKey(t *testing.T) {
 
 		rsaPrivateKey := parsedKey.(*rsa.PrivateKey)
 		assert.Equal(t, 2048, rsaPrivateKey.N.BitLen())
+		t.Run("Use", func(t *testing.T) {
+			useKey(t, keyPath, algorithm)
+		})
 
 		t.Run("Load key with differ specified algorithm", func(t *testing.T) {
 			algorithm = "EdDSA"
@@ -61,6 +109,9 @@ func TestLoadOrCreateAsymmetricKey(t *testing.T) {
 
 		rsaPrivateKey := parsedKey.(*rsa.PrivateKey)
 		assert.Equal(t, 3072, rsaPrivateKey.N.BitLen())
+		t.Run("Use", func(t *testing.T) {
+			useKey(t, keyPath, algorithm)
+		})
 	})
 
 	t.Run("RSA-4096", func(t *testing.T) {
@@ -71,6 +122,9 @@ func TestLoadOrCreateAsymmetricKey(t *testing.T) {
 
 		rsaPrivateKey := parsedKey.(*rsa.PrivateKey)
 		assert.Equal(t, 4096, rsaPrivateKey.N.BitLen())
+		t.Run("Use", func(t *testing.T) {
+			useKey(t, keyPath, algorithm)
+		})
 	})
 
 	t.Run("ECDSA-256", func(t *testing.T) {
@@ -81,6 +135,9 @@ func TestLoadOrCreateAsymmetricKey(t *testing.T) {
 
 		ecdsaPrivateKey := parsedKey.(*ecdsa.PrivateKey)
 		assert.Equal(t, 256, ecdsaPrivateKey.Params().BitSize)
+		t.Run("Use", func(t *testing.T) {
+			useKey(t, keyPath, algorithm)
+		})
 	})
 
 	t.Run("ECDSA-384", func(t *testing.T) {
@@ -91,6 +148,9 @@ func TestLoadOrCreateAsymmetricKey(t *testing.T) {
 
 		ecdsaPrivateKey := parsedKey.(*ecdsa.PrivateKey)
 		assert.Equal(t, 384, ecdsaPrivateKey.Params().BitSize)
+		t.Run("Use", func(t *testing.T) {
+			useKey(t, keyPath, algorithm)
+		})
 	})
 
 	t.Run("ECDSA-512", func(t *testing.T) {
@@ -101,6 +161,9 @@ func TestLoadOrCreateAsymmetricKey(t *testing.T) {
 
 		ecdsaPrivateKey := parsedKey.(*ecdsa.PrivateKey)
 		assert.Equal(t, 521, ecdsaPrivateKey.Params().BitSize)
+		t.Run("Use", func(t *testing.T) {
+			useKey(t, keyPath, algorithm)
+		})
 	})
 
 	t.Run("EdDSA", func(t *testing.T) {
@@ -110,47 +173,12 @@ func TestLoadOrCreateAsymmetricKey(t *testing.T) {
 		parsedKey := loadKey(t, keyPath, algorithm)
 
 		assert.NotNil(t, parsedKey.(ed25519.PrivateKey))
+		t.Run("Use", func(t *testing.T) {
+			useKey(t, keyPath, algorithm)
+		})
 	})
 }
 
-type testClaims struct {
-	Foo string `json:"Foo"`
-	jwt.RegisteredClaims
-}
-
-func TestJWTHasKid(t *testing.T) {
-	keyPath := filepath.Join(t.TempDir(), "jwt-rsa-2048.priv")
-	algorithm := "RS256"
-	key, err := InitAsymmetricSigningKey(keyPath, algorithm)
-	require.NoError(t, err)
-
-	claimsIn := testClaims{
-		Foo:              "bar",
-		RegisteredClaims: jwt.RegisteredClaims{},
-	}
-	token, err := key.JWT(&claimsIn)
-	require.NoError(t, err)
-
-	var claimsOut testClaims
-	parsed, err := jwt.ParseWithClaims(token, &claimsOut, func(valToken *jwt.Token) (any, error) {
-		assert.NotNil(t, valToken.Method)
-		assert.Equal(t, key.SigningMethod().Alg(), valToken.Method.Alg())
-		kid, ok := valToken.Header["kid"]
-		assert.True(t, ok)
-		assert.NotNil(t, kid)
-
-		return key.VerifyKey(), nil
-	})
-	require.NoError(t, err)
-	assert.NotNil(t, parsed)
-	assert.Equal(t, "bar", parsed.Claims.(*testClaims).Foo)
-	assert.Equal(t, "bar", claimsOut.Foo)
-	// dup to keyFunc above
-	kid, ok := parsed.Header["kid"]
-	assert.True(t, ok)
-	assert.NotNil(t, kid)
-}
-
 func TestCannotCreatePrivateKey(t *testing.T) {
 	_, err := InitAsymmetricSigningKey("/dev/directory-does-not-exist-and-you-should-not-have-permission-to-create/privatekey.pem", "RS256")
 	require.Error(t, err)
diff --git a/modules/setting/actions.go b/modules/setting/actions.go
index 2e0554195f..930e0d0bed 100644
--- a/modules/setting/actions.go
+++ b/modules/setting/actions.go
@@ -5,7 +5,6 @@ package setting
 
 import (
 	"fmt"
-	"path/filepath"
 	"strings"
 	"time"
 
@@ -28,17 +27,15 @@ var (
 		SkipWorkflowStrings          []string          `ini:"SKIP_WORKFLOW_STRINGS"`
 		LimitDispatchInputs          int64             `ini:"LIMIT_DISPATCH_INPUTS"`
 		ConcurrencyGroupQueueEnabled bool              `ini:"CONCURRENCY_GROUP_QUEUE_ENABLED"`
-		IDTokenSigningAlgorithm      idTokenAlgorithm  `ini:"ID_TOKEN_SIGNING_ALGORITHM"`
-		IDTokenSigningPrivateKeyFile string            `ini:"ID_TOKEN_SIGNING_PRIVATE_KEY_FILE"`
 		IDTokenExpirationTime        int64             `ini:"ID_TOKEN_EXPIRATION_TIME"`
+
+		KeyCfg *jwtx.KeyCfg
 	}{
 		Enabled:                      true,
 		DefaultActionsURL:            defaultActionsURLForgejo,
 		SkipWorkflowStrings:          []string{"[skip ci]", "[ci skip]", "[no ci]", "[skip actions]", "[actions skip]"},
 		LimitDispatchInputs:          100,
 		ConcurrencyGroupQueueEnabled: true,
-		IDTokenSigningAlgorithm:      "RS256",
-		IDTokenSigningPrivateKeyFile: "actions_id_token/private.pem",
 		IDTokenExpirationTime:        3600,
 	}
 )
@@ -76,15 +73,9 @@ func (c logCompression) IsZstd() bool {
 	return c == "" || strings.ToLower(string(c)) == "zstd"
 }
 
-type idTokenAlgorithm string
-
-func (c idTokenAlgorithm) IsValid() bool {
-	// Empty string implies RS256
-	return jwtx.IsValidAsymmetricAlgorithm(string(c)) || string(c) == ""
-}
-
 func loadActionsFrom(rootCfg ConfigProvider) error {
-	sec := rootCfg.Section("actions")
+	secName := "actions"
+	sec := rootCfg.Section(secName)
 	err := sec.MapTo(&Actions)
 	if err != nil {
 		return fmt.Errorf("failed to map Actions settings: %v", err)
@@ -120,13 +111,9 @@ func loadActionsFrom(rootCfg ConfigProvider) error {
 		return fmt.Errorf("invalid [actions] LOG_COMPRESSION: %q", Actions.LogCompression)
 	}
 
-	if !Actions.IDTokenSigningAlgorithm.IsValid() {
-		return fmt.Errorf("invalid [actions] ID_TOKEN_SIGNING_ALGORITHM: %q", Actions.IDTokenSigningAlgorithm)
+	Actions.KeyCfg, err = loadKeyCfg(rootCfg, secName, "ID_TOKEN_", "RS256", "actions_id_token/private.pem", onlyAsymmetric())
+	if err != nil {
+		return err
 	}
-
-	if !filepath.IsAbs(Actions.IDTokenSigningPrivateKeyFile) {
-		Actions.IDTokenSigningPrivateKeyFile = filepath.Join(AppDataPath, Actions.IDTokenSigningPrivateKeyFile)
-	}
-
 	return nil
 }
diff --git a/modules/setting/actions_test.go b/modules/setting/actions_test.go
index 7d32131d32..1bbd4d0251 100644
--- a/modules/setting/actions_test.go
+++ b/modules/setting/actions_test.go
@@ -4,7 +4,6 @@
 package setting
 
 import (
-	"fmt"
 	"path/filepath"
 	"testing"
 
@@ -176,8 +175,8 @@ func Test_getIDTokenSettingsForActions(t *testing.T) {
 	require.NoError(t, err)
 	require.NoError(t, loadActionsFrom(cfg))
 
-	assert.EqualValues(t, "RS256", Actions.IDTokenSigningAlgorithm)
-	assert.Equal(t, "/home/app/data/actions_id_token/private.pem", Actions.IDTokenSigningPrivateKeyFile)
+	assert.Equal(t, "RS256", Actions.KeyCfg.Signing.Algorithm)
+	assert.Equal(t, "/home/app/data/actions_id_token/private.pem", *Actions.KeyCfg.Signing.PrivateKeyPath)
 	assert.EqualValues(t, 3600, Actions.IDTokenExpirationTime)
 
 	iniStr = `
@@ -190,8 +189,8 @@ func Test_getIDTokenSettingsForActions(t *testing.T) {
 	require.NoError(t, err)
 	require.NoError(t, loadActionsFrom(cfg))
 
-	assert.EqualValues(t, "ES256", Actions.IDTokenSigningAlgorithm)
-	assert.Equal(t, "/test/test.pem", Actions.IDTokenSigningPrivateKeyFile)
+	assert.Equal(t, "ES256", Actions.KeyCfg.Signing.Algorithm)
+	assert.Equal(t, "/test/test.pem", *Actions.KeyCfg.Signing.PrivateKeyPath)
 	assert.EqualValues(t, 120, Actions.IDTokenExpirationTime)
 
 	iniStr = `
@@ -204,8 +203,8 @@ func Test_getIDTokenSettingsForActions(t *testing.T) {
 	require.NoError(t, err)
 	require.NoError(t, loadActionsFrom(cfg))
 
-	assert.EqualValues(t, "EdDSA", Actions.IDTokenSigningAlgorithm)
-	assert.Equal(t, "/home/app/data/test/test.pem", Actions.IDTokenSigningPrivateKeyFile)
+	assert.Equal(t, "EdDSA", Actions.KeyCfg.Signing.Algorithm)
+	assert.Equal(t, "/home/app/data/test/test.pem", *Actions.KeyCfg.Signing.PrivateKeyPath)
 	assert.EqualValues(t, 123, Actions.IDTokenExpirationTime)
 
 	iniStr = `
@@ -215,6 +214,23 @@ func Test_getIDTokenSettingsForActions(t *testing.T) {
 	cfg, err = NewConfigProviderFromData(iniStr)
 	require.NoError(t, err)
 	err = loadActionsFrom(cfg)
-	require.ErrorContains(t, err,
-		fmt.Sprintf("invalid [actions] ID_TOKEN_SIGNING_ALGORITHM: %q", Actions.IDTokenSigningAlgorithm))
+	require.ErrorContains(t, err, "[actions] Unexpected algorithm: ID_TOKEN_SIGNING_ALGORITHM = HS256, needs to be one of [RS256 RS384 RS512 ES256 ES384 ES512 EdDSA]")
+
+	iniStr = `
+  [actions]
+	ID_TOKEN_SECRET = ABC
+	`
+	cfg, err = NewConfigProviderFromData(iniStr)
+	require.NoError(t, err)
+	err = loadActionsFrom(cfg)
+	require.ErrorContains(t, err, "[actions] Invalid config key: ID_TOKEN_SECRET - must be removed")
+
+	iniStr = `
+  [actions]
+	ID_TOKEN_SECRET_URI = ABC
+	`
+	cfg, err = NewConfigProviderFromData(iniStr)
+	require.NoError(t, err)
+	err = loadActionsFrom(cfg)
+	require.ErrorContains(t, err, "[actions] Invalid config key: ID_TOKEN_SECRET_URI - must be removed")
 }
diff --git a/modules/setting/lfs.go b/modules/setting/lfs.go
index 452bfae737..12f90cd092 100644
--- a/modules/setting/lfs.go
+++ b/modules/setting/lfs.go
@@ -7,7 +7,7 @@ import (
 	"fmt"
 	"time"
 
-	"forgejo.org/modules/generate"
+	"forgejo.org/modules/jwtx"
 )
 
 // LFS represents the server-side configuration for Git LFS.
@@ -16,13 +16,13 @@ import (
 // Could be refactored in the future while keeping backwards compatibility.
 var LFS = struct {
 	StartServer    bool          `ini:"LFS_START_SERVER"`
-	JWTSecretBytes []byte        `ini:"-"`
 	HTTPAuthExpiry time.Duration `ini:"LFS_HTTP_AUTH_EXPIRY"`
 	MaxFileSize    int64         `ini:"LFS_MAX_FILE_SIZE"`
 	LocksPagingNum int           `ini:"LFS_LOCKS_PAGING_NUM"`
 	MaxBatchSize   int           `ini:"LFS_MAX_BATCH_SIZE"`
 
-	Storage *Storage
+	SigningKey jwtx.SigningKey
+	Storage    *Storage
 }{}
 
 // LFSClient represents configuration for Gitea's LFS clients, for example: mirroring upstream Git LFS
@@ -77,20 +77,14 @@ func loadLFSFrom(rootCfg ConfigProvider) error {
 		return nil
 	}
 
-	jwtSecretBase64 := loadSecret(rootCfg.Section("server"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET")
-	LFS.JWTSecretBytes, err = generate.DecodeJwtSecret(jwtSecretBase64)
-	if err != nil {
-		LFS.JWTSecretBytes, jwtSecretBase64 = generate.NewJwtSecret()
-
-		// Save secret
-		saveCfg, err := rootCfg.PrepareSaving()
-		if err != nil {
-			return fmt.Errorf("error saving JWT Secret for custom config: %v", err)
+	// TODO: #11024 check nil because settings loaded twice
+	if LFS.SigningKey == nil {
+		keyCfg, err := loadKeyCfg(rootCfg, "server", "LFS_JWT_", "HS256", "lfs/private.pem")
+		if err == nil {
+			LFS.SigningKey, err = jwtx.InitSigningKey(&keyCfg.Signing)
 		}
-		rootCfg.Section("server").Key("LFS_JWT_SECRET").SetValue(jwtSecretBase64)
-		saveCfg.Section("server").Key("LFS_JWT_SECRET").SetValue(jwtSecretBase64)
-		if err := saveCfg.Save(); err != nil {
-			return fmt.Errorf("error saving JWT Secret for custom config: %v", err)
+		if err != nil {
+			return fmt.Errorf("lfs key initialization failed: %v", err)
 		}
 	}
 
diff --git a/modules/setting/oauth2.go b/modules/setting/oauth2.go
index 9e95e1c6a9..8598b7b24d 100644
--- a/modules/setting/oauth2.go
+++ b/modules/setting/oauth2.go
@@ -5,10 +5,10 @@ package setting
 
 import (
 	"math"
-	"path/filepath"
 	"sync/atomic"
 
 	"forgejo.org/modules/generate"
+	"forgejo.org/modules/jwtx"
 	"forgejo.org/modules/log"
 )
 
@@ -96,18 +96,15 @@ var OAuth2 = struct {
 	AccessTokenExpirationTime   int64
 	RefreshTokenExpirationTime  int64
 	InvalidateRefreshTokens     bool
-	JWTSigningAlgorithm         string `ini:"JWT_SIGNING_ALGORITHM"`
-	JWTSigningPrivateKeyFile    string `ini:"JWT_SIGNING_PRIVATE_KEY_FILE"`
 	MaxTokenLength              int
 	DefaultApplications         []string
 	EnableAdditionalGrantScopes bool
+	KeyCfg                      *jwtx.KeyCfg
 }{
 	Enabled:                     true,
 	AccessTokenExpirationTime:   3600,
 	RefreshTokenExpirationTime:  730,
 	InvalidateRefreshTokens:     true,
-	JWTSigningAlgorithm:         "RS256",
-	JWTSigningPrivateKeyFile:    "jwt/private.pem",
 	MaxTokenLength:              math.MaxInt16,
 	DefaultApplications:         []string{"git-credential-oauth", "git-credential-manager", "tea"},
 	EnableAdditionalGrantScopes: false,
@@ -126,30 +123,26 @@ func loadOAuth2From(rootCfg ConfigProvider) {
 		OAuth2.Enabled = sec.Key("ENABLE").MustBool(OAuth2.Enabled)
 	}
 
-	if !filepath.IsAbs(OAuth2.JWTSigningPrivateKeyFile) {
-		OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile)
-	}
-
 	// FIXME: at the moment, no matter oauth2 is enabled or not, it must generate a "oauth2 JWT_SECRET"
 	// Because this secret is also used as GeneralTokenSigningSecret (as a quick not-that-breaking fix for some legacy problems).
 	// Including: CSRF token, account validation token, etc ...
 	// In main branch, the signing token should be refactored (eg: one unique for LFS/OAuth2/etc ...)
-	jwtSecretBase64 := loadSecret(sec, "JWT_SECRET_URI", "JWT_SECRET")
 	if InstallLock {
-		jwtSecretBytes, err := generate.DecodeJwtSecret(jwtSecretBase64)
+		signingKey, err := loadSymmeticSigningKeyCfg(rootCfg, sec, "JWT_")
 		if err != nil {
-			jwtSecretBytes, jwtSecretBase64 = generate.NewJwtSecret()
-			saveCfg, err := rootCfg.PrepareSaving()
-			if err != nil {
-				log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
-			}
-			rootCfg.Section("oauth2").Key("JWT_SECRET").SetValue(jwtSecretBase64)
-			saveCfg.Section("oauth2").Key("JWT_SECRET").SetValue(jwtSecretBase64)
-			if err := saveCfg.Save(); err != nil {
-				log.Fatal("save oauth2.JWT_SECRET failed: %v", err)
-			}
+			log.Fatal("%v", err)
 		}
-		generalSigningSecret.Store(&jwtSecretBytes)
+		generalSigningSecret.Store(signingKey)
+	}
+
+	if !OAuth2.Enabled {
+		return
+	}
+
+	var err error
+	OAuth2.KeyCfg, err = loadKeyCfg(rootCfg, "oauth2", "JWT_", "RS256", "jwt/private.pem")
+	if err != nil {
+		log.Fatal("oauth2 key initialization failed: %v", err)
 	}
 }
 
diff --git a/modules/setting/security.go b/modules/setting/security.go
index e00a6af0ee..586989101d 100644
--- a/modules/setting/security.go
+++ b/modules/setting/security.go
@@ -4,12 +4,15 @@
 package setting
 
 import (
+	"fmt"
 	"net/url"
 	"os"
+	"path/filepath"
 	"strings"
 
 	"forgejo.org/modules/auth/password/hash"
 	"forgejo.org/modules/generate"
+	"forgejo.org/modules/jwtx"
 	"forgejo.org/modules/keying"
 	"forgejo.org/modules/log"
 )
@@ -39,6 +42,31 @@ var (
 	DisableQueryAuthToken              bool
 )
 
+/*
+ * key loading is a two-stage process to avoid complications for unit tests:
+ *
+ * For symmetric keys, we want to add a random key to the configuration. We would
+ * not want to change the configuration after loading has completed to maintain
+ * isolation. So from this perspective, we would want to initialize keys only
+ * during setting.load...From()
+ *
+ * For asymmetric keys, we want to create a random private key _file_.
+ * Doing so during the setting load phase, however, creates key files for unit
+ * tests, because they usually complete the full settings load phase, but do not
+ * initialize modules which they do not need. Depending on the test case, it
+ * might not provide a writable AppDataPath, or it would leave private key files
+ * in the source tree. All of this can be avoided with
+ * specifically adjusting the ini loaded for unit tests, but adds considerable
+ * friction.
+ *
+ * So to avoid all this, we split key loading in two phases:
+ * - settings parse the config and save missing symmetric keys
+ * - module init takes the parsed config, creates missing asymmetric keys and
+ *   creates the actual signingkey objects
+ *
+ * jwtx.SigningKeyCfg and jwtx.KeyCfg are used for handover
+ */
+
 // loadSecret load the secret from ini by uriKey or verbatimKey, only one of them could be set
 // If the secret is loaded from uriKey (file), the file should be non-empty, to guarantee the behavior stable and clear.
 func loadSecret(sec ConfigSection, uriKey, verbatimKey string) string {
@@ -53,16 +81,29 @@ func loadSecret(sec ConfigSection, uriKey, verbatimKey string) string {
 	if uri == "" {
 		return verbatim
 	}
+	verbatim, err := loadSecretFromURI(uri)
+	if err == nil {
+		return verbatim
+	}
+	log.Fatal("%s: %w", uriKey, err)
+	// unreached
+	return ""
+}
 
+func loadSecretFromURI(uri string) (string, error) {
 	tempURI, err := url.Parse(uri)
 	if err != nil {
-		log.Fatal("Failed to parse %s (%s): %v", uriKey, uri, err)
+		return "", fmt.Errorf("Failed to parse %s: %v", uri, err)
 	}
 	switch tempURI.Scheme {
 	case "file":
-		buf, err := os.ReadFile(tempURI.RequestURI())
+		path := tempURI.RequestURI()
+		if !filepath.IsAbs(path) {
+			path = filepath.Join(AppDataPath, path)
+		}
+		buf, err := os.ReadFile(path)
 		if err != nil {
-			log.Fatal("Failed to read %s (%s): %v", uriKey, tempURI.RequestURI(), err)
+			return "", fmt.Errorf("Failed to read %s: %v", path, err)
 		}
 		val := strings.TrimSpace(string(buf))
 		if val == "" {
@@ -70,17 +111,135 @@ func loadSecret(sec ConfigSection, uriKey, verbatimKey string) string {
 			// For example: if INTERNAL_TOKEN_URI=file:///empty-file,
 			// Then if the token is re-generated during installation and saved to INTERNAL_TOKEN
 			// Then INTERNAL_TOKEN and INTERNAL_TOKEN_URI both exist, that's a fatal error (they shouldn't)
-			log.Fatal("Failed to read %s (%s): the file is empty", uriKey, tempURI.RequestURI())
+			return "", fmt.Errorf("Failed to read %s: the file is empty", path)
 		}
-		return val
+		return val, nil
 
 	// only file URIs are allowed
 	default:
-		log.Fatal("Unsupported URI-Scheme %q (%q = %q)", tempURI.Scheme, uriKey, uri)
-		return ""
+		return "", fmt.Errorf("Unsupported URI-Scheme %q in %q", tempURI.Scheme, uri)
 	}
 }
 
+// createSymmeticSigningKey creates a new symmetric signing key and saves it to
+// the setting named cfgSecret (usually [PFX_]SECRET) in section cfgSection
+func createSymmeticSigningKeyCfg(rootCfg ConfigProvider, cfgSection, cfgSecret string) (*[]byte, error) {
+	jwtSecretBytes, jwtSecretBase64 := generate.NewJwtSecret()
+	saveCfg, err := rootCfg.PrepareSaving()
+	if err == nil {
+		rootCfg.Section(cfgSection).Key(cfgSecret).SetValue(jwtSecretBase64)
+		saveCfg.Section(cfgSection).Key(cfgSecret).SetValue(jwtSecretBase64)
+		err = saveCfg.Save()
+	}
+	if err != nil {
+		return nil, fmt.Errorf("save %s.%s failed: %v", cfgSection, cfgSecret, err)
+	}
+	return &jwtSecretBytes, nil
+}
+
+// loadSymmeticSigningKey loads a signing key and creates it unless present
+// loads from [pfx]SECRET_URI
+// loads from or saves to [pfx]SECRET
+// in section sec
+func loadSymmeticSigningKeyCfg(rootCfg ConfigProvider, sec ConfigSection, pfx string) (*[]byte, error) {
+	cfgSecretURI := pfx + "SECRET_URI"
+	cfgSecret := pfx + "SECRET"
+
+	secretBase64 := loadSecret(sec, cfgSecretURI, cfgSecret)
+	secret, err := generate.DecodeJwtSecret(secretBase64)
+	if err == nil {
+		return &secret, nil
+	}
+
+	log.Info("[%s] %s or %s failed loading: %v - creating new key", sec.Name(), cfgSecret, cfgSecretURI, err)
+	return createSymmeticSigningKeyCfg(rootCfg, sec.Name(), cfgSecret)
+}
+
+// loadAsymmeticSigningKey loads a signing key from [pfx]SIGNING_PRIVATE_KEY_FILE
+// or creates it if it does not exist
+func loadAsymmeticSigningKeyPath(sec ConfigSection, pfx, defaultFile string) *string {
+	cfgFile := pfx + "SIGNING_PRIVATE_KEY_FILE"
+	keyPath := sec.Key(cfgFile).MustString(defaultFile)
+	if !filepath.IsAbs(keyPath) {
+		keyPath = filepath.Join(AppDataPath, keyPath)
+	}
+	return &keyPath
+}
+
+type checkKeyCfg func(rootCfg ConfigProvider, cfgSection, pfx string) error
+
+func onlyAsymmetric() checkKeyCfg {
+	return func(rootCfg ConfigProvider, cfgSection, pfx string) error {
+		sec := rootCfg.Section(cfgSection)
+		cfgAlg := pfx + "SIGNING_ALGORITHM"
+
+		if sec.HasKey(cfgAlg) {
+			alg := sec.Key(cfgAlg).String()
+			if !jwtx.IsValidAsymmetricAlgorithm(alg) {
+				return fmt.Errorf("Unexpected algorithm: %s = %s, needs to be one of %v",
+					cfgAlg, alg, jwtx.ValidAsymmetricAlgorithms)
+			}
+		}
+
+		noCfg := []string{
+			pfx + "SECRET_URI",
+			pfx + "SECRET",
+		}
+
+		for _, cfg := range noCfg {
+			if sec.HasKey(cfg) {
+				return fmt.Errorf("Invalid config key: %s - must be removed", cfg)
+			}
+		}
+
+		return nil
+	}
+}
+
+// loadSigningKey() loads a or creates signing key based on settings in section cfgSection
+// [pfx]SIGNING_ALGORITHM determines the algorithm
+// [pfx]SECRET is a literal secret for symmetric algorithms
+// [pfx]SECRET_URI is the uri of a secret for symmetric algorithms
+// [pfx]SIGNING_PRIVATE_KEY_FILE is a file with a private key for asymmetric algorithms
+//
+// [pfx]SECRET might get written to literally in the config if needed but not present
+
+func loadSigningKeyCfg(rootCfg ConfigProvider, cfgSection, pfx, defaultAlg, defaultPrivateKeyFile string, checks ...checkKeyCfg) (*jwtx.SigningKeyCfg, error) {
+	for _, check := range checks {
+		err := check(rootCfg, cfgSection, pfx)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	sec := rootCfg.Section(cfgSection)
+	cfgAlg := pfx + "SIGNING_ALGORITHM"
+
+	algorithm := sec.Key(cfgAlg).MustString(defaultAlg)
+
+	cfg := jwtx.SigningKeyCfg{Algorithm: algorithm}
+	var err error
+
+	if jwtx.IsValidSymmetricAlgorithm(algorithm) {
+		cfg.SecretBytes, err = loadSymmeticSigningKeyCfg(rootCfg, sec, pfx)
+	} else if jwtx.IsValidAsymmetricAlgorithm(algorithm) {
+		cfg.PrivateKeyPath = loadAsymmeticSigningKeyPath(sec, pfx, defaultPrivateKeyFile)
+	} else {
+		err = fmt.Errorf("invalid algorithm: %s = %s", cfgAlg, algorithm)
+	}
+
+	return &cfg, err
+}
+
+func loadKeyCfg(rootCfg ConfigProvider, cfgSection, pfx, defaultAlg, defaultPrivateKeyFile string, checks ...checkKeyCfg) (*jwtx.KeyCfg, error) {
+	signing, err := loadSigningKeyCfg(rootCfg, cfgSection, pfx, defaultAlg, defaultPrivateKeyFile, checks...)
+	if err != nil {
+		err = fmt.Errorf("[%s] %v", cfgSection, err)
+		return nil, err
+	}
+	return &jwtx.KeyCfg{Signing: signing}, nil
+}
+
 // generateSaveInternalToken generates and saves the internal token to app.ini
 func generateSaveInternalToken(rootCfg ConfigProvider) {
 	token, err := generate.NewInternalToken()
diff --git a/modules/storage/storage.go b/modules/storage/storage.go
index db081e0768..fe9222060f 100644
--- a/modules/storage/storage.go
+++ b/modules/storage/storage.go
@@ -164,6 +164,7 @@ func initLFS() (err error) {
 		LFS = DiscardStorage("LFS isn't enabled")
 		return nil
 	}
+
 	log.Info("Initialising LFS storage with type: %s", setting.LFS.Storage.Type)
 	LFS, err = NewStorage(setting.LFS.Storage.Type, setting.LFS.Storage)
 	return err
diff --git a/release-notes/11194.md b/release-notes/11194.md
new file mode 100644
index 0000000000..1ca37e04c3
--- /dev/null
+++ b/release-notes/11194.md
@@ -0,0 +1 @@
+Configuration of JSON Web Token (JWT) signing secrets in the `app.ini` file has been unified: `[pfx]SIGNING_ALGORITHM` determines the algorithm, `[pfx]SECRET` is a literal secret for symmetric algorithms, `[pfx]SECRET_URI` is the `file:` uri of a secret for symmetric algorithms `[pfx]SIGNING_PRIVATE_KEY_FILE` is the file with a private key for asymmetric algorithms. For the following configuration keys, the existing behavior is preserved: `[oauth2]` pfx = `JWT_`, `[actions]` pfx = `ID_TOKEN_` only supports asymmetric algorithms. `[server]` pfx = `LFS_JWT_` gained support for asymmetric algorithms. For consistency with `[pfx]SIGNING_PRIVATE_KEY_FILE`, `[pfx]SECRET_URI` now also accepts relative paths.
diff --git a/routers/api/actions/oidc.go b/routers/api/actions/oidc.go
index d824030ca7..20cc44f36a 100644
--- a/routers/api/actions/oidc.go
+++ b/routers/api/actions/oidc.go
@@ -48,7 +48,7 @@ type OIDCContext struct {
 
 func InitOIDC() error {
 	var err error
-	jwtSigningKey, err = jwtx.InitAsymmetricSigningKey(setting.Actions.IDTokenSigningPrivateKeyFile, string(setting.Actions.IDTokenSigningAlgorithm))
+	jwtSigningKey, err = jwtx.InitSigningKey(&setting.Actions.KeyCfg.Signing)
 	if err != nil {
 		return err
 	}
@@ -118,7 +118,7 @@ func OIDCRoutes(prefix string) *web.Route {
 			SubjectTypesSupported:            []string{"public"},
 			ResponseTypesSupported:           []string{"id_token"},
 			ClaimsSupported:                  claimsSupported,
-			IDTokenSigningAlgValuesSupported: []string{string(setting.Actions.IDTokenSigningAlgorithm)},
+			IDTokenSigningAlgValuesSupported: []string{jwtSigningKey.SigningMethod().Alg()},
 			ScopesSupported:                  []string{"openid"},
 		},
 		jwks: map[string][]map[string]string{
diff --git a/services/auth/source/oauth2/init.go b/services/auth/source/oauth2/init.go
index ac7853222c..6e0714b9b5 100644
--- a/services/auth/source/oauth2/init.go
+++ b/services/auth/source/oauth2/init.go
@@ -35,7 +35,7 @@ var DefaultSigningKey jwtx.SigningKey
 // Init initializes the oauth source
 func Init(ctx context.Context) error {
 	var err error
-	DefaultSigningKey, err = jwtx.InitSigningKey(setting.GetGeneralTokenSigningSecret, setting.OAuth2.JWTSigningPrivateKeyFile, setting.OAuth2.JWTSigningAlgorithm)
+	DefaultSigningKey, err = jwtx.InitSigningKey(&setting.OAuth2.KeyCfg.Signing)
 	if err != nil {
 		return err
 	}
diff --git a/services/lfs/server.go b/services/lfs/server.go
index cc8afc2aa8..ef0df4a0ab 100644
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@@ -580,10 +580,11 @@ func authenticate(ctx *context.Context, repository *repo_model.Repository, autho
 
 func handleLFSToken(ctx stdCtx.Context, tokenSHA string, target *repo_model.Repository, mode perm.AccessMode) (*user_model.User, error) {
 	token, err := jwt.ParseWithClaims(tokenSHA, &Claims{}, func(t *jwt.Token) (any, error) {
-		if _, ok := t.Method.(*jwt.SigningMethodHMAC); !ok {
+		k := setting.LFS.SigningKey
+		if t.Method != k.SigningMethod() {
 			return nil, fmt.Errorf("unexpected signing method: %v", t.Header["alg"])
 		}
-		return setting.LFS.JWTSecretBytes, nil
+		return k.VerifyKey(), nil
 	})
 	if err != nil {
 		return nil, errors.New("invalid token")
diff --git a/services/lfs/server_test.go b/services/lfs/server_test.go
index 13e7e73010..67c93f30bb 100644
--- a/services/lfs/server_test.go
+++ b/services/lfs/server_test.go
@@ -41,18 +41,23 @@ func getLFSAuthTokenWithBearer(opts authTokenOptions) (string, error) {
 		Op:     opts.Op,
 		UserID: opts.UserID,
 	}
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 
 	// Sign and get the complete encoded token as a string using the secret
-	tokenString, err := token.SignedString(setting.LFS.JWTSecretBytes)
+	tokenString, err := setting.LFS.SigningKey.JWT(claims)
 	if err != nil {
 		return "", fmt.Errorf("failed to sign LFS JWT token: %w", err)
 	}
 	return "Bearer " + tokenString, nil
 }
 
-func TestAuthenticate(t *testing.T) {
+func testAuthenticate(t *testing.T, cfg string) {
 	require.NoError(t, unittest.PrepareTestDatabase())
+	var err error
+	setting.CfgProvider, err = setting.NewConfigProviderFromData(cfg)
+	require.NoError(t, err, "Config")
+	setting.LoadCommonSettings()
+	assert.True(t, setting.LFS.StartServer, "LFS_START_SERVER = true")
+	assert.NotNil(t, setting.LFS.SigningKey, "SigningKey initialized")
 	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 
 	token2, _ := getLFSAuthTokenWithBearer(authTokenOptions{Op: "download", UserID: 2, RepoID: 1})
@@ -80,3 +85,30 @@ func TestAuthenticate(t *testing.T) {
 		assert.True(t, authenticate(ctx, repo1, prefixBearer+token2, true, false))
 	})
 }
+
+type namedCfg struct {
+	name, cfg string
+}
+
+var iniCommon = `[security]
+INSTALL_LOCK = true
+INTERNAL_TOKEN = ForgejoForgejoForgejoForgejoForgejoForgejo_	# don't use in prod
+[oauth2]
+JWT_SECRET = ForgejoForgejoForgejoForgejoForgejoForgejo_	# don't use in prod
+[server]
+LFS_START_SERVER = true
+	`
+
+var cfgVariants = []namedCfg{
+	{name: "HS256_default", cfg: `LFS_JWT_SECRET = ForgejoForgejoForgejoForgejoForgejoForgejo_`},
+	{name: "RS256", cfg: `LFS_JWT_SIGNING_ALGORITHM = RS256`},
+}
+
+func TestAuthenticate(t *testing.T) {
+	// TODO: #11024
+	setting.InstallLock = true
+	for _, v := range cfgVariants {
+		cfg := iniCommon + v.cfg
+		t.Run(v.name, func(t *testing.T) { testAuthenticate(t, cfg) })
+	}
+}
diff --git a/services/repository/lfs_test.go b/services/repository/lfs_test.go
index e38c38e29c..0224b71100 100644
--- a/services/repository/lfs_test.go
+++ b/services/repository/lfs_test.go
@@ -21,11 +21,25 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+var ini = `[security]
+INSTALL_LOCK = true
+INTERNAL_TOKEN = ForgejoForgejoForgejoForgejoForgejoForgejo_	# don't use in prod
+[oauth2]
+JWT_SECRET = ForgejoForgejoForgejoForgejoForgejoForgejo_	# don't use in prod
+[server]
+LFS_START_SERVER = true
+LFS_JWT_SECRET = ForgejoForgejoForgejoForgejoForgejoForgejo_	# don't use in prod
+	`
+
 func TestGarbageCollectLFSMetaObjects(t *testing.T) {
+	var err error
+	setting.CfgProvider, err = setting.NewConfigProviderFromData(ini)
+	require.NoError(t, err, "Config")
+	setting.LoadCommonSettings()
+
 	unittest.PrepareTestEnv(t)
 
-	setting.LFS.StartServer = true
-	err := storage.Init()
+	err = storage.Init()
 	require.NoError(t, err)
 
 	repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, "user2", "lfs")

From 529b14291dd859cf51a1c20de6fbf5ca15efffd0 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 21 Apr 2026 19:49:54 +0200
Subject: [PATCH 723/854] Update dependency clippie to v4.1.14 (forgejo)
 (#12209)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12209
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Renovate Bot <bot@kriese.eu>
Co-committed-by: Renovate Bot <bot@kriese.eu>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a2adf74362..819f398d2b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -43,7 +43,7 @@
         "chart.js": "4.5.1",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
-        "clippie": "4.1.13",
+        "clippie": "4.1.14",
         "css-loader": "7.1.3",
         "dayjs": "1.11.19",
         "dropzone": "6.0.0-beta.2",
@@ -6362,9 +6362,9 @@
       }
     },
     "node_modules/clippie": {
-      "version": "4.1.13",
-      "resolved": "https://registry.npmjs.org/clippie/-/clippie-4.1.13.tgz",
-      "integrity": "sha512-0ofIc4H35mzuxkojnpUmDzWneL8XrGWuO3RbHbXmDdebzJYp2q8zIhenc85LMedIOoCuzWtFTqkOJETv2QYN7g==",
+      "version": "4.1.14",
+      "resolved": "https://registry.npmjs.org/clippie/-/clippie-4.1.14.tgz",
+      "integrity": "sha512-VMyejKiX9jtz57BP2YLZeH+662xKTlIAXBoaHVXdtuuDiSd2D1z/0GyclLGX4POXKK03/vYB6cHVWlSLDI2YBw==",
       "license": "BSD-2-Clause"
     },
     "node_modules/cliui": {
diff --git a/package.json b/package.json
index a3bb47d52d..e89587c8e7 100644
--- a/package.json
+++ b/package.json
@@ -42,7 +42,7 @@
     "chart.js": "4.5.1",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",
-    "clippie": "4.1.13",
+    "clippie": "4.1.14",
     "css-loader": "7.1.3",
     "dayjs": "1.11.19",
     "dropzone": "6.0.0-beta.2",

From 4001ab027a2e26ca60465fd240813092aa3f73b4 Mon Sep 17 00:00:00 2001
From: zokki <zokki.softwareschmiede@gmail.com>
Date: Tue, 21 Apr 2026 19:55:16 +0200
Subject: [PATCH 724/854] fix: secret name-prefix regex (#12213)

Fixes: #12212
Sorry for this bug, I introduced it by not testing !10682 better. Now the `forbiddenPrefixPattern`-regex is compliant to the docu:
```
It cannot start with FORGEJO_, GITEA_, GITHUB_, or a number.
```

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12213
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
---
 models/secret/secret.go      | 2 +-
 models/secret/secret_test.go | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/models/secret/secret.go b/models/secret/secret.go
index 911d94d78a..758f346f22 100644
--- a/models/secret/secret.go
+++ b/models/secret/secret.go
@@ -20,7 +20,7 @@ import (
 
 var (
 	namePattern            = regexp.MustCompile("(?i)^[A-Z_][A-Z0-9_]*$")
-	forbiddenPrefixPattern = regexp.MustCompile("(?i)^FORGEJO_|GITEA_|GITHUB_")
+	forbiddenPrefixPattern = regexp.MustCompile("(?i)^(FORGEJO_|GITEA_|GITHUB_|[0-9])")
 
 	ErrInvalidName = util.NewInvalidArgumentErrorf("invalid secret name")
 )
diff --git a/models/secret/secret_test.go b/models/secret/secret_test.go
index 5c54b25967..e323986084 100644
--- a/models/secret/secret_test.go
+++ b/models/secret/secret_test.go
@@ -257,12 +257,18 @@ func TestSecretValidateName(t *testing.T) {
 		valid bool
 	}{
 		{"FORGEJO_", false},
+		{"PRE_FORGEJO_", true},
+		{"PRE_FORGEJO_SUF", true},
 		{"FORGEJO_123", false},
 		{"FORGEJO_ABC", false},
 		{"GITEA_", false},
+		{"PRE_GITEA_", true},
+		{"PRE_GITEA_SUF", true},
 		{"GITEA_123", false},
 		{"GITEA_ABC", false},
 		{"GITHUB_", false},
+		{"PRE_GITHUB_", true},
+		{"PRE_GITHUB_SUF", true},
 		{"GITHUB_123", false},
 		{"GITHUB_ABC", false},
 		{"123_TEST", false},

From 1b6fe54e08cec1bc67c9133a14d12c604f4d0fec Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Tue, 21 Apr 2026 21:16:57 +0200
Subject: [PATCH 725/854] fix(e2e): improve org-members, issue-sidebar and
 runner-management test (#12164)

Followup to https://codeberg.org/forgejo/forgejo/pulls/11848

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12164
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
---
 tests/e2e/issue-sidebar.test.e2e.ts     |  5 ++---
 tests/e2e/org-members.test.e2e.ts       | 17 +++++++++++++++--
 tests/e2e/runner-management.test.e2e.ts |  9 ++++++---
 3 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/tests/e2e/issue-sidebar.test.e2e.ts b/tests/e2e/issue-sidebar.test.e2e.ts
index cf3fe607d2..d785a19e18 100644
--- a/tests/e2e/issue-sidebar.test.e2e.ts
+++ b/tests/e2e/issue-sidebar.test.e2e.ts
@@ -25,6 +25,8 @@ test.describe('Pull: Toggle WIP', () => {
   }
 
   async function check_wip({page}: {page: Page}, is: boolean) {
+    await page.waitForLoadState();
+
     const elemTitle = 'h1';
     const stateLabel = '.issue-state-label';
     await page.waitForLoadState('domcontentloaded');
@@ -66,7 +68,6 @@ test.describe('Pull: Toggle WIP', () => {
   });
 
   test('manual edit', async ({page}) => {
-    await page.goto('/user2/repo1/pulls/5');
     // manually edit title to another prefix
     await page.locator('#issue-title-edit-show').click();
     await page.locator('#issue-title-editor input').fill(`[WIP] ${prTitle}`);
@@ -78,7 +79,6 @@ test.describe('Pull: Toggle WIP', () => {
   });
 
   test('maximum title length', async ({page}) => {
-    await page.goto('/user2/repo1/pulls/5');
     // check maximum title length is handled gracefully
     const maxLenStr = prTitle + 'a'.repeat(240);
     await page.locator('#issue-title-edit-show').click();
@@ -95,7 +95,6 @@ test.describe('Pull: Toggle WIP', () => {
   });
 
   test('wip prefix casing', async ({page}) => {
-    await page.goto('/user2/repo1/pulls/5');
     await setTitle({page}, `wIP:${prTitle}`);
     await expect(page.locator('h1')).toContainText(`wIP:${prTitle}`);
     await check_wip({page}, true);
diff --git a/tests/e2e/org-members.test.e2e.ts b/tests/e2e/org-members.test.e2e.ts
index 7be6714639..69f2f31f8a 100644
--- a/tests/e2e/org-members.test.e2e.ts
+++ b/tests/e2e/org-members.test.e2e.ts
@@ -29,6 +29,8 @@ test('Toggle visibility', async ({page}) => {
 
   // Revert for repeatability
   await showUser2.click();
+  await expect(hideUser2).toBeVisible();
+  await expect(showUser2).toBeHidden();
 });
 
 test('Leave org', async ({page}) => {
@@ -50,7 +52,7 @@ test('Leave org', async ({page}) => {
   await expect(page.locator('.flash-error').getByText('You cannot remove the last user from the "owners" team.')).toBeVisible();
 });
 
-test('Add a new member to the org', async ({page}) => {
+test('Add and remove a new member to the org', async ({page}) => {
   page.goto('/org/org3/members');
 
   // Click the "Add member" button
@@ -72,6 +74,17 @@ test('Add a new member to the org', async ({page}) => {
   // Click the button
   await page.locator('#add-member-modal .actions button.ok').click();
 
-  // Getting error is enough to know that the correct request went though
+  // Verify that the user was added
   await expect(page.locator('.organization.members .list a').getByText('user5 (User Five)')).toBeVisible();
+
+  // Revert for repeatability
+  const removeButton = page.locator('.delete-button[data-url="/org/org3/members/action/remove"][data-datauid="5"]');
+  await expect(async () => {
+    await removeButton.click();
+    // A confirmation modal will appear
+    await expect(page.locator('.modal#remove-organization-member')).toBeVisible();
+    // Proceed removing from the org
+    await page.locator('.modal#remove-organization-member .actions button.ok').click();
+    await expect(page.locator('.organization.members .list a').getByText('user5 (User Five)')).toBeHidden();
+  }).toPass();
 });
diff --git a/tests/e2e/runner-management.test.e2e.ts b/tests/e2e/runner-management.test.e2e.ts
index 1dba606a1b..c7211dbe05 100644
--- a/tests/e2e/runner-management.test.e2e.ts
+++ b/tests/e2e/runner-management.test.e2e.ts
@@ -125,9 +125,12 @@ test.describe('Runners of user2', () => {
     const runnerUUID = await page.evaluate(() => navigator.clipboard.readText());
     expect(runnerUUID).toMatch(uuidPattern);
 
-    await page.getByRole('button', {name: 'Copy runner token'}).click();
-    const runnerToken = await page.evaluate(() => navigator.clipboard.readText());
-    expect(runnerToken).toMatch(tokenPattern);
+    let runnerToken;
+    await expect(async () => {
+      await page.getByRole('button', {name: 'Copy runner token'}).click();
+      runnerToken = await page.evaluate(() => navigator.clipboard.readText());
+      expect(runnerToken).toMatch(tokenPattern);
+    }).toPass();
 
     await expect(page.getByRole('term')).toHaveText(['UUID', 'Token']);
     await expect(page.getByRole('definition')).toContainText([runnerUUID, runnerToken]);

From 2ed98ac848a3b25d0be5d365535c64a14a7a6476 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 22 Apr 2026 13:41:25 +0200
Subject: [PATCH 726/854] fix: resolve outer workflow call to success, not
 failure, on inner job skip (#12224)

If one or more of a workflow expansion's inner jobs are status "skipped", consider that as a success, rather than a failure.  Fixes https://code.forgejo.org/forgejo/runner/issues/1490.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12224
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 services/actions/job_emitter.go      |  7 +++--
 services/actions/job_emitter_test.go | 42 ++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index 593e17517a..0a9c297033 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -192,7 +192,7 @@ func (r *jobStatusResolver) resolve() map[int64]actions_model.Status {
 		if status != actions_model.StatusBlocked {
 			continue
 		}
-		allDone, allSucceed := true, true
+		allDone, allSucceed, allSucceedOrSkip := true, true, true
 		for _, need := range r.needs[id] {
 			needStatus := r.statuses[need]
 			if !needStatus.IsDone() {
@@ -201,13 +201,16 @@ func (r *jobStatusResolver) resolve() map[int64]actions_model.Status {
 			if needStatus.In(actions_model.StatusFailure, actions_model.StatusCancelled, actions_model.StatusSkipped) {
 				allSucceed = false
 			}
+			if needStatus.In(actions_model.StatusFailure, actions_model.StatusCancelled) {
+				allSucceedOrSkip = false
+			}
 		}
 		if allDone {
 			if isWorkflowCallOuterJob, _ := r.jobMap[id].IsWorkflowCallOuterJob(); isWorkflowCallOuterJob {
 				// If the dependent job was a workflow call outer job, then options aren't waiting/skipped, but rather
 				// success/failure.  checkJobsOfRun will do additional work in these cases to "finish" the workflow call
 				// job as well.
-				if allSucceed {
+				if allSucceedOrSkip {
 					isIncompleteMatrix, _, _ := r.jobMap[id].HasIncompleteMatrix()
 					isIncompleteWith, _, _, _ := r.jobMap[id].HasIncompleteWith()
 					if isIncompleteMatrix || isIncompleteWith {
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index 44e9163102..a7e3b7467b 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -146,6 +146,27 @@ jobs:
 					`
 name: test
 on: push
+jobs:
+  job2:
+    if: false
+    uses: ./.forgejo/workflows/reusable.yml
+__metadata:
+  workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+`)},
+			},
+			want: map[int64]actions_model.Status{
+				3: actions_model.StatusSuccess,
+			},
+		},
+		{
+			name: "unblocked workflow call outer job with success and skip",
+			jobs: actions_model.ActionJobList{
+				{ID: 1, JobID: "job1.innerjob1", Status: actions_model.StatusSuccess, Needs: []string{}},
+				{ID: 2, JobID: "job1.innerjob2", Status: actions_model.StatusSkipped, Needs: []string{}},
+				{ID: 3, JobID: "job1", Status: actions_model.StatusBlocked, Needs: []string{"job1.innerjob1", "job1.innerjob2"}, WorkflowPayload: []byte(
+					`
+name: test
+on: push
 jobs:
   job2:
     if: false
@@ -219,6 +240,27 @@ __metadata:
 					`
 name: test
 on: push
+jobs:
+  job2:
+    if: false
+    uses: ./.forgejo/workflows/reusable.yml
+__metadata:
+  workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+`)},
+			},
+			want: map[int64]actions_model.Status{
+				3: actions_model.StatusFailure,
+			},
+		},
+		{
+			name: "unblocked workflow call outer job with internal failure",
+			jobs: actions_model.ActionJobList{
+				{ID: 1, JobID: "job1.innerjob1", Status: actions_model.StatusSkipped, Needs: []string{}},
+				{ID: 2, JobID: "job1.innerjob2", Status: actions_model.StatusFailure, Needs: []string{}},
+				{ID: 3, JobID: "job1", Status: actions_model.StatusBlocked, Needs: []string{"job1.innerjob1", "job1.innerjob2"}, WorkflowPayload: []byte(
+					`
+name: test
+on: push
 jobs:
   job2:
     if: false

From 1ddd5faa5cf554829f2cab3a237dc004950c630b Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 22 Apr 2026 21:00:26 +0200
Subject: [PATCH 727/854] refactor: change authentication to return structured
 data (#12202)

Currently authentication methods return information in two forms: they return who was authenticated as a `*user_model.User`, and then they insert key-values into `ctx.Data` which has critical impact on how the authenticated request is treated.  This PR changes the authentication methods to return structured data in the form of an `AuthenticationResult`, with all the key-value information in `ctx.Data` being moved into methods on the `AuthenticationResult` interface.

Authentication workflows in Forgejo are a real mess.  This is the first step in trying to clean it up and make the code predictable and reasonable, and is both follow-up work that was identified from the repo-specific access tokens (where the `"ApiTokenReducer"` key-value was added), and is pre-requisite work to future JWT enhancements that are [being discussed](https://codeberg.org/forgejo/forgejo/issues/3571#issuecomment-13268004).

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
  - All changes, at least in theory, are refactors of existing logic and are not expected to have functional deviations -- existing regression tests are the only planned testing.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12202
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 .golangci.yml                                 | 15 ---
 routers/api/packages/api.go                   | 96 ++++++++++---------
 routers/api/packages/chef/auth.go             | 18 +++-
 routers/api/packages/conan/auth.go            | 31 ++++--
 routers/api/packages/conan/conan.go           |  3 +-
 routers/api/packages/container/auth.go        | 31 ++++--
 routers/api/packages/container/container.go   |  3 +-
 routers/api/packages/nuget/auth.go            | 20 +++-
 routers/api/shared/middleware.go              | 37 +++----
 routers/api/v1/api.go                         | 15 ++-
 routers/common/auth.go                        | 28 +++---
 routers/init.go                               |  4 +-
 routers/web/auth/auth.go                      |  3 +-
 routers/web/auth/linkaccount.go               |  4 +-
 routers/web/auth/oauth.go                     |  6 +-
 routers/web/auth/openid.go                    |  3 +-
 routers/web/repo/githttp.go                   |  5 +-
 routers/web/user/setting/account.go           |  4 +-
 routers/web/web.go                            | 23 +++--
 services/auth/interface.go                    | 76 +++++++++++++--
 .../{ => method}/additional_scopes_test.go    |  2 +-
 services/auth/{ => method}/auth.go            |  5 +-
 .../auth/method/auth_result_accesstoken.go    | 33 +++++++
 .../auth/method/auth_result_actionstask.go    | 31 ++++++
 .../auth/method/auth_result_basicpassword.go  | 24 +++++
 services/auth/method/auth_result_httpsign.go  | 20 ++++
 services/auth/method/auth_result_oauth.go     | 31 ++++++
 .../auth/method/auth_result_reverseproxy.go   | 24 +++++
 services/auth/method/auth_result_session.go   | 20 ++++
 services/auth/{ => method}/auth_test.go       |  2 +-
 services/auth/{ => method}/basic.go           | 49 ++++------
 services/auth/{ => method}/group.go           | 45 ++++-----
 services/auth/{ => method}/httpsign.go        | 25 ++---
 services/auth/method/main_test.go             | 14 +++
 services/auth/{ => method}/oauth2.go          | 87 +++++++++--------
 services/auth/{ => method}/oauth2_test.go     | 19 ++--
 services/auth/{ => method}/reverseproxy.go    | 23 ++---
 .../auth/{ => method}/reverseproxy_test.go    |  2 +-
 services/auth/{ => method}/session.go         | 22 ++---
 services/auth/{ => method}/signin.go          |  7 +-
 services/context/api.go                       |  7 +-
 services/context/context.go                   |  9 +-
 services/context/permission.go                | 14 +--
 services/lfs/server.go                        |  3 +-
 tests/integration/api_packages_chef_test.go   | 25 ++---
 45 files changed, 620 insertions(+), 348 deletions(-)
 rename services/auth/{ => method}/additional_scopes_test.go (98%)
 rename services/auth/{ => method}/auth.go (97%)
 create mode 100644 services/auth/method/auth_result_accesstoken.go
 create mode 100644 services/auth/method/auth_result_actionstask.go
 create mode 100644 services/auth/method/auth_result_basicpassword.go
 create mode 100644 services/auth/method/auth_result_httpsign.go
 create mode 100644 services/auth/method/auth_result_oauth.go
 create mode 100644 services/auth/method/auth_result_reverseproxy.go
 create mode 100644 services/auth/method/auth_result_session.go
 rename services/auth/{ => method}/auth_test.go (99%)
 rename services/auth/{ => method}/basic.go (81%)
 rename services/auth/{ => method}/group.go (52%)
 rename services/auth/{ => method}/httpsign.go (94%)
 create mode 100644 services/auth/method/main_test.go
 rename services/auth/{ => method}/oauth2.go (76%)
 rename services/auth/{ => method}/oauth2_test.go (87%)
 rename services/auth/{ => method}/reverseproxy.go (93%)
 rename services/auth/{ => method}/reverseproxy_test.go (99%)
 rename services/auth/{ => method}/session.go (77%)
 rename services/auth/{ => method}/signin.go (94%)

diff --git a/.golangci.yml b/.golangci.yml
index b16bb8beb2..5fa6c13860 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -347,21 +347,6 @@ linters:
       - path: services/actions/trust.go
         linters:
           - nilnil
-      - path: services/auth/basic.go
-        linters:
-          - nilnil
-      - path: services/auth/httpsign.go
-        linters:
-          - nilnil
-      - path: services/auth/oauth2.go
-        linters:
-          - nilnil
-      - path: services/auth/reverseproxy.go
-        linters:
-          - nilnil
-      - path: services/auth/session.go
-        linters:
-          - nilnil
       - path: services/contexttest/context_tests.go
         linters:
           - nilnil
diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 0b46cc66b0..2163badb49 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -38,48 +38,46 @@ import (
 	"forgejo.org/routers/api/packages/swift"
 	"forgejo.org/routers/api/packages/vagrant"
 	"forgejo.org/services/auth"
+	auth_method "forgejo.org/services/auth/method"
 	"forgejo.org/services/context"
 )
 
 func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) {
 	return func(ctx *context.Context) {
-		if ctx.Data["IsApiToken"] == true {
-			scope, ok := ctx.Data["ApiTokenScope"].(auth_model.AccessTokenScope)
-			if ok { // it's a personal access token but not oauth2 token
-				scopeMatched := false
-				var err error
-				switch accessMode {
-				case perm.AccessModeRead:
-					scopeMatched, err = scope.HasScope(auth_model.AccessTokenScopeReadPackage)
-					if err != nil {
-						ctx.Error(http.StatusInternalServerError, "HasScope", err.Error())
-						return
-					}
-				case perm.AccessModeWrite:
-					scopeMatched, err = scope.HasScope(auth_model.AccessTokenScopeWritePackage)
-					if err != nil {
-						ctx.Error(http.StatusInternalServerError, "HasScope", err.Error())
-						return
-					}
-				}
-				if !scopeMatched {
-					ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea Package API"`)
-					ctx.Error(http.StatusUnauthorized, "reqPackageAccess", "user should have specific permission or be a site admin")
-					return
-				}
-
-				// check if scope only applies to public resources
-				publicOnly, err := scope.PublicOnly()
+		if hasScope, scope := ctx.Authentication.Scope().Get(); hasScope {
+			scopeMatched := false
+			var err error
+			switch accessMode {
+			case perm.AccessModeRead:
+				scopeMatched, err = scope.HasScope(auth_model.AccessTokenScopeReadPackage)
 				if err != nil {
-					ctx.Error(http.StatusForbidden, "tokenRequiresScope", "parsing public resource scope failed: "+err.Error())
+					ctx.Error(http.StatusInternalServerError, "HasScope", err.Error())
 					return
 				}
+			case perm.AccessModeWrite:
+				scopeMatched, err = scope.HasScope(auth_model.AccessTokenScopeWritePackage)
+				if err != nil {
+					ctx.Error(http.StatusInternalServerError, "HasScope", err.Error())
+					return
+				}
+			}
+			if !scopeMatched {
+				ctx.Resp.Header().Set("WWW-Authenticate", `Basic realm="Gitea Package API"`)
+				ctx.Error(http.StatusUnauthorized, "reqPackageAccess", "user should have specific permission or be a site admin")
+				return
+			}
 
-				if publicOnly {
-					if ctx.Package != nil && ctx.Package.Owner.Visibility.IsPrivate() {
-						ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public packages")
-						return
-					}
+			// check if scope only applies to public resources
+			publicOnly, err := scope.PublicOnly()
+			if err != nil {
+				ctx.Error(http.StatusForbidden, "tokenRequiresScope", "parsing public resource scope failed: "+err.Error())
+				return
+			}
+
+			if publicOnly {
+				if ctx.Package != nil && ctx.Package.Owner.Visibility.IsPrivate() {
+					ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public packages")
+					return
 				}
 			}
 		}
@@ -116,38 +114,48 @@ func enforcePackagesQuota() func(ctx *context.Context) {
 
 func verifyAuth(r *web.Route, authMethods []auth.Method) {
 	if setting.Service.EnableReverseProxyAuth {
-		authMethods = append(authMethods, &auth.ReverseProxy{})
+		authMethods = append(authMethods, &auth_method.ReverseProxy{})
 	}
-	authGroup := auth.NewGroup(authMethods...)
+	authGroup := auth_method.NewGroup(authMethods...)
 
 	r.Use(func(ctx *context.Context) {
-		var err error
-		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
+		authResult, err := authGroup.Verify(ctx.Req, ctx.Resp, ctx.Session)
 		if err != nil {
 			log.Info("Failed to verify user: %v", err)
 			ctx.Error(http.StatusUnauthorized, "authGroup.Verify")
 			return
 		}
+		if authResult == nil {
+			ctx.Error(http.StatusInternalServerError, "verifyAuth nil authentication result")
+			return
+		}
+		ctx.Doer = authResult.User()
 		ctx.IsSigned = ctx.Doer != nil
+		ctx.Authentication = authResult
 	})
 }
 
 func verifyContainerAuth(r *web.Route, authMethods []auth.Method) {
 	if setting.Service.EnableReverseProxyAuth {
-		authMethods = append(authMethods, &auth.ReverseProxy{})
+		authMethods = append(authMethods, &auth_method.ReverseProxy{})
 	}
-	authGroup := auth.NewGroup(authMethods...)
+	authGroup := auth_method.NewGroup(authMethods...)
 
 	r.Use(func(ctx *context.Context) {
-		var err error
-		ctx.Doer, err = authGroup.Verify(ctx.Req, ctx.Resp, ctx, ctx.Session)
+		authResult, err := authGroup.Verify(ctx.Req, ctx.Resp, ctx.Session)
 		if err != nil {
 			log.Info("Failed to verify user: %v", err)
 			container.APIUnauthorizedError(ctx)
 			ctx.Error(http.StatusUnauthorized, "authGroup.Verify")
 			return
 		}
+		if authResult == nil {
+			ctx.Error(http.StatusInternalServerError, "verifyContainerAuth nil authentication result")
+			return
+		}
+		ctx.Doer = authResult.User()
 		ctx.IsSigned = ctx.Doer != nil
+		ctx.Authentication = authResult
 	})
 }
 
@@ -159,8 +167,8 @@ func CommonRoutes() *web.Route {
 	r.Use(context.PackageContexter())
 
 	verifyAuth(r, []auth.Method{
-		&auth.OAuth2{},
-		&auth.Basic{},
+		&auth_method.OAuth2{},
+		&auth_method.Basic{},
 		&nuget.Auth{},
 		&conan.Auth{},
 		&chef.Auth{},
@@ -804,7 +812,7 @@ func ContainerRoutes() *web.Route {
 
 	r.Use(context.PackageContexter())
 
-	verifyContainerAuth(r, []auth.Method{&auth.Basic{}, &container.Auth{}})
+	verifyContainerAuth(r, []auth.Method{&auth_method.Basic{}, &container.Auth{}})
 
 	r.Get("", container.ReqContainerAccess, container.DetermineSupport)
 	r.Group("/token", func() {
diff --git a/routers/api/packages/chef/auth.go b/routers/api/packages/chef/auth.go
index 62523df02d..b9ff4b25f8 100644
--- a/routers/api/packages/chef/auth.go
+++ b/routers/api/packages/chef/auth.go
@@ -39,9 +39,19 @@ var (
 	versionPattern       = regexp.MustCompile(`version=(\d+\.\d+)`)
 	authorizationPattern = regexp.MustCompile(`\AX-Ops-Authorization-(\d+)`)
 
-	_ auth.Method = &Auth{}
+	_ auth.Method               = &Auth{}
+	_ auth.AuthenticationResult = &chefAuthenticationResult{}
 )
 
+type chefAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user *user_model.User
+}
+
+func (r *chefAuthenticationResult) User() *user_model.User {
+	return r.user
+}
+
 // Documentation:
 // https://docs.chef.io/server/api_chef_server/#required-headers
 // https://github.com/chef-boneyard/chef-rfc/blob/master/rfc065-sign-v1.3.md
@@ -55,13 +65,13 @@ func (a *Auth) Name() string {
 
 // Verify extracts the user from the signed request
 // If the request is signed with the user private key the user is verified.
-func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
 	u, err := getUserFromRequest(req)
 	if err != nil {
 		return nil, err
 	}
 	if u == nil {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	pub, err := getUserPublicKey(req.Context(), u)
@@ -82,7 +92,7 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
 		return nil, err
 	}
 
-	return u, nil
+	return &chefAuthenticationResult{user: u}, nil
 }
 
 func getUserFromRequest(req *http.Request) (*user_model.User, error) {
diff --git a/routers/api/packages/conan/auth.go b/routers/api/packages/conan/auth.go
index 1f5af77304..df0283167f 100644
--- a/routers/api/packages/conan/auth.go
+++ b/routers/api/packages/conan/auth.go
@@ -6,13 +6,32 @@ package conan
 import (
 	"net/http"
 
+	auth_model "forgejo.org/models/auth"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/services/auth"
 	"forgejo.org/services/packages"
 )
 
-var _ auth.Method = &Auth{}
+var (
+	_ auth.Method               = &Auth{}
+	_ auth.AuthenticationResult = &conanAuthenticationResult{}
+)
+
+type conanAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user  *user_model.User
+	scope optional.Option[auth_model.AccessTokenScope]
+}
+
+func (r *conanAuthenticationResult) Scope() optional.Option[auth_model.AccessTokenScope] {
+	return r.scope
+}
+
+func (r *conanAuthenticationResult) User() *user_model.User {
+	return r.user
+}
 
 type Auth struct{}
 
@@ -21,7 +40,7 @@ func (a *Auth) Name() string {
 }
 
 // Verify extracts the user from the Bearer token
-func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
 	uid, scope, err := packages.ParseAuthorizationToken(req)
 	if err != nil {
 		log.Trace("ParseAuthorizationToken: %v", err)
@@ -29,13 +48,13 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
 	}
 
 	if uid == 0 {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	// Propagate scope of the authorization token.
+	authScope := optional.None[auth_model.AccessTokenScope]()
 	if scope != "" {
-		store.GetData()["IsApiToken"] = true
-		store.GetData()["ApiTokenScope"] = scope
+		authScope = optional.Some(scope)
 	}
 
 	u, err := user_model.GetUserByID(req.Context(), uid)
@@ -44,5 +63,5 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
 		return nil, err
 	}
 
-	return u, nil
+	return &conanAuthenticationResult{user: u, scope: authScope}, nil
 }
diff --git a/routers/api/packages/conan/conan.go b/routers/api/packages/conan/conan.go
index 3a95a883c5..cc894aec2f 100644
--- a/routers/api/packages/conan/conan.go
+++ b/routers/api/packages/conan/conan.go
@@ -11,7 +11,6 @@ import (
 	"strings"
 	"time"
 
-	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	packages_model "forgejo.org/models/packages"
 	conan_model "forgejo.org/models/packages/conan"
@@ -119,7 +118,7 @@ func Authenticate(ctx *context.Context) {
 	}
 
 	// If there's an API scope, ensure it propagates.
-	scope, _ := ctx.Data.GetData()["ApiTokenScope"].(auth_model.AccessTokenScope)
+	scope := ctx.Authentication.Scope().ValueOrZeroValue()
 
 	token, err := packages_service.CreateAuthorizationToken(ctx.Doer, scope)
 	if err != nil {
diff --git a/routers/api/packages/container/auth.go b/routers/api/packages/container/auth.go
index 71c237326e..67310de948 100644
--- a/routers/api/packages/container/auth.go
+++ b/routers/api/packages/container/auth.go
@@ -6,13 +6,32 @@ package container
 import (
 	"net/http"
 
+	auth_model "forgejo.org/models/auth"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/services/auth"
 	"forgejo.org/services/packages"
 )
 
-var _ auth.Method = &Auth{}
+var (
+	_ auth.Method               = &Auth{}
+	_ auth.AuthenticationResult = &containerAuthenticationResult{}
+)
+
+type containerAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user  *user_model.User
+	scope optional.Option[auth_model.AccessTokenScope]
+}
+
+func (r *containerAuthenticationResult) Scope() optional.Option[auth_model.AccessTokenScope] {
+	return r.scope
+}
+
+func (r *containerAuthenticationResult) User() *user_model.User {
+	return r.user
+}
 
 type Auth struct{}
 
@@ -22,7 +41,7 @@ func (a *Auth) Name() string {
 
 // Verify extracts the user from the Bearer token
 // If it's an anonymous session a ghost user is returned
-func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
 	uid, scope, err := packages.ParseAuthorizationToken(req)
 	if err != nil {
 		log.Trace("ParseAuthorizationToken: %v", err)
@@ -30,13 +49,13 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
 	}
 
 	if uid == 0 {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	// Propagate scope of the authorization token.
+	authScope := optional.None[auth_model.AccessTokenScope]()
 	if scope != "" {
-		store.GetData()["IsApiToken"] = true
-		store.GetData()["ApiTokenScope"] = scope
+		authScope = optional.Some(scope)
 	}
 
 	u, err := user_model.GetPossibleUserByID(req.Context(), uid)
@@ -45,5 +64,5 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
 		return nil, err
 	}
 
-	return u, nil
+	return &containerAuthenticationResult{user: u, scope: authScope}, nil
 }
diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go
index 6781f511c8..eb81773b4c 100644
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@@ -13,7 +13,6 @@ import (
 	"regexp"
 	"strconv"
 
-	auth_model "forgejo.org/models/auth"
 	packages_model "forgejo.org/models/packages"
 	container_model "forgejo.org/models/packages/container"
 	user_model "forgejo.org/models/user"
@@ -158,7 +157,7 @@ func Authenticate(ctx *context.Context) {
 	}
 
 	// If there's an API scope, ensure it propagates.
-	scope, _ := ctx.Data["ApiTokenScope"].(auth_model.AccessTokenScope)
+	scope := ctx.Authentication.Scope().ValueOrZeroValue()
 
 	token, err := packages_service.CreateAuthorizationToken(u, scope)
 	if err != nil {
diff --git a/routers/api/packages/nuget/auth.go b/routers/api/packages/nuget/auth.go
index 139f84a0c6..c33799734c 100644
--- a/routers/api/packages/nuget/auth.go
+++ b/routers/api/packages/nuget/auth.go
@@ -12,6 +12,20 @@ import (
 	"forgejo.org/services/auth"
 )
 
+var (
+	_ auth.Method               = &Auth{}
+	_ auth.AuthenticationResult = &nugetAuthenticationResult{}
+)
+
+type nugetAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user *user_model.User
+}
+
+func (r *nugetAuthenticationResult) User() *user_model.User {
+	return r.user
+}
+
 var _ auth.Method = &Auth{}
 
 type Auth struct{}
@@ -21,14 +35,14 @@ func (a *Auth) Name() string {
 }
 
 // https://docs.microsoft.com/en-us/nuget/api/package-publish-resource#request-parameters
-func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataStore, sess auth.SessionStore) (*user_model.User, error) {
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
 	token, err := auth_model.GetAccessTokenBySHA(req.Context(), req.Header.Get("X-NuGet-ApiKey"))
 	if err != nil {
 		if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
 			log.Error("GetAccessTokenBySHA: %v", err)
 			return nil, err
 		}
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	u, err := user_model.GetUserByID(req.Context(), token.UID)
@@ -41,5 +55,5 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, store auth.DataS
 		log.Error("UpdateLastUsed:  %v", err)
 	}
 
-	return u, nil
+	return &nugetAuthenticationResult{user: u}, nil
 }
diff --git a/routers/api/shared/middleware.go b/routers/api/shared/middleware.go
index f657dae026..7e935970ec 100644
--- a/routers/api/shared/middleware.go
+++ b/routers/api/shared/middleware.go
@@ -4,6 +4,7 @@
 package shared
 
 import (
+	"errors"
 	"fmt"
 	"net/http"
 
@@ -12,6 +13,7 @@ import (
 	"forgejo.org/modules/setting"
 	"forgejo.org/routers/common"
 	"forgejo.org/services/auth"
+	auth_method "forgejo.org/services/auth/method"
 	"forgejo.org/services/authz"
 	"forgejo.org/services/context"
 
@@ -43,14 +45,14 @@ func Middlewares() (stack []any) {
 	)
 }
 
-func buildAuthGroup() *auth.Group {
-	group := auth.NewGroup(
-		&auth.OAuth2{},
-		&auth.HTTPSign{},
-		&auth.Basic{}, // FIXME: this should be removed once we don't allow basic auth in API
+func buildAuthGroup() *auth_method.Group {
+	group := auth_method.NewGroup(
+		&auth_method.OAuth2{},
+		&auth_method.HTTPSign{},
+		&auth_method.Basic{}, // FIXME: this should be removed once we don't allow basic auth in API
 	)
 	if setting.Service.EnableReverseProxyAuthAPI {
-		group.Add(&auth.ReverseProxy{})
+		group.Add(&auth_method.ReverseProxy{})
 	}
 
 	return group
@@ -63,15 +65,18 @@ func apiAuthentication(authMethod auth.Method) func(*context.APIContext) {
 			ctx.Error(http.StatusUnauthorized, "APIAuth", err)
 			return
 		}
-		ctx.Doer = ar.Doer
-		ctx.IsSigned = ar.Doer != nil
-		ctx.IsBasicAuth = ar.IsBasicAuth
+		if ar == nil {
+			ctx.Error(http.StatusInternalServerError, "apiAuthentication nil authentication result", errors.New("nil authentication result"))
+			return
+		}
+		ctx.Doer = ar.User()
+		ctx.IsSigned = ctx.Doer != nil
+		ctx.Authentication = ar
 	}
 }
 
 func apiAuthorization(ctx *context.APIContext) {
-	scope, scopeExists := ctx.Data["ApiTokenScope"].(auth_model.AccessTokenScope)
-	if scopeExists {
+	if hasScope, scope := ctx.Authentication.Scope().Get(); hasScope {
 		publicOnly, err := scope.PublicOnly()
 		if err != nil {
 			ctx.Error(http.StatusForbidden, "tokenRequiresScope", "parsing public resource scope failed: "+err.Error())
@@ -80,13 +85,13 @@ func apiAuthorization(ctx *context.APIContext) {
 		ctx.PublicOnly = publicOnly
 	}
 
-	reducer, reducerExists := ctx.Data["ApiTokenReducer"].(authz.AuthorizationReducer)
-	if reducerExists {
+	reducer := ctx.Authentication.Reducer()
+	if reducer != nil {
 		ctx.Reducer = reducer
 	} else {
-		// No "ApiTokenReducer" will be populated if the auth method wasn't an PAT.  In this case, we populate
-		// `ctx.Reducer` so no nil checks are needed, and we respect the scope `PublicOnly()` so that it it's safe to
-		// just rely on `ctx.Reducer` to account for public-only access:
+		// No Reducer will be populated if the auth method wasn't an PAT.  In this case, we populate `ctx.Reducer` so no
+		// nil checks are needed, and we respect the scope `PublicOnly()` so that it it's safe to just rely on
+		// `ctx.Reducer` to account for public-only access:
 		if ctx.PublicOnly {
 			ctx.Reducer = &authz.PublicReposAuthorizationReducer{}
 		} else {
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 715aa9003b..8910babc29 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -85,7 +85,6 @@ import (
 	"forgejo.org/routers/api/v1/settings"
 	"forgejo.org/routers/api/v1/user"
 	"forgejo.org/services/actions"
-	"forgejo.org/services/auth"
 	"forgejo.org/services/context"
 	"forgejo.org/services/forms"
 	redirect_service "forgejo.org/services/redirect"
@@ -180,8 +179,8 @@ func repoAssignment() func(ctx *context.APIContext) {
 		repo.Owner = owner
 		ctx.Repo.Repository = repo
 
-		if ctx.Doer != nil && ctx.Doer.ID == user_model.ActionsUserID {
-			taskID := ctx.Data["ActionsTaskID"].(int64)
+		if ctx.Doer != nil && ctx.Doer.ID == user_model.ActionsUserID && ctx.Authentication.ActionsTaskID().Has() {
+			_, taskID := ctx.Authentication.ActionsTaskID().Get()
 			task, err := actions_model.GetTaskByID(ctx, taskID)
 			if err != nil {
 				ctx.Error(http.StatusInternalServerError, "actions_model.GetTaskByID", err)
@@ -330,8 +329,8 @@ func tokenRequiresScopes(requiredScopeCategories ...auth_model.AccessTokenScopeC
 		}
 
 		// Need OAuth2 token to be present.
-		scope, scopeExists := ctx.Data["ApiTokenScope"].(auth_model.AccessTokenScope)
-		if ctx.Data["IsApiToken"] != true || !scopeExists {
+		hasScope, scope := ctx.Authentication.Scope().Get()
+		if !hasScope {
 			return
 		}
 
@@ -372,7 +371,7 @@ func tokenRequiresRepoOwnerScope(ctx *context.APIContext) {
 func reqToken() func(ctx *context.APIContext) {
 	return func(ctx *context.APIContext) {
 		// If actions token is present
-		if true == ctx.Data["IsActionsToken"] {
+		if ctx.Authentication.ActionsTaskID().Has() {
 			return
 		}
 
@@ -401,13 +400,13 @@ func reqUsersExploreEnabled() func(ctx *context.APIContext) {
 
 func reqBasicOrRevProxyAuth() func(ctx *context.APIContext) {
 	return func(ctx *context.APIContext) {
-		if ctx.IsSigned && setting.Service.EnableReverseProxyAuthAPI && ctx.Data["AuthedMethod"].(string) == auth.ReverseProxyMethodName {
+		if ctx.IsSigned && setting.Service.EnableReverseProxyAuthAPI && ctx.Authentication.IsReverseProxyAuthentication() {
 			return
 		}
 
 		// Require basic authorization method to be used and that basic
 		// authorization used password login to verify the user.
-		if passwordLogin, ok := ctx.Data["IsPasswordLogin"].(bool); !ok || !passwordLogin {
+		if !ctx.Authentication.IsPasswordAuthentication() {
 			ctx.Error(http.StatusUnauthorized, "reqBasicAuth", "auth method not allowed")
 			return
 		}
diff --git a/routers/common/auth.go b/routers/common/auth.go
index d4b3b1fea7..014db93dad 100644
--- a/routers/common/auth.go
+++ b/routers/common/auth.go
@@ -4,32 +4,30 @@
 package common
 
 import (
-	user_model "forgejo.org/models/user"
+	"errors"
+
 	"forgejo.org/modules/web/middleware"
 	auth_service "forgejo.org/services/auth"
 	"forgejo.org/services/context"
 )
 
-type AuthResult struct {
-	Doer        *user_model.User
-	IsBasicAuth bool
-}
-
-func AuthShared(ctx *context.Base, sessionStore auth_service.SessionStore, authMethod auth_service.Method) (ar AuthResult, err error) {
-	ar.Doer, err = authMethod.Verify(ctx.Req, ctx.Resp, ctx, sessionStore)
+func AuthShared(ctx *context.Base, sessionStore auth_service.SessionStore, authMethod auth_service.Method) (ar auth_service.AuthenticationResult, err error) {
+	ar, err = authMethod.Verify(ctx.Req, ctx.Resp, sessionStore)
 	if err != nil {
 		return ar, err
 	}
-	if ar.Doer != nil {
-		if ctx.Locale.Language() != ar.Doer.Language {
+	if ar == nil {
+		return nil, errors.New("failure to retrieve AuthenticationResult - nil value")
+	}
+	doer := ar.User()
+	if doer != nil {
+		if ctx.Locale.Language() != doer.Language {
 			ctx.Locale = middleware.Locale(ctx.Resp, ctx.Req)
 		}
-		ar.IsBasicAuth = ctx.Data["AuthedMethod"].(string) == auth_service.BasicMethodName
-
 		ctx.Data["IsSigned"] = true
-		ctx.Data[middleware.ContextDataKeySignedUser] = ar.Doer
-		ctx.Data["SignedUserID"] = ar.Doer.ID
-		ctx.Data["IsAdmin"] = ar.Doer.IsAdmin
+		ctx.Data[middleware.ContextDataKeySignedUser] = doer
+		ctx.Data["SignedUserID"] = doer.ID
+		ctx.Data["IsAdmin"] = doer.IsAdmin
 	} else {
 		ctx.Data["IsSigned"] = false
 		ctx.Data["SignedUserID"] = int64(0)
diff --git a/routers/init.go b/routers/init.go
index adea646672..26cf0ace3e 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -33,7 +33,7 @@ import (
 	"forgejo.org/routers/private"
 	web_routers "forgejo.org/routers/web"
 	actions_service "forgejo.org/services/actions"
-	"forgejo.org/services/auth"
+	auth_method "forgejo.org/services/auth/method"
 	"forgejo.org/services/auth/source/oauth2"
 	"forgejo.org/services/automerge"
 	"forgejo.org/services/cron"
@@ -160,7 +160,7 @@ func InitWebInstalled(ctx context.Context) {
 
 	mustInitCtx(ctx, ssh.Init)
 
-	auth.Init()
+	auth_method.Init()
 	mustInit(svg.Init)
 
 	actions_service.Init()
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index e9312b3060..97b5ccbe6b 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -28,6 +28,7 @@ import (
 	"forgejo.org/modules/web"
 	"forgejo.org/modules/web/middleware"
 	auth_service "forgejo.org/services/auth"
+	auth_method "forgejo.org/services/auth/method"
 	"forgejo.org/services/auth/source/oauth2"
 	"forgejo.org/services/context"
 	"forgejo.org/services/externalaccount"
@@ -213,7 +214,7 @@ func SignInPost(ctx *context.Context) {
 		}
 	}
 
-	u, source, err := auth_service.UserSignIn(ctx, form.UserName, form.Password)
+	u, source, err := auth_method.UserSignIn(ctx, form.UserName, form.Password)
 	if err != nil {
 		if errors.Is(err, util.ErrNotExist) || errors.Is(err, util.ErrInvalidArgument) {
 			ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form)
diff --git a/routers/web/auth/linkaccount.go b/routers/web/auth/linkaccount.go
index d2cb0d29c7..e212ec58b2 100644
--- a/routers/web/auth/linkaccount.go
+++ b/routers/web/auth/linkaccount.go
@@ -16,7 +16,7 @@ import (
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
-	auth_service "forgejo.org/services/auth"
+	auth_method "forgejo.org/services/auth/method"
 	"forgejo.org/services/auth/source/oauth2"
 	"forgejo.org/services/context"
 	"forgejo.org/services/externalaccount"
@@ -128,7 +128,7 @@ func LinkAccountPostSignIn(ctx *context.Context) {
 		return
 	}
 
-	u, _, err := auth_service.UserSignIn(ctx, signInForm.UserName, signInForm.Password)
+	u, _, err := auth_method.UserSignIn(ctx, signInForm.UserName, signInForm.Password)
 	if err != nil {
 		handleSignInError(ctx, signInForm.UserName, &signInForm, tplLinkAccount, "UserLinkAccount", err)
 		return
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index eba2b441c4..dae71dd377 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -33,7 +33,7 @@ import (
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
 	"forgejo.org/modules/web/middleware"
-	auth_service "forgejo.org/services/auth"
+	auth_method "forgejo.org/services/auth/method"
 	source_service "forgejo.org/services/auth/source"
 	"forgejo.org/services/auth/source/oauth2"
 	"forgejo.org/services/context"
@@ -294,7 +294,7 @@ func ifOnlyPublicGroups(scopes string) bool {
 
 // InfoOAuth manages request for userinfo endpoint
 func InfoOAuth(ctx *context.Context) {
-	if ctx.Doer == nil || ctx.Data["AuthedMethod"] != (&auth_service.OAuth2{}).Name() {
+	if ctx.Doer == nil || !ctx.Authentication.IsOAuth2JWTAuthentication() {
 		ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm=""`)
 		ctx.PlainText(http.StatusUnauthorized, "no valid authorization")
 		return
@@ -316,7 +316,7 @@ func InfoOAuth(ctx *context.Context) {
 		}
 	}
 
-	_, grantScopes := auth_service.CheckOAuthAccessToken(ctx, token)
+	_, grantScopes := auth_method.CheckOAuthAccessToken(ctx, token)
 	onlyPublicGroups := ifOnlyPublicGroups(grantScopes)
 
 	groups, err := getOAuthGroupsForUser(ctx, ctx.Doer, onlyPublicGroups)
diff --git a/routers/web/auth/openid.go b/routers/web/auth/openid.go
index b2c4f3b68e..a15bf234c0 100644
--- a/routers/web/auth/openid.go
+++ b/routers/web/auth/openid.go
@@ -18,6 +18,7 @@ import (
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/web"
 	"forgejo.org/services/auth"
+	auth_method "forgejo.org/services/auth/method"
 	"forgejo.org/services/context"
 	"forgejo.org/services/forms"
 )
@@ -266,7 +267,7 @@ func ConnectOpenIDPost(ctx *context.Context) {
 	ctx.Data["EnableOpenIDSignUp"] = setting.Service.EnableOpenIDSignUp
 	ctx.Data["OpenID"] = oid
 
-	u, source, err := auth.UserSignIn(ctx, form.UserName, form.Password)
+	u, source, err := auth_method.UserSignIn(ctx, form.UserName, form.Password)
 	if err != nil {
 		handleSignInError(ctx, form.UserName, &form, tplConnectOID, "ConnectOpenIDPost", err)
 		return
diff --git a/routers/web/repo/githttp.go b/routers/web/repo/githttp.go
index de05d99a3e..936b108281 100644
--- a/routers/web/repo/githttp.go
+++ b/routers/web/repo/githttp.go
@@ -158,7 +158,7 @@ func httpBase(ctx *context.Context) *serviceHandler {
 			return nil
 		}
 
-		if ctx.IsBasicAuth && ctx.Data["IsApiToken"] != true && ctx.Data["IsActionsToken"] != true {
+		if ctx.Authentication.IsPasswordAuthentication() {
 			_, err = auth_model.GetTwoFactorByUID(ctx, ctx.Doer.ID)
 			if err == nil {
 				// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
@@ -187,8 +187,7 @@ func httpBase(ctx *context.Context) *serviceHandler {
 			// Because of special ref "refs/for" .. , need delay write permission check
 			accessMode = perm.AccessModeRead
 
-			if ctx.Data["IsActionsToken"] == true {
-				taskID := ctx.Data["ActionsTaskID"].(int64)
+			if hasTaskID, taskID := ctx.Authentication.ActionsTaskID().Get(); hasTaskID {
 				task, err := actions_model.GetTaskByID(ctx, taskID)
 				if err != nil {
 					ctx.ServerError("GetTaskByID", err)
diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go
index 5b0e8b4970..b84ef51940 100644
--- a/routers/web/user/setting/account.go
+++ b/routers/web/user/setting/account.go
@@ -19,7 +19,7 @@ import (
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/validation"
 	"forgejo.org/modules/web"
-	"forgejo.org/services/auth"
+	auth_method "forgejo.org/services/auth/method"
 	"forgejo.org/services/auth/source/db"
 	"forgejo.org/services/auth/source/smtp"
 	"forgejo.org/services/context"
@@ -274,7 +274,7 @@ func DeleteAccount(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsAccount"] = true
 
-	if _, _, err := auth.UserSignIn(ctx, ctx.Doer.Name, ctx.FormString("password")); err != nil {
+	if _, _, err := auth_method.UserSignIn(ctx, ctx.Doer.Name, ctx.FormString("password")); err != nil {
 		switch {
 		case user_model.IsErrUserNotExist(err):
 			loadAccountData(ctx)
diff --git a/routers/web/web.go b/routers/web/web.go
index 766c39fa57..492a578259 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -48,6 +48,7 @@ import (
 	user_setting "forgejo.org/routers/web/user/setting"
 	"forgejo.org/routers/web/user/setting/security"
 	auth_service "forgejo.org/services/auth"
+	auth_method "forgejo.org/services/auth/method"
 	"forgejo.org/services/context"
 	"forgejo.org/services/forms"
 	"forgejo.org/services/lfs"
@@ -104,15 +105,15 @@ func optionsCorsHandler() func(next http.Handler) http.Handler {
 //
 // The Session plugin is expected to be executed second, in order to skip authentication
 // for users that have already signed in.
-func buildAuthGroup() *auth_service.Group {
-	group := auth_service.NewGroup()
-	group.Add(&auth_service.OAuth2{}) // FIXME: this should be removed and only applied in download and oauth related routers
-	group.Add(&auth_service.Basic{})  // FIXME: this should be removed and only applied in download and git/lfs routers
+func buildAuthGroup() *auth_method.Group {
+	group := auth_method.NewGroup()
+	group.Add(&auth_method.OAuth2{}) // FIXME: this should be removed and only applied in download and oauth related routers
+	group.Add(&auth_method.Basic{})  // FIXME: this should be removed and only applied in download and git/lfs routers
 
 	if setting.Service.EnableReverseProxyAuth {
-		group.Add(&auth_service.ReverseProxy{}) // reverseproxy should before Session, otherwise the header will be ignored if user has login
+		group.Add(&auth_method.ReverseProxy{}) // reverseproxy should before Session, otherwise the header will be ignored if user has login
 	}
-	group.Add(&auth_service.Session{})
+	group.Add(&auth_method.Session{})
 
 	return group
 }
@@ -125,9 +126,13 @@ func webAuth(authMethod auth_service.Method) func(*context.Context) {
 			ctx.Error(http.StatusUnauthorized, ctx.Locale.TrString("auth.unauthorized_credentials", "https://codeberg.org/forgejo/forgejo/issues/2809"))
 			return
 		}
-		ctx.Doer = ar.Doer
-		ctx.IsSigned = ar.Doer != nil
-		ctx.IsBasicAuth = ar.IsBasicAuth
+		if ar == nil {
+			ctx.Error(http.StatusInternalServerError, "webAuth nil authentication result")
+			return
+		}
+		ctx.Doer = ar.User()
+		ctx.IsSigned = ar.User() != nil
+		ctx.Authentication = ar
 		if ctx.Doer == nil {
 			// ensure the session uid is deleted
 			_ = ctx.Session.Delete("uid")
diff --git a/services/auth/interface.go b/services/auth/interface.go
index 12b04a7abf..73cbe5403f 100644
--- a/services/auth/interface.go
+++ b/services/auth/interface.go
@@ -7,9 +7,12 @@ import (
 	"context"
 	"net/http"
 
+	auth_model "forgejo.org/models/auth"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/session"
 	"forgejo.org/modules/web/middleware"
+	"forgejo.org/services/authz"
 )
 
 // DataStore represents a data store
@@ -20,15 +23,11 @@ type SessionStore session.Store
 
 // Method represents an authentication method (plugin) for HTTP requests.
 type Method interface {
-	// Verify tries to verify the authentication data contained in the request.
-	// If verification is successful returns either an existing user object (with id > 0)
-	// or a new user object (with id = 0) populated with the information that was found
-	// in the authentication data (username or email).
-	// Second argument returns err if verification fails, otherwise
-	// First return argument returns nil if no matched verification condition
-	Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)
-
-	Name() string
+	// Verify tries to verify the authentication data contained in the request. If verification is successful returns an
+	// AuthenticationResult implementation with details about the authentication, or, may return an
+	// AnonymousAuthentication if the authentication method doesn't indicate that the request is authenticated. An error
+	// is only returned if a failure occurred while checking authentication.
+	Verify(http *http.Request, w http.ResponseWriter, sess SessionStore) (AuthenticationResult, error)
 }
 
 // PasswordAuthenticator represents a source of authentication
@@ -45,3 +44,62 @@ type LocalTwoFASkipper interface {
 type SynchronizableSource interface {
 	Sync(ctx context.Context, updateExisting bool) error
 }
+
+type AuthenticationResult interface {
+	// May return `nil` to represent an anonymous, unauthenticated user.
+	User() *user_model.User
+
+	// Optional permission scope indicated by the authentication method
+	Scope() optional.Option[auth_model.AccessTokenScope]
+	// Optional authorization reducer indicated by the authentication method
+	Reducer() authz.AuthorizationReducer
+
+	// Identifies if the authentication involved the user's password. If so, and the user has 2FA enabled, some
+	// restrictions may be applied.
+	IsPasswordAuthentication() bool
+
+	// Identifies if the authentication was performed by a reverse proxy.
+	IsReverseProxyAuthentication() bool
+
+	// Identifies specifically that the OAuth2 JWT authentication method was used. If so, some related OAuth2 API
+	// endpoints may be accessible that otherwise wouldn't be.
+	IsOAuth2JWTAuthentication() bool
+
+	// If authenticated as an Actions task (using ${{ forgejo.token }}), then indicates the specific task that performed
+	// the authentication.
+	ActionsTaskID() optional.Option[int64]
+}
+
+type BaseAuthenticationResult struct{}
+
+func (*BaseAuthenticationResult) IsOAuth2JWTAuthentication() bool {
+	return false
+}
+
+func (*BaseAuthenticationResult) IsPasswordAuthentication() bool {
+	return false
+}
+
+func (*BaseAuthenticationResult) IsReverseProxyAuthentication() bool {
+	return false
+}
+
+func (*BaseAuthenticationResult) ActionsTaskID() optional.Option[int64] {
+	return optional.None[int64]()
+}
+
+func (*BaseAuthenticationResult) Reducer() authz.AuthorizationReducer {
+	return nil
+}
+
+func (*BaseAuthenticationResult) Scope() optional.Option[auth_model.AccessTokenScope] {
+	return optional.None[auth_model.AccessTokenScope]()
+}
+
+type UnauthenticatedResult struct {
+	*BaseAuthenticationResult
+}
+
+func (*UnauthenticatedResult) User() *user_model.User {
+	return nil
+}
diff --git a/services/auth/additional_scopes_test.go b/services/auth/method/additional_scopes_test.go
similarity index 98%
rename from services/auth/additional_scopes_test.go
rename to services/auth/method/additional_scopes_test.go
index 9ab4e6e61f..2ed8af4b03 100644
--- a/services/auth/additional_scopes_test.go
+++ b/services/auth/method/additional_scopes_test.go
@@ -1,4 +1,4 @@
-package auth
+package method
 
 import (
 	"testing"
diff --git a/services/auth/auth.go b/services/auth/method/auth.go
similarity index 97%
rename from services/auth/auth.go
rename to services/auth/method/auth.go
index 14d78cdbc0..b2e89d51e9 100644
--- a/services/auth/auth.go
+++ b/services/auth/method/auth.go
@@ -2,7 +2,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package auth
+package method
 
 import (
 	"fmt"
@@ -17,6 +17,7 @@ import (
 	"forgejo.org/modules/session"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/web/middleware"
+	"forgejo.org/services/auth"
 	user_service "forgejo.org/services/user"
 )
 
@@ -63,7 +64,7 @@ func isArchivePath(req *http.Request) bool {
 }
 
 // handleSignIn clears existing session variables and stores new ones for the specified user object
-func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore, user *user_model.User) {
+func handleSignIn(resp http.ResponseWriter, req *http.Request, sess auth.SessionStore, user *user_model.User) {
 	// We need to regenerate the session...
 	newSess, err := session.RegenerateSession(resp, req)
 	if err != nil {
diff --git a/services/auth/method/auth_result_accesstoken.go b/services/auth/method/auth_result_accesstoken.go
new file mode 100644
index 0000000000..74b659c548
--- /dev/null
+++ b/services/auth/method/auth_result_accesstoken.go
@@ -0,0 +1,33 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	auth_model "forgejo.org/models/auth"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/optional"
+	"forgejo.org/services/auth"
+	"forgejo.org/services/authz"
+)
+
+var _ auth.AuthenticationResult = &accessTokenAuthenticationResult{}
+
+type accessTokenAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user    *user_model.User
+	scope   auth_model.AccessTokenScope
+	reducer authz.AuthorizationReducer
+}
+
+func (r *accessTokenAuthenticationResult) User() *user_model.User {
+	return r.user
+}
+
+func (r *accessTokenAuthenticationResult) Scope() optional.Option[auth_model.AccessTokenScope] {
+	return optional.Some(r.scope)
+}
+
+func (r *accessTokenAuthenticationResult) Reducer() authz.AuthorizationReducer {
+	return r.reducer
+}
diff --git a/services/auth/method/auth_result_actionstask.go b/services/auth/method/auth_result_actionstask.go
new file mode 100644
index 0000000000..b6a9dd1287
--- /dev/null
+++ b/services/auth/method/auth_result_actionstask.go
@@ -0,0 +1,31 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	auth_model "forgejo.org/models/auth"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/optional"
+	"forgejo.org/services/auth"
+)
+
+var _ auth.AuthenticationResult = &actionsTaskTokenAuthenticationResult{}
+
+type actionsTaskTokenAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user   *user_model.User
+	taskID int64
+}
+
+func (r *actionsTaskTokenAuthenticationResult) Scope() optional.Option[auth_model.AccessTokenScope] {
+	return optional.None[auth_model.AccessTokenScope]()
+}
+
+func (r *actionsTaskTokenAuthenticationResult) User() *user_model.User {
+	return r.user
+}
+
+func (r *actionsTaskTokenAuthenticationResult) ActionsTaskID() optional.Option[int64] {
+	return optional.Some(r.taskID)
+}
diff --git a/services/auth/method/auth_result_basicpassword.go b/services/auth/method/auth_result_basicpassword.go
new file mode 100644
index 0000000000..3364046cea
--- /dev/null
+++ b/services/auth/method/auth_result_basicpassword.go
@@ -0,0 +1,24 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	user_model "forgejo.org/models/user"
+	"forgejo.org/services/auth"
+)
+
+var _ auth.AuthenticationResult = &basicPaswordAuthenticationResult{}
+
+type basicPaswordAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user *user_model.User
+}
+
+func (*basicPaswordAuthenticationResult) IsPasswordAuthentication() bool {
+	return true
+}
+
+func (r *basicPaswordAuthenticationResult) User() *user_model.User {
+	return r.user
+}
diff --git a/services/auth/method/auth_result_httpsign.go b/services/auth/method/auth_result_httpsign.go
new file mode 100644
index 0000000000..eb6fef7a14
--- /dev/null
+++ b/services/auth/method/auth_result_httpsign.go
@@ -0,0 +1,20 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	user_model "forgejo.org/models/user"
+	"forgejo.org/services/auth"
+)
+
+var _ auth.AuthenticationResult = &httpSignAuthenticationResult{}
+
+type httpSignAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user *user_model.User
+}
+
+func (r *httpSignAuthenticationResult) User() *user_model.User {
+	return r.user
+}
diff --git a/services/auth/method/auth_result_oauth.go b/services/auth/method/auth_result_oauth.go
new file mode 100644
index 0000000000..ce451e6459
--- /dev/null
+++ b/services/auth/method/auth_result_oauth.go
@@ -0,0 +1,31 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	auth_model "forgejo.org/models/auth"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/optional"
+	"forgejo.org/services/auth"
+)
+
+var _ auth.AuthenticationResult = &oAuth2JWTAuthenticationResult{}
+
+type oAuth2JWTAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user  *user_model.User
+	scope optional.Option[auth_model.AccessTokenScope]
+}
+
+func (*oAuth2JWTAuthenticationResult) IsOAuth2JWTAuthentication() bool {
+	return true
+}
+
+func (r *oAuth2JWTAuthenticationResult) User() *user_model.User {
+	return r.user
+}
+
+func (r *oAuth2JWTAuthenticationResult) Scope() optional.Option[auth_model.AccessTokenScope] {
+	return r.scope
+}
diff --git a/services/auth/method/auth_result_reverseproxy.go b/services/auth/method/auth_result_reverseproxy.go
new file mode 100644
index 0000000000..cf575330e6
--- /dev/null
+++ b/services/auth/method/auth_result_reverseproxy.go
@@ -0,0 +1,24 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	user_model "forgejo.org/models/user"
+	"forgejo.org/services/auth"
+)
+
+var _ auth.AuthenticationResult = &reverseProxyAuthenticationResult{}
+
+type reverseProxyAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user *user_model.User
+}
+
+func (r *reverseProxyAuthenticationResult) User() *user_model.User {
+	return r.user
+}
+
+func (*reverseProxyAuthenticationResult) IsReverseProxyAuthentication() bool {
+	return true
+}
diff --git a/services/auth/method/auth_result_session.go b/services/auth/method/auth_result_session.go
new file mode 100644
index 0000000000..71c591dacd
--- /dev/null
+++ b/services/auth/method/auth_result_session.go
@@ -0,0 +1,20 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	user_model "forgejo.org/models/user"
+	"forgejo.org/services/auth"
+)
+
+var _ auth.AuthenticationResult = &sessionAuthenticationResult{}
+
+type sessionAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user *user_model.User
+}
+
+func (r *sessionAuthenticationResult) User() *user_model.User {
+	return r.user
+}
diff --git a/services/auth/auth_test.go b/services/auth/method/auth_test.go
similarity index 99%
rename from services/auth/auth_test.go
rename to services/auth/method/auth_test.go
index 82308402d2..6e686feab8 100644
--- a/services/auth/auth_test.go
+++ b/services/auth/method/auth_test.go
@@ -2,7 +2,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package auth
+package method
 
 import (
 	"net/http"
diff --git a/services/auth/basic.go b/services/auth/method/basic.go
similarity index 81%
rename from services/auth/basic.go
rename to services/auth/method/basic.go
index 502d806a12..5b551135be 100644
--- a/services/auth/basic.go
+++ b/services/auth/method/basic.go
@@ -2,7 +2,7 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package auth
+package method
 
 import (
 	"errors"
@@ -14,48 +14,42 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/base"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web/middleware"
+	"forgejo.org/services/auth"
 	"forgejo.org/services/authz"
 )
 
 // Ensure the struct implements the interface.
 var (
-	_ Method = &Basic{}
+	_ auth.Method = &Basic{}
 )
 
-// BasicMethodName is the constant name of the basic authentication method
-const BasicMethodName = "basic"
-
 // Basic implements the Auth interface and authenticates requests (API requests
 // only) by looking for Basic authentication data or "x-oauth-basic" token in the "Authorization"
 // header.
 type Basic struct{}
 
-// Name represents the name of auth method
-func (b *Basic) Name() string {
-	return BasicMethodName
-}
-
 // Verify extracts and validates Basic data (username and password/token) from the
 // "Authorization" header of the request and returns the corresponding user object for that
 // name/token on successful validation.
 // Returns nil if header is empty or validation fails.
-func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
+func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) (auth.AuthenticationResult, error) {
 	// Basic authentication should only fire on API, Download or on Git or LFSPaths
 	if !middleware.IsAPIPath(req) && !isContainerPath(req) && !isAttachmentDownload(req) && !isGitRawOrAttachOrLFSPath(req) {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	baHead := req.Header.Get("Authorization")
 	if len(baHead) == 0 {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	auths := strings.SplitN(baHead, " ", 2)
 	if len(auths) != 2 || (strings.ToLower(auths[0]) != "basic") {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	uname, passwd, _ := base.BasicAuthDecode(auths[1])
@@ -83,13 +77,13 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 			return nil, err
 		}
 
-		store.GetData()["IsApiToken"] = true
+		var scope auth_model.AccessTokenScope
 		if grantScopes != "" {
-			store.GetData()["ApiTokenScope"] = auth_model.AccessTokenScope(grantScopes)
+			scope = auth_model.AccessTokenScope(grantScopes)
 		} else {
-			store.GetData()["ApiTokenScope"] = auth_model.AccessTokenScopeAll // fallback to all
+			scope = auth_model.AccessTokenScopeAll // fallback to all
 		}
-		return u, nil
+		return &oAuth2JWTAuthenticationResult{user: u, scope: optional.Some(scope)}, nil
 	}
 
 	// check personal access token
@@ -106,17 +100,13 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 			log.Error("UpdateLastUsed:  %v", err)
 		}
 
-		store.GetData()["IsApiToken"] = true
-		store.GetData()["ApiTokenScope"] = token.Scope
-
 		reducer, err := authz.GetAuthorizationReducerForAccessToken(req.Context(), token)
 		if err != nil {
 			log.Error("authz.GetAuthorizationReducerForAccessToken: %v", err)
 			return nil, err
 		}
-		store.GetData()["ApiTokenReducer"] = reducer
 
-		return u, nil
+		return &accessTokenAuthenticationResult{user: u, scope: token.Scope, reducer: reducer}, nil
 	} else if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
 		log.Error("GetAccessTokenBySha: %v", err)
 	}
@@ -125,15 +115,11 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 	task, err := actions_model.GetRunningTaskByToken(req.Context(), authToken)
 	if err == nil && task != nil {
 		log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
-
-		store.GetData()["IsActionsToken"] = true
-		store.GetData()["ActionsTaskID"] = task.ID
-
-		return user_model.NewActionsUser(), nil
+		return &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: task.ID}, nil
 	}
 
 	if !setting.Service.EnableBasicAuth {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	log.Trace("Basic Authorization: Attempting SignIn for %s", uname)
@@ -155,7 +141,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 		return nil, errors.New("Basic authorization is not allowed while having security keys enrolled")
 	}
 
-	if skipper, ok := source.Cfg.(LocalTwoFASkipper); !ok || !skipper.IsSkipLocalTwoFA() {
+	if skipper, ok := source.Cfg.(auth.LocalTwoFASkipper); !ok || !skipper.IsSkipLocalTwoFA() {
 		if err := validateTOTP(req, u); err != nil {
 			return nil, err
 		}
@@ -163,8 +149,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 
 	log.Trace("Basic Authorization: Logged in user %-v", u)
 
-	store.GetData()["IsPasswordLogin"] = true
-	return u, nil
+	return &basicPaswordAuthenticationResult{user: u}, nil
 }
 
 func getOtpHeader(header http.Header) string {
diff --git a/services/auth/group.go b/services/auth/method/group.go
similarity index 52%
rename from services/auth/group.go
rename to services/auth/method/group.go
index b713301b50..a87f5d6a75 100644
--- a/services/auth/group.go
+++ b/services/auth/method/group.go
@@ -1,51 +1,41 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package auth
+package method
 
 import (
 	"net/http"
-	"strings"
 
-	user_model "forgejo.org/models/user"
+	"forgejo.org/services/auth"
 )
 
 // Ensure the struct implements the interface.
 var (
-	_ Method = &Group{}
+	_ auth.Method = &Group{}
 )
 
 // Group implements the Auth interface with serval Auth.
 type Group struct {
-	methods []Method
+	methods []auth.Method
 }
 
 // NewGroup creates a new auth group
-func NewGroup(methods ...Method) *Group {
+func NewGroup(methods ...auth.Method) *Group {
 	return &Group{
 		methods: methods,
 	}
 }
 
 // Add adds a new method to group
-func (b *Group) Add(method Method) {
+func (b *Group) Add(method auth.Method) {
 	b.methods = append(b.methods, method)
 }
 
-// Name returns group's methods name
-func (b *Group) Name() string {
-	names := make([]string, 0, len(b.methods))
-	for _, m := range b.methods {
-		names = append(names, m.Name())
-	}
-	return strings.Join(names, ",")
-}
-
-func (b *Group) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
+func (b *Group) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
 	// Try to sign in with each of the enabled plugins
 	var retErr error
 	for _, m := range b.methods {
-		user, err := m.Verify(req, w, store, sess)
+		authResult, err := m.Verify(req, w, sess)
 		if err != nil {
 			if retErr == nil {
 				retErr = err
@@ -57,16 +47,17 @@ func (b *Group) Verify(req *http.Request, w http.ResponseWriter, store DataStore
 			continue
 		}
 
-		// If any method returns a user, we can stop trying.
-		// Return the user and ignore any error returned by previous methods.
-		if user != nil {
-			if store.GetData()["AuthedMethod"] == nil {
-				store.GetData()["AuthedMethod"] = m.Name()
-			}
-			return user, nil
+		// If any method returns an authenticated result, we can stop trying. Return and ignore any error returned by
+		// previous methods.
+		if authResult.User() != nil {
+			return authResult, nil
 		}
 	}
 
-	// If no method returns a user, return the error returned by the first method.
-	return nil, retErr
+	if retErr != nil {
+		// If no method returns a user, return the error returned by the first method.
+		return nil, retErr
+	}
+
+	return &auth.UnauthenticatedResult{}, nil
 }
diff --git a/services/auth/httpsign.go b/services/auth/method/httpsign.go
similarity index 94%
rename from services/auth/httpsign.go
rename to services/auth/method/httpsign.go
index e776ccbbed..a5328bddcd 100644
--- a/services/auth/httpsign.go
+++ b/services/auth/method/httpsign.go
@@ -1,7 +1,7 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package auth
+package method
 
 import (
 	"bytes"
@@ -16,6 +16,7 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
+	"forgejo.org/services/auth"
 
 	"github.com/42wim/httpsig"
 	"golang.org/x/crypto/ssh"
@@ -23,7 +24,7 @@ import (
 
 // Ensure the struct implements the interface.
 var (
-	_ Method = &HTTPSign{}
+	_ auth.Method = &HTTPSign{}
 )
 
 // HTTPSign implements the Auth interface and authenticates requests (API requests
@@ -31,18 +32,13 @@ var (
 // more information can be found on https://github.com/go-fed/httpsig
 type HTTPSign struct{}
 
-// Name represents the name of auth method
-func (h *HTTPSign) Name() string {
-	return "httpsign"
-}
-
 // Verify extracts and validates HTTPsign from the Signature header of the request and returns
 // the corresponding user object on successful validation.
 // Returns nil if header is empty or validation fails.
-func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
+func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) (auth.AuthenticationResult, error) {
 	sigHead := req.Header.Get("Signature")
 	if len(sigHead) == 0 {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	var (
@@ -53,14 +49,14 @@ func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, store DataSt
 	if len(req.Header.Get("X-Ssh-Certificate")) != 0 {
 		// Handle Signature signed by SSH certificates
 		if len(setting.SSH.TrustedUserCAKeys) == 0 {
-			return nil, nil
+			return &auth.UnauthenticatedResult{}, nil
 		}
 
 		publicKey, err = VerifyCert(req)
 		if err != nil {
 			log.Debug("VerifyCert on request from %s: failed: %v", req.RemoteAddr, err)
 			log.Warn("Failed authentication attempt from %s", req.RemoteAddr)
-			return nil, nil
+			return &auth.UnauthenticatedResult{}, nil
 		}
 	} else {
 		// Handle Signature signed by Public Key
@@ -68,7 +64,7 @@ func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, store DataSt
 		if err != nil {
 			log.Debug("VerifyPubKey on request from %s: failed: %v", req.RemoteAddr, err)
 			log.Warn("Failed authentication attempt from %s", req.RemoteAddr)
-			return nil, nil
+			return &auth.UnauthenticatedResult{}, nil
 		}
 	}
 
@@ -78,11 +74,8 @@ func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, store DataSt
 		return nil, err
 	}
 
-	store.GetData()["IsApiToken"] = true
-
 	log.Trace("HTTP Sign: Logged in user %-v", u)
-
-	return u, nil
+	return &httpSignAuthenticationResult{user: u}, nil
 }
 
 func VerifyPubKey(r *http.Request) (*asymkey_model.PublicKey, error) {
diff --git a/services/auth/method/main_test.go b/services/auth/method/main_test.go
new file mode 100644
index 0000000000..b5334990c3
--- /dev/null
+++ b/services/auth/method/main_test.go
@@ -0,0 +1,14 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package method
+
+import (
+	"testing"
+
+	"forgejo.org/models/unittest"
+)
+
+func TestMain(m *testing.M) {
+	unittest.MainTest(m)
+}
diff --git a/services/auth/oauth2.go b/services/auth/method/oauth2.go
similarity index 76%
rename from services/auth/oauth2.go
rename to services/auth/method/oauth2.go
index a23f586ffd..e80c4bc35c 100644
--- a/services/auth/oauth2.go
+++ b/services/auth/method/oauth2.go
@@ -2,10 +2,11 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package auth
+package method
 
 import (
 	"context"
+	"errors"
 	"net/http"
 	"slices"
 	"strings"
@@ -15,17 +16,19 @@ import (
 	auth_model "forgejo.org/models/auth"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web/middleware"
 	"forgejo.org/services/actions"
+	"forgejo.org/services/auth"
 	"forgejo.org/services/auth/source/oauth2"
 	"forgejo.org/services/authz"
 )
 
 // Ensure the struct implements the interface.
 var (
-	_ Method = &OAuth2{}
+	_ auth.Method = &OAuth2{}
 )
 
 // grantAdditionalScopes returns valid scopes coming from grant
@@ -113,11 +116,6 @@ func CheckTaskIsRunning(ctx context.Context, taskID int64) bool {
 // "Authorization" header.
 type OAuth2 struct{}
 
-// Name represents the name of auth method
-func (o *OAuth2) Name() string {
-	return "oauth2"
-}
-
 // parseToken returns the token from request, and a boolean value
 // representing whether the token exists or not
 func parseToken(req *http.Request) (string, bool) {
@@ -148,33 +146,39 @@ func parseToken(req *http.Request) (string, bool) {
 // userIDFromToken returns the user id corresponding to the OAuth token.
 // It will set 'IsApiToken' to true if the token is an API token and
 // set 'ApiTokenScope' to the scope of the access token
-func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store DataStore) (int64, error) {
+func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string) (auth.AuthenticationResult, error) {
 	if tokenSHA == "" {
-		return 0, auth_model.ErrAccessTokenEmpty{}
+		return nil, auth_model.ErrAccessTokenEmpty{}
 	}
 	// Let's see if token is valid.
 	if strings.Contains(tokenSHA, ".") {
 		// First attempt to decode an actions JWT, returning the actions user
 		if taskID, err := actions.TokenToTaskID(tokenSHA); err == nil {
 			if CheckTaskIsRunning(ctx, taskID) {
-				store.GetData()["IsActionsToken"] = true
-				store.GetData()["ActionsTaskID"] = taskID
-				return user_model.ActionsUserID, nil
+				return &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: taskID}, nil
 			}
 		}
 
 		// Otherwise, check if this is an OAuth access token
 		uid, grantScopes := CheckOAuthAccessToken(ctx, tokenSHA)
+		var accessTokenScope optional.Option[auth_model.AccessTokenScope]
 		if uid != 0 {
-			store.GetData()["IsApiToken"] = true
 			if grantScopes != "" {
-				store.GetData()["ApiTokenScope"] = auth_model.AccessTokenScope(grantScopes)
+				accessTokenScope = optional.Some(auth_model.AccessTokenScope(grantScopes))
 			} else {
-				store.GetData()["ApiTokenScope"] = auth_model.AccessTokenScopeAll // fallback to all
+				accessTokenScope = optional.Some(auth_model.AccessTokenScopeAll) // fallback to all
 			}
 		}
-		return uid, nil
+		user, err := user_model.GetPossibleUserByID(ctx, uid)
+		if err != nil {
+			if !user_model.IsErrUserNotExist(err) {
+				log.Error("GetUserByName: %v", err)
+			}
+			return nil, err
+		}
+		return &oAuth2JWTAuthenticationResult{user: user, scope: accessTokenScope}, nil
 	}
+
 	t, err := auth_model.GetAccessTokenBySHA(ctx, tokenSHA)
 	if err != nil {
 		if auth_model.IsErrAccessTokenNotExist(err) {
@@ -182,68 +186,63 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat
 			task, err := actions_model.GetRunningTaskByToken(ctx, tokenSHA)
 			if err == nil && task != nil {
 				log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
-
-				store.GetData()["IsActionsToken"] = true
-				store.GetData()["ActionsTaskID"] = task.ID
-
-				return user_model.ActionsUserID, nil
+				return &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: task.ID}, nil
 			}
 		} else if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
 			log.Error("GetAccessTokenBySHA: %v", err)
+			return nil, err
 		}
-		return 0, err
+		return nil, err
 	}
 	if err := t.UpdateLastUsed(ctx); err != nil {
 		log.Error("UpdateLastUsed: %v", err)
 	}
 	if t.UID == 0 {
-		return 0, auth_model.ErrAccessTokenNotExist{}
+		return nil, auth_model.ErrAccessTokenNotExist{}
 	}
-	store.GetData()["IsApiToken"] = true
-	store.GetData()["ApiTokenScope"] = t.Scope
 
 	reducer, err := authz.GetAuthorizationReducerForAccessToken(ctx, t)
 	if err != nil {
 		log.Error("authz.GetAuthorizationReducerForAccessToken: %v", err)
-		return 0, err
+		return nil, err
 	}
-	store.GetData()["ApiTokenReducer"] = reducer
 
-	return t.UID, nil
+	u, err := user_model.GetUserByID(ctx, t.UID)
+	if err != nil {
+		log.Error("GetUserByID:  %v", err)
+		return nil, err
+	}
+
+	return &accessTokenAuthenticationResult{user: u, scope: t.Scope, reducer: reducer}, nil
 }
 
 // Verify extracts the user ID from the OAuth token in the query parameters
 // or the "Authorization" header and returns the corresponding user object for that ID.
 // If verification is successful returns an existing user object.
 // Returns nil if verification fails.
-func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
+func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) (auth.AuthenticationResult, error) {
 	// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
 	if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
 		!isGitRawOrAttachPath(req) && !isArchivePath(req) {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	token, ok := parseToken(req)
 	if !ok {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
-	id, err := o.userIDFromToken(req.Context(), token, store)
+	auth, err := o.userIDFromToken(req.Context(), token)
 	if err != nil {
 		return nil, err
+	} else if auth.User() == nil {
+		// Having successfully found a token, it's now expected that the only valid outcomes are either errors that
+		// result in 401s (if the token wasn't valid), or valid authentication as a user. If we reach here, we've missed
+		// those expected outcomes and somehow returned an unauthenticated response even though a token was provided.
+		return nil, errors.New("unexpected unauthenticated result from userIDFromToken")
 	}
-	log.Trace("OAuth2 Authorization: Found token for user[%d]", id)
-
-	user, err := user_model.GetPossibleUserByID(req.Context(), id)
-	if err != nil {
-		if !user_model.IsErrUserNotExist(err) {
-			log.Error("GetUserByName: %v", err)
-		}
-		return nil, err
-	}
-
-	log.Trace("OAuth2 Authorization: Logged in user %-v", user)
-	return user, nil
+	log.Trace("OAuth2 Authorization: Logged in user %-v", auth.User())
+	return auth, nil
 }
 
 func isAuthenticatedTokenRequest(req *http.Request) bool {
diff --git a/services/auth/oauth2_test.go b/services/auth/method/oauth2_test.go
similarity index 87%
rename from services/auth/oauth2_test.go
rename to services/auth/method/oauth2_test.go
index 67e42c3c56..c08ec57151 100644
--- a/services/auth/oauth2_test.go
+++ b/services/auth/method/oauth2_test.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package auth
+package method
 
 import (
 	"net/http"
@@ -11,7 +11,6 @@ import (
 	"forgejo.org/models/auth"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
-	"forgejo.org/modules/web/middleware"
 	"forgejo.org/services/actions"
 
 	"github.com/stretchr/testify/assert"
@@ -33,14 +32,13 @@ func TestUserIDFromToken(t *testing.T) {
 		token, err := actions.CreateAuthorizationToken(task, map[string]any{}, false)
 		require.NoError(t, err)
 
-		ds := make(middleware.ContextData)
-
 		o := OAuth2{}
-		uid, err := o.userIDFromToken(t.Context(), token, ds)
+		authResult, err := o.userIDFromToken(t.Context(), token)
 		require.NoError(t, err)
-		assert.Equal(t, int64(user_model.ActionsUserID), uid)
-		assert.Equal(t, true, ds["IsActionsToken"])
-		assert.Equal(t, ds["ActionsTaskID"], int64(RunningTaskID))
+		assert.Equal(t, int64(user_model.ActionsUserID), authResult.User().ID)
+		isActionsToken, authTaskID := authResult.ActionsTaskID().Get()
+		assert.True(t, isActionsToken)
+		assert.Equal(t, int64(RunningTaskID), authTaskID)
 	})
 
 	t.Run("Actions error-JWT", func(t *testing.T) {
@@ -52,13 +50,12 @@ func TestUserIDFromToken(t *testing.T) {
 			"To short": {"abc", auth.ErrAccessTokenNotExist{Token: "abc"}},
 		}
 
-		ds := make(middleware.ContextData)
 		o := OAuth2{}
 		for name, c := range cases {
 			t.Run(name, func(t *testing.T) {
-				uid, err := o.userIDFromToken(t.Context(), c.Token, ds)
+				authResult, err := o.userIDFromToken(t.Context(), c.Token)
 				require.ErrorIs(t, err, c.Error)
-				assert.Equal(t, int64(0), uid)
+				assert.Nil(t, authResult)
 			})
 		}
 	})
diff --git a/services/auth/reverseproxy.go b/services/auth/method/reverseproxy.go
similarity index 93%
rename from services/auth/reverseproxy.go
rename to services/auth/method/reverseproxy.go
index eb9ceb8cf2..df6e626bcb 100644
--- a/services/auth/reverseproxy.go
+++ b/services/auth/method/reverseproxy.go
@@ -2,9 +2,10 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package auth
+package method
 
 import (
+	"errors"
 	"net/http"
 	"strings"
 
@@ -12,14 +13,16 @@ import (
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/util"
 	"forgejo.org/modules/web/middleware"
+	"forgejo.org/services/auth"
 
 	gouuid "github.com/google/uuid"
 )
 
 // Ensure the struct implements the interface.
 var (
-	_ Method = &ReverseProxy{}
+	_ auth.Method = &ReverseProxy{}
 )
 
 // ReverseProxyMethodName is the constant name of the ReverseProxy authentication method
@@ -37,11 +40,6 @@ func (r *ReverseProxy) getUserName(req *http.Request) string {
 	return strings.TrimSpace(req.Header.Get(setting.ReverseProxyAuthUser))
 }
 
-// Name represents the name of auth method
-func (r *ReverseProxy) Name() string {
-	return ReverseProxyMethodName
-}
-
 // getUserFromAuthUser extracts the username from the "setting.ReverseProxyAuthUser" header
 // of the request and returns the corresponding user object for that name.
 // Verification of header data is not performed as it should have already been done by
@@ -52,7 +50,7 @@ func (r *ReverseProxy) Name() string {
 func (r *ReverseProxy) getUserFromAuthUser(req *http.Request) (*user_model.User, error) {
 	username := r.getUserName(req)
 	if len(username) == 0 {
-		return nil, nil
+		return nil, util.ErrNotExist
 	}
 	log.Trace("ReverseProxy Authorization: Found username: %s", username)
 
@@ -104,15 +102,15 @@ func (r *ReverseProxy) getUserFromAuthEmail(req *http.Request) *user_model.User
 // First it will attempt to load it based on the username (see docs for getUserFromAuthUser),
 // and failing that it will attempt to load it based on the email (see docs for getUserFromAuthEmail).
 // Returns nil if the headers are empty or the user is not found.
-func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
+func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
 	user, err := r.getUserFromAuthUser(req)
-	if err != nil {
+	if err != nil && !errors.Is(err, util.ErrNotExist) {
 		return nil, err
 	}
 	if user == nil {
 		user = r.getUserFromAuthEmail(req)
 		if user == nil {
-			return nil, nil
+			return &auth.UnauthenticatedResult{}, nil
 		}
 	}
 
@@ -122,10 +120,9 @@ func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, store Da
 			handleSignIn(w, req, sess, user)
 		}
 	}
-	store.GetData()["IsReverseProxy"] = true
 
 	log.Trace("ReverseProxy Authorization: Logged in user %-v", user)
-	return user, nil
+	return &reverseProxyAuthenticationResult{user: user}, nil
 }
 
 // isAutoRegisterAllowed checks if EnableReverseProxyAutoRegister setting is true
diff --git a/services/auth/reverseproxy_test.go b/services/auth/method/reverseproxy_test.go
similarity index 99%
rename from services/auth/reverseproxy_test.go
rename to services/auth/method/reverseproxy_test.go
index f6740a0134..fbcd412da5 100644
--- a/services/auth/reverseproxy_test.go
+++ b/services/auth/method/reverseproxy_test.go
@@ -1,7 +1,7 @@
 // Copyright 2024 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package auth
+package method
 
 import (
 	"net/http"
diff --git a/services/auth/session.go b/services/auth/method/session.go
similarity index 77%
rename from services/auth/session.go
rename to services/auth/method/session.go
index a15c24c940..540d544aa0 100644
--- a/services/auth/session.go
+++ b/services/auth/method/session.go
@@ -1,47 +1,43 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package auth
+package method
 
 import (
 	"net/http"
 
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
+	"forgejo.org/services/auth"
 )
 
 // Ensure the struct implements the interface.
 var (
-	_ Method = &Session{}
+	_ auth.Method = &Session{}
 )
 
 // Session checks if there is a user uid stored in the session and returns the user
 // object for that uid.
 type Session struct{}
 
-// Name represents the name of auth method
-func (s *Session) Name() string {
-	return "session"
-}
-
 // Verify checks if there is a user uid stored in the session and returns the user
 // object for that uid.
 // Returns nil if there is no user uid stored in the session.
-func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) {
+func (s *Session) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
 	if sess == nil {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	// Get user ID
 	uid := sess.Get("uid")
 	if uid == nil {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 	log.Trace("Session Authorization: Found user[%d]", uid)
 
 	id, ok := uid.(int64)
 	if !ok {
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	// Get user object
@@ -52,9 +48,9 @@ func (s *Session) Verify(req *http.Request, w http.ResponseWriter, store DataSto
 			// Return the err as-is to keep current signed-in session, in case the err is something like context.Canceled. Otherwise non-existing user (nil, nil) will make the caller clear the signed-in session.
 			return nil, err
 		}
-		return nil, nil
+		return &auth.UnauthenticatedResult{}, nil
 	}
 
 	log.Trace("Session Authorization: Logged in user %-v", user)
-	return user, nil
+	return &sessionAuthenticationResult{user: user}, nil
 }
diff --git a/services/auth/signin.go b/services/auth/method/signin.go
similarity index 94%
rename from services/auth/signin.go
rename to services/auth/method/signin.go
index 495b3d387e..d664b16a8c 100644
--- a/services/auth/signin.go
+++ b/services/auth/method/signin.go
@@ -1,7 +1,7 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package auth
+package method
 
 import (
 	"context"
@@ -12,6 +12,7 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/optional"
+	auth_service "forgejo.org/services/auth"
 	"forgejo.org/services/auth/source/oauth2"
 	"forgejo.org/services/auth/source/smtp"
 
@@ -65,7 +66,7 @@ func UserSignIn(ctx context.Context, username, password string) (*user_model.Use
 				return nil, nil, oauth2.ErrAuthSourceNotActivated
 			}
 
-			authenticator, ok := source.Cfg.(PasswordAuthenticator)
+			authenticator, ok := source.Cfg.(auth_service.PasswordAuthenticator)
 			if !ok {
 				return nil, nil, smtp.ErrUnsupportedLoginType
 			}
@@ -98,7 +99,7 @@ func UserSignIn(ctx context.Context, username, password string) (*user_model.Use
 			continue
 		}
 
-		authenticator, ok := source.Cfg.(PasswordAuthenticator)
+		authenticator, ok := source.Cfg.(auth_service.PasswordAuthenticator)
 		if !ok {
 			continue
 		}
diff --git a/services/context/api.go b/services/context/api.go
index 1064b1ab4a..a6af94dfde 100644
--- a/services/context/api.go
+++ b/services/context/api.go
@@ -25,6 +25,7 @@ import (
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/web"
 	web_types "forgejo.org/modules/web/types"
+	"forgejo.org/services/auth"
 	"forgejo.org/services/authz"
 
 	"code.forgejo.org/go-chi/cache"
@@ -36,9 +37,9 @@ type APIContext struct {
 
 	Cache cache.Cache
 
-	Doer        *user_model.User // current signed-in user
-	IsSigned    bool
-	IsBasicAuth bool
+	Doer           *user_model.User // current signed-in user
+	IsSigned       bool
+	Authentication auth.AuthenticationResult
 
 	ContextUser *user_model.User // the user which is being visited, in most cases it differs from Doer
 
diff --git a/services/context/context.go b/services/context/context.go
index 8ced686aac..af5ec26143 100644
--- a/services/context/context.go
+++ b/services/context/context.go
@@ -25,6 +25,7 @@ import (
 	"forgejo.org/modules/web"
 	"forgejo.org/modules/web/middleware"
 	web_types "forgejo.org/modules/web/types"
+	"forgejo.org/services/auth"
 
 	"code.forgejo.org/go-chi/cache"
 	"code.forgejo.org/go-chi/session"
@@ -51,9 +52,9 @@ type Context struct {
 
 	Link string // current request URL (without query string)
 
-	Doer        *user_model.User // current signed-in user
-	IsSigned    bool
-	IsBasicAuth bool
+	Doer           *user_model.User // current signed-in user
+	IsSigned       bool
+	Authentication auth.AuthenticationResult
 
 	ContextUser *user_model.User // the user which is being visited, in most cases it differs from Doer
 
@@ -112,6 +113,8 @@ func NewWebContext(base *Base, render Render, session session.Store) *Context {
 		Link:  setting.AppSubURL + strings.TrimSuffix(base.Req.URL.EscapedPath(), "/"),
 		Repo:  &Repository{PullRequest: &PullRequest{}},
 		Org:   &Organization{},
+
+		Authentication: &auth.UnauthenticatedResult{},
 	}
 	ctx.TemplateContext = NewTemplateContextForWeb(ctx)
 	ctx.Flash = &middleware.Flash{DataStore: ctx, Values: url.Values{}}
diff --git a/services/context/permission.go b/services/context/permission.go
index f898bd98ae..44adbbd6d9 100644
--- a/services/context/permission.go
+++ b/services/context/permission.go
@@ -12,7 +12,6 @@ import (
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unit"
 	"forgejo.org/modules/log"
-	"forgejo.org/services/authz"
 )
 
 // RequireRepoAdmin returns a middleware for requiring repository admin permission
@@ -125,12 +124,7 @@ func CheckRepoDelegateActionTrust(ctx *Context) bool {
 
 // CheckRepoScopedToken check whether personal access token has repo scope
 func CheckRepoScopedToken(ctx *Context, repo *repo_model.Repository, level auth_model.AccessTokenScopeLevel) {
-	if !ctx.IsBasicAuth || ctx.Data["IsApiToken"] != true {
-		return
-	}
-
-	scope, ok := ctx.Data["ApiTokenScope"].(auth_model.AccessTokenScope)
-	if ok { // it's a personal access token but not oauth2 token
+	if hasScope, scope := ctx.Authentication.Scope().Get(); hasScope {
 		var scopeMatched bool
 
 		requiredScopes := auth_model.GetRequiredScopes(level, auth_model.AccessTokenScopeCategoryRepository)
@@ -159,8 +153,7 @@ func CheckRepoScopedToken(ctx *Context, repo *repo_model.Repository, level auth_
 		}
 	}
 
-	reducer, ok := ctx.Data["ApiTokenReducer"].(authz.AuthorizationReducer)
-	if ok {
+	if reducer := ctx.Authentication.Reducer(); reducer != nil {
 		var accessMode perm.AccessMode
 		switch level {
 		case auth_model.Read:
@@ -184,8 +177,7 @@ func CheckRepoScopedToken(ctx *Context, repo *repo_model.Repository, level auth_
 }
 
 func CheckRuntimeDeterminedScope(ctx *APIContext, scopeCategory auth_model.AccessTokenScopeCategory, level auth_model.AccessTokenScopeLevel, msg string) {
-	scope, ok := ctx.Data["ApiTokenScope"].(auth_model.AccessTokenScope)
-	if ok {
+	if hasScope, scope := ctx.Authentication.Scope().Get(); hasScope {
 		var scopeMatched bool
 
 		requiredScopes := auth_model.GetRequiredScopes(level, scopeCategory)
diff --git a/services/lfs/server.go b/services/lfs/server.go
index ef0df4a0ab..457602243e 100644
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@@ -539,8 +539,7 @@ func authenticate(ctx *context.Context, repository *repo_model.Repository, autho
 		accessMode = perm.AccessModeWrite
 	}
 
-	if ctx.Data["IsActionsToken"] == true {
-		taskID := ctx.Data["ActionsTaskID"].(int64)
+	if hasTaskID, taskID := ctx.Authentication.ActionsTaskID().Get(); hasTaskID {
 		task, err := actions_model.GetTaskByID(ctx, taskID)
 		if err != nil {
 			log.Error("Unable to GetTaskByID for task[%d] Error: %v", taskID, err)
diff --git a/tests/integration/api_packages_chef_test.go b/tests/integration/api_packages_chef_test.go
index cadf46b03f..b467f18e13 100644
--- a/tests/integration/api_packages_chef_test.go
+++ b/tests/integration/api_packages_chef_test.go
@@ -94,9 +94,10 @@ nwIDAQAB
 			defer tests.PrintCurrentTest(t)()
 
 			req := NewRequest(t, "POST", "/dummy")
-			u, err := auth.Verify(req.Request, nil, nil, nil)
-			assert.Nil(t, u)
+			u, err := auth.Verify(req.Request, nil, nil)
 			require.NoError(t, err)
+			require.NotNil(t, u)
+			assert.Nil(t, u.User())
 		})
 
 		t.Run("NotExistingUser", func(t *testing.T) {
@@ -104,7 +105,7 @@ nwIDAQAB
 
 			req := NewRequest(t, "POST", "/dummy").
 				SetHeader("X-Ops-Userid", "not-existing-user")
-			u, err := auth.Verify(req.Request, nil, nil, nil)
+			u, err := auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 		})
@@ -114,12 +115,12 @@ nwIDAQAB
 
 			req := NewRequest(t, "POST", "/dummy").
 				SetHeader("X-Ops-Userid", user.Name)
-			u, err := auth.Verify(req.Request, nil, nil, nil)
+			u, err := auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
 			req.SetHeader("X-Ops-Timestamp", "2023-01-01T00:00:00Z")
-			u, err = auth.Verify(req.Request, nil, nil, nil)
+			u, err = auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 		})
@@ -130,27 +131,27 @@ nwIDAQAB
 			req := NewRequest(t, "POST", "/dummy").
 				SetHeader("X-Ops-Userid", user.Name).
 				SetHeader("X-Ops-Timestamp", time.Now().UTC().Format(time.RFC3339))
-			u, err := auth.Verify(req.Request, nil, nil, nil)
+			u, err := auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
 			req.SetHeader("X-Ops-Sign", "version=none")
-			u, err = auth.Verify(req.Request, nil, nil, nil)
+			u, err = auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
 			req.SetHeader("X-Ops-Sign", "version=1.4")
-			u, err = auth.Verify(req.Request, nil, nil, nil)
+			u, err = auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
 			req.SetHeader("X-Ops-Sign", "version=1.0;algorithm=sha2")
-			u, err = auth.Verify(req.Request, nil, nil, nil)
+			u, err = auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
 			req.SetHeader("X-Ops-Sign", "version=1.0;algorithm=sha256")
-			u, err = auth.Verify(req.Request, nil, nil, nil)
+			u, err = auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 		})
@@ -166,7 +167,7 @@ nwIDAQAB
 				SetHeader("X-Ops-Sign", "version=1.0;algorithm=sha1").
 				SetHeader("X-Ops-Content-Hash", "unused").
 				SetHeader("X-Ops-Authorization-4", "dummy")
-			u, err := auth.Verify(req.Request, nil, nil, nil)
+			u, err := auth.Verify(req.Request, nil, nil)
 			assert.Nil(t, u)
 			require.Error(t, err)
 
@@ -257,7 +258,7 @@ nwIDAQAB
 					defer tests.PrintCurrentTest(t)()
 
 					signRequest(req, v)
-					u, err = auth.Verify(req.Request, nil, nil, nil)
+					u, err = auth.Verify(req.Request, nil, nil)
 					assert.NotNil(t, u)
 					require.NoError(t, err)
 				})

From 7a86a870c66565a6603d810f63012069712cf7d9 Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Thu, 23 Apr 2026 00:35:11 +0200
Subject: [PATCH 728/854] fix: compare branches with names `diff` or `patch`
 (#12227)

Closes: Codeberg/Community#2538
Regression of: !5385

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12227
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 routers/web/repo/compare.go                       | 15 ++++++++-------
 .../user2/repo16.git/refs/heads/diff              |  1 +
 .../user2/repo16.git/refs/heads/patch             |  1 +
 tests/integration/compare_test.go                 | 10 ++++++++++
 4 files changed, 20 insertions(+), 7 deletions(-)
 create mode 100644 tests/gitea-repositories-meta/user2/repo16.git/refs/heads/diff
 create mode 100644 tests/gitea-repositories-meta/user2/repo16.git/refs/heads/patch

diff --git a/routers/web/repo/compare.go b/routers/web/repo/compare.go
index 41ad365ce1..d216403b53 100644
--- a/routers/web/repo/compare.go
+++ b/routers/web/repo/compare.go
@@ -231,13 +231,6 @@ func ParseCompareInfo(ctx *context.Context) *common.CompareInfo {
 	if infoPath == "" {
 		infos = []string{baseRepo.DefaultBranch, baseRepo.DefaultBranch}
 	} else {
-		infoPath, isDiff := strings.CutSuffix(infoPath, ".diff")
-		ctx.Data["ComparingDiff"] = isDiff
-		if !isDiff {
-			var isPatch bool
-			infoPath, isPatch = strings.CutSuffix(infoPath, ".patch")
-			ctx.Data["ComparingPatch"] = isPatch
-		}
 		infos = strings.SplitN(infoPath, "...", 2)
 		if len(infos) != 2 {
 			if infos = strings.SplitN(infoPath, "..", 2); len(infos) == 2 {
@@ -247,6 +240,14 @@ func ParseCompareInfo(ctx *context.Context) *common.CompareInfo {
 				infos = []string{baseRepo.DefaultBranch, infoPath}
 			}
 		}
+		var isDiff bool
+		infos[1], isDiff = strings.CutSuffix(infos[1], ".diff")
+		ctx.Data["ComparingDiff"] = isDiff
+		if !isDiff {
+			var isPatch bool
+			infos[1], isPatch = strings.CutSuffix(infos[1], ".patch")
+			ctx.Data["ComparingPatch"] = isPatch
+		}
 	}
 
 	ctx.Data["BaseName"] = baseRepo.OwnerName
diff --git a/tests/gitea-repositories-meta/user2/repo16.git/refs/heads/diff b/tests/gitea-repositories-meta/user2/repo16.git/refs/heads/diff
new file mode 100644
index 0000000000..4750a76432
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo16.git/refs/heads/diff
@@ -0,0 +1 @@
+f27c2b2b03dcab38beaf89b0ab4ff61f6de63441
diff --git a/tests/gitea-repositories-meta/user2/repo16.git/refs/heads/patch b/tests/gitea-repositories-meta/user2/repo16.git/refs/heads/patch
new file mode 100644
index 0000000000..4750a76432
--- /dev/null
+++ b/tests/gitea-repositories-meta/user2/repo16.git/refs/heads/patch
@@ -0,0 +1 @@
+f27c2b2b03dcab38beaf89b0ab4ff61f6de63441
diff --git a/tests/integration/compare_test.go b/tests/integration/compare_test.go
index 396c1c22ad..070f7e1b20 100644
--- a/tests/integration/compare_test.go
+++ b/tests/integration/compare_test.go
@@ -239,6 +239,16 @@ func TestCompareBranches(t *testing.T) {
 	diffChanges = []string{"test.txt"}
 
 	inspectCompare(t, htmlDoc, diffCount, diffChanges)
+
+	// Branches with name 'diff' or 'patch'
+	req = NewRequest(t, "GET", "/user2/repo16/compare/master..diff")
+	session.MakeRequest(t, req, http.StatusOK)
+	req = NewRequest(t, "GET", "/user2/repo16/compare/master..diff.patch")
+	session.MakeRequest(t, req, http.StatusOK)
+	req = NewRequest(t, "GET", "/user2/repo16/compare/master..patch")
+	session.MakeRequest(t, req, http.StatusOK)
+	req = NewRequest(t, "GET", "/user2/repo16/compare/master..patch.diff")
+	session.MakeRequest(t, req, http.StatusOK)
 }
 
 func TestCompareWithPRsDisabled(t *testing.T) {

From 9f7533c1f154e3e0f09823dd6bf54cb0799fe36c Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 23 Apr 2026 02:30:41 +0200
Subject: [PATCH 729/854] refactor: clarify four different outputs that
 authentication methods provide (#12231)

#12202 began a refactor of Forgejo's authentication implementations by providing structured data on an authentication success.  However, error cases were maintained as-is in that refactor, leaving a complex situation: what does returning an error from an authentication method mean?; does it mean that the authentication failed, or that a server error occurred?  Can another authentication still be tried?

This PR changes authentication methods so that they can return one of four things:
- `AuthenticationSuccess` with an authentication result.
- `AuthenticationNotAttempted` which indicates that no credentials relevant for this authentication method were presented.  If every method returned `AuthenticationNotAttempted`, then you would have an unauthenticated access.
- `AuthenticationAttemptedIncorrectCredential` which indicates that credentials were present and failed validation -- a situation indicating a `401 Unauthorized`.
- `AuthenticationError` which indicates that an internal server error occurred and failed authentication -- indicating a `500 Internal Server Error`.

This paves the way for one more refactor coming next: `basic.go` and `oauth2.go` perform 3-4 different authentications each (access tokens, oauth JWTs, actions tokens, actions JWTs, and username/password).  With the capability to return these more precise responses, these authentication methods can be split up into separate logic that isn't intertwined together.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
  - Relying on existing test suite, with changes for any compile errors -- the next refactor will simplify the auth methods so that they can be unit tested easily.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12231
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 routers/api/packages/api.go                 | 56 ++++++++++----
 routers/api/packages/chef/auth.go           | 19 +++--
 routers/api/packages/conan/auth.go          | 20 +++--
 routers/api/packages/container/auth.go      | 21 +++---
 routers/api/packages/nuget/auth.go          | 25 +++----
 routers/api/shared/middleware.go            | 20 ++++-
 routers/common/auth.go                      | 44 +++++------
 routers/web/web.go                          | 23 +++++-
 services/auth/interface.go                  | 46 ++++++++++--
 services/auth/method/basic.go               | 45 ++++++-----
 services/auth/method/group.go               | 45 +++++------
 services/auth/method/httpsign.go            | 15 ++--
 services/auth/method/oauth2.go              | 51 +++++--------
 services/auth/method/oauth2_test.go         | 15 +++-
 services/auth/method/reverseproxy.go        | 26 ++++---
 services/auth/method/session.go             | 16 ++--
 tests/integration/api_packages_chef_test.go | 82 ++++++++++++---------
 17 files changed, 340 insertions(+), 229 deletions(-)

diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 2163badb49..7096cd9e51 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -4,6 +4,7 @@
 package packages
 
 import (
+	"errors"
 	"net/http"
 	"regexp"
 	"strings"
@@ -119,19 +120,30 @@ func verifyAuth(r *web.Route, authMethods []auth.Method) {
 	authGroup := auth_method.NewGroup(authMethods...)
 
 	r.Use(func(ctx *context.Context) {
-		authResult, err := authGroup.Verify(ctx.Req, ctx.Resp, ctx.Session)
-		if err != nil {
-			log.Info("Failed to verify user: %v", err)
+		output := authGroup.Verify(ctx.Req, ctx.Resp, ctx.Session)
+		var ar auth.AuthenticationResult
+		switch v := output.(type) {
+		case *auth.AuthenticationSuccess:
+			ar = v.Result
+		case *auth.AuthenticationNotAttempted:
+			ar = &auth.UnauthenticatedResult{}
+		case *auth.AuthenticationError:
+			ctx.ServerError("authentication error", v.Error)
+			return
+		case *auth.AuthenticationAttemptedIncorrectCredential:
 			ctx.Error(http.StatusUnauthorized, "authGroup.Verify")
 			return
-		}
-		if authResult == nil {
-			ctx.Error(http.StatusInternalServerError, "verifyAuth nil authentication result")
+		default:
+			ctx.ServerError("Verify failed", errors.New("unexpected result from Method.Verify"))
 			return
 		}
-		ctx.Doer = authResult.User()
+		if ar == nil {
+			ctx.ServerError("nil authentication result", errors.New("nil authentication result"))
+			return
+		}
+		ctx.Doer = ar.User()
 		ctx.IsSigned = ctx.Doer != nil
-		ctx.Authentication = authResult
+		ctx.Authentication = ar
 	})
 }
 
@@ -142,20 +154,32 @@ func verifyContainerAuth(r *web.Route, authMethods []auth.Method) {
 	authGroup := auth_method.NewGroup(authMethods...)
 
 	r.Use(func(ctx *context.Context) {
-		authResult, err := authGroup.Verify(ctx.Req, ctx.Resp, ctx.Session)
-		if err != nil {
-			log.Info("Failed to verify user: %v", err)
+		output := authGroup.Verify(ctx.Req, ctx.Resp, ctx.Session)
+		var ar auth.AuthenticationResult
+		switch v := output.(type) {
+		case *auth.AuthenticationSuccess:
+			ar = v.Result
+		case *auth.AuthenticationNotAttempted:
+			ar = &auth.UnauthenticatedResult{}
+		case *auth.AuthenticationError:
+			ctx.ServerError("authentication error", v.Error)
+			return
+		case *auth.AuthenticationAttemptedIncorrectCredential:
+			log.Info("Failed to verify user: %v", v.Error)
 			container.APIUnauthorizedError(ctx)
 			ctx.Error(http.StatusUnauthorized, "authGroup.Verify")
 			return
-		}
-		if authResult == nil {
-			ctx.Error(http.StatusInternalServerError, "verifyContainerAuth nil authentication result")
+		default:
+			ctx.ServerError("Verify failed", errors.New("unexpected result from Method.Verify"))
 			return
 		}
-		ctx.Doer = authResult.User()
+		if ar == nil {
+			ctx.ServerError("nil authentication result", errors.New("nil authentication result"))
+			return
+		}
+		ctx.Doer = ar.User()
 		ctx.IsSigned = ctx.Doer != nil
-		ctx.Authentication = authResult
+		ctx.Authentication = ar
 	})
 }
 
diff --git a/routers/api/packages/chef/auth.go b/routers/api/packages/chef/auth.go
index b9ff4b25f8..86e8254ba7 100644
--- a/routers/api/packages/chef/auth.go
+++ b/routers/api/packages/chef/auth.go
@@ -65,34 +65,37 @@ func (a *Auth) Name() string {
 
 // Verify extracts the user from the signed request
 // If the request is signed with the user private key the user is verified.
-func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) auth.MethodOutput {
 	u, err := getUserFromRequest(req)
 	if err != nil {
-		return nil, err
+		if !user_model.IsErrUserNotExist(err) {
+			return &auth.AuthenticationError{Error: fmt.Errorf("chef auth getUserFromRequest: %w", err)}
+		}
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
 	}
 	if u == nil {
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationNotAttempted{}
 	}
 
 	pub, err := getUserPublicKey(req.Context(), u)
 	if err != nil {
-		return nil, err
+		return &auth.AuthenticationError{Error: fmt.Errorf("chef auth getUserPublicKey: %w", err)}
 	}
 
 	if err := verifyTimestamp(req); err != nil {
-		return nil, err
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
 	}
 
 	version, err := getSignVersion(req)
 	if err != nil {
-		return nil, err
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
 	}
 
 	if err := verifySignedHeaders(req, version, pub.(*rsa.PublicKey)); err != nil {
-		return nil, err
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
 	}
 
-	return &chefAuthenticationResult{user: u}, nil
+	return &auth.AuthenticationSuccess{Result: &chefAuthenticationResult{user: u}}
 }
 
 func getUserFromRequest(req *http.Request) (*user_model.User, error) {
diff --git a/routers/api/packages/conan/auth.go b/routers/api/packages/conan/auth.go
index df0283167f..a2f1833032 100644
--- a/routers/api/packages/conan/auth.go
+++ b/routers/api/packages/conan/auth.go
@@ -4,6 +4,7 @@
 package conan
 
 import (
+	"fmt"
 	"net/http"
 
 	auth_model "forgejo.org/models/auth"
@@ -40,15 +41,18 @@ func (a *Auth) Name() string {
 }
 
 // Verify extracts the user from the Bearer token
-func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) auth.MethodOutput {
 	uid, scope, err := packages.ParseAuthorizationToken(req)
 	if err != nil {
 		log.Trace("ParseAuthorizationToken: %v", err)
-		return nil, err
-	}
-
-	if uid == 0 {
-		return &auth.UnauthenticatedResult{}, nil
+		// Errors from ParseAuthorizationToken are almost all from malformed incoming input, which we'll consider an
+		// auth failure:
+		// - `Authorization` header was present for all cases, so it's not `AuthenticationNotAttempted`
+		// - it's not `AuthenticationError` because malformed headers would cause errors, and this is intended for
+		//   server errors which should cause 500s
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: fmt.Errorf("conan auth JWT error: %w", err)}
+	} else if uid == 0 {
+		return &auth.AuthenticationNotAttempted{}
 	}
 
 	// Propagate scope of the authorization token.
@@ -60,8 +64,8 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.Sessio
 	u, err := user_model.GetUserByID(req.Context(), uid)
 	if err != nil {
 		log.Error("GetUserByID:  %v", err)
-		return nil, err
+		return &auth.AuthenticationError{Error: fmt.Errorf("conan auth GetUserByID failed: %w", err)}
 	}
 
-	return &conanAuthenticationResult{user: u, scope: authScope}, nil
+	return &auth.AuthenticationSuccess{Result: &conanAuthenticationResult{user: u, scope: authScope}}
 }
diff --git a/routers/api/packages/container/auth.go b/routers/api/packages/container/auth.go
index 67310de948..4f5a0c1524 100644
--- a/routers/api/packages/container/auth.go
+++ b/routers/api/packages/container/auth.go
@@ -4,6 +4,7 @@
 package container
 
 import (
+	"fmt"
 	"net/http"
 
 	auth_model "forgejo.org/models/auth"
@@ -41,15 +42,18 @@ func (a *Auth) Name() string {
 
 // Verify extracts the user from the Bearer token
 // If it's an anonymous session a ghost user is returned
-func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) auth.MethodOutput {
 	uid, scope, err := packages.ParseAuthorizationToken(req)
 	if err != nil {
 		log.Trace("ParseAuthorizationToken: %v", err)
-		return nil, err
-	}
-
-	if uid == 0 {
-		return &auth.UnauthenticatedResult{}, nil
+		// Errors from ParseAuthorizationToken are almost all from malformed incoming input, which we'll consider an
+		// auth failure:
+		// - `Authorization` header was present for all cases, so it's not `AuthenticationNotAttempted`
+		// - it's not `AuthenticationError` because malformed headers would cause errors, and this is intended for
+		//   server errors which should cause 500s
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
+	} else if uid == 0 {
+		return &auth.AuthenticationNotAttempted{}
 	}
 
 	// Propagate scope of the authorization token.
@@ -60,9 +64,8 @@ func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.Sessio
 
 	u, err := user_model.GetPossibleUserByID(req.Context(), uid)
 	if err != nil {
-		log.Error("GetPossibleUserByID:  %v", err)
-		return nil, err
+		return &auth.AuthenticationError{Error: fmt.Errorf("container auth GetPossibleUserByID: %w", err)}
 	}
 
-	return &containerAuthenticationResult{user: u, scope: authScope}, nil
+	return &auth.AuthenticationSuccess{Result: &containerAuthenticationResult{user: u, scope: authScope}}
 }
diff --git a/routers/api/packages/nuget/auth.go b/routers/api/packages/nuget/auth.go
index c33799734c..b4642d3173 100644
--- a/routers/api/packages/nuget/auth.go
+++ b/routers/api/packages/nuget/auth.go
@@ -4,6 +4,7 @@
 package nuget
 
 import (
+	"fmt"
 	"net/http"
 
 	auth_model "forgejo.org/models/auth"
@@ -26,34 +27,30 @@ func (r *nugetAuthenticationResult) User() *user_model.User {
 	return r.user
 }
 
-var _ auth.Method = &Auth{}
-
 type Auth struct{}
 
-func (a *Auth) Name() string {
-	return "nuget"
-}
-
 // https://docs.microsoft.com/en-us/nuget/api/package-publish-resource#request-parameters
-func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
-	token, err := auth_model.GetAccessTokenBySHA(req.Context(), req.Header.Get("X-NuGet-ApiKey"))
+func (a *Auth) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) auth.MethodOutput {
+	apiKey := req.Header.Get("X-NuGet-ApiKey")
+	if apiKey == "" {
+		return &auth.AuthenticationNotAttempted{}
+	}
+	token, err := auth_model.GetAccessTokenBySHA(req.Context(), apiKey)
 	if err != nil {
 		if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
-			log.Error("GetAccessTokenBySHA: %v", err)
-			return nil, err
+			return &auth.AuthenticationError{Error: fmt.Errorf("nuget auth GetAccessTokenBySHA: %w", err)}
 		}
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
 	}
 
 	u, err := user_model.GetUserByID(req.Context(), token.UID)
 	if err != nil {
-		log.Error("GetUserByID:  %v", err)
-		return nil, err
+		return &auth.AuthenticationError{Error: fmt.Errorf("nuget auth GetUserByID: %w", err)}
 	}
 
 	if err := token.UpdateLastUsed(req.Context()); err != nil {
 		log.Error("UpdateLastUsed:  %v", err)
 	}
 
-	return &nugetAuthenticationResult{user: u}, nil
+	return &auth.AuthenticationSuccess{Result: &nugetAuthenticationResult{user: u}}
 }
diff --git a/routers/api/shared/middleware.go b/routers/api/shared/middleware.go
index 7e935970ec..5a2debf3af 100644
--- a/routers/api/shared/middleware.go
+++ b/routers/api/shared/middleware.go
@@ -60,13 +60,25 @@ func buildAuthGroup() *auth_method.Group {
 
 func apiAuthentication(authMethod auth.Method) func(*context.APIContext) {
 	return func(ctx *context.APIContext) {
-		ar, err := common.AuthShared(ctx.Base, nil, authMethod)
-		if err != nil {
-			ctx.Error(http.StatusUnauthorized, "APIAuth", err)
+		output := common.AuthShared(ctx.Base, nil, authMethod)
+		var ar auth.AuthenticationResult
+		switch v := output.(type) {
+		case *auth.AuthenticationSuccess:
+			ar = v.Result
+		case *auth.AuthenticationNotAttempted:
+			ar = &auth.UnauthenticatedResult{}
+		case *auth.AuthenticationAttemptedIncorrectCredential:
+			ctx.Error(http.StatusUnauthorized, "APIAuth", v.Error)
+			return
+		case *auth.AuthenticationError:
+			ctx.ServerError("authentication error", v.Error)
+			return
+		default:
+			ctx.ServerError("authentication error", errors.New("unexpected result from common.AuthShared"))
 			return
 		}
 		if ar == nil {
-			ctx.Error(http.StatusInternalServerError, "apiAuthentication nil authentication result", errors.New("nil authentication result"))
+			ctx.ServerError("nil authentication result", errors.New("nil authentication result"))
 			return
 		}
 		ctx.Doer = ar.User()
diff --git a/routers/common/auth.go b/routers/common/auth.go
index 014db93dad..b8905b6201 100644
--- a/routers/common/auth.go
+++ b/routers/common/auth.go
@@ -4,35 +4,37 @@
 package common
 
 import (
-	"errors"
-
 	"forgejo.org/modules/web/middleware"
 	auth_service "forgejo.org/services/auth"
 	"forgejo.org/services/context"
 )
 
-func AuthShared(ctx *context.Base, sessionStore auth_service.SessionStore, authMethod auth_service.Method) (ar auth_service.AuthenticationResult, err error) {
-	ar, err = authMethod.Verify(ctx.Req, ctx.Resp, sessionStore)
-	if err != nil {
-		return ar, err
+func AuthShared(ctx *context.Base, sessionStore auth_service.SessionStore, authMethod auth_service.Method) auth_service.MethodOutput {
+	output := authMethod.Verify(ctx.Req, ctx.Resp, sessionStore)
+
+	var ar auth_service.AuthenticationResult
+	switch v := output.(type) {
+	case *auth_service.AuthenticationSuccess:
+		ar = v.Result
+	case *auth_service.AuthenticationNotAttempted:
+		ar = &auth_service.UnauthenticatedResult{}
 	}
-	if ar == nil {
-		return nil, errors.New("failure to retrieve AuthenticationResult - nil value")
-	}
-	doer := ar.User()
-	if doer != nil {
-		if ctx.Locale.Language() != doer.Language {
-			ctx.Locale = middleware.Locale(ctx.Resp, ctx.Req)
+	if ar != nil {
+		doer := ar.User()
+		if doer != nil {
+			if ctx.Locale.Language() != doer.Language {
+				ctx.Locale = middleware.Locale(ctx.Resp, ctx.Req)
+			}
+			ctx.Data["IsSigned"] = true
+			ctx.Data[middleware.ContextDataKeySignedUser] = doer
+			ctx.Data["SignedUserID"] = doer.ID
+			ctx.Data["IsAdmin"] = doer.IsAdmin
+		} else {
+			ctx.Data["IsSigned"] = false
+			ctx.Data["SignedUserID"] = int64(0)
 		}
-		ctx.Data["IsSigned"] = true
-		ctx.Data[middleware.ContextDataKeySignedUser] = doer
-		ctx.Data["SignedUserID"] = doer.ID
-		ctx.Data["IsAdmin"] = doer.IsAdmin
-	} else {
-		ctx.Data["IsSigned"] = false
-		ctx.Data["SignedUserID"] = int64(0)
 	}
-	return ar, nil
+	return output
 }
 
 // VerifyOptions contains required or check options
diff --git a/routers/web/web.go b/routers/web/web.go
index 492a578259..9d8ac332a8 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -6,6 +6,7 @@ package web
 
 import (
 	gocontext "context"
+	"errors"
 	"fmt"
 	"net/http"
 	"strings"
@@ -120,14 +121,28 @@ func buildAuthGroup() *auth_method.Group {
 
 func webAuth(authMethod auth_service.Method) func(*context.Context) {
 	return func(ctx *context.Context) {
-		ar, err := common.AuthShared(ctx.Base, ctx.Session, authMethod)
-		if err != nil {
-			log.Info("Failed to verify user: %v", err)
+		output := common.AuthShared(ctx.Base, ctx.Session, authMethod)
+		var ar auth_service.AuthenticationResult
+		switch v := output.(type) {
+		case *auth_service.AuthenticationSuccess:
+			ar = v.Result
+		case *auth_service.AuthenticationNotAttempted:
+			ar = &auth_service.UnauthenticatedResult{}
+		case *auth_service.AuthenticationAttemptedIncorrectCredential:
 			ctx.Error(http.StatusUnauthorized, ctx.Locale.TrString("auth.unauthorized_credentials", "https://codeberg.org/forgejo/forgejo/issues/2809"))
 			return
+		case *auth_service.AuthenticationError:
+			// Don't reveal the internal server error details to the user as they may contain sensitive details -- log
+			// the details, return a generic error.
+			log.Error("internal error during authentication: %v", v.Error)
+			ctx.ServerError("authentication error", errors.New("internal server error in authentication"))
+			return
+		default:
+			ctx.ServerError("authentication error", errors.New("unexpected result from common.AuthShared"))
+			return
 		}
 		if ar == nil {
-			ctx.Error(http.StatusInternalServerError, "webAuth nil authentication result")
+			ctx.ServerError("nil authentication result", errors.New("nil authentication result"))
 			return
 		}
 		ctx.Doer = ar.User()
diff --git a/services/auth/interface.go b/services/auth/interface.go
index 73cbe5403f..bbfe641520 100644
--- a/services/auth/interface.go
+++ b/services/auth/interface.go
@@ -23,13 +23,49 @@ type SessionStore session.Store
 
 // Method represents an authentication method (plugin) for HTTP requests.
 type Method interface {
-	// Verify tries to verify the authentication data contained in the request. If verification is successful returns an
-	// AuthenticationResult implementation with details about the authentication, or, may return an
-	// AnonymousAuthentication if the authentication method doesn't indicate that the request is authenticated. An error
-	// is only returned if a failure occurred while checking authentication.
-	Verify(http *http.Request, w http.ResponseWriter, sess SessionStore) (AuthenticationResult, error)
+	// Verify tries to validate credentials provided in the request, and returns one of the [MethodOutput] results
+	// indicating the result of its validation.
+	Verify(http *http.Request, w http.ResponseWriter, sess SessionStore) MethodOutput
 }
 
+// When attempting to authenticate with an authentication [Method], one of the MethodOutput implementations must be
+// returned. This interface serves as a enum of supported outputs, plus related values for each enum. Outputs are
+// [AuthenticationSuccess], [AuthenticationNotAttempted], [AuthenticationAttemptedWithFailure], and
+// [AuthenticationError].
+type MethodOutput interface {
+	isMethodOutput()
+}
+
+// Authentication positively identified the incoming request as successfully authenticated with the result in the
+// attached [AuthenticationResult]. For example, if a username and password were provided and we confirmed that those
+// credentials matched an existing user in the database, then AuthenticationSuccess would be returned.
+type AuthenticationSuccess struct {
+	Result AuthenticationResult
+}
+
+// Authentication method was not found to be applicable for the given request. For example, if a request did not contain
+// `Authorization: Basic ...`, then a basic authentication method would return AuthenticationNotAttempted to indicate
+// that this method didn't apply to the incoming request.
+type AuthenticationNotAttempted struct{}
+
+// Authentication method was attempted against the request and positively identified to be an incorrect credential. For
+// example, if a request contained `Authorization: Basic ...`, and the username and password that were provided were
+// found to not match any user, AuthenticationAttemptedIncorrectCredential would be returned. This is typically an
+// indicator of a `401 Unauthorized ...` response.
+type AuthenticationAttemptedIncorrectCredential struct {
+	Error error
+}
+
+// Authentication was attempted and an unexpected internal error occurred.
+type AuthenticationError struct {
+	Error error
+}
+
+func (*AuthenticationSuccess) isMethodOutput()                      {}
+func (*AuthenticationNotAttempted) isMethodOutput()                 {}
+func (*AuthenticationAttemptedIncorrectCredential) isMethodOutput() {}
+func (*AuthenticationError) isMethodOutput()                        {}
+
 // PasswordAuthenticator represents a source of authentication
 type PasswordAuthenticator interface {
 	Authenticate(ctx context.Context, user *user_model.User, login, password string) (*user_model.User, error)
diff --git a/services/auth/method/basic.go b/services/auth/method/basic.go
index 5b551135be..905deb0652 100644
--- a/services/auth/method/basic.go
+++ b/services/auth/method/basic.go
@@ -6,6 +6,7 @@ package method
 
 import (
 	"errors"
+	"fmt"
 	"net/http"
 	"strings"
 
@@ -19,6 +20,7 @@ import (
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web/middleware"
 	"forgejo.org/services/auth"
+	"forgejo.org/services/auth/source/db"
 	"forgejo.org/services/authz"
 )
 
@@ -36,20 +38,20 @@ type Basic struct{}
 // "Authorization" header of the request and returns the corresponding user object for that
 // name/token on successful validation.
 // Returns nil if header is empty or validation fails.
-func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) (auth.AuthenticationResult, error) {
+func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) auth.MethodOutput {
 	// Basic authentication should only fire on API, Download or on Git or LFSPaths
 	if !middleware.IsAPIPath(req) && !isContainerPath(req) && !isAttachmentDownload(req) && !isGitRawOrAttachOrLFSPath(req) {
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationNotAttempted{}
 	}
 
 	baHead := req.Header.Get("Authorization")
 	if len(baHead) == 0 {
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationNotAttempted{}
 	}
 
 	auths := strings.SplitN(baHead, " ", 2)
 	if len(auths) != 2 || (strings.ToLower(auths[0]) != "basic") {
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationNotAttempted{}
 	}
 
 	uname, passwd, _ := base.BasicAuthDecode(auths[1])
@@ -73,8 +75,7 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionS
 
 		u, err := user_model.GetUserByID(req.Context(), uid)
 		if err != nil {
-			log.Error("GetUserByID:  %v", err)
-			return nil, err
+			return &auth.AuthenticationError{Error: fmt.Errorf("basic auth GetUserByID: %w", err)}
 		}
 
 		var scope auth_model.AccessTokenScope
@@ -83,17 +84,16 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionS
 		} else {
 			scope = auth_model.AccessTokenScopeAll // fallback to all
 		}
-		return &oAuth2JWTAuthenticationResult{user: u, scope: optional.Some(scope)}, nil
+		return &auth.AuthenticationSuccess{Result: &oAuth2JWTAuthenticationResult{user: u, scope: optional.Some(scope)}}
 	}
 
 	// check personal access token
 	token, err := auth_model.GetAccessTokenBySHA(req.Context(), authToken)
 	if err == nil {
-		log.Trace("Basic Authorization: Valid AccessToken for user[%d]", uid)
+		log.Trace("Basic Authorization: Valid AccessToken for user[%d]", token.UID)
 		u, err := user_model.GetUserByID(req.Context(), token.UID)
 		if err != nil {
-			log.Error("GetUserByID:  %v", err)
-			return nil, err
+			return &auth.AuthenticationError{Error: fmt.Errorf("basic auth GetUserByID for access token: %w", err)}
 		}
 
 		if err = token.UpdateLastUsed(req.Context()); err != nil {
@@ -102,11 +102,10 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionS
 
 		reducer, err := authz.GetAuthorizationReducerForAccessToken(req.Context(), token)
 		if err != nil {
-			log.Error("authz.GetAuthorizationReducerForAccessToken: %v", err)
-			return nil, err
+			return &auth.AuthenticationError{Error: fmt.Errorf("basic auth GetAuthorizationReducerForAccessToken: %w", err)}
 		}
 
-		return &accessTokenAuthenticationResult{user: u, scope: token.Scope, reducer: reducer}, nil
+		return &auth.AuthenticationSuccess{Result: &accessTokenAuthenticationResult{user: u, scope: token.Scope, reducer: reducer}}
 	} else if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
 		log.Error("GetAccessTokenBySha: %v", err)
 	}
@@ -115,41 +114,41 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionS
 	task, err := actions_model.GetRunningTaskByToken(req.Context(), authToken)
 	if err == nil && task != nil {
 		log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
-		return &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: task.ID}, nil
+		return &auth.AuthenticationSuccess{Result: &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: task.ID}}
 	}
 
 	if !setting.Service.EnableBasicAuth {
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: errors.New("basic authentication by username & password is disabled")}
 	}
 
 	log.Trace("Basic Authorization: Attempting SignIn for %s", uname)
 	u, source, err := UserSignIn(req.Context(), uname, passwd)
 	if err != nil {
-		if !user_model.IsErrUserNotExist(err) {
-			log.Error("UserSignIn: %v", err)
+		if user_model.IsErrUserNotExist(err) || user_model.IsErrUserProhibitLogin(err) ||
+			errors.As(err, &db.ErrUserPasswordInvalid{}) || errors.As(err, &db.ErrUserPasswordNotSet{}) {
+			return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
 		}
-		return nil, err
+		return &auth.AuthenticationError{Error: fmt.Errorf("basic auth UserSignIn: %w", err)}
 	}
 
 	hashWebAuthn, err := auth_model.HasWebAuthnRegistrationsByUID(req.Context(), u.ID)
 	if err != nil {
-		log.Error("HasWebAuthnRegistrationsByUID: %v", err)
-		return nil, err
+		return &auth.AuthenticationError{Error: fmt.Errorf("basic auth HasWebAuthnRegistrationsByUID: %w", err)}
 	}
 
 	if hashWebAuthn {
-		return nil, errors.New("Basic authorization is not allowed while having security keys enrolled")
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: errors.New("Basic authorization is not allowed while having security keys enrolled")}
 	}
 
 	if skipper, ok := source.Cfg.(auth.LocalTwoFASkipper); !ok || !skipper.IsSkipLocalTwoFA() {
 		if err := validateTOTP(req, u); err != nil {
-			return nil, err
+			return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
 		}
 	}
 
 	log.Trace("Basic Authorization: Logged in user %-v", u)
 
-	return &basicPaswordAuthenticationResult{user: u}, nil
+	return &auth.AuthenticationSuccess{Result: &basicPaswordAuthenticationResult{user: u}}
 }
 
 func getOtpHeader(header http.Header) string {
diff --git a/services/auth/method/group.go b/services/auth/method/group.go
index a87f5d6a75..8082c1d837 100644
--- a/services/auth/method/group.go
+++ b/services/auth/method/group.go
@@ -4,6 +4,8 @@
 package method
 
 import (
+	"errors"
+	"fmt"
 	"net/http"
 
 	"forgejo.org/services/auth"
@@ -31,33 +33,34 @@ func (b *Group) Add(method auth.Method) {
 	b.methods = append(b.methods, method)
 }
 
-func (b *Group) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
-	// Try to sign in with each of the enabled plugins
-	var retErr error
+func (b *Group) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) auth.MethodOutput {
+	var incorrectCredentials []error
+
 	for _, m := range b.methods {
-		authResult, err := m.Verify(req, w, sess)
-		if err != nil {
-			if retErr == nil {
-				retErr = err
-			}
-			// Try other methods if this one failed.
-			// Some methods may share the same protocol to detect if they are matched.
-			// For example, OAuth2 and conan.Auth both read token from "Authorization: Bearer <token>" header,
-			// If OAuth2 returns error, we should give conan.Auth a chance to try.
+		output := m.Verify(req, w, sess)
+
+		switch v := output.(type) {
+		case *auth.AuthenticationSuccess, *auth.AuthenticationError:
+			return v
+
+		case *auth.AuthenticationNotAttempted:
+			// Move on to the next supported authentication method.
 			continue
-		}
 
-		// If any method returns an authenticated result, we can stop trying. Return and ignore any error returned by
-		// previous methods.
-		if authResult.User() != nil {
-			return authResult, nil
+		case *auth.AuthenticationAttemptedIncorrectCredential:
+			// Move on to the next supported authentication method, but keep a record of this error.  If none of the
+			// other methods are able to authenticate the user, we'll report this as an incorrect credential (401) case.
+			incorrectCredentials = append(incorrectCredentials, v.Error)
+			continue
+
+		default:
+			return &auth.AuthenticationError{Error: fmt.Errorf("unexpected result from Method.Verify on method %v: %v", m, v)}
 		}
 	}
 
-	if retErr != nil {
-		// If no method returns a user, return the error returned by the first method.
-		return nil, retErr
+	if len(incorrectCredentials) != 0 {
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: errors.Join(incorrectCredentials...)}
 	}
 
-	return &auth.UnauthenticatedResult{}, nil
+	return &auth.AuthenticationNotAttempted{}
 }
diff --git a/services/auth/method/httpsign.go b/services/auth/method/httpsign.go
index a5328bddcd..7a80452b2b 100644
--- a/services/auth/method/httpsign.go
+++ b/services/auth/method/httpsign.go
@@ -35,10 +35,10 @@ type HTTPSign struct{}
 // Verify extracts and validates HTTPsign from the Signature header of the request and returns
 // the corresponding user object on successful validation.
 // Returns nil if header is empty or validation fails.
-func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) (auth.AuthenticationResult, error) {
+func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) auth.MethodOutput {
 	sigHead := req.Header.Get("Signature")
 	if len(sigHead) == 0 {
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationNotAttempted{}
 	}
 
 	var (
@@ -49,14 +49,14 @@ func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, _ auth.Sessi
 	if len(req.Header.Get("X-Ssh-Certificate")) != 0 {
 		// Handle Signature signed by SSH certificates
 		if len(setting.SSH.TrustedUserCAKeys) == 0 {
-			return &auth.UnauthenticatedResult{}, nil
+			return &auth.AuthenticationNotAttempted{}
 		}
 
 		publicKey, err = VerifyCert(req)
 		if err != nil {
 			log.Debug("VerifyCert on request from %s: failed: %v", req.RemoteAddr, err)
 			log.Warn("Failed authentication attempt from %s", req.RemoteAddr)
-			return &auth.UnauthenticatedResult{}, nil
+			return &auth.AuthenticationNotAttempted{} // 401 is not expected on signature validation miss; return not attempted
 		}
 	} else {
 		// Handle Signature signed by Public Key
@@ -64,18 +64,17 @@ func (h *HTTPSign) Verify(req *http.Request, w http.ResponseWriter, _ auth.Sessi
 		if err != nil {
 			log.Debug("VerifyPubKey on request from %s: failed: %v", req.RemoteAddr, err)
 			log.Warn("Failed authentication attempt from %s", req.RemoteAddr)
-			return &auth.UnauthenticatedResult{}, nil
+			return &auth.AuthenticationNotAttempted{} // 401 is not expected on signature validation miss; return not attempted
 		}
 	}
 
 	u, err := user_model.GetUserByID(req.Context(), publicKey.OwnerID)
 	if err != nil {
-		log.Error("GetUserByID:  %v", err)
-		return nil, err
+		return &auth.AuthenticationError{Error: fmt.Errorf("httpsign GetUserByID: %w", err)}
 	}
 
 	log.Trace("HTTP Sign: Logged in user %-v", u)
-	return &httpSignAuthenticationResult{user: u}, nil
+	return &auth.AuthenticationSuccess{Result: &httpSignAuthenticationResult{user: u}}
 }
 
 func VerifyPubKey(r *http.Request) (*asymkey_model.PublicKey, error) {
diff --git a/services/auth/method/oauth2.go b/services/auth/method/oauth2.go
index e80c4bc35c..8e07a2ecca 100644
--- a/services/auth/method/oauth2.go
+++ b/services/auth/method/oauth2.go
@@ -6,7 +6,7 @@ package method
 
 import (
 	"context"
-	"errors"
+	"fmt"
 	"net/http"
 	"slices"
 	"strings"
@@ -146,16 +146,16 @@ func parseToken(req *http.Request) (string, bool) {
 // userIDFromToken returns the user id corresponding to the OAuth token.
 // It will set 'IsApiToken' to true if the token is an API token and
 // set 'ApiTokenScope' to the scope of the access token
-func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string) (auth.AuthenticationResult, error) {
+func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string) auth.MethodOutput {
 	if tokenSHA == "" {
-		return nil, auth_model.ErrAccessTokenEmpty{}
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: auth_model.ErrAccessTokenEmpty{}}
 	}
 	// Let's see if token is valid.
 	if strings.Contains(tokenSHA, ".") {
 		// First attempt to decode an actions JWT, returning the actions user
 		if taskID, err := actions.TokenToTaskID(tokenSHA); err == nil {
 			if CheckTaskIsRunning(ctx, taskID) {
-				return &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: taskID}, nil
+				return &auth.AuthenticationSuccess{Result: &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: taskID}}
 			}
 		}
 
@@ -171,12 +171,12 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string) (auth.Aut
 		}
 		user, err := user_model.GetPossibleUserByID(ctx, uid)
 		if err != nil {
-			if !user_model.IsErrUserNotExist(err) {
-				log.Error("GetUserByName: %v", err)
+			if user_model.IsErrUserNotExist(err) {
+				return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
 			}
-			return nil, err
+			return &auth.AuthenticationError{Error: fmt.Errorf("oauth2 GetPossibleUserByID: %w", err)}
 		}
-		return &oAuth2JWTAuthenticationResult{user: user, scope: accessTokenScope}, nil
+		return &auth.AuthenticationSuccess{Result: &oAuth2JWTAuthenticationResult{user: user, scope: accessTokenScope}}
 	}
 
 	t, err := auth_model.GetAccessTokenBySHA(ctx, tokenSHA)
@@ -186,63 +186,50 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string) (auth.Aut
 			task, err := actions_model.GetRunningTaskByToken(ctx, tokenSHA)
 			if err == nil && task != nil {
 				log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
-				return &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: task.ID}, nil
+				return &auth.AuthenticationSuccess{Result: &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: task.ID}}
 			}
 		} else if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
-			log.Error("GetAccessTokenBySHA: %v", err)
-			return nil, err
+			return &auth.AuthenticationError{Error: fmt.Errorf("oauth2 GetAccessTokenBySHA: %w", err)}
 		}
-		return nil, err
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
 	}
 	if err := t.UpdateLastUsed(ctx); err != nil {
 		log.Error("UpdateLastUsed: %v", err)
 	}
 	if t.UID == 0 {
-		return nil, auth_model.ErrAccessTokenNotExist{}
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
 	}
 
 	reducer, err := authz.GetAuthorizationReducerForAccessToken(ctx, t)
 	if err != nil {
-		log.Error("authz.GetAuthorizationReducerForAccessToken: %v", err)
-		return nil, err
+		return &auth.AuthenticationError{Error: fmt.Errorf("oauth2 GetAuthorizationReducerForAccessToken: %w", err)}
 	}
 
 	u, err := user_model.GetUserByID(ctx, t.UID)
 	if err != nil {
-		log.Error("GetUserByID:  %v", err)
-		return nil, err
+		return &auth.AuthenticationError{Error: fmt.Errorf("oauth2 GetUserByID: %w", err)}
 	}
 
-	return &accessTokenAuthenticationResult{user: u, scope: t.Scope, reducer: reducer}, nil
+	return &auth.AuthenticationSuccess{Result: &accessTokenAuthenticationResult{user: u, scope: t.Scope, reducer: reducer}}
 }
 
 // Verify extracts the user ID from the OAuth token in the query parameters
 // or the "Authorization" header and returns the corresponding user object for that ID.
 // If verification is successful returns an existing user object.
 // Returns nil if verification fails.
-func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) (auth.AuthenticationResult, error) {
+func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) auth.MethodOutput {
 	// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
 	if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
 		!isGitRawOrAttachPath(req) && !isArchivePath(req) {
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationNotAttempted{}
 	}
 
 	token, ok := parseToken(req)
 	if !ok {
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationNotAttempted{}
 	}
 
-	auth, err := o.userIDFromToken(req.Context(), token)
-	if err != nil {
-		return nil, err
-	} else if auth.User() == nil {
-		// Having successfully found a token, it's now expected that the only valid outcomes are either errors that
-		// result in 401s (if the token wasn't valid), or valid authentication as a user. If we reach here, we've missed
-		// those expected outcomes and somehow returned an unauthenticated response even though a token was provided.
-		return nil, errors.New("unexpected unauthenticated result from userIDFromToken")
-	}
-	log.Trace("OAuth2 Authorization: Logged in user %-v", auth.User())
-	return auth, nil
+	return o.userIDFromToken(req.Context(), token)
 }
 
 func isAuthenticatedTokenRequest(req *http.Request) bool {
diff --git a/services/auth/method/oauth2_test.go b/services/auth/method/oauth2_test.go
index c08ec57151..5ad103fe58 100644
--- a/services/auth/method/oauth2_test.go
+++ b/services/auth/method/oauth2_test.go
@@ -12,6 +12,7 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/services/actions"
+	auth_service "forgejo.org/services/auth"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -33,8 +34,10 @@ func TestUserIDFromToken(t *testing.T) {
 		require.NoError(t, err)
 
 		o := OAuth2{}
-		authResult, err := o.userIDFromToken(t.Context(), token)
-		require.NoError(t, err)
+		output := o.userIDFromToken(t.Context(), token)
+		ar, authSuccess := output.(*auth_service.AuthenticationSuccess)
+		require.True(t, authSuccess, "expected type AuthenticationSuccess, but was: %#v", output)
+		authResult := ar.Result
 		assert.Equal(t, int64(user_model.ActionsUserID), authResult.User().ID)
 		isActionsToken, authTaskID := authResult.ActionsTaskID().Get()
 		assert.True(t, isActionsToken)
@@ -53,9 +56,13 @@ func TestUserIDFromToken(t *testing.T) {
 		o := OAuth2{}
 		for name, c := range cases {
 			t.Run(name, func(t *testing.T) {
-				authResult, err := o.userIDFromToken(t.Context(), c.Token)
+				output := o.userIDFromToken(t.Context(), c.Token)
+
+				ar, authFailure := output.(*auth_service.AuthenticationAttemptedIncorrectCredential)
+				require.True(t, authFailure, "expected type AuthenticationAttemptedIncorrectCredential, but was: %#v", output)
+				err := ar.Error
+
 				require.ErrorIs(t, err, c.Error)
-				assert.Nil(t, authResult)
 			})
 		}
 	})
diff --git a/services/auth/method/reverseproxy.go b/services/auth/method/reverseproxy.go
index df6e626bcb..0fda466875 100644
--- a/services/auth/method/reverseproxy.go
+++ b/services/auth/method/reverseproxy.go
@@ -6,6 +6,7 @@ package method
 
 import (
 	"errors"
+	"fmt"
 	"net/http"
 	"strings"
 
@@ -77,13 +78,13 @@ func (r *ReverseProxy) getEmail(req *http.Request) string {
 // If an email is available in the "setting.ReverseProxyAuthEmail" header an existing
 // user object is returned (populated with the email found in header).
 // Returns nil if header is empty or if "setting.EnableReverseProxyEmail" is disabled.
-func (r *ReverseProxy) getUserFromAuthEmail(req *http.Request) *user_model.User {
+func (r *ReverseProxy) getUserFromAuthEmail(req *http.Request) (*user_model.User, error) {
 	if !setting.Service.EnableReverseProxyEmail {
-		return nil
+		return nil, util.ErrNotExist
 	}
 	email := r.getEmail(req)
 	if len(email) == 0 {
-		return nil
+		return nil, util.ErrNotExist
 	}
 	log.Trace("ReverseProxy Authorization: Found email: %s", email)
 
@@ -93,24 +94,29 @@ func (r *ReverseProxy) getUserFromAuthEmail(req *http.Request) *user_model.User
 		if !user_model.IsErrUserNotExist(err) {
 			log.Error("GetUserByEmail: %v", err)
 		}
-		return nil
+		return nil, err
 	}
-	return user
+	return user, nil
 }
 
 // Verify attempts to load a user object based on headers sent by the reverse proxy.
 // First it will attempt to load it based on the username (see docs for getUserFromAuthUser),
 // and failing that it will attempt to load it based on the email (see docs for getUserFromAuthEmail).
 // Returns nil if the headers are empty or the user is not found.
-func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
+func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) auth.MethodOutput {
 	user, err := r.getUserFromAuthUser(req)
 	if err != nil && !errors.Is(err, util.ErrNotExist) {
-		return nil, err
+		return &auth.AuthenticationError{Error: fmt.Errorf("reverse proxy getUserFromAuthUser: %w", err)}
 	}
 	if user == nil {
-		user = r.getUserFromAuthEmail(req)
+		user, err = r.getUserFromAuthEmail(req)
 		if user == nil {
-			return &auth.UnauthenticatedResult{}, nil
+			if errors.Is(err, util.ErrNotExist) {
+				// Not attempted is returned when no HTTP headers were provided, which is the cases that ErrNotExist
+				// represents:
+				return &auth.AuthenticationNotAttempted{}
+			}
+			return &auth.AuthenticationAttemptedIncorrectCredential{Error: errors.New("user not found")}
 		}
 	}
 
@@ -122,7 +128,7 @@ func (r *ReverseProxy) Verify(req *http.Request, w http.ResponseWriter, sess aut
 	}
 
 	log.Trace("ReverseProxy Authorization: Logged in user %-v", user)
-	return &reverseProxyAuthenticationResult{user: user}, nil
+	return &auth.AuthenticationSuccess{Result: &reverseProxyAuthenticationResult{user: user}}
 }
 
 // isAutoRegisterAllowed checks if EnableReverseProxyAutoRegister setting is true
diff --git a/services/auth/method/session.go b/services/auth/method/session.go
index 540d544aa0..9166752853 100644
--- a/services/auth/method/session.go
+++ b/services/auth/method/session.go
@@ -4,6 +4,7 @@
 package method
 
 import (
+	"fmt"
 	"net/http"
 
 	user_model "forgejo.org/models/user"
@@ -23,34 +24,33 @@ type Session struct{}
 // Verify checks if there is a user uid stored in the session and returns the user
 // object for that uid.
 // Returns nil if there is no user uid stored in the session.
-func (s *Session) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) (auth.AuthenticationResult, error) {
+func (s *Session) Verify(req *http.Request, w http.ResponseWriter, sess auth.SessionStore) auth.MethodOutput {
 	if sess == nil {
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationNotAttempted{}
 	}
 
 	// Get user ID
 	uid := sess.Get("uid")
 	if uid == nil {
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationNotAttempted{}
 	}
 	log.Trace("Session Authorization: Found user[%d]", uid)
 
 	id, ok := uid.(int64)
 	if !ok {
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationNotAttempted{}
 	}
 
 	// Get user object
 	user, err := user_model.GetUserByID(req.Context(), id)
 	if err != nil {
 		if !user_model.IsErrUserNotExist(err) {
-			log.Error("GetUserByID: %v", err)
 			// Return the err as-is to keep current signed-in session, in case the err is something like context.Canceled. Otherwise non-existing user (nil, nil) will make the caller clear the signed-in session.
-			return nil, err
+			return &auth.AuthenticationError{Error: fmt.Errorf("session auth GetUserByID: %w", err)}
 		}
-		return &auth.UnauthenticatedResult{}, nil
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
 	}
 
 	log.Trace("Session Authorization: Logged in user %-v", user)
-	return &sessionAuthenticationResult{user: user}, nil
+	return &auth.AuthenticationSuccess{Result: &sessionAuthenticationResult{user: user}}
 }
diff --git a/tests/integration/api_packages_chef_test.go b/tests/integration/api_packages_chef_test.go
index b467f18e13..6a07a38691 100644
--- a/tests/integration/api_packages_chef_test.go
+++ b/tests/integration/api_packages_chef_test.go
@@ -32,6 +32,7 @@ import (
 	chef_module "forgejo.org/modules/packages/chef"
 	"forgejo.org/modules/setting"
 	chef_router "forgejo.org/routers/api/packages/chef"
+	auth_service "forgejo.org/services/auth"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -94,10 +95,9 @@ nwIDAQAB
 			defer tests.PrintCurrentTest(t)()
 
 			req := NewRequest(t, "POST", "/dummy")
-			u, err := auth.Verify(req.Request, nil, nil)
-			require.NoError(t, err)
-			require.NotNil(t, u)
-			assert.Nil(t, u.User())
+			output := auth.Verify(req.Request, nil, nil)
+			_, authNotAttempted := output.(*auth_service.AuthenticationNotAttempted)
+			assert.True(t, authNotAttempted, "expected type AuthenticationNotAttempted, but was: %#v", output)
 		})
 
 		t.Run("NotExistingUser", func(t *testing.T) {
@@ -105,9 +105,11 @@ nwIDAQAB
 
 			req := NewRequest(t, "POST", "/dummy").
 				SetHeader("X-Ops-Userid", "not-existing-user")
-			u, err := auth.Verify(req.Request, nil, nil)
-			assert.Nil(t, u)
-			require.Error(t, err)
+
+			output := auth.Verify(req.Request, nil, nil)
+			ar, authError := output.(*auth_service.AuthenticationAttemptedIncorrectCredential)
+			require.True(t, authError, "expected type AuthenticationAttemptedIncorrectCredential, but was: %#v", output)
+			require.ErrorContains(t, ar.Error, "user does not exist")
 		})
 
 		t.Run("Timestamp", func(t *testing.T) {
@@ -115,14 +117,16 @@ nwIDAQAB
 
 			req := NewRequest(t, "POST", "/dummy").
 				SetHeader("X-Ops-Userid", user.Name)
-			u, err := auth.Verify(req.Request, nil, nil)
-			assert.Nil(t, u)
-			require.Error(t, err)
+			output := auth.Verify(req.Request, nil, nil)
+			ar, authError := output.(*auth_service.AuthenticationAttemptedIncorrectCredential)
+			require.True(t, authError, "expected type AuthenticationAttemptedIncorrectCredential, but was: %#v", output)
+			require.ErrorContains(t, ar.Error, "X-Ops-Timestamp header missing")
 
 			req.SetHeader("X-Ops-Timestamp", "2023-01-01T00:00:00Z")
-			u, err = auth.Verify(req.Request, nil, nil)
-			assert.Nil(t, u)
-			require.Error(t, err)
+			output = auth.Verify(req.Request, nil, nil)
+			ar, authError = output.(*auth_service.AuthenticationAttemptedIncorrectCredential)
+			require.True(t, authError, "expected type AuthenticationAttemptedIncorrectCredential, but was: %#v", output)
+			require.ErrorContains(t, ar.Error, "time difference")
 		})
 
 		t.Run("SigningVersion", func(t *testing.T) {
@@ -131,29 +135,35 @@ nwIDAQAB
 			req := NewRequest(t, "POST", "/dummy").
 				SetHeader("X-Ops-Userid", user.Name).
 				SetHeader("X-Ops-Timestamp", time.Now().UTC().Format(time.RFC3339))
-			u, err := auth.Verify(req.Request, nil, nil)
-			assert.Nil(t, u)
-			require.Error(t, err)
+
+			output := auth.Verify(req.Request, nil, nil)
+			ar, authError := output.(*auth_service.AuthenticationAttemptedIncorrectCredential)
+			require.True(t, authError, "expected type AuthenticationAttemptedIncorrectCredential, but was: %#v", output)
+			require.ErrorContains(t, ar.Error, "X-Ops-Sign header missing")
 
 			req.SetHeader("X-Ops-Sign", "version=none")
-			u, err = auth.Verify(req.Request, nil, nil)
-			assert.Nil(t, u)
-			require.Error(t, err)
+			output = auth.Verify(req.Request, nil, nil)
+			ar, authError = output.(*auth_service.AuthenticationAttemptedIncorrectCredential)
+			require.True(t, authError, "expected type AuthenticationAttemptedIncorrectCredential, but was: %#v", output)
+			require.ErrorContains(t, ar.Error, "invalid X-Ops-Sign header")
 
 			req.SetHeader("X-Ops-Sign", "version=1.4")
-			u, err = auth.Verify(req.Request, nil, nil)
-			assert.Nil(t, u)
-			require.Error(t, err)
+			output = auth.Verify(req.Request, nil, nil)
+			ar, authError = output.(*auth_service.AuthenticationAttemptedIncorrectCredential)
+			require.True(t, authError, "expected type AuthenticationAttemptedIncorrectCredential, but was: %#v", output)
+			require.ErrorContains(t, ar.Error, "unsupported version")
 
 			req.SetHeader("X-Ops-Sign", "version=1.0;algorithm=sha2")
-			u, err = auth.Verify(req.Request, nil, nil)
-			assert.Nil(t, u)
-			require.Error(t, err)
+			output = auth.Verify(req.Request, nil, nil)
+			ar, authError = output.(*auth_service.AuthenticationAttemptedIncorrectCredential)
+			require.True(t, authError, "expected type AuthenticationAttemptedIncorrectCredential, but was: %#v", output)
+			require.ErrorContains(t, ar.Error, "unsupported algorithm")
 
 			req.SetHeader("X-Ops-Sign", "version=1.0;algorithm=sha256")
-			u, err = auth.Verify(req.Request, nil, nil)
-			assert.Nil(t, u)
-			require.Error(t, err)
+			output = auth.Verify(req.Request, nil, nil)
+			ar, authError = output.(*auth_service.AuthenticationAttemptedIncorrectCredential)
+			require.True(t, authError, "expected type AuthenticationAttemptedIncorrectCredential, but was: %#v", output)
+			require.ErrorContains(t, ar.Error, "unsupported algorithm")
 		})
 
 		t.Run("SignedHeaders", func(t *testing.T) {
@@ -167,9 +177,10 @@ nwIDAQAB
 				SetHeader("X-Ops-Sign", "version=1.0;algorithm=sha1").
 				SetHeader("X-Ops-Content-Hash", "unused").
 				SetHeader("X-Ops-Authorization-4", "dummy")
-			u, err := auth.Verify(req.Request, nil, nil)
-			assert.Nil(t, u)
-			require.Error(t, err)
+			output := auth.Verify(req.Request, nil, nil)
+			ar, authError := output.(*auth_service.AuthenticationAttemptedIncorrectCredential)
+			require.True(t, authError, "expected type AuthenticationAttemptedIncorrectCredential, but was: %#v", output)
+			require.ErrorContains(t, ar.Error, "invalid X-Ops-Authorization headers")
 
 			signRequest := func(rw *RequestWrapper, version string) {
 				req := rw.Request
@@ -258,9 +269,12 @@ nwIDAQAB
 					defer tests.PrintCurrentTest(t)()
 
 					signRequest(req, v)
-					u, err = auth.Verify(req.Request, nil, nil)
-					assert.NotNil(t, u)
-					require.NoError(t, err)
+					output := auth.Verify(req.Request, nil, nil)
+					ar, authSuccess := output.(*auth_service.AuthenticationSuccess)
+					require.True(t, authSuccess, "expected type AuthenticationSuccess, but was: %#v", output)
+					assert.NotNil(t, ar)
+					assert.NotNil(t, ar.Result)
+					assert.EqualValues(t, 2, ar.Result.User().ID)
 				})
 			}
 		})

From a562140896d28c01ea7b572af1c27d59aca3d7e2 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 24 Apr 2026 00:46:55 +0200
Subject: [PATCH 730/854] Update dependency htmx.org to v2.0.9 (forgejo)
 (#12248)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12248
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 819f398d2b..527811982e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -51,7 +51,7 @@
         "esbuild-loader": "4.4.3",
         "escape-goat": "4.0.0",
         "fast-glob": "3.3.3",
-        "htmx.org": "2.0.8",
+        "htmx.org": "2.0.9",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
         "katex": "0.16.45",
@@ -9539,9 +9539,9 @@
       }
     },
     "node_modules/htmx.org": {
-      "version": "2.0.8",
-      "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-2.0.8.tgz",
-      "integrity": "sha512-fm297iru0iWsNJlBrjvtN7V9zjaxd+69Oqjh4F/Vq9Wwi2kFisLcrLCiv5oBX0KLfOX/zG8AUo9ROMU5XUB44Q==",
+      "version": "2.0.9",
+      "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-2.0.9.tgz",
+      "integrity": "sha512-Vd8ZlGSshz2W2ej+gNpMqxX2PM0dfOn4lRgkTXgCT+cqZE/GwBQoYm3zGvlqf+hHXYCMYmmgae33m4/RPdTS0Q==",
       "license": "0BSD"
     },
     "node_modules/iconv-lite": {
diff --git a/package.json b/package.json
index e89587c8e7..de425537c8 100644
--- a/package.json
+++ b/package.json
@@ -50,7 +50,7 @@
     "esbuild-loader": "4.4.3",
     "escape-goat": "4.0.0",
     "fast-glob": "3.3.3",
-    "htmx.org": "2.0.8",
+    "htmx.org": "2.0.9",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
     "katex": "0.16.45",

From db622afd87f8f6b1d0ca4228b9eac7095cda3a58 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Fri, 24 Apr 2026 04:36:42 +0200
Subject: [PATCH 731/854] refactor: delegate to service for run cancellation
 (#12142)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12142
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 routers/web/repo/actions/view.go | 41 +++++---------------------------
 services/actions/run.go          |  2 +-
 2 files changed, 7 insertions(+), 36 deletions(-)

diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index 31b757d2b3..9769f0f11a 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -5,7 +5,6 @@
 package actions
 
 import (
-	"context"
 	"errors"
 	"fmt"
 	"html/template"
@@ -26,14 +25,11 @@ import (
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/templates"
-	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/translation"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
 	actions_service "forgejo.org/services/actions"
 	app_context "forgejo.org/services/context"
-
-	"xorm.io/builder"
 )
 
 func RedirectToLatestAttempt(ctx *app_context.Context) {
@@ -591,40 +587,15 @@ func Logs(ctx *app_context.Context) {
 func Cancel(ctx *app_context.Context) {
 	runIndex := ctx.ParamsInt64("run")
 
-	_, jobs := getRunJobs(ctx, runIndex, -1)
-	if ctx.Written() {
-		return
-	}
-
-	if err := db.WithTx(ctx, func(ctx context.Context) error {
-		for _, job := range jobs {
-			status := job.Status
-			if status.IsDone() {
-				continue
-			}
-			if job.TaskID == 0 {
-				job.Status = actions_model.StatusCancelled
-				job.Stopped = timeutil.TimeStampNow()
-				n, err := actions_service.UpdateRunJob(ctx, job, builder.Eq{"task_id": 0}, "status", "stopped")
-				if err != nil {
-					return err
-				}
-				if n == 0 {
-					return errors.New("job has changed, try again")
-				}
-				continue
-			}
-			if err := actions_service.StopTask(ctx, job.TaskID, actions_model.StatusCancelled); err != nil {
-				return err
-			}
-		}
-		return nil
-	}); err != nil {
+	run, err := actions_model.GetRunByIndex(ctx, ctx.Repo.Repository.ID, runIndex)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, err.Error())
+		return
+	}
+	if err := actions_service.CancelRun(ctx, run); err != nil {
 		ctx.Error(http.StatusInternalServerError, err.Error())
 		return
 	}
-
-	actions_service.CreateCommitStatus(ctx, jobs...)
 
 	ctx.JSON(http.StatusOK, struct{}{})
 }
diff --git a/services/actions/run.go b/services/actions/run.go
index bee0b1581d..891d9d8f03 100644
--- a/services/actions/run.go
+++ b/services/actions/run.go
@@ -27,7 +27,7 @@ func killRun(ctx context.Context, run *actions_model.ActionRun, newStatus action
 			if job.TaskID == 0 {
 				job.Status = newStatus
 				job.Stopped = timeutil.TimeStampNow()
-				_, err := actions_model.UpdateRunJobWithoutNotification(ctx, job, nil, "status", "stopped")
+				_, err := UpdateRunJob(ctx, job, nil, "status", "stopped")
 				if err != nil {
 					return err
 				}

From ef5479af71c47d55e3aa63fa60debd26f7bed9c7 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 24 Apr 2026 18:19:58 +0200
Subject: [PATCH 732/854] refactor: split "basic" and "oauth2" authentication
 impl into smaller single-purpose components (#12236)

Forgejo's `basic` and `oauth2` authentication methods perform five distinct types of authentication:
- Username and password authentication
- Personal access tokens
- OAuth2 access tokens
- Forgejo Action's `${{ forgejo.token }}` -- task-based static tokens
- Forgejo Action's `${{ env.ACTIONS_RUNTIME_TOKEN }}` JWT, which is the authentication method used for `upload-artifact` (mirroring GitHub's implementation)

`basic` and `oauth2` both supported almost all of these methods, resulting in quite a bit of code duplication between them.  This PR splits personal access tokens into `access_token.go`, Action's task-based tokens into `action_task_token.go`, and Action's JWT tokens into `action_runtime_token.go`.

**Note:** There is one peculiar side-effect that is worth discussing.  Previously, `Authorization: Basic ...` was handled by one complex code path in basic.go, and `Authorization: Bearer ...` was handled by another in oauth2.go, and if authorization failed and a 401 was returned, a single error message would be returned to the user.  Now, as multiple authorization methods may look at `Authorization: Basic ...` and provide their own reason why authorization didn't work, a 401 response has multiple reasons for a lack of authorization listed:

```
401 Unauthorized
...

failure to authenticate with oauth2 access token: not a JWT
Basic authorization is not allowed while having security keys enrolled
access token does not exist [sha: notpassword]
task with token "notpassword": resource does not exist
```

A couple tests have been adapted to check that the result contains their expected response, rather than is equal-to or prefixed-with their expected result.  This is caused by the "auth group" joining together any "invalid credentials" errors, and, to a certain extent it is useful to understand why the authorization request failed.  But it's a bit obscure as well.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
  - Relying on integration testing for regression checks.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12236
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 routers/api/packages/api.go                   |  11 +-
 routers/api/shared/middleware.go              |   3 +
 routers/web/auth/oauth.go                     |  15 +-
 routers/web/web.go                            |   6 +
 services/auth/interface.go                    |  10 +-
 services/auth/method/access_token.go          |  78 ++++++
 services/auth/method/action_runtime_token.go  |  67 +++++
 .../auth/method/action_runtime_token_test.go  |  74 ++++++
 services/auth/method/action_task_token.go     |  67 +++++
 services/auth/method/auth_result_oauth.go     |   9 +-
 services/auth/method/basic.go                 |  71 +-----
 services/auth/method/oauth2.go                | 228 ++++++------------
 services/auth/method/oauth2_test.go           | 117 ---------
 services/auth/method/util.go                  |  71 ++++++
 services/auth/method/util_test.go             |  43 ++++
 tests/integration/api_twofa_test.go           |  12 +-
 16 files changed, 514 insertions(+), 368 deletions(-)
 create mode 100644 services/auth/method/access_token.go
 create mode 100644 services/auth/method/action_runtime_token.go
 create mode 100644 services/auth/method/action_runtime_token_test.go
 create mode 100644 services/auth/method/action_task_token.go
 delete mode 100644 services/auth/method/oauth2_test.go
 create mode 100644 services/auth/method/util.go
 create mode 100644 services/auth/method/util_test.go

diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 7096cd9e51..4a35948eca 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -193,6 +193,9 @@ func CommonRoutes() *web.Route {
 	verifyAuth(r, []auth.Method{
 		&auth_method.OAuth2{},
 		&auth_method.Basic{},
+		&auth_method.AccessToken{},
+		&auth_method.ActionRuntimeToken{},
+		&auth_method.ActionTaskToken{},
 		&nuget.Auth{},
 		&conan.Auth{},
 		&chef.Auth{},
@@ -836,7 +839,13 @@ func ContainerRoutes() *web.Route {
 
 	r.Use(context.PackageContexter())
 
-	verifyContainerAuth(r, []auth.Method{&auth_method.Basic{}, &container.Auth{}})
+	verifyContainerAuth(r, []auth.Method{
+		&auth_method.Basic{},
+		&auth_method.AccessToken{},
+		&auth_method.ActionRuntimeToken{},
+		&auth_method.ActionTaskToken{},
+		&container.Auth{},
+	})
 
 	r.Get("", container.ReqContainerAccess, container.DetermineSupport)
 	r.Group("/token", func() {
diff --git a/routers/api/shared/middleware.go b/routers/api/shared/middleware.go
index 5a2debf3af..9dd1605783 100644
--- a/routers/api/shared/middleware.go
+++ b/routers/api/shared/middleware.go
@@ -50,6 +50,9 @@ func buildAuthGroup() *auth_method.Group {
 		&auth_method.OAuth2{},
 		&auth_method.HTTPSign{},
 		&auth_method.Basic{}, // FIXME: this should be removed once we don't allow basic auth in API
+		&auth_method.AccessToken{},
+		&auth_method.ActionRuntimeToken{},
+		&auth_method.ActionTaskToken{},
 	)
 	if setting.Service.EnableReverseProxyAuthAPI {
 		group.Add(&auth_method.ReverseProxy{})
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index dae71dd377..6335f2ecc0 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -33,7 +33,6 @@ import (
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
 	"forgejo.org/modules/web/middleware"
-	auth_method "forgejo.org/services/auth/method"
 	source_service "forgejo.org/services/auth/source"
 	"forgejo.org/services/auth/source/oauth2"
 	"forgejo.org/services/context"
@@ -294,7 +293,9 @@ func ifOnlyPublicGroups(scopes string) bool {
 
 // InfoOAuth manages request for userinfo endpoint
 func InfoOAuth(ctx *context.Context) {
-	if ctx.Doer == nil || !ctx.Authentication.IsOAuth2JWTAuthentication() {
+	hasGrantScopes, grantScopes := ctx.Authentication.OAuth2GrantScopes().Get()
+
+	if ctx.Doer == nil || !hasGrantScopes {
 		ctx.Resp.Header().Set("WWW-Authenticate", `Bearer realm=""`)
 		ctx.PlainText(http.StatusUnauthorized, "no valid authorization")
 		return
@@ -308,17 +309,7 @@ func InfoOAuth(ctx *context.Context) {
 		Picture:  ctx.Doer.AvatarLink(ctx),
 	}
 
-	var token string
-	if auHead := ctx.Req.Header.Get("Authorization"); auHead != "" {
-		auths := strings.Fields(auHead)
-		if len(auths) == 2 && (auths[0] == "token" || strings.ToLower(auths[0]) == "bearer") {
-			token = auths[1]
-		}
-	}
-
-	_, grantScopes := auth_method.CheckOAuthAccessToken(ctx, token)
 	onlyPublicGroups := ifOnlyPublicGroups(grantScopes)
-
 	groups, err := getOAuthGroupsForUser(ctx, ctx.Doer, onlyPublicGroups)
 	if err != nil {
 		ctx.ServerError("Oauth groups for user", err)
diff --git a/routers/web/web.go b/routers/web/web.go
index 9d8ac332a8..5839e7d30e 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -111,6 +111,12 @@ func buildAuthGroup() *auth_method.Group {
 	group.Add(&auth_method.OAuth2{}) // FIXME: this should be removed and only applied in download and oauth related routers
 	group.Add(&auth_method.Basic{})  // FIXME: this should be removed and only applied in download and git/lfs routers
 
+	// FIXME: extracted from OAuth2 & Basic -- these methods have internal URL filters that should be moved into
+	// middlewares (if we can figure out the right way to do that), similar to the notes on OAuth2 & Basic above.
+	group.Add(&auth_method.AccessToken{})
+	group.Add(&auth_method.ActionRuntimeToken{})
+	group.Add(&auth_method.ActionTaskToken{})
+
 	if setting.Service.EnableReverseProxyAuth {
 		group.Add(&auth_method.ReverseProxy{}) // reverseproxy should before Session, otherwise the header will be ignored if user has login
 	}
diff --git a/services/auth/interface.go b/services/auth/interface.go
index bbfe641520..a5ed33a79b 100644
--- a/services/auth/interface.go
+++ b/services/auth/interface.go
@@ -97,9 +97,9 @@ type AuthenticationResult interface {
 	// Identifies if the authentication was performed by a reverse proxy.
 	IsReverseProxyAuthentication() bool
 
-	// Identifies specifically that the OAuth2 JWT authentication method was used. If so, some related OAuth2 API
-	// endpoints may be accessible that otherwise wouldn't be.
-	IsOAuth2JWTAuthentication() bool
+	// Defined scopes of the [OAuth2Grant] as a comma-separated string, if authenticated via an OAuth access token JWT.
+	// Otherwise, None.
+	OAuth2GrantScopes() optional.Option[string]
 
 	// If authenticated as an Actions task (using ${{ forgejo.token }}), then indicates the specific task that performed
 	// the authentication.
@@ -108,8 +108,8 @@ type AuthenticationResult interface {
 
 type BaseAuthenticationResult struct{}
 
-func (*BaseAuthenticationResult) IsOAuth2JWTAuthentication() bool {
-	return false
+func (*BaseAuthenticationResult) OAuth2GrantScopes() optional.Option[string] {
+	return optional.None[string]()
 }
 
 func (*BaseAuthenticationResult) IsPasswordAuthentication() bool {
diff --git a/services/auth/method/access_token.go b/services/auth/method/access_token.go
new file mode 100644
index 0000000000..f1a5e8e766
--- /dev/null
+++ b/services/auth/method/access_token.go
@@ -0,0 +1,78 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	"fmt"
+	"net/http"
+
+	auth_model "forgejo.org/models/auth"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
+	"forgejo.org/modules/web/middleware"
+	"forgejo.org/services/auth"
+	"forgejo.org/services/authz"
+)
+
+var _ auth.Method = &AccessToken{}
+
+type AccessToken struct{}
+
+func (a *AccessToken) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) auth.MethodOutput {
+	// Authentication previously was performed in a single routine for `Authorization: Basic ...` and `Authorization:
+	// Bearer ...`, and both routines had separate URL exclusion lists onto which they wouldn't apply.  That behaviour
+	// is maintained by cloning those conditions here and deciding whether to look at basic/bearer auth, or not.  In the
+	// future this should be removed and migrated to route-specific middleware.
+	legacySkipBasic := !middleware.IsAPIPath(req) && !isContainerPath(req) && !isAttachmentDownload(req) && !isGitRawOrAttachOrLFSPath(req)
+	legacySkipFormAndBearer := !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) && !isGitRawOrAttachPath(req) && !isArchivePath(req)
+
+	maybeAuthToken := a.getTokenFromRequest(req, legacySkipBasic, legacySkipFormAndBearer)
+	if !maybeAuthToken.Has() {
+		return &auth.AuthenticationNotAttempted{}
+	}
+	_, authToken := maybeAuthToken.Get()
+
+	// check personal access token
+	token, err := auth_model.GetAccessTokenBySHA(req.Context(), authToken)
+	if auth_model.IsErrAccessTokenNotExist(err) || auth_model.IsErrAccessTokenEmpty(err) {
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
+	} else if err != nil {
+		return &auth.AuthenticationError{Error: fmt.Errorf("access token GetAccessTokenBySHA: %w", err)}
+	}
+
+	log.Trace("AccessToken: Valid AccessToken for user[%d]", token.UID)
+	u, err := user_model.GetUserByID(req.Context(), token.UID)
+	if err != nil {
+		return &auth.AuthenticationError{Error: fmt.Errorf("access token GetUserByID: %w", err)}
+	}
+
+	if err = token.UpdateLastUsed(req.Context()); err != nil {
+		log.Error("UpdateLastUsed:  %v", err)
+	}
+
+	reducer, err := authz.GetAuthorizationReducerForAccessToken(req.Context(), token)
+	if err != nil {
+		return &auth.AuthenticationError{Error: fmt.Errorf("access token GetAuthorizationReducerForAccessToken: %w", err)}
+	}
+
+	return &auth.AuthenticationSuccess{Result: &accessTokenAuthenticationResult{user: u, scope: token.Scope, reducer: reducer}}
+}
+
+func (a *AccessToken) getTokenFromRequest(req *http.Request, skipBasic, skipFormAndBearer bool) optional.Option[string] {
+	if !skipFormAndBearer {
+		if has, token := tokenFromForm(req).Get(); has {
+			return optional.Some(token)
+		}
+		if has, token := tokenFromAuthorizationBearer(req).Get(); has {
+			return optional.Some(token)
+		}
+	}
+	if !skipBasic {
+		if has, token := tokenFromAuthorizationBasic(req).Get(); has {
+			return optional.Some(token)
+		}
+	}
+	return optional.None[string]()
+}
diff --git a/services/auth/method/action_runtime_token.go b/services/auth/method/action_runtime_token.go
new file mode 100644
index 0000000000..2d15476424
--- /dev/null
+++ b/services/auth/method/action_runtime_token.go
@@ -0,0 +1,67 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	"context"
+	"errors"
+	"net/http"
+
+	actions_model "forgejo.org/models/actions"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/optional"
+	"forgejo.org/modules/web/middleware"
+	"forgejo.org/services/actions"
+	"forgejo.org/services/auth"
+)
+
+var _ auth.Method = &ActionRuntimeToken{}
+
+type ActionRuntimeToken struct{}
+
+func (a *ActionRuntimeToken) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) auth.MethodOutput {
+	// In the future this should be removed and migrated to route-specific middleware:
+	if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) && !isGitRawOrAttachPath(req) && !isArchivePath(req) {
+		return &auth.AuthenticationNotAttempted{}
+	}
+
+	maybeAuthToken := a.getTokenFromRequest(req)
+	if !maybeAuthToken.Has() {
+		return &auth.AuthenticationNotAttempted{}
+	}
+	_, authToken := maybeAuthToken.Get()
+
+	taskID, err := actions.TokenToTaskID(authToken)
+	if err != nil {
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
+	}
+
+	if !checkTaskIsRunning(req.Context(), taskID) {
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: errors.New("failure to authenticate with action runtime token: task is no longer running")}
+	}
+
+	return &auth.AuthenticationSuccess{Result: &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: taskID}}
+}
+
+func (a *ActionRuntimeToken) getTokenFromRequest(req *http.Request) optional.Option[string] {
+	if has, token := tokenFromForm(req).Get(); has {
+		return optional.Some(token)
+	}
+	if has, token := tokenFromAuthorizationBearer(req).Get(); has {
+		return optional.Some(token)
+	}
+	return optional.None[string]()
+}
+
+// CheckTaskIsRunning verifies that the TaskID corresponds to a running task
+func checkTaskIsRunning(ctx context.Context, taskID int64) bool {
+	// Verify the task exists
+	task, err := actions_model.GetTaskByID(ctx, taskID)
+	if err != nil {
+		return false
+	}
+
+	// Verify that it's running
+	return task.Status == actions_model.StatusRunning
+}
diff --git a/services/auth/method/action_runtime_token_test.go b/services/auth/method/action_runtime_token_test.go
new file mode 100644
index 0000000000..f5bae45e96
--- /dev/null
+++ b/services/auth/method/action_runtime_token_test.go
@@ -0,0 +1,74 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package method
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/services/actions"
+	auth_service "forgejo.org/services/auth"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestActionRuntimeTokenVerify(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("Actions JWT", func(t *testing.T) {
+		const RunningTaskID = 47
+		task := &actions_model.ActionTask{
+			ID: RunningTaskID,
+			Job: &actions_model.ActionRunJob{
+				ID:    2,
+				RunID: 1,
+			},
+		}
+		token, err := actions.CreateAuthorizationToken(task, map[string]any{}, false)
+		require.NoError(t, err)
+
+		req := http.Request{
+			URL: &url.URL{Path: "/api/v1/"},
+			Header: map[string][]string{
+				"Authorization": {fmt.Sprintf("Bearer %s", token)},
+			},
+		}
+
+		o := ActionRuntimeToken{}
+		output := o.Verify(&req, nil, nil)
+		ar, authSuccess := output.(*auth_service.AuthenticationSuccess)
+		require.True(t, authSuccess, "expected type AuthenticationSuccess, but was: %#v", output)
+		authResult := ar.Result
+		assert.Equal(t, int64(user_model.ActionsUserID), authResult.User().ID)
+		isActionsToken, authTaskID := authResult.ActionsTaskID().Get()
+		assert.True(t, isActionsToken)
+		assert.Equal(t, int64(RunningTaskID), authTaskID)
+	})
+}
+
+func TestCheckTaskIsRunning(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	cases := map[string]struct {
+		TaskID   int64
+		Expected bool
+	}{
+		"Running":   {TaskID: 47, Expected: true},
+		"Missing":   {TaskID: 1, Expected: false},
+		"Cancelled": {TaskID: 46, Expected: false},
+	}
+
+	for name := range cases {
+		c := cases[name]
+		t.Run(name, func(t *testing.T) {
+			actual := checkTaskIsRunning(t.Context(), c.TaskID)
+			assert.Equal(t, c.Expected, actual)
+		})
+	}
+}
diff --git a/services/auth/method/action_task_token.go b/services/auth/method/action_task_token.go
new file mode 100644
index 0000000000..b5e1ab4f59
--- /dev/null
+++ b/services/auth/method/action_task_token.go
@@ -0,0 +1,67 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+
+	actions_model "forgejo.org/models/actions"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
+	"forgejo.org/modules/util"
+	"forgejo.org/modules/web/middleware"
+	"forgejo.org/services/auth"
+)
+
+var _ auth.Method = &ActionTaskToken{}
+
+type ActionTaskToken struct{}
+
+func (a *ActionTaskToken) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) auth.MethodOutput {
+	// Authentication previously was performed in a single routine for `Authorization: Basic ...` and `Authorization:
+	// Bearer ...`, and both routines had separate URL exclusion lists onto which they wouldn't apply.  That behaviour
+	// is maintained by cloning those conditions here and deciding whether to look at basic/bearer auth, or not.  In the
+	// future this should be removed and migrated to route-specific middleware.
+	legacySkipBasic := !middleware.IsAPIPath(req) && !isContainerPath(req) && !isAttachmentDownload(req) && !isGitRawOrAttachOrLFSPath(req)
+	legacySkipFormAndBearer := !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) && !isGitRawOrAttachPath(req) && !isArchivePath(req)
+
+	maybeAuthToken := a.getTokenFromRequest(req, legacySkipBasic, legacySkipFormAndBearer)
+	if !maybeAuthToken.Has() {
+		return &auth.AuthenticationNotAttempted{}
+	}
+	_, authToken := maybeAuthToken.Get()
+
+	// check task token
+	task, err := actions_model.GetRunningTaskByToken(req.Context(), authToken)
+	if err != nil && errors.Is(err, util.ErrNotExist) {
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
+	} else if err != nil {
+		return &auth.AuthenticationError{Error: fmt.Errorf("action task token GetRunningTaskByToken: %w", err)}
+	} else if task == nil {
+		return &auth.AuthenticationError{Error: errors.New("failed to retrieve non-nil task")}
+	}
+
+	log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
+	return &auth.AuthenticationSuccess{Result: &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: task.ID}}
+}
+
+func (a *ActionTaskToken) getTokenFromRequest(req *http.Request, skipBasic, skipFormAndBearer bool) optional.Option[string] {
+	if !skipFormAndBearer {
+		if has, token := tokenFromForm(req).Get(); has {
+			return optional.Some(token)
+		}
+		if has, token := tokenFromAuthorizationBearer(req).Get(); has {
+			return optional.Some(token)
+		}
+	}
+	if !skipBasic {
+		if has, token := tokenFromAuthorizationBasic(req).Get(); has {
+			return optional.Some(token)
+		}
+	}
+	return optional.None[string]()
+}
diff --git a/services/auth/method/auth_result_oauth.go b/services/auth/method/auth_result_oauth.go
index ce451e6459..392e616837 100644
--- a/services/auth/method/auth_result_oauth.go
+++ b/services/auth/method/auth_result_oauth.go
@@ -14,8 +14,9 @@ var _ auth.AuthenticationResult = &oAuth2JWTAuthenticationResult{}
 
 type oAuth2JWTAuthenticationResult struct {
 	*auth.BaseAuthenticationResult
-	user  *user_model.User
-	scope optional.Option[auth_model.AccessTokenScope]
+	user        *user_model.User
+	scope       optional.Option[auth_model.AccessTokenScope]
+	grantScopes string
 }
 
 func (*oAuth2JWTAuthenticationResult) IsOAuth2JWTAuthentication() bool {
@@ -29,3 +30,7 @@ func (r *oAuth2JWTAuthenticationResult) User() *user_model.User {
 func (r *oAuth2JWTAuthenticationResult) Scope() optional.Option[auth_model.AccessTokenScope] {
 	return r.scope
 }
+
+func (r *oAuth2JWTAuthenticationResult) OAuth2GrantScopes() optional.Option[string] {
+	return optional.Some(r.grantScopes)
+}
diff --git a/services/auth/method/basic.go b/services/auth/method/basic.go
index 905deb0652..8385bea2fd 100644
--- a/services/auth/method/basic.go
+++ b/services/auth/method/basic.go
@@ -10,18 +10,15 @@ import (
 	"net/http"
 	"strings"
 
-	actions_model "forgejo.org/models/actions"
 	auth_model "forgejo.org/models/auth"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/base"
 	"forgejo.org/modules/log"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web/middleware"
 	"forgejo.org/services/auth"
 	"forgejo.org/services/auth/source/db"
-	"forgejo.org/services/authz"
 )
 
 // Ensure the struct implements the interface.
@@ -34,10 +31,8 @@ var (
 // header.
 type Basic struct{}
 
-// Verify extracts and validates Basic data (username and password/token) from the
-// "Authorization" header of the request and returns the corresponding user object for that
-// name/token on successful validation.
-// Returns nil if header is empty or validation fails.
+// Verify extracts and validates Basic data (username and password/token) from the "Authorization" header of the request
+// and returns the corresponding user object for that name/token on successful validation.
 func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) auth.MethodOutput {
 	// Basic authentication should only fire on API, Download or on Git or LFSPaths
 	if !middleware.IsAPIPath(req) && !isContainerPath(req) && !isAttachmentDownload(req) && !isGitRawOrAttachOrLFSPath(req) {
@@ -56,67 +51,6 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionS
 
 	uname, passwd, _ := base.BasicAuthDecode(auths[1])
 
-	// Check if username or password is a token
-	isUsernameToken := len(passwd) == 0 || passwd == "x-oauth-basic"
-	// Assume username is token
-	authToken := uname
-	if !isUsernameToken {
-		log.Trace("Basic Authorization: Attempting login for: %s", uname)
-		// Assume password is token
-		authToken = passwd
-	} else {
-		log.Trace("Basic Authorization: Attempting login with username as token")
-	}
-
-	// check oauth2 token
-	uid, grantScopes := CheckOAuthAccessToken(req.Context(), authToken)
-	if uid != 0 {
-		log.Trace("Basic Authorization: Valid OAuthAccessToken for user[%d]", uid)
-
-		u, err := user_model.GetUserByID(req.Context(), uid)
-		if err != nil {
-			return &auth.AuthenticationError{Error: fmt.Errorf("basic auth GetUserByID: %w", err)}
-		}
-
-		var scope auth_model.AccessTokenScope
-		if grantScopes != "" {
-			scope = auth_model.AccessTokenScope(grantScopes)
-		} else {
-			scope = auth_model.AccessTokenScopeAll // fallback to all
-		}
-		return &auth.AuthenticationSuccess{Result: &oAuth2JWTAuthenticationResult{user: u, scope: optional.Some(scope)}}
-	}
-
-	// check personal access token
-	token, err := auth_model.GetAccessTokenBySHA(req.Context(), authToken)
-	if err == nil {
-		log.Trace("Basic Authorization: Valid AccessToken for user[%d]", token.UID)
-		u, err := user_model.GetUserByID(req.Context(), token.UID)
-		if err != nil {
-			return &auth.AuthenticationError{Error: fmt.Errorf("basic auth GetUserByID for access token: %w", err)}
-		}
-
-		if err = token.UpdateLastUsed(req.Context()); err != nil {
-			log.Error("UpdateLastUsed:  %v", err)
-		}
-
-		reducer, err := authz.GetAuthorizationReducerForAccessToken(req.Context(), token)
-		if err != nil {
-			return &auth.AuthenticationError{Error: fmt.Errorf("basic auth GetAuthorizationReducerForAccessToken: %w", err)}
-		}
-
-		return &auth.AuthenticationSuccess{Result: &accessTokenAuthenticationResult{user: u, scope: token.Scope, reducer: reducer}}
-	} else if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
-		log.Error("GetAccessTokenBySha: %v", err)
-	}
-
-	// check task token
-	task, err := actions_model.GetRunningTaskByToken(req.Context(), authToken)
-	if err == nil && task != nil {
-		log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
-		return &auth.AuthenticationSuccess{Result: &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: task.ID}}
-	}
-
 	if !setting.Service.EnableBasicAuth {
 		return &auth.AuthenticationAttemptedIncorrectCredential{Error: errors.New("basic authentication by username & password is disabled")}
 	}
@@ -147,7 +81,6 @@ func (b *Basic) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionS
 	}
 
 	log.Trace("Basic Authorization: Logged in user %-v", u)
-
 	return &auth.AuthenticationSuccess{Result: &basicPaswordAuthenticationResult{user: u}}
 }
 
diff --git a/services/auth/method/oauth2.go b/services/auth/method/oauth2.go
index 8e07a2ecca..9eeef6a6c1 100644
--- a/services/auth/method/oauth2.go
+++ b/services/auth/method/oauth2.go
@@ -5,25 +5,21 @@
 package method
 
 import (
-	"context"
+	"errors"
 	"fmt"
 	"net/http"
 	"slices"
 	"strings"
 	"time"
 
-	actions_model "forgejo.org/models/actions"
 	auth_model "forgejo.org/models/auth"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
-	"forgejo.org/modules/util"
 	"forgejo.org/modules/web/middleware"
-	"forgejo.org/services/actions"
 	"forgejo.org/services/auth"
 	"forgejo.org/services/auth/source/oauth2"
-	"forgejo.org/services/authz"
 )
 
 // Ensure the struct implements the interface.
@@ -70,174 +66,86 @@ func grantAdditionalScopes(grantScopes string) string {
 	return ""
 }
 
-// CheckOAuthAccessToken returns uid of user from oauth token
-// + non default openid scopes requested
-func CheckOAuthAccessToken(ctx context.Context, accessToken string) (int64, string) {
-	if !setting.OAuth2.Enabled {
-		return 0, ""
-	}
-	// JWT tokens require a "."
-	if !strings.Contains(accessToken, ".") {
-		return 0, ""
-	}
-	token, err := oauth2.ParseToken(accessToken, oauth2.DefaultSigningKey)
-	if err != nil {
-		log.Trace("oauth2.ParseToken: %v", err)
-		return 0, ""
-	}
-	var grant *auth_model.OAuth2Grant
-	if grant, err = auth_model.GetOAuth2GrantByID(ctx, token.GrantID); err != nil || grant == nil {
-		return 0, ""
-	}
-	if token.Type != oauth2.TypeAccessToken {
-		return 0, ""
-	}
-	if token.ExpiresAt.Before(time.Now()) || token.IssuedAt.After(time.Now()) {
-		return 0, ""
-	}
-	grantScopes := grantAdditionalScopes(grant.Scope)
-	return grant.UserID, grantScopes
-}
-
-// CheckTaskIsRunning verifies that the TaskID corresponds to a running task
-func CheckTaskIsRunning(ctx context.Context, taskID int64) bool {
-	// Verify the task exists
-	task, err := actions_model.GetTaskByID(ctx, taskID)
-	if err != nil {
-		return false
-	}
-
-	// Verify that it's running
-	return task.Status == actions_model.StatusRunning
-}
-
-// OAuth2 implements the Auth interface and authenticates requests
-// (API requests only) by looking for an OAuth token in query parameters or the
-// "Authorization" header.
+// OAuth2 implements the Auth interface and authenticates requests (API requests only) by looking for an OAuth token in
+// query parameters or the "Authorization" header.
 type OAuth2 struct{}
 
-// parseToken returns the token from request, and a boolean value
-// representing whether the token exists or not
-func parseToken(req *http.Request) (string, bool) {
-	_ = req.ParseForm()
-	if !setting.DisableQueryAuthToken {
-		// Check token.
-		if token := req.Form.Get("token"); token != "" {
-			return token, true
-		}
-		// Check access token.
-		if token := req.Form.Get("access_token"); token != "" {
-			return token, true
-		}
-	} else if req.Form.Get("token") != "" || req.Form.Get("access_token") != "" {
-		log.Warn("API token sent in query string but DISABLE_QUERY_AUTH_TOKEN=true")
-	}
-
-	// check header token
-	if auHead := req.Header.Get("Authorization"); auHead != "" {
-		auths := strings.Fields(auHead)
-		if len(auths) == 2 && (util.ASCIIEqualFold(auths[0], "token") || util.ASCIIEqualFold(auths[0], "bearer")) {
-			return auths[1], true
-		}
-	}
-	return "", false
-}
-
-// userIDFromToken returns the user id corresponding to the OAuth token.
-// It will set 'IsApiToken' to true if the token is an API token and
-// set 'ApiTokenScope' to the scope of the access token
-func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string) auth.MethodOutput {
-	if tokenSHA == "" {
-		return &auth.AuthenticationAttemptedIncorrectCredential{Error: auth_model.ErrAccessTokenEmpty{}}
-	}
-	// Let's see if token is valid.
-	if strings.Contains(tokenSHA, ".") {
-		// First attempt to decode an actions JWT, returning the actions user
-		if taskID, err := actions.TokenToTaskID(tokenSHA); err == nil {
-			if CheckTaskIsRunning(ctx, taskID) {
-				return &auth.AuthenticationSuccess{Result: &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: taskID}}
-			}
-		}
-
-		// Otherwise, check if this is an OAuth access token
-		uid, grantScopes := CheckOAuthAccessToken(ctx, tokenSHA)
-		var accessTokenScope optional.Option[auth_model.AccessTokenScope]
-		if uid != 0 {
-			if grantScopes != "" {
-				accessTokenScope = optional.Some(auth_model.AccessTokenScope(grantScopes))
-			} else {
-				accessTokenScope = optional.Some(auth_model.AccessTokenScopeAll) // fallback to all
-			}
-		}
-		user, err := user_model.GetPossibleUserByID(ctx, uid)
-		if err != nil {
-			if user_model.IsErrUserNotExist(err) {
-				return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
-			}
-			return &auth.AuthenticationError{Error: fmt.Errorf("oauth2 GetPossibleUserByID: %w", err)}
-		}
-		return &auth.AuthenticationSuccess{Result: &oAuth2JWTAuthenticationResult{user: user, scope: accessTokenScope}}
-	}
-
-	t, err := auth_model.GetAccessTokenBySHA(ctx, tokenSHA)
-	if err != nil {
-		if auth_model.IsErrAccessTokenNotExist(err) {
-			// check task token
-			task, err := actions_model.GetRunningTaskByToken(ctx, tokenSHA)
-			if err == nil && task != nil {
-				log.Trace("Basic Authorization: Valid AccessToken for task[%d]", task.ID)
-				return &auth.AuthenticationSuccess{Result: &actionsTaskTokenAuthenticationResult{user: user_model.NewActionsUser(), taskID: task.ID}}
-			}
-		} else if !auth_model.IsErrAccessTokenNotExist(err) && !auth_model.IsErrAccessTokenEmpty(err) {
-			return &auth.AuthenticationError{Error: fmt.Errorf("oauth2 GetAccessTokenBySHA: %w", err)}
-		}
-		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
-	}
-	if err := t.UpdateLastUsed(ctx); err != nil {
-		log.Error("UpdateLastUsed: %v", err)
-	}
-	if t.UID == 0 {
-		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
-	}
-
-	reducer, err := authz.GetAuthorizationReducerForAccessToken(ctx, t)
-	if err != nil {
-		return &auth.AuthenticationError{Error: fmt.Errorf("oauth2 GetAuthorizationReducerForAccessToken: %w", err)}
-	}
-
-	u, err := user_model.GetUserByID(ctx, t.UID)
-	if err != nil {
-		return &auth.AuthenticationError{Error: fmt.Errorf("oauth2 GetUserByID: %w", err)}
-	}
-
-	return &auth.AuthenticationSuccess{Result: &accessTokenAuthenticationResult{user: u, scope: t.Scope, reducer: reducer}}
-}
-
-// Verify extracts the user ID from the OAuth token in the query parameters
-// or the "Authorization" header and returns the corresponding user object for that ID.
-// If verification is successful returns an existing user object.
-// Returns nil if verification fails.
 func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) auth.MethodOutput {
+	if !setting.OAuth2.Enabled {
+		return &auth.AuthenticationNotAttempted{}
+	}
 	// These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs
 	if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) &&
 		!isGitRawOrAttachPath(req) && !isArchivePath(req) {
 		return &auth.AuthenticationNotAttempted{}
 	}
 
-	token, ok := parseToken(req)
-	if !ok {
+	maybeAuthToken := o.getTokenFromRequest(req)
+	if !maybeAuthToken.Has() {
 		return &auth.AuthenticationNotAttempted{}
 	}
+	_, authToken := maybeAuthToken.Get()
 
-	return o.userIDFromToken(req.Context(), token)
+	token, err := oauth2.ParseToken(authToken, oauth2.DefaultSigningKey)
+	if err != nil {
+		log.Trace("oauth2.ParseToken: %v", err)
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: err}
+	}
+
+	var grant *auth_model.OAuth2Grant
+	if grant, err = auth_model.GetOAuth2GrantByID(req.Context(), token.GrantID); err != nil {
+		return &auth.AuthenticationError{Error: fmt.Errorf("oauth2 GetOAuth2GrantByID: %w", err)}
+	} else if grant == nil {
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: errors.New("oauth2 grant not found or revoked")}
+	}
+	if token.Type != oauth2.TypeAccessToken {
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: errors.New("token was not an oauth2 access token")}
+	}
+	if token.ExpiresAt.Before(time.Now()) || token.IssuedAt.After(time.Now()) {
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: errors.New("token was expired")}
+	}
+	if grant.UserID == 0 {
+		return &auth.AuthenticationError{Error: errors.New("oauth2 invalid grant user id")}
+	}
+
+	var accessTokenScope optional.Option[auth_model.AccessTokenScope]
+	grantScopes := grantAdditionalScopes(grant.Scope)
+	if grantScopes != "" {
+		accessTokenScope = optional.Some(auth_model.AccessTokenScope(grantScopes))
+	} else {
+		accessTokenScope = optional.Some(auth_model.AccessTokenScopeAll) // fallback to all
+	}
+
+	user, err := user_model.GetPossibleUserByID(req.Context(), grant.UserID)
+	if err != nil {
+		if !user_model.IsErrUserNotExist(err) {
+			return &auth.AuthenticationError{Error: fmt.Errorf("oauth2 GetPossibleUserByID: %w", err)}
+		}
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: errors.New("oauth2 grant owner does not exist")}
+	}
+
+	return &auth.AuthenticationSuccess{
+		Result: &oAuth2JWTAuthenticationResult{
+			user:        user,
+			scope:       accessTokenScope,
+			grantScopes: grantScopes,
+		},
+	}
+}
+
+func (*OAuth2) getTokenFromRequest(req *http.Request) optional.Option[string] {
+	if has, token := tokenFromForm(req).Get(); has {
+		return optional.Some(token)
+	}
+	if has, token := tokenFromAuthorizationBasic(req).Get(); has {
+		return optional.Some(token)
+	}
+	if has, token := tokenFromAuthorizationBearer(req).Get(); has {
+		return optional.Some(token)
+	}
+	return optional.None[string]()
 }
 
 func isAuthenticatedTokenRequest(req *http.Request) bool {
-	switch req.URL.Path {
-	case "/login/oauth/userinfo":
-		fallthrough
-	case "/login/oauth/introspect":
-		return true
-	}
-	return false
+	return req.URL.Path == "/login/oauth/userinfo"
 }
diff --git a/services/auth/method/oauth2_test.go b/services/auth/method/oauth2_test.go
deleted file mode 100644
index 5ad103fe58..0000000000
--- a/services/auth/method/oauth2_test.go
+++ /dev/null
@@ -1,117 +0,0 @@
-// Copyright 2024 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package method
-
-import (
-	"net/http"
-	"testing"
-
-	actions_model "forgejo.org/models/actions"
-	"forgejo.org/models/auth"
-	"forgejo.org/models/unittest"
-	user_model "forgejo.org/models/user"
-	"forgejo.org/services/actions"
-	auth_service "forgejo.org/services/auth"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func TestUserIDFromToken(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-
-	t.Run("Actions JWT", func(t *testing.T) {
-		const RunningTaskID = 47
-		task := &actions_model.ActionTask{
-			ID: RunningTaskID,
-			Job: &actions_model.ActionRunJob{
-				ID:    2,
-				RunID: 1,
-			},
-		}
-		token, err := actions.CreateAuthorizationToken(task, map[string]any{}, false)
-		require.NoError(t, err)
-
-		o := OAuth2{}
-		output := o.userIDFromToken(t.Context(), token)
-		ar, authSuccess := output.(*auth_service.AuthenticationSuccess)
-		require.True(t, authSuccess, "expected type AuthenticationSuccess, but was: %#v", output)
-		authResult := ar.Result
-		assert.Equal(t, int64(user_model.ActionsUserID), authResult.User().ID)
-		isActionsToken, authTaskID := authResult.ActionsTaskID().Get()
-		assert.True(t, isActionsToken)
-		assert.Equal(t, int64(RunningTaskID), authTaskID)
-	})
-
-	t.Run("Actions error-JWT", func(t *testing.T) {
-		cases := map[string]struct {
-			Token string
-			Error error
-		}{
-			"Empty":    {"", auth.ErrAccessTokenEmpty{}},
-			"To short": {"abc", auth.ErrAccessTokenNotExist{Token: "abc"}},
-		}
-
-		o := OAuth2{}
-		for name, c := range cases {
-			t.Run(name, func(t *testing.T) {
-				output := o.userIDFromToken(t.Context(), c.Token)
-
-				ar, authFailure := output.(*auth_service.AuthenticationAttemptedIncorrectCredential)
-				require.True(t, authFailure, "expected type AuthenticationAttemptedIncorrectCredential, but was: %#v", output)
-				err := ar.Error
-
-				require.ErrorIs(t, err, c.Error)
-			})
-		}
-	})
-}
-
-func TestCheckTaskIsRunning(t *testing.T) {
-	require.NoError(t, unittest.PrepareTestDatabase())
-	cases := map[string]struct {
-		TaskID   int64
-		Expected bool
-	}{
-		"Running":   {TaskID: 47, Expected: true},
-		"Missing":   {TaskID: 1, Expected: false},
-		"Cancelled": {TaskID: 46, Expected: false},
-	}
-
-	for name := range cases {
-		c := cases[name]
-		t.Run(name, func(t *testing.T) {
-			actual := CheckTaskIsRunning(t.Context(), c.TaskID)
-			assert.Equal(t, c.Expected, actual)
-		})
-	}
-}
-
-func TestParseToken(t *testing.T) {
-	cases := map[string]struct {
-		Header        string
-		ExpectedToken string
-		Expected      bool
-	}{
-		"Token Uppercase":   {Header: "Token 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
-		"Token Lowercase":   {Header: "token 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
-		"Token Unicode":     {Header: "to\u212Aen 1234567890123456789012345687901325467890", ExpectedToken: "", Expected: false},
-		"Bearer Uppercase":  {Header: "Bearer 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
-		"Bearer Lowercase":  {Header: "bearer 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
-		"Missing type":      {Header: "1234567890123456789012345687901325467890", ExpectedToken: "", Expected: false},
-		"Three Parts":       {Header: "abc 1234567890 test", ExpectedToken: "", Expected: false},
-		"Token Three Parts": {Header: "Token 1234567890 test", ExpectedToken: "", Expected: false},
-	}
-
-	for name := range cases {
-		c := cases[name]
-		t.Run(name, func(t *testing.T) {
-			req, _ := http.NewRequest("GET", "/", nil)
-			req.Header.Add("Authorization", c.Header)
-			ActualToken, ActualSuccess := parseToken(req)
-			assert.Equal(t, c.ExpectedToken, ActualToken)
-			assert.Equal(t, c.Expected, ActualSuccess)
-		})
-	}
-}
diff --git a/services/auth/method/util.go b/services/auth/method/util.go
new file mode 100644
index 0000000000..8f3d2d355d
--- /dev/null
+++ b/services/auth/method/util.go
@@ -0,0 +1,71 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	"net/http"
+	"strings"
+
+	"forgejo.org/modules/base"
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/util"
+)
+
+func tokenFromForm(req *http.Request) optional.Option[string] {
+	_ = req.ParseForm()
+	if !setting.DisableQueryAuthToken {
+		// Check token.
+		if token := req.Form.Get("token"); token != "" {
+			return optional.Some(token)
+		}
+		// Check access token.
+		if token := req.Form.Get("access_token"); token != "" {
+			return optional.Some(token)
+		}
+	} else if req.Form.Get("token") != "" || req.Form.Get("access_token") != "" {
+		log.Warn("API token sent in query string but DISABLE_QUERY_AUTH_TOKEN=true")
+	}
+	return optional.None[string]()
+}
+
+func tokenFromAuthorizationBearer(req *http.Request) optional.Option[string] {
+	authorization := req.Header.Get("Authorization")
+	if len(authorization) != 0 {
+		auths := strings.Fields(authorization)
+		if len(auths) == 2 && (util.ASCIIEqualFold(auths[0], "token") || util.ASCIIEqualFold(auths[0], "bearer")) {
+			return optional.Some(auths[1])
+		}
+	}
+	return optional.None[string]()
+}
+
+func tokenFromAuthorizationBasic(req *http.Request) optional.Option[string] {
+	authorization := req.Header.Get("Authorization")
+	if len(authorization) != 0 {
+		auths := strings.SplitN(authorization, " ", 2)
+		if len(auths) == 2 && strings.ToLower(auths[0]) == "basic" {
+			uname, passwd, err := base.BasicAuthDecode(auths[1])
+			if err != nil {
+				// Client provided a `Authorization: Basic ...`, but then [...] either couldn't be base64 decoded, or
+				// didn't contain a ":" for username/password separation.  If we return `None`, it'll indicate to the
+				// caller that `Authorization: Basic [...]` wasn't present and skip authentication, so intead we'll
+				// return Some with an empty token to trigger a 401 error.
+				log.Debug("unexpected error in BasicAuthDecode(%q): %s", auths[1], err)
+				return optional.Some("")
+			}
+
+			// Usually we'll use the password as the access token (or oauth token), but if the password is empty or
+			// `x-oauth-basic`, we'll use the username as a token.  This behaviour is inherited from GitHub's OAuth Git
+			// over HTTPS behaviour.
+			if len(passwd) == 0 || passwd == "x-oauth-basic" {
+				return optional.Some(uname)
+			}
+
+			return optional.Some(passwd)
+		}
+	}
+	return optional.None[string]()
+}
diff --git a/services/auth/method/util_test.go b/services/auth/method/util_test.go
new file mode 100644
index 0000000000..9183701e4f
--- /dev/null
+++ b/services/auth/method/util_test.go
@@ -0,0 +1,43 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package method
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestTokenFromAuthorizationBearer(t *testing.T) {
+	cases := map[string]struct {
+		Header        string
+		ExpectedToken string
+		Expected      bool
+	}{
+		"Token Uppercase":   {Header: "Token 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
+		"Token Lowercase":   {Header: "token 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
+		"Token Unicode":     {Header: "to\u212Aen 1234567890123456789012345687901325467890", ExpectedToken: "", Expected: false},
+		"Bearer Uppercase":  {Header: "Bearer 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
+		"Bearer Lowercase":  {Header: "bearer 1234567890123456789012345687901325467890", ExpectedToken: "1234567890123456789012345687901325467890", Expected: true},
+		"Missing type":      {Header: "1234567890123456789012345687901325467890", ExpectedToken: "", Expected: false},
+		"Three Parts":       {Header: "abc 1234567890 test", ExpectedToken: "", Expected: false},
+		"Token Three Parts": {Header: "Token 1234567890 test", ExpectedToken: "", Expected: false},
+	}
+
+	for name := range cases {
+		c := cases[name]
+		t.Run(name, func(t *testing.T) {
+			req, _ := http.NewRequest("GET", "/", nil)
+			req.Header.Add("Authorization", c.Header)
+			maybeToken := tokenFromAuthorizationBearer(req)
+			if hasToken, token := maybeToken.Get(); hasToken {
+				assert.True(t, c.Expected)
+				assert.Equal(t, c.ExpectedToken, token)
+			} else {
+				assert.False(t, c.Expected)
+			}
+		})
+	}
+}
diff --git a/tests/integration/api_twofa_test.go b/tests/integration/api_twofa_test.go
index ab173fc9f9..867dfe1e56 100644
--- a/tests/integration/api_twofa_test.go
+++ b/tests/integration/api_twofa_test.go
@@ -6,6 +6,7 @@ package integration
 import (
 	"fmt"
 	"net/http"
+	"slices"
 	"strings"
 	"testing"
 	"time"
@@ -82,7 +83,7 @@ func TestAPIWebAuthn(t *testing.T) {
 
 	DecodeJSON(t, resp, &userParsed)
 
-	assert.Equal(t, "Basic authorization is not allowed while having security keys enrolled", userParsed.Message)
+	assert.Contains(t, userParsed.Message, "Basic authorization is not allowed while having security keys enrolled\n")
 }
 
 func TestAPIWithRequiredTwoFactor(t *testing.T) {
@@ -144,7 +145,14 @@ func TestAPIWithRequiredTwoFactor(t *testing.T) {
 			var response userResponse
 			DecodeJSON(t, resp, &response)
 
-			assert.True(t, strings.HasPrefix(response.Message, messagePrefix))
+			assert.True(t,
+				slices.ContainsFunc(
+					strings.Split(response.Message, "\n"),
+					func(msg string) bool {
+						return strings.HasPrefix(msg, messagePrefix)
+					},
+				),
+				"expected prefix %q, but response message was %q", messagePrefix, response.Message)
 		}
 	}
 

From 9d275907c5d383335ea79d51fcd955afe209fa12 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 24 Apr 2026 18:36:55 +0200
Subject: [PATCH 733/854] Update dependency @codemirror/view to v6.41.1
 (forgejo) (#12219)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12219
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 package-lock.json | 16 ++++++++--------
 package.json      |  4 ++--
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 527811982e..fd1978bc31 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -28,9 +28,9 @@
         "@codemirror/lang-xml": "6.1.0",
         "@codemirror/lang-yaml": "6.1.3",
         "@codemirror/language": "6.12.3",
-        "@codemirror/search": "6.6.0",
+        "@codemirror/search": "6.7.0",
         "@codemirror/state": "6.6.0",
-        "@codemirror/view": "6.41.0",
+        "@codemirror/view": "6.41.1",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.9.4",
@@ -754,9 +754,9 @@
       }
     },
     "node_modules/@codemirror/search": {
-      "version": "6.6.0",
-      "resolved": "https://registry.npmjs.org/@codemirror/search/-/search-6.6.0.tgz",
-      "integrity": "sha512-koFuNXcDvyyotWcgOnZGmY7LZqEOXZaaxD/j6n18TCLx2/9HieZJ5H6hs1g8FiRxBD0DNfs0nXn17g872RmYdw==",
+      "version": "6.7.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/search/-/search-6.7.0.tgz",
+      "integrity": "sha512-ZvGm99wc/s2cITtMT15LFdn8aH/aS+V+DqyGq/N5ZlV5vWtH+nILvC2nw0zX7ByNoHHDZ2IxxdW38O0tc5nVHg==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.0.0",
@@ -774,9 +774,9 @@
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.41.0",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.41.0.tgz",
-      "integrity": "sha512-6H/qadXsVuDY219Yljhohglve8xf4B8xJkVOEWfA5uiYKiTFppjqsvsfR5iPA0RbvRBoOyTZpbLIxe9+0UR8xA==",
+      "version": "6.41.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.41.1.tgz",
+      "integrity": "sha512-ToDnWKbBnke+ZLrP6vgTTDScGi5H37YYuZGniQaBzxMVdtCxMrslsmtnOvbPZk4RX9bvkQqnWR/WS/35tJA0qg==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.6.0",
diff --git a/package.json b/package.json
index de425537c8..ef3638cff7 100644
--- a/package.json
+++ b/package.json
@@ -27,9 +27,9 @@
     "@codemirror/lang-xml": "6.1.0",
     "@codemirror/lang-yaml": "6.1.3",
     "@codemirror/language": "6.12.3",
-    "@codemirror/search": "6.6.0",
+    "@codemirror/search": "6.7.0",
     "@codemirror/state": "6.6.0",
-    "@codemirror/view": "6.41.0",
+    "@codemirror/view": "6.41.1",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.9.4",

From 10643ceb9b821cec1fa0668e750117eed9e1312e Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 25 Apr 2026 01:06:51 +0200
Subject: [PATCH 734/854] Update dependency htmx.org to v2.0.10 (forgejo)
 (#12256)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12256
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index fd1978bc31..5a0e0185ec 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -51,7 +51,7 @@
         "esbuild-loader": "4.4.3",
         "escape-goat": "4.0.0",
         "fast-glob": "3.3.3",
-        "htmx.org": "2.0.9",
+        "htmx.org": "2.0.10",
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
         "katex": "0.16.45",
@@ -9539,9 +9539,9 @@
       }
     },
     "node_modules/htmx.org": {
-      "version": "2.0.9",
-      "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-2.0.9.tgz",
-      "integrity": "sha512-Vd8ZlGSshz2W2ej+gNpMqxX2PM0dfOn4lRgkTXgCT+cqZE/GwBQoYm3zGvlqf+hHXYCMYmmgae33m4/RPdTS0Q==",
+      "version": "2.0.10",
+      "resolved": "https://registry.npmjs.org/htmx.org/-/htmx.org-2.0.10.tgz",
+      "integrity": "sha512-kdeJe7ZVwaS6QMz/ebBIVtZdpwen6L0OQ5GOhPV9MKBb196TCZeZu4yA7ZIQsaLKv7EpXz+So7KSXNuHXhj7Cw==",
       "license": "0BSD"
     },
     "node_modules/iconv-lite": {
diff --git a/package.json b/package.json
index ef3638cff7..05133d2045 100644
--- a/package.json
+++ b/package.json
@@ -50,7 +50,7 @@
     "esbuild-loader": "4.4.3",
     "escape-goat": "4.0.0",
     "fast-glob": "3.3.3",
-    "htmx.org": "2.0.9",
+    "htmx.org": "2.0.10",
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
     "katex": "0.16.45",

From cb1cb2c0af3b971aac3c94ed0eb9610af9e2d409 Mon Sep 17 00:00:00 2001
From: Henry Catalini Smith <henry@catalinismith.se>
Date: Sat, 25 Apr 2026 20:47:11 +0200
Subject: [PATCH 735/854] Improve repo file list table semantics for screen
 readers (second attempt) (#12232)

Unintentionally fixes forgejo/forgejo#11812 per tip https://codeberg.org/forgejo/forgejo/pulls/12232#issuecomment-13580345

---

This is a second attempt to fix https://codeberg.org/forgejo/forgejo/issues/11116. The [first attempt](https://codeberg.org/forgejo/forgejo/pulls/11846) introduced a [regression](https://codeberg.org/forgejo/forgejo/issues/12082) and needed to be [reverted](https://codeberg.org/forgejo/forgejo/pulls/12088).

What's different about this attempt is that several days of extra work have been invested in amending the CSS to ensure that no visual changes slip through as a side-effect of the structural changes to the HTML. This was surprisingly challenging, and I documented much of the journey in https://codeberg.org/henrycatalinismith/forgejo/issues/1.

In summary, the existing version of the "latest commit" row leans heavily on global styles that are universally applied to all `thead` elements inside `table` elements with the `ui` and `table` classes. The nature of the structural HTML changes necessary to fix the accessibility bug (this row can't be inside `thead`) is such that those universal styles no longer apply to this element and must be duplicated into new element-specific styles. Similarly, existing styles applying to non-`thead` table content has unwanted effects on this element once it moves into the `tbody` which needed to be counteracted.

The original PR already lays out the accessibility impact of this pull request in a good amount of details and so instead I'm going to use the space here to focus on comparing the visuals in the `forgejo` branch with those in this PR. There follow a few pretty boring identical before & after screenshots that are pixel-for-pixel identical with each other. I don't think you'll be able to spot any bugs by glancing at these and am more sharing them to provide an insight into where my attention has been during testing: the 380px wide mobile viewport, a larger desktop viewport, and the "commit message too long to fit in the available space" case. If you know of other troublesome cases for this code that aren't covered by what you see in these images then that could be a good thing to explore here.

Before | After
-|-
![](/attachments/a6f18efd-8b3b-426e-a0dc-70e9eda3fe73) | ![](/attachments/6297c663-cd5a-4849-a555-061257d59238)
![](/attachments/bbb90da2-afbf-4be5-9293-ec8b3a3dbb3a) | ![](/attachments/29103640-fce9-42c9-b91a-f9d6f9ba4db0)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12232
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
---
 options/locale_next/locale_en-US.json |  4 ++++
 templates/repo/view_list.tmpl         | 18 +++++++++++------
 tests/integration/repo_test.go        |  4 ++--
 web_src/css/repo.css                  | 28 +++++++++++++++++++++++----
 4 files changed, 42 insertions(+), 12 deletions(-)

diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 85a21ef28d..f3ac162fac 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -52,6 +52,10 @@
 	"relativetime.1week": "last week",
 	"relativetime.1month": "last month",
 	"relativetime.1year": "last year",
+	"repo.files.caption": "Repository files (latest commit first)",
+	"repo.files.filename": "Filename",
+	"repo.files.last_commit_message": "Latest commit message",
+	"repo.files.last_commit_date": "Latest commit date",
 	"repo.issues.filter_poster.hint": "Filter by the author",
 	"repo.issues.filter_assignee.hint": "Filter by assigned user",
 	"repo.issues.filter_reviewers.hint": "Filter by user who reviewed",
diff --git a/templates/repo/view_list.tmpl b/templates/repo/view_list.tmpl
index ffd8b1a515..cc583d18c7 100644
--- a/templates/repo/view_list.tmpl
+++ b/templates/repo/view_list.tmpl
@@ -1,17 +1,23 @@
 <table id="repo-files-table" class="ui single line table tw-mt-0" {{if .HasFilesWithoutLatestCommit}}hx-indicator="tr.notready td.message span" hx-trigger="load" hx-swap="morph" hx-post="{{.LastCommitLoaderURL}}"{{end}}>
-	<thead>
+	<caption class="tw-sr-only">
+		{{ctx.Locale.Tr "repo.files.caption"}}
+	</caption>
+	<thead class="tw-sr-only">
+		<th>{{ctx.Locale.Tr "repo.files.filename"}}</th>
+		<th>{{ctx.Locale.Tr "repo.files.last_commit_message"}}</th>
+		<th>{{ctx.Locale.Tr "repo.files.last_commit_date"}}</th>
+	</thead>
+	<tbody>
 		<tr class="commit-list">
-			<th class="tw-overflow-hidden" colspan="2">
+			<td class="tw-overflow-hidden repo-files-table-latest-commit-cell repo-files-table-latest-commit-left" colspan="2">
 				<div class="tw-flex">
 					<div class="latest-commit">
 						{{template "repo/latest_commit" .}}
 					</div>
 				</div>
-			</th>
-			<th class="text grey right age">{{if .LatestCommit}}{{if .LatestCommit.Committer}}{{DateUtils.TimeSince .LatestCommit.Committer.When}}{{end}}{{end}}</th>
+			</td>
+			<td class="text grey right age repo-files-table-latest-commit-cell tw-py-0">{{if .LatestCommit}}{{if .LatestCommit.Committer}}{{DateUtils.TimeSince .LatestCommit.Committer.When}}{{end}}{{end}}</td>
 		</tr>
-	</thead>
-	<tbody>
 		{{if .HasParentPath}}
 			<tr class="has-parent">
 				<td colspan="3"><a class="muted" href="{{.BranchLink}}{{if .ParentPath}}{{PathEscapeSegments .ParentPath}}{{end}}">{{svg "octicon-reply" 16 "tw-mr-2"}}..</a></td>
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index 1b4a574f13..2f189bf7a8 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -70,7 +70,7 @@ func testViewRepo(t *testing.T) {
 	resp := session.MakeRequest(t, req, http.StatusOK)
 
 	htmlDoc := NewHTMLParser(t, resp.Body)
-	files := htmlDoc.doc.Find("#repo-files-table  > TBODY > TR")
+	files := htmlDoc.doc.Find("#repo-files-table > tbody > tr:not(.commit-list)")
 
 	type file struct {
 		fileName   string
@@ -1039,7 +1039,7 @@ func TestRepoFilesList(t *testing.T) {
 		resp := MakeRequest(t, req, http.StatusOK)
 
 		htmlDoc := NewHTMLParser(t, resp.Body)
-		filesList := htmlDoc.Find("#repo-files-table tbody tr").Map(func(_ int, s *goquery.Selection) string {
+		filesList := htmlDoc.Find("#repo-files-table tbody tr:not(.commit-list)").Map(func(_ int, s *goquery.Selection) string {
 			return s.AttrOr("data-entryname", "")
 		})
 
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index 00f159f33b..0619f154af 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -233,12 +233,22 @@ td .commit-summary {
 }
 
 /* this is what limits the commit table width to a value that works on all viewport sizes */
-#repo-files-table th:first-of-type {
+.repo-files-table-latest-commit-left {
   max-width: calc(calc(min(100vw, 1280px)) - 145px - calc(2 * var(--page-margin-x)));
 }
 
-.repository.file.list #repo-files-table thead th {
+.repo-files-table-latest-commit-cell {
   font-weight: var(--font-weight-normal);
+  background: var(--color-box-header);
+  text-align: inherit;
+  color: var(--color-text);
+  vertical-align: inherit;
+  border-left: none;
+  padding: 6px 5px 6px 10px;
+}
+
+.latest-commit .commit-summary {
+  white-space: nowrap;
 }
 
 .repository.file.list #repo-files-table tbody .svg {
@@ -246,6 +256,16 @@ td .commit-summary {
   margin-right: 5px;
 }
 
+@media (min-width: 767.98px) {
+  #repo-files-table tbody > tr.commit-list td {
+    border-bottom: 1px solid var(--color-secondary);
+  }
+
+  #repo-files-table tbody > tr:is(.entry, .has-parent):nth-child(2) td {
+    border-top: none;
+  }
+}
+
 .repository.file.list #repo-files-table tbody .svg.octicon-reply {
   margin-right: 10px;
 }
@@ -262,7 +282,7 @@ td .commit-summary {
   color: var(--color-secondary-dark-7);
 }
 
-.repository.file.list #repo-files-table td {
+.repository.file.list #repo-files-table td:not(.repo-files-table-latest-commit-cell) {
   padding-top: 0;
   padding-bottom: 0;
   overflow: initial;
@@ -328,7 +348,7 @@ td .commit-summary {
   padding-bottom: 8px;
 }
 
-.repository.file.list #repo-files-table td a {
+.repository.file.list #repo-files-table td a:not(.sha, .author-wrapper) {
   padding-top: 8px;
   padding-bottom: 8px;
 }

From 0d943086196e311ff150db05367bbd066c61577a Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 26 Apr 2026 14:11:23 +0200
Subject: [PATCH 736/854] Update dependency vue to v3.5.33 (forgejo) (#12264)

---
 package-lock.json | 110 +++++++++++++++++++++++-----------------------
 package.json      |   2 +-
 2 files changed, 56 insertions(+), 56 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 5a0e0185ec..4fa5e76198 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -73,7 +73,7 @@
         "tributejs": "5.1.3",
         "uint8-to-base64": "0.2.1",
         "vanilla-colorful": "0.7.2",
-        "vue": "3.5.32",
+        "vue": "3.5.33",
         "vue-chartjs": "5.3.3",
         "vue-loader": "17.4.2",
         "vue3-calendar-heatmap": "2.0.5",
@@ -5177,42 +5177,42 @@
       }
     },
     "node_modules/@vue/compiler-core": {
-      "version": "3.5.32",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.32.tgz",
-      "integrity": "sha512-4x74Tbtqnda8s/NSD6e1Dr5p1c8HdMU5RWSjMSUzb8RTcUQqevDCxVAitcLBKT+ie3o0Dl9crc/S/opJM7qBGQ==",
+      "version": "3.5.33",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.5.33.tgz",
+      "integrity": "sha512-3PZLQwFw4Za3TC8t0FvTy3wI16Kt+pmwcgNZca4Pj9iWL2E72a/gZlpBtAJvEdDMdCxdG/qq0C7PN0bsJuv0Rw==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.29.2",
-        "@vue/shared": "3.5.32",
+        "@vue/shared": "3.5.33",
         "entities": "^7.0.1",
         "estree-walker": "^2.0.2",
         "source-map-js": "^1.2.1"
       }
     },
     "node_modules/@vue/compiler-dom": {
-      "version": "3.5.32",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.32.tgz",
-      "integrity": "sha512-ybHAu70NtiEI1fvAUz3oXZqkUYEe5J98GjMDpTGl5iHb0T15wQYLR4wE3h9xfuTNA+Cm2f4czfe8B4s+CCH57Q==",
+      "version": "3.5.33",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.5.33.tgz",
+      "integrity": "sha512-PXq0yrfCLzzL07rbXO4awtXY1Z06LG2eu6Adg3RJFa/j3Cii217XxxLXG22N330gw7GmALCY0Z8RgXEviwgpjA==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-core": "3.5.32",
-        "@vue/shared": "3.5.32"
+        "@vue/compiler-core": "3.5.33",
+        "@vue/shared": "3.5.33"
       }
     },
     "node_modules/@vue/compiler-sfc": {
-      "version": "3.5.32",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.32.tgz",
-      "integrity": "sha512-8UYUYo71cP/0YHMO814TRZlPuUUw3oifHuMR7Wp9SNoRSrxRQnhMLNlCeaODNn6kNTJsjFoQ/kqIj4qGvya4Xg==",
+      "version": "3.5.33",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.5.33.tgz",
+      "integrity": "sha512-UTUvRO9cY+rROrx/pvN9P5Z7FgA6QGfokUCfhQE4EnmUj3rVnK+CHI0LsEO1pg+I7//iRYMUfcNcCPe7tg0CoA==",
       "license": "MIT",
       "dependencies": {
         "@babel/parser": "^7.29.2",
-        "@vue/compiler-core": "3.5.32",
-        "@vue/compiler-dom": "3.5.32",
-        "@vue/compiler-ssr": "3.5.32",
-        "@vue/shared": "3.5.32",
+        "@vue/compiler-core": "3.5.33",
+        "@vue/compiler-dom": "3.5.33",
+        "@vue/compiler-ssr": "3.5.33",
+        "@vue/shared": "3.5.33",
         "estree-walker": "^2.0.2",
         "magic-string": "^0.30.21",
-        "postcss": "^8.5.8",
+        "postcss": "^8.5.10",
         "source-map-js": "^1.2.1"
       }
     },
@@ -5226,63 +5226,63 @@
       }
     },
     "node_modules/@vue/compiler-ssr": {
-      "version": "3.5.32",
-      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.32.tgz",
-      "integrity": "sha512-Gp4gTs22T3DgRotZ8aA/6m2jMR+GMztvBXUBEUOYOcST+giyGWJ4WvFd7QLHBkzTxkfOt8IELKNdpzITLbA2rw==",
+      "version": "3.5.33",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.5.33.tgz",
+      "integrity": "sha512-IErjYdnj1qIupG5xxiVIYiiRvDhGWV4zuh/RCrwfYpuL+HWQzeU6lCk/nF9r7olWMnjKxCAkOctT2qFWFkzb1A==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.32",
-        "@vue/shared": "3.5.32"
+        "@vue/compiler-dom": "3.5.33",
+        "@vue/shared": "3.5.33"
       }
     },
     "node_modules/@vue/reactivity": {
-      "version": "3.5.32",
-      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.32.tgz",
-      "integrity": "sha512-/ORasxSGvZ6MN5gc+uE364SxFdJ0+WqVG0CENXaGW58TOCdrAW76WWaplDtECeS1qphvtBZtR+3/o1g1zL4xPQ==",
+      "version": "3.5.33",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.5.33.tgz",
+      "integrity": "sha512-p8UfIqyIhb0rYGlSgSBV+lPhF2iUSBcRy7enhTmPqKWadHy9kcOFYF1AejYBP9P+avnd3OBbD49DU4pLWX/94A==",
       "license": "MIT",
       "dependencies": {
-        "@vue/shared": "3.5.32"
+        "@vue/shared": "3.5.33"
       }
     },
     "node_modules/@vue/runtime-core": {
-      "version": "3.5.32",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.32.tgz",
-      "integrity": "sha512-pDrXCejn4UpFDFmMd27AcJEbHaLemaE5o4pbb7sLk79SRIhc6/t34BQA7SGNgYtbMnvbF/HHOftYBgFJtUoJUQ==",
+      "version": "3.5.33",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.5.33.tgz",
+      "integrity": "sha512-UpFF45RI9//a7rvq7RdOQblb4tup7hHG9QsmIrxkFQLzQ7R8/iNQ5LE15NhLZ1/WcHMU2b47u6P33CPUelHyIQ==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.32",
-        "@vue/shared": "3.5.32"
+        "@vue/reactivity": "3.5.33",
+        "@vue/shared": "3.5.33"
       }
     },
     "node_modules/@vue/runtime-dom": {
-      "version": "3.5.32",
-      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.32.tgz",
-      "integrity": "sha512-1CDVv7tv/IV13V8Nip1k/aaObVbWqRlVCVezTwx3K07p7Vxossp5JU1dcPNhJk3w347gonIUT9jQOGutyJrSVQ==",
+      "version": "3.5.33",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.5.33.tgz",
+      "integrity": "sha512-IOxMsAOwquhfITgmOgaPYl7/j8gKUxUFoflRc+u4LxyD3+783xne8vNta1PONVCvCV9A0w7hkyEepINDqfO0tw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/reactivity": "3.5.32",
-        "@vue/runtime-core": "3.5.32",
-        "@vue/shared": "3.5.32",
+        "@vue/reactivity": "3.5.33",
+        "@vue/runtime-core": "3.5.33",
+        "@vue/shared": "3.5.33",
         "csstype": "^3.2.3"
       }
     },
     "node_modules/@vue/server-renderer": {
-      "version": "3.5.32",
-      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.32.tgz",
-      "integrity": "sha512-IOjm2+JQwRFS7W28HNuJeXQle9KdZbODFY7hFGVtnnghF51ta20EWAZJHX+zLGtsHhaU6uC9BGPV52KVpYryMQ==",
+      "version": "3.5.33",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.5.33.tgz",
+      "integrity": "sha512-0xylq/8/h44lVG0pZFknv1XIdEgymq2E9n59uTWJBG+dIgiT0TMCSsxrN7nO16Z0MU0MPjFcguBbZV8Itk52Hw==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-ssr": "3.5.32",
-        "@vue/shared": "3.5.32"
+        "@vue/compiler-ssr": "3.5.33",
+        "@vue/shared": "3.5.33"
       },
       "peerDependencies": {
-        "vue": "3.5.32"
+        "vue": "3.5.33"
       }
     },
     "node_modules/@vue/shared": {
-      "version": "3.5.32",
-      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.32.tgz",
-      "integrity": "sha512-ksNyrmRQzWJJ8n3cRDuSF7zNNontuJg1YHnmWRJd2AMu8Ij2bqwiiri2lH5rHtYPZjj4STkNcgcmiQqlOjiYGg==",
+      "version": "3.5.33",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.5.33.tgz",
+      "integrity": "sha512-5vR2QIlmaLG77Ygd4pMP6+SGQ5yox9VhtnbDWTy9DzMzdmeLxZ1QqxrywEZ9sa1AVubfIJyaCG3ytyWU81ufcQ==",
       "license": "MIT"
     },
     "node_modules/@vue/test-utils": {
@@ -16050,16 +16050,16 @@
       "license": "MIT"
     },
     "node_modules/vue": {
-      "version": "3.5.32",
-      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.32.tgz",
-      "integrity": "sha512-vM4z4Q9tTafVfMAK7IVzmxg34rSzTFMyIe0UUEijUCkn9+23lj0WRfA83dg7eQZIUlgOSGrkViIaCfqSAUXsMw==",
+      "version": "3.5.33",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.33.tgz",
+      "integrity": "sha512-1AgChhx5w3ALgT4oK3acm2Es/7jyZhWSVUfs3rOBlGQC0rjEDkS7G4lWlJJGGNQD+BV3reCwbQrOe1mPNwKHBQ==",
       "license": "MIT",
       "dependencies": {
-        "@vue/compiler-dom": "3.5.32",
-        "@vue/compiler-sfc": "3.5.32",
-        "@vue/runtime-dom": "3.5.32",
-        "@vue/server-renderer": "3.5.32",
-        "@vue/shared": "3.5.32"
+        "@vue/compiler-dom": "3.5.33",
+        "@vue/compiler-sfc": "3.5.33",
+        "@vue/runtime-dom": "3.5.33",
+        "@vue/server-renderer": "3.5.33",
+        "@vue/shared": "3.5.33"
       },
       "peerDependencies": {
         "typescript": "*"
diff --git a/package.json b/package.json
index 05133d2045..74114e03f4 100644
--- a/package.json
+++ b/package.json
@@ -72,7 +72,7 @@
     "tributejs": "5.1.3",
     "uint8-to-base64": "0.2.1",
     "vanilla-colorful": "0.7.2",
-    "vue": "3.5.32",
+    "vue": "3.5.33",
     "vue-chartjs": "5.3.3",
     "vue-loader": "17.4.2",
     "vue3-calendar-heatmap": "2.0.5",

From b17ed16f31884bcaf49bd30f78a8968112020973 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 26 Apr 2026 15:13:32 +0200
Subject: [PATCH 737/854] fix: allow viewing Actions run triggered by deleted
 user (#12271)

Fixes #9371.  Manually reproduced and tested by setting `action_run.triggering_user_id` to a non-existent user ID.  Manually tested that runs can be cancelled in this state as well.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12271
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 models/actions/run.go      |  4 +++-
 models/actions/run_test.go | 12 +++++++++---
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/models/actions/run.go b/models/actions/run.go
index fbbc5f8f01..862125224f 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -153,7 +153,9 @@ func (run *ActionRun) LoadAttributes(ctx context.Context) error {
 
 	if run.TriggerUser == nil {
 		u, err := user_model.GetPossibleUserByID(ctx, run.TriggerUserID)
-		if err != nil {
+		if user_model.IsErrUserNotExist(err) {
+			u = user_model.NewGhostUser()
+		} else if err != nil {
 			return err
 		}
 		run.TriggerUser = u
diff --git a/models/actions/run_test.go b/models/actions/run_test.go
index 959753107b..c87765ed72 100644
--- a/models/actions/run_test.go
+++ b/models/actions/run_test.go
@@ -19,9 +19,6 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
-func TestGetRunBefore(t *testing.T) {
-}
-
 func TestSetConcurrencyGroup(t *testing.T) {
 	run := ActionRun{}
 	run.SetConcurrencyGroup("abc123")
@@ -686,3 +683,12 @@ jobs:
 	assert.Zero(t, insertedJobs[1].TaskID)
 	assert.Equal(t, StatusWaiting, insertedJobs[1].Status)
 }
+
+func TestActionRunLoadAttributes(t *testing.T) {
+	run := &ActionRun{
+		RepoID:        10,
+		TriggerUserID: 1000,
+	}
+	require.NoError(t, run.LoadAttributes(t.Context()))
+	assert.Equal(t, "ghost", run.TriggerUser.LowerName)
+}

From 48218c654bfcb493ad39061b11b6224f33fded53 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 26 Apr 2026 20:52:42 +0200
Subject: [PATCH 738/854] feat: authorized integrations DB models and
 authentication implementation (#12261)

Authorized Integrations is a new feature to allow users to define external systems which can generate JSON Web Tokens (JWTs) that Forgejo will trust in order to perform API access on behalf of that user.  This is an authentication mechanism that requires zero preconfiguration of shared secrets, and instead establishes trust through short-lived secrets (JWTs) that are signed by the issuer, signatures are validated by comparison with published public keys, and a public-keys retrieved through well-known HTTP endpoints secured with TLS verification.

The primary goal of Authorized Integrations is to support a mechanism for Forgejo Actions to receive elevated, but controlled, additional access to Forgejo.  More details as to what the end result will look like are available in the [design proposal](https://codeberg.org/forgejo/forgejo/issues/3571#issuecomment-13268004) on #3571.

This PR adds the core database storage and authentication verification for Authorized Integrations, with these capabilities:
- An Authorized Integration is resolved by a unique key of an "issuer" and an "audience".  The value of "issuer" is defined by the remote integration, and the value of "audience" will incorporate a unique identifier generated by Forgejo.
    - Example issuer: `https://token.actions.githubusercontent.com/` is the issuer for GitHub JWTs
    - Example audience: `https://forgejo.example.org/-/mfenniak/authorized-integration/6cc55ba0` is the expected format for a random audience field that Forgejo will generate.
- JWTs can contain any number of claims, which are represented as a JSON object; Forgejo can validate these with a flexible policy.
    - eg. a claim may be `{"sub": "repo:coolguy/forgejo-runner-testrepo:pull_request"}` indicating that an OIDC token was received from an Actions execution in a specific repo on a specific event.
    - Authorized Integrations support a `ClaimRules` system which allows claim equal, glob, and nested object inspection.
    - `{"claim":"sub","comparison":"eq","value":"repo:mfenniak/forgejo-runner-testrepo:pull_request"}` -- would validate that `sub` exactly equals the specific value
    - `{"claim":"sub","comparison":"glob","value":"repo:mfenniak/forgejo-runner-testrepo:*"}` -- would validate that `sub` matches the given string prefix but allow any event
- When a JWT is received on an incoming API call, Forgejo retrieves the Authorized Integration from the DB (if present), validates the token signature against a remote JWKS, validates the claims, and grants API access as the user with a permission scope defined on the Authorized Integration.

In addition to the unit testing provided here, this PR has been manually integration tested against three JWT issuing systems: Forgejo Actions, GitHub Actions, and AWS STS GetWebIdentityToken.

Careful consideration has been made of these security concerns:
- SSRF attacks against Forgejo are prevented by:
    - having a blocklist on remote HTTP validation requests which prevent access to internal network resources,
    - ensuring that authorized integrations are created by users with matching issuers, before attempting to validate tokens
- Resource utilization attacks against Forgejo are reduced by limiting the possible size of external metadata requests; when fetching `/.well-known/openid-configuration` and `jkws_uri`'s from remote, untrusted servers, a maximum response size of 16 kB is enforced
- Only well-known secure assymmetric JWT signing algorithms are supported -- in particular, the sketchy `none` JWT algorithm isn't supported.
- JWT validation is covered by extensive unit tests, covering validation of all JWT timestamps, validation of the issuers, validation of the issuer's documented supported signing algorithms.

This PR serves as a core, and many enhancements are required for this to be a usable system for users.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - Documentation updates for new config entries will be authored.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
    - Marking not visible as there's no mechanism to interact with this backend yet.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12261
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 custom/conf/app.example.ini                   |  23 +
 models/auth/authorized_integration.go         | 146 ++++
 .../authorized_integration_resource_repo.go   |  27 +
 models/auth/authorized_integration_test.go    |  81 ++
 .../v16a_add_authorized_integration.go        |  45 ++
 modules/jwtx/signingkey.go                    |  94 +++
 modules/setting/authorized_integration.go     |  21 +
 modules/setting/setting.go                    |   1 +
 routers/api/shared/middleware.go              |   1 +
 .../auth_result_authorized_integration.go     |  27 +
 .../auth/method/authorized_integration.go     | 348 +++++++++
 .../method/authorized_integration_claims.go   | 109 +++
 .../authorized_integration_claims_test.go     | 149 ++++
 .../method/authorized_integration_oidc.go     |  20 +
 .../authorized_integration_oidc_test.go       | 273 +++++++
 .../method/authorized_integration_test.go     | 723 ++++++++++++++++++
 16 files changed, 2088 insertions(+)
 create mode 100644 models/auth/authorized_integration.go
 create mode 100644 models/auth/authorized_integration_resource_repo.go
 create mode 100644 models/auth/authorized_integration_test.go
 create mode 100644 models/forgejo_migrations/v16a_add_authorized_integration.go
 create mode 100644 modules/setting/authorized_integration.go
 create mode 100644 services/auth/method/auth_result_authorized_integration.go
 create mode 100644 services/auth/method/authorized_integration.go
 create mode 100644 services/auth/method/authorized_integration_claims.go
 create mode 100644 services/auth/method/authorized_integration_claims_test.go
 create mode 100644 services/auth/method/authorized_integration_oidc.go
 create mode 100644 services/auth/method/authorized_integration_oidc_test.go
 create mode 100644 services/auth/method/authorized_integration_test.go

diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 7a85d1e7ae..ae22c02609 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -2823,3 +2823,26 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; storage type
 ;STORAGE_TYPE = local
+
+;; Authorized integrations are a capability for users to define external systems which can generate JWTs that Forgejo
+;; will trust in order to perform API access on behalf of that user. While validating a JWT from an external system,
+;; Forgejo makes outgoing HTTP requests to the JWT issuer.
+; [authorized_integration]
+;; Timeout for HTTP requests to remote servers. Default is 10 seconds.
+;REQUEST_TIMEOUT = 10s
+;
+;; Allowed domains for authorized integrations. Default is blank which means all domains will be allowed (except local
+;; networks, see ALLOW_LOCALNETWORKS).
+;; Multiple domains can be separated by commas.
+;; Wildcards are supported: "github.com, *.github.com"
+;ALLOWED_DOMAINS =
+;
+;; Blocklist for authorized integrations, default is blank.
+;; Multiple domains can be separated by commas.
+;; Wildcards are supported: "github.com, *.github.com"
+;BLOCKED_DOMAINS =
+;
+;; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291.
+;; Default is false.
+;; If a domain is allowed by ALLOWED_DOMAINS, this option will be ignored.
+;ALLOW_LOCALNETWORKS = false
diff --git a/models/auth/authorized_integration.go b/models/auth/authorized_integration.go
new file mode 100644
index 0000000000..a8641d44ca
--- /dev/null
+++ b/models/auth/authorized_integration.go
@@ -0,0 +1,146 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package auth
+
+import (
+	"context"
+	"time"
+
+	"forgejo.org/models/db"
+	"forgejo.org/modules/timeutil"
+	"forgejo.org/modules/util"
+
+	"xorm.io/builder"
+)
+
+// An Authorized Integration allow users to define external systems which can generate JSON Web Tokens (JWTs) that
+// Forgejo will trust in order to perform API access on behalf of a user defined by the UserID field.
+//
+// When a JWT is received by Forgejo, the issuer (iss) and audience (aud) claims are used to lookup an authorized
+// integration with an exact match.  Together these fields serve as a unique key for the authorized issuer.  Duplicates
+// cannot be permitted because we would not know which user to authenticate the JWT as.
+type AuthorizedIntegration struct {
+	ID int64 `xorm:"pk autoincr"`
+
+	UserID           int64            `xorm:"NOT NULL REFERENCES(user, id)"`
+	Scope            AccessTokenScope `xorm:"NOT NULL"`
+	ResourceAllRepos bool             `xorm:"NOT NULL"` // flag for whether AuthorizedIntegrationResourceRepo instances will limit the resources this access token can access (false) or won't limit them (true).
+
+	// Exact-match `iss` claim of the JWT
+	Issuer string `xorm:"NOT NULL UNIQUE(s)"`
+	// Exact-match `aud` claim of the JWT
+	Audience   string      `xorm:"NOT NULL UNIQUE(s)"`
+	ClaimRules *ClaimRules `xorm:"NOT NULL JSON"`
+
+	CreatedUnix timeutil.TimeStamp `xorm:"NOT NULL created"`
+	UpdatedUnix timeutil.TimeStamp `xorm:"NOT NULL updated"`
+}
+
+func init() {
+	db.RegisterModel(new(AuthorizedIntegration))
+}
+
+// An [AuthorizedIntegration] can validate the claims in a JWT against a set of rules defined by this structure.
+//
+// JWTs can contain any number of claims, which are represented as a JSON object.  A small number of common claims are
+// described in RFC7519 (sec 4.1) which defines JWTs, but most claims are entirely arbitrarily defined by the JWT
+// issuer.
+//
+// For example, eg. a claim may be {"sub": "repo:coolguy/forgejo-runner-testrepo:pull_request"} indicating that an OIDC
+// token was received from an Actions execution in a specific repo on a specific event.
+//
+// Validating the claims from a JWT issuer is a critical part of creating a secure [AuthorizedIssuer].  For example,
+// assume that we receive a JWT from a public hosting platform like Codeberg.  We will validate that it is a claim
+// created by the correct Issuer, Codeberg -- but anyone can do that through Forgejo Actions.  We will validate that it
+// has the correct audience -- but that's an *input* to Forgejo Actions, so anyone can create a claim on Codeberg with
+// an arbitrary audience.  The rest of the claims contain the critical information about who ran a Forgejo Action, on
+// which repository, and in response to which events, and those must be validated to ensure that an authorized issuer is
+// correctly authorized.
+//
+// Following that an example, a minimum claim rule that would be required for securely using Forgejo Actions would be
+// something like:
+//
+//	{
+//	  "rules": [{
+//	     "claim": "sub",
+//	     "comparison": "eq",
+//	     "value": "repo:forgejo/website:pull_request"
+//	  }]
+//	}
+//
+// This defines a single rule which says that the `sub` claim must be exactly equal to
+// "repo:forgejo/website:pull_request".  Forgejo Actions would generate this subject when an Action is running on the
+// repo forgejo/website in response to the pull_request event.
+//
+// Some JWT claims are JSON objects.  The [ClaimNested] comparison operator can be used to define rules that inspect the
+// object within a claim.  For example, AWS STS generates a claim "https://sts.amazonaws.com/": {...} with values inside
+// an object, like "aws_account".  A nested claim can inspect those values:
+//
+//	{
+//	  "rules":[{
+//	    "claim": "https://sts.amazonaws.com/",
+//	    "compare": "nest",
+//	    "nested": {"rules":[
+//	      {"claim": "aws_account", "compare": "eq", "value": "1234567890"},
+//	      {"claim": "lambda_source_function_arn", "compare": "eq", "value": "arn:aws:lambda:ca-central-1:1234567890:function:forgejo-oidc-accepting-test"}
+//	    ]}
+//	  }
+//
+// ]}
+//
+// This defines a rule that looks into the "https://sts..." claim and verifies the "aws_account" and
+// "lambda_source_function_arn" keys match specific known values.
+type ClaimRules struct {
+	Rules []ClaimRule `json:"rules"`
+}
+
+// Defines a single rule that will check the value of one JWT claim.
+type ClaimRule struct {
+	// The target claim, eg. "sub"
+	Claim string `json:"claim"`
+	// Comparison rule to use on this claim
+	Comparison ClaimComparison `json:"compare"`
+
+	// For Comparison of ClaimEqual or ClaimGlob, the specific value or glob to match against
+	Value string `json:"value,omitempty"`
+
+	// For ClaimNested, the rules to apply to the nested object
+	Nested *ClaimRules `json:"nested,omitempty"`
+}
+
+type ClaimComparison string
+
+const (
+	ClaimEqual  ClaimComparison = "eq"   // exactly equal claim
+	ClaimGlob   ClaimComparison = "glob" // glob match complete claim string
+	ClaimNested ClaimComparison = "nest" // recurse into a claim that is an map[string]any with it's own data fields
+)
+
+func GetAuthorizedIntegration(ctx context.Context, issuer, audience string) (*AuthorizedIntegration, error) {
+	var ai AuthorizedIntegration
+	found, err := db.GetEngine(ctx).Where("issuer = ? AND audience = ?", issuer, audience).Get(&ai)
+	if err != nil {
+		return nil, err
+	} else if !found {
+		return nil, util.ErrNotExist
+	}
+	return &ai, nil
+}
+
+// Bump the UpdatedUnix field of this authorized integration to now, tracking when it was last used for authentication.
+// To reduce database write workload, this is only tracked by one-minute intervals -- the UPDATE statement conditionally
+// avoids writes.
+func (ai *AuthorizedIntegration) UpdateLastUsed(ctx context.Context) error {
+	newTime := timeutil.TimeStampNow()
+	cnt, err := db.GetEngine(ctx).
+		Table(&AuthorizedIntegration{}).
+		Where(builder.Eq{"id": ai.ID}).
+		Where(builder.Lt{"updated_unix": newTime.AddDuration(-1 * time.Minute)}).
+		NoAutoTime().
+		Update(map[string]any{"updated_unix": newTime})
+	if cnt == 1 {
+		ai.UpdatedUnix = newTime
+	}
+	return err
+}
diff --git a/models/auth/authorized_integration_resource_repo.go b/models/auth/authorized_integration_resource_repo.go
new file mode 100644
index 0000000000..98960b5c8a
--- /dev/null
+++ b/models/auth/authorized_integration_resource_repo.go
@@ -0,0 +1,27 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package auth
+
+import (
+	"forgejo.org/models/db"
+	"forgejo.org/modules/timeutil"
+)
+
+// Represents a many-to-many join table which indicates specific repositories (RepoID) that can be accessed by an
+// authorized integration (IntegID).  An authorized integrations's ResourceAllRepos field must be false for records in
+// this table to become active.
+//
+// Model name is shortend (from AuthorizedIntegrationResourceRepo) to accomodate recreate-tables + MySQL, where the
+// "tmp_recreate_" + foreign key index name would exceed the max identifier length.
+type AuthorizedIntegResourceRepo struct {
+	ID      int64 `xorm:"pk autoincr"`
+	IntegID int64 `xorm:"NOT NULL REFERENCES(authorized_integration, id)"` // field name shortened (AuthorizationIntegrationID) for max identifier length
+	RepoID  int64 `xorm:"NOT NULL REFERENCES(repository, id)"`
+
+	CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"`
+}
+
+func init() {
+	db.RegisterModel(new(AuthorizedIntegResourceRepo))
+}
diff --git a/models/auth/authorized_integration_test.go b/models/auth/authorized_integration_test.go
new file mode 100644
index 0000000000..54cf97fcb5
--- /dev/null
+++ b/models/auth/authorized_integration_test.go
@@ -0,0 +1,81 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package auth_test
+
+import (
+	"fmt"
+	"testing"
+	"time"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
+	"forgejo.org/models/unittest"
+	"forgejo.org/modules/timeutil"
+	"forgejo.org/modules/util"
+
+	gouuid "github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func makeAuthorizedIntegration(t *testing.T) *auth_model.AuthorizedIntegration {
+	t.Helper()
+
+	ai := &auth_model.AuthorizedIntegration{
+		UserID:           2,
+		Scope:            auth_model.AccessTokenScopeAll,
+		ResourceAllRepos: true,
+		Issuer:           "https://example.org/",
+		Audience:         fmt.Sprintf("https://forgejo.example.org/api/actions/%s", gouuid.New().String()),
+		ClaimRules:       &auth_model.ClaimRules{},
+	}
+	_, err := db.GetEngine(t.Context()).Insert(ai)
+	require.NoError(t, err)
+
+	return ai
+}
+
+func TestGetAuthorizedIntegration(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	ai := makeAuthorizedIntegration(t)
+
+	get, err := auth_model.GetAuthorizedIntegration(t.Context(), "abc", "123")
+	require.ErrorIs(t, err, util.ErrNotExist)
+	assert.Nil(t, get)
+
+	get, err = auth_model.GetAuthorizedIntegration(t.Context(), ai.Issuer, ai.Audience)
+	require.NoError(t, err)
+	require.NotNil(t, get)
+	assert.Equal(t, ai.ID, get.ID)
+}
+
+func TestAuthorizedIntegrationUpdateLastUsed(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	ai := makeAuthorizedIntegration(t)
+	ai.UpdatedUnix = 0
+	cnt, err := db.GetEngine(t.Context()).ID(ai.ID).Cols("updated_unix").NoAutoTime().Update(ai)
+	require.NoError(t, err)
+	assert.EqualValues(t, 1, cnt)
+
+	timeutil.MockSet(time.Unix(1777130023, 0))
+	defer timeutil.MockUnset()
+
+	assert.EqualValues(t, 0, ai.UpdatedUnix)
+	require.NoError(t, ai.UpdateLastUsed(t.Context()))
+	assert.EqualValues(t, 1777130023, ai.UpdatedUnix) // object field updated
+	assert.EqualValues(t, 1777130023, unittest.AssertExistsAndLoadBean(t, &auth_model.AuthorizedIntegration{ID: ai.ID}).UpdatedUnix)
+
+	// nearly immediate redo should have same timestamp due to the 1 minute deduplication:
+	timeutil.MockSet(time.Unix(1777130025, 0))
+	require.NoError(t, ai.UpdateLastUsed(t.Context()))
+	assert.EqualValues(t, 1777130023, ai.UpdatedUnix)                                                                                // object field not updated
+	assert.EqualValues(t, 1777130023, unittest.AssertExistsAndLoadBean(t, &auth_model.AuthorizedIntegration{ID: ai.ID}).UpdatedUnix) // database field not updated
+
+	// but if it's a little while later..
+	timeutil.MockSet(time.Unix(1777131139, 0))
+	require.NoError(t, ai.UpdateLastUsed(t.Context()))
+	assert.EqualValues(t, 1777131139, ai.UpdatedUnix)                                                                                // object field updated
+	assert.EqualValues(t, 1777131139, unittest.AssertExistsAndLoadBean(t, &auth_model.AuthorizedIntegration{ID: ai.ID}).UpdatedUnix) // database field updated
+}
diff --git a/models/forgejo_migrations/v16a_add_authorized_integration.go b/models/forgejo_migrations/v16a_add_authorized_integration.go
new file mode 100644
index 0000000000..4cfd5219f4
--- /dev/null
+++ b/models/forgejo_migrations/v16a_add_authorized_integration.go
@@ -0,0 +1,45 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"forgejo.org/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add authorized_integration tables",
+		Upgrade:     addAuthorizedIntegrationTables,
+	})
+}
+
+func addAuthorizedIntegrationTables(x *xorm.Engine) error {
+	type ClaimRules struct{}
+	type AuthorizedIntegration struct {
+		ID               int64              `xorm:"pk autoincr"`
+		UserID           int64              `xorm:"NOT NULL REFERENCES(user, id)"`
+		Scope            string             `xorm:"NOT NULL"`
+		ResourceAllRepos bool               `xorm:"NOT NULL"`
+		Issuer           string             `xorm:"NOT NULL UNIQUE(s)"`
+		Audience         string             `xorm:"NOT NULL UNIQUE(s)"`
+		ClaimRules       *ClaimRules        `xorm:"NOT NULL JSON"`
+		CreatedUnix      timeutil.TimeStamp `xorm:"NOT NULL created"`
+		UpdatedUnix      timeutil.TimeStamp `xorm:"NOT NULL updated"`
+	}
+	type AuthorizedIntegResourceRepo struct {
+		ID          int64              `xorm:"pk autoincr"`
+		IntegID     int64              `xorm:"NOT NULL REFERENCES(authorized_integration, id)"`
+		RepoID      int64              `xorm:"NOT NULL REFERENCES(repository, id)"`
+		CreatedUnix timeutil.TimeStamp `xorm:"created NOT NULL"`
+	}
+
+	_, err := x.SyncWithOptions(
+		xorm.SyncOptions{IgnoreDropIndices: true},
+		new(AuthorizedIntegration),
+		new(AuthorizedIntegResourceRepo),
+	)
+	return err
+}
diff --git a/modules/jwtx/signingkey.go b/modules/jwtx/signingkey.go
index be1115cb15..db9cf03aa2 100644
--- a/modules/jwtx/signingkey.go
+++ b/modules/jwtx/signingkey.go
@@ -469,3 +469,97 @@ func InitAsymmetricSigningKey(keyPath, algorithm string) (SigningKey, error) {
 
 	return signingKey, nil
 }
+
+func requiredJWKStr(jwk map[string]any, key string) (string, error) {
+	vAny, ok := jwk[key]
+	if !ok {
+		return "", fmt.Errorf("JWK missing required field %q", key)
+	}
+	vStr, ok := vAny.(string)
+	if !ok {
+		return "", fmt.Errorf("JWK field %q must be string, but was %T", key, vAny)
+	}
+	return vStr, nil
+}
+
+// Reconstructs public key from a JWKS entry (such as those produced by [SigningKey.ToJWK]), parsing the JWK output and
+// returning a key object.  The key object produced must be usable for [jwt.SigningMethod] interface's [Verify] method,
+// for the related signing method -- an [rsa.PublicKey] object, an [ed25519.PublicKey] object, or [ecdsa.PublicKey]
+// object, with the currently supported asymmetric algorithms.
+func ParseJWKToPublicKey(jwk map[string]any) (any, error) {
+	kty := jwk["kty"]
+
+	switch kty {
+	case "RSA":
+		eStr, err := requiredJWKStr(jwk, "e")
+		if err != nil {
+			return nil, err
+		}
+		nStr, err := requiredJWKStr(jwk, "n")
+		if err != nil {
+			return nil, err
+		}
+		eBytes, err := base64.RawURLEncoding.DecodeString(eStr)
+		if err != nil {
+			return nil, fmt.Errorf("invalid RSA JWK 'e' field: %w", err)
+		}
+		nBytes, err := base64.RawURLEncoding.DecodeString(nStr)
+		if err != nil {
+			return nil, fmt.Errorf("invalid RSA JWK 'n' field: %w", err)
+		}
+		pubKey := &rsa.PublicKey{
+			E: int(new(big.Int).SetBytes(eBytes).Int64()),
+			N: new(big.Int).SetBytes(nBytes),
+		}
+		return pubKey, nil
+	case "OKP":
+		if jwk["crv"] != "Ed25519" {
+			return nil, fmt.Errorf("OKP curve %d is not supported; only Ed25519", jwk["crv"])
+		}
+		xStr, err := requiredJWKStr(jwk, "x")
+		if err != nil {
+			return nil, err
+		}
+		xBytes, err := base64.RawURLEncoding.DecodeString(xStr)
+		if err != nil {
+			return nil, fmt.Errorf("invalid EdDSA JWK 'x' field: %w", err)
+		}
+		return ed25519.PublicKey(xBytes), nil
+	case "EC":
+		xStr, err := requiredJWKStr(jwk, "x")
+		if err != nil {
+			return nil, err
+		}
+		yStr, err := requiredJWKStr(jwk, "y")
+		if err != nil {
+			return nil, err
+		}
+		var curve elliptic.Curve
+		switch jwk["crv"] {
+		case "P-256":
+			curve = elliptic.P256()
+		case "P-384":
+			curve = elliptic.P384()
+		case "P-521":
+			curve = elliptic.P521()
+		default:
+			return nil, fmt.Errorf("unsupported ECDSA curve in JWK: %s", jwk["crv"])
+		}
+		xBytes, err := base64.RawURLEncoding.DecodeString(xStr)
+		if err != nil {
+			return nil, fmt.Errorf("invalid ECDSA JWK 'x' field: %w", err)
+		}
+		yBytes, err := base64.RawURLEncoding.DecodeString(yStr)
+		if err != nil {
+			return nil, fmt.Errorf("invalid ECDSA JWK 'y' field: %w", err)
+		}
+		pubKey := &ecdsa.PublicKey{
+			Curve: curve,
+			X:     new(big.Int).SetBytes(xBytes),
+			Y:     new(big.Int).SetBytes(yBytes),
+		}
+		return pubKey, nil
+	default:
+		return nil, fmt.Errorf("unsupported key type in JWK: %s", kty)
+	}
+}
diff --git a/modules/setting/authorized_integration.go b/modules/setting/authorized_integration.go
new file mode 100644
index 0000000000..778232e3ad
--- /dev/null
+++ b/modules/setting/authorized_integration.go
@@ -0,0 +1,21 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package setting
+
+import "time"
+
+var AuthorizedIntegration = struct {
+	AllowedDomains     string
+	BlockedDomains     string
+	AllowLocalNetworks bool
+	RequestTimeout     time.Duration
+}{}
+
+func loadAuthorizedIntegrationFrom(rootCfg ConfigProvider) {
+	sec := rootCfg.Section("authorized_integration")
+	AuthorizedIntegration.AllowedDomains = sec.Key("ALLOWED_DOMAINS").MustString("")
+	AuthorizedIntegration.BlockedDomains = sec.Key("BLOCKED_DOMAINS").MustString("")
+	AuthorizedIntegration.AllowLocalNetworks = sec.Key("ALLOW_LOCALNETWORKS").MustBool(false)
+	AuthorizedIntegration.RequestTimeout = sec.Key("REQUEST_TIMEOUT").MustDuration(10 * time.Second)
+}
diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index 44dad1fab1..bd3dec1f84 100644
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -226,6 +226,7 @@ func LoadSettings() {
 	loadProjectFrom(CfgProvider)
 	loadMimeTypeMapFrom(CfgProvider)
 	loadF3From(CfgProvider)
+	loadAuthorizedIntegrationFrom(CfgProvider)
 }
 
 // LoadSettingsForInstall initializes the settings for install
diff --git a/routers/api/shared/middleware.go b/routers/api/shared/middleware.go
index 9dd1605783..f6dd30f8b8 100644
--- a/routers/api/shared/middleware.go
+++ b/routers/api/shared/middleware.go
@@ -53,6 +53,7 @@ func buildAuthGroup() *auth_method.Group {
 		&auth_method.AccessToken{},
 		&auth_method.ActionRuntimeToken{},
 		&auth_method.ActionTaskToken{},
+		&auth_method.AuthorizedIntegration{},
 	)
 	if setting.Service.EnableReverseProxyAuthAPI {
 		group.Add(&auth_method.ReverseProxy{})
diff --git a/services/auth/method/auth_result_authorized_integration.go b/services/auth/method/auth_result_authorized_integration.go
new file mode 100644
index 0000000000..6868b4848f
--- /dev/null
+++ b/services/auth/method/auth_result_authorized_integration.go
@@ -0,0 +1,27 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	auth_model "forgejo.org/models/auth"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/optional"
+	"forgejo.org/services/auth"
+)
+
+var _ auth.AuthenticationResult = &authorizedIntegrationAuthenticationResult{}
+
+type authorizedIntegrationAuthenticationResult struct {
+	*auth.BaseAuthenticationResult
+	user  *user_model.User
+	scope auth_model.AccessTokenScope
+}
+
+func (r *authorizedIntegrationAuthenticationResult) User() *user_model.User {
+	return r.user
+}
+
+func (r *authorizedIntegrationAuthenticationResult) Scope() optional.Option[auth_model.AccessTokenScope] {
+	return optional.Some(r.scope)
+}
diff --git a/services/auth/method/authorized_integration.go b/services/auth/method/authorized_integration.go
new file mode 100644
index 0000000000..2f29d406e3
--- /dev/null
+++ b/services/auth/method/authorized_integration.go
@@ -0,0 +1,348 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"slices"
+	"sync"
+	"time"
+
+	auth_model "forgejo.org/models/auth"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/hostmatcher"
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/jwtx"
+	"forgejo.org/modules/log"
+	"forgejo.org/modules/proxy"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/util"
+	"forgejo.org/services/auth"
+
+	"github.com/gobwas/glob"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+var (
+	_ auth.Method = &AuthorizedIntegration{}
+
+	aiHTTPClient   *http.Client
+	initHTTPClient sync.Once
+
+	errParseInternalServer = errors.New("internal server error")
+)
+
+// Restrict document size to prevent resource exhaustion attack with a malicious authorized integration; largest
+// real-world openid-configuration observed is about 1kB, largest JWKS is 6kB, so for both cases 16kB should be
+// sufficient. If this needs to change in the future, it could be moved to a config setting -- but until a reason comes
+// up it seems reasonable to keep microscopic settings out-of-sight.
+const authorizedIntegrationRequestBodyLimit = int64(16 * 1024)
+
+// Authenticates incoming requests by JWTs that are issued by an authorized integration.  Authorized integrations are
+// stored in the database in the [auth_model.AuthorizedIntegration] table.  Once authenticated, the request can perform
+// actions as the owner of the authorized integration, with limited access defined by the scope and resources stored on
+// the database record.
+//
+// Authorization is received from HTTP requests as a `Authorization: Bearer [...jwt...]` (or `Authorization: Token
+// [...jwt...]`).
+type AuthorizedIntegration struct {
+	// Permit the use of `Authorization: Basic ...`, in addition to the typical bearer/token authorization header.  If
+	// true, the basic password will be interpreted as a JWT token if present and valid.  The username is ignored.
+	PermitBasic bool
+
+	// For testing -- interpret JWTs with now as a fixed time.
+	fixedTime *time.Time
+}
+
+func (a *AuthorizedIntegration) Verify(req *http.Request, w http.ResponseWriter, _ auth.SessionStore) auth.MethodOutput {
+	hasToken, token := tokenFromAuthorizationBearer(req).Get()
+	if !hasToken {
+		if !a.PermitBasic {
+			return &auth.AuthenticationNotAttempted{}
+		}
+		hasBasic, basicToken := tokenFromAuthorizationBasic(req).Get()
+		if !hasBasic {
+			return &auth.AuthenticationNotAttempted{}
+		}
+		token = basicToken
+	}
+
+	var authorizedIntegration *auth_model.AuthorizedIntegration
+
+	parsedToken, err := jwt.ParseWithClaims(token, &flexibleClaims{},
+		func(t *jwt.Token) (any, error) {
+			keyID, ok := t.Header["kid"]
+			if !ok {
+				return nil, errors.New("failed finding key identifer (kid) in JWT headers")
+			}
+
+			issuer, err := t.Claims.GetIssuer()
+			if err != nil {
+				return nil, fmt.Errorf("failed getting `iss` claim: %w", err)
+			} else if len(issuer) == 0 {
+				return nil, fmt.Errorf("invalid `iss` claim: %q", issuer)
+			}
+			audienceArray, err := t.Claims.GetAudience()
+			if err != nil {
+				return nil, fmt.Errorf("failed getting `aud` claim: %w", err)
+			} else if len(audienceArray) != 1 {
+				return nil, fmt.Errorf("required one and only one `aud` claim, but received %d", len(audienceArray))
+			}
+			audience := audienceArray[0]
+			if len(audience) == 0 {
+				return nil, fmt.Errorf("invalid `aud` claim: %q", audience)
+			}
+
+			authorizedIntegration, err = auth_model.GetAuthorizedIntegration(req.Context(), issuer, audience)
+			if errors.Is(err, util.ErrNotExist) {
+				return nil, errors.New("matching authorized_integration not found")
+			} else if err != nil {
+				return nil, fmt.Errorf("failure reading authorized_integration: %w (%w)", err, errParseInternalServer)
+			}
+
+			// Do the claim check before accessing the issuer's OIDC metadata and JWKS, to reduce risk of resource
+			// utilization attack through invalid JWTs causing remote requests.
+			err = a.checkClaims(t.Claims.(*flexibleClaims), authorizedIntegration.ClaimRules)
+			if err != nil {
+				return nil, fmt.Errorf("claim mismatch: %w", err)
+			}
+
+			issuerURL, err := url.Parse(issuer)
+			if err != nil {
+				return nil, fmt.Errorf("failed parsing issuer: %w", err)
+			}
+
+			issuerOIDCURL := issuerURL.JoinPath(".well-known/openid-configuration")
+			var oidcConfig openIDConfiguration
+			// TODO: cache external OIDC configuration, with a fixed timeout (not LRU/MRU)
+			if err := a.fetchJSON(issuerOIDCURL.String(), &oidcConfig); err != nil {
+				return nil, fmt.Errorf("error when fetching .well-known/openid-configuration from %s: %w", issuerOIDCURL, err)
+			}
+
+			if oidcConfig.Issuer != issuer {
+				return nil, fmt.Errorf("issuer mismatch; expected %q, received %q from %s", issuer, oidcConfig.Issuer, issuerOIDCURL)
+			}
+			if !slices.Contains(oidcConfig.IDTokenSigningAlgValuesSupported, t.Method.Alg()) {
+				return nil, fmt.Errorf("issuer supports signature algorithms %#v, but received token with algorithm %s", oidcConfig.IDTokenSigningAlgValuesSupported, t.Method.Alg())
+			}
+
+			jwksURI, err := url.Parse(oidcConfig.JwksURI)
+			if err != nil {
+				return nil, fmt.Errorf("failed parsing jwks_uri: %w", err)
+			} else if jwksURI.Host != issuerURL.Host {
+				// Prevent SSRF which could occur if a malicious openid-connection response returned a jwks_uri field
+				// that causes Forgejo to access other hostnames.  This could be considered a valid case as well and we
+				// can rely on the config-based allowed and blocked domains for the [authorized_integration] section,
+				// but until a real-world case comes up where that is needed, this is a safety-first restriction.
+				return nil, fmt.Errorf("jwks_uri host mismatch: must be the same as issuer host %q, but was %q", issuerURL.Host, jwksURI.Host)
+			}
+			var keys openIDKeys
+			// TODO: cache JWKS, with a fixed timeout (not LRU/MRU)
+			if err := a.fetchJSON(oidcConfig.JwksURI, &keys); err != nil {
+				return nil, fmt.Errorf("error when fetching JWKS from %s: %w", oidcConfig.JwksURI, err)
+			}
+
+			for _, key := range keys.Keys {
+				if key["kid"] == keyID {
+					alg, algPresent := key["alg"] // "alg" is an optional field
+					if algPresent && alg != t.Method.Alg() {
+						return nil, fmt.Errorf("kid %q doesn't match expected algorithm %s, was %v", keyID, t.Method.Alg(), key["alg"])
+					}
+
+					use, usePresent := key["use"] // "use" is also an optional field
+					if usePresent && use != "sig" {
+						return nil, fmt.Errorf("kid %q isn't designated for signing usage, was %s", keyID, key["use"])
+					}
+
+					pub, err := jwtx.ParseJWKToPublicKey(key)
+					if err != nil {
+						return nil, fmt.Errorf("failed to parse JWKS: %w", err)
+					}
+					return pub, nil
+				}
+			}
+
+			return nil, errors.New("no key identified")
+		},
+		jwt.WithValidMethods(jwtx.ValidAsymmetricAlgorithms), // only asymetric algorithms, as JWKS must have a public key only
+		jwt.WithIssuedAt(),
+		jwt.WithTimeFunc(func() time.Time {
+			if a.fixedTime != nil {
+				return *a.fixedTime
+			}
+			return time.Now()
+		}),
+	)
+	if err != nil && errors.Is(err, errParseInternalServer) {
+		// Errors from parsing marked errParseInternalServer are AuthenticationError, not incorrect creds:
+		return &auth.AuthenticationError{Error: err}
+	} else if err != nil {
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: fmt.Errorf("authorized integration: parse JWT error: %w", err)}
+	} else if !parsedToken.Valid {
+		return &auth.AuthenticationAttemptedIncorrectCredential{Error: errors.New("authorized integration: JWT not valid")}
+	} else if authorizedIntegration == nil { // shouldn't be possible, but overly safe
+		return &auth.AuthenticationError{Error: errors.New("authorized integration: nil authorized integration")}
+	}
+
+	u, err := user_model.GetUserByID(req.Context(), authorizedIntegration.UserID)
+	if err != nil {
+		return &auth.AuthenticationError{Error: fmt.Errorf("authorized integration: GetUserByID: %w", err)}
+	}
+
+	if err = authorizedIntegration.UpdateLastUsed(req.Context()); err != nil {
+		log.Error("UpdateLastUsed:  %v", err)
+	}
+
+	return &auth.AuthenticationSuccess{
+		Result: &authorizedIntegrationAuthenticationResult{
+			user:  u,
+			scope: authorizedIntegration.Scope,
+			// TODO: add repo-specific access with an authz reducer
+		},
+	}
+}
+
+func initAuthorizedIntegrationHTTPClient() {
+	blockList := hostmatcher.ParseSimpleMatchList("authorized_integration.BLOCKED_DOMAINS", setting.AuthorizedIntegration.BlockedDomains)
+
+	allowList := hostmatcher.ParseSimpleMatchList("authorized_integration.ALLOWED_DOMAINS", setting.AuthorizedIntegration.AllowedDomains)
+	if allowList.IsEmpty() {
+		// the default policy is that authorized integrations can access external hosts
+		allowList.AppendBuiltin(hostmatcher.MatchBuiltinExternal)
+	}
+	if setting.AuthorizedIntegration.AllowLocalNetworks {
+		allowList.AppendBuiltin(hostmatcher.MatchBuiltinPrivate)
+		allowList.AppendBuiltin(hostmatcher.MatchBuiltinLoopback)
+	}
+
+	aiHTTPClient = &http.Client{
+		Timeout: setting.AuthorizedIntegration.RequestTimeout,
+		Transport: &http.Transport{
+			Proxy:       proxy.Proxy(),
+			DialContext: hostmatcher.NewDialContext("authorized_integration", allowList, blockList, setting.Proxy.ProxyURLFixed),
+		},
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			// It might be possible to come up with some reasonable capability to support redirects -- such as
+			// keeping them within the same issuer host? -- but there are risks that this can be used for SSRF
+			// attacks.  In the face of those risks, and with a lack of real-world use-cases, disable redirects.
+			return errors.New("authorized integration: HTTP redirects are disabled")
+		},
+	}
+}
+
+func (a *AuthorizedIntegration) fetchJSON(urlString string, v any) error {
+	parsedURL, err := url.Parse(urlString)
+	if err != nil {
+		return fmt.Errorf("failed parsing URL %q: %w", urlString, err)
+	}
+	// Fetching openid-connect or JWKS needs to come from a source that is authentic, and therefore only `https` is
+	// supported.  This also protects against a trusted issuer being configured maliciously  as `file://` or a JKWS URI
+	// being `file://` -- the HTTP client won't permit that, but, extra safety doesn't hurt.
+	if parsedURL.Scheme != "https" {
+		return fmt.Errorf("unsupported URL scheme: %q", parsedURL.String())
+	}
+
+	initHTTPClient.Do(initAuthorizedIntegrationHTTPClient)
+
+	resp, err := aiHTTPClient.Get(parsedURL.String())
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("non-OK response code: %s", resp.Status)
+	}
+
+	body := io.LimitReader(resp.Body, authorizedIntegrationRequestBodyLimit)
+	decoder := json.NewDecoder(body)
+	err = decoder.Decode(&v)
+	if err != nil {
+		// If a decoding error is hit, decorate with information about the limited body size so that it doesn't look
+		// like the remote server provided an incomplete response. err should be something like `io.UnexpectedEOF` in
+		// this case, but it actually isn't, so don't bother trying to detect precisely.
+		return fmt.Errorf("failed to decode (response body restricted to %d bytes): %w", authorizedIntegrationRequestBodyLimit, err)
+	}
+	return nil
+}
+
+// Compare a map[string]any of incoming claims against an array of claim rules.  All rules must match successfully or
+// else an error with the mismatch detail is returned.
+func (a *AuthorizedIntegration) checkClaims(incomingClaims any, stored *auth_model.ClaimRules) error {
+	if stored == nil {
+		return nil
+	}
+
+	for _, rule := range stored.Rules {
+		var lhs any
+
+		if lhsClaim, isFlex := incomingClaims.(*flexibleClaims); isFlex {
+			switch rule.Claim {
+			case "iss":
+				lhs = lhsClaim.Issuer
+			case "sub":
+				lhs = lhsClaim.Subject
+			case "jti":
+				lhs = lhsClaim.ID
+			case "aud":
+				audienceArray, err := lhsClaim.GetAudience()
+				if err != nil {
+					return fmt.Errorf("failed getting `aud` claim: %w", err)
+				} else if len(audienceArray) != 1 {
+					return fmt.Errorf("required one and only one `aud` claim, but received %d", len(audienceArray))
+				}
+				lhs = audienceArray[0]
+			default:
+				v, present := lhsClaim.other[rule.Claim]
+				if !present {
+					return fmt.Errorf("claim rule on %q couldn't be satisfied: claim not found", rule.Claim)
+				}
+				lhs = v
+			}
+		} else if lhsMap, isMap := incomingClaims.(map[string]any); isMap {
+			v, present := lhsMap[rule.Claim]
+			if !present {
+				return fmt.Errorf("claim rule on %q couldn't be satisfied: claim not found", rule.Claim)
+			}
+			lhs = v
+		} else {
+			return fmt.Errorf("unexpected incoming claims type: %T", incomingClaims)
+		}
+
+		switch rule.Comparison {
+		case auth_model.ClaimEqual:
+			lhsStr, ok := lhs.(string)
+			if !ok {
+				return fmt.Errorf("claim %q must be a string, but was %T", rule.Claim, lhs)
+			} else if lhsStr != rule.Value {
+				return fmt.Errorf("claim %q must be %q, but was %q", rule.Claim, rule.Value, lhsStr)
+			}
+		case auth_model.ClaimGlob:
+			lhsStr, ok := lhs.(string)
+			if !ok {
+				return fmt.Errorf("claim %q must be a string, but was %T", rule.Claim, lhs)
+			}
+			r, err := glob.Compile(rule.Value)
+			if err != nil {
+				return fmt.Errorf("unable to parse glob for claim rule on %q; glob = %q, err = %w", rule.Claim, rule.Value, err)
+			}
+			if !r.Match(lhsStr) {
+				return fmt.Errorf("claim %q must match glob %q, but value %q did not match", rule.Claim, rule.Value, lhsStr)
+			}
+		case auth_model.ClaimNested:
+			lhsMap, ok := lhs.(map[string]any)
+			if !ok {
+				return fmt.Errorf("claim %q must be a map, but was %T", rule.Claim, lhs)
+			} else if err := a.checkClaims(lhsMap, rule.Nested); err != nil {
+				return fmt.Errorf("in nested claim %q: %w", rule.Claim, err)
+			}
+		}
+	}
+
+	return nil
+}
diff --git a/services/auth/method/authorized_integration_claims.go b/services/auth/method/authorized_integration_claims.go
new file mode 100644
index 0000000000..1518683ca8
--- /dev/null
+++ b/services/auth/method/authorized_integration_claims.go
@@ -0,0 +1,109 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	"fmt"
+	"maps"
+
+	"forgejo.org/modules/json"
+
+	"github.com/golang-jwt/jwt/v5"
+)
+
+// Structure for inspecting the standard claims of a JWT (jwt.RegisteredClaims), which also stores any provided
+// service-defined claims in an unstructured map[string]any.
+type flexibleClaims struct {
+	jwt.RegisteredClaims
+	other map[string]any
+}
+
+// Populate a [flexibleClaims] from JSON data, implementing [json.Unmarshaler].
+func (a *flexibleClaims) UnmarshalJSON(b []byte) error {
+	var s map[string]any
+	if err := json.Unmarshal(b, &s); err != nil {
+		return err
+	}
+
+	var rc jwt.RegisteredClaims
+	other := map[string]any{}
+	for k, v := range s {
+		switch k {
+		case "iss":
+			str, ok := v.(string)
+			if !ok {
+				return fmt.Errorf("expected `iss` to be string, but was %v", v)
+			}
+			rc.Issuer = str
+		case "sub":
+			str, ok := v.(string)
+			if !ok {
+				return fmt.Errorf("expected `sub` to be string, but was %v", v)
+			}
+			rc.Subject = str
+		case "aud":
+			b, err := json.Marshal(v)
+			if err != nil {
+				return fmt.Errorf("uanble to return `aud` to []byte: %w", err)
+			}
+			if err := json.Unmarshal(b, &rc.Audience); err != nil {
+				return fmt.Errorf("uanble to decode `aud: %w", err)
+			}
+		case "exp":
+			b, err := json.Marshal(v)
+			if err != nil {
+				return fmt.Errorf("uanble to return `exp` to []byte: %w", err)
+			}
+			if err := json.Unmarshal(b, &rc.ExpiresAt); err != nil {
+				return fmt.Errorf("uanble to decode `exp: %w", err)
+			}
+		case "nbf":
+			b, err := json.Marshal(v)
+			if err != nil {
+				return fmt.Errorf("uanble to return `nbf` to []byte: %w", err)
+			}
+			if err := json.Unmarshal(b, &rc.NotBefore); err != nil {
+				return fmt.Errorf("uanble to decode `nbf: %w", err)
+			}
+		case "iat":
+			b, err := json.Marshal(v)
+			if err != nil {
+				return fmt.Errorf("uanble to return `iat` to []byte: %w", err)
+			}
+			if err := json.Unmarshal(b, &rc.IssuedAt); err != nil {
+				return fmt.Errorf("uanble to decode `iat: %w", err)
+			}
+		case "jti":
+			str, ok := v.(string)
+			if !ok {
+				return fmt.Errorf("expected `jti` to be string, but was %v", v)
+			}
+			rc.ID = str
+		default:
+			other[k] = v
+		}
+	}
+
+	a.RegisteredClaims = rc
+	a.other = other
+
+	return nil
+}
+
+// Marshal flexibleClaims to JSON, merging both the registered claims and the additional claims into a map.
+func (a flexibleClaims) MarshalJSON() ([]byte, error) {
+	rcJSON, err := json.Marshal(a.RegisteredClaims)
+	if err != nil {
+		return nil, err
+	}
+
+	var fullMap map[string]any
+	err = json.Unmarshal(rcJSON, &fullMap)
+	if err != nil {
+		return nil, err
+	}
+	maps.Copy(fullMap, a.other)
+
+	return json.Marshal(fullMap)
+}
diff --git a/services/auth/method/authorized_integration_claims_test.go b/services/auth/method/authorized_integration_claims_test.go
new file mode 100644
index 0000000000..399bb6138e
--- /dev/null
+++ b/services/auth/method/authorized_integration_claims_test.go
@@ -0,0 +1,149 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	"testing"
+	"time"
+
+	"forgejo.org/modules/json"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// Real-world Forgejo Actions claims, Forgejo v15
+const forgejoClaims = `
+{
+  "actor": "coolguy",
+  "aud": "https://example.org/-/coolguy/authorized-integration/346e1496",
+  "base_ref": "main",
+  "event_name": "pull_request",
+  "exp": 1776979110,
+  "head_ref": "forgejo-oidc-test",
+  "iat": 1776975510,
+  "iss": "https://example.org/api/actions",
+  "nbf": 1776975510,
+  "ref": "refs/pull/113/head",
+  "ref_protected": "false",
+  "ref_type": "",
+  "repository": "coolguy/test",
+  "repository_owner": "coolguy",
+  "run_attempt": "4",
+  "run_id": "3572",
+  "run_number": "2054",
+  "sha": "d4083cc0f4e7452dc00f7a5f73ec5486a549adb9",
+  "sub": "repo:coolguy/test:pull_request",
+  "workflow": "main.yml",
+  "workflow_ref": "coolguy/test/.forgejo/workflows/main.yml@refs/pull/113/head"
+}
+`
+
+// Real-world GitHub Actions claims
+const githubClaims = `
+{
+  "actor": "coolguy",
+  "actor_id": "91093",
+  "aud": "https://example.org/-/coolguy/authorized-integration/6cc55ba0",
+  "base_ref": "main",
+  "check_run_id": "72783197645",
+  "event_name": "pull_request",
+  "exp": 1776980496,
+  "head_ref": "github-oidc-test",
+  "iat": 1776980196,
+  "iss": "https://token.actions.githubusercontent.com",
+  "job_workflow_ref": "coolguy/forgejo-runner-testrepo/.github/workflows/main.yml@refs/pull/3/merge",
+  "job_workflow_sha": "62a34e2bf42fda53a0209bfd485dcab3013b1160",
+  "jti": "83545042-379e-4328-8e60-3b6d46594a5f",
+  "nbf": 1776979896,
+  "ref": "refs/pull/3/merge",
+  "ref_protected": "false",
+  "ref_type": "branch",
+  "repository": "coolguy/forgejo-runner-testrepo",
+  "repository_id": "1113890566",
+  "repository_owner": "coolguy",
+  "repository_owner_id": "91093",
+  "repository_visibility": "private",
+  "run_attempt": "8",
+  "run_id": "24846522812",
+  "run_number": "10",
+  "runner_environment": "github-hosted",
+  "sha": "62a34e2bf42fda53a0209bfd485dcab3013b1160",
+  "sub": "repo:coolguy/forgejo-runner-testrepo:pull_request",
+  "workflow": ".github/workflows/main.yml",
+  "workflow_ref": "coolguy/forgejo-runner-testrepo/.github/workflows/main.yml@refs/pull/3/merge",
+  "workflow_sha": "62a34e2bf42fda53a0209bfd485dcab3013b1160"
+}
+`
+
+// Real-world AWS Federated Web Identity claims
+const awsClaims = `
+{
+  "aud": "https://example.org/-/coolguy/authorized-integration/7895835c",
+  "sub": "arn:aws:iam::1234567890:role/service-role/forgejo-oidc-accepting-test-role-x7t3fgko",
+  "https://sts.amazonaws.com/": {
+    "aws_account": "1234567890",
+    "original_session_exp": "2026-04-24T09:34:34Z",
+    "source_region": "us-west-2",
+    "principal_id": "arn:aws:iam::1234567890:role/service-role/forgejo-oidc-accepting-test-role-x7t3fgko",
+    "lambda_source_function_arn": "arn:aws:lambda:us-west-2:1234567890:function:forgejo-oidc-accepting-test"
+  },
+  "iss": "https://a103a2cc-b461-473d-84fe-6c4f6d45af88.tokens.sts.global.api.aws",
+  "exp": 1776980375,
+  "iat": 1776980075,
+  "jti": "0afcbeb7-512d-479f-b596-703c03ae65a5"
+}
+`
+
+func TestFlexibleClaimsUnmarshal(t *testing.T) {
+	t.Run("Forgejo", func(t *testing.T) {
+		var retval flexibleClaims
+		data := []byte(forgejoClaims)
+		require.NoError(t, json.Unmarshal(data, &retval))
+		// assert the claims that are handled specially in flexibleClaims UnmarshalJSON
+		assert.Equal(t, "https://example.org/api/actions", retval.Issuer)
+		assert.Equal(t, "repo:coolguy/test:pull_request", retval.Subject)
+		assert.Equal(t, jwt.ClaimStrings{"https://example.org/-/coolguy/authorized-integration/346e1496"}, retval.Audience)
+		assert.Equal(t, &jwt.NumericDate{Time: time.Date(2026, time.April, 23, 21, 18, 30, 0, time.Local)}, retval.ExpiresAt)
+		assert.Equal(t, &jwt.NumericDate{Time: time.Date(2026, time.April, 23, 20, 18, 30, 0, time.Local)}, retval.NotBefore)
+		assert.Equal(t, &jwt.NumericDate{Time: time.Date(2026, time.April, 23, 20, 18, 30, 0, time.Local)}, retval.IssuedAt)
+		assert.Empty(t, retval.ID)
+		// short check that the 'other' claims were stored as well
+		assert.Equal(t, "d4083cc0f4e7452dc00f7a5f73ec5486a549adb9", retval.other["sha"])
+		assert.Len(t, retval.other, 15)
+	})
+	t.Run("GitHub", func(t *testing.T) {
+		var retval flexibleClaims
+		data := []byte(githubClaims)
+		require.NoError(t, json.Unmarshal(data, &retval))
+		// assert the claims that are handled specially in flexibleClaims UnmarshalJSON
+		assert.Equal(t, "https://token.actions.githubusercontent.com", retval.Issuer)
+		assert.Equal(t, "repo:coolguy/forgejo-runner-testrepo:pull_request", retval.Subject)
+		assert.Equal(t, jwt.ClaimStrings{"https://example.org/-/coolguy/authorized-integration/6cc55ba0"}, retval.Audience)
+		assert.Equal(t, &jwt.NumericDate{Time: time.Date(2026, time.April, 23, 21, 41, 36, 0, time.Local)}, retval.ExpiresAt)
+		assert.Equal(t, &jwt.NumericDate{Time: time.Date(2026, time.April, 23, 21, 31, 36, 0, time.Local)}, retval.NotBefore)
+		assert.Equal(t, &jwt.NumericDate{Time: time.Date(2026, time.April, 23, 21, 36, 36, 0, time.Local)}, retval.IssuedAt)
+		assert.Equal(t, "83545042-379e-4328-8e60-3b6d46594a5f", retval.ID)
+		// short check that the 'other' claims were stored as well
+		assert.Equal(t, "62a34e2bf42fda53a0209bfd485dcab3013b1160", retval.other["sha"])
+		assert.Len(t, retval.other, 24)
+	})
+	t.Run("AWS", func(t *testing.T) {
+		var retval flexibleClaims
+		data := []byte(awsClaims)
+		require.NoError(t, json.Unmarshal(data, &retval))
+		// assert the claims that are handled specially in flexibleClaims UnmarshalJSON
+		assert.Equal(t, "https://a103a2cc-b461-473d-84fe-6c4f6d45af88.tokens.sts.global.api.aws", retval.Issuer)
+		assert.Equal(t, "arn:aws:iam::1234567890:role/service-role/forgejo-oidc-accepting-test-role-x7t3fgko", retval.Subject)
+		assert.Equal(t, jwt.ClaimStrings{"https://example.org/-/coolguy/authorized-integration/7895835c"}, retval.Audience)
+		assert.Equal(t, &jwt.NumericDate{Time: time.Date(2026, time.April, 23, 21, 39, 35, 0, time.Local)}, retval.ExpiresAt)
+		assert.Nil(t, retval.NotBefore)
+		assert.Equal(t, &jwt.NumericDate{Time: time.Date(2026, time.April, 23, 21, 34, 35, 0, time.Local)}, retval.IssuedAt)
+		assert.Equal(t, "0afcbeb7-512d-479f-b596-703c03ae65a5", retval.ID)
+		// short check that the 'other' claims were stored as well
+		assert.Equal(t, "1234567890", retval.other["https://sts.amazonaws.com/"].(map[string]any)["aws_account"])
+		assert.Len(t, retval.other, 1)
+	})
+}
diff --git a/services/auth/method/authorized_integration_oidc.go b/services/auth/method/authorized_integration_oidc.go
new file mode 100644
index 0000000000..2e35b63ace
--- /dev/null
+++ b/services/auth/method/authorized_integration_oidc.go
@@ -0,0 +1,20 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+// Response structure for a JWT issuer's `${iss}/.well-known/openid-configuration` URL endpoint; this is pared down to
+// the relevant entries for authorized integrations to inspect from the remote issuer.
+type openIDConfiguration struct {
+	Issuer                           string   `json:"issuer"`
+	JwksURI                          string   `json:"jwks_uri"`
+	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
+}
+
+// Response structure for a JSON Web Key Set, which is typically read from the JwksURI field of [openIDConfiguration].
+type openIDKeys struct {
+	// Typically map[string]string, for fields like "kty", "alg", "use", "kid", "n", "e", but also string:any for fields
+	// like x5c which are []string. We currently don't parse any fields that aren't string, but we need to Unmarshal
+	// into this field successfully in those cases.
+	Keys []map[string]any `json:"keys"`
+}
diff --git a/services/auth/method/authorized_integration_oidc_test.go b/services/auth/method/authorized_integration_oidc_test.go
new file mode 100644
index 0000000000..b394ab0c01
--- /dev/null
+++ b/services/auth/method/authorized_integration_oidc_test.go
@@ -0,0 +1,273 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	"testing"
+
+	"forgejo.org/modules/json"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// Real-world Forgejo Actions .well-known/openid-configuration from Forgejo v15
+const forgejoOIDC = `
+{
+    "issuer": "https://example.org/api/actions",
+    "jwks_uri": "https://example.org/api/actions/.well-known/keys",
+    "subject_types_supported": [
+        "public"
+    ],
+    "response_types_supported": [
+        "id_token"
+    ],
+    "claims_supported": [
+        "sub",
+        "aud",
+        "exp",
+        "iat",
+        "iss",
+        "nbf",
+        "actor",
+        "base_ref",
+        "event_name",
+        "head_ref",
+        "ref",
+        "ref_protected",
+        "ref_type",
+        "repository",
+        "repository_owner",
+        "run_attempt",
+        "run_id",
+        "run_number",
+        "sha",
+        "workflow",
+        "workflow_ref"
+    ],
+    "id_token_signing_alg_values_supported": [
+        "RS256"
+    ],
+    "scopes_supported": [
+        "openid"
+    ]
+}
+`
+
+// Real-world Forgejo Actions JWKS from Forgejo v15
+const forgejoJWKS = `
+{
+    "keys": [
+        {
+            "alg": "RS256",
+            "e": "AQAB",
+            "kid": "SNNttXGzw6l53JC158lXddjSjQ5bJ9bdTTqTi12gaLY",
+            "kty": "RSA",
+            "n": "7RL963BVzemasfImhlR3KUX97YdA7g3SBnq_ZLzcdxLXPGDhsnSoxMX7gY30b1qpQlML8yiAyz_gxUydiVlqpEEPypR9lfKtZXv4JTM-X2rccegcreUyfFJnFuzVUoY7SVEzAulLUwqP8MH8kxDI7JZRQ8_JIjm9IxEuWCSc3XnVxNCTS2XEdHsug_Kt6SQdcH8xL9U2w0EHAUna9KkLAl6_PzBg1JxIQDHQtfp_CN7YNyoyilH88XAGEeQm0fLz6GH7hhyw6y1b9NprYIxNrdD4Pb1b66j4K--bCJy530UmEAlfLbCiDCh4k78TPUnU_YwwT4ujC0t28zoHNB3Y0w",
+            "use": "sig"
+        }
+    ]
+}
+`
+
+// Real-world GitHub Actions /.well-known/openid-configuration
+const githubOIDC = `
+{
+    "issuer": "https://token.actions.githubusercontent.com",
+    "jwks_uri": "https://token.actions.githubusercontent.com/.well-known/jwks",
+    "subject_types_supported": [
+        "public",
+        "pairwise"
+    ],
+    "response_types_supported": [
+        "id_token"
+    ],
+    "claims_supported": [
+        "sub",
+        "aud",
+        "exp",
+        "iat",
+        "iss",
+        "jti",
+        "nbf",
+        "ref",
+        "sha",
+        "repository",
+        "repository_id",
+        "repository_owner",
+        "repository_owner_id",
+        "enterprise",
+        "enterprise_id",
+        "run_id",
+        "run_number",
+        "run_attempt",
+        "actor",
+        "actor_id",
+        "workflow",
+        "workflow_ref",
+        "workflow_sha",
+        "head_ref",
+        "base_ref",
+        "event_name",
+        "ref_type",
+        "ref_protected",
+        "environment",
+        "environment_node_id",
+        "job_workflow_ref",
+        "job_workflow_sha",
+        "repository_visibility",
+        "runner_environment",
+        "issuer_scope",
+        "check_run_id"
+    ],
+    "id_token_signing_alg_values_supported": [
+        "RS256"
+    ],
+    "scopes_supported": [
+        "openid"
+    ]
+}
+`
+
+// Real-world GitHub Actions JWKS
+const githubJWKS = `
+{
+    "keys": [
+        {
+            "kty": "RSA",
+            "alg": "RS256",
+            "use": "sig",
+            "kid": "cc413527-173f-5a05-976e-9c52b1d7b431",
+            "n": "w4M936N3ZxNaEblcUoBm-xu0-V9JxNx5S7TmF0M3SBK-2bmDyAeDdeIOTcIVZHG-ZX9N9W0u1yWafgWewHrsz66BkxXq3bscvQUTAw7W3s6TEeYY7o9shPkFfOiU3x_KYgOo06SpiFdymwJflRs9cnbaU88i5fZJmUepUHVllP2tpPWTi-7UA3AdP3cdcCs5bnFfTRKzH2W0xqKsY_jIG95aQJRBDpbiesefjuyxcQnOv88j9tCKWzHpJzRKYjAUM6OPgN4HYnaSWrPJj1v41eEkFM1kORuj-GSH2qMVD02VklcqaerhQHIqM-RjeHsN7G05YtwYzomE5G-fZuwgvQ",
+            "e": "AQAB"
+        },
+        {
+            "kty": "RSA",
+            "alg": "RS256",
+            "use": "sig",
+            "kid": "38826b17-6a30-5f9b-b169-8beb8202f723",
+            "n": "5Manmy-zwsk3wEftXNdKFZec4rSWENW4jTGevlvAcU9z3bgLBogQVvqYLtu9baVm2B3rfe5onadobq8po5UakJ0YsTiiEfXWdST7YI2Sdkvv-hOYMcZKYZ4dFvuSO1vQ2DgEkw_OZNiYI1S518MWEcNxnPU5u67zkawAGsLlmXNbOylgVfBRJrG8gj6scr-sBs4LaCa3kg5IuaCHe1pB-nSYHovGV_z0egE83C098FfwO1dNZBWeo4Obhb5Z-ZYFLJcZfngMY0zJnCVNmpHQWOgxfGikh3cwi4MYrFrbB4NTlxbrQ3bL-rGKR5X318veyDlo8Dyz2KWMobT4wB9U1Q",
+            "e": "AQAB",
+            "x5c": [
+                "MIIDKzCCAhOgAwIBAgIUDnwm6eRIqGFA3o/P1oBrChvx/nowDQYJKoZIhvcNAQELBQAwJTEjMCEGA1UEAwwaYWN0aW9ucy5zZWxmLXNpZ25lZC5naXRodWIwHhcNMjQwMTIzMTUyNTM2WhcNMzQwMTIwMTUyNTM2WjAlMSMwIQYDVQQDDBphY3Rpb25zLnNlbGYtc2lnbmVkLmdpdGh1YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOTGp5svs8LJN8BH7VzXShWXnOK0lhDVuI0xnr5bwHFPc924CwaIEFb6mC7bvW2lZtgd633uaJ2naG6vKaOVGpCdGLE4ohH11nUk+2CNknZL7/oTmDHGSmGeHRb7kjtb0Ng4BJMPzmTYmCNUudfDFhHDcZz1Obuu85GsABrC5ZlzWzspYFXwUSaxvII+rHK/rAbOC2gmt5IOSLmgh3taQfp0mB6Lxlf89HoBPNwtPfBX8DtXTWQVnqODm4W+WfmWBSyXGX54DGNMyZwlTZqR0FjoMXxopId3MIuDGKxa2weDU5cW60N2y/qxikeV99fL3sg5aPA8s9iljKG0+MAfVNUCAwEAAaNTMFEwHQYDVR0OBBYEFIPALo5VanJ6E1B9eLQgGO+uGV65MB8GA1UdIwQYMBaAFIPALo5VanJ6E1B9eLQgGO+uGV65MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAGS0hZE+DqKIRi49Z2KDOMOaSZnAYgqq6ws9HJHT09MXWlMHB8E/apvy2ZuFrcSu14ZLweJid+PrrooXEXEO6azEakzCjeUb9G1QwlzP4CkTcMGCw1Snh3jWZIuKaw21f7mp2rQ+YNltgHVDKY2s8AD273E8musEsWxJl80/MNvMie8Hfh4n4/Xl2r6t1YPmUJMoXAXdTBb0hkPy1fUu3r2T+1oi7Rw6kuVDfAZjaHupNHzJeDOg2KxUoK/GF2/M2qpVrd19Pv/JXNkQXRE4DFbErMmA7tXpp1tkXJRPhFui/Pv5H9cPgObEf9x6W4KnCXzT3ReeeRDKF8SqGTPELsc="
+            ],
+            "x5t": "ykNaY4qM_ta4k2TgZOCEYLkcYlA"
+        },
+        {
+            "kty": "RSA",
+            "alg": "RS256",
+            "use": "sig",
+            "kid": "38E9B30B3A023A1B72309921A69A42FCC496C42C",
+            "n": "tEq2Fp9HcdT5MwMsB_UTm8j_woJJLi3sA-y0RX2tioTm581seyfvOH6lJ5JmHVtS-_fb8B2tRT1pznHQSNq14PsJdu9bp5egbWmIz-5RvhqoM-oKem_MJENCNFuqXijRLT47FRdfH3inqde1vJlA_JJHCqYMKIpHH7kqNFYcCpwr0vk80Hc2rTyL0uBXI7NqBZbtUgNoyucWO5O7QQrPNOmlr-GI8aFckFRfobCaCOiH9qW02FtkV74fwBGVCNhNf3a1CK81-O8xEGimvVydI_pQA5B8QqVuQjY_ntOu555HdirA0hKkY6fsE9eZCMFmWDHZ2kSWLjhabxWxIzSzXQ",
+            "e": "AQAB",
+            "x5c": [
+                "MIIDrDCCApSgAwIBAgIQbuIOJTcGQ4GOQs29F1/uLzANBgkqhkiG9w0BAQsFADA2MTQwMgYDVQQDEyt2c3RzLXZzdHNnaHJ0LWdoLXZzby1vYXV0aC52aXN1YWxzdHVkaW8uY29tMB4XDTI1MDkxMTE5MzcxOFoXDTI3MDkxMTE5NDcxOFowNjE0MDIGA1UEAxMrdnN0cy12c3RzZ2hydC1naC12c28tb2F1dGgudmlzdWFsc3R1ZGlvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRKthafR3HU+TMDLAf1E5vI/8KCSS4t7APstEV9rYqE5ufNbHsn7zh+pSeSZh1bUvv32/AdrUU9ac5x0EjateD7CXbvW6eXoG1piM/uUb4aqDPqCnpvzCRDQjRbql4o0S0+OxUXXx94p6nXtbyZQPySRwqmDCiKRx+5KjRWHAqcK9L5PNB3Nq08i9LgVyOzagWW7VIDaMrnFjuTu0EKzzTppa/hiPGhXJBUX6Gwmgjoh/altNhbZFe+H8ARlQjYTX92tQivNfjvMRBopr1cnSP6UAOQfEKlbkI2P57TrueeR3YqwNISpGOn7BPXmQjBZlgx2dpEli44Wm8VsSM0s10CAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNgYDVR0RBC8wLYIrdnN0cy12c3RzZ2hydC1naC12c28tb2F1dGgudmlzdWFsc3R1ZGlvLmNvbTAfBgNVHSMEGDAWgBQLxdObdnfWzaBcxau87tdSUtEuQjAdBgNVHQ4EFgQUC8XTm3Z31s2gXMWrvO7XUlLRLkIwDQYJKoZIhvcNAQELBQADggEBAD2Eo703wXQgB2vJn/RwTTcHGkeMkYXm0mWCxOSh4iCKVvqypBJrmLzRkMMJN0/10qIGciYWUl6EkL7yj48tpXXH01Ep0ONDdo9UYmKGp81Z4j3u3FBJTVQSdj2tnPOPZlYWaBkerIkcIeyWBRKvne1UBaobbk84epfBmUfAMFmyJEk+x+q7cqmsbjDtdrmhiWaInqCijpS2dW2MitJ5F7tBBS26SMTqLQteA2IOwIW1BMlYIPuSO3dKn/rYVS8RjL+x+MxP98vla5sichoEZwVWnXiXgFZ4n/asGqc+Da9q6ILLtInvgI5bi7kjJJ2ARTRC5/a+J/v3EL+t8SdnOO8="
+            ],
+            "x5t": "OOmzCzoCOhtyMJkhpppC_MSWxCw"
+        },
+        {
+            "kty": "RSA",
+            "alg": "RS256",
+            "use": "sig",
+            "kid": "4F3E9AD8C9A6F5EB3173006F4FA630E28F43DCE9",
+            "n": "tGevqhkBGn8NB0dKxs8Ddxhn-xZPm55svcSlkJZEOwDOXDLl_0-iVOVKNJfcHHLHvMqa6zh2DDcpAWZi2FpeBAJupsrymqwzllxOODWKWoVIoaIjOO7h1JLiF9Knwuq-o6BPtKdwOT-bOrXRzChMtQsc5C1Auex-D0Z6loObBuK1Lkm0RK9ISQsLqBEwq8g0OOupI_shU1r2rT2G0nkZ0CvxVlQeUGShFi8Mdys2s5LPqBwjC4LKwjk8moWQV32KEccbTPKxnG_539DxRglHJgHPHisSVGsfZIUXi2chtXdQHZPdVve8ZRmknCykZtkJ6K87llSUXi7oyzhCIZdiUQ",
+            "e": "AQAB",
+            "x5c": [
+                "MIIDrDCCApSgAwIBAgIQPQS35v3ITW6fNLO8GX5QBjANBgkqhkiG9w0BAQsFADA2MTQwMgYDVQQDEyt2c3RzLXZzdHNnaHJ0LWdoLXZzby1vYXV0aC52aXN1YWxzdHVkaW8uY29tMB4XDTI1MDgwNjE0MTEzMloXDTI3MDgwNjE0MjEzMlowNjE0MDIGA1UEAxMrdnN0cy12c3RzZ2hydC1naC12c28tb2F1dGgudmlzdWFsc3R1ZGlvLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRnr6oZARp/DQdHSsbPA3cYZ/sWT5uebL3EpZCWRDsAzlwy5f9PolTlSjSX3Bxyx7zKmus4dgw3KQFmYthaXgQCbqbK8pqsM5ZcTjg1ilqFSKGiIzju4dSS4hfSp8LqvqOgT7SncDk/mzq10cwoTLULHOQtQLnsfg9GepaDmwbitS5JtESvSEkLC6gRMKvINDjrqSP7IVNa9q09htJ5GdAr8VZUHlBkoRYvDHcrNrOSz6gcIwuCysI5PJqFkFd9ihHHG0zysZxv+d/Q8UYJRyYBzx4rElRrH2SFF4tnIbV3UB2T3Vb3vGUZpJwspGbZCeivO5ZUlF4u6Ms4QiGXYlECAwEAAaOBtTCBsjAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwNgYDVR0RBC8wLYIrdnN0cy12c3RzZ2hydC1naC12c28tb2F1dGgudmlzdWFsc3R1ZGlvLmNvbTAfBgNVHSMEGDAWgBRKoYOga736JYE15vT7b4gWjC1hwTAdBgNVHQ4EFgQUSqGDoGu9+iWBNeb0+2+IFowtYcEwDQYJKoZIhvcNAQELBQADggEBAJVZIPtoZUlvqgu+Pl0nj8WopA8iuy1m7JRg5fg+bOIGFhXFR8+mH8prpeodjUQ40q2Hq6IwnVir+G56zVwAPf2HHksqdp8be9qjkTjD0mJorPCt/lumrKoNGOVmYffYuIyr73hwsl8fN6sGjAyXLFBkozE4s5ssbeodFxiYE1A61SXnzldC00M7qWleMWjTUBixiZ+R/eroddkLNBGDv9ewDrTQv1ipNec89+Wi7Wb6SAXNxBADiC5kVlFylBgHo3oZNg3KFzZS01REyc4zdH7v1wfZzilLluI6ygTyYRYpJCsKrX5D9JW196f2PCzcs+VXMfneRDnvyfjep7Y1Pi8="
+            ],
+            "x5t": "Tz6a2Mmm9esxcwBvT6Yw4o9D3Ok"
+        }
+    ]
+}
+`
+
+// Real-world .well-known/openid-configuration extracted from a AWS Federated Web Identity endpoint.
+const awsOIDC = `
+{
+    "claims_supported": [
+        "sub",
+        "iss",
+        "aud",
+        "exp",
+        "iat",
+        "jti",
+        "https://sts.amazonaws.com/"
+    ],
+    "id_token_signing_alg_values_supported": [
+        "RS256",
+        "ES384"
+    ],
+    "issuer": "https://a103a2cc-b461-473d-84fe-6c4f6d45af88.tokens.sts.global.api.aws",
+    "jwks_uri": "https://a103a2cc-b461-473d-84fe-6c4f6d45af88.tokens.sts.global.api.aws/.well-known/jwks.json",
+    "subject_types_supported": [
+        "public"
+    ]
+}
+`
+
+// Real-world JWKS extracted from a AWS Federated Web Identity endpoint.
+const awsJWKS = `
+{
+    "keys": [
+        {
+            "e": "AQAB",
+            "kid": "RSA_0",
+            "kty": "RSA",
+            "n": "3AvB0UECoYssZEgSMTa4SYvfqstJxkhbBBSKAFRUW6f_McJ9CAXkTi6YkG0NGm77ZIRW12_gOLKZJUHWp9CMAbmk0O4sMIx8K6Ap7-6qjkt7FYvl4mkQVJd-pU-yE3SJn0S5xEbCYXulgrrGN8POysTblqN0BfrdDAYTVhWQ47rbm--3QrRcVN9XCjlMBVXYauaN6KlszKL6NTe7GWilauYBsVHw7d4ekliuEGGA6zJNGz595KD7yofRc1euFs86KgiFj0mpudCqG39jIlBJ4vZSJPw1Rsvhg8THqlxhmurVYr9TuckLJa5fpEL78xGs3Ar4GIM6w0sxLDbdY-KdCQ",
+            "use": "sig"
+        },
+        {
+            "alg": "ES384",
+            "crv": "P-384",
+            "kid": "EC384_0",
+            "kty": "EC",
+            "use": "sig",
+            "x": "ad_olFw0n3XBA114sefjlirPf2gX6bKqT-kD2lQzfQzkWW1TetKIUWah3md-UgV9",
+            "y": "w6GzW2Oen4G7Ei1bFaDkBpPSulvkSznb6YtG79NWK9UjgDqfN6am9lUs-bF8VN7v"
+        }
+    ]
+}
+`
+
+func TestParseOpenIDConfiguration(t *testing.T) {
+	t.Run("Forgejo", func(t *testing.T) {
+		var retval openIDConfiguration
+		data := []byte(forgejoOIDC)
+		require.NoError(t, json.Unmarshal(data, &retval))
+		assert.Equal(t, "https://example.org/api/actions/.well-known/keys", retval.JwksURI)
+	})
+	t.Run("GitHub", func(t *testing.T) {
+		var retval openIDConfiguration
+		data := []byte(githubOIDC)
+		require.NoError(t, json.Unmarshal(data, &retval))
+		assert.Equal(t, "https://token.actions.githubusercontent.com/.well-known/jwks", retval.JwksURI)
+	})
+	t.Run("AWS", func(t *testing.T) {
+		var retval openIDConfiguration
+		data := []byte(awsOIDC)
+		require.NoError(t, json.Unmarshal(data, &retval))
+		assert.Equal(t, "https://a103a2cc-b461-473d-84fe-6c4f6d45af88.tokens.sts.global.api.aws/.well-known/jwks.json", retval.JwksURI)
+	})
+}
+
+func TestParseJSONWebKeySet(t *testing.T) {
+	t.Run("Forgejo", func(t *testing.T) {
+		var retval openIDKeys
+		data := []byte(forgejoJWKS)
+		require.NoError(t, json.Unmarshal(data, &retval))
+		assert.Len(t, retval.Keys, 1)
+	})
+	t.Run("GitHub", func(t *testing.T) {
+		var retval openIDKeys
+		data := []byte(githubJWKS)
+		require.NoError(t, json.Unmarshal(data, &retval))
+		assert.Len(t, retval.Keys, 4)
+	})
+	t.Run("AWS", func(t *testing.T) {
+		var retval openIDKeys
+		data := []byte(awsJWKS)
+		require.NoError(t, json.Unmarshal(data, &retval))
+		assert.Len(t, retval.Keys, 2)
+	})
+}
diff --git a/services/auth/method/authorized_integration_test.go b/services/auth/method/authorized_integration_test.go
new file mode 100644
index 0000000000..46048573ad
--- /dev/null
+++ b/services/auth/method/authorized_integration_test.go
@@ -0,0 +1,723 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package method
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"path/filepath"
+	"strings"
+	"testing"
+	"time"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/jwtx"
+	"forgejo.org/modules/test"
+	"forgejo.org/services/auth"
+
+	"github.com/golang-jwt/jwt/v5"
+	gouuid "github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestCheckClaims(t *testing.T) {
+	ai := &AuthorizedIntegration{}
+	rules := func(rule ...auth_model.ClaimRule) *auth_model.ClaimRules {
+		return &auth_model.ClaimRules{Rules: rule}
+	}
+	eq := func(claim, value string) auth_model.ClaimRule {
+		return auth_model.ClaimRule{
+			Claim:      claim,
+			Comparison: auth_model.ClaimEqual,
+			Value:      value,
+		}
+	}
+	glob := func(claim, value string) auth_model.ClaimRule {
+		return auth_model.ClaimRule{
+			Claim:      claim,
+			Comparison: auth_model.ClaimGlob,
+			Value:      value,
+		}
+	}
+	nest := func(claim string, inner ...auth_model.ClaimRule) auth_model.ClaimRule {
+		return auth_model.ClaimRule{
+			Claim:      claim,
+			Comparison: auth_model.ClaimNested,
+			Nested:     rules(inner...),
+		}
+	}
+
+	t.Run("nil claims", func(t *testing.T) {
+		require.NoError(t, ai.checkClaims(map[string]any{}, nil))
+	})
+
+	t.Run("flexibleClaims's fixed and other fields", func(t *testing.T) {
+		t.Run("iss", func(t *testing.T) {
+			c := &flexibleClaims{}
+			rules := rules(eq("iss", "https://example.org"))
+
+			c.Issuer = "https://example.org"
+			require.NoError(t, ai.checkClaims(c, rules))
+
+			c.Issuer = "https://other.example.org"
+			require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"iss\" must be \"https://example.org\", but was \"https://other.example.org\"")
+		})
+
+		t.Run("sub", func(t *testing.T) {
+			c := &flexibleClaims{}
+			rules := rules(eq("sub", "my-stuff"))
+
+			c.Subject = "my-stuff"
+			require.NoError(t, ai.checkClaims(c, rules))
+
+			c.Subject = "my-other-stuff"
+			require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"sub\" must be \"my-stuff\", but was \"my-other-stuff\"")
+		})
+
+		t.Run("jti", func(t *testing.T) {
+			c := &flexibleClaims{}
+			rules := rules(eq("jti", "7d9a2e85-6b8d-4b59-bca0-09d702476338"))
+
+			c.ID = "7d9a2e85-6b8d-4b59-bca0-09d702476338"
+			require.NoError(t, ai.checkClaims(c, rules))
+
+			c.ID = "8855d16c-cd5f-4ace-b626-5c5875e1a993"
+			require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"jti\" must be \"7d9a2e85-6b8d-4b59-bca0-09d702476338\", but was \"8855d16c-cd5f-4ace-b626-5c5875e1a993\"")
+		})
+
+		t.Run("aud", func(t *testing.T) {
+			c := &flexibleClaims{}
+			rules := rules(eq("aud", "the-best-audience"))
+
+			c.Audience = jwt.ClaimStrings{"the-best-audience"}
+			require.NoError(t, ai.checkClaims(c, rules))
+
+			c.Audience = jwt.ClaimStrings{"something-else"}
+			require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"aud\" must be \"the-best-audience\", but was \"something-else\"")
+
+			c.Audience = jwt.ClaimStrings{"aud1", "aud2"}
+			require.ErrorContains(t, ai.checkClaims(c, rules), "required one and only one `aud` claim, but received 2")
+		})
+
+		t.Run("arbitrary field", func(t *testing.T) {
+			c := &flexibleClaims{other: map[string]any{}}
+			rules := rules(eq("arbitrary", "abc"))
+
+			c.other["arbitrary"] = "abc"
+			require.NoError(t, ai.checkClaims(c, rules))
+
+			c.other["arbitrary"] = "123"
+			require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"arbitrary\" must be \"abc\", but was \"123\"")
+
+			delete(c.other, "arbitrary")
+			require.ErrorContains(t, ai.checkClaims(c, rules), "claim rule on \"arbitrary\" couldn't be satisfied: claim not found")
+		})
+	})
+
+	t.Run("map[string]any input", func(t *testing.T) {
+		t.Run("arbitrary field", func(t *testing.T) {
+			c := map[string]any{}
+			rules := rules(eq("arbitrary", "abc"))
+
+			c["arbitrary"] = "abc"
+			require.NoError(t, ai.checkClaims(c, rules))
+
+			c["arbitrary"] = "123"
+			require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"arbitrary\" must be \"abc\", but was \"123\"")
+
+			delete(c, "arbitrary")
+			require.ErrorContains(t, ai.checkClaims(c, rules), "claim rule on \"arbitrary\" couldn't be satisfied: claim not found")
+		})
+	})
+
+	t.Run("unexpected input", func(t *testing.T) {
+		c := map[string]int{}
+		rules := rules(eq("arbitrary", "abc"))
+		c["arbitrary"] = 123
+		require.ErrorContains(t, ai.checkClaims(c, rules), "unexpected incoming claims type: map[string]int")
+	})
+
+	t.Run("comparison ClaimEqual", func(t *testing.T) {
+		c := map[string]any{}
+		rules := rules(eq("arbitrary", "abc"))
+
+		c["arbitrary"] = "abc"
+		require.NoError(t, ai.checkClaims(c, rules))
+
+		c["arbitrary"] = "123"
+		require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"arbitrary\" must be \"abc\", but was \"123\"")
+
+		c["arbitrary"] = 123
+		require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"arbitrary\" must be a string, but was int")
+	})
+
+	t.Run("comparison ClaimGlob", func(t *testing.T) {
+		c := map[string]any{}
+		r := rules(glob("arbitrary", "*c"))
+
+		c["arbitrary"] = "abc"
+		require.NoError(t, ai.checkClaims(c, r))
+
+		c["arbitrary"] = "123"
+		require.ErrorContains(t, ai.checkClaims(c, r), "claim \"arbitrary\" must match glob \"*c\", but value \"123\" did not match")
+
+		c["arbitrary"] = "this string contains a c or two but doesn't end with one" // ensure glob isn't OK w/ a partial match
+		require.ErrorContains(t, ai.checkClaims(c, r), "claim \"arbitrary\" must match glob \"*c\", but value \"this string contains a c or two but doesn't end with one\" did not match")
+
+		c["arbitrary"] = 123
+		require.ErrorContains(t, ai.checkClaims(c, r), "claim \"arbitrary\" must be a string, but was int")
+
+		r = rules(glob("arbitrary", "[abc"))
+		c["arbitrary"] = "abc"
+		require.ErrorContains(t, ai.checkClaims(c, r), "unable to parse glob for claim rule on \"arbitrary\"; glob = \"[abc\", err = unexpected end of input")
+	})
+
+	t.Run("comparison ClaimNested", func(t *testing.T) {
+		c := map[string]any{}
+		r := rules(nest("nest", eq("arbitrary", "abc")))
+
+		c["nest"] = map[string]any{"arbitrary": "abc"}
+		require.NoError(t, ai.checkClaims(c, r))
+
+		c["nest"] = map[string]any{"blah": "abc"}
+		require.ErrorContains(t, ai.checkClaims(c, r), "in nested claim \"nest\": claim rule on \"arbitrary\" couldn't be satisfied: claim not found")
+
+		c["nest"] = map[string]int{"blah": 123}
+		require.ErrorContains(t, ai.checkClaims(c, r), "claim \"nest\" must be a map, but was map[string]int")
+	})
+
+	t.Run("multiple rules", func(t *testing.T) {
+		c := map[string]any{
+			"arb1": "abc",
+			"arb2": "123",
+			"arb3": "def",
+		}
+		rules := rules(
+			eq("arb1", "abc"),
+			eq("arb2", "123"),
+		)
+
+		require.NoError(t, ai.checkClaims(c, rules))
+
+		delete(c, "arb1")
+		require.ErrorContains(t, ai.checkClaims(c, rules), "\"arb1\"")
+
+		c["arb1"] = "abc"
+		delete(c, "arb2")
+		require.ErrorContains(t, ai.checkClaims(c, rules), "\"arb2\"")
+	})
+}
+
+func requireOutput[K auth.MethodOutput](t *testing.T, o auth.MethodOutput) K {
+	t.Helper()
+	k, isType := o.(K)
+	require.True(t, isType, "expected Verify output to be type %T, but was %T: %v", *new(K), o, o)
+	return k
+}
+
+func TestAuthorizedIntegration(t *testing.T) {
+	t.Run("no token", func(t *testing.T) {
+		ai := &AuthorizedIntegration{}
+		aiBasic := &AuthorizedIntegration{PermitBasic: true}
+		req := httptest.NewRequest("GET", "https://example.org", nil)
+		output := ai.Verify(req, nil, nil)
+		requireOutput[*auth.AuthenticationNotAttempted](t, output)
+		output = aiBasic.Verify(req, nil, nil)
+		requireOutput[*auth.AuthenticationNotAttempted](t, output)
+	})
+
+	t.Run("not a JWT", func(t *testing.T) {
+		ai := &AuthorizedIntegration{}
+		req := httptest.NewRequest("GET", "https://example.org", nil)
+		req.Header.Set("Authorization", "Bearer abc")
+		output := ai.Verify(req, nil, nil)
+		err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+		require.ErrorContains(t, err, "parse JWT error")
+	})
+
+	t.Run("valid Bearer JWT", func(t *testing.T) {
+		ait := newAITester(t)
+		defer ait.close()
+		output := ait.bearerRequest()
+		success := requireOutput[*auth.AuthenticationSuccess](t, output)
+		res := success.Result
+		assert.EqualValues(t, 2, res.User().ID)
+		hasScope, scope := res.Scope().Get()
+		assert.True(t, hasScope)
+		assert.Equal(t, auth_model.AccessTokenScopeAll, scope)
+		assert.Nil(t, res.Reducer())
+	})
+
+	t.Run("valid Basic JWT", func(t *testing.T) {
+		t.Run("PermitBasic", func(t *testing.T) {
+			ait := newAITester(t,
+				aiTweak(func(ai *AuthorizedIntegration) {
+					ai.PermitBasic = true
+				}))
+			defer ait.close()
+			output := ait.basicRequest()
+			requireOutput[*auth.AuthenticationSuccess](t, output)
+		})
+
+		t.Run("!PermitBasic", func(t *testing.T) {
+			ait := newAITester(t,
+				aiTweak(func(ai *AuthorizedIntegration) {
+					ai.PermitBasic = false
+				}))
+			defer ait.close()
+			output := ait.basicRequest()
+			requireOutput[*auth.AuthenticationNotAttempted](t, output)
+		})
+	})
+
+	t.Run("JWT expiry", func(t *testing.T) {
+		ait := newAITester(t,
+			claimTweak(func(rc *flexibleClaims) {
+				rc.ExpiresAt = jwt.NewNumericDate(time.Date(2026, time.January, 1, 12, 0, 0, 0, time.Local))
+			}))
+		defer ait.close()
+		output := ait.bearerRequest()
+		err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+		require.ErrorContains(t, err, "token is expired")
+	})
+
+	t.Run("JWT issued at", func(t *testing.T) {
+		ait := newAITester(t,
+			claimTweak(func(rc *flexibleClaims) {
+				rc.IssuedAt = jwt.NewNumericDate(time.Date(2027, time.January, 1, 12, 0, 0, 0, time.Local))
+			}))
+		defer ait.close()
+		output := ait.bearerRequest()
+		err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+		require.ErrorContains(t, err, "token used before issued")
+	})
+
+	t.Run("JWT not before", func(t *testing.T) {
+		ait := newAITester(t,
+			claimTweak(func(rc *flexibleClaims) {
+				rc.NotBefore = jwt.NewNumericDate(time.Date(2027, time.January, 1, 12, 0, 0, 0, time.Local))
+			}))
+		defer ait.close()
+		output := ait.bearerRequest()
+		err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+		require.ErrorContains(t, err, "token is not valid yet")
+	})
+
+	t.Run("issuer", func(t *testing.T) {
+		t.Run("missing in claim", func(t *testing.T) {
+			ait := newAITester(t,
+				claimTweak(func(rc *flexibleClaims) {
+					rc.Issuer = ""
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "invalid `iss` claim")
+		})
+
+		t.Run("mismatch DB", func(t *testing.T) {
+			ait := newAITester(t,
+				claimTweak(func(rc *flexibleClaims) {
+					rc.Issuer = "https://whoops.example.org"
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "matching authorized_integration not found")
+		})
+
+		t.Run("mismatch openid metadata", func(t *testing.T) {
+			ait := newAITester(t,
+				openIDTweak(func(oidc *openIDConfiguration, _ *AuthorizedIntegrationTester) {
+					oidc.Issuer = "https://whoops.example.org"
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "issuer mismatch")
+		})
+
+		t.Run("non-HTTPS issuer", func(t *testing.T) {
+			ait := newAITester(t,
+				aiDBTweak(func(aiDB *auth_model.AuthorizedIntegration) {
+					aiDB.Issuer = "http://whoops.example.org"
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "unsupported URL scheme: \"http://")
+		})
+
+		t.Run("signing alg values supported doesn't include in-use alg", func(t *testing.T) {
+			ait := newAITester(t,
+				openIDTweak(func(oidc *openIDConfiguration, _ *AuthorizedIntegrationTester) {
+					oidc.IDTokenSigningAlgValuesSupported = []string{"WEIRD"}
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, " issuer supports signature algorithms []string{\"WEIRD\"}, but received token with algorithm RS256")
+		})
+	})
+
+	t.Run("audience", func(t *testing.T) {
+		t.Run("missing in claim", func(t *testing.T) {
+			ait := newAITester(t,
+				claimTweak(func(rc *flexibleClaims) {
+					rc.Audience = jwt.ClaimStrings{}
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "required one and only one `aud` claim, but received 0")
+		})
+
+		t.Run("multiple in claim", func(t *testing.T) {
+			ait := newAITester(t,
+				claimTweak(func(rc *flexibleClaims) {
+					rc.Audience = jwt.ClaimStrings{"abc", "def"}
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "required one and only one `aud` claim, but received 2")
+		})
+
+		t.Run("mismatch DB", func(t *testing.T) {
+			ait := newAITester(t,
+				claimTweak(func(rc *flexibleClaims) {
+					rc.Audience = jwt.ClaimStrings{"abc"}
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "matching authorized_integration not found")
+		})
+	})
+
+	t.Run("checks claim rules", func(t *testing.T) {
+		ait := newAITester(t,
+			claimTweak(func(rc *flexibleClaims) {
+				rc.other["custom-claim"] = "oops wrong claim"
+			}))
+		defer ait.close()
+		output := ait.bearerRequest()
+		err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+		require.ErrorContains(t, err, "claim \"custom-claim\" must be \"custom-claim-value\"")
+	})
+
+	t.Run("key algorithms", func(t *testing.T) {
+		for _, alg := range jwtx.ValidAsymmetricAlgorithms {
+			t.Run(alg, func(t *testing.T) {
+				ait := newAITester(t,
+					jwtxKeyTweak(func() jwtx.SigningKey {
+						keyPath := filepath.Join(t.TempDir(), fmt.Sprintf("jwt-%s.priv", alg))
+						jwtSigningKey, err := jwtx.InitAsymmetricSigningKey(keyPath, alg)
+						require.NoError(t, err)
+						return jwtSigningKey
+					}),
+					openIDTweak(func(oidc *openIDConfiguration, _ *AuthorizedIntegrationTester) {
+						oidc.IDTokenSigningAlgValuesSupported = []string{alg}
+					}),
+				)
+				defer ait.close()
+				output := ait.bearerRequest()
+				requireOutput[*auth.AuthenticationSuccess](t, output)
+			})
+		}
+	})
+
+	t.Run("JWKS", func(t *testing.T) {
+		t.Run("jwks_uri host mismatch", func(t *testing.T) {
+			ait := newAITester(t,
+				openIDTweak(func(oidc *openIDConfiguration, ait *AuthorizedIntegrationTester) {
+					oidc.JwksURI = "https://whoops.example.org/.keys"
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "jwks_uri host mismatch: must be the same as issuer host")
+		})
+
+		t.Run("non-HTTPS JWKS address", func(t *testing.T) {
+			ait := newAITester(t,
+				openIDTweak(func(oidc *openIDConfiguration, ait *AuthorizedIntegrationTester) {
+					oidc.JwksURI = strings.ReplaceAll(ait.testServer.URL, "https://", "http://")
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "unsupported URL scheme: \"http://")
+		})
+
+		t.Run("missing key", func(t *testing.T) {
+			ait := newAITester(t,
+				jwksTweak(func(keys *openIDKeys) {
+					keys.Keys = []map[string]any{}
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "no key identified")
+		})
+
+		t.Run("alg missing", func(t *testing.T) {
+			ait := newAITester(t,
+				jwksTweak(func(keys *openIDKeys) {
+					for k := range keys.Keys {
+						delete(keys.Keys[k], "alg")
+					}
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			// per RFC7517 "alg" is optional
+			requireOutput[*auth.AuthenticationSuccess](t, output)
+		})
+
+		t.Run("alg mismatch", func(t *testing.T) {
+			ait := newAITester(t,
+				jwksTweak(func(keys *openIDKeys) {
+					for k := range keys.Keys {
+						keys.Keys[k]["alg"] = "WEIRD"
+					}
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "doesn't match expected algorithm RS256, was WEIRD")
+		})
+
+		t.Run("use missing", func(t *testing.T) {
+			ait := newAITester(t,
+				jwksTweak(func(keys *openIDKeys) {
+					for k := range keys.Keys {
+						delete(keys.Keys[k], "use")
+					}
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			// per RFC7517 "use" is optional
+			requireOutput[*auth.AuthenticationSuccess](t, output)
+		})
+
+		t.Run("use isn't 'sig'", func(t *testing.T) {
+			ait := newAITester(t,
+				jwksTweak(func(keys *openIDKeys) {
+					for k := range keys.Keys {
+						keys.Keys[k]["use"] = "enc"
+					}
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "isn't designated for signing usage, was enc")
+		})
+
+		t.Run("large JWKS document", func(t *testing.T) {
+			ait := newAITester(t,
+				jwksTweak(func(keys *openIDKeys) {
+					var keyContents map[string]any
+					for _, v := range keys.Keys {
+						keyContents = v
+					}
+					for range 128 {
+						keys.Keys = append(keys.Keys, keyContents)
+					}
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "failed to decode (response body restricted to 16384 bytes)")
+		})
+	})
+
+	t.Run("specific scopes", func(t *testing.T) {
+		ait := newAITester(t,
+			aiDBTweak(func(aiDB *auth_model.AuthorizedIntegration) {
+				aiDB.Scope = "read:repository,read:user"
+			}))
+		defer ait.close()
+		output := ait.bearerRequest()
+		success := requireOutput[*auth.AuthenticationSuccess](t, output)
+		res := success.Result
+		hasScope, scope := res.Scope().Get()
+		assert.True(t, hasScope)
+		readRepository, err := scope.HasScope(auth_model.AccessTokenScopeReadRepository)
+		require.NoError(t, err)
+		assert.True(t, readRepository, "read:repository")
+		readUser, err := scope.HasScope(auth_model.AccessTokenScopeReadUser)
+		require.NoError(t, err)
+		assert.True(t, readUser, "read:user")
+		writeAdmin, err := scope.HasScope(auth_model.AccessTokenScopeWriteAdmin)
+		require.NoError(t, err)
+		assert.False(t, writeAdmin, "write:admin")
+	})
+}
+
+type AuthorizedIntegrationTester struct {
+	t               *testing.T
+	ai              *AuthorizedIntegration
+	dbAI            *auth_model.AuthorizedIntegration
+	jwtSigningKey   jwtx.SigningKey
+	testServer      *httptest.Server
+	resetHTTPClient func()
+	tweaks          []tweak
+}
+
+func newAITester(t *testing.T, tweaks ...tweak) *AuthorizedIntegrationTester {
+	fixedTime := time.Date(2026, time.January, 1, 16, 0, 0, 0, time.Local)
+	ait := &AuthorizedIntegrationTester{
+		t: t,
+		ai: &AuthorizedIntegration{
+			fixedTime: &fixedTime,
+		},
+		tweaks: tweaks,
+	}
+	for _, tweak := range ait.tweaks {
+		if aiTweak, is := tweak.(aiTweak); is {
+			aiTweak(ait.ai)
+		}
+	}
+
+	var jwtSigningKey jwtx.SigningKey
+	for _, tweak := range ait.tweaks {
+		if jwtxKeyTweak, is := tweak.(jwtxKeyTweak); is {
+			jwtSigningKey = jwtxKeyTweak()
+		}
+	}
+	if jwtSigningKey == nil {
+		var err error
+		keyPath := filepath.Join(t.TempDir(), "jwt-rsa-2048.priv")
+		jwtSigningKey, err = jwtx.InitAsymmetricSigningKey(keyPath, "RS256")
+		require.NoError(t, err)
+	}
+	ait.jwtSigningKey = jwtSigningKey
+
+	ait.testServer = httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path == "/api/actions/.well-known/openid-configuration" {
+			retval := &openIDConfiguration{
+				Issuer:                           ait.dbAI.Issuer,
+				IDTokenSigningAlgValuesSupported: []string{"RS256"},
+				JwksURI:                          fmt.Sprintf("%s/.keys", ait.dbAI.Issuer),
+			}
+			for _, tweak := range ait.tweaks {
+				if tweak, is := tweak.(openIDTweak); is {
+					tweak(retval, ait)
+				}
+			}
+			err := json.NewEncoder(w).Encode(retval)
+			require.NoError(t, err)
+			return
+		}
+		if r.URL.Path == "/api/actions/.keys" {
+			jwk, err := ait.jwtSigningKey.ToJWK()
+			require.NoError(t, err)
+			jwk["use"] = "sig"
+			jwkMapAny := make(map[string]any, len(jwk))
+			for k, v := range jwk {
+				jwkMapAny[k] = v // convert map[string]string -> map[string]any
+			}
+			retval := &openIDKeys{
+				Keys: []map[string]any{jwkMapAny},
+			}
+			for _, tweak := range ait.tweaks {
+				if jwksTweak, is := tweak.(jwksTweak); is {
+					jwksTweak(retval)
+				}
+			}
+			_ = json.NewEncoder(w).Encode(retval) // no error checking -- some tests abort read
+			return
+		}
+		w.WriteHeader(http.StatusNotFound)
+	}))
+
+	// trust TLS cert of our mock client by inserting the test client for our test server into the global aiHTTPClient
+	ait.resetHTTPClient = test.MockVariableValue(&aiHTTPClient, ait.testServer.Client())
+	// prevent self-initialization of the HTTP client during unit testing -- this means that a real client cant' be
+	// created and aiHTTPClient will always be nil (other than when mocked), but that's fine because we don't want to do
+	// external HTTP traffic in these tests
+	initHTTPClient.Do(func() {})
+
+	ait.dbAI = &auth_model.AuthorizedIntegration{
+		UserID:   2,
+		Scope:    auth_model.AccessTokenScopeAll,
+		Issuer:   fmt.Sprintf("%s/api/actions", ait.testServer.URL),
+		Audience: fmt.Sprintf("https://forgejo.example.org/-/coolguy/authorized-integration/%s", gouuid.New().String()),
+		ClaimRules: &auth_model.ClaimRules{
+			Rules: []auth_model.ClaimRule{
+				{
+					Claim:      "custom-claim",
+					Comparison: auth_model.ClaimEqual,
+					Value:      "custom-claim-value",
+				},
+			},
+		},
+	}
+	for _, tweak := range ait.tweaks {
+		if tweak, is := tweak.(aiDBTweak); is {
+			tweak(ait.dbAI)
+		}
+	}
+	_, err := db.GetEngine(t.Context()).Insert(ait.dbAI)
+	require.NoError(t, err)
+
+	return ait
+}
+
+func (ait *AuthorizedIntegrationTester) signedJWT() string {
+	claims := flexibleClaims{
+		RegisteredClaims: jwt.RegisteredClaims{
+			Issuer:   ait.dbAI.Issuer,
+			Audience: jwt.ClaimStrings{ait.dbAI.Audience},
+		},
+		other: map[string]any{
+			"custom-claim": "custom-claim-value",
+		},
+	}
+	for _, tweak := range ait.tweaks {
+		if tweak, is := tweak.(claimTweak); is {
+			tweak(&claims)
+		}
+	}
+	signedToken, err := ait.jwtSigningKey.JWT(claims)
+	require.NoError(ait.t, err)
+	return signedToken
+}
+
+func (ait *AuthorizedIntegrationTester) bearerRequest() auth.MethodOutput {
+	signedToken := ait.signedJWT()
+	req := httptest.NewRequest("GET", "https://forgejo.example.org", nil)
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", signedToken))
+	return ait.ai.Verify(req, nil, nil)
+}
+
+func (ait *AuthorizedIntegrationTester) basicRequest() auth.MethodOutput {
+	signedToken := ait.signedJWT()
+	req := httptest.NewRequest("GET", "https://forgejo.example.org", nil)
+	req.SetBasicAuth("", signedToken)
+	return ait.ai.Verify(req, nil, nil)
+}
+
+func (ait *AuthorizedIntegrationTester) close() {
+	ait.resetHTTPClient()
+	ait.testServer.Close()
+}
+
+type tweak any
+
+type claimTweak func(*flexibleClaims)
+
+type aiTweak func(*AuthorizedIntegration)
+
+type openIDTweak func(*openIDConfiguration, *AuthorizedIntegrationTester)
+
+type jwksTweak func(*openIDKeys)
+
+type aiDBTweak func(*auth_model.AuthorizedIntegration)
+
+type jwtxKeyTweak func() jwtx.SigningKey

From c9d8682f9037fbeb3f322718d8731c5e72906ef6 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 26 Apr 2026 22:06:16 +0200
Subject: [PATCH 739/854] test: add API integration testing for authorized
 integration authentication (#12266)

Built on #12261; one commit added.

Adds an integration test verifying that access to the API can be authenticated by an authorized integration.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12266
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 .deadcode-out                                 |  3 +
 .../auth/method/authorized_integration.go     | 10 +-
 .../auth_authorized_integration_test.go       | 53 ++++++++++
 tests/integration/integration_test.go         | 99 +++++++++++++++++++
 4 files changed, 162 insertions(+), 3 deletions(-)
 create mode 100644 tests/integration/auth_authorized_integration_test.go

diff --git a/.deadcode-out b/.deadcode-out
index b70be3e800..b8c236daf6 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -222,6 +222,9 @@ forgejo.org/modules/zstd
 forgejo.org/routers/web/org
 	MustEnableProjects
 
+forgejo.org/services/auth/method
+	OverrideAuthorizedIntegrationHTTPClient
+
 forgejo.org/services/context
 	GetPrivateContext
 
diff --git a/services/auth/method/authorized_integration.go b/services/auth/method/authorized_integration.go
index 2f29d406e3..60e210ee1c 100644
--- a/services/auth/method/authorized_integration.go
+++ b/services/auth/method/authorized_integration.go
@@ -35,6 +35,12 @@ var (
 	initHTTPClient sync.Once
 
 	errParseInternalServer = errors.New("internal server error")
+
+	// Allow mocking / overridding during tests:
+	GetAuthorizedIntegrationHTTPClient = func() *http.Client {
+		initHTTPClient.Do(initAuthorizedIntegrationHTTPClient)
+		return aiHTTPClient
+	}
 )
 
 // Restrict document size to prevent resource exhaustion attack with a malicious authorized integration; largest
@@ -247,9 +253,7 @@ func (a *AuthorizedIntegration) fetchJSON(urlString string, v any) error {
 		return fmt.Errorf("unsupported URL scheme: %q", parsedURL.String())
 	}
 
-	initHTTPClient.Do(initAuthorizedIntegrationHTTPClient)
-
-	resp, err := aiHTTPClient.Get(parsedURL.String())
+	resp, err := GetAuthorizedIntegrationHTTPClient().Get(parsedURL.String())
 	if err != nil {
 		return err
 	}
diff --git a/tests/integration/auth_authorized_integration_test.go b/tests/integration/auth_authorized_integration_test.go
new file mode 100644
index 0000000000..36fefe7cf9
--- /dev/null
+++ b/tests/integration/auth_authorized_integration_test.go
@@ -0,0 +1,53 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"net/http"
+	"testing"
+
+	auth_model "forgejo.org/models/auth"
+	api "forgejo.org/modules/structs"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAPIAuthWithAuthorizedIntegration(t *testing.T) {
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		ait := newAITester(t)
+		defer ait.close()
+		token := ait.signedJWT()
+
+		req := NewRequest(t, "GET", "/api/v1/user").AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusOK)
+		var user api.User
+		DecodeJSON(t, resp, &user)
+		assert.Equal(t, "user2", user.LoginName)
+
+		req = NewRequest(t, "GET", "/api/v1/repos/user2/repo1").AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusOK)
+	})
+
+	t.Run("scope-limited access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		ait := newAITester(t, func(ai *auth_model.AuthorizedIntegration) {
+			ai.Scope = auth_model.AccessTokenScopeReadUser
+		})
+		defer ait.close()
+		token := ait.signedJWT()
+
+		req := NewRequest(t, "GET", "/api/v1/user").AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusOK)
+		var user api.User
+		DecodeJSON(t, resp, &user)
+		assert.Equal(t, "user2", user.LoginName)
+
+		req = NewRequest(t, "GET", "/api/v1/repos/user2/repo1").AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusForbidden)
+	})
+}
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index 6cde9be4df..ecd7d86073 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -33,13 +33,16 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/graceful"
 	"forgejo.org/modules/json"
+	"forgejo.org/modules/jwtx"
 	"forgejo.org/modules/keying"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
 	"forgejo.org/modules/testlogger"
 	"forgejo.org/modules/util"
 	"forgejo.org/modules/web"
 	"forgejo.org/routers"
+	auth_method "forgejo.org/services/auth/method"
 	"forgejo.org/services/auth/source/remote"
 	app_context "forgejo.org/services/context"
 	"forgejo.org/services/mailer"
@@ -47,6 +50,8 @@ import (
 	"forgejo.org/tests"
 
 	"github.com/PuerkitoBio/goquery"
+	"github.com/golang-jwt/jwt/v5"
+	gouuid "github.com/google/uuid"
 	"github.com/markbates/goth"
 	"github.com/markbates/goth/gothic"
 	goth_github "github.com/markbates/goth/providers/github"
@@ -779,3 +784,97 @@ func SortMailerMessages(msgs []*mailer.Message) {
 		return strings.Compare(b.To, a.To)
 	})
 }
+
+type AuthorizedIntegrationTester struct {
+	t                       *testing.T
+	authorizedIntegration   *auth.AuthorizedIntegration
+	jwtSigningKey           jwtx.SigningKey
+	testServer              *httptest.Server
+	resetHTTPClient         func()
+	resetAllowLocalNetworks func()
+}
+
+func newAITester(t *testing.T, setupAI ...func(*auth.AuthorizedIntegration)) *AuthorizedIntegrationTester {
+	ait := &AuthorizedIntegrationTester{
+		t: t,
+	}
+
+	var jwtSigningKey jwtx.SigningKey
+	keyPath := filepath.Join(t.TempDir(), "jwt-rsa-2048.priv")
+	jwtSigningKey, err := jwtx.InitAsymmetricSigningKey(keyPath, "RS256")
+	require.NoError(t, err)
+	ait.jwtSigningKey = jwtSigningKey
+
+	ait.testServer = httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.URL.Path == "/api/actions/.well-known/openid-configuration" {
+			retval := map[string]any{
+				"issuer":                                ait.authorizedIntegration.Issuer,
+				"jwks_uri":                              fmt.Sprintf("%s/.keys", ait.authorizedIntegration.Issuer),
+				"id_token_signing_alg_values_supported": []string{"RS256"},
+			}
+			err := json.NewEncoder(w).Encode(retval)
+			require.NoError(t, err)
+			return
+		}
+		if r.URL.Path == "/api/actions/.keys" {
+			jwk, err := ait.jwtSigningKey.ToJWK()
+			require.NoError(t, err)
+			jwk["use"] = "sig"
+			retval := map[string]any{
+				"keys": []map[string]string{jwk},
+			}
+			_ = json.NewEncoder(w).Encode(retval) // no error checking -- some tests abort read
+			return
+		}
+		w.WriteHeader(http.StatusNotFound)
+	}))
+
+	// trust TLS cert of our NewTLSServer  by inserting the test client for our test server in as the HTTP client to use
+	ait.resetHTTPClient = test.MockVariableValue(
+		&auth_method.GetAuthorizedIntegrationHTTPClient,
+		func() *http.Client {
+			return ait.testServer.Client()
+		})
+
+	ait.authorizedIntegration = &auth.AuthorizedIntegration{
+		UserID:   2,
+		Scope:    auth.AccessTokenScopeAll,
+		Issuer:   fmt.Sprintf("%s/api/actions", ait.testServer.URL),
+		Audience: fmt.Sprintf("https://forgejo.example.org/-/coolguy/authorized-integration/%s", gouuid.New().String()),
+		ClaimRules: &auth.ClaimRules{
+			Rules: []auth.ClaimRule{
+				{
+					Claim:      "custom-claim",
+					Comparison: auth.ClaimEqual,
+					Value:      "custom-claim-value",
+				},
+			},
+		},
+	}
+	for _, setup := range setupAI {
+		setup(ait.authorizedIntegration)
+	}
+	_, err = db.GetEngine(t.Context()).Insert(ait.authorizedIntegration)
+	require.NoError(t, err)
+
+	ait.resetAllowLocalNetworks = test.MockVariableValue(&setting.AuthorizedIntegration.AllowLocalNetworks, true)
+
+	return ait
+}
+
+func (ait *AuthorizedIntegrationTester) signedJWT() string {
+	claims := jwt.MapClaims{
+		"iss":          ait.authorizedIntegration.Issuer,
+		"aud":          ait.authorizedIntegration.Audience,
+		"custom-claim": "custom-claim-value",
+	}
+	signedToken, err := ait.jwtSigningKey.JWT(claims)
+	require.NoError(ait.t, err)
+	return signedToken
+}
+
+func (ait *AuthorizedIntegrationTester) close() {
+	ait.resetAllowLocalNetworks()
+	ait.resetHTTPClient()
+	ait.testServer.Close()
+}

From 900306e65a5f04965aa1feab13d31bd141ecb120 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 26 Apr 2026 23:54:41 +0200
Subject: [PATCH 740/854] feat: add repo-specific & public-only authz reducers
 to authorized integrations (#12267)

Built on #12266; one commit added.

Adds the ability to reduce the authorization scope of an authorized integration to public-only resources and repo-specific resources.  Backend only -- no frontend created yet.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12267
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 .../authorized_integ_resource_repo.yml        |  9 +++
 .../authorized_integration.yml                |  9 +++
 models/auth/access_token_resource.go          |  4 +
 .../authorized_integration_resource_repo.go   | 17 +++++
 ...thorized_integration_resource_repo_test.go | 40 ++++++++++
 .../auth_result_authorized_integration.go     | 10 ++-
 .../auth/method/authorized_integration.go     | 12 ++-
 .../method/authorized_integration_test.go     |  2 +-
 .../authorized_integ_resource_repo.yml        |  5 ++
 .../authorized_integration.yml                | 35 +++++++++
 services/authz/access_token.go                |  7 +-
 services/authz/access_token_test.go           |  2 +-
 services/authz/authorized_integration.go      | 33 +++++++++
 services/authz/authorized_integration_test.go | 46 ++++++++++++
 services/authz/specific_repos_reducer.go      | 11 ++-
 services/authz/specific_repos_reducer_test.go |  6 +-
 .../auth_authorized_integration_test.go       | 73 ++++++++++++++++++-
 tests/integration/integration_test.go         |  1 +
 18 files changed, 305 insertions(+), 17 deletions(-)
 create mode 100644 models/auth/TestGetRepositoriesAccessibleWithIntegration/authorized_integ_resource_repo.yml
 create mode 100644 models/auth/TestGetRepositoriesAccessibleWithIntegration/authorized_integration.yml
 create mode 100644 models/auth/authorized_integration_resource_repo_test.go
 create mode 100644 services/authz/TestGetAuthorizationReducerForAuthorizedIntegration/authorized_integ_resource_repo.yml
 create mode 100644 services/authz/TestGetAuthorizationReducerForAuthorizedIntegration/authorized_integration.yml
 create mode 100644 services/authz/authorized_integration.go
 create mode 100644 services/authz/authorized_integration_test.go

diff --git a/models/auth/TestGetRepositoriesAccessibleWithIntegration/authorized_integ_resource_repo.yml b/models/auth/TestGetRepositoriesAccessibleWithIntegration/authorized_integ_resource_repo.yml
new file mode 100644
index 0000000000..5e0ccf1130
--- /dev/null
+++ b/models/auth/TestGetRepositoriesAccessibleWithIntegration/authorized_integ_resource_repo.yml
@@ -0,0 +1,9 @@
+- integ_id: 1
+  repo_id: 1
+  created_unix: 1772158384
+- integ_id: 1
+  repo_id: 2
+  created_unix: 1772158384
+- integ_id: 1
+  repo_id: 3
+  created_unix: 1772158384
diff --git a/models/auth/TestGetRepositoriesAccessibleWithIntegration/authorized_integration.yml b/models/auth/TestGetRepositoriesAccessibleWithIntegration/authorized_integration.yml
new file mode 100644
index 0000000000..18e5e68054
--- /dev/null
+++ b/models/auth/TestGetRepositoriesAccessibleWithIntegration/authorized_integration.yml
@@ -0,0 +1,9 @@
+- id: 1
+  user_id: 2
+  scope: all
+  resource_all_repos: false
+  issuer: https://example.org/
+  audience: https://forgejo.example.org/-/user/integration/abcdef123
+  claim_rules: "{}"
+  created_unix: 1777153359
+  updated_unix: 1777153359
diff --git a/models/auth/access_token_resource.go b/models/auth/access_token_resource.go
index bf98c52b69..85978dd131 100644
--- a/models/auth/access_token_resource.go
+++ b/models/auth/access_token_resource.go
@@ -24,6 +24,10 @@ func init() {
 	db.RegisterModel(new(AccessTokenResourceRepo))
 }
 
+func (atr *AccessTokenResourceRepo) GetTargetRepoID() int64 {
+	return atr.RepoID
+}
+
 func GetRepositoriesAccessibleWithToken(ctx context.Context, accessTokenID int64) ([]*AccessTokenResourceRepo, error) {
 	var resources []*AccessTokenResourceRepo
 	err := db.GetEngine(ctx).
diff --git a/models/auth/authorized_integration_resource_repo.go b/models/auth/authorized_integration_resource_repo.go
index 98960b5c8a..9c48d16f98 100644
--- a/models/auth/authorized_integration_resource_repo.go
+++ b/models/auth/authorized_integration_resource_repo.go
@@ -4,6 +4,8 @@
 package auth
 
 import (
+	"context"
+
 	"forgejo.org/models/db"
 	"forgejo.org/modules/timeutil"
 )
@@ -25,3 +27,18 @@ type AuthorizedIntegResourceRepo struct {
 func init() {
 	db.RegisterModel(new(AuthorizedIntegResourceRepo))
 }
+
+func (air *AuthorizedIntegResourceRepo) GetTargetRepoID() int64 {
+	return air.RepoID
+}
+
+func GetRepositoriesAccessibleWithIntegration(ctx context.Context, aiID int64) ([]*AuthorizedIntegResourceRepo, error) {
+	var resources []*AuthorizedIntegResourceRepo
+	err := db.GetEngine(ctx).
+		Where("integ_id = ?", aiID).
+		Find(&resources)
+	if err != nil {
+		return nil, err
+	}
+	return resources, nil
+}
diff --git a/models/auth/authorized_integration_resource_repo_test.go b/models/auth/authorized_integration_resource_repo_test.go
new file mode 100644
index 0000000000..853cddb828
--- /dev/null
+++ b/models/auth/authorized_integration_resource_repo_test.go
@@ -0,0 +1,40 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package auth_test
+
+import (
+	"testing"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGetRepositoriesAccessibleWithIntegration(t *testing.T) {
+	defer unittest.OverrideFixtures("models/auth/TestGetRepositoriesAccessibleWithIntegration")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("No Resources", func(t *testing.T) {
+		resources, err := auth_model.GetRepositoriesAccessibleWithIntegration(t.Context(), 999)
+		require.NoError(t, err)
+		assert.Empty(t, resources)
+	})
+
+	t.Run("Has Resources", func(t *testing.T) {
+		resources, err := auth_model.GetRepositoriesAccessibleWithIntegration(t.Context(), 1)
+		require.NoError(t, err)
+		require.Len(t, resources, 3)
+
+		// Verify all expected repo IDs are present
+		repoIDs := make([]int64, len(resources))
+		for i, res := range resources {
+			repoIDs[i] = res.RepoID
+		}
+		assert.Contains(t, repoIDs, int64(1))
+		assert.Contains(t, repoIDs, int64(2))
+		assert.Contains(t, repoIDs, int64(3))
+	})
+}
diff --git a/services/auth/method/auth_result_authorized_integration.go b/services/auth/method/auth_result_authorized_integration.go
index 6868b4848f..55efa95d18 100644
--- a/services/auth/method/auth_result_authorized_integration.go
+++ b/services/auth/method/auth_result_authorized_integration.go
@@ -8,14 +8,16 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/optional"
 	"forgejo.org/services/auth"
+	"forgejo.org/services/authz"
 )
 
 var _ auth.AuthenticationResult = &authorizedIntegrationAuthenticationResult{}
 
 type authorizedIntegrationAuthenticationResult struct {
 	*auth.BaseAuthenticationResult
-	user  *user_model.User
-	scope auth_model.AccessTokenScope
+	user    *user_model.User
+	scope   auth_model.AccessTokenScope
+	reducer authz.AuthorizationReducer
 }
 
 func (r *authorizedIntegrationAuthenticationResult) User() *user_model.User {
@@ -25,3 +27,7 @@ func (r *authorizedIntegrationAuthenticationResult) User() *user_model.User {
 func (r *authorizedIntegrationAuthenticationResult) Scope() optional.Option[auth_model.AccessTokenScope] {
 	return optional.Some(r.scope)
 }
+
+func (r *authorizedIntegrationAuthenticationResult) Reducer() authz.AuthorizationReducer {
+	return r.reducer
+}
diff --git a/services/auth/method/authorized_integration.go b/services/auth/method/authorized_integration.go
index 60e210ee1c..000383d8c5 100644
--- a/services/auth/method/authorized_integration.go
+++ b/services/auth/method/authorized_integration.go
@@ -23,6 +23,7 @@ import (
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/util"
 	"forgejo.org/services/auth"
+	"forgejo.org/services/authz"
 
 	"github.com/gobwas/glob"
 	"github.com/golang-jwt/jwt/v5"
@@ -204,11 +205,16 @@ func (a *AuthorizedIntegration) Verify(req *http.Request, w http.ResponseWriter,
 		log.Error("UpdateLastUsed:  %v", err)
 	}
 
+	reducer, err := authz.GetAuthorizationReducerForAuthorizedIntegration(req.Context(), authorizedIntegration)
+	if err != nil {
+		return &auth.AuthenticationError{Error: fmt.Errorf("authorized integration GetAuthorizationReducerForAuthorizedIntegration: %w", err)}
+	}
+
 	return &auth.AuthenticationSuccess{
 		Result: &authorizedIntegrationAuthenticationResult{
-			user:  u,
-			scope: authorizedIntegration.Scope,
-			// TODO: add repo-specific access with an authz reducer
+			user:    u,
+			scope:   authorizedIntegration.Scope,
+			reducer: reducer,
 		},
 	}
 }
diff --git a/services/auth/method/authorized_integration_test.go b/services/auth/method/authorized_integration_test.go
index 46048573ad..f2afbd3896 100644
--- a/services/auth/method/authorized_integration_test.go
+++ b/services/auth/method/authorized_integration_test.go
@@ -250,7 +250,7 @@ func TestAuthorizedIntegration(t *testing.T) {
 		hasScope, scope := res.Scope().Get()
 		assert.True(t, hasScope)
 		assert.Equal(t, auth_model.AccessTokenScopeAll, scope)
-		assert.Nil(t, res.Reducer())
+		assert.NotNil(t, res.Reducer())
 	})
 
 	t.Run("valid Basic JWT", func(t *testing.T) {
diff --git a/services/authz/TestGetAuthorizationReducerForAuthorizedIntegration/authorized_integ_resource_repo.yml b/services/authz/TestGetAuthorizationReducerForAuthorizedIntegration/authorized_integ_resource_repo.yml
new file mode 100644
index 0000000000..d5d55d1d67
--- /dev/null
+++ b/services/authz/TestGetAuthorizationReducerForAuthorizedIntegration/authorized_integ_resource_repo.yml
@@ -0,0 +1,5 @@
+-
+  id: 1
+  integ_id: 7
+  repo_id: 1
+  created_unix: 1772158384
diff --git a/services/authz/TestGetAuthorizationReducerForAuthorizedIntegration/authorized_integration.yml b/services/authz/TestGetAuthorizationReducerForAuthorizedIntegration/authorized_integration.yml
new file mode 100644
index 0000000000..7c173e5ea6
--- /dev/null
+++ b/services/authz/TestGetAuthorizationReducerForAuthorizedIntegration/authorized_integration.yml
@@ -0,0 +1,35 @@
+# all access
+-
+  id: 5
+  user_id: 2
+  scope: all
+  resource_all_repos: true
+  issuer: https://example.org/
+  audience: https://forgejo.example.org/-/user/integration/abcdef123
+  claim_rules: "{}"
+  created_unix: 1777153359
+  updated_unix: 1777153359
+
+# public-only
+-
+  id: 6
+  user_id: 2
+  scope: public-only,read:activitypub
+  resource_all_repos: true
+  issuer: https://example.org/
+  audience: https://forgejo.example.org/-/user/integration/abcdef1234
+  claim_rules: "{}"
+  created_unix: 1777153359
+  updated_unix: 1777153359
+
+# repo-specific
+-
+  id: 7
+  user_id: 2
+  scope: all
+  resource_all_repos: false
+  issuer: https://example.org/
+  audience: https://forgejo.example.org/-/user/integration/abcdef1235
+  claim_rules: "{}"
+  created_unix: 1777153359
+  updated_unix: 1777153359
diff --git a/services/authz/access_token.go b/services/authz/access_token.go
index 207fdd6546..1660881dab 100644
--- a/services/authz/access_token.go
+++ b/services/authz/access_token.go
@@ -25,7 +25,12 @@ func GetAuthorizationReducerForAccessToken(ctx context.Context, token *auth_mode
 	if err != nil {
 		return nil, fmt.Errorf("GetRepositoriesAccessibleWithToken: %w", err)
 	}
-	return &SpecificReposAuthorizationReducer{resourceRepos: repos}, nil
+	// Cast slice into []RepoGetter
+	iface := make([]RepoGetter, len(repos))
+	for i, r := range repos {
+		iface[i] = r
+	}
+	return &SpecificReposAuthorizationReducer{resourceRepos: iface}, nil
 }
 
 // A locale lookup string for the error -- eg. `access_token.error.invalid_something`
diff --git a/services/authz/access_token_test.go b/services/authz/access_token_test.go
index 8219e2a057..2e4d9e4453 100644
--- a/services/authz/access_token_test.go
+++ b/services/authz/access_token_test.go
@@ -42,7 +42,7 @@ func TestGetAuthorizationReducerForAccessToken(t *testing.T) {
 		require.NotNil(t, specific)
 
 		require.Len(t, specific.resourceRepos, 1)
-		assert.EqualValues(t, 1, specific.resourceRepos[0].RepoID)
+		assert.EqualValues(t, 1, specific.resourceRepos[0].GetTargetRepoID())
 	})
 }
 
diff --git a/services/authz/authorized_integration.go b/services/authz/authorized_integration.go
new file mode 100644
index 0000000000..c463c0aeca
--- /dev/null
+++ b/services/authz/authorized_integration.go
@@ -0,0 +1,33 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"context"
+	"fmt"
+
+	auth_model "forgejo.org/models/auth"
+)
+
+func GetAuthorizationReducerForAuthorizedIntegration(ctx context.Context, ai *auth_model.AuthorizedIntegration) (AuthorizationReducer, error) {
+	if ai.ResourceAllRepos {
+		if publicOnly, err := ai.Scope.PublicOnly(); err != nil {
+			return nil, fmt.Errorf("PublicOnly: %w", err)
+		} else if publicOnly {
+			return &PublicReposAuthorizationReducer{}, nil
+		}
+		return &AllAccessAuthorizationReducer{}, nil
+	}
+
+	repos, err := auth_model.GetRepositoriesAccessibleWithIntegration(ctx, ai.ID)
+	if err != nil {
+		return nil, fmt.Errorf("GetRepositoriesAccessibleWithIntegration: %w", err)
+	}
+	// Cast slice into []RepoGetter
+	iface := make([]RepoGetter, len(repos))
+	for i, r := range repos {
+		iface[i] = r
+	}
+	return &SpecificReposAuthorizationReducer{resourceRepos: iface}, nil
+}
diff --git a/services/authz/authorized_integration_test.go b/services/authz/authorized_integration_test.go
new file mode 100644
index 0000000000..fe3ec697a4
--- /dev/null
+++ b/services/authz/authorized_integration_test.go
@@ -0,0 +1,46 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package authz
+
+import (
+	"testing"
+
+	"forgejo.org/models/auth"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGetAuthorizationReducerForAuthorizedIntegration(t *testing.T) {
+	defer unittest.OverrideFixtures("services/authz/TestGetAuthorizationReducerForAuthorizedIntegration")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("all access", func(t *testing.T) {
+		token := unittest.AssertExistsAndLoadBean(t, &auth.AuthorizedIntegration{ID: 5})
+		reducer, err := GetAuthorizationReducerForAuthorizedIntegration(t.Context(), token)
+		require.NoError(t, err)
+		assert.IsType(t, &AllAccessAuthorizationReducer{}, reducer)
+	})
+
+	t.Run("public resources only", func(t *testing.T) {
+		token := unittest.AssertExistsAndLoadBean(t, &auth.AuthorizedIntegration{ID: 6})
+		reducer, err := GetAuthorizationReducerForAuthorizedIntegration(t.Context(), token)
+		require.NoError(t, err)
+		assert.IsType(t, &PublicReposAuthorizationReducer{}, reducer)
+	})
+
+	t.Run("specific repos only", func(t *testing.T) {
+		token := unittest.AssertExistsAndLoadBean(t, &auth.AuthorizedIntegration{ID: 7})
+		reducer, err := GetAuthorizationReducerForAuthorizedIntegration(t.Context(), token)
+		require.NoError(t, err)
+
+		specific, ok := reducer.(*SpecificReposAuthorizationReducer)
+		require.True(t, ok)
+		require.NotNil(t, specific)
+
+		require.Len(t, specific.resourceRepos, 1)
+		assert.EqualValues(t, 1, specific.resourceRepos[0].GetTargetRepoID())
+	})
+}
diff --git a/services/authz/specific_repos_reducer.go b/services/authz/specific_repos_reducer.go
index dd085189af..b4e97f2a6b 100644
--- a/services/authz/specific_repos_reducer.go
+++ b/services/authz/specific_repos_reducer.go
@@ -7,7 +7,6 @@ import (
 	"context"
 	"fmt"
 
-	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/perm"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/modules/structs"
@@ -19,12 +18,16 @@ import (
 // repositories that aren't listed among the specific repos, read-only access is permitted.  For all other repos, no
 // access is permitted.
 type SpecificReposAuthorizationReducer struct {
-	resourceRepos []*auth_model.AccessTokenResourceRepo
+	resourceRepos []RepoGetter
+}
+
+type RepoGetter interface {
+	GetTargetRepoID() int64
 }
 
 func (r *SpecificReposAuthorizationReducer) ReduceRepoAccess(ctx context.Context, repo *repo_model.Repository, accessMode perm.AccessMode) (perm.AccessMode, error) {
 	for _, tokenRepo := range r.resourceRepos {
-		if tokenRepo.RepoID == repo.ID {
+		if tokenRepo.GetTargetRepoID() == repo.ID {
 			// No restrictions as this repo is within the scope of the access token.
 			return accessMode, nil
 		}
@@ -47,7 +50,7 @@ func (r *SpecificReposAuthorizationReducer) ReduceRepoAccess(ctx context.Context
 func (r *SpecificReposAuthorizationReducer) RepoReadAccessFilter() builder.Cond {
 	repoIDs := make([]int64, len(r.resourceRepos))
 	for i, tokenRepo := range r.resourceRepos {
-		repoIDs[i] = tokenRepo.RepoID
+		repoIDs[i] = tokenRepo.GetTargetRepoID()
 	}
 	targetRepos := builder.In("repository.id", repoIDs)
 
diff --git a/services/authz/specific_repos_reducer_test.go b/services/authz/specific_repos_reducer_test.go
index 5db65eeca4..a7bd1545b0 100644
--- a/services/authz/specific_repos_reducer_test.go
+++ b/services/authz/specific_repos_reducer_test.go
@@ -20,11 +20,11 @@ func TestSpecificReposAuthorizationReducer(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 
 	reducer := &SpecificReposAuthorizationReducer{
-		resourceRepos: []*auth.AccessTokenResourceRepo{
-			{
+		resourceRepos: []RepoGetter{
+			&auth.AccessTokenResourceRepo{
 				RepoID: 1,
 			},
-			{
+			&auth.AccessTokenResourceRepo{
 				RepoID: 2,
 			},
 		},
diff --git a/tests/integration/auth_authorized_integration_test.go b/tests/integration/auth_authorized_integration_test.go
index 36fefe7cf9..668abc2630 100644
--- a/tests/integration/auth_authorized_integration_test.go
+++ b/tests/integration/auth_authorized_integration_test.go
@@ -4,18 +4,23 @@
 package integration
 
 import (
+	"fmt"
 	"net/http"
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestAPIAuthWithAuthorizedIntegration(t *testing.T) {
-	t.Run("all access token", func(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("all access authorized integration", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 
 		ait := newAITester(t)
@@ -32,7 +37,7 @@ func TestAPIAuthWithAuthorizedIntegration(t *testing.T) {
 		MakeRequest(t, req, http.StatusOK)
 	})
 
-	t.Run("scope-limited access token", func(t *testing.T) {
+	t.Run("scope-limited authorized integration", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 
 		ait := newAITester(t, func(ai *auth_model.AuthorizedIntegration) {
@@ -50,4 +55,68 @@ func TestAPIAuthWithAuthorizedIntegration(t *testing.T) {
 		req = NewRequest(t, "GET", "/api/v1/repos/user2/repo1").AddTokenAuth(token)
 		MakeRequest(t, req, http.StatusForbidden)
 	})
+
+	// Clone of TestAPICompareCommitsAccessTokenResources, but using an authorized integration rather than an access
+	// token, to test its application of an authorization reducer for public-only and repo-specific access. Any API test
+	// that uses repo-specific tokens could serve as a test here; this one is just relatively simple and succinct for
+	// the number of things being tested.
+	t.Run("authorization reducer", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// Using the compare API, will be testing that the base repo's security checks implement fine-grained access
+		// controls (and baselines with all and public-only).
+		testCase := func(t *testing.T, repo, token string, expectedStatus int) {
+			req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/repos/%s/compare/master...master", repo)).AddTokenAuth(token)
+			MakeRequest(t, req, expectedStatus)
+		}
+
+		t.Run("all access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			ait := newAITester(t, func(ai *auth_model.AuthorizedIntegration) {
+				ai.Scope = auth_model.AccessTokenScopeReadRepository
+			})
+			defer ait.close()
+			allToken := ait.signedJWT()
+
+			testCase(t, "user2/repo1", allToken, http.StatusOK)  // public user2/repo1
+			testCase(t, "org3/repo3", allToken, http.StatusOK)   // private org3/repo3
+			testCase(t, "user2/repo20", allToken, http.StatusOK) // private user2/repo20
+		})
+
+		t.Run("public-only access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			ait := newAITester(t, func(ai *auth_model.AuthorizedIntegration) {
+				ai.Scope = auth_model.AccessTokenScope(fmt.Sprintf("%s,%s", auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadRepository))
+			})
+			defer ait.close()
+			publicOnlyToken := ait.signedJWT()
+
+			testCase(t, "user2/repo1", publicOnlyToken, http.StatusOK)        // public user2/repo1
+			testCase(t, "org3/repo3", publicOnlyToken, http.StatusNotFound)   // private org3/repo3
+			testCase(t, "user2/repo20", publicOnlyToken, http.StatusNotFound) // private user2/repo20
+		})
+
+		t.Run("specific repo access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			ait := newAITester(t, func(ai *auth_model.AuthorizedIntegration) {
+				ai.Scope = auth_model.AccessTokenScopeReadRepository
+				ai.ResourceAllRepos = false
+			})
+			defer ait.close()
+
+			_, err := db.GetEngine(t.Context()).Insert(&auth_model.AuthorizedIntegResourceRepo{
+				IntegID: ait.authorizedIntegration.ID,
+				RepoID:  3,
+			})
+			require.NoError(t, err)
+			repo3OnlyToken := ait.signedJWT()
+
+			testCase(t, "user2/repo1", repo3OnlyToken, http.StatusOK)        // public user2/repo1
+			testCase(t, "org3/repo3", repo3OnlyToken, http.StatusOK)         // private org3/repo3
+			testCase(t, "user2/repo20", repo3OnlyToken, http.StatusNotFound) // private user2/repo20, outside of fine-grain
+		})
+	})
 }
diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index ecd7d86073..c8bbaa9b2c 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -850,6 +850,7 @@ func newAITester(t *testing.T, setupAI ...func(*auth.AuthorizedIntegration)) *Au
 				},
 			},
 		},
+		ResourceAllRepos: true,
 	}
 	for _, setup := range setupAI {
 		setup(ait.authorizedIntegration)

From 94ef440a1c01745ad0bb1966df11596477efebd2 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 27 Apr 2026 02:09:29 +0200
Subject: [PATCH 741/854] Lock file maintenance (forgejo) (#12279)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Update | Change |
|---|---|
| lockFileMaintenance | All locks refreshed |

🔧 This Pull Request updates lock files to use the latest dependency versions.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM, only on Monday (`* 0-3 * * 1`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMzkuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS42IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12279
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 package-lock.json                  | 298 ++++++++++++++---------------
 web_src/fomantic/package-lock.json |  24 +--
 2 files changed, 161 insertions(+), 161 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 4fa5e76198..aecd83767d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -942,9 +942,9 @@
       }
     },
     "node_modules/@emnapi/core": {
-      "version": "1.9.2",
-      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.9.2.tgz",
-      "integrity": "sha512-UC+ZhH3XtczQYfOlu3lNEkdW/p4dsJ1r/bP7H8+rhao3TTTMO1ATq/4DdIi23XuGoFY+Cz0JmCbdVl0hz9jZcA==",
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.10.0.tgz",
+      "integrity": "sha512-yq6OkJ4p82CAfPl0u9mQebQHKPJkY7WrIuk205cTYnYe+k2Z8YBh11FrbRG/H6ihirqcacOgl2BIO8oyMQLeXw==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -954,9 +954,9 @@
       }
     },
     "node_modules/@emnapi/runtime": {
-      "version": "1.9.2",
-      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.9.2.tgz",
-      "integrity": "sha512-3U4+MIWHImeyu1wnmVygh5WlgfYDtyf0k8AbLhMFxOipihf6nrWC4syIm/SwEeec0mNSafiiNnMJwbza/Is6Lw==",
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.10.0.tgz",
+      "integrity": "sha512-ewvYlk86xUoGI0zQRNq/mC+16R1QeDlKQy21Ki3oSYXNgLb45GV1P6A0M+/s6nyCuNDqe5VpaY84BzXGwVbwFA==",
       "dev": true,
       "license": "MIT",
       "optional": true,
@@ -1550,9 +1550,9 @@
       }
     },
     "node_modules/@eslint/eslintrc/node_modules/ajv": {
-      "version": "6.14.0",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
-      "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==",
+      "version": "6.15.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
+      "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -1781,14 +1781,14 @@
       "license": "MIT"
     },
     "node_modules/@iconify/utils": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/@iconify/utils/-/utils-3.1.0.tgz",
-      "integrity": "sha512-Zlzem1ZXhI1iHeeERabLNzBHdOa4VhQbqAcOQaMKuTuyZCpwKbC2R4Dd0Zo3g9EAc+Y4fiarO8HIHRAth7+skw==",
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/@iconify/utils/-/utils-3.1.1.tgz",
+      "integrity": "sha512-MwzoDtw9rO1x+qfgLTV/IVXsHDBqeYZoMIQC8SfxfYSlaSUG+oWiAcoiB1yajAda6mqblm4/1/w2E8tRu7a7Tw==",
       "license": "MIT",
       "dependencies": {
         "@antfu/install-pkg": "^1.1.0",
         "@iconify/types": "^2.0.0",
-        "mlly": "^1.8.0"
+        "mlly": "^1.8.2"
       }
     },
     "node_modules/@img/colour": {
@@ -2891,9 +2891,9 @@
       "license": "MIT"
     },
     "node_modules/@oxc-project/types": {
-      "version": "0.124.0",
-      "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.124.0.tgz",
-      "integrity": "sha512-VBFWMTBvHxS11Z5Lvlr3IWgrwhMTXV+Md+EQF0Xf60+wAdsGFTBx7X7K/hP4pi8N7dcm1RvcHwDxZ16Qx8keUg==",
+      "version": "0.127.0",
+      "resolved": "https://registry.npmjs.org/@oxc-project/types/-/types-0.127.0.tgz",
+      "integrity": "sha512-aIYXQBo4lCbO4z0R3FHeucQHpF46l2LbMdxRvqvuRuW2OxdnSkcng5B8+K12spgLDj93rtN3+J2Vac/TIO+ciQ==",
       "dev": true,
       "license": "MIT",
       "funding": {
@@ -2954,9 +2954,9 @@
       }
     },
     "node_modules/@rolldown/binding-android-arm64": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-android-arm64/-/binding-android-arm64-1.0.0-rc.15.tgz",
-      "integrity": "sha512-YYe6aWruPZDtHNpwu7+qAHEMbQ/yRl6atqb/AhznLTnD3UY99Q1jE7ihLSahNWkF4EqRPVC4SiR4O0UkLK02tA==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-android-arm64/-/binding-android-arm64-1.0.0-rc.17.tgz",
+      "integrity": "sha512-s70pVGhw4zqGeFnXWvAzJDlvxhlRollagdCCKRgOsgUOH3N1l0LIxf83AtGzmb5SiVM4Hjl5HyarMRfdfj3DaQ==",
       "cpu": [
         "arm64"
       ],
@@ -2971,9 +2971,9 @@
       }
     },
     "node_modules/@rolldown/binding-darwin-arm64": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-arm64/-/binding-darwin-arm64-1.0.0-rc.15.tgz",
-      "integrity": "sha512-oArR/ig8wNTPYsXL+Mzhs0oxhxfuHRfG7Ikw7jXsw8mYOtk71W0OkF2VEVh699pdmzjPQsTjlD1JIOoHkLP1Fg==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-arm64/-/binding-darwin-arm64-1.0.0-rc.17.tgz",
+      "integrity": "sha512-4ksWc9n0mhlZpZ9PMZgTGjeOPRu8MB1Z3Tz0Mo02eWfWCHMW1zN82Qz/pL/rC+yQa+8ZnutMF0JjJe7PjwasYw==",
       "cpu": [
         "arm64"
       ],
@@ -2988,9 +2988,9 @@
       }
     },
     "node_modules/@rolldown/binding-darwin-x64": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-x64/-/binding-darwin-x64-1.0.0-rc.15.tgz",
-      "integrity": "sha512-YzeVqOqjPYvUbJSWJ4EDL8ahbmsIXQpgL3JVipmN+MX0XnXMeWomLN3Fb+nwCmP/jfyqte5I3XRSm7OfQrbyxw==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-darwin-x64/-/binding-darwin-x64-1.0.0-rc.17.tgz",
+      "integrity": "sha512-SUSDOI6WwUVNcWxd02QEBjLdY1VPHvlEkw6T/8nYG322iYWCTxRb1vzk4E+mWWYehTp7ERibq54LSJGjmouOsw==",
       "cpu": [
         "x64"
       ],
@@ -3005,9 +3005,9 @@
       }
     },
     "node_modules/@rolldown/binding-freebsd-x64": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-freebsd-x64/-/binding-freebsd-x64-1.0.0-rc.15.tgz",
-      "integrity": "sha512-9Erhx956jeQ0nNTyif1+QWAXDRD38ZNjr//bSHrt6wDwB+QkAfl2q6Mn1k6OBPerznjRmbM10lgRb1Pli4xZPw==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-freebsd-x64/-/binding-freebsd-x64-1.0.0-rc.17.tgz",
+      "integrity": "sha512-hwnz3nw9dbJ05EDO/PvcjaaewqqDy7Y1rn1UO81l8iIK1GjenME75dl16ajbvSSMfv66WXSRCYKIqfgq2KCfxw==",
       "cpu": [
         "x64"
       ],
@@ -3022,9 +3022,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-arm-gnueabihf": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.0.0-rc.15.tgz",
-      "integrity": "sha512-cVwk0w8QbZJGTnP/AHQBs5yNwmpgGYStL88t4UIaqcvYJWBfS0s3oqVLZPwsPU6M0zlW4GqjP0Zq5MnAGwFeGA==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm-gnueabihf/-/binding-linux-arm-gnueabihf-1.0.0-rc.17.tgz",
+      "integrity": "sha512-IS+W7epTcwANmFSQFrS1SivEXHtl1JtuQA9wlxrZTcNi6mx+FDOYrakGevvvTwgj2JvWiK8B29/qD9BELZPyXQ==",
       "cpu": [
         "arm"
       ],
@@ -3039,9 +3039,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-arm64-gnu": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.0.0-rc.15.tgz",
-      "integrity": "sha512-eBZ/u8iAK9SoHGanqe/jrPnY0JvBN6iXbVOsbO38mbz+ZJsaobExAm1Iu+rxa4S1l2FjG0qEZn4Rc6X8n+9M+w==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-gnu/-/binding-linux-arm64-gnu-1.0.0-rc.17.tgz",
+      "integrity": "sha512-e6usGaHKW5BMNZOymS1UcEYGowQMWcgZ71Z17Sl/h2+ZziNJ1a9n3Zvcz6LdRyIW5572wBCTH/Z+bKuZouGk9Q==",
       "cpu": [
         "arm64"
       ],
@@ -3059,9 +3059,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-arm64-musl": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.0.0-rc.15.tgz",
-      "integrity": "sha512-ZvRYMGrAklV9PEkgt4LQM6MjQX2P58HPAuecwYObY2DhS2t35R0I810bKi0wmaYORt6m/2Sm+Z+nFgb0WhXNcQ==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-arm64-musl/-/binding-linux-arm64-musl-1.0.0-rc.17.tgz",
+      "integrity": "sha512-b/CgbwAJpmrRLp02RPfhbudf5tZnN9nsPWK82znefso832etkem8H7FSZwxrOI9djcdTP7U6YfNhbRnh7djErg==",
       "cpu": [
         "arm64"
       ],
@@ -3079,9 +3079,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-ppc64-gnu": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.0.0-rc.15.tgz",
-      "integrity": "sha512-VDpgGBzgfg5hLg+uBpCLoFG5kVvEyafmfxGUV0UHLcL5irxAK7PKNeC2MwClgk6ZAiNhmo9FLhRYgvMmedLtnQ==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-ppc64-gnu/-/binding-linux-ppc64-gnu-1.0.0-rc.17.tgz",
+      "integrity": "sha512-4EII1iNGRUN5WwGbF/kOh/EIkoDN9HsupgLQoXfY+D1oyJm7/F4t5PYU5n8SWZgG0FEwakyM8pGgwcBYruGTlA==",
       "cpu": [
         "ppc64"
       ],
@@ -3099,9 +3099,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-s390x-gnu": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.0.0-rc.15.tgz",
-      "integrity": "sha512-y1uXY3qQWCzcPgRJATPSOUP4tCemh4uBdY7e3EZbVwCJTY3gLJWnQABgeUetvED+bt1FQ01OeZwvhLS2bpNrAQ==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-s390x-gnu/-/binding-linux-s390x-gnu-1.0.0-rc.17.tgz",
+      "integrity": "sha512-AH8oq3XqQo4IibpVXvPeLDI5pzkpYn0WiZAfT05kFzoJ6tQNzwRdDYQ45M8I/gslbodRZwW8uxLhbSBbkv96rA==",
       "cpu": [
         "s390x"
       ],
@@ -3119,9 +3119,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-x64-gnu": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.0.0-rc.15.tgz",
-      "integrity": "sha512-023bTPBod7J3Y/4fzAN6QtpkSABR0rigtrwaP+qSEabUh5zf6ELr9Nc7GujaROuPY3uwdSIXWrvhn1KxOvurWA==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-gnu/-/binding-linux-x64-gnu-1.0.0-rc.17.tgz",
+      "integrity": "sha512-cLnjV3xfo7KslbU41Z7z8BH/E1y5mzUYzAqih1d1MDaIGZRCMqTijqLv76/P7fyHuvUcfGsIpqCdddbxLLK9rA==",
       "cpu": [
         "x64"
       ],
@@ -3139,9 +3139,9 @@
       }
     },
     "node_modules/@rolldown/binding-linux-x64-musl": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-musl/-/binding-linux-x64-musl-1.0.0-rc.15.tgz",
-      "integrity": "sha512-witB2O0/hU4CgfOOKUoeFgQ4GktPi1eEbAhaLAIpgD6+ZnhcPkUtPsoKKHRzmOoWPZue46IThdSgdo4XneOLYw==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-linux-x64-musl/-/binding-linux-x64-musl-1.0.0-rc.17.tgz",
+      "integrity": "sha512-0phclDw1spsL7dUB37sIARuis2tAgomCJXAHZlpt8PXZ4Ba0dRP1e+66lsRqrfhISeN9bEGNjQs+T/Fbd7oYGw==",
       "cpu": [
         "x64"
       ],
@@ -3159,9 +3159,9 @@
       }
     },
     "node_modules/@rolldown/binding-openharmony-arm64": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-openharmony-arm64/-/binding-openharmony-arm64-1.0.0-rc.15.tgz",
-      "integrity": "sha512-UCL68NJ0Ud5zRipXZE9dF5PmirzJE4E4BCIOOssEnM7wLDsxjc6Qb0sGDxTNRTP53I6MZpygyCpY8Aa8sPfKPg==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-openharmony-arm64/-/binding-openharmony-arm64-1.0.0-rc.17.tgz",
+      "integrity": "sha512-0ag/hEgXOwgw4t8QyQvUCxvEg+V0KBcA6YuOx9g0r02MprutRF5dyljgm3EmR02O292UX7UeS6HzWHAl6KgyhA==",
       "cpu": [
         "arm64"
       ],
@@ -3176,9 +3176,9 @@
       }
     },
     "node_modules/@rolldown/binding-wasm32-wasi": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-wasm32-wasi/-/binding-wasm32-wasi-1.0.0-rc.15.tgz",
-      "integrity": "sha512-ApLruZq/ig+nhaE7OJm4lDjayUnOHVUa77zGeqnqZ9pn0ovdVbbNPerVibLXDmWeUZXjIYIT8V3xkT58Rm9u5Q==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-wasm32-wasi/-/binding-wasm32-wasi-1.0.0-rc.17.tgz",
+      "integrity": "sha512-LEXei6vo0E5wTGwpkJ4KoT3OZJRnglwldt5ziLzOlc6qqb55z4tWNq2A+PFqCJuvWWdP53CVhG1Z9NtToDPJrA==",
       "cpu": [
         "wasm32"
       ],
@@ -3186,12 +3186,12 @@
       "license": "MIT",
       "optional": true,
       "dependencies": {
-        "@emnapi/core": "1.9.2",
-        "@emnapi/runtime": "1.9.2",
-        "@napi-rs/wasm-runtime": "^1.1.3"
+        "@emnapi/core": "1.10.0",
+        "@emnapi/runtime": "1.10.0",
+        "@napi-rs/wasm-runtime": "^1.1.4"
       },
       "engines": {
-        "node": ">=14.0.0"
+        "node": "^20.19.0 || >=22.12.0"
       }
     },
     "node_modules/@rolldown/binding-wasm32-wasi/node_modules/@napi-rs/wasm-runtime": {
@@ -3214,9 +3214,9 @@
       }
     },
     "node_modules/@rolldown/binding-win32-arm64-msvc": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.0.0-rc.15.tgz",
-      "integrity": "sha512-KmoUoU7HnN+Si5YWJigfTws1jz1bKBYDQKdbLspz0UaqjjFkddHsqorgiW1mxcAj88lYUE6NC/zJNwT+SloqtA==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-arm64-msvc/-/binding-win32-arm64-msvc-1.0.0-rc.17.tgz",
+      "integrity": "sha512-gUmyzBl3SPMa6hrqFUth9sVfcLBlYsbMzBx5PlexMroZStgzGqlZ26pYG89rBb45Mnia+oil6YAIFeEWGWhoZA==",
       "cpu": [
         "arm64"
       ],
@@ -3231,9 +3231,9 @@
       }
     },
     "node_modules/@rolldown/binding-win32-x64-msvc": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.0.0-rc.15.tgz",
-      "integrity": "sha512-3P2A8L+x75qavWLe/Dll3EYBJLQmtkJN8rfh+U/eR3MqMgL/h98PhYI+JFfXuDPgPeCB7iZAKiqii5vqOvnA0g==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/binding-win32-x64-msvc/-/binding-win32-x64-msvc-1.0.0-rc.17.tgz",
+      "integrity": "sha512-3hkiolcUAvPB9FLb3UZdfjVVNWherN1f/skkGWJP/fgSQhYUZpSIRr0/I8ZK9TkF3F7kxvJAk0+IcKvPHk9qQg==",
       "cpu": [
         "x64"
       ],
@@ -5512,9 +5512,9 @@
       }
     },
     "node_modules/ajv": {
-      "version": "8.18.0",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.18.0.tgz",
-      "integrity": "sha512-PlXPeEWMXMZ7sPYOHqmDyCJzcfNrUr3fGNKtezX14ykXOEIvyK81d+qydx89KY5O71FKMPaQ2vBfBFI5NHR63A==",
+      "version": "8.20.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-8.20.0.tgz",
+      "integrity": "sha512-Thbli+OlOj+iMPYFBVBfJ3OmCAnaSyNn4M1vz9T6Gka5Jt9ba/HIR56joy65tY6kx/FCF5VXNB819Y7/GUrBGA==",
       "license": "MIT",
       "dependencies": {
         "fast-deep-equal": "^3.1.3",
@@ -5877,9 +5877,9 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.10.20",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.20.tgz",
-      "integrity": "sha512-1AaXxEPfXT+GvTBJFuy4yXVHWJBXa4OdbIebGN/wX5DlsIkU0+wzGnd2lOzokSk51d5LUmqjgBLRLlypLUqInQ==",
+      "version": "2.10.23",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.23.tgz",
+      "integrity": "sha512-xwVXGqevyKPsiuQdLj+dZMVjidjJV508TBqexND5HrF89cGdCYCJFB3qhcxRHSeMctdCfbR1jrxBajhDy7o29g==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.cjs"
@@ -6126,9 +6126,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001788",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001788.tgz",
-      "integrity": "sha512-6q8HFp+lOQtcf7wBK+uEenxymVWkGKkjFpCvw5W25cmMwEDU45p1xQFBQv8JDlMMry7eNxyBaR+qxgmTUZkIRQ==",
+      "version": "1.0.30001791",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001791.tgz",
+      "integrity": "sha512-yk0l/YSrOnFZk3UROpDLQD9+kC1l4meK/wed583AXrzoarMGJcbRi2Q4RaUYbKxYAsZ8sWmaSa/DsLmdBeI1vQ==",
       "funding": [
         {
           "type": "opencollective",
@@ -7554,9 +7554,9 @@
       }
     },
     "node_modules/dompurify": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.0.tgz",
-      "integrity": "sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==",
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.1.tgz",
+      "integrity": "sha512-JahakDAIg1gyOm7dlgWSDjV4n7Ip2PKR55NIT6jrMfIgLFgWo81vdr1/QGqWtFNRqXP9UV71oVePtjqS2ebnPw==",
       "license": "(MPL-2.0 OR Apache-2.0)",
       "optionalDependencies": {
         "@types/trusted-types": "^2.0.7"
@@ -7675,9 +7675,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.340",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.340.tgz",
-      "integrity": "sha512-908qahOGocRMinT2nM3ajCEM99H4iPdv84eagPP3FfZy/1ZGeOy2CZYzjhms81ckOPCXPlW7LkY4XpxD8r1DrA==",
+      "version": "1.5.344",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.344.tgz",
+      "integrity": "sha512-4MxfbmNDm+KPh066EZy+eUnkcDPcZ35wNmOWzFuh/ijvHsve6kbLTLURy88uCNK5FbpN+yk2nQY6BYh1GEt+wg==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -7697,13 +7697,13 @@
       }
     },
     "node_modules/enhanced-resolve": {
-      "version": "5.20.1",
-      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.20.1.tgz",
-      "integrity": "sha512-Qohcme7V1inbAfvjItgw0EaxVX5q2rdVEZHRBrEQdRZTssLDGsL8Lwrznl8oQ/6kuTJONLaDcGjkNP247XEhcA==",
+      "version": "5.21.0",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.21.0.tgz",
+      "integrity": "sha512-otxSQPw4lkOZWkHpB3zaEQs6gWYEsmX4xQF68ElXC/TWvGxGMSGOvoNbaLXm6/cS/fSfHtsEdw90y20PCd+sCA==",
       "license": "MIT",
       "dependencies": {
         "graceful-fs": "^4.2.4",
-        "tapable": "^2.3.0"
+        "tapable": "^2.3.3"
       },
       "engines": {
         "node": ">=10.13.0"
@@ -7863,9 +7863,9 @@
       }
     },
     "node_modules/es-module-lexer": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-2.0.0.tgz",
-      "integrity": "sha512-5POEcUuZybH7IdmGsD8wlf0AI55wMecM9rVBTI/qEAy2c1kTOm3DjFYjrBdI2K3BaJjJYfYFeRtM0t9ssnRuxw==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/es-module-lexer/-/es-module-lexer-2.1.0.tgz",
+      "integrity": "sha512-n27zTYMjYu1aj4MjCWzSP7G9r75utsaoc8m61weK+W8JMBGGQybd43GstCXZ3WNmSFtGT9wi59qQTW6mhTR5LQ==",
       "license": "MIT"
     },
     "node_modules/es-object-atoms": {
@@ -8493,9 +8493,9 @@
       "license": "MIT"
     },
     "node_modules/eslint/node_modules/ajv": {
-      "version": "6.14.0",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.14.0.tgz",
-      "integrity": "sha512-IWrosm/yrn43eiKqkfkHis7QioDleaXQHdDVPKg0FSwwd/DuvyX79TZnFOnYpB7dcsFAMmtFztZuXPDvSePkFw==",
+      "version": "6.15.0",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
+      "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -10662,9 +10662,9 @@
       "license": "MIT"
     },
     "node_modules/jsonfile": {
-      "version": "6.2.0",
-      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.2.0.tgz",
-      "integrity": "sha512-FGuPw30AdOIUTRMC2OMRtQV+jkVj2cfPqSeWXv1NEAJ1qZ5zb1X6z1mFhbfOB/iy3ssJCD+3KuZ8r8C3uVFlAg==",
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.2.1.tgz",
+      "integrity": "sha512-zwOTdL3rFQ/lRdBnntKVOX6k5cKJwEc1HdilT71BWEu7J41gXIB2MRp+vxduPSwZJPWBxEzv4yH1wYLJGUHX4Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -11192,9 +11192,9 @@
       }
     },
     "node_modules/loader-runner": {
-      "version": "4.3.1",
-      "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.1.tgz",
-      "integrity": "sha512-IWqP2SCPhyVFTBtRcgMHdzlf9ul25NwaFx4wCEH/KjAXuuHY4yNjvPXsBokp8jCB936PyWRaPKUNh8NvylLp2Q==",
+      "version": "4.3.2",
+      "resolved": "https://registry.npmjs.org/loader-runner/-/loader-runner-4.3.2.tgz",
+      "integrity": "sha512-DFEqQ3ihfS9blba08cLfYf1NRAIEm+dDjic073DRDc3/JspI/8wYmtDsHwd3+4hwvdxSK7PGaElfTmm0awWJ4w==",
       "license": "MIT",
       "engines": {
         "node": ">=6.11.5"
@@ -12361,9 +12361,9 @@
       }
     },
     "node_modules/node-releases": {
-      "version": "2.0.37",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.37.tgz",
-      "integrity": "sha512-1h5gKZCF+pO/o3Iqt5Jp7wc9rH3eJJ0+nh/CIoiRwjRxde/hAHyLPXYN4V3CqKAbiZPSeJFSWHmJsbkicta0Eg==",
+      "version": "2.0.38",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.38.tgz",
+      "integrity": "sha512-3qT/88Y3FbH/Kx4szpQQ4HzUbVrHPKTLVpVocKiLfoYvw9XSGOX2FmD2d6DrXbVYyAQTF2HeF6My8jmzx7/CRw==",
       "license": "MIT"
     },
     "node_modules/node-sarif-builder": {
@@ -13440,9 +13440,9 @@
       }
     },
     "node_modules/qified/node_modules/hookified": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/hookified/-/hookified-2.1.1.tgz",
-      "integrity": "sha512-AHb76R16GB5EsPBE2J7Ko5kiEyXwviB9P5SMrAKcuAu4vJPZttViAbj9+tZeaQE5zjDme+1vcHP78Yj/WoAveA==",
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/hookified/-/hookified-2.2.0.tgz",
+      "integrity": "sha512-p/LgFzRN5FeoD3DLS6bkUapeye6E4SI6yJs6KetENd18S+FBthqYq2amJUWpt5z0EQwwHemidjY5OqJGEKm5uA==",
       "dev": true,
       "license": "MIT"
     },
@@ -13800,14 +13800,14 @@
       "license": "Unlicense"
     },
     "node_modules/rolldown": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/rolldown/-/rolldown-1.0.0-rc.15.tgz",
-      "integrity": "sha512-Ff31guA5zT6WjnGp0SXw76X6hzGRk/OQq2hE+1lcDe+lJdHSgnSX6nK3erbONHyCbpSj9a9E+uX/OvytZoWp2g==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/rolldown/-/rolldown-1.0.0-rc.17.tgz",
+      "integrity": "sha512-ZrT53oAKrtA4+YtBWPQbtPOxIbVDbxT0orcYERKd63VJTF13zPcgXTvD4843L8pcsI7M6MErt8QtON6lrB9tyA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@oxc-project/types": "=0.124.0",
-        "@rolldown/pluginutils": "1.0.0-rc.15"
+        "@oxc-project/types": "=0.127.0",
+        "@rolldown/pluginutils": "1.0.0-rc.17"
       },
       "bin": {
         "rolldown": "bin/cli.mjs"
@@ -13816,27 +13816,27 @@
         "node": "^20.19.0 || >=22.12.0"
       },
       "optionalDependencies": {
-        "@rolldown/binding-android-arm64": "1.0.0-rc.15",
-        "@rolldown/binding-darwin-arm64": "1.0.0-rc.15",
-        "@rolldown/binding-darwin-x64": "1.0.0-rc.15",
-        "@rolldown/binding-freebsd-x64": "1.0.0-rc.15",
-        "@rolldown/binding-linux-arm-gnueabihf": "1.0.0-rc.15",
-        "@rolldown/binding-linux-arm64-gnu": "1.0.0-rc.15",
-        "@rolldown/binding-linux-arm64-musl": "1.0.0-rc.15",
-        "@rolldown/binding-linux-ppc64-gnu": "1.0.0-rc.15",
-        "@rolldown/binding-linux-s390x-gnu": "1.0.0-rc.15",
-        "@rolldown/binding-linux-x64-gnu": "1.0.0-rc.15",
-        "@rolldown/binding-linux-x64-musl": "1.0.0-rc.15",
-        "@rolldown/binding-openharmony-arm64": "1.0.0-rc.15",
-        "@rolldown/binding-wasm32-wasi": "1.0.0-rc.15",
-        "@rolldown/binding-win32-arm64-msvc": "1.0.0-rc.15",
-        "@rolldown/binding-win32-x64-msvc": "1.0.0-rc.15"
+        "@rolldown/binding-android-arm64": "1.0.0-rc.17",
+        "@rolldown/binding-darwin-arm64": "1.0.0-rc.17",
+        "@rolldown/binding-darwin-x64": "1.0.0-rc.17",
+        "@rolldown/binding-freebsd-x64": "1.0.0-rc.17",
+        "@rolldown/binding-linux-arm-gnueabihf": "1.0.0-rc.17",
+        "@rolldown/binding-linux-arm64-gnu": "1.0.0-rc.17",
+        "@rolldown/binding-linux-arm64-musl": "1.0.0-rc.17",
+        "@rolldown/binding-linux-ppc64-gnu": "1.0.0-rc.17",
+        "@rolldown/binding-linux-s390x-gnu": "1.0.0-rc.17",
+        "@rolldown/binding-linux-x64-gnu": "1.0.0-rc.17",
+        "@rolldown/binding-linux-x64-musl": "1.0.0-rc.17",
+        "@rolldown/binding-openharmony-arm64": "1.0.0-rc.17",
+        "@rolldown/binding-wasm32-wasi": "1.0.0-rc.17",
+        "@rolldown/binding-win32-arm64-msvc": "1.0.0-rc.17",
+        "@rolldown/binding-win32-x64-msvc": "1.0.0-rc.17"
       }
     },
     "node_modules/rolldown/node_modules/@rolldown/pluginutils": {
-      "version": "1.0.0-rc.15",
-      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-rc.15.tgz",
-      "integrity": "sha512-UromN0peaE53IaBRe9W7CjrZgXl90fqGpK+mIZbA3qSTeYqg3pqpROBdIPvOG3F5ereDHNwoHBI2e50n1BDr1g==",
+      "version": "1.0.0-rc.17",
+      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-rc.17.tgz",
+      "integrity": "sha512-n8iosDOt6Ig1UhJ2AYqoIhHWh/isz0xpicHTzpKBeotdVsTEcxsSA/i3EVM7gQAj0rU27OLAxCjzlj15IWY7bg==",
       "dev": true,
       "license": "MIT"
     },
@@ -13924,15 +13924,15 @@
       "license": "BSD-3-Clause"
     },
     "node_modules/safe-array-concat": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.1.3.tgz",
-      "integrity": "sha512-AURm5f0jYEOydBj7VQlVvDrjeFgthDdEF5H1dP+6mNpoXOMo1quQqJ4wvJDyRZ9+pO3kGWoOdmV08cSv2aJV6Q==",
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/safe-array-concat/-/safe-array-concat-1.1.4.tgz",
+      "integrity": "sha512-wtZlHyOje6OZTGqAoaDKxFkgRtkF9CnHAVnCHKfuj200wAgL+bSJhdsCD2l0Qx/2ekEXjPWcyKkfGb5CPboslg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "call-bind": "^1.0.8",
-        "call-bound": "^1.0.2",
-        "get-intrinsic": "^1.2.6",
+        "call-bind": "^1.0.9",
+        "call-bound": "^1.0.4",
+        "get-intrinsic": "^1.3.0",
         "has-symbols": "^1.1.0",
         "isarray": "^2.0.5"
       },
@@ -15149,9 +15149,9 @@
       }
     },
     "node_modules/tapable": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.3.2.tgz",
-      "integrity": "sha512-1MOpMXuhGzGL5TTCZFItxCc0AARf1EZFQkGqMm7ERKj8+Hgr5oLvJOVFcC+lRmR8hCe2S3jC4T5D7Vg/d7/fhA==",
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.3.3.tgz",
+      "integrity": "sha512-uxc/zpqFg6x7C8vOE7lh6Lbda8eEL9zmVm/PLeTPBRhh1xCgdWaQ+J1CUieGpIfm2HdtsUpRv+HshiasBMcc6A==",
       "license": "MIT",
       "engines": {
         "node": ">=6"
@@ -15162,9 +15162,9 @@
       }
     },
     "node_modules/terser": {
-      "version": "5.46.1",
-      "resolved": "https://registry.npmjs.org/terser/-/terser-5.46.1.tgz",
-      "integrity": "sha512-vzCjQO/rgUuK9sf8VJZvjqiqiHFaZLnOiimmUuOKODxWL8mm/xua7viT7aqX7dgPY60otQjUotzFMmCB4VdmqQ==",
+      "version": "5.46.2",
+      "resolved": "https://registry.npmjs.org/terser/-/terser-5.46.2.tgz",
+      "integrity": "sha512-uxfo9fPcSgLDYob/w1FuL0c99MWiJDnv+5qXSQc5+Ki5NjVNsYi66INnMFBjf6uFz6OnX12piJQPF4IpjJTNTw==",
       "license": "BSD-2-Clause",
       "dependencies": {
         "@jridgewell/source-map": "^0.3.3",
@@ -15180,9 +15180,9 @@
       }
     },
     "node_modules/terser-webpack-plugin": {
-      "version": "5.4.0",
-      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.4.0.tgz",
-      "integrity": "sha512-Bn5vxm48flOIfkdl5CaD2+1CiUVbonWQ3KQPyP7/EuIl9Gbzq/gQFOzaMFUEgVjB1396tcK0SG8XcNJ/2kDH8g==",
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.5.0.tgz",
+      "integrity": "sha512-UYhptBwhWvfIjKd/UuFo6D8uq9xpGLDK+z8EDsj/zWhrTaH34cKEbrkMKfV5YWqGBvAYA3tlzZbs2R+qYrbQJA==",
       "license": "MIT",
       "dependencies": {
         "@jridgewell/trace-mapping": "^0.3.25",
@@ -15780,17 +15780,17 @@
       "license": "MIT"
     },
     "node_modules/vite": {
-      "version": "8.0.8",
-      "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.8.tgz",
-      "integrity": "sha512-dbU7/iLVa8KZALJyLOBOQ88nOXtNG8vxKuOT4I2mD+Ya70KPceF4IAmDsmU0h1Qsn5bPrvsY9HJstCRh3hG6Uw==",
+      "version": "8.0.10",
+      "resolved": "https://registry.npmjs.org/vite/-/vite-8.0.10.tgz",
+      "integrity": "sha512-rZuUu9j6J5uotLDs+cAA4O5H4K1SfPliUlQwqa6YEwSrWDZzP4rhm00oJR5snMewjxF5V/K3D4kctsUTsIU9Mw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "lightningcss": "^1.32.0",
         "picomatch": "^4.0.4",
-        "postcss": "^8.5.8",
-        "rolldown": "1.0.0-rc.15",
-        "tinyglobby": "^0.2.15"
+        "postcss": "^8.5.10",
+        "rolldown": "1.0.0-rc.17",
+        "tinyglobby": "^0.2.16"
       },
       "bin": {
         "vite": "bin/vite.js"
@@ -16283,9 +16283,9 @@
       }
     },
     "node_modules/webpack-sources": {
-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.3.4.tgz",
-      "integrity": "sha512-7tP1PdV4vF+lYPnkMR0jMY5/la2ub5Fc/8VQrrU+lXkiM6C4TjVfGw7iKfyhnTQOsD+6Q/iKw0eFciziRgD58Q==",
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.4.0.tgz",
+      "integrity": "sha512-gHwIe1cgBvvfLeu1Yz/dcFpmHfKDVxxyqI+kzqmuxZED81z2ChxpyqPaWcNqigPywhaEke7AjSGga+kxY55gjQ==",
       "license": "MIT",
       "engines": {
         "node": ">=10.13.0"
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index 9d6477ee33..5aee001936 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -1032,9 +1032,9 @@
       }
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.10.20",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.20.tgz",
-      "integrity": "sha512-1AaXxEPfXT+GvTBJFuy4yXVHWJBXa4OdbIebGN/wX5DlsIkU0+wzGnd2lOzokSk51d5LUmqjgBLRLlypLUqInQ==",
+      "version": "2.10.23",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.23.tgz",
+      "integrity": "sha512-xwVXGqevyKPsiuQdLj+dZMVjidjJV508TBqexND5HrF89cGdCYCJFB3qhcxRHSeMctdCfbR1jrxBajhDy7o29g==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.cjs"
@@ -1264,9 +1264,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001788",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001788.tgz",
-      "integrity": "sha512-6q8HFp+lOQtcf7wBK+uEenxymVWkGKkjFpCvw5W25cmMwEDU45p1xQFBQv8JDlMMry7eNxyBaR+qxgmTUZkIRQ==",
+      "version": "1.0.30001791",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001791.tgz",
+      "integrity": "sha512-yk0l/YSrOnFZk3UROpDLQD9+kC1l4meK/wed583AXrzoarMGJcbRi2Q4RaUYbKxYAsZ8sWmaSa/DsLmdBeI1vQ==",
       "funding": [
         {
           "type": "opencollective",
@@ -2020,9 +2020,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.340",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.340.tgz",
-      "integrity": "sha512-908qahOGocRMinT2nM3ajCEM99H4iPdv84eagPP3FfZy/1ZGeOy2CZYzjhms81ckOPCXPlW7LkY4XpxD8r1DrA==",
+      "version": "1.5.344",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.344.tgz",
+      "integrity": "sha512-4MxfbmNDm+KPh066EZy+eUnkcDPcZ35wNmOWzFuh/ijvHsve6kbLTLURy88uCNK5FbpN+yk2nQY6BYh1GEt+wg==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -6013,9 +6013,9 @@
       }
     },
     "node_modules/node-releases": {
-      "version": "2.0.37",
-      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.37.tgz",
-      "integrity": "sha512-1h5gKZCF+pO/o3Iqt5Jp7wc9rH3eJJ0+nh/CIoiRwjRxde/hAHyLPXYN4V3CqKAbiZPSeJFSWHmJsbkicta0Eg==",
+      "version": "2.0.38",
+      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.38.tgz",
+      "integrity": "sha512-3qT/88Y3FbH/Kx4szpQQ4HzUbVrHPKTLVpVocKiLfoYvw9XSGOX2FmD2d6DrXbVYyAQTF2HeF6My8jmzx7/CRw==",
       "license": "MIT"
     },
     "node_modules/node.extend": {

From 5e5ad79d10f1a52a426db30f799f4239afbad637 Mon Sep 17 00:00:00 2001
From: Codeberg Translate <translate@codeberg.org>
Date: Mon, 27 Apr 2026 11:17:47 +0000
Subject: [PATCH 742/854] i18n: update of translations from Codeberg Translate

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: AshyPinguin <ashypinguin@noreply.codeberg.org>
Co-authored-by: Benedikt Straub <benedikt-straub@web.de>
Co-authored-by: Codeberg Translate <translate@codeberg.org>
Co-authored-by: Fjuro <fjuro@noreply.codeberg.org>
Co-authored-by: Goudarz Jafari <goudarz.jafari@gmail.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Lauri Lepik <laurilepik@noreply.codeberg.org>
Co-authored-by: Lzebulon <lzebulon@noreply.codeberg.org>
Co-authored-by: PatoFlamejanteTV <patoflamejantetv@noreply.codeberg.org>
Co-authored-by: SomeTr <sometr@noreply.codeberg.org>
Co-authored-by: TAGerritsen <tagerritsen@noreply.codeberg.org>
Co-authored-by: Tamil <tamil@noreply.codeberg.org>
Co-authored-by: Wuzzy <wuzzy@disroot.org>
Co-authored-by: arifpedia <arifpedia@gmail.com>
Co-authored-by: artnay <artnay@noreply.codeberg.org>
Co-authored-by: augustd <augustd@noreply.codeberg.org>
Co-authored-by: fserrador <fserrador@noreply.codeberg.org>
Co-authored-by: gallegonovato <gallegonovato@noreply.codeberg.org>
Co-authored-by: mahlzahn <mahlzahn@posteo.de>
Co-authored-by: rdeavila <rdeavila@noreply.codeberg.org>
Co-authored-by: universish <universish@noreply.codeberg.org>
Co-authored-by: vmtj <vmtj@noreply.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ca/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/cs/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/de/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/et/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/id/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/mk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nds/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/ta/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/tr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/uk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo-next/zh_Hans/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/es/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/et/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fa/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fi/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/fr/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/id/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/mk/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/nl/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/pt_BR/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ru/
Translate-URL: https://translate.codeberg.org/projects/forgejo/forgejo/ta/
Translation: Forgejo/forgejo
Translation: Forgejo/forgejo-next
---
 options/locale/locale_es-ES.ini       |  194 +-
 options/locale/locale_et.ini          |    3 +-
 options/locale/locale_fa-IR.ini       |    2 +-
 options/locale/locale_fi-FI.ini       |    2 +-
 options/locale/locale_fr-FR.ini       |    2 +-
 options/locale/locale_id-ID.ini       | 2779 ++++++++++++++++++++++---
 options/locale/locale_mk.ini          |   10 +-
 options/locale/locale_nl-NL.ini       |    2 +-
 options/locale/locale_pt-BR.ini       |    8 +-
 options/locale/locale_ru-RU.ini       |    2 +-
 options/locale/locale_ta.ini          |    6 +-
 options/locale_next/locale_bg.json    |    3 -
 options/locale_next/locale_ca.json    |  155 +-
 options/locale_next/locale_cs-CZ.json |    9 +-
 options/locale_next/locale_de-DE.json |   11 +-
 options/locale_next/locale_el-GR.json |    3 -
 options/locale_next/locale_es-ES.json |  133 +-
 options/locale_next/locale_et.json    |   16 +-
 options/locale_next/locale_fil.json   |    3 -
 options/locale_next/locale_fr-FR.json |    9 +-
 options/locale_next/locale_ga.json    |    3 -
 options/locale_next/locale_id-ID.json |  437 +++-
 options/locale_next/locale_kab.json   |    2 -
 options/locale_next/locale_mk.json    |   66 +-
 options/locale_next/locale_nds.json   |    9 +-
 options/locale_next/locale_nl-NL.json |   31 +-
 options/locale_next/locale_pt-BR.json |   45 +-
 options/locale_next/locale_pt-PT.json |    3 -
 options/locale_next/locale_ru-RU.json |   34 +-
 options/locale_next/locale_sv-SE.json |    3 -
 options/locale_next/locale_ta.json    |    2 +-
 options/locale_next/locale_tr-TR.json |  386 +++-
 options/locale_next/locale_uk-UA.json |   19 +-
 options/locale_next/locale_zh-CN.json |   52 +-
 34 files changed, 3880 insertions(+), 564 deletions(-)

diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 5fb0a270eb..0d37055fea 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -80,9 +80,9 @@ rerun_all=Volver a ejecutar todos los trabajos
 save=Guardar
 add=Añadir
 add_all=Añadir todos
-remove=Eliminar
-remove_all=Eliminar todos
-remove_label_str=`Eliminar elemento "%s"`
+remove=Retirar
+remove_all=Retirar todos
+remove_label_str=`Retirar elemento "%s"`
 edit=Editar
 
 enabled=Activo
@@ -103,7 +103,7 @@ preview=Vista previa
 loading=Cargando…
 
 error=Error
-error404=La página a la que está intentando acceder <strong>no existe</strong>,<strong>ha sido eliminada</strong> o <strong>no está autorizado</strong> a verla.
+error404=La página a la que está intentando acceder <strong>no existe</strong>,<strong>ha sido retirada</strong> o <strong>no está autorizado</strong> a verla.
 go_back=Volver
 
 never=Nunca
@@ -202,7 +202,7 @@ table_modal.placeholder.content = Contenido
 link_modal.header = Añadir enlace
 link_modal.description = Descripción
 link_modal.paste_reminder = Pista: Con una URL en tu portapapeles, puedes pegar directamente en el editor para crear un enlace.
-link_modal.url = URL
+link_modal.url = Url
 
 [filter]
 string.asc=A - Z
@@ -384,8 +384,8 @@ manual_activation_only=Póngase en contacto con el administrador del sitio para
 remember_me=Recordar este dispositivo
 forgot_password_title=Contraseña olvidada
 forgot_password=¿Has olvidado tu contraseña?
-sign_up_successful=La cuenta se ha creado correctamente. ¡Le damos la bienvenida!
-confirmation_mail_sent_prompt=Se ha enviado un nuevo correo de confirmación a <b>%s</b>. Para completar el proceso de registro, revisa tu bandeja de entrada y sigue el enlace proporcionado dentro de los próximos %s. Si la dirección no es correcto, puedes iniciar sesión y solicitar otro correo de confirmación para ser enviado a una dirección diferente.
+sign_up_successful=La cuenta se ha creado correctamente. ¡Bienvenido!
+confirmation_mail_sent_prompt=Se ha enviado un nuevo correo electrónico de confirmación a <b>%s</b>. Para completar el registro, comprueba tu bandeja de entrada y sigue el enlace que aparece en el correo en un plazo de: %s. Si la dirección de correo electrónico no es correcta, puedes iniciar sesión y solicitar que se envíe otro correo electrónico de confirmación a otra dirección.
 must_change_password=Actualizar su contraseña
 allow_password_change=Obligar al usuario a cambiar la contraseña (recomendado)
 reset_password_mail_sent_prompt=Se ha enviado un correo de confirmación a <b>%s</b>. Para completar el proceso de recuperación de la cuenta, consulta tu bandeja de entrada y sigue el enlace proporcionado dentro de los próximos %s.
@@ -442,7 +442,7 @@ password_pwned_err=No se pudo completar la solicitud a HaveIBeenPwned
 change_unconfirmed_email = Si has proporcionado una dirección de correo electrónico errónea durante el registro, la puedes cambiar debajo y se enviará una confirmación a la nueva dirección.
 change_unconfirmed_email_error = No es posible cambiar la dirección de correo electrónico: %v
 change_unconfirmed_email_summary = Cambia la dirección de correo electrónico a quien se envía el correo de activación.
-last_admin = No puedes eliminar al último admin (administrador). Debe haber, al menos, un admin.
+last_admin = No puedes retirar el último admin (administrador). Debe haber, al menos, un admin.
 sign_up_button = Regístrate ahora.
 hint_login = ¿Ya tienes cuenta? <a href="%s">¡Ingresa ahora!</a>
 hint_register = ¿Necesitas una cuenta? <a href="%s">Regístrate ahora.</a>
@@ -516,7 +516,7 @@ admin.new_user.subject = Se acaba de registrar el nuevo usuario %s
 admin.new_user.user_info = Información del usuario
 admin.new_user.text = Por favor, <a href="%s">pulsa aquí</a> para gestionar este usuario desde el panel de administración.
 account_security_caution.text_1 = Si fuiste tú, puedes ignorar este correo.
-removed_security_key.subject = Se ha eliminado una clave de seguridad
+removed_security_key.subject = Se ha retirado una clave de seguridad
 removed_security_key.no_2fa = Ya no hay otros métodos 2FA configurados, lo que significa que ya no es necesario iniciar sesión en tu cuenta con 2FA.
 password_change.subject = Tu contraseña ha sido modificada
 password_change.text_1 = La contraseña de tu cuenta acaba de ser modificada.
@@ -527,7 +527,7 @@ totp_disabled.no_2fa = Ya no hay otros métodos 2FA configurados, lo que signifi
 account_security_caution.text_2 = Si no fuiste tú, tu cuenta está comprometida. Ponte en contacto con los administradores de este sitio.
 totp_enrolled.subject = Has activado TOTP como método 2FA
 totp_enrolled.text_1.no_webauthn = Acabas de activar TOTP para tu cuenta. Esto significa que para todos los futuros inicios de sesión en tu cuenta, debes utilizar TOTP como método 2FA.
-removed_security_key.text_1 = La clave de seguridad "%[1]s" acaba de ser eliminada de tu cuenta.
+removed_security_key.text_1 = La clave de seguridad "%[1]s" acaba de ser retirada de tu cuenta.
 primary_mail_change.text_1 = El correo principal de su cuenta acaba de cambiar a %[1]s. Esto significa que esta dirección de correo electrónico ya no recibirá notificaciones por correo electrónico de su cuenta.
 totp_enrolled.text_1.has_webauthn = Acabas de activar TOTP para tu cuenta. Esto significa que para todos los futuros inicios de sesión en tu cuenta, podrás utilizar TOTP como método 2FA o bien utilizar cualquiera de tus claves de seguridad.
 
@@ -603,7 +603,7 @@ enterred_invalid_owner_name=El nuevo nombre de usuario no es válido.
 enterred_invalid_password=La contraseña que ha introducido es incorrecta.
 user_not_exist=Este usuario no existe.
 team_not_exist=Este equipo no existe.
-last_org_owner=No puedes eliminar al último usuario del equipo de "propietarios". Todas las organizaciones deben tener al menos un propietario.
+last_org_owner=No puedes retirar el último usuario del equipo de "propietarios". Todas las organizaciones deben tener al menos un propietario.
 cannot_add_org_to_team=Una organización no puede ser añadida como miembro de un equipo.
 duplicate_invite_to_team=El usuario ya fue invitado como miembro del equipo.
 organization_leave_success=Ha abandonado correctamente la organización %s.
@@ -622,7 +622,7 @@ org_still_own_repo=Esta organización todavía posee uno o más repositorios, el
 org_still_own_packages=Esta organización todavía posee uno o más paquetes, elimínalos primero.
 
 target_branch_not_exist=La rama de destino no existe.
-admin_cannot_delete_self = No puedes eliminarte a ti mismo cuando eres un admin (administrador). Por favor, elimina primero tus privilegios de administrador.
+admin_cannot_delete_self = No puedes eliminarte a ti mismo cuando eres un admin (administrador). Por favor, primero retire los privilegios de administrador.
 username_error_no_dots = ` solo puede contener carácteres alfanuméricos ("0-9","a-z","A-Z"), guiones ("-"), y guiones bajos ("_"). No puede empezar o terminar con carácteres no alfanuméricos y también están prohibidos los carácteres no alfanuméricos consecutivos.`
 unsupported_login_type = No se admite el tipo de inicio de sesión para eliminar la cuenta.
 required_prefix = La entrada debe empezar por "%s"
@@ -738,7 +738,7 @@ comment_type_group_review_request=Revisión solicitada
 comment_type_group_pull_request_push=Confirmaciones añadidas
 comment_type_group_project=Proyecto
 comment_type_group_issue_ref=Referencia del incidente
-saved_successfully=Su configuración se ha guardado correctamente.
+saved_successfully=Tu configuración se guardó correctamente.
 privacy=Privacidad
 keep_activity_private=Ocultar actividad de la página de perfil
 lookup_avatar_by_mail=Buscar avatar por dirección de correo electrónico
@@ -772,8 +772,8 @@ activate_email=Enviar activación
 activations_pending=Activaciones pendientes
 can_not_add_email_activations_pending=Hay una activación pendiente, inténtelo de nuevo en unos minutos si desea agregar un nuevo correo electrónico.
 delete_email=Eliminar
-email_deletion=Eliminar dirección de correo electrónico
-email_deletion_desc=Esta dirección de correo electrónico y la información relacionada se eliminará de su cuenta. Las confirmaciones de Git hechas por esta dirección de correo electrónico permanecerán intactas. ¿Desea Continuar?
+email_deletion=Retirar dirección de correo-e
+email_deletion_desc=Esta dirección de correo electrónico y la información relacionada se retirará de su cuenta. Las confirmaciones de Git hechas por esta dirección de correo electrónico permanecerán intactas. ¿Desea Continuar?
 email_deletion_success=La dirección de correo electrónico ha sido eliminada.
 theme_update_success=Su tema fue actualizado.
 theme_update_error=El tema seleccionado no existe.
@@ -840,8 +840,8 @@ add_key_success=La clave SSH "%s" ha sido añadida.
 add_gpg_key_success=La clave GPG "%s" ha sido añadida.
 add_principal_success=El certificado SSH principal "%s" ha sido añadido.
 delete_key=Eliminar
-ssh_key_deletion=Eliminar clave SSH
-gpg_key_deletion=Eliminar clave GPG
+ssh_key_deletion=Retirar clave SSH
+gpg_key_deletion=Retirar clave GPG
 ssh_principal_deletion=Eliminar principal de certificado SSH
 ssh_key_deletion_desc=Eliminando una clave SSH se revoca su acceso a su cuenta. ¿Continuar?
 gpg_key_deletion_desc=Eliminando una clave GPG se des-verifican los commits firmados con ella. ¿Continuar?
@@ -2365,7 +2365,7 @@ settings.matrix.room_id=ID de sala
 settings.matrix.message_type=Tipo de mensaje
 settings.archive.button=Archivar repositorio
 settings.archive.header=Archivar este repositorio
-settings.archive.text=Archivar el repositorio lo hará de sólo lectura. Se ocultará del tablero. Nadie (¡ni siquiera tú!) será capaz de hacer nuevas confirmaciones, o abrir nuevas incidencias o solicitudes de incorporación de cambios.
+settings.archive.text=Archivar el repositorio lo hará de sólo lectura. Se ocultará del tablero. Nadie (¡ni siquiera tú!) será capaz de hacer nuevas confirmaciones, o abrir nuevas incidencias o solicitudes de incorporación de cambios. Se recomienda documentar el motivo del archivado para orientar a futuros desarrolladores que planeen bifurcar el repositorio.
 settings.archive.success=El repositorio ha sido archivado exitosamente.
 settings.archive.error=Ha ocurrido un error al intentar archivar el repositorio. Vea el registro para más detalles.
 settings.archive.error_ismirror=No puede archivar un repositorio replicado.
@@ -2742,6 +2742,7 @@ settings.enforce_on_admins = Aplicar esta regla para los administradores del rep
 settings.matrix.access_token_helper = Se recomienda configurar una cuenta de Matrix dedicada para esto. El token de acceso puede ser obtenido desde el cliente web Element (en una pestaña privada/incógnito) > Menú de usuario (arriba izquierda) > Todos los ajustes > Ayuda & Acerca de > Avanzado > Token de acceso (a la derecha, debajo de URL del servidor). Cierra la pestaña privada/incógnito (desconectarse invalidaría el token).
 settings.archive.mirrors_unavailable = Los espejos no están disponibles en repos archivados.
 release.summary_card_alt = Tarjeta de resumen de una release titulada "%s" en el repositorio %s
+settings.matrix.room_id_helper = El ID de Sala puede ser obtenido desde el cliente web Element > Ajustes de Sala > Avanzado > ID de sala interna. Ejemplo: %s.
 
 [graphs]
 component_loading = Cargando %s…
@@ -2789,7 +2790,7 @@ settings.permission=Permisos
 settings.repoadminchangeteam=El administrador del repositorio puede añadir y eliminar el acceso a equipos
 settings.visibility=Visibilidad
 settings.visibility.public=Público
-settings.visibility.limited=Limitado (visible solo para usuarios autenticados)
+settings.visibility.limited=Limitado (visible solo para usuarios accedidos)
 settings.visibility.limited_shortname=Limitado
 settings.visibility.private=Privado (Visible sólo para miembros de la organización)
 settings.visibility.private_shortname=Privado
@@ -2968,7 +2969,7 @@ dashboard.update_checker=Buscador de actualizaciones
 dashboard.delete_old_system_notices=Borrar todos los avisos antiguos del sistema de la base de datos
 dashboard.gc_lfs=Recoger basura meta-objetos LFS
 dashboard.stop_zombie_tasks=Detener tareas zombie
-dashboard.stop_endless_tasks=Detener tareas interminables
+dashboard.stop_endless_tasks=Detiene tareas de acciones interminables
 dashboard.cancel_abandoned_jobs=Cancelar trabajos abandonados
 dashboard.start_schedule_tasks=Iniciar tareas programadas
 dashboard.sync_branch.started=Inició la sincronización de ramas
@@ -3098,16 +3099,16 @@ auths.host=Servidor
 auths.port=Puerto
 auths.bind_dn=Bind DN
 auths.bind_password=Contraseña Bind
-auths.user_base=Base de búsqueda de usuarios
+auths.user_base=Base de búsqueda del usuario
 auths.user_dn=DN de Usuario
 auths.attribute_username=Atributo nombre de usuario
 auths.attribute_username_placeholder=Dejar vacío para usar el nombre de usuario introducido en Forgejo.
 auths.attribute_name=Atributo nombre
 auths.attribute_surname=Atributo apellido
-auths.attribute_mail=Atributo correo electrónico
-auths.attribute_ssh_public_key=Atributo Clave Pública SSH
-auths.attribute_avatar=Atributo del avatar
-auths.attributes_in_bind=Obtener atributos en el contexto de Bind DN
+auths.attribute_mail=Atributo correo-e
+auths.attribute_ssh_public_key=Atributo clave pública SSH
+auths.attribute_avatar=Atributo avatar
+auths.attributes_in_bind=Obtiene atributos en el contexto de bind DN
 auths.allow_deactivate_all=Permitir un resultado de búsqueda vacío para desactivar todos los usuarios
 auths.use_paged_search=Usar búsqueda paginada
 auths.search_page_size=Tamaño de página
@@ -3195,19 +3196,19 @@ config.app_name=Título de la instancia
 config.app_ver=Versión de Forgejo
 config.app_url=URL base
 config.custom_conf=Ruta del fichero de configuración
-config.custom_file_root_path=Ruta raíz de los archivos personalizada
-config.domain=Dominio del Servidor
-config.offline_mode=Modo offline
-config.disable_router_log=Deshabilitar Log del Router
-config.run_user=Ejecutar como usuario
+config.custom_file_root_path=Ruta raíz del archivo personalizado
+config.domain=Dominio del servidor
+config.offline_mode=Modo local
+config.disable_router_log=Inhabilitar bitácora de enrutado
+config.run_user=Usuario a ejecutar como
 config.run_mode=Modo de ejecución
 config.git_version=Versión de Git
-config.app_data_path=Ruta de datos de Forgejo
-config.repo_root_path=Ruta del Repositorio
+config.app_data_path=Ruta de datos de App
+config.repo_root_path=Ruta del repositorio raíz
 config.lfs_root_path=Ruta raíz de LFS
-config.log_file_root_path=Ruta de ficheros de registro
-config.script_type=Tipo de Script
-config.reverse_auth_user=Autenticación Inversa de Usuario
+config.log_file_root_path=Ruta bitácora
+config.script_type=Tipo de guion
+config.reverse_auth_user=Autenticación inversa de proxy del usuario
 
 config.ssh_config=Configuración SSH
 config.ssh_enabled=Habilitado
@@ -3217,16 +3218,16 @@ config.ssh_port=Puerto
 config.ssh_listen_port=Puerto de escucha
 config.ssh_root_path=Ruta raíz
 config.ssh_key_test_path=Ruta de la clave de prueba
-config.ssh_keygen_path=Ruta del generador de claves ('ssh-keygen')
-config.ssh_minimum_key_size_check=Tamaño mínimo de la clave de verificación
+config.ssh_keygen_path=Ruta del generador de claves ("ssh-keygen")
+config.ssh_minimum_key_size_check=Comprobante de tamaño de clave mínimo
 config.ssh_minimum_key_sizes=Tamaños de clave mínimos
 
 config.lfs_config=Configuración LFS
 config.lfs_enabled=Habilitado
 config.lfs_content_path=Ruta de contenido LFS
-config.lfs_http_auth_expiry=Caducidad de la autentificación HTTP LFS
+config.lfs_http_auth_expiry=Caducidad de la autenticación HTTP LFS
 
-config.db_config=Configuración de la Base de Datos
+config.db_config=Configuración de base de datos
 config.db_type=Tipo
 config.db_host=Host
 config.db_name=Nombre
@@ -3236,99 +3237,99 @@ config.db_ssl_mode=SSL
 config.db_path=Ruta
 
 config.service_config=Configuración del servicio
-config.register_email_confirm=Requerir confirmación de correo electrónico para registrarse
-config.disable_register=Deshabilitar auto-registro
-config.allow_only_internal_registration=Permitir el registro solo desde Forgejo
-config.allow_only_external_registration=Permitir el registro únicamente a través de servicios externos
-config.enable_openid_signup=Habilitar el auto-registro con OpenID
-config.enable_openid_signin=Habilitar el inicio de sesión con OpenID
-config.show_registration_button=Mostrar Botón de Registro
-config.require_sign_in_view=Requerir inicio de sesión obligatorio para ver páginas
-config.mail_notify=Habilitar las notificaciones por correo electrónico
+config.register_email_confirm=Requerir confirmación de correo-e para registrarse
+config.disable_register=Inhabilitar auto-registro
+config.allow_only_internal_registration=Concede registro solo por medio de Forgejo
+config.allow_only_external_registration=Concede registro solo a través de servicios externos
+config.enable_openid_signup=Habilitar auto-registro con OpenID
+config.enable_openid_signin=Habilitar inicio de sesión con OpenID
+config.show_registration_button=Mostrar botón de registro
+config.require_sign_in_view=Requiere inicio de sesión para ver contenido
+config.mail_notify=Habilitar notificaciones por correo-e
 config.enable_captcha=Activar CAPTCHA
-config.active_code_lives=Habilitar Vida del Código
-config.reset_password_code_lives=Caducidad del código de recuperación de cuenta
-config.default_keep_email_private=Ocultar direcciones de correo electrónico por defecto
-config.default_allow_create_organization=Permitir la creación de organizaciones por defecto
+config.active_code_lives=Código de activación del tiempo de vida
+config.reset_password_code_lives=Código de recuperación del tiempo de vida
+config.default_keep_email_private=Ocultar direcciones de correo-e por defecto
+config.default_allow_create_organization=Concede la creación de organizaciones por defecto
 config.enable_timetracking=Habilitar seguimiento de tiempo
 config.default_enable_timetracking=Habilitar seguimiento de tiempo por defecto
 config.allow_dots_in_usernames = Permite utilizar puntos en los nombres de usuario. No tiene efecto sobre cuentas existentes.
 config.default_allow_only_contributors_to_track_time=Deje que solo los colaboradores hagan un seguimiento del tiempo
-config.no_reply_address=Dominio de correos electrónicos ocultos
-config.default_visibility_organization=Visibilidad por defecto para nuevas organizaciones
+config.no_reply_address=Dominio de correo-e ocultos
+config.default_visibility_organization=Visibilidad por defecto para organizaciones nuevas
 config.default_enable_dependencies=Habilitar dependencias de incidencias por defecto
 
 config.webhook_config=Configuración de Webhooks
-config.queue_length=Tamaño de Cola de Envío
-config.deliver_timeout=Timeout de Entrega
-config.skip_tls_verify=Saltar verificación TLS
+config.queue_length=Longitud de cola
+config.deliver_timeout=Vencimiento de entrega
+config.skip_tls_verify=Omitir verificación TLS
 
-config.mailer_config=Configuración del servidor de correo
+config.mailer_config=Configuración del cartero
 config.mailer_enabled=Activado
 config.mailer_enable_helo=Habilitar HELO
 config.mailer_name=Nombre
 config.mailer_protocol=Protocolo
-config.mailer_smtp_addr=Dirección SMTP
+config.mailer_smtp_addr=Hospedaje SMTP
 config.mailer_smtp_port=Puerto SMTP
 config.mailer_user=Usuario
 config.mailer_use_sendmail=Usar Sendmail
 config.mailer_sendmail_path=Ruta de Sendmail
 config.mailer_sendmail_args=Argumentos adicionales por Sendmail
-config.mailer_sendmail_timeout=Tiempo de espera de Sendmail
+config.mailer_sendmail_timeout=Vencimiento de Sendmail
 config.mailer_use_dummy=Dummy
 config.test_email_placeholder=Correo electrónico (ej. test@ejemplo.com)
-config.send_test_mail=Enviar prueba de correo
+config.send_test_mail=Enviar prueba de correo-e
 config.send_test_mail_submit=Enviar
-config.test_mail_failed=Fallo al enviar un correo electrónico de prueba a "%s": %v
-config.test_mail_sent=Se ha enviado un correo electrónico de prueba a "%s".
+config.test_mail_failed=Fallo al enviar una prueba de correo-e a «%s»: %v
+config.test_mail_sent=Se ha enviado un correo-e de prueba a «%s».
 
 config.oauth_config=Configuración OAuth
 config.oauth_enabled=Activado
 
-config.cache_config=Configuración de la Caché
-config.cache_adapter=Adaptador de la Caché
-config.cache_interval=Intervalo de la Caché
-config.cache_conn=Conexión de la Caché
-config.cache_item_ttl=Período de vida para elementos de caché
+config.cache_config=Configuración de caché
+config.cache_adapter=Adaptador de caché
+config.cache_interval=Intervalo de caché
+config.cache_conn=Conexión de caché
+config.cache_item_ttl=TTL de elemento caché
 
-config.session_config=Configuración de la Sesión
-config.session_provider=Proveedor de la Sesión
-config.provider_config=Configuración del Proveedor
-config.cookie_name=Nombre de la Cookie
-config.gc_interval_time=Intervalo de tiempo del GC
-config.session_life_time=Tiempo de Vida de la Sesión
-config.https_only=Sólo HTTPS
+config.session_config=Configuración de sesión
+config.session_provider=Proveedor de sesión
+config.provider_config=Configuración de proveedor
+config.cookie_name=Nombre de cookie
+config.gc_interval_time=Tiempo de intervalo GC
+config.session_life_time=Tiempo de vida de sesión
+config.https_only=Solo HTTPS
 config.cookie_life_time=Tiempo de Vida de la Cookie
 
 config.picture_config=Configuración de imagen y avatar
 config.picture_service=Servicio de Imágen
 config.disable_gravatar=Desactivar Gravatar
-config.enable_federated_avatar=Habilitar Avatares Federados
+config.enable_federated_avatar=Habilitar avatares federados
 
 config.git_config=Configuración de Git
-config.git_disable_diff_highlight=Desactivar resaltado de sintaxis del Diff
-config.git_max_diff_lines=Líneas de Diff máximas (por un solo archivo)
-config.git_max_diff_line_characters=Carácteres de Diff máximos (para una sola línea)
-config.git_max_diff_files=Máximo de archivos de Diff (que se mostrarán)
+config.git_disable_diff_highlight=Inhabilitar resaltado de diff de sintaxis
+config.git_max_diff_lines=Líneas de diff máximas por archivo
+config.git_max_diff_line_characters=Caracteres de diff máx por línea
+config.git_max_diff_files=Diff de archivos máxima mostrada
 config.git_gc_args=Argumentos de GC
-config.git_migrate_timeout=Tiempo de espera de migración
-config.git_mirror_timeout=Tiempo de espera de actualización de réplicas
-config.git_clone_timeout=Tiempo de espera de operación de clones
-config.git_pull_timeout=Tiempo de espera de operación de pull
-config.git_gc_timeout=Tiempo de espera de operación de GC
+config.git_migrate_timeout=Vencimiento de migración
+config.git_mirror_timeout=Vencimiento de actualización de réplica
+config.git_clone_timeout=Vencimiento de operación de clonado
+config.git_pull_timeout=Vencimiento de operación de pull
+config.git_gc_timeout=Vencimiento de operación de GC
 
-config.log_config=Configuración del Log
+config.log_config=Configuración de bitácora
 config.logger_name_fmt=Registro: %s
 config.disabled_logger=Desactivado
 config.access_log_mode=Modo de registro del Acceso
-config.access_log_template=Plantilla de registro de acceso
+config.access_log_template=Plantilla de bitácora de acceso
 config.xorm_log_sql=Registrar SQL
 
 config.set_setting_failed=Error al configurar %s
 
 monitor.stats=Estadísticas
 
-monitor.cron=Tareas de Cron
+monitor.cron=Tareas de cron
 monitor.name=Nombre
 monitor.schedule=Agenda
 monitor.next=Siguiente
@@ -3354,9 +3355,9 @@ monitor.queue.type=Tipo
 monitor.queue.exemplar=Ejemplo
 monitor.queue.numberworkers=Número de trabajadores
 monitor.queue.activeworkers=Trabajadores activos
-monitor.queue.maxnumberworkers=Número máximo de trabajadores
+monitor.queue.maxnumberworkers=Nº máx de trabajadores
 monitor.queue.numberinqueue=Número en cola
-monitor.queue.review_add=Revisar / Añadir Trabajadores
+monitor.queue.review_add=Revisar / Añadir trabajadores
 monitor.queue.settings.title=Ajustes del grupo
 monitor.queue.settings.desc=Los grupos de trabajadores crecen dinámicamente en respuesta al bloqueo de cola de sus trabajadores.
 monitor.queue.settings.maxnumberworkers=Número máximo de trabajadores
@@ -3367,10 +3368,10 @@ monitor.queue.settings.changed=Ajustes actualizados
 monitor.queue.settings.remove_all_items=Eliminar todo
 monitor.queue.settings.remove_all_items_done=Todos los elementos en la cola han sido eliminados.
 
-notices.system_notice_list=Notificaciones del Sistema
-notices.view_detail_header=Ver detalles de notificación
+notices.system_notice_list=Notificaciones del sistema
+notices.view_detail_header=Detalles de notificación
 notices.operations=Operaciones
-notices.select_all=Sleccionar todo
+notices.select_all=Seleccionar todo
 notices.deselect_all=Deseleccionar todo
 notices.inverse_selection=Selección inversa
 notices.delete_selected=Eliminar seleccionado
@@ -3412,6 +3413,7 @@ self_check.database_collation_mismatch = Se espera que la base de datos use inte
 self_check.database_collation_case_insensitive = La base de datos está usando intercalación %s, que es una intercalación insensible. Aunque Forgejo podría funcionar, puede darse algún caso extraño en el que no funcione como se espera.
 self_check.database_inconsistent_collation_columns = La base de datos está usando intercalación %s, pero estas columnas están usando intercalaciones desparejadas. Esto puede causar algunos problemas inesperados.
 self_check.database_fix_mysql = Para usuarios de MySQL/MariaDB, podrían usar el comando "forgejo doctor convert" para arreglar los problemas de intercalación, o también podrían arreglarlos utilizando consultas SQL manuales, como "ALTER ... COLLATE ...".
+config.cache_test_failed = Incorrecto al probar la caché: %v.
 
 
 [action]
@@ -3507,8 +3509,8 @@ runs.no_runs=El flujo de trabajo no tiene ejecuciones todavía.
 
 workflow.disable=Desactivar flujo de trabajo
 workflow.disable_success=Flujo de trabajo "%s" desactivado exitosamente.
-workflow.enable=Activar flujo de trabajo
-workflow.enable_success=Flujo de trabajo '%s' habilitado con éxito.
+workflow.enable=Habilitar flujo
+workflow.enable_success=Flujo «%s» habilitado correctamente.
 workflow.disabled=El flujo de trabajo está deshabilitado.
 
 need_approval_desc=Necesita aprobación para ejecutar flujos de trabajo para el pull request del fork.
@@ -3545,7 +3547,7 @@ runs.no_workflows.help_no_write_access = Para aprender sobre Forgejo Actions, v
 type-1.display_name=Proyecto individual
 type-2.display_name=Proyecto de repositorio
 type-3.display_name=Proyecto de organización
-deleted.display_name = Proyecto borrado
+deleted.display_name = Proyecto eliminado
 
 [git.filemode]
 changed_filemode=%[1]s → %[2]s
diff --git a/options/locale/locale_et.ini b/options/locale/locale_et.ini
index a18e593213..7bb17324b8 100644
--- a/options/locale/locale_et.ini
+++ b/options/locale/locale_et.ini
@@ -141,6 +141,7 @@ copy_path = Kopeeri asukoht
 captcha = Robotilõks
 unpin = Lõpeta esiletõstmine
 powered_by = Siin on kasutusel %s
+collaborative = Koostöö
 
 [search]
 search = Otsi…
@@ -189,7 +190,7 @@ buttons.heading.tooltip = Lisa pealkiri
 buttons.italic.tooltip = Lisa kaldkirjas tekst (Ctrl+I / ⌘I)
 buttons.quote.tooltip = Tsiteeri teksti
 buttons.code.tooltip = Lisa kood
-buttons.link.tooltip = Lisa link
+buttons.link.tooltip = Lisa link (Ctrl+K / ⌘K)
 buttons.list.ordered.tooltip = Lisa nummerdatud nimekiri
 buttons.list.unordered.tooltip = Lisa nimekiri
 buttons.list.task.tooltip = Lisa ülesannete nimekiri
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index 0e5fcc4e68..177970e7e3 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -7,7 +7,7 @@ sign_in=ورود
 sign_in_or=یا
 sign_out=خروج
 sign_up=ثبت نام
-link_account=پیوند به حساب
+link_account=پیوند به حساب‌کاربری
 register=ثبت نام
 version=نسخه
 powered_by=قدرت از %s
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index b741795e1a..8ac50b8437 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -2065,7 +2065,7 @@ settings.transfer_desc = Siirrä tämä tietovarasto käyttäjälle tai organisa
 settings.add_collaborator = Lisää avustaja
 settings.mirror_settings.push_mirror.none = Työntöpeilejä ei ole määritetty
 settings.collaborator_deletion_desc = Avustajan poistaminen peruuttaa hänen pääsynsä tähän tietovarastoon. Jatketaanko?
-settings.archive.text = Tietovaraston arkistointi asettaa sen pelkkään lukutilaan. Se piilotetaan kojelaudalta. Kukaan ei voi tehdä (et edes sinä) uusia kommitteja, tai avata ongelmia tai vetopyyntöjä.
+settings.archive.text = Tietovaraston arkistointi asettaa sen pelkkään lukutilaan. Se piilotetaan kojelaudalta. Kukaan ei voi tehdä (et edes sinä) uusia kommitteja, tai avata ongelmia tai vetopyyntöjä. Arkistoinnin syy on suositeltavaa kertoa, sillä kyseinen tieto auttaa tietovaraston haarauttamista harkitsevia kehittäjiä.
 settings.mirror_settings.docs = Määritä tietovarastosi synkronoimaan kommitit, tagit ja haarat automaattisesti toisen tietovaraston kanssa.
 settings.add_collaborator_duplicate = Avustaja on jo lisätty tähän tietovarastoon.
 settings.add_collaborator_blocked_them = Avustajaa ei voi lisätä, koska hän on estänyt tietovaraston omistajan.
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index c513bc9ca5..543d03baa9 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -873,7 +873,7 @@ delete_token=Supprimer
 access_token_deletion=Supprimer le jeton d'accès
 access_token_deletion_desc=Supprimer un jeton révoquera l'accès à votre compte pour toutes les applications l'utilisant. Cette action est irréversible. Continuer ?
 delete_token_success=Ce jeton a été supprimé. Les applications l'utilisant n'ont plus accès à votre compte.
-repo_and_org_access=Accès aux Organisations et Dépôts
+repo_and_org_access=Accès aux dépôts et organisations
 permissions_public_only=Publique uniquement
 permissions_access_all=Tout (public, privé et limité)
 select_permissions=Sélectionner les autorisations
diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini
index 297f110135..575609fffe 100644
--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@@ -7,7 +7,7 @@ sign_in=Masuk
 sign_in_or=atau
 sign_out=Keluar
 sign_up=Daftar
-link_account=Tautkan Akun
+link_account=Hubungkan akun
 register=Daftar
 version=Versi
 powered_by=Diberdayakan oleh %s
@@ -16,16 +16,16 @@ template=Contoh
 language=Bahasa
 notifications=Notifikasi
 create_new=Buat…
-user_profile_and_more=Profil dan Pengaturan…
+user_profile_and_more=Profil dan pengaturan…
 signed_in_as=Masuk sebagai
 toc=Daftar Isi
 
 username=Nama Pengguna
-email=Alamat Email
+email=Alamat email
 password=Kata Sandi
 captcha=CAPTCHA
-twofa=Otentikasi Dua Faktor
-twofa_scratch=Kode Awal Dua Faktor
+twofa=Autentikasi dua faktor
+twofa_scratch=Kode gores dua faktor
 passcode=Kode Akses
 
 
@@ -33,8 +33,8 @@ repository=Repositori
 organization=Organisasi
 mirror=Duplikat
 new_mirror=Duplikat Baru
-new_fork=Fork Repositori Baru
-admin_panel=Administrasi Situs
+new_fork=Garpu repositori baru
+admin_panel=Administrasi situs
 settings=Pengaturan
 your_profile=Profil
 your_starred=Dibintangi
@@ -47,16 +47,16 @@ collaborative=Kolaboratif
 forks=Garpu
 
 activities=Aktivitas
-pull_requests=Tarik Permintaan
+pull_requests=Permintaan tarik
 issues=Masalah
 milestones=Tonggak
 
 cancel=Batal
 save=Simpan
 add=Tambah
-add_all=Tambah Semua
+add_all=Tambahkan semua
 remove=Buang
-remove_all=Buang Semua
+remove_all=Hapus semua
 edit=Edit
 
 enabled=Aktif
@@ -111,7 +111,7 @@ copy_success = Tersalin!
 copy_error = Gagal menyalin
 copy_type_unsupported = Tipe berkas ini tidak dapat disalin
 error = Gangguan
-error404 = Halaman yang akan kamu akses <strong>tidak dapat ditemukan</strong> atau <strong>kamu tidak memiliki akses </strong> untuk melihatnya.
+error404 = Halaman yang Anda coba buka <strong>tidak ada</strong>, <strong>telah dihapus</strong>, atau <strong>Anda tidak berwenang</strong> untuk melihatnya.
 go_back = Kembali
 invalid_data = Data invalid: %v
 never = Tidak Pernah
@@ -135,32 +135,75 @@ filter.private = Pribadi
 logo = Logo
 sign_in_with_provider = Masuk menggunakan %s
 active_stopwatch = Pelacak Waktu Aktif
+tracked_time_summary = Ringkasan waktu terlacak berdasarkan filter daftar isu
+enable_javascript = Situs web ini memerlukan JavaScript.
+licenses = Lisensi
+return_to_forgejo = Kembali ke Forgejo
+toggle_menu = Alihkan menu
+more_items = Item lainnya
+access_token = Token akses
+new_repo.title = Repositori baru
+new_migrate.title = Migrasi baru
+new_org.title = Organisasi baru
+new_repo.link = Repositori baru
+new_migrate.link = Migrasi baru
+new_org.link = Organisasi baru
+copy_path = Salin jalur
+error413 = Kuota Anda telah habis.
+confirm_delete_artifact = Apakah Anda yakin ingin menghapus artefak "%s"?
+concept_user_organization = Organisasi
+show_timestamps = Tampilkan stempel waktu
+show_log_seconds = Tampilkan detik
+filter.clear = Hapus filter
+filter.is_fork = Garpu
+filter.not_fork = Bukan garpu
+filter.is_mirror = Cermin
+filter.not_mirror = Bukan cermin
+filter.is_template = Templat
+filter.not_template = Bukan templat
 
 [aria]
 navbar = Bar Navigasi
 footer = Footer
 footer.links = Tautan
+footer.software = Tentang perangkat lunak ini
 
 [heatmap]
 number_of_contributions_in_the_last_12_months = %s Kontribusi pada 12 bulan terakhir
 less = Lebih sedikit
 more = Lebih banyak
+contributions_zero = Tidak ada kontribusi
+contributions_format = {contributions} pada {month} {day}, {year}
+contributions_one = kontribusi
+contributions_few = kontribusi
 
 [editor]
 buttons.heading.tooltip = Tambahkan heading
-buttons.bold.tooltip = Tambahkan teks Tebal
-buttons.italic.tooltip = Tambahkan teks Miring
+buttons.bold.tooltip = Tambahkan teks tebal (Ctrl+B / ⌘B)
+buttons.italic.tooltip = Tambahkan teks miring (Ctrl+I / ⌘I)
 buttons.quote.tooltip = Kutip teks
 buttons.code.tooltip = Tambah Kode
-buttons.link.tooltip = Tambahkan tautan
+buttons.link.tooltip = Tambahkan tautan (Ctrl+K / ⌘K)
 buttons.list.unordered.tooltip = Tambah daftar titik
 buttons.list.ordered.tooltip = Tambah daftar angka
 buttons.list.task.tooltip = Tambahkan daftar tugas
 buttons.mention.tooltip = Tandai pengguna atau tim
-buttons.ref.tooltip = Merujuk pada isu atau permintaan tarik
+buttons.ref.tooltip = Merujuk pada issue atau permintaan tarik
 buttons.switch_to_legacy.tooltip = Gunakan editor versi lama
 buttons.enable_monospace_font = Aktifkan font monospace
 buttons.disable_monospace_font = Non-Aktifkan font monospace
+buttons.indent.tooltip = Indentasi item satu tingkat
+buttons.unindent.tooltip = Hapus indentasi item satu tingkat
+buttons.new_table.tooltip = Tambahkan tabel
+table_modal.header = Tambahkan tabel
+table_modal.placeholder.header = Kepala
+table_modal.placeholder.content = Konten
+table_modal.label.rows = Baris
+table_modal.label.columns = Kolom
+link_modal.header = Tambahkan tautan
+link_modal.url = URL
+link_modal.description = Deskripsi
+link_modal.paste_reminder = Petunjuk: Dengan URL di clipboard Anda, Anda dapat menempelkannya langsung ke editor untuk membuat tautan.
 
 [filter]
 string.asc = A - Z
@@ -169,6 +212,9 @@ string.desc = Z - A
 [error]
 occurred = Terjadi kesalahan
 not_found = Target tidak dapat ditemukan.
+report_message = Jika Anda yakin ini adalah bug Forgejo, silakan cari issue di <a href="%s" target="_blank">Codeberg</a> atau buka issue baru jika diperlukan.
+network_error = Kesalahan jaringan
+server_internal = Kesalahan server internal
 
 [startpage]
 app_desc=Sebuah layanan hosting Git sendiri yang tanpa kesulitan
@@ -178,9 +224,11 @@ lightweight=Ringan
 lightweight_desc=Forgejo hanya membutuhkan persyaratan minimal dan bisa berjalan pada Raspberry Pi yang murah. Bisa menghemat listrik!
 license=Sumber Terbuka
 license_desc=Go get (Dapatkan kode sumber dari) <a target="_blank" rel="noopener noreferrer" href="%[1]s">Forgejo</a>! Mari bergabung dengan <a target="_blank" rel="noopener noreferrer" href="%[2]s">berkontribusi</a> untuk membuat proyek ini lebih baik. Jangan malu untuk menjadi kontributor!
+install_desc = Cukup <a target="_blank" rel="noopener noreferrer" href="%s">jalankan biner</a> untuk platform Anda, kirimkan dengan <a target="_blank" rel="noopener noreferrer" href="%s">Docker</a>, atau dapatkan dalam bentuk <a target="_blank" rel="noopener noreferrer" href="%s">paket</a>.
+platform_desc = Forgejo telah dikonfirmasi berjalan pada sistem operasi bebas seperti Linux dan FreeBSD, serta berbagai arsitektur CPU. Pilih yang Anda sukai!
 
 [install]
-title=Konfigurasi Awal
+title=Konfigurasi awal
 host=Host
 password=Kata Sandi
 db_schema=Schema
@@ -191,54 +239,160 @@ repo_path=Jalur akar repositori
 
 smtp_addr=Host SMTP
 smtp_port=Port SMTP
-register_confirm=Perlu Konfirmasi Email Saat Pendaftaran
-mail_notify=Aktifkan Notifikasi Email
+register_confirm=Wajibkan konfirmasi email untuk mendaftar
+mail_notify=Aktifkan notifikasi email
 disable_gravatar=Menonaktifkan Gravatar
-federated_avatar_lookup=Aktifkan pencarian avatar
-openid_signin=Aktifkan Login OpenID
-require_sign_in_view=Harus Login Untuk Melihat Halaman
+federated_avatar_lookup=Aktifkan avatar federasi
+openid_signin=Aktifkan masuk OpenID
+require_sign_in_view=Wajibkan masuk untuk melihat konten instans
 admin_password=Kata Sandi
-admin_email=Alamat Email
+admin_email=Alamat email
 
 email_title = Pengaturan email
 smtp_from = Kirim Email Sebagai
+install = Instalasi
+docker_helper = Jika Anda menjalankan Forgejo di dalam Docker, harap baca <a target="_blank" rel="noopener noreferrer" href="%s">dokumentasi</a> sebelum mengubah pengaturan apa pun.
+require_db_desc = Forgejo memerlukan MySQL, PostgreSQL, SQLite3, atau TiDB (protokol MySQL).
+db_title = Pengaturan basis data
+db_type = Jenis basis data
+user = Nama pengguna
+db_name = Nama basis data
+db_schema_helper = Biarkan kosong untuk default basis data ("public").
+sqlite_helper = Jalur file untuk basis data SQLite3.<br>Masukkan jalur absolut jika Anda menjalankan Forgejo sebagai layanan.
+reinstall_error = Anda mencoba menginstal ke basis data Forgejo yang sudah ada
+reinstall_confirm_message = Menginstal ulang dengan basis data Forgejo yang sudah ada dapat menyebabkan berbagai masalah. Dalam kebanyakan kasus, Anda sebaiknya menggunakan "app.ini" yang sudah ada untuk menjalankan Forgejo. Jika Anda mengetahui apa yang Anda lakukan, konfirmasikan hal berikut:
+reinstall_confirm_check_1 = Data yang dienkripsi oleh SECRET_KEY di app.ini mungkin hilang: pengguna mungkin tidak dapat masuk dengan 2FA/OTP & cermin mungkin tidak berfungsi dengan benar. Dengan mencentang kotak ini, Anda mengonfirmasi bahwa file app.ini saat ini berisi SECRET_KEY yang benar.
+reinstall_confirm_check_2 = Repositori dan pengaturan mungkin perlu disinkronkan ulang. Dengan mencentang kotak ini, Anda mengonfirmasi bahwa Anda akan menyinkronkan ulang hook untuk repositori dan file authorized_keys secara manual. Anda mengonfirmasi bahwa Anda akan memastikan pengaturan repositori dan cermin sudah benar.
+reinstall_confirm_check_3 = Anda mengonfirmasi bahwa Anda benar-benar yakin bahwa Forgejo ini berjalan dengan lokasi app.ini yang benar dan bahwa Anda yakin harus menginstal ulang. Anda mengonfirmasi bahwa Anda mengakui risiko-risiko di atas.
+err_empty_db_path = Jalur basis data SQLite3 tidak boleh kosong.
+no_admin_and_disable_registration = Anda tidak dapat menonaktifkan registrasi mandiri pengguna tanpa membuat akun administrator.
+err_empty_admin_password = Kata sandi administrator tidak boleh kosong.
+err_empty_admin_email = Email administrator tidak boleh kosong.
+err_admin_name_is_reserved = Nama pengguna administrator tidak valid, nama pengguna sudah dicadangkan
+err_admin_name_pattern_not_allowed = Nama pengguna administrator tidak valid, nama pengguna cocok dengan pola yang dicadangkan
+err_admin_name_is_invalid = Nama pengguna administrator tidak valid
+general_title = Pengaturan umum
+app_name = Judul instans
+app_name_helper = Masukkan nama instans Anda di sini. Nama ini akan ditampilkan di setiap halaman.
+app_slogan = Slogan instans
+app_slogan_helper = Masukkan slogan instans Anda di sini. Biarkan kosong untuk menonaktifkan.
+repo_path_helper = Repositori Git jarak jauh akan disimpan ke direktori ini.
+lfs_path = Jalur akar Git LFS
+lfs_path_helper = File yang dilacak oleh Git LFS akan disimpan di direktori ini. Biarkan kosong untuk menonaktifkan.
+run_user = Pengguna yang menjalankan
+run_user_helper = Nama pengguna sistem operasi yang menjalankan Forgejo. Perhatikan bahwa pengguna ini harus memiliki akses ke jalur akar repositori.
+domain = Domain server
+domain_helper = Domain atau alamat host untuk server.
+ssh_port = Port server SSH
+ssh_port_helper = Nomor port yang akan digunakan oleh server SSH. Biarkan kosong untuk menonaktifkan server SSH.
+http_port = Port dengar HTTP
+http_port_helper = Nomor port yang akan digunakan oleh server web Forgejo.
+app_url = URL dasar
+app_url_helper = Alamat dasar untuk URL kloning HTTP(S) dan notifikasi email.
+log_root_path = Jalur log
+log_root_path_helper = File log akan ditulis ke direktori ini.
+optional_title = Pengaturan opsional
+smtp_from_invalid = Alamat "Kirim Email Sebagai" tidak valid
+smtp_from_helper = Alamat email yang akan digunakan Forgejo. Masukkan alamat email biasa atau gunakan format "Nama" <email@example.com>.
+mailer_user = Nama pengguna SMTP
+mailer_password = Kata sandi SMTP
+server_service_title = Pengaturan server dan layanan pihak ketiga
+offline_mode = Aktifkan mode lokal
+offline_mode.description = Nonaktifkan jaringan pengiriman konten pihak ketiga dan sajikan semua sumber daya secara lokal.
+disable_gravatar.description = Nonaktifkan penggunaan Gravatar atau sumber avatar pihak ketiga lainnya. Gambar default akan digunakan untuk avatar pengguna kecuali mereka mengunggah avatar sendiri ke instans.
+federated_avatar_lookup.description = Cari avatar menggunakan Libravatar.
+disable_registration = Nonaktifkan registrasi mandiri
+disable_registration.description = Hanya administrator instans yang dapat membuat akun pengguna baru. Sangat disarankan untuk menonaktifkan registrasi kecuali Anda berniat mengelola instans publik untuk semua orang dan siap menghadapi akun spam dalam jumlah besar.
+allow_only_external_registration = Izinkan registrasi hanya melalui layanan eksternal
+allow_only_external_registration.description = Pengguna hanya dapat membuat akun baru dengan menggunakan layanan eksternal yang dikonfigurasi.
+openid_signin.description = Izinkan pengguna masuk melalui OpenID.
+openid_signup = Aktifkan registrasi mandiri OpenID
+openid_signup.description = Izinkan pengguna membuat akun melalui OpenID jika registrasi mandiri diaktifkan.
+enable_captcha = Aktifkan CAPTCHA pendaftaran
+enable_captcha.description = Wajibkan pengguna melewati CAPTCHA untuk membuat akun.
+require_sign_in_view.description = Batasi akses konten hanya untuk pengguna yang sudah masuk. Tamu hanya dapat mengunjungi halaman autentikasi.
+default_keep_email_private = Sembunyikan alamat email secara default
+default_keep_email_private.description = Aktifkan penyembunyian alamat email untuk pengguna baru secara default agar informasi ini tidak bocor segera setelah mendaftar.
+default_allow_create_organization = Izinkan pembuatan organisasi secara default
+default_allow_create_organization.description = Izinkan pengguna baru membuat organisasi secara default. Jika opsi ini dinonaktifkan, admin harus memberikan izin pembuatan organisasi kepada pengguna baru.
+default_enable_timetracking = Aktifkan pelacakan waktu secara default
+default_enable_timetracking.description = Izinkan penggunaan fitur pelacakan waktu untuk repositori baru secara default.
+admin_title = Pengaturan akun administrator
+admin_setting.description = Pembuatan akun administrator bersifat opsional. Pengguna pertama yang mendaftar akan otomatis menjadi administrator.
+admin_name = Nama pengguna administrator
+confirm_password = Konfirmasi kata sandi
+config_location_hint = Opsi konfigurasi ini akan disimpan di:
+install_btn_confirm = Instal Forgejo
+test_git_failed = Tidak dapat menguji perintah "git": %v
+sqlite3_not_available = Versi Forgejo ini tidak mendukung SQLite3. Silakan unduh versi biner resmi dari %s (bukan versi "gobuild").
+invalid_db_setting = Pengaturan basis data tidak valid: %v
+invalid_db_table = Tabel basis data "%s" tidak valid: %v
+invalid_repo_path = Jalur akar repositori tidak valid: %v
+invalid_app_data_path = Jalur data aplikasi tidak valid: %v
+run_user_not_match = Nama pengguna "pengguna yang menjalankan" bukan nama pengguna saat ini: %s -> %s
+internal_token_failed = Gagal membuat token internal: %v
+save_config_failed = Gagal menyimpan konfigurasi: %v
+enable_update_checker_helper_forgejo = Ini akan memeriksa versi Forgejo baru secara berkala dengan memeriksa catatan DNS TXT di release.forgejo.org.
+invalid_admin_setting = Pengaturan akun administrator tidak valid: %v
+invalid_log_root_path = Jalur log tidak valid: %v
+no_reply_address = Domain email tersembunyi
+no_reply_address_helper = Nama domain untuk pengguna dengan alamat email tersembunyi. Misalnya, nama pengguna "joe" akan dicatat di Git sebagai "joe@noreply.example.org" jika domain email tersembunyi diatur ke "noreply.example.org".
+password_algorithm = Algoritma hash kata sandi
+invalid_password_algorithm = Algoritma hash kata sandi tidak valid
+password_algorithm_helper = Atur algoritma hash kata sandi. Algoritma memiliki persyaratan dan kekuatan yang berbeda. Algoritma argon2 cukup aman tetapi menggunakan banyak memori dan mungkin tidak cocok untuk sistem kecil.
+enable_update_checker = Aktifkan pemeriksa pembaruan
+env_config_keys = Konfigurasi Lingkungan
+env_config_keys_prompt = Variabel lingkungan berikut juga akan diterapkan ke file konfigurasi Anda:
 
 [home]
 uname_holder=Nama pengguna atau alamat surel
 switch_dashboard_context=Alihkan dasbor konteks
 my_repos=Repositori
-my_orgs=Organisasi Saya
+my_orgs=Organisasi
 view_home=Lihat %s
 show_private=Pribadi
 
 issues.in_your_repos=Dalam repositori anda
 
 show_archived = Diarsipkan
+filter = Filter lainnya
+filter_by_team_repositories = Filter berdasarkan repositori tim
+feed_of = Umpan dari "%s"
+show_both_archived_unarchived = Menampilkan arsip dan non-arsip
+show_only_archived = Hanya menampilkan yang diarsipkan
+show_only_unarchived = Hanya menampilkan yang tidak diarsipkan
+show_both_private_public = Menampilkan publik dan privat
+show_only_private = Hanya menampilkan yang privat
+show_only_public = Hanya menampilkan yang publik
 
 [explore]
 repos=Repositori
 users=Pengguna
 organizations=Organisasi
 code=Kode
+go_to = Pergi ke
+code_last_indexed_at = Terakhir diindeks %s
+relevant_repositories_tooltip = Repositori yang merupakan garpu atau yang tidak memiliki topik, ikon, dan deskripsi disembunyikan.
+relevant_repositories = Hanya repositori yang relevan yang ditampilkan, <a href="%s">tampilkan hasil tanpa filter</a>.
 
 [auth]
 create_new_account=Daftar akun
 disable_register_prompt=Maaf, pendaftaran telah dinonaktifkan. Silakan hubungi administrator situs.
 disable_register_mail=Konfirmasi lewat email untuk pengguna baru dimatikan.
-forgot_password_title=Lupa Kata Sandi
+forgot_password_title=Lupa kata sandi
 forgot_password=Lupa kata sandi?
-confirmation_mail_sent_prompt=Surel konfirmasi baru telah dikirim ke <b>%s</b>. Silakan periksa kotak masuk anda dalam %s ke depan untuk menyelesaikan proses pendaftaran.
+confirmation_mail_sent_prompt=Email konfirmasi baru telah dikirimkan ke <b>%s</b>. Untuk menyelesaikan proses pendaftaran, silakan periksa kotak masuk Anda dan ikuti tautan yang diberikan dalam %s ke depan. Jika email salah, Anda dapat masuk dan meminta email konfirmasi lain dikirimkan ke alamat yang berbeda.
 must_change_password=Perbarui kata sandi Anda
 allow_password_change=Wajibkan pengguna untuk mengganti kata sandi (disarankan)
-reset_password_mail_sent_prompt=Surel konfirmasi berhasil dikirim ke <b>%s</b>. Silahkan cek akun email Anda dalam %s jam untuk menyelesaikan proses pemulihan akun.
-active_your_account=Aktifkan Akun Anda
+reset_password_mail_sent_prompt=Email konfirmasi telah dikirimkan ke <b>%s</b>. Untuk menyelesaikan proses pemulihan akun, silakan periksa kotak masuk Anda dan ikuti tautan yang diberikan dalam %s ke depan.
+active_your_account=Aktifkan akun Anda
 account_activated=Akun telah diaktifkan
-prohibit_login=Dilarang Masuk
+prohibit_login=Akun ditangguhkan
 resent_limit_prompt=Anda telah meminta sebuah aktivasi surel beberapa saat lalu. Silakan tunggu 3 menit dan coba lagi.
 has_unconfirmed_mail=Hai %s, anda memiliki sebuah alamat surel yang belum dikonfirmasi (<b>%s</b>). Jika anda belum menerima surel konfirmasi atau perlu untuk mengirim ulang yang baru, silakan klik pada tombol di bawah.
 resend_mail=Klik di sini untuk mengirim ulang surel aktivasi anda
-send_reset_mail=Kirim Surel Pemulihan Akun
-reset_password=Pemulihan Akun
+send_reset_mail=Kirim email pemulihan
+reset_password=Pemulihan akun
 invalid_code=Kode konfirmasi Anda tidak valid atau sudah kadaluarsa.
 reset_password_helper=Pulihkan Akun
 password_too_short=Panjang kata sandi tidak boleh kurang dari %d karakter.
@@ -264,20 +418,110 @@ email_domain_blacklisted=Anda tidak dapat mendaftar dengan alamat email.
 authorize_application=Izinkan aplikasi
 authorize_redirect_notice=Anda akan dialihkan ke %s apabila Anda mengizinkan aplikasi ini.
 authorize_application_created_by=Aplikasi ini dibuat oleh %s.
-authorize_application_description=Jika Anda memberikan akses, itu akan bisa mengakses dan menulis semua informasi akun Anda, termasuk repositori pribadi dan organisasi.
+authorize_application_description=Jika Anda memberikan akses, layanan tersebut akan dapat mengakses dan menulis ke semua informasi akun Anda, termasuk repositori privat dan organisasi.
 authorize_title=Izinkan "%s" untuk mengakses akun Anda?
 authorization_failed=Otorisasi gagal
+manual_activation_only = Hubungi administrator situs Anda untuk menyelesaikan aktivasi.
+remember_me = Ingat perangkat ini
+hint_login = Sudah punya akun? <a href="%s">Masuk sekarang!</a>
+hint_register = Belum punya akun? <a href="%s">Daftar sekarang.</a>
+sign_up_button = Daftar sekarang.
+sign_up_successful = Akun berhasil dibuat. Selamat datang!
+prohibit_login_desc = Akun Anda telah ditangguhkan dari interaksi dengan instans ini. Hubungi administrator instans untuk mendapatkan kembali akses.
+change_unconfirmed_email_summary = Ubah alamat email tujuan pengiriman email aktivasi.
+change_unconfirmed_email = Jika Anda memberikan alamat email yang salah saat pendaftaran, Anda dapat mengubahnya di bawah ini, dan konfirmasi akan dikirimkan ke alamat baru.
+change_unconfirmed_email_error = Tidak dapat mengubah alamat email: %v
+invalid_code_forgot_password = Kode konfirmasi Anda tidak valid atau telah kedaluwarsa. Klik <a href="%s">di sini</a> untuk memulai sesi baru.
+invalid_password = Kata sandi Anda tidak cocok dengan kata sandi yang digunakan saat membuat akun.
+reset_password_wrong_user = Anda masuk sebagai %s, tetapi tautan pemulihan akun ini ditujukan untuk %s
+unauthorized_credentials = Kredensial salah atau telah kedaluwarsa. Coba ulang perintah Anda atau lihat %s untuk informasi lebih lanjut
+use_onetime_code = Gunakan kode sekali pakai
+oauth_signup_title = Selesaikan akun baru
+oauth.signin.error = Terjadi kesalahan saat memproses permintaan otorisasi. Jika kesalahan ini terus berlanjut, silakan hubungi administrator situs.
+oauth.signin.error.access_denied = Permintaan otorisasi ditolak.
+oauth.signin.error.temporarily_unavailable = Otorisasi gagal karena server autentikasi sedang tidak tersedia untuk sementara. Silakan coba lagi nanti.
+openid_signin_desc = Masukkan URI OpenID Anda. Misalnya: alice.openid.example.org atau [https://openid.example.org/alice](https://openid.example.org/alice).
+disable_forgot_password_mail = Pemulihan akun dinonaktifkan karena tidak ada email yang dikonfigurasi. Silakan hubungi administrator situs Anda.
+disable_forgot_password_mail_admin = Pemulihan akun hanya tersedia jika email telah dikonfigurasi. Silakan atur email untuk mengaktifkan pemulihan akun.
+authorization_failed_desc = Otorisasi gagal karena kami mendeteksi permintaan yang tidak valid. Silakan hubungi pengelola aplikasi yang coba Anda otorisasi.
+password_pwned = Kata sandi yang Anda pilih terdapat dalam <a target="_blank" rel="noopener noreferrer" href="%s">daftar kata sandi yang dicuri</a> yang sebelumnya terekspos dalam kebocoran data publik. Silakan coba lagi dengan kata sandi yang berbeda dan pertimbangkan untuk mengubah kata sandi ini di tempat lain juga.
+password_pwned_err = Tidak dapat menyelesaikan permintaan ke HaveIBeenPwned
+last_admin = Anda tidak dapat menghapus admin terakhir. Harus ada setidaknya satu admin.
+back_to_sign_in = Kembali ke Masuk
+sign_in_openid = Lanjutkan dengan OpenID
 
 [mail]
 activate_account=Silakan aktifkan akun anda
 
 activate_email=Verifikasi alamat surel anda
 
-register_notify=Selamat Datang di %s
+register_notify=Selamat datang di %s
 
 reset_password=Pulihkan akun Anda
 
 register_success=Pendaftaran berhasil
+view_it_on = Lihat di %s
+reply = atau balas email ini secara langsung
+link_not_working_do_paste = Tautan tidak berfungsi? Coba salin dan tempel ke bilah URL browser Anda.
+hi_user_x = Hai <b>%s</b>,
+activate_account.text_1 = Hai <b>%[1]s</b>, terima kasih telah mendaftar di %s!
+activate_account.text_2 = Silakan klik tautan berikut untuk mengaktifkan akun Anda dalam <b>%s</b>:
+activate_email.text = Silakan klik tautan berikut untuk memverifikasi alamat email Anda dalam <b>%s</b>:
+admin.new_user.subject = Pengguna baru %s baru saja mendaftar
+admin.new_user.user_info = Informasi pengguna
+admin.new_user.text = Silakan <a href="%s">klik di sini</a> untuk mengelola pengguna ini dari panel admin.
+register_notify.text_1 = ini adalah email konfirmasi pendaftaran Anda untuk %s!
+register_notify.text_2 = Anda dapat masuk ke akun Anda menggunakan nama pengguna: %s
+register_notify.text_3 = Jika orang lain yang membuat akun ini untuk Anda, Anda perlu <a href="%s">mengatur kata sandi</a> terlebih dahulu.
+reset_password.text = Jika ini adalah Anda, silakan klik tautan berikut untuk memulihkan akun Anda dalam <b>%s</b>:
+password_change.subject = Kata sandi Anda telah diubah
+password_change.text_1 = Kata sandi untuk akun Anda baru saja diubah.
+primary_mail_change.subject = Email utama Anda telah diubah
+primary_mail_change.text_1 = Email utama akun Anda baru saja diubah ke %[1]s. Ini berarti alamat email ini tidak akan lagi menerima notifikasi email untuk akun Anda.
+totp_disabled.subject = TOTP telah dinonaktifkan
+totp_disabled.text_1 = Kata sandi sekali pakai berbasis waktu (TOTP) pada akun Anda baru saja dinonaktifkan.
+totp_disabled.no_2fa = Tidak ada metode 2FA lain yang dikonfigurasi lagi, artinya tidak lagi diperlukan untuk masuk ke akun Anda dengan 2FA.
+removed_security_key.subject = Kunci keamanan telah dihapus
+removed_security_key.text_1 = Kunci keamanan "%[1]s" baru saja dihapus dari akun Anda.
+removed_security_key.no_2fa = Tidak ada metode 2FA lain yang dikonfigurasi lagi, artinya tidak lagi diperlukan untuk masuk ke akun Anda dengan 2FA.
+account_security_caution.text_1 = Jika ini adalah tindakan Anda, Anda dapat mengabaikan email ini.
+account_security_caution.text_2 = Jika ini bukan tindakan Anda, akun Anda telah dibobol. Silakan hubungi admin situs ini.
+totp_enrolled.subject = Anda telah mengaktifkan TOTP sebagai metode 2FA
+totp_enrolled.text_1.no_webauthn = Anda baru saja mengaktifkan TOTP untuk akun Anda. Ini berarti untuk semua login mendatang ke akun Anda, Anda harus menggunakan TOTP sebagai metode 2FA.
+totp_enrolled.text_1.has_webauthn = Anda baru saja mengaktifkan TOTP untuk akun Anda. Ini berarti untuk semua login mendatang ke akun Anda, Anda dapat menggunakan TOTP sebagai metode 2FA atau menggunakan salah satu kunci keamanan Anda.
+issue_assigned.pull = @%[1]s menugaskan Anda ke permintaan tarik %[2]s di repositori %[3]s.
+issue_assigned.issue = @%[1]s menugaskan Anda ke issue %[2]s di repositori %[3]s.
+issue.x_mentioned_you = <b>@%s</b> menyebut Anda:
+issue.action.force_push = <b>%[1]s</b> melakukan force-push <b>%[2]s</b> dari %[3]s ke %[4]s.
+issue.action.push_1 = <b>@%[1]s</b> mendorong %[3]d commit ke %[2]s
+issue.action.push_n = <b>@%[1]s</b> mendorong %[3]d commit ke %[2]s
+issue.action.close = <b>@%[1]s</b> menutup #%[2]d.
+issue.action.reopen = <b>@%[1]s</b> membuka kembali #%[2]d.
+issue.action.merge = <b>@%[1]s</b> menggabungkan #%[2]d ke %[3]s.
+issue.action.approve = <b>@%[1]s</b> menyetujui permintaan tarik ini.
+issue.action.reject = <b>@%[1]s</b> meminta perubahan pada permintaan tarik ini.
+issue.action.review = <b>@%[1]s</b> mengomentari permintaan tarik ini.
+issue.action.review_dismissed = <b>@%[1]s</b> membatalkan ulasan terakhir dari %[2]s untuk permintaan tarik ini.
+issue.action.ready_for_review = <b>@%[1]s</b> menandai permintaan tarik ini siap untuk ditinjau.
+issue.action.new = <b>@%[1]s</b> membuat #%[2]d.
+issue.in_tree_path = Di %s:
+release.new.subject = %s di %s dirilis
+release.new.text = <b>@%[1]s</b> merilis %[2]s di %[3]s
+release.title = Judul: %s
+release.note = Catatan:
+release.downloads = Unduhan:
+release.download.zip = Kode Sumber (ZIP)
+release.download.targz = Kode Sumber (TAR.GZ)
+repo.transfer.subject_to = %s ingin mentransfer repositori "%s" ke %s
+repo.transfer.subject_to_you = %s ingin mentransfer repositori "%s" kepada Anda
+repo.transfer.to_you = Anda
+repo.transfer.body = Untuk menerima atau menolaknya, kunjungi %s atau abaikan saja.
+repo.collaborator.added.subject = %s menambahkan Anda ke %s sebagai kolaborator
+repo.collaborator.added.text = Anda telah ditambahkan sebagai kolaborator ke repositori:
+team_invite.subject = %[1]s mengundang Anda untuk bergabung dengan organisasi %[2]s
+team_invite.text_1 = %[1]s mengundang Anda untuk bergabung dengan tim %[2]s di organisasi %[3]s.
+team_invite.text_2 = Silakan klik tautan berikut untuk bergabung dengan tim:
+team_invite.text_3 = Catatan: Undangan ini ditujukan untuk %[1]s. Jika Anda tidak mengharapkan undangan ini, Anda dapat mengabaikan email ini.
 
 
 
@@ -290,6 +534,7 @@ yes=Ya
 no=Tidak
 cancel=Membatalkan
 modify=Perbarui
+confirm = Konfirmasi
 
 [form]
 UserName=Nama Pengguna
@@ -309,8 +554,8 @@ TreeName=Jalur berkas
 Content=Konten
 
 require_error=` tidak boleh kosong.`
-alpha_dash_error=` seharusnya hanya mengandung karakter alfanumerik, tanda pisah ('-'), dan tanda garis bawah ('_').`
-alpha_dash_dot_error=` seharusnya hanya mengandung karakter alfanumerik, tanda pisah ('-'), tanda garis bawah ('_'), dan titik ('.')`
+alpha_dash_error=` hanya boleh berisi karakter alfanumerik, tanda hubung ("-") dan garis bawah ("_").`
+alpha_dash_dot_error=` hanya boleh berisi karakter alfanumerik, tanda hubung ("-"), garis bawah ("_") dan titik (".").`
 git_ref_name_error=` harus berupa nama referensi Git yang baik dan benar.`
 size_error=` harus berukuran %s.`
 min_size_error=` harus berisi karakter %s setidaknya.`
@@ -349,19 +594,90 @@ auth_failed=Otentikasi gagal: %v
 
 
 target_branch_not_exist=Target cabang tidak ada.
+FullName = Nama lengkap
+Description = Deskripsi
+Pronouns = Kata ganti
+Biography = Biografi
+Website = Situs web
+Location = Lokasi
+Retype = Konfirmasi kata sandi
+To = Nama cabang
+AccessToken = Token akses
+url_error = `"%s" bukan URL yang valid.`
+include_error = ` harus mengandung substring "%s".`
+regex_pattern_error = ` pola regex tidak valid: %s.`
+username_error = ` hanya boleh berisi karakter alfanumerik ("0-9","a-z","A-Z"), tanda hubung ("-"), garis bawah ("_") dan titik ("."). Tidak boleh diawali atau diakhiri dengan karakter non-alfanumerik, dan karakter non-alfanumerik berurutan juga tidak diperbolehkan.`
+username_error_no_dots = ` hanya boleh berisi karakter alfanumerik ("0-9","a-z","A-Z"), tanda hubung ("-") dan garis bawah ("_"). Tidak boleh diawali atau diakhiri dengan karakter non-alfanumerik, dan karakter non-alfanumerik berurutan juga tidak diperbolehkan.`
+invalid_group_team_map_error = ` pemetaan tidak valid: %s`
+username_change_not_local_user = Pengguna non-lokal tidak diizinkan mengubah nama pengguna mereka.
+username_claiming_cooldown = Nama pengguna tidak dapat diklaim karena periode tenang belum berakhir. Dapat diklaim pada %[1]s.
+repository_force_private = Paksa Privat diaktifkan: repositori privat tidak dapat dijadikan publik.
+repository_files_already_exist = File sudah ada untuk repositori ini. Hubungi administrator sistem.
+repository_files_already_exist.adopt = File sudah ada untuk repositori ini dan hanya dapat Diadopsi.
+repository_files_already_exist.delete = File sudah ada untuk repositori ini. Anda harus menghapusnya.
+repository_files_already_exist.adopt_or_delete = File sudah ada untuk repositori ini. Adopsi atau hapus file tersebut.
+email_invalid = Alamat email tidak valid.
+email_domain_is_not_allowed = Domain alamat email pengguna <b>%s</b> bertentangan dengan EMAIL_DOMAIN_ALLOWLIST atau EMAIL_DOMAIN_BLOCKLIST. Pastikan Anda telah mengatur alamat email dengan benar.
+openid_been_used = Alamat OpenID "%s" sudah digunakan.
+enterred_invalid_org_name = Nama organisasi yang Anda masukkan tidak benar.
+unset_password = Pengguna yang masuk belum mengatur kata sandi.
+unsupported_login_type = Jenis login ini tidak mendukung penghapusan akun.
+last_org_owner = Anda tidak dapat menghapus pengguna terakhir dari tim "owners". Harus ada setidaknya satu pemilik untuk sebuah organisasi.
+duplicate_invite_to_team = Pengguna tersebut sudah diundang sebagai anggota tim.
+organization_leave_success = Anda telah berhasil keluar dari organisasi %s.
+invalid_ssh_principal = Principal tidak valid: %s
+must_use_public_key = Kunci yang Anda berikan adalah kunci privat. Jangan mengunggah kunci privat Anda ke mana pun. Gunakan kunci publik Anda sebagai gantinya.
+unable_verify_ssh_key = Tidak dapat memverifikasi kunci SSH, periksa kembali untuk kesalahan.
+still_own_repo = Akun Anda memiliki satu atau lebih repositori, hapus atau transfer terlebih dahulu.
+still_has_org = Akun Anda adalah anggota satu atau lebih organisasi, keluar terlebih dahulu.
+still_own_packages = Akun Anda memiliki satu atau lebih paket, hapus terlebih dahulu.
+org_still_own_repo = Organisasi ini masih memiliki satu atau lebih repositori, hapus atau transfer terlebih dahulu.
+org_still_own_packages = Organisasi ini masih memiliki satu atau lebih paket, hapus terlebih dahulu.
+admin_cannot_delete_self = Anda tidak dapat menghapus diri sendiri saat Anda adalah admin. Harap hapus hak admin Anda terlebih dahulu.
+required_prefix = Masukan harus dimulai dengan "%s"
 
 
 [user]
 change_avatar=Ganti avatar anda…
 repositories=Repositori
-activity=Aktivitas Publik
+activity=Aktivitas publik
 followers_few=%d pengikut
-starred=Repositori Terbintang
+starred=Repositori yang dibintangi
 overview=Tinjauan
 following_few=%d mengikuti
 follow=Ikuti
 unfollow=Berhenti Mengikuti
 user_bio=Biografi
+joined_on = Bergabung pada %s
+followers.title.one = Pengikut
+followers.title.few = Pengikut
+following.title.one = Mengikuti
+following.title.few = Mengikuti
+followers_one = %d pengikut
+following_one = %d mengikuti
+block_user = Blokir pengguna
+block_user.detail = Harap perhatikan bahwa memblokir pengguna memiliki efek lain, seperti:
+block_user.detail_1 = Anda akan berhenti saling mengikuti dan tidak akan dapat saling mengikuti.
+block_user.detail_2 = Pengguna ini tidak akan dapat berinteraksi dengan repositori yang Anda miliki, atau issue dan komentar yang telah Anda buat.
+block_user.detail_3 = Anda tidak akan dapat saling menambahkan sebagai kolaborator repositori.
+follow_blocked_user = Anda tidak dapat mengikuti pengguna ini karena Anda telah memblokir pengguna ini atau pengguna ini telah memblokir Anda.
+watched = Repositori yang dipantau
+code = Kode
+projects = Proyek
+block = Blokir
+unblock = Buka blokir
+email_visibility.limited = Alamat email Anda terlihat oleh semua pengguna yang terautentikasi
+show_on_map = Tampilkan tempat ini di peta
+settings = Pengaturan pengguna
+disabled_public_activity = Pengguna ini telah menonaktifkan visibilitas publik aktivitasnya.
+public_activity.visibility_hint.self_public = Aktivitas Anda terlihat oleh semua orang, kecuali interaksi di ruang privat. <a href="%s">Konfigurasi</a>.
+public_activity.visibility_hint.admin_public = Aktivitas ini terlihat oleh semua orang, tetapi sebagai administrator Anda juga dapat melihat interaksi di ruang privat.
+public_activity.visibility_hint.self_private = Aktivitas Anda hanya terlihat oleh Anda dan administrator instans. <a href="%s">Konfigurasi</a>.
+public_activity.visibility_hint.admin_private = Aktivitas ini terlihat oleh Anda karena Anda adalah administrator, tetapi pengguna menginginkannya tetap privat.
+public_activity.visibility_hint.self_private_profile = Aktivitas Anda hanya terlihat oleh Anda dan administrator instans karena profil Anda bersifat privat. <a href="%s">Konfigurasi</a>.
+form.name_reserved = Nama pengguna "%s" sudah dicadangkan.
+form.name_pattern_not_allowed = Pola "%s" tidak diperbolehkan dalam nama pengguna.
+form.name_chars_not_allowed = Nama pengguna "%s" mengandung karakter yang tidak valid.
 
 
 [settings]
@@ -375,16 +691,16 @@ applications=Aplikasi
 orgs=Organisasi
 repos=Repositori
 delete=Hapus akun
-twofa=Otentikasi Dua-Faktor
+twofa=Autentikasi dua faktor (TOTP)
 organization=Organisasi
 
 public_profile=Profil publik
 password_username_disabled=Pengguna non-lokal tidak diizinkan untuk mengubah nama pengguna mereka. Silakan hubungi administrator sistem anda untuk lebih lanjut.
-full_name=Nama Lengkap
+full_name=Nama lengkap
 website=Situs Web
 location=Lokasi
-update_theme=Perbarui Tema
-update_profile=Perbarui Profil
+update_theme=Ubah tema
+update_profile=Perbarui profil
 update_profile_success=Profil anda telah diperbarui.
 change_username=Nama pengguna Anda telah diganti.
 continue=Lanjutkan
@@ -393,51 +709,51 @@ language=Bahasa
 ui=Tema
 comment_type_group_title=Judul
 
-lookup_avatar_by_mail=Cari Avatar melalui Alamat Email
-enable_custom_avatar=Gunakan Avatar Pilihan
+lookup_avatar_by_mail=Cari avatar berdasarkan alamat email
+enable_custom_avatar=Gunakan avatar kustom
 choose_new_avatar=Pilih avatar baru
-update_avatar=Perbarui Avatar
-delete_current_avatar=Hapus Avatar Saat Ini
+update_avatar=Perbarui avatar
+delete_current_avatar=Hapus avatar saat ini
 uploaded_avatar_not_a_image=Berkas yang diunggah bukanlah gambar.
 update_avatar_success=Avatar Anda telah diperbarui.
 
 update_password=Perbarui kata sandi
-old_password=Kata Sandi Saat Ini
-new_password=Kata Sandi Baru
+old_password=Kata sandi saat ini
+new_password=Kata sandi baru
 password_incorrect=Kata sandi saat ini salah.
-change_password_success=Sandi Anda telah diperbarui. Mulai dari sekarang gunakan kata sandi yang baru.
+change_password_success=Kata sandi Anda telah diperbarui. Mulai sekarang, gunakan kata sandi baru Anda untuk masuk.
 password_change_disabled=Pengguna non-lokal tidak dapat mengganti kata sandi mereka melalui antarmuka web Forgejo.
 
-manage_emails=Kelola Alamat Surel
+manage_emails=Kelola alamat email
 manage_themes=Tema default
 manage_openid=Alamat OpenID
-theme_desc=Ini akan menjadi tema asal Anda pada keseluruhan situs.
+theme_desc=Tema ini akan digunakan untuk antarmuka web saat Anda masuk.
 primary=Utama
 activated=Diaktifkan
-primary_email=Buat Utama
+primary_email=Jadikan utama
 delete_email=Hapus
-email_deletion=Hapus Alamat Email
-email_deletion_desc=Alamat email dan informasi terkait akan dihapus dari akun. Git commit dengan alamat email ini akan tetap tidak berubah. Lanjutkan?
+email_deletion=Hapus alamat email
+email_deletion_desc=Alamat email ini dan informasi terkait akan dihapus dari akun Anda. Commit Git dengan alamat email ini akan tetap tidak berubah. Lanjutkan?
 email_deletion_success=Alamat email Anda telah dihapus.
 theme_update_success=Tema Anda diperbarui.
 theme_update_error=Thema yang dipilih tidak ada.
 openid_deletion=Hapus Alamat OpenID
 openid_deletion_desc=Menghapus alamat OpenID ini dari akun anda akan mencegah anda masuk dengan itu. Lanjutkan?
 openid_deletion_success=Alamat OpenID telah dihapus.
-add_new_email=Tambahkan alamat email baru
-add_new_openid=Tambahkan URI OpenID Baru
-add_email=Tambah Alamat Email
+add_new_email=Tambahkan alamat email
+add_new_openid=Tambahkan URI OpenID baru
+add_email=Tambahkan alamat email
 add_openid=Tambahkan bukaID URI baru
 add_email_success=Alamat surel telah ditambahkan.
 add_openid_success=Alamat OpenID telah ditambahkan.
-keep_email_private=Sembunyikan Alamat Surel
+keep_email_private=Sembunyikan alamat email
 openid_desc=OpenID memungkinkan anda melimpahkan autentikasi kepada penyedia eksternal.
 
-manage_ssh_keys=Mengelola Kunci SSH
-manage_gpg_keys=Mengelola Kunci GPG
-add_key=Tambahkan Kunci
-ssh_desc=Kunci publik SSH berikut terasosiasi dengan akun Anda. Kunci publik yang bersesuaian membolehkan akses penuh ke repositori Anda.
-gpg_desc=Kunci publik GPG berikut terasosiasi dengan akun Anda. Jaga kunci pribadi Anda aman oleh karena akan membolehkan komit untuk diverifikasi.
+manage_ssh_keys=Kelola kunci SSH
+manage_gpg_keys=Kelola kunci GPG
+add_key=Tambahkan kunci
+ssh_desc=Kunci SSH publik ini terkait dengan akun Anda. Kunci privat yang sesuai memungkinkan akses penuh ke repositori Anda. Kunci SSH yang telah diverifikasi dapat digunakan untuk memverifikasi commit Git yang ditandatangani dengan SSH.
+gpg_desc=Kunci GPG publik ini terkait dengan akun Anda dan digunakan untuk memverifikasi commit Anda. Jaga keamanan kunci privat Anda karena memungkinkan penandatanganan commit dengan identitas Anda.
 ssh_helper=<strong>Butuh bantuan?</strong> Lihatlah pada petunjuk GitHub untuk <a href="%s">menciptakan kunci SSH anda sendiri</a> atau pecahkan <a href="%s">permasalahan umum</a> yang mungkin anda hadapi menggunakan SSH.
 gpg_helper=<strong>Butuh bantuan?</strong> Lihatlah pada petunjuk GitHub <a href="%s">tentang GPG</a>.
 ssh_key_been_used=Kunci SSH ini telah ditambahkan ke peladen.
@@ -448,12 +764,12 @@ ssh_key_verify=Verifikasi
 ssh_token=Token
 subkeys=Subkunci
 key_id=ID Kunci
-key_name=Nama Kunci
+key_name=Nama kunci
 key_content=Konten
 principal_content=Konten
 delete_key=Hapus
-ssh_key_deletion=Hapus Kunci SSH
-gpg_key_deletion=Hapus Kunci GPG
+ssh_key_deletion=Hapus kunci SSH
+gpg_key_deletion=Hapus kunci GPG
 ssh_key_deletion_desc=Menghapus kunci SSH akan mencabut akses ke akun Anda. Lanjutkan?
 gpg_key_deletion_desc=Menghapus kunci GPG membatalkan verifikasi komit yang ditandatanganinya. Lanjutkan?
 ssh_key_deletion_success=Kunci SSH telah dihapus.
@@ -467,46 +783,46 @@ key_state_desc=Kunci ini telah digunakan 7 hari yang lalu
 token_state_desc=Token ini telah digunakan dalam 7 hari terakhir
 show_openid=Tampilkan pada profil
 hide_openid=Sembunyikan dari profil
-ssh_disabled=SSH Dimatikan
-manage_access_token=Kelola Token Akses
-generate_new_token=Hasilkan Token Baru
+ssh_disabled=SSH dinonaktifkan
+manage_access_token=Token akses
+generate_new_token=Buat token baru
 tokens_desc=Token berikut akan memberikan akses ke Akun Anda menggunakan API Forgejo.
-token_name=Nama Token
-generate_token=Hasilkan Token
+token_name=Nama token
+generate_token=Buat token
 generate_token_success=Token baru Anda telah dibuat. Salin sekarang oleh karena tidak akan ditampilkan lagi.
 delete_token=Hapus
-access_token_deletion=Hapus Token Akses
+access_token_deletion=Hapus token akses
 delete_token_success=Token telah dihapus. Aplikasi yang menggunakannya tidak lagi memiliki akses ke akun Anda.
 permission_read=Dibaca
 
-manage_oauth2_applications=Kelola Aplikasi OAuth2
+manage_oauth2_applications=Kelola aplikasi OAuth2
 edit_oauth2_application=Sunting Aplikasi OAuth2
 oauth2_applications_desc=Aplikasi OAuth2 memungkinkan aplikasi pihak ketiga Anda untuk autentikasi pengguna pada instans Forgejo ini dengan aman.
 remove_oauth2_application=Hapus Aplikasi OAuth2
 remove_oauth2_application_desc=Menghapus aplikasi OAuth2 akan mencabut akses ke semua token akses yang tertandatangani. Lanjutkan?
 remove_oauth2_application_success=Aplikasi telah dihapus.
 create_oauth2_application=Buat aplikasi OAuth2 baru
-create_oauth2_application_button=Buat Aplikasi
-oauth2_application_name=Nama Aplikasi
+create_oauth2_application_button=Buat aplikasi
+oauth2_application_name=Nama aplikasi
 save_application=Simpan
 oauth2_client_id=ID Klien
-oauth2_client_secret=Rahasia Klien
-oauth2_regenerate_secret=Buat Ulang Rahasia
+oauth2_client_secret=Rahasia klien
+oauth2_regenerate_secret=Buat ulang rahasia
 oauth2_regenerate_secret_hint=Anda kehilangan rahasia?
 oauth2_application_edit=Sunting
 oauth2_application_create_description=Aplikasi OAuth2 memberikan aplikasi pihak ketiga Anda akses akun pengguna pada instans ini.
 
-authorized_oauth2_applications=Aplikasi OAuth2 Terotorisasi
+authorized_oauth2_applications=Aplikasi OAuth2 yang diotorisasi
 revoke_key=Cabut
-revoke_oauth2_grant=Cabut Akses
+revoke_oauth2_grant=Cabut akses
 revoke_oauth2_grant_description=Mencabut akses untuk aplikasi pihak ketiga ini akan mencegahnya mengakses data Anda. Lanjutkan?
 
 twofa_desc=Autentikasi dua faktor menambah keamanan akun Anda.
 twofa_is_enrolled=Akun anda saat ini <strong>terdaftar</strong> dalam otentikasi dua-faktor.
 twofa_not_enrolled=Akun anda saat ini tidak terdaftar dalam otentikasi dua-faktor.
-twofa_disable=Matikan Autentikasi Dua Faktor
-twofa_scratch_token_regenerate=Buat Ulang Token Gosok
-twofa_enroll=Daftarkan ke Autentikasi Dua-Faktor
+twofa_disable=Nonaktifkan autentikasi dua faktor
+twofa_scratch_token_regenerate=Buat ulang kunci pemulihan sekali pakai
+twofa_enroll=Daftarkan autentikasi dua faktor
 twofa_disable_note=Anda bisa mematikan autentikasi dua-faktor bila diperlukan.
 twofa_disable_desc=Mematikan autentikasi dua-faktor akan membuat akun Anda kurang aman. Lanjutkan?
 regenerate_scratch_token_desc=Jika Anda salah tempatkan token gosok Anda atau sudah menggunakannya, Anda bisa setel ulang di sini.
@@ -516,58 +832,224 @@ or_enter_secret=Atau masukkan rahasia: %s
 passcode_invalid=Kode sandi salah. Coba lagi.
 
 
-manage_account_links=Kelola akun tertaut
+manage_account_links=Akun yang ditautkan
 manage_account_links_desc=Semua akun eksternal ini sementara tertaut dengan akun Forgejo Anda.
-link_account=Tautan Akun
-remove_account_link=Hapus Akun Tertaut
+link_account=Tautkan akun
+remove_account_link=Hapus akun yang ditautkan
 remove_account_link_desc=Menghapus akun tertaut akan membuat akun itu tidak bisa mengakses akun Forgejo Anda. Lanjutkan?
 remove_account_link_success=Akun tertaut sudah dihapus.
 
 
 orgs_none=Anda bukan anggota dari organisasi apapun.
 
-delete_account=Hapus Akun Anda
+delete_account=Hapus akun Anda
 delete_prompt=Langkah ini akan menghapus akun Anda secara permanen. <strong>Anda yakin?</strong>.
-confirm_delete_account=Konfirmasi Penghapusan
-delete_account_title=Hapus Akun Pengguna
+confirm_delete_account=Konfirmasi penghapusan
+delete_account_title=Hapus akun pengguna
 delete_account_desc=Apakah Anda yakin ingin menghapus secara permanen akun pengguna ini?
 
-email_notifications.enable=Aktifkan Pemberitahuan Surel
-email_notifications.disable=Nonaktifkan Email Notifikasi
-email_notifications.submit=Pasang Pengaturan Email
+email_notifications.enable=Aktifkan notifikasi email
+email_notifications.disable=Nonaktifkan notifikasi email
+email_notifications.submit=Atur preferensi email
 
 visibility.private=Pribadi
 
 visibility.public = Publik
+appearance = Tampilan
+webauthn = Autentikasi dua faktor (Kunci keamanan)
+blocked_users = Pengguna yang diblokir
+storage_overview = Ikhtisar penyimpanan
+quota = Kuota
+biography_placeholder = Ceritakan sedikit tentang diri Anda kepada orang lain! (Markdown didukung)
+location_placeholder = Bagikan perkiraan lokasi Anda kepada orang lain
+profile_desc = Tentang Anda
+pronouns = Kata ganti
+pronouns_unspecified = Tidak ditentukan
+update_language = Ubah bahasa
+update_language_not_found = Bahasa "%s" tidak tersedia.
+update_language_success = Bahasa telah diperbarui.
+change_username_prompt = Catatan: Mengubah nama pengguna Anda juga mengubah URL akun Anda.
+change_username_redirect_prompt = Nama pengguna lama akan melakukan pengalihan hingga seseorang mengklaimnya.
+change_username_redirect_prompt.with_cooldown.one = Nama pengguna lama akan tersedia untuk semua orang setelah periode tenang %[1]d hari. Anda masih dapat mengklaim ulang nama pengguna lama selama periode tenang.
+change_username_redirect_prompt.with_cooldown.few = Nama pengguna lama akan tersedia untuk semua orang setelah periode tenang %[1]d hari. Anda masih dapat mengklaim ulang nama pengguna lama selama periode tenang.
+language.title = Bahasa default
+language.description = Bahasa ini akan disimpan ke akun Anda dan digunakan sebagai default setelah Anda masuk.
+language.localization_project = Bantu kami menerjemahkan Forgejo ke dalam bahasa Anda! <a href="%s">Pelajari lebih lanjut</a>.
+hints = Petunjuk
+additional_repo_units_hint = Sarankan untuk mengaktifkan unit repositori tambahan
+additional_repo_units_hint_description = Tampilkan petunjuk "Aktifkan lebih banyak" untuk repositori yang tidak memiliki semua unit yang tersedia diaktifkan.
+update_hints = Perbarui petunjuk
+update_hints_success = Petunjuk telah diperbarui.
+hidden_comment_types = Jenis komentar tersembunyi
+hidden_comment_types_description = Jenis komentar yang dicentang di sini tidak akan ditampilkan di dalam halaman isu. Mencentang "Label" misalnya menghapus semua komentar "<user> menambahkan/menghapus <label>".
+hidden_comment_types.ref_tooltip = Komentar di mana issue ini direferensikan dari isu/komit/… lain
+hidden_comment_types.issue_ref_tooltip = Komentar di mana pengguna mengubah cabang/tag yang terkait dengan isu
+comment_type_group_reference = Referensi
+comment_type_group_label = Label
+comment_type_group_milestone = Tonggak pencapaian
+comment_type_group_assignee = Penugasan
+comment_type_group_branch = Cabang
+comment_type_group_time_tracking = Pelacakan waktu
+comment_type_group_deadline = Tenggat waktu
+comment_type_group_dependency = Ketergantungan
+comment_type_group_lock = Status kunci
+comment_type_group_review_request = Permintaan tinjauan
+comment_type_group_pull_request_push = Komit yang ditambahkan
+comment_type_group_project = Proyek
+comment_type_group_issue_ref = Referensi isu
+saved_successfully = Pengaturan Anda berhasil disimpan.
+privacy = Privasi
+keep_activity_private = Sembunyikan aktivitas dari halaman profil
+keep_activity_private.description = <a href="%s">Aktivitas publik</a> Anda hanya akan terlihat oleh Anda dan administrator instans.
+uploaded_avatar_is_too_big = Ukuran file yang diunggah (%d KiB) melebihi ukuran maksimum (%d KiB).
+update_user_avatar_success = Avatar pengguna telah diperbarui.
+change_password = Ubah kata sandi
+retype_new_password = Konfirmasi kata sandi baru
+email_desc = Alamat email utama Anda akan digunakan untuk notifikasi, pemulihan kata sandi, dan asalkan tidak disembunyikan, operasi Git berbasis web.
+requires_activation = Memerlukan aktivasi
+activate_email = Kirim aktivasi
+activations_pending = Aktivasi tertunda
+can_not_add_email_activations_pending = Ada aktivasi yang tertunda, coba lagi dalam beberapa menit jika Anda ingin menambahkan email baru.
+add_email_confirmation_sent = Email konfirmasi telah dikirimkan ke "%s". Untuk mengonfirmasi alamat email Anda, silakan periksa kotak masuk dan ikuti tautan yang diberikan dalam %s ke depan.
+email_preference_set_success = Preferensi email berhasil diatur.
+keep_email_private_popup = Alamat email tidak akan ditampilkan di halaman profil dan tidak akan menjadi default untuk commit yang dilakukan melalui antarmuka web, seperti unggahan file, pengeditan, dan commit penggabungan. Sebagai gantinya, alamat khusus %s dapat digunakan untuk menautkan commit ke akun pengguna. Opsi ini tidak akan memengaruhi commit yang sudah ada.
+keep_pronouns_private = Tampilkan kata ganti hanya kepada pengguna yang terautentikasi
+keep_pronouns_private.description = Ini akan menyembunyikan kata ganti Anda dari pengunjung yang belum masuk.
+manage_ssh_principals = Kelola Principal Sertifikat SSH
+principal_desc = Principal sertifikat SSH ini terkait dengan akun Anda dan memungkinkan akses penuh ke repositori Anda.
+key_content_ssh_placeholder = Dimulai dengan "ssh-ed25519", "ssh-rsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521", "sk-ecdsa-sha2-nistp256@openssh.com", atau "sk-ssh-ed25519@openssh.com"
+key_content_gpg_placeholder = Dimulai dengan "-----BEGIN PGP PUBLIC KEY BLOCK-----"
+add_new_principal = Tambahkan principal
+ssh_key_name_used = Kunci SSH dengan nama yang sama sudah ada di akun Anda.
+ssh_principal_been_used = Principal ini sudah ditambahkan ke server.
+gpg_no_key_email_found = Kunci GPG ini tidak cocok dengan alamat email aktif yang terkait dengan akun Anda. Kunci ini tetap dapat ditambahkan jika Anda menandatangani token yang diberikan.
+gpg_key_matched_identities = Identitas yang Cocok:
+gpg_key_matched_identities_long = Identitas yang tertanam dalam kunci ini cocok dengan alamat email aktif berikut untuk pengguna ini. Commit yang cocok dengan alamat email ini dapat diverifikasi dengan kunci ini.
+gpg_key_verified = Kunci terverifikasi
+gpg_key_verified_long = Kunci telah diverifikasi dengan token dan dapat digunakan untuk memverifikasi commit yang cocok dengan alamat email aktif mana pun untuk pengguna ini selain identitas yang cocok untuk kunci ini.
+gpg_invalid_token_signature = Kunci GPG, tanda tangan, dan token yang diberikan tidak cocok atau token sudah kedaluwarsa.
+gpg_token_required = Anda harus memberikan tanda tangan untuk token di bawah ini
+gpg_token_help = Anda dapat membuat tanda tangan menggunakan:
+gpg_token_signature = Tanda tangan GPG berformat armor
+key_signature_gpg_placeholder = Dimulai dengan "-----BEGIN PGP SIGNATURE-----"
+verify_gpg_key_success = Kunci GPG "%s" telah diverifikasi.
+ssh_key_verified = Kunci terverifikasi
+ssh_key_verified_long = Kunci telah diverifikasi dengan token dan dapat digunakan untuk memverifikasi commit yang cocok dengan alamat email aktif mana pun untuk pengguna ini.
+ssh_invalid_token_signature = Kunci SSH, tanda tangan, atau token yang diberikan tidak cocok atau token sudah kedaluwarsa.
+ssh_token_required = Anda harus memberikan tanda tangan untuk token di bawah ini
+ssh_token_help = Anda dapat membuat tanda tangan menggunakan:
+ssh_token_help_ssh_agent = atau, jika Anda menggunakan agen SSH (dengan variabel SSH_AUTH_SOCK yang telah diatur):
+ssh_token_signature = Tanda tangan SSH berformat armor
+key_signature_ssh_placeholder = Dimulai dengan "-----BEGIN SSH SIGNATURE-----"
+verify_ssh_key_success = Kunci SSH "%s" telah diverifikasi.
+add_key_success = Kunci SSH "%s" telah ditambahkan.
+add_gpg_key_success = Kunci GPG "%s" telah ditambahkan.
+add_principal_success = Principal sertifikat SSH "%s" telah ditambahkan.
+ssh_principal_deletion = Hapus Principal Sertifikat SSH
+ssh_principal_deletion_desc = Menghapus Principal Sertifikat SSH akan mencabut aksesnya ke akun Anda. Lanjutkan?
+ssh_principal_deletion_success = Principal telah dihapus.
+added_on = Ditambahkan pada %s
+valid_until_date = Berlaku hingga %s
+principal_state_desc = Principal ini telah digunakan dalam 7 hari terakhir
+ssh_signonly = SSH saat ini dinonaktifkan sehingga kunci-kunci ini hanya digunakan untuk verifikasi tanda tangan komit.
+ssh_externally_managed = Kunci SSH ini dikelola secara eksternal untuk pengguna ini
+generate_token_name_duplicate = <strong>%s</strong> sudah digunakan sebagai nama aplikasi. Harap gunakan nama baru.
+access_token_deletion_desc = Menghapus token akan mencabut akses ke akun Anda untuk aplikasi yang menggunakannya. Tindakan ini tidak dapat dibatalkan. Lanjutkan?
+regenerate_token = Buat ulang
+access_token_regeneration = Buat ulang token akses
+access_token_regeneration_desc = Membuat ulang token akan mencabut akses ke akun Anda untuk aplikasi yang menggunakannya. Tindakan ini tidak dapat dibatalkan. Lanjutkan?
+regenerate_token_success = Token telah dibuat ulang. Aplikasi yang menggunakannya tidak lagi memiliki akses ke akun Anda dan harus diperbarui dengan token baru.
+repo_and_org_access = Akses repositori dan organisasi
+permissions_public_only = Publik saja
+permissions_access_all = Semua (publik, privat, dan terbatas)
+select_permissions = Pilih izin
+permission_no_access = Tanpa akses
+permission_write = Baca dan tulis
+access_token_desc = Izin token yang dipilih membatasi otorisasi hanya pada rute <a href="%s" target="_blank">API</a> yang sesuai. Baca <a href="%s" target="_blank">dokumentasi</a> untuk informasi lebih lanjut.
+at_least_one_permission = Anda harus memilih setidaknya satu izin untuk membuat token
+permissions_list = Izin:
+create_oauth2_application_success = Anda telah berhasil membuat aplikasi OAuth2 baru.
+update_oauth2_application_success = Anda telah berhasil memperbarui aplikasi OAuth2.
+oauth2_confidential_client = Klien rahasia. Pilih untuk aplikasi yang menjaga kerahasiaan rahasia, seperti aplikasi web. Jangan pilih untuk aplikasi native termasuk aplikasi desktop dan mobile.
+oauth2_redirect_uris = URI pengalihan. Harap gunakan baris baru untuk setiap URI.
+oauth2_application_remove_description = Menghapus aplikasi OAuth2 akan mencegahnya mengakses akun pengguna yang diotorisasi pada instans ini. Lanjutkan?
+oauth2_application_locked = Forgejo mendaftarkan beberapa aplikasi OAuth2 saat startup jika diaktifkan dalam konfigurasi. Untuk mencegah perilaku yang tidak terduga, aplikasi-aplikasi ini tidak dapat diedit maupun dihapus. Silakan merujuk ke dokumentasi OAuth2 untuk informasi lebih lanjut.
+authorized_oauth2_applications_description = Anda telah memberikan akses ke akun Forgejo pribadi Anda kepada aplikasi pihak ketiga ini. Harap cabut akses untuk aplikasi yang tidak lagi digunakan.
+revoke_oauth2_grant_success = Akses berhasil dicabut.
+twofa_recovery_tip = Jika Anda kehilangan perangkat, Anda dapat menggunakan kunci pemulihan sekali pakai untuk mendapatkan kembali akses ke akun Anda.
+twofa_scratch_token_regenerated = Kunci pemulihan sekali pakai Anda sekarang adalah %s. Simpan di tempat yang aman, karena tidak akan ditampilkan lagi.
+then_enter_passcode = Dan masukkan kode sandi yang ditampilkan di aplikasi:
+twofa_enrolled = Akun Anda telah berhasil didaftarkan. Simpan kunci pemulihan sekali pakai Anda (%s) di tempat yang aman, karena tidak akan ditampilkan lagi.
+twofa_failed_get_secret = Gagal mendapatkan rahasia.
+webauthn_desc = Kunci keamanan adalah perangkat keras yang berisi kunci kriptografi. Kunci ini dapat digunakan untuk autentikasi dua faktor. Kunci keamanan harus mendukung standar <a rel="noreferrer" target="_blank" href="%s">WebAuthn Authenticator</a>.
+webauthn_register_key = Tambahkan kunci keamanan
+webauthn_nickname = Nama panggilan
+webauthn_delete_key = Hapus kunci keamanan
+webauthn_delete_key_desc = Jika Anda menghapus kunci keamanan, Anda tidak dapat lagi masuk dengannya. Lanjutkan?
+webauthn_key_loss_warning = Jika Anda kehilangan semua kunci keamanan, Anda akan kehilangan akses ke akun Anda.
+webauthn_alternative_tip = Anda mungkin ingin mengonfigurasi metode autentikasi tambahan.
+hooks.desc = Tambahkan webhook yang akan dipicu untuk <strong>semua repositori</strong> yang Anda miliki.
+repos_none = Anda tidak memiliki repositori apa pun.
+blocked_users_none = Tidak ada pengguna yang diblokir.
+delete_with_all_comments = Akun Anda berusia kurang dari %s. Untuk menghindari komentar hantu, semua komentar isu/PR akan dihapus bersamanya.
+email_notifications.onmention = Hanya email saat disebut
+email_notifications.andyourown = Dan notifikasi Anda sendiri
+visibility = Visibilitas pengguna
+visibility.public_tooltip = Terlihat oleh semua orang
+visibility.limited = Terbatas
+visibility.limited_tooltip = Hanya terlihat oleh pengguna yang sudah masuk
+visibility.private_tooltip = Hanya terlihat oleh anggota organisasi yang telah Anda ikuti
+blocked_since = Diblokir sejak %s
+user_unblock_success = Pengguna telah berhasil dibuka blokirnya.
+user_block_success = Pengguna telah berhasil diblokir.
+user_block_yourself = Anda tidak dapat memblokir diri sendiri.
+quota.applies_to_user = Aturan kuota berikut berlaku untuk akun Anda
+quota.applies_to_org = Aturan kuota berikut berlaku untuk organisasi ini
+quota.rule.exceeded = Terlampaui
+quota.rule.exceeded.helper = Total ukuran objek untuk aturan ini telah melampaui kuota.
+quota.rule.no_limit = Tidak terbatas
+quota.sizes.all = Semua
+quota.sizes.repos.all = Repositori
+quota.sizes.repos.public = Repositori publik
+quota.sizes.repos.private = Repositori privat
+quota.sizes.git.all = Konten Git
+quota.sizes.git.lfs = Git LFS
+quota.sizes.assets.all = Aset
+quota.sizes.assets.attachments.all = Lampiran
+quota.sizes.assets.attachments.issues = Lampiran isu
+quota.sizes.assets.attachments.releases = Lampiran rilis
+quota.sizes.assets.artifacts = Artefak
+quota.sizes.assets.packages.all = Paket
+quota.sizes.wiki = Wiki
 
 [repo]
 owner=Pemilik
-repo_name=Nama Repositori
+repo_name=Nama repositori
 repo_name_helper=Nama repositori yang baik menggunakan kata kunci yang pendek, unik, dan bisa diingat.
 repo_size=Ukuran Repositori
 template=Templat
-template_select=Pilih template.
+template_select=Pilih templat
 template_helper=Buat repositori menjadi templat
 template_description=Repositori template membolehkan pengguna membuat repositori baru dengan struktur direktori, berkas, dan pengaturan opsional yang sama.
 visibility=Jarak pandang
 visibility_description=Hanya pemilik, atau anggota dari organisasi ini yang punya akses, yang dapat melihatnya.
 visibility_helper_forced=Admin situs Anda memaksa repositori baru menjadi pribadi.
-visibility_fork_helper=(Mengubah hal ini akan mempengaruhi semua garpu.)
+visibility_fork_helper=(Mengubah ini akan memengaruhi visibilitas semua garpu.)
 clone_helper=Butuh bantuan kloning? Kunjungi <a target="_blank" rel="noopener noreferrer" href="%s">Bantuan</a>.
-fork_repo=Cabang Gudang penyimpanan
-fork_from=Cabang Dari
+fork_repo=Garpu repositori
+fork_from=Garpu dari
 generate_repo=Buat Repositori
 repo_desc=Deskripsi
 repo_lang=Bahasa
-issue_labels=Label Masalah
-issue_labels_helper=Pilih serangkaian label masalah.
+issue_labels=Label
+issue_labels_helper=Pilih kumpulan label
 license=Lisensi
-license_helper=Pilih berkas lisensi.
+license_helper=Pilih file lisensi
 readme=README
-readme_helper=Pilih templat berkas README.
-auto_init=Inisialisasi Repositori (tambahkan .gitignore, lisensi, dan README)
-create_repo=Buat Gudang penyimpanan
-default_branch=Cabang Default
+readme_helper=Pilih templat file README
+auto_init=Inisialisasi repositori
+create_repo=Buat repositori
+default_branch=Cabang default
 mirror_prune=Memangkas
 mirror_last_synced=Sinkronisasi Terakhir
 watchers=Pengamat
@@ -585,14 +1067,14 @@ desc.template=Contoh
 template.webhooks=Webhooks
 template.topics=Topik
 template.avatar=Avatar
-template.issue_labels=Label Masalah
+template.issue_labels=Label isu
 
-migrate_repo=Migrasi Repositori
+migrate_repo=Migrasi repositori
 migrate.permission_denied=Anda tidak diizinkan untuk mengimpor repositori lokal.
 migrate.failed=Migrasi gagal: %v
 migrated_from=Termigrasi dari <a href="%[1]s">%[2]s</a>
-migrated_from_fake=Termigrasi Dari %[1]s
-migrate.migrating=Memigrasi dari <b>%s</b> ...
+migrated_from_fake=Dimigrasi dari %s
+migrate.migrating=Migrasi dari <b>%s</b> …
 migrate.migrating_failed=Migrasi dari <b>%s</b> gagal.
 
 mirror_from=duplikat dari
@@ -607,8 +1089,8 @@ star=Bintang
 fork=Garpu
 download_archive=Unduh Repositori
 
-no_desc=Tidak ada Deskripsi
-quick_guide=Panduan Cepat
+no_desc=Tidak ada deskripsi
+quick_guide=Panduan cepat
 clone_this_repo=Klon repositori ini
 create_new_repo_command=Membuat repositori baru pada baris perintah
 push_exist_repo=Mendorong sebuah repositori yang ada di baris perintah
@@ -620,7 +1102,7 @@ filter_branch_and_tag=Filter cabang atau tag
 branches=Cabang
 tags=Tag
 issues=Masalah
-pulls=Tarik Permintaan
+pulls=Permintaan tarik
 labels=Label
 
 milestones=Tonggak
@@ -629,34 +1111,34 @@ commit=Memperbuat
 releases=Rilis
 file_raw=Mentah
 file_history=Riwayat
-file_view_raw=Lihat Mentah
+file_view_raw=Lihat mentah
 file_permalink=Permalink
 file_too_large=Berkas terlalu besar untuk ditampilkan.
 
 stored_lfs=Tersimpan dengan GIT LFS
-commit_graph=Grafik Komit
+commit_graph=Grafik komit
 blame=Salahkan
 normal_view=Pandangan Normal
 line=baris
 lines=baris
 
-editor.new_file=Berkas Baru
-editor.upload_file=Unggah Berkas
-editor.edit_file=Sunting Berkas
-editor.preview_changes=Tinjau Perubahan
+editor.new_file=File baru
+editor.upload_file=Unggah file
+editor.edit_file=Edit file
+editor.preview_changes=Pratinjau perubahan
 editor.cannot_edit_lfs_files=Berkas LFS tidak dapat disunting dalam antarmuka web.
 editor.cannot_edit_non_text_files=Berkas biner tidak dapat disunting dalam antarmuka web.
-editor.edit_this_file=Sunting Berkas
+editor.edit_this_file=Edit file
 editor.this_file_locked=Berkas terkunci
 editor.must_be_on_a_branch=Anda harus berada pada sebuah cabang untuk membuat atau mengusulkan perubahan pada berkas ini.
 editor.fork_before_edit=Anda harus mencabangkan repositori ini untuk membuat atau mengusulkan perubahan pada berkas ini.
-editor.delete_this_file=Hapus Berkas
+editor.delete_this_file=Hapus file
 editor.must_have_write_access=Anda harus punya akses tulis untuk membuat atau mengusulkan perubahan pada berkas ini.
 editor.name_your_file=Nama berkas…
-editor.filename_help=Tambahkan direktori dengan mengetikkan nama direktori diikuti dengan garis miring ('/'). Hapus direktori dengan mengetikkan spasi balik pada awal bidang input.
+editor.filename_help=Tambahkan direktori dengan mengetik namanya diikuti garis miring ("/"). Hapus direktori dengan menekan backspace di awal kolom input.
 editor.or=atau
 editor.cancel_lower=Batalkan
-editor.commit_changes=Perubahan komitmen
+editor.commit_changes=Komit perubahan
 editor.add_tmpl=Tambahkan '<%s>'
 editor.commit_message_desc=Tambahkan deskripsi opsional yang panjang…
 editor.commit_directly_to_this_branch=Komitmen langsung ke <strong class="%[2]s">%[1]s</strong> cabang.
@@ -680,26 +1162,26 @@ commits.signed_by=Ditandai oleh
 
 projects.description_placeholder=Deskripsi
 projects.title=Judul
-projects.template.desc=Contoh
+projects.template.desc=Templat
 projects.column.edit_title=Nama
 projects.column.new_title=Nama
 
-issues.new=Masalah Baru
+issues.new=Isu baru
 issues.new.labels=Label
-issues.new.no_label=Tidak ada Label
+issues.new.no_label=Tidak ada label
 issues.new.clear_labels=Label yang jelas
 issues.new.milestone=Tolak ukur waktu
-issues.new.no_milestone=Tidak Ada Milestone
+issues.new.no_milestone=Tidak ada tonggak pencapaian
 issues.new.clear_milestone=Bersihkan milestone
-issues.new.open_milestone=Buka Milestone
-issues.new.closed_milestone=Tutup Milestone
-issues.no_ref=Tidak Ada Cabang/Tag Ditentukan
-issues.create=Buat Masalah
-issues.new_label=Label Baru
+issues.new.open_milestone=Tonggak pencapaian terbuka
+issues.new.closed_milestone=Tonggak pencapaian tertutup
+issues.no_ref=Tidak ada Cabang/Tag yang ditentukan
+issues.create=Buat isu
+issues.new_label=Label baru
 issues.new_label_desc_placeholder=Deskripsi
-issues.create_label=Buat Label
+issues.create_label=Buat label
 issues.label_templates.title=Muat sebuah label yang telah ditentukan
-issues.label_templates.helper=Pilih set label
+issues.label_templates.helper=Pilih prasetel label
 issues.add_milestone_at=`telah menambahkan ini ke <b>%s</b> milestone %s`
 issues.change_milestone_at=`telah mengubah milestone dari <b>%s</b> ke <b>%s</b> %s`
 issues.remove_milestone_at=`telah menghapus ini dari <b>%s</b> milestone %s`
@@ -741,14 +1223,14 @@ issues.num_comments=%d komentar
 issues.commented_at=`komentar <a href="#%s">%s</a>`
 issues.delete_comment_confirm=Apakah anda yakin anda ingin menghapus komentar ini?
 issues.context.copy_link=Salin tautan
-issues.context.quote_reply=Kutip Balasan
+issues.context.quote_reply=Kutip balasan
 issues.context.edit=Sunting
 issues.context.delete=Hapus
-issues.close_comment_issue=Komentar dan Tutup
+issues.close_comment_issue=Tutup dengan komentar
 issues.reopen_issue=Buka kembali
-issues.reopen_comment_issue=Komentar dan Buka Kembali
+issues.reopen_comment_issue=Buka kembali dengan komentar
 issues.create_comment=Komentar
-issues.commit_ref_at=`merujuk masalah dari komit %s`
+issues.commit_ref_at=`mereferensikan issue ini dari commit %s`
 issues.role.owner=Pemilik
 issues.role.member=Anggota
 issues.sign_in_require_desc=<a href="%s">Masuk</a> untuk bergabung dengan percakapan ini.
@@ -777,16 +1259,16 @@ issues.add_time_history=`tambah menghabiskan waktu %s`
 issues.add_time_hours=Jam
 issues.add_time_minutes=Menit
 issues.due_date_form_edit=Edit
-issues.due_date_form_remove=Menghapus
+issues.due_date_form_remove=Hapus
 issues.dependency.cancel=Membatalkan
 issues.dependency.remove=Menghapus
 
 
-pulls.new=Permintaan Tarik Baru
-pulls.compare_changes=Permintaan Tarik Baru
+pulls.new=Permintaan tarik baru
+pulls.compare_changes=Permintaan tarik baru
 pulls.filter_branch=Penyaringan cabang
 pulls.no_results=Hasil tidak ditemukan.
-pulls.create=Buat Permintaan Tarik
+pulls.create=Buat permintaan tarik
 pulls.tab_conversation=Percakapan
 pulls.tab_commits=Melakukan
 pulls.reopen_to_merge=Tolong buka kembali permintaan tarik ini untuk melaksanakan penggabungan.
@@ -801,17 +1283,17 @@ pulls.can_auto_merge_desc=Permintaan tarik ini dapat digabung secara otomatis.
 
 
 
-milestones.new=Milestone Baru
+milestones.new=Tonggak pencapaian baru
 milestones.closed=Tertutup %s
 milestones.no_due_date=Tidak ada jatuh tempo
 milestones.open=Buka
 milestones.close=Tutup
-milestones.create=Buat Milestone
+milestones.create=Buat tonggak pencapaian
 milestones.title=Judul
 milestones.desc=Deskripsi
-milestones.due_date=Jatuh Tempo (opsional)
+milestones.due_date=Tenggat waktu (opsional)
 milestones.clear=Bersihkan
-milestones.edit=Ubah Milestone
+milestones.edit=Edit tonggak pencapaian
 milestones.cancel=Batal
 milestones.filter_sort.least_complete=Paling tidak lengkap
 milestones.filter_sort.most_complete=Paling lengkap
@@ -825,11 +1307,11 @@ wiki.page=Halaman
 wiki.filter_page=Halaman Penyaring
 wiki.new_page=Halaman
 wiki.default_commit_message=Tulis catatan mengenai pembaruan halaman ini (opsional).
-wiki.save_page=Simpan Halaman
+wiki.save_page=Simpan halaman
 wiki.last_commit_info=%s halaman ini diedit %s
 wiki.edit_page_button=Menyunting
-wiki.new_page_button=Halaman Baru
-wiki.delete_page_button=Hapus Halaman
+wiki.new_page_button=Halaman baru
+wiki.delete_page_button=Hapus halaman
 wiki.page_already_exists=Halaman wiki dengan nama yang sama telah ada.
 wiki.pages=Halaman
 wiki.last_updated=Pembaruan terakhir %s
@@ -842,32 +1324,32 @@ activity.period.weekly=1 minggu
 activity.period.monthly=1 bulan
 activity.period.yearly=1 tahun
 activity.overview=Tinjauan
-activity.merged_prs_count_1=Mengabungkan Permintaan Tarik
-activity.merged_prs_count_n=Menggabungkan permintaan tarik
-activity.opened_prs_count_1=Meminta tarik usulan
-activity.opened_prs_count_n=Meminta di tarik usulan
+activity.merged_prs_count_1=Permintaan tarik yang digabungkan
+activity.merged_prs_count_n=Permintaan tarik yang digabungkan
+activity.opened_prs_count_1=Permintaan tarik yang diajukan
+activity.opened_prs_count_n=Permintaan tarik yang diajukan
 activity.title.user_1=%d pengguna
 activity.title.user_n=%d pengguna
-activity.title.prs_1=%d Tarik permintaan
-activity.title.prs_n=%d Tarik permintaan
+activity.title.prs_1=%d permintaan tarik
+activity.title.prs_n=%d permintaan tarik
 activity.title.prs_merged_by=%s dibuat oleh %s
 activity.title.prs_opened_by=%s Dikemukakan oleh %s
 activity.merged_prs_label=Bergabung
 activity.opened_prs_label=Dikemukakan
-activity.closed_issues_count_1=Masalah tertutup
-activity.closed_issues_count_n=Masalah tertutup
-activity.title.issues_1=%d Masalah
-activity.title.issues_n=%d Masalah
+activity.closed_issues_count_1=Isu yang ditutup
+activity.closed_issues_count_n=Isu yang ditutup
+activity.title.issues_1=%d isu
+activity.title.issues_n=%d isu
 activity.title.issues_created_by=%s dibuat oleh %s
 activity.closed_issue_label=Tertutup
-activity.new_issues_count_1=Masalah Baru
-activity.new_issues_count_n=Masala baru
+activity.new_issues_count_1=Isu baru
+activity.new_issues_count_n=Isu baru
 activity.new_issue_label=Terbuka
 activity.unresolved_conv_label=Buka
-activity.title.releases_1=%d Rilis
-activity.title.releases_n=%d Rilis
+activity.title.releases_1=%d rilis
+activity.title.releases_n=%d rilis
 activity.title.releases_published_by=%s dikeluarkan oleh %s
-activity.published_release_label=Dikeluarkan
+activity.published_release_label=Rilis
 
 contributors.contribution_type.commits=Melakukan
 
@@ -879,37 +1361,37 @@ settings.collaboration.read=Baca
 settings.collaboration.owner=Pemilik
 settings.collaboration.undefined=Tidak terdefinisi
 settings.hooks=Webhooks
-settings.githooks=Git kait
-settings.basic_settings=Pengaturan Dasar
-settings.mirror_settings=Pengaturan Duplikat
+settings.githooks=Hook Git
+settings.basic_settings=Pengaturan dasar
+settings.mirror_settings=Pengaturan cermin
 
 settings.site=Situs web
-settings.update_settings=Perbarui Pengaturan
-settings.advanced_settings=Pengaturan Lanjutan
-settings.external_wiki_url=URL Eksternal Wiki
-settings.external_tracker_url=URL Pelacak Masalah Eksternal
-settings.tracker_url_format=Format URL pelacak edisi Eksternal
+settings.update_settings=Simpan pengaturan
+settings.advanced_settings=Pengaturan lanjutan
+settings.external_wiki_url=URL wiki eksternal
+settings.external_tracker_url=URL pelacak issue eksternal
+settings.tracker_url_format=Format URL pelacak issue eksternal
 settings.tracker_issue_style.numeric=Numerik
 settings.tracker_issue_style.alphanumeric=Alfhanumerik
-settings.danger_zone=Zona Bahaya
+settings.danger_zone=Zona berbahaya
 settings.new_owner_has_same_repo=Pemilik baru sudah memiliki repositori dengan nama yang sama. Silakan pilih nama lain.
 settings.transfer.title=Transfer Kepemilikan
-settings.transfer_owner=Pemilik Baru
-settings.delete=Menghapus Repositori Ini
+settings.transfer_owner=Pemilik baru
+settings.delete=Hapus repositori ini
 settings.delete_notices_1=- Operasi ini <strong>TIDAK BISA</strong> dibatalkan.
 settings.delete_collaborator=Menghapus
 settings.teams=Tim
-settings.add_webhook=Tambahkan Webhook
-settings.webhook.test_delivery=Percobaan Pengiriman
+settings.add_webhook=Tambah webhook
+settings.webhook.test_delivery=Uji pengiriman
 settings.webhook.request=Permintaan
 settings.webhook.response=Tanggapan
 settings.webhook.headers=Tajuk
 settings.webhook.payload=Konten
 settings.webhook.body=Tubuh
 settings.githook_edit_desc=Jika hook tidak aktif, konten sampel akan dipaparkan. Meninggalkan konten dengan nilai kosong akan menonaktifkan hook ini.
-settings.githook_name=Nama Hook
-settings.githook_content=Konten Hook
-settings.update_githook=Perbarui Hook
+settings.githook_name=Nama hook
+settings.githook_content=Konten hook
+settings.update_githook=Perbarui hook
 settings.secret=Rahasia
 settings.slack_username=Nama pengguna
 settings.slack_icon_url=Ikon URL
@@ -921,16 +1403,16 @@ settings.event_fork=Garpu
 settings.event_wiki=Wiki
 settings.event_push=Dorong
 settings.event_repository=Repositori
-settings.event_issues=Masalah
-settings.event_pull_request=Tarik permintaan
-settings.update_webhook=Perbarui Webhook
-settings.recent_deliveries=Pengiriman Terakhir
-settings.hook_type=Jenis Hook
+settings.event_issues=Modifikasi
+settings.event_pull_request=Modifikasi
+settings.update_webhook=Perbarui webhook
+settings.recent_deliveries=Pengiriman terbaru
+settings.hook_type=Jenis hook
 settings.slack_token=Token
 settings.slack_domain=Domain
 settings.slack_channel=Saluran
-settings.deploy_keys=Kunci Deploy
-settings.add_deploy_key=Tambahkan Kunci Deploy
+settings.deploy_keys=Kunci deploy
+settings.add_deploy_key=Tambah kunci deploy
 settings.title=Judul
 settings.deploy_key_content=Konten
 settings.branches=Cabang
@@ -938,30 +1420,30 @@ settings.protected_branch=Perlindungan cabang
 settings.choose_branch=Pilih branch…
 settings.edit_protected_branch=Edit
 
-diff.browse_source=Telusuri Sumber
+diff.browse_source=Jelajahi sumber
 diff.parent=orang tua
 diff.commit=melakukan
-diff.data_not_available=Konten Diff Tidak Tersedia
-diff.show_split_view=Tampilan split
-diff.show_unified_view=Pandangan Terpadu
+diff.data_not_available=Konten diff tidak tersedia
+diff.show_split_view=Tampilan terpisah
+diff.show_unified_view=Tampilan terpadu
 diff.stats_desc=<strong> %d mengubah file</strong> dengan <strong>%d tambahan</strong> dan <strong>%d penghapusan</strong>
 diff.bin=TEMPAT SAMPAH
-diff.view_file=Melihat File
+diff.view_file=Lihat file
 diff.file_byte_size=Ukuran
 diff.file_suppressed=File diff ditekan karena terlalu besar
 
 release.releases=Rilis
-release.new_release=Baru Rilis
+release.new_release=Rilis baru
 release.draft=Rancangan
-release.prerelease=Pra-Rilis
+release.prerelease=Pra-rilis
 release.stable=Stabil
-release.edit=edit
-release.source_code=Sumber kode
+release.edit=Edit
+release.source_code=Kode sumber
 release.tag_name=Tag nama
 release.target=Target
 release.cancel=Membatalkan
-release.publish=Mempublikasikan Rilis
-release.save_draft=Simpan Draft
+release.publish=Terbitkan rilis
+release.save_draft=Simpan draf
 release.deletion_success=Rilis ini telah dihapus.
 release.downloads=Unduhan
 
@@ -980,20 +1462,1291 @@ desc.archived = Diarsipkan
 commitstatus.error = Gangguan
 projects.new = Proyek Baru
 milestones.filter_sort.name = Nama
+rss.must_be_on_branch = Anda harus berada di cabang untuk memiliki umpan RSS.
+admin.manage_flags = Kelola tanda
+admin.enabled_flags = Tanda yang diaktifkan untuk repositori:
+admin.update_flags = Perbarui tanda
+admin.failed_to_replace_flags = Gagal mengganti tanda repositori
+admin.flags_replaced = Tanda repositori telah diganti
+new_repo_helper = Repositori berisi semua file proyek, termasuk riwayat revisi. Sudah mengelola di tempat lain? <a href="%s">Migrasi repositori</a>.
+new_from_template = Gunakan templat
+new_from_template_description = Anda dapat memilih templat repositori yang sudah ada di instans ini dan menerapkan pengaturannya.
+new_advanced = Pengaturan lanjutan
+new_advanced_expand = Klik untuk memperluas
+owner_helper = Beberapa organisasi mungkin tidak muncul di menu tarik-turun karena batas jumlah repositori maksimum.
+size_format = %s: %s, %s: %s
+visibility_helper = Jadikan repositori privat
+already_forked = Anda sudah menggarpu %s
+fork_to_different_account = Garpu ke akun yang berbeda
+fork_visibility_helper = Visibilitas repositori yang digarpu tidak dapat diubah.
+fork_branch = Cabang yang akan dikloning ke garpu
+all_branches = Semua cabang
+fork_no_valid_owners = Repositori ini tidak dapat digarpu karena tidak ada pemilik yang valid.
+use_template = Gunakan templat ini
+open_with_editor = Buka dengan %s
+download_zip = Unduh ZIP
+download_tar = Unduh TAR.GZ
+download_bundle = Unduh BUNDLE
+repo_desc_helper = Masukkan deskripsi singkat (opsional)
+repo_gitignore_helper = Pilih templat .gitignore
+repo_gitignore_helper_desc = Pilih file mana yang tidak akan dilacak dari daftar templat untuk bahasa pemrograman umum. Artefak umum yang dihasilkan oleh alat build setiap bahasa disertakan dalam .gitignore secara default.
+license_helper_desc = Lisensi mengatur apa yang boleh dan tidak boleh dilakukan orang lain dengan kode Anda. Tidak yakin mana yang tepat untuk proyek Anda? Lihat <a target="_blank" rel="noopener noreferrer" href="%s">Pilih lisensi</a>.
+object_format = Format objek
+object_format_helper = Format objek repositori. Tidak dapat diubah setelah dibuat. SHA1 paling kompatibel.
+readme_helper_desc = Di sinilah Anda dapat menulis deskripsi lengkap untuk proyek Anda.
+auto_init_description = Mulai riwayat Git dengan README dan secara opsional tambahkan file Lisensi dan .gitignore.
+default_branch_label = default
+default_branch_helper = Cabang default adalah cabang dasar untuk permintaan tarik dan commit kode.
+mirror_prune_desc = Hapus referensi pelacakan jarak jauh yang sudah usang
+mirror_interval = Interval cermin (satuan waktu yang valid adalah "h", "m", "s"). 0 untuk menonaktifkan sinkronisasi berkala. (Interval minimum: %s)
+mirror_interval_invalid = Interval cermin tidak valid.
+mirror_public_key = Kunci SSH publik
+mirror_use_ssh.text = Gunakan autentikasi SSH
+mirror_use_ssh.helper = Forgejo akan mencerminkan repositori melalui Git over SSH dan membuat pasangan kunci untuk Anda saat memilih opsi ini. Anda harus memastikan bahwa kunci publik yang dihasilkan diotorisasi untuk mendorong ke repositori tujuan. Anda tidak dapat menggunakan otorisasi berbasis kata sandi saat memilih ini.
+mirror_use_ssh.not_available = Autentikasi SSH tidak tersedia.
+mirror_denied_combination = Tidak dapat menggunakan autentikasi kunci publik dan berbasis kata sandi secara bersamaan.
+mirror_sync = disinkronkan
+mirror_sync_on_commit = Sinkronkan saat commit didorong
+mirror_address = Klon dari URL
+mirror_address_desc = Masukkan kredensial yang diperlukan di bagian Otorisasi.
+mirror_address_url_invalid = URL yang diberikan tidak valid. Pastikan komponen URL telah di-escape dengan benar.
+mirror_address_protocol_invalid = URL yang diberikan tidak valid. Hanya lokasi http(s):// atau git:// yang dapat digunakan untuk pencerminan.
+mirror_lfs = Penyimpanan File Besar (LFS)
+mirror_lfs_desc = Aktifkan pencerminan data LFS.
+mirror_lfs_endpoint = Titik akhir LFS
+mirror_lfs_endpoint_desc = Sinkronisasi akan mencoba menggunakan URL klon untuk <a target="_blank" rel="noopener noreferrer" href="%s">menentukan server LFS</a>. Anda juga dapat menentukan titik akhir kustom jika data LFS repositori disimpan di tempat lain.
+mirror_password_placeholder = (Tidak berubah)
+mirror_password_blank_placeholder = (Tidak diatur)
+mirror_password_help = Ubah nama pengguna untuk menghapus kata sandi yang tersimpan.
+stars_remove_warning = Ini akan menghapus semua bintang dari repositori ini.
+stars = Bintang
+language_other = Lainnya
+adopt_search = Masukkan nama pengguna untuk mencari repositori yang tidak diadopsi… (biarkan kosong untuk menemukan semua)
+adopt_preexisting_label = Adopsi file
+adopt_preexisting = Adopsi file yang sudah ada sebelumnya
+adopt_preexisting_content = Buat repositori dari %s
+adopt_preexisting_success = File diadopsi dan repositori dibuat dari %s
+delete_preexisting = Hapus file yang sudah ada sebelumnya
+delete_preexisting_content = Hapus file di %s
+delete_preexisting_success = File yang tidak diadopsi di %s telah dihapus
+blame_prior = Lihat blame sebelum perubahan ini
+blame.ignore_revs = Mengabaikan revisi di <a href="%s">.git-blame-ignore-revs</a>. Klik <a href="%s">di sini untuk melewati</a> dan lihat tampilan blame normal.
+blame.ignore_revs.failed = Gagal mengabaikan revisi di <a href="%s">.git-blame-ignore-revs</a>.
+author_search_tooltip = Menampilkan maksimum 30 pengguna
+summary_card_alt = Kartu ringkasan repositori %s
+tree_path_not_found.commit = Jalur %[1]s tidak ada di commit %[2]s
+tree_path_not_found.branch = Jalur %[1]s tidak ada di cabang %[2]s
+tree_path_not_found.tag = Jalur %[1]s tidak ada di tag %[2]s
+transfer.accept = Terima transfer
+transfer.accept_desc = Transfer ke "%s"
+transfer.reject = Tolak transfer
+transfer.reject_desc = Batalkan transfer ke "%s"
+transfer.no_permission_to_accept = Anda tidak memiliki izin untuk menerima transfer ini.
+transfer.no_permission_to_reject = Anda tidak memiliki izin untuk menolak transfer ini.
+desc.internal = Internal
+desc.sha256 = SHA256
+template.items = Item templat
+template.git_content = Konten Git (Cabang default)
+template.git_hooks = Hook Git
+template.git_hooks_tooltip = Anda saat ini tidak dapat mengubah atau menghapus hook Git setelah ditambahkan. Pilih ini hanya jika Anda mempercayai repositori templat.
+template.one_item = Harus memilih setidaknya satu item templat
+template.invalid = Harus memilih repositori templat
+archive.title = Repositori ini diarsipkan. Anda dapat melihat file dan mengklonnya, tetapi Anda tidak dapat membuat perubahan apa pun pada statusnya, seperti mendorong dan membuat issue baru, permintaan tarik, atau komentar.
+archive.title_date = Repositori ini diarsipkan pada %s. Anda dapat melihat file dan mengklonnya, tetapi Anda tidak dapat membuat perubahan apa pun pada statusnya, seperti mendorong dan membuat issue baru, permintaan tarik, atau komentar.
+archive.nocomment = Pemberian komentar tidak dapat dilakukan karena repositori diarsipkan.
+archive.pull.noreview = Repositori ini diarsipkan. Anda tidak dapat meninjau permintaan tarik.
+sync_fork.branch_behind_one = Cabang ini tertinggal %[1]d commit dari %[2]s
+sync_fork.branch_behind_few = Cabang ini tertinggal %d commit dari %s
+sync_fork.button = Sinkronkan
+form.reach_limit_of_creation_1 = Pemilik telah mencapai batas %d repositori.
+form.reach_limit_of_creation_n = Pemilik telah mencapai batas %d repositori.
+form.name_reserved = Nama repositori "%s" sudah dicadangkan.
+form.name_pattern_not_allowed = Pola "%s" tidak diperbolehkan dalam nama repositori.
+form.string_too_long = String yang diberikan lebih panjang dari %d karakter.
+need_auth = Otorisasi
+migrate_options = Opsi migrasi
+migrate_options_mirror_helper = Repositori ini akan menjadi cermin
+migrate_options_lfs = Migrasi file LFS
+migrate_options_lfs_endpoint.label = Titik akhir LFS
+migrate_options_lfs_endpoint.description = Migrasi akan mencoba menggunakan remote Git Anda untuk <a target="_blank" rel="noopener noreferrer" href="%s">menentukan server LFS</a>. Anda juga dapat menentukan titik akhir kustom jika data LFS repositori disimpan di tempat lain.
+migrate_options_lfs_endpoint.description.local = Jalur server lokal juga didukung.
+migrate_options_lfs_endpoint.placeholder = Jika dibiarkan kosong, titik akhir akan diturunkan dari URL klon
+migrate.repo_desc_helper = Biarkan kosong untuk mengimpor deskripsi yang sudah ada
+migrate.clone_address = Migrasi / Klon dari URL
+migrate.clone_address_desc = URL "klon" HTTP(S) atau Git dari repositori yang sudah ada
+migrate.github_token_desc = Anda dapat memasukkan satu atau lebih token di sini yang dipisahkan koma untuk mempercepat migrasi dengan menghindari batas laju API GitHub. PERINGATAN: Penyalahgunaan fitur ini dapat melanggar kebijakan penyedia layanan dan dapat menyebabkan akun Anda diblokir.
+migrate.clone_local_path = atau jalur server lokal
+migrate.permission_denied_blocked = Anda tidak dapat mengimpor dari host yang tidak diizinkan, harap minta admin untuk memeriksa pengaturan ALLOWED_DOMAINS/ALLOW_LOCALNETWORKS/BLOCKED_DOMAINS.
+migrate.invalid_local_path = Jalur lokal tidak valid. Jalur tidak ada atau bukan direktori.
+migrate.invalid_lfs_endpoint = Titik akhir LFS tidak valid.
+migrate.migrate_items_options = Token akses diperlukan untuk migrasi item tambahan
+migrate.migrate = Migrasi dari %s
+migrate.migrating_failed.error = Gagal migrasi: %s
+migrate.migrating_failed_no_addr = Migrasi gagal.
+watch_guest_user = Masuk untuk memantau repositori ini.
+star_guest_user = Masuk untuk membintangi repositori ini.
+subscribe.issue.guest.tooltip = Masuk untuk berlangganan issue ini.
+subscribe.pull.guest.tooltip = Masuk untuk berlangganan permintaan tarik ini.
+more_operations = Operasi lainnya
+cite_this_repo = Kutip repositori ini
+empty_message = Repositori ini tidak memiliki konten apa pun.
+broken_message = Data Git yang mendasari repositori ini tidak dapat dibaca. Hubungi administrator instans ini atau hapus repositori ini.
+code.desc = Akses kode sumber, file, komit, dan cabang.
+clear_ref = `Hapus referensi saat ini`
+find_tag = Temukan tag
+project = Proyek
+packages = Paket
+actions = Tindakan
+org_labels_desc = Label tingkat organisasi yang dapat digunakan dengan <strong>semua repositori</strong> di bawah organisasi ini
+org_labels_desc_manage = kelola
+released_this = merilis ini
+file.title = %s pada %s
+file_follow = Ikuti symlink
+file_view_source = Lihat sumber
+file_view_rendered = Lihat yang dirender
+invisible_runes_header = `File ini mengandung karakter Unicode tak terlihat`
+invisible_runes_description = `File ini mengandung karakter Unicode tak terlihat yang tidak dapat dibedakan oleh manusia tetapi mungkin diproses secara berbeda oleh komputer. Jika Anda rasa ini disengaja, Anda dapat mengabaikan peringatan ini. Gunakan tombol Escape untuk menampilkannya.`
+ambiguous_runes_header = `File ini mengandung karakter Unicode yang ambigu`
+ambiguous_runes_description = `File ini mengandung karakter Unicode yang mungkin tertukar dengan karakter lain. Jika Anda rasa ini disengaja, Anda dapat mengabaikan peringatan ini. Gunakan tombol Escape untuk menampilkannya.`
+invisible_runes_line = `Baris ini memiliki karakter Unicode tak terlihat`
+ambiguous_runes_line = `Baris ini memiliki karakter Unicode yang ambigu`
+ambiguous_character = `%[1]c [U+%04[1]X] dapat tertukar dengan %[2]c [U+%04[2]X]`
+escape_control_characters = Escape
+unescape_control_characters = Unescape
+file_copy_permalink = Salin tautan permanen
+view_git_blame = Lihat git blame
+video_not_supported_in_browser = Browser Anda tidak mendukung tag "video" HTML5.
+audio_not_supported_in_browser = Browser Anda tidak mendukung tag "audio" HTML5.
+symbolic_link = Tautan simbolis
+executable_file = File yang dapat dieksekusi
+vendored = Di-vendor
+generated = Dihasilkan
+commit_graph.select = Pilih cabang
+commit_graph.hide_pr_refs = Sembunyikan permintaan tarik
+commit_graph.monochrome = Mono
+commit_graph.color = Warna
+commit.contained_in = Komit ini terdapat di:
+commit.contained_in_default_branch = Komit ini adalah bagian dari cabang default
+commit.load_referencing_branches_and_tags = Muat cabang dan tag yang mereferensikan commit ini
+download_file = Unduh file
+from_comment = (komentar)
+no_eol.text = Tanpa EOL
+no_eol.tooltip = File ini tidak mengandung karakter akhir baris di bagian akhir.
+editor.add_file = Tambah file
+editor.file_delete_success = File "%s" telah dihapus.
+editor.commit_signed_changes = Komit perubahan yang ditandatangani
+editor.add_tmpl.filename = nama file
+editor.add = Tambah %s
+editor.update = Perbarui %s
+editor.delete = Hapus %s
+editor.patch = Terapkan patch
+editor.patching = Menerapkan patch:
+editor.fail_to_apply_patch = Tidak dapat menerapkan patch "%s"
+editor.new_patch = Patch baru
+editor.signoff_desc = Tambahkan trailer Signed-off-by oleh pembuat commit di akhir pesan log komit.
+editor.new_branch_name = Beri nama cabang baru untuk commit ini
+editor.filename_is_invalid = Nama file tidak valid: "%s".
+editor.invalid_commit_mail = Email tidak valid untuk membuat komit.
+editor.branch_does_not_exist = Cabang "%s" tidak ada di repositori ini.
+editor.branch_already_exists = Cabang "%s" sudah ada di repositori ini.
+editor.directory_is_a_file = Nama direktori "%s" sudah digunakan sebagai nama file di repositori ini.
+editor.file_is_a_symlink = `"%s" adalah tautan simbolis. Tautan simbolis tidak dapat diedit di editor web`
+editor.filename_is_a_directory = Nama file "%s" sudah digunakan sebagai nama direktori di repositori ini.
+editor.file_editing_no_longer_exists = File yang sedang diedit, "%s", tidak lagi ada di repositori ini.
+editor.file_deleting_no_longer_exists = File yang sedang dihapus, "%s", tidak lagi ada di repositori ini.
+editor.file_changed_while_editing = Konten file telah berubah sejak Anda membuka file. <a target="_blank" rel="noopener noreferrer" href="%s">Klik di sini</a> untuk melihatnya atau <strong>Komit perubahan lagi</strong> untuk menimpanya.
+editor.file_already_exists = File bernama "%s" sudah ada di repositori ini.
+editor.commit_id_not_matching = File berubah saat Anda sedang mengeditnya. Commit ke cabang baru lalu gabungkan.
+editor.push_out_of_date = Dorongan tampaknya sudah usang.
+editor.commit_empty_file_header = Komit file kosong
+editor.commit_empty_file_text = File yang akan Anda commit kosong. Lanjutkan?
+editor.fail_to_update_file = Gagal memperbarui/membuat file "%s".
+editor.fail_to_update_file_summary = Pesan kesalahan:
+editor.push_rejected_no_message = Perubahan ditolak oleh server tanpa pesan. Harap periksa hook Git.
+editor.push_rejected = Perubahan ditolak oleh server. Harap periksa hook Git.
+editor.push_rejected_summary = Pesan penolakan lengkap:
+editor.add_subdir = Tambah direktori…
+editor.unable_to_upload_files = Gagal mengunggah file ke "%s" dengan kesalahan: %v
+editor.upload_file_is_locked = File "%s" dikunci oleh %s.
+editor.upload_files_to_dir = Unggah file ke "%s"
+editor.cannot_commit_to_protected_branch = Tidak dapat melakukan commit ke cabang yang dilindungi "%s".
+editor.no_commit_to_branch = Tidak dapat melakukan commit langsung ke cabang karena:
+editor.user_no_push_to_branch = Pengguna tidak dapat mendorong ke cabang
+editor.require_signed_commit = Cabang memerlukan commit yang ditandatangani
+editor.cherry_pick = Cherry-pick %s ke:
+editor.revert = Revert %s ke:
+editor.commit_email = Email komit
+commits.no_commits = Tidak ada commit yang sama. "%s" dan "%s" memiliki riwayat yang sepenuhnya berbeda.
+commits.nothing_to_compare = Cabang-cabang ini sama.
+commits.search.tooltip = Anda dapat mengawali kata kunci dengan "author:", "committer:", "after:", atau "before:", misalnya "revert author:Alice before:2019-01-13".
+commits.search_branch = Cabang ini
+commits.search_all = Semua cabang
+commits.browse_further = Jelajahi lebih lanjut
+commits.renamed_from = Diubah nama dari %s
+commits.signed_by_untrusted_user = Ditandatangani oleh pengguna yang tidak dipercaya
+commits.signed_by_untrusted_user_unmatched = Ditandatangani oleh pengguna yang tidak dipercaya yang tidak cocok dengan pembuat komit
+commits.gpg_key_id = ID kunci GPG
+commits.ssh_key_fingerprint = Sidik jari kunci SSH
+commits.view_path = Lihat pada titik ini dalam riwayat
+commits.view_single_diff = Lihat perubahan pada file ini yang diperkenalkan dalam commit ini
+commit.operations = Operasi
+commit.revert = Revert
+commit.revert-header = Revert: %s
+commit.revert-content = Pilih cabang tujuan revert:
+commit.cherry-pick = Cherry-pick
+commit.cherry-pick-header = Cherry-pick: %s
+commit.cherry-pick-content = Pilih cabang tujuan cherry-pick:
+commitstatus.failure = Gagal
+commitstatus.pending = Tertunda
+commitstatus.success = Berhasil
+ext_issues = Isu eksternal
+projects = Proyek
+projects.description = Deskripsi (opsional)
+projects.create = Buat proyek
+projects.new_subheader = Koordinasikan, lacak, dan perbarui pekerjaan Anda di satu tempat, sehingga proyek tetap transparan dan sesuai jadwal.
+projects.create_success = Proyek "%s" telah dibuat.
+projects.deletion = Hapus proyek
+projects.deletion_desc = Menghapus proyek akan menghapusnya dari semua issue terkait. Lanjutkan?
+projects.deletion_success = Proyek telah dihapus.
+projects.edit = Edit proyek
+projects.edit_subheader = Proyek mengorganisasi issue dan melacak kemajuan.
+projects.modify = Edit proyek
+projects.edit_success = Proyek "%s" telah diperbarui.
+projects.type.none = Tidak ada
+projects.type.basic_kanban = Kanban dasar
+projects.type.bug_triage = Triase bug
+projects.template.desc_helper = Pilih templat proyek untuk memulai
+projects.column.edit = Edit kolom
+projects.column.new_submit = Buat kolom
+projects.column.new = Kolom baru
+projects.column.set_default = Jadikan default
+projects.column.set_default_desc = Jadikan kolom ini sebagai default untuk issue dan permintaan tarik yang tidak dikategorikan
+projects.column.delete = Hapus kolom
+projects.column.deletion_desc = Menghapus kolom proyek akan memindahkan semua issue terkait ke kolom default. Lanjutkan?
+projects.column.color = Warna
+projects.open = Buka
+projects.close = Tutup
+projects.column.assigned_to = Ditugaskan kepada
+projects.card_type.desc = Pratinjau kartu
+projects.card_type.images_and_text = Gambar dan teks
+projects.card_type.text_only = Teks saja
+issues.filter_assignees = Filter penugasan
+issues.filter_milestones = Filter tonggak pencapaian
+issues.filter_projects = Filter proyek
+issues.filter_labels = Filter label
+issues.filter_reviewers = Filter pengulas
+issues.filter_no_results = Tidak ada hasil
+issues.filter_no_results_placeholder = Coba sesuaikan filter pencarian Anda.
+issues.new.title_empty = Judul tidak boleh kosong
+issues.new.projects = Proyek
+issues.new.clear_projects = Hapus proyek
+issues.new.no_projects = Tidak ada proyek
+issues.new.open_projects = Proyek terbuka
+issues.new.closed_projects = Proyek tertutup
+issues.new.no_items = Tidak ada item
+issues.new.assignees = Penugasan
+issues.new.clear_assignees = Hapus penugasan
+issues.new.no_assignees = Tidak ada penugasan
+issues.new.assign_to_me = Tugaskan ke saya
+issues.new.no_reviewers = Tidak ada pengulas
+issues.edit.already_changed = Tidak dapat menyimpan perubahan pada isu. Tampaknya konten sudah diubah oleh pengguna lain. Harap segarkan halaman dan coba edit lagi untuk menghindari penimpaan perubahan mereka
+issues.choose.get_started = Mulai
+issues.choose.open_external_link = Buka
+issues.choose.blank = Default
+issues.choose.blank_about = Buat issue dari templat default.
+issues.choose.ignore_invalid_templates = Templat yang tidak valid telah diabaikan
+issues.choose.invalid_templates = %v templat tidak valid ditemukan
+issues.choose.invalid_config = Konfigurasi issue mengandung kesalahan:
+issues.new_label_placeholder = Nama label
+issues.label_templates.info = Belum ada label. Buat label dengan "Label baru" atau gunakan prasetel label:
+issues.label_templates.use = Gunakan prasetel label
+issues.label_templates.fail_to_load_file = Gagal memuat file templat label "%s": %v
+issues.add_label = menambahkan label %s %s
+issues.add_labels = menambahkan label %s %s
+issues.remove_label = menghapus label %s %s
+issues.remove_labels = menghapus label %s %s
+issues.add_remove_labels = menambahkan %s dan menghapus label %s %s
+issues.add_project_at = `menambahkan ini ke proyek <b>%s</b> %s`
+issues.change_project_at = `mengubah proyek dari <b>%s</b> menjadi <b>%s</b> %s`
+issues.remove_project_at = `menghapus ini dari proyek <b>%s</b> %s`
+issues.remove_assignee_at = `dibatalkan penugasannya oleh <b>%s</b> %s`
+issues.remove_self_assignment = `menghapus penugasan mereka %s`
+issues.change_title_at = `mengubah judul dari <b><strike>%s</strike></b> menjadi <b>%s</b> %s`
+issues.change_ref_at = `mengubah referensi dari <b><strike>%s</strike></b> menjadi <b>%s</b> %s`
+issues.remove_ref_at = `menghapus referensi <b>%s</b> %s`
+issues.add_ref_at = `menambahkan referensi <b>%s</b> %s`
+issues.filter_label_no_select = Semua label
+issues.filter_label_select_no_label = Tanpa label
+issues.filter_milestone_all = Semua tonggak pencapaian
+issues.filter_milestone_none = Tidak ada tonggak pencapaian
+issues.filter_milestone_open = Tonggak pencapaian terbuka
+issues.filter_milestone_closed = Tonggak pencapaian tertutup
+issues.filter_project = Proyek
+issues.filter_project_all = Semua proyek
+issues.filter_project_none = Tidak ada proyek
+issues.filter_assginee_no_select = Semua penugasan
+issues.filter_poster = Penulis
+issues.filter_poster_no_select = Semua penulis
+issues.filter_type.all_pull_requests = Semua permintaan tarik
+issues.filter_type.review_requested = Tinjauan diminta
+issues.filter_type.reviewed_by_you = Ditinjau oleh Anda
+issues.filter_sort.relevance = Relevansi
+issues.filter_sort.nearduedate = Tenggat waktu terdekat
+issues.filter_sort.farduedate = Tenggat waktu terjauh
+issues.filter_sort.moststars = Bintang terbanyak
+issues.filter_sort.feweststars = Bintang tersedikit
+issues.filter_sort.mostforks = Garpu terbanyak
+issues.filter_sort.fewestforks = Garpu tersedikit
+issues.action_check = Centang/Hapus centang
+issues.action_check_all = Centang/Hapus centang semua item
+pulls.merged_by = oleh <a href="%[2]s">%[3]s</a> digabungkan %[1]s
+pulls.merged_by_fake = oleh %[2]s digabungkan %[1]s
+issues.closed_by = oleh <a href="%[2]s">%[3]s</a> ditutup %[1]s
+issues.opened_by_fake = dibuka %[1]s oleh %[2]s
+issues.closed_by_fake = oleh %[2]s ditutup %[1]s
+issues.all_title = Semua
+issues.num_comments_1 = %d komentar
+issues.num_reviews_one = %d tinjauan
+issues.num_reviews_few = %d tinjauan
+issues.reaction.add = Tambah reaksi
+issues.reaction.alt_few = %[1]s bereaksi %[2]s.
+issues.reaction.alt_many = %[1]s dan %[2]d lainnya bereaksi %[3]s.
+issues.reaction.alt_remove = Hapus reaksi %[1]s dari komentar.
+issues.reaction.alt_add = Tambahkan reaksi %[1]s ke komentar.
+issues.context.menu = Menu komentar
+issues.context.reference_issue = Referensikan dalam issue baru
+issues.no_content = Tidak ada deskripsi yang diberikan.
+issues.close = Tutup isu
+issues.comment_pull_merged_at = menggabungkan commit %[1]s ke %[2]s %[3]s
+issues.comment_manually_pull_merged_at = menggabungkan commit %[1]s ke %[2]s %[3]s secara manual
+issues.closed_at = `menutup issue ini %s`
+issues.reopened_at = `membuka kembali issue ini %s`
+issues.ref_issue_from = `<a href="%[2]s">mereferensikan issue ini %[3]s</a> %[1]s`
+issues.ref_pull_from = `<a href="%[2]s">mereferensikan permintaan tarik ini %[3]s</a> %[1]s`
+issues.ref_closing_from = `<a href="%[2]s">mereferensikan issue ini dari permintaan tarik %[3]s yang akan menutupnya</a>, %[1]s`
+issues.ref_reopening_from = `<a href="%[2]s">mereferensikan issue ini dari permintaan tarik %[3]s yang akan membukanya kembali</a>, %[1]s`
+issues.ref_from = `dari %[1]s`
+issues.author = Penulis
+issues.author.tooltip.issue = Pengguna ini adalah penulis issue ini.
+issues.author.tooltip.pr = Pengguna ini adalah penulis permintaan tarik ini.
+issues.role.owner_helper = Pengguna ini adalah pemilik repositori ini.
+issues.role.member_helper = Pengguna ini adalah anggota organisasi yang memiliki repositori ini.
+issues.role.collaborator = Kolaborator
+issues.role.collaborator_helper = Pengguna ini telah diundang untuk berkolaborasi di repositori.
+issues.role.first_time_contributor = Kontributor pertama kali
+issues.role.first_time_contributor_helper = Ini adalah kontribusi pertama pengguna ini ke repositori.
+issues.role.contributor = Kontributor
+issues.role.contributor_helper = Pengguna ini sebelumnya pernah melakukan commit di repositori ini.
+issues.re_request_review = Minta tinjauan ulang
+issues.is_stale = Ada perubahan pada PR ini sejak tinjauan ini
+issues.remove_request_review = Hapus permintaan tinjauan
+issues.remove_request_review_block = Tidak dapat menghapus permintaan tinjauan
+issues.dismiss_review = Abaikan tinjauan
+issues.dismiss_review_warning = Apakah Anda yakin ingin mengabaikan tinjauan ini?
+issues.label_exclusive = Eksklusif
+issues.label_archive = Arsipkan label
+issues.label_archived_filter = Tampilkan label yang diarsipkan
+issues.label_archive_tooltip = Label yang diarsipkan dikecualikan secara default dari saran saat mencari berdasarkan label.
+issues.label_exclusive_desc = Beri nama label <code>lingkup/item</code> untuk membuatnya saling eksklusif dengan label <code>lingkup/</code> lainnya.
+issues.label_exclusive_warning = Label bertingkat yang bertentangan akan dihapus saat mengedit label issue atau permintaan tarik.
+issues.label_modify = Edit label
+issues.label_deletion = Hapus label
+issues.label_deletion_desc = Menghapus label akan menghapusnya dari semua isu. Lanjutkan?
+issues.label_deletion_success = Label telah dihapus.
+issues.archived_label_description = (Diarsipkan) %s
+issues.label.filter_sort.by_size = Ukuran terkecil
+issues.label.filter_sort.reverse_by_size = Ukuran terbesar
+issues.num_participants_one = %d peserta
+issues.unpin_issue = Lepas pin isu
+issues.max_pinned = Anda tidak dapat menyematkan lebih banyak isu
+issues.pin_comment = menyematkan ini %s
+issues.unpin_comment = melepas pin ini %s
+issues.lock = Kunci percakapan
+issues.unlock = Buka kunci percakapan
+issues.lock.unknown_reason = Tidak dapat mengunci issue dengan alasan yang tidak diketahui.
+issues.lock_duplicate = Isu tidak dapat dikunci dua kali.
+issues.unlock_error = Tidak dapat membuka kunci issue yang tidak dikunci.
+issues.lock_with_reason = dikunci sebagai <strong>%s</strong> dan percakapan dibatasi untuk kolaborator %s
+issues.lock_no_reason = dikunci dan percakapan dibatasi untuk kolaborator %s
+issues.unlock_comment = membuka kunci percakapan ini %s
+issues.lock_confirm = Kunci
+issues.unlock_confirm = Buka kunci
+issues.lock.notice_1 = - Pengguna lain tidak dapat menambahkan komentar baru ke issue ini.
+issues.lock.notice_2 = - Anda dan kolaborator lain yang memiliki akses ke repositori ini masih dapat meninggalkan komentar yang dapat dilihat orang lain.
+issues.lock.notice_3 = - Anda selalu dapat membuka kunci issue ini lagi di masa mendatang.
+issues.unlock.notice_1 = - Semua orang dapat berkomentar pada issue ini kembali.
+issues.unlock.notice_2 = - Anda selalu dapat mengunci issue ini lagi di masa mendatang.
+issues.lock.reason = Alasan penguncian
+issues.lock.title = Kunci percakapan
+issues.unlock.title = Buka kunci percakapan
+issues.comment_on_locked = Anda tidak dapat berkomentar pada issue yang dikunci.
+issues.delete.title = Hapus issue ini?
+issues.delete.text = Apakah Anda benar-benar ingin menghapus issue ini? (Ini akan menghapus semua konten secara permanen. Pertimbangkan untuk menutupnya, jika Anda ingin tetap menyimpannya sebagai arsip)
+issues.tracker = Pelacak waktu
+issues.start_tracking_short = Mulai pengatur waktu
+issues.start_tracking = Mulai pelacakan waktu
+issues.tracker_auto_close = Pengatur waktu akan dihentikan secara otomatis saat issue ini ditutup
+issues.tracking_already_started = `Anda sudah memulai pelacakan waktu pada <a href="%s">isu lain</a>!`
+issues.stop_tracking = Hentikan pengatur waktu
+issues.cancel_tracking = Buang
+issues.cancel_tracking_history = `membatalkan pelacakan waktu %s`
+issues.add_time = Tambah waktu secara manual
+issues.del_time = Hapus log waktu ini
+issues.add_time_short = Tambah waktu
+issues.del_time_history = `menghapus waktu yang dihabiskan %s`
+issues.add_time_sum_to_small = Tidak ada waktu yang dimasukkan.
+issues.time_spent_from_all_authors = `Total waktu yang dihabiskan: %s`
+issues.due_date = Tenggat waktu
+issues.push_commit_1 = menambahkan %d commit %s
+issues.push_commits_n = menambahkan %d commit %s
+issues.force_push_codes = `melakukan force-push %[1]s dari <a class="%[7]s" href="%[3]s"><code>%[2]s</code></a> %[8]s ke <a class="%[7]s" href="%[5]s"><code>%[4]s</code></a> %[9]s %[6]s`
+issues.force_push_compare = Bandingkan
+issues.due_date_form = yyyy-mm-dd
+issues.due_date_not_set = Belum ada tenggat waktu yang ditetapkan.
+issues.due_date_added = menambahkan tenggat waktu %s %s
+issues.due_date_modified = mengubah tenggat waktu dari %[2]s menjadi %[1]s %[3]s
+issues.due_date_remove = menghapus tenggat waktu %s %s
+issues.due_date_overdue = Terlambat
+issues.due_date_invalid = Tenggat waktu tidak valid atau di luar rentang. Gunakan format "yyyy-mm-dd".
+issues.dependency.title = Ketergantungan
+issues.dependency.issue_no_dependencies = Belum ada ketergantungan yang ditetapkan.
+issues.dependency.pr_no_dependencies = Belum ada ketergantungan yang ditetapkan.
+issues.dependency.no_permission_1 = Anda tidak memiliki izin untuk membaca %d ketergantungan
+issues.dependency.no_permission_n = Anda tidak memiliki izin untuk membaca %d ketergantungan
+issues.dependency.no_permission.can_remove = Anda tidak memiliki izin untuk membaca ketergantungan ini tetapi dapat menghapus ketergantungan ini
+issues.dependency.add = Tambah ketergantungan…
+issues.dependency.remove_info = Hapus ketergantungan ini
+issues.dependency.added_dependency = `menambahkan ketergantungan baru %s`
+issues.dependency.removed_dependency = `menghapus ketergantungan %s`
+issues.dependency.pr_closing_blockedby = Penutupan permintaan tarik ini diblokir oleh isu-isu berikut
+issues.dependency.issue_closing_blockedby = Penutupan issue ini diblokir oleh isu-isu berikut
+issues.dependency.issue_close_blocks = Isu ini memblokir penutupan isu-isu berikut
+issues.dependency.pr_close_blocks = Permintaan tarik ini memblokir penutupan isu-isu berikut
+issues.dependency.issue_close_blocked = Anda perlu menutup semua issue yang memblokir issue ini sebelum dapat menutupnya.
+issues.dependency.issue_batch_close_blocked = Tidak dapat menutup issue yang dipilih secara massal, karena issue #%d masih memiliki ketergantungan yang terbuka
+issues.dependency.pr_close_blocked = Anda perlu menutup semua issue yang memblokir permintaan tarik ini sebelum dapat menggabungkannya.
+issues.dependency.blocks_short = Memblokir
+issues.dependency.blocked_by_short = Bergantung pada
+issues.dependency.remove_header = Hapus Ketergantungan
+issues.dependency.issue_remove_text = Ini akan menghapus ketergantungan dari issue ini. Lanjutkan?
+issues.dependency.pr_remove_text = Ini akan menghapus ketergantungan dari permintaan tarik ini. Lanjutkan?
+issues.dependency.setting = Aktifkan ketergantungan untuk issue dan permintaan tarik
+issues.dependency.add_error_same_issue = Anda tidak dapat membuat issue bergantung pada dirinya sendiri.
+issues.dependency.add_error_dep_issue_not_exist = Isu yang bergantung tidak ada.
+issues.dependency.add_error_dep_not_exist = Ketergantungan tidak ada.
+issues.dependency.add_error_dep_exists = Ketergantungan sudah ada.
+issues.dependency.add_error_cannot_create_circular = Anda tidak dapat membuat ketergantungan dengan dua issue yang saling memblokir satu sama lain.
+issues.dependency.add_error_dep_not_same_repo = Kedua issue harus berada di repositori yang sama.
+issues.review.self.approval = Anda tidak dapat menyetujui permintaan tarik Anda sendiri.
+issues.review.self.rejection = Anda tidak dapat meminta perubahan pada permintaan tarik Anda sendiri.
+issues.review.approve = menyetujui perubahan ini %s
+issues.review.comment = meninjau %s
+issues.review.dismissed = mengabaikan tinjauan %s %s
+issues.review.dismissed_label = Diabaikan
+issues.review.left_comment = meninggalkan komentar
+issues.review.content.empty = Anda perlu meninggalkan komentar yang menunjukkan perubahan yang diminta.
+issues.review.reject = meminta perubahan %s
+issues.review.add_review_request = meminta tinjauan dari %[1]s %[2]s
+issues.review.add_review_requests = meminta tinjauan dari %[1]s %[2]s
+issues.review.remove_review_request = menghapus permintaan tinjauan untuk %[1]s %[2]s
+issues.review.remove_review_requests = menghapus permintaan tinjauan untuk %[1]s %[2]s
+issues.review.remove_review_request_self = menolak untuk meninjau %s
+issues.review.add_remove_review_requests = meminta tinjauan dari %[1]s dan menghapus permintaan tinjauan untuk %[2]s %[3]s
+issues.review.pending = Tertunda
+issues.review.pending.tooltip = Komentar ini saat ini tidak terlihat oleh pengguna lain. Untuk mengirimkan komentar tertunda Anda, pilih "%s" -> "%s/%s/%s" di bagian atas halaman.
+issues.review.reviewers = Pengulas
+issues.review.outdated = Kedaluwarsa
+issues.review.outdated_description = Konten telah berubah sejak komentar ini dibuat
+issues.review.option.show_outdated_comments = Tampilkan komentar kedaluwarsa
+issues.review.option.hide_outdated_comments = Sembunyikan komentar kedaluwarsa
+issues.review.show_outdated = Tampilkan yang kedaluwarsa
+issues.review.hide_outdated = Sembunyikan yang kedaluwarsa
+issues.review.show_resolved = Tampilkan yang diselesaikan
+issues.review.hide_resolved = Sembunyikan yang diselesaikan
+issues.review.resolve_conversation = Tandai percakapan sebagai selesai
+issues.review.un_resolve_conversation = Batalkan penyelesaian percakapan
+issues.review.resolved_by = menandai percakapan ini sebagai selesai
+issues.reference_issue.body = Isi
+issues.content_history.edited = diedit
+issues.content_history.created = dibuat
+issues.content_history.delete_from_history = Hapus dari riwayat
+issues.content_history.delete_from_history_confirm = Hapus dari riwayat?
+issues.content_history.options = Opsi
+issues.blocked_by_user = Anda tidak dapat membuat issue di repositori ini karena Anda diblokir oleh pemilik repositori.
+comment.blocked_by_user = Pemberian komentar tidak dapat dilakukan karena Anda diblokir oleh pemilik repositori atau penulisnya.
+issues.summary_card_alt = Kartu ringkasan issue berjudul "%s" di repositori %s
+compare.compare_base = dasar
+compare.compare_head = bandingkan
+pulls.view = Lihat permintaan tarik
+pulls.edit.already_changed = Tidak dapat menyimpan perubahan pada permintaan tarik. Tampaknya konten sudah diubah oleh pengguna lain. Harap segarkan halaman dan coba edit lagi untuk menghindari penimpaan perubahan mereka
+pulls.sign_in_require = <a href="%s">Masuk</a> untuk membuat permintaan tarik baru.
+pulls.allow_edits_from_maintainers = Izinkan pengeditan dari pemelihara
+pulls.allow_edits_from_maintainers_desc = Pengguna dengan akses tulis ke cabang dasar juga dapat mendorong ke cabang ini
+pulls.allow_edits_from_maintainers_err = Pembaruan gagal
+pulls.compare_changes_desc = Pilih cabang tujuan penggabungan dan cabang sumber penarikan.
+pulls.has_viewed_file = Dilihat
+pulls.has_changed_since_last_review = Berubah sejak tinjauan terakhir Anda
+pulls.viewed_files_label = %[1]d / %[2]d file dilihat
+pulls.expand_files = Perluas semua file
+pulls.collapse_files = Ciutkan semua file
+pulls.compare_base = gabungkan ke
+pulls.compare_compare = tarik dari
+pulls.switch_comparison_type = Alihkan jenis perbandingan
+pulls.switch_head_and_base = Tukar head dan base
+pulls.show_all_commits = Tampilkan semua komit
+pulls.show_changes_since_your_last_review = Tampilkan perubahan sejak tinjauan terakhir Anda
+pulls.showing_only_single_commit = Hanya menampilkan perubahan commit %[1]s
+pulls.showing_specified_commit_range = Hanya menampilkan perubahan antara %[1]s..%[2]s
+pulls.select_commit_hold_shift_for_range = Pilih komit. Tahan shift + klik untuk memilih rentang
+pulls.filter_changes_by_commit = Filter berdasarkan komit
+pulls.nothing_to_compare = Cabang-cabang ini sama. Tidak perlu membuat permintaan tarik.
+pulls.nothing_to_compare_have_tag = Cabang/tag yang dipilih sama.
+pulls.nothing_to_compare_and_allow_empty_pr = Cabang-cabang ini sama. PR ini akan kosong.
+pulls.has_pull_request = `Permintaan tarik antara cabang-cabang ini sudah ada: <a href="%[1]s">%[2]s#%[3]d</a>`
+pulls.change_target_branch_at = `mengubah cabang target dari <b>%s</b> menjadi <b>%s</b> %s`
+pulls.tab_files = File yang diubah
+pulls.cant_reopen_deleted_branch = Permintaan tarik ini tidak dapat dibuka kembali karena cabangnya telah dihapus.
+pulls.merged_success = Permintaan tarik berhasil digabungkan dan ditutup
+pulls.closed = Permintaan tarik ditutup
+pulls.manually_merged = Digabungkan secara manual
+pulls.merged_info_text = Cabang %s sekarang dapat dihapus.
+pulls.is_closed = Permintaan tarik telah ditutup.
+pulls.title_wip_desc = `<a href="#">Mulai judul dengan <strong>%s</strong></a> untuk mencegah permintaan tarik digabungkan secara tidak sengaja.`
+pulls.cannot_merge_work_in_progress = Permintaan tarik ini ditandai sebagai pekerjaan yang sedang berjalan.
+pulls.still_in_progress = Masih dalam proses?
+pulls.add_prefix = Tambahkan awalan <strong>%s</strong>
+pulls.ready_for_review = Siap untuk ditinjau?
+pulls.remove_prefix = Hapus awalan <strong>%s</strong>
+pulls.data_broken = Permintaan tarik ini rusak karena informasi garpu yang hilang.
+pulls.files_conflicted = Permintaan tarik ini memiliki perubahan yang berkonflik dengan cabang target.
+pulls.is_checking = Pemeriksaan konflik penggabungan sedang berlangsung. Coba lagi dalam beberapa saat.
+pulls.is_ancestor = Cabang ini sudah termasuk dalam cabang target. Tidak ada yang perlu digabungkan.
+pulls.is_empty = Perubahan pada cabang ini sudah ada di cabang target. Ini akan menjadi commit kosong.
+pulls.required_status_check_failed = Beberapa pemeriksaan yang diperlukan tidak berhasil.
+pulls.required_status_check_missing = Beberapa pemeriksaan yang diperlukan tidak ada.
+pulls.required_status_check_administrator = Sebagai administrator, Anda masih dapat menggabungkan permintaan tarik ini.
+pulls.blocked_by_approvals = Permintaan tarik ini belum mendapat cukup persetujuan. %d dari %d persetujuan diberikan.
+pulls.blocked_by_rejection = Permintaan tarik ini memiliki perubahan yang diminta oleh pengulas resmi.
+pulls.blocked_by_official_review_requests = Permintaan tarik ini diblokir karena tidak mendapat persetujuan dari satu atau lebih pengulas resmi.
+pulls.blocked_by_outdated_branch = Permintaan tarik ini diblokir karena sudah kedaluwarsa.
+pulls.blocked_by_changed_protected_files_1 = Permintaan tarik ini diblokir karena mengubah file yang dilindungi:
+pulls.blocked_by_changed_protected_files_n = Permintaan tarik ini diblokir karena mengubah file-file yang dilindungi:
+pulls.cannot_auto_merge_desc = Permintaan tarik ini tidak dapat digabungkan secara otomatis karena konflik.
+pulls.cannot_auto_merge_helper = Gabungkan secara manual untuk menyelesaikan konflik.
+pulls.num_conflicting_files_1 = %d file berkonflik
+pulls.num_conflicting_files_n = %d file berkonflik
+pulls.approve_count_1 = %d persetujuan
+pulls.approve_count_n = %d persetujuan
+pulls.reject_count_1 = %d permintaan perubahan
+pulls.reject_count_n = %d permintaan perubahan
+pulls.waiting_count_1 = %d tinjauan yang ditunggu
+pulls.waiting_count_n = %d tinjauan yang ditunggu
+pulls.wrong_commit_id = id commit harus berupa id commit pada cabang target
+pulls.blocked_by_user = Anda tidak dapat membuat permintaan tarik di repositori ini karena Anda diblokir oleh pemilik repositori.
+pulls.no_merge_desc = Permintaan tarik ini tidak dapat digabungkan karena semua opsi penggabungan repositori dinonaktifkan.
+pulls.no_merge_helper = Aktifkan opsi penggabungan di pengaturan repositori atau gabungkan permintaan tarik secara manual.
+pulls.no_merge_wip = Permintaan tarik ini tidak dapat digabungkan karena ditandai sebagai pekerjaan yang sedang berjalan.
+pulls.no_merge_not_ready = Permintaan tarik ini belum siap untuk digabungkan, periksa status tinjauan dan pemeriksaan status.
+pulls.no_merge_access = Anda tidak berwenang untuk menggabungkan permintaan tarik ini.
+pulls.merge_pull_request = Buat commit gabungan
+pulls.rebase_merge_pull_request = Rebase lalu fast-forward
+pulls.rebase_merge_commit_pull_request = Rebase lalu buat commit gabungan
+pulls.squash_merge_pull_request = Buat commit squash
+pulls.fast_forward_only_merge_pull_request = Fast-forward saja
+pulls.merge_manually = Digabungkan secara manual
+pulls.merge_commit_id = ID commit gabungan
+pulls.require_signed_wont_sign = Cabang memerlukan commit yang ditandatangani tetapi penggabungan ini tidak akan ditandatangani
+pulls.invalid_merge_option = Anda tidak dapat menggunakan opsi penggabungan ini untuk permintaan tarik ini.
+pulls.merge_conflict = Penggabungan gagal: Terjadi konflik saat menggabungkan. Petunjuk: Coba strategi yang berbeda
+pulls.merge_conflict_summary = Pesan kesalahan
+pulls.rebase_conflict = Penggabungan gagal: Terjadi konflik saat melakukan rebase komit: %[1]s. Petunjuk: Coba strategi yang berbeda
+pulls.rebase_conflict_summary = Pesan kesalahan
+pulls.unrelated_histories = Penggabungan gagal: Head dan base penggabungan tidak memiliki riwayat yang sama. Petunjuk: Coba strategi yang berbeda
+pulls.merge_out_of_date = Penggabungan gagal: Saat menghasilkan penggabungan, base diperbarui. Petunjuk: Coba lagi.
+pulls.head_out_of_date = Penggabungan gagal: Saat menghasilkan penggabungan, head diperbarui. Petunjuk: Coba lagi.
+pulls.has_merged = Gagal: Permintaan tarik telah digabungkan, Anda tidak dapat menggabungkan lagi atau mengubah cabang target.
+pulls.push_rejected = Dorongan gagal: Dorongan ditolak. Tinjau hook Git untuk repositori ini.
+pulls.push_rejected_summary = Pesan penolakan lengkap
+pulls.push_rejected_no_message = Dorongan gagal: Dorongan ditolak tetapi tidak ada pesan jarak jauh. Tinjau hook Git untuk repositori ini
+pulls.open_unmerged_pull_exists = `Anda tidak dapat melakukan operasi buka kembali karena ada permintaan tarik yang tertunda (#%d) dengan properti yang identik.`
+pulls.status_checking = Beberapa pemeriksaan sedang tertunda
+pulls.status_checks_success = Semua pemeriksaan berhasil
+pulls.status_checks_warning = Beberapa pemeriksaan melaporkan peringatan
+pulls.status_checks_failure = Beberapa pemeriksaan gagal
+pulls.status_checks_error = Beberapa pemeriksaan melaporkan kesalahan
+pulls.status_checks_requested = Diperlukan
+pulls.status_checks_details = Detail
+pulls.status_checks_hide_all = Sembunyikan semua pemeriksaan
+pulls.status_checks_show_all = Tampilkan semua pemeriksaan
+pulls.update_branch = Perbarui cabang dengan penggabungan
+pulls.update_branch_rebase = Perbarui cabang dengan rebase
+pulls.update_branch_success = Pembaruan cabang berhasil
+pulls.update_not_allowed = Anda tidak diizinkan memperbarui cabang
+pulls.outdated_with_base_branch = Cabang ini tidak mutakhir dengan cabang dasar
+pulls.close = Tutup permintaan tarik
+pulls.closed_at = `menutup permintaan tarik ini %s`
+pulls.reopened_at = `membuka kembali permintaan tarik ini %s`
+pulls.commit_ref_at = `mereferensikan permintaan tarik ini dari commit %s`
+pulls.cmd_instruction_hint = Lihat instruksi baris perintah
+pulls.cmd_instruction_checkout_title = Checkout
+pulls.cmd_instruction_checkout_desc = Dari repositori proyek Anda, checkout cabang baru dan uji perubahan.
+pulls.cmd_instruction_merge_title = Gabungkan
+pulls.cmd_instruction_merge_desc = Gabungkan perubahan dan perbarui di Forgejo.
+pulls.cmd_instruction_merge_warning = <b>Peringatan:</b> Pengaturan "Deteksi otomatis penggabungan manual" tidak diaktifkan untuk repositori ini, Anda harus menandai permintaan tarik ini sebagai digabungkan secara manual setelahnya.
+pulls.clear_merge_message = Hapus pesan gabungan
+pulls.clear_merge_message_hint = Menghapus pesan gabungan hanya akan menghapus konten pesan commit dan mempertahankan trailer git yang dihasilkan seperti "Co-Authored-By …".
+pulls.reopen_failed.head_branch = Permintaan tarik tidak dapat dibuka kembali, karena cabang head tidak ada lagi.
+pulls.reopen_failed.base_branch = Permintaan tarik tidak dapat dibuka kembali, karena cabang dasar tidak ada lagi.
+pulls.made_using_agit = AGit
+pulls.agit_explanation = Dibuat menggunakan alur kerja AGit. AGit memungkinkan kontributor mengusulkan perubahan menggunakan "git push" tanpa membuat garpu atau cabang baru.
+pulls.editable = Dapat diedit
+pulls.editable_explanation = Permintaan tarik ini mengizinkan pengeditan dari pemelihara. Anda dapat berkontribusi langsung ke dalamnya.
+pulls.auto_merge_button_when_succeed = (Saat pemeriksaan berhasil)
+pulls.auto_merge_when_succeed = Gabungkan otomatis saat semua pemeriksaan berhasil
+pulls.auto_merge_newly_scheduled = Permintaan tarik dijadwalkan untuk digabungkan saat semua pemeriksaan berhasil.
+pulls.auto_merge_has_pending_schedule = %[1]s menjadwalkan permintaan tarik ini untuk digabungkan otomatis saat semua pemeriksaan berhasil %[2]s.
+pulls.auto_merge_cancel_schedule = Batalkan penggabungan otomatis
+pulls.auto_merge_not_scheduled = Permintaan tarik ini tidak dijadwalkan untuk digabungkan otomatis.
+pulls.auto_merge_canceled_schedule = Penggabungan otomatis dibatalkan untuk permintaan tarik ini.
+pulls.auto_merge_newly_scheduled_comment = `menjadwalkan permintaan tarik ini untuk digabungkan otomatis saat semua pemeriksaan berhasil %[1]s`
+pulls.auto_merge_canceled_schedule_comment = `membatalkan penggabungan otomatis permintaan tarik ini saat semua pemeriksaan berhasil %[1]s`
+pulls.delete_after_merge.head_branch.is_default = Cabang head yang ingin Anda hapus adalah cabang default dan tidak dapat dihapus.
+pulls.delete_after_merge.head_branch.is_protected = Cabang head yang ingin Anda hapus adalah cabang yang dilindungi dan tidak dapat dihapus.
+pulls.delete_after_merge.head_branch.insufficient_branch = Anda tidak memiliki izin untuk menghapus cabang head.
+pulls.delete.title = Hapus permintaan tarik ini?
+pulls.delete.text = Apakah Anda benar-benar ingin menghapus permintaan tarik ini? (Ini akan menghapus semua konten secara permanen. Pertimbangkan untuk menutupnya, jika Anda ingin tetap menyimpannya sebagai arsip)
+pulls.recently_pushed_new_branches = Anda mendorong ke cabang <a href="%[3]s"><strong>%[1]s</strong></a> %[2]s
+pull.deleted_branch = (dihapus):%s
+comments.edit.already_changed = Tidak dapat menyimpan perubahan pada komentar. Tampaknya konten sudah diubah oleh pengguna lain. Harap segarkan halaman dan coba edit lagi untuk menghindari penimpaan perubahan mereka
+milestones.update_ago = Diperbarui %s
+milestones.new_subheader = Tonggak pencapaian dapat membantu Anda mengorganisasi issue dan melacak kemajuannya.
+milestones.completeness = <strong>%d%%</strong> Selesai
+milestones.invalid_due_date_format = Format tenggat waktu harus "yyyy-mm-dd".
+milestones.create_success = Tonggak pencapaian "%s" telah dibuat.
+milestones.edit_subheader = Tonggak pencapaian mengorganisasi issue dan melacak kemajuan.
+milestones.modify = Perbarui tonggak pencapaian
+milestones.edit_success = Tonggak pencapaian "%s" telah diperbarui.
+milestones.deletion = Hapus tonggak pencapaian
+milestones.deletion_desc = Menghapus tonggak pencapaian akan menghapusnya dari semua issue terkait. Lanjutkan?
+milestones.deletion_success = Tonggak pencapaian telah dihapus.
+milestones.filter_sort.earliest_due_data = Tenggat waktu terdekat
+milestones.filter_sort.latest_due_date = Tenggat waktu terjauh
+signing.will_sign = Komit ini akan ditandatangani dengan kunci "%s".
+signing.wont_sign.error = Terjadi kesalahan saat memeriksa apakah commit dapat ditandatangani.
+signing.wont_sign.nokey = Instans ini tidak memiliki kunci untuk menandatangani commit ini.
+signing.wont_sign.never = Komit tidak pernah ditandatangani.
+signing.wont_sign.always = Komit selalu ditandatangani.
+signing.wont_sign.pubkey = Komit tidak akan ditandatangani karena Anda tidak memiliki kunci publik yang terkait dengan akun Anda.
+signing.wont_sign.twofa = Anda harus mengaktifkan autentikasi dua faktor agar commit dapat ditandatangani.
+signing.wont_sign.parentsigned = Komit tidak akan ditandatangani karena commit induk tidak ditandatangani.
+signing.wont_sign.basesigned = Penggabungan tidak akan ditandatangani karena commit dasar tidak ditandatangani.
+signing.wont_sign.headsigned = Penggabungan tidak akan ditandatangani karena commit head tidak ditandatangani.
+signing.wont_sign.commitssigned = Penggabungan tidak akan ditandatangani karena semua commit terkait tidak ditandatangani.
+signing.wont_sign.approved = Penggabungan tidak akan ditandatangani karena PR belum disetujui.
+signing.wont_sign.not_signed_in = Anda belum masuk.
+ext_wiki = Wiki Eksternal
+wiki.welcome = Selamat datang di wiki.
+wiki.welcome_desc = Wiki memungkinkan Anda menulis dan berbagi dokumentasi dengan kolaborator.
+wiki.create_first_page = Buat halaman pertama
+wiki.page_title = Judul halaman
+wiki.page_content = Konten halaman
+wiki.cancel = Batal
+wiki.file_revision = Revisi halaman
+wiki.wiki_page_revisions = Revisi halaman
+wiki.back_to_wiki = Kembali ke halaman wiki
+wiki.delete_page_notice_1 = Menghapus halaman wiki "%s" tidak dapat dibatalkan. Lanjutkan?
+wiki.reserved_page = Nama halaman wiki "%s" sudah dipesan.
+wiki.page_name_desc = Masukkan nama untuk halaman Wiki ini. Beberapa nama khusus adalah: "Home", "_Sidebar", dan "_Footer".
+wiki.original_git_entry_tooltip = Lihat file Git asli alih-alih menggunakan tautan yang mudah dibaca.
+wiki.search = Cari wiki
+wiki.no_search_results = Tidak ada hasil
+activity.navbar.pulse = Aktivitas
+activity.navbar.code_frequency = Frekuensi kode
+activity.navbar.contributors = Kontributor
+activity.navbar.recent_commits = Komit terbaru
+activity.period.quarterly = 3 bulan
+activity.period.semiyearly = 6 bulan
+activity.title.issues_closed_from = %s ditutup dari %s
+activity.title.unresolved_conv_1 = %d percakapan yang belum diselesaikan
+activity.title.unresolved_conv_n = %d percakapan yang belum diselesaikan
+activity.unresolved_conv_desc = Isu dan permintaan tarik yang baru-baru ini berubah ini belum diselesaikan.
+activity.published_prerelease_label = Pra-rilis
+activity.published_tag_label = Tag
+activity.no_git_activity = Tidak ada aktivitas commit dalam periode ini.
+activity.git_stats_exclude_merges = Tidak termasuk penggabungan,
+activity.git_stats_author_1 = %d penulis
+activity.git_stats_author_n = %d penulis
+activity.git_stats_pushed_1 = telah mendorong
+activity.git_stats_pushed_n = telah mendorong
+activity.git_stats_commit_1 = %d komit
+activity.git_stats_commit_n = %d komit
+activity.git_stats_push_to_branch = ke %s dan
+activity.git_stats_push_to_all_branches = ke semua cabang.
+activity.git_stats_on_default_branch = Pada %s,
+activity.git_stats_file_1 = %d file
+activity.git_stats_file_n = %d file
+activity.git_stats_files_changed_1 = telah berubah
+activity.git_stats_files_changed_n = telah berubah
+activity.git_stats_additions = dan telah terjadi
+activity.git_stats_addition_1 = %d penambahan
+activity.git_stats_addition_n = %d penambahan
+activity.git_stats_and_deletions = dan
+activity.git_stats_deletion_1 = %d penghapusan
+activity.git_stats_deletion_n = %d penghapusan
+activity.commit = Aktivitas komit
+contributors.contribution_type.filter_label = Jenis kontribusi:
+contributors.contribution_type.additions = Penambahan
+contributors.contribution_type.deletions = Penghapusan
+settings.collaboration = Kolaborator
+settings.collaboration.admin = Administrator
+settings.federation_settings = Pengaturan Federasi
+settings.federation_apapiurl = URL Federasi repositori ini. Salin dan tempel ini ke Pengaturan Federasi repositori lain sebagai URL Repositori yang Diikuti.
+settings.federation_following_repos = URL Repositori yang Diikuti. Dipisahkan oleh ";", tanpa spasi.
+settings.federation_not_enabled = Federasi tidak diaktifkan pada instans Anda.
+settings.mirror_settings.docs = Atur repositori Anda agar secara otomatis menyinkronkan komit, tag, dan cabang dengan repositori lain.
+settings.mirror_settings.docs.disabled_pull_mirror.instructions = Atur proyek Anda agar secara otomatis mendorong komit, tag, dan cabang ke repositori lain. Cermin tarik telah dinonaktifkan oleh administrator situs Anda.
+settings.mirror_settings.docs.disabled_push_mirror.instructions = Atur proyek Anda agar secara otomatis menarik komit, tag, dan cabang dari repositori lain.
+settings.mirror_settings.docs.disabled_push_mirror.pull_mirror_warning = Saat ini, hal ini hanya dapat dilakukan di menu "Migrasi Baru". Untuk informasi lebih lanjut, silakan lihat:
+settings.mirror_settings.docs.disabled_push_mirror.info = Cermin dorong telah dinonaktifkan oleh administrator situs Anda.
+settings.mirror_settings.docs.no_new_mirrors = Repositori Anda mencerminkan perubahan ke atau dari repositori lain. Harap diperhatikan bahwa Anda tidak dapat membuat cermin baru saat ini.
+settings.mirror_settings.docs.can_still_use = Meskipun Anda tidak dapat mengubah cermin yang ada atau membuat yang baru, Anda masih dapat menggunakan cermin yang ada.
+settings.mirror_settings.docs.pull_mirror_instructions = Untuk menyiapkan cermin tarik, silakan lihat:
+settings.mirror_settings.docs.more_information_if_disabled = Anda dapat mengetahui lebih lanjut tentang cermin dorong dan tarik di sini:
+settings.mirror_settings.docs.doc_link_title = Bagaimana cara mencerminkan repositori?
+settings.mirror_settings.docs.doc_link_pull_section = bagian "Menarik dari repositori jarak jauh" dalam dokumentasi.
+settings.mirror_settings.docs.pulling_remote_title = Menarik dari repositori jarak jauh
+settings.mirror_settings.mirrored_repository = Repositori yang dicerminkan
+settings.mirror_settings.pushed_repository = Repositori yang didorong
+settings.mirror_settings.direction = Arah
+settings.mirror_settings.direction.pull = Tarik
+settings.mirror_settings.direction.push = Dorong
+settings.mirror_settings.last_update = Pembaruan terakhir
+settings.mirror_settings.push_mirror.none = Tidak ada cermin dorong yang dikonfigurasi
+settings.mirror_settings.push_mirror.remote_url = URL repositori Git jarak jauh
+settings.mirror_settings.push_mirror.add = Tambah cermin dorong
+settings.mirror_settings.push_mirror.edit_sync_time = Edit interval sinkronisasi cermin
+settings.mirror_settings.push_mirror.none_ssh = Tidak ada
+settings.units.units = Unit
+settings.units.overview = Ikhtisar
+settings.units.add_more = Aktifkan lebih banyak
+settings.sync_mirror = Sinkronkan sekarang
+settings.mirror_settings.push_mirror.copy_public_key = Salin kunci publik
+settings.pull_mirror_sync_in_progress = Sedang menarik perubahan dari jarak jauh %s saat ini.
+settings.pull_mirror_sync_quota_exceeded = Kuota terlampaui, tidak menarik perubahan.
+settings.push_mirror_sync_in_progress = Sedang mendorong perubahan ke jarak jauh %s saat ini.
+settings.update_mirror_settings = Perbarui pengaturan cermin
+settings.branches.switch_default_branch = Ganti cabang default
+settings.branches.update_default_branch = Perbarui cabang default
+settings.branches.add_new_rule = Tambah aturan baru
+settings.wiki_desc = Aktifkan wiki repositori
+settings.wiki_globally_editable = Izinkan siapa saja mengedit wiki
+settings.use_internal_wiki = Gunakan wiki bawaan
+settings.use_external_wiki = Gunakan wiki eksternal
+settings.external_wiki_url_error = URL wiki eksternal bukan URL yang valid.
+settings.external_wiki_url_desc = Pengunjung diarahkan ke URL wiki eksternal saat mengklik tab wiki.
+settings.issues_desc = Aktifkan pelacak issue repositori
+settings.use_internal_issue_tracker = Gunakan pelacak issue bawaan
+settings.use_external_issue_tracker = Gunakan pelacak issue eksternal
+settings.external_tracker_url_error = URL pelacak issue eksternal bukan URL yang valid.
+settings.external_tracker_url_desc = Pengunjung diarahkan ke URL pelacak issue eksternal saat mengklik tab isu.
+settings.tracker_url_format_error = Format URL pelacak issue eksternal bukan URL yang valid.
+settings.tracker_issue_style = Format Nomor pelacak issue eksternal
+settings.tracker_issue_style.regexp = Ekspresi Reguler
+settings.tracker_issue_style.regexp_pattern = Pola Ekspresi Reguler
+settings.tracker_issue_style.regexp_pattern_desc = Grup yang ditangkap pertama akan digunakan sebagai pengganti <code>{index}</code>.
+settings.tracker_url_format_desc = Gunakan placeholder <code>{user}</code>, <code>{repo}</code>, dan <code>{index}</code> untuk nama pengguna, nama repositori, dan indeks isu.
+settings.enable_timetracker = Aktifkan pelacakan waktu
+settings.allow_only_contributors_to_track_time = Biarkan hanya kontributor yang melacak waktu
+settings.pulls_desc = Aktifkan permintaan tarik repositori
+settings.pulls.ignore_whitespace = Abaikan spasi untuk konflik
+settings.pulls.enable_autodetect_manual_merge = Aktifkan deteksi otomatis penggabungan manual (Catatan: Dalam beberapa kasus khusus, kesalahan penilaian dapat terjadi)
+settings.pulls.allow_rebase_update = Aktifkan pembaruan cabang permintaan tarik dengan rebase
+settings.default_update_style_desc = Gaya pembaruan default yang digunakan untuk memperbarui permintaan tarik yang tertinggal dari cabang dasar.
+settings.pulls.default_delete_branch_after_merge = Hapus cabang permintaan tarik setelah penggabungan secara default
+settings.pulls.default_allow_edits_from_maintainers = Izinkan pengeditan dari pemelihara secara default
+settings.releases_desc = Aktifkan rilis repositori
+settings.packages_desc = Aktifkan registri paket repositori
+settings.projects_desc = Aktifkan proyek repositori
+settings.actions_desc = Aktifkan pipeline CI/CD terintegrasi dengan Forgejo Actions
+settings.admin_settings = Pengaturan administrator
+settings.admin_enable_health_check = Aktifkan pemeriksaan kesehatan repositori (git fsck)
+settings.admin_code_indexer = Pengindeks kode
+settings.admin_stats_indexer = Pengindeks statistik kode
+settings.admin_indexer_commit_sha = Komit yang terindeks terakhir
+settings.admin_indexer_unindexed = Belum diindeks
+settings.reindex_button = Tambahkan ke antrian pengindeksan ulang
+settings.reindex_requested = Pengindeksan ulang diminta
+settings.admin_enable_close_issues_via_commit_in_any_branch = Tutup issue melalui commit yang dibuat di cabang non-default
+settings.new_owner_blocked_doer = Pemilik baru telah memblokir Anda.
+settings.convert = Konversi ke repositori biasa
+settings.convert_desc = Anda dapat mengonversi cermin ini menjadi repositori biasa. Tindakan ini tidak dapat dibatalkan.
+settings.convert_notices_1 = Operasi ini akan mengonversi cermin menjadi repositori biasa dan tidak dapat dibatalkan.
+settings.convert_confirm = Konversi repositori
+settings.convert_succeed = Cermin telah dikonversi menjadi repositori biasa.
+settings.convert_fork = Konversi ke repositori biasa
+settings.convert_fork_desc = Anda dapat mengonversi garpu ini menjadi repositori biasa. Tindakan ini tidak dapat dibatalkan.
+settings.convert_fork_notices_1 = Operasi ini akan mengonversi garpu menjadi repositori biasa dan tidak dapat dibatalkan.
+settings.convert_fork_confirm = Konversi repositori
+settings.convert_fork_succeed = Garpu telah dikonversi menjadi repositori biasa.
+settings.transfer.button = Alihkan kepemilikan
+settings.transfer.modal.title = Alihkan kepemilikan
+settings.transfer.rejected = Pengalihan repositori ditolak.
+settings.transfer.success = Pengalihan repositori berhasil.
+settings.transfer_abort = Batalkan pengalihan
+settings.transfer_abort_invalid = Anda tidak dapat membatalkan pengalihan repositori yang tidak ada.
+settings.transfer_abort_success = Pengalihan repositori ke %s berhasil dibatalkan.
+settings.transfer_desc = Alihkan repositori ini ke pengguna atau ke organisasi yang Anda miliki hak administratornya.
+settings.enter_repo_name = Masukkan nama pemilik dan repositori persis seperti yang ditampilkan:
+settings.confirmation_string = String konfirmasi
+settings.transfer_in_progress = Saat ini sedang ada pengalihan yang berlangsung. Harap batalkan jika Anda ingin mengalihkan repositori ini ke pengguna lain.
+settings.transfer_notices_1 = - Anda akan kehilangan akses ke repositori jika mengalihkannya ke pengguna individu.
+settings.transfer_notices_2 = - Anda akan tetap memiliki akses ke repositori jika mengalihkannya ke organisasi yang Anda (ikut) miliki.
+settings.transfer_notices_3 = - Jika repositori bersifat privat dan dialihkan ke pengguna individu, tindakan ini memastikan bahwa pengguna tersebut memiliki setidaknya izin baca (dan mengubah izin jika diperlukan).
+settings.transfer_perform = Lakukan pengalihan
+settings.transfer_started = Repositori ini telah ditandai untuk pengalihan dan menunggu konfirmasi dari "%s"
+settings.transfer_succeed = Repositori telah dialihkan.
+settings.transfer_quota_exceeded = Pemilik baru (%s) melebihi kuota. Repositori tidak dialihkan.
+settings.signing_settings = Pengaturan verifikasi penandatanganan
+settings.trust_model = Model kepercayaan tanda tangan
+settings.trust_model.default = Model kepercayaan default
+settings.trust_model.default.desc = Gunakan model kepercayaan repositori default untuk instalasi ini.
+settings.trust_model.collaborator = Kolaborator
+settings.trust_model.collaborator.long = Kolaborator: Percayai tanda tangan oleh kolaborator
+settings.trust_model.collaborator.desc = Tanda tangan valid oleh kolaborator repositori ini akan ditandai "dipercaya" - (baik cocok dengan pembuat commit maupun tidak). Selain itu, tanda tangan valid akan ditandai "tidak dipercaya" jika tanda tangan cocok dengan pembuat commit dan "tidak cocok" jika tidak.
+settings.trust_model.committer = Pembuat komit
+settings.trust_model.committer.long = Pembuat komit: Percayai tanda tangan yang cocok dengan pembuat commit (Ini cocok dengan GitHub dan akan memaksa commit yang ditandatangani Forgejo memiliki Forgejo sebagai pembuat komit)
+settings.trust_model.committer.desc = Tanda tangan valid hanya akan ditandai "dipercaya" jika cocok dengan pembuat komit, selain itu akan ditandai "tidak cocok". Ini memaksa Forgejo menjadi pembuat commit pada commit yang ditandatangani dengan pembuat commit sebenarnya ditandai sebagai Co-authored-by: dan Co-committed-by: trailer dalam komit. Kunci Forgejo default harus cocok dengan Pengguna dalam basis data.
+settings.trust_model.collaboratorcommitter = Kolaborator+Pembuat komit
+settings.trust_model.collaboratorcommitter.long = Kolaborator+Pembuat komit: Percayai tanda tangan oleh kolaborator yang cocok dengan pembuat komit
+settings.trust_model.collaboratorcommitter.desc = Tanda tangan valid oleh kolaborator repositori ini akan ditandai "dipercaya" jika cocok dengan pembuat komit. Selain itu, tanda tangan valid akan ditandai "tidak dipercaya" jika tanda tangan cocok dengan pembuat commit dan "tidak cocok" selain itu. Ini akan memaksa Forgejo ditandai sebagai pembuat commit pada commit yang ditandatangani dengan pembuat commit sebenarnya ditandai sebagai Co-Authored-By: dan Co-Committed-By: trailer dalam komit. Kunci Forgejo default harus cocok dengan Pengguna dalam basis data.
+settings.wiki_rename_branch_main = Normalkan nama cabang Wiki
+settings.wiki_rename_branch_main_desc = Ubah nama cabang yang digunakan secara internal oleh Wiki menjadi "%s". Perubahan ini permanen dan tidak dapat dibatalkan.
+settings.wiki_rename_branch_main_notices_1 = Operasi ini <strong>TIDAK DAPAT</strong> dibatalkan.
+settings.wiki_rename_branch_main_notices_2 = Ini akan secara permanen mengubah nama cabang internal wiki repositori %s. Checkout yang ada perlu diperbarui.
+settings.wiki_branch_rename_success = Nama cabang wiki repositori telah berhasil dinormalkan.
+settings.wiki_branch_rename_failure = Gagal menormalkan nama cabang wiki repositori.
+settings.confirm_wiki_branch_rename = Ubah nama cabang wiki
+settings.wiki_delete = Hapus data wiki
+settings.wiki_delete_desc = Menghapus data wiki repositori bersifat permanen dan tidak dapat dibatalkan.
+settings.wiki_delete_notices_1 = - Ini akan menghapus secara permanen dan menonaktifkan wiki repositori untuk %s.
+settings.confirm_wiki_delete = Hapus data wiki
+settings.wiki_deletion_success = Data wiki repositori telah dihapus.
+settings.delete_desc = Menghapus repositori bersifat permanen dan tidak dapat dibatalkan.
+settings.delete_notices_2 = - Operasi ini akan menghapus secara permanen repositori <strong>%s</strong> termasuk kode, isu, komentar, data wiki, dan pengaturan kolaborator.
+settings.delete_notices_fork_1 = - Garpu dari repositori ini akan menjadi independen setelah penghapusan.
+settings.deletion_success = Repositori telah dihapus.
+settings.update_settings_success = Pengaturan repositori telah diperbarui.
+settings.update_settings_no_unit = Repositori harus mengizinkan setidaknya beberapa jenis interaksi.
+settings.confirm_delete = Hapus repositori
+settings.add_collaborator = Tambah kolaborator
+settings.add_collaborator_success = Kolaborator telah ditambahkan.
+settings.add_collaborator_inactive_user = Tidak dapat menambahkan pengguna yang tidak aktif sebagai kolaborator.
+settings.add_collaborator_owner = Tidak dapat menambahkan pemilik sebagai kolaborator.
+settings.add_collaborator_duplicate = Kolaborator sudah ditambahkan ke repositori ini.
+settings.add_collaborator_blocked_our = Tidak dapat menambahkan kolaborator, karena pemilik repositori telah memblokir mereka.
+settings.add_collaborator_blocked_them = Tidak dapat menambahkan kolaborator, karena mereka telah memblokir pemilik repositori.
+settings.collaborator_deletion = Hapus kolaborator
+settings.collaborator_deletion_desc = Menghapus kolaborator akan mencabut akses mereka ke repositori ini. Lanjutkan?
+settings.remove_collaborator_success = Kolaborator telah dihapus.
+settings.org_not_allowed_to_be_collaborator = Organisasi tidak dapat ditambahkan sebagai kolaborator.
+settings.change_team_access_not_allowed = Perubahan akses tim untuk repositori telah dibatasi hanya untuk pemilik organisasi
+settings.team_not_in_organization = Tim tidak berada dalam organisasi yang sama dengan repositori
+settings.add_team = Tambah tim
+settings.add_team_duplicate = Tim sudah memiliki akses ke repositori
+settings.add_team_success = Tim sekarang memiliki akses ke repositori.
+settings.change_team_permission_tip = Izin tim diatur di halaman pengaturan tim dan tidak dapat diubah per repositori
+settings.delete_team_tip = Tim ini memiliki akses ke semua repositori dan tidak dapat dihapus
+settings.remove_team_success = Akses tim ke repositori telah dihapus.
+settings.add_webhook.invalid_channel_name = Nama saluran webhook tidak boleh kosong dan tidak boleh hanya berisi karakter #.
+settings.add_webhook.invalid_path = Jalur tidak boleh mengandung bagian yang berupa "." atau ".." atau string kosong. Tidak boleh diawali atau diakhiri dengan garis miring.
+settings.hooks_desc = Webhook secara otomatis membuat permintaan HTTP POST ke server saat peristiwa Forgejo tertentu terpicu. Baca selengkapnya di <a target="_blank" rel="noopener noreferrer" href="%s">panduan webhook</a>.
+settings.webhook_deletion = Hapus webhook
+settings.webhook_deletion_desc = Menghapus webhook akan menghapus pengaturan dan riwayat pengirimannya. Lanjutkan?
+settings.webhook_deletion_success = Webhook telah dihapus.
+settings.webhook.test_delivery_desc = Uji webhook ini dengan peristiwa palsu.
+settings.webhook.test_delivery_desc_disabled = Untuk menguji webhook ini dengan peristiwa palsu, aktifkan terlebih dahulu.
+settings.webhook.replay.description = Putar ulang webhook ini.
+settings.webhook.replay.description_disabled = Untuk memutar ulang webhook ini, aktifkan terlebih dahulu.
+settings.webhook.delivery.success = Sebuah peristiwa telah ditambahkan ke antrian pengiriman. Mungkin perlu beberapa detik sebelum muncul di riwayat pengiriman.
+settings.githooks_desc = Hook Git ditenagai oleh Git itu sendiri. Anda dapat mengedit file hook di bawah ini untuk menyiapkan operasi khusus.
+settings.add_webhook_desc = Forgejo akan mengirimkan permintaan <code>POST</code> dengan Content-Type yang ditentukan ke URL target. Baca selengkapnya di <a target="_blank" rel="noopener noreferrer" href="%s">panduan webhook</a>.
+settings.payload_url = URL target
+settings.http_method = Metode HTTP
+settings.content_type = Jenis konten POST
+settings.slack_color = Warna
+settings.discord_icon_url.exceeds_max_length = URL ikon harus kurang dari atau sama dengan 2048 karakter
+settings.event_desc = Picu pada:
+settings.event_push_only = Peristiwa dorong
+settings.event_send_everything = Semua peristiwa
+settings.event_choose = Peristiwa khusus…
+settings.event_header_repository = Peristiwa repositori
+settings.event_create_desc = Cabang atau tag dibuat.
+settings.event_delete_desc = Cabang atau tag dihapus.
+settings.event_fork_desc = Repositori digarpu.
+settings.event_wiki_desc = Halaman wiki dibuat, diubah nama, diedit, atau dihapus.
+settings.event_release = Rilis
+settings.event_release_desc = Rilis diterbitkan, diperbarui, atau dihapus di repositori.
+settings.event_push_desc = Git push ke repositori.
+settings.event_repository_desc = Repositori dibuat atau dihapus.
+settings.event_header_issue = Peristiwa isu
+settings.event_issues_desc = Isu dibuka, ditutup, dibuka kembali, atau diedit.
+settings.event_issue_assign = Penugasan
+settings.event_issue_assign_desc = Isu ditugaskan atau dibatalkan penugasannya.
+settings.event_issue_label = Label
+settings.event_issue_label_desc = Label issue ditambahkan atau dihapus.
+settings.event_issue_milestone = Tonggak pencapaian
+settings.event_issue_milestone_desc = Tonggak pencapaian ditambahkan, dihapus, atau dimodifikasi.
+settings.event_issue_comment = Komentar
+settings.event_issue_comment_desc = Komentar issue dibuat, diedit, atau dihapus.
+settings.event_header_pull_request = Peristiwa permintaan tarik
+settings.event_pull_request_desc = Permintaan tarik dibuka, ditutup, dibuka kembali, atau diedit.
+settings.event_pull_request_assign = Penugasan
+settings.event_pull_request_assign_desc = Permintaan tarik ditugaskan atau dibatalkan penugasannya.
+settings.event_pull_request_label = Label
+settings.event_pull_request_label_desc = Label permintaan tarik ditambahkan atau dihapus.
+settings.event_pull_request_milestone = Tonggak pencapaian
+settings.event_pull_request_milestone_desc = Tonggak pencapaian ditambahkan, dihapus, atau dimodifikasi.
+settings.event_pull_request_comment = Komentar
+settings.event_pull_request_comment_desc = Komentar permintaan tarik dibuat, diedit, atau dihapus.
+settings.event_pull_request_review = Tinjauan
+settings.event_pull_request_review_desc = Permintaan tarik disetujui, ditolak, atau komentar tinjauan ditambahkan.
+settings.event_pull_request_sync = Disinkronkan
+settings.event_pull_request_sync_desc = Cabang diperbarui secara otomatis dengan cabang target.
+settings.event_pull_request_review_request = Permintaan tinjauan
+settings.event_pull_request_review_request_desc = Tinjauan permintaan tarik diminta atau permintaan tinjauan dihapus.
+settings.event_pull_request_approvals = Persetujuan permintaan tarik
+settings.event_pull_request_merge = Penggabungan permintaan tarik
+settings.event_pull_request_enforcement = Penegakan
+settings.event_header_action = Peristiwa Jalankan Aksi
+settings.event_action_failure = Kegagalan
+settings.event_action_failure_desc = Jalankan Aksi berakhir dengan kegagalan.
+settings.event_action_recover = Pemulihan
+settings.event_action_recover_desc = Jalankan Aksi berhasil setelah Jalankan Aksi terakhir dalam alur kerja yang sama gagal.
+settings.event_action_success = Berhasil
+settings.event_action_success_desc = Jalankan Aksi berhasil.
+settings.event_package = Paket
+settings.event_package_desc = Paket dibuat atau dihapus di repositori.
+settings.branch_filter = Filter cabang
+settings.branch_filter_desc = Daftar putih cabang untuk peristiwa dorong, pembuatan cabang, dan penghapusan cabang, ditentukan sebagai pola glob. Jika kosong atau <code>*</code>, peristiwa untuk semua cabang akan dilaporkan. Lihat dokumentasi <a href="%[1]s">%[2]s</a> untuk sintaks. Contoh: <code>master</code>, <code>{master,release*}</code>.
+settings.authorization_header = Header otorisasi
+settings.authorization_header_desc = Akan disertakan sebagai header otorisasi untuk permintaan jika ada. Contoh: %s.
+settings.active = Aktif
+settings.active_helper = Informasi tentang peristiwa yang dipicu akan dikirim ke URL webhook ini.
+settings.add_hook_success = Webhook telah ditambahkan.
+settings.update_hook_success = Webhook telah diperbarui.
+settings.delete_webhook = Hapus webhook
+settings.add_web_hook_desc = Integrasikan <a target="_blank" rel="noreferrer" href="%s">%s</a> ke dalam repositori Anda.
+settings.graphql_url = URL GraphQL
+settings.web_hook_name_gitea = Gitea
+settings.web_hook_name_forgejo = Forgejo
+settings.web_hook_name_gogs = Gogs
+settings.web_hook_name_slack = Slack
+settings.web_hook_name_discord = Discord
+settings.web_hook_name_dingtalk = DingTalk
+settings.web_hook_name_telegram = Telegram
+settings.web_hook_name_matrix = Matrix
+settings.web_hook_name_msteams = Microsoft Teams
+settings.web_hook_name_feishu = Feishu / Lark Suite
+settings.web_hook_name_feishu_only = Feishu
+settings.web_hook_name_larksuite_only = Lark Suite
+settings.web_hook_name_wechatwork = WeCom (Wechat Work)
+settings.web_hook_name_packagist = Packagist
+settings.packagist_username = Nama pengguna Packagist
+settings.packagist_api_token = Token API
+settings.packagist_package_url = URL paket Packagist
+settings.web_hook_name_sourcehut_builds = SourceHut Builds
+settings.sourcehut_builds.manifest_path = Jalur manifes build
+settings.sourcehut_builds.visibility = Visibilitas pekerjaan
+settings.sourcehut_builds.secrets = Rahasia
+settings.sourcehut_builds.secrets_helper = Berikan pekerjaan akses ke rahasia build (memerlukan izin SECRETS:RO)
+settings.sourcehut_builds.access_token_helper = Token akses yang memiliki izin JOBS:RW. Buat <a target="_blank" rel="noopener noreferrer" href="%s">token builds.sr.ht</a> atau <a target="_blank" rel="noopener noreferrer" href="%s">token builds.sr.ht dengan akses rahasia</a> di meta.sr.ht.
+settings.deploy_key_desc = Kunci deploy dapat memiliki akses hanya-baca atau baca-tulis ke repositori.
+settings.is_writable = Aktifkan akses tulis
+settings.is_writable_info = Izinkan kunci deploy ini untuk <strong>mendorong</strong> ke repositori.
+settings.no_deploy_keys = Belum ada kunci deploy.
+settings.key_been_used = Kunci deploy dengan konten yang identik sudah digunakan.
+settings.key_name_used = Kunci deploy dengan nama yang sama sudah ada.
+settings.add_key_success = Kunci deploy "%s" telah ditambahkan.
+settings.deploy_key_deletion = Hapus kunci deploy
+settings.deploy_key_deletion_desc = Menghapus kunci deploy akan mencabut aksesnya ke repositori ini. Lanjutkan?
+settings.deploy_key_deletion_success = Kunci deploy telah dihapus.
+settings.protected_branch.save_rule = Simpan aturan
+settings.protected_branch.delete_rule = Hapus aturan
+settings.branch_protection = Aturan perlindungan untuk cabang "<b>%s</b>"
+settings.protect_new_rule = Buat aturan perlindungan cabang baru
+settings.protect_disable_push = Nonaktifkan dorong
+settings.protect_disable_push_desc = Tidak ada pendorongan yang diizinkan ke cabang ini.
+settings.protect_enable_push = Aktifkan dorong
+settings.protect_enable_push_desc = Siapa pun dengan akses tulis akan diizinkan untuk mendorong ke cabang ini (tetapi tidak force push).
+settings.protect_enable_merge = Aktifkan penggabungan
+settings.protect_enable_merge_desc = Siapa pun dengan akses tulis akan diizinkan untuk menggabungkan permintaan tarik ke cabang ini.
+settings.protect_whitelist_committers = Daftar putih dorong yang dibatasi
+settings.protect_whitelist_committers_desc = Hanya pengguna atau tim yang masuk daftar putih yang diizinkan untuk mendorong ke cabang ini (tetapi tidak force push).
+settings.protect_whitelist_deploy_keys = Masukkan kunci deploy dengan akses tulis ke daftar putih untuk mendorong.
+settings.protect_whitelist_users = Pengguna yang masuk daftar putih untuk mendorong
+settings.protect_whitelist_teams = Tim yang masuk daftar putih untuk mendorong
+settings.protect_merge_whitelist_committers = Aktifkan daftar putih penggabungan
+settings.protect_merge_whitelist_committers_desc = Izinkan hanya pengguna atau tim yang masuk daftar putih untuk menggabungkan permintaan tarik ke cabang ini.
+settings.protect_merge_whitelist_users = Pengguna yang masuk daftar putih untuk penggabungan
+settings.protect_merge_whitelist_teams = Tim yang masuk daftar putih untuk penggabungan
+settings.protect_check_status_contexts = Aktifkan pemeriksaan status
+settings.protect_status_check_patterns = Pola pemeriksaan status
+settings.protect_status_check_patterns_desc = Masukkan pola untuk menentukan pemeriksaan status mana yang harus lulus sebelum cabang dapat digabungkan ke cabang yang cocok dengan aturan ini. Setiap baris menentukan satu pola. Pola tidak boleh kosong.
+settings.protect_check_status_contexts_desc = Wajibkan pemeriksaan status lulus sebelum penggabungan. Jika diaktifkan, commit harus terlebih dahulu didorong ke cabang lain, kemudian digabungkan atau didorong langsung ke cabang yang cocok dengan aturan ini setelah pemeriksaan status lulus. Jika tidak ada konteks yang cocok, commit terakhir harus berhasil terlepas dari konteksnya.
+settings.protect_check_status_contexts_list = Pemeriksaan status yang ditemukan dalam seminggu terakhir untuk repositori ini
+settings.protect_status_check_matched = Cocok
+settings.protect_invalid_status_check_pattern = Pola pemeriksaan status tidak valid: "%s".
+settings.protect_no_valid_status_check_patterns = Tidak ada pola pemeriksaan status yang valid.
+settings.protect_required_approvals = Persetujuan yang diperlukan
+settings.protect_required_approvals_desc = Izinkan penggabungan permintaan tarik hanya dengan cukup ulasan positif.
+settings.protect_approvals_whitelist_enabled = Batasi persetujuan untuk pengguna atau tim yang masuk daftar putih
+settings.protect_approvals_whitelist_enabled_desc = Hanya ulasan dari pengguna atau tim yang masuk daftar putih yang akan dihitung untuk persetujuan yang diperlukan. Tanpa daftar putih persetujuan, ulasan dari siapa pun dengan akses tulis akan dihitung untuk persetujuan yang diperlukan.
+settings.protect_approvals_whitelist_users = Pengulas yang masuk daftar putih
+settings.protect_approvals_whitelist_teams = Tim yang masuk daftar putih untuk ulasan
+settings.dismiss_stale_approvals = Abaikan persetujuan lama
+settings.dismiss_stale_approvals_desc = Ketika commit baru yang mengubah konten permintaan tarik didorong ke cabang, persetujuan lama akan diabaikan.
+settings.ignore_stale_approvals = Abaikan persetujuan yang sudah basi
+settings.ignore_stale_approvals_desc = Jangan hitung persetujuan yang dibuat pada commit yang lebih lama (ulasan basi) terhadap jumlah persetujuan yang dimiliki PR. Tidak relevan jika ulasan basi sudah diabaikan.
+settings.require_signed_commits = Wajibkan commit yang ditandatangani
+settings.require_signed_commits_desc = Tolak pendorongan ke cabang ini jika tidak ditandatangani atau tidak dapat diverifikasi.
+settings.protect_branch_name_pattern = Pola nama cabang yang dilindungi
+settings.protect_branch_name_pattern_desc = Pola nama cabang yang dilindungi. Lihat <a href="%s">dokumentasi</a> untuk sintaks pola. Contoh: main, release/**
+settings.protect_patterns = Pola
+settings.protect_protected_file_patterns = Pola file yang dilindungi (dipisahkan menggunakan titik koma ";")
+settings.protect_protected_file_patterns_desc = File yang dilindungi tidak diizinkan untuk diubah secara langsung meskipun pengguna memiliki hak untuk menambah, mengedit, atau menghapus file di cabang ini. Beberapa pola dapat dipisahkan menggunakan titik koma (";"). Lihat dokumentasi <a href="%[1]s">%[2]s</a> untuk sintaks pola. Contoh: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
+settings.protect_unprotected_file_patterns = Pola file yang tidak dilindungi (dipisahkan menggunakan titik koma ";")
+settings.protect_unprotected_file_patterns_desc = File yang tidak dilindungi yang diizinkan untuk diubah secara langsung jika pengguna memiliki akses tulis, melewati pembatasan dorong. Beberapa pola dapat dipisahkan menggunakan titik koma (";"). Lihat dokumentasi <a href="%[1]s">%[2]s</a> untuk sintaks pola. Contoh: <code>.drone.yml</code>, <code>/docs/**/*.txt</code>.
+settings.update_protect_branch_success = Perlindungan cabang untuk aturan "%s" telah diperbarui.
+settings.remove_protected_branch_success = Perlindungan cabang untuk aturan "%s" telah dihapus.
+settings.remove_protected_branch_failed = Penghapusan aturan perlindungan cabang "%s" gagal.
+settings.protected_branch_deletion = Hapus perlindungan cabang
+settings.protected_branch_deletion_desc = Menonaktifkan perlindungan cabang memungkinkan pengguna dengan izin tulis untuk mendorong ke cabang. Lanjutkan?
+settings.block_rejected_reviews = Blokir penggabungan pada ulasan yang ditolak
+settings.block_rejected_reviews_desc = Penggabungan tidak akan mungkin dilakukan ketika ada perubahan yang diminta oleh pengulas resmi, meskipun sudah ada cukup persetujuan.
+settings.block_on_official_review_requests = Blokir penggabungan pada permintaan tinjauan resmi
+settings.block_on_official_review_requests_desc = Penggabungan tidak akan mungkin dilakukan ketika ada permintaan tinjauan resmi, meskipun sudah ada cukup persetujuan.
+settings.block_outdated_branch = Blokir penggabungan jika permintaan tarik sudah ketinggalan
+settings.block_outdated_branch_desc = Penggabungan tidak akan mungkin dilakukan ketika cabang head tertinggal dari cabang dasar.
+settings.enforce_on_admins = Terapkan aturan ini untuk administrator repositori
+settings.enforce_on_admins_desc = Administrator repositori tidak dapat melewati aturan ini.
+settings.default_branch_desc = Pilih cabang repositori default untuk permintaan tarik dan commit kode:
+settings.merge_style_desc = Gaya penggabungan
+settings.default_merge_style_desc = Gaya penggabungan default
+settings.no_protected_branch = Tidak ada cabang yang dilindungi.
+settings.protected_branch_required_rule_name = Nama aturan diperlukan
+settings.protected_branch_duplicate_rule_name = Sudah ada aturan untuk kumpulan cabang ini
+settings.protected_branch_required_approvals_min = Persetujuan yang diperlukan tidak boleh negatif.
+settings.tags = Tag
+settings.tags.protection = Perlindungan tag
+settings.tags.protection.pattern = Pola tag
+settings.tags.protection.allowed = Diizinkan
+settings.tags.protection.allowed.users = Pengguna yang diizinkan
+settings.tags.protection.allowed.teams = Tim yang diizinkan
+settings.tags.protection.allowed.noone = Tidak ada
+settings.tags.protection.create = Tambah aturan
+settings.tags.protection.none = Tidak ada tag yang dilindungi.
+settings.tags.protection.pattern.description = Anda dapat menggunakan nama tunggal, pola glob, atau ekspresi reguler untuk mencocokkan beberapa tag. Baca selengkapnya di <a target="_blank" rel="noopener" href="%s">panduan tag yang dilindungi</a>.
+settings.bot_token = Token bot
+settings.chat_id = ID obrolan
+settings.thread_id = ID utas
+settings.matrix.homeserver_url = URL Homeserver
+settings.matrix.room_id = ID ruangan
+settings.matrix.message_type = Jenis pesan
+settings.matrix.access_token_helper = Disarankan untuk menyiapkan akun Matrix khusus untuk ini. Token akses dapat diambil dari klien web Element (di tab pribadi/incognito) > Menu pengguna (kiri atas) > Semua pengaturan > Bantuan & Tentang > Lanjutan > Token Akses (tepat di bawah URL Homeserver). Tutup tab pribadi/incognito (keluar akan membatalkan token).
+settings.matrix.room_id_helper = ID Ruangan dapat diambil dari klien web Element > Pengaturan Ruangan > Lanjutan > ID ruangan internal. Contoh: %s.
+settings.archive.button = Arsipkan repositori
+settings.archive.header = Arsipkan repositori ini
+settings.archive.text = Mengarsipkan repositori akan membuatnya sepenuhnya hanya-baca. Repositori akan disembunyikan dari dasbor. Tidak ada seorang pun (bahkan Anda!) yang dapat membuat commit baru, atau membuka issue atau permintaan tarik baru. Mendokumentasikan alasan pengarsipan disarankan untuk memandu pengembang di masa mendatang yang berencana melakukan fork repositori.
+settings.archive.success = Repositori berhasil diarsipkan.
+settings.archive.error = Terjadi kesalahan saat mencoba mengarsipkan repositori. Lihat log untuk detail selengkapnya.
+settings.archive.error_ismirror = Anda tidak dapat mengarsipkan repositori yang dicerminkan.
+settings.archive.branchsettings_unavailable = Pengaturan cabang tidak tersedia di repositori yang diarsipkan.
+settings.archive.tagsettings_unavailable = Pengaturan tag tidak tersedia di repositori yang diarsipkan.
+settings.archive.mirrors_unavailable = Cermin tidak tersedia di repositori yang diarsipkan.
+settings.unarchive.button = Batalkan pengarsipan repositori
+settings.unarchive.header = Batalkan pengarsipan repositori ini
+settings.unarchive.text = Membatalkan pengarsipan repositori akan memulihkan kemampuannya untuk menerima commit dan dorongan, serta issue dan permintaan tarik baru.
+settings.unarchive.success = Repositori berhasil dibatalkan pengarsipannya.
+settings.unarchive.error = Terjadi kesalahan saat mencoba membatalkan pengarsipan repositori. Lihat log untuk detail selengkapnya.
+settings.update_avatar_success = Avatar repositori telah diperbarui.
+settings.lfs = LFS
+settings.lfs_filelist = File LFS yang tersimpan di repositori ini
+settings.lfs_no_lfs_files = Tidak ada file LFS yang tersimpan di repositori ini
+settings.lfs_findcommits = Temukan komit
+settings.lfs_lfs_file_no_commits = Tidak ada commit yang ditemukan untuk file LFS ini
+settings.lfs_noattribute = Jalur ini tidak memiliki atribut lockable di cabang default
+settings.lfs_delete = Hapus file LFS dengan OID %s
+settings.lfs_delete_warning = Menghapus file LFS dapat menyebabkan kesalahan "objek tidak ada" saat checkout. Apakah Anda yakin?
+settings.lfs_findpointerfiles = Temukan file pointer
+settings.lfs_locks = Kunci
+settings.lfs_invalid_locking_path = Jalur tidak valid: %s
+settings.lfs_invalid_lock_directory = Tidak dapat mengunci direktori: %s
+settings.lfs_lock_already_exists = Kunci sudah ada: %s
+settings.lfs_lock = Kunci
+settings.lfs_lock_path = Jalur file untuk dikunci…
+settings.lfs_locks_no_locks = Tidak ada kunci
+settings.lfs_lock_file_no_exist = File yang dikunci tidak ada di cabang default
+settings.lfs_force_unlock = Paksa buka kunci
+settings.lfs_pointers.found = Ditemukan %d pointer blob - %d terkait, %d tidak terkait (%d tidak ada di penyimpanan)
+settings.lfs_pointers.sha = Hash blob
+settings.lfs_pointers.oid = OID
+settings.lfs_pointers.inRepo = Di repositori
+settings.lfs_pointers.exists = Ada di penyimpanan
+settings.lfs_pointers.accessible = Dapat diakses oleh pengguna
+settings.lfs_pointers.associateAccessible = Kaitkan %d OID yang dapat diakses
+settings.rename_branch_failed_protected = Tidak dapat mengubah nama cabang %s karena merupakan cabang yang dilindungi.
+settings.rename_branch_failed_exist = Tidak dapat mengubah nama cabang karena cabang target %s sudah ada.
+settings.rename_branch_failed_not_exist = Tidak dapat mengubah nama cabang %s karena tidak ada.
+settings.rename_branch_success = Cabang %s berhasil diubah namanya menjadi %s.
+settings.rename_branch = Ubah nama cabang
+diff.git-notes = Catatan
+diff.git-notes.add = Tambah catatan
+diff.git-notes.remove-header = Hapus catatan
+diff.git-notes.remove-body = Catatan ini akan dihapus.
+diff.options_button = Opsi diff
+diff.download_patch = Unduh file patch
+diff.download_diff = Unduh file diff
+diff.whitespace_button = Spasi
+diff.whitespace_show_everything = Tampilkan semua perubahan
+diff.whitespace_ignore_all_whitespace = Abaikan spasi saat membandingkan baris
+diff.whitespace_ignore_amount_changes = Abaikan perubahan jumlah spasi
+diff.whitespace_ignore_at_eol = Abaikan perubahan spasi di akhir baris
+diff.stats_desc_file = %d perubahan: %d penambahan dan %d penghapusan
+diff.bin_not_shown = File biner tidak ditampilkan.
+diff.file_before = Sebelum
+diff.file_after = Sesudah
+diff.file_image_width = Lebar
+diff.file_image_height = Tinggi
+diff.file_suppressed_line_too_long = Diff file disembunyikan karena satu atau lebih baris terlalu panjang
+diff.too_many_files = Beberapa file tidak ditampilkan karena terlalu banyak file yang berubah dalam diff ini
+diff.show_more = Tampilkan lebih banyak
+diff.load = Muat diff
+diff.generated = dihasilkan
+diff.vendored = di-vendor
+diff.comment.add_line_comment = Tambah komentar baris
+diff.comment.placeholder = Tinggalkan komentar
+diff.comment.markdown_info = Pemformatan dengan Markdown didukung.
+diff.comment.add_single_comment = Tambah komentar tunggal
+diff.comment.add_review_comment = Tambah komentar
+diff.comment.start_review = Mulai tinjauan
+diff.comment.reply = Balas
+diff.review = Selesaikan tinjauan
+diff.review.header = Kirim tinjauan
+diff.review.placeholder = Komentar tinjauan
+diff.review.comment = Komentar
+diff.review.approve = Setujui
+diff.review.self_reject = Penulis permintaan tarik tidak dapat meminta perubahan pada permintaan tarik mereka sendiri
+diff.review.reject = Minta perubahan
+diff.review.self_approve = Penulis permintaan tarik tidak dapat menyetujui permintaan tarik mereka sendiri
+diff.committed_by = di-commit oleh
+diff.protected = Dilindungi
+diff.image.side_by_side = Berdampingan
+diff.image.swipe = Geser
+diff.image.overlay = Tumpang tindih
+diff.show_file_tree = Tampilkan pohon file
+diff.hide_file_tree = Sembunyikan pohon file
+release.detail = Detail rilis
+release.tags = Tag
+release.compare = Bandingkan
+release.ahead.commits = <strong>%d</strong> komit
+release.ahead.target = ke %s sejak rilis ini
+release.new_subheader = Rilis mengorganisasi versi proyek.
+release.edit_subheader = Rilis mengorganisasi versi proyek.
+release.tag_helper = Pilih tag yang sudah ada atau buat tag baru.
+release.tag_helper_new = Tag baru. Tag ini akan dibuat dari target.
+release.tag_helper_existing = Tag yang sudah ada.
+release.title = Judul rilis
+release.title_empty = Judul tidak boleh kosong.
+release.message = Deskripsikan rilis ini
+release.prerelease_desc = Tandai sebagai pra-rilis
+release.prerelease_helper = Tandai rilis ini tidak cocok untuk penggunaan produksi.
+release.edit_release = Perbarui rilis
+release.delete_release = Hapus rilis
+release.delete_tag = Hapus tag
+release.deletion = Hapus rilis
+release.deletion_desc = Menghapus rilis hanya menghapusnya dari Forgejo. Ini tidak akan memengaruhi tag Git, konten repositori, atau riwayatnya. Lanjutkan?
+release.deletion_tag_desc = Akan menghapus tag ini dari repositori. Konten dan riwayat repositori tidak berubah. Lanjutkan?
+release.deletion_tag_success = Tag telah dihapus.
+release.tag_name_already_exist = Rilis dengan nama tag ini sudah ada.
+release.tag_name_invalid = Nama tag tidak valid.
+release.tag_name_protected = Nama tag dilindungi.
+release.add_tag_msg = Gunakan judul dan konten rilis sebagai pesan tag.
+release.hide_archive_links = Sembunyikan arsip yang dihasilkan secara otomatis
+release.hide_archive_links_helper = Sembunyikan arsip kode sumber yang dihasilkan secara otomatis untuk rilis ini. Misalnya, jika Anda mengunggah sendiri.
+release.add_tag = Buat tag
+release.releases_for = Rilis untuk %s
+release.tags_for = Tag untuk %s
+release.system_generated = Lampiran ini dihasilkan secara otomatis.
+release.type_attachment = Lampiran
+release.type_external_asset = Aset eksternal
+release.asset_name = Nama aset
+release.asset_external_url = URL eksternal
+release.add_external_asset = Tambah aset eksternal
+release.invalid_external_url = URL eksternal tidak valid: "%s"
+release.summary_card_alt = Kartu ringkasan rilis berjudul "%s" di repositori %s
+branch.name = Nama cabang
+branch.already_exists = Cabang bernama "%s" sudah ada.
+branch.delete = Hapus cabang "%s"
+branch.delete_desc = Menghapus cabang bersifat permanen. Meskipun cabang yang dihapus mungkin masih ada untuk sementara waktu sebelum benar-benar dihapus, tindakan ini TIDAK DAPAT dibatalkan dalam sebagian besar kasus. Lanjutkan?
+branch.deletion_success = Cabang "%s" telah dihapus.
+branch.deletion_failed = Gagal menghapus cabang "%s".
+branch.delete_branch_has_new_commits = Cabang "%s" tidak dapat dihapus karena commit baru telah ditambahkan setelah penggabungan.
+branch.create_from = dari "%s"
+branch.create_success = Cabang "%s" telah dibuat.
+branch.branch_already_exists = Cabang "%s" sudah ada di repositori ini.
+branch.branch_name_conflict = Nama cabang "%s" berkonflik dengan cabang yang sudah ada "%s".
+branch.tag_collision = Cabang "%s" tidak dapat dibuat karena tag dengan nama yang sama sudah ada di repositori.
+branch.restore_success = Cabang "%s" telah dipulihkan.
+branch.restore_failed = Gagal memulihkan cabang "%s".
+branch.protected_deletion_failed = Cabang "%s" dilindungi. Tidak dapat dihapus.
+branch.default_deletion_failed = Cabang "%s" adalah cabang default. Tidak dapat dihapus.
+branch.restore = Pulihkan cabang "%s"
+branch.download = Unduh cabang "%s"
+branch.rename = Ubah nama cabang "%s"
+branch.included_desc = Cabang ini adalah bagian dari cabang default
+branch.included = Disertakan
+branch.create_new_branch = Buat cabang dari cabang:
+branch.confirm_create_branch = Buat cabang
+branch.warning_rename_default_branch = Anda sedang mengubah nama cabang default.
+branch.rename_branch_to = Mengubah nama cabang "%s".
+branch.create_branch_operation = Buat cabang
+branch.new_branch = Buat cabang baru
+branch.new_branch_from = Buat cabang baru dari "%s"
+branch.renamed = Cabang %s diubah namanya menjadi %s.
+tag.create_tag = Buat tag %s
+tag.create_tag_operation = Buat tag
+tag.confirm_create_tag = Buat tag
+tag.create_tag_from = Buat tag baru dari "%s"
+tag.create_success = Tag "%s" telah dibuat.
+topic.manage_topics = Kelola topik
+topic.count_prompt = Anda tidak dapat memilih lebih dari 25 topik
+topic.format_prompt = Topik harus diawali dengan huruf atau angka, dapat mengandung tanda hubung ("-") dan titik ("."), panjang maksimal 35 karakter. Huruf harus menggunakan huruf kecil.
+find_file.go_to_file = Temukan file
+find_file.no_matching = Tidak ada file yang cocok ditemukan
+error.csv.too_large = Tidak dapat merender file ini karena terlalu besar.
+error.csv.unexpected = Tidak dapat merender file ini karena mengandung karakter tak terduga di baris %d kolom %d.
+error.csv.invalid_field_count = Tidak dapat merender file ini karena memiliki jumlah kolom yang salah di baris %d.
 
 [graphs]
+component_loading = Memuat %s…
+component_loading_failed = Tidak dapat memuat %s
+component_loading_info = Ini mungkin membutuhkan waktu sebentar…
+component_failed_to_load = Terjadi kesalahan yang tidak terduga.
+code_frequency.what = frekuensi kode
+contributors.what = kontribusi
+recent_commits.what = komit terbaru
 
 [org]
-org_name_holder=Nama Organisasi
-org_full_name_holder=Organisasi Nama Lengkap
-create_org=Buat Organisasi
+org_name_holder=Nama organisasi
+org_full_name_holder=Nama lengkap organisasi
+create_org=Buat organisasi
 repo_updated=Diperbarui %s
 members=Anggota
 teams=Tim
 lower_members=anggota
 lower_repositories=repositori
-create_new_team=Tim Baru
-create_team=Buat Tim Baru
+create_new_team=Tim baru
+create_team=Buat tim
 org_desc=Deskripsi
 team_name=Nama tim
 team_desc=Deskripsi
@@ -1005,17 +2758,17 @@ settings.website=Situs web
 settings.location=Lokasi
 settings.visibility.private_shortname=Pribadi
 
-settings.update_settings=Perbarui Setelan
+settings.update_settings=Perbarui pengaturan
 settings.update_setting_success=Pengaturan organisasi telah diperbarui.
-settings.delete=Menghapus Organisasi
-settings.delete_account=Menghapus Organisasi Ini
-settings.confirm_delete_account=Konfirmasi Penghapusan
-settings.delete_org_title=Menghapus Organisasi
+settings.delete=Hapus organisasi
+settings.delete_account=Hapus organisasi ini
+settings.confirm_delete_account=Konfirmasi penghapusan
+settings.delete_org_title=Hapus organisasi
 settings.hooks_desc=Tambahkan webhooks yang akan dipicu untuk <strong>semua repositori</strong> di bawah organisasi ini.
 
 
 members.membership_visibility=Visibilitas Keanggotaan:
-members.member_role=Peran Anggota:
+members.member_role=Peran anggota:
 members.owner=Pemilik
 members.member=Anggota
 members.remove=Menghapus
@@ -1029,18 +2782,81 @@ teams.read_access=Dibaca
 teams.no_desc=Tim ini tidak memiliki keterangan
 teams.settings=Pengaturan
 teams.members=Anggota tim
-teams.update_settings=Memperbarui pengaturan
-teams.add_team_member=Tambahkan Anggota Tim
+teams.update_settings=Perbarui pengaturan
+teams.add_team_member=Tambah anggota tim
 teams.delete_team_success=Tim sudah di hapus.
 teams.repositories=Tim repositori
 settings.visibility.public = Publik
+org_name_helper = Nama organisasi sebaiknya singkat dan mudah diingat.
+open_dashboard = Buka dasbor
+code = Kode
+team_name_helper = Nama tim sebaiknya singkat dan mudah diingat.
+team_desc_helper = Deskripsikan tujuan atau peran tim.
+team_permission_desc = Izin
+team_unit_desc = Izinkan akses ke bagian repositori
+team_unit_disabled = (Dinonaktifkan)
+follow_blocked_user = Anda tidak dapat mengikuti organisasi ini karena organisasi ini telah memblokir Anda.
+form.name_reserved = Nama organisasi "%s" sudah dipesan.
+form.name_pattern_not_allowed = Pola "%s" tidak diizinkan dalam nama organisasi.
+form.create_org_not_allowed = Anda tidak diizinkan membuat organisasi.
+settings.options = Organisasi
+settings.email = Email kontak
+settings.permission = Izin
+settings.repoadminchangeteam = Admin repositori dapat menambah dan menghapus akses untuk tim
+settings.visibility = Visibilitas
+settings.visibility.limited = Terbatas (hanya terlihat oleh pengguna yang masuk)
+settings.visibility.limited_shortname = Terbatas
+settings.visibility.private = Privat (hanya terlihat oleh anggota organisasi)
+settings.change_orgname_prompt = Catatan: Mengubah nama organisasi juga akan mengubah URL organisasi Anda dan membebaskan nama lama.
+settings.change_orgname_redirect_prompt = Nama lama akan diarahkan ulang sampai diklaim.
+settings.change_orgname_redirect_prompt.with_cooldown.one = Nama organisasi lama akan tersedia untuk semua orang setelah masa tunggu %[1]d hari. Anda masih dapat mengklaim kembali nama lama selama masa tunggu.
+settings.change_orgname_redirect_prompt.with_cooldown.few = Nama organisasi lama akan tersedia untuk semua orang setelah masa tunggu %[1]d hari. Anda masih dapat mengklaim kembali nama lama selama masa tunggu.
+settings.update_avatar_success = Avatar organisasi telah diperbarui.
+settings.delete_prompt = Organisasi akan dihapus secara permanen. Tindakan ini <strong>TIDAK DAPAT</strong> dibatalkan!
+settings.delete_org_desc = Organisasi ini akan dihapus secara permanen. Lanjutkan?
+settings.labels_desc = Tambahkan label yang dapat digunakan pada issue untuk <strong>semua repositori</strong> di bawah organisasi ini.
+members.public_helper = Sembunyikan
+members.private = Tersembunyi
+members.private_helper = Tampilkan
+members.remove.detail = Hapus %[1]s dari %[2]s?
+members.leave.detail = Apakah Anda yakin ingin meninggalkan organisasi "%s"?
+teams.leave.detail = Apakah Anda yakin ingin meninggalkan tim "%s"?
+teams.can_create_org_repo = Buat repositori
+teams.can_create_org_repo_helper = Anggota dapat membuat repositori baru di organisasi. Pembuat akan mendapatkan akses administrator ke repositori baru.
+teams.none_access = Tanpa akses
+teams.none_access_helper = Opsi "tanpa akses" hanya berpengaruh pada repositori privat.
+teams.general_access = Akses khusus
+teams.general_access_helper = Izin anggota akan ditentukan berdasarkan tabel izin di bawah ini.
+teams.write_access = Tulis
+teams.admin_access = Akses administrator
+teams.admin_access_helper = Anggota dapat menarik dan mendorong ke repositori tim serta menambahkan kolaborator ke repositori tersebut.
+teams.owners_permission_desc = Pemilik memiliki akses penuh ke <strong>semua repositori</strong> dan memiliki <strong>akses administrator</strong> ke organisasi.
+teams.delete_team = Hapus tim
+teams.invite_team_member = Undang ke %s
+teams.invite_team_member.list = Undangan yang tertunda
+teams.delete_team_title = Hapus tim
+teams.delete_team_desc = Menghapus tim akan mencabut akses repositori dari anggotanya. Lanjutkan?
+teams.admin_permission_desc = Tim ini memberikan akses <strong>Administrator</strong>: anggota dapat membaca, mendorong, dan menambahkan kolaborator ke repositori tim.
+teams.remove_all_repos_desc = Ini akan menghapus semua repositori dari tim.
+teams.add_all_repos_desc = Ini akan menambahkan semua repositori organisasi ke tim.
+teams.add_nonexistent_repo = Repositori yang ingin Anda tambahkan tidak ada, silakan buat terlebih dahulu.
+teams.add_duplicate_users = Pengguna sudah menjadi anggota tim.
+teams.repos.none = Tidak ada repositori yang dapat diakses oleh tim ini.
+teams.members.none = Tidak ada anggota di tim ini.
+teams.specific_repositories = Repositori tertentu
+teams.specific_repositories_helper = Anggota hanya akan memiliki akses ke repositori yang secara eksplisit ditambahkan ke tim. Memilih ini <strong>tidak akan</strong> secara otomatis menghapus repositori yang sudah ditambahkan dengan <i>Semua repositori</i>.
+teams.all_repositories = Semua repositori
+teams.all_repositories_helper = Tim memiliki akses ke semua repositori. Memilih ini akan <strong>menambahkan semua</strong> repositori yang ada ke tim.
+teams.invite.title = Anda telah diundang untuk bergabung dengan tim <strong>%s</strong> di organisasi <strong>%s</strong>.
+teams.invite.by = Diundang oleh %s
+teams.invite.description = Silakan klik tombol di bawah ini untuk bergabung dengan tim.
 
 [admin]
 dashboard=Dasbor
 organizations=Organisasi
 repositories=Repositori
 config=Konfigurasi
-notices=Pemberitahuan Sistem
+notices=Pemberitahuan sistem
 monitor=Memantau
 first_page=Pertama
 last_page=Terakhir
@@ -1053,51 +2869,51 @@ dashboard.clean_unbind_oauth=Bersihkan koneksi OAuth yang tidak terikat
 dashboard.clean_unbind_oauth_success=Semua koneksi OAuth yang tidak terikat telah dihapus.
 dashboard.reinit_missing_repos=Menginstal kembali semua repositori Git yang hilang dimana ada catatan
 dashboard.sync_external_users=Sinkronkan data pengguna eksternal
-dashboard.server_uptime=Waktu tambahan server
-dashboard.current_goroutine=Goroutin saat ini
+dashboard.server_uptime=Waktu aktif server
+dashboard.current_goroutine=Goroutine saat ini
 dashboard.current_memory_usage=Penggunaan memori saat ini
-dashboard.total_memory_allocated=Total memori dialokasikan
-dashboard.memory_obtained=Memori yang didapat
-dashboard.pointer_lookup_times=Menunjukkan waktu pencarian
-dashboard.current_heap_usage=Penggunaan tumpukan saat ini
-dashboard.heap_memory_obtained=Tumpukan memori yang didapat
-dashboard.heap_memory_idle=Tumpukan memori yang menganggur
-dashboard.heap_memory_in_use=Tumpukan memori yang digunakan
-dashboard.heap_memory_released=Tumpukan memori dirilis
-dashboard.heap_objects=Benda tumpukan
-dashboard.bootstrap_stack_usage=Penggunaan bootstrap Stack
-dashboard.stack_memory_obtained=Memori Stack Didapat
+dashboard.total_memory_allocated=Total memori yang dialokasikan
+dashboard.memory_obtained=Memori yang diperoleh
+dashboard.pointer_lookup_times=Jumlah pencarian pointer
+dashboard.current_heap_usage=Penggunaan heap saat ini
+dashboard.heap_memory_obtained=Memori heap yang diperoleh
+dashboard.heap_memory_idle=Memori heap yang menganggur
+dashboard.heap_memory_in_use=Memori heap yang digunakan
+dashboard.heap_memory_released=Memori heap yang dilepaskan
+dashboard.heap_objects=Objek heap
+dashboard.bootstrap_stack_usage=Penggunaan stack bootstrap
+dashboard.stack_memory_obtained=Memori stack yang diperoleh
 dashboard.mspan_structures_usage=Penggunaan struktur MSpan
-dashboard.mspan_structures_obtained=Struktur MSpan didapatkan
+dashboard.mspan_structures_obtained=Struktur MSpan yang diperoleh
 dashboard.mcache_structures_usage=Penggunaan struktur MCache
-dashboard.mcache_structures_obtained=Struktur MCache didapatkan
-dashboard.profiling_bucket_hash_table_obtained=Profil Meja Bucket Hash Yang Diperoleh
-dashboard.gc_metadata_obtained=Metadata GC didapatkan
-dashboard.other_system_allocation_obtained=Alokasi Sistem Lainnya Yang Diperoleh
-dashboard.next_gc_recycle=Selanjutnya GC Recycle
-dashboard.last_gc_time=Sejak waktu GC terakhir
-dashboard.total_gc_pause=Total GC di jeda
-dashboard.last_gc_pause=GC di jeda terakhir
-dashboard.gc_times=Waktu GC
+dashboard.mcache_structures_obtained=Struktur MCache yang diperoleh
+dashboard.profiling_bucket_hash_table_obtained=Tabel hash bucket pemrofilan yang diperoleh
+dashboard.gc_metadata_obtained=Metadata GC yang diperoleh
+dashboard.other_system_allocation_obtained=Alokasi sistem lainnya yang diperoleh
+dashboard.next_gc_recycle=Daur ulang GC berikutnya
+dashboard.last_gc_time=Waktu sejak GC terakhir
+dashboard.total_gc_pause=Total jeda GC
+dashboard.last_gc_pause=Jeda GC terakhir
+dashboard.gc_times=Jumlah GC
 
-users.full_name=Nama Lengkap
+users.full_name=Nama lengkap
 users.activated=Diaktifkan
 users.admin=Pengelola
 users.repos=Repo
 users.created=Dibuat
 users.edit=Edit
-users.auth_source=Sumber Otentikasi
+users.auth_source=Sumber autentikasi
 users.local=Lokal
 users.list_status_filter.is_admin=Pengelola
 
 emails.activated=Diaktifkan
 
-orgs.org_manage_panel=Manajemen Organisasi
+orgs.org_manage_panel=Kelola organisasi
 orgs.name=Nama
 orgs.teams=Tim
 orgs.members=Anggota
 
-repos.repo_manage_panel=Manajemen Repositori
+repos.repo_manage_panel=Kelola repositori
 repos.owner=Pemilik
 repos.name=Nama
 repos.private=Pribadi
@@ -1116,26 +2932,26 @@ auths.name=Nama
 auths.type=Jenis
 auths.enabled=Aktif
 auths.updated=Diperbarui
-auths.auth_type=Jenis otentikasi
-auths.auth_name=Nama otentikasi
+auths.auth_type=Jenis autentikasi
+auths.auth_name=Nama autentikasi
 auths.security_protocol=Protokol keamanan
 auths.domain=Domain
 auths.host=Host
 auths.port=Port
 auths.bind_dn=Mengikat DN
-auths.bind_password=Mengikat kata sandi
+auths.bind_password=Kata sandi bind
 auths.user_base=Basis pencarian pengguna
 auths.user_dn=Pengguna DN
-auths.filter=Menyaring pengguna
-auths.admin_filter=Menyaring admin
+auths.filter=Filter pengguna
+auths.admin_filter=Filter admin
 auths.ms_ad_sa=Pencarian atribut MS AD
-auths.smtp_auth=Jenis otentikasi SMTP
+auths.smtp_auth=Jenis autentikasi SMTP
 auths.smtphost=Host SMTP
 auths.smtpport=Port SMTP
 auths.allowed_domains=Domain yang diizinkan
 auths.skip_tls_verify=Lewati verifikasi TLS
 auths.pam_service_name=Nama layanan PAM
-auths.oauth2_provider=Penyediaan OAuth2
+auths.oauth2_provider=Penyedia OAuth2
 auths.oauth2_clientID=ID klien (kunci)
 auths.oauth2_clientSecret=Rahasia klien
 auths.openIdConnectAutoDiscoveryURL=Buka ID yang terhubung langsung dengan jelajah otomatis URL
@@ -1144,34 +2960,34 @@ auths.oauth2_authURL=Mengizinkan URL
 auths.oauth2_profileURL=Profil URL
 auths.oauth2_emailURL=Email URL
 auths.tips=Cara
-auths.tips.oauth2.general=Otentikasi OAuth2
-auths.tip.oauth2_provider=Penyediaan OAuth2
+auths.tips.oauth2.general=Autentikasi OAuth2
+auths.tip.oauth2_provider=Penyedia OAuth2
 auths.tip.dropbox=Membuat aplikasi baru di %s
 auths.tip.facebook=`Daftarkan sebuah aplikasi baru di %s dan tambakan produk "Facebook Masuk"`
 auths.tip.github=Mendaftar aplikasi OAuth baru di %s
 auths.tip.openid_connect=Gunakan membuka ID yang terhubung ke jelajah URL (<server>/.well-known/openid-configuration) untuk menentukan titik akhir
-auths.delete=Menghapus Otentikasi Sumber
-auths.delete_auth_title=Menghapus Otentikasi Sumber
+auths.delete=Hapus sumber autentikasi
+auths.delete_auth_title=Hapus sumber autentikasi
 
-config.server_config=Pengaturan Server
+config.server_config=Konfigurasi server
 config.app_ver=Versi Forgejo
 config.custom_conf=Jalur berkas konfigurasi
-config.disable_router_log=Menonaktifkan router log
-config.run_mode=Jalankan mode
+config.disable_router_log=Nonaktifkan log router
+config.run_mode=Mode jalankan
 config.git_version=Versi Git
-config.repo_root_path=Jalur akar repositori
+config.repo_root_path=Jalur root repositori
 config.lfs_root_path=Path Root LFS
 config.script_type=Jenis skrip
-config.reverse_auth_user=Mengembalikan pengguna otentikasi
+config.reverse_auth_user=Pengguna autentikasi proxy terbalik
 
 config.ssh_config=Konfigurasi SSH
 config.ssh_enabled=Aktif
 config.ssh_port=Port
-config.ssh_listen_port=Listen Port
-config.ssh_root_path=Path Induk
-config.ssh_key_test_path=Path Key Test
-config.ssh_keygen_path=Path Keygen ('ssh-keygen')
-config.ssh_minimum_key_size_check=Periksa ukuran kunci minimum
+config.ssh_listen_port=Port dengar
+config.ssh_root_path=Jalur root
+config.ssh_key_test_path=Jalur uji kunci
+config.ssh_keygen_path=Jalur Keygen ("ssh-keygen")
+config.ssh_minimum_key_size_check=Pemeriksaan ukuran kunci minimum
 config.ssh_minimum_key_sizes=Ukuran kunci minimum
 
 config.lfs_config=Konfigurasi LFS
@@ -1187,18 +3003,18 @@ config.db_ssl_mode=SSL
 config.db_path=Jalur
 
 config.service_config=Konfigurasi layanan
-config.register_email_confirm=Perlu Konfirmasi Email Saat Pendaftaran
-config.enable_openid_signin=Aktifkan Login OpenID
-config.show_registration_button=Tampilkan tombol mendaftar
-config.require_sign_in_view=Harus Login Untuk Melihat Halaman
-config.mail_notify=Aktifkan Notifikasi Email
+config.register_email_confirm=Wajibkan konfirmasi email untuk mendaftar
+config.enable_openid_signin=Aktifkan masuk OpenID
+config.show_registration_button=Tampilkan tombol daftar
+config.require_sign_in_view=Wajibkan masuk untuk melihat konten
+config.mail_notify=Aktifkan pemberitahuan email
 config.enable_captcha=Aktifkan CAPTCHA
-config.active_code_lives=Kode aktif hidup
+config.active_code_lives=Waktu kedaluwarsa kode aktivasi
 
-config.webhook_config=Konfigurasi Webhook
+config.webhook_config=Konfigurasi webhook
 config.queue_length=Panjang antrian
-config.deliver_timeout=Berikan waktu habis
-config.skip_tls_verify=Melewatkan verifikasi TLS
+config.deliver_timeout=Batas waktu pengiriman
+config.skip_tls_verify=Lewati verifikasi TLS
 
 config.mailer_enabled=Diaktifkan
 config.mailer_name=Nama
@@ -1207,7 +3023,7 @@ config.mailer_user=Pengguna
 config.mailer_use_sendmail=Menggunakan Sendmail
 config.mailer_sendmail_path=Jalur Sendmail
 config.mailer_sendmail_args=Argumen tambahan untuk Sendmail
-config.send_test_mail=Kirim Email Percobaan
+config.send_test_mail=Kirim email uji
 
 config.oauth_config=Konfigurasi OAuth
 config.oauth_enabled=Diaktifkan
@@ -1217,39 +3033,39 @@ config.cache_adapter=Adaptor cache
 config.cache_interval=Interval cache
 config.cache_conn=Koneksi cache
 
-config.session_config=Sesi konfigurasi
-config.session_provider=Sesi penyedia
+config.session_config=Konfigurasi sesi
+config.session_provider=Penyedia sesi
 config.provider_config=Konfigurasi penyedia
 config.cookie_name=Nama cookie
 config.gc_interval_time=Waktu interval GC
-config.session_life_time=Sesi jangka waktu
+config.session_life_time=Masa berlaku sesi
 config.https_only=Hanya HTTPS
 config.cookie_life_time=Jangka waktu cookie
 
-config.picture_config=Pengaturan Foto dan Avatar
+config.picture_config=Konfigurasi gambar dan avatar
 config.picture_service=Gambar layanan
 config.disable_gravatar=Menonaktifkan Gravatar
-config.enable_federated_avatar=Aktifkan pencarian avatar
+config.enable_federated_avatar=Aktifkan avatar terfederasi
 
 config.git_config=Konfigurasi Git
-config.git_disable_diff_highlight=Menonaktifkan Diff Syntax utama
-config.git_max_diff_lines=Garis Max Diff (untuk berkas tunggal)
-config.git_max_diff_line_characters=Karakter Max Diff (untuk garis tunggal)
-config.git_max_diff_files=Berkas Max Diff (untuk ditampilkan)
+config.git_disable_diff_highlight=Nonaktifkan penyorotan sintaks diff
+config.git_max_diff_lines=Maks baris diff per file
+config.git_max_diff_line_characters=Maks karakter diff per baris
+config.git_max_diff_files=Maks file diff yang ditampilkan
 config.git_gc_args=Argumen GC
-config.git_migrate_timeout=Batas Waktu Migrasi
-config.git_mirror_timeout=Waktu habis untuk memperbarui cermin
-config.git_clone_timeout=Waktu habis operasi klon
-config.git_pull_timeout=Waktu habis tarik operasi
-config.git_gc_timeout=Waktu habis operasi GC
+config.git_migrate_timeout=Batas waktu migrasi
+config.git_mirror_timeout=Batas waktu pembaruan cermin
+config.git_clone_timeout=Batas waktu operasi klon
+config.git_pull_timeout=Batas waktu operasi tarik
+config.git_gc_timeout=Batas waktu operasi GC
 
-config.log_config=Catat konfigurasi
+config.log_config=Konfigurasi log
 config.disabled_logger=Nonaktif
 config.xorm_log_sql=Catatan SQL
 
 
 
-monitor.cron=Tugas Cron
+monitor.cron=Tugas cron
 monitor.name=Nama
 monitor.schedule=Jadwal
 monitor.next=Waktu selanjutnya
@@ -1259,28 +3075,28 @@ monitor.desc=Deskripsi
 monitor.start=Waktu mulai
 monitor.execute_time=Waktu pelaksanaan
 monitor.process.cancel=Batalkan proses
-monitor.process.cancel_desc=Membatalkan sebuah proses bisa mengakibatkan hilangnya data
+monitor.process.cancel_desc=Membatalkan proses dapat menyebabkan kehilangan data
 
 monitor.queues=Antrian
 monitor.queue=Antrian: %s
 monitor.queue.name=Nama
 monitor.queue.type=Tipe
 monitor.queue.exemplar=Contoh Tipe
-monitor.queue.numberworkers=Jumlah Worker
-monitor.queue.maxnumberworkers=Jumlah Maks. Worker
-monitor.queue.settings.title=Pengaturan Kelompok
+monitor.queue.numberworkers=Jumlah pekerja
+monitor.queue.maxnumberworkers=Jumlah maksimum pekerja
+monitor.queue.settings.title=Pengaturan pool
 monitor.queue.settings.maxnumberworkers=Jumlah Maks. Worker
 monitor.queue.settings.maxnumberworkers.error=Jumlah maks. worker haruslah sebuah angka
-monitor.queue.settings.submit=Perbarui Pengaturan
+monitor.queue.settings.submit=Perbarui pengaturan
 monitor.queue.settings.changed=Pengaturan diperbarui
 
 notices.system_notice_list=Pemberitahuan sistem
-notices.view_detail_header=Lihat rincian pemberitahuan
+notices.view_detail_header=Detail pemberitahuan
 notices.select_all=Pilih semua
-notices.deselect_all=Tidak pilih semua
-notices.inverse_selection=Seleksi terbalik
+notices.deselect_all=Batalkan pilihan semua
+notices.inverse_selection=Balik pilihan
 notices.delete_selected=Hapus yang dipilih
-notices.delete_all=Menghapus semua pemberitahuan
+notices.delete_all=Hapus semua pemberitahuan
 notices.type=Jenis
 notices.type_1=Repositori
 notices.desc=Deskripsi
@@ -1290,6 +3106,291 @@ notices.delete_success=Laporan sistem telah dihapus.
 
 config_settings = Pengaturan
 users.list_status_filter.menu_text = Saring
+self_check = Pemeriksaan mandiri
+identity_access = Identitas & akses
+users = Akun pengguna
+assets = Aset kode
+hooks = Webhook
+integrations = Integrasi
+authentication = Sumber autentikasi
+emails = Email pengguna
+config_summary = Ringkasan
+settings = Pengaturan admin
+dashboard.new_version_hint = Forgejo %s kini tersedia, Anda menjalankan %s. Periksa <a target="_blank" rel="noreferrer" href="%s">blog</a> untuk detail selengkapnya.
+dashboard.statistic = Ringkasan
+dashboard.operations = Operasi pemeliharaan
+dashboard.system_status = Status sistem
+dashboard.task.started = Tugas Dimulai: %[1]s
+dashboard.task.process = Tugas: %[1]s
+dashboard.task.cancelled = Tugas: %[1]s dibatalkan: %[3]s
+dashboard.task.error = Kesalahan dalam Tugas: %[1]s: %[3]s
+dashboard.task.finished = Tugas: %[1]s yang dimulai oleh %[2]s telah selesai
+dashboard.task.unknown = Tugas tidak dikenal: %[1]s
+dashboard.cron.started = Cron Dimulai: %[1]s
+dashboard.cron.process = Cron: %[1]s
+dashboard.cron.cancelled = Cron: %[1]s dibatalkan: %[3]s
+dashboard.cron.error = Kesalahan dalam Cron: %s: %[3]s
+dashboard.cron.finished = Cron: %[1]s telah selesai
+dashboard.delete_inactive_accounts = Hapus semua akun yang belum diaktifkan
+dashboard.delete_inactive_accounts.started = Tugas hapus semua akun yang belum diaktifkan dimulai.
+dashboard.delete_repo_archives = Hapus semua arsip repositori (ZIP, TAR.GZ, dll.)
+dashboard.delete_repo_archives.started = Tugas hapus semua arsip repositori dimulai.
+dashboard.delete_missing_repos = Hapus semua repositori yang file Git-nya hilang
+dashboard.delete_missing_repos.started = Tugas hapus semua repositori yang file Git-nya hilang dimulai.
+dashboard.delete_generated_repository_avatars = Hapus avatar repositori yang dihasilkan secara otomatis
+dashboard.sync_repo_branches = Sinkronkan cabang yang terlewat dari data Git ke basis data
+dashboard.sync_repo_tags = Sinkronkan tag dari data Git ke basis data
+dashboard.update_mirrors = Perbarui cermin
+dashboard.repo_health_check = Periksa kesehatan semua repositori
+dashboard.check_repo_stats = Periksa semua statistik repositori
+dashboard.archive_cleanup = Hapus arsip repositori lama
+dashboard.deleted_branches_cleanup = Bersihkan cabang yang dihapus
+dashboard.update_migration_poster_id = Perbarui ID pembuat migrasi
+dashboard.git_gc_repos = Lakukan pengumpulan sampah pada semua repositori
+dashboard.resync_all_sshkeys = Perbarui file ".ssh/authorized_keys" dengan kunci SSH Forgejo.
+dashboard.resync_all_sshprincipals = Perbarui file ".ssh/authorized_principals" dengan prinsipal SSH Forgejo.
+dashboard.resync_all_hooks = Sinkronkan ulang hook Git dari semua repositori (pre-receive, update, post-receive, proc-receive, …)
+dashboard.cleanup_hook_task_table = Bersihkan tabel hook_task
+dashboard.cleanup_packages = Bersihkan paket yang kedaluwarsa
+dashboard.cleanup_actions = Bersihkan log dan artefak yang kedaluwarsa dari aksi
+dashboard.memory_allocate_times = Alokasi memori
+dashboard.memory_free_times = Pembebasan memori
+dashboard.delete_old_actions = Hapus semua aktivitas lama dari basis data
+dashboard.delete_old_actions.started = Hapus semua aktivitas lama dari basis data dimulai.
+dashboard.update_checker = Pemeriksa pembaruan
+dashboard.delete_old_system_notices = Hapus semua pemberitahuan sistem lama dari basis data
+dashboard.gc_lfs = Lakukan pengumpulan sampah pada objek meta LFS
+dashboard.stop_zombie_tasks = Hentikan tugas aksi yang terhenti
+dashboard.stop_endless_tasks = Hentikan tugas aksi yang tidak berakhir
+dashboard.cancel_abandoned_jobs = Batalkan pekerjaan aksi yang terbengkalai
+dashboard.start_schedule_tasks = Mulai tugas aksi terjadwal
+dashboard.sync_branch.started = Sinkronisasi cabang dimulai
+dashboard.sync_tag.started = Sinkronisasi tag dimulai
+dashboard.rebuild_issue_indexer = Bangun ulang pengindeks isu
+users.user_manage_panel = Kelola akun pengguna
+users.new_account = Buat akun pengguna
+users.name = Nama pengguna
+users.restricted = Dibatasi
+users.reserved = Dicadangkan
+users.bot = Bot
+users.remote = Jarak jauh
+users.2fa = 2FA
+users.last_login = Masuk terakhir
+users.never_login = Belum pernah masuk
+users.send_register_notify = Beri tahu tentang pendaftaran melalui email
+users.new_success = Akun pengguna "%s" telah dibuat.
+users.auth_login_name = Nama masuk autentikasi
+users.password_helper = Biarkan kata sandi kosong untuk mempertahankannya.
+users.update_profile_success = Akun pengguna telah diperbarui.
+users.edit_account = Edit akun pengguna
+users.max_repo_creation = Jumlah maksimum repositori
+users.max_repo_creation_desc = (Masukkan -1 untuk menggunakan batas default global.)
+users.is_activated = Akun diaktifkan
+users.activated.description = Penyelesaian verifikasi email. Pemilik akun yang belum diaktifkan tidak akan dapat masuk hingga verifikasi email selesai.
+users.prohibit_login = Akun ditangguhkan
+users.block.description = Blokir pengguna ini agar tidak dapat berinteraksi dengan layanan ini melalui akunnya dan larang masuk.
+users.is_admin = Akun administrator
+users.admin.description = Berikan pengguna ini akses penuh ke semua fitur administratif yang tersedia melalui antarmuka web dan API.
+users.is_restricted = Akun dibatasi
+users.restricted.description = Hanya izinkan interaksi dengan repositori dan organisasi tempat pengguna ini ditambahkan sebagai kolaborator. Ini mencegah akses ke repositori publik di instans ini.
+users.allow_git_hook = Dapat membuat hook Git
+users.allow_git_hook_tooltip = Hook Git dijalankan sebagai pengguna OS yang menjalankan Forgejo dan akan memiliki tingkat akses host yang sama. Akibatnya, pengguna dengan hak istimewa hook Git khusus ini dapat mengakses dan memodifikasi semua repositori Forgejo serta basis data yang digunakan oleh Forgejo. Dengan demikian, mereka juga dapat memperoleh hak istimewa administrator Forgejo.
+users.allow_import_local = Dapat mengimpor repositori lokal
+users.local_import.description = Izinkan mengimpor repositori dari sistem file lokal server. Ini dapat menjadi masalah keamanan.
+users.allow_create_organization = Dapat membuat organisasi
+users.organization_creation.description = Izinkan pembuatan organisasi baru.
+users.update_profile = Perbarui akun pengguna
+users.delete_account = Hapus akun pengguna
+users.cannot_delete_self = Anda tidak dapat menghapus diri sendiri
+users.still_own_repo = Pengguna ini masih memiliki satu atau lebih repositori. Hapus atau alihkan repositori tersebut terlebih dahulu.
+users.still_has_org = Pengguna ini adalah anggota organisasi. Hapus pengguna dari semua organisasi terlebih dahulu.
+users.purge = Hapus paksa pengguna
+users.purge_help = Hapus paksa pengguna beserta semua repositori, organisasi, dan paket yang dimilikinya. Semua komentar dan issue yang diposting oleh pengguna ini juga akan dihapus.
+users.still_own_packages = Pengguna ini masih memiliki satu atau lebih paket, hapus paket tersebut terlebih dahulu.
+users.deletion_success = Akun pengguna telah dihapus.
+users.reset_2fa = Atur ulang 2FA
+users.list_status_filter.reset = Atur ulang
+users.list_status_filter.is_active = Aktif
+users.list_status_filter.not_active = Tidak aktif
+users.list_status_filter.not_admin = Bukan admin
+users.list_status_filter.is_restricted = Dibatasi
+users.list_status_filter.not_restricted = Tidak dibatasi
+users.list_status_filter.is_prohibit_login = Larang masuk
+users.list_status_filter.not_prohibit_login = Izinkan masuk
+users.list_status_filter.is_2fa_enabled = 2FA diaktifkan
+users.list_status_filter.not_2fa_enabled = 2FA dinonaktifkan
+users.details = Detail pengguna
+emails.email_manage_panel = Kelola email pengguna
+emails.primary = Utama
+emails.filter_sort.email = Email
+emails.filter_sort.email_reverse = Email (terbalik)
+emails.filter_sort.name = Nama pengguna
+emails.filter_sort.name_reverse = Nama pengguna (terbalik)
+emails.updated = Email diperbarui
+emails.not_updated = Gagal memperbarui alamat email yang diminta: %v
+emails.duplicate_active = Alamat email ini sudah aktif untuk pengguna lain.
+emails.change_email_header = Perbarui properti email
+emails.change_email_text = Apakah Anda yakin ingin memperbarui alamat email ini?
+emails.delete = Hapus alamat email
+emails.delete_desc = Apakah Anda yakin ingin menghapus alamat email ini?
+emails.deletion_success = Alamat email telah dihapus.
+emails.delete_primary_email_error = Anda tidak dapat menghapus email utama.
+orgs.new_orga = Organisasi baru
+repos.unadopted = Repositori yang tidak diadopsi
+repos.unadopted.no_more = Tidak ada repositori yang tidak diadopsi.
+repos.lfs_size = Ukuran LFS
+packages.package_manage_panel = Kelola paket
+packages.total_size = Total ukuran: %s
+packages.unreferenced_size = Ukuran yang tidak direferensikan: %s
+packages.cleanup = Bersihkan data yang kedaluwarsa
+packages.cleanup.success = Data yang kedaluwarsa berhasil dibersihkan
+packages.creator = Pembuat
+packages.version = Versi
+packages.published = Diterbitkan
+defaulthooks = Webhook default
+defaulthooks.desc = Webhook secara otomatis membuat permintaan HTTP POST ke server saat peristiwa Forgejo tertentu terpicu. Webhook yang didefinisikan di sini adalah default dan akan disalin ke semua repositori baru. Baca selengkapnya di <a target="_blank" rel="noopener" href="%s">panduan webhook</a>.
+defaulthooks.add_webhook = Tambah Webhook Default
+defaulthooks.update_webhook = Perbarui Webhook Default
+systemhooks = Webhook sistem
+systemhooks.desc = Webhook secara otomatis membuat permintaan HTTP POST ke server saat peristiwa Forgejo tertentu terpicu. Webhook yang didefinisikan di sini akan berlaku pada semua repositori di sistem, jadi harap pertimbangkan dampak kinerja yang mungkin terjadi. Baca selengkapnya di <a target="_blank" rel="noopener" href="%s">panduan webhook</a>.
+systemhooks.add_webhook = Tambah Webhook Sistem
+systemhooks.update_webhook = Perbarui Webhook Sistem
+auths.auth_manage_panel = Kelola sumber autentikasi
+auths.new = Tambah sumber autentikasi
+auths.syncenabled = Aktifkan sinkronisasi pengguna
+auths.attribute_username = Atribut nama pengguna
+auths.attribute_username_placeholder = Biarkan kosong untuk menggunakan nama pengguna yang dimasukkan di Forgejo.
+auths.attribute_name = Atribut nama depan
+auths.attribute_surname = Atribut nama belakang
+auths.attribute_mail = Atribut email
+auths.attribute_ssh_public_key = Atribut kunci SSH publik
+auths.attribute_avatar = Atribut avatar
+auths.attributes_in_bind = Ambil atribut dalam konteks bind DN
+auths.default_domain_name = Nama domain default yang digunakan untuk alamat email
+auths.allow_deactivate_all = Izinkan hasil pencarian kosong untuk menonaktifkan semua pengguna
+auths.use_paged_search = Gunakan pencarian terpaginasi
+auths.search_page_size = Ukuran halaman
+auths.restricted_filter = Filter terbatas
+auths.restricted_filter_helper = Biarkan kosong agar tidak menetapkan pengguna mana pun sebagai terbatas. Gunakan tanda bintang ("*") untuk menetapkan semua pengguna yang tidak cocok dengan filter Admin sebagai terbatas.
+auths.verify_group_membership = Verifikasi keanggotaan grup di LDAP (biarkan filter kosong untuk dilewati)
+auths.group_search_base = DN basis pencarian grup
+auths.group_attribute_list_users = Atribut grup yang berisi daftar pengguna
+auths.user_attribute_in_group = Atribut pengguna yang terdaftar dalam grup
+auths.map_group_to_team = Petakan grup LDAP ke tim Organisasi (biarkan kolom kosong untuk dilewati)
+auths.map_group_to_team_removal = Hapus pengguna dari tim yang disinkronkan jika pengguna tidak termasuk dalam grup LDAP yang sesuai
+auths.enable_ldap_groups = Aktifkan grup LDAP
+auths.allowed_domains_helper = Biarkan kosong untuk mengizinkan semua domain. Pisahkan beberapa domain dengan koma (",").
+auths.force_smtps = Paksa SMTPS
+auths.force_smtps_helper = SMTPS selalu digunakan pada port 465. Atur ini untuk memaksa SMTPS pada port lain. (Jika tidak, STARTTLS akan digunakan pada port lain jika didukung oleh host.)
+auths.helo_hostname = Nama host HELO
+auths.helo_hostname_helper = Nama host yang dikirimkan dengan HELO. Biarkan kosong untuk mengirimkan nama host saat ini.
+auths.disable_helo = Nonaktifkan HELO
+auths.pam_email_domain = Domain email PAM (opsional)
+auths.oauth2_icon_url = URL ikon
+auths.oauth2_use_custom_url = Gunakan URL Kustom Sebagai Pengganti URL Default
+auths.skip_local_two_fa = Lewati 2FA lokal
+auths.skip_local_two_fa_helper = Membiarkan tidak diatur berarti pengguna lokal yang telah mengaktifkan 2FA tetap harus melewati 2FA untuk masuk
+auths.oauth2_tenant = Tenant
+auths.oauth2_scopes = Cakupan tambahan
+auths.oauth2_required_claim_name = Nama klaim yang diperlukan
+auths.oauth2_required_claim_name_helper = Tetapkan nama ini untuk membatasi login dari sumber ini hanya untuk pengguna yang memiliki klaim dengan nama ini
+auths.oauth2_required_claim_value = Nilai klaim yang diperlukan
+auths.oauth2_required_claim_value_helper = Tetapkan nilai ini untuk membatasi login dari sumber ini hanya untuk pengguna yang memiliki klaim dengan nama dan nilai ini
+auths.oauth2_group_claim_name = Nama klaim yang menyediakan nama grup untuk sumber ini. (Opsional)
+auths.oauth2_admin_group = Nilai klaim grup untuk pengguna administrator. (Opsional - memerlukan nama klaim di atas)
+auths.oauth2_restricted_group = Nilai klaim grup untuk pengguna terbatas. (Opsional - memerlukan nama klaim di atas)
+auths.oauth2_map_group_to_team = Petakan grup yang diklaim ke tim organisasi. (Opsional - memerlukan nama klaim di atas)
+auths.oauth2_map_group_to_team_removal = Hapus pengguna dari tim yang disinkronkan jika pengguna tidak termasuk dalam grup yang sesuai.
+auths.tips.gmail_settings = Pengaturan Gmail:
+auths.tips.oauth2.general.tip = Saat mendaftarkan autentikasi OAuth2 baru, URL callback/pengalihan harus berupa:
+auths.tip.bitbucket = Daftarkan konsumen OAuth baru di %s dan tambahkan izin "Akun" - "Baca"
+auths.tip.nextcloud = Daftarkan konsumen OAuth baru di instans Anda menggunakan menu berikut "Pengaturan -> Keamanan -> Klien OAuth 2.0"
+auths.tip.gitlab_new = Daftarkan aplikasi baru di %s
+auths.tip.google_plus = Dapatkan kredensial klien OAuth2 dari konsol Google API di %s
+auths.tip.twitter = Buka %s, buat aplikasi, dan pastikan opsi "Izinkan aplikasi ini digunakan untuk Masuk dengan Twitter" diaktifkan
+auths.tip.discord = Daftarkan aplikasi baru di %s
+auths.tip.gitea = Daftarkan aplikasi OAuth2 baru. Panduan dapat ditemukan di %s
+auths.tip.yandex = Buat aplikasi baru di %s. Pilih izin berikut dari bagian "Yandex.Passport API": "Akses ke alamat email", "Akses ke avatar pengguna", dan "Akses ke nama pengguna, nama depan dan belakang, jenis kelamin"
+auths.tip.mastodon = Masukkan URL instans kustom untuk instans mastodon yang ingin Anda autentikasi (atau gunakan yang default)
+auths.edit = Edit sumber autentikasi
+auths.activated = Sumber autentikasi ini diaktifkan
+auths.new_success = Autentikasi "%s" telah ditambahkan.
+auths.update_success = Sumber autentikasi telah diperbarui.
+auths.update = Perbarui sumber autentikasi
+auths.delete_auth_desc = Menghapus sumber autentikasi mencegah pengguna menggunakannya untuk masuk. Lanjutkan?
+auths.still_in_used = Sumber autentikasi masih digunakan. Konversi atau hapus pengguna yang menggunakan sumber autentikasi ini terlebih dahulu.
+auths.deletion_success = Sumber autentikasi telah dihapus.
+auths.login_source_exist = Sumber autentikasi "%s" sudah ada.
+auths.unable_to_initialize_openid = Tidak dapat menginisialisasi Penyedia OpenID Connect: %s
+auths.invalid_openIdConnectAutoDiscoveryURL = URL Penemuan Otomatis tidak valid (ini harus berupa URL valid yang dimulai dengan http:// atau https://)
+config.app_name = Judul instans
+config.app_slogan = Slogan instans
+config.app_url = URL dasar
+config.custom_file_root_path = Jalur root berkas kustom
+config.domain = Domain server
+config.offline_mode = Mode lokal
+config.run_user = Pengguna untuk dijalankan sebagai
+config.app_data_path = Jalur data aplikasi
+config.log_file_root_path = Jalur log
+config.ssh_start_builtin_server = Gunakan server bawaan
+config.ssh_domain = Domain server SSH
+config.lfs_content_path = Jalur konten LFS
+config.lfs_http_auth_expiry = Waktu kedaluwarsa autentikasi HTTP LFS
+config.disable_register = Nonaktifkan pendaftaran mandiri
+config.allow_only_internal_registration = Izinkan pendaftaran hanya melalui Forgejo sendiri
+config.allow_only_external_registration = Izinkan pendaftaran hanya melalui layanan eksternal
+config.enable_openid_signup = Aktifkan pendaftaran mandiri OpenID
+config.reset_password_code_lives = Waktu kedaluwarsa kode pemulihan
+config.default_keep_email_private = Sembunyikan alamat email secara default
+config.default_allow_create_organization = Izinkan pembuatan organisasi secara default
+config.enable_timetracking = Aktifkan pelacakan waktu
+config.default_enable_timetracking = Aktifkan pelacakan waktu secara default
+config.allow_dots_in_usernames = Izinkan pengguna menggunakan titik dalam nama pengguna mereka. Tidak memengaruhi akun yang sudah ada.
+config.default_allow_only_contributors_to_track_time = Biarkan hanya kontributor yang melacak waktu
+config.no_reply_address = Domain email tersembunyi
+config.default_visibility_organization = Visibilitas default organisasi baru
+config.default_enable_dependencies = Aktifkan ketergantungan issue secara default
+config.mailer_config = Konfigurasi mailer
+config.mailer_enable_helo = Aktifkan HELO
+config.mailer_protocol = Protokol
+config.mailer_smtp_addr = Host SMTP
+config.mailer_sendmail_timeout = Batas waktu Sendmail
+config.mailer_use_dummy = Dummy
+config.test_email_placeholder = Email (mis. test@example.com)
+config.send_test_mail_submit = Kirim
+config.test_mail_failed = Gagal mengirim email uji ke "%s": %v
+config.test_mail_sent = Email uji telah dikirim ke "%s".
+config.cache_item_ttl = TTL item cache
+config.cache_test = Uji Cache
+config.cache_test_failed = Gagal memeriksa cache: %v.
+config.cache_test_slow = Uji cache berhasil, tetapi respons lambat: %s.
+config.cache_test_succeeded = Uji cache berhasil, mendapat respons dalam %s.
+config.open_with_editor_app_help = Editor "Buka dengan" untuk menu klon. Jika dibiarkan kosong, default akan digunakan. Perluas untuk melihat default.
+config.logger_name_fmt = Logger: %s
+config.access_log_template = Templat log akses
+config.set_setting_failed = Pengaturan %s gagal diatur
+monitor.stats = Statistik
+monitor.execute_times = Eksekusi
+monitor.stacktrace = Jejak tumpukan
+monitor.processes_count = %d Proses
+monitor.download_diagnosis_report = Unduh laporan diagnosis
+monitor.duration = Durasi (dtk)
+monitor.last_execution_result = Hasil
+monitor.process.cancel_notices = Batalkan: <strong>%s</strong>?
+monitor.queue.activeworkers = Pekerja aktif
+monitor.queue.numberinqueue = Jumlah dalam antrian
+monitor.queue.review_add = Tinjau / tambah pekerja
+monitor.queue.settings.desc = Pool berkembang secara dinamis sebagai respons terhadap pemblokiran antrian pekerja mereka.
+monitor.queue.settings.maxnumberworkers.placeholder = Saat ini %[1]d
+monitor.queue.settings.remove_all_items = Hapus semua
+monitor.queue.settings.remove_all_items_done = Semua item dalam antrian telah dihapus.
+notices.operations = Operasi
+notices.type_2 = Tugas
+self_check.no_problem_found = Belum ditemukan masalah.
+self_check.database_collation_mismatch = Basis data diharapkan menggunakan kolasi: %s
+self_check.database_collation_case_insensitive = Basis data menggunakan kolasi %s, yang merupakan kolasi tidak sensitif. Meskipun Forgejo dapat berfungsi dengannya, mungkin ada beberapa kasus langka yang tidak berjalan sesuai harapan.
+self_check.database_inconsistent_collation_columns = Basis data menggunakan kolasi %s, tetapi kolom-kolom ini menggunakan kolasi yang tidak cocok. Hal ini mungkin menyebabkan beberapa masalah yang tidak terduga.
+self_check.database_fix_mysql = Untuk pengguna MySQL/MariaDB, Anda dapat menggunakan perintah "forgejo doctor convert" untuk memperbaiki masalah kolasi, atau Anda juga dapat memperbaiki masalah tersebut secara manual dengan SQL "ALTER ... COLLATE ...".
 
 [action]
 create_repo=repositori dibuat <a href="%s">%s</a>
@@ -1298,6 +3399,31 @@ transfer_repo=ditransfer repositori <code>%s</code> ke <a href="%s">%s</a>
 delete_tag=tag dihapus %[2]s dari <a href="%[1]s">%[3]s</a>
 delete_branch=cabang dihapus <code>%[2]s</code> dari <a href="%[1]s">%[3]s</a>
 compare_commits=Bandingkan %d melakukan
+commit_repo = mendorong ke <a href="%s">%s</a> di <a href="%s">%s</a>
+create_issue = `membuka issue <a href="%[1]s">%[3]s#%[2]s</a>`
+close_issue = `menutup issue <a href="%[1]s">%[3]s#%[2]s</a>`
+reopen_issue = `membuka kembali issue <a href="%[1]s">%[3]s#%[2]s</a>`
+create_pull_request = `membuat permintaan tarik <a href="%[1]s">%[3]s#%[2]s</a>`
+close_pull_request = `menutup permintaan tarik <a href="%[1]s">%[3]s#%[2]s</a>`
+reopen_pull_request = `membuka kembali permintaan tarik <a href="%[1]s">%[3]s#%[2]s</a>`
+comment_issue = `berkomentar pada issue <a href="%[1]s">%[3]s#%[2]s</a>`
+comment_pull = `berkomentar pada permintaan tarik <a href="%[1]s">%[3]s#%[2]s</a>`
+merge_pull_request = `menggabungkan permintaan tarik <a href="%[1]s">%[3]s#%[2]s</a>`
+auto_merge_pull_request = `menggabungkan secara otomatis permintaan tarik <a href="%[1]s">%[3]s#%[2]s</a>`
+push_tag = mendorong tag <a href="%s">%s</a> ke <a href="%s">%s</a>
+compare_branch = Bandingkan
+compare_commits_general = Bandingkan komit
+mirror_sync_push = menyinkronkan commit ke <a href="%s">%s</a> di <a href="%s">%s</a> dari cermin
+mirror_sync_create = menyinkronkan referensi baru <a href="%s">%s</a> ke <a href="%s">%s</a> dari cermin
+mirror_sync_delete = menyinkronkan dan menghapus referensi <code>%s</code> di <a href="%s">%s</a> dari cermin
+approve_pull_request = `menyetujui <a href="%[1]s">%[3]s#%[2]s</a>`
+reject_pull_request = `menyarankan perubahan untuk <a href="%[1]s">%[3]s#%[2]s</a>`
+publish_release = `merilis <a href="%[2]s">%[4]s</a> di <a href="%[1]s">%[3]s</a>`
+review_dismissed = `mengabaikan tinjauan dari <b>%[4]s</b> untuk <a href="%[1]s">%[3]s#%[2]s</a>`
+review_dismissed_reason = Alasan:
+create_branch = membuat cabang <a href="%[2]s">%[3]s</a> di <a href="%[1]s">%[4]s</a>
+starred_repo = memberi bintang pada <a href="%[1]s">%[2]s</a>
+watched_repo = mulai memantau <a href="%[1]s">%[2]s</a>
 
 [tool]
 now=sekarang
@@ -1328,12 +3454,26 @@ raw_minutes=menit
 [units]
 error.no_unit_allowed_repo=Anda tidak diijinkan untuk melihat semua unit dari repositori ini.
 error.unit_not_allowed=Anda tidak diizinkan untuk mengunjungi unit repositori ini.
+unit = Unit
 
 [packages]
 conan.details.repository=Repositori
 owner.settings.cleanuprules.enabled=Aktif
+owner.settings.cleanuprules.keep.count.1 = 1 versi per paket
+owner.settings.cleanuprules.keep.count.n = %d versi per paket
 
 [secrets]
+secrets = Rahasia
+description = Rahasia akan diteruskan ke aksi tertentu dan tidak dapat dibaca selain itu.
+none = Belum ada rahasia.
+creation = Tambah rahasia
+creation.success = Rahasia "%s" telah ditambahkan.
+creation.failed = Gagal menambahkan rahasia.
+deletion = Hapus rahasia
+deletion.description = Menghapus rahasia bersifat permanen dan tidak dapat dibatalkan. Lanjutkan?
+deletion.success = Rahasia telah dihapus.
+deletion.failed = Gagal menghapus rahasia.
+management = Kelola rahasia
 
 [actions]
 runs.no_runs = Alur kerja belum berjalan.
@@ -1356,11 +3496,26 @@ variables.creation.failed = Gagal menambahkan variabel.
 variables.creation.success = Variabel "%s" telah ditambahkan.
 variables.update.failed = Gagal mengedit variabel.
 variables.update.success = Variabel telah diedit.
+runs.no_workflows.help_write_access = Tidak tahu cara memulai dengan Forgejo Actions? Lihat <a target="_blank" rel="noopener noreferrer" href="%s">panduan memulai cepat di dokumentasi pengguna</a> untuk menulis alur kerja pertama Anda, lalu <a target="_blank" rel="noopener noreferrer" href="%s">siapkan runner Forgejo</a> untuk menjalankan pekerjaan Anda.
+runs.no_workflows.help_no_write_access = Untuk mempelajari Forgejo Actions, lihat <a target="_blank" rel="noopener noreferrer" href="%s">dokumentasi</a>.
+runs.expire_log_message = Log telah dihapus karena sudah terlalu lama.
+workflow.disable_success = Alur kerja "%s" berhasil dinonaktifkan.
+workflow.enable_success = Alur kerja "%s" berhasil diaktifkan.
+workflow.dispatch.trigger_found = Alur kerja ini memiliki pemicu peristiwa <c>workflow_dispatch</c>.
+workflow.dispatch.use_from = Gunakan alur kerja dari
+workflow.dispatch.run = Jalankan alur kerja
+workflow.dispatch.success = Permintaan jalankan alur kerja berhasil dikirim.
+workflow.dispatch.input_required = Wajib mengisi nilai untuk input "%s".
+workflow.dispatch.invalid_input_type = Jenis input tidak valid "%s".
+workflow.dispatch.warn_input_limit = Hanya menampilkan %d input pertama.
+variables.management = Kelola variabel
+variables.not_found = Gagal menemukan variabel.
 
 [projects]
 type-1.display_name = Proyek Individu
 type-2.display_name = Proyek Repositori
 type-3.display_name = Proyek Organisasi
+deleted.display_name = Proyek yang dihapus
 
 [git.filemode]
 changed_filemode = %[1]s → %[2]s
@@ -1371,7 +3526,7 @@ symbolic_link = Symbolic link
 submodule = Submodule
 
 [search]
-search = Cari...
+search = Cari…
 type_tooltip = Tipe pencarian
 fuzzy_tooltip = Termasuk juga hasil yang mendekati kata pencarian
 exact_tooltip = Hanya menampilkan hasil yang cocok dengan istilah pencarian
@@ -1382,3 +3537,45 @@ team_kind = Cari tim…
 code_kind = Cari kode…
 code_search_unavailable = Pencarian kode saat ini tidak tersedia. Silahkan hubungi administrator.
 branch_kind = Cari cabang…
+union = Gabungan
+union_tooltip = Sertakan hasil yang cocok dengan kata kunci apa pun yang dipisahkan oleh spasi
+exact = Tepat
+regexp = RegExp
+regexp_tooltip = Interpretasikan istilah pencarian sebagai ekspresi reguler
+package_kind = Cari paket…
+project_kind = Cari proyek…
+commit_kind = Cari komit…
+runner_kind = Cari runner…
+no_results = Tidak ditemukan hasil yang cocok.
+issue_kind = Cari isu…
+pull_kind = Cari permintaan tarik…
+keyword_search_unavailable = Pencarian berdasarkan kata kunci saat ini tidak tersedia. Silakan hubungi administrator situs.
+
+
+[repo.permissions]
+code.read = <b>Baca:</b> Akses dan klon kode repositori.
+code.write = <b>Tulis:</b> Dorong ke repositori, buat cabang dan tag.
+issues.read = <b>Baca:</b> Baca dan buat issue serta komentar.
+issues.write = <b>Tulis:</b> Tutup issue dan kelola metadata seperti label, tonggak pencapaian, penugasan, tenggat waktu, dan ketergantungan.
+pulls.read = <b>Baca:</b> Baca dan buat permintaan tarik.
+pulls.write = <b>Tulis:</b> Tutup permintaan tarik dan kelola metadata seperti label, tonggak pencapaian, penugasan, tenggat waktu, dan ketergantungan.
+releases.read = <b>Baca:</b> Lihat dan unduh rilis.
+releases.write = <b>Tulis:</b> Terbitkan, edit, dan hapus rilis beserta asetnya.
+wiki.read = <b>Baca:</b> Baca wiki terintegrasi beserta riwayatnya.
+wiki.write = <b>Tulis:</b> Buat, perbarui, dan hapus halaman di wiki terintegrasi.
+projects.read = <b>Baca:</b> Akses papan proyek repositori.
+projects.write = <b>Tulis:</b> Buat proyek dan kolom serta edit proyek dan kolom tersebut.
+packages.read = <b>Baca:</b> Lihat dan unduh paket yang ditetapkan ke repositori.
+packages.write = <b>Tulis:</b> Terbitkan dan hapus paket yang ditetapkan ke repositori.
+actions.read = <b>Baca:</b> Lihat jalankan alur kerja beserta lognya.
+actions.write = <b>Tulis:</b> Picu, mulai ulang, dan batalkan alur kerja. Kelola delegasi kepercayaan ke pembuat permintaan tarik.
+ext_issues = Akses tautan ke pelacak issue eksternal. Izin dikelola secara eksternal.
+ext_wiki = Akses tautan ke wiki eksternal. Izin dikelola secara eksternal.
+
+[markup]
+filepreview.line = Baris %[1]d di %[2]s
+filepreview.lines = Baris %[1]d hingga %[2]d di %[3]s
+filepreview.truncated = Pratinjau telah dipotong
+
+[translation_meta]
+test = Ini adalah string uji. Tidak ditampilkan di antarmuka Forgejo tetapi digunakan untuk keperluan pengujian. Silakan masukkan "ok" untuk menghemat waktu (atau fakta menarik pilihan Anda) demi mencapai angka penyelesaian 100% yang memuaskan :)
\ No newline at end of file
diff --git a/options/locale/locale_mk.ini b/options/locale/locale_mk.ini
index b776d0b80b..499739ab1f 100644
--- a/options/locale/locale_mk.ini
+++ b/options/locale/locale_mk.ini
@@ -96,4 +96,12 @@ copy = Копирање
 copy_url = Копирајте УРЛ
 copy_hash = Копирајте Хеш
 copy_path = Копирајте патека
-copy_content = Копирајте содржина
\ No newline at end of file
+copy_content = Копирајте содржина
+go_back = Иди назад
+pin = Пин
+archived = Архивирано
+concept_system_global = Глобално
+concept_user_individual = Индивидуално
+concept_code_repository = репозиториум
+concept_user_organization = организација
+copy_success = Копирано!
\ No newline at end of file
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index c8e8428628..aab4dbd684 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -953,7 +953,7 @@ valid_until_date = Geldig tot %s
 ssh_signonly = SSH is momenteel gedeactiveerd waardoor deze sleutels alleen gebruikt kunnen worden voor commit handtekening verificatie.
 added_on = Toegevoegd op %s
 permissions_public_only = Alleen publiek
-repo_and_org_access = Repository en Organisatie Toegang
+repo_and_org_access = Repository- en organisatietoegang
 at_least_one_permission = Je moet minstens één machtiging kiezen om een token te kunnen creëren
 permission_write = Lees en schrijf
 oauth2_client_secret_hint = Dit geheim zal niet meer worden getoond nadat u deze pagina heeft verlaten of vernieuwd. Zorg ervoor dat u het heeft opgeslagen.
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index 273c68fd8f..779b328087 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -1934,8 +1934,8 @@ activity.merged_prs_label=Merge aplicado
 activity.opened_prs_label=Proposto
 activity.closed_issues_count_1=Issue fechada
 activity.closed_issues_count_n=Issues fechadas
-activity.title.issues_1=%d issue
-activity.title.issues_n=%d issues
+activity.title.issues_1=%d problema
+activity.title.issues_n=%d problemas
 activity.title.issues_closed_from=%s fechada por %s
 activity.title.issues_created_by=%s criada por %s
 activity.closed_issue_label=Fechado
@@ -1947,7 +1947,7 @@ activity.title.unresolved_conv_n=%d conversas não resolvidas
 activity.unresolved_conv_desc=Estas issues foram recentemente alteradas e pull requests ainda não foram resolvidos.
 activity.unresolved_conv_label=Aberta
 activity.title.releases_1=%d release
-activity.title.releases_n=%d releases
+activity.title.releases_n=%d lançamentos
 activity.title.releases_published_by=%s publicada(s) por %s
 activity.published_release_label=Release
 activity.no_git_activity=Não houve nenhuma atividade de commit neste período.
@@ -2652,7 +2652,7 @@ settings.federation_following_repos = URLs de Repositórios Seguidores. Separado
 settings.mirror_settings.docs.disabled_push_mirror.info = Espelhos de pull foram desativados pelo administrador do seu site.
 settings.mirror_settings.push_mirror.none_ssh = Nenhum
 settings.protect_status_check_patterns_desc = Insira padrões para especificar quais verificações de status devem passar com sucesso antes que merges possam ser feitos em branches aos quais esta regra se aplica. Cada linha especifica um padrão. Padrões não podem estar vazios.
-settings.archive.text = Arquivar o repositório irá torná-lo somente para leitura. Ele ficará oculto do painel de controle. Ninguém (nem mesmo você) poderá fazer novos commits, nem abrir questões ou propostas de revisão.
+settings.archive.text = Arquivar o repositório o tornará inteiramente apenas para leitura. Ele será ocultado do painel de controle. Ninguém (nem mesmo você!) poderá fazer novos commits ou abrir issues ou pull requests. Recomenda-se documentar o motivo do arquivamento para orientar futuros desenvolvedores que planejem fazer um fork do repositório.
 settings.add_key_success = A chave de deploy "%s" foi adicionada.
 settings.protect_invalid_status_check_pattern = Padrão de verificação de status inválido: "%s".
 settings.web_hook_name_sourcehut_builds = Builds do SourceHut
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 5affdffb25..0e9ec2d653 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -168,7 +168,7 @@ footer.software=О программе
 footer.links=Ссылки
 
 [heatmap]
-number_of_contributions_in_the_last_12_months=Принимал(а) участие %s раз за последние 12 месяцев
+number_of_contributions_in_the_last_12_months=%s действий за последние 12 месяцев
 contributions_zero=Действий не было
 contributions_format = {contributions} {day} {month} {year}
 contributions_one=действие
diff --git a/options/locale/locale_ta.ini b/options/locale/locale_ta.ini
index 74fef432c4..8b1b7a2679 100644
--- a/options/locale/locale_ta.ini
+++ b/options/locale/locale_ta.ini
@@ -183,7 +183,7 @@ buttons.bold.tooltip = தடிமனான உரையைச் சேர்
 buttons.italic.tooltip = சாய்வு உரையைச் சேர்க்கவும் (Ctrl+I / ⌘I)
 buttons.quote.tooltip = மேற்கோள் உரை
 buttons.code.tooltip = குறியீட்டைச் சேர்க்கவும்
-buttons.link.tooltip = இணைப்பைச் சேர்க்கவும்
+buttons.link.tooltip = இணைப்பைச் சேர்
 buttons.list.unordered.tooltip = புல்லட் பட்டியலைச் சேர்க்கவும்
 buttons.list.ordered.tooltip = எண்ணிடப்பட்ட பட்டியலைச் சேர்க்கவும்
 buttons.list.task.tooltip = பணிகளின் பட்டியலைச் சேர்க்கவும்
@@ -219,7 +219,7 @@ server_internal = உள் சர்வர் பிழை
 [startpage]
 app_desc = வலியற்ற, சுயமாக வழங்கும் Git பணி
 install = நிறுவ எளிதானது
-install_desc = உங்கள் இயங்குதளத்திற்கு <a target="_blank" rel="noopener noreferrer" href="%[1]s">பைனரியை இயக்கவும்</a>, அதை <a target="_blank" rel="noopener noreferrer" href="%[2]s">Docker</a> மூலம் அனுப்பவும் அல்லது <a target="_blank" rel="noopener noreferrer" href="%[3]s">தொகுக்கப்பட்டது</a>.
+install_desc = உங்கள் இயங்குதளத்திற்கு <a target="_blank" rel="noopener noreferrer" href="%[1]s">பைனரியை இயக்கவும்</a>, அதை <a target="_blank" rel="noopener noreferrer" href="%[2]s">டாக்கர்</a> மூலம் அனுப்பவும் அல்லது <a target="_blank" rel="noopener noreferrer" href="%[3]s">தொகுக்கப்பட்டது</a>.
 platform = குறுக்கு மேடை
 platform_desc = Forgejo லினக்ச் மற்றும் ஃப்ரீபிஎச்டி போன்ற லிப்ரே இயங்குதளங்கள் மற்றும் வெவ்வேறு சிபியு கட்டமைப்புகளில் இயங்குவது உறுதிசெய்யப்பட்டுள்ளது. நீங்கள் விரும்பும் ஒன்றைத் தேர்ந்தெடுங்கள்!
 lightweight = இலகுரக
@@ -2424,7 +2424,7 @@ settings.matrix.access_token_helper = இதற்காக பிரத்ய
 settings.matrix.room_id_helper = அறை ஐடியை உறுப்பு வலை வாங்கி > அறை அமைப்புகள் > மேம்பட்ட > உள் அறை ஐடியிலிருந்து மீட்டெடுக்கலாம். எடுத்துக்காட்டு: %s.
 settings.archive.button = காப்பக ரெப்போ
 settings.archive.header = இந்த ரெப்போவை காப்பகப்படுத்தவும்
-settings.archive.text = ரெப்போவைக் காப்பகப்படுத்தினால், அதை முழுவதுமாகப் படிக்க மட்டுமே செய்யும். இது டாச்போர்டில் இருந்து மறைக்கப்படும். எவராலும் (நீங்கள் கூட இல்லை!) புதிய பொறுப்புகளைச் செய்யவோ அல்லது ஏதேனும் சிக்கல்களைத் திறக்கவோ அல்லது கோரிக்கைகளை இழுக்கவோ முடியாது.
+settings.archive.text = ரெப்போவைக் காப்பகப்படுத்தினால், அதை முழுவதுமாகப் படிக்க மட்டுமே செய்யும். இது டாச்போர்டிலிருந்து மறைக்கப்படும். எவராலும் (நீங்கள் கூட இல்லை!) புதிய பொறுப்புகளைச் செய்யவோ அல்லது ஏதேனும் சிக்கல்களைத் திறக்கவோ அல்லது கோரிக்கைகளை இழுக்கவோ முடியாது. காப்பகத்திற்கான காரணத்தை ஆவணப்படுத்துவது எதிர்கால டெவலப்பர்களுக்கு வழிகாட்டுவதற்கு பரிந்துரைக்கப்படுகிறது.
 settings.archive.success = ரெப்போ வெற்றிகரமாக காப்பகப்படுத்தப்பட்டது.
 settings.archive.error = ரெப்போவை காப்பகப்படுத்த முயற்சிக்கும்போது பிழை ஏற்பட்டது. மேலும் விவரங்களுக்கு பதிவைப் பார்க்கவும்.
 settings.archive.error_ismirror = பிரதிபலித்த ரெப்போவை நீங்கள் காப்பகப்படுத்த முடியாது.
diff --git a/options/locale_next/locale_bg.json b/options/locale_next/locale_bg.json
index 625961ffca..5fdfec07d7 100644
--- a/options/locale_next/locale_bg.json
+++ b/options/locale_next/locale_bg.json
@@ -424,11 +424,8 @@
 	"avatar.constraints_hint": "Персонализираната профилна снимка не трябва да надвишава размер от %[1]s или да бъде по-голяма от %[2]dx%[3]d пиксела",
 	"user.ghost.tooltip": "Този потребител е изтрит или не може да бъде съпоставен.",
 	"og.repo.summary_card.alt_description": "Карта с обобщение на хранилище %[1]s, описано като: %[2]s",
-	"actions.runners.list_runners.details_column": "Подробности",
 	"actions.runners.list_runners.edit_column": "Редактиране",
 	"actions.runners.list_runners.delete_column": "Изтриване",
-	"actions.runners.list_runners.details_button": "Подробности",
-	"actions.runners.list_runners.details_button_aria": "Показване на подробности за %s",
 	"actions.runners.list_runners.delete_button": "Изтриване",
 	"actions.runners.list_runners.delete_button_aria": "Изтриване на %s",
 	"actions.runners.list_runners.edit_button": "Редактиране",
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index faf20f2864..554b1320aa 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -434,5 +434,158 @@
 	"packages.debian.repository.distributions": "Distribucions",
 	"packages.debian.repository.components": "Components",
 	"packages.generic.download": "Baixeu el paquet des de la línia de comandes:",
-	"packages.go.install": "Instal·leu el paquet des de la línia de comandes:"
+	"packages.go.install": "Instal·leu el paquet des de la línia de comandes:",
+	"admin.dashboard.actions_action_user": "Anul·la la confiança del Forgejo Actions als usuaris inactius",
+	"user.activitypub_feed.feed": "Fil del Fedivers",
+	"user.activitypub_feed.is_empty": "El vostre fil del fedivers és buit.",
+	"user.activitypub_feed.hint": "Aquest fil mostra activitats dels comptes del fedivers que seguiu, així com publicacions federades que us mencionen.",
+	"packages.alpine.registry": "Configureu aquest registre afegint l'URL en el vostre fitxer <code>/etc/apk/repositories</code>:",
+	"packages.alpine.registry.key": "Baixeu la clau pública RSA del registre al directori <code>/etc/apk/keys/</code> per verificar la signatura d'índex:",
+	"packages.arch.pacman.conf": "Afegiu el servidor amb la distribució i arquitectura relacionades a <code>/etc/pacman.conf</code> :",
+	"packages.composer.dependencies.development": "Dependències de desenvolupament",
+	"packages.conan.install": "Per instal·lar el paquet mitjançant Conan, executeu la següent comanda:",
+	"packages.conda.install": "Per instal·lar el paquet mitjançant Conda, executeu la següent comanda:",
+	"packages.container.layers": "Capes d'imatge",
+	"packages.maven.install2": "Executeu amb la línia de comandes:",
+	"packages.maven.download": "Per baixar la dependència, executeu amb la línia de comandes:",
+	"packages.nuget.install": "Per instal·lar el paquet mitjançant NuGet, executeu la següent comanda:",
+	"packages.npm.install": "Per instal·lar el paquet mitjançant npm, executeu la següent comanda:",
+	"packages.npm.install2": "o afegiu-lo al fitxer package.json:",
+	"packages.npm.dependencies.development": "Dependències de desenvolupament",
+	"packages.npm.dependencies.bundle": "Dependències empaquetades",
+	"packages.npm.dependencies.optional": "Dependències opcionals",
+	"packages.npm.details.tag": "Etiqueta",
+	"packages.pypi.requires": "Requereix el Python",
+	"packages.pypi.install": "Per instal·lar el paquet mitjançant pip, executeu la següent comanda:",
+	"packages.rpm.distros.redhat": "en distribucions basades en RedHat",
+	"packages.rpm.distros.suse": "en distribucions basades en SUSE",
+	"packages.rpm.repository.multiple_groups": "Aquest paquet és disponible en diversos grups.",
+	"packages.alt.install": "Instal·leu el paquet",
+	"packages.alt.setup": "Afegiu un repositori a la llista de repositoris connectats (escolliu l'arquitectura pertinent enlloc de \"_arch_\"):",
+	"packages.alt.repository.multiple_groups": "Aquest paquet és disponible en diversos grups.",
+	"packages.rubygems.install": "Per instal·lar el paquet mitjançant gem, executeu la següent comanda:",
+	"packages.rubygems.install2": "o afegiu-lo a la Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Dependències d'execució",
+	"packages.rubygems.dependencies.development": "Dependències de desenvolupament",
+	"packages.rubygems.required.ruby": "Requereix la versió de Ruby",
+	"packages.rubygems.required.rubygems": "Requereix la versió de RubyGem",
+	"packages.settings.link": "Enllaça aquest paquet a un repositori",
+	"packages.settings.link.description": "Si enllaceu un paquet amb un repositori, el paquet s'enllistarà al llistat de paquets del repositori.",
+	"packages.settings.link.select": "Selecciona un repositori",
+	"packages.settings.link.button": "Modifica l'enllaç del repositori",
+	"packages.settings.link.success": "L'enllaç del repositori s'ha modificat satisfactòriament.",
+	"packages.settings.link.error": "No s'ha pogut modificar l'enllaç del repositori.",
+	"packages.settings.delete": "Elimina el paquet",
+	"packages.settings.delete.description": "Eliminar un paquet és permanent i no es pot desfer.",
+	"packages.settings.delete.notice": "Esteu a punt d'eliminar %s (%s). Aquesta operació no es pot desfer, n'esteu segurs?",
+	"packages.settings.delete.success": "S'ha eliminat el paquet.",
+	"packages.settings.delete.error": "No s'ha pogut eliminar el paquet.",
+	"packages.owner.settings.cargo.initialize": "Inicialitza l'índex",
+	"packages.owner.settings.cargo.initialize.description": "Cal un repositori Git d'índex especial per usar el registre del Cargo. Usar aquesta opció (re)crearà el repositori i el configurarà automàticament.",
+	"packages.owner.settings.cargo.initialize.error": "No s'ha pogut inicialitzar l'índex del Cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "S'ha creat l'índex del Cargo satisfactòriament.",
+	"packages.owner.settings.cargo.rebuild": "Recrea l'índex",
+	"packages.owner.settings.cargo.rebuild.description": "Recrear pot ser útil si l'índex no està sincronitzat amb els paquets Cargo desats.",
+	"repo.files.caption": "Fitxers del repositori (darrer commit primer)",
+	"repo.files.filename": "Nom del fitxer",
+	"repo.files.last_commit_message": "Missatge del darrer commit",
+	"repo.files.last_commit_date": "Data del darrer commit",
+	"packages.cargo.registry": "Configureu aquest registre en el fitxer de configuració de Cargo (per exemple <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Per instal·lar el paquet amb Cargo, executeu la comanda:",
+	"packages.chef.registry": "Configureu aquest registre en el vostre fitxer <code>~/.chef/config.rb</code>:",
+	"packages.composer.registry": "Configureu aquest registre en el vostre fitxer <code>~/.composer/config.json</code>:",
+	"packages.composer.install": "Per instal·lar el paquet amb Composer, executeu la comanda:",
+	"packages.conda.registry": "Configureu aquest registre com a un repositori Conda en el vostre fitxer <code>.condarc</code>:",
+	"packages.cran.registry": "Configureu aquest registre en el vostre fitxer <code>Rprofile.site</code>:",
+	"packages.maven.registry": "Configureu aquest registre en el fitxer <code>pom.xml</code> del vostre projecte:",
+	"packages.maven.install": "Per usar el paquet afegiu el següent en el bloc <code>dependencies</code> del fitxer <code>pom.xml</code>:",
+	"packages.npm.registry": "Configureu aquest registre en el fitxer <code>.npmrc</code> del vostre projecte:",
+	"packages.swift.install": "Afegiu el paquet en el vostre fitxer <code>Package.swift</code>:",
+	"packages.swift.install2": "i executeu la comanda:",
+	"packages.vagrant.install": "Per afegir una caixa Vagrant, executeu la comanda:",
+	"packages.owner.settings.cargo.title": "Índex de registre de Cargo",
+	"packages.owner.settings.cargo.rebuild.error": "No s'ha pogut reconstruir l'índex de Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "S'ha reconstruït l'índex de Cargo satisfactòriament.",
+	"packages.owner.settings.cargo.rebuild.no_index": "No es pot reconstruir, no s'ha inicialitzat l'índex.",
+	"packages.owner.settings.cleanuprules.title": "Normes de neteja",
+	"packages.owner.settings.cleanuprules.add": "Afegeix norma de neteja",
+	"packages.owner.settings.cleanuprules.edit": "Edita norma de neteja",
+	"packages.owner.settings.cleanuprules.none": "Encara no hi ha normes de neteja.",
+	"packages.owner.settings.cleanuprules.preview": "Resum de les normes de neteja",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d paquets programats per eliminar.",
+	"packages.owner.settings.cleanuprules.preview.none": "La norma de neteja no coincideix amb cap paquet.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Aplica el patró al nom sencer del paquet",
+	"packages.owner.settings.cleanuprules.keep.count": "Manté el més recent",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Manté les versions coincidents",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "La versió <code>latest</code> sempre es manté per paquets Container.",
+	"packages.owner.settings.cleanuprules.keep.title": "Les versions que coincideixen amb aquestes normes es mantenen, malgrat coincideixin amb una norma d'eliminació més avall.",
+	"packages.owner.settings.cleanuprules.remove.title": "Les versions que coincideixen amb aquestes normes s'eliminaran, a no ser que una norma més amunt la mantingui.",
+	"packages.owner.settings.cleanuprules.remove.days": "Elimina versions més antigues que",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Elimina versions coincidents",
+	"packages.owner.settings.cleanuprules.success.update": "S'ha actualitzat la norma de neteja.",
+	"packages.owner.settings.cleanuprules.success.delete": "S'ha eliminat la norma de neteja.",
+	"packages.owner.settings.chef.title": "Registre xef",
+	"packages.owner.settings.chef.keypair": "Genera parella de claus",
+	"packages.owner.settings.chef.keypair.description": "Les peticions enviades al registre Xef s'han de signar criptogràficament com a mesura d'autenticació. Quan es genera una parella de claus, només la clau pública es desa a Forgejo. La clau privada es mostra a vós per ser usada com a «knive». Generar una nova parella de claus reescriurà l'antiga.",
+	"access_token.error.specified_repos_none": "Els testimonis d'accés amb repositoris específics han de tenir almenys un repositori.",
+	"access_token.error.specified_repos_and_public_only": "Els testimonis d'accés amb repositoris específics no es poden combinar amb l'àmbit només-públic.",
+	"access_token.error.specified_repos_and_invalid_scope": "Els testimonis d'accés amb repositoris específics només es poden usar amb els àmbits read:issue, write:issue, read:repository, i write:repository.",
+	"actions.status.unknown": "Desconegut",
+	"actions.status.waiting": "Esperant",
+	"actions.status.running": "En execució",
+	"actions.status.success": "Succés",
+	"actions.status.failure": "Falla",
+	"actions.status.cancelled": "Cancel·lat",
+	"actions.status.skipped": "Ignorat",
+	"actions.status.blocked": "Bloquejat",
+	"actions.actions": "Accions",
+	"actions.runners": "Executors",
+	"actions.runners.runner_manage_panel": "Gestiona executors",
+	"actions.runners.new": "Crea un nou executor",
+	"actions.runners.new_notice": "Com iniciar un executor",
+	"actions.runners.status": "Estat",
+	"actions.runners.status.unspecified": "Desconegut",
+	"actions.runners.status.idle": "En repòs",
+	"actions.runners.status.active": "Actiu",
+	"actions.runners.status.offline": "Fora de línia",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Testimoni",
+	"actions.runners.ephemeral": "Efímer",
+	"actions.runners.version": "Versió",
+	"actions.runners.last_online": "Darrer temps en línia",
+	"actions.runners.list_runners.edit_column": "Edita",
+	"actions.runners.list_runners.delete_column": "Elimina",
+	"actions.runners.list_runners.delete_button": "Elimina",
+	"actions.runners.list_runners.delete_button_aria": "Elimina %s",
+	"actions.runners.list_runners.edit_button": "Edita",
+	"actions.runners.list_runners.edit_button_aria": "Edita %s",
+	"actions.runners.runner_title": "Executor %s",
+	"actions.runners.ephemeral.yes": "sí",
+	"actions.runners.ephemeral.no": "no",
+	"actions.runners.task_list_repo": "Tasques recents d'aquest repositori en aquest executor",
+	"actions.runners.task_list_org": "Tasques recents d'aquest executor en aquesta organització",
+	"actions.runners.task_list_admin": "Tasques recents d'aquest executor",
+	"actions.runners.task_list_user": "Tasques recents d'aquest usuari en aquest executor",
+	"actions.runners.task_list.no_tasks": "Encara no hi ha tasques.",
+	"actions.runners.task_list.run": "Executa",
+	"actions.runners.task_list.status": "Estat",
+	"actions.runners.task_list.done_at": "Realitzat a",
+	"actions.runners.edit_runner_button": "Edita executor",
+	"actions.runners.create_runner.page_title": "Crea un nou executor",
+	"actions.runners.create_runner.title": "Crea un nou executor",
+	"actions.runners.create_runner.properties_fieldset": "Propietats",
+	"actions.runners.create_runner.name_label": "Nom",
+	"actions.runners.create_runner.description_label": "Descripció",
+	"actions.runners.create_runner.create_button": "Crea",
+	"actions.runners.create_runner.cancel_button": "Cancel·la",
+	"actions.runners.edit_runner.page_title": "Edita executor %s",
+	"actions.runners.edit_runner.title": "Edita executor %s",
+	"actions.runners.edit_runner.properties_fieldset": "Propietats",
+	"actions.runners.edit_runner.properties_options": "Opcions",
+	"actions.runners.edit_runner.name_label": "Nom",
+	"actions.runners.edit_runner.description_label": "Descripció",
+	"actions.runners.edit_runner.regenerate_token_label": "Regenera testimoni",
+	"actions.runners.edit_runner.regenerate_token_help": "El testimoni actual s'invalidarà immediatament. Rebreu un nou testimoni en la pàgina següent.",
+	"actions.runners.edit_runner.save_button": "Desa",
+	"actions.runners.edit_runner.cancel_button": "Cancel·la"
 }
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index 05f501b5cd..b025aa8ccb 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -560,11 +560,8 @@
 	"actions.runners.uuid": "UUID",
 	"actions.runners.token": "Token",
 	"actions.runners.ephemeral": "Dočasný",
-	"actions.runners.list_runners.details_column": "Podrobnosti",
 	"actions.runners.list_runners.edit_column": "Upravit",
 	"actions.runners.list_runners.delete_column": "Odstranit",
-	"actions.runners.list_runners.details_button": "Podrobnosti",
-	"actions.runners.list_runners.details_button_aria": "Zobrazit podrobnosti %s",
 	"actions.runners.list_runners.delete_button": "Odstranit",
 	"actions.runners.list_runners.delete_button_aria": "Odstranit %s",
 	"actions.runners.list_runners.edit_button": "Upravit",
@@ -681,5 +678,9 @@
 	"user.activitypub_feed.is_empty": "Váš kanál Fediverse je prázdný.",
 	"user.activitypub_feed.hint": "Tento kanál zobrazuje aktivity z účtů Fediverse, které sledujete, a z federovaných příspěvků, které vás zmínily.",
 	"user.activitypub_feed.posted_on": "Zveřejněno na %[1]s",
-	"user.activitypub_feed.original_source": "Původní zdroj"
+	"user.activitypub_feed.original_source": "Původní zdroj",
+	"repo.files.caption": "Soubory repozitáře (poslední revize jako první)",
+	"repo.files.filename": "Název souboru",
+	"repo.files.last_commit_message": "Zpráva poslední revize",
+	"repo.files.last_commit_date": "Datum poslední revize"
 }
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 45d8e5b233..5e4b3784d7 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -19,7 +19,7 @@
 	"gpg.error.extract_sign": "Die Signatur konnte nicht extrahiert werden",
 	"gpg.error.generate_hash": "Es konnte kein Hash vom Commit generiert werden",
 	"gpg.error.no_committer_account": "Es ist kein Account mit der E-Mail-Adresse des Committers verbunden",
-	"gpg.error.no_gpg_keys_found": "Es konnte kein GPG-Schlüssel zu dieser Signatur gefunden werden",
+	"gpg.error.no_gpg_keys_found": "Es konnte kein bekannter Schlüssel zu dieser Signatur in der Datenbank gefunden werden",
 	"gpg.error.not_signed_commit": "Kein signierter Commit",
 	"gpg.error.failed_retrieval_gpg_keys": "Fehler beim Abrufen eines Schlüssels des Committer-Kontos",
 	"gpg.error.probable_bad_signature": "WARNHINWEIS! Obwohl ein Schlüssel mit dieser ID in der Datenbank existiert, verifiziert er nicht diesen Commit! Dieser Commit ist VERDÄCHTIG.",
@@ -541,11 +541,8 @@
 	"actions.runners.uuid": "UUID",
 	"actions.runners.token": "Token",
 	"actions.runners.ephemeral": "Vorübergehend",
-	"actions.runners.list_runners.details_column": "Details",
 	"actions.runners.list_runners.edit_column": "Bearbeiten",
 	"actions.runners.list_runners.delete_column": "Löschen",
-	"actions.runners.list_runners.details_button": "Details",
-	"actions.runners.list_runners.details_button_aria": "Details für %s anzeigen",
 	"actions.runners.list_runners.delete_button": "Löschen",
 	"actions.runners.list_runners.delete_button_aria": "%s löschen",
 	"actions.runners.list_runners.edit_button": "Bearbeiten",
@@ -661,5 +658,9 @@
 	"user.activitypub_feed.is_empty": "Dein Fediverse-Feed ist leer.",
 	"user.activitypub_feed.hint": "Dieser Feed zeigt Aktivitäten aus Fediverse-Konten, denen du folgst sowie föderierten Posts, die dich erwähnt haben.",
 	"user.activitypub_feed.posted_on": "Auf %[1]s gepostet",
-	"user.activitypub_feed.original_source": "Ursprüngliche Quelle"
+	"user.activitypub_feed.original_source": "Ursprüngliche Quelle",
+	"repo.files.caption": "Repository-Dateien (neuester Commit zuerst)",
+	"repo.files.filename": "Dateiname",
+	"repo.files.last_commit_message": "Letzte Commit-Nachricht",
+	"repo.files.last_commit_date": "Letztes Commit-Datum"
 }
diff --git a/options/locale_next/locale_el-GR.json b/options/locale_next/locale_el-GR.json
index e755e6d90a..f29e36bb2b 100644
--- a/options/locale_next/locale_el-GR.json
+++ b/options/locale_next/locale_el-GR.json
@@ -502,13 +502,10 @@
 	"actions.runners.create_runner.description_label": "Περιγραφή",
 	"actions.runners.ephemeral.yes": "ναι",
 	"actions.runners.ephemeral.no": "όχι",
-	"actions.runners.list_runners.details_column": "Λεπτομέρειες",
 	"actions.runners.list_runners.edit_column": "Επεξεργασία",
 	"actions.runners.list_runners.delete_column": "Διαγραφή",
 	"actions.runners.list_runners.delete_button": "Διαγραφή",
 	"actions.runners.uuid": "UUID",
-	"actions.runners.list_runners.details_button": "Λεπτομέρειες",
-	"actions.runners.list_runners.details_button_aria": "Εμφάνιση λεπτομερειών για %s",
 	"actions.runners.list_runners.delete_button_aria": "Διαγραφή %s",
 	"actions.runners.list_runners.edit_button": "Επεξεργασία",
 	"actions.runners.list_runners.edit_button_aria": "Επεξεργασία %s",
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index 1d39325ed3..93003c4477 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -1,19 +1,23 @@
 {
 	"counters.n_commits": {
 		"one": "%s commit",
-		"other": "%s commits"
+		"many": "%s commits",
+		"other": ""
 	},
 	"counters.n_branches": {
 		"one": "%s rama",
-		"other": "%s ramas"
+		"many": "%s ramas",
+		"other": ""
 	},
 	"counters.n_tags": {
 		"one": "%s etiqueta",
-		"other": "%s etiquetas"
+		"many": "%s etiquetas",
+		"other": ""
 	},
 	"counters.n_releases": {
 		"one": "%s lanzamiento",
-		"other": "%s versiones"
+		"many": "%s versiones",
+		"other": ""
 	},
 	"actions.actions": "Acciones",
 	"actions.status.unknown": "Desconocido",
@@ -47,7 +51,7 @@
 	"actions.runners.task_list.done_at": "Hecho en",
 	"actions.runners.update_runner.success": "Nodo actualizado correctamente",
 	"actions.runners.update_runner.failed": "Fallo al actualizar el nodo",
-	"actions.runners.delete_runner.success": "Nodo eliminado con éxito",
+	"actions.runners.delete_runner.success": "Nodo eliminado correctamente",
 	"actions.runners.delete_runner.failed": "Fallo al eliminar el nodo",
 	"actions.runners.delete_runner.header": "Confirma para eliminar el nodo",
 	"actions.runners.delete_runner.notice": "Si una tarea se está ejecutando en este nodo, se terminará y marcará como fallida. Puede romper el flujo de trabajo en curso.",
@@ -87,7 +91,7 @@
 	"dropzone.default_message": "Suelte archivos o haga clic aquí para subir.",
 	"dropzone.invalid_input_type": "No puede subir archivos de este tipo.",
 	"dropzone.file_too_big": "El tamaño del archivo ({{filesize}} MB) excede el tamaño máximo de ({{maxFilesize}} MB).",
-	"dropzone.remove_file": "Eliminar archivo",
+	"dropzone.remove_file": "Retirar archivo",
 	"munits.data.b": "B",
 	"munits.data.kib": "KiB",
 	"munits.data.mib": "MiB",
@@ -229,16 +233,16 @@
 	"packages.owner.settings.cleanuprules.edit": "Editar regla de limpieza",
 	"packages.owner.settings.cleanuprules.none": "No hay reglas de limpieza disponibles. Por favor, consulte la documentación.",
 	"packages.owner.settings.cleanuprules.preview": "Vista previa de regla de limpieza",
-	"packages.owner.settings.cleanuprules.preview.overview": "%d paquetes están programados para ser eliminados.",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d paquetes están planificados para ser retirados.",
 	"packages.owner.settings.cleanuprules.preview.none": "Regla de limpieza no coincide con ningún paquete.",
 	"packages.owner.settings.cleanuprules.pattern_full_match": "Aplicar patrón al nombre completo del paquete",
 	"packages.owner.settings.cleanuprules.keep.title": "Las versiones que coinciden con estas reglas son reales, incluso si coinciden con una regla de eliminación a continuación.",
 	"packages.owner.settings.cleanuprules.keep.count": "Mantener el más reciente",
 	"packages.owner.settings.cleanuprules.keep.pattern": "Mantener las versiones coincidentes",
 	"packages.owner.settings.cleanuprules.keep.pattern.container": "La <code>última</code> versión siempre es guardada en los paquetes de contenedor.",
-	"packages.owner.settings.cleanuprules.remove.title": "Se eliminan las versiones que coinciden con estas reglas, a menos que una regla anterior indique mantenerlas.",
-	"packages.owner.settings.cleanuprules.remove.days": "Eliminar versiones anteriores a",
-	"packages.owner.settings.cleanuprules.remove.pattern": "Eliminar versiones coincidentes",
+	"packages.owner.settings.cleanuprules.remove.title": "Se retiran las versiones que coinciden con estas reglas, a menos que una regla anterior indique mantenerlas.",
+	"packages.owner.settings.cleanuprules.remove.days": "Retirar versiones anteriores a",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Retirar versiones coincidentes",
 	"packages.owner.settings.cleanuprules.success.update": "Regla de limpieza ha sido actualizada.",
 	"packages.owner.settings.cleanuprules.success.delete": "Regla de limpieza ha sido eliminada.",
 	"packages.owner.settings.chef.title": "Registro de Chef",
@@ -446,5 +450,112 @@
 	"mail.issue.action.close_by_commit": "%[1]s cerró %[2]s en la confirmación %[3]s.",
 	"repo.diff.commit.next-short": "Siguiente",
 	"admin.config.global_2fa_requirement.all": "Todos los usuarios",
-	"admin.config.global_2fa_requirement.admin": "Administradores"
+	"admin.config.global_2fa_requirement.admin": "Administradores",
+	"repo.pulls.auto_merge.no_permission": "No tiene permisos para cancelar esta fusión automática de solicitud de incorporación.",
+	"repo.pulls.poster_trust_always": "Siempre aprobar",
+	"repo.pulls.maintainers_can_edit": "Los mantenedores pueden editar esta solicitud de incorporación de cambios.",
+	"repo.pulls.maintainers_cannot_edit": "Los mantenedores no pueden editar esta solicitud de incorporación de cambios.",
+	"migrate.select.title": "Migrar repositorio",
+	"search.fuzzy": "Difuso",
+	"search.fuzzy_tooltip": "Incluir resultados es una coincidencia aproximada para el término de búsqueda",
+	"install.ssh_authorized_keys_unexpected_key": "Habilitar SSH para Forgejo en conflicto con el archivo localizado en %s que contiene claves SSH existentes. Sugerencia: utilice un sistema dedicado de usuario para Forgejo, o inhabilite SSH.",
+	"keys.verify.token.hint": "El token siempre es válido por 1 minuto. <a href=\"%[1]s\">Obtenga uno nuevo si caduca</a>.",
+	"admin.federation.federation": "Federación",
+	"admin.federation.hosts": "Hospedajes",
+	"admin.federation.hosts.title": "Hospedajes de la Federación",
+	"admin.federation.hosts.manage_panel": "Gestionar hospedajes de federación",
+	"admin.federation.hosts.details_panel": "Detalles de hospedajes de federación",
+	"admin.federation.hosts.show_details": "Muestra detalles del hospedaje",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.port": "Puerto",
+	"admin.federation.host.software_name": "Software",
+	"admin.federation.host.created": "Creado",
+	"admin.federation.host.updated": "Actualizado",
+	"admin.federation.host.latest_activity": "Actividad última",
+	"admin.federation.users": "Usuarios",
+	"admin.federation.users.title": "Usuarios federados",
+	"admin.federation.users.manage_panel": "Gestionar usuarios federados",
+	"admin.federation.users.show_local_user": "Muestra detalles de usuario local",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "ID de usuario local",
+	"admin.federation.user.external_id": "ID de usuario externo",
+	"admin.federation.user.inbox_path": "Ruta de buzón",
+	"admin.config.federation": "Configuración de federación",
+	"admin.config.federation.enabled": "Habilitado",
+	"admin.config.federation.share_user_statistics": "Compartir estadísticas de usuario con otros huéspedes",
+	"admin.config.federation.max_size": "Tamaño máximo de respuesta concedida",
+	"admin.config.federation.signature_enforced": "Requiere firmas HTTP",
+	"admin.config.federation.signature_algorithms": "Algoritmo de firma",
+	"admin.config.federation.digest_algorithm": "Algoritmo digest de firma",
+	"admin.config.federation.get_headers": "Cabeceras GET firmadas",
+	"admin.config.federation.post_headers": "Cabeceras POST firmadas",
+	"moderation.report.mark_as_handled": "Marcar como manipulado",
+	"moderation.users.cannot_suspend_self": "No se puede suspenderse para sí.",
+	"moderation.users.cannot_delete_admins": "Los usuarios con privilegios admin no pueden ser eliminados.",
+	"mail.actions.run_info_cur_status": "Este estado de ejecución: %[1]s (acaba de actualizarlo desde %[2]s)",
+	"mail.actions.run_info_previous_status": "Estado precio de ejecución: %[1]s",
+	"repo.diff.commit.previous-short": "Ant",
+	"discussion.locked": "Esta discusión ha sido bloqueada. Comentar está limitado a los contribuidores.",
+	"discussion.sidebar.reference": "Referencia",
+	"editor.textarea.tab_hint": "Línea ya sangrado. Presione <kbd>Tab</kbd> de nuevo o <kbd>Esc</kbd> para abandonar el editor.",
+	"editor.textarea.shift_tab_hint": "Ningún sangrado en esta línea. Pulse <kbd>Mayús</kbd> + <kbd>Tab</kbd> de nuevo o <kbd>Esc</kbd> para abandonar el editor.",
+	"admin.auths.allow_username_change": "Concede cambio de nombre de usuario",
+	"admin.auths.allow_username_change.description": "Concede a usuarios cambiar su nombre de usuario en los ajustes del perfil",
+	"admin.dashboard.cleanup_offline_runners": "Vaciar ejecutantes desconectados",
+	"admin.dashboard.remove_resolved_reports": "Retirar reportes resueltos",
+	"admin.dashboard.actions_action_user": "Revocar confianza de Acción Forgejo a usuarios inactivos",
+	"admin.dashboard.transfer_lingering_logs": "Registros de acción de transferencia de tareas de acciones finalizadas desde la base de datos al almacenaje",
+	"admin.config.security": "Configuración de seguridad",
+	"admin.config.global_2fa_requirement.title": "Requerimiento de dos factores globales",
+	"admin.config.global_2fa_requirement.none": "No",
+	"settings.visibility.description": "Efectos de visibilidad del perfil de habilidad de otros para acceder a sus repositorios no privados. <a href=\"%s\" target=\"_blank\">Aprender más</a>.",
+	"settings.twofa_unroll_unavailable": "Se requiere autenticación de dos factores para su cuenta y no puede ser inhabilitado.",
+	"settings.twofa_reenroll": "Re‐inscribirse autenticación de dos factores",
+	"settings.twofa_reenroll.description": "Re‐inscribirse su autenticación de dos factores",
+	"settings.must_enable_2fa": "Esta instancia de Forfejo requiere que los usuarios habiliten autenticación de dos factores porque pueden acceder a sus cuentas.",
+	"settings.specific_repo_access": "Acceso al repositorio",
+	"settings.new_access_token": "Nuevo token de acceso",
+	"settings.permissions_access_specific_repositories": "Repositorios específicos",
+	"settings.access_token.selected_repositories": {
+		"one": "Repositorio seleccionado (%d)",
+		"many": "Repositorios seleccionados (%d)",
+		"other": "Repositorios seleccionados (%d)"
+	},
+	"settings.access_token.available_repositories": "Repositorios disponibles",
+	"settings.access_token.no_repositories_selected": "Ningún repositorio seleccionado.",
+	"settings.access_token.no_repositories_found": "Ningún repositorio encontrado.",
+	"settings.access_token.remove": "Retirar %s",
+	"settings.access_token.resource_all_help": "Concede acceso a todos los repositorios.",
+	"settings.access_token.resource_public_only_help": "Limita acceso a repositorios y organizaciones que son públicas.",
+	"settings.access_token.resource_specific_repo_help": "Limita acceso a un listado específico de repositorios. Está permitido el acceso de solo lectura a todos los repositorios públicos. Solo pueden ser habilitados los permisos que concedan acceso al repositorios e incidencias.",
+	"settings.access_token.admin_disabled": "Los permisos administrativos están inhabilitados.",
+	"error.must_enable_2fa": "Esta instancia de Forgejo requiere usuarios para habilitar autenticación de dos factores antes que puedan acceder a sus cuentas. Habilítela en: %s",
+	"avatar.constraints_hint": "El avatar personal puede superar %[1]s en tamaño o sea mayor que %[2]dx%[3]d píxeles",
+	"user.activitypub_feed.posted_on": "Publicado en %[1]s",
+	"user.activitypub_feed.original_source": "Fuente original",
+	"user.ghost.tooltip": "Este usuario ha sido eliminado, o no puede ser emparejado.",
+	"og.repo.summary_card.alt_description": "Ficha resumen del repositorio %[1]s, descrito como: %[2]s",
+	"repo.commit.load_tags_failed": "La carga de etiquetas falló debido a un error interno",
+	"compare.branches.title": "Comparar ramificaciones",
+	"migrate.pagure.description": "Migra datos desde pagure.io u otras instancias Pagure.",
+	"migrate.pagure.incorrect_url": "Ha sido proporcionada una URL de repositorio origen incorrecta",
+	"migrate.pagure.project_url": "URL de proyecto en Pagure",
+	"migrate.pagure.project_example": "La URL del proyecto Pagure, p.e., https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Token de API Pagure",
+	"migrate.pagure.private_issues.summary": "Incidencias privadas (Opcional)",
+	"packages.common.install": "Para instalar el paquete, ejecute el siguiente comando:",
+	"packages.common.registry": "Configure este registro desde la línea de comando:",
+	"packages.common.repository": "Informe de repositorio",
+	"packages.alt.setup": "Añada un repositorio al listado de repositorios conectados (elija la arquitectura necesaria en vez de \"_arch_\"):",
+	"packages.owner.settings.cargo.rebuild.no_index": "No se puede reconstruir, ningún índice está inicializado.",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Token",
+	"actions.runners.ephemeral": "Ephemeral",
+	"actions.runners.version": "Versión",
+	"actions.runners.list_runners.edit_column": "Editar",
+	"actions.runners.list_runners.delete_column": "Eliminar",
+	"teams.remove_all_repos.modal.header": "Retira todos los repositorios",
+	"admin.auths.oauth2_quota_group_map_removal": "Retire los usuarios desde los grupos de cuota sincronizados si el usuario no pertenece al grupo correspondiente.",
+	"actions.runners.list_runners.delete_button": "Eliminar",
+	"actions.runners.list_runners.delete_button_aria": "Eliminar"
 }
diff --git a/options/locale_next/locale_et.json b/options/locale_next/locale_et.json
index d7138925cf..bf84f24ef4 100644
--- a/options/locale_next/locale_et.json
+++ b/options/locale_next/locale_et.json
@@ -73,5 +73,19 @@
 		"other": "%s koodiharu"
 	},
 	"compare.branches.title": "Võrdle alamharusid",
-	"repo.settings.push_mirror.branch_filter.label": "Alamharude filter (kui soovid)"
+	"repo.settings.push_mirror.branch_filter.label": "Alamharude filter (kui soovid)",
+	"repo.issues.filter_poster.hint": "Filtreeri autori põhjal",
+	"repo.issues.filter_assignee.hint": "Filtreeri määratud kasutaja põjal",
+	"repo.issues.filter_reviewers.hint": "Filtreeri ülevaataja põhjal",
+	"repo.issues.filter_mention.hint": "Filtreeri mainitud kasutaja põhjal",
+	"repo.issues.filter_modified.hint": "Filter viimati muudetud kuupäeva põhjal",
+	"repo.issues.filter_sort.hint_with_placeholder": "Sordi: %s",
+	"issues.updated": "uuendatud %s",
+	"repo.pulls.poster_requires_approval": "Mõned töövood <a href=\"%[1]s\">ootavad läbivaatamist</a>.",
+	"repo.pulls.poster_trust_deny": "Keeldu",
+	"repo.pulls.poster_trust_deny.tooltip": "Töövood, mis ootavad heakskiitu, tühistatakse.",
+	"repo.pulls.poster_trust_once": "Luba üks kord",
+	"repo.pulls.poster_trust_always": "Luba alati",
+	"repo.pulls.poster_trust_revoke": "Tühista",
+	"migrate.select.title": "Migreeri hoidla"
 }
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 5d03276981..5afeb6ae3b 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -556,11 +556,8 @@
 	"actions.runners.uuid": "UUID",
 	"actions.runners.token": "Token",
 	"actions.runners.ephemeral": "Ephemeral",
-	"actions.runners.list_runners.details_column": "Mga detalye",
 	"actions.runners.list_runners.edit_column": "I-edit",
 	"actions.runners.list_runners.delete_column": "Burahin",
-	"actions.runners.list_runners.details_button": "Mga detalye",
-	"actions.runners.list_runners.details_button_aria": "Ipakita ang mga detalye ng %s",
 	"actions.runners.list_runners.delete_button": "Burahin",
 	"actions.runners.list_runners.delete_button_aria": "Burahin ang %s",
 	"actions.runners.list_runners.edit_button": "I-edit",
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index 0fd20579db..d5da596307 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -545,10 +545,8 @@
 	"issues.filters.labels.unexclude": "Enlever les exclusions",
 	"repo.pulls.auto_merge.no_permission": "Vous n'avez pas la permission d'annuler la fusion automatique de cette pull request.",
 	"settings.specific_repo_access": "Accès au dépôt",
-	"actions.runners.list_runners.details_column": "Détails",
 	"actions.runners.list_runners.edit_column": "Modifier",
 	"actions.runners.list_runners.delete_column": "Supprimer",
-	"actions.runners.list_runners.details_button_aria": "Afficher les détails de %s",
 	"actions.runners.create_runner.properties_fieldset": "Propriétés",
 	"actions.runners.create_runner.create_button": "Créer",
 	"actions.runners.edit_runner.properties_fieldset": "Propriétés",
@@ -559,7 +557,6 @@
 	"settings.new_access_token": "Nouveau jeton d'accès",
 	"actions.runners.uuid": "UUID",
 	"actions.runners.ephemeral": "Éphémère",
-	"actions.runners.list_runners.details_button": "Détails",
 	"actions.runners.list_runners.delete_button": "Supprimer",
 	"actions.runners.list_runners.delete_button_aria": "Supprimer %s",
 	"actions.runners.list_runners.edit_button": "Modifier",
@@ -635,5 +632,9 @@
 	"admin.config.federation.enabled": "Activé",
 	"settings.access_token.resource_all_help": "Autoriser l'accès à toutes les ressources.",
 	"user.activitypub_feed.posted_on": "Posté sur %[1]s",
-	"actions.runners.version": "Version"
+	"actions.runners.version": "Version",
+	"repo.files.filename": "Fichier",
+	"repo.files.last_commit_message": "Dernier message de commit",
+	"repo.files.last_commit_date": "Date du dernier commit",
+	"admin.federation.host.created": "Créé"
 }
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index 70003eface..0a011e349b 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -654,11 +654,8 @@
 	"actions.runners.token": "Comhartha",
 	"actions.runners.ephemeral": "Sealadach",
 	"actions.runners.version": "Leagan",
-	"actions.runners.list_runners.details_column": "Sonraí",
 	"actions.runners.list_runners.edit_column": "Cuir in Eagar",
 	"actions.runners.list_runners.delete_column": "Scrios",
-	"actions.runners.list_runners.details_button": "Sonraí",
-	"actions.runners.list_runners.details_button_aria": "Taispeáin sonraí %s",
 	"actions.runners.list_runners.delete_button": "Scrios",
 	"actions.runners.list_runners.delete_button_aria": "Scrios %s",
 	"actions.runners.list_runners.edit_button": "Cuir in Eagar",
diff --git a/options/locale_next/locale_id-ID.json b/options/locale_next/locale_id-ID.json
index db7579d252..9c21ad9cc7 100644
--- a/options/locale_next/locale_id-ID.json
+++ b/options/locale_next/locale_id-ID.json
@@ -11,14 +11,14 @@
 	"notification.mark_as_unread": "Tandai sebagai belum dibaca",
 	"notification.mark_all_as_read": "Tandai semua sudah dibaca",
 	"dropzone.default_message": "Jatuhkan berkas disini atau klik untuk mengunggah.",
-	"dropzone.invalid_input_type": "Anda tidak bisa mengunggah berkas jenis ini.",
+	"dropzone.invalid_input_type": "File jenis ini tidak dapat diunggah.",
 	"dropzone.file_too_big": "Ukuran berkas ({{filesize}} MB) melebihi ukuran maksimum ({{maxFilesize}} MB).",
 	"dropzone.remove_file": "Hilangkan berkas",
 	"packages.filter.type": "Jenis",
 	"packages.alpine.repository.branches": "Cabang",
 	"packages.alpine.repository.repositories": "Repositori",
 	"repo.pulls.merged_title_desc": "commit %[1]d telah digabungkan dari <code>%[2]s</code> menjadi <code>%[3]s</code> %[4]s",
-	"repo.pulls.title_desc": "ingin menggabungkan komit %[1]d dari <code>%[2]s</code> menuju <code id=\"%[4]s\">%[3]s</code>",
+	"repo.pulls.title_desc": "ingin menggabungkan commit %[1]d dari <code>%[2]s</code> menuju <code id=\"%[4]s\">%[3]s</code>",
 	"moderation.abuse_category.malware": "Perangkat pembahaya",
 	"pulse.n_active_issues": "%s Masalah Aktif",
 	"pulse.n_active_prs": "%s Tarik permintaan aktif",
@@ -167,5 +167,436 @@
 	"actions.runners.task_list.run": "Lari",
 	"actions.runners.task_list.repository": "Repositori",
 	"actions.runners.task_list.commit": "Memperbuat",
-	"meta.last_line": "Terima kasih telah menerjemahkan Forgejo! Baris ini tidak terlihat oleh pengguna, tetapi memiliki fungsi lain dalam manajemen terjemahan. Anda dapat menambahkan fakta menarik dalam terjemahan alih-alih menerjemahkannya."
+	"meta.last_line": "Terima kasih telah menerjemahkan Forgejo! Baris ini tidak terlihat oleh pengguna, tetapi memiliki fungsi lain dalam manajemen terjemahan. Anda dapat menambahkan fakta menarik dalam terjemahan alih-alih menerjemahkannya.",
+	"fork.n_forks": "%s fork",
+	"stars.n_stars": "%s bintang",
+	"watch.n_watchers": "%s pengamat",
+	"repo.issues.filter_poster.hint": "Filter berdasarkan penulis",
+	"repo.issues.filter_assignee.hint": "Filter berdasarkan pengguna yang ditugaskan",
+	"repo.issues.filter_reviewers.hint": "Filter berdasarkan pengguna yang meninjau",
+	"repo.issues.filter_mention.hint": "Filter berdasarkan pengguna yang disebutkan",
+	"repo.issues.filter_modified.hint": "Filter berdasarkan tanggal terakhir diubah",
+	"repo.issues.filter_sort.hint_with_placeholder": "Urutkan berdasarkan: %s",
+	"issues.updated": "diperbarui %s",
+	"issues.filters.labels.exclude": "Kecualikan label",
+	"issues.filters.labels.unexclude": "Hapus pengecualian",
+	"repo.pulls.auto_merge.no_permission": "Anda tidak memiliki izin untuk membatalkan penggabungan otomatis permintaan tarik ini.",
+	"repo.pulls.poster_manage_approval": "Kelola persetujuan",
+	"repo.pulls.poster_requires_approval": "Beberapa alur kerja <a href=\"%[1]s\">menunggu untuk ditinjau</a>.",
+	"repo.pulls.poster_requires_approval.tooltip": "Penulis permintaan tarik ini tidak dipercaya untuk menjalankan alur kerja yang dipicu oleh permintaan tarik yang dibuat dari repositori yang di-fork atau dengan AGit. Alur kerja yang dipicu oleh peristiwa `pull_request` tidak akan berjalan sampai disetujui.",
+	"repo.pulls.poster_is_trusted": "Penulis permintaan tarik ini <a href=\"%[1]s\">selalu dipercaya untuk menjalankan alur kerja</a>.",
+	"repo.pulls.poster_is_trusted.tooltip": "Penulis permintaan tarik ini secara eksplisit dipercaya untuk menjalankan alur kerja yang dipicu oleh peristiwa `pull_request`.",
+	"repo.pulls.poster_trust_deny": "Tolak",
+	"repo.pulls.poster_trust_deny.tooltip": "Alur kerja yang menunggu persetujuan akan dibatalkan.",
+	"repo.pulls.poster_trust_once": "Setujui sekali",
+	"repo.pulls.poster_trust_once.tooltip": "Alur kerja yang dipicu oleh peristiwa `pull_request` akan berjalan pada commit ini tetapi perlu disetujui untuk semua commit mendatang yang didorong ke permintaan tarik ini.",
+	"repo.pulls.poster_trust_always": "Selalu setujui",
+	"repo.pulls.poster_trust_always.tooltip": "Alur kerja yang dipicu oleh peristiwa `pull_request` akan berjalan pada commit ini dan tidak perlu lagi menyetujui jalannya dari permintaan tarik ini atau permintaan tarik mendatang yang dibuat oleh pengguna yang sama.",
+	"repo.pulls.poster_trust_revoke": "Cabut",
+	"repo.pulls.poster_trust_revoke.tooltip": "Penulis permintaan tarik ini tidak lagi dipercaya untuk menjalankan alur kerja yang dipicu oleh peristiwa `pull_request`, setiap jalannya harus disetujui secara manual.",
+	"repo.view.gitmodules_too_large": "File .gitmodules terlalu besar dan akan diabaikan (misalnya pada pemanggilan API)",
+	"migrate.select.title": "Migrasi repositori",
+	"migrate.items.labels": "Label",
+	"migrate.items.merge_requests": "Permintaan gabung",
+	"migrate.in_progress.git": "Migrasi data Git",
+	"migrate.in_progress.topics": "Migrasi topik",
+	"migrate.in_progress.milestones": "Migrasi tonggak pencapaian",
+	"migrate.in_progress.labels": "Migrasi label",
+	"migrate.in_progress.releases": "Migrasi rilis",
+	"migrate.in_progress.issues": "Migrasi isu",
+	"migrate.in_progress.pulls": "Migrasi permintaan tarik",
+	"migrate.cancel.title": "Batalkan migrasi",
+	"migrate.cancel.confirmation": "Apakah Anda ingin membatalkan migrasi ini?",
+	"search.syntax": "Sintaks pencarian",
+	"search.fuzzy": "Fuzzy",
+	"search.fuzzy_tooltip": "Sertakan hasil yang kira-kira cocok dengan kata kunci pencarian",
+	"install.ssh_authorized_keys_inspection_error": "Gagal memeriksa file authorized_keys yang ada: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Mengaktifkan SSH untuk Forgejo berkonflik dengan file yang terletak di %s yang berisi kunci SSH yang ada. Saran: gunakan pengguna sistem khusus untuk Forgejo, atau nonaktifkan SSH.",
+	"keys.verify.token.hint": "Token hanya berlaku selama 1 menit. <a href=\"%s\">Dapatkan yang baru jika sudah kedaluwarsa</a>.",
+	"admin.federation.federation": "Federasi",
+	"admin.federation.hosts": "Host",
+	"admin.federation.hosts.title": "Host federasi",
+	"admin.federation.hosts.manage_panel": "Kelola host federasi",
+	"admin.federation.hosts.details_panel": "Detail host federasi",
+	"admin.federation.hosts.show_details": "Tampilkan detail host",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "Skema",
+	"admin.federation.host.port": "Port",
+	"admin.federation.host.software_name": "Perangkat lunak",
+	"admin.federation.host.created": "Dibuat",
+	"admin.federation.host.updated": "Diperbarui",
+	"admin.federation.host.latest_activity": "Aktivitas terbaru",
+	"admin.federation.users": "Pengguna",
+	"admin.federation.users.title": "Pengguna terfederasi",
+	"admin.federation.users.manage_panel": "Kelola pengguna terfederasi",
+	"admin.federation.users.show_local_user": "Tampilkan detail pengguna lokal",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "ID pengguna lokal",
+	"admin.federation.user.external_id": "ID pengguna eksternal",
+	"admin.federation.user.inbox_path": "Jalur kotak masuk",
+	"admin.config.federation": "Konfigurasi federasi",
+	"admin.config.federation.enabled": "Diaktifkan",
+	"admin.config.federation.share_user_statistics": "Bagikan statistik pengguna dengan host lain",
+	"admin.config.federation.max_size": "Ukuran respons maksimum yang diizinkan",
+	"admin.config.federation.signature_enforced": "Wajibkan tanda tangan HTTP",
+	"admin.config.federation.signature_algorithms": "Algoritma tanda tangan",
+	"admin.config.federation.digest_algorithm": "Algoritma intisari tanda tangan",
+	"admin.config.federation.get_headers": "Header GET yang ditandatangani",
+	"admin.config.federation.post_headers": "Header POST yang ditandatangani",
+	"moderation.report.mark_as_handled": "Tandai sebagai ditangani",
+	"moderation.report.mark_as_ignored": "Tandai sebagai diabaikan",
+	"moderation.action.account.delete": "Hapus akun",
+	"moderation.action.account.suspend": "Tangguhkan akun",
+	"moderation.action.repo.delete": "Hapus repositori",
+	"moderation.action.issue.delete": "Hapus isu",
+	"moderation.action.comment.delete": "Hapus komentar",
+	"moderation.unknown_action": "Aksi tidak dikenal",
+	"moderation.users.cannot_suspend_self": "Anda tidak dapat menangguhkan diri sendiri.",
+	"moderation.users.cannot_suspend_admins": "Pengguna dengan hak istimewa admin tidak dapat ditangguhkan.",
+	"moderation.users.cannot_suspend_org": "Organisasi tidak dapat ditangguhkan.",
+	"moderation.users.already_suspended": "Akun pengguna sudah ditangguhkan.",
+	"moderation.users.suspend_success": "Akun pengguna telah ditangguhkan.",
+	"moderation.users.cannot_delete_admins": "Pengguna dengan hak istimewa admin tidak dapat dihapus.",
+	"moderation.issue.deletion_success": "Isu telah dihapus.",
+	"moderation.comment.deletion_success": "Komentar telah dihapus.",
+	"admin.dashboard.actions_action_user": "Cabut kepercayaan Forgejo Actions untuk pengguna yang tidak aktif",
+	"admin.dashboard.transfer_lingering_logs": "Transfer log aksi dari pekerjaan aksi yang selesai dari basis data ke penyimpanan",
+	"settings.specific_repo_access": "Akses repositori",
+	"settings.new_access_token": "Token akses baru",
+	"settings.permissions_access_specific_repositories": "Repositori tertentu",
+	"settings.access_token.selected_repositories": "Repositori yang dipilih (%d)",
+	"settings.access_token.available_repositories": "Repositori yang tersedia",
+	"settings.access_token.no_repositories_selected": "Tidak ada repositori yang dipilih.",
+	"settings.access_token.no_repositories_found": "Tidak ada repositori yang ditemukan.",
+	"settings.access_token.remove": "Hapus %s",
+	"settings.access_token.resource_all_help": "Izinkan akses ke semua sumber daya.",
+	"settings.access_token.resource_public_only_help": "Batasi akses ke repositori dan organisasi yang bersifat publik.",
+	"settings.access_token.resource_specific_repo_help": "Batasi akses ke daftar repositori tertentu. Akses hanya-baca diizinkan untuk semua repositori publik. Hanya izin yang memungkinkan akses ke repositori dan issue yang dapat diaktifkan.",
+	"settings.access_token.admin_disabled": "Izin administratif dinonaktifkan.",
+	"user.activitypub_feed.feed": "Umpan Fediverse",
+	"user.activitypub_feed.no_activity": "Tidak ada aktivitas fediverse",
+	"user.activitypub_feed.is_empty": "Umpan fediverse Anda kosong.",
+	"user.activitypub_feed.hint": "Umpan ini menampilkan aktivitas dari akun fediverse yang Anda ikuti, serta postingan terfederasi yang menyebut Anda.",
+	"user.activitypub_feed.posted_on": "Diposting pada %s",
+	"user.activitypub_feed.original_source": "Sumber asli",
+	"release.n_downloads": "%s unduhan",
+	"gpg.default_key": "Ditandatangani dengan kunci default",
+	"gpg.error.no_committer_account": "Tidak ada akun yang terhubung ke alamat email pembuat komit",
+	"gpg.error.failed_retrieval_gpg_keys": "Gagal mengambil kunci yang terlampir pada akun pembuat komit",
+	"gpg.error.probable_bad_signature": "PERINGATAN! Meskipun ada kunci dengan ID ini di basis data, kunci tersebut tidak memverifikasi commit ini! Commit ini MENCURIGAKAN.",
+	"gpg.error.probable_bad_default_signature": "PERINGATAN! Meskipun kunci default memiliki ID ini, kunci tersebut tidak memverifikasi commit ini! Commit ini MENCURIGAKAN.",
+	"notification.no_unread": "Tidak ada pemberitahuan yang belum dibaca.",
+	"notification.no_read": "Tidak ada pemberitahuan yang sudah dibaca.",
+	"notification.subscriptions": "Langganan",
+	"notification.watching": "Sedang diamati",
+	"notification.no_subscriptions": "Anda tidak memiliki langganan.",
+	"munits.data.b": "B",
+	"munits.data.kib": "KiB",
+	"munits.data.mib": "MiB",
+	"munits.data.gib": "GiB",
+	"munits.data.tib": "TiB",
+	"munits.data.pib": "PiB",
+	"munits.data.eib": "EiB",
+	"counters.n_commits": "%s komit",
+	"counters.n_branches": "%s cabang",
+	"counters.n_tags": "%s tag",
+	"counters.n_releases": "%s rilis",
+	"packages.title": "Paket",
+	"packages.empty": "Belum ada paket.",
+	"packages.empty.documentation": "Untuk informasi lebih lanjut tentang registri paket, lihat <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentasi</a>.",
+	"packages.empty.repo": "Apakah Anda mengunggah paket tetapi tidak muncul di sini? Buka <a href=\"%[1]s\">pengaturan paket</a> dan tautkan ke repositori ini.",
+	"packages.registry.documentation": "Untuk informasi lebih lanjut tentang registri %s, lihat <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">dokumentasi</a>.",
+	"packages.filter.type.all": "Semua",
+	"packages.filter.no_result": "Filter Anda tidak menghasilkan hasil apa pun.",
+	"packages.filter.container.tagged": "Diberi tag",
+	"packages.filter.container.untagged": "Tanpa tag",
+	"packages.published_by": "Diterbitkan %[1]s oleh <a href=\"%[2]s\">%[3]s</a>",
+	"packages.published_by_in": "Diterbitkan %[1]s oleh <a href=\"%[2]s\">%[3]s</a> in <a href=\"%[4]s\"><strong>%[5]s</strong></a>",
+	"packages.pub.install": "Untuk menginstal paket menggunakan Dart, jalankan perintah berikut:",
+	"packages.installation": "Instalasi",
+	"packages.about": "Tentang paket ini",
+	"packages.requirements": "Persyaratan",
+	"packages.dependencies": "Ketergantungan",
+	"packages.keywords": "Kata kunci",
+	"packages.details": "Detail",
+	"packages.details.author": "Penulis",
+	"packages.details.project_site": "Situs web proyek",
+	"packages.details.repository_site": "Situs web repositori",
+	"packages.details.documentation_site": "Situs web dokumentasi",
+	"packages.details.license": "Lisensi",
+	"packages.assets": "Aset",
+	"packages.versions": "Versi",
+	"packages.versions.view_all": "Lihat semua",
+	"packages.dependency.id": "ID",
+	"packages.dependency.version": "Versi",
+	"packages.search_in_external_registry": "Cari di %s",
+	"packages.common.install": "Untuk menginstal paket, jalankan perintah berikut:",
+	"packages.common.registry": "Siapkan registri ini dari baris perintah:",
+	"packages.common.repository": "Info repositori",
+	"packages.alpine.registry": "Siapkan registri ini dengan menambahkan URL di file <code>/etc/apk/repositories</code> Anda:",
+	"packages.alpine.registry.key": "Unduh kunci RSA publik registri ke folder <code>/etc/apk/keys/</code> untuk memverifikasi tanda tangan indeks:",
+	"packages.alpine.registry.info": "Pilih $branch dan $repository dari daftar di bawah ini.",
+	"packages.alpine.repository.architectures": "Arsitektur",
+	"packages.arch.pacman.helper.gpg": "Tambahkan sertifikat kepercayaan untuk pacman:",
+	"packages.arch.pacman.repo.multi": "%s memiliki versi yang sama di berbagai distribusi.",
+	"packages.arch.pacman.repo.multi.item": "Konfigurasi untuk %s",
+	"packages.arch.pacman.conf": "Tambahkan server dengan distribusi dan arsitektur terkait ke <code>/etc/pacman.conf</code>:",
+	"packages.arch.pacman.sync": "Sinkronkan paket dengan pacman:",
+	"packages.arch.version.properties": "Properti versi",
+	"packages.arch.version.description": "Deskripsi",
+	"packages.arch.version.provides": "Menyediakan",
+	"packages.arch.version.groups": "Grup",
+	"packages.arch.version.optdepends": "Ketergantungan opsional",
+	"packages.arch.version.makedepends": "Ketergantungan pembuatan",
+	"packages.arch.version.checkdepends": "Ketergantungan pemeriksaan",
+	"packages.arch.version.conflicts": "Konflik",
+	"packages.arch.version.replaces": "Menggantikan",
+	"packages.arch.version.backup": "Cadangan",
+	"packages.cargo.registry": "Siapkan registri ini di file konfigurasi Cargo (misalnya <code>~/.cargo/config.toml</code>):",
+	"packages.cargo.install": "Untuk menginstal paket menggunakan Cargo, jalankan perintah berikut:",
+	"packages.chef.registry": "Siapkan registri ini di file <code>~/.chef/config.rb</code> Anda:",
+	"packages.composer.registry": "Siapkan registri ini di file <code>~/.composer/config.json</code> Anda:",
+	"packages.composer.install": "Untuk menginstal paket menggunakan Composer, jalankan perintah berikut:",
+	"packages.composer.dependencies.development": "Ketergantungan pengembangan",
+	"packages.conan.install": "Untuk menginstal paket menggunakan Conan, jalankan perintah berikut:",
+	"packages.conda.registry": "Siapkan registri ini sebagai repositori Conda di file <code>.condarc</code> Anda:",
+	"packages.conda.install": "Untuk menginstal paket menggunakan Conda, jalankan perintah berikut:",
+	"packages.container.images.title": "Gambar",
+	"packages.container.details.type": "Jenis gambar",
+	"packages.container.details.platform": "Platform",
+	"packages.container.pull": "Tarik gambar dari baris perintah:",
+	"packages.container.digest": "Intisari",
+	"packages.container.multi_arch": "OS / Arsitektur",
+	"packages.container.layers": "Lapisan gambar",
+	"packages.container.labels": "Label",
+	"packages.container.labels.key": "Kunci",
+	"packages.container.labels.value": "Nilai",
+	"packages.cran.registry": "Siapkan registri ini di file <code>Rprofile.site</code> Anda:",
+	"packages.debian.registry.info": "Pilih $distribution dan $component dari daftar di bawah ini.",
+	"packages.debian.repository.distributions": "Distribusi",
+	"packages.debian.repository.components": "Komponen",
+	"packages.debian.repository.architectures": "Arsitektur",
+	"packages.generic.download": "Unduh paket dari baris perintah:",
+	"packages.go.install": "Instal paket dari baris perintah:",
+	"packages.maven.registry": "Siapkan registri ini di file <code>pom.xml</code> proyek Anda:",
+	"packages.maven.install": "Untuk menggunakan paket, sertakan yang berikut ini di blok <code>dependencies</code> dalam file <code>pom.xml</code>:",
+	"packages.maven.install2": "Jalankan melalui baris perintah:",
+	"packages.maven.download": "Untuk mengunduh ketergantungan, jalankan melalui baris perintah:",
+	"packages.nuget.install": "Untuk menginstal paket menggunakan NuGet, jalankan perintah berikut:",
+	"packages.nuget.dependency.framework": "Kerangka Target",
+	"packages.npm.registry": "Siapkan registri ini di file <code>.npmrc</code> proyek Anda:",
+	"packages.npm.install": "Untuk menginstal paket menggunakan npm, jalankan perintah berikut:",
+	"packages.npm.install2": "atau tambahkan ke file package.json:",
+	"packages.npm.dependencies.development": "Ketergantungan pengembangan",
+	"packages.npm.dependencies.bundle": "Ketergantungan terbundel",
+	"packages.npm.dependencies.peer": "Ketergantungan sejawat",
+	"packages.npm.dependencies.optional": "Ketergantungan opsional",
+	"packages.npm.details.tag": "Tag",
+	"packages.pypi.requires": "Memerlukan Python",
+	"packages.pypi.install": "Untuk menginstal paket menggunakan pip, jalankan perintah berikut:",
+	"packages.rpm.distros.redhat": "pada distribusi berbasis RedHat",
+	"packages.rpm.distros.suse": "pada distribusi berbasis SUSE",
+	"packages.rpm.repository.architectures": "Arsitektur",
+	"packages.rpm.repository.multiple_groups": "Paket ini tersedia dalam beberapa grup.",
+	"packages.alt.install": "Instal paket",
+	"packages.alt.setup": "Tambahkan repositori ke daftar repositori yang terhubung (pilih arsitektur yang diperlukan sebagai pengganti \"_arch_\"):",
+	"packages.alt.repository.architectures": "Arsitektur",
+	"packages.alt.repository.multiple_groups": "Paket ini tersedia dalam beberapa grup.",
+	"packages.rubygems.install": "Untuk menginstal paket menggunakan gem, jalankan perintah berikut:",
+	"packages.rubygems.install2": "atau tambahkan ke Gemfile:",
+	"packages.rubygems.dependencies.runtime": "Ketergantungan runtime",
+	"packages.rubygems.dependencies.development": "Ketergantungan pengembangan",
+	"packages.rubygems.required.ruby": "Memerlukan versi Ruby",
+	"packages.rubygems.required.rubygems": "Memerlukan versi RubyGem",
+	"packages.swift.install": "Tambahkan paket di file <code>Package.swift</code> Anda:",
+	"packages.swift.install2": "dan jalankan perintah berikut:",
+	"packages.vagrant.install": "Untuk menambahkan kotak Vagrant, jalankan perintah berikut:",
+	"packages.settings.link": "Tautkan paket ini ke repositori",
+	"packages.settings.link.description": "Jika Anda menautkan paket dengan repositori, paket tersebut akan tercantum dalam daftar paket repositori.",
+	"packages.settings.link.select": "Pilih repositori",
+	"packages.settings.link.button": "Perbarui tautan repositori",
+	"packages.settings.link.success": "Tautan repositori berhasil diperbarui.",
+	"packages.settings.link.error": "Gagal memperbarui tautan repositori.",
+	"packages.settings.delete": "Hapus paket",
+	"packages.settings.delete.description": "Menghapus paket bersifat permanen dan tidak dapat dibatalkan.",
+	"packages.settings.delete.notice": "Anda akan menghapus %s (%s). Operasi ini tidak dapat dibatalkan, apakah Anda yakin?",
+	"packages.settings.delete.success": "Paket telah dihapus.",
+	"packages.settings.delete.error": "Gagal menghapus paket.",
+	"packages.owner.settings.cargo.title": "Indeks registri Cargo",
+	"packages.owner.settings.cargo.initialize": "Inisialisasi indeks",
+	"packages.owner.settings.cargo.initialize.description": "Repositori Git indeks khusus diperlukan untuk menggunakan registri Cargo. Menggunakan opsi ini akan membuat ulang repositori dan mengonfigurasinya secara otomatis.",
+	"packages.owner.settings.cargo.initialize.error": "Gagal menginisialisasi indeks Cargo: %v",
+	"packages.owner.settings.cargo.initialize.success": "Indeks Cargo berhasil dibuat.",
+	"packages.owner.settings.cargo.rebuild": "Bangun ulang indeks",
+	"packages.owner.settings.cargo.rebuild.description": "Membangun ulang dapat berguna jika indeks tidak tersinkronisasi dengan paket Cargo yang tersimpan.",
+	"packages.owner.settings.cargo.rebuild.error": "Gagal membangun ulang indeks Cargo: %v",
+	"packages.owner.settings.cargo.rebuild.success": "Indeks Cargo berhasil dibangun ulang.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Tidak dapat membangun ulang, tidak ada indeks yang diinisialisasi.",
+	"packages.owner.settings.cleanuprules.title": "Aturan pembersihan",
+	"packages.owner.settings.cleanuprules.add": "Tambah aturan pembersihan",
+	"packages.owner.settings.cleanuprules.edit": "Edit aturan pembersihan",
+	"packages.owner.settings.cleanuprules.none": "Belum ada aturan pembersihan.",
+	"packages.owner.settings.cleanuprules.preview": "Pratinjau aturan pembersihan",
+	"packages.owner.settings.cleanuprules.preview.overview": "%d paket dijadwalkan untuk dihapus.",
+	"packages.owner.settings.cleanuprules.preview.none": "Aturan pembersihan tidak cocok dengan paket mana pun.",
+	"packages.owner.settings.cleanuprules.pattern_full_match": "Terapkan pola ke nama paket lengkap",
+	"packages.owner.settings.cleanuprules.keep.title": "Versi yang cocok dengan aturan ini dipertahankan, meskipun cocok dengan aturan penghapusan di bawah.",
+	"packages.owner.settings.cleanuprules.keep.count": "Pertahankan yang paling baru",
+	"packages.owner.settings.cleanuprules.keep.pattern": "Pertahankan versi yang cocok dengan",
+	"packages.owner.settings.cleanuprules.keep.pattern.container": "Versi <code>latest</code> selalu dipertahankan untuk paket Container.",
+	"packages.owner.settings.cleanuprules.remove.title": "Versi yang cocok dengan aturan ini dihapus, kecuali ada aturan di atas yang menyatakan untuk mempertahankannya.",
+	"packages.owner.settings.cleanuprules.remove.days": "Hapus versi yang lebih lama dari",
+	"packages.owner.settings.cleanuprules.remove.pattern": "Hapus versi yang cocok dengan",
+	"packages.owner.settings.cleanuprules.success.update": "Aturan pembersihan telah diperbarui.",
+	"packages.owner.settings.cleanuprules.success.delete": "Aturan pembersihan telah dihapus.",
+	"packages.owner.settings.chef.title": "Registri Chef",
+	"packages.owner.settings.chef.keypair": "Buat pasangan kunci",
+	"packages.owner.settings.chef.keypair.description": "Permintaan yang dikirim ke registri Chef harus ditandatangani secara kriptografis sebagai sarana autentikasi. Saat membuat pasangan kunci, hanya kunci publik yang disimpan di Forgejo. Kunci privat diberikan kepada Anda untuk digunakan dengan knife. Membuat pasangan kunci baru akan menimpa yang sebelumnya.",
+	"access_token.error.specified_repos_none": "Token akses dengan repositori tertentu harus memiliki setidaknya satu repositori.",
+	"access_token.error.specified_repos_and_public_only": "Token akses dengan repositori tertentu tidak dapat digabungkan dengan cakupan hanya-publik.",
+	"access_token.error.specified_repos_and_invalid_scope": "Token akses dengan repositori tertentu hanya dapat digunakan dengan cakupan read:issue, write:issue, read:repository, dan write:repository.",
+	"actions.status.diagnostics.waiting": "Menunggu runner dengan label berikut: %s",
+	"actions.status.unknown": "Tidak diketahui",
+	"actions.status.waiting": "Menunggu",
+	"actions.status.running": "Berjalan",
+	"actions.status.success": "Berhasil",
+	"actions.status.failure": "Gagal",
+	"actions.status.cancelled": "Dibatalkan",
+	"actions.status.skipped": "Dilewati",
+	"actions.status.blocked": "Diblokir",
+	"actions.actions": "Aksi",
+	"actions.runners": "Runner",
+	"actions.runners.runner_manage_panel": "Kelola runner",
+	"actions.runners.new": "Buat runner baru",
+	"actions.runners.new_notice": "Cara memulai runner",
+	"actions.runners.status": "Status",
+	"actions.runners.status.unspecified": "Tidak diketahui",
+	"actions.runners.status.idle": "Siaga",
+	"actions.runners.status.active": "Aktif",
+	"actions.runners.status.offline": "Luring",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Token",
+	"actions.runners.ephemeral": "Sementara",
+	"actions.runners.labels": "Label",
+	"actions.runners.version": "Versi",
+	"actions.runners.last_online": "Waktu terakhir daring",
+	"actions.runners.list_runners.edit_column": "Edit",
+	"actions.runners.list_runners.delete_column": "Hapus",
+	"actions.runners.list_runners.delete_button": "Hapus",
+	"actions.runners.list_runners.delete_button_aria": "Hapus %s",
+	"actions.runners.list_runners.edit_button": "Edit",
+	"actions.runners.list_runners.edit_button_aria": "Edit %s",
+	"actions.runners.runner_title": "Runner %s",
+	"actions.runners.ephemeral.yes": "ya",
+	"actions.runners.ephemeral.no": "tidak",
+	"actions.runners.task_list_repo": "Tugas terkini repositori ini pada runner ini",
+	"actions.runners.task_list_org": "Tugas terkini pada runner ini dalam organisasi ini",
+	"actions.runners.task_list_admin": "Tugas terkini pada runner ini",
+	"actions.runners.task_list_user": "Tugas terkini pengguna ini pada runner ini",
+	"actions.runners.task_list.no_tasks": "Belum ada tugas.",
+	"actions.runners.task_list.status": "Status",
+	"actions.runners.task_list.done_at": "Selesai pada",
+	"actions.runners.edit_runner_button": "Edit runner",
+	"actions.runners.create_runner.page_title": "Buat runner baru",
+	"actions.runners.create_runner.title": "Buat runner baru",
+	"actions.runners.create_runner.properties_fieldset": "Properti",
+	"actions.runners.create_runner.name_label": "Nama",
+	"actions.runners.create_runner.description_label": "Deskripsi",
+	"actions.runners.create_runner.create_button": "Buat",
+	"actions.runners.create_runner.cancel_button": "Batal",
+	"actions.runners.edit_runner.page_title": "Edit runner %s",
+	"actions.runners.edit_runner.title": "Edit runner %s",
+	"actions.runners.edit_runner.properties_fieldset": "Properti",
+	"actions.runners.edit_runner.properties_options": "Opsi",
+	"actions.runners.edit_runner.name_label": "Nama",
+	"actions.runners.edit_runner.description_label": "Deskripsi",
+	"actions.runners.edit_runner.regenerate_token_label": "Buat ulang token",
+	"actions.runners.edit_runner.regenerate_token_help": "Token yang ada akan segera menjadi tidak valid. Anda akan menerima token baru di halaman berikutnya.",
+	"actions.runners.edit_runner.save_button": "Simpan",
+	"actions.runners.edit_runner.cancel_button": "Batal",
+	"actions.runners.runner_setup.title": "Siapkan runner %s",
+	"actions.runners.show_registration_token": "Tampilkan token pendaftaran",
+	"actions.runners.update_runner.success": "Runner berhasil diedit",
+	"actions.runners.update_runner.failed": "Gagal mengedit runner",
+	"actions.runners.delete_runner.header": "Konfirmasi untuk menghapus runner ini",
+	"actions.runners.delete_runner.notice": "Jika ada tugas yang sedang berjalan pada runner ini, tugas tersebut akan dihentikan dan ditandai sebagai gagal. Hal ini dapat merusak alur kerja pembangunan.",
+	"actions.runners.delete_runner.success": "Runner berhasil dihapus",
+	"actions.runners.delete_runner.failed": "Gagal menghapus runner",
+	"actions.runners.runner_details.page_title": "Runner %s",
+	"actions.runners.runner_details.labels_note": "Label runner didefinisikan dalam file konfigurasi Forgejo Runner atau diteruskan sebagai opsi baris perintah. Label diperbarui setiap kali Forgejo Runner membangun koneksi ke Forgejo.",
+	"actions.runners.runner_setup.page_title": "Siapkan runner %s",
+	"actions.runners.runner_setup.list_of_runners_link": "Daftar runner",
+	"actions.runners.runner_setup.last_chance_copying_token": "Salin token sekarang karena Anda tidak akan dapat melihatnya lagi!",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Salin UUID runner",
+	"actions.runners.runner_setup.button_copy_token_aria": "Salin token runner",
+	"actions.runners.runner_setup.heading_using_configuration": "Menggunakan file konfigurasi runner",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Cuplikan untuk disisipkan ke konfigurasi runner",
+	"actions.runners.runner_setup.program_options_snippet_aria": "Cara memanggil forgejo-runner",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Ganti nama koneksi (<code>forgejo</code> dalam contoh) dengan nilai yang Anda inginkan.",
+	"actions.runners.runner_setup.heading_using_options": "Menggunakan opsi program",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Untuk mengonfigurasi Forgejo Runner yang berjalan dalam container atau konfigurasi lanjutan, lihat <a href=\"%s\">dokumentasi</a>.",
+	"actions.runners.none": "Tidak ada runner yang tersedia",
+	"actions.runners.reset_registration_token.token": "Token Pendaftaran (Tidak Direkomendasikan)",
+	"actions.runners.reset_registration_token.button": "Atur ulang token pendaftaran",
+	"actions.runners.reset_registration_token.success": "Token pendaftaran runner berhasil diatur ulang",
+	"actions.runs.all_workflows": "Semua alur kerja",
+	"actions.runs.scheduled_description": "Jalankan terjadwal dari commit <a href=\"%[1]s\">%[2]s</a>",
+	"actions.runs.workflow_dispatch_description": "Jalankan commit <a href=\"%[1]s\">%[2]s</a> dipicu oleh <a href=\"%[3]s\">%[4]s</a>",
+	"actions.runs.on_push_description": "Commit <a href=\"%[1]s\">%[2]s</a> didorong oleh <a href=\"%[3]s\">%[4]s</a>",
+	"actions.runs.workflow": "Alur kerja",
+	"actions.runs.invalid_workflow_helper": "File konfigurasi alur kerja tidak valid. Silakan periksa file konfigurasi Anda: %s",
+	"actions.runs.no_job_without_needs": "Alur kerja harus berisi setidaknya satu pekerjaan tanpa ketergantungan.",
+	"actions.runs.no_job": "Alur kerja harus berisi setidaknya satu pekerjaan",
+	"actions.runs.all_runs_link": "semua jalankan",
+	"actions.workflow.persistent_incomplete_matrix": "Tidak dapat mengevaluasi `strategy.matrix` dari pekerjaan %[1]s karena ekspresi `needs` yang tidak valid. Mungkin mereferensikan pekerjaan yang tidak ada dalam daftar 'needs'-nya (%[2]s), atau keluaran yang tidak ada pada salah satu pekerjaan tersebut.",
+	"actions.workflow.incomplete_matrix_missing_job": "Tidak dapat mengevaluasi `strategy.matrix` dari pekerjaan %[1]s: pekerjaan %[2]s tidak ada dalam daftar `needs` dari pekerjaan %[1]s (%[3]s).",
+	"actions.workflow.incomplete_matrix_missing_output": "Tidak dapat mengevaluasi `strategy.matrix` dari pekerjaan %[1]s: pekerjaan %[2]s tidak memiliki keluaran %[3]s.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "Tidak dapat mengevaluasi `strategy.matrix` dari pekerjaan %[1]s: kesalahan tidak diketahui.",
+	"actions.workflow.incomplete_runson_missing_job": "Tidak dapat mengevaluasi `runs-on` dari pekerjaan %[1]s: pekerjaan %[2]s tidak ada dalam daftar `needs` dari pekerjaan %[1]s (%[3]s).",
+	"actions.workflow.incomplete_runson_missing_output": "Tidak dapat mengevaluasi `runs-on` dari pekerjaan %[1]s: pekerjaan %[2]s tidak memiliki output %[3]s.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "Tidak dapat mengevaluasi `runs-on` dari pekerjaan %[1]s: dimensi matriks %[2]s tidak ada.",
+	"actions.workflow.incomplete_runson_unknown_cause": "Tidak dapat mengevaluasi `runs-on` dari pekerjaan %[1]s: kesalahan tidak diketahui.",
+	"actions.workflow.incomplete_with_missing_job": "Tidak dapat mengevaluasi `with` dari pekerjaan %[1]s: pekerjaan %[2]s tidak ada dalam daftar `needs` dari pekerjaan %[1]s (%[3]s).",
+	"actions.workflow.incomplete_with_missing_output": "Tidak dapat mengevaluasi `with` dari pekerjaan %[1]s: pekerjaan %[2]s tidak memiliki output %[3]s.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "Tidak dapat mengevaluasi `with` dari pekerjaan %[1]s: dimensi matriks %[2]s tidak ada.",
+	"actions.workflow.incomplete_with_unknown_cause": "Tidak dapat mengevaluasi `with` dari pekerjaan %[1]s: kesalahan tidak diketahui.",
+	"actions.workflow.unknown_job_in_needs": "Job dengan ID %[1]s merujuk pada pekerjaan yang tidak dikenal dalam `needs`: %[2]s.",
+	"actions.workflow.rerun_impossible": "Alur kerja tidak dapat dijalankan ulang.",
+	"actions.workflow.job_rerun_impossible": "Job tidak dapat dijalankan ulang.",
+	"actions.secrets.creation.name_description": "Nama secret hanya boleh mengandung huruf, angka, dan garis bawah. Tidak boleh diawali dengan FORGEJO_, GITEA_, GITHUB_, atau angka. Forgejo akan otomatis mengubahnya menjadi huruf kapital.",
+	"actions.secrets.creation.value_description": "Nilai secret dapat berupa teks apa pun. Karakter khusus tetap dipertahankan. CRLF (jeda baris gaya Windows) secara otomatis dikonversi menjadi LF. Enkode nilai dengan Base64 jika jeda baris perlu dipertahankan.",
+	"actions.variables.mutation.name_description": "Nama variabel hanya boleh mengandung huruf, angka, dan garis bawah. Tidak boleh diberi nama CI atau diawali dengan FORGEJO_, GITEA_, GITHUB_, atau angka. Forgejo akan otomatis mengubahnya menjadi huruf kapital.",
+	"actions.variables.mutation.value_description": "Nilai variabel dapat berupa teks apa pun. Karakter khusus tetap dipertahankan. CRLF (jeda baris gaya Windows) secara otomatis dikonversi menjadi LF. Enkode nilai dengan Base64 jika jeda baris perlu dipertahankan.",
+	"actions.secrets.edit_button": "Ubah secret \"%s\"",
+	"actions.secrets.mutation.header": "Ubah secret \"%s\"",
+	"actions.secrets.mutation.success_message": "Secret \"%s\" telah diperbarui.",
+	"actions.secrets.mutation.failure_message": "Secret \"%s\" tidak dapat diperbarui.",
+	"actions.secrets.mutation.name_description": "Nama secret hanya boleh mengandung huruf, angka, dan garis bawah. Tidak boleh diawali dengan FORGEJO_, GITEA_, GITHUB_, atau angka. Forgejo akan otomatis mengubahnya menjadi huruf kapital.",
+	"actions.secrets.mutation.value_description": "Nilai yang ada tidak akan ditampilkan. Biarkan kolom kosong jika Anda tidak ingin mengubahnya. Karakter khusus tetap dipertahankan. CRLF (jeda baris gaya Windows) secara otomatis dikonversi menjadi LF. Enkode nilai dengan Base64 jika jeda baris perlu dipertahankan.",
+	"teams.add_all_repos.modal.header": "Tambahkan semua repositori",
+	"teams.remove_all_repos.modal.header": "Hapus semua repositori",
+	"members.add_member": "Tambahkan anggota",
+	"members.user": "Pengguna",
+	"members.user_already_member": "Pengguna ini sudah menjadi anggota organisasi.",
+	"members.no_team_selected": "Anggota organisasi harus tergabung dalam setidaknya satu tim.",
+	"pulls.manual_merge.helper": "Pembantu penggabungan manual",
+	"pulls.manual_merge.helpder.description": "Gunakan pesan commit penggabungan ini saat menyelesaikan penggabungan secara manual.",
+	"pulls.manual_merge.commit.title": "Judul commit penggabungan",
+	"pulls.manual_merge.commit.body": "Isi commit penggabungan",
+	"pulls.manual_merge.copy.button": "Salin pesan commit penggabungan",
+	"admin.auths.oauth2_quota_group_claim_name": "Klaim nama yang menyediakan nama grup dari sumber ini untuk digunakan dalam manajemen kuota. (Opsional)",
+	"admin.auths.oauth2_quota_group_map": "Petakan grup yang diklaim ke grup kuota. (Opsional - memerlukan nama klaim di atas)",
+	"admin.auths.oauth2_quota_group_map_removal": "Hapus pengguna dari grup kuota yang disinkronkan jika pengguna tidak termasuk dalam grup yang sesuai.",
+	"editor.search": "Cari",
+	"editor.find_previous": "Temuan sebelumnya",
+	"editor.find_next": "Temuan berikutnya",
+	"editor.replace": "Ganti",
+	"editor.replace_all": "Ganti semua",
+	"editor.toggle_case": "Aktifkan/nonaktifkan sensitivitas huruf besar-kecil",
+	"editor.toggle_regex": "Aktifkan/nonaktifkan penggunaan ekspresi reguler",
+	"editor.toggle_whole_word": "Aktifkan/nonaktifkan pencocokan kata utuh",
+	"form.RunnerName": "Nama",
+	"graphs.recent_commits.title": "Jumlah commit dalam satu tahun terakhir",
+	"graphs.code_frequency.title": "Frekuensi kode sepanjang riwayat {0}"
 }
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index 01329826e9..01a3daa718 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -111,12 +111,10 @@
 	"actions.runners.token": "Tiddest",
 	"actions.runners.list_runners.edit_column": "Ẓreg",
 	"actions.runners.list_runners.delete_column": "Kkes",
-	"actions.runners.list_runners.details_button": "Talqayt",
 	"actions.runners.list_runners.delete_button": "Kkes",
 	"actions.runners.list_runners.edit_button": "Ẓreg",
 	"actions.runners.ephemeral.yes": "ih",
 	"actions.runners.ephemeral.no": "uhu",
-	"actions.runners.list_runners.details_column": "Talqayt",
 	"actions.runners.create_runner.name_label": "Isem",
 	"actions.runners.create_runner.description_label": "Aglam",
 	"actions.runners.create_runner.create_button": "Snulfu-d",
diff --git a/options/locale_next/locale_mk.json b/options/locale_next/locale_mk.json
index c4c884f041..e24ba5b473 100644
--- a/options/locale_next/locale_mk.json
+++ b/options/locale_next/locale_mk.json
@@ -1,4 +1,68 @@
 {
 	"home.welcome.no_activity": "Нема активност",
-	"home.welcome.activity_hint": "Сè уште нема ништо во вашиот фид. Вашите активности и дејства од репозиториумите што ги следите ќе се појават овде."
+	"home.welcome.activity_hint": "Сè уште нема ништо во вашиот фид. Вашите активности и дејства од репозиториумите што ги следите ќе се појават овде.",
+	"home.explore_repos": "Истражи репозиториуми",
+	"home.explore_users": "Истражи корисници",
+	"home.explore_orgs": "Истражи организации",
+	"fork.n_forks": {
+		"one": "%s форк",
+		"other": "%s форкови"
+	},
+	"stars.list.none": "Никој не го означи овој репо со ѕвездичка.",
+	"stars.n_stars": {
+		"one": "%s ѕвезда",
+		"other": "%s ѕвезди"
+	},
+	"watch.list.none": "Никој не го гледа ова репо.",
+	"watch.n_watchers": {
+		"one": "%s гледач",
+		"other": "%s гледачи"
+	},
+	"followers.incoming.list.self.none": "Никој не го следи вашиот профил.",
+	"followers.incoming.list.none": "Никој не го следи овој корисник.",
+	"followers.outgoing.list.self.none": "Не следите никого.",
+	"followers.outgoing.list.none": "%s не следи никого.",
+	"relativetime.now": "сега",
+	"relativetime.future": "во иднина",
+	"relativetime.mins": {
+		"one": "пред %d минута",
+		"other": "пред %d минути"
+	},
+	"relativetime.hours": {
+		"one": "пред %d час",
+		"other": "пред %d часа"
+	},
+	"relativetime.days": {
+		"one": "пред %d ден",
+		"other": "пред %d дена"
+	},
+	"relativetime.weeks": {
+		"one": "пред %d недела",
+		"other": "пред %d недели"
+	},
+	"relativetime.months": {
+		"one": "пред %d месец",
+		"other": "пред %d месеци"
+	},
+	"relativetime.years": {
+		"one": "пред %d година",
+		"other": "пред %d години"
+	},
+	"relativetime.1day": "вчера",
+	"relativetime.1week": "последна недела",
+	"relativetime.1month": "последен месец",
+	"relativetime.1year": "псоледна година",
+	"repo.issues.filter_poster.hint": "Филтрирајте по автор",
+	"repo.issues.filter_assignee.hint": "Филтрирајте по доделен корисник",
+	"repo.issues.filter_reviewers.hint": "Филтрирајте по корисник кој прегледаше",
+	"repo.issues.filter_mention.hint": "Филтрирајте по споменат корисник",
+	"repo.issues.filter_modified.hint": "Филтрирајте по датум на последна измена",
+	"repo.issues.filter_sort.hint_with_placeholder": "Сортирајте по: %s",
+	"gpg.error.probable_bad_signature": "ПРЕДУПРЕДУВАЊЕ! Иако во базата на податоци постои клуч со овој идентификатор, тој не го потврдува овојто извршење! Извршењето е СОМНИТЕЛНО.",
+	"gpg.error.probable_bad_default_signature": "ПРЕДУПРЕДУВАЊЕ! Иако стандардниот клуч го има овој ИД, тој не го потврдува овојто извршење! Извршењето е СОМНИТЕЛНО.",
+	"notification.notifications": "Нотификации",
+	"notification.unread": "Непрочитано",
+	"notification.read": "Прочитано",
+	"notification.no_unread": "Нема непрочитани нотификации.",
+	"notification.no_read": "Нема прочитени нотификации."
 }
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index 8a4cde599f..b148c0efdb 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -540,11 +540,8 @@
 	"settings.specific_repo_access": "Repositoriums-Togang",
 	"actions.runners.uuid": "UUID",
 	"actions.runners.token": "Teken",
-	"actions.runners.list_runners.details_column": "Mehr Informationen",
 	"actions.runners.list_runners.edit_column": "Bewarken",
 	"actions.runners.list_runners.delete_column": "Lösken",
-	"actions.runners.list_runners.details_button": "Mehr Informationen",
-	"actions.runners.list_runners.details_button_aria": "Mehr Informatioonen över %s wiesen",
 	"actions.runners.list_runners.delete_button": "Lösken",
 	"actions.runners.list_runners.delete_button_aria": "%s lösken",
 	"actions.runners.list_runners.edit_button": "Bewarken",
@@ -661,5 +658,9 @@
 	"user.activitypub_feed.is_empty": "Dien Fediversum-Schuuv is leeg.",
 	"user.activitypub_feed.hint": "Deeser Schuuv wiest Doon vun Fediversums-Konten, wat du nagahst, un ok verdeelte Kommentaren, wat di benöömt hebben.",
 	"user.activitypub_feed.posted_on": "Up %[1]s schreven",
-	"user.activitypub_feed.original_source": "Eerste Quell"
+	"user.activitypub_feed.original_source": "Eerste Quell",
+	"repo.files.caption": "Repositoriums-Dateien (lestes Kommitteren toeerst)",
+	"repo.files.filename": "Dateinaam",
+	"repo.files.last_commit_message": "Leste Kommitterens-Naricht",
+	"repo.files.last_commit_date": "Lestes Kommitterens-Datum"
 }
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index 7764ee840f..a413e22cae 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -543,13 +543,13 @@
 	"settings.access_token.resource_public_only_help": "Toegang tot repositories en organisaties die openbaar zijn beperken.",
 	"actions.runners.list_runners.delete_column": "Verwijder",
 	"admin.federation.host.software_name": "Software",
-	"repo.pulls.auto_merge.no_permission": "U heeft geen rechten voor het afbreken van deze pull requets's auto merge",
-	"migrate.select.title": "Migreer repositorie",
+	"repo.pulls.auto_merge.no_permission": "U heeft niet de permissie om deze pull request auto merge uit te zetten.",
+	"migrate.select.title": "Migreer repository",
 	"admin.federation.federation": "Federeren",
 	"admin.federation.hosts": "Servers",
-	"admin.federation.hosts.title": "Federeerservers",
-	"admin.federation.hosts.manage_panel": "Beheer federeerservers",
-	"admin.federation.hosts.details_panel": "Federeerserver details",
+	"admin.federation.hosts.title": "Federatie servers",
+	"admin.federation.hosts.manage_panel": "Federatie servers beheren",
+	"admin.federation.hosts.details_panel": "Federatie server details",
 	"admin.federation.hosts.show_details": "Toon server details",
 	"admin.federation.host.id": "ID",
 	"admin.federation.host.fqdn": "FQDN",
@@ -575,13 +575,13 @@
 	"admin.config.federation.digest_algorithm": "Handtekening-hashalgoritme",
 	"admin.config.federation.get_headers": "Ondertekende GET headers",
 	"admin.config.federation.post_headers": "Ondertekende POST headers",
-	"settings.new_access_token": "Nieuw acces token",
+	"settings.new_access_token": "Nieuwe toegangstoken",
 	"settings.access_token.selected_repositories": {
-		"one": "Geselecteerde repositorie (%d)",
+		"one": "Geselecteerde repository (%d)",
 		"other": "Geselecteerde repositories (%d)"
 	},
 	"settings.access_token.resource_specific_repo_help": "Beperk toegang tot een specifieke lijst aan repositories. Alleen-lezen toegang is toegestaan voor alle openbare repositories. Alleen permissies die toegang geven tot repositories en issues kunnen aangezet worden.",
-	"settings.access_token.admin_disabled": "Beheerrechten zijn uitgeschakeld.",
+	"settings.access_token.admin_disabled": "Adminstratische permissies zijn uitgezet.",
 	"user.activitypub_feed.no_activity": "Geen fediverse-activiteit",
 	"user.activitypub_feed.is_empty": "Uw fediverse-feed is leeg.",
 	"user.activitypub_feed.hint": "Deze feed toont activiteiten van fediverse accounts die u volgt, alsook van gefedereerde boodschappen die u vermelden.",
@@ -632,7 +632,7 @@
 	"actions.runs.scheduled_description": "Geplande run van commit <a href=\"%[1]s\">%[2]s</a>",
 	"actions.runs.workflow_dispatch_description": "Run van commit <a href=\"%[1]s\">%[2]s</a> getriggerd door <a href=\"%[3]s\">%[4]s</a>",
 	"actions.runs.on_push_description": "Commit <a href=\"%[1]s\">%[2]s</a> gepusht door <a href=\"%[3]s\">%[4]s</a>",
-	"actions.workflow.unknown_job_in_needs": "Taak met ID %[1]s refereert aan onbekende taken in `nodig`: %[2]s.",
+	"actions.workflow.unknown_job_in_needs": "Taak met ID %[1]s refereert aan onbekende taken in `needs`: %[2]s.",
 	"actions.workflow.rerun_impossible": "De workflow kan niet opnieuw gedraaid worden.",
 	"actions.workflow.job_rerun_impossible": "De taak kan niet opnieuw gedraaid worden.",
 	"actions.secrets.edit_button": "Wijzig geheim \"%s\"",
@@ -647,5 +647,16 @@
 	"members.no_team_selected": "Organisatieleden moeten bij minimaal één team zijn aangesloten.",
 	"form.RunnerName": "Naam",
 	"graphs.recent_commits.title": "Aantal commits in het afgelopen jaar",
-	"graphs.code_frequency.title": "Codefrequentie over de geschiedenis van {0}"
+	"graphs.code_frequency.title": "Codefrequentie over de geschiedenis van {0}",
+	"user.activitypub_feed.feed": "Fediverse feed",
+	"user.activitypub_feed.original_source": "Oorspronkelijke bron",
+	"access_token.error.specified_repos_none": "Toegangstokens met opgegeven repositories moeten ten minste één repository bevatten.",
+	"access_token.error.specified_repos_and_public_only": "Toegangstokens voor bepaalde repositories kunnen niet worden gecombineerd met het bereik 'alleen openbaar'.",
+	"access_token.error.specified_repos_and_invalid_scope": "Toegangstokens voor bepaalde repositories kunnen alleen worden gebruikt met de reikwijdtes read:issue, write:issue, read:repository en write:repository.",
+	"actions.runners.token": "Token",
+	"actions.runners.ephemeral": "Eenmalig",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.list_runners.edit_column": "Aanpassen",
+	"actions.runners.version": "Versie",
+	"actions.runners.list_runners.delete_button": "Verwijderen"
 }
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index ab46f4b038..d285deaa70 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -1,19 +1,23 @@
 {
 	"counters.n_commits": {
 		"one": "%s commit",
-		"other": "%s commits"
+		"many": "%s commits",
+		"other": ""
 	},
 	"counters.n_branches": {
 		"one": "%s ramo",
-		"other": "%s ramos"
+		"many": "%s ramos",
+		"other": ""
 	},
 	"counters.n_tags": {
 		"one": "%s etiqueta",
-		"other": "%s etiquetas"
+		"many": "%s etiquetas",
+		"other": ""
 	},
 	"counters.n_releases": {
 		"one": "%s versão",
-		"other": "%s versões"
+		"many": "%s versões",
+		"other": ""
 	},
 	"gpg.default_key": "Assinado com a chave padrão",
 	"gpg.error.extract_sign": "Falha ao extrair assinatura",
@@ -562,5 +566,36 @@
 	"actions.runners.create_runner.page_title": "Criar novo executor",
 	"actions.runners.edit_runner_button": "Editar executor",
 	"actions.runners.task_list_user": "Tarefas recentes deste usuário neste executor",
-	"actions.runners.task_list_admin": "Tarefas recentes neste executor"
+	"actions.runners.task_list_admin": "Tarefas recentes neste executor",
+	"repo.pulls.auto_merge.no_permission": "Você não tem permissão para cancelar a mesclagem automática deste pull request.",
+	"migrate.select.title": "Migrar repositório",
+	"admin.federation.federation": "Federação",
+	"admin.federation.hosts": "Hosts",
+	"admin.federation.hosts.title": "Hosts federados",
+	"admin.federation.hosts.manage_panel": "Gerenciar hosts federados",
+	"admin.federation.hosts.details_panel": "Detalhes dos hosts federados",
+	"admin.federation.hosts.show_details": "Mostrar detalhes do host",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "Schema",
+	"admin.federation.host.port": "Porta",
+	"admin.federation.host.software_name": "Software",
+	"admin.federation.host.created": "Criado em",
+	"admin.federation.host.updated": "Atualizado em",
+	"admin.federation.host.latest_activity": "Última atividade",
+	"admin.federation.users": "Usuários",
+	"admin.federation.users.title": "Usuários federados",
+	"admin.federation.users.manage_panel": "Gerenciar usuários federados",
+	"admin.federation.users.show_local_user": "Mostrar detalhes do usuário local",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "ID do usuário local",
+	"admin.federation.user.external_id": "ID do usuário externo",
+	"access_token.error.specified_repos_and_invalid_scope": "Tokens de acesso com repositórios especificados só podem ser usados com os escopos read:issue, write:issue, read:repository e write:repository.",
+	"actions.runners.uuid": "UUID",
+	"actions.runners.token": "Token",
+	"actions.runners.ephemeral": "Efêmero",
+	"actions.runners.version": "Versão",
+	"actions.runners.list_runners.edit_column": "Editar",
+	"actions.runners.list_runners.delete_column": "Remover",
+	"actions.runners.list_runners.delete_button": "Remover"
 }
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index 5112d30036..f4d2365fab 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -566,11 +566,8 @@
 	"actions.runners.runner_setup.button_copy_token_aria": "Copiar token do executor",
 	"actions.runners.reset_registration_token.token": "Token de Registo (Obsoleto)",
 	"actions.runners.ephemeral": "Efémero",
-	"actions.runners.list_runners.details_column": "Detalhes",
 	"actions.runners.list_runners.edit_column": "Editar",
 	"actions.runners.list_runners.delete_column": "Eliminar",
-	"actions.runners.list_runners.details_button": "Detalhes",
-	"actions.runners.list_runners.details_button_aria": "Mostrar detalhes de %s",
 	"actions.runners.list_runners.delete_button": "Eliminar",
 	"actions.runners.list_runners.delete_button_aria": "Eliminar %s",
 	"actions.runners.list_runners.edit_button": "Editar",
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 957ab7b848..1eae5ff170 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -560,7 +560,6 @@
 	"actions.runners.uuid": "УУИД",
 	"actions.runners.token": "Токен",
 	"actions.runners.ephemeral": "Одноразовый",
-	"actions.runners.list_runners.details_column": "Свойства",
 	"actions.runners.list_runners.delete_column": "Удаление",
 	"actions.runners.runner_setup.list_of_runners_link": "Список исполнителей",
 	"actions.runners.runner_setup.last_chance_copying_token": "Скопируйте токен сейчас – потом он не будет отображаться!",
@@ -601,8 +600,6 @@
 	"settings.access_token.resource_specific_repo_help": "Разрешить доступ только к списку выбранных репозиториев. Доступ на чтение разрешён для всех публичных репозиториев. Могут быть выбраны только разрешения, относящиеся к репозиториям и задачам.",
 	"settings.access_token.admin_disabled": "Административные разрешения выключены.",
 	"actions.runners.list_runners.edit_column": "Правка",
-	"actions.runners.list_runners.details_button": "Свойства",
-	"actions.runners.list_runners.details_button_aria": "Открыть свойства %s",
 	"actions.runners.list_runners.delete_button": "Удалить",
 	"actions.runners.list_runners.delete_button_aria": "Удалить %s",
 	"actions.runners.list_runners.edit_button": "Изменить",
@@ -641,5 +638,34 @@
 	"actions.runners.edit_runner.cancel_button": "Отмена",
 	"actions.workflow.rerun_impossible": "Раб. поток невозможно выполнить повторно.",
 	"actions.workflow.job_rerun_impossible": "Задание невозможно выполнить повторно.",
-	"actions.runners.runner_setup.instruction_advanced_configurations": "Для настройки исполнителя Forgejo Действий в контейнерах и др. расширенных настроек, обратитесь к <a href=\"%s\">документации</a>."
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Для настройки исполнителя Forgejo Действий в контейнерах и др. расширенных настроек, обратитесь к <a href=\"%s\">документации</a>.",
+	"actions.runs.on_push_description": "Коммит <a href=\"%[1]s\">%[2]s</a>, отправленный <a href=\"%[3]s\">%[4]s</a>",
+	"repo.files.caption": "Файлы репозитория (в начале последний коммит)",
+	"repo.files.filename": "Имя файла",
+	"repo.files.last_commit_message": "Текст последнего коммита",
+	"repo.files.last_commit_date": "Дата последнего коммита",
+	"admin.federation.host.software_name": "ПО",
+	"admin.federation.users.title": "Пользователи федерации",
+	"admin.federation.user.user_id": "ИД локального пользователя",
+	"admin.federation.user.external_id": "ИД внешнего пользователя",
+	"admin.federation.hosts": "Узлы",
+	"admin.federation.hosts.title": "Узлы федерации",
+	"admin.federation.hosts.manage_panel": "Управлять узлами федерации",
+	"admin.federation.hosts.details_panel": "Подробности об узле федерации",
+	"admin.federation.hosts.show_details": "Показать подробности об узле",
+	"admin.federation.users.manage_panel": "Управлять пользователями федерации",
+	"admin.federation.users.show_local_user": "Показать подробности локального пользователя",
+	"admin.config.federation.share_user_statistics": "Делиться статистикой пользователей с другими узлами",
+	"admin.config.federation.get_headers": "Подписанные заголовки GET",
+	"admin.config.federation.post_headers": "Подписанные заголовки POST",
+	"admin.config.federation.digest_algorithm": "Алгоритм хеширования для подписей",
+	"user.activitypub_feed.no_activity": "Нет активности из Федивёрса",
+	"user.activitypub_feed.hint": "В этой ленте будут появляться активности пользователей Федивёрса, на которых вы подписаны, а также записи, в которых вы упомянуты.",
+	"user.activitypub_feed.posted_on": "Опубликовано %[1]s",
+	"user.activitypub_feed.original_source": "Первоисточник",
+	"actions.runners.runner_setup.title": "Настройка исполнителя %s",
+	"actions.runners.runner_setup.page_title": "Настройка исполнителя %s",
+	"actions.secrets.edit_button": "Изменить секрет «%s»",
+	"actions.secrets.mutation.success_message": "Секрет «%s» был изменён.",
+	"actions.secrets.mutation.name_description": "Название секрета может содержать только буквы, цифры и нижние подчёркивания. Оно не может начинаться на FORGEJO_, GITEA_, GITHUB_, или на цифру. Оно будет сохранено в верхнем регистре."
 }
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index eace1abac5..9ed58f488b 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -540,10 +540,8 @@
 	"settings.specific_repo_access": "Kodförrådsåtkomst",
 	"actions.runners.uuid": "UUID",
 	"actions.runners.token": "Token",
-	"actions.runners.list_runners.details_column": "Detaljer",
 	"actions.runners.list_runners.edit_column": "Redigera",
 	"actions.runners.list_runners.delete_column": "Ta bort",
-	"actions.runners.list_runners.details_button_aria": "Visa detaljer för %",
 	"actions.runners.list_runners.delete_button_aria": "Ta bort %s",
 	"actions.runners.list_runners.edit_button": "Redigera",
 	"actions.runners.list_runners.edit_button_aria": "Redigera %s",
@@ -580,7 +578,6 @@
 	"actions.runners.runner_setup.configuration_snippet_aria": "Textavsnitt att infoga i körarens konfiguration",
 	"actions.runners.runner_setup.program_options_snippet_aria": "Hur man anropar forgejo-runner",
 	"actions.runners.ephemeral": "Tillfällig",
-	"actions.runners.list_runners.details_button": "Detaljer",
 	"actions.runners.list_runners.delete_button": "Ta bort",
 	"actions.runners.runner_setup.instruction_replace_connection_name": "Ersätt anslutningsnamnet (<code>forgejo</code> i exemplet) med ett värde.",
 	"actions.runners.runner_setup.heading_using_options": "Använder programval",
diff --git a/options/locale_next/locale_ta.json b/options/locale_next/locale_ta.json
index 03aae7e0ef..a318e08cef 100644
--- a/options/locale_next/locale_ta.json
+++ b/options/locale_next/locale_ta.json
@@ -293,7 +293,7 @@
 	"repo.issue_indexer.title": "வெளியீட்டு அட்டவணை",
 	"search.milestone_kind": "மைல்கற்களைத் தேடு…",
 	"repo.settings.push_mirror.branch_filter.label": "கிளை வடிகட்டி (விரும்பினால்)",
-	"repo.settings.push_mirror.branch_filter.description": "கிளைகள் பிரதிபலிக்க வேண்டும். அனைத்து கிளைகளையும் பிரதிபலிக்க காலியாக விடவும். தொடரியலுக்கு <a href=\"%[1]s\">%[2]s ஆவணத்தைப்</a> பார்க்கவும். எடுத்துக்காட்டுகள்: <code>main, release/*</code>",
+	"repo.settings.push_mirror.branch_filter.description": "கிளைகள் பிரதிபலிக்க வேண்டும். அனைத்து கிளைகளையும் பிரதிபலிக்கக் காலியாக விடவும். தொடரியலுக்கு <a href=\"%[1]s\">%[2]s ஆவணத்தைப்</a> பார்க்கவும். எடுத்துக்காட்டுகள்: <code>main, release/*</code>",
 	"incorrect_root_url": "இந்த Forgejo நிகழ்வு \"%s\" இல் வழங்குவதற்காக கட்டமைக்கப்பட்டுள்ளது. நீங்கள் தற்போது Forgejo ஐ வேறொரு முகவரி மூலம் பார்க்கிறீர்கள், இது பயன்பாட்டின் சில பகுதிகளை உடைக்கக்கூடும். app.ini இல் உள்ள ROOT_URL அமைப்பு வழியாக Forgejo நிர்வாகிகளால் நியமன முகவரி கட்டுப்படுத்தப்படுகிறது.",
 	"themes.names.forgejo-auto": "Forgejo (கணினி கருப்பொருள் பின்பற்றவும்)",
 	"themes.names.forgejo-light": "ஃபோர்சோ ஒளி",
diff --git a/options/locale_next/locale_tr-TR.json b/options/locale_next/locale_tr-TR.json
index 2c11db6ff4..086237d764 100644
--- a/options/locale_next/locale_tr-TR.json
+++ b/options/locale_next/locale_tr-TR.json
@@ -1,65 +1,65 @@
 {
 	"counters.n_commits": {
-		"one": "%s katkı",
-		"other": "%s gönderi"
+		"one": "%s değişiklik(commit)",
+		"other": "%s değişiklikler(commits)"
 	},
 	"counters.n_branches": {
 		"one": "%s dal",
-		"other": "%s dal"
+		"other": "%s dallar"
 	},
 	"counters.n_tags": {
 		"one": "%s etiket",
-		"other": "%s etiket"
+		"other": "%s etiketler"
 	},
 	"counters.n_releases": {
-		"one": "%s sürüm",
-		"other": "%s sürüm"
+		"one": "%s yayın",
+		"other": "%s yayınlar"
 	},
-	"gpg.default_key": "Varsayılan anahtarla imzalanmış",
-	"gpg.error.extract_sign": "İmza çıkarılamadı",
-	"gpg.error.generate_hash": "İşlemenin sağlama kodu oluşturulamadı",
-	"gpg.error.no_committer_account": "İşleyicinin e-posta adresine bağlı hesap yok",
-	"gpg.error.no_gpg_keys_found": "Veri tabanında bu imza için bilinen anahtar bulunamadı",
-	"gpg.error.not_signed_commit": "İmzalı bir işleme değil",
-	"gpg.error.failed_retrieval_gpg_keys": "İşleyicin hesabına bağlı herhangi bir anahtar alınamadı",
-	"gpg.error.probable_bad_signature": "UYARI! Veritabanında bu kimliğe sahip bir anahtar olmasına rağmen, bu işlemeyi doğrulamaz! Bu işleme ŞÜPHELİDİR.",
-	"gpg.error.probable_bad_default_signature": "UYARI! Varsayılan anahtarın bu kimliği olmasına rağmen, bu işlemeyi doğrulamaz! Bu işleme ŞÜPHELİDİR.",
+	"gpg.default_key": "Varsayılan anahtarla imzalandı",
+	"gpg.error.extract_sign": "İmza çıkartılamadı",
+	"gpg.error.generate_hash": "Değişikliğin(commit) karma değeri(sağlama değeri veya hash) oluşturulamadı",
+	"gpg.error.no_committer_account": "Değiştirici'nin(committer) e-posta adresiyle ilişkili hiçbir hesap bulunmuyor",
+	"gpg.error.no_gpg_keys_found": "Veritabanında bu imzaya ait bilinen bir anahtar bulunamadı",
+	"gpg.error.not_signed_commit": "İmzalanmamış bir değişiklik(commit)",
+	"gpg.error.failed_retrieval_gpg_keys": "Değiştirici'nin(committer) hesabına bağlı herhangi bir anahtar alınamadı",
+	"gpg.error.probable_bad_signature": "UYARI! Veritabanında bu kimliğe sahip bir anahtar bulunmasına rağmen, bu değişiklik(commit) doğrulanmamıştır! Bu değişiklik(commit) ŞÜPHELİDİR.",
+	"gpg.error.probable_bad_default_signature": "UYARI! Varsayılan anahtar bu kimliğe sahip olsa da, bu değişikliği(commit) doğrulamıyor! Bu değişiklik(commit) ŞÜPHELİ.",
 	"notification.notifications": "Bildirimler",
 	"notification.unread": "Okunmamış",
 	"notification.read": "Okunmuş",
-	"notification.no_unread": "Okunmamış bildirim yok.",
-	"notification.no_read": "Okunmuş bildirim yok.",
-	"notification.pin": "Pin bildirimi",
+	"notification.no_unread": "Okunmamış herhangi bir bildirim yok.",
+	"notification.no_read": "Okunmuş herhangi bir bildirim yok.",
+	"notification.pin": "Bildirimi sabitle",
 	"notification.mark_as_read": "Okundu olarak işaretle",
 	"notification.mark_as_unread": "Okunmadı olarak işaretle",
 	"notification.mark_all_as_read": "Tümünü okundu olarak işaretle",
 	"notification.subscriptions": "Abonelikler",
 	"notification.watching": "İzleniyor",
-	"notification.no_subscriptions": "Abonelik yok",
-	"dropzone.default_message": "Dosyaları buraya bırakın veya yüklemek için tıklayın.",
-	"dropzone.invalid_input_type": "Bu tür dosyaları yükleyemezsiniz.",
-	"dropzone.file_too_big": "Dosya boyutu ({{filesize}} MB) maksimum boyutu ({{maxFilesize}} MB) aşıyor.",
-	"dropzone.remove_file": "Dosya Kaldır",
+	"notification.no_subscriptions": "Hiç aboneliğiniz yok.",
+	"dropzone.default_message": "Dosyaları sürükleyip bırakın ya da yüklemek için buraya tıklayın.",
+	"dropzone.invalid_input_type": "Bu tür dosyalar yüklenemez.",
+	"dropzone.file_too_big": "Dosya boyutunuz ({{filesize}} MB), ({{maxFilesize}} MB) olan maksimum boyutu aşıyor.",
+	"dropzone.remove_file": "Dosyayı Kaldır",
 	"munits.data.b": "B",
-	"munits.data.kib": "KiB",
-	"munits.data.mib": "MiB",
-	"munits.data.gib": "GiB",
-	"munits.data.tib": "TiB",
-	"munits.data.pib": "PiB",
+	"munits.data.kib": "Kilobayt",
+	"munits.data.mib": "Megabayt",
+	"munits.data.gib": "Gigabayt",
+	"munits.data.tib": "TiB(TeraByte)",
+	"munits.data.pib": "Petabayt",
 	"munits.data.eib": "EiB",
 	"packages.title": "Paketler",
 	"packages.empty": "Henüz hiçbir paket yok.",
-	"packages.empty.documentation": "Paket deposu hakkında daha fazla bilgi için, <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">belgeye</a> bakabilirsiniz.",
-	"packages.empty.repo": "Bir paket yüklediniz ama burada gösterilmiyor mu? <a href=\"%[1]s\">Paket ayarları</a>na gidin ve bu depoya bağlantı verin.",
-	"packages.registry.documentation": "%s kütüğü hakkında daha fazla bilgi için, <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">belgeye</a> bakabilirsiniz.",
+	"packages.empty.documentation": "Paket kayıt defteri hakkında daha fazla bilgi için <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">belgelere</a> bakın.",
+	"packages.empty.repo": "Bir paket yüklediniz, ama burada görünmüyor mu? <a href=\"%[1]s\">Paket Ayarları</a> sayfasına gidin ve paketi bu depoya bağlayın(link).",
+	"packages.registry.documentation": "%s kayıt defteri hakkında daha fazla bilgi için <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"%s\">belgelere</a> bakın.",
 	"packages.filter.type": "Tür",
 	"packages.filter.type.all": "Tümü",
-	"packages.filter.no_result": "Filtreniz herhangi bir sonuç döndürmedi.",
-	"packages.filter.container.tagged": "Etiketlenmiş",
-	"packages.filter.container.untagged": "Etiketlenmemiş",
-	"packages.published_by": "%[1]s, <a href=\"%[2]s\">%[3]s</a> tarafından yayınlandı",
-	"packages.published_by_in": "%[1]s, <a href=\"%[2]s\">%[3]s</a> tarafından <a href=\"%[4]s\"><strong>%[5]s</strong></a> içerisinde yayınlanmış",
-	"packages.pub.install": "Paketi Dart ile kurmak için, şu komutu çalıştırın:",
+	"packages.filter.no_result": "Filtreniz ile herhangi bir sonuç bulunamadı.",
+	"packages.filter.container.tagged": "Etiketlendi",
+	"packages.filter.container.untagged": "Etiketlenmedi",
+	"packages.published_by": "<a href=\"%[2]s\">%[3]s</a> tarafından %[1]s yayınlandı",
+	"packages.published_by_in": "<a href=\"%[2]s\">%[3]s</a> tarafından <a href=\"%[4]s\"><strong>%[5]s</strong></a> 'de %[1]s yayınlandı",
+	"packages.pub.install": "Paketi Dart kullanarak yüklemek için aşağıdaki komutu çalıştırın:",
 	"packages.installation": "Kurulum",
 	"packages.about": "Bu paket hakkında",
 	"packages.requirements": "Gereksinimler",
@@ -68,16 +68,16 @@
 	"packages.details": "Ayrıntılar",
 	"packages.details.author": "Yazar",
 	"packages.details.project_site": "Proje Web Sitesi",
-	"packages.details.repository_site": "Depo Sitesi",
-	"packages.details.documentation_site": "Belge Sitesi",
+	"packages.details.repository_site": "Depo Web Sitesi",
+	"packages.details.documentation_site": "Dökümantasyon web sitesi",
 	"packages.details.license": "Lisans",
 	"packages.assets": "Varlıklar",
 	"packages.versions": "Sürümler",
-	"packages.versions.view_all": "Tümünü görüntüle",
-	"packages.dependency.id": "Kimlik",
+	"packages.versions.view_all": "Tümünü göster",
+	"packages.dependency.id": "ID",
 	"packages.dependency.version": "Sürüm",
-	"packages.alpine.registry": "Bu kütüğü, <code>/etc/apk/repositories</code> dosyanıza url'yi ekleyerek kurun:",
-	"packages.alpine.registry.key": "Kütüğün açık RSA anahtarını, indeks imzasını doğrulamak için <code>/etc/apk/keys/</code> dizinine indirin:",
+	"packages.alpine.registry": "<code>/etc/apk/repositories</code> dosyanıza şu url'yi ekleyerek bu kayıt defterini kurun:",
+	"packages.alpine.registry.key": "Dizin imzasını doğrulamak için kayıt defterinin RSA halka açık anahtarınızı <code>/etc/apk/keys/</code> dizinine indirin:",
 	"packages.alpine.registry.info": "Aşağıdaki listeden $branch ve $repository seçin.",
 	"packages.alpine.repository.branches": "Dallar",
 	"packages.alpine.repository.repositories": "Depolar",
@@ -94,7 +94,7 @@
 	"packages.container.details.type": "Görüntü Türü",
 	"packages.container.details.platform": "Platform",
 	"packages.container.pull": "Görüntüyü komut satırını kullanarak çekin:",
-	"packages.container.digest": "Özet:",
+	"packages.container.digest": "Özeti",
 	"packages.container.multi_arch": "İşletim Sistemi / Mimari",
 	"packages.container.layers": "Görüntü Katmanları",
 	"packages.container.labels": "Etiketler",
@@ -178,19 +178,19 @@
 	"packages.owner.settings.chef.keypair.description": "Chef kayıt defterine gönderilen istekler kimlik doğrulama yöntemi olarak kriptografik olarak imzalanmalıdır. Bir anahtar çifti oluştururken, yalnızca genel anahtar Forgejo'da saklanır. Özel anahtar size knife ile kullanılmak üzere sağlanır. Yeni bir anahtar çifti oluşturmak öncekini geçersiz kılar.",
 	"fork.n_forks": {
 		"one": "%s çatal",
-		"other": "%s çatal"
+		"other": "%s çatallar"
 	},
 	"stars.n_stars": {
 		"one": "%s yıldız",
-		"other": "%s yıldız"
+		"other": "%s yıldızlar"
 	},
 	"repo.pulls.merged_title_desc": {
-		"one": "%[4]s, <code>%[2]s</code> içindeki %[1]d katkıyı <code>%[3]s</code> ile birleştirdi",
-		"other": "%[4]s, <code>%[2]s</code> içindeki %[1]d katkıyı <code>%[3]s</code> ile birleştirdi"
+		"one": "<code>%[2]s</code> 'nden gelen %[1]d değişikliği(commit'i), <code>%[3]s</code> 'ine %[4]s olarak birleştirildi",
+		"other": "<code>%[2]s</code> 'nden gelen %[1]d değişiklikleri(commit'leri), <code>%[3]s</code> 'ine %[4]s olarak birleştirildi"
 	},
 	"repo.pulls.title_desc": {
-		"one": "<code>%[2]s</code> içindeki %[1]d katkıyı <code id=\"%[4]s\">%[3]s</code> ile birleştirmek istiyor",
-		"other": "<code>%[2]s</code> içindeki %[1]d katkıyı <code id=\"%[4]s\">%[3]s</code> ile birleştirmek istiyor"
+		"one": "<code>%[2]s</code> 'nden gelen %[1]d değişikliği(commit'i) <code id=\"%[4]s\">%[3]s</code> ile birleştirmek istiyor",
+		"other": "<code>%[2]s</code> 'nden gelen %[1]d değişiklikleri(commit'leri) <code id=\"%[4]s\">%[3]s</code> ile birleştirmek istiyor"
 	},
 	"search.milestone_kind": "Kilometre taşlarını ara…",
 	"moderation.abuse_category.malware": "Kötü amaçlı yazılım",
@@ -221,13 +221,13 @@
 	"migrate.cancel.confirmation": "Bu göçü iptal etmek istiyor musunuz?",
 	"pulse.n_active_issues": {
 		"one": "%s aktif sorun",
-		"other": "%s aktif sorun"
+		"other": "%s aktif sorunlar"
 	},
 	"pulse.n_active_prs": {
 		"one": "%s aktif birleştirme isteği",
-		"other": "%s aktif birleştirme isteği"
+		"other": "%s aktif birleştirme istekleri"
 	},
-	"home.welcome.no_activity": "Etkinlik yok",
+	"home.welcome.no_activity": "Etkinlik(aktivite) yok",
 	"home.welcome.activity_hint": "Akışınızda henüz bir şey yok. Eylemleriniz ve izlediğiniz depolardaki etkinlikler burada gözükecek.",
 	"home.explore_repos": "Depoları keşfet",
 	"home.explore_users": "Kullanıcıları keşfet",
@@ -250,34 +250,34 @@
 	"repo.form.cannot_create": "Depo oluşturabileceğiniz her yer, depo sınırlarına ulaştılar.",
 	"migrate.form.error.url_credentials": "URL, kimlik bilgileri içeriyor; bu bilgileri sırasıyla kullanıcı adı ve şifre alanlarına koyunuz",
 	"watch.n_watchers": {
-		"one": "%s izleyen",
-		"other": "%s izleyen"
+		"one": "%s izlemeye alan",
+		"other": "%s izlemeye alanlar"
 	},
 	"migrate.forgejo.description": "codeberg.org veya diğer Forgejo oluşumlarından veri aktar.",
 	"repo.issue_indexer.title": "Sorun Endeksleyici",
 	"relativetime.mins": {
 		"one": "%d dakika önce",
-		"other": "%d dakika önce"
+		"other": "%d dakikalar önce"
 	},
 	"relativetime.hours": {
 		"one": "%d saat önce",
-		"other": "%d saat önce"
+		"other": "%d saatler önce"
 	},
 	"relativetime.days": {
 		"one": "%d gün önce",
-		"other": "%d gün önce"
+		"other": "%d günler önce"
 	},
 	"relativetime.weeks": {
 		"one": "%d hafta önce",
-		"other": "%d hafta önce"
+		"other": "%d haftalar önce"
 	},
 	"relativetime.months": {
 		"one": "%d ay önce",
-		"other": "%d ay önce"
+		"other": "%d aylar önce"
 	},
 	"relativetime.years": {
 		"one": "%d yıl önce",
-		"other": "%d yıl önce"
+		"other": "%d yıllar önce"
 	},
 	"repo.settings.push_mirror.branch_filter.label": "Dal süzgeci (isteğe bağlı)",
 	"repo.settings.push_mirror.branch_filter.description": "Yansıtılıcak dallar. Tüm dalları yansıtmak için boş bırakın. Sözdizimi için <a href=\"%[1]s\">$[2]s dokümantasyonuna</a> başvurun. Örneğin: <code>main, release/*</code>",
@@ -348,21 +348,21 @@
 	"error.must_enable_2fa": "Bu Forgejo oluşumu, kullanıcıların hesaplarına erişebilmek için iki aşamalı girişi etkinleştirmelerini zorunlu kılıyor. Etkinleştirmek için: %s",
 	"avatar.constraints_hint": "Özel profil resmi, boyut olarak %[1]s ve piksel olarak %[2]dx%[3]d sınırını aşmamalı",
 	"user.ghost.tooltip": "Bu kullanıcı ya silinmiş ya da bulunamadı.",
-	"og.repo.summary_card.alt_description": "%[1]s deposunun -%[2]s açıklamalı- özet kartı",
+	"og.repo.summary_card.alt_description": "%[1]s deposunun özet kartı; açıklaması: %[2]s",
 	"repo.commit.load_tags_failed": "Etiketlerin yüklenmesi dahili bir hata sebebiyle başarısız oldu",
 	"compare.branches.title": "Dalları karşılaştır",
 	"migrate.pagure.description": "pagure.io veya diğer Pagure oluşumlarından veri aktar.",
-	"migrate.pagure.incorrect_url": "Kaynak depo URL'si yanlış verilmiş",
-	"migrate.pagure.project_url": "Pagure proje URL'si",
-	"migrate.pagure.project_example": "Pagure proje URL'si, örneğin: https://pagure.io/pagure",
-	"migrate.pagure.token_label": "Pagure API Jetonu",
+	"migrate.pagure.incorrect_url": "Hatalı kaynak deposu URL'si girilmiş",
+	"migrate.pagure.project_url": "Pagure projesinin URL'si",
+	"migrate.pagure.project_example": "Pagure projesinin URL'si, örneğin https://pagure.io/pagure",
+	"migrate.pagure.token_label": "Pagure API Jetonu(Token)",
 	"migrate.pagure.private_issues.summary": "Gizli Sorunlar (İsteğe Bağlı)",
-	"migrate.pagure.private_issues.description": "Bu özellik, Pagure projenizdeki gizli sorunları arşivlemek amacıyla onları ikinci bir depoya saklamak için tasarlandı. Öncelikle herkese açık olan tüm içerikleri içe aktarmak için normal bir aktarma yapın (jetonsuz). Sonrasında korumak istediğiniz gizli sorunlar var ise onları arşivlemek için bu jeton ayarını kullanarak ayrı bir depo oluşturun.",
-	"migrate.pagure.private_issues.warning": "Eğer gizli sorunları içe aktarmak için API anahtarı kullanıyorsanız yukarıda depo görünürlüğünü Gizli'ye alın. Bu, gizli içeriklerin kazara herkese açık bir depoda ifşa olmasını önler.",
-	"migrate.pagure.token.placeholder": "Sadece gizli sorunlar arşivi oluşturmak için",
+	"migrate.pagure.private_issues.description": "Bu özellik, arşivleme amacıyla Pagure projenizdeki yalnızca gizli sorunları içeren ikinci bir depo oluşturmak üzere tasarlanmıştır. Öncelikle, tüm genel içeriği içe aktarmak için (jeton(token) kullanmadan) normal bir aktarım işlemi gerçekleştirin. Ardından, saklamak istediğiniz özel sorunlar varsa, bu özel sorunları arşivlemek için bu jeton(token) seçeneğini kullanarak ayrı bir depo oluşturun.",
+	"migrate.pagure.private_issues.warning": "Özel sorunları içe aktarmak için API anahtarını kullanıyorsanız, yukarıdaki depo görünürlüğünü mutlaka \"Gizli\" olarak ayarlayın. Bu, gizli (ya da özel) içeriğin yanlışlıkla genel bir depoda ifşa edilmesini önler.",
+	"migrate.pagure.token.placeholder": "Yalnızca gizli sorun arşivi oluşturmak için",
 	"release.n_downloads": {
-		"one": "%s indirme",
-		"other": "%s indirme"
+		"one": "indirme sayısı %s",
+		"other": "İndirmelerin sayısı %s"
 	},
 	"actions.runs.run_attempt_label": "Çalıştırma girişimi #%[1]s (%[2]s)",
 	"actions.runs.viewing_out_of_date_run": "Bu işin %[1]s çalışmış olan eski bir çalıştırmasını görüntülüyorsun.",
@@ -405,14 +405,14 @@
 	"actions.runners.labels": "Etiketler",
 	"actions.runners.last_online": "Son Görülme Zamanı",
 	"actions.runners.runner_title": "Çalıştırıcı %s",
-	"actions.runners.task_list.no_tasks": "Henüz bir görev yok.",
+	"actions.runners.task_list.no_tasks": "Henüz bir takım görevler yok.",
 	"actions.runners.task_list.run": "Çalıştır",
 	"actions.runners.task_list.status": "Durum",
 	"actions.runners.task_list.repository": "Depo",
 	"actions.runners.task_list.commit": "İşle",
 	"actions.runners.task_list.done_at": "Tamamlanma zamanı",
-	"actions.runners.update_runner.success": "Çalıştırıcı başarıyla güncellendi",
-	"actions.runners.update_runner.failed": "Çalıştırıcı güncellenemedi",
+	"actions.runners.update_runner.success": "Çalıştırıcı başarıyla düzenlendi",
+	"actions.runners.update_runner.failed": "Çalıştırıcı düzenlenemedi",
 	"actions.runners.delete_runner.success": "Çalıştırıcı başarıyla silindi",
 	"actions.runners.delete_runner.failed": "Çalıştırıcı silinemedi",
 	"actions.runners.delete_runner.header": "Çalıştırıcıyı silmeyi onaylayın",
@@ -422,5 +422,241 @@
 	"actions.runners.reset_registration_token.success": "Çalıştırıcı kayıt belirteci başarıyla sıfırlandı",
 	"teams.add_all_repos.modal.header": "Tüm depoları ekle",
 	"teams.remove_all_repos.modal.header": "Tüm depoları kaldır",
-	"meta.last_line": "Steve Jobs ile Nejat İşler'in kardeş olduğunu biliyor muydunuz."
+	"meta.last_line": "Steve Jobs ile Nejat İşler'in kardeş olduğunu biliyor muydunuz.",
+	"repo.issues.filter_poster.hint": "Yazara göre filtrele",
+	"repo.issues.filter_assignee.hint": "Atanan kullanıcıya göre filtrele",
+	"repo.issues.filter_reviewers.hint": "Yorum yapan kullanıcıya göre filtrele",
+	"repo.issues.filter_mention.hint": "Bahsedilen kullanıcıya göre filtrele",
+	"repo.issues.filter_modified.hint": "Son değiştirilme tarihine göre filtrele",
+	"repo.issues.filter_sort.hint_with_placeholder": "Sıralama: %s",
+	"issues.filters.labels.exclude": "Etiketi hariç tut",
+	"issues.filters.labels.unexclude": "Kesin olarak hariç tut",
+	"repo.pulls.auto_merge.no_permission": "Bu çekme isteğinin otomatik birleştirilmesini iptal etme izniniz yok.",
+	"repo.pulls.poster_manage_approval": "Onay Yönetimi",
+	"repo.pulls.poster_requires_approval": "Bazı iş akışları <a href=\"%[1]s\">incelenmeyi bekliyor</a>.",
+	"repo.pulls.poster_requires_approval.tooltip": "Bu çekme isteğinin yazarı, çatallanmış bir depodan oluşturulan veya AGit ile oluşturulan bir çekme isteği tarafından tetiklenen iş akışlarını çalıştırma konusunda güvenilir bulunmamaktadır. `pull_request` olayıyla tetiklenen iş akışları, onaylanana kadar çalıştırılmayacaktır.",
+	"repo.pulls.poster_is_trusted": "Bu çekme isteği'nin yazarı <a href=\"%[1]s\">her zaman güvenilir kabul edilir, workflows</a>iş akışlarını çalıştırma konusunda.",
+	"repo.pulls.poster_is_trusted.tooltip": "Bu çekme isteğinin yazarı, `pull_request` olayları tarafından tetiklenen iş akışlarını çalıştırma konusunda açıkça güvenilir kabul edilmektedir.",
+	"repo.pulls.poster_trust_deny": "Reddet (Kabul etme)",
+	"repo.pulls.poster_trust_deny.tooltip": "Onay bekleyen iş akışları iptal edilecektir.",
+	"repo.pulls.poster_trust_once": "Tek seferlik onayla",
+	"repo.pulls.poster_trust_once.tooltip": "Bir `pull_request` olayıyla tetiklenen iş akışları bu commit üzerinde çalışacak, ancak bu pull request'e gönderilecek tüm gelecekteki commit'ler için onaylanması gerekecektir.",
+	"repo.pulls.poster_trust_always": "Her zaman onayla",
+	"repo.pulls.poster_trust_always.tooltip": "Bir `pull_request` olayıyla tetiklenen iş akışları bu commit üzerinde çalışacak ve bu pull request'ten veya aynı kullanıcı tarafından oluşturulan gelecekteki pull request'lerden gelen çalıştırmaları onaylamaya gerek kalmayacaktır.",
+	"repo.pulls.poster_trust_revoke": "Geri al",
+	"repo.pulls.poster_trust_revoke.tooltip": "Bu çekme isteğinin yazarı, artık `pull_request` olayıyla tetiklenen iş akışlarını çalıştırma konusunda güvenilir kabul edilmeyecek; her çalıştırma işlemi manuel olarak onaylanmalıdır.",
+	"repo.view.gitmodules_too_large": ".gitmodules dosyası çok büyük ve (örneğin API çağrılarında) göz ardı edilecektir",
+	"migrate.select.title": "Depoyu taşı",
+	"search.syntax": "Arama sözdizimi",
+	"search.fuzzy": "Bulanık(belirsiz)",
+	"search.fuzzy_tooltip": "\"Sonuçları dahil et\" seçeneği, arama terimiyle yaklaşık eşleşmeleri gösterir",
+	"install.ssh_authorized_keys_inspection_error": "Mevcut authorized_keys dosyası incelenemedi: %v",
+	"install.ssh_authorized_keys_unexpected_key": "Forgejo için SSH'yi etkinleştirmek, mevcut SSH anahtarlarını içeren %s konumundaki dosyayla çakışıyor. Öneriler: Forgejo için ayrı bir sistem kullanıcısı oluşturun veya SSH'yi devre dışı bırakın.",
+	"keys.verify.token.hint": "Bu jeton(token) sadece 1 dakika geçerlidir. <a href=\"%[1]s\">Süresi dolduysa yenisini alın</a>.",
+	"admin.federation.federation": "Federasyon(Birlik)",
+	"admin.federation.hosts": "Ev sahipleri",
+	"admin.federation.hosts.title": "Federasyon Barındırıcıları(host)",
+	"admin.federation.hosts.manage_panel": "Federasyon Barındırıcılarını(host) Yönet",
+	"admin.federation.hosts.details_panel": "Federasyon barındırıcı (host) bilgileri",
+	"admin.federation.hosts.show_details": "Barındırıcının(host) ayrıntılarını göster",
+	"admin.federation.host.id": "Kimliği(ID)",
+	"admin.federation.host.fqdn": "Tam Etki Alanı Adı(FQDN)",
+	"admin.federation.host.schema": "Şema",
+	"admin.federation.host.port": "Bağlantı Noktası(Port)",
+	"admin.federation.host.software_name": "Yazılım",
+	"admin.federation.host.created": "Yaratıldı",
+	"admin.federation.host.updated": "Güncellendi",
+	"admin.federation.host.latest_activity": "Son etkinlikler(akvititeler)",
+	"admin.federation.users": "Kullanıcılar",
+	"admin.federation.users.title": "Birleşik(Federe) kullanıcılar",
+	"admin.federation.users.manage_panel": "Birleşik(Federe) Kullanıcıları Yönet",
+	"admin.federation.users.show_local_user": "Yerel(lokal) kullanıcının detaylarını göster",
+	"admin.federation.user.id": "Kullanıcı Kimliği(ID)",
+	"admin.federation.user.user_id": "Yerel(lokal) Kullanıcı Kimliği(ID)",
+	"admin.federation.user.external_id": "Harici Kullanıcı Kimliği(ID)",
+	"admin.federation.user.inbox_path": "Gelen kutusu yolu",
+	"admin.config.federation": "Birlik(Federasyon) yapılandırması",
+	"admin.config.federation.enabled": "Etkin(Aktif)",
+	"admin.config.federation.share_user_statistics": "Kullanıcı istatistiklerini diğer barındırıcılarla(host) paylaş",
+	"admin.config.federation.max_size": "İzin verilen maksimum yanıt boyutu",
+	"admin.config.federation.signature_enforced": "HTTP imzalarını zorunlu kıl",
+	"admin.config.federation.signature_algorithms": "İmza algoritmaları",
+	"admin.config.federation.digest_algorithm": "İmza özet algoritması",
+	"admin.config.federation.get_headers": "İmzalı GET başlıkları",
+	"admin.config.federation.post_headers": "İmzalı POST başlıkları",
+	"moderation.report.mark_as_handled": "\"Çözüldü\" olarak işaretle",
+	"moderation.report.mark_as_ignored": "\"Yoksay\" olarak işaretle",
+	"moderation.action.account.delete": "Hesabı sil",
+	"moderation.action.account.suspend": "Hesabı askıya al",
+	"moderation.action.repo.delete": "Depoyu sil",
+	"moderation.action.issue.delete": "Sorunu sil",
+	"moderation.action.comment.delete": "Yorumu sil",
+	"moderation.unknown_action": "Bilinmeyen eylem",
+	"moderation.users.cannot_suspend_self": "Kendinizi askıya alamazsınız.",
+	"moderation.users.cannot_suspend_admins": "Yönetici ayrıcalıklarına sahip kullanıcılar askıya alınamaz.",
+	"moderation.users.cannot_suspend_org": "Kuruluşlar(Organizasyonlar) askıya alınamaz.",
+	"moderation.users.already_suspended": "Kullanıcı hesabı zaten askıya alınmış durumda.",
+	"moderation.users.suspend_success": "Kullanıcı hesabı askıya alındı.",
+	"moderation.users.cannot_delete_admins": "Yönetici ayrıcalıklarına sahip kullanıcılar silinemez.",
+	"moderation.issue.deletion_success": "Bu Sorun silindi.",
+	"moderation.comment.deletion_success": "Yorum silindi.",
+	"admin.dashboard.actions_action_user": "Etkin olmayan kullanıcılar için Forgejo Actions güvenini iptal et",
+	"admin.dashboard.transfer_lingering_logs": "Tamamlanan işlerin eylem günlüklerini veritabanından depolama alanına aktarın",
+	"settings.specific_repo_access": "Depoya erişim",
+	"settings.new_access_token": "Yeni erişim jetonu(token)",
+	"settings.permissions_access_specific_repositories": "Belirli depolar",
+	"settings.access_token.selected_repositories": {
+		"one": "Seçilen depo (%d)",
+		"other": "Seçilen depolar (%d)"
+	},
+	"settings.access_token.available_repositories": "Kullanılabilir depolar",
+	"settings.access_token.no_repositories_selected": "Hiçbir depo seçilmedi.",
+	"settings.access_token.no_repositories_found": "Herhangi bir depo bulunamadı.",
+	"settings.access_token.remove": "%s'yi kaldır",
+	"settings.access_token.resource_all_help": "Tüm kaynaklara erişime izin ver.",
+	"settings.access_token.resource_public_only_help": "Herkese açık depolara ve kuruluşlara(organizasyonlara) erişimi sınırlayın.",
+	"settings.access_token.resource_specific_repo_help": "Belirli bir depo listesine erişimi sınırlayın. Tüm genel depolara salt okunur erişim izni verilir. Yalnızca depolara ve sorunlara erişim izni veren izinler etkinleştirilebilir.",
+	"settings.access_token.admin_disabled": "Yönetici izinleri devre dışı bırakılmıştır.",
+	"user.activitypub_feed.feed": "Fediverse(Birlik-Evreni) Akışı",
+	"user.activitypub_feed.no_activity": "Fediverse(Birlik-Evreni) etkinliği(aktivitesi) yok",
+	"user.activitypub_feed.is_empty": "Senin Fediverse(Birlik-Evreni) akışın boş.",
+	"user.activitypub_feed.hint": "Bu akış, takip ettiğiniz Fediverse(Birlik-Evreni) hesaplarının etkinliklerini ve adınızın geçtiği federasyon gönderilerini gösterir.",
+	"user.activitypub_feed.posted_on": "%[1] ’de yayınlandı",
+	"user.activitypub_feed.original_source": "Köken(Orijinal) kaynak",
+	"packages.search_in_external_registry": "%s içinde ara",
+	"packages.common.install": "Paketi yüklemek için aşağıdaki komutu çalıştırın:",
+	"packages.common.registry": "Bu kayıt defterini komut satırından kurun:",
+	"packages.common.repository": "Depo bilgisi",
+	"packages.arch.pacman.helper.gpg": "pacman için güven sertifikası ekleyin:",
+	"packages.arch.pacman.repo.multi": "%s ’nin farklı dağıtımlarda aynı sürümü bulunmaktadır.",
+	"packages.arch.pacman.repo.multi.item": "%s için yapılandır",
+	"packages.arch.pacman.conf": "İlgili dağıtım ve mimariye sahip sunucuyu <code>/etc/pacman.conf</code> ’a ekleyin:",
+	"packages.arch.pacman.sync": "Şu paketi pacman ile senkronize et:",
+	"packages.arch.version.properties": "Sürüm özellikleri",
+	"packages.arch.version.description": "Açıklama",
+	"packages.arch.version.provides": "Temin eder",
+	"packages.arch.version.groups": "Topluluk",
+	"packages.arch.version.optdepends": "İsteğe bağlı bağımlılıklar",
+	"packages.arch.version.makedepends": "Bağımlılıkları oluştur",
+	"packages.arch.version.checkdepends": "Bağımlılıkları kontrol et",
+	"packages.arch.version.conflicts": "Anlaşmazlıklar",
+	"packages.arch.version.replaces": "Değiştirir",
+	"packages.arch.version.backup": "Yedekle",
+	"packages.container.images.title": "Görüntüler",
+	"packages.alt.install": "Paketi yükle",
+	"packages.alt.setup": "Bağlı depolar listesine bir depo ekleyin (\"_arch_\" yerine gerekli mimariyi seçin):",
+	"packages.alt.repository.architectures": "Mimariler",
+	"packages.alt.repository.multiple_groups": "Bu paket çeşitli gruplarda mevcuttur.",
+	"packages.owner.settings.cargo.rebuild.no_index": "Yeniden derlenemiyor, hiçbir dizin başlatılmamış.",
+	"access_token.error.specified_repos_none": "Belirtilen depolara sahip erişim jetonları’nda(token) en az bir depo bulunmalıdır.",
+	"access_token.error.specified_repos_and_public_only": "Belirtilen depolara sahip erişim jetonları(token’lar), sadece-herkese-açık kapsamıyla birleştirilemez.",
+	"access_token.error.specified_repos_and_invalid_scope": "Belirtilen depolara sahip erişim jetonları yalnızca read:issue, write:issue, read:repository ve write:repository kapsamlarıyla kullanılabilir.",
+	"actions.status.diagnostics.waiting": {
+		"one": "Aşağıdaki etikete sahip bir koşucu bekleniyor: %s",
+		"other": "Aşağıdaki etiketlere sahip bir koşucu bekleniyor: %s"
+	},
+	"actions.runners.uuid": "Evrensel Benzersiz Kimlik Tanımlayıcı(UUID)",
+	"actions.runners.token": "Jeton(Token)",
+	"actions.runners.ephemeral": "Geçici",
+	"actions.runners.version": "Sürümü",
+	"actions.runners.list_runners.edit_column": "Düzenle",
+	"actions.runners.list_runners.delete_column": "Silin",
+	"actions.runners.list_runners.delete_button": "Silin",
+	"actions.runners.list_runners.delete_button_aria": "%s ’i sil",
+	"actions.runners.list_runners.edit_button": "Düzelt",
+	"actions.runners.list_runners.edit_button_aria": "%s ’i düzelt",
+	"actions.runners.ephemeral.yes": "evet",
+	"actions.runners.ephemeral.no": "hayır",
+	"actions.runners.task_list_repo": "Bu çalıştırıcıdaki bu deponun görevlerini yeniden düzenle",
+	"actions.runners.task_list_org": "Bu kuruluşun(organizasyonun) bu çalıştırıcısındaki görevleri yeniden düzenle",
+	"actions.runners.task_list_admin": "Bu iş parçacığındaki son görevler",
+	"actions.runners.task_list_user": "Bu kullanıcının bu çalıştırıcıdaki son görevleri",
+	"actions.runners.edit_runner_button": "Koşucuyu(runner) düzenle",
+	"actions.runners.create_runner.page_title": "Yeni koşucu(runner) oluştur",
+	"issues.updated": "güncellenenler %s",
+	"actions.runners.create_runner.title": "Yeni çalıştırıcı oluştur",
+	"actions.runners.create_runner.properties_fieldset": "Özellikler",
+	"actions.runners.create_runner.name_label": "Adı",
+	"actions.runners.create_runner.description_label": "Açıklamasının",
+	"actions.runners.create_runner.create_button": "Yarat",
+	"actions.runners.create_runner.cancel_button": "İptal et",
+	"actions.runners.edit_runner.page_title": "%s çalıştırıcısını düzenle",
+	"actions.runners.edit_runner.title": "%s çalıştırıcısını düzenle",
+	"actions.runners.edit_runner.properties_fieldset": "Özellikler",
+	"actions.runners.edit_runner.properties_options": "Seçenekler",
+	"actions.runners.edit_runner.name_label": "Adı",
+	"actions.runners.edit_runner.description_label": "Açıklama",
+	"actions.runners.edit_runner.regenerate_token_label": "Jeton’u(token) yeniden oluştur",
+	"actions.runners.edit_runner.regenerate_token_help": "Mevcut jeton(token) hemen geçersiz hale getirilecektir. Bir sonraki sayfada yeni bir jeton(token) alacaksınız.",
+	"actions.runners.edit_runner.save_button": "Kaydet",
+	"actions.runners.edit_runner.cancel_button": "İptal et",
+	"actions.runners.runner_setup.title": "%s çalıştırıcısını belirleyin",
+	"actions.runners.show_registration_token": "Kayıt jetonunu(token) göster",
+	"actions.runners.runner_details.page_title": "%s çalıştırıcısı",
+	"actions.runners.runner_details.labels_note": "Çalıştırıcı'nın etiketleri, Forgejo Runner(Çalıştırıcısı)'ın yapılandırma dosyasında tanımlanır veya komut satırı seçeneği olarak geçirilir. Forgejo Runner, Forgejo ile her bağlantı kurduğunda bu etiketler güncellenir.",
+	"actions.runners.runner_setup.page_title": "%s çalıştırıcısını belirleyin",
+	"actions.runners.runner_setup.list_of_runners_link": "Çalıştırıcılar Listesi",
+	"actions.runners.runner_setup.last_chance_copying_token": "Jetonu(token’ı) şimdi kopyalayın, çünkü bir daha göremeyeceksiniz!",
+	"actions.runners.runner_setup.button_copy_uuid_aria": "Çalıştırıcı UUID'sini kopyalayın",
+	"actions.runners.runner_setup.button_copy_token_aria": "Çalıştırıcı jetonunu(token'ını) kopyalayın",
+	"actions.runners.runner_setup.heading_using_configuration": "Çalıştırıcının yapılandırma dosyasını kullanın",
+	"actions.runners.runner_setup.configuration_snippet_aria": "Çalıştırıcının yapılandırmasına eklenecek kod parçacığı",
+	"actions.runners.runner_setup.program_options_snippet_aria": "forgejo-runner nasıl çağrılır",
+	"actions.runners.runner_setup.instruction_replace_connection_name": "Bağlantı adını (<code>forgejo</code> örneğindeki) istediğiniz bir değerle değiştirin.",
+	"actions.runners.runner_setup.heading_using_options": "Program seçeneklerini kullan",
+	"actions.runners.runner_setup.instruction_advanced_configurations": "Konteynerlerde çalışan Forgejo Runner'ı yapılandırmak veya gelişmiş yapılandırmalar hakkında bilgi almak için <a href=\"%s\">documentation</a> 'a bakın.",
+	"actions.runners.reset_registration_token.token": "Kayıt Jeton(Token)'u (Kullanımdan kaldırıldı)",
+	"actions.runs.scheduled_description": "<a href=\"%[1]s\">%[2]s</a> değişikliğin (commit'in) planlanmış çalıştırılması",
+	"actions.runs.workflow_dispatch_description": "<a href=\"%[3]s\">%[4]s</a> tarafından tetiklenen <a href=\"%[1]s\">%[2]s</a> değişikliğini(commit'i) çalıştır",
+	"actions.runs.on_push_description": "<a href=\"%[1]s\">%[2]s</a> değişikliği(commit'i) <a href=\"%[3]s\">%[4]s</a> tarafından aktarıldı(itildi)",
+	"actions.runs.workflow": "İş akışı",
+	"actions.runs.all_runs_link": "tüm çalıştırmalar",
+	"actions.workflow.persistent_incomplete_matrix": "Geçersiz bir `needs` ifadesi nedeniyle %[1]s işinin `strategy.matrix` öğesi değerlendirilemedi. Bu ifade, 'needs' listesinde bulunmayan bir işi (%[2]s) veya bu işlerden birinde mevcut olmayan bir çıktıyı referans alıyor olabilir.",
+	"actions.workflow.incomplete_matrix_missing_job": "%[1]s işinin `strategy.matrix` öğesi değerlendirilemiyor: %[2]s işi, %[1]s (%[3]s) işinin `needs` listesinde yer almıyor.",
+	"actions.workflow.incomplete_matrix_missing_output": "%[1]s işinin `strategy.matrix` öğesi değerlendirilemiyor: %[2]s işinde %[3]s çıktısı eksik.",
+	"actions.workflow.incomplete_matrix_unknown_cause": "%[1]s işinin `strategy.matrix` öğesi değerlendirilemedi: bilinmeyen bir hata.",
+	"actions.workflow.incomplete_runson_missing_job": "%[1]s işinin `runs-on` öğesi değerlendirilemiyor: %[2]s işi, %[1]s (%[3]s) işinin `needs` listesinde yer almıyor.",
+	"actions.workflow.incomplete_runson_missing_output": "%[1]s işinin `runs-on` değeri değerlendirilemiyor: %[2]s işinde %[3]s çıktısı eksik.",
+	"actions.workflow.incomplete_runson_missing_matrix_dimension": "%[1]s işinin `runs-on` değeri değerlendirilemiyor: %[2]s boyutlu matris mevcut değil.",
+	"actions.workflow.incomplete_runson_unknown_cause": "%[1]s işinin `runs-on` değeri değerlendirilemedi: bilinmeyen bir hata.",
+	"actions.workflow.incomplete_with_missing_job": "%[1]s işinin `with` koşulu değerlendirilemedi: %[2]s işi, %[1]s (%[3]s) işinin `needs` listesinde yer almıyor.",
+	"actions.workflow.incomplete_with_missing_output": "%[1]s işinin `with` komutu değerlendirilemiyor: %[2]s işinde %[3]s çıktısı eksik.",
+	"actions.workflow.incomplete_with_missing_matrix_dimension": "%[1]s işinin `with` ifadesi değerlendirilemiyor: %[2]s boyutunda bir matris mevcut değil.",
+	"actions.workflow.incomplete_with_unknown_cause": "%[1]s işinin `with` komutu değerlendirilemedi: bilinmeyen bir hata.",
+	"actions.workflow.unknown_job_in_needs": "%[1]s ID'li iş, `needs` içindeki bilinmeyen işlere atıfta bulunuyor: %[2]s.",
+	"actions.workflow.rerun_impossible": "İş akışı yeniden çalıştırılamaz.",
+	"actions.workflow.job_rerun_impossible": "İş yeniden çalıştırılamaz.",
+	"actions.secrets.creation.name_description": "Bir gizli bilginin adı yalnızca harfler, rakamlar ve alt çizgilerden oluşabilir. Ad, FORGEJO_, GITEA_, GITHUB_ veya bir rakamla başlayamaz. Forgejo, adı otomatik olarak büyük harfe dönüştürür.",
+	"actions.secrets.creation.value_description": "Bir gizli bilginin değeri herhangi bir metin olabilir. Özel karakterler korunur. CRLF (Windows tarzı satır sonları) otomatik olarak LF'ye dönüştürülür. Satır sonlarının korunması gerekiyorsa, değeri Base64 ile kodlayın.",
+	"actions.variables.mutation.name_description": "Bir değişkenin adı yalnızca harfler, rakamlar ve alt çizgilerden oluşabilir. Adı CI olamaz veya FORGEJO_, GITEA_, GITHUB_ ya da bir rakamla başlayamaz. Forgejo, adı otomatik olarak büyük harfe dönüştürür.",
+	"actions.variables.mutation.value_description": "Bir değişken'in değeri herhangi bir metin olabilir. Özel karakterler korunur. CRLF (Windows tarzı satır sonları) otomatik olarak LF'ye dönüştürülür. Satır sonlarının korunması gerekiyorsa, değeri Base64 ile kodlayın.",
+	"actions.secrets.edit_button": "\"%s\" gizli bilgisini düzenle",
+	"actions.secrets.mutation.header": "\"%s\" gizli bilgisini düzenle",
+	"actions.secrets.mutation.success_message": "\"%s\" gizli bilgisi güncellendi.",
+	"actions.secrets.mutation.failure_message": "\"%s\" gizli bilgisi güncellenemedi.",
+	"actions.secrets.mutation.name_description": "Bir gizli bilginin adı yalnızca harfler, rakamlar ve alt çizgilerden oluşabilir. Ad, FORGEJO_, GITEA_, GITHUB_ veya bir rakamla başlayamaz. Forgejo, adı otomatik olarak büyük harfe dönüştürür.",
+	"actions.secrets.mutation.value_description": "Mevcut değer gösterilmeyecektir. Değiştirmek istemiyorsanız alanı boş bırakın. Özel karakterler korunur. CRLF (Windows tarzı satır sonları) otomatik olarak LF'ye dönüştürülür. Satır sonlarının korunması gerekiyorsa değeri Base64 ile kodlayın.",
+	"members.add_member": "Üye ekle",
+	"members.user": "Kullanıcı",
+	"members.user_already_member": "Bu kullanıcı zaten kuruluşun(organizasyonun) bir üyesidir.",
+	"members.no_team_selected": "Kuruluş(organizasyon) üyeleri en az bir takıma üye olmalıdır.",
+	"pulls.manual_merge.helper": "Elle(manuel) birleştirme yardımcısı",
+	"pulls.manual_merge.helpder.description": "Birleştirme işlemini kendiniz elle(manuel olarak) tamamlarken bu birleştirmenin değişiklik(commit) mesajını kullanın.",
+	"pulls.manual_merge.commit.title": "Birleştirme değişikliğinin(commit'in) başlığı",
+	"pulls.manual_merge.commit.body": "Birleştirme değişikliğinin(commit'in) içeriği",
+	"pulls.manual_merge.copy.button": "Birleştirme değişikliği(commit'i) mesajını kopyala",
+	"admin.auths.oauth2_quota_group_claim_name": "Kota yönetimi için bu kaynağa ilişkin topluluk adlarını belirten bir ad tanımlayın. (İsteğe bağlı)",
+	"admin.auths.oauth2_quota_group_map": "Kümeleri kota kümelerine eşleştirin. (İsteğe bağlı – yukarıda bir eşleştirme adı belirtilmelidir)",
+	"admin.auths.oauth2_quota_group_map_removal": "Kullanıcı ilgili kümeye dahil değilse, senkronize edilen kota kümelerinden kullanıcıları kaldırın.",
+	"editor.search": "Ara",
+	"editor.find_previous": "Önceki bulgu",
+	"editor.find_next": "Sonraki bulgu",
+	"editor.replace": "Yer değiştir",
+	"editor.replace_all": "Tümünü yer değiştir",
+	"editor.toggle_case": "Büyük/küçük harf duyarlılığını aç/kapat",
+	"editor.toggle_regex": "Düzenli ifadeler kullanma özelliğini aç/kapat",
+	"editor.toggle_whole_word": "Tam kelime eşleştirme özelliğini aç/kapat",
+	"form.RunnerName": "Adı",
+	"graphs.recent_commits.title": "Geçtiğimiz yılki değişiklik(commit) sayısı",
+	"graphs.code_frequency.title": "{0} yıllık tarih boyunca kod sıklığı"
 }
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index ba1b832e4c..343490ec2e 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -563,8 +563,6 @@
 	"actions.runners.create_runner.description_label": "Опис",
 	"actions.runners.edit_runner.description_label": "Опис",
 	"actions.runners.runner_details.page_title": "Ранер %s",
-	"actions.runners.list_runners.details_column": "Подробиці",
-	"actions.runners.list_runners.details_button": "Подробиці",
 	"actions.runners.list_runners.edit_column": "Редагувати",
 	"actions.runners.list_runners.edit_button": "Редагувати",
 	"actions.runners.list_runners.edit_button_aria": "Редагувати %s",
@@ -592,7 +590,6 @@
 	"actions.runners.runner_setup.list_of_runners_link": "Список ранерів",
 	"actions.runners.runner_setup.button_copy_uuid_aria": "Копіювати UUID ранера",
 	"actions.runners.runner_setup.button_copy_token_aria": "Копіювати токен ранера",
-	"actions.runners.list_runners.details_button_aria": "Показати дані про %s",
 	"actions.runners.runner_setup.title": "Налаштувати ранер %s",
 	"actions.runners.runner_setup.page_title": "Налаштувати ранер %s",
 	"actions.runners.edit_runner.regenerate_token_help": "Існуючий токен негайно втратить чинність. Ви отримаєте новий токен на наступній сторінці.",
@@ -663,23 +660,27 @@
 	"actions.workflow.rerun_impossible": "Робочий потік неможливо перезапустити.",
 	"actions.workflow.job_rerun_impossible": "Завдання неможливо перезапустити.",
 	"actions.workflow.unknown_job_in_needs": "Завдання з ID %[1]s посилається на невідомі завдання в `needs`: %[2]s.",
-	"admin.config.federation.digest_algorithm": "Алгоритм контрольної суми підпису",
+	"admin.config.federation.digest_algorithm": "Алгоритм хешування для підписів",
 	"admin.config.federation.max_size": "Максимальний розмір відповіді",
 	"admin.config.federation.share_user_statistics": "Ділитися статистикою користувачів з іншими хостами",
 	"admin.federation.user.inbox_path": "Шлях до вхідних",
 	"admin.federation.hosts.manage_panel": "Керування хостами федерації",
-	"admin.federation.hosts.details_panel": "Інформація про хост",
+	"admin.federation.hosts.details_panel": "Інформація про хост федерації",
 	"admin.federation.hosts.show_details": "Показати дані про хост",
-	"admin.federation.users.show_local_user": "Показати дані про локальних користувачів",
+	"admin.federation.users.show_local_user": "Показати дані про локального користувача",
 	"admin.federation.host.latest_activity": "Остання активність",
 	"admin.federation.users.title": "Користувачі федерації",
 	"admin.federation.users.manage_panel": "Керування користувачами федерації",
-	"admin.federation.user.user_id": "Локальний ID користувача",
-	"admin.federation.user.external_id": "Зовнішній ID користувача",
+	"admin.federation.user.user_id": "ID локального користувача",
+	"admin.federation.user.external_id": "ID зовнішнього користувача",
 	"user.activitypub_feed.feed": "Стрічка Федісвіту",
 	"user.activitypub_feed.posted_on": "Опубліковано %[1]s",
 	"user.activitypub_feed.no_activity": "Немає подій Федісвіту",
 	"user.activitypub_feed.is_empty": "Ваша стрічка Федісвіту порожня.",
 	"user.activitypub_feed.original_source": "Першоджерело",
-	"user.activitypub_feed.hint": "У цій стрічці відображається діяльність облікових записів Федісвіту, на які ви підписані, а також федеративні публікації, в яких вас згадано."
+	"user.activitypub_feed.hint": "У цій стрічці відображається діяльність облікових записів Федісвіту, на які ви підписані, а також федеративні публікації, в яких вас згадано.",
+	"repo.files.filename": "Назва файлу",
+	"repo.files.last_commit_message": "Повідомлення останнього коміту",
+	"repo.files.last_commit_date": "Дата останнього коміту",
+	"repo.files.caption": "Файли репозиторію (спочатку останній коміт)"
 }
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index 68a5344621..2f5cce7bb0 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -274,7 +274,7 @@
 	"admin.auths.allow_username_change.description": "允许用户在个人设置中更改用户名",
 	"admin.moderation.moderation_reports": "举报",
 	"admin.moderation.reports": "举报",
-	"admin.moderation.no_open_reports": "目前没有打开的举报。",
+	"admin.moderation.no_open_reports": "暂无开启中的举报。",
 	"admin.moderation.deleted_content_ref": "类型为%[1]v、ID为%[2]d的举报不存在",
 	"repo.commit.load_tags_failed": "由于内部错误，无法加载标签",
 	"admin.auths.allow_username_change": "允许更改用户名",
@@ -484,11 +484,8 @@
 	"actions.runners.uuid": "UUID",
 	"actions.runners.token": "令牌",
 	"actions.runners.ephemeral": "一次性",
-	"actions.runners.list_runners.details_column": "详情",
 	"actions.runners.list_runners.edit_column": "编辑",
 	"actions.runners.list_runners.delete_column": "删除",
-	"actions.runners.list_runners.details_button": "详情",
-	"actions.runners.list_runners.details_button_aria": "显示%s的细节",
 	"actions.runners.list_runners.delete_button": "删除",
 	"actions.runners.list_runners.delete_button_aria": "删除%s",
 	"actions.runners.list_runners.edit_button": "编辑",
@@ -560,5 +557,50 @@
 	"members.user": "用户",
 	"members.user_already_member": "该用户已是组织成员。",
 	"members.no_team_selected": "组织成员至少要属于一个团队。",
-	"migrate.select.title": "迁移仓库"
+	"migrate.select.title": "迁移仓库",
+	"admin.federation.federation": "联邦",
+	"admin.federation.hosts": "主机",
+	"admin.federation.hosts.title": "联邦主机",
+	"admin.federation.hosts.manage_panel": "管理联邦主机",
+	"admin.federation.hosts.details_panel": "联邦主机信息",
+	"admin.federation.hosts.show_details": "显示主机信息",
+	"admin.federation.host.id": "ID",
+	"admin.federation.host.fqdn": "FQDN",
+	"admin.federation.host.schema": "方案",
+	"admin.federation.host.port": "端口",
+	"admin.federation.host.software_name": "软件",
+	"admin.federation.host.created": "创建时间",
+	"admin.federation.host.updated": "更新时间",
+	"admin.federation.host.latest_activity": "最后活动时间",
+	"admin.federation.users": "用户数",
+	"admin.federation.users.title": "联合的用户",
+	"admin.federation.users.manage_panel": "管理联合的用户",
+	"admin.federation.users.show_local_user": "显示本地用户信息",
+	"admin.federation.user.id": "ID",
+	"admin.federation.user.user_id": "本地用户ID",
+	"admin.federation.user.external_id": "外部用户ID",
+	"admin.federation.user.inbox_path": "收件箱路径",
+	"admin.config.federation": "联邦配置",
+	"admin.config.federation.enabled": "启用",
+	"admin.config.federation.share_user_statistics": "与其他主机共享用户统计信息",
+	"admin.config.federation.max_size": "允许的最大响应大小",
+	"admin.config.federation.signature_enforced": "强制要求HTTP签名",
+	"admin.config.federation.signature_algorithms": "签名算法",
+	"admin.config.federation.digest_algorithm": "签名摘要算法",
+	"admin.config.federation.get_headers": "GET请求中要签名的请求头",
+	"admin.config.federation.post_headers": "POST请求中要签名的请求头",
+	"user.activitypub_feed.feed": "联邦订阅源",
+	"user.activitypub_feed.no_activity": "没有联邦活动",
+	"user.activitypub_feed.is_empty": "你的联邦订阅源是空的。",
+	"user.activitypub_feed.hint": "此订阅源展示你关注的联邦账户的活动和提到你的联邦活动。",
+	"user.activitypub_feed.posted_on": "发布于%[1]s",
+	"user.activitypub_feed.original_source": "原始来源",
+	"actions.runners.version": "版本",
+	"actions.workflow.unknown_job_in_needs": "ID为“%[1]s”的任务在`needs`中引用了未知任务“%[2]s”。",
+	"actions.workflow.rerun_impossible": "工作流无法重新运行。",
+	"actions.workflow.job_rerun_impossible": "任务无法重新运行。",
+	"repo.files.caption": "仓库文件（优先显示最新提交）",
+	"repo.files.filename": "文件名",
+	"repo.files.last_commit_message": "最新提交消息",
+	"repo.files.last_commit_date": "最新提交日期"
 }

From 90c4397d5792cfb306776b7c7635ecf53f9da38a Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 27 Apr 2026 14:58:51 +0200
Subject: [PATCH 743/854] Update renovate Docker tag to v43.141.6 (forgejo)
 (#12278)

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index c744077a56..99aaaac8d8 100644
--- a/Makefile
+++ b/Makefile
@@ -48,7 +48,7 @@ GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasour
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.44.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
 GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.132.1 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.141.6 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...

From f05ff7ec5b312aae314197d67d306241125364c6 Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Mon, 27 Apr 2026 16:07:51 +0200
Subject: [PATCH 744/854] chore(i18n): move 89 strings to JSON (#12280)

Previous similar PR: https://codeberg.org/forgejo/forgejo/pulls/11879.

Moved strings from INI to JSON. Some directly, some with keys updated to be consistent. The latter was done carefully, making sure all usages are updated, and was tested locally.

There are more deletions than insertions because some languages also had some extra empty lines removed.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12280
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
---
 options/locale/locale_ar.ini            |  36 ---------
 options/locale/locale_bg.ini            |  30 -------
 options/locale/locale_ca.ini            |  71 +----------------
 options/locale/locale_cs-CZ.ini         |  91 ---------------------
 options/locale/locale_da.ini            |  89 ---------------------
 options/locale/locale_de-DE.ini         |  90 ---------------------
 options/locale/locale_el-GR.ini         |  90 ---------------------
 options/locale/locale_en-US.ini         | 102 ++----------------------
 options/locale/locale_eo.ini            |  20 +----
 options/locale/locale_es-ES.ini         |  90 ---------------------
 options/locale/locale_et.ini            |  17 ----
 options/locale/locale_eu.ini            |  12 ---
 options/locale/locale_fa-IR.ini         |  80 -------------------
 options/locale/locale_fi-FI.ini         |  79 ------------------
 options/locale/locale_fil.ini           |  89 ---------------------
 options/locale/locale_fr-FR.ini         |  90 ---------------------
 options/locale/locale_ga-IE.ini         |  89 ---------------------
 options/locale/locale_gl.ini            |  12 ---
 options/locale/locale_he.ini            |  12 ---
 options/locale/locale_hi.ini            |  12 ---
 options/locale/locale_hu-HU.ini         |  48 -----------
 options/locale/locale_id-ID.ini         |  92 ---------------------
 options/locale/locale_is-IS.ini         |  29 -------
 options/locale/locale_it-IT.ini         |  92 ---------------------
 options/locale/locale_ja-JP.ini         |  90 ---------------------
 options/locale/locale_ka.ini            |  10 ---
 options/locale/locale_kab.ini           |   5 --
 options/locale/locale_ko-KR.ini         |  48 -----------
 options/locale/locale_kw.ini            |  15 ----
 options/locale/locale_lt.ini            |  13 ---
 options/locale/locale_lv-LV.ini         |  90 ---------------------
 options/locale/locale_mk.ini            |  15 ----
 options/locale/locale_nb_NO.ini         |  12 ---
 options/locale/locale_nds.ini           |  89 ---------------------
 options/locale/locale_nl-NL.ini         |  95 ----------------------
 options/locale/locale_pl-PL.ini         |  91 ---------------------
 options/locale/locale_pt-BR.ini         |  91 ---------------------
 options/locale/locale_pt-PT.ini         |  90 ---------------------
 options/locale/locale_ro.ini            |  12 ---
 options/locale/locale_ru-RU.ini         |  90 ---------------------
 options/locale/locale_si-LK.ini         |  55 -------------
 options/locale/locale_sk-SK.ini         |  12 ---
 options/locale/locale_sl.ini            |  12 ---
 options/locale/locale_sr-SP.ini         |  44 ----------
 options/locale/locale_sv-SE.ini         |  97 +---------------------
 options/locale/locale_ta.ini            |  89 ---------------------
 options/locale/locale_th.ini            |  89 ---------------------
 options/locale/locale_tr-TR.ini         |  86 --------------------
 options/locale/locale_uk-UA.ini         |  91 ---------------------
 options/locale/locale_vi.ini            |  12 ---
 options/locale/locale_zh-CN.ini         |  90 ---------------------
 options/locale/locale_zh-HK.ini         |  42 ----------
 options/locale/locale_zh-TW.ini         |  93 ---------------------
 options/locale_next/locale_ar.json      |  36 +++++++++
 options/locale_next/locale_bg.json      |  30 +++++++
 options/locale_next/locale_ca.json      |  69 ++++++++++++++++
 options/locale_next/locale_cs-CZ.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_da.json      |  89 +++++++++++++++++++++
 options/locale_next/locale_de-DE.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_el-GR.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_en-US.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_eo.json      |  18 +++++
 options/locale_next/locale_es-ES.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_et.json      |  17 ++++
 options/locale_next/locale_eu.json      |  12 +++
 options/locale_next/locale_fa-IR.json   |  75 +++++++++++++++++
 options/locale_next/locale_fi-FI.json   |  76 ++++++++++++++++++
 options/locale_next/locale_fil.json     |  89 +++++++++++++++++++++
 options/locale_next/locale_fr-FR.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_ga.json      |  89 +++++++++++++++++++++
 options/locale_next/locale_gl.json      |  12 +++
 options/locale_next/locale_he.json      |  12 +++
 options/locale_next/locale_hi.json      |  12 +++
 options/locale_next/locale_hu-HU.json   |  45 +++++++++++
 options/locale_next/locale_id-ID.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_is-IS.json   |  26 ++++++
 options/locale_next/locale_it-IT.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_ja-JP.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_ka.json      |  10 +++
 options/locale_next/locale_kab.json     |   5 ++
 options/locale_next/locale_ko-KR.json   |  45 +++++++++++
 options/locale_next/locale_kw.json      |  12 +++
 options/locale_next/locale_lt.json      |  13 +++
 options/locale_next/locale_lv-LV.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_mk.json      |  12 +++
 options/locale_next/locale_nb_NO.json   |  12 +++
 options/locale_next/locale_nds.json     |  89 +++++++++++++++++++++
 options/locale_next/locale_nl-NL.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_pl-PL.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_pt-BR.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_pt-PT.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_ro.json      |  12 +++
 options/locale_next/locale_ru-RU.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_si-LK.json   |  53 ++++++++++++
 options/locale_next/locale_sk-SK.json   |  12 +++
 options/locale_next/locale_sl.json      |  12 +++
 options/locale_next/locale_sr-SP.json   |  38 +++++++++
 options/locale_next/locale_sv-SE.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_ta.json      |  89 +++++++++++++++++++++
 options/locale_next/locale_th.json      |  89 +++++++++++++++++++++
 options/locale_next/locale_tr-TR.json   |  85 ++++++++++++++++++++
 options/locale_next/locale_uk-UA.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_vi.json      |  12 +++
 options/locale_next/locale_zh-CN.json   |  89 +++++++++++++++++++++
 options/locale_next/locale_zh-HK.json   |  39 +++++++++
 options/locale_next/locale_zh-TW.json   |  89 +++++++++++++++++++++
 routers/web/admin/queue.go              |   2 +-
 templates/admin/queue_manage.tmpl       |   2 +-
 templates/admin/system_status.tmpl      |  56 ++++++-------
 templates/user/auth/webauthn.tmpl       |   8 +-
 templates/user/auth/webauthn_error.tmpl |  16 ++--
 111 files changed, 3087 insertions(+), 3164 deletions(-)

diff --git a/options/locale/locale_ar.ini b/options/locale/locale_ar.ini
index 9d719a4e5e..587ec0490c 100644
--- a/options/locale/locale_ar.ini
+++ b/options/locale/locale_ar.ini
@@ -1,9 +1,7 @@
 [common]
 language = لغة
 passcode = رمز المرور
-webauthn_error_timeout = طال وقت الوصول قبل أن يُقرأ مفتاحك. من فضلك أعد تحميل الصفحة وحاول مجدداً.
 cancel = ألغِ
-webauthn_sign_in = اضغط الزر على مفتاحك الأمني إذا لم يكن لدى مفتاح الأمن الخاص بك أي زر، إعادة تشغيله.
 captcha = كابتشا
 create_new = أنشئ…
 preview = عاين
@@ -22,7 +20,6 @@ mirrors = المرايا
 explore = إكتشف
 return_to_forgejo = العودة إلى فورجيو
 write = اكتب
-webauthn_error_unknown = حدث خطأ غير معروف. من فضلك حاول مجدداً.
 twofa = المصادقة الثنائية
 version = الإصدار
 copy_success = تم النسخ!
@@ -30,14 +27,12 @@ help = مساعدة
 loading = جارٍ التحميل…
 copy_type_unsupported = هذا النوع من الملفات لا يمكن نسخه
 pin = ثبّت
-webauthn_error_empty = يلزم أن تضع اسم لهذا المفتاح.
 confirm_delete_selected = تأكيد حذف جميع العناصر المحددة؟
 name = الاسم
 artifacts = الآثار
 sign_in_or = أو
 show_log_seconds = إظهار الثواني
 show_full_screen = املأ الشاشة
-webauthn_use_twofa = استخدم رمز المصادقة الموجود على هاتفك
 unpin = ألغِ التثبيت
 edit = حرر
 concept_code_repository = المستودع
@@ -60,12 +55,10 @@ admin_panel = إدارة الموقع
 copy_error = فشل النسخ
 new_mirror = مرآة جديدة
 re_type = تأكيد كلمة المرور
-webauthn_unsupported_browser = متصفحك لا يدعم ويب آوثن حالياً.
 copy = انسخ
 enabled = مُفَعَّل
 rerun = أعِد التشغيل
 milestones = أهداف
-webauthn_error_insecure = ويب آوثن يدعم فقط الاتصالات الآمنة. للاختبار على HTTP، يمكنك استخدام "localhost" أو "127.0.0.1"
 show_timestamps = إظهار الطوابع الزمنية
 rss_feed = موجز RSS
 never = أبدًا
@@ -79,7 +72,6 @@ sources = المصادر
 notifications = التنبيهات
 pull_requests = طلبات السحب
 repository = مستودع
-webauthn_error = تعذر قراءة مفتاحك الأمني.
 add_all = أضف الكل
 new_fork = اشتقاق جديد لمستودع
 new_project_column = عمود جديد
@@ -89,17 +81,13 @@ organization = منظمة
 save = احفظ
 sign_in_with_provider = سجل الدخول بـ %s
 ok = وافق
-webauthn_error_unable_to_process = الخادم لا يمكنه معالجة طلبك.
 register = سجل
 mirror = مرآة
 username = إسم المستخدم
 access_token = رمز الوصول
 download_logs = تنزيل السجلات
-webauthn_insert_key = أدخل مفتاحك الأمني
 password = كلمة المرور
-webauthn_error_duplicated = المفتاح الأمني غير مسموح له هذا الطلب. يرجى التأكد من أن المفتاح غير مسجل بالفعل.
 template = قالب
-webauthn_press_button = من فضلك اضغط الزر على مفتاحك الأمني…
 unknown = مجهول
 signed_in_as = مسجل كـ
 sign_up = سجل
@@ -1825,7 +1813,6 @@ dashboard.sync_repo_tags = زامن الوسوم من بيانات جِت إلى
 self_check = فحص ذاتي
 self_check.database_collation_case_insensitive = تستخدم قاعدة البيانات تجميع %s ، وهو تجميع غير حساس. على الرغم من أن فورجيو يمكن أن يعمل معها قد تكون هناك حالات نادرة لا تعمل كما هو متوقع.
 monitor.process.cancel_desc = قد يسبب إلغاء العملية فقدانًا للبيانات
-monitor.queue.type = النوع
 monitor.process.cancel_notices = أتريد إلغاء: <strong>%s</strong>؟
 dashboard.operations = عمليات الصيانة
 repositories = المستودعات
@@ -1836,7 +1823,6 @@ monitor.desc = الوصف
 monitor.start = وقت البدء
 dashboard.system_status = حالة النظام
 dashboard.delete_generated_repository_avatars = احذف الصورة الرمزية المولّدة للمستودع
-monitor.queue.name = الاسم
 monitor.process.cancel = ألغِ العملية
 monitor.last_execution_result = النتيجة
 users = حسابات المستخدمين
@@ -1845,14 +1831,11 @@ dashboard.operation_name = اسم العملية
 notices.type_1 = المستودع
 notices.desc = الوصف
 notices.type = النوع
-monitor.queue.settings.submit = حدّث الإعدادات
-monitor.queue.settings.changed = تم تحديث الإعدادات
 auths.security_protocol = بروتوكول الأمان
 auths.port = المنفذ
 auths.attribute_username_placeholder = اتركه فارغاً لاستخدام اسم المستخدم المُدخل في فورجيو.
 auths.host = المضيف
 auths.domain = النطاق
-users.list_status_filter.is_restricted = مقيَّد
 users.reserved = محجوز
 systemhooks.add_webhook = إضافة خطاف ويب النظام
 repos.owner = المالك
@@ -1880,7 +1863,6 @@ auths.type = النوع
 users.purge_help = حذف مستخدم بالقوة وكل مستودعاته ومنظماته وحزمه. كل تعليقاته والمسائل التي أنشأها ستُحذف أيضا.
 users.admin = المدير
 emails.email_manage_panel = إدارة بريد المستخدم
-users.list_status_filter.not_restricted = غير مقيد
 users.name = اسم المستخدم
 packages.repository = المستودع
 orgs.teams = الفِرق
@@ -1898,18 +1880,14 @@ packages.package_manage_panel = إدارة الحزم
 auths.auth_name = اسم الاستيثاق
 users.details = تفاصيل المستخدم
 orgs.name = الاسم
-users.list_status_filter.is_active = مفعّل
 users.repos = المستودعات
 defaulthooks.update_webhook = تحديث خطاف الويب المبدئي
 users.allow_git_hook = يستطيع عمل خطاطيف جت
 users.password_helper = اترك كلمة المرور فارغة لإبقائها بلا تغيير.
 dashboard.update_checker = فاحص التحديث
-users.list_status_filter.not_active = معطّل
 users.update_profile = حدّث حساب المستخدم
-users.list_status_filter.not_admin = غير مدير
 systemhooks = خطاطيف ويب النظام
 users.never_login = لم يلج قَط
-users.list_status_filter.is_admin = مدير
 users.allow_create_organization = يستطيع إنشاء منظمات
 users.restricted = مقيَّد
 users.delete_account = احذف حساب المستخدم
@@ -2058,23 +2036,9 @@ relevant_repositories = يتم اظهار المستودعات المتعلقة
 code_last_indexed_at = فُهرس آخر مرة %s
 
 [actions]
-variables.none = لا توجد متغيرات بعد.
-variables.deletion = أزل المتغير
-variables.creation = أضف متغيرا
-variables.management = إدارة المتغيرات
-variables = المتغيرات
-variables.deletion.description = إزالة المتغيرات عملية نهائية لا يمكن التراجع عنها. أتريد الاستمرار؟
 runs.empty_commit_message = (رسالة إيداع فارغة)
-variables.edit = عدّل المتغير
-variables.update.success = عُدِّل المتغير.
-variables.update.failed = فشل تعديل المتغير.
-variables.deletion.failed = فشل حذف المتغير.
-variables.creation.failed = فشل إضافة المتغير.
-variables.creation.success = تم إضافة المتغير "%s".
-variables.deletion.success = تم حذف المتغير.
 variables.id_not_exist = المتغير ذو المعرّف %d ليس موجودا.
 unit.desc = أدر الإجراءات
-variables.description = تمرر المتغيرات إلى إجراءات معينة ولا يمكن قراءتها بطريقة أخرى.
 
 [modal]
 no = لا
diff --git a/options/locale/locale_bg.ini b/options/locale/locale_bg.ini
index be9ef509d7..7e931f061d 100644
--- a/options/locale/locale_bg.ini
+++ b/options/locale/locale_bg.ini
@@ -111,8 +111,6 @@ toggle_menu = Превключване на менюто
 confirm_delete_artifact = Сигурни ли сте, че искате да изтриете артефакта „%s“?
 more_items = Още елементи
 twofa_scratch = Резервен код за двуфакторно удостоверяване
-webauthn_use_twofa = Използвайте двуфакторен код от телефона си
-webauthn_error_insecure = WebAuthn поддържа само сигурни връзки. За тестване през HTTP можете да използвате произход „localhost“ или „127.0.0.1“
 error413 = Изчерпали сте квотата си.
 go_back = Връщане
 invalid_data = Невалидни данни: %v
@@ -123,19 +121,9 @@ show_full_screen = Показване на цял екран
 show_timestamps = Показване на времеви отпечатъци
 rerun = Повторно изпълнение
 copy_type_unsupported = Този тип файл не може да бъде копиран
-webauthn_error_unknown = Възникна неизвестна грешка. Моля, опитайте отново.
-webauthn_error_unable_to_process = Сървърът не можа да обработи заявката ви.
-webauthn_error_empty = Трябва да зададете име за този ключ.
-webauthn_error_timeout = Времето за изчакване изтече преди ключът ви да бъде прочетен. Моля, презаредете страницата и опитайте отново.
 return_to_forgejo = Връщане към Forgejo
 unknown = Неизвестно
 confirm_delete_selected = Потвърждавате ли изтриването на всички избрани елементи?
-webauthn_insert_key = Поставете вашия ключ за сигурност
-webauthn_press_button = Моля, натиснете бутона на вашия ключ за сигурност…
-webauthn_sign_in = Натиснете бутона на вашия ключ за сигурност. Ако ключът ви за сигурност няма бутон, поставете го отново.
-webauthn_error = Неуспешно прочитане на вашия ключ за сигурност.
-webauthn_unsupported_browser = Вашият браузър в момента не поддържа WebAuthn.
-webauthn_error_duplicated = Ключът за сигурност не е разрешен за тази заявка. Моля, уверете се, че ключът не е вече регистриран.
 tracked_time_summary = Обобщение на проследеното време въз основа на филтрите в списъка със задачи
 active_stopwatch = Активен тракер за време
 access_token = Токен за достъп
@@ -2160,7 +2148,6 @@ auths.port = Порт
 auths.type = Тип
 config.ssh_config = SSH конфигурация
 monitor.stats = Статистика
-monitor.queue = Опашка: %s
 config = Конфигурация
 config.mailer_user = Потребител
 config.enable_captcha = Включване на CAPTCHA
@@ -2170,7 +2157,6 @@ config.git_config = Git конфигурация
 config.mailer_protocol = Протокол
 users.bot = Бот
 config.db_path = Път
-monitor.queues = Опашки
 config.server_config = Сървърна конфигурация
 packages.size = Размер
 settings = Админ. настройки
@@ -2195,7 +2181,6 @@ packages.total_size = Общ размер: %s
 dashboard.new_version_hint = Forgejo %s вече е наличен, вие изпълнявате %s. Проверете <a target="_blank" rel="noreferrer" href="%s">блога</a> за повече подробности.
 total = Общо: %d
 config.db_type = Тип
-monitor.queue.type = Тип
 notices.type = Тип
 users.prohibit_login = Замразен акаунт
 
@@ -2436,20 +2421,7 @@ relevant_repositories = Показани са само подходящи хра
 relevant_repositories_tooltip = Хранилищата, които са разклонения или нямат тема, икона или описание, са скрити.
 
 [actions]
-variables = Променливи
-variables.none = Все още няма променливи.
-variables.creation.failed = Неуспешно добавяне на променлива.
-variables.update.failed = Неуспешно редактиране на променлива.
-variables.creation.success = Променливата „%s“ е добавена.
-variables.deletion.success = Променливата е премахната.
-variables.edit = Редактиране на променливата
-variables.deletion = Премахване на променливата
-variables.update.success = Променливата е редактирана.
-variables.creation = Добавяне на променлива
-variables.deletion.failed = Неуспешно премахване на променлива.
 runs.no_workflows.help_no_write_access = За да научите повече за Forgejo Actions, вижте <a target="_blank" rel="noopener noreferrer" href="%s">документацията</a>.
-variables.management = Управление на променливи
-variables.not_found = Променливата не е открита.
 variables.id_not_exist = Променлива с идентификатор %d не съществува.
 unit.desc = Управление на интегрирани CI/CD pipelines с Forgejo Actions.
 
@@ -2515,8 +2487,6 @@ type_tooltip = Тип търсене
 runner_kind = Търсене на изпълнители…
 
 [markup]
-filepreview.lines = Редове от %[1]d до %[2]d в %[3]s
-filepreview.line = Ред %[1]d в %[2]s
 
 [munits.data]
 
diff --git a/options/locale/locale_ca.ini b/options/locale/locale_ca.ini
index c18b662900..fc77e81569 100644
--- a/options/locale/locale_ca.ini
+++ b/options/locale/locale_ca.ini
@@ -37,17 +37,6 @@ captcha = CAPTCHA
 twofa = Autenticació de doble factor
 twofa_scratch = Codi de rascar de doble-factor
 passcode = Codi de pas
-webauthn_insert_key = Inseriu la vostra clau de seguretat
-webauthn_sign_in = Premeu el botó a la vostra clau de seguretat. Si no en té, torneu-la a inserir.
-webauthn_press_button = Si us plau, premeu el botó a la vostra clau de seguretat…
-webauthn_use_twofa = Utilitza un codi de doble factor des del teu mòbil
-webauthn_error = No s'ha pogut llegir la clau de seguretat.
-webauthn_unsupported_browser = El teu navegador no suprta WebAuthn.
-webauthn_error_unknown = Hi ha hagut un error desconegut. Si us plau torneu-ho a intentar.
-webauthn_error_insecure = WebAuthn només suporta connexions segures. Per provar sobre HTTP, podeu utilitzar l'origen "localhost" o "127.0.0.1"
-webauthn_error_unable_to_process = El servidor no ha pogut processar la vostra sol·licitud.
-webauthn_error_duplicated = La clau de seguretat no és permesa per aquesta sol·licitud. Si us plau, assegureu-vos que la clau encara no ha estat registrada.
-webauthn_error_empty = S'ha d'anomenar aquesta clau.
 repository = Repositori
 organization = Organització
 mirror = Mirall
@@ -85,7 +74,6 @@ disabled = Deshabilitat
 filter.public = Públic
 filter.private = Privat
 show_full_screen = Mostra a pantalla completa
-webauthn_error_timeout = Temps d'espera finalitzar abans que la seva clau pogués ser llegida. Siusplau recarregueu la pàgina i torneu-ho a intentar.
 remove_label_str = Esborra l'element "%s"
 error413 = Ha exhaurit la quota.
 cancel = Canceŀlar
@@ -2638,9 +2626,6 @@ normal_file = Fitxer normal
 directory = Directori
 
 [markup]
-filepreview.truncated = La vista prèvia s'ha truncat
-filepreview.line = Línia %[1]d a %[2]s
-filepreview.lines = Línies %[1]d a %[2]d en %[3]s
 
 [translation_meta]
 test = Aquest és un text de prova. No es mostra a l'interfície d'usuari de Forgejo, però s'utilitza amb finalitats de prova. Pots introduir "d'acord" per a estalviar temps (o alguna frase divertida al teu gust) i arribar a la dolça fita del 100% :)
@@ -2758,7 +2743,6 @@ dashboard.delete_missing_repos = Suprimir tots els repositoris que no tinguin el
 dashboard.delete_missing_repos.started = S'ha iniciat la tasca per suprimir tots els repositoris que no tinguin els fitxers de Git.
 dashboard.update_mirrors = Actualitzar les rèpliques
 dashboard.archive_cleanup = Suprimir els arxius de repositori antics
-dashboard.memory_allocate_times = Assignacions de memòria
 orgs.name = Nom
 orgs.teams = Equips
 repos.name = Nom
@@ -2768,9 +2752,7 @@ auths.name = Nom
 config.db_name = Nom
 config.mailer_name = Nom
 monitor.name = Nom
-monitor.queue.name = Nom
 notices.type = Tipus
-monitor.queue.type = Tipus
 config.db_type = Tipus
 auths.type = Tipus
 packages.type = Tipus
@@ -2796,7 +2778,6 @@ users.activated = Activat
 emails.activated = Activat
 emails.filter_sort.email = Correu electrònic
 users.admin = Administrador
-users.list_status_filter.is_admin = Administrador
 notices.desc = Descripció
 packages.name = Nom
 packages.version = Versió
@@ -2854,30 +2835,6 @@ dashboard.sync_external_users = Sincronitzar dades d'usuari externes
 dashboard.cleanup_hook_task_table = Netejar la taula hook_task
 dashboard.cleanup_packages = Netejar paquets caducats
 dashboard.cleanup_actions = Netejar registres i artefactes d'accions caducats
-dashboard.server_uptime = Temps de funcionament del servidor
-dashboard.current_goroutine = Goroutines actuals
-dashboard.current_memory_usage = Ús de memòria actual
-dashboard.total_memory_allocated = Total de memòria adjudicada
-dashboard.memory_obtained = Memòria rebuda
-dashboard.pointer_lookup_times = Temps de consulta dels punters
-dashboard.memory_free_times = Alliberaments de memòria
-dashboard.current_heap_usage = Ús del heap actual
-dashboard.heap_memory_obtained = Memòria de heap rebuda
-dashboard.heap_memory_idle = Memòria del heap en repòs
-dashboard.heap_memory_in_use = Memòria del heap en ús
-dashboard.heap_memory_released = Memòria del heap alliberada
-dashboard.heap_objects = Objectes del heap
-dashboard.bootstrap_stack_usage = Ús de l'arrancada de la pila (stack)
-dashboard.stack_memory_obtained = Memòria de la pila (stack) rebuda
-dashboard.mspan_structures_usage = Ús de les estructures MSpan
-dashboard.mspan_structures_obtained = Estructures MSpan rebudes
-dashboard.mcache_structures_usage = Ús de les estructures MCache
-dashboard.mcache_structures_obtained = Estructures MCache rebudes
-dashboard.gc_metadata_obtained = Metadades del GC rebudes
-dashboard.next_gc_recycle = Proper cicle de GC
-dashboard.last_gc_time = Temps des del darrer GC
-dashboard.total_gc_pause = Pausa total de GC
-dashboard.last_gc_pause = Darrera pausa de GC
 dashboard.delete_old_actions = Eliminar totes les activitats antigues de la base de dades
 dashboard.delete_old_actions.started = Eliminar totes les activitats antigues des que s'ha iniciat la base de dades.
 dashboard.delete_old_system_notices = Eliminar totes les notificacions de sistema antigues de la base de dades
@@ -2934,15 +2891,6 @@ users.purge = Purgar usuari
 users.purge_help = Elimina forçosament l'usuari i tots els seus repositoris, organitzacions i paquets. També s'eliminaran tots els seus comentaris i incidències.
 users.still_own_packages = Aquest usuari encara té un o més paquets. Elimineu-los abans.
 users.deletion_success = S'ha eliminat l'usuari.
-users.list_status_filter.menu_text = Filtrar
-users.list_status_filter.reset = Restaurar
-users.list_status_filter.is_active = Actiu
-users.list_status_filter.not_active = Inactiu
-users.list_status_filter.not_admin = No administrador
-users.list_status_filter.is_restricted = Restringit
-users.list_status_filter.not_restricted = No restringit
-users.list_status_filter.is_prohibit_login = Inici de sessió prohibit
-users.list_status_filter.not_prohibit_login = Inici de sessió permès
 users.details = Detalls d'usuari
 emails.email_manage_panel = Gestionar correus d'usuari
 emails.primary = Principal
@@ -3122,7 +3070,7 @@ config.send_test_mail = Envia un correu de prova
 config.send_test_mail_submit = Envia
 config.test_mail_failed = No s'ha pogut enviar el correu de prova a "%s": %v
 config.test_mail_sent = S'ha enviat un correu de prova a "%s".
-config.cache_config =
+config.cache_config = 
 config.cache_adapter =Adaptador de la memòria cau
 config.cache_interval =Interval de la memòria cau
 config.cache_conn =Connexió de la memòria cau
@@ -3144,8 +3092,6 @@ config.enable_federated_avatar = Habilita els avatars federats
 dashboard.operation_switch = Intercanvia
 users.2fa = A2F
 users.reset_2fa = Restableix l'A2F
-users.list_status_filter.is_2fa_enabled = A2F activada
-users.list_status_filter.not_2fa_enabled = A2F desactivada
 auths.group_search_base = DN base de cerca de grup
 auths.group_attribute_list_users = Atribut de grup amb la llista d'usuaris
 auths.user_attribute_in_group = Atribut d'usuari llistat en el grup
@@ -3168,21 +3114,6 @@ auths.tip.openid_connect = Usa l'URL d'OpenID Connect Discovery (<server>/.well-
 dashboard.update_checker = Comprovador d'actualització
 
 [actions]
-variables = Variables
-variables.management = Gestionar variables
-variables.creation = Afegir variables
-variables.none = Encara no hi ha variables.
-variables.deletion = Eliminar variable
-variables.deletion.description = Eliminar una variable és permanent i no es pot desfer. Continua?
-variables.description = Les variables es passaran a certes accions i no es poden llegir altrament.
-variables.edit = Editar variable
-variables.not_found = No s'ha trobat la variable.
-variables.deletion.failed = No s'ha pogut eliminar la variable.
-variables.deletion.success = S'ha canviar el nom de la variable.
-variables.creation.failed = No s'ha pogut afegir la variable.
-variables.creation.success = S'ha afegit la variable "%s".
-variables.update.failed = No s'ha pogut editar la variable.
-variables.update.success = S'ha editat la variable.
 runs.no_workflows.help_write_access = No sabeu com començar amb Forgejo Actions? Feu un cop d'ull als <a target="_blank" rel="noopener noreferrer" href="%s">primers passos a la documentació d'usuari</a> per escriure el vostre primer flux de treball, llavors <a target="_blank" rel="noopener noreferrer" href="%s">configureu un runner Forgejo</a> per a executar els vostres treballs.
 runs.no_workflows.help_no_write_access = Per saber-ne més sobre Forgejo Actions, vegeu <a target="_blank" rel="noopener noreferrer" href="%s">la documentació</a>.
 
diff --git a/options/locale/locale_cs-CZ.ini b/options/locale/locale_cs-CZ.ini
index ef5c1ff762..95457b6dcb 100644
--- a/options/locale/locale_cs-CZ.ini
+++ b/options/locale/locale_cs-CZ.ini
@@ -37,18 +37,6 @@ twofa=Dvoufázové ověření
 twofa_scratch=Dvoufaktorový kód
 passcode=Přístupový kód
 
-webauthn_insert_key=Vložte svůj bezpečnostní klíč
-webauthn_sign_in=Stiskněte tlačítko na svém bezpečnostním klíči. Pokud bezpečnostní klíč nemá žádné tlačítko, vložte jej znovu.
-webauthn_press_button=Stiskněte tlačítko na bezpečnostním klíči…
-webauthn_use_twofa=Použít dvoufaktorový kód z vašeho telefonu
-webauthn_error=Nepodařilo se přečíst váš bezpečnostní klíč.
-webauthn_unsupported_browser=Váš prohlížeč momentálně nepodporuje WebAuthn.
-webauthn_error_unknown=Došlo k neznámé chybě. Opakujte akci.
-webauthn_error_insecure=WebAuthn podporuje pouze zabezpečená připojení. Pro testování přes HTTP můžete použít výchozí „localhost“ nebo „127.0.0.1“
-webauthn_error_unable_to_process=Server nemohl zpracovat váš požadavek.
-webauthn_error_duplicated=Bezpečnostní klíč není pro tento požadavek povolen. Ujistěte se prosím, zda klíč již není registrován.
-webauthn_error_empty=Musíte nastavit název tohoto klíče.
-webauthn_error_timeout=Požadavek vypršel dříve, než se podařilo přečíst váš klíč. Znovu načtěte tuto stránku a akci opakujte.
 repository=Repozitář
 organization=Organizace
 mirror=Zrcadlo
@@ -2935,34 +2923,6 @@ dashboard.reinit_missing_repos=Znovu inicializovat všechny chybějící repozit
 dashboard.sync_external_users=Synchronizovat externí uživatelská data
 dashboard.cleanup_hook_task_table=Vyčistit tabulku hook_task
 dashboard.cleanup_packages=Vyčistit prošlé balíčky
-dashboard.server_uptime=Doba provozu serveru
-dashboard.current_goroutine=Aktuální goroutines
-dashboard.current_memory_usage=Aktuální využití paměti
-dashboard.total_memory_allocated=Celková přidělená paměť
-dashboard.memory_obtained=Získaná paměť
-dashboard.pointer_lookup_times=Časy vyhledávání ukazatelů
-dashboard.memory_allocate_times=Alokace paměti
-dashboard.memory_free_times=Uvolnění paměti
-dashboard.current_heap_usage=Aktuální využití paměti zásobníku
-dashboard.heap_memory_obtained=Získaná paměť zásobníku
-dashboard.heap_memory_idle=Nečinná paměť zásobníku
-dashboard.heap_memory_in_use=Používaná paměť zásobníku
-dashboard.heap_memory_released=Uvolněná paměť zásobníku
-dashboard.heap_objects=Objekty zásobníku
-dashboard.bootstrap_stack_usage=Využití zásobníku prvotního zavedení
-dashboard.stack_memory_obtained=Celková získaná pamět zásobníku
-dashboard.mspan_structures_usage=Užití struktur MSpan
-dashboard.mspan_structures_obtained=Získané struktury MSpan
-dashboard.mcache_structures_usage=Využití struktur MCache
-dashboard.mcache_structures_obtained=Získané struktury MCache
-dashboard.profiling_bucket_hash_table_obtained=Získaná profilovací bucket hash tabulka
-dashboard.gc_metadata_obtained=Získaná metadata GC
-dashboard.other_system_allocation_obtained=Získaná alokace ostatních systémových prostředků
-dashboard.next_gc_recycle=Příští recyklace GC
-dashboard.last_gc_time=Doba od posledního GC
-dashboard.total_gc_pause=Celková pauza GC
-dashboard.last_gc_pause=Poslední pauza GC
-dashboard.gc_times=Časy GC
 dashboard.delete_old_actions=Odstranit všechny staré aktivity z databáze
 dashboard.delete_old_actions.started=Spuštěno odstraňování všech starých aktivit z databáze.
 dashboard.update_checker=Kontrola aktualizací
@@ -3019,18 +2979,6 @@ users.purge_help=Vynuceně odstranit uživatele a všechny repositáře, organiz
 users.still_own_packages=Tento uživatel stále vlastní jeden nebo více balíčků, nejprve odstraňte tyto balíčky.
 users.deletion_success=Uživatelský účet byl smazán.
 users.reset_2fa=Resetovat 2FA
-users.list_status_filter.menu_text=Filtr
-users.list_status_filter.reset=Obnovit
-users.list_status_filter.is_active=Aktivní
-users.list_status_filter.not_active=Neaktivní
-users.list_status_filter.is_admin=Administrátor
-users.list_status_filter.not_admin=Není administrátor
-users.list_status_filter.is_restricted=Omezeno
-users.list_status_filter.not_restricted=Není omezen
-users.list_status_filter.is_prohibit_login=Zakázat přihlášení
-users.list_status_filter.not_prohibit_login=Povolit přihlášení
-users.list_status_filter.is_2fa_enabled=2FA povoleno
-users.list_status_filter.not_2fa_enabled=2FA zakázáno
 users.details=Podrobnosti o uživateli
 
 emails.email_manage_panel=Správa uživatelských e-mailů
@@ -3344,24 +3292,6 @@ monitor.process.cancel_desc=Zrušení procesu může způsobit ztrátu dat
 monitor.process.cancel_notices=Zrušit: <strong>%s</strong>?
 monitor.process.children=Potomek
 
-monitor.queues=Fronty
-monitor.queue=Fronta: %s
-monitor.queue.name=Název
-monitor.queue.type=Typ
-monitor.queue.exemplar=Typ vzoru
-monitor.queue.numberworkers=Počet workerů
-monitor.queue.maxnumberworkers=Maximální počet workerů
-monitor.queue.numberinqueue=Číslo ve frontě
-monitor.queue.review_add=Posoudit / přidat workery
-monitor.queue.settings.title=Nastavení poolu
-monitor.queue.settings.maxnumberworkers=Maximální počet workerů
-monitor.queue.settings.maxnumberworkers.placeholder=V současné době %[1]d
-monitor.queue.settings.maxnumberworkers.error=Maximální počet workerů musí být číslo
-monitor.queue.settings.submit=Upravit nastavení
-monitor.queue.settings.changed=Nastavení upravena
-monitor.queue.settings.remove_all_items=Odstranit vše
-monitor.queue.settings.remove_all_items_done=Všechny položky ve frontě byly odstraněny.
-
 notices.system_notice_list=Systémová oznámení
 notices.view_detail_header=Podrobnosti oznámení
 notices.operations=Operace
@@ -3377,7 +3307,6 @@ notices.desc=Popis
 notices.op=Op.
 notices.delete_success=Systémové upozornění bylo smazáno.
 dashboard.sync_repo_branches = Synchronizovat vynechané větve z dat Gitu do databáze
-monitor.queue.activeworkers = Aktivní workery
 defaulthooks.desc = Webhooky automaticky vytvářejí žádosti HTTP POST na server, kde se spustí určité události Forgejo. Webhooky zde definované jsou výchozí a budou zkopírovány do všech nových repozitářů. Více informací zjistíte v <a target="_blank" rel="noopener" href="%s">návodu webhooků</a>.
 systemhooks.desc = Webhooky automaticky vytvářejí žádosti HTTP POST na server, kde se spustí určité události Forgejo. Webhooky zde definované budou aktivní u všech repozitářů v systému, zvažte tedy prosím všechny vlivy na výkon, které může tato funkce způsobit. Více informací zjistíte v <a target="_blank" rel="noopener" href="%s">návodu webhooků</a>.
 assets = Assety kódu
@@ -3392,8 +3321,6 @@ self_check.database_fix_mysql=Pro uživatele MySQL/MariaDB můžete použít př
 self_check = Vlastní kontrola
 self_check.database_collation_case_insensitive=Databáze používá collation %s, což je collation nerozlišující velká a malá písmena. Ačkoli s ní Forgejo může pracovat, mohou se vyskytnout vzácné případy, kdy nebude fungovat podle očekávání.
 auths.oauth2_map_group_to_team = Zmapovat zabrané skupiny u týmů organizací (volitelné - vyžaduje název claimu výše)
-monitor.queue.settings.desc = Pooly dynamicky rostou podle blokování fronty jejich workerů.
-
 auths.tips.gmail_settings = Nastavení služby Gmail:
 config_summary = Souhrn
 config.open_with_editor_app_help = Editory v nabídce „Otevřít pomocí“ v nabídce klonování. Ponechte prázdné pro použití výchozího editoru (zobrazíte jej rozšířením).
@@ -3516,21 +3443,7 @@ workflow.enable_success=Workflow „%s“ byl úspěšně aktivován.
 workflow.disabled=Workflow je zakázán.
 
 
-variables=Proměnné
-variables.management=Správa proměnných
-variables.creation=Přidat proměnnou
-variables.none=Zatím zde nejsou žádné proměnné.
-variables.deletion=Odstranit proměnnou
-variables.deletion.description=Odstranění proměnné je trvalé a nelze jej vrátit zpět. Pokračovat?
-variables.description=Proměnné budou předány určitým akcím a nelze je přečíst jinak.
 variables.id_not_exist = Proměnná s id %d neexistuje.
-variables.edit=Upravit proměnnou
-variables.deletion.failed=Nepodařilo se odstranit proměnnou.
-variables.deletion.success=Proměnná byla odstraněna.
-variables.creation.failed=Přidání proměnné se nezdařilo.
-variables.creation.success=Proměnná „%s“ byla přidána.
-variables.update.failed=Úprava proměnné se nezdařila.
-variables.update.success=Proměnná byla upravena.
 need_approval_desc = Potřebovat schválení pro spouštění workflowů pro žádosti o sloučení forků.
 workflow.dispatch.use_from = Použít workflow z
 workflow.dispatch.run = Spustit workflow
@@ -3542,7 +3455,6 @@ workflow.dispatch.success = Žádost o spuštění workflow byla úspěšně ode
 runs.expire_log_message = Protokoly byly smazány, protože byly příliš staré.
 runs.no_workflows.help_no_write_access = Pro více informací o Forgejo Actions se podívejte do <a target="_blank" rel="noopener noreferrer" href="%s">dokumentace</a>.
 runs.no_workflows.help_write_access = Nevíte, jak začít s Forgejo Actions? Podívejte se na <a target="_blank" rel="noopener noreferrer" href="%s">rychlý začátek v uživatelské dokumentaci</a> pro vytvoření vašeho prvního workflow. Poté <a target="_blank" rel="noopener noreferrer" href="%s">nastavte runner Forgejo</a> pro provádění vašich úloh.
-variables.not_found = Nepodařilo se najít proměnnou.
 
 [projects]
 type-1.display_name=Samostatný projekt
@@ -3588,9 +3500,6 @@ regexp = RegExp
 regexp_tooltip = Interpretovat hledaný výraz jako regulární výraz
 
 [markup]
-filepreview.lines = Řádky %[1]d až %[2]d v souboru %[3]s
-filepreview.line = Řádek %[1]d v souboru %[2]s
-filepreview.truncated = Náhled byl zkrácen
 
 [munits.data]
 
diff --git a/options/locale/locale_da.ini b/options/locale/locale_da.ini
index 83f5b14ea2..6efa9bcec3 100644
--- a/options/locale/locale_da.ini
+++ b/options/locale/locale_da.ini
@@ -35,14 +35,6 @@ re_type = Bekræft adgangskode
 captcha = CAPTCHA
 twofa = To-faktor autentificering
 twofa_scratch = To-faktor skrabekode
-webauthn_sign_in = Tryk på knappen på din sikkerhedsnøgle. Hvis din sikkerhedsnøgle ikke har nogen knap, skal du indsætte den igen.
-webauthn_use_twofa = Brug en tofaktorkode fra din telefon
-webauthn_error = Kunne ikke læse din sikkerhedsnøgle.
-webauthn_unsupported_browser = Din browser understøtter i øjeblikket ikke WebAuthn.
-webauthn_error_unknown = Der opstod en ukendt fejl. Prøv venligst igen.
-webauthn_error_unable_to_process = Serveren kunne ikke behandle din anmodning.
-webauthn_error_duplicated = Sikkerhedsnøglen er ikke tilladt for denne anmodning. Sørg for, at nøglen ikke allerede er registreret.
-webauthn_error_empty = Du skal angive et navn for denne nøgle.
 organization = Organisation
 mirror = Mirror
 new_mirror = Ny mirror
@@ -112,11 +104,7 @@ show_timestamps = Vis tidsstempler
 show_log_seconds = Vis sekunder
 tracked_time_summary = Opsummering af sporet tid baseret på filtre af problemliste
 signed_in_as = Logget ind som
-webauthn_error_insecure = WebAuthn understøtter kun sikre forbindelser. Til test over HTTP kan du bruge oprindelsen "localhost" eller "127.0.0.1"
 invalid_data = Ugyldige data: %v
-webauthn_insert_key = Indsæt din sikkerhedsnøgle
-webauthn_press_button = Tryk venligst på knappen på din sikkerhedsnøgle…
-webauthn_error_timeout = Timeout nået, før din nøgle kunne læses. Genindlæs denne side og prøv igen.
 enabled = Aktiveret
 locked = Låst
 copy_hash = Kopiér hash
@@ -2854,7 +2842,6 @@ config.db_name = Navn
 users.full_name = Fulde navn
 users.activated = Aktiveret
 repos.name = Navn
-monitor.queue.name = Navn
 repos.private = Privat
 config.default_enable_timetracking = Aktiver tidsregistrering som standard
 config.enable_timetracking = Aktiver tidsregistrering
@@ -2863,11 +2850,6 @@ config.allow_dots_in_usernames = Tillad brugere at bruge prikker i deres brugern
 auths.oauth2_icon_url = Icon URL
 users.edit = Redigere
 users.auth_source = Godkendelseskilde
-monitor.queue.settings.maxnumberworkers.placeholder = I øjeblikket %[1]d
-monitor.queue.settings.submit = Opdater indstillinger
-monitor.queue.settings.changed = Indstillinger opdateret
-monitor.queue.settings.remove_all_items = Slet alle
-monitor.queue.settings.remove_all_items_done = Alle varer i køen er blevet fjernet.
 notices.system_notice_list = Systemmeddelelser
 dashboard.delete_repo_archives = Slet alle depoters arkiver (ZIP, TAR.GZ osv..)
 organizations = Organisationer
@@ -2898,8 +2880,6 @@ dashboard.clean_unbind_oauth = Rens ubundne OAuth-forbindelser
 dashboard.delete_inactive_accounts.started = Slet alle uaktiverede konti opgave startet.
 dashboard.delete_missing_repos = Slet alle depoter, der mangler deres Git-filer
 dashboard.update_migration_poster_id = Opdater migrationsplakat-id'er
-dashboard.memory_obtained = Hukommelse opnået
-dashboard.pointer_lookup_times = Pointer-opslagstider
 hooks = Webhooks
 dashboard.cron.finished = Cron: %[1]s er færdig
 dashboard.delete_inactive_accounts = Slet alle uaktiverede konti
@@ -2908,10 +2888,6 @@ notices = Systemmeddelelser
 config_summary = Oversigt
 dashboard.system_status = System status
 dashboard.update_mirrors = Opdater spejle
-dashboard.server_uptime = Server oppetid
-dashboard.current_goroutine = Nuværende goroutiner
-dashboard.current_memory_usage = Aktuel hukommelsesbrug
-dashboard.total_memory_allocated = Samlet hukommelse tildelt
 integrations = Integrationer
 dashboard.operations = Vedligeholdelses operationer
 dashboard.repo_health_check = Sundhedstjek alle depoter
@@ -2947,16 +2923,6 @@ users.update_profile = Opdater brugerkonto
 users.still_has_org = Denne bruger er medlem af en organisation. Fjern først brugeren fra enhver organisation.
 users.purge_help = Tvangsslet brugeren og eventuelle depoter, organisationer og pakker, der ejes af brugeren. Alle kommentarer og problemer indsendt af denne bruger vil også blive slettet.
 users.is_admin = Administrator konto
-dashboard.mspan_structures_obtained = Mspan strukturer opnået
-dashboard.mcache_structures_usage = MCache strukturer brug
-dashboard.mspan_structures_usage = MSpan strukturer brug
-dashboard.mcache_structures_obtained = MCache-strukturer opnået
-dashboard.profiling_bucket_hash_table_obtained = Profilering bucket hash tabel opnået
-dashboard.gc_metadata_obtained = GC-metadata opnået
-dashboard.other_system_allocation_obtained = Anden systemallokering opnået
-dashboard.next_gc_recycle = Næste GC genbrug
-dashboard.total_gc_pause = Total GC-pause
-dashboard.last_gc_time = Tid siden sidste GC
 dashboard.delete_old_system_notices = Slet alle gamle systemmeddelelser fra databasen
 dashboard.gc_lfs = Affaldssamler LFS-metaobjekter
 dashboard.start_schedule_tasks = Start planlæg handlingsopgaver
@@ -2968,12 +2934,6 @@ users.created = Oprettet
 users.max_repo_creation = Maksimalt antal depoter
 users.prohibit_login = Suspenderet konto
 users.is_restricted = Begrænset konto
-dashboard.memory_allocate_times = Hukommelsestildelinger
-dashboard.memory_free_times = Hukommelses frigørelse
-dashboard.current_heap_usage = Nuværende heap-brug
-dashboard.heap_memory_obtained = Heap-hukommelse opnået
-dashboard.heap_objects = Heap genstande
-dashboard.bootstrap_stack_usage = Brug af bootstrap-stak
 dashboard.update_checker = Opdateringskontrol
 dashboard.delete_old_actions.started = Slet alle gamle aktiviteter fra den påbegyndte database.
 dashboard.stop_zombie_tasks = Stop zombiehandlingsopgaver
@@ -2987,19 +2947,10 @@ users.organization_creation.description = Tillad oprettelse af nye organisatione
 users.delete_account = Slet brugerkonto
 users.cannot_delete_self = Du kan ikke slette dig selv
 users.still_own_repo = Denne bruger ejer stadig et eller flere arkiver. Slet eller overfør disse depoter først.
-users.list_status_filter.is_admin = Admin
 users.block.description = Bloker denne bruger i at interagere med denne tjeneste via deres konto, og forbyd at logge ind.
 users.restricted.description = Tillad kun interaktion med de depoter og organisationer, hvor denne bruger er tilføjet som en samarbejdspartner. Dette forhindrer adgang til offentlige arkiver i denne instans.
-users.list_status_filter.menu_text = Filter
-dashboard.heap_memory_idle = Heap hukommelse inaktiv
-dashboard.heap_memory_in_use = Heap hukommelse i brug
-dashboard.heap_memory_released = Heap-hukommelse frigivet
-dashboard.stack_memory_obtained = Stakhukommelse opnået
-dashboard.last_gc_pause = Sidste GC-pause
-dashboard.gc_times = GC times
 dashboard.delete_old_actions = Slet alle gamle aktiviteter fra databasen
 users.allow_create_organization = Kan skabe organisationer
-users.list_status_filter.not_admin = Ikke admin
 users.allow_import_local = Kan importere lokale depoter
 users.send_register_notify = Giv besked om tilmelding via e-mail
 users.local = Lokal
@@ -3014,9 +2965,6 @@ users.max_repo_creation_desc = (Indtast -1 for at bruge den globale standardgræ
 users.is_activated = Aktiveret konto
 users.edit_account = Rediger brugerkonto
 packages.version = Version
-users.list_status_filter.reset = Nulstil
-users.list_status_filter.is_active = Aktiv
-users.list_status_filter.not_active = Inaktiv
 users.purge = Udrens bruger
 users.user_manage_panel = Administrer brugerkonti
 users.new_account = Opret brugerkonto
@@ -3030,25 +2978,19 @@ emails.not_updated = Kunne ikke opdatere den anmodede e-mailadresse: %v
 packages.package_manage_panel = Administrer pakker
 packages.total_size = Samlet størrelse: %s
 packages.unreferenced_size = Ikke-referencestørrelse: %s
-users.list_status_filter.is_2fa_enabled = 2FA aktiveret
-users.list_status_filter.not_2fa_enabled = 2FA deaktiveret
 emails.filter_sort.email_reverse = E-mail (omvendt)
 emails.filter_sort.name_reverse = Brugernavn (omvendt)
 emails.delete = Slet e-mail
 emails.delete_desc = Er du sikker på, at du vil slette denne e-mailadresse?
 emails.deletion_success = E-mailadressen er blevet slettet.
-users.list_status_filter.is_restricted = Begrænset
 emails.duplicate_active = Denne e-mailadresse er allerede aktiv for en anden bruger.
 emails.change_email_header = Opdater e-mail-egenskaber
 emails.change_email_text = Er du sikker på, at du vil opdatere denne e-mailadresse?
 repos.issues = Problemer
 repos.size = Størrelse
 repos.lfs_size = LFS størrelse
-users.list_status_filter.not_restricted = Ikke begrænset
 users.details = Brugeroplysninger
 emails.email_manage_panel = Administrer bruger-e-mails
-users.list_status_filter.is_prohibit_login = Forbyd login
-users.list_status_filter.not_prohibit_login = Tillad login
 emails.delete_primary_email_error = Du kan ikke slette den primære e-mail.
 orgs.org_manage_panel = Administrer organisationer
 repos.repo_manage_panel = Administrer depoter
@@ -3113,8 +3055,6 @@ self_check.database_collation_case_insensitive = Databasen bruger en sortering %
 config.git_max_diff_line_characters = Maks. diff-tegn pr. linje
 config.access_log_template = Skabelon til adgangslog
 monitor.process.children = Børn
-monitor.queues = Køer
-monitor.queue.settings.desc = Puljer vokser dynamisk som reaktion på deres blokering af arbejderkø.
 auths.auth_manage_panel = Administrer godkendelseskilder
 auths.auth_type = Godkendelsestype
 auths.map_group_to_team_removal = Fjern brugere fra synkroniserede teams, hvis brugeren ikke tilhører den tilsvarende LDAP-gruppe
@@ -3141,8 +3081,6 @@ monitor.stacktrace = Stakspor
 monitor.execute_time = Udførelsestid
 monitor.last_execution_result = Resultat
 monitor.process.cancel_notices = Annuller: <strong>%s</strong>?
-monitor.queue.type = Type
-monitor.queue.exemplar = Eksempler type
 auths.auth_name = Godkendelsesnavn
 auths.attribute_username = Brugernavn attribut
 auths.attribute_username_placeholder = Lad stå tomt for at bruge brugernavnet indtastet i Forgejo.
@@ -3185,13 +3123,11 @@ config.cache_test_slow = Cachetest lykkedes, men svaret er langsomt: %s.
 config.gc_interval_time = GC interval tid
 config.git_max_diff_files = Max diff filer vist
 config.git_gc_args = GC argumenter
-monitor.queue.settings.maxnumberworkers.error = Max antal arbejdere skal være et tal
 notices.inverse_selection = Omvendt valg
 notices.delete_selected = Slet valgte
 auths.allowed_domains_helper = Lad være tomt for at tillade alle domæner. Adskil flere domæner med et komma (",").
 auths.skip_local_two_fa = Spring over lokal 2FA
 auths.oauth2_required_claim_value_helper = Indstil denne værdi for at begrænse login fra denne kilde til brugere med et krav med dette navn og denne værdi
-monitor.queue.settings.maxnumberworkers = Max antal arbejdere
 notices.delete_all = Slet alle meddelelser
 auths.smtp_auth = SMTP-godkendelsestype
 config.default_visibility_organization = Standardsynlighed for nye organisationer
@@ -3290,7 +3226,6 @@ auths.attributes_in_bind = Hent attributter i bind DN-kontekst
 config.app_name = Instans titel
 config.app_slogan = instans slogan
 config.cache_interval = Cache interval
-monitor.queue.settings.title = Pool indstillinger
 notices.type = Type
 notices.type_2 = Opgave
 config.db_schema = Skematisk
@@ -3309,12 +3244,6 @@ monitor.execute_times = Udførelser
 monitor.download_diagnosis_report = Hent diagnoserapport
 monitor.process.cancel = Annuller processen
 monitor.process.cancel_desc = Annullering af en proces kan medføre tab af data
-monitor.queue = Kø: %s
-monitor.queue.numberworkers = Antal arbejdere
-monitor.queue.activeworkers = Aktive arbejdere
-monitor.queue.maxnumberworkers = Max antal arbejdere
-monitor.queue.numberinqueue = Nummer i kø
-monitor.queue.review_add = Gennemgå / tilføj arbejdere
 config.git_pull_timeout = Pull Operation timeout
 config.git_clone_timeout = Klone Operation timeout
 config.git_gc_timeout = GC Operation timeout
@@ -3348,15 +3277,9 @@ owner.settings.cleanuprules.keep.count.n = %d versioner pr. pakke
 
 [actions]
 unit.desc = Administrer integrerede CI/CD-pipelines med Forgejo Actions.
-variables.not_found = Variablen kunne ikke findes.
 workflow.enable = Aktiver arbejdsgang
 workflow.enable_success = Arbejdsgangen "%s" blev aktiveret.
-variables.none = Der er ingen variabler endnu.
-variables.edit = Rediger variabel
-variables.deletion.success = Variablen er blevet fjernet.
-variables.creation.failed = Kunne ikke tilføje variabel.
 runs.no_workflows.help_write_access = Ved du ikke, hvordan du starter med Forgejo Actions? Tjek <a target="_blank" rel="noopener noreferrer" href="%s">hurtigstarten i brugerdokumentationen</a> for at skrive dit første workflow, og <a target="_blank" rel="noopener noreferrer" href="%s">opsæt en Forgejo-løber</a> til at udføre dine opgaver.
-variables.update.success = Variablen er blevet redigeret.
 workflow.disable_success = Arbejdsgangen "%s" blev deaktiveret.
 workflow.disable = Deaktiver arbejdsgang
 workflow.dispatch.use_from = Brug arbejdsgangen fra
@@ -3366,20 +3289,11 @@ workflow.dispatch.warn_input_limit = Viser kun de første %d input.
 workflow.dispatch.success = Kørsel af arbejdsgang blev anmodet om.
 workflow.dispatch.input_required = Kræv værdi for input "%s".
 workflow.dispatch.invalid_input_type = Ugyldig inputtype "%s".
-variables.creation = Tilføj variabel
 need_approval_desc = Har brug for godkendelse for at køre arbejdsgange for fork pull-anmodning.
 runs.empty_commit_message = (tom commit besked)
 runs.expire_log_message = Logfiler er blevet renset, fordi de var for gamle.
-variables = Variabler
-variables.management = Administrer variabler
-variables.creation.success = Variablen "%s" er blevet tilføjet.
-variables.update.failed = Variablen kunne ikke redigeres.
 runs.no_workflows.help_no_write_access = For at lære om Forgejo Actions, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
-variables.deletion = Fjern variabel
 variables.id_not_exist = Variabel med ID %d findes ikke.
-variables.deletion.description = Fjernelse af en variabel er permanent og kan ikke fortrydes. Vil du fortsætte?
-variables.description = Variabler vil blive videregivet til visse handlinger og kan ikke læses på anden vis.
-variables.deletion.failed = Variablen kunne ikke fjernes.
 workflow.dispatch.run = Kør arbejdsgang
 runs.no_runs = Workflowet har ingen kørsler endnu.
 
@@ -3465,9 +3379,6 @@ deleted.display_name = Slettet projekt
 type-1.display_name = Individuelt projekt
 
 [markup]
-filepreview.line = Linje %[1]d i %[2]s
-filepreview.lines = Linjer %[1]d til %[2]d i %[3]s
-filepreview.truncated = Forhåndsvisningen er blevet afkortet
 
 [git.filemode]
 symbolic_link = Symbolsk link
diff --git a/options/locale/locale_de-DE.ini b/options/locale/locale_de-DE.ini
index d777732c65..4a356b1f6e 100644
--- a/options/locale/locale_de-DE.ini
+++ b/options/locale/locale_de-DE.ini
@@ -36,18 +36,6 @@ twofa=Zwei-Faktor-Authentifizierung
 twofa_scratch=Zwei-Faktor-Einmalpasswort
 passcode=PIN
 
-webauthn_insert_key=Hardware-Sicherheitsschlüssel einstecken
-webauthn_sign_in=Drücke den Knopf auf deinem Sicherheitsschlüssel. Wenn dein Sicherheitsschlüssel keinen Knopf hat, stecke ihn erneut ein.
-webauthn_press_button=Drücke den Knopf auf deinem Sicherheitsschlüssel …
-webauthn_use_twofa=Zwei-Faktor-Authentifizierung via Handy verwenden
-webauthn_error=Dein Sicherheitsschlüssel konnte nicht gelesen werden.
-webauthn_unsupported_browser=Dein Browser unterstützt derzeit kein WebAuthn.
-webauthn_error_unknown=Ein unbekannter Fehler ist aufgetreten. Bitte versuche es erneut.
-webauthn_error_insecure=WebAuthn unterstützt nur sichere Verbindungen. Zum Testen über HTTP kannst du „localhost“ oder „127.0.0.1“ als Host verwenden
-webauthn_error_unable_to_process=Der Server konnte deine Anfrage nicht bearbeiten.
-webauthn_error_duplicated=Für diese Anfrage ist der Sicherheitsschlüssel nicht erlaubt. Bitte stell sicher, dass er nicht bereits registriert ist.
-webauthn_error_empty=Du musst einen Namen für diesen Schlüssel festlegen.
-webauthn_error_timeout=Das Zeitlimit wurde erreicht, bevor dein Schlüssel gelesen werden konnte. Bitte lade die Seite erneut.
 repository=Repository
 organization=Organisation
 mirror=Spiegel
@@ -2936,34 +2924,6 @@ dashboard.sync_external_users=Externe Benutzerdaten synchronisieren
 dashboard.cleanup_hook_task_table=Hook-Task-Tabelle bereinigen
 dashboard.cleanup_packages=Veraltete Pakete bereinigen
 dashboard.cleanup_actions=Abgelaufene Logs und Artefakte von Actions bereinigen
-dashboard.server_uptime=Server-Uptime
-dashboard.current_goroutine=Aktuelle Goroutinen
-dashboard.current_memory_usage=Aktuelle Speichernutzung
-dashboard.total_memory_allocated=Zugeteilter Gesamtspeicher
-dashboard.memory_obtained=Erhaltener Speicher
-dashboard.pointer_lookup_times=Anzahl Zeigerlookups
-dashboard.memory_allocate_times=Speicheranforderungen
-dashboard.memory_free_times=Speicherfreigaben
-dashboard.current_heap_usage=Aktuelle Heap-Auslastung
-dashboard.heap_memory_obtained=Erhaltener Heap-Arbeitsspeicher
-dashboard.heap_memory_idle=Unbenutzter Heap-Arbeitsspeicher
-dashboard.heap_memory_in_use=Benutzter-Heap-Arbeitsspeicher
-dashboard.heap_memory_released=Freigegebener Heap-Arbeitsspeicher
-dashboard.heap_objects=Heap-Objekte
-dashboard.bootstrap_stack_usage=Bootstrap-Stack-Auslastung
-dashboard.stack_memory_obtained=Erhaltener Stack-Arbeitsspeicher
-dashboard.mspan_structures_usage=MSpan-Structures-Auslastung
-dashboard.mspan_structures_obtained=Erhaltene MSpan-Structures
-dashboard.mcache_structures_usage=MCache-Structures-Auslastung
-dashboard.mcache_structures_obtained=Erhaltene MCache-Structures
-dashboard.profiling_bucket_hash_table_obtained=Erhaltene Analysesatz-Hashtabellen
-dashboard.gc_metadata_obtained=Erhaltene GC-Metadaten
-dashboard.other_system_allocation_obtained=Andere erhaltene System-Allokationen
-dashboard.next_gc_recycle=Nächster GC-Zyklus
-dashboard.last_gc_time=Seit letztem GC-Zyklus
-dashboard.total_gc_pause=Gesamte GC-Pause
-dashboard.last_gc_pause=Letzte GC-Pause
-dashboard.gc_times=GC-Zeiten
 dashboard.delete_old_actions=Alle alten Aktivitäten aus der Datenbank löschen
 dashboard.delete_old_actions.started=Löschen aller alten Aktivitäten aus der Datenbank gestartet.
 dashboard.update_checker=Update-Checker
@@ -3020,18 +2980,6 @@ users.purge_help=Das Löschen des Benutzers inklusive all seiner Repositorys, Or
 users.still_own_packages=Dieser Benutzer besitzt noch ein oder mehrere Pakete, lösche diese Pakete zuerst.
 users.deletion_success=Das Konto wurde gelöscht.
 users.reset_2fa=2FA zurücksetzen
-users.list_status_filter.menu_text=Filter
-users.list_status_filter.reset=Zurücksetzen
-users.list_status_filter.is_active=Aktiv
-users.list_status_filter.not_active=Inaktiv
-users.list_status_filter.is_admin=Administrator
-users.list_status_filter.not_admin=Nicht-Administrator
-users.list_status_filter.is_restricted=Eingeschränkt
-users.list_status_filter.not_restricted=Unbegrenzt
-users.list_status_filter.is_prohibit_login=Anmelden verbieten
-users.list_status_filter.not_prohibit_login=Anmelden erlaubt
-users.list_status_filter.is_2fa_enabled=2FA aktiviert
-users.list_status_filter.not_2fa_enabled=2FA deaktiviert
 users.details=Benutzerdetails
 
 emails.email_manage_panel=Benutzer-E-Mails verwalten
@@ -3349,26 +3297,6 @@ monitor.process.cancel_desc=Abbrechen eines Prozesses kann Datenverlust verursac
 monitor.process.cancel_notices=Abbrechen: <strong>%s</strong>?
 monitor.process.children=Subprozesse
 
-monitor.queues=Warteschlangen
-monitor.queue=Warteschlange: %s
-monitor.queue.name=Name
-monitor.queue.type=Typ
-monitor.queue.exemplar=Beispieltyp
-monitor.queue.numberworkers=Anzahl der Worker
-monitor.queue.activeworkers=Aktive Worker
-monitor.queue.maxnumberworkers=Maximale Anzahl der Worker
-monitor.queue.numberinqueue=Anzahl in der Warteschlange
-monitor.queue.review_add=Worker hinzufügen/prüfen
-monitor.queue.settings.title=Pool-Einstellungen
-monitor.queue.settings.desc=Pools wachsen dynamisch basierend auf der Blockierung der Arbeitswarteschlange.
-monitor.queue.settings.maxnumberworkers=Maximale Anzahl an Workern
-monitor.queue.settings.maxnumberworkers.placeholder=Derzeit %[1]d
-monitor.queue.settings.maxnumberworkers.error=Die Anzahl der Worker muss eine Zahl sein
-monitor.queue.settings.submit=Einstellungen aktualisieren
-monitor.queue.settings.changed=Einstellungen aktualisiert
-monitor.queue.settings.remove_all_items=Alle entfernen
-monitor.queue.settings.remove_all_items_done=Alle Elemente in der Warteschlange wurden entfernt.
-
 notices.system_notice_list=Systemmitteilungen
 notices.view_detail_header=Meldungsdetails ansehen
 notices.operations=Operationen
@@ -3516,20 +3444,6 @@ workflow.disabled=Workflow ist deaktiviert.
 
 need_approval_desc=Um Workflows für den Pull-Request eines Forks auszuführen, ist eine Genehmigung erforderlich.
 
-variables=Variablen
-variables.management=Variablen verwalten
-variables.creation=Variable hinzufügen
-variables.none=Es gibt noch keine Variablen.
-variables.deletion=Variable entfernen
-variables.deletion.description=Das Entfernen einer Variable ist dauerhaft und kann nicht rückgängig gemacht werden. Fortfahren?
-variables.description=Variablen werden an bestimmte Aktionen übergeben und können nicht anderweitig gelesen werden.
-variables.edit=Variable bearbeiten
-variables.deletion.failed=Fehler beim Entfernen der Variable.
-variables.deletion.success=Die Variable wurde entfernt.
-variables.creation.failed=Fehler beim Hinzufügen der Variable.
-variables.creation.success=Die Variable „%s“ wurde hinzugefügt.
-variables.update.failed=Fehler beim Bearbeiten der Variable.
-variables.update.success=Die Variable wurde bearbeitet.
 runs.empty_commit_message = (leere Commit-Nachricht)
 variables.id_not_exist = Variable mit ID %d existiert nicht.
 workflow.dispatch.use_from = Workflow benutzen von
@@ -3542,7 +3456,6 @@ workflow.dispatch.success = Ausführung des Workflows wurde erfolgreich angefrag
 runs.expire_log_message = Logs wurden gelöscht, weil sie zu alt waren.
 runs.no_workflows.help_write_access = Keine Ahnung, wie man mit Forgejo Actions anfangen soll? Schau im <a target="_blank" rel="noopener noreferrer" href="%s">Schnellstart in der Benutzerdokumentation</a> vorbei, um deinen ersten Workflow zu schreiben, dann <a target="_blank" rel="noopener noreferrer" href="%s">setze einen Forgejo-Runner auf</a>, um deine Jobs auszuführen.
 runs.no_workflows.help_no_write_access = Um mehr über Forgejo Actions zu erfahren, siehe <a target="_blank" rel="noopener noreferrer" href="%s">die Dokumentation</a>.
-variables.not_found = Die Variable wurde nicht gefunden.
 
 [projects]
 type-1.display_name=Individuelles Projekt
@@ -3588,9 +3501,6 @@ regexp = RegExp
 regexp_tooltip = Suchbegriff als regulären Ausdruck interpretieren
 
 [markup]
-filepreview.line = Zeile %[1]d in %[2]s
-filepreview.truncated = Vorschau wurde gekürzt
-filepreview.lines = Zeilen %[1]d bis %[2]d in %[3]s
 
 [munits.data]
 
diff --git a/options/locale/locale_el-GR.ini b/options/locale/locale_el-GR.ini
index a4c2cb14f6..4ad57c7bb5 100644
--- a/options/locale/locale_el-GR.ini
+++ b/options/locale/locale_el-GR.ini
@@ -37,18 +37,6 @@ twofa=Πιστοποίηση δύο παραγόντων
 twofa_scratch=Κωδικός μίας χρήσης (για πιστοποίηση δύο παραγόντων / 2FA)
 passcode=Κωδικός
 
-webauthn_insert_key=Εισάγετε το κλειδί ασφαλείας σας
-webauthn_sign_in=Πατήστε το κουμπί στο κλειδί ασφαλείας σας. Αν το κλειδί ασφαλείας σας δεν έχει κουμπί, αποσυνδέστε το και συνδέστε το ξανά.
-webauthn_press_button=Παρακαλώ πατήστε το κουμπί στο κλειδί ασφαλείας…
-webauthn_use_twofa=Χρησιμοποιήστε έναν κωδικό δύο παραγόντων από το τηλέφωνό σας
-webauthn_error=Δεν ήταν δυνατή η επικοινωνία με το κλειδί ασφαλείας σας.
-webauthn_unsupported_browser=Το πρόγραμμα περιήγησής σας δεν υποστηρίζει επί του παρόντος WebAuthn.
-webauthn_error_unknown=Παρουσιάστηκε ένα άγνωστο σφάλμα. Παρακαλώ προσπαθήστε ξανά.
-webauthn_error_insecure=Το WebAuthn υποστηρίζει μόνο ασφαλές συνδέσεις. Αν θέλετε να διεξάγετε δοκιμές μέσω HTTP, μπορείτε να χρησιμοποιήσετε την προέλευση «localhost» ή «127.0.0.1»
-webauthn_error_unable_to_process=Ο διακομιστής δεν μπόρεσε να επεξεργαστεί το αίτημά σας.
-webauthn_error_duplicated=Το κλειδί ασφαλείας δεν επιτρέπεται για αυτό το αίτημα. Βεβαιωθείτε ότι το κλειδί δεν έχει ήδη καταχωρηθεί.
-webauthn_error_empty=Πρέπει να ορίσετε ένα όνομα για αυτό το κλειδί.
-webauthn_error_timeout=Το χρονικό όριο έφτασε πριν το κλειδί να διαβαστεί. Παρακαλώ ανανεώστε τη σελίδα και προσπαθήστε ξανά.
 repository=Αποθετήριο
 organization=Οργανισμός
 mirror=Αντίγραφο
@@ -2935,34 +2923,6 @@ dashboard.sync_external_users=Συγχρονισμός δεδομένων εξω
 dashboard.cleanup_hook_task_table=Εκκαθάριση πίνακα hook_task
 dashboard.cleanup_packages=Εκκαθάριση ληγμένων πακέτων
 dashboard.cleanup_actions=Καθαρισμός ληγμένων καταγραφών και συνημμένων από τις δράσεις
-dashboard.server_uptime=Uptime διακομιστή
-dashboard.current_goroutine=Τρέχουσες goroutines
-dashboard.current_memory_usage=Τρέχουσα χρήση μνήμης
-dashboard.total_memory_allocated=Συνολική χρησιμοποιούμενη μνήμη
-dashboard.memory_obtained=Μνήμη που λαμβάνεται
-dashboard.pointer_lookup_times=Πλήθος αναζητήσεων δείκτη
-dashboard.memory_allocate_times=Κατανομές μνήμης
-dashboard.memory_free_times=Ελευθερώσεις μνήμης
-dashboard.current_heap_usage=Τρέχουσα χρήση heap
-dashboard.heap_memory_obtained=Μνήμη heap που λαμβάνεται
-dashboard.heap_memory_idle=Αδρανής μνήμη heap
-dashboard.heap_memory_in_use=Μνήμη heap σε χρήση
-dashboard.heap_memory_released=Μνήμη heap που απελευθερώθηκε
-dashboard.heap_objects=Αντικείμενα στο heap
-dashboard.bootstrap_stack_usage=Χρήση στοίβας bootstrap
-dashboard.stack_memory_obtained=Μνήμη στοίβας που λαμβάνεται
-dashboard.mspan_structures_usage=Χρήση δομών MSpan
-dashboard.mspan_structures_obtained=Δομές MSpan που έχουν ληφθεί
-dashboard.mcache_structures_usage=Χρήση δομών MCache
-dashboard.mcache_structures_obtained=Δομές MCache που έχουν ληφθεί
-dashboard.profiling_bucket_hash_table_obtained=Profiling bucket hash table που έχει ληφθεί
-dashboard.gc_metadata_obtained=Μεταδεδομένα GC που έχουν ληφθεί
-dashboard.other_system_allocation_obtained=Άλλες κατανομές συστήματος που έχουν ληφθεί
-dashboard.next_gc_recycle=Επόμενη ανακύκλωση GC
-dashboard.last_gc_time=Χρόνος από την τελευταία φορά που έγινε GC
-dashboard.total_gc_pause=Σύνολο παύσης GC
-dashboard.last_gc_pause=Τελευταία παύση GC
-dashboard.gc_times=Χρόνοι GC
 dashboard.delete_old_actions=Διαγραφή όλων των παλιών δραστηριοτήτων από τη βάση δεδομένων
 dashboard.delete_old_actions.started=Ξεκίνησε η διαγραφή όλων των παλιών δραστηριοτήτων από τη βάση δεδομένων.
 dashboard.update_checker=Ελεγκτής ενημερώσεων
@@ -3019,18 +2979,6 @@ users.purge_help=Εξαναγκαστική διαγραφή χρήστη καθ
 users.still_own_packages=Αυτός ο χρήστης εξακολουθεί να κατέχει ένα ή περισσότερα πακέτα, διαγράψτε αυτά τα πακέτα πρώτα.
 users.deletion_success=Ο λογαριασμός χρήστη έχει διαγραφεί.
 users.reset_2fa=Επαναφορά 2FA
-users.list_status_filter.menu_text=Φίλτρο
-users.list_status_filter.reset=Επαναφορά
-users.list_status_filter.is_active=Ενεργό
-users.list_status_filter.not_active=Ανενεργό
-users.list_status_filter.is_admin=Διαχειριστής
-users.list_status_filter.not_admin=Χωρίς δικαιώματα διαχειριστή
-users.list_status_filter.is_restricted=Περιορισμένος
-users.list_status_filter.not_restricted=Χωρίς περιορισμούς
-users.list_status_filter.is_prohibit_login=Απαγορευμένη σύνδεση
-users.list_status_filter.not_prohibit_login=Επιτρέπεται η σύνδεση
-users.list_status_filter.is_2fa_enabled=Με ενεργοποιημένο 2FA
-users.list_status_filter.not_2fa_enabled=Χωρίς 2FA
 users.details=Λεπτομέρειες χρήστη
 
 emails.email_manage_panel=Διαχείριση email χρηστών
@@ -3350,26 +3298,6 @@ monitor.process.cancel_desc=Η ακύρωση μιας διαδικασίας μ
 monitor.process.cancel_notices=Ακύρωση: <strong>%s</strong>;
 monitor.process.children=Θυγατρικές
 
-monitor.queues=Ουρές
-monitor.queue=Ουρά: %s
-monitor.queue.name=Όνομα
-monitor.queue.type=Τύπος
-monitor.queue.exemplar=Τύπος Υποδείγματος
-monitor.queue.numberworkers=Αριθμός εργατών
-monitor.queue.activeworkers=Ενεργοί εργάτες
-monitor.queue.maxnumberworkers=Μέγιστος αριθμός εργατών
-monitor.queue.numberinqueue=Πλήθος ουράς
-monitor.queue.review_add=Εξέταση / προσθήκη εργατών
-monitor.queue.settings.title=Ρυθμίσεις δεξαμενής
-monitor.queue.settings.desc=Οι δεξαμενές αυξάνονται δυναμικά όταν υπάρχει φραγή της ουράς των εργατών τους.
-monitor.queue.settings.maxnumberworkers=Μέγιστος Αριθμός Εργατών
-monitor.queue.settings.maxnumberworkers.placeholder=Αυτή τη στιγμή %[1]d
-monitor.queue.settings.maxnumberworkers.error=Ο μέγιστος αριθμός εργατών πρέπει να είναι αριθμός
-monitor.queue.settings.submit=Ενημέρωση ρυθμίσεων
-monitor.queue.settings.changed=Οι ρυθμίσεις ενημερώθηκαν
-monitor.queue.settings.remove_all_items=Αφαίρεση όλων
-monitor.queue.settings.remove_all_items_done=Όλα τα αντικείμενα στην ουρά αφαιρέθηκαν.
-
 notices.system_notice_list=Ειδοποιήσεις συστήματος
 notices.view_detail_header=Προβολή λεπτομερειών ειδοποίησης
 notices.operations=Λειτουργίες
@@ -3516,20 +3444,6 @@ workflow.disabled=Η ροή εργασιών είναι απενεργοποιη
 
 need_approval_desc=Πρέπει να εγκριθεί η εκτέλεση ροών εργασίας για pull request από fork.
 
-variables=Μεταβλητές
-variables.management=Διαχείριση μεταβλητών
-variables.creation=Προσθήκη μεταβλητή
-variables.none=Δεν υπάρχουν ακόμα μεταβλητές.
-variables.deletion=Αφαίρεση μεταβλητής
-variables.deletion.description=Η αφαίρεση μιας μεταβλητής είναι μόνιμη και δεν μπορεί να αναιρεθεί. Συνέχεια;
-variables.description=Η μεταβλητές θα δίνονται σε ορισμένες δράσεις και δεν μπορούν να διαβαστούν αλλιώς.
-variables.edit=Επεξεργασία Μεταβλητής
-variables.deletion.failed=Αποτυχία αφαίρεσης της μεταβλητής.
-variables.deletion.success=Η μεταβλητή έχει αφαιρεθεί.
-variables.creation.failed=Αποτυχία προσθήκης μεταβλητής.
-variables.creation.success=Η μεταβλητή «%s» προστέθηκε.
-variables.update.failed=Αποτυχία επεξεργασίας μεταβλητής.
-variables.update.success=Η μεταβλητή έχει τροποποιηθεί.
 variables.id_not_exist = Η μεταβλητή με id %d δεν υπάρχει.
 workflow.dispatch.trigger_found = Αυτή η ροή εργασίας έχει ένα «event trigger» <c>workflow_dispatch</c>.
 workflow.dispatch.success = Η εκτέλεση της ροής εργασίας αιτήθηκε επιτυχώς.
@@ -3541,7 +3455,6 @@ workflow.dispatch.invalid_input_type = Μη έγκυρο είδος εισόδο
 runs.no_workflows.help_write_access = Δεν γνωρίζεται πώς να ξεκινήσετε με τις Δράσεις Forgejo; Δείτε την <a target="_blank" rel="noopener noreferrer" href="%s"> γρήγορη εκκίνηση στην τεκμηρίωση χρήστη</a> για να γράψετε την πρώτη σας ροή εργασίας, στη συνέχεια <a target="_blank" rel="noopener noreferrer" href="%s"> ορίστε έναν εκτελεστή Forgejo</a> για να εκτελέσετε τις εργασίες σας.
 runs.no_workflows.help_no_write_access = Για να μάθετε για τις Δράσεις Forgejo, δείτε <a target="_blank" rel="noopener noreferrer" href="%s"> την τεκμηρίωση</a>.
 workflow.dispatch.warn_input_limit = Προβολή μόνο των πρώτων %d εισόδων.
-variables.not_found = Αποτυχία εύρεσης της μεταβλητής.
 
 [projects]
 type-1.display_name=Ατομικό έργο
@@ -3589,9 +3502,6 @@ regexp_tooltip = Ερμηνεία του όρου αναζήτησης ως κα
 [munits.data]
 
 [markup]
-filepreview.line = Γραμμή %[1]d στο αρχείο %[2]s
-filepreview.lines = Γραμμές %[1]d έως %[2]d στο αρχείο %[3]s
-filepreview.truncated = Η προεπισκόπηση έχει περικοπεί
 
 [translation_meta]
 test = ok
diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index 1fdced67c2..a74cf843e9 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -38,19 +38,6 @@ twofa = Two-factor authentication
 twofa_scratch = Two-factor scratch code
 passcode = Passcode
 
-webauthn_insert_key = Insert your security key
-webauthn_sign_in = Press the button on your security key. If your security key has no button, re-insert it.
-webauthn_press_button = Please press the button on your security key…
-webauthn_use_twofa = Use a two-factor code from your phone
-webauthn_error = Could not read your security key.
-webauthn_unsupported_browser = Your browser does not currently support WebAuthn.
-webauthn_error_unknown = An unknown error occurred. Please retry.
-webauthn_error_insecure = WebAuthn only supports secure connections. For testing over HTTP, you can use the origin "localhost" or "127.0.0.1"
-webauthn_error_unable_to_process = The server could not process your request.
-webauthn_error_duplicated = The security key is not permitted for this request. Please make sure that the key is not already registered.
-webauthn_error_empty = You must set a name for this key.
-webauthn_error_timeout = Timeout reached before your key could be read. Please reload this page and retry.
-
 repository = Repository
 new_fork = New repository fork
 new_project_column = New column
@@ -2953,34 +2940,6 @@ dashboard.sync_external_users = Synchronize external user data
 dashboard.cleanup_hook_task_table = Clean up hook_task table
 dashboard.cleanup_packages = Clean up expired packages
 dashboard.cleanup_actions = Clean up expired logs and artifacts from actions
-dashboard.server_uptime = Server uptime
-dashboard.current_goroutine = Current goroutines
-dashboard.current_memory_usage = Current memory usage
-dashboard.total_memory_allocated = Total memory allocated
-dashboard.memory_obtained = Memory obtained
-dashboard.pointer_lookup_times = Pointer lookup times
-dashboard.memory_allocate_times = Memory allocations
-dashboard.memory_free_times = Memory frees
-dashboard.current_heap_usage = Current heap usage
-dashboard.heap_memory_obtained = Heap memory obtained
-dashboard.heap_memory_idle = Heap memory idle
-dashboard.heap_memory_in_use = Heap memory in use
-dashboard.heap_memory_released = Heap memory released
-dashboard.heap_objects = Heap objects
-dashboard.bootstrap_stack_usage = Bootstrap stack usage
-dashboard.stack_memory_obtained = Stack memory obtained
-dashboard.mspan_structures_usage = MSpan structures usage
-dashboard.mspan_structures_obtained = MSpan structures obtained
-dashboard.mcache_structures_usage = MCache structures usage
-dashboard.mcache_structures_obtained = MCache structures obtained
-dashboard.profiling_bucket_hash_table_obtained = Profiling bucket hash table obtained
-dashboard.gc_metadata_obtained = GC metadata obtained
-dashboard.other_system_allocation_obtained = Other system allocation obtained
-dashboard.next_gc_recycle = Next GC recycle
-dashboard.last_gc_time = Time since last GC
-dashboard.total_gc_pause = Total GC pause
-dashboard.last_gc_pause = Last GC pause
-dashboard.gc_times = GC times
 dashboard.delete_old_actions = Delete all old activities from database
 dashboard.delete_old_actions.started = Delete all old activities from database started.
 dashboard.update_checker = Update checker
@@ -3044,18 +3003,6 @@ users.purge_help = Forcibly delete user and any repositories, organizations, and
 users.still_own_packages = This user still owns one or more packages, delete these packages first.
 users.deletion_success = The user account has been deleted.
 users.reset_2fa = Reset 2FA
-users.list_status_filter.menu_text = Filter
-users.list_status_filter.reset = Reset
-users.list_status_filter.is_active = Active
-users.list_status_filter.not_active = Inactive
-users.list_status_filter.is_admin = Admin
-users.list_status_filter.not_admin = Not admin
-users.list_status_filter.is_restricted = Restricted
-users.list_status_filter.not_restricted = Not restricted
-users.list_status_filter.is_prohibit_login = Prohibit login
-users.list_status_filter.not_prohibit_login = Allow login
-users.list_status_filter.is_2fa_enabled = 2FA enabled
-users.list_status_filter.not_2fa_enabled = 2FA disabled
 users.details = User details
 
 emails.email_manage_panel = Manage user emails
@@ -3106,13 +3053,13 @@ packages.published = Published
 
 defaulthooks = Default webhooks
 defaulthooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Forgejo events trigger. Webhooks defined here are defaults and will be copied into all new repositories. Read more in the <a target="_blank" rel="noopener" href="%s">webhooks guide</a>.
-defaulthooks.add_webhook = Add Default Webhook
-defaulthooks.update_webhook = Update Default Webhook
+defaulthooks.add_webhook = Add default webhook
+defaulthooks.update_webhook = Update default webhook
 
 systemhooks = System webhooks
 systemhooks.desc = Webhooks automatically make HTTP POST requests to a server when certain Forgejo events trigger. Webhooks defined here will act on all repositories on the system, so please consider any performance implications this may have. Read more in the <a target="_blank" rel="noopener" href="%s">webhooks guide</a>.
-systemhooks.add_webhook = Add System Webhook
-systemhooks.update_webhook = Update System Webhook
+systemhooks.add_webhook = Add system webhook
+systemhooks.update_webhook = Update system webhook
 
 auths.auth_manage_panel = Manage authentication sources
 auths.new = Add authentication source
@@ -3375,26 +3322,6 @@ monitor.process.cancel = Cancel process
 monitor.process.cancel_desc = Canceling a process may cause data loss
 monitor.process.cancel_notices = Cancel: <strong>%s</strong>?
 
-monitor.queues = Queues
-monitor.queue = Queue: %s
-monitor.queue.name = Name
-monitor.queue.type = Type
-monitor.queue.exemplar = Exemplar Type
-monitor.queue.numberworkers = Number of workers
-monitor.queue.activeworkers = Active workers
-monitor.queue.maxnumberworkers = Max Number of workers
-monitor.queue.numberinqueue = Number in queue
-monitor.queue.review_add = Review / add workers
-monitor.queue.settings.title = Pool settings
-monitor.queue.settings.desc = Pools dynamically grow in response to their worker queue blocking.
-monitor.queue.settings.maxnumberworkers = Max Number of workers
-monitor.queue.settings.maxnumberworkers.placeholder = Currently %[1]d
-monitor.queue.settings.maxnumberworkers.error = Max number of workers must be a number
-monitor.queue.settings.submit = Update settings
-monitor.queue.settings.changed = Settings updated
-monitor.queue.settings.remove_all_items = Remove all
-monitor.queue.settings.remove_all_items_done = All items in the queue have been removed.
-
 notices.system_notice_list = System notices
 notices.view_detail_header = Notice details
 notices.operations = Operations
@@ -3410,7 +3337,7 @@ notices.desc = Description
 notices.op = Op.
 notices.delete_success = The system notices have been deleted.
 
-self_check.no_problem_found = No problem found yet.
+self_check.no_problem_found = No problems found yet.
 self_check.database_collation_mismatch = Expect database to use collation: %s
 self_check.database_collation_case_insensitive = Database is using a collation %s, which is an insensitive collation. Although Forgejo could work with it, there might be some rare cases which don't work as expected.
 self_check.database_inconsistent_collation_columns = Database is using collation %s, but these columns are using mismatched collations. It might cause some unexpected problems.
@@ -3520,22 +3447,6 @@ workflow.dispatch.warn_input_limit = Only displaying the first %d inputs.
 
 need_approval_desc = Need approval to run workflows for fork pull request.
 
-variables = Variables
-variables.management = Manage variables
-variables.creation = Add variable
-variables.none = There are no variables yet.
-variables.deletion = Remove variable
-variables.deletion.description = Removing a variable is permanent and cannot be undone. Continue?
-variables.description = Variables will be passed to certain actions and cannot be read otherwise.
-variables.edit = Edit Variable
-variables.not_found = Failed to find the variable.
-variables.deletion.failed = Failed to remove variable.
-variables.deletion.success = The variable has been removed.
-variables.creation.failed = Failed to add variable.
-variables.creation.success = The variable "%s" has been added.
-variables.update.failed = Failed to edit variable.
-variables.update.success = The variable has been edited.
-
 [projects]
 deleted.display_name = Deleted project
 type-1.display_name = Individual project
@@ -3551,9 +3462,6 @@ symbolic_link = Symbolic link
 submodule = Submodule
 
 [markup]
-filepreview.line = Line %[1]d in %[2]s
-filepreview.lines = Lines %[1]d to %[2]d in %[3]s
-filepreview.truncated = Preview has been truncated
 
 [translation_meta]
 test = This is a test string. It is not displayed in Forgejo UI but is used for testing purposes. Feel free to enter "ok" to save time (or a fun fact of your choice) to hit that sweet 100% completion mark :)
diff --git a/options/locale/locale_eo.ini b/options/locale/locale_eo.ini
index a6b3a57428..be27ad3749 100644
--- a/options/locale/locale_eo.ini
+++ b/options/locale/locale_eo.ini
@@ -2,8 +2,6 @@
 tracked_time_summary = Resumo de trakita tempo bazita sur filtriloj de temolisto
 language = Lingvo
 passcode = Paskodo
-webauthn_error_timeout = Tempo elĉerpiĝis antaŭ legiĝo de via ŝlosilo. Bonvolu reenlegi la retpaĝon kaj reprovi.
-webauthn_sign_in = Premu la butonon sur via sekurŝlosilo. Se mankas butono, elprenu kaj reenmetu vian sekurŝlosilon.
 captcha = Testo de homeco
 create_new = Krei…
 licenses = Permesiloj
@@ -11,13 +9,10 @@ sign_in = Saluti
 user_profile_and_more = Profilo kaj agordoj…
 explore = Esplori
 return_to_forgejo = Reiri al Forgejo
-webauthn_error_unknown = Eraris pro nekonata kialo. Bonvolu reprovi.
 twofa = Duobla aŭtentikigo
 version = Versio
 help = Helpo
-webauthn_error_empty = Vi devas agordi nomon por la ŝlosilo.
 sign_in_or = aŭ
-webauthn_use_twofa = Uzi dumanieran salutkodon de via poŝtelefono
 page = Paĝo
 link_account = Ligi konton
 your_profile = Profilo
@@ -26,23 +21,16 @@ settings = Agordoj
 logo = Emblemo
 toc = Enhavotabelo
 admin_panel = Retejadministrado
-webauthn_unsupported_browser = Via retfoliumilo ne jam subtenas la salutmanieron WebAuthn.
-webauthn_error_insecure = La salutmaniero WebAuthn sole subtenas sekurajn konektiĝojn. Testante HTTP’e, oni uzu la retadreson «localhost» aŭ «127.0.0.1»
 new_project = Novan projekton
 notifications = Sciigoj
 repository = Deponejo
-webauthn_error = Ne povis legi vian sekurŝlosilon.
 active_stopwatch = Aktiva tempotrakilo
 organization = Organizaĵo
 sign_in_with_provider = Saluti per %s
-webauthn_error_unable_to_process = La servilo ne povis trakti vian peton.
 register = Registriĝi
 username = Uzantonomo
-webauthn_insert_key = Enmetu vian sekurŝlosilon
 password = Pasvorto
-webauthn_error_duplicated = La sekurŝlosilo ne rajtas fari tiun ĉi peton. Bonvolu certigi ke la ŝlosilo estas ne jam registrita.
 template = Ŝablono
-webauthn_press_button = Bonvolu premi la butonon sur via sekurŝlosilo…
 signed_in_as = Salutinta kiel
 sign_up = Registriĝi
 enable_javascript = Ĉi tiu retejo bezonas JavaSkripton.
@@ -772,7 +760,7 @@ enable_custom_avatar = Uzi propran profilbildon
 change_password = Ŝanĝi pasvorton
 keep_pronouns_private = Montri pronomojn nur al la aŭtentikigitaj uzantoj
 keep_pronouns_private.description = Tio maskos viajn pronomojn kontraŭ neaŭtentikigitaj vizitantoj.
-add_new_principal =
+add_new_principal = 
 gpg_token_required = Vi devas disponigi signaturon por la malsupran ĵetono
 gpg_token = Ĵetono
 gpg_token_help = Vi povas generi signaturon uzante:
@@ -962,14 +950,8 @@ runner_kind = Serĉi rulantojn…
 pull_kind = Serĉi tirpetojn…
 
 [markup]
-filepreview.truncated = La superrigardo estas mallongigita
-filepreview.line = Linio %[1]d en %[2]s
-filepreview.lines = Linioj %[1]d ĝis %[2]d en %[3]s
 
 [actions]
-variables.creation.success = La variablo "%s" estas aldonita.
-variables.update.failed = Ne eblas redakti la variablon.
-variables.update.success = La variablo estas redaktita.
 
 [projects]
 deleted.display_name = Forigita projekto
diff --git a/options/locale/locale_es-ES.ini b/options/locale/locale_es-ES.ini
index 0d37055fea..b0a9f6ce09 100644
--- a/options/locale/locale_es-ES.ini
+++ b/options/locale/locale_es-ES.ini
@@ -36,18 +36,6 @@ twofa=Autenticación de doble factor
 twofa_scratch=Código de respaldo
 passcode=Código de acceso
 
-webauthn_insert_key=Introduzca su clave de seguridad
-webauthn_sign_in=Presione el botón en su clave de seguridad. Si su clave de seguridad no tiene ningún botón, vuelva a insertarla.
-webauthn_press_button=Por favor, presione el botón en su clave de seguridad…
-webauthn_use_twofa=Utilice un código de doble factor desde su teléfono móvil
-webauthn_error=No se pudo leer su llave de seguridad.
-webauthn_unsupported_browser=Actualmente su navegador no soporta WebAuthn.
-webauthn_error_unknown=Ha ocurrido un error desconocido. Por favor, inténtelo de nuevo.
-webauthn_error_insecure=WebAuthn sólo soporta conexiones seguras. Para probar sobre HTTP, puede utilizar el origen "localhost" o "127.0.0.1"
-webauthn_error_unable_to_process=El servidor no pudo procesar su solicitud.
-webauthn_error_duplicated=La clave de seguridad no está permitida para esta solicitud. Por favor, asegúrese de que la clave no está ya registrada.
-webauthn_error_empty=Debe establecer un nombre para esta clave.
-webauthn_error_timeout=Tiempo de espera máximo alcanzado antes de que su clave pudiese ser leída. Por favor, cargue la página y vuelva a intentarlo.
 repository=Repositorio
 organization=Organización
 mirror=Réplica
@@ -2935,34 +2923,6 @@ dashboard.sync_external_users=Sincronizar datos de usuario externo
 dashboard.cleanup_hook_task_table=Limpiar la tabla hook_task
 dashboard.cleanup_packages=Limpiar paquetes caducados
 dashboard.cleanup_actions=Acciones de limpieza de registros expirados y artefactos
-dashboard.server_uptime=Tiempo de actividad del servidor
-dashboard.current_goroutine=Gorutinas actuales
-dashboard.current_memory_usage=Uso actual de memoria
-dashboard.total_memory_allocated=Total de Memoria Reservada
-dashboard.memory_obtained=Memoria obtenida
-dashboard.pointer_lookup_times=Tiempos de búsqueda de punteros
-dashboard.memory_allocate_times=Asignaciones de memoria
-dashboard.memory_free_times=Liberaciones de memoria
-dashboard.current_heap_usage=Uso actual de Heap
-dashboard.heap_memory_obtained=Memoria de Heap obtenida
-dashboard.heap_memory_idle=Memoria de Heap inactiva
-dashboard.heap_memory_in_use=Memoria de Heap en uso
-dashboard.heap_memory_released=Memoria de Heap liberada
-dashboard.heap_objects=Objetos en el Heap
-dashboard.bootstrap_stack_usage=Uso de la pila de Bootstrap
-dashboard.stack_memory_obtained=Memoria de pila obtenida
-dashboard.mspan_structures_usage=Uso de estructuras MSpan
-dashboard.mspan_structures_obtained=Estructuras MSpan obtenidas
-dashboard.mcache_structures_usage=Uso de estructuras MCache
-dashboard.mcache_structures_obtained=Estructuras MCache obtenidas
-dashboard.profiling_bucket_hash_table_obtained=Profiling bucket hash table obtenido
-dashboard.gc_metadata_obtained=Metadatos obtenidos del recolector de basura
-dashboard.other_system_allocation_obtained=Otros recursos asignados del sistema
-dashboard.next_gc_recycle=Siguiente reciclaje del recolector de basura
-dashboard.last_gc_time=Tiempo desde la última recolección de basura
-dashboard.total_gc_pause=Pausa total por el recolector de basura
-dashboard.last_gc_pause=Última pausa por el recolector de basura
-dashboard.gc_times=Ejecuciones del recolector de basura
 dashboard.delete_old_actions=Eliminar todas las actividades antiguas de la base de datos
 dashboard.delete_old_actions.started=Eliminar todas las actividades antiguas de la base de datos iniciadas.
 dashboard.update_checker=Buscador de actualizaciones
@@ -3019,18 +2979,6 @@ users.purge_help=Borrar forzosamente el usuario y cualquier repositorio, organiz
 users.still_own_packages=Este usuario todavía posee uno o más paquetes, elimina estos paquetes primero.
 users.deletion_success=La cuenta de usuario ha sido eliminada.
 users.reset_2fa=Reiniciar 2FA
-users.list_status_filter.menu_text=Filtro
-users.list_status_filter.reset=Reiniciar
-users.list_status_filter.is_active=Activo
-users.list_status_filter.not_active=Inactivo
-users.list_status_filter.is_admin=Administrador
-users.list_status_filter.not_admin=No admin
-users.list_status_filter.is_restricted=Restringido
-users.list_status_filter.not_restricted=No restringido
-users.list_status_filter.is_prohibit_login=Prohibido el inicio de sesión
-users.list_status_filter.not_prohibit_login=Permitir el inicio de sesión
-users.list_status_filter.is_2fa_enabled=2FA habilitado
-users.list_status_filter.not_2fa_enabled=2FA deshabilitado
 users.details=Detalles del usuario
 
 emails.email_manage_panel=Administrar direcciones de correo electrónico del usuario
@@ -3348,26 +3296,6 @@ monitor.process.cancel_desc=Cancelar un proceso puede ocasionar una pérdida de
 monitor.process.cancel_notices=Cancelar: <strong>%s</strong>?
 monitor.process.children=Hijos
 
-monitor.queues=Colas
-monitor.queue=Cola: %s
-monitor.queue.name=Nombre
-monitor.queue.type=Tipo
-monitor.queue.exemplar=Ejemplo
-monitor.queue.numberworkers=Número de trabajadores
-monitor.queue.activeworkers=Trabajadores activos
-monitor.queue.maxnumberworkers=Nº máx de trabajadores
-monitor.queue.numberinqueue=Número en cola
-monitor.queue.review_add=Revisar / Añadir trabajadores
-monitor.queue.settings.title=Ajustes del grupo
-monitor.queue.settings.desc=Los grupos de trabajadores crecen dinámicamente en respuesta al bloqueo de cola de sus trabajadores.
-monitor.queue.settings.maxnumberworkers=Número máximo de trabajadores
-monitor.queue.settings.maxnumberworkers.placeholder=Actualmente %[1]d
-monitor.queue.settings.maxnumberworkers.error=El número máximo de trabajadores debe ser un número
-monitor.queue.settings.submit=Actualizar ajustes
-monitor.queue.settings.changed=Ajustes actualizados
-monitor.queue.settings.remove_all_items=Eliminar todo
-monitor.queue.settings.remove_all_items_done=Todos los elementos en la cola han sido eliminados.
-
 notices.system_notice_list=Notificaciones del sistema
 notices.view_detail_header=Detalles de notificación
 notices.operations=Operaciones
@@ -3515,20 +3443,6 @@ workflow.disabled=El flujo de trabajo está deshabilitado.
 
 need_approval_desc=Necesita aprobación para ejecutar flujos de trabajo para el pull request del fork.
 
-variables=Variables
-variables.management=Gestión de variables
-variables.creation=Añadir variable
-variables.none=Aún no hay variables.
-variables.deletion=Eliminar variable
-variables.deletion.description=Eliminar una variable es permanente y no se puede deshacer. ¿Continuar?
-variables.description=Las variables se pasarán a ciertas acciones y no se podrán leer de otro modo.
-variables.edit=Editar variable
-variables.deletion.failed=No se pudo eliminar la variable.
-variables.deletion.success=La variable ha sido eliminada.
-variables.creation.failed=No se pudo agregar la variable.
-variables.creation.success=La variable "%s" ha sido añadida.
-variables.update.failed=Error al editar la variable.
-variables.update.success=La variable ha sido editada.
 variables.id_not_exist = Variable con id %d no existe.
 runs.empty_commit_message = (mensaje de commit vacío)
 runs.expire_log_message = Los registros han sido eliminados porque eran demasiado antiguos.
@@ -3536,7 +3450,6 @@ workflow.dispatch.run = Correr flujo de trabajo
 workflow.dispatch.use_from = Usar el flujo de trabajo de
 workflow.dispatch.invalid_input_type = Tipo de entrada inválida "%s".
 workflow.dispatch.success = La ejecución del flujo de trabajo se ha solicitado correctamente.
-variables.not_found = No se ha encontrado la variable.
 workflow.dispatch.input_required = Se requiere valor para la entrada "%s".
 workflow.dispatch.trigger_found = Este flujo de trabajo tiene un disparador de eventos <c>workflow_dispatch</c>.
 workflow.dispatch.warn_input_limit = Sólo se muestran las primeras %d entradas.
@@ -3587,9 +3500,6 @@ regexp_tooltip = Interpretar los términos de búsqueda como una expresión regu
 regexp = Expresión Regular
 
 [markup]
-filepreview.lines = Líneas %[1]d a %[2]d en %[3]s
-filepreview.line = Línea %[1]d en %[2]s
-filepreview.truncated = La vista previa se ha truncado
 
 [repo.permissions]
 pulls.read = <b>Lectura:</b> Leer y crear pull requests.
diff --git a/options/locale/locale_et.ini b/options/locale/locale_et.ini
index 7bb17324b8..6b3374ce4c 100644
--- a/options/locale/locale_et.ini
+++ b/options/locale/locale_et.ini
@@ -26,8 +26,6 @@ enable_javascript = See veebileht eeldab JavaScripti kasutamise lubamist.
 toc = Sisukord
 licenses = Litsentsid
 username = Kasutajanimi
-webauthn_error_unable_to_process = Server ei saanud sinu päringut töödelda.
-webauthn_error_duplicated = Turvavõti ei ole selle päringu puhul lubatud. Palun veendu, et võti ei ole juba registreeritud.
 return_to_forgejo = Tagasi Forgejo'sse
 toggle_menu = Lülita menüü sisse/välja
 more_items = Rohkem objekte
@@ -38,16 +36,6 @@ re_type = Kinnita salasõna
 twofa = Kahefaktoriline autentimine
 twofa_scratch = Kahefaktoriline kriipsukood
 passcode = Salakood
-webauthn_insert_key = Sisesta oma turvavõti
-webauthn_sign_in = Vajuta turvavõtme nuppu. Kui sinu turvavõtmel ei ole nuppu, sisesta see uuesti.
-webauthn_press_button = Palun vajuta turvavõtme nuppu…
-webauthn_use_twofa = Sisesta oma telefonist kahefaktorilise autentimise kood
-webauthn_error = Sinu turvavõtit ei saanud lugeda.
-webauthn_unsupported_browser = Sinu veebibrauser ei toeta praegu WebAuthn-liidestust.
-webauthn_error_unknown = Tekkis tundmatu viga. Palun proovi uuesti.
-webauthn_error_insecure = WebAuthn toetab ainult turvalisi ühendusi. HTTP kaudu testimiseks võid kasutada lähteaadressina „localhost“ või „127.0.0.1“
-webauthn_error_empty = Palun lisa sellele võtmele täisnimi.
-webauthn_error_timeout = Päring aegus enne võtme lugemist. Palun laadi see lehekülg uuesti ja proovi uuesti.
 repository = Hoidla
 organization = Organisatsioon
 new_fork = Uus lähekoodihoidla haru
@@ -555,11 +543,6 @@ template.git_content = Giti sisu (vaikimisi alamharu)
 mirror_denied_combination = Salasõnapõhist ja avaliku võtme põhist autentimist ei saa samal ajal kasutada.
 
 [actions]
-variables = Muutujad
-variables.deletion = Eemalda muutuja
-variables.creation = Lisa muutuja
-variables.none = Muutujaid veel pole.
-variables.management = Halda muutujaid
 
 [admin]
 users.password_helper = Kui sa ei taha salasõna muuta, siis jäta väli tühjaks.
diff --git a/options/locale/locale_eu.ini b/options/locale/locale_eu.ini
index cb4fe075f7..af0a54e418 100644
--- a/options/locale/locale_eu.ini
+++ b/options/locale/locale_eu.ini
@@ -33,18 +33,6 @@ captcha = CAPTCHA
 twofa = Bi faktoreko autentifikazioa
 twofa_scratch = Bi faktoreko marradura-kodea
 passcode = Pasakodea
-webauthn_insert_key = Sartu zure segurtasun-gakoa
-webauthn_sign_in = Sakatu botoia zure segurtasun-gakoan. Zure segurtasun-gakoak ez badu botoirik, sartu berriro.
-webauthn_press_button = Mesedez, sakatu botoia zure segurtasun-gakoan…
-webauthn_use_twofa = Erabili zure telefonoko bi faktoreko kodea
-webauthn_error = Ezin izan da irakurri zure segurtasun-gakoa.
-webauthn_unsupported_browser = Zure nabigatzaileak ez du WebAuthn onartzen.
-webauthn_error_unknown = Akats ezezagun bat gertatu da. Mesedez, saiatu berriro.
-webauthn_error_insecure = WebAuthnek konexio seguruak baino ez ditu onartzen. HTTP bidez probatzeko, "localhost" edo "127.0.0.1" jatorria erabil daiteke
-webauthn_error_unable_to_process = Zerbitzariak ezin izan du zure eskaera prozesatu.
-webauthn_error_duplicated = Segurtasun-gakorik ez da onartzen eskaera honetarako. Mesedez, ziurtatu giltza ea dagoela erregistratuta.
-webauthn_error_empty = Gako honetarako izen bat jarri behar duzu.
-webauthn_error_timeout = Zure gakoa irakurri aurretik denbora-muga gainditu da. Kargatu berriro orrialde hau eta saiatu berriro.
 repository = Biltegia
 new_fork = Biltegi-adar berria
 new_project_column = Zutabe berria
diff --git a/options/locale/locale_fa-IR.ini b/options/locale/locale_fa-IR.ini
index 177970e7e3..bf358b8a8d 100644
--- a/options/locale/locale_fa-IR.ini
+++ b/options/locale/locale_fa-IR.ini
@@ -98,10 +98,6 @@ name=نام
 logo = نشان
 sign_in_with_provider = ورود با %s
 enable_javascript = این وب‌گاه به جاوا اسکریپت نیاز دارد.
-webauthn_press_button = لطفاً دکمۀ روی کلید امنیتی را فشار دهید…
-webauthn_unsupported_browser = مرورگر شما در حال حاضر از WebAuthn پشتیبانی نمی‌کند.
-webauthn_error_unknown = خطایی ناشناخته رخ داد. لطفاً دوباره سعی کنید.
-webauthn_error_unable_to_process = کارساز نتوانست درخواست شما را پردازش کند.
 new_project_column = ستون جدید
 retry = سعی دوباره
 rerun = اجرای دوباره
@@ -113,17 +109,10 @@ locked = قفل شده
 copy_hash = رونوشت هش
 unknown = نامشخص
 copy_type_unsupported = این نوع از فایل نمی‌تواند رونوشت شود
-webauthn_insert_key = کلید امنیتی خود را وارد کنید
-webauthn_sign_in = دکمۀ روی کلید امنیتی را فشار دهید. اگر کلید امنیتی شما دکمه‌ای ندارد، آن را دوباره وارد کنید.
-webauthn_use_twofa = از یک کد دومرحله‌ای از تلفنتان استفاده کنید
-webauthn_error = کلید امنیتی شما نتوانست خوانده شود.
 more_items = موارد بیشتر
-webauthn_error_duplicated = کلید امنیتی برای این درخواست مجاز نیست. لطفاً مطمئن شوید که این کلید در حال حاضر ثبت نشده است.
-webauthn_error_timeout = مهلت زمانی قبل از اینکه کلید شما خوانده شود تمام شد. لطفاً این صفحه را تازه‌سازی کرده و مجدد تلاش کنید.
 new_org.link = سازمان جدید
 new_org.title = سازمان جدید
 new_migrate.link = مهاجرت جدید
-webauthn_error_empty = شما باید یک نام برای این کلید انتخاب کنید.
 new_repo.title = مخزن جدید
 new_migrate.title = مهاجرت جدید
 new_repo.link = مخزن جدید
@@ -155,7 +144,6 @@ filter.not_archived = بایگانی نشده
 copy_content = رونوشت درون‌مایه
 invalid_data = داده نامعتبر: %v
 copy_generic = رونوشت در بریده‌دان
-webauthn_error_insecure = احرازوب فقط از روش‌های ایمن ممکن است. برای آزمودن بر روی اچ‌تی‌تی‌پی می‌توانید از «میزبان‌محلی» یا «۱۲۷.۰.۰.۱» استفاده کنید.
 show_log_seconds = نمایش ثانیه‌ها
 confirm_delete_selected = تایید می‌کنید که همه موارد گزینش شده حذف شوند؟
 filter.clear = پاک‌کردن پالایه‌ها
@@ -2100,34 +2088,6 @@ dashboard.resync_all_hooks=همگام سازی مجدد hook های pre-receive
 dashboard.reinit_missing_repos=تمامی مخازنی که سوابقشان وجود دارند مجدداً گیت آنها مفقود شده است مجدداً مقدمات آنها فراهم شود
 dashboard.sync_external_users=همگام سازی اطلاعات کاربر خارجی
 dashboard.cleanup_hook_task_table=جدول hook_task تمیز کردن
-dashboard.server_uptime=فعالیت بی‌وقفه سرور
-dashboard.current_goroutine=Goroutine های فعلی
-dashboard.current_memory_usage=میزان مصرف فعلی از حافظه
-dashboard.total_memory_allocated=کل حافظه اختصاص داده شده
-dashboard.memory_obtained=حافظه به دست آمده
-dashboard.pointer_lookup_times=اشاره‌گر زمان‌های جستجو
-dashboard.memory_allocate_times=تخصیص یافتن حافظه
-dashboard.memory_free_times=آزادسازی حافظه
-dashboard.current_heap_usage=میزان مصرف توده فعلی
-dashboard.heap_memory_obtained=حافظه به دست آمده برای توده
-dashboard.heap_memory_idle=بیکار بوده حافظه توده
-dashboard.heap_memory_in_use=حافظه توده در حال استفاده
-dashboard.heap_memory_released=حافظه توده آزاد شد
-dashboard.heap_objects=شی توده یا Heap
-dashboard.bootstrap_stack_usage=میزان استفاده از پشته توسط راهنداز
-dashboard.stack_memory_obtained=حافظه پشته به دست آمده
-dashboard.mspan_structures_usage=میزان استفاده‌ی ساختار های MSpan
-dashboard.mspan_structures_obtained=ساختار های MSpan به دست آمده
-dashboard.mcache_structures_usage=میزان استفاده از ساختار های MCache
-dashboard.mcache_structures_obtained=ساختار های MCache به دست آمده
-dashboard.profiling_bucket_hash_table_obtained=Profiling Bucket Hash Table به دست آمده
-dashboard.gc_metadata_obtained=متادیتاهای بدست امده از GC
-dashboard.other_system_allocation_obtained=تخصیص های حافظه در سایر قسمت های سیستم
-dashboard.next_gc_recycle=بازیافت GC بعدی
-dashboard.last_gc_time=زمان از آخرین GC
-dashboard.total_gc_pause=کل زمان مکث GC
-dashboard.last_gc_pause=واپسین مکث در GC
-dashboard.gc_times=زمان های GC
 dashboard.delete_old_actions=تمام اقدامات قدیمی را از پایگاه داده حذف کنید
 dashboard.delete_old_actions.started=حذف تمام اقدامات قدیمی از پایگاه داده شروع شده است.
 
@@ -2167,19 +2127,6 @@ users.still_own_repo=این کاربر هنوز صاحب یک یا چند مخز
 users.still_has_org=این کاربر عضو یک سازمان است. ابتدا کاربر را از هر سازمان متعلق حذف کنید.
 users.deletion_success=حساب کاربری حذف شد.
 users.reset_2fa=2FA را بازنشانی کنید
-users.list_status_filter.menu_text=فیلتر
-users.list_status_filter.reset=شروع دوباره
-users.list_status_filter.is_active=فعال
-users.list_status_filter.not_active=غیرفعال
-users.list_status_filter.is_admin=ادمین
-users.list_status_filter.not_admin=غیرادمین
-users.list_status_filter.is_restricted=محصور
-users.list_status_filter.not_restricted=محدود نشده است
-users.list_status_filter.is_prohibit_login=ورود را ممنوع شود
-users.list_status_filter.not_prohibit_login=اجازه ورود
-users.list_status_filter.is_2fa_enabled=2FA فعال است
-users.list_status_filter.not_2fa_enabled=2FA غیرفعال است
-
 emails.email_manage_panel=مدیریت ایمیل کاربر
 emails.primary=اولیه
 emails.activated=فعال شده
@@ -2447,20 +2394,6 @@ monitor.process.cancel_desc=لغو کردن یک فرآیند ممکن است ب
 monitor.process.cancel_notices=لغو: <strong>%s</strong>؟
 monitor.process.children=فرزندان
 
-monitor.queues=صف ها
-monitor.queue=صف: %s
-monitor.queue.name=نام
-monitor.queue.type=نوع
-monitor.queue.exemplar=نوع نمونه
-monitor.queue.numberworkers=تعداد کارگران
-monitor.queue.maxnumberworkers=بیشینه تعداد کارگران
-monitor.queue.settings.title=تنظیمات استخر
-monitor.queue.settings.maxnumberworkers=بیشینه تعداد کارگران
-monitor.queue.settings.maxnumberworkers.placeholder=در حال حاضر %[1]v
-monitor.queue.settings.maxnumberworkers.error=حداکثر تعداد کارگران باید یک عدد باشد
-monitor.queue.settings.submit=بالا بردن ساماندهی
-monitor.queue.settings.changed=تنظیمات تازه شد
-
 notices.system_notice_list=هشدارهای سامانه
 notices.view_detail_header=مشاهده جزئیات اخطار
 notices.select_all=انتخاب همه
@@ -2548,19 +2481,6 @@ owner.settings.cleanuprules.enabled=فعال شده
 [secrets]
 
 [actions]
-variables.edit = تغییر متغیر
-variables.deletion.success = متغیر حذف شد.
-variables.deletion = حذف متغیر
-variables.creation.success = متغیر "%s" ایجاد شد.
-variables = متغیرها
-variables.management = مدیریت متغیرها
-variables.update.failed = عدم موفقیت در تغییر متغیر
-variables.update.success = تغییر متغیر با موفقیت انجام شد.
-variables.creation = افزودن متغیر
-variables.none = هیچ متغیری هنوز وجود ندارد.
-
-
-
 
 [projects]
 type-1.display_name = پروژه ی مستقل
diff --git a/options/locale/locale_fi-FI.ini b/options/locale/locale_fi-FI.ini
index 8ac50b8437..5e89ce5b5d 100644
--- a/options/locale/locale_fi-FI.ini
+++ b/options/locale/locale_fi-FI.ini
@@ -33,18 +33,6 @@ twofa=Kaksivaiheinen todennus
 twofa_scratch=Kaksivaiheinen kertakäyttöinen koodi
 passcode=Pääsykoodi
 
-webauthn_insert_key=Aseta turva-avaimesi
-webauthn_sign_in=Paina turva-avaimesi painiketta. Jos turva-avaimessasi ei ole painiketta, irrota se ja aseta uudelleen.
-webauthn_press_button=Paina turva-avaimesi painiketta…
-webauthn_use_twofa=Käytä kaksivaihesta todennusta puhelimestasi
-webauthn_error=Turva-avainta ei voitu lukea.
-webauthn_unsupported_browser=Selaimesi ei tällä hetkellä tue WebAuthnia.
-webauthn_error_unknown=Tuntematon virhe. Yritä uudelleen.
-webauthn_error_insecure=WebAuthn tukee vain turvallisia yhteyksiä. Testaamista varten HTTP-välityksellä voit käyttää alkuperää "localhost" tai "127.0.0.1"
-webauthn_error_unable_to_process=Palvelin ei pystynyt käsittelemään pyyntöä.
-webauthn_error_duplicated=Turva-avainta ei ole sallittu tässä pyynnössä. Varmista, ettei avainta ole jo rekisteröity.
-webauthn_error_empty=Sinun täytyy asettaa nimi tälle avaimelle.
-webauthn_error_timeout=Aikakatkaisu ennen kuin avaintasi voitiin lukea. Lataa tämä sivu uudelleen ja yritä uudelleen.
 repository=Tietovarasto
 organization=Organisaatio
 mirror=Peili
@@ -2716,33 +2704,6 @@ dashboard.operation_switch=Vaihda
 dashboard.operation_run=Suorita
 dashboard.delete_inactive_accounts=Poista kaikki aktivoimattomat tilit
 dashboard.delete_repo_archives=Poista kaikki tietovarastojen arkistot (ZIP, TAR.GZ, jne.)
-dashboard.server_uptime=Palvelimen uptime
-dashboard.current_goroutine=Nykyiset goroutinet
-dashboard.current_memory_usage=Nykyinen muistinkäyttö
-dashboard.total_memory_allocated=Yhteensä muistia varattu
-dashboard.memory_obtained=Muistia saatu
-dashboard.pointer_lookup_times=Osoittimen hakuajat
-dashboard.current_heap_usage=Nykyinen heapin käyttö
-dashboard.heap_memory_obtained=Heap-muisti saatu
-dashboard.heap_memory_idle=Heap-muisti tyhjäkäynnillä
-dashboard.heap_memory_in_use=Heap-muisti käytössä
-dashboard.heap_memory_released=Heap-muisti vapautettu
-dashboard.heap_objects=Heap-objektit
-dashboard.bootstrap_stack_usage=Bootstrap-pinon käyttö
-dashboard.stack_memory_obtained=Pinonmuisti saatu
-dashboard.mspan_structures_usage=MSpan-rakenteiden käyttö
-dashboard.mspan_structures_obtained=MSpan-rakenteet saatu
-dashboard.mcache_structures_usage=MCache-rakenteiden käyttö
-dashboard.mcache_structures_obtained=MCache-rakenteet saatu
-dashboard.profiling_bucket_hash_table_obtained=Profilointiämpäritiivistetaulukko saatu
-dashboard.gc_metadata_obtained=Roskienkeruumetatiedot saatu
-dashboard.other_system_allocation_obtained=Muu järjestestelmän varaus saatu
-dashboard.next_gc_recycle=Seuraava roskienkeruukierrätys
-dashboard.last_gc_time=Aika edellisestä roskienkeruusta
-dashboard.total_gc_pause=Yhteensä roskienkeruutauko
-dashboard.last_gc_pause=Viimeinen roskienkeruutauko
-dashboard.gc_times=Roskienkeruuajat
-
 users.user_manage_panel=Käyttäjätilien hallinta
 users.new_account=Luo käyttäjätili
 users.name=Käyttäjänimi
@@ -2770,19 +2731,6 @@ users.allow_git_hook=Voi luoda Git-koukkuja
 users.allow_create_organization=Voi luoda organisaatioita
 users.update_profile=Päivitä käyttäjätili
 users.delete_account=Poista käyttäjätili
-users.list_status_filter.menu_text=Suodata
-users.list_status_filter.reset=Tyhjennä
-users.list_status_filter.is_active=Aktiivinen
-users.list_status_filter.not_active=Ei-aktiivinen
-users.list_status_filter.is_admin=Ylläpitäjä
-users.list_status_filter.not_admin=Ei ylläpitäjä
-users.list_status_filter.is_restricted=Rajoitettu
-users.list_status_filter.not_restricted=Ei rajoitettu
-users.list_status_filter.is_prohibit_login=Kirjautuminen estetty
-users.list_status_filter.not_prohibit_login=Kirjautuminen sallittu
-users.list_status_filter.is_2fa_enabled=2FA käytössä
-users.list_status_filter.not_2fa_enabled=2FA ei käytössä
-
 emails.email_manage_panel=Käyttäjien sähköpostien hallinta
 emails.primary=Ensisijainen
 emails.activated=Aktivoitu
@@ -2937,12 +2885,6 @@ monitor.desc=Kuvaus
 monitor.start=Alkamisaika
 monitor.execute_time=Suoritusaika
 
-monitor.queues=Jonot
-monitor.queue=Jono: %s
-monitor.queue.name=Nimi
-monitor.queue.type=Tyyppi
-monitor.queue.settings.submit=Päivitä asetukset
-
 notices.system_notice_list=Järjestelmän ilmoitukset
 notices.select_all=Valitse kaikki
 notices.deselect_all=Poista kaikki valinnat
@@ -2972,7 +2914,6 @@ users.new_success = Käyttäjätili "%s" on luotu.
 config.disable_register = Poista itserekisteröinti käytöstä
 config.enable_openid_signin = Ota OpenID-kirjautuminen käyttöön
 config.enable_openid_signup = Ota OpenID-itserekisteröinti käyttöön
-monitor.queue.settings.changed = Asetukset päivitetty
 config.db_schema = Skeema
 settings = Ylläpitäjän asetukset
 emails.delete = Poista sähköpostiosoite
@@ -2995,7 +2936,6 @@ auths.oauth2_provider = OAuth2-palveluntarjoaja
 auths.tips.gmail_settings = Gmail-asetukset:
 config.mailer_sendmail_path = Sendmail-polku
 config_settings = Asetukset
-monitor.queue.settings.remove_all_items = Poista kaikki
 config.skip_tls_verify = Ohita TLS-vahvistus
 dashboard.new_version_hint = Forgejo %s on nyt saatavilla. Käytössäsi on %s. Lue lisätietoja <a target="_blank" rel="noreferrer" href="%s">blogista</a>.
 defaulthooks.add_webhook = Lisää oletusarvoinen webkoukku
@@ -3097,7 +3037,6 @@ dashboard.update_checker = Päivitysten tarkistaja
 auths.allowed_domains_helper = Jätä tyhjäksi salliaksesi kaikki verkkotunnukset. Erota useat verkkotunnukset pilkulla (",").
 auths.activated = Tämä todennuslähde on aktivoitu
 auths.login_source_of_type_exist = Tätä tyyppiä oleva todennuslähde on jo olemassa.
-dashboard.memory_allocate_times = Muistiallokaatiot
 users.send_register_notify = Ilmoita rekisteröitymisestä sähköpostitse
 config.offline_mode = Paikallinen tila
 config.cache_item_ttl = Välimuistitietueen TTL
@@ -3128,14 +3067,12 @@ monitor.process.cancel_notices = Perutaanko: <strong>%s</strong>?
 config.enable_federated_avatar = Ota federoidut profiilikuvat käyttöön
 notices.operations = Toimenpiteet
 config.xorm_log_sql = Lokita SQL
-monitor.queue.settings.remove_all_items_done = Kaikki jonossa olleet tietueet on poistettu.
 config.logger_name_fmt = Lokittaja: %s
 config.git_max_diff_line_characters = Diff-merkkejä enintään riviä kohden
 config.git_max_diff_files = Diff-tiedostoja enintään näytettäväksi
 config.access_log_mode = Pääsylokin tila
 config.picture_config = Kuvan ja avatarin asetukset
 notices.delete_success = Järjestelmäilmoitukset on poistettu.
-monitor.queue.settings.maxnumberworkers.placeholder = Tällä hetkellä %[1]d
 auths.force_smtps_helper = SMTPS:ää käytetään aina portissa 465. Aseta tämä pakottaaksesi SMTPS toisiin portteihin. (Muuten STARTTLS:ää käytetään toisiin portteihin, jos palvelin tukee sitä.)
 dashboard.resync_all_sshprincipals = Päivitä ".ssh/authorized_principals"-tiedosto Forgejon SSH-prinsipaaleilla.
 auths.verify_group_membership = Vahvista ryhmäjäsenyys LDAP:issa (jätä suodatin tyhjäksi ohittaaksesi)
@@ -3225,24 +3162,10 @@ creation.value_placeholder = Syötä mitä tahansa sisältöä. Tyhjätila aluss
 
 [actions]
 runs.empty_commit_message = (tyhjä kommittiviesti)
-variables.deletion = Poista muuttuja
 workflow.dispatch.input_required = Arvo syötteelle "%s" vaadittu.
-variables.description = Muuttujat asetetaan tietyille toiminnoille eikä niitä voida lukea muutoin.
-variables.none = Ei muuttujia vielä.
-variables.deletion.description = Muuttujan poistaminen on lopullista, eikä sitä voi perua. Jatketaanko?
 workflow.dispatch.invalid_input_type = Syötetyyppi "%s" ei kelpaa.
 workflow.dispatch.warn_input_limit = Näytetään vain ensimmäiset %d syötettä.
-variables = Muuttujat
-variables.management = Hallitse muuttujia
-variables.creation = Lisää muuttuja
 runs.expire_log_message = Lokitiedostot on tyhjätty vanhenemisen vuoksi.
-variables.deletion.success = Muuttuja poistettu.
-variables.edit = Muokkaa muuttujaa
-variables.creation.success = Muuttuja "%s" lisätty.
-variables.deletion.failed = Muuttujan poisto epäonnistui.
-variables.creation.failed = Muuttujan lisäys epäonnistui.
-variables.update.failed = Muuttujan muokkaus epäonnistui.
-variables.update.success = Muuttuja muokattu.
 variables.id_not_exist = Muuttujaa tunnisteella %d ei ole olemassa.
 workflow.dispatch.run = Suorita työnkulku
 workflow.enable = Ota työnkulku käyttöön
@@ -3253,7 +3176,6 @@ workflow.disable_success = Työnkulku "%s" on poistettu käytöstä.
 unit.desc = Hallitse integroituja CI-/CD-putkia Forgejo Actionsia hyödyntäen.
 runs.no_workflows.help_no_write_access = Lisätietoja Forgejo Actionsista on saatavilla <a target="_blank" rel="noopener noreferrer" href="%s">dokumentaatiosta</a>.
 runs.no_runs = Työnkululla ei ole vielä suorituksia.
-variables.not_found = Muuttujaa ei löytynyt.
 runs.no_workflows.help_write_access = Etkö tiedä, miten aloittaa Forgejo Actionsin käyttö? Lue <a target="_blank" rel="noopener noreferrer" href="%s">pikaopas</a> kirjoittaaksesi ensimmäisen työnkulun, sen jälkeen <a target="_blank" rel="noopener noreferrer" href="%s">määritä Forgejo-ajaja</a> suorittamaan asettamiasi töitä.
 workflow.dispatch.success = Työnkulun suoritusta pyydettiin onnistuneesti.
 workflow.dispatch.trigger_found = Tällä työnkululla on <c>workflow_dispatch</c>-tapahtumaliipaisin.
@@ -3314,7 +3236,6 @@ projects.read = <b>Lue:</b> Pääsy tietovaraston projektitauluille.
 wiki.write = <b>Kirjoita:</b> Luo, päivitä ja poista integroidun wikin sivuja.
 
 [markup]
-filepreview.truncated = Esikatselu on typistetty
 
 [translation_meta]
 test = Tämä on testimerkkijono. Sitä ei näytetä Forgejo-käyttöliittymässä, mutta sitä käytetään testaustarkoituksiin. Voit vapaasti kirjoittaa "selvä" säästääksesi aikaa (tai käyttää hauskaa faktaa) ja saavuttaaksesi sen makean 100 %:n valmistumisrajan :)
\ No newline at end of file
diff --git a/options/locale/locale_fil.ini b/options/locale/locale_fil.ini
index e63c5f0307..68a6efddee 100644
--- a/options/locale/locale_fil.ini
+++ b/options/locale/locale_fil.ini
@@ -43,9 +43,6 @@ sign_up = Magrehistro
 link_account = Mag-link ng account
 template = Template
 tracked_time_summary = Buod ng mga nakasubaybay na oras base sa filter ng listahan ng isyu
-webauthn_sign_in = Pindutin ang button ng iyong security key. Kung walang button ang iyong security key, ilagay muli.
-webauthn_error_insecure = Sinusuportahan lamang ng WebAuthn ang mga secure na koneksyon. Para sa pagsubok sa HTTP, pwede mo gamitin ang origin na "localhost" o "127.0.0.1"
-webauthn_error_timeout = Naabot ang timeout bago mabasa ang iyong key. Mangyaring i-reload ang page na ito at subukan muli.
 view = Itignan
 disabled = Naka-disable
 copy_url = Kopyahin ang URL
@@ -64,15 +61,6 @@ re_type = Kumpirmahin ang password
 captcha = CAPTCHA
 twofa = Authentikasyong two-factor
 passcode = Passcode
-webauthn_insert_key = Ilagay ang iyong security key
-webauthn_press_button = Pindutin ang button ng iyong security key…
-webauthn_use_twofa = Gumamit ng two-factor code galing sa iyong telepono
-webauthn_error = Hindi mabasa ang iyong security key.
-webauthn_unsupported_browser = Kasalukuyang hindi sinusuportahan ng iyong browser ang WebAuthn.
-webauthn_error_unknown = May nangyaring hindi alam na error. Magyaring subukan muli.
-webauthn_error_unable_to_process = Hindi maproseso ng server ang iyong hiling.
-webauthn_error_duplicated = Hindi pinapayagan ang security key na ito para sa hiling na ito. Mangyaring siguraduhin na ang key na ito ay hindi ito nakarehistro na.
-webauthn_error_empty = Kailangan mong maglapat ng pangalan para sa key na ito.
 repository = Repositoryo
 organization = Organisasyon
 mirror = Salamin
@@ -2685,7 +2673,6 @@ emails.updated = Napalitan na ang email
 emails.not_updated = Nabigong baguhin ang hinihiling na email address: %v
 monitor.next = Susunod na oras
 monitor.last_execution_result = Resulta
-dashboard.last_gc_time = Oras noong huling GC
 users.last_login = Huling nag sign-in
 first_page = Una
 last_page = Huli
@@ -2704,8 +2691,6 @@ config_settings = Mga setting
 dashboard.statistic = Buod
 dashboard.task.error = Error sa Utos: %[1]s: %[3]s
 users.full_name = Buong pangalan
-users.list_status_filter.menu_text = Isaasyos
-users.list_status_filter.not_2fa_enabled = Naka-disable ang 2FA
 users.never_login = Hindi nag-sign in kailanman
 dashboard.system_status = Status ng sistema
 dashboard.operation_switch = Palitan
@@ -2731,20 +2716,6 @@ dashboard.resync_all_hooks = I-resychronize ang mga Git hook ng lahat ng mga rep
 dashboard.cleanup_hook_task_table = Linisin ang hook_task table
 dashboard.cleanup_packages = Linisin ang mga na-expire na package
 dashboard.cleanup_actions = Linisin ang mga nag-expire na log at artifact mula sa mga aksyon
-dashboard.server_uptime = Uptime ng server
-dashboard.current_goroutine = Mga kasalukuyang goroutine
-dashboard.total_memory_allocated = Kabuuan na na-allocate na memory
-dashboard.memory_obtained = Mga nakuhang memory
-dashboard.pointer_lookup_times = Oras ng pointer lookup
-dashboard.memory_free_times = Mga memory free
-dashboard.current_heap_usage = Kasalukuyang paggamit ng heap
-dashboard.heap_memory_obtained = Nakuhang heap memory
-dashboard.heap_memory_idle = Idle ng heap memory
-dashboard.heap_objects = Mga heap object
-dashboard.bootstrap_stack_usage = Paggamit ng bootstrap stack
-dashboard.stack_memory_obtained = Nakuhang stack memory
-dashboard.profiling_bucket_hash_table_obtained = Mga nakuhang profiling bucket hash table
-dashboard.gc_metadata_obtained = Nakuhang GC metadata
 dashboard.delete_old_actions = Burahin ang lahat ng mga lumang aktibidad mula sa database
 dashboard.stop_endless_tasks = Itigil ang mga hindi natatapos na aksyon ng task
 dashboard.cancel_abandoned_jobs = Kanselahin ang mga naiwang aksyon ng trabaho
@@ -2763,16 +2734,7 @@ users.update_profile = I-update ang user account
 users.delete_account = Burahin ang user account
 users.cannot_delete_self = Hindi mo maaaring burahin ang sarili mo
 users.still_own_repo = Ang user na ito ay nagmamay-ari pa ng isa o higit pang mga repositoryo. Burahin o ilipat sila muna.
-users.list_status_filter.is_active = Aktibo
-users.list_status_filter.not_active = Hindi aktibo
-users.list_status_filter.is_admin = Tagapangasiwa
-users.list_status_filter.not_admin = Hindi tagapangasiwa
-users.list_status_filter.is_restricted = Pinaghihigpitan
-users.list_status_filter.is_prohibit_login = Pinagbawalan ang pag-login
-users.list_status_filter.not_prohibit_login = Pinapayagan ang pag-login
-users.list_status_filter.is_2fa_enabled = Naka-enable ang 2FA
 users.details = Mga detalye ng user
-dashboard.memory_allocate_times = Mga allocation ng memory
 users.edit = I-edit
 users = Mga user account
 organizations = Mga organisasyon
@@ -2805,13 +2767,7 @@ dashboard.reinit_missing_repos = Muling pagsasaayos ng lahat ng nawawalang mga r
 users.allow_git_hook_tooltip = Ang mga Git hook ay tinatakbo bilang OS user na tinatakbo ang Forgejo at may katulad na level ng pag-access ng host. Bilang isang resulta, ang mga gumagamit na may espesyal na pribilehiyo ng Git hook na ito ay maaaring ma-access at baguhin ang lahat ng mga repositori ng Forgejo pati na rin ang database na ginamit ng Forgejo. Dahil dito nakakamit din nila ang mga pribilehiyo ng Forgejo Administrator.
 dashboard.delete_repo_archives = Burahin ang lahat ng mga archive ng mga repositoryo (ZIP, TAR.GZ, atbp..)
 dashboard.sync_external_users = I-synchronize ang panlabas na user data
-dashboard.heap_memory_released = Mga na-release na heap memory
-dashboard.other_system_allocation_obtained = Ibang allocation ng sistema na nakuha
 users.allow_git_hook = Makakagawa ng mga Git hook
-dashboard.current_memory_usage = Kasalukuyang paggamit ng memory
-dashboard.gc_times = Mga oras ng GC
-users.list_status_filter.reset = I-reset
-users.list_status_filter.not_restricted = Hindi pinaghihigpitan
 config_summary = Buod
 dashboard.new_version_hint = Available na ang Forgejo %s, tumatakbo ka ng %s. Suriin ang <a target="_blank" rel="noreferrer" href="%s">blog</a> para sa karagdagang detalye.
 dashboard.operations = Mga operasyon ng pagpapanatili
@@ -2823,11 +2779,6 @@ dashboard.sync_repo_tags = I-sync ang mga tag mula sa Git data sa database
 dashboard.update_mirrors = I-update ang mga mirror
 dashboard.repo_health_check = Suriin ang kalusugan ng lahat ng mga repositoryo
 dashboard.check_repo_stats = Suriin ang lahat ng istatistika ng repositoryo
-dashboard.mspan_structures_usage = Paggamit ng MSpan structure
-dashboard.mspan_structures_obtained = Mga nakuhang MSpan structure
-dashboard.mcache_structures_usage = Paggamit ng MCache structure
-dashboard.next_gc_recycle = Susunod na GC recycle
-dashboard.mcache_structures_obtained = Mga nakuhang MCache structure
 dashboard.delete_old_actions.started = Nasimula na ang burahin ang lahat ng mga lumang aktibidad mula sa database.
 dashboard.update_checker = Tagasuri ng update
 dashboard.delete_old_system_notices = Burahin ang lahat ng mga lumang paunawa ng sistema mula sa database
@@ -2843,11 +2794,8 @@ users.is_activated = Naka-activate na account
 users.prohibit_login = Sinuspending account
 emails.email_manage_panel = Ipamahala ang mga email ng user
 self_check = Pansariling pagsusuri
-dashboard.total_gc_pause = Kabuuang GC pause
-dashboard.last_gc_pause = Huling GC pause
 users.still_has_org = Ang user na ito ay isang miyembro ng isang organisasyon. Tanggalin ang user sa anumang mga organisasyon muna.
 users.deletion_success = Binura na ang user account.
-dashboard.heap_memory_in_use = Ginagamit na heap memory
 emails.filter_sort.name = Username
 emails.primary = Pauna
 emails.filter_sort.email = Email
@@ -3017,8 +2965,6 @@ auths.allowed_domains = Mga pinapayagang domain
 auths.helo_hostname_helper = Hostname na pinapadala sa pamamagitan ng HELO. Iwanang walang laman para ipadala ang kasalukuyang hostname.
 auths.disable_helo = I-disable ang HELO
 auths.oauth2_profileURL = URL ng profile
-monitor.queue.settings.maxnumberworkers.placeholder = Kasalukuyang %[1]d
-monitor.queue.settings.remove_all_items = Tanggalin lahat
 users.block.description = Harangan ang tagagamit na ito mula sa pag-interact sa serbisyong ito sa pamamagitan ng kanilang mga account at pagbawalan ang pag-sign in.
 monitor.cron = Mga cron task
 config.mailer_sendmail_timeout = Timeout ng Sendmail
@@ -3037,13 +2983,9 @@ config.provider_config = Config ng provider
 config.cache_test_slow = Matagumpay ang pagsubok ng cache, ngunit mabagal ang tugon: %s.
 config.picture_config = Configuration ng larawan at avatar
 config.disabled_logger = Naka-disable
-monitor.queue.settings.submit = I-update ang mga setting
 auths.tips = Mga tip
 config.test_mail_sent = Ang isang test email ay ipinadala kay "%s".
 monitor.process.cancel = Kanselahin ang proseso
-monitor.queues = Mga queue
-monitor.queue.exemplar = Uri ng Exemplar
-monitor.queue.numberworkers = Numero ng mga worker
 config.enable_openid_signup = I-enable ang OpenID na pansariling pagrehistro
 config.session_config = Configuration ng session
 monitor.name = Pangalan
@@ -3054,9 +2996,6 @@ config.git_gc_args = Mga argument ng GC
 config.git_migrate_timeout = Timeout ng paglipat
 config.cache_config = Configuration ng cache
 config.git_pull_timeout = Timeout ng operasyon ng paghila
-monitor.queue.settings.maxnumberworkers = Pinakamaraming numero ng worker
-monitor.queue.settings.title = Mga setting ng pool
-monitor.queue.settings.desc = Dinamikang lumalaki ang mga pool tugon sa kanilang worker queue blocking.
 auths.tip.google_plus = Kumuha ng OAuth2 client credentials mula sa Google API console sa %s
 config.mail_notify = Paganahin ang mga email notification
 config.active_code_lives = Oras ng pag-expire ng activation code
@@ -3066,7 +3005,6 @@ users.organization_creation.description = Payagan ang paggawa ng mga bagong orga
 auths.delete_auth_title = Burahin ang source ng authentikasyon
 auths.delete_auth_desc = Ang pagtanggal ng authentication source ay pumipigil sa mga user na gamitin ito upang mag-sign in. Magpatuloy?
 auths.login_source_of_type_exist = Umiiral na ang authentication source na may ganitong uri.
-monitor.queue.settings.maxnumberworkers.error = Dapat numero ang pinakamaraming numero ng mga worker
 self_check.no_problem_found = Wala pang mga problema na nahanap.
 self_check.database_collation_mismatch = Inaasahan ang database na gamitin ang collation: %s
 auths.oauth2_admin_group = Group claim value para sa mga tagapangasiwa. (Opsyonal - kinakailangan ang claim name sa itaas)
@@ -3125,11 +3063,6 @@ monitor.desc = Paglalarawan
 monitor.start = Oras ng pagsimula
 monitor.execute_time = Oras ng pag-execute
 monitor.process.children = Mga anak
-monitor.queue = Queue: %s
-monitor.queue.type = Uri
-monitor.queue.maxnumberworkers = Pinakamaraming numero ng worker
-monitor.queue.numberinqueue = Number sa queue
-monitor.queue.review_add = Suriin / magdagdag ng mga worker
 self_check.database_collation_case_insensitive = Gumagamit ang database ng collation %s, na isang insensitive na collation. Bagama't maaaring gumana ang Forgejo dito, maaaring may ilang bihirang kaso na hindi gumagana gaya ng inaasahan.
 auths.tips.oauth2.general.tip = Kapag nagrerehistro ng bagong OAuth2 na authentication, ang callback/redirect URL ay dapat na:
 auths.activated = Na-activate na ang source ng authentikasyon
@@ -3143,14 +3076,11 @@ config.default_enable_timetracking = I-enable ang pagsubaybay ng oras bilang def
 auths.deletion_success = Binura na ang authentication source.
 auths.login_source_exist = Umiiral na ang authentication source na "%s".
 auths.still_in_used = Ginagamit pa ang authentication source. I-convert o burahin ang mga user na gumagamit ng authentication source na ito muna.
-monitor.queue.settings.remove_all_items_done = Tinanggal na ang lahat ng mga item sa queue.
-monitor.queue.settings.changed = Na-update ang mga setting
 auths.oauth2_map_group_to_team_removal = Tanggalin ang user sa mga naka-synchronize na team kung ang user ay hindi kasama sa katumbas na groupo.
 config.cache_test_succeeded = Matagumpay ang pagsubok ng cache, nakakuha ng tugon sa %s.
 config.open_with_editor_app_help = Ang mga "Open with" editor para sa clone menu. Kung iniwang walang laman, ang default ang gagamitin. I-expand para makita ang default.
 config.set_setting_failed = Nabigo ang pagtakda ng setting na %s
 monitor.download_diagnosis_report = I-download ang ulat ng diagnosis
-monitor.queue.activeworkers = Mga aktibong worker
 self_check.database_inconsistent_collation_columns = Gumagamit ang database ng collation %s, ngunit ang mga column na ito ay gumagamit ng hindi tugmang collations. Maaaring magdulot ito ng ilang hindi inaasahang problema.
 auths.tip.twitter = Pumunta sa %s, gumawa ng application at siguraduhing naka-enable ang "Payagan ang application na gamitin para Mag-sign in sa Twitter" na opsyon
 auths.tip.gitea = Magrehistro ng bagong OAuth2 na application. Ang guide ay mahahanap sa %s
@@ -3175,7 +3105,6 @@ config.gc_interval_time = Oras ng pagitan ng GC
 config.cookie_life_time = Lifetime ng cookie
 config.git_clone_timeout = Timeout ng operasyon na pag-clone
 monitor.process.cancel_desc = Ang pagkansela ng proseso ay maaaring magdulot ng pagkawalan ng data
-monitor.queue.name = Pangalan
 auths.oauth2_required_claim_value_helper = Itakda ang value na ito upang i-restrict ang pag-login mula sa pinagmulang ito sa mga user na may claim na may ganitong pangalan at value
 auths.tip.bitbucket = Magrehistro ng bagong OAuth consumer sa %s at idagdag ang pahintulot na "Account" - "Read"
 config.require_sign_in_view = Kailanganin ang pag-sign in para itignan ang nilalaman
@@ -3319,39 +3248,24 @@ owner.settings.cleanuprules.enabled = Naka-enable
 [actions]
 workflow.dispatch.trigger_found = Mayroong <c>workflow_dispatch</c> na trigger ang workflow na ito.
 unit.desc = Ipamahala ang mga pinag-sasamang CI/CD pipeline sa pamamagitan ng Forgejo Actions.
-variables.update.failed = Nabigong baguhin ang variable.
-variables.update.success = Nabago na ang variable.
-variables.edit = Baguhin ang Variable
 workflow.enable = I-enable ang workflow
 workflow.disabled = Naka-disable ang workflow.
 need_approval_desc = Kailangan ng pag-apruba para tumakbo ng mga workflow para sa fork na hiling sa paghila.
-variables = Mga variable
 runs.no_runs = Wala pang mga pagtatakbo ang workflow na ito sa ngayon.
-variables.creation = Magdagdag ng variable
-variables.none = Wala pang mga variable sa ngayon.
-variables.deletion = Tanggalin ang variable
-variables.deletion.description = Permanente ang pagtanggal ng isang variable at hindi ito mababalik. Magpatuloy?
 runs.empty_commit_message = (walang laman na mensahe ng commit)
 workflow.enable_success = Matagumpay na na-enable ang workflow na "%s".
 workflow.dispatch.run = Patakbuhin ang workflow
 workflow.dispatch.success = Matagumpay na nahiling ang pagtakbo ng workflow.
-variables.management = Ipamahala ang mga variable
-variables.deletion.failed = Nabigong tanggalin ang variable.
 workflow.disable = I-disable ang workflow
 workflow.disable_success = Matagumpay na na-disable ang workflow na "%s".
-variables.creation.failed = Nabigong idagdag ang variable.
 workflow.dispatch.use_from = Gamitin ang workflow mula sa
 workflow.dispatch.invalid_input_type = Hindi wastong input type "%s".
 workflow.dispatch.input_required = Kumailangan ng value para sa input na "%s".
 workflow.dispatch.warn_input_limit = Pinapakita lamang ang unang %d na mga input.
-variables.description = Ipapasa ang mga variable sa ilang mga aksyon at hindi mababasa kung hindi man.
 variables.id_not_exist = Hindi umiiral ang variable na may ID na %d.
-variables.deletion.success = Tinanggal na ang variable.
-variables.creation.success = Nadagdag na ang variable na "%s".
 runs.expire_log_message = Na-purge ang mga log dahil masyado silang luma.
 runs.no_workflows.help_write_access = Hindi alam kung paano magsimula sa Forgejo Actions? Tignan ang <a target="_blank" rel="noopener noreferrer" href="%s">mabilisang pagsimula sa user documentation</a> para magsimulang magsulat ng unang workflow, at <a target="_blank" rel="noopener noreferrer" href="%s">mag-setup ng Forgejo runner</a> para patakbuhin ang mga job.
 runs.no_workflows.help_no_write_access = Para matuto tungkol sa Forgejo Actions, tignan ang <a target="_blank" rel="noopener noreferrer" href="%s">dokumentasyon</a>.
-variables.not_found = Nabigong hanapin ang variable.
 
 [action]
 commit_repo = itinulak sa <a href="%[2]s">%[3]s</a> sa <a href="%[1]s">%[4]s</a>
@@ -3435,9 +3349,6 @@ management = Ipamahala ang mga secret
 deletion.description = Ang pagtanggal ng sikreto ay permanente at hindi mababawi. Magpatuloy?
 
 [markup]
-filepreview.line = Linya %[1]d sa %[2]s
-filepreview.truncated = Na-truncate ang preview
-filepreview.lines = Mga linya %[1]d hanggang %[2]d sa %[3]s
 
 [projects]
 deleted.display_name = Binurang proyekto
diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini
index 543d03baa9..2558b99f74 100644
--- a/options/locale/locale_fr-FR.ini
+++ b/options/locale/locale_fr-FR.ini
@@ -37,18 +37,6 @@ twofa=Authentification à deux facteurs
 twofa_scratch=Code de secours pour l'authentification à deux facteurs
 passcode=Code d'accès
 
-webauthn_insert_key=Insérez votre clé de sécurité
-webauthn_sign_in=Appuyez sur le bouton de votre clé de sécurité. Si votre clé de sécurité n'a pas de bouton, réinsérez-la.
-webauthn_press_button=Veuillez appuyer sur le bouton de votre clé de sécurité…
-webauthn_use_twofa=Utilisez l'authentification à deux facteurs avec votre téléphone
-webauthn_error=Impossible de lire votre clé de sécurité.
-webauthn_unsupported_browser=Votre navigateur ne prend actuellement pas en charge WebAuthn.
-webauthn_error_unknown=Une erreur indéterminée s'est produite. Veuillez réessayer.
-webauthn_error_insecure=`WebAuthn ne prend en charge que les connexions sécurisées. Pour les tests via HTTP, vous pouvez utiliser l'origine "localhost" ou "127.0.0.1"`
-webauthn_error_unable_to_process=Le serveur n'a pas pu traiter votre demande.
-webauthn_error_duplicated=La clé de sécurité n'est pas autorisée pour cette demande. Veuillez vous assurer que la clé n'est pas déjà enregistrée.
-webauthn_error_empty=Vous devez définir un nom pour cette clé.
-webauthn_error_timeout=Le délai d'attente imparti a été atteint avant que votre clé ne puisse être lue. Veuillez recharger la page pour réessayer.
 repository=Dépôt
 organization=Organisation
 mirror=Miroir
@@ -2936,34 +2924,6 @@ dashboard.sync_external_users=Synchroniser les données de l’utilisateur exter
 dashboard.cleanup_hook_task_table=Nettoyer la table hook_task
 dashboard.cleanup_packages=Nettoyer des paquets expirés
 dashboard.cleanup_actions=Nettoyer les journaux et les artefacts des actions obsolètes
-dashboard.server_uptime=Uptime du serveur
-dashboard.current_goroutine=Goroutines actuelles
-dashboard.current_memory_usage=Utilisation Mémoire actuelle
-dashboard.total_memory_allocated=Mémoire totale allouée
-dashboard.memory_obtained=Mémoire obtenue
-dashboard.pointer_lookup_times=Nombre de Consultations Pointeur
-dashboard.memory_allocate_times=Allocations de mémoire
-dashboard.memory_free_times=Nombre de libérations de mémoire
-dashboard.current_heap_usage=Utilisation Tas (Heap)
-dashboard.heap_memory_obtained=Mémoire tas (Heap) obtenue
-dashboard.heap_memory_idle=Mémoire tas (Heap) au repos
-dashboard.heap_memory_in_use=Utilisation mémoire tas (Heap)
-dashboard.heap_memory_released=Mémoire tas (Heap) libérée
-dashboard.heap_objects=Objets tas (Heap)
-dashboard.bootstrap_stack_usage=Utilisation pile bootstrap
-dashboard.stack_memory_obtained=Mémoire pile obtenue
-dashboard.mspan_structures_usage=Utilisation des structures MSpan
-dashboard.mspan_structures_obtained=Structures MSpan obtenues
-dashboard.mcache_structures_usage=Utilisation des structures MCache
-dashboard.mcache_structures_obtained=Structures MCache obtenues
-dashboard.profiling_bucket_hash_table_obtained=Profilage de seau de table de hashage obtenu
-dashboard.gc_metadata_obtained=Métadonnées GC obtenues
-dashboard.other_system_allocation_obtained=Autres allocation système obtenue
-dashboard.next_gc_recycle=Prochain recyclage GC
-dashboard.last_gc_time=Temps depuis le dernier GC
-dashboard.total_gc_pause=Pause totale GC
-dashboard.last_gc_pause=Dernière pause GC
-dashboard.gc_times=Nombres de GC
 dashboard.delete_old_actions=Supprimer toutes les anciennes activités de la base de données
 dashboard.delete_old_actions.started=Suppression de toutes les anciennes activités de la base de données démarrée.
 dashboard.update_checker=Vérificateur de mise à jour
@@ -3021,18 +2981,6 @@ users.purge_help=Éradique l’utilisateur et tous ses dépôts, organisations e
 users.still_own_packages=Cet utilisateur possède encore un ou plusieurs paquets. Supprimez d’abord ces paquets.
 users.deletion_success=Le compte a été supprimé.
 users.reset_2fa=Réinitialiser l'authentification à deux facteurs
-users.list_status_filter.menu_text=Filtrer
-users.list_status_filter.reset=Réinitialiser
-users.list_status_filter.is_active=Actif
-users.list_status_filter.not_active=Inactif
-users.list_status_filter.is_admin=Administrateur
-users.list_status_filter.not_admin=Non administrateur
-users.list_status_filter.is_restricted=Restreint
-users.list_status_filter.not_restricted=Non restreint
-users.list_status_filter.is_prohibit_login=Interdit de connexion
-users.list_status_filter.not_prohibit_login=Autorisé à se connecter
-users.list_status_filter.is_2fa_enabled=2FA Activé
-users.list_status_filter.not_2fa_enabled=2FA désactivé
 users.details=Informations de l’utilisateur
 
 emails.email_manage_panel=Gestion des courriels des utilisateurs
@@ -3352,26 +3300,6 @@ monitor.process.cancel_desc=L'annulation d'un processus peut entraîner une pert
 monitor.process.cancel_notices=Annuler : <strong>%s</strong> ?
 monitor.process.children=Enfant
 
-monitor.queues=Files d'attente
-monitor.queue=File d'attente : %s
-monitor.queue.name=Nom
-monitor.queue.type=Type
-monitor.queue.exemplar=Type d'exemple
-monitor.queue.numberworkers=Nombre de processus
-monitor.queue.activeworkers=Processus actifs
-monitor.queue.maxnumberworkers=Nombre maximal de processus
-monitor.queue.numberinqueue=Position dans la queue
-monitor.queue.review_add=Examiner / ajouter des processus
-monitor.queue.settings.title=Paramètres du réservoir
-monitor.queue.settings.desc=Les bassins croissent proportionnellement au besoin de leurs exécuteurs.
-monitor.queue.settings.maxnumberworkers=Nombre maximale de processus
-monitor.queue.settings.maxnumberworkers.placeholder=Actuellement %[1]d
-monitor.queue.settings.maxnumberworkers.error=Le nombre de processus doit être un nombre
-monitor.queue.settings.submit=Appliquer les paramètres
-monitor.queue.settings.changed=Paramètres mis à jour
-monitor.queue.settings.remove_all_items=Tout effacer
-monitor.queue.settings.remove_all_items_done=Tous les éléments de la file d'attente ont été effacés.
-
 notices.system_notice_list=Notifications systèmes
 notices.view_detail_header=Voir les détails de la notification
 notices.operations=Opérations
@@ -3514,21 +3442,7 @@ workflow.disabled=Le flux de travail est désactivé.
 
 need_approval_desc=Besoin d’approbation pour exécuter des flux de travail pour une demande d’ajout de bifurcation.
 
-variables=Variables
-variables.management=Gestion des variables
-variables.creation=Ajouter une variable
-variables.none=Il n'y a pas encore de variables.
-variables.deletion=Retirer la variable
-variables.deletion.description=La suppression d’une variable est permanente et ne peut être défaite. Continuer ?
-variables.description=Les variables sont passées aux actions et ne peuvent être lues autrement.
 variables.id_not_exist = La variable numéro %d n’existe pas.
-variables.edit=Modifier la variable
-variables.deletion.failed=Impossible de retirer la variable.
-variables.deletion.success=La variable a bien été retirée.
-variables.creation.failed=Impossible d'ajouter la variable.
-variables.creation.success=La variable « %s » a été ajoutée.
-variables.update.failed=Impossible d’éditer la variable.
-variables.update.success=La variable a bien été modifiée.
 workflow.dispatch.use_from = Utiliser un workflow depuis
 workflow.dispatch.trigger_found = Ce workflow a un déclencheur d'événement <c>workflow_dispatch</c>.
 workflow.dispatch.run = Exécuter le workflow
@@ -3539,7 +3453,6 @@ workflow.dispatch.warn_input_limit = Affichage des %d premiers champs seulement.
 runs.expire_log_message = Les journaux ont été purgés car ils étaient trop anciens.
 runs.no_workflows.help_write_access = Vous ne savez pas par où commencer avec Forgejo Actions ? Regardez la section <a target="_blank" rel="noopener noreferrer" href="%s"> démarrage rapide dans la documentation utilisateur</a> pour écrire votre premier workflow, puis <a target="_blank" rel="noopener noreferrer" href="%s">mettre en place un Forgejo runner</a> pour exécuter vos jobs.
 runs.no_workflows.help_no_write_access = Pour en savoir plus sur Forgejo Actions, consultez <a target="_blank" rel="noopener noreferrer" href="%s">la documentation</a>.
-variables.not_found = La variable n'a pas été trouvée.
 
 [projects]
 type-1.display_name=Projet personnel
@@ -3588,9 +3501,6 @@ regexp = RegExp
 [munits.data]
 
 [markup]
-filepreview.line = Ligne %[1]d dans %[2]s
-filepreview.lines = Lignes %[1]d jusqu'à %[2]d dans %[3]s
-filepreview.truncated = L'aperçu a été tronqué
 
 [repo.permissions]
 pulls.write = <b>Écrire :</b> Fermer des demandes de tirage et gérer les métadonnées telles que les étiquettes, les jalons, les assignés, les dates d'échéance et les dépendances.
diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini
index 1b9135785b..76ebcd1b91 100644
--- a/options/locale/locale_ga-IE.ini
+++ b/options/locale/locale_ga-IE.ini
@@ -35,18 +35,6 @@ captcha = CAPTCHA
 twofa = Fíordheimhniú Dhá-Fhachtóir
 twofa_scratch = Cód Scratch Dhá-Fhachtóra
 passcode = Paschód
-webauthn_insert_key = Cuir isteach d'eochair slándála
-webauthn_sign_in = Brúigh an cnaipe ar d'eochair slándála. Mura bhfuil aon chnaipe ag d'eochair slándála, cuir isteach é arís.
-webauthn_press_button = Brúigh an cnaipe ar d'eochair slándála le do thoil…
-webauthn_use_twofa = Úsáid cód dhá fhachtóir ó do ghuthán
-webauthn_error = Ní fhéadfaí do eochair slándála a léamh.
-webauthn_unsupported_browser = Ní thacaíonn do bhrabhsálaí le WebAuthn faoi láthair.
-webauthn_error_unknown = Tharla earráid anaithnid. Déan iarracht arís.
-webauthn_error_insecure = Ní thacaíonn WebAuthn ach le naisc slán. Le haghaidh tástála thar HTTP, is féidir leat an bunús “localhost” nó "127.0.0.1" a úsáid
-webauthn_error_unable_to_process = Ní fhéadfadh an freastalaí d'iarratas a phróiseáil.
-webauthn_error_duplicated = Ní cheadaítear an eochair slándála don iarratas seo. Déan cinnte le do thoil nach bhfuil an eochair cláraithe cheana féin.
-webauthn_error_empty = Ní mór duit ainm a shocrú don eochair seo.
-webauthn_error_timeout = Sroicheadh an teorainn ama sula bhféadfaí d’eochair a léamh. Athlódáil an leathanach seo, le do thoil, agus déan iarracht arís.
 repository = Stór
 organization = Eagraíocht
 mirror = Scáthán
@@ -2848,33 +2836,6 @@ dashboard.reinit_missing_repos = Aththosaigh gach stórais Git atá in easnamh a
 dashboard.sync_external_users = Sioncrónaigh sonraí úsáideoirí seachtracha
 dashboard.cleanup_hook_task_table = Glan suas an tábla hook_task
 dashboard.cleanup_packages = Glan suas pacáistí atá imithe in éag
-dashboard.server_uptime = Aga fónaimh Freastalaí
-dashboard.current_goroutine = Goroutines Reatha
-dashboard.current_memory_usage = Úsáid Cuimhne Reatha
-dashboard.total_memory_allocated = Cuimhne Iomlán Leithdháilte
-dashboard.memory_obtained = Cuimhne Faighte
-dashboard.pointer_lookup_times = Amanna Cuardaigh Pointeora
-dashboard.memory_allocate_times = Leithdháiltí Cuimhne
-dashboard.memory_free_times = Saorálann Cuimhne
-dashboard.current_heap_usage = Úsáid Charn Reatha
-dashboard.heap_memory_obtained = Cuimhne Charn Faighte
-dashboard.heap_memory_idle = Díomhaoin Cuimhne Carn
-dashboard.heap_memory_in_use = Cuimhne Carm In Úsáid
-dashboard.heap_memory_released = Cuimhne Carn Eisithe
-dashboard.heap_objects = Cuspóirí Carn
-dashboard.bootstrap_stack_usage = Úsáid Staca Bootstrap
-dashboard.stack_memory_obtained = Cuimhne Staca Faighte
-dashboard.mspan_structures_usage = Úsáid Struchtúir MSpan
-dashboard.mspan_structures_obtained = Struchtúir MSpan a Faightear
-dashboard.mcache_structures_usage = Úsáid Struchtúir MCache
-dashboard.mcache_structures_obtained = Struchtúir MCache a Faightear
-dashboard.profiling_bucket_hash_table_obtained = Tábla Hash Buicéad Próifílithe a Faightear
-dashboard.gc_metadata_obtained = Meiteashonraí GC faighte
-dashboard.other_system_allocation_obtained = Leithdháileadh Córais Eile a Fuarthas
-dashboard.next_gc_recycle = Athchúrsáil GC Eile
-dashboard.total_gc_pause = Sos Iomlán GC
-dashboard.last_gc_pause = Sos GC Deireanach
-dashboard.gc_times = Amanna GC
 dashboard.delete_old_actions = Scrios gach sean-ghníomhaíocht ón mbunachar
 dashboard.delete_old_actions.started = Scrios na sean-ghníomhaíocht go léir ón mbunachar sonraí tosaithe.
 dashboard.update_checker = Seiceoir nuashonraithe
@@ -2912,18 +2873,6 @@ users.purge = Úsáideoir a Ghlanadh
 users.still_own_packages = Tá pacáiste amháin nó níos mó fós ag an úsáideoir seo, scrios na pacáistí seo ar dtús.
 users.deletion_success = Scriosadh an cuntas úsáideora.
 users.reset_2fa = Athshocraigh 2FA
-users.list_status_filter.menu_text = Scagaire
-users.list_status_filter.reset = Athshocraigh
-users.list_status_filter.is_active = Gníomhach
-users.list_status_filter.not_active = Neamhghníomhach
-users.list_status_filter.is_admin = Riarachán
-users.list_status_filter.not_admin = Ní Riarachán
-users.list_status_filter.is_restricted = Srianta
-users.list_status_filter.not_restricted = Gan Srian
-users.list_status_filter.is_prohibit_login = Cosc ar Logáil Isteach
-users.list_status_filter.not_prohibit_login = Ceadaigh Logáil isteach
-users.list_status_filter.is_2fa_enabled = 2FA Cumasaithe
-users.list_status_filter.not_2fa_enabled = 2FA faoi mhíchumas
 users.details = Sonraí Úsáideora
 emails.primary = Bunscoile
 emails.activated = Gníomhachtaithe
@@ -3187,25 +3136,6 @@ monitor.execute_time = Am Forghníomhaithe
 monitor.last_execution_result = Toradh
 monitor.process.cancel = Cealaigh próiseas
 monitor.process.children = Leanaí
-monitor.queues = Scuaineanna
-monitor.queue = Scuaine: %s
-monitor.queue.name = Ainm
-monitor.queue.type = Cineál
-monitor.queue.exemplar = Cineál Eiseamláire
-monitor.queue.numberworkers = Líon na nOibrithe
-monitor.queue.activeworkers = Oibrithe Gníomhacha
-monitor.queue.maxnumberworkers = Líon Uasta na nOibrithe
-monitor.queue.numberinqueue = Uimhir i scuaine
-monitor.queue.review_add = Athbhreithniú / Cuir Oibrithe leis
-monitor.queue.settings.title = Socruithe Linn
-monitor.queue.settings.desc = Fásann linnte go dinimiciúil mar fhreagra ar a gcuid scuaine oibrithe a bhlocáil.
-monitor.queue.settings.maxnumberworkers = Uaslíon na n-oibrithe
-monitor.queue.settings.maxnumberworkers.placeholder = Faoi láthair %[1]d
-monitor.queue.settings.maxnumberworkers.error = Caithfidh uaslíon na n-oibrithe a bheith ina uimhir
-monitor.queue.settings.submit = Nuashonrú Socruithe
-monitor.queue.settings.changed = Socruithe Nuashonraithe
-monitor.queue.settings.remove_all_items = Bain gach
-monitor.queue.settings.remove_all_items_done = Baineadh na míreanna go léir sa scuaine.
 notices.system_notice_list = Fógraí Córais
 notices.operations = Oibríochtaí
 notices.select_all = Roghnaigh Gach
@@ -3230,7 +3160,6 @@ dashboard.resync_all_sshkeys = Nuashonraigh an comhad ".ssh/authorized_keys" le
 dashboard.resync_all_sshprincipals = Nuashonraigh an comhad ".ssh/authorized_principals" le príomhoidí SSH Forgejo.
 dashboard.resync_all_hooks = Athshioncrónaigh crúcaí Git na stórtha uile (réamhghlacadh, nuashonrú, iarghlacadh, próiseasghlacadh, ...)
 dashboard.cleanup_actions = Glan suas logaí agus déantáin atá imithe in éag ó ghníomhartha
-dashboard.last_gc_time = Am ó GC deireanach
 dashboard.stop_zombie_tasks = Stop tascanna gníomhartha zombie
 dashboard.stop_endless_tasks = Stop tascanna gníomhartha gan teorainn
 dashboard.cancel_abandoned_jobs = Cealaigh poist gníomhartha tréigthe
@@ -3399,20 +3328,7 @@ workflow.disable = Díchumasaigh sreabhadh oibre
 workflow.enable = Cumasaigh sreabhadh oibre
 workflow.disabled = Tá an sreabhadh oibre díchumasaithe.
 need_approval_desc = Teastaíonn faomhadh chun sreafaí oibre a rith le haghaidh iarratas tarraingt forc.
-variables = Athróga
-variables.creation = Cuir Athróg leis
-variables.none = Níl aon athróga ann fós.
-variables.deletion = Bain athróg
-variables.deletion.description = Tá athróg a bhaint buan agus ní féidir é a chur ar ais. Lean ar aghaidh?
-variables.description = Cuirfear athróga chuig gníomhartha áirithe agus ní féidir iad a léamh ar mhalairt eile.
 variables.id_not_exist = Níl athróg le ID %d ann.
-variables.edit = Cuir Athróg in Eagar
-variables.deletion.failed = Theip ar athróg a bhaint.
-variables.deletion.success = Tá an athróg bainte.
-variables.creation.failed = Theip ar athróg a chur leis.
-variables.creation.success = Tá an athróg "%s" curtha leis.
-variables.update.failed = Theip ar athróg a chur in eagar.
-variables.update.success = Tá an t-athróg curtha in eagar.
 runs.no_workflows.help_write_access = Nach bhfuil a fhios agat conas tosú le Gníomhartha Forgejo? Féach ar an <a target="_blank" rel="noopener noreferrer" href="%s">tús tapa sa doiciméadacht úsáideora</a> chun do chéad sreabhadh oibre a scríobh, ansin <a target="_blank" rel="noopener noreferrer" href="%s">bunaigh rithire Forgejo</a> chun do phoist a fhorghníomhú.
 runs.no_workflows.help_no_write_access = Chun tuilleadh eolais a fháil faoi Ghníomhartha Forgejo, féach ar <a target="_blank" rel="noopener noreferrer" href="%s">an doiciméadacht</a>.
 workflow.disable_success = Sreabhadh oibre "%s" díchumasaithe go rathúil.
@@ -3424,8 +3340,6 @@ workflow.dispatch.success = Iarradh an sreabhadh oibre go rathúil.
 workflow.dispatch.input_required = Éilítear luach don ionchur "%s".
 workflow.dispatch.invalid_input_type = Cineál ionchuir neamhbhailí "%s".
 workflow.dispatch.warn_input_limit = Ag taispeáint na chéad %d ionchur amháin.
-variables.management = Bainistigh athróga
-variables.not_found = Theip ar an athróg a aimsiú.
 
 [projects]
 deleted.display_name = Tionscadal scriosta
@@ -3463,9 +3377,6 @@ ext_issues = Rochtain ar an nasc chuig rianaitheoir saincheisteanna seachtrach.
 ext_wiki = Rochtain ar an nasc chuig vicí seachtrach. Déantar na ceadanna a bhainistiú go seachtrach.
 
 [markup]
-filepreview.line = Líne %[1]d i %[2]s
-filepreview.lines = Línte %[1]d go %[2]d i %[3]s
-filepreview.truncated = Tá an réamhamharc giorraithe
 
 [translation_meta]
 test = Is teaghrán tástála é seo. Ní thaispeántar é i gcomhéadan úsáideora Forgejo ach úsáidtear é chun críocha tástála. Ná bíodh drogall ort "ceart go leor" a iontráil chun am a shábháil (nó fíric spraíúil de do rogha féin) chun an marc críochnaithe 100% sin a bhaint amach :)
\ No newline at end of file
diff --git a/options/locale/locale_gl.ini b/options/locale/locale_gl.ini
index 7ccafc81f4..43257512b9 100644
--- a/options/locale/locale_gl.ini
+++ b/options/locale/locale_gl.ini
@@ -31,15 +31,6 @@ re_type = Confirme o contrasinal
 captcha = CAPTCHA
 twofa = Autenticación de dobre factor
 passcode = Código de acceso
-webauthn_insert_key = Insira a súa chave de seguridade
-webauthn_press_button = Prema o botón da súa chave de seguridade…
-webauthn_use_twofa = Use o Código de Dous Factores do seu Teléfono
-webauthn_error = Non se puido ler a súa clave de seguridade.
-webauthn_unsupported_browser = O seu navegador non soporta WebAuthn actualmente.
-webauthn_error_unknown = Produciuse un erro descoñecido. Ténteo de novo.
-webauthn_error_unable_to_process = O servidor non puido procesar a súa solicitude.
-webauthn_error_duplicated = A clave de seguridade non está permitida para esta solicitude. Asegúrese de que a clave non estea xa rexistrada.
-webauthn_error_empty = Debe definir un nome para esta clave.
 repository = Repositorio
 organization = Organización
 mirror = Espello
@@ -96,13 +87,10 @@ copy_content = Copiar contido
 language = Linguaxe
 copy_hash = Copiar hash
 twofa_scratch = Código Scratch de Dous Factores
-webauthn_sign_in = Prema o botón da súa chave de seguridade. Se a súa chave de seguridade non ten ningún botón, volva inserila.
 issues = Incidencias
 disabled = Desactivado
 error404 = A páxina á que estás tentando acceder <strong>non existe</strong> ou <strong>non tes autorización</strong> para vela.
 tracked_time_summary = Resumo do tempo de seguimento baseado nos filtros da lista de incidencias
-webauthn_error_insecure = WebAuthn só admite conexións seguras. Para probar a través de HTTP, pode usar a orixe "localhost" ou "127.0.0.1"
-webauthn_error_timeout = Alcanzouse o límite de tempo antes de que se puidera ler a súa clave. Volva cargar esta páxina e ténteo de novo.
 remove = Quitar
 view = Ver
 copy_type_unsupported = Este tipo de ficheiro non se pode copiar
diff --git a/options/locale/locale_he.ini b/options/locale/locale_he.ini
index b176332689..6e6252229d 100644
--- a/options/locale/locale_he.ini
+++ b/options/locale/locale_he.ini
@@ -1,5 +1,4 @@
 [common]
-webauthn_error_unable_to_process = שרת זה נכשל בעיבוד בקשתך.
 help = עזרה
 logo = לוגו
 sign_in_with_provider = כניסה דרך %s
@@ -29,9 +28,6 @@ access_token = קוד גישה
 captcha = CAPTCHA
 twofa_scratch = קוד אימות דו־שלבי
 passcode = קוד כניסה
-webauthn_error_unknown = שגיאה לא ידועה, אפשר לנסות שוב.
-webauthn_error_empty = שם המפתח הוא שדה חובה.
-webauthn_error_timeout = קריאת מפתחך לקחה יותר מדי זמן. אפשר לטעון מחדש את הדף ולנסות שוב.
 organization = ארגון
 mirror = מראה
 new_mirror = מראה חדשה
@@ -101,8 +97,6 @@ twofa = אימות דו־שלבי
 pull_requests = בקשות מיזוג
 powered_by = רץ על %s
 copy_generic = העתקה לCtrl + C
-webauthn_unsupported_browser = הדפדפן שלך לא תומך בWebAuthn.
-webauthn_error_insecure = הפרוטוקול WebAuthn לא תומך בחיבורים לא מאובטחים, למעט דרך "localhost" או "127.0.0.1"
 settings = הגדרות
 your_settings = הגדרות
 new_org.link = ארגון חדש
@@ -115,9 +109,6 @@ copy_content = העתקת תוכן
 copy_type_unsupported = אי אפשר להעתיק קבצים מסוג זה
 concept_system_global = גלובלי
 concept_user_individual = אישי
-webauthn_insert_key = יש להכניס את מפתח אבטחך
-webauthn_press_button = נא ללחוץ על הכפתור שעל מפתח האבטחה…
-webauthn_error = קריאת מפתח האבטחה נכשלה.
 repository = קרפיף
 new_repo.title = קרפיף חדש
 new_migrate.title = יבוא קרפיף
@@ -128,8 +119,6 @@ disabled = כבוי
 copy_path = העתקת מיקום קובץ
 invalid_data = הבנת הקלט נכשלה: %v
 concept_code_repository = קרפיף
-webauthn_sign_in = יש ללחוץ על הכפתור שעל מפתח האבטחה. אם אין כפתור, אפשר להוציא את המפתח ולחבר אותו שוב.
-webauthn_error_duplicated = מפתח האבטחה לא יכול לשמש לבקשה זו. נא לוודא שהמפתח לא רשום.
 dashboard = מבט על
 remove_label_str = הסרת "%s"
 explore = קטלוגים
@@ -139,7 +128,6 @@ confirm_delete_artifact = למחוק את הארטיפקט "%s"?
 toggle_menu = הצגת\הסתרת תפריט
 re_type = סיסמה (שוב)
 tracked_time_summary = סיכום זמן מעקב בהתבסס על מסננים של רשימת סוגיות
-webauthn_use_twofa = השתמש בקוד אימות דו־שלבי מהטלפון שלך
 error413 = מיצית את ההגבלה שלך.
 
 [search]
diff --git a/options/locale/locale_hi.ini b/options/locale/locale_hi.ini
index 10a759689e..42d427f071 100644
--- a/options/locale/locale_hi.ini
+++ b/options/locale/locale_hi.ini
@@ -41,14 +41,6 @@ settings = सेटिंग्स
 your_settings = आपकी सेटिंग्स
 return_to_forgejo = फ़ोर्जेगो पे वापस जाएं
 access_token = एक्सेस टोकन
-webauthn_insert_key = अपनी सिक्योरिटी की डालें
-webauthn_press_button = अपनी सिक्योरिटी की पर बटन दबाएं…
-webauthn_use_twofa = अपने फ़ोन से दो फैक्टर कोड लाएं
-webauthn_unsupported_browser = आपका ब्राउज़र वेबौथ सपोर्ट नहीं करता।
-webauthn_error_unknown = कोई अंजान एरर हुई, फिर से कोशिश करें।
-webauthn_error_unable_to_process = सर्वर आपकी रिक्वेस्ट प्रोसेस नहीं कर पाया।
-webauthn_error_empty = कृपया इस चाभी का नाम रखें।
-webauthn_error_timeout = आपकी की पढ़ने से पहले टाइमआउट हो गया। पृष्ट रीलोड करें और फिर कोशिश करें।
 new_project = नया प्रोजेक्ट
 test = टेस्ट
 locked = लॉक्ड
@@ -88,13 +80,9 @@ remove_label_str = हटाएं आइटम “%s”
 edit = संपादित करना
 view = देखें
 disabled = असक्षम किया गया
-webauthn_sign_in = सिक्योरिटी की का बटन दबाएं, नहीं है तो फिर से प्लग करें।
-webauthn_error_insecure = वेबौथ पर सिर्फ सुरक्षित कनेक्शन हो. HTTP टेस्ट के लिए ओरिजिन “लोकलहोस्ट” या “127.0.0.1”
 new_repo.title = नई रिपॉजिटरी
 pull_requests = पुल्ल करें
 enabled = सक्षम किया गया
-webauthn_error = सिक्योरिटी की रीड नहीं हो पा रही।
-webauthn_error_duplicated = सिक्योरिटी की इस रिक्वेस्ट के लिए नहीं है। कृपया देखें की पहले से रजिस्टर्ड तो नहीं।
 new_migrate.title = नया प्रवासन
 activities = गतिविधियाँ
 rerun_all = फिर से सारे काम करें
diff --git a/options/locale/locale_hu-HU.ini b/options/locale/locale_hu-HU.ini
index 481159fd3c..df48fcd03b 100644
--- a/options/locale/locale_hu-HU.ini
+++ b/options/locale/locale_hu-HU.ini
@@ -92,14 +92,7 @@ filter = Szűrő
 filter.is_archived = Archivált
 logo = Logó
 sign_in_with_provider = Bejelentkezés %s fiókkal
-webauthn_insert_key = Helyezze be biztonsági kulcsát
-webauthn_press_button = Nyomja meg a biztonsági kulcsán található gombot…
 access_token = Hozzáférési token
-webauthn_error = A biztonsági kulcsának beolvasása sikertelen volt.
-webauthn_unsupported_browser = A böngészője jelenleg nem támogatja a WebAuthn protokollt.
-webauthn_error_unknown = Ismeretlen hiba történt. Próbálja újra.
-webauthn_error_unable_to_process = A kiszolgáló nem tudta feldolgozni a kérését.
-webauthn_error_empty = Nevet kell adnia ennek a kulcsnak.
 new_project_column = Új oszlop
 never = Soha
 unknown = Ismeretlen
@@ -122,12 +115,8 @@ view = Megtekintés
 ok = OK
 copy_generic = Másolás vágólapra
 copy_url = Webcím másolása
-webauthn_error_insecure = A WebAuthn csak biztonságos kapcsolatokat támogat. HTTP-n keresztüli tesztelés esetén használja a „localhost” vagy a „127.0.0.1” forrást.
 filter.clear = Szűrők törlése
 enable_javascript = Az oldal működéséhez engedélyezni kell a JavaScriptet.
-webauthn_sign_in = Nyomja meg a biztonsági kulcsán található gombot. Ha nincs rajta gomb, próbálja meg újra behelyezni.
-webauthn_use_twofa = Kétlépcsős hitelesítési kód használata telefonról
-webauthn_error_timeout = Időtúllépés a kulcs beolvasása során. Töltse be újra ezt az oldalt, és próbálkozzon újra.
 copy_branch = Elágazás nevének másolása
 test = Tesztelés
 copy_type_unsupported = Ezt a fájltípust nem lehet másolni
@@ -152,7 +141,6 @@ new_migrate.link = Új migráció
 new_org.title = Új szervezet
 new_org.link = Új szervezet
 filter.is_fork = Másolatok
-webauthn_error_duplicated = A biztonsági kulcs nem engedélyezett ehhez a kéréshez. Győződjön meg róla, hogy a kulcs nincs-e már regisztrálva.
 filter.is_mirror = Tükrök
 
 [aria]
@@ -1298,34 +1286,6 @@ dashboard.clean_unbind_oauth_success=Az összes megszüntetett OAuth kapcsolat t
 dashboard.delete_generated_repository_avatars=Generált tároló avatarok törlése
 dashboard.reinit_missing_repos=Az összes Git tároló újra-inicializálása amihez léteznek bejegyzések
 dashboard.sync_external_users=Külső felhasználói adatok szinkronizálása
-dashboard.server_uptime=Kiszolgáló futási ideje
-dashboard.current_goroutine=Jelenlegi Goroutinok
-dashboard.current_memory_usage=Jelenlegi memória használat
-dashboard.total_memory_allocated=Összes lefoglalt memória
-dashboard.memory_obtained=Megszerzett Memória
-dashboard.pointer_lookup_times=Pointer Lookup Idők
-dashboard.memory_allocate_times=Memóriafoglalások
-dashboard.current_heap_usage=Aktuális Heap Használat
-dashboard.heap_memory_obtained=Heap Memória Megszerezve
-dashboard.heap_memory_idle=Tétlen Heap Memória
-dashboard.heap_memory_in_use=Használatban lévő Heap Memória
-dashboard.heap_memory_released=Elengedett Heap Memória
-dashboard.heap_objects=Heap Objektumok
-dashboard.bootstrap_stack_usage=Bootstrap Stack Használat
-dashboard.stack_memory_obtained=Stack Memória Megszerezve
-dashboard.mspan_structures_usage=MSpan Struktúrák Használata
-dashboard.mspan_structures_obtained=MSpan Struktúrák Megszerezve
-dashboard.mcache_structures_usage=MCache Struktúrák Használata
-dashboard.mcache_structures_obtained=MCache Struktúrák Megszerezve
-dashboard.profiling_bucket_hash_table_obtained=Profilozó Vödrös Hash Tábla Megszerezve
-dashboard.gc_metadata_obtained=GC Metaadat Megszerezve
-dashboard.other_system_allocation_obtained=Másik Rendszer Allokáció Megszerezve
-dashboard.next_gc_recycle=Következő GC Újrahasznosítás
-dashboard.last_gc_time=Utolsó GC óta eltelt idő
-dashboard.total_gc_pause=Teljes GC szünet
-dashboard.last_gc_pause=Utolsó GC szünet
-dashboard.gc_times=GC Idők
-
 users.new_account=Felhasználó létrehozása
 users.name=Felhasználónév
 users.full_name=Teljes név
@@ -1347,10 +1307,6 @@ users.allow_create_organization=Létrehozhat szervezeteket
 users.update_profile=Fiók frissítése
 users.delete_account=Fiók törlése
 users.still_has_org=Ez a felhasználó tagja egy szervezetnek. Először el kell távolítani a felhasználót az összes szervezetből.
-users.list_status_filter.is_active=Aktív
-users.list_status_filter.is_admin=Rendszergazda
-users.list_status_filter.is_restricted=Korlátozott
-
 emails.primary=Elsődleges
 emails.activated=Aktivált
 emails.filter_sort.email=Email
@@ -1568,10 +1524,6 @@ monitor.process.cancel=Folyamat megszakítása
 monitor.process.cancel_desc=Egy folyamat megszakítása adatvesztést okozhat
 monitor.process.cancel_notices=Megszakítás: <strong>%s</strong>?
 
-monitor.queue.name=Név
-monitor.queue.type=Típus
-monitor.queue.settings.submit=Beállítások frissítése
-
 notices.system_notice_list=Rendszer Értesítések
 notices.view_detail_header=Értesítés Részletei
 notices.select_all=Összes Kijelölése
diff --git a/options/locale/locale_id-ID.ini b/options/locale/locale_id-ID.ini
index 575609fffe..2379f3edfe 100644
--- a/options/locale/locale_id-ID.ini
+++ b/options/locale/locale_id-ID.ini
@@ -80,18 +80,6 @@ concept_code_repository=Repositori
 name=Nama
 
 re_type = Konfirmasi Kata Sandi
-webauthn_insert_key = Masukkan kunci keamanan anda
-webauthn_sign_in = Tekan tombol pada kunci keamanan Anda. Jika kunci keamanan Anda tidak memiliki tombol, masukkan kembali.
-webauthn_press_button = Silakan tekan tombol pada kunci keamanan Anda…
-webauthn_use_twofa = Gunakan kode dua faktor dari telepon Anda
-webauthn_error = Tidak dapat membaca kunci keamanan Anda.
-webauthn_unsupported_browser = Browser Anda saat ini tidak mendukung WebAuthn.
-webauthn_error_unknown = Terdapat kesalahan yang tidak diketahui. Mohon coba lagi.
-webauthn_error_insecure = `WebAuthn hanya mendukung koneksi aman. Untuk pengujian melalui HTTP, Anda dapat menggunakan "localhost" atau "127.0.0.1"`
-webauthn_error_unable_to_process = Server tidak dapat memproses permintaan Anda.
-webauthn_error_duplicated = Kunci keamanan tidak diperbolehkan untuk permintaan ini. Pastikan bahwa kunci ini belum terdaftar sebelumnya.
-webauthn_error_empty = Anda harus menetapkan nama untuk kunci ini.
-webauthn_error_timeout = Waktu habis sebelum kunci Anda dapat dibaca. Mohon muat ulang halaman ini dan coba lagi.
 new_project = Proyek Baru
 new_project_column = Kolom Baru
 ok = Oke
@@ -2869,33 +2857,6 @@ dashboard.clean_unbind_oauth=Bersihkan koneksi OAuth yang tidak terikat
 dashboard.clean_unbind_oauth_success=Semua koneksi OAuth yang tidak terikat telah dihapus.
 dashboard.reinit_missing_repos=Menginstal kembali semua repositori Git yang hilang dimana ada catatan
 dashboard.sync_external_users=Sinkronkan data pengguna eksternal
-dashboard.server_uptime=Waktu aktif server
-dashboard.current_goroutine=Goroutine saat ini
-dashboard.current_memory_usage=Penggunaan memori saat ini
-dashboard.total_memory_allocated=Total memori yang dialokasikan
-dashboard.memory_obtained=Memori yang diperoleh
-dashboard.pointer_lookup_times=Jumlah pencarian pointer
-dashboard.current_heap_usage=Penggunaan heap saat ini
-dashboard.heap_memory_obtained=Memori heap yang diperoleh
-dashboard.heap_memory_idle=Memori heap yang menganggur
-dashboard.heap_memory_in_use=Memori heap yang digunakan
-dashboard.heap_memory_released=Memori heap yang dilepaskan
-dashboard.heap_objects=Objek heap
-dashboard.bootstrap_stack_usage=Penggunaan stack bootstrap
-dashboard.stack_memory_obtained=Memori stack yang diperoleh
-dashboard.mspan_structures_usage=Penggunaan struktur MSpan
-dashboard.mspan_structures_obtained=Struktur MSpan yang diperoleh
-dashboard.mcache_structures_usage=Penggunaan struktur MCache
-dashboard.mcache_structures_obtained=Struktur MCache yang diperoleh
-dashboard.profiling_bucket_hash_table_obtained=Tabel hash bucket pemrofilan yang diperoleh
-dashboard.gc_metadata_obtained=Metadata GC yang diperoleh
-dashboard.other_system_allocation_obtained=Alokasi sistem lainnya yang diperoleh
-dashboard.next_gc_recycle=Daur ulang GC berikutnya
-dashboard.last_gc_time=Waktu sejak GC terakhir
-dashboard.total_gc_pause=Total jeda GC
-dashboard.last_gc_pause=Jeda GC terakhir
-dashboard.gc_times=Jumlah GC
-
 users.full_name=Nama lengkap
 users.activated=Diaktifkan
 users.admin=Pengelola
@@ -2904,8 +2865,6 @@ users.created=Dibuat
 users.edit=Edit
 users.auth_source=Sumber autentikasi
 users.local=Lokal
-users.list_status_filter.is_admin=Pengelola
-
 emails.activated=Diaktifkan
 
 orgs.org_manage_panel=Kelola organisasi
@@ -3077,19 +3036,6 @@ monitor.execute_time=Waktu pelaksanaan
 monitor.process.cancel=Batalkan proses
 monitor.process.cancel_desc=Membatalkan proses dapat menyebabkan kehilangan data
 
-monitor.queues=Antrian
-monitor.queue=Antrian: %s
-monitor.queue.name=Nama
-monitor.queue.type=Tipe
-monitor.queue.exemplar=Contoh Tipe
-monitor.queue.numberworkers=Jumlah pekerja
-monitor.queue.maxnumberworkers=Jumlah maksimum pekerja
-monitor.queue.settings.title=Pengaturan pool
-monitor.queue.settings.maxnumberworkers=Jumlah Maks. Worker
-monitor.queue.settings.maxnumberworkers.error=Jumlah maks. worker haruslah sebuah angka
-monitor.queue.settings.submit=Perbarui pengaturan
-monitor.queue.settings.changed=Pengaturan diperbarui
-
 notices.system_notice_list=Pemberitahuan sistem
 notices.view_detail_header=Detail pemberitahuan
 notices.select_all=Pilih semua
@@ -3105,7 +3051,6 @@ notices.delete_success=Laporan sistem telah dihapus.
 
 
 config_settings = Pengaturan
-users.list_status_filter.menu_text = Saring
 self_check = Pemeriksaan mandiri
 identity_access = Identitas & akses
 users = Akun pengguna
@@ -3153,8 +3098,6 @@ dashboard.resync_all_hooks = Sinkronkan ulang hook Git dari semua repositori (pr
 dashboard.cleanup_hook_task_table = Bersihkan tabel hook_task
 dashboard.cleanup_packages = Bersihkan paket yang kedaluwarsa
 dashboard.cleanup_actions = Bersihkan log dan artefak yang kedaluwarsa dari aksi
-dashboard.memory_allocate_times = Alokasi memori
-dashboard.memory_free_times = Pembebasan memori
 dashboard.delete_old_actions = Hapus semua aktivitas lama dari basis data
 dashboard.delete_old_actions.started = Hapus semua aktivitas lama dari basis data dimulai.
 dashboard.update_checker = Pemeriksa pembaruan
@@ -3209,16 +3152,6 @@ users.purge_help = Hapus paksa pengguna beserta semua repositori, organisasi, da
 users.still_own_packages = Pengguna ini masih memiliki satu atau lebih paket, hapus paket tersebut terlebih dahulu.
 users.deletion_success = Akun pengguna telah dihapus.
 users.reset_2fa = Atur ulang 2FA
-users.list_status_filter.reset = Atur ulang
-users.list_status_filter.is_active = Aktif
-users.list_status_filter.not_active = Tidak aktif
-users.list_status_filter.not_admin = Bukan admin
-users.list_status_filter.is_restricted = Dibatasi
-users.list_status_filter.not_restricted = Tidak dibatasi
-users.list_status_filter.is_prohibit_login = Larang masuk
-users.list_status_filter.not_prohibit_login = Izinkan masuk
-users.list_status_filter.is_2fa_enabled = 2FA diaktifkan
-users.list_status_filter.not_2fa_enabled = 2FA dinonaktifkan
 users.details = Detail pengguna
 emails.email_manage_panel = Kelola email pengguna
 emails.primary = Utama
@@ -3377,13 +3310,6 @@ monitor.download_diagnosis_report = Unduh laporan diagnosis
 monitor.duration = Durasi (dtk)
 monitor.last_execution_result = Hasil
 monitor.process.cancel_notices = Batalkan: <strong>%s</strong>?
-monitor.queue.activeworkers = Pekerja aktif
-monitor.queue.numberinqueue = Jumlah dalam antrian
-monitor.queue.review_add = Tinjau / tambah pekerja
-monitor.queue.settings.desc = Pool berkembang secara dinamis sebagai respons terhadap pemblokiran antrian pekerja mereka.
-monitor.queue.settings.maxnumberworkers.placeholder = Saat ini %[1]d
-monitor.queue.settings.remove_all_items = Hapus semua
-monitor.queue.settings.remove_all_items_done = Semua item dalam antrian telah dihapus.
 notices.operations = Operasi
 notices.type_2 = Tugas
 self_check.no_problem_found = Belum ditemukan masalah.
@@ -3482,20 +3408,7 @@ workflow.disable = Nonaktifkan Alur Kerja
 workflow.enable = Aktifkan Alur Kerja
 workflow.disabled = Alur kerja dinonaktifkan.
 need_approval_desc = Butuh persetujuan untuk menjalankan alur kerja untuk pull request fork.
-variables = Variabel
-variables.creation = Tambah Variabel
-variables.none = Belum ada variabel.
-variables.deletion = Hapus variabel
-variables.deletion.description = Menghapus variabel bersifat permanen dan tidak dapat dibatalkan. Lanjutkan?
-variables.description = Variabel akan diteruskan ke beberapa tindakan dan tidak dapat dibaca sebaliknya.
 variables.id_not_exist = Variabel dengan ID %d tidak ada.
-variables.edit = Edit Variabel
-variables.deletion.failed = Gagal menghapus variabel.
-variables.deletion.success = Variabel telah dihapus.
-variables.creation.failed = Gagal menambahkan variabel.
-variables.creation.success = Variabel "%s" telah ditambahkan.
-variables.update.failed = Gagal mengedit variabel.
-variables.update.success = Variabel telah diedit.
 runs.no_workflows.help_write_access = Tidak tahu cara memulai dengan Forgejo Actions? Lihat <a target="_blank" rel="noopener noreferrer" href="%s">panduan memulai cepat di dokumentasi pengguna</a> untuk menulis alur kerja pertama Anda, lalu <a target="_blank" rel="noopener noreferrer" href="%s">siapkan runner Forgejo</a> untuk menjalankan pekerjaan Anda.
 runs.no_workflows.help_no_write_access = Untuk mempelajari Forgejo Actions, lihat <a target="_blank" rel="noopener noreferrer" href="%s">dokumentasi</a>.
 runs.expire_log_message = Log telah dihapus karena sudah terlalu lama.
@@ -3508,8 +3421,6 @@ workflow.dispatch.success = Permintaan jalankan alur kerja berhasil dikirim.
 workflow.dispatch.input_required = Wajib mengisi nilai untuk input "%s".
 workflow.dispatch.invalid_input_type = Jenis input tidak valid "%s".
 workflow.dispatch.warn_input_limit = Hanya menampilkan %d input pertama.
-variables.management = Kelola variabel
-variables.not_found = Gagal menemukan variabel.
 
 [projects]
 type-1.display_name = Proyek Individu
@@ -3573,9 +3484,6 @@ ext_issues = Akses tautan ke pelacak issue eksternal. Izin dikelola secara ekste
 ext_wiki = Akses tautan ke wiki eksternal. Izin dikelola secara eksternal.
 
 [markup]
-filepreview.line = Baris %[1]d di %[2]s
-filepreview.lines = Baris %[1]d hingga %[2]d di %[3]s
-filepreview.truncated = Pratinjau telah dipotong
 
 [translation_meta]
 test = Ini adalah string uji. Tidak ditampilkan di antarmuka Forgejo tetapi digunakan untuk keperluan pengujian. Silakan masukkan "ok" untuk menghemat waktu (atau fakta menarik pilihan Anda) demi mencapai angka penyelesaian 100% yang memuaskan :)
\ No newline at end of file
diff --git a/options/locale/locale_is-IS.ini b/options/locale/locale_is-IS.ini
index 805024281b..e22dfefcc1 100644
--- a/options/locale/locale_is-IS.ini
+++ b/options/locale/locale_is-IS.ini
@@ -33,18 +33,6 @@ twofa=Tvíþætt Auðkenning
 twofa_scratch=Tveggja-Þátta Skrapkóði
 passcode=Aðgangstala
 
-webauthn_insert_key=Settu öryggislykilinn þinn inn
-webauthn_sign_in=Ýttu á hnappinn á öryggislyklinum þínum. Ef öryggislykillinn þinn hefur engan hnapp skaltu setja hann aftur inn.
-webauthn_press_button=Vinsamlegast ýttu á hnappinn á öryggislyklinum þínum…
-webauthn_use_twofa=Notaðu tveggja-þátta kóða úr símanum þínum
-webauthn_error=Gat ekki lesið öryggislykilinn þinn.
-webauthn_unsupported_browser=Vafrinn þinn styður ekki WebAuthn eins og er.
-webauthn_error_unknown=Óþekkt villa kom upp. Vinsamlegast reyndu aftur.
-webauthn_error_insecure=WebAuthn styður aðeins öruggar tengingar. Til að prófa yfir HTTP geturðu notað upprunann „localhost“ eða „127.0.0.1“
-webauthn_error_unable_to_process=Netþjónninn gat ekki ráðið við beiðni þína.
-webauthn_error_duplicated=Öryggislykillinn er ekki leyfður fyrir þessa beiðni. Gakktu úr skugga um að lykillinn sé ekki þegar skráður.
-webauthn_error_empty=Þú verður að setja nafn fyrir þennan lykil.
-webauthn_error_timeout=Tímamörk náð áður en hægt var að lesa lykilinn þinn. Vinsamlegast endurhlaðið þessa síðu og reyndu aftur.
 repository=Hugbúnaðarsafn
 organization=Stofnun
 mirror=Speglun
@@ -1119,9 +1107,6 @@ dashboard.statistic=Yfirlit
 dashboard.operation_switch=Skipta
 dashboard.operation_run=Keyra
 dashboard.update_mirrors=Uppfæra Speglanir
-dashboard.server_uptime=Uppitími Netþjóns
-dashboard.total_memory_allocated=Heildarminni úthlutað
-
 users.name=Notandanafn
 users.full_name=Fullt Nafn
 users.admin=Stjórnandi
@@ -1130,14 +1115,6 @@ users.repos=Söfn
 users.created=Búið til
 users.edit=Breyta
 users.local=Staðbundið
-users.list_status_filter.menu_text=Sía
-users.list_status_filter.reset=Endurstilla
-users.list_status_filter.is_active=Virkt
-users.list_status_filter.is_admin=Stjórnandi
-users.list_status_filter.is_prohibit_login=Stöðva Innskráningu
-users.list_status_filter.not_prohibit_login=Leyfa Innskráningu
-users.list_status_filter.not_2fa_enabled=Tvíþætt Auðkenning Óvirk
-
 emails.primary=Aðal
 emails.filter_sort.email=Tölvupóstur
 emails.filter_sort.name=Notandanafn
@@ -1217,12 +1194,6 @@ monitor.name=Heiti
 monitor.desc=Lýsing
 monitor.process.children=Börn
 
-monitor.queues=Raðir
-monitor.queue.name=Heiti
-monitor.queue.type=Tegund
-monitor.queue.settings.submit=Uppfæra Stillingar
-monitor.queue.settings.changed=Stillingar Uppfærðar
-
 notices.type=Tegund
 notices.type_1=Hugbúnaðarsafn
 notices.type_2=Verkefni
diff --git a/options/locale/locale_it-IT.ini b/options/locale/locale_it-IT.ini
index 3eb67a2f59..3b8475ba67 100644
--- a/options/locale/locale_it-IT.ini
+++ b/options/locale/locale_it-IT.ini
@@ -34,18 +34,6 @@ twofa=Autenticazione a due fattori
 twofa_scratch=Codice di recupero per l'autenticazione a due fattori
 passcode=Codice di sicurezza
 
-webauthn_insert_key=Inserisci la tua chiave di sicurezza
-webauthn_sign_in=Premi il pulsante sul tasto di sicurezza. Se il tasto di sicurezza non ha pulsante, reinseriscilo.
-webauthn_press_button=Premi il pulsante sulla chiave di sicurezza…
-webauthn_use_twofa=Usa un codice a due fattori dal tuo telefono
-webauthn_error=Impossibile leggere la tua chiave di sicurezza.
-webauthn_unsupported_browser=Il tuo browser al momento non supporta WebAuthn.
-webauthn_error_unknown=Si è verificato un errore sconosciuto. Riprova.
-webauthn_error_insecure=WebAuthn supporta solo connessioni sicure. Per il test su HTTP, è possibile utilizzare l'origine "localhost" o "127.0.0.1"
-webauthn_error_unable_to_process=Il server non può elaborare la richiesta.
-webauthn_error_duplicated=La chiave di sicurezza non è consentita per questa richiesta. Assicurati che la chiave non sia già registrata.
-webauthn_error_empty=Devi impostare un nome per questa chiave.
-webauthn_error_timeout=Timeout raggiunto prima che la tua chiave possa essere letta. Ricarica la pagina e riprova.
 repository=Repositorio
 organization=Organizzazione
 mirror=Mirror
@@ -2927,34 +2915,6 @@ dashboard.reinit_missing_repos=Reinizializza tutti i repository Git mancanti per
 dashboard.sync_external_users=Sincronizza dati utente esterno
 dashboard.cleanup_hook_task_table=Pulisci tabella hook_task
 dashboard.cleanup_packages=Pulizia pacchetti scaduti
-dashboard.server_uptime=Tempo di attività
-dashboard.current_goroutine=Goroutine attuali
-dashboard.current_memory_usage=Utilizzo di memoria attuale
-dashboard.total_memory_allocated=Memoria allocata totale
-dashboard.memory_obtained=Memoria ottenuta
-dashboard.pointer_lookup_times=Tempi di ricerca del puntatore
-dashboard.memory_allocate_times=Allocazioni di memoria
-dashboard.memory_free_times=Rilasci di memoria
-dashboard.current_heap_usage=Utilizzo heap attuale
-dashboard.heap_memory_obtained=Memoria heap ottenuta
-dashboard.heap_memory_idle=Memoria heap inattiva
-dashboard.heap_memory_in_use=Memoria heap in uso
-dashboard.heap_memory_released=Memoria heap rilasciata
-dashboard.heap_objects=Oggetti dell'heap
-dashboard.bootstrap_stack_usage=Utilizzo pila iniziale
-dashboard.stack_memory_obtained=Memoria pila ottenuta
-dashboard.mspan_structures_usage=Utilizzo strutture MSpan
-dashboard.mspan_structures_obtained=Strutture MSpan ottenute
-dashboard.mcache_structures_usage=Utilizzo di strutture MCache
-dashboard.mcache_structures_obtained=Strutture MCache ottenute
-dashboard.profiling_bucket_hash_table_obtained=Tabelle hash del secchio di profilazione ottenute
-dashboard.gc_metadata_obtained=Metadata del GC ottenuto
-dashboard.other_system_allocation_obtained=Altre allocazioni di sistema ottenute
-dashboard.next_gc_recycle=Prossimo riciclaggio GC
-dashboard.last_gc_time=Dall'ultimo GC
-dashboard.total_gc_pause=Pausa totale del GC
-dashboard.last_gc_pause=Ultima pausa del GC
-dashboard.gc_times=Esecuzioni GC
 dashboard.delete_old_actions=Elimina tutte le vecchie azioni dal database
 dashboard.delete_old_actions.started=Elimina tutte le vecchie azioni dal database iniziate.
 dashboard.update_checker=Controllore dell'aggiornamento
@@ -2999,19 +2959,6 @@ users.purge=Elimina utente
 users.purge_help=Eliminare forzatamente l'utente e tutti i progetti, le organizzazioni e i pacchetti di proprietà dell'utente. Anche tutti i commenti e le segnalazioni verranno eliminati.
 users.deletion_success=L'account utente è stato eliminato.
 users.reset_2fa=Resetta 2FA
-users.list_status_filter.menu_text=Filtro
-users.list_status_filter.reset=Ripristina
-users.list_status_filter.is_active=Attivo
-users.list_status_filter.not_active=Inattivo
-users.list_status_filter.is_admin=Amministratore
-users.list_status_filter.not_admin=Non amministratore
-users.list_status_filter.is_restricted=Limitato
-users.list_status_filter.not_restricted=Non limitato
-users.list_status_filter.is_prohibit_login=Accesso vietato
-users.list_status_filter.not_prohibit_login=Accesso consentito
-users.list_status_filter.is_2fa_enabled=2FA abilitato
-users.list_status_filter.not_2fa_enabled=2FA disabilitato
-
 emails.email_manage_panel=Gestisci email dell'utente
 emails.primary=Primario
 emails.activated=Attivato
@@ -3304,21 +3251,6 @@ monitor.process.cancel_desc=Annullare un processo potrebbe causare una perdita d
 monitor.process.cancel_notices=Annulla: <strong>%s</strong>?
 monitor.process.children=Figli
 
-monitor.queues=Code
-monitor.queue=Coda: %s
-monitor.queue.name=Nome
-monitor.queue.type=Tipo
-monitor.queue.exemplar=Tipo di esemplare
-monitor.queue.numberworkers=Numero di lavoratori
-monitor.queue.maxnumberworkers=Massimo numero di lavoratori
-monitor.queue.numberinqueue=Numero in coda
-monitor.queue.settings.title=Impostazioni piscina
-monitor.queue.settings.maxnumberworkers=Massimo numero di workers
-monitor.queue.settings.maxnumberworkers.placeholder=Attualmente %[1]d
-monitor.queue.settings.maxnumberworkers.error=Il numero massimo di lavoratori deve essere un numero
-monitor.queue.settings.submit=Aggiorna impostazioni
-monitor.queue.settings.changed=Impostazioni aggiornate
-
 notices.system_notice_list=Avvisi di sistema
 notices.view_detail_header=Visualizza dettagli dell'avviso
 notices.select_all=Seleziona tutto
@@ -3357,7 +3289,6 @@ auths.tip.gitea = Registra una nuova applicazione OAuth2. La guida può essere t
 config.test_mail_sent = Una email di prova è stata inviata a "%s".
 monitor.processes_count = %d processi
 monitor.download_diagnosis_report = Scarica relazione diagnostica
-monitor.queue.activeworkers = Lavoratori attivi
 config.app_data_path = Percorso dati dell'applicazione
 packages.cleanup = Pulisci dati scaduti
 dashboard.cleanup_actions = Pulisci log scaduti e artefatti dalle azioni
@@ -3385,12 +3316,8 @@ auths.new_success = L'autenticazione "%s" è stata aggiunta.
 auths.tips.gmail_settings = Impostazioni Gmail:
 config.test_mail_failed = Impossibile inviare email di prova a "%s": %v
 users.details = Dettagli dell'utente
-monitor.queue.review_add = Revisiona / aggiungi lavoratori
 self_check.no_problem_found = Non c'è ancora nessuna segnalazione.
 self_check.database_inconsistent_collation_columns = La base di dati sta usando la collazione %s ma queste colonne usano una collazione diversa. Potrebbe causare problemi imprevisti.
-monitor.queue.settings.remove_all_items = Rimuovi tutto
-monitor.queue.settings.desc = Le piscine crescono dinamicamente in risposta al blocco dei lavoratori in coda.
-monitor.queue.settings.remove_all_items_done = Tutti gli elementi in coda sono stati rimossi.
 self_check.database_collation_mismatch = Pretendi che la base di dati usi la collazione: %s
 self_check.database_fix_mysql = Per utenti MySQL/MariaDB, potresti usare il comando "forgejo doctor convert" per risolvere problemi di collazione, o potresti risolvere il problema manualmente tramite SQL con "ALTER ... COLLATE ...".
 self_check.database_collation_case_insensitive = La base di dati sta usando la collazione %s, che è una collazione insensibile. Nonostante Forgejo potrebbe lavorarci, ci potrebbero essere rari casi che non vanno come previsto.
@@ -3504,29 +3431,15 @@ creation.success = Il segreto "%s" è stato aggiungo.
 deletion.success = Il segreto è stato rimosso.
 
 [actions]
-variables = Variabili
 unit.desc = Gestisci azioni
 workflow.enable = Abilita flusso di lavoro
-variables.update.success = La variabile è stata modificata.
-variables.update.failed = Impossibile modificare la variabile.
-variables.creation.failed = Errore nell'aggiunta della variabile.
-variables.deletion.success = La variabile è stata rimossa.
-variables.deletion.failed = Impossibile rimuovere la variabile.
-variables.edit = Modifica variabile
 variables.id_not_exist = La variabile con ID %s non esiste.
-variables.deletion.description = La rimozione di una variabile è permanente e non può essere annullata. Continuare?
-variables.deletion = Rimuovi variabile
-variables.none = Non ci sono ancora variabili.
-variables.creation = Aggiungi variabile
-variables.management = Gestisci variabili
 workflow.disabled = Il flusso di lavoro è disabilitato.
 workflow.enable_success = Il flusso di lavoro "%s" è stato abilitato correttamente.
 workflow.disable_success = Il flusso di lavoro "%s" è stato disabilitato con successo.
 workflow.disable = Disabilita flusso di lavoro
 runs.empty_commit_message = (messaggio di commit vuoto)
 runs.no_runs = Il flusso di lavoro non è stato ancora eseguito.
-variables.creation.success = La variabile "%s" è stata aggiunta.
-variables.description = Le variabili saranno passate a determinate azioni e non possono essere lette altrimenti.
 need_approval_desc = È necessaria l'approvazione per eseguire flussi di lavoro per richieste di modifica da fork.
 workflow.dispatch.trigger_found = Questo flusso di lavoro ha un rilevatore di eventi <c>workflow_dispatch</c>.
 workflow.dispatch.run = Esegui flusso di lavoro
@@ -3535,7 +3448,6 @@ workflow.dispatch.input_required = Richiedi valore per l'ingresso "%s".
 workflow.dispatch.invalid_input_type = Tipo ingresso "%s" non valido.
 workflow.dispatch.warn_input_limit = Visualizzati solo i primi %d ingressi.
 workflow.dispatch.use_from = Usa flusso di lavoro da
-variables.not_found = Non è stato possibile trovare la variabile.
 runs.expire_log_message = I log sono stati eliminati in quanto troppo vecchi.
 runs.no_workflows.help_no_write_access = Per saperne di più su Forgejo Actions, consulta <a target="_blank" rel="noopener noreferrer" href="%s">la documentazione</a>.
 runs.no_workflows.help_write_access = Non sai come iniziare con Forgejo Actions? Dai un'occhiata alla <a target="_blank" rel="noopener noreferrer" href="%s"> guida rapida nella documentazione utente</a> per scrivere il tuo primo flusso di lavoro, poi <a target="_blank" rel="noopener noreferrer" href="%s"> configura un esecutore Forgejo</a> per eseguire i tuoi incarichi.
@@ -3589,10 +3501,6 @@ union = Parole chiavi
 [munits.data]
 
 [markup]
-filepreview.lines = Linee da %[1]d a %[2]d in %[3]s
-filepreview.truncated = L'anteprima è stata troncata
-filepreview.line = Linea %[1]d in %[2]s
-
 
 [repo.permissions]
 issues.write = <b>Scrittura:</b> Chiudere segnalazioni e gestire metadati come etichette, traguardi, assegnatarɜ, scadenze e dipendenze.
diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini
index 5a1acddeef..f4cbb22f49 100644
--- a/options/locale/locale_ja-JP.ini
+++ b/options/locale/locale_ja-JP.ini
@@ -37,18 +37,6 @@ twofa=2要素認証
 twofa_scratch=2要素認証スクラッチコード
 passcode=パスコード
 
-webauthn_insert_key=セキュリティキーを挿入
-webauthn_sign_in=セキュリティキーのボタンを押してください。セキュリティキーにボタンが無い場合は、挿入しなおしてください。
-webauthn_press_button=セキュリティキーのボタンを押してください…
-webauthn_use_twofa=携帯電話から2要素認証コードを使用する
-webauthn_error=セキュリティキーを読み取ることができません。
-webauthn_unsupported_browser=お使いのブラウザは現在 WebAuthn をサポートしていません。
-webauthn_error_unknown=不明なエラーが発生しました。 もう一度やり直してください。
-webauthn_error_insecure=WebAuthn はセキュアな接続のみをサポートしています。HTTP 経由でテストする場合は、"localhost" または "127.0.0.1" のオリジンが使用できます
-webauthn_error_unable_to_process=サーバーがリクエストを処理できませんでした。
-webauthn_error_duplicated=このリクエストに対しては、許可されていないセキュリティキーです。 キーが未登録であることを確認してください。
-webauthn_error_empty=このキーに名前を設定する必要があります。
-webauthn_error_timeout=キーを読み取る前にタイムアウトになりました。 このページをリロードしてもう一度やり直してください。
 repository=リポジトリ
 organization=組織
 mirror=ミラー
@@ -2901,34 +2889,6 @@ dashboard.sync_external_users=外部ユーザーデータの同期
 dashboard.cleanup_hook_task_table=hook_taskテーブルのクリーンアップ
 dashboard.cleanup_packages=期限切れパッケージのクリーンアップ
 dashboard.cleanup_actions=Actionsから期限切れのログとアーティファクトのクリーンアップする
-dashboard.server_uptime=サーバーの稼働時間
-dashboard.current_goroutine=現在のGoroutine数
-dashboard.current_memory_usage=現在のメモリ使用量
-dashboard.total_memory_allocated=メモリ割当量の累計
-dashboard.memory_obtained=メモリ取得量
-dashboard.pointer_lookup_times=ポインタ参照回数
-dashboard.memory_allocate_times=メモリ割当回数
-dashboard.memory_free_times=メモリ解放回数
-dashboard.current_heap_usage=現在のヒープ使用量
-dashboard.heap_memory_obtained=ヒープ用メモリ取得量
-dashboard.heap_memory_idle=未使用のヒープ容量
-dashboard.heap_memory_in_use=使用中のヒープ容量
-dashboard.heap_memory_released=解放済みヒープ容量
-dashboard.heap_objects=ヒープオブジェクト数
-dashboard.bootstrap_stack_usage=スタック使用量
-dashboard.stack_memory_obtained=スタック用メモリ取得量
-dashboard.mspan_structures_usage=MSpan構造体の使用量
-dashboard.mspan_structures_obtained=MSpan構造体用取得量
-dashboard.mcache_structures_usage=MCache構造体の使用量
-dashboard.mcache_structures_obtained=MCache構造体用取得量
-dashboard.profiling_bucket_hash_table_obtained=バケットハッシュテーブルのプロファイリング割当量
-dashboard.gc_metadata_obtained=GCメタデータ用取得量
-dashboard.other_system_allocation_obtained=その他システム割当用取得量
-dashboard.next_gc_recycle=次回のGCリサイクル
-dashboard.last_gc_time=前回GCからの時間
-dashboard.total_gc_pause=GC停止時間の合計
-dashboard.last_gc_pause=前回のGC停止時間
-dashboard.gc_times=GC実行回数
 dashboard.delete_old_actions=データベースから古い操作履歴をすべて削除
 dashboard.delete_old_actions.started=データベースからの古い操作履歴の削除を開始しました。
 dashboard.update_checker=更新チェック
@@ -2985,18 +2945,6 @@ users.purge_help=強制的にユーザーとそのユーザーが所有してい
 users.still_own_packages=このユーザーはまだ1つ以上のパッケージを所有しています。先にそれらのパッケージを削除してください。
 users.deletion_success=ユーザーアカウントを削除しました。
 users.reset_2fa=2要素認証をリセット
-users.list_status_filter.menu_text=フィルター
-users.list_status_filter.reset=リセット
-users.list_status_filter.is_active=有効
-users.list_status_filter.not_active=無効
-users.list_status_filter.is_admin=管理者
-users.list_status_filter.not_admin=非管理者
-users.list_status_filter.is_restricted=制限あり
-users.list_status_filter.not_restricted=制限なし
-users.list_status_filter.is_prohibit_login=ログインを禁止
-users.list_status_filter.not_prohibit_login=ログインを許可
-users.list_status_filter.is_2fa_enabled=2要素認証有効
-users.list_status_filter.not_2fa_enabled=2要素認証無効
 users.details=ユーザーの詳細
 
 emails.email_manage_panel=ユーザーのメールアドレスを管理
@@ -3316,26 +3264,6 @@ monitor.process.cancel_desc=処理をキャンセルするとデータが失わ
 monitor.process.cancel_notices=キャンセル: <strong>%s</strong>?
 monitor.process.children=子プロセス
 
-monitor.queues=キュー
-monitor.queue=キュー: %s
-monitor.queue.name=キュー名
-monitor.queue.type=種類
-monitor.queue.exemplar=要素の型
-monitor.queue.numberworkers=ワーカー数
-monitor.queue.activeworkers=使用ワーカー数
-monitor.queue.maxnumberworkers=ワーカー数上限
-monitor.queue.numberinqueue=キュー内の数
-monitor.queue.review_add=ワーカーの確認 / 追加
-monitor.queue.settings.title=プール設定
-monitor.queue.settings.desc=プールはワーカーキューの待機状態に応じて動的に大きくなります。
-monitor.queue.settings.maxnumberworkers=ワーカー数上限
-monitor.queue.settings.maxnumberworkers.placeholder=現在の設定 %[1]d
-monitor.queue.settings.maxnumberworkers.error=ワーカー数上限は数値にしてください
-monitor.queue.settings.submit=設定を更新
-monitor.queue.settings.changed=設定を更新しました
-monitor.queue.settings.remove_all_items=すべて削除
-monitor.queue.settings.remove_all_items_done=キュー内のすべての項目を削除しました。
-
 notices.system_notice_list=システム通知
 notices.view_detail_header=通知の詳細
 notices.operations=操作
@@ -3481,20 +3409,6 @@ workflow.disabled=ワークフローは無効です。
 
 need_approval_desc=フォークプルリクエストのワークフローを実行するには承認が必要です。
 
-variables=変数
-variables.management=変数の管理
-variables.creation=変数の追加
-variables.none=変数はまだありません。
-variables.deletion=変数を削除
-variables.deletion.description=変数の削除は恒久的で元に戻すことはできません。 続行しますか？
-variables.description=変数は特定のActionsに渡されます。 それ以外で読み出されることはありません。
-variables.edit=変数の編集
-variables.deletion.failed=変数を削除できませんでした。
-variables.deletion.success=変数を削除しました。
-variables.creation.failed=変数を追加できませんでした。
-variables.creation.success=変数 "%s" を追加しました。
-variables.update.failed=変数を更新できませんでした。
-variables.update.success=変数を更新しました。
 variables.id_not_exist = idが%dの変数は存在しません。
 workflow.dispatch.run = ワークフローを実行
 workflow.dispatch.success = ワークフローの実行が正常にリクエストされました。
@@ -3504,7 +3418,6 @@ workflow.dispatch.input_required = 入力 "%s" に値が必要です。
 workflow.dispatch.invalid_input_type = 入力タイプ「%s」が無効です。
 workflow.dispatch.warn_input_limit = 最初の %d 個の入力のみを表示します。
 runs.expire_log_message = ログは古すぎるため消去されています。
-variables.not_found = 変数が見つかりませんでした。
 runs.no_workflows.help_no_write_access = Forgejoアクションの詳細については、<a target="_blank" rel="noopener noreferrer" href="%s">ドキュメント</a>を参照してください。
 runs.no_workflows.help_write_access = Forgejo アクションの始め方がわからない場合は、<a target="_blank" rel="noopener noreferrer" href="%s">ユーザードキュメントのクイック スタート</a>を参照して最初のワークフローを作成し、次に <a target="_blank" rel="noopener noreferrer" href="%s">Forgejo ランナーをセットアップ</a>してジョブを実行して下さい。
 
@@ -3556,9 +3469,6 @@ union = フレーズ一致
 [munits.data]
 
 [markup]
-filepreview.lines = %[3]s の %[1]d 行目から %[2]d 行目
-filepreview.line = %[2]s の %[1]d 行目
-filepreview.truncated = プレビューは途中から省略されています
 
 [repo.permissions]
 actions.write = <b>書き込み:</b> 保留中の CI/CD パイプラインを手動でトリガー、再起動、キャンセル、または承認します。
diff --git a/options/locale/locale_ka.ini b/options/locale/locale_ka.ini
index f5dff16977..d99ab6a667 100644
--- a/options/locale/locale_ka.ini
+++ b/options/locale/locale_ka.ini
@@ -641,10 +641,6 @@ users.repos = რეპოები
 users.created = შეიქმნა
 users.edit = ჩასწორება
 users.local = ლოკალური
-users.list_status_filter.reset = ჩამოყრა
-users.list_status_filter.is_active = აქტიურია
-users.list_status_filter.is_admin = ადმინი
-users.list_status_filter.is_restricted = შეზღუდული
 emails.primary = ძირითადი
 emails.activated = გააქტიურებულია
 emails.filter_sort.email = ელფოსტა
@@ -695,17 +691,12 @@ monitor.stacktrace = სტეკის დატრეისება
 monitor.desc = აღწერა
 monitor.last_execution_result = შედეგი
 monitor.process.children = შვილები
-monitor.queues = რიგები
-monitor.queue.name = სახელი
-monitor.queue.type = ტიპი
 notices.operations = ოპერაციები
 notices.type = ტიპი
 notices.type_1 = რეპოზიტორია
 notices.type_2 = ამოცანა
 notices.desc = აღწერა
 notices.op = ოპ.
-users.list_status_filter.menu_text = ფილტრი
-users.list_status_filter.not_active = არააქტიურია
 config.send_test_mail_submit = გაგზავნა
 packages.creator = შემქმნელი
 dashboard.operation_switch = გადართვა
@@ -738,7 +729,6 @@ owner.settings.cleanuprules.enabled = ჩართულია
 secrets = საიდუმლოები
 
 [actions]
-variables = ცვლადები
 
 [git.filemode]
 directory = საქაღალდე
diff --git a/options/locale/locale_kab.ini b/options/locale/locale_kab.ini
index ebd2af5f63..71d7d508a1 100644
--- a/options/locale/locale_kab.ini
+++ b/options/locale/locale_kab.ini
@@ -424,7 +424,6 @@ auths.name = Isem
 config.db_name = Isem
 config.mailer_name = Isem
 monitor.name = Isem
-monitor.queue.name = Isem
 repositories = Ikufan
 dashboard = Tafelwit n usenqed
 organizations = Tuddsiwin
@@ -442,7 +441,6 @@ orgs.teams = Igrawen
 orgs.members = Imttekkiyen
 repos.owner = Bab-is
 config.mailer_user = Aseqdac
-users.list_status_filter.is_admin = Anedbal
 users.admin = Anedbal
 repos.size = Tiddi
 packages.owner = Bab-is
@@ -467,7 +465,6 @@ config.mailer_smtp_port = Tawwurt n SMTP
 config.mailer_use_sendmail = Seqdec Sendmail
 config.https_only = HTTPS kan
 config.git_config = Tawila n Git
-monitor.queue.settings.remove_all_items = Kkes-iten akk
 auths.oauth2_profileURL = URL n umaɣnu
 users.update_profile = Leqqem amiḍan n useqdac
 auths.type = Anaw
@@ -482,8 +479,6 @@ config.db_schema = Azenziɣ
 config.db_path = Abrid
 config.mailer_enabled = D urmid
 config.mailer_protocol = Aneggaf
-users.list_status_filter.is_active = D urmid
-users.list_status_filter.not_active = D arurmid
 monitor.stats = Tiddadanin
 config.enable_captcha = Sermed CAPTCHA
 notices.select_all = Fren-iten akk
diff --git a/options/locale/locale_ko-KR.ini b/options/locale/locale_ko-KR.ini
index 7a45572463..7d8ddcf5b6 100644
--- a/options/locale/locale_ko-KR.ini
+++ b/options/locale/locale_ko-KR.ini
@@ -88,31 +88,19 @@ toc = 목차
 licenses = 라이센스
 return_to_forgejo = Forgejo로 돌아가기
 access_token = 액세스 토큰
-webauthn_error_unable_to_process = 서버가 귀하의 요청을 처리할 수 없습니다.
-webauthn_error_duplicated = 이 요청에는 보안 키가 허용되지 않습니다. 키가 이미 등록되어 있는지 확인하세요.
 remove_label_str = "%s" 항목 제거
 disabled = 비활성화됨
 locked = 잠김
 filter = 필터
 filter.not_fork = 포크가 아님
 filter.is_mirror = 미러
-webauthn_press_button = 보안 키의 버튼을 누르세요…
 toggle_menu = 토글 메뉴
-webauthn_error = 보안 키를 읽을 수 없습니다.
-webauthn_unsupported_browser = 현재 귀하의 브라우저는 웹 인증을 지원하지 않습니다.
-webauthn_insert_key = 보안 키를 입력하세요
-webauthn_sign_in = 보안 키에 있는 버튼을 누르세요. 만약 보안 키에 버튼이 없다면 다시 입력하세요.
-webauthn_use_twofa = 휴대전화 2단계 코드 사용
 retry = 다시 시도하기
 rerun = 다시 실행하기
 rerun_all = 모든 작업을 다시 실행하기
 copy = 복사
 new_project_column = 새 열
 more_items = 더 보기
-webauthn_error_unknown = 알 수 없는 오류가 발생했습니다. 다시 시도해주세요.
-webauthn_error_insecure = 웹 인증은 안전한 연결만 지원합니다. HTTP에서 테스트할 경우, "localhost" 또는 "127.0.0.1" 오리진을 사용할 수 있습니다.
-webauthn_error_empty = 키의 이름을 설정해야 합니다.
-webauthn_error_timeout = 키를 읽기 전에 시간이 초과되었습니다. 페이지를 새로 고치고 다시 시도해주세요.
 copy_generic = 클립보드에 복사
 copy_url = URL 복사
 copy_hash = 해시 복사
@@ -1471,35 +1459,6 @@ dashboard.operation_switch=스위치
 dashboard.operation_run=실행
 dashboard.git_gc_repos=모든 저장소 가비지 콜렉트
 dashboard.sync_external_users=외부 사용자 데이터 동기화
-dashboard.server_uptime=서버를 켠 시간
-dashboard.current_goroutine=현재 Go루틴
-dashboard.current_memory_usage=현재 메모리 사용율
-dashboard.total_memory_allocated=전체 할당 메모리
-dashboard.memory_obtained=메모리 확보
-dashboard.pointer_lookup_times=포인터 조회 시간
-dashboard.memory_allocate_times=사용 메모리
-dashboard.memory_free_times=가용 메모리
-dashboard.current_heap_usage=현재 힙 사용현황
-dashboard.heap_memory_obtained=힙 메모리 확보
-dashboard.heap_memory_idle=힙 메모리 유휴
-dashboard.heap_memory_in_use=힙 메모리 사용중
-dashboard.heap_memory_released=힙 메모리 풀림
-dashboard.heap_objects=힙 객체
-dashboard.bootstrap_stack_usage=부트스트랩 스택 사용현황
-dashboard.stack_memory_obtained=스택 메모리 확보
-dashboard.mspan_structures_usage=MSpan 구조 사용현황
-dashboard.mspan_structures_obtained=MSpan 구조 확보
-dashboard.mcache_structures_usage=MCache 구조 사용현황
-dashboard.mcache_structures_obtained=MCache 구조 확보
-dashboard.profiling_bucket_hash_table_obtained=버켓 해시 테이블 확보 프로파일링
-dashboard.gc_metadata_obtained=가비지 콜렉션 메타 데이터 확보
-dashboard.other_system_allocation_obtained=기타 시스템 할당 확보
-dashboard.next_gc_recycle=다음 가비지 콜렉션 순환
-dashboard.last_gc_time=마지막 가비지 콜렉션 시간
-dashboard.total_gc_pause=모든 가비지 콜렉션 중지
-dashboard.last_gc_pause=마지막 가비지 콜렉션 중지
-dashboard.gc_times=가비지 콜렉션 시간
-
 users.user_manage_panel=사용자 계정 관리
 users.new_account=사용자 계정 생성
 users.name=사용자명
@@ -1528,9 +1487,6 @@ users.allow_create_organization=조직 생성 허용
 users.update_profile=사용자 계정 갱신
 users.delete_account=사용자 계정 삭제
 users.deletion_success=사용자 계정이 삭제되었습니다.
-users.list_status_filter.is_active=사용
-users.list_status_filter.is_admin=관리자
-
 emails.activated=활성화됨
 
 orgs.org_manage_panel=조직 관리
@@ -1725,10 +1681,6 @@ monitor.desc=설명
 monitor.start=시작 시간
 monitor.execute_time=실행 시간
 
-monitor.queue.name=이름
-monitor.queue.type=유형
-monitor.queue.settings.submit=설정 업데이트
-
 notices.system_notice_list=시스템 공지
 notices.view_detail_header=알림 세부정보 보기
 notices.select_all=모두 선택
diff --git a/options/locale/locale_kw.ini b/options/locale/locale_kw.ini
index 6c6c21f9d8..ac8dd8a41a 100644
--- a/options/locale/locale_kw.ini
+++ b/options/locale/locale_kw.ini
@@ -1,6 +1,3 @@
-
-
-
 [common]
 home = Tre
 dashboard = Skostel
@@ -37,18 +34,6 @@ captcha = CAPTCHA
 twofa = Gwirheans dewkamm
 twofa_scratch = Kod kravas dewkamm
 passcode = Kod-tremena
-webauthn_insert_key = Gorra a-bervedh agas alhwedh sawder
-webauthn_sign_in = Tavewgh an boton war agas alhwedh sawder. Mar nyns eus boton, gorrewgh a-bervedh arta.
-webauthn_press_button = Mar pleg gwaskewgh an boton war agas alhwedh sawder…
-webauthn_use_twofa = Devnydhyer kod dewkamm dhyworth agas klapkodh
-webauthn_error = Ny yllir redya agas alhwedh sawder.
-webauthn_unsupported_browser = Ny skoodhya a-lemmyn agas peurell WebAuthn.
-webauthn_error_unknown = Yth esa error ankoth. Mar pleg assayewgh arta.
-webauthn_error_insecure = WebAuthn a skoodh junyans saw yn unnik. Rag ow previ dres HTTP. ty a yll devnydhya an devedhyans "localhost" po "127.0.0.1"
-webauthn_error_unable_to_process = Ny yllir an servell argerdhes agas govyn.
-webauthn_error_duplicated = Nyns yw an alhwedh sawder gesys rag an govyn ma. Mar pleg, surhewgh nyns yw an alhwedh kovskrifys seulabrys.
-webauthn_error_empty = Res yw dhywgh settya hanow rag an alhwedh ma.
-webauthn_error_timeout = Termyn yn-mes hedhys kyns agas alhwedh y hyllys redys. Daskargewgh an folen ma mar pleg hag assayewgh arta.
 repository = Gwithva
 new_fork = Forgh gwithva nowydh
 new_project_column = Koloven nowydh
diff --git a/options/locale/locale_lt.ini b/options/locale/locale_lt.ini
index 11fa4a0a4f..72a726f9f6 100644
--- a/options/locale/locale_lt.ini
+++ b/options/locale/locale_lt.ini
@@ -32,14 +32,6 @@ re_type = Patvirtinti slaptažodį
 twofa = Dvigubas tapatybės nustatymas
 twofa_scratch = Dvigubo ženklo kodas
 passcode = PIN kodas
-webauthn_sign_in = Paspauskite saugumo rakto mygtuką. Jei saugumo raktas neturi mygtuko, įkiškite jį iš naujo.
-webauthn_press_button = Paspauskite saugumo rakto mygtuką…
-webauthn_error = Nepavyko nuskaityti saugumo rakto.
-webauthn_unsupported_browser = Jūsų naršyklė šiuo metu nepalaiko „WebAuthn“.
-webauthn_error_unknown = Įvyko nežinoma klaida. Bandykite dar kartą.
-webauthn_error_unable_to_process = Serveris negalėjo apdoroti jūsų prašymo.
-webauthn_error_duplicated = Saugumo raktas neleidžiamas šiai prašymai. Įsitikinkite, kad raktas dar nėra užregistruotas.
-webauthn_error_empty = Turite nustatyti šio rakto pavadinimą.
 repository = Saugykla
 organization = Organizacija
 mirror = Dubliuojančioji tinklavietė
@@ -106,15 +98,11 @@ confirm_delete_artifact = Ar tikrai norite ištrinti artefaktą „%s“?
 archived = Archyvuota
 concept_system_global = Globalus
 enable_javascript = Šiai svetainei reikalingas „JavaScript“.
-webauthn_insert_key = Įkiškite savo saugumo raktą
-webauthn_use_twofa = Naudoti dvigubą kodą iš telefono
-webauthn_error_timeout = Baigėsi laikas, per kurį nebuvo galima nuskaityti rakto. Perkraukite šį puslapį ir bandykite dar kartą.
 your_starred = Pažymėti žvaigždutę
 remove = Pašalinti
 copy_generic = Kopijuoti į iškarpinę
 captcha = Saugos testas (CAPTCHA)
 your_profile = Profilis
-webauthn_error_insecure = „WebAuthn“ palaiko tik saugius ryšius. Bandymams per HTTP galite naudoti „localhost“ arba „127.0.0.0.1“.
 collaborative = Bendradarbiavimas
 home = Pagrindinis
 page = Puslapis
@@ -191,7 +179,6 @@ type-2.display_name = Saugyklos projektas
 type-3.display_name = Organizacijos projektas
 
 [markup]
-filepreview.truncated = Peržiūra buvo sutrumpinta
 
 [mail]
 reset_password.text = Jei tai buvote jūs, spustelėkite toliau esančią nuorodą, kad atkurtumėte savo paskyrą per <b>%s</b>:
diff --git a/options/locale/locale_lv-LV.ini b/options/locale/locale_lv-LV.ini
index 6531335974..79a2e1a08f 100644
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -37,18 +37,6 @@ twofa=Divpakāpju pieteikšanās
 twofa_scratch=Divpakāpju vienreiz izmantojamais kods
 passcode=Kods
 
-webauthn_insert_key=Jāievieto sava drošības atslēga
-webauthn_sign_in=Jānospiež poga uz drošības atslēgas. Ja tai nav pogas, drošības atslēga ir atkārtoti jāievieto.
-webauthn_press_button=Lūgums nospiest pogu uz savas drošības atslēgas…
-webauthn_use_twofa=Izmantot divpakāpju kodu no sava tālruņa
-webauthn_error=Nevar nolasīt drošības atslēgu.
-webauthn_unsupported_browser=Pārlūks pašlaik nenodrošina WebAuthn.
-webauthn_error_unknown=Atgadījās nezināma kļūda. Lūgums mēģināt vēlreiz.
-webauthn_error_insecure=WebAuthn atbalsta tikai drošus savienojumus. Pārbaudīšanai ar HTTP var izmantot pirmavotu "localhost" vai "127.0.0.1"
-webauthn_error_unable_to_process=Serveris nevarēja apstrādāt pieprasījumu.
-webauthn_error_duplicated=Drošības atslēga nav atļauta šim pieprasījumam. Lūgums pārliecināties, ka šī atslēga nav jau reģistrēta.
-webauthn_error_empty=Jānorāda šīs atslēgas nosaukums.
-webauthn_error_timeout=Iestājās noildze, pirms varēja nolasīt atslēgu. Lūgums pārlādēt šo lapu un mēģināt vēlreiz.
 repository=Glabātava
 organization=Apvienība
 mirror=Spoguļglabātava
@@ -2940,34 +2928,6 @@ dashboard.sync_external_users=Sinhronizēt ārējo lietotāju datus
 dashboard.cleanup_hook_task_table=Iztīrīt tabulu hook_task
 dashboard.cleanup_packages=Notīrīt novecojušās pakotnes
 dashboard.cleanup_actions=Notīrīt darbību izbeigušos žurnālus un artefaktus
-dashboard.server_uptime=Servera darbības laiks
-dashboard.current_goroutine=Pašreizējās gorutīnas
-dashboard.current_memory_usage=Pašreizējais atmiņas lietojums
-dashboard.total_memory_allocated=Kopējā iedalītā atmiņa
-dashboard.memory_obtained=Iegūtā atmiņa
-dashboard.pointer_lookup_times=Rādītāju uzmeklēšanas reizes
-dashboard.memory_allocate_times=Atmiņas iedalīšanas
-dashboard.memory_free_times=Atmiņas atbrīvošanas
-dashboard.current_heap_usage=Pašreizējais grēdas lietojums
-dashboard.heap_memory_obtained=Iegūtā grēdas atmiņa
-dashboard.heap_memory_idle=Neizmantotā grēdas atmiņa
-dashboard.heap_memory_in_use=Izmantotā grēdas atmiņa
-dashboard.heap_memory_released=Atbrīvotā grēdas atmiņa
-dashboard.heap_objects=Grēdas objekti
-dashboard.bootstrap_stack_usage=Sākumielādētāja viengala rindas lietojums
-dashboard.stack_memory_obtained=Iegūtā viengala rindas atmiņa
-dashboard.mspan_structures_usage=MSpan struktūru lietojums
-dashboard.mspan_structures_obtained=Iegūtās MSpan struktūras
-dashboard.mcache_structures_usage=MCache struktūru lietojums
-dashboard.mcache_structures_obtained=Iegūtās MCache struktūras
-dashboard.profiling_bucket_hash_table_obtained=Iegūtā profilēšanas groza jaucējtabula
-dashboard.gc_metadata_obtained=Iegūtie GC metadati
-dashboard.other_system_allocation_obtained=Citas iegūtās sistēmas sadales
-dashboard.next_gc_recycle=Nākamā GC atkritne
-dashboard.last_gc_time=Laiks kopš pēdējās GC
-dashboard.total_gc_pause=Kopējais GC pārtraukums
-dashboard.last_gc_pause=Pedējais GC pārtraukums
-dashboard.gc_times=GC reizes
 dashboard.delete_old_actions=Izdzēst visas novecojušās darbības no datubāzes
 dashboard.delete_old_actions.started=Uzsākta visu novecojušo darbību izdzēšana no datubāzes.
 dashboard.update_checker=Atjauninājumu pārbaudītājs
@@ -3024,18 +2984,6 @@ users.purge_help=Veikt lietotāja un visu tam piederošo glabātavu, apvienību
 users.still_own_packages=Šim lietotājam pieder viena vai vairākas pakotnes, tās nepieciešams izdzēst.
 users.deletion_success=Lietotāja konts tika izdzēsts.
 users.reset_2fa=Atiestatīt 2FA
-users.list_status_filter.menu_text=Atlasīt
-users.list_status_filter.reset=Atiestatīt
-users.list_status_filter.is_active=Aktīvs
-users.list_status_filter.not_active=Neaktīvs
-users.list_status_filter.is_admin=Pārvaldītājs
-users.list_status_filter.not_admin=Nav pārvaldītājs
-users.list_status_filter.is_restricted=Ierobežots
-users.list_status_filter.not_restricted=Nav ierobežots
-users.list_status_filter.is_prohibit_login=Neļaut pieteikšanos
-users.list_status_filter.not_prohibit_login=Atļaut pieteikšanos
-users.list_status_filter.is_2fa_enabled=2FA iespējota
-users.list_status_filter.not_2fa_enabled=2FA atspējota
 users.details=Lietotāja informācija
 
 emails.email_manage_panel=Pārvaldīt lietotāju e-pasta adreses
@@ -3354,26 +3302,6 @@ monitor.process.cancel_desc=Procesa atcelšana var radīt datu zaudējumus
 monitor.process.cancel_notices=Atcelt: <strong>%s</strong>?
 monitor.process.children=Apakšprocesi
 
-monitor.queues=Rindsaraksti
-monitor.queue=Rindsaraksts: %s
-monitor.queue.name=Nosaukums
-monitor.queue.type=Veids
-monitor.queue.exemplar=Eksemplāra veids
-monitor.queue.numberworkers=Strādņu skaits
-monitor.queue.activeworkers=Darbojošies strādņi
-monitor.queue.maxnumberworkers=Lielākais pieļaujamais strādņu skaits
-monitor.queue.numberinqueue=Skaits rindsarakstā
-monitor.queue.review_add=Pārskatīt/pievienot strādņus
-monitor.queue.settings.title=Pūla iestatījumi
-monitor.queue.settings.desc=Pūli dinamiski palielinās atkarībā no to strādņu rindu aizturēšanas.
-monitor.queue.settings.maxnumberworkers=Maksimālais strādņu skaits
-monitor.queue.settings.maxnumberworkers.placeholder=Pašalaik %[1]d
-monitor.queue.settings.maxnumberworkers.error=Lielākajam pieļaujamajam strādņu skaitam ir jābūt skaitlim
-monitor.queue.settings.submit=Atjaunināt iestatījumus
-monitor.queue.settings.changed=Iestatījumi atjaunināti
-monitor.queue.settings.remove_all_items=Noņemt visus
-monitor.queue.settings.remove_all_items_done=Visi rindsaraksta vienumi tika noņemti.
-
 notices.system_notice_list=Sistēmas paziņojumi
 notices.view_detail_header=Apskatīt paziņojuma informāciju
 notices.operations=Darbības
@@ -3520,21 +3448,7 @@ workflow.disabled=Darbplūsma ir atspējota.
 
 need_approval_desc=Nepieciešams apstiprinājums, lai izpildītu darbplūsmas izmaiņu pieprasījumos no atzarojumiem.
 
-variables=Mainīgie
-variables.management=Pārvaldīt mainīgos
-variables.creation=Pievienot mainīgo
-variables.none=Vēl nav neviena mainīgā.
-variables.deletion=Noņemt mainīgo
-variables.deletion.description=Mainīgā noņemšana ir neatgriezeniska un nav atsaucama. Turpināt?
-variables.description=Mainīgie tiks padoti noteiktām darbībām, un citādāk tos nevar nolasīt.
 variables.id_not_exist=Mainīgais ar identifikatoru %d nepastāv.
-variables.edit=Labot mainīgo
-variables.deletion.failed=Neizdevās noņemt mainīgo.
-variables.deletion.success=Mainīgais tika noņemts.
-variables.creation.failed=Neizdevās pievienot mainīgo.
-variables.creation.success=Mainīgais "%s" tika pievienots.
-variables.update.failed=Neizdevās labot mainīgo.
-variables.update.success=Mainīgais tika labots.
 workflow.dispatch.invalid_input_type = Nederīgs ievades mainīgā veids "%s".
 workflow.dispatch.run = Izpildīt darbplūsmu
 workflow.dispatch.success = Darbplūsmas izpildīšana tika sekmīgi pieprasīta.
@@ -3545,7 +3459,6 @@ runs.no_workflows.help_no_write_access = Lai uzzinātu par Forgejo Acties, jāie
 runs.no_workflows.help_write_access = Nav skaidrs, kā sākt izmantot Forgejo Actions? Jāieskatās <a target="_blank" rel="noopener noreferrer" href="%s">ātrajā ievadā lietotāja dokumentācijā</a>, lai uzrakstītu savu pirmo darbplūsmu, tad <a target="_blank" rel="noopener noreferrer" href="%s">jāiestata Forgejo izpildītājs</a>, lai izpildītu savus darbus.
 workflow.dispatch.warn_input_limit = Attēlo tikai pirmos %d ievades mainīgos.
 workflow.dispatch.trigger_found = Šai darbplūsmai ir <c>workflow_dispatch</c> notikuma izraisītājs.
-variables.not_found = Neizdevās atrast mainīgo.
 
 [projects]
 type-1.display_name=Atsevišķs projekts
@@ -3614,9 +3527,6 @@ projects.read = <b>Lasīt</b>: piekļūt glabātavas projektu dēļiem.
 [munits.data]
 
 [markup]
-filepreview.line = %[1]d. rinda %[2]s
-filepreview.lines = %[1]d. līdz %[2]d. rinda %[3]s
-filepreview.truncated = Priekšskatījums tika saīsināts
 
 [translation_meta]
 test = Šī ir pārbaudes virkne. Tā netiek attēlota Forgejo saskarnē, bet tiek izmantota pārbaudes nolūkiem. Droši var ievadīt "ok", lai ietaupītu laiku (vai kādu jautru faktu pēc izvēles), lai sasniegtu to saldo 100% pabeigšanas atzīmi.
\ No newline at end of file
diff --git a/options/locale/locale_mk.ini b/options/locale/locale_mk.ini
index 499739ab1f..856593f398 100644
--- a/options/locale/locale_mk.ini
+++ b/options/locale/locale_mk.ini
@@ -1,6 +1,3 @@
-
-
-
 [common]
 home = Дома
 dashboard = Контролна табла
@@ -40,18 +37,6 @@ captcha = Капча
 twofa = Двофакторска автентификација
 twofa_scratch = Двофакторски исцртан код
 passcode = Шифра
-webauthn_insert_key = Вметнете го вашиот безбедносен клуч
-webauthn_sign_in = Притиснете го копчето на вашиот безбедносен клуч. Ако вашиот безбедносен клуч нема копче, повторно вметнете го.
-webauthn_press_button = Притиснете го копчето на вашиот безбедносен клуч…
-webauthn_use_twofa = Користете еден двофакторски код од вашиот телефон
-webauthn_error = Неможно да се чита бесбедносен клуч.
-webauthn_unsupported_browser = Вашиот прелистувач во моментов не ја поддржува WebAuthn.
-webauthn_error_unknown = Се случи непозната грешка. Ве молиме обидете се повторно.
-webauthn_error_insecure = WebAuthn поддржува само сигурни врски. За тестирање преку HTTP, можете да го користите изворот "localhost" или "127.0.0.1"
-webauthn_error_unable_to_process = Серверот не можеше да ја обработи вашето барање.
-webauthn_error_duplicated = Безбедносниот клуч не е дозволен за овој барање. Ве молиме уверете се дека клучот не е веќе регистриран.
-webauthn_error_empty = Мора да е поставено име за овој клуч.
-webauthn_error_timeout = Времето истечало пред да може да се прочита вашиот клуч. Ве молиме освежете ја оваа страница и обидете се повторно.
 repository = Репозиториум
 new_fork = нов форк на репозиториум
 new_project_column = Нова колумна
diff --git a/options/locale/locale_nb_NO.ini b/options/locale/locale_nb_NO.ini
index 268302b1e7..bb9c6eaefb 100644
--- a/options/locale/locale_nb_NO.ini
+++ b/options/locale/locale_nb_NO.ini
@@ -27,18 +27,12 @@ download_logs = Last ned logger
 copy_hash = Kopier hash
 more_items = Flere elementer
 passcode = Adgangskode
-webauthn_insert_key = Skriv inn din sikkerhetsnøkkel
-webauthn_use_twofa = Bruk tofaktorkode fra din mobil
 organization = Organisasjon
 mirror = Speil
 new_mirror = Ny speiling
 repository = Depot
 new_project = Nytt prosjekt
 new_project_column = Ny kolonne
-webauthn_error = Klarte ikke lese sikkerhetsnøkkelen.
-webauthn_unsupported_browser = Nettleseren din støtter ikke WebAuthn.
-webauthn_error_unknown = En ukjent feil oppstod. Vennligst prøv igjen.
-webauthn_error_insecure = WebAuhn støtter kun sikre forbindelser. For testing over HTTP kan du bruke verten "localhost" eller "127.0.0.1"
 admin_panel = Nettsideadministrasjon
 settings = Innstillinger
 your_profile = Profil
@@ -122,15 +116,9 @@ sign_in_or = eller
 sign_out = Logg ut
 sign_up = Opprett konto
 confirm_delete_artifact = Er du sikker på at du vil slette artefakten "%s" ?
-webauthn_sign_in = Trykk på knappen på sikkerhetsnøkkelen din. Dersom nøkkelen din ikke har en knapp, sett den inn på nytt.
 copy_path = Kopier sti
-webauthn_error_unable_to_process = Tjeneren kunne ikke behandle forespørselen din.
-webauthn_error_empty = Du må gi nøkkelen et navn.
 toggle_menu = Åpne/lukke meny
 twofa_scratch = To-faktor skrapekode
-webauthn_press_button = Vennligst trykk på knappen på sikkerhetsnøkkelen…
-webauthn_error_duplicated = Sikkerhetsnøkkelen er ikke tillatt for denne forespørselen. Vennligst sørg for at nøkkelen ikke allerede er registrert.
-webauthn_error_timeout = Et tidsavbrudd oppsto før nøkkelen din kunne leses. Vennligst last inn siden på nytt og prøv igjen.
 new_fork = Ny forgrening av depot
 collaborative = Samarbeidende
 error413 = Du har brukt opp kvoten din.
diff --git a/options/locale/locale_nds.ini b/options/locale/locale_nds.ini
index 358ad5dc6a..2476d7c16f 100644
--- a/options/locale/locale_nds.ini
+++ b/options/locale/locale_nds.ini
@@ -28,14 +28,7 @@ access_token = Togang-Teken
 captcha = CAPTCHA
 twofa = Twee-Faktooren-Anmellen
 twofa_scratch = Twee-Faktooren-Eenmaalpasswoord
-webauthn_insert_key = Steek dienen Sekerheids-Slötel in
-webauthn_press_button = Bidde drück de Knoop up dienem Sekerheids-Slötel …
-webauthn_use_twofa = Bruuk eene Twee-Faktooren-Tahl vun dienem Telefoon
-webauthn_error = Kunn dienen Sekerheids-Slötel nich lesen.
-webauthn_unsupported_browser = Dien Browser unnerstütt stedenwies WebAuthn nich.
-webauthn_error_unknown = Een unbekannter Fehler is uptreden. Bidde versöök dat noch eenmaal.
 passcode = Pass-Tahl
-webauthn_error_empty = Du muttst de Slötel eenen Naam geven.
 repository = Repositorium
 organization = Vereenigung
 new_fork = Neje Repositoriums-Gabel
@@ -47,12 +40,7 @@ register = Registreren
 licenses = Lizenzen
 email = E-Mail-Adress
 re_type = Passwoord utwiesen
-webauthn_error_unable_to_process = De Server kunn diene Anfraag nich verarbeiden.
 new_mirror = Nejer Spegel
-webauthn_sign_in = Drück de Knoop up dienem Sekerheids-Slötel. Wenn dien Slötel keenen Knoop hett, steek ’t ut un weer in.
-webauthn_error_insecure = WebAuthn unnerstütt blots seker Verbinnens. Wenn du över HTTP testen willst, kannst du de Quell »localhost« of »127.0.0.1« bruken
-webauthn_error_duplicated = De Sekerheids-Slötel is för deese Anfraag nich verlöövt. Bidde wees wiss, dat de Slötel nich al vermarkt is.
-webauthn_error_timeout = Tied överweggahn ehr dien Slötel lesen worden kunn. Bidde laad deese Sied neei un versöök dat noch eenmaal.
 mirror = Spegel
 new_project = Nejes Projekt
 new_project_column = Neje Rieg
@@ -2741,9 +2729,6 @@ dashboard.resync_all_sshprincipals = De ».ssh/authorized_principals«-Datei mit
 dashboard.reinit_missing_repos = All fehlend Git-Repositoriums neei inrichten, för wat dat Uptekens gifft
 dashboard.cleanup_packages = Avlopen Paketen uprümen
 dashboard.cleanup_actions = Avlopen Utgaven un Objekten vun Aktioonen uprümen
-dashboard.current_goroutine = Stedenwies Go-Routinen
-dashboard.total_memory_allocated = Spieker towiesen all tosamen
-dashboard.memory_allocate_times = Spieker-Towiesens
 dashboard.system_status = Systeem-Tostand
 dashboard.operation_switch = Wesseln
 dashboard.operation_run = Utföhren
@@ -2764,8 +2749,6 @@ dashboard.operation_name = Aktioons-Naam
 dashboard.cron.process = Tiedplaan: %[1]s
 dashboard.cron.cancelled = Tiedplaan: %[1]s ofbroken: %[3]s
 dashboard.resync_all_sshkeys = De ».ssh/authorized_keys«-Datei mit de SSH-Slötels vun Forgejo vernejen.
-dashboard.memory_obtained = Spieker erhollen
-dashboard.pointer_lookup_times = Wieser-Nakiek-Tieden
 dashboard.task.started = Hett Upgaav begunnen: %[1]s
 dashboard.delete_inactive_accounts = All nich aktiveerten Konten lösken
 dashboard.delete_repo_archives.started = Upgaav, um all Repositoriums-Archiven to lösken, begunnen.
@@ -2776,25 +2759,6 @@ dashboard.sync_repo_branches = Fehlend Twiegen vun Git-Daten to de Datenbank spe
 dashboard.update_migration_poster_id = Umtreck-Autor-IDs vernejen
 dashboard.cleanup_hook_task_table = hook_task-Tabell uprümen
 dashboard.sync_external_users = Frömde Brukerdaten vernejen
-dashboard.server_uptime = Server-Bedrievstied
-dashboard.current_memory_usage = Stedenwies Spiekerbruuk
-dashboard.heap_memory_obtained = Hoopspieker erhollen
-dashboard.current_heap_usage = Stedenwies Hoopbruuk
-dashboard.heap_memory_idle = Hoopspieker mit nix to doon
-dashboard.heap_memory_released = Hoopspieker freeigeven
-dashboard.heap_objects = Hoopobjekten
-dashboard.bootstrap_stack_usage = Bootstrap-Stapelbruuk
-dashboard.stack_memory_obtained = Stapelspieker erhollen
-dashboard.mspan_structures_usage = MSpan-Struktuuren-Bruuk
-dashboard.mspan_structures_obtained = MSpan-Struktuuren erhollen
-dashboard.mcache_structures_usage = MCache-Struktuuren-Bruuk
-dashboard.gc_metadata_obtained = Wiedere Informatioonen för GC erhollen
-dashboard.other_system_allocation_obtained = Anner Systeemtowiesens erhollen
-dashboard.next_gc_recycle = Anner GC-Müllavhalen
-dashboard.last_gc_time = Tied siet lestem GC
-dashboard.total_gc_pause = GC-Paus all tosamen
-dashboard.last_gc_pause = Leste GC-Paus
-dashboard.gc_times = GC-Tieden
 dashboard.delete_old_actions = All olles Doon ut de Datenbank lösken
 dashboard.update_checker = Vernejens-Sööker
 dashboard.delete_old_system_notices = All ollen Systeemnarichten ut de Datenbank lösken
@@ -2830,16 +2794,12 @@ users.is_admin = Chefkonto
 users.admin.description = Deesem Bruker kumpleten Togriep to all Chef-Aktioonen geven, wat mit de Internett-Schnittstee un de API gahn.
 users.is_restricted = Begrenztes Konto
 users.allow_git_hook = Kann Git-Hakens maken
-dashboard.memory_free_times = Spieker-Freeigevens
 users.bot = Bot
 users.2fa = 2FA
-dashboard.profiling_bucket_hash_table_obtained = Profileren-Emmer-Prüfsummtabell erhollen
 dashboard.sync_tag.started = Mark-Vernejen begunnen
 dashboard.rebuild_issue_indexer = Gefall-Indizerer neei bauen
 users.activated.description = Of dat E-Mail-Utwiesen ofsluten is. De Eegner vun eenem nich aktiveerten Konto kann sik nich anmellen, bit dat E-Mail-Utwiesen ofsluten is.
-dashboard.heap_memory_in_use = Hoopspieker bruukt
 users.max_repo_creation_desc = (Giff -1 in, um de Normaalweert vun de Instanz to bruken.)
-dashboard.mcache_structures_obtained = MCache-Struktuuren erhollen
 dashboard.start_schedule_tasks = Aktioonen-Upgaven mit Tiedplaan begünnen
 users.remote = Frömd
 users.max_repo_creation = Hoogste Tahl vun Repositoriums
@@ -2859,12 +2819,6 @@ users.still_has_org = De Bruker is noch een Liddmaat vun eener Vereenigung. Doo
 users.purge = Bruker wegschüren
 users.purge_help = Mit Dwang de Bruker un all siene Repositoriums, Vereenigungen un Paketen lösken. All Kommentaren un Gefallens, wat deeser Bruker maakt hett, worden ok lösket.
 users.still_own_packages = Deeser Bruker is noch Eegner vun een of mehr Paketen, löske eerst deese Paketen.
-users.list_status_filter.menu_text = Filter
-users.list_status_filter.not_active = Nich aktiiv
-users.list_status_filter.is_restricted = Begrenzt
-users.list_status_filter.not_restricted = Unbegrenzt
-users.list_status_filter.is_2fa_enabled = 2FA anknipst
-users.list_status_filter.not_2fa_enabled = 2FA utknipst
 users.details = Bruker-Informatioonen
 emails.email_manage_panel = Bruker-E-Mails verwalten
 emails.primary = Höövd
@@ -2976,17 +2930,11 @@ auths.skip_local_two_fa = Stedenwies 2FA överspringen
 auths.oauth2_tenant = Inwohner
 auths.oauth2_scopes = Wiedere Rebeeten
 users.deletion_success = Dat Brukerkonto is lösket worden.
-users.list_status_filter.is_admin = Chef
 auths.syncenabled = Bruker-Vernejen anknipsen
 users.reset_2fa = 2FA torüggsetten
-users.list_status_filter.is_prohibit_login = Anmellen verseggen
-users.list_status_filter.not_admin = Keen Chef
 auths.auth_type = Anmellens-Aard
 auths.restricted_filter_helper = Laat dat leeg, wenn keene Brukers begrenzt wesen sallen. Bruuk eenen Steern (»*«), um all Brukers, wat nich up de Chef-Filter passen, as begrenzt to setten.
 auths.force_smtps_helper = SMTPS word alltieden up Poort 465 bruukt. Sett dat, um SMTPS up anner Poorten to dwingen. (Anners word up anner Poorten STARTTLS bruukt, wenn de Host dat unnerstütt.)
-users.list_status_filter.reset = Torüggsetten
-users.list_status_filter.is_active = Aktiiv
-users.list_status_filter.not_prohibit_login = Anmellen verlöven
 auths.auth_name = Anmellens-Naam
 auths.map_group_to_team = LDAP-Gruppens up Vereenigungs-Klottjen avbillen (laat dat Feld leeg, um dat to överspringen)
 auths.allowed_domains_helper = Laat dat leeg, um all Domänens to verlöven. Trenn mennig Domänen mit eenem Komma (»,«).
@@ -3160,20 +3108,6 @@ monitor.process.cancel = Prozess ofbreken
 monitor.process.cancel_desc = Wenn een Prozess ofbroken word, könen Daten verloren gahn
 monitor.process.cancel_notices = Ofbreken: <strong>%s</strong>?
 monitor.process.children = Kinners
-monitor.queues = Slangen
-monitor.queue = Slang: %s
-monitor.queue.name = Naam
-monitor.queue.activeworkers = Aktiiv Rieters
-monitor.queue.maxnumberworkers = Hoogste Tahl vun Rieters
-monitor.queue.numberinqueue = Tahl in de Slang
-monitor.queue.review_add = Rieters nakieken / hentofögen
-monitor.queue.settings.title = Vörraad-Instellens
-monitor.queue.settings.maxnumberworkers = Hoogste Tahl vun Rieters
-monitor.queue.settings.maxnumberworkers.placeholder = Stedenwies %[1]d
-monitor.queue.settings.maxnumberworkers.error = Hoogste Tahl vun Rieters mutt eene Tahl wesen
-monitor.queue.settings.submit = Instellens vernejen
-monitor.queue.settings.changed = Instellens verneeit
-monitor.queue.settings.remove_all_items = All wegdoon
 notices.system_notice_list = Systeem-Narichtens
 notices.operations = Doon
 notices.select_all = All utkören
@@ -3186,7 +3120,6 @@ notices.type_1 = Repositorium
 notices.type_2 = Upgaav
 notices.desc = Beschrieven
 notices.op = Up.
-monitor.queue.exemplar = Musteraard
 notices.view_detail_header = Naricht-Informatioonen
 self_check.no_problem_found = Noch keen Probleem funnen.
 self_check.database_collation_mismatch = Verwacht, dat de Datenbank deese Kollatioon bruukt: %s
@@ -3196,10 +3129,8 @@ self_check.database_inconsistent_collation_columns = Datenbank bruukt Kollatioon
 config.log_file_root_path = Utgaav-Padd
 config.reset_password_code_lives = Ofloops-Düür vun de Torügghalens-Teken
 config.allow_dots_in_usernames = Brukers verlöven, Punkten in hör Brukernamen to bruken. Ännert nix an bestahn Konten.
-monitor.queue.numberworkers = Tahl vun Rieters
 config.set_setting_failed = Instellen %s to setten fehlslagen
 monitor.execute_times = Utföhrens
-monitor.queue.settings.desc = Vörraden wassen as nödig, wenn hör Rieters-Slang blockeert.
 auths.tip.openid_connect = Bruuk de Utförsken-URL för OpenID-Verbinnen (<server>/.well-known/openid-configuration), um de Ennpunkten antogeven
 auths.login_source_of_type_exist = Eenen Anmellens-Quell vun deeser Aard gifft dat al.
 config.mailer_protocol = Protokoll
@@ -3209,8 +3140,6 @@ config.app_data_path = Programmdatenpadd
 config.service_config = Deenst-Inrichten
 config.enable_openid_signup = OpenID-Sülvst-Registreren anknipsen
 config.cache_test_slow = Tüskenspieker-Test daankregen, aver de Antwoord is langsaam: %s.
-monitor.queue.type = Aard
-monitor.queue.settings.remove_all_items_done = All Dingen in de Slang sünd wegdaan worden.
 auths.tip.mastodon = Giff eene eegene Instanz-URL för de Mastodon-Instanz, mit wat du anmellen willst, in (of bruuk de Normaalweert)
 notices.delete_success = De Systeem-Narichtens sünd wegdaan worden.
 config.repo_root_path = Repositoriums-Ruut-Padd
@@ -3439,28 +3368,13 @@ workflow.dispatch.input_required = Weert för Ingaav »%s« nödig.
 workflow.dispatch.invalid_input_type = Ungültige Ingaav-Aard »%s«.
 workflow.dispatch.warn_input_limit = Blots de eersten %d Ingaven worden wiesen.
 need_approval_desc = Warkwiesen vun eenem Haalvörslag ut eener Gabel mutten eerst tostimmt worden.
-variables = Variaabeln
-variables.management = Variaabeln verwalten
-variables.none = Dat gifft noch keene Variaabeln.
-variables.deletion = Variaabel wegdoon
-variables.description = Variaabeln worden an wisse Aktioonen övergeven un könen anners nich lesen worden.
 variables.id_not_exist = Variaabel mit ID %d gifft dat nich.
-variables.edit = Variaabel bewarken
-variables.deletion.failed = Kunn Variaabel nich wegdoon.
-variables.deletion.success = De Variaabel is wegdaan worden.
-variables.creation.failed = Kunn Variaabel nich hentofögen.
-variables.creation.success = De Variaabel »%s« is hentoföögt worden.
-variables.update.success = De Variaabel is bewarkt worden.
 workflow.disable = Warkwies utknipsen
-variables.creation = Variaabel hentofögen
-variables.update.failed = Kunn Variaabel nich bewarken.
 workflow.disable_success = Warkwies »%s« is utknipst worden.
 workflow.dispatch.success = Warkwies-Utföhren is vörmarkt worden.
-variables.deletion.description = Eene Variaabel wegtodoon is för all Tieden un kann nich torüggnohmen worden. Wiedermaken?
 unit.desc = Verwalt integreerte CI-/CD-Affolgens mit Forgejo-Aktioonen.
 runs.no_workflows.help_write_access = Weetst du nich, wo man mit Forgejo-Aktioonen begünnen sall? Kiek de <a target="_blank" rel="noopener noreferrer" href="%s">Fixanwies in de Bruker-Dokumenteren</a> an, um diene eerste Warkwies to schrieven, un <a target="_blank" rel="noopener noreferrer" href="%s">richt dann dienen eersten Forgejo-Loper in</a>, um diene Upgavens uttoföhren.
 runs.no_workflows.help_no_write_access = Um mehr över Forgejo-Aktioonen to lehren, kiek <a target="_blank" rel="noopener noreferrer" href="%s">de Dokumenteren</a> an.
-variables.not_found = Kunn de Variaabel nich finnen.
 
 [projects]
 deleted.display_name = Lösket Projekt
@@ -3477,9 +3391,6 @@ symbolic_link = Symbolisk Verwies
 submodule = Unnermoduul
 
 [markup]
-filepreview.lines = Riegen %[1]d bit %[2]d in %[3]s
-filepreview.truncated = Utkiek is ofsneden worden
-filepreview.line = Rieg %[1]d in %[2]s
 
 [translation_meta]
 test = Moin!
diff --git a/options/locale/locale_nl-NL.ini b/options/locale/locale_nl-NL.ini
index aab4dbd684..50d5dfd7d8 100644
--- a/options/locale/locale_nl-NL.ini
+++ b/options/locale/locale_nl-NL.ini
@@ -34,18 +34,6 @@ twofa=Tweefactorauthenticatie
 twofa_scratch=Tweefactor krascode
 passcode=Code
 
-webauthn_insert_key=Sluit uw beveiligingssleutel aan
-webauthn_sign_in=Druk op de knop van uw beveiligingssleutel. Als uw beveiligingssleutel geen knop heeft, sluit deze dan opnieuw aan.
-webauthn_press_button=Druk alstublieft op de knop van uw beveiligingssleutel…
-webauthn_use_twofa=Gebruik een tweefactor code van uw telefoon
-webauthn_error=Kon uw beveiligingssleutel niet lezen.
-webauthn_unsupported_browser=Uw browser ondersteunt momenteel geen WebAuthn.
-webauthn_error_unknown=Er is een onbekende fout opgetreden. Probeer het opnieuw.
-webauthn_error_insecure=WebAuthn ondersteunt alleen beveiligde verbindingen. Om te testen via HTTP, kan je als systeemnaam "localhost" of "127.0.0.1" gebruiken
-webauthn_error_unable_to_process=De server kon uw verzoek niet verwerken.
-webauthn_error_duplicated=De beveiligingssleutel is voor dit verzoek niet toegestaan. Controleer alstublieft of de sleutel niet al is geregistreerd.
-webauthn_error_empty=U moet een naam voor deze sleutel instellen.
-webauthn_error_timeout=Time-out bereikt voordat uw sleutel kon worden gelezen. Herlaad deze pagina en probeer het opnieuw.
 repository=Repository
 organization=Organisatie
 mirror=Kopie
@@ -2919,34 +2907,6 @@ dashboard.resync_all_sshprincipals=Update het ".ssh/authorized_principals" besta
 dashboard.resync_all_hooks=Git hooks van alle repositories opnieuw synchroniseren (pre-receive, update en, post-receive hooks van alle repositories, proc-receive, ...)
 dashboard.reinit_missing_repos=Herinitialiseer alle ontbrekende Git repositories waarvoor records bestaan
 dashboard.sync_external_users=Externe gebruikersgegevens synchroniseren
-dashboard.server_uptime=Uptime server
-dashboard.current_goroutine=Huidige goroutines
-dashboard.current_memory_usage=Huidig geheugen gebruik
-dashboard.total_memory_allocated=Totaal toegewezen geheugen
-dashboard.memory_obtained=Geheugen gebruikt
-dashboard.pointer_lookup_times=Aanwijzer Lookup keer
-dashboard.memory_allocate_times=Geheugentoewijzingen
-dashboard.memory_free_times=Geheugen vrjigemaakt
-dashboard.current_heap_usage=Huidige heap gebruik
-dashboard.heap_memory_obtained=Heap geheugen verkregen
-dashboard.heap_memory_idle=Heap geheugen inactief
-dashboard.heap_memory_in_use=Heap geheugen in gebruik
-dashboard.heap_memory_released=Heap geheugen vrijgegeven
-dashboard.heap_objects=Heap-objecten
-dashboard.bootstrap_stack_usage=Bootstrap Stack gebruik
-dashboard.stack_memory_obtained=Stapel geheugen verkregen
-dashboard.mspan_structures_usage=MSpan structuren gebruik
-dashboard.mspan_structures_obtained=MSpan structuren verkregen
-dashboard.mcache_structures_usage=MCache structuren gebruik
-dashboard.mcache_structures_obtained=MCache structuren verkregen
-dashboard.profiling_bucket_hash_table_obtained=Profilering emmer hashtabel verkregen
-dashboard.gc_metadata_obtained=GC metadada verkregen
-dashboard.other_system_allocation_obtained=Andere systeem toewijzing verkregen
-dashboard.next_gc_recycle=Volgende GC recycle
-dashboard.last_gc_time=Sinds vorige GC verwerkingstijd
-dashboard.total_gc_pause=Totaal GC verwerkingstijd
-dashboard.last_gc_pause=Laatste GC verwerkingstijd
-dashboard.gc_times=GC verwerkingen
 dashboard.delete_old_system_notices=Verwijder alle oude systeemmededelingen uit de database
 
 users.user_manage_panel=Gebruikersaccounts beheren
@@ -2984,12 +2944,6 @@ users.delete_account=Gebruikersaccount verwijderen
 users.still_own_repo=Deze gebruiker is nog steeds eigenaar van één of meerdere repositories. Verwijder of draag eerst deze repositories over.
 users.still_has_org=Deze gebruiker is lid van een organisatie. Verwijder de gebruiker eerst uit alle organisaties.
 users.deletion_success=De gebruiker is verwijderd.
-users.list_status_filter.menu_text=Filter
-users.list_status_filter.is_active=Actief
-users.list_status_filter.not_active=Inactief
-users.list_status_filter.is_admin=Beheerder
-users.list_status_filter.is_restricted=Beperkt
-
 emails.email_manage_panel=Gebruikersmails beheren
 emails.primary=Primair
 emails.activated=Geactiveerd
@@ -3233,20 +3187,6 @@ monitor.process.cancel=Annuleer proces
 monitor.process.cancel_desc=Annuleren van een proces kan gegevensverlies veroorzaken
 monitor.process.cancel_notices=Annuleer: <strong>%s</strong>?
 
-monitor.queues=Wachtrijen
-monitor.queue=Wachtrij: %s
-monitor.queue.name=Naam
-monitor.queue.type=Type
-monitor.queue.exemplar=Type voorbeeld
-monitor.queue.numberworkers=Aantal werkers
-monitor.queue.maxnumberworkers=Maximum aantal werkers
-monitor.queue.settings.title=Pool instellingen
-monitor.queue.settings.maxnumberworkers=Maximum aantal workers
-monitor.queue.settings.maxnumberworkers.placeholder=Momenteel %[1]d
-monitor.queue.settings.maxnumberworkers.error=Maximaal aantal workers moet een nummer zijn
-monitor.queue.settings.submit=Instellingen bijwerken
-monitor.queue.settings.changed=Instellingen bijgewerkt
-
 notices.system_notice_list=Systeemmeldingen
 notices.view_detail_header=Bekijk notificatie details
 notices.select_all=Alles selecteren
@@ -3260,12 +3200,6 @@ notices.type_2=Taak
 notices.desc=Beschrijving
 notices.op=Op.
 notices.delete_success=De systeemmeldingen zijn verwijderd.
-monitor.queue.activeworkers = Actieve werkers
-monitor.queue.numberinqueue = Aantal in wachtrij
-monitor.queue.review_add = Werkers beoordelen of toevoegen
-monitor.queue.settings.desc = Pools groeien dynamisch in reactie op het blokkeren van hun wachtrijen.
-monitor.queue.settings.remove_all_items = Alles verwijderen
-monitor.queue.settings.remove_all_items_done = Alle items in de wachtrij zijn verwijderd.
 notices.operations = Operaties
 self_check.no_problem_found = Nog geen probleem gevonden.
 self_check.database_collation_mismatch = Verwacht dat de database collatie gebruikt: %s
@@ -3274,12 +3208,6 @@ users.cannot_delete_self = Je kunt jezelf niet verwijderen
 users.purge = Gebruiker wissen
 users.still_own_packages = Deze gebruiker bezit nog steeds één of meerdere pakketten, verwijder deze pakketten eerst.
 users.reset_2fa = 2FA opnieuw instellen
-users.list_status_filter.reset = Reset
-users.list_status_filter.not_admin = Niet beheerder
-users.list_status_filter.not_restricted = Niet beperkt
-users.list_status_filter.is_prohibit_login = Inloggen verbieden
-users.list_status_filter.not_prohibit_login = Inloggen toestaan
-users.list_status_filter.is_2fa_enabled = 2FA ingeschakeld
 users.details = Gebruikersgegevens
 emails.change_email_text = Weet je zeker dat je dit e-mailadres wilt bijwerken?
 repos.lfs_size = LFS grootte
@@ -3305,7 +3233,6 @@ packages.cleanup = Verlopen gegevens opschonen
 defaulthooks.add_webhook = Standaard webhook toevoegen
 auths.oauth2_required_claim_value_helper = Stel deze waarde in om het aanmelden vanuit deze bron te beperken tot gebruikers met een claim met deze naam en waarde
 users.remote = Externe
-users.list_status_filter.not_2fa_enabled = 2FA uitgeschakeld
 users.reserved = Gereserveerd
 defaulthooks.desc = Webhooks doen automatisch HTTP POST verzoeken naar een server wanneer bepaalde Forgejo gebeurtenissen zich voordoen. Webhooks defined here are defaults and will be copied into all new repositories. Read more in the <a target="_blank" rel="noopener" href="%s">webhooks guide</a>.
 auths.verify_group_membership = Controleer het groepslidmaatschap in LDAP (laat het filter leeg om over te slaan)
@@ -3500,7 +3427,6 @@ creation.name_placeholder = hoofdlettergevoelig, alleen alfanumerieke tekens of
 deletion.failed = Mislukt om geheim te verwijderen.
 
 [actions]
-variables.update.failed = Mislukt bij het bewerken van variabele.
 runs.no_runs = De workflow heeft nog geen runs.
 runs.empty_commit_message = (leeg commit bericht)
 workflow.disable = Workflow uitschakelen
@@ -3508,22 +3434,9 @@ workflow.enable = Workflow inschakelen
 workflow.enable_success = Workflow "%s" is succesvol ingeschakeld.
 workflow.disabled = Workflow is uitgeschakeld.
 need_approval_desc = Heb goedkeuring nodig om workflows uit te voeren voor fork pull request.
-variables = Variabelen
-variables.management = Variabelenbeheer
-variables.creation = Variabele toevoegen
-variables.deletion = Variabel verwijderen
-variables.deletion.description = Een variabele verwijderen is permanent en kan niet ongedaan worden gemaakt. Doorgaan?
 variables.id_not_exist = Variabele met ID %d bestaat niet.
-variables.edit = Variabele bewerken
-variables.deletion.failed = Mislukt om variabele te verwijderen.
-variables.deletion.success = De variabele is verwijderd.
-variables.creation.failed = Mislukt om variable toe te voegen.
-variables.creation.success = De variabele "%s" is toegevoegd.
-variables.update.success = De variabele is bewerkt.
 unit.desc = Beheer geïntegreerde CI/CD-pijplijnen met Forgejo Actions.
 workflow.disable_success = Workflow "%s" is succesvol uitgeschakeld.
-variables.none = Er zijn nog geen variabelen.
-variables.description = Variabelen worden doorgegeven aan bepaalde acties en kunnen anders niet worden gelezen.
 workflow.dispatch.trigger_found = Deze workflow heeft een <c>workflow_dispatch</c> event trigger.
 workflow.dispatch.success = Workflow-run is met succes aangevraagd.
 workflow.dispatch.use_from = Gebruik workflow van
@@ -3534,10 +3447,6 @@ workflow.dispatch.input_required = Waarde vereist voor invoer “%s”.
 runs.expire_log_message = Logs zijn verwijderd omdat ze te oud waren.
 runs.no_workflows.help_no_write_access = Om meer te weten te komen over Forgejo Acties, zie <a target="_blank" rel="noopener noreferrer" href="%s">de documentatie</a>.
 runs.no_workflows.help_write_access = Weet je niet hoe je moet beginnen met Forgejo Actions? Bekijk de <a target="_blank" rel="noopener noreferrer" href="%s">snelstart in de gebruikersdocumentatie</a> om je eerste workflow te schrijven en <a target="_blank" rel="noopener noreferrer" href="%s">stel vervolgens een Forgejo runner in</a> om je jobs uit te voeren.
-variables.not_found = De variabele kon niet gevonden worden.
-
-
-
 
 [projects]
 type-1.display_name = Individueel project
@@ -3585,10 +3494,6 @@ regexp = RegExp
 [munits.data]
 
 [markup]
-filepreview.line = Lijn %[1]d in %[2]s
-filepreview.lines = Lijnen %[1]d naar %[2]d in %[3]s
-filepreview.truncated = Voorbeeld is ingekort
-
 
 [translation_meta]
 test = Oké
diff --git a/options/locale/locale_pl-PL.ini b/options/locale/locale_pl-PL.ini
index 955ba44bce..7354373710 100644
--- a/options/locale/locale_pl-PL.ini
+++ b/options/locale/locale_pl-PL.ini
@@ -33,18 +33,6 @@ twofa=Uwierzytelnianie dwuskładnikowe
 twofa_scratch=Kod jednorazowy uwierzytelniania dwuskładnikowego
 passcode=Kod dostępu
 
-webauthn_insert_key=Podłącz swój klucz bezpieczeństwa
-webauthn_sign_in=Naciśnij przycisk na swoim kluczu bezpieczeństwa. Jeśli go nie posiada, podłącz go ponownie.
-webauthn_press_button=Naciśnij przycisk na swoim kluczu bezpieczeństwa…
-webauthn_use_twofa=Użyj kodu uwierzytelniania dwuskładnikowego ze swojego telefonu
-webauthn_error=Nie można odczytać Twojego klucza bezpieczeństwa.
-webauthn_unsupported_browser=Twoja przeglądarka nie obsługuje obecnie WebAuthn.
-webauthn_error_unknown=Wystąpił nieznany błąd. Spróbuj ponownie.
-webauthn_error_insecure=`WebAuthn obsługuje tylko bezpieczne połączenia. Do testowania przez HTTP można użyć "localhost" lub "127.0.0.1"`
-webauthn_error_unable_to_process=Serwer nie mógł obsłużyć Twojego żądania.
-webauthn_error_duplicated=Klucz bezpieczeństwa nie jest dozwolony dla tego żądania. Upewnij się, że klucz nie jest już zarejestrowany.
-webauthn_error_empty=Musisz ustawić nazwę dla tego klucza.
-webauthn_error_timeout=Osiągnięto limit czasu zanim Twój klucz może zostać odczytany. Odśwież stronę i spróbuj ponownie.
 repository=Repozytorium
 organization=Organizacja
 mirror=Kopia lustrzana
@@ -2924,34 +2912,6 @@ dashboard.resync_all_hooks=Ponownie synchronizuj hooki Git we wszystkich repozyt
 dashboard.reinit_missing_repos=Ponownie zainicjalizuj wszystkie brakujące repozytoria Git, dla których istnieją rekordy
 dashboard.sync_external_users=Synchronizuj zewnętrzne dane użytkownika
 dashboard.cleanup_hook_task_table=Wyczyść tabelę hook_task
-dashboard.server_uptime=Czas pracy serwera
-dashboard.current_goroutine=Bieżące goroutines
-dashboard.current_memory_usage=Bieżące użycie pamięci
-dashboard.total_memory_allocated=Całkowita przydzielona pamięć
-dashboard.memory_obtained=Pamięć uzyskana
-dashboard.pointer_lookup_times=Czas określania wskaźników
-dashboard.memory_allocate_times=Alokacje pamięci
-dashboard.memory_free_times=Zwolnienie pamięci
-dashboard.current_heap_usage=Bieżące użycie sterty
-dashboard.heap_memory_obtained=Uzyskana pamięć sterty
-dashboard.heap_memory_idle=Bezczynna pamięć sterty
-dashboard.heap_memory_in_use=Używana pamięć sterty
-dashboard.heap_memory_released=Zwolniona pamięć sterty
-dashboard.heap_objects=Ilość obiektów na stercie
-dashboard.bootstrap_stack_usage=Użycie stosu bootstrap
-dashboard.stack_memory_obtained=Uzyskana pamięć stosu
-dashboard.mspan_structures_usage=Użycie struktur MSpan
-dashboard.mspan_structures_obtained=Uzyskane struktury MSpan
-dashboard.mcache_structures_usage=Użycie struktur MCache
-dashboard.mcache_structures_obtained=Uzyskane struktury MCache
-dashboard.profiling_bucket_hash_table_obtained=Uzyskana tablica haszująca profilowania
-dashboard.gc_metadata_obtained=Ilość metadanych uzyskanych przez GC
-dashboard.other_system_allocation_obtained=Inne uzyskane alokacje systemowe
-dashboard.next_gc_recycle=Następne wywołanie GC
-dashboard.last_gc_time=Czas od ostatniego wywołania GC
-dashboard.total_gc_pause=Sumaryczny czas wstrzymania przez GC
-dashboard.last_gc_pause=Ostatnie wstrzymanie przez GC
-dashboard.gc_times=Ilość wywołań GC
 dashboard.delete_old_actions=Usuń wszystkie stare akcje z bazy danych
 dashboard.delete_old_actions.started=Usuwanie wszystkich starych akcji z bazy danych rozpoczęte.
 
@@ -2991,10 +2951,6 @@ users.still_own_repo=Ten użytkownik jest właścicielem jednego lub większej i
 users.still_has_org=Ten użytkownik jest członkiem organizacji. Musisz go najpierw usunąć ze wszystkich organizacji.
 users.deletion_success=Konto użytkownika zostało usunięte.
 users.reset_2fa=Zresetuj 2FA
-users.list_status_filter.is_active=Aktywne
-users.list_status_filter.is_admin=Administrator
-users.list_status_filter.is_restricted=Ograniczone
-
 emails.email_manage_panel=Zarządzanie adresami e-mail
 emails.primary=Podstawowy
 emails.activated=Aktywowany
@@ -3249,20 +3205,6 @@ monitor.process.cancel=Anuluj proces
 monitor.process.cancel_desc=Anulowanie procesu może spowodować utratę danych
 monitor.process.cancel_notices=Anuluj: <strong>%s</strong>?
 
-monitor.queues=Kolejki
-monitor.queue=Kolejka: %s
-monitor.queue.name=Nazwa
-monitor.queue.type=Typ
-monitor.queue.exemplar=Przykładowy typ
-monitor.queue.numberworkers=Liczba procesów pracujących
-monitor.queue.maxnumberworkers=Maksymalna Liczba procesów pracujących
-monitor.queue.settings.title=Ustawienia puli
-monitor.queue.settings.maxnumberworkers=Maksymalna liczba procesów pracujących
-monitor.queue.settings.maxnumberworkers.placeholder=Obecnie %[1]d
-monitor.queue.settings.maxnumberworkers.error=Maksymalna liczba procesów pracujących musi być liczbą
-monitor.queue.settings.submit=Aktualizuj ustawienia
-monitor.queue.settings.changed=Zaktualizowano ustawienia
-
 notices.system_notice_list=Powiadomienia systemu
 notices.view_detail_header=Szczegóły powiadomienia
 notices.select_all=Wybierz wszystkie
@@ -3280,17 +3222,14 @@ monitor.last_execution_result = Wynik
 monitor.process.children = Dzieci
 integrations = Integracje
 users.bot = Bot
-users.list_status_filter.menu_text = Filtr
 packages.version = Wersja
 packages.creator = Twórca
-users.list_status_filter.not_active = Nieaktywne
 notices.operations = Operacje
 config.send_test_mail_submit = Wyślij
 packages.published = Opublikowane
 config.mailer_protocol = Protokół
 monitor.stats = Statystyki
 users.remote = Zdalnie
-users.list_status_filter.reset = Zresetuj
 config_summary = Podsumowanie
 config_settings = Ustawienia
 assets = Zasoby kodu
@@ -3311,10 +3250,6 @@ dashboard.stop_zombie_tasks = Zatrzymaj zadania zombi akcji
 users.cannot_delete_self = Nie możesz usunąć sam(a) siebie
 packages.cleanup.success = Pomyślnie wyczyszczono przedawnione dane
 dashboard.sync_tag.started = Synchronizacja tagu rozpoczęta
-users.list_status_filter.not_restricted = Nie ograniczony
-users.list_status_filter.is_prohibit_login = Zabroń logowania
-users.list_status_filter.not_prohibit_login = Zezwól na logowanie
-users.list_status_filter.is_2fa_enabled = 2FA włączone
 dashboard.gc_lfs = Wywołaj GC na metaobiektach LFS
 dashboard.stop_endless_tasks = Zatrzymaj niekończące się zadania akcji
 repos.lfs_size = Wielkość LFS
@@ -3330,8 +3265,6 @@ users.restricted.description = Zezwól tylko na interakcje z repozytoriami i org
 users.local_import.description = Zezwól na importowanie repozytoriów z lokalnego systemu plików serwera. To może być problemem zabezpieczeń.
 users.organization_creation.description = Zezwól na tworzenie nowych organizacji.
 users.still_own_packages = Ten użytkownik nadal jest właścicielem jednego lub więcej pakietów, usuń najpierw te pakiety.
-users.list_status_filter.not_admin = Nie administrator
-users.list_status_filter.not_2fa_enabled = 2FA wyłączone
 emails.change_email_text = Czy jesteś pewien(-na), że chcesz zaktualizować ten adres e-mail?
 emails.delete = Usuń adres e-mail
 emails.delete_desc = Czy jesteś pewien(-na), że chcesz usunąć ten adres e-mail?
@@ -3343,9 +3276,6 @@ dashboard.new_version_hint = Forgejo %s jest już dostępne, w tej chwili korzys
 identity_access = Tożsamość i dostęp
 dashboard.cron.cancelled = Cron: %[1]s anulowany: %[3]s
 config.domain = Domena serwera
-monitor.queue.activeworkers = Aktywne procesy pracujące
-monitor.queue.settings.remove_all_items = Usuń wszystkie
-monitor.queue.settings.desc = Pule rosną dynamicznie w odpowiedzi na blokadę kolejki procesów pracujących.
 config.mailer_config = Konfiguracja Mailer
 auths.tip.gitea = Zarejestruj nową aplikację OAuth2. Przewodnik można znaleźć na %s
 auths.unable_to_initialize_openid = Nie można zainicjalizować Dostawcy Uwierzytelniania OpenID Connect: %s
@@ -3353,7 +3283,6 @@ auths.force_smtps = Wymuś SMTPS
 auths.helo_hostname = Nazwa hosta HELO
 self_check = Autoweryfikacja
 config.mailer_enable_helo = Włącz HELO
-monitor.queue.settings.remove_all_items_done = Wszystkie elementy w kolejce zostały usunięte.
 auths.tips.gmail_settings = Ustawienia Gmail:
 auths.map_group_to_team_removal = Usuń użytkowników z synchronizowanych zespołów jeżeli użytkownik nie należy do odpowiadającej grupy LDAP
 auths.enable_ldap_groups = Włącz grupy LDAP
@@ -3370,8 +3299,6 @@ config.mailer_use_dummy = Testowa
 config.cache_test_failed = Nie udało się zbadać pamięci podręcznej: %v.
 config.cache_test = Przetestuj Pamięć Podręczną
 monitor.processes_count = %d Procesów
-monitor.queue.numberinqueue = Liczba w kolejce
-monitor.queue.review_add = Sprawdź / dodaj procesy pracujące
 self_check.no_problem_found = Nie znaleziono jeszcze żadnych problemów.
 config.cache_test_succeeded = Test pamięci podręcznej zakończony powodzeniem, otrzymano odpowiedź w ciągu %s.
 auths.login_source_exist = Źródło uwierzytelniania "%s" już istnieje.
@@ -3503,28 +3430,13 @@ management = Zarządzaj sekretami
 deletion.failed = Nie udało się usunąć sekretu.
 
 [actions]
-variables = Zmienne
 variables.id_not_exist = Zmienna o ID %d nie istnieje.
-variables.edit = Edytuj Zmienną
-variables.update.failed = Nie udało się zmienić zmiennej.
-variables.creation.success = Zmienna "%s" została dodana.
-variables.creation.failed = Nie udało się dodać zmiennej.
-variables.deletion.success = Zmienna została usunięta.
-variables.update.success = Zmienna została zmieniona.
-variables.deletion.failed = Nie udało się usunąć zmiennej.
 runs.no_workflows.help_write_access = Nie wiesz jak zacząć z Forgejo Actions? Sprawdź <a target="_blank" rel="noopener noreferrer" href="%s">szybki start w dokumentacji użytkownika</a> i napisz swój pierwszy proces pracy, a następnie <a target="_blank" rel="noopener noreferrer" href="%s">skonfiguruj runnera Forgejo</a> by wykonywał twoje zadania.
-variables.deletion.description = Usunięcie zmiennej jest permanentne i nie może zostać cofnięte. Kontynuować?
-variables.deletion = Usuń zmienną
-variables.management = Zarządzaj zmiennymi
 runs.expire_log_message = Logi zostały oczyszczone ponieważ były za stare.
-variables.none = Nie ma jeszcze zmiennych.
 runs.empty_commit_message = (pusta wiadomość commita)
-variables.creation = Dodaj zmienną
 runs.no_workflows.help_no_write_access = By dowiedzieć się o Forgejo Actions, zobacz <a target="_blank" rel="noopener noreferrer" href="%s">dokumentację</a>.
-variables.description = Zmienne będą przekazane pewnym akcjom, nie mogą być odczytane inaczej.
 workflow.disable = Wyłącz proces pracy
 unit.desc = Zarządzaj zintegrowanymi procesami CI/CD z Forgejo Actions.
-variables.not_found = Nie udało się znaleźć zmiennej.
 runs.no_runs = Ten proces pracy nie ma jeszcze uruchomień.
 workflow.dispatch.use_from = Wykorzystaj proces pracy z
 workflow.disabled = Proces pracy jest wyłączony.
@@ -3587,9 +3499,6 @@ regexp_tooltip = Interpretuj wyszukiwane hasło jako wyrażenie regularne
 
 
 [markup]
-filepreview.lines = Linie %[1]d do %[2]d w %[3]s
-filepreview.truncated = Podgląd został przycięty
-filepreview.line = Linia %[1]d w %[2]s
 
 [translation_meta]
 test = Litwo, Ojczyzno moja! ty jesteś jak zdrowie; ile cię trzeba cenić, ten tylko się dowie, kto cię stracił. Dziś piękność twą w całej ozdobie widzę i opisuję, bo tęsknię po tobie :)
diff --git a/options/locale/locale_pt-BR.ini b/options/locale/locale_pt-BR.ini
index 779b328087..7e505b6920 100644
--- a/options/locale/locale_pt-BR.ini
+++ b/options/locale/locale_pt-BR.ini
@@ -36,18 +36,6 @@ twofa=Autenticação de dois fatores
 twofa_scratch=Código de uso único da autenticação de dois fatores
 passcode=Senha
 
-webauthn_insert_key=Insira sua chave de segurança
-webauthn_sign_in=Pressione o botão na sua chave de segurança. Caso a sua chave de segurança não possuir um botão, insira-a novamente.
-webauthn_press_button=Pressione o botão na sua chave de segurança…
-webauthn_use_twofa=Use um código de duas etapas do seu telefone
-webauthn_error=Não foi possível ler sua chave de segurança.
-webauthn_unsupported_browser=Seu navegador não oferece suporte ao WebAuthn.
-webauthn_error_unknown=Ocorreu um erro desconhecido. Tente novamente.
-webauthn_error_insecure=WebAuthn suporta apenas conexões seguras. Para testar via HTTP, você pode usar a origem "localhost" ou "127.0.0.1"
-webauthn_error_unable_to_process=O servidor não pôde processar sua solicitação.
-webauthn_error_duplicated=A chave de segurança não é permitida para esta solicitação. Por favor, certifique-se que a chave já não está registrada.
-webauthn_error_empty=Você deve definir um nome para esta chave.
-webauthn_error_timeout=Não foi possível ler a sua chave de segurança antes do tempo limite. Atualize a página e tente novamente.
 repository=Repositório
 organization=Organização
 mirror=Espelhamento
@@ -2932,34 +2920,6 @@ dashboard.reinit_missing_repos=Reinicializar todos os repositórios Git perdidos
 dashboard.sync_external_users=Sincronizar dados de usuário externo
 dashboard.cleanup_hook_task_table=Limpar tabela hook_task
 dashboard.cleanup_packages=Limpar pacotes expirados
-dashboard.server_uptime=Tempo de atividade do servidor
-dashboard.current_goroutine=Goroutines atuais
-dashboard.current_memory_usage=Uso de memória atual
-dashboard.total_memory_allocated=Total de memória alocada
-dashboard.memory_obtained=Memória obtida
-dashboard.pointer_lookup_times=Número de consultas a ponteiros
-dashboard.memory_allocate_times=Alocações de memória
-dashboard.memory_free_times=Liberações de memória
-dashboard.current_heap_usage=Uso atual da heap
-dashboard.heap_memory_obtained=Memória de heap obtida
-dashboard.heap_memory_idle=Memória de heap ociosa
-dashboard.heap_memory_in_use=Memória de heap em uso
-dashboard.heap_memory_released=Memória de heap liberada
-dashboard.heap_objects=Objetos na heap
-dashboard.bootstrap_stack_usage=Uso de pilha bootstrap
-dashboard.stack_memory_obtained=Memória de pilha obtida
-dashboard.mspan_structures_usage=Uso de estruturas MSpan
-dashboard.mspan_structures_obtained=Estruturas MSpan obtidas
-dashboard.mcache_structures_usage=Uso de estruturas MCache
-dashboard.mcache_structures_obtained=Estruturas MCache obtidas
-dashboard.profiling_bucket_hash_table_obtained=Hash table de profiling bucket obtida
-dashboard.gc_metadata_obtained=Metadados do GC obtidos
-dashboard.other_system_allocation_obtained=Outra alocação de sistema obtida
-dashboard.next_gc_recycle=Próxima reciclagem do GC
-dashboard.last_gc_time=Tempo desde última GC
-dashboard.total_gc_pause=Pausa total de GC
-dashboard.last_gc_pause=Última pausa de GC
-dashboard.gc_times=Número de execuções do GC
 dashboard.delete_old_actions=Excluir todas as atividades antigas do banco de dados
 dashboard.delete_old_actions.started=A exclusão de todas as atividades antigas do banco de dados foi iniciada.
 dashboard.update_checker=Verificador de atualização
@@ -3011,18 +2971,6 @@ users.purge_help=Exclua forçosamente o usuário e quaisquer repositórios, orga
 users.still_own_packages=Este usuário é dono de um ou mais pacotes. Exclua estes pacotes antes de continuar.
 users.deletion_success=A conta de usuário foi excluída.
 users.reset_2fa=Reinicializar 2FA
-users.list_status_filter.menu_text=Filtro
-users.list_status_filter.reset=Reset
-users.list_status_filter.is_active=Ativo
-users.list_status_filter.not_active=Inativo
-users.list_status_filter.is_admin=Administrador
-users.list_status_filter.not_admin=Não administrador
-users.list_status_filter.is_restricted=Restrito
-users.list_status_filter.not_restricted=Não restrito
-users.list_status_filter.is_prohibit_login=Proibir login
-users.list_status_filter.not_prohibit_login=Permitir login
-users.list_status_filter.is_2fa_enabled=Autenticação de dois fatores ativada
-users.list_status_filter.not_2fa_enabled=Autenticação em duas etapas desativada
 users.details=Detalhes do usuário
 
 emails.email_manage_panel=Gerenciar e-mails de usuários
@@ -3336,23 +3284,6 @@ monitor.process.cancel_desc=Cancelar um processo pode causar perda de dados
 monitor.process.cancel_notices=Cancelar: <strong>%s</strong>?
 monitor.process.children=Descendentes
 
-monitor.queues=Filas
-monitor.queue=Fila: %s
-monitor.queue.name=Nome
-monitor.queue.type=Tipo
-monitor.queue.exemplar=Tipo de modelo
-monitor.queue.numberworkers=Número de workers
-monitor.queue.maxnumberworkers=Número máximo de workers
-monitor.queue.numberinqueue=Número na fila
-monitor.queue.settings.title=Configurações do pool
-monitor.queue.settings.maxnumberworkers=Número máximo de executores
-monitor.queue.settings.maxnumberworkers.placeholder=Atualmente %[1]d
-monitor.queue.settings.maxnumberworkers.error=Número máximo de executores deve ser um número
-monitor.queue.settings.submit=Atualizar configurações
-monitor.queue.settings.changed=Configurações atualizadas
-monitor.queue.settings.remove_all_items=Remover tudo
-monitor.queue.settings.remove_all_items_done=Todos os itens da fila foram removidos.
-
 notices.system_notice_list=Avisos do sistema
 notices.view_detail_header=Detalhes do aviso
 notices.operations=Operações
@@ -3389,15 +3320,12 @@ dashboard.task.cancelled = Tarefa: %[1]s cancelada: %[3]s
 dashboard.sync_branch.started = Sincronização de ramos iniciada
 dashboard.sync_repo_branches = Sincronizar ramos perdidos do Git para o banco de dados
 packages.cleanup.success = Os dados expirados foram limpos com sucesso
-monitor.queue.activeworkers = Processos ativos
 systemhooks.desc = Os webhooks fazem automaticamente solicitações HTTP POST para um servidor quando certos eventos Forgejo são acionados. Os webhooks definidos aqui atuarão em todos os repositórios do sistema, então, considere quaisquer implicações de desempenho que isso possa ter. Leia mais no <a target="_blank" rel="noopener" href="%s">guia de webhooks</a>.
 defaulthooks.desc = Os webhooks fazem automaticamente solicitações HTTP POST para um servidor quando certos eventos Forgejo são acionados. Os webhooks definidos aqui são padrões e serão copiados para todos os novos repositórios. Leia mais no <a target="_blank" rel="noopener" href="%s">guia de webhooks</a>.
 self_check.database_fix_mysql = Para usuários do MySQL/MariaDB, você pode usar o comando "forgejo doctor convert" para corrigir os problemas de ordenamento, ou também pode corrigir o problema usando "ALTER ... COLLATE ..." SQLs manualmente.
-monitor.queue.settings.desc = Os pools crescem dinamicamente quando as filas de seus workers ficam bloqueadas.
 config.cache_test_succeeded = Teste de cache bem-sucedido, obteve uma resposta em %s.
 self_check.database_inconsistent_collation_columns = O banco de dados está usando o ordenamento %s, mas essas colunas estão usando ordenamentos incompatíveis. Isso pode causar alguns problemas inesperados.
 dashboard.rebuild_issue_indexer = Reconstruir indexador de problemas
-monitor.queue.review_add = Revisar / adicionar workers
 assets = Ativos de código
 config.open_with_editor_app_help = Os editores "Abrir com" para o menu clone. Se deixado em branco, o padrão será usado. Expanda para ver o padrão.
 config.cache_test_slow = Teste de cache bem-sucedido, mas a resposta é lenta: %s.
@@ -3510,21 +3438,8 @@ management=Gerenciamento de segredos
 unit.desc=Gerenciar pipelines integradas de CI/CD com Forgejo Actions.
 
 need_approval_desc=Precisa de aprovação para executar workflows para pull request do fork.
-variables.edit = Editar variável
-variables.deletion.success = A variável foi removida.
-variables.creation.success = A variável "%s" foi adicionada.
-variables.update.success = A variável foi editada.
-variables.creation = Adicionar variável
-variables.deletion = Remover variável
-variables.management = Gerenciar variáveis
-variables.none = Ainda não há variáveis.
-variables.update.failed = Falha ao editar a variável.
 runs.empty_commit_message = (mensagem de commit vazia)
-variables = Variáveis
 variables.id_not_exist = A variável com o ID %d não existe.
-variables.deletion.failed = Falha ao remover a variável.
-variables.creation.failed = Falha ao adicionar a variável.
-variables.description = As variáveis serão passadas para certas Actions e não poderão ser lidas de outra forma.
 workflow.dispatch.trigger_found = Este workflow tem um disparador de evento <c>workflow_dispatch</c>.
 workflow.dispatch.run = Executar workflow
 runs.no_runs = O workflow ainda não foi executado.
@@ -3538,12 +3453,9 @@ workflow.enable_success = Workflow "%s" ativado com sucesso.
 workflow.dispatch.success = Execução do workflow solicitada com sucesso.
 workflow.dispatch.input_required = Exigir um valor para a entrada "%s".
 workflow.dispatch.invalid_input_type = Tipo de entrada "%s" inválido.
-variables.deletion.description = Apagar uma variável é permanente e não pode ser desfeito. Continuar?
 runs.expire_log_message = Os logs foram apagados pois eram antigos demais.
 runs.no_workflows.help_no_write_access = Para aprender sobre as Actions do Forgejo, veja <a target="_blank" rel="noopener noreferrer" href="%s">a documentação</a>.
 runs.no_workflows.help_write_access = Não sabe como começar a usar as Actions do Forgejo? Veja o <a target="_blank" rel="noopener noreferrer" href="%s">guia de como começar na documentação do usuário</a> para escrever seu primeiro workflow, depois <a target="_blank" rel="noopener noreferrer" href="%s">configure um runner do Forgejo</a> para executar trabalhos.
-variables.not_found = Não foi possível encontrar a variável.
-
 
 [projects]
 type-1.display_name=Projeto individual
@@ -3591,9 +3503,6 @@ regexp = ExpReg
 [munits.data]
 
 [markup]
-filepreview.line = Linha %[1]d em %[2]s
-filepreview.lines = Linhas %[1]d a %[2]d em %[3]s
-filepreview.truncated = Pré-visualização truncada
 
 [repo.permissions]
 pulls.write = <b>Escrita:</b> Encerrar propostas de revisão e gerir metadados como rótulos, marcos, responsáveis, prazos e dependências.
diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini
index ddba7440d5..cede616bce 100644
--- a/options/locale/locale_pt-PT.ini
+++ b/options/locale/locale_pt-PT.ini
@@ -37,18 +37,6 @@ twofa=Autenticação de dois fatores
 twofa_scratch=Código de uso único de dois fatores
 passcode=Código
 
-webauthn_insert_key=Insira a sua chave de segurança
-webauthn_sign_in=Pressione o botão da sua chave de segurança. Se a sua chave de segurança não tiver um botão, insira-a novamente.
-webauthn_press_button=Por favor, prima o botão da sua chave de segurança…
-webauthn_use_twofa=Usar um código de dois passos do seu telefone
-webauthn_error=Não foi possível ler a sua chave de segurança.
-webauthn_unsupported_browser=O seu navegador não oferece suporte ao WebAuthn.
-webauthn_error_unknown=Ocorreu um erro desconhecido. Tente novamente, por favor.
-webauthn_error_insecure=`WebAuthn apenas suporta conexões seguras. Para testar sobre HTTP, pode usar a origem "localhost" ou "127.0.0.1"`
-webauthn_error_unable_to_process=O servidor não conseguiu processar o seu pedido.
-webauthn_error_duplicated=A chave de segurança não é permitida neste pedido. Certifique-se de que a chave não está já registada.
-webauthn_error_empty=Você tem que definir um nome para esta chave.
-webauthn_error_timeout=O tempo limite foi atingido antes que a sua chave pudesse ser lida. Recarregue esta página e tente novamente.
 repository=Repositório
 organization=Organização
 mirror=Réplica
@@ -2938,34 +2926,6 @@ dashboard.sync_external_users=Sincronizar dados externos do utilizador
 dashboard.cleanup_hook_task_table=Limpar tabela hook_task
 dashboard.cleanup_packages=Limpar pacotes expirados
 dashboard.cleanup_actions=Limpar registos e artefactos expirados das operações
-dashboard.server_uptime=Tempo em funcionamento contínuo do servidor
-dashboard.current_goroutine=Goroutines em execução
-dashboard.current_memory_usage=Utilização de memória corrente
-dashboard.total_memory_allocated=Total de memória alocada
-dashboard.memory_obtained=Memória obtida
-dashboard.pointer_lookup_times=N. º de consultas a ponteiros
-dashboard.memory_allocate_times=Alocações de memória
-dashboard.memory_free_times=Libertações de memória
-dashboard.current_heap_usage=Uso corrente da heap
-dashboard.heap_memory_obtained=Memória heap obtida
-dashboard.heap_memory_idle=Memória heap em repouso
-dashboard.heap_memory_in_use=Memória heap em uso
-dashboard.heap_memory_released=Memória heap libertada
-dashboard.heap_objects=Elementos heap
-dashboard.bootstrap_stack_usage=Uso da pilha de arranque
-dashboard.stack_memory_obtained=Memória da pilha obtida
-dashboard.mspan_structures_usage=Uso das estruturas MSpan
-dashboard.mspan_structures_obtained=Estruturas MSpan obtidas
-dashboard.mcache_structures_usage=Uso das estruturas MCache
-dashboard.mcache_structures_obtained=Estruturas MCache obtidas
-dashboard.profiling_bucket_hash_table_obtained=Perfil obtido da tabela de hash do balde
-dashboard.gc_metadata_obtained=Metadados obtidos da recolha de lixo
-dashboard.other_system_allocation_obtained=Outras alocações de sistema obtidas
-dashboard.next_gc_recycle=Próxima reciclagem da recolha de lixo
-dashboard.last_gc_time=Tempo decorrido desde a última recolha de lixo
-dashboard.total_gc_pause=Pausa total da recolha de lixo
-dashboard.last_gc_pause=Última pausa da recolha de lixo
-dashboard.gc_times=N.º de recolhas de lixo
 dashboard.delete_old_actions=Eliminar todos os trabalhos antigos da base de dados
 dashboard.delete_old_actions.started=Foi iniciado o processo de eliminação de todos os trabalhos antigos da base de dados.
 dashboard.update_checker=Verificador de novas versões
@@ -3023,18 +2983,6 @@ users.purge_help=Eliminar o utilizador à força, juntamente com todos os seus r
 users.still_own_packages=Este utilizador ainda possui um ou mais pacotes, elimine esses pacotes primeiro.
 users.deletion_success=A conta de utilizador foi eliminada.
 users.reset_2fa=Reinicializar a autenticação em dois passos
-users.list_status_filter.menu_text=Filtro
-users.list_status_filter.reset=Reiniciar
-users.list_status_filter.is_active=Ligado
-users.list_status_filter.not_active=Desligado
-users.list_status_filter.is_admin=Administrador
-users.list_status_filter.not_admin=Não Administrador
-users.list_status_filter.is_restricted=Restrito
-users.list_status_filter.not_restricted=Não restrito/a
-users.list_status_filter.is_prohibit_login=Proibir início de sessão
-users.list_status_filter.not_prohibit_login=Permitir início de sessão
-users.list_status_filter.is_2fa_enabled=Autenticação em dois passos habilitada
-users.list_status_filter.not_2fa_enabled=Autenticação em dois passos desabilitada
 users.details=Detalhes do utilizador
 
 emails.email_manage_panel=Gerir endereços de email do utilizador
@@ -3353,26 +3301,6 @@ monitor.process.cancel_desc=Cancelar um processo pode resultar na perda de dados
 monitor.process.cancel_notices=Cancelar: <strong>%s</strong>?
 monitor.process.children=Descendentes
 
-monitor.queues=Filas
-monitor.queue=Fila: %s
-monitor.queue.name=Nome
-monitor.queue.type=Tipo
-monitor.queue.exemplar=Tipo de exemplar
-monitor.queue.numberworkers=N.º de trabalhadores
-monitor.queue.activeworkers=Trabalhadores operantes
-monitor.queue.maxnumberworkers=N.º máximo de trabalhadores
-monitor.queue.numberinqueue=N.º na fila
-monitor.queue.review_add=Rever / adicionar trabalhadores
-monitor.queue.settings.title=Configurações do agregado
-monitor.queue.settings.desc=Agregados crescem dinamicamente em resposta aos bloqueios da sua fila de trabalhadores.
-monitor.queue.settings.maxnumberworkers=N.º máximo de trabalhadores
-monitor.queue.settings.maxnumberworkers.placeholder=De momento %[1]d
-monitor.queue.settings.maxnumberworkers.error=O número máximo de trabalhadores tem que ser um número
-monitor.queue.settings.submit=Modificar configurações
-monitor.queue.settings.changed=Configurações modificadas
-monitor.queue.settings.remove_all_items=Remover tudo
-monitor.queue.settings.remove_all_items_done=Todos os itens da fila foram removidos.
-
 notices.system_notice_list=Notificações do sistema
 notices.view_detail_header=Detalhes da notificação
 notices.operations=Operações
@@ -3517,21 +3445,7 @@ workflow.disabled=A sequência de trabalho está desabilitada.
 
 need_approval_desc=É necessária aprovação para executar sequências de trabalho para a derivação do pedido de integração.
 
-variables=Variáveis
-variables.management=Gerir variáveis
-variables.creation=Adicionar variável
-variables.none=Ainda não há variáveis.
-variables.deletion=Remover variável
-variables.deletion.description=Remover uma variável é permanente e não pode ser revertido. Quer continuar?
-variables.description=As variáveis serão transmitidas a certas operações e não poderão ser lidas de outra forma.
 variables.id_not_exist=A variável com o ID %d não existe.
-variables.edit=Editar variável
-variables.deletion.failed=Falha ao remover a variável.
-variables.deletion.success=A variável foi removida.
-variables.creation.failed=Falha ao adicionar a variável.
-variables.creation.success=A variável "%s" foi adicionada.
-variables.update.failed=Falha ao editar a variável.
-variables.update.success=A variável foi editada.
 workflow.dispatch.use_from = Usar sequência de trabalho de
 workflow.dispatch.run = Executar sequência de trabalho
 workflow.dispatch.input_required = Exigir valor para a entrada "%s".
@@ -3542,7 +3456,6 @@ workflow.dispatch.invalid_input_type = Tipo de entrada "%s" inválido.
 runs.expire_log_message = Os registos foram purgados por serem demasiado antigos.
 runs.no_workflows.help_no_write_access = Para aprender sobre Forgejo Actions, veja<a target="_blank" rel="noopener noreferrer" href="%s">a documentação</a>.
 runs.no_workflows.help_write_access = Não sabe como começar com o Forgejo Actions? Consulte o <a target="_blank" rel="noopener noreferrer" href="%s">início rápido na documentação do utilizador</a> para escrever a sua primeira sequência de trabalho, depois <a target="_blank" rel="noopener noreferrer" href="%s">prepare um executor Forgejo</a> para executar os seus trabalhos.
-variables.not_found = Não foi possível encontrar a variável.
 
 [projects]
 type-1.display_name=Projeto individual
@@ -3590,9 +3503,6 @@ regexp = ExpReg
 [munits.data]
 
 [markup]
-filepreview.lines = Linhas %[1]d até %[2]d em %[3]s
-filepreview.line = Linha %[1]d em %[2]s
-filepreview.truncated = A previsão foi truncada
 
 [translation_meta]
 test = ok :)
diff --git a/options/locale/locale_ro.ini b/options/locale/locale_ro.ini
index e2b404808c..ec266dfd90 100644
--- a/options/locale/locale_ro.ini
+++ b/options/locale/locale_ro.ini
@@ -28,14 +28,6 @@ password = Parolă
 access_token = Token de acces
 captcha = CAPTCHA
 twofa = Autentificare prin doi factori
-webauthn_insert_key = Inserează cheia de securitate
-webauthn_press_button = Apasă butonul de pe cheia de securitate…
-webauthn_use_twofa = Folosește un cod de verificare de pe telefon
-webauthn_error = Cheia de securitate nu a putut fi citită.
-webauthn_unsupported_browser = Browserul tău nu are abilități WebAuthn pe moment.
-webauthn_error_unable_to_process = Serverul nu a putut procesa cererea.
-webauthn_error_duplicated = Cheia de securitate nu este permisă pentru această cerere. Asigură-te că cheia nu este înregistrată deja.
-webauthn_error_empty = Trebuie să setezi un nume pentru această cheie.
 organization = Organizație
 mirror = Oglindă
 settings = Setări
@@ -79,9 +71,7 @@ filter = Filtru
 filter.clear = Șterge filtre
 filter.is_archived = Arhivat
 enable_javascript = Acest site are nevoie de JavaScript.
-webauthn_error_unknown = O eroare necunoscută a apărut. Te rog reîncearcă.
 re_type = Confirmă parola
-webauthn_sign_in = Apasă butonul de pe cheia de securitate. Dacă cheia de securitate nu are un buton, reintrodu-o.
 new_mirror = Oglindă nouă
 new_project = Proiect nou
 remove_label_str = Șterge elementul "%s"
@@ -92,8 +82,6 @@ error404 = Pagina pe care încercați să o vizitați fie <strong>nu există</st
 filter.not_archived = Nearhivat
 activities = Activități
 confirm_delete_selected = Ștergi toate elementele selectate?
-webauthn_error_insecure = WebAuthn funcționează doar prin conexiuni securizate. Pentru a testa folosind HTTP, poți folosi "localhost" sau "127.0.0.1" ca origine
-webauthn_error_timeout = Limita de timp a fost depășită înainte ca cheia ta să poată fi citită. Reîncarcă pagina și reîncearcă.
 copy_error = Copiere eșuată
 concept_user_individual = Individual
 unknown = Necunoscut
diff --git a/options/locale/locale_ru-RU.ini b/options/locale/locale_ru-RU.ini
index 0e9ec2d653..43e21a0c18 100644
--- a/options/locale/locale_ru-RU.ini
+++ b/options/locale/locale_ru-RU.ini
@@ -36,18 +36,6 @@ twofa=Двухфакторная аутентификация
 twofa_scratch=Код восстановления 2ФА
 passcode=Код
 
-webauthn_insert_key=Вставьте ваш токен авторизации
-webauthn_sign_in=Подтвердите действие на токене авторизации. Если на вашем токене нет кнопки, вставьте его заново.
-webauthn_press_button=Подтвердите действие на токене авторизации…
-webauthn_use_twofa=Используйте двухфакторный код с вашего телефона
-webauthn_error=Не удалось прочитать токен авторизации.
-webauthn_unsupported_browser=Ваш браузер в настоящее время не поддерживает WebAuthn.
-webauthn_error_unknown=Произошла неизвестная ошибка. Повторите попытку.
-webauthn_error_insecure=WebAuthn поддерживает только безопасные соединения. Для тестирования по HTTP можно использовать "localhost" или "127.0.0.1"
-webauthn_error_unable_to_process=Сервер не смог обработать ваш запрос.
-webauthn_error_duplicated=Этот токен авторизации не разрешен для выполнения этого запроса. Убедитесь, что токен не был зарегистрирован ранее.
-webauthn_error_empty=Необходимо задать имя для этого ключа.
-webauthn_error_timeout=Время истекло раньше, чем ключ был прочитан. Перезагрузите эту страницу и повторите попытку.
 repository=Репозиторий
 organization=Организация
 mirror=Зеркало
@@ -2935,34 +2923,6 @@ dashboard.reinit_missing_repos=Переинициализировать все 
 dashboard.sync_external_users=Синхронизировать данные сторонних пользователей
 dashboard.cleanup_hook_task_table=Очистить таблицу hook_task
 dashboard.cleanup_packages=Удалить устаревшие пакеты
-dashboard.server_uptime=Время работы
-dashboard.current_goroutine=Выполняемые goroutines
-dashboard.current_memory_usage=Текущее использование памяти
-dashboard.total_memory_allocated=Всего памяти выделялось
-dashboard.memory_obtained=Получено памяти
-dashboard.pointer_lookup_times=Поисков указателя
-dashboard.memory_allocate_times=Выделений памяти
-dashboard.memory_free_times=Высвобождений памяти
-dashboard.current_heap_usage=Текущее использование кучи
-dashboard.heap_memory_obtained=Получено динамической памяти
-dashboard.heap_memory_idle=Простаивающая динамическая память
-dashboard.heap_memory_in_use=Используемая динамическая память
-dashboard.heap_memory_released=Освобождено динамической памяти
-dashboard.heap_objects=Объектов динамической памяти
-dashboard.bootstrap_stack_usage=Использование стека загрузчика
-dashboard.stack_memory_obtained=Стековой памяти выделялось
-dashboard.mspan_structures_usage=Использование структур MSpan
-dashboard.mspan_structures_obtained=Структур MSpan выделялось
-dashboard.mcache_structures_usage=Использование структур MCache
-dashboard.mcache_structures_obtained=Получено структур MCache
-dashboard.profiling_bucket_hash_table_obtained=Хеш-таблиц получено при профайлинге
-dashboard.gc_metadata_obtained=Метаданных сборщика мусора создавалось
-dashboard.other_system_allocation_obtained=Прочие системные выделения памяти
-dashboard.next_gc_recycle=Следующее высвобождение сборщиком мусора
-dashboard.last_gc_time=Прошло с последнего сбора мусора
-dashboard.total_gc_pause=Итоговая задержка сборщика
-dashboard.last_gc_pause=Последняя пауза сборщика
-dashboard.gc_times=Сборок мусора
 dashboard.delete_old_actions=Удалить все старые активности из базы данных
 dashboard.delete_old_actions.started=Запущено удаление всех старых активностей из БД.
 dashboard.update_checker=Проверка обновлений
@@ -3016,18 +2976,6 @@ users.purge_help=Принудительно удалить все данные,
 users.still_own_packages=Этот пользователь всё ещё владеет одним или несколькими пакетами, сначала удалите их.
 users.deletion_success=Учётная запись успешно удалена.
 users.reset_2fa=Сброс 2ФА
-users.list_status_filter.menu_text=Фильтр
-users.list_status_filter.reset=Сбросить
-users.list_status_filter.is_active=Активные
-users.list_status_filter.not_active=Неактивные
-users.list_status_filter.is_admin=Администраторы
-users.list_status_filter.not_admin=Не администраторы
-users.list_status_filter.is_restricted=Ограниченные
-users.list_status_filter.not_restricted=Не ограниченные
-users.list_status_filter.is_prohibit_login=Вход запрещён
-users.list_status_filter.not_prohibit_login=Вход разрешён
-users.list_status_filter.is_2fa_enabled=2ФА включена
-users.list_status_filter.not_2fa_enabled=2ФА отключена
 users.details=О пользователе
 
 emails.email_manage_panel=Управление адресами эл. почты пользователей
@@ -3343,25 +3291,6 @@ monitor.process.cancel_desc=Отмена процесса может приве
 monitor.process.cancel_notices=Отменить: <strong>%s</strong>?
 monitor.process.children=Потомки
 
-monitor.queues=Очереди
-monitor.queue=Очередь: %s
-monitor.queue.name=Имя
-monitor.queue.type=Тип
-monitor.queue.exemplar=Тип образца
-monitor.queue.numberworkers=Количество обработчиков
-monitor.queue.activeworkers=Активные обработчики
-monitor.queue.maxnumberworkers=Макс. количество обработчиков
-monitor.queue.numberinqueue=Позиция в очереди
-monitor.queue.settings.title=Настройки пула
-monitor.queue.settings.desc=Пулы динамически растут в зависимости от блокировки очередей их рабочих.
-monitor.queue.settings.maxnumberworkers=Макс. количество обработчиков
-monitor.queue.settings.maxnumberworkers.placeholder=В настоящий момент %[1]d
-monitor.queue.settings.maxnumberworkers.error=Максимальное количество обработчиков должно быть числом
-monitor.queue.settings.submit=Обновить настройки
-monitor.queue.settings.changed=Настройки обновлены
-monitor.queue.settings.remove_all_items=Удалить все
-monitor.queue.settings.remove_all_items_done=Все элементы в очереди были удалены.
-
 notices.system_notice_list=Системные оповещения
 notices.view_detail_header=Подробности уведомления
 notices.operations=Операции
@@ -3400,7 +3329,6 @@ config.open_with_editor_app_help = Приложения для "Открыть 
 config_settings = Настройки
 auths.tips.gmail_settings = Настройки Gmail:
 auths.tip.gitlab_new = Создайте новое приложение в %s
-monitor.queue.review_add = Подробности / добавить обработчики
 auths.default_domain_name = Домен по умолчанию для адресов эл. почты
 config.app_slogan = Лозунг сервера
 config.cache_test = Проверить кэш
@@ -3522,20 +3450,6 @@ workflow.disabled=Рабочий поток выключен.
 
 need_approval_desc=Требуется одобрение, чтобы запустить рабочие потоки для запроса на слияние.
 
-variables=Переменные
-variables.management=Управление переменными
-variables.creation=Добавить переменную
-variables.none=Переменных пока нет.
-variables.deletion=Удалить переменную
-variables.deletion.description=Удаление переменной необратимо, его нельзя отменить. Продолжить?
-variables.description=Переменные будут передаваться определенным действиям и не могут быть прочитаны иначе.
-variables.edit=Изменить переменную
-variables.deletion.failed=Не удалось удалить переменную.
-variables.deletion.success=Переменная удалена.
-variables.creation.failed=Не удалось добавить переменную.
-variables.creation.success=Переменная «%s» добавлена.
-variables.update.failed=Не удалось изменить переменную.
-variables.update.success=Переменная изменена.
 variables.id_not_exist = Переменная с идентификатором %d не существует.
 workflow.dispatch.trigger_found = Этот рабочий поток срабатывает на события <c>workflow_dispatch</c>.
 workflow.dispatch.use_from = Использовать рабочий поток из
@@ -3547,7 +3461,6 @@ workflow.dispatch.warn_input_limit = Отображаются только пе
 runs.expire_log_message = Журнал был удалён из-за старости.
 runs.no_workflows.help_write_access = Не знаете, как начать использовать Действия Forgejo? Ознакомьтесь с <a target="_blank" rel="noopener noreferrer" href="%s">руководством по быстрому старту в документации</a> и создайте первый рабочий поток, затем <a target="_blank" rel="noopener noreferrer" href="%s">настройте исполнитель Forgejo</a>, который будет выполнять задачи.
 runs.no_workflows.help_no_write_access = Ознакомьтесь с <a target="_blank" rel="noopener noreferrer" href="%s">документацией</a>, чтобы узнать про Действия Forgejo.
-variables.not_found = Не удалось найти переменную.
 
 [projects]
 type-1.display_name=Индивидуальный проект
@@ -3594,9 +3507,6 @@ regexp_tooltip = Поисковый запрос будет воспринят 
 
 
 [markup]
-filepreview.line = Строка %[1]d в %[2]s
-filepreview.lines = Строки с %[1]d по %[2]d в %[3]s
-filepreview.truncated = Предпросмотр был обрезан
 
 [translation_meta]
 test = Wake up :)
diff --git a/options/locale/locale_si-LK.ini b/options/locale/locale_si-LK.ini
index 38bcbdbe6d..bc07de0e6f 100644
--- a/options/locale/locale_si-LK.ini
+++ b/options/locale/locale_si-LK.ini
@@ -1954,34 +1954,6 @@ dashboard.resync_all_hooks=පෙර ලැබීමට, යාවත්කා
 dashboard.reinit_missing_repos=අතුරුදහන් වූ සියලුම ගිට් නිධි නැවත ආරම්භ කිරීම
 dashboard.sync_external_users=බාහිර පරිශීලක දත්ත සමමුහූර්තනය
 dashboard.cleanup_hook_task_table=පිරිසිදු hook_task වගුව
-dashboard.server_uptime=සේවාදායකය යාවත්කාලීන කිරීම
-dashboard.current_goroutine=වත්මන් ගෝර්අවුට්ලයින්
-dashboard.current_memory_usage=වත්මන් මතක භාවිතය
-dashboard.total_memory_allocated=මුළු මතකය වෙන් කර ඇත
-dashboard.memory_obtained=ලබා ගත් මතකය
-dashboard.pointer_lookup_times=පොයින්ටර් Lookup ටයිම්ස්
-dashboard.memory_allocate_times=මතක ප්රතිපාදන
-dashboard.memory_free_times=මතක නිදහස්
-dashboard.current_heap_usage=වත්මන් heap භාවිතය
-dashboard.heap_memory_obtained=ලබා ගත් ගොඩක් මතකය
-dashboard.heap_memory_idle=ගොඩක් මතකය අලස
-dashboard.heap_memory_in_use=භාවිතයේ දී ගොඩක් මතකය
-dashboard.heap_memory_released=ගොඩක් මතකය නිකුත්
-dashboard.heap_objects=ගොඩක් වස්තු
-dashboard.bootstrap_stack_usage=Bootstrap Stack භාවිතය
-dashboard.stack_memory_obtained=ලබා මතකය ගොඩගසන්න
-dashboard.mspan_structures_usage=MsPan ව්යුහයන් භාවිතය
-dashboard.mspan_structures_obtained=ලබා ගත් MsPan ව්යුහයන්
-dashboard.mcache_structures_usage=මැචේ ව්යුහයන් භාවිතය
-dashboard.mcache_structures_obtained=ලබා ගත් මැචේ ව්යුහයන්
-dashboard.profiling_bucket_hash_table_obtained=ලබා භාජනයට හැෂ් වගුව පැතිකඩ
-dashboard.gc_metadata_obtained=ලබාගත් GC පාර-දත්ත
-dashboard.other_system_allocation_obtained=ලබා ගත් වෙනත් පද්ධති ප්රතිපාදන
-dashboard.next_gc_recycle=ඊලඟ GC, ප්රතිචක්රීකරණ
-dashboard.last_gc_time=පසුගිය GC වේලාව
-dashboard.total_gc_pause=මුළු GC විරාමය
-dashboard.last_gc_pause=අවසන් GC විරාමය
-dashboard.gc_times=GC ටයිම්ස්
 dashboard.delete_old_actions=සියලු පැරණි ක්රියා දත්ත සමුදායෙන් මකන්න
 dashboard.delete_old_actions.started=දත්ත සමුදාය ආරම්භ සිට සියලු පැරණි ක්රියා මකන්න.
 
@@ -2020,19 +1992,6 @@ users.still_own_repo=මෙම පරිශීලකයා තවමත් ග
 users.still_has_org=මෙම පරිශීලකයා සංවිධානයක සාමාජිකයෙකි. පළමුව ඕනෑම ආයතනයකින් පරිශීලකයා ඉවත් කරන්න.
 users.deletion_success=පරිශීලක ගිණුම මකා දමා ඇත.
 users.reset_2fa=2fa යළි පිහිටුවන්න
-users.list_status_filter.menu_text=පෙරහන
-users.list_status_filter.reset=යළි සකසන්න
-users.list_status_filter.is_active=ක්රියාකාරී
-users.list_status_filter.not_active=අක්රිය
-users.list_status_filter.is_admin=පරිපාලක
-users.list_status_filter.not_admin=පරිපාලක නොවන
-users.list_status_filter.is_restricted=සීමා
-users.list_status_filter.not_restricted=සීමා කර නැත
-users.list_status_filter.is_prohibit_login=ලොගින් වන්න තහනම්
-users.list_status_filter.not_prohibit_login=ලොගින් වන්න ඉඩ
-users.list_status_filter.is_2fa_enabled=2FA සක්රීය
-users.list_status_filter.not_2fa_enabled=2FA ආබාධිත
-
 emails.email_manage_panel=පරිශීලක විද්යුත් කළමනාකරණය
 emails.primary=ප්රාථමික
 emails.activated=සක්රිය
@@ -2297,20 +2256,6 @@ monitor.process.cancel=ක්රියාවලිය අවලංගු කර
 monitor.process.cancel_desc=ක්රියාවලියක් අවලංගු කිරීම දත්ත අහිමි වීමට හේතු විය හැක
 monitor.process.cancel_notices=<strong>%s</strong>: අවලංගු කරන්නද?
 
-monitor.queues=පෝලිම්
-monitor.queue=පෝලිම: %s
-monitor.queue.name=නම
-monitor.queue.type=වර්ගය
-monitor.queue.exemplar=ආදර්ශ වර්ගය
-monitor.queue.numberworkers=කම්කරුවන් සංඛ්යාව
-monitor.queue.maxnumberworkers=මැක්ස් කම්කරු සංඛ්යාව
-monitor.queue.settings.title=තටාකය සැකසුම්
-monitor.queue.settings.maxnumberworkers=මැක්ස් කම්කරුවන් සංඛ්යාව
-monitor.queue.settings.maxnumberworkers.placeholder=වත්මන්%[1]d
-monitor.queue.settings.maxnumberworkers.error=මැක්ස් කම්කරුවන්ගේ සංඛ්යාව අංකයක් විය යුතුය
-monitor.queue.settings.submit=සැකසුම් යාවත්කාල කරන්න
-monitor.queue.settings.changed=සැකසුම් යාවත්කාල කෙරිණි
-
 notices.system_notice_list=පද්ධතියේ දැන්වීම්
 notices.view_detail_header=දැන්වීමේ විස්තර දකින්න
 notices.select_all=සියල්ල තෝරන්න
diff --git a/options/locale/locale_sk-SK.ini b/options/locale/locale_sk-SK.ini
index cab953088e..829d8eaffe 100644
--- a/options/locale/locale_sk-SK.ini
+++ b/options/locale/locale_sk-SK.ini
@@ -37,18 +37,6 @@ twofa=Dvoj-faktorové overenie
 twofa_scratch=Dvojfaktorový dočasný kód
 passcode=Prístupový kód
 
-webauthn_insert_key=Zadajte bezpečnostný kľúč
-webauthn_sign_in=Stlačte tlačidlo na vašom bezpečnostnom kľúči. Ak váš kľúč nemá tlačidlo, vyberte a zasunte ho znova.
-webauthn_press_button=Stlačte, prosím, tlačidlo na vašom bezpečnostnom kľúči…
-webauthn_use_twofa=Použite kód dvojfaktorového overenia z vášho telefónu
-webauthn_error=Nie je možné prečítať váš bezpečnostný kód.
-webauthn_unsupported_browser=Váš prehliadač aktuálne nepodporuje WebAuthn.
-webauthn_error_unknown=Vyskytla sa neznáma chyba. Skúste to znova.
-webauthn_error_insecure=`WebAuthn podporuje iba bezpečné spojenia. Na testovanie cez HTTP môžete použiť "localhost" alebo "127.0.0.1"`
-webauthn_error_unable_to_process=Server nemohol spracovať vašu požiadavku.
-webauthn_error_duplicated=Bezpečnostný kľúč nie je pre túto požiadavku povolený. Uistite sa, že kľúč ešte nie je zaregistrovaný.
-webauthn_error_empty=Musíte nastaviť meno pre tento kľúč.
-webauthn_error_timeout=Vypršal čas na čítanie vašeho kľúča. Znova načítajte túto stránku a skúste to opäť.
 repository=Repozitár
 organization=Organizácia
 mirror=Zrkadlo
diff --git a/options/locale/locale_sl.ini b/options/locale/locale_sl.ini
index ec58b597df..ca991b53b4 100644
--- a/options/locale/locale_sl.ini
+++ b/options/locale/locale_sl.ini
@@ -1,9 +1,7 @@
 [common]
 language = Jezik
 passcode = Vstopna koda
-webauthn_error_timeout = Preden je bilo mogoče prebrati vaš ključ, je bil dosežen časovni rok. Ponovno naložite to stran in poskusite znova.
 cancel = Prekliči
-webauthn_sign_in = Pritisnite gumb na varnostnem ključu. Če varnostni ključ nima gumba, ga ponovno vstavite.
 create_new = Ustvari …
 disabled = Invalidi
 go_back = Pojdi nazaj
@@ -19,18 +17,15 @@ your_settings = Nastavitve
 explore = Razišči
 return_to_forgejo = Nazaj na Forgejo
 write = Napišite
-webauthn_error_unknown = Zgodila se je neznana napaka. Prosimo, poskusite znova.
 twofa = Dvofaktorsko preverjanje pristnosti
 version = Verzija
 copy_success = Kopirano!
 help = Pomoč
 copy_type_unsupported = Te vrste datotek ni mogoče kopirati
-webauthn_error_empty = Za ta ključ morate nastaviti ime.
 confirm_delete_selected = Potrdite brisanje vseh izbranih elementov?
 name = Ime
 sign_in_or = ali
 show_log_seconds = Prikaži sekunde
-webauthn_use_twofa = Uporaba kode z dvema faktorjema iz telefona
 edit = Uredi
 page = Stran
 concept_system_global = Globalno
@@ -51,7 +46,6 @@ admin_panel = Administracija spletnega mesta
 copy_error = Kopiranje ni uspelo
 new_mirror = Novo ogledalo
 re_type = Potrdite geslo
-webauthn_unsupported_browser = Vaš brskalnik trenutno ne podpira WebAuthna.
 copy = Kopiraj
 enabled = Omogočeno
 show_timestamps = Prikaži časovne žige
@@ -64,7 +58,6 @@ value = Vrednost
 concept_user_individual = Individualno
 notifications = Obvestila
 repository = Repository
-webauthn_error = Vašega varnostnega ključa ni bilo mogoče prebrati.
 add_all = Dodaj vse
 new_fork = Nova vilica repozitorija
 new_project_column = Nova kolumna
@@ -73,16 +66,12 @@ active_stopwatch = Aktivno sledenje času
 organization = Organizacija
 save = Shrani
 sign_in_with_provider = Prijava s/z %s
-webauthn_error_unable_to_process = Strežnik ni mogel obdelati vaše zahteve.
 register = Registracija
 mirror = Zrcalo
 access_token = Token za dostop
 download_logs = Prenos dnevnikov
-webauthn_insert_key = Vnesite varnostni ključ
 password = Geslo
-webauthn_error_duplicated = Varnostni ključ za to zahtevo ni dovoljen. Prepričajte se, da ključ še ni registriran.
 template = Predloga
-webauthn_press_button = Pritisnite gumb na varnostnem ključu…
 unknown = Neznano
 sign_up = Registracija
 enable_javascript = To spletno mesto zahteva JavaScript.
@@ -94,7 +83,6 @@ preview = Predogled
 mirrors = Ogledala
 loading = Nalaganje…
 show_full_screen = Prikaži celoten zaslon
-webauthn_error_insecure = WebAuthn podpira samo varne povezave. Za testiranje prek protokola HTTP lahko uporabite izvor "localhost" ali "127.0.0.1"
 username = Uporabniško ime
 tracked_time_summary = Povzetek spremljanega časa na podlagi filtrov seznama zadev
 email = E-poštni naslov
diff --git a/options/locale/locale_sr-SP.ini b/options/locale/locale_sr-SP.ini
index d55a963222..7e2fea2e88 100644
--- a/options/locale/locale_sr-SP.ini
+++ b/options/locale/locale_sr-SP.ini
@@ -36,23 +36,6 @@ link_account = Повежите рачун
 powered_by = Успостављено са %s
 notifications = Обавештења
 passcode = ПИН ко̑д
-webauthn_insert_key = Прикључите Ваш физички сигурносни кључ
-webauthn_sign_in = Притисните дугме на Вашем сигурносном кључу. Уколико Ваш кључ нема дугме, искључите и поново укључите га.
-webauthn_press_button = Молимо притисните дугме на Вашем сигурносном кључу…
-webauthn_use_twofa = Користите дво-факторски ко̑д са вашег мобитела
-webauthn_error = Сигурносни кључ се не да исчитати.
-webauthn_unsupported_browser = Ваш веб-прегледач тренутно не подржава "WebAuthn".
-webauthn_error_unknown = Непозната грешка се догодила. Молимо Вас да покушате поново.
-webauthn_error_insecure = "WebAuthn" једино подржава сигурне везе. За тестирање путем ХТТП, можете корисити извор "localhost" или "127.0.0.1"
-webauthn_error_unable_to_process = Сервер не може обрадити Ваш захтев.
-webauthn_error_duplicated = Сигурносни кључ није дозвољен за овај захтев. Уверите се да кључ није већ регистрован.
-webauthn_error_empty = Морате унети име за овај кључ.
-webauthn_error_timeout = Захтев је истекао пре што је очитавање Вашег кључа успео. Молимо Вас да актуализирате ову веб-страницу и покушате поново.
-
-
-
-
-
 
 [error]
 
@@ -566,33 +549,6 @@ total=Укупно: %d
 dashboard.operation_name=Име операције
 dashboard.operation_switch=Пребаци
 dashboard.operation_run=Покрени
-dashboard.server_uptime=Време непрекидног рада сервера
-dashboard.current_goroutine=Тренутнe Goroutine
-dashboard.current_memory_usage=Тренутна употреба меморије
-dashboard.total_memory_allocated=Укупно меморије алоцирано
-dashboard.memory_obtained=Коришћена меморија
-dashboard.pointer_lookup_times=Захтева показивача
-dashboard.current_heap_usage=Тренутна употреба динамичке меморије
-dashboard.heap_memory_obtained=Слободно динамичке меморије
-dashboard.heap_memory_idle=Некориштена динамичка меморија
-dashboard.heap_memory_in_use=Динамичка меморија у употреби
-dashboard.heap_memory_released=Ослобођено динамичке меморије
-dashboard.heap_objects=Објекти динамичке меморије
-dashboard.bootstrap_stack_usage=Коришћење стек меморије
-dashboard.stack_memory_obtained=Слободно стек меморије
-dashboard.mspan_structures_usage=Употреба структуре MSpan
-dashboard.mspan_structures_obtained=Добијено структуре MSpan
-dashboard.mcache_structures_usage=Употреба структурa MCache
-dashboard.mcache_structures_obtained=Добијено структурa MCache
-dashboard.profiling_bucket_hash_table_obtained=Хеш-табела постигнуто за Profiling Bucket
-dashboard.gc_metadata_obtained=Добијених метаподатака cакупљању смећа
-dashboard.other_system_allocation_obtained=Добијено друга системска меморија
-dashboard.next_gc_recycle=Следећа рециклажа cакупљању смећа
-dashboard.last_gc_time=Времена од прошлог cакупљању смећа
-dashboard.total_gc_pause=Укупно време cакупљању смећа
-dashboard.last_gc_pause=Задња пауза у cакупљању смећа
-dashboard.gc_times=Времена cакупљању смећа
-
 users.activated=Активиран
 users.admin=Администратор
 users.repos=репоси
diff --git a/options/locale/locale_sv-SE.ini b/options/locale/locale_sv-SE.ini
index 3e96385031..d786a17f0f 100644
--- a/options/locale/locale_sv-SE.ini
+++ b/options/locale/locale_sv-SE.ini
@@ -91,7 +91,6 @@ sign_in_with_provider = Logga in med %s
 enable_javascript = Denna webbplats kräver JavaScript.
 ok = OK
 more_items = Fler objekt
-webauthn_sign_in = Tryck på knappen på din säkerhetsnyckel. Om din säkerhetsnyckel inte har en knapp, dra ut den och sätt in den igen.
 new_project_column = Ny kolumn
 copy_type_unsupported = Den här filtypen kan inte kopieras
 error = Fel
@@ -103,12 +102,6 @@ copy = Kopiera
 copy_url = Kopiera URL
 copy_error = Kopiering misslyckades
 copy_content = Kopiera innehåll
-webauthn_insert_key = Skriv in din säkerhetsnyckel
-webauthn_press_button = Vänligen tryck på knappen på din säkerhetsnyckel…
-webauthn_error = Det gick inte att läsa din säkerhetsnyckel.
-webauthn_unsupported_browser = Din webbläsare har ännu inte stöd för WebAuthn.
-webauthn_error_unknown = Ett okänt fel har inträffat. Vänligen försök igen.
-webauthn_error_empty = Du måste ange ett namn för den här nyckeln.
 new_org.title = Ny organisation
 new_org.link = Ny organisation
 test = Test
@@ -152,14 +145,9 @@ active_stopwatch = Spårning av aktiv tid
 tracked_time_summary = Sammanfattning av spårad tid baserat på filter av ärendelistan
 toggle_menu = Växla meny
 confirm_delete_selected = Bekräfta för att ta bort alla valda objekt?
-webauthn_error_timeout = Det gick inte att läsa din nyckel innan tidsgränsen nåddes. Läs om denna sida och försök igen.
 filter.is_fork = Avgreningar
-webauthn_error_duplicated = Säkerhetsnyckeln är inte tillåten för denna begäran. Se till att nyckeln inte redan är registrerad.
 filter.not_fork = Ej avgreningar
 remove_label_str = Ta bort objektet "%s"
-webauthn_use_twofa = Använd en tvåfaktorskod från din telefon
-webauthn_error_insecure = WebAuthn stöder endast säkra anslutningar. För testning över HTTP kan du använda "localhost" eller "127.0.0.1"
-webauthn_error_unable_to_process = Servern kunde inte hantera din begäran.
 copy_generic = Kopiera till urklipp
 
 [aria]
@@ -2890,35 +2878,6 @@ dashboard.git_gc_repos=Rensa skräpfiler i samtliga kodförråd
 dashboard.resync_all_hooks=Återsynkronisera pre-receive-, update- och post-receive-krokar för alla kodförråd
 dashboard.reinit_missing_repos=Återinitialisera alla saknade kodförråd för vilka det finns poster
 dashboard.sync_external_users=Synkronisera extern användardata
-dashboard.server_uptime=Serverns upptid
-dashboard.current_goroutine=Aktuella gorutiner
-dashboard.current_memory_usage=Nuvarande minnesanvändning
-dashboard.total_memory_allocated=Total minnesanvändning
-dashboard.memory_obtained=Minnesåtgång
-dashboard.pointer_lookup_times=Pekaruppslagstider
-dashboard.memory_allocate_times=Minneallokeringar
-dashboard.memory_free_times=Minnesfrigörelser
-dashboard.current_heap_usage=Nuvarande heapanvändning
-dashboard.heap_memory_obtained=Heapminne som erhållits
-dashboard.heap_memory_idle=Heapminne som är inaktivt
-dashboard.heap_memory_in_use=Heapminne som används
-dashboard.heap_memory_released=Frigjort heap-minne
-dashboard.heap_objects=Heapobjekt
-dashboard.bootstrap_stack_usage=Bootstrap Stack-användning
-dashboard.stack_memory_obtained=Stackminne som erhålls
-dashboard.mspan_structures_usage=MSpan strukturanvändning
-dashboard.mspan_structures_obtained=MSpan strukturer som erhållits
-dashboard.mcache_structures_usage=MCache strukturanvändning
-dashboard.mcache_structures_obtained=MCache-strukturer som erhållits
-dashboard.profiling_bucket_hash_table_obtained=Profilering av Bucket Hash Table erhållen
-dashboard.gc_metadata_obtained=Metainformation om Skräpsamlaren Ihopsamlad
-dashboard.other_system_allocation_obtained=Övriga Systemallokeringar
-dashboard.next_gc_recycle=Nästa Skräpsamlarrunda
-dashboard.last_gc_time=Tidpunkt för senaste skräpsamling
-dashboard.total_gc_pause=Total tid för pauser vid skräpsamling
-dashboard.last_gc_pause=Senaste paus vid skräpsamling
-dashboard.gc_times=Skräpsamlingstider
-
 users.user_manage_panel=Hantera användarkonton
 users.new_account=Skapa användarkonto
 users.name=Användarnamn
@@ -2950,9 +2909,6 @@ users.delete_account=Ta bort användarkontot
 users.still_own_repo=Denna användare äger fortfarande ett eller flera kodförråd. Ta bort eller överför dessa kodförråd först.
 users.still_has_org=Denna användare är medlem i en eller flera organisationer. Ta bort användaren från dessa först.
 users.deletion_success=Användarkontot har blivit borttaget.
-users.list_status_filter.is_active=Aktiv
-users.list_status_filter.is_admin=Administratör
-
 emails.primary=Primär
 emails.activated=Aktiverad
 emails.filter_sort.email=E-post
@@ -3168,15 +3124,6 @@ monitor.desc=Beskrivning
 monitor.start=Starttid
 monitor.execute_time=Exekveringstid
 
-monitor.queues=Köer
-monitor.queue=Kö: %s
-monitor.queue.name=Namn
-monitor.queue.type=Typ
-monitor.queue.numberworkers=Antal arbetare
-monitor.queue.maxnumberworkers=Max antal arbetare
-monitor.queue.settings.submit=Uppdatera inställningar
-monitor.queue.settings.changed=Inställningar uppdaterade
-
 notices.system_notice_list=Systemnotiser
 notices.view_detail_header=Notisdetaljer
 notices.select_all=Markera alla
@@ -3200,7 +3147,6 @@ users.is_restricted = Begränsat konto
 self_check.database_inconsistent_collation_columns = Databasen använder kollateringen %s, men de här kolumner använder felanpassade kollateringar. Det kan komma att orsaka oväntade problem.
 hooks = webbkrokar
 integrations = Integrationer
-users.list_status_filter.menu_text = Filter
 packages.creator = Skapare
 packages.version = Version
 config.mailer_protocol = Protokoll
@@ -3209,8 +3155,6 @@ monitor.stats = Statistik
 monitor.last_execution_result = Resultat
 config_settings = Inställningar
 settings = Admininställningar
-users.list_status_filter.not_admin = Inte admin
-users.list_status_filter.not_prohibit_login = Tillåt inloggning
 users.details = Användardetaljer
 emails.updated = E-post uppdaterad
 packages.package_manage_panel = Hantera paket
@@ -3218,7 +3162,6 @@ auths.force_smtps = Tvinga SMTPS
 auths.oauth2_icon_url = Ikon-URL
 config.domain = Serverdomän
 config.lfs_config = LFS-konfiguration
-monitor.queue.settings.remove_all_items = Ta bort alla
 auths.tips.gmail_settings = Gmail-inställningar:
 self_check = Självkontroll
 identity_access = Identitet & åtkomst
@@ -3280,13 +3223,6 @@ users.purge = Rensa användare
 users.purge_help = Tvångsradera användare och alla kodförråd, organisationer och paket som ägs av användaren. Alla kommentarer och ärenden skapade av den här användare kommer också raderas.
 users.still_own_packages = den här användare äger fortfarande ett eller flera paket, radera de här paket först.
 users.reset_2fa = Återställ 2FA
-users.list_status_filter.reset = Återställ
-users.list_status_filter.not_active = Inaktiv
-users.list_status_filter.is_restricted = Begränsad
-users.list_status_filter.not_restricted = Ej begränsad
-users.list_status_filter.is_prohibit_login = Förbjud inloggning
-users.list_status_filter.is_2fa_enabled = 2FA aktiverad
-users.list_status_filter.not_2fa_enabled = 2FA inaktiverad
 emails.email_manage_panel = Hantera användares e-postadresser
 emails.not_updated = Det gick inte att uppdatera den begärda e-postadressen: %v
 emails.duplicate_active = den här e-postadress är redan aktiv för en annan användare.
@@ -3387,16 +3323,6 @@ monitor.duration = Varaktighet (s)
 monitor.process.cancel = Avbryt process
 monitor.process.cancel_desc = Att avbryta en process kan orsaka dataförlust
 monitor.process.cancel_notices = Avbryt: <strong>%s</strong>?
-monitor.queue.exemplar = Exempeltyp
-monitor.queue.activeworkers = Aktiva arbetare
-monitor.queue.numberinqueue = Antal i kö
-monitor.queue.review_add = Granska / lägg till arbetare
-monitor.queue.settings.title = Poolinställningar
-monitor.queue.settings.desc = Pooler växer dynamiskt som svar på att deras arbetarkö blockeras.
-monitor.queue.settings.maxnumberworkers = Max antal arbetare
-monitor.queue.settings.maxnumberworkers.placeholder = För närvarande %[1]d
-monitor.queue.settings.maxnumberworkers.error = Max antal arbetare måste vara ett tal
-monitor.queue.settings.remove_all_items_done = Alla objekt i kön har tagits bort.
 notices.operations = Åtgärder
 self_check.no_problem_found = Inga problem hittades ännu.
 self_check.database_collation_mismatch = Förväntar att databasen använder kollatering: %s
@@ -3489,11 +3415,6 @@ deletion.success = Hemligheten har tagits bort.
 deletion.failed = Misslyckades med att ta bort hemlighet.
 
 [actions]
-variables = Variabler
-variables.management = Hantera variabler
-variables.creation = Lägg till variabel
-variables.deletion = Ta bort variabel
-variables.edit = Redigera variabel
 runs.no_workflows.help_write_access = Vet du inte hur du kommer igång med Forgejo Actions? Se <a target="_blank" rel="noopener noreferrer" href="%s">snabbstarten i användardokumentationen</a> för att skriva ditt första arbetsflöde, sedan <a target="_blank" rel="noopener noreferrer" href="%s">konfigurera en Forgejo-körare</a> för att köra dina jobb.
 runs.no_workflows.help_no_write_access = För att lära dig mer om Forgejo Actions, se <a target="_blank" rel="noopener noreferrer" href="%s">dokumentationen</a>.
 runs.no_runs = Arbetsflödet har inga körningar ännu.
@@ -3512,19 +3433,6 @@ workflow.dispatch.input_required = Värde krävs för indata "%s".
 workflow.dispatch.invalid_input_type = Ogiltig indatatyp "%s".
 workflow.dispatch.warn_input_limit = Visar endast de första %d indatafälten.
 need_approval_desc = Godkännande krävs för att köra arbetsflöden för ändringsförfrågningar från avgreningar.
-variables.none = Det finns inga variabler ännu.
-variables.deletion.description = Borttagning av en variabel är permanent och kan inte ångras. Vill du fortsätta?
-variables.description = Variabler skickas till vissa actions och kan inte läsas annars.
-variables.not_found = Misslyckades med att hitta variabeln.
-variables.deletion.failed = Misslyckades med att ta bort variabel.
-variables.deletion.success = Variabeln har tagits bort.
-variables.creation.failed = Misslyckades med att lägga till variabel.
-variables.creation.success = Variabeln "%s" har lagts till.
-variables.update.failed = Misslyckades med att redigera variabel.
-variables.update.success = Variabeln har redigerats.
-
-
-
 
 [projects]
 type-1.display_name = Individuellt projekt
@@ -3595,7 +3503,4 @@ actions.write = <b>Skriv:</b> Starta, starta om, och avbryt arbetsflöden. Hante
 ext_issues = Åtkomst till länken till ett externt ärendehanteringssystem. Behörigheterna hanteras externt.
 ext_wiki = Åtkomst till länken till en extern wiki. Behörigheterna hanteras externt.
 
-[markup]
-filepreview.line = Rad %[1]d i %[2]s
-filepreview.lines = Rad %[1]d till %[2]d i %[3]s
-filepreview.truncated = Förhandsgranskningen har avkortats
\ No newline at end of file
+[markup]
\ No newline at end of file
diff --git a/options/locale/locale_ta.ini b/options/locale/locale_ta.ini
index 8b1b7a2679..8801c32888 100644
--- a/options/locale/locale_ta.ini
+++ b/options/locale/locale_ta.ini
@@ -36,18 +36,6 @@ captcha = கேப்ட்சா
 twofa = இரண்டு காரணி ஏற்பு
 twofa_scratch = இரண்டு காரணி கீறல் குறியீடு
 passcode = கடவுக்குறியீடு
-webauthn_insert_key = உங்கள் பாதுகாப்பு விசையைச் செருகவும்
-webauthn_sign_in = உங்கள் பாதுகாப்பு விசையில் உள்ள பொத்தானை அழுத்தவும். உங்கள் பாதுகாப்பு விசையில் பொத்தான் இல்லை என்றால், அதை மீண்டும் செருகவும்.
-webauthn_press_button = உங்கள் பாதுகாப்பு விசையில் உள்ள பொத்தானை அழுத்தவும்…
-webauthn_use_twofa = உங்கள் ஃபோனில் இருந்து இரண்டு காரணி குறியீட்டைப் பயன்படுத்தவும்
-webauthn_error = உங்கள் பாதுகாப்பு விசையைப் படிக்க முடியவில்லை.
-webauthn_unsupported_browser = உங்கள் உலாவி தற்போது WebAuthn ஐ ஆதரிக்கவில்லை.
-webauthn_error_unknown = அறியப்படாத பிழை ஏற்பட்டது. மீண்டும் முயற்சிக்கவும்.
-webauthn_error_insecure = WebAuthn பாதுகாப்பான இணைப்புகளை மட்டுமே ஆதரிக்கிறது. HTTP மூலம் சோதனை செய்ய, நீங்கள் "localhost" அல்லது "127.0.0.1" மூலத்தைப் பயன்படுத்தலாம்
-webauthn_error_unable_to_process = சேவையகத்தால் உங்கள் கோரிக்கையைச் செயல்படுத்த முடியவில்லை.
-webauthn_error_duplicated = இந்தக் கோரிக்கைக்கு பாதுகாப்பு விசை அனுமதிக்கப்படவில்லை. விசை ஏற்கனவே பதிவு செய்யப்படவில்லை என்பதை உறுதிப்படுத்தவும்.
-webauthn_error_empty = இந்த விசைக்கு நீங்கள் ஒரு பெயரை அமைக்க வேண்டும்.
-webauthn_error_timeout = உங்கள் விசையைப் படிக்கும் முன் காலாவதியானது. இந்தப் பக்கத்தை மீண்டும் ஏற்றி மீண்டும் முயற்சிக்கவும்.
 repository = களஞ்சியம்
 new_fork = புதிய களஞ்சிய போர்க்
 new_project_column = புதிய நெடுவரிசை
@@ -2821,34 +2809,6 @@ dashboard.sync_external_users = வெளிப்புற பயனர் த
 dashboard.cleanup_hook_task_table = ஊக்_டாச்க் டேபிளை தூய்மை செய்யவும்
 dashboard.cleanup_packages = காலாவதியான தொகுப்புகளை தூய்மை செய்யவும்
 dashboard.cleanup_actions = செயல்களில் இருந்து காலாவதியான பதிவுகள் மற்றும் கலைப்பொருட்களை தூய்மை செய்யவும்
-dashboard.server_uptime = சேவையக இயக்க நேரம்
-dashboard.current_goroutine = தற்போதைய goroutines
-dashboard.current_memory_usage = தற்போதைய நினைவக பயன்பாடு
-dashboard.total_memory_allocated = மொத்த நினைவகம் ஒதுக்கப்பட்டது
-dashboard.memory_obtained = நினைவகம் கிடைத்தது
-dashboard.pointer_lookup_times = சுட்டி தேடுதல் நேரங்கள்
-dashboard.memory_allocate_times = நினைவக ஒதுக்கீடு
-dashboard.memory_free_times = நினைவகம் இலவசம்
-dashboard.current_heap_usage = தற்போதைய குவியல் பயன்பாடு
-dashboard.heap_memory_obtained = குவியல் நினைவகம் கிடைத்தது
-dashboard.heap_memory_idle = குவியல் நினைவகம் செயலற்றது
-dashboard.heap_memory_in_use = குவியல் நினைவகம் பயன்பாட்டில் உள்ளது
-dashboard.heap_memory_released = குவியல் நினைவகம் வெளியிடப்பட்டது
-dashboard.heap_objects = குவியல் பொருள்கள்
-dashboard.bootstrap_stack_usage = தொடக்கவார் ச்டாக் பயன்பாடு
-dashboard.stack_memory_obtained = அடுக்கு நினைவகம் பெறப்பட்டது
-dashboard.mspan_structures_usage = MSpan கட்டமைப்புகளின் பயன்பாடு
-dashboard.mspan_structures_obtained = MSpan கட்டமைப்புகள் பெறப்பட்டன
-dashboard.mcache_structures_usage = MCache கட்டமைப்புகளின் பயன்பாடு
-dashboard.mcache_structures_obtained = MCache கட்டமைப்புகள் பெறப்பட்டன
-dashboard.profiling_bucket_hash_table_obtained = விவரக்குறிப்பு பக்கெட் ஆச் அட்டவணை பெறப்பட்டது
-dashboard.gc_metadata_obtained = GC மேனிலை தரவு பெறப்பட்டது
-dashboard.other_system_allocation_obtained = பிற அமைப்பு ஒதுக்கீடு பெறப்பட்டது
-dashboard.next_gc_recycle = அடுத்த GC மறுசுழற்சி
-dashboard.last_gc_time = கடந்த சிசி முதல் நேரம்
-dashboard.total_gc_pause = மொத்த GC இடைநிறுத்தம்
-dashboard.last_gc_pause = கடைசி GC இடைநிறுத்தம்
-dashboard.gc_times = GC முறை
 dashboard.delete_old_actions = தரவுத்தளத்திலிருந்து அனைத்து பழைய செயல்பாடுகளையும் நீக்கவும்
 dashboard.delete_old_actions.started = தொடங்கப்பட்ட தரவுத்தளத்திலிருந்து அனைத்து பழைய செயல்பாடுகளையும் நீக்கவும்.
 dashboard.update_checker = புதுப்பிப்பு சரிபார்ப்பு
@@ -2911,18 +2871,6 @@ users.purge_help = பயனரை வலுக்கட்டாயமாக 
 users.still_own_packages = இந்தப் பயனர் இன்னும் ஒன்று அல்லது அதற்கு மேற்பட்ட தொகுப்புகளை வைத்திருக்கிறார், முதலில் இந்தத் தொகுப்புகளை நீக்கவும்.
 users.deletion_success = பயனர் கணக்கு நீக்கப்பட்டது.
 users.reset_2fa = 2FA ஐ மீட்டமைக்கவும்
-users.list_status_filter.menu_text = வடிப்பி
-users.list_status_filter.reset = மீட்டமை
-users.list_status_filter.is_active = செயலில்
-users.list_status_filter.not_active = செயலற்றது
-users.list_status_filter.is_admin = நிர்வாகி
-users.list_status_filter.not_admin = நிர்வாகி அல்ல
-users.list_status_filter.is_restricted = கட்டுப்படுத்தப்பட்டது
-users.list_status_filter.not_restricted = கட்டுப்படுத்தப்படவில்லை
-users.list_status_filter.is_prohibit_login = நுழைவதைத் தடைசெய்க
-users.list_status_filter.not_prohibit_login = உள்நுழைவை அனுமதிக்கவும்
-users.list_status_filter.is_2fa_enabled = 2FA இயக்கப்பட்டது
-users.list_status_filter.not_2fa_enabled = 2FA முடக்கப்பட்டுள்ளது
 users.details = பயனர் விவரங்கள்
 emails.email_manage_panel = பயனர் மின்னஞ்சல்களை நிர்வகிக்கவும்
 emails.primary = முதன்மை
@@ -3218,25 +3166,6 @@ monitor.last_execution_result = முடிவு
 monitor.process.cancel = செயல்முறையை நீக்கறல்
 monitor.process.cancel_desc = செயல்முறையை ரத்து செய்வது தரவு இழப்பை ஏற்படுத்தக்கூடும்
 monitor.process.cancel_notices = ரத்துசெய்: <strong>%s</strong>?
-monitor.queues = வால்கள்
-monitor.queue = வரிசை: %s
-monitor.queue.name = பெயர்
-monitor.queue.type = வகை
-monitor.queue.exemplar = முன்மாதிரி வகை
-monitor.queue.numberworkers = தொழிலாளர்களின் எண்ணிக்கை
-monitor.queue.activeworkers = சுறுசுறுப்பான தொழிலாளர்கள்
-monitor.queue.maxnumberworkers = தொழிலாளர்களின் அதிகபட்ச எண்ணிக்கை
-monitor.queue.numberinqueue = வரிசையில் உள்ள எண்
-monitor.queue.review_add = தொழிலாளர்களை மதிப்பாய்வு செய்யவும் / சேர்க்கவும்
-monitor.queue.settings.title = குளம் அமைப்புகள்
-monitor.queue.settings.desc = பணியாளர்களின் வரிசை தடுப்பிற்கு பதிலளிக்கும் வகையில் குளங்கள் மாறும் வகையில் வளரும்.
-monitor.queue.settings.maxnumberworkers = தொழிலாளர்களின் அதிகபட்ச எண்ணிக்கை
-monitor.queue.settings.maxnumberworkers.placeholder = தற்போது %[1]d
-monitor.queue.settings.maxnumberworkers.error = தொழிலாளர்களின் அதிகபட்ச எண்ணிக்கை ஒரு எண்ணாக இருக்க வேண்டும்
-monitor.queue.settings.submit = அமைப்புகளைப் புதுப்பிக்கவும்
-monitor.queue.settings.changed = அமைப்புகள் புதுப்பிக்கப்பட்டன
-monitor.queue.settings.remove_all_items = அனைத்தையும் அகற்று
-monitor.queue.settings.remove_all_items_done = வரிசையில் இருந்த அனைத்து பொருட்களும் அகற்றப்பட்டன.
 notices.system_notice_list = கணினி அறிவிப்புகள்
 notices.view_detail_header = அறிவிப்பு விவரங்கள்
 notices.operations = செயல்பாடுகள்
@@ -3360,21 +3289,6 @@ workflow.dispatch.input_required = "%s" உள்ளீட்டிற்கு
 workflow.dispatch.invalid_input_type = தவறான உள்ளீடு வகை "%s".
 workflow.dispatch.warn_input_limit = முதல் %d உள்ளீடுகளை மட்டும் காட்டுகிறது.
 need_approval_desc = ஃபோர்க் புல் கோரிக்கைக்கான பணிப்பாய்வுகளை இயக்க ஒப்புதல் தேவை.
-variables = மாறிகள்
-variables.management = மாறிகளை நிர்வகிக்கவும்
-variables.creation = மாறியைச் சேர்க்கவும்
-variables.none = இதுவரை மாறிகள் எதுவும் இல்லை.
-variables.deletion = மாறியை அகற்று
-variables.deletion.description = மாறியை அகற்றுவது நிரந்தரமானது மற்றும் செயல்தவிர்க்க முடியாது. தொடரவா?
-variables.description = சில செயல்களுக்கு மாறிகள் அனுப்பப்படும், இல்லையெனில் படிக்க முடியாது.
-variables.edit = திருத்து மாறி
-variables.not_found = மாறியைக் கண்டறிய முடியவில்லை.
-variables.deletion.failed = மாறியை அகற்ற முடியவில்லை.
-variables.deletion.success = மாறி நீக்கப்பட்டது.
-variables.creation.failed = மாறியைச் சேர்ப்பதில் தோல்வி.
-variables.creation.success = "%s" மாறி சேர்க்கப்பட்டது.
-variables.update.failed = மாறியை திருத்த முடியவில்லை.
-variables.update.success = மாறி திருத்தப்பட்டது.
 
 [projects]
 deleted.display_name = நீக்கப்பட்ட திட்டம்
@@ -3391,9 +3305,6 @@ symbolic_link = குறியீட்டு இணைப்பு
 submodule = துணைத் தொகுதி
 
 [markup]
-filepreview.line = %[2]s இல் வரி %[1]d
-filepreview.lines = %[3]s இல் %[1]d முதல் %[2]d வரையிலான கோடுகள்
-filepreview.truncated = முன்னோட்டம் துண்டிக்கப்பட்டது
 
 [translation_meta]
 test = இது ஒரு சோதனை சரம். இது Forgejo இடைமுகம் இல் காட்டப்படவில்லை, ஆனால் சோதனை நோக்கங்களுக்காகப் பயன்படுத்தப்படுகிறது. அந்த இனிமையான 100% நிறைவுக் குறியைப் பெற, நேரத்தைச் சேமிக்க (அல்லது உங்கள் விருப்பத்தின் வேடிக்கையான உண்மை) "சரி" என உள்ளிடவும் :)
\ No newline at end of file
diff --git a/options/locale/locale_th.ini b/options/locale/locale_th.ini
index d873f72e47..ef25055540 100644
--- a/options/locale/locale_th.ini
+++ b/options/locale/locale_th.ini
@@ -35,18 +35,6 @@ captcha = แคปช่า
 twofa = การยืนยันตัวตนแบบสองปัจจัย
 twofa_scratch = รหัสสำรองสำหรับการยืนยันตัวตนแบบสองปัจจัย
 passcode = รหัสผ่าน
-webauthn_insert_key = โปรดเสียบคีย์ความปลอดภัยของคุณ
-webauthn_sign_in = กดปุ่มบนคีย์ความปลอดภัยของคุณ หากคีย์ความปลอดภัยของคุณไม่มีปุ่ม ให้เสียบใหม่อีกครั้ง
-webauthn_press_button = กรุณากดปุ่มบนคีย์ความปลอดภัยของคุณ…
-webauthn_use_twofa = ใช้รหัสสองปัจจัยจากโทรศัพท์ของคุณ
-webauthn_error = ไม่สามารถอ่านคีย์ความปลอดภัยของคุณได้
-webauthn_unsupported_browser = เบราว์เซอร์ของคุณไม่รองรับ WebAuthn ในขณะนี้
-webauthn_error_unknown = เกิดข้อผิดพลาดที่ไม่รู้จัก กรุณาลองใหม่อีกครั้ง
-webauthn_error_insecure = WebAuthn รองรับเฉพาะการเชื่อมต่อที่ปลอดภัยเท่านั้น สำหรับการทดสอบผ่าน HTTP คุณสามารถใช้ต้นทาง "localhost" หรือ "127.0.0.1"
-webauthn_error_unable_to_process = เซิร์ฟเวอร์ไม่สามารถประมวลผลคำขอของคุณได้
-webauthn_error_duplicated = ไม่อนุญาตให้ใช้คีย์ความปลอดภัยสำหรับคำขอนี้ โปรดตรวจสอบให้แน่ใจว่าคีย์ยังไม่ได้ลงทะเบียน
-webauthn_error_empty = คุณต้องตั้งชื่อสำหรับคีย์นี้
-webauthn_error_timeout = หมดเวลาก่อนที่จะอ่านคีย์ของคุณได้ กรุณาโหลดหน้านี้ใหม่แล้วลองอีกครั้ง
 repository = ที่เก็บ
 new_fork = แยกที่เก็บใหม่
 new_project_column = คอลัมน์ใหม่
@@ -2821,34 +2809,6 @@ dashboard.sync_external_users = ซิงโครไนซ์ข้อมูล
 dashboard.cleanup_hook_task_table = ล้างตาราง hook_task
 dashboard.cleanup_packages = ล้างแพ็คเกจที่หมดอายุ
 dashboard.cleanup_actions = ล้างบันทึกและอาร์ติแฟกต์ที่หมดอายุจากการดำเนินการ
-dashboard.server_uptime = เวลาทำงานของเซิร์ฟเวอร์
-dashboard.current_goroutine = Goroutine ปัจจุบัน
-dashboard.current_memory_usage = การใช้หน่วยความจำปัจจุบัน
-dashboard.total_memory_allocated = หน่วยความจำที่จัดสรรทั้งหมด
-dashboard.memory_obtained = หน่วยความจำที่ได้รับ
-dashboard.pointer_lookup_times = เวลาค้นหาพอยน์เตอร์
-dashboard.memory_allocate_times = การจัดสรรหน่วยความจำ
-dashboard.memory_free_times = การปล่อยหน่วยความจำ
-dashboard.current_heap_usage = การใช้ฮีปปัจจุบัน
-dashboard.heap_memory_obtained = หน่วยความจำฮีปที่ได้รับ
-dashboard.heap_memory_idle = หน่วยความจำฮีปที่ไม่ได้ใช้งาน
-dashboard.heap_memory_in_use = หน่วยความจำฮีปที่ใช้งานอยู่
-dashboard.heap_memory_released = หน่วยความจำฮีปที่ปล่อยแล้ว
-dashboard.heap_objects = อ็อบเจกต์ฮีป
-dashboard.bootstrap_stack_usage = การใช้สแต็ก Bootstrap
-dashboard.stack_memory_obtained = หน่วยความจำสแต็กที่ได้รับ
-dashboard.mspan_structures_usage = การใช้โครงสร้าง MSpan
-dashboard.mspan_structures_obtained = โครงสร้าง MSpan ที่ได้รับ
-dashboard.mcache_structures_usage = การใช้โครงสร้าง MCache
-dashboard.mcache_structures_obtained = โครงสร้าง MCache ที่ได้รับ
-dashboard.profiling_bucket_hash_table_obtained = ตารางแฮชบัคเก็ตการทำโปรไฟล์ที่ได้รับ
-dashboard.gc_metadata_obtained = ข้อมูลเมตา GC ที่ได้รับ
-dashboard.other_system_allocation_obtained = การจัดสรรระบบอื่น ๆ ที่ได้รับ
-dashboard.next_gc_recycle = การรีไซเคิล GC ถัดไป
-dashboard.last_gc_time = เวลาตั้งแต่ GC ครั้งล่าสุด
-dashboard.total_gc_pause = การหยุด GC ทั้งหมด
-dashboard.last_gc_pause = การหยุด GC ครั้งล่าสุด
-dashboard.gc_times = เวลา GC
 dashboard.delete_old_actions = ลบกิจกรรมเก่าทั้งหมดออกจากฐานข้อมูล
 dashboard.delete_old_actions.started = เริ่มลบกิจกรรมเก่าทั้งหมดออกจากฐานข้อมูลแล้ว
 dashboard.update_checker = ตัวตรวจสอบการอัปเดต
@@ -2911,18 +2871,6 @@ users.purge_help = ลบผู้ใช้และที่เก็บ อง
 users.still_own_packages = ผู้ใช้นี้ยังคงเป็นเจ้าของแพ็คเกจอย่างน้อยหนึ่งรายการ ลบแพ็คเกจเหล่านี้ก่อน
 users.deletion_success = บัญชีผู้ใช้ถูกลบแล้ว
 users.reset_2fa = รีเซ็ต 2FA
-users.list_status_filter.menu_text = ตัวกรอง
-users.list_status_filter.reset = รีเซ็ต
-users.list_status_filter.is_active = ใช้งาน
-users.list_status_filter.not_active = ไม่ใช้งาน
-users.list_status_filter.is_admin = ผู้ดูแลระบบ
-users.list_status_filter.not_admin = ไม่ใช่ผู้ดูแลระบบ
-users.list_status_filter.is_restricted = จำกัด
-users.list_status_filter.not_restricted = ไม่จำกัด
-users.list_status_filter.is_prohibit_login = ห้ามเข้าสู่ระบบ
-users.list_status_filter.not_prohibit_login = อนุญาตให้เข้าสู่ระบบ
-users.list_status_filter.is_2fa_enabled = เปิดใช้งาน 2FA
-users.list_status_filter.not_2fa_enabled = ปิดใช้งาน 2FA
 users.details = รายละเอียดผู้ใช้
 emails.email_manage_panel = จัดการอีเมลผู้ใช้
 emails.primary = หลัก
@@ -3218,25 +3166,6 @@ monitor.last_execution_result = ผลลัพธ์
 monitor.process.cancel = ยกเลิกกระบวนการ
 monitor.process.cancel_desc = การยกเลิกกระบวนการอาจทำให้ข้อมูลสูญหาย
 monitor.process.cancel_notices = ยกเลิก: <strong>%s</strong>?
-monitor.queues = คิว
-monitor.queue = คิว: %s
-monitor.queue.name = ชื่อ
-monitor.queue.type = ประเภท
-monitor.queue.exemplar = ประเภทตัวอย่าง
-monitor.queue.numberworkers = จำนวนผู้ปฏิบัติงาน
-monitor.queue.activeworkers = ผู้ปฏิบัติงานที่ใช้งานอยู่
-monitor.queue.maxnumberworkers = จำนวนผู้ปฏิบัติงานสูงสุด
-monitor.queue.numberinqueue = จำนวนในคิว
-monitor.queue.review_add = ตรวจสอบ / เพิ่มผู้ปฏิบัติงาน
-monitor.queue.settings.title = การตั้งค่าพูล
-monitor.queue.settings.desc = พูลจะขยายตัวแบบไดนามิกเพื่อตอบสนองต่อการบล็อกคิวของผู้ปฏิบัติงาน
-monitor.queue.settings.maxnumberworkers = จำนวนผู้ปฏิบัติงานสูงสุด
-monitor.queue.settings.maxnumberworkers.placeholder = ปัจจุบัน %[1]d
-monitor.queue.settings.maxnumberworkers.error = จำนวนผู้ปฏิบัติงานสูงสุดต้องเป็นตัวเลข
-monitor.queue.settings.submit = อัปเดตการตั้งค่า
-monitor.queue.settings.changed = อัปเดตการตั้งค่าแล้ว
-monitor.queue.settings.remove_all_items = ลบทั้งหมด
-monitor.queue.settings.remove_all_items_done = ลบรายการทั้งหมดในคิวแล้ว
 notices.system_notice_list = ประกาศของระบบ
 notices.view_detail_header = รายละเอียดประกาศ
 notices.operations = การดำเนินการ
@@ -3360,21 +3289,6 @@ workflow.dispatch.input_required = ต้องการค่าสำหรั
 workflow.dispatch.invalid_input_type = ประเภทอินพุต "%s" ไม่ถูกต้อง
 workflow.dispatch.warn_input_limit = แสดงเฉพาะ %d อินพุตแรกเท่านั้น
 need_approval_desc = ต้องการการอนุมัติเพื่อเรียกใช้เวิร์กโฟลว์สำหรับคำขอดึงที่แยกมา
-variables = ตัวแปร
-variables.management = จัดการตัวแปร
-variables.creation = เพิ่มตัวแปร
-variables.none = ยังไม่มีตัวแปร
-variables.deletion = ลบตัวแปร
-variables.deletion.description = การลบตัวแปรเป็นการกระทำถาวรและไม่สามารถยกเลิกได้ ดำเนินการต่อหรือไม่?
-variables.description = ตัวแปรจะถูกส่งต่อไปยังการดำเนินการบางอย่างและไม่สามารถอ่านได้
-variables.edit = แก้ไขตัวแปร
-variables.not_found = ไม่พบตัวแปร
-variables.deletion.failed = ไม่สามารถลบตัวแปรได้
-variables.deletion.success = ลบตัวแปรแล้ว
-variables.creation.failed = ไม่สามารถเพิ่มตัวแปรได้
-variables.creation.success = เพิ่มตัวแปร "%s" แล้ว
-variables.update.failed = ไม่สามารถแก้ไขตัวแปรได้
-variables.update.success = แก้ไขตัวแปรแล้ว
 
 [projects]
 deleted.display_name = โปรเจกต์ที่ถูกลบ
@@ -3391,9 +3305,6 @@ symbolic_link = ลิงก์สัญลักษณ์
 submodule = โมดูลย่อย
 
 [markup]
-filepreview.line = บรรทัดที่ %[1]d ใน %[2]s
-filepreview.lines = บรรทัดที่ %[1]d ถึง %[2]d ใน %[3]s
-filepreview.truncated = ตัวอย่างถูกตัดทอน
 
 [translation_meta]
 test = ok
\ No newline at end of file
diff --git a/options/locale/locale_tr-TR.ini b/options/locale/locale_tr-TR.ini
index def4980a19..766a17df43 100644
--- a/options/locale/locale_tr-TR.ini
+++ b/options/locale/locale_tr-TR.ini
@@ -37,18 +37,6 @@ twofa=İki aşamalı doğrulama
 twofa_scratch=İki aşamalı kazınmış kod
 passcode=Şifre
 
-webauthn_insert_key=Güvenlik anahtarınızı ekleyin
-webauthn_sign_in=Güvenlik anahtarınızdaki düğmeye basın. Eğer düğme yoksa güvenlik anahtarınızı tekrar ekleyin.
-webauthn_press_button=Lütfen güvenlik anahtarınızdaki düğmeye basın…
-webauthn_use_twofa=Telefonunuzdan iki aşamalı doğrulama kodu kullanın
-webauthn_error=Güvenlik anahtarınız okunamıyor.
-webauthn_unsupported_browser=Tarayıcınız henüz WebAuthn desteklemiyor.
-webauthn_error_unknown=Bilinmeyen bir hata oluştu. Lütfen tekrar deneyin.
-webauthn_error_insecure=WebAuthn sadece güvenli bağlantıyı destekler. HTTP üzerinden test etmek için "localhost" veya "127.0.0.1" adreslerini kullanabilirsiniz.
-webauthn_error_unable_to_process=Sunucu isteğinizi işleyemedi.
-webauthn_error_duplicated=Güvenlik anahtarının bu istek için izni yok. Anahtarın halihazırda kayıtlı olmadığından emin olun.
-webauthn_error_empty=Bu anahtar için bir isim belirlemelisiniz.
-webauthn_error_timeout=Anahtarınız okunamadan zaman aşımı oldu. Lütfen sayfayı yenileyin ve tekrar deneyin.
 repository=Depo
 organization=Organizasyon
 mirror=Yansı
@@ -2864,34 +2852,6 @@ dashboard.sync_external_users=Harici kullanıcı verisini senkronize et
 dashboard.cleanup_hook_task_table=Hook_task tablosunu temizleme
 dashboard.cleanup_packages=Süresi dolmuş paketleri temizleme
 dashboard.cleanup_actions=Eylemlerin süresi geçmiş günlük ve yapılarını temizle
-dashboard.server_uptime=Sunucunun Ayakta Kalma Süresi
-dashboard.current_goroutine=Güncel Goroutine'ler
-dashboard.current_memory_usage=Güncel Bellek Kullanımı
-dashboard.total_memory_allocated=Bellekte Ayrılan Toplam Yer
-dashboard.memory_obtained=Elde Edilen Bellek
-dashboard.pointer_lookup_times=İşaret Arama Zamanları
-dashboard.memory_allocate_times=Bellek Ayırmaları
-dashboard.memory_free_times=Bellek Boşaltmaları
-dashboard.current_heap_usage=Güncel Yığın Kullanımı
-dashboard.heap_memory_obtained=Elde Edilen Yığın Belleği
-dashboard.heap_memory_idle=Boştaki Yığın Belleği
-dashboard.heap_memory_in_use=Kullanımdaki Yığın Belleği
-dashboard.heap_memory_released=Serbest Bırakılmış Yığın Belleği
-dashboard.heap_objects=Yığın Nesneleri
-dashboard.bootstrap_stack_usage=İlk Yığın Kullanımı
-dashboard.stack_memory_obtained=Elde Edilen Yığın Belleği
-dashboard.mspan_structures_usage=Kullanımdaki MSpan Yapıları
-dashboard.mspan_structures_obtained=Elde Edilen MSpan Yapıları
-dashboard.mcache_structures_usage=Kullanılan MCache Yapıları
-dashboard.mcache_structures_obtained=Elde Edilen MCache Yapıları
-dashboard.profiling_bucket_hash_table_obtained=Elde Edilen Bucket Hash Tablosu Profilleme
-dashboard.gc_metadata_obtained=Elde Edilen GC Metadata
-dashboard.other_system_allocation_obtained=Elde Edilen Diğer Sistem Ayırmaları
-dashboard.next_gc_recycle=Sonraki GC Döngüsü
-dashboard.last_gc_time=Son GC Zamanından Beri
-dashboard.total_gc_pause=Toplam GC Durması
-dashboard.last_gc_pause=Son GC Durması
-dashboard.gc_times=GC Zamanları
 dashboard.delete_old_actions=Veritabanından tüm eski eylemleri sil
 dashboard.delete_old_actions.started=Veritabanından başlatılan tüm eski eylemleri silin.
 dashboard.update_checker=Denetleyiciyi güncelle
@@ -2948,18 +2908,6 @@ users.purge_help=Kullanıcıyı ve sahip olduğu herhangi bir depoyu, organizasy
 users.still_own_packages=Kullanıcının bir veya daha fazla paketi var, önce bu paketleri silin.
 users.deletion_success=Kullanıcı hesabı silindi.
 users.reset_2fa=2FD'yi sıfırla
-users.list_status_filter.menu_text=Filtre
-users.list_status_filter.reset=Sıfırla
-users.list_status_filter.is_active=Etkin
-users.list_status_filter.not_active=Etkin değil
-users.list_status_filter.is_admin=Yönetici
-users.list_status_filter.not_admin=Yönetici Değil
-users.list_status_filter.is_restricted=Kısıtlanmış
-users.list_status_filter.not_restricted=Kısıtlanmamış
-users.list_status_filter.is_prohibit_login=Oturum Açmayı Önle
-users.list_status_filter.not_prohibit_login=Oturum Açmaya İzin Ver
-users.list_status_filter.is_2fa_enabled=2FA Etkin
-users.list_status_filter.not_2fa_enabled=2FA Devre Dışı
 users.details=Kullanıcı Ayrıntıları
 
 emails.email_manage_panel=Kullanıcı E-posta Yönetimi
@@ -3278,26 +3226,6 @@ monitor.process.cancel_desc=Bir işlemi iptal etmek veri kaybına neden olabilir
 monitor.process.cancel_notices=İptal et: <strong>%s</strong>?
 monitor.process.children=Çocuklar
 
-monitor.queues=Kuyruklar
-monitor.queue=Kuyruk: %s
-monitor.queue.name=İsim
-monitor.queue.type=Tür
-monitor.queue.exemplar=Örnek Türü
-monitor.queue.numberworkers=Çalışan Sayısı
-monitor.queue.activeworkers=Etkin Çalışanlar
-monitor.queue.maxnumberworkers=En Fazla Çalışan Sayısı
-monitor.queue.numberinqueue=Kuyruktaki Sayı
-monitor.queue.review_add=Çalışanları İncele / Ekle
-monitor.queue.settings.title=Havuz Ayarları
-monitor.queue.settings.desc=Havuzlar, çalışan kuyruğu tıkanmasına bir yanıt olarak dinamik olarak büyürler.
-monitor.queue.settings.maxnumberworkers=En fazla çalışan Sayısı
-monitor.queue.settings.maxnumberworkers.placeholder=Şu anda %[1]d
-monitor.queue.settings.maxnumberworkers.error=En fazla çalışan sayısı bir sayı olmalıdır
-monitor.queue.settings.submit=Ayarları Güncelle
-monitor.queue.settings.changed=Ayarlar güncellendi
-monitor.queue.settings.remove_all_items=Tümünü kaldır
-monitor.queue.settings.remove_all_items_done=Kuyruktaki tüm öğeler kaldırıldı.
-
 notices.system_notice_list=Sistem Bildirimleri
 notices.view_detail_header=Bildirim Ayrıntılarını Görüntüle
 notices.operations=İşlemler
@@ -3431,20 +3359,6 @@ workflow.disabled=İş akışı devre dışı.
 
 need_approval_desc=Değişiklik isteği çatalında iş akışı çalıştırmak için onay gerekiyor.
 
-variables=Değişkenler
-variables.management=Değişken Yönetimi
-variables.creation=Değişken ekle
-variables.none=Henüz hiçbir değişken yok.
-variables.deletion=Değişkeni kaldır
-variables.deletion.description=Bir değişkeni kaldırma kalıcıdır ve geri alınamaz. Devam edilsin mi?
-variables.description=Değişkenler belirli işlemlere aktarılacaktır, bunun dışında okunamaz.
-variables.edit=Değişkeni Düzenle
-variables.deletion.failed=Değişken kaldırılamadı.
-variables.deletion.success=Değişken kaldırıldı.
-variables.creation.failed=Değişken eklenemedi.
-variables.creation.success=`"%s" değişkeni eklendi.`
-variables.update.failed=Değişken düzenlenemedi.
-variables.update.success=Değişken düzenlendi.
 variables.id_not_exist = %d kimlikli değişken mevcut değil.
 runs.expire_log_message = Günlükler, çok eski oldukları için temizlendiler.
 
diff --git a/options/locale/locale_uk-UA.ini b/options/locale/locale_uk-UA.ini
index 3c9a7d4f61..7f713b9d87 100644
--- a/options/locale/locale_uk-UA.ini
+++ b/options/locale/locale_uk-UA.ini
@@ -98,13 +98,6 @@ logo = Логотип
 sign_in_with_provider = Увійти через %s
 tracked_time_summary = Підсумок відстеженого часу з урахуванням фільтрів списку задач
 enable_javascript = Цей вебсайт потребує JavaScript.
-webauthn_press_button = Натисніть кнопку на ключі безпеки…
-webauthn_use_twofa = Введіть код підтвердження з телефону
-webauthn_error = Не вдалося розпізнати ключ безпеки.
-webauthn_error_unknown = Сталася невідома помилка. Будь ласка, повторіть спробу.
-webauthn_error_unable_to_process = Сервер не зміг обробити запит.
-webauthn_error_duplicated = Запит із наданим ключем безпеки відхилено. Впевніться, що цей ключ не є вже зареєстрованим.
-webauthn_error_empty = Ключ слід якось назвати.
 new_project_column = Новий стовпчик
 retry = Повторити
 rerun = Перезапустити
@@ -122,12 +115,7 @@ concept_system_global = Для всіх
 concept_user_individual = Для особи
 confirm_delete_selected = Точно видалити все вибране?
 value = Значення
-webauthn_insert_key = Під’єднайте ключ безпеки
 download_logs = Завантажити журнали
-webauthn_sign_in = Натисніть кнопку на ключі безпеки. Якщо ключ безпеки не має кнопки, від’єднайте його і під’єднайте ще раз.
-webauthn_unsupported_browser = Ваш браузер наразі не підтримує WebAuthn.
-webauthn_error_insecure = WebAuthn підтримує лише захищені з’єднання. Для тестування через HTTP можете використати origin-рядок «localhost» чи «127.0.0.1»
-webauthn_error_timeout = Ключ не встиг зчитатись протягом відведеного терміну. Будь ласка, перезавантажте сторінку й повторіть спробу.
 locked = Заблоковано
 filter.is_template = Шаблони
 test = Тест
@@ -2929,34 +2917,6 @@ dashboard.resync_all_hooks=Пересинхронізувати Git-хуки в
 dashboard.reinit_missing_repos=Переініціалізувати всі Git-репозиторії, для яких існують записи
 dashboard.sync_external_users=Синхронізувати дані зовнішніх користувачів
 dashboard.cleanup_hook_task_table=Очистити таблицю hook_task
-dashboard.server_uptime=Час роботи сервера
-dashboard.current_goroutine=Поточна кількість goroutines
-dashboard.current_memory_usage=Поточне використання пам’яті
-dashboard.total_memory_allocated=Виділено пам’яті загалом
-dashboard.memory_obtained=Отримано пам’яті
-dashboard.pointer_lookup_times=Пошуків вказівника
-dashboard.memory_allocate_times=Виділень пам’яті
-dashboard.memory_free_times=Звільнень пам’яті
-dashboard.current_heap_usage=Поточне використання динамічної пам’яті
-dashboard.heap_memory_obtained=Отримано динамічної пам’яті
-dashboard.heap_memory_idle=Динамічної пам’яті простоює
-dashboard.heap_memory_in_use=Динамічної пам’яті використовується
-dashboard.heap_memory_released=Звільнено динамічної пам’яті
-dashboard.heap_objects=Об’єктів динамічної пам’яті
-dashboard.bootstrap_stack_usage=Використання стеку bootstrap
-dashboard.stack_memory_obtained=Отримано пам’яті стеком
-dashboard.mspan_structures_usage=Використання структур MSpan
-dashboard.mspan_structures_obtained=Отримано структур MSpan
-dashboard.mcache_structures_usage=Використання структур MCache
-dashboard.mcache_structures_obtained=Отримано структур MCache
-dashboard.profiling_bucket_hash_table_obtained=Отримано хеш-таблиць профілювання
-dashboard.gc_metadata_obtained=Отримано метаданих збирача сміття
-dashboard.other_system_allocation_obtained=Отримано інших виділень пам’яті
-dashboard.next_gc_recycle=Наступний цикл збирача сміття
-dashboard.last_gc_time=З останнього запуску збирача сміття
-dashboard.total_gc_pause=Загальна пауза збирача сміття
-dashboard.last_gc_pause=Остання пауза збирача сміття
-dashboard.gc_times=Кількість запусків збирача сміття
 dashboard.delete_old_actions=Видалити всі старі активності з бази даних
 dashboard.delete_old_actions.started=Розпочато видалення всіх старих активностей з бази даних.
 
@@ -2996,19 +2956,6 @@ users.still_own_repo=Цьому користувачу досі належать
 users.still_has_org=Цей користувач є учасником однієї або декількох організацій. Спочатку видаліть користувача з усіх організацій.
 users.deletion_success=Обліковий запис користувача видалено.
 users.reset_2fa=Скинути 2FA
-users.list_status_filter.menu_text=Фільтр
-users.list_status_filter.reset=Скинути
-users.list_status_filter.is_active=Активні
-users.list_status_filter.not_active=Неактивні
-users.list_status_filter.is_admin=Адміністратор
-users.list_status_filter.not_admin=Не адміністратор
-users.list_status_filter.is_restricted=З обмеженнями
-users.list_status_filter.not_restricted=Без обмежень
-users.list_status_filter.is_prohibit_login=Вхід заборонено
-users.list_status_filter.not_prohibit_login=Вхід дозволено
-users.list_status_filter.is_2fa_enabled=2FA увімкнено
-users.list_status_filter.not_2fa_enabled=2FA вимкнено
-
 emails.email_manage_panel=Керування електронними адресами користувачів
 emails.primary=Головний
 emails.activated=Активовано
@@ -3275,20 +3222,6 @@ monitor.process.cancel_desc=Скасування процесу може при
 monitor.process.cancel_notices=Скасувати: <strong>%s</strong>?
 monitor.process.children=Дочірні процеси
 
-monitor.queues=Черги
-monitor.queue=Черга: %s
-monitor.queue.name=Назва
-monitor.queue.type=Тип
-monitor.queue.exemplar=Приклад типу
-monitor.queue.numberworkers=Кількість обробників
-monitor.queue.maxnumberworkers=Максимальна кількість обробників
-monitor.queue.settings.title=Налаштування пулу
-monitor.queue.settings.maxnumberworkers=Максимальна кількість обробників
-monitor.queue.settings.maxnumberworkers.placeholder=Поточний %[1]d
-monitor.queue.settings.maxnumberworkers.error=Максимальна кількість обробників має бути числом
-monitor.queue.settings.submit=Оновити налаштування
-monitor.queue.settings.changed=Налаштування оновлено
-
 notices.system_notice_list=Сповіщення системи
 notices.view_detail_header=Подробиці сповіщення
 notices.select_all=Вибрати все
@@ -3331,12 +3264,6 @@ users.new_success = Обліковий запис «%s» створено.
 config_settings = Налаштування
 self_check.no_problem_found = Проблем поки що не виявлено.
 config_summary = Підсумок
-monitor.queue.review_add = Переглянути / додати обробники
-monitor.queue.activeworkers = Активні обробники
-monitor.queue.numberinqueue = Номер у черзі
-monitor.queue.settings.desc = Пули динамічно зростають у відповідь на блокування черг їхніх обробників.
-monitor.queue.settings.remove_all_items_done = Усі елементи в черзі видалено.
-monitor.queue.settings.remove_all_items = Видалити всі
 config.app_slogan = Гасло екземпляра
 auths.tip.gitea = Зареєструйте нову програму OAuth. Інструкцію можна знайти на %s
 auths.tip.gitlab_new = Зареєструйте нову програму на %s
@@ -3507,21 +3434,7 @@ creation.value_placeholder = Уведіть довільний вміст. Пр
 description = Секрети передаються певним діям і не можуть бути прочитані інакше.
 
 [actions]
-variables.update.failed = Не вдалося змінити змінну.
-variables.update.success = Змінну змінено.
-variables.creation = Додати змінну
-variables.none = Змінних ще немає.
-variables.deletion = Видалити змінну
-variables = Змінні
-variables.deletion.success = Змінну видалено.
-variables.creation.failed = Не вдалося додати змінну.
-variables.deletion.failed = Не вдалося видалити змінну.
-variables.creation.success = Змінну «%s» додано.
-variables.description = Змінні передаються певним діям і не можуть бути прочитані інакше.
-variables.deletion.description = Видалення змінної є остаточним і його неможливо скасувати. Продовжити?
-variables.management = Керування змінними
 variables.id_not_exist = Змінної з ідентифікатором %d не існує.
-variables.edit = Редагувати змінну
 runs.expire_log_message = Журнали очищено, тому що вони були занадто старі.
 runs.empty_commit_message = (порожнє повідомлення коміту)
 workflow.enable_success = Робочий потік «%s» успішно ввімкнено.
@@ -3530,7 +3443,6 @@ workflow.disable_success = Робочий потік «%s» успішно ви
 workflow.disabled = Робочий потік вимкнено.
 workflow.enable = Увімкнути робочий потік
 need_approval_desc = Потрібне схвалення для запуску робочих потоків для запиту на злиття.
-variables.not_found = Не вдалося знайти змінну.
 runs.no_workflows.help_no_write_access = Щоб дізнатися більше про Дії Forgejo, читайте <a target="_blank" rel="noopener noreferrer" href="%s">документацію</a>.
 runs.no_workflows.help_write_access = Не знаєте, як почати роботу з Діями Forgejo? Перегляньте <a target="_blank" rel="noopener noreferrer" href="%s">посібник для початківців у документації</a>, щоб написати свій перший робочий потік, а потім <a target="_blank" rel="noopener noreferrer" href="%s">налаштуйте ранер Forgejo</a> для виконання завдань.
 unit.desc = Керування вбудованими конвеєрами CI/CD з Діями Forgejo.
@@ -3587,9 +3499,6 @@ pull_kind = Шукати запити на злиття…
 runner_kind = Шукати ранери…
 
 [markup]
-filepreview.truncated = Перегляд було урізано
-filepreview.line = Рядок %[1]d в %[2]s
-filepreview.lines = Рядки з %[1]d по %[2]d в %[3]s
 
 [translation_meta]
 test = Це тестовий текст. Він не відображається в інтерфейсі користувача Forgejo, а використовується з метою тестування
diff --git a/options/locale/locale_vi.ini b/options/locale/locale_vi.ini
index 3c51eb51b9..f8f5eba9d5 100644
--- a/options/locale/locale_vi.ini
+++ b/options/locale/locale_vi.ini
@@ -24,18 +24,8 @@ password = Mật khẩu
 access_token = Mã truy cập
 captcha = CAPTCHA
 twofa = Xác thực hai lớp
-webauthn_insert_key = Cắm khóa bảo mật của bạn vào
 copy_hash = Sao chép chuỗi băm
 sign_in_with_provider = Đăng nhập bằng %s
-webauthn_press_button = Hãy nhấn nút trên khóa bảo mật…
-webauthn_use_twofa = Dùng mã xác thực hai lớp ở trên điện thoại
-webauthn_error = Không thể đọc khóa bảo mật của bạn.
-webauthn_unsupported_browser = Trình duyệt của bạn hiện không hỗ trợ WebAuthn.
-webauthn_error_unknown = Có lỗi xảy ra. Vui lòng thử lại.
-webauthn_error_insecure = WebAuthn chỉ hỗ trợ kết nối mã hóa. Nếu đang thử nghiệm, bạn có thể dùng "localhost" hoặc "127.0.0.1"
-webauthn_error_unable_to_process = Máy chủ không thể xử lý yêu cầu của bạn.
-webauthn_error_empty = Bạn phải đặt tên cho khóa này.
-webauthn_error_timeout = Hết thời gian đọc khóa mất rồi. Hãy tải lại trang và thử lại.
 copy_type_unsupported = Không thể sao chép loại tệp này
 repository = Kho mã
 organization = Tổ chức
@@ -79,7 +69,6 @@ pin = Ghim
 archived = Đã lưu trữ
 signed_in_as = Đăng nhập bằng
 re_type = Xác nhận mật khẩu
-webauthn_sign_in = Nhấn nút trên khóa bảo mật, nếu không có nút thì bạn hãy rút ra rồi cắm lại.
 new_org.link = Tạo tổ chức
 error404 = Trang bạn đang tìm <strong>không tồn tại</strong>, <strong>đã bị xoá</strong> hoặc <strong>bạn không có quyền</strong> để xem nó.
 edit = Chỉnh sửa
@@ -89,7 +78,6 @@ logo = Logo
 toc = Mục lục
 user_profile_and_more = Hồ sơ và cài đặt…
 passcode = Mã xác thực
-webauthn_error_duplicated = Khóa bảo mật không được phép cho yêu cầu này. Vui lòng đảm bảo rằng khóa chưa được đăng ký trước đó.
 mirror = Bản sao
 new_mirror = Tạo bản sao mới
 your_starred = Đã đánh sao
diff --git a/options/locale/locale_zh-CN.ini b/options/locale/locale_zh-CN.ini
index 87087e3d20..2a6686b2ec 100644
--- a/options/locale/locale_zh-CN.ini
+++ b/options/locale/locale_zh-CN.ini
@@ -37,18 +37,6 @@ twofa=两步验证
 twofa_scratch=两步验证备用验证码
 passcode=验证码
 
-webauthn_insert_key=插入安全密钥
-webauthn_sign_in=按下安全密钥上的按钮。如果安全密钥没有按钮，请重新插入它。
-webauthn_press_button=请按下安全密钥上的按钮……
-webauthn_use_twofa=使用来自手机中的两步验证码
-webauthn_error=无法读取安全密钥。
-webauthn_unsupported_browser=你的浏览器目前不支持WebAuthn。
-webauthn_error_unknown=发生未知错误。请重试。
-webauthn_error_insecure=WebAuthn仅支持安全连接。如果要在HTTP协议上进行测试，请使用"localhost"或"127.0.0.1"作为访问来源
-webauthn_error_unable_to_process=服务器无法处理您的请求。
-webauthn_error_duplicated=此安全密钥未被许可用于这个请求。请确保该密钥尚未注册。
-webauthn_error_empty=您必须为此密钥设置一个名称。
-webauthn_error_timeout=未能在允许的时限内读取密钥。请重新加载此页面并重试。
 repository=仓库
 organization=组织
 mirror=镜像
@@ -2939,34 +2927,6 @@ dashboard.sync_external_users=同步外部用户数据
 dashboard.cleanup_hook_task_table=清理hook_task表
 dashboard.cleanup_packages=清理过期的软件包
 dashboard.cleanup_actions=清理过期的Actions日志和制品
-dashboard.server_uptime=服务运行时间
-dashboard.current_goroutine=当前Goroutines数量
-dashboard.current_memory_usage=当前内存使用量
-dashboard.total_memory_allocated=所有被分配的内存
-dashboard.memory_obtained=内存占用量
-dashboard.pointer_lookup_times=指针查找次数
-dashboard.memory_allocate_times=内存分配次数
-dashboard.memory_free_times=内存释放次数
-dashboard.current_heap_usage=当前Heap内存使用量
-dashboard.heap_memory_obtained=Heap内存占用量
-dashboard.heap_memory_idle=Heap内存空闲量
-dashboard.heap_memory_in_use=正在使用的Heap内存
-dashboard.heap_memory_released=被释放的Heap内存
-dashboard.heap_objects=Heap对象数量
-dashboard.bootstrap_stack_usage=启动Stack使用量
-dashboard.stack_memory_obtained=被分配的Stack内存
-dashboard.mspan_structures_usage=MSpan结构内存使用量
-dashboard.mspan_structures_obtained=被分配的MSpan结构内存
-dashboard.mcache_structures_usage=MCache结构内存使用量
-dashboard.mcache_structures_obtained=被分配的MCache结构内存
-dashboard.profiling_bucket_hash_table_obtained=被分配的剖析哈希表内存
-dashboard.gc_metadata_obtained=被分配的GC元数据内存
-dashboard.other_system_allocation_obtained=其它被分配的系统内存
-dashboard.next_gc_recycle=下次GC内存回收量
-dashboard.last_gc_time=距离上次GC时间
-dashboard.total_gc_pause=GC暂停时间总量
-dashboard.last_gc_pause=上次GC暂停时间
-dashboard.gc_times=GC执行次数
 dashboard.delete_old_actions=从数据库中删除所有旧操作记录
 dashboard.delete_old_actions.started=已开始从数据库中删除所有旧操作记录。
 dashboard.update_checker=更新检查器
@@ -3024,18 +2984,6 @@ users.purge_help=强制删除用户和用户拥有的任何仓库、组织和软
 users.still_own_packages=此用户仍然拥有一个或多个软件包，请先删除这些软件包。
 users.deletion_success=用户帐户已被删除。
 users.reset_2fa=重置两步验证
-users.list_status_filter.menu_text=过滤
-users.list_status_filter.reset=重置
-users.list_status_filter.is_active=已激活
-users.list_status_filter.not_active=未激活
-users.list_status_filter.is_admin=管理员
-users.list_status_filter.not_admin=非管理员
-users.list_status_filter.is_restricted=受限
-users.list_status_filter.not_restricted=不受限
-users.list_status_filter.is_prohibit_login=禁止登录
-users.list_status_filter.not_prohibit_login=允许登录
-users.list_status_filter.is_2fa_enabled=已启用2FA
-users.list_status_filter.not_2fa_enabled=未启用2FA
 users.details=用户详情
 
 emails.email_manage_panel=管理用户邮件地址
@@ -3355,26 +3303,6 @@ monitor.process.cancel_desc=中止一个进程可能导致数据丢失
 monitor.process.cancel_notices=中止：<strong>%s</strong>？
 monitor.process.children=子进程
 
-monitor.queues=队列
-monitor.queue=队列：%s
-monitor.queue.name=名称
-monitor.queue.type=类型
-monitor.queue.exemplar=数据类型
-monitor.queue.numberworkers=worker数量
-monitor.queue.activeworkers=活跃worker
-monitor.queue.maxnumberworkers=最大worker数量
-monitor.queue.numberinqueue=队列中的数量
-monitor.queue.review_add=审查/添加worker
-monitor.queue.settings.title=池设置
-monitor.queue.settings.desc=因为工作者队列阻塞，池正在动态扩展。
-monitor.queue.settings.maxnumberworkers=最大工作者数量
-monitor.queue.settings.maxnumberworkers.placeholder=当前%[1]d
-monitor.queue.settings.maxnumberworkers.error=最大工作者数必须是数字
-monitor.queue.settings.submit=更新设置
-monitor.queue.settings.changed=设置已更新
-monitor.queue.settings.remove_all_items=移除全部
-monitor.queue.settings.remove_all_items_done=队列中的所有项目已被移除。
-
 notices.system_notice_list=系统通知
 notices.view_detail_header=通知详情
 notices.operations=操作
@@ -3517,21 +3445,7 @@ workflow.disabled=工作流已禁用。
 
 need_approval_desc=该工作流由派生仓库的合并请求所触发，需要批准方可运行。
 
-variables=变量
-variables.management=管理变量
-variables.creation=添加变量
-variables.none=目前还没有变量。
-variables.deletion=删除变量
-variables.deletion.description=删除变量是永久性的，无法撤消。继续吗？
-variables.description=变量将被传给特定的Action，其它情况将不能被读取。
 variables.id_not_exist=ID为 %d 的变量不存在。
-variables.edit=编辑变量
-variables.deletion.failed=删除变量失败。
-variables.deletion.success=变量已被删除。
-variables.creation.failed=添加变量失败。
-variables.creation.success=变量 “%s” 添加成功。
-variables.update.failed=编辑变量失败。
-variables.update.success=该变量已被编辑。
 workflow.dispatch.trigger_found = 此工作流有<c>workflow_dispatch</c>事件触发器。
 workflow.dispatch.use_from = 使用工作流
 workflow.dispatch.invalid_input_type = 输入类型“%s”无效。
@@ -3542,7 +3456,6 @@ workflow.dispatch.input_required = 需要输入“%s”的值。
 runs.expire_log_message = 已清除日志，因为它们太旧了。
 runs.no_workflows.help_write_access = 不知道如何上手Forgejo Actions？查看<a target="_blank" rel="noopener noreferrer" href="%s">用户文档的快速上手部分</a>来编写你的第一个工作流，然后<a target="_blank" rel="noopener noreferrer" href="%s">配置一个Forgejo运行器</a>来运行你的任务。
 runs.no_workflows.help_no_write_access = 欲了解关于Forgejo Actions的更多信息，请参见<a target="_blank" rel="noopener noreferrer" href="%s">文档</a>。
-variables.not_found = 找不到变量。
 
 [projects]
 type-1.display_name=个人项目
@@ -3591,9 +3504,6 @@ regexp_tooltip = 将搜索内容解释为正则表达式
 [munits.data]
 
 [markup]
-filepreview.line = %[2]s中的第%[1]d行
-filepreview.lines = %[3]s中的第%[1]d到%[2]d行
-filepreview.truncated = 预览已被截断
 
 [translation_meta]
 test = 好的
diff --git a/options/locale/locale_zh-HK.ini b/options/locale/locale_zh-HK.ini
index 790012ecd9..becef6d682 100644
--- a/options/locale/locale_zh-HK.ini
+++ b/options/locale/locale_zh-HK.ini
@@ -70,19 +70,10 @@ return_to_forgejo = 返來 Forgejo
 username = 用戶名
 captcha = 驗證碼
 toggle_menu = 切換選單
-webauthn_insert_key = 插入安全密鑰
 twofa = 兩步驟驗證
-webauthn_sign_in = 撳下安全密鑰嘅掣。如果安全密鑰冇掣，請再插入。
-webauthn_press_button = 請撳下安全密鑰嘅掣…
 more_items = 多啲嘢
-webauthn_use_twofa = 用手機嘅兩步驟驗證
-webauthn_error = 唔可以讀取安全密鑰。
-webauthn_unsupported_browser = 你嘅瀏覽器唔支援 WebAuthn。
-webauthn_error_unknown = 發生未知嘅錯誤，請再試下。
-webauthn_error_unable_to_process = 伺服器唔可以執行你嘅請求。
 logo = 標識
 enable_javascript = 本網站需要 JavaScript。
-webauthn_error_empty = 你要起名呢條鎖匙。
 your_starred = 已加星號
 active_stopwatch = 活動時間追蹤器
 rerun = 重新執行
@@ -822,33 +813,6 @@ dashboard.clean_unbind_oauth=清理未綁定OAuth的連結
 dashboard.clean_unbind_oauth_success=所有未綁定 OAuth 的連結已刪除。
 dashboard.reinit_missing_repos=重新初始化所有遺失具已存在記錄的Git 儲存庫
 dashboard.sync_external_users=同步外部使用者資料
-dashboard.server_uptime=服務執行時間
-dashboard.current_goroutine=當前 Goroutines 數量
-dashboard.current_memory_usage=當前內存使用量
-dashboard.total_memory_allocated=所有被分配的內存
-dashboard.memory_obtained=內存佔用量
-dashboard.pointer_lookup_times=指針查找次數
-dashboard.current_heap_usage=當前 Heap 內存使用量
-dashboard.heap_memory_obtained=Heap 內存佔用量
-dashboard.heap_memory_idle=Heap 內存空閒量
-dashboard.heap_memory_in_use=正在使用的 Heap 內存
-dashboard.heap_memory_released=被釋放的 Heap 內存
-dashboard.heap_objects=Heap 對象數量
-dashboard.bootstrap_stack_usage=啟動 Stack 使用量
-dashboard.stack_memory_obtained=被分配的 Stack 內存
-dashboard.mspan_structures_usage=MSpan 結構內存使用量
-dashboard.mspan_structures_obtained=被分配的 MSpan 結構內存
-dashboard.mcache_structures_usage=MCache 結構內存使用量
-dashboard.mcache_structures_obtained=被分配的 MCache 結構內存
-dashboard.profiling_bucket_hash_table_obtained=被分配的剖析哈希表內存
-dashboard.gc_metadata_obtained=被分配的垃圾收集元資料內存
-dashboard.other_system_allocation_obtained=其它被分配的系統內存
-dashboard.next_gc_recycle=下次垃圾收集內存回收量
-dashboard.last_gc_time=距離上次垃圾收集時間
-dashboard.total_gc_pause=垃圾收集暫停時間總量
-dashboard.last_gc_pause=上次垃圾收集暫停時間
-dashboard.gc_times=垃圾收集執行次數
-
 users.full_name=組織全名
 users.activated=已啟用
 users.admin=管理員
@@ -857,8 +821,6 @@ users.created=建立時間
 users.edit=編輯
 users.auth_source=認證源
 users.local=本地
-users.list_status_filter.is_admin=管理員
-
 emails.activated=已啟用
 
 orgs.org_manage_panel=組織管理
@@ -1009,10 +971,6 @@ monitor.desc=進程描述
 monitor.start=開始時間
 monitor.execute_time=已執行時間
 
-monitor.queue.name=組織名稱
-monitor.queue.type=認證類型
-monitor.queue.settings.submit=更新設定
-
 notices.system_notice_list=系統提示管理
 notices.view_detail_header=查看提示細節
 notices.select_all=選取全部
diff --git a/options/locale/locale_zh-TW.ini b/options/locale/locale_zh-TW.ini
index 09052f05b2..7f55fd662d 100644
--- a/options/locale/locale_zh-TW.ini
+++ b/options/locale/locale_zh-TW.ini
@@ -35,18 +35,6 @@ twofa=兩步驟驗證
 twofa_scratch=兩步驟驗證備用驗證碼
 passcode=驗證碼
 
-webauthn_insert_key=插入您的安全金鑰
-webauthn_sign_in=按下您安全金鑰上的按鈕。如果您的安全金鑰沒有按鈕，請重新插入。
-webauthn_press_button=請按下您安全金鑰上的按鈕…
-webauthn_use_twofa=使用來自手機的兩步驟驗證碼
-webauthn_error=無法讀取您的安全金鑰。
-webauthn_unsupported_browser=您的瀏覽器還不支援 WebAuthn。
-webauthn_error_unknown=發生未知的錯誤，請再試一次。
-webauthn_error_insecure=WebAuthn 只支援安全連線。想在 HTTP 上測試，您可以使用「localhost」或「127.0.0.1」
-webauthn_error_unable_to_process=伺服器無法處理您的請求。
-webauthn_error_duplicated=此安全金鑰無法允許這個請求。請確保該金鑰尚未被註冊。
-webauthn_error_empty=您必須命名此金鑰。
-webauthn_error_timeout=在成功讀取金鑰之前已逾時，請重新載入此頁面並重試。
 repository=儲存庫
 organization=組織
 mirror=鏡像
@@ -2928,34 +2916,6 @@ dashboard.reinit_missing_repos=重新初始化所有記錄存在但遺失的 Git
 dashboard.sync_external_users=同步外部使用者資料
 dashboard.cleanup_hook_task_table=清理 hook_task 資料表
 dashboard.cleanup_packages=清理過期的軟體包
-dashboard.server_uptime=伺服器運作時間
-dashboard.current_goroutine=目前的 Goroutines
-dashboard.current_memory_usage=目前記憶體使用量
-dashboard.total_memory_allocated=所有被分配的記憶體
-dashboard.memory_obtained=獲得的記憶體
-dashboard.pointer_lookup_times=指標尋找次數
-dashboard.memory_allocate_times=記憶體分配次數
-dashboard.memory_free_times=記憶體釋放次數
-dashboard.current_heap_usage=目前 Heap 記憶體使用量
-dashboard.heap_memory_obtained=獲得的 Heap 記憶體
-dashboard.heap_memory_idle=Heap 記憶體閒置量
-dashboard.heap_memory_in_use=正在使用的 Heap 記憶體
-dashboard.heap_memory_released=被釋放的 Heap 記憶體
-dashboard.heap_objects=Heap 物件數量
-dashboard.bootstrap_stack_usage=啟動 Stack 使用量
-dashboard.stack_memory_obtained=獲得的 Stack 記憶體
-dashboard.mspan_structures_usage=MSpan 結構使用量
-dashboard.mspan_structures_obtained=獲得的 MSpan 結構
-dashboard.mcache_structures_usage=MCache 結構使用量
-dashboard.mcache_structures_obtained=獲得的 MCache 結構
-dashboard.profiling_bucket_hash_table_obtained=被分配的剖析雜湊表
-dashboard.gc_metadata_obtained=被分配 GC Metadata
-dashboard.other_system_allocation_obtained=其他獲得的系統記憶體
-dashboard.next_gc_recycle=下次 GC 記憶體回收量
-dashboard.last_gc_time=距離上次 GC 時間
-dashboard.total_gc_pause=總 GC 暫停時間
-dashboard.last_gc_pause=上次 GC 暫停時間
-dashboard.gc_times=GC 執行次數
 dashboard.delete_old_actions=從資料庫刪除所有舊操作紀錄
 dashboard.delete_old_actions.started=從資料庫刪除所有舊操作紀錄的任務已啟動。
 dashboard.update_checker=更新檢查器
@@ -3006,19 +2966,6 @@ users.purge_help=強制刪除使用者和其所擁有的所有儲存庫、組織
 users.still_own_packages=此使用者仍然擁有至少一個軟體包，請先刪除這些軟體包。
 users.deletion_success=已刪除該使用者帳號。
 users.reset_2fa=重設兩步驟驗證
-users.list_status_filter.menu_text=篩選
-users.list_status_filter.reset=重設
-users.list_status_filter.is_active=已啟用
-users.list_status_filter.not_active=未啟用
-users.list_status_filter.is_admin=管理員
-users.list_status_filter.not_admin=非管理員
-users.list_status_filter.is_restricted=受限
-users.list_status_filter.not_restricted=未受限制
-users.list_status_filter.is_prohibit_login=禁止登入
-users.list_status_filter.not_prohibit_login=允許登入
-users.list_status_filter.is_2fa_enabled=已啟用兩步驟驗證
-users.list_status_filter.not_2fa_enabled=未啟用兩步驟驗證
-
 emails.email_manage_panel=使用者電子信箱管理
 emails.primary=主要
 emails.activated=已啟用
@@ -3320,21 +3267,6 @@ monitor.process.cancel_desc=結束處理程序可能造成資料遺失
 monitor.process.cancel_notices=結束: <strong>%s</strong>?
 monitor.process.children=子程序
 
-monitor.queues=佇列
-monitor.queue=佇列: %s
-monitor.queue.name=名稱
-monitor.queue.type=類型
-monitor.queue.exemplar=型別
-monitor.queue.numberworkers=工作者數量
-monitor.queue.maxnumberworkers=最大工作者數量
-monitor.queue.numberinqueue=佇列中的數量
-monitor.queue.settings.title=集區設定
-monitor.queue.settings.maxnumberworkers=最大工作者數量
-monitor.queue.settings.maxnumberworkers.placeholder=目前 %[1]d
-monitor.queue.settings.maxnumberworkers.error=最大工作者數量必須是數字
-monitor.queue.settings.submit=更新設定
-monitor.queue.settings.changed=已更新設定
-
 notices.system_notice_list=系統提示
 notices.view_detail_header=提示詳情
 notices.operations=操作
@@ -3357,7 +3289,6 @@ dashboard.cron.cancelled = 定時作業：%[1]s 已被取消：%[3]s
 dashboard.cleanup_actions = 清理過期的 Action 日誌和物件
 users.bot = 機器人
 users.remote = 遠端
-monitor.queue.settings.remove_all_items_done = 已移除佇列中所有項目。
 config.access_log_template = 存取日誌範本
 monitor.stats = 統計資料
 self_check.no_problem_found = 未發現任何問題。
@@ -3370,7 +3301,6 @@ repos.lfs_size = LFS 大小
 packages.cleanup = 清除過期的資料
 packages.cleanup.success = 已成功清除過期資料
 monitor.processes_count = %d 個程序
-monitor.queue.settings.remove_all_items = 全部移除
 identity_access = 身分和存取
 config.cache_test = 測試快取
 config_settings = 設定
@@ -3390,7 +3320,6 @@ users.organization_creation.description = 允許建立新組織。
 config.app_slogan = 站點口號
 self_check = 自助檢查
 config.logger_name_fmt = 日誌：%s
-monitor.queue.review_add = 審閱／增加 Worker
 self_check.database_fix_mysql = 對於 MySQL／MariaDB 的使用者，你可以使用命令「forgejo doctor convert」來修復排序規則問題，或者你也可以手動透過「ALTER ... COLLATE ...」SQL 修復問題。
 monitor.duration = 持續時間（秒）
 systemhooks.desc = 當某些 Forgejo 事件觸發時，Webhook 會自動向伺服器發出 HTTP POST 請求。此處定義的 Webhook 將作用於系統上的所有儲存庫，因此請考慮這可能產生的任何效能影響。更多資訊請參考<a target="_blank" rel="noopener" href="%s">Webhook 指南</a>。
@@ -3415,9 +3344,6 @@ users.admin.description = 授予此使用者透過網頁介面和 API 提供的
 auths.tip.gitea = 註冊一個新的 OAuth2 應用程式。指南可在 %s 找到
 
 
-monitor.queue.activeworkers = 活躍工作者
-monitor.queue.settings.desc = 集區會根據工作者佇列的阻塞情況動態增長。
-
 [action]
 create_repo=建立了儲存庫 <a href="%s">%s</a>
 rename_repo=重新命名儲存庫 <code>%[1]s</code> 為 <a href="%[2]s">%[3]s</a>
@@ -3515,21 +3441,7 @@ workflow.enable=啟用工作流程
 workflow.enable_success=已成功啟用工作流程「%s」。
 
 need_approval_desc=需要核可才能執行來自分叉儲存庫的合併請求工作流程。
-variables.edit = 編輯變數
-variables = 變數
-variables.management = 變數管理
 variables.id_not_exist = ID 為 %d 的變數不存在。
-variables.description = 變數會被傳給特定的 Actions，除此之外它們無法被讀取。
-variables.creation.failed = 變數新增失敗。
-variables.update.success = 該變數已被編輯。
-variables.deletion.failed = 變數刪除失敗。
-variables.deletion.success = 該變數已被刪除。
-variables.creation = 新增變數
-variables.none = 目前沒有變數。
-variables.deletion = 刪除變數
-variables.deletion.description = 刪除變數是永久且不可取消的。要繼續嗎？
-variables.creation.success = 已新增變數 「%s」。
-variables.update.failed = 編輯變數失敗。
 runs.empty_commit_message = （空白的提交訊息）
 workflow.disabled = 工作流程已被停用。
 workflow.dispatch.input_required = 需要輸入「%s」的值。
@@ -3542,8 +3454,6 @@ workflow.dispatch.success = 已成功請求工作流程運行。
 workflow.dispatch.use_from = 使用工作流程自
 runs.no_workflows.help_no_write_access = 要了解 Forgejo Actions，請參閱<a target="_blank" rel="noopener noreferrer" href="%s">文件</a>。
 runs.no_workflows.help_write_access = 不知道如何開始使用 Forgejo Actions？查看<a target="_blank" rel="noopener noreferrer" href="%s">使用者文件中的快速入門</a>來編寫你的第一個工作流程，然後<a target="_blank" rel="noopener noreferrer" href="%s">設定 Forgejo Runner</a>來執行你的工作。
-variables.not_found = 找不到變數。
-
 
 [projects]
 type-2.display_name = 儲存庫專案
@@ -3591,9 +3501,6 @@ union_tooltip = 包含與任何空格分隔的關鍵字相符的結果
 [munits.data]
 
 [markup]
-filepreview.truncated = 預覽已被截斷
-filepreview.lines = %[3]s 中的第 %[1]d 至 %[2]d 行
-filepreview.line = %[2]s 中的第 %[1]d 行
 
 [translation_meta]
 test = 好的
diff --git a/options/locale_next/locale_ar.json b/options/locale_next/locale_ar.json
index 7861f67193..a2358fd17b 100644
--- a/options/locale_next/locale_ar.json
+++ b/options/locale_next/locale_ar.json
@@ -1,4 +1,40 @@
 {
+	"admin.monitor.queue.settings.changed": "تم تحديث الإعدادات",
+	"admin.monitor.queue.settings.submit": "حدّث الإعدادات",
+	"admin.monitor.queue.type": "النوع",
+	"admin.monitor.queue.name": "الاسم",
+	"admin.users.list_status_filter.not_restricted": "غير مقيد",
+	"admin.users.list_status_filter.is_restricted": "مقيَّد",
+	"admin.users.list_status_filter.not_admin": "غير مدير",
+	"admin.users.list_status_filter.is_admin": "مدير",
+	"admin.users.list_status_filter.not_active": "معطّل",
+	"admin.users.list_status_filter.is_active": "مفعّل",
+	"actions.variables.update.success": "عُدِّل المتغير.",
+	"actions.variables.update.failed": "فشل تعديل المتغير.",
+	"actions.variables.creation.success": "تم إضافة المتغير \"%s\".",
+	"actions.variables.creation.failed": "فشل إضافة المتغير.",
+	"actions.variables.deletion.success": "تم حذف المتغير.",
+	"actions.variables.deletion.failed": "فشل حذف المتغير.",
+	"actions.variables.edit": "عدّل المتغير",
+	"actions.variables.description": "تمرر المتغيرات إلى إجراءات معينة ولا يمكن قراءتها بطريقة أخرى.",
+	"actions.variables.deletion.description": "إزالة المتغيرات عملية نهائية لا يمكن التراجع عنها. أتريد الاستمرار؟",
+	"actions.variables.deletion": "أزل المتغير",
+	"actions.variables.none": "لا توجد متغيرات بعد.",
+	"actions.variables.creation": "أضف متغيرا",
+	"actions.variables.management": "إدارة المتغيرات",
+	"actions.variables": "المتغيرات",
+	"webauthn.error.timeout": "طال وقت الوصول قبل أن يُقرأ مفتاحك. من فضلك أعد تحميل الصفحة وحاول مجدداً.",
+	"webauthn.error.empty": "يلزم أن تضع اسم لهذا المفتاح.",
+	"webauthn.error.duplicated": "المفتاح الأمني غير مسموح له هذا الطلب. يرجى التأكد من أن المفتاح غير مسجل بالفعل.",
+	"webauthn.error.unable_to_process": "الخادم لا يمكنه معالجة طلبك.",
+	"webauthn.error.insecure": "ويب آوثن يدعم فقط الاتصالات الآمنة. للاختبار على HTTP، يمكنك استخدام \"localhost\" أو \"127.0.0.1\"",
+	"webauthn.error.unknown": "حدث خطأ غير معروف. من فضلك حاول مجدداً.",
+	"webauthn.unsupported_browser": "متصفحك لا يدعم ويب آوثن حالياً.",
+	"webauthn.error": "تعذر قراءة مفتاحك الأمني.",
+	"webauthn.use_twofa": "استخدم رمز المصادقة الموجود على هاتفك",
+	"webauthn.press_button": "من فضلك اضغط الزر على مفتاحك الأمني…",
+	"webauthn.sign_in": "اضغط الزر على مفتاحك الأمني إذا لم يكن لدى مفتاح الأمن الخاص بك أي زر، إعادة تشغيله.",
+	"webauthn.insert_key": "أدخل مفتاحك الأمني",
 	"counters.n_commits": {
 		"one": "%s إيداع",
 		"other": "%s إيداعات"
diff --git a/options/locale_next/locale_bg.json b/options/locale_next/locale_bg.json
index 5fdfec07d7..9b833c070d 100644
--- a/options/locale_next/locale_bg.json
+++ b/options/locale_next/locale_bg.json
@@ -1,4 +1,34 @@
 {
+	"admin.monitor.queue.type": "Тип",
+	"admin.monitor.queue": "Опашка: %s",
+	"admin.monitor.queues": "Опашки",
+	"markup.filepreview.lines": "Редове от %[1]d до %[2]d в %[3]s",
+	"markup.filepreview.line": "Ред %[1]d в %[2]s",
+	"actions.variables.update.success": "Променливата е редактирана.",
+	"actions.variables.update.failed": "Неуспешно редактиране на променлива.",
+	"actions.variables.creation.success": "Променливата „%s“ е добавена.",
+	"actions.variables.creation.failed": "Неуспешно добавяне на променлива.",
+	"actions.variables.deletion.success": "Променливата е премахната.",
+	"actions.variables.deletion.failed": "Неуспешно премахване на променлива.",
+	"actions.variables.not_found": "Променливата не е открита.",
+	"actions.variables.edit": "Редактиране на променливата",
+	"actions.variables.deletion": "Премахване на променливата",
+	"actions.variables.none": "Все още няма променливи.",
+	"actions.variables.creation": "Добавяне на променлива",
+	"actions.variables.management": "Управление на променливи",
+	"actions.variables": "Променливи",
+	"webauthn.error.timeout": "Времето за изчакване изтече преди ключът ви да бъде прочетен. Моля, презаредете страницата и опитайте отново.",
+	"webauthn.error.empty": "Трябва да зададете име за този ключ.",
+	"webauthn.error.duplicated": "Ключът за сигурност не е разрешен за тази заявка. Моля, уверете се, че ключът не е вече регистриран.",
+	"webauthn.error.unable_to_process": "Сървърът не можа да обработи заявката ви.",
+	"webauthn.error.insecure": "WebAuthn поддържа само сигурни връзки. За тестване през HTTP можете да използвате произход „localhost“ или „127.0.0.1“",
+	"webauthn.error.unknown": "Възникна неизвестна грешка. Моля, опитайте отново.",
+	"webauthn.unsupported_browser": "Вашият браузър в момента не поддържа WebAuthn.",
+	"webauthn.error": "Неуспешно прочитане на вашия ключ за сигурност.",
+	"webauthn.use_twofa": "Използвайте двуфакторен код от телефона си",
+	"webauthn.press_button": "Моля, натиснете бутона на вашия ключ за сигурност…",
+	"webauthn.sign_in": "Натиснете бутона на вашия ключ за сигурност. Ако ключът ви за сигурност няма бутон, поставете го отново.",
+	"webauthn.insert_key": "Поставете вашия ключ за сигурност",
 	"counters.n_commits": {
 		"one": "%s подаване",
 		"other": "%s подавания"
diff --git a/options/locale_next/locale_ca.json b/options/locale_next/locale_ca.json
index 554b1320aa..95db3f2943 100644
--- a/options/locale_next/locale_ca.json
+++ b/options/locale_next/locale_ca.json
@@ -1,4 +1,73 @@
 {
+	"admin.monitor.queue.type": "Tipus",
+	"admin.monitor.queue.name": "Nom",
+	"admin.users.list_status_filter.not_2fa_enabled": "A2F desactivada",
+	"admin.users.list_status_filter.is_2fa_enabled": "A2F activada",
+	"admin.users.list_status_filter.not_prohibit_login": "Inici de sessió permès",
+	"admin.users.list_status_filter.is_prohibit_login": "Inici de sessió prohibit",
+	"admin.users.list_status_filter.not_restricted": "No restringit",
+	"admin.users.list_status_filter.is_restricted": "Restringit",
+	"admin.users.list_status_filter.not_admin": "No administrador",
+	"admin.users.list_status_filter.is_admin": "Administrador",
+	"admin.users.list_status_filter.not_active": "Inactiu",
+	"admin.users.list_status_filter.is_active": "Actiu",
+	"admin.users.list_status_filter.reset": "Restaurar",
+	"admin.users.list_status_filter.menu_text": "Filtrar",
+	"admin.system_status.last_gc_pause": "Darrera pausa de GC",
+	"admin.system_status.total_gc_pause": "Pausa total de GC",
+	"admin.system_status.last_gc_time": "Temps des del darrer GC",
+	"admin.system_status.next_gc_recycle": "Proper cicle de GC",
+	"admin.system_status.gc_metadata_obtained": "Metadades del GC rebudes",
+	"admin.system_status.mcache_structures_obtained": "Estructures MCache rebudes",
+	"admin.system_status.mcache_structures_usage": "Ús de les estructures MCache",
+	"admin.system_status.mspan_structures_obtained": "Estructures MSpan rebudes",
+	"admin.system_status.mspan_structures_usage": "Ús de les estructures MSpan",
+	"admin.system_status.stack_memory_obtained": "Memòria de la pila (stack) rebuda",
+	"admin.system_status.bootstrap_stack_usage": "Ús de l'arrancada de la pila (stack)",
+	"admin.system_status.heap_objects": "Objectes del heap",
+	"admin.system_status.heap_memory_released": "Memòria del heap alliberada",
+	"admin.system_status.heap_memory_in_use": "Memòria del heap en ús",
+	"admin.system_status.heap_memory_idle": "Memòria del heap en repòs",
+	"admin.system_status.heap_memory_obtained": "Memòria de heap rebuda",
+	"admin.system_status.current_heap_usage": "Ús del heap actual",
+	"admin.system_status.memory_free_times": "Alliberaments de memòria",
+	"admin.system_status.memory_allocate_times": "Assignacions de memòria",
+	"admin.system_status.pointer_lookup_times": "Temps de consulta dels punters",
+	"admin.system_status.memory_obtained": "Memòria rebuda",
+	"admin.system_status.total_memory_allocated": "Total de memòria adjudicada",
+	"admin.system_status.current_memory_usage": "Ús de memòria actual",
+	"admin.system_status.current_goroutine": "Goroutines actuals",
+	"admin.system_status.server_uptime": "Temps de funcionament del servidor",
+	"markup.filepreview.truncated": "La vista prèvia s'ha truncat",
+	"markup.filepreview.lines": "Línies %[1]d a %[2]d en %[3]s",
+	"markup.filepreview.line": "Línia %[1]d a %[2]s",
+	"actions.variables.update.success": "S'ha editat la variable.",
+	"actions.variables.update.failed": "No s'ha pogut editar la variable.",
+	"actions.variables.creation.success": "S'ha afegit la variable \"%s\".",
+	"actions.variables.creation.failed": "No s'ha pogut afegir la variable.",
+	"actions.variables.deletion.success": "S'ha canviar el nom de la variable.",
+	"actions.variables.deletion.failed": "No s'ha pogut eliminar la variable.",
+	"actions.variables.not_found": "No s'ha trobat la variable.",
+	"actions.variables.edit": "Editar variable",
+	"actions.variables.description": "Les variables es passaran a certes accions i no es poden llegir altrament.",
+	"actions.variables.deletion.description": "Eliminar una variable és permanent i no es pot desfer. Continua?",
+	"actions.variables.deletion": "Eliminar variable",
+	"actions.variables.none": "Encara no hi ha variables.",
+	"actions.variables.creation": "Afegir variables",
+	"actions.variables.management": "Gestionar variables",
+	"actions.variables": "Variables",
+	"webauthn.error.timeout": "Temps d'espera finalitzar abans que la seva clau pogués ser llegida. Siusplau recarregueu la pàgina i torneu-ho a intentar.",
+	"webauthn.error.empty": "S'ha d'anomenar aquesta clau.",
+	"webauthn.error.duplicated": "La clau de seguretat no és permesa per aquesta sol·licitud. Si us plau, assegureu-vos que la clau encara no ha estat registrada.",
+	"webauthn.error.unable_to_process": "El servidor no ha pogut processar la vostra sol·licitud.",
+	"webauthn.error.insecure": "WebAuthn només suporta connexions segures. Per provar sobre HTTP, podeu utilitzar l'origen \"localhost\" o \"127.0.0.1\"",
+	"webauthn.error.unknown": "Hi ha hagut un error desconegut. Si us plau torneu-ho a intentar.",
+	"webauthn.unsupported_browser": "El teu navegador no suprta WebAuthn.",
+	"webauthn.error": "No s'ha pogut llegir la clau de seguretat.",
+	"webauthn.use_twofa": "Utilitza un codi de doble factor des del teu mòbil",
+	"webauthn.press_button": "Si us plau, premeu el botó a la vostra clau de seguretat…",
+	"webauthn.sign_in": "Premeu el botó a la vostra clau de seguretat. Si no en té, torneu-la a inserir.",
+	"webauthn.insert_key": "Inseriu la vostra clau de seguretat",
 	"counters.n_commits": {
 		"one": "%s commit",
 		"many": "%s commits",
diff --git a/options/locale_next/locale_cs-CZ.json b/options/locale_next/locale_cs-CZ.json
index b025aa8ccb..c62f8c5cc8 100644
--- a/options/locale_next/locale_cs-CZ.json
+++ b/options/locale_next/locale_cs-CZ.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Všechny položky ve frontě byly odstraněny.",
+	"admin.monitor.queue.settings.remove_all_items": "Odstranit vše",
+	"admin.monitor.queue.settings.changed": "Nastavení upravena",
+	"admin.monitor.queue.settings.submit": "Upravit nastavení",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Maximální počet workerů musí být číslo",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "V současné době %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Maximální počet workerů",
+	"admin.monitor.queue.settings.description": "Pooly dynamicky rostou podle blokování fronty jejich workerů.",
+	"admin.monitor.queue.settings.title": "Nastavení poolu",
+	"admin.monitor.queue.review_add": "Posoudit / přidat workery",
+	"admin.monitor.queue.numberinqueue": "Číslo ve frontě",
+	"admin.monitor.queue.maxnumberworkers": "Maximální počet workerů",
+	"admin.monitor.queue.activeworkers": "Aktivní workery",
+	"admin.monitor.queue.numberworkers": "Počet workerů",
+	"admin.monitor.queue.exemplar": "Typ vzoru",
+	"admin.monitor.queue.type": "Typ",
+	"admin.monitor.queue.name": "Název",
+	"admin.monitor.queue": "Fronta: %s",
+	"admin.monitor.queues": "Fronty",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA zakázáno",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA povoleno",
+	"admin.users.list_status_filter.not_prohibit_login": "Povolit přihlášení",
+	"admin.users.list_status_filter.is_prohibit_login": "Zakázat přihlášení",
+	"admin.users.list_status_filter.not_restricted": "Není omezen",
+	"admin.users.list_status_filter.is_restricted": "Omezeno",
+	"admin.users.list_status_filter.not_admin": "Není administrátor",
+	"admin.users.list_status_filter.is_admin": "Administrátor",
+	"admin.users.list_status_filter.not_active": "Neaktivní",
+	"admin.users.list_status_filter.is_active": "Aktivní",
+	"admin.users.list_status_filter.reset": "Obnovit",
+	"admin.users.list_status_filter.menu_text": "Filtr",
+	"admin.system_status.gc_times": "Časy GC",
+	"admin.system_status.last_gc_pause": "Poslední pauza GC",
+	"admin.system_status.total_gc_pause": "Celková pauza GC",
+	"admin.system_status.last_gc_time": "Doba od posledního GC",
+	"admin.system_status.next_gc_recycle": "Příští recyklace GC",
+	"admin.system_status.other_system_allocation_obtained": "Získaná alokace ostatních systémových prostředků",
+	"admin.system_status.gc_metadata_obtained": "Získaná metadata GC",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Získaná profilovací bucket hash tabulka",
+	"admin.system_status.mcache_structures_obtained": "Získané struktury MCache",
+	"admin.system_status.mcache_structures_usage": "Využití struktur MCache",
+	"admin.system_status.mspan_structures_obtained": "Získané struktury MSpan",
+	"admin.system_status.mspan_structures_usage": "Užití struktur MSpan",
+	"admin.system_status.stack_memory_obtained": "Celková získaná pamět zásobníku",
+	"admin.system_status.bootstrap_stack_usage": "Využití zásobníku prvotního zavedení",
+	"admin.system_status.heap_objects": "Objekty zásobníku",
+	"admin.system_status.heap_memory_released": "Uvolněná paměť zásobníku",
+	"admin.system_status.heap_memory_in_use": "Používaná paměť zásobníku",
+	"admin.system_status.heap_memory_idle": "Nečinná paměť zásobníku",
+	"admin.system_status.heap_memory_obtained": "Získaná paměť zásobníku",
+	"admin.system_status.current_heap_usage": "Aktuální využití paměti zásobníku",
+	"admin.system_status.memory_free_times": "Uvolnění paměti",
+	"admin.system_status.memory_allocate_times": "Alokace paměti",
+	"admin.system_status.pointer_lookup_times": "Časy vyhledávání ukazatelů",
+	"admin.system_status.memory_obtained": "Získaná paměť",
+	"admin.system_status.total_memory_allocated": "Celková přidělená paměť",
+	"admin.system_status.current_memory_usage": "Aktuální využití paměti",
+	"admin.system_status.current_goroutine": "Aktuální goroutines",
+	"admin.system_status.server_uptime": "Doba provozu serveru",
+	"markup.filepreview.truncated": "Náhled byl zkrácen",
+	"markup.filepreview.lines": "Řádky %[1]d až %[2]d v souboru %[3]s",
+	"markup.filepreview.line": "Řádek %[1]d v souboru %[2]s",
+	"actions.variables.update.success": "Proměnná byla upravena.",
+	"actions.variables.update.failed": "Úprava proměnné se nezdařila.",
+	"actions.variables.creation.success": "Proměnná „%s“ byla přidána.",
+	"actions.variables.creation.failed": "Přidání proměnné se nezdařilo.",
+	"actions.variables.deletion.success": "Proměnná byla odstraněna.",
+	"actions.variables.deletion.failed": "Nepodařilo se odstranit proměnnou.",
+	"actions.variables.not_found": "Nepodařilo se najít proměnnou.",
+	"actions.variables.edit": "Upravit proměnnou",
+	"actions.variables.description": "Proměnné budou předány určitým akcím a nelze je přečíst jinak.",
+	"actions.variables.deletion.description": "Odstranění proměnné je trvalé a nelze jej vrátit zpět. Pokračovat?",
+	"actions.variables.deletion": "Odstranit proměnnou",
+	"actions.variables.none": "Zatím zde nejsou žádné proměnné.",
+	"actions.variables.creation": "Přidat proměnnou",
+	"actions.variables.management": "Správa proměnných",
+	"actions.variables": "Proměnné",
+	"webauthn.error.timeout": "Požadavek vypršel dříve, než se podařilo přečíst váš klíč. Znovu načtěte tuto stránku a akci opakujte.",
+	"webauthn.error.empty": "Musíte nastavit název tohoto klíče.",
+	"webauthn.error.duplicated": "Bezpečnostní klíč není pro tento požadavek povolen. Ujistěte se prosím, zda klíč již není registrován.",
+	"webauthn.error.unable_to_process": "Server nemohl zpracovat váš požadavek.",
+	"webauthn.error.insecure": "WebAuthn podporuje pouze zabezpečená připojení. Pro testování přes HTTP můžete použít výchozí „localhost“ nebo „127.0.0.1“",
+	"webauthn.error.unknown": "Došlo k neznámé chybě. Opakujte akci.",
+	"webauthn.unsupported_browser": "Váš prohlížeč momentálně nepodporuje WebAuthn.",
+	"webauthn.error": "Nepodařilo se přečíst váš bezpečnostní klíč.",
+	"webauthn.use_twofa": "Použít dvoufaktorový kód z vašeho telefonu",
+	"webauthn.press_button": "Stiskněte tlačítko na bezpečnostním klíči…",
+	"webauthn.sign_in": "Stiskněte tlačítko na svém bezpečnostním klíči. Pokud bezpečnostní klíč nemá žádné tlačítko, vložte jej znovu.",
+	"webauthn.insert_key": "Vložte svůj bezpečnostní klíč",
 	"counters.n_commits": {
 		"one": "%s revize",
 		"few": "%s revize",
diff --git a/options/locale_next/locale_da.json b/options/locale_next/locale_da.json
index 3244a0cc7c..d863f0529d 100644
--- a/options/locale_next/locale_da.json
+++ b/options/locale_next/locale_da.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Alle varer i køen er blevet fjernet.",
+	"admin.monitor.queue.settings.remove_all_items": "Slet alle",
+	"admin.monitor.queue.settings.changed": "Indstillinger opdateret",
+	"admin.monitor.queue.settings.submit": "Opdater indstillinger",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Max antal arbejdere skal være et tal",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "I øjeblikket %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Max antal arbejdere",
+	"admin.monitor.queue.settings.description": "Puljer vokser dynamisk som reaktion på deres blokering af arbejderkø.",
+	"admin.monitor.queue.settings.title": "Pool indstillinger",
+	"admin.monitor.queue.review_add": "Gennemgå / tilføj arbejdere",
+	"admin.monitor.queue.numberinqueue": "Nummer i kø",
+	"admin.monitor.queue.maxnumberworkers": "Max antal arbejdere",
+	"admin.monitor.queue.activeworkers": "Aktive arbejdere",
+	"admin.monitor.queue.numberworkers": "Antal arbejdere",
+	"admin.monitor.queue.exemplar": "Eksempler type",
+	"admin.monitor.queue.type": "Type",
+	"admin.monitor.queue.name": "Navn",
+	"admin.monitor.queue": "Kø: %s",
+	"admin.monitor.queues": "Køer",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA deaktiveret",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA aktiveret",
+	"admin.users.list_status_filter.not_prohibit_login": "Tillad login",
+	"admin.users.list_status_filter.is_prohibit_login": "Forbyd login",
+	"admin.users.list_status_filter.not_restricted": "Ikke begrænset",
+	"admin.users.list_status_filter.is_restricted": "Begrænset",
+	"admin.users.list_status_filter.not_admin": "Ikke admin",
+	"admin.users.list_status_filter.is_admin": "Admin",
+	"admin.users.list_status_filter.not_active": "Inaktiv",
+	"admin.users.list_status_filter.is_active": "Aktiv",
+	"admin.users.list_status_filter.reset": "Nulstil",
+	"admin.users.list_status_filter.menu_text": "Filter",
+	"admin.system_status.gc_times": "GC times",
+	"admin.system_status.last_gc_pause": "Sidste GC-pause",
+	"admin.system_status.total_gc_pause": "Total GC-pause",
+	"admin.system_status.last_gc_time": "Tid siden sidste GC",
+	"admin.system_status.next_gc_recycle": "Næste GC genbrug",
+	"admin.system_status.other_system_allocation_obtained": "Anden systemallokering opnået",
+	"admin.system_status.gc_metadata_obtained": "GC-metadata opnået",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Profilering bucket hash tabel opnået",
+	"admin.system_status.mcache_structures_obtained": "MCache-strukturer opnået",
+	"admin.system_status.mcache_structures_usage": "MCache strukturer brug",
+	"admin.system_status.mspan_structures_obtained": "Mspan strukturer opnået",
+	"admin.system_status.mspan_structures_usage": "MSpan strukturer brug",
+	"admin.system_status.stack_memory_obtained": "Stakhukommelse opnået",
+	"admin.system_status.bootstrap_stack_usage": "Brug af bootstrap-stak",
+	"admin.system_status.heap_objects": "Heap genstande",
+	"admin.system_status.heap_memory_released": "Heap-hukommelse frigivet",
+	"admin.system_status.heap_memory_in_use": "Heap hukommelse i brug",
+	"admin.system_status.heap_memory_idle": "Heap hukommelse inaktiv",
+	"admin.system_status.heap_memory_obtained": "Heap-hukommelse opnået",
+	"admin.system_status.current_heap_usage": "Nuværende heap-brug",
+	"admin.system_status.memory_free_times": "Hukommelses frigørelse",
+	"admin.system_status.memory_allocate_times": "Hukommelsestildelinger",
+	"admin.system_status.pointer_lookup_times": "Pointer-opslagstider",
+	"admin.system_status.memory_obtained": "Hukommelse opnået",
+	"admin.system_status.total_memory_allocated": "Samlet hukommelse tildelt",
+	"admin.system_status.current_memory_usage": "Aktuel hukommelsesbrug",
+	"admin.system_status.current_goroutine": "Nuværende goroutiner",
+	"admin.system_status.server_uptime": "Server oppetid",
+	"markup.filepreview.truncated": "Forhåndsvisningen er blevet afkortet",
+	"markup.filepreview.lines": "Linjer %[1]d til %[2]d i %[3]s",
+	"markup.filepreview.line": "Linje %[1]d i %[2]s",
+	"actions.variables.update.success": "Variablen er blevet redigeret.",
+	"actions.variables.update.failed": "Variablen kunne ikke redigeres.",
+	"actions.variables.creation.success": "Variablen \"%s\" er blevet tilføjet.",
+	"actions.variables.creation.failed": "Kunne ikke tilføje variabel.",
+	"actions.variables.deletion.success": "Variablen er blevet fjernet.",
+	"actions.variables.deletion.failed": "Variablen kunne ikke fjernes.",
+	"actions.variables.not_found": "Variablen kunne ikke findes.",
+	"actions.variables.edit": "Rediger variabel",
+	"actions.variables.description": "Variabler vil blive videregivet til visse handlinger og kan ikke læses på anden vis.",
+	"actions.variables.deletion.description": "Fjernelse af en variabel er permanent og kan ikke fortrydes. Vil du fortsætte?",
+	"actions.variables.deletion": "Fjern variabel",
+	"actions.variables.none": "Der er ingen variabler endnu.",
+	"actions.variables.creation": "Tilføj variabel",
+	"actions.variables.management": "Administrer variabler",
+	"actions.variables": "Variabler",
+	"webauthn.error.timeout": "Timeout nået, før din nøgle kunne læses. Genindlæs denne side og prøv igen.",
+	"webauthn.error.empty": "Du skal angive et navn for denne nøgle.",
+	"webauthn.error.duplicated": "Sikkerhedsnøglen er ikke tilladt for denne anmodning. Sørg for, at nøglen ikke allerede er registreret.",
+	"webauthn.error.unable_to_process": "Serveren kunne ikke behandle din anmodning.",
+	"webauthn.error.insecure": "WebAuthn understøtter kun sikre forbindelser. Til test over HTTP kan du bruge oprindelsen \"localhost\" eller \"127.0.0.1\"",
+	"webauthn.error.unknown": "Der opstod en ukendt fejl. Prøv venligst igen.",
+	"webauthn.unsupported_browser": "Din browser understøtter i øjeblikket ikke WebAuthn.",
+	"webauthn.error": "Kunne ikke læse din sikkerhedsnøgle.",
+	"webauthn.use_twofa": "Brug en tofaktorkode fra din telefon",
+	"webauthn.press_button": "Tryk venligst på knappen på din sikkerhedsnøgle…",
+	"webauthn.sign_in": "Tryk på knappen på din sikkerhedsnøgle. Hvis din sikkerhedsnøgle ikke har nogen knap, skal du indsætte den igen.",
+	"webauthn.insert_key": "Indsæt din sikkerhedsnøgle",
 	"counters.n_commits": {
 		"one": "%s commit",
 		"other": "%s commits"
diff --git a/options/locale_next/locale_de-DE.json b/options/locale_next/locale_de-DE.json
index 5e4b3784d7..b2ab8e138e 100644
--- a/options/locale_next/locale_de-DE.json
+++ b/options/locale_next/locale_de-DE.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Alle Elemente in der Warteschlange wurden entfernt.",
+	"admin.monitor.queue.settings.remove_all_items": "Alle entfernen",
+	"admin.monitor.queue.settings.changed": "Einstellungen aktualisiert",
+	"admin.monitor.queue.settings.submit": "Einstellungen aktualisieren",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Die Anzahl der Worker muss eine Zahl sein",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Derzeit %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Maximale Anzahl an Workern",
+	"admin.monitor.queue.settings.description": "Pools wachsen dynamisch basierend auf der Blockierung der Arbeitswarteschlange.",
+	"admin.monitor.queue.settings.title": "Pool-Einstellungen",
+	"admin.monitor.queue.review_add": "Worker hinzufügen/prüfen",
+	"admin.monitor.queue.numberinqueue": "Anzahl in der Warteschlange",
+	"admin.monitor.queue.maxnumberworkers": "Maximale Anzahl der Worker",
+	"admin.monitor.queue.activeworkers": "Aktive Worker",
+	"admin.monitor.queue.numberworkers": "Anzahl der Worker",
+	"admin.monitor.queue.exemplar": "Beispieltyp",
+	"admin.monitor.queue.type": "Typ",
+	"admin.monitor.queue.name": "Name",
+	"admin.monitor.queue": "Warteschlange: %s",
+	"admin.monitor.queues": "Warteschlangen",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA deaktiviert",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA aktiviert",
+	"admin.users.list_status_filter.not_prohibit_login": "Anmelden erlaubt",
+	"admin.users.list_status_filter.is_prohibit_login": "Anmelden verbieten",
+	"admin.users.list_status_filter.not_restricted": "Unbegrenzt",
+	"admin.users.list_status_filter.is_restricted": "Eingeschränkt",
+	"admin.users.list_status_filter.not_admin": "Nicht-Administrator",
+	"admin.users.list_status_filter.is_admin": "Administrator",
+	"admin.users.list_status_filter.not_active": "Inaktiv",
+	"admin.users.list_status_filter.is_active": "Aktiv",
+	"admin.users.list_status_filter.reset": "Zurücksetzen",
+	"admin.users.list_status_filter.menu_text": "Filter",
+	"admin.system_status.gc_times": "GC-Zeiten",
+	"admin.system_status.last_gc_pause": "Letzte GC-Pause",
+	"admin.system_status.total_gc_pause": "Gesamte GC-Pause",
+	"admin.system_status.last_gc_time": "Seit letztem GC-Zyklus",
+	"admin.system_status.next_gc_recycle": "Nächster GC-Zyklus",
+	"admin.system_status.other_system_allocation_obtained": "Andere erhaltene System-Allokationen",
+	"admin.system_status.gc_metadata_obtained": "Erhaltene GC-Metadaten",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Erhaltene Analysesatz-Hashtabellen",
+	"admin.system_status.mcache_structures_obtained": "Erhaltene MCache-Structures",
+	"admin.system_status.mcache_structures_usage": "MCache-Structures-Auslastung",
+	"admin.system_status.mspan_structures_obtained": "Erhaltene MSpan-Structures",
+	"admin.system_status.mspan_structures_usage": "MSpan-Structures-Auslastung",
+	"admin.system_status.stack_memory_obtained": "Erhaltener Stack-Arbeitsspeicher",
+	"admin.system_status.bootstrap_stack_usage": "Bootstrap-Stack-Auslastung",
+	"admin.system_status.heap_objects": "Heap-Objekte",
+	"admin.system_status.heap_memory_released": "Freigegebener Heap-Arbeitsspeicher",
+	"admin.system_status.heap_memory_in_use": "Benutzter-Heap-Arbeitsspeicher",
+	"admin.system_status.heap_memory_idle": "Unbenutzter Heap-Arbeitsspeicher",
+	"admin.system_status.heap_memory_obtained": "Erhaltener Heap-Arbeitsspeicher",
+	"admin.system_status.current_heap_usage": "Aktuelle Heap-Auslastung",
+	"admin.system_status.memory_free_times": "Speicherfreigaben",
+	"admin.system_status.memory_allocate_times": "Speicheranforderungen",
+	"admin.system_status.pointer_lookup_times": "Anzahl Zeigerlookups",
+	"admin.system_status.memory_obtained": "Erhaltener Speicher",
+	"admin.system_status.total_memory_allocated": "Zugeteilter Gesamtspeicher",
+	"admin.system_status.current_memory_usage": "Aktuelle Speichernutzung",
+	"admin.system_status.current_goroutine": "Aktuelle Goroutinen",
+	"admin.system_status.server_uptime": "Server-Uptime",
+	"markup.filepreview.truncated": "Vorschau wurde gekürzt",
+	"markup.filepreview.lines": "Zeilen %[1]d bis %[2]d in %[3]s",
+	"markup.filepreview.line": "Zeile %[1]d in %[2]s",
+	"actions.variables.update.success": "Die Variable wurde bearbeitet.",
+	"actions.variables.update.failed": "Fehler beim Bearbeiten der Variable.",
+	"actions.variables.creation.success": "Die Variable „%s“ wurde hinzugefügt.",
+	"actions.variables.creation.failed": "Fehler beim Hinzufügen der Variable.",
+	"actions.variables.deletion.success": "Die Variable wurde entfernt.",
+	"actions.variables.deletion.failed": "Fehler beim Entfernen der Variable.",
+	"actions.variables.not_found": "Die Variable wurde nicht gefunden.",
+	"actions.variables.edit": "Variable bearbeiten",
+	"actions.variables.description": "Variablen werden an bestimmte Aktionen übergeben und können nicht anderweitig gelesen werden.",
+	"actions.variables.deletion.description": "Das Entfernen einer Variable ist dauerhaft und kann nicht rückgängig gemacht werden. Fortfahren?",
+	"actions.variables.deletion": "Variable entfernen",
+	"actions.variables.none": "Es gibt noch keine Variablen.",
+	"actions.variables.creation": "Variable hinzufügen",
+	"actions.variables.management": "Variablen verwalten",
+	"actions.variables": "Variablen",
+	"webauthn.error.timeout": "Das Zeitlimit wurde erreicht, bevor dein Schlüssel gelesen werden konnte. Bitte lade die Seite erneut.",
+	"webauthn.error.empty": "Du musst einen Namen für diesen Schlüssel festlegen.",
+	"webauthn.error.duplicated": "Für diese Anfrage ist der Sicherheitsschlüssel nicht erlaubt. Bitte stell sicher, dass er nicht bereits registriert ist.",
+	"webauthn.error.unable_to_process": "Der Server konnte deine Anfrage nicht bearbeiten.",
+	"webauthn.error.insecure": "WebAuthn unterstützt nur sichere Verbindungen. Zum Testen über HTTP kannst du „localhost“ oder „127.0.0.1“ als Host verwenden",
+	"webauthn.error.unknown": "Ein unbekannter Fehler ist aufgetreten. Bitte versuche es erneut.",
+	"webauthn.unsupported_browser": "Dein Browser unterstützt derzeit kein WebAuthn.",
+	"webauthn.error": "Dein Sicherheitsschlüssel konnte nicht gelesen werden.",
+	"webauthn.use_twofa": "Zwei-Faktor-Authentifizierung via Handy verwenden",
+	"webauthn.press_button": "Drücke den Knopf auf deinem Sicherheitsschlüssel …",
+	"webauthn.sign_in": "Drücke den Knopf auf deinem Sicherheitsschlüssel. Wenn dein Sicherheitsschlüssel keinen Knopf hat, stecke ihn erneut ein.",
+	"webauthn.insert_key": "Hardware-Sicherheitsschlüssel einstecken",
 	"counters.n_commits": {
 		"one": "%s Commit",
 		"other": "%s Commits"
diff --git a/options/locale_next/locale_el-GR.json b/options/locale_next/locale_el-GR.json
index f29e36bb2b..ee9e48e977 100644
--- a/options/locale_next/locale_el-GR.json
+++ b/options/locale_next/locale_el-GR.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Όλα τα αντικείμενα στην ουρά αφαιρέθηκαν.",
+	"admin.monitor.queue.settings.remove_all_items": "Αφαίρεση όλων",
+	"admin.monitor.queue.settings.changed": "Οι ρυθμίσεις ενημερώθηκαν",
+	"admin.monitor.queue.settings.submit": "Ενημέρωση ρυθμίσεων",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Ο μέγιστος αριθμός εργατών πρέπει να είναι αριθμός",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Αυτή τη στιγμή %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Μέγιστος Αριθμός Εργατών",
+	"admin.monitor.queue.settings.description": "Οι δεξαμενές αυξάνονται δυναμικά όταν υπάρχει φραγή της ουράς των εργατών τους.",
+	"admin.monitor.queue.settings.title": "Ρυθμίσεις δεξαμενής",
+	"admin.monitor.queue.review_add": "Εξέταση / προσθήκη εργατών",
+	"admin.monitor.queue.numberinqueue": "Πλήθος ουράς",
+	"admin.monitor.queue.maxnumberworkers": "Μέγιστος αριθμός εργατών",
+	"admin.monitor.queue.activeworkers": "Ενεργοί εργάτες",
+	"admin.monitor.queue.numberworkers": "Αριθμός εργατών",
+	"admin.monitor.queue.exemplar": "Τύπος Υποδείγματος",
+	"admin.monitor.queue.type": "Τύπος",
+	"admin.monitor.queue.name": "Όνομα",
+	"admin.monitor.queue": "Ουρά: %s",
+	"admin.monitor.queues": "Ουρές",
+	"admin.users.list_status_filter.not_2fa_enabled": "Χωρίς 2FA",
+	"admin.users.list_status_filter.is_2fa_enabled": "Με ενεργοποιημένο 2FA",
+	"admin.users.list_status_filter.not_prohibit_login": "Επιτρέπεται η σύνδεση",
+	"admin.users.list_status_filter.is_prohibit_login": "Απαγορευμένη σύνδεση",
+	"admin.users.list_status_filter.not_restricted": "Χωρίς περιορισμούς",
+	"admin.users.list_status_filter.is_restricted": "Περιορισμένος",
+	"admin.users.list_status_filter.not_admin": "Χωρίς δικαιώματα διαχειριστή",
+	"admin.users.list_status_filter.is_admin": "Διαχειριστής",
+	"admin.users.list_status_filter.not_active": "Ανενεργό",
+	"admin.users.list_status_filter.is_active": "Ενεργό",
+	"admin.users.list_status_filter.reset": "Επαναφορά",
+	"admin.users.list_status_filter.menu_text": "Φίλτρο",
+	"admin.system_status.gc_times": "Χρόνοι GC",
+	"admin.system_status.last_gc_pause": "Τελευταία παύση GC",
+	"admin.system_status.total_gc_pause": "Σύνολο παύσης GC",
+	"admin.system_status.last_gc_time": "Χρόνος από την τελευταία φορά που έγινε GC",
+	"admin.system_status.next_gc_recycle": "Επόμενη ανακύκλωση GC",
+	"admin.system_status.other_system_allocation_obtained": "Άλλες κατανομές συστήματος που έχουν ληφθεί",
+	"admin.system_status.gc_metadata_obtained": "Μεταδεδομένα GC που έχουν ληφθεί",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Profiling bucket hash table που έχει ληφθεί",
+	"admin.system_status.mcache_structures_obtained": "Δομές MCache που έχουν ληφθεί",
+	"admin.system_status.mcache_structures_usage": "Χρήση δομών MCache",
+	"admin.system_status.mspan_structures_obtained": "Δομές MSpan που έχουν ληφθεί",
+	"admin.system_status.mspan_structures_usage": "Χρήση δομών MSpan",
+	"admin.system_status.stack_memory_obtained": "Μνήμη στοίβας που λαμβάνεται",
+	"admin.system_status.bootstrap_stack_usage": "Χρήση στοίβας bootstrap",
+	"admin.system_status.heap_objects": "Αντικείμενα στο heap",
+	"admin.system_status.heap_memory_released": "Μνήμη heap που απελευθερώθηκε",
+	"admin.system_status.heap_memory_in_use": "Μνήμη heap σε χρήση",
+	"admin.system_status.heap_memory_idle": "Αδρανής μνήμη heap",
+	"admin.system_status.heap_memory_obtained": "Μνήμη heap που λαμβάνεται",
+	"admin.system_status.current_heap_usage": "Τρέχουσα χρήση heap",
+	"admin.system_status.memory_free_times": "Ελευθερώσεις μνήμης",
+	"admin.system_status.memory_allocate_times": "Κατανομές μνήμης",
+	"admin.system_status.pointer_lookup_times": "Πλήθος αναζητήσεων δείκτη",
+	"admin.system_status.memory_obtained": "Μνήμη που λαμβάνεται",
+	"admin.system_status.total_memory_allocated": "Συνολική χρησιμοποιούμενη μνήμη",
+	"admin.system_status.current_memory_usage": "Τρέχουσα χρήση μνήμης",
+	"admin.system_status.current_goroutine": "Τρέχουσες goroutines",
+	"admin.system_status.server_uptime": "Uptime διακομιστή",
+	"markup.filepreview.truncated": "Η προεπισκόπηση έχει περικοπεί",
+	"markup.filepreview.lines": "Γραμμές %[1]d έως %[2]d στο αρχείο %[3]s",
+	"markup.filepreview.line": "Γραμμή %[1]d στο αρχείο %[2]s",
+	"actions.variables.update.success": "Η μεταβλητή έχει τροποποιηθεί.",
+	"actions.variables.update.failed": "Αποτυχία επεξεργασίας μεταβλητής.",
+	"actions.variables.creation.success": "Η μεταβλητή «%s» προστέθηκε.",
+	"actions.variables.creation.failed": "Αποτυχία προσθήκης μεταβλητής.",
+	"actions.variables.deletion.success": "Η μεταβλητή έχει αφαιρεθεί.",
+	"actions.variables.deletion.failed": "Αποτυχία αφαίρεσης της μεταβλητής.",
+	"actions.variables.not_found": "Αποτυχία εύρεσης της μεταβλητής.",
+	"actions.variables.edit": "Επεξεργασία Μεταβλητής",
+	"actions.variables.description": "Η μεταβλητές θα δίνονται σε ορισμένες δράσεις και δεν μπορούν να διαβαστούν αλλιώς.",
+	"actions.variables.deletion.description": "Η αφαίρεση μιας μεταβλητής είναι μόνιμη και δεν μπορεί να αναιρεθεί. Συνέχεια;",
+	"actions.variables.deletion": "Αφαίρεση μεταβλητής",
+	"actions.variables.none": "Δεν υπάρχουν ακόμα μεταβλητές.",
+	"actions.variables.creation": "Προσθήκη μεταβλητή",
+	"actions.variables.management": "Διαχείριση μεταβλητών",
+	"actions.variables": "Μεταβλητές",
+	"webauthn.error.timeout": "Το χρονικό όριο έφτασε πριν το κλειδί να διαβαστεί. Παρακαλώ ανανεώστε τη σελίδα και προσπαθήστε ξανά.",
+	"webauthn.error.empty": "Πρέπει να ορίσετε ένα όνομα για αυτό το κλειδί.",
+	"webauthn.error.duplicated": "Το κλειδί ασφαλείας δεν επιτρέπεται για αυτό το αίτημα. Βεβαιωθείτε ότι το κλειδί δεν έχει ήδη καταχωρηθεί.",
+	"webauthn.error.unable_to_process": "Ο διακομιστής δεν μπόρεσε να επεξεργαστεί το αίτημά σας.",
+	"webauthn.error.insecure": "Το WebAuthn υποστηρίζει μόνο ασφαλές συνδέσεις. Αν θέλετε να διεξάγετε δοκιμές μέσω HTTP, μπορείτε να χρησιμοποιήσετε την προέλευση «localhost» ή «127.0.0.1»",
+	"webauthn.error.unknown": "Παρουσιάστηκε ένα άγνωστο σφάλμα. Παρακαλώ προσπαθήστε ξανά.",
+	"webauthn.unsupported_browser": "Το πρόγραμμα περιήγησής σας δεν υποστηρίζει επί του παρόντος WebAuthn.",
+	"webauthn.error": "Δεν ήταν δυνατή η επικοινωνία με το κλειδί ασφαλείας σας.",
+	"webauthn.use_twofa": "Χρησιμοποιήστε έναν κωδικό δύο παραγόντων από το τηλέφωνό σας",
+	"webauthn.press_button": "Παρακαλώ πατήστε το κουμπί στο κλειδί ασφαλείας…",
+	"webauthn.sign_in": "Πατήστε το κουμπί στο κλειδί ασφαλείας σας. Αν το κλειδί ασφαλείας σας δεν έχει κουμπί, αποσυνδέστε το και συνδέστε το ξανά.",
+	"webauthn.insert_key": "Εισάγετε το κλειδί ασφαλείας σας",
 	"counters.n_commits": {
 		"one": "%s υποβολή",
 		"other": "%s υποβολές"
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index f3ac162fac..9631c43ad4 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -180,6 +180,65 @@
 	"admin.moderation.reports": "Reports",
 	"admin.moderation.no_open_reports": "There are currently no open reports.",
 	"admin.moderation.deleted_content_ref": "Reported content with type %[1]v and id %[2]d no longer exists",
+	"admin.system_status.server_uptime": "Server uptime",
+	"admin.system_status.current_goroutine": "Current goroutines",
+	"admin.system_status.current_memory_usage": "Current memory usage",
+	"admin.system_status.total_memory_allocated": "Total memory allocated",
+	"admin.system_status.memory_obtained": "Memory obtained",
+	"admin.system_status.pointer_lookup_times": "Pointer lookup times",
+	"admin.system_status.memory_allocate_times": "Memory allocations",
+	"admin.system_status.memory_free_times": "Memory frees",
+	"admin.system_status.current_heap_usage": "Current heap usage",
+	"admin.system_status.heap_memory_obtained": "Heap memory obtained",
+	"admin.system_status.heap_memory_idle": "Heap memory idle",
+	"admin.system_status.heap_memory_in_use": "Heap memory in use",
+	"admin.system_status.heap_memory_released": "Heap memory released",
+	"admin.system_status.heap_objects": "Heap objects",
+	"admin.system_status.bootstrap_stack_usage": "Bootstrap stack usage",
+	"admin.system_status.stack_memory_obtained": "Stack memory obtained",
+	"admin.system_status.mspan_structures_usage": "MSpan structures usage",
+	"admin.system_status.mspan_structures_obtained": "MSpan structures obtained",
+	"admin.system_status.mcache_structures_usage": "MCache structures usage",
+	"admin.system_status.mcache_structures_obtained": "MCache structures obtained",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Profiling bucket hash table obtained",
+	"admin.system_status.gc_metadata_obtained": "GC metadata obtained",
+	"admin.system_status.other_system_allocation_obtained": "Other system allocation obtained",
+	"admin.system_status.next_gc_recycle": "Next GC recycle",
+	"admin.system_status.last_gc_time": "Time since last GC",
+	"admin.system_status.total_gc_pause": "Total GC pause",
+	"admin.system_status.last_gc_pause": "Last GC pause",
+	"admin.system_status.gc_times": "GC times",
+	"admin.users.list_status_filter.menu_text": "Filter",
+	"admin.users.list_status_filter.reset": "Reset",
+	"admin.users.list_status_filter.is_active": "Active",
+	"admin.users.list_status_filter.not_active": "Inactive",
+	"admin.users.list_status_filter.is_admin": "Admin",
+	"admin.users.list_status_filter.not_admin": "Not admin",
+	"admin.users.list_status_filter.is_restricted": "Restricted",
+	"admin.users.list_status_filter.not_restricted": "Not restricted",
+	"admin.users.list_status_filter.is_prohibit_login": "Prohibit login",
+	"admin.users.list_status_filter.not_prohibit_login": "Allow login",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA enabled",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA disabled",
+	"admin.monitor.queues": "Queues",
+	"admin.monitor.queue": "Queue: %s",
+	"admin.monitor.queue.name": "Name",
+	"admin.monitor.queue.type": "Type",
+	"admin.monitor.queue.exemplar": "Exemplar Type",
+	"admin.monitor.queue.numberworkers": "Number of workers",
+	"admin.monitor.queue.activeworkers": "Active workers",
+	"admin.monitor.queue.maxnumberworkers": "Max Number of workers",
+	"admin.monitor.queue.numberinqueue": "Number in queue",
+	"admin.monitor.queue.review_add": "Review / add workers",
+	"admin.monitor.queue.settings.title": "Pool settings",
+	"admin.monitor.queue.settings.description": "Pools dynamically grow in response to their worker queue blocking.",
+	"admin.monitor.queue.settings.maxnumberworkers": "Max Number of workers",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Currently %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Max number of workers must be a number",
+	"admin.monitor.queue.settings.submit": "Update settings",
+	"admin.monitor.queue.settings.changed": "Settings updated",
+	"admin.monitor.queue.settings.remove_all_items": "Remove all",
+	"admin.monitor.queue.settings.remove_all_items.success": "All items in the queue have been removed.",
 	"moderation.report.mark_as_handled": "Mark as handled",
 	"moderation.report.mark_as_ignored": "Mark as ignored",
 	"moderation.action.account.delete": "Delete account",
@@ -259,6 +318,18 @@
 	"settings.access_token.resource_public_only_help": "Limit access to repositories and organizations that are public.",
 	"settings.access_token.resource_specific_repo_help": "Limit access to a specific list of repositories. Read-only access is permitted to all public repositories. Only permissions that allow access to repositories and issues can be enabled.",
 	"settings.access_token.admin_disabled": "Administrative permissions are disabled.",
+	"webauthn.insert_key": "Insert your security key",
+	"webauthn.sign_in": "Press the button on your security key. If your security key has no button, re-insert it.",
+	"webauthn.press_button": "Please press the button on your security key…",
+	"webauthn.use_twofa": "Use a two-factor code from your phone",
+	"webauthn.error": "Could not read your security key.",
+	"webauthn.error.unknown": "An unknown error occurred. Please retry.",
+	"webauthn.error.insecure": "WebAuthn only supports secure connections. For testing over HTTP, you can use the origin \"localhost\" or \"127.0.0.1\"",
+	"webauthn.error.unable_to_process": "The server could not process your request.",
+	"webauthn.error.duplicated": "The security key is not permitted for this request. Please make sure that the key is not already registered.",
+	"webauthn.error.empty": "You must set a name for this key.",
+	"webauthn.error.timeout": "Timeout reached before your key could be read. Please reload this page and retry.",
+	"webauthn.unsupported_browser": "Your browser does not currently support WebAuthn.",
 	"error.must_enable_2fa": "This Forgejo instance requires users to enable two-factor authentication before they can access their accounts. Enable it at: %s",
 	"avatar.constraints_hint": "Custom avatar may not exceed %[1]s in size or be larger than %[2]dx%[3]d pixels",
 	"user.activitypub_feed.feed": "Fediverse Feed",
@@ -623,6 +694,21 @@
 	"actions.secrets.creation.value_description": "The value of a secret can be any text. Special characters are retained. CRLF (Windows-style line breaks) is automatically converted to LF. Encode the value with Base64 if linebreaks should be retained.",
 	"actions.variables.mutation.name_description": "The name of a variable can only contain letters, numbers, and underscores. It cannot be named CI or start with FORGEJO_, GITEA_, GITHUB_, or a number. Forgejo will automatically convert it to uppercase.",
 	"actions.variables.mutation.value_description": "A variable's value can be any text. Special characters are retained. CRLF (Windows-style line breaks) is automatically converted to LF. Encode the value with Base64 if linebreaks should be retained.",
+	"actions.variables": "Variables",
+	"actions.variables.management": "Manage variables",
+	"actions.variables.creation": "Add variable",
+	"actions.variables.creation.failed": "Failed to add variable.",
+	"actions.variables.creation.success": "The variable \"%s\" has been added.",
+	"actions.variables.none": "There are no variables yet.",
+	"actions.variables.deletion": "Remove variable",
+	"actions.variables.deletion.description": "Removing a variable is permanent and cannot be undone. Continue?",
+	"actions.variables.deletion.failed": "Failed to remove variable.",
+	"actions.variables.deletion.success": "The variable has been removed.",
+	"actions.variables.description": "Variables will be passed to certain actions and cannot be read otherwise.",
+	"actions.variables.edit": "Edit Variable",
+	"actions.variables.not_found": "Failed to find the variable.",
+	"actions.variables.update.failed": "Failed to edit variable.",
+	"actions.variables.update.success": "The variable has been edited.",
 	"actions.secrets.edit_button": "Edit secret \"%s\"",
 	"actions.secrets.mutation.header": "Edit secret \"%s\"",
 	"actions.secrets.mutation.success_message": "The secret \"%s\" has been updated.",
@@ -659,6 +745,9 @@
 	"editor.toggle_case": "Toggle case sensitivity",
 	"editor.toggle_regex": "Toggle using regular expressions",
 	"editor.toggle_whole_word": "Toggle matching whole words",
+	"markup.filepreview.line": "Line %[1]d in %[2]s",
+	"markup.filepreview.lines": "Lines %[1]d to %[2]d in %[3]s",
+	"markup.filepreview.truncated": "Preview has been truncated",
 	"form.RunnerName": "Name",
 	"graphs.recent_commits.title": "Number of commits in the past year",
 	"graphs.code_frequency.title": "Code frequency over the history of {0}",
diff --git a/options/locale_next/locale_eo.json b/options/locale_next/locale_eo.json
index 721b708a63..2a6d16e1f5 100644
--- a/options/locale_next/locale_eo.json
+++ b/options/locale_next/locale_eo.json
@@ -1,4 +1,22 @@
 {
+	"markup.filepreview.truncated": "La superrigardo estas mallongigita",
+	"markup.filepreview.lines": "Linioj %[1]d ĝis %[2]d en %[3]s",
+	"markup.filepreview.line": "Linio %[1]d en %[2]s",
+	"actions.variables.update.success": "La variablo estas redaktita.",
+	"actions.variables.update.failed": "Ne eblas redakti la variablon.",
+	"actions.variables.creation.success": "La variablo \"%s\" estas aldonita.",
+	"webauthn.error.timeout": "Tempo elĉerpiĝis antaŭ legiĝo de via ŝlosilo. Bonvolu reenlegi la retpaĝon kaj reprovi.",
+	"webauthn.error.empty": "Vi devas agordi nomon por la ŝlosilo.",
+	"webauthn.error.duplicated": "La sekurŝlosilo ne rajtas fari tiun ĉi peton. Bonvolu certigi ke la ŝlosilo estas ne jam registrita.",
+	"webauthn.error.unable_to_process": "La servilo ne povis trakti vian peton.",
+	"webauthn.error.insecure": "La salutmaniero WebAuthn sole subtenas sekurajn konektiĝojn. Testante HTTP’e, oni uzu la retadreson «localhost» aŭ «127.0.0.1»",
+	"webauthn.error.unknown": "Eraris pro nekonata kialo. Bonvolu reprovi.",
+	"webauthn.unsupported_browser": "Via retfoliumilo ne jam subtenas la salutmanieron WebAuthn.",
+	"webauthn.error": "Ne povis legi vian sekurŝlosilon.",
+	"webauthn.use_twofa": "Uzi dumanieran salutkodon de via poŝtelefono",
+	"webauthn.press_button": "Bonvolu premi la butonon sur via sekurŝlosilo…",
+	"webauthn.sign_in": "Premu la butonon sur via sekurŝlosilo. Se mankas butono, elprenu kaj reenmetu vian sekurŝlosilon.",
+	"webauthn.insert_key": "Enmetu vian sekurŝlosilon",
 	"packages.npm.details.tag": "Etikedo",
 	"fork.n_forks": {
 		"one": "%s disbranĉigo",
diff --git a/options/locale_next/locale_es-ES.json b/options/locale_next/locale_es-ES.json
index 93003c4477..a98e2e3d66 100644
--- a/options/locale_next/locale_es-ES.json
+++ b/options/locale_next/locale_es-ES.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Todos los elementos en la cola han sido eliminados.",
+	"admin.monitor.queue.settings.remove_all_items": "Eliminar todo",
+	"admin.monitor.queue.settings.changed": "Ajustes actualizados",
+	"admin.monitor.queue.settings.submit": "Actualizar ajustes",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "El número máximo de trabajadores debe ser un número",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Actualmente %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Número máximo de trabajadores",
+	"admin.monitor.queue.settings.description": "Los grupos de trabajadores crecen dinámicamente en respuesta al bloqueo de cola de sus trabajadores.",
+	"admin.monitor.queue.settings.title": "Ajustes del grupo",
+	"admin.monitor.queue.review_add": "Revisar / Añadir trabajadores",
+	"admin.monitor.queue.numberinqueue": "Número en cola",
+	"admin.monitor.queue.maxnumberworkers": "Nº máx de trabajadores",
+	"admin.monitor.queue.activeworkers": "Trabajadores activos",
+	"admin.monitor.queue.numberworkers": "Número de trabajadores",
+	"admin.monitor.queue.exemplar": "Ejemplo",
+	"admin.monitor.queue.type": "Tipo",
+	"admin.monitor.queue.name": "Nombre",
+	"admin.monitor.queue": "Cola: %s",
+	"admin.monitor.queues": "Colas",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA deshabilitado",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA habilitado",
+	"admin.users.list_status_filter.not_prohibit_login": "Permitir el inicio de sesión",
+	"admin.users.list_status_filter.is_prohibit_login": "Prohibido el inicio de sesión",
+	"admin.users.list_status_filter.not_restricted": "No restringido",
+	"admin.users.list_status_filter.is_restricted": "Restringido",
+	"admin.users.list_status_filter.not_admin": "No admin",
+	"admin.users.list_status_filter.is_admin": "Administrador",
+	"admin.users.list_status_filter.not_active": "Inactivo",
+	"admin.users.list_status_filter.is_active": "Activo",
+	"admin.users.list_status_filter.reset": "Reiniciar",
+	"admin.users.list_status_filter.menu_text": "Filtro",
+	"admin.system_status.gc_times": "Ejecuciones del recolector de basura",
+	"admin.system_status.last_gc_pause": "Última pausa por el recolector de basura",
+	"admin.system_status.total_gc_pause": "Pausa total por el recolector de basura",
+	"admin.system_status.last_gc_time": "Tiempo desde la última recolección de basura",
+	"admin.system_status.next_gc_recycle": "Siguiente reciclaje del recolector de basura",
+	"admin.system_status.other_system_allocation_obtained": "Otros recursos asignados del sistema",
+	"admin.system_status.gc_metadata_obtained": "Metadatos obtenidos del recolector de basura",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Profiling bucket hash table obtenido",
+	"admin.system_status.mcache_structures_obtained": "Estructuras MCache obtenidas",
+	"admin.system_status.mcache_structures_usage": "Uso de estructuras MCache",
+	"admin.system_status.mspan_structures_obtained": "Estructuras MSpan obtenidas",
+	"admin.system_status.mspan_structures_usage": "Uso de estructuras MSpan",
+	"admin.system_status.stack_memory_obtained": "Memoria de pila obtenida",
+	"admin.system_status.bootstrap_stack_usage": "Uso de la pila de Bootstrap",
+	"admin.system_status.heap_objects": "Objetos en el Heap",
+	"admin.system_status.heap_memory_released": "Memoria de Heap liberada",
+	"admin.system_status.heap_memory_in_use": "Memoria de Heap en uso",
+	"admin.system_status.heap_memory_idle": "Memoria de Heap inactiva",
+	"admin.system_status.heap_memory_obtained": "Memoria de Heap obtenida",
+	"admin.system_status.current_heap_usage": "Uso actual de Heap",
+	"admin.system_status.memory_free_times": "Liberaciones de memoria",
+	"admin.system_status.memory_allocate_times": "Asignaciones de memoria",
+	"admin.system_status.pointer_lookup_times": "Tiempos de búsqueda de punteros",
+	"admin.system_status.memory_obtained": "Memoria obtenida",
+	"admin.system_status.total_memory_allocated": "Total de Memoria Reservada",
+	"admin.system_status.current_memory_usage": "Uso actual de memoria",
+	"admin.system_status.current_goroutine": "Gorutinas actuales",
+	"admin.system_status.server_uptime": "Tiempo de actividad del servidor",
+	"markup.filepreview.truncated": "La vista previa se ha truncado",
+	"markup.filepreview.lines": "Líneas %[1]d a %[2]d en %[3]s",
+	"markup.filepreview.line": "Línea %[1]d en %[2]s",
+	"actions.variables.update.success": "La variable ha sido editada.",
+	"actions.variables.update.failed": "Error al editar la variable.",
+	"actions.variables.creation.success": "La variable \"%s\" ha sido añadida.",
+	"actions.variables.creation.failed": "No se pudo agregar la variable.",
+	"actions.variables.deletion.success": "La variable ha sido eliminada.",
+	"actions.variables.deletion.failed": "No se pudo eliminar la variable.",
+	"actions.variables.not_found": "No se ha encontrado la variable.",
+	"actions.variables.edit": "Editar variable",
+	"actions.variables.description": "Las variables se pasarán a ciertas acciones y no se podrán leer de otro modo.",
+	"actions.variables.deletion.description": "Eliminar una variable es permanente y no se puede deshacer. ¿Continuar?",
+	"actions.variables.deletion": "Eliminar variable",
+	"actions.variables.none": "Aún no hay variables.",
+	"actions.variables.creation": "Añadir variable",
+	"actions.variables.management": "Gestión de variables",
+	"actions.variables": "Variables",
+	"webauthn.error.timeout": "Tiempo de espera máximo alcanzado antes de que su clave pudiese ser leída. Por favor, cargue la página y vuelva a intentarlo.",
+	"webauthn.error.empty": "Debe establecer un nombre para esta clave.",
+	"webauthn.error.duplicated": "La clave de seguridad no está permitida para esta solicitud. Por favor, asegúrese de que la clave no está ya registrada.",
+	"webauthn.error.unable_to_process": "El servidor no pudo procesar su solicitud.",
+	"webauthn.error.insecure": "WebAuthn sólo soporta conexiones seguras. Para probar sobre HTTP, puede utilizar el origen \"localhost\" o \"127.0.0.1\"",
+	"webauthn.error.unknown": "Ha ocurrido un error desconocido. Por favor, inténtelo de nuevo.",
+	"webauthn.unsupported_browser": "Actualmente su navegador no soporta WebAuthn.",
+	"webauthn.error": "No se pudo leer su llave de seguridad.",
+	"webauthn.use_twofa": "Utilice un código de doble factor desde su teléfono móvil",
+	"webauthn.press_button": "Por favor, presione el botón en su clave de seguridad…",
+	"webauthn.sign_in": "Presione el botón en su clave de seguridad. Si su clave de seguridad no tiene ningún botón, vuelva a insertarla.",
+	"webauthn.insert_key": "Introduzca su clave de seguridad",
 	"counters.n_commits": {
 		"one": "%s commit",
 		"many": "%s commits",
diff --git a/options/locale_next/locale_et.json b/options/locale_next/locale_et.json
index bf84f24ef4..c3246e4185 100644
--- a/options/locale_next/locale_et.json
+++ b/options/locale_next/locale_et.json
@@ -1,4 +1,21 @@
 {
+	"actions.variables.deletion": "Eemalda muutuja",
+	"actions.variables.none": "Muutujaid veel pole.",
+	"actions.variables.creation": "Lisa muutuja",
+	"actions.variables.management": "Halda muutujaid",
+	"actions.variables": "Muutujad",
+	"webauthn.error.timeout": "Päring aegus enne võtme lugemist. Palun laadi see lehekülg uuesti ja proovi uuesti.",
+	"webauthn.error.empty": "Palun lisa sellele võtmele täisnimi.",
+	"webauthn.error.duplicated": "Turvavõti ei ole selle päringu puhul lubatud. Palun veendu, et võti ei ole juba registreeritud.",
+	"webauthn.error.unable_to_process": "Server ei saanud sinu päringut töödelda.",
+	"webauthn.error.insecure": "WebAuthn toetab ainult turvalisi ühendusi. HTTP kaudu testimiseks võid kasutada lähteaadressina „localhost“ või „127.0.0.1“",
+	"webauthn.error.unknown": "Tekkis tundmatu viga. Palun proovi uuesti.",
+	"webauthn.unsupported_browser": "Sinu veebibrauser ei toeta praegu WebAuthn-liidestust.",
+	"webauthn.error": "Sinu turvavõtit ei saanud lugeda.",
+	"webauthn.use_twofa": "Sisesta oma telefonist kahefaktorilise autentimise kood",
+	"webauthn.press_button": "Palun vajuta turvavõtme nuppu…",
+	"webauthn.sign_in": "Vajuta turvavõtme nuppu. Kui sinu turvavõtmel ei ole nuppu, sisesta see uuesti.",
+	"webauthn.insert_key": "Sisesta oma turvavõti",
 	"counters.n_branches": {
 		"one": "%s alamharu",
 		"other": "%s alamharu"
diff --git a/options/locale_next/locale_eu.json b/options/locale_next/locale_eu.json
index e1940e1e14..463859b1a4 100644
--- a/options/locale_next/locale_eu.json
+++ b/options/locale_next/locale_eu.json
@@ -1,3 +1,15 @@
 {
+	"webauthn.error.timeout": "Zure gakoa irakurri aurretik denbora-muga gainditu da. Kargatu berriro orrialde hau eta saiatu berriro.",
+	"webauthn.error.empty": "Gako honetarako izen bat jarri behar duzu.",
+	"webauthn.error.duplicated": "Segurtasun-gakorik ez da onartzen eskaera honetarako. Mesedez, ziurtatu giltza ea dagoela erregistratuta.",
+	"webauthn.error.unable_to_process": "Zerbitzariak ezin izan du zure eskaera prozesatu.",
+	"webauthn.error.insecure": "WebAuthnek konexio seguruak baino ez ditu onartzen. HTTP bidez probatzeko, \"localhost\" edo \"127.0.0.1\" jatorria erabil daiteke",
+	"webauthn.error.unknown": "Akats ezezagun bat gertatu da. Mesedez, saiatu berriro.",
+	"webauthn.unsupported_browser": "Zure nabigatzaileak ez du WebAuthn onartzen.",
+	"webauthn.error": "Ezin izan da irakurri zure segurtasun-gakoa.",
+	"webauthn.use_twofa": "Erabili zure telefonoko bi faktoreko kodea",
+	"webauthn.press_button": "Mesedez, sakatu botoia zure segurtasun-gakoan…",
+	"webauthn.sign_in": "Sakatu botoia zure segurtasun-gakoan. Zure segurtasun-gakoak ez badu botoirik, sartu berriro.",
+	"webauthn.insert_key": "Sartu zure segurtasun-gakoa",
 	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_fa-IR.json b/options/locale_next/locale_fa-IR.json
index 75190f2fbf..91c2e5f3bd 100644
--- a/options/locale_next/locale_fa-IR.json
+++ b/options/locale_next/locale_fa-IR.json
@@ -1,4 +1,79 @@
 {
+	"admin.monitor.queue.settings.changed": "تنظیمات تازه شد",
+	"admin.monitor.queue.settings.submit": "بالا بردن ساماندهی",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "حداکثر تعداد کارگران باید یک عدد باشد",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "در حال حاضر %[1]v",
+	"admin.monitor.queue.settings.maxnumberworkers": "بیشینه تعداد کارگران",
+	"admin.monitor.queue.settings.title": "تنظیمات استخر",
+	"admin.monitor.queue.maxnumberworkers": "بیشینه تعداد کارگران",
+	"admin.monitor.queue.numberworkers": "تعداد کارگران",
+	"admin.monitor.queue.exemplar": "نوع نمونه",
+	"admin.monitor.queue.type": "نوع",
+	"admin.monitor.queue.name": "نام",
+	"admin.monitor.queue": "صف: %s",
+	"admin.monitor.queues": "صف ها",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA غیرفعال است",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA فعال است",
+	"admin.users.list_status_filter.not_prohibit_login": "اجازه ورود",
+	"admin.users.list_status_filter.is_prohibit_login": "ورود را ممنوع شود",
+	"admin.users.list_status_filter.not_restricted": "محدود نشده است",
+	"admin.users.list_status_filter.is_restricted": "محصور",
+	"admin.users.list_status_filter.not_admin": "غیرادمین",
+	"admin.users.list_status_filter.is_admin": "ادمین",
+	"admin.users.list_status_filter.not_active": "غیرفعال",
+	"admin.users.list_status_filter.is_active": "فعال",
+	"admin.users.list_status_filter.reset": "شروع دوباره",
+	"admin.users.list_status_filter.menu_text": "فیلتر",
+	"admin.system_status.gc_times": "زمان های GC",
+	"admin.system_status.last_gc_pause": "واپسین مکث در GC",
+	"admin.system_status.total_gc_pause": "کل زمان مکث GC",
+	"admin.system_status.last_gc_time": "زمان از آخرین GC",
+	"admin.system_status.next_gc_recycle": "بازیافت GC بعدی",
+	"admin.system_status.other_system_allocation_obtained": "تخصیص های حافظه در سایر قسمت های سیستم",
+	"admin.system_status.gc_metadata_obtained": "متادیتاهای بدست امده از GC",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Profiling Bucket Hash Table به دست آمده",
+	"admin.system_status.mcache_structures_obtained": "ساختار های MCache به دست آمده",
+	"admin.system_status.mcache_structures_usage": "میزان استفاده از ساختار های MCache",
+	"admin.system_status.mspan_structures_obtained": "ساختار های MSpan به دست آمده",
+	"admin.system_status.mspan_structures_usage": "میزان استفاده‌ی ساختار های MSpan",
+	"admin.system_status.stack_memory_obtained": "حافظه پشته به دست آمده",
+	"admin.system_status.bootstrap_stack_usage": "میزان استفاده از پشته توسط راهنداز",
+	"admin.system_status.heap_objects": "شی توده یا Heap",
+	"admin.system_status.heap_memory_released": "حافظه توده آزاد شد",
+	"admin.system_status.heap_memory_in_use": "حافظه توده در حال استفاده",
+	"admin.system_status.heap_memory_idle": "بیکار بوده حافظه توده",
+	"admin.system_status.heap_memory_obtained": "حافظه به دست آمده برای توده",
+	"admin.system_status.current_heap_usage": "میزان مصرف توده فعلی",
+	"admin.system_status.memory_free_times": "آزادسازی حافظه",
+	"admin.system_status.memory_allocate_times": "تخصیص یافتن حافظه",
+	"admin.system_status.pointer_lookup_times": "اشاره‌گر زمان‌های جستجو",
+	"admin.system_status.memory_obtained": "حافظه به دست آمده",
+	"admin.system_status.total_memory_allocated": "کل حافظه اختصاص داده شده",
+	"admin.system_status.current_memory_usage": "میزان مصرف فعلی از حافظه",
+	"admin.system_status.current_goroutine": "Goroutine های فعلی",
+	"admin.system_status.server_uptime": "فعالیت بی‌وقفه سرور",
+	"actions.variables.update.success": "تغییر متغیر با موفقیت انجام شد.",
+	"actions.variables.update.failed": "عدم موفقیت در تغییر متغیر",
+	"actions.variables.creation.success": "متغیر \"%s\" ایجاد شد.",
+	"actions.variables.deletion.success": "متغیر حذف شد.",
+	"actions.variables.edit": "تغییر متغیر",
+	"actions.variables.deletion": "حذف متغیر",
+	"actions.variables.none": "هیچ متغیری هنوز وجود ندارد.",
+	"actions.variables.creation": "افزودن متغیر",
+	"actions.variables.management": "مدیریت متغیرها",
+	"actions.variables": "متغیرها",
+	"webauthn.error.timeout": "مهلت زمانی قبل از اینکه کلید شما خوانده شود تمام شد. لطفاً این صفحه را تازه‌سازی کرده و مجدد تلاش کنید.",
+	"webauthn.error.empty": "شما باید یک نام برای این کلید انتخاب کنید.",
+	"webauthn.error.duplicated": "کلید امنیتی برای این درخواست مجاز نیست. لطفاً مطمئن شوید که این کلید در حال حاضر ثبت نشده است.",
+	"webauthn.error.unable_to_process": "کارساز نتوانست درخواست شما را پردازش کند.",
+	"webauthn.error.insecure": "احرازوب فقط از روش‌های ایمن ممکن است. برای آزمودن بر روی اچ‌تی‌تی‌پی می‌توانید از «میزبان‌محلی» یا «۱۲۷.۰.۰.۱» استفاده کنید.",
+	"webauthn.error.unknown": "خطایی ناشناخته رخ داد. لطفاً دوباره سعی کنید.",
+	"webauthn.unsupported_browser": "مرورگر شما در حال حاضر از WebAuthn پشتیبانی نمی‌کند.",
+	"webauthn.error": "کلید امنیتی شما نتوانست خوانده شود.",
+	"webauthn.use_twofa": "از یک کد دومرحله‌ای از تلفنتان استفاده کنید",
+	"webauthn.press_button": "لطفاً دکمۀ روی کلید امنیتی را فشار دهید…",
+	"webauthn.sign_in": "دکمۀ روی کلید امنیتی را فشار دهید. اگر کلید امنیتی شما دکمه‌ای ندارد، آن را دوباره وارد کنید.",
+	"webauthn.insert_key": "کلید امنیتی خود را وارد کنید",
 	"actions.runners.name": "نام",
 	"actions.runners.owner_type": "نوع",
 	"actions.runners.description": "شرح",
diff --git a/options/locale_next/locale_fi-FI.json b/options/locale_next/locale_fi-FI.json
index 7993d9ae12..11de17d613 100644
--- a/options/locale_next/locale_fi-FI.json
+++ b/options/locale_next/locale_fi-FI.json
@@ -1,4 +1,80 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Kaikki jonossa olleet tietueet on poistettu.",
+	"admin.monitor.queue.settings.remove_all_items": "Poista kaikki",
+	"admin.monitor.queue.settings.changed": "Asetukset päivitetty",
+	"admin.monitor.queue.settings.submit": "Päivitä asetukset",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Tällä hetkellä %[1]d",
+	"admin.monitor.queue.type": "Tyyppi",
+	"admin.monitor.queue.name": "Nimi",
+	"admin.monitor.queue": "Jono: %s",
+	"admin.monitor.queues": "Jonot",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA ei käytössä",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA käytössä",
+	"admin.users.list_status_filter.not_prohibit_login": "Kirjautuminen sallittu",
+	"admin.users.list_status_filter.is_prohibit_login": "Kirjautuminen estetty",
+	"admin.users.list_status_filter.not_restricted": "Ei rajoitettu",
+	"admin.users.list_status_filter.is_restricted": "Rajoitettu",
+	"admin.users.list_status_filter.not_admin": "Ei ylläpitäjä",
+	"admin.users.list_status_filter.is_admin": "Ylläpitäjä",
+	"admin.users.list_status_filter.not_active": "Ei-aktiivinen",
+	"admin.users.list_status_filter.is_active": "Aktiivinen",
+	"admin.users.list_status_filter.reset": "Tyhjennä",
+	"admin.users.list_status_filter.menu_text": "Suodata",
+	"admin.system_status.gc_times": "Roskienkeruuajat",
+	"admin.system_status.last_gc_pause": "Viimeinen roskienkeruutauko",
+	"admin.system_status.total_gc_pause": "Yhteensä roskienkeruutauko",
+	"admin.system_status.last_gc_time": "Aika edellisestä roskienkeruusta",
+	"admin.system_status.next_gc_recycle": "Seuraava roskienkeruukierrätys",
+	"admin.system_status.other_system_allocation_obtained": "Muu järjestestelmän varaus saatu",
+	"admin.system_status.gc_metadata_obtained": "Roskienkeruumetatiedot saatu",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Profilointiämpäritiivistetaulukko saatu",
+	"admin.system_status.mcache_structures_obtained": "MCache-rakenteet saatu",
+	"admin.system_status.mcache_structures_usage": "MCache-rakenteiden käyttö",
+	"admin.system_status.mspan_structures_obtained": "MSpan-rakenteet saatu",
+	"admin.system_status.mspan_structures_usage": "MSpan-rakenteiden käyttö",
+	"admin.system_status.stack_memory_obtained": "Pinonmuisti saatu",
+	"admin.system_status.bootstrap_stack_usage": "Bootstrap-pinon käyttö",
+	"admin.system_status.heap_objects": "Heap-objektit",
+	"admin.system_status.heap_memory_released": "Heap-muisti vapautettu",
+	"admin.system_status.heap_memory_in_use": "Heap-muisti käytössä",
+	"admin.system_status.heap_memory_idle": "Heap-muisti tyhjäkäynnillä",
+	"admin.system_status.heap_memory_obtained": "Heap-muisti saatu",
+	"admin.system_status.current_heap_usage": "Nykyinen heapin käyttö",
+	"admin.system_status.memory_allocate_times": "Muistiallokaatiot",
+	"admin.system_status.pointer_lookup_times": "Osoittimen hakuajat",
+	"admin.system_status.memory_obtained": "Muistia saatu",
+	"admin.system_status.total_memory_allocated": "Yhteensä muistia varattu",
+	"admin.system_status.current_memory_usage": "Nykyinen muistinkäyttö",
+	"admin.system_status.current_goroutine": "Nykyiset goroutinet",
+	"admin.system_status.server_uptime": "Palvelimen uptime",
+	"markup.filepreview.truncated": "Esikatselu on typistetty",
+	"actions.variables.update.success": "Muuttuja muokattu.",
+	"actions.variables.update.failed": "Muuttujan muokkaus epäonnistui.",
+	"actions.variables.creation.success": "Muuttuja \"%s\" lisätty.",
+	"actions.variables.creation.failed": "Muuttujan lisäys epäonnistui.",
+	"actions.variables.deletion.success": "Muuttuja poistettu.",
+	"actions.variables.deletion.failed": "Muuttujan poisto epäonnistui.",
+	"actions.variables.not_found": "Muuttujaa ei löytynyt.",
+	"actions.variables.edit": "Muokkaa muuttujaa",
+	"actions.variables.description": "Muuttujat asetetaan tietyille toiminnoille eikä niitä voida lukea muutoin.",
+	"actions.variables.deletion.description": "Muuttujan poistaminen on lopullista, eikä sitä voi perua. Jatketaanko?",
+	"actions.variables.deletion": "Poista muuttuja",
+	"actions.variables.none": "Ei muuttujia vielä.",
+	"actions.variables.creation": "Lisää muuttuja",
+	"actions.variables.management": "Hallitse muuttujia",
+	"actions.variables": "Muuttujat",
+	"webauthn.error.timeout": "Aikakatkaisu ennen kuin avaintasi voitiin lukea. Lataa tämä sivu uudelleen ja yritä uudelleen.",
+	"webauthn.error.empty": "Sinun täytyy asettaa nimi tälle avaimelle.",
+	"webauthn.error.duplicated": "Turva-avainta ei ole sallittu tässä pyynnössä. Varmista, ettei avainta ole jo rekisteröity.",
+	"webauthn.error.unable_to_process": "Palvelin ei pystynyt käsittelemään pyyntöä.",
+	"webauthn.error.insecure": "WebAuthn tukee vain turvallisia yhteyksiä. Testaamista varten HTTP-välityksellä voit käyttää alkuperää \"localhost\" tai \"127.0.0.1\"",
+	"webauthn.error.unknown": "Tuntematon virhe. Yritä uudelleen.",
+	"webauthn.unsupported_browser": "Selaimesi ei tällä hetkellä tue WebAuthnia.",
+	"webauthn.error": "Turva-avainta ei voitu lukea.",
+	"webauthn.use_twofa": "Käytä kaksivaihesta todennusta puhelimestasi",
+	"webauthn.press_button": "Paina turva-avaimesi painiketta…",
+	"webauthn.sign_in": "Paina turva-avaimesi painiketta. Jos turva-avaimessasi ei ole painiketta, irrota se ja aseta uudelleen.",
+	"webauthn.insert_key": "Aseta turva-avaimesi",
 	"counters.n_commits": {
 		"one": "%s kommitti",
 		"other": "%s kommittia"
diff --git a/options/locale_next/locale_fil.json b/options/locale_next/locale_fil.json
index 5afeb6ae3b..0b3a418f44 100644
--- a/options/locale_next/locale_fil.json
+++ b/options/locale_next/locale_fil.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Tinanggal na ang lahat ng mga item sa queue.",
+	"admin.monitor.queue.settings.remove_all_items": "Tanggalin lahat",
+	"admin.monitor.queue.settings.changed": "Na-update ang mga setting",
+	"admin.monitor.queue.settings.submit": "I-update ang mga setting",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Dapat numero ang pinakamaraming numero ng mga worker",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Kasalukuyang %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Pinakamaraming numero ng worker",
+	"admin.monitor.queue.settings.description": "Dinamikang lumalaki ang mga pool tugon sa kanilang worker queue blocking.",
+	"admin.monitor.queue.settings.title": "Mga setting ng pool",
+	"admin.monitor.queue.review_add": "Suriin / magdagdag ng mga worker",
+	"admin.monitor.queue.numberinqueue": "Number sa queue",
+	"admin.monitor.queue.maxnumberworkers": "Pinakamaraming numero ng worker",
+	"admin.monitor.queue.activeworkers": "Mga aktibong worker",
+	"admin.monitor.queue.numberworkers": "Numero ng mga worker",
+	"admin.monitor.queue.exemplar": "Uri ng Exemplar",
+	"admin.monitor.queue.type": "Uri",
+	"admin.monitor.queue.name": "Pangalan",
+	"admin.monitor.queue": "Queue: %s",
+	"admin.monitor.queues": "Mga queue",
+	"admin.users.list_status_filter.not_2fa_enabled": "Naka-disable ang 2FA",
+	"admin.users.list_status_filter.is_2fa_enabled": "Naka-enable ang 2FA",
+	"admin.users.list_status_filter.not_prohibit_login": "Pinapayagan ang pag-login",
+	"admin.users.list_status_filter.is_prohibit_login": "Pinagbawalan ang pag-login",
+	"admin.users.list_status_filter.not_restricted": "Hindi pinaghihigpitan",
+	"admin.users.list_status_filter.is_restricted": "Pinaghihigpitan",
+	"admin.users.list_status_filter.not_admin": "Hindi tagapangasiwa",
+	"admin.users.list_status_filter.is_admin": "Tagapangasiwa",
+	"admin.users.list_status_filter.not_active": "Hindi aktibo",
+	"admin.users.list_status_filter.is_active": "Aktibo",
+	"admin.users.list_status_filter.reset": "I-reset",
+	"admin.users.list_status_filter.menu_text": "Isaasyos",
+	"admin.system_status.gc_times": "Mga oras ng GC",
+	"admin.system_status.last_gc_pause": "Huling GC pause",
+	"admin.system_status.total_gc_pause": "Kabuuang GC pause",
+	"admin.system_status.last_gc_time": "Oras noong huling GC",
+	"admin.system_status.next_gc_recycle": "Susunod na GC recycle",
+	"admin.system_status.other_system_allocation_obtained": "Ibang allocation ng sistema na nakuha",
+	"admin.system_status.gc_metadata_obtained": "Nakuhang GC metadata",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Mga nakuhang profiling bucket hash table",
+	"admin.system_status.mcache_structures_obtained": "Mga nakuhang MCache structure",
+	"admin.system_status.mcache_structures_usage": "Paggamit ng MCache structure",
+	"admin.system_status.mspan_structures_obtained": "Mga nakuhang MSpan structure",
+	"admin.system_status.mspan_structures_usage": "Paggamit ng MSpan structure",
+	"admin.system_status.stack_memory_obtained": "Nakuhang stack memory",
+	"admin.system_status.bootstrap_stack_usage": "Paggamit ng bootstrap stack",
+	"admin.system_status.heap_objects": "Mga heap object",
+	"admin.system_status.heap_memory_released": "Mga na-release na heap memory",
+	"admin.system_status.heap_memory_in_use": "Ginagamit na heap memory",
+	"admin.system_status.heap_memory_idle": "Idle ng heap memory",
+	"admin.system_status.heap_memory_obtained": "Nakuhang heap memory",
+	"admin.system_status.current_heap_usage": "Kasalukuyang paggamit ng heap",
+	"admin.system_status.memory_free_times": "Mga memory free",
+	"admin.system_status.memory_allocate_times": "Mga allocation ng memory",
+	"admin.system_status.pointer_lookup_times": "Oras ng pointer lookup",
+	"admin.system_status.memory_obtained": "Mga nakuhang memory",
+	"admin.system_status.total_memory_allocated": "Kabuuan na na-allocate na memory",
+	"admin.system_status.current_memory_usage": "Kasalukuyang paggamit ng memory",
+	"admin.system_status.current_goroutine": "Mga kasalukuyang goroutine",
+	"admin.system_status.server_uptime": "Uptime ng server",
+	"markup.filepreview.truncated": "Na-truncate ang preview",
+	"markup.filepreview.lines": "Mga linya %[1]d hanggang %[2]d sa %[3]s",
+	"markup.filepreview.line": "Linya %[1]d sa %[2]s",
+	"actions.variables.update.success": "Nabago na ang variable.",
+	"actions.variables.update.failed": "Nabigong baguhin ang variable.",
+	"actions.variables.creation.success": "Nadagdag na ang variable na \"%s\".",
+	"actions.variables.creation.failed": "Nabigong idagdag ang variable.",
+	"actions.variables.deletion.success": "Tinanggal na ang variable.",
+	"actions.variables.deletion.failed": "Nabigong tanggalin ang variable.",
+	"actions.variables.not_found": "Nabigong hanapin ang variable.",
+	"actions.variables.edit": "Baguhin ang Variable",
+	"actions.variables.description": "Ipapasa ang mga variable sa ilang mga aksyon at hindi mababasa kung hindi man.",
+	"actions.variables.deletion.description": "Permanente ang pagtanggal ng isang variable at hindi ito mababalik. Magpatuloy?",
+	"actions.variables.deletion": "Tanggalin ang variable",
+	"actions.variables.none": "Wala pang mga variable sa ngayon.",
+	"actions.variables.creation": "Magdagdag ng variable",
+	"actions.variables.management": "Ipamahala ang mga variable",
+	"actions.variables": "Mga variable",
+	"webauthn.error.timeout": "Naabot ang timeout bago mabasa ang iyong key. Mangyaring i-reload ang page na ito at subukan muli.",
+	"webauthn.error.empty": "Kailangan mong maglapat ng pangalan para sa key na ito.",
+	"webauthn.error.duplicated": "Hindi pinapayagan ang security key na ito para sa hiling na ito. Mangyaring siguraduhin na ang key na ito ay hindi ito nakarehistro na.",
+	"webauthn.error.unable_to_process": "Hindi maproseso ng server ang iyong hiling.",
+	"webauthn.error.insecure": "Sinusuportahan lamang ng WebAuthn ang mga secure na koneksyon. Para sa pagsubok sa HTTP, pwede mo gamitin ang origin na \"localhost\" o \"127.0.0.1\"",
+	"webauthn.error.unknown": "May nangyaring hindi alam na error. Magyaring subukan muli.",
+	"webauthn.unsupported_browser": "Kasalukuyang hindi sinusuportahan ng iyong browser ang WebAuthn.",
+	"webauthn.error": "Hindi mabasa ang iyong security key.",
+	"webauthn.use_twofa": "Gumamit ng two-factor code galing sa iyong telepono",
+	"webauthn.press_button": "Pindutin ang button ng iyong security key…",
+	"webauthn.sign_in": "Pindutin ang button ng iyong security key. Kung walang button ang iyong security key, ilagay muli.",
+	"webauthn.insert_key": "Ilagay ang iyong security key",
 	"counters.n_commits": {
 		"one": "%s commit",
 		"other": "%s mga commit"
diff --git a/options/locale_next/locale_fr-FR.json b/options/locale_next/locale_fr-FR.json
index d5da596307..68d76f83f3 100644
--- a/options/locale_next/locale_fr-FR.json
+++ b/options/locale_next/locale_fr-FR.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Tous les éléments de la file d'attente ont été effacés.",
+	"admin.monitor.queue.settings.remove_all_items": "Tout effacer",
+	"admin.monitor.queue.settings.changed": "Paramètres mis à jour",
+	"admin.monitor.queue.settings.submit": "Appliquer les paramètres",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Le nombre de processus doit être un nombre",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Actuellement %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Nombre maximale de processus",
+	"admin.monitor.queue.settings.description": "Les bassins croissent proportionnellement au besoin de leurs exécuteurs.",
+	"admin.monitor.queue.settings.title": "Paramètres du réservoir",
+	"admin.monitor.queue.review_add": "Examiner / ajouter des processus",
+	"admin.monitor.queue.numberinqueue": "Position dans la queue",
+	"admin.monitor.queue.maxnumberworkers": "Nombre maximal de processus",
+	"admin.monitor.queue.activeworkers": "Processus actifs",
+	"admin.monitor.queue.numberworkers": "Nombre de processus",
+	"admin.monitor.queue.exemplar": "Type d'exemple",
+	"admin.monitor.queue.type": "Type",
+	"admin.monitor.queue.name": "Nom",
+	"admin.monitor.queue": "File d'attente : %s",
+	"admin.monitor.queues": "Files d'attente",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA désactivé",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA Activé",
+	"admin.users.list_status_filter.not_prohibit_login": "Autorisé à se connecter",
+	"admin.users.list_status_filter.is_prohibit_login": "Interdit de connexion",
+	"admin.users.list_status_filter.not_restricted": "Non restreint",
+	"admin.users.list_status_filter.is_restricted": "Restreint",
+	"admin.users.list_status_filter.not_admin": "Non administrateur",
+	"admin.users.list_status_filter.is_admin": "Administrateur",
+	"admin.users.list_status_filter.not_active": "Inactif",
+	"admin.users.list_status_filter.is_active": "Actif",
+	"admin.users.list_status_filter.reset": "Réinitialiser",
+	"admin.users.list_status_filter.menu_text": "Filtrer",
+	"admin.system_status.gc_times": "Nombres de GC",
+	"admin.system_status.last_gc_pause": "Dernière pause GC",
+	"admin.system_status.total_gc_pause": "Pause totale GC",
+	"admin.system_status.last_gc_time": "Temps depuis le dernier GC",
+	"admin.system_status.next_gc_recycle": "Prochain recyclage GC",
+	"admin.system_status.other_system_allocation_obtained": "Autres allocation système obtenue",
+	"admin.system_status.gc_metadata_obtained": "Métadonnées GC obtenues",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Profilage de seau de table de hashage obtenu",
+	"admin.system_status.mcache_structures_obtained": "Structures MCache obtenues",
+	"admin.system_status.mcache_structures_usage": "Utilisation des structures MCache",
+	"admin.system_status.mspan_structures_obtained": "Structures MSpan obtenues",
+	"admin.system_status.mspan_structures_usage": "Utilisation des structures MSpan",
+	"admin.system_status.stack_memory_obtained": "Mémoire pile obtenue",
+	"admin.system_status.bootstrap_stack_usage": "Utilisation pile bootstrap",
+	"admin.system_status.heap_objects": "Objets tas (Heap)",
+	"admin.system_status.heap_memory_released": "Mémoire tas (Heap) libérée",
+	"admin.system_status.heap_memory_in_use": "Utilisation mémoire tas (Heap)",
+	"admin.system_status.heap_memory_idle": "Mémoire tas (Heap) au repos",
+	"admin.system_status.heap_memory_obtained": "Mémoire tas (Heap) obtenue",
+	"admin.system_status.current_heap_usage": "Utilisation Tas (Heap)",
+	"admin.system_status.memory_free_times": "Nombre de libérations de mémoire",
+	"admin.system_status.memory_allocate_times": "Allocations de mémoire",
+	"admin.system_status.pointer_lookup_times": "Nombre de Consultations Pointeur",
+	"admin.system_status.memory_obtained": "Mémoire obtenue",
+	"admin.system_status.total_memory_allocated": "Mémoire totale allouée",
+	"admin.system_status.current_memory_usage": "Utilisation Mémoire actuelle",
+	"admin.system_status.current_goroutine": "Goroutines actuelles",
+	"admin.system_status.server_uptime": "Uptime du serveur",
+	"markup.filepreview.truncated": "L'aperçu a été tronqué",
+	"markup.filepreview.lines": "Lignes %[1]d jusqu'à %[2]d dans %[3]s",
+	"markup.filepreview.line": "Ligne %[1]d dans %[2]s",
+	"actions.variables.update.success": "La variable a bien été modifiée.",
+	"actions.variables.update.failed": "Impossible d’éditer la variable.",
+	"actions.variables.creation.success": "La variable « %s » a été ajoutée.",
+	"actions.variables.creation.failed": "Impossible d'ajouter la variable.",
+	"actions.variables.deletion.success": "La variable a bien été retirée.",
+	"actions.variables.deletion.failed": "Impossible de retirer la variable.",
+	"actions.variables.not_found": "La variable n'a pas été trouvée.",
+	"actions.variables.edit": "Modifier la variable",
+	"actions.variables.description": "Les variables sont passées aux actions et ne peuvent être lues autrement.",
+	"actions.variables.deletion.description": "La suppression d’une variable est permanente et ne peut être défaite. Continuer ?",
+	"actions.variables.deletion": "Retirer la variable",
+	"actions.variables.none": "Il n'y a pas encore de variables.",
+	"actions.variables.creation": "Ajouter une variable",
+	"actions.variables.management": "Gestion des variables",
+	"actions.variables": "Variables",
+	"webauthn.error.timeout": "Le délai d'attente imparti a été atteint avant que votre clé ne puisse être lue. Veuillez recharger la page pour réessayer.",
+	"webauthn.error.empty": "Vous devez définir un nom pour cette clé.",
+	"webauthn.error.duplicated": "La clé de sécurité n'est pas autorisée pour cette demande. Veuillez vous assurer que la clé n'est pas déjà enregistrée.",
+	"webauthn.error.unable_to_process": "Le serveur n'a pas pu traiter votre demande.",
+	"webauthn.error.insecure": "`WebAuthn ne prend en charge que les connexions sécurisées. Pour les tests via HTTP, vous pouvez utiliser l'origine \"localhost\" ou \"127.0.0.1\"`",
+	"webauthn.error.unknown": "Une erreur indéterminée s'est produite. Veuillez réessayer.",
+	"webauthn.unsupported_browser": "Votre navigateur ne prend actuellement pas en charge WebAuthn.",
+	"webauthn.error": "Impossible de lire votre clé de sécurité.",
+	"webauthn.use_twofa": "Utilisez l'authentification à deux facteurs avec votre téléphone",
+	"webauthn.press_button": "Veuillez appuyer sur le bouton de votre clé de sécurité…",
+	"webauthn.sign_in": "Appuyez sur le bouton de votre clé de sécurité. Si votre clé de sécurité n'a pas de bouton, réinsérez-la.",
+	"webauthn.insert_key": "Insérez votre clé de sécurité",
 	"counters.n_commits": {
 		"one": "%s commit",
 		"many": "%s commits",
diff --git a/options/locale_next/locale_ga.json b/options/locale_next/locale_ga.json
index 0a011e349b..0ef3186852 100644
--- a/options/locale_next/locale_ga.json
+++ b/options/locale_next/locale_ga.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Baineadh na míreanna go léir sa scuaine.",
+	"admin.monitor.queue.settings.remove_all_items": "Bain gach",
+	"admin.monitor.queue.settings.changed": "Socruithe Nuashonraithe",
+	"admin.monitor.queue.settings.submit": "Nuashonrú Socruithe",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Caithfidh uaslíon na n-oibrithe a bheith ina uimhir",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Faoi láthair %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Uaslíon na n-oibrithe",
+	"admin.monitor.queue.settings.description": "Fásann linnte go dinimiciúil mar fhreagra ar a gcuid scuaine oibrithe a bhlocáil.",
+	"admin.monitor.queue.settings.title": "Socruithe Linn",
+	"admin.monitor.queue.review_add": "Athbhreithniú / Cuir Oibrithe leis",
+	"admin.monitor.queue.numberinqueue": "Uimhir i scuaine",
+	"admin.monitor.queue.maxnumberworkers": "Líon Uasta na nOibrithe",
+	"admin.monitor.queue.activeworkers": "Oibrithe Gníomhacha",
+	"admin.monitor.queue.numberworkers": "Líon na nOibrithe",
+	"admin.monitor.queue.exemplar": "Cineál Eiseamláire",
+	"admin.monitor.queue.type": "Cineál",
+	"admin.monitor.queue.name": "Ainm",
+	"admin.monitor.queue": "Scuaine: %s",
+	"admin.monitor.queues": "Scuaineanna",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA faoi mhíchumas",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA Cumasaithe",
+	"admin.users.list_status_filter.not_prohibit_login": "Ceadaigh Logáil isteach",
+	"admin.users.list_status_filter.is_prohibit_login": "Cosc ar Logáil Isteach",
+	"admin.users.list_status_filter.not_restricted": "Gan Srian",
+	"admin.users.list_status_filter.is_restricted": "Srianta",
+	"admin.users.list_status_filter.not_admin": "Ní Riarachán",
+	"admin.users.list_status_filter.is_admin": "Riarachán",
+	"admin.users.list_status_filter.not_active": "Neamhghníomhach",
+	"admin.users.list_status_filter.is_active": "Gníomhach",
+	"admin.users.list_status_filter.reset": "Athshocraigh",
+	"admin.users.list_status_filter.menu_text": "Scagaire",
+	"admin.system_status.gc_times": "Amanna GC",
+	"admin.system_status.last_gc_pause": "Sos GC Deireanach",
+	"admin.system_status.total_gc_pause": "Sos Iomlán GC",
+	"admin.system_status.last_gc_time": "Am ó GC deireanach",
+	"admin.system_status.next_gc_recycle": "Athchúrsáil GC Eile",
+	"admin.system_status.other_system_allocation_obtained": "Leithdháileadh Córais Eile a Fuarthas",
+	"admin.system_status.gc_metadata_obtained": "Meiteashonraí GC faighte",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Tábla Hash Buicéad Próifílithe a Faightear",
+	"admin.system_status.mcache_structures_obtained": "Struchtúir MCache a Faightear",
+	"admin.system_status.mcache_structures_usage": "Úsáid Struchtúir MCache",
+	"admin.system_status.mspan_structures_obtained": "Struchtúir MSpan a Faightear",
+	"admin.system_status.mspan_structures_usage": "Úsáid Struchtúir MSpan",
+	"admin.system_status.stack_memory_obtained": "Cuimhne Staca Faighte",
+	"admin.system_status.bootstrap_stack_usage": "Úsáid Staca Bootstrap",
+	"admin.system_status.heap_objects": "Cuspóirí Carn",
+	"admin.system_status.heap_memory_released": "Cuimhne Carn Eisithe",
+	"admin.system_status.heap_memory_in_use": "Cuimhne Carm In Úsáid",
+	"admin.system_status.heap_memory_idle": "Díomhaoin Cuimhne Carn",
+	"admin.system_status.heap_memory_obtained": "Cuimhne Charn Faighte",
+	"admin.system_status.current_heap_usage": "Úsáid Charn Reatha",
+	"admin.system_status.memory_free_times": "Saorálann Cuimhne",
+	"admin.system_status.memory_allocate_times": "Leithdháiltí Cuimhne",
+	"admin.system_status.pointer_lookup_times": "Amanna Cuardaigh Pointeora",
+	"admin.system_status.memory_obtained": "Cuimhne Faighte",
+	"admin.system_status.total_memory_allocated": "Cuimhne Iomlán Leithdháilte",
+	"admin.system_status.current_memory_usage": "Úsáid Cuimhne Reatha",
+	"admin.system_status.current_goroutine": "Goroutines Reatha",
+	"admin.system_status.server_uptime": "Aga fónaimh Freastalaí",
+	"markup.filepreview.truncated": "Tá an réamhamharc giorraithe",
+	"markup.filepreview.lines": "Línte %[1]d go %[2]d i %[3]s",
+	"markup.filepreview.line": "Líne %[1]d i %[2]s",
+	"actions.variables.update.success": "Tá an t-athróg curtha in eagar.",
+	"actions.variables.update.failed": "Theip ar athróg a chur in eagar.",
+	"actions.variables.creation.success": "Tá an athróg \"%s\" curtha leis.",
+	"actions.variables.creation.failed": "Theip ar athróg a chur leis.",
+	"actions.variables.deletion.success": "Tá an athróg bainte.",
+	"actions.variables.deletion.failed": "Theip ar athróg a bhaint.",
+	"actions.variables.not_found": "Theip ar an athróg a aimsiú.",
+	"actions.variables.edit": "Cuir Athróg in Eagar",
+	"actions.variables.description": "Cuirfear athróga chuig gníomhartha áirithe agus ní féidir iad a léamh ar mhalairt eile.",
+	"actions.variables.deletion.description": "Tá athróg a bhaint buan agus ní féidir é a chur ar ais. Lean ar aghaidh?",
+	"actions.variables.deletion": "Bain athróg",
+	"actions.variables.none": "Níl aon athróga ann fós.",
+	"actions.variables.creation": "Cuir Athróg leis",
+	"actions.variables.management": "Bainistigh athróga",
+	"actions.variables": "Athróga",
+	"webauthn.error.timeout": "Sroicheadh an teorainn ama sula bhféadfaí d’eochair a léamh. Athlódáil an leathanach seo, le do thoil, agus déan iarracht arís.",
+	"webauthn.error.empty": "Ní mór duit ainm a shocrú don eochair seo.",
+	"webauthn.error.duplicated": "Ní cheadaítear an eochair slándála don iarratas seo. Déan cinnte le do thoil nach bhfuil an eochair cláraithe cheana féin.",
+	"webauthn.error.unable_to_process": "Ní fhéadfadh an freastalaí d'iarratas a phróiseáil.",
+	"webauthn.error.insecure": "Ní thacaíonn WebAuthn ach le naisc slán. Le haghaidh tástála thar HTTP, is féidir leat an bunús “localhost” nó \"127.0.0.1\" a úsáid",
+	"webauthn.error.unknown": "Tharla earráid anaithnid. Déan iarracht arís.",
+	"webauthn.unsupported_browser": "Ní thacaíonn do bhrabhsálaí le WebAuthn faoi láthair.",
+	"webauthn.error": "Ní fhéadfaí do eochair slándála a léamh.",
+	"webauthn.use_twofa": "Úsáid cód dhá fhachtóir ó do ghuthán",
+	"webauthn.press_button": "Brúigh an cnaipe ar d'eochair slándála le do thoil…",
+	"webauthn.sign_in": "Brúigh an cnaipe ar d'eochair slándála. Mura bhfuil aon chnaipe ag d'eochair slándála, cuir isteach é arís.",
+	"webauthn.insert_key": "Cuir isteach d'eochair slándála",
 	"gpg.default_key": "Sínithe leis an eochair réamhshocraithe",
 	"gpg.error.extract_sign": "Theip ar an síniú a bhaint",
 	"gpg.error.generate_hash": "Theip ar hash gealltanas a ghiniúint",
diff --git a/options/locale_next/locale_gl.json b/options/locale_next/locale_gl.json
index 1ab14bedc5..7878b0a7f1 100644
--- a/options/locale_next/locale_gl.json
+++ b/options/locale_next/locale_gl.json
@@ -1,4 +1,16 @@
 {
+	"webauthn.error.timeout": "Alcanzouse o límite de tempo antes de que se puidera ler a súa clave. Volva cargar esta páxina e ténteo de novo.",
+	"webauthn.error.empty": "Debe definir un nome para esta clave.",
+	"webauthn.error.duplicated": "A clave de seguridade non está permitida para esta solicitude. Asegúrese de que a clave non estea xa rexistrada.",
+	"webauthn.error.unable_to_process": "O servidor non puido procesar a súa solicitude.",
+	"webauthn.error.insecure": "WebAuthn só admite conexións seguras. Para probar a través de HTTP, pode usar a orixe \"localhost\" ou \"127.0.0.1\"",
+	"webauthn.error.unknown": "Produciuse un erro descoñecido. Ténteo de novo.",
+	"webauthn.unsupported_browser": "O seu navegador non soporta WebAuthn actualmente.",
+	"webauthn.error": "Non se puido ler a súa clave de seguridade.",
+	"webauthn.use_twofa": "Use o Código de Dous Factores do seu Teléfono",
+	"webauthn.press_button": "Prema o botón da súa chave de seguridade…",
+	"webauthn.sign_in": "Prema o botón da súa chave de seguridade. Se a súa chave de seguridade non ten ningún botón, volva inserila.",
+	"webauthn.insert_key": "Insira a súa chave de seguridade",
 	"relativetime.now": "agora",
 	"relativetime.future": "máis adiante",
 	"repo.form.cannot_create": "Todos os espazos onde podes crear repositorios chegaron ao límite de repositorios creados.",
diff --git a/options/locale_next/locale_he.json b/options/locale_next/locale_he.json
index 3837b8a1de..c8fafcf414 100644
--- a/options/locale_next/locale_he.json
+++ b/options/locale_next/locale_he.json
@@ -1,4 +1,16 @@
 {
+	"webauthn.error.timeout": "קריאת מפתחך לקחה יותר מדי זמן. אפשר לטעון מחדש את הדף ולנסות שוב.",
+	"webauthn.error.empty": "שם המפתח הוא שדה חובה.",
+	"webauthn.error.duplicated": "מפתח האבטחה לא יכול לשמש לבקשה זו. נא לוודא שהמפתח לא רשום.",
+	"webauthn.error.unable_to_process": "שרת זה נכשל בעיבוד בקשתך.",
+	"webauthn.error.insecure": "הפרוטוקול WebAuthn לא תומך בחיבורים לא מאובטחים, למעט דרך \"localhost\" או \"127.0.0.1\"",
+	"webauthn.error.unknown": "שגיאה לא ידועה, אפשר לנסות שוב.",
+	"webauthn.unsupported_browser": "הדפדפן שלך לא תומך בWebAuthn.",
+	"webauthn.error": "קריאת מפתח האבטחה נכשלה.",
+	"webauthn.use_twofa": "השתמש בקוד אימות דו־שלבי מהטלפון שלך",
+	"webauthn.press_button": "נא ללחוץ על הכפתור שעל מפתח האבטחה…",
+	"webauthn.sign_in": "יש ללחוץ על הכפתור שעל מפתח האבטחה. אם אין כפתור, אפשר להוציא את המפתח ולחבר אותו שוב.",
+	"webauthn.insert_key": "יש להכניס את מפתח אבטחך",
 	"fork.n_forks": {
 		"one": "מזלוג אחד",
 		"two": "%s מזלוגים",
diff --git a/options/locale_next/locale_hi.json b/options/locale_next/locale_hi.json
index 79b6fdeb42..86919e5eb4 100644
--- a/options/locale_next/locale_hi.json
+++ b/options/locale_next/locale_hi.json
@@ -1,4 +1,16 @@
 {
+	"webauthn.error.timeout": "आपकी की पढ़ने से पहले टाइमआउट हो गया। पृष्ट रीलोड करें और फिर कोशिश करें।",
+	"webauthn.error.empty": "कृपया इस चाभी का नाम रखें।",
+	"webauthn.error.duplicated": "सिक्योरिटी की इस रिक्वेस्ट के लिए नहीं है। कृपया देखें की पहले से रजिस्टर्ड तो नहीं।",
+	"webauthn.error.unable_to_process": "सर्वर आपकी रिक्वेस्ट प्रोसेस नहीं कर पाया।",
+	"webauthn.error.insecure": "वेबौथ पर सिर्फ सुरक्षित कनेक्शन हो. HTTP टेस्ट के लिए ओरिजिन “लोकलहोस्ट” या “127.0.0.1”",
+	"webauthn.error.unknown": "कोई अंजान एरर हुई, फिर से कोशिश करें।",
+	"webauthn.unsupported_browser": "आपका ब्राउज़र वेबौथ सपोर्ट नहीं करता।",
+	"webauthn.error": "सिक्योरिटी की रीड नहीं हो पा रही।",
+	"webauthn.use_twofa": "अपने फ़ोन से दो फैक्टर कोड लाएं",
+	"webauthn.press_button": "अपनी सिक्योरिटी की पर बटन दबाएं…",
+	"webauthn.sign_in": "सिक्योरिटी की का बटन दबाएं, नहीं है तो फिर से प्लग करें।",
+	"webauthn.insert_key": "अपनी सिक्योरिटी की डालें",
 	"fork.n_forks": {
 		"one": "%s फोर्क",
 		"other": "%s फोर्कस"
diff --git a/options/locale_next/locale_hu-HU.json b/options/locale_next/locale_hu-HU.json
index f43220464c..4f28acaa45 100644
--- a/options/locale_next/locale_hu-HU.json
+++ b/options/locale_next/locale_hu-HU.json
@@ -1,4 +1,49 @@
 {
+	"admin.monitor.queue.settings.submit": "Beállítások frissítése",
+	"admin.monitor.queue.type": "Típus",
+	"admin.monitor.queue.name": "Név",
+	"admin.users.list_status_filter.is_restricted": "Korlátozott",
+	"admin.users.list_status_filter.is_admin": "Rendszergazda",
+	"admin.users.list_status_filter.is_active": "Aktív",
+	"admin.system_status.gc_times": "GC Idők",
+	"admin.system_status.last_gc_pause": "Utolsó GC szünet",
+	"admin.system_status.total_gc_pause": "Teljes GC szünet",
+	"admin.system_status.last_gc_time": "Utolsó GC óta eltelt idő",
+	"admin.system_status.next_gc_recycle": "Következő GC Újrahasznosítás",
+	"admin.system_status.other_system_allocation_obtained": "Másik Rendszer Allokáció Megszerezve",
+	"admin.system_status.gc_metadata_obtained": "GC Metaadat Megszerezve",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Profilozó Vödrös Hash Tábla Megszerezve",
+	"admin.system_status.mcache_structures_obtained": "MCache Struktúrák Megszerezve",
+	"admin.system_status.mcache_structures_usage": "MCache Struktúrák Használata",
+	"admin.system_status.mspan_structures_obtained": "MSpan Struktúrák Megszerezve",
+	"admin.system_status.mspan_structures_usage": "MSpan Struktúrák Használata",
+	"admin.system_status.stack_memory_obtained": "Stack Memória Megszerezve",
+	"admin.system_status.bootstrap_stack_usage": "Bootstrap Stack Használat",
+	"admin.system_status.heap_objects": "Heap Objektumok",
+	"admin.system_status.heap_memory_released": "Elengedett Heap Memória",
+	"admin.system_status.heap_memory_in_use": "Használatban lévő Heap Memória",
+	"admin.system_status.heap_memory_idle": "Tétlen Heap Memória",
+	"admin.system_status.heap_memory_obtained": "Heap Memória Megszerezve",
+	"admin.system_status.current_heap_usage": "Aktuális Heap Használat",
+	"admin.system_status.memory_allocate_times": "Memóriafoglalások",
+	"admin.system_status.pointer_lookup_times": "Pointer Lookup Idők",
+	"admin.system_status.memory_obtained": "Megszerzett Memória",
+	"admin.system_status.total_memory_allocated": "Összes lefoglalt memória",
+	"admin.system_status.current_memory_usage": "Jelenlegi memória használat",
+	"admin.system_status.current_goroutine": "Jelenlegi Goroutinok",
+	"admin.system_status.server_uptime": "Kiszolgáló futási ideje",
+	"webauthn.error.timeout": "Időtúllépés a kulcs beolvasása során. Töltse be újra ezt az oldalt, és próbálkozzon újra.",
+	"webauthn.error.empty": "Nevet kell adnia ennek a kulcsnak.",
+	"webauthn.error.duplicated": "A biztonsági kulcs nem engedélyezett ehhez a kéréshez. Győződjön meg róla, hogy a kulcs nincs-e már regisztrálva.",
+	"webauthn.error.unable_to_process": "A kiszolgáló nem tudta feldolgozni a kérését.",
+	"webauthn.error.insecure": "A WebAuthn csak biztonságos kapcsolatokat támogat. HTTP-n keresztüli tesztelés esetén használja a „localhost” vagy a „127.0.0.1” forrást.",
+	"webauthn.error.unknown": "Ismeretlen hiba történt. Próbálja újra.",
+	"webauthn.unsupported_browser": "A böngészője jelenleg nem támogatja a WebAuthn protokollt.",
+	"webauthn.error": "A biztonsági kulcsának beolvasása sikertelen volt.",
+	"webauthn.use_twofa": "Kétlépcsős hitelesítési kód használata telefonról",
+	"webauthn.press_button": "Nyomja meg a biztonsági kulcsán található gombot…",
+	"webauthn.sign_in": "Nyomja meg a biztonsági kulcsán található gombot. Ha nincs rajta gomb, próbálja meg újra behelyezni.",
+	"webauthn.insert_key": "Helyezze be biztonsági kulcsát",
 	"migrate.items.wiki": "Wiki",
 	"migrate.items.milestones": "Mérföldkövek",
 	"migrate.items.labels": "Címkék",
diff --git a/options/locale_next/locale_id-ID.json b/options/locale_next/locale_id-ID.json
index 9c21ad9cc7..d0e58fcbb4 100644
--- a/options/locale_next/locale_id-ID.json
+++ b/options/locale_next/locale_id-ID.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Semua item dalam antrian telah dihapus.",
+	"admin.monitor.queue.settings.remove_all_items": "Hapus semua",
+	"admin.monitor.queue.settings.changed": "Pengaturan diperbarui",
+	"admin.monitor.queue.settings.submit": "Perbarui pengaturan",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Jumlah maks. worker haruslah sebuah angka",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Saat ini %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Jumlah Maks. Worker",
+	"admin.monitor.queue.settings.description": "Pool berkembang secara dinamis sebagai respons terhadap pemblokiran antrian pekerja mereka.",
+	"admin.monitor.queue.settings.title": "Pengaturan pool",
+	"admin.monitor.queue.review_add": "Tinjau / tambah pekerja",
+	"admin.monitor.queue.numberinqueue": "Jumlah dalam antrian",
+	"admin.monitor.queue.maxnumberworkers": "Jumlah maksimum pekerja",
+	"admin.monitor.queue.activeworkers": "Pekerja aktif",
+	"admin.monitor.queue.numberworkers": "Jumlah pekerja",
+	"admin.monitor.queue.exemplar": "Contoh Tipe",
+	"admin.monitor.queue.type": "Tipe",
+	"admin.monitor.queue.name": "Nama",
+	"admin.monitor.queue": "Antrian: %s",
+	"admin.monitor.queues": "Antrian",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA dinonaktifkan",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA diaktifkan",
+	"admin.users.list_status_filter.not_prohibit_login": "Izinkan masuk",
+	"admin.users.list_status_filter.is_prohibit_login": "Larang masuk",
+	"admin.users.list_status_filter.not_restricted": "Tidak dibatasi",
+	"admin.users.list_status_filter.is_restricted": "Dibatasi",
+	"admin.users.list_status_filter.not_admin": "Bukan admin",
+	"admin.users.list_status_filter.is_admin": "Pengelola",
+	"admin.users.list_status_filter.not_active": "Tidak aktif",
+	"admin.users.list_status_filter.is_active": "Aktif",
+	"admin.users.list_status_filter.reset": "Atur ulang",
+	"admin.users.list_status_filter.menu_text": "Saring",
+	"admin.system_status.gc_times": "Jumlah GC",
+	"admin.system_status.last_gc_pause": "Jeda GC terakhir",
+	"admin.system_status.total_gc_pause": "Total jeda GC",
+	"admin.system_status.last_gc_time": "Waktu sejak GC terakhir",
+	"admin.system_status.next_gc_recycle": "Daur ulang GC berikutnya",
+	"admin.system_status.other_system_allocation_obtained": "Alokasi sistem lainnya yang diperoleh",
+	"admin.system_status.gc_metadata_obtained": "Metadata GC yang diperoleh",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Tabel hash bucket pemrofilan yang diperoleh",
+	"admin.system_status.mcache_structures_obtained": "Struktur MCache yang diperoleh",
+	"admin.system_status.mcache_structures_usage": "Penggunaan struktur MCache",
+	"admin.system_status.mspan_structures_obtained": "Struktur MSpan yang diperoleh",
+	"admin.system_status.mspan_structures_usage": "Penggunaan struktur MSpan",
+	"admin.system_status.stack_memory_obtained": "Memori stack yang diperoleh",
+	"admin.system_status.bootstrap_stack_usage": "Penggunaan stack bootstrap",
+	"admin.system_status.heap_objects": "Objek heap",
+	"admin.system_status.heap_memory_released": "Memori heap yang dilepaskan",
+	"admin.system_status.heap_memory_in_use": "Memori heap yang digunakan",
+	"admin.system_status.heap_memory_idle": "Memori heap yang menganggur",
+	"admin.system_status.heap_memory_obtained": "Memori heap yang diperoleh",
+	"admin.system_status.current_heap_usage": "Penggunaan heap saat ini",
+	"admin.system_status.memory_free_times": "Pembebasan memori",
+	"admin.system_status.memory_allocate_times": "Alokasi memori",
+	"admin.system_status.pointer_lookup_times": "Jumlah pencarian pointer",
+	"admin.system_status.memory_obtained": "Memori yang diperoleh",
+	"admin.system_status.total_memory_allocated": "Total memori yang dialokasikan",
+	"admin.system_status.current_memory_usage": "Penggunaan memori saat ini",
+	"admin.system_status.current_goroutine": "Goroutine saat ini",
+	"admin.system_status.server_uptime": "Waktu aktif server",
+	"markup.filepreview.truncated": "Pratinjau telah dipotong",
+	"markup.filepreview.lines": "Baris %[1]d hingga %[2]d di %[3]s",
+	"markup.filepreview.line": "Baris %[1]d di %[2]s",
+	"actions.variables.update.success": "Variabel telah diedit.",
+	"actions.variables.update.failed": "Gagal mengedit variabel.",
+	"actions.variables.creation.success": "Variabel \"%s\" telah ditambahkan.",
+	"actions.variables.creation.failed": "Gagal menambahkan variabel.",
+	"actions.variables.deletion.success": "Variabel telah dihapus.",
+	"actions.variables.deletion.failed": "Gagal menghapus variabel.",
+	"actions.variables.not_found": "Gagal menemukan variabel.",
+	"actions.variables.edit": "Edit Variabel",
+	"actions.variables.description": "Variabel akan diteruskan ke beberapa tindakan dan tidak dapat dibaca sebaliknya.",
+	"actions.variables.deletion.description": "Menghapus variabel bersifat permanen dan tidak dapat dibatalkan. Lanjutkan?",
+	"actions.variables.deletion": "Hapus variabel",
+	"actions.variables.none": "Belum ada variabel.",
+	"actions.variables.creation": "Tambah Variabel",
+	"actions.variables.management": "Kelola variabel",
+	"actions.variables": "Variabel",
+	"webauthn.error.timeout": "Waktu habis sebelum kunci Anda dapat dibaca. Mohon muat ulang halaman ini dan coba lagi.",
+	"webauthn.error.empty": "Anda harus menetapkan nama untuk kunci ini.",
+	"webauthn.error.duplicated": "Kunci keamanan tidak diperbolehkan untuk permintaan ini. Pastikan bahwa kunci ini belum terdaftar sebelumnya.",
+	"webauthn.error.unable_to_process": "Server tidak dapat memproses permintaan Anda.",
+	"webauthn.error.insecure": "`WebAuthn hanya mendukung koneksi aman. Untuk pengujian melalui HTTP, Anda dapat menggunakan \"localhost\" atau \"127.0.0.1\"`",
+	"webauthn.error.unknown": "Terdapat kesalahan yang tidak diketahui. Mohon coba lagi.",
+	"webauthn.unsupported_browser": "Browser Anda saat ini tidak mendukung WebAuthn.",
+	"webauthn.error": "Tidak dapat membaca kunci keamanan Anda.",
+	"webauthn.use_twofa": "Gunakan kode dua faktor dari telepon Anda",
+	"webauthn.press_button": "Silakan tekan tombol pada kunci keamanan Anda…",
+	"webauthn.sign_in": "Tekan tombol pada kunci keamanan Anda. Jika kunci keamanan Anda tidak memiliki tombol, masukkan kembali.",
+	"webauthn.insert_key": "Masukkan kunci keamanan anda",
 	"gpg.error.extract_sign": "Gagal untuk mengambil tanda tangan",
 	"gpg.error.generate_hash": "Gagal untuk menghasilkan hash komit",
 	"gpg.error.no_gpg_keys_found": "Tidak diketahui kunci yang ditemukan di database signature",
diff --git a/options/locale_next/locale_is-IS.json b/options/locale_next/locale_is-IS.json
index 0b3dca401f..fceede90e6 100644
--- a/options/locale_next/locale_is-IS.json
+++ b/options/locale_next/locale_is-IS.json
@@ -1,4 +1,30 @@
 {
+	"admin.monitor.queue.settings.changed": "Stillingar Uppfærðar",
+	"admin.monitor.queue.settings.submit": "Uppfæra Stillingar",
+	"admin.monitor.queue.type": "Tegund",
+	"admin.monitor.queue.name": "Heiti",
+	"admin.monitor.queues": "Raðir",
+	"admin.users.list_status_filter.not_2fa_enabled": "Tvíþætt Auðkenning Óvirk",
+	"admin.users.list_status_filter.not_prohibit_login": "Leyfa Innskráningu",
+	"admin.users.list_status_filter.is_prohibit_login": "Stöðva Innskráningu",
+	"admin.users.list_status_filter.is_admin": "Stjórnandi",
+	"admin.users.list_status_filter.is_active": "Virkt",
+	"admin.users.list_status_filter.reset": "Endurstilla",
+	"admin.users.list_status_filter.menu_text": "Sía",
+	"admin.system_status.total_memory_allocated": "Heildarminni úthlutað",
+	"admin.system_status.server_uptime": "Uppitími Netþjóns",
+	"webauthn.error.timeout": "Tímamörk náð áður en hægt var að lesa lykilinn þinn. Vinsamlegast endurhlaðið þessa síðu og reyndu aftur.",
+	"webauthn.error.empty": "Þú verður að setja nafn fyrir þennan lykil.",
+	"webauthn.error.duplicated": "Öryggislykillinn er ekki leyfður fyrir þessa beiðni. Gakktu úr skugga um að lykillinn sé ekki þegar skráður.",
+	"webauthn.error.unable_to_process": "Netþjónninn gat ekki ráðið við beiðni þína.",
+	"webauthn.error.insecure": "WebAuthn styður aðeins öruggar tengingar. Til að prófa yfir HTTP geturðu notað upprunann „localhost“ eða „127.0.0.1“",
+	"webauthn.error.unknown": "Óþekkt villa kom upp. Vinsamlegast reyndu aftur.",
+	"webauthn.unsupported_browser": "Vafrinn þinn styður ekki WebAuthn eins og er.",
+	"webauthn.error": "Gat ekki lesið öryggislykilinn þinn.",
+	"webauthn.use_twofa": "Notaðu tveggja-þátta kóða úr símanum þínum",
+	"webauthn.press_button": "Vinsamlegast ýttu á hnappinn á öryggislyklinum þínum…",
+	"webauthn.sign_in": "Ýttu á hnappinn á öryggislyklinum þínum. Ef öryggislykillinn þinn hefur engan hnapp skaltu setja hann aftur inn.",
+	"webauthn.insert_key": "Settu öryggislykilinn þinn inn",
 	"actions.runners.name": "Heiti",
 	"actions.runners.owner_type": "Tegund",
 	"actions.runners.description": "Lýsing",
diff --git a/options/locale_next/locale_it-IT.json b/options/locale_next/locale_it-IT.json
index 38e74714bc..0efdd472c6 100644
--- a/options/locale_next/locale_it-IT.json
+++ b/options/locale_next/locale_it-IT.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Tutti gli elementi in coda sono stati rimossi.",
+	"admin.monitor.queue.settings.remove_all_items": "Rimuovi tutto",
+	"admin.monitor.queue.settings.changed": "Impostazioni aggiornate",
+	"admin.monitor.queue.settings.submit": "Aggiorna impostazioni",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Il numero massimo di lavoratori deve essere un numero",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Attualmente %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Massimo numero di workers",
+	"admin.monitor.queue.settings.description": "Le piscine crescono dinamicamente in risposta al blocco dei lavoratori in coda.",
+	"admin.monitor.queue.settings.title": "Impostazioni piscina",
+	"admin.monitor.queue.review_add": "Revisiona / aggiungi lavoratori",
+	"admin.monitor.queue.numberinqueue": "Numero in coda",
+	"admin.monitor.queue.maxnumberworkers": "Massimo numero di lavoratori",
+	"admin.monitor.queue.activeworkers": "Lavoratori attivi",
+	"admin.monitor.queue.numberworkers": "Numero di lavoratori",
+	"admin.monitor.queue.exemplar": "Tipo di esemplare",
+	"admin.monitor.queue.type": "Tipo",
+	"admin.monitor.queue.name": "Nome",
+	"admin.monitor.queue": "Coda: %s",
+	"admin.monitor.queues": "Code",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA disabilitato",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA abilitato",
+	"admin.users.list_status_filter.not_prohibit_login": "Accesso consentito",
+	"admin.users.list_status_filter.is_prohibit_login": "Accesso vietato",
+	"admin.users.list_status_filter.not_restricted": "Non limitato",
+	"admin.users.list_status_filter.is_restricted": "Limitato",
+	"admin.users.list_status_filter.not_admin": "Non amministratore",
+	"admin.users.list_status_filter.is_admin": "Amministratore",
+	"admin.users.list_status_filter.not_active": "Inattivo",
+	"admin.users.list_status_filter.is_active": "Attivo",
+	"admin.users.list_status_filter.reset": "Ripristina",
+	"admin.users.list_status_filter.menu_text": "Filtro",
+	"admin.system_status.gc_times": "Esecuzioni GC",
+	"admin.system_status.last_gc_pause": "Ultima pausa del GC",
+	"admin.system_status.total_gc_pause": "Pausa totale del GC",
+	"admin.system_status.last_gc_time": "Dall'ultimo GC",
+	"admin.system_status.next_gc_recycle": "Prossimo riciclaggio GC",
+	"admin.system_status.other_system_allocation_obtained": "Altre allocazioni di sistema ottenute",
+	"admin.system_status.gc_metadata_obtained": "Metadata del GC ottenuto",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Tabelle hash del secchio di profilazione ottenute",
+	"admin.system_status.mcache_structures_obtained": "Strutture MCache ottenute",
+	"admin.system_status.mcache_structures_usage": "Utilizzo di strutture MCache",
+	"admin.system_status.mspan_structures_obtained": "Strutture MSpan ottenute",
+	"admin.system_status.mspan_structures_usage": "Utilizzo strutture MSpan",
+	"admin.system_status.stack_memory_obtained": "Memoria pila ottenuta",
+	"admin.system_status.bootstrap_stack_usage": "Utilizzo pila iniziale",
+	"admin.system_status.heap_objects": "Oggetti dell'heap",
+	"admin.system_status.heap_memory_released": "Memoria heap rilasciata",
+	"admin.system_status.heap_memory_in_use": "Memoria heap in uso",
+	"admin.system_status.heap_memory_idle": "Memoria heap inattiva",
+	"admin.system_status.heap_memory_obtained": "Memoria heap ottenuta",
+	"admin.system_status.current_heap_usage": "Utilizzo heap attuale",
+	"admin.system_status.memory_free_times": "Rilasci di memoria",
+	"admin.system_status.memory_allocate_times": "Allocazioni di memoria",
+	"admin.system_status.pointer_lookup_times": "Tempi di ricerca del puntatore",
+	"admin.system_status.memory_obtained": "Memoria ottenuta",
+	"admin.system_status.total_memory_allocated": "Memoria allocata totale",
+	"admin.system_status.current_memory_usage": "Utilizzo di memoria attuale",
+	"admin.system_status.current_goroutine": "Goroutine attuali",
+	"admin.system_status.server_uptime": "Tempo di attività",
+	"markup.filepreview.truncated": "L'anteprima è stata troncata",
+	"markup.filepreview.lines": "Linee da %[1]d a %[2]d in %[3]s",
+	"markup.filepreview.line": "Linea %[1]d in %[2]s",
+	"actions.variables.update.success": "La variabile è stata modificata.",
+	"actions.variables.update.failed": "Impossibile modificare la variabile.",
+	"actions.variables.creation.success": "La variabile \"%s\" è stata aggiunta.",
+	"actions.variables.creation.failed": "Errore nell'aggiunta della variabile.",
+	"actions.variables.deletion.success": "La variabile è stata rimossa.",
+	"actions.variables.deletion.failed": "Impossibile rimuovere la variabile.",
+	"actions.variables.not_found": "Non è stato possibile trovare la variabile.",
+	"actions.variables.edit": "Modifica variabile",
+	"actions.variables.description": "Le variabili saranno passate a determinate azioni e non possono essere lette altrimenti.",
+	"actions.variables.deletion.description": "La rimozione di una variabile è permanente e non può essere annullata. Continuare?",
+	"actions.variables.deletion": "Rimuovi variabile",
+	"actions.variables.none": "Non ci sono ancora variabili.",
+	"actions.variables.creation": "Aggiungi variabile",
+	"actions.variables.management": "Gestisci variabili",
+	"actions.variables": "Variabili",
+	"webauthn.error.timeout": "Timeout raggiunto prima che la tua chiave possa essere letta. Ricarica la pagina e riprova.",
+	"webauthn.error.empty": "Devi impostare un nome per questa chiave.",
+	"webauthn.error.duplicated": "La chiave di sicurezza non è consentita per questa richiesta. Assicurati che la chiave non sia già registrata.",
+	"webauthn.error.unable_to_process": "Il server non può elaborare la richiesta.",
+	"webauthn.error.insecure": "WebAuthn supporta solo connessioni sicure. Per il test su HTTP, è possibile utilizzare l'origine \"localhost\" o \"127.0.0.1\"",
+	"webauthn.error.unknown": "Si è verificato un errore sconosciuto. Riprova.",
+	"webauthn.unsupported_browser": "Il tuo browser al momento non supporta WebAuthn.",
+	"webauthn.error": "Impossibile leggere la tua chiave di sicurezza.",
+	"webauthn.use_twofa": "Usa un codice a due fattori dal tuo telefono",
+	"webauthn.press_button": "Premi il pulsante sulla chiave di sicurezza…",
+	"webauthn.sign_in": "Premi il pulsante sul tasto di sicurezza. Se il tasto di sicurezza non ha pulsante, reinseriscilo.",
+	"webauthn.insert_key": "Inserisci la tua chiave di sicurezza",
 	"counters.n_commits": {
 		"one": "%s commit",
 		"many": "%s commit",
diff --git a/options/locale_next/locale_ja-JP.json b/options/locale_next/locale_ja-JP.json
index 5ad5f68868..f462ff4e74 100644
--- a/options/locale_next/locale_ja-JP.json
+++ b/options/locale_next/locale_ja-JP.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "キュー内のすべての項目を削除しました。",
+	"admin.monitor.queue.settings.remove_all_items": "すべて削除",
+	"admin.monitor.queue.settings.changed": "設定を更新しました",
+	"admin.monitor.queue.settings.submit": "設定を更新",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "ワーカー数上限は数値にしてください",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "現在の設定 %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "ワーカー数上限",
+	"admin.monitor.queue.settings.description": "プールはワーカーキューの待機状態に応じて動的に大きくなります。",
+	"admin.monitor.queue.settings.title": "プール設定",
+	"admin.monitor.queue.review_add": "ワーカーの確認 / 追加",
+	"admin.monitor.queue.numberinqueue": "キュー内の数",
+	"admin.monitor.queue.maxnumberworkers": "ワーカー数上限",
+	"admin.monitor.queue.activeworkers": "使用ワーカー数",
+	"admin.monitor.queue.numberworkers": "ワーカー数",
+	"admin.monitor.queue.exemplar": "要素の型",
+	"admin.monitor.queue.type": "種類",
+	"admin.monitor.queue.name": "キュー名",
+	"admin.monitor.queue": "キュー: %s",
+	"admin.monitor.queues": "キュー",
+	"admin.users.list_status_filter.not_2fa_enabled": "2要素認証無効",
+	"admin.users.list_status_filter.is_2fa_enabled": "2要素認証有効",
+	"admin.users.list_status_filter.not_prohibit_login": "ログインを許可",
+	"admin.users.list_status_filter.is_prohibit_login": "ログインを禁止",
+	"admin.users.list_status_filter.not_restricted": "制限なし",
+	"admin.users.list_status_filter.is_restricted": "制限あり",
+	"admin.users.list_status_filter.not_admin": "非管理者",
+	"admin.users.list_status_filter.is_admin": "管理者",
+	"admin.users.list_status_filter.not_active": "無効",
+	"admin.users.list_status_filter.is_active": "有効",
+	"admin.users.list_status_filter.reset": "リセット",
+	"admin.users.list_status_filter.menu_text": "フィルター",
+	"admin.system_status.gc_times": "GC実行回数",
+	"admin.system_status.last_gc_pause": "前回のGC停止時間",
+	"admin.system_status.total_gc_pause": "GC停止時間の合計",
+	"admin.system_status.last_gc_time": "前回GCからの時間",
+	"admin.system_status.next_gc_recycle": "次回のGCリサイクル",
+	"admin.system_status.other_system_allocation_obtained": "その他システム割当用取得量",
+	"admin.system_status.gc_metadata_obtained": "GCメタデータ用取得量",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "バケットハッシュテーブルのプロファイリング割当量",
+	"admin.system_status.mcache_structures_obtained": "MCache構造体用取得量",
+	"admin.system_status.mcache_structures_usage": "MCache構造体の使用量",
+	"admin.system_status.mspan_structures_obtained": "MSpan構造体用取得量",
+	"admin.system_status.mspan_structures_usage": "MSpan構造体の使用量",
+	"admin.system_status.stack_memory_obtained": "スタック用メモリ取得量",
+	"admin.system_status.bootstrap_stack_usage": "スタック使用量",
+	"admin.system_status.heap_objects": "ヒープオブジェクト数",
+	"admin.system_status.heap_memory_released": "解放済みヒープ容量",
+	"admin.system_status.heap_memory_in_use": "使用中のヒープ容量",
+	"admin.system_status.heap_memory_idle": "未使用のヒープ容量",
+	"admin.system_status.heap_memory_obtained": "ヒープ用メモリ取得量",
+	"admin.system_status.current_heap_usage": "現在のヒープ使用量",
+	"admin.system_status.memory_free_times": "メモリ解放回数",
+	"admin.system_status.memory_allocate_times": "メモリ割当回数",
+	"admin.system_status.pointer_lookup_times": "ポインタ参照回数",
+	"admin.system_status.memory_obtained": "メモリ取得量",
+	"admin.system_status.total_memory_allocated": "メモリ割当量の累計",
+	"admin.system_status.current_memory_usage": "現在のメモリ使用量",
+	"admin.system_status.current_goroutine": "現在のGoroutine数",
+	"admin.system_status.server_uptime": "サーバーの稼働時間",
+	"markup.filepreview.truncated": "プレビューは途中から省略されています",
+	"markup.filepreview.lines": "%[3]s の %[1]d 行目から %[2]d 行目",
+	"markup.filepreview.line": "%[2]s の %[1]d 行目",
+	"actions.variables.update.success": "変数を更新しました。",
+	"actions.variables.update.failed": "変数を更新できませんでした。",
+	"actions.variables.creation.success": "変数 \"%s\" を追加しました。",
+	"actions.variables.creation.failed": "変数を追加できませんでした。",
+	"actions.variables.deletion.success": "変数を削除しました。",
+	"actions.variables.deletion.failed": "変数を削除できませんでした。",
+	"actions.variables.not_found": "変数が見つかりませんでした。",
+	"actions.variables.edit": "変数の編集",
+	"actions.variables.description": "変数は特定のActionsに渡されます。 それ以外で読み出されることはありません。",
+	"actions.variables.deletion.description": "変数の削除は恒久的で元に戻すことはできません。 続行しますか？",
+	"actions.variables.deletion": "変数を削除",
+	"actions.variables.none": "変数はまだありません。",
+	"actions.variables.creation": "変数の追加",
+	"actions.variables.management": "変数の管理",
+	"actions.variables": "変数",
+	"webauthn.error.timeout": "キーを読み取る前にタイムアウトになりました。 このページをリロードしてもう一度やり直してください。",
+	"webauthn.error.empty": "このキーに名前を設定する必要があります。",
+	"webauthn.error.duplicated": "このリクエストに対しては、許可されていないセキュリティキーです。 キーが未登録であることを確認してください。",
+	"webauthn.error.unable_to_process": "サーバーがリクエストを処理できませんでした。",
+	"webauthn.error.insecure": "WebAuthn はセキュアな接続のみをサポートしています。HTTP 経由でテストする場合は、\"localhost\" または \"127.0.0.1\" のオリジンが使用できます",
+	"webauthn.error.unknown": "不明なエラーが発生しました。 もう一度やり直してください。",
+	"webauthn.unsupported_browser": "お使いのブラウザは現在 WebAuthn をサポートしていません。",
+	"webauthn.error": "セキュリティキーを読み取ることができません。",
+	"webauthn.use_twofa": "携帯電話から2要素認証コードを使用する",
+	"webauthn.press_button": "セキュリティキーのボタンを押してください…",
+	"webauthn.sign_in": "セキュリティキーのボタンを押してください。セキュリティキーにボタンが無い場合は、挿入しなおしてください。",
+	"webauthn.insert_key": "セキュリティキーを挿入",
 	"counters.n_commits": {
 		"one": "%s のコミット",
 		"other": "%s のコミット"
diff --git a/options/locale_next/locale_ka.json b/options/locale_next/locale_ka.json
index 7f8a474f4e..bfd0bbf460 100644
--- a/options/locale_next/locale_ka.json
+++ b/options/locale_next/locale_ka.json
@@ -1,4 +1,14 @@
 {
+	"admin.monitor.queue.type": "ტიპი",
+	"admin.monitor.queue.name": "სახელი",
+	"admin.monitor.queues": "რიგები",
+	"admin.users.list_status_filter.is_restricted": "შეზღუდული",
+	"admin.users.list_status_filter.is_admin": "ადმინი",
+	"admin.users.list_status_filter.not_active": "არააქტიურია",
+	"admin.users.list_status_filter.is_active": "აქტიურია",
+	"admin.users.list_status_filter.reset": "ჩამოყრა",
+	"admin.users.list_status_filter.menu_text": "ფილტრი",
+	"actions.variables": "ცვლადები",
 	"migrate.items.wiki": "ვიკი",
 	"migrate.items.milestones": "მისაღწევი გეგმები",
 	"migrate.items.labels": "ჭდეები",
diff --git a/options/locale_next/locale_kab.json b/options/locale_next/locale_kab.json
index 01a3daa718..5d874fb42d 100644
--- a/options/locale_next/locale_kab.json
+++ b/options/locale_next/locale_kab.json
@@ -1,4 +1,9 @@
 {
+	"admin.monitor.queue.settings.remove_all_items": "Kkes-iten akk",
+	"admin.monitor.queue.name": "Isem",
+	"admin.users.list_status_filter.is_admin": "Anedbal",
+	"admin.users.list_status_filter.not_active": "D arurmid",
+	"admin.users.list_status_filter.is_active": "D urmid",
 	"actions.runners.name": "Isem",
 	"actions.runners.description": "Aglam",
 	"actions.runners.task_list.repository": "Akufi",
diff --git a/options/locale_next/locale_ko-KR.json b/options/locale_next/locale_ko-KR.json
index 0c725dfef2..b6f638bf0f 100644
--- a/options/locale_next/locale_ko-KR.json
+++ b/options/locale_next/locale_ko-KR.json
@@ -1,4 +1,49 @@
 {
+	"admin.monitor.queue.settings.submit": "설정 업데이트",
+	"admin.monitor.queue.type": "유형",
+	"admin.monitor.queue.name": "이름",
+	"admin.users.list_status_filter.is_admin": "관리자",
+	"admin.users.list_status_filter.is_active": "사용",
+	"admin.system_status.gc_times": "가비지 콜렉션 시간",
+	"admin.system_status.last_gc_pause": "마지막 가비지 콜렉션 중지",
+	"admin.system_status.total_gc_pause": "모든 가비지 콜렉션 중지",
+	"admin.system_status.last_gc_time": "마지막 가비지 콜렉션 시간",
+	"admin.system_status.next_gc_recycle": "다음 가비지 콜렉션 순환",
+	"admin.system_status.other_system_allocation_obtained": "기타 시스템 할당 확보",
+	"admin.system_status.gc_metadata_obtained": "가비지 콜렉션 메타 데이터 확보",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "버켓 해시 테이블 확보 프로파일링",
+	"admin.system_status.mcache_structures_obtained": "MCache 구조 확보",
+	"admin.system_status.mcache_structures_usage": "MCache 구조 사용현황",
+	"admin.system_status.mspan_structures_obtained": "MSpan 구조 확보",
+	"admin.system_status.mspan_structures_usage": "MSpan 구조 사용현황",
+	"admin.system_status.stack_memory_obtained": "스택 메모리 확보",
+	"admin.system_status.bootstrap_stack_usage": "부트스트랩 스택 사용현황",
+	"admin.system_status.heap_objects": "힙 객체",
+	"admin.system_status.heap_memory_released": "힙 메모리 풀림",
+	"admin.system_status.heap_memory_in_use": "힙 메모리 사용중",
+	"admin.system_status.heap_memory_idle": "힙 메모리 유휴",
+	"admin.system_status.heap_memory_obtained": "힙 메모리 확보",
+	"admin.system_status.current_heap_usage": "현재 힙 사용현황",
+	"admin.system_status.memory_free_times": "가용 메모리",
+	"admin.system_status.memory_allocate_times": "사용 메모리",
+	"admin.system_status.pointer_lookup_times": "포인터 조회 시간",
+	"admin.system_status.memory_obtained": "메모리 확보",
+	"admin.system_status.total_memory_allocated": "전체 할당 메모리",
+	"admin.system_status.current_memory_usage": "현재 메모리 사용율",
+	"admin.system_status.current_goroutine": "현재 Go루틴",
+	"admin.system_status.server_uptime": "서버를 켠 시간",
+	"webauthn.error.timeout": "키를 읽기 전에 시간이 초과되었습니다. 페이지를 새로 고치고 다시 시도해주세요.",
+	"webauthn.error.empty": "키의 이름을 설정해야 합니다.",
+	"webauthn.error.duplicated": "이 요청에는 보안 키가 허용되지 않습니다. 키가 이미 등록되어 있는지 확인하세요.",
+	"webauthn.error.unable_to_process": "서버가 귀하의 요청을 처리할 수 없습니다.",
+	"webauthn.error.insecure": "웹 인증은 안전한 연결만 지원합니다. HTTP에서 테스트할 경우, \"localhost\" 또는 \"127.0.0.1\" 오리진을 사용할 수 있습니다.",
+	"webauthn.error.unknown": "알 수 없는 오류가 발생했습니다. 다시 시도해주세요.",
+	"webauthn.unsupported_browser": "현재 귀하의 브라우저는 웹 인증을 지원하지 않습니다.",
+	"webauthn.error": "보안 키를 읽을 수 없습니다.",
+	"webauthn.use_twofa": "휴대전화 2단계 코드 사용",
+	"webauthn.press_button": "보안 키의 버튼을 누르세요…",
+	"webauthn.sign_in": "보안 키에 있는 버튼을 누르세요. 만약 보안 키에 버튼이 없다면 다시 입력하세요.",
+	"webauthn.insert_key": "보안 키를 입력하세요",
 	"migrate.items.wiki": "위키",
 	"migrate.items.milestones": "마일스톤",
 	"migrate.items.issues": "이슈",
diff --git a/options/locale_next/locale_kw.json b/options/locale_next/locale_kw.json
index 00322101ea..5287b1d0f5 100644
--- a/options/locale_next/locale_kw.json
+++ b/options/locale_next/locale_kw.json
@@ -1,3 +1,15 @@
 {
+	"webauthn.error.timeout": "Termyn yn-mes hedhys kyns agas alhwedh y hyllys redys. Daskargewgh an folen ma mar pleg hag assayewgh arta.",
+	"webauthn.error.empty": "Res yw dhywgh settya hanow rag an alhwedh ma.",
+	"webauthn.error.duplicated": "Nyns yw an alhwedh sawder gesys rag an govyn ma. Mar pleg, surhewgh nyns yw an alhwedh kovskrifys seulabrys.",
+	"webauthn.error.unable_to_process": "Ny yllir an servell argerdhes agas govyn.",
+	"webauthn.error.insecure": "WebAuthn a skoodh junyans saw yn unnik. Rag ow previ dres HTTP. ty a yll devnydhya an devedhyans \"localhost\" po \"127.0.0.1\"",
+	"webauthn.error.unknown": "Yth esa error ankoth. Mar pleg assayewgh arta.",
+	"webauthn.unsupported_browser": "Ny skoodhya a-lemmyn agas peurell WebAuthn.",
+	"webauthn.error": "Ny yllir redya agas alhwedh sawder.",
+	"webauthn.use_twofa": "Devnydhyer kod dewkamm dhyworth agas klapkodh",
+	"webauthn.press_button": "Mar pleg gwaskewgh an boton war agas alhwedh sawder…",
+	"webauthn.sign_in": "Tavewgh an boton war agas alhwedh sawder. Mar nyns eus boton, gorrewgh a-bervedh arta.",
+	"webauthn.insert_key": "Gorra a-bervedh agas alhwedh sawder",
 	"home.welcome.no_activity": "Nyns eys aktivita"
 }
diff --git a/options/locale_next/locale_lt.json b/options/locale_next/locale_lt.json
index bd3d3d0e54..a60c96a4ae 100644
--- a/options/locale_next/locale_lt.json
+++ b/options/locale_next/locale_lt.json
@@ -1,4 +1,17 @@
 {
+	"markup.filepreview.truncated": "Peržiūra buvo sutrumpinta",
+	"webauthn.error.timeout": "Baigėsi laikas, per kurį nebuvo galima nuskaityti rakto. Perkraukite šį puslapį ir bandykite dar kartą.",
+	"webauthn.error.empty": "Turite nustatyti šio rakto pavadinimą.",
+	"webauthn.error.duplicated": "Saugumo raktas neleidžiamas šiai prašymai. Įsitikinkite, kad raktas dar nėra užregistruotas.",
+	"webauthn.error.unable_to_process": "Serveris negalėjo apdoroti jūsų prašymo.",
+	"webauthn.error.insecure": "„WebAuthn“ palaiko tik saugius ryšius. Bandymams per HTTP galite naudoti „localhost“ arba „127.0.0.0.1“.",
+	"webauthn.error.unknown": "Įvyko nežinoma klaida. Bandykite dar kartą.",
+	"webauthn.unsupported_browser": "Jūsų naršyklė šiuo metu nepalaiko „WebAuthn“.",
+	"webauthn.error": "Nepavyko nuskaityti saugumo rakto.",
+	"webauthn.use_twofa": "Naudoti dvigubą kodą iš telefono",
+	"webauthn.press_button": "Paspauskite saugumo rakto mygtuką…",
+	"webauthn.sign_in": "Paspauskite saugumo rakto mygtuką. Jei saugumo raktas neturi mygtuko, įkiškite jį iš naujo.",
+	"webauthn.insert_key": "Įkiškite savo saugumo raktą",
 	"search.milestone_kind": "Ieškoti gairių...",
 	"meta.last_line": " "
 }
diff --git a/options/locale_next/locale_lv-LV.json b/options/locale_next/locale_lv-LV.json
index 0482456367..066ecfaea4 100644
--- a/options/locale_next/locale_lv-LV.json
+++ b/options/locale_next/locale_lv-LV.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Visi rindsaraksta vienumi tika noņemti.",
+	"admin.monitor.queue.settings.remove_all_items": "Noņemt visus",
+	"admin.monitor.queue.settings.changed": "Iestatījumi atjaunināti",
+	"admin.monitor.queue.settings.submit": "Atjaunināt iestatījumus",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Lielākajam pieļaujamajam strādņu skaitam ir jābūt skaitlim",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Pašalaik %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Maksimālais strādņu skaits",
+	"admin.monitor.queue.settings.description": "Pūli dinamiski palielinās atkarībā no to strādņu rindu aizturēšanas.",
+	"admin.monitor.queue.settings.title": "Pūla iestatījumi",
+	"admin.monitor.queue.review_add": "Pārskatīt/pievienot strādņus",
+	"admin.monitor.queue.numberinqueue": "Skaits rindsarakstā",
+	"admin.monitor.queue.maxnumberworkers": "Lielākais pieļaujamais strādņu skaits",
+	"admin.monitor.queue.activeworkers": "Darbojošies strādņi",
+	"admin.monitor.queue.numberworkers": "Strādņu skaits",
+	"admin.monitor.queue.exemplar": "Eksemplāra veids",
+	"admin.monitor.queue.type": "Veids",
+	"admin.monitor.queue.name": "Nosaukums",
+	"admin.monitor.queue": "Rindsaraksts: %s",
+	"admin.monitor.queues": "Rindsaraksti",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA atspējota",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA iespējota",
+	"admin.users.list_status_filter.not_prohibit_login": "Atļaut pieteikšanos",
+	"admin.users.list_status_filter.is_prohibit_login": "Neļaut pieteikšanos",
+	"admin.users.list_status_filter.not_restricted": "Nav ierobežots",
+	"admin.users.list_status_filter.is_restricted": "Ierobežots",
+	"admin.users.list_status_filter.not_admin": "Nav pārvaldītājs",
+	"admin.users.list_status_filter.is_admin": "Pārvaldītājs",
+	"admin.users.list_status_filter.not_active": "Neaktīvs",
+	"admin.users.list_status_filter.is_active": "Aktīvs",
+	"admin.users.list_status_filter.reset": "Atiestatīt",
+	"admin.users.list_status_filter.menu_text": "Atlasīt",
+	"admin.system_status.gc_times": "GC reizes",
+	"admin.system_status.last_gc_pause": "Pedējais GC pārtraukums",
+	"admin.system_status.total_gc_pause": "Kopējais GC pārtraukums",
+	"admin.system_status.last_gc_time": "Laiks kopš pēdējās GC",
+	"admin.system_status.next_gc_recycle": "Nākamā GC atkritne",
+	"admin.system_status.other_system_allocation_obtained": "Citas iegūtās sistēmas sadales",
+	"admin.system_status.gc_metadata_obtained": "Iegūtie GC metadati",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Iegūtā profilēšanas groza jaucējtabula",
+	"admin.system_status.mcache_structures_obtained": "Iegūtās MCache struktūras",
+	"admin.system_status.mcache_structures_usage": "MCache struktūru lietojums",
+	"admin.system_status.mspan_structures_obtained": "Iegūtās MSpan struktūras",
+	"admin.system_status.mspan_structures_usage": "MSpan struktūru lietojums",
+	"admin.system_status.stack_memory_obtained": "Iegūtā viengala rindas atmiņa",
+	"admin.system_status.bootstrap_stack_usage": "Sākumielādētāja viengala rindas lietojums",
+	"admin.system_status.heap_objects": "Grēdas objekti",
+	"admin.system_status.heap_memory_released": "Atbrīvotā grēdas atmiņa",
+	"admin.system_status.heap_memory_in_use": "Izmantotā grēdas atmiņa",
+	"admin.system_status.heap_memory_idle": "Neizmantotā grēdas atmiņa",
+	"admin.system_status.heap_memory_obtained": "Iegūtā grēdas atmiņa",
+	"admin.system_status.current_heap_usage": "Pašreizējais grēdas lietojums",
+	"admin.system_status.memory_free_times": "Atmiņas atbrīvošanas",
+	"admin.system_status.memory_allocate_times": "Atmiņas iedalīšanas",
+	"admin.system_status.pointer_lookup_times": "Rādītāju uzmeklēšanas reizes",
+	"admin.system_status.memory_obtained": "Iegūtā atmiņa",
+	"admin.system_status.total_memory_allocated": "Kopējā iedalītā atmiņa",
+	"admin.system_status.current_memory_usage": "Pašreizējais atmiņas lietojums",
+	"admin.system_status.current_goroutine": "Pašreizējās gorutīnas",
+	"admin.system_status.server_uptime": "Servera darbības laiks",
+	"markup.filepreview.truncated": "Priekšskatījums tika saīsināts",
+	"markup.filepreview.lines": "%[1]d. līdz %[2]d. rinda %[3]s",
+	"markup.filepreview.line": "%[1]d. rinda %[2]s",
+	"actions.variables.update.success": "Mainīgais tika labots.",
+	"actions.variables.update.failed": "Neizdevās labot mainīgo.",
+	"actions.variables.creation.success": "Mainīgais \"%s\" tika pievienots.",
+	"actions.variables.creation.failed": "Neizdevās pievienot mainīgo.",
+	"actions.variables.deletion.success": "Mainīgais tika noņemts.",
+	"actions.variables.deletion.failed": "Neizdevās noņemt mainīgo.",
+	"actions.variables.not_found": "Neizdevās atrast mainīgo.",
+	"actions.variables.edit": "Labot mainīgo",
+	"actions.variables.description": "Mainīgie tiks padoti noteiktām darbībām, un citādāk tos nevar nolasīt.",
+	"actions.variables.deletion.description": "Mainīgā noņemšana ir neatgriezeniska un nav atsaucama. Turpināt?",
+	"actions.variables.deletion": "Noņemt mainīgo",
+	"actions.variables.none": "Vēl nav neviena mainīgā.",
+	"actions.variables.creation": "Pievienot mainīgo",
+	"actions.variables.management": "Pārvaldīt mainīgos",
+	"actions.variables": "Mainīgie",
+	"webauthn.error.timeout": "Iestājās noildze, pirms varēja nolasīt atslēgu. Lūgums pārlādēt šo lapu un mēģināt vēlreiz.",
+	"webauthn.error.empty": "Jānorāda šīs atslēgas nosaukums.",
+	"webauthn.error.duplicated": "Drošības atslēga nav atļauta šim pieprasījumam. Lūgums pārliecināties, ka šī atslēga nav jau reģistrēta.",
+	"webauthn.error.unable_to_process": "Serveris nevarēja apstrādāt pieprasījumu.",
+	"webauthn.error.insecure": "WebAuthn atbalsta tikai drošus savienojumus. Pārbaudīšanai ar HTTP var izmantot pirmavotu \"localhost\" vai \"127.0.0.1\"",
+	"webauthn.error.unknown": "Atgadījās nezināma kļūda. Lūgums mēģināt vēlreiz.",
+	"webauthn.unsupported_browser": "Pārlūks pašlaik nenodrošina WebAuthn.",
+	"webauthn.error": "Nevar nolasīt drošības atslēgu.",
+	"webauthn.use_twofa": "Izmantot divpakāpju kodu no sava tālruņa",
+	"webauthn.press_button": "Lūgums nospiest pogu uz savas drošības atslēgas…",
+	"webauthn.sign_in": "Jānospiež poga uz drošības atslēgas. Ja tai nav pogas, drošības atslēga ir atkārtoti jāievieto.",
+	"webauthn.insert_key": "Jāievieto sava drošības atslēga",
 	"counters.n_commits": {
 		"zero": "%s iesūtījumu",
 		"one": "%s iesūtījums",
diff --git a/options/locale_next/locale_mk.json b/options/locale_next/locale_mk.json
index e24ba5b473..cd4b0f830c 100644
--- a/options/locale_next/locale_mk.json
+++ b/options/locale_next/locale_mk.json
@@ -1,4 +1,16 @@
 {
+	"webauthn.error.timeout": "Времето истечало пред да може да се прочита вашиот клуч. Ве молиме освежете ја оваа страница и обидете се повторно.",
+	"webauthn.error.empty": "Мора да е поставено име за овој клуч.",
+	"webauthn.error.duplicated": "Безбедносниот клуч не е дозволен за овој барање. Ве молиме уверете се дека клучот не е веќе регистриран.",
+	"webauthn.error.unable_to_process": "Серверот не можеше да ја обработи вашето барање.",
+	"webauthn.error.insecure": "WebAuthn поддржува само сигурни врски. За тестирање преку HTTP, можете да го користите изворот \"localhost\" или \"127.0.0.1\"",
+	"webauthn.error.unknown": "Се случи непозната грешка. Ве молиме обидете се повторно.",
+	"webauthn.unsupported_browser": "Вашиот прелистувач во моментов не ја поддржува WebAuthn.",
+	"webauthn.error": "Неможно да се чита бесбедносен клуч.",
+	"webauthn.use_twofa": "Користете еден двофакторски код од вашиот телефон",
+	"webauthn.press_button": "Притиснете го копчето на вашиот безбедносен клуч…",
+	"webauthn.sign_in": "Притиснете го копчето на вашиот безбедносен клуч. Ако вашиот безбедносен клуч нема копче, повторно вметнете го.",
+	"webauthn.insert_key": "Вметнете го вашиот безбедносен клуч",
 	"home.welcome.no_activity": "Нема активност",
 	"home.welcome.activity_hint": "Сè уште нема ништо во вашиот фид. Вашите активности и дејства од репозиториумите што ги следите ќе се појават овде.",
 	"home.explore_repos": "Истражи репозиториуми",
diff --git a/options/locale_next/locale_nb_NO.json b/options/locale_next/locale_nb_NO.json
index d18da5792b..1cc4caa13c 100644
--- a/options/locale_next/locale_nb_NO.json
+++ b/options/locale_next/locale_nb_NO.json
@@ -1,4 +1,16 @@
 {
+	"webauthn.error.timeout": "Et tidsavbrudd oppsto før nøkkelen din kunne leses. Vennligst last inn siden på nytt og prøv igjen.",
+	"webauthn.error.empty": "Du må gi nøkkelen et navn.",
+	"webauthn.error.duplicated": "Sikkerhetsnøkkelen er ikke tillatt for denne forespørselen. Vennligst sørg for at nøkkelen ikke allerede er registrert.",
+	"webauthn.error.unable_to_process": "Tjeneren kunne ikke behandle forespørselen din.",
+	"webauthn.error.insecure": "WebAuhn støtter kun sikre forbindelser. For testing over HTTP kan du bruke verten \"localhost\" eller \"127.0.0.1\"",
+	"webauthn.error.unknown": "En ukjent feil oppstod. Vennligst prøv igjen.",
+	"webauthn.unsupported_browser": "Nettleseren din støtter ikke WebAuthn.",
+	"webauthn.error": "Klarte ikke lese sikkerhetsnøkkelen.",
+	"webauthn.use_twofa": "Bruk tofaktorkode fra din mobil",
+	"webauthn.press_button": "Vennligst trykk på knappen på sikkerhetsnøkkelen…",
+	"webauthn.sign_in": "Trykk på knappen på sikkerhetsnøkkelen din. Dersom nøkkelen din ikke har en knapp, sett den inn på nytt.",
+	"webauthn.insert_key": "Skriv inn din sikkerhetsnøkkel",
 	"relativetime.1day": "i går",
 	"moderation.abuse_category.other_violations": "Andre regel overtredelser",
 	"moderation.report_remarks": "Kommentar",
diff --git a/options/locale_next/locale_nds.json b/options/locale_next/locale_nds.json
index b148c0efdb..15d3326530 100644
--- a/options/locale_next/locale_nds.json
+++ b/options/locale_next/locale_nds.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "All Dingen in de Slang sünd wegdaan worden.",
+	"admin.monitor.queue.settings.remove_all_items": "All wegdoon",
+	"admin.monitor.queue.settings.changed": "Instellens verneeit",
+	"admin.monitor.queue.settings.submit": "Instellens vernejen",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Hoogste Tahl vun Rieters mutt eene Tahl wesen",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Stedenwies %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Hoogste Tahl vun Rieters",
+	"admin.monitor.queue.settings.description": "Vörraden wassen as nödig, wenn hör Rieters-Slang blockeert.",
+	"admin.monitor.queue.settings.title": "Vörraad-Instellens",
+	"admin.monitor.queue.review_add": "Rieters nakieken / hentofögen",
+	"admin.monitor.queue.numberinqueue": "Tahl in de Slang",
+	"admin.monitor.queue.maxnumberworkers": "Hoogste Tahl vun Rieters",
+	"admin.monitor.queue.activeworkers": "Aktiiv Rieters",
+	"admin.monitor.queue.numberworkers": "Tahl vun Rieters",
+	"admin.monitor.queue.exemplar": "Musteraard",
+	"admin.monitor.queue.type": "Aard",
+	"admin.monitor.queue.name": "Naam",
+	"admin.monitor.queue": "Slang: %s",
+	"admin.monitor.queues": "Slangen",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA utknipst",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA anknipst",
+	"admin.users.list_status_filter.not_prohibit_login": "Anmellen verlöven",
+	"admin.users.list_status_filter.is_prohibit_login": "Anmellen verseggen",
+	"admin.users.list_status_filter.not_restricted": "Unbegrenzt",
+	"admin.users.list_status_filter.is_restricted": "Begrenzt",
+	"admin.users.list_status_filter.not_admin": "Keen Chef",
+	"admin.users.list_status_filter.is_admin": "Chef",
+	"admin.users.list_status_filter.not_active": "Nich aktiiv",
+	"admin.users.list_status_filter.is_active": "Aktiiv",
+	"admin.users.list_status_filter.reset": "Torüggsetten",
+	"admin.users.list_status_filter.menu_text": "Filter",
+	"admin.system_status.gc_times": "GC-Tieden",
+	"admin.system_status.last_gc_pause": "Leste GC-Paus",
+	"admin.system_status.total_gc_pause": "GC-Paus all tosamen",
+	"admin.system_status.last_gc_time": "Tied siet lestem GC",
+	"admin.system_status.next_gc_recycle": "Anner GC-Müllavhalen",
+	"admin.system_status.other_system_allocation_obtained": "Anner Systeemtowiesens erhollen",
+	"admin.system_status.gc_metadata_obtained": "Wiedere Informatioonen för GC erhollen",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Profileren-Emmer-Prüfsummtabell erhollen",
+	"admin.system_status.mcache_structures_obtained": "MCache-Struktuuren erhollen",
+	"admin.system_status.mcache_structures_usage": "MCache-Struktuuren-Bruuk",
+	"admin.system_status.mspan_structures_obtained": "MSpan-Struktuuren erhollen",
+	"admin.system_status.mspan_structures_usage": "MSpan-Struktuuren-Bruuk",
+	"admin.system_status.stack_memory_obtained": "Stapelspieker erhollen",
+	"admin.system_status.bootstrap_stack_usage": "Bootstrap-Stapelbruuk",
+	"admin.system_status.heap_objects": "Hoopobjekten",
+	"admin.system_status.heap_memory_released": "Hoopspieker freeigeven",
+	"admin.system_status.heap_memory_in_use": "Hoopspieker bruukt",
+	"admin.system_status.heap_memory_idle": "Hoopspieker mit nix to doon",
+	"admin.system_status.heap_memory_obtained": "Hoopspieker erhollen",
+	"admin.system_status.current_heap_usage": "Stedenwies Hoopbruuk",
+	"admin.system_status.memory_free_times": "Spieker-Freeigevens",
+	"admin.system_status.memory_allocate_times": "Spieker-Towiesens",
+	"admin.system_status.pointer_lookup_times": "Wieser-Nakiek-Tieden",
+	"admin.system_status.memory_obtained": "Spieker erhollen",
+	"admin.system_status.total_memory_allocated": "Spieker towiesen all tosamen",
+	"admin.system_status.current_memory_usage": "Stedenwies Spiekerbruuk",
+	"admin.system_status.current_goroutine": "Stedenwies Go-Routinen",
+	"admin.system_status.server_uptime": "Server-Bedrievstied",
+	"markup.filepreview.truncated": "Utkiek is ofsneden worden",
+	"markup.filepreview.lines": "Riegen %[1]d bit %[2]d in %[3]s",
+	"markup.filepreview.line": "Rieg %[1]d in %[2]s",
+	"actions.variables.update.success": "De Variaabel is bewarkt worden.",
+	"actions.variables.update.failed": "Kunn Variaabel nich bewarken.",
+	"actions.variables.creation.success": "De Variaabel »%s« is hentoföögt worden.",
+	"actions.variables.creation.failed": "Kunn Variaabel nich hentofögen.",
+	"actions.variables.deletion.success": "De Variaabel is wegdaan worden.",
+	"actions.variables.deletion.failed": "Kunn Variaabel nich wegdoon.",
+	"actions.variables.not_found": "Kunn de Variaabel nich finnen.",
+	"actions.variables.edit": "Variaabel bewarken",
+	"actions.variables.description": "Variaabeln worden an wisse Aktioonen övergeven un könen anners nich lesen worden.",
+	"actions.variables.deletion.description": "Eene Variaabel wegtodoon is för all Tieden un kann nich torüggnohmen worden. Wiedermaken?",
+	"actions.variables.deletion": "Variaabel wegdoon",
+	"actions.variables.none": "Dat gifft noch keene Variaabeln.",
+	"actions.variables.creation": "Variaabel hentofögen",
+	"actions.variables.management": "Variaabeln verwalten",
+	"actions.variables": "Variaabeln",
+	"webauthn.error.timeout": "Tied överweggahn ehr dien Slötel lesen worden kunn. Bidde laad deese Sied neei un versöök dat noch eenmaal.",
+	"webauthn.error.empty": "Du muttst de Slötel eenen Naam geven.",
+	"webauthn.error.duplicated": "De Sekerheids-Slötel is för deese Anfraag nich verlöövt. Bidde wees wiss, dat de Slötel nich al vermarkt is.",
+	"webauthn.error.unable_to_process": "De Server kunn diene Anfraag nich verarbeiden.",
+	"webauthn.error.insecure": "WebAuthn unnerstütt blots seker Verbinnens. Wenn du över HTTP testen willst, kannst du de Quell »localhost« of »127.0.0.1« bruken",
+	"webauthn.error.unknown": "Een unbekannter Fehler is uptreden. Bidde versöök dat noch eenmaal.",
+	"webauthn.unsupported_browser": "Dien Browser unnerstütt stedenwies WebAuthn nich.",
+	"webauthn.error": "Kunn dienen Sekerheids-Slötel nich lesen.",
+	"webauthn.use_twofa": "Bruuk eene Twee-Faktooren-Tahl vun dienem Telefoon",
+	"webauthn.press_button": "Bidde drück de Knoop up dienem Sekerheids-Slötel …",
+	"webauthn.sign_in": "Drück de Knoop up dienem Sekerheids-Slötel. Wenn dien Slötel keenen Knoop hett, steek ’t ut un weer in.",
+	"webauthn.insert_key": "Steek dienen Sekerheids-Slötel in",
 	"counters.n_commits": {
 		"one": "%s Kommitteren",
 		"other": "%s Kommitterens"
diff --git a/options/locale_next/locale_nl-NL.json b/options/locale_next/locale_nl-NL.json
index a413e22cae..dc49ebdccb 100644
--- a/options/locale_next/locale_nl-NL.json
+++ b/options/locale_next/locale_nl-NL.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Alle items in de wachtrij zijn verwijderd.",
+	"admin.monitor.queue.settings.remove_all_items": "Alles verwijderen",
+	"admin.monitor.queue.settings.changed": "Instellingen bijgewerkt",
+	"admin.monitor.queue.settings.submit": "Instellingen bijwerken",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Maximaal aantal workers moet een nummer zijn",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Momenteel %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Maximum aantal workers",
+	"admin.monitor.queue.settings.description": "Pools groeien dynamisch in reactie op het blokkeren van hun wachtrijen.",
+	"admin.monitor.queue.settings.title": "Pool instellingen",
+	"admin.monitor.queue.review_add": "Werkers beoordelen of toevoegen",
+	"admin.monitor.queue.numberinqueue": "Aantal in wachtrij",
+	"admin.monitor.queue.maxnumberworkers": "Maximum aantal werkers",
+	"admin.monitor.queue.activeworkers": "Actieve werkers",
+	"admin.monitor.queue.numberworkers": "Aantal werkers",
+	"admin.monitor.queue.exemplar": "Type voorbeeld",
+	"admin.monitor.queue.type": "Type",
+	"admin.monitor.queue.name": "Naam",
+	"admin.monitor.queue": "Wachtrij: %s",
+	"admin.monitor.queues": "Wachtrijen",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA uitgeschakeld",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA ingeschakeld",
+	"admin.users.list_status_filter.not_prohibit_login": "Inloggen toestaan",
+	"admin.users.list_status_filter.is_prohibit_login": "Inloggen verbieden",
+	"admin.users.list_status_filter.not_restricted": "Niet beperkt",
+	"admin.users.list_status_filter.is_restricted": "Beperkt",
+	"admin.users.list_status_filter.not_admin": "Niet beheerder",
+	"admin.users.list_status_filter.is_admin": "Beheerder",
+	"admin.users.list_status_filter.not_active": "Inactief",
+	"admin.users.list_status_filter.is_active": "Actief",
+	"admin.users.list_status_filter.reset": "Reset",
+	"admin.users.list_status_filter.menu_text": "Filter",
+	"admin.system_status.gc_times": "GC verwerkingen",
+	"admin.system_status.last_gc_pause": "Laatste GC verwerkingstijd",
+	"admin.system_status.total_gc_pause": "Totaal GC verwerkingstijd",
+	"admin.system_status.last_gc_time": "Sinds vorige GC verwerkingstijd",
+	"admin.system_status.next_gc_recycle": "Volgende GC recycle",
+	"admin.system_status.other_system_allocation_obtained": "Andere systeem toewijzing verkregen",
+	"admin.system_status.gc_metadata_obtained": "GC metadada verkregen",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Profilering emmer hashtabel verkregen",
+	"admin.system_status.mcache_structures_obtained": "MCache structuren verkregen",
+	"admin.system_status.mcache_structures_usage": "MCache structuren gebruik",
+	"admin.system_status.mspan_structures_obtained": "MSpan structuren verkregen",
+	"admin.system_status.mspan_structures_usage": "MSpan structuren gebruik",
+	"admin.system_status.stack_memory_obtained": "Stapel geheugen verkregen",
+	"admin.system_status.bootstrap_stack_usage": "Bootstrap Stack gebruik",
+	"admin.system_status.heap_objects": "Heap-objecten",
+	"admin.system_status.heap_memory_released": "Heap geheugen vrijgegeven",
+	"admin.system_status.heap_memory_in_use": "Heap geheugen in gebruik",
+	"admin.system_status.heap_memory_idle": "Heap geheugen inactief",
+	"admin.system_status.heap_memory_obtained": "Heap geheugen verkregen",
+	"admin.system_status.current_heap_usage": "Huidige heap gebruik",
+	"admin.system_status.memory_free_times": "Geheugen vrjigemaakt",
+	"admin.system_status.memory_allocate_times": "Geheugentoewijzingen",
+	"admin.system_status.pointer_lookup_times": "Aanwijzer Lookup keer",
+	"admin.system_status.memory_obtained": "Geheugen gebruikt",
+	"admin.system_status.total_memory_allocated": "Totaal toegewezen geheugen",
+	"admin.system_status.current_memory_usage": "Huidig geheugen gebruik",
+	"admin.system_status.current_goroutine": "Huidige goroutines",
+	"admin.system_status.server_uptime": "Uptime server",
+	"markup.filepreview.truncated": "Voorbeeld is ingekort",
+	"markup.filepreview.lines": "Lijnen %[1]d naar %[2]d in %[3]s",
+	"markup.filepreview.line": "Lijn %[1]d in %[2]s",
+	"actions.variables.update.success": "De variabele is bewerkt.",
+	"actions.variables.update.failed": "Mislukt bij het bewerken van variabele.",
+	"actions.variables.creation.success": "De variabele \"%s\" is toegevoegd.",
+	"actions.variables.creation.failed": "Mislukt om variable toe te voegen.",
+	"actions.variables.deletion.success": "De variabele is verwijderd.",
+	"actions.variables.deletion.failed": "Mislukt om variabele te verwijderen.",
+	"actions.variables.not_found": "De variabele kon niet gevonden worden.",
+	"actions.variables.edit": "Variabele bewerken",
+	"actions.variables.description": "Variabelen worden doorgegeven aan bepaalde acties en kunnen anders niet worden gelezen.",
+	"actions.variables.deletion.description": "Een variabele verwijderen is permanent en kan niet ongedaan worden gemaakt. Doorgaan?",
+	"actions.variables.deletion": "Variabel verwijderen",
+	"actions.variables.none": "Er zijn nog geen variabelen.",
+	"actions.variables.creation": "Variabele toevoegen",
+	"actions.variables.management": "Variabelenbeheer",
+	"actions.variables": "Variabelen",
+	"webauthn.error.timeout": "Time-out bereikt voordat uw sleutel kon worden gelezen. Herlaad deze pagina en probeer het opnieuw.",
+	"webauthn.error.empty": "U moet een naam voor deze sleutel instellen.",
+	"webauthn.error.duplicated": "De beveiligingssleutel is voor dit verzoek niet toegestaan. Controleer alstublieft of de sleutel niet al is geregistreerd.",
+	"webauthn.error.unable_to_process": "De server kon uw verzoek niet verwerken.",
+	"webauthn.error.insecure": "WebAuthn ondersteunt alleen beveiligde verbindingen. Om te testen via HTTP, kan je als systeemnaam \"localhost\" of \"127.0.0.1\" gebruiken",
+	"webauthn.error.unknown": "Er is een onbekende fout opgetreden. Probeer het opnieuw.",
+	"webauthn.unsupported_browser": "Uw browser ondersteunt momenteel geen WebAuthn.",
+	"webauthn.error": "Kon uw beveiligingssleutel niet lezen.",
+	"webauthn.use_twofa": "Gebruik een tweefactor code van uw telefoon",
+	"webauthn.press_button": "Druk alstublieft op de knop van uw beveiligingssleutel…",
+	"webauthn.sign_in": "Druk op de knop van uw beveiligingssleutel. Als uw beveiligingssleutel geen knop heeft, sluit deze dan opnieuw aan.",
+	"webauthn.insert_key": "Sluit uw beveiligingssleutel aan",
 	"counters.n_commits": {
 		"one": "%s commit",
 		"other": "%s commits"
diff --git a/options/locale_next/locale_pl-PL.json b/options/locale_next/locale_pl-PL.json
index 08f6f99c96..41e84196d8 100644
--- a/options/locale_next/locale_pl-PL.json
+++ b/options/locale_next/locale_pl-PL.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Wszystkie elementy w kolejce zostały usunięte.",
+	"admin.monitor.queue.settings.remove_all_items": "Usuń wszystkie",
+	"admin.monitor.queue.settings.changed": "Zaktualizowano ustawienia",
+	"admin.monitor.queue.settings.submit": "Aktualizuj ustawienia",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Maksymalna liczba procesów pracujących musi być liczbą",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Obecnie %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Maksymalna liczba procesów pracujących",
+	"admin.monitor.queue.settings.description": "Pule rosną dynamicznie w odpowiedzi na blokadę kolejki procesów pracujących.",
+	"admin.monitor.queue.settings.title": "Ustawienia puli",
+	"admin.monitor.queue.review_add": "Sprawdź / dodaj procesy pracujące",
+	"admin.monitor.queue.numberinqueue": "Liczba w kolejce",
+	"admin.monitor.queue.maxnumberworkers": "Maksymalna Liczba procesów pracujących",
+	"admin.monitor.queue.activeworkers": "Aktywne procesy pracujące",
+	"admin.monitor.queue.numberworkers": "Liczba procesów pracujących",
+	"admin.monitor.queue.exemplar": "Przykładowy typ",
+	"admin.monitor.queue.type": "Typ",
+	"admin.monitor.queue.name": "Nazwa",
+	"admin.monitor.queue": "Kolejka: %s",
+	"admin.monitor.queues": "Kolejki",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA wyłączone",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA włączone",
+	"admin.users.list_status_filter.not_prohibit_login": "Zezwól na logowanie",
+	"admin.users.list_status_filter.is_prohibit_login": "Zabroń logowania",
+	"admin.users.list_status_filter.not_restricted": "Nie ograniczony",
+	"admin.users.list_status_filter.is_restricted": "Ograniczone",
+	"admin.users.list_status_filter.not_admin": "Nie administrator",
+	"admin.users.list_status_filter.is_admin": "Administrator",
+	"admin.users.list_status_filter.not_active": "Nieaktywne",
+	"admin.users.list_status_filter.is_active": "Aktywne",
+	"admin.users.list_status_filter.reset": "Zresetuj",
+	"admin.users.list_status_filter.menu_text": "Filtr",
+	"admin.system_status.gc_times": "Ilość wywołań GC",
+	"admin.system_status.last_gc_pause": "Ostatnie wstrzymanie przez GC",
+	"admin.system_status.total_gc_pause": "Sumaryczny czas wstrzymania przez GC",
+	"admin.system_status.last_gc_time": "Czas od ostatniego wywołania GC",
+	"admin.system_status.next_gc_recycle": "Następne wywołanie GC",
+	"admin.system_status.other_system_allocation_obtained": "Inne uzyskane alokacje systemowe",
+	"admin.system_status.gc_metadata_obtained": "Ilość metadanych uzyskanych przez GC",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Uzyskana tablica haszująca profilowania",
+	"admin.system_status.mcache_structures_obtained": "Uzyskane struktury MCache",
+	"admin.system_status.mcache_structures_usage": "Użycie struktur MCache",
+	"admin.system_status.mspan_structures_obtained": "Uzyskane struktury MSpan",
+	"admin.system_status.mspan_structures_usage": "Użycie struktur MSpan",
+	"admin.system_status.stack_memory_obtained": "Uzyskana pamięć stosu",
+	"admin.system_status.bootstrap_stack_usage": "Użycie stosu bootstrap",
+	"admin.system_status.heap_objects": "Ilość obiektów na stercie",
+	"admin.system_status.heap_memory_released": "Zwolniona pamięć sterty",
+	"admin.system_status.heap_memory_in_use": "Używana pamięć sterty",
+	"admin.system_status.heap_memory_idle": "Bezczynna pamięć sterty",
+	"admin.system_status.heap_memory_obtained": "Uzyskana pamięć sterty",
+	"admin.system_status.current_heap_usage": "Bieżące użycie sterty",
+	"admin.system_status.memory_free_times": "Zwolnienie pamięci",
+	"admin.system_status.memory_allocate_times": "Alokacje pamięci",
+	"admin.system_status.pointer_lookup_times": "Czas określania wskaźników",
+	"admin.system_status.memory_obtained": "Pamięć uzyskana",
+	"admin.system_status.total_memory_allocated": "Całkowita przydzielona pamięć",
+	"admin.system_status.current_memory_usage": "Bieżące użycie pamięci",
+	"admin.system_status.current_goroutine": "Bieżące goroutines",
+	"admin.system_status.server_uptime": "Czas pracy serwera",
+	"markup.filepreview.truncated": "Podgląd został przycięty",
+	"markup.filepreview.lines": "Linie %[1]d do %[2]d w %[3]s",
+	"markup.filepreview.line": "Linia %[1]d w %[2]s",
+	"actions.variables.update.success": "Zmienna została zmieniona.",
+	"actions.variables.update.failed": "Nie udało się zmienić zmiennej.",
+	"actions.variables.creation.success": "Zmienna \"%s\" została dodana.",
+	"actions.variables.creation.failed": "Nie udało się dodać zmiennej.",
+	"actions.variables.deletion.success": "Zmienna została usunięta.",
+	"actions.variables.deletion.failed": "Nie udało się usunąć zmiennej.",
+	"actions.variables.not_found": "Nie udało się znaleźć zmiennej.",
+	"actions.variables.edit": "Edytuj Zmienną",
+	"actions.variables.description": "Zmienne będą przekazane pewnym akcjom, nie mogą być odczytane inaczej.",
+	"actions.variables.deletion.description": "Usunięcie zmiennej jest permanentne i nie może zostać cofnięte. Kontynuować?",
+	"actions.variables.deletion": "Usuń zmienną",
+	"actions.variables.none": "Nie ma jeszcze zmiennych.",
+	"actions.variables.creation": "Dodaj zmienną",
+	"actions.variables.management": "Zarządzaj zmiennymi",
+	"actions.variables": "Zmienne",
+	"webauthn.error.timeout": "Osiągnięto limit czasu zanim Twój klucz może zostać odczytany. Odśwież stronę i spróbuj ponownie.",
+	"webauthn.error.empty": "Musisz ustawić nazwę dla tego klucza.",
+	"webauthn.error.duplicated": "Klucz bezpieczeństwa nie jest dozwolony dla tego żądania. Upewnij się, że klucz nie jest już zarejestrowany.",
+	"webauthn.error.unable_to_process": "Serwer nie mógł obsłużyć Twojego żądania.",
+	"webauthn.error.insecure": "`WebAuthn obsługuje tylko bezpieczne połączenia. Do testowania przez HTTP można użyć \"localhost\" lub \"127.0.0.1\"`",
+	"webauthn.error.unknown": "Wystąpił nieznany błąd. Spróbuj ponownie.",
+	"webauthn.unsupported_browser": "Twoja przeglądarka nie obsługuje obecnie WebAuthn.",
+	"webauthn.error": "Nie można odczytać Twojego klucza bezpieczeństwa.",
+	"webauthn.use_twofa": "Użyj kodu uwierzytelniania dwuskładnikowego ze swojego telefonu",
+	"webauthn.press_button": "Naciśnij przycisk na swoim kluczu bezpieczeństwa…",
+	"webauthn.sign_in": "Naciśnij przycisk na swoim kluczu bezpieczeństwa. Jeśli go nie posiada, podłącz go ponownie.",
+	"webauthn.insert_key": "Podłącz swój klucz bezpieczeństwa",
 	"counters.n_commits": {
 		"one": "%s commit",
 		"many": "%s commity"
diff --git a/options/locale_next/locale_pt-BR.json b/options/locale_next/locale_pt-BR.json
index d285deaa70..ea5832a8e4 100644
--- a/options/locale_next/locale_pt-BR.json
+++ b/options/locale_next/locale_pt-BR.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Todos os itens da fila foram removidos.",
+	"admin.monitor.queue.settings.remove_all_items": "Remover tudo",
+	"admin.monitor.queue.settings.changed": "Configurações atualizadas",
+	"admin.monitor.queue.settings.submit": "Atualizar configurações",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Número máximo de executores deve ser um número",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Atualmente %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Número máximo de executores",
+	"admin.monitor.queue.settings.description": "Os pools crescem dinamicamente quando as filas de seus workers ficam bloqueadas.",
+	"admin.monitor.queue.settings.title": "Configurações do pool",
+	"admin.monitor.queue.review_add": "Revisar / adicionar workers",
+	"admin.monitor.queue.numberinqueue": "Número na fila",
+	"admin.monitor.queue.maxnumberworkers": "Número máximo de workers",
+	"admin.monitor.queue.activeworkers": "Processos ativos",
+	"admin.monitor.queue.numberworkers": "Número de workers",
+	"admin.monitor.queue.exemplar": "Tipo de modelo",
+	"admin.monitor.queue.type": "Tipo",
+	"admin.monitor.queue.name": "Nome",
+	"admin.monitor.queue": "Fila: %s",
+	"admin.monitor.queues": "Filas",
+	"admin.users.list_status_filter.not_2fa_enabled": "Autenticação em duas etapas desativada",
+	"admin.users.list_status_filter.is_2fa_enabled": "Autenticação de dois fatores ativada",
+	"admin.users.list_status_filter.not_prohibit_login": "Permitir login",
+	"admin.users.list_status_filter.is_prohibit_login": "Proibir login",
+	"admin.users.list_status_filter.not_restricted": "Não restrito",
+	"admin.users.list_status_filter.is_restricted": "Restrito",
+	"admin.users.list_status_filter.not_admin": "Não administrador",
+	"admin.users.list_status_filter.is_admin": "Administrador",
+	"admin.users.list_status_filter.not_active": "Inativo",
+	"admin.users.list_status_filter.is_active": "Ativo",
+	"admin.users.list_status_filter.reset": "Reset",
+	"admin.users.list_status_filter.menu_text": "Filtro",
+	"admin.system_status.gc_times": "Número de execuções do GC",
+	"admin.system_status.last_gc_pause": "Última pausa de GC",
+	"admin.system_status.total_gc_pause": "Pausa total de GC",
+	"admin.system_status.last_gc_time": "Tempo desde última GC",
+	"admin.system_status.next_gc_recycle": "Próxima reciclagem do GC",
+	"admin.system_status.other_system_allocation_obtained": "Outra alocação de sistema obtida",
+	"admin.system_status.gc_metadata_obtained": "Metadados do GC obtidos",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Hash table de profiling bucket obtida",
+	"admin.system_status.mcache_structures_obtained": "Estruturas MCache obtidas",
+	"admin.system_status.mcache_structures_usage": "Uso de estruturas MCache",
+	"admin.system_status.mspan_structures_obtained": "Estruturas MSpan obtidas",
+	"admin.system_status.mspan_structures_usage": "Uso de estruturas MSpan",
+	"admin.system_status.stack_memory_obtained": "Memória de pilha obtida",
+	"admin.system_status.bootstrap_stack_usage": "Uso de pilha bootstrap",
+	"admin.system_status.heap_objects": "Objetos na heap",
+	"admin.system_status.heap_memory_released": "Memória de heap liberada",
+	"admin.system_status.heap_memory_in_use": "Memória de heap em uso",
+	"admin.system_status.heap_memory_idle": "Memória de heap ociosa",
+	"admin.system_status.heap_memory_obtained": "Memória de heap obtida",
+	"admin.system_status.current_heap_usage": "Uso atual da heap",
+	"admin.system_status.memory_free_times": "Liberações de memória",
+	"admin.system_status.memory_allocate_times": "Alocações de memória",
+	"admin.system_status.pointer_lookup_times": "Número de consultas a ponteiros",
+	"admin.system_status.memory_obtained": "Memória obtida",
+	"admin.system_status.total_memory_allocated": "Total de memória alocada",
+	"admin.system_status.current_memory_usage": "Uso de memória atual",
+	"admin.system_status.current_goroutine": "Goroutines atuais",
+	"admin.system_status.server_uptime": "Tempo de atividade do servidor",
+	"markup.filepreview.truncated": "Pré-visualização truncada",
+	"markup.filepreview.lines": "Linhas %[1]d a %[2]d em %[3]s",
+	"markup.filepreview.line": "Linha %[1]d em %[2]s",
+	"actions.variables.update.success": "A variável foi editada.",
+	"actions.variables.update.failed": "Falha ao editar a variável.",
+	"actions.variables.creation.success": "A variável \"%s\" foi adicionada.",
+	"actions.variables.creation.failed": "Falha ao adicionar a variável.",
+	"actions.variables.deletion.success": "A variável foi removida.",
+	"actions.variables.deletion.failed": "Falha ao remover a variável.",
+	"actions.variables.not_found": "Não foi possível encontrar a variável.",
+	"actions.variables.edit": "Editar variável",
+	"actions.variables.description": "As variáveis serão passadas para certas Actions e não poderão ser lidas de outra forma.",
+	"actions.variables.deletion.description": "Apagar uma variável é permanente e não pode ser desfeito. Continuar?",
+	"actions.variables.deletion": "Remover variável",
+	"actions.variables.none": "Ainda não há variáveis.",
+	"actions.variables.creation": "Adicionar variável",
+	"actions.variables.management": "Gerenciar variáveis",
+	"actions.variables": "Variáveis",
+	"webauthn.error.timeout": "Não foi possível ler a sua chave de segurança antes do tempo limite. Atualize a página e tente novamente.",
+	"webauthn.error.empty": "Você deve definir um nome para esta chave.",
+	"webauthn.error.duplicated": "A chave de segurança não é permitida para esta solicitação. Por favor, certifique-se que a chave já não está registrada.",
+	"webauthn.error.unable_to_process": "O servidor não pôde processar sua solicitação.",
+	"webauthn.error.insecure": "WebAuthn suporta apenas conexões seguras. Para testar via HTTP, você pode usar a origem \"localhost\" ou \"127.0.0.1\"",
+	"webauthn.error.unknown": "Ocorreu um erro desconhecido. Tente novamente.",
+	"webauthn.unsupported_browser": "Seu navegador não oferece suporte ao WebAuthn.",
+	"webauthn.error": "Não foi possível ler sua chave de segurança.",
+	"webauthn.use_twofa": "Use um código de duas etapas do seu telefone",
+	"webauthn.press_button": "Pressione o botão na sua chave de segurança…",
+	"webauthn.sign_in": "Pressione o botão na sua chave de segurança. Caso a sua chave de segurança não possuir um botão, insira-a novamente.",
+	"webauthn.insert_key": "Insira sua chave de segurança",
 	"counters.n_commits": {
 		"one": "%s commit",
 		"many": "%s commits",
diff --git a/options/locale_next/locale_pt-PT.json b/options/locale_next/locale_pt-PT.json
index f4d2365fab..9be71cfa06 100644
--- a/options/locale_next/locale_pt-PT.json
+++ b/options/locale_next/locale_pt-PT.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Todos os itens da fila foram removidos.",
+	"admin.monitor.queue.settings.remove_all_items": "Remover tudo",
+	"admin.monitor.queue.settings.changed": "Configurações modificadas",
+	"admin.monitor.queue.settings.submit": "Modificar configurações",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "O número máximo de trabalhadores tem que ser um número",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "De momento %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "N.º máximo de trabalhadores",
+	"admin.monitor.queue.settings.description": "Agregados crescem dinamicamente em resposta aos bloqueios da sua fila de trabalhadores.",
+	"admin.monitor.queue.settings.title": "Configurações do agregado",
+	"admin.monitor.queue.review_add": "Rever / adicionar trabalhadores",
+	"admin.monitor.queue.numberinqueue": "N.º na fila",
+	"admin.monitor.queue.maxnumberworkers": "N.º máximo de trabalhadores",
+	"admin.monitor.queue.activeworkers": "Trabalhadores operantes",
+	"admin.monitor.queue.numberworkers": "N.º de trabalhadores",
+	"admin.monitor.queue.exemplar": "Tipo de exemplar",
+	"admin.monitor.queue.type": "Tipo",
+	"admin.monitor.queue.name": "Nome",
+	"admin.monitor.queue": "Fila: %s",
+	"admin.monitor.queues": "Filas",
+	"admin.users.list_status_filter.not_2fa_enabled": "Autenticação em dois passos desabilitada",
+	"admin.users.list_status_filter.is_2fa_enabled": "Autenticação em dois passos habilitada",
+	"admin.users.list_status_filter.not_prohibit_login": "Permitir início de sessão",
+	"admin.users.list_status_filter.is_prohibit_login": "Proibir início de sessão",
+	"admin.users.list_status_filter.not_restricted": "Não restrito/a",
+	"admin.users.list_status_filter.is_restricted": "Restrito",
+	"admin.users.list_status_filter.not_admin": "Não Administrador",
+	"admin.users.list_status_filter.is_admin": "Administrador",
+	"admin.users.list_status_filter.not_active": "Desligado",
+	"admin.users.list_status_filter.is_active": "Ligado",
+	"admin.users.list_status_filter.reset": "Reiniciar",
+	"admin.users.list_status_filter.menu_text": "Filtro",
+	"admin.system_status.gc_times": "N.º de recolhas de lixo",
+	"admin.system_status.last_gc_pause": "Última pausa da recolha de lixo",
+	"admin.system_status.total_gc_pause": "Pausa total da recolha de lixo",
+	"admin.system_status.last_gc_time": "Tempo decorrido desde a última recolha de lixo",
+	"admin.system_status.next_gc_recycle": "Próxima reciclagem da recolha de lixo",
+	"admin.system_status.other_system_allocation_obtained": "Outras alocações de sistema obtidas",
+	"admin.system_status.gc_metadata_obtained": "Metadados obtidos da recolha de lixo",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Perfil obtido da tabela de hash do balde",
+	"admin.system_status.mcache_structures_obtained": "Estruturas MCache obtidas",
+	"admin.system_status.mcache_structures_usage": "Uso das estruturas MCache",
+	"admin.system_status.mspan_structures_obtained": "Estruturas MSpan obtidas",
+	"admin.system_status.mspan_structures_usage": "Uso das estruturas MSpan",
+	"admin.system_status.stack_memory_obtained": "Memória da pilha obtida",
+	"admin.system_status.bootstrap_stack_usage": "Uso da pilha de arranque",
+	"admin.system_status.heap_objects": "Elementos heap",
+	"admin.system_status.heap_memory_released": "Memória heap libertada",
+	"admin.system_status.heap_memory_in_use": "Memória heap em uso",
+	"admin.system_status.heap_memory_idle": "Memória heap em repouso",
+	"admin.system_status.heap_memory_obtained": "Memória heap obtida",
+	"admin.system_status.current_heap_usage": "Uso corrente da heap",
+	"admin.system_status.memory_free_times": "Libertações de memória",
+	"admin.system_status.memory_allocate_times": "Alocações de memória",
+	"admin.system_status.pointer_lookup_times": "N. º de consultas a ponteiros",
+	"admin.system_status.memory_obtained": "Memória obtida",
+	"admin.system_status.total_memory_allocated": "Total de memória alocada",
+	"admin.system_status.current_memory_usage": "Utilização de memória corrente",
+	"admin.system_status.current_goroutine": "Goroutines em execução",
+	"admin.system_status.server_uptime": "Tempo em funcionamento contínuo do servidor",
+	"markup.filepreview.truncated": "A previsão foi truncada",
+	"markup.filepreview.lines": "Linhas %[1]d até %[2]d em %[3]s",
+	"markup.filepreview.line": "Linha %[1]d em %[2]s",
+	"actions.variables.update.success": "A variável foi editada.",
+	"actions.variables.update.failed": "Falha ao editar a variável.",
+	"actions.variables.creation.success": "A variável \"%s\" foi adicionada.",
+	"actions.variables.creation.failed": "Falha ao adicionar a variável.",
+	"actions.variables.deletion.success": "A variável foi removida.",
+	"actions.variables.deletion.failed": "Falha ao remover a variável.",
+	"actions.variables.not_found": "Não foi possível encontrar a variável.",
+	"actions.variables.edit": "Editar variável",
+	"actions.variables.description": "As variáveis serão transmitidas a certas operações e não poderão ser lidas de outra forma.",
+	"actions.variables.deletion.description": "Remover uma variável é permanente e não pode ser revertido. Quer continuar?",
+	"actions.variables.deletion": "Remover variável",
+	"actions.variables.none": "Ainda não há variáveis.",
+	"actions.variables.creation": "Adicionar variável",
+	"actions.variables.management": "Gerir variáveis",
+	"actions.variables": "Variáveis",
+	"webauthn.error.timeout": "O tempo limite foi atingido antes que a sua chave pudesse ser lida. Recarregue esta página e tente novamente.",
+	"webauthn.error.empty": "Você tem que definir um nome para esta chave.",
+	"webauthn.error.duplicated": "A chave de segurança não é permitida neste pedido. Certifique-se de que a chave não está já registada.",
+	"webauthn.error.unable_to_process": "O servidor não conseguiu processar o seu pedido.",
+	"webauthn.error.insecure": "`WebAuthn apenas suporta conexões seguras. Para testar sobre HTTP, pode usar a origem \"localhost\" ou \"127.0.0.1\"`",
+	"webauthn.error.unknown": "Ocorreu um erro desconhecido. Tente novamente, por favor.",
+	"webauthn.unsupported_browser": "O seu navegador não oferece suporte ao WebAuthn.",
+	"webauthn.error": "Não foi possível ler a sua chave de segurança.",
+	"webauthn.use_twofa": "Usar um código de dois passos do seu telefone",
+	"webauthn.press_button": "Por favor, prima o botão da sua chave de segurança…",
+	"webauthn.sign_in": "Pressione o botão da sua chave de segurança. Se a sua chave de segurança não tiver um botão, insira-a novamente.",
+	"webauthn.insert_key": "Insira a sua chave de segurança",
 	"counters.n_commits": {
 		"one": "%s cometimento",
 		"many": "%s cometimentos",
diff --git a/options/locale_next/locale_ro.json b/options/locale_next/locale_ro.json
index 0f3e8af7ee..6f22c9a600 100644
--- a/options/locale_next/locale_ro.json
+++ b/options/locale_next/locale_ro.json
@@ -1,4 +1,16 @@
 {
+	"webauthn.error.timeout": "Limita de timp a fost depășită înainte ca cheia ta să poată fi citită. Reîncarcă pagina și reîncearcă.",
+	"webauthn.error.empty": "Trebuie să setezi un nume pentru această cheie.",
+	"webauthn.error.duplicated": "Cheia de securitate nu este permisă pentru această cerere. Asigură-te că cheia nu este înregistrată deja.",
+	"webauthn.error.unable_to_process": "Serverul nu a putut procesa cererea.",
+	"webauthn.error.insecure": "WebAuthn funcționează doar prin conexiuni securizate. Pentru a testa folosind HTTP, poți folosi \"localhost\" sau \"127.0.0.1\" ca origine",
+	"webauthn.error.unknown": "O eroare necunoscută a apărut. Te rog reîncearcă.",
+	"webauthn.unsupported_browser": "Browserul tău nu are abilități WebAuthn pe moment.",
+	"webauthn.error": "Cheia de securitate nu a putut fi citită.",
+	"webauthn.use_twofa": "Folosește un cod de verificare de pe telefon",
+	"webauthn.press_button": "Apasă butonul de pe cheia de securitate…",
+	"webauthn.sign_in": "Apasă butonul de pe cheia de securitate. Dacă cheia de securitate nu are un buton, reintrodu-o.",
+	"webauthn.insert_key": "Inserează cheia de securitate",
 	"meta.last_line": " ",
 	"packages.empty": "Momentan nu există pachete."
 }
diff --git a/options/locale_next/locale_ru-RU.json b/options/locale_next/locale_ru-RU.json
index 1eae5ff170..cb55dc14ac 100644
--- a/options/locale_next/locale_ru-RU.json
+++ b/options/locale_next/locale_ru-RU.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Все элементы в очереди были удалены.",
+	"admin.monitor.queue.settings.remove_all_items": "Удалить все",
+	"admin.monitor.queue.settings.changed": "Настройки обновлены",
+	"admin.monitor.queue.settings.submit": "Обновить настройки",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Максимальное количество обработчиков должно быть числом",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "В настоящий момент %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Макс. количество обработчиков",
+	"admin.monitor.queue.settings.description": "Пулы динамически растут в зависимости от блокировки очередей их рабочих.",
+	"admin.monitor.queue.settings.title": "Настройки пула",
+	"admin.monitor.queue.review_add": "Подробности / добавить обработчики",
+	"admin.monitor.queue.numberinqueue": "Позиция в очереди",
+	"admin.monitor.queue.maxnumberworkers": "Макс. количество обработчиков",
+	"admin.monitor.queue.activeworkers": "Активные обработчики",
+	"admin.monitor.queue.numberworkers": "Количество обработчиков",
+	"admin.monitor.queue.exemplar": "Тип образца",
+	"admin.monitor.queue.type": "Тип",
+	"admin.monitor.queue.name": "Имя",
+	"admin.monitor.queue": "Очередь: %s",
+	"admin.monitor.queues": "Очереди",
+	"admin.users.list_status_filter.not_2fa_enabled": "2ФА отключена",
+	"admin.users.list_status_filter.is_2fa_enabled": "2ФА включена",
+	"admin.users.list_status_filter.not_prohibit_login": "Вход разрешён",
+	"admin.users.list_status_filter.is_prohibit_login": "Вход запрещён",
+	"admin.users.list_status_filter.not_restricted": "Не ограниченные",
+	"admin.users.list_status_filter.is_restricted": "Ограниченные",
+	"admin.users.list_status_filter.not_admin": "Не администраторы",
+	"admin.users.list_status_filter.is_admin": "Администраторы",
+	"admin.users.list_status_filter.not_active": "Неактивные",
+	"admin.users.list_status_filter.is_active": "Активные",
+	"admin.users.list_status_filter.reset": "Сбросить",
+	"admin.users.list_status_filter.menu_text": "Фильтр",
+	"admin.system_status.gc_times": "Сборок мусора",
+	"admin.system_status.last_gc_pause": "Последняя пауза сборщика",
+	"admin.system_status.total_gc_pause": "Итоговая задержка сборщика",
+	"admin.system_status.last_gc_time": "Прошло с последнего сбора мусора",
+	"admin.system_status.next_gc_recycle": "Следующее высвобождение сборщиком мусора",
+	"admin.system_status.other_system_allocation_obtained": "Прочие системные выделения памяти",
+	"admin.system_status.gc_metadata_obtained": "Метаданных сборщика мусора создавалось",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Хеш-таблиц получено при профайлинге",
+	"admin.system_status.mcache_structures_obtained": "Получено структур MCache",
+	"admin.system_status.mcache_structures_usage": "Использование структур MCache",
+	"admin.system_status.mspan_structures_obtained": "Структур MSpan выделялось",
+	"admin.system_status.mspan_structures_usage": "Использование структур MSpan",
+	"admin.system_status.stack_memory_obtained": "Стековой памяти выделялось",
+	"admin.system_status.bootstrap_stack_usage": "Использование стека загрузчика",
+	"admin.system_status.heap_objects": "Объектов динамической памяти",
+	"admin.system_status.heap_memory_released": "Освобождено динамической памяти",
+	"admin.system_status.heap_memory_in_use": "Используемая динамическая память",
+	"admin.system_status.heap_memory_idle": "Простаивающая динамическая память",
+	"admin.system_status.heap_memory_obtained": "Получено динамической памяти",
+	"admin.system_status.current_heap_usage": "Текущее использование кучи",
+	"admin.system_status.memory_free_times": "Высвобождений памяти",
+	"admin.system_status.memory_allocate_times": "Выделений памяти",
+	"admin.system_status.pointer_lookup_times": "Поисков указателя",
+	"admin.system_status.memory_obtained": "Получено памяти",
+	"admin.system_status.total_memory_allocated": "Всего памяти выделялось",
+	"admin.system_status.current_memory_usage": "Текущее использование памяти",
+	"admin.system_status.current_goroutine": "Выполняемые goroutines",
+	"admin.system_status.server_uptime": "Время работы",
+	"markup.filepreview.truncated": "Предпросмотр был обрезан",
+	"markup.filepreview.lines": "Строки с %[1]d по %[2]d в %[3]s",
+	"markup.filepreview.line": "Строка %[1]d в %[2]s",
+	"actions.variables.update.success": "Переменная изменена.",
+	"actions.variables.update.failed": "Не удалось изменить переменную.",
+	"actions.variables.creation.success": "Переменная «%s» добавлена.",
+	"actions.variables.creation.failed": "Не удалось добавить переменную.",
+	"actions.variables.deletion.success": "Переменная удалена.",
+	"actions.variables.deletion.failed": "Не удалось удалить переменную.",
+	"actions.variables.not_found": "Не удалось найти переменную.",
+	"actions.variables.edit": "Изменить переменную",
+	"actions.variables.description": "Переменные будут передаваться определенным действиям и не могут быть прочитаны иначе.",
+	"actions.variables.deletion.description": "Удаление переменной необратимо, его нельзя отменить. Продолжить?",
+	"actions.variables.deletion": "Удалить переменную",
+	"actions.variables.none": "Переменных пока нет.",
+	"actions.variables.creation": "Добавить переменную",
+	"actions.variables.management": "Управление переменными",
+	"actions.variables": "Переменные",
+	"webauthn.error.timeout": "Время истекло раньше, чем ключ был прочитан. Перезагрузите эту страницу и повторите попытку.",
+	"webauthn.error.empty": "Необходимо задать имя для этого ключа.",
+	"webauthn.error.duplicated": "Этот токен авторизации не разрешен для выполнения этого запроса. Убедитесь, что токен не был зарегистрирован ранее.",
+	"webauthn.error.unable_to_process": "Сервер не смог обработать ваш запрос.",
+	"webauthn.error.insecure": "WebAuthn поддерживает только безопасные соединения. Для тестирования по HTTP можно использовать \"localhost\" или \"127.0.0.1\"",
+	"webauthn.error.unknown": "Произошла неизвестная ошибка. Повторите попытку.",
+	"webauthn.unsupported_browser": "Ваш браузер в настоящее время не поддерживает WebAuthn.",
+	"webauthn.error": "Не удалось прочитать токен авторизации.",
+	"webauthn.use_twofa": "Используйте двухфакторный код с вашего телефона",
+	"webauthn.press_button": "Подтвердите действие на токене авторизации…",
+	"webauthn.sign_in": "Подтвердите действие на токене авторизации. Если на вашем токене нет кнопки, вставьте его заново.",
+	"webauthn.insert_key": "Вставьте ваш токен авторизации",
 	"counters.n_commits": {
 		"one": "%s коммит",
 		"few": "%s коммита",
diff --git a/options/locale_next/locale_si-LK.json b/options/locale_next/locale_si-LK.json
index b8cb8a863a..2e6decc0e9 100644
--- a/options/locale_next/locale_si-LK.json
+++ b/options/locale_next/locale_si-LK.json
@@ -1,4 +1,57 @@
 {
+	"admin.monitor.queue.settings.changed": "සැකසුම් යාවත්කාල කෙරිණි",
+	"admin.monitor.queue.settings.submit": "සැකසුම් යාවත්කාල කරන්න",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "මැක්ස් කම්කරුවන්ගේ සංඛ්යාව අංකයක් විය යුතුය",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "වත්මන්%[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "මැක්ස් කම්කරුවන් සංඛ්යාව",
+	"admin.monitor.queue.settings.title": "තටාකය සැකසුම්",
+	"admin.monitor.queue.maxnumberworkers": "මැක්ස් කම්කරු සංඛ්යාව",
+	"admin.monitor.queue.numberworkers": "කම්කරුවන් සංඛ්යාව",
+	"admin.monitor.queue.exemplar": "ආදර්ශ වර්ගය",
+	"admin.monitor.queue.type": "වර්ගය",
+	"admin.monitor.queue.name": "නම",
+	"admin.monitor.queue": "පෝලිම: %s",
+	"admin.monitor.queues": "පෝලිම්",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA ආබාධිත",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA සක්රීය",
+	"admin.users.list_status_filter.not_prohibit_login": "ලොගින් වන්න ඉඩ",
+	"admin.users.list_status_filter.is_prohibit_login": "ලොගින් වන්න තහනම්",
+	"admin.users.list_status_filter.not_restricted": "සීමා කර නැත",
+	"admin.users.list_status_filter.is_restricted": "සීමා",
+	"admin.users.list_status_filter.not_admin": "පරිපාලක නොවන",
+	"admin.users.list_status_filter.is_admin": "පරිපාලක",
+	"admin.users.list_status_filter.not_active": "අක්රිය",
+	"admin.users.list_status_filter.is_active": "ක්රියාකාරී",
+	"admin.users.list_status_filter.reset": "යළි සකසන්න",
+	"admin.users.list_status_filter.menu_text": "පෙරහන",
+	"admin.system_status.gc_times": "GC ටයිම්ස්",
+	"admin.system_status.last_gc_pause": "අවසන් GC විරාමය",
+	"admin.system_status.total_gc_pause": "මුළු GC විරාමය",
+	"admin.system_status.last_gc_time": "පසුගිය GC වේලාව",
+	"admin.system_status.next_gc_recycle": "ඊලඟ GC, ප්රතිචක්රීකරණ",
+	"admin.system_status.other_system_allocation_obtained": "ලබා ගත් වෙනත් පද්ධති ප්රතිපාදන",
+	"admin.system_status.gc_metadata_obtained": "ලබාගත් GC පාර-දත්ත",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "ලබා භාජනයට හැෂ් වගුව පැතිකඩ",
+	"admin.system_status.mcache_structures_obtained": "ලබා ගත් මැචේ ව්යුහයන්",
+	"admin.system_status.mcache_structures_usage": "මැචේ ව්යුහයන් භාවිතය",
+	"admin.system_status.mspan_structures_obtained": "ලබා ගත් MsPan ව්යුහයන්",
+	"admin.system_status.mspan_structures_usage": "MsPan ව්යුහයන් භාවිතය",
+	"admin.system_status.stack_memory_obtained": "ලබා මතකය ගොඩගසන්න",
+	"admin.system_status.bootstrap_stack_usage": "Bootstrap Stack භාවිතය",
+	"admin.system_status.heap_objects": "ගොඩක් වස්තු",
+	"admin.system_status.heap_memory_released": "ගොඩක් මතකය නිකුත්",
+	"admin.system_status.heap_memory_in_use": "භාවිතයේ දී ගොඩක් මතකය",
+	"admin.system_status.heap_memory_idle": "ගොඩක් මතකය අලස",
+	"admin.system_status.heap_memory_obtained": "ලබා ගත් ගොඩක් මතකය",
+	"admin.system_status.current_heap_usage": "වත්මන් heap භාවිතය",
+	"admin.system_status.memory_free_times": "මතක නිදහස්",
+	"admin.system_status.memory_allocate_times": "මතක ප්රතිපාදන",
+	"admin.system_status.pointer_lookup_times": "පොයින්ටර් Lookup ටයිම්ස්",
+	"admin.system_status.memory_obtained": "ලබා ගත් මතකය",
+	"admin.system_status.total_memory_allocated": "මුළු මතකය වෙන් කර ඇත",
+	"admin.system_status.current_memory_usage": "වත්මන් මතක භාවිතය",
+	"admin.system_status.current_goroutine": "වත්මන් ගෝර්අවුට්ලයින්",
+	"admin.system_status.server_uptime": "සේවාදායකය යාවත්කාලීන කිරීම",
 	"actions.runners.name": "නම",
 	"actions.runners.owner_type": "වර්ගය",
 	"actions.runners.description": "සවිස්තරය",
diff --git a/options/locale_next/locale_sk-SK.json b/options/locale_next/locale_sk-SK.json
index 4be4418e1a..f7c2c1c5a4 100644
--- a/options/locale_next/locale_sk-SK.json
+++ b/options/locale_next/locale_sk-SK.json
@@ -1,4 +1,16 @@
 {
+	"webauthn.error.timeout": "Vypršal čas na čítanie vašeho kľúča. Znova načítajte túto stránku a skúste to opäť.",
+	"webauthn.error.empty": "Musíte nastaviť meno pre tento kľúč.",
+	"webauthn.error.duplicated": "Bezpečnostný kľúč nie je pre túto požiadavku povolený. Uistite sa, že kľúč ešte nie je zaregistrovaný.",
+	"webauthn.error.unable_to_process": "Server nemohol spracovať vašu požiadavku.",
+	"webauthn.error.insecure": "`WebAuthn podporuje iba bezpečné spojenia. Na testovanie cez HTTP môžete použiť \"localhost\" alebo \"127.0.0.1\"`",
+	"webauthn.error.unknown": "Vyskytla sa neznáma chyba. Skúste to znova.",
+	"webauthn.unsupported_browser": "Váš prehliadač aktuálne nepodporuje WebAuthn.",
+	"webauthn.error": "Nie je možné prečítať váš bezpečnostný kód.",
+	"webauthn.use_twofa": "Použite kód dvojfaktorového overenia z vášho telefónu",
+	"webauthn.press_button": "Stlačte, prosím, tlačidlo na vašom bezpečnostnom kľúči…",
+	"webauthn.sign_in": "Stlačte tlačidlo na vašom bezpečnostnom kľúči. Ak váš kľúč nemá tlačidlo, vyberte a zasunte ho znova.",
+	"webauthn.insert_key": "Zadajte bezpečnostný kľúč",
 	"actions.runners.labels": "Štítky",
 	"gpg.error.no_committer_account": "Žiadny účet nie je prepojený s e-mailovou adresou prispievateľa",
 	"gpg.error.not_signed_commit": "Nie je podpísaný commit",
diff --git a/options/locale_next/locale_sl.json b/options/locale_next/locale_sl.json
index 0fcc19880f..61c89d24fa 100644
--- a/options/locale_next/locale_sl.json
+++ b/options/locale_next/locale_sl.json
@@ -1,4 +1,16 @@
 {
+	"webauthn.error.timeout": "Preden je bilo mogoče prebrati vaš ključ, je bil dosežen časovni rok. Ponovno naložite to stran in poskusite znova.",
+	"webauthn.error.empty": "Za ta ključ morate nastaviti ime.",
+	"webauthn.error.duplicated": "Varnostni ključ za to zahtevo ni dovoljen. Prepričajte se, da ključ še ni registriran.",
+	"webauthn.error.unable_to_process": "Strežnik ni mogel obdelati vaše zahteve.",
+	"webauthn.error.insecure": "WebAuthn podpira samo varne povezave. Za testiranje prek protokola HTTP lahko uporabite izvor \"localhost\" ali \"127.0.0.1\"",
+	"webauthn.error.unknown": "Zgodila se je neznana napaka. Prosimo, poskusite znova.",
+	"webauthn.unsupported_browser": "Vaš brskalnik trenutno ne podpira WebAuthna.",
+	"webauthn.error": "Vašega varnostnega ključa ni bilo mogoče prebrati.",
+	"webauthn.use_twofa": "Uporaba kode z dvema faktorjema iz telefona",
+	"webauthn.press_button": "Pritisnite gumb na varnostnem ključu…",
+	"webauthn.sign_in": "Pritisnite gumb na varnostnem ključu. Če varnostni ključ nima gumba, ga ponovno vstavite.",
+	"webauthn.insert_key": "Vnesite varnostni ključ",
 	"actions.runners.runner_manage_panel": "Upravljanje tekačev",
 	"packages.owner.settings.chef.keypair.description": "Za preverjanje pristnosti v registru Chef je potreben par ključev. Če ste par ključev ustvarili že prej, se pri ustvarjanju novega para ključev stari par ključev zavrže.",
 	"meta.last_line": " "
diff --git a/options/locale_next/locale_sr-SP.json b/options/locale_next/locale_sr-SP.json
index 1ec60d3df7..b4f0454546 100644
--- a/options/locale_next/locale_sr-SP.json
+++ b/options/locale_next/locale_sr-SP.json
@@ -1,4 +1,42 @@
 {
+	"admin.system_status.gc_times": "Времена cакупљању смећа",
+	"admin.system_status.last_gc_pause": "Задња пауза у cакупљању смећа",
+	"admin.system_status.total_gc_pause": "Укупно време cакупљању смећа",
+	"admin.system_status.last_gc_time": "Времена од прошлог cакупљању смећа",
+	"admin.system_status.next_gc_recycle": "Следећа рециклажа cакупљању смећа",
+	"admin.system_status.other_system_allocation_obtained": "Добијено друга системска меморија",
+	"admin.system_status.gc_metadata_obtained": "Добијених метаподатака cакупљању смећа",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Хеш-табела постигнуто за Profiling Bucket",
+	"admin.system_status.mcache_structures_obtained": "Добијено структурa MCache",
+	"admin.system_status.mcache_structures_usage": "Употреба структурa MCache",
+	"admin.system_status.mspan_structures_obtained": "Добијено структуре MSpan",
+	"admin.system_status.mspan_structures_usage": "Употреба структуре MSpan",
+	"admin.system_status.stack_memory_obtained": "Слободно стек меморије",
+	"admin.system_status.bootstrap_stack_usage": "Коришћење стек меморије",
+	"admin.system_status.heap_objects": "Објекти динамичке меморије",
+	"admin.system_status.heap_memory_released": "Ослобођено динамичке меморије",
+	"admin.system_status.heap_memory_in_use": "Динамичка меморија у употреби",
+	"admin.system_status.heap_memory_idle": "Некориштена динамичка меморија",
+	"admin.system_status.heap_memory_obtained": "Слободно динамичке меморије",
+	"admin.system_status.current_heap_usage": "Тренутна употреба динамичке меморије",
+	"admin.system_status.pointer_lookup_times": "Захтева показивача",
+	"admin.system_status.memory_obtained": "Коришћена меморија",
+	"admin.system_status.total_memory_allocated": "Укупно меморије алоцирано",
+	"admin.system_status.current_memory_usage": "Тренутна употреба меморије",
+	"admin.system_status.current_goroutine": "Тренутнe Goroutine",
+	"admin.system_status.server_uptime": "Време непрекидног рада сервера",
+	"webauthn.error.timeout": "Захтев је истекао пре што је очитавање Вашег кључа успео. Молимо Вас да актуализирате ову веб-страницу и покушате поново.",
+	"webauthn.error.empty": "Морате унети име за овај кључ.",
+	"webauthn.error.duplicated": "Сигурносни кључ није дозвољен за овај захтев. Уверите се да кључ није већ регистрован.",
+	"webauthn.error.unable_to_process": "Сервер не може обрадити Ваш захтев.",
+	"webauthn.error.insecure": "\"WebAuthn\" једино подржава сигурне везе. За тестирање путем ХТТП, можете корисити извор \"localhost\" или \"127.0.0.1\"",
+	"webauthn.error.unknown": "Непозната грешка се догодила. Молимо Вас да покушате поново.",
+	"webauthn.unsupported_browser": "Ваш веб-прегледач тренутно не подржава \"WebAuthn\".",
+	"webauthn.error": "Сигурносни кључ се не да исчитати.",
+	"webauthn.use_twofa": "Користите дво-факторски ко̑д са вашег мобитела",
+	"webauthn.press_button": "Молимо притисните дугме на Вашем сигурносном кључу…",
+	"webauthn.sign_in": "Притисните дугме на Вашем сигурносном кључу. Уколико Ваш кључ нема дугме, искључите и поново укључите га.",
+	"webauthn.insert_key": "Прикључите Ваш физички сигурносни кључ",
 	"dropzone.remove_file": "Уклони датотеку",
 	"moderation.abuse_category.malware": "Малвер",
 	"home.welcome.no_activity": "Без активности",
diff --git a/options/locale_next/locale_sv-SE.json b/options/locale_next/locale_sv-SE.json
index 9ed58f488b..953bb8fe44 100644
--- a/options/locale_next/locale_sv-SE.json
+++ b/options/locale_next/locale_sv-SE.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Alla objekt i kön har tagits bort.",
+	"admin.monitor.queue.settings.remove_all_items": "Ta bort alla",
+	"admin.monitor.queue.settings.changed": "Inställningar uppdaterade",
+	"admin.monitor.queue.settings.submit": "Uppdatera inställningar",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Max antal arbetare måste vara ett tal",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "För närvarande %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Max antal arbetare",
+	"admin.monitor.queue.settings.description": "Pooler växer dynamiskt som svar på att deras arbetarkö blockeras.",
+	"admin.monitor.queue.settings.title": "Poolinställningar",
+	"admin.monitor.queue.review_add": "Granska / lägg till arbetare",
+	"admin.monitor.queue.numberinqueue": "Antal i kö",
+	"admin.monitor.queue.maxnumberworkers": "Max antal arbetare",
+	"admin.monitor.queue.activeworkers": "Aktiva arbetare",
+	"admin.monitor.queue.numberworkers": "Antal arbetare",
+	"admin.monitor.queue.exemplar": "Exempeltyp",
+	"admin.monitor.queue.type": "Typ",
+	"admin.monitor.queue.name": "Namn",
+	"admin.monitor.queue": "Kö: %s",
+	"admin.monitor.queues": "Köer",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA inaktiverad",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA aktiverad",
+	"admin.users.list_status_filter.not_prohibit_login": "Tillåt inloggning",
+	"admin.users.list_status_filter.is_prohibit_login": "Förbjud inloggning",
+	"admin.users.list_status_filter.not_restricted": "Ej begränsad",
+	"admin.users.list_status_filter.is_restricted": "Begränsad",
+	"admin.users.list_status_filter.not_admin": "Inte admin",
+	"admin.users.list_status_filter.is_admin": "Administratör",
+	"admin.users.list_status_filter.not_active": "Inaktiv",
+	"admin.users.list_status_filter.is_active": "Aktiv",
+	"admin.users.list_status_filter.reset": "Återställ",
+	"admin.users.list_status_filter.menu_text": "Filter",
+	"admin.system_status.gc_times": "Skräpsamlingstider",
+	"admin.system_status.last_gc_pause": "Senaste paus vid skräpsamling",
+	"admin.system_status.total_gc_pause": "Total tid för pauser vid skräpsamling",
+	"admin.system_status.last_gc_time": "Tidpunkt för senaste skräpsamling",
+	"admin.system_status.next_gc_recycle": "Nästa Skräpsamlarrunda",
+	"admin.system_status.other_system_allocation_obtained": "Övriga Systemallokeringar",
+	"admin.system_status.gc_metadata_obtained": "Metainformation om Skräpsamlaren Ihopsamlad",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Profilering av Bucket Hash Table erhållen",
+	"admin.system_status.mcache_structures_obtained": "MCache-strukturer som erhållits",
+	"admin.system_status.mcache_structures_usage": "MCache strukturanvändning",
+	"admin.system_status.mspan_structures_obtained": "MSpan strukturer som erhållits",
+	"admin.system_status.mspan_structures_usage": "MSpan strukturanvändning",
+	"admin.system_status.stack_memory_obtained": "Stackminne som erhålls",
+	"admin.system_status.bootstrap_stack_usage": "Bootstrap Stack-användning",
+	"admin.system_status.heap_objects": "Heapobjekt",
+	"admin.system_status.heap_memory_released": "Frigjort heap-minne",
+	"admin.system_status.heap_memory_in_use": "Heapminne som används",
+	"admin.system_status.heap_memory_idle": "Heapminne som är inaktivt",
+	"admin.system_status.heap_memory_obtained": "Heapminne som erhållits",
+	"admin.system_status.current_heap_usage": "Nuvarande heapanvändning",
+	"admin.system_status.memory_free_times": "Minnesfrigörelser",
+	"admin.system_status.memory_allocate_times": "Minneallokeringar",
+	"admin.system_status.pointer_lookup_times": "Pekaruppslagstider",
+	"admin.system_status.memory_obtained": "Minnesåtgång",
+	"admin.system_status.total_memory_allocated": "Total minnesanvändning",
+	"admin.system_status.current_memory_usage": "Nuvarande minnesanvändning",
+	"admin.system_status.current_goroutine": "Aktuella gorutiner",
+	"admin.system_status.server_uptime": "Serverns upptid",
+	"markup.filepreview.truncated": "Förhandsgranskningen har avkortats",
+	"markup.filepreview.lines": "Rad %[1]d till %[2]d i %[3]s",
+	"markup.filepreview.line": "Rad %[1]d i %[2]s",
+	"actions.variables.update.success": "Variabeln har redigerats.",
+	"actions.variables.update.failed": "Misslyckades med att redigera variabel.",
+	"actions.variables.creation.success": "Variabeln \"%s\" har lagts till.",
+	"actions.variables.creation.failed": "Misslyckades med att lägga till variabel.",
+	"actions.variables.deletion.success": "Variabeln har tagits bort.",
+	"actions.variables.deletion.failed": "Misslyckades med att ta bort variabel.",
+	"actions.variables.not_found": "Misslyckades med att hitta variabeln.",
+	"actions.variables.edit": "Redigera variabel",
+	"actions.variables.description": "Variabler skickas till vissa actions och kan inte läsas annars.",
+	"actions.variables.deletion.description": "Borttagning av en variabel är permanent och kan inte ångras. Vill du fortsätta?",
+	"actions.variables.deletion": "Ta bort variabel",
+	"actions.variables.none": "Det finns inga variabler ännu.",
+	"actions.variables.creation": "Lägg till variabel",
+	"actions.variables.management": "Hantera variabler",
+	"actions.variables": "Variabler",
+	"webauthn.error.timeout": "Det gick inte att läsa din nyckel innan tidsgränsen nåddes. Läs om denna sida och försök igen.",
+	"webauthn.error.empty": "Du måste ange ett namn för den här nyckeln.",
+	"webauthn.error.duplicated": "Säkerhetsnyckeln är inte tillåten för denna begäran. Se till att nyckeln inte redan är registrerad.",
+	"webauthn.error.unable_to_process": "Servern kunde inte hantera din begäran.",
+	"webauthn.error.insecure": "WebAuthn stöder endast säkra anslutningar. För testning över HTTP kan du använda \"localhost\" eller \"127.0.0.1\"",
+	"webauthn.error.unknown": "Ett okänt fel har inträffat. Vänligen försök igen.",
+	"webauthn.unsupported_browser": "Din webbläsare har ännu inte stöd för WebAuthn.",
+	"webauthn.error": "Det gick inte att läsa din säkerhetsnyckel.",
+	"webauthn.use_twofa": "Använd en tvåfaktorskod från din telefon",
+	"webauthn.press_button": "Vänligen tryck på knappen på din säkerhetsnyckel…",
+	"webauthn.sign_in": "Tryck på knappen på din säkerhetsnyckel. Om din säkerhetsnyckel inte har en knapp, dra ut den och sätt in den igen.",
+	"webauthn.insert_key": "Skriv in din säkerhetsnyckel",
 	"counters.n_commits": {
 		"one": "%s incheckning",
 		"other": "%s incheckningar"
diff --git a/options/locale_next/locale_ta.json b/options/locale_next/locale_ta.json
index a318e08cef..44dd41629c 100644
--- a/options/locale_next/locale_ta.json
+++ b/options/locale_next/locale_ta.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "வரிசையில் இருந்த அனைத்து பொருட்களும் அகற்றப்பட்டன.",
+	"admin.monitor.queue.settings.remove_all_items": "அனைத்தையும் அகற்று",
+	"admin.monitor.queue.settings.changed": "அமைப்புகள் புதுப்பிக்கப்பட்டன",
+	"admin.monitor.queue.settings.submit": "அமைப்புகளைப் புதுப்பிக்கவும்",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "தொழிலாளர்களின் அதிகபட்ச எண்ணிக்கை ஒரு எண்ணாக இருக்க வேண்டும்",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "தற்போது %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "தொழிலாளர்களின் அதிகபட்ச எண்ணிக்கை",
+	"admin.monitor.queue.settings.description": "பணியாளர்களின் வரிசை தடுப்பிற்கு பதிலளிக்கும் வகையில் குளங்கள் மாறும் வகையில் வளரும்.",
+	"admin.monitor.queue.settings.title": "குளம் அமைப்புகள்",
+	"admin.monitor.queue.review_add": "தொழிலாளர்களை மதிப்பாய்வு செய்யவும் / சேர்க்கவும்",
+	"admin.monitor.queue.numberinqueue": "வரிசையில் உள்ள எண்",
+	"admin.monitor.queue.maxnumberworkers": "தொழிலாளர்களின் அதிகபட்ச எண்ணிக்கை",
+	"admin.monitor.queue.activeworkers": "சுறுசுறுப்பான தொழிலாளர்கள்",
+	"admin.monitor.queue.numberworkers": "தொழிலாளர்களின் எண்ணிக்கை",
+	"admin.monitor.queue.exemplar": "முன்மாதிரி வகை",
+	"admin.monitor.queue.type": "வகை",
+	"admin.monitor.queue.name": "பெயர்",
+	"admin.monitor.queue": "வரிசை: %s",
+	"admin.monitor.queues": "வால்கள்",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA முடக்கப்பட்டுள்ளது",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA இயக்கப்பட்டது",
+	"admin.users.list_status_filter.not_prohibit_login": "உள்நுழைவை அனுமதிக்கவும்",
+	"admin.users.list_status_filter.is_prohibit_login": "நுழைவதைத் தடைசெய்க",
+	"admin.users.list_status_filter.not_restricted": "கட்டுப்படுத்தப்படவில்லை",
+	"admin.users.list_status_filter.is_restricted": "கட்டுப்படுத்தப்பட்டது",
+	"admin.users.list_status_filter.not_admin": "நிர்வாகி அல்ல",
+	"admin.users.list_status_filter.is_admin": "நிர்வாகி",
+	"admin.users.list_status_filter.not_active": "செயலற்றது",
+	"admin.users.list_status_filter.is_active": "செயலில்",
+	"admin.users.list_status_filter.reset": "மீட்டமை",
+	"admin.users.list_status_filter.menu_text": "வடிப்பி",
+	"admin.system_status.gc_times": "GC முறை",
+	"admin.system_status.last_gc_pause": "கடைசி GC இடைநிறுத்தம்",
+	"admin.system_status.total_gc_pause": "மொத்த GC இடைநிறுத்தம்",
+	"admin.system_status.last_gc_time": "கடந்த சிசி முதல் நேரம்",
+	"admin.system_status.next_gc_recycle": "அடுத்த GC மறுசுழற்சி",
+	"admin.system_status.other_system_allocation_obtained": "பிற அமைப்பு ஒதுக்கீடு பெறப்பட்டது",
+	"admin.system_status.gc_metadata_obtained": "GC மேனிலை தரவு பெறப்பட்டது",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "விவரக்குறிப்பு பக்கெட் ஆச் அட்டவணை பெறப்பட்டது",
+	"admin.system_status.mcache_structures_obtained": "MCache கட்டமைப்புகள் பெறப்பட்டன",
+	"admin.system_status.mcache_structures_usage": "MCache கட்டமைப்புகளின் பயன்பாடு",
+	"admin.system_status.mspan_structures_obtained": "MSpan கட்டமைப்புகள் பெறப்பட்டன",
+	"admin.system_status.mspan_structures_usage": "MSpan கட்டமைப்புகளின் பயன்பாடு",
+	"admin.system_status.stack_memory_obtained": "அடுக்கு நினைவகம் பெறப்பட்டது",
+	"admin.system_status.bootstrap_stack_usage": "தொடக்கவார் ச்டாக் பயன்பாடு",
+	"admin.system_status.heap_objects": "குவியல் பொருள்கள்",
+	"admin.system_status.heap_memory_released": "குவியல் நினைவகம் வெளியிடப்பட்டது",
+	"admin.system_status.heap_memory_in_use": "குவியல் நினைவகம் பயன்பாட்டில் உள்ளது",
+	"admin.system_status.heap_memory_idle": "குவியல் நினைவகம் செயலற்றது",
+	"admin.system_status.heap_memory_obtained": "குவியல் நினைவகம் கிடைத்தது",
+	"admin.system_status.current_heap_usage": "தற்போதைய குவியல் பயன்பாடு",
+	"admin.system_status.memory_free_times": "நினைவகம் இலவசம்",
+	"admin.system_status.memory_allocate_times": "நினைவக ஒதுக்கீடு",
+	"admin.system_status.pointer_lookup_times": "சுட்டி தேடுதல் நேரங்கள்",
+	"admin.system_status.memory_obtained": "நினைவகம் கிடைத்தது",
+	"admin.system_status.total_memory_allocated": "மொத்த நினைவகம் ஒதுக்கப்பட்டது",
+	"admin.system_status.current_memory_usage": "தற்போதைய நினைவக பயன்பாடு",
+	"admin.system_status.current_goroutine": "தற்போதைய goroutines",
+	"admin.system_status.server_uptime": "சேவையக இயக்க நேரம்",
+	"markup.filepreview.truncated": "முன்னோட்டம் துண்டிக்கப்பட்டது",
+	"markup.filepreview.lines": "%[3]s இல் %[1]d முதல் %[2]d வரையிலான கோடுகள்",
+	"markup.filepreview.line": "%[2]s இல் வரி %[1]d",
+	"actions.variables.update.success": "மாறி திருத்தப்பட்டது.",
+	"actions.variables.update.failed": "மாறியை திருத்த முடியவில்லை.",
+	"actions.variables.creation.success": "\"%s\" மாறி சேர்க்கப்பட்டது.",
+	"actions.variables.creation.failed": "மாறியைச் சேர்ப்பதில் தோல்வி.",
+	"actions.variables.deletion.success": "மாறி நீக்கப்பட்டது.",
+	"actions.variables.deletion.failed": "மாறியை அகற்ற முடியவில்லை.",
+	"actions.variables.not_found": "மாறியைக் கண்டறிய முடியவில்லை.",
+	"actions.variables.edit": "திருத்து மாறி",
+	"actions.variables.description": "சில செயல்களுக்கு மாறிகள் அனுப்பப்படும், இல்லையெனில் படிக்க முடியாது.",
+	"actions.variables.deletion.description": "மாறியை அகற்றுவது நிரந்தரமானது மற்றும் செயல்தவிர்க்க முடியாது. தொடரவா?",
+	"actions.variables.deletion": "மாறியை அகற்று",
+	"actions.variables.none": "இதுவரை மாறிகள் எதுவும் இல்லை.",
+	"actions.variables.creation": "மாறியைச் சேர்க்கவும்",
+	"actions.variables.management": "மாறிகளை நிர்வகிக்கவும்",
+	"actions.variables": "மாறிகள்",
+	"webauthn.error.timeout": "உங்கள் விசையைப் படிக்கும் முன் காலாவதியானது. இந்தப் பக்கத்தை மீண்டும் ஏற்றி மீண்டும் முயற்சிக்கவும்.",
+	"webauthn.error.empty": "இந்த விசைக்கு நீங்கள் ஒரு பெயரை அமைக்க வேண்டும்.",
+	"webauthn.error.duplicated": "இந்தக் கோரிக்கைக்கு பாதுகாப்பு விசை அனுமதிக்கப்படவில்லை. விசை ஏற்கனவே பதிவு செய்யப்படவில்லை என்பதை உறுதிப்படுத்தவும்.",
+	"webauthn.error.unable_to_process": "சேவையகத்தால் உங்கள் கோரிக்கையைச் செயல்படுத்த முடியவில்லை.",
+	"webauthn.error.insecure": "WebAuthn பாதுகாப்பான இணைப்புகளை மட்டுமே ஆதரிக்கிறது. HTTP மூலம் சோதனை செய்ய, நீங்கள் \"localhost\" அல்லது \"127.0.0.1\" மூலத்தைப் பயன்படுத்தலாம்",
+	"webauthn.error.unknown": "அறியப்படாத பிழை ஏற்பட்டது. மீண்டும் முயற்சிக்கவும்.",
+	"webauthn.unsupported_browser": "உங்கள் உலாவி தற்போது WebAuthn ஐ ஆதரிக்கவில்லை.",
+	"webauthn.error": "உங்கள் பாதுகாப்பு விசையைப் படிக்க முடியவில்லை.",
+	"webauthn.use_twofa": "உங்கள் ஃபோனில் இருந்து இரண்டு காரணி குறியீட்டைப் பயன்படுத்தவும்",
+	"webauthn.press_button": "உங்கள் பாதுகாப்பு விசையில் உள்ள பொத்தானை அழுத்தவும்…",
+	"webauthn.sign_in": "உங்கள் பாதுகாப்பு விசையில் உள்ள பொத்தானை அழுத்தவும். உங்கள் பாதுகாப்பு விசையில் பொத்தான் இல்லை என்றால், அதை மீண்டும் செருகவும்.",
+	"webauthn.insert_key": "உங்கள் பாதுகாப்பு விசையைச் செருகவும்",
 	"counters.n_commits": {
 		"one": "%s உறுதி",
 		"other": "%s உறுதியளிக்கிறது"
diff --git a/options/locale_next/locale_th.json b/options/locale_next/locale_th.json
index 01dcb1522a..71d798c512 100644
--- a/options/locale_next/locale_th.json
+++ b/options/locale_next/locale_th.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "ลบรายการทั้งหมดในคิวแล้ว",
+	"admin.monitor.queue.settings.remove_all_items": "ลบทั้งหมด",
+	"admin.monitor.queue.settings.changed": "อัปเดตการตั้งค่าแล้ว",
+	"admin.monitor.queue.settings.submit": "อัปเดตการตั้งค่า",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "จำนวนผู้ปฏิบัติงานสูงสุดต้องเป็นตัวเลข",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "ปัจจุบัน %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "จำนวนผู้ปฏิบัติงานสูงสุด",
+	"admin.monitor.queue.settings.description": "พูลจะขยายตัวแบบไดนามิกเพื่อตอบสนองต่อการบล็อกคิวของผู้ปฏิบัติงาน",
+	"admin.monitor.queue.settings.title": "การตั้งค่าพูล",
+	"admin.monitor.queue.review_add": "ตรวจสอบ / เพิ่มผู้ปฏิบัติงาน",
+	"admin.monitor.queue.numberinqueue": "จำนวนในคิว",
+	"admin.monitor.queue.maxnumberworkers": "จำนวนผู้ปฏิบัติงานสูงสุด",
+	"admin.monitor.queue.activeworkers": "ผู้ปฏิบัติงานที่ใช้งานอยู่",
+	"admin.monitor.queue.numberworkers": "จำนวนผู้ปฏิบัติงาน",
+	"admin.monitor.queue.exemplar": "ประเภทตัวอย่าง",
+	"admin.monitor.queue.type": "ประเภท",
+	"admin.monitor.queue.name": "ชื่อ",
+	"admin.monitor.queue": "คิว: %s",
+	"admin.monitor.queues": "คิว",
+	"admin.users.list_status_filter.not_2fa_enabled": "ปิดใช้งาน 2FA",
+	"admin.users.list_status_filter.is_2fa_enabled": "เปิดใช้งาน 2FA",
+	"admin.users.list_status_filter.not_prohibit_login": "อนุญาตให้เข้าสู่ระบบ",
+	"admin.users.list_status_filter.is_prohibit_login": "ห้ามเข้าสู่ระบบ",
+	"admin.users.list_status_filter.not_restricted": "ไม่จำกัด",
+	"admin.users.list_status_filter.is_restricted": "จำกัด",
+	"admin.users.list_status_filter.not_admin": "ไม่ใช่ผู้ดูแลระบบ",
+	"admin.users.list_status_filter.is_admin": "ผู้ดูแลระบบ",
+	"admin.users.list_status_filter.not_active": "ไม่ใช้งาน",
+	"admin.users.list_status_filter.is_active": "ใช้งาน",
+	"admin.users.list_status_filter.reset": "รีเซ็ต",
+	"admin.users.list_status_filter.menu_text": "ตัวกรอง",
+	"admin.system_status.gc_times": "เวลา GC",
+	"admin.system_status.last_gc_pause": "การหยุด GC ครั้งล่าสุด",
+	"admin.system_status.total_gc_pause": "การหยุด GC ทั้งหมด",
+	"admin.system_status.last_gc_time": "เวลาตั้งแต่ GC ครั้งล่าสุด",
+	"admin.system_status.next_gc_recycle": "การรีไซเคิล GC ถัดไป",
+	"admin.system_status.other_system_allocation_obtained": "การจัดสรรระบบอื่น ๆ ที่ได้รับ",
+	"admin.system_status.gc_metadata_obtained": "ข้อมูลเมตา GC ที่ได้รับ",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "ตารางแฮชบัคเก็ตการทำโปรไฟล์ที่ได้รับ",
+	"admin.system_status.mcache_structures_obtained": "โครงสร้าง MCache ที่ได้รับ",
+	"admin.system_status.mcache_structures_usage": "การใช้โครงสร้าง MCache",
+	"admin.system_status.mspan_structures_obtained": "โครงสร้าง MSpan ที่ได้รับ",
+	"admin.system_status.mspan_structures_usage": "การใช้โครงสร้าง MSpan",
+	"admin.system_status.stack_memory_obtained": "หน่วยความจำสแต็กที่ได้รับ",
+	"admin.system_status.bootstrap_stack_usage": "การใช้สแต็ก Bootstrap",
+	"admin.system_status.heap_objects": "อ็อบเจกต์ฮีป",
+	"admin.system_status.heap_memory_released": "หน่วยความจำฮีปที่ปล่อยแล้ว",
+	"admin.system_status.heap_memory_in_use": "หน่วยความจำฮีปที่ใช้งานอยู่",
+	"admin.system_status.heap_memory_idle": "หน่วยความจำฮีปที่ไม่ได้ใช้งาน",
+	"admin.system_status.heap_memory_obtained": "หน่วยความจำฮีปที่ได้รับ",
+	"admin.system_status.current_heap_usage": "การใช้ฮีปปัจจุบัน",
+	"admin.system_status.memory_free_times": "การปล่อยหน่วยความจำ",
+	"admin.system_status.memory_allocate_times": "การจัดสรรหน่วยความจำ",
+	"admin.system_status.pointer_lookup_times": "เวลาค้นหาพอยน์เตอร์",
+	"admin.system_status.memory_obtained": "หน่วยความจำที่ได้รับ",
+	"admin.system_status.total_memory_allocated": "หน่วยความจำที่จัดสรรทั้งหมด",
+	"admin.system_status.current_memory_usage": "การใช้หน่วยความจำปัจจุบัน",
+	"admin.system_status.current_goroutine": "Goroutine ปัจจุบัน",
+	"admin.system_status.server_uptime": "เวลาทำงานของเซิร์ฟเวอร์",
+	"markup.filepreview.truncated": "ตัวอย่างถูกตัดทอน",
+	"markup.filepreview.lines": "บรรทัดที่ %[1]d ถึง %[2]d ใน %[3]s",
+	"markup.filepreview.line": "บรรทัดที่ %[1]d ใน %[2]s",
+	"actions.variables.update.success": "แก้ไขตัวแปรแล้ว",
+	"actions.variables.update.failed": "ไม่สามารถแก้ไขตัวแปรได้",
+	"actions.variables.creation.success": "เพิ่มตัวแปร \"%s\" แล้ว",
+	"actions.variables.creation.failed": "ไม่สามารถเพิ่มตัวแปรได้",
+	"actions.variables.deletion.success": "ลบตัวแปรแล้ว",
+	"actions.variables.deletion.failed": "ไม่สามารถลบตัวแปรได้",
+	"actions.variables.not_found": "ไม่พบตัวแปร",
+	"actions.variables.edit": "แก้ไขตัวแปร",
+	"actions.variables.description": "ตัวแปรจะถูกส่งต่อไปยังการดำเนินการบางอย่างและไม่สามารถอ่านได้",
+	"actions.variables.deletion.description": "การลบตัวแปรเป็นการกระทำถาวรและไม่สามารถยกเลิกได้ ดำเนินการต่อหรือไม่?",
+	"actions.variables.deletion": "ลบตัวแปร",
+	"actions.variables.none": "ยังไม่มีตัวแปร",
+	"actions.variables.creation": "เพิ่มตัวแปร",
+	"actions.variables.management": "จัดการตัวแปร",
+	"actions.variables": "ตัวแปร",
+	"webauthn.error.timeout": "หมดเวลาก่อนที่จะอ่านคีย์ของคุณได้ กรุณาโหลดหน้านี้ใหม่แล้วลองอีกครั้ง",
+	"webauthn.error.empty": "คุณต้องตั้งชื่อสำหรับคีย์นี้",
+	"webauthn.error.duplicated": "ไม่อนุญาตให้ใช้คีย์ความปลอดภัยสำหรับคำขอนี้ โปรดตรวจสอบให้แน่ใจว่าคีย์ยังไม่ได้ลงทะเบียน",
+	"webauthn.error.unable_to_process": "เซิร์ฟเวอร์ไม่สามารถประมวลผลคำขอของคุณได้",
+	"webauthn.error.insecure": "WebAuthn รองรับเฉพาะการเชื่อมต่อที่ปลอดภัยเท่านั้น สำหรับการทดสอบผ่าน HTTP คุณสามารถใช้ต้นทาง \"localhost\" หรือ \"127.0.0.1\"",
+	"webauthn.error.unknown": "เกิดข้อผิดพลาดที่ไม่รู้จัก กรุณาลองใหม่อีกครั้ง",
+	"webauthn.unsupported_browser": "เบราว์เซอร์ของคุณไม่รองรับ WebAuthn ในขณะนี้",
+	"webauthn.error": "ไม่สามารถอ่านคีย์ความปลอดภัยของคุณได้",
+	"webauthn.use_twofa": "ใช้รหัสสองปัจจัยจากโทรศัพท์ของคุณ",
+	"webauthn.press_button": "กรุณากดปุ่มบนคีย์ความปลอดภัยของคุณ…",
+	"webauthn.sign_in": "กดปุ่มบนคีย์ความปลอดภัยของคุณ หากคีย์ความปลอดภัยของคุณไม่มีปุ่ม ให้เสียบใหม่อีกครั้ง",
+	"webauthn.insert_key": "โปรดเสียบคีย์ความปลอดภัยของคุณ",
 	"counters.n_commits": {
 		"one": "%s คอมมิต",
 		"other": "%s คอมมิต"
diff --git a/options/locale_next/locale_tr-TR.json b/options/locale_next/locale_tr-TR.json
index 086237d764..5528274be5 100644
--- a/options/locale_next/locale_tr-TR.json
+++ b/options/locale_next/locale_tr-TR.json
@@ -1,4 +1,89 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Kuyruktaki tüm öğeler kaldırıldı.",
+	"admin.monitor.queue.settings.remove_all_items": "Tümünü kaldır",
+	"admin.monitor.queue.settings.changed": "Ayarlar güncellendi",
+	"admin.monitor.queue.settings.submit": "Ayarları Güncelle",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "En fazla çalışan sayısı bir sayı olmalıdır",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Şu anda %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "En fazla çalışan Sayısı",
+	"admin.monitor.queue.settings.description": "Havuzlar, çalışan kuyruğu tıkanmasına bir yanıt olarak dinamik olarak büyürler.",
+	"admin.monitor.queue.settings.title": "Havuz Ayarları",
+	"admin.monitor.queue.review_add": "Çalışanları İncele / Ekle",
+	"admin.monitor.queue.numberinqueue": "Kuyruktaki Sayı",
+	"admin.monitor.queue.maxnumberworkers": "En Fazla Çalışan Sayısı",
+	"admin.monitor.queue.activeworkers": "Etkin Çalışanlar",
+	"admin.monitor.queue.numberworkers": "Çalışan Sayısı",
+	"admin.monitor.queue.exemplar": "Örnek Türü",
+	"admin.monitor.queue.type": "Tür",
+	"admin.monitor.queue.name": "İsim",
+	"admin.monitor.queue": "Kuyruk: %s",
+	"admin.monitor.queues": "Kuyruklar",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA Devre Dışı",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA Etkin",
+	"admin.users.list_status_filter.not_prohibit_login": "Oturum Açmaya İzin Ver",
+	"admin.users.list_status_filter.is_prohibit_login": "Oturum Açmayı Önle",
+	"admin.users.list_status_filter.not_restricted": "Kısıtlanmamış",
+	"admin.users.list_status_filter.is_restricted": "Kısıtlanmış",
+	"admin.users.list_status_filter.not_admin": "Yönetici Değil",
+	"admin.users.list_status_filter.is_admin": "Yönetici",
+	"admin.users.list_status_filter.not_active": "Etkin değil",
+	"admin.users.list_status_filter.is_active": "Etkin",
+	"admin.users.list_status_filter.reset": "Sıfırla",
+	"admin.users.list_status_filter.menu_text": "Filtre",
+	"admin.system_status.gc_times": "GC Zamanları",
+	"admin.system_status.last_gc_pause": "Son GC Durması",
+	"admin.system_status.total_gc_pause": "Toplam GC Durması",
+	"admin.system_status.last_gc_time": "Son GC Zamanından Beri",
+	"admin.system_status.next_gc_recycle": "Sonraki GC Döngüsü",
+	"admin.system_status.other_system_allocation_obtained": "Elde Edilen Diğer Sistem Ayırmaları",
+	"admin.system_status.gc_metadata_obtained": "Elde Edilen GC Metadata",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Elde Edilen Bucket Hash Tablosu Profilleme",
+	"admin.system_status.mcache_structures_obtained": "Elde Edilen MCache Yapıları",
+	"admin.system_status.mcache_structures_usage": "Kullanılan MCache Yapıları",
+	"admin.system_status.mspan_structures_obtained": "Elde Edilen MSpan Yapıları",
+	"admin.system_status.mspan_structures_usage": "Kullanımdaki MSpan Yapıları",
+	"admin.system_status.stack_memory_obtained": "Elde Edilen Yığın Belleği",
+	"admin.system_status.bootstrap_stack_usage": "İlk Yığın Kullanımı",
+	"admin.system_status.heap_objects": "Yığın Nesneleri",
+	"admin.system_status.heap_memory_released": "Serbest Bırakılmış Yığın Belleği",
+	"admin.system_status.heap_memory_in_use": "Kullanımdaki Yığın Belleği",
+	"admin.system_status.heap_memory_idle": "Boştaki Yığın Belleği",
+	"admin.system_status.heap_memory_obtained": "Elde Edilen Yığın Belleği",
+	"admin.system_status.current_heap_usage": "Güncel Yığın Kullanımı",
+	"admin.system_status.memory_free_times": "Bellek Boşaltmaları",
+	"admin.system_status.memory_allocate_times": "Bellek Ayırmaları",
+	"admin.system_status.pointer_lookup_times": "İşaret Arama Zamanları",
+	"admin.system_status.memory_obtained": "Elde Edilen Bellek",
+	"admin.system_status.total_memory_allocated": "Bellekte Ayrılan Toplam Yer",
+	"admin.system_status.current_memory_usage": "Güncel Bellek Kullanımı",
+	"admin.system_status.current_goroutine": "Güncel Goroutine'ler",
+	"admin.system_status.server_uptime": "Sunucunun Ayakta Kalma Süresi",
+	"actions.variables.update.success": "Değişken düzenlendi.",
+	"actions.variables.update.failed": "Değişken düzenlenemedi.",
+	"actions.variables.creation.success": "`\"%s\" değişkeni eklendi.`",
+	"actions.variables.creation.failed": "Değişken eklenemedi.",
+	"actions.variables.deletion.success": "Değişken kaldırıldı.",
+	"actions.variables.deletion.failed": "Değişken kaldırılamadı.",
+	"actions.variables.edit": "Değişkeni Düzenle",
+	"actions.variables.description": "Değişkenler belirli işlemlere aktarılacaktır, bunun dışında okunamaz.",
+	"actions.variables.deletion.description": "Bir değişkeni kaldırma kalıcıdır ve geri alınamaz. Devam edilsin mi?",
+	"actions.variables.deletion": "Değişkeni kaldır",
+	"actions.variables.none": "Henüz hiçbir değişken yok.",
+	"actions.variables.creation": "Değişken ekle",
+	"actions.variables.management": "Değişken Yönetimi",
+	"actions.variables": "Değişkenler",
+	"webauthn.error.timeout": "Anahtarınız okunamadan zaman aşımı oldu. Lütfen sayfayı yenileyin ve tekrar deneyin.",
+	"webauthn.error.empty": "Bu anahtar için bir isim belirlemelisiniz.",
+	"webauthn.error.duplicated": "Güvenlik anahtarının bu istek için izni yok. Anahtarın halihazırda kayıtlı olmadığından emin olun.",
+	"webauthn.error.unable_to_process": "Sunucu isteğinizi işleyemedi.",
+	"webauthn.error.insecure": "WebAuthn sadece güvenli bağlantıyı destekler. HTTP üzerinden test etmek için \"localhost\" veya \"127.0.0.1\" adreslerini kullanabilirsiniz.",
+	"webauthn.error.unknown": "Bilinmeyen bir hata oluştu. Lütfen tekrar deneyin.",
+	"webauthn.unsupported_browser": "Tarayıcınız henüz WebAuthn desteklemiyor.",
+	"webauthn.error": "Güvenlik anahtarınız okunamıyor.",
+	"webauthn.use_twofa": "Telefonunuzdan iki aşamalı doğrulama kodu kullanın",
+	"webauthn.press_button": "Lütfen güvenlik anahtarınızdaki düğmeye basın…",
+	"webauthn.sign_in": "Güvenlik anahtarınızdaki düğmeye basın. Eğer düğme yoksa güvenlik anahtarınızı tekrar ekleyin.",
+	"webauthn.insert_key": "Güvenlik anahtarınızı ekleyin",
 	"counters.n_commits": {
 		"one": "%s değişiklik(commit)",
 		"other": "%s değişiklikler(commits)"
diff --git a/options/locale_next/locale_uk-UA.json b/options/locale_next/locale_uk-UA.json
index 343490ec2e..9913d47281 100644
--- a/options/locale_next/locale_uk-UA.json
+++ b/options/locale_next/locale_uk-UA.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "Усі елементи в черзі видалено.",
+	"admin.monitor.queue.settings.remove_all_items": "Видалити всі",
+	"admin.monitor.queue.settings.changed": "Налаштування оновлено",
+	"admin.monitor.queue.settings.submit": "Оновити налаштування",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "Максимальна кількість обробників має бути числом",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "Поточний %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "Максимальна кількість обробників",
+	"admin.monitor.queue.settings.description": "Пули динамічно зростають у відповідь на блокування черг їхніх обробників.",
+	"admin.monitor.queue.settings.title": "Налаштування пулу",
+	"admin.monitor.queue.review_add": "Переглянути / додати обробники",
+	"admin.monitor.queue.numberinqueue": "Номер у черзі",
+	"admin.monitor.queue.maxnumberworkers": "Максимальна кількість обробників",
+	"admin.monitor.queue.activeworkers": "Активні обробники",
+	"admin.monitor.queue.numberworkers": "Кількість обробників",
+	"admin.monitor.queue.exemplar": "Приклад типу",
+	"admin.monitor.queue.type": "Тип",
+	"admin.monitor.queue.name": "Назва",
+	"admin.monitor.queue": "Черга: %s",
+	"admin.monitor.queues": "Черги",
+	"admin.users.list_status_filter.not_2fa_enabled": "2FA вимкнено",
+	"admin.users.list_status_filter.is_2fa_enabled": "2FA увімкнено",
+	"admin.users.list_status_filter.not_prohibit_login": "Вхід дозволено",
+	"admin.users.list_status_filter.is_prohibit_login": "Вхід заборонено",
+	"admin.users.list_status_filter.not_restricted": "Без обмежень",
+	"admin.users.list_status_filter.is_restricted": "З обмеженнями",
+	"admin.users.list_status_filter.not_admin": "Не адміністратор",
+	"admin.users.list_status_filter.is_admin": "Адміністратор",
+	"admin.users.list_status_filter.not_active": "Неактивні",
+	"admin.users.list_status_filter.is_active": "Активні",
+	"admin.users.list_status_filter.reset": "Скинути",
+	"admin.users.list_status_filter.menu_text": "Фільтр",
+	"admin.system_status.gc_times": "Кількість запусків збирача сміття",
+	"admin.system_status.last_gc_pause": "Остання пауза збирача сміття",
+	"admin.system_status.total_gc_pause": "Загальна пауза збирача сміття",
+	"admin.system_status.last_gc_time": "З останнього запуску збирача сміття",
+	"admin.system_status.next_gc_recycle": "Наступний цикл збирача сміття",
+	"admin.system_status.other_system_allocation_obtained": "Отримано інших виділень пам’яті",
+	"admin.system_status.gc_metadata_obtained": "Отримано метаданих збирача сміття",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "Отримано хеш-таблиць профілювання",
+	"admin.system_status.mcache_structures_obtained": "Отримано структур MCache",
+	"admin.system_status.mcache_structures_usage": "Використання структур MCache",
+	"admin.system_status.mspan_structures_obtained": "Отримано структур MSpan",
+	"admin.system_status.mspan_structures_usage": "Використання структур MSpan",
+	"admin.system_status.stack_memory_obtained": "Отримано пам’яті стеком",
+	"admin.system_status.bootstrap_stack_usage": "Використання стеку bootstrap",
+	"admin.system_status.heap_objects": "Об’єктів динамічної пам’яті",
+	"admin.system_status.heap_memory_released": "Звільнено динамічної пам’яті",
+	"admin.system_status.heap_memory_in_use": "Динамічної пам’яті використовується",
+	"admin.system_status.heap_memory_idle": "Динамічної пам’яті простоює",
+	"admin.system_status.heap_memory_obtained": "Отримано динамічної пам’яті",
+	"admin.system_status.current_heap_usage": "Поточне використання динамічної пам’яті",
+	"admin.system_status.memory_free_times": "Звільнень пам’яті",
+	"admin.system_status.memory_allocate_times": "Виділень пам’яті",
+	"admin.system_status.pointer_lookup_times": "Пошуків вказівника",
+	"admin.system_status.memory_obtained": "Отримано пам’яті",
+	"admin.system_status.total_memory_allocated": "Виділено пам’яті загалом",
+	"admin.system_status.current_memory_usage": "Поточне використання пам’яті",
+	"admin.system_status.current_goroutine": "Поточна кількість goroutines",
+	"admin.system_status.server_uptime": "Час роботи сервера",
+	"markup.filepreview.truncated": "Перегляд було урізано",
+	"markup.filepreview.lines": "Рядки з %[1]d по %[2]d в %[3]s",
+	"markup.filepreview.line": "Рядок %[1]d в %[2]s",
+	"actions.variables.update.success": "Змінну змінено.",
+	"actions.variables.update.failed": "Не вдалося змінити змінну.",
+	"actions.variables.creation.success": "Змінну «%s» додано.",
+	"actions.variables.creation.failed": "Не вдалося додати змінну.",
+	"actions.variables.deletion.success": "Змінну видалено.",
+	"actions.variables.deletion.failed": "Не вдалося видалити змінну.",
+	"actions.variables.not_found": "Не вдалося знайти змінну.",
+	"actions.variables.edit": "Редагувати змінну",
+	"actions.variables.description": "Змінні передаються певним діям і не можуть бути прочитані інакше.",
+	"actions.variables.deletion.description": "Видалення змінної є остаточним і його неможливо скасувати. Продовжити?",
+	"actions.variables.deletion": "Видалити змінну",
+	"actions.variables.none": "Змінних ще немає.",
+	"actions.variables.creation": "Додати змінну",
+	"actions.variables.management": "Керування змінними",
+	"actions.variables": "Змінні",
+	"webauthn.error.timeout": "Ключ не встиг зчитатись протягом відведеного терміну. Будь ласка, перезавантажте сторінку й повторіть спробу.",
+	"webauthn.error.empty": "Ключ слід якось назвати.",
+	"webauthn.error.duplicated": "Запит із наданим ключем безпеки відхилено. Впевніться, що цей ключ не є вже зареєстрованим.",
+	"webauthn.error.unable_to_process": "Сервер не зміг обробити запит.",
+	"webauthn.error.insecure": "WebAuthn підтримує лише захищені з’єднання. Для тестування через HTTP можете використати origin-рядок «localhost» чи «127.0.0.1»",
+	"webauthn.error.unknown": "Сталася невідома помилка. Будь ласка, повторіть спробу.",
+	"webauthn.unsupported_browser": "Ваш браузер наразі не підтримує WebAuthn.",
+	"webauthn.error": "Не вдалося розпізнати ключ безпеки.",
+	"webauthn.use_twofa": "Введіть код підтвердження з телефону",
+	"webauthn.press_button": "Натисніть кнопку на ключі безпеки…",
+	"webauthn.sign_in": "Натисніть кнопку на ключі безпеки. Якщо ключ безпеки не має кнопки, від’єднайте його і під’єднайте ще раз.",
+	"webauthn.insert_key": "Під’єднайте ключ безпеки",
 	"counters.n_commits": {
 		"one": "%s коміт",
 		"few": "%s коміти",
diff --git a/options/locale_next/locale_vi.json b/options/locale_next/locale_vi.json
index 79148e1fee..28b84ca6ec 100644
--- a/options/locale_next/locale_vi.json
+++ b/options/locale_next/locale_vi.json
@@ -1,4 +1,16 @@
 {
+	"webauthn.error.timeout": "Hết thời gian đọc khóa mất rồi. Hãy tải lại trang và thử lại.",
+	"webauthn.error.empty": "Bạn phải đặt tên cho khóa này.",
+	"webauthn.error.duplicated": "Khóa bảo mật không được phép cho yêu cầu này. Vui lòng đảm bảo rằng khóa chưa được đăng ký trước đó.",
+	"webauthn.error.unable_to_process": "Máy chủ không thể xử lý yêu cầu của bạn.",
+	"webauthn.error.insecure": "WebAuthn chỉ hỗ trợ kết nối mã hóa. Nếu đang thử nghiệm, bạn có thể dùng \"localhost\" hoặc \"127.0.0.1\"",
+	"webauthn.error.unknown": "Có lỗi xảy ra. Vui lòng thử lại.",
+	"webauthn.unsupported_browser": "Trình duyệt của bạn hiện không hỗ trợ WebAuthn.",
+	"webauthn.error": "Không thể đọc khóa bảo mật của bạn.",
+	"webauthn.use_twofa": "Dùng mã xác thực hai lớp ở trên điện thoại",
+	"webauthn.press_button": "Hãy nhấn nút trên khóa bảo mật…",
+	"webauthn.sign_in": "Nhấn nút trên khóa bảo mật, nếu không có nút thì bạn hãy rút ra rồi cắm lại.",
+	"webauthn.insert_key": "Cắm khóa bảo mật của bạn vào",
 	"counters.n_branches": {
 		"one": "%s nhánh",
 		"other": "%s nhánh"
diff --git a/options/locale_next/locale_zh-CN.json b/options/locale_next/locale_zh-CN.json
index 2f5cce7bb0..bd7fbcf3d2 100644
--- a/options/locale_next/locale_zh-CN.json
+++ b/options/locale_next/locale_zh-CN.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "队列中的所有项目已被移除。",
+	"admin.monitor.queue.settings.remove_all_items": "移除全部",
+	"admin.monitor.queue.settings.changed": "设置已更新",
+	"admin.monitor.queue.settings.submit": "更新设置",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "最大工作者数必须是数字",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "当前%[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "最大工作者数量",
+	"admin.monitor.queue.settings.description": "因为工作者队列阻塞，池正在动态扩展。",
+	"admin.monitor.queue.settings.title": "池设置",
+	"admin.monitor.queue.review_add": "审查/添加worker",
+	"admin.monitor.queue.numberinqueue": "队列中的数量",
+	"admin.monitor.queue.maxnumberworkers": "最大worker数量",
+	"admin.monitor.queue.activeworkers": "活跃worker",
+	"admin.monitor.queue.numberworkers": "worker数量",
+	"admin.monitor.queue.exemplar": "数据类型",
+	"admin.monitor.queue.type": "类型",
+	"admin.monitor.queue.name": "名称",
+	"admin.monitor.queue": "队列：%s",
+	"admin.monitor.queues": "队列",
+	"admin.users.list_status_filter.not_2fa_enabled": "未启用2FA",
+	"admin.users.list_status_filter.is_2fa_enabled": "已启用2FA",
+	"admin.users.list_status_filter.not_prohibit_login": "允许登录",
+	"admin.users.list_status_filter.is_prohibit_login": "禁止登录",
+	"admin.users.list_status_filter.not_restricted": "不受限",
+	"admin.users.list_status_filter.is_restricted": "受限",
+	"admin.users.list_status_filter.not_admin": "非管理员",
+	"admin.users.list_status_filter.is_admin": "管理员",
+	"admin.users.list_status_filter.not_active": "未激活",
+	"admin.users.list_status_filter.is_active": "已激活",
+	"admin.users.list_status_filter.reset": "重置",
+	"admin.users.list_status_filter.menu_text": "过滤",
+	"admin.system_status.gc_times": "GC执行次数",
+	"admin.system_status.last_gc_pause": "上次GC暂停时间",
+	"admin.system_status.total_gc_pause": "GC暂停时间总量",
+	"admin.system_status.last_gc_time": "距离上次GC时间",
+	"admin.system_status.next_gc_recycle": "下次GC内存回收量",
+	"admin.system_status.other_system_allocation_obtained": "其它被分配的系统内存",
+	"admin.system_status.gc_metadata_obtained": "被分配的GC元数据内存",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "被分配的剖析哈希表内存",
+	"admin.system_status.mcache_structures_obtained": "被分配的MCache结构内存",
+	"admin.system_status.mcache_structures_usage": "MCache结构内存使用量",
+	"admin.system_status.mspan_structures_obtained": "被分配的MSpan结构内存",
+	"admin.system_status.mspan_structures_usage": "MSpan结构内存使用量",
+	"admin.system_status.stack_memory_obtained": "被分配的Stack内存",
+	"admin.system_status.bootstrap_stack_usage": "启动Stack使用量",
+	"admin.system_status.heap_objects": "Heap对象数量",
+	"admin.system_status.heap_memory_released": "被释放的Heap内存",
+	"admin.system_status.heap_memory_in_use": "正在使用的Heap内存",
+	"admin.system_status.heap_memory_idle": "Heap内存空闲量",
+	"admin.system_status.heap_memory_obtained": "Heap内存占用量",
+	"admin.system_status.current_heap_usage": "当前Heap内存使用量",
+	"admin.system_status.memory_free_times": "内存释放次数",
+	"admin.system_status.memory_allocate_times": "内存分配次数",
+	"admin.system_status.pointer_lookup_times": "指针查找次数",
+	"admin.system_status.memory_obtained": "内存占用量",
+	"admin.system_status.total_memory_allocated": "所有被分配的内存",
+	"admin.system_status.current_memory_usage": "当前内存使用量",
+	"admin.system_status.current_goroutine": "当前Goroutines数量",
+	"admin.system_status.server_uptime": "服务运行时间",
+	"markup.filepreview.truncated": "预览已被截断",
+	"markup.filepreview.lines": "%[3]s中的第%[1]d到%[2]d行",
+	"markup.filepreview.line": "%[2]s中的第%[1]d行",
+	"actions.variables.update.success": "该变量已被编辑。",
+	"actions.variables.update.failed": "编辑变量失败。",
+	"actions.variables.creation.success": "变量 “%s” 添加成功。",
+	"actions.variables.creation.failed": "添加变量失败。",
+	"actions.variables.deletion.success": "变量已被删除。",
+	"actions.variables.deletion.failed": "删除变量失败。",
+	"actions.variables.not_found": "找不到变量。",
+	"actions.variables.edit": "编辑变量",
+	"actions.variables.description": "变量将被传给特定的Action，其它情况将不能被读取。",
+	"actions.variables.deletion.description": "删除变量是永久性的，无法撤消。继续吗？",
+	"actions.variables.deletion": "删除变量",
+	"actions.variables.none": "目前还没有变量。",
+	"actions.variables.creation": "添加变量",
+	"actions.variables.management": "管理变量",
+	"actions.variables": "变量",
+	"webauthn.error.timeout": "未能在允许的时限内读取密钥。请重新加载此页面并重试。",
+	"webauthn.error.empty": "您必须为此密钥设置一个名称。",
+	"webauthn.error.duplicated": "此安全密钥未被许可用于这个请求。请确保该密钥尚未注册。",
+	"webauthn.error.unable_to_process": "服务器无法处理您的请求。",
+	"webauthn.error.insecure": "WebAuthn仅支持安全连接。如果要在HTTP协议上进行测试，请使用\"localhost\"或\"127.0.0.1\"作为访问来源",
+	"webauthn.error.unknown": "发生未知错误。请重试。",
+	"webauthn.unsupported_browser": "你的浏览器目前不支持WebAuthn。",
+	"webauthn.error": "无法读取安全密钥。",
+	"webauthn.use_twofa": "使用来自手机中的两步验证码",
+	"webauthn.press_button": "请按下安全密钥上的按钮……",
+	"webauthn.sign_in": "按下安全密钥上的按钮。如果安全密钥没有按钮，请重新插入它。",
+	"webauthn.insert_key": "插入安全密钥",
 	"counters.n_commits": "%s笔提交",
 	"counters.n_branches": "%s个分支",
 	"counters.n_tags": "%s个标签",
diff --git a/options/locale_next/locale_zh-HK.json b/options/locale_next/locale_zh-HK.json
index d81aa3f202..5f1dc8f7e1 100644
--- a/options/locale_next/locale_zh-HK.json
+++ b/options/locale_next/locale_zh-HK.json
@@ -1,4 +1,43 @@
 {
+	"admin.monitor.queue.settings.submit": "更新設定",
+	"admin.monitor.queue.type": "認證類型",
+	"admin.monitor.queue.name": "組織名稱",
+	"admin.users.list_status_filter.is_admin": "管理員",
+	"admin.system_status.gc_times": "垃圾收集執行次數",
+	"admin.system_status.last_gc_pause": "上次垃圾收集暫停時間",
+	"admin.system_status.total_gc_pause": "垃圾收集暫停時間總量",
+	"admin.system_status.last_gc_time": "距離上次垃圾收集時間",
+	"admin.system_status.next_gc_recycle": "下次垃圾收集內存回收量",
+	"admin.system_status.other_system_allocation_obtained": "其它被分配的系統內存",
+	"admin.system_status.gc_metadata_obtained": "被分配的垃圾收集元資料內存",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "被分配的剖析哈希表內存",
+	"admin.system_status.mcache_structures_obtained": "被分配的 MCache 結構內存",
+	"admin.system_status.mcache_structures_usage": "MCache 結構內存使用量",
+	"admin.system_status.mspan_structures_obtained": "被分配的 MSpan 結構內存",
+	"admin.system_status.mspan_structures_usage": "MSpan 結構內存使用量",
+	"admin.system_status.stack_memory_obtained": "被分配的 Stack 內存",
+	"admin.system_status.bootstrap_stack_usage": "啟動 Stack 使用量",
+	"admin.system_status.heap_objects": "Heap 對象數量",
+	"admin.system_status.heap_memory_released": "被釋放的 Heap 內存",
+	"admin.system_status.heap_memory_in_use": "正在使用的 Heap 內存",
+	"admin.system_status.heap_memory_idle": "Heap 內存空閒量",
+	"admin.system_status.heap_memory_obtained": "Heap 內存佔用量",
+	"admin.system_status.current_heap_usage": "當前 Heap 內存使用量",
+	"admin.system_status.pointer_lookup_times": "指針查找次數",
+	"admin.system_status.memory_obtained": "內存佔用量",
+	"admin.system_status.total_memory_allocated": "所有被分配的內存",
+	"admin.system_status.current_memory_usage": "當前內存使用量",
+	"admin.system_status.current_goroutine": "當前 Goroutines 數量",
+	"admin.system_status.server_uptime": "服務執行時間",
+	"webauthn.error.empty": "你要起名呢條鎖匙。",
+	"webauthn.error.unable_to_process": "伺服器唔可以執行你嘅請求。",
+	"webauthn.error.unknown": "發生未知嘅錯誤，請再試下。",
+	"webauthn.unsupported_browser": "你嘅瀏覽器唔支援 WebAuthn。",
+	"webauthn.error": "唔可以讀取安全密鑰。",
+	"webauthn.use_twofa": "用手機嘅兩步驟驗證",
+	"webauthn.press_button": "請撳下安全密鑰嘅掣…",
+	"webauthn.sign_in": "撳下安全密鑰嘅掣。如果安全密鑰冇掣，請再插入。",
+	"webauthn.insert_key": "插入安全密鑰",
 	"migrate.items.wiki": "維基",
 	"migrate.items.milestones": "里程碑",
 	"migrate.items.labels": "標籤",
diff --git a/options/locale_next/locale_zh-TW.json b/options/locale_next/locale_zh-TW.json
index ac46e41245..c2d5063457 100644
--- a/options/locale_next/locale_zh-TW.json
+++ b/options/locale_next/locale_zh-TW.json
@@ -1,4 +1,93 @@
 {
+	"admin.monitor.queue.settings.remove_all_items.success": "已移除佇列中所有項目。",
+	"admin.monitor.queue.settings.remove_all_items": "全部移除",
+	"admin.monitor.queue.settings.changed": "已更新設定",
+	"admin.monitor.queue.settings.submit": "更新設定",
+	"admin.monitor.queue.settings.maxnumberworkers.error": "最大工作者數量必須是數字",
+	"admin.monitor.queue.settings.maxnumberworkers.placeholder": "目前 %[1]d",
+	"admin.monitor.queue.settings.maxnumberworkers": "最大工作者數量",
+	"admin.monitor.queue.settings.description": "集區會根據工作者佇列的阻塞情況動態增長。",
+	"admin.monitor.queue.settings.title": "集區設定",
+	"admin.monitor.queue.review_add": "審閱／增加 Worker",
+	"admin.monitor.queue.numberinqueue": "佇列中的數量",
+	"admin.monitor.queue.maxnumberworkers": "最大工作者數量",
+	"admin.monitor.queue.activeworkers": "活躍工作者",
+	"admin.monitor.queue.numberworkers": "工作者數量",
+	"admin.monitor.queue.exemplar": "型別",
+	"admin.monitor.queue.type": "類型",
+	"admin.monitor.queue.name": "名稱",
+	"admin.monitor.queue": "佇列: %s",
+	"admin.monitor.queues": "佇列",
+	"admin.users.list_status_filter.not_2fa_enabled": "未啟用兩步驟驗證",
+	"admin.users.list_status_filter.is_2fa_enabled": "已啟用兩步驟驗證",
+	"admin.users.list_status_filter.not_prohibit_login": "允許登入",
+	"admin.users.list_status_filter.is_prohibit_login": "禁止登入",
+	"admin.users.list_status_filter.not_restricted": "未受限制",
+	"admin.users.list_status_filter.is_restricted": "受限",
+	"admin.users.list_status_filter.not_admin": "非管理員",
+	"admin.users.list_status_filter.is_admin": "管理員",
+	"admin.users.list_status_filter.not_active": "未啟用",
+	"admin.users.list_status_filter.is_active": "已啟用",
+	"admin.users.list_status_filter.reset": "重設",
+	"admin.users.list_status_filter.menu_text": "篩選",
+	"admin.system_status.gc_times": "GC 執行次數",
+	"admin.system_status.last_gc_pause": "上次 GC 暫停時間",
+	"admin.system_status.total_gc_pause": "總 GC 暫停時間",
+	"admin.system_status.last_gc_time": "距離上次 GC 時間",
+	"admin.system_status.next_gc_recycle": "下次 GC 記憶體回收量",
+	"admin.system_status.other_system_allocation_obtained": "其他獲得的系統記憶體",
+	"admin.system_status.gc_metadata_obtained": "被分配 GC Metadata",
+	"admin.system_status.profiling_bucket_hash_table_obtained": "被分配的剖析雜湊表",
+	"admin.system_status.mcache_structures_obtained": "獲得的 MCache 結構",
+	"admin.system_status.mcache_structures_usage": "MCache 結構使用量",
+	"admin.system_status.mspan_structures_obtained": "獲得的 MSpan 結構",
+	"admin.system_status.mspan_structures_usage": "MSpan 結構使用量",
+	"admin.system_status.stack_memory_obtained": "獲得的 Stack 記憶體",
+	"admin.system_status.bootstrap_stack_usage": "啟動 Stack 使用量",
+	"admin.system_status.heap_objects": "Heap 物件數量",
+	"admin.system_status.heap_memory_released": "被釋放的 Heap 記憶體",
+	"admin.system_status.heap_memory_in_use": "正在使用的 Heap 記憶體",
+	"admin.system_status.heap_memory_idle": "Heap 記憶體閒置量",
+	"admin.system_status.heap_memory_obtained": "獲得的 Heap 記憶體",
+	"admin.system_status.current_heap_usage": "目前 Heap 記憶體使用量",
+	"admin.system_status.memory_free_times": "記憶體釋放次數",
+	"admin.system_status.memory_allocate_times": "記憶體分配次數",
+	"admin.system_status.pointer_lookup_times": "指標尋找次數",
+	"admin.system_status.memory_obtained": "獲得的記憶體",
+	"admin.system_status.total_memory_allocated": "所有被分配的記憶體",
+	"admin.system_status.current_memory_usage": "目前記憶體使用量",
+	"admin.system_status.current_goroutine": "目前的 Goroutines",
+	"admin.system_status.server_uptime": "伺服器運作時間",
+	"markup.filepreview.truncated": "預覽已被截斷",
+	"markup.filepreview.lines": "%[3]s 中的第 %[1]d 至 %[2]d 行",
+	"markup.filepreview.line": "%[2]s 中的第 %[1]d 行",
+	"actions.variables.update.success": "該變數已被編輯。",
+	"actions.variables.update.failed": "編輯變數失敗。",
+	"actions.variables.creation.success": "已新增變數 「%s」。",
+	"actions.variables.creation.failed": "變數新增失敗。",
+	"actions.variables.deletion.success": "該變數已被刪除。",
+	"actions.variables.deletion.failed": "變數刪除失敗。",
+	"actions.variables.not_found": "找不到變數。",
+	"actions.variables.edit": "編輯變數",
+	"actions.variables.description": "變數會被傳給特定的 Actions，除此之外它們無法被讀取。",
+	"actions.variables.deletion.description": "刪除變數是永久且不可取消的。要繼續嗎？",
+	"actions.variables.deletion": "刪除變數",
+	"actions.variables.none": "目前沒有變數。",
+	"actions.variables.creation": "新增變數",
+	"actions.variables.management": "變數管理",
+	"actions.variables": "變數",
+	"webauthn.error.timeout": "在成功讀取金鑰之前已逾時，請重新載入此頁面並重試。",
+	"webauthn.error.empty": "您必須命名此金鑰。",
+	"webauthn.error.duplicated": "此安全金鑰無法允許這個請求。請確保該金鑰尚未被註冊。",
+	"webauthn.error.unable_to_process": "伺服器無法處理您的請求。",
+	"webauthn.error.insecure": "WebAuthn 只支援安全連線。想在 HTTP 上測試，您可以使用「localhost」或「127.0.0.1」",
+	"webauthn.error.unknown": "發生未知的錯誤，請再試一次。",
+	"webauthn.unsupported_browser": "您的瀏覽器還不支援 WebAuthn。",
+	"webauthn.error": "無法讀取您的安全金鑰。",
+	"webauthn.use_twofa": "使用來自手機的兩步驟驗證碼",
+	"webauthn.press_button": "請按下您安全金鑰上的按鈕…",
+	"webauthn.sign_in": "按下您安全金鑰上的按鈕。如果您的安全金鑰沒有按鈕，請重新插入。",
+	"webauthn.insert_key": "插入您的安全金鑰",
 	"counters.n_commits": {
 		"one": "%s 個提交",
 		"other": "%s 個提交"
diff --git a/routers/web/admin/queue.go b/routers/web/admin/queue.go
index 03bbfe5af4..377f03450f 100644
--- a/routers/web/admin/queue.go
+++ b/routers/web/admin/queue.go
@@ -84,6 +84,6 @@ func QueueRemoveAllItems(ctx *context.Context) {
 		return
 	}
 
-	ctx.Flash.Success(ctx.Tr("admin.monitor.queue.settings.remove_all_items_done"))
+	ctx.Flash.Success(ctx.Tr("admin.monitor.queue.settings.remove_all_items.success"))
 	ctx.Redirect(setting.AppSubURL + "/admin/monitor/queue/" + strconv.FormatInt(qid, 10))
 }
diff --git a/templates/admin/queue_manage.tmpl b/templates/admin/queue_manage.tmpl
index a793fe1350..7686755d6d 100644
--- a/templates/admin/queue_manage.tmpl
+++ b/templates/admin/queue_manage.tmpl
@@ -44,7 +44,7 @@
 			{{ctx.Locale.Tr "admin.monitor.queue.settings.title"}}
 		</h4>
 		<div class="ui attached segment">
-			<p>{{ctx.Locale.Tr "admin.monitor.queue.settings.desc"}}</p>
+			<p>{{ctx.Locale.Tr "admin.monitor.queue.settings.description"}}</p>
 			<form method="post" action="{{.Link}}/set">
 				<div class="ui form">
 					<div class="inline field">
diff --git a/templates/admin/system_status.tmpl b/templates/admin/system_status.tmpl
index d9856ccd0b..c1dd838290 100644
--- a/templates/admin/system_status.tmpl
+++ b/templates/admin/system_status.tmpl
@@ -1,62 +1,62 @@
 <dl class="admin-dl-horizontal">
-	<dt>{{ctx.Locale.Tr "admin.dashboard.server_uptime"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.server_uptime"}}</dt>
 	<dd><relative-time format="duration" datetime="{{.SysStatus.StartTime}}">{{.SysStatus.StartTime}}</relative-time></dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.current_goroutine"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.current_goroutine"}}</dt>
 	<dd>{{.SysStatus.NumGoroutine}}</dd>
 	<div class="divider"></div>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.current_memory_usage"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.current_memory_usage"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.MemAllocated}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.total_memory_allocated"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.total_memory_allocated"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.MemTotal}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.memory_obtained"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.memory_obtained"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.MemSys}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.pointer_lookup_times"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.pointer_lookup_times"}}</dt>
 	<dd>{{.SysStatus.Lookups}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.memory_allocate_times"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.memory_allocate_times"}}</dt>
 	<dd>{{.SysStatus.MemMallocs}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.memory_free_times"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.memory_free_times"}}</dt>
 	<dd>{{.SysStatus.MemFrees}}</dd>
 	<div class="divider"></div>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.current_heap_usage"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.current_heap_usage"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.HeapAlloc}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.heap_memory_obtained"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.heap_memory_obtained"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.HeapSys}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.heap_memory_idle"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.heap_memory_idle"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.HeapIdle}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.heap_memory_in_use"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.heap_memory_in_use"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.HeapInuse}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.heap_memory_released"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.heap_memory_released"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.HeapReleased}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.heap_objects"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.heap_objects"}}</dt>
 	<dd>{{.SysStatus.HeapObjects}}</dd>
 	<div class="divider"></div>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.bootstrap_stack_usage"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.bootstrap_stack_usage"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.StackInuse}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.stack_memory_obtained"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.stack_memory_obtained"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.StackSys}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.mspan_structures_usage"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.mspan_structures_usage"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.MSpanInuse}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.mspan_structures_obtained"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.mspan_structures_obtained"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.MSpanSys}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.mcache_structures_usage"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.mcache_structures_usage"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.MCacheInuse}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.mcache_structures_obtained"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.mcache_structures_obtained"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.MCacheSys}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.profiling_bucket_hash_table_obtained"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.profiling_bucket_hash_table_obtained"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.BuckHashSys}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.gc_metadata_obtained"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.gc_metadata_obtained"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.GCSys}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.other_system_allocation_obtained"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.other_system_allocation_obtained"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.OtherSys}}</dd>
 	<div class="divider"></div>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.next_gc_recycle"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.next_gc_recycle"}}</dt>
 	<dd>{{ctx.Locale.TrSize .SysStatus.NextGC}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.last_gc_time"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.last_gc_time"}}</dt>
 	<dd><relative-time format="duration" datetime="{{.SysStatus.LastGCTime}}">{{.SysStatus.LastGCTime}}</relative-time></dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.total_gc_pause"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.total_gc_pause"}}</dt>
 	<dd>{{.SysStatus.PauseTotalNs}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.last_gc_pause"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.last_gc_pause"}}</dt>
 	<dd>{{.SysStatus.PauseNs}}</dd>
-	<dt>{{ctx.Locale.Tr "admin.dashboard.gc_times"}}</dt>
+	<dt>{{ctx.Locale.Tr "admin.system_status.gc_times"}}</dt>
 	<dd>{{.SysStatus.NumGC}}</dd>
 </dl>
diff --git a/templates/user/auth/webauthn.tmpl b/templates/user/auth/webauthn.tmpl
index 1b84765323..00cb88621d 100644
--- a/templates/user/auth/webauthn.tmpl
+++ b/templates/user/auth/webauthn.tmpl
@@ -6,17 +6,17 @@
 			<h3 class="ui top attached header">{{ctx.Locale.Tr "twofa"}}</h3>
 			<div class="ui attached segment">
 				{{svg "octicon-key" 56}}
-				<h3>{{ctx.Locale.Tr "webauthn_insert_key"}}</h3>
+				<h3>{{ctx.Locale.Tr "webauthn.insert_key"}}</h3>
 				{{template "base/alert" .}}
-				<p>{{ctx.Locale.Tr "webauthn_sign_in"}}</p>
+				<p>{{ctx.Locale.Tr "webauthn.sign_in"}}</p>
 			</div>
 			<div class="ui attached segment tw-flex tw-items-center tw-justify-center tw-gap-1 tw-py-2">
 				<div class="is-loading tw-w-[40px] tw-h-[40px]"></div>
-				{{ctx.Locale.Tr "webauthn_press_button"}}
+				{{ctx.Locale.Tr "webauthn.press_button"}}
 			</div>
 			{{if .HasTwoFactor}}
 				<div class="ui attached segment">
-					<a href="{{AppSubUrl}}/user/two_factor">{{ctx.Locale.Tr "webauthn_use_twofa"}}</a>
+					<a href="{{AppSubUrl}}/user/two_factor">{{ctx.Locale.Tr "webauthn.use_twofa"}}</a>
 				</div>
 			{{end}}
 		</div>
diff --git a/templates/user/auth/webauthn_error.tmpl b/templates/user/auth/webauthn_error.tmpl
index 511ff7c287..db54251096 100644
--- a/templates/user/auth/webauthn_error.tmpl
+++ b/templates/user/auth/webauthn_error.tmpl
@@ -1,13 +1,13 @@
 <div id="webauthn-error" class="ui negative message tw-hidden">
-	<div class="header">{{ctx.Locale.Tr "webauthn_error"}}</div>
+	<div class="header">{{ctx.Locale.Tr "webauthn.error"}}</div>
 	<div id="webauthn-error-msg" class="tw-pt-2"></div>
 	<div class="tw-hidden">
-		<div data-webauthn-error-msg="browser">{{ctx.Locale.Tr "webauthn_unsupported_browser"}}</div>
-		<div data-webauthn-error-msg="unknown">{{ctx.Locale.Tr "webauthn_error_unknown"}}</div>
-		<div data-webauthn-error-msg="insecure">{{ctx.Locale.Tr "webauthn_error_insecure"}}</div>
-		<div data-webauthn-error-msg="unable-to-process">{{ctx.Locale.Tr "webauthn_error_unable_to_process"}}</div>
-		<div data-webauthn-error-msg="duplicated">{{ctx.Locale.Tr "webauthn_error_duplicated"}}</div>
-		<div data-webauthn-error-msg="empty">{{ctx.Locale.Tr "webauthn_error_empty"}}</div>
-		<div data-webauthn-error-msg="timeout">{{ctx.Locale.Tr "webauthn_error_timeout"}}</div>
+		<div data-webauthn-error-msg="browser">{{ctx.Locale.Tr "webauthn.unsupported_browser"}}</div>
+		<div data-webauthn-error-msg="unknown">{{ctx.Locale.Tr "webauthn.error.unknown"}}</div>
+		<div data-webauthn-error-msg="insecure">{{ctx.Locale.Tr "webauthn.error.insecure"}}</div>
+		<div data-webauthn-error-msg="unable-to-process">{{ctx.Locale.Tr "webauthn.error.unable_to_process"}}</div>
+		<div data-webauthn-error-msg="duplicated">{{ctx.Locale.Tr "webauthn.error.duplicated"}}</div>
+		<div data-webauthn-error-msg="empty">{{ctx.Locale.Tr "webauthn.error.empty"}}</div>
+		<div data-webauthn-error-msg="timeout">{{ctx.Locale.Tr "webauthn.error.timeout"}}</div>
 	</div>
 </div>

From 73b30acbd0e96cd1afdd01bf2aebcb5153a27367 Mon Sep 17 00:00:00 2001
From: Gabor Pihaj <gabor.pihaj@gmail.com>
Date: Mon, 27 Apr 2026 22:34:46 +0200
Subject: [PATCH 745/854] feat: replace repo based server-side hooks with
 centralised hooks (#10397)

This PR is replacing repository based hooks hooks with centralised files, this way the files don't need to be copied into every repository, only one line of config need to be added in the repository.

Closes: #3523

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10397
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 Makefile                                      |   6 +-
 cmd/admin.go                                  |   1 -
 cmd/admin_regenerate.go                       |  31 +--
 cmd/main_test.go                              |   8 +-
 models/unittest/testdb.go                     |  38 ++-
 modules/git/git.go                            |  10 +
 .../hooks.go => git/hook_generate.go}         | 122 +++------
 modules/repository/init.go                    |   2 -
 release-notes/10397.md                        |   1 +
 routers/init.go                               |   2 -
 routers/install/routes_test.go                |   2 +-
 services/cron/tasks_extended.go               |  11 -
 services/doctor/misc.go                       |  33 ---
 services/repository/adopt.go                  |   4 -
 services/repository/fork.go                   |   4 -
 services/repository/hooks.go                  |  38 ---
 services/repository/migrate.go                |   8 -
 services/wiki/wiki.go                         |   2 -
 tests/install.ini.tmpl                        |   0
 tests/integration/api_admin_test.go           |   4 +-
 tests/integration/api_issue_config_test.go    | 245 +++++++++---------
 tests/integration/empty_repo_test.go          | 149 +++++------
 tests/integration/git_hooks_test.go           |  99 +++++++
 tests/integration/git_test.go                 |   1 +
 .../repo_mergecommit_revert_test.go           |  34 +--
 tests/unittest.ini.tmpl                       |   2 +
 26 files changed, 418 insertions(+), 439 deletions(-)
 rename modules/{repository/hooks.go => git/hook_generate.go} (60%)
 create mode 100644 release-notes/10397.md
 create mode 100644 tests/install.ini.tmpl
 create mode 100644 tests/integration/git_hooks_test.go
 create mode 100644 tests/unittest.ini.tmpl

diff --git a/Makefile b/Makefile
index 99aaaac8d8..a499443ddd 100644
--- a/Makefile
+++ b/Makefile
@@ -562,12 +562,12 @@ test: test-frontend test-backend
 .PHONY: test-backend
 test-backend: | compute-go-test-packages
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@TZ=UTC $(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)
+	@TZ=UTC GITEA_ROOT="$(CURDIR)" $(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)
 
 .PHONY: test-remote-cacher
 test-remote-cacher:
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_REMOTE_CACHER_PACKAGES)
+	GITEA_ROOT="$(CURDIR)" $(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_REMOTE_CACHER_PACKAGES)
 
 .PHONY: test-frontend
 test-frontend: node_modules
@@ -592,7 +592,7 @@ test-check:
 .PHONY: test\#%
 test\#%: | compute-go-test-packages
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@TZ=UTC $(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)
+	@TZ=UTC GITEA_ROOT="$(CURDIR)" $(GOTEST) $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)
 
 coverage-merge:
 	rm -fr coverage/merged ; mkdir -p coverage/merged
diff --git a/cmd/admin.go b/cmd/admin.go
index 60b25eb971..fe212cc388 100644
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -47,7 +47,6 @@ func subcmdRegenerate() *cli.Command {
 		Name:  "regenerate",
 		Usage: "Regenerate specific files",
 		Commands: []*cli.Command{
-			microcmdRegenHooks,
 			microcmdRegenKeys,
 		},
 	}
diff --git a/cmd/admin_regenerate.go b/cmd/admin_regenerate.go
index 4d14df317d..4620a7106d 100644
--- a/cmd/admin_regenerate.go
+++ b/cmd/admin_regenerate.go
@@ -7,36 +7,15 @@ import (
 	"context"
 
 	asymkey_model "forgejo.org/models/asymkey"
-	"forgejo.org/modules/graceful"
-	repo_service "forgejo.org/services/repository"
 
 	"github.com/urfave/cli/v3"
 )
 
-var (
-	microcmdRegenHooks = &cli.Command{
-		Name:   "hooks",
-		Usage:  "Regenerate git-hooks",
-		Before: noDanglingArgs,
-		Action: runRegenerateHooks,
-	}
-
-	microcmdRegenKeys = &cli.Command{
-		Name:   "keys",
-		Usage:  "Regenerate authorized_keys file",
-		Before: noDanglingArgs,
-		Action: runRegenerateKeys,
-	}
-)
-
-func runRegenerateHooks(ctx context.Context, c *cli.Command) error {
-	ctx, cancel := installSignals(ctx)
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-	return repo_service.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
+var microcmdRegenKeys = &cli.Command{
+	Name:   "keys",
+	Usage:  "Regenerate authorized_keys file",
+	Before: noDanglingArgs,
+	Action: runRegenerateKeys,
 }
 
 func runRegenerateKeys(ctx context.Context, c *cli.Command) error {
diff --git a/cmd/main_test.go b/cmd/main_test.go
index 1ec3471343..ca6a56f4af 100644
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -8,6 +8,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"os"
 	"path/filepath"
 	"strings"
 	"testing"
@@ -62,7 +63,12 @@ func runTestApp(app *cli.Command, args ...string) (runResult, error) {
 }
 
 func TestCliCmd(t *testing.T) {
-	defaultWorkPath := filepath.Dir(setting.AppPath)
+	path, err := os.Executable()
+	if err != nil {
+		panic(err)
+	}
+
+	defaultWorkPath := filepath.Dir(path)
 	defaultCustomPath := filepath.Join(defaultWorkPath, "custom")
 	defaultCustomConf := filepath.Join(defaultCustomPath, "conf/app.ini")
 
diff --git a/models/unittest/testdb.go b/models/unittest/testdb.go
index 8e212bc0a3..c926a85df6 100644
--- a/models/unittest/testdb.go
+++ b/models/unittest/testdb.go
@@ -47,10 +47,29 @@ func fatalTestError(fmtStr string, args ...any) {
 
 // InitSettings initializes config provider and load common settings for tests
 func InitSettings() {
-	if setting.CustomConf == "" {
-		setting.CustomConf = filepath.Join(setting.CustomPath, "conf/app-unittest-tmp.ini")
-		_ = os.Remove(setting.CustomConf)
+	InitCustomSettings("unittest.ini")
+}
+
+func InitCustomSettings(confFileName string) {
+	root := base.SetupGiteaRoot()
+	if root == "" {
+		fatalTestError("Environment variable $GITEA_ROOT not set")
 	}
+	setting.AppPath = filepath.Join(root, "gitea")
+	if setting.CustomConf == "" {
+		templateFile := confFileName + ".tmpl"
+		content, err := os.ReadFile(filepath.Join(root, "tests", templateFile))
+		if err != nil {
+			log.Fatalf("couldn't read config template: %s", templateFile)
+		}
+		err = os.WriteFile(filepath.Join(root, "tests", confFileName), content, 0o644)
+		if err != nil {
+			log.Fatalf("couldn't write config: %s", confFileName)
+		}
+		setting.CustomConf = filepath.Join(root, "tests", confFileName)
+	}
+	os.Setenv("GITEA_CONF", setting.CustomConf)
+
 	setting.InitCfgProvider(setting.CustomConf)
 	setting.LoadCommonSettings()
 
@@ -72,9 +91,10 @@ func InitSettings() {
 
 // TestOptions represents test options
 type TestOptions struct {
-	FixtureFiles []string
-	SetUp        func() error // SetUp will be executed before all tests in this package
-	TearDown     func() error // TearDown will be executed after all tests in this package
+	FixtureFiles    []string
+	SetUp           func() error // SetUp will be executed before all tests in this package
+	TearDown        func() error // TearDown will be executed after all tests in this package
+	IniFileOverride string
 }
 
 // MainTest a reusable TestMain(..) function for unit tests that need to use a
@@ -97,7 +117,11 @@ func MainTest(m *testing.M, testOpts ...*TestOptions) {
 
 	giteaRoot = searchDir
 	setting.CustomPath = filepath.Join(giteaRoot, "custom")
-	InitSettings()
+	if len(testOpts) == 0 || testOpts[0].IniFileOverride == "" {
+		InitSettings()
+	} else {
+		InitCustomSettings(testOpts[0].IniFileOverride)
+	}
 
 	fixturesDir = filepath.Join(giteaRoot, "models", "fixtures")
 	var opts FixturesOptions
diff --git a/modules/git/git.go b/modules/git/git.go
index 650fd3b5af..7f8674d099 100644
--- a/modules/git/git.go
+++ b/modules/git/git.go
@@ -10,6 +10,7 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"path"
 	"path/filepath"
 	"regexp"
 	"runtime"
@@ -200,6 +201,11 @@ func InitFull(ctx context.Context) (err error) {
 	_, err = exec.LookPath("ssh")
 	HasSSHExecutable = err == nil
 
+	err = InitDelegateHooks(HomeDir())
+	if err != nil {
+		return nil
+	}
+
 	return syncGitConfig()
 }
 
@@ -229,6 +235,10 @@ func syncGitConfig() (err error) {
 		}
 	}
 
+	if err := configSet("core.hooksPath", path.Join(HomeDir(), "hooks")); err != nil {
+		return err
+	}
+
 	// Set git some configurations - these must be set to these values for forgejo to work correctly
 	if err := configSet("core.quotePath", "false"); err != nil {
 		return err
diff --git a/modules/repository/hooks.go b/modules/git/hook_generate.go
similarity index 60%
rename from modules/repository/hooks.go
rename to modules/git/hook_generate.go
index 0f5e3afc34..2af2487ab3 100644
--- a/modules/repository/hooks.go
+++ b/modules/git/hook_generate.go
@@ -1,7 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package repository
+package git
 
 import (
 	"fmt"
@@ -21,14 +21,25 @@ func getHookTemplates() (hookNames, hookTpls, giteaHookTpls []string) {
 data=$(cat)
 exitcodes=""
 hookname=$(basename $0)
-GIT_DIR=${GIT_DIR:-$(dirname $0)/..}
 
-for hook in ${GIT_DIR}/hooks/${hookname}.d/*; do
+for hook in $(dirname $0)/${hookname}.d/*; do
   test -x "${hook}" && test -f "${hook}" || continue
   echo "${data}" | "${hook}"
   exitcodes="${exitcodes} $?"
 done
 
+# Custom hooks
+custom_hooks_dir="./hooks/${hookname}.d"
+if [ -d "${custom_hooks_dir}" ]; then
+  for hook in ${custom_hooks_dir}/*; do
+    if [ $(basename "${hook}") != "gitea" ]; then
+      test -x "${hook}" && test -f "${hook}" || continue
+      echo "${data}" | "${hook}"
+      exitcodes="${exitcodes} $?"
+    fi
+  done
+fi
+
 for i in ${exitcodes}; do
   [ ${i} -eq 0 ] || exit ${i}
 done
@@ -39,14 +50,25 @@ done
 # AUTO GENERATED BY GITEA, DO NOT MODIFY
 exitcodes=""
 hookname=$(basename $0)
-GIT_DIR=${GIT_DIR:-$(dirname $0/..)}
 
-for hook in ${GIT_DIR}/hooks/${hookname}.d/*; do
+for hook in $(dirname $0)/${hookname}.d/*; do
   test -x "${hook}" && test -f "${hook}" || continue
   "${hook}" $1 $2 $3
   exitcodes="${exitcodes} $?"
 done
 
+# Custom hooks
+custom_hooks_dir="./hooks/${hookname}.d"
+if [ -d "${custom_hooks_dir}" ]; then
+  for hook in ${custom_hooks_dir}/*; do
+    if [ $(basename "${hook}") != "gitea" ]; then
+      test -x "${hook}" && test -f "${hook}" || continue
+      "${hook}" $1 $2 $3
+      exitcodes="${exitcodes} $?"
+    fi
+  done
+fi
+
 for i in ${exitcodes}; do
   [ ${i} -eq 0 ] || exit ${i}
 done
@@ -58,14 +80,24 @@ done
 data=$(cat)
 exitcodes=""
 hookname=$(basename $0)
-GIT_DIR=${GIT_DIR:-$(dirname $0)/..}
 
-for hook in ${GIT_DIR}/hooks/${hookname}.d/*; do
+for hook in $(dirname $0)/${hookname}.d/*; do
   test -x "${hook}" && test -f "${hook}" || continue
   echo "${data}" | "${hook}"
   exitcodes="${exitcodes} $?"
 done
 
+# Custom hooks
+custom_hooks_dir="./hooks/${hookname}.d"
+if [ -d "${custom_hooks_dir}" ]; then
+  for hook in ${custom_hooks_dir}/*; do
+    if [ $(basename "${hook}") != "gitea" ]; then
+      test -x "${hook}" && test -f "${hook}" || continue
+      echo "${data}" | "${hook}"
+      exitcodes="${exitcodes} $?"
+    fi
+  done
+fi
 for i in ${exitcodes}; do
   [ ${i} -eq 0 ] || exit ${i}
 done
@@ -104,10 +136,9 @@ done
 	return hookNames, hookTpls, giteaHookTpls
 }
 
-// CreateDelegateHooks creates all the hooks scripts for the repo
-func CreateDelegateHooks(repoPath string) (err error) {
+func InitDelegateHooks(path string) (err error) {
 	hookNames, hookTpls, giteaHookTpls := getHookTemplates()
-	hookDir := filepath.Join(repoPath, "hooks")
+	hookDir := filepath.Join(path, "hooks")
 
 	for i, hookName := range hookNames {
 		oldHookPath := filepath.Join(hookDir, hookName)
@@ -144,14 +175,6 @@ func CreateDelegateHooks(repoPath string) (err error) {
 	return nil
 }
 
-func checkExecutable(filename string) bool {
-	fileInfo, err := os.Stat(filename)
-	if err != nil {
-		return false
-	}
-	return (fileInfo.Mode() & 0o100) > 0
-}
-
 func ensureExecutable(filename string) error {
 	fileInfo, err := os.Stat(filename)
 	if err != nil {
@@ -163,66 +186,3 @@ func ensureExecutable(filename string) error {
 	mode := fileInfo.Mode() | 0o100
 	return os.Chmod(filename, mode)
 }
-
-// CheckDelegateHooks checks the hooks scripts for the repo
-func CheckDelegateHooks(repoPath string) ([]string, error) {
-	hookNames, hookTpls, giteaHookTpls := getHookTemplates()
-
-	hookDir := filepath.Join(repoPath, "hooks")
-	results := make([]string, 0, 10)
-
-	for i, hookName := range hookNames {
-		oldHookPath := filepath.Join(hookDir, hookName)
-		newHookPath := filepath.Join(hookDir, hookName+".d", "gitea")
-
-		cont := false
-		isExist, err := util.IsExist(oldHookPath)
-		if err != nil {
-			results = append(results, fmt.Sprintf("unable to check if %s exists. Error: %v", oldHookPath, err))
-		}
-		if err == nil && !isExist {
-			results = append(results, fmt.Sprintf("old hook file %s does not exist", oldHookPath))
-			cont = true
-		}
-		isExist, err = util.IsExist(oldHookPath + ".d")
-		if err != nil {
-			results = append(results, fmt.Sprintf("unable to check if %s exists. Error: %v", oldHookPath+".d", err))
-		}
-		if err == nil && !isExist {
-			results = append(results, fmt.Sprintf("hooks directory %s does not exist", oldHookPath+".d"))
-			cont = true
-		}
-		isExist, err = util.IsExist(newHookPath)
-		if err != nil {
-			results = append(results, fmt.Sprintf("unable to check if %s exists. Error: %v", newHookPath, err))
-		}
-		if err == nil && !isExist {
-			results = append(results, fmt.Sprintf("new hook file %s does not exist", newHookPath))
-			cont = true
-		}
-		if cont {
-			continue
-		}
-		contents, err := os.ReadFile(oldHookPath)
-		if err != nil {
-			return results, err
-		}
-		if string(contents) != hookTpls[i] {
-			results = append(results, fmt.Sprintf("old hook file %s is out of date", oldHookPath))
-		}
-		if !checkExecutable(oldHookPath) {
-			results = append(results, fmt.Sprintf("old hook file %s is not executable", oldHookPath))
-		}
-		contents, err = os.ReadFile(newHookPath)
-		if err != nil {
-			return results, err
-		}
-		if string(contents) != giteaHookTpls[i] {
-			results = append(results, fmt.Sprintf("new hook file %s is out of date", newHookPath))
-		}
-		if !checkExecutable(newHookPath) {
-			results = append(results, fmt.Sprintf("new hook file %s is not executable", newHookPath))
-		}
-	}
-	return results, nil
-}
diff --git a/modules/repository/init.go b/modules/repository/init.go
index 66a65599a8..16d366c6f0 100644
--- a/modules/repository/init.go
+++ b/modules/repository/init.go
@@ -138,8 +138,6 @@ func CheckInitRepository(ctx context.Context, owner, name, objectFormatName stri
 	// Init git bare new repository.
 	if err = git.InitRepository(ctx, repoPath, true, objectFormatName); err != nil {
 		return fmt.Errorf("git.InitRepository: %w", err)
-	} else if err = CreateDelegateHooks(repoPath); err != nil {
-		return fmt.Errorf("createDelegateHooks: %w", err)
 	}
 	return nil
 }
diff --git a/release-notes/10397.md b/release-notes/10397.md
new file mode 100644
index 0000000000..0560c173b9
--- /dev/null
+++ b/release-notes/10397.md
@@ -0,0 +1 @@
+feat: replace repository based server-side hooks with centralised hooks. Migration guide is available in [Admin docs](https://forgejo.org/docs/latest/admin/upgrade/#when-upgrading-from--known-problematic-versions-or-upgrade-paths).
diff --git a/routers/init.go b/routers/init.go
index 26cf0ace3e..f272d60d63 100644
--- a/routers/init.go
+++ b/routers/init.go
@@ -92,8 +92,6 @@ func syncAppConfForGit(ctx context.Context) error {
 	}
 
 	if updated {
-		log.Info("re-sync repository hooks ...")
-		mustInitCtx(ctx, repo_service.SyncRepositoryHooks)
 		return system.AppState.Set(ctx, runtimeState)
 	}
 	return nil
diff --git a/routers/install/routes_test.go b/routers/install/routes_test.go
index 9b10f05b3b..d4409b36d0 100644
--- a/routers/install/routes_test.go
+++ b/routers/install/routes_test.go
@@ -34,5 +34,5 @@ func TestRoutes(t *testing.T) {
 }
 
 func TestMain(m *testing.M) {
-	unittest.MainTest(m)
+	unittest.MainTest(m, &unittest.TestOptions{IniFileOverride: "install.ini"})
 }
diff --git a/services/cron/tasks_extended.go b/services/cron/tasks_extended.go
index 5cc5d4eb14..fc89fa020f 100644
--- a/services/cron/tasks_extended.go
+++ b/services/cron/tasks_extended.go
@@ -86,16 +86,6 @@ func registerRewriteAllPrincipalKeys() {
 	})
 }
 
-func registerRepositoryUpdateHook() {
-	RegisterTaskFatal("resync_all_hooks", &BaseConfig{
-		Enabled:    false,
-		RunAtStart: false,
-		Schedule:   "@every 72h",
-	}, func(ctx context.Context, _ *user_model.User, _ Config) error {
-		return repo_service.SyncRepositoryHooks(ctx)
-	})
-}
-
 func registerReinitMissingRepositories() {
 	RegisterTaskFatal("reinit_missing_repos", &BaseConfig{
 		Enabled:    false,
@@ -251,7 +241,6 @@ func initExtendedTasks() {
 	registerGarbageCollectRepositories()
 	registerRewriteAllPublicKeys()
 	registerRewriteAllPrincipalKeys()
-	registerRepositoryUpdateHook()
 	registerReinitMissingRepositories()
 	registerDeleteMissingRepositories()
 	registerRemoveRandomAvatars()
diff --git a/services/doctor/misc.go b/services/doctor/misc.go
index 9b9c96b52b..323606edf1 100644
--- a/services/doctor/misc.go
+++ b/services/doctor/misc.go
@@ -18,7 +18,6 @@ import (
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/log"
-	"forgejo.org/modules/repository"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/structs"
 	"forgejo.org/modules/util"
@@ -48,31 +47,6 @@ func checkScriptType(ctx context.Context, logger log.Logger, autofix bool) error
 	return nil
 }
 
-func checkHooks(ctx context.Context, logger log.Logger, autofix bool) error {
-	if err := iterateRepositories(ctx, func(repo *repo_model.Repository) error {
-		results, err := repository.CheckDelegateHooks(repo.RepoPath())
-		if err != nil {
-			logger.Critical("Unable to check delegate hooks for repo %-v. ERROR: %v", repo, err)
-			return fmt.Errorf("Unable to check delegate hooks for repo %-v. ERROR: %w", repo, err)
-		}
-		if len(results) > 0 && autofix {
-			logger.Warn("Regenerated hooks for %s", repo.FullName())
-			if err := repository.CreateDelegateHooks(repo.RepoPath()); err != nil {
-				logger.Critical("Unable to recreate delegate hooks for %-v. ERROR: %v", repo, err)
-				return fmt.Errorf("Unable to recreate delegate hooks for %-v. ERROR: %w", repo, err)
-			}
-		}
-		for _, result := range results {
-			logger.Warn(result)
-		}
-		return nil
-	}); err != nil {
-		logger.Critical("Errors noted whilst checking delegate hooks.")
-		return err
-	}
-	return nil
-}
-
 func checkUserStarNum(ctx context.Context, logger log.Logger, autofix bool) error {
 	if autofix {
 		if err := models.DoctorUserStarNum(ctx); err != nil {
@@ -261,13 +235,6 @@ func init() {
 		Run:       checkScriptType,
 		Priority:  5,
 	})
-	Register(&Check{
-		Title:     "Check if hook files are up-to-date and executable",
-		Name:      "hooks",
-		IsDefault: false,
-		Run:       checkHooks,
-		Priority:  6,
-	})
 	Register(&Check{
 		Title:     "Recalculate Stars number for all user",
 		Name:      "recalculate-stars-number",
diff --git a/services/repository/adopt.go b/services/repository/adopt.go
index 3651b018e6..1949a62acf 100644
--- a/services/repository/adopt.go
+++ b/services/repository/adopt.go
@@ -117,10 +117,6 @@ func adoptRepository(ctx context.Context, repoPath string, repo *repo_model.Repo
 		return fmt.Errorf("adoptRepository: path does not already exist: %s", repoPath)
 	}
 
-	if err := repo_module.CreateDelegateHooks(repoPath); err != nil {
-		return fmt.Errorf("createDelegateHooks: %w", err)
-	}
-
 	repo.IsEmpty = false
 
 	if len(defaultBranch) > 0 {
diff --git a/services/repository/fork.go b/services/repository/fork.go
index 9d15b6207d..a51a290c05 100644
--- a/services/repository/fork.go
+++ b/services/repository/fork.go
@@ -164,10 +164,6 @@ func ForkRepositoryIfNotExists(ctx context.Context, doer, owner *user_model.User
 			return fmt.Errorf("git update-server-info: %w", err)
 		}
 
-		if err = repo_module.CreateDelegateHooks(repoPath); err != nil {
-			return fmt.Errorf("createDelegateHooks: %w", err)
-		}
-
 		gitRepo, err := gitrepo.OpenRepository(txCtx, repo)
 		if err != nil {
 			return fmt.Errorf("OpenRepository: %w", err)
diff --git a/services/repository/hooks.go b/services/repository/hooks.go
index d3021414cf..808b49212e 100644
--- a/services/repository/hooks.go
+++ b/services/repository/hooks.go
@@ -5,51 +5,13 @@ package repository
 
 import (
 	"context"
-	"fmt"
 
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/webhook"
 	"forgejo.org/modules/gitrepo"
-	"forgejo.org/modules/log"
-	repo_module "forgejo.org/modules/repository"
-
-	"xorm.io/builder"
 )
 
-// SyncRepositoryHooks rewrites all repositories' pre-receive, update and post-receive hooks
-// to make sure the binary and custom conf path are up-to-date.
-func SyncRepositoryHooks(ctx context.Context) error {
-	log.Trace("Doing: SyncRepositoryHooks")
-
-	if err := db.Iterate(
-		ctx,
-		builder.Gt{"id": 0},
-		func(ctx context.Context, repo *repo_model.Repository) error {
-			select {
-			case <-ctx.Done():
-				return db.ErrCancelledf("before sync repository hooks for %s", repo.FullName())
-			default:
-			}
-
-			if err := repo_module.CreateDelegateHooks(repo.RepoPath()); err != nil {
-				return fmt.Errorf("SyncRepositoryHook: %w", err)
-			}
-			if repo.HasWiki() {
-				if err := repo_module.CreateDelegateHooks(repo.WikiPath()); err != nil {
-					return fmt.Errorf("SyncRepositoryHook: %w", err)
-				}
-			}
-			return nil
-		},
-	); err != nil {
-		return err
-	}
-
-	log.Trace("Finished: SyncRepositoryHooks")
-	return nil
-}
-
 // GenerateGitHooks generates git hooks from a template repository
 func GenerateGitHooks(ctx context.Context, templateRepo, generateRepo *repo_model.Repository) error {
 	generateGitRepo, err := gitrepo.OpenRepository(ctx, generateRepo)
diff --git a/services/repository/migrate.go b/services/repository/migrate.go
index 46b48d02d3..e4c73dde8c 100644
--- a/services/repository/migrate.go
+++ b/services/repository/migrate.go
@@ -258,14 +258,6 @@ func cleanUpMigrateGitConfig(ctx context.Context, repoPath string) error {
 // CleanUpMigrateInfo finishes migrating repository and/or wiki with things that don't need to be done for mirrors.
 func CleanUpMigrateInfo(ctx context.Context, repo *repo_model.Repository) (*repo_model.Repository, error) {
 	repoPath := repo.RepoPath()
-	if err := repo_module.CreateDelegateHooks(repoPath); err != nil {
-		return repo, fmt.Errorf("createDelegateHooks: %w", err)
-	}
-	if repo.HasWiki() {
-		if err := repo_module.CreateDelegateHooks(repo.WikiPath()); err != nil {
-			return repo, fmt.Errorf("createDelegateHooks.(wiki): %w", err)
-		}
-	}
 
 	_, _, err := git.NewCommand(ctx, "remote", "rm", "origin").RunStdString(&git.RunOpts{Dir: repoPath})
 	if err != nil && !git.IsRemoteNotExistError(err) {
diff --git a/services/wiki/wiki.go b/services/wiki/wiki.go
index cf1477e72c..984c394f0e 100644
--- a/services/wiki/wiki.go
+++ b/services/wiki/wiki.go
@@ -42,8 +42,6 @@ func InitWiki(ctx context.Context, repo *repo_model.Repository) error {
 
 	if err := git.InitRepository(ctx, repo.WikiPath(), true, repo.ObjectFormatName); err != nil {
 		return fmt.Errorf("InitRepository: %w", err)
-	} else if err = repo_module.CreateDelegateHooks(repo.WikiPath()); err != nil {
-		return fmt.Errorf("createDelegateHooks: %w", err)
 	} else if _, _, err = git.NewCommand(ctx, "symbolic-ref", "HEAD").AddDynamicArguments(git.BranchPrefix + branch).RunStdString(&git.RunOpts{Dir: repo.WikiPath()}); err != nil {
 		return fmt.Errorf("unable to set default wiki branch to %s: %w", branch, err)
 	}
diff --git a/tests/install.ini.tmpl b/tests/install.ini.tmpl
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/tests/integration/api_admin_test.go b/tests/integration/api_admin_test.go
index 513eac1155..e3cab38d9d 100644
--- a/tests/integration/api_admin_test.go
+++ b/tests/integration/api_admin_test.go
@@ -426,11 +426,11 @@ func TestAPICron(t *testing.T) {
 			AddTokenAuth(token)
 		resp := MakeRequest(t, req, http.StatusOK)
 
-		assert.Equal(t, "31", resp.Header().Get("X-Total-Count"))
+		assert.Equal(t, "30", resp.Header().Get("X-Total-Count"))
 
 		var crons []api.Cron
 		DecodeJSON(t, resp, &crons)
-		assert.Len(t, crons, 31)
+		assert.Len(t, crons, 30)
 	})
 
 	t.Run("Execute", func(t *testing.T) {
diff --git a/tests/integration/api_issue_config_test.go b/tests/integration/api_issue_config_test.go
index 99b2829fbf..eecf00e406 100644
--- a/tests/integration/api_issue_config_test.go
+++ b/tests/integration/api_issue_config_test.go
@@ -7,6 +7,7 @@ package integration
 import (
 	"fmt"
 	"net/http"
+	"net/url"
 	"testing"
 
 	repo_model "forgejo.org/models/repo"
@@ -44,169 +45,169 @@ func getIssueConfig(t *testing.T, owner, repo string) api.IssueConfig {
 }
 
 func TestAPIRepoGetIssueConfig(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 49})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 49})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+		t.Run("Default", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
 
-	t.Run("Default", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
+			issueConfig := getIssueConfig(t, owner.Name, repo.Name)
 
-		issueConfig := getIssueConfig(t, owner.Name, repo.Name)
+			assert.True(t, issueConfig.BlankIssuesEnabled)
+			assert.Empty(t, issueConfig.ContactLinks)
+		})
 
-		assert.True(t, issueConfig.BlankIssuesEnabled)
-		assert.Empty(t, issueConfig.ContactLinks)
-	})
+		t.Run("DisableBlankIssues", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
 
-	t.Run("DisableBlankIssues", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
+			config := make(map[string]any)
+			config["blank_issues_enabled"] = false
 
-		config := make(map[string]any)
-		config["blank_issues_enabled"] = false
+			createIssueConfig(t, owner, repo, config)
 
-		createIssueConfig(t, owner, repo, config)
+			issueConfig := getIssueConfig(t, owner.Name, repo.Name)
 
-		issueConfig := getIssueConfig(t, owner.Name, repo.Name)
+			assert.False(t, issueConfig.BlankIssuesEnabled)
+			assert.Empty(t, issueConfig.ContactLinks)
+		})
 
-		assert.False(t, issueConfig.BlankIssuesEnabled)
-		assert.Empty(t, issueConfig.ContactLinks)
-	})
+		t.Run("ContactLinks", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
 
-	t.Run("ContactLinks", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
+			contactLink := make(map[string]string)
+			contactLink["name"] = "TestName"
+			contactLink["url"] = "https://example.com"
+			contactLink["about"] = "TestAbout"
 
-		contactLink := make(map[string]string)
-		contactLink["name"] = "TestName"
-		contactLink["url"] = "https://example.com"
-		contactLink["about"] = "TestAbout"
+			config := make(map[string]any)
+			config["contact_links"] = []map[string]string{contactLink}
 
-		config := make(map[string]any)
-		config["contact_links"] = []map[string]string{contactLink}
+			createIssueConfig(t, owner, repo, config)
 
-		createIssueConfig(t, owner, repo, config)
+			issueConfig := getIssueConfig(t, owner.Name, repo.Name)
 
-		issueConfig := getIssueConfig(t, owner.Name, repo.Name)
+			assert.True(t, issueConfig.BlankIssuesEnabled)
+			assert.Len(t, issueConfig.ContactLinks, 1)
 
-		assert.True(t, issueConfig.BlankIssuesEnabled)
-		assert.Len(t, issueConfig.ContactLinks, 1)
+			assert.Equal(t, "TestName", issueConfig.ContactLinks[0].Name)
+			assert.Equal(t, "https://example.com", issueConfig.ContactLinks[0].URL)
+			assert.Equal(t, "TestAbout", issueConfig.ContactLinks[0].About)
+		})
 
-		assert.Equal(t, "TestName", issueConfig.ContactLinks[0].Name)
-		assert.Equal(t, "https://example.com", issueConfig.ContactLinks[0].URL)
-		assert.Equal(t, "TestAbout", issueConfig.ContactLinks[0].About)
-	})
+		t.Run("Full", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
 
-	t.Run("Full", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
+			contactLink := make(map[string]string)
+			contactLink["name"] = "TestName"
+			contactLink["url"] = "https://example.com"
+			contactLink["about"] = "TestAbout"
 
-		contactLink := make(map[string]string)
-		contactLink["name"] = "TestName"
-		contactLink["url"] = "https://example.com"
-		contactLink["about"] = "TestAbout"
+			config := make(map[string]any)
+			config["blank_issues_enabled"] = false
+			config["contact_links"] = []map[string]string{contactLink}
 
-		config := make(map[string]any)
-		config["blank_issues_enabled"] = false
-		config["contact_links"] = []map[string]string{contactLink}
+			createIssueConfig(t, owner, repo, config)
 
-		createIssueConfig(t, owner, repo, config)
+			issueConfig := getIssueConfig(t, owner.Name, repo.Name)
 
-		issueConfig := getIssueConfig(t, owner.Name, repo.Name)
+			assert.False(t, issueConfig.BlankIssuesEnabled)
+			assert.Len(t, issueConfig.ContactLinks, 1)
 
-		assert.False(t, issueConfig.BlankIssuesEnabled)
-		assert.Len(t, issueConfig.ContactLinks, 1)
-
-		assert.Equal(t, "TestName", issueConfig.ContactLinks[0].Name)
-		assert.Equal(t, "https://example.com", issueConfig.ContactLinks[0].URL)
-		assert.Equal(t, "TestAbout", issueConfig.ContactLinks[0].About)
+			assert.Equal(t, "TestName", issueConfig.ContactLinks[0].Name)
+			assert.Equal(t, "https://example.com", issueConfig.ContactLinks[0].URL)
+			assert.Equal(t, "TestAbout", issueConfig.ContactLinks[0].About)
+		})
 	})
 }
 
 func TestAPIRepoIssueConfigPaths(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 49})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 49})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
-
-	templateConfigCandidates := []string{
-		".forgejo/ISSUE_TEMPLATE/config",
-		".forgejo/issue_template/config",
-		".gitea/ISSUE_TEMPLATE/config",
-		".gitea/issue_template/config",
-		".github/ISSUE_TEMPLATE/config",
-		".github/issue_template/config",
-		"docs/issue_template/config",
-	}
-
-	for _, candidate := range templateConfigCandidates {
-		for _, extension := range []string{".yaml", ".yml"} {
-			fullPath := candidate + extension
-			t.Run(fullPath, func(t *testing.T) {
-				defer tests.PrintCurrentTest(t)()
-
-				configMap := make(map[string]any)
-				configMap["blank_issues_enabled"] = false
-
-				configData, err := yaml.Marshal(configMap)
-				require.NoError(t, err)
-
-				_, err = createFileInBranch(owner, repo, fullPath, repo.DefaultBranch, string(configData))
-				require.NoError(t, err)
-
-				issueConfig := getIssueConfig(t, owner.Name, repo.Name)
-
-				assert.False(t, issueConfig.BlankIssuesEnabled)
-				assert.Empty(t, issueConfig.ContactLinks)
-
-				err = deleteFileInBranch(owner, repo, fullPath, repo.DefaultBranch)
-				require.NoError(t, err)
-			})
+		templateConfigCandidates := []string{
+			".forgejo/ISSUE_TEMPLATE/config",
+			".forgejo/issue_template/config",
+			".gitea/ISSUE_TEMPLATE/config",
+			".gitea/issue_template/config",
+			".github/ISSUE_TEMPLATE/config",
+			".github/issue_template/config",
+			"docs/issue_template/config",
 		}
-	}
+
+		for _, candidate := range templateConfigCandidates {
+			for _, extension := range []string{".yaml", ".yml"} {
+				fullPath := candidate + extension
+				t.Run(fullPath, func(t *testing.T) {
+					defer tests.PrintCurrentTest(t)()
+
+					configMap := make(map[string]any)
+					configMap["blank_issues_enabled"] = false
+
+					configData, err := yaml.Marshal(configMap)
+					require.NoError(t, err)
+
+					_, err = createFileInBranch(owner, repo, fullPath, repo.DefaultBranch, string(configData))
+					require.NoError(t, err)
+
+					issueConfig := getIssueConfig(t, owner.Name, repo.Name)
+
+					assert.False(t, issueConfig.BlankIssuesEnabled)
+					assert.Empty(t, issueConfig.ContactLinks)
+
+					err = deleteFileInBranch(owner, repo, fullPath, repo.DefaultBranch)
+					require.NoError(t, err)
+				})
+			}
+		}
+	})
 }
 
 func TestAPIRepoValidateIssueConfig(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 49})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
 
-	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 49})
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issue_config/validate", owner.Name, repo.Name)
 
-	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/issue_config/validate", owner.Name, repo.Name)
+		t.Run("Valid", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
 
-	t.Run("Valid", func(t *testing.T) {
-		defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", urlStr)
+			resp := MakeRequest(t, req, http.StatusOK)
 
-		req := NewRequest(t, "GET", urlStr)
-		resp := MakeRequest(t, req, http.StatusOK)
+			var issueConfigValidation api.IssueConfigValidation
+			DecodeJSON(t, resp, &issueConfigValidation)
 
-		var issueConfigValidation api.IssueConfigValidation
-		DecodeJSON(t, resp, &issueConfigValidation)
+			assert.True(t, issueConfigValidation.Valid)
+			assert.Empty(t, issueConfigValidation.Message)
+		})
 
-		assert.True(t, issueConfigValidation.Valid)
-		assert.Empty(t, issueConfigValidation.Message)
-	})
+		t.Run("Invalid", func(t *testing.T) {
+			dirs := []string{".gitea", ".forgejo", "docs"}
+			for _, dir := range dirs {
+				t.Run(dir, func(t *testing.T) {
+					defer tests.PrintCurrentTest(t)()
+					defer func() {
+						deleteFileInBranch(owner, repo, fmt.Sprintf("%s/ISSUE_TEMPLATE/config.yaml", dir), repo.DefaultBranch)
+					}()
 
-	t.Run("Invalid", func(t *testing.T) {
-		dirs := []string{".gitea", ".forgejo", "docs"}
-		for _, dir := range dirs {
-			t.Run(dir, func(t *testing.T) {
-				defer tests.PrintCurrentTest(t)()
-				defer func() {
-					deleteFileInBranch(owner, repo, fmt.Sprintf("%s/ISSUE_TEMPLATE/config.yaml", dir), repo.DefaultBranch)
-				}()
+					config := make(map[string]any)
+					config["blank_issues_enabled"] = "Test"
 
-				config := make(map[string]any)
-				config["blank_issues_enabled"] = "Test"
+					createIssueConfigInDirectory(t, owner, repo, dir, config)
 
-				createIssueConfigInDirectory(t, owner, repo, dir, config)
+					req := NewRequest(t, "GET", urlStr)
+					resp := MakeRequest(t, req, http.StatusOK)
 
-				req := NewRequest(t, "GET", urlStr)
-				resp := MakeRequest(t, req, http.StatusOK)
+					var issueConfigValidation api.IssueConfigValidation
+					DecodeJSON(t, resp, &issueConfigValidation)
 
-				var issueConfigValidation api.IssueConfigValidation
-				DecodeJSON(t, resp, &issueConfigValidation)
-
-				assert.False(t, issueConfigValidation.Valid)
-				assert.NotEmpty(t, issueConfigValidation.Message)
-			})
-		}
+					assert.False(t, issueConfigValidation.Valid)
+					assert.NotEmpty(t, issueConfigValidation.Message)
+				})
+			}
+		})
 	})
 }
diff --git a/tests/integration/empty_repo_test.go b/tests/integration/empty_repo_test.go
index 67be6a29a5..fe7c131331 100644
--- a/tests/integration/empty_repo_test.go
+++ b/tests/integration/empty_repo_test.go
@@ -10,6 +10,7 @@ import (
 	"io"
 	"mime/multipart"
 	"net/http"
+	"net/url"
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
@@ -44,96 +45,96 @@ func TestEmptyRepo(t *testing.T) {
 }
 
 func TestEmptyRepoAddFile(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		session := loginUser(t, "user30")
+		req := NewRequest(t, "GET", "/user30/empty/_new/"+setting.Repository.DefaultBranch)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		doc := NewHTMLParser(t, resp.Body).Find(`input[name="commit_choice"]`)
+		assert.Empty(t, doc.AttrOr("checked", "_no_"))
+		req = NewRequestWithValues(t, "POST", "/user30/empty/_new/"+setting.Repository.DefaultBranch, map[string]string{
+			"commit_choice":  "direct",
+			"tree_path":      "test-file.md",
+			"content":        "newly-added-test-file",
+			"commit_mail_id": "32",
+		})
 
-	session := loginUser(t, "user30")
-	req := NewRequest(t, "GET", "/user30/empty/_new/"+setting.Repository.DefaultBranch)
-	resp := session.MakeRequest(t, req, http.StatusOK)
-	doc := NewHTMLParser(t, resp.Body).Find(`input[name="commit_choice"]`)
-	assert.Empty(t, doc.AttrOr("checked", "_no_"))
-	req = NewRequestWithValues(t, "POST", "/user30/empty/_new/"+setting.Repository.DefaultBranch, map[string]string{
-		"commit_choice":  "direct",
-		"tree_path":      "test-file.md",
-		"content":        "newly-added-test-file",
-		"commit_mail_id": "32",
+		resp = session.MakeRequest(t, req, http.StatusSeeOther)
+		redirect := test.RedirectURL(resp)
+		assert.Equal(t, "/user30/empty/src/branch/"+setting.Repository.DefaultBranch+"/test-file.md", redirect)
+
+		req = NewRequest(t, "GET", redirect)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		assert.Contains(t, resp.Body.String(), "newly-added-test-file")
 	})
-
-	resp = session.MakeRequest(t, req, http.StatusSeeOther)
-	redirect := test.RedirectURL(resp)
-	assert.Equal(t, "/user30/empty/src/branch/"+setting.Repository.DefaultBranch+"/test-file.md", redirect)
-
-	req = NewRequest(t, "GET", redirect)
-	resp = session.MakeRequest(t, req, http.StatusOK)
-	assert.Contains(t, resp.Body.String(), "newly-added-test-file")
 }
 
 func TestEmptyRepoUploadFile(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		session := loginUser(t, "user30")
+		req := NewRequest(t, "GET", "/user30/empty/_new/"+setting.Repository.DefaultBranch)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		doc := NewHTMLParser(t, resp.Body).Find(`input[name="commit_choice"]`)
+		assert.Empty(t, doc.AttrOr("checked", "_no_"))
 
-	session := loginUser(t, "user30")
-	req := NewRequest(t, "GET", "/user30/empty/_new/"+setting.Repository.DefaultBranch)
-	resp := session.MakeRequest(t, req, http.StatusOK)
-	doc := NewHTMLParser(t, resp.Body).Find(`input[name="commit_choice"]`)
-	assert.Empty(t, doc.AttrOr("checked", "_no_"))
+		body := &bytes.Buffer{}
+		mpForm := multipart.NewWriter(body)
+		file, _ := mpForm.CreateFormFile("file", "uploaded-file.txt")
+		_, _ = io.Copy(file, bytes.NewBufferString("newly-uploaded-test-file"))
+		_ = mpForm.Close()
 
-	body := &bytes.Buffer{}
-	mpForm := multipart.NewWriter(body)
-	file, _ := mpForm.CreateFormFile("file", "uploaded-file.txt")
-	_, _ = io.Copy(file, bytes.NewBufferString("newly-uploaded-test-file"))
-	_ = mpForm.Close()
+		req = NewRequestWithBody(t, "POST", "/user30/empty/upload-file", body)
+		req.Header.Add("Content-Type", mpForm.FormDataContentType())
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		respMap := map[string]string{}
+		require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &respMap))
+		filesFullpathKey := fmt.Sprintf("files_fullpath[%s]", respMap["uuid"])
+		req = NewRequestWithValues(t, "POST", "/user30/empty/_upload/"+setting.Repository.DefaultBranch, map[string]string{
+			"commit_choice":  "direct",
+			"files":          respMap["uuid"],
+			filesFullpathKey: "uploaded-file.txt",
+			"tree_path":      "",
+			"commit_mail_id": "-1",
+		})
+		resp = session.MakeRequest(t, req, http.StatusSeeOther)
+		redirect := test.RedirectURL(resp)
+		assert.Equal(t, "/user30/empty/src/branch/"+setting.Repository.DefaultBranch+"/", redirect)
 
-	req = NewRequestWithBody(t, "POST", "/user30/empty/upload-file", body)
-	req.Header.Add("Content-Type", mpForm.FormDataContentType())
-	resp = session.MakeRequest(t, req, http.StatusOK)
-	respMap := map[string]string{}
-	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &respMap))
-	filesFullpathKey := fmt.Sprintf("files_fullpath[%s]", respMap["uuid"])
-	req = NewRequestWithValues(t, "POST", "/user30/empty/_upload/"+setting.Repository.DefaultBranch, map[string]string{
-		"commit_choice":  "direct",
-		"files":          respMap["uuid"],
-		filesFullpathKey: "uploaded-file.txt",
-		"tree_path":      "",
-		"commit_mail_id": "-1",
+		req = NewRequest(t, "GET", redirect)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		assert.Contains(t, resp.Body.String(), "uploaded-file.txt")
 	})
-	resp = session.MakeRequest(t, req, http.StatusSeeOther)
-	redirect := test.RedirectURL(resp)
-	assert.Equal(t, "/user30/empty/src/branch/"+setting.Repository.DefaultBranch+"/", redirect)
-
-	req = NewRequest(t, "GET", redirect)
-	resp = session.MakeRequest(t, req, http.StatusOK)
-	assert.Contains(t, resp.Body.String(), "uploaded-file.txt")
 }
 
 func TestEmptyRepoAddFileByAPI(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
+		session := loginUser(t, "user30")
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
 
-	session := loginUser(t, "user30")
-	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+		req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user30/empty/contents/new-file.txt", &api.CreateFileOptions{
+			FileOptions: api.FileOptions{
+				NewBranchName: "new_branch",
+				Message:       "init",
+			},
+			ContentBase64: base64.StdEncoding.EncodeToString([]byte("newly-added-api-file")),
+		}).AddTokenAuth(token)
 
-	req := NewRequestWithJSON(t, "POST", "/api/v1/repos/user30/empty/contents/new-file.txt", &api.CreateFileOptions{
-		FileOptions: api.FileOptions{
-			NewBranchName: "new_branch",
-			Message:       "init",
-		},
-		ContentBase64: base64.StdEncoding.EncodeToString([]byte("newly-added-api-file")),
-	}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusCreated)
+		var fileResponse api.FileResponse
+		DecodeJSON(t, resp, &fileResponse)
+		expectedHTMLURL := setting.AppURL + "user30/empty/src/branch/new_branch/new-file.txt"
+		assert.Equal(t, expectedHTMLURL, *fileResponse.Content.HTMLURL)
 
-	resp := MakeRequest(t, req, http.StatusCreated)
-	var fileResponse api.FileResponse
-	DecodeJSON(t, resp, &fileResponse)
-	expectedHTMLURL := setting.AppURL + "user30/empty/src/branch/new_branch/new-file.txt"
-	assert.Equal(t, expectedHTMLURL, *fileResponse.Content.HTMLURL)
+		req = NewRequest(t, "GET", "/user30/empty/src/branch/new_branch/new-file.txt")
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		assert.Contains(t, resp.Body.String(), "newly-added-api-file")
 
-	req = NewRequest(t, "GET", "/user30/empty/src/branch/new_branch/new-file.txt")
-	resp = session.MakeRequest(t, req, http.StatusOK)
-	assert.Contains(t, resp.Body.String(), "newly-added-api-file")
-
-	req = NewRequest(t, "GET", "/api/v1/repos/user30/empty").
-		AddTokenAuth(token)
-	resp = session.MakeRequest(t, req, http.StatusOK)
-	var apiRepo api.Repository
-	DecodeJSON(t, resp, &apiRepo)
-	assert.Equal(t, "new_branch", apiRepo.DefaultBranch)
+		req = NewRequest(t, "GET", "/api/v1/repos/user30/empty").
+			AddTokenAuth(token)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		var apiRepo api.Repository
+		DecodeJSON(t, resp, &apiRepo)
+		assert.Equal(t, "new_branch", apiRepo.DefaultBranch)
+	})
 }
 
 func TestEmptyRepoAPIRequestsReturn404(t *testing.T) {
diff --git a/tests/integration/git_hooks_test.go b/tests/integration/git_hooks_test.go
new file mode 100644
index 0000000000..05d2223aee
--- /dev/null
+++ b/tests/integration/git_hooks_test.go
@@ -0,0 +1,99 @@
+// Copyright 2026 The Forgejo Authors c/o Codeberg e.V.. All rights reserved.
+// SPDX-License-Identifier: MIT
+package integration
+
+import (
+	"fmt"
+	"net/url"
+	"os"
+	"path"
+	"testing"
+
+	"forgejo.org/models/auth"
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestCustomGitHooks(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo.OwnerID})
+
+		httpContext := NewAPITestContext(t, owner.Name, repo.Name, auth.AccessTokenScopeReadRepository)
+
+		dstPath := t.TempDir()
+
+		u.Path = httpContext.GitPath()
+		u.User = url.UserPassword(owner.Name, userPassword)
+
+		doGitClone(dstPath, u)(t)
+
+		customHooksDir := path.Join(repo.RepoPath(), "hooks")
+
+		hookNames := []string{"pre-receive", "update", "post-receive"}
+
+		for _, hookName := range hookNames {
+			customPath := path.Join(customHooksDir, hookName+".d")
+			err := os.MkdirAll(customPath, 0x755)
+			require.NoError(t, err)
+
+			err = os.WriteFile(path.Join(customPath, "append-proof"), customGitHookTpl(hookName), 0x755)
+			require.NoError(t, err)
+
+			// The legacy, already existing gitea script might be there in the hooks directory in old installations,
+			// here it's ensured that these scripts filtered out when custom hooks run
+			err = os.WriteFile(path.Join(customPath, "gitea"), customGitHookGiteaTpl(), 0x755)
+			require.NoError(t, err)
+		}
+
+		fd, err := os.Create(path.Join(dstPath, "hooks-test.txt"))
+		require.NoError(t, err)
+
+		err = fd.Close()
+		require.NoError(t, err)
+
+		_, _, err = git.NewCommand(git.DefaultContext, "checkout", "master").RunStdString(&git.RunOpts{Dir: dstPath})
+		require.NoError(t, err)
+
+		err = os.WriteFile(path.Join(dstPath, "hooks-test.txt"), []byte("test"), 0x644)
+		require.NoError(t, err)
+
+		_, _, err = git.NewCommand(git.DefaultContext, "add", "hooks-test.txt").RunStdString(&git.RunOpts{Dir: dstPath})
+		require.NoError(t, err)
+
+		_, _, err = git.NewCommand(git.DefaultContext, "commit", "-m", "Add hooks-test.txt").RunStdString(&git.RunOpts{Dir: dstPath})
+		require.NoError(t, err)
+
+		_, _, err = git.NewCommand(git.DefaultContext, "push", "origin", "master").RunStdString(&git.RunOpts{Dir: dstPath})
+		require.NoError(t, err)
+
+		data, err := os.ReadFile(path.Join(customHooksDir, "hooks-proof.txt"))
+		require.NoError(t, err)
+
+		require.Equal(t, `pre-receive
+update
+post-receive
+`, string(data))
+	})
+}
+
+func customGitHookTpl(hookName string) []byte {
+	hookStr := fmt.Sprintf(`#!/usr/bin/env sh
+echo "%s" >> $(dirname $0)/../hooks-proof.txt
+`, hookName)
+
+	return []byte(hookStr)
+}
+
+func customGitHookGiteaTpl() []byte {
+	hookStr := `#!/usr/bin/env sh
+echo "legacy gitea script shouldn't be called!"
+exit 1
+`
+
+	return []byte(hookStr)
+}
diff --git a/tests/integration/git_test.go b/tests/integration/git_test.go
index a5a242b912..dc86f4a4c2 100644
--- a/tests/integration/git_test.go
+++ b/tests/integration/git_test.go
@@ -201,6 +201,7 @@ func standardCommitAndPushTest(t *testing.T, dstPath string) (little, big string
 func lfsCommitAndPushTest(t *testing.T, dstPath string) (littleLFS, bigLFS string) {
 	t.Run("LFS", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
+		defer git.NewCommand(git.DefaultContext, "lfs").AddArguments("uninstall").Run(&git.RunOpts{Dir: dstPath})
 		prefix := "lfs-data-file-"
 		err := git.NewCommand(git.DefaultContext, "lfs").AddArguments("install").Run(&git.RunOpts{Dir: dstPath})
 		require.NoError(t, err)
diff --git a/tests/integration/repo_mergecommit_revert_test.go b/tests/integration/repo_mergecommit_revert_test.go
index 9ddf39eaaa..8cbe8a8142 100644
--- a/tests/integration/repo_mergecommit_revert_test.go
+++ b/tests/integration/repo_mergecommit_revert_test.go
@@ -5,29 +5,29 @@ package integration
 
 import (
 	"net/http"
+	"net/url"
 	"testing"
 
-	"forgejo.org/tests"
-
 	"github.com/stretchr/testify/assert"
 )
 
 func TestRepoMergeCommitRevert(t *testing.T) {
-	defer tests.PrepareTestEnv(t)()
-	session := loginUser(t, "user2")
+	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
+		session := loginUser(t, "user2")
 
-	req := NewRequestWithValues(t, "POST", "/user2/test_commit_revert/_cherrypick/deebcbc752e540bab4ce3ee713d3fc8fdc35b2f7/main", map[string]string{
-		"last_commit":     "deebcbc752e540bab4ce3ee713d3fc8fdc35b2f7",
-		"page_has_posted": "true",
-		"revert":          "true",
-		"commit_summary":  "reverting test commit",
-		"commit_message":  "test message",
-		"commit_choice":   "direct",
-		"new_branch_name": "test-revert-branch-1",
-		"commit_mail_id":  "-1",
+		req := NewRequestWithValues(t, "POST", "/user2/test_commit_revert/_cherrypick/deebcbc752e540bab4ce3ee713d3fc8fdc35b2f7/main", map[string]string{
+			"last_commit":     "deebcbc752e540bab4ce3ee713d3fc8fdc35b2f7",
+			"page_has_posted": "true",
+			"revert":          "true",
+			"commit_summary":  "reverting test commit",
+			"commit_message":  "test message",
+			"commit_choice":   "direct",
+			"new_branch_name": "test-revert-branch-1",
+			"commit_mail_id":  "-1",
+		})
+		resp := session.MakeRequest(t, req, http.StatusSeeOther)
+
+		// A successful revert redirects to the main branch
+		assert.Equal(t, "/user2/test_commit_revert/src/branch/main", resp.Header().Get("Location"))
 	})
-	resp := session.MakeRequest(t, req, http.StatusSeeOther)
-
-	// A successful revert redirects to the main branch
-	assert.Equal(t, "/user2/test_commit_revert/src/branch/main", resp.Header().Get("Location"))
 }
diff --git a/tests/unittest.ini.tmpl b/tests/unittest.ini.tmpl
new file mode 100644
index 0000000000..a2925b42e7
--- /dev/null
+++ b/tests/unittest.ini.tmpl
@@ -0,0 +1,2 @@
+[security]
+INSTALL_LOCK = true

From 93296305f906ad7c00cd4a2fd1d0cb3c588fe8e0 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Mon, 27 Apr 2026 23:05:18 +0200
Subject: [PATCH 746/854] fix test: revert unneeded test change with unintended
 consequences (#12281)

... from #11194 / 0034e55965262692f127d53a74fc176a37f0ef46

Revert a test code change left over from an intermediate development step which is not needed, because the LFS JWT config is tested in lfs.TestAuthenticate()

Fixes #12263

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [X] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [X] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [X] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [X] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12281
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 services/repository/lfs_test.go | 19 +++----------------
 1 file changed, 3 insertions(+), 16 deletions(-)

diff --git a/services/repository/lfs_test.go b/services/repository/lfs_test.go
index 0224b71100..969516ef5a 100644
--- a/services/repository/lfs_test.go
+++ b/services/repository/lfs_test.go
@@ -15,31 +15,18 @@ import (
 	"forgejo.org/modules/lfs"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/storage"
+	"forgejo.org/modules/test"
 	repo_service "forgejo.org/services/repository"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
-var ini = `[security]
-INSTALL_LOCK = true
-INTERNAL_TOKEN = ForgejoForgejoForgejoForgejoForgejoForgejo_	# don't use in prod
-[oauth2]
-JWT_SECRET = ForgejoForgejoForgejoForgejoForgejoForgejo_	# don't use in prod
-[server]
-LFS_START_SERVER = true
-LFS_JWT_SECRET = ForgejoForgejoForgejoForgejoForgejoForgejo_	# don't use in prod
-	`
-
 func TestGarbageCollectLFSMetaObjects(t *testing.T) {
-	var err error
-	setting.CfgProvider, err = setting.NewConfigProviderFromData(ini)
-	require.NoError(t, err, "Config")
-	setting.LoadCommonSettings()
-
 	unittest.PrepareTestEnv(t)
 
-	err = storage.Init()
+	defer test.MockVariableValue(&setting.LFS.StartServer, true)()
+	err := storage.Init()
 	require.NoError(t, err)
 
 	repo, err := repo_model.GetRepositoryByOwnerAndName(db.DefaultContext, "user2", "lfs")

From 9977df96d5b2967bc34716a4b3dcd34c287d80da Mon Sep 17 00:00:00 2001
From: Gabor Pihaj <gabor.pihaj@gmail.com>
Date: Mon, 27 Apr 2026 23:54:21 +0200
Subject: [PATCH 747/854] fix: "Follow symlink" to work with arbitrary links
 (#12246)

This change introduces a Path method on the TreeEntry struct, that
collects the path by moving upwards in the tree.

The existing FollowSymlink(s) methods interface has been changed, the
previously returned string has been removed, as after the fix it wasn't
used anywhere.

Fixes: #9931

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12246
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 modules/base/tool.go           |  2 +-
 modules/git/tree_entry.go      | 65 ++++++++++++++++++++++++++--------
 modules/git/tree_entry_test.go | 46 ++++++++++++++++++++++++
 routers/web/repo/view.go       | 11 +++---
 tests/integration/repo_test.go |  2 +-
 5 files changed, 105 insertions(+), 21 deletions(-)
 create mode 100644 modules/git/tree_entry_test.go

diff --git a/modules/base/tool.go b/modules/base/tool.go
index ada73df7da..1cc053ba58 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -103,7 +103,7 @@ func Int64sToStrings(ints []int64) []string {
 func EntryIcon(entry *git.TreeEntry) string {
 	switch {
 	case entry.IsLink():
-		te, _, err := entry.FollowLink()
+		te, err := entry.FollowLink()
 		if err != nil {
 			log.Debug(err.Error())
 			return "file-symlink-file"
diff --git a/modules/git/tree_entry.go b/modules/git/tree_entry.go
index 5e3bb8ac21..0b3564178b 100644
--- a/modules/git/tree_entry.go
+++ b/modules/git/tree_entry.go
@@ -5,6 +5,7 @@
 package git
 
 import (
+	"fmt"
 	"io"
 	"sort"
 	"strings"
@@ -136,11 +137,11 @@ func (te *TreeEntry) LinkTarget() (string, error) {
 }
 
 // FollowLink returns the entry pointed to by a symlink
-func (te *TreeEntry) FollowLink() (*TreeEntry, string, error) {
+func (te *TreeEntry) FollowLink() (*TreeEntry, error) {
 	// read the link
 	lnk, err := te.LinkTarget()
 	if err != nil {
-		return nil, "", err
+		return nil, err
 	}
 
 	t := te.ptree
@@ -151,35 +152,33 @@ func (te *TreeEntry) FollowLink() (*TreeEntry, string, error) {
 	}
 
 	if t == nil {
-		return nil, "", ErrBadLink{te.Name(), "points outside of repo"}
+		return nil, ErrBadLink{te.Name(), "points outside of repo"}
 	}
 
 	target, err := t.GetTreeEntryByPath(lnk)
 	if err != nil {
 		if IsErrNotExist(err) {
-			return nil, "", ErrBadLink{te.Name(), "broken link"}
+			return nil, ErrBadLink{te.Name(), "broken link"}
 		}
-		return nil, "", err
+		return nil, err
 	}
-	return target, lnk, nil
+	return target, nil
 }
 
 // FollowLinks returns the entry ultimately pointed to by a symlink
-func (te *TreeEntry) FollowLinks() (*TreeEntry, string, error) {
+func (te *TreeEntry) FollowLinks() (*TreeEntry, error) {
 	if !te.IsLink() {
-		return nil, "", ErrBadLink{te.Name(), "not a symlink"}
+		return nil, ErrBadLink{te.Name(), "not a symlink"}
 	}
 	entry := te
-	entryLink := ""
 	for range 999 {
 		if entry.IsLink() {
-			next, link, err := entry.FollowLink()
-			entryLink = link
+			next, err := entry.FollowLink()
 			if err != nil {
-				return nil, "", err
+				return nil, err
 			}
 			if next.ID == entry.ID {
-				return nil, "", ErrBadLink{
+				return nil, ErrBadLink{
 					entry.Name(),
 					"recursive link",
 				}
@@ -190,12 +189,12 @@ func (te *TreeEntry) FollowLinks() (*TreeEntry, string, error) {
 		}
 	}
 	if entry.IsLink() {
-		return nil, "", ErrBadLink{
+		return nil, ErrBadLink{
 			te.Name(),
 			"too many levels of symbolic links",
 		}
 	}
-	return entry, entryLink, nil
+	return entry, nil
 }
 
 // returns the Tree pointed to by this TreeEntry, or nil if this is not a tree
@@ -208,6 +207,42 @@ func (te *TreeEntry) Tree() *Tree {
 	return t
 }
 
+// returns the calulcated path within the tree of this TreeEntry, or an error if it can be determined
+func (te *TreeEntry) Path() (string, error) {
+	targetPath := te.Name()
+	parentTree := te.ptree
+	if parentTree == nil {
+		return "", fmt.Errorf("couldn't find the parent tree of the entry")
+	}
+
+	prevID := parentTree.ID
+	parentTree = parentTree.ptree
+	for parentTree != nil {
+		entries, err := parentTree.ListEntries()
+		if err != nil {
+			return "", fmt.Errorf("couldn't list entries: %v", err)
+		}
+
+		var matchingEntry *TreeEntry
+		for _, entry := range entries {
+			if entry.ID == prevID {
+				matchingEntry = entry
+				break
+			}
+		}
+
+		if matchingEntry == nil {
+			return "", fmt.Errorf("this shouldn't happen: couldn't find entry (ID: %s) in tree (ID: %s)", prevID, parentTree.ID)
+		}
+
+		targetPath = matchingEntry.name + "/" + targetPath
+		prevID = parentTree.ID
+		parentTree = parentTree.ptree
+	}
+
+	return targetPath, nil
+}
+
 // GetSubJumpablePathName return the full path of subdirectory jumpable ( contains only one directory )
 func (te *TreeEntry) GetSubJumpablePathName() string {
 	if te.IsSubmodule() || !te.IsDir() {
diff --git a/modules/git/tree_entry_test.go b/modules/git/tree_entry_test.go
new file mode 100644
index 0000000000..325d3686f0
--- /dev/null
+++ b/modules/git/tree_entry_test.go
@@ -0,0 +1,46 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package git_test
+
+import (
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestTreeEntry_Path(t *testing.T) {
+	repo, err := openRepositoryWithDefaultContext(filepath.Join(testReposDir, "templates_repo"))
+	require.NoError(t, err)
+	defer repo.Close()
+
+	tests := []struct {
+		name string // description of this test case
+		path string
+	}{
+		{
+			name: "Top level dir",
+			path: ".forgejo",
+		},
+		{
+			name: "File in subdir",
+			path: ".forgejo/default_merge_message/MERGE_TEMPLATE.md",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tree, err := repo.GetTree("HEAD^{tree}")
+			require.NoError(t, err)
+
+			te, err := tree.GetTreeEntryByPath(tt.path)
+			require.NoError(t, err)
+
+			got, gotErr := te.Path()
+			require.NoError(t, gotErr, "Path() failed: %v", gotErr)
+			assert.Equal(t, tt.path, got, "Path() = %v, want %v", got, tt.path)
+		})
+	}
+}
diff --git a/routers/web/repo/view.go b/routers/web/repo/view.go
index 287cd1b6aa..df0255279a 100644
--- a/routers/web/repo/view.go
+++ b/routers/web/repo/view.go
@@ -120,7 +120,7 @@ func FindReadmeFileInEntries(ctx *context.Context, entries []*git.TreeEntry, try
 			log.Debug("Potential readme file: %s", entry.Name())
 			if readmeFiles[i] == nil || base.NaturalSortLess(readmeFiles[i].Name(), entry.Blob().Name()) {
 				if entry.IsLink() {
-					target, _, err := entry.FollowLinks()
+					target, err := entry.FollowLinks()
 					if err != nil && !git.IsErrBadLink(err) {
 						return "", nil, err
 					} else if target != nil && (target.IsExecutable() || target.IsRegular()) {
@@ -270,7 +270,7 @@ func getFileReader(ctx gocontext.Context, repoID int64, blob *git.Blob) ([]byte,
 func renderReadmeFile(ctx *context.Context, subfolder string, readmeFile *git.TreeEntry) {
 	target := readmeFile
 	if readmeFile != nil && readmeFile.IsLink() {
-		target, _, _ = readmeFile.FollowLinks()
+		target, _ = readmeFile.FollowLinks()
 	}
 	if target == nil {
 		// if findReadmeFile() failed and/or gave us a broken symlink (which it shouldn't)
@@ -398,11 +398,14 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry) {
 	ctx.Data["OpenGraphNoDescription"] = true
 
 	if entry.IsLink() {
-		_, link, err := entry.FollowLinks()
+		target, err := entry.FollowLinks()
 		// Errors should be allowed, because this shouldn't
 		// block rendering invalid symlink files.
 		if err == nil {
-			ctx.Data["SymlinkURL"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL() + "/" + util.PathEscapeSegments(link)
+			targetPath, err := target.Path()
+			if err == nil {
+				ctx.Data["SymlinkURL"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL() + "/" + util.PathEscapeSegments(targetPath)
+			}
 		}
 	}
 
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index 2f189bf7a8..299299ff0b 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -1079,7 +1079,7 @@ func TestRepoFollowSymlink(t *testing.T) {
 
 	t.Run("Normal", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
-		assertCase(t, "/user2/readme-test/src/branch/symlink/up/back/down/down/README.md", "/user2/readme-test/src/branch/symlink/down/side/../left/right/../reelmein", true)
+		assertCase(t, "/user2/readme-test/src/branch/symlink/up/back/down/down/README.md", "/user2/readme-test/src/branch/symlink/up/down/left/reelmein", true)
 	})
 
 	t.Run("Broken symlink", func(t *testing.T) {

From 2425ae7725f51b186d79afd1125deb30a68c4327 Mon Sep 17 00:00:00 2001
From: Christian Drexler <christian@konsolenknecht.de>
Date: Tue, 28 Apr 2026 02:11:26 +0200
Subject: [PATCH 748/854] feat: enable compression on zip dump (#12296)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12296
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 cmd/dump.go | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cmd/dump.go b/cmd/dump.go
index 25459c7731..9fe326dfbb 100644
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -112,7 +112,10 @@ func getArchiverByType(outType string) (archives.ArchiverAsync, error) {
 	var archiver archives.ArchiverAsync
 	switch outType {
 	case "zip":
-		archiver = archives.Zip{}
+		archiver = archives.Zip{
+			Compression:          8,
+			SelectiveCompression: false,
+		}
 	case "tar":
 		archiver = archives.Tar{}
 	case "tar.sz":

From 37412e6a00ae23d577469efc704b48cc961810c8 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 28 Apr 2026 02:13:06 +0200
Subject: [PATCH 749/854] feat: cache OIDC metadata & JWKS when read by
 authorized integration (#12275)

Enhances authorized integrations (#12261) with a cache of the remote OpenID Connect descriptor file and JSON Web Key Set (JWKS), improving runtime performance and reducing intermittent reliability risks.  By default a 10 minute cache is used, configurable through `[authorized_integration].CACHE_TTL`.

To mock the cache for testing, mockery code generation is added, and a previous manually generated mock for `AuthorizationReducer` was replaced with the code generation.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
    - Authorized integrations are not yet exposed to end-users.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12275
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 .deadcode-out                                 |    3 -
 .mockery.yml                                  |   16 +
 Makefile                                      |   12 +-
 custom/conf/app.example.ini                   |    4 +
 go.mod                                        |    1 -
 modules/cache/mocks.go                        |  497 +++++++
 modules/nosql/manager.go                      |    2 +
 modules/nosql/mocks.go                        | 1240 +++++++++++++++++
 modules/queue/base_redis_test.go              |   62 +-
 modules/queue/mock/redisuniversalclient.go    |  344 -----
 modules/setting/authorized_integration.go     |    2 +
 .../auth/method/authorized_integration.go     |   81 +-
 .../method/authorized_integration_test.go     |  100 ++
 services/authz/authorization_reducer.go       |    2 +
 services/authz/authorization_reducer_mock.go  |  252 +++-
 15 files changed, 2156 insertions(+), 462 deletions(-)
 create mode 100644 .mockery.yml
 create mode 100644 modules/cache/mocks.go
 create mode 100644 modules/nosql/mocks.go
 delete mode 100644 modules/queue/mock/redisuniversalclient.go

diff --git a/.deadcode-out b/.deadcode-out
index b8c236daf6..b70be3e800 100644
--- a/.deadcode-out
+++ b/.deadcode-out
@@ -222,9 +222,6 @@ forgejo.org/modules/zstd
 forgejo.org/routers/web/org
 	MustEnableProjects
 
-forgejo.org/services/auth/method
-	OverrideAuthorizedIntegrationHTTPClient
-
 forgejo.org/services/context
 	GetPrivateContext
 
diff --git a/.mockery.yml b/.mockery.yml
new file mode 100644
index 0000000000..7c98b29508
--- /dev/null
+++ b/.mockery.yml
@@ -0,0 +1,16 @@
+formatter: gofmt
+template: testify
+packages:
+  forgejo.org/modules/nosql:
+    config:
+      filename: mocks.go # make mocks public so that external packages can use
+  forgejo.org/services/authz:
+    config:
+      filename: authorization_reducer_mock.go # make mocks public so that external packages can use
+  code.forgejo.org/go-chi/cache:
+    interfaces:
+      Cache:
+        config:
+          pkgname: cache
+          dir: modules/cache
+          filename: mocks.go # make mocks public, not `_test.go`, so that external packages can mock caching
diff --git a/Makefile b/Makefile
index a499443ddd..a17f79d3a9 100644
--- a/Makefile
+++ b/Makefile
@@ -47,8 +47,8 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses/v2@v2.0.1 # renovate: datas
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.44.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
-GOMOCK_PACKAGE ?= go.uber.org/mock/mockgen@v0.6.0 # renovate: datasource=go
 RENOVATE_NPM_PACKAGE ?= renovate@43.141.6 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+MOCKERY_PACKAGE ?= github.com/vektra/mockery/v3@v3.7.0 # renovate: datasource=go
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/
 DISPOSABLE_EMAILS_SHA ?= 0c27e671231d27cf66370034d7f6818037416989 # renovate: ...
@@ -245,7 +245,7 @@ help:
 	@echo " - generate-license                 update license files"
 	@echo " - generate-gitignore               update gitignore files"
 	@echo " - generate-manpage                 generate manpage"
-	@echo " - generate-gomock                  generate gomock files"
+	@echo " - generate-mockery                 generate mockery files"
 	@echo " - generate-forgejo-api             generate the forgejo API from spec"
 	@echo " - forgejo-api-validate             check if the forgejo API matches the specs"
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
@@ -968,8 +968,8 @@ deps-tools:
 	$(GO) install $(XGO_PACKAGE)
 	$(GO) install $(GO_LICENSES_PACKAGE)
 	$(GO) install $(GOVULNCHECK_PACKAGE)
-	$(GO) install $(GOMOCK_PACKAGE)
 	$(GO) install $(ERRORTYPE_PACKAGE)
+	$(GO) install $(MOCKERY_PACKAGE)
 
 node_modules: package-lock.json
 	npm install --no-save
@@ -1024,9 +1024,9 @@ generate-license:
 generate-gitignore:
 	$(GO) run build/generate-gitignores.go
 
-.PHONY: generate-gomock
-generate-gomock:
-	$(GO) run $(GOMOCK_PACKAGE) -package mock -destination ./modules/queue/mock/redisuniversalclient.go forgejo.org/modules/nosql RedisClient
+.PHONY: generate-mockery
+generate-mockery:
+	$(GO) run $(MOCKERY_PACKAGE)
 
 .PHONY: generate-images
 generate-images: | node_modules
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index ae22c02609..40dd7d56db 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -2846,3 +2846,7 @@ LEVEL = Info
 ;; Default is false.
 ;; If a domain is allowed by ALLOWED_DOMAINS, this option will be ignored.
 ;ALLOW_LOCALNETWORKS = false
+;
+;; Remote requests are cached after being received for the cache time-to-live (TTL). Default is 10 minutes.
+;; Caching uses the configured adapter in the [cache] config section.
+;CACHE_TTL = 10m
diff --git a/go.mod b/go.mod
index 33a8152647..f228f4bc1d 100644
--- a/go.mod
+++ b/go.mod
@@ -100,7 +100,6 @@ require (
 	github.com/yuin/goldmark v1.8.2
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	gitlab.com/gitlab-org/api/client-go v0.143.2
-	go.uber.org/mock v0.6.0
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.50.0
 	golang.org/x/image v0.39.0
diff --git a/modules/cache/mocks.go b/modules/cache/mocks.go
new file mode 100644
index 0000000000..8bfec19d6b
--- /dev/null
+++ b/modules/cache/mocks.go
@@ -0,0 +1,497 @@
+// Code generated by mockery; DO NOT EDIT.
+// github.com/vektra/mockery
+// template: testify
+
+package cache
+
+import (
+	"code.forgejo.org/go-chi/cache"
+	mock "github.com/stretchr/testify/mock"
+)
+
+// NewMockCache creates a new instance of MockCache. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewMockCache(t interface {
+	mock.TestingT
+	Cleanup(func())
+},
+) *MockCache {
+	mock := &MockCache{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}
+
+// MockCache is an autogenerated mock type for the Cache type
+type MockCache struct {
+	mock.Mock
+}
+
+type MockCache_Expecter struct {
+	mock *mock.Mock
+}
+
+func (_m *MockCache) EXPECT() *MockCache_Expecter {
+	return &MockCache_Expecter{mock: &_m.Mock}
+}
+
+// Decr provides a mock function for the type MockCache
+func (_mock *MockCache) Decr(key string) error {
+	ret := _mock.Called(key)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Decr")
+	}
+
+	var r0 error
+	if returnFunc, ok := ret.Get(0).(func(string) error); ok {
+		r0 = returnFunc(key)
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+
+// MockCache_Decr_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Decr'
+type MockCache_Decr_Call struct {
+	*mock.Call
+}
+
+// Decr is a helper method to define mock.On call
+//   - key string
+func (_e *MockCache_Expecter) Decr(key any) *MockCache_Decr_Call {
+	return &MockCache_Decr_Call{Call: _e.mock.On("Decr", key)}
+}
+
+func (_c *MockCache_Decr_Call) Run(run func(key string)) *MockCache_Decr_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 string
+		if args[0] != nil {
+			arg0 = args[0].(string)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *MockCache_Decr_Call) Return(err error) *MockCache_Decr_Call {
+	_c.Call.Return(err)
+	return _c
+}
+
+func (_c *MockCache_Decr_Call) RunAndReturn(run func(key string) error) *MockCache_Decr_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Delete provides a mock function for the type MockCache
+func (_mock *MockCache) Delete(key string) error {
+	ret := _mock.Called(key)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Delete")
+	}
+
+	var r0 error
+	if returnFunc, ok := ret.Get(0).(func(string) error); ok {
+		r0 = returnFunc(key)
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+
+// MockCache_Delete_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Delete'
+type MockCache_Delete_Call struct {
+	*mock.Call
+}
+
+// Delete is a helper method to define mock.On call
+//   - key string
+func (_e *MockCache_Expecter) Delete(key any) *MockCache_Delete_Call {
+	return &MockCache_Delete_Call{Call: _e.mock.On("Delete", key)}
+}
+
+func (_c *MockCache_Delete_Call) Run(run func(key string)) *MockCache_Delete_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 string
+		if args[0] != nil {
+			arg0 = args[0].(string)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *MockCache_Delete_Call) Return(err error) *MockCache_Delete_Call {
+	_c.Call.Return(err)
+	return _c
+}
+
+func (_c *MockCache_Delete_Call) RunAndReturn(run func(key string) error) *MockCache_Delete_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Flush provides a mock function for the type MockCache
+func (_mock *MockCache) Flush() error {
+	ret := _mock.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for Flush")
+	}
+
+	var r0 error
+	if returnFunc, ok := ret.Get(0).(func() error); ok {
+		r0 = returnFunc()
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+
+// MockCache_Flush_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Flush'
+type MockCache_Flush_Call struct {
+	*mock.Call
+}
+
+// Flush is a helper method to define mock.On call
+func (_e *MockCache_Expecter) Flush() *MockCache_Flush_Call {
+	return &MockCache_Flush_Call{Call: _e.mock.On("Flush")}
+}
+
+func (_c *MockCache_Flush_Call) Run(run func()) *MockCache_Flush_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+
+func (_c *MockCache_Flush_Call) Return(err error) *MockCache_Flush_Call {
+	_c.Call.Return(err)
+	return _c
+}
+
+func (_c *MockCache_Flush_Call) RunAndReturn(run func() error) *MockCache_Flush_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Get provides a mock function for the type MockCache
+func (_mock *MockCache) Get(key string) any {
+	ret := _mock.Called(key)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Get")
+	}
+
+	var r0 any
+	if returnFunc, ok := ret.Get(0).(func(string) any); ok {
+		r0 = returnFunc(key)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(any)
+		}
+	}
+	return r0
+}
+
+// MockCache_Get_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Get'
+type MockCache_Get_Call struct {
+	*mock.Call
+}
+
+// Get is a helper method to define mock.On call
+//   - key string
+func (_e *MockCache_Expecter) Get(key any) *MockCache_Get_Call {
+	return &MockCache_Get_Call{Call: _e.mock.On("Get", key)}
+}
+
+func (_c *MockCache_Get_Call) Run(run func(key string)) *MockCache_Get_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 string
+		if args[0] != nil {
+			arg0 = args[0].(string)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *MockCache_Get_Call) Return(v any) *MockCache_Get_Call {
+	_c.Call.Return(v)
+	return _c
+}
+
+func (_c *MockCache_Get_Call) RunAndReturn(run func(key string) any) *MockCache_Get_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Incr provides a mock function for the type MockCache
+func (_mock *MockCache) Incr(key string) error {
+	ret := _mock.Called(key)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Incr")
+	}
+
+	var r0 error
+	if returnFunc, ok := ret.Get(0).(func(string) error); ok {
+		r0 = returnFunc(key)
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+
+// MockCache_Incr_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Incr'
+type MockCache_Incr_Call struct {
+	*mock.Call
+}
+
+// Incr is a helper method to define mock.On call
+//   - key string
+func (_e *MockCache_Expecter) Incr(key any) *MockCache_Incr_Call {
+	return &MockCache_Incr_Call{Call: _e.mock.On("Incr", key)}
+}
+
+func (_c *MockCache_Incr_Call) Run(run func(key string)) *MockCache_Incr_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 string
+		if args[0] != nil {
+			arg0 = args[0].(string)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *MockCache_Incr_Call) Return(err error) *MockCache_Incr_Call {
+	_c.Call.Return(err)
+	return _c
+}
+
+func (_c *MockCache_Incr_Call) RunAndReturn(run func(key string) error) *MockCache_Incr_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// IsExist provides a mock function for the type MockCache
+func (_mock *MockCache) IsExist(key string) bool {
+	ret := _mock.Called(key)
+
+	if len(ret) == 0 {
+		panic("no return value specified for IsExist")
+	}
+
+	var r0 bool
+	if returnFunc, ok := ret.Get(0).(func(string) bool); ok {
+		r0 = returnFunc(key)
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+	return r0
+}
+
+// MockCache_IsExist_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'IsExist'
+type MockCache_IsExist_Call struct {
+	*mock.Call
+}
+
+// IsExist is a helper method to define mock.On call
+//   - key string
+func (_e *MockCache_Expecter) IsExist(key any) *MockCache_IsExist_Call {
+	return &MockCache_IsExist_Call{Call: _e.mock.On("IsExist", key)}
+}
+
+func (_c *MockCache_IsExist_Call) Run(run func(key string)) *MockCache_IsExist_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 string
+		if args[0] != nil {
+			arg0 = args[0].(string)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *MockCache_IsExist_Call) Return(b bool) *MockCache_IsExist_Call {
+	_c.Call.Return(b)
+	return _c
+}
+
+func (_c *MockCache_IsExist_Call) RunAndReturn(run func(key string) bool) *MockCache_IsExist_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Ping provides a mock function for the type MockCache
+func (_mock *MockCache) Ping() error {
+	ret := _mock.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for Ping")
+	}
+
+	var r0 error
+	if returnFunc, ok := ret.Get(0).(func() error); ok {
+		r0 = returnFunc()
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+
+// MockCache_Ping_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Ping'
+type MockCache_Ping_Call struct {
+	*mock.Call
+}
+
+// Ping is a helper method to define mock.On call
+func (_e *MockCache_Expecter) Ping() *MockCache_Ping_Call {
+	return &MockCache_Ping_Call{Call: _e.mock.On("Ping")}
+}
+
+func (_c *MockCache_Ping_Call) Run(run func()) *MockCache_Ping_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+
+func (_c *MockCache_Ping_Call) Return(err error) *MockCache_Ping_Call {
+	_c.Call.Return(err)
+	return _c
+}
+
+func (_c *MockCache_Ping_Call) RunAndReturn(run func() error) *MockCache_Ping_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Put provides a mock function for the type MockCache
+func (_mock *MockCache) Put(key string, val any, timeout int64) error {
+	ret := _mock.Called(key, val, timeout)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Put")
+	}
+
+	var r0 error
+	if returnFunc, ok := ret.Get(0).(func(string, any, int64) error); ok {
+		r0 = returnFunc(key, val, timeout)
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+
+// MockCache_Put_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Put'
+type MockCache_Put_Call struct {
+	*mock.Call
+}
+
+// Put is a helper method to define mock.On call
+//   - key string
+//   - val any
+//   - timeout int64
+func (_e *MockCache_Expecter) Put(key, val, timeout any) *MockCache_Put_Call {
+	return &MockCache_Put_Call{Call: _e.mock.On("Put", key, val, timeout)}
+}
+
+func (_c *MockCache_Put_Call) Run(run func(key string, val any, timeout int64)) *MockCache_Put_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 string
+		if args[0] != nil {
+			arg0 = args[0].(string)
+		}
+		var arg1 any
+		if args[1] != nil {
+			arg1 = args[1].(any)
+		}
+		var arg2 int64
+		if args[2] != nil {
+			arg2 = args[2].(int64)
+		}
+		run(
+			arg0,
+			arg1,
+			arg2,
+		)
+	})
+	return _c
+}
+
+func (_c *MockCache_Put_Call) Return(err error) *MockCache_Put_Call {
+	_c.Call.Return(err)
+	return _c
+}
+
+func (_c *MockCache_Put_Call) RunAndReturn(run func(key string, val any, timeout int64) error) *MockCache_Put_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// StartAndGC provides a mock function for the type MockCache
+func (_mock *MockCache) StartAndGC(opt cache.Options) error {
+	ret := _mock.Called(opt)
+
+	if len(ret) == 0 {
+		panic("no return value specified for StartAndGC")
+	}
+
+	var r0 error
+	if returnFunc, ok := ret.Get(0).(func(cache.Options) error); ok {
+		r0 = returnFunc(opt)
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+
+// MockCache_StartAndGC_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'StartAndGC'
+type MockCache_StartAndGC_Call struct {
+	*mock.Call
+}
+
+// StartAndGC is a helper method to define mock.On call
+//   - opt cache.Options
+func (_e *MockCache_Expecter) StartAndGC(opt any) *MockCache_StartAndGC_Call {
+	return &MockCache_StartAndGC_Call{Call: _e.mock.On("StartAndGC", opt)}
+}
+
+func (_c *MockCache_StartAndGC_Call) Run(run func(opt cache.Options)) *MockCache_StartAndGC_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 cache.Options
+		if args[0] != nil {
+			arg0 = args[0].(cache.Options)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *MockCache_StartAndGC_Call) Return(err error) *MockCache_StartAndGC_Call {
+	_c.Call.Return(err)
+	return _c
+}
+
+func (_c *MockCache_StartAndGC_Call) RunAndReturn(run func(opt cache.Options) error) *MockCache_StartAndGC_Call {
+	_c.Call.Return(run)
+	return _c
+}
diff --git a/modules/nosql/manager.go b/modules/nosql/manager.go
index 7eea069e09..748afe7587 100644
--- a/modules/nosql/manager.go
+++ b/modules/nosql/manager.go
@@ -30,6 +30,8 @@ type Manager struct {
 // RedisClient is a subset of redis.UniversalClient, it exposes less methods
 // to avoid generating machine code for unused methods. New method definitions
 // should be copied from the definitions in the Redis library github.com/redis/go-redis.
+//
+//mockery:generate: true
 type RedisClient interface {
 	// redis.GenericCmdable
 	Del(ctx context.Context, keys ...string) *redis.IntCmd
diff --git a/modules/nosql/mocks.go b/modules/nosql/mocks.go
new file mode 100644
index 0000000000..39d0d1fea3
--- /dev/null
+++ b/modules/nosql/mocks.go
@@ -0,0 +1,1240 @@
+// Code generated by mockery; DO NOT EDIT.
+// github.com/vektra/mockery
+// template: testify
+
+package nosql
+
+import (
+	"context"
+	"time"
+
+	"github.com/redis/go-redis/v9"
+	mock "github.com/stretchr/testify/mock"
+)
+
+// NewMockRedisClient creates a new instance of MockRedisClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewMockRedisClient(t interface {
+	mock.TestingT
+	Cleanup(func())
+},
+) *MockRedisClient {
+	mock := &MockRedisClient{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}
+
+// MockRedisClient is an autogenerated mock type for the RedisClient type
+type MockRedisClient struct {
+	mock.Mock
+}
+
+type MockRedisClient_Expecter struct {
+	mock *mock.Mock
+}
+
+func (_m *MockRedisClient) EXPECT() *MockRedisClient_Expecter {
+	return &MockRedisClient_Expecter{mock: &_m.Mock}
+}
+
+// Close provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) Close() error {
+	ret := _mock.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for Close")
+	}
+
+	var r0 error
+	if returnFunc, ok := ret.Get(0).(func() error); ok {
+		r0 = returnFunc()
+	} else {
+		r0 = ret.Error(0)
+	}
+	return r0
+}
+
+// MockRedisClient_Close_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Close'
+type MockRedisClient_Close_Call struct {
+	*mock.Call
+}
+
+// Close is a helper method to define mock.On call
+func (_e *MockRedisClient_Expecter) Close() *MockRedisClient_Close_Call {
+	return &MockRedisClient_Close_Call{Call: _e.mock.On("Close")}
+}
+
+func (_c *MockRedisClient_Close_Call) Run(run func()) *MockRedisClient_Close_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_Close_Call) Return(err error) *MockRedisClient_Close_Call {
+	_c.Call.Return(err)
+	return _c
+}
+
+func (_c *MockRedisClient_Close_Call) RunAndReturn(run func() error) *MockRedisClient_Close_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// DBSize provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) DBSize(ctx context.Context) *redis.IntCmd {
+	ret := _mock.Called(ctx)
+
+	if len(ret) == 0 {
+		panic("no return value specified for DBSize")
+	}
+
+	var r0 *redis.IntCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context) *redis.IntCmd); ok {
+		r0 = returnFunc(ctx)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.IntCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_DBSize_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DBSize'
+type MockRedisClient_DBSize_Call struct {
+	*mock.Call
+}
+
+// DBSize is a helper method to define mock.On call
+//   - ctx context.Context
+func (_e *MockRedisClient_Expecter) DBSize(ctx any) *MockRedisClient_DBSize_Call {
+	return &MockRedisClient_DBSize_Call{Call: _e.mock.On("DBSize", ctx)}
+}
+
+func (_c *MockRedisClient_DBSize_Call) Run(run func(ctx context.Context)) *MockRedisClient_DBSize_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_DBSize_Call) Return(intCmd *redis.IntCmd) *MockRedisClient_DBSize_Call {
+	_c.Call.Return(intCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_DBSize_Call) RunAndReturn(run func(ctx context.Context) *redis.IntCmd) *MockRedisClient_DBSize_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Decr provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) Decr(ctx context.Context, key string) *redis.IntCmd {
+	ret := _mock.Called(ctx, key)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Decr")
+	}
+
+	var r0 *redis.IntCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string) *redis.IntCmd); ok {
+		r0 = returnFunc(ctx, key)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.IntCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_Decr_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Decr'
+type MockRedisClient_Decr_Call struct {
+	*mock.Call
+}
+
+// Decr is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+func (_e *MockRedisClient_Expecter) Decr(ctx, key any) *MockRedisClient_Decr_Call {
+	return &MockRedisClient_Decr_Call{Call: _e.mock.On("Decr", ctx, key)}
+}
+
+func (_c *MockRedisClient_Decr_Call) Run(run func(ctx context.Context, key string)) *MockRedisClient_Decr_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		run(
+			arg0,
+			arg1,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_Decr_Call) Return(intCmd *redis.IntCmd) *MockRedisClient_Decr_Call {
+	_c.Call.Return(intCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_Decr_Call) RunAndReturn(run func(ctx context.Context, key string) *redis.IntCmd) *MockRedisClient_Decr_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Del provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) Del(ctx context.Context, keys ...string) *redis.IntCmd {
+	var tmpRet mock.Arguments
+	if len(keys) > 0 {
+		tmpRet = _mock.Called(ctx, keys)
+	} else {
+		tmpRet = _mock.Called(ctx)
+	}
+	ret := tmpRet
+
+	if len(ret) == 0 {
+		panic("no return value specified for Del")
+	}
+
+	var r0 *redis.IntCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, ...string) *redis.IntCmd); ok {
+		r0 = returnFunc(ctx, keys...)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.IntCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_Del_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Del'
+type MockRedisClient_Del_Call struct {
+	*mock.Call
+}
+
+// Del is a helper method to define mock.On call
+//   - ctx context.Context
+//   - keys ...string
+func (_e *MockRedisClient_Expecter) Del(ctx any, keys ...any) *MockRedisClient_Del_Call {
+	return &MockRedisClient_Del_Call{Call: _e.mock.On("Del",
+		append([]any{ctx}, keys...)...)}
+}
+
+func (_c *MockRedisClient_Del_Call) Run(run func(ctx context.Context, keys ...string)) *MockRedisClient_Del_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 []string
+		var variadicArgs []string
+		if len(args) > 1 {
+			variadicArgs = args[1].([]string)
+		}
+		arg1 = variadicArgs
+		run(
+			arg0,
+			arg1...,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_Del_Call) Return(intCmd *redis.IntCmd) *MockRedisClient_Del_Call {
+	_c.Call.Return(intCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_Del_Call) RunAndReturn(run func(ctx context.Context, keys ...string) *redis.IntCmd) *MockRedisClient_Del_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Exists provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) Exists(ctx context.Context, keys ...string) *redis.IntCmd {
+	var tmpRet mock.Arguments
+	if len(keys) > 0 {
+		tmpRet = _mock.Called(ctx, keys)
+	} else {
+		tmpRet = _mock.Called(ctx)
+	}
+	ret := tmpRet
+
+	if len(ret) == 0 {
+		panic("no return value specified for Exists")
+	}
+
+	var r0 *redis.IntCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, ...string) *redis.IntCmd); ok {
+		r0 = returnFunc(ctx, keys...)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.IntCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_Exists_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Exists'
+type MockRedisClient_Exists_Call struct {
+	*mock.Call
+}
+
+// Exists is a helper method to define mock.On call
+//   - ctx context.Context
+//   - keys ...string
+func (_e *MockRedisClient_Expecter) Exists(ctx any, keys ...any) *MockRedisClient_Exists_Call {
+	return &MockRedisClient_Exists_Call{Call: _e.mock.On("Exists",
+		append([]any{ctx}, keys...)...)}
+}
+
+func (_c *MockRedisClient_Exists_Call) Run(run func(ctx context.Context, keys ...string)) *MockRedisClient_Exists_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 []string
+		var variadicArgs []string
+		if len(args) > 1 {
+			variadicArgs = args[1].([]string)
+		}
+		arg1 = variadicArgs
+		run(
+			arg0,
+			arg1...,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_Exists_Call) Return(intCmd *redis.IntCmd) *MockRedisClient_Exists_Call {
+	_c.Call.Return(intCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_Exists_Call) RunAndReturn(run func(ctx context.Context, keys ...string) *redis.IntCmd) *MockRedisClient_Exists_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// FlushDB provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) FlushDB(ctx context.Context) *redis.StatusCmd {
+	ret := _mock.Called(ctx)
+
+	if len(ret) == 0 {
+		panic("no return value specified for FlushDB")
+	}
+
+	var r0 *redis.StatusCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context) *redis.StatusCmd); ok {
+		r0 = returnFunc(ctx)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.StatusCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_FlushDB_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'FlushDB'
+type MockRedisClient_FlushDB_Call struct {
+	*mock.Call
+}
+
+// FlushDB is a helper method to define mock.On call
+//   - ctx context.Context
+func (_e *MockRedisClient_Expecter) FlushDB(ctx any) *MockRedisClient_FlushDB_Call {
+	return &MockRedisClient_FlushDB_Call{Call: _e.mock.On("FlushDB", ctx)}
+}
+
+func (_c *MockRedisClient_FlushDB_Call) Run(run func(ctx context.Context)) *MockRedisClient_FlushDB_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_FlushDB_Call) Return(statusCmd *redis.StatusCmd) *MockRedisClient_FlushDB_Call {
+	_c.Call.Return(statusCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_FlushDB_Call) RunAndReturn(run func(ctx context.Context) *redis.StatusCmd) *MockRedisClient_FlushDB_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Get provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) Get(ctx context.Context, key string) *redis.StringCmd {
+	ret := _mock.Called(ctx, key)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Get")
+	}
+
+	var r0 *redis.StringCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string) *redis.StringCmd); ok {
+		r0 = returnFunc(ctx, key)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.StringCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_Get_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Get'
+type MockRedisClient_Get_Call struct {
+	*mock.Call
+}
+
+// Get is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+func (_e *MockRedisClient_Expecter) Get(ctx, key any) *MockRedisClient_Get_Call {
+	return &MockRedisClient_Get_Call{Call: _e.mock.On("Get", ctx, key)}
+}
+
+func (_c *MockRedisClient_Get_Call) Run(run func(ctx context.Context, key string)) *MockRedisClient_Get_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		run(
+			arg0,
+			arg1,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_Get_Call) Return(stringCmd *redis.StringCmd) *MockRedisClient_Get_Call {
+	_c.Call.Return(stringCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_Get_Call) RunAndReturn(run func(ctx context.Context, key string) *redis.StringCmd) *MockRedisClient_Get_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// HDel provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) HDel(ctx context.Context, key string, fields ...string) *redis.IntCmd {
+	var tmpRet mock.Arguments
+	if len(fields) > 0 {
+		tmpRet = _mock.Called(ctx, key, fields)
+	} else {
+		tmpRet = _mock.Called(ctx, key)
+	}
+	ret := tmpRet
+
+	if len(ret) == 0 {
+		panic("no return value specified for HDel")
+	}
+
+	var r0 *redis.IntCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string, ...string) *redis.IntCmd); ok {
+		r0 = returnFunc(ctx, key, fields...)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.IntCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_HDel_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'HDel'
+type MockRedisClient_HDel_Call struct {
+	*mock.Call
+}
+
+// HDel is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+//   - fields ...string
+func (_e *MockRedisClient_Expecter) HDel(ctx, key any, fields ...any) *MockRedisClient_HDel_Call {
+	return &MockRedisClient_HDel_Call{Call: _e.mock.On("HDel",
+		append([]any{ctx, key}, fields...)...)}
+}
+
+func (_c *MockRedisClient_HDel_Call) Run(run func(ctx context.Context, key string, fields ...string)) *MockRedisClient_HDel_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		var arg2 []string
+		var variadicArgs []string
+		if len(args) > 2 {
+			variadicArgs = args[2].([]string)
+		}
+		arg2 = variadicArgs
+		run(
+			arg0,
+			arg1,
+			arg2...,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_HDel_Call) Return(intCmd *redis.IntCmd) *MockRedisClient_HDel_Call {
+	_c.Call.Return(intCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_HDel_Call) RunAndReturn(run func(ctx context.Context, key string, fields ...string) *redis.IntCmd) *MockRedisClient_HDel_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// HKeys provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) HKeys(ctx context.Context, key string) *redis.StringSliceCmd {
+	ret := _mock.Called(ctx, key)
+
+	if len(ret) == 0 {
+		panic("no return value specified for HKeys")
+	}
+
+	var r0 *redis.StringSliceCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string) *redis.StringSliceCmd); ok {
+		r0 = returnFunc(ctx, key)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.StringSliceCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_HKeys_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'HKeys'
+type MockRedisClient_HKeys_Call struct {
+	*mock.Call
+}
+
+// HKeys is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+func (_e *MockRedisClient_Expecter) HKeys(ctx, key any) *MockRedisClient_HKeys_Call {
+	return &MockRedisClient_HKeys_Call{Call: _e.mock.On("HKeys", ctx, key)}
+}
+
+func (_c *MockRedisClient_HKeys_Call) Run(run func(ctx context.Context, key string)) *MockRedisClient_HKeys_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		run(
+			arg0,
+			arg1,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_HKeys_Call) Return(stringSliceCmd *redis.StringSliceCmd) *MockRedisClient_HKeys_Call {
+	_c.Call.Return(stringSliceCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_HKeys_Call) RunAndReturn(run func(ctx context.Context, key string) *redis.StringSliceCmd) *MockRedisClient_HKeys_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// HSet provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) HSet(ctx context.Context, key string, values ...any) *redis.IntCmd {
+	var tmpRet mock.Arguments
+	if len(values) > 0 {
+		tmpRet = _mock.Called(ctx, key, values)
+	} else {
+		tmpRet = _mock.Called(ctx, key)
+	}
+	ret := tmpRet
+
+	if len(ret) == 0 {
+		panic("no return value specified for HSet")
+	}
+
+	var r0 *redis.IntCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string, ...any) *redis.IntCmd); ok {
+		r0 = returnFunc(ctx, key, values...)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.IntCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_HSet_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'HSet'
+type MockRedisClient_HSet_Call struct {
+	*mock.Call
+}
+
+// HSet is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+//   - values ...any
+func (_e *MockRedisClient_Expecter) HSet(ctx, key any, values ...any) *MockRedisClient_HSet_Call {
+	return &MockRedisClient_HSet_Call{Call: _e.mock.On("HSet",
+		append([]any{ctx, key}, values...)...)}
+}
+
+func (_c *MockRedisClient_HSet_Call) Run(run func(ctx context.Context, key string, values ...any)) *MockRedisClient_HSet_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		var arg2 []any
+		var variadicArgs []any
+		if len(args) > 2 {
+			variadicArgs = args[2].([]any)
+		}
+		arg2 = variadicArgs
+		run(
+			arg0,
+			arg1,
+			arg2...,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_HSet_Call) Return(intCmd *redis.IntCmd) *MockRedisClient_HSet_Call {
+	_c.Call.Return(intCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_HSet_Call) RunAndReturn(run func(ctx context.Context, key string, values ...any) *redis.IntCmd) *MockRedisClient_HSet_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Incr provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) Incr(ctx context.Context, key string) *redis.IntCmd {
+	ret := _mock.Called(ctx, key)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Incr")
+	}
+
+	var r0 *redis.IntCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string) *redis.IntCmd); ok {
+		r0 = returnFunc(ctx, key)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.IntCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_Incr_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Incr'
+type MockRedisClient_Incr_Call struct {
+	*mock.Call
+}
+
+// Incr is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+func (_e *MockRedisClient_Expecter) Incr(ctx, key any) *MockRedisClient_Incr_Call {
+	return &MockRedisClient_Incr_Call{Call: _e.mock.On("Incr", ctx, key)}
+}
+
+func (_c *MockRedisClient_Incr_Call) Run(run func(ctx context.Context, key string)) *MockRedisClient_Incr_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		run(
+			arg0,
+			arg1,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_Incr_Call) Return(intCmd *redis.IntCmd) *MockRedisClient_Incr_Call {
+	_c.Call.Return(intCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_Incr_Call) RunAndReturn(run func(ctx context.Context, key string) *redis.IntCmd) *MockRedisClient_Incr_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// LLen provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) LLen(ctx context.Context, key string) *redis.IntCmd {
+	ret := _mock.Called(ctx, key)
+
+	if len(ret) == 0 {
+		panic("no return value specified for LLen")
+	}
+
+	var r0 *redis.IntCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string) *redis.IntCmd); ok {
+		r0 = returnFunc(ctx, key)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.IntCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_LLen_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'LLen'
+type MockRedisClient_LLen_Call struct {
+	*mock.Call
+}
+
+// LLen is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+func (_e *MockRedisClient_Expecter) LLen(ctx, key any) *MockRedisClient_LLen_Call {
+	return &MockRedisClient_LLen_Call{Call: _e.mock.On("LLen", ctx, key)}
+}
+
+func (_c *MockRedisClient_LLen_Call) Run(run func(ctx context.Context, key string)) *MockRedisClient_LLen_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		run(
+			arg0,
+			arg1,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_LLen_Call) Return(intCmd *redis.IntCmd) *MockRedisClient_LLen_Call {
+	_c.Call.Return(intCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_LLen_Call) RunAndReturn(run func(ctx context.Context, key string) *redis.IntCmd) *MockRedisClient_LLen_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// LPop provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) LPop(ctx context.Context, key string) *redis.StringCmd {
+	ret := _mock.Called(ctx, key)
+
+	if len(ret) == 0 {
+		panic("no return value specified for LPop")
+	}
+
+	var r0 *redis.StringCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string) *redis.StringCmd); ok {
+		r0 = returnFunc(ctx, key)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.StringCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_LPop_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'LPop'
+type MockRedisClient_LPop_Call struct {
+	*mock.Call
+}
+
+// LPop is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+func (_e *MockRedisClient_Expecter) LPop(ctx, key any) *MockRedisClient_LPop_Call {
+	return &MockRedisClient_LPop_Call{Call: _e.mock.On("LPop", ctx, key)}
+}
+
+func (_c *MockRedisClient_LPop_Call) Run(run func(ctx context.Context, key string)) *MockRedisClient_LPop_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		run(
+			arg0,
+			arg1,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_LPop_Call) Return(stringCmd *redis.StringCmd) *MockRedisClient_LPop_Call {
+	_c.Call.Return(stringCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_LPop_Call) RunAndReturn(run func(ctx context.Context, key string) *redis.StringCmd) *MockRedisClient_LPop_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Ping provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) Ping(ctx context.Context) *redis.StatusCmd {
+	ret := _mock.Called(ctx)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Ping")
+	}
+
+	var r0 *redis.StatusCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context) *redis.StatusCmd); ok {
+		r0 = returnFunc(ctx)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.StatusCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_Ping_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Ping'
+type MockRedisClient_Ping_Call struct {
+	*mock.Call
+}
+
+// Ping is a helper method to define mock.On call
+//   - ctx context.Context
+func (_e *MockRedisClient_Expecter) Ping(ctx any) *MockRedisClient_Ping_Call {
+	return &MockRedisClient_Ping_Call{Call: _e.mock.On("Ping", ctx)}
+}
+
+func (_c *MockRedisClient_Ping_Call) Run(run func(ctx context.Context)) *MockRedisClient_Ping_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		run(
+			arg0,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_Ping_Call) Return(statusCmd *redis.StatusCmd) *MockRedisClient_Ping_Call {
+	_c.Call.Return(statusCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_Ping_Call) RunAndReturn(run func(ctx context.Context) *redis.StatusCmd) *MockRedisClient_Ping_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// RPush provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) RPush(ctx context.Context, key string, values ...any) *redis.IntCmd {
+	var tmpRet mock.Arguments
+	if len(values) > 0 {
+		tmpRet = _mock.Called(ctx, key, values)
+	} else {
+		tmpRet = _mock.Called(ctx, key)
+	}
+	ret := tmpRet
+
+	if len(ret) == 0 {
+		panic("no return value specified for RPush")
+	}
+
+	var r0 *redis.IntCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string, ...any) *redis.IntCmd); ok {
+		r0 = returnFunc(ctx, key, values...)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.IntCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_RPush_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RPush'
+type MockRedisClient_RPush_Call struct {
+	*mock.Call
+}
+
+// RPush is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+//   - values ...any
+func (_e *MockRedisClient_Expecter) RPush(ctx, key any, values ...any) *MockRedisClient_RPush_Call {
+	return &MockRedisClient_RPush_Call{Call: _e.mock.On("RPush",
+		append([]any{ctx, key}, values...)...)}
+}
+
+func (_c *MockRedisClient_RPush_Call) Run(run func(ctx context.Context, key string, values ...any)) *MockRedisClient_RPush_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		var arg2 []any
+		var variadicArgs []any
+		if len(args) > 2 {
+			variadicArgs = args[2].([]any)
+		}
+		arg2 = variadicArgs
+		run(
+			arg0,
+			arg1,
+			arg2...,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_RPush_Call) Return(intCmd *redis.IntCmd) *MockRedisClient_RPush_Call {
+	_c.Call.Return(intCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_RPush_Call) RunAndReturn(run func(ctx context.Context, key string, values ...any) *redis.IntCmd) *MockRedisClient_RPush_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// SAdd provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) SAdd(ctx context.Context, key string, members ...any) *redis.IntCmd {
+	var tmpRet mock.Arguments
+	if len(members) > 0 {
+		tmpRet = _mock.Called(ctx, key, members)
+	} else {
+		tmpRet = _mock.Called(ctx, key)
+	}
+	ret := tmpRet
+
+	if len(ret) == 0 {
+		panic("no return value specified for SAdd")
+	}
+
+	var r0 *redis.IntCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string, ...any) *redis.IntCmd); ok {
+		r0 = returnFunc(ctx, key, members...)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.IntCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_SAdd_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'SAdd'
+type MockRedisClient_SAdd_Call struct {
+	*mock.Call
+}
+
+// SAdd is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+//   - members ...any
+func (_e *MockRedisClient_Expecter) SAdd(ctx, key any, members ...any) *MockRedisClient_SAdd_Call {
+	return &MockRedisClient_SAdd_Call{Call: _e.mock.On("SAdd",
+		append([]any{ctx, key}, members...)...)}
+}
+
+func (_c *MockRedisClient_SAdd_Call) Run(run func(ctx context.Context, key string, members ...any)) *MockRedisClient_SAdd_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		var arg2 []any
+		var variadicArgs []any
+		if len(args) > 2 {
+			variadicArgs = args[2].([]any)
+		}
+		arg2 = variadicArgs
+		run(
+			arg0,
+			arg1,
+			arg2...,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_SAdd_Call) Return(intCmd *redis.IntCmd) *MockRedisClient_SAdd_Call {
+	_c.Call.Return(intCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_SAdd_Call) RunAndReturn(run func(ctx context.Context, key string, members ...any) *redis.IntCmd) *MockRedisClient_SAdd_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// SIsMember provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) SIsMember(ctx context.Context, key string, member any) *redis.BoolCmd {
+	ret := _mock.Called(ctx, key, member)
+
+	if len(ret) == 0 {
+		panic("no return value specified for SIsMember")
+	}
+
+	var r0 *redis.BoolCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string, any) *redis.BoolCmd); ok {
+		r0 = returnFunc(ctx, key, member)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.BoolCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_SIsMember_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'SIsMember'
+type MockRedisClient_SIsMember_Call struct {
+	*mock.Call
+}
+
+// SIsMember is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+//   - member any
+func (_e *MockRedisClient_Expecter) SIsMember(ctx, key, member any) *MockRedisClient_SIsMember_Call {
+	return &MockRedisClient_SIsMember_Call{Call: _e.mock.On("SIsMember", ctx, key, member)}
+}
+
+func (_c *MockRedisClient_SIsMember_Call) Run(run func(ctx context.Context, key string, member any)) *MockRedisClient_SIsMember_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		var arg2 any
+		if args[2] != nil {
+			arg2 = args[2].(any)
+		}
+		run(
+			arg0,
+			arg1,
+			arg2,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_SIsMember_Call) Return(boolCmd *redis.BoolCmd) *MockRedisClient_SIsMember_Call {
+	_c.Call.Return(boolCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_SIsMember_Call) RunAndReturn(run func(ctx context.Context, key string, member any) *redis.BoolCmd) *MockRedisClient_SIsMember_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// SRem provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) SRem(ctx context.Context, key string, members ...any) *redis.IntCmd {
+	var tmpRet mock.Arguments
+	if len(members) > 0 {
+		tmpRet = _mock.Called(ctx, key, members)
+	} else {
+		tmpRet = _mock.Called(ctx, key)
+	}
+	ret := tmpRet
+
+	if len(ret) == 0 {
+		panic("no return value specified for SRem")
+	}
+
+	var r0 *redis.IntCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string, ...any) *redis.IntCmd); ok {
+		r0 = returnFunc(ctx, key, members...)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.IntCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_SRem_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'SRem'
+type MockRedisClient_SRem_Call struct {
+	*mock.Call
+}
+
+// SRem is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+//   - members ...any
+func (_e *MockRedisClient_Expecter) SRem(ctx, key any, members ...any) *MockRedisClient_SRem_Call {
+	return &MockRedisClient_SRem_Call{Call: _e.mock.On("SRem",
+		append([]any{ctx, key}, members...)...)}
+}
+
+func (_c *MockRedisClient_SRem_Call) Run(run func(ctx context.Context, key string, members ...any)) *MockRedisClient_SRem_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		var arg2 []any
+		var variadicArgs []any
+		if len(args) > 2 {
+			variadicArgs = args[2].([]any)
+		}
+		arg2 = variadicArgs
+		run(
+			arg0,
+			arg1,
+			arg2...,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_SRem_Call) Return(intCmd *redis.IntCmd) *MockRedisClient_SRem_Call {
+	_c.Call.Return(intCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_SRem_Call) RunAndReturn(run func(ctx context.Context, key string, members ...any) *redis.IntCmd) *MockRedisClient_SRem_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// Set provides a mock function for the type MockRedisClient
+func (_mock *MockRedisClient) Set(ctx context.Context, key string, value any, expiration time.Duration) *redis.StatusCmd {
+	ret := _mock.Called(ctx, key, value, expiration)
+
+	if len(ret) == 0 {
+		panic("no return value specified for Set")
+	}
+
+	var r0 *redis.StatusCmd
+	if returnFunc, ok := ret.Get(0).(func(context.Context, string, any, time.Duration) *redis.StatusCmd); ok {
+		r0 = returnFunc(ctx, key, value, expiration)
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(*redis.StatusCmd)
+		}
+	}
+	return r0
+}
+
+// MockRedisClient_Set_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Set'
+type MockRedisClient_Set_Call struct {
+	*mock.Call
+}
+
+// Set is a helper method to define mock.On call
+//   - ctx context.Context
+//   - key string
+//   - value any
+//   - expiration time.Duration
+func (_e *MockRedisClient_Expecter) Set(ctx, key, value, expiration any) *MockRedisClient_Set_Call {
+	return &MockRedisClient_Set_Call{Call: _e.mock.On("Set", ctx, key, value, expiration)}
+}
+
+func (_c *MockRedisClient_Set_Call) Run(run func(ctx context.Context, key string, value any, expiration time.Duration)) *MockRedisClient_Set_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 string
+		if args[1] != nil {
+			arg1 = args[1].(string)
+		}
+		var arg2 any
+		if args[2] != nil {
+			arg2 = args[2].(any)
+		}
+		var arg3 time.Duration
+		if args[3] != nil {
+			arg3 = args[3].(time.Duration)
+		}
+		run(
+			arg0,
+			arg1,
+			arg2,
+			arg3,
+		)
+	})
+	return _c
+}
+
+func (_c *MockRedisClient_Set_Call) Return(statusCmd *redis.StatusCmd) *MockRedisClient_Set_Call {
+	_c.Call.Return(statusCmd)
+	return _c
+}
+
+func (_c *MockRedisClient_Set_Call) RunAndReturn(run func(ctx context.Context, key string, value any, expiration time.Duration) *redis.StatusCmd) *MockRedisClient_Set_Call {
+	_c.Call.Return(run)
+	return _c
+}
diff --git a/modules/queue/base_redis_test.go b/modules/queue/base_redis_test.go
index bf3ad5b97b..297a49229a 100644
--- a/modules/queue/base_redis_test.go
+++ b/modules/queue/base_redis_test.go
@@ -7,18 +7,17 @@ import (
 	"context"
 	"testing"
 
-	"forgejo.org/modules/queue/mock"
+	"forgejo.org/modules/nosql"
+	queue_mock "forgejo.org/modules/queue/mock"
 	"forgejo.org/modules/setting"
 
 	"github.com/redis/go-redis/v9"
+	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/suite"
-	"go.uber.org/mock/gomock"
 )
 
 type baseRedisUnitTestSuite struct {
 	suite.Suite
-
-	mockController *gomock.Controller
 }
 
 func TestBaseRedis(t *testing.T) {
@@ -26,7 +25,6 @@ func TestBaseRedis(t *testing.T) {
 }
 
 func (suite *baseRedisUnitTestSuite) SetupSuite() {
-	suite.mockController = gomock.NewController(suite.T())
 }
 
 func (suite *baseRedisUnitTestSuite) TestBasic() {
@@ -71,39 +69,47 @@ func (suite *baseRedisUnitTestSuite) TestBasic() {
 			}
 
 			// Configure expectations.
-			mockRedisStore := mock.NewInMemoryMockRedis()
-			redisClient := mock.NewMockRedisClient(suite.mockController)
+			mockRedisStore := queue_mock.NewInMemoryMockRedis()
+			redisClient := nosql.NewMockRedisClient(suite.T())
 
 			redisClient.EXPECT().
-				Ping(gomock.Any()).
-				Times(1).
-				Return(&redis.StatusCmd{})
+				Ping(mock.Anything).
+				Return(&redis.StatusCmd{}).
+				Times(1)
 			redisClient.EXPECT().
-				LLen(gomock.Any(), testCase.QueueName).
-				Times(1).
-				DoAndReturn(mockRedisStore.LLen)
+				LLen(mock.Anything, testCase.QueueName).
+				RunAndReturn(mockRedisStore.LLen).
+				Times(1)
 			redisClient.EXPECT().
-				LPop(gomock.Any(), testCase.QueueName).
-				Times(1).
-				DoAndReturn(mockRedisStore.LPop)
+				LPop(mock.Anything, testCase.QueueName).
+				RunAndReturn(mockRedisStore.LPop).
+				Times(1)
 			redisClient.EXPECT().
-				RPush(gomock.Any(), testCase.QueueName, gomock.Any()).
-				Times(1).
-				DoAndReturn(mockRedisStore.RPush)
+				RPush(mock.Anything, testCase.QueueName, mock.Anything).
+				RunAndReturn(func(ctx context.Context, key string, values ...any) *redis.IntCmd {
+					return mockRedisStore.RPush(ctx, key, values[0].([]byte))
+				}).
+				Times(1)
 
 			if testCase.Unique {
 				redisClient.EXPECT().
-					SAdd(gomock.Any(), testCase.QueueName+"_unique", gomock.Any()).
-					Times(1).
-					DoAndReturn(mockRedisStore.SAdd)
+					SAdd(mock.Anything, testCase.QueueName+"_unique", mock.Anything).
+					RunAndReturn(func(ctx context.Context, key string, members ...any) *redis.IntCmd {
+						return mockRedisStore.SAdd(ctx, key, members[0].([]byte))
+					}).
+					Times(1)
 				redisClient.EXPECT().
-					SRem(gomock.Any(), testCase.QueueName+"_unique", gomock.Any()).
-					Times(1).
-					DoAndReturn(mockRedisStore.SRem)
+					SRem(mock.Anything, testCase.QueueName+"_unique", mock.Anything).
+					RunAndReturn(func(ctx context.Context, key string, members ...any) *redis.IntCmd {
+						return mockRedisStore.SRem(ctx, key, members[0].([]byte))
+					}).
+					Times(1)
 				redisClient.EXPECT().
-					SIsMember(gomock.Any(), testCase.QueueName+"_unique", gomock.Any()).
-					Times(2).
-					DoAndReturn(mockRedisStore.SIsMember)
+					SIsMember(mock.Anything, testCase.QueueName+"_unique", mock.Anything).
+					RunAndReturn(func(ctx context.Context, key string, member any) *redis.BoolCmd {
+						return mockRedisStore.SIsMember(ctx, key, member.([]byte))
+					}).
+					Times(2)
 			}
 
 			client, err := newBaseRedisGeneric(
diff --git a/modules/queue/mock/redisuniversalclient.go b/modules/queue/mock/redisuniversalclient.go
deleted file mode 100644
index a19e639ac1..0000000000
--- a/modules/queue/mock/redisuniversalclient.go
+++ /dev/null
@@ -1,344 +0,0 @@
-// Code generated by MockGen. DO NOT EDIT.
-// Source: forgejo.org/modules/nosql (interfaces: RedisClient)
-//
-// Generated by this command:
-//
-//	mockgen -package mock -destination ./modules/queue/mock/redisuniversalclient.go forgejo.org/modules/nosql RedisClient
-//
-
-// Package mock is a generated GoMock package.
-package mock
-
-import (
-	context "context"
-	reflect "reflect"
-	time "time"
-
-	redis "github.com/redis/go-redis/v9"
-	gomock "go.uber.org/mock/gomock"
-)
-
-// MockRedisClient is a mock of RedisClient interface.
-type MockRedisClient struct {
-	ctrl     *gomock.Controller
-	recorder *MockRedisClientMockRecorder
-	isgomock struct{}
-}
-
-// MockRedisClientMockRecorder is the mock recorder for MockRedisClient.
-type MockRedisClientMockRecorder struct {
-	mock *MockRedisClient
-}
-
-// NewMockRedisClient creates a new mock instance.
-func NewMockRedisClient(ctrl *gomock.Controller) *MockRedisClient {
-	mock := &MockRedisClient{ctrl: ctrl}
-	mock.recorder = &MockRedisClientMockRecorder{mock}
-	return mock
-}
-
-// EXPECT returns an object that allows the caller to indicate expected use.
-func (m *MockRedisClient) EXPECT() *MockRedisClientMockRecorder {
-	return m.recorder
-}
-
-// Close mocks base method.
-func (m *MockRedisClient) Close() error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Close")
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// Close indicates an expected call of Close.
-func (mr *MockRedisClientMockRecorder) Close() *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Close", reflect.TypeOf((*MockRedisClient)(nil).Close))
-}
-
-// DBSize mocks base method.
-func (m *MockRedisClient) DBSize(ctx context.Context) *redis.IntCmd {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "DBSize", ctx)
-	ret0, _ := ret[0].(*redis.IntCmd)
-	return ret0
-}
-
-// DBSize indicates an expected call of DBSize.
-func (mr *MockRedisClientMockRecorder) DBSize(ctx any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DBSize", reflect.TypeOf((*MockRedisClient)(nil).DBSize), ctx)
-}
-
-// Decr mocks base method.
-func (m *MockRedisClient) Decr(ctx context.Context, key string) *redis.IntCmd {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Decr", ctx, key)
-	ret0, _ := ret[0].(*redis.IntCmd)
-	return ret0
-}
-
-// Decr indicates an expected call of Decr.
-func (mr *MockRedisClientMockRecorder) Decr(ctx, key any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Decr", reflect.TypeOf((*MockRedisClient)(nil).Decr), ctx, key)
-}
-
-// Del mocks base method.
-func (m *MockRedisClient) Del(ctx context.Context, keys ...string) *redis.IntCmd {
-	m.ctrl.T.Helper()
-	varargs := []any{ctx}
-	for _, a := range keys {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "Del", varargs...)
-	ret0, _ := ret[0].(*redis.IntCmd)
-	return ret0
-}
-
-// Del indicates an expected call of Del.
-func (mr *MockRedisClientMockRecorder) Del(ctx any, keys ...any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{ctx}, keys...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Del", reflect.TypeOf((*MockRedisClient)(nil).Del), varargs...)
-}
-
-// Exists mocks base method.
-func (m *MockRedisClient) Exists(ctx context.Context, keys ...string) *redis.IntCmd {
-	m.ctrl.T.Helper()
-	varargs := []any{ctx}
-	for _, a := range keys {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "Exists", varargs...)
-	ret0, _ := ret[0].(*redis.IntCmd)
-	return ret0
-}
-
-// Exists indicates an expected call of Exists.
-func (mr *MockRedisClientMockRecorder) Exists(ctx any, keys ...any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{ctx}, keys...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Exists", reflect.TypeOf((*MockRedisClient)(nil).Exists), varargs...)
-}
-
-// FlushDB mocks base method.
-func (m *MockRedisClient) FlushDB(ctx context.Context) *redis.StatusCmd {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "FlushDB", ctx)
-	ret0, _ := ret[0].(*redis.StatusCmd)
-	return ret0
-}
-
-// FlushDB indicates an expected call of FlushDB.
-func (mr *MockRedisClientMockRecorder) FlushDB(ctx any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "FlushDB", reflect.TypeOf((*MockRedisClient)(nil).FlushDB), ctx)
-}
-
-// Get mocks base method.
-func (m *MockRedisClient) Get(ctx context.Context, key string) *redis.StringCmd {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Get", ctx, key)
-	ret0, _ := ret[0].(*redis.StringCmd)
-	return ret0
-}
-
-// Get indicates an expected call of Get.
-func (mr *MockRedisClientMockRecorder) Get(ctx, key any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Get", reflect.TypeOf((*MockRedisClient)(nil).Get), ctx, key)
-}
-
-// HDel mocks base method.
-func (m *MockRedisClient) HDel(ctx context.Context, key string, fields ...string) *redis.IntCmd {
-	m.ctrl.T.Helper()
-	varargs := []any{ctx, key}
-	for _, a := range fields {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "HDel", varargs...)
-	ret0, _ := ret[0].(*redis.IntCmd)
-	return ret0
-}
-
-// HDel indicates an expected call of HDel.
-func (mr *MockRedisClientMockRecorder) HDel(ctx, key any, fields ...any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{ctx, key}, fields...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HDel", reflect.TypeOf((*MockRedisClient)(nil).HDel), varargs...)
-}
-
-// HKeys mocks base method.
-func (m *MockRedisClient) HKeys(ctx context.Context, key string) *redis.StringSliceCmd {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "HKeys", ctx, key)
-	ret0, _ := ret[0].(*redis.StringSliceCmd)
-	return ret0
-}
-
-// HKeys indicates an expected call of HKeys.
-func (mr *MockRedisClientMockRecorder) HKeys(ctx, key any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HKeys", reflect.TypeOf((*MockRedisClient)(nil).HKeys), ctx, key)
-}
-
-// HSet mocks base method.
-func (m *MockRedisClient) HSet(ctx context.Context, key string, values ...any) *redis.IntCmd {
-	m.ctrl.T.Helper()
-	varargs := []any{ctx, key}
-	for _, a := range values {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "HSet", varargs...)
-	ret0, _ := ret[0].(*redis.IntCmd)
-	return ret0
-}
-
-// HSet indicates an expected call of HSet.
-func (mr *MockRedisClientMockRecorder) HSet(ctx, key any, values ...any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{ctx, key}, values...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "HSet", reflect.TypeOf((*MockRedisClient)(nil).HSet), varargs...)
-}
-
-// Incr mocks base method.
-func (m *MockRedisClient) Incr(ctx context.Context, key string) *redis.IntCmd {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Incr", ctx, key)
-	ret0, _ := ret[0].(*redis.IntCmd)
-	return ret0
-}
-
-// Incr indicates an expected call of Incr.
-func (mr *MockRedisClientMockRecorder) Incr(ctx, key any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Incr", reflect.TypeOf((*MockRedisClient)(nil).Incr), ctx, key)
-}
-
-// LLen mocks base method.
-func (m *MockRedisClient) LLen(ctx context.Context, key string) *redis.IntCmd {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "LLen", ctx, key)
-	ret0, _ := ret[0].(*redis.IntCmd)
-	return ret0
-}
-
-// LLen indicates an expected call of LLen.
-func (mr *MockRedisClientMockRecorder) LLen(ctx, key any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "LLen", reflect.TypeOf((*MockRedisClient)(nil).LLen), ctx, key)
-}
-
-// LPop mocks base method.
-func (m *MockRedisClient) LPop(ctx context.Context, key string) *redis.StringCmd {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "LPop", ctx, key)
-	ret0, _ := ret[0].(*redis.StringCmd)
-	return ret0
-}
-
-// LPop indicates an expected call of LPop.
-func (mr *MockRedisClientMockRecorder) LPop(ctx, key any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "LPop", reflect.TypeOf((*MockRedisClient)(nil).LPop), ctx, key)
-}
-
-// Ping mocks base method.
-func (m *MockRedisClient) Ping(ctx context.Context) *redis.StatusCmd {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Ping", ctx)
-	ret0, _ := ret[0].(*redis.StatusCmd)
-	return ret0
-}
-
-// Ping indicates an expected call of Ping.
-func (mr *MockRedisClientMockRecorder) Ping(ctx any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Ping", reflect.TypeOf((*MockRedisClient)(nil).Ping), ctx)
-}
-
-// RPush mocks base method.
-func (m *MockRedisClient) RPush(ctx context.Context, key string, values ...any) *redis.IntCmd {
-	m.ctrl.T.Helper()
-	varargs := []any{ctx, key}
-	for _, a := range values {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "RPush", varargs...)
-	ret0, _ := ret[0].(*redis.IntCmd)
-	return ret0
-}
-
-// RPush indicates an expected call of RPush.
-func (mr *MockRedisClientMockRecorder) RPush(ctx, key any, values ...any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{ctx, key}, values...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RPush", reflect.TypeOf((*MockRedisClient)(nil).RPush), varargs...)
-}
-
-// SAdd mocks base method.
-func (m *MockRedisClient) SAdd(ctx context.Context, key string, members ...any) *redis.IntCmd {
-	m.ctrl.T.Helper()
-	varargs := []any{ctx, key}
-	for _, a := range members {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "SAdd", varargs...)
-	ret0, _ := ret[0].(*redis.IntCmd)
-	return ret0
-}
-
-// SAdd indicates an expected call of SAdd.
-func (mr *MockRedisClientMockRecorder) SAdd(ctx, key any, members ...any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{ctx, key}, members...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SAdd", reflect.TypeOf((*MockRedisClient)(nil).SAdd), varargs...)
-}
-
-// SIsMember mocks base method.
-func (m *MockRedisClient) SIsMember(ctx context.Context, key string, member any) *redis.BoolCmd {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SIsMember", ctx, key, member)
-	ret0, _ := ret[0].(*redis.BoolCmd)
-	return ret0
-}
-
-// SIsMember indicates an expected call of SIsMember.
-func (mr *MockRedisClientMockRecorder) SIsMember(ctx, key, member any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SIsMember", reflect.TypeOf((*MockRedisClient)(nil).SIsMember), ctx, key, member)
-}
-
-// SRem mocks base method.
-func (m *MockRedisClient) SRem(ctx context.Context, key string, members ...any) *redis.IntCmd {
-	m.ctrl.T.Helper()
-	varargs := []any{ctx, key}
-	for _, a := range members {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "SRem", varargs...)
-	ret0, _ := ret[0].(*redis.IntCmd)
-	return ret0
-}
-
-// SRem indicates an expected call of SRem.
-func (mr *MockRedisClientMockRecorder) SRem(ctx, key any, members ...any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]any{ctx, key}, members...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SRem", reflect.TypeOf((*MockRedisClient)(nil).SRem), varargs...)
-}
-
-// Set mocks base method.
-func (m *MockRedisClient) Set(ctx context.Context, key string, value any, expiration time.Duration) *redis.StatusCmd {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Set", ctx, key, value, expiration)
-	ret0, _ := ret[0].(*redis.StatusCmd)
-	return ret0
-}
-
-// Set indicates an expected call of Set.
-func (mr *MockRedisClientMockRecorder) Set(ctx, key, value, expiration any) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Set", reflect.TypeOf((*MockRedisClient)(nil).Set), ctx, key, value, expiration)
-}
diff --git a/modules/setting/authorized_integration.go b/modules/setting/authorized_integration.go
index 778232e3ad..0a84f44afe 100644
--- a/modules/setting/authorized_integration.go
+++ b/modules/setting/authorized_integration.go
@@ -10,6 +10,7 @@ var AuthorizedIntegration = struct {
 	BlockedDomains     string
 	AllowLocalNetworks bool
 	RequestTimeout     time.Duration
+	CacheTTL           time.Duration
 }{}
 
 func loadAuthorizedIntegrationFrom(rootCfg ConfigProvider) {
@@ -18,4 +19,5 @@ func loadAuthorizedIntegrationFrom(rootCfg ConfigProvider) {
 	AuthorizedIntegration.BlockedDomains = sec.Key("BLOCKED_DOMAINS").MustString("")
 	AuthorizedIntegration.AllowLocalNetworks = sec.Key("ALLOW_LOCALNETWORKS").MustBool(false)
 	AuthorizedIntegration.RequestTimeout = sec.Key("REQUEST_TIMEOUT").MustDuration(10 * time.Second)
+	AuthorizedIntegration.CacheTTL = sec.Key("CACHE_TTL").MustDuration(10 * time.Minute)
 }
diff --git a/services/auth/method/authorized_integration.go b/services/auth/method/authorized_integration.go
index 000383d8c5..f908780e09 100644
--- a/services/auth/method/authorized_integration.go
+++ b/services/auth/method/authorized_integration.go
@@ -4,6 +4,8 @@
 package method
 
 import (
+	"bufio"
+	"bytes"
 	"errors"
 	"fmt"
 	"io"
@@ -15,6 +17,7 @@ import (
 
 	auth_model "forgejo.org/models/auth"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/cache"
 	"forgejo.org/modules/hostmatcher"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/jwtx"
@@ -42,6 +45,7 @@ var (
 		initHTTPClient.Do(initAuthorizedIntegrationHTTPClient)
 		return aiHTTPClient
 	}
+	getCache = cache.GetCache
 )
 
 // Restrict document size to prevent resource exhaustion attack with a malicious authorized integration; largest
@@ -126,8 +130,7 @@ func (a *AuthorizedIntegration) Verify(req *http.Request, w http.ResponseWriter,
 
 			issuerOIDCURL := issuerURL.JoinPath(".well-known/openid-configuration")
 			var oidcConfig openIDConfiguration
-			// TODO: cache external OIDC configuration, with a fixed timeout (not LRU/MRU)
-			if err := a.fetchJSON(issuerOIDCURL.String(), &oidcConfig); err != nil {
+			if err := authorizedIntegrationFetchJSON(issuerOIDCURL.String(), &oidcConfig); err != nil {
 				return nil, fmt.Errorf("error when fetching .well-known/openid-configuration from %s: %w", issuerOIDCURL, err)
 			}
 
@@ -149,8 +152,7 @@ func (a *AuthorizedIntegration) Verify(req *http.Request, w http.ResponseWriter,
 				return nil, fmt.Errorf("jwks_uri host mismatch: must be the same as issuer host %q, but was %q", issuerURL.Host, jwksURI.Host)
 			}
 			var keys openIDKeys
-			// TODO: cache JWKS, with a fixed timeout (not LRU/MRU)
-			if err := a.fetchJSON(oidcConfig.JwksURI, &keys); err != nil {
+			if err := authorizedIntegrationFetchJSON(oidcConfig.JwksURI, &keys); err != nil {
 				return nil, fmt.Errorf("error when fetching JWKS from %s: %w", oidcConfig.JwksURI, err)
 			}
 
@@ -247,7 +249,56 @@ func initAuthorizedIntegrationHTTPClient() {
 	}
 }
 
-func (a *AuthorizedIntegration) fetchJSON(urlString string, v any) error {
+func authorizedIntegrationCacheKey(urlString string) string {
+	return fmt.Sprintf("auth-int-remote:%s", urlString)
+}
+
+func authorizedIntegrationCacheGetJSON[K any](urlString string, v *K) bool {
+	conn := getCache()
+	if conn == nil {
+		return false
+	}
+
+	cachedAny := conn.Get(authorizedIntegrationCacheKey(urlString))
+	if cachedAny == nil {
+		return false
+	}
+	cachedBytes, ok := cachedAny.([]byte)
+	if !ok {
+		cachedString, ok := cachedAny.(string)
+		if !ok {
+			log.Error("cached content was not []byte or string, but was %T", cachedAny)
+			return false
+		}
+		cachedBytes = []byte(cachedString)
+	}
+
+	err := json.Unmarshal(cachedBytes, &v)
+	if err != nil {
+		// This error case shouldn't occur, as we only store data in the cache once we're sure we could unmarshal it.
+		// If it does occur, log and fallback to treating as uncached.
+		log.Error("failed to Unmarshal cached content: %s", err)
+		// Caller may reuse `v` in a future unmarshal/decode call, and failure here may have polluted it.
+		var zeroValue K
+		*v = zeroValue
+		return false
+	}
+
+	return true
+}
+
+func authorizedIntegrationCacheSetJSON(urlString string, buf []byte) {
+	conn := getCache()
+	if conn == nil {
+		return
+	}
+	err := conn.Put(authorizedIntegrationCacheKey(urlString), buf, int64(setting.AuthorizedIntegration.CacheTTL.Seconds()))
+	if err != nil {
+		log.Error("failed to put cache: %s", err)
+	}
+}
+
+func authorizedIntegrationFetchJSON[K any](urlString string, v *K) error {
 	parsedURL, err := url.Parse(urlString)
 	if err != nil {
 		return fmt.Errorf("failed parsing URL %q: %w", urlString, err)
@@ -259,6 +310,11 @@ func (a *AuthorizedIntegration) fetchJSON(urlString string, v any) error {
 		return fmt.Errorf("unsupported URL scheme: %q", parsedURL.String())
 	}
 
+	// Check our cache, save a remote HTTP interaction.
+	if authorizedIntegrationCacheGetJSON(urlString, v) {
+		return nil
+	}
+
 	resp, err := GetAuthorizedIntegrationHTTPClient().Get(parsedURL.String())
 	if err != nil {
 		return err
@@ -269,15 +325,24 @@ func (a *AuthorizedIntegration) fetchJSON(urlString string, v any) error {
 		return fmt.Errorf("non-OK response code: %s", resp.Status)
 	}
 
-	body := io.LimitReader(resp.Body, authorizedIntegrationRequestBodyLimit)
-	decoder := json.NewDecoder(body)
-	err = decoder.Decode(&v)
+	bodyReader := io.LimitReader(resp.Body, authorizedIntegrationRequestBodyLimit)
+	var buf bytes.Buffer
+	_, err = io.Copy(bufio.NewWriter(&buf), bodyReader)
+	if err != nil {
+		return fmt.Errorf("read from remote error: %w", err)
+	}
+
+	err = json.Unmarshal(buf.Bytes(), &v)
 	if err != nil {
 		// If a decoding error is hit, decorate with information about the limited body size so that it doesn't look
 		// like the remote server provided an incomplete response. err should be something like `io.UnexpectedEOF` in
 		// this case, but it actually isn't, so don't bother trying to detect precisely.
 		return fmt.Errorf("failed to decode (response body restricted to %d bytes): %w", authorizedIntegrationRequestBodyLimit, err)
 	}
+
+	// Successfully decoded the response -- cache the raw bytes for later access.
+	authorizedIntegrationCacheSetJSON(urlString, buf.Bytes())
+
 	return nil
 }
 
diff --git a/services/auth/method/authorized_integration_test.go b/services/auth/method/authorized_integration_test.go
index f2afbd3896..28524b7a6c 100644
--- a/services/auth/method/authorized_integration_test.go
+++ b/services/auth/method/authorized_integration_test.go
@@ -14,14 +14,18 @@ import (
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
+	"forgejo.org/modules/cache"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/jwtx"
+	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
 	"forgejo.org/services/auth"
 
+	mc "code.forgejo.org/go-chi/cache"
 	"github.com/golang-jwt/jwt/v5"
 	gouuid "github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 )
 
@@ -557,6 +561,102 @@ func TestAuthorizedIntegration(t *testing.T) {
 		require.NoError(t, err)
 		assert.False(t, writeAdmin, "write:admin")
 	})
+
+	t.Run("cache", func(t *testing.T) {
+		t.Run("miss and store", func(t *testing.T) {
+			c := cache.NewMockCache(t)
+			defer test.MockVariableValue(&getCache, func() mc.Cache { return c })()
+			defer test.MockVariableValue(&setting.AuthorizedIntegration.CacheTTL, 10*time.Minute)()
+
+			var cacheKey string
+			c.On("Get", mock.AnythingOfType("string")).
+				Run(func(args mock.Arguments) {
+					key := args.Get(0).(string)
+					assert.True(t, strings.HasPrefix(key, "auth-int-remote:https://"), "key %s should have key prefix", key)
+					cacheKey = key
+				}).Return(nil)
+			c.On("Put", mock.Anything, mock.Anything, mock.Anything).
+				Once().
+				Run(func(args mock.Arguments) {
+					putKey := args.Get(0).(string)
+					assert.Equal(t, cacheKey, putKey)
+					putContents := args.Get(1).([]byte)
+					assert.Contains(t, string(putContents), "\"issuer\":")
+					assert.Contains(t, string(putContents), "\"jwks_uri\":")
+					assert.EqualValues(t, 600, args.Get(2))
+				}).Return(nil)
+			c.On("Put", mock.Anything, mock.Anything, mock.Anything).
+				Once().
+				Run(func(args mock.Arguments) {
+					putKey := args.Get(0).(string)
+					assert.Equal(t, cacheKey, putKey)
+					putContents := args.Get(1).([]byte)
+					assert.Contains(t, string(putContents), "\"alg\":\"RS256\"")
+					assert.Contains(t, string(putContents), "\"kty\":\"RSA\"")
+					assert.EqualValues(t, 600, args.Get(2))
+				}).Return(nil)
+
+			ait := newAITester(t)
+			defer ait.close()
+			output := ait.bearerRequest()
+			requireOutput[*auth.AuthenticationSuccess](t, output)
+		})
+
+		t.Run("hit", func(t *testing.T) {
+			var oidcMetadata []byte
+			var jwksData []byte
+			ait := newAITester(t,
+				openIDTweak(func(oi *openIDConfiguration, ait *AuthorizedIntegrationTester) {
+					var err error
+					oidcMetadata, err = json.Marshal(oi)
+					require.NoError(t, err)
+				}),
+				jwksTweak(func(oi *openIDKeys) {
+					var err error
+					jwksData, err = json.Marshal(oi)
+					require.NoError(t, err)
+				}),
+			)
+			defer ait.close()
+			ait.bearerRequest() // populate oidcMetadata & jwksData by making a request
+
+			t.Run("cache returns []byte", func(t *testing.T) {
+				c := cache.NewMockCache(t)
+				defer test.MockVariableValue(&getCache, func() mc.Cache { return c })()
+
+				c.On("Get",
+					mock.MatchedBy(func(key string) bool {
+						return strings.Contains(key, ".well-known/openid-configuration")
+					})).
+					Return(oidcMetadata)
+				c.On("Get",
+					mock.MatchedBy(func(key string) bool {
+						return strings.Contains(key, ".keys")
+					})).
+					Return(jwksData)
+
+				ait.bearerRequest()
+			})
+
+			t.Run("cache returns string", func(t *testing.T) {
+				c := cache.NewMockCache(t)
+				defer test.MockVariableValue(&getCache, func() mc.Cache { return c })()
+
+				c.On("Get",
+					mock.MatchedBy(func(key string) bool {
+						return strings.Contains(key, ".well-known/openid-configuration")
+					})).
+					Return(string(oidcMetadata))
+				c.On("Get",
+					mock.MatchedBy(func(key string) bool {
+						return strings.Contains(key, ".keys")
+					})).
+					Return(string(jwksData))
+
+				ait.bearerRequest()
+			})
+		})
+	})
 }
 
 type AuthorizedIntegrationTester struct {
diff --git a/services/authz/authorization_reducer.go b/services/authz/authorization_reducer.go
index 7485f74f40..f2bc8d4f71 100644
--- a/services/authz/authorization_reducer.go
+++ b/services/authz/authorization_reducer.go
@@ -9,6 +9,8 @@ import (
 
 // Defines an API for reducing available permissions to specific resources.  Typically associated with a fine-grained
 // access tokens and provides methods to reduce authorization that the access token provides down to specific resources.
+//
+//mockery:generate: true
 type AuthorizationReducer interface {
 	// Incorporate all the methods of [RepositoryAuthorizationReducer], which allows reducing permissions related to
 	// repositories specifically.
diff --git a/services/authz/authorization_reducer_mock.go b/services/authz/authorization_reducer_mock.go
index 79562917c4..c31030b29a 100644
--- a/services/authz/authorization_reducer_mock.go
+++ b/services/authz/authorization_reducer_mock.go
@@ -1,86 +1,19 @@
-// Code generated by mockery v2.53.5. DO NOT EDIT.
+// Code generated by mockery; DO NOT EDIT.
+// github.com/vektra/mockery
+// template: testify
 
 package authz
 
 import (
-	context "context"
+	"context"
 
 	"forgejo.org/models/perm"
-	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/repo"
 
 	mock "github.com/stretchr/testify/mock"
 	"xorm.io/builder"
 )
 
-// MockAuthorizationReducer is an autogenerated mock type for the AuthorizationReducer type
-type MockAuthorizationReducer struct {
-	mock.Mock
-}
-
-// AllowAdminOverride provides a mock function with no fields
-func (_m *MockAuthorizationReducer) AllowAdminOverride() bool {
-	ret := _m.Called()
-
-	if len(ret) == 0 {
-		panic("no return value specified for AllowAdminOverride")
-	}
-
-	var r0 bool
-	if rf, ok := ret.Get(0).(func() bool); ok {
-		r0 = rf()
-	} else {
-		r0 = ret.Get(0).(bool)
-	}
-
-	return r0
-}
-
-// ReduceRepoAccess provides a mock function with given fields: ctx, repo, accessMode
-func (_m *MockAuthorizationReducer) ReduceRepoAccess(ctx context.Context, repo *repo_model.Repository, accessMode perm.AccessMode) (perm.AccessMode, error) {
-	ret := _m.Called(ctx, repo, accessMode)
-
-	if len(ret) == 0 {
-		panic("no return value specified for ReduceRepoAccess")
-	}
-
-	var r0 perm.AccessMode
-	var r1 error
-	if rf, ok := ret.Get(0).(func(context.Context, *repo_model.Repository, perm.AccessMode) (perm.AccessMode, error)); ok {
-		return rf(ctx, repo, accessMode)
-	}
-	if rf, ok := ret.Get(0).(func(context.Context, *repo_model.Repository, perm.AccessMode) perm.AccessMode); ok {
-		r0 = rf(ctx, repo, accessMode)
-	} else {
-		r0 = ret.Get(0).(perm.AccessMode)
-	}
-
-	if rf, ok := ret.Get(1).(func(context.Context, *repo_model.Repository, perm.AccessMode) error); ok {
-		r1 = rf(ctx, repo, accessMode)
-	} else {
-		r1 = ret.Error(1)
-	}
-
-	return r0, r1
-}
-
-// RepoFilter provides a mock function with given fields: accessMode
-func (_m *MockAuthorizationReducer) RepoReadAccessFilter() builder.Cond {
-	ret := _m.Called()
-
-	if len(ret) == 0 {
-		panic("no return value specified for AllowAdminOverride")
-	}
-
-	var r0 builder.Cond
-	if rf, ok := ret.Get(0).(func() builder.Cond); ok {
-		r0 = rf()
-	} else {
-		r0 = ret.Get(0).(builder.Cond)
-	}
-
-	return r0
-}
-
 // NewMockAuthorizationReducer creates a new instance of MockAuthorizationReducer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
 // The first argument is typically a *testing.T value.
 func NewMockAuthorizationReducer(t interface {
@@ -95,3 +28,178 @@ func NewMockAuthorizationReducer(t interface {
 
 	return mock
 }
+
+// MockAuthorizationReducer is an autogenerated mock type for the AuthorizationReducer type
+type MockAuthorizationReducer struct {
+	mock.Mock
+}
+
+type MockAuthorizationReducer_Expecter struct {
+	mock *mock.Mock
+}
+
+func (_m *MockAuthorizationReducer) EXPECT() *MockAuthorizationReducer_Expecter {
+	return &MockAuthorizationReducer_Expecter{mock: &_m.Mock}
+}
+
+// AllowAdminOverride provides a mock function for the type MockAuthorizationReducer
+func (_mock *MockAuthorizationReducer) AllowAdminOverride() bool {
+	ret := _mock.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for AllowAdminOverride")
+	}
+
+	var r0 bool
+	if returnFunc, ok := ret.Get(0).(func() bool); ok {
+		r0 = returnFunc()
+	} else {
+		r0 = ret.Get(0).(bool)
+	}
+	return r0
+}
+
+// MockAuthorizationReducer_AllowAdminOverride_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'AllowAdminOverride'
+type MockAuthorizationReducer_AllowAdminOverride_Call struct {
+	*mock.Call
+}
+
+// AllowAdminOverride is a helper method to define mock.On call
+func (_e *MockAuthorizationReducer_Expecter) AllowAdminOverride() *MockAuthorizationReducer_AllowAdminOverride_Call {
+	return &MockAuthorizationReducer_AllowAdminOverride_Call{Call: _e.mock.On("AllowAdminOverride")}
+}
+
+func (_c *MockAuthorizationReducer_AllowAdminOverride_Call) Run(run func()) *MockAuthorizationReducer_AllowAdminOverride_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+
+func (_c *MockAuthorizationReducer_AllowAdminOverride_Call) Return(b bool) *MockAuthorizationReducer_AllowAdminOverride_Call {
+	_c.Call.Return(b)
+	return _c
+}
+
+func (_c *MockAuthorizationReducer_AllowAdminOverride_Call) RunAndReturn(run func() bool) *MockAuthorizationReducer_AllowAdminOverride_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// ReduceRepoAccess provides a mock function for the type MockAuthorizationReducer
+func (_mock *MockAuthorizationReducer) ReduceRepoAccess(ctx context.Context, repo1 *repo.Repository, accessMode perm.AccessMode) (perm.AccessMode, error) {
+	ret := _mock.Called(ctx, repo1, accessMode)
+
+	if len(ret) == 0 {
+		panic("no return value specified for ReduceRepoAccess")
+	}
+
+	var r0 perm.AccessMode
+	var r1 error
+	if returnFunc, ok := ret.Get(0).(func(context.Context, *repo.Repository, perm.AccessMode) (perm.AccessMode, error)); ok {
+		return returnFunc(ctx, repo1, accessMode)
+	}
+	if returnFunc, ok := ret.Get(0).(func(context.Context, *repo.Repository, perm.AccessMode) perm.AccessMode); ok {
+		r0 = returnFunc(ctx, repo1, accessMode)
+	} else {
+		r0 = ret.Get(0).(perm.AccessMode)
+	}
+	if returnFunc, ok := ret.Get(1).(func(context.Context, *repo.Repository, perm.AccessMode) error); ok {
+		r1 = returnFunc(ctx, repo1, accessMode)
+	} else {
+		r1 = ret.Error(1)
+	}
+	return r0, r1
+}
+
+// MockAuthorizationReducer_ReduceRepoAccess_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ReduceRepoAccess'
+type MockAuthorizationReducer_ReduceRepoAccess_Call struct {
+	*mock.Call
+}
+
+// ReduceRepoAccess is a helper method to define mock.On call
+//   - ctx context.Context
+//   - repo1 *repo.Repository
+//   - accessMode perm.AccessMode
+func (_e *MockAuthorizationReducer_Expecter) ReduceRepoAccess(ctx, repo1, accessMode any) *MockAuthorizationReducer_ReduceRepoAccess_Call {
+	return &MockAuthorizationReducer_ReduceRepoAccess_Call{Call: _e.mock.On("ReduceRepoAccess", ctx, repo1, accessMode)}
+}
+
+func (_c *MockAuthorizationReducer_ReduceRepoAccess_Call) Run(run func(ctx context.Context, repo1 *repo.Repository, accessMode perm.AccessMode)) *MockAuthorizationReducer_ReduceRepoAccess_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		var arg0 context.Context
+		if args[0] != nil {
+			arg0 = args[0].(context.Context)
+		}
+		var arg1 *repo.Repository
+		if args[1] != nil {
+			arg1 = args[1].(*repo.Repository)
+		}
+		var arg2 perm.AccessMode
+		if args[2] != nil {
+			arg2 = args[2].(perm.AccessMode)
+		}
+		run(
+			arg0,
+			arg1,
+			arg2,
+		)
+	})
+	return _c
+}
+
+func (_c *MockAuthorizationReducer_ReduceRepoAccess_Call) Return(accessMode1 perm.AccessMode, err error) *MockAuthorizationReducer_ReduceRepoAccess_Call {
+	_c.Call.Return(accessMode1, err)
+	return _c
+}
+
+func (_c *MockAuthorizationReducer_ReduceRepoAccess_Call) RunAndReturn(run func(ctx context.Context, repo1 *repo.Repository, accessMode perm.AccessMode) (perm.AccessMode, error)) *MockAuthorizationReducer_ReduceRepoAccess_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// RepoReadAccessFilter provides a mock function for the type MockAuthorizationReducer
+func (_mock *MockAuthorizationReducer) RepoReadAccessFilter() builder.Cond {
+	ret := _mock.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for RepoReadAccessFilter")
+	}
+
+	var r0 builder.Cond
+	if returnFunc, ok := ret.Get(0).(func() builder.Cond); ok {
+		r0 = returnFunc()
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(builder.Cond)
+		}
+	}
+	return r0
+}
+
+// MockAuthorizationReducer_RepoReadAccessFilter_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RepoReadAccessFilter'
+type MockAuthorizationReducer_RepoReadAccessFilter_Call struct {
+	*mock.Call
+}
+
+// RepoReadAccessFilter is a helper method to define mock.On call
+func (_e *MockAuthorizationReducer_Expecter) RepoReadAccessFilter() *MockAuthorizationReducer_RepoReadAccessFilter_Call {
+	return &MockAuthorizationReducer_RepoReadAccessFilter_Call{Call: _e.mock.On("RepoReadAccessFilter")}
+}
+
+func (_c *MockAuthorizationReducer_RepoReadAccessFilter_Call) Run(run func()) *MockAuthorizationReducer_RepoReadAccessFilter_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+
+func (_c *MockAuthorizationReducer_RepoReadAccessFilter_Call) Return(cond builder.Cond) *MockAuthorizationReducer_RepoReadAccessFilter_Call {
+	_c.Call.Return(cond)
+	return _c
+}
+
+func (_c *MockAuthorizationReducer_RepoReadAccessFilter_Call) RunAndReturn(run func() builder.Cond) *MockAuthorizationReducer_RepoReadAccessFilter_Call {
+	_c.Call.Return(run)
+	return _c
+}

From 6171e7ef7ad14527d1233b2849c7d40ecd02d033 Mon Sep 17 00:00:00 2001
From: viceice <michael.kriese@gmx.de>
Date: Tue, 28 Apr 2026 16:15:08 +0200
Subject: [PATCH 750/854] chore: support 4 releases (#12303)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12303
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
---
 .release-notes-assistant.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.release-notes-assistant.yaml b/.release-notes-assistant.yaml
index 93b0e3d0b2..e6704424e9 100644
--- a/.release-notes-assistant.yaml
+++ b/.release-notes-assistant.yaml
@@ -5,7 +5,7 @@ branch-find-version: 'v(?P<version>\d+\.\d+)/forgejo'
 branch-to-version: '${version}.0'
 branch-from-version: 'v%[1]d.%[2]d/forgejo'
 tag-from-version: 'v%[1]d.%[2]d.%[3]d'
-supported-release-count: 3
+supported-release-count: 4
 branch-known:
   - 'v11.0/forgejo'
   - 'v15.0/forgejo'

From abcfb4669199e811cb74dd7a30b21ba5bb914f5e Mon Sep 17 00:00:00 2001
From: 0ko <0ko@noreply.codeberg.org>
Date: Tue, 28 Apr 2026 18:56:52 +0200
Subject: [PATCH 751/854] chore: fix rna config (#12304)

@viceice was getting error 500 trying to post this PR an hour ago. This commit is solely authored by him.

Co-authored-by: viceice <michael.kriese@gmx.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12304
---
 .release-notes-assistant.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.release-notes-assistant.yaml b/.release-notes-assistant.yaml
index e6704424e9..f942778fe7 100644
--- a/.release-notes-assistant.yaml
+++ b/.release-notes-assistant.yaml
@@ -5,10 +5,10 @@ branch-find-version: 'v(?P<version>\d+\.\d+)/forgejo'
 branch-to-version: '${version}.0'
 branch-from-version: 'v%[1]d.%[2]d/forgejo'
 tag-from-version: 'v%[1]d.%[2]d.%[3]d'
-supported-release-count: 4
+supported-release-count: 3
 branch-known:
+# replace with v15 when v11 becomes EOL
   - 'v11.0/forgejo'
-  - 'v15.0/forgejo'
 cleanup-line: 'sed -Ee "s/^(feat|fix):\s*//g" -e "s/^\[WIP\] //" -e "s/^WIP: //" -e "s;\[(UI|BUG|FEAT|v.*?/forgejo)\]\s*;;g"'
 render-header: |
 

From 70f7260e66f60528dfa3c3c68d224b971bbc14ab Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 28 Apr 2026 21:32:45 +0200
Subject: [PATCH 752/854] feat: add CLI command 'admin user
 create-authorized-integration' (#12299)

Allows the creation of an authorized integration as a Forgejo administrator, either for development testing or to support server-automation.  Clipping out the CLI config options, looks like:

```
NAME:
   forgejo admin user create-authorized-integration - Create an authorized integration for a specific user

USAGE:
   forgejo admin user create-authorized-integration [options]

OPTIONS:
   --username string, -u string                               Username
   --issuer string                                            JWT issuer ('iss' claim), example: https://forgejo.example.org/api/actions
   --claim-eq string=string [ --claim-eq string=string ]      Zero-or-more claim equality checks, formatted as claim=value, example: "actor=someuser"
   --claim-glob string=string [ --claim-glob string=string ]  Zero-or-more claim glob checks, formatted as claim=value, example: "sub=repo:forgejo/*:pull_request"
   --scope string [ --scope string ]                          One-or-more scopes to apply to access token, examples: "all", "read:issue", "write:repository" (default: "all")
   --repo string [ --repo string ]                            Zero-or-more specific repositories that can be accessed, or "all" to allow access to all repositories, example: "owner1/repo1" (default: "all")
```

As an example, this will create an authorized integration that will permit Codeberg's Forgejo Actions to generate trusted JWTs that can access the local user `mfenniak`:
```bash
$ ./forgejo admin user create-authorized-integration \
    --username mfenniak \
    --issuer https://codeberg.org/api/actions \
    --claim-eq sub=repo:mfenniak/forgejo-runner-testrepo:pull_request \
    --scope read:user

{
  "message": "Authorized integration was successfully created.",
  "issuer": "https://codeberg.org/api/actions",
  "audience": "u:1:c97d83bc-fa4e-4db3-b898-414cd5b6ce33",
  "claim_rules": [
    {
      "description": "\"sub\" = \"repo:mfenniak/forgejo-runner-testrepo:pull_request\"",
      "claim": "sub",
      "compare": "eq",
      "value": "repo:mfenniak/forgejo-runner-testrepo:pull_request"
    }
  ]
}
```

The output is a JSON document to aid in use in automation.  The `audience` field is the audience generated by Forgejo that must be used by the remote to generate the JWT.  Continuing this example to the client-side, a matching Forgejo Action like this in the `mfenniak/forgejo-runner-testrepo` repo, for a `pull_request` event, then it will be able to access the Forgejo server that the authorized integration was created on like this:

```yaml
on:
  pull_request:

enable-openid-connect: true

jobs:
  job1:
    runs-on: docker
    steps:
      - name: Fetch JWT
        id: jwt
        run: |
          set -eux -o pipefail
          set +x
          jwt=$(curl --fail \
            -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=u:1:c97d83bc-fa4e-4db3-b898-414cd5b6ce33" \
            | jq -r ".value")
          echo "::add-mask::$jwt"
          set -x
          echo "jwt=$jwt" >> $FORGEJO_OUTPUT

      - name: API call to Forgejo
        run: |
          curl \
            -v --fail \
            -H "Authorization: bearer ${{ steps.jwt.outputs.jwt }}" \
            "https://example.org/api/v1/user" | jq
```

CLI command is tested manually.  Supporting functions have associated unit tests.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
    - CLI update should be automatic in docs -- more detailed Authorized Integration documentation is on my project plan.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12299
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 cmd/admin_user.go                             |   1 +
 ...in_user_generate_authorized_integration.go | 204 ++++++++++++++++++
 models/auth/authorized_integration.go         |  35 +++
 .../authorized_integration_resource_repo.go   |  12 ++
 ...thorized_integration_resource_repo_test.go |  51 +++++
 models/auth/authorized_integration_test.go    |  39 +++-
 services/authz/access_token.go                |  15 +-
 services/authz/authorized_integration.go      |   7 +
 services/authz/authorized_integration_test.go |  53 +++++
 9 files changed, 401 insertions(+), 16 deletions(-)
 create mode 100644 cmd/admin_user_generate_authorized_integration.go

diff --git a/cmd/admin_user.go b/cmd/admin_user.go
index f4f6fb49af..ea62bd3a45 100644
--- a/cmd/admin_user.go
+++ b/cmd/admin_user.go
@@ -17,6 +17,7 @@ func subcmdUser() *cli.Command {
 			microcmdUserChangePassword(),
 			microcmdUserDelete(),
 			microcmdUserGenerateAccessToken(),
+			microcmdUserCreateAuthorizedIntegration(),
 			microcmdUserMustChangePassword(),
 			microcmdUserResetMFA(),
 		},
diff --git a/cmd/admin_user_generate_authorized_integration.go b/cmd/admin_user_generate_authorized_integration.go
new file mode 100644
index 0000000000..5f3e13a48e
--- /dev/null
+++ b/cmd/admin_user_generate_authorized_integration.go
@@ -0,0 +1,204 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package cmd
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"os"
+	"strings"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
+	"forgejo.org/models/repo"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/json"
+	"forgejo.org/services/authz"
+
+	"github.com/urfave/cli/v3"
+)
+
+func microcmdUserCreateAuthorizedIntegration() *cli.Command {
+	return &cli.Command{
+		Name:  "create-authorized-integration",
+		Usage: "Create an authorized integration for a specific user",
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:     "username",
+				Aliases:  []string{"u"},
+				Usage:    "Username",
+				Required: true,
+			},
+
+			// JWT validation:
+			&cli.StringFlag{
+				Name:     "issuer",
+				Usage:    `JWT issuer ('iss' claim), example: https://forgejo.example.org/api/actions`,
+				Required: true,
+			},
+			&cli.StringMapFlag{
+				Name:  "claim-eq",
+				Value: map[string]string{},
+				Usage: `Zero-or-more claim equality checks, formatted as claim=value, example: "actor=someuser"`,
+			},
+			&cli.StringMapFlag{
+				Name:  "claim-glob",
+				Value: map[string]string{},
+				Usage: `Zero-or-more claim glob checks, formatted as claim=value, example: "sub=repo:forgejo/*:pull_request"`,
+			},
+			// nested claim support omitted for now -- pretty complex for a CLI
+
+			// Permissions available on successful auth:
+			&cli.StringSliceFlag{
+				Name:  "scope",
+				Value: []string{"all"},
+				Usage: `One-or-more scopes to apply to access token, examples: "all", "read:issue", "write:repository"`,
+			},
+			&cli.StringSliceFlag{
+				Name:  "repo",
+				Value: []string{"all"},
+				Usage: `Zero-or-more specific repositories that can be accessed, or "all" to allow access to all repositories, example: "owner1/repo1"`,
+			},
+		},
+		Before: noDanglingArgs,
+		Action: runCreateAuthorizedIntegration,
+	}
+}
+
+func runCreateAuthorizedIntegration(ctx context.Context, c *cli.Command) error {
+	if !c.IsSet("username") {
+		return errors.New("you must provide a username to generate a token for")
+	}
+
+	ctx, cancel := installSignals(ctx)
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	user, err := user_model.GetUserByName(ctx, c.String("username"))
+	if err != nil {
+		return err
+	}
+
+	ai := &auth_model.AuthorizedIntegration{
+		UserID: user.ID,
+	}
+
+	var rules []auth_model.ClaimRule
+	ai.Issuer = c.String("issuer")
+	for claim, value := range c.StringMap("claim-eq") {
+		rules = append(rules, auth_model.ClaimRule{
+			Claim:      claim,
+			Comparison: auth_model.ClaimEqual,
+			Value:      value,
+		})
+	}
+	for claim, value := range c.StringMap("claim-glob") {
+		rules = append(rules, auth_model.ClaimRule{
+			Claim:      claim,
+			Comparison: auth_model.ClaimGlob,
+			Value:      value,
+		})
+	}
+	ai.ClaimRules = &auth_model.ClaimRules{Rules: rules}
+
+	scopes := strings.Join(c.StringSlice("scope"), ",")
+	accessTokenScope, err := auth_model.AccessTokenScope(scopes).Normalize()
+	if err != nil {
+		return fmt.Errorf("invalid access token scope provided: %w", err)
+	}
+	ai.Scope = accessTokenScope
+
+	allRepos := false
+	repos := []*repo.Repository{}
+	for _, repoName := range c.StringSlice("repo") {
+		if repoName == "all" {
+			allRepos = true
+		} else {
+			split := strings.Split(repoName, "/")
+			if len(split) != 2 {
+				return fmt.Errorf("invalid repo name: %q", split)
+			}
+			owner := split[0]
+			name := split[1]
+			repo, err := repo.GetRepositoryByOwnerAndName(ctx, owner, name)
+			if err != nil {
+				return err
+			}
+			repos = append(repos, repo)
+		}
+	}
+	ai.ResourceAllRepos = allRepos
+
+	rr := make([]*auth_model.AuthorizedIntegResourceRepo, len(repos))
+	for i := range repos {
+		rr[i] = &auth_model.AuthorizedIntegResourceRepo{RepoID: repos[i].ID}
+	}
+	if err := authz.ValidateAuthorizedIntegration(ai, rr); err != nil {
+		return err
+	}
+
+	err = db.WithTx(ctx, func(ctx context.Context) error {
+		if err := auth_model.InsertAuthorizedIntegration(ctx, ai); err != nil {
+			return err
+		}
+		if !allRepos {
+			if err := auth_model.InsertAuthorizedIntegrationResourceRepos(ctx, ai.ID, rr); err != nil {
+				return err
+			}
+		}
+		return nil
+	})
+	if err != nil {
+		return err
+	}
+
+	type ClaimRuleDescription struct {
+		Description string                     `json:"description"`
+		Claim       string                     `json:"claim"`
+		Comparison  auth_model.ClaimComparison `json:"compare"`
+		Value       string                     `json:"value"`
+	}
+	output := struct {
+		Message    string                 `json:"message"`
+		Issuer     string                 `json:"issuer"`
+		Audience   string                 `json:"audience"`
+		ClaimRules []ClaimRuleDescription `json:"claim_rules"`
+	}{
+		Message:  "Authorized integration was successfully created.",
+		Issuer:   ai.Issuer,
+		Audience: ai.Audience,
+	}
+	for _, cr := range ai.ClaimRules.Rules {
+		var description string
+		switch cr.Comparison {
+		case auth_model.ClaimEqual:
+			description = fmt.Sprintf("%q = %q", cr.Claim, cr.Value)
+		case auth_model.ClaimGlob:
+			description = fmt.Sprintf("%q matches %q", cr.Claim, cr.Value)
+		}
+		output.ClaimRules = append(output.ClaimRules, ClaimRuleDescription{
+			Description: description,
+			Claim:       cr.Claim,
+			Comparison:  cr.Comparison,
+			Value:       cr.Value,
+		})
+	}
+
+	raw, err := json.Marshal(output)
+	if err != nil {
+		return err
+	}
+	var indent bytes.Buffer
+	if err := json.Indent(&indent, raw, "", "  "); err != nil {
+		return err
+	}
+	os.Stdout.Write(indent.Bytes())
+
+	return nil
+}
diff --git a/models/auth/authorized_integration.go b/models/auth/authorized_integration.go
index a8641d44ca..e4cc8cedb0 100644
--- a/models/auth/authorized_integration.go
+++ b/models/auth/authorized_integration.go
@@ -5,12 +5,15 @@ package auth
 
 import (
 	"context"
+	"errors"
+	"fmt"
 	"time"
 
 	"forgejo.org/models/db"
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 
+	gouuid "github.com/google/uuid"
 	"xorm.io/builder"
 )
 
@@ -128,6 +131,16 @@ func GetAuthorizedIntegration(ctx context.Context, issuer, audience string) (*Au
 	return &ai, nil
 }
 
+func InsertAuthorizedIntegration(ctx context.Context, ai *AuthorizedIntegration) error {
+	if ai.Audience != "" {
+		return errors.New("audience cannot be provided, and must be generated by NewAuthorizedIntegration")
+	} else if err := ai.generateAudience(); err != nil {
+		return err
+	}
+	_, err := db.GetEngine(ctx).Insert(ai)
+	return err
+}
+
 // Bump the UpdatedUnix field of this authorized integration to now, tracking when it was last used for authentication.
 // To reduce database write workload, this is only tracked by one-minute intervals -- the UPDATE statement conditionally
 // avoids writes.
@@ -144,3 +157,25 @@ func (ai *AuthorizedIntegration) UpdateLastUsed(ctx context.Context) error {
 	}
 	return err
 }
+
+// Generates the `aud` claim that the remote JWT generator must use to match this authorized integration.  The `aud`
+// claim is an arbitrary value in a JWT claim, but Forgejo is faced with a few hard and soft requirements:
+//
+//   - Hard requirement: each authorized integration must have a unique `aud`, as it is used to find the DB record that
+//     authenticates a request.
+//   - If authentication is failing, being able to inspect the `aud` claim can be useful to identify the intent.
+//   - Inspection should have a stable meaning -- eg. if it included the username, and the user was renamed, the `aud`
+//     value which can't be changed would continue to reference the old username causing confusion when inspecting it.
+//   - Forgejo & GitHub Actions uses a URL $ACTIONS_ID_TOKEN_REQUEST_URL&audience=... to generate a JWT for the running
+//     action, so it should only consist of safe characters for URL encoding.
+//   - It should be relatively short, as it's encoded into the JWT and increases its size.
+//
+// Meeting these requirements decently well is a combination of the owner's ID, a guid, and a "u:" prefix that makes the
+// fact that it's an `aud` claim value a little bit identifiable.
+func (ai *AuthorizedIntegration) generateAudience() error {
+	if ai.UserID == 0 {
+		return errors.New("UserID must be initialized")
+	}
+	ai.Audience = fmt.Sprintf("u:%d:%s", ai.UserID, gouuid.New().String())
+	return nil
+}
diff --git a/models/auth/authorized_integration_resource_repo.go b/models/auth/authorized_integration_resource_repo.go
index 9c48d16f98..77445b60ae 100644
--- a/models/auth/authorized_integration_resource_repo.go
+++ b/models/auth/authorized_integration_resource_repo.go
@@ -42,3 +42,15 @@ func GetRepositoriesAccessibleWithIntegration(ctx context.Context, aiID int64) (
 	}
 	return resources, nil
 }
+
+func InsertAuthorizedIntegrationResourceRepos(ctx context.Context, aiID int64, resources []*AuthorizedIntegResourceRepo) error {
+	return db.WithTx(ctx, func(ctx context.Context) error {
+		for _, resourceRepo := range resources {
+			resourceRepo.IntegID = aiID
+			if err := db.Insert(ctx, resourceRepo); err != nil {
+				return err
+			}
+		}
+		return nil
+	})
+}
diff --git a/models/auth/authorized_integration_resource_repo_test.go b/models/auth/authorized_integration_resource_repo_test.go
index 853cddb828..15c5b4854f 100644
--- a/models/auth/authorized_integration_resource_repo_test.go
+++ b/models/auth/authorized_integration_resource_repo_test.go
@@ -38,3 +38,54 @@ func TestGetRepositoriesAccessibleWithIntegration(t *testing.T) {
 		assert.Contains(t, repoIDs, int64(3))
 	})
 }
+
+func TestInsertAuthorizedIntegration(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	ai1 := makeAuthorizedIntegration(t)
+	ai2 := makeAuthorizedIntegration(t)
+	ai3 := makeAuthorizedIntegration(t)
+
+	t.Run("blank insert", func(t *testing.T) {
+		err := auth_model.InsertAuthorizedIntegrationResourceRepos(t.Context(), ai1.ID, nil)
+		require.NoError(t, err)
+	})
+
+	t.Run("multiple insert", func(t *testing.T) {
+		resRepo1 := &auth_model.AuthorizedIntegResourceRepo{
+			IntegID: ai2.ID,
+			RepoID:  1,
+		}
+		resRepo3 := &auth_model.AuthorizedIntegResourceRepo{
+			IntegID: ai2.ID,
+			RepoID:  3,
+		}
+		err := auth_model.InsertAuthorizedIntegrationResourceRepos(t.Context(), ai2.ID,
+			[]*auth_model.AuthorizedIntegResourceRepo{resRepo1, resRepo3})
+		require.NoError(t, err)
+
+		unittest.AssertCount(t, &auth_model.AuthorizedIntegResourceRepo{IntegID: ai2.ID}, 2)
+	})
+
+	t.Run("in tx", func(t *testing.T) {
+		// Pre-condition: count is 0.
+		unittest.AssertCount(t, &auth_model.AuthorizedIntegResourceRepo{IntegID: ai3.ID}, 0)
+
+		// Verify that InsertAuthorizedIntegrationResourceRepos performs inserts in a TX by having a second one with an invalid
+		// RepoID, causing a foreign key violation
+		resRepo1 := &auth_model.AuthorizedIntegResourceRepo{
+			IntegID: ai3.ID,
+			RepoID:  1,
+		}
+		resRepo3 := &auth_model.AuthorizedIntegResourceRepo{
+			IntegID: ai3.ID,
+			RepoID:  30000, // invalid
+		}
+		err := auth_model.InsertAuthorizedIntegrationResourceRepos(t.Context(), ai3.ID,
+			[]*auth_model.AuthorizedIntegResourceRepo{resRepo1, resRepo3})
+		require.ErrorContains(t, err, "foreign key")
+
+		// Count remains 0; the first record was not inserted.
+		unittest.AssertCount(t, &auth_model.AuthorizedIntegResourceRepo{IntegID: ai3.ID}, 0)
+	})
+}
diff --git a/models/auth/authorized_integration_test.go b/models/auth/authorized_integration_test.go
index 54cf97fcb5..d705f1a144 100644
--- a/models/auth/authorized_integration_test.go
+++ b/models/auth/authorized_integration_test.go
@@ -4,7 +4,6 @@
 package auth_test
 
 import (
-	"fmt"
 	"testing"
 	"time"
 
@@ -14,25 +13,20 @@ import (
 	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 
-	gouuid "github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
 func makeAuthorizedIntegration(t *testing.T) *auth_model.AuthorizedIntegration {
 	t.Helper()
-
 	ai := &auth_model.AuthorizedIntegration{
 		UserID:           2,
 		Scope:            auth_model.AccessTokenScopeAll,
 		ResourceAllRepos: true,
 		Issuer:           "https://example.org/",
-		Audience:         fmt.Sprintf("https://forgejo.example.org/api/actions/%s", gouuid.New().String()),
 		ClaimRules:       &auth_model.ClaimRules{},
 	}
-	_, err := db.GetEngine(t.Context()).Insert(ai)
-	require.NoError(t, err)
-
+	require.NoError(t, auth_model.InsertAuthorizedIntegration(t.Context(), ai))
 	return ai
 }
 
@@ -79,3 +73,34 @@ func TestAuthorizedIntegrationUpdateLastUsed(t *testing.T) {
 	assert.EqualValues(t, 1777131139, ai.UpdatedUnix)                                                                                // object field updated
 	assert.EqualValues(t, 1777131139, unittest.AssertExistsAndLoadBean(t, &auth_model.AuthorizedIntegration{ID: ai.ID}).UpdatedUnix) // database field updated
 }
+
+func TestNewAuthorizedIntegration(t *testing.T) {
+	ai := &auth_model.AuthorizedIntegration{
+		UserID:           2,
+		Scope:            auth_model.AccessTokenScopeAll,
+		ResourceAllRepos: true,
+		Issuer:           "https://example.org/",
+		ClaimRules:       &auth_model.ClaimRules{},
+	}
+	require.NoError(t, auth_model.InsertAuthorizedIntegration(t.Context(), ai))
+	assert.Contains(t, ai.Audience, "u:2:")
+
+	ai = &auth_model.AuthorizedIntegration{
+		UserID:           2,
+		Scope:            auth_model.AccessTokenScopeAll,
+		ResourceAllRepos: true,
+		Issuer:           "https://example.org/",
+		Audience:         "I made my own audience",
+		ClaimRules:       &auth_model.ClaimRules{},
+	}
+	require.ErrorContains(t, auth_model.InsertAuthorizedIntegration(t.Context(), ai), "audience cannot be provided")
+
+	ai = &auth_model.AuthorizedIntegration{
+		// Forgot to set UserID
+		Scope:            auth_model.AccessTokenScopeAll,
+		ResourceAllRepos: true,
+		Issuer:           "https://example.org/",
+		ClaimRules:       &auth_model.ClaimRules{},
+	}
+	require.ErrorContains(t, auth_model.InsertAuthorizedIntegration(t.Context(), ai), "UserID must be initialized")
+}
diff --git a/services/authz/access_token.go b/services/authz/access_token.go
index 1660881dab..5a6d876cf6 100644
--- a/services/authz/access_token.go
+++ b/services/authz/access_token.go
@@ -33,14 +33,11 @@ func GetAuthorizationReducerForAccessToken(ctx context.Context, token *auth_mode
 	return &SpecificReposAuthorizationReducer{resourceRepos: iface}, nil
 }
 
-// A locale lookup string for the error -- eg. `access_token.error.invalid_something`
-type AccessTokenValidationFailure string
-
 // Validate that an access token's state is valid for creation.  For example, that it doesn't have a conflicting set of
 // resources (public-only and specific repositories), and other similar checks.
 func ValidateAccessToken(token *auth_model.AccessToken, repoResources []*auth_model.AccessTokenResourceRepo) error {
 	// Other validations may be added here in the future.
-	return validateRepositoryResource(token, repoResources)
+	return validateRepositoryResource(token.ResourceAllRepos, token.Scope, len(repoResources))
 }
 
 var (
@@ -49,19 +46,19 @@ var (
 	ErrSpecifiedReposInvalidScope = errors.New("specified repository access token: invalid scope")
 )
 
-func validateRepositoryResource(token *auth_model.AccessToken, repoResources []*auth_model.AccessTokenResourceRepo) error {
+func validateRepositoryResource(resourceAllRepos bool, scope auth_model.AccessTokenScope, numRepoResources int) error {
 	// Access tokens with broad access to all resources don't have any relevant validation rules to apply.
-	if token.ResourceAllRepos {
+	if resourceAllRepos {
 		return nil
 	}
 
 	// Repo-specific access token must have at least one repository.
-	if len(repoResources) == 0 {
+	if numRepoResources == 0 {
 		return ErrSpecifiedReposNone
 	}
 
 	// Can't have public-only and specified repos -- that's a combination that doesn't make sense.
-	if publicOnly, err := token.Scope.PublicOnly(); err != nil {
+	if publicOnly, err := scope.PublicOnly(); err != nil {
 		return err
 	} else if publicOnly {
 		return ErrSpecifiedReposNoPublicOnly
@@ -71,7 +68,7 @@ func validateRepositoryResource(token *auth_model.AccessToken, repoResources []*
 	// support repositories as a resource.  For example, if you had a repo-specific token but then gave it
 	// `write:organization`, it would be able to do operations like delete an organization -- permission checks on the
 	// repository resources wouldn't be applicable to the organization resources.
-	for _, scope := range token.Scope.StringSlice() {
+	for _, scope := range scope.StringSlice() {
 		switch auth_model.AccessTokenScope(scope) {
 		case auth_model.AccessTokenScopeReadIssue,
 			auth_model.AccessTokenScopeWriteIssue,
diff --git a/services/authz/authorized_integration.go b/services/authz/authorized_integration.go
index c463c0aeca..33099c7401 100644
--- a/services/authz/authorized_integration.go
+++ b/services/authz/authorized_integration.go
@@ -31,3 +31,10 @@ func GetAuthorizationReducerForAuthorizedIntegration(ctx context.Context, ai *au
 	}
 	return &SpecificReposAuthorizationReducer{resourceRepos: iface}, nil
 }
+
+// Validate that an authorized integration's state is valid for creation.  For example, that it doesn't have a
+// conflicting set of resources (public-only and specific repositories), and other similar checks.
+func ValidateAuthorizedIntegration(ai *auth_model.AuthorizedIntegration, repoResources []*auth_model.AuthorizedIntegResourceRepo) error {
+	// Other validations may be added here in the future.
+	return validateRepositoryResource(ai.ResourceAllRepos, ai.Scope, len(repoResources))
+}
diff --git a/services/authz/authorized_integration_test.go b/services/authz/authorized_integration_test.go
index fe3ec697a4..cb46a2479f 100644
--- a/services/authz/authorized_integration_test.go
+++ b/services/authz/authorized_integration_test.go
@@ -4,6 +4,7 @@
 package authz
 
 import (
+	"strings"
 	"testing"
 
 	"forgejo.org/models/auth"
@@ -44,3 +45,55 @@ func TestGetAuthorizationReducerForAuthorizedIntegration(t *testing.T) {
 		assert.EqualValues(t, 1, specific.resourceRepos[0].GetTargetRepoID())
 	})
 }
+
+func TestValidateAuthorizedIntegration(t *testing.T) {
+	t.Run("valid - all access", func(t *testing.T) {
+		ai := &auth.AuthorizedIntegration{
+			ResourceAllRepos: true,
+			Scope:            auth.AccessTokenScopeReadRepository,
+		}
+		err := ValidateAuthorizedIntegration(ai, nil)
+		require.NoError(t, err)
+	})
+
+	t.Run("valid - specified repos", func(t *testing.T) {
+		ai := &auth.AuthorizedIntegration{
+			ResourceAllRepos: false,
+			Scope:            auth.AccessTokenScopeReadRepository,
+		}
+		resources := []*auth.AuthorizedIntegResourceRepo{{RepoID: 12}}
+		err := ValidateAuthorizedIntegration(ai, resources)
+		require.NoError(t, err)
+	})
+
+	t.Run("invalid - no specified repos", func(t *testing.T) {
+		ai := &auth.AuthorizedIntegration{
+			ResourceAllRepos: false,
+			Scope:            auth.AccessTokenScopeReadRepository,
+		}
+		resources := []*auth.AuthorizedIntegResourceRepo{}
+		err := ValidateAuthorizedIntegration(ai, resources)
+		require.ErrorIs(t, err, ErrSpecifiedReposNone)
+	})
+
+	t.Run("invalid - specified repos & public-only", func(t *testing.T) {
+		ai := &auth.AuthorizedIntegration{
+			ResourceAllRepos: false,
+			Scope:            auth.AccessTokenScope(strings.Join([]string{string(auth.AccessTokenScopePublicOnly), string(auth.AccessTokenScopeReadRepository)}, ",")),
+		}
+		resources := []*auth.AuthorizedIntegResourceRepo{{RepoID: 12}}
+		err := ValidateAuthorizedIntegration(ai, resources)
+		require.ErrorIs(t, err, ErrSpecifiedReposNoPublicOnly)
+	})
+
+	t.Run("invalid - specified repos unsupported scopes", func(t *testing.T) {
+		ai := &auth.AuthorizedIntegration{
+			ResourceAllRepos: false,
+			Scope:            auth.AccessTokenScopeReadAdmin,
+		}
+		resources := []*auth.AuthorizedIntegResourceRepo{{RepoID: 12}}
+		err := ValidateAuthorizedIntegration(ai, resources)
+		require.ErrorIs(t, err, ErrSpecifiedReposInvalidScope)
+		require.ErrorContains(t, err, string(auth.AccessTokenScopeReadAdmin))
+	})
+}

From 733a390ecd1609a72f4123c9ab5101b85f3437e9 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 29 Apr 2026 05:26:22 +0200
Subject: [PATCH 753/854] fix: verify PR author has write access to head to
 support allow maintainers edit (#12292)

When a pull request is opened, the author is able to mark that pull request to "Allow edits from maintainers", which grants the maintainers of the pull request's repo access to edit the pull request branch contents.  It is possible to create a pull request where the pull request author does not have the ability to edit the pull request branch.  Due to a missing security check for this case, maintainers of the pull request repo would be granted the ability to edit the pull request branch, even if the author of the pull request did not have that ability.  By exploiting this missing security check, a user can edit any branch in a repository if they're able to fork that repository.  The issue is being fixed by restricting the scope of "Allow edits from maintainers" to only grant that access if the pull request author also had access to edit the branch.

Thanks to Arvin Shivram of Brutecat Security for discovering and responsibly disclosing the vulnerability.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12292
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
---
 models/issues/pull_list.go            |  47 +++++++++++-
 release-notes/12293.md                |   1 +
 release-notes/12294.md                |   1 +
 release-notes/12295.md                |   1 +
 services/pull/pull.go                 |   4 +-
 tests/integration/pull_update_test.go | 102 ++++++++++++++++++++++++++
 6 files changed, 153 insertions(+), 3 deletions(-)
 create mode 100644 release-notes/12293.md
 create mode 100644 release-notes/12294.md
 create mode 100644 release-notes/12295.md

diff --git a/models/issues/pull_list.go b/models/issues/pull_list.go
index 861ccace81..10e39c6a49 100644
--- a/models/issues/pull_list.go
+++ b/models/issues/pull_list.go
@@ -73,7 +73,7 @@ func GetUnmergedPullRequestsByHeadInfoMax(ctx context.Context, repoID, olderThan
 }
 
 // GetUnmergedPullRequestsByHeadInfo returns all pull requests that are open and has not been merged
-func GetUnmergedPullRequestsByHeadInfo(ctx context.Context, repoID int64, branch string) ([]*PullRequest, error) {
+func GetUnmergedPullRequestsByHeadInfo(ctx context.Context, repoID int64, branch string) (PullRequestList, error) {
 	prs := make([]*PullRequest, 0, 2)
 	sess := db.GetEngine(ctx).
 		Join("INNER", "issue", "issue.id = pull_request.issue_id").
@@ -92,18 +92,44 @@ func CanMaintainerWriteToBranch(ctx context.Context, p access_model.Permission,
 	}
 
 	prs, err := GetUnmergedPullRequestsByHeadInfo(ctx, p.Units[0].RepoID, branch)
+	// All these error cases return `false` to defer to the safer choice of not allowing write access on an error.
 	if err != nil {
+		log.Error("GetUnmergedPullRequestsByHeadInfo failed: %s", err)
+		return false
+	} else if issues, err := prs.LoadIssues(ctx); err != nil {
+		log.Error("LoadIssues failed: %s", err)
+		return false
+	} else if err := issues.LoadPosters(ctx); err != nil {
+		log.Error("LoadPosters failed: %s", err)
+		return false
+	} else if err := prs.LoadHeadRepos(ctx); err != nil {
+		log.Error("LoadHeadRepos failed: %s", err)
 		return false
 	}
 
 	for _, pr := range prs {
 		if pr.AllowMaintainerEdit {
+			// PR Poster must have write access to the head, so that when they turned on "AllowMaintainerEdit" they
+			// delegated that write access to the maintainers of the PR base.  If they don't currently have write
+			// access, they can't delegate that access.
+			poster := pr.Issue.Poster
+			posterHeadPerm, err := access_model.GetUserRepoPermission(ctx, pr.HeadRepo, poster)
+			if err != nil {
+				log.Error("GetUserRepoPermission failed: %s", err)
+				continue
+			}
+			if !posterHeadPerm.CanWrite(unit.TypeCode) {
+				continue
+			}
+
 			err = pr.LoadBaseRepo(ctx)
 			if err != nil {
+				log.Error("LoadBaseRepo failed: %s", err)
 				continue
 			}
 			prPerm, err := access_model.GetUserRepoPermission(ctx, pr.BaseRepo, user)
 			if err != nil {
+				log.Error("GetUserRepoPermission failed: %s", err)
 				continue
 			}
 			if prPerm.CanWrite(unit.TypeCode) {
@@ -250,6 +276,25 @@ func (prs PullRequestList) LoadIssues(ctx context.Context) (IssueList, error) {
 	return issueList, nil
 }
 
+func (prs PullRequestList) LoadHeadRepos(ctx context.Context) error {
+	repoIDs := []int64{}
+	for _, pr := range prs {
+		repoIDs = append(repoIDs, pr.HeadRepoID)
+	}
+	repos, err := db.GetByIDs(ctx, "id", repoIDs, &repo_model.Repository{})
+	if err != nil {
+		return err
+	}
+	for _, pr := range prs {
+		repo, ok := repos[pr.HeadRepoID]
+		if !ok {
+			return fmt.Errorf("unable to find repo %d", pr.HeadRepoID)
+		}
+		pr.HeadRepo = repo
+	}
+	return nil
+}
+
 // GetIssueIDs returns all issue ids
 func (prs PullRequestList) GetIssueIDs() []int64 {
 	return container.FilterSlice(prs, func(pr *PullRequest) (int64, bool) {
diff --git a/release-notes/12293.md b/release-notes/12293.md
new file mode 100644
index 0000000000..0052eced48
--- /dev/null
+++ b/release-notes/12293.md
@@ -0,0 +1 @@
+When a pull request is opened, the author is able to mark that pull request to "Allow edits from maintainers", which grants the maintainers of the pull request's repo access to edit the pull request branch contents.  It is possible to create a pull request where the pull request author does not have the ability to edit the pull request branch.  Due to a missing security check for this case, maintainers of the pull request repo would be granted the ability to edit the pull request branch, even if the author of the pull request did not have that ability.  By exploiting this missing security check, a user can edit any branch in a repository if they're able to fork that repository.  The issue is being fixed by restricting the scope of "Allow edits from maintainers" to only grant that access if the pull request author also had access to edit the branch.
diff --git a/release-notes/12294.md b/release-notes/12294.md
new file mode 100644
index 0000000000..0052eced48
--- /dev/null
+++ b/release-notes/12294.md
@@ -0,0 +1 @@
+When a pull request is opened, the author is able to mark that pull request to "Allow edits from maintainers", which grants the maintainers of the pull request's repo access to edit the pull request branch contents.  It is possible to create a pull request where the pull request author does not have the ability to edit the pull request branch.  Due to a missing security check for this case, maintainers of the pull request repo would be granted the ability to edit the pull request branch, even if the author of the pull request did not have that ability.  By exploiting this missing security check, a user can edit any branch in a repository if they're able to fork that repository.  The issue is being fixed by restricting the scope of "Allow edits from maintainers" to only grant that access if the pull request author also had access to edit the branch.
diff --git a/release-notes/12295.md b/release-notes/12295.md
new file mode 100644
index 0000000000..0052eced48
--- /dev/null
+++ b/release-notes/12295.md
@@ -0,0 +1 @@
+When a pull request is opened, the author is able to mark that pull request to "Allow edits from maintainers", which grants the maintainers of the pull request's repo access to edit the pull request branch contents.  It is possible to create a pull request where the pull request author does not have the ability to edit the pull request branch.  Due to a missing security check for this case, maintainers of the pull request repo would be granted the ability to edit the pull request branch, even if the author of the pull request did not have that ability.  By exploiting this missing security check, a user can edit any branch in a repository if they're able to fork that repository.  The issue is being fixed by restricting the scope of "Allow edits from maintainers" to only grant that access if the pull request author also had access to edit the branch.
diff --git a/services/pull/pull.go b/services/pull/pull.go
index 617d5d0806..7c078a0058 100644
--- a/services/pull/pull.go
+++ b/services/pull/pull.go
@@ -534,7 +534,7 @@ func CloseBranchPulls(ctx context.Context, doer *user_model.User, repoID int64,
 	}
 
 	prs = append(prs, prs2...)
-	if err := issues_model.PullRequestList(prs).LoadAttributes(ctx); err != nil {
+	if err := prs.LoadAttributes(ctx); err != nil {
 		return err
 	}
 
@@ -564,7 +564,7 @@ func CloseRepoBranchesPulls(ctx context.Context, doer *user_model.User, repo *re
 			return err
 		}
 
-		if err = issues_model.PullRequestList(prs).LoadAttributes(ctx); err != nil {
+		if err = prs.LoadAttributes(ctx); err != nil {
 			return err
 		}
 
diff --git a/tests/integration/pull_update_test.go b/tests/integration/pull_update_test.go
index 42f9e841e1..d013dfeb95 100644
--- a/tests/integration/pull_update_test.go
+++ b/tests/integration/pull_update_test.go
@@ -4,6 +4,7 @@
 package integration
 
 import (
+	"encoding/base64"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -130,6 +131,107 @@ func TestAPIPullUpdateBranchProtection(t *testing.T) {
 	})
 }
 
+func TestAPIPullAllowMaintainerEditRestrictedHead(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
+		baseRepoOwner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
+
+		realBaseRepo, _, cleanup := tests.CreateDeclarativeRepo(t, baseRepoOwner, "base-repo", nil, nil, nil)
+		defer cleanup()
+
+		forkUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		forkRepo, err := repo_service.ForkRepositoryAndUpdates(t.Context(), forkUser, forkUser, repo_service.ForkRepoOptions{
+			BaseRepo:    realBaseRepo,
+			Name:        "repo-pr-update",
+			Description: "desc",
+		})
+		require.NoError(t, err)
+		assert.NotNil(t, forkRepo)
+
+		_, err = files_service.ChangeRepoFiles(git.DefaultContext, forkRepo, forkUser, &files_service.ChangeRepoFilesOptions{
+			Files: []*files_service.ChangeRepoFile{
+				{
+					Operation:     "create",
+					TreePath:      "File_B",
+					ContentReader: strings.NewReader("File B"),
+				},
+			},
+			Message:   "Add File on PR branch",
+			OldBranch: "main",
+			NewBranch: "main",
+			Author: &files_service.IdentityOptions{
+				Name:  forkUser.Name,
+				Email: forkUser.Email,
+			},
+			Committer: &files_service.IdentityOptions{
+				Name:  forkUser.Name,
+				Email: forkUser.Email,
+			},
+			Dates: &files_service.CommitDateOptions{
+				Author:    time.Now(),
+				Committer: time.Now(),
+			},
+		})
+		require.NoError(t, err)
+
+		// Create a pull request that is unexpectedly backwards -- normally we'd request a branch from the fork to be
+		// merged into the original base repo. But there's nothing preventing us from creating a pull request for the
+		// base to be pulled into the fork:
+
+		pullIssue := &issues_model.Issue{
+			RepoID:   forkRepo.ID,
+			Title:    "Pull Base into Fork",
+			PosterID: forkUser.ID,
+			Poster:   forkUser,
+			IsPull:   true,
+		}
+		pullRequest := &issues_model.PullRequest{
+			HeadRepoID:          realBaseRepo.ID,
+			BaseRepoID:          forkRepo.ID,
+			HeadBranch:          "main",
+			BaseBranch:          "main",
+			HeadRepo:            realBaseRepo,
+			BaseRepo:            forkRepo,
+			Type:                issues_model.PullRequestGitea,
+			AllowMaintainerEdit: true,
+		}
+		err = pull_service.NewPullRequest(git.DefaultContext, forkRepo, pullIssue, nil, nil, pullRequest, nil)
+		require.NoError(t, err)
+
+		// forkUser is the owner of forkRepo, and therefore a maintainer of forkRepo.  `AllowMaintainerEdit` should
+		// allow forkUser to edit the head of the PR... except that, in this case, the owner of the PR delegated that
+		// edit access but they never had that edit access.  Try to modify the head repo & branch to see.
+		session := loginUser(t, forkUser.LoginName)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+		// Attempt modification by editing the realBase's main branch via API:
+		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/contents/File_A", realBaseRepo.OwnerName, realBaseRepo.Name),
+			&api.CreateFileOptions{
+				FileOptions: api.FileOptions{
+					BranchName:    "main",
+					NewBranchName: "main",
+					Message:       "illegal change",
+					Author: api.Identity{
+						Name:  forkUser.FullName,
+						Email: forkUser.Email,
+					},
+					Committer: api.Identity{
+						Name:  forkUser.FullName,
+						Email: forkUser.Email,
+					},
+				},
+				ContentBase64: base64.StdEncoding.EncodeToString([]byte("Some content.")),
+			}).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusForbidden)
+
+		// Modify by "updating" the PR, which would pull the base into the head, even though we don't have access to
+		// write the head:
+		req = NewRequestf(t, "POST", "/api/v1/repos/%s/%s/pulls/%d/update", forkRepo.OwnerName, forkRepo.Name, pullIssue.Index).
+			AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusInternalServerError) // probably should be Forbidden
+	})
+}
+
 func TestAPIViewUpdateSettings(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, giteaURL *url.URL) {
 		// Create PR to test

From 7d2a9bb0fccba7606f5c128f29d40540802b2654 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Wed, 29 Apr 2026 14:36:54 +0200
Subject: [PATCH 754/854] chore(release-notes): Forgejo v11.0.13 [skip ci]
 (#12312)

https://codeberg.org/forgejo/forgejo/milestone/75468
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12312
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 release-notes-published/11.0.13.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 release-notes-published/11.0.13.md

diff --git a/release-notes-published/11.0.13.md b/release-notes-published/11.0.13.md
new file mode 100644
index 0000000000..2db924f20b
--- /dev/null
+++ b/release-notes-published/11.0.13.md
@@ -0,0 +1,15 @@
+
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12295): <!--number 12295 --><!--line 0 --><!--description V2hlbiBhIHB1bGwgcmVxdWVzdCBpcyBvcGVuZWQsIHRoZSBhdXRob3IgaXMgYWJsZSB0byBtYXJrIHRoYXQgcHVsbCByZXF1ZXN0IHRvICJBbGxvdyBlZGl0cyBmcm9tIG1haW50YWluZXJzIiwgd2hpY2ggZ3JhbnRzIHRoZSBtYWludGFpbmVycyBvZiB0aGUgcHVsbCByZXF1ZXN0J3MgcmVwbyBhY2Nlc3MgdG8gZWRpdCB0aGUgcHVsbCByZXF1ZXN0IGJyYW5jaCBjb250ZW50cy4gIEl0IGlzIHBvc3NpYmxlIHRvIGNyZWF0ZSBhIHB1bGwgcmVxdWVzdCB3aGVyZSB0aGUgcHVsbCByZXF1ZXN0IGF1dGhvciBkb2VzIG5vdCBoYXZlIHRoZSBhYmlsaXR5IHRvIGVkaXQgdGhlIHB1bGwgcmVxdWVzdCBicmFuY2guICBEdWUgdG8gYSBtaXNzaW5nIHNlY3VyaXR5IGNoZWNrIGZvciB0aGlzIGNhc2UsIG1haW50YWluZXJzIG9mIHRoZSBwdWxsIHJlcXVlc3QgcmVwbyB3b3VsZCBiZSBncmFudGVkIHRoZSBhYmlsaXR5IHRvIGVkaXQgdGhlIHB1bGwgcmVxdWVzdCBicmFuY2gsIGV2ZW4gaWYgdGhlIGF1dGhvciBvZiB0aGUgcHVsbCByZXF1ZXN0IGRpZCBub3QgaGF2ZSB0aGF0IGFiaWxpdHkuICBCeSBleHBsb2l0aW5nIHRoaXMgbWlzc2luZyBzZWN1cml0eSBjaGVjaywgYSB1c2VyIGNhbiBlZGl0IGFueSBicmFuY2ggaW4gYSByZXBvc2l0b3J5IGlmIHRoZXkncmUgYWJsZSB0byBmb3JrIHRoYXQgcmVwb3NpdG9yeS4gIFRoZSBpc3N1ZSBpcyBiZWluZyBmaXhlZCBieSByZXN0cmljdGluZyB0aGUgc2NvcGUgb2YgIkFsbG93IGVkaXRzIGZyb20gbWFpbnRhaW5lcnMiIHRvIG9ubHkgZ3JhbnQgdGhhdCBhY2Nlc3MgaWYgdGhlIHB1bGwgcmVxdWVzdCBhdXRob3IgYWxzbyBoYWQgYWNjZXNzIHRvIGVkaXQgdGhlIGJyYW5jaC4=-->When a pull request is opened, the author is able to mark that pull request to "Allow edits from maintainers", which grants the maintainers of the pull request's repo access to edit the pull request branch contents.  It is possible to create a pull request where the pull request author does not have the ability to edit the pull request branch.  Due to a missing security check for this case, maintainers of the pull request repo would be granted the ability to edit the pull request branch, even if the author of the pull request did not have that ability.  By exploiting this missing security check, a user can edit any branch in a repository if they're able to fork that repository.  The issue is being fixed by restricting the scope of "Allow edits from maintainers" to only grant that access if the pull request author also had access to edit the branch.<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12156) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12315)): <!--number 12315 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuNi4wIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.6.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12253): <!--number 12253 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgcG9zdGNzcyB0byB2OC41LjEwIFtTRUNVUklUWV0gKHYxMS4wL2Zvcmdlam8p-->Update dependency postcss to v8.5.10 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12222): <!--number 12222 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzkuMCBbU0VDVVJJVFldICh2MTEuMC9mb3JnZWpvKQ==-->Update module golang.org/x/image to v0.39.0 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12175): <!--number 12175 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2dvLWdpdC9nby1naXQvdjUgdG8gdjUuMTguMCBbU0VDVVJJVFldICh2MTEuMC9mb3JnZWpvKSAtIGF1dG9jbG9zZWQ=-->Update module github.com/go-git/go-git/v5 to v5.18.0 [SECURITY] (v11.0/forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12144) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12148)): <!--number 12148 --><!--line 0 --><!--description Zml4OiBtYWtlIC9yZXBvcy9zZWFyY2g/dWlkPS0yIHJldHVybiB6ZXJvIHJlc3VsdHMsIG5vIHJlcG9zIHdpdGggdGhhdCBvd25lcg==-->fix: make /repos/search?uid=-2 return zero results, no repos with that owner<!--description-->
+<!--end release-notes-assistant-->

From cc5f118af85b5fa9a0d371d8a6672cc0e907a2df Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Wed, 29 Apr 2026 14:37:20 +0200
Subject: [PATCH 755/854] chore(release-notes): Forgejo v14.0.5 [skip ci]
 (#12313)

https://codeberg.org/forgejo/forgejo/milestone/75498
Co-authored-by: viceice <michael.kriese@gmx.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12313
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 release-notes-published/14.0.5.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 release-notes-published/14.0.5.md

diff --git a/release-notes-published/14.0.5.md b/release-notes-published/14.0.5.md
new file mode 100644
index 0000000000..4794bfb96d
--- /dev/null
+++ b/release-notes-published/14.0.5.md
@@ -0,0 +1,17 @@
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12294): <!--number 12294 --><!--line 0 --><!--description V2hlbiBhIHB1bGwgcmVxdWVzdCBpcyBvcGVuZWQsIHRoZSBhdXRob3IgaXMgYWJsZSB0byBtYXJrIHRoYXQgcHVsbCByZXF1ZXN0IHRvICJBbGxvdyBlZGl0cyBmcm9tIG1haW50YWluZXJzIiwgd2hpY2ggZ3JhbnRzIHRoZSBtYWludGFpbmVycyBvZiB0aGUgcHVsbCByZXF1ZXN0J3MgcmVwbyBhY2Nlc3MgdG8gZWRpdCB0aGUgcHVsbCByZXF1ZXN0IGJyYW5jaCBjb250ZW50cy4gIEl0IGlzIHBvc3NpYmxlIHRvIGNyZWF0ZSBhIHB1bGwgcmVxdWVzdCB3aGVyZSB0aGUgcHVsbCByZXF1ZXN0IGF1dGhvciBkb2VzIG5vdCBoYXZlIHRoZSBhYmlsaXR5IHRvIGVkaXQgdGhlIHB1bGwgcmVxdWVzdCBicmFuY2guICBEdWUgdG8gYSBtaXNzaW5nIHNlY3VyaXR5IGNoZWNrIGZvciB0aGlzIGNhc2UsIG1haW50YWluZXJzIG9mIHRoZSBwdWxsIHJlcXVlc3QgcmVwbyB3b3VsZCBiZSBncmFudGVkIHRoZSBhYmlsaXR5IHRvIGVkaXQgdGhlIHB1bGwgcmVxdWVzdCBicmFuY2gsIGV2ZW4gaWYgdGhlIGF1dGhvciBvZiB0aGUgcHVsbCByZXF1ZXN0IGRpZCBub3QgaGF2ZSB0aGF0IGFiaWxpdHkuICBCeSBleHBsb2l0aW5nIHRoaXMgbWlzc2luZyBzZWN1cml0eSBjaGVjaywgYSB1c2VyIGNhbiBlZGl0IGFueSBicmFuY2ggaW4gYSByZXBvc2l0b3J5IGlmIHRoZXkncmUgYWJsZSB0byBmb3JrIHRoYXQgcmVwb3NpdG9yeS4gIFRoZSBpc3N1ZSBpcyBiZWluZyBmaXhlZCBieSByZXN0cmljdGluZyB0aGUgc2NvcGUgb2YgIkFsbG93IGVkaXRzIGZyb20gbWFpbnRhaW5lcnMiIHRvIG9ubHkgZ3JhbnQgdGhhdCBhY2Nlc3MgaWYgdGhlIHB1bGwgcmVxdWVzdCBhdXRob3IgYWxzbyBoYWQgYWNjZXNzIHRvIGVkaXQgdGhlIGJyYW5jaC4=-->When a pull request is opened, the author is able to mark that pull request to "Allow edits from maintainers", which grants the maintainers of the pull request's repo access to edit the pull request branch contents.  It is possible to create a pull request where the pull request author does not have the ability to edit the pull request branch.  Due to a missing security check for this case, maintainers of the pull request repo would be granted the ability to edit the pull request branch, even if the author of the pull request did not have that ability.  By exploiting this missing security check, a user can edit any branch in a repository if they're able to fork that repository.  The issue is being fixed by restricting the scope of "Allow edits from maintainers" to only grant that access if the pull request author also had access to edit the branch.<!--description-->
+- Localization
+  - Backport of translations from Codeberg Translate: [#12305](https://codeberg.org/forgejo/forgejo/pulls/12305) (backport of [#12128](https://codeberg.org/forgejo/forgejo/pulls/12128))
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12156) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12316)): <!--number 12316 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuNi4wIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.6.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12254): <!--number 12254 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgcG9zdGNzcyB0byB2OC41LjEwIFtTRUNVUklUWV0gKHYxNC4wL2Zvcmdlam8p-->Update dependency postcss to v8.5.10 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12223): <!--number 12223 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzkuMCBbU0VDVVJJVFldICh2MTQuMC9mb3JnZWpvKQ==-->Update module golang.org/x/image to v0.39.0 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12176): <!--number 12176 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ28tZ2l0L2dvLWdpdC92NSAoaW5kaXJlY3QpIHRvIHY1LjE4LjAgW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2VqbykgLSBhdXRvY2xvc2Vk-->Update github.com/go-git/go-git/v5 (indirect) to v5.18.0 [SECURITY] (v14.0/forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12133): <!--number 12133 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2phY2tjL3BneC92NSB0byB2NS45LjAgW1NFQ1VSSVRZXSAodjE0LjAvZm9yZ2Vqbyk=-->Update module github.com/jackc/pgx/v5 to v5.9.0 [SECURITY] (v14.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12144) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12149)): <!--number 12149 --><!--line 0 --><!--description Zml4OiBtYWtlIC9yZXBvcy9zZWFyY2g/dWlkPS0yIHJldHVybiB6ZXJvIHJlc3VsdHMsIG5vIHJlcG9zIHdpdGggdGhhdCBvd25lcg==-->fix: make /repos/search?uid=-2 return zero results, no repos with that owner<!--description-->
+<!--end release-notes-assistant-->

From 993b419fe3e9dd4125968b64388b9cd9fd81f753 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Wed, 29 Apr 2026 14:37:45 +0200
Subject: [PATCH 756/854] chore(release-notes): Forgejo v15.0.1 (#12314)

https://codeberg.org/forgejo/forgejo/milestone/76566
Co-authored-by: viceice <michael.kriese@gmx.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12314
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 release-notes-published/15.0.1.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 release-notes-published/15.0.1.md

diff --git a/release-notes-published/15.0.1.md b/release-notes-published/15.0.1.md
new file mode 100644
index 0000000000..4d05ed923c
--- /dev/null
+++ b/release-notes-published/15.0.1.md
@@ -0,0 +1,29 @@
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12293): <!--number 12293 --><!--line 0 --><!--description V2hlbiBhIHB1bGwgcmVxdWVzdCBpcyBvcGVuZWQsIHRoZSBhdXRob3IgaXMgYWJsZSB0byBtYXJrIHRoYXQgcHVsbCByZXF1ZXN0IHRvICJBbGxvdyBlZGl0cyBmcm9tIG1haW50YWluZXJzIiwgd2hpY2ggZ3JhbnRzIHRoZSBtYWludGFpbmVycyBvZiB0aGUgcHVsbCByZXF1ZXN0J3MgcmVwbyBhY2Nlc3MgdG8gZWRpdCB0aGUgcHVsbCByZXF1ZXN0IGJyYW5jaCBjb250ZW50cy4gIEl0IGlzIHBvc3NpYmxlIHRvIGNyZWF0ZSBhIHB1bGwgcmVxdWVzdCB3aGVyZSB0aGUgcHVsbCByZXF1ZXN0IGF1dGhvciBkb2VzIG5vdCBoYXZlIHRoZSBhYmlsaXR5IHRvIGVkaXQgdGhlIHB1bGwgcmVxdWVzdCBicmFuY2guICBEdWUgdG8gYSBtaXNzaW5nIHNlY3VyaXR5IGNoZWNrIGZvciB0aGlzIGNhc2UsIG1haW50YWluZXJzIG9mIHRoZSBwdWxsIHJlcXVlc3QgcmVwbyB3b3VsZCBiZSBncmFudGVkIHRoZSBhYmlsaXR5IHRvIGVkaXQgdGhlIHB1bGwgcmVxdWVzdCBicmFuY2gsIGV2ZW4gaWYgdGhlIGF1dGhvciBvZiB0aGUgcHVsbCByZXF1ZXN0IGRpZCBub3QgaGF2ZSB0aGF0IGFiaWxpdHkuICBCeSBleHBsb2l0aW5nIHRoaXMgbWlzc2luZyBzZWN1cml0eSBjaGVjaywgYSB1c2VyIGNhbiBlZGl0IGFueSBicmFuY2ggaW4gYSByZXBvc2l0b3J5IGlmIHRoZXkncmUgYWJsZSB0byBmb3JrIHRoYXQgcmVwb3NpdG9yeS4gIFRoZSBpc3N1ZSBpcyBiZWluZyBmaXhlZCBieSByZXN0cmljdGluZyB0aGUgc2NvcGUgb2YgIkFsbG93IGVkaXRzIGZyb20gbWFpbnRhaW5lcnMiIHRvIG9ubHkgZ3JhbnQgdGhhdCBhY2Nlc3MgaWYgdGhlIHB1bGwgcmVxdWVzdCBhdXRob3IgYWxzbyBoYWQgYWNjZXNzIHRvIGVkaXQgdGhlIGJyYW5jaC4=-->When a pull request is opened, the author is able to mark that pull request to "Allow edits from maintainers", which grants the maintainers of the pull request's repo access to edit the pull request branch contents.  It is possible to create a pull request where the pull request author does not have the ability to edit the pull request branch.  Due to a missing security check for this case, maintainers of the pull request repo would be granted the ability to edit the pull request branch, even if the author of the pull request did not have that ability.  By exploiting this missing security check, a user can edit any branch in a repository if they're able to fork that repository.  The issue is being fixed by restricting the scope of "Allow edits from maintainers" to only grant that access if the pull request author also had access to edit the branch.<!--description-->
+- Localization
+  - Backport of translations from Codeberg Translate: [#12306](https://codeberg.org/forgejo/forgejo/pulls/12306) (backport of [#12128](https://codeberg.org/forgejo/forgejo/pulls/12128))
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/11685) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12171)): <!--number 12171 --><!--line 0 --><!--description Zml4OiBhbHdheXMgaW5jbHVkZSBmaWxlcyBzZXQgdG8gYmUgZGV0ZWN0YWJsZSBmb3IgbGFuZ3VhZ2Ugc3RhdHM=-->fix: always include files set to be detectable for language stats<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12079) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12166)): <!--number 12166 --><!--line 0 --><!--description RXhjbHVkZSBTU0ggY2VydGlmaWNhdGUgcHJpbmNpcGFscyBmcm9tIG91dHB1dCB3aGVuIHZpZXdpbmcgdXNlcidzIFNTSCBrZXlz-->Exclude SSH certificate principals from output when viewing user's SSH keys<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12156) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12317)): <!--number 12317 --><!--line 0 --><!--description VXBkYXRlIGh0dHBzOi8vZGF0YS5mb3JnZWpvLm9yZy9mb3JnZWpvL2Zvcmdlam8tYnVpbGQtcHVibGlzaCBhY3Rpb24gdG8gdjUuNi4wIChmb3JnZWpvKQ==-->Update https://data.forgejo.org/forgejo/forgejo-build-publish action to v5.6.0 (forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12271) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12272)): <!--number 12272 --><!--line 0 --><!--description Zml4OiBhbGxvdyB2aWV3aW5nIEFjdGlvbnMgcnVuIHRyaWdnZXJlZCBieSBkZWxldGVkIHVzZXI=-->fix: allow viewing Actions run triggered by deleted user<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12255): <!--number 12255 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgcG9zdGNzcyB0byB2OC41LjEwIFtTRUNVUklUWV0gKHYxNS4wL2Zvcmdlam8p-->Update dependency postcss to v8.5.10 [SECURITY] (v15.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12235): <!--number 12235 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnaXRodWIuY29tL2phY2tjL3BneC92NSB0byB2NS45LjIgW1NFQ1VSSVRZXSAodjE1LjAvZm9yZ2Vqbyk=-->Update module github.com/jackc/pgx/v5 to v5.9.2 [SECURITY] (v15.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12227) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12233)): <!--number 12233 --><!--line 0 --><!--description Zml4OiBjb21wYXJlIGJyYW5jaGVzIHdpdGggbmFtZXMgYGRpZmZgIG9yIGBwYXRjaGA=-->fix: compare branches with names `diff` or `patch`<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12224) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12229)): <!--number 12229 --><!--line 0 --><!--description Zml4OiByZXNvbHZlIG91dGVyIHdvcmtmbG93IGNhbGwgdG8gc3VjY2Vzcywgbm90IGZhaWx1cmUsIG9uIGlubmVyIGpvYiBza2lw-->fix: resolve outer workflow call to success, not failure, on inner job skip<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12218): <!--number 12218 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvaW1hZ2UgdG8gdjAuMzkuMCAodjE1LjAvZm9yZ2Vqbyk=-->Update module golang.org/x/image to v0.39.0 (v15.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12213) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12216)): <!--number 12216 --><!--line 0 --><!--description Zml4OiBzZWNyZXQgbmFtZS1wcmVmaXggcmVnZXg=-->fix: secret name-prefix regex<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12214) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12215)): <!--number 12215 --><!--line 0 --><!--description Zml4KHVpKTogYWxsb3cgY3JlYXRpbmcgZmlsZXMgd2l0aCBuYW1lIHN0YXJ0aW5nIHdpdGggZGFzaA==-->fix(ui): allow creating files with name starting with dash<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12151) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12199)): <!--number 12199 --><!--line 0 --><!--description Zml4OiBDb2RlTWlycm9yIGUyZSB0ZXN0-->fix: CodeMirror e2e test<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12183) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12185)): <!--number 12185 --><!--line 0 --><!--description Zml4KGkxOG4pOiBkb24ndCBsb2cgaGFybWxlc3MgbWlzc2luZyB0cmFuc2xhdGlvbnMgYXMgZXJyb3Jz-->fix(i18n): don't log harmless missing translations as errors<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12177): <!--number 12177 --><!--line 0 --><!--description VXBkYXRlIGdpdGh1Yi5jb20vZ28tZ2l0L2dvLWdpdC92NSAoaW5kaXJlY3QpIHRvIHY1LjE4LjAgW1NFQ1VSSVRZXSAodjE1LjAvZm9yZ2VqbykgLSBhdXRvY2xvc2Vk-->Update github.com/go-git/go-git/v5 (indirect) to v5.18.0 [SECURITY] (v15.0/forgejo) - autoclosed<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12154): <!--number 12154 --><!--line 0 --><!--description Y2hvcmU6IGJ1bXAgeG9ybSB0byB2MS4zLjktZm9yZ2Vqby4xMQ==-->chore: bump xorm to v1.3.9-forgejo.11<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12144) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12150)): <!--number 12150 --><!--line 0 --><!--description Zml4OiBtYWtlIC9yZXBvcy9zZWFyY2g/dWlkPS0yIHJldHVybiB6ZXJvIHJlc3VsdHMsIG5vIHJlcG9zIHdpdGggdGhhdCBvd25lcg==-->fix: make /repos/search?uid=-2 return zero results, no repos with that owner<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12143) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12147)): <!--number 12147 --><!--line 0 --><!--description Zml4OiBjb250aW51ZWQgQVBJIHJlc3BvbnNlIHByb2Nlc3NpbmcgYWZ0ZXIgZXJyb3IgaW4gYC9yZXBvcy9zZWFyY2hgIEFQSQ==-->fix: continued API response processing after error in `/repos/search` API<!--description-->
+<!--end release-notes-assistant-->

From be3fe4ff60c85f5c8749c16325b9e804ad0d951a Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 29 Apr 2026 19:13:01 +0200
Subject: [PATCH 757/854] feat: allow Authorized Integrations to authenticate
 to Forgejo's package registries (#12310)

Enables and tests the usage of Authorized Integrations to access the package registries.  Specific testing includes:
- Container registry -- automated testing and manual testing
- Generic registry, w/ detailed authorization tests -- automated testing
- Conan registry -- automated testing (uses an "authenticate" endpoint that required updates)
- npm registry -- manual testing with a Forgejo Action publishing packages

For the container & conan registeries, where the client uses an authentication endpoint to request a temporary access token, the expiry of the temporary access token is restricted to the expiry of the authorized integration's JWT for the authorized integration in order to prevent an escalation of privileges.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12310
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 routers/api/packages/api.go                   |  6 +++
 routers/api/packages/conan/conan.go           |  3 +-
 routers/api/packages/container/container.go   |  3 +-
 services/auth/interface.go                    |  9 ++++
 .../auth_result_authorized_integration.go     | 12 ++++--
 .../auth/method/authorized_integration.go     | 16 ++++++--
 .../method/authorized_integration_test.go     | 35 ++++++++++++----
 services/packages/auth.go                     | 13 +++++-
 tests/integration/api_packages_conan_test.go  | 39 ++++++++++++++++++
 .../api_packages_container_test.go            | 22 ++++++++++
 tests/integration/api_packages_test.go        | 41 +++++++++++++++++--
 11 files changed, 178 insertions(+), 21 deletions(-)

diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go
index 4a35948eca..7106521e85 100644
--- a/routers/api/packages/api.go
+++ b/routers/api/packages/api.go
@@ -199,6 +199,7 @@ func CommonRoutes() *web.Route {
 		&nuget.Auth{},
 		&conan.Auth{},
 		&chef.Auth{},
+		&auth_method.AuthorizedIntegration{},
 	})
 
 	r.Group("/{username}", func() {
@@ -845,6 +846,11 @@ func ContainerRoutes() *web.Route {
 		&auth_method.ActionRuntimeToken{},
 		&auth_method.ActionTaskToken{},
 		&container.Auth{},
+		&auth_method.AuthorizedIntegration{
+			// `docker login` can't send a bearer token, so enable reading a token from the password field of
+			// `Authorization: Basic ...`.
+			PermitBasic: true,
+		},
 	})
 
 	r.Get("", container.ReqContainerAccess, container.DetermineSupport)
diff --git a/routers/api/packages/conan/conan.go b/routers/api/packages/conan/conan.go
index cc894aec2f..5829c432ad 100644
--- a/routers/api/packages/conan/conan.go
+++ b/routers/api/packages/conan/conan.go
@@ -119,8 +119,9 @@ func Authenticate(ctx *context.Context) {
 
 	// If there's an API scope, ensure it propagates.
 	scope := ctx.Authentication.Scope().ValueOrZeroValue()
+	exp := ctx.Authentication.ExpiresAt()
 
-	token, err := packages_service.CreateAuthorizationToken(ctx.Doer, scope)
+	token, err := packages_service.CreateAuthorizationToken(ctx.Doer, scope, exp)
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
diff --git a/routers/api/packages/container/container.go b/routers/api/packages/container/container.go
index eb81773b4c..df14ca6280 100644
--- a/routers/api/packages/container/container.go
+++ b/routers/api/packages/container/container.go
@@ -158,8 +158,9 @@ func Authenticate(ctx *context.Context) {
 
 	// If there's an API scope, ensure it propagates.
 	scope := ctx.Authentication.Scope().ValueOrZeroValue()
+	exp := ctx.Authentication.ExpiresAt()
 
-	token, err := packages_service.CreateAuthorizationToken(u, scope)
+	token, err := packages_service.CreateAuthorizationToken(u, scope, exp)
 	if err != nil {
 		apiError(ctx, http.StatusInternalServerError, err)
 		return
diff --git a/services/auth/interface.go b/services/auth/interface.go
index a5ed33a79b..ca0bb661ba 100644
--- a/services/auth/interface.go
+++ b/services/auth/interface.go
@@ -11,6 +11,7 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/session"
+	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/web/middleware"
 	"forgejo.org/services/authz"
 )
@@ -104,6 +105,10 @@ type AuthenticationResult interface {
 	// If authenticated as an Actions task (using ${{ forgejo.token }}), then indicates the specific task that performed
 	// the authentication.
 	ActionsTaskID() optional.Option[int64]
+
+	// If the authentication method used has a limited time validity, such as a JWT with an `exp` claim, that expiry
+	// time can be accessed through this method.  Otherwise, returns None.
+	ExpiresAt() optional.Option[timeutil.TimeStamp]
 }
 
 type BaseAuthenticationResult struct{}
@@ -132,6 +137,10 @@ func (*BaseAuthenticationResult) Scope() optional.Option[auth_model.AccessTokenS
 	return optional.None[auth_model.AccessTokenScope]()
 }
 
+func (*BaseAuthenticationResult) ExpiresAt() optional.Option[timeutil.TimeStamp] {
+	return optional.None[timeutil.TimeStamp]()
+}
+
 type UnauthenticatedResult struct {
 	*BaseAuthenticationResult
 }
diff --git a/services/auth/method/auth_result_authorized_integration.go b/services/auth/method/auth_result_authorized_integration.go
index 55efa95d18..aed06e76a3 100644
--- a/services/auth/method/auth_result_authorized_integration.go
+++ b/services/auth/method/auth_result_authorized_integration.go
@@ -7,6 +7,7 @@ import (
 	auth_model "forgejo.org/models/auth"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/optional"
+	"forgejo.org/modules/timeutil"
 	"forgejo.org/services/auth"
 	"forgejo.org/services/authz"
 )
@@ -15,9 +16,10 @@ var _ auth.AuthenticationResult = &authorizedIntegrationAuthenticationResult{}
 
 type authorizedIntegrationAuthenticationResult struct {
 	*auth.BaseAuthenticationResult
-	user    *user_model.User
-	scope   auth_model.AccessTokenScope
-	reducer authz.AuthorizationReducer
+	user      *user_model.User
+	scope     auth_model.AccessTokenScope
+	reducer   authz.AuthorizationReducer
+	expiresAt optional.Option[timeutil.TimeStamp]
 }
 
 func (r *authorizedIntegrationAuthenticationResult) User() *user_model.User {
@@ -31,3 +33,7 @@ func (r *authorizedIntegrationAuthenticationResult) Scope() optional.Option[auth
 func (r *authorizedIntegrationAuthenticationResult) Reducer() authz.AuthorizationReducer {
 	return r.reducer
 }
+
+func (r *authorizedIntegrationAuthenticationResult) ExpiresAt() optional.Option[timeutil.TimeStamp] {
+	return r.expiresAt
+}
diff --git a/services/auth/method/authorized_integration.go b/services/auth/method/authorized_integration.go
index f908780e09..368e1fe036 100644
--- a/services/auth/method/authorized_integration.go
+++ b/services/auth/method/authorized_integration.go
@@ -22,8 +22,10 @@ import (
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/jwtx"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/proxy"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/timeutil"
 	"forgejo.org/modules/util"
 	"forgejo.org/services/auth"
 	"forgejo.org/services/authz"
@@ -212,11 +214,19 @@ func (a *AuthorizedIntegration) Verify(req *http.Request, w http.ResponseWriter,
 		return &auth.AuthenticationError{Error: fmt.Errorf("authorized integration GetAuthorizationReducerForAuthorizedIntegration: %w", err)}
 	}
 
+	var optionalExp optional.Option[timeutil.TimeStamp]
+	if exp, err := parsedToken.Claims.GetExpirationTime(); err != nil {
+		return &auth.AuthenticationError{Error: fmt.Errorf("authorized integration GetExpirationTime: %w", err)}
+	} else if exp != nil {
+		optionalExp = optional.Some(timeutil.TimeStamp(exp.Unix()))
+	}
+
 	return &auth.AuthenticationSuccess{
 		Result: &authorizedIntegrationAuthenticationResult{
-			user:    u,
-			scope:   authorizedIntegration.Scope,
-			reducer: reducer,
+			user:      u,
+			scope:     authorizedIntegration.Scope,
+			reducer:   reducer,
+			expiresAt: optionalExp,
 		},
 	}
 }
diff --git a/services/auth/method/authorized_integration_test.go b/services/auth/method/authorized_integration_test.go
index 28524b7a6c..16b09ae9ad 100644
--- a/services/auth/method/authorized_integration_test.go
+++ b/services/auth/method/authorized_integration_test.go
@@ -19,6 +19,7 @@ import (
 	"forgejo.org/modules/jwtx"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
+	"forgejo.org/modules/timeutil"
 	"forgejo.org/services/auth"
 
 	mc "code.forgejo.org/go-chi/cache"
@@ -255,6 +256,8 @@ func TestAuthorizedIntegration(t *testing.T) {
 		assert.True(t, hasScope)
 		assert.Equal(t, auth_model.AccessTokenScopeAll, scope)
 		assert.NotNil(t, res.Reducer())
+		hasExpiry, _ := res.ExpiresAt().Get()
+		assert.False(t, hasExpiry)
 	})
 
 	t.Run("valid Basic JWT", func(t *testing.T) {
@@ -280,14 +283,30 @@ func TestAuthorizedIntegration(t *testing.T) {
 	})
 
 	t.Run("JWT expiry", func(t *testing.T) {
-		ait := newAITester(t,
-			claimTweak(func(rc *flexibleClaims) {
-				rc.ExpiresAt = jwt.NewNumericDate(time.Date(2026, time.January, 1, 12, 0, 0, 0, time.Local))
-			}))
-		defer ait.close()
-		output := ait.bearerRequest()
-		err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
-		require.ErrorContains(t, err, "token is expired")
+		t.Run("JWT expired", func(t *testing.T) {
+			ait := newAITester(t,
+				claimTweak(func(rc *flexibleClaims) {
+					rc.ExpiresAt = jwt.NewNumericDate(time.Date(2026, time.January, 1, 12, 0, 0, 0, time.Local))
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "token is expired")
+		})
+
+		t.Run("JWT will expire", func(t *testing.T) {
+			ait := newAITester(t,
+				claimTweak(func(rc *flexibleClaims) {
+					rc.ExpiresAt = jwt.NewNumericDate(time.Date(2026, time.January, 1, 20, 0, 0, 0, time.UTC))
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			success := requireOutput[*auth.AuthenticationSuccess](t, output)
+			res := success.Result
+			hasExpiry, expiry := res.ExpiresAt().Get()
+			assert.True(t, hasExpiry)
+			assert.Equal(t, timeutil.TimeStamp(1767297600), expiry)
+		})
 	})
 
 	t.Run("JWT issued at", func(t *testing.T) {
diff --git a/services/packages/auth.go b/services/packages/auth.go
index 205125cf8b..9b5ee9f627 100644
--- a/services/packages/auth.go
+++ b/services/packages/auth.go
@@ -13,7 +13,9 @@ import (
 	auth_model "forgejo.org/models/auth"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
+	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
+	"forgejo.org/modules/timeutil"
 
 	"github.com/golang-jwt/jwt/v5"
 )
@@ -24,12 +26,19 @@ type packageClaims struct {
 	Scope  auth_model.AccessTokenScope
 }
 
-func CreateAuthorizationToken(u *user_model.User, scope auth_model.AccessTokenScope) (string, error) {
+func CreateAuthorizationToken(u *user_model.User, scope auth_model.AccessTokenScope, maxExpiry optional.Option[timeutil.TimeStamp]) (string, error) {
 	now := time.Now()
 
+	// Don't allow package registry authentication to create a credential that exceeds the lifetime of whatever
+	// credential was used to authenticate; cap it at the incoming credential's expiry.
+	expiry := now.Add(24 * time.Hour)
+	if has, maxExp := maxExpiry.Get(); has && expiry.Unix() > maxExp.AsTime().Unix() {
+		expiry = maxExp.AsTime()
+	}
+
 	claims := packageClaims{
 		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: jwt.NewNumericDate(now.Add(24 * time.Hour)),
+			ExpiresAt: jwt.NewNumericDate(expiry),
 			NotBefore: jwt.NewNumericDate(now),
 		},
 		UserID: u.ID,
diff --git a/tests/integration/api_packages_conan_test.go b/tests/integration/api_packages_conan_test.go
index 0e4e4a75e3..4184762e71 100644
--- a/tests/integration/api_packages_conan_test.go
+++ b/tests/integration/api_packages_conan_test.go
@@ -563,6 +563,45 @@ func TestPackageConan(t *testing.T) {
 			})
 		})
 
+		t.Run("Authorized Integration Authentication", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			testCase := func(t *testing.T, scope auth_model.AccessTokenScope, expectedStatusCode int) {
+				t.Helper()
+
+				ait := newAITester(t, func(ai *auth_model.AuthorizedIntegration) {
+					ai.Scope = scope
+				})
+				defer ait.close()
+				token := ait.signedJWT()
+
+				req := NewRequest(t, "GET", fmt.Sprintf("%s/v2/users/authenticate", url)).
+					AddTokenAuth(token)
+				resp := MakeRequest(t, req, http.StatusOK)
+
+				body := resp.Body.String()
+				assert.NotEmpty(t, body)
+
+				recipeURL := fmt.Sprintf("%s/v2/conans/%s/%s/%s/%s/revisions/%s", url, "TestScope", version1, "testing", channel1, revision1)
+
+				req = NewRequestWithBody(t, "PUT", fmt.Sprintf("%s/files/%s", recipeURL, conanfileName), strings.NewReader("Doesn't need to be valid")).
+					AddTokenAuth("Bearer " + body)
+				MakeRequest(t, req, expectedStatusCode)
+			}
+
+			t.Run("Read permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeReadPackage, http.StatusUnauthorized)
+			})
+
+			t.Run("Write permission", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+
+				testCase(t, auth_model.AccessTokenScopeWritePackage, http.StatusCreated)
+			})
+		})
+
 		t.Run("Authenticate", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go
index 70e3f40d6c..550436990a 100644
--- a/tests/integration/api_packages_container_test.go
+++ b/tests/integration/api_packages_container_test.go
@@ -198,6 +198,28 @@ func TestPackageContainer(t *testing.T) {
 
 			assert.Empty(t, resp.Header().Get("WWW-Authenticate"))
 		})
+
+		t.Run("Basic authentication w/ Authorized Integration", func(t *testing.T) {
+			ait := newAITester(t, func(ai *auth_model.AuthorizedIntegration) {
+				ai.Scope = auth_model.AccessTokenScopeReadPackage
+			})
+			defer ait.close()
+			token := ait.signedJWT()
+
+			req := NewRequest(t, "GET", fmt.Sprintf("%sv2/token", setting.AppURL))
+			req.SetBasicAuth(user.Name, token)
+
+			resp := MakeRequest(t, req, http.StatusOK)
+
+			tokenResponse := &TokenResponse{}
+			DecodeJSON(t, resp, &tokenResponse)
+
+			assert.NotEmpty(t, tokenResponse.Token)
+
+			req = NewRequest(t, "GET", fmt.Sprintf("%sv2", setting.AppURL)).
+				AddTokenAuth(fmt.Sprintf("Bearer %s", tokenResponse.Token))
+			MakeRequest(t, req, http.StatusOK)
+		})
 	})
 
 	t.Run("DetermineSupport", func(t *testing.T) {
diff --git a/tests/integration/api_packages_test.go b/tests/integration/api_packages_test.go
index e79f977c86..904ae4f065 100644
--- a/tests/integration/api_packages_test.go
+++ b/tests/integration/api_packages_test.go
@@ -417,9 +417,44 @@ func TestPackageAccess(t *testing.T) {
 			{limitedOrgNoMember, http.StatusOK},
 			{publicOrgNoMember, http.StatusOK},
 		} {
-			req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s", target.Owner.Name)).
-				AddTokenAuth(tokenReadPackage)
-			MakeRequest(t, req, target.ExpectedStatus)
+			t.Run(target.Owner.Name, func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s", target.Owner.Name)).
+					AddTokenAuth(tokenReadPackage)
+				MakeRequest(t, req, target.ExpectedStatus)
+			})
+		}
+	})
+
+	t.Run("Authorized Integration", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		ait := newAITester(t, func(ai *auth_model.AuthorizedIntegration) {
+			ai.Scope = auth_model.AccessTokenScopeReadPackage
+			ai.UserID = user.ID
+		})
+		defer ait.close()
+		token := ait.signedJWT()
+
+		for _, target := range []Target{
+			{admin, http.StatusOK},
+			{inactive, http.StatusOK},
+			{user, http.StatusOK},
+			{limitedUser, http.StatusOK},
+			{privateUser, http.StatusForbidden},
+			{privateOrgMember, http.StatusOK},
+			{limitedOrgMember, http.StatusOK},
+			{publicOrgMember, http.StatusOK},
+			{privateOrgNoMember, http.StatusForbidden},
+			{limitedOrgNoMember, http.StatusOK},
+			{publicOrgNoMember, http.StatusOK},
+		} {
+			t.Run(target.Owner.Name, func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/packages/%s", target.Owner.Name)).
+					AddTokenAuth(token)
+				MakeRequest(t, req, target.ExpectedStatus)
+			})
 		}
 	})
 }

From bc7c8e3c845de4e789d6dfe0285889dbd3e6fc11 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 29 Apr 2026 19:49:55 +0200
Subject: [PATCH 758/854] fix: markdown rendering panic when code blocks do not
 have languages (#12325)

When attempting to render a markdown code block that does not have a language set in it, Forgejo will fail to render and log an error:
```
2026/04/29 08:47:47 ...markdown/markdown.go:162:func1() [W] Unable to render markdown due to panic in goldmark: runtime error: invalid memory address or nil pointer dereference
```

This is a regression introduced by #12056.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.
    - pre-release regression

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12325
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 modules/markup/markdown/markdown_test.go            | 8 ++++++++
 modules/markup/markdown/transform_codeblock_lang.go | 3 +++
 2 files changed, 11 insertions(+)

diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go
index fc4a515f72..1f75799900 100644
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@@ -1511,4 +1511,12 @@ func TestCodeblockLanguageStripping(t *testing.T) {
 			"```",
 		`<pre class="code-block"><code class="chroma language-rust display"><span class="k">fn</span> <span class="nf">main</span><span class="p">()</span><span class="w"> </span><span class="p">{}</span><span class="w">
 </span></code></pre>`)
+
+	// No language identifier
+	test(
+		"```\n"+
+			"fn main() {}\n"+
+			"```",
+		`<pre class="code-block"><code class="chroma language-text display">fn main() {}
+</code></pre>`)
 }
diff --git a/modules/markup/markdown/transform_codeblock_lang.go b/modules/markup/markdown/transform_codeblock_lang.go
index 2c90373c4e..5263ec4ffc 100644
--- a/modules/markup/markdown/transform_codeblock_lang.go
+++ b/modules/markup/markdown/transform_codeblock_lang.go
@@ -11,6 +11,9 @@ import (
 )
 
 func (g *ASTTransformer) transformCodeblockLanguage(v *ast.FencedCodeBlock, reader text.Reader) {
+	if v.Info == nil {
+		return
+	}
 	src := reader.Source()
 	info := v.Info.Segment.Value(src)
 	// Strip language after commas

From 32c9bbee082645d4cf717d0f1e01776373aee683 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 30 Apr 2026 03:05:44 +0200
Subject: [PATCH 759/854] Update data.forgejo.org/forgejo/forgejo Docker tag to
 v11.0.13 (forgejo) (#12336)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12336
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 723af018c4..dca71823b8 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -2,7 +2,7 @@ name: Integration tests for the release process
 enable-email-notifications: true
 
 env:
-  FORGEJO_VERSION: 11.0.12 # renovate: datasource=docker depName=data.forgejo.org/forgejo/forgejo
+  FORGEJO_VERSION: 11.0.13 # renovate: datasource=docker depName=data.forgejo.org/forgejo/forgejo
 
 on:
   push:

From fd0a2086b0a0ffc7539fbaa46b5f7682ef94d482 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 30 Apr 2026 03:31:02 +0200
Subject: [PATCH 760/854] Update dependency postcss to v8.5.12 (forgejo)
 (#12337)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12337
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index aecd83767d..a6a5d2941e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -59,7 +59,7 @@
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.5",
         "pdfobject": "2.3.0",
-        "postcss": "8.5.10",
+        "postcss": "8.5.12",
         "postcss-loader": "8.2.1",
         "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
@@ -12965,9 +12965,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.5.10",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.10.tgz",
-      "integrity": "sha512-pMMHxBOZKFU6HgAZ4eyGnwXF/EvPGGqUr0MnZ5+99485wwW41kW91A4LOGxSHhgugZmSChL5AlElNdwlNgcnLQ==",
+      "version": "8.5.12",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz",
+      "integrity": "sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==",
       "funding": [
         {
           "type": "opencollective",
diff --git a/package.json b/package.json
index 74114e03f4..1dcd4f24a5 100644
--- a/package.json
+++ b/package.json
@@ -58,7 +58,7 @@
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.5",
     "pdfobject": "2.3.0",
-    "postcss": "8.5.10",
+    "postcss": "8.5.12",
     "postcss-loader": "8.2.1",
     "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",

From 5c05973994b025575139827eb81baa2dec98be33 Mon Sep 17 00:00:00 2001
From: Beowulf <beowulf@beocode.eu>
Date: Thu, 30 Apr 2026 09:26:41 +0200
Subject: [PATCH 761/854] chore: no longer run renovate on v14 branch [skip ci]
 (#11975)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11975
Reviewed-by: limiting-factor <limiting-factor@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 .forgejo/renovate.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.forgejo/renovate.json b/.forgejo/renovate.json
index ee6b7212ce..765319324b 100644
--- a/.forgejo/renovate.json
+++ b/.forgejo/renovate.json
@@ -9,7 +9,6 @@
   "baseBranchPatterns": [
     "$default",
     "/^v11\\.\\d+/forgejo$/",
-    "/^v14\\.\\d+/forgejo$/",
     "/^v15\\.\\d+/forgejo$/"
   ],
   "postUpdateOptions": ["gomodTidy", "gomodUpdateImportPaths", "npmDedupe"],

From 81c46e4a7c6fa132c7094119fc08467a28d475e9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 30 Apr 2026 16:36:00 +0200
Subject: [PATCH 762/854] Update module github.com/mattn/go-sqlite3 to v1.14.44
 (forgejo) (#12340)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) | `v1.14.42` → `v1.14.44` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fmattn%2fgo-sqlite3/v1.14.44?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fmattn%2fgo-sqlite3/v1.14.42/v1.14.44?slim=true) |

---

### Release Notes

<details>
<summary>mattn/go-sqlite3 (github.com/mattn/go-sqlite3)</summary>

### [`v1.14.44`](https://github.com/mattn/go-sqlite3/compare/v1.14.43...v1.14.44)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.43...v1.14.44)

### [`v1.14.43`](https://github.com/mattn/go-sqlite3/compare/v1.14.42...v1.14.43)

[Compare Source](https://github.com/mattn/go-sqlite3/compare/v1.14.42...v1.14.43)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS42IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12340
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f228f4bc1d..e387ee28c8 100644
--- a/go.mod
+++ b/go.mod
@@ -75,7 +75,7 @@ require (
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.82.0
 	github.com/mattn/go-isatty v0.0.21
-	github.com/mattn/go-sqlite3 v1.14.42
+	github.com/mattn/go-sqlite3 v1.14.44
 	github.com/meilisearch/meilisearch-go v0.36.0
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
diff --git a/go.sum b/go.sum
index c88371b4f5..119648c89b 100644
--- a/go.sum
+++ b/go.sum
@@ -517,8 +517,8 @@ github.com/mattn/go-runewidth v0.0.17 h1:78v8ZlW0bP43XfmAfPsdXcoNCelfMHsDmd/pkEN
 github.com/mattn/go-runewidth v0.0.17/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
-github.com/mattn/go-sqlite3 v1.14.42 h1:MigqEP4ZmHw3aIdIT7T+9TLa90Z6smwcthx+Azv4Cgo=
-github.com/mattn/go-sqlite3 v1.14.42/go.mod h1:pjEuOr8IwzLJP2MfGeTb0A35jauH+C2kbHKBr7yXKVQ=
+github.com/mattn/go-sqlite3 v1.14.44 h1:3VSe+xafpbzsLbdr2AWlAZk9yRHiBhTBakioXaCKTF8=
+github.com/mattn/go-sqlite3 v1.14.44/go.mod h1:pjEuOr8IwzLJP2MfGeTb0A35jauH+C2kbHKBr7yXKVQ=
 github.com/meilisearch/meilisearch-go v0.36.0 h1:N1etykTektXt5KPcSbhBO0d5Xx5NaKj4pJWEM7WA5dI=
 github.com/meilisearch/meilisearch-go v0.36.0/go.mod h1:HBfHzKMxcSbTOvqdfuRA/yf6Vk9IivcwKocWRuW7W78=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=

From 25e7a0b91b5feb8fe2491d1cfbd280ed93521bab Mon Sep 17 00:00:00 2001
From: Zachary Spector <public@zacharyspector.com>
Date: Thu, 30 Apr 2026 16:58:28 +0200
Subject: [PATCH 763/854] feat: support simple JSON API for PyPI package
 registry (#12095)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR extends Forĝejo's PyPI package index to support [the simple JSON repository API](https://packaging.python.org/en/latest/specifications/simple-repository-api/#json-serialization). Since the existing implementation was for the HTML serialization of the same simple API, no new endpoint has been added. Instead, Forĝejo chooses between serialization schemes based on the "Accept" header in the request. This, together with CORS, will make Forĝejo compatible with [micropip](https://github.com/pyodide/micropip).

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12095): <!--number 12095 --><!--line 0 --><!--description SG9zdGVkIFB5UEkgcGFja2FnZXMgbWF5IGJlIGFjY2Vzc2VkIHZpYSB0aGUgW3NpbXBsZSBKU09OIEFQSV0oaHR0cHM6Ly9wYWNrYWdpbmcucHl0aG9uLm9yZy9lbi9sYXRlc3Qvc3BlY2lmaWNhdGlvbnMvc2ltcGxlLXJlcG9zaXRvcnktYXBpLyNqc29uLXNlcmlhbGl6YXRpb24pIGluIGFkZGl0aW9uIHRvIHRoZSBzaW1wbGUgSFRNTCBBUEkgYWxyZWFkeSBhdmFpbGFibGUu-->Hosted PyPI packages may be accessed via the [simple JSON API](https://packaging.python.org/en/latest/specifications/simple-repository-api/#json-serialization) in addition to the simple HTML API already available.<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12095
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 modules/packages/pypi/metadata.go           | 23 ++++++
 release-notes/12095.md                      |  1 +
 routers/api/packages/pypi/pypi.go           | 86 ++++++++++++++++++++-
 tests/integration/api_packages_pypi_test.go | 28 ++++++-
 4 files changed, 133 insertions(+), 5 deletions(-)
 create mode 100644 release-notes/12095.md

diff --git a/modules/packages/pypi/metadata.go b/modules/packages/pypi/metadata.go
index 125728c4f1..0aa90aeca5 100644
--- a/modules/packages/pypi/metadata.go
+++ b/modules/packages/pypi/metadata.go
@@ -13,3 +13,26 @@ type Metadata struct {
 	License         string `json:"license,omitempty"`
 	RequiresPython  string `json:"requires_python,omitempty"`
 }
+
+type FileHashesJSON struct {
+	SHA256 string `json:"sha256"`
+}
+
+type FileJSON struct {
+	Filename       string         `json:"filename"`
+	URL            string         `json:"url"`
+	Hashes         FileHashesJSON `json:"hashes"`
+	RequiresPython string         `json:"requires-python"`
+	Size           int64          `json:"size"`
+}
+
+type PackageMetaJSON struct {
+	APIVersion string `json:"api-version"`
+}
+
+type PackageJSON struct {
+	Name     string          `json:"name"`
+	Meta     PackageMetaJSON `json:"meta"`
+	Versions []string        `json:"versions"`
+	Files    []FileJSON      `json:"files"`
+}
diff --git a/release-notes/12095.md b/release-notes/12095.md
new file mode 100644
index 0000000000..3930b07f46
--- /dev/null
+++ b/release-notes/12095.md
@@ -0,0 +1 @@
+Hosted PyPI packages may be accessed via the [simple JSON API](https://packaging.python.org/en/latest/specifications/simple-repository-api/#json-serialization) in addition to the simple HTML API already available.
diff --git a/routers/api/packages/pypi/pypi.go b/routers/api/packages/pypi/pypi.go
index 360632570e..5d8bf5d45f 100644
--- a/routers/api/packages/pypi/pypi.go
+++ b/routers/api/packages/pypi/pypi.go
@@ -8,11 +8,14 @@ import (
 	"io"
 	"net/http"
 	"regexp"
+	"slices"
 	"sort"
 	"strings"
 	"unicode"
 
 	packages_model "forgejo.org/models/packages"
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/log"
 	packages_module "forgejo.org/modules/packages"
 	pypi_module "forgejo.org/modules/packages/pypi"
 	"forgejo.org/modules/setting"
@@ -44,8 +47,14 @@ func apiError(ctx *context.Context, status int, obj any) {
 	})
 }
 
-// PackageMetadata returns the metadata for a single package
-func PackageMetadata(ctx *context.Context) {
+func contentTypeSupported(ctyps []string, v string) bool {
+	return slices.ContainsFunc(ctyps, func(ctyp string) bool {
+		return strings.HasPrefix(ctyp, v)
+	})
+}
+
+// HTMLPackageMetadata returns the metadata for a single package in Simple HTML per PEP691
+func HTMLPackageMetadata(ctx *context.Context) {
 	packageName := normalizer.Replace(ctx.Params("id"))
 
 	pvs, err := packages_model.GetVersionsByPackageName(ctx, ctx.Package.Owner.ID, packages_model.TypePyPI, packageName)
@@ -72,9 +81,82 @@ func PackageMetadata(ctx *context.Context) {
 	ctx.Data["RegistryURL"] = setting.AppURL + "api/packages/" + ctx.Package.Owner.Name + "/pypi"
 	ctx.Data["PackageDescriptor"] = pds[0]
 	ctx.Data["PackageDescriptors"] = pds
+	// Content-Type headers need to be in this order for the page to show in the browser
+	ctx.Resp.Header().Set("Content-Type", "application/vnd.pypi.simple.v1+html")
+	ctx.Resp.Header().Add("Content-Type", "text/html")
 	ctx.HTML(http.StatusOK, "api/packages/pypi/simple")
 }
 
+// JSONPackageMetadata returns the metadata for a single package in Simple JSON per PEP691
+func JSONPackageMetadata(ctx *context.Context) {
+	packageName := normalizer.Replace(ctx.Params("id"))
+
+	pvs, err := packages_model.GetVersionsByPackageName(ctx, ctx.Package.Owner.ID, packages_model.TypePyPI, packageName)
+	if err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+	if len(pvs) == 0 {
+		apiError(ctx, http.StatusNotFound, err)
+		return
+	}
+
+	pds, err := packages_model.GetPackageDescriptors(ctx, pvs)
+	if err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+
+	// sort package descriptors by version to mimic PyPI format
+	slices.SortFunc(pds, func(a, b *packages_model.PackageDescriptor) int {
+		return strings.Compare(a.Version.Version, b.Version.Version)
+	})
+	registryURL := setting.AppURL + "api/packages/" + ctx.Package.Owner.Name + "/pypi"
+	versions := make([]string, len(pvs))
+	for i, pv := range pvs {
+		versions[i] = pv.Version
+	}
+	var fileCounter int
+	for _, pd := range pds {
+		fileCounter += len(pd.Files)
+	}
+	files := make([]pypi_module.FileJSON, fileCounter)
+	var i int
+	for _, pd := range pds {
+		for _, file := range pd.Files {
+			files[i] = pypi_module.FileJSON{
+				Filename:       file.File.Name,
+				URL:            registryURL + "/files/" + pd.Package.LowerName + "/" + pd.Version.Version + "/" + file.File.Name,
+				RequiresPython: pd.Metadata.(*pypi_module.Metadata).RequiresPython,
+				Hashes:         pypi_module.FileHashesJSON{SHA256: file.Blob.HashSHA256},
+				Size:           file.Blob.Size,
+			}
+			i++
+		}
+	}
+	content := pypi_module.PackageJSON{
+		Name:     pds[0].Package.Name,
+		Meta:     pypi_module.PackageMetaJSON{APIVersion: "1.4"},
+		Versions: versions,
+		Files:    files,
+	}
+	ctx.Resp.Header().Set("Content-Type", "application/vnd.pypi.simple.v1+json")
+	ctx.Resp.Header().Add("Content-Type", "application/json")
+	if err := json.NewEncoder(ctx.Resp).Encode(content); err != nil {
+		log.Error("Render JSON failed: %v", err)
+		apiError(ctx, http.StatusInternalServerError, err)
+	}
+}
+
+func PackageMetadata(ctx *context.Context) {
+	ctyp := ctx.Req.Header["Accept"]
+	if contentTypeSupported(ctyp, "application/vnd.pypi.simple.v1+json") {
+		JSONPackageMetadata(ctx)
+	} else {
+		HTMLPackageMetadata(ctx)
+	}
+}
+
 // DownloadPackageFile serves the content of a package
 func DownloadPackageFile(ctx *context.Context) {
 	packageName := normalizer.Replace(ctx.Params("id"))
diff --git a/tests/integration/api_packages_pypi_test.go b/tests/integration/api_packages_pypi_test.go
index f025f8e577..45aa41c573 100644
--- a/tests/integration/api_packages_pypi_test.go
+++ b/tests/integration/api_packages_pypi_test.go
@@ -17,6 +17,7 @@ import (
 	"forgejo.org/models/packages"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/json"
 	"forgejo.org/modules/packages/pypi"
 	"forgejo.org/tests"
 
@@ -211,19 +212,20 @@ func TestPackagePyPI(t *testing.T) {
 		assert.Equal(t, int64(2), pvs[0].DownloadCount)
 	})
 
-	t.Run("PackageMetadata", func(t *testing.T) {
+	hrefMatcher := regexp.MustCompile(fmt.Sprintf(`%s/files/%s/%s/test\..+#sha256=%s`, root, regexp.QuoteMeta(packageName), regexp.QuoteMeta(packageVersion), hashSHA256))
+
+	t.Run("PackageMetadataHTML", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 
 		req := NewRequest(t, "GET", fmt.Sprintf("%s/simple/%s", root, packageName)).
 			AddBasicAuth(user.Name)
+		req.Header["Accept"] = []string{"application/vnd.pypi.simple.v1+html"}
 		resp := MakeRequest(t, req, http.StatusOK)
 
 		htmlDoc := NewHTMLParser(t, resp.Body)
 		nodes := htmlDoc.doc.Find("a").Nodes
 		assert.Len(t, nodes, 2)
 
-		hrefMatcher := regexp.MustCompile(fmt.Sprintf(`%s/files/%s/%s/test\..+#sha256=%s`, root, regexp.QuoteMeta(packageName), regexp.QuoteMeta(packageVersion), hashSHA256))
-
 		for _, a := range nodes {
 			for _, att := range a.Attr {
 				switch att.Key {
@@ -237,4 +239,24 @@ func TestPackagePyPI(t *testing.T) {
 			}
 		}
 	})
+
+	t.Run("PackageMetadataJSON", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		req := NewRequest(t, "GET", fmt.Sprintf("%s/simple/%s", root, packageName)).
+			AddBasicAuth(user.Name)
+		req.Header["Accept"] = []string{"application/vnd.pypi.simple.v1+json"}
+		resp := MakeRequest(t, req, http.StatusOK)
+		assert.Greater(t, resp.Body.Len(), 3)
+		txt := make([]byte, resp.Body.Len())
+		resp.Body.Read(txt)
+		var obj pypi.PackageJSON
+		require.NoError(t, json.Unmarshal(txt, &obj))
+		assert.Equal(t, packageName, obj.Name)
+		assert.Equal(t, pypi.PackageMetaJSON{APIVersion: "1.4"}, obj.Meta)
+		for _, filed := range obj.Files {
+			hrefMatcher = regexp.MustCompile(fmt.Sprintf(`%s/files/%s/%s/test\.(tar\.gz)|(whl)`, root, regexp.QuoteMeta(packageName), regexp.QuoteMeta(packageVersion)))
+			assert.Regexp(t, hrefMatcher, filed.URL[21:])
+		}
+	})
 }

From 065a3a23f465c93f2f01d03eae32617768e40832 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Thu, 30 Apr 2026 17:29:39 +0200
Subject: [PATCH 764/854] chore: extend length of integration test's
 logUnexpectedResponse (#12348)

I've observed intermittent failures in [`TestAPIAuthWithAuthorizedIntegration`](https://codeberg.org/forgejo/forgejo/actions/runs/156485/jobs/8/attempt/1#jobstep-5-1950):
```
    auth_authorized_integration_test.go:70:
        	Error Trace:	/workspace/forgejo/forgejo/tests/integration/integration_test.go:657
        	            				/workspace/forgejo/forgejo/tests/integration/auth_authorized_integration_test.go:70
        	            				/workspace/forgejo/forgejo/tests/integration/auth_authorized_integration_test.go:117
        	Error:      	Not equal:
        	            	expected: 200
        	            	actual  : 401
        	Test:       	TestAPIAuthWithAuthorizedIntegration/authorization_reducer/specific_repo_access_token
        	Messages:   	Request: GET /api/v1/repos/user2/repo1/compare/master...master
    auth_authorized_integration_test.go:70: Response length:  1801
```

I *suspect* that the cause is time-related errors in the Authorized Integration JWT, but I can't validate this because I can't reproduce the issue in local testing, and the response isn't displayed, and is just "Response length:  1801".  This PR increases the size of responses that the integration tests' `logUnexpectedResponse` will output.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12348
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 tests/integration/integration_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go
index c8bbaa9b2c..a75768bbaa 100644
--- a/tests/integration/integration_test.go
+++ b/tests/integration/integration_test.go
@@ -713,7 +713,7 @@ func logUnexpectedResponse(t testing.TB, recorder *httptest.ResponseRecorder) {
 		}
 
 		return
-	} else if len(respBytes) < 500 {
+	} else if len(respBytes) < 2048 {
 		// if body is short, just log the whole thing
 		t.Log("Response: ", string(respBytes))
 		return

From e0777227d3a2263fc2589edba531dc3b7e06e5df Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 30 Apr 2026 18:14:25 +0200
Subject: [PATCH 765/854] Update module github.com/meilisearch/meilisearch-go
 to v0.36.2 (forgejo) (#12110)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12110
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index e387ee28c8..fbd61df592 100644
--- a/go.mod
+++ b/go.mod
@@ -76,7 +76,7 @@ require (
 	github.com/markbates/goth v1.82.0
 	github.com/mattn/go-isatty v0.0.21
 	github.com/mattn/go-sqlite3 v1.14.44
-	github.com/meilisearch/meilisearch-go v0.36.0
+	github.com/meilisearch/meilisearch-go v0.36.2
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
 	github.com/minio/minio-go/v7 v7.0.99
diff --git a/go.sum b/go.sum
index 119648c89b..2641bb63ff 100644
--- a/go.sum
+++ b/go.sum
@@ -519,8 +519,8 @@ github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebG
 github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.14.44 h1:3VSe+xafpbzsLbdr2AWlAZk9yRHiBhTBakioXaCKTF8=
 github.com/mattn/go-sqlite3 v1.14.44/go.mod h1:pjEuOr8IwzLJP2MfGeTb0A35jauH+C2kbHKBr7yXKVQ=
-github.com/meilisearch/meilisearch-go v0.36.0 h1:N1etykTektXt5KPcSbhBO0d5Xx5NaKj4pJWEM7WA5dI=
-github.com/meilisearch/meilisearch-go v0.36.0/go.mod h1:HBfHzKMxcSbTOvqdfuRA/yf6Vk9IivcwKocWRuW7W78=
+github.com/meilisearch/meilisearch-go v0.36.2 h1:MYaMPCpdLh2aYPt+zK+19mLoA4dfBY3S1L7T0FADCjU=
+github.com/meilisearch/meilisearch-go v0.36.2/go.mod h1:hWcR0MuWLSzHfbz9GGzIr3s9rnXLm1jqkmHkJPbUSvM=
 github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=
 github.com/mholt/acmez/v3 v3.1.2/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
 github.com/mholt/archives v0.1.5 h1:Fh2hl1j7VEhc6DZs2DLMgiBNChUux154a1G+2esNvzQ=

From 68be312467f24fe5ad7d66cb78bbb172a2288baa Mon Sep 17 00:00:00 2001
From: minhn <minh160302@noreply.codeberg.org>
Date: Thu, 30 Apr 2026 18:39:01 +0200
Subject: [PATCH 766/854] fix: `repoGetAllCommits` should allow for the use of
 `limit` with `path` (#11752)

Pass down the `limit` value to use in the `rev-list` command.

Issue: https://codeberg.org/forgejo/forgejo/issues/11405

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11752
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 modules/git/repo_commit.go      |  7 +++++-
 modules/git/repo_commit_test.go | 38 +++++++++++++++++++++++++++++++++
 routers/api/v1/repo/commits.go  |  3 ++-
 templates/swagger/v1_json.tmpl  |  2 +-
 4 files changed, 47 insertions(+), 3 deletions(-)

diff --git a/modules/git/repo_commit.go b/modules/git/repo_commit.go
index 0ebdb0f8a0..99ffac7afb 100644
--- a/modules/git/repo_commit.go
+++ b/modules/git/repo_commit.go
@@ -217,10 +217,15 @@ type CommitsByFileAndRangeOptions struct {
 	File     string
 	Not      string
 	Page     int
+	PageSize int
 }
 
 // CommitsByFileAndRange return the commits according revision file and the page
 func (repo *Repository) CommitsByFileAndRange(opts CommitsByFileAndRangeOptions) ([]*Commit, error) {
+	if opts.PageSize <= 0 {
+		opts.PageSize = setting.Git.CommitsRangeSize
+	}
+
 	skip := (opts.Page - 1) * setting.Git.CommitsRangeSize
 
 	stdoutReader, stdoutWriter := io.Pipe()
@@ -231,7 +236,7 @@ func (repo *Repository) CommitsByFileAndRange(opts CommitsByFileAndRangeOptions)
 	go func() {
 		stderr := strings.Builder{}
 		gitCmd := NewCommand(repo.Ctx, "rev-list").
-			AddOptionFormat("--max-count=%d", setting.Git.CommitsRangeSize).
+			AddOptionFormat("--max-count=%d", opts.PageSize).
 			AddOptionFormat("--skip=%d", skip)
 		gitCmd.AddDynamicArguments(opts.Revision)
 
diff --git a/modules/git/repo_commit_test.go b/modules/git/repo_commit_test.go
index 99cde92300..401848a975 100644
--- a/modules/git/repo_commit_test.go
+++ b/modules/git/repo_commit_test.go
@@ -200,6 +200,44 @@ func TestCommitsByFileAndRange(t *testing.T) {
 	}
 }
 
+func TestCommitsByFileAndRangeWithPageSize(t *testing.T) {
+	bareRepo1Path := filepath.Join(testReposDir, "repo1_bare")
+	bareRepo1, err := openRepositoryWithDefaultContext(bareRepo1Path)
+	require.NoError(t, err)
+	defer bareRepo1.Close()
+	defer test.MockVariableValue(&setting.Git.CommitsRangeSize, 2)()
+
+	testCases := []struct {
+		File                string
+		Page                int
+		PageSize            int
+		ExpectedCommitCount int
+	}{
+		{"file1.txt", 1, 1, 1},
+		{"file2.txt", 1, 1, 1},
+		{"file*.txt", 1, 2, 2},
+		{"file*.txt", 1, 1, 1},
+		{"foo", 1, 2, 2},
+		{"foo", 1, 1, 1},
+		{"foo", 2, 1, 1},
+		{"foo", 3, 0, 0},
+		{"foo", 3, 2, 0},
+		{"f*", 1, 2, 2},
+		{"f*", 2, 2, 2},
+		{"f*", 3, 1, 1},
+	}
+	for _, testCase := range testCases {
+		commits, err := bareRepo1.CommitsByFileAndRange(CommitsByFileAndRangeOptions{
+			Revision: "master",
+			File:     testCase.File,
+			Page:     testCase.Page,
+			PageSize: testCase.PageSize,
+		})
+		require.NoError(t, err)
+		assert.Len(t, commits, testCase.ExpectedCommitCount, "file: '%s', page: %d", testCase.File, testCase.Page)
+	}
+}
+
 func TestGetCommitsFromIDs(t *testing.T) {
 	bareRepo1, err := openRepositoryWithDefaultContext(filepath.Join(testReposDir, "repo1_bare"))
 	require.NoError(t, err)
diff --git a/routers/api/v1/repo/commits.go b/routers/api/v1/repo/commits.go
index 4221e59f17..4d89eb182d 100644
--- a/routers/api/v1/repo/commits.go
+++ b/routers/api/v1/repo/commits.go
@@ -135,7 +135,7 @@ func GetAllCommits(ctx *context.APIContext) {
 	//   type: integer
 	// - name: limit
 	//   in: query
-	//   description: page size of results (ignored if used with 'path')
+	//   description: page size of results
 	//   type: integer
 	// - name: not
 	//   in: query
@@ -244,6 +244,7 @@ func GetAllCommits(ctx *context.APIContext) {
 				File:     path,
 				Not:      not,
 				Page:     listOptions.Page,
+				PageSize: listOptions.PageSize,
 			})
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, "CommitsByFileAndRange", err)
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index e74f0039a6..45159b7c71 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -7734,7 +7734,7 @@
           },
           {
             "type": "integer",
-            "description": "page size of results (ignored if used with 'path')",
+            "description": "page size of results",
             "name": "limit",
             "in": "query"
           },

From cc60e3d69364768007417d84e00756a74539ec60 Mon Sep 17 00:00:00 2001
From: jvoisin <jvoisin@noreply.codeberg.org>
Date: Thu, 30 Apr 2026 19:24:13 +0200
Subject: [PATCH 767/854] fix(oauth): only accept refresh tokens as refresh
 tokens (#12291)

`handleRefreshToken` never checked `token.Type == TypeRefreshToken`. When
`InvalidateRefreshTokens` is disabled, an access token could be submitted as a
`refresh_token` and exchanged for a new token pair.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Co-authored-by: jvoisin <julien.voisin@dustri.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12291
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 routers/web/auth/oauth.go       | 10 ++++++++++
 tests/integration/oauth_test.go | 12 ++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 6335f2ecc0..914e181259 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -783,6 +783,16 @@ func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, server
 		})
 		return
 	}
+
+	// Reject tokens that are not refresh tokens (e.g. access tokens submitted as refresh tokens)
+	if token.Type != oauth2.TypeRefreshToken {
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
+			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
+			ErrorDescription: "token is not a refresh token",
+		})
+		return
+	}
+
 	// get grant before increasing counter
 	grant, err := auth.GetOAuth2GrantByID(ctx, token.GrantID)
 	if err != nil || grant == nil {
diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go
index 27c66f0e5a..3f14324cf7 100644
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -455,6 +455,18 @@ func TestRefreshTokenInvalidation(t *testing.T) {
 	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
 	assert.Equal(t, "unable to parse refresh token", parsedError.ErrorDescription)
 
+	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+		"grant_type":    "refresh_token",
+		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
+		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+		"redirect_uri":  "a",
+		"refresh_token": parsed.AccessToken,
+	})
+	resp = MakeRequest(t, req, http.StatusBadRequest)
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
+	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
+	assert.Equal(t, "token is not a refresh token", parsedError.ErrorDescription)
+
 	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
 		"grant_type":    "refresh_token",
 		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",

From 3e74c5224f6cec8cc8ef456509341254f41e458e Mon Sep 17 00:00:00 2001
From: UweKrause <uwekrause@noreply.codeberg.org>
Date: Fri, 1 May 2026 00:20:15 +0200
Subject: [PATCH 768/854] chore: rename devcontainer name (#12356)

I had some trouble getting the devcontainer run. I use docker buildx / BuildKit.
Error was: `docker buildx build failed: ERROR: failed to build: invalid tag "gitea_-5cc3cd41d1b58674-features": invalid reference format`.

I renamed the container to not contain spaces and then it worked.

AI agreement:
I asked Claude code (Sonnet 4.6) to analyze the problem and it told me that buildx/BuildKit seems to check more strict for names.
So it guided me to the solution to rename the container.
I then myself changed the name and verified that the devcontainer starts.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12356
Reviewed-by: limiting-factor <limiting-factor@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 .devcontainer/devcontainer.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 0db96fc73a..46b85ad93d 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,5 +1,5 @@
 {
-  "name": "Gitea DevContainer",
+  "name": "forgejo-dev",
   "image": "mcr.microsoft.com/devcontainers/go:1.26-trixie",
   "features": {
     // installs nodejs into container

From 75cfa31af5d6893f39a3fb59f5001d6edad65c82 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 1 May 2026 01:24:32 +0200
Subject: [PATCH 769/854] fix: set `repo_id` for migrated attachment (#12357)

Was not required until ce0a3767230bf0ed2a16f69fd3eb0afe0dff6168 added extra checks which did require `repo_id` of the attachment to be set correctly.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12357
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 models/repo/release.go      | 1 +
 models/repo/release_test.go | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/models/repo/release.go b/models/repo/release.go
index edd628fa0f..8aa447bda8 100644
--- a/models/repo/release.go
+++ b/models/repo/release.go
@@ -608,6 +608,7 @@ func InsertReleases(ctx context.Context, rels ...*Release) error {
 		if len(rel.Attachments) > 0 {
 			for i := range rel.Attachments {
 				rel.Attachments[i].ReleaseID = rel.ID
+				rel.Attachments[i].RepoID = rel.RepoID
 			}
 
 			if _, err := sess.NoAutoTime().Insert(rel.Attachments); err != nil {
diff --git a/models/repo/release_test.go b/models/repo/release_test.go
index 69f9333589..940de757c7 100644
--- a/models/repo/release_test.go
+++ b/models/repo/release_test.go
@@ -20,11 +20,14 @@ func TestMigrate_InsertReleases(t *testing.T) {
 		UUID: "a0eebc91-9c0c-4ef7-bb6e-6bb9bd380a12",
 	}
 	r := &Release{
+		RepoID:      1001,
 		Attachments: []*Attachment{a},
 	}
 
 	err := InsertReleases(db.DefaultContext, r)
 	require.NoError(t, err)
+
+	assert.EqualValues(t, 1001, unittest.AssertExistsAndLoadBean(t, &Attachment{UUID: "a0eebc91-9c0c-4ef7-bb6e-6bb9bd380a12"}).RepoID)
 }
 
 func TestReleaseLoadRepo(t *testing.T) {

From 254a44b97b40323e71c955cd9d6f561bea55ec90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mauritz=20Sj=C3=B6din?= <mauritz.sjodin@protonmail.com>
Date: Fri, 1 May 2026 01:53:10 +0200
Subject: [PATCH 770/854] feat: show breadcrumb path in path filtered commit
 history view (#12116)

Resolves forgejo/forgejo#8754

Add the breadcrumb path that already exists when browsing directories to the commit history of files/directories.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12116
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 routers/web/repo/commit.go                    | 12 ++++++++++++
 templates/repo/commits.tmpl                   |  1 +
 templates/repo/filepath.tmpl                  | 17 +++++++++++++++++
 templates/repo/home.tmpl                      | 15 +--------------
 tests/integration/repo_commits_search_test.go |  1 +
 tests/integration/repo_commits_test.go        |  1 +
 tests/integration/view_test.go                | 15 +++++++++++----
 7 files changed, 44 insertions(+), 18 deletions(-)
 create mode 100644 templates/repo/filepath.tmpl

diff --git a/routers/web/repo/commit.go b/routers/web/repo/commit.go
index 5b8f35f5b1..082716adbc 100644
--- a/routers/web/repo/commit.go
+++ b/routers/web/repo/commit.go
@@ -45,10 +45,19 @@ const (
 func RefCommits(ctx *context.Context) {
 	switch {
 	case len(ctx.Repo.TreePath) == 0:
+		ctx.Data["TreeNames"] = []string{}
 		Commits(ctx)
 	case ctx.Repo.TreePath == "search":
+		ctx.Data["TreeNames"] = []string{}
 		SearchCommits(ctx)
 	default:
+		treeNames := strings.Split(ctx.Repo.TreePath, "/")
+		paths := make([]string, len(treeNames))
+		for i := range treeNames {
+			paths[i] = strings.Join(treeNames[:i+1], "/")
+		}
+		ctx.Data["TreeNames"] = treeNames
+		ctx.Data["Paths"] = paths
 		FileHistory(ctx)
 	}
 }
@@ -272,6 +281,9 @@ func FileHistory(ctx *context.Context) {
 		}
 	}
 
+	branchLink := ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
+	ctx.Data["BranchLink"] = branchLink
+
 	ctx.Data["Commits"] = git_model.ParseCommitsWithStatus(ctx, commits, ctx.Repo.Repository)
 
 	ctx.Data["Username"] = ctx.Repo.Owner.Name
diff --git a/templates/repo/commits.tmpl b/templates/repo/commits.tmpl
index e6efe1ff54..b9ea9c790a 100644
--- a/templates/repo/commits.tmpl
+++ b/templates/repo/commits.tmpl
@@ -10,6 +10,7 @@
 					{{svg "octicon-git-branch"}}
 					{{ctx.Locale.Tr "repo.commit_graph"}}
 				</a>
+				{{template "repo/filepath" .}}
 			</div>
 		</div>
 		{{template "repo/commits_table" .}}
diff --git a/templates/repo/filepath.tmpl b/templates/repo/filepath.tmpl
new file mode 100644
index 0000000000..6473ffd356
--- /dev/null
+++ b/templates/repo/filepath.tmpl
@@ -0,0 +1,17 @@
+{{$n := len .TreeNames}}
+{{$l := Eval $n "-" 1}}
+{{$showFilePath := (gt $n 0)}}
+{{if $showFilePath}}
+	<span class="breadcrumb repo-path tw-ml-1">
+		<a class="section" href="{{$.BranchLink}}" title="{{.Repository.Name}}">{{StringUtils.EllipsisString .Repository.Name 30}}</a>
+		{{- range $i, $v := .TreeNames -}}
+			<span class="breadcrumb-divider">/</span>
+			{{- if eq $i $l -}}
+				<span class="active section" title="{{$v}}">{{$v}}</span>
+				<button class="btn interact-fg tw-p-2" data-clipboard-text="{{$.TreePath}}" data-tooltip-content="{{ctx.Locale.Tr "copy_path"}}">{{svg "octicon-copy" 14}}</button>
+			{{- else -}}
+				{{$p := index $.Paths $i}}<span class="section"><a href="{{$.BranchLink}}/{{PathEscapeSegments $p}}" title="{{$v}}">{{$v}}</a></span>
+			{{- end -}}
+		{{- end -}}
+	</span>
+{{end}}
diff --git a/templates/repo/home.tmpl b/templates/repo/home.tmpl
index eb27af5d54..601605ba44 100644
--- a/templates/repo/home.tmpl
+++ b/templates/repo/home.tmpl
@@ -102,20 +102,7 @@
 						{{ctx.Locale.Tr "repo.use_template"}}
 					</a>
 				{{end}}
-				{{if (not $isHomepage)}}
-					<span class="breadcrumb repo-path tw-ml-1">
-						<a class="section" href="{{.RepoLink}}/src/{{.BranchNameSubURL}}" title="{{.Repository.Name}}">{{StringUtils.EllipsisString .Repository.Name 30}}</a>
-						{{- range $i, $v := .TreeNames -}}
-							<span class="breadcrumb-divider">/</span>
-							{{- if eq $i $l -}}
-								<span class="active section" title="{{$v}}">{{$v}}</span>
-								<button class="btn interact-fg tw-p-2" data-clipboard-text="{{$.TreePath}}" data-tooltip-content="{{ctx.Locale.Tr "copy_path"}}">{{svg "octicon-copy" 14}}</button>
-							{{- else -}}
-								{{$p := index $.Paths $i}}<span class="section"><a href="{{$.BranchLink}}/{{PathEscapeSegments $p}}" title="{{$v}}">{{$v}}</a></span>
-							{{- end -}}
-						{{- end -}}
-					</span>
-				{{end}}
+				{{template "repo/filepath" .}}
 			</div>
 			<div class="tw-flex tw-items-center max-[390px]:tw-w-full">
 				<!-- Only show clone panel in repository home page -->
diff --git a/tests/integration/repo_commits_search_test.go b/tests/integration/repo_commits_search_test.go
index 5d7d215678..30ee0e55ef 100644
--- a/tests/integration/repo_commits_search_test.go
+++ b/tests/integration/repo_commits_search_test.go
@@ -24,6 +24,7 @@ func testRepoCommitsSearch(t *testing.T, query, commit string) {
 	doc := NewHTMLParser(t, resp.Body)
 	sel := doc.doc.Find("#commits-table tbody tr td.sha a")
 	assert.Equal(t, commit, strings.TrimSpace(sel.Text()))
+	doc.AssertElement(t, ".repo-path", false)
 }
 
 func TestRepoCommitsSearch(t *testing.T) {
diff --git a/tests/integration/repo_commits_test.go b/tests/integration/repo_commits_test.go
index d2bb4e8849..26522fe481 100644
--- a/tests/integration/repo_commits_test.go
+++ b/tests/integration/repo_commits_test.go
@@ -34,6 +34,7 @@ func TestRepoCommits(t *testing.T) {
 	commitURL, exists := doc.doc.Find("#commits-table tbody tr td.sha a").Attr("href")
 	assert.True(t, exists)
 	assert.NotEmpty(t, commitURL)
+	doc.AssertElement(t, ".repo-path", false)
 }
 
 func doTestRepoCommitWithStatus(t *testing.T, state string, classes ...string) {
diff --git a/tests/integration/view_test.go b/tests/integration/view_test.go
index bc858e71e8..fee9393409 100644
--- a/tests/integration/view_test.go
+++ b/tests/integration/view_test.go
@@ -139,7 +139,7 @@ func TestCommitListActions(t *testing.T) {
 			[]*files_service.ChangeRepoFile{
 				{
 					Operation:     "create",
-					TreePath:      "test.sh",
+					TreePath:      "test/test.sh",
 					ContentReader: strings.NewReader("Hello there!"),
 				},
 			},
@@ -162,7 +162,7 @@ func TestCommitListActions(t *testing.T) {
 			htmlDoc.AssertElement(t, fmt.Sprintf(".commit-list a[href^='/%s/src/commit/']", repo.FullName()), false)
 		})
 
-		fileDiffSelector := fmt.Sprintf(".commit-list a[href='/%s/commit/%s?files=test.sh']", repo.FullName(), commitID)
+		fileDiffSelector := fmt.Sprintf(".commit-list a[href='/%s/commit/%s?files=test/test.sh']", repo.FullName(), commitID)
 		t.Run("Commit list", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
@@ -177,12 +177,19 @@ func TestCommitListActions(t *testing.T) {
 		t.Run("File history", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
-			req := NewRequest(t, "GET", repo.Link()+"/commits/branch/main/test.sh")
+			req := NewRequest(t, "GET", repo.Link()+"/commits/branch/main/test/test.sh")
 			resp := session.MakeRequest(t, req, http.StatusOK)
 			htmlDoc := NewHTMLParser(t, resp.Body)
 
-			htmlDoc.AssertElement(t, fmt.Sprintf(".commit-list a[href='/%s/src/commit/%s/test.sh']", repo.FullName(), commitID), true)
+			htmlDoc.AssertElement(t, fmt.Sprintf(".commit-list a[href='/%s/src/commit/%s/test/test.sh']", repo.FullName(), commitID), true)
 			htmlDoc.AssertElement(t, fileDiffSelector, true)
+
+			htmlDoc.AssertElement(t, ".repo-path", true)
+			htmlDoc.AssertElement(t, fmt.Sprintf(".repo-path a[href='/%s/src/branch/main'][title='%s']", repo.FullName(), repo.Name), true)
+			assert.Equal(t, 2, htmlDoc.Find(".repo-path .breadcrumb-divider").Length())
+			htmlDoc.AssertElement(t, fmt.Sprintf(".repo-path .section a[href='/%s/src/branch/main/test'][title='test']", repo.FullName()), true)
+			htmlDoc.AssertElement(t, ".repo-path .active[title='test.sh']", true)
+			htmlDoc.AssertElement(t, ".repo-path button[data-clipboard-text='test/test.sh']", true)
 		})
 	})
 }

From eb58d6c9d0d2b0aab55eef86d6ff597c065e4235 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 1 May 2026 01:58:09 +0200
Subject: [PATCH 771/854] Update dependency @axe-core/playwright to v4.11.2
 (forgejo) (#12358)

---
 package-lock.json | 10 +++++-----
 package.json      |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index a6a5d2941e..e04d4747e4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -82,7 +82,7 @@
         "wrap-ansi": "10.0.0"
       },
       "devDependencies": {
-        "@axe-core/playwright": "4.11.1",
+        "@axe-core/playwright": "4.11.2",
         "@eslint-community/eslint-plugin-eslint-comments": "4.7.1",
         "@playwright/test": "1.58.2",
         "@stoplight/spectral-cli": "6.15.0",
@@ -163,13 +163,13 @@
       }
     },
     "node_modules/@axe-core/playwright": {
-      "version": "4.11.1",
-      "resolved": "https://registry.npmjs.org/@axe-core/playwright/-/playwright-4.11.1.tgz",
-      "integrity": "sha512-mKEfoUIB1MkVTht0BGZFXtSAEKXMJoDkyV5YZ9jbBmZCcWDz71tegNsdTkIN8zc/yMi5Gm2kx7Z5YQ9PfWNAWw==",
+      "version": "4.11.2",
+      "resolved": "https://registry.npmjs.org/@axe-core/playwright/-/playwright-4.11.2.tgz",
+      "integrity": "sha512-iP6hfNl9G0j/SEUSo8M7D80RbcDo9KRAAfDP4IT5OHB+Wm6zUHIrm8Y51BKI+Oyqduvipf9u1hcRy57zCBKzWQ==",
       "dev": true,
       "license": "MPL-2.0",
       "dependencies": {
-        "axe-core": "~4.11.1"
+        "axe-core": "~4.11.3"
       },
       "peerDependencies": {
         "playwright-core": ">= 1.0.0"
diff --git a/package.json b/package.json
index 1dcd4f24a5..68829a112f 100644
--- a/package.json
+++ b/package.json
@@ -81,7 +81,7 @@
     "wrap-ansi": "10.0.0"
   },
   "devDependencies": {
-    "@axe-core/playwright": "4.11.1",
+    "@axe-core/playwright": "4.11.2",
     "@eslint-community/eslint-plugin-eslint-comments": "4.7.1",
     "@playwright/test": "1.58.2",
     "@stoplight/spectral-cli": "6.15.0",

From 1acf630dbf9fa751d2ba006f9d855baac0a5fe19 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=CE=88=CE=BB=CE=BB=CE=B5=CE=BD=20=CE=95=CE=BC=CE=AF=CE=BB?=
 =?UTF-8?q?=CE=B9=CE=B1=20=CE=86=CE=BD=CE=BD=CE=B1=20Zscheile?=
 <fogti+devel@ytrizja.de>
Date: Fri, 1 May 2026 02:46:01 +0200
Subject: [PATCH 772/854] feat(build): Support go "fmt" format strings as
 masked usage patterns (#12013)

This idea is perhaps a bit more far-fetched. It implements the ability in `lint-locale-usage` to basically fully handle "printf" invocations by transforming format strings to regexps when "%" wildcards are present.

Currently, it doesn't cache the transformation from format string to compiled regex because this doesn't make a performance difference (yet), given that most of these wildcards are only hit once or twice.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12013
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 .../allowed-masked-usage.txt                  |  20 --
 build/lint-locale-usage/bin/handle-go.go      | 260 ++++++++++--------
 .../bin/lint-locale-usage.go                  |  63 ++++-
 build/lint-locale-usage/handle-go.go          |  45 ++-
 build/lint-locale-usage/handle-tmpl.go        |  12 +-
 build/lint-locale-usage/handler.go            |   1 +
 models/project/project.go                     |   2 +-
 models/project/template.go                    |   2 +-
 models/system/notice.go                       |   2 +
 templates/repo/issue/view_content.tmpl        |   8 +-
 .../repo/issue/view_content/comments.tmpl     |  10 +-
 11 files changed, 263 insertions(+), 162 deletions(-)

diff --git a/build/lint-locale-usage/allowed-masked-usage.txt b/build/lint-locale-usage/allowed-masked-usage.txt
index ca899c7d38..205d3c3cca 100644
--- a/build/lint-locale-usage/allowed-masked-usage.txt
+++ b/build/lint-locale-usage/allowed-masked-usage.txt
@@ -6,32 +6,12 @@ translation_meta.test
 # this also gets instantiated as a Messenger once
 repo.migrate.migrating_failed.error
 
-# models/system/notice.go: func (n *Notice) TrStr() string
-admin.notices.type_1
-admin.notices.type_2
-
 # modules/setting/ui.go
 themes.names.
 
 # services/context/context.go
 relativetime.
 
-# templates/repo/issue/view_content.tmpl: indirection via $closeTranslationKey
-repo.issues.close
-repo.pulls.close
-
-# templates/repo/issue/view_content/comments.tmpl: indirection via $refTr
-repo.issues.ref_closing_from
-repo.issues.ref_issue_from
-repo.issues.ref_pull_from
-repo.issues.ref_reopening_from
-
-# templates/repo/issue/view_content/comments.tmpl: ctx.Locale.Tr (printf "projects.type-%d.display_name" .OldProject.Type)
-projects.
-projects.type-1.display_name
-projects.type-2.display_name
-projects.type-3.display_name
-
 # templates/repo/settings/webhook/link_menu.tmpl, templates/webhook/new.tmpl: repo.settings.web_hook_name_
 # tests/integration/repo_archive_text_test.go
 repo.settings.
diff --git a/build/lint-locale-usage/bin/handle-go.go b/build/lint-locale-usage/bin/handle-go.go
index ffa6b13165..5b68543e9d 100644
--- a/build/lint-locale-usage/bin/handle-go.go
+++ b/build/lint-locale-usage/bin/handle-go.go
@@ -37,144 +37,172 @@ func HandleGoFile(handler llu.Handler, fname string, src any) error {
 	}
 
 	ast.Inspect(node, func(n ast.Node) bool {
-		// search for function calls of the form `anything.Tr(any-string-lit, ...)`
+		return HandleGoNode(handler, fset, fname, n)
+	})
 
-		switch n2 := n.(type) {
-		case *ast.CallExpr:
-			if len(n2.Args) == 0 {
-				return true
+	return nil
+}
+
+func HandleGoNode(handler llu.Handler, fset *token.FileSet, fname string, n ast.Node) bool {
+	// search for function calls of the form `anything.Tr(any-string-lit, ...)`
+
+	switch n2 := n.(type) {
+	case *ast.CallExpr:
+		if len(n2.Args) == 0 {
+			return true
+		}
+		funSel, ok := n2.Fun.(*ast.SelectorExpr)
+		if !ok {
+			return true
+		}
+
+		ltf, ok := handler.LocaleTrFunctions[funSel.Sel.Name]
+		if !ok {
+			return true
+		}
+
+		var gotUnexpectedInvoke *int
+
+		for _, argNum := range ltf {
+			if len(n2.Args) <= int(argNum) {
+				argc := len(n2.Args)
+				gotUnexpectedInvoke = &argc
+			} else {
+				handler.HandleGoTrArgument(fset, n2.Args[int(argNum)], "")
 			}
-			funSel, ok := n2.Fun.(*ast.SelectorExpr)
-			if !ok {
+		}
+
+		if gotUnexpectedInvoke != nil {
+			handler.OnUnexpectedInvoke(fset, funSel.Sel.NamePos, funSel.Sel.Name, *gotUnexpectedInvoke)
+		}
+
+	case *ast.CompositeLit:
+		if strings.HasSuffix(fname, "models/unit/unit.go") {
+			lluUnit.HandleCompositeUnit(handler, fset, n2)
+		} else if strings.Contains(fname, "models/asymkey/") {
+			lluAsymKey.HandleCompositeErrorReason(handler, fset, n2)
+		}
+
+	case *ast.FuncDecl:
+		if matchInsPrefix := handler.HandleGoCommentGroup(fset, n2.Doc, "llu:returnsTrKeyWeak"); matchInsPrefix != nil {
+			results := n2.Type.Results.List
+			if len(results) != 1 {
+				handler.OnWarning(fset, n2.Type.Func, fmt.Sprintf("function %s has unexpected return type; expected single return value", n2.Name.Name))
 				return true
 			}
 
-			ltf, ok := handler.LocaleTrFunctions[funSel.Sel.Name]
-			if !ok {
-				return true
-			}
-
-			var gotUnexpectedInvoke *int
-
-			for _, argNum := range ltf {
-				if len(n2.Args) <= int(argNum) {
-					argc := len(n2.Args)
-					gotUnexpectedInvoke = &argc
-				} else {
-					handler.HandleGoTrArgument(fset, n2.Args[int(argNum)], "")
+			ast.Inspect(n2.Body, func(n ast.Node) bool {
+				// search for return stmts
+				// TODO: what about nested functions?
+				if ret, ok := n.(*ast.ReturnStmt); ok {
+					for _, res := range ret.Results {
+						ast.Inspect(res, func(n ast.Node) bool {
+							if expr, ok := n.(ast.Expr); ok {
+								handler.HandleGoTrArgument(fset, expr, *matchInsPrefix)
+							}
+							return true
+						})
+					}
+					return false
 				}
+				return true
+			})
+		}
+
+		if matchInsPrefix := handler.HandleGoCommentGroup(fset, n2.Doc, "llu:returnsTrKey"); matchInsPrefix != nil {
+			results := n2.Type.Results.List
+			if len(results) != 1 {
+				handler.OnWarning(fset, n2.Type.Func, fmt.Sprintf("function %s has unexpected return type; expected single return value", n2.Name.Name))
+				return true
 			}
 
-			if gotUnexpectedInvoke != nil {
-				handler.OnUnexpectedInvoke(fset, funSel.Sel.NamePos, funSel.Sel.Name, *gotUnexpectedInvoke)
-			}
-
-		case *ast.CompositeLit:
-			if strings.HasSuffix(fname, "models/unit/unit.go") {
-				lluUnit.HandleCompositeUnit(handler, fset, n2)
-			} else if strings.Contains(fname, "models/asymkey/") {
-				lluAsymKey.HandleCompositeErrorReason(handler, fset, n2)
-			}
-
-		case *ast.FuncDecl:
-			matchInsPrefix := handler.HandleGoCommentGroup(fset, n2.Doc, "llu:returnsTrKey")
-			if matchInsPrefix != nil {
-				results := n2.Type.Results.List
-				if len(results) != 1 {
-					handler.OnWarning(fset, n2.Type.Func, fmt.Sprintf("function %s has unexpected return type; expected single return value", n2.Name.Name))
-					return true
+			ast.Inspect(n2.Body, func(n ast.Node) bool {
+				// search for return stmts
+				if ret, ok := n.(*ast.ReturnStmt); ok {
+					for _, res := range ret.Results {
+						handler.HandleGoTrArgument(fset, res, *matchInsPrefix)
+					}
+					return false
+				} else if _, ok := n.(*ast.FuncDecl); ok {
+					ast.Inspect(n, func(n2 ast.Node) bool {
+						return HandleGoNode(handler, fset, fname, n2)
+					})
+					// don't search inside nested functions for return stmts
+					return false
 				}
+				return true
+			})
+		}
 
-				ast.Inspect(n2.Body, func(n ast.Node) bool {
-					// search for return stmts
-					// TODO: what about nested functions?
-					if ret, ok := n.(*ast.ReturnStmt); ok {
-						for _, res := range ret.Results {
-							ast.Inspect(res, func(n ast.Node) bool {
-								if expr, ok := n.(ast.Expr); ok {
-									handler.HandleGoTrArgument(fset, expr, *matchInsPrefix)
-								}
-								return true
-							})
-						}
+		if strings.HasSuffix(fname, "services/migrations/migrate.go") {
+			lluMigrate.HandleMessengerInFunc(handler, fset, n2)
+		}
+		return true
+	case *ast.GenDecl:
+		switch n2.Tok {
+		case token.CONST, token.VAR:
+			matchInsPrefix := handler.HandleGoCommentGroup(fset, n2.Doc, " llu:TrKeys")
+			if matchInsPrefix == nil {
+				return true
+			}
+			for _, spec := range n2.Specs {
+				// interpret all contained strings as message IDs
+				ast.Inspect(spec, func(n ast.Node) bool {
+					if argLit, ok := n.(*ast.BasicLit); ok {
+						handler.HandleGoTrBasicLit(fset, argLit, *matchInsPrefix)
 						return false
 					}
 					return true
 				})
 			}
 
-			if strings.HasSuffix(fname, "services/migrations/migrate.go") {
-				lluMigrate.HandleMessengerInFunc(handler, fset, n2)
-			}
-			return true
-		case *ast.GenDecl:
-			switch n2.Tok {
-			case token.CONST, token.VAR:
-				matchInsPrefix := handler.HandleGoCommentGroup(fset, n2.Doc, " llu:TrKeys")
-				if matchInsPrefix == nil {
-					return true
-				}
-				for _, spec := range n2.Specs {
-					// interpret all contained strings as message IDs
-					ast.Inspect(spec, func(n ast.Node) bool {
-						if argLit, ok := n.(*ast.BasicLit); ok {
-							handler.HandleGoTrBasicLit(fset, argLit, *matchInsPrefix)
-							return false
-						}
-						return true
-					})
-				}
+		case token.TYPE:
+			// modules/web/middleware/binding.go:Validate uses the convention that structs
+			// entries can have tags.
+			// In particular, `locale:$msgid` should be handled; any fields with `form:-` shouldn't.
+			// Problem: we don't know which structs are forms, actually.
 
-			case token.TYPE:
-				// modules/web/middleware/binding.go:Validate uses the convention that structs
-				// entries can have tags.
-				// In particular, `locale:$msgid` should be handled; any fields with `form:-` shouldn't.
-				// Problem: we don't know which structs are forms, actually.
-
-				for _, spec := range n2.Specs {
-					tspec := spec.(*ast.TypeSpec)
-					structNode, ok := tspec.Type.(*ast.StructType)
-					if !ok || !(strings.HasSuffix(tspec.Name.Name, "Form") ||
-						(tspec.Doc != nil &&
-							slices.ContainsFunc(tspec.Doc.List, func(c *ast.Comment) bool {
-								return c.Text == "// swagger:model"
-							}))) {
+			for _, spec := range n2.Specs {
+				tspec := spec.(*ast.TypeSpec)
+				structNode, ok := tspec.Type.(*ast.StructType)
+				if !ok || !(strings.HasSuffix(tspec.Name.Name, "Form") ||
+					(tspec.Doc != nil &&
+						slices.ContainsFunc(tspec.Doc.List, func(c *ast.Comment) bool {
+							return c.Text == "// swagger:model"
+						}))) {
+					continue
+				}
+				for _, field := range structNode.Fields.List {
+					if field.Names == nil {
 						continue
 					}
-					for _, field := range structNode.Fields.List {
-						if field.Names == nil {
-							continue
-						}
-						if len(field.Names) != 1 {
-							handler.OnWarning(fset, field.Type.Pos(), "unsupported multiple field names")
-							continue
-						}
-						msgidPos := field.Names[0].NamePos
-						msgid := "form." + field.Names[0].Name
-						if field.Tag != nil && field.Tag.Kind == token.STRING {
-							rawTag, err := strconv.Unquote(field.Tag.Value)
-							if err != nil {
-								handler.OnWarning(fset, field.Tag.ValuePos, "invalid tag value encountered")
-								continue
-							}
-							tag := reflect.StructTag(rawTag)
-							if tag.Get("form") == "-" {
-								continue
-							}
-							tmp := tag.Get("locale")
-							if len(tmp) != 0 {
-								msgidPos = field.Tag.ValuePos
-								msgid = tmp
-							}
-						}
-						handler.OnMsgid(fset, msgidPos, msgid, true)
+					if len(field.Names) != 1 {
+						handler.OnWarning(fset, field.Type.Pos(), "unsupported multiple field names")
+						continue
 					}
+					msgidPos := field.Names[0].NamePos
+					msgid := "form." + field.Names[0].Name
+					if field.Tag != nil && field.Tag.Kind == token.STRING {
+						rawTag, err := strconv.Unquote(field.Tag.Value)
+						if err != nil {
+							handler.OnWarning(fset, field.Tag.ValuePos, "invalid tag value encountered")
+							continue
+						}
+						tag := reflect.StructTag(rawTag)
+						if tag.Get("form") == "-" {
+							continue
+						}
+						tmp := tag.Get("locale")
+						if len(tmp) != 0 {
+							msgidPos = field.Tag.ValuePos
+							msgid = tmp
+						}
+					}
+					handler.OnMsgid(fset, msgidPos, msgid, true)
 				}
 			}
 		}
+	}
 
-		return true
-	})
-
-	return nil
+	return true
 }
diff --git a/build/lint-locale-usage/bin/lint-locale-usage.go b/build/lint-locale-usage/bin/lint-locale-usage.go
index 311e632461..f04b14f3b2 100644
--- a/build/lint-locale-usage/bin/lint-locale-usage.go
+++ b/build/lint-locale-usage/bin/lint-locale-usage.go
@@ -13,6 +13,7 @@ import (
 	"io/fs"
 	"os"
 	"path/filepath"
+	"regexp"
 	"sort"
 	"strings"
 
@@ -44,12 +45,57 @@ type StringTrie interface {
 
 type StringTrieMap map[string]StringTrie
 
+func printfPatternToRegex(key string) (string, bool) {
+	parts := strings.Split(key, "%")
+	if len(parts) < 2 {
+		return key, false
+	}
+	var pattern strings.Builder
+	pattern.WriteString("^")
+	pattern.WriteString(parts[0])
+	skip := false
+	for _, part := range parts[1:] {
+		if skip {
+			skip = false
+			continue
+		}
+		if len(part) == 0 {
+			// "%%"
+			pattern.WriteString("%")
+			continue
+		}
+		switch part[0] {
+		case 'd':
+			pattern.WriteString("[0-9]+")
+		default:
+			pattern.WriteString("[A-Za-z0-9]*")
+		}
+		pattern.WriteString(part[1:])
+	}
+	pattern.WriteString("$")
+	return pattern.String(), true
+}
+
 func (m StringTrieMap) Matches(key []string) bool {
 	if len(key) == 0 || m == nil {
 		return true
 	}
 	value, ok := m[key[0]]
 	if !ok {
+		for altKey, value := range m {
+			// TODO: cache mapping $printfFormatString -> $regexpCompileOutput
+			pattern, found := printfPatternToRegex(altKey)
+			if !found {
+				continue
+			}
+			matched, err := regexp.MatchString(pattern, key[0])
+			if err != nil {
+				panic(fmt.Sprintf("unable to compile regexp '%s': %s", pattern, err.Error()))
+			}
+			if matched && (value == nil || value.Matches(key[1:])) {
+				return true
+			}
+		}
 		return false
 	}
 	if value == nil {
@@ -101,7 +147,7 @@ func ParseAllowedMaskedUsages(fname string, usedMsgids container.Set[string], al
 		if line == "" || strings.HasPrefix(line, "#") {
 			continue
 		}
-		if linePrefix, found := strings.CutSuffix(line, "."); found {
+		if linePrefix, found := strings.CutSuffix(line, "."); found || strings.Contains(line, "%") {
 			allowedMaskedPrefixes.Insert(strings.Split(linePrefix, "."))
 		} else {
 			if !chkMsgid(line) {
@@ -145,9 +191,14 @@ func Usage() {
 
 	fmt.Fprintf(outp, "\nSpecial Go doc comments:\n")
 	for _, i := range []string{
+		"//llu:returnsTrKeyWeak",
+		"\tcan be used in front of functions to indicate",
+		"\tthat the function returns message IDs (allows nesting inside complicated function calls)",
+		"\tWARNING: this currently doesn't support nested functions properly",
+		"",
 		"//llu:returnsTrKey",
 		"\tcan be used in front of functions to indicate",
-		"\tthat the function returns message IDs",
+		"\tthat the function returns message IDs (doesn't allow nesting inside complicated function calls)",
 		"\tWARNING: this currently doesn't support nested functions properly",
 		"",
 		"//llu:returnsTrKeySuffix prefix.",
@@ -260,6 +311,10 @@ func main() {
 	}
 
 	handler := llu.Handler{
+		OnMsgidPattern: func(fset *token.FileSet, pos token.Pos, msgidPattern string) {
+			msgidPatternSplit := strings.Split(msgidPattern, ".")
+			allowedMaskedPrefixes.Insert(msgidPatternSplit)
+		},
 		OnMsgidPrefix: func(fset *token.FileSet, pos token.Pos, msgidPrefix string, truncated bool) {
 			msgidPrefixSplit := strings.Split(msgidPrefix, ".")
 			if !truncated {
@@ -270,6 +325,10 @@ func main() {
 			}
 		},
 		OnMsgid: func(fset *token.FileSet, pos token.Pos, msgid string, weak bool) {
+			if strings.Contains(msgid, "%") {
+				fmt.Printf("%s:\tunexpected msgid pattern: %s\n", fset.Position(pos).String(), msgid)
+				return
+			}
 			if !msgids.Contains(msgid) {
 				if weak && allowWeakMissingMsgids {
 					return
diff --git a/build/lint-locale-usage/handle-go.go b/build/lint-locale-usage/handle-go.go
index 44229e52f7..a8e478a6ef 100644
--- a/build/lint-locale-usage/handle-go.go
+++ b/build/lint-locale-usage/handle-go.go
@@ -34,12 +34,14 @@ func (handler Handler) HandleGoTrBasicLit(fset *token.FileSet, argLit *ast.Basic
 }
 
 func (handler Handler) HandleGoTrArgument(fset *token.FileSet, n ast.Expr, prefix string) {
-	if argLit, ok := n.(*ast.BasicLit); ok {
-		handler.HandleGoTrBasicLit(fset, argLit, prefix)
-	} else if argBinExpr, ok := n.(*ast.BinaryExpr); ok {
-		if argBinExpr.Op != token.ADD {
+	switch n := n.(type) {
+	case *ast.BasicLit:
+		handler.HandleGoTrBasicLit(fset, n, prefix)
+
+	case *ast.BinaryExpr:
+		if n.Op != token.ADD {
 			// pass
-		} else if argLit, ok := argBinExpr.X.(*ast.BasicLit); ok && argLit.Kind == token.STRING {
+		} else if argLit, ok := n.X.(*ast.BasicLit); ok && argLit.Kind == token.STRING {
 			// extract string content
 			arg, err := strconv.Unquote(argLit.Value)
 			if err != nil {
@@ -53,6 +55,39 @@ func (handler Handler) HandleGoTrArgument(fset *token.FileSet, n ast.Expr, prefi
 			}
 			handler.OnMsgidPrefix(fset, argLit.ValuePos, prep, trunc)
 		}
+
+	case *ast.CallExpr:
+		if selExpr, ok := n.Fun.(*ast.SelectorExpr); ok {
+			if xIdent, xok := selExpr.X.(*ast.Ident); !xok || xIdent.Name != "fmt" {
+				return
+			}
+			if selExpr.Sel.Name != "Sprintf" {
+				handler.OnWarning(fset, selExpr.Sel.NamePos, fmt.Sprintf("unexpected formatting function encountered: %s", selExpr.Sel.Name))
+				return
+			}
+			if len(n.Args) == 0 {
+				handler.OnWarning(fset, selExpr.Sel.NamePos, fmt.Sprintf("unexpected formatting function invocation (no arguments) of '%s'", selExpr.Sel.Name))
+				return
+			}
+
+			if argLit, ok := n.Args[0].(*ast.BasicLit); ok && argLit.Kind == token.STRING {
+				// extract string content
+				arg, err := strconv.Unquote(argLit.Value)
+				if err != nil {
+					return
+				}
+				if strings.Contains(arg, " ") {
+					handler.OnWarning(fset, argLit.ValuePos, fmt.Sprintf(
+						"formatting function invocation of '%s' with weird msgid format string: %s",
+						selExpr.Sel.Name,
+						arg,
+					))
+					return
+				}
+				// found interesting strings
+				handler.OnMsgidPattern(fset, argLit.ValuePos, prefix+arg)
+			}
+		}
 	}
 }
 
diff --git a/build/lint-locale-usage/handle-tmpl.go b/build/lint-locale-usage/handle-tmpl.go
index 7fbda8ffd5..e37c1eb486 100644
--- a/build/lint-locale-usage/handle-tmpl.go
+++ b/build/lint-locale-usage/handle-tmpl.go
@@ -150,16 +150,12 @@ func (handler Handler) handleTemplateMsgid(fset *token.FileSet, node tmplParser.
 			handler.OnMsgid(fset, stringPos, msgidPrefix, false)
 		} else {
 			if nodeIdent.Ident == "printf" {
-				parts := strings.SplitN(msgidPrefix, "%", 2)
-				if len(parts) != 2 {
-					handler.OnWarning(
-						fset,
-						stringPos,
-						fmt.Sprintf("unsupported invocation of locate function (format string doesn't match \"prefix%%smth\" pattern): %s", nodeString.String()),
-					)
+				// found interesting strings
+				if !(strings.HasSuffix(msgidPrefix, ".%s") && strings.Count(msgidPrefix, "%") == 1) {
+					handler.OnMsgidPattern(fset, stringPos, msgidPrefix)
 					return
 				}
-				msgidPrefix = parts[0]
+				msgidPrefix = strings.TrimSuffix(msgidPrefix, "%s")
 			}
 
 			msgidPrefixFin, truncated := PrepareMsgidPrefix(msgidPrefix)
diff --git a/build/lint-locale-usage/handler.go b/build/lint-locale-usage/handler.go
index 6673ac3a4d..ef517cd040 100644
--- a/build/lint-locale-usage/handler.go
+++ b/build/lint-locale-usage/handler.go
@@ -47,6 +47,7 @@ func InitLocaleTrFunctions() map[string][]uint {
 type Handler struct {
 	OnMsgid            func(fset *token.FileSet, pos token.Pos, msgid string, weak bool)
 	OnMsgidPrefix      func(fset *token.FileSet, pos token.Pos, msgidPrefix string, truncated bool)
+	OnMsgidPattern     func(fset *token.FileSet, pos token.Pos, msgidPattern string)
 	OnUnexpectedInvoke func(fset *token.FileSet, pos token.Pos, funcname string, argc int)
 	OnWarning          func(fset *token.FileSet, pos token.Pos, msg string)
 	LocaleTrFunctions  map[string][]uint
diff --git a/models/project/project.go b/models/project/project.go
index 8f3d09b956..be1b9d59c6 100644
--- a/models/project/project.go
+++ b/models/project/project.go
@@ -184,7 +184,7 @@ func init() {
 
 // GetCardConfig retrieves the types of configurations project column cards could have
 //
-//llu:returnsTrKey
+//llu:returnsTrKeyWeak
 func GetCardConfig() []CardConfig {
 	return []CardConfig{
 		{CardTypeTextOnly, "repo.projects.card_type.text_only"},
diff --git a/models/project/template.go b/models/project/template.go
index 278cf5b781..3d55cd27f2 100644
--- a/models/project/template.go
+++ b/models/project/template.go
@@ -27,7 +27,7 @@ const (
 
 // GetTemplateConfigs retrieves the template configs of configurations project columns could have
 //
-//llu:returnsTrKey
+//llu:returnsTrKeyWeak
 func GetTemplateConfigs() []TemplateConfig {
 	return []TemplateConfig{
 		{TemplateTypeNone, "repo.projects.type.none"},
diff --git a/models/system/notice.go b/models/system/notice.go
index b1fdd2e4f2..7801686889 100644
--- a/models/system/notice.go
+++ b/models/system/notice.go
@@ -38,6 +38,8 @@ func init() {
 }
 
 // TrStr returns a translation format string.
+//
+//llu:returnsTrKey
 func (n *Notice) TrStr() string {
 	return fmt.Sprintf("admin.notices.type_%d", n.Type)
 }
diff --git a/templates/repo/issue/view_content.tmpl b/templates/repo/issue/view_content.tmpl
index 08a8daade9..235112b47b 100644
--- a/templates/repo/issue/view_content.tmpl
+++ b/templates/repo/issue/view_content.tmpl
@@ -110,14 +110,14 @@
 												</span>
 											</button>
 										{{else}}
-											{{$closeTranslationKey := "repo.issues.close"}}
+											{{$closeTranslation := ctx.Locale.Tr "repo.issues.close"}}
 											{{if .Issue.IsPull}}
-												{{$closeTranslationKey = "repo.pulls.close"}}
+												{{$closeTranslation = ctx.Locale.Tr "repo.pulls.close"}}
 											{{end}}
-											<button id="status-button" class="secondary button" data-status="{{ctx.Locale.Tr $closeTranslationKey}}" data-status-and-comment="{{ctx.Locale.Tr "repo.issues.close_comment_issue"}}" name="status" value="close">
+											<button id="status-button" class="secondary button" data-status="{{$closeTranslation}}" data-status-and-comment="{{ctx.Locale.Tr "repo.issues.close_comment_issue"}}" name="status" value="close">
 												{{svg "octicon-issue-closed"}}
 												<span>
-													{{ctx.Locale.Tr $closeTranslationKey}}
+													{{$closeTranslation}}
 												</span>
 											</button>
 										{{end}}
diff --git a/templates/repo/issue/view_content/comments.tmpl b/templates/repo/issue/view_content/comments.tmpl
index bde6a0b5b2..b3de7ed155 100644
--- a/templates/repo/issue/view_content/comments.tmpl
+++ b/templates/repo/issue/view_content/comments.tmpl
@@ -129,13 +129,13 @@
 			{{if ne .RefRepoID .Issue.RepoID}}
 				{{$refFrom = ctx.Locale.Tr "repo.issues.ref_from" .RefRepo.FullName}}
 			{{end}}
-			{{$refTr := "repo.issues.ref_issue_from"}}
+			{{$refTr := "issue"}}
 			{{if .Issue.IsPull}}
-				{{$refTr = "repo.issues.ref_pull_from"}}
+				{{$refTr = "pull"}}
 			{{else if eq .RefAction 1}}
-				{{$refTr = "repo.issues.ref_closing_from"}}
+				{{$refTr = "closing"}}
 			{{else if eq .RefAction 2}}
-				{{$refTr = "repo.issues.ref_reopening_from"}}
+				{{$refTr = "reopening"}}
 			{{end}}
 			<div class="timeline-item event" id="{{.HashTag}}">
 				<span class="badge">{{svg "octicon-bookmark"}}</span>
@@ -143,7 +143,7 @@
 				{{if eq .RefAction 3}}<del>{{end}}
 				<span class="text grey muted-links">
 					{{template "shared/user/authorlink" .Poster}}
-					{{ctx.Locale.Tr $refTr $createdStr (.RefCommentLink ctx) $refFrom}}
+					{{ctx.Locale.Tr (printf "repo.issues.ref_%s_from" $refTr) $createdStr (.RefCommentLink ctx) $refFrom}}
 				</span>
 				{{if eq .RefAction 3}}</del>{{end}}
 

From 948f8cc61a98f9bd4a018260d32bac69586195f1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 1 May 2026 04:14:12 +0200
Subject: [PATCH 773/854] Update dependency @stoplight/spectral-cli to v6.15.1
 (forgejo) (#12359)

---
 package-lock.json | 51 ++++++++---------------------------------------
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 44 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e04d4747e4..9fc22b22ad 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -85,7 +85,7 @@
         "@axe-core/playwright": "4.11.2",
         "@eslint-community/eslint-plugin-eslint-comments": "4.7.1",
         "@playwright/test": "1.58.2",
-        "@stoplight/spectral-cli": "6.15.0",
+        "@stoplight/spectral-cli": "6.15.1",
         "@stylistic/eslint-plugin": "5.10.0",
         "@stylistic/stylelint-plugin": "4.0.1",
         "@vitejs/plugin-vue": "6.0.5",
@@ -3444,9 +3444,9 @@
       }
     },
     "node_modules/@stoplight/spectral-cli": {
-      "version": "6.15.0",
-      "resolved": "https://registry.npmjs.org/@stoplight/spectral-cli/-/spectral-cli-6.15.0.tgz",
-      "integrity": "sha512-FVeQIuqQQnnLfa8vy+oatTKUve7uU+3SaaAfdjpX/B+uB1NcfkKRJYhKT9wMEehDRaMPL5AKIRYMCFerdEbIpw==",
+      "version": "6.15.1",
+      "resolved": "https://registry.npmjs.org/@stoplight/spectral-cli/-/spectral-cli-6.15.1.tgz",
+      "integrity": "sha512-ev72bUglbaZvFSMWCP5o1Iso5NGgbLZOAuedvRxYrUMey9dVCR83i033tSFvDv6cpj86HsbEmiilh8vwrY/asQ==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -3464,7 +3464,7 @@
         "chalk": "4.1.2",
         "fast-glob": "~3.2.12",
         "hpagent": "~1.2.0",
-        "lodash": "~4.17.21",
+        "lodash": "^4.18.1",
         "pony-cause": "^1.1.1",
         "stacktracey": "^2.1.8",
         "tslib": "^2.8.1",
@@ -3572,13 +3572,6 @@
         "concat-map": "0.0.1"
       }
     },
-    "node_modules/@stoplight/spectral-core/node_modules/lodash": {
-      "version": "4.18.1",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
-      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@stoplight/spectral-core/node_modules/minimatch": {
       "version": "3.1.5",
       "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.5.tgz",
@@ -3633,13 +3626,6 @@
         "node": "^16.20 || ^18.18 || >= 20.17"
       }
     },
-    "node_modules/@stoplight/spectral-formatters/node_modules/lodash": {
-      "version": "4.18.1",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
-      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@stoplight/spectral-functions": {
       "version": "1.10.2",
       "resolved": "https://registry.npmjs.org/@stoplight/spectral-functions/-/spectral-functions-1.10.2.tgz",
@@ -3663,13 +3649,6 @@
         "node": "^16.20 || ^18.18 || >= 20.17"
       }
     },
-    "node_modules/@stoplight/spectral-functions/node_modules/lodash": {
-      "version": "4.18.1",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
-      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@stoplight/spectral-parsers": {
       "version": "1.0.5",
       "resolved": "https://registry.npmjs.org/@stoplight/spectral-parsers/-/spectral-parsers-1.0.5.tgz",
@@ -3821,13 +3800,6 @@
         "node": "^16.20 || ^18.18 || >= 20.17"
       }
     },
-    "node_modules/@stoplight/spectral-rulesets/node_modules/lodash": {
-      "version": "4.18.1",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
-      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@stoplight/spectral-runtime": {
       "version": "1.1.5",
       "resolved": "https://registry.npmjs.org/@stoplight/spectral-runtime/-/spectral-runtime-1.1.5.tgz",
@@ -3847,13 +3819,6 @@
         "node": "^16.20 || ^18.18 || >= 20.17"
       }
     },
-    "node_modules/@stoplight/spectral-runtime/node_modules/lodash": {
-      "version": "4.18.1",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
-      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/@stoplight/types": {
       "version": "13.20.0",
       "resolved": "https://registry.npmjs.org/@stoplight/types/-/types-13.20.0.tgz",
@@ -11235,9 +11200,9 @@
       }
     },
     "node_modules/lodash": {
-      "version": "4.17.23",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-      "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
+      "version": "4.18.1",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.18.1.tgz",
+      "integrity": "sha512-dMInicTPVE8d1e5otfwmmjlxkZoUpiVLwyeTdUsi/Caj/gfzzblBcCE5sRHV/AsjuCmxWrte2TNGSYuCeCq+0Q==",
       "dev": true,
       "license": "MIT"
     },
diff --git a/package.json b/package.json
index 68829a112f..c54633e526 100644
--- a/package.json
+++ b/package.json
@@ -84,7 +84,7 @@
     "@axe-core/playwright": "4.11.2",
     "@eslint-community/eslint-plugin-eslint-comments": "4.7.1",
     "@playwright/test": "1.58.2",
-    "@stoplight/spectral-cli": "6.15.0",
+    "@stoplight/spectral-cli": "6.15.1",
     "@stylistic/eslint-plugin": "5.10.0",
     "@stylistic/stylelint-plugin": "4.0.1",
     "@vitejs/plugin-vue": "6.0.5",

From b5e7a72e10a5e87d275caec9dcf4b456f6120c74 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 1 May 2026 05:41:56 +0200
Subject: [PATCH 774/854] Update dependency @vue/test-utils to v2.4.9 (forgejo)
 (#12361)

---
 package-lock.json | 26 ++++++++++++++++++--------
 package.json      |  2 +-
 2 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 9fc22b22ad..d15dd099b0 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -91,7 +91,7 @@
         "@vitejs/plugin-vue": "6.0.5",
         "@vitest/coverage-v8": "4.1.2",
         "@vitest/eslint-plugin": "1.6.13",
-        "@vue/test-utils": "2.4.6",
+        "@vue/test-utils": "2.4.9",
         "eslint": "9.39.4",
         "eslint-import-resolver-typescript": "4.4.4",
         "eslint-plugin-array-func": "5.1.1",
@@ -5251,14 +5251,24 @@
       "license": "MIT"
     },
     "node_modules/@vue/test-utils": {
-      "version": "2.4.6",
-      "resolved": "https://registry.npmjs.org/@vue/test-utils/-/test-utils-2.4.6.tgz",
-      "integrity": "sha512-FMxEjOpYNYiFe0GkaHsnJPXFHxQ6m4t8vI/ElPGpMWxZKpmRvQ33OIrvRXemy6yha03RxhOlQuy+gZMC3CQSow==",
+      "version": "2.4.9",
+      "resolved": "https://registry.npmjs.org/@vue/test-utils/-/test-utils-2.4.9.tgz",
+      "integrity": "sha512-YwgowiO1mPleZqpgAGfxvWu/A5A8nkLrbyH2SqiQRkyzCIaDzzo27/2uS/F1g7fRLvl8BUY0+Sr1eC+6+IHfrw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "js-beautify": "^1.14.9",
-        "vue-component-type-helpers": "^2.0.0"
+        "vue-component-type-helpers": "^3.0.0"
+      },
+      "peerDependencies": {
+        "@vue/compiler-dom": "3.x",
+        "@vue/server-renderer": "3.x",
+        "vue": "3.x"
+      },
+      "peerDependenciesMeta": {
+        "@vue/server-renderer": {
+          "optional": true
+        }
       }
     },
     "node_modules/@webassemblyjs/ast": {
@@ -16046,9 +16056,9 @@
       }
     },
     "node_modules/vue-component-type-helpers": {
-      "version": "2.2.12",
-      "resolved": "https://registry.npmjs.org/vue-component-type-helpers/-/vue-component-type-helpers-2.2.12.tgz",
-      "integrity": "sha512-YbGqHZ5/eW4SnkPNR44mKVc6ZKQoRs/Rux1sxC6rdwXb4qpbOSYfDr9DsTHolOTGmIKgM9j141mZbBeg05R1pw==",
+      "version": "3.2.7",
+      "resolved": "https://registry.npmjs.org/vue-component-type-helpers/-/vue-component-type-helpers-3.2.7.tgz",
+      "integrity": "sha512-+gPp5YGmhfsj1IN+xUo7y0fb4clfnOiiUA39y07yW1VzCRjzVgwLbtmdWlghh7mXrPsEaYc7rrIir/HT6C8vYQ==",
       "dev": true,
       "license": "MIT"
     },
diff --git a/package.json b/package.json
index c54633e526..3c5e2f062b 100644
--- a/package.json
+++ b/package.json
@@ -90,7 +90,7 @@
     "@vitejs/plugin-vue": "6.0.5",
     "@vitest/coverage-v8": "4.1.2",
     "@vitest/eslint-plugin": "1.6.13",
-    "@vue/test-utils": "2.4.6",
+    "@vue/test-utils": "2.4.9",
     "eslint": "9.39.4",
     "eslint-import-resolver-typescript": "4.4.4",
     "eslint-plugin-array-func": "5.1.1",

From cb05be1a09425acc403c291502435e4933f235d2 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 1 May 2026 06:58:54 +0200
Subject: [PATCH 775/854] Update dependency swagger-ui-dist to v5.32.5
 (forgejo) (#12363)

---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index d15dd099b0..6a67c83fe6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -64,7 +64,7 @@
         "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
         "sortablejs": "1.15.7",
-        "swagger-ui-dist": "5.32.4",
+        "swagger-ui-dist": "5.32.5",
         "tailwindcss": "3.4.19",
         "throttle-debounce": "5.0.0",
         "tinycolor2": "1.6.0",
@@ -15026,9 +15026,9 @@
       }
     },
     "node_modules/swagger-ui-dist": {
-      "version": "5.32.4",
-      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.32.4.tgz",
-      "integrity": "sha512-0AADFFQNJzExEN49SrD/34Nn9cxNxVLiydYl2MBwSZFPVXNkVwC/EFAjoezGGqE8oDegiDC+p47t8lKObCinMQ==",
+      "version": "5.32.5",
+      "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.32.5.tgz",
+      "integrity": "sha512-7/FQfWe9A4qoyYFdAwy0chD0uDYidDp/ZT9VQ9LZlgD4AnnHJk8/+ytAA1HkJYOPySmK6helPDdJQMlcumt7HA==",
       "license": "Apache-2.0",
       "dependencies": {
         "@scarf/scarf": "=1.4.0"
diff --git a/package.json b/package.json
index 3c5e2f062b..9d0a453585 100644
--- a/package.json
+++ b/package.json
@@ -63,7 +63,7 @@
     "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",
     "sortablejs": "1.15.7",
-    "swagger-ui-dist": "5.32.4",
+    "swagger-ui-dist": "5.32.5",
     "tailwindcss": "3.4.19",
     "throttle-debounce": "5.0.0",
     "tinycolor2": "1.6.0",

From 67250869d365114528fc3505435bf801698d2387 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Fri, 1 May 2026 15:50:41 +0200
Subject: [PATCH 776/854] Update dependency @vitejs/plugin-vue to v6.0.6
 (forgejo) (#12360)

---
 package-lock.json | 16 ++++++++--------
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 6a67c83fe6..fe96fe60f6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -88,7 +88,7 @@
         "@stoplight/spectral-cli": "6.15.1",
         "@stylistic/eslint-plugin": "5.10.0",
         "@stylistic/stylelint-plugin": "4.0.1",
-        "@vitejs/plugin-vue": "6.0.5",
+        "@vitejs/plugin-vue": "6.0.6",
         "@vitest/coverage-v8": "4.1.2",
         "@vitest/eslint-plugin": "1.6.13",
         "@vue/test-utils": "2.4.9",
@@ -3248,9 +3248,9 @@
       }
     },
     "node_modules/@rolldown/pluginutils": {
-      "version": "1.0.0-rc.2",
-      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-rc.2.tgz",
-      "integrity": "sha512-izyXV/v+cHiRfozX62W9htOAvwMo4/bXKDrQ+vom1L1qRuexPock/7VZDAhnpHCLNejd3NJ6hiab+tO0D44Rgw==",
+      "version": "1.0.0-rc.13",
+      "resolved": "https://registry.npmjs.org/@rolldown/pluginutils/-/pluginutils-1.0.0-rc.13.tgz",
+      "integrity": "sha512-3ngTAv6F/Py35BsYbeeLeecvhMKdsKm4AoOETVhAA+Qc8nrA2I0kF7oa93mE9qnIurngOSpMnQ0x2nQY2FPviA==",
       "dev": true,
       "license": "MIT"
     },
@@ -4913,13 +4913,13 @@
       }
     },
     "node_modules/@vitejs/plugin-vue": {
-      "version": "6.0.5",
-      "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-6.0.5.tgz",
-      "integrity": "sha512-bL3AxKuQySfk1iGcBsQnoRVexTPJq0Z/ixFVM8OhVJAP6ZXXXLtM7NFKWhLl30Kg7uTBqIaPXbh+nuQCuBDedg==",
+      "version": "6.0.6",
+      "resolved": "https://registry.npmjs.org/@vitejs/plugin-vue/-/plugin-vue-6.0.6.tgz",
+      "integrity": "sha512-u9HHgfrq3AjXlysn0eINFnWQOJQLO9WN6VprZ8FXl7A2bYisv3Hui9Ij+7QZ41F/WYWarHjwBbXtD7dKg3uxbg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@rolldown/pluginutils": "1.0.0-rc.2"
+        "@rolldown/pluginutils": "1.0.0-rc.13"
       },
       "engines": {
         "node": "^20.19.0 || >=22.12.0"
diff --git a/package.json b/package.json
index 9d0a453585..0669dc04c1 100644
--- a/package.json
+++ b/package.json
@@ -87,7 +87,7 @@
     "@stoplight/spectral-cli": "6.15.1",
     "@stylistic/eslint-plugin": "5.10.0",
     "@stylistic/stylelint-plugin": "4.0.1",
-    "@vitejs/plugin-vue": "6.0.5",
+    "@vitejs/plugin-vue": "6.0.6",
     "@vitest/coverage-v8": "4.1.2",
     "@vitest/eslint-plugin": "1.6.13",
     "@vue/test-utils": "2.4.9",

From 7fc236c58941b530fb88ff51b84d92070981ee78 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Fri, 1 May 2026 17:42:34 +0200
Subject: [PATCH 777/854] feat: allow Forgejo Actions to be used an Authorized
 Integration in-memory with internal issuer (#12364)

Allow JWTs that are generated by Forgejo Actions to be validated within Forgejo in-memory.  Without any special support for this internal access situation, these problems would occur:

1. Forgejo would need to make an HTTP request to itself to get the valid public key for the JWT, in order to validate its signature.  This is a waste of resources, and introduces a self-DoS risk.
2. Forgejo would need to be available via TLS in order for Actions to make service calls to Forgejo with that JWT, due to the TLS requirement for public key fetching.  This would be a blocker for writing end-to-end tests for Forgejo, but also would affect users who do not host Forgejo with TLS.
3. Authorized Integrations would need to be saved with the `issuer` URL of Forgejo.  If Forgejo's own `setting.AppURL` changed, all the persisted records in the database would become incorrect.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12364
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 .mockery.yml                                  |   1 +
 ...in_user_generate_authorized_integration.go |  10 +-
 routers/api/actions/oidc.go                   |  15 ++
 .../auth/method/authorized_integration.go     |  55 +++++++-
 .../method/authorized_integration_test.go     | 113 ++++++++++++++-
 services/auth/method/mocks_test.go            | 129 ++++++++++++++++++
 .../integration/api_actions_id_token_test.go  |  36 +++++
 7 files changed, 355 insertions(+), 4 deletions(-)
 create mode 100644 services/auth/method/mocks_test.go

diff --git a/.mockery.yml b/.mockery.yml
index 7c98b29508..2e9427cd77 100644
--- a/.mockery.yml
+++ b/.mockery.yml
@@ -4,6 +4,7 @@ packages:
   forgejo.org/modules/nosql:
     config:
       filename: mocks.go # make mocks public so that external packages can use
+  forgejo.org/services/auth/method:
   forgejo.org/services/authz:
     config:
       filename: authorization_reducer_mock.go # make mocks public so that external packages can use
diff --git a/cmd/admin_user_generate_authorized_integration.go b/cmd/admin_user_generate_authorized_integration.go
index 5f3e13a48e..fc159d90ae 100644
--- a/cmd/admin_user_generate_authorized_integration.go
+++ b/cmd/admin_user_generate_authorized_integration.go
@@ -23,8 +23,14 @@ import (
 
 func microcmdUserCreateAuthorizedIntegration() *cli.Command {
 	return &cli.Command{
-		Name:  "create-authorized-integration",
-		Usage: "Create an authorized integration for a specific user",
+		Name: "create-authorized-integration",
+		Description: `Creates an authorized integration. Authorized integrations allow Forgejo to
+receive JWTs from external sources, validate their claims against
+user-defined rules, and grant access to Forgejo's API on behalf of a user.
+
+The issuer may be set to "urn:forgejo:authorized-integrations:actions"
+to support JWTs from the local instance's Forgejo Actions, utilizing the
+enable-openid-connect flag in a workflow.`,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
 				Name:     "username",
diff --git a/routers/api/actions/oidc.go b/routers/api/actions/oidc.go
index 20cc44f36a..fc82bc299f 100644
--- a/routers/api/actions/oidc.go
+++ b/routers/api/actions/oidc.go
@@ -14,6 +14,7 @@ import (
 	"forgejo.org/modules/web"
 	web_types "forgejo.org/modules/web/types"
 	actions_service "forgejo.org/services/actions"
+	auth_method "forgejo.org/services/auth/method"
 	"forgejo.org/services/context"
 )
 
@@ -66,6 +67,7 @@ func init() {
 	web.RegisterResponseStatusProvider[*OIDCContext](func(req *http.Request) web_types.ResponseStatusProvider {
 		return req.Context().Value(oidcContextKey).(*OIDCContext)
 	})
+	auth_method.RegisterInternalIssuer("api/actions", internalIssuer{})
 }
 
 func OIDCContexter() func(next http.Handler) http.Handler {
@@ -143,3 +145,16 @@ func (o *oidcRoutes) configuration(ctx *OIDCContext) {
 func (o *oidcRoutes) keys(ctx *OIDCContext) {
 	ctx.JSON(http.StatusOK, o.jwks)
 }
+
+// Register Actions OIDC as an internal issuer for authorized integrations.  This allows an authorized integration to
+// have the value `urn:forgejo:authorized-integrations:actions` as an issuer, and perform JWT signature validation
+// against the in-memory signing key defined in this module.
+type internalIssuer struct{}
+
+func (internalIssuer) IssuerPlaceholder() string {
+	return "urn:forgejo:authorized-integrations:actions"
+}
+
+func (internalIssuer) SigningKey() jwtx.SigningKey {
+	return jwtSigningKey
+}
diff --git a/services/auth/method/authorized_integration.go b/services/auth/method/authorized_integration.go
index 368e1fe036..7c24c3c8c3 100644
--- a/services/auth/method/authorized_integration.go
+++ b/services/auth/method/authorized_integration.go
@@ -12,6 +12,7 @@ import (
 	"net/http"
 	"net/url"
 	"slices"
+	"strings"
 	"sync"
 	"time"
 
@@ -48,8 +49,40 @@ var (
 		return aiHTTPClient
 	}
 	getCache = cache.GetCache
+
+	internalIssuers = make(map[string]InternalIssuer)
 )
 
+// Authorized Integrations can verify the signature of JWTs that the application itself generated without requiring
+// remote access, and in a manner that is flexible to changes in [setting.AppURL].
+//
+// For example, Forgejo Actions is often used to access Forgejo with a JWT, by setting `enable-openid-connect: true` in
+// a workflow.  Without any special support for this internal access situation, problems would occur:
+//
+// 1. Forgejo would need to make an HTTP request to itself to get the valid public key for the JWT, in order to validate
+// its signature.  This is a waste of resources, and introduces a self-DoS risk.
+//
+// 2. Forgejo would need to be available via TLS in order for Actions to make service calls to Forgejo with that JWT
+// (due to the TLS requirement for public key fetching).
+//
+// 3. Authorized Integrations would need to be saved with the `issuer` URL of Forgejo.  If Forgejo's own
+// [setting.AppURL] changed, all the persisted records in the database would become incorrect.
+//
+// Internal Issuers work by registering a URL suffix like "/api/actions".  When a JWT is received with an issuer
+// matching [setting.AppURL] and the registered URL suffix, then the [InternalIssuer] interface is used to access the
+// JWT public key, and the value to be saved in the Authorized Integrations table as the issuer.
+func RegisterInternalIssuer(urlSuffix string, internalIssuer InternalIssuer) {
+	internalIssuers[urlSuffix] = internalIssuer
+}
+
+//mockery:generate: true
+type InternalIssuer interface {
+	// Signing key used to validate a JWT from this internal issuer.
+	SigningKey() jwtx.SigningKey
+	// Value to store in [auth_model.AuthorizedIntegration]'s Issuer field to reflect the use of this internal issuer.
+	IssuerPlaceholder() string
+}
+
 // Restrict document size to prevent resource exhaustion attack with a malicious authorized integration; largest
 // real-world openid-configuration observed is about 1kB, largest JWKS is 6kB, so for both cases 16kB should be
 // sufficient. If this needs to change in the future, it could be moved to a config setting -- but until a reason comes
@@ -111,7 +144,19 @@ func (a *AuthorizedIntegration) Verify(req *http.Request, w http.ResponseWriter,
 				return nil, fmt.Errorf("invalid `aud` claim: %q", audience)
 			}
 
-			authorizedIntegration, err = auth_model.GetAuthorizedIntegration(req.Context(), issuer, audience)
+			// Check if there's an internal issuer that matches the JWT's issuer, and if so, change `queryIssuer` to the
+			// internal issuer's placeholder, and store `internalIssuer` for later:
+			queryIssuer := issuer
+			var internalIssuer InternalIssuer
+			issuerSuffix := strings.TrimPrefix(issuer, setting.AppURL)
+			if issuer != issuerSuffix { // TrimPrefix will return a different string when the prefix was present
+				if ii, ok := internalIssuers[issuerSuffix]; ok {
+					internalIssuer = ii
+					queryIssuer = internalIssuer.IssuerPlaceholder()
+				}
+			}
+
+			authorizedIntegration, err = auth_model.GetAuthorizedIntegration(req.Context(), queryIssuer, audience)
 			if errors.Is(err, util.ErrNotExist) {
 				return nil, errors.New("matching authorized_integration not found")
 			} else if err != nil {
@@ -125,6 +170,14 @@ func (a *AuthorizedIntegration) Verify(req *http.Request, w http.ResponseWriter,
 				return nil, fmt.Errorf("claim mismatch: %w", err)
 			}
 
+			// If an internal issuer was found earlier, then we can skip the JWKS fetch and just use its in-memory
+			// signing key to validate the JWT.  It is critical we do this after the `checkClaims` above so that we
+			// don't miss important validation of the JWT.
+			if internalIssuer != nil {
+				key := internalIssuer.SigningKey().VerifyKey()
+				return key, nil
+			}
+
 			issuerURL, err := url.Parse(issuer)
 			if err != nil {
 				return nil, fmt.Errorf("failed parsing issuer: %w", err)
diff --git a/services/auth/method/authorized_integration_test.go b/services/auth/method/authorized_integration_test.go
index 16b09ae9ad..6bce1259c2 100644
--- a/services/auth/method/authorized_integration_test.go
+++ b/services/auth/method/authorized_integration_test.go
@@ -676,6 +676,89 @@ func TestAuthorizedIntegration(t *testing.T) {
 			})
 		})
 	})
+
+	t.Run("internal issuer", func(t *testing.T) {
+		t.Run("success", func(t *testing.T) {
+			ait := newInternalIssuerAITester(t)
+			defer ait.close()
+			output := ait.bearerRequest()
+			requireOutput[*auth.AuthenticationSuccess](t, output)
+		})
+
+		t.Run("mismatched issuer app URL", func(t *testing.T) {
+			ait := newInternalIssuerAITester(t,
+				claimTweak(func(rc *flexibleClaims) {
+					rc.Issuer = "https://example.org/fake-jwt-issuer" // correct suffix, incorrect prefix
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "matching authorized_integration not found")
+			ait.ii.ExpectedCalls = nil // InternalIssuer should have zero calls
+		})
+
+		t.Run("mismatched issuer URL suffix", func(t *testing.T) {
+			ait := newInternalIssuerAITester(t,
+				claimTweak(func(rc *flexibleClaims) {
+					rc.Issuer = setting.AppURL + "/fake-jwt-issuer-123" // correct prefix, incorrect suffix
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "matching authorized_integration not found")
+			ait.ii.ExpectedCalls = nil // InternalIssuer should have zero calls
+		})
+
+		t.Run("mismatched DB issuer placeholder", func(t *testing.T) {
+			ait := newInternalIssuerAITester(t,
+				aiDBTweak(func(ai *auth_model.AuthorizedIntegration) {
+					ai.Issuer = "urn:forgejo:authorized-issuer:internal:bad-choice-here"
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "matching authorized_integration not found")
+			ait.ii.ExpectedCalls = nil // InternalIssuer should have zero calls
+		})
+
+		t.Run("checks claim rules", func(t *testing.T) {
+			ait := newInternalIssuerAITester(t,
+				claimTweak(func(rc *flexibleClaims) {
+					rc.other["custom-claim"] = "oops wrong claim"
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "claim \"custom-claim\" must be \"custom-claim-value\"")
+			ait.ii.ExpectedCalls = []*mock.Call{ait.ii.ExpectedCalls[0]} // drop call to SigningKey() -- won't occur due to claim mismatch
+		})
+
+		t.Run("JWT times checked", func(t *testing.T) {
+			ait := newInternalIssuerAITester(t,
+				claimTweak(func(rc *flexibleClaims) {
+					rc.ExpiresAt = jwt.NewNumericDate(time.Date(2026, time.January, 1, 12, 0, 0, 0, time.Local))
+				}))
+			defer ait.close()
+			output := ait.bearerRequest()
+			err := requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "token is expired")
+		})
+
+		t.Run("signed by incorrect JWT key", func(t *testing.T) {
+			keyPath := filepath.Join(t.TempDir(), "jwt-rsa-2048-bad-key.priv")
+			badSigningKey, err := jwtx.InitAsymmetricSigningKey(keyPath, "RS256")
+			require.NoError(t, err)
+
+			ait := newInternalIssuerAITester(t, jwtClientSignatureTweak(func() jwtx.SigningKey {
+				return badSigningKey
+			}))
+			defer ait.close()
+
+			output := ait.bearerRequest()
+			err = requireOutput[*auth.AuthenticationAttemptedIncorrectCredential](t, output).Error
+			require.ErrorContains(t, err, "crypto/rsa: verification error")
+		})
+	})
 }
 
 type AuthorizedIntegrationTester struct {
@@ -686,6 +769,7 @@ type AuthorizedIntegrationTester struct {
 	testServer      *httptest.Server
 	resetHTTPClient func()
 	tweaks          []tweak
+	ii              *MockInternalIssuer
 }
 
 func newAITester(t *testing.T, tweaks ...tweak) *AuthorizedIntegrationTester {
@@ -788,6 +872,25 @@ func newAITester(t *testing.T, tweaks ...tweak) *AuthorizedIntegrationTester {
 	return ait
 }
 
+func newInternalIssuerAITester(t *testing.T, tweaks ...tweak) *AuthorizedIntegrationTester {
+	innerTweaks := []tweak{
+		claimTweak(func(rc *flexibleClaims) {
+			rc.Issuer = setting.AppURL + "/fake-jwt-issuer"
+		}),
+		aiDBTweak(func(ai *auth_model.AuthorizedIntegration) {
+			ai.Issuer = "urn:forgejo:authorized-issuer:internal:test1"
+		}),
+	}
+	innerTweaks = append(innerTweaks, tweaks...)
+	ait := newAITester(t, innerTweaks...)
+	ii := NewMockInternalIssuer(t)
+	internalIssuers["/fake-jwt-issuer"] = ii
+	ii.On("IssuerPlaceholder").Return("urn:forgejo:authorized-issuer:internal:test1")
+	ii.On("SigningKey").Return(ait.jwtSigningKey)
+	ait.ii = ii
+	return ait
+}
+
 func (ait *AuthorizedIntegrationTester) signedJWT() string {
 	claims := flexibleClaims{
 		RegisteredClaims: jwt.RegisteredClaims{
@@ -803,7 +906,13 @@ func (ait *AuthorizedIntegrationTester) signedJWT() string {
 			tweak(&claims)
 		}
 	}
-	signedToken, err := ait.jwtSigningKey.JWT(claims)
+	clientSigningKey := ait.jwtSigningKey
+	for _, tweak := range ait.tweaks {
+		if tweak, is := tweak.(jwtClientSignatureTweak); is {
+			clientSigningKey = tweak()
+		}
+	}
+	signedToken, err := clientSigningKey.JWT(claims)
 	require.NoError(ait.t, err)
 	return signedToken
 }
@@ -840,3 +949,5 @@ type jwksTweak func(*openIDKeys)
 type aiDBTweak func(*auth_model.AuthorizedIntegration)
 
 type jwtxKeyTweak func() jwtx.SigningKey
+
+type jwtClientSignatureTweak func() jwtx.SigningKey
diff --git a/services/auth/method/mocks_test.go b/services/auth/method/mocks_test.go
new file mode 100644
index 0000000000..46648c8cba
--- /dev/null
+++ b/services/auth/method/mocks_test.go
@@ -0,0 +1,129 @@
+// Code generated by mockery; DO NOT EDIT.
+// github.com/vektra/mockery
+// template: testify
+
+package method
+
+import (
+	"forgejo.org/modules/jwtx"
+
+	mock "github.com/stretchr/testify/mock"
+)
+
+// NewMockInternalIssuer creates a new instance of MockInternalIssuer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations.
+// The first argument is typically a *testing.T value.
+func NewMockInternalIssuer(t interface {
+	mock.TestingT
+	Cleanup(func())
+},
+) *MockInternalIssuer {
+	mock := &MockInternalIssuer{}
+	mock.Mock.Test(t)
+
+	t.Cleanup(func() { mock.AssertExpectations(t) })
+
+	return mock
+}
+
+// MockInternalIssuer is an autogenerated mock type for the InternalIssuer type
+type MockInternalIssuer struct {
+	mock.Mock
+}
+
+type MockInternalIssuer_Expecter struct {
+	mock *mock.Mock
+}
+
+func (_m *MockInternalIssuer) EXPECT() *MockInternalIssuer_Expecter {
+	return &MockInternalIssuer_Expecter{mock: &_m.Mock}
+}
+
+// IssuerPlaceholder provides a mock function for the type MockInternalIssuer
+func (_mock *MockInternalIssuer) IssuerPlaceholder() string {
+	ret := _mock.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for IssuerPlaceholder")
+	}
+
+	var r0 string
+	if returnFunc, ok := ret.Get(0).(func() string); ok {
+		r0 = returnFunc()
+	} else {
+		r0 = ret.Get(0).(string)
+	}
+	return r0
+}
+
+// MockInternalIssuer_IssuerPlaceholder_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'IssuerPlaceholder'
+type MockInternalIssuer_IssuerPlaceholder_Call struct {
+	*mock.Call
+}
+
+// IssuerPlaceholder is a helper method to define mock.On call
+func (_e *MockInternalIssuer_Expecter) IssuerPlaceholder() *MockInternalIssuer_IssuerPlaceholder_Call {
+	return &MockInternalIssuer_IssuerPlaceholder_Call{Call: _e.mock.On("IssuerPlaceholder")}
+}
+
+func (_c *MockInternalIssuer_IssuerPlaceholder_Call) Run(run func()) *MockInternalIssuer_IssuerPlaceholder_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+
+func (_c *MockInternalIssuer_IssuerPlaceholder_Call) Return(s string) *MockInternalIssuer_IssuerPlaceholder_Call {
+	_c.Call.Return(s)
+	return _c
+}
+
+func (_c *MockInternalIssuer_IssuerPlaceholder_Call) RunAndReturn(run func() string) *MockInternalIssuer_IssuerPlaceholder_Call {
+	_c.Call.Return(run)
+	return _c
+}
+
+// SigningKey provides a mock function for the type MockInternalIssuer
+func (_mock *MockInternalIssuer) SigningKey() jwtx.SigningKey {
+	ret := _mock.Called()
+
+	if len(ret) == 0 {
+		panic("no return value specified for SigningKey")
+	}
+
+	var r0 jwtx.SigningKey
+	if returnFunc, ok := ret.Get(0).(func() jwtx.SigningKey); ok {
+		r0 = returnFunc()
+	} else {
+		if ret.Get(0) != nil {
+			r0 = ret.Get(0).(jwtx.SigningKey)
+		}
+	}
+	return r0
+}
+
+// MockInternalIssuer_SigningKey_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'SigningKey'
+type MockInternalIssuer_SigningKey_Call struct {
+	*mock.Call
+}
+
+// SigningKey is a helper method to define mock.On call
+func (_e *MockInternalIssuer_Expecter) SigningKey() *MockInternalIssuer_SigningKey_Call {
+	return &MockInternalIssuer_SigningKey_Call{Call: _e.mock.On("SigningKey")}
+}
+
+func (_c *MockInternalIssuer_SigningKey_Call) Run(run func()) *MockInternalIssuer_SigningKey_Call {
+	_c.Call.Run(func(args mock.Arguments) {
+		run()
+	})
+	return _c
+}
+
+func (_c *MockInternalIssuer_SigningKey_Call) Return(signingKey jwtx.SigningKey) *MockInternalIssuer_SigningKey_Call {
+	_c.Call.Return(signingKey)
+	return _c
+}
+
+func (_c *MockInternalIssuer_SigningKey_Call) RunAndReturn(run func() jwtx.SigningKey) *MockInternalIssuer_SigningKey_Call {
+	_c.Call.Return(run)
+	return _c
+}
diff --git a/tests/integration/api_actions_id_token_test.go b/tests/integration/api_actions_id_token_test.go
index 53a0a5b269..0fd478b9d2 100644
--- a/tests/integration/api_actions_id_token_test.go
+++ b/tests/integration/api_actions_id_token_test.go
@@ -6,13 +6,16 @@ package integration
 import (
 	"crypto/rsa"
 	"encoding/base64"
+	"fmt"
 	"math/big"
 	"net/http"
 	"testing"
 
 	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	"forgejo.org/modules/setting"
+	api "forgejo.org/modules/structs"
 	actions_service "forgejo.org/services/actions"
 	"forgejo.org/tests"
 
@@ -188,4 +191,37 @@ func TestActionsIDToken(t *testing.T) {
 		resp = MakeRequest(t, req, http.StatusBadRequest)
 		assert.Contains(t, resp.Body.String(), "run-id does not match")
 	})
+
+	t.Run("authorized integration internal issuer", func(t *testing.T) {
+		// Create an Authorized Integration which is set-up to be validated with the in-memory Actions' JWT signing key:
+		ai := &auth.AuthorizedIntegration{
+			UserID: 2,
+			Scope:  auth.AccessTokenScopeAll,
+			Issuer: "urn:forgejo:authorized-integrations:actions",
+			ClaimRules: &auth.ClaimRules{
+				Rules: []auth.ClaimRule{
+					{
+						Claim:      "sub",
+						Comparison: auth.ClaimEqual,
+						Value:      "repo:user5/repo4:ref:refs/heads/master",
+					},
+				},
+			},
+			ResourceAllRepos: true,
+		}
+		require.NoError(t, auth.InsertAuthorizedIntegration(t.Context(), ai))
+
+		// Create a JWT from the Actions system:
+		var getResponse getTokenResponse
+		req = NewRequest(t, "GET", fmt.Sprintf("/api/actions/_apis/pipelines/workflows/792/idtoken?placeholder=true&audience=%s", ai.Audience)).AddTokenAuth(token)
+		resp = MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &getResponse)
+
+		// Should be able to make a Forgejo API call with the JWT, authenticated by the Authorized Integration:
+		req := NewRequest(t, "GET", "/api/v1/user").AddTokenAuth(getResponse.Value)
+		resp := MakeRequest(t, req, http.StatusOK)
+		var user api.User
+		DecodeJSON(t, resp, &user)
+		assert.Equal(t, "user2", user.LoginName)
+	})
 }

From d867b25e72b940728f82327925d474ecd68a3256 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Fri, 1 May 2026 22:07:22 +0200
Subject: [PATCH 778/854] chore: replace `github.com/robfig/cron/v3` (#12365)

github.com/robfig/cron is used for parsing cron schedules of scheduled Forgejo Actions workflows. It has not seen an update in roughly six years and looks abandoned. There are multiple code paths that trigger panics instead of errors. It is replaced by github.com/gdgvda/cron, which is one of the few maintained forks. github.com/gdgvda/cron was picked because its behaviour is fully backwards-compatible and the developers are responsive.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12365
Reviewed-by: limiting-factor <limiting-factor@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 assets/go-licenses.json            |  5 +++++
 go.mod                             |  3 ++-
 go.sum                             |  2 ++
 models/actions/schedule_spec.go    | 15 ++++++---------
 services/actions/schedule_tasks.go |  2 +-
 5 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 330b5cbed6..41b1135033 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -549,6 +549,11 @@
     "path": "github.com/fxamacker/cbor/v2/LICENSE",
     "licenseText": "MIT License\n\nCopyright (c) 2019-present Faye Amacker\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE."
   },
+  {
+    "name": "github.com/gdgvda/cron",
+    "path": "github.com/gdgvda/cron/LICENSE",
+    "licenseText": "Copyright (C) 2012 Rob Figueiredo\nAll Rights Reserved.\n\nMIT LICENSE\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of\nthis software and associated documentation files (the \"Software\"), to deal in\nthe Software without restriction, including without limitation the rights to\nuse, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of\nthe Software, and to permit persons to whom the Software is furnished to do so,\nsubject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS\nFOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\nCOPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER\nIN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN\nCONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
+  },
   {
     "name": "github.com/gliderlabs/ssh",
     "path": "github.com/gliderlabs/ssh/LICENSE",
diff --git a/go.mod b/go.mod
index fbd61df592..3813849121 100644
--- a/go.mod
+++ b/go.mod
@@ -42,6 +42,7 @@ require (
 	github.com/emersion/go-imap v1.2.1
 	github.com/felixge/fgprof v0.9.5
 	github.com/fsnotify/fsnotify v1.9.0
+	github.com/gdgvda/cron v0.7.0
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-ap/activitypub v0.0.0-20260208110334-902f6cf8c2cc
 	github.com/go-ap/jsonld v0.0.0-20251216162253-e38fa664ea77
@@ -88,7 +89,6 @@ require (
 	github.com/pquerna/otp v1.5.0
 	github.com/prometheus/client_golang v1.21.1
 	github.com/redis/go-redis/v9 v9.17.3
-	github.com/robfig/cron/v3 v3.0.1
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
 	github.com/sergi/go-diff v1.4.0
 	github.com/stretchr/testify v1.11.1
@@ -238,6 +238,7 @@ require (
 	github.com/prometheus/procfs v0.15.1 // indirect
 	github.com/rhysd/actionlint v1.7.10 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
+	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/rs/xid v1.6.0 // indirect
 	github.com/sirupsen/logrus v1.9.4 // indirect
 	github.com/sorairolake/lzip-go v0.3.8 // indirect
diff --git a/go.sum b/go.sum
index 2641bb63ff..34aa5f4f7a 100644
--- a/go.sum
+++ b/go.sum
@@ -253,6 +253,8 @@ github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S
 github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
 github.com/fxamacker/cbor/v2 v2.9.1 h1:2rWm8B193Ll4VdjsJY28jxs70IdDsHRWgQYAI80+rMQ=
 github.com/fxamacker/cbor/v2 v2.9.1/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
+github.com/gdgvda/cron v0.7.0 h1:LFPZUTbCb5ZpzYxavbQDDbjd6nwTwkiNUWyulOdlY2I=
+github.com/gdgvda/cron v0.7.0/go.mod h1:caBF+mzTZGtQqFE05T1m6u9OmCASY3EK51XAICf3wio=
 github.com/go-ap/activitypub v0.0.0-20260208110334-902f6cf8c2cc h1:yLe7YJhK+XNjNV4SqDxAjpWAgft+KU+XwKZS4AKEUV0=
 github.com/go-ap/activitypub v0.0.0-20260208110334-902f6cf8c2cc/go.mod h1:jUs8eczo1EAT4ByRpZ4mQmNvjarw9eNf7Nm5udpMRhY=
 github.com/go-ap/errors v0.0.0-20260208110149-e1b309365966 h1:tV+3kZgqFMKVUf+JPKBV400ISM8440+6y/SQCS0WZwQ=
diff --git a/models/actions/schedule_spec.go b/models/actions/schedule_spec.go
index bcaee8bd6f..864fb5e2db 100644
--- a/models/actions/schedule_spec.go
+++ b/models/actions/schedule_spec.go
@@ -13,7 +13,7 @@ import (
 	"forgejo.org/modules/optional"
 	"forgejo.org/modules/timeutil"
 
-	"github.com/robfig/cron/v3"
+	"github.com/gdgvda/cron"
 )
 
 // ActionScheduleSpec represents a schedule spec of a workflow file
@@ -53,16 +53,14 @@ func NewActionScheduleSpec(cron string, tz optional.Option[string], referenceTim
 // Parse parses the spec and returns a cron.Schedule
 // Unlike the default cron parser, Parse uses UTC timezone as the default if none is specified.
 func (s *ActionScheduleSpec) Parse() (cron.Schedule, error) {
-	parser := cron.NewParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow | cron.Descriptor)
-	schedule, err := parser.Parse(s.Spec)
+	parser, err := cron.NewDefaultParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow | cron.Descriptor)
 	if err != nil {
 		return nil, err
 	}
 
-	specSchedule, ok := schedule.(*cron.SpecSchedule)
-	// If it's not a spec schedule, like "@every 5m", timezone is not relevant
-	if !ok {
-		return schedule, nil
+	schedule, err := parser.Parse(s.Spec)
+	if err != nil {
+		return nil, err
 	}
 
 	// If `timezone` is not defined in the workflow, but the spec includes a timezone, use it.
@@ -81,8 +79,7 @@ func (s *ActionScheduleSpec) Parse() (cron.Schedule, error) {
 		location = time.UTC
 	}
 
-	specSchedule.Location = location
-	return specSchedule, nil
+	return schedule.WithLocation(location), nil
 }
 
 func init() {
diff --git a/services/actions/schedule_tasks.go b/services/actions/schedule_tasks.go
index 4c9de4d7f6..fab9ae8df5 100644
--- a/services/actions/schedule_tasks.go
+++ b/services/actions/schedule_tasks.go
@@ -22,7 +22,7 @@ import (
 
 	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
 	act_model "code.forgejo.org/forgejo/runner/v12/act/model"
-	"github.com/robfig/cron/v3"
+	"github.com/gdgvda/cron"
 	"xorm.io/builder"
 )
 

From 9d323c51252f6cb41a39f2ad56a8c728941936e0 Mon Sep 17 00:00:00 2001
From: Nils Goroll <nils.goroll@uplex.de>
Date: Fri, 1 May 2026 22:10:10 +0200
Subject: [PATCH 779/854] chore: remove #11024 workarounds (#12301)

remove two workarounds which are not required any more

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12301
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 modules/setting/lfs.go      | 15 ++++++---------
 services/lfs/server_test.go |  2 --
 2 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/modules/setting/lfs.go b/modules/setting/lfs.go
index 12f90cd092..a97ed8d40f 100644
--- a/modules/setting/lfs.go
+++ b/modules/setting/lfs.go
@@ -77,15 +77,12 @@ func loadLFSFrom(rootCfg ConfigProvider) error {
 		return nil
 	}
 
-	// TODO: #11024 check nil because settings loaded twice
-	if LFS.SigningKey == nil {
-		keyCfg, err := loadKeyCfg(rootCfg, "server", "LFS_JWT_", "HS256", "lfs/private.pem")
-		if err == nil {
-			LFS.SigningKey, err = jwtx.InitSigningKey(&keyCfg.Signing)
-		}
-		if err != nil {
-			return fmt.Errorf("lfs key initialization failed: %v", err)
-		}
+	keyCfg, err := loadKeyCfg(rootCfg, "server", "LFS_JWT_", "HS256", "lfs/private.pem")
+	if err == nil {
+		LFS.SigningKey, err = jwtx.InitSigningKey(&keyCfg.Signing)
+	}
+	if err != nil {
+		return fmt.Errorf("lfs key initialization failed: %v", err)
 	}
 
 	return nil
diff --git a/services/lfs/server_test.go b/services/lfs/server_test.go
index 67c93f30bb..065387ce08 100644
--- a/services/lfs/server_test.go
+++ b/services/lfs/server_test.go
@@ -105,8 +105,6 @@ var cfgVariants = []namedCfg{
 }
 
 func TestAuthenticate(t *testing.T) {
-	// TODO: #11024
-	setting.InstallLock = true
 	for _, v := range cfgVariants {
 		cfg := iniCommon + v.cfg
 		t.Run(v.name, func(t *testing.T) { testAuthenticate(t, cfg) })

From c1dc213c9b7496d6e86ae3b1c26320239cf2b8d6 Mon Sep 17 00:00:00 2001
From: Arseniy Terekhin <senyai@gmail.com>
Date: Fri, 1 May 2026 22:13:38 +0200
Subject: [PATCH 780/854] feat: add missing tooltips in `lfs_pointers.tmpl`
 (#12139)

Having tooltip only for `lfs_pointers.accessible` is fine in English, but not in other languages. For other languages the text is truncated.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12139
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
---
 templates/repo/settings/lfs_pointers.tmpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/repo/settings/lfs_pointers.tmpl b/templates/repo/settings/lfs_pointers.tmpl
index fd25509e95..96eece9187 100644
--- a/templates/repo/settings/lfs_pointers.tmpl
+++ b/templates/repo/settings/lfs_pointers.tmpl
@@ -21,8 +21,8 @@
 					<tr>
 						<th class="three wide">{{ctx.Locale.Tr "repo.settings.lfs_pointers.sha"}}</th>
 						<th class="four wide">{{ctx.Locale.Tr "repo.settings.lfs_pointers.oid"}}</th>
-						<th class="two wide">{{ctx.Locale.Tr "repo.settings.lfs_pointers.inRepo"}}</th>
-						<th class="two wide">{{ctx.Locale.Tr "repo.settings.lfs_pointers.exists"}}</th>
+						<th class="two wide" data-tooltip-content="{{ctx.Locale.Tr "repo.settings.lfs_pointers.inRepo"}}">{{ctx.Locale.Tr "repo.settings.lfs_pointers.inRepo"}}</th>
+						<th class="two wide" data-tooltip-content="{{ctx.Locale.Tr "repo.settings.lfs_pointers.exists"}}">{{ctx.Locale.Tr "repo.settings.lfs_pointers.exists"}}</th>
 						<th class="two wide" data-tooltip-content="{{ctx.Locale.Tr "repo.settings.lfs_pointers.accessible"}}">{{ctx.Locale.Tr "repo.settings.lfs_pointers.accessible"}}</th>
 						<th class="three wide"></th>
 					</tr>

From 07a6b6ce826630285b808366956c15a977c70fb7 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Fri, 1 May 2026 22:51:48 +0200
Subject: [PATCH 781/854] chore: make use of go1.26 features (#12369)

Allows us to make use of Go features introduced in v1.26.

I require a feature from v1.26 for a PR I want to make later.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12369
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 go.mod                                       |  2 +-
 models/asymkey/gpg_key_test.go               |  3 +-
 models/user/moderation.go                    |  4 +-
 modules/git/blame.go                         |  2 +-
 modules/jwtx/signingkey.go                   |  4 +-
 modules/util/util.go                         |  5 --
 modules/util/util_test.go                    | 31 +++---------
 routers/api/actions/artifactsv4.go           |  2 +-
 routers/api/actions/oidc.go                  |  3 +-
 routers/web/repo/attachment.go               |  3 +-
 services/actions/download.go                 |  3 +-
 services/migrations/codebase_test.go         |  6 +--
 services/migrations/gitea_downloader_test.go | 16 +++---
 services/migrations/github_test.go           | 16 +++---
 services/migrations/gitlab_test.go           | 10 ++--
 services/migrations/main_test.go             |  4 --
 services/migrations/pagure_test.go           | 52 +++++++++-----------
 17 files changed, 66 insertions(+), 100 deletions(-)

diff --git a/go.mod b/go.mod
index 3813849121..d4b54ad8bf 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module forgejo.org
 
-go 1.25.0
+go 1.26.0
 
 toolchain go1.26.2
 
diff --git a/models/asymkey/gpg_key_test.go b/models/asymkey/gpg_key_test.go
index d265f438eb..2da3bbe6e0 100644
--- a/models/asymkey/gpg_key_test.go
+++ b/models/asymkey/gpg_key_test.go
@@ -11,7 +11,6 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/timeutil"
-	"forgejo.org/modules/util"
 
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 	"github.com/stretchr/testify/assert"
@@ -458,7 +457,7 @@ epiDVQ==
 func TestTryGetKeyIDFromSignature(t *testing.T) {
 	assert.Empty(t, tryGetKeyIDFromSignature(&packet.Signature{}))
 	assert.Equal(t, "038D1A3EADDBEA9C", tryGetKeyIDFromSignature(&packet.Signature{
-		IssuerKeyId: util.ToPointer(uint64(0x38D1A3EADDBEA9C)),
+		IssuerKeyId: new(uint64(0x38D1A3EADDBEA9C)),
 	}))
 	assert.Equal(t, "038D1A3EADDBEA9C", tryGetKeyIDFromSignature(&packet.Signature{
 		IssuerFingerprint: []uint8{0xb, 0x23, 0x24, 0xc7, 0xe6, 0xfe, 0x4f, 0x3a, 0x6, 0x26, 0xc1, 0x21, 0x3, 0x8d, 0x1a, 0x3e, 0xad, 0xdb, 0xea, 0x9c},
diff --git a/models/user/moderation.go b/models/user/moderation.go
index 765414acc0..fe8eef1806 100644
--- a/models/user/moderation.go
+++ b/models/user/moderation.go
@@ -89,8 +89,8 @@ var userDataColumnNames = sync.OnceValue(func() []string {
 	mapper := new(names.GonicMapper)
 	udType := reflect.TypeFor[UserData]()
 	columnNames := make([]string, 0, udType.NumField())
-	for i := 0; i < udType.NumField(); i++ {
-		columnNames = append(columnNames, mapper.Obj2Table(udType.Field(i).Name))
+	for field := range udType.Fields() {
+		columnNames = append(columnNames, mapper.Obj2Table(field.Name))
 	}
 	return columnNames
 })
diff --git a/modules/git/blame.go b/modules/git/blame.go
index 868edab2b8..881ef04302 100644
--- a/modules/git/blame.go
+++ b/modules/git/blame.go
@@ -207,5 +207,5 @@ func tryCreateBlameIgnoreRevsFile(commit *Commit) *string {
 		return nil
 	}
 
-	return util.ToPointer(f.Name())
+	return new(f.Name())
 }
diff --git a/modules/jwtx/signingkey.go b/modules/jwtx/signingkey.go
index db9cf03aa2..f82f694d19 100644
--- a/modules/jwtx/signingkey.go
+++ b/modules/jwtx/signingkey.go
@@ -253,8 +253,8 @@ func (key ecdsaSigningKey) ToJWK() (map[string]string, error) {
 		"alg": key.SigningMethod().Alg(),
 		"kid": key.id,
 		"crv": pubKey.Params().Name,
-		"x":   base64.RawURLEncoding.EncodeToString(pubKey.X.Bytes()),
-		"y":   base64.RawURLEncoding.EncodeToString(pubKey.Y.Bytes()),
+		"x":   base64.RawURLEncoding.EncodeToString(pubKey.X.Bytes()), //nolint:staticcheck // no easy replacement. JWTX specification mandates marshalling to x, even if unsafe.
+		"y":   base64.RawURLEncoding.EncodeToString(pubKey.Y.Bytes()), //nolint:staticcheck // no easy replacement. JWTX specification mandates marshalling to y, even if unsafe.
 	}, nil
 }
 
diff --git a/modules/util/util.go b/modules/util/util.go
index f21936fb5f..996a566830 100644
--- a/modules/util/util.go
+++ b/modules/util/util.go
@@ -215,11 +215,6 @@ func ToFloat64(number any) (float64, error) {
 	return value, nil
 }
 
-// ToPointer returns the pointer of a copy of any given value
-func ToPointer[T any](val T) *T {
-	return &val
-}
-
 // Iif is an "inline-if", it returns "trueVal" if "condition" is true, otherwise "falseVal"
 func Iif[T any](condition bool, trueVal, falseVal T) T {
 	if condition {
diff --git a/modules/util/util_test.go b/modules/util/util_test.go
index 24fca75e7b..fae4f6673d 100644
--- a/modules/util/util_test.go
+++ b/modules/util/util_test.go
@@ -5,10 +5,10 @@
 package util_test
 
 import (
-	"bytes"
 	"crypto/rand"
 	"strings"
 	"testing"
+	"testing/cryptotest"
 
 	"forgejo.org/modules/test"
 	"forgejo.org/modules/util"
@@ -211,42 +211,25 @@ func TestToTitleCase(t *testing.T) {
 	assert.Equal(t, `Foo Bar Baz`, util.ToTitleCase(`FOO BAR BAZ`))
 }
 
-func TestToPointer(t *testing.T) {
-	assert.Equal(t, "abc", *util.ToPointer("abc"))
-	assert.Equal(t, 123, *util.ToPointer(123))
-	abc := "abc"
-	assert.NotSame(t, &abc, util.ToPointer(abc))
-	val123 := 123
-	assert.NotSame(t, &val123, util.ToPointer(val123))
-}
-
 func TestReserveLineBreakForTextarea(t *testing.T) {
 	assert.Equal(t, "test\ndata", util.ReserveLineBreakForTextarea("test\r\ndata"))
 	assert.Equal(t, "test\ndata\n", util.ReserveLineBreakForTextarea("test\r\ndata\r\n"))
 }
 
 const (
-	testPublicKey  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOhB7/zzhC+HXDdGOdLwJln5NYwm6UNXx3chmQSVTG4\n"
+	testPublicKey  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHX8yEKexoMqBPPwG4pGAhhjo5CyiHLiJZ7p3jg0aJZM\n"
 	testPrivateKey = `-----BEGIN OPENSSH PRIVATE KEY-----
 b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtz
-c2gtZWQyNTUxOQAAACADoQe/884Qvh1w3RjnS8CZZ+TWMJulDV8d3IZkElUxuAAA
-AIggISIjICEiIwAAAAtzc2gtZWQyNTUxOQAAACADoQe/884Qvh1w3RjnS8CZZ+TW
-MJulDV8d3IZkElUxuAAAAEAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0e
-HwOhB7/zzhC+HXDdGOdLwJln5NYwm6UNXx3chmQSVTG4AAAAAAECAwQF
+c2gtZWQyNTUxOQAAACB1/MhCnsaDKgTz8BuKRgIYY6OQsohy4iWe6d44NGiWTAAA
+AIhNLlZvTS5WbwAAAAtzc2gtZWQyNTUxOQAAACB1/MhCnsaDKgTz8BuKRgIYY6OQ
+sohy4iWe6d44NGiWTAAAAEDZh37ObTaKrBpvQZ7GJ8drG/sfo3xBoR6kat1qSNiU
+dHX8yEKexoMqBPPwG4pGAhhjo5CyiHLiJZ7p3jg0aJZMAAAAAAECAwQF
 -----END OPENSSH PRIVATE KEY-----` + "\n"
 )
 
 func TestGeneratingEd25519Keypair(t *testing.T) {
 	defer test.MockProtect(&rand.Reader)()
-
-	// Only 32 bytes needs to be provided to generate a ed25519 keypair.
-	// And another 32 bytes are required, which is included as random value
-	// in the OpenSSH format.
-	b := make([]byte, 64)
-	for i := range 64 {
-		b[i] = byte(i)
-	}
-	rand.Reader = bytes.NewReader(b)
+	cryptotest.SetGlobalRandom(t, 0)
 
 	publicKey, privateKey, err := util.GenerateSSHKeypair()
 	require.NoError(t, err)
diff --git a/routers/api/actions/artifactsv4.go b/routers/api/actions/artifactsv4.go
index 97da6c1735..56fe5cb2cc 100644
--- a/routers/api/actions/artifactsv4.go
+++ b/routers/api/actions/artifactsv4.go
@@ -562,7 +562,7 @@ func (r *artifactV4Routes) downloadArtifact(ctx *ArtifactContext) {
 		return
 	}
 
-	common.ServeContentByReadSeeker(ctx.Base, artifactName, util.ToPointer(artifact.UpdatedUnix.AsTime()), file)
+	common.ServeContentByReadSeeker(ctx.Base, artifactName, new(artifact.UpdatedUnix.AsTime()), file)
 }
 
 func (r *artifactV4Routes) deleteArtifact(ctx *ArtifactContext) {
diff --git a/routers/api/actions/oidc.go b/routers/api/actions/oidc.go
index fc82bc299f..23b6fec16c 100644
--- a/routers/api/actions/oidc.go
+++ b/routers/api/actions/oidc.go
@@ -103,8 +103,7 @@ func OIDCRoutes(prefix string) *web.Route {
 	// and inspecting the names of the json struct tags
 	rt := reflect.TypeFor[actions_service.IDTokenCustomClaims]()
 
-	for i := 0; i < rt.NumField(); i++ {
-		f := rt.Field(i)
+	for f := range rt.Fields() {
 		v := strings.Split(f.Tag.Get("json"), ",")[0]
 		if v == "" || v == "-" {
 			continue
diff --git a/routers/web/repo/attachment.go b/routers/web/repo/attachment.go
index 5b2eaef889..5497738f0b 100644
--- a/routers/web/repo/attachment.go
+++ b/routers/web/repo/attachment.go
@@ -13,7 +13,6 @@ import (
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/storage"
-	"forgejo.org/modules/util"
 	"forgejo.org/routers/common"
 	"forgejo.org/services/attachment"
 	"forgejo.org/services/context"
@@ -154,7 +153,7 @@ func ServeAttachment(ctx *context.Context, uuid string) {
 	}
 	defer fr.Close()
 
-	common.ServeContentByReadSeeker(ctx.Base, attach.Name, util.ToPointer(attach.CreatedUnix.AsTime()), fr)
+	common.ServeContentByReadSeeker(ctx.Base, attach.Name, new(attach.CreatedUnix.AsTime()), fr)
 }
 
 // GetAttachment serve attachments
diff --git a/services/actions/download.go b/services/actions/download.go
index 04aa1ca289..34de121220 100644
--- a/services/actions/download.go
+++ b/services/actions/download.go
@@ -15,7 +15,6 @@ import (
 	"forgejo.org/modules/httplib"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/storage"
-	"forgejo.org/modules/util"
 	"forgejo.org/services/context"
 )
 
@@ -51,7 +50,7 @@ func serveV4Artifact(base *context.Base, art *actions_model.ActionArtifact) erro
 	if err != nil {
 		return err
 	}
-	httplib.ServeContentByReadSeeker(base.Req, base.Resp, art.ArtifactName+".zip", util.ToPointer(art.UpdatedUnix.AsTime()), f)
+	httplib.ServeContentByReadSeeker(base.Req, base.Resp, art.ArtifactName+".zip", new(art.UpdatedUnix.AsTime()), f)
 	return nil
 }
 
diff --git a/services/migrations/codebase_test.go b/services/migrations/codebase_test.go
index 315c7be709..5d90f7e8a2 100644
--- a/services/migrations/codebase_test.go
+++ b/services/migrations/codebase_test.go
@@ -55,12 +55,12 @@ func TestCodebaseDownloadRepo(t *testing.T) {
 	assertMilestonesEqual(t, []*base.Milestone{
 		{
 			Title:    "Milestone1",
-			Deadline: timePtr(time.Date(2021, time.September, 16, 0, 0, 0, 0, time.UTC)),
+			Deadline: new(time.Date(2021, time.September, 16, 0, 0, 0, 0, time.UTC)),
 		},
 		{
 			Title:    "Milestone2",
-			Deadline: timePtr(time.Date(2021, time.September, 17, 0, 0, 0, 0, time.UTC)),
-			Closed:   timePtr(time.Date(2021, time.September, 17, 0, 0, 0, 0, time.UTC)),
+			Deadline: new(time.Date(2021, time.September, 17, 0, 0, 0, 0, time.UTC)),
+			Closed:   new(time.Date(2021, time.September, 17, 0, 0, 0, 0, time.UTC)),
 			State:    "closed",
 		},
 	}, milestones)
diff --git a/services/migrations/gitea_downloader_test.go b/services/migrations/gitea_downloader_test.go
index a4a4f29ddb..3db81bb158 100644
--- a/services/migrations/gitea_downloader_test.go
+++ b/services/migrations/gitea_downloader_test.go
@@ -93,16 +93,16 @@ func TestGiteaDownloadRepo(t *testing.T) {
 		{
 			Title:    "V2 Finalize",
 			Created:  time.Unix(0, 0),
-			Deadline: timePtr(time.Unix(1599263999, 0)),
-			Updated:  timePtr(time.Date(2022, 11, 13, 5, 29, 15, 0, time.UTC)),
+			Deadline: new(time.Unix(1599263999, 0)),
+			Updated:  new(time.Date(2022, 11, 13, 5, 29, 15, 0, time.UTC)),
 			State:    "open",
 		},
 		{
 			Title:       "V1",
 			Description: "Generate Content",
 			Created:     time.Unix(0, 0),
-			Updated:     timePtr(time.Unix(0, 0)),
-			Closed:      timePtr(time.Unix(1598985406, 0)),
+			Updated:     new(time.Unix(0, 0)),
+			Closed:      new(time.Unix(1598985406, 0)),
 			State:       "closed",
 		},
 	}, milestones)
@@ -178,7 +178,7 @@ func TestGiteaDownloadRepo(t *testing.T) {
 					Content:  "laugh",
 				},
 			},
-			Closed: timePtr(time.Date(2020, 9, 1, 15, 49, 34, 0, time.UTC)),
+			Closed: new(time.Date(2020, 9, 1, 15, 49, 34, 0, time.UTC)),
 		},
 		{
 			Number:      2,
@@ -197,7 +197,7 @@ func TestGiteaDownloadRepo(t *testing.T) {
 				Color:       "d4c5f9",
 				Description: "",
 			}},
-			Closed: timePtr(time.Unix(1598969497, 0)),
+			Closed: new(time.Unix(1598969497, 0)),
 		},
 	}, issues)
 
@@ -244,7 +244,7 @@ func TestGiteaDownloadRepo(t *testing.T) {
 		IsLocked:    false,
 		Created:     time.Unix(1598982759, 0),
 		Updated:     time.Unix(1599023425, 0),
-		Closed:      timePtr(time.Date(2020, 9, 1, 17, 55, 33, 0, time.UTC)),
+		Closed:      new(time.Date(2020, 9, 1, 17, 55, 33, 0, time.UTC)),
 		Assignees:   []string{"techknowlogick"},
 		Base: base.PullRequestBranch{
 			CloneURL:  "",
@@ -261,7 +261,7 @@ func TestGiteaDownloadRepo(t *testing.T) {
 			OwnerName: "6543-forks",
 		},
 		Merged:         true,
-		MergedTime:     timePtr(time.Unix(1598982934, 0)),
+		MergedTime:     new(time.Unix(1598982934, 0)),
 		MergeCommitSHA: "827aa28a907853e5ddfa40c8f9bc52471a2685fd",
 		PatchURL:       server.URL + "/gitea/test_repo/pulls/12.patch",
 	}, prs[1])
diff --git a/services/migrations/github_test.go b/services/migrations/github_test.go
index 29a78f53fc..288eb4febb 100644
--- a/services/migrations/github_test.go
+++ b/services/migrations/github_test.go
@@ -163,24 +163,24 @@ func TestGitHubDownloadRepo(t *testing.T) {
 			Title:       "1.0.0",
 			Description: "Version 1",
 			Created:     time.Date(2025, 8, 7, 12, 48, 56, 0, time.UTC),
-			Updated:     timePtr(time.Date(2025, time.August, 12, 12, 34, 20, 0, time.UTC)),
+			Updated:     new(time.Date(2025, time.August, 12, 12, 34, 20, 0, time.UTC)),
 			State:       "open",
 		},
 		{
 			Title:       "0.9.0",
 			Description: "A milestone",
-			Deadline:    timePtr(time.Date(2025, 8, 1, 7, 0, 0, 0, time.UTC)),
+			Deadline:    new(time.Date(2025, 8, 1, 7, 0, 0, 0, time.UTC)),
 			Created:     time.Date(2025, 8, 7, 12, 54, 20, 0, time.UTC),
-			Updated:     timePtr(time.Date(2025, 8, 12, 11, 29, 52, 0, time.UTC)),
-			Closed:      timePtr(time.Date(2025, 8, 7, 12, 54, 38, 0, time.UTC)),
+			Updated:     new(time.Date(2025, 8, 12, 11, 29, 52, 0, time.UTC)),
+			Closed:      new(time.Date(2025, 8, 7, 12, 54, 38, 0, time.UTC)),
 			State:       "closed",
 		},
 		{
 			Title:       "1.1.0",
 			Description: "We can do that",
-			Deadline:    timePtr(time.Date(2025, 8, 31, 7, 0, 0, 0, time.UTC)),
+			Deadline:    new(time.Date(2025, 8, 31, 7, 0, 0, 0, time.UTC)),
 			Created:     time.Date(2025, 8, 7, 12, 50, 58, 0, time.UTC),
-			Updated:     timePtr(time.Date(2025, 8, 7, 12, 53, 15, 0, time.UTC)),
+			Updated:     new(time.Date(2025, 8, 7, 12, 53, 15, 0, time.UTC)),
 			State:       "open",
 		},
 	}, milestones)
@@ -372,8 +372,8 @@ func TestGitHubDownloadRepo(t *testing.T) {
 			State:      "closed",
 			Created:    time.Date(2025, time.August, 7, 13, 1, 36, 0, time.UTC),
 			Updated:    time.Date(2025, time.August, 12, 12, 47, 35, 0, time.UTC),
-			Closed:     timePtr(time.Date(2025, time.August, 7, 13, 2, 19, 0, time.UTC)),
-			MergedTime: timePtr(time.Date(2025, time.August, 7, 13, 2, 19, 0, time.UTC)),
+			Closed:     new(time.Date(2025, time.August, 7, 13, 2, 19, 0, time.UTC)),
+			MergedTime: new(time.Date(2025, time.August, 7, 13, 2, 19, 0, time.UTC)),
 			Labels: []*base.Label{
 				{
 					Name:        "bug",
diff --git a/services/migrations/gitlab_test.go b/services/migrations/gitlab_test.go
index 37fdea9475..029a4ecce1 100644
--- a/services/migrations/gitlab_test.go
+++ b/services/migrations/gitlab_test.go
@@ -57,14 +57,14 @@ func TestGitlabDownloadRepo(t *testing.T) {
 		{
 			Title:   "1.0.0",
 			Created: time.Date(2024, 9, 3, 13, 53, 8, 516000000, time.UTC),
-			Updated: timePtr(time.Date(2024, 9, 3, 20, 3, 57, 786000000, time.UTC)),
-			Closed:  timePtr(time.Date(2024, 9, 3, 20, 3, 57, 786000000, time.UTC)),
+			Updated: new(time.Date(2024, 9, 3, 20, 3, 57, 786000000, time.UTC)),
+			Closed:  new(time.Date(2024, 9, 3, 20, 3, 57, 786000000, time.UTC)),
 			State:   "closed",
 		},
 		{
 			Title:   "1.1.0",
 			Created: time.Date(2024, 9, 3, 13, 52, 48, 414000000, time.UTC),
-			Updated: timePtr(time.Date(2024, 9, 3, 14, 52, 14, 93000000, time.UTC)),
+			Updated: new(time.Date(2024, 9, 3, 14, 52, 14, 93000000, time.UTC)),
 			State:   "active",
 		},
 	}, milestones)
@@ -260,7 +260,7 @@ func TestGitlabDownloadRepo(t *testing.T) {
 					Content:  "hearts",
 				},
 			},
-			Closed: timePtr(time.Date(2024, 9, 3, 14, 43, 10, 906000000, time.UTC)),
+			Closed: new(time.Date(2024, 9, 3, 14, 43, 10, 906000000, time.UTC)),
 		},
 	}, issues)
 	issues, isEnd, err = downloader.GetIssues(2, 3)
@@ -297,7 +297,7 @@ func TestGitlabDownloadRepo(t *testing.T) {
 					Content:  "open_mouth",
 				},
 			},
-			Closed: timePtr(time.Date(2024, 9, 3, 14, 43, 10, 708000000, time.UTC)),
+			Closed: new(time.Date(2024, 9, 3, 14, 43, 10, 708000000, time.UTC)),
 		},
 	}, issues)
 
diff --git a/services/migrations/main_test.go b/services/migrations/main_test.go
index d304f345cf..44ab3f3fc8 100644
--- a/services/migrations/main_test.go
+++ b/services/migrations/main_test.go
@@ -19,10 +19,6 @@ func TestMain(m *testing.M) {
 	unittest.MainTest(m)
 }
 
-func timePtr(t time.Time) *time.Time {
-	return &t
-}
-
 func assertTimeEqual(t *testing.T, expected, actual time.Time) {
 	assert.Equal(t, expected.UTC(), actual.UTC())
 }
diff --git a/services/migrations/pagure_test.go b/services/migrations/pagure_test.go
index bac3eb24ad..3217e10300 100644
--- a/services/migrations/pagure_test.go
+++ b/services/migrations/pagure_test.go
@@ -85,7 +85,7 @@ func TestPagureDownloadRepoWithPublicIssues(t *testing.T) {
 			Milestone:  "Milestone BBBB",
 			Created:    time.Date(2023, time.October, 13, 4, 1, 16, 0, time.UTC),
 			Updated:    time.Date(2025, time.June, 25, 6, 25, 57, 0, time.UTC),
-			Closed:     timePtr(time.Date(2025, time.June, 25, 6, 22, 59, 0, time.UTC)),
+			Closed:     new(time.Date(2025, time.June, 25, 6, 22, 59, 0, time.UTC)),
 			Labels: []*base.Label{
 				{
 					Name: "cccc",
@@ -111,7 +111,7 @@ func TestPagureDownloadRepoWithPublicIssues(t *testing.T) {
 			Milestone:  "Milestone AAAA",
 			Created:    time.Date(2023, time.October, 13, 3, 57, 42, 0, time.UTC),
 			Updated:    time.Date(2025, time.June, 25, 6, 25, 45, 0, time.UTC),
-			Closed:     timePtr(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
+			Closed:     new(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
 			Labels: []*base.Label{
 				{
 					Name: "aaaa",
@@ -219,8 +219,8 @@ func TestPagureDownloadRepoWithPublicIssues(t *testing.T) {
 			State:      "closed",
 			Created:    time.Date(2025, time.May, 19, 6, 12, 45, 0, time.UTC),
 			Updated:    time.Date(2025, time.May, 19, 6, 17, 11, 0, time.UTC),
-			Closed:     timePtr(time.Date(2025, time.May, 19, 6, 17, 11, 0, time.UTC)),
-			MergedTime: timePtr(time.Date(2025, time.May, 19, 6, 17, 11, 0, time.UTC)),
+			Closed:     new(time.Date(2025, time.May, 19, 6, 17, 11, 0, time.UTC)),
+			MergedTime: new(time.Date(2025, time.May, 19, 6, 17, 11, 0, time.UTC)),
 			Merged:     true,
 			PatchURL:   server.URL + "/protop2g-test-srce/pull-request/10.patch",
 			Labels: []*base.Label{
@@ -249,8 +249,8 @@ func TestPagureDownloadRepoWithPublicIssues(t *testing.T) {
 			State:      "closed",
 			Created:    time.Date(2025, time.May, 19, 6, 12, 41, 0, time.UTC),
 			Updated:    time.Date(2025, time.May, 19, 6, 14, 3, 0, time.UTC),
-			Closed:     timePtr(time.Date(2025, time.May, 19, 6, 14, 3, 0, time.UTC)),
-			MergedTime: timePtr(time.Date(2025, time.May, 19, 6, 14, 3, 0, time.UTC)),
+			Closed:     new(time.Date(2025, time.May, 19, 6, 14, 3, 0, time.UTC)),
+			MergedTime: new(time.Date(2025, time.May, 19, 6, 14, 3, 0, time.UTC)),
 			Merged:     true,
 			PatchURL:   server.URL + "/protop2g-test-srce/pull-request/9.patch",
 			Labels: []*base.Label{
@@ -279,8 +279,8 @@ func TestPagureDownloadRepoWithPublicIssues(t *testing.T) {
 			State:      "closed",
 			Created:    time.Date(2025, time.May, 5, 6, 45, 32, 0, time.UTC),
 			Updated:    time.Date(2025, time.May, 5, 6, 54, 13, 0, time.UTC),
-			Closed:     timePtr(time.Date(2025, time.May, 5, 6, 54, 13, 0, time.UTC)),
-			MergedTime: timePtr(time.Date(2025, time.May, 5, 6, 54, 13, 0, time.UTC)), // THIS IS WRONG
+			Closed:     new(time.Date(2025, time.May, 5, 6, 54, 13, 0, time.UTC)),
+			MergedTime: new(time.Date(2025, time.May, 5, 6, 54, 13, 0, time.UTC)), // THIS IS WRONG
 			Merged:     false,
 			PatchURL:   server.URL + "/protop2g-test-srce/pull-request/8.patch",
 			Labels: []*base.Label{
@@ -308,9 +308,9 @@ func TestPagureDownloadRepoWithPublicIssues(t *testing.T) {
 			PosterID:   -1,
 			State:      "closed",
 			Created:    time.Date(2025, time.May, 5, 6, 45, 6, 0, time.UTC),
-			Updated:    time.Date(2025, time.May, 5, 6, 54, 3, 0, time.UTC),          // IT SHOULD BE NIL
-			Closed:     timePtr(time.Date(2025, time.May, 5, 6, 54, 3, 0, time.UTC)), // IT is CLOSED, Not MERGED so SHOULD NOT BE NIL
-			MergedTime: timePtr(time.Date(2025, time.May, 5, 6, 54, 3, 0, time.UTC)), // THIS IS WRONG
+			Updated:    time.Date(2025, time.May, 5, 6, 54, 3, 0, time.UTC),      // IT SHOULD BE NIL
+			Closed:     new(time.Date(2025, time.May, 5, 6, 54, 3, 0, time.UTC)), // IT is CLOSED, Not MERGED so SHOULD NOT BE NIL
+			MergedTime: new(time.Date(2025, time.May, 5, 6, 54, 3, 0, time.UTC)), // THIS IS WRONG
 			Merged:     false,
 			PatchURL:   server.URL + "/protop2g-test-srce/pull-request/7.patch",
 			Labels: []*base.Label{
@@ -339,8 +339,8 @@ func TestPagureDownloadRepoWithPublicIssues(t *testing.T) {
 			State:      "open",
 			Created:    time.Date(2025, time.May, 5, 6, 44, 30, 0, time.UTC),
 			Updated:    time.Date(2025, time.May, 19, 8, 30, 50, 0, time.UTC),
-			Closed:     timePtr(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
-			MergedTime: timePtr(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
+			Closed:     new(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
+			MergedTime: new(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
 			Merged:     false,
 			PatchURL:   server.URL + "/protop2g-test-srce/pull-request/6.patch",
 			Labels: []*base.Label{
@@ -369,8 +369,8 @@ func TestPagureDownloadRepoWithPublicIssues(t *testing.T) {
 			State:      "open",
 			Created:    time.Date(2025, time.May, 5, 6, 43, 57, 0, time.UTC),
 			Updated:    time.Date(2025, time.May, 19, 6, 29, 45, 0, time.UTC),
-			Closed:     timePtr(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
-			MergedTime: timePtr(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
+			Closed:     new(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
+			MergedTime: new(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
 			Merged:     false,
 			PatchURL:   server.URL + "/protop2g-test-srce/pull-request/5.patch",
 			Labels: []*base.Label{
@@ -428,22 +428,22 @@ func TestPagureDownloadRepoWithPublicIssues(t *testing.T) {
 	dict := map[string]*base.Milestone{
 		"Milestone AAAA": {
 			Title:    "Milestone AAAA",
-			Deadline: timePtr(time.Date(2025, time.December, 12, 0, 0, 0, 0, time.UTC)),
+			Deadline: new(time.Date(2025, time.December, 12, 0, 0, 0, 0, time.UTC)),
 			State:    "open",
 		},
 		"Milestone BBBB": {
 			Title:    "Milestone BBBB",
-			Deadline: timePtr(time.Date(2025, time.December, 12, 0, 0, 0, 0, time.UTC)),
+			Deadline: new(time.Date(2025, time.December, 12, 0, 0, 0, 0, time.UTC)),
 			State:    "closed",
 		},
 		"Milestone CCCC": {
 			Title:    "Milestone CCCC",
-			Deadline: timePtr(time.Date(2025, time.December, 12, 0, 0, 0, 0, time.UTC)),
+			Deadline: new(time.Date(2025, time.December, 12, 0, 0, 0, 0, time.UTC)),
 			State:    "open",
 		},
 		"Milestone DDDD": {
 			Title:    "Milestone DDDD",
-			Deadline: timePtr(time.Date(2025, time.December, 12, 0, 0, 0, 0, time.UTC)),
+			Deadline: new(time.Date(2025, time.December, 12, 0, 0, 0, 0, time.UTC)),
 			State:    "closed",
 		},
 	}
@@ -524,7 +524,7 @@ func TestPagureDownloadRepoWithPrivateIssues(t *testing.T) {
 			Milestone:  "Milestone DDDD",
 			Created:    time.Date(2023, time.November, 21, 8, 6, 56, 0, time.UTC),
 			Updated:    time.Date(2025, time.June, 25, 6, 26, 26, 0, time.UTC),
-			Closed:     timePtr(time.Date(2025, time.June, 25, 6, 23, 51, 0, time.UTC)),
+			Closed:     new(time.Date(2025, time.June, 25, 6, 23, 51, 0, time.UTC)),
 			Labels: []*base.Label{
 				{
 					Name: "gggg",
@@ -550,7 +550,7 @@ func TestPagureDownloadRepoWithPrivateIssues(t *testing.T) {
 			Milestone:  "Milestone CCCC",
 			Created:    time.Date(2023, time.November, 21, 8, 3, 57, 0, time.UTC),
 			Updated:    time.Date(2025, time.June, 25, 6, 26, 7, 0, time.UTC),
-			Closed:     timePtr(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
+			Closed:     new(time.Date(1, time.January, 1, 0, 0, 0, 0, time.UTC)),
 			Labels: []*base.Label{
 				{
 					Name: "eeee",
@@ -649,17 +649,17 @@ func TestProcessDate(t *testing.T) {
 		},
 		{
 			name:     "empty string",
-			input:    strPtr(""),
+			input:    new(""),
 			expected: time.Time{},
 		},
 		{
 			name:     "unix timestamp",
-			input:    strPtr("1609459200"),
+			input:    new("1609459200"),
 			expected: time.Unix(1609459200, 0),
 		},
 		{
 			name:     "YYYY-MM-DD format",
-			input:    strPtr("2025-12-12"),
+			input:    new("2025-12-12"),
 			expected: time.Date(2025, time.December, 12, 0, 0, 0, 0, time.UTC),
 		},
 	}
@@ -671,7 +671,3 @@ func TestProcessDate(t *testing.T) {
 		})
 	}
 }
-
-func strPtr(s string) *string {
-	return &s
-}

From 731334e973a7f4389b7f2994cd4bd186df2a242c Mon Sep 17 00:00:00 2001
From: Thomas Teixeira <thomas.teixeira@startmail.com>
Date: Sat, 2 May 2026 01:29:40 +0200
Subject: [PATCH 782/854] fix(web): org projects assignment in issue view
 (#7999)

Allows user to assign organization projects to their new issues, using the project sidebar selector, even when repository's projects are disabled.
Moreover, the project sidebar selector is now hidden if no projects (repository-wide + organization-wide) are available.

Fixes forgejo/forgejo#5666

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7999
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 routers/web/repo/issue.go                     |  40 ++++--
 routers/web/repo/issue_test.go                |   3 +
 routers/web/repo/projects.go                  |   2 +-
 routers/web/web.go                            |  31 ++++-
 services/context/org.go                       |  43 +++---
 templates/repo/issue/new_form.tmpl            |   2 +-
 .../repo/issue/view_content/sidebar.tmpl      |   6 +-
 .../test_assign_project_repo.git/HEAD         |   1 +
 .../test_assign_project_repo.git/config       |   6 +
 .../test_assign_project_repo.git/description  |   1 +
 .../test_assign_project_repo.git/info/exclude |   6 +
 .../20/ade30d25e0ecaeec84e7f542a8456900858240 | Bin 0 -> 84 bytes
 .../27/74debeea6dc742cc4971a92db0e08b95b60588 | Bin 0 -> 51 bytes
 .../2a/47ca4b614a9f5a43abbd5ad851a54a616ffee6 | Bin 0 -> 760 bytes
 .../2f/9b22fd3159a43b7b4e5dd806fcd544edf8716f | Bin 0 -> 37 bytes
 .../d2/2b4d4daa5be07329fcef6ed458f00cf3392da0 | Bin 0 -> 814 bytes
 .../d5/6a3073c1dbb7b15963110a049d50cdb5db99fc | Bin 0 -> 42 bytes
 .../ec/f0db3c1ec806522de4b491fb9a3c7457398c61 | Bin 0 -> 62 bytes
 .../ee/16d127df463aa491e08958120f2108b02468df | Bin 0 -> 84 bytes
 .../refs/heads/master                         |   1 +
 .../refs/heads/test_branch                    |   1 +
 .../fixtures/TestAssignProject/access.yml     |   5 +
 .../TestAssignProject/collaboration.yml       |   5 +
 .../fixtures/TestAssignProject/project.yml    |  51 ++++++++
 .../fixtures/TestAssignProject/repo_unit.yml  |  35 +++++
 .../fixtures/TestAssignProject/repository.yml |  30 +++++
 .../fixtures/TestAssignProject/team.yml       |  32 +++++
 .../fixtures/TestAssignProject/team_repo.yml  |  11 ++
 .../fixtures/TestAssignProject/team_unit.yml  |  35 +++++
 .../fixtures/TestAssignProject/team_user.yml  |  11 ++
 .../fixtures/TestAssignProject/user.yml       |  37 ++++++
 tests/integration/issue_test.go               | 112 ++++++++++++++++
 tests/integration/project_test.go             | 122 ++++++++++++++++++
 33 files changed, 593 insertions(+), 36 deletions(-)
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/HEAD
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/config
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/description
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/info/exclude
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/20/ade30d25e0ecaeec84e7f542a8456900858240
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/27/74debeea6dc742cc4971a92db0e08b95b60588
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/2a/47ca4b614a9f5a43abbd5ad851a54a616ffee6
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/2f/9b22fd3159a43b7b4e5dd806fcd544edf8716f
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/d2/2b4d4daa5be07329fcef6ed458f00cf3392da0
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/d5/6a3073c1dbb7b15963110a049d50cdb5db99fc
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/ec/f0db3c1ec806522de4b491fb9a3c7457398c61
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/ee/16d127df463aa491e08958120f2108b02468df
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/refs/heads/master
 create mode 100644 tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/refs/heads/test_branch
 create mode 100644 tests/integration/fixtures/TestAssignProject/access.yml
 create mode 100644 tests/integration/fixtures/TestAssignProject/collaboration.yml
 create mode 100644 tests/integration/fixtures/TestAssignProject/project.yml
 create mode 100644 tests/integration/fixtures/TestAssignProject/repo_unit.yml
 create mode 100644 tests/integration/fixtures/TestAssignProject/repository.yml
 create mode 100644 tests/integration/fixtures/TestAssignProject/team.yml
 create mode 100644 tests/integration/fixtures/TestAssignProject/team_repo.yml
 create mode 100644 tests/integration/fixtures/TestAssignProject/team_unit.yml
 create mode 100644 tests/integration/fixtures/TestAssignProject/team_user.yml
 create mode 100644 tests/integration/fixtures/TestAssignProject/user.yml

diff --git a/routers/web/repo/issue.go b/routers/web/repo/issue.go
index bb4185f785..e1ee785ce4 100644
--- a/routers/web/repo/issue.go
+++ b/routers/web/repo/issue.go
@@ -604,7 +604,7 @@ func retrieveProjects(ctx *context.Context, repo *repo_model.Repository) {
 		repoOwnerType = project_model.TypeOrganization
 	}
 	var err error
-	projects, err := db.Find[project_model.Project](ctx, project_model.SearchOptions{
+	repositoryProjects, err := db.Find[project_model.Project](ctx, project_model.SearchOptions{
 		ListOptions: db.ListOptionsAll,
 		RepoID:      repo.ID,
 		IsClosed:    optional.Some(false),
@@ -614,7 +614,7 @@ func retrieveProjects(ctx *context.Context, repo *repo_model.Repository) {
 		ctx.ServerError("GetProjects", err)
 		return
 	}
-	projects2, err := db.Find[project_model.Project](ctx, project_model.SearchOptions{
+	ownerProjects, err := db.Find[project_model.Project](ctx, project_model.SearchOptions{
 		ListOptions: db.ListOptionsAll,
 		OwnerID:     repo.OwnerID,
 		IsClosed:    optional.Some(false),
@@ -625,9 +625,10 @@ func retrieveProjects(ctx *context.Context, repo *repo_model.Repository) {
 		return
 	}
 
-	ctx.Data["OpenProjects"] = append(projects, projects2...)
+	ownerHasOpenProjects := len(ownerProjects) > 0
+	ctx.Data["OpenProjects"] = append(repositoryProjects, ownerProjects...)
 
-	projects, err = db.Find[project_model.Project](ctx, project_model.SearchOptions{
+	repositoryProjects, err = db.Find[project_model.Project](ctx, project_model.SearchOptions{
 		ListOptions: db.ListOptionsAll,
 		RepoID:      repo.ID,
 		IsClosed:    optional.Some(true),
@@ -637,7 +638,7 @@ func retrieveProjects(ctx *context.Context, repo *repo_model.Repository) {
 		ctx.ServerError("GetProjects", err)
 		return
 	}
-	projects2, err = db.Find[project_model.Project](ctx, project_model.SearchOptions{
+	ownerProjects, err = db.Find[project_model.Project](ctx, project_model.SearchOptions{
 		ListOptions: db.ListOptionsAll,
 		OwnerID:     repo.OwnerID,
 		IsClosed:    optional.Some(true),
@@ -648,7 +649,8 @@ func retrieveProjects(ctx *context.Context, repo *repo_model.Repository) {
 		return
 	}
 
-	ctx.Data["ClosedProjects"] = append(projects, projects2...)
+	ctx.Data["OwnerHasProjects"] = ownerHasOpenProjects || len(ownerProjects) > 0
+	ctx.Data["ClosedProjects"] = append(repositoryProjects, ownerProjects...)
 }
 
 // repoReviewerSelection items to bee shown
@@ -968,6 +970,14 @@ func NewIssue(ctx *context.Context) {
 
 	isProjectsEnabled := ctx.Repo.CanRead(unit.TypeProjects)
 	ctx.Data["IsProjectsEnabled"] = isProjectsEnabled
+
+	// Individuals always have projects unit enabled
+	isOwnerProjectsEnabled := true
+	if ctx.Repo.Owner.IsOrganization() {
+		isOwnerProjectsEnabled = ctx.Org.CanReadUnit(ctx, unit.TypeProjects)
+	}
+	ctx.Data["IsOwnerProjectsEnabled"] = isOwnerProjectsEnabled
+
 	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
 	upload.AddUploadContext(ctx, "comment")
 
@@ -983,7 +993,7 @@ func NewIssue(ctx *context.Context) {
 	}
 
 	projectID := ctx.FormInt64("project")
-	if projectID > 0 && isProjectsEnabled {
+	if projectID > 0 && (isProjectsEnabled || isOwnerProjectsEnabled) {
 		project, err := project_model.GetProjectByID(ctx, projectID)
 		if err != nil {
 			log.Error("GetProjectByID: %d: %v", projectID, err)
@@ -1276,9 +1286,9 @@ func NewIssuePost(ctx *context.Context) {
 	}
 
 	if projectID > 0 {
-		if !ctx.Repo.CanRead(unit.TypeProjects) {
+		if !ctx.Repo.CanRead(unit.TypeProjects) || (ctx.ContextUser.IsOrganization() && !ctx.Org.CanReadUnit(ctx, unit.TypeProjects)) {
 			// User must also be able to see the project.
-			ctx.Error(http.StatusBadRequest, "user hasn't permissions to read projects")
+			ctx.Error(http.StatusForbidden, "user doesn't have permissions to read projects")
 			return
 		}
 		if err := issues_model.IssueAssignOrRemoveProject(ctx, issue, ctx.Doer, projectID, 0); err != nil {
@@ -1477,7 +1487,8 @@ func ViewIssue(ctx *context.Context) {
 	}
 
 	ctx.Data["IsModerationEnabled"] = setting.Moderation.Enabled
-	ctx.Data["IsProjectsEnabled"] = ctx.Repo.CanRead(unit.TypeProjects)
+	isProjectsEnabled := ctx.Repo.CanRead(unit.TypeProjects)
+	ctx.Data["IsProjectsEnabled"] = isProjectsEnabled
 	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
 	upload.AddUploadContext(ctx, "comment")
 
@@ -1546,6 +1557,7 @@ func ViewIssue(ctx *context.Context) {
 	}
 	ctx.Data["Labels"] = labels
 
+	isOwnerProjectsEnabled := true
 	if repo.Owner.IsOrganization() {
 		orgLabels, err := issues_model.GetLabelsByOrgID(ctx, repo.Owner.ID, ctx.FormString("sort"), db.ListOptions{})
 		if err != nil {
@@ -1553,9 +1565,11 @@ func ViewIssue(ctx *context.Context) {
 			return
 		}
 		ctx.Data["OrgLabels"] = orgLabels
-
 		labels = append(labels, orgLabels...)
+
+		isOwnerProjectsEnabled = ctx.Org.CanReadUnit(ctx, unit.TypeProjects)
 	}
+	ctx.Data["IsOwnerProjectsEnabled"] = isOwnerProjectsEnabled
 
 	hasSelected := false
 	for i := range labels {
@@ -1569,7 +1583,9 @@ func ViewIssue(ctx *context.Context) {
 	// Check milestone and assignee.
 	if ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull) {
 		RetrieveRepoMilestonesAndAssignees(ctx, repo)
-		retrieveProjects(ctx, repo)
+		if isProjectsEnabled || isOwnerProjectsEnabled {
+			retrieveProjects(ctx, repo)
+		}
 
 		if ctx.Written() {
 			return
diff --git a/routers/web/repo/issue_test.go b/routers/web/repo/issue_test.go
index 3644dd131f..e2c812084d 100644
--- a/routers/web/repo/issue_test.go
+++ b/routers/web/repo/issue_test.go
@@ -74,6 +74,9 @@ func TestNewIssueValidateProject(t *testing.T) {
 			contexttest.LoadUser(t, ctx, testCase.userID)
 			contexttest.LoadRepo(t, ctx, testCase.repoID)
 			contexttest.LoadGitRepo(t, ctx)
+			if ctx.Repo.Owner.IsOrganization() {
+				contexttest.LoadOrganization(t, ctx, ctx.Repo.Owner.ID)
+			}
 
 			NewIssue(ctx)
 
diff --git a/routers/web/repo/projects.go b/routers/web/repo/projects.go
index 98e4c35fa2..f007dfa7ba 100644
--- a/routers/web/repo/projects.go
+++ b/routers/web/repo/projects.go
@@ -400,7 +400,7 @@ func UpdateIssueProject(ctx *context.Context) {
 		return
 	}
 	if _, err := issues.LoadRepositories(ctx); err != nil {
-		ctx.ServerError("LoadProjects", err)
+		ctx.ServerError("LoadRepositories", err)
 		return
 	}
 
diff --git a/routers/web/web.go b/routers/web/web.go
index 5839e7d30e..c77c8629b9 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -906,6 +906,29 @@ func registerRoutes(m *web.Route) {
 		}
 	}
 
+	reqRepoOrOwnerProjectReader := func(ctx *context.Context) {
+		unitType := unit.TypeProjects
+		if ctx.ContextUser == nil || ctx.Doer == nil {
+			ctx.NotFound(unitType.String(), nil)
+			return
+		}
+
+		switch {
+		case ctx.ContextUser.IsIndividual():
+			if ctx.Doer.ID == ctx.ContextUser.ID || ctx.Doer.IsAdmin {
+				return
+			}
+		case ctx.ContextUser.IsOrganization():
+			if ctx.Org.Organization.UnitPermission(ctx, ctx.Doer, unitType) >= perm.AccessModeRead {
+				return
+			}
+		default:
+			ctx.NotFound(unitType.String(), nil)
+			return
+		}
+		reqRepoProjectsReader(ctx)
+	}
+
 	individualPermsChecker := func(ctx *context.Context) {
 		// org permissions have been checked in context.OrgAssignment(), but individual permissions haven't been checked.
 		if ctx.ContextUser.IsIndividual() {
@@ -1255,7 +1278,7 @@ func registerRoutes(m *web.Route) {
 		}
 		m.Group("/issues", func() {
 			m.Group("/new", func() {
-				m.Combo("").Get(context.RepoRef(), repo.NewIssue).
+				m.Combo("", context.EnsureOrg()).Get(context.RepoRef(), repo.NewIssue).
 					Post(web.Bind(forms.CreateIssueForm{}), repo.NewIssuePost)
 				m.Get("/choose", context.RepoRef(), repo.NewIssueChooseTemplate)
 			})
@@ -1301,7 +1324,7 @@ func registerRoutes(m *web.Route) {
 
 			m.Post("/labels", reqRepoIssuesOrPullsWriter, repo.UpdateIssueLabel)
 			m.Post("/milestone", reqRepoIssuesOrPullsWriter, repo.UpdateIssueMilestone)
-			m.Post("/projects", reqRepoIssuesOrPullsWriter, reqRepoProjectsReader, repo.UpdateIssueProject)
+			m.Post("/projects", reqRepoIssuesOrPullsWriter, context.EnsureOrg(), reqRepoOrOwnerProjectReader, repo.UpdateIssueProject)
 			m.Post("/assignee", reqRepoIssuesOrPullsWriter, repo.UpdateIssueAssignee)
 			m.Post("/request_review", reqRepoIssuesOrPullsReader, repo.UpdatePullReviewRequest)
 			m.Post("/dismiss_review", reqRepoAdmin, web.Bind(forms.DismissReviewForm{}), repo.DismissReview)
@@ -1427,7 +1450,7 @@ func registerRoutes(m *web.Route) {
 		m.Group("", func() {
 			m.Get("/issues/posters", repo.IssuePosters) // it can't use {type:issues|pulls} because other routes like "/pulls/{index}" has higher priority
 			m.Get("/{type:^(issues|pulls)$}", repo.Issues)
-			m.Get("/{type:^(issues|pulls)$}/{index}", repo.ViewIssue)
+			m.Get("/{type:^(issues|pulls)$}/{index}", context.EnsureOrg(), repo.ViewIssue)
 			m.Group("/{type:^(issues|pulls)$}/{index}/content-history", func() {
 				m.Get("/overview", repo.GetContentHistoryOverview)
 				m.Get("/list", repo.GetContentHistoryList)
@@ -1600,7 +1623,7 @@ func registerRoutes(m *web.Route) {
 
 		m.Get("/pulls/posters", repo.PullPosters)
 		m.Group("/pulls/{index}", func() {
-			m.Get("", repo.SetWhitespaceBehavior, repo.GetPullDiffStats, repo.ViewIssue)
+			m.Get("", repo.SetWhitespaceBehavior, repo.GetPullDiffStats, context.EnsureOrg(), repo.ViewIssue)
 			m.Get(".diff", repo.DownloadPullDiff)
 			m.Get(".patch", repo.DownloadPullPatch)
 			m.Group("/commits", func() {
diff --git a/services/context/org.go b/services/context/org.go
index c7d06b9bcc..adc6e33494 100644
--- a/services/context/org.go
+++ b/services/context/org.go
@@ -64,6 +64,32 @@ func GetOrganizationByParams(ctx *Context) {
 	}
 }
 
+func ensureIsOrg(ctx *Context) bool {
+	switch {
+	// Getting Organization from params
+	case ctx.ContextUser == nil:
+		if ctx.Org.Organization == nil {
+			GetOrganizationByParams(ctx)
+		}
+		return !ctx.Written()
+	// Getting Organization from ContextUser
+	case ctx.ContextUser.IsOrganization():
+		if ctx.Org == nil {
+			ctx.Org = &Organization{}
+		}
+		ctx.Org.Organization = (*organization.Organization)(ctx.ContextUser)
+		return true
+	}
+	// ContextUser is an individual User
+	return false
+}
+
+func EnsureOrg() func(*Context) {
+	return func(ctx *Context) {
+		ensureIsOrg(ctx)
+	}
+}
+
 // HandleOrgAssignment handles organization assignment
 func HandleOrgAssignment(ctx *Context, args ...bool) {
 	var (
@@ -87,24 +113,9 @@ func HandleOrgAssignment(ctx *Context, args ...bool) {
 
 	var err error
 
-	if ctx.ContextUser == nil {
-		// if Organization is not defined, get it from params
-		if ctx.Org.Organization == nil {
-			GetOrganizationByParams(ctx)
-			if ctx.Written() {
-				return
-			}
-		}
-	} else if ctx.ContextUser.IsOrganization() {
-		if ctx.Org == nil {
-			ctx.Org = &Organization{}
-		}
-		ctx.Org.Organization = (*organization.Organization)(ctx.ContextUser)
-	} else {
-		// ContextUser is an individual User
+	if !ensureIsOrg(ctx) {
 		return
 	}
-
 	org := ctx.Org.Organization
 
 	// Handle Visibility
diff --git a/templates/repo/issue/new_form.tmpl b/templates/repo/issue/new_form.tmpl
index 10a5978d52..5f5820fb07 100644
--- a/templates/repo/issue/new_form.tmpl
+++ b/templates/repo/issue/new_form.tmpl
@@ -78,7 +78,7 @@
 			</div>
 		</div>
 
-		{{if .IsProjectsEnabled}}
+		{{if or .IsProjectsEnabled (and .OwnerHasProjects .IsOwnerProjectsEnabled)}}
 		<div class="divider"></div>
 
 		<input id="project_id" name="project_id" type="hidden" value="{{.project_id}}">
diff --git a/templates/repo/issue/view_content/sidebar.tmpl b/templates/repo/issue/view_content/sidebar.tmpl
index 72e214c5aa..9d8db413fa 100644
--- a/templates/repo/issue/view_content/sidebar.tmpl
+++ b/templates/repo/issue/view_content/sidebar.tmpl
@@ -14,8 +14,10 @@
 	{{template "repo/issue/view_content/sidebar/milestones" .}}
 	<div class="divider"></div>
 
-	{{template "repo/issue/view_content/sidebar/projects" .}}
-	<div class="divider"></div>
+	{{if or .IsProjectsEnabled (and .OwnerHasProjects .IsOwnerProjectsEnabled)}}
+		{{template "repo/issue/view_content/sidebar/projects" .}}
+		<div class="divider"></div>
+	{{end}}
 
 	{{template "repo/issue/view_content/sidebar/assignees" dict "isExistingIssue" true "." .}}
 	<div class="divider"></div>
diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/HEAD b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/HEAD
new file mode 100644
index 0000000000..cb089cd89a
--- /dev/null
+++ b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/HEAD
@@ -0,0 +1 @@
+ref: refs/heads/master
diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/config b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/config
new file mode 100644
index 0000000000..e6da231579
--- /dev/null
+++ b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/config
@@ -0,0 +1,6 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true
+	ignorecase = true
+	precomposeunicode = true
diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/description b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/description
new file mode 100644
index 0000000000..498b267a8c
--- /dev/null
+++ b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/description
@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.
diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/info/exclude b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/info/exclude
new file mode 100644
index 0000000000..a5196d1be8
--- /dev/null
+++ b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/info/exclude
@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~
diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/20/ade30d25e0ecaeec84e7f542a8456900858240 b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/20/ade30d25e0ecaeec84e7f542a8456900858240
new file mode 100644
index 0000000000000000000000000000000000000000..9f3ffe5f27eab55ddf77a4eef3620a63549a1a32
GIT binary patch
literal 84
zcmV-a0IUCa0V^p=O;s>6XD~D{Ff%bx2y%6F@paY9O<}m2Wl((Z_V$gD$%0%ga|6z9
qy*=}fi2)EOq~s?vsF&Q^_bT_e(;3ggmAV@qbWh#J+5rIM${q^x(I*%H

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/27/74debeea6dc742cc4971a92db0e08b95b60588 b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/27/74debeea6dc742cc4971a92db0e08b95b60588
new file mode 100644
index 0000000000000000000000000000000000000000..5d9226f7a1240630524be4a3f27f4f31b1972c4c
GIT binary patch
literal 51
zcmV-30L=e*0V^p=O;s>9VK6i>Ff%bxNXbvu%S~a>pRM%QFmj1?wO{NFwm(;0-u@`e
J2LKmL5A5=Z6&nBm

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/2a/47ca4b614a9f5a43abbd5ad851a54a616ffee6 b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/2a/47ca4b614a9f5a43abbd5ad851a54a616ffee6
new file mode 100644
index 0000000000000000000000000000000000000000..ca60d2314fcda692990183d659d83ee440c1b995
GIT binary patch
literal 760
zcmV<U0tfwg0hN=<4x?5OMYHBB-X0~)la!7En9(*f7}#NWV8DPeli};*bhf=oZAv=Q
zy;Yl&4_#N!K;YTm<~M|Z#IpiYctJ7{hj|8J&eM=98Jf&^nqdVT=NX=)aU@&j$M6Qr
z1m6_+^XK{-ezNZMgn#5i_ZJ{&fum`jW(k1eJdPt@`aLzn{}rlU)l^sD_kTxHG{XXp
z<^bQ&EHMZ@<tIk~0&3UDB~g@QQPd>YOx;klMR72dt4;0R+*~O8>}``PUZ2-qtxFX@
zzcQJ_^G_pOnRY=y&KS-~OX8!%s4VQG3+deL$vl6&<XkU!zi!PIU2)%ET+BS)*ALnT
zl2V+fNUd7*v>|{~De2HSfz`)_^n-GuEXHwgRaeKV9=$9fPOJ1R0w&iIoy1PPw<ecR
zA@pYDaIP5;&=12#mZ;gGdhzCFEe^M~rYIq~8@^wEo|jX?)j`0k_=t&juZbAx<wbeA
z`Qj%r{Rsisqqh8edvmpJc{Gc=U4j^zX>U+nK$I{bkEo7A`*gjm6CvD_e$1?jz#N~O
za$_(}1e~skAZ#g_cMrB?V4Go^>n-WyBM+oNMmAPyk=}4>>B#PS@I$%`bj(%?W<D}+
zoW4JlCPB4?JKKkMO#JAD=ch3yG~2VgmZ7n~8w;0D)n*I%P}o}Yyc-iu?(Qe`V=HrH
z1a#{Db|qKnmnpW~Hnxi+x+T)_s>#cq$vH`uuPA-Xd;t|(ab9y}n`qJEc`7=3+E55E
z$e1f~*2Cub*`mHJ?;X>J)^ki#5tAz#O#)(g5k031yqQOfK2UuUvU(xh?s>+q2#7WU
zPQ_aDQ+K*Pm0NN_6;C(xXkDE?Y6;G%0+#1q=Fn1)S{}>pfgYb)I$r|Fv`LJBTSVP(
zb>$Z|pyzbAWM`N|X)pQxLk(E=9`8a`Kus_6?#{1_diM>Af6P%>n&^txCj_v@gI-fg
qUZ|GWE4B7C{oDJ4oXQ&c&k4mk{mKZW?!Q*Q-a`ZP8Tki~F*%6l+<SNc

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/2f/9b22fd3159a43b7b4e5dd806fcd544edf8716f b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/2f/9b22fd3159a43b7b4e5dd806fcd544edf8716f
new file mode 100644
index 0000000000000000000000000000000000000000..e98d752dadfa1bff7f581b3d38bf5967cc6049b3
GIT binary patch
literal 37
tcmb<m^geacKghr+B_Pb>q`%%--?Q3*9;fw#G`w_Am_K7;=uqdh2LKN*4QBuV

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/d2/2b4d4daa5be07329fcef6ed458f00cf3392da0 b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/d2/2b4d4daa5be07329fcef6ed458f00cf3392da0
new file mode 100644
index 0000000000000000000000000000000000000000..e319f8ce3447ea6a2a5c36db6841d582ed4fd02c
GIT binary patch
literal 814
zcmV+}1JV3=0hN<E535!XMpN@EZjTc7P0EXc*^Lbb8?fD7;F^8M82I&ZUX(6PrWxss
zW;DfjlCEir8Biq8{W6aT0fZ<%rD!32u{;AID^Z9PB~GMh@<mgm7?U*1i|GsN;fUH9
z(2x}p$i_UyLg~dpmVt4caxfJ+3UVyuDgO0Bh{xc2&btx3Cp6OF_n+-gw8EyZ(QirD
z`~fJQq$P%9L=NDjNRrr>et(<M|60oWY$`JF>)&<I49fu*;{vXh;mEhZ*M4#gV4(1<
z{UFN+C6iOV(6s$?uwV`KCoV=osP*wWPVI$d9;K$sHEz>&B`aCw{mU`%owRF4;Pzn%
z@u^AqrtIh8?4O&RxUMO+3wpTC<MGO#-Ai82I?r~d7QHU-Hatyc@x3s_N~zjz`f;X^
z{S>10PEVuvM4oI{lE(FLu}mbB_3ly;d=}h>m*a}70U@7KwMj5g?@Ptm9v&D}q^RpA
z@wF3D?oP{r!GEMHLslWW$BeUIoJcp><1kNB*vr(AJ@%-}Fz^xFHPNcBHG?5);#}+;
z1D?{03~4{OdsRKh*D*6wWz%hwL&b4r?-{wsyORf6To4#=$DLWSqszS^Ay!mpG!KQ(
zllokZj<LkgT)8@@Rk@A5QCgOu_x=-g<Z@VVRo{C12?Js(HhGhgahSMfA+t`<j6yUK
z7D`HT&~KM>EQ~eozR#B3YHdCylD01>Z<6TBD2jpsFS7EG2?TCo%v<+7hRJ%;1%Zm4
z!4Bh>S>!JXRe`GSi!Y>n7UybKW_iz4#)R@d!a!R*Z+<Q8?cL{azQ@-YPrtc^oD!%}
zGQ77kINKqMl(mNTBrBX?E1G&aYs$&Xa{GaS=@Tb(e0uheTyD91yWc;bM0APUM<ZN^
zKHT*FSWqtSQ{m^LDOEK#n;keK(?8q1GItE@Jllp<x2AnmKgts-*EjELo98B`sj&xv
zJj=uxe;(cqXVtOd-B9lfu|6?M3*CpfU;rl~g#4g!?E6Yc)IprK^lG4{SZ=hWZlm<*
srsBn^Tgk0xC?0O{_<?~RlNEg9_|px|QUA*rY(~=z{xK5!3!Uy(*O(@ucmMzZ

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/d5/6a3073c1dbb7b15963110a049d50cdb5db99fc b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/d5/6a3073c1dbb7b15963110a049d50cdb5db99fc
new file mode 100644
index 0000000000000000000000000000000000000000..eff3c9833edabef54391c6c050778ee88eaa207b
GIT binary patch
literal 42
ycmb<m^geacKghr=B_K@0OZSBNvqwdqx_)}6bTm$$IUnqCTEB^lnc?j{o+JQiKM@iD

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/ec/f0db3c1ec806522de4b491fb9a3c7457398c61 b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/ec/f0db3c1ec806522de4b491fb9a3c7457398c61
new file mode 100644
index 0000000000000000000000000000000000000000..ed431f70d3a5a65adb22bad8207ed5490b719d8c
GIT binary patch
literal 62
zcmV-E0Kxxw0ZYosPf{>7W>8irN-fAY=HhZmElw`VEGWs$&r?XtFM<gxD=U<w7MCa_
U=jY~TmT++y8UfV;07NMf{S$5&p8x;=

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/ee/16d127df463aa491e08958120f2108b02468df b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/objects/ee/16d127df463aa491e08958120f2108b02468df
new file mode 100644
index 0000000000000000000000000000000000000000..e177f69e372b98fa032e3df92ea436869c89ed60
GIT binary patch
literal 84
zcmV-a0IUCa0V^p=O;s>6XD~D{Ff%bx2y%6F@paY9O<{QR;kJ$33AP~JCtD`|o@G-K
qZrPJ)VgLjRDf!6^>LvH~y~;iAbjGuArS66Y-BY)*b^rk6+8wjRASSs0

literal 0
HcmV?d00001

diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/refs/heads/master b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/refs/heads/master
new file mode 100644
index 0000000000..ccee722d52
--- /dev/null
+++ b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/refs/heads/master
@@ -0,0 +1 @@
+2a47ca4b614a9f5a43abbd5ad851a54a616ffee6
diff --git a/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/refs/heads/test_branch b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/refs/heads/test_branch
new file mode 100644
index 0000000000..dfe0c6a128
--- /dev/null
+++ b/tests/gitea-repositories-meta/test_assign_project_org/test_assign_project_repo.git/refs/heads/test_branch
@@ -0,0 +1 @@
+d22b4d4daa5be07329fcef6ed458f00cf3392da0
diff --git a/tests/integration/fixtures/TestAssignProject/access.yml b/tests/integration/fixtures/TestAssignProject/access.yml
new file mode 100644
index 0000000000..9dec50f0ac
--- /dev/null
+++ b/tests/integration/fixtures/TestAssignProject/access.yml
@@ -0,0 +1,5 @@
+-
+  id: 1001
+  user_id: 5
+  repo_id: 1001
+  mode: 2
diff --git a/tests/integration/fixtures/TestAssignProject/collaboration.yml b/tests/integration/fixtures/TestAssignProject/collaboration.yml
new file mode 100644
index 0000000000..a26149d60e
--- /dev/null
+++ b/tests/integration/fixtures/TestAssignProject/collaboration.yml
@@ -0,0 +1,5 @@
+-
+  id: 1001
+  repo_id: 1001
+  user_id: 5
+  mode: 2
diff --git a/tests/integration/fixtures/TestAssignProject/project.yml b/tests/integration/fixtures/TestAssignProject/project.yml
new file mode 100644
index 0000000000..20b75ddb69
--- /dev/null
+++ b/tests/integration/fixtures/TestAssignProject/project.yml
@@ -0,0 +1,51 @@
+# team 1001 projects
+-
+  id: 1001
+  title: project1001
+  owner_id: 3
+  repo_id: 0
+  is_closed: false
+  board_type: 0
+  type: 3
+  creator_id: 5
+  created_unix: 1688973030
+  updated_unix: 1688973030
+
+# team 1002 projects
+-
+  id: 1002
+  title: project1002
+  owner_id: 0
+  repo_id: 1001
+  is_closed: false
+  board_type: 0
+  type: 2
+  creator_id: 5
+  created_unix: 1688973030
+  updated_unix: 1688973030
+
+# user 5 project
+-
+  id: 1003
+  title: project1003
+  owner_id: 5
+  repo_id: 0
+  is_closed: false
+  board_type: 0
+  type: 1
+  creator_id: 5
+  created_unix: 1688973030
+  updated_unix: 1688973030
+
+# org 1001 disabled project
+-
+  id: 1004
+  title: project1004
+  owner_id: 1001
+  repo_id: 0
+  is_closed: false
+  board_type: 0
+  type: 3
+  creator_id: 5
+  created_unix: 1688973030
+  updated_unix: 1688973030
diff --git a/tests/integration/fixtures/TestAssignProject/repo_unit.yml b/tests/integration/fixtures/TestAssignProject/repo_unit.yml
new file mode 100644
index 0000000000..d3fad496aa
--- /dev/null
+++ b/tests/integration/fixtures/TestAssignProject/repo_unit.yml
@@ -0,0 +1,35 @@
+-
+  id: 1001
+  repo_id: 3
+  type: 8
+  created_unix: 946684810
+
+-
+  id: 1002
+  repo_id: 3
+  type: 2
+  created_unix: 946684810
+
+-
+  id: 1003
+  repo_id: 3
+  type: 3
+  created_unix: 946684810
+
+-
+  id: 1004
+  repo_id: 1001
+  type: 8
+  created_unix: 946684810
+
+-
+  id: 1005
+  repo_id: 1001
+  type: 2
+  created_unix: 946684810
+
+-
+  id: 1006
+  repo_id: 1001
+  type: 3
+  created_unix: 946684810
diff --git a/tests/integration/fixtures/TestAssignProject/repository.yml b/tests/integration/fixtures/TestAssignProject/repository.yml
new file mode 100644
index 0000000000..3a2d6d637a
--- /dev/null
+++ b/tests/integration/fixtures/TestAssignProject/repository.yml
@@ -0,0 +1,30 @@
+-
+  id: 1001
+  owner_id: 1001
+  owner_name: test_assign_project_org
+  lower_name: test_assign_project_repo
+  name: test_assign_project_repo
+  default_branch: master
+  num_watches: 4
+  num_stars: 0
+  num_forks: 0
+  num_milestones: 3
+  num_closed_milestones: 1
+  num_projects: 1
+  num_closed_projects: 0
+  is_private: false
+  is_empty: false
+  is_archived: false
+  is_mirror: false
+  status: 0
+  is_fork: false
+  fork_id: 0
+  is_template: false
+  template_id: 0
+  size: 7597
+  is_fsck_enabled: true
+  close_issues_via_commit_in_any_branch: false
+  created_unix: 1731254961
+  updated_unix: 1731254961
+  topics: '[]'
+
diff --git a/tests/integration/fixtures/TestAssignProject/team.yml b/tests/integration/fixtures/TestAssignProject/team.yml
new file mode 100644
index 0000000000..6f295a3c65
--- /dev/null
+++ b/tests/integration/fixtures/TestAssignProject/team.yml
@@ -0,0 +1,32 @@
+-
+  id: 1001
+  org_id: 3
+  lower_name: writers
+  name: Writers
+  authorize: 2 # writer
+  num_repos: 3
+  num_members: 1
+  includes_all_repositories: false
+  can_create_org_repo: true
+
+-
+  id: 1002
+  org_id: 1001
+  lower_name: writers
+  name: Writers
+  authorize: 2 # writer
+  num_repos: 1
+  num_members: 1
+  includes_all_repositories: false
+  can_create_org_repo: true
+
+-
+  id: 1003
+  org_id: 1001
+  lower_name: owners
+  name: Owners
+  authorize: 4
+  num_repos: 0
+  num_members: 1
+  includes_all_repositories: false
+  can_create_org_repo: true
diff --git a/tests/integration/fixtures/TestAssignProject/team_repo.yml b/tests/integration/fixtures/TestAssignProject/team_repo.yml
new file mode 100644
index 0000000000..9b34a817d9
--- /dev/null
+++ b/tests/integration/fixtures/TestAssignProject/team_repo.yml
@@ -0,0 +1,11 @@
+-
+  id: 1001
+  org_id: 3
+  team_id: 1001
+  repo_id: 3
+
+-
+  id: 1002
+  org_id: 1001
+  team_id: 1002
+  repo_id: 1001
diff --git a/tests/integration/fixtures/TestAssignProject/team_unit.yml b/tests/integration/fixtures/TestAssignProject/team_unit.yml
new file mode 100644
index 0000000000..d156983090
--- /dev/null
+++ b/tests/integration/fixtures/TestAssignProject/team_unit.yml
@@ -0,0 +1,35 @@
+-
+  id: 1001
+  team_id: 1001
+  type: 8
+  access_mode: 2
+
+-
+  id: 1002
+  team_id: 1002
+  type: 8
+  access_mode: 1
+
+-
+  id: 1003
+  team_id: 1001
+  type: 2
+  access_mode: 2
+
+-
+  id: 1004
+  team_id: 1001
+  type: 3
+  access_mode: 2
+
+-
+  id: 1005
+  team_id: 1002
+  type: 2
+  access_mode: 2
+
+-
+  id: 1006
+  team_id: 1002
+  type: 3
+  access_mode: 2
diff --git a/tests/integration/fixtures/TestAssignProject/team_user.yml b/tests/integration/fixtures/TestAssignProject/team_user.yml
new file mode 100644
index 0000000000..8061f1b9d8
--- /dev/null
+++ b/tests/integration/fixtures/TestAssignProject/team_user.yml
@@ -0,0 +1,11 @@
+-
+  id: 1001
+  org_id: 3
+  team_id: 1001
+  uid: 5
+
+-
+  id: 1002
+  org_id: 23
+  team_id: 1002
+  uid: 5
diff --git a/tests/integration/fixtures/TestAssignProject/user.yml b/tests/integration/fixtures/TestAssignProject/user.yml
new file mode 100644
index 0000000000..8ad7bd0e67
--- /dev/null
+++ b/tests/integration/fixtures/TestAssignProject/user.yml
@@ -0,0 +1,37 @@
+-
+  id: 1001
+  lower_name: test_assign_project_org
+  name: test_assign_project_org
+  full_name: ' <<<< >> >> > >> > >>> >> '
+  email: org1001@example.com
+  keep_email_private: false
+  email_notifications_preference: onmention
+  passwd: ZogKvWdyEx:password
+  passwd_hash_algo: dummy
+  must_change_password: false
+  login_source: 0
+  login_name: test_assign_project_org
+  type: 1
+  salt: ZogKvWdyEx
+  max_repo_creation: 1000
+  is_active: false
+  is_admin: false
+  is_restricted: false
+  allow_git_hook: false
+  allow_import_local: false
+  allow_create_organization: true
+  prohibit_login: false
+  avatar: ""
+  avatar_email: org1001@example.com
+  use_custom_avatar: true
+  num_followers: 0
+  num_following: 0
+  num_stars: 0
+  num_repos: 1
+  num_teams: 1
+  num_members: 1
+  visibility: 0
+  repo_admin_change_team_access: false
+  theme: ""
+  keep_activity_private: false
+  created_unix: 1672578020
diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go
index d764870bab..c0ecf6b3bc 100644
--- a/tests/integration/issue_test.go
+++ b/tests/integration/issue_test.go
@@ -19,6 +19,7 @@ import (
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	issues_model "forgejo.org/models/issues"
+	org_model "forgejo.org/models/organization"
 	project_model "forgejo.org/models/project"
 	repo_model "forgejo.org/models/repo"
 	unit_model "forgejo.org/models/unit"
@@ -31,6 +32,7 @@ import (
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
 	"forgejo.org/modules/translation"
+	repo_service "forgejo.org/services/repository"
 	files_service "forgejo.org/services/repository/files"
 	user_service "forgejo.org/services/user"
 	"forgejo.org/tests"
@@ -1661,3 +1663,113 @@ func TestIssueUrlHandling(t *testing.T) {
 		MakeRequest(t, req, http.StatusNotFound)
 	})
 }
+
+func TestIssueProjectSidebarMissing(t *testing.T) {
+	const (
+		repoID = 4
+		userID = 5
+	)
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAssignProject/")()
+	defer tests.PrepareTestEnv(t)()
+
+	ctx := t.Context()
+
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userID})
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: repoID})
+	session := loginUser(t, user.Name)
+
+	issueURL := testNewIssue(t, session, user.Name, repo.Name, "Hello", "World")
+	t.Run("Sidebar showing - user project available", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		req := NewRequest(t, "GET", issueURL)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		htmlDoc.AssertElement(t, ".select-project.dropdown", true)
+	})
+
+	// Enable repository's project unit
+	projectUnit := repo_model.RepoUnit{
+		RepoID: repo.ID,
+		Type:   unit_model.TypeProjects,
+	}
+	require.NoError(t, repo_service.UpdateRepositoryUnits(db.DefaultContext, repo, []repo_model.RepoUnit{projectUnit}, nil))
+
+	t.Run("Sidebar showing - repository project unit on", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		req := NewRequest(t, "GET", issueURL)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		htmlDoc.AssertElement(t, ".select-project.dropdown", true)
+	})
+
+	project_model.DeleteProjectByID(ctx, 1003)
+	// Disable repository's project unit
+	require.NoError(t, repo_service.UpdateRepositoryUnits(db.DefaultContext, repo, nil, []unit_model.Type{unit_model.TypeProjects}))
+	t.Run("Sidebar missing", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		req := NewRequest(t, "GET", issueURL)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		htmlDoc.AssertElement(t, ".select-project.dropdown", false)
+	})
+
+	// Team with project available
+	team := unittest.AssertExistsAndLoadBean(t, &org_model.Team{ID: 1001})
+	require.NoError(t, team.LoadMembers(ctx))
+	require.NoError(t, team.LoadRepositories(ctx))
+
+	user = team.Members[0]
+	repo = team.Repos[0]
+	org := team.GetOrg(ctx)
+	session = loginUser(t, user.Name)
+
+	issueURL = testNewIssue(t, session, org.Name, repo.Name, "Hello", "World")
+	t.Run("Sidebar showing - org on & repo on", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		req := NewRequest(t, "GET", issueURL)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		htmlDoc.AssertElement(t, ".select-project.dropdown", true)
+	})
+
+	// Disable repository project unit
+	require.NoError(t, repo_service.UpdateRepositoryUnits(ctx, repo, nil, []unit_model.Type{unit_model.TypeProjects}))
+	t.Run("Sidebar showing - org on & repo off", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		req := NewRequest(t, "GET", issueURL)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		htmlDoc.AssertElement(t, ".select-project.dropdown", true)
+	})
+
+	// Team with project disabled
+	team = unittest.AssertExistsAndLoadBean(t, &org_model.Team{ID: 1002})
+	require.NoError(t, team.LoadMembers(ctx))
+	require.NoError(t, team.LoadRepositories(ctx))
+
+	user = team.Members[0]
+	repo = team.Repos[0]
+	org = team.GetOrg(ctx)
+	session = loginUser(t, user.Name)
+
+	require.NoError(t, project_model.DeleteProjectByID(db.DefaultContext, 1004))
+
+	issueURL = testNewIssue(t, session, org.Name, repo.Name, "Hello", "World")
+	t.Run("Sidebar showing - org off & repo on", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		req := NewRequest(t, "GET", issueURL)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		htmlDoc.AssertElement(t, ".select-project.dropdown", true)
+	})
+
+	// Disable repository project unit
+	require.NoError(t, repo_service.UpdateRepositoryUnits(ctx, repo, nil, []unit_model.Type{unit_model.TypeProjects}))
+	t.Run("Sidebar missing - org off & repo off", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		req := NewRequest(t, "GET", issueURL)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		htmlDoc := NewHTMLParser(t, resp.Body)
+		htmlDoc.AssertElement(t, ".select-project.dropdown", false)
+	})
+}
diff --git a/tests/integration/project_test.go b/tests/integration/project_test.go
index 629793602b..7583075b5f 100644
--- a/tests/integration/project_test.go
+++ b/tests/integration/project_test.go
@@ -7,12 +7,20 @@ package integration
 import (
 	"fmt"
 	"net/http"
+	"path"
+	"strconv"
+	"strings"
 	"testing"
 
 	"forgejo.org/models/db"
+	issues_model "forgejo.org/models/issues"
+	org_model "forgejo.org/models/organization"
 	project_model "forgejo.org/models/project"
 	repo_model "forgejo.org/models/repo"
+	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	repo_service "forgejo.org/services/repository"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -160,3 +168,117 @@ func TestChangeStatusProject(t *testing.T) {
 		})
 	})
 }
+
+func TestAssignProject(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestAssignProject/")()
+	defer tests.PrepareTestEnv(t)()
+
+	ctx := t.Context()
+
+	newTestIssue := func(t *testing.T, session *TestSession, owner *user_model.User, repo *repo_model.Repository) (*issues_model.Issue, string, string) {
+		t.Helper()
+
+		issueURL := testNewIssue(t, session, owner.Name, repo.Name, "Hello", "World")
+		indexStr := issueURL[strings.LastIndexByte(issueURL, '/')+1:]
+		index, err := strconv.Atoi(indexStr)
+		require.NoError(t, err, "Invalid issue href: %s", issueURL)
+
+		issue := &issues_model.Issue{RepoID: repo.ID, Index: int64(index)}
+		unittest.AssertExistsAndLoadBean(t, issue)
+
+		issueID := strconv.FormatInt(issue.ID, 10)
+		return issue, indexStr, issueID
+	}
+
+	updateIssueProject := func(t *testing.T, session *TestSession, projectID, issueID, owner, repo string, expectedStatus int) {
+		t.Helper()
+
+		req := NewRequestWithValues(t, "POST", path.Join(owner, repo, "issues", "projects"), map[string]string{
+			"issue_ids": issueID,
+			"id":        projectID,
+		})
+		session.MakeRequest(t, req, expectedStatus)
+	}
+
+	// User
+	t.Run("UserProjectOn+RepoProjectOff", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+
+		session := loginUser(tt, user.Name)
+		issue, _, issueID := newTestIssue(tt, session, user, repo)
+
+		updateIssueProject(tt, session, "1003", issueID, user.Name, repo.Name, http.StatusOK)
+		require.NoError(tt, issue.LoadProject(db.DefaultContext))
+		require.NotNil(tt, issue.Project)
+		require.Equal(tt, int64(1003), issue.Project.ID)
+	})
+
+	// Team 1001 - enabled project unit
+	team := unittest.AssertExistsAndLoadBean(t, &org_model.Team{ID: 1001})
+	require.NoError(t, team.LoadMembers(ctx))
+	require.NoError(t, team.LoadRepositories(ctx))
+
+	user := team.Members[0]
+	repo := team.Repos[0]
+	org := team.GetOrg(ctx)
+
+	session := loginUser(t, user.Name)
+
+	t.Run("OrgProjectOn+RepoProjectOn", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		issue, _, issueID := newTestIssue(tt, session, org.AsUser(), repo)
+
+		updateIssueProject(tt, session, "1001", issueID, org.Name, repo.Name, http.StatusOK)
+
+		require.NoError(tt, issue.LoadProject(db.DefaultContext))
+		require.NotNil(tt, issue.Project)
+		require.Equal(tt, int64(1001), issue.Project.ID)
+	})
+
+	// Disable repository project unit
+	require.NoError(t, repo_service.UpdateRepositoryUnits(ctx, repo, nil, []unit_model.Type{unit_model.TypeProjects}))
+	t.Run("OrgProjectOn+RepoProjectOff", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		issue, _, issueID := newTestIssue(tt, session, org.AsUser(), repo)
+
+		updateIssueProject(tt, session, "1001", issueID, org.Name, repo.Name, http.StatusOK)
+		require.NoError(tt, issue.LoadProject(db.DefaultContext))
+		require.NotNil(tt, issue.Project)
+		require.Equal(tt, int64(1001), issue.Project.ID)
+	})
+
+	// Team 1002 - disabled project unit
+	team = unittest.AssertExistsAndLoadBean(t, &org_model.Team{ID: 1002})
+	require.NoError(t, team.LoadMembers(ctx))
+	require.NoError(t, team.LoadRepositories(ctx))
+
+	user = team.Members[0]
+	repo = team.Repos[0]
+	org = team.GetOrg(ctx)
+
+	session = loginUser(t, user.Name)
+
+	t.Run("OrgProjectOff+RepoProjectOn", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		issue, _, issueID := newTestIssue(tt, session, org.AsUser(), repo)
+
+		updateIssueProject(tt, session, "1002", issueID, org.Name, repo.Name, http.StatusOK)
+		require.NoError(tt, issue.LoadProject(db.DefaultContext))
+		require.NotNil(tt, issue.Project)
+		require.Equal(tt, int64(1002), issue.Project.ID)
+	})
+
+	// Disable repository project unit
+	require.NoError(t, repo_service.UpdateRepositoryUnits(ctx, repo, nil, []unit_model.Type{unit_model.TypeProjects}))
+	t.Run("OrgProjectOff+RepoProjectOff", func(tt *testing.T) {
+		defer tests.PrintCurrentTest(tt)()
+		issue, _, issueID := newTestIssue(tt, session, org.AsUser(), repo)
+
+		updateIssueProject(tt, session, "1002", issueID, org.Name, repo.Name, http.StatusOK)
+		require.NoError(tt, issue.LoadProject(db.DefaultContext))
+		require.NotNil(tt, issue.Project)
+		require.Equal(tt, int64(1002), issue.Project.ID)
+	})
+}

From b6658076a96977cc1bc6d0b141d881d4589b74bf Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 2 May 2026 03:07:26 +0200
Subject: [PATCH 783/854] Update dependency clippie to v4.1.15 (forgejo)
 (#12371)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12371
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index fe96fe60f6..28d3bdb364 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -43,7 +43,7 @@
         "chart.js": "4.5.1",
         "chartjs-adapter-dayjs-4": "1.0.4",
         "chartjs-plugin-zoom": "2.2.0",
-        "clippie": "4.1.14",
+        "clippie": "4.1.15",
         "css-loader": "7.1.3",
         "dayjs": "1.11.19",
         "dropzone": "6.0.0-beta.2",
@@ -6337,9 +6337,9 @@
       }
     },
     "node_modules/clippie": {
-      "version": "4.1.14",
-      "resolved": "https://registry.npmjs.org/clippie/-/clippie-4.1.14.tgz",
-      "integrity": "sha512-VMyejKiX9jtz57BP2YLZeH+662xKTlIAXBoaHVXdtuuDiSd2D1z/0GyclLGX4POXKK03/vYB6cHVWlSLDI2YBw==",
+      "version": "4.1.15",
+      "resolved": "https://registry.npmjs.org/clippie/-/clippie-4.1.15.tgz",
+      "integrity": "sha512-K4z5MF32z7Gr1fUcfuUZvmrzpdNs5q8zAm2yqsWhA8mZ9Q6GL4HNdR2k3h3ubEEEGoyb8fvMA48LDr2MKYDASA==",
       "license": "BSD-2-Clause"
     },
     "node_modules/cliui": {
diff --git a/package.json b/package.json
index 0669dc04c1..6fe61d62f1 100644
--- a/package.json
+++ b/package.json
@@ -42,7 +42,7 @@
     "chart.js": "4.5.1",
     "chartjs-adapter-dayjs-4": "1.0.4",
     "chartjs-plugin-zoom": "2.2.0",
-    "clippie": "4.1.14",
+    "clippie": "4.1.15",
     "css-loader": "7.1.3",
     "dayjs": "1.11.19",
     "dropzone": "6.0.0-beta.2",

From 8edcb8d4dbc96db19399c2017acf87d661b9c291 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 3 May 2026 04:06:51 +0200
Subject: [PATCH 784/854] Update module github.com/fsnotify/fsnotify to v1.10.0
 (forgejo) (#12374)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12374
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index d4b54ad8bf..b1282504d9 100644
--- a/go.mod
+++ b/go.mod
@@ -41,7 +41,7 @@ require (
 	github.com/editorconfig/editorconfig-core-go/v2 v2.6.4
 	github.com/emersion/go-imap v1.2.1
 	github.com/felixge/fgprof v0.9.5
-	github.com/fsnotify/fsnotify v1.9.0
+	github.com/fsnotify/fsnotify v1.10.0
 	github.com/gdgvda/cron v0.7.0
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-ap/activitypub v0.0.0-20260208110334-902f6cf8c2cc
diff --git a/go.sum b/go.sum
index 34aa5f4f7a..a286b590d0 100644
--- a/go.sum
+++ b/go.sum
@@ -249,8 +249,8 @@ github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
-github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/fsnotify/fsnotify v1.10.0 h1:Xx/5Ydg9CeBDX/wi4VJqStNtohYjitZhhlHt4h3St1M=
+github.com/fsnotify/fsnotify v1.10.0/go.mod h1:TLheqan6HD6GBK6PrDWyDPBaEV8LspOxvPSjC+bVfgo=
 github.com/fxamacker/cbor/v2 v2.9.1 h1:2rWm8B193Ll4VdjsJY28jxs70IdDsHRWgQYAI80+rMQ=
 github.com/fxamacker/cbor/v2 v2.9.1/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/gdgvda/cron v0.7.0 h1:LFPZUTbCb5ZpzYxavbQDDbjd6nwTwkiNUWyulOdlY2I=

From ee8ad6581c08c20bdbf2b6a5bb290d2d0b5ad308 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 3 May 2026 04:07:02 +0200
Subject: [PATCH 785/854] Update module github.com/klauspost/compress to
 v1.18.6 (forgejo) (#12372)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12372
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b1282504d9..9fe44c95f0 100644
--- a/go.mod
+++ b/go.mod
@@ -72,7 +72,7 @@ require (
 	github.com/jhillyerd/enmime/v2 v2.2.0
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
-	github.com/klauspost/compress v1.18.5
+	github.com/klauspost/compress v1.18.6
 	github.com/klauspost/cpuid/v2 v2.2.11
 	github.com/markbates/goth v1.82.0
 	github.com/mattn/go-isatty v0.0.21
diff --git a/go.sum b/go.sum
index a286b590d0..864dc04863 100644
--- a/go.sum
+++ b/go.sum
@@ -480,8 +480,8 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNU
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/compress v1.18.5 h1:/h1gH5Ce+VWNLSWqPzOVn6XBO+vJbCNGvjoaGBFW2IE=
-github.com/klauspost/compress v1.18.5/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
+github.com/klauspost/compress v1.18.6 h1:2jupLlAwFm95+YDR+NwD2MEfFO9d4z4Prjl1XXDjuao=
+github.com/klauspost/compress v1.18.6/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.2.11 h1:0OwqZRYI2rFrjS4kvkDnqJkKHdHaRnCm68/DY4OxRzU=

From 7e205c571892c3060c2d939bdbb2f1972b22b472 Mon Sep 17 00:00:00 2001
From: "steven.guiheux" <steven.guiheux@ovhcloud.com>
Date: Sun, 3 May 2026 04:41:12 +0200
Subject: [PATCH 786/854] fix: get tag must return the tag signature instead of
 commit signature (#12351)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

## Fix: `GET /api/v1/repos/{owner}/{repo}/git/tags/{sha}` returns empty verification for signed tags

### Problem

When an annotated tag is signed (GPG or SSH) but the underlying commit is **not** signed, the API endpoint `GET /repos/{owner}/{repo}/git/tags/{sha}` returns an empty `verification.signature` field.

This is because `ToAnnotatedTag` was calling `ToVerification(ctx, c)` with the **commit** object, which checks the commit's signature — not the tag's own signature. Since the commit is unsigned, the API returns `signature: ""` and `verified: false`.

This causes issues for tools that rely on the tag signature from the API to validate that a tag push event is from a trusted source.

### Fix

`ToAnnotatedTag` now checks if the tag has its own signature (`t.Signature != nil`). If so, it uses `ParseTagWithSignature` to verify the tag's signature and populates the `verification` field from the tag. Otherwise, it falls back to the commit signature (existing behavior for unsigned/lightweight tags).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12351
Reviewed-by: limiting-factor <limiting-factor@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 routers/api/v1/repo/tag.go       |  2 +-
 services/convert/convert.go      | 24 +++++++-
 services/convert/convert_test.go | 99 ++++++++++++++++++++++++++++++++
 3 files changed, 122 insertions(+), 3 deletions(-)

diff --git a/routers/api/v1/repo/tag.go b/routers/api/v1/repo/tag.go
index 9d0609aaa0..80e34938a7 100644
--- a/routers/api/v1/repo/tag.go
+++ b/routers/api/v1/repo/tag.go
@@ -122,7 +122,7 @@ func GetAnnotatedTag(ctx *context.APIContext) {
 			ctx.Error(http.StatusBadRequest, "GetAnnotatedTag", err)
 		}
 
-		convertedAnnotatedTag, err := convert.ToAnnotatedTag(ctx, ctx.Repo.Repository, tag, commit)
+		convertedAnnotatedTag, err := convert.ToAnnotatedTag(ctx, ctx.Repo.GitRepo, ctx.Repo.Repository, tag, commit)
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, "ToAnnotatedTag", err)
 			return
diff --git a/services/convert/convert.go b/services/convert/convert.go
index 65fa701ffe..1f52511188 100644
--- a/services/convert/convert.go
+++ b/services/convert/convert.go
@@ -397,12 +397,32 @@ func ToTeams(ctx context.Context, teams []*organization.Team, loadOrgs bool) ([]
 }
 
 // ToAnnotatedTag convert git.Tag to api.AnnotatedTag
-func ToAnnotatedTag(ctx context.Context, repo *repo_model.Repository, t *git.Tag, c *git.Commit) (*api.AnnotatedTag, error) {
+func ToAnnotatedTag(ctx context.Context, gitRepo *git.Repository, repo *repo_model.Repository, t *git.Tag, c *git.Commit) (*api.AnnotatedTag, error) {
 	archiveDownloadCount, err := repo_model.GetArchiveDownloadCountForTagName(ctx, repo.ID, t.Name)
 	if err != nil {
 		return nil, err
 	}
 
+	// Use the tag's own signature if the tag is signed, otherwise fall back to commit signature.
+	var verification *api.PayloadCommitVerification
+	if t.Signature != nil {
+		verif := asymkey_model.ParseTagWithSignature(ctx, gitRepo, t)
+		verification = &api.PayloadCommitVerification{
+			Verified:  verif.Verified,
+			Reason:    verif.Reason,
+			Signature: t.Signature.Signature,
+			Payload:   t.Signature.Payload,
+		}
+		if verif.SigningUser != nil {
+			verification.Signer = &api.PayloadUser{
+				Name:  verif.SigningUser.Name,
+				Email: verif.SigningEmail,
+			}
+		}
+	} else {
+		verification = ToVerification(ctx, c)
+	}
+
 	return &api.AnnotatedTag{
 		Tag:                  t.Name,
 		SHA:                  t.ID.String(),
@@ -410,7 +430,7 @@ func ToAnnotatedTag(ctx context.Context, repo *repo_model.Repository, t *git.Tag
 		Message:              t.Message,
 		URL:                  util.URLJoin(repo.APIURL(), "git/tags", t.ID.String()),
 		Tagger:               ToCommitUser(t.Tagger),
-		Verification:         ToVerification(ctx, c),
+		Verification:         verification,
 		ArchiveDownloadCount: archiveDownloadCount,
 	}, nil
 }
diff --git a/services/convert/convert_test.go b/services/convert/convert_test.go
index 6b870e0540..de964eb07a 100644
--- a/services/convert/convert_test.go
+++ b/services/convert/convert_test.go
@@ -5,14 +5,17 @@ package convert
 
 import (
 	"testing"
+	"time"
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/timeutil"
+	"forgejo.org/modules/util"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -106,6 +109,102 @@ uf51WIBywxztet6vi+jYJK1jFoY4iA==
 	})
 }
 
+func TestToAnnotatedTag(t *testing.T) {
+	defer unittest.OverrideFixtures("models/fixtures/TestParseCommitWithSSHSignature")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	// Align user email for predictable test results (same as TestToVerification).
+	userModel := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	userModel.Email = "secret-email@example.com"
+	db.GetEngine(t.Context()).ID(userModel.ID).Cols("email").Update(userModel)
+
+	headRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
+	sha1 := git.Sha1ObjectFormat
+
+	tagSHA := sha1.EmptyObjectID()
+	commitSHA := git.MustIDFromString("e20aa0bcd2878f65a93de68a3eed9045d6efdd74")
+	tagger := &git.Signature{Name: "user2", Email: "user2@example.com", When: time.Unix(1699707877, 0)}
+
+	t.Run("Unsigned tag falls back to commit signature (GPG)", func(t *testing.T) {
+		tag := &git.Tag{
+			Name:    "v2.0.0",
+			ID:      tagSHA,
+			Object:  commitSHA,
+			Type:    "commit",
+			Tagger:  tagger,
+			Message: "Lightweight tag\n",
+			// No Signature → unsigned tag
+		}
+
+		commitPayload := `tree e20aa0bcd2878f65a93de68a3eed9045d6efdd74
+parent 5cd9b9847563eb730d63d23c1f1b84868e52ae7d
+author user2 <user2+committer@example.com> 1759956520 -0600
+committer user2 <user2+committer@example.com> 1759956520 -0600
+
+Add content
+`
+		commitGPGSig := `-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEdlqhn25IEoMmvK5vmDaXTfEZWRMFAmjmzigACgkQmDaXTfEZ
+WROC4ggAs8mD8csA6FV5e2v/4HcxuaZKCN+D8Gvku2JUigODQCA+NOX0FF2jDnCh
+tXylBPB4HJw1spKkDLtOpnCUSOniBdl9NcZjnBt6sP/OSnEfLznXFra+9fCHzsu0
+9uhDn3Wn1iHWXQ2ZglUwVS0ja6pNgEip8wNZBysv8+XbO1CEEW0m7zQA6tunzIwp
+yiPZDUJrKtpKAK0+v19EccT2VjYAa+Vo+p3/E0piaTYNbsTqtFRy63tdjDkf+mo+
+l/PaPhrMqdnbxv3/sd/63VCNdvPH3f0+OuydcC7mXyysmvap99EC+QKnpsrm7RAP
+uf51WIBywxztet6vi+jYJK1jFoY4iA==
+=Lnrt
+-----END PGP SIGNATURE-----`
+
+		commit := &git.Commit{
+			ID: commitSHA,
+			Committer: &git.Signature{
+				Email: "user2@example.com",
+			},
+			Signature: &git.ObjectSignature{
+				Payload:   commitPayload,
+				Signature: commitGPGSig,
+			},
+		}
+
+		result, err := ToAnnotatedTag(t.Context(), nil, headRepo, tag, commit)
+		require.NoError(t, err)
+		require.NotNil(t, result)
+
+		// Should fall back to commit verification (tag has no signature)
+		assert.Equal(t, commitGPGSig, result.Verification.Signature, "should use the commit GPG signature")
+		assert.Equal(t, commitPayload, result.Verification.Payload, "should use the commit payload")
+		assert.True(t, result.Verification.Verified, "commit signature should be verified")
+		assert.Equal(t, "v2.0.0", result.Tag)
+		assert.Equal(t, tagSHA.String(), result.SHA)
+		assert.Equal(t, util.URLJoin(headRepo.APIURL(), "git/tags", tagSHA.String()), result.URL)
+	})
+
+	t.Run("Unsigned tag, unsigned commit", func(t *testing.T) {
+		tag := &git.Tag{
+			Name:    "v3.0.0",
+			ID:      tagSHA,
+			Object:  commitSHA,
+			Type:    "commit",
+			Tagger:  tagger,
+			Message: "No signature\n",
+		}
+
+		commit := &git.Commit{
+			ID:        commitSHA,
+			Committer: &git.Signature{Email: "user2@example.com"},
+			// No Signature
+		}
+
+		result, err := ToAnnotatedTag(t.Context(), nil, headRepo, tag, commit)
+		require.NoError(t, err)
+		require.NotNil(t, result)
+
+		assert.False(t, result.Verification.Verified, "should not be verified")
+		assert.Empty(t, result.Verification.Signature, "should have no signature")
+		assert.Equal(t, "v3.0.0", result.Tag)
+	})
+}
+
 func TestToActionRunner(t *testing.T) {
 	testCases := []struct {
 		name           string

From 743b3b4cd90c2dc23381e96014d061d27ab89f51 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 3 May 2026 05:15:10 +0200
Subject: [PATCH 787/854] Update module github.com/minio/minio-go/v7 to v7.1.0
 (forgejo) (#11959)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11959
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 assets/go-licenses.json | 5 +++++
 go.mod                  | 4 ++--
 go.sum                  | 6 ++++--
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 41b1135033..355648c18d 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -1184,6 +1184,11 @@
     "path": "github.com/zeebo/blake3/LICENSE",
     "licenseText": "This work is released into the public domain with CC0 1.0.\n\n-------------------------------------------------------------------------------\n\nCreative Commons Legal Code\n\nCC0 1.0 Universal\n\n    CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE\n    LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN\n    ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS\n    INFORMATION ON AN \"AS-IS\" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES\n    REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS\n    PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM\n    THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED\n    HEREUNDER.\n\nStatement of Purpose\n\nThe laws of most jurisdictions throughout the world automatically confer\nexclusive Copyright and Related Rights (defined below) upon the creator\nand subsequent owner(s) (each and all, an \"owner\") of an original work of\nauthorship and/or a database (each, a \"Work\").\n\nCertain owners wish to permanently relinquish those rights to a Work for\nthe purpose of contributing to a commons of creative, cultural and\nscientific works (\"Commons\") that the public can reliably and without fear\nof later claims of infringement build upon, modify, incorporate in other\nworks, reuse and redistribute as freely as possible in any form whatsoever\nand for any purposes, including without limitation commercial purposes.\nThese owners may contribute to the Commons to promote the ideal of a free\nculture and the further production of creative, cultural and scientific\nworks, or to gain reputation or greater distribution for their Work in\npart through the use and efforts of others.\n\nFor these and/or other purposes and motivations, and without any\nexpectation of additional consideration or compensation, the person\nassociating CC0 with a Work (the \"Affirmer\"), to the extent that he or she\nis an owner of Copyright and Related Rights in the Work, voluntarily\nelects to apply CC0 to the Work and publicly distribute the Work under its\nterms, with knowledge of his or her Copyright and Related Rights in the\nWork and the meaning and intended legal effect of CC0 on those rights.\n\n1. Copyright and Related Rights. A Work made available under CC0 may be\nprotected by copyright and related or neighboring rights (\"Copyright and\nRelated Rights\"). Copyright and Related Rights include, but are not\nlimited to, the following:\n\n  i. the right to reproduce, adapt, distribute, perform, display,\n     communicate, and translate a Work;\n ii. moral rights retained by the original author(s) and/or performer(s);\niii. publicity and privacy rights pertaining to a person's image or\n     likeness depicted in a Work;\n iv. rights protecting against unfair competition in regards to a Work,\n     subject to the limitations in paragraph 4(a), below;\n  v. rights protecting the extraction, dissemination, use and reuse of data\n     in a Work;\n vi. database rights (such as those arising under Directive 96/9/EC of the\n     European Parliament and of the Council of 11 March 1996 on the legal\n     protection of databases, and under any national implementation\n     thereof, including any amended or successor version of such\n     directive); and\nvii. other similar, equivalent or corresponding rights throughout the\n     world based on applicable law or treaty, and any national\n     implementations thereof.\n\n2. Waiver. To the greatest extent permitted by, but not in contravention\nof, applicable law, Affirmer hereby overtly, fully, permanently,\nirrevocably and unconditionally waives, abandons, and surrenders all of\nAffirmer's Copyright and Related Rights and associated claims and causes\nof action, whether now known or unknown (including existing as well as\nfuture claims and causes of action), in the Work (i) in all territories\nworldwide, (ii) for the maximum duration provided by applicable law or\ntreaty (including future time extensions), (iii) in any current or future\nmedium and for any number of copies, and (iv) for any purpose whatsoever,\nincluding without limitation commercial, advertising or promotional\npurposes (the \"Waiver\"). Affirmer makes the Waiver for the benefit of each\nmember of the public at large and to the detriment of Affirmer's heirs and\nsuccessors, fully intending that such Waiver shall not be subject to\nrevocation, rescission, cancellation, termination, or any other legal or\nequitable action to disrupt the quiet enjoyment of the Work by the public\nas contemplated by Affirmer's express Statement of Purpose.\n\n3. Public License Fallback. Should any part of the Waiver for any reason\nbe judged legally invalid or ineffective under applicable law, then the\nWaiver shall be preserved to the maximum extent permitted taking into\naccount Affirmer's express Statement of Purpose. In addition, to the\nextent the Waiver is so judged Affirmer hereby grants to each affected\nperson a royalty-free, non transferable, non sublicensable, non exclusive,\nirrevocable and unconditional license to exercise Affirmer's Copyright and\nRelated Rights in the Work (i) in all territories worldwide, (ii) for the\nmaximum duration provided by applicable law or treaty (including future\ntime extensions), (iii) in any current or future medium and for any number\nof copies, and (iv) for any purpose whatsoever, including without\nlimitation commercial, advertising or promotional purposes (the\n\"License\"). The License shall be deemed effective as of the date CC0 was\napplied by Affirmer to the Work. Should any part of the License for any\nreason be judged legally invalid or ineffective under applicable law, such\npartial invalidity or ineffectiveness shall not invalidate the remainder\nof the License, and in such case Affirmer hereby affirms that he or she\nwill not (i) exercise any of his or her remaining Copyright and Related\nRights in the Work or (ii) assert any associated claims and causes of\naction with respect to the Work, in either case contrary to Affirmer's\nexpress Statement of Purpose.\n\n4. Limitations and Disclaimers.\n\n a. No trademark or patent rights held by Affirmer are waived, abandoned,\n    surrendered, licensed or otherwise affected by this document.\n b. Affirmer offers the Work as-is and makes no representations or\n    warranties of any kind concerning the Work, express, implied,\n    statutory or otherwise, including without limitation warranties of\n    title, merchantability, fitness for a particular purpose, non\n    infringement, or the absence of latent or other defects, accuracy, or\n    the present or absence of errors, whether or not discoverable, all to\n    the greatest extent permissible under applicable law.\n c. Affirmer disclaims responsibility for clearing rights of other persons\n    that may apply to the Work or any use thereof, including without\n    limitation any person's Copyright and Related Rights in the Work.\n    Further, Affirmer disclaims responsibility for obtaining any necessary\n    consents, permissions or other rights required for any use of the\n    Work.\n d. Affirmer understands and acknowledges that Creative Commons is not a\n    party to this document and has no duty or obligation with respect to\n    this CC0 or use of the Work.\n"
   },
+  {
+    "name": "github.com/zeebo/xxh3",
+    "path": "github.com/zeebo/xxh3/LICENSE",
+    "licenseText": "BSD 2-Clause License\n\nCopyright (c) 2012-2014, Yann Collet\nCopyright (c) 2019, Jeff Wendling\nAll rights reserved.\n\nxxHash Library\n\nRedistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n\n* Redistributions of source code must retain the above copyright notice, this\n  list of conditions and the following disclaimer.\n\n* Redistributions in binary form must reproduce the above copyright notice, this\n  list of conditions and the following disclaimer in the documentation and/or\n  other materials provided with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON\nANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
+  },
   {
     "name": "gitlab.com/gitlab-org/api/client-go",
     "path": "gitlab.com/gitlab-org/api/client-go/LICENSE",
diff --git a/go.mod b/go.mod
index 9fe44c95f0..9cd3aea8e2 100644
--- a/go.mod
+++ b/go.mod
@@ -80,7 +80,7 @@ require (
 	github.com/meilisearch/meilisearch-go v0.36.2
 	github.com/mholt/archives v0.1.5
 	github.com/microcosm-cc/bluemonday v1.0.27
-	github.com/minio/minio-go/v7 v7.0.99
+	github.com/minio/minio-go/v7 v7.1.0
 	github.com/msteinert/pam/v2 v2.1.0
 	github.com/niklasfasching/go-org v1.9.1
 	github.com/olivere/elastic/v7 v7.0.32
@@ -247,8 +247,8 @@ require (
 	github.com/stretchr/objx v0.5.2 // indirect
 	github.com/tinylib/msgp v1.6.4 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
-	github.com/zeebo/assert v1.3.0 // indirect
 	github.com/zeebo/blake3 v0.2.4 // indirect
+	github.com/zeebo/xxh3 v1.1.0 // indirect
 	go.etcd.io/bbolt v1.4.3 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
diff --git a/go.sum b/go.sum
index 864dc04863..49cc3e4a7b 100644
--- a/go.sum
+++ b/go.sum
@@ -537,8 +537,8 @@ github.com/minio/crc64nvme v1.1.1 h1:8dwx/Pz49suywbO+auHCBpCtlW1OfpcLN7wYgVR6wAI
 github.com/minio/crc64nvme v1.1.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.99 h1:2vH/byrwUkIpFQFOilvTfaUpvAX3fEFhEzO+DR3DlCE=
-github.com/minio/minio-go/v7 v7.0.99/go.mod h1:EtGNKtlX20iL2yaYnxEigaIvj0G0GwSDnifnG8ClIdw=
+github.com/minio/minio-go/v7 v7.1.0 h1:QEt5IStDpxgGjEdtOgpiZ5QhmSl3ax7qy61vi2SwHO8=
+github.com/minio/minio-go/v7 v7.1.0/go.mod h1:Dm7WS1AgLmBa0NcQD6SeJnJf+K/EUW3GR7Ks6olB3OA=
 github.com/minio/minlz v1.0.1 h1:OUZUzXcib8diiX+JYxyRLIdomyZYzHct6EShOKtQY2A=
 github.com/minio/minlz v1.0.1/go.mod h1:qT0aEB35q79LLornSzeDH75LBf3aH1MV+jB5w9Wasec=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -684,6 +684,8 @@ github.com/zeebo/blake3 v0.2.4 h1:KYQPkhpRtcqh0ssGYcKLG1JYvddkEA8QwCM/yBqhaZI=
 github.com/zeebo/blake3 v0.2.4/go.mod h1:7eeQ6d2iXWRGF6npfaxl2CU+xy2Fjo2gxeyZGCRUjcE=
 github.com/zeebo/pcg v1.0.1 h1:lyqfGeWiv4ahac6ttHs+I5hwtH/+1mrhlCtVNQM2kHo=
 github.com/zeebo/pcg v1.0.1/go.mod h1:09F0S9iiKrwn9rlI5yjLkmrug154/YRW6KnnXVDM/l4=
+github.com/zeebo/xxh3 v1.1.0 h1:s7DLGDK45Dyfg7++yxI0khrfwq9661w9EN78eP/UZVs=
+github.com/zeebo/xxh3 v1.1.0/go.mod h1:IisAie1LELR4xhVinxWS5+zf1lA4p0MW4T+w+W07F5s=
 gitlab.com/gitlab-org/api/client-go v0.143.2 h1:tfmUW8u+G/DGKOB/FDR0c06f0RVUAEe0ym8WpLoiHXI=
 gitlab.com/gitlab-org/api/client-go v0.143.2/go.mod h1:gJn5yLx9vYGXr73Yv0ueHWCVl+fL8iUOgJFxC7qV+iM=
 go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo=

From a2557f0f42bac6a4910347b898a8d31a1f1f2500 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 3 May 2026 05:57:54 +0200
Subject: [PATCH 788/854] Update module github.com/caddyserver/certmagic to
 v0.25.3 (forgejo) (#12257)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12257
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 assets/go-licenses.json |  2 +-
 go.mod                  | 18 ++++++++---------
 go.sum                  | 44 ++++++++++++++++++++++++-----------------
 3 files changed, 36 insertions(+), 28 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index 355648c18d..e98b67581d 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -1212,7 +1212,7 @@
   {
     "name": "go.uber.org/zap",
     "path": "go.uber.org/zap/LICENSE",
-    "licenseText": "Copyright (c) 2016-2017 Uber Technologies, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n"
+    "licenseText": "Copyright (c) 2016-2024 Uber Technologies, Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n"
   },
   {
     "name": "go.uber.org/zap/exp/zapslog",
diff --git a/go.mod b/go.mod
index 9cd3aea8e2..0adf767790 100644
--- a/go.mod
+++ b/go.mod
@@ -31,7 +31,7 @@ require (
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
 	github.com/blevesearch/bleve/v2 v2.5.7
 	github.com/buildkite/terminal-to-html/v3 v3.16.8
-	github.com/caddyserver/certmagic v0.24.0
+	github.com/caddyserver/certmagic v0.25.3
 	github.com/chi-middleware/proxy v1.1.1
 	github.com/djherbis/buffer v1.2.0
 	github.com/djherbis/nio/v3 v3.0.1
@@ -73,7 +73,7 @@ require (
 	github.com/json-iterator/go v1.1.12
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51
 	github.com/klauspost/compress v1.18.6
-	github.com/klauspost/cpuid/v2 v2.2.11
+	github.com/klauspost/cpuid/v2 v2.3.0
 	github.com/markbates/goth v1.82.0
 	github.com/mattn/go-isatty v0.0.21
 	github.com/mattn/go-sqlite3 v1.14.44
@@ -152,7 +152,7 @@ require (
 	github.com/bodgit/windows v1.0.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf // indirect
-	github.com/caddyserver/zerossl v0.1.3 // indirect
+	github.com/caddyserver/zerossl v0.1.5 // indirect
 	github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudflare/circl v1.6.3 // indirect
@@ -207,14 +207,14 @@ require (
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/klauspost/crc32 v1.3.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
-	github.com/libdns/libdns v1.0.0 // indirect
+	github.com/libdns/libdns v1.1.1 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
 	github.com/markbates/going v1.0.3 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-runewidth v0.0.17 // indirect
 	github.com/mattn/go-shellwords v1.0.12 // indirect
-	github.com/mholt/acmez/v3 v3.1.2 // indirect
-	github.com/miekg/dns v1.1.63 // indirect
+	github.com/mholt/acmez/v3 v3.1.6 // indirect
+	github.com/miekg/dns v1.1.72 // indirect
 	github.com/mikelolasagasti/xz v1.0.1 // indirect
 	github.com/minio/crc64nvme v1.1.1 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
@@ -252,13 +252,13 @@ require (
 	go.etcd.io/bbolt v1.4.3 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.27.0 // indirect
+	go.uber.org/zap v1.27.1 // indirect
 	go.uber.org/zap/exp v0.3.0 // indirect
 	go.yaml.in/yaml/v4 v4.0.0-rc.3 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
-	golang.org/x/mod v0.34.0 // indirect
+	golang.org/x/mod v0.35.0 // indirect
 	golang.org/x/time v0.15.0 // indirect
-	golang.org/x/tools v0.43.0 // indirect
+	golang.org/x/tools v0.44.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/go.sum b/go.sum
index 49cc3e4a7b..242a4c5f4d 100644
--- a/go.sum
+++ b/go.sum
@@ -46,6 +46,8 @@ code.forgejo.org/xorm/xorm v1.3.9-forgejo.11 h1:EXJVQ4feAFMkpFwtHAHuXkK6TLNYqabR
 code.forgejo.org/xorm/xorm v1.3.9-forgejo.11/go.mod h1:C18NeM/SazG/q4eqpWnoNks7GeCyRUNQIe2onniRViU=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
 code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
+code.pfad.fr/check v1.1.0 h1:GWvjdzhSEgHvEHe2uJujDcpmZoySKuHQNrZMfzfO0bE=
+code.pfad.fr/check v1.1.0/go.mod h1:NiUH13DtYsb7xp5wll0U4SXx7KhXQVCtRgdC96IPfoM=
 code.superseriousbusiness.org/exif-terminator v0.11.2 h1:nkTdaghZb6I0oGYFhTLSALhA2ShgkPnYAJryE5IE9+0=
 code.superseriousbusiness.org/exif-terminator v0.11.2/go.mod h1:/Z+3DHSrefCzzN5ePkGjVYKFErRimoeUf694Gz8Pn/Y=
 code.superseriousbusiness.org/go-jpeg-image-structure/v2 v2.3.0 h1:r9uq8StaSHYKJ8DklR9Xy+E9c40G1Z8yj5TRGi8L6+4=
@@ -161,10 +163,10 @@ github.com/bsm/gomega v1.27.10 h1:yeMWxP2pV2fG3FgAODIY8EiRE3dy0aeFYt4l7wh6yKA=
 github.com/bsm/gomega v1.27.10/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0=
 github.com/buildkite/terminal-to-html/v3 v3.16.8 h1:QN/daUob6cmK8GcdKnwn9+YTlPr1vNj+oeAIiJK6fPc=
 github.com/buildkite/terminal-to-html/v3 v3.16.8/go.mod h1:+k1KVKROZocrTLsEQ9PEf9A+8+X8uaVV5iO1ZIOwKYM=
-github.com/caddyserver/certmagic v0.24.0 h1:EfXTWpxHAUKgDfOj6MHImJN8Jm4AMFfMT6ITuKhrDF0=
-github.com/caddyserver/certmagic v0.24.0/go.mod h1:xPT7dC1DuHHnS2yuEQCEyks+b89sUkMENh8dJF+InLE=
-github.com/caddyserver/zerossl v0.1.3 h1:onS+pxp3M8HnHpN5MMbOMyNjmTheJyWRaZYwn+YTAyA=
-github.com/caddyserver/zerossl v0.1.3/go.mod h1:CxA0acn7oEGO6//4rtrRjYgEoa4MFw/XofZnrYwGqG4=
+github.com/caddyserver/certmagic v0.25.3 h1:mGf5ba8F7xA4c5jfDZZbK2buY1VEkbnwpMDixaju94A=
+github.com/caddyserver/certmagic v0.25.3/go.mod h1:YVs43D5+H/Dckt4bTga1KSO/xYfFBfVZainGDywYPAA=
+github.com/caddyserver/zerossl v0.1.5 h1:dkvOjBAEEtY6LIGAHei7sw2UgqSD6TrWweXpV7lvEvE=
+github.com/caddyserver/zerossl v0.1.5/go.mod h1:CxA0acn7oEGO6//4rtrRjYgEoa4MFw/XofZnrYwGqG4=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a h1:MISbI8sU/PSK/ztvmWKFcI7UGb5/HQT7B+i3a2myKgI=
 github.com/cention-sany/utf7 v0.0.0-20170124080048-26cad61bd60a/go.mod h1:2GxOXOlEPAMFPfp014mK1SWq8G8BN8o7/dfYqJrVGn8=
@@ -291,6 +293,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
+github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
+github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-ldap/ldap/v3 v3.4.12 h1:1b81mv7MagXZ7+1r7cLTWmyuTqVqdwbtJSjC0DAp9s4=
 github.com/go-ldap/ldap/v3 v3.4.12/go.mod h1:+SPAGcTtOfmGsCb3h1RFiq4xpp4N636G75OEace8lNo=
 github.com/go-openapi/jsonpointer v0.22.4 h1:dZtK82WlNpVLDW2jlA1YCiVJFVqkED1MegOUy9kR5T4=
@@ -484,8 +488,8 @@ github.com/klauspost/compress v1.18.6 h1:2jupLlAwFm95+YDR+NwD2MEfFO9d4z4Prjl1XXD
 github.com/klauspost/compress v1.18.6/go.mod h1:cwPg85FWrGar70rWktvGQj8/hthj3wpl0PGDogxkrSQ=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.11 h1:0OwqZRYI2rFrjS4kvkDnqJkKHdHaRnCm68/DY4OxRzU=
-github.com/klauspost/cpuid/v2 v2.2.11/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
 github.com/klauspost/crc32 v1.3.0 h1:sSmTt3gUt81RP655XGZPElI0PelVTZ6YwCRnPSupoFM=
 github.com/klauspost/crc32 v1.3.0/go.mod h1:D7kQaZhnkX/Y0tstFGf8VUzv2UofNGqCjnC3zdHB0Hw=
 github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
@@ -502,8 +506,12 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
 github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1yfhB7XSJJKlFZKl/J+dCPAknuiaGOshXAs=
-github.com/libdns/libdns v1.0.0 h1:IvYaz07JNz6jUQ4h/fv2R4sVnRnm77J/aOuC9B+TQTA=
-github.com/libdns/libdns v1.0.0/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
+github.com/letsencrypt/challtestsrv v1.4.2 h1:0ON3ldMhZyWlfVNYYpFuWRTmZNnyfiL9Hh5YzC3JVwU=
+github.com/letsencrypt/challtestsrv v1.4.2/go.mod h1:GhqMqcSoeGpYd5zX5TgwA6er/1MbWzx/o7yuuVya+Wk=
+github.com/letsencrypt/pebble/v2 v2.10.0 h1:Wq6gYXlsY6ubqI3hhxsTzdyotvfdjFBxuwYqCLCnj/U=
+github.com/letsencrypt/pebble/v2 v2.10.0/go.mod h1:Sk8cmUIPcIdv2nINo+9PB4L+ZBhzY+F9A1a/h/xmWiQ=
+github.com/libdns/libdns v1.1.1 h1:wPrHrXILoSHKWJKGd0EiAVmiJbFShguILTg9leS/P/U=
+github.com/libdns/libdns v1.1.1/go.mod h1:4Bj9+5CQiNMVGf87wjX4CY3HQJypUHRuLvlsfsZqLWQ=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4=
 github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU=
@@ -523,14 +531,14 @@ github.com/mattn/go-sqlite3 v1.14.44 h1:3VSe+xafpbzsLbdr2AWlAZk9yRHiBhTBakioXaCK
 github.com/mattn/go-sqlite3 v1.14.44/go.mod h1:pjEuOr8IwzLJP2MfGeTb0A35jauH+C2kbHKBr7yXKVQ=
 github.com/meilisearch/meilisearch-go v0.36.2 h1:MYaMPCpdLh2aYPt+zK+19mLoA4dfBY3S1L7T0FADCjU=
 github.com/meilisearch/meilisearch-go v0.36.2/go.mod h1:hWcR0MuWLSzHfbz9GGzIr3s9rnXLm1jqkmHkJPbUSvM=
-github.com/mholt/acmez/v3 v3.1.2 h1:auob8J/0FhmdClQicvJvuDavgd5ezwLBfKuYmynhYzc=
-github.com/mholt/acmez/v3 v3.1.2/go.mod h1:L1wOU06KKvq7tswuMDwKdcHeKpFFgkppZy/y0DFxagQ=
+github.com/mholt/acmez/v3 v3.1.6 h1:eGVQNObP0pBN4sxqrXeg7MYqTOWyoiYpQqITVWlrevk=
+github.com/mholt/acmez/v3 v3.1.6/go.mod h1:5nTPosTGosLxF3+LU4ygbgMRFDhbAVpqMI4+a4aHLBY=
 github.com/mholt/archives v0.1.5 h1:Fh2hl1j7VEhc6DZs2DLMgiBNChUux154a1G+2esNvzQ=
 github.com/mholt/archives v0.1.5/go.mod h1:3TPMmBLPsgszL+1As5zECTuKwKvIfj6YcwWPpeTAXF4=
 github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk=
 github.com/microcosm-cc/bluemonday v1.0.27/go.mod h1:jFi9vgW+H7c3V0lb6nR74Ib/DIB5OBs92Dimizgw2cA=
-github.com/miekg/dns v1.1.63 h1:8M5aAw6OMZfFXTT7K5V0Eu5YiiL8l7nUAkyN6C9YwaY=
-github.com/miekg/dns v1.1.63/go.mod h1:6NGHfjhpmr5lt3XPLuyfDJi5AXbNIPM9PY6H6sF1Nfs=
+github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI=
+github.com/miekg/dns v1.1.72/go.mod h1:+EuEPhdHOsfk6Wk5TT2CzssZdqkmFhf8r+aVyDEToIs=
 github.com/mikelolasagasti/xz v1.0.1 h1:Q2F2jX0RYJUG3+WsM+FJknv+6eVjsjXNDV0KJXZzkD0=
 github.com/mikelolasagasti/xz v1.0.1/go.mod h1:muAirjiOUxPRXwm9HdDtB3uoRPrGnL85XHtokL9Hcgc=
 github.com/minio/crc64nvme v1.1.1 h1:8dwx/Pz49suywbO+auHCBpCtlW1OfpcLN7wYgVR6wAI=
@@ -703,8 +711,8 @@ go.uber.org/mock v0.6.0 h1:hyF9dfmbgIX5EfOdasqLsWD6xqpNZlXblLB/Dbnwv3Y=
 go.uber.org/mock v0.6.0/go.mod h1:KiVJ4BqZJaMj4svdfmHM0AUx4NJYO8ZNpPnZn1Z+BBU=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
-go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc=
+go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 go.uber.org/zap/exp v0.3.0 h1:6JYzdifzYkGmTdRR59oYH+Ng7k49H9qVpWwNSsGJj3U=
 go.uber.org/zap/exp v0.3.0/go.mod h1:5I384qq7XGxYyByIhHm6jg5CHkGY0nsTfbDLgDDlgJQ=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
@@ -761,8 +769,8 @@ golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/mod v0.34.0 h1:xIHgNUUnW6sYkcM5Jleh05DvLOtwc6RitGHbDk4akRI=
-golang.org/x/mod v0.34.0/go.mod h1:ykgH52iCZe79kzLLMhyCUzhMci+nQj+0XkbXpNYtVjY=
+golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM=
+golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -912,8 +920,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
 golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
-golang.org/x/tools v0.43.0 h1:12BdW9CeB3Z+J/I/wj34VMl8X+fEXBxVR90JeMX5E7s=
-golang.org/x/tools v0.43.0/go.mod h1:uHkMso649BX2cZK6+RpuIPXS3ho2hZo4FVwfoy1vIk0=
+golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c=
+golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

From e9710af24f1d13e21324292cde302471bcdc360c Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 3 May 2026 06:22:22 +0200
Subject: [PATCH 789/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.10.0 (forgejo) (#12392)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12392
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 assets/go-licenses.json | 25 -------------------------
 go.mod                  |  8 ++------
 go.sum                  | 14 ++------------
 3 files changed, 4 insertions(+), 43 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index e98b67581d..e3c20b807e 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -609,21 +609,6 @@
     "path": "github.com/go-fed/httpsig/LICENSE",
     "licenseText": "BSD 3-Clause License\n\nCopyright (c) 2018, go-fed\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n* Redistributions of source code must retain the above copyright notice, this\n  list of conditions and the following disclaimer.\n\n* Redistributions in binary form must reproduce the above copyright notice,\n  this list of conditions and the following disclaimer in the documentation\n  and/or other materials provided with the distribution.\n\n* Neither the name of the copyright holder nor the names of its\n  contributors may be used to endorse or promote products derived from\n  this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
   },
-  {
-    "name": "github.com/go-git/gcfg",
-    "path": "github.com/go-git/gcfg/LICENSE",
-    "licenseText": "Copyright (c) 2012 Péter Surányi. Portions Copyright (c) 2009 The Go\nAuthors. All rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n   * Neither the name of Google Inc. nor the names of its\ncontributors may be used to endorse or promote products derived from\nthis software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
-  },
-  {
-    "name": "github.com/go-git/go-billy/v5",
-    "path": "github.com/go-git/go-billy/v5/LICENSE",
-    "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"{}\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2017 Sourced Technologies S.L.\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
-  },
-  {
-    "name": "github.com/go-git/go-git/v5",
-    "path": "github.com/go-git/go-git/v5/LICENSE",
-    "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"{}\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright 2018 Sourced Technologies, S.L.\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
-  },
   {
     "name": "github.com/go-ini/ini",
     "path": "github.com/go-ini/ini/LICENSE",
@@ -809,11 +794,6 @@
     "path": "github.com/jackc/puddle/v2/LICENSE",
     "licenseText": "Copyright (c) 2018 Jack Christensen\n\nMIT License\n\nPermission is hereby granted, free of charge, to any person obtaining\na copy of this software and associated documentation files (the\n\"Software\"), to deal in the Software without restriction, including\nwithout limitation the rights to use, copy, modify, merge, publish,\ndistribute, sublicense, and/or sell copies of the Software, and to\npermit persons to whom the Software is furnished to do so, subject to\nthe following conditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF\nMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE\nLIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION\nOF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION\nWITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
   },
-  {
-    "name": "github.com/jbenet/go-context/io",
-    "path": "github.com/jbenet/go-context/io/LICENSE",
-    "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2014 Juan Batiz-Benet\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n"
-  },
   {
     "name": "github.com/jhillyerd/enmime/v2",
     "path": "github.com/jhillyerd/enmime/v2/LICENSE",
@@ -1294,11 +1274,6 @@
     "path": "gopkg.in/ini.v1/LICENSE",
     "licenseText": "Apache License\nVersion 2.0, January 2004\nhttp://www.apache.org/licenses/\n\nTERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n1. Definitions.\n\n\"License\" shall mean the terms and conditions for use, reproduction, and\ndistribution as defined by Sections 1 through 9 of this document.\n\n\"Licensor\" shall mean the copyright owner or entity authorized by the copyright\nowner that is granting the License.\n\n\"Legal Entity\" shall mean the union of the acting entity and all other entities\nthat control, are controlled by, or are under common control with that entity.\nFor the purposes of this definition, \"control\" means (i) the power, direct or\nindirect, to cause the direction or management of such entity, whether by\ncontract or otherwise, or (ii) ownership of fifty percent (50%) or more of the\noutstanding shares, or (iii) beneficial ownership of such entity.\n\n\"You\" (or \"Your\") shall mean an individual or Legal Entity exercising\npermissions granted by this License.\n\n\"Source\" form shall mean the preferred form for making modifications, including\nbut not limited to software source code, documentation source, and configuration\nfiles.\n\n\"Object\" form shall mean any form resulting from mechanical transformation or\ntranslation of a Source form, including but not limited to compiled object code,\ngenerated documentation, and conversions to other media types.\n\n\"Work\" shall mean the work of authorship, whether in Source or Object form, made\navailable under the License, as indicated by a copyright notice that is included\nin or attached to the work (an example is provided in the Appendix below).\n\n\"Derivative Works\" shall mean any work, whether in Source or Object form, that\nis based on (or derived from) the Work and for which the editorial revisions,\nannotations, elaborations, or other modifications represent, as a whole, an\noriginal work of authorship. For the purposes of this License, Derivative Works\nshall not include works that remain separable from, or merely link (or bind by\nname) to the interfaces of, the Work and Derivative Works thereof.\n\n\"Contribution\" shall mean any work of authorship, including the original version\nof the Work and any modifications or additions to that Work or Derivative Works\nthereof, that is intentionally submitted to Licensor for inclusion in the Work\nby the copyright owner or by an individual or Legal Entity authorized to submit\non behalf of the copyright owner. For the purposes of this definition,\n\"submitted\" means any form of electronic, verbal, or written communication sent\nto the Licensor or its representatives, including but not limited to\ncommunication on electronic mailing lists, source code control systems, and\nissue tracking systems that are managed by, or on behalf of, the Licensor for\nthe purpose of discussing and improving the Work, but excluding communication\nthat is conspicuously marked or otherwise designated in writing by the copyright\nowner as \"Not a Contribution.\"\n\n\"Contributor\" shall mean Licensor and any individual or Legal Entity on behalf\nof whom a Contribution has been received by Licensor and subsequently\nincorporated within the Work.\n\n2. Grant of Copyright License.\n\nSubject to the terms and conditions of this License, each Contributor hereby\ngrants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,\nirrevocable copyright license to reproduce, prepare Derivative Works of,\npublicly display, publicly perform, sublicense, and distribute the Work and such\nDerivative Works in Source or Object form.\n\n3. Grant of Patent License.\n\nSubject to the terms and conditions of this License, each Contributor hereby\ngrants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free,\nirrevocable (except as stated in this section) patent license to make, have\nmade, use, offer to sell, sell, import, and otherwise transfer the Work, where\nsuch license applies only to those patent claims licensable by such Contributor\nthat are necessarily infringed by their Contribution(s) alone or by combination\nof their Contribution(s) with the Work to which such Contribution(s) was\nsubmitted. If You institute patent litigation against any entity (including a\ncross-claim or counterclaim in a lawsuit) alleging that the Work or a\nContribution incorporated within the Work constitutes direct or contributory\npatent infringement, then any patent licenses granted to You under this License\nfor that Work shall terminate as of the date such litigation is filed.\n\n4. Redistribution.\n\nYou may reproduce and distribute copies of the Work or Derivative Works thereof\nin any medium, with or without modifications, and in Source or Object form,\nprovided that You meet the following conditions:\n\nYou must give any other recipients of the Work or Derivative Works a copy of\nthis License; and\nYou must cause any modified files to carry prominent notices stating that You\nchanged the files; and\nYou must retain, in the Source form of any Derivative Works that You distribute,\nall copyright, patent, trademark, and attribution notices from the Source form\nof the Work, excluding those notices that do not pertain to any part of the\nDerivative Works; and\nIf the Work includes a \"NOTICE\" text file as part of its distribution, then any\nDerivative Works that You distribute must include a readable copy of the\nattribution notices contained within such NOTICE file, excluding those notices\nthat do not pertain to any part of the Derivative Works, in at least one of the\nfollowing places: within a NOTICE text file distributed as part of the\nDerivative Works; within the Source form or documentation, if provided along\nwith the Derivative Works; or, within a display generated by the Derivative\nWorks, if and wherever such third-party notices normally appear. The contents of\nthe NOTICE file are for informational purposes only and do not modify the\nLicense. You may add Your own attribution notices within Derivative Works that\nYou distribute, alongside or as an addendum to the NOTICE text from the Work,\nprovided that such additional attribution notices cannot be construed as\nmodifying the License.\nYou may add Your own copyright statement to Your modifications and may provide\nadditional or different license terms and conditions for use, reproduction, or\ndistribution of Your modifications, or for any such Derivative Works as a whole,\nprovided Your use, reproduction, and distribution of the Work otherwise complies\nwith the conditions stated in this License.\n\n5. Submission of Contributions.\n\nUnless You explicitly state otherwise, any Contribution intentionally submitted\nfor inclusion in the Work by You to the Licensor shall be under the terms and\nconditions of this License, without any additional terms or conditions.\nNotwithstanding the above, nothing herein shall supersede or modify the terms of\nany separate license agreement you may have executed with Licensor regarding\nsuch Contributions.\n\n6. Trademarks.\n\nThis License does not grant permission to use the trade names, trademarks,\nservice marks, or product names of the Licensor, except as required for\nreasonable and customary use in describing the origin of the Work and\nreproducing the content of the NOTICE file.\n\n7. Disclaimer of Warranty.\n\nUnless required by applicable law or agreed to in writing, Licensor provides the\nWork (and each Contributor provides its Contributions) on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied,\nincluding, without limitation, any warranties or conditions of TITLE,\nNON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are\nsolely responsible for determining the appropriateness of using or\nredistributing the Work and assume any risks associated with Your exercise of\npermissions under this License.\n\n8. Limitation of Liability.\n\nIn no event and under no legal theory, whether in tort (including negligence),\ncontract, or otherwise, unless required by applicable law (such as deliberate\nand grossly negligent acts) or agreed to in writing, shall any Contributor be\nliable to You for damages, including any direct, indirect, special, incidental,\nor consequential damages of any character arising as a result of this License or\nout of the use or inability to use the Work (including but not limited to\ndamages for loss of goodwill, work stoppage, computer failure or malfunction, or\nany and all other commercial damages or losses), even if such Contributor has\nbeen advised of the possibility of such damages.\n\n9. Accepting Warranty or Additional Liability.\n\nWhile redistributing the Work or Derivative Works thereof, You may choose to\noffer, and charge a fee for, acceptance of support, warranty, indemnity, or\nother liability obligations and/or rights consistent with this License. However,\nin accepting such obligations, You may act only on Your own behalf and on Your\nsole responsibility, not on behalf of any other Contributor, and only if You\nagree to indemnify, defend, and hold each Contributor harmless for any liability\nincurred by, or claims asserted against, such Contributor by reason of your\naccepting any such warranty or additional liability.\n\nEND OF TERMS AND CONDITIONS\n\nAPPENDIX: How to apply the Apache License to your work\n\nTo apply the Apache License to your work, attach the following boilerplate\nnotice, with the fields enclosed by brackets \"[]\" replaced with your own\nidentifying information. (Don't include the brackets!) The text should be\nenclosed in the appropriate comment syntax for the file format. We also\nrecommend that a file or class name and description of purpose be included on\nthe same \"printed page\" as the copyright notice for easier identification within\nthird-party archives.\n\n   Copyright 2014 Unknwon\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n     http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
   },
-  {
-    "name": "gopkg.in/warnings.v0",
-    "path": "gopkg.in/warnings.v0/LICENSE",
-    "licenseText": "Copyright (c) 2016 Péter Surányi.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are\nmet:\n\n   * Redistributions of source code must retain the above copyright\nnotice, this list of conditions and the following disclaimer.\n   * Redistributions in binary form must reproduce the above\ncopyright notice, this list of conditions and the following disclaimer\nin the documentation and/or other materials provided with the\ndistribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\nLIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\nA PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\nOWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\nSPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\nLIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\nDATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\nTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
-  },
   {
     "name": "gopkg.in/yaml.v2",
     "path": "gopkg.in/yaml.v2/LICENSE",
diff --git a/go.mod b/go.mod
index 0adf767790..d38060a6b1 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.9.0
+	code.forgejo.org/forgejo/runner/v12 v12.10.0
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
@@ -172,9 +172,6 @@ require (
 	github.com/go-enry/go-oniguruma v1.2.1 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-fed/httpsig v1.1.0 // indirect
-	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
-	github.com/go-git/go-billy/v5 v5.8.0 // indirect
-	github.com/go-git/go-git/v5 v5.18.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-openapi/jsonpointer v0.22.4 // indirect
 	github.com/go-openapi/jsonreference v0.21.4 // indirect
@@ -203,7 +200,6 @@ require (
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jackc/puddle/v2 v2.2.2 // indirect
-	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/klauspost/crc32 v1.3.0 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
@@ -229,6 +225,7 @@ require (
 	github.com/olekukonko/ll v0.0.9 // indirect
 	github.com/olekukonko/tablewriter v1.0.7 // indirect
 	github.com/onsi/ginkgo v1.16.5 // indirect
+	github.com/onsi/gomega v1.34.1 // indirect
 	github.com/philhofer/fwd v1.2.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.22 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
@@ -260,7 +257,6 @@ require (
 	golang.org/x/time v0.15.0 // indirect
 	golang.org/x/tools v0.44.0 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
-	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
index 242a4c5f4d..170b500020 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.9.0 h1:NjON7Io08kHxua/AorPuHQ1KXfx3lF8UjVBMvR7UMQQ=
-code.forgejo.org/forgejo/runner/v12 v12.9.0/go.mod h1:NEQXUvam9ofsTeSTAMnJXMyCZxKLoyQhVG6DAYSpOKw=
+code.forgejo.org/forgejo/runner/v12 v12.10.0 h1:FgUrG7cfaV/3HcbKYu+r8VY42XKpv44Q0ZcaZM3Eng0=
+code.forgejo.org/forgejo/runner/v12 v12.10.0/go.mod h1:NEQXUvam9ofsTeSTAMnJXMyCZxKLoyQhVG6DAYSpOKw=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=
@@ -283,12 +283,6 @@ github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxI
 github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og=
 github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI=
 github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM=
-github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI=
-github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic=
-github.com/go-git/go-billy/v5 v5.8.0 h1:I8hjc3LbBlXTtVuFNJuwYuMiHvQJDq1AT6u4DwDzZG0=
-github.com/go-git/go-billy/v5 v5.8.0/go.mod h1:RpvI/rw4Vr5QA+Z60c6d6LXH0rYJo0uD5SqfmrrheCY=
-github.com/go-git/go-git/v5 v5.18.0 h1:O831KI+0PR51hM2kep6T8k+w0/LIAD490gvqMCvL5hM=
-github.com/go-git/go-git/v5 v5.18.0/go.mod h1:pW/VmeqkanRFqR6AljLcs7EA7FbZaN5MQqO7oZADXpo=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
@@ -456,8 +450,6 @@ github.com/jackc/pgx/v5 v5.9.2 h1:3ZhOzMWnR4yJ+RW1XImIPsD1aNSz4T4fyP7zlQb56hw=
 github.com/jackc/pgx/v5 v5.9.2/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4=
 github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo=
 github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
-github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
-github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
 github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8=
 github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs=
 github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo=
@@ -982,8 +974,6 @@ gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
-gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

From 555d88070d97fe56fce222bd081c3c3b08202991 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Sun, 3 May 2026 06:42:14 +0200
Subject: [PATCH 790/854] feat: migrate show-modal to native dialogs (#10287)

Test coverage:

|Modal|Test|
|-|-|
|admin: adopt unadopted|missing, not needed|
|admin: delete unadopted|missing, not needed|
|admin: delete user|e2e added: `Admin: delete a user`|
|delete package|missing|
|new project|?|
|edit project col|?|
|default project col|?|
|delete project col|?|
|commit cherry-pick|?|
|commit delete note|?|
|fork redirect|?|
|lock/unlock issue|?|
|dismiss PR review|?|
|migration delete|?|
|migration cancel|?|
|lfs delete|?|
|convert mirror|?|
|convert fork|?|
|transfer repo|?|
|delete repo|?|
|archive repo|integration present, selectors adjusted|
|delete wiki|?|
|rename wiki branch|?|
|push mirror edit|?|
|mde: new table|e2e present, selectors adjusted|
|mde: new link|e2e present, selectors adjusted|
|actions: add secret|?|
|actions: edit variable|?|

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10287
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
---
 templates/admin/repo/unadopted.tmpl           |  60 ++--
 templates/admin/user/edit.tmpl                |  33 +-
 templates/package/settings.tmpl               |  18 +-
 templates/projects/view.tmpl                  | 117 ++++---
 templates/repo/commit_header.tmpl             |  55 +--
 templates/repo/header_fork.tmpl               |  32 +-
 .../issue/view_content/sidebar/actions.tmpl   |  90 ++---
 .../view_content/sidebar/pull_reviewers.tmpl  |  34 +-
 templates/repo/migrate/migrating.tmpl         |  77 ++--
 templates/repo/settings/lfs.tmpl              |  18 +-
 templates/repo/settings/options.tmpl          | 328 +++++++++---------
 .../repo/settings/push_mirror_sync_modal.tmpl |  48 +--
 templates/shared/combomarkdowneditor.tmpl     |  82 ++---
 templates/shared/secrets/add_list.tmpl        | 118 +++----
 templates/shared/variables/variable_list.tmpl |  61 ++--
 tests/e2e/admin-ui.test.e2e.ts                |  26 ++
 tests/e2e/clipboard-copy.test.e2e.ts          |  16 +-
 tests/e2e/issue-comment-dropzone.test.e2e.ts  |   6 +-
 tests/e2e/issue-sidebar.test.e2e.ts           |   7 +-
 tests/e2e/markdown-editor.test.e2e.ts         |  14 +-
 tests/e2e/modal.test.e2e.ts                   |  24 --
 tests/e2e/repo-code.test.e2e.ts               |  12 +-
 tests/e2e/runner-management.test.e2e.ts       |  47 ++-
 tests/integration/repo_archive_text_test.go   |   2 +-
 web_src/js/features/common-global.js          |  48 +--
 .../js/features/comp/ComboMarkdownEditor.js   |  38 +-
 web_src/js/features/repo-legacy.js            |   4 +-
 web_src/js/features/show-modal.ts             |  54 +++
 web_src/js/modules/modal.ts                   |  13 +-
 web_src/js/types.d.ts                         |   6 +
 30 files changed, 777 insertions(+), 711 deletions(-)
 create mode 100644 web_src/js/features/show-modal.ts

diff --git a/templates/admin/repo/unadopted.tmpl b/templates/admin/repo/unadopted.tmpl
index d7e57c7c14..bc74f24a58 100644
--- a/templates/admin/repo/unadopted.tmpl
+++ b/templates/admin/repo/unadopted.tmpl
@@ -24,37 +24,37 @@
 								<span class="tw-flex-1"> {{svg "octicon-file-directory-fill"}} {{$dir}}</span>
 								<div>
 									<button class="ui button primary show-modal tw-p-2" data-modal="#adopt-unadopted-modal-{{$dirI}}">{{svg "octicon-plus"}} {{ctx.Locale.Tr "repo.adopt_preexisting_label"}}</button>
-									<div class="ui g-modal-confirm modal" id="adopt-unadopted-modal-{{$dirI}}">
-										<div class="header">
-											<span class="label">{{ctx.Locale.Tr "repo.adopt_preexisting"}}</span>
-										</div>
-										<div class="content">
-											<p>{{ctx.Locale.Tr "repo.adopt_preexisting_content" $dir}}</p>
-										</div>
-										<form class="ui form" method="post" action="{{AppSubUrl}}/admin/repos/unadopted">
-											<input type="hidden" name="id" value="{{$dir}}">
-											<input type="hidden" name="action" value="adopt">
-											<input type="hidden" name="q" value="{{$.Keyword}}">
-											<input type="hidden" name="page" value="{{$.CurrentPage}}">
-											{{template "base/modal_actions_confirm"}}
-										</form>
-									</div>
+									<dialog id="adopt-unadopted-modal-{{$dirI}}">
+										<article>
+											<header>{{ctx.Locale.Tr "repo.adopt_preexisting"}}</header>
+											<div class="content">
+												<p>{{ctx.Locale.Tr "repo.adopt_preexisting_content" $dir}}</p>
+											</div>
+											<form class="ui form" method="post" action="{{AppSubUrl}}/admin/repos/unadopted">
+												<input type="hidden" name="id" value="{{$dir}}">
+												<input type="hidden" name="action" value="adopt">
+												<input type="hidden" name="q" value="{{$.Keyword}}">
+												<input type="hidden" name="page" value="{{$.CurrentPage}}">
+												{{template "base/modal_actions_confirm"}}
+											</form>
+										</article>
+									</dialog>
 									<button class="ui button red show-modal tw-p-2" data-modal="#delete-unadopted-modal-{{$dirI}}">{{svg "octicon-x"}} {{ctx.Locale.Tr "repo.delete_preexisting_label"}}</button>
-									<div class="ui g-modal-confirm modal" id="delete-unadopted-modal-{{$dirI}}">
-										<div class="header">
-											<span class="label">{{ctx.Locale.Tr "repo.delete_preexisting"}}</span>
-										</div>
-										<div class="content">
-											<p>{{ctx.Locale.Tr "repo.delete_preexisting_content" $dir}}</p>
-										</div>
-										<form class="ui form" method="post" action="{{AppSubUrl}}/admin/repos/unadopted">
-											<input type="hidden" name="id" value="{{$dir}}">
-											<input type="hidden" name="action" value="delete">
-											<input type="hidden" name="q" value="{{$.Keyword}}">
-											<input type="hidden" name="page" value="{{$.CurrentPage}}">
-											{{template "base/modal_actions_confirm"}}
-										</form>
-									</div>
+									<dialog id="delete-unadopted-modal-{{$dirI}}">
+										<article>
+											<header>{{ctx.Locale.Tr "repo.delete_preexisting"}}</header>
+											<div class="content">
+												<p>{{ctx.Locale.Tr "repo.delete_preexisting_content" $dir}}</p>
+											</div>
+											<form class="ui form" method="post" action="{{AppSubUrl}}/admin/repos/unadopted">
+												<input type="hidden" name="id" value="{{$dir}}">
+												<input type="hidden" name="action" value="delete">
+												<input type="hidden" name="q" value="{{$.Keyword}}">
+												<input type="hidden" name="page" value="{{$.CurrentPage}}">
+												{{template "base/modal_actions_confirm"}}
+											</form>
+										</article>
+									</dialog>
 								</div>
 							</div>
 						{{end}}
diff --git a/templates/admin/user/edit.tmpl b/templates/admin/user/edit.tmpl
index 1d29a991cd..f18317e694 100644
--- a/templates/admin/user/edit.tmpl
+++ b/templates/admin/user/edit.tmpl
@@ -224,24 +224,23 @@
 		</div>
 	</div>
 
-<div class="ui g-modal-confirm delete modal" id="delete-user-modal">
-	<div class="header">
-		{{svg "octicon-trash"}}
-		{{ctx.Locale.Tr "settings.delete_account_title"}}
-	</div>
-	<form class="ui form" method="post" action="./delete">
-		<div class="content">
-			<p>{{ctx.Locale.Tr "settings.delete_account_desc"}}</p>
-			<div class="field">
-				<div class="ui checkbox">
-					<label for="purge">{{ctx.Locale.Tr "admin.users.purge"}}</label>
-					<input name="purge" type="checkbox">
+<dialog id="delete-user-modal">
+	<article>
+		<header>{{svg "octicon-trash"}} {{ctx.Locale.Tr "settings.delete_account_title"}}</header>
+		<form class="ui form" method="post" action="./delete">
+			<div class="content">
+				<p>{{ctx.Locale.Tr "settings.delete_account_desc"}}</p>
+				<div class="field">
+					<div class="ui checkbox">
+						<label for="purge">{{ctx.Locale.Tr "admin.users.purge"}}</label>
+						<input name="purge" type="checkbox">
+					</div>
+					<p class="help">{{ctx.Locale.Tr "admin.users.purge_help"}}</p>
 				</div>
-				<p class="help">{{ctx.Locale.Tr "admin.users.purge_help"}}</p>
 			</div>
-		</div>
-		{{template "base/modal_actions_confirm" .}}
-	</form>
-</div>
+			{{template "base/modal_actions_confirm" .}}
+		</form>
+	</article>
+</dialog>
 
 {{template "admin/layout_footer" .}}
diff --git a/templates/package/settings.tmpl b/templates/package/settings.tmpl
index 515eddd85b..b60bb08d1e 100644
--- a/templates/package/settings.tmpl
+++ b/templates/package/settings.tmpl
@@ -53,20 +53,20 @@
 					<div class="flex-item-trailing">
 						<button class="ui basic red show-modal button" data-modal="#delete-package-modal">{{ctx.Locale.Tr "packages.settings.delete"}}</button>
 					</div>
-					<div class="ui tiny modal" id="delete-package-modal">
-						<div class="header">
-							{{ctx.Locale.Tr "packages.settings.delete"}}
-						</div>
-						<div class="content">
-							<div class="ui warning message tw-break-anywhere">
-								{{ctx.Locale.Tr "packages.settings.delete.notice" .PackageDescriptor.Package.Name .PackageDescriptor.Version.Version}}
+					<dialog id="delete-package-modal">
+						<article>
+							<header>{{ctx.Locale.Tr "packages.settings.delete"}}</header>
+							<div class="content">
+								<div class="ui warning message tw-break-anywhere">
+									{{ctx.Locale.Tr "packages.settings.delete.notice" .PackageDescriptor.Package.Name .PackageDescriptor.Version.Version}}
+								</div>
 							</div>
 							<form class="ui form" action="{{.Link}}" method="post">
 								<input type="hidden" name="action" value="delete">
 								{{template "base/modal_actions_confirm" .}}
 							</form>
-						</div>
-					</div>
+						</article>
+					</dialog>
 				</div>
 			</div>
 		</div>
diff --git a/templates/projects/view.tmpl b/templates/projects/view.tmpl
index 64def9cbca..3f7c91b35d 100644
--- a/templates/projects/view.tmpl
+++ b/templates/projects/view.tmpl
@@ -29,32 +29,31 @@
 					{{ctx.Locale.Tr "new_project_column"}}
 				</button>
 			</div>
-			<div class="ui small modal new-project-column-modal" id="new-project-column-item">
-				<div class="header">
-					{{ctx.Locale.Tr "repo.projects.column.new"}}
-				</div>
-				<div class="content">
+			<dialog id="new-project-column-item">
+				<article>
+					<header>{{ctx.Locale.Tr "repo.projects.column.new"}}</header>
 					<form class="ui form">
-						<div class="required field">
-							<label for="new_project_column">{{ctx.Locale.Tr "repo.projects.column.new_title"}}</label>
-							<input class="new-project-column" id="new_project_column" name="title" required>
-						</div>
+						<div class="content">
+							<div class="required field">
+								<label for="new_project_column">{{ctx.Locale.Tr "repo.projects.column.new_title"}}</label>
+								<input class="new-project-column" id="new_project_column" name="title" required>
+							</div>
 
-						<div class="field color-field">
-							<label for="new_project_column_color_picker">{{ctx.Locale.Tr "repo.projects.column.color"}}</label>
-							<div class="js-color-picker-input column">
-								<input maxlength="7" placeholder="#c320f6" id="new_project_column_color_picker" name="color">
-								{{template "repo/issue/label_precolors"}}
+							<div class="field color-field">
+								<label for="new_project_column_color_picker">{{ctx.Locale.Tr "repo.projects.column.color"}}</label>
+								<div class="js-color-picker-input column">
+									<input maxlength="7" placeholder="#c320f6" id="new_project_column_color_picker" name="color">
+									{{template "repo/issue/label_precolors"}}
+								</div>
 							</div>
 						</div>
-
-						<div class="text right actions">
-							<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+						<div class="actions">
+							<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
 							<button data-url="{{$.Link}}" class="ui primary button" id="new_project_column_submit">{{ctx.Locale.Tr "repo.projects.column.new_submit"}}</button>
 						</div>
 					</form>
-				</div>
-			</div>
+				</article>
+			</dialog>
 		{{end}}
 	</div>
 
@@ -101,54 +100,54 @@
 									</a>
 								{{end}}
 
-								<div class="ui small modal edit-project-column-modal" id="edit-project-column-modal-{{.ID}}">
-									<div class="header">
-										{{ctx.Locale.Tr "repo.projects.column.edit"}}
-									</div>
-									<div class="content">
+								<dialog class="edit-project-column-modal" id="edit-project-column-modal-{{.ID}}">
+									<article>
+										<header>{{ctx.Locale.Tr "repo.projects.column.edit"}}</header>
 										<form class="ui form">
-											<div class="required field">
-												<label for="new_project_column_title">{{ctx.Locale.Tr "repo.projects.column.edit_title"}}</label>
-												<input class="project-column-title-input" id="new_project_column_title" name="title" value="{{.Title}}" required>
-											</div>
-
-											<div class="field color-field">
-												<label for="new_project_column_color">{{ctx.Locale.Tr "repo.projects.column.color"}}</label>
-												<div class="js-color-picker-input column">
-													<input maxlength="7" placeholder="#c320f6" id="new_project_column_color" name="color" value="{{.Color}}">
-													{{template "repo/issue/label_precolors"}}
+											<div class="content">
+												<div class="required field">
+													<label for="new_project_column_title">{{ctx.Locale.Tr "repo.projects.column.edit_title"}}</label>
+													<input class="project-column-title-input" id="new_project_column_title" name="title" value="{{.Title}}" required>
 												</div>
-											</div>
 
-											<div class="text right actions">
-												<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+												<div class="field color-field">
+													<label for="new_project_column_color">{{ctx.Locale.Tr "repo.projects.column.color"}}</label>
+													<div class="js-color-picker-input column">
+														<input maxlength="7" placeholder="#c320f6" id="new_project_column_color" name="color" value="{{.Color}}">
+														{{template "repo/issue/label_precolors"}}
+													</div>
+												</div>
+
+											</div>
+											<div class="actions">
+												<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
 												<button data-url="{{$.Link}}/{{.ID}}" class="ui primary button edit-project-column-button">{{ctx.Locale.Tr "repo.projects.column.edit"}}</button>
 											</div>
 										</form>
-									</div>
-								</div>
+									</article>
+								</dialog>
 
-								<div class="ui g-modal-confirm modal default-project-column-modal" id="default-project-column-modal-{{.ID}}">
-									<div class="header">
-										<span id="default-project-column-header"></span>
-									</div>
-									<div class="content">
-										<label id="default-project-column-content"></label>
-									</div>
-									{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
-								</div>
+								<dialog class="default-project-column-modal" id="default-project-column-modal-{{.ID}}">
+									<article>
+										<header><span id="default-project-column-header"></span></header>
+										<div class="content">
+											<label id="default-project-column-content"></label>
+										</div>
+										{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
+									</article>
+								</dialog>
 
-								<div class="ui g-modal-confirm modal" id="delete-project-column-modal-{{.ID}}">
-									<div class="header">
-										{{ctx.Locale.Tr "repo.projects.column.delete"}}
-									</div>
-									<div class="content">
-										<label>
-											{{ctx.Locale.Tr "repo.projects.column.deletion_desc"}}
-										</label>
-									</div>
-									{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
-								</div>
+								<dialog id="delete-project-column-modal-{{.ID}}">
+									<article>
+										<header>{{ctx.Locale.Tr "repo.projects.column.delete"}}</header>
+										<div class="content">
+											<label>
+												{{ctx.Locale.Tr "repo.projects.column.deletion_desc"}}
+											</label>
+										</div>
+										{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
+									</article>
+								</dialog>
 							</div>
 						</div>
 					{{end}}
diff --git a/templates/repo/commit_header.tmpl b/templates/repo/commit_header.tmpl
index dacbf43b59..3ccdebc5f1 100644
--- a/templates/repo/commit_header.tmpl
+++ b/templates/repo/commit_header.tmpl
@@ -55,25 +55,28 @@
 								data-modal-cherry-pick-header="{{ctx.Locale.Tr "repo.commit.cherry-pick-header" (ShortSha .CommitID)}}"
 								data-modal-cherry-pick-content="{{ctx.Locale.Tr "repo.commit.cherry-pick-content"}}"
 								data-modal-cherry-pick-submit="{{ctx.Locale.Tr "repo.commit.cherry-pick"}}">{{ctx.Locale.Tr "repo.commit.cherry-pick"}}</div>
-							<div class="ui g-modal-confirm modal" id="cherry-pick-modal">
-								<div class="header">
-									<span id="cherry-pick-header"></span>
-								</div>
-								<div class="content">
-									<p id="cherry-pick-content" class="branch-dropdown"></p>
-									{{template "repo/branch_dropdown" dict "root" .
-										"noTag" true "disableCreateBranch" true
-										"branchForm" "branch-dropdown-form"
-										"branchURLPrefix" (printf "%s/_cherrypick/%s/" $.RepoLink .CommitID) "branchURLSuffix" ""
-										"setAction" true "submitForm" true}}
+							<dialog id="cherry-pick-modal">
+								<article>
+									<header><span id="cherry-pick-header"></span></header>
+									<div class="content">
+										<p id="cherry-pick-content" class="branch-dropdown"></p>
+										{{template "repo/branch_dropdown" dict "root" .
+											"noTag" true "disableCreateBranch" true
+											"branchForm" "branch-dropdown-form"
+											"branchURLPrefix" (printf "%s/_cherrypick/%s/" $.RepoLink .CommitID) "branchURLSuffix" ""
+											"setAction" true "submitForm" true}}
+									</div>
 									<form method="get" action="{{$.RepoLink}}/_cherrypick/{{.CommitID}}/{{PathEscapeSegments $.Repository.DefaultBranch}}" id="branch-dropdown-form">
 										<input type="hidden" name="ref" value="{{$.Repository.DefaultBranch}}">
 										<input type="hidden" name="refType" value="branch">
 										<input type="hidden" id="cherry-pick-type" name="cherry-pick-type"><br>
-										<button type="submit" id="cherry-pick-submit" class="ui primary button"></button>
+										<div class="actions">
+											<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+											<button type="submit" id="cherry-pick-submit" class="ui primary button"></button>
+										</div>
 									</form>
-								</div>
-							</div>
+								</article>
+							</dialog>
 							<dialog id="create-branch-modal">
 								<article>
 									<header>{{ctx.Locale.Tr "repo.branch.new_branch"}}</header>
@@ -284,20 +287,20 @@
 				<button id="commit-notes-edit-button" class="ui tiny primary button tw-py-[6px] tw-px-[10px]">{{ctx.Locale.Tr "edit"}}</button>
 				<button class="ui tiny button red show-modal tw-py-[6px] tw-px-[10px]" data-modal="#delete-note-modal">{{ctx.Locale.Tr "remove"}}</button>
 			</div>
-			<div class="ui small modal" id="delete-note-modal">
-				<div class="header">
-					{{ctx.Locale.Tr "repo.diff.git-notes.remove-header"}}
-				</div>
-				<div class="content">
-					<p>{{ctx.Locale.Tr "repo.diff.git-notes.remove-body"}}</p>
-					<div class="text right actions">
-						<form action="{{.Link}}/notes/remove" method="post">
+			<dialog id="delete-note-modal">
+				<article>
+					<header>{{ctx.Locale.Tr "repo.diff.git-notes.remove-header"}}</header>
+					<div class="content">
+						<p>{{ctx.Locale.Tr "repo.diff.git-notes.remove-body"}}</p>
+					</div>
+					<form action="{{.Link}}/notes/remove" method="post">
+						<div class="text right actions">
 							<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
 							<button type="submit" class="ui red button">{{ctx.Locale.Tr "remove"}}</button>
-						</form>
-					</div>
-				</div>
-			</div>
+						</div>
+					</form>
+				</article>
+			</dialog>
 		{{end}}
 	</div>
 	<div id="commit-notes-display-area" class="ui bottom attached info segment git-notes">
diff --git a/templates/repo/header_fork.tmpl b/templates/repo/header_fork.tmpl
index 0001be1025..95df5f4227 100644
--- a/templates/repo/header_fork.tmpl
+++ b/templates/repo/header_fork.tmpl
@@ -26,24 +26,24 @@
 		>
 			{{svg "octicon-repo-forked"}}<span class="text not-mobile">{{ctx.Locale.Tr "repo.fork"}}</span>
 		</a>
-		<div class="ui small modal" id="fork-repo-modal">
-			<div class="header">
-				{{ctx.Locale.Tr "repo.already_forked" .Name}}
-			</div>
-			<div class="content tw-text-left">
-				<div class="ui list">
-					{{range $.UserAndOrgForks}}
-						<div class="ui item tw-py-2">
-							<a href="{{.Link}}">{{svg "octicon-repo-forked" 16 "tw-mr-2"}}{{.FullName}}</a>
-						</div>
+		<dialog id="fork-repo-modal">
+			<article>
+				<header>{{ctx.Locale.Tr "repo.already_forked" .Name}}</header>
+				<div class="content tw-text-left">
+					<div class="ui list">
+						{{range $.UserAndOrgForks}}
+							<div class="ui item tw-py-2">
+								<a href="{{.Link}}">{{svg "octicon-repo-forked" 16 "tw-mr-2"}}{{.FullName}}</a>
+							</div>
+						{{end}}
+					</div>
+					{{if $.CanSignedUserFork}}
+					<div class="divider"></div>
+					<a href="{{$.RepoLink}}/fork">{{ctx.Locale.Tr "repo.fork_to_different_account"}}</a>
 					{{end}}
 				</div>
-				{{if $.CanSignedUserFork}}
-				<div class="divider"></div>
-				<a href="{{$.RepoLink}}/fork">{{ctx.Locale.Tr "repo.fork_to_different_account"}}</a>
-				{{end}}
-			</div>
-		</div>
+			</article>
+		</dialog>
 		<a class="ui basic label" href="{{.Link}}/forks"
 			aria-label="{{ctx.Locale.TrPluralString .NumForks "fork.n_forks" (printf "%d" .NumForks)}}"
 			>
diff --git a/templates/repo/issue/view_content/sidebar/actions.tmpl b/templates/repo/issue/view_content/sidebar/actions.tmpl
index d9fda9b296..0147e10193 100644
--- a/templates/repo/issue/view_content/sidebar/actions.tmpl
+++ b/templates/repo/issue/view_content/sidebar/actions.tmpl
@@ -21,32 +21,32 @@
 		{{ctx.Locale.Tr "repo.issues.lock"}}
 	{{end}}
 </button>
-<div class="ui tiny modal" id="lock">
-	<div class="header">
-		{{if .Issue.IsLocked}}
-			{{ctx.Locale.Tr "repo.issues.unlock.title"}}
-		{{else}}
-			{{ctx.Locale.Tr "repo.issues.lock.title"}}
-		{{end}}
-	</div>
-	<div class="content">
-		<div class="ui warning message">
+<dialog class="tw-overflow-visible" id="lock">
+	<article>
+		<header>
 			{{if .Issue.IsLocked}}
-				{{ctx.Locale.Tr "repo.issues.unlock.notice_1"}}<br>
-				{{ctx.Locale.Tr "repo.issues.unlock.notice_2"}}<br>
+				{{ctx.Locale.Tr "repo.issues.unlock.title"}}
 			{{else}}
-				{{ctx.Locale.Tr "repo.issues.lock.notice_1"}}<br>
-				{{ctx.Locale.Tr "repo.issues.lock.notice_2"}}<br>
-				{{ctx.Locale.Tr "repo.issues.lock.notice_3"}}<br>
+				{{ctx.Locale.Tr "repo.issues.lock.title"}}
 			{{end}}
+		</header>
+		<div class="content">
+			<div class="ui warning message">
+				{{if .Issue.IsLocked}}
+					{{ctx.Locale.Tr "repo.issues.unlock.notice_1"}}<br>
+					{{ctx.Locale.Tr "repo.issues.unlock.notice_2"}}<br>
+				{{else}}
+					{{ctx.Locale.Tr "repo.issues.lock.notice_1"}}<br>
+					{{ctx.Locale.Tr "repo.issues.lock.notice_2"}}<br>
+					{{ctx.Locale.Tr "repo.issues.lock.notice_3"}}<br>
+				{{end}}
+			</div>
 		</div>
-
-		<form class="ui form form-fetch-action" action="{{.Issue.Link}}{{if .Issue.IsLocked}}/unlock{{else}}/lock{{end}}"
-			method="post">
-
+		<form class="ui form form-fetch-action" action="{{.Issue.Link}}{{if .Issue.IsLocked}}/unlock{{else}}/lock{{end}}" method="post">
+			<div class="content">
 			{{if not .Issue.IsLocked}}
 				<div class="field">
-					<strong> {{ctx.Locale.Tr "repo.issues.lock.reason"}} </strong>
+					<strong>{{ctx.Locale.Tr "repo.issues.lock.reason"}}</strong>
 				</div>
 
 				<div class="field">
@@ -70,10 +70,10 @@
 					</div>
 				</div>
 			{{end}}
-
-			<div class="text right actions">
-				<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
-				<button class="ui red button">
+			</div>
+			<div class="actions">
+				<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+				<button type="submit" class="ui red button">
 					{{if .Issue.IsLocked}}
 						{{ctx.Locale.Tr "repo.issues.unlock_confirm"}}
 					{{else}}
@@ -82,30 +82,32 @@
 				</button>
 			</div>
 		</form>
-	</div>
-</div>
+	</article>
+</dialog>
 <button class="tw-mt-1 fluid ui show-modal button" data-modal="#sidebar-delete-issue">
 	{{svg "octicon-trash"}}
 	{{ctx.Locale.Tr "repo.issues.delete"}}
 </button>
-<div class="ui g-modal-confirm modal" id="sidebar-delete-issue">
-	<div class="header">
-		{{if .Issue.IsPull}}
-			{{ctx.Locale.Tr "repo.pulls.delete.title"}}
-		{{else}}
-			{{ctx.Locale.Tr "repo.issues.delete.title"}}
-		{{end}}
-	</div>
-	<div class="content">
-		<p>
+<dialog id="sidebar-delete-issue">
+	<article>
+		<header>
 			{{if .Issue.IsPull}}
-				{{ctx.Locale.Tr "repo.pulls.delete.text"}}
+				{{ctx.Locale.Tr "repo.pulls.delete.title"}}
 			{{else}}
-				{{ctx.Locale.Tr "repo.issues.delete.text"}}
+				{{ctx.Locale.Tr "repo.issues.delete.title"}}
 			{{end}}
-		</p>
-	</div>
-	<form action="{{.Issue.Link}}/delete" method="post">
-		{{template "base/modal_actions_confirm" .}}
-	</form>
-</div>
+		</header>
+		<div class="content">
+			<p>
+				{{if .Issue.IsPull}}
+					{{ctx.Locale.Tr "repo.pulls.delete.text"}}
+				{{else}}
+					{{ctx.Locale.Tr "repo.issues.delete.text"}}
+				{{end}}
+			</p>
+		</div>
+		<form action="{{.Issue.Link}}/delete" method="post">
+			{{template "base/modal_actions_confirm" .}}
+		</form>
+	</article>
+</dialog>
diff --git a/templates/repo/issue/view_content/sidebar/pull_reviewers.tmpl b/templates/repo/issue/view_content/sidebar/pull_reviewers.tmpl
index c770c95ac1..9a633a32ed 100644
--- a/templates/repo/issue/view_content/sidebar/pull_reviewers.tmpl
+++ b/templates/repo/issue/view_content/sidebar/pull_reviewers.tmpl
@@ -15,27 +15,29 @@
 								<a href="#" class="ui muted icon tw-flex tw-items-center show-modal" data-tooltip-content="{{ctx.Locale.Tr "repo.issues.dismiss_review"}}" data-modal="#dismiss-review-modal-{{.Review.ID}}">
 									{{svg "octicon-x" 20}}
 								</a>
-								<div class="ui small modal" id="dismiss-review-modal-{{.Review.ID}}">
-									<div class="header">
-										{{ctx.Locale.Tr "repo.issues.dismiss_review"}}
-									</div>
-									<div class="content">
-										<div class="ui warning message">
-											{{ctx.Locale.Tr "repo.issues.dismiss_review_warning"}}
+								<dialog id="dismiss-review-modal-{{.Review.ID}}">
+									<article>
+										<header>{{ctx.Locale.Tr "repo.issues.dismiss_review"}}</header>
+										<div class="content">
+											<div class="ui warning message">
+												{{ctx.Locale.Tr "repo.issues.dismiss_review_warning"}}
+											</div>
 										</div>
 										<form class="ui form dismiss-review-form" id="dismiss-review-{{.Review.ID}}" action="{{$.RepoLink}}/issues/dismiss_review" method="post">
-											<input type="hidden" name="review_id" value="{{.Review.ID}}">
-											<div class="field">
-												<label for="message">{{ctx.Locale.Tr "action.review_dismissed_reason"}}</label>
-												<input id="message" name="message">
+											<div class="content">
+												<input type="hidden" name="review_id" value="{{.Review.ID}}">
+												<div class="field">
+													<label for="message">{{ctx.Locale.Tr "action.review_dismissed_reason"}}</label>
+													<input id="message" name="message">
+												</div>
 											</div>
-											<div class="text right actions">
-												<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
-												<button class="ui red button" type="submit">{{ctx.Locale.Tr "ok"}}</button>
+											<div class="actions">
+												<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+												<button type="submit" class="ui red button">{{ctx.Locale.Tr "ok"}}</button>
 											</div>
 										</form>
-									</div>
-								</div>
+									</article>
+								</dialog>
 							{{end}}
 							{{if .Review.Stale}}
 								<span data-tooltip-content="{{ctx.Locale.Tr "repo.issues.is_stale"}}">
diff --git a/templates/repo/migrate/migrating.tmpl b/templates/repo/migrate/migrating.tmpl
index 6b2db26aaf..baac203cb8 100644
--- a/templates/repo/migrate/migrating.tmpl
+++ b/templates/repo/migrate/migrating.tmpl
@@ -51,49 +51,50 @@
 	</div>
 </div>
 
-<div class="ui small modal" id="delete-repo-modal">
-	<div class="header">
-		{{ctx.Locale.Tr "repo.settings.delete"}}
-	</div>
-	<div class="content">
-		<div class="ui warning message">
-			{{ctx.Locale.Tr "repo.settings.delete_notices_1"}}<br>
-			{{ctx.Locale.Tr "repo.settings.delete_notices_2" .Repository.FullName}}
-			{{if .Repository.NumForks}}<br>
-			{{ctx.Locale.Tr "repo.settings.delete_notices_fork_1"}}
-			{{end}}
+<dialog id="delete-repo-modal">
+	<article>
+		<header>{{ctx.Locale.Tr "repo.settings.delete"}}</header>
+		<div class="content">
+			<div class="ui warning message">
+				{{ctx.Locale.Tr "repo.settings.delete_notices_1"}}<br>
+				{{ctx.Locale.Tr "repo.settings.delete_notices_2" .Repository.FullName}}
+				{{if .Repository.NumForks}}<br>
+				{{ctx.Locale.Tr "repo.settings.delete_notices_fork_1"}}
+				{{end}}
+			</div>
 		</div>
 		<form class="ui form" action="{{.Link}}/settings" method="post">
-			<input type="hidden" name="action" value="delete">
-			<div class="field">
-				<label>
-					{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
-					<span class="text red">{{.Repository.FullName}}</span>
-				</label>
+			<div class="content">
+				<input type="hidden" name="action" value="delete">
+				<div class="field">
+					<label>
+						{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
+						<span class="text red">{{.Repository.FullName}}</span>
+					</label>
+				</div>
+				<div class="required field">
+					<label for="repo_name_to_delete">{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
+					<input id="repo_name_to_delete" name="repo_name" required>
+				</div>
 			</div>
-			<div class="required field">
-				<label for="repo_name_to_delete">{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-				<input id="repo_name_to_delete" name="repo_name" required>
-			</div>
-
-			<div class="text right actions">
-				<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
-				<button class="ui red button">{{ctx.Locale.Tr "repo.settings.confirm_delete"}}</button>
+			<div class="actions">
+				<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+				<button type="submit" class="ui red button">{{ctx.Locale.Tr "repo.settings.confirm_delete"}}</button>
 			</div>
 		</form>
-	</div>
-</div>
+	</article>
+</dialog>
 
-<div class="ui g-modal-confirm modal" id="cancel-repo-modal">
-	<div class="header">
-		{{ctx.Locale.Tr "migrate.cancel.title"}}
-	</div>
-	<form action="{{.Link}}/settings/migrate/cancel" method="post">
-		<div class="content">
-			{{ctx.Locale.Tr "migrate.cancel.confirmation"}}
-		</div>
-		{{template "base/modal_actions_confirm" .}}
-	</form>
-</div>
+<dialog id="cancel-repo-modal">
+	<article>
+		<header>{{ctx.Locale.Tr "migrate.cancel.title"}}</header>
+		<form action="{{.Link}}/settings/migrate/cancel" method="post">
+			<div class="content">
+				{{ctx.Locale.Tr "migrate.cancel.confirmation"}}
+			</div>
+			{{template "base/modal_actions_confirm" .}}
+		</form>
+	</article>
+</dialog>
 
 {{template "base/footer" .}}
diff --git a/templates/repo/settings/lfs.tmpl b/templates/repo/settings/lfs.tmpl
index 2d17e29848..a004685c60 100644
--- a/templates/repo/settings/lfs.tmpl
+++ b/templates/repo/settings/lfs.tmpl
@@ -34,19 +34,17 @@
 		</table>
 		{{template "base/paginate" .}}
 		{{range .LFSFiles}}
-			<div class="ui g-modal-confirm modal" id="delete-{{.Oid}}">
-				<div class="header">
-					{{ctx.Locale.Tr "repo.settings.lfs_delete" .Oid}}
-				</div>
-				<div class="content">
-					<p>
-						{{ctx.Locale.Tr "repo.settings.lfs_delete_warning"}}
-					</p>
+			<dialog id="delete-{{.Oid}}">
+				<article>
+					<header>{{ctx.Locale.Tr "repo.settings.lfs_delete" .Oid}}</header>
+					<div class="content">
+						<p>{{ctx.Locale.Tr "repo.settings.lfs_delete_warning"}}</p>
+					</div>
 					<form class="ui form" action="{{$.Link}}/delete/{{.Oid}}" method="post">
 						{{template "base/modal_actions_confirm"}}
 					</form>
-				</div>
-			</div>
+				</article>
+			</dialog>
 		{{end}}
 	</div>
 {{template "repo/settings/layout_footer" .}}
diff --git a/templates/repo/settings/options.tmpl b/templates/repo/settings/options.tmpl
index 137be0f334..ae7c7311db 100644
--- a/templates/repo/settings/options.tmpl
+++ b/templates/repo/settings/options.tmpl
@@ -559,46 +559,80 @@
 
 {{if .Permission.IsOwner}}
 	{{if .Repository.IsMirror}}
-		<div class="ui small modal" id="convert-mirror-repo-modal">
-			<div class="header">
-				{{ctx.Locale.Tr "repo.settings.convert"}}
-			</div>
-			<div class="content">
-				<div class="ui warning message">
-					{{ctx.Locale.Tr "repo.settings.convert_notices_1"}}
+		<dialog id="convert-mirror-repo-modal">
+			<article>
+				<header>{{ctx.Locale.Tr "repo.settings.convert"}}</header>
+				<div class="content">
+					<div class="ui warning message">
+						{{ctx.Locale.Tr "repo.settings.convert_notices_1"}}
+					</div>
 				</div>
 				<form class="ui form" action="{{.Link}}" method="post">
-					<input type="hidden" name="action" value="convert">
-					<div class="field">
-						<label>
-							{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
-							<span class="text red">{{.Repository.FullName}}</span>
-						</label>
+					<div class="content">
+						<input type="hidden" name="action" value="convert">
+						<div class="field">
+							<label>
+								{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
+								<span class="text red">{{.Repository.FullName}}</span>
+							</label>
+						</div>
+						<div class="required field">
+							<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
+							<input name="repo_name" required maxlength="100">
+						</div>
 					</div>
-					<div class="required field">
-						<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-						<input name="repo_name" required maxlength="100">
-					</div>
-
-					<div class="text right actions">
-						<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
-						<button class="ui red button">{{ctx.Locale.Tr "repo.settings.convert_confirm"}}</button>
+					<div class="actions">
+						<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+						<button type="submit" class="ui red button">{{ctx.Locale.Tr "repo.settings.convert_confirm"}}</button>
 					</div>
 				</form>
-			</div>
-		</div>
+			</article>
+		</dialog>
 	{{end}}
 	{{if and .Repository.IsFork .Repository.Owner.CanCreateRepo}}
-		<div class="ui small modal" id="convert-fork-repo-modal">
-			<div class="header">
-				{{ctx.Locale.Tr "repo.settings.convert_fork"}}
-			</div>
-			<div class="content">
-				<div class="ui warning message">
-					{{ctx.Locale.Tr "repo.settings.convert_fork_notices_1"}}
+		<dialog id="convert-fork-repo-modal">
+			<article>
+				<header>{{ctx.Locale.Tr "repo.settings.convert_fork"}}</header>
+				<div class="content">
+					<div class="ui warning message">
+						{{ctx.Locale.Tr "repo.settings.convert_fork_notices_1"}}
+					</div>
 				</div>
 				<form class="ui form" action="{{.Link}}" method="post">
-					<input type="hidden" name="action" value="convert_fork">
+					<div class="content">
+						<input type="hidden" name="action" value="convert_fork">
+						<div class="field">
+							<label>
+								{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
+								<span class="text red">{{.Repository.FullName}}</span>
+							</label>
+						</div>
+						<div class="required field">
+							<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
+							<input name="repo_name" required>
+						</div>
+					</div>
+					<div class="actions">
+						<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+						<button type="submit" class="ui red button">{{ctx.Locale.Tr "repo.settings.convert_fork_confirm"}}</button>
+					</div>
+				</form>
+			</article>
+		</dialog>
+	{{end}}
+	<dialog id="transfer-repo-modal">
+		<article>
+			<header>{{ctx.Locale.Tr "repo.settings.transfer.modal.title"}}</header>
+			<div class="content">
+				<div class="ui warning message">
+					{{ctx.Locale.Tr "repo.settings.transfer_notices_1"}} <br>
+					{{ctx.Locale.Tr "repo.settings.transfer_notices_2"}} <br>
+					{{ctx.Locale.Tr "repo.settings.transfer_notices_3"}}
+				</div>
+			</div>
+			<form class="ui form" action="{{.Link}}" method="post">
+				<div class="content">
+					<input type="hidden" name="action" value="transfer">
 					<div class="field">
 						<label>
 							{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
@@ -609,127 +643,66 @@
 						<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
 						<input name="repo_name" required>
 					</div>
-
-					<div class="text right actions">
-						<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
-						<button class="ui red button">{{ctx.Locale.Tr "repo.settings.convert_fork_confirm"}}</button>
+					<div class="required field">
+						<label for="new_owner_name">{{ctx.Locale.Tr "repo.settings.transfer_owner"}}</label>
+						<input id="new_owner_name" name="new_owner_name" required>
 					</div>
-				</form>
-			</div>
-		</div>
-	{{end}}
-	<div class="ui small modal" id="transfer-repo-modal">
-		<div class="header">
-			{{ctx.Locale.Tr "repo.settings.transfer.modal.title"}}
-		</div>
-		<div class="content">
-			<div class="ui warning message">
-				{{ctx.Locale.Tr "repo.settings.transfer_notices_1"}} <br>
-				{{ctx.Locale.Tr "repo.settings.transfer_notices_2"}} <br>
-				{{ctx.Locale.Tr "repo.settings.transfer_notices_3"}}
-			</div>
-			<form class="ui form" action="{{.Link}}" method="post">
-				<input type="hidden" name="action" value="transfer">
-				<div class="field">
-					<label>
-						{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
-						<span class="text red">{{.Repository.FullName}}</span>
-					</label>
 				</div>
-				<div class="required field">
-					<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-					<input name="repo_name" required>
-				</div>
-				<div class="required field">
-					<label for="new_owner_name">{{ctx.Locale.Tr "repo.settings.transfer_owner"}}</label>
-					<input id="new_owner_name" name="new_owner_name" required>
-				</div>
-
-				<div class="text right actions">
-					<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
-					<button class="ui red button">{{ctx.Locale.Tr "repo.settings.transfer_perform"}}</button>
+				<div class="actions">
+					<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+					<button type="submit" class="ui red button">{{ctx.Locale.Tr "repo.settings.transfer_perform"}}</button>
 				</div>
 			</form>
-		</div>
-	</div>
+		</article>
+	</dialog>
 
-	<div class="ui small modal" id="delete-repo-modal">
-		<div class="header">
-			{{ctx.Locale.Tr "repo.settings.delete"}}
-		</div>
-		<div class="content">
-			<div class="ui warning message">
-				{{ctx.Locale.Tr "repo.settings.delete_notices_1"}}<br>
-				{{ctx.Locale.Tr "repo.settings.delete_notices_2" .Repository.FullName}}
-				{{if .Repository.NumForks}}<br>
-				{{ctx.Locale.Tr "repo.settings.delete_notices_fork_1"}}
-				{{end}}
+	<dialog id="delete-repo-modal">
+		<article>
+			<header>{{ctx.Locale.Tr "repo.settings.delete"}}</header>
+			<div class="content">
+				<div class="ui warning message">
+					{{ctx.Locale.Tr "repo.settings.delete_notices_1"}}<br>
+					{{ctx.Locale.Tr "repo.settings.delete_notices_2" .Repository.FullName}}
+					{{if .Repository.NumForks}}<br>
+					{{ctx.Locale.Tr "repo.settings.delete_notices_fork_1"}}
+					{{end}}
+				</div>
 			</div>
 			<form class="ui form" action="{{.Link}}" method="post">
-				<input type="hidden" name="action" value="delete">
-				<div class="field">
-					<label>
-						{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
-						<span class="text red">{{.Repository.FullName}}</span>
-					</label>
+				<div class="content">
+					<input type="hidden" name="action" value="delete">
+					<div class="field">
+						<label>
+							{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
+							<span class="text red">{{.Repository.FullName}}</span>
+						</label>
+					</div>
+					<div class="required field">
+						<label for="repo_name_to_delete">{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
+						<input id="repo_name_to_delete" name="repo_name" required>
+					</div>
 				</div>
-				<div class="required field">
-					<label for="repo_name_to_delete">{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-					<input id="repo_name_to_delete" name="repo_name" required>
-				</div>
-
-				<div class="text right actions">
-					<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
-					<button class="ui red button">{{ctx.Locale.Tr "repo.settings.confirm_delete"}}</button>
+				<div class="actions">
+					<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+					<button type="submit" class="ui red button">{{ctx.Locale.Tr "repo.settings.confirm_delete"}}</button>
 				</div>
 			</form>
-		</div>
-	</div>
+		</article>
+	</dialog>
 
 	{{if .Repository.UnitEnabled $.Context $.UnitTypeWiki}}
-	<div class="ui small modal" id="delete-wiki-modal">
-		<div class="header">
-			{{ctx.Locale.Tr "repo.settings.wiki_delete"}}
-		</div>
-		<div class="content">
-			<div class="ui warning message">
-				{{ctx.Locale.Tr "repo.settings.delete_notices_1"}}<br>
-				{{ctx.Locale.Tr "repo.settings.wiki_delete_notices_1" .Repository.Name}}
-			</div>
-			<form class="ui form" action="{{.Link}}" method="post">
-				<input type="hidden" name="action" value="delete-wiki">
-				<div class="field">
-					<label>
-						{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
-						<span class="text red">{{.Repository.FullName}}</span>
-					</label>
-				</div>
-				<div class="required field">
-					<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-					<input name="repo_name" required>
-				</div>
-
-				<div class="text right actions">
-					<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
-					<button class="ui red button">{{ctx.Locale.Tr "repo.settings.confirm_wiki_delete"}}</button>
-				</div>
-			</form>
-		</div>
-	</div>
-	{{if ne $.Repository.GetWikiBranchName .DefaultWikiBranchName}}
-		<div class="ui small modal" id="rename-wiki-branch-modal">
-			<div class="header">
-				{{ctx.Locale.Tr "repo.settings.wiki_rename_branch_main"}}
-			</div>
+	<dialog id="delete-wiki-modal">
+		<article>
+			<header>{{ctx.Locale.Tr "repo.settings.wiki_delete"}}</header>
 			<div class="content">
 				<div class="ui warning message">
-					<ul>
-						<li>{{ctx.Locale.Tr "repo.settings.wiki_rename_branch_main_notices_1"}}</li>
-						<li>{{ctx.Locale.Tr "repo.settings.wiki_rename_branch_main_notices_2" .Repository.Name}}</li>
-					</ul>
+					{{ctx.Locale.Tr "repo.settings.delete_notices_1"}}<br>
+					{{ctx.Locale.Tr "repo.settings.wiki_delete_notices_1" .Repository.Name}}
 				</div>
-				<form class="ui form" action="{{.Link}}" method="post">
-					<input type="hidden" name="action" value="rename-wiki-branch">
+			</div>
+			<form class="ui form" action="{{.Link}}" method="post">
+				<div class="content">
+					<input type="hidden" name="action" value="delete-wiki">
 					<div class="field">
 						<label>
 							{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
@@ -740,40 +713,75 @@
 						<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
 						<input name="repo_name" required>
 					</div>
-
-					<div class="text right actions">
-						<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
-						<button class="ui red button">{{ctx.Locale.Tr "repo.settings.confirm_wiki_branch_rename"}}</button>
+				</div>
+				<div class="actions">
+					<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+					<button type="submit" class="ui red button">{{ctx.Locale.Tr "repo.settings.confirm_wiki_delete"}}</button>
+				</div>
+			</form>
+		</article>
+	</dialog>
+	{{if ne $.Repository.GetWikiBranchName .DefaultWikiBranchName}}
+		<dialog id="rename-wiki-branch-modal">
+			<article>
+				<header>{{ctx.Locale.Tr "repo.settings.wiki_rename_branch_main"}}</header>
+				<div class="content">
+					<div class="ui warning message">
+						<ul>
+							<li>{{ctx.Locale.Tr "repo.settings.wiki_rename_branch_main_notices_1"}}</li>
+							<li>{{ctx.Locale.Tr "repo.settings.wiki_rename_branch_main_notices_2" .Repository.Name}}</li>
+						</ul>
+					</div>
+				</div>
+				<form class="ui form" action="{{.Link}}" method="post">
+					<div class="content">
+						<input type="hidden" name="action" value="rename-wiki-branch">
+						<div class="field">
+							<label>
+								{{ctx.Locale.Tr "repo.settings.enter_repo_name"}}
+								<span class="text red">{{.Repository.FullName}}</span>
+							</label>
+						</div>
+						<div class="required field">
+							<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
+							<input name="repo_name" required>
+						</div>
+					</div>
+					<div class="actions">
+						<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+						<button type="submit" class="ui red button">{{ctx.Locale.Tr "repo.settings.confirm_wiki_branch_rename"}}</button>
 					</div>
 				</form>
-			</div>
-		</div>
+			</article>
+		</dialog>
 	{{end}}
 	{{end}}
 
 	{{if not .Repository.IsMirror}}
-		<div class="ui g-modal-confirm modal" id="archive-repo-modal">
-			<div class="header">
-				{{if .Repository.IsArchived}}
-					{{ctx.Locale.Tr "repo.settings.unarchive.header"}}
-				{{else}}
-					{{ctx.Locale.Tr "repo.settings.archive.header"}}
-				{{end}}
-			</div>
-			<div class="content">
-				<div class="ui warning message">
+		<dialog id="archive-repo-modal">
+			<article>
+				<header>
 					{{if .Repository.IsArchived}}
-						{{ctx.Locale.Tr "repo.settings.unarchive.text"}}
+						{{ctx.Locale.Tr "repo.settings.unarchive.header"}}
 					{{else}}
-						{{ctx.Locale.Tr "repo.settings.archive.text"}}
+						{{ctx.Locale.Tr "repo.settings.archive.header"}}
 					{{end}}
+				</header>
+				<div class="content">
+					<div class="ui warning message">
+						{{if .Repository.IsArchived}}
+							{{ctx.Locale.Tr "repo.settings.unarchive.text"}}
+						{{else}}
+							{{ctx.Locale.Tr "repo.settings.archive.text"}}
+						{{end}}
+					</div>
 				</div>
 				<form action="{{.Link}}" method="post">
 					<input type="hidden" name="action" value="{{if .Repository.IsArchived}}unarchive{{else}}archive{{end}}">
 					<input type="hidden" name="repo_id" value="{{.Repository.ID}}">
 					<div class="text right actions">
-						<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
-						<button class="ui red button">
+						<button type="button" class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
+						<button type="submit" class="ui red button">
 							{{if .Repository.IsArchived}}
 								{{ctx.Locale.Tr "repo.settings.unarchive.button"}}
 							{{else}}
@@ -781,9 +789,9 @@
 							{{end}}
 						</button>
 					</div>
-			</form>
-			</div>
-		</div>
+				</form>
+			</article>
+		</dialog>
 	{{end}}
 {{end}}
 
diff --git a/templates/repo/settings/push_mirror_sync_modal.tmpl b/templates/repo/settings/push_mirror_sync_modal.tmpl
index 441bed1abc..64e8440fff 100644
--- a/templates/repo/settings/push_mirror_sync_modal.tmpl
+++ b/templates/repo/settings/push_mirror_sync_modal.tmpl
@@ -1,29 +1,29 @@
-<div class="ui small modal" id="push-mirror-edit-modal">
-	<div class="header">
-		{{ctx.Locale.Tr "repo.settings.mirror_settings.push_mirror.edit_sync_time"}}
-	</div>
-	<div class="content">
+<dialog id="push-mirror-edit-modal">
+	<article>
+		<header>{{ctx.Locale.Tr "repo.settings.mirror_settings.push_mirror.edit_sync_time"}}</header>
 		<form class="ui form ignore-dirty" method="post">
-			<input type="hidden" name="action" value="push-mirror-update">
-			<input type="hidden" name="push_mirror_id" id="push-mirror-edit-id">
-			<div class="field">
-				<label for="name">{{ctx.Locale.Tr "repo.settings.mirror_settings.mirrored_repository"}}</label>
-				<div class="ui small input">
-					<input id="push-mirror-edit-address" readonly>
+			<div class="content">
+				<input type="hidden" name="action" value="push-mirror-update">
+				<input type="hidden" name="push_mirror_id" id="push-mirror-edit-id">
+				<div class="field">
+					<label for="name">{{ctx.Locale.Tr "repo.settings.mirror_settings.mirrored_repository"}}</label>
+					<div class="ui small input">
+						<input id="push-mirror-edit-address" readonly>
+					</div>
 				</div>
-			</div>
-			<div class="inline field">
-				<label for="push-mirror-edit-interval">{{ctx.Locale.Tr "repo.mirror_interval" .MinimumMirrorInterval}}</label>
-				<div class="ui small input">
-					<input id="push-mirror-edit-interval" name="push_mirror_interval" autofocus>
+				<div class="inline field">
+					<label for="push-mirror-edit-interval">{{ctx.Locale.Tr "repo.mirror_interval" .MinimumMirrorInterval}}</label>
+					<div class="ui small input">
+						<input id="push-mirror-edit-interval" name="push_mirror_interval" autofocus>
+					</div>
 				</div>
-			</div>
-			<div class="field">
-				<label for="push-mirror-edit-branch-filter">{{ctx.Locale.Tr "repo.settings.push_mirror.branch_filter.label"}}</label>
-				<div class="ui small input">
-					<input id="push-mirror-edit-branch-filter" name="push_mirror_branch_filter" maxlength="2048">
+				<div class="field">
+					<label for="push-mirror-edit-branch-filter">{{ctx.Locale.Tr "repo.settings.push_mirror.branch_filter.label"}}</label>
+					<div class="ui small input">
+						<input id="push-mirror-edit-branch-filter" name="push_mirror_branch_filter" maxlength="2048">
+					</div>
+					<p class="help">{{ctx.Locale.Tr "repo.settings.push_mirror.branch_filter.description" "https://forgejo.org/docs/latest/user/repo-mirror/#branch-filter" "Forgejo"}}</p>
 				</div>
-				<p class="help">{{ctx.Locale.Tr "repo.settings.push_mirror.branch_filter.description" "https://forgejo.org/docs/latest/user/repo-mirror/#branch-filter" "Forgejo"}}</p>
 			</div>
 			<div class="actions">
 				<button class="ui small basic cancel button">
@@ -36,5 +36,5 @@
 				</button>
 			</div>
 		</form>
-	</div>
-</div>
+	</article>
+</dialog>
diff --git a/templates/shared/combomarkdowneditor.tmpl b/templates/shared/combomarkdowneditor.tmpl
index c1ec50ab70..42840a3825 100644
--- a/templates/shared/combomarkdowneditor.tmpl
+++ b/templates/shared/combomarkdowneditor.tmpl
@@ -64,55 +64,57 @@ Template Attributes:
 		{{ctx.Locale.Tr "loading"}}
 	</div>
 
-	<div class="ui small modal tw-w-fit" data-modal-name="new-markdown-table">
-		<div class="header">{{ctx.Locale.Tr "editor.table_modal.header"}}</div>
+	<dialog data-modal-name="new-markdown-table">
+		<article>
+			<header>{{ctx.Locale.Tr "editor.table_modal.header"}}</header>
 
-		<div class="ui form content" data-selector-name="form">
-			<input type="hidden" name="table-header" value="{{ctx.Locale.Tr "editor.table_modal.placeholder.header"}}" disabled>
-			<input type="hidden" name="table-content" value="{{ctx.Locale.Tr "editor.table_modal.placeholder.content"}}" disabled>
-			<table>
-				<tbody>
-					<tr>
-						<td><label>{{ctx.Locale.Tr "editor.table_modal.label.rows"}}</label></td>
-						<td><input type="number" name="table-rows" class="js-enable" min="1" value="2" disabled required></td>
-					</tr>
-					<tr>
-						<td><label>{{ctx.Locale.Tr "editor.table_modal.label.columns"}}</label></td>
-						<td><input type="number" name="table-columns" class="js-enable" min="1" value="2" disabled required></td>
-					</tr>
-				</tbody>
-			</table>
-		</div>
+			<div class="ui form content" data-selector-name="form">
+				<input type="hidden" name="table-header" value="{{ctx.Locale.Tr "editor.table_modal.placeholder.header"}}" disabled>
+				<input type="hidden" name="table-content" value="{{ctx.Locale.Tr "editor.table_modal.placeholder.content"}}" disabled>
+				<table>
+					<tbody>
+						<tr>
+							<td><label>{{ctx.Locale.Tr "editor.table_modal.label.rows"}}</label></td>
+							<td><input type="number" name="table-rows" class="js-enable" min="1" value="2" disabled required></td>
+						</tr>
+						<tr>
+							<td><label>{{ctx.Locale.Tr "editor.table_modal.label.columns"}}</label></td>
+							<td><input type="number" name="table-columns" class="js-enable" min="1" value="2" disabled required></td>
+						</tr>
+					</tbody>
+				</table>
+			</div>
 
-		<div class="text right actions">
-			<button class="ui cancel button" data-selector-name="cancel-button">{{ctx.Locale.Tr "cancel"}}</button>
-			<button class="ui primary button" data-selector-name="ok-button">{{ctx.Locale.Tr "ok"}}</button>
-		</div>
-	</div>
+			<div class="actions">
+				<button class="ui cancel button" data-selector-name="cancel-button">{{ctx.Locale.Tr "cancel"}}</button>
+				<button class="ui primary button" data-selector-name="ok-button">{{ctx.Locale.Tr "ok"}}</button>
+			</div>
+		</article>
+	</dialog>
 
-	<div class="ui small modal" data-modal-name="new-markdown-link">
-		<div class="header">{{ctx.Locale.Tr "editor.link_modal.header"}}</div>
-
-		<fieldset class="content">
+	<dialog data-modal-name="new-markdown-link">
+		<article>
+			<header>{{ctx.Locale.Tr "editor.link_modal.header"}}</header>
 			<div class="ui form" data-selector-name="form">
-				<label>
-					{{ctx.Locale.Tr "editor.link_modal.url"}}
-					<input name="link-url" class="js-enable" disabled required dir="auto" autocomplete="off">
-				</label>
-				<label>
-					{{ctx.Locale.Tr "editor.link_modal.description"}}
-					<input name="link-description" class="js-enable" disabled required dir="auto" autocomplete="off">
-				</label>
+				<div class="content">
+					<label>
+						{{ctx.Locale.Tr "editor.link_modal.url"}}
+						<input name="link-url" class="js-enable" disabled required dir="auto" autocomplete="off">
+					</label>
+					<label>
+						{{ctx.Locale.Tr "editor.link_modal.description"}}
+						<input name="link-description" class="js-enable" disabled required dir="auto" autocomplete="off">
+					</label>
 
-				<div class="help">
-					{{ctx.Locale.Tr "editor.link_modal.paste_reminder"}}
+					<div class="help">
+						{{ctx.Locale.Tr "editor.link_modal.paste_reminder"}}
+					</div>
 				</div>
-
 				<div class="text right actions">
 					<button class="ui cancel button" data-selector-name="cancel-button">{{ctx.Locale.Tr "cancel"}}</button>
 					<button class="ui primary button" data-selector-name="ok-button">{{ctx.Locale.Tr "ok"}}</button>
 				</div>
 			</div>
-		</fieldset>
-	</div>
+		</article>
+	</dialog>
 </div>
diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
index d4550bfb47..d2eb74b406 100644
--- a/templates/shared/secrets/add_list.tmpl
+++ b/templates/shared/secrets/add_list.tmpl
@@ -57,63 +57,63 @@
 </div>
 
 {{/* Add secret dialog */}}
-<div class="ui small modal" id="add-secret-modal">
-	<div class="header">
-		<span id="actions-modal-header"></span>
-	</div>
-	<form class="ui form form-fetch-action" method="post">
-		<fieldset class="content">
-			<div class="field">
-				{{ctx.Locale.Tr "secrets.description"}}
-			</div>
-			<div class="field">
-				<label class="required" for="secret-name">{{ctx.Locale.Tr "name"}}</label>
-				<input autofocus required
-					id="secret-name"
-					name="name"
-					value="{{.name}}"
-					pattern="^(?!FORGEJO_|GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
-				>
-				<p id="name-description" class="help">{{ctx.Locale.Tr "actions.secrets.creation.name_description"}}</p>
-			</div>
-			<div class="field">
-				<label class="required" for="secret-data">{{ctx.Locale.Tr "value"}}</label>
-				<textarea required
-					id="secret-data"
-					name="data"
-				></textarea>
-				<p id="secret-data-description" class="help">{{ctx.Locale.Tr "actions.secrets.creation.value_description"}}</p>
-			</div>
-		</fieldset>
-		{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
-	</form>
-</div>
+<dialog id="add-secret-modal">
+	<article>
+		<header><span id="actions-modal-header"></span></header>
+		<form class="ui form form-fetch-action" method="post">
+			<fieldset class="content">
+				<div class="field">
+					{{ctx.Locale.Tr "secrets.description"}}
+				</div>
+				<div class="field">
+					<label class="required" for="secret-name">{{ctx.Locale.Tr "name"}}</label>
+					<input autofocus required
+						id="secret-name"
+						name="name"
+						value="{{.name}}"
+						pattern="^(?!FORGEJO_|GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
+					>
+					<p id="name-description" class="help">{{ctx.Locale.Tr "actions.secrets.creation.name_description"}}</p>
+				</div>
+				<div class="field">
+					<label class="required" for="secret-data">{{ctx.Locale.Tr "value"}}</label>
+					<textarea required
+						id="secret-data"
+						name="data"
+					></textarea>
+					<p id="secret-data-description" class="help">{{ctx.Locale.Tr "actions.secrets.creation.value_description"}}</p>
+				</div>
+			</fieldset>
+			{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
+		</form>
+	</article>
+</dialog>
 {{/* Edit secret dialog */}}
-<div class="ui small modal" id="edit-secret-modal">
-	<div class="header">
-		<span id="actions-modal-header"></span>
-	</div>
-	<form class="ui form form-fetch-action" method="post">
-		<fieldset class="content">
-			<div class="field">
-				{{ctx.Locale.Tr "secrets.description"}}
-			</div>
-			<div class="field">
-				<label class="required" for="dialog-secret-name">{{ctx.Locale.Tr "name"}}</label>
-				<input autofocus required
-					id="dialog-secret-name"
-					name="name"
-					value="{{.name}}"
-					pattern="^(?!FORGEJO_|GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
-				>
-				<p id="name-description" class="help">{{ctx.Locale.Tr "actions.secrets.mutation.name_description"}}</p>
-			</div>
-			<div class="field">
-				<label for="dialog-secret-data">{{ctx.Locale.Tr "value"}}</label>
-				<textarea id="dialog-secret-data" name="data"></textarea>
-				<p id="secret-data-description" class="help">{{ctx.Locale.Tr "actions.secrets.mutation.value_description"}}</p>
-			</div>
-		</fieldset>
-		{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
-	</form>
-</div>
+<dialog id="edit-secret-modal">
+	<article>
+		<header><span id="actions-modal-header"></span></header>
+		<form class="ui form form-fetch-action" method="post">
+			<fieldset class="content">
+				<div class="field">
+					{{ctx.Locale.Tr "secrets.description"}}
+				</div>
+				<div class="field">
+					<label class="required" for="dialog-secret-name">{{ctx.Locale.Tr "name"}}</label>
+					<input autofocus required
+						id="dialog-secret-name"
+						name="name"
+						value="{{.name}}"
+						pattern="^(?!FORGEJO_|GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
+					>
+					<p id="name-description" class="help">{{ctx.Locale.Tr "actions.secrets.mutation.name_description"}}</p>
+				</div>
+				<div class="field">
+					<label for="dialog-secret-data">{{ctx.Locale.Tr "value"}}</label>
+					<textarea id="dialog-secret-data" name="data"></textarea>
+					<p id="secret-data-description" class="help">{{ctx.Locale.Tr "actions.secrets.mutation.value_description"}}</p>
+				</div>
+			</fieldset>
+			{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
+		</form>
+	</article>
+</dialog>
diff --git a/templates/shared/variables/variable_list.tmpl b/templates/shared/variables/variable_list.tmpl
index 82acb66d14..5f310d91a3 100644
--- a/templates/shared/variables/variable_list.tmpl
+++ b/templates/shared/variables/variable_list.tmpl
@@ -59,33 +59,34 @@
 </div>
 
 {{/** Edit variable dialog */}}
-<div class="ui small modal" id="edit-variable-modal">
-	<div class="header"></div>
-	<form class="ui form form-fetch-action" method="post">
-		<fieldset class="content">
-			<div class="field">
-				{{ctx.Locale.Tr "actions.variables.description"}}
-			</div>
-			<div class="field">
-				<label for="dialog-variable-name">{{ctx.Locale.Tr "name"}}</label>
-				<input autofocus required
-					name="name"
-					id="dialog-variable-name"
-					value="{{.name}}"
-					pattern="^(?!CI$)(?!FORGEJO_|GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
-				>
-				<p id="name-description" class="help">{{ctx.Locale.Tr "actions.variables.mutation.name_description"}}</p>
-			</div>
-			<div class="field">
-				<label for="dialog-variable-data">{{ctx.Locale.Tr "value"}}</label>
-				<textarea required
-					name="data"
-					id="dialog-variable-data"
-				></textarea>
-				<p id="data-description" class="help">{{ctx.Locale.Tr "actions.variables.mutation.value_description"}}</p>
-			</div>
-		</fieldset>
-		{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
-	</form>
-</div>
-
+<dialog id="edit-variable-modal">
+	<article>
+		<header></header>
+		<form class="ui form form-fetch-action" method="post">
+			<fieldset class="content">
+				<div class="field">
+					{{ctx.Locale.Tr "actions.variables.description"}}
+				</div>
+				<div class="field">
+					<label for="dialog-variable-name">{{ctx.Locale.Tr "name"}}</label>
+					<input autofocus required
+						name="name"
+						id="dialog-variable-name"
+						value="{{.name}}"
+						pattern="^(?!CI$)(?!FORGEJO_|GITEA_|GITHUB_)[a-zA-Z_][a-zA-Z0-9_]*$"
+					>
+					<p id="name-description" class="help">{{ctx.Locale.Tr "actions.variables.mutation.name_description"}}</p>
+				</div>
+				<div class="field">
+					<label for="dialog-variable-data">{{ctx.Locale.Tr "value"}}</label>
+					<textarea required
+						name="data"
+						id="dialog-variable-data"
+					></textarea>
+					<p id="data-description" class="help">{{ctx.Locale.Tr "actions.variables.mutation.value_description"}}</p>
+				</div>
+			</fieldset>
+			{{template "base/modal_actions_confirm" (dict "ModalButtonTypes" "confirm")}}
+		</form>
+		</article>
+</dialog>
diff --git a/tests/e2e/admin-ui.test.e2e.ts b/tests/e2e/admin-ui.test.e2e.ts
index 8fcd3456a3..84145dd0cf 100644
--- a/tests/e2e/admin-ui.test.e2e.ts
+++ b/tests/e2e/admin-ui.test.e2e.ts
@@ -56,3 +56,29 @@ test('Admin email list', async ({page}) => {
     await expect(page.locator('[data-uid="9"] svg')).toHaveClass(/octicon-check/);
   }
 });
+
+test('Admin: delete a user', async ({page}) => {
+  const response = await page.goto('/admin/users/1/edit');
+  expect(response?.status()).toBe(200);
+
+  const modal = page.locator('#delete-user-modal');
+  const okButton = page.locator('#delete-user-modal .primary.button');
+
+  // Check that modal appears after clicking
+  await expect(modal).toBeHidden();
+  await expect(okButton).toBeHidden();
+  await page.locator('[data-modal="#delete-user-modal"]').click();
+  await expect(modal).toBeVisible();
+  await expect(okButton).toBeVisible();
+
+  // Agree with deletion
+  await okButton.click();
+
+  // Should have been redirected to /admin/users/1
+  await expect(page).toHaveURL(/\/admin\/users\/1$/);
+
+  // This test doesn't actually delete a user as it attempts to delete the doer and
+  // receives an error. This is enough to test that the request reaches the correct
+  // endpoint without causing e2e retry headache
+  await expect(page.locator('#flash-message')).toBeVisible();
+});
diff --git a/tests/e2e/clipboard-copy.test.e2e.ts b/tests/e2e/clipboard-copy.test.e2e.ts
index fd1118da2b..6cd9836316 100644
--- a/tests/e2e/clipboard-copy.test.e2e.ts
+++ b/tests/e2e/clipboard-copy.test.e2e.ts
@@ -16,8 +16,12 @@ test('copy src file path to clipboard', async ({page}) => {
   expect(response?.status()).toBe(200);
 
   await page.click('[data-clipboard-text]');
-  const clipboardText = await page.evaluate(() => navigator.clipboard.readText());
-  expect(clipboardText).toContain('README.md');
+
+  await expect(async () => {
+    const clipboardText = await page.evaluate(() => navigator.clipboard.readText());
+    expect(clipboardText).toContain('README.md');
+  }).toPass();
+
   await expect(page.getByText('Copied')).toBeVisible();
   await screenshot(page, page.getByText('Copied'), 50);
 });
@@ -27,8 +31,12 @@ test('copy diff file path to clipboard', async ({page}) => {
   expect(response?.status()).toBe(200);
 
   await page.click('[data-clipboard-text]');
-  const clipboardText = await page.evaluate(() => navigator.clipboard.readText());
-  expect(clipboardText).toContain('README.md');
+
+  await expect(async () => {
+    const clipboardText = await page.evaluate(() => navigator.clipboard.readText());
+    expect(clipboardText).toContain('README.md');
+  }).toPass();
+
   await expect(page.getByText('Copied')).toBeVisible();
   await screenshot(page, page.getByText('Copied'), 50);
 });
diff --git a/tests/e2e/issue-comment-dropzone.test.e2e.ts b/tests/e2e/issue-comment-dropzone.test.e2e.ts
index 40bd238dc1..739490f6ad 100644
--- a/tests/e2e/issue-comment-dropzone.test.e2e.ts
+++ b/tests/e2e/issue-comment-dropzone.test.e2e.ts
@@ -48,8 +48,10 @@ async function assertCopy(page: Page, startWith: string) {
   const copyLink = preview.locator('.octicon-copy').locator('..');
   await copyLink.click();
 
-  const clipboardContent = await page.evaluate(() => navigator.clipboard.readText());
-  expect(clipboardContent).toContain(startWith);
+  await expect(async () => {
+    const clipboardContent = await page.evaluate(() => navigator.clipboard.readText());
+    expect(clipboardContent).toContain(startWith);
+  }).toPass();
 }
 
 test('Paste image in new comment', async ({page}) => {
diff --git a/tests/e2e/issue-sidebar.test.e2e.ts b/tests/e2e/issue-sidebar.test.e2e.ts
index d785a19e18..3324595438 100644
--- a/tests/e2e/issue-sidebar.test.e2e.ts
+++ b/tests/e2e/issue-sidebar.test.e2e.ts
@@ -379,6 +379,9 @@ test('Issue: Reference', async ({page}) => {
   );
 
   await page.getByRole('button', {name: 'Copy'}).click();
-  const reference = await page.evaluate(() => navigator.clipboard.readText());
-  expect(reference).toBe('user2/repo1#1');
+
+  await expect(async () => {
+    const reference = await page.evaluate(() => navigator.clipboard.readText());
+    expect(reference).toBe('user2/repo1#1');
+  }).toPass();
 });
diff --git a/tests/e2e/markdown-editor.test.e2e.ts b/tests/e2e/markdown-editor.test.e2e.ts
index 5274b25a73..acc7a00a24 100644
--- a/tests/e2e/markdown-editor.test.e2e.ts
+++ b/tests/e2e/markdown-editor.test.e2e.ts
@@ -367,7 +367,7 @@ test('Markdown insert table', async ({page}) => {
     const newTableButton = area.locator('button[data-md-action="new-table"]');
     await newTableButton.click();
 
-    const newTableModal = page.locator('[data-modal-name="new-markdown-table"].active');
+    const newTableModal = page.locator('[data-modal-name="new-markdown-table"][open]');
     await expect(newTableModal).toBeVisible();
     await screenshot(page);
 
@@ -417,9 +417,9 @@ test('Markdown insert link', async ({page}) => {
     const newLinkButton = area.locator('button[data-md-action="new-link"]');
     await newLinkButton.click();
 
-    const newLinkModal = page.locator('[data-modal-name="new-markdown-link"].active');
+    const newLinkModal = page.locator('[data-modal-name="new-markdown-link"][open]');
     await expect(newLinkModal).toBeVisible();
-    await accessibilityCheck({page}, ['[data-modal-name="new-markdown-link"].active'], [], []);
+    await accessibilityCheck({page}, ['[data-modal-name="new-markdown-link"][open]'], [], []);
     await screenshot(page);
 
     const urlInput = newLinkModal.locator('input[name="link-url"]');
@@ -455,9 +455,9 @@ test('Markdown insert link', async ({page}) => {
 
     await textarea.press('ControlOrMeta+KeyK');
 
-    const newLinkModal = page.locator('[data-modal-name="new-markdown-link"].active');
+    const newLinkModal = page.locator('[data-modal-name="new-markdown-link"][open]');
     await expect(newLinkModal).toBeVisible();
-    await accessibilityCheck({page}, ['[data-modal-name="new-markdown-link"].active'], [], []);
+    await accessibilityCheck({page}, ['[data-modal-name="new-markdown-link"][open]'], [], []);
     await screenshot(page);
 
     const urlInput = newLinkModal.locator('input[name="link-url"]');
@@ -579,7 +579,7 @@ test('Multiple combo markdown: insert table', async ({page}) => {
   const newTableButtonOne = page.locator('[for="_combo_markdown_editor_0"] button[data-md-action="new-table"]');
   await newTableButtonOne.click();
 
-  const newTableModalOne = page.locator('div[data-markdown-table-modal-id="0"]');
+  const newTableModalOne = page.locator('dialog[data-markdown-table-modal-id="0"]');
   await expect(newTableModalOne).toBeVisible();
 
   await newTableModalOne.locator('input[name="table-rows"]').fill('3');
@@ -601,7 +601,7 @@ test('Multiple combo markdown: insert table', async ({page}) => {
   const newTableButtonTwo = page.locator('[for="_combo_markdown_editor_1"] button[data-md-action="new-table"]');
   await newTableButtonTwo.click();
 
-  const newTableModalTwo = page.locator('div[data-markdown-table-modal-id="1"]');
+  const newTableModalTwo = page.locator('dialog[data-markdown-table-modal-id="1"]');
   await expect(newTableModalTwo).toBeVisible();
 
   await newTableModalTwo.locator('input[name="table-rows"]').fill('2');
diff --git a/tests/e2e/modal.test.e2e.ts b/tests/e2e/modal.test.e2e.ts
index 40fe33e9a6..28161a2012 100644
--- a/tests/e2e/modal.test.e2e.ts
+++ b/tests/e2e/modal.test.e2e.ts
@@ -103,27 +103,3 @@ test('Dialog modal: width', async ({page, isMobile}) => {
     expect(width).toBe(800);
   }
 });
-
-test('Dialog modal: short viewport', async ({page, isMobile}) => {
-  test.skip(isMobile);
-
-  // Small height for viewport.
-  await page.setViewportSize({
-    width: 1000,
-    height: 200,
-  });
-
-  await page.goto('/user2/repo1/settings');
-
-  // Open modal with long content
-  const deleteModal = page.locator('#delete-repo-modal');
-  await expect(deleteModal).toBeHidden();
-  await page.getByRole('button', {name: 'Delete this repository'}).click();
-  await expect(deleteModal).toBeVisible();
-
-  // Scroll to the bottom.
-  const scrollY = await page.evaluate(() => document.querySelector('.ui.dimmer').scrollHeight);
-  await page.mouse.wheel(0, scrollY);
-  const scrollTop = await page.evaluate(() => document.querySelector('.ui.dimmer').scrollTop);
-  expect(scrollTop).toBeGreaterThan(0);
-});
diff --git a/tests/e2e/repo-code.test.e2e.ts b/tests/e2e/repo-code.test.e2e.ts
index 7f9ca147ea..d84fb58b1a 100644
--- a/tests/e2e/repo-code.test.e2e.ts
+++ b/tests/e2e/repo-code.test.e2e.ts
@@ -148,11 +148,13 @@ test('Copy line permalink', async ({page}) => {
   const response = await page.goto('/user2/repo1/src/branch/master/README.md?display=source#L1');
   expect(response?.status()).toBe(200);
 
-  await page.locator('.code-line-button').click();
-  // eslint-disable-next-line playwright/no-force-option
-  await page.locator('.tippy-box .copy-line-permalink').click({force: true});
-  const clipboardText = await page.evaluate(() => navigator.clipboard.readText());
-  expect(clipboardText).toContain('README.md?display=source#L1');
+  await expect(async () => {
+    await page.locator('.code-line-button').click();
+    // eslint-disable-next-line playwright/no-force-option
+    await page.locator('.tippy-box .copy-line-permalink').click({force: true});
+    const clipboardText = await page.evaluate(() => navigator.clipboard.readText());
+    expect(clipboardText).toContain('README.md?display=source#L1');
+  }).toPass();
 });
 
 test('Line menu styles', async ({page}) => {
diff --git a/tests/e2e/runner-management.test.e2e.ts b/tests/e2e/runner-management.test.e2e.ts
index c7211dbe05..02edbd6e87 100644
--- a/tests/e2e/runner-management.test.e2e.ts
+++ b/tests/e2e/runner-management.test.e2e.ts
@@ -121,9 +121,12 @@ test.describe('Runners of user2', () => {
     await expect(page).toHaveTitle(/^Set up runner runner-991301 .*/);
     await expect(page.getByRole('heading', {name: 'Set up runner runner-991301'})).toBeVisible();
 
-    await page.getByRole('button', {name: 'Copy runner UUID'}).click();
-    const runnerUUID = await page.evaluate(() => navigator.clipboard.readText());
-    expect(runnerUUID).toMatch(uuidPattern);
+    let runnerUUID;
+    await expect(async () => {
+      await page.getByRole('button', {name: 'Copy runner UUID'}).click();
+      runnerUUID = await page.evaluate(() => navigator.clipboard.readText());
+      expect(runnerUUID).toMatch(uuidPattern);
+    }).toPass();
 
     let runnerToken;
     await expect(async () => {
@@ -230,14 +233,20 @@ test.describe('Runners of user2', () => {
     await expect(page).toHaveTitle(/^Set up runner runner-2 .*/);
     await expect(page.getByRole('heading', {name: 'Set up runner runner-2'})).toBeVisible();
 
-    await page.getByRole('button', {name: 'Copy runner UUID'}).click();
-    const runnerUUID = await page.evaluate(() => navigator.clipboard.readText());
-    expect(runnerUUID).toEqual('3a20ad8d-d5d6-4b7b-ba55-841ac8264c17');
+    let runnerUUID;
+    await expect(async () => {
+      await page.getByRole('button', {name: 'Copy runner UUID'}).click();
+      runnerUUID = await page.evaluate(() => navigator.clipboard.readText());
+      expect(runnerUUID).toEqual('3a20ad8d-d5d6-4b7b-ba55-841ac8264c17');
+    }).toPass();
 
-    await page.getByRole('button', {name: 'Copy runner token'}).click();
-    const runnerToken = await page.evaluate(() => navigator.clipboard.readText());
-    expect(runnerToken).not.toEqual('9730f9d2c6c731f07582788d1a1fe72a6b999a17');
-    expect(runnerToken).toMatch(tokenPattern);
+    let runnerToken;
+    await expect(async () => {
+      await page.getByRole('button', {name: 'Copy runner token'}).click();
+      runnerToken = await page.evaluate(() => navigator.clipboard.readText());
+      expect(runnerToken).not.toEqual('9730f9d2c6c731f07582788d1a1fe72a6b999a17');
+      expect(runnerToken).toMatch(tokenPattern);
+    }).toPass();
 
     await expect(page.getByRole('term')).toHaveText(['UUID', 'Token']);
     await expect(page.getByRole('definition')).toContainText([runnerUUID, runnerToken]);
@@ -427,13 +436,19 @@ test.describe('Global runners', () => {
     await expect(page).toHaveTitle(/^Set up runner runner-473465 .*/);
     await expect(page.getByRole('heading', {name: 'Set up runner runner-473465'})).toBeVisible();
 
-    await page.getByRole('button', {name: 'Copy runner UUID'}).click();
-    const runnerUUID = await page.evaluate(() => navigator.clipboard.readText());
-    expect(runnerUUID).toMatch(uuidPattern);
+    let runnerUUID;
+    await expect(async () => {
+      await page.getByRole('button', {name: 'Copy runner UUID'}).click();
+      runnerUUID = await page.evaluate(() => navigator.clipboard.readText());
+      expect(runnerUUID).toMatch(uuidPattern);
+    }).toPass();
 
-    await page.getByRole('button', {name: 'Copy runner token'}).click();
-    const runnerToken = await page.evaluate(() => navigator.clipboard.readText());
-    expect(runnerToken).toMatch(tokenPattern);
+    let runnerToken;
+    await expect(async () => {
+      await page.getByRole('button', {name: 'Copy runner token'}).click();
+      runnerToken = await page.evaluate(() => navigator.clipboard.readText());
+      expect(runnerToken).toMatch(tokenPattern);
+    }).toPass();
 
     await expect(page.getByRole('term')).toHaveText(['UUID', 'Token']);
     await expect(page.getByRole('definition')).toContainText([runnerUUID, runnerToken]);
diff --git a/tests/integration/repo_archive_text_test.go b/tests/integration/repo_archive_text_test.go
index f0e88a8343..5a76e1e47b 100644
--- a/tests/integration/repo_archive_text_test.go
+++ b/tests/integration/repo_archive_text_test.go
@@ -63,7 +63,7 @@ func testRepoArchiveElements(t *testing.T, tr translation.Locale, doc *HTMLDoc,
 
 	// Test modal
 	modal := doc.Find("#archive-repo-modal")
-	testRepoArchiveElement(t, tr, modal, ".header", opType+".header")
+	testRepoArchiveElement(t, tr, modal, "header", opType+".header")
 	testRepoArchiveElement(t, tr, modal, ".message", opType+".text")
 	testRepoArchiveElement(t, tr, modal, ".button.red", opType+".button")
 }
diff --git a/web_src/js/features/common-global.js b/web_src/js/features/common-global.js
index 93a970caa0..fe644e099e 100644
--- a/web_src/js/features/common-global.js
+++ b/web_src/js/features/common-global.js
@@ -13,6 +13,7 @@ import {showErrorToast} from '../modules/toast.js';
 import {request, POST, GET} from '../modules/fetch.js';
 import '../htmx.js';
 import {initTab} from '../modules/tab.ts';
+import {initGlobalShowModal} from './show-modal.ts';
 
 const {appUrl, appSubUrl, i18n} = window.config;
 
@@ -439,53 +440,6 @@ export function initGlobalLinkActions() {
   });
 }
 
-export function initGlobalShowModal() {
-  // A ".show-modal" button will show a modal dialog defined by its "data-modal" attribute.
-  // Each "data-modal-{target}" attribute will be filled to target element's value or text-content.
-  // * First, try to query '#target'
-  // * Then, try to query '.target'
-  // * Then, try to query 'target' as HTML tag
-  // If there is a ".{attr}" part like "data-modal-form.action", then the form's "action" attribute will be set.
-  $('.show-modal').on('click', function (e) {
-    e.preventDefault();
-    const modalSelector = this.getAttribute('data-modal');
-    const $modal = $(modalSelector);
-    if (!$modal.length) {
-      throw new Error('no modal for this action');
-    }
-    const modalAttrPrefix = 'data-modal-';
-    for (const attrib of this.attributes) {
-      if (!attrib.name.startsWith(modalAttrPrefix)) {
-        continue;
-      }
-
-      const attrTargetCombo = attrib.name.substring(modalAttrPrefix.length);
-      const [attrTargetName, attrTargetAttr] = attrTargetCombo.split('.');
-      // try to find target by: "#target" -> ".target" -> "target tag"
-      let $attrTarget = $modal.find(`#${attrTargetName}`);
-      if (!$attrTarget.length) $attrTarget = $modal.find(`.${attrTargetName}`);
-      if (!$attrTarget.length) $attrTarget = $modal.find(`${attrTargetName}`);
-      if (!$attrTarget.length) continue; // TODO: show errors in dev mode to remind developers that there is a bug
-
-      if (attrTargetAttr) {
-        $attrTarget[0][attrTargetAttr] = attrib.value;
-      } else if ($attrTarget[0].matches('input, textarea')) {
-        $attrTarget.val(attrib.value); // FIXME: add more supports like checkbox
-      } else {
-        $attrTarget.text(attrib.value); // FIXME: it should be more strict here, only handle div/span/p
-      }
-    }
-
-    $modal.modal('setting', {
-      onApprove: () => {
-        // "form-fetch-action" can handle network errors gracefully,
-        // so keep the modal dialog to make users can re-submit the form if anything wrong happens.
-        if ($modal.find('.form-fetch-action').length) return false;
-      },
-    }).modal('show');
-  });
-}
-
 export function initGlobalButtons() {
   // There are many "cancel button" elements in modal dialogs, Fomantic UI expects they are button-like elements but never submit a form.
   // However, Gitea misuses the modal dialog and put the cancel buttons inside forms, so we must prevent the form submission.
diff --git a/web_src/js/features/comp/ComboMarkdownEditor.js b/web_src/js/features/comp/ComboMarkdownEditor.js
index b4bc443c0e..b42d054ae9 100644
--- a/web_src/js/features/comp/ComboMarkdownEditor.js
+++ b/web_src/js/features/comp/ComboMarkdownEditor.js
@@ -96,8 +96,8 @@ class ComboMarkdownEditor {
     this.textareaMarkdownToolbar.querySelector('button[data-md-action="unindent"]')?.addEventListener('click', () => {
       this.indentSelection(true, false);
     });
-    this.textareaMarkdownToolbar.querySelector('button[data-md-action="new-table"]')?.setAttribute('data-modal', `div[data-markdown-table-modal-id="${this.elementIdSuffix}"]`);
-    this.textareaMarkdownToolbar.querySelector('button[data-md-action="new-link"]')?.setAttribute('data-modal', `div[data-markdown-link-modal-id="${this.elementIdSuffix}"]`);
+    this.textareaMarkdownToolbar.querySelector('button[data-md-action="new-table"]')?.setAttribute('data-modal', `dialog[data-markdown-table-modal-id="${this.elementIdSuffix}"]`);
+    this.textareaMarkdownToolbar.querySelector('button[data-md-action="new-link"]')?.setAttribute('data-modal', `dialog[data-markdown-link-modal-id="${this.elementIdSuffix}"]`);
 
     // Find all data-md-ctrl-shortcut elements in the markdown toolbar.
     const shortcutKeys = new Map();
@@ -263,7 +263,7 @@ class ComboMarkdownEditor {
 
   addNewTable(event) {
     const elementId = event.target.getAttribute('data-element-id');
-    const newTableModal = document.querySelector(`div[data-markdown-table-modal-id="${elementId}"]`);
+    const newTableModal = document.querySelector(`dialog[data-markdown-table-modal-id="${elementId}"]`);
     const form = newTableModal.querySelector('div[data-selector-name="form"]');
 
     // Validate input fields
@@ -295,8 +295,9 @@ class ComboMarkdownEditor {
   }
 
   setupTableInserter() {
-    const newTableModal = this.container.querySelector('div[data-modal-name="new-markdown-table"]');
+    const newTableModal = this.container.querySelector('dialog[data-modal-name="new-markdown-table"]');
     newTableModal.setAttribute('data-markdown-table-modal-id', this.elementIdSuffix);
+    document.body.append(newTableModal); // Contains form elements, avoid conflict with form of comment editor.
 
     const button = newTableModal.querySelector('button[data-selector-name="ok-button"]');
     button.setAttribute('data-element-id', this.elementIdSuffix);
@@ -305,7 +306,7 @@ class ComboMarkdownEditor {
 
   addNewLink(event) {
     const elementId = event.target.getAttribute('data-element-id');
-    const newLinkModal = document.querySelector(`div[data-markdown-link-modal-id="${elementId}"]`);
+    const newLinkModal = document.querySelector(`dialog[data-markdown-link-modal-id="${elementId}"]`);
     const form = newLinkModal.querySelector('div[data-selector-name="form"]');
 
     // Validate input fields
@@ -330,25 +331,22 @@ class ComboMarkdownEditor {
   }
 
   setupLinkInserter() {
-    const newLinkModal = this.container.querySelector('div[data-modal-name="new-markdown-link"]');
+    const newLinkModal = this.container.querySelector('dialog[data-modal-name="new-markdown-link"]');
     newLinkModal.setAttribute('data-markdown-link-modal-id', this.elementIdSuffix);
     const textarea = document.getElementById(`_combo_markdown_editor_${this.elementIdSuffix}`);
+    document.body.append(newLinkModal); // Contains form elements, avoid conflict with form of comment editor.
 
-    $(newLinkModal).modal({
-      // Pre-fill the description field from the selection to create behavior similar
-      // to pasting an URL over selected text.
-      onShow: () => {
-        const start = textarea.selectionStart;
-        const end = textarea.selectionEnd;
+    newLinkModal.$modal = {onShow: () => {
+      const start = textarea.selectionStart;
+      const end = textarea.selectionEnd;
 
-        if (start !== end) {
-          const selection = textarea.value.slice(start ?? undefined, end ?? undefined);
-          newLinkModal.querySelector('input[name="link-description"]').value = selection;
-        } else {
-          newLinkModal.querySelector('input[name="link-description"]').value = '';
-        }
-      },
-    });
+      if (start !== end) {
+        const selection = textarea.value.slice(start ?? undefined, end ?? undefined);
+        newLinkModal.querySelector('input[name="link-description"]').value = selection;
+      } else {
+        newLinkModal.querySelector('input[name="link-description"]').value = '';
+      }
+    }};
 
     const button = newLinkModal.querySelector('button[data-selector-name="ok-button"]');
     button.setAttribute('data-element-id', this.elementIdSuffix);
diff --git a/web_src/js/features/repo-legacy.js b/web_src/js/features/repo-legacy.js
index 523ce555c4..e0d4daebef 100644
--- a/web_src/js/features/repo-legacy.js
+++ b/web_src/js/features/repo-legacy.js
@@ -27,7 +27,7 @@ import {attachRefIssueContextPopup} from './contextpopup.js';
 import {POST} from '../modules/fetch.js';
 import {MarkdownQuote} from '@github/quote-selection';
 import {toAbsoluteUrl} from '../utils.js';
-import {initDropzone, initGlobalShowModal, initDisabledInputs} from './common-global.js';
+import {initDropzone, initDisabledInputs} from './common-global.js';
 
 export function initRepoCommentForm() {
   const $commentForm = $('.comment.form');
@@ -386,8 +386,6 @@ async function onEditContent(event) {
     tabEditor?.click();
   }
 
-  initGlobalShowModal();
-
   // Show write/preview tab and copy raw content as needed
   showElem(editContentZone);
   hideElem(renderContent);
diff --git a/web_src/js/features/show-modal.ts b/web_src/js/features/show-modal.ts
new file mode 100644
index 0000000000..9f58b83479
--- /dev/null
+++ b/web_src/js/features/show-modal.ts
@@ -0,0 +1,54 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+import {showModal} from '../modules/modal.ts';
+
+// Initialize all elements that have the `show-modal` class. The modal ID that
+// is specified in the `data-modal` attribute will be shown. The shown modal
+// can be modified by adding more attributes:
+// * `data-modal-$TARGET="$VALUE"`, If $TARGET contains a dot then its split
+// as $TARGET and $ATTR. $TARGET will first be queried as an identifier, then as
+// a classname and then as an element tag name in the modal element. If $ATTR
+// exists then the target element will have attribute $ATTR set to value $VALUE,
+// otherwise if the element is of type input or textarea then the value is set
+// to $VALUE otherwise the textContent of that element is set to $VALUE.
+export function initGlobalShowModal() {
+  document.addEventListener('click', (e) => {
+    if (!(e.target instanceof Element)) {
+      return;
+    }
+    const target = e.target.closest('.show-modal');
+    if (!target) {
+      return;
+    }
+    e.preventDefault();
+
+    const modal = document.querySelector<HTMLDialogElement>(target.getAttribute('data-modal'));
+    if (!modal) {
+      throw new Error('No modal found for this action');
+    }
+
+    const modalAttrPrefix = 'data-modal-';
+    for (const attrib of (target as HTMLElement).attributes) {
+      if (!attrib.name.startsWith(modalAttrPrefix)) {
+        continue;
+      }
+
+      const attrTargetCombo = attrib.name.substring(modalAttrPrefix.length);
+      const [attrTargetName, attrTargetAttr] = attrTargetCombo.split('.');
+
+      // try to find target by: "#target" -> ".target" -> "target tag"
+      const attrTarget = modal.querySelector(`#${attrTargetName}, .${attrTargetName}, ${attrTargetName}`);
+
+      if (attrTargetAttr) {
+        attrTarget.setAttribute(attrTargetAttr, attrib.value);
+      } else if (attrTarget instanceof HTMLInputElement || attrTarget instanceof HTMLTextAreaElement) {
+        attrTarget.value = attrib.value; // FIXME: add more supports like checkbox
+      } else {
+        attrTarget.textContent = attrib.value; // FIXME: it should be more strict here, only handle div/span/p
+      }
+    }
+
+    showModal(modal, undefined);
+  });
+}
diff --git a/web_src/js/modules/modal.ts b/web_src/js/modules/modal.ts
index b6fef12b2b..f82239ed95 100644
--- a/web_src/js/modules/modal.ts
+++ b/web_src/js/modules/modal.ts
@@ -3,8 +3,14 @@
 
 // showModal will show the given modal and run `onApprove` if the approve/ok/yes
 // button is pressed.
-export function showModal(modalID: string, onApprove: () => void) {
-  const modal = document.getElementById(modalID) as HTMLDialogElement;
+export function showModal(modalID: string | HTMLDialogElement, onApprove: () => void) {
+  let modal: HTMLDialogElement;
+  if (typeof modalID === 'string') {
+    modal = document.getElementById(modalID) as HTMLDialogElement;
+  } else {
+    modal = modalID;
+  }
+
   // Move the modal to `<body>`, to avoid inheriting any bad CSS or if the
   // parent becomes `display: hidden`.
   document.body.append(modal);
@@ -15,6 +21,9 @@ export function showModal(modalID: string, onApprove: () => void) {
   }, {once: true, passive: true});
   modal.querySelector('.ok')?.addEventListener('click', onApprove, {passive: true});
 
+  // Call a `onShow` callback if one is registered for this element.
+  modal?.$modal?.onShow();
+
   // The modal is ready to be shown.
   modal.showModal();
 }
diff --git a/web_src/js/types.d.ts b/web_src/js/types.d.ts
index d464f25fe9..3d3e83f465 100644
--- a/web_src/js/types.d.ts
+++ b/web_src/js/types.d.ts
@@ -14,3 +14,9 @@ type CodeMirrorLanguage = typeof import('@codemirror/language');
 type CodeMirrorSearch = typeof import('@codemirror/search');
 type CodeMirrorState = typeof import('@codemirror/state');
 type CodeMirrorView = typeof import('@codemirror/view');
+
+interface HTMLDialogElement {
+  $modal?: {
+    onShow?: () => void;
+  }
+}

From d63724ceab806a7b2adad07e8652ed12047fb667 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 3 May 2026 07:29:02 +0200
Subject: [PATCH 791/854] Update module github.com/blevesearch/bleve/v2 to
 v2.6.0 (forgejo) (#12373)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12373
---
 assets/go-licenses.json | 10 ++++++
 go.mod                  | 33 ++++++++++----------
 go.sum                  | 68 ++++++++++++++++++++---------------------
 3 files changed, 61 insertions(+), 50 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index e3c20b807e..c7ab5d3e95 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -389,6 +389,11 @@
     "path": "github.com/blevesearch/zapx/v16/LICENSE",
     "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License."
   },
+  {
+    "name": "github.com/blevesearch/zapx/v17",
+    "path": "github.com/blevesearch/zapx/v17/LICENSE",
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License."
+  },
   {
     "name": "github.com/bmatcuk/doublestar/v4",
     "path": "github.com/bmatcuk/doublestar/v4/LICENSE",
@@ -954,6 +959,11 @@
     "path": "github.com/modern-go/reflect2/LICENSE",
     "licenseText": "                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License.\n"
   },
+  {
+    "name": "github.com/mschoch/smat",
+    "path": "github.com/mschoch/smat/LICENSE",
+    "licenseText": "\n                                 Apache License\n                           Version 2.0, January 2004\n                        http://www.apache.org/licenses/\n\n   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n   1. Definitions.\n\n      \"License\" shall mean the terms and conditions for use, reproduction,\n      and distribution as defined by Sections 1 through 9 of this document.\n\n      \"Licensor\" shall mean the copyright owner or entity authorized by\n      the copyright owner that is granting the License.\n\n      \"Legal Entity\" shall mean the union of the acting entity and all\n      other entities that control, are controlled by, or are under common\n      control with that entity. For the purposes of this definition,\n      \"control\" means (i) the power, direct or indirect, to cause the\n      direction or management of such entity, whether by contract or\n      otherwise, or (ii) ownership of fifty percent (50%) or more of the\n      outstanding shares, or (iii) beneficial ownership of such entity.\n\n      \"You\" (or \"Your\") shall mean an individual or Legal Entity\n      exercising permissions granted by this License.\n\n      \"Source\" form shall mean the preferred form for making modifications,\n      including but not limited to software source code, documentation\n      source, and configuration files.\n\n      \"Object\" form shall mean any form resulting from mechanical\n      transformation or translation of a Source form, including but\n      not limited to compiled object code, generated documentation,\n      and conversions to other media types.\n\n      \"Work\" shall mean the work of authorship, whether in Source or\n      Object form, made available under the License, as indicated by a\n      copyright notice that is included in or attached to the work\n      (an example is provided in the Appendix below).\n\n      \"Derivative Works\" shall mean any work, whether in Source or Object\n      form, that is based on (or derived from) the Work and for which the\n      editorial revisions, annotations, elaborations, or other modifications\n      represent, as a whole, an original work of authorship. For the purposes\n      of this License, Derivative Works shall not include works that remain\n      separable from, or merely link (or bind by name) to the interfaces of,\n      the Work and Derivative Works thereof.\n\n      \"Contribution\" shall mean any work of authorship, including\n      the original version of the Work and any modifications or additions\n      to that Work or Derivative Works thereof, that is intentionally\n      submitted to Licensor for inclusion in the Work by the copyright owner\n      or by an individual or Legal Entity authorized to submit on behalf of\n      the copyright owner. For the purposes of this definition, \"submitted\"\n      means any form of electronic, verbal, or written communication sent\n      to the Licensor or its representatives, including but not limited to\n      communication on electronic mailing lists, source code control systems,\n      and issue tracking systems that are managed by, or on behalf of, the\n      Licensor for the purpose of discussing and improving the Work, but\n      excluding communication that is conspicuously marked or otherwise\n      designated in writing by the copyright owner as \"Not a Contribution.\"\n\n      \"Contributor\" shall mean Licensor and any individual or Legal Entity\n      on behalf of whom a Contribution has been received by Licensor and\n      subsequently incorporated within the Work.\n\n   2. Grant of Copyright License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      copyright license to reproduce, prepare Derivative Works of,\n      publicly display, publicly perform, sublicense, and distribute the\n      Work and such Derivative Works in Source or Object form.\n\n   3. Grant of Patent License. Subject to the terms and conditions of\n      this License, each Contributor hereby grants to You a perpetual,\n      worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n      (except as stated in this section) patent license to make, have made,\n      use, offer to sell, sell, import, and otherwise transfer the Work,\n      where such license applies only to those patent claims licensable\n      by such Contributor that are necessarily infringed by their\n      Contribution(s) alone or by combination of their Contribution(s)\n      with the Work to which such Contribution(s) was submitted. If You\n      institute patent litigation against any entity (including a\n      cross-claim or counterclaim in a lawsuit) alleging that the Work\n      or a Contribution incorporated within the Work constitutes direct\n      or contributory patent infringement, then any patent licenses\n      granted to You under this License for that Work shall terminate\n      as of the date such litigation is filed.\n\n   4. Redistribution. You may reproduce and distribute copies of the\n      Work or Derivative Works thereof in any medium, with or without\n      modifications, and in Source or Object form, provided that You\n      meet the following conditions:\n\n      (a) You must give any other recipients of the Work or\n          Derivative Works a copy of this License; and\n\n      (b) You must cause any modified files to carry prominent notices\n          stating that You changed the files; and\n\n      (c) You must retain, in the Source form of any Derivative Works\n          that You distribute, all copyright, patent, trademark, and\n          attribution notices from the Source form of the Work,\n          excluding those notices that do not pertain to any part of\n          the Derivative Works; and\n\n      (d) If the Work includes a \"NOTICE\" text file as part of its\n          distribution, then any Derivative Works that You distribute must\n          include a readable copy of the attribution notices contained\n          within such NOTICE file, excluding those notices that do not\n          pertain to any part of the Derivative Works, in at least one\n          of the following places: within a NOTICE text file distributed\n          as part of the Derivative Works; within the Source form or\n          documentation, if provided along with the Derivative Works; or,\n          within a display generated by the Derivative Works, if and\n          wherever such third-party notices normally appear. The contents\n          of the NOTICE file are for informational purposes only and\n          do not modify the License. You may add Your own attribution\n          notices within Derivative Works that You distribute, alongside\n          or as an addendum to the NOTICE text from the Work, provided\n          that such additional attribution notices cannot be construed\n          as modifying the License.\n\n      You may add Your own copyright statement to Your modifications and\n      may provide additional or different license terms and conditions\n      for use, reproduction, or distribution of Your modifications, or\n      for any such Derivative Works as a whole, provided Your use,\n      reproduction, and distribution of the Work otherwise complies with\n      the conditions stated in this License.\n\n   5. Submission of Contributions. Unless You explicitly state otherwise,\n      any Contribution intentionally submitted for inclusion in the Work\n      by You to the Licensor shall be under the terms and conditions of\n      this License, without any additional terms or conditions.\n      Notwithstanding the above, nothing herein shall supersede or modify\n      the terms of any separate license agreement you may have executed\n      with Licensor regarding such Contributions.\n\n   6. Trademarks. This License does not grant permission to use the trade\n      names, trademarks, service marks, or product names of the Licensor,\n      except as required for reasonable and customary use in describing the\n      origin of the Work and reproducing the content of the NOTICE file.\n\n   7. Disclaimer of Warranty. Unless required by applicable law or\n      agreed to in writing, Licensor provides the Work (and each\n      Contributor provides its Contributions) on an \"AS IS\" BASIS,\n      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n      implied, including, without limitation, any warranties or conditions\n      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n      PARTICULAR PURPOSE. You are solely responsible for determining the\n      appropriateness of using or redistributing the Work and assume any\n      risks associated with Your exercise of permissions under this License.\n\n   8. Limitation of Liability. In no event and under no legal theory,\n      whether in tort (including negligence), contract, or otherwise,\n      unless required by applicable law (such as deliberate and grossly\n      negligent acts) or agreed to in writing, shall any Contributor be\n      liable to You for damages, including any direct, indirect, special,\n      incidental, or consequential damages of any character arising as a\n      result of this License or out of the use or inability to use the\n      Work (including but not limited to damages for loss of goodwill,\n      work stoppage, computer failure or malfunction, or any and all\n      other commercial damages or losses), even if such Contributor\n      has been advised of the possibility of such damages.\n\n   9. Accepting Warranty or Additional Liability. While redistributing\n      the Work or Derivative Works thereof, You may choose to offer,\n      and charge a fee for, acceptance of support, warranty, indemnity,\n      or other liability obligations and/or rights consistent with this\n      License. However, in accepting such obligations, You may act only\n      on Your own behalf and on Your sole responsibility, not on behalf\n      of any other Contributor, and only if You agree to indemnify,\n      defend, and hold each Contributor harmless for any liability\n      incurred by, or claims asserted against, such Contributor by reason\n      of your accepting any such warranty or additional liability.\n\n   END OF TERMS AND CONDITIONS\n\n   APPENDIX: How to apply the Apache License to your work.\n\n      To apply the Apache License to your work, attach the following\n      boilerplate notice, with the fields enclosed by brackets \"[]\"\n      replaced with your own identifying information. (Don't include\n      the brackets!)  The text should be enclosed in the appropriate\n      comment syntax for the file format. We also recommend that a\n      file or class name and description of purpose be included on the\n      same \"printed page\" as the copyright notice for easier\n      identification within third-party archives.\n\n   Copyright [yyyy] [name of copyright owner]\n\n   Licensed under the Apache License, Version 2.0 (the \"License\");\n   you may not use this file except in compliance with the License.\n   You may obtain a copy of the License at\n\n       http://www.apache.org/licenses/LICENSE-2.0\n\n   Unless required by applicable law or agreed to in writing, software\n   distributed under the License is distributed on an \"AS IS\" BASIS,\n   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n   See the License for the specific language governing permissions and\n   limitations under the License."
+  },
   {
     "name": "github.com/munnerz/goautoneg",
     "path": "github.com/munnerz/goautoneg/LICENSE",
diff --git a/go.mod b/go.mod
index d38060a6b1..669aef9172 100644
--- a/go.mod
+++ b/go.mod
@@ -29,7 +29,7 @@ require (
 	github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0
 	github.com/alecthomas/chroma/v2 v2.23.1
 	github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb
-	github.com/blevesearch/bleve/v2 v2.5.7
+	github.com/blevesearch/bleve/v2 v2.6.0
 	github.com/buildkite/terminal-to-html/v3 v3.16.8
 	github.com/caddyserver/certmagic v0.25.3
 	github.com/chi-middleware/proxy v1.1.1
@@ -121,31 +121,32 @@ require (
 	code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0 // indirect
 	filippo.io/edwards25519 v1.1.1 // indirect
 	git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
-	github.com/RoaringBitmap/roaring/v2 v2.4.5 // indirect
+	github.com/RoaringBitmap/roaring/v2 v2.14.5 // indirect
 	github.com/STARRY-S/zip v0.2.3 // indirect
 	github.com/andybalholm/brotli v1.2.0 // indirect
 	github.com/andybalholm/cascadia v1.3.3 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/bits-and-blooms/bitset v1.22.0 // indirect
-	github.com/blevesearch/bleve_index_api v1.2.11 // indirect
-	github.com/blevesearch/geo v0.2.4 // indirect
-	github.com/blevesearch/go-faiss v1.0.26 // indirect
+	github.com/bits-and-blooms/bitset v1.24.2 // indirect
+	github.com/blevesearch/bleve_index_api v1.3.11 // indirect
+	github.com/blevesearch/geo v0.2.5 // indirect
+	github.com/blevesearch/go-faiss v1.1.0 // indirect
 	github.com/blevesearch/go-porterstemmer v1.0.3 // indirect
 	github.com/blevesearch/gtreap v0.1.1 // indirect
-	github.com/blevesearch/mmap-go v1.0.4 // indirect
-	github.com/blevesearch/scorch_segment_api/v2 v2.3.13 // indirect
+	github.com/blevesearch/mmap-go v1.2.0 // indirect
+	github.com/blevesearch/scorch_segment_api/v2 v2.4.7 // indirect
 	github.com/blevesearch/segment v0.9.1 // indirect
 	github.com/blevesearch/snowballstem v0.9.0 // indirect
 	github.com/blevesearch/upsidedown_store_api v1.0.2 // indirect
-	github.com/blevesearch/vellum v1.1.0 // indirect
-	github.com/blevesearch/zapx/v11 v11.4.2 // indirect
-	github.com/blevesearch/zapx/v12 v12.4.2 // indirect
-	github.com/blevesearch/zapx/v13 v13.4.2 // indirect
-	github.com/blevesearch/zapx/v14 v14.4.2 // indirect
-	github.com/blevesearch/zapx/v15 v15.4.2 // indirect
-	github.com/blevesearch/zapx/v16 v16.2.8 // indirect
+	github.com/blevesearch/vellum v1.2.0 // indirect
+	github.com/blevesearch/zapx/v11 v11.4.3 // indirect
+	github.com/blevesearch/zapx/v12 v12.4.3 // indirect
+	github.com/blevesearch/zapx/v13 v13.4.3 // indirect
+	github.com/blevesearch/zapx/v14 v14.4.3 // indirect
+	github.com/blevesearch/zapx/v15 v15.4.3 // indirect
+	github.com/blevesearch/zapx/v16 v16.3.4 // indirect
+	github.com/blevesearch/zapx/v17 v17.1.2 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.9.1 // indirect
 	github.com/bodgit/plumbing v1.3.0 // indirect
 	github.com/bodgit/sevenzip v1.6.1 // indirect
@@ -187,7 +188,7 @@ require (
 	github.com/go-xmlfmt/xmlfmt v0.0.0-20191208150333-d5b6f63a941b // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
 	github.com/golang/geo v0.0.0-20210211234256-740aa86cb551 // indirect
-	github.com/golang/snappy v0.0.4 // indirect
+	github.com/golang/snappy v1.0.0 // indirect
 	github.com/google/btree v1.1.3 // indirect
 	github.com/google/go-cmp v0.7.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
diff --git a/go.sum b/go.sum
index 170b500020..0064361008 100644
--- a/go.sum
+++ b/go.sum
@@ -77,8 +77,8 @@ github.com/ProtonMail/go-crypto v1.4.1 h1:9RfcZHqEQUvP8RzecWEUafnZVtEvrBVL9BiF67
 github.com/ProtonMail/go-crypto v1.4.1/go.mod h1:e1OaTyu5SYVrO9gKOEhTc+5UcXtTUa+P3uLudwcgPqo=
 github.com/PuerkitoBio/goquery v1.12.0 h1:pAcL4g3WRXekcB9AU/y1mbKez2dbY2AajVhtkO8RIBo=
 github.com/PuerkitoBio/goquery v1.12.0/go.mod h1:802ej+gV2y7bbIhOIoPY5sT183ZW0YFofScC4q/hIpQ=
-github.com/RoaringBitmap/roaring/v2 v2.4.5 h1:uGrrMreGjvAtTBobc0g5IrW1D5ldxDQYe2JW2gggRdg=
-github.com/RoaringBitmap/roaring/v2 v2.4.5/go.mod h1:FiJcsfkGje/nZBZgCu0ZxCPOKD/hVXDS2dXi7/eUFE0=
+github.com/RoaringBitmap/roaring/v2 v2.14.5 h1:ckd0o545JqDPeVJDgeFoaM21eBixUnlWfYgjE5VnyWw=
+github.com/RoaringBitmap/roaring/v2 v2.14.5/go.mod h1:eq4wdNXxtJIS/oikeCzdX1rBzek7ANzbth041hrU8Q4=
 github.com/STARRY-S/zip v0.2.3 h1:luE4dMvRPDOWQdeDdUxUoZkzUIpTccdKdhHHsQJ1fm4=
 github.com/STARRY-S/zip v0.2.3/go.mod h1:lqJ9JdeRipyOQJrYSOtpNAiaesFO6zVDsE8GIGFaoSk=
 github.com/SaveTheRbtz/zstd-seekable-format-go/pkg v0.8.0 h1:tgjwQrDH5m6jIYB7kac5IQZmfUzQNseac/e3H4VoCNE=
@@ -103,47 +103,48 @@ github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuP
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bits-and-blooms/bitset v1.12.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
-github.com/bits-and-blooms/bitset v1.22.0 h1:Tquv9S8+SGaS3EhyA+up3FXzmkhxPGjQQCkcs2uw7w4=
-github.com/bits-and-blooms/bitset v1.22.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
+github.com/bits-and-blooms/bitset v1.24.2 h1:M7/NzVbsytmtfHbumG+K2bremQPMJuqv1JD3vOaFxp0=
+github.com/bits-and-blooms/bitset v1.24.2/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb h1:m935MPodAbYS46DG4pJSv7WO+VECIWUQ7OJYSoTrMh4=
 github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI=
-github.com/blevesearch/bleve/v2 v2.5.7 h1:2d9YrL5zrX5EBBW++GOaEKjE+NPWeZGaX77IM26m1Z8=
-github.com/blevesearch/bleve/v2 v2.5.7/go.mod h1:yj0NlS7ocGC4VOSAedqDDMktdh2935v2CSWOCDMHdSA=
-github.com/blevesearch/bleve_index_api v1.2.11 h1:bXQ54kVuwP8hdrXUSOnvTQfgK0KI1+f9A0ITJT8tX1s=
-github.com/blevesearch/bleve_index_api v1.2.11/go.mod h1:rKQDl4u51uwafZxFrPD1R7xFOwKnzZW7s/LSeK4lgo0=
-github.com/blevesearch/geo v0.2.4 h1:ECIGQhw+QALCZaDcogRTNSJYQXRtC8/m8IKiA706cqk=
-github.com/blevesearch/geo v0.2.4/go.mod h1:K56Q33AzXt2YExVHGObtmRSFYZKYGv0JEN5mdacJJR8=
-github.com/blevesearch/go-faiss v1.0.26 h1:4dRLolFgjPyjkaXwff4NfbZFdE/dfywbzDqporeQvXI=
-github.com/blevesearch/go-faiss v1.0.26/go.mod h1:OMGQwOaRRYxrmeNdMrXJPvVx8gBnvE5RYrr0BahNnkk=
+github.com/blevesearch/bleve/v2 v2.6.0 h1:Cyd3dd4q5tCbOV8MnKUVRUDYMHOir9xn12NZzXVSEd4=
+github.com/blevesearch/bleve/v2 v2.6.0/go.mod h1:gLmI8lWgHgrIYf7UpUX7JISI1CaqC6VScu46mHThuAY=
+github.com/blevesearch/bleve_index_api v1.3.11 h1:x29vbV8OjWfLcrDVd7Lr1q+BkLNS0JWNEig0MCVnKH4=
+github.com/blevesearch/bleve_index_api v1.3.11/go.mod h1:xvd48t5XMeeioWQ5/jZvgLrV98flT2rdvEJ3l/ki4Ko=
+github.com/blevesearch/geo v0.2.5 h1:yJg9FX1oRwLnjXSXF+ECHfXFTF4diF02Ca/qUGVjJhE=
+github.com/blevesearch/geo v0.2.5/go.mod h1:Jhq7WE2K6mJTx1xS44M2pUO6Io+wjCSHh1+co3YOgH4=
+github.com/blevesearch/go-faiss v1.1.0 h1:xM7Jc0ZUCv5lssG9Ohj3Jv0SdTpxcUABU1dDt9XVsc4=
+github.com/blevesearch/go-faiss v1.1.0/go.mod h1:OMGQwOaRRYxrmeNdMrXJPvVx8gBnvE5RYrr0BahNnkk=
 github.com/blevesearch/go-porterstemmer v1.0.3 h1:GtmsqID0aZdCSNiY8SkuPJ12pD4jI+DdXTAn4YRcHCo=
 github.com/blevesearch/go-porterstemmer v1.0.3/go.mod h1:angGc5Ht+k2xhJdZi511LtmxuEf0OVpvUUNrwmM1P7M=
 github.com/blevesearch/gtreap v0.1.1 h1:2JWigFrzDMR+42WGIN/V2p0cUvn4UP3C4Q5nmaZGW8Y=
 github.com/blevesearch/gtreap v0.1.1/go.mod h1:QaQyDRAT51sotthUWAH4Sj08awFSSWzgYICSZ3w0tYk=
-github.com/blevesearch/mmap-go v1.0.4 h1:OVhDhT5B/M1HNPpYPBKIEJaD0F3Si+CrEKULGCDPWmc=
-github.com/blevesearch/mmap-go v1.0.4/go.mod h1:EWmEAOmdAS9z/pi/+Toxu99DnsbhG1TIxUoRmJw/pSs=
-github.com/blevesearch/scorch_segment_api/v2 v2.3.13 h1:ZPjv/4VwWvHJZKeMSgScCapOy8+DdmsmRyLmSB88UoY=
-github.com/blevesearch/scorch_segment_api/v2 v2.3.13/go.mod h1:ENk2LClTehOuMS8XzN3UxBEErYmtwkE7MAArFTXs9Vc=
+github.com/blevesearch/mmap-go v1.2.0 h1:l33nNKPFcBjJUMwem6sAYJPUzhUCABoK9FxZDGiFNBI=
+github.com/blevesearch/mmap-go v1.2.0/go.mod h1:Vd6+20GBhEdwJnU1Xohgt88XCD/CTWcqbCNxkZpyBo0=
+github.com/blevesearch/scorch_segment_api/v2 v2.4.7 h1:GlMzW08hcsM3DnLUxhyF/1PcDal1qtvvIuytuph5djw=
+github.com/blevesearch/scorch_segment_api/v2 v2.4.7/go.mod h1://IJ7tG3QCf0cWW/aVSXqy77tc1AvLu3fcJLYEvOAFs=
 github.com/blevesearch/segment v0.9.1 h1:+dThDy+Lvgj5JMxhmOVlgFfkUtZV2kw49xax4+jTfSU=
 github.com/blevesearch/segment v0.9.1/go.mod h1:zN21iLm7+GnBHWTao9I+Au/7MBiL8pPFtJBJTsk6kQw=
 github.com/blevesearch/snowballstem v0.9.0 h1:lMQ189YspGP6sXvZQ4WZ+MLawfV8wOmPoD/iWeNXm8s=
 github.com/blevesearch/snowballstem v0.9.0/go.mod h1:PivSj3JMc8WuaFkTSRDW2SlrulNWPl4ABg1tC/hlgLs=
 github.com/blevesearch/upsidedown_store_api v1.0.2 h1:U53Q6YoWEARVLd1OYNc9kvhBMGZzVrdmaozG2MfoB+A=
 github.com/blevesearch/upsidedown_store_api v1.0.2/go.mod h1:M01mh3Gpfy56Ps/UXHjEO/knbqyQ1Oamg8If49gRwrQ=
-github.com/blevesearch/vellum v1.1.0 h1:CinkGyIsgVlYf8Y2LUQHvdelgXr6PYuvoDIajq6yR9w=
-github.com/blevesearch/vellum v1.1.0/go.mod h1:QgwWryE8ThtNPxtgWJof5ndPfx0/YMBh+W2weHKPw8Y=
-github.com/blevesearch/zapx/v11 v11.4.2 h1:l46SV+b0gFN+Rw3wUI1YdMWdSAVhskYuvxlcgpQFljs=
-github.com/blevesearch/zapx/v11 v11.4.2/go.mod h1:4gdeyy9oGa/lLa6D34R9daXNUvfMPZqUYjPwiLmekwc=
-github.com/blevesearch/zapx/v12 v12.4.2 h1:fzRbhllQmEMUuAQ7zBuMvKRlcPA5ESTgWlDEoB9uQNE=
-github.com/blevesearch/zapx/v12 v12.4.2/go.mod h1:TdFmr7afSz1hFh/SIBCCZvcLfzYvievIH6aEISCte58=
-github.com/blevesearch/zapx/v13 v13.4.2 h1:46PIZCO/ZuKZYgxI8Y7lOJqX3Irkc3N8W82QTK3MVks=
-github.com/blevesearch/zapx/v13 v13.4.2/go.mod h1:knK8z2NdQHlb5ot/uj8wuvOq5PhDGjNYQQy0QDnopZk=
-github.com/blevesearch/zapx/v14 v14.4.2 h1:2SGHakVKd+TrtEqpfeq8X+So5PShQ5nW6GNxT7fWYz0=
-github.com/blevesearch/zapx/v14 v14.4.2/go.mod h1:rz0XNb/OZSMjNorufDGSpFpjoFKhXmppH9Hi7a877D8=
-github.com/blevesearch/zapx/v15 v15.4.2 h1:sWxpDE0QQOTjyxYbAVjt3+0ieu8NCE0fDRaFxEsp31k=
-github.com/blevesearch/zapx/v15 v15.4.2/go.mod h1:1pssev/59FsuWcgSnTa0OeEpOzmhtmr/0/11H0Z8+Nw=
-github.com/blevesearch/zapx/v16 v16.2.8 h1:SlnzF0YGtSlrsOE3oE7EgEX6BIepGpeqxs1IjMbHLQI=
-github.com/blevesearch/zapx/v16 v16.2.8/go.mod h1:murSoCJPCk25MqURrcJaBQ1RekuqSCSfMjXH4rHyA14=
+github.com/blevesearch/vellum v1.2.0 h1:xkDiOEsHc2t3Cp0NsNZZ36pvc130sCzcGKOPMzXe+e0=
+github.com/blevesearch/vellum v1.2.0/go.mod h1:uEcfBJz7mAOf0Kvq6qoEKQQkLODBF46SINYNkZNae4k=
+github.com/blevesearch/zapx/v11 v11.4.3 h1:PTZOO5loKpHC/x/GzmPZNa9cw7GZIQxd5qRjwij9tHY=
+github.com/blevesearch/zapx/v11 v11.4.3/go.mod h1:4gdeyy9oGa/lLa6D34R9daXNUvfMPZqUYjPwiLmekwc=
+github.com/blevesearch/zapx/v12 v12.4.3 h1:eElXvAaAX4m04t//CGBQAtHNPA+Q6A1hHZVrN3LSFYo=
+github.com/blevesearch/zapx/v12 v12.4.3/go.mod h1:TdFmr7afSz1hFh/SIBCCZvcLfzYvievIH6aEISCte58=
+github.com/blevesearch/zapx/v13 v13.4.3 h1:qsdhRhaSpVnqDFlRiH9vG5+KJ+dE7KAW9WyZz/KXAiE=
+github.com/blevesearch/zapx/v13 v13.4.3/go.mod h1:knK8z2NdQHlb5ot/uj8wuvOq5PhDGjNYQQy0QDnopZk=
+github.com/blevesearch/zapx/v14 v14.4.3 h1:GY4Hecx0C6UTmiNC2pKdeA2rOKiLR5/rwpU9WR51dgM=
+github.com/blevesearch/zapx/v14 v14.4.3/go.mod h1:rz0XNb/OZSMjNorufDGSpFpjoFKhXmppH9Hi7a877D8=
+github.com/blevesearch/zapx/v15 v15.4.3 h1:iJiMJOHrz216jyO6lS0m9RTCEkprUnzvqAI2lc/0/CU=
+github.com/blevesearch/zapx/v15 v15.4.3/go.mod h1:1pssev/59FsuWcgSnTa0OeEpOzmhtmr/0/11H0Z8+Nw=
+github.com/blevesearch/zapx/v16 v16.3.4 h1:hDAqA8qusZTNbPEL7//w5P65UZ2de6yhSeUaTbp0Po0=
+github.com/blevesearch/zapx/v16 v16.3.4/go.mod h1:zqkPPqs9GS9FzVWzCO3Wf1X044yWAV17+4zb+FTiEHg=
+github.com/blevesearch/zapx/v17 v17.1.2 h1:avbOk2igaASNoiy0BE/jPgcxAnRI2PGeydeP4hg7Ikk=
+github.com/blevesearch/zapx/v17 v17.1.2/go.mod h1:WQObxKrqUX7cd0G1GMvDfc/bmZzQvoy7APOPimx7DiI=
 github.com/bmatcuk/doublestar/v4 v4.9.1 h1:X8jg9rRZmJd4yRy7ZeNDRnM+T3ZfHv15JiBJ/avrEXE=
 github.com/bmatcuk/doublestar/v4 v4.9.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/bodgit/plumbing v1.3.0 h1:pf9Itz1JOQgn7vEOE7v7nlEfBykYqvUYioC61TwWCFU=
@@ -368,8 +369,8 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
-github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs=
+github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.1.3 h1:CVpQJjYgC4VbzxeGVHfvZrv1ctoYCAI8vbl07Fcxlyg=
@@ -983,7 +984,6 @@ gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q=

From 9b88e77c19fb15e9bb6e40a4d4b37ed9ad2f5313 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 3 May 2026 15:46:58 +0200
Subject: [PATCH 792/854] feat: expose immutable identifiers in Forgejo Actions
 JWTs (#12355)

Protect OIDC tokens generated by Forgejo Actions from threats arising when users or repositories are renamed or deleted, freeing their names up for reuse by another user.  In this threat environment, relying on the name of users and repositories in validating JWT claims is unsafe because they can change.

Adds three new claims to Actions' OIDC tokens:
- `actor_id` -- the immutable identifier of the actor who triggered an Action run
- `repository_id` -- the immutable identifier of the repository on which the Action is running
- `repository_owner_id` -- the immutable identifier of the owner of the repository on which the Action is running

Repositories will change their subject (`sub`) OIDC claims to include these immutable identifiers.  Existing repositories will not change, in order to maintain compatibility with existing JWT usage.  The new format will be applied to new repositories, or can be applied by disabling and enabling the Actions unit.  The new format embeds the identifiers:
- **Existing repos:** `repo:my-org/my-repo:ref:refs/heads/main`
- **New repos:** `repo:my-org-123456/my-repo-456789:ref:refs/heads/main`

Fixes #12244.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [x] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - New fields will be added to documentation soon.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12355
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 ...d_oidcsubjectformat_actions_unit_config.go |  68 ++++++++++
 ...csubjectformat_actions_unit_config_test.go |  61 +++++++++
 .../repo_unit.yml                             |  14 ++
 models/repo/repo_unit.go                      |  34 +++++
 services/actions/auth.go                      |  91 ++++++++-----
 services/actions/auth_test.go                 | 125 +++++++++++++-----
 services/actions/context.go                   |  28 ++--
 services/actions/context_test.go              |  10 +-
 services/actions/task.go                      |  20 ++-
 services/actions/task_test.go                 |  12 +-
 .../auth/method/action_runtime_token_test.go  |   3 +-
 .../api_actions_artifact_v4_test.go           |  15 ++-
 .../integration/api_actions_id_token_test.go  |  11 +-
 tests/integration/api_actions_oidc_test.go    |   7 +-
 14 files changed, 394 insertions(+), 105 deletions(-)
 create mode 100644 models/forgejo_migrations/v16a_add_oidcsubjectformat_actions_unit_config.go
 create mode 100644 models/forgejo_migrations/v16a_add_oidcsubjectformat_actions_unit_config_test.go
 create mode 100644 models/gitea_migrations/fixtures/Test_setOIDCSubjectFormatLegacy15/repo_unit.yml

diff --git a/models/forgejo_migrations/v16a_add_oidcsubjectformat_actions_unit_config.go b/models/forgejo_migrations/v16a_add_oidcsubjectformat_actions_unit_config.go
new file mode 100644
index 0000000000..efe737ad5a
--- /dev/null
+++ b/models/forgejo_migrations/v16a_add_oidcsubjectformat_actions_unit_config.go
@@ -0,0 +1,68 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"context"
+	"fmt"
+
+	"forgejo.org/models/db"
+	"forgejo.org/modules/json"
+	"forgejo.org/modules/optional"
+
+	"xorm.io/builder"
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add OIDCSubjectFormat=legacy-forgejo-v15 to all existing repositories with actions enabled",
+		Upgrade:     setOIDCSubjectFormatLegacy15,
+	})
+}
+
+func setOIDCSubjectFormatLegacy15(x *xorm.Engine) error {
+	type Type int
+	const TypeActions Type = 10 // 10 Actions
+	type ActionsConfig struct {
+		DisabledWorkflows []string `json:",omitempty"`
+		OIDCSubjectFormat string
+	}
+	type RepoUnit struct { //revive:disable-line:exported
+		ID     int64                   `xorm:"pk"`
+		Type   Type                    `xorm:"INDEX(s)"`
+		Config optional.Option[string] `xorm:"TEXT"`
+	}
+
+	return db.Iterate(
+		db.DefaultContext,
+		builder.Eq{"type": TypeActions},
+		func(ctx context.Context, unit *RepoUnit) error {
+			has, config := unit.Config.Get()
+			if !has {
+				config = "{}"
+			}
+			var actionsConfig ActionsConfig
+			if err := json.Unmarshal([]byte(config), &actionsConfig); err != nil {
+				return fmt.Errorf("failed to parse Actions config %q: %w", config, err)
+			}
+
+			actionsConfig.OIDCSubjectFormat = "legacy-forgejo-v15"
+
+			configBytes, err := json.Marshal(actionsConfig)
+			if err != nil {
+				return fmt.Errorf("failed to convert Actions config to JSON: %w", err)
+			}
+			r, err := db.GetEngine(ctx).
+				ID(unit.ID).
+				Cols("config").
+				Update(&RepoUnit{Config: optional.Some(string(configBytes))})
+			if err != nil {
+				return err
+			} else if r != 1 {
+				return fmt.Errorf("UPDATE expected to affect 1 row, but was %d", r)
+			}
+			return nil
+		})
+}
diff --git a/models/forgejo_migrations/v16a_add_oidcsubjectformat_actions_unit_config_test.go b/models/forgejo_migrations/v16a_add_oidcsubjectformat_actions_unit_config_test.go
new file mode 100644
index 0000000000..865c0e394b
--- /dev/null
+++ b/models/forgejo_migrations/v16a_add_oidcsubjectformat_actions_unit_config_test.go
@@ -0,0 +1,61 @@
+// Copyright 2026 The Forgejo Authors.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"testing"
+
+	"forgejo.org/models/db"
+	migration_tests "forgejo.org/models/gitea_migrations/test"
+	"forgejo.org/modules/timeutil"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"xorm.io/xorm/convert"
+)
+
+func Test_setOIDCSubjectFormatLegacy15(t *testing.T) {
+	type Type int
+	type UnitAccessMode int
+	type RepoUnit struct { //revive:disable-line:exported
+		ID                 int64
+		RepoID             int64              `xorm:"INDEX(s)"`
+		Type               Type               `xorm:"INDEX(s)"`
+		Config             convert.Conversion `xorm:"TEXT"`
+		CreatedUnix        timeutil.TimeStamp `xorm:"INDEX CREATED"`
+		DefaultPermissions UnitAccessMode     `xorm:"NOT NULL DEFAULT 0"`
+	}
+	x, deferable := migration_tests.PrepareTestEnv(t, 0, new(RepoUnit))
+	defer deferable()
+	if x == nil || t.Failed() {
+		return
+	}
+
+	require.NoError(t, setOIDCSubjectFormatLegacy15(x))
+
+	var records []map[string]string
+	require.NoError(t,
+		db.GetEngine(t.Context()).
+			Table("repo_unit").
+			Select("`id`, `repo_id`, `config`").
+			OrderBy("`id`").
+			Find(&records))
+	assert.Equal(t, []map[string]string{
+		{
+			"config":  "{\"OIDCSubjectFormat\":\"legacy-forgejo-v15\"}",
+			"id":      "1",
+			"repo_id": "4",
+		},
+		{
+			"config":  "{\"DisabledWorkflows\":[\"renovate.yml\"],\"OIDCSubjectFormat\":\"legacy-forgejo-v15\"}",
+			"id":      "2",
+			"repo_id": "5",
+		},
+		{
+			"config":  "",
+			"id":      "3",
+			"repo_id": "6",
+		},
+	}, records)
+}
diff --git a/models/gitea_migrations/fixtures/Test_setOIDCSubjectFormatLegacy15/repo_unit.yml b/models/gitea_migrations/fixtures/Test_setOIDCSubjectFormatLegacy15/repo_unit.yml
new file mode 100644
index 0000000000..bcd732bc1e
--- /dev/null
+++ b/models/gitea_migrations/fixtures/Test_setOIDCSubjectFormatLegacy15/repo_unit.yml
@@ -0,0 +1,14 @@
+- id: 1
+  repo_id: 4
+  type: 10 # actions
+  # config - null
+  created_unix: 1773518296
+- id: 2
+  repo_id: 5
+  type: 10 # actions
+  config: '{"DisabledWorkflows":["renovate.yml"]}'
+  created_unix: 1773518296
+- id: 3
+  repo_id: 6
+  type: 1 # code
+  created_unix: 1773518296
diff --git a/models/repo/repo_unit.go b/models/repo/repo_unit.go
index 3db6dc95e8..2cde375775 100644
--- a/models/repo/repo_unit.go
+++ b/models/repo/repo_unit.go
@@ -220,8 +220,42 @@ func (cfg *PullRequestsConfig) GetDefaultUpdateStyle() UpdateStyle {
 	return UpdateStyleMerge
 }
 
+// Represents the current format for `sub` claim generation when using `enable-openid-connect: true` on an Action.
+//
+// We try to follow GitHub's format for the `sub` claim because it should allow third-party integrations, which may have
+// existing knowledge and code that works with GitHub's OIDC tokens, to reuse that knowledge and code in the future to
+// implement Forgejo support.  As GitHub's format changes, we may implement those format changes to maintain that
+// familarity.  Forgejo isn't required to do so, though -- if future changes from GitHub don't make sense for Forgejo,
+// or vice-versa, this format matching effort may be discarded.
+type OIDCSubjectFormat string
+
+var (
+	// Default is the current, most preferred method of generating an `sub` JWT claim for an Actions JWT token.  It is
+	// an empty string which allows [ActionsConfig] to always default to the current preferred default value for new
+	// repositories.  At present, it is a `sub` claim that contains information about the repository owner and
+	// repository where the action occurred, their immutable identifiers (ID numbers), and the event that triggered the
+	// Action.
+	//
+	// Immutable identifiers have been added since OIDCSubjectFormatLegacyForgejo15.  The intent of adding them is to
+	// protect resource servers which may be requiring a specific subject claim from having that claim be impersonated
+	// when a user or repository are renamed or deleted.  For example, if a JWT from my-org/my-repo is trusted, but then
+	// my-org is deleted and a new user takes ownership of the name my-org, they should not be granted the same trust.
+	//
+	// Example: repo:my-org-123456/my-repo-456789:ref:refs/heads/main
+	OIDCSubjectFormatDefault OIDCSubjectFormat // defaults to ""
+
+	// The `sub` JWT claim generation that was shipped in Forgejo 15.  Contains information about the repository owner
+	// and repository where the action occurred and the event that triggered the Action.
+	//
+	// Example: repo:my-org/my-repo:ref:refs/heads/main
+	OIDCSubjectFormatLegacyForgejo15 OIDCSubjectFormat = "legacy-forgejo-v15"
+)
+
 type ActionsConfig struct {
 	DisabledWorkflows []string
+
+	// Format of the OIDC 'sub' claim that will be used when `enable-openid-connect` is true in an Action.
+	OIDCSubjectFormat OIDCSubjectFormat `json:",omitempty"`
 }
 
 func (cfg *ActionsConfig) EnableWorkflow(file string) {
diff --git a/services/actions/auth.go b/services/actions/auth.go
index c147643504..2b276cc347 100644
--- a/services/actions/auth.go
+++ b/services/actions/auth.go
@@ -11,6 +11,7 @@ import (
 	"time"
 
 	actions_model "forgejo.org/models/actions"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
@@ -30,21 +31,24 @@ type AuthorizationTokenClaims struct {
 }
 
 type IDTokenCustomClaims struct {
-	Actor           string `json:"actor"`
-	BaseRef         string `json:"base_ref"`
-	EventName       string `json:"event_name"`
-	HeadRef         string `json:"head_ref"`
-	Ref             string `json:"ref"`
-	RefProtected    string `json:"ref_protected"`
-	RefType         string `json:"ref_type"`
-	Repository      string `json:"repository"`
-	RepositoryOwner string `json:"repository_owner"`
-	RunAttempt      string `json:"run_attempt"`
-	RunID           string `json:"run_id"`
-	RunNumber       string `json:"run_number"`
-	Sha             string `json:"sha"`
-	Workflow        string `json:"workflow"`
-	WorkflowRef     string `json:"workflow_ref"`
+	Actor             string `json:"actor"`
+	ActorID           string `json:"actor_id"`
+	BaseRef           string `json:"base_ref"`
+	EventName         string `json:"event_name"`
+	HeadRef           string `json:"head_ref"`
+	Ref               string `json:"ref"`
+	RefProtected      string `json:"ref_protected"`
+	RefType           string `json:"ref_type"`
+	Repository        string `json:"repository"`
+	RepositoryID      string `json:"repository_id"`
+	RepositoryOwner   string `json:"repository_owner"`
+	RepositoryOwnerID string `json:"repository_owner_id"`
+	RunAttempt        string `json:"run_attempt"`
+	RunID             string `json:"run_id"`
+	RunNumber         string `json:"run_number"`
+	Sha               string `json:"sha"`
+	Workflow          string `json:"workflow"`
+	WorkflowRef       string `json:"workflow_ref"`
 }
 
 type actionsCacheScope struct {
@@ -59,7 +63,7 @@ const (
 	actionsCachePermissionWrite
 )
 
-func CreateAuthorizationToken(task *actions_model.ActionTask, gitGtx map[string]any, enableOpenIDConnect bool) (string, error) {
+func CreateAuthorizationToken(task *actions_model.ActionTask, gitGtx map[string]any, enableOpenIDConnect bool, actionsConfig *repo_model.ActionsConfig) (string, error) {
 	now := time.Now()
 	taskID := task.ID
 	runID := task.Job.RunID
@@ -96,7 +100,16 @@ func CreateAuthorizationToken(task *actions_model.ActionTask, gitGtx map[string]
 		}
 
 		claims.OIDCExtra = oidcExtra
-		claims.OIDCSub = generateOIDCSub(gitGtx)
+
+		switch actionsConfig.OIDCSubjectFormat {
+		case repo_model.OIDCSubjectFormatDefault:
+			claims.OIDCSub = generateOIDCSub(gitGtx)
+		case repo_model.OIDCSubjectFormatLegacyForgejo15:
+			claims.OIDCSub = legacyGenerateOIDCSub(gitGtx)
+		default:
+			return "", fmt.Errorf("unexpected oidc subject format: %q", actionsConfig.OIDCSubjectFormat)
+		}
+
 		claims.Scp = fmt.Sprintf("%s generate_id_token:%s", claims.Scp, runIDJobID)
 	}
 
@@ -120,21 +133,24 @@ func generateOIDCExtra(gitCtx map[string]any) (string, error) {
 	}
 
 	claims := IDTokenCustomClaims{
-		Actor:           ctxVal("actor"),
-		BaseRef:         ctxVal("base_ref"),
-		EventName:       ctxVal("event_name"),
-		HeadRef:         ctxVal("head_ref"),
-		Ref:             ctxVal("ref"),
-		RefProtected:    ctxVal("ref_protected"),
-		RefType:         ctxVal("ref_type"),
-		Repository:      ctxVal("repository"),
-		RepositoryOwner: ctxVal("repository_owner"),
-		RunAttempt:      ctxVal("run_attempt"),
-		RunID:           ctxVal("run_id"),
-		RunNumber:       ctxVal("run_number"),
-		Sha:             ctxVal("sha"),
-		Workflow:        ctxVal("workflow"),
-		WorkflowRef:     ctxVal("workflow_ref"),
+		Actor:             ctxVal("actor"),
+		ActorID:           ctxVal("actor_id"),
+		BaseRef:           ctxVal("base_ref"),
+		EventName:         ctxVal("event_name"),
+		HeadRef:           ctxVal("head_ref"),
+		Ref:               ctxVal("ref"),
+		RefProtected:      ctxVal("ref_protected"),
+		RefType:           ctxVal("ref_type"),
+		Repository:        ctxVal("repository"),
+		RepositoryID:      ctxVal("repository_id"),
+		RepositoryOwner:   ctxVal("repository_owner"),
+		RepositoryOwnerID: ctxVal("repository_owner_id"),
+		RunAttempt:        ctxVal("run_attempt"),
+		RunID:             ctxVal("run_id"),
+		RunNumber:         ctxVal("run_number"),
+		Sha:               ctxVal("sha"),
+		Workflow:          ctxVal("workflow"),
+		WorkflowRef:       ctxVal("workflow_ref"),
 	}
 
 	ret, err := json.Marshal(claims)
@@ -146,6 +162,17 @@ func generateOIDCExtra(gitCtx map[string]any) (string, error) {
 }
 
 func generateOIDCSub(gitCtx map[string]any) string {
+	nameParts := strings.SplitN(gitCtx["repository"].(string), "/", 2)
+	repoName := nameParts[1]
+	switch gitCtx["event_name"] {
+	case "pull_request":
+		return fmt.Sprintf("repo:%s-%s/%s-%s:pull_request", gitCtx["repository_owner"], gitCtx["repository_owner_id"], repoName, gitCtx["repository_id"])
+	default:
+		return fmt.Sprintf("repo:%s-%s/%s-%s:ref:%s", gitCtx["repository_owner"], gitCtx["repository_owner_id"], repoName, gitCtx["repository_id"], gitCtx["ref"])
+	}
+}
+
+func legacyGenerateOIDCSub(gitCtx map[string]any) string {
 	switch gitCtx["event_name"] {
 	case "pull_request":
 		return fmt.Sprintf("repo:%s:pull_request", gitCtx["repository"])
diff --git a/services/actions/auth_test.go b/services/actions/auth_test.go
index 82d4d2efd3..ce75efb655 100644
--- a/services/actions/auth_test.go
+++ b/services/actions/auth_test.go
@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	actions_model "forgejo.org/models/actions"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/setting"
 
@@ -39,28 +40,32 @@ func TestCreateAuthorizationToken(t *testing.T) {
 			name:                "enableOpenIDConnect true",
 			enableOpenIDConnect: true,
 			gitCtx: map[string]any{
-				"actor":            "user1",
-				"base_ref":         "master",
-				"event_name":       "push",
-				"head_ref":         "master",
-				"ref":              "refs/heads/master",
-				"ref_protected":    "false",
-				"ref_type":         "branch",
-				"repository":       "mpminardi/testing",
-				"repository_owner": "mpminardi",
-				"run_attempt":      "1",
-				"run_id":           "1",
-				"run_number":       "1",
-				"sha":              "pretend-sha",
-				"workflow":         "test.yml",
-				"workflow_ref":     "pretend-ref",
+				"actor":               "user1",
+				"actor_id":            "123",
+				"base_ref":            "master",
+				"event_name":          "push",
+				"head_ref":            "master",
+				"ref":                 "refs/heads/master",
+				"ref_protected":       "false",
+				"ref_type":            "branch",
+				"repository":          "mpminardi/testing",
+				"repository_id":       "456",
+				"repository_owner":    "mpminardi",
+				"repository_owner_id": "789",
+				"run_attempt":         "1",
+				"run_id":              "1",
+				"run_number":          "1",
+				"sha":                 "pretend-sha",
+				"workflow":            "test.yml",
+				"workflow_ref":        "pretend-ref",
 			},
 		},
 	}
 
 	for _, tc := range testcases {
 		t.Run(tc.name, func(t *testing.T) {
-			token, err := CreateAuthorizationToken(task, tc.gitCtx, tc.enableOpenIDConnect)
+			token, err := CreateAuthorizationToken(task, tc.gitCtx, tc.enableOpenIDConnect,
+				&repo_model.ActionsConfig{})
 			require.NoError(t, err)
 			assert.NotEmpty(t, token)
 			claims := jwt.MapClaims{}
@@ -87,7 +92,7 @@ func TestCreateAuthorizationToken(t *testing.T) {
 				assert.Contains(t, scp, "generate_id_token:1:2")
 				oidcSubClaim, ok := claims["oidc_sub"]
 				assert.True(t, ok, "Has oidc_sub claim in jwt token")
-				assert.Equal(t, "repo:mpminardi/testing:ref:refs/heads/master", oidcSubClaim)
+				assert.Equal(t, "repo:mpminardi-789/testing-456:ref:refs/heads/master", oidcSubClaim)
 				oidcExtraClaim, ok := claims["oidc_extra"]
 				assert.True(t, ok, "Has oidc_extra claim in jwt token")
 				val, err := json.Marshal(tc.gitCtx)
@@ -100,6 +105,27 @@ func TestCreateAuthorizationToken(t *testing.T) {
 				_, ok = claims["oidc_extra"]
 				assert.False(t, ok, "Does not have oidc_extra claim in jwt token")
 			}
+
+			token, err = CreateAuthorizationToken(task, tc.gitCtx, tc.enableOpenIDConnect,
+				&repo_model.ActionsConfig{OIDCSubjectFormat: repo_model.OIDCSubjectFormatLegacyForgejo15})
+			require.NoError(t, err)
+			assert.NotEmpty(t, token)
+			claims = jwt.MapClaims{}
+			_, err = jwt.ParseWithClaims(token, claims, func(t *jwt.Token) (any, error) {
+				return setting.GetGeneralTokenSigningSecret(), nil
+			})
+			require.NoError(t, err)
+			if tc.enableOpenIDConnect {
+				oidcSubClaim, ok := claims["oidc_sub"]
+				assert.True(t, ok, "Has oidc_sub claim in jwt token")
+				assert.Equal(t, "repo:mpminardi/testing:ref:refs/heads/master", oidcSubClaim)
+			} else {
+				assert.NotContains(t, scp, "generate_id_token")
+				_, ok := claims["oidc_sub"]
+				assert.False(t, ok, "Does not have oidc_sub claim in jwt token")
+				_, ok = claims["oidc_extra"]
+				assert.False(t, ok, "Does not have oidc_extra claim in jwt token")
+			}
 		})
 	}
 }
@@ -112,7 +138,7 @@ func TestParseAuthorizationToken(t *testing.T) {
 			RunID: 1,
 		},
 	}
-	token, err := CreateAuthorizationToken(task, map[string]any{}, false)
+	token, err := CreateAuthorizationToken(task, map[string]any{}, false, &repo_model.ActionsConfig{})
 	require.NoError(t, err)
 	assert.NotEmpty(t, token)
 	headers := http.Header{}
@@ -133,23 +159,26 @@ func TestParseAuthorizationTokenClaims(t *testing.T) {
 		},
 	}
 	gitCtx := map[string]any{
-		"actor":            "user1",
-		"base_ref":         "master",
-		"event_name":       "push",
-		"head_ref":         "master",
-		"ref":              "refs/heads/master",
-		"ref_protected":    "false",
-		"ref_type":         "branch",
-		"repository":       "mpminardi/testing",
-		"repository_owner": "mpminardi",
-		"run_attempt":      "1",
-		"run_id":           "1",
-		"run_number":       "1",
-		"sha":              "pretend-sha",
-		"workflow":         "test.yml",
-		"workflow_ref":     "pretend-ref",
+		"actor":               "user1",
+		"actor_id":            "123",
+		"base_ref":            "master",
+		"event_name":          "push",
+		"head_ref":            "master",
+		"ref":                 "refs/heads/master",
+		"ref_protected":       "false",
+		"ref_type":            "branch",
+		"repository":          "mpminardi/testing",
+		"repository_id":       "456",
+		"repository_owner":    "mpminardi",
+		"repository_owner_id": "789",
+		"run_attempt":         "1",
+		"run_id":              "1",
+		"run_number":          "1",
+		"sha":                 "pretend-sha",
+		"workflow":            "test.yml",
+		"workflow_ref":        "pretend-ref",
 	}
-	token, err := CreateAuthorizationToken(task, gitCtx, true)
+	token, err := CreateAuthorizationToken(task, gitCtx, true, &repo_model.ActionsConfig{OIDCSubjectFormat: repo_model.OIDCSubjectFormatLegacyForgejo15})
 	require.NoError(t, err)
 	assert.NotEmpty(t, token)
 	headers := http.Header{}
@@ -180,6 +209,32 @@ func TestParseAuthorizationTokenNoAuthHeader(t *testing.T) {
 func TestGenerateOIDCSub(t *testing.T) {
 	t.Run("pull_request event", func(t *testing.T) {
 		sub := generateOIDCSub(map[string]any{
+			"event_name":          "pull_request",
+			"repository":          "mpminardi/testing",
+			"ref":                 "refs/heads/master",
+			"repository_owner":    "mpminardi",
+			"repository_owner_id": "123",
+			"repository_id":       "456",
+		})
+		assert.Equal(t, "repo:mpminardi-123/testing-456:pull_request", sub)
+	})
+
+	t.Run("other event", func(t *testing.T) {
+		sub := generateOIDCSub(map[string]any{
+			"event_name":          "random",
+			"repository":          "mpminardi/testing",
+			"ref":                 "refs/heads/master",
+			"repository_owner":    "mpminardi",
+			"repository_owner_id": "123",
+			"repository_id":       "456",
+		})
+		assert.Equal(t, "repo:mpminardi-123/testing-456:ref:refs/heads/master", sub)
+	})
+}
+
+func TestLegacyGenerateOIDCSub(t *testing.T) {
+	t.Run("pull_request event", func(t *testing.T) {
+		sub := legacyGenerateOIDCSub(map[string]any{
 			"event_name": "pull_request",
 			"repository": "mpminardi/testing",
 			"ref":        "refs/heads/master",
@@ -189,7 +244,7 @@ func TestGenerateOIDCSub(t *testing.T) {
 	})
 
 	t.Run("other event", func(t *testing.T) {
-		sub := generateOIDCSub(map[string]any{
+		sub := legacyGenerateOIDCSub(map[string]any{
 			"event_name": "random",
 			"repository": "mpminardi/testing",
 			"ref":        "refs/heads/master",
diff --git a/services/actions/context.go b/services/actions/context.go
index 0313b11031..ecd7f44da2 100644
--- a/services/actions/context.go
+++ b/services/actions/context.go
@@ -6,6 +6,7 @@ package actions
 import (
 	"context"
 	"fmt"
+	"strconv"
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
@@ -97,18 +98,21 @@ func GenerateGiteaContext(run *actions_model.ActionRun, job *actions_model.Actio
 	gitContext, _ := githubContextToMap(gitContextObj)
 
 	// standard contexts, see https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
-	gitContext["action_status"] = ""                                    // string, For a composite action, the current result of the composite action.
-	gitContext["actor"] = run.TriggerUser.Name                          // string, The username of the user that triggered the initial workflow run. If the workflow run is a re-run, this value may differ from github.triggering_actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
-	gitContext["env"] = ""                                              // string, Path on the runner to the file that sets environment variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
-	gitContext["path"] = ""                                             // string, Path on the runner to the file that sets system PATH variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
-	gitContext["ref_protected"] = false                                 // boolean, true if branch protections are configured for the ref that triggered the workflow run.
-	gitContext["repository_owner"] = run.Repo.OwnerName                 // string, The repository owner's name. For example, Codertocat.
-	gitContext["repository"] = run.Repo.OwnerName + "/" + run.Repo.Name // string, The owner and repository name. For example, Codertocat/Hello-World.
-	gitContext["repositoryUrl"] = run.Repo.HTMLURL()                    // string, The Git URL to the repository. For example, git://github.com/codertocat/hello-world.git.
-	gitContext["secret_source"] = "Actions"                             // string, The source of a secret used in a workflow. Possible values are None, Actions, Dependabot, or Codespaces.
-	gitContext["server_url"] = setting.AppURL                           // string, The URL of the GitHub server. For example: https://github.com.
-	gitContext["triggering_actor"] = ""                                 // string, The username of the user that initiated the workflow run. If the workflow run is a re-run, this value may differ from github.actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
-	gitContext["workflow"] = run.WorkflowID                             // string, The name of the workflow. If the workflow file doesn't specify a name, the value of this property is the full path of the workflow file in the repository.
+	gitContext["action_status"] = ""                                            // string, For a composite action, the current result of the composite action.
+	gitContext["actor"] = run.TriggerUser.Name                                  // string, The username of the user that triggered the initial workflow run. If the workflow run is a re-run, this value may differ from github.triggering_actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
+	gitContext["actor_id"] = strconv.FormatInt(run.TriggerUserID, 10)           // string, Immutable unique identifier of the triggering user (unlike actor, which can be renamed)
+	gitContext["env"] = ""                                                      // string, Path on the runner to the file that sets environment variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
+	gitContext["path"] = ""                                                     // string, Path on the runner to the file that sets system PATH variables from workflow commands. This file is unique to the current step and is a different file for each step in a job. For more information, see "Workflow commands for GitHub Actions."
+	gitContext["ref_protected"] = false                                         // boolean, true if branch protections are configured for the ref that triggered the workflow run.
+	gitContext["repository_owner"] = run.Repo.OwnerName                         // string, The repository owner's name. For example, Codertocat.
+	gitContext["repository_owner_id"] = strconv.FormatInt(run.Repo.OwnerID, 10) // string, Immutable unique identifier for the repository owner (unlike repository_owner, which can change with a user rename)
+	gitContext["repository"] = run.Repo.OwnerName + "/" + run.Repo.Name         // string, The owner and repository name. For example, Codertocat/Hello-World.
+	gitContext["repository_id"] = strconv.FormatInt(run.RepoID, 10)             // string, Immutable unique identifier for the repository (unlike repository, which can be renamed)
+	gitContext["repositoryUrl"] = run.Repo.HTMLURL()                            // string, The Git URL to the repository. For example, git://github.com/codertocat/hello-world.git.
+	gitContext["secret_source"] = "Actions"                                     // string, The source of a secret used in a workflow. Possible values are None, Actions, Dependabot, or Codespaces.
+	gitContext["server_url"] = setting.AppURL                                   // string, The URL of the GitHub server. For example: https://github.com.
+	gitContext["triggering_actor"] = ""                                         // string, The username of the user that initiated the workflow run. If the workflow run is a re-run, this value may differ from github.actor. Any workflow re-runs will use the privileges of github.actor, even if the actor initiating the re-run (github.triggering_actor) has different privileges.
+	gitContext["workflow"] = run.WorkflowID                                     // string, The name of the workflow. If the workflow file doesn't specify a name, the value of this property is the full path of the workflow file in the repository.
 
 	// additional contexts
 	gitContext["gitea_default_actions_url"] = setting.Actions.DefaultActionsURL.URL()
diff --git a/services/actions/context_test.go b/services/actions/context_test.go
index 665f207219..5abd8afb00 100644
--- a/services/actions/context_test.go
+++ b/services/actions/context_test.go
@@ -36,12 +36,13 @@ func TestFindTaskNeeds(t *testing.T) {
 
 func TestGenerateGiteaContext(t *testing.T) {
 	testUser := &user.User{
-		ID:   1,
+		ID:   123,
 		Name: "testuser",
 	}
 
 	testRepo := &repo.Repository{
-		ID:        1,
+		ID:        456,
+		OwnerID:   789,
 		OwnerName: "testowner",
 		Name:      "testrepo",
 	}
@@ -56,7 +57,9 @@ func TestGenerateGiteaContext(t *testing.T) {
 		run := &actions_model.ActionRun{
 			ID:                1,
 			Index:             42,
+			TriggerUserID:     testUser.ID,
 			TriggerUser:       testUser,
+			RepoID:            testRepo.ID,
 			Repo:              testRepo,
 			TriggerEvent:      "push",
 			Ref:               "refs/heads/main",
@@ -70,12 +73,15 @@ func TestGenerateGiteaContext(t *testing.T) {
 		require.NoError(t, err)
 
 		assert.Equal(t, "testuser", context["actor"])
+		assert.Equal(t, "123", context["actor_id"])
 		assert.Equal(t, setting.AppURL+"api/v1", context["api_url"])
 		assert.Equal(t, "push", context["event_name"])
 		assert.Equal(t, "refs/heads/main", context["ref"])
 		assert.Equal(t, "main", context["ref_name"])
 		assert.Equal(t, "branch", context["ref_type"])
+		assert.Equal(t, "789", context["repository_owner_id"])
 		assert.Equal(t, "testowner/testrepo", context["repository"])
+		assert.Equal(t, "456", context["repository_id"])
 		assert.Equal(t, "testowner", context["repository_owner"])
 		assert.Equal(t, "abc123def456", context["sha"])
 		assert.Equal(t, "42", context["run_number"])
diff --git a/services/actions/task.go b/services/actions/task.go
index ce43180b7b..f2525e1b3a 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -10,6 +10,8 @@ import (
 
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/db"
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unit"
 	actions_module "forgejo.org/modules/actions"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/timeutil"
@@ -68,7 +70,12 @@ func PickTask(ctx context.Context, runner *actions_model.ActionRunner, requestKe
 			return fmt.Errorf("findTaskNeeds: %w", err)
 		}
 
-		taskContext, err := generateTaskContext(t)
+		unit, err := t.Job.Run.Repo.GetUnit(ctx, unit.TypeActions)
+		if err != nil {
+			return fmt.Errorf("GetUnit: %w", err)
+		}
+
+		taskContext, err := generateTaskContext(t, unit.ActionsConfig())
 		if err != nil {
 			return fmt.Errorf("generateTaskContext: %w", err)
 		}
@@ -128,7 +135,12 @@ func RecoverTasks(ctx context.Context, tasks []*actions_model.ActionTask) ([]*ru
 				return fmt.Errorf("findTaskNeeds: %w", err)
 			}
 
-			taskContext, err := generateTaskContext(t)
+			unit, err := t.Job.Run.Repo.GetUnit(ctx, unit.TypeActions)
+			if err != nil {
+				return fmt.Errorf("GetUnit: %w", err)
+			}
+
+			taskContext, err := generateTaskContext(t, unit.ActionsConfig())
 			if err != nil {
 				return fmt.Errorf("generateTaskContext: %w", err)
 			}
@@ -151,7 +163,7 @@ func RecoverTasks(ctx context.Context, tasks []*actions_model.ActionTask) ([]*ru
 	return retval, nil
 }
 
-func generateTaskContext(t *actions_model.ActionTask) (*structpb.Struct, error) {
+func generateTaskContext(t *actions_model.ActionTask, ac *repo_model.ActionsConfig) (*structpb.Struct, error) {
 	run := t.Job.Run
 	gitCtx, err := GenerateGiteaContext(run, t.Job)
 	if err != nil {
@@ -170,7 +182,7 @@ func generateTaskContext(t *actions_model.ActionTask) (*structpb.Struct, error)
 		enableOpenIDConnect = false
 	}
 
-	giteaRuntimeToken, err := CreateAuthorizationToken(t, gitCtx, enableOpenIDConnect)
+	giteaRuntimeToken, err := CreateAuthorizationToken(t, gitCtx, enableOpenIDConnect, ac)
 	if err != nil {
 		return nil, err
 	}
diff --git a/services/actions/task_test.go b/services/actions/task_test.go
index f725a93674..0c2630f3a6 100644
--- a/services/actions/task_test.go
+++ b/services/actions/task_test.go
@@ -5,7 +5,7 @@ import (
 	"testing"
 
 	actions_model "forgejo.org/models/actions"
-	"forgejo.org/models/repo"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/user"
 
 	"github.com/stretchr/testify/require"
@@ -27,7 +27,7 @@ jobs:
 		Name: "testuser",
 	}
 
-	testRepo := &repo.Repository{
+	testRepo := &repo_model.Repository{
 		ID:        1,
 		OwnerName: "testowner",
 		Name:      "testrepo",
@@ -60,7 +60,7 @@ jobs:
 	t.Run("openid connect enabled", func(t *testing.T) {
 		task := createTask(fmt.Sprintf(workflowFormat, "true"), false, "push")
 
-		taskContext, err := generateTaskContext(task)
+		taskContext, err := generateTaskContext(task, &repo_model.ActionsConfig{})
 		require.NoError(t, err)
 		require.NotEmpty(t, taskContext.Fields["forgejo_actions_id_token_request_token"].GetStringValue())
 		require.NotEmpty(t, taskContext.Fields["forgejo_actions_id_token_request_url"].GetStringValue())
@@ -70,7 +70,7 @@ jobs:
 	t.Run("openid connect enabled from fork with pull_request_target event", func(t *testing.T) {
 		task := createTask(fmt.Sprintf(workflowFormat, "true"), true, "pull_request_target")
 
-		taskContext, err := generateTaskContext(task)
+		taskContext, err := generateTaskContext(task, &repo_model.ActionsConfig{})
 		require.NoError(t, err)
 		require.NotEmpty(t, taskContext.Fields["forgejo_actions_id_token_request_token"].GetStringValue())
 		require.NotEmpty(t, taskContext.Fields["forgejo_actions_id_token_request_url"].GetStringValue())
@@ -80,7 +80,7 @@ jobs:
 	t.Run("openid connect enabled from fork with pull_request event", func(t *testing.T) {
 		task := createTask(fmt.Sprintf(workflowFormat, "true"), true, "pull_request")
 
-		taskContext, err := generateTaskContext(task)
+		taskContext, err := generateTaskContext(task, &repo_model.ActionsConfig{})
 		require.NoError(t, err)
 		require.Empty(t, taskContext.Fields["forgejo_actions_id_token_request_token"].GetStringValue())
 		require.Empty(t, taskContext.Fields["forgejo_actions_id_token_request_url"].GetStringValue())
@@ -90,7 +90,7 @@ jobs:
 	t.Run("openid connect disabled", func(t *testing.T) {
 		task := createTask(fmt.Sprintf(workflowFormat, "false"), false, "push")
 
-		taskContext, err := generateTaskContext(task)
+		taskContext, err := generateTaskContext(task, &repo_model.ActionsConfig{})
 		require.NoError(t, err)
 		require.Empty(t, taskContext.Fields["forgejo_actions_id_token_request_token"].GetStringValue())
 		require.Empty(t, taskContext.Fields["forgejo_actions_id_token_request_url"].GetStringValue())
diff --git a/services/auth/method/action_runtime_token_test.go b/services/auth/method/action_runtime_token_test.go
index f5bae45e96..4a4db62b3f 100644
--- a/services/auth/method/action_runtime_token_test.go
+++ b/services/auth/method/action_runtime_token_test.go
@@ -10,6 +10,7 @@ import (
 	"testing"
 
 	actions_model "forgejo.org/models/actions"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/services/actions"
@@ -31,7 +32,7 @@ func TestActionRuntimeTokenVerify(t *testing.T) {
 				RunID: 1,
 			},
 		}
-		token, err := actions.CreateAuthorizationToken(task, map[string]any{}, false)
+		token, err := actions.CreateAuthorizationToken(task, map[string]any{}, false, &repo_model.ActionsConfig{})
 		require.NoError(t, err)
 
 		req := http.Request{
diff --git a/tests/integration/api_actions_artifact_v4_test.go b/tests/integration/api_actions_artifact_v4_test.go
index 62be33d552..707f980a07 100644
--- a/tests/integration/api_actions_artifact_v4_test.go
+++ b/tests/integration/api_actions_artifact_v4_test.go
@@ -15,6 +15,7 @@ import (
 	"time"
 
 	actions_model "forgejo.org/models/actions"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/modules/storage"
 	"forgejo.org/routers/api/actions"
 	actions_service "forgejo.org/services/actions"
@@ -43,7 +44,7 @@ func uploadArtifact(t *testing.T, body string) string {
 			RunID: 792,
 		},
 	}
-	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false, &repo_model.ActionsConfig{})
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -103,7 +104,7 @@ func TestActionsArtifactV4UploadSingleFileWrongChecksum(t *testing.T) {
 			RunID: 792,
 		},
 	}
-	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false, &repo_model.ActionsConfig{})
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -154,7 +155,7 @@ func TestActionsArtifactV4UploadSingleFileWithRetentionDays(t *testing.T) {
 			RunID: 792,
 		},
 	}
-	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false, &repo_model.ActionsConfig{})
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -209,7 +210,7 @@ func TestActionsArtifactV4UploadSingleFileWithPotentialHarmfulBlockID(t *testing
 			RunID: 792,
 		},
 	}
-	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false, &repo_model.ActionsConfig{})
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -279,7 +280,7 @@ func TestActionsArtifactV4UploadSingleFileWithChunksOutOfOrder(t *testing.T) {
 			RunID: 792,
 		},
 	}
-	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false, &repo_model.ActionsConfig{})
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -351,7 +352,7 @@ func TestActionsArtifactV4DownloadSingle(t *testing.T) {
 			RunID: 792,
 		},
 	}
-	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false, &repo_model.ActionsConfig{})
 	require.NoError(t, err)
 
 	// acquire artifact upload url
@@ -419,7 +420,7 @@ func TestActionsArtifactV4Delete(t *testing.T) {
 			RunID: 792,
 		},
 	}
-	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false)
+	token, err := actions_service.CreateAuthorizationToken(task, map[string]any{}, false, &repo_model.ActionsConfig{})
 	require.NoError(t, err)
 
 	// delete artifact by name
diff --git a/tests/integration/api_actions_id_token_test.go b/tests/integration/api_actions_id_token_test.go
index 0fd478b9d2..f686682159 100644
--- a/tests/integration/api_actions_id_token_test.go
+++ b/tests/integration/api_actions_id_token_test.go
@@ -14,6 +14,7 @@ import (
 	actions_model "forgejo.org/models/actions"
 	"forgejo.org/models/auth"
 	"forgejo.org/models/db"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	actions_service "forgejo.org/services/actions"
@@ -48,9 +49,9 @@ func TestActionsIDToken(t *testing.T) {
 	gitCtx, err := actions_service.GenerateGiteaContext(task.Job.Run, task.Job)
 	require.NoError(t, err)
 
-	token, err := actions_service.CreateAuthorizationToken(task, gitCtx, true)
+	token, err := actions_service.CreateAuthorizationToken(task, gitCtx, true, &repo_model.ActionsConfig{})
 	require.NoError(t, err)
-	tokenWithoutOIDCAccess, err := actions_service.CreateAuthorizationToken(task, gitCtx, false)
+	tokenWithoutOIDCAccess, err := actions_service.CreateAuthorizationToken(task, gitCtx, false, &repo_model.ActionsConfig{})
 	require.NoError(t, err)
 
 	// get JWKs information
@@ -90,7 +91,7 @@ func TestActionsIDToken(t *testing.T) {
 			assert.Equal(t, "792", claims["run_id"])
 			assert.Equal(t, "188", claims["run_number"])
 			assert.Equal(t, "c2d72f548424103f01ee1dc02889c1e2bff816b0", claims["sha"])
-			assert.Equal(t, "repo:user5/repo4:ref:refs/heads/master", claims["sub"])
+			assert.Equal(t, "repo:user5-5/repo4-4:ref:refs/heads/master", claims["sub"])
 			assert.Equal(t, "artifact.yaml", claims["workflow"])
 			assert.Equal(t, "user5/repo4/.forgejo/workflows/artifact.yaml@refs/heads/master", claims["workflow_ref"])
 		}
@@ -157,7 +158,7 @@ func TestActionsIDToken(t *testing.T) {
 		gitCtx, err := actions_service.GenerateGiteaContext(task.Job.Run, task.Job)
 		require.NoError(t, err)
 
-		token, err := actions_service.CreateAuthorizationToken(task, gitCtx, true)
+		token, err := actions_service.CreateAuthorizationToken(task, gitCtx, true, &repo_model.ActionsConfig{})
 		require.NoError(t, err)
 
 		req = NewRequest(t, "GET", "/api/actions/_apis/pipelines/workflows/abcde/idtoken?placeholder=true&audience=testingAud").AddTokenAuth(token)
@@ -178,7 +179,7 @@ func TestActionsIDToken(t *testing.T) {
 		gitCtx, err := actions_service.GenerateGiteaContext(task.Job.Run, task.Job)
 		require.NoError(t, err)
 
-		token, err := actions_service.CreateAuthorizationToken(task, gitCtx, true)
+		token, err := actions_service.CreateAuthorizationToken(task, gitCtx, true, &repo_model.ActionsConfig{})
 		require.NoError(t, err)
 
 		req = NewRequest(t, "GET", "/api/actions/_apis/pipelines/workflows/abcde/idtoken?placeholder=true&audience=testingAud").AddTokenAuth(token)
diff --git a/tests/integration/api_actions_oidc_test.go b/tests/integration/api_actions_oidc_test.go
index 71e96d7531..8bf3336986 100644
--- a/tests/integration/api_actions_oidc_test.go
+++ b/tests/integration/api_actions_oidc_test.go
@@ -45,7 +45,12 @@ func TestActionsOIDC(t *testing.T) {
 	assert.Equal(t, setting.AppURL+"api/actions/.well-known/keys", config.JwksURI)
 	assert.Equal(t, []string{"public"}, config.SubjectTypesSupported)
 	assert.Equal(t, []string{"id_token"}, config.ResponseTypesSupported)
-	assert.Equal(t, []string{"sub", "aud", "exp", "iat", "iss", "nbf", "actor", "base_ref", "event_name", "head_ref", "ref", "ref_protected", "ref_type", "repository", "repository_owner", "run_attempt", "run_id", "run_number", "sha", "workflow", "workflow_ref"}, config.ClaimsSupported)
+	assert.Equal(t, []string{
+		"sub", "aud", "exp", "iat", "iss", "nbf", "actor", "actor_id", "base_ref", "event_name",
+		"head_ref", "ref", "ref_protected", "ref_type", "repository", "repository_id", "repository_owner",
+		"repository_owner_id", "run_attempt", "run_id", "run_number", "sha", "workflow", "workflow_ref",
+	},
+		config.ClaimsSupported)
 	assert.Equal(t, []string{"RS256"}, config.IDTokenSigningAlgValuesSupported)
 	assert.Equal(t, []string{"openid"}, config.ScopesSupported)
 

From e89312de9bdbf82b427fca92a8915d0a74e1d0e8 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 3 May 2026 19:55:40 +0200
Subject: [PATCH 793/854] ci: fix merge conflict in test between #12355 &
 #12364 (#12401)

Both #12355 and #12364 passed CIs individually, but when combined a new test added in #12364 was broken by the change in #12355.  Fixes the authorized integration test to use the new immutable subject format.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12401
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 tests/integration/api_actions_id_token_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/integration/api_actions_id_token_test.go b/tests/integration/api_actions_id_token_test.go
index f686682159..d4a1657a8e 100644
--- a/tests/integration/api_actions_id_token_test.go
+++ b/tests/integration/api_actions_id_token_test.go
@@ -204,7 +204,7 @@ func TestActionsIDToken(t *testing.T) {
 					{
 						Claim:      "sub",
 						Comparison: auth.ClaimEqual,
-						Value:      "repo:user5/repo4:ref:refs/heads/master",
+						Value:      "repo:user5-5/repo4-4:ref:refs/heads/master",
 					},
 				},
 			},

From d27cd9f7220345526e6d99a82fec71deaacf1c43 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 4 May 2026 00:54:05 +0200
Subject: [PATCH 794/854] Update dependency postcss to v8.5.13 (forgejo)
 (#12405)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12405
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 28d3bdb364..3ab1e706d2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -59,7 +59,7 @@
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.5",
         "pdfobject": "2.3.0",
-        "postcss": "8.5.12",
+        "postcss": "8.5.13",
         "postcss-loader": "8.2.1",
         "postcss-nesting": "14.0.0",
         "pretty-ms": "9.0.0",
@@ -12940,9 +12940,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.5.12",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz",
-      "integrity": "sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==",
+      "version": "8.5.13",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.13.tgz",
+      "integrity": "sha512-qif0+jGGZoLWdHey3UFHHWP0H7Gbmsk8T5VEqyYFbWqPr1XqvLGBbk/sl8V5exGmcYJklJOhOQq1pV9IcsiFag==",
       "funding": [
         {
           "type": "opencollective",
diff --git a/package.json b/package.json
index 6fe61d62f1..f2d22f6d7c 100644
--- a/package.json
+++ b/package.json
@@ -58,7 +58,7 @@
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.5",
     "pdfobject": "2.3.0",
-    "postcss": "8.5.12",
+    "postcss": "8.5.13",
     "postcss-loader": "8.2.1",
     "postcss-nesting": "14.0.0",
     "pretty-ms": "9.0.0",

From 76b83c4467a11f84f08829c90786366d91e02507 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 4 May 2026 02:05:26 +0200
Subject: [PATCH 795/854] Update renovate Docker tag to v43.160.6 (forgejo)
 (#12404)

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index a17f79d3a9..5a353c59cf 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses/v2@v2.0.1 # renovate: datas
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.44.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.141.6 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.160.6 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 MOCKERY_PACKAGE ?= github.com/vektra/mockery/v3@v3.7.0 # renovate: datasource=go
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/

From 780526b1a852ea10bf8457a95bb87bab60d4b117 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 4 May 2026 02:43:19 +0200
Subject: [PATCH 796/854] Update module github.com/go-sql-driver/mysql to
 v1.10.0 (forgejo) (#12376)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12376
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 go.mod | 4 ++--
 go.sum | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/go.mod b/go.mod
index 669aef9172..1ccdc5b53e 100644
--- a/go.mod
+++ b/go.mod
@@ -52,7 +52,7 @@ require (
 	github.com/go-enry/go-enry/v2 v2.9.6
 	github.com/go-ldap/ldap/v3 v3.4.12
 	github.com/go-openapi/spec v0.22.3
-	github.com/go-sql-driver/mysql v1.9.3
+	github.com/go-sql-driver/mysql v1.10.0
 	github.com/go-webauthn/webauthn v0.16.5
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20211120154057-b7413eaefb8f
@@ -119,7 +119,7 @@ require (
 require (
 	cloud.google.com/go/compute/metadata v0.6.0 // indirect
 	code.superseriousbusiness.org/go-png-image-structure/v2 v2.3.0 // indirect
-	filippo.io/edwards25519 v1.1.1 // indirect
+	filippo.io/edwards25519 v1.2.0 // indirect
 	git.sr.ht/~mariusor/go-xsd-duration v0.0.0-20220703122237-02e73435a078 // indirect
 	github.com/RoaringBitmap/roaring/v2 v2.14.5 // indirect
 	github.com/STARRY-S/zip v0.2.3 // indirect
diff --git a/go.sum b/go.sum
index 0064361008..bb15d173bb 100644
--- a/go.sum
+++ b/go.sum
@@ -59,8 +59,8 @@ codeberg.org/gusted/mcaptcha v0.0.0-20220723083913-4f3072e1d570/go.mod h1:IIAjsi
 connectrpc.com/connect v1.19.2 h1:McQ83FGdzL+t60peksi0gXC7MQ/iLKgLduAnThbM0mo=
 connectrpc.com/connect v1.19.2/go.mod h1:tN20fjdGlewnSFeZxLKb0xwIZ6ozc3OQs2hTXy4du9w=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-filippo.io/edwards25519 v1.1.1 h1:YpjwWWlNmGIDyXOn8zLzqiD+9TyIlPhGFG96P39uBpw=
-filippo.io/edwards25519 v1.1.1/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
+filippo.io/edwards25519 v1.2.0 h1:crnVqOiS4jqYleHd9vaKZ+HKtHfllngJIiOpNpoJsjo=
+filippo.io/edwards25519 v1.2.0/go.mod h1:xzAOLCNug/yB62zG1bQ8uziwrIqIuxhctzJT18Q77mc=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0pAQhH8yz+DNjUbjppKQzKFAn28TMYPB6IU=
 github.com/42wim/httpsig v1.2.3 h1:xb0YyWhkYj57SPtfSttIobJUPJZB9as1nsfo7KWVcEs=
@@ -318,8 +318,8 @@ github.com/go-openapi/testify/enable/yaml/v2 v2.0.2 h1:0+Y41Pz1NkbTHz8NngxTuAXxE
 github.com/go-openapi/testify/enable/yaml/v2 v2.0.2/go.mod h1:kme83333GCtJQHXQ8UKX3IBZu6z8T5Dvy5+CW3NLUUg=
 github.com/go-openapi/testify/v2 v2.0.2 h1:X999g3jeLcoY8qctY/c/Z8iBHTbwLz7R2WXd6Ub6wls=
 github.com/go-openapi/testify/v2 v2.0.2/go.mod h1:HCPmvFFnheKK2BuwSA0TbbdxJ3I16pjwMkYkP4Ywn54=
-github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo=
-github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
+github.com/go-sql-driver/mysql v1.10.0 h1:Q+1LV8DkHJvSYAdR83XzuhDaTykuDx0l6fkXxoWCWfw=
+github.com/go-sql-driver/mysql v1.10.0/go.mod h1:M+cqaI7+xxXGG9swrdeUIoPG3Y3KCkF0pZej+SK+nWk=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-test/deep v1.1.1 h1:0r/53hagsehfO4bzD2Pgr/+RgHqhmf+k1Bpse2cTu1U=
 github.com/go-test/deep v1.1.1/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=

From ed32a0fb5aceff105d6111c4d8108070f2c8e168 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 4 May 2026 03:50:11 +0200
Subject: [PATCH 797/854] Update https://data.forgejo.org/actions/setup-forgejo
 action to v3.1.10 (forgejo) (#12406)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/setup-forgejo](https://code.forgejo.org/actions/setup-forgejo) | action | patch | `v3.1.9` → `v3.1.10` |

---

### Release Notes

<details>
<summary>actions/setup-forgejo (https://data.forgejo.org/actions/setup-forgejo)</summary>

### [`v3.1.10`](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.9...v3.1.10)

[Compare Source](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.9...v3.1.10)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjAuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE2MC42IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12406
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index dca71823b8..d649342588 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -32,7 +32,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.9
+        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.10
         with:
           user: root
           password: admin1234

From 0b2415a05a5009098fb5bff4ecc4d3eee2aa2de9 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 4 May 2026 05:15:07 +0200
Subject: [PATCH 798/854] Update module github.com/redis/go-redis/v9 to v9.19.0
 (forgejo) (#12309)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12309
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 assets/go-licenses.json | 5 -----
 go.mod                  | 3 +--
 go.sum                  | 6 ++----
 3 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/assets/go-licenses.json b/assets/go-licenses.json
index c7ab5d3e95..7f1498042c 100644
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
@@ -464,11 +464,6 @@
     "path": "github.com/davecgh/go-spew/spew/LICENSE",
     "licenseText": "ISC License\n\nCopyright (c) 2012-2016 Dave Collins \u003cdave@davec.name\u003e\n\nPermission to use, copy, modify, and/or distribute this software for any\npurpose with or without fee is hereby granted, provided that the above\ncopyright notice and this permission notice appear in all copies.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES\nWITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR\nANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES\nWHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN\nACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF\nOR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.\n"
   },
-  {
-    "name": "github.com/dgryski/go-rendezvous",
-    "path": "github.com/dgryski/go-rendezvous/LICENSE",
-    "licenseText": "The MIT License (MIT)\n\nCopyright (c) 2017-2020 Damian Gryski \u003cdamian@gryski.com\u003e\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in\nall copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\nTHE SOFTWARE.\n"
-  },
   {
     "name": "github.com/djherbis/buffer",
     "path": "github.com/djherbis/buffer/LICENSE.txt",
diff --git a/go.mod b/go.mod
index 1ccdc5b53e..ef81dae8b1 100644
--- a/go.mod
+++ b/go.mod
@@ -88,7 +88,7 @@ require (
 	github.com/opencontainers/image-spec v1.1.1
 	github.com/pquerna/otp v1.5.0
 	github.com/prometheus/client_golang v1.21.1
-	github.com/redis/go-redis/v9 v9.17.3
+	github.com/redis/go-redis/v9 v9.19.0
 	github.com/santhosh-tekuri/jsonschema/v6 v6.0.2
 	github.com/sergi/go-diff v1.4.0
 	github.com/stretchr/testify v1.11.1
@@ -159,7 +159,6 @@ require (
 	github.com/cloudflare/circl v1.6.3 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/davidmz/go-pageant v1.0.2 // indirect
-	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/dlclark/regexp2 v1.11.5 // indirect
 	github.com/dsoprea/go-iptc v0.0.0-20200609062250-162ae6b44feb // indirect
 	github.com/dsoprea/go-logging v0.0.0-20200710184922-b02d349568dd // indirect
diff --git a/go.sum b/go.sum
index bb15d173bb..8821c51435 100644
--- a/go.sum
+++ b/go.sum
@@ -194,8 +194,6 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0=
 github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE=
-github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
-github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
 github.com/djherbis/buffer v1.1.0/go.mod h1:VwN8VdFkMY0DCALdY8o00d3IZ6Amz/UNVMWcSaJT44o=
 github.com/djherbis/buffer v1.2.0 h1:PH5Dd2ss0C7CRRhQCZ2u7MssF+No9ide8Ye71nPHcrQ=
 github.com/djherbis/buffer v1.2.0/go.mod h1:fjnebbZjCUpPinBRD+TDwXSOeNQ7fPQWLfGQqiAiUyE=
@@ -608,8 +606,8 @@ github.com/prometheus/common v0.62.0 h1:xasJaQlnWAeyHdUBeGjXmutelfJHWMRr+Fg4QszZ
 github.com/prometheus/common v0.62.0/go.mod h1:vyBcEuLSvWos9B1+CyL7JZ2up+uFzXhkqml0W5zIY1I=
 github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=
 github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=
-github.com/redis/go-redis/v9 v9.17.3 h1:fN29NdNrE17KttK5Ndf20buqfDZwGNgoUr9qjl1DQx4=
-github.com/redis/go-redis/v9 v9.17.3/go.mod h1:u410H11HMLoB+TP67dz8rL9s6QW2j76l0//kSOd3370=
+github.com/redis/go-redis/v9 v9.19.0 h1:XPVaaPSnG6RhYf7p+rmSa9zZfeVAnWsH5h3lxthOm/k=
+github.com/redis/go-redis/v9 v9.19.0/go.mod h1:v/M13XI1PVCDcm01VtPFOADfZtHf8YW3baQf57KlIkA=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
 github.com/rhysd/actionlint v1.7.10 h1:FL3XIEs72G4/++168vlv5FKOWMSWvWIQw1kBCadyOcM=

From 525a377c24efa1da71de623477db9175730f43c2 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 5 May 2026 02:58:47 +0200
Subject: [PATCH 799/854] feat: add name & description columns to authorized
 integration DB table (#12413)

User interfaces for authorized integrations will benefit from having a name field, to allow a list of authorized integrations to have an identifiable user-entered label.

I've also added a "description" column which is a `LONGTEXT` field.  My thought for this field is that if I were creating authorized integrations, I'd like to be able to write down where they're used, what they're used for, and how the remote system is configured.  For example, if it was an authorized integration to allow AWS -> Forgejo integration, the AWS side can be complicated -- IAM roles which are assumed, resources like EC2 instances or Lambdas that can access the roles -- and this would provide a natural place to make some notes to help me remember how the remote is configured.  I expect to represent this as a `<textarea>` in the Authorized Integration, optional, possibly markdown-formatted to allow links & bullet-points.

Manually tested migration with PG backend, and manually tested creation of authorized integrations with the CLI updates.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12413
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 ...in_user_generate_authorized_integration.go | 31 +++++++---
 models/auth/authorized_integration.go         |  3 +
 ...authorized_integration_name_description.go | 60 +++++++++++++++++++
 3 files changed, 86 insertions(+), 8 deletions(-)
 create mode 100644 models/forgejo_migrations/v16b_authorized_integration_name_description.go

diff --git a/cmd/admin_user_generate_authorized_integration.go b/cmd/admin_user_generate_authorized_integration.go
index fc159d90ae..ca39ac1b6f 100644
--- a/cmd/admin_user_generate_authorized_integration.go
+++ b/cmd/admin_user_generate_authorized_integration.go
@@ -38,6 +38,15 @@ enable-openid-connect flag in a workflow.`,
 				Usage:    "Username",
 				Required: true,
 			},
+			&cli.StringFlag{
+				Name:     "name",
+				Usage:    "Name of the authorized integration for later identification",
+				Required: true,
+			},
+			&cli.StringFlag{
+				Name:  "description",
+				Usage: "Optional description for the authorized integration",
+			},
 
 			// JWT validation:
 			&cli.StringFlag{
@@ -92,7 +101,9 @@ func runCreateAuthorizedIntegration(ctx context.Context, c *cli.Command) error {
 	}
 
 	ai := &auth_model.AuthorizedIntegration{
-		UserID: user.ID,
+		UserID:      user.ID,
+		Name:        c.String("name"),
+		Description: c.String("description"),
 	}
 
 	var rules []auth_model.ClaimRule
@@ -171,14 +182,18 @@ func runCreateAuthorizedIntegration(ctx context.Context, c *cli.Command) error {
 		Value       string                     `json:"value"`
 	}
 	output := struct {
-		Message    string                 `json:"message"`
-		Issuer     string                 `json:"issuer"`
-		Audience   string                 `json:"audience"`
-		ClaimRules []ClaimRuleDescription `json:"claim_rules"`
+		Message     string                 `json:"message"`
+		Name        string                 `json:"name"`
+		Description string                 `json:"description,omitempty"`
+		Issuer      string                 `json:"issuer"`
+		Audience    string                 `json:"audience"`
+		ClaimRules  []ClaimRuleDescription `json:"claim_rules"`
 	}{
-		Message:  "Authorized integration was successfully created.",
-		Issuer:   ai.Issuer,
-		Audience: ai.Audience,
+		Message:     "Authorized integration was successfully created.",
+		Name:        ai.Name,
+		Description: ai.Description,
+		Issuer:      ai.Issuer,
+		Audience:    ai.Audience,
 	}
 	for _, cr := range ai.ClaimRules.Rules {
 		var description string
diff --git a/models/auth/authorized_integration.go b/models/auth/authorized_integration.go
index e4cc8cedb0..ca5e103146 100644
--- a/models/auth/authorized_integration.go
+++ b/models/auth/authorized_integration.go
@@ -30,6 +30,9 @@ type AuthorizedIntegration struct {
 	Scope            AccessTokenScope `xorm:"NOT NULL"`
 	ResourceAllRepos bool             `xorm:"NOT NULL"` // flag for whether AuthorizedIntegrationResourceRepo instances will limit the resources this access token can access (false) or won't limit them (true).
 
+	Name        string // short name for lists of authorized integrations
+	Description string `xorm:"LONGTEXT"` // long description, optional to document relevant details of the integration
+
 	// Exact-match `iss` claim of the JWT
 	Issuer string `xorm:"NOT NULL UNIQUE(s)"`
 	// Exact-match `aud` claim of the JWT
diff --git a/models/forgejo_migrations/v16b_authorized_integration_name_description.go b/models/forgejo_migrations/v16b_authorized_integration_name_description.go
new file mode 100644
index 0000000000..3f5450310f
--- /dev/null
+++ b/models/forgejo_migrations/v16b_authorized_integration_name_description.go
@@ -0,0 +1,60 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package forgejo_migrations
+
+import (
+	"context"
+	"fmt"
+
+	"forgejo.org/models/db"
+	"forgejo.org/modules/timeutil"
+
+	"xorm.io/xorm"
+)
+
+func init() {
+	registerMigration(&Migration{
+		Description: "add name & description to authorized_integration",
+		Upgrade:     addAuthorizedIntegrationNameDescription,
+	})
+}
+
+func addAuthorizedIntegrationNameDescription(x *xorm.Engine) error {
+	type AuthorizedIntegration struct {
+		// New fields:
+		Name        string
+		Description string `xorm:"LONGTEXT"`
+
+		// Existing fields, used for UPDATE in migration:
+		ID          int64              `xorm:"pk autoincr"`
+		Issuer      string             `xorm:"NOT NULL UNIQUE(s)"`
+		Audience    string             `xorm:"NOT NULL UNIQUE(s)"`
+		CreatedUnix timeutil.TimeStamp `xorm:"NOT NULL created"`
+		// don't include `UpdatedUnix`, so the updated timestamp isn't bumped when Name is set in migration
+	}
+
+	_, err := x.SyncWithOptions(
+		xorm.SyncOptions{IgnoreDropIndices: true},
+		new(AuthorizedIntegration),
+	)
+	if err != nil {
+		return err
+	}
+
+	// As v16a has creating this table, v16b will likely have no records for any users.  But for developers working on
+	// v16, populate "Name" with a quick computed value:
+	return db.Iterate(db.DefaultContext, nil, func(ctx context.Context, ai *AuthorizedIntegration) error {
+		ai.Name = fmt.Sprintf("%s created %s", ai.Issuer, ai.CreatedUnix.FormatDate())
+		r, err := db.GetEngine(ctx).
+			ID(ai.ID).
+			Cols("name").
+			Update(ai)
+		if err != nil {
+			return err
+		} else if r != 1 {
+			return fmt.Errorf("UPDATE expected to affect 1 row, but was %d", r)
+		}
+		return nil
+	})
+}

From c1ac671b555663c333528433f1c5e943ce9621a3 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 5 May 2026 02:59:34 +0200
Subject: [PATCH 800/854] feat: reusable workflow outer job is skipped if 'if:'
 block skips workflow (#12412)

Follow-up to https://code.forgejo.org/forgejo/runner/pulls/1509 -- improves the UX in Forgejo when a reusable workflow is skipped, marking the workflow as skipped rather than succeeded.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12412
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 modules/actions/task_state.go        |  2 ++
 modules/actions/task_state_test.go   | 15 +++++++++++++++
 services/actions/job_emitter.go      | 19 ++++++++++++++-----
 services/actions/job_emitter_test.go | 21 +++++++++++++++++++++
 4 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/modules/actions/task_state.go b/modules/actions/task_state.go
index 77bfc747ee..889a0b0364 100644
--- a/modules/actions/task_state.go
+++ b/modules/actions/task_state.go
@@ -111,6 +111,8 @@ func fullStepsOfEmptySteps(task *actions_model.ActionTask) []*actions_model.Acti
 		preStep.Status = task.Status
 		if preStep.Status.IsSuccess() {
 			postStep.Status = actions_model.StatusSuccess
+		} else if preStep.Status.IsSkipped() {
+			postStep.Status = actions_model.StatusSkipped
 		} else {
 			postStep.Status = actions_model.StatusCancelled
 		}
diff --git a/modules/actions/task_state_test.go b/modules/actions/task_state_test.go
index e18de4573f..084de1c709 100644
--- a/modules/actions/task_state_test.go
+++ b/modules/actions/task_state_test.go
@@ -156,6 +156,21 @@ func TestFullSteps(t *testing.T) {
 				{Name: postStepName, Status: actions_model.StatusSuccess, LogIndex: 90, LogLength: 10, Started: 10090, Stopped: 10100},
 			},
 		},
+		{
+			// situation occurs with a reusable workflow's outer job which has no steps
+			name: "skipped task w/ zero steps",
+			task: &actions_model.ActionTask{
+				Steps:     []*actions_model.ActionTaskStep{},
+				Status:    actions_model.StatusSkipped,
+				Started:   0,
+				Stopped:   0,
+				LogLength: 0,
+			},
+			want: []*actions_model.ActionTaskStep{
+				{Name: preStepName, Status: actions_model.StatusSkipped, LogIndex: 0, LogLength: 0, Started: 0, Stopped: 0},
+				{Name: postStepName, Status: actions_model.StatusSkipped, LogIndex: 0, LogLength: 0, Started: 0, Stopped: 0},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/services/actions/job_emitter.go b/services/actions/job_emitter.go
index 0a9c297033..faaf9d2cdf 100644
--- a/services/actions/job_emitter.go
+++ b/services/actions/job_emitter.go
@@ -77,7 +77,7 @@ func checkJobsOfRun(ctx context.Context, runID int64, recursionCount int) error
 				job.Status = status
 				updateColumns := []string{"status"}
 
-				if status == actions_model.StatusWaiting {
+				if status.IsWaiting() {
 					behaviour, err := tryHandleIncompleteMatrix(ctx, job, jobs)
 					switch behaviour {
 					case behaviourError:
@@ -95,7 +95,7 @@ func checkJobsOfRun(ctx context.Context, runID int64, recursionCount int) error
 						// Stop processing any other jobs in this run.
 						return nil
 					}
-				} else if status == actions_model.StatusSuccess || status == actions_model.StatusFailure {
+				} else if status.IsSuccess() || status.IsFailure() || status.IsSkipped() {
 					// Transition to these states can be triggered by workflow call outer jobs
 					additionalColumns, err := tryHandleWorkflowCallOuterJob(ctx, job)
 					if err != nil {
@@ -192,7 +192,7 @@ func (r *jobStatusResolver) resolve() map[int64]actions_model.Status {
 		if status != actions_model.StatusBlocked {
 			continue
 		}
-		allDone, allSucceed, allSucceedOrSkip := true, true, true
+		allDone, allSucceed, allSucceedOrSkip, allSkip := true, true, true, true
 		for _, need := range r.needs[id] {
 			needStatus := r.statuses[need]
 			if !needStatus.IsDone() {
@@ -204,12 +204,15 @@ func (r *jobStatusResolver) resolve() map[int64]actions_model.Status {
 			if needStatus.In(actions_model.StatusFailure, actions_model.StatusCancelled) {
 				allSucceedOrSkip = false
 			}
+			if !needStatus.IsSkipped() {
+				allSkip = false
+			}
 		}
 		if allDone {
 			if isWorkflowCallOuterJob, _ := r.jobMap[id].IsWorkflowCallOuterJob(); isWorkflowCallOuterJob {
 				// If the dependent job was a workflow call outer job, then options aren't waiting/skipped, but rather
-				// success/failure.  checkJobsOfRun will do additional work in these cases to "finish" the workflow call
-				// job as well.
+				// success/skip/failure.  checkJobsOfRun will do additional work in these cases to "finish" the workflow
+				// call job as well.
 				if allSucceedOrSkip {
 					isIncompleteMatrix, _, _ := r.jobMap[id].HasIncompleteMatrix()
 					isIncompleteWith, _, _, _ := r.jobMap[id].HasIncompleteWith()
@@ -221,6 +224,12 @@ func (r *jobStatusResolver) resolve() map[int64]actions_model.Status {
 						// `tryHandleIncompleteMatrix` to be reparsed, replaced with a full job definition, with new
 						// `needs` that contain its inner jobs:
 						ret[id] = actions_model.StatusWaiting
+					} else if allSkip {
+						// All of the inner jobs are skipped -- this most likely occurs because an outer job's `if:`
+						// condition was false, and that condition was populated to all the inner jobs.  Even if that's
+						// not the case, it's effectively true that the reusable workflow was skipped if all the inner
+						// jobs had their own `if:` conditions that were skipped.
+						ret[id] = actions_model.StatusSkipped
 					} else {
 						// This job is done by virtue of its inner jobs being done successfully.
 						ret[id] = actions_model.StatusSuccess
diff --git a/services/actions/job_emitter_test.go b/services/actions/job_emitter_test.go
index a7e3b7467b..d6696b3482 100644
--- a/services/actions/job_emitter_test.go
+++ b/services/actions/job_emitter_test.go
@@ -179,6 +179,27 @@ __metadata:
 				3: actions_model.StatusSuccess,
 			},
 		},
+		{
+			name: "unblocked workflow call outer job with only skip",
+			jobs: actions_model.ActionJobList{
+				{ID: 1, JobID: "job1.innerjob1", Status: actions_model.StatusSkipped, Needs: []string{}},
+				{ID: 2, JobID: "job1.innerjob2", Status: actions_model.StatusSkipped, Needs: []string{}},
+				{ID: 3, JobID: "job1", Status: actions_model.StatusBlocked, Needs: []string{"job1.innerjob1", "job1.innerjob2"}, WorkflowPayload: []byte(
+					`
+name: test
+on: push
+jobs:
+  job2:
+    if: false
+    uses: ./.forgejo/workflows/reusable.yml
+__metadata:
+  workflow_call_id: b5a9f46f1f2513d7777fde50b169d323a6519e349cc175484c947ac315a209ed
+`)},
+			},
+			want: map[int64]actions_model.Status{
+				3: actions_model.StatusSkipped,
+			},
+		},
 		{
 			name: "unblocked workflow call outer job, incomplete `with`",
 			jobs: actions_model.ActionJobList{

From 6f5bef54b0c0cbd64a8a9fe613d26ab3d764d8e5 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 5 May 2026 09:43:48 +0200
Subject: [PATCH 801/854] Update dependency globals to v17.6.0 (forgejo)
 (#12417)

---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 3ab1e706d2..0dd4fd4ffc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -107,7 +107,7 @@
         "eslint-plugin-vue": "10.8.0",
         "eslint-plugin-vue-scoped-css": "2.12.0",
         "eslint-plugin-wc": "3.1.0",
-        "globals": "17.5.0",
+        "globals": "17.6.0",
         "happy-dom": "20.8.9",
         "license-checker-rseidelsohn": "4.4.2",
         "markdownlint-cli": "0.48.0",
@@ -9200,9 +9200,9 @@
       }
     },
     "node_modules/globals": {
-      "version": "17.5.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-17.5.0.tgz",
-      "integrity": "sha512-qoV+HK2yFl/366t2/Cb3+xxPUo5BuMynomoDmiaZBIdbs+0pYbjfZU+twLhGKp4uCZ/+NbtpVepH5bGCxRyy2g==",
+      "version": "17.6.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-17.6.0.tgz",
+      "integrity": "sha512-sepffkT8stwnIYbsMBpoCHJuJM5l98FUF2AnE07hfvE0m/qp3R586hw4jF4uadbhvg1ooIdzuu7CsfD2jzCaNA==",
       "dev": true,
       "license": "MIT",
       "engines": {
diff --git a/package.json b/package.json
index f2d22f6d7c..c5ff835d69 100644
--- a/package.json
+++ b/package.json
@@ -106,7 +106,7 @@
     "eslint-plugin-vue": "10.8.0",
     "eslint-plugin-vue-scoped-css": "2.12.0",
     "eslint-plugin-wc": "3.1.0",
-    "globals": "17.5.0",
+    "globals": "17.6.0",
     "happy-dom": "20.8.9",
     "license-checker-rseidelsohn": "4.4.2",
     "markdownlint-cli": "0.48.0",

From c07ea09050513832093aefaf5db2fd5493c6df4a Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Tue, 5 May 2026 12:41:42 +0200
Subject: [PATCH 802/854] fix: cleanup data before migration retry (#12370)

In the case you hit some API error (Github ratelimit was often a problem) or the instance restarted in the middle of your migration, you would be left with data on the disk and/or database. Upon retrying the migration the migration code would (rightfully) fail because it's trying to migrate stuff that already exists.

This was hit so often on Codeberg it was better to force people to delete and start whole migration process again: https://codeberg.org/Codeberg-Infrastructure/forgejo/commit/28ee60c91f237268aa526086d0cce7a8f5380a9b

Delete the repository data before retrying to solve this.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12370
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 models/repo.go                                | 23 ++------
 routers/api/v1/repo/key.go                    |  2 +-
 routers/api/v1/repo/migrate.go                |  2 +-
 routers/web/repo/migrate.go                   |  2 -
 routers/web/repo/setting/deploy_key.go        |  2 +-
 services/asymkey/deploy_key.go                | 16 ++----
 services/cron/tasks_extended.go               |  4 +-
 services/doctor/repository.go                 |  4 +-
 services/repository/check.go                  |  5 +-
 services/repository/create.go                 |  2 +-
 services/repository/create_test.go            |  4 +-
 services/repository/delete.go                 | 43 ++++++++++-----
 services/repository/repository.go             |  2 +-
 .../fixtures/TestRetryMigrateTask/issue.yml   | 16 ++++++
 .../TestRetryMigrateTask/repo_unit.yml        | 34 ++++++++++++
 .../fixtures/TestRetryMigrateTask/task.yml    | 22 ++++++++
 services/task/task.go                         | 18 ++++---
 services/task/task_test.go                    | 52 +++++++++++++++++++
 tests/integration/api_repo_test.go            |  2 +-
 .../ephemeral_actions_runner_deletion_test.go |  3 +-
 tests/integration/git_push_test.go            |  4 +-
 21 files changed, 191 insertions(+), 71 deletions(-)
 create mode 100644 services/task/fixtures/TestRetryMigrateTask/issue.yml
 create mode 100644 services/task/fixtures/TestRetryMigrateTask/repo_unit.yml
 create mode 100644 services/task/fixtures/TestRetryMigrateTask/task.yml

diff --git a/models/repo.go b/models/repo.go
index 1b9cc8fa60..6a4da96b95 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -14,10 +14,8 @@ import (
 	asymkey_model "forgejo.org/models/asymkey"
 	"forgejo.org/models/db"
 	issues_model "forgejo.org/models/issues"
-	access_model "forgejo.org/models/perm/access"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unit"
-	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
 	"forgejo.org/services/stats"
 
@@ -277,7 +275,7 @@ func DoctorUserStarNum(ctx context.Context) (err error) {
 }
 
 // DeleteDeployKey delete deploy keys
-func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error {
+func DeleteDeployKey(ctx context.Context, id, repoID int64) error {
 	key, err := asymkey_model.GetDeployKeyByID(ctx, id)
 	if err != nil {
 		if asymkey_model.IsErrDeployKeyNotExist(err) {
@@ -286,21 +284,10 @@ func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error
 		return fmt.Errorf("GetDeployKeyByID: %w", err)
 	}
 
-	// Check if user has access to delete this key.
-	if !doer.IsAdmin {
-		repo, err := repo_model.GetRepositoryByID(ctx, key.RepoID)
-		if err != nil {
-			return fmt.Errorf("GetRepositoryByID: %w", err)
-		}
-		has, err := access_model.IsUserRepoAdmin(ctx, repo, doer)
-		if err != nil {
-			return fmt.Errorf("GetUserRepoPermission: %w", err)
-		} else if !has {
-			return asymkey_model.ErrKeyAccessDenied{
-				UserID: doer.ID,
-				KeyID:  key.ID,
-				Note:   "deploy",
-			}
+	if key.RepoID != repoID {
+		return asymkey_model.ErrKeyAccessDenied{
+			KeyID: key.ID,
+			Note:  "deploy",
 		}
 	}
 
diff --git a/routers/api/v1/repo/key.go b/routers/api/v1/repo/key.go
index 36fe2080d4..caa482cf9b 100644
--- a/routers/api/v1/repo/key.go
+++ b/routers/api/v1/repo/key.go
@@ -279,7 +279,7 @@ func DeleteDeploykey(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	if err := asymkey_service.DeleteDeployKey(ctx, ctx.Doer, ctx.ParamsInt64(":id")); err != nil {
+	if err := asymkey_service.DeleteDeployKey(ctx, ctx.ParamsInt64(":id"), ctx.Repo.Repository.ID); err != nil {
 		if asymkey_model.IsErrKeyAccessDenied(err) {
 			ctx.Error(http.StatusForbidden, "", "You do not have access to this key")
 		} else {
diff --git a/routers/api/v1/repo/migrate.go b/routers/api/v1/repo/migrate.go
index 272806bfb0..7ec4f901a3 100644
--- a/routers/api/v1/repo/migrate.go
+++ b/routers/api/v1/repo/migrate.go
@@ -205,7 +205,7 @@ func Migrate(ctx *context.APIContext) {
 		}
 
 		if repo != nil {
-			if errDelete := repo_service.DeleteRepositoryDirectly(ctx, ctx.Doer, repo.ID); errDelete != nil {
+			if errDelete := repo_service.DeleteRepositoryDirectly(ctx, repo.ID, repo_service.DeleteRepositoryOpts{}); errDelete != nil {
 				log.Error("DeleteRepository: %v", errDelete)
 			}
 		}
diff --git a/routers/web/repo/migrate.go b/routers/web/repo/migrate.go
index cbccb10b06..4397c49e9e 100644
--- a/routers/web/repo/migrate.go
+++ b/routers/web/repo/migrate.go
@@ -269,7 +269,6 @@ func setMigrationContextData(ctx *context.Context, serviceType structs.GitServic
 func MigrateRetryPost(ctx *context.Context) {
 	ok, err := quota_model.EvaluateForUser(ctx, ctx.Repo.Repository.OwnerID, quota_model.LimitSubjectSizeReposAll)
 	if err != nil {
-		log.Error("quota_model.EvaluateForUser: %v", err)
 		ctx.ServerError("quota_model.EvaluateForUser", err)
 		return
 	}
@@ -287,7 +286,6 @@ func MigrateRetryPost(ctx *context.Context) {
 	}
 
 	if err := task.RetryMigrateTask(ctx, ctx.Repo.Repository.ID); err != nil {
-		log.Error("Retry task failed: %v", err)
 		ctx.ServerError("task.RetryMigrateTask", err)
 		return
 	}
diff --git a/routers/web/repo/setting/deploy_key.go b/routers/web/repo/setting/deploy_key.go
index c59f0e90c2..879a21aaa5 100644
--- a/routers/web/repo/setting/deploy_key.go
+++ b/routers/web/repo/setting/deploy_key.go
@@ -99,7 +99,7 @@ func DeployKeysPost(ctx *context.Context) {
 
 // DeleteDeployKey response for deleting a deploy key
 func DeleteDeployKey(ctx *context.Context) {
-	if err := asymkey_service.DeleteDeployKey(ctx, ctx.Doer, ctx.FormInt64("id")); err != nil {
+	if err := asymkey_service.DeleteDeployKey(ctx, ctx.FormInt64("id"), ctx.Repo.Repository.ID); err != nil {
 		ctx.Flash.Error("DeleteDeployKey: " + err.Error())
 	} else {
 		ctx.Flash.Success(ctx.Tr("repo.settings.deploy_key_deletion_success"))
diff --git a/services/asymkey/deploy_key.go b/services/asymkey/deploy_key.go
index 4a2cb53eec..518a2a54ec 100644
--- a/services/asymkey/deploy_key.go
+++ b/services/asymkey/deploy_key.go
@@ -9,21 +9,13 @@ import (
 	"forgejo.org/models"
 	asymkey_model "forgejo.org/models/asymkey"
 	"forgejo.org/models/db"
-	user_model "forgejo.org/models/user"
 )
 
 // DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.
-func DeleteDeployKey(ctx context.Context, doer *user_model.User, id int64) error {
-	dbCtx, committer, err := db.TxContext(ctx)
-	if err != nil {
-		return err
-	}
-	defer committer.Close()
-
-	if err := models.DeleteDeployKey(dbCtx, doer, id); err != nil {
-		return err
-	}
-	if err := committer.Commit(); err != nil {
+func DeleteDeployKey(ctx context.Context, id, repoID int64) error {
+	if err := db.WithTx(ctx, func(ctx context.Context) error {
+		return models.DeleteDeployKey(ctx, id, repoID)
+	}); err != nil {
 		return err
 	}
 
diff --git a/services/cron/tasks_extended.go b/services/cron/tasks_extended.go
index fc89fa020f..0cca72afe9 100644
--- a/services/cron/tasks_extended.go
+++ b/services/cron/tasks_extended.go
@@ -101,8 +101,8 @@ func registerDeleteMissingRepositories() {
 		Enabled:    false,
 		RunAtStart: false,
 		Schedule:   "@every 72h",
-	}, func(ctx context.Context, user *user_model.User, _ Config) error {
-		return repo_service.DeleteMissingRepositories(ctx, user)
+	}, func(ctx context.Context, _ *user_model.User, _ Config) error {
+		return repo_service.DeleteMissingRepositories(ctx)
 	})
 }
 
diff --git a/services/doctor/repository.go b/services/doctor/repository.go
index cd51483d88..a3d845f980 100644
--- a/services/doctor/repository.go
+++ b/services/doctor/repository.go
@@ -7,7 +7,6 @@ import (
 	"context"
 
 	"forgejo.org/models/db"
-	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/storage"
 	repo_service "forgejo.org/services/repository"
@@ -39,7 +38,6 @@ func deleteOrphanedRepos(ctx context.Context) (int64, error) {
 	batchSize := db.MaxBatchInsertSize("repository")
 	e := db.GetEngine(ctx)
 	var deleted int64
-	adminUser := &user_model.User{IsAdmin: true}
 
 	for {
 		select {
@@ -60,7 +58,7 @@ func deleteOrphanedRepos(ctx context.Context) (int64, error) {
 			}
 
 			for _, id := range ids {
-				if err := repo_service.DeleteRepositoryDirectly(ctx, adminUser, id, true); err != nil {
+				if err := repo_service.DeleteRepositoryDirectly(ctx, id, repo_service.DeleteRepositoryOpts{IgnoreOrgTeams: true}); err != nil {
 					return deleted, err
 				}
 				deleted++
diff --git a/services/repository/check.go b/services/repository/check.go
index 7e680f3c58..1c9e16e02c 100644
--- a/services/repository/check.go
+++ b/services/repository/check.go
@@ -12,7 +12,6 @@ import (
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
 	system_model "forgejo.org/models/system"
-	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/log"
 	repo_module "forgejo.org/modules/repository"
@@ -146,7 +145,7 @@ func gatherMissingRepoRecords(ctx context.Context) (repo_model.RepositoryList, e
 }
 
 // DeleteMissingRepositories deletes all repository records that lost Git files.
-func DeleteMissingRepositories(ctx context.Context, doer *user_model.User) error {
+func DeleteMissingRepositories(ctx context.Context) error {
 	repos, err := gatherMissingRepoRecords(ctx)
 	if err != nil {
 		return err
@@ -163,7 +162,7 @@ func DeleteMissingRepositories(ctx context.Context, doer *user_model.User) error
 		default:
 		}
 		log.Trace("Deleting %d/%d...", repo.OwnerID, repo.ID)
-		if err := DeleteRepositoryDirectly(ctx, doer, repo.ID); err != nil {
+		if err := DeleteRepositoryDirectly(ctx, repo.ID, DeleteRepositoryOpts{}); err != nil {
 			log.Error("Failed to DeleteRepository %-v: Error: %v", repo, err)
 			if err2 := system_model.CreateRepositoryNotice("Failed to DeleteRepository %s [%d]: Error: %v", repo.FullName(), repo.ID, err); err2 != nil {
 				log.Error("CreateRepositoryNotice: %v", err)
diff --git a/services/repository/create.go b/services/repository/create.go
index b7232b27cc..43458bed5d 100644
--- a/services/repository/create.go
+++ b/services/repository/create.go
@@ -308,7 +308,7 @@ func CreateRepositoryDirectly(ctx context.Context, doer, u *user_model.User, opt
 		return nil
 	}); err != nil {
 		if rollbackRepo != nil {
-			if errDelete := DeleteRepositoryDirectly(ctx, doer, rollbackRepo.ID); errDelete != nil {
+			if errDelete := DeleteRepositoryDirectly(ctx, rollbackRepo.ID, DeleteRepositoryOpts{}); errDelete != nil {
 				log.Error("Rollback deleteRepository: %v", errDelete)
 			}
 		}
diff --git a/services/repository/create_test.go b/services/repository/create_test.go
index bd14a5e520..4669199151 100644
--- a/services/repository/create_test.go
+++ b/services/repository/create_test.go
@@ -130,7 +130,7 @@ func TestIncludesAllRepositoriesTeams(t *testing.T) {
 	}
 
 	// Remove repo and check teams repositories.
-	require.NoError(t, DeleteRepositoryDirectly(db.DefaultContext, user, repoIDs[0]), "DeleteRepository")
+	require.NoError(t, DeleteRepositoryDirectly(db.DefaultContext, repoIDs[0], DeleteRepositoryOpts{}), "DeleteRepository")
 	teamRepos[0] = repoIDs[1:]
 	teamRepos[1] = repoIDs[1:]
 	teamRepos[3] = repoIDs[1:3]
@@ -142,7 +142,7 @@ func TestIncludesAllRepositoriesTeams(t *testing.T) {
 	// Wipe created items.
 	for i, rid := range repoIDs {
 		if i > 0 { // first repo already deleted.
-			require.NoError(t, DeleteRepositoryDirectly(db.DefaultContext, user, rid), "DeleteRepository %d", i)
+			require.NoError(t, DeleteRepositoryDirectly(db.DefaultContext, rid, DeleteRepositoryOpts{}), "DeleteRepository %d", i)
 		}
 	}
 	require.NoError(t, organization.DeleteOrganization(db.DefaultContext, org), "DeleteOrganization")
diff --git a/services/repository/delete.go b/services/repository/delete.go
index 8766204f34..8544a86604 100644
--- a/services/repository/delete.go
+++ b/services/repository/delete.go
@@ -38,9 +38,17 @@ import (
 	"xorm.io/builder"
 )
 
+type DeleteRepositoryOpts struct {
+	// Don't modify teams if they are attached to this repository.
+	IgnoreOrgTeams bool
+	// Keep migration-related beans. Should only be used to cleanup data to
+	// start another migration.
+	KeepMigrationBeans bool
+}
+
 // DeleteRepository deletes a repository for a user or organization.
 // make sure if you call this func to close open sessions (sqlite will otherwise get a deadlock)
-func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID int64, ignoreOrgTeams ...bool) error {
+func DeleteRepositoryDirectly(ctx context.Context, repoID int64, opts DeleteRepositoryOpts) error {
 	ctx, committer, err := db.TxContext(ctx)
 	if err != nil {
 		return err
@@ -75,7 +83,7 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
 	// In case owner is a organization, we have to change repo specific teams
 	// if ignoreOrgTeams is not true
 	var org *user_model.User
-	if len(ignoreOrgTeams) == 0 || !ignoreOrgTeams[0] {
+	if !opts.IgnoreOrgTeams {
 		if org, err = user_model.GetUserByID(ctx, repo.OwnerID); err != nil {
 			return err
 		}
@@ -88,7 +96,7 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
 	}
 	needRewriteKeysFile := len(deployKeys) > 0
 	for _, dKey := range deployKeys {
-		if err := models.DeleteDeployKey(ctx, doer, dKey.ID); err != nil {
+		if err := models.DeleteDeployKey(ctx, dKey.ID, repoID); err != nil {
 			return fmt.Errorf("deleteDeployKeys: %w", err)
 		}
 	}
@@ -173,9 +181,7 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
 		&repo_model.Release{RepoID: repoID},
 		&repo_model.RepoIndexerStatus{RepoID: repoID},
 		&repo_model.Redirect{RedirectRepoID: repoID},
-		&repo_model.RepoUnit{RepoID: repoID},
 		&repo_model.Star{RepoID: repoID},
-		&admin_model.Task{RepoID: repoID},
 		&repo_model.Watch{RepoID: repoID},
 		&webhook.Webhook{RepoID: repoID},
 		&secret_model.Secret{RepoID: repoID},
@@ -195,18 +201,29 @@ func DeleteRepositoryDirectly(ctx context.Context, doer *user_model.User, repoID
 		return fmt.Errorf("deleteBeans: %w", err)
 	}
 
+	if !opts.KeepMigrationBeans {
+		if err := db.DeleteBeans(ctx,
+			&admin_model.Task{RepoID: repoID},
+			&repo_model.RepoUnit{RepoID: repoID},
+		); err != nil {
+			return fmt.Errorf("deleteBeans: %w", err)
+		}
+	}
+
 	// Delete Pulls and related objects
 	if err := issues_model.DeletePullsByBaseRepoID(ctx, repoID); err != nil {
 		return err
 	}
 
-	if cnt, err := sess.ID(repoID).Delete(&repo_model.Repository{}); err != nil {
-		return err
-	} else if cnt != 1 {
-		return repo_model.ErrRepoNotExist{
-			ID:        repoID,
-			OwnerName: "",
-			Name:      "",
+	if !opts.KeepMigrationBeans {
+		if cnt, err := sess.ID(repoID).Delete(&repo_model.Repository{}); err != nil {
+			return err
+		} else if cnt != 1 {
+			return repo_model.ErrRepoNotExist{
+				ID:        repoID,
+				OwnerName: "",
+				Name:      "",
+			}
 		}
 	}
 
@@ -491,7 +508,7 @@ func DeleteOwnerRepositoriesDirectly(ctx context.Context, owner *user_model.User
 			break
 		}
 		for _, repo := range repos {
-			if err := DeleteRepositoryDirectly(ctx, owner, repo.ID); err != nil {
+			if err := DeleteRepositoryDirectly(ctx, repo.ID, DeleteRepositoryOpts{}); err != nil {
 				return fmt.Errorf("unable to delete repository %s for %s[%d]. Error: %w", repo.Name, owner.Name, owner.ID, err)
 			}
 		}
diff --git a/services/repository/repository.go b/services/repository/repository.go
index 0d5ce647e0..8b206f79d3 100644
--- a/services/repository/repository.go
+++ b/services/repository/repository.go
@@ -63,7 +63,7 @@ func DeleteRepository(ctx context.Context, doer *user_model.User, repo *repo_mod
 		notify_service.DeleteRepository(ctx, doer, repo)
 	}
 
-	return DeleteRepositoryDirectly(ctx, doer, repo.ID)
+	return DeleteRepositoryDirectly(ctx, repo.ID, DeleteRepositoryOpts{})
 }
 
 // PushCreateRepo creates a repository when a new repository is pushed to an appropriate namespace
diff --git a/services/task/fixtures/TestRetryMigrateTask/issue.yml b/services/task/fixtures/TestRetryMigrateTask/issue.yml
new file mode 100644
index 0000000000..3fa46ff7d1
--- /dev/null
+++ b/services/task/fixtures/TestRetryMigrateTask/issue.yml
@@ -0,0 +1,16 @@
+-
+  id: 1001
+  repo_id: 20
+  index: 1
+  poster_id: 1
+  original_author_id: 0
+  name: eepy
+  content: I am part of a migration.
+  milestone_id: 0
+  priority: 0
+  is_closed: false
+  is_pull: false
+  num_comments: 0
+  created_unix: 1777647620
+  updated_unix: 1777647620
+  is_locked: false
diff --git a/services/task/fixtures/TestRetryMigrateTask/repo_unit.yml b/services/task/fixtures/TestRetryMigrateTask/repo_unit.yml
new file mode 100644
index 0000000000..f8e2ae5c84
--- /dev/null
+++ b/services/task/fixtures/TestRetryMigrateTask/repo_unit.yml
@@ -0,0 +1,34 @@
+-
+  id: 1001
+  repo_id: 20
+  type: 1
+  config: "{}"
+  created_unix: 1777646333
+
+-
+  id: 1002
+  repo_id: 20
+  type: 2
+  config: "{\"EnableTimetracker\":false,\"AllowOnlyContributorsToTrackTime\":false}"
+  created_unix: 1777646333
+
+-
+  id: 1003
+  repo_id: 20
+  type: 3
+  config: "{\"IgnoreWhitespaceConflicts\":true,\"AllowMerge\":true,\"AllowRebase\":false,\"AllowRebaseMerge\":true,\"AllowSquash\":false}"
+  created_unix: 1777646333
+
+-
+  id: 1004
+  repo_id: 20
+  type: 4
+  config: "{}"
+  created_unix: 1777646333
+
+-
+  id: 1005
+  repo_id: 20
+  type: 5
+  config: "{}"
+  created_unix: 1777646333
diff --git a/services/task/fixtures/TestRetryMigrateTask/task.yml b/services/task/fixtures/TestRetryMigrateTask/task.yml
new file mode 100644
index 0000000000..92bb0283b4
--- /dev/null
+++ b/services/task/fixtures/TestRetryMigrateTask/task.yml
@@ -0,0 +1,22 @@
+-
+  id: 1001
+  doer_id: 2
+  owner_id: 2
+  repo_id: 1
+  type: 0
+  status: 4
+  start_time: 1777645339
+  end_time: 1777645339
+  created: 1777645339
+
+-
+  id: 1002
+  doer_id: 2
+  owner_id: 2
+  repo_id: 20
+  type: 0
+  status: 3
+  message: 'canceled'
+  start_time: 1777645339
+  end_time: 1777645339
+  created: 1777645339
diff --git a/services/task/task.go b/services/task/task.go
index 0012b12cb0..695b321228 100644
--- a/services/task/task.go
+++ b/services/task/task.go
@@ -133,25 +133,31 @@ func CreateMigrateTask(ctx context.Context, doer, u *user_model.User, opts base.
 	return task, nil
 }
 
-// RetryMigrateTask retry a migrate task
+// RetryMigrateTask will retry the migration.
+// All data, from a previous migration, is deleted before it's retried.
 func RetryMigrateTask(ctx context.Context, repoID int64) error {
 	migratingTask, err := admin_model.GetMigratingTask(ctx, repoID)
 	if err != nil {
-		log.Error("GetMigratingTask: %v", err)
-		return err
+		return fmt.Errorf("GetMigratingTask: %w", err)
 	}
 	if migratingTask.Status == structs.TaskStatusQueued || migratingTask.Status == structs.TaskStatusRunning {
 		return nil
 	}
 
-	// TODO Need to removing the storage/database garbage brought by the failed task
+	// The migration is being retried, it could've failed for a variety of cases.
+	// In most cases however, some data already got uploaded to the disk or
+	// database. The migration code makes the assumption this is not the case and
+	// if we do not clean it up, the retry attempt will fail with absolute
+	// certainty.
+	if err := repo_service.DeleteRepositoryDirectly(ctx, repoID, repo_service.DeleteRepositoryOpts{IgnoreOrgTeams: true, KeepMigrationBeans: true}); err != nil {
+		return fmt.Errorf("DeleteRepositoryDirectly: %v", err)
+	}
 
 	// Reset task status and messages
 	migratingTask.Status = structs.TaskStatusQueued
 	migratingTask.Message = ""
 	if err = migratingTask.UpdateCols(ctx, "status", "message"); err != nil {
-		log.Error("task.UpdateCols failed: %v", err)
-		return err
+		return fmt.Errorf("task.UpdateCols: %w", err)
 	}
 
 	return taskQueue.Push(migratingTask)
diff --git a/services/task/task_test.go b/services/task/task_test.go
index 50ab1394a4..7444f6df5d 100644
--- a/services/task/task_test.go
+++ b/services/task/task_test.go
@@ -1,12 +1,21 @@
+// Copyright 2025 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
 package task
 
 import (
 	"testing"
 
 	admin_model "forgejo.org/models/admin"
+	issues_model "forgejo.org/models/issues"
+	repo_model "forgejo.org/models/repo"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/migration"
+	"forgejo.org/modules/queue"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/structs"
+	"forgejo.org/modules/test"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -50,3 +59,46 @@ func TestCreateMigrateTask(t *testing.T) {
 		assert.Equal(t, "https://admin:password@example.com", config.CloneAddr)
 	})
 }
+
+func TestRetryMigrateTask(t *testing.T) {
+	defer unittest.OverrideFixtures("services/task/fixtures/TestRetryMigrateTask/")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	t.Run("Migrate task does not exist", func(t *testing.T) {
+		err := RetryMigrateTask(t.Context(), 100)
+		require.ErrorIs(t, err, admin_model.ErrTaskDoesNotExist{RepoID: 100})
+	})
+
+	t.Run("Normal", func(t *testing.T) {
+		// Override the task queue temporarily.
+		called := false
+		testQueue, err := queue.NewWorkerPoolQueueWithContext(t.Context(), "task", setting.QueueSettings{Type: "immediate"}, func(items ...*admin_model.Task) []*admin_model.Task {
+			if assert.Len(t, items, 1) {
+				assert.Empty(t, items[0].Message)
+				assert.Equal(t, structs.TaskStatusQueued, items[0].Status)
+				assert.EqualValues(t, 1002, items[0].ID)
+			}
+			called = true
+			return nil
+		}, true)
+		require.NoError(t, err)
+		defer test.MockVariableValue(&taskQueue, testQueue)()
+
+		// Preconditions.
+		unittest.AssertExistsIf(t, true, &repo_model.Repository{ID: 20})
+		unittest.AssertExistsIf(t, true, &admin_model.Task{RepoID: 20, Status: structs.TaskStatusFailed})
+		unittest.AssertExistsIf(t, true, &issues_model.Issue{RepoID: 20})
+		unittest.AssertCount(t, &repo_model.RepoUnit{RepoID: 20}, 5)
+
+		require.NoError(t, RetryMigrateTask(t.Context(), 20))
+
+		// Verify queue was called.
+		assert.True(t, called)
+		// Verify some beans were NOT deleted.
+		unittest.AssertExistsIf(t, true, &repo_model.Repository{ID: 20})
+		unittest.AssertExistsIf(t, true, &admin_model.Task{RepoID: 20, Status: structs.TaskStatusQueued})
+		unittest.AssertCount(t, &repo_model.RepoUnit{RepoID: 20}, 5)
+		// Verify some beans were deleted.
+		unittest.AssertExistsIf(t, false, &issues_model.Issue{RepoID: 20})
+	})
+}
diff --git a/tests/integration/api_repo_test.go b/tests/integration/api_repo_test.go
index 29edff7ac0..afa99cc17f 100644
--- a/tests/integration/api_repo_test.go
+++ b/tests/integration/api_repo_test.go
@@ -957,7 +957,7 @@ func TestAPIRepoTransfer(t *testing.T) {
 
 	// cleanup
 	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: apiRepo.ID})
-	_ = repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID)
+	require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, repo.ID, repo_service.DeleteRepositoryOpts{}))
 }
 
 // This test verifies that a repo-specific access token with `write:repository` scope is not a sufficient to transfer a
diff --git a/tests/integration/ephemeral_actions_runner_deletion_test.go b/tests/integration/ephemeral_actions_runner_deletion_test.go
index 9e995c4864..54448bd47a 100644
--- a/tests/integration/ephemeral_actions_runner_deletion_test.go
+++ b/tests/integration/ephemeral_actions_runner_deletion_test.go
@@ -116,8 +116,7 @@ func TestEphemeralRunnerDeletionOnRepositoryDeletion(t *testing.T) {
 		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 10054})
 		assert.Equal(t, actions_model.StatusRunning, task.Status)
 
-		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
-		err = repo_service.DeleteRepositoryDirectly(t.Context(), user, task.RepoID, true)
+		err = repo_service.DeleteRepositoryDirectly(t.Context(), task.RepoID, repo_service.DeleteRepositoryOpts{IgnoreOrgTeams: true})
 		require.NoError(t, err)
 
 		_, err = actions_model.GetRunnerByID(t.Context(), 10000008)
diff --git a/tests/integration/git_push_test.go b/tests/integration/git_push_test.go
index c7c4f6750e..3a8c653efb 100644
--- a/tests/integration/git_push_test.go
+++ b/tests/integration/git_push_test.go
@@ -201,7 +201,7 @@ func runTestGitPush(t *testing.T, u *url.URL, objectFormat git.ObjectFormat, git
 		assert.Equal(t, commitID, branch.CommitID)
 	}
 
-	require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID))
+	require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, repo.ID, repo_service.DeleteRepositoryOpts{}))
 }
 
 func TestOptionsGitPush(t *testing.T) {
@@ -310,6 +310,6 @@ func testOptionsGitPush(t *testing.T, u *url.URL) {
 			assert.True(t, logFiltered[0])
 		})
 
-		require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, user, repo.ID))
+		require.NoError(t, repo_service.DeleteRepositoryDirectly(db.DefaultContext, repo.ID, repo_service.DeleteRepositoryOpts{}))
 	})
 }

From 0af17c5f8a072b93525e0af77b8a13b0a7f316bb Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 5 May 2026 17:56:41 +0200
Subject: [PATCH 803/854] chore(renovate): run end-to-end tests on runner
 updates (#12423)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12423
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 .forgejo/renovate.json | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.forgejo/renovate.json b/.forgejo/renovate.json
index 765319324b..758ae282a8 100644
--- a/.forgejo/renovate.json
+++ b/.forgejo/renovate.json
@@ -138,6 +138,13 @@
       ],
       "automerge": true
     },
+    {
+      "description": "Run end-to-end tests for some dependencies",
+      "matchPackageNames": [
+        "code.forgejo.org/forgejo/runner/**"
+      ],
+      "addLabels": ["run-end-to-end-tests"]
+    },
     {
       "description": "Disable indirect updates for stable branches",
       "matchBaseBranches": ["/^v\\d+\\.\\d+\\/forgejo$/"],

From 4cebc5d1d526c8676ecd5d6fd23c8838d9905d07 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Tue, 5 May 2026 22:39:01 +0200
Subject: [PATCH 804/854] Update module code.forgejo.org/forgejo/runner/v12 to
 v12.10.1 (forgejo) (#12426)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [code.forgejo.org/forgejo/runner/v12](https://code.forgejo.org/forgejo/runner) | `v12.10.0` → `v12.10.1` | ![age](https://developer.mend.io/api/mc/badges/age/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.10.1?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/code.forgejo.org%2fforgejo%2frunner%2fv12/v12.10.0/v12.10.1?slim=true) |

---

### Release Notes

<details>
<summary>forgejo/runner (code.forgejo.org/forgejo/runner/v12)</summary>

### [`v12.10.1`](https://code.forgejo.org/forgejo/runner/releases/tag/v12.10.1)

[Compare Source](https://code.forgejo.org/forgejo/runner/compare/v12.10.0...v12.10.1)

- [User guide](https://forgejo.org/docs/next/user/actions/overview/)
- [Administrator guide](https://forgejo.org/docs/next/admin/actions/)
- [Container images](https://code.forgejo.org/forgejo/-/packages/container/runner/versions)

Release Notes

***

<!--start release-notes-assistant-->

<!--URL:https://code.forgejo.org/forgejo/runner-->

- features
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1509): <!--number 1509 --><!--line 0 --><!--description ZmVhdDogbWVyZ2UgcmV1c2FibGUgZXhwYW5zaW9uIGNhbGxlcidzICdpZicgaW50byBleHBhbmRlZCBqb2Jz-->feat: merge reusable expansion caller's 'if' into expanded jobs<!--description-->
- bug fixes
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1510): <!--number 1510 --><!--line 0 --><!--description Zml4OiB3b3JrZmxvdy1sZXZlbCAnZW52JyBpcyBsb3N0IGR1cmluZyBqb2IgcGFyc2luZw==-->fix: workflow-level 'env' is lost during job parsing<!--description-->
- other
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1511): <!--number 1511 --><!--line 0 --><!--description Y2hvcmU6IHVzZSBzcGVjaWZpYyB2ZXJzaW9uIG9mIGdvZnVtcHQsIG5vdCBsYXRlc3Q=-->chore: use specific version of gofumpt, not latest<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1508): <!--number 1508 --><!--line 0 --><!--description Y2hvcmU6IGluY3JlYXNlIHRoZSBsZW5ndGggb2YgdGhlIGNhY2hlIHRva2VuIGtleQ==-->chore: increase the length of the cache token key<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1504): <!--number 1504 --><!--line 0 --><!--description Y2hvcmU6IHJlbW92ZSBnby1naXQ=-->chore: remove go-git<!--description-->
  - [PR](https://code.forgejo.org/forgejo/runner/pulls/1506): <!--number 1506 --><!--line 0 --><!--description cmVmYWN0b3I6IGRyb3AgdW51c2VkIENvbm5lY3RUb05ldHdvcmsgZnJvbSBDb250YWluZXIgaW50ZXJmYWNl-->refactor: drop unused ConnectToNetwork from Container interface<!--description-->

<!--end release-notes-assistant-->

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjAuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE2MC42IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJydW4tZW5kLXRvLWVuZC10ZXN0cyIsInRlc3Qvbm90LW5lZWRlZCJdfQ==-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12426
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index ef81dae8b1..2b2307f945 100644
--- a/go.mod
+++ b/go.mod
@@ -11,7 +11,7 @@ require (
 	code.forgejo.org/forgejo/go-rpmutils v1.0.0
 	code.forgejo.org/forgejo/levelqueue v1.0.0
 	code.forgejo.org/forgejo/reply v1.0.2
-	code.forgejo.org/forgejo/runner/v12 v12.10.0
+	code.forgejo.org/forgejo/runner/v12 v12.10.1
 	code.forgejo.org/go-chi/binding v1.0.1
 	code.forgejo.org/go-chi/cache v1.0.1
 	code.forgejo.org/go-chi/captcha v1.0.2
diff --git a/go.sum b/go.sum
index 8821c51435..188cd0010f 100644
--- a/go.sum
+++ b/go.sum
@@ -30,8 +30,8 @@ code.forgejo.org/forgejo/levelqueue v1.0.0 h1:9krYpU6BM+j/1Ntj6m+VCAIu0UNnne1/Uf
 code.forgejo.org/forgejo/levelqueue v1.0.0/go.mod h1:fmG6zhVuqim2rxSFOoasgXO8V2W/k9U31VVYqLIRLhQ=
 code.forgejo.org/forgejo/reply v1.0.2 h1:dMhQCHV6/O3L5CLWNTol+dNzDAuyCK88z4J/lCdgFuQ=
 code.forgejo.org/forgejo/reply v1.0.2/go.mod h1:RyZUfzQLc+fuLIGjTSQWDAJWPiL4WtKXB/FifT5fM7U=
-code.forgejo.org/forgejo/runner/v12 v12.10.0 h1:FgUrG7cfaV/3HcbKYu+r8VY42XKpv44Q0ZcaZM3Eng0=
-code.forgejo.org/forgejo/runner/v12 v12.10.0/go.mod h1:NEQXUvam9ofsTeSTAMnJXMyCZxKLoyQhVG6DAYSpOKw=
+code.forgejo.org/forgejo/runner/v12 v12.10.1 h1:qRKjWItVDc2lEMl3jGlKyFpqgX4xHeOdEyl/irO/Nk8=
+code.forgejo.org/forgejo/runner/v12 v12.10.1/go.mod h1:A51GyZJlril5cIpVMvOn3NqE8upOE6ePjwC6s31kRHk=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616 h1:kEZL84+02jY9RxXM4zHBWZ3Fml0B09cmP1LGkDsCfIA=
 code.forgejo.org/forgejo/ssh v0.0.0-20241211213324-5fc306ca0616/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8=
 code.forgejo.org/go-chi/binding v1.0.1 h1:coKNI+X1NzRN7X85LlrpvBRqk0TXpJ+ja28vusQWEuY=

From 59787fc2a00b90aefd5d2b00c8bf719a0b7f8045 Mon Sep 17 00:00:00 2001
From: Gabor Pihaj <gabor.pihaj@gmail.com>
Date: Wed, 6 May 2026 04:47:15 +0200
Subject: [PATCH 805/854] fix: return the error when InitDelegateHooks fail
 (#12427)

This pr PR is fixing a type introduced in #10397. In case of an error during the creation of the centralised hooks `git.InitFull` would have returned early, missing some of the configuration steps

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12427
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 modules/git/git.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/git/git.go b/modules/git/git.go
index 7f8674d099..ea3e2a1320 100644
--- a/modules/git/git.go
+++ b/modules/git/git.go
@@ -203,7 +203,7 @@ func InitFull(ctx context.Context) (err error) {
 
 	err = InitDelegateHooks(HomeDir())
 	if err != nil {
-		return nil
+		return err
 	}
 
 	return syncGitConfig()

From 09aaa129a2386dd5d3ac71e0280ff4a86469e569 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 6 May 2026 05:22:06 +0200
Subject: [PATCH 806/854] Update https://data.forgejo.org/actions/setup-forgejo
 action to v3.1.11 (forgejo) (#12429)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [https://data.forgejo.org/actions/setup-forgejo](https://code.forgejo.org/actions/setup-forgejo) | action | patch | `v3.1.10` → `v3.1.11` |

---

### Release Notes

<details>
<summary>actions/setup-forgejo (https://data.forgejo.org/actions/setup-forgejo)</summary>

### [`v3.1.11`](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.10...v3.1.11)

[Compare Source](https://code.forgejo.org/actions/setup-forgejo/compare/v3.1.10...v3.1.11)

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjAuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE2MC42IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12429
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index d649342588..0c17898d43 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -32,7 +32,7 @@ jobs:
       - uses: https://data.forgejo.org/actions/checkout@v6
 
       - id: forgejo
-        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.10
+        uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.11
         with:
           user: root
           password: admin1234

From 1cdef7d39f1fcb3bae527cd97b60f7dee8e0bee0 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Wed, 6 May 2026 12:02:58 +0200
Subject: [PATCH 807/854] chore: upgrade xorm to v1.3.9-forgejo.12 (#12430)

Upgrading to bring https://code.forgejo.org/xorm/xorm/pulls/106 into Forgejo.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12430
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 go.mod |  2 +-
 go.sum | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/go.mod b/go.mod
index 2b2307f945..23053c61ea 100644
--- a/go.mod
+++ b/go.mod
@@ -269,4 +269,4 @@ replace github.com/gliderlabs/ssh => code.forgejo.org/forgejo/ssh v0.0.0-2024121
 
 replace git.sr.ht/~mariusor/go-xsd-duration => code.forgejo.org/forgejo/go-xsd-duration v0.0.0-20220703122237-02e73435a078
 
-replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.11
+replace xorm.io/xorm v1.3.9 => code.forgejo.org/xorm/xorm v1.3.9-forgejo.12
diff --git a/go.sum b/go.sum
index 188cd0010f..bb519fd975 100644
--- a/go.sum
+++ b/go.sum
@@ -42,8 +42,8 @@ code.forgejo.org/go-chi/captcha v1.0.2 h1:vyHDPXkpjDv8bLO9NqtWzZayzstD/WpJ5xwEkA
 code.forgejo.org/go-chi/captcha v1.0.2/go.mod h1:lxiPLcJ76UCZHoH31/Wbum4GUi2NgjfFZLrJkKv1lLE=
 code.forgejo.org/go-chi/session v1.0.4 h1:WQ1NaVxcCpxYwCliEGypKclZnOCjh3p1fk8XciJc62U=
 code.forgejo.org/go-chi/session v1.0.4/go.mod h1:+sSTiomM5C8AUPtxZyTENIbcTz22kcVottKO0lnmDRk=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.11 h1:EXJVQ4feAFMkpFwtHAHuXkK6TLNYqabR7QTzqL8uObY=
-code.forgejo.org/xorm/xorm v1.3.9-forgejo.11/go.mod h1:C18NeM/SazG/q4eqpWnoNks7GeCyRUNQIe2onniRViU=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.12 h1:EodlU2MGu/EeAdUpEOe+X4cU/qlnJol1ucJ0sHUCM1o=
+code.forgejo.org/xorm/xorm v1.3.9-forgejo.12/go.mod h1:ozQINrM8b7uYFMBB/w19nUTTLcda3RKTQ8HspocVKdg=
 code.gitea.io/sdk/gitea v0.21.0 h1:69n6oz6kEVHRo1+APQQyizkhrZrLsTLXey9142pfkD4=
 code.gitea.io/sdk/gitea v0.21.0/go.mod h1:tnBjVhuKJCn8ibdyyhvUyxrR1Ca2KHEoTWoukNhXQPA=
 code.pfad.fr/check v1.1.0 h1:GWvjdzhSEgHvEHe2uJujDcpmZoySKuHQNrZMfzfO0bE=
@@ -991,14 +991,14 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-modernc.org/libc v1.70.0 h1:U58NawXqXbgpZ/dcdS9kMshu08aiA6b7gusEusqzNkw=
-modernc.org/libc v1.70.0/go.mod h1:OVmxFGP1CI/Z4L3E0Q3Mf1PDE0BucwMkcXjjLntvHJo=
+modernc.org/libc v1.72.0 h1:IEu559v9a0XWjw0DPoVKtXpO2qt5NVLAnFaBbjq+n8c=
+modernc.org/libc v1.72.0/go.mod h1:tTU8DL8A+XLVkEY3x5E/tO7s2Q/q42EtnNWda/L5QhQ=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
 modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
-modernc.org/sqlite v1.48.2 h1:5CnW4uP8joZtA0LedVqLbZV5GD7F/0x91AXeSyjoh5c=
-modernc.org/sqlite v1.48.2/go.mod h1:hWjRO6Tj/5Ik8ieqxQybiEOUXy0NJFNp2tpvVpKlvig=
+modernc.org/sqlite v1.50.0 h1:eMowQSWLK0MeiQTdmz3lqoF5dqclujdlIKeJA11+7oM=
+modernc.org/sqlite v1.50.0/go.mod h1:m0w8xhwYUVY3H6pSDwc3gkJ/irZT/0YEXwBlhaxQEew=
 mvdan.cc/xurls/v2 v2.6.0 h1:3NTZpeTxYVWNSokW3MKeyVkz/j7uYXYiMtXRUfmjbgI=
 mvdan.cc/xurls/v2 v2.6.0/go.mod h1:bCvEZ1XvdA6wDnxY7jPPjEmigDtvtvPXAD/Exa9IMSk=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=

From 8bb8ae30e16935bb69db347c8c58bb30fdbbfc15 Mon Sep 17 00:00:00 2001
From: Victor Gonzalez <victor@vgr.cl>
Date: Wed, 6 May 2026 14:10:50 +0200
Subject: [PATCH 808/854] fix: append color picker popup to dialog element
 (#12344)

---
 web_src/js/features/colorpicker.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web_src/js/features/colorpicker.js b/web_src/js/features/colorpicker.js
index 6d00d908c9..33aa86375f 100644
--- a/web_src/js/features/colorpicker.js
+++ b/web_src/js/features/colorpicker.js
@@ -49,6 +49,7 @@ function initPicker(el) {
     content: picker,
     placement: 'bottom-start',
     interactive: true,
+    appendTo: input.closest('dialog') ?? document.body,
     onShow() {
       updatePicker(picker, input.value);
     },

From 5ccb9e815a6badffb5f023bd234125988be569d6 Mon Sep 17 00:00:00 2001
From: Victor Gonzalez <victor@vgr.cl>
Date: Wed, 6 May 2026 14:24:41 +0200
Subject: [PATCH 809/854] tests: add e2e test for color picker visibility in
 new label dialog (#12344)

Signed-off-by: Victor Gonzalez <victor@vgr.cl>
---
 tests/e2e/label-colorpicker.test.e2e.ts | 35 +++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 tests/e2e/label-colorpicker.test.e2e.ts

diff --git a/tests/e2e/label-colorpicker.test.e2e.ts b/tests/e2e/label-colorpicker.test.e2e.ts
new file mode 100644
index 0000000000..da2dee7c92
--- /dev/null
+++ b/tests/e2e/label-colorpicker.test.e2e.ts
@@ -0,0 +1,35 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+// @watch start
+// web_src/js/features/colorpicker.js
+// templates/repo/issue/labels/label_new.tmpl
+// @watch end
+
+import {expect} from '@playwright/test';
+import {test} from './utils_e2e.ts';
+
+test.use({user: 'user2'});
+
+test('Color picker is visible above the new label dialog', async ({page}) => {
+  const response = await page.goto('/user2/repo1/labels');
+  expect(response?.status()).toBe(200);
+
+  // Open the "New label" dialog
+  await page.getByRole('button', {name: 'New label'}).click();
+  const dialog = page.locator('dialog#new-label-modal');
+  await expect(dialog).toBeVisible();
+
+  // Click the color preview square to open the color picker popup
+  const colorInput = dialog.locator('.js-color-picker-input input[name="color"]');
+  await colorInput.click();
+
+  // The hex-color-picker should be visible and not hidden behind the dialog
+  const picker = dialog.locator('hex-color-picker');
+  await expect(picker).toBeVisible();
+
+  // Verify the picker tippy popup is a descendant of the dialog element,
+  // not appended to document.body (which would render below the dialog top layer)
+  const pickerInDialog = dialog.locator('.tippy-box hex-color-picker');
+  await expect(pickerInDialog).toBeVisible();
+});

From 69cf1f3333cdb420dca6d07d74b5e0269c428057 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 6 May 2026 14:55:06 +0200
Subject: [PATCH 810/854] Lock file maintenance (forgejo) (#12408)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12408
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 package-lock.json                  | 94 +++++++++++++++---------------
 web_src/fomantic/package-lock.json | 12 ++--
 2 files changed, 53 insertions(+), 53 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 0dd4fd4ffc..778ccdde62 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -214,9 +214,9 @@
       }
     },
     "node_modules/@babel/parser": {
-      "version": "7.29.2",
-      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.2.tgz",
-      "integrity": "sha512-4GgRzy/+fsBa72/RZVJmGKPmZu9Byn8o4MoLpmNe1m8ZfYnz5emHLQz3U4gLud6Zwl0RZIcgiLD7Uq7ySFuDLA==",
+      "version": "7.29.3",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.29.3.tgz",
+      "integrity": "sha512-b3ctpQwp+PROvU/cttc4OYl4MzfJUWy6FZg+PMXfzmt/+39iHVF0sDfqay8TQM3JA2EUOyKcFZt75jWriQijsA==",
       "license": "MIT",
       "dependencies": {
         "@babel/types": "^7.29.0"
@@ -922,9 +922,9 @@
       }
     },
     "node_modules/@discoveryjs/json-ext": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-1.0.0.tgz",
-      "integrity": "sha512-dDlz3W405VMFO4w5kIP9DOmELBcvFQGmLoKSdIRstBDubKFYwaNHV1NnlzMCQpXQFGWVALmeMORAuiLx18AvZQ==",
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-1.1.0.tgz",
+      "integrity": "sha512-Xc3VhU02wqZ1HvHRJUwL09HkZSTvidqY5Ya0NXBSYOxAp+Ln9dcJr9fySI+CkONzP3PekQo9WdzCv0PGER/mOA==",
       "license": "MIT",
       "engines": {
         "node": ">=14.17.0"
@@ -5813,9 +5813,9 @@
       }
     },
     "node_modules/axe-core": {
-      "version": "4.11.3",
-      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.11.3.tgz",
-      "integrity": "sha512-zBQouZixDTbo3jMGqHKyePxYxr1e5W8UdTmBQ7sNtaA9M2bE32daxxPLS/jojhKOHxQ7LWwPjfiwf/fhaJWzlg==",
+      "version": "4.11.4",
+      "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-4.11.4.tgz",
+      "integrity": "sha512-KunSNx+TVpkAw/6ULfhnx+HWRecjqZGTOyquAoWHYLRSdK1tB5Ihce1ZW+UY3fj33bYAFWPu7W/GRSmmrCGuxA==",
       "dev": true,
       "license": "MPL-2.0",
       "engines": {
@@ -5852,9 +5852,9 @@
       "license": "MIT"
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.10.23",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.23.tgz",
-      "integrity": "sha512-xwVXGqevyKPsiuQdLj+dZMVjidjJV508TBqexND5HrF89cGdCYCJFB3qhcxRHSeMctdCfbR1jrxBajhDy7o29g==",
+      "version": "2.10.27",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.27.tgz",
+      "integrity": "sha512-zEs/ufmZoUd7WftKpKyXaT6RFxpQ5Qm9xytKRHvJfxFV9DFJkZph9RvJ1LcOUi0Z1ZVijMte65JbILeV+8QQEA==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.cjs"
@@ -6241,12 +6241,12 @@
       }
     },
     "node_modules/chevrotain-allstar": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/chevrotain-allstar/-/chevrotain-allstar-0.4.1.tgz",
-      "integrity": "sha512-PvVJm3oGqrveUVW2Vt/eZGeiAIsJszYweUcYwcskg9e+IubNYKKD+rHHem7A6XVO22eDAL+inxNIGAzZ/VIWlA==",
+      "version": "0.4.3",
+      "resolved": "https://registry.npmjs.org/chevrotain-allstar/-/chevrotain-allstar-0.4.3.tgz",
+      "integrity": "sha512-2X4mkroolSMKqW+H22pyPMUVDqYZzPhephTmg/NODKb1IGYPHfxfhcW0EjS7wcPJNbze2i4vBWT7zT5FKF2lrQ==",
       "license": "MIT",
       "dependencies": {
-        "lodash-es": "^4.17.21"
+        "lodash-es": "^4.18.1"
       },
       "peerDependencies": {
         "chevrotain": "^12.0.0"
@@ -6721,9 +6721,9 @@
       "license": "MIT"
     },
     "node_modules/cytoscape": {
-      "version": "3.33.2",
-      "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.33.2.tgz",
-      "integrity": "sha512-sj4HXd3DokGhzZAdjDejGvTPLqlt84vNFN8m7bGsOzDY5DyVcxIb2ejIXat2Iy7HxWhdT/N1oKyheJ5YdpsGuw==",
+      "version": "3.33.3",
+      "resolved": "https://registry.npmjs.org/cytoscape/-/cytoscape-3.33.3.tgz",
+      "integrity": "sha512-Gej7U+OKR+LZ8kvX7rb2HhCYJ0IhvEFsnkud4SB1PR+BUY/TsSO0dmOW59WEVLu51b1Rm+gQRKoz4bLYxGSZ2g==",
       "license": "MIT",
       "engines": {
         "node": ">=0.10"
@@ -7529,9 +7529,9 @@
       }
     },
     "node_modules/dompurify": {
-      "version": "3.4.1",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.1.tgz",
-      "integrity": "sha512-JahakDAIg1gyOm7dlgWSDjV4n7Ip2PKR55NIT6jrMfIgLFgWo81vdr1/QGqWtFNRqXP9UV71oVePtjqS2ebnPw==",
+      "version": "3.4.2",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.2.tgz",
+      "integrity": "sha512-lHeS9SA/IKeIFFyYciHBr2n0v1VMPlSj843HdLOwjb2OxNwdq9Xykxqhk+FE42MzAdHvInbAolSE4mhahPpjXA==",
       "license": "(MPL-2.0 OR Apache-2.0)",
       "optionalDependencies": {
         "@types/trusted-types": "^2.0.7"
@@ -7650,9 +7650,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.344",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.344.tgz",
-      "integrity": "sha512-4MxfbmNDm+KPh066EZy+eUnkcDPcZ35wNmOWzFuh/ijvHsve6kbLTLURy88uCNK5FbpN+yk2nQY6BYh1GEt+wg==",
+      "version": "1.5.349",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.349.tgz",
+      "integrity": "sha512-QsWVGyRuY07Aqb234QytTfwd5d9AJlfNIQ5wIOl1L+PZDzI9d9+Fn0FRale/QYlFxt/bUnB0/nLd1jFPGxGK1A==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {
@@ -10751,14 +10751,14 @@
       "license": "MIT"
     },
     "node_modules/langium": {
-      "version": "4.2.2",
-      "resolved": "https://registry.npmjs.org/langium/-/langium-4.2.2.tgz",
-      "integrity": "sha512-JUshTRAfHI4/MF9dH2WupvjSXyn8JBuUEWazB8ZVJUtXutT0doDlAv1XKbZ1Pb5sMexa8FF4CFBc0iiul7gbUQ==",
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/langium/-/langium-4.2.3.tgz",
+      "integrity": "sha512-sOPIi4hISFnY7twwV97ca1TsxpBtXq0URu/LL1AvxwccPG/RIBBlKS7a/f/EL6w8lTNaS0EFs/F+IdSOaqYpng==",
       "license": "MIT",
       "dependencies": {
         "@chevrotain/regexp-to-ast": "~12.0.0",
         "chevrotain": "~12.0.0",
-        "chevrotain-allstar": "~0.4.1",
+        "chevrotain-allstar": "~0.4.3",
         "vscode-languageserver": "~9.0.1",
         "vscode-languageserver-textdocument": "~1.0.11",
         "vscode-uri": "~3.1.0"
@@ -12249,9 +12249,9 @@
       }
     },
     "node_modules/nanoid": {
-      "version": "3.3.11",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.11.tgz",
-      "integrity": "sha512-N8SpfPUnUp1bK+PMYW8qSWdl9U+wwNWI4QKxOYDy9JAro3WMX7p2OeVRF9v+347pnakNevPmiHhNmZ2HbFA76w==",
+      "version": "3.3.12",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.12.tgz",
+      "integrity": "sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==",
       "funding": [
         {
           "type": "github",
@@ -15251,9 +15251,9 @@
       "license": "MIT"
     },
     "node_modules/tinyexec": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.1.1.tgz",
-      "integrity": "sha512-VKS/ZaQhhkKFMANmAOhhXVoIfBXblQxGX1myCQ2faQrfmobMftXeJPcZGp0gS07ocvGJWDLZGyOZDadDBqYIJg==",
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/tinyexec/-/tinyexec-1.1.2.tgz",
+      "integrity": "sha512-dAqSqE/RabpBKI8+h26GfLq6Vb3JVXs30XYQjdMjaj/c2tS8IYYMbIzP599KtRj7c57/wYApb3QjgRgXmrCukA==",
       "license": "MIT",
       "engines": {
         "node": ">=18"
@@ -15570,9 +15570,9 @@
       "license": "MIT"
     },
     "node_modules/ufo": {
-      "version": "1.6.3",
-      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.3.tgz",
-      "integrity": "sha512-yDJTmhydvl5lJzBmy/hyOAA0d+aqCBuwl818haVdYCRrWV84o7YyeVm4QlVHStqNrrJSTb6jKuFAVqAFsr+K3Q==",
+      "version": "1.6.4",
+      "resolved": "https://registry.npmjs.org/ufo/-/ufo-1.6.4.tgz",
+      "integrity": "sha512-JFNbkD1Svwe0KvGi8GOeLcP4kAWQ609twvCdcHxq1oSL8svv39ZuSvajcD8B+5D0eL4+s1Is2D/O6KN3qcTeRA==",
       "license": "MIT"
     },
     "node_modules/uint8-to-base64": {
@@ -15715,9 +15715,9 @@
       }
     },
     "node_modules/uuid": {
-      "version": "11.1.0",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-11.1.0.tgz",
-      "integrity": "sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A==",
+      "version": "11.1.1",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-11.1.1.tgz",
+      "integrity": "sha512-vIYxrBCC/N/K+Js3qSN88go7kIfNPssr/hHCesKCQNAjmgvYS2oqr69kIufEG+O4+PfezOH4EbIeHCfFov8ZgQ==",
       "funding": [
         "https://github.com/sponsors/broofa",
         "https://github.com/sponsors/ctavan"
@@ -16258,9 +16258,9 @@
       }
     },
     "node_modules/webpack-sources": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.4.0.tgz",
-      "integrity": "sha512-gHwIe1cgBvvfLeu1Yz/dcFpmHfKDVxxyqI+kzqmuxZED81z2ChxpyqPaWcNqigPywhaEke7AjSGga+kxY55gjQ==",
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/webpack-sources/-/webpack-sources-3.4.1.tgz",
+      "integrity": "sha512-eACpxRN02yaawnt+uUNIF7Qje6A9zArxBbcAJjK1PK3S9Ycg5jIuJ8pW4q8EMnwNZCEGltcjkRx1QzOxOkKD8A==",
       "license": "MIT",
       "engines": {
         "node": ">=10.13.0"
@@ -16512,9 +16512,9 @@
       }
     },
     "node_modules/wrap-ansi/node_modules/string-width": {
-      "version": "8.2.0",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-8.2.0.tgz",
-      "integrity": "sha512-6hJPQ8N0V0P3SNmP6h2J99RLuzrWz2gvT7VnK5tKvrNqJoyS9W4/Fb8mo31UiPvy00z7DQXkP2hnKBVav76thw==",
+      "version": "8.2.1",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-8.2.1.tgz",
+      "integrity": "sha512-IIaP0g3iy9Cyy18w3M9YcaDudujEAVHKt3a3QJg1+sr/oX96TbaGUubG0hJyCjCBThFH+tFpcIyoUHUn1ogaLA==",
       "license": "MIT",
       "dependencies": {
         "get-east-asian-width": "^1.5.0",
diff --git a/web_src/fomantic/package-lock.json b/web_src/fomantic/package-lock.json
index 5aee001936..9d6dadbfb6 100644
--- a/web_src/fomantic/package-lock.json
+++ b/web_src/fomantic/package-lock.json
@@ -1032,9 +1032,9 @@
       }
     },
     "node_modules/baseline-browser-mapping": {
-      "version": "2.10.23",
-      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.23.tgz",
-      "integrity": "sha512-xwVXGqevyKPsiuQdLj+dZMVjidjJV508TBqexND5HrF89cGdCYCJFB3qhcxRHSeMctdCfbR1jrxBajhDy7o29g==",
+      "version": "2.10.27",
+      "resolved": "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.27.tgz",
+      "integrity": "sha512-zEs/ufmZoUd7WftKpKyXaT6RFxpQ5Qm9xytKRHvJfxFV9DFJkZph9RvJ1LcOUi0Z1ZVijMte65JbILeV+8QQEA==",
       "license": "Apache-2.0",
       "bin": {
         "baseline-browser-mapping": "dist/cli.cjs"
@@ -2020,9 +2020,9 @@
       }
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.344",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.344.tgz",
-      "integrity": "sha512-4MxfbmNDm+KPh066EZy+eUnkcDPcZ35wNmOWzFuh/ijvHsve6kbLTLURy88uCNK5FbpN+yk2nQY6BYh1GEt+wg==",
+      "version": "1.5.349",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.349.tgz",
+      "integrity": "sha512-QsWVGyRuY07Aqb234QytTfwd5d9AJlfNIQ5wIOl1L+PZDzI9d9+Fn0FRale/QYlFxt/bUnB0/nLd1jFPGxGK1A==",
       "license": "ISC"
     },
     "node_modules/emoji-regex": {

From bf958fa3558fc8af4c9dfa4b0e126424a071cca2 Mon Sep 17 00:00:00 2001
From: Gusted <postmaster@gusted.xyz>
Date: Thu, 7 May 2026 18:10:02 +0200
Subject: [PATCH 811/854] fix: make package cleanup work again (#12446)

- Regression of forgejo/forgejo!11776 (and forgejo/forgejo!11881)
- Scope of the transaction is moved to a per-package cleanup rule basis.
This is also a enhancement for scaling (already deployed on Codeberg for a while).
- Package cleanup is now run with `RetryTx`, because rebuilding
  repository files runs `RetryTx` and it could indicate to retry the whole
  transaction.
- Previously it would error and say running `RetryTx` in a
  transaction was not possible, this is now possible. Nested `RetryTx` is
  always allowed, matching of which errors to retry is still the responsible
  of the inner `RetryTx`.

Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12446
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 models/db/context.go                   |  50 ++++++++---
 models/db/context_test.go              |  44 ++++++++++
 services/packages/cleanup/cleanup.go   | 116 +++++++++++--------------
 tests/integration/api_packages_test.go |  36 ++++++++
 4 files changed, 171 insertions(+), 75 deletions(-)

diff --git a/models/db/context.go b/models/db/context.go
index 18237bb2a2..b51861d896 100644
--- a/models/db/context.go
+++ b/models/db/context.go
@@ -510,31 +510,57 @@ type RetryConfig struct {
 	AttemptCount int
 }
 
+var ErrNestedRetryTxFailure = errors.New("(nested)")
+
+type nestedRetryTxState int
+
+var nestedRetryTx nestedRetryTxState
+
 // Execute the given function in a transaction. RetryConfig will retry the function on an error, if it matches the
 // ErrorIs parameter, up to the total of AttemptCount number of tries. RetryTx cannot be invoked when already within a
 // transaction and will return an error immediately.
+//
+// ErrNestedRetryTxFailure is an error type that will occur when RetryTx is nested within each other, and indicates that
+// an inner RetryTx encountered an error that matched its error list.
 func RetryTx(ctx context.Context, config RetryConfig, f func(ctx context.Context) error) error {
-	if InTransaction(ctx) {
+	matchError := func(err error) bool {
+		for _, possibleError := range config.ErrorIs {
+			if errors.Is(err, possibleError) {
+				return true
+			}
+		}
+		return false
+	}
+
+	// Accept `ErrNestedRetryTxFailure` as error to retry on, means that a nested
+	// RetryTx indicated to retry the whole transaction.
+	config.ErrorIs = append(config.ErrorIs, ErrNestedRetryTxFailure)
+
+	withinRetryTx, present := ctx.Value(nestedRetryTx).(bool)
+	if present && withinRetryTx {
+		// If a caller already started `RetryTx`, then we assume we don't have to actually perform retries here -- we
+		// can attempt the requested function once, and if an error is returned that matches the configured error list,
+		// we'll return that error + ErrNestedRetryTxFailure wrapping.
+		err := f(ctx)
+		if err == nil {
+			return nil
+		} else if matchError(err) {
+			return fmt.Errorf("nested RetryTx; internal Tx failed with error that won't be retried: %w %w", err, ErrNestedRetryTxFailure)
+		}
+		return err
+	} else if InTransaction(ctx) {
 		return errors.New("unsupported operation: attempted to use RetryTx while already within a transaction")
 	} else if config.AttemptCount == 0 {
 		return errors.New("unsupported operation: attempted to use RetryTx with 0 attempts")
 	}
 
+	innerCtx := context.WithValue(ctx, nestedRetryTx, true)
 	var lastError error
 	for range config.AttemptCount {
-		err := WithTx(ctx, f)
+		err := WithTx(innerCtx, f)
 		if err == nil {
 			return nil
-		}
-
-		foundMatch := false
-		for _, possibleError := range config.ErrorIs {
-			if errors.Is(err, possibleError) {
-				foundMatch = true
-				break
-			}
-		}
-		if !foundMatch {
+		} else if !matchError(err) {
 			return err
 		}
 
diff --git a/models/db/context_test.go b/models/db/context_test.go
index 60ef8462cc..59ef1e7754 100644
--- a/models/db/context_test.go
+++ b/models/db/context_test.go
@@ -275,4 +275,48 @@ func TestRetryTx(t *testing.T) {
 		require.NoError(t, err)
 		assert.Equal(t, 2, attemptCount)
 	})
+
+	t.Run("nested", func(t *testing.T) {
+		attemptCount := 0
+		testError := errors.New("hello")
+		err := db.RetryTx(t.Context(), db.RetryConfig{
+			AttemptCount: 2,
+		}, func(ctx context.Context) error {
+			attemptCount++
+			return db.RetryTx(ctx, db.RetryConfig{
+				AttemptCount: 2,
+				ErrorIs:      []error{testError},
+			}, func(ctx context.Context) error {
+				if attemptCount == 2 {
+					return nil
+				}
+				return testError
+			})
+		})
+
+		require.NoError(t, err)
+		assert.Equal(t, 2, attemptCount)
+	})
+
+	t.Run("inner RetryTx decides on error", func(t *testing.T) {
+		attemptCount := 0
+		testError := errors.New("hello")
+		err := db.RetryTx(t.Context(), db.RetryConfig{
+			AttemptCount: 2,
+			ErrorIs:      []error{},
+		}, func(ctx context.Context) error {
+			attemptCount++
+			return db.RetryTx(ctx, db.RetryConfig{
+				AttemptCount: 2,
+			}, func(ctx context.Context) error {
+				if attemptCount == 2 {
+					return nil
+				}
+				return testError
+			})
+		})
+
+		require.ErrorIs(t, err, testError)
+		assert.Equal(t, 1, attemptCount)
+	})
 }
diff --git a/services/packages/cleanup/cleanup.go b/services/packages/cleanup/cleanup.go
index 3c177abca4..d244bf921d 100644
--- a/services/packages/cleanup/cleanup.go
+++ b/services/packages/cleanup/cleanup.go
@@ -33,78 +33,68 @@ func CleanupTask(ctx context.Context, olderThan time.Duration) error {
 	return CleanupExpiredData(ctx, olderThan)
 }
 
-func ExecuteCleanupRules(outerCtx context.Context) error {
-	ctx, committer, err := db.TxContext(outerCtx)
-	if err != nil {
-		return err
-	}
-	defer committer.Close()
-
-	err = packages_model.IterateEnabledCleanupRules(ctx, func(ctx context.Context, pcr *packages_model.PackageCleanupRule) error {
-		select {
-		case <-outerCtx.Done():
-			return db.ErrCancelledf("While processing package cleanup rules")
-		default:
-		}
-
-		versionsToRemove, err := GetCleanupTargets(ctx, pcr, true)
-		if err != nil {
-			return fmt.Errorf("CleanupRule [%d]: GetCleanupTargets failed: %w", pcr.ID, err)
-		}
-
-		anyVersionDeleted := false
-		packageWithVersionDeleted := make(map[int64]bool) // set of Package.ID's where at least one package version was removed
-		for _, ct := range versionsToRemove {
-			if err := packages_service.DeletePackageVersionAndReferences(ctx, ct.PackageVersion); err != nil {
-				return fmt.Errorf("CleanupRule [%d]: DeletePackageVersionAndReferences failed: %w", pcr.ID, err)
+func ExecuteCleanupRules(ctx context.Context) error {
+	return packages_model.IterateEnabledCleanupRules(ctx, func(ctx context.Context, pcr *packages_model.PackageCleanupRule) error {
+		// We have no errors to retry on, because we have no evidence we need any in
+		// this area. What we do retry on is when a nested `db.RetryTx` indicates to
+		// retry the whole transaction.
+		return db.RetryTx(ctx, db.RetryConfig{
+			AttemptCount: 3,
+		}, func(ctx context.Context) error {
+			versionsToRemove, err := GetCleanupTargets(ctx, pcr, true)
+			if err != nil {
+				return fmt.Errorf("CleanupRule [%d]: GetCleanupTargets failed: %w", pcr.ID, err)
 			}
-			packageWithVersionDeleted[ct.Package.ID] = true
-			anyVersionDeleted = true
-		}
 
-		if pcr.Type == packages_model.TypeCargo {
-			for packageID := range packageWithVersionDeleted {
-				owner, err := user_model.GetUserByID(ctx, pcr.OwnerID)
-				if err != nil {
-					return fmt.Errorf("GetUserByID failed: %w", err)
+			anyVersionDeleted := false
+			packageWithVersionDeleted := make(map[int64]bool) // set of Package.ID's where at least one package version was removed
+			for _, ct := range versionsToRemove {
+				if err := packages_service.DeletePackageVersionAndReferences(ctx, ct.PackageVersion); err != nil {
+					return fmt.Errorf("CleanupRule [%d]: DeletePackageVersionAndReferences failed: %w", pcr.ID, err)
 				}
-				if err := cargo_service.UpdatePackageIndexIfExists(ctx, owner, owner, packageID); err != nil {
-					return fmt.Errorf("CleanupRule [%d]: cargo.UpdatePackageIndexIfExists failed: %w", pcr.ID, err)
+				packageWithVersionDeleted[ct.Package.ID] = true
+				anyVersionDeleted = true
+			}
+
+			if pcr.Type == packages_model.TypeCargo {
+				for packageID := range packageWithVersionDeleted {
+					owner, err := user_model.GetUserByID(ctx, pcr.OwnerID)
+					if err != nil {
+						return fmt.Errorf("GetUserByID failed: %w", err)
+					}
+					if err := cargo_service.UpdatePackageIndexIfExists(ctx, owner, owner, packageID); err != nil {
+						return fmt.Errorf("CleanupRule [%d]: cargo.UpdatePackageIndexIfExists failed: %w", pcr.ID, err)
+					}
 				}
 			}
-		}
 
-		if anyVersionDeleted {
-			switch pcr.Type {
-			case packages_model.TypeDebian:
-				if err := debian_service.BuildAllRepositoryFiles(ctx, pcr.OwnerID); err != nil {
-					return fmt.Errorf("CleanupRule [%d]: debian.BuildAllRepositoryFiles failed: %w", pcr.ID, err)
-				}
-			case packages_model.TypeAlpine:
-				if err := alpine_service.BuildAllRepositoryFiles(ctx, pcr.OwnerID); err != nil {
-					return fmt.Errorf("CleanupRule [%d]: alpine.BuildAllRepositoryFiles failed: %w", pcr.ID, err)
-				}
-			case packages_model.TypeRpm:
-				if err := rpm_service.BuildAllRepositoryFiles(ctx, pcr.OwnerID); err != nil {
-					return fmt.Errorf("CleanupRule [%d]: rpm.BuildAllRepositoryFiles failed: %w", pcr.ID, err)
-				}
-			case packages_model.TypeArch:
-				if err := arch_service.BuildAllRepositoryFiles(ctx, pcr.OwnerID); err != nil {
-					return fmt.Errorf("CleanupRule [%d]: arch.BuildAllRepositoryFiles failed: %w", pcr.ID, err)
-				}
-			case packages_model.TypeAlt:
-				if err := alt_service.BuildAllRepositoryFiles(ctx, pcr.OwnerID); err != nil {
-					return fmt.Errorf("CleanupRule [%d]: alt.BuildAllRepositoryFiles failed: %w", pcr.ID, err)
+			if anyVersionDeleted {
+				switch pcr.Type {
+				case packages_model.TypeDebian:
+					if err := debian_service.BuildAllRepositoryFiles(ctx, pcr.OwnerID); err != nil {
+						return fmt.Errorf("CleanupRule [%d]: debian.BuildAllRepositoryFiles failed: %w", pcr.ID, err)
+					}
+				case packages_model.TypeAlpine:
+					if err := alpine_service.BuildAllRepositoryFiles(ctx, pcr.OwnerID); err != nil {
+						return fmt.Errorf("CleanupRule [%d]: alpine.BuildAllRepositoryFiles failed: %w", pcr.ID, err)
+					}
+				case packages_model.TypeRpm:
+					if err := rpm_service.BuildAllRepositoryFiles(ctx, pcr.OwnerID); err != nil {
+						return fmt.Errorf("CleanupRule [%d]: rpm.BuildAllRepositoryFiles failed: %w", pcr.ID, err)
+					}
+				case packages_model.TypeArch:
+					if err := arch_service.BuildAllRepositoryFiles(ctx, pcr.OwnerID); err != nil {
+						return fmt.Errorf("CleanupRule [%d]: arch.BuildAllRepositoryFiles failed: %w", pcr.ID, err)
+					}
+				case packages_model.TypeAlt:
+					if err := alt_service.BuildAllRepositoryFiles(ctx, pcr.OwnerID); err != nil {
+						return fmt.Errorf("CleanupRule [%d]: alt.BuildAllRepositoryFiles failed: %w", pcr.ID, err)
+					}
 				}
 			}
-		}
-		return nil
+			return nil
+		})
 	})
-	if err != nil {
-		return err
-	}
-
-	return committer.Commit()
 }
 
 type CleanupTarget struct {
diff --git a/tests/integration/api_packages_test.go b/tests/integration/api_packages_test.go
index 904ae4f065..44c0057941 100644
--- a/tests/integration/api_packages_test.go
+++ b/tests/integration/api_packages_test.go
@@ -527,6 +527,42 @@ func TestPackageCleanup(t *testing.T) {
 
 	duration, _ := time.ParseDuration("-1h")
 
+	t.Run("Debian", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		// Debian does a repository rebuild.
+
+		distribution := "forgejo"
+		component := "main"
+		architecture := "amd64"
+		packageName := "runner"
+		packageDescription := "Forgejo Runner"
+
+		rootURL := fmt.Sprintf("/api/packages/%s/debian", user.Name)
+		uploadURL := fmt.Sprintf("%s/pool/%s/%s/upload", rootURL, distribution, component)
+
+		req := NewRequestWithBody(t, "PUT", uploadURL,
+			createDebianArchive(packageName, "1.0.0", architecture, packageDescription)).
+			AddBasicAuth(user.Name)
+		MakeRequest(t, req, http.StatusCreated)
+
+		resp := MakeRequest(t, NewRequestf(t, "GET", "%s/dists/%s/%s/binary-%s/Packages", rootURL, distribution, component, architecture), http.StatusOK)
+		assert.Contains(t, resp.Body.String(), "pool/forgejo/main/runner_1.0.0_amd64.deb")
+
+		pcr, err := packages_model.InsertCleanupRule(t.Context(), &packages_model.PackageCleanupRule{
+			Enabled:       true,
+			RemovePattern: `.+`,
+			OwnerID:       user.ID,
+			Type:          packages_model.TypeDebian,
+		})
+		require.NoError(t, err)
+
+		require.NoError(t, packages_cleanup_service.CleanupTask(t.Context(), duration))
+
+		MakeRequest(t, NewRequestf(t, "GET", "%s/dists/%s/%s/binary-%s/Packages", rootURL, distribution, component, architecture), http.StatusNotFound)
+
+		require.NoError(t, packages_model.DeleteCleanupRuleByID(t.Context(), pcr.ID))
+	})
+
 	t.Run("Common", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 

From 326ae6ad672c3cffad4f56d30364cfdfd1a448a7 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Thu, 7 May 2026 20:04:54 +0200
Subject: [PATCH 812/854] Update go toolchain directive to v1.26.3 (forgejo)
 (#12454)

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 23053c61ea..a6e9db2b28 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module forgejo.org
 
 go 1.26.0
 
-toolchain go1.26.2
+toolchain go1.26.3
 
 require (
 	code.forgejo.org/f3/gof3/v3 v3.11.15

From f55f3481f28c9aa402448d192c7e8dfac59c2cc9 Mon Sep 17 00:00:00 2001
From: Gabor Pihaj <gabor.pihaj@gmail.com>
Date: Thu, 7 May 2026 22:01:13 +0200
Subject: [PATCH 813/854] test: fix flaky integration test (#12441)

See #12353 for more details

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12441
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 tests/integration/git_test.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/integration/git_test.go b/tests/integration/git_test.go
index dc86f4a4c2..954a0fd359 100644
--- a/tests/integration/git_test.go
+++ b/tests/integration/git_test.go
@@ -201,9 +201,12 @@ func standardCommitAndPushTest(t *testing.T, dstPath string) (little, big string
 func lfsCommitAndPushTest(t *testing.T, dstPath string) (littleLFS, bigLFS string) {
 	t.Run("LFS", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
-		defer git.NewCommand(git.DefaultContext, "lfs").AddArguments("uninstall").Run(&git.RunOpts{Dir: dstPath})
+
+		err := git.NewCommand(git.DefaultContext, "config", "core.hooksPath", "$GIT/.hooks").AddArguments("--local").Run(&git.RunOpts{Dir: dstPath})
+		require.NoError(t, err)
+
 		prefix := "lfs-data-file-"
-		err := git.NewCommand(git.DefaultContext, "lfs").AddArguments("install").Run(&git.RunOpts{Dir: dstPath})
+		err = git.NewCommand(git.DefaultContext, "lfs").AddArguments("install").Run(&git.RunOpts{Dir: dstPath})
 		require.NoError(t, err)
 		_, _, err = git.NewCommand(git.DefaultContext, "lfs").AddArguments("track").AddDynamicArguments(prefix + "*").RunStdString(&git.RunOpts{Dir: dstPath})
 		require.NoError(t, err)
@@ -232,6 +235,7 @@ func lfsCommitAndPushTest(t *testing.T, dstPath string) (littleLFS, bigLFS strin
 			lockTest(t, dstPath)
 		})
 	})
+
 	return littleLFS, bigLFS
 }
 

From 5022be3029ea975a88ca462a17e1e536e5363254 Mon Sep 17 00:00:00 2001
From: famfo <famfo@famfo.xyz>
Date: Fri, 8 May 2026 00:40:01 +0200
Subject: [PATCH 814/854] fix(activitypub): cover all routes with signature
 checks (#12339)

This changes the ReqHTTPSignature middleware to cover the entire activitypub
route group to not miss any new routes again in the future. Further, this adds
a tests iterating through all activitypub routes to test that the signature
verification is actually done.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12339
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: elle <0xllx0@noreply.codeberg.org>
---
 routers/api/v1/api.go                         | 45 ++++++++--------
 .../integration/api_activitypub_actor_test.go |  3 ++
 .../api_activitypub_person_test.go            |  1 +
 .../api_federation_httpsig_test.go            | 53 +++++++++++++++++++
 4 files changed, 78 insertions(+), 24 deletions(-)

diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 8910babc29..55ea6762e3 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -873,31 +873,28 @@ func Routes() *web.Route {
 		if setting.Federation.Enabled {
 			m.Get("/nodeinfo", misc.NodeInfo)
 			m.Group("/activitypub", func() {
-				m.Group("/user-id/{user-id}", func() {
-					m.Get("", activitypub.ReqHTTPSignature(), activitypub.Person)
-					m.Post("/inbox",
-						activitypub.ReqHTTPSignature(),
-						bind(ap.Activity{}),
-						activitypub.PersonInbox)
-					m.Group("/activities/{activity-id}", func() {
-						m.Get("", activitypub.PersonActivityNote)
-						m.Get("/activity", activitypub.PersonActivity)
+				// The instance actor must always be fetchable without signatures
+				m.Get("/actor", activitypub.Actor)
+				m.Group("", func() {
+					m.Group("/actor", func() {
+						m.Post("/inbox", activitypub.ActorInbox)
+						m.Get("/outbox", activitypub.ActorOutbox)
 					})
-					m.Get("/outbox", activitypub.ReqHTTPSignature(), activitypub.PersonFeed)
-				}, context.UserIDAssignmentAPI(), checkTokenPublicOnly())
-				m.Group("/actor", func() {
-					m.Get("", activitypub.Actor)
-					m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.ActorInbox)
-					m.Get("/outbox", activitypub.ActorOutbox)
-				})
-				m.Group("/repository-id/{repository-id}", func() {
-					m.Get("", activitypub.ReqHTTPSignature(), activitypub.Repository)
-					m.Post("/inbox",
-						bind(ap.Activity{}),
-						activitypub.ReqHTTPSignature(),
-						activitypub.RepositoryInbox)
-					m.Get("/outbox", activitypub.ReqHTTPSignature(), activitypub.RepositoryOutbox)
-				}, context.RepositoryIDAssignmentAPI())
+					m.Group("/user-id/{user-id}", func() {
+						m.Get("", activitypub.Person)
+						m.Post("/inbox", bind(ap.Activity{}), activitypub.PersonInbox)
+						m.Get("/outbox", activitypub.PersonFeed)
+						m.Group("/activities/{activity-id}", func() {
+							m.Get("", activitypub.PersonActivityNote)
+							m.Get("/activity", activitypub.PersonActivity)
+						})
+					}, context.UserIDAssignmentAPI(), checkTokenPublicOnly())
+					m.Group("/repository-id/{repository-id}", func() {
+						m.Get("", activitypub.Repository)
+						m.Post("/inbox", bind(ap.Activity{}), activitypub.RepositoryInbox)
+						m.Get("/outbox", activitypub.RepositoryOutbox)
+					}, context.RepositoryIDAssignmentAPI())
+				}, activitypub.ReqHTTPSignature())
 			}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryActivityPub))
 		}
 
diff --git a/tests/integration/api_activitypub_actor_test.go b/tests/integration/api_activitypub_actor_test.go
index 2a758f5424..25c55e75a8 100644
--- a/tests/integration/api_activitypub_actor_test.go
+++ b/tests/integration/api_activitypub_actor_test.go
@@ -49,6 +49,9 @@ func TestActivityPubActor(t *testing.T) {
 	assert.Regexp(t, "^-----BEGIN PUBLIC KEY-----", pubKeyPem)
 
 	t.Run("ActorOutboxEmpty", func(t *testing.T) {
+		// /inbox and /outbox routes also require signature checks
+		defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
+
 		req := NewRequest(t, "GET", actor.Outbox.GetID().String())
 		resp := MakeRequest(t, req, http.StatusOK)
 
diff --git a/tests/integration/api_activitypub_person_test.go b/tests/integration/api_activitypub_person_test.go
index c0f297a7d3..75746d1a17 100644
--- a/tests/integration/api_activitypub_person_test.go
+++ b/tests/integration/api_activitypub_person_test.go
@@ -80,6 +80,7 @@ func TestActivityPubPerson(t *testing.T) {
 func TestActivityPubMissingPerson(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
+	defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
 	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
 
 	req := NewRequest(t, "GET", "/api/v1/activitypub/user-id/999999999")
diff --git a/tests/integration/api_federation_httpsig_test.go b/tests/integration/api_federation_httpsig_test.go
index 2f62efb2af..431676acee 100644
--- a/tests/integration/api_federation_httpsig_test.go
+++ b/tests/integration/api_federation_httpsig_test.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"strings"
 	"testing"
 	"time"
 
@@ -20,6 +21,7 @@ import (
 	"forgejo.org/routers"
 	"forgejo.org/services/contexttest"
 
+	"github.com/go-chi/chi/v5"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -94,3 +96,54 @@ func TestFederationHttpSigValidation(t *testing.T) {
 		})
 	})
 }
+
+func TestFederationAllRoutesCovered(t *testing.T) {
+	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
+	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
+
+	routes := routers.NormalRoutes().R.Routes()
+
+	var r *chi.Route
+	for _, route := range routes {
+		if route.Pattern == "/api/v1/*" {
+			r = &route
+			break
+		}
+	}
+
+	require.NotNil(t, r)
+
+	ranOne := false
+	for _, route := range r.SubRoutes.Routes() {
+		if !strings.HasPrefix(route.Pattern, "/activitypub/") {
+			continue
+		}
+
+		ranOne = true
+		if route.Pattern == "/activitypub/actor" {
+			// unsigned request to the actor should always succed
+			req := NewRequest(t, "GET", fmt.Sprintf("%sapi/v1/activitypub/actor", setting.AppURL))
+			MakeRequest(t, req, http.StatusOK)
+		} else {
+			// this just puts in something for the replacements to be able to make a request
+			url := fmt.Sprintf("%sapi/v1%s", setting.AppURL, route.Pattern)
+			for strings.Contains(url, "{") {
+				before, after, _ := strings.Cut(url, "/{")
+				_, after, _ = strings.Cut(after, "}/")
+				url = fmt.Sprintf("%s/1/%s", before, after)
+			}
+
+			var req *RequestWrapper
+			if strings.Contains(route.Pattern, "inbox") {
+				req = NewRequestWithJSON(t, "POST", url, "{}")
+			} else {
+				req = NewRequest(t, "GET", url)
+			}
+
+			resp := MakeRequest(t, req, http.StatusBadRequest)
+			assert.Contains(t, resp.Body.String(), "request signature verification failed")
+		}
+	}
+
+	require.True(t, ranOne)
+}

From 115f8594cf029d4d74e7b9f1cdbfc088509cf102 Mon Sep 17 00:00:00 2001
From: Antonin Delpeuch <antonin@delpeuch.eu>
Date: Fri, 8 May 2026 01:52:46 +0200
Subject: [PATCH 815/854] fix: paginate team members list (#12447)

Fixes #12103.

Paginate the list of team members on the page for that team.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12447
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 models/organization/team.go        | 10 +++++--
 routers/web/org/teams.go           | 10 ++++++-
 templates/org/team/members.tmpl    |  1 +
 tests/integration/org_team_test.go | 48 ++++++++++++++++++++++++++++++
 4 files changed, 66 insertions(+), 3 deletions(-)
 create mode 100644 tests/integration/org_team_test.go

diff --git a/models/organization/team.go b/models/organization/team.go
index 209471e013..b7b93821ad 100644
--- a/models/organization/team.go
+++ b/models/organization/team.go
@@ -161,10 +161,16 @@ func (t *Team) LoadRepositories(ctx context.Context) (err error) {
 	return err
 }
 
-// LoadMembers returns paginated members in team of organization.
+// LoadMembers loads the members of the team in t.Members.
 func (t *Team) LoadMembers(ctx context.Context) (err error) {
+	return t.LoadPaginatedMembers(ctx, db.ListOptionsAll)
+}
+
+// LoadPaginatedMembers loads paginated members of the team in t.Members.
+func (t *Team) LoadPaginatedMembers(ctx context.Context, listOptions db.ListOptions) (err error) {
 	t.Members, err = GetTeamMembers(ctx, &SearchMembersOptions{
-		TeamID: t.ID,
+		ListOptions: listOptions,
+		TeamID:      t.ID,
 	})
 	return err
 }
diff --git a/routers/web/org/teams.go b/routers/web/org/teams.go
index 1785623855..1b76a6abf9 100644
--- a/routers/web/org/teams.go
+++ b/routers/web/org/teams.go
@@ -377,10 +377,18 @@ func TeamMembers(ctx *context.Context) {
 		return
 	}
 
-	if err := ctx.Org.Team.LoadMembers(ctx); err != nil {
+	page := max(ctx.FormInt("page"), 1)
+	total := ctx.Org.Team.NumMembers
+	pager := context.NewPagination(total, setting.UI.MembersPagingNum, page, 5)
+	opts := db.ListOptions{}
+	opts.Page = page
+	opts.PageSize = setting.UI.MembersPagingNum
+
+	if err := ctx.Org.Team.LoadPaginatedMembers(ctx, opts); err != nil {
 		ctx.ServerError("GetMembers", err)
 		return
 	}
+	ctx.Data["Page"] = pager
 	ctx.Data["Units"] = unit_model.Units
 
 	invites, err := org_model.GetInvitesByTeamID(ctx, ctx.Org.Team.ID)
diff --git a/templates/org/team/members.tmpl b/templates/org/team/members.tmpl
index 60667e963d..e027db68da 100644
--- a/templates/org/team/members.tmpl
+++ b/templates/org/team/members.tmpl
@@ -49,6 +49,7 @@
 							</div>
 						{{end}}
 					</div>
+					{{template "base/paginate" .}}
 				</div>
 				{{if and .Invites $.IsOrganizationOwner}}
 				<h4 class="ui top attached header">{{ctx.Locale.Tr "org.teams.invite_team_member.list"}}</h4>
diff --git a/tests/integration/org_team_test.go b/tests/integration/org_team_test.go
new file mode 100644
index 0000000000..2ed3025785
--- /dev/null
+++ b/tests/integration/org_team_test.go
@@ -0,0 +1,48 @@
+// Copyright 2026 The Forgejo Authors
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"testing"
+
+	"forgejo.org/models/db"
+	"forgejo.org/models/organization"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/setting"
+	"forgejo.org/modules/test"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestPaginatedMembers(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+	// To make sure that pagination kicks in even though the test team has few members
+	defer test.MockVariableValue(&setting.UI.MembersPagingNum, 2)()
+
+	org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 17})
+	team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 9})
+	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 29})
+
+	assert.GreaterOrEqual(t, org.NumMembers, 3)
+	isOrgMember, err := organization.IsOrganizationMember(db.DefaultContext, org.ID, user.ID)
+	require.NoError(t, err)
+	assert.True(t, isOrgMember)
+	isTeamMember, err := organization.IsTeamMember(db.DefaultContext, team.OrgID, team.ID, user.ID)
+	require.NoError(t, err)
+	assert.True(t, isTeamMember)
+	assert.Equal(t, org.ID, team.OrgID)
+
+	session := loginUser(t, user.Name)
+
+	teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.LowerName)
+	newVar := session.MakeRequest(t, NewRequest(t, "GET", teamURL), http.StatusOK).Body
+	doc := NewHTMLParser(t, newVar)
+	assert.Contains(t, strings.TrimSpace(doc.Find("a.item.navigation:contains('Next')").AttrOr("href", "")), fmt.Sprintf("%s?page=2", teamURL))
+}

From ffd10d37a6771a16ffbc1222bd7c307970c75a13 Mon Sep 17 00:00:00 2001
From: Akashdeep Dhar <akashdeep.dhar@gmail.com>
Date: Fri, 8 May 2026 04:43:33 +0200
Subject: [PATCH 816/854] fix: ensure moving all commits in a pull request for
 pagure migration (#12433)

While the changes were conveyed in the pull request in its entirety, the commit
history of a pull request having more than one commit was bugged and the log
would have shown just the presence of the most recent commit event, having the
entire changes contained in a pull request.

This is a problem that was mostly noticed in the closed pull request, so it is
not as bad as it looks. Even then, if we are migrating closed pull requests, we
should do it the right way. We do not want to retain these pull requests for
archival purposes if they are not accurate.

Signed-off-by: Akashdeep Dhar <akashdeep.dhar@gmail.com>

Fixes https://forge.fedoraproject.org/forge/forge/issues/556

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12433
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 services/migrations/pagure.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/migrations/pagure.go b/services/migrations/pagure.go
index 6573871e0d..0bcbfb6d3e 100644
--- a/services/migrations/pagure.go
+++ b/services/migrations/pagure.go
@@ -153,6 +153,7 @@ type PagurePRResponse struct {
 	Requests []struct {
 		Branch         string     `json:"branch"`
 		BranchFrom     string     `json:"branch_from"`
+		CommitStart    string     `json:"commit_start"`
 		CommitStop     string     `json:"commit_stop"`
 		DateCreated    string     `json:"date_created"`
 		FullURL        string     `json:"full_url"`
@@ -560,7 +561,7 @@ func (d *PagureDownloader) GetPullRequests(page, perPage int) ([]*base.PullReque
 		}
 		mergedtime := processDate(&pr.ClosedAt)
 
-		err = d.callAPI("/api/0/"+d.repoName+"/c/"+pr.CommitStop+"/info", nil, &commit)
+		err = d.callAPI("/api/0/"+d.repoName+"/c/"+pr.CommitStart+"/info", nil, &commit)
 		if err != nil {
 			return nil, false, err
 		}

From 3a35c5353ecbb43429474a7db3dcfa23df550279 Mon Sep 17 00:00:00 2001
From: Thanos Apollo <public@thanosapollo.org>
Date: Fri, 8 May 2026 04:46:57 +0200
Subject: [PATCH 817/854] feat: expose AGit topic branch in API PR head label
 (#12352)

For Agit-flow pull requests, `head.label` was explicitly set to an empty
string.  The head branch name (which contains the Agit topic,
e.g. `user2/my-topic`) was already populated from `pr.HeadBranch` but then
discarded.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12352
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Cyborus <cyborus@disroot.org>
---
 services/convert/pull.go      | 1 -
 tests/integration/git_test.go | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/services/convert/pull.go b/services/convert/pull.go
index 41cbcc25aa..4856c58736 100644
--- a/services/convert/pull.go
+++ b/services/convert/pull.go
@@ -177,7 +177,6 @@ func ToAPIPullRequest(ctx context.Context, pr *issues_model.PullRequest, doer *u
 		}
 		apiPullRequest.Head.RepoID = pr.BaseRepoID
 		apiPullRequest.Head.Repository = apiPullRequest.Base.Repository
-		apiPullRequest.Head.Name = ""
 	}
 
 	if pr.HeadRepo != nil && pr.Flow == issues_model.PullRequestFlowGithub {
diff --git a/tests/integration/git_test.go b/tests/integration/git_test.go
index 954a0fd359..83853883c1 100644
--- a/tests/integration/git_test.go
+++ b/tests/integration/git_test.go
@@ -860,6 +860,7 @@ func doCreateAgitFlowPull(dstPath string, ctx *APITestContext, headBranch string
 			assert.False(t, prMsg.HasMerged)
 			assert.Contains(t, "Testing commit 1", prMsg.Body)
 			assert.Equal(t, commit, prMsg.Head.Sha)
+			assert.Equal(t, "user2/"+headBranch, prMsg.Head.Name)
 
 			_, _, err = git.NewCommand(git.DefaultContext, "push", "origin").AddDynamicArguments("HEAD:refs/for/master/test/" + headBranch).RunStdString(&git.RunOpts{Dir: dstPath})
 			require.NoError(t, err)
@@ -878,6 +879,7 @@ func doCreateAgitFlowPull(dstPath string, ctx *APITestContext, headBranch string
 			prMsg = doAPIGetPullRequest(*ctx, ctx.Username, ctx.Reponame, pr2.Index)(t)
 
 			assert.Equal(t, "user2/test/"+headBranch, pr2.HeadBranch)
+			assert.Equal(t, "user2/test/"+headBranch, prMsg.Head.Name)
 			assert.False(t, prMsg.HasMerged)
 		})
 

From 6132d0e4069e0043c41302e300c6d3a5ab7b8ccc Mon Sep 17 00:00:00 2001
From: Thomas Kolar <thomas.kolar@uni-ak.ac.at>
Date: Fri, 8 May 2026 05:52:59 +0200
Subject: [PATCH 818/854] fix: Prevent unremovable review requests after
 submitting pending reviews (#12302)

Some notes:
- I didn't write integration tests because it's a pure bugfix that addresses implementation details of the model layer.
  - I can see interpretations of "it involves interactions with a live Forgejo server" that would cover this PR, but they don't make sense to me in context.
- I didn't add anything to the documentation because it's a pure bugfix - the system should always have worked this way
  - there's no value in confusing people trying to figure out how the system works now with how it didn't work in the past
- However, there IS value in informing people who may have gotten bitten by this in the past, so I think a release note makes sense
- These fixes are closely related, and the changes small, so I decided to make just one PR.
  - From a user perspective, this is just one issue, and I think in terms of release notes, it makes more sense to have just this one.
- Technically, fixing only one of the underlying issues would be enough. Since this is a case of invalid states being representable, it makes sense to both try to prevent it happening in the first place, and deal with it gracefully if it does happen.
  - At the very least, fixing #12245 is required unless we want to live with data generated in the past being broken

Fixes #12243
Fixes #12245

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12302
Reviewed-by: limiting-factor <limiting-factor@noreply.codeberg.org>
---
 models/issues/review.go      | 15 +++++--
 models/issues/review_test.go | 76 ++++++++++++++++++++++++++++++++++++
 release-notes/12302.md       |  1 +
 3 files changed, 89 insertions(+), 3 deletions(-)
 create mode 100644 release-notes/12302.md

diff --git a/models/issues/review.go b/models/issues/review.go
index 5370117a81..6ff36615db 100644
--- a/models/issues/review.go
+++ b/models/issues/review.go
@@ -457,6 +457,11 @@ func SubmitReview(ctx context.Context, doer *user_model.User, issue *Issue, revi
 			if official, err = IsOfficialReviewer(ctx, issue, doer); err != nil {
 				return nil, nil, err
 			}
+			// delete previous review requests from the same user
+			reviewCond := builder.Eq{"reviewer_id": doer.ID, "issue_id": issue.ID}
+			if _, err := sess.Where(reviewCond.And(builder.Eq{"type": ReviewTypeRequest})).Delete(new(Review)); err != nil {
+				return nil, nil, err
+			}
 		}
 
 		review.Official = official
@@ -511,10 +516,14 @@ func SubmitReview(ctx context.Context, doer *user_model.User, issue *Issue, revi
 
 // GetReviewByIssueIDAndUserID get the latest review of reviewer for a pull request
 func GetReviewByIssueIDAndUserID(ctx context.Context, issueID, userID int64) (*Review, error) {
+	return GetReviewByIssueIDUserIDAndTypes(ctx, issueID, userID, []ReviewType{ReviewTypeApprove, ReviewTypeReject, ReviewTypeRequest})
+}
+
+func GetReviewByIssueIDUserIDAndTypes(ctx context.Context, issueID, userID int64, types []ReviewType) (*Review, error) {
 	review := new(Review)
 
 	has, err := db.GetEngine(ctx).Where(
-		builder.In("type", ReviewTypeApprove, ReviewTypeReject, ReviewTypeRequest).
+		builder.In("type", types).
 			And(builder.Eq{"issue_id": issueID, "reviewer_id": userID, "original_author_id": 0})).
 		Desc("id").
 		Get(review)
@@ -707,12 +716,12 @@ func RemoveReviewRequest(ctx context.Context, issue *Issue, reviewer, doer *user
 	}
 	defer committer.Close()
 
-	review, err := GetReviewByIssueIDAndUserID(ctx, issue.ID, reviewer.ID)
+	review, err := GetReviewByIssueIDUserIDAndTypes(ctx, issue.ID, reviewer.ID, []ReviewType{ReviewTypeRequest})
 	if err != nil && !IsErrReviewNotExist(err) {
 		return nil, err
 	}
 
-	if review == nil || review.Type != ReviewTypeRequest {
+	if review == nil {
 		return nil, nil
 	}
 
diff --git a/models/issues/review_test.go b/models/issues/review_test.go
index bdeaae5ea3..e035be617b 100644
--- a/models/issues/review_test.go
+++ b/models/issues/review_test.go
@@ -321,6 +321,82 @@ func TestAddReviewRequest(t *testing.T) {
 	assert.True(t, issues_model.IsErrReviewRequestOnClosedPR(err))
 }
 
+func TestSubmitPendingReviewDeletesReviewRequest(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	pull := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 1})
+	require.NoError(t, pull.LoadIssue(db.DefaultContext))
+	issue := pull.Issue
+	require.NoError(t, issue.LoadRepo(db.DefaultContext))
+	reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	reviewRequest, err := issues_model.CreateReview(db.DefaultContext, issues_model.CreateReviewOptions{
+		Issue:    issue,
+		Reviewer: reviewer,
+		Type:     issues_model.ReviewTypeRequest,
+	})
+	require.NoError(t, err)
+
+	// creating a pending review should NOT remove review requests
+	reviewPending, err := issues_model.CreateReview(db.DefaultContext, issues_model.CreateReviewOptions{
+		Issue:    issue,
+		Reviewer: reviewer,
+		Type:     issues_model.ReviewTypePending,
+	})
+	require.NoError(t, err)
+	unittest.AssertExistsIf(t, true, &issues_model.Review{ID: reviewRequest.ID})
+	// submitting a pending review to finish it SHOULD remove review requests
+	_, _, err = issues_model.SubmitReview(
+		db.DefaultContext,
+		reviewer,
+		issue,
+		issues_model.ReviewTypeReject,
+		"test content",
+		reviewPending.CommitID,
+		false,
+		[]string{},
+	)
+	require.NoError(t, err)
+	unittest.AssertNotExistsBean(t, &issues_model.Review{ID: reviewRequest.ID})
+}
+
+// this test is for handling a state correctly that should never exist, but is representable and was
+// achievable thanks to #12243
+func TestReviewRequestDeletesReviewRequestsBeforeRejectedReviews(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	sess := db.GetEngine(db.DefaultContext)
+
+	pull := unittest.AssertExistsAndLoadBean(t, &issues_model.PullRequest{ID: 1})
+	require.NoError(t, pull.LoadIssue(db.DefaultContext))
+	issue := pull.Issue
+	require.NoError(t, issue.LoadRepo(db.DefaultContext))
+	reviewer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
+
+	// this one will end up being a ReviewTypeRequest. We are initially creating it as
+	// ReviewTypeReject to avoid it being deleted on making the actual rejected review
+	reviewRequest, err := issues_model.CreateReview(db.DefaultContext, issues_model.CreateReviewOptions{
+		Issue:    issue,
+		Reviewer: reviewer,
+		Type:     issues_model.ReviewTypeReject,
+	})
+	require.NoError(t, err)
+	// this review is an actual rejected review that somehow managed to be saved without deleting
+	// reviewRequest. This is a state that is representable and is/was achievable thanks to #12243
+	_, err = issues_model.CreateReview(db.DefaultContext, issues_model.CreateReviewOptions{
+		Issue:    issue,
+		Reviewer: reviewer,
+		Type:     issues_model.ReviewTypeReject,
+	})
+	require.NoError(t, err)
+	reviewRequest.Type = issues_model.ReviewTypeRequest
+	_, err = sess.ID(reviewRequest.ID).Cols("type").Update(reviewRequest)
+	require.NoError(t, err)
+
+	_, err = issues_model.RemoveReviewRequest(db.DefaultContext, issue, reviewer, doer)
+	require.NoError(t, err)
+	unittest.AssertNotExistsBean(t, &issues_model.Review{ID: reviewRequest.ID})
+}
+
 func TestAddTeamReviewRequest(t *testing.T) {
 	defer unittest.OverrideFixtures("models/fixtures/TestAddTeamReviewRequest")()
 	require.NoError(t, unittest.PrepareTestDatabase())
diff --git a/release-notes/12302.md b/release-notes/12302.md
new file mode 100644
index 0000000000..b51bab427d
--- /dev/null
+++ b/release-notes/12302.md
@@ -0,0 +1 @@
+fix: When a review was created as pending and then submitted, the review request wasn't deleted. These review requests couldn't be removed, as the now existing review shadowed the review request. Now, review requests get deleted when a pending review from that reviewer gets submitted, and broken review requests in already existing data can be normally removed via the UI.

From 49f9cc7c4d0ee9bebf663f17d41a3814ee126ce9 Mon Sep 17 00:00:00 2001
From: Nirmal Kumar R <tildezero@gmail.com>
Date: Fri, 8 May 2026 08:01:34 +0200
Subject: [PATCH 819/854] chore: dialog modal max-width rendering failure
 (#12469)

The dialog element shrink wrap up to the max-width boundary. The
`long-modal` is set to strictly fit the `800px` width in the test.
However with Playwright minor font rendering differences makes the
dialog modal width resulting in `797px`.

Test fails at: [expect(width).toBe(800);](https://codeberg.org/forgejo/forgejo/src/commit/6132d0e4069e0043c41302e300c6d3a5ab7b8ccc/tests/e2e/modal.test.e2e.ts#L103)

The fix is to increase the content of the `#long-model` element in
`templates/demo/model.tmpl` to 300 characters length instead of the
current `100` characters length ensures that the dialog modal will always
hit the `800px` max-width.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12469
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
---
 templates/demo/modal.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/demo/modal.tmpl b/templates/demo/modal.tmpl
index 746d82b229..af4c1295ef 100644
--- a/templates/demo/modal.tmpl
+++ b/templates/demo/modal.tmpl
@@ -30,7 +30,7 @@
 	<dialog id="long-modal">
 		<article>
 			<header>Long modal</header>
-			<div class="content">aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</div>
+			<div class="content">aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</div>
 			<footer class="actions">
 					<button class="secondary button cancel">{{ctx.Locale.Tr "settings.cancel"}}</button>
 			</footer>

From 029565865021232c3c281156028efe34172eb961 Mon Sep 17 00:00:00 2001
From: Gergely Nagy <forgejo@gergo.csillger.hu>
Date: Fri, 8 May 2026 08:08:10 +0200
Subject: [PATCH 820/854] Federated user activity following (#4767)

This is a implementation of #4277.

The core idea is that any activity (where activity is defined as anything that ends up in the `action` table) will be wrapped in an `ap.Note`, and sent to followers. Similarly, the inbox of local users now accepts such Notes. Additionally, there's now a "Feeds" tab on the user profile page, which displays the received notes.

# Preview

![Preview](/attachments/9ce6a138-a748-447e-8e8b-d6143564ee4e)

# How to Try?

The PR can be tried using a single Forgejo instance, but two distinct ones probably shows how it works better. For the sake of simplicity, lets try with a single instance. This is how to get started:

1. Enable federation
2. Subscribe one user to another (or to themselves):
    ```
    curl -s -H "authorization: Bearer ${TOKEN}" -XPOST \
         http://localhost:3000/api/v1/user/activitypub/follow \
         --json '{"target": "http://localhost:3000/api/v1/activitypub/user-id/1"}'
    ```

    This makes the first user follow themselves.
3. Create a repo, open an issue, or basically do anything that results in an activity recorded.
4. Visit `http://localhost:3000/{username}?tab=feed` to see the feed in action.

If you want to try with multiple instances, then it's very similar: you just change the `actor_id` to the IRI of the user you want to follow the first instance's user with, and then you can look at the feed tab of this user on the second instance, after you performed some activity on the first.

## Trying with Mastodon / GoToSocial

To try with Mastodon or GoToSocial, you will likely need to bring your Forgejo instance public, and behind https. Once your Forgejo instance is up, you can search for `@yourusername@forgejo.your.domain.example.com`, and simply follow your Forgejo account. Creating any activity will then happily federate to Mastodon & GoToSocial.

You can also copy & paste the Forge user's web profile URL (eg, `https://forgejo.your.domain.example.com/yourusername`) into your fedi client of choice, and it will discover the profile that way too.

# Testing

* test: https://codeberg.org/meissa/federation/src/branch/federated-user-activity-following/doc/user-activity-following/manual-test.md
* Proof of gts->forgejo: https://social.meissa-gmbh.de/@meissa/114499541149466596
* Proof of forgejo->gts: https://social.meissa-gmbh.de/@meissa/114505225265720094

## Architecture decisions

There are a number of ways user activity federation could be implemented. One way - which I explored first - is to wrap each activity, and send those, and let the client render it. The advantage of this would be that we'd be able to have references to other objects (comments, repos, etc). The disadvantage is that doing this requires making all of these things addressable, and that's a lot of work. Another disadvantage is that this requires every client to know how to display it.

Another way, chosen here, is to send a rendered HTML `ap.Note` instead, with an `AttributedTo` (`ap.Person`) property, which describes the activity that happened in a HTML note. This is much simpler to implement, and has the huge advantage that it is also easier to display. In fact, once we have http signatures, we should be able to federate user activity to Mastodon, too! (Though this also requires figuring out how Mastodon wants to follow a user...)

Since user activity federation is mostly cosmetic, as in, it's there for the user to see, rather than for programs to take actions based upon this activity, I believe that sending an `ap.Note` is preferable over a more machine-oriented approach.

## Limitations & TODO

### FederatedUser

We should be caching the Avatar in a similar way. For that, though, we also need to store the last activity of a federated user, so we can expire old avatars from the cache. The avatar refresh part will be covered by #4778.

### Notes

While sending out notes, the `AttributedTo` property is set to an `ap.Person`, based on the originating local user. This is currently unused. The idea is that once following is implemented properly (see above), we'll be able to link this  to a FederatedUser (and thus to ExternalUser & User), which will allow us to display avatars and such, too.

### Display

The template used for displaying the received activities is currently incredibly simplistic. That's probably ok, it doesn't need to be fantastic.

### TODO

- [x] Fix the crashes on certain ops:
  - [x] Issue/PR close & reopen
- [x] Figure out a better way to implement follows
- [x] Store the `AttributedTo` part of the note, too, the ID of it.
- [x] Make sure only those activities are sent out that need to be.
      Currently, pretty much any activity is sent out, even private ones. We should be a bit smarter about that.
- [x] Make the ids used in the AP messages deterministic
      The IDs used in the AP messages are currently UUIDs, and we do not store them, so all the IRIs are "invalid": the objects they refer to don't exist outside of the AP message itself. We should be able to reconstruct the Note objects and Create activities from their IDs.
- [x] Make it possible to follow Forgejo account from Mastodon and GtS
  - [x] Mastodon without `AUTHORIZED_FETCH` works
  - [x] GoToSocial can follow
  - [x] Mastodon with `AUTHORIZED_FETCH` can follow
- ~~Create a cron job to refresh federated user avatars~~
- [x] Implement unfollowing
- [x] Add a `<link rel="alternate" type="application/activity+json" href="...">` to profile pages
      This lets Mastodon & most other Fedi frontends discover the AP profile just by pasting a Forgejo user's web profile page into a search box, without having to know the corresponding AP actor URL
- [x] Make it easier to make a local user follow a remote AP actor
- ~~Rebase on top of #4778 by @realaravinth, once that is ready~~
- [x] Create an API endpoint to list the AP feed
- [x] Create a DB migration for the new stuff
- [x] Make swagger stuff happy
- [x] Clean up the commit history
- [x] ~~Tests~~ Opting for manual testing for now.

Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-authored-by: jerger <jerger@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4767
Reviewed-by: jerger <jerger@noreply.codeberg.org>
Reviewed-by: elle <0xllx0@noreply.codeberg.org>
---
 routers/web/user/profile.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routers/web/user/profile.go b/routers/web/user/profile.go
index ec3cb4a5d3..1c5392ba83 100644
--- a/routers/web/user/profile.go
+++ b/routers/web/user/profile.go
@@ -1,6 +1,6 @@
 // Copyright 2015 The Gogs Authors. All rights reserved.
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// Copyright 2023 The Forgejo Authors. All rights reserved.
+// Copyright 2025 The Forgejo Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
 package user

From 0b3192b8af2488208b2a0efefa5fa2d7405dfc9e Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 9 May 2026 02:23:00 +0200
Subject: [PATCH 821/854] Update module golang.org/x/crypto to v0.51.0
 (forgejo) (#12483)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This PR contains the following updates:

| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
| [golang.org/x/crypto](https://pkg.go.dev/golang.org/x/crypto) | [`v0.50.0` → `v0.51.0`](https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.50.0...refs/tags/v0.51.0) | ![age](https://developer.mend.io/api/mc/badges/age/go/golang.org%2fx%2fcrypto/v0.51.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/golang.org%2fx%2fcrypto/v0.50.0/v0.51.0?slim=true) |

---

> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/2779) for more information.

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)
- Automerge
  - Between 12:00 AM and 03:59 AM (`* 0-3 * * *`)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjAuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE2MC42IiwidGFyZ2V0QnJhbmNoIjoiZm9yZ2VqbyIsImxhYmVscyI6WyJkZXBlbmRlbmN5LXVwZ3JhZGUiLCJ0ZXN0L25vdC1uZWVkZWQiXX0=-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12483
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 go.mod |  6 +++---
 go.sum | 16 ++++++++--------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/go.mod b/go.mod
index a6e9db2b28..a6d10b5e2e 100644
--- a/go.mod
+++ b/go.mod
@@ -101,13 +101,13 @@ require (
 	github.com/yuin/goldmark-highlighting/v2 v2.0.0-20230729083705-37449abec8cc
 	gitlab.com/gitlab-org/api/client-go v0.143.2
 	go.yaml.in/yaml/v3 v3.0.4
-	golang.org/x/crypto v0.50.0
+	golang.org/x/crypto v0.51.0
 	golang.org/x/image v0.39.0
 	golang.org/x/net v0.53.0
 	golang.org/x/oauth2 v0.36.0
 	golang.org/x/sync v0.20.0
-	golang.org/x/sys v0.43.0
-	golang.org/x/text v0.36.0
+	golang.org/x/sys v0.44.0
+	golang.org/x/text v0.37.0
 	google.golang.org/protobuf v1.36.11
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
 	gopkg.in/ini.v1 v1.67.0
diff --git a/go.sum b/go.sum
index bb519fd975..220748373c 100644
--- a/go.sum
+++ b/go.sum
@@ -723,8 +723,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
 golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk=
-golang.org/x/crypto v0.50.0 h1:zO47/JPrL6vsNkINmLoo/PH1gcxpls50DNogFvB5ZGI=
-golang.org/x/crypto v0.50.0/go.mod h1:3muZ7vA7PBCE6xgPX7nkzzjiUq87kRItoJQM1Yo8S+Q=
+golang.org/x/crypto v0.51.0 h1:IBPXwPfKxY7cWQZ38ZCIRPI50YLeevDLlLnyC5wRGTI=
+golang.org/x/crypto v0.51.0/go.mod h1:8AdwkbraGNABw2kOX6YFPs3WM22XqI4EXEd8g+x7Oc8=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -850,8 +850,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
-golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ=
+golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -861,8 +861,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
 golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
 golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
-golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
-golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
+golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4=
+golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -876,8 +876,8 @@ golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/text v0.36.0 h1:JfKh3XmcRPqZPKevfXVpI1wXPTqbkE5f7JA92a55Yxg=
-golang.org/x/text v0.36.0/go.mod h1:NIdBknypM8iqVmPiuco0Dh6P5Jcdk8lJL0CUebqK164=
+golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc=
+golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.15.0 h1:bbrp8t3bGUeFOx08pvsMYRTCVSMk89u4tKbNOZbp88U=

From 92863bb1035530b97609e720a04b62dfe5bd98f0 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Sat, 9 May 2026 02:31:03 +0200
Subject: [PATCH 822/854] feat: expose run_id in ...actions/runners/jobs
 endpoint (#12480)

Include `run_id` in the responses emitted by all `...actions/runners/jobs` endpoints. Helps with correlating pending jobs with other jobs and the runs they belong to.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12480
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 modules/structs/action.go                   | 2 ++
 services/convert/action.go                  | 1 +
 templates/swagger/v1_json.tmpl              | 6 ++++++
 tests/integration/api_admin_actions_test.go | 1 +
 tests/integration/api_org_actions_test.go   | 1 +
 tests/integration/api_repo_actions_test.go  | 3 +++
 tests/integration/api_user_actions_test.go  | 1 +
 7 files changed, 15 insertions(+)

diff --git a/modules/structs/action.go b/modules/structs/action.go
index 1f015a08fb..82c530cdf9 100644
--- a/modules/structs/action.go
+++ b/modules/structs/action.go
@@ -12,6 +12,8 @@ import (
 type ActionRunJob struct {
 	// Identifier of this job.
 	ID int64 `json:"id"`
+	// Identifier of the workflow run this job belongs to.
+	RunID int64 `json:"run_id"`
 	// How many times the job has been attempted including the current attempt.
 	Attempt int64 `json:"attempt"`
 	// Opaque identifier that uniquely identifies a single attempt of a job.
diff --git a/services/convert/action.go b/services/convert/action.go
index dd21b9fb87..da40ac7916 100644
--- a/services/convert/action.go
+++ b/services/convert/action.go
@@ -71,6 +71,7 @@ func ToActionRunJob(job *actions_model.ActionRunJob) *api.ActionRunJob {
 
 	return &api.ActionRunJob{
 		ID:      job.ID,
+		RunID:   job.RunID,
 		Attempt: job.Attempt,
 		Handle:  job.Handle,
 		RepoID:  job.RepoID,
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index 45159b7c71..e0afb22d54 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -22873,6 +22873,12 @@
           "format": "int64",
           "x-go-name": "RepoID"
         },
+        "run_id": {
+          "description": "Identifier of the workflow run this job belongs to.",
+          "type": "integer",
+          "format": "int64",
+          "x-go-name": "RunID"
+        },
         "runs_on": {
           "description": "the action run job labels to run on",
           "type": "array",
diff --git a/tests/integration/api_admin_actions_test.go b/tests/integration/api_admin_actions_test.go
index 173e22ca91..67fc643761 100644
--- a/tests/integration/api_admin_actions_test.go
+++ b/tests/integration/api_admin_actions_test.go
@@ -46,6 +46,7 @@ func TestAPIAdminActionsGetJobs(t *testing.T) {
 
 		expected := api.ActionRunJob{
 			ID:      393,
+			RunID:   891,
 			Attempt: 1,
 			Handle:  "18e9cf40-c2f6-409f-b832-b945ea7dc79b",
 			RepoID:  1,
diff --git a/tests/integration/api_org_actions_test.go b/tests/integration/api_org_actions_test.go
index 08de84cdf2..eb96435a45 100644
--- a/tests/integration/api_org_actions_test.go
+++ b/tests/integration/api_org_actions_test.go
@@ -37,6 +37,7 @@ func TestActionsAPISearchActionJobs_OrgRunner(t *testing.T) {
 
 	job395 := api.ActionRunJob{
 		ID:      395,
+		RunID:   891,
 		Attempt: 1,
 		Handle:  "40317a2f-2f00-4a82-8cc4-57347989a493",
 		RepoID:  1,
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index ccf333191e..605d55c469 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -52,6 +52,7 @@ func TestActionsAPISearchActionJobs_RepoRunner(t *testing.T) {
 
 	job393 := api.ActionRunJob{
 		ID:      393,
+		RunID:   891,
 		Attempt: 1,
 		Handle:  "18e9cf40-c2f6-409f-b832-b945ea7dc79b",
 		RepoID:  1,
@@ -713,6 +714,7 @@ func TestActionsAPIListActionRunJobs(t *testing.T) {
 				if expected.ID == 195 {
 					assert.Equal(t, &api.ActionRunJob{
 						ID:      195,
+						RunID:   793,
 						Attempt: 1,
 						Handle:  "",
 						RepoID:  4,
@@ -726,6 +728,7 @@ func TestActionsAPIListActionRunJobs(t *testing.T) {
 				} else if expected.ID == 197 {
 					assert.Equal(t, &api.ActionRunJob{
 						ID:      197,
+						RunID:   895,
 						Attempt: 0,
 						Handle:  "",
 						RepoID:  4,
diff --git a/tests/integration/api_user_actions_test.go b/tests/integration/api_user_actions_test.go
index b9a0b16ab4..91bd8c4be1 100644
--- a/tests/integration/api_user_actions_test.go
+++ b/tests/integration/api_user_actions_test.go
@@ -38,6 +38,7 @@ func TestActionsAPISearchActionJobs_UserRunner(t *testing.T) {
 
 	job394 := api.ActionRunJob{
 		ID:      394,
+		RunID:   891,
 		Attempt: 2,
 		Handle:  "a723d3e3-49a1-4e6b-947f-e987e60bfbd6",
 		RepoID:  1,

From 4e40724199ace81506300ab3f5d3108f8766ab1b Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sat, 9 May 2026 04:38:55 +0200
Subject: [PATCH 823/854] Update module golang.org/x/tools/cmd/deadcode to
 v0.45.0 (forgejo) (#12488)

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 5a353c59cf..2680bb8b62 100644
--- a/Makefile
+++ b/Makefile
@@ -45,7 +45,7 @@ SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.33.2 # renova
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses/v2@v2.0.1 # renovate: datasource=go
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
-DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.44.0 # renovate: datasource=go
+DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.45.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
 RENOVATE_NPM_PACKAGE ?= renovate@43.160.6 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 MOCKERY_PACKAGE ?= github.com/vektra/mockery/v3@v3.7.0 # renovate: datasource=go

From 508bb7f2aed62479b03335b3591bd890260cfe37 Mon Sep 17 00:00:00 2001
From: limiting-factor <limiting-factor@posteo.com>
Date: Sat, 9 May 2026 04:46:56 +0200
Subject: [PATCH 824/854] fix: in actions_service cancelJobsForRun is bugous
 use killRun instead (#12366)

The cancelJobsForRun function is redundant with the killRun function and has bugs:

- It does not use a transaction and may fail in a non-recoverable way
- It does not update the commit status of the run
-  It does not set NeedRemoval to false if needed

Remove the cancelJobsForRun function and use killRun instead (fixing forgejo/forgejo#12386). Both calls are covered by existing tests:

- TestCancelPreviousJobs
- TestCancelPreviousWithConcurrencyGroup

A new integration test TestActionsPullRequestTrustPushCancel is added to verify that the NeedApproval field is set to false whenever a run is cancelled (fixing forgejo/forgejo#12350).

Closes forgejo/forgejo#12350
Closes forgejo/forgejo#12386

---

Reverting the change fails the test at

https://codeberg.org/limiting-factor/forgejo/src/commit/b6178e5634c230006a3c2b791ec8e06f09367e2d/tests/integration/actions_trust_test.go#L520-L533

with:

```
TAGS='sqlite sqlite_unlock_notify' make 'test-sqlite#TestActionsPullRequestTrustPushCancel'
...
    actions_trust_test.go:523:
        	Error Trace:	/home/limiting-factor/forgejo/tests/integration/actions_trust_test.go:523
        	            				/home/limiting-factor/forgejo/tests/integration/git_helper_for_declarative_test.go:98
        	            				/home/limiting-factor/forgejo/tests/integration/actions_trust_test.go:476
        	Error:      	Should be false
        	Test:       	TestActionsPullRequestTrustPushCancel
```

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12366): <!--number 12366 --><!--line 0 --><!--description V2hlbiB0aGUgYXV0aG9yIG9mIGEgcHVsbCByZXF1ZXN0IGlzIFtkZW5pZWQgdGhlIHJpZ2h0IHRvIHJ1biBBY3Rpb25zXShodHRwczovL2Zvcmdlam8ub3JnL2RvY3MvbmV4dC91c2VyL2FjdGlvbnMvc2VjdXJpdHktcHVsbC1yZXF1ZXN0LykgYnkgY2xpY2tpbmcgb24gdGhlICJEZW55IiBidXR0b24gb24gdGhlIHB1bGwgcmVxdWVzdCB0cnVzdCBtYW5hZ2VtZW50IHBhbmVsLCB0aGUgd29ya2Zsb3cgcnVucyBjcmVhdGVkIGZvciBhbGwgY29tbWl0cyBwdXNoZWQgdG8gdGhlIHB1bGwgcmVxdWVzdCBhcmUgY2FuY2VsbGVkLiBCZWZvcmUgdGhhdCwgcnVucyB0aGF0IHdlcmUgYXV0b21hdGljYWxseSBjYW5jZWxsZWQgYmVjYXVzZSBhIG5ld2VyIGNvbW1pdCB3YXMgcHVzaGVkIHRvIHRoZSBwdWxsIHJlcXVlc3QgW3dlcmUgc3R1Y2sgaW4gYSBzdGF0ZSB3YWl0aW5nIGZvciBhcHByb3ZhbF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2lzc3Vlcy8xMjM1MCku-->When the author of a pull request is [denied the right to run Actions](https://forgejo.org/docs/next/user/actions/security-pull-request/) by clicking on the "Deny" button on the pull request trust management panel, the workflow runs created for all commits pushed to the pull request are cancelled. Before that, runs that were automatically cancelled because a newer commit was pushed to the pull request [were stuck in a state waiting for approval](https://codeberg.org/forgejo/forgejo/issues/12350).<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12366
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 models/actions/run.go                   |  4 +-
 release-notes/12366.md                  |  1 +
 services/actions/schedule_tasks.go      | 63 +++----------------------
 tests/integration/actions_trust_test.go | 62 ++++++++++++++++++++++++
 4 files changed, 71 insertions(+), 59 deletions(-)
 create mode 100644 release-notes/12366.md

diff --git a/models/actions/run.go b/models/actions/run.go
index 862125224f..692dab841b 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -347,7 +347,7 @@ func UpdateRunApprovalByID(ctx context.Context, id int64, approval ApprovalType,
 func GetRunsNotDoneByRepoIDAndPullRequestPosterID(ctx context.Context, repoID, pullRequestPosterID int64) ([]*ActionRun, error) {
 	var runs []*ActionRun
 	// performance relies on indexes on repo_id and status
-	if err := db.GetEngine(ctx).Where("repo_id=? AND pull_request_poster_id=?", repoID, pullRequestPosterID).And(builder.In("status", []Status{StatusUnknown, StatusWaiting, StatusRunning, StatusBlocked})).Find(&runs); err != nil {
+	if err := db.GetEngine(ctx).Where("repo_id=? AND pull_request_poster_id=?", repoID, pullRequestPosterID).And(builder.In("status", PendingStatuses())).Find(&runs); err != nil {
 		return nil, err
 	}
 	return runs, nil
@@ -356,7 +356,7 @@ func GetRunsNotDoneByRepoIDAndPullRequestPosterID(ctx context.Context, repoID, p
 func GetRunsNotDoneByRepoIDAndPullRequestID(ctx context.Context, repoID, pullRequestID int64) ([]*ActionRun, error) {
 	var runs []*ActionRun
 	// performance relies on indexes on repo_id and status
-	if err := db.GetEngine(ctx).Where("repo_id=? AND pull_request_id=?", repoID, pullRequestID).And(builder.In("status", []Status{StatusUnknown, StatusWaiting, StatusRunning, StatusBlocked})).Find(&runs); err != nil {
+	if err := db.GetEngine(ctx).Where("repo_id=? AND pull_request_id=?", repoID, pullRequestID).And(builder.In("status", PendingStatuses())).Find(&runs); err != nil {
 		return nil, err
 	}
 	return runs, nil
diff --git a/release-notes/12366.md b/release-notes/12366.md
new file mode 100644
index 0000000000..12cc3c478d
--- /dev/null
+++ b/release-notes/12366.md
@@ -0,0 +1 @@
+When the author of a pull request is [denied the right to run Actions](https://forgejo.org/docs/next/user/actions/security-pull-request/) by clicking on the "Deny" button on the pull request trust management panel, the workflow runs created for all commits pushed to the pull request are cancelled. Before that, runs that were automatically cancelled because a newer commit was pushed to the pull request [were stuck in a state waiting for approval](https://codeberg.org/forgejo/forgejo/issues/12350).
diff --git a/services/actions/schedule_tasks.go b/services/actions/schedule_tasks.go
index fab9ae8df5..a1e9874984 100644
--- a/services/actions/schedule_tasks.go
+++ b/services/actions/schedule_tasks.go
@@ -23,7 +23,6 @@ import (
 	"code.forgejo.org/forgejo/runner/v12/act/jobparser"
 	act_model "code.forgejo.org/forgejo/runner/v12/act/model"
 	"github.com/gdgvda/cron"
-	"xorm.io/builder"
 )
 
 // StartScheduleTasks start the task
@@ -220,7 +219,7 @@ func CancelPreviousJobs(ctx context.Context, repoID int64, ref, workflowID strin
 	// Iterate over each found run and cancel its associated jobs.
 	errorSlice := []error{}
 	for _, run := range runs {
-		err := cancelJobsForRun(ctx, run.ID)
+		err := killRun(ctx, run, actions_model.StatusCancelled)
 		errorSlice = append(errorSlice, err)
 	}
 	err = errors.Join(errorSlice...)
@@ -236,21 +235,21 @@ func CancelPreviousWithConcurrencyGroup(ctx context.Context, repoID int64, concu
 	// Find all runs in the concurrency group which have at least one job that is still pending; we can't use the run's
 	// status for this because runs are set to failed if a single job is marked as failed, even if other jobs are still
 	// running.
-	runIDs := make([]int64, 0, 10)
+	runs := make([]*actions_model.ActionRun, 0, 10)
 	if err := db.GetEngine(ctx).Table("action_run").
 		Join("INNER", "action_run_job", "action_run_job.run_id = action_run.id").
 		Where("action_run.repo_id = ? AND action_run.concurrency_group = ?", repoID, strings.ToLower(concurrencyGroup)).
 		In("action_run_job.status", actions_model.PendingStatuses()).
 		Distinct("action_run.id").
-		Select("action_run.id").
-		Find(&runIDs); err != nil {
+		Select("action_run.id,action_run.need_approval").
+		Find(&runs); err != nil {
 		return err
 	}
 
 	// Iterate over each found run and cancel its associated jobs.
 	errorSlice := []error{}
-	for _, runID := range runIDs {
-		err := cancelJobsForRun(ctx, runID)
+	for _, run := range runs {
+		err := killRun(ctx, run, actions_model.StatusCancelled)
 		errorSlice = append(errorSlice, err)
 	}
 	err := errors.Join(errorSlice...)
@@ -261,56 +260,6 @@ func CancelPreviousWithConcurrencyGroup(ctx context.Context, repoID int64, concu
 	return nil
 }
 
-func cancelJobsForRun(ctx context.Context, runID int64) error {
-	// Find all jobs associated with the current run.
-	jobs, err := db.Find[actions_model.ActionRunJob](ctx, actions_model.FindRunJobOptions{
-		RunID: runID,
-	})
-	if err != nil {
-		return err
-	}
-
-	// Iterate over each job and attempt to cancel it.
-	errorSlice := []error{}
-	for _, job := range jobs {
-		// Skip jobs that are already in a terminal state (completed, cancelled, etc.).
-		status := job.Status
-		if status.IsDone() {
-			continue
-		}
-
-		// If the job has no associated task (probably an error), set its status to 'Cancelled' and stop it.
-		if job.TaskID == 0 {
-			job.Status = actions_model.StatusCancelled
-			job.Stopped = timeutil.TimeStampNow()
-
-			// Update the job's status and stopped time in the database.
-			n, err := UpdateRunJob(ctx, job, builder.Eq{"task_id": 0}, "status", "stopped")
-			if err != nil {
-				errorSlice = append(errorSlice, err)
-				continue
-			}
-
-			// If the update affected 0 rows, it means the job has changed in the meantime, so we need to try again.
-			if n == 0 {
-				errorSlice = append(errorSlice, errors.New("job has changed, try again"))
-				continue
-			}
-
-			// Continue with the next job.
-			continue
-		}
-
-		// If the job has an associated task, try to stop the task, effectively cancelling the job.
-		if err := StopTask(ctx, job.TaskID, actions_model.StatusCancelled); err != nil {
-			errorSlice = append(errorSlice, err)
-			continue
-		}
-	}
-
-	return errors.Join(errorSlice...)
-}
-
 func CleanRepoScheduleTasks(ctx context.Context, repo *repo_model.Repository, cancelPreviousJobs bool) error {
 	// If actions disabled when there is schedule task, this will remove the outdated schedule tasks
 	// There is no other place we can do this because the app.ini will be changed manually
diff --git a/tests/integration/actions_trust_test.go b/tests/integration/actions_trust_test.go
index c150bd6c2e..c1449aeda2 100644
--- a/tests/integration/actions_trust_test.go
+++ b/tests/integration/actions_trust_test.go
@@ -471,3 +471,65 @@ func TestActionsPullRequestTrustCancelOnClose(t *testing.T) {
 		}
 	})
 }
+
+func TestActionsPullRequestTrustPushCancel(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		ownerUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		ownerSession := loginUser(t, ownerUser.Name)
+
+		regularUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+
+		baseRepo, f := actionsTrustTestCreateBaseRepo(t, ownerUser)
+		defer f()
+
+		forkedRepo, pullRequest, addFileToForkedResp := actionsTrustTestCreatePullRequestFromForkedRepo(t, ownerUser, baseRepo, regularUser)
+		pullRequestLink := pullRequest.Issue.Link()
+
+		// there is one commit in the pull request and it is blocked from running actions pending approval
+		{
+			actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{RepoID: baseRepo.ID, CommitSHA: addFileToForkedResp.Commit.SHA})
+			assert.True(t, actionRun.NeedApproval)
+			assert.Equal(t, actions_model.StatusWaiting, actionRun.Status)
+			actionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: actionRun.ID, RepoID: baseRepo.ID})
+			assert.Equal(t, actions_model.StatusBlocked, actionRunJob.Status)
+		}
+
+		// another commit is pushed to the head branch of the pull request
+		otherFileInForkResp := actionsTrustTestRepoModify(t, regularUser, baseRepo, forkedRepo, "add_file_one.txt")
+
+		// there are two commits
+		// - the oldest one switched from Blocked to Cancelled and no longer needs approval
+		// - the newest one is Blocked and pending approval
+		{
+			actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{RepoID: baseRepo.ID, CommitSHA: addFileToForkedResp.Commit.SHA})
+			assert.False(t, actionRun.NeedApproval)
+			assert.Equal(t, actions_model.StatusCancelled, actionRun.Status)
+			actionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: actionRun.ID, RepoID: baseRepo.ID})
+			assert.Equal(t, actions_model.StatusCancelled, actionRunJob.Status)
+
+			otherActionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{RepoID: baseRepo.ID, CommitSHA: otherFileInForkResp.Commit.SHA})
+			assert.True(t, otherActionRun.NeedApproval)
+			assert.Equal(t, actions_model.StatusWaiting, otherActionRun.Status)
+			otherActionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: otherActionRun.ID, RepoID: baseRepo.ID})
+			assert.Equal(t, actions_model.StatusBlocked, otherActionRunJob.Status)
+		}
+
+		actionsTrustTestAssertTrustPanel(t, ownerSession, pullRequestLink)
+		actionsTrustTestClickTrustPanel(t, ownerSession, pullRequestLink, string(actions_service.UserTrustDenied))
+
+		// there are two commits, both are Cancelled and not pending approval
+		{
+			actionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{RepoID: baseRepo.ID, CommitSHA: addFileToForkedResp.Commit.SHA})
+			assert.False(t, actionRun.NeedApproval)
+			assert.Equal(t, actions_model.StatusCancelled, actionRun.Status)
+			actionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: actionRun.ID, RepoID: baseRepo.ID})
+			assert.Equal(t, actions_model.StatusCancelled, actionRunJob.Status)
+
+			otherActionRun := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{RepoID: baseRepo.ID, CommitSHA: otherFileInForkResp.Commit.SHA})
+			assert.False(t, otherActionRun.NeedApproval)
+			assert.Equal(t, actions_model.StatusCancelled, otherActionRun.Status)
+			otherActionRunJob := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: otherActionRun.ID, RepoID: baseRepo.ID})
+			assert.Equal(t, actions_model.StatusCancelled, otherActionRunJob.Status)
+		}
+	})
+}

From 169ea1d9917b2b1a7363d7cfb81d216881f37993 Mon Sep 17 00:00:00 2001
From: famfo <famfo@famfo.xyz>
Date: Sat, 9 May 2026 05:02:57 +0200
Subject: [PATCH 825/854] fix(activitypub): only return public activities on
 request (#12382)

The endpoint returning individual activities was missing access control checks, since IDs are sequential, this is not ideal.

Fixes #12333

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12382
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 models/activities/action.go                   | 33 +++++++++++++++++
 models/activities/action_test.go              | 25 +++++++++++++
 models/activities/error.go                    | 14 ++++++++
 .../fixtures/TestIsPrivate/action.yml         |  7 ++++
 .../fixtures/TestIsPrivate/user.yml           | 36 +++++++++++++++++++
 models/fixtures/action.yml                    |  2 +-
 routers/api/v1/activitypub/person.go          | 11 ++++++
 services/convert/activitypub_user_action.go   |  5 +++
 services/federation/user_activity.go          | 19 +++++-----
 ...ivitypub_person_inbox_useractivity_test.go | 18 +++++++---
 10 files changed, 154 insertions(+), 16 deletions(-)
 create mode 100644 models/activities/error.go
 create mode 100644 models/activities/fixtures/TestIsPrivate/action.yml
 create mode 100644 models/activities/fixtures/TestIsPrivate/user.yml

diff --git a/models/activities/action.go b/models/activities/action.go
index 6b3fabfae0..9b67bd67f6 100644
--- a/models/activities/action.go
+++ b/models/activities/action.go
@@ -812,3 +812,36 @@ func FixActionCreatedUnixString(ctx context.Context) (int64, error) {
 	}
 	return 0, nil
 }
+
+func (a *Action) IsActionPrivate(ctx context.Context) (bool, error) {
+	if a.IsPrivate {
+		return true, nil
+	}
+
+	a.loadRepo(ctx)
+	if a.Repo == nil {
+		return true, repo_model.ErrRepoNotExist{}
+	}
+
+	repo := a.Repo
+	err := repo.LoadOwner(ctx)
+	if err != nil {
+		return true, err
+	}
+
+	if repo.IsPrivate || repo.Owner.KeepActivityPrivate || repo.Owner.Visibility != structs.VisibleTypePublic {
+		return true, nil
+	}
+
+	a.LoadActUser(ctx)
+	if a.ActUser == nil {
+		return true, user_model.ErrUserNotExist{}
+	}
+
+	user := a.ActUser
+	if user.KeepActivityPrivate || user.Visibility != structs.VisibleTypePublic {
+		return true, nil
+	}
+
+	return false, nil
+}
diff --git a/models/activities/action_test.go b/models/activities/action_test.go
index bfc07f58ae..592fdf71e3 100644
--- a/models/activities/action_test.go
+++ b/models/activities/action_test.go
@@ -371,3 +371,28 @@ func TestGetIssueInfos(t *testing.T) {
 		assert.Equal(t, test.field3, issueInfos[2])
 	}
 }
+
+func TestIsPrivate(t *testing.T) {
+	defer unittest.OverrideFixtures("models/activities/fixtures/TestIsPrivate")()
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	tt := []struct {
+		activityID int64
+		private    bool
+	}{
+		{1, true},  // private repo
+		{3, false}, // public activities, public repo
+		{11, true}, // private activities
+	}
+
+	for _, test := range tt {
+		ctx := t.Context()
+		action, err := activities_model.GetActivityByID(ctx, test.activityID)
+		require.NoError(t, err)
+
+		private, err := action.IsActionPrivate(ctx)
+		require.NoError(t, err)
+
+		assert.Equal(t, test.private, private, "action ID: %d", test.activityID)
+	}
+}
diff --git a/models/activities/error.go b/models/activities/error.go
new file mode 100644
index 0000000000..85896e97d9
--- /dev/null
+++ b/models/activities/error.go
@@ -0,0 +1,14 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package activities
+
+import "fmt"
+
+type ErrActivityPrivate struct {
+	id int64
+}
+
+func (err ErrActivityPrivate) Error() string {
+	return fmt.Sprintf("Activity with id %d is private", err.id)
+}
diff --git a/models/activities/fixtures/TestIsPrivate/action.yml b/models/activities/fixtures/TestIsPrivate/action.yml
new file mode 100644
index 0000000000..681cea1939
--- /dev/null
+++ b/models/activities/fixtures/TestIsPrivate/action.yml
@@ -0,0 +1,7 @@
+- id: 11
+  user_id: 44
+  op_type: 1 # create repo
+  act_user_id: 44 # private user activities
+  repo_id: 60 # public
+  is_private: false
+  created_unix: 1680454039
diff --git a/models/activities/fixtures/TestIsPrivate/user.yml b/models/activities/fixtures/TestIsPrivate/user.yml
new file mode 100644
index 0000000000..dd7bf1a657
--- /dev/null
+++ b/models/activities/fixtures/TestIsPrivate/user.yml
@@ -0,0 +1,36 @@
+- id: 44
+  lower_name: user44
+  name: user44
+  full_name: user44
+  email: user44@example.com
+  keep_email_private: false
+  email_notifications_preference: enabled
+  passwd: ZogKvWdyEx:password
+  passwd_hash_algo: dummy
+  must_change_password: false
+  login_source: 0
+  login_name: user44
+  type: 0
+  salt: ZogKvWdyEx
+  max_repo_creation: -1
+  is_active: true
+  is_admin: false
+  is_restricted: false
+  allow_git_hook: false
+  allow_import_local: false
+  allow_create_organization: true
+  prohibit_login: false
+  avatar: ""
+  avatar_email: user44@example.com
+  use_custom_avatar: true
+  num_followers: 0
+  num_following: 0
+  num_stars: 0
+  num_repos: 0
+  num_teams: 0
+  num_members: 0
+  visibility: 0
+  repo_admin_change_team_access: false
+  theme: ""
+  keep_activity_private: true
+  created_unix: 1672578380
diff --git a/models/fixtures/action.yml b/models/fixtures/action.yml
index f1592d4569..c776218be0 100644
--- a/models/fixtures/action.yml
+++ b/models/fixtures/action.yml
@@ -81,4 +81,4 @@
   act_user_id: 40
   repo_id: 60 # public
   is_private: false
-  created_unix: 1577404800 # end of heatmap
\ No newline at end of file
+  created_unix: 1577404800 # end of heatmap
diff --git a/routers/api/v1/activitypub/person.go b/routers/api/v1/activitypub/person.go
index 8fa9e5f226..82725f2757 100644
--- a/routers/api/v1/activitypub/person.go
+++ b/routers/api/v1/activitypub/person.go
@@ -148,6 +148,17 @@ func getActivity(ctx *context.APIContext, id int64) (*forgefed.ForgeUserActivity
 		return nil, err
 	}
 
+	private, err := action.IsActionPrivate(ctx)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "action.IsActionPrivate", err.Error())
+		return nil, err
+	}
+
+	if private {
+		ctx.NotFound()
+		return nil, activities.ErrActivityPrivate{}
+	}
+
 	actions := activities.ActionList{action}
 	if err := actions.LoadAttributes(ctx); err != nil {
 		ctx.Error(http.StatusInternalServerError, "action.LoadAttributes", err.Error())
diff --git a/services/convert/activitypub_user_action.go b/services/convert/activitypub_user_action.go
index 6db3834ef2..4d7d04f252 100644
--- a/services/convert/activitypub_user_action.go
+++ b/services/convert/activitypub_user_action.go
@@ -13,6 +13,7 @@ import (
 
 	activities_model "forgejo.org/models/activities"
 	issues_model "forgejo.org/models/issues"
+	"forgejo.org/models/repo"
 	fm "forgejo.org/modules/forgefed"
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/markup"
@@ -20,6 +21,10 @@ import (
 )
 
 func ActionToForgeUserActivity(ctx context.Context, action *activities_model.Action) (fm.ForgeUserActivity, error) {
+	if action.Repo == nil {
+		return fm.ForgeUserActivity{}, repo.ErrRepoNotExist{}
+	}
+
 	render := func(format string, args ...any) string {
 		return fmt.Sprintf(`<a href="%s" rel="nofollow">%s</a> %s`, action.ActUser.HTMLURL(), action.GetActDisplayName(ctx), fmt.Sprintf(format, args...))
 	}
diff --git a/services/federation/user_activity.go b/services/federation/user_activity.go
index 0db2aee4ec..7d6fb4ebb4 100644
--- a/services/federation/user_activity.go
+++ b/services/federation/user_activity.go
@@ -9,8 +9,8 @@ import (
 	activities_model "forgejo.org/models/activities"
 	"forgejo.org/models/forgefed"
 	"forgejo.org/models/user"
+	"forgejo.org/modules/log"
 	"forgejo.org/modules/setting"
-	"forgejo.org/modules/structs"
 	"forgejo.org/services/convert"
 
 	ap "github.com/go-ap/activitypub"
@@ -64,17 +64,16 @@ func NotifyActivityPubFollowers(ctx context.Context, actions []activities_model.
 		return nil
 	}
 	for _, act := range actions {
-		if act.Repo != nil {
-			if act.Repo.IsPrivate {
-				continue
-			}
-			if act.Repo.Owner.KeepActivityPrivate || act.Repo.Owner.Visibility != structs.VisibleTypePublic {
-				continue
-			}
-		}
-		if act.ActUser.KeepActivityPrivate || act.ActUser.Visibility != structs.VisibleTypePublic {
+		private, err := act.IsActionPrivate(ctx)
+		if err != nil {
+			log.Error("Failed to check if action is private: %s", err.Error())
 			continue
 		}
+
+		if private {
+			continue
+		}
+
 		if err := SendUserActivity(ctx, act.ActUser, &act); err != nil {
 			return err
 		}
diff --git a/tests/integration/api_activitypub_person_inbox_useractivity_test.go b/tests/integration/api_activitypub_person_inbox_useractivity_test.go
index fa51050045..025bba024a 100644
--- a/tests/integration/api_activitypub_person_inbox_useractivity_test.go
+++ b/tests/integration/api_activitypub_person_inbox_useractivity_test.go
@@ -23,6 +23,7 @@ import (
 	"forgejo.org/services/federation"
 	"forgejo.org/tests"
 
+	ap "github.com/go-ap/activitypub"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -159,15 +160,22 @@ func TestActivityPubPersonInboxNoteToDistant(t *testing.T) {
 		require.NoError(t, err)
 		assert.Equal(t, http.StatusOK, resp.StatusCode)
 
-		// distant request activity & activity note
-		localUser2ActivityNote := fmt.Sprintf("%v/activities/1", localUser2URL)
-		localUser2Activity := fmt.Sprintf("%v/activities/1/activity", localUser2URL)
+		// ID of create activity and note delivered to distant
+		activity, err := ap.UnmarshalJSON([]byte(mock.LastPost))
+		require.NoError(t, err)
 
-		resp, err = c.Get(localUser2ActivityNote)
+		createNote := activity.(*ap.Create)
+		localUser2ActivityNote, err := createNote.Object.GetID().URL()
+		require.NoError(t, err)
+
+		localUser2Activity, err := createNote.GetID().URL()
+		require.NoError(t, err)
+
+		resp, err = c.Get(localUser2ActivityNote.String())
 		require.NoError(t, err)
 		assert.Equal(t, http.StatusOK, resp.StatusCode)
 
-		resp, err = c.Get(localUser2Activity)
+		resp, err = c.Get(localUser2Activity.String())
 		require.NoError(t, err)
 		assert.Equal(t, http.StatusOK, resp.StatusCode)
 

From 9a5d9397a47ef231b3c5af815e40645503c29d42 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sat, 9 May 2026 23:53:35 +0200
Subject: [PATCH 826/854] chore: update flake.lock; add gnupg as dependency
 (#12497)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add `gnupg` as part of the Nix-based development environment, which is a dependency for a small number of integration tests like `TestInstanceSigning`.  Bumps `flake.lock` from its current 2025-11-12 to current 2026-05-05 pin, bringing updated tools referenced in `shell.nix`.

```
$ nix flake update
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/c5ae371f1a6a7fd27823bc500d9390b38c05fa55?narHash=sha256-4PqRErxfe%2B2toFJFgcRKZ0UI9NSIOJa%2B7RXVtBhy4KE%3D' (2025-11-12)
  → 'github:nixos/nixpkgs/549bd84d6279f9852cae6225e372cc67fb91a4c1?narHash=sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9%2BhrDTkDU%3D' (2026-05-05)
```

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12497
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 flake.lock | 6 +++---
 shell.nix  | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index 4ff76cf2ca..c6670e17b9 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1762977756,
-        "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
+        "lastModified": 1777954456,
+        "narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
+        "rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
         "type": "github"
       },
       "original": {
diff --git a/shell.nix b/shell.nix
index 7d457e8e73..94b5cf708e 100644
--- a/shell.nix
+++ b/shell.nix
@@ -25,5 +25,6 @@ pkgs.mkShell {
 
     # tests
     openssh
+    gnupg
   ];
 }

From d2a7fc1458ecf6a74c8380cf069d994afa6e0db7 Mon Sep 17 00:00:00 2001
From: Stefan Gehn <stefan@srcbox.net>
Date: Sun, 10 May 2026 00:39:51 +0200
Subject: [PATCH 827/854] fix: Use notify in systemd forgejo.service example
 [skip-ci] (#10212)

Use notify as systemd service in the example configuration.
Notifying systemd on successful startup is supported since
Forgejo 1.20.0 already.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10212
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 contrib/systemd/forgejo.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/systemd/forgejo.service b/contrib/systemd/forgejo.service
index ee019e11ea..36dc2a3a5b 100644
--- a/contrib/systemd/forgejo.service
+++ b/contrib/systemd/forgejo.service
@@ -52,7 +52,7 @@ After=network.target
 # Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
 # LimitNOFILE=524288:524288
 RestartSec=2s
-Type=simple
+Type=notify
 User=git
 Group=git
 WorkingDirectory=/var/lib/forgejo/

From 3fc3942356482f9281ffb1f4a71883a9302f7a99 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 10 May 2026 01:32:13 +0200
Subject: [PATCH 828/854] Update CodeMirror (forgejo) (#12498)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12498
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 package-lock.json | 16 ++++++++--------
 package.json      |  4 ++--
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 778ccdde62..5cc3fc5137 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
         "@citation-js/core": "0.7.21",
         "@citation-js/plugin-bibtex": "0.7.21",
         "@citation-js/plugin-software-formats": "0.6.2",
-        "@codemirror/autocomplete": "6.20.1",
+        "@codemirror/autocomplete": "6.20.2",
         "@codemirror/commands": "6.10.3",
         "@codemirror/lang-cpp": "6.0.3",
         "@codemirror/lang-css": "6.3.1",
@@ -30,7 +30,7 @@
         "@codemirror/language": "6.12.3",
         "@codemirror/search": "6.7.0",
         "@codemirror/state": "6.6.0",
-        "@codemirror/view": "6.41.1",
+        "@codemirror/view": "6.42.0",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.9.4",
@@ -495,9 +495,9 @@
       }
     },
     "node_modules/@codemirror/autocomplete": {
-      "version": "6.20.1",
-      "resolved": "https://registry.npmjs.org/@codemirror/autocomplete/-/autocomplete-6.20.1.tgz",
-      "integrity": "sha512-1cvg3Vz1dSSToCNlJfRA2WSI4ht3K+WplO0UMOgmUYPivCyy2oueZY6Lx7M9wThm7SDUBViRmuT+OG/i8+ON9A==",
+      "version": "6.20.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/autocomplete/-/autocomplete-6.20.2.tgz",
+      "integrity": "sha512-G5FPkgIiLjOgZMjqVjvuKQ1rGPtHogLldJr33eFJdVLtmwY+giGrlv/ewljLz6b9BSQLkjxuwBc6g6omDM+YxQ==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/language": "^6.0.0",
@@ -774,9 +774,9 @@
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.41.1",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.41.1.tgz",
-      "integrity": "sha512-ToDnWKbBnke+ZLrP6vgTTDScGi5H37YYuZGniQaBzxMVdtCxMrslsmtnOvbPZk4RX9bvkQqnWR/WS/35tJA0qg==",
+      "version": "6.42.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.42.0.tgz",
+      "integrity": "sha512-+PJEyndSCrsS2oLH3DfWoLBcF3xfeyGXtLnpXqHY01kL3TogyCLD12hNvSu73ww2KFftrx3Rd0nGOigbSkU3Hw==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.6.0",
diff --git a/package.json b/package.json
index c5ff835d69..bd3a5eb376 100644
--- a/package.json
+++ b/package.json
@@ -8,7 +8,7 @@
     "@citation-js/core": "0.7.21",
     "@citation-js/plugin-bibtex": "0.7.21",
     "@citation-js/plugin-software-formats": "0.6.2",
-    "@codemirror/autocomplete": "6.20.1",
+    "@codemirror/autocomplete": "6.20.2",
     "@codemirror/commands": "6.10.3",
     "@codemirror/lang-cpp": "6.0.3",
     "@codemirror/lang-css": "6.3.1",
@@ -29,7 +29,7 @@
     "@codemirror/language": "6.12.3",
     "@codemirror/search": "6.7.0",
     "@codemirror/state": "6.6.0",
-    "@codemirror/view": "6.41.1",
+    "@codemirror/view": "6.42.0",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.9.4",

From 0cdbef74f0d29e94040b5ad52053dd49cd70bc3b Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 10 May 2026 02:21:17 +0200
Subject: [PATCH 829/854] chore: PGP sign .well-known/security.txt [skip ci]
 (#12502)

Sign the distributed version of `.well-known/security.txt`, just like https://forgejo.org/.well-known/security.txt is signed.

```
$ gpg --verify ./security.txt
gpg: Signature made Sat 09 May 2026 05:59:29 PM MDT
gpg:                using EDDSA key 1B638BDF10969D627926B8D9F585D0F99E1FB56F
gpg: Good signature from "Forgejo Security <security@forgejo.org>" [unknown]
Primary key fingerprint: 1B63 8BDF 1096 9D62 7926  B8D9 F585 D0F9 9E1F B56F
```

In the future this signature will have to be updated before the key expires; but as the expiry is already documented in the file this isn't significantly different than the current state.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12502
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 public/.well-known/security.txt | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/public/.well-known/security.txt b/public/.well-known/security.txt
index 1e148b001f..d15de1abcc 100644
--- a/public/.well-known/security.txt
+++ b/public/.well-known/security.txt
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
 # This site is running a Forgejo instance.
 # Forgejo-related security problems should be reported to the Forgejo security team.
 # Security problems related to this instance should be reported to its administration.
@@ -6,3 +9,11 @@ Contact: mailto:security@forgejo.org
 Encryption: https://keys.openpgp.org/vks/v1/by-fingerprint/1B638BDF10969D627926B8D9F585D0F99E1FB56F
 Preferred-Languages: en
 Expires: 2027-06-09T23:59:59.000Z
+
+-----BEGIN PGP SIGNATURE-----
+
+iHUEARYKAB0WIQQbY4vfEJadYnkmuNn1hdD5nh+1bwUCaf/KYQAKCRD1hdD5nh+1
+b37sAPsF31EEYpvm21M88Kxjv/YOOJlP2xV94Q94JoYzh5iFqgD/X/1HHOBJHDvc
+YR0b3rrGDFxhSl32BOnHF0yuZO8Nugw=
+=sEiA
+-----END PGP SIGNATURE-----

From a4d623148ddeac655bebadb5327ce01ed5e79905 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Sun, 10 May 2026 03:02:17 +0200
Subject: [PATCH 830/854] Update dependency forgejo/release-notes-assistant to
 v1.7.0 (forgejo) (#12501)

---
 .forgejo/workflows/release-notes-assistant-milestones.yml | 2 +-
 .forgejo/workflows/release-notes-assistant.yml            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
index 8d7df5f18d..f075406335 100644
--- a/.forgejo/workflows/release-notes-assistant-milestones.yml
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -6,7 +6,7 @@ on:
 
 env:
   RNA_WORKDIR: /srv/rna
-  RNA_VERSION: v1.6.1 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.7.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
index 34d73624ec..e85f11b7f8 100644
--- a/.forgejo/workflows/release-notes-assistant.yml
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -8,7 +8,7 @@ on:
       - labeled
 
 env:
-  RNA_VERSION: v1.6.1 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
+  RNA_VERSION: v1.7.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
 
 jobs:
   release-notes:

From e5eb5f8e631c682309b25ec35cbe9110410c926d Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Sun, 10 May 2026 04:52:02 +0200
Subject: [PATCH 831/854] feat: allow Authorized Integrations to have multiple
 values for a claim match (#12482)

Adds new Authorized Integration claim comparison rules for "in a list" and "in a list of globs", which would be required to permit multiple Forgejo Action events to match a JWT (per [design work](https://codeberg.org/forgejo/forgejo/issues/3571#issuecomment-14510514), [comment](https://codeberg.org/forgejo/forgejo/issues/3571#issuecomment-14512185)).

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12482
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 ...in_user_generate_authorized_integration.go | 46 +++++++++++-
 models/auth/authorized_integration.go         | 11 ++-
 .../auth/method/authorized_integration.go     | 26 +++++++
 .../method/authorized_integration_test.go     | 73 +++++++++++++++++++
 4 files changed, 152 insertions(+), 4 deletions(-)

diff --git a/cmd/admin_user_generate_authorized_integration.go b/cmd/admin_user_generate_authorized_integration.go
index ca39ac1b6f..05d7bcc07a 100644
--- a/cmd/admin_user_generate_authorized_integration.go
+++ b/cmd/admin_user_generate_authorized_integration.go
@@ -31,6 +31,12 @@ user-defined rules, and grant access to Forgejo's API on behalf of a user.
 The issuer may be set to "urn:forgejo:authorized-integrations:actions"
 to support JWTs from the local instance's Forgejo Actions, utilizing the
 enable-openid-connect flag in a workflow.`,
+
+		// `--claim-in sub=v1,v2,v3` needs to be parsed as a single parameter so that we can comma-split the value into
+		// an array.  To accomplish this, we disable urfave 's slice flag separator, which would cause this to be
+		// treated as "sub=v1", "v2=?", and "v3=?", resulting in an error of missing values.
+		DisableSliceFlagSeparator: true,
+
 		Flags: []cli.Flag{
 			&cli.StringFlag{
 				Name:     "username",
@@ -59,11 +65,21 @@ enable-openid-connect flag in a workflow.`,
 				Value: map[string]string{},
 				Usage: `Zero-or-more claim equality checks, formatted as claim=value, example: "actor=someuser"`,
 			},
+			&cli.StringMapFlag{
+				Name:  "claim-in",
+				Value: map[string]string{},
+				Usage: `Zero-or-more claim equality in list checks, formatted as claim=value1,value2,... example: "actor=user1,user2"`,
+			},
 			&cli.StringMapFlag{
 				Name:  "claim-glob",
 				Value: map[string]string{},
 				Usage: `Zero-or-more claim glob checks, formatted as claim=value, example: "sub=repo:forgejo/*:pull_request"`,
 			},
+			&cli.StringMapFlag{
+				Name:  "claim-glob-in",
+				Value: map[string]string{},
+				Usage: `Zero-or-more claim glob in list checks, formatted as claim=va*ue1,va*ue2,... example: "sub=repo:*/*:pull_request,repo:*/*:refs:*"`,
+			},
 			// nested claim support omitted for now -- pretty complex for a CLI
 
 			// Permissions available on successful auth:
@@ -115,6 +131,17 @@ func runCreateAuthorizedIntegration(ctx context.Context, c *cli.Command) error {
 			Value:      value,
 		})
 	}
+	for claim, value := range c.StringMap("claim-in") {
+		values := []string{}
+		for s := range strings.SplitSeq(value, ",") {
+			values = append(values, strings.TrimSpace(s))
+		}
+		rules = append(rules, auth_model.ClaimRule{
+			Claim:      claim,
+			Comparison: auth_model.ClaimIn,
+			Values:     values,
+		})
+	}
 	for claim, value := range c.StringMap("claim-glob") {
 		rules = append(rules, auth_model.ClaimRule{
 			Claim:      claim,
@@ -122,6 +149,17 @@ func runCreateAuthorizedIntegration(ctx context.Context, c *cli.Command) error {
 			Value:      value,
 		})
 	}
+	for claim, value := range c.StringMap("claim-glob-in") {
+		values := []string{}
+		for s := range strings.SplitSeq(value, ",") {
+			values = append(values, strings.TrimSpace(s))
+		}
+		rules = append(rules, auth_model.ClaimRule{
+			Claim:      claim,
+			Comparison: auth_model.ClaimGlobIn,
+			Values:     values,
+		})
+	}
 	ai.ClaimRules = &auth_model.ClaimRules{Rules: rules}
 
 	scopes := strings.Join(c.StringSlice("scope"), ",")
@@ -179,7 +217,8 @@ func runCreateAuthorizedIntegration(ctx context.Context, c *cli.Command) error {
 		Description string                     `json:"description"`
 		Claim       string                     `json:"claim"`
 		Comparison  auth_model.ClaimComparison `json:"compare"`
-		Value       string                     `json:"value"`
+		Value       string                     `json:"value,omitempty"`
+		Values      []string                   `json:"values,omitempty"`
 	}
 	output := struct {
 		Message     string                 `json:"message"`
@@ -200,14 +239,19 @@ func runCreateAuthorizedIntegration(ctx context.Context, c *cli.Command) error {
 		switch cr.Comparison {
 		case auth_model.ClaimEqual:
 			description = fmt.Sprintf("%q = %q", cr.Claim, cr.Value)
+		case auth_model.ClaimIn:
+			description = fmt.Sprintf("%q in %q", cr.Claim, cr.Values)
 		case auth_model.ClaimGlob:
 			description = fmt.Sprintf("%q matches %q", cr.Claim, cr.Value)
+		case auth_model.ClaimGlobIn:
+			description = fmt.Sprintf("%q matches in %q", cr.Claim, cr.Values)
 		}
 		output.ClaimRules = append(output.ClaimRules, ClaimRuleDescription{
 			Description: description,
 			Claim:       cr.Claim,
 			Comparison:  cr.Comparison,
 			Value:       cr.Value,
+			Values:      cr.Values,
 		})
 	}
 
diff --git a/models/auth/authorized_integration.go b/models/auth/authorized_integration.go
index ca5e103146..61f0725efb 100644
--- a/models/auth/authorized_integration.go
+++ b/models/auth/authorized_integration.go
@@ -111,6 +111,9 @@ type ClaimRule struct {
 	// For Comparison of ClaimEqual or ClaimGlob, the specific value or glob to match against
 	Value string `json:"value,omitempty"`
 
+	// For Comparison of ClaimIn or ClaimGlobIn, an array of values to match against
+	Values []string `json:"values,omitempty"`
+
 	// For ClaimNested, the rules to apply to the nested object
 	Nested *ClaimRules `json:"nested,omitempty"`
 }
@@ -118,9 +121,11 @@ type ClaimRule struct {
 type ClaimComparison string
 
 const (
-	ClaimEqual  ClaimComparison = "eq"   // exactly equal claim
-	ClaimGlob   ClaimComparison = "glob" // glob match complete claim string
-	ClaimNested ClaimComparison = "nest" // recurse into a claim that is an map[string]any with it's own data fields
+	ClaimEqual  ClaimComparison = "eq"      // exactly equal claim
+	ClaimIn     ClaimComparison = "in"      // exactly equal any of the options in a list
+	ClaimGlob   ClaimComparison = "glob"    // glob match complete claim string
+	ClaimGlobIn ClaimComparison = "glob-in" // glob match any of the options in a list
+	ClaimNested ClaimComparison = "nest"    // recurse into a claim that is an map[string]any with it's own data fields
 )
 
 func GetAuthorizedIntegration(ctx context.Context, issuer, audience string) (*AuthorizedIntegration, error) {
diff --git a/services/auth/method/authorized_integration.go b/services/auth/method/authorized_integration.go
index 7c24c3c8c3..d9fb0c10cc 100644
--- a/services/auth/method/authorized_integration.go
+++ b/services/auth/method/authorized_integration.go
@@ -460,6 +460,13 @@ func (a *AuthorizedIntegration) checkClaims(incomingClaims any, stored *auth_mod
 			} else if lhsStr != rule.Value {
 				return fmt.Errorf("claim %q must be %q, but was %q", rule.Claim, rule.Value, lhsStr)
 			}
+		case auth_model.ClaimIn:
+			lhsStr, ok := lhs.(string)
+			if !ok {
+				return fmt.Errorf("claim %q must be a string, but was %T", rule.Claim, lhs)
+			} else if !slices.Contains(rule.Values, lhsStr) {
+				return fmt.Errorf("claim %q must be one of %q, but was %q", rule.Claim, rule.Values, lhsStr)
+			}
 		case auth_model.ClaimGlob:
 			lhsStr, ok := lhs.(string)
 			if !ok {
@@ -472,6 +479,25 @@ func (a *AuthorizedIntegration) checkClaims(incomingClaims any, stored *auth_mod
 			if !r.Match(lhsStr) {
 				return fmt.Errorf("claim %q must match glob %q, but value %q did not match", rule.Claim, rule.Value, lhsStr)
 			}
+		case auth_model.ClaimGlobIn:
+			lhsStr, ok := lhs.(string)
+			if !ok {
+				return fmt.Errorf("claim %q must be a string, but was %T", rule.Claim, lhs)
+			}
+			matched := false
+			for _, g := range rule.Values {
+				r, err := glob.Compile(g)
+				if err != nil {
+					return fmt.Errorf("unable to parse glob for claim rule on %q; glob = %q, err = %w", rule.Claim, g, err)
+				}
+				if r.Match(lhsStr) {
+					matched = true
+					break
+				}
+			}
+			if !matched {
+				return fmt.Errorf("claim %q must glob match one of %q, but value %q did not match", rule.Claim, rule.Values, lhsStr)
+			}
 		case auth_model.ClaimNested:
 			lhsMap, ok := lhs.(map[string]any)
 			if !ok {
diff --git a/services/auth/method/authorized_integration_test.go b/services/auth/method/authorized_integration_test.go
index 6bce1259c2..7ffd686e9b 100644
--- a/services/auth/method/authorized_integration_test.go
+++ b/services/auth/method/authorized_integration_test.go
@@ -42,6 +42,13 @@ func TestCheckClaims(t *testing.T) {
 			Value:      value,
 		}
 	}
+	in := func(claim string, values []string) auth_model.ClaimRule {
+		return auth_model.ClaimRule{
+			Claim:      claim,
+			Comparison: auth_model.ClaimIn,
+			Values:     values,
+		}
+	}
 	glob := func(claim, value string) auth_model.ClaimRule {
 		return auth_model.ClaimRule{
 			Claim:      claim,
@@ -49,6 +56,13 @@ func TestCheckClaims(t *testing.T) {
 			Value:      value,
 		}
 	}
+	globIn := func(claim string, values []string) auth_model.ClaimRule {
+		return auth_model.ClaimRule{
+			Claim:      claim,
+			Comparison: auth_model.ClaimGlobIn,
+			Values:     values,
+		}
+	}
 	nest := func(claim string, inner ...auth_model.ClaimRule) auth_model.ClaimRule {
 		return auth_model.ClaimRule{
 			Claim:      claim,
@@ -161,6 +175,32 @@ func TestCheckClaims(t *testing.T) {
 		require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"arbitrary\" must be a string, but was int")
 	})
 
+	t.Run("comparison ClaimIn", func(t *testing.T) {
+		c := map[string]any{}
+		rules := rules(in("arbitrary", []string{"abc", "def"}))
+
+		c["arbitrary"] = "abc"
+		require.NoError(t, ai.checkClaims(c, rules))
+		c["arbitrary"] = "def"
+		require.NoError(t, ai.checkClaims(c, rules))
+
+		c["arbitrary"] = "123"
+		require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"arbitrary\" must be one of [\"abc\" \"def\"], but was \"123\"")
+
+		c["arbitrary"] = 123
+		require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"arbitrary\" must be a string, but was int")
+	})
+
+	t.Run("comparison ClaimIn empty", func(t *testing.T) {
+		c := map[string]any{}
+		rules := rules(in("arbitrary", []string{}))
+
+		require.ErrorContains(t, ai.checkClaims(c, rules), "claim rule on \"arbitrary\" couldn't be satisfied: claim not found")
+
+		c["arbitrary"] = "abc"
+		require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"arbitrary\" must be one of [], but was \"abc\"")
+	})
+
 	t.Run("comparison ClaimGlob", func(t *testing.T) {
 		c := map[string]any{}
 		r := rules(glob("arbitrary", "*c"))
@@ -182,6 +222,39 @@ func TestCheckClaims(t *testing.T) {
 		require.ErrorContains(t, ai.checkClaims(c, r), "unable to parse glob for claim rule on \"arbitrary\"; glob = \"[abc\", err = unexpected end of input")
 	})
 
+	t.Run("comparison ClaimGlobIn", func(t *testing.T) {
+		c := map[string]any{}
+		r := rules(globIn("arbitrary", []string{"*c", "*def*"}))
+
+		c["arbitrary"] = "abc"
+		require.NoError(t, ai.checkClaims(c, r))
+		c["arbitrary"] = "abcdef"
+		require.NoError(t, ai.checkClaims(c, r))
+
+		c["arbitrary"] = "123"
+		require.ErrorContains(t, ai.checkClaims(c, r), "claim \"arbitrary\" must glob match one of [\"*c\" \"*def*\"], but value \"123\" did not match")
+
+		c["arbitrary"] = "this string contains a c or two but doesn't end with one" // ensure glob isn't OK w/ a partial match
+		require.ErrorContains(t, ai.checkClaims(c, r), "claim \"arbitrary\" must glob match one of [\"*c\" \"*def*\"], but value \"this string contains a c or two but doesn't end with one\" did not match")
+
+		c["arbitrary"] = 123
+		require.ErrorContains(t, ai.checkClaims(c, r), "claim \"arbitrary\" must be a string, but was int")
+
+		r = rules(globIn("arbitrary", []string{"[abc"}))
+		c["arbitrary"] = "abc"
+		require.ErrorContains(t, ai.checkClaims(c, r), "unable to parse glob for claim rule on \"arbitrary\"; glob = \"[abc\", err = unexpected end of input")
+	})
+
+	t.Run("comparison ClaimGlobIn empty", func(t *testing.T) {
+		c := map[string]any{}
+		rules := rules(globIn("arbitrary", []string{}))
+
+		require.ErrorContains(t, ai.checkClaims(c, rules), "claim rule on \"arbitrary\" couldn't be satisfied: claim not found")
+
+		c["arbitrary"] = "abc"
+		require.ErrorContains(t, ai.checkClaims(c, rules), "claim \"arbitrary\" must glob match one of [], but value \"abc\" did not match")
+	})
+
 	t.Run("comparison ClaimNested", func(t *testing.T) {
 		c := map[string]any{}
 		r := rules(nest("nest", eq("arbitrary", "abc")))

From a8cae6d511d3277ca2d766fad6a6168d69017b03 Mon Sep 17 00:00:00 2001
From: moritzdietz <moritzdietz@noreply.codeberg.org>
Date: Sun, 10 May 2026 21:42:21 +0200
Subject: [PATCH 832/854] fix: Disable spellcheck on repo name field (#12506)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fairly new to Forgejo but I just ran into this when trying to create a couple repositories.
I noticed that the input field for the repository name in several areas of the UI is prone to have annoying auto-capitalization, spellchecking and other browser features which try to correct the user input.

I as a user would like to not have the browser interfere with my input especially in dialogs where I want to have something "custom".
For fields where the repo name is used to validate an action (Danger Zone) this is even more frustrating.

So, to me, this is a quality of live improvement fix.

I checked the docs for these three attributes and none of them seem to have a negative side effect for the user:

1. https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Global_attributes/autocorrect
2. https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Global_attributes/autocapitalize
3. https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Global_attributes/spellcheck

## List of URLs where this applies:
1. `/repo/migrate`
2. `/repo/create`
3. `/<user>/<repo slug>/settings`
4. In general things in the "Danger zone" section where the repo name is used to validate the action
5. …

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12506
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
---
 templates/org/team/repositories.tmpl  |  2 +-
 templates/repo/create_basic.tmpl      |  2 +-
 templates/repo/migrate/codebase.tmpl  |  2 +-
 templates/repo/migrate/git.tmpl       |  2 +-
 templates/repo/migrate/gitbucket.tmpl |  2 +-
 templates/repo/migrate/gitea.tmpl     |  2 +-
 templates/repo/migrate/github.tmpl    |  2 +-
 templates/repo/migrate/gitlab.tmpl    |  2 +-
 templates/repo/migrate/gogs.tmpl      |  2 +-
 templates/repo/migrate/migrating.tmpl |  2 +-
 templates/repo/migrate/onedev.tmpl    |  2 +-
 templates/repo/migrate/pagure.tmpl    |  2 +-
 templates/repo/pulls/fork.tmpl        |  2 +-
 templates/repo/settings/options.tmpl  | 14 +++++++-------
 14 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/templates/org/team/repositories.tmpl b/templates/org/team/repositories.tmpl
index f0f6eef0d1..782e8ca004 100644
--- a/templates/org/team/repositories.tmpl
+++ b/templates/org/team/repositories.tmpl
@@ -13,7 +13,7 @@
 						<form class="ui form ignore-dirty tw-flex-1 tw-flex" action="{{$.OrgLink}}/teams/{{$.Team.LowerName | PathEscape}}/action/repo/add" method="post">
 							<div id="search-repo-box" data-uid="{{.Org.ID}}" class="ui search">
 								<div class="ui input">
-									<input class="prompt" name="repo_name" placeholder="{{ctx.Locale.Tr "search.repo_kind"}}" autocomplete="off" required>
+									<input class="prompt" name="repo_name" placeholder="{{ctx.Locale.Tr "search.repo_kind"}}" autocomplete="off" autocorrect="off" autocapitalize="none" spellcheck="false" required>
 								</div>
 							</div>
 							<button class="ui primary button tw-ml-2">{{ctx.Locale.Tr "add"}}</button>
diff --git a/templates/repo/create_basic.tmpl b/templates/repo/create_basic.tmpl
index 90545c2769..72024f19c9 100644
--- a/templates/repo/create_basic.tmpl
+++ b/templates/repo/create_basic.tmpl
@@ -35,7 +35,7 @@
 </label>
 <label {{if .Err_RepoName}}class="field error"{{end}}>
 	{{ctx.Locale.Tr "repo.repo_name"}}
-	<input name="repo_name" value="{{.repo_name}}" required maxlength="100">
+	<input name="repo_name" value="{{.repo_name}}" required maxlength="100" autocorrect="off" autocapitalize="none" spellcheck="false">
 	<span class="help">{{ctx.Locale.Tr "repo.repo_name_helper"}}</span>
 </label>
 <label>
diff --git a/templates/repo/migrate/codebase.tmpl b/templates/repo/migrate/codebase.tmpl
index 037185b8a0..2a8bfff448 100644
--- a/templates/repo/migrate/codebase.tmpl
+++ b/templates/repo/migrate/codebase.tmpl
@@ -88,7 +88,7 @@
 
 					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
 						<label for="repo_name">{{ctx.Locale.Tr "repo.repo_name"}}</label>
-						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100">
+						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100" autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
diff --git a/templates/repo/migrate/git.tmpl b/templates/repo/migrate/git.tmpl
index fc0a569add..bf35a68d9e 100644
--- a/templates/repo/migrate/git.tmpl
+++ b/templates/repo/migrate/git.tmpl
@@ -56,7 +56,7 @@
 
 					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
 						<label for="repo_name">{{ctx.Locale.Tr "repo.repo_name"}}</label>
-						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100">
+						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100" autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
diff --git a/templates/repo/migrate/gitbucket.tmpl b/templates/repo/migrate/gitbucket.tmpl
index 33a14b678f..78db4a1100 100644
--- a/templates/repo/migrate/gitbucket.tmpl
+++ b/templates/repo/migrate/gitbucket.tmpl
@@ -104,7 +104,7 @@
 
 					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
 						<label for="repo_name">{{ctx.Locale.Tr "repo.repo_name"}}</label>
-						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100">
+						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100" autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
diff --git a/templates/repo/migrate/gitea.tmpl b/templates/repo/migrate/gitea.tmpl
index fd59124841..5fa2213763 100644
--- a/templates/repo/migrate/gitea.tmpl
+++ b/templates/repo/migrate/gitea.tmpl
@@ -100,7 +100,7 @@
 
 					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
 						<label for="repo_name">{{ctx.Locale.Tr "repo.repo_name"}}</label>
-						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100">
+						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100" autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
diff --git a/templates/repo/migrate/github.tmpl b/templates/repo/migrate/github.tmpl
index ab1be1f575..719f8c4d33 100644
--- a/templates/repo/migrate/github.tmpl
+++ b/templates/repo/migrate/github.tmpl
@@ -102,7 +102,7 @@
 
 					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
 						<label for="repo_name">{{ctx.Locale.Tr "repo.repo_name"}}</label>
-						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100">
+						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100" autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
diff --git a/templates/repo/migrate/gitlab.tmpl b/templates/repo/migrate/gitlab.tmpl
index a406091394..f945df3d52 100644
--- a/templates/repo/migrate/gitlab.tmpl
+++ b/templates/repo/migrate/gitlab.tmpl
@@ -99,7 +99,7 @@
 
 					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
 						<label for="repo_name">{{ctx.Locale.Tr "repo.repo_name"}}</label>
-						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100">
+						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100" autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
diff --git a/templates/repo/migrate/gogs.tmpl b/templates/repo/migrate/gogs.tmpl
index e70976c730..40a5969308 100644
--- a/templates/repo/migrate/gogs.tmpl
+++ b/templates/repo/migrate/gogs.tmpl
@@ -99,7 +99,7 @@
 
 					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
 						<label for="repo_name">{{ctx.Locale.Tr "repo.repo_name"}}</label>
-						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100">
+						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100" autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
diff --git a/templates/repo/migrate/migrating.tmpl b/templates/repo/migrate/migrating.tmpl
index baac203cb8..aec8c4dc68 100644
--- a/templates/repo/migrate/migrating.tmpl
+++ b/templates/repo/migrate/migrating.tmpl
@@ -74,7 +74,7 @@
 				</div>
 				<div class="required field">
 					<label for="repo_name_to_delete">{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-					<input id="repo_name_to_delete" name="repo_name" required>
+					<input id="repo_name_to_delete" name="repo_name" autocorrect="off" autocapitalize="none" spellcheck="false" required>
 				</div>
 			</div>
 			<div class="actions">
diff --git a/templates/repo/migrate/onedev.tmpl b/templates/repo/migrate/onedev.tmpl
index 377fbf2881..3846286429 100644
--- a/templates/repo/migrate/onedev.tmpl
+++ b/templates/repo/migrate/onedev.tmpl
@@ -88,7 +88,7 @@
 
 					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
 						<label for="repo_name">{{ctx.Locale.Tr "repo.repo_name"}}</label>
-						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100">
+						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100" autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
diff --git a/templates/repo/migrate/pagure.tmpl b/templates/repo/migrate/pagure.tmpl
index 6f48cbc7fe..261e289d51 100644
--- a/templates/repo/migrate/pagure.tmpl
+++ b/templates/repo/migrate/pagure.tmpl
@@ -22,7 +22,7 @@
 					</div>
 					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
 						<label for="repo_name">{{ctx.Locale.Tr "repo.repo_name"}}</label>
-						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100">
+						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required maxlength="100" autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 					{{template "repo/migrate/options" .}}
 					<div id="migrate_items">
diff --git a/templates/repo/pulls/fork.tmpl b/templates/repo/pulls/fork.tmpl
index 52e0a61222..262c1759ee 100644
--- a/templates/repo/pulls/fork.tmpl
+++ b/templates/repo/pulls/fork.tmpl
@@ -40,7 +40,7 @@
 					</div>
 					<div class="inline required field {{if .Err_RepoName}}error{{end}}">
 						<label for="repo_name">{{ctx.Locale.Tr "repo.repo_name"}}</label>
-						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required>
+						<input id="repo_name" name="repo_name" value="{{.repo_name}}" required autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 					<div class="inline field">
 						<label>{{ctx.Locale.Tr "repo.visibility"}}</label>
diff --git a/templates/repo/settings/options.tmpl b/templates/repo/settings/options.tmpl
index ae7c7311db..6c8e59622f 100644
--- a/templates/repo/settings/options.tmpl
+++ b/templates/repo/settings/options.tmpl
@@ -9,7 +9,7 @@
 				<input type="hidden" name="action" value="update">
 				<div class="required field {{if .Err_RepoName}}error{{end}}">
 					<label>{{ctx.Locale.Tr "repo.repo_name"}}</label>
-					<input name="repo_name" value="{{.Repository.Name}}" data-repo-name="{{.Repository.Name}}" autofocus required>
+					<input name="repo_name" value="{{.Repository.Name}}" data-repo-name="{{.Repository.Name}}" autofocus required autocorrect="off" autocapitalize="none" spellcheck="false">
 				</div>
 				<div class="inline field">
 					<label>{{ctx.Locale.Tr "repo.repo_size"}}</label>
@@ -578,7 +578,7 @@
 						</div>
 						<div class="required field">
 							<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-							<input name="repo_name" required maxlength="100">
+							<input name="repo_name" required maxlength="100" autocorrect="off" autocapitalize="none" spellcheck="false">
 						</div>
 					</div>
 					<div class="actions">
@@ -609,7 +609,7 @@
 						</div>
 						<div class="required field">
 							<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-							<input name="repo_name" required>
+							<input name="repo_name" required autocorrect="off" autocapitalize="none" spellcheck="false">
 						</div>
 					</div>
 					<div class="actions">
@@ -641,7 +641,7 @@
 					</div>
 					<div class="required field">
 						<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-						<input name="repo_name" required>
+						<input name="repo_name" required autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 					<div class="required field">
 						<label for="new_owner_name">{{ctx.Locale.Tr "repo.settings.transfer_owner"}}</label>
@@ -679,7 +679,7 @@
 					</div>
 					<div class="required field">
 						<label for="repo_name_to_delete">{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-						<input id="repo_name_to_delete" name="repo_name" required>
+						<input id="repo_name_to_delete" name="repo_name" autocorrect="off" autocapitalize="none" spellcheck="false" required>
 					</div>
 				</div>
 				<div class="actions">
@@ -711,7 +711,7 @@
 					</div>
 					<div class="required field">
 						<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-						<input name="repo_name" required>
+						<input name="repo_name" required autocorrect="off" autocapitalize="none" spellcheck="false">
 					</div>
 				</div>
 				<div class="actions">
@@ -744,7 +744,7 @@
 						</div>
 						<div class="required field">
 							<label>{{ctx.Locale.Tr "repo.settings.confirmation_string"}}</label>
-							<input name="repo_name" required>
+							<input name="repo_name" required autocorrect="off" autocapitalize="none" spellcheck="false">
 						</div>
 					</div>
 					<div class="actions">

From 6b75654cc2b7161c64c5c0633fe8b00a96b6bc35 Mon Sep 17 00:00:00 2001
From: Cameron Radmore <radmorecameron@gmail.com>
Date: Mon, 11 May 2026 00:20:45 +0200
Subject: [PATCH 833/854] chore: enforce RTL-friendly logical CSS properties
 with a linter (#12491)

Related issue: https://codeberg.org/forgejo/forgejo/issues/8581

This should be a nice first step towards RTL support. Future PRs can look at updating the tailwind classes, changing some of the icons (arrow left might need to become arrow right in some cases for example, and updating the template files)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12491
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
---
 package-lock.json                             |  11 +
 package.json                                  |   1 +
 stylelint.config.js                           |  11 +
 web_src/css/actions.css                       |  13 +-
 web_src/css/admin.css                         |   4 +-
 web_src/css/base.css                          |  77 ++---
 web_src/css/chroma/base.css                   |   4 +-
 web_src/css/codemirror/base.css               |   2 +-
 web_src/css/dashboard.css                     |  13 +-
 web_src/css/editor/combomarkdowneditor.css    |   6 +-
 web_src/css/editor/fileeditor.css             |   8 +-
 web_src/css/explore.css                       |   4 +-
 web_src/css/features/codeeditor.css           |   4 +-
 web_src/css/features/colorpicker.css          |   4 +-
 web_src/css/features/gitgraph.css             |  10 +-
 web_src/css/features/heatmap.css              |   6 +-
 web_src/css/features/imagediff.css            |  10 +-
 web_src/css/features/projects.css             |  14 +-
 web_src/css/features/tribute.css              |   4 +-
 web_src/css/form.css                          |  32 +-
 web_src/css/home.css                          |   8 +-
 web_src/css/install.css                       |  14 +-
 web_src/css/issues.css                        |   8 +-
 web_src/css/markup/codecopy.css               |   4 +-
 web_src/css/markup/content.css                |  54 +--
 web_src/css/markup/filepreview.css            |   2 +-
 web_src/css/modules/animations.css            |   2 +-
 web_src/css/modules/button-legacy.css         |  14 +-
 web_src/css/modules/button.css                |   2 +-
 web_src/css/modules/card.css                  |   8 +-
 web_src/css/modules/checkbox.css              |  14 +-
 web_src/css/modules/comment.css               |  10 +-
 web_src/css/modules/container.css             |  15 +-
 web_src/css/modules/dialog.css                |  14 +-
 web_src/css/modules/divider.css               |   4 +-
 web_src/css/modules/grid.css                  |  78 ++---
 web_src/css/modules/hashbox.css               |  14 +-
 web_src/css/modules/header.css                |  11 +-
 web_src/css/modules/input.css                 |  33 +-
 web_src/css/modules/label.css                 |   8 +-
 web_src/css/modules/list.css                  |  10 +-
 web_src/css/modules/message.css               |   5 +-
 web_src/css/modules/modal.css                 |  12 +-
 web_src/css/modules/navbar.css                |   8 +-
 web_src/css/modules/segment.css               |   9 +-
 web_src/css/modules/select.css                |   2 +-
 web_src/css/modules/switch.css                |  10 +-
 web_src/css/modules/table.css                 |  27 +-
 web_src/css/modules/tippy.css                 |   8 +-
 web_src/css/modules/toast.css                 |  16 +-
 web_src/css/modules/user-cards.css            |   2 +-
 web_src/css/org.css                           |  20 +-
 web_src/css/repo.css                          | 319 +++++++++---------
 web_src/css/repo/file-view.css                |   6 +-
 web_src/css/repo/issue-label.css              |   4 +-
 web_src/css/repo/issue-list.css               |  12 +-
 web_src/css/repo/linebutton.css               |   2 +-
 web_src/css/repo/list-header.css              |   5 +-
 web_src/css/repo/release-tag.css              |  25 +-
 web_src/css/repo/wiki.css                     |  10 +-
 web_src/css/review.css                        |  17 +-
 web_src/css/shared/repoorg.css                |   4 +-
 web_src/css/standalone/swagger.css            |   4 +-
 web_src/css/themes/theme-forgejo-dark.css     |   2 +-
 web_src/css/themes/theme-forgejo-light.css    |   2 +-
 web_src/css/user.css                          |   2 +-
 web_src/js/components/ActionJobStep.vue       |  10 +-
 web_src/js/components/DashboardRepoList.vue   |  10 +-
 web_src/js/components/DiffCommitSelector.vue  |   2 +-
 web_src/js/components/DiffFileTree.vue        |   2 +-
 web_src/js/components/DiffFileTreeItem.vue    |   6 +-
 .../js/components/PullRequestMergeForm.vue    |   9 +-
 web_src/js/components/RepoActionView.vue      |  14 +-
 .../js/components/RepoBranchTagSelector.vue   |   4 +-
 74 files changed, 556 insertions(+), 599 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 5cc3fc5137..35fe4a8bbc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -116,6 +116,7 @@
         "stylelint": "16.26.1",
         "stylelint-declaration-block-no-ignored-properties": "2.8.0",
         "stylelint-declaration-strict-value": "1.11.1",
+        "stylelint-plugin-logical-css": "2.1.0",
         "stylelint-value-no-unknown-custom-properties": "6.1.1",
         "svgo": "4.0.1",
         "typescript": "5.9.3",
@@ -14758,6 +14759,16 @@
         "stylelint": ">=16 <=17"
       }
     },
+    "node_modules/stylelint-plugin-logical-css": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/stylelint-plugin-logical-css/-/stylelint-plugin-logical-css-2.1.0.tgz",
+      "integrity": "sha512-625OT+p5y2kkGBaRV7uTYscuH0m1UueMXh0WcidrXgwF2DOnKov+un9tvuyNG+SUC07W0ibcn+fZvQs/keskww==",
+      "dev": true,
+      "license": "MIT",
+      "peerDependencies": {
+        "stylelint": "^14.0.0 || ^15.0.0 || ^16.0.0 || ^17.0.0"
+      }
+    },
     "node_modules/stylelint-value-no-unknown-custom-properties": {
       "version": "6.1.1",
       "resolved": "https://registry.npmjs.org/stylelint-value-no-unknown-custom-properties/-/stylelint-value-no-unknown-custom-properties-6.1.1.tgz",
diff --git a/package.json b/package.json
index bd3a5eb376..6b83ddb0c3 100644
--- a/package.json
+++ b/package.json
@@ -115,6 +115,7 @@
     "stylelint": "16.26.1",
     "stylelint-declaration-block-no-ignored-properties": "2.8.0",
     "stylelint-declaration-strict-value": "1.11.1",
+    "stylelint-plugin-logical-css": "2.1.0",
     "stylelint-value-no-unknown-custom-properties": "6.1.1",
     "svgo": "4.0.1",
     "typescript": "5.9.3",
diff --git a/stylelint.config.js b/stylelint.config.js
index 18f9af68b7..b7cc162669 100644
--- a/stylelint.config.js
+++ b/stylelint.config.js
@@ -11,6 +11,7 @@ export default {
   plugins: [
     'stylelint-declaration-strict-value',
     'stylelint-declaration-block-no-ignored-properties',
+    'stylelint-plugin-logical-css',
     'stylelint-value-no-unknown-custom-properties',
     '@stylistic/stylelint-plugin',
   ],
@@ -173,6 +174,16 @@ export default {
     'keyframe-selector-notation': null,
     'keyframes-name-pattern': null,
     'length-zero-no-unit': [true, {ignore: ['custom-properties']}, {ignoreFunctions: ['var']}],
+    'logical-css/require-logical-keywords': true,
+    'logical-css/require-logical-properties': [true, {
+      fix: true,
+      ignore: [ // ignore properties not related to RTL support
+        'height', 'min-height', 'max-height', 'width', 'min-width', 'max-width', 'top', 'bottom',
+        'margin-bottom', 'margin-top', 'padding-bottom', 'padding-top',
+        'border-top', 'border-top-style', 'border-top-width', 'border-bottom', 'border-bottom-style', 'border-bottom-width',
+        'scroll-margin-top', 'scroll-margin-bottom', 'scroll-padding-top', 'scroll-padding-bottom'],
+      severity: 'error',
+    }],
     'max-nesting-depth': null,
     'media-feature-name-allowed-list': null,
     'media-feature-name-disallowed-list': null,
diff --git a/web_src/css/actions.css b/web_src/css/actions.css
index cb96bdeac6..82149378b9 100644
--- a/web_src/css/actions.css
+++ b/web_src/css/actions.css
@@ -3,11 +3,11 @@
 }
 
 .runner-container .ui.table.segment {
-  overflow-x: auto;
+  overflow-inline: auto;
 }
 
 .runner-container .runner-ops > a {
-  margin-left: 0.5em;
+  margin-inline-start: 0.5em;
 }
 
 .runner-container .runner-ops-delete {
@@ -124,7 +124,7 @@
   flex: none;
   font-weight: var(--font-weight-medium);
   width: 12rem;
-  padding-right: 1.5rem;
+  padding-inline-end: 1.5rem;
 }
 
 .runner-container dl dd {
@@ -178,12 +178,11 @@
 }
 #workflow_dispatch_dropdown .menu {
   max-height: 500px;
-  overflow-x: auto;
+  overflow-inline: auto;
 }
 @media (max-width: 640px) or (767.98px < width < 854px) {
   #workflow_dispatch_dropdown .menu {
-    left: auto;
-    right: 0;
+    inset-inline: auto 0;
   }
 }
 
@@ -210,7 +209,7 @@
 .ui.vertical.menu.actions-menu .item .error {
   display: flex;
   align-items: center;
-  margin-left: 1rem;
+  margin-inline-start: 1rem;
 }
 
 .ui.vertical.menu.actions-menu .item .label {
diff --git a/web_src/css/admin.css b/web_src/css/admin.css
index 873b1bf91e..1c041dd6f0 100644
--- a/web_src/css/admin.css
+++ b/web_src/css/admin.css
@@ -24,7 +24,7 @@
 }
 
 .admin dl.admin-dl-horizontal dd {
-  margin-left: auto;
+  margin-inline-start: auto;
   width: calc(100% - 300px - 1em);
   min-width: 100px;
 }
@@ -36,7 +36,7 @@
 }
 
 .admin .ui.table.segment {
-  overflow-x: auto; /* if the screen width is small, many wide tables (eg: user list) need scroll bars */
+  overflow-inline: auto; /* if the screen width is small, many wide tables (eg: user list) need scroll bars */
 }
 
 .admin .table th {
diff --git a/web_src/css/base.css b/web_src/css/base.css
index 0ac81dca26..0f1b122fa6 100644
--- a/web_src/css/base.css
+++ b/web_src/css/base.css
@@ -74,7 +74,7 @@ body {
   tab-size: var(--tab-size);
   display: flex;
   flex-direction: column;
-  overflow-x: visible;
+  overflow-inline: visible;
   overflow-wrap: break-word;
   text-autospace: normal;
   text-spacing-trim: normal;
@@ -390,7 +390,7 @@ a.label,
 }
 
 .ui.menu .item > .svg {
-  margin-right: 0.35em;
+  margin-inline-end: 0.35em;
 }
 
 .ui.menu .dropdown.item:hover,
@@ -479,7 +479,7 @@ a.label,
   margin-bottom: -0.25rem;
 }
 .ui.dropdown .menu > .item > svg {
-  margin-right: .78rem; /* use the same margin as for <img> */
+  margin-inline-end: .78rem; /* use the same margin as for <img> */
 }
 
 .ui.selection.dropdown .menu > .item {
@@ -508,9 +508,8 @@ a.label,
 
 /* extend fomantic style '.ui.dropdown > .text > img' to include svg.img */
 .ui.dropdown > .text > .img {
-  margin-left: 0;
+  margin-inline: 0 0.78571429rem;
   float: none;
-  margin-right: 0.78571429rem;
 }
 
 .ui.dropdown > .text > .description,
@@ -521,13 +520,11 @@ a.label,
 /* replace item margin on secondary menu items with gap and remove both the
    negative margins on the menu as well as margin on the items */
 .ui.secondary.menu {
-  margin-left: 0;
-  margin-right: 0;
+  margin-inline: 0;
   gap: .35714286em;
 }
 .ui.secondary.menu .item {
-  margin-left: 0;
-  margin-right: 0;
+  margin-inline: 0;
 }
 
 .ui.secondary.menu .dropdown.item:hover,
@@ -769,15 +766,15 @@ img.ui.avatar,
 }
 
 .ui .text.left {
-  text-align: left !important;
+  text-align: start !important;
 }
 
 .ui .text.right {
-  text-align: right !important;
+  text-align: end !important;
 }
 
 .ui .text.truncate {
-  overflow-x: hidden;
+  overflow-inline: hidden;
   text-overflow: ellipsis;
   white-space: nowrap;
   display: inline-block;
@@ -788,14 +785,13 @@ img.ui.avatar,
 }
 
 .ui .message > ul {
-  margin-left: auto;
-  margin-right: auto;
+  margin-inline: auto;
   display: table;
-  text-align: left;
+  text-align: start;
 }
 
 .ui .header > i + .content {
-  padding-left: 0.75rem;
+  padding-inline-start: 0.75rem;
   vertical-align: middle;
 }
 
@@ -808,7 +804,7 @@ img.ui.avatar,
 }
 
 .ui .form .sub.field {
-  margin-left: 25px;
+  margin-inline-start: 25px;
 }
 
 .ui .button.truncate {
@@ -818,11 +814,11 @@ img.ui.avatar,
   text-overflow: ellipsis;
   vertical-align: top;
   white-space: nowrap;
-  margin-right: 6px;
+  margin-inline-end: 6px;
 }
 
 .ui.status.buttons .svg {
-  margin-right: 4px;
+  margin-inline-end: 4px;
 }
 
 .ui.inline.delete-button {
@@ -902,14 +898,13 @@ img.ui.avatar,
 }
 
 .ui.pagination.menu.narrow .item {
-  padding-left: 8px;
-  padding-right: 8px;
+  padding-inline: 8px;
   min-width: 1em;
   text-align: center;
 }
 
 .ui.pagination.menu.narrow .item .icon {
-  margin-right: 0;
+  margin-inline-end: 0;
 }
 
 .ui.floating.dropdown .overflow.menu .scrolling.menu.items {
@@ -933,7 +928,7 @@ img.ui.avatar,
 
 .color-preview {
   display: inline-block;
-  margin-left: 0.4em;
+  margin-inline-start: 0.4em;
   height: 0.67em;
   width: 0.67em;
   border-radius: var(--border-radius);
@@ -949,35 +944,35 @@ img.ui.avatar,
 }
 
 blockquote.attention-note {
-  border-left-color: var(--color-blue-dark-1);
+  border-inline-start-color: var(--color-blue-dark-1);
 }
 strong.attention-note, svg.attention-note {
   color: var(--color-blue-dark-1);
 }
 
 blockquote.attention-tip {
-  border-left-color: var(--color-success-text);
+  border-inline-start-color: var(--color-success-text);
 }
 strong.attention-tip, svg.attention-tip {
   color: var(--color-success-text);
 }
 
 blockquote.attention-important {
-  border-left-color: var(--color-violet-dark-1);
+  border-inline-start-color: var(--color-violet-dark-1);
 }
 strong.attention-important, svg.attention-important {
   color: var(--color-violet-dark-1);
 }
 
 blockquote.attention-warning {
-  border-left-color: var(--color-warning-text);
+  border-inline-start-color: var(--color-warning-text);
 }
 strong.attention-warning, svg.attention-warning {
   color: var(--color-warning-text);
 }
 
 blockquote.attention-caution {
-  border-left-color: var(--color-red-dark-1);
+  border-inline-start-color: var(--color-red-dark-1);
 }
 strong.attention-caution, svg.attention-caution {
   color: var(--color-red-dark-1);
@@ -990,7 +985,7 @@ strong.attention-caution, svg.attention-caution {
 overflow-menu {
   border-bottom: 1px solid var(--color-secondary) !important;
   display: flex;
-  overflow-x: auto;
+  overflow-inline: auto;
 }
 
 overflow-menu .overflow-menu-items {
@@ -1008,7 +1003,7 @@ overflow-menu .overflow-menu-items .item > .svg {
 }
 
 overflow-menu .ui.label {
-  margin-left: 7px !important; /* save some space */
+  margin-inline-start: 7px !important; /* save some space */
 }
 
 .activity-bar-graph {
@@ -1058,7 +1053,7 @@ overflow-menu .ui.label {
 
 .lines-num {
   padding: 0 8px;
-  text-align: right !important;
+  text-align: end !important;
   color: var(--color-text-light-2);
   width: 1%;
   font-family: var(--fonts-monospace);
@@ -1105,7 +1100,7 @@ overflow-menu .ui.label {
 .lines-code ol li {
   display: block;
   width: calc(100% - 1ch);
-  padding-left: 1ch;
+  padding-inline-start: 1ch;
 }
 
 .code-inner {
@@ -1156,7 +1151,7 @@ overflow-menu .ui.label {
 .blame-avatar {
   display: flex;
   align-items: center;
-  margin-right: 4px;
+  margin-inline-end: 4px;
 }
 
 .top-line-blame {
@@ -1201,7 +1196,7 @@ table th[data-sortt-desc]:hover {
 
 table th[data-sortt-asc] .svg,
 table th[data-sortt-desc] .svg {
-  margin-left: 0.25rem;
+  margin-inline-start: 0.25rem;
 }
 
 .ui.dropdown .menu .item {
@@ -1291,7 +1286,7 @@ table th[data-sortt-desc] .svg {
 .flash-error details code,
 .flash-warning details code {
   display: block;
-  text-align: left;
+  text-align: start;
 }
 
 .truncated-item-container {
@@ -1320,7 +1315,7 @@ table th[data-sortt-desc] .svg {
   display: flex;
   flex-direction: column;
   justify-content: center;
-  margin-left: 1em;
+  margin-inline-start: 1em;
 }
 
 .precolors .color {
@@ -1341,13 +1336,13 @@ table th[data-sortt-desc] .svg {
 
 .ui.dropdown.mini.button,
 .ui.dropdown.tiny.button {
-  padding-right: 20px;
+  padding-inline-end: 20px;
 }
 .ui.dropdown.button {
-  padding-right: 22px;
+  padding-inline-end: 22px;
 }
 .ui.dropdown.large.button {
-  padding-right: 24px;
+  padding-inline-end: 24px;
 }
 
 /* Gitea uses SVG images instead of Fomantic builtin "<i>" font icons, so we need to reset the icon styles */
@@ -1370,11 +1365,11 @@ table th[data-sortt-desc] .svg {
 }
 
 .ui.ui.dropdown > .dropdown.icon {
-  right: 0.5em;
+  inset-inline-end: 0.5em;
 }
 
 .ui.ui.dropdown > .remove.icon {
-  right: 2em;
+  inset-inline-end: 2em;
 }
 
 .btn,
diff --git a/web_src/css/chroma/base.css b/web_src/css/chroma/base.css
index bce13332f8..deac36063b 100644
--- a/web_src/css/chroma/base.css
+++ b/web_src/css/chroma/base.css
@@ -25,13 +25,13 @@
 
 /* LineNumbersTable */
 .chroma .lnt {
-  margin-right: 0.4em;
+  margin-inline-end: 0.4em;
   padding: 0 0.4em;
 }
 
 /* LineNumbers */
 .chroma .ln {
-  margin-right: 0.4em;
+  margin-inline-end: 0.4em;
   padding: 0 0.4em;
 }
 
diff --git a/web_src/css/codemirror/base.css b/web_src/css/codemirror/base.css
index aedf7d8560..556639e71f 100644
--- a/web_src/css/codemirror/base.css
+++ b/web_src/css/codemirror/base.css
@@ -15,7 +15,7 @@
 }
 
 .EasyMDEContainer .CodeMirror.CodeMirror-fullscreen.CodeMirror-focused {
-  border-right: 1px solid var(--color-primary) !important;
+  border-inline-end: 1px solid var(--color-primary) !important;
 }
 
 .CodeMirror-cursor {
diff --git a/web_src/css/dashboard.css b/web_src/css/dashboard.css
index 9c81ccc38a..44f56efaf9 100644
--- a/web_src/css/dashboard.css
+++ b/web_src/css/dashboard.css
@@ -17,7 +17,7 @@
 
 .dashboard.feeds .filter.menu .item,
 .dashboard.issues .filter.menu .item {
-  text-align: left;
+  text-align: start;
   display: flex;
   align-items: center;
   justify-content: space-between;
@@ -32,15 +32,14 @@
 .dashboard.feeds .filter.menu .jump.item,
 .dashboard.issues .filter.menu .jump.item {
   margin: 1px;
-  padding-right: 0;
+  padding-inline-end: 0;
 }
 
 .dashboard.feeds .filter.menu .menu,
 .dashboard.issues .filter.menu .menu {
   max-height: 300px;
-  overflow-x: auto;
-  right: 0 !important;
-  left: auto !important;
+  overflow-inline: auto;
+  inset-inline: auto 0 !important;
 }
 
 @media (max-width: 767.98px) {
@@ -64,11 +63,11 @@
 }
 
 .dashboard .secondary-nav .right.menu div.item {
-  padding-left: 0.5rem;
+  padding-inline-start: 0.5rem;
 }
 
 .dashboard .secondary-nav .org-visibility .label {
-  margin-left: 5px;
+  margin-inline-start: 5px;
 }
 
 .dashboard .secondary-nav .ui.dropdown {
diff --git a/web_src/css/editor/combomarkdowneditor.css b/web_src/css/editor/combomarkdowneditor.css
index 77af4cb87b..2a1593b091 100644
--- a/web_src/css/editor/combomarkdowneditor.css
+++ b/web_src/css/editor/combomarkdowneditor.css
@@ -47,7 +47,7 @@
   display: block;
   width: 100%;
   max-height: calc(100vh - var(--min-height-textarea));
-  resize: vertical;
+  resize: block;
 }
 
 .combo-markdown-editor .CodeMirror-scroll {
@@ -127,7 +127,7 @@ text-expander .suggestions li:hover {
 
 text-expander .suggestions .fullname {
   font-weight: var(--font-weight-normal);
-  margin-left: 4px;
+  margin-inline-start: 4px;
   color: var(--color-text-light-1);
 }
 
@@ -140,5 +140,5 @@ text-expander .suggestions li[aria-selected="true"] span {
 text-expander .suggestions img {
   width: 24px;
   height: 24px;
-  margin-right: 8px;
+  margin-inline-end: 8px;
 }
diff --git a/web_src/css/editor/fileeditor.css b/web_src/css/editor/fileeditor.css
index 444ee8c7e7..287a4c7caa 100644
--- a/web_src/css/editor/fileeditor.css
+++ b/web_src/css/editor/fileeditor.css
@@ -7,8 +7,8 @@
 }
 
 .repository.file.editor .tab[data-tab="write"] .CodeMirror {
-  border-left: 0;
-  border-right: 0;
+  border-inline-start: 0;
+  border-inline-end: 0;
   border-bottom: 0;
 }
 
@@ -36,8 +36,8 @@
 }
 
 .editor-toolbar i.separator {
-  border-left: none;
-  border-right-color: var(--color-secondary);
+  border-inline-start: none;
+  border-inline-end-color: var(--color-secondary);
 }
 
 .editor-toolbar button:hover {
diff --git a/web_src/css/explore.css b/web_src/css/explore.css
index 5cdee823c0..0a09592eeb 100644
--- a/web_src/css/explore.css
+++ b/web_src/css/explore.css
@@ -5,7 +5,7 @@
 .explore .secondary-nav .svg {
   width: 16px;
   text-align: center;
-  margin-right: 5px;
+  margin-inline-end: 5px;
 }
 
 .ui.repository.branches .info {
@@ -27,5 +27,5 @@
 
 /* fix alignment of PR popup in branches table */
 .ui.repository.branches table .ui.popup {
-  text-align: left;
+  text-align: start;
 }
diff --git a/web_src/css/features/codeeditor.css b/web_src/css/features/codeeditor.css
index afa6637654..9b45e4e669 100644
--- a/web_src/css/features/codeeditor.css
+++ b/web_src/css/features/codeeditor.css
@@ -16,7 +16,7 @@
   #editor-bar {
     gap: var(--button-spacing);
     .switch {
-      overflow-x: scroll;
+      overflow-inline: scroll;
     }
   }
 }
@@ -24,7 +24,7 @@
 .cm-panel.fj-search {
   position: absolute;
   top: 0;
-  right: 0;
+  inset-inline-end: 0;
   background-color: var(--color-body);
   box-shadow: 0 6px 18px var(--color-shadow);
   border-radius: 0.3rem;
diff --git a/web_src/css/features/colorpicker.css b/web_src/css/features/colorpicker.css
index b7436783df..30b6bc7cc2 100644
--- a/web_src/css/features/colorpicker.css
+++ b/web_src/css/features/colorpicker.css
@@ -6,14 +6,14 @@
 .js-color-picker-input input {
   padding-top: 8px !important;
   padding-bottom: 8px !important;
-  padding-left: 32px !important;
+  padding-inline-start: 32px !important;
 }
 
 .js-color-picker-input .preview-square {
   position: absolute;
   aspect-ratio: 1;
   height: 16px;
-  left: 10px;
+  inset-inline-start: 10px;
   top: 50%;
   transform: translateY(-50%);
   border-radius: 2px;
diff --git a/web_src/css/features/gitgraph.css b/web_src/css/features/gitgraph.css
index 9f44e884b7..1ba09118d8 100644
--- a/web_src/css/features/gitgraph.css
+++ b/web_src/css/features/gitgraph.css
@@ -1,5 +1,5 @@
 #git-graph-content {
-  overflow-x: auto;
+  overflow-inline: auto;
   width: 100%;
   min-height: 250px;
 }
@@ -25,7 +25,7 @@
   }
 
   #git-graph-heading-left {
-    margin-right: 1rem;
+    margin-inline-end: 1rem;
   }
 
   #git-graph-heading h2 {
@@ -102,8 +102,8 @@
 
 #git-graph-container #rel-container {
   max-width: 30%;
-  overflow-x: auto;
-  float: left;
+  overflow-inline: auto;
+  float: inline-start;
 }
 
 #git-graph-container #rev-list {
@@ -117,7 +117,7 @@
 
 #git-graph-container #rev-list .commit-refs .button {
   padding: 2px 4px;
-  margin-right: 0.25em;
+  margin-inline-end: 0.25em;
   display: inline-block;
   max-width: 200px;
   overflow: hidden;
diff --git a/web_src/css/features/heatmap.css b/web_src/css/features/heatmap.css
index c064590c46..f2b0609186 100644
--- a/web_src/css/features/heatmap.css
+++ b/web_src/css/features/heatmap.css
@@ -40,19 +40,19 @@
   font-size: 11px;
   position: absolute;
   bottom: 0;
-  left: 25px;
+  inset-inline-start: 25px;
 }
 
 @media (max-width: 1200px) {
   #user-heatmap .total-contributions {
-    left: 21px;
+    inset-inline-start: 21px;
   }
 }
 
 @media (max-width: 1000px) {
   #user-heatmap .total-contributions {
     font-size: 10px;
-    left: 17px;
+    inset-inline-start: 17px;
     bottom: -4px;
   }
 }
diff --git a/web_src/css/features/imagediff.css b/web_src/css/features/imagediff.css
index c8ead2ba4a..95ff384f19 100644
--- a/web_src/css/features/imagediff.css
+++ b/web_src/css/features/imagediff.css
@@ -54,28 +54,28 @@
 
 .image-diff-container .diff-swipe .swipe-frame .swipe-container {
   position: absolute;
-  right: 0;
+  inset-inline-end: 0;
   display: block;
-  border-left: 2px solid var(--color-secondary-dark-8);
+  border-inline-start: 2px solid var(--color-secondary-dark-8);
   height: 100%;
   overflow: hidden;
 }
 
 .image-diff-container .diff-swipe .swipe-frame .swipe-container .after-container {
   position: absolute;
-  right: 0;
+  inset-inline-end: 0;
 }
 
 .image-diff-container .diff-swipe .swipe-frame .swipe-bar {
   position: absolute;
   height: 100%;
   top: 0;
-  left: 0;
+  inset-inline-start: 0;
 }
 
 .image-diff-container .diff-swipe .swipe-frame .swipe-bar .handle {
   background: var(--color-secondary-dark-8);
-  left: -5px;
+  inset-inline-start: -5px;
   height: 12px;
   width: 12px;
   position: absolute;
diff --git a/web_src/css/features/projects.css b/web_src/css/features/projects.css
index 3a1808dfe3..939357d429 100644
--- a/web_src/css/features/projects.css
+++ b/web_src/css/features/projects.css
@@ -2,7 +2,7 @@
   display: flex;
   flex-direction: row;
   flex-wrap: nowrap;
-  overflow-x: auto;
+  overflow-inline: auto;
   margin: 0 0.5em;
 }
 
@@ -15,7 +15,7 @@
   width: 320px;
   height: calc(100vh - 450px);
   min-height: 60vh;
-  overflow-y: scroll;
+  overflow-block: scroll;
   flex: 0 0 auto;
   overflow: visible;
   display: flex;
@@ -57,7 +57,7 @@
   padding: 0 !important;
   flex-wrap: nowrap !important;
   flex-direction: column;
-  overflow-x: auto;
+  overflow-inline: auto;
   gap: .25rem;
 }
 
@@ -68,11 +68,11 @@
 }
 
 .project-column:first-child {
-  margin-left: auto !important;
+  margin-inline-start: auto !important;
 }
 
 .project-column:last-child {
-  margin-right: auto !important;
+  margin-inline-end: auto !important;
 }
 
 .card-attachment-images {
@@ -87,8 +87,8 @@
   display: inline-block;
   max-height: 50px;
   border-radius: var(--border-radius);
-  text-align: left;
-  margin-right: 2px;
+  text-align: start;
+  margin-inline-end: 2px;
   aspect-ratio: 1;
 }
 
diff --git a/web_src/css/features/tribute.css b/web_src/css/features/tribute.css
index bd843675e1..f18d2bfea2 100644
--- a/web_src/css/features/tribute.css
+++ b/web_src/css/features/tribute.css
@@ -17,7 +17,7 @@
 .tribute-container li span.fullname {
   font-weight: var(--font-weight-normal);
   font-size: 0.8rem;
-  margin-left: 3px;
+  margin-inline-start: 3px;
 }
 
 .tribute-container li.highlight,
@@ -33,7 +33,7 @@
 
 .tribute-item .emoji,
 .tribute-item img[src*="/avatar/"] {
-  margin-right: 0.5rem;
+  margin-inline-end: 0.5rem;
 }
 
 .tribute-container img {
diff --git a/web_src/css/form.css b/web_src/css/form.css
index 5263d61d5d..b870d3ec0a 100644
--- a/web_src/css/form.css
+++ b/web_src/css/form.css
@@ -47,7 +47,7 @@ fieldset label + .ui.dropdown {
 
 fieldset label > input[type="checkbox"],
 fieldset label > input[type="radio"] {
-  margin-right: 0.75em;
+  margin-inline-end: 0.75em;
   margin-top: 0 !important;
   vertical-align: initial !important; /* overrides a semantic.css rule, remove when obsolete */
 }
@@ -298,7 +298,7 @@ input:-webkit-autofill:active,
   .h-captcha-style {
     margin: 0 auto !important;
     width: 304px;
-    padding-left: 30px;
+    padding-inline-start: 30px;
   }
   .g-recaptcha-style iframe,
   .h-captcha-style iframe {
@@ -351,10 +351,10 @@ input:-webkit-autofill:active,
   .user.link-account form .header,
   .user.signin form .header,
   .user.signup form .header {
-    padding-left: 280px !important;
+    padding-inline-start: 280px !important;
   }
   .user.activate form .inline.field > label {
-    text-align: right;
+    text-align: end;
     width: 250px !important;
     word-wrap: break-word;
   }
@@ -364,7 +364,7 @@ input:-webkit-autofill:active,
   .user.link-account form .help,
   .user.signin form .help,
   .user.signup form .help {
-    margin-left: 265px !important;
+    margin-inline-start: 265px !important;
   }
   .user.activate form .optional .title,
   .user.forgot.password form .optional .title,
@@ -372,7 +372,7 @@ input:-webkit-autofill:active,
   .user.link-account form .optional .title,
   .user.signin form .optional .title,
   .user.signup form .optional .title {
-    margin-left: 250px !important;
+    margin-inline-start: 250px !important;
   }
 }
 
@@ -383,7 +383,7 @@ input:-webkit-autofill:active,
   .user.link-account form .optional .title,
   .user.signin form .optional .title,
   .user.signup form .optional .title {
-    margin-left: 15px;
+    margin-inline-start: 15px;
   }
   .user.activate form .inline.field > label,
   .user.forgot.password form .inline.field > label,
@@ -401,7 +401,7 @@ input:-webkit-autofill:active,
 .user.link-account form .header,
 .user.signin form .header,
 .user.signup form .header {
-  padding-left: 0 !important;
+  padding-inline-start: 0 !important;
   text-align: center;
 }
 
@@ -474,22 +474,22 @@ input:-webkit-autofill:active,
   .repository.new.repo form .header,
   .repository.new.migrate form .header,
   .repository.new.fork form .header {
-    padding-left: 280px !important;
+    padding-inline-start: 280px !important;
   }
   .repository.new.migrate form .inline.field > label,
   .repository.new.fork form .inline.field > label {
-    text-align: right;
+    text-align: end;
     width: 250px !important;
     word-wrap: break-word;
   }
   .repository.new.migrate form .help,
   .repository.new.fork form .help {
-    margin-left: 265px !important;
+    margin-inline-start: 265px !important;
   }
   .repository.new.repo form .optional .title,
   .repository.new.migrate form .optional .title,
   .repository.new.fork form .optional .title {
-    margin-left: 250px !important;
+    margin-inline-start: 250px !important;
   }
   .repository.new.migrate form .inline.field > input,
   .repository.new.fork form .inline.field > input,
@@ -503,7 +503,7 @@ input:-webkit-autofill:active,
   .repository.new.repo form .optional .title,
   .repository.new.migrate form .optional .title,
   .repository.new.fork form .optional .title {
-    margin-left: 15px;
+    margin-inline-start: 15px;
   }
   .repository.new.repo form .inline.field > label,
   .repository.new.migrate form .inline.field > label,
@@ -514,14 +514,14 @@ input:-webkit-autofill:active,
 
 .repository.new.migrate form .dropdown .text,
 .repository.new.fork form .dropdown .text {
-  margin-right: 0 !important;
+  margin-inline-end: 0 !important;
 }
 
 .moderation.new-report form .header,
 .repository.new.repo form .header,
 .repository.new.migrate form .header,
 .repository.new.fork form .header {
-  padding-left: 0 !important;
+  padding-inline-start: 0 !important;
   text-align: center;
 }
 
@@ -557,7 +557,7 @@ input:-webkit-autofill:active,
 
 @media (min-width: 768px) {
   .repository.new.repo .ui.form #auto-init {
-    margin-left: 265px !important;
+    margin-inline-start: 265px !important;
   }
 }
 
diff --git a/web_src/css/home.css b/web_src/css/home.css
index 84dd793612..462a1fb6a5 100644
--- a/web_src/css/home.css
+++ b/web_src/css/home.css
@@ -68,14 +68,14 @@
 }
 
 .page-footer .right-links > a {
-  border-left: 1px solid var(--color-secondary-dark-1);
-  padding-left: 8px;
-  margin-left: 8px;
+  border-inline-start: 1px solid var(--color-secondary-dark-1);
+  padding-inline-start: 8px;
+  margin-inline-start: 8px;
 }
 
 .page-footer .ui.dropdown.language .menu {
   max-height: min(500px, calc(100vh - 60px));
-  overflow-y: auto;
+  overflow-block: auto;
   margin-bottom: 10px;
 }
 
diff --git a/web_src/css/install.css b/web_src/css/install.css
index df2a7cb53f..eea8db43a9 100644
--- a/web_src/css/install.css
+++ b/web_src/css/install.css
@@ -4,16 +4,16 @@
 }
 
 .page-content.install form.ui.form .inline.field > label {
-  text-align: right;
+  text-align: end;
   width: 30%;
-  padding-right: 10px;
-  margin-right: 0;
+  padding-inline-end: 10px;
+  margin-inline-end: 0;
 }
 
 .page-content.install .ui.form .field > .help,
 .page-content.install .ui.form .field > .ui.checkbox:first-child,
 .page-content.install .ui.form .field > .right-content {
-  margin-left: calc(30% + 5px);
+  margin-inline-start: calc(30% + 5px);
   width: auto;
 }
 
@@ -34,20 +34,20 @@
 }
 
 .page-content.install form.ui.form .field {
-  text-align: left;
+  text-align: start;
 }
 
 .page-content.install .ui .reinstall-message {
   width: 70%;
   margin: 20px auto;
   color: var(--color-red);
-  text-align: left;
+  text-align: start;
   font-weight: var(--font-weight-semibold);
 }
 
 .page-content.install .ui .reinstall-confirm {
   width: 70%;
-  text-align: left;
+  text-align: start;
   margin: 10px auto;
 }
 
diff --git a/web_src/css/issues.css b/web_src/css/issues.css
index 28539e5eb3..9d5301b58d 100644
--- a/web_src/css/issues.css
+++ b/web_src/css/issues.css
@@ -9,7 +9,7 @@
 .menu .item:has(> .label-filter-item) .label-exclude-item-btn {
   opacity: 0;
   position: absolute;
-  right: 0;
+  inset-inline-end: 0;
   height: 100%;
   width: 40px;
   background: none;
@@ -34,13 +34,13 @@
   max-width: 288px;
 
   @media (any-hover: none) {
-    padding-right: 50px !important;
+    padding-inline-end: 50px !important;
   }
 
   &:hover,
   &.selected,
   &:has(.label-exclude-item-btn.active) {
-    padding-right: 50px !important;
+    padding-inline-end: 50px !important;
 
     .label-exclude-item-btn {
       opacity: 1;
@@ -51,7 +51,7 @@
 .menu:has(> .item[data-selected])
 .item:not([data-selected])
 > .label-filter-item {
-  padding-left: 27px;
+  padding-inline-start: 27px;
 }
 
 .menu .item .label-filter-item {
diff --git a/web_src/css/markup/codecopy.css b/web_src/css/markup/codecopy.css
index e3017ae962..665413d717 100644
--- a/web_src/css/markup/codecopy.css
+++ b/web_src/css/markup/codecopy.css
@@ -6,7 +6,7 @@
 .markup .code-copy {
   position: absolute;
   top: 8px;
-  right: 6px;
+  inset-inline-end: 6px;
   padding: 9px;
   visibility: hidden;
   animation: fadeout 0.2s both;
@@ -14,7 +14,7 @@
 
 /* adjustments for comment content having only 14px font size */
 .repository.view.issue .comment-list .comment .markup .code-copy {
-  right: 5px;
+  inset-inline-end: 5px;
   padding: 8px;
 }
 
diff --git a/web_src/css/markup/content.css b/web_src/css/markup/content.css
index 931f33d064..bc1f4bca78 100644
--- a/web_src/css/markup/content.css
+++ b/web_src/css/markup/content.css
@@ -23,9 +23,9 @@
 }
 
 .markup .anchor {
-  float: left;
-  padding-right: 4px;
-  margin-left: -20px;
+  float: inline-start;
+  padding-inline-end: 4px;
+  margin-inline-start: -20px;
   color: inherit;
 }
 
@@ -144,7 +144,7 @@
 
 .markup ul,
 .markup ol {
-  padding-left: 2em;
+  padding-inline-start: 2em;
 }
 
 .markup ul.no-list,
@@ -167,11 +167,11 @@
 }
 
 .markup ol .task-list-item input[type="checkbox"] {
-  margin-left: 0;
+  margin-inline-start: 0;
 }
 
 .markup .task-list-item input[type="checkbox"] + p {
-  margin-left: -0.2em;
+  margin-inline-start: -0.2em;
   display: inline;
 }
 
@@ -267,10 +267,10 @@
 }
 
 .markup blockquote {
-  margin-left: 0;
+  margin-inline-start: 0;
   padding: 0 15px;
   color: var(--color-text-light-2);
-  border-left: 0.25em solid var(--color-secondary);
+  border-inline-start: 0.25em solid var(--color-secondary);
 }
 
 .markup blockquote > :first-child {
@@ -328,12 +328,12 @@
 
 .markup img[align="right"],
 .markup video[align="right"] {
-  padding-left: 20px;
+  padding-inline-start: 20px;
 }
 
 .markup img[align="left"],
 .markup video[align="left"] {
-  padding-right: 28px;
+  padding-inline-end: 28px;
 }
 
 .markup .emoji {
@@ -347,7 +347,7 @@
 
 .markup span.frame > span {
   display: block;
-  float: left;
+  float: inline-start;
   width: auto;
   padding: 7px;
   margin: 13px 0 0;
@@ -358,7 +358,7 @@
 .markup span.frame span img,
 .markup span.frame span video {
   display: block;
-  float: left;
+  float: inline-start;
 }
 
 .markup span.frame span span {
@@ -397,19 +397,19 @@
   display: block;
   margin: 13px 0 0;
   overflow: hidden;
-  text-align: right;
+  text-align: end;
 }
 
 .markup span.align-right span img,
 .markup span.align-right span video {
   margin: 0;
-  text-align: right;
+  text-align: end;
 }
 
 .markup span.float-left {
   display: block;
-  float: left;
-  margin-right: 13px;
+  float: inline-start;
+  margin-inline-end: 13px;
   overflow: hidden;
 }
 
@@ -419,8 +419,8 @@
 
 .markup span.float-right {
   display: block;
-  float: right;
-  margin-left: 13px;
+  float: inline-end;
+  margin-inline-start: 13px;
   overflow: hidden;
 }
 
@@ -428,7 +428,7 @@
   display: block;
   margin: 13px auto 0;
   overflow: hidden;
-  text-align: right;
+  text-align: end;
 }
 
 .markup code,
@@ -508,15 +508,15 @@
 .markup .ui.list .list,
 .markup ol.ui.list ol,
 .markup ul.ui.list ul {
-  padding-left: 2em;
+  padding-inline-start: 2em;
 }
 
 .file-revisions-btn {
   display: block;
-  float: left;
+  float: inline-start;
   margin-bottom: 2px !important;
   padding: 11px !important;
-  margin-right: 10px !important;
+  margin-inline-end: 10px !important;
 }
 
 .file-revisions-btn i {
@@ -538,20 +538,20 @@
   display: block !important; /* override fomantic .ui.form .error.message {display: none} */
   border: none !important;
   margin-bottom: 0 !important;
-  border-bottom-left-radius: 0 !important;
-  border-bottom-right-radius: 0 !important;
+  border-bottom-left-radius: 0 !important; /* stylelint-disable-line logical-css/require-logical-properties */
+  border-bottom-right-radius: 0 !important; /* stylelint-disable-line logical-css/require-logical-properties */
   box-shadow: none !important;
   font-size: 85% !important;
   white-space: pre-wrap !important;
   padding: 0.5rem 1rem !important;
-  text-align: left !important;
+  text-align: start !important;
 }
 
 .markup-block-error + pre {
   border-top: none !important;
   margin-top: 0 !important;
-  border-top-left-radius: 0 !important;
-  border-top-right-radius: 0 !important;
+  border-top-left-radius: 0 !important; /* stylelint-disable-line logical-css/require-logical-properties */
+  border-top-right-radius: 0 !important; /* stylelint-disable-line logical-css/require-logical-properties */
 }
 
 .file-view.markup {
diff --git a/web_src/css/markup/filepreview.css b/web_src/css/markup/filepreview.css
index d2ec16ea8b..1c0fad5170 100644
--- a/web_src/css/markup/filepreview.css
+++ b/web_src/css/markup/filepreview.css
@@ -18,7 +18,7 @@
 
 .markup .file-preview-box .header {
   padding: .5rem;
-  padding-left: 1rem;
+  padding-inline-start: 1rem;
   border: 1px solid var(--color-secondary);
   border-bottom: none;
   border-radius: 0.28571429rem 0.28571429rem 0 0;
diff --git a/web_src/css/modules/animations.css b/web_src/css/modules/animations.css
index a820787b16..8efea4d959 100644
--- a/web_src/css/modules/animations.css
+++ b/web_src/css/modules/animations.css
@@ -28,7 +28,7 @@ lazy-webc::after,
   content: "";
   position: absolute;
   display: block;
-  left: 50%;
+  inset-inline-start: 50%;
   top: 50%;
   height: min(4em, 66.6%);
   width: fit-content; /* compat: safari - https://bugs.webkit.org/show_bug.cgi?id=267625 */
diff --git a/web_src/css/modules/button-legacy.css b/web_src/css/modules/button-legacy.css
index 8683d9ed58..f0451dec99 100644
--- a/web_src/css/modules/button-legacy.css
+++ b/web_src/css/modules/button-legacy.css
@@ -60,7 +60,7 @@ And the default buttons always have borders now (not the same as Fomantic UI's d
 It needs some tricks to tweak the left/right borders with active state */
 
 .ui.buttons .button {
-  border-right: none;
+  border-inline-end: none;
 }
 
 .ui.buttons .button:hover {
@@ -68,27 +68,27 @@ It needs some tricks to tweak the left/right borders with active state */
 }
 
 .ui.buttons .button:hover + .button {
-  border-left: 1px solid var(--color-secondary-dark-2);
+  border-inline-start: 1px solid var(--color-secondary-dark-2);
 }
 
 /* TODO: these "tw-hidden" selectors are only used by "blame.tmpl" buttons: Raw/Normal View/History/Unescape, need to be refactored to a clear solution later */
 .ui.buttons .button:first-child,
 .ui.buttons .button.tw-hidden:first-child + .button {
-  border-left: 1px solid var(--color-light-border);
+  border-inline-start: 1px solid var(--color-light-border);
 }
 
 .ui.buttons .button:last-child,
 .ui.buttons .button:nth-last-child(2):has(+ .button.tw-hidden) {
-  border-right: 1px solid var(--color-light-border);
+  border-inline-end: 1px solid var(--color-light-border);
 }
 
 .ui.buttons .button.active {
-  border-left: 1px solid var(--color-light-border);
-  border-right: 1px solid var(--color-light-border);
+  border-inline-start: 1px solid var(--color-light-border);
+  border-inline-end: 1px solid var(--color-light-border);
 }
 
 .ui.buttons .button.active + .button {
-  border-left: none;
+  border-inline-start: none;
 }
 
 .ui.basic.buttons .button,
diff --git a/web_src/css/modules/button.css b/web_src/css/modules/button.css
index 011e89c32f..07152b4d99 100644
--- a/web_src/css/modules/button.css
+++ b/web_src/css/modules/button.css
@@ -100,7 +100,7 @@
 /* Fomantic buttons have annoying margins to set distance between elements. In
  * the button-row/sequence helpers this is set by flex+gap */
 .button-row .ui.button {
-  margin-right: 0;
+  margin-inline-end: 0;
 }
 .button-sequence .ui.button {
   margin: 0 !important;
diff --git a/web_src/css/modules/card.css b/web_src/css/modules/card.css
index 2406def681..e71a90cdf8 100644
--- a/web_src/css/modules/card.css
+++ b/web_src/css/modules/card.css
@@ -119,16 +119,14 @@ a.ui.card:hover {
 .ui.cards > .card > .extra,
 .ui.card > .extra {
   color: var(--color-text);
-  border-top-color: var(--color-secondary-light-1) !important;
+  border-block-start-color: var(--color-secondary-light-1) !important;
 }
 
 .ui.three.cards {
-  margin-left: -1em;
-  margin-right: -1em;
+  margin-inline: -1em;
 }
 
 .ui.three.cards > .card {
   width: calc(33.33333333333333% - 2em);
-  margin-left: 1em;
-  margin-right: 1em;
+  margin-inline: 1em;
 }
diff --git a/web_src/css/modules/checkbox.css b/web_src/css/modules/checkbox.css
index 8d73573bfa..ab0fdf9348 100644
--- a/web_src/css/modules/checkbox.css
+++ b/web_src/css/modules/checkbox.css
@@ -21,7 +21,7 @@ input[type="radio"] {
 .ui.checkbox input[type="radio"] {
   position: absolute;
   top: 1px;
-  left: 0;
+  inset-inline-start: 0;
   width: var(--checkbox-size);
   height: var(--checkbox-size);
 }
@@ -41,7 +41,7 @@ input[type="radio"] {
 
 .ui.checkbox label,
 .ui.radio.checkbox label {
-  margin-left: 1.85714em;
+  margin-inline-start: 1.85714em;
 }
 
 .ui.checkbox + label {
@@ -72,7 +72,7 @@ input[type="radio"] {
 }
 .ui.toggle.checkbox label {
   min-height: 1.5rem;
-  padding-left: 4.5rem;
+  padding-inline-start: 4.5rem;
   padding-top: 0.15em;
 }
 .ui.toggle.checkbox label::before {
@@ -84,7 +84,7 @@ input[type="radio"] {
   width: 49px;
   height: 21px;
   border-radius: 500rem;
-  left: 0;
+  inset-inline-start: 0;
 }
 .ui.toggle.checkbox label::after {
   background: var(--color-white);
@@ -96,15 +96,15 @@ input[type="radio"] {
   width: 18px;
   height: 18px;
   top: 1.5px;
-  left: 1.5px;
+  inset-inline-start: 1.5px;
   border-radius: 500rem;
   transition: background 0.3s ease, left 0.3s ease;
 }
 .ui.toggle.checkbox input ~ label::after {
-  left: 1.5px;
+  inset-inline-start: 1.5px;
 }
 .ui.toggle.checkbox input:checked ~ label::after {
-  left: 29px;
+  inset-inline-start: 29px;
 }
 .ui.toggle.checkbox input:focus ~ label::before,
 .ui.toggle.checkbox label::before {
diff --git a/web_src/css/modules/comment.css b/web_src/css/modules/comment.css
index 799eeb8574..0a470eda71 100644
--- a/web_src/css/modules/comment.css
+++ b/web_src/css/modules/comment.css
@@ -36,7 +36,7 @@
 .ui.comments .comment > .comments::before {
   position: absolute;
   top: 0;
-  left: 0;
+  inset-inline-start: 0;
 }
 
 .ui.comments .comment > .comments .comment {
@@ -46,7 +46,7 @@
 }
 
 .ui.comments .comment .avatar {
-  float: left;
+  float: inline-start;
   width: 2.5em;
 }
 
@@ -55,7 +55,7 @@
 }
 
 .ui.comments .comment > .avatar ~ .content {
-  margin-left: 3.5em;
+  margin-inline-start: 3.5em;
 }
 
 .ui.comments .comment .author {
@@ -69,7 +69,7 @@
 
 .ui.comments .comment .metadata {
   display: inline-block;
-  margin-left: 0.5em;
+  margin-inline-start: 0.5em;
   font-size: 0.875em;
 }
 
@@ -79,7 +79,7 @@
 }
 
 .ui.comments .comment .metadata > :last-child {
-  margin-right: 0;
+  margin-inline-end: 0;
 }
 
 .ui.comments .comment .text {
diff --git a/web_src/css/modules/container.css b/web_src/css/modules/container.css
index 95c71b207f..057c8c1be9 100644
--- a/web_src/css/modules/container.css
+++ b/web_src/css/modules/container.css
@@ -11,8 +11,7 @@
   .ui.ui.ui.container:not(.fluid) {
     --container-width: auto;
     width: var(--container-width);
-    margin-left: 1em;
-    margin-right: 1em;
+    margin-inline: 1em;
   }
 }
 
@@ -20,8 +19,7 @@
   .ui.ui.ui.container:not(.fluid) {
     --container-width: 723px;
     width: var(--container-width);
-    margin-left: auto;
-    margin-right: auto;
+    margin-inline: auto;
   }
 }
 
@@ -29,8 +27,7 @@
   .ui.ui.ui.container:not(.fluid) {
     --container-width: 933px;
     width: var(--container-width);
-    margin-left: auto;
-    margin-right: auto;
+    margin-inline: auto;
   }
 }
 
@@ -38,8 +35,7 @@
   .ui.ui.ui.container:not(.fluid) {
     --container-width: 1127px;
     width: var(--container-width);
-    margin-left: auto;
-    margin-right: auto;
+    margin-inline: auto;
   }
 }
 
@@ -57,8 +53,7 @@
   --container-width: 1280px;
   width: var(--container-width);
   max-width: calc(100% - calc(2 * var(--page-margin-x)));
-  margin-left: auto;
-  margin-right: auto;
+  margin-inline: auto;
 }
 
 .ui.container.fluid.padded {
diff --git a/web_src/css/modules/dialog.css b/web_src/css/modules/dialog.css
index 3f9a1a44bf..e80acdf2a8 100644
--- a/web_src/css/modules/dialog.css
+++ b/web_src/css/modules/dialog.css
@@ -6,7 +6,7 @@ dialog {
   align-items: center;
   justify-content: center;
   position: fixed;
-  text-align: left;
+  text-align: start;
   border: none;
   background: var(--color-body);
   box-shadow:
@@ -57,8 +57,8 @@ dialog header {
   margin: 0;
   padding: 1.25rem 1.5rem;
   box-shadow: none;
-  border-top-left-radius: var(--border-radius);
-  border-top-right-radius: var(--border-radius);
+  border-top-left-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
+  border-top-right-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
   border-bottom: 1px solid var(--color-secondary);
 }
 
@@ -89,8 +89,8 @@ dialog .actions {
 }
 
 dialog footer {
-  border-bottom-left-radius: var(--border-radius);
-  border-bottom-right-radius: var(--border-radius);
+  border-bottom-left-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
+  border-bottom-right-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
 }
 
 /* positive/negative action buttons */
@@ -98,7 +98,7 @@ dialog .actions .ui.button {
   display: inline-flex;
   align-items: center;
   padding: 10px 12px;
-  margin-right: 0;
+  margin-inline-end: 0;
 }
 
 dialog .actions .ui.button.danger {
@@ -109,5 +109,5 @@ dialog .actions .ui.button.danger {
 }
 
 dialog .actions .ui.button .svg {
-  margin-right: 5px;
+  margin-inline-end: 5px;
 }
diff --git a/web_src/css/modules/divider.css b/web_src/css/modules/divider.css
index acc8408f37..9cba544569 100644
--- a/web_src/css/modules/divider.css
+++ b/web_src/css/modules/divider.css
@@ -30,11 +30,11 @@ h4.divider {
 }
 
 .divider.divider-text::before {
-  margin-right: .75em;
+  margin-inline-end: .75em;
 }
 
 .divider.divider-text::after {
-  margin-left: .75em;
+  margin-inline-start: .75em;
 }
 
 .ui.dropdown .menu > .divider {
diff --git a/web_src/css/modules/grid.css b/web_src/css/modules/grid.css
index 1df9a116f7..9b64b414ad 100644
--- a/web_src/css/modules/grid.css
+++ b/web_src/css/modules/grid.css
@@ -22,12 +22,10 @@
 }
 
 .ui.relaxed.grid {
-  margin-left: -1.5rem;
-  margin-right: -1.5rem;
+  margin-inline: -1.5rem;
 }
 .ui[class*="very relaxed"].grid {
-  margin-left: -2.5rem;
-  margin-right: -2.5rem;
+  margin-inline: -2.5rem;
 }
 
 .ui.grid + .grid {
@@ -39,13 +37,11 @@
   position: relative;
   display: inline-block;
   width: 6.25%;
-  padding-left: 1rem;
-  padding-right: 1rem;
+  padding-inline: 1rem;
   vertical-align: top;
 }
 .ui.grid > * {
-  padding-left: 1rem;
-  padding-right: 1rem;
+  padding-inline: 1rem;
 }
 
 .ui.grid > .row {
@@ -103,46 +99,36 @@
 @media only screen and (max-width: 767.98px) {
   .ui.page.grid {
     width: auto;
-    padding-left: 0;
-    padding-right: 0;
-    margin-left: 0;
-    margin-right: 0;
+    padding-inline: 0;
+    margin-inline: 0;
   }
 }
 @media only screen and (min-width: 768px) and (max-width: 991.98px) {
   .ui.page.grid {
     width: auto;
-    margin-left: 0;
-    margin-right: 0;
-    padding-left: 2em;
-    padding-right: 2em;
+    margin-inline: 0;
+    padding-inline: 2em;
   }
 }
 @media only screen and (min-width: 992px) and (max-width: 1199.98px) {
   .ui.page.grid {
     width: auto;
-    margin-left: 0;
-    margin-right: 0;
-    padding-left: 3%;
-    padding-right: 3%;
+    margin-inline: 0;
+    padding-inline: 3%;
   }
 }
 @media only screen and (min-width: 1200px) and (max-width: 1919.98px) {
   .ui.page.grid {
     width: auto;
-    margin-left: 0;
-    margin-right: 0;
-    padding-left: 15%;
-    padding-right: 15%;
+    margin-inline: 0;
+    padding-inline: 15%;
   }
 }
 @media only screen and (min-width: 1920px) {
   .ui.page.grid {
     width: auto;
-    margin-left: 0;
-    margin-right: 0;
-    padding-left: 23%;
-    padding-right: 23%;
+    margin-inline: 0;
+    padding-inline: 23%;
   }
 }
 
@@ -371,37 +357,32 @@
 .ui.centered.grid > .column:not(.aligned):not(.justified):not(.row),
 .ui.centered.grid > .row > .column:not(.aligned):not(.justified),
 .ui.grid .centered.row > .column:not(.aligned):not(.justified) {
-  text-align: left;
+  text-align: start;
 }
 .ui.grid > .centered.column,
 .ui.grid > .row > .centered.column {
   display: block;
-  margin-left: auto;
-  margin-right: auto;
+  margin-inline: auto;
 }
 
 .ui.relaxed.grid > .column:not(.row),
 .ui.relaxed.grid > .row > .column,
 .ui.grid > .relaxed.row > .column {
-  padding-left: 1.5rem;
-  padding-right: 1.5rem;
+  padding-inline: 1.5rem;
 }
 .ui[class*="very relaxed"].grid > .column:not(.row),
 .ui[class*="very relaxed"].grid > .row > .column,
 .ui.grid > [class*="very relaxed"].row > .column {
-  padding-left: 2.5rem;
-  padding-right: 2.5rem;
+  padding-inline: 2.5rem;
 }
 
 .ui.relaxed.grid .row + .ui.divider,
 .ui.grid .relaxed.row + .ui.divider {
-  margin-left: 1.5rem;
-  margin-right: 1.5rem;
+  margin-inline: 1.5rem;
 }
 .ui[class*="very relaxed"].grid .row + .ui.divider,
 .ui.grid [class*="very relaxed"].row + .ui.divider {
-  margin-left: 2.5rem;
-  margin-right: 2.5rem;
+  margin-inline: 2.5rem;
 }
 
 .ui[class*="middle aligned"].grid > .column:not(.row),
@@ -419,7 +400,7 @@
 .ui.grid > [class*="left aligned"].row > .column,
 .ui.grid > [class*="left aligned"].column.column,
 .ui.grid > .row > [class*="left aligned"].column.column {
-  text-align: left;
+  text-align: start;
   align-self: inherit;
 }
 
@@ -440,7 +421,7 @@
 .ui.grid > [class*="right aligned"].row > .column,
 .ui.grid > [class*="right aligned"].column.column,
 .ui.grid > .row > [class*="right aligned"].column.column {
-  text-align: right;
+  text-align: end;
   align-self: inherit;
 }
 
@@ -470,8 +451,7 @@
 @media only screen and (max-width: 767.98px) {
   .ui.stackable.grid {
     width: auto;
-    margin-left: 0 !important;
-    margin-right: 0 !important;
+    margin-inline: 0 !important;
   }
   .ui.stackable.grid > .row > .wide.column,
   .ui.stackable.grid > .wide.column,
@@ -492,25 +472,21 @@
 
   .ui.container > .ui.stackable.grid > .column,
   .ui.container > .ui.stackable.grid > .row > .column {
-    padding-left: 0 !important;
-    padding-right: 0 !important;
+    padding-inline: 0 !important;
   }
 
   .ui.grid .ui.stackable.grid,
   .ui.segment:not(.vertical) .ui.stackable.page.grid {
-    margin-left: -1rem !important;
-    margin-right: -1rem !important;
+    margin-inline: -1rem !important;
   }
 }
 
 .ui.ui.ui.compact.grid > .column:not(.row),
 .ui.ui.ui.compact.grid > .row > .column {
-  padding-left: 0.5rem;
-  padding-right: 0.5rem;
+  padding-inline: 0.5rem;
 }
 .ui.ui.ui.compact.grid > * {
-  padding-left: 0.5rem;
-  padding-right: 0.5rem;
+  padding-inline: 0.5rem;
 }
 
 .ui.ui.ui.compact.grid > .row {
diff --git a/web_src/css/modules/hashbox.css b/web_src/css/modules/hashbox.css
index 316ac1f655..1095862716 100644
--- a/web_src/css/modules/hashbox.css
+++ b/web_src/css/modules/hashbox.css
@@ -31,9 +31,9 @@
   color: var(--color-text);
   background: var(--color-light);
   padding: 0.25rem 0.33rem;
-  border-left: 1px solid var(--color-light-border);
-  border-top-right-radius: inherit;
-  border-bottom-right-radius: inherit;
+  border-inline-start: 1px solid var(--color-light-border);
+  border-start-end-radius: inherit;
+  border-end-end-radius: inherit;
 }
 
 .sha.label .signature-author {
@@ -53,7 +53,7 @@
 }
 
 .sha.label.isSigned.isWarning .signature {
-  border-left: 1px solid var(--color-red-badge);
+  border-inline-start: 1px solid var(--color-red-badge);
   color: var(--color-red-badge);
 }
 
@@ -67,7 +67,7 @@
 }
 
 .sha.label.isSigned.isVerified .signature {
-  border-left: 1px solid var(--color-green-badge);
+  border-inline-start: 1px solid var(--color-green-badge);
   color: var(--color-green-badge);
 }
 
@@ -81,7 +81,7 @@
 }
 
 .sha.label.isSigned.isVerifiedUntrusted .signature {
-  border-left: 1px solid var(--color-yellow-badge);
+  border-inline-start: 1px solid var(--color-yellow-badge);
   color: var(--color-yellow-badge);
 }
 
@@ -95,7 +95,7 @@
 }
 
 .sha.label.isSigned.isVerifiedUnmatched .signature {
-  border-left: 1px solid var(--color-orange-badge);
+  border-inline-start: 1px solid var(--color-orange-badge);
   color: var(--color-orange-badge);
 }
 
diff --git a/web_src/css/modules/header.css b/web_src/css/modules/header.css
index f45e970018..308960031b 100644
--- a/web_src/css/modules/header.css
+++ b/web_src/css/modules/header.css
@@ -20,7 +20,7 @@
 }
 
 .ui.header .ui.label {
-  margin-left: 0.25rem;
+  margin-inline-start: 0.25rem;
   vertical-align: middle;
 }
 
@@ -49,7 +49,7 @@
 .ui.header > i.icon:only-child {
   display: inline-block;
   padding: 0;
-  margin-right: 0.75rem;
+  margin-inline-end: 0.75rem;
 }
 
 .ui.header + p {
@@ -120,7 +120,7 @@ h4.ui.header .sub.header {
 /* fix misaligned right buttons on box headers */
 .ui.attached.header > .ui.right {
   position: absolute;
-  right: 0.78571429rem;
+  inset-inline-end: 0.78571429rem;
   top: 0;
   bottom: 0;
   display: flex;
@@ -136,8 +136,7 @@ h4.ui.header .sub.header {
 
 /* open dropdown menus to the left in right-attached headers */
 .ui.attached.header > .ui.right .ui.dropdown .menu {
-  right: 0;
-  left: auto;
+  inset-inline: auto 0;
 }
 
 /* if a .top.attached.header is followed by a .segment, add some margin */
@@ -147,7 +146,7 @@ h4.ui.header .sub.header {
 }
 
 .ui.dividing.header {
-  border-bottom-color: var(--color-secondary);
+  border-block-end-color: var(--color-secondary);
 }
 
 .ui.dividing.header .sub.header {
diff --git a/web_src/css/modules/input.css b/web_src/css/modules/input.css
index 18b785ac82..64a8b68685 100644
--- a/web_src/css/modules/input.css
+++ b/web_src/css/modules/input.css
@@ -49,7 +49,7 @@
   position: absolute;
   text-align: center;
   top: 0;
-  right: 0;
+  inset-inline-end: 0;
   margin: 0;
   height: 100%;
   width: 2.67142857em;
@@ -71,29 +71,26 @@
 
 .ui.ui.ui.ui.icon.input > textarea,
 .ui.ui.ui.ui.icon.input > input {
-  padding-right: 2.67142857em;
+  padding-inline-end: 2.67142857em;
 }
 .ui.icon.input > i.link.icon {
   cursor: pointer;
 }
 .ui.icon.input > i.circular.icon {
   top: 0.35em;
-  right: 0.5em;
+  inset-inline-end: 0.5em;
 }
 
 .ui[class*="left icon"].input > i.icon {
-  right: auto;
-  left: 1px;
+  inset-inline: 1px auto;
   border-radius: 0.28571429rem 0 0 0.28571429rem;
 }
 .ui[class*="left icon"].input > i.circular.icon {
-  right: auto;
-  left: 0.5em;
+  inset-inline: 0.5em auto;
 }
 .ui.ui.ui.ui[class*="left icon"].input > textarea,
 .ui.ui.ui.ui[class*="left icon"].input > input {
-  padding-left: 2.67142857em;
-  padding-right: 1em;
+  padding-inline: 2.67142857em 1em;
 }
 
 .ui.icon.input > textarea:focus ~ .icon,
@@ -125,9 +122,9 @@
 }
 
 .ui.action.input:not([class*="left action"]) > input {
-  border-top-right-radius: 0;
-  border-bottom-right-radius: 0;
-  border-right-color: transparent;
+  border-start-end-radius: 0;
+  border-end-end-radius: 0;
+  border-inline-end-color: transparent;
 }
 
 .ui.action.input > .dropdown:first-child,
@@ -171,18 +168,18 @@
   min-width: 10em;
 }
 .ui.action.input:not([class*="left action"]) > .ui.dropdown.selection:not(:focus) {
-  border-right: none;
+  border-inline-end: none;
 }
 .ui.action.input:not([class*="left action"]) > .ui.dropdown.selection:not(.active):hover {
   border-color: var(--color-input-border);
 }
 .ui.action.input:not([class*="left action"]) .ui.dropdown.selection.upward.visible {
-  border-bottom-left-radius: 0 !important;
-  border-bottom-right-radius: 0 !important;
+  border-bottom-left-radius: 0 !important; /* stylelint-disable-line logical-css/require-logical-properties */
+  border-bottom-right-radius: 0 !important; /* stylelint-disable-line logical-css/require-logical-properties */
 }
 .ui.action.input:not([class*="left action"]) > input,
 .ui.action.input:not([class*="left action"]) > input:hover {
-  border-right: none;
+  border-inline-end: none;
 }
 .ui.action.input:not([class*="left action"]) > input:focus + .ui.dropdown.selection,
 .ui.action.input:not([class*="left action"]) > input:focus + .ui.dropdown.selection:hover,
@@ -190,8 +187,8 @@
 .ui.action.input:not([class*="left action"]) > input:focus + .button:hover,
 .ui.action.input:not([class*="left action"]) > input:focus + .icon + .button,
 .ui.action.input:not([class*="left action"]) > input:focus + .icon + .button:hover {
-  border-left-color: var(--color-primary);
+  border-inline-start-color: var(--color-primary);
 }
 .ui.action.input:not([class*="left action"]) > input:focus {
-  border-right-color: var(--color-primary);
+  border-inline-end-color: var(--color-primary);
 }
diff --git a/web_src/css/modules/label.css b/web_src/css/modules/label.css
index 4dc469631d..689577a8a6 100644
--- a/web_src/css/modules/label.css
+++ b/web_src/css/modules/label.css
@@ -19,10 +19,10 @@
 }
 
 .ui.label:first-child {
-  margin-left: 0;
+  margin-inline-start: 0;
 }
 .ui.label:last-child {
-  margin-right: 0;
+  margin-inline-end: 0;
 }
 
 a.ui.label {
@@ -45,7 +45,7 @@ a.ui.label {
 }
 
 .ui.label > .color-icon {
-  margin-left: 0;
+  margin-inline-start: 0;
 }
 
 .ui.label > .icon {
@@ -57,7 +57,7 @@ a.ui.label {
   display: inline-block;
   vertical-align: top;
   font-weight: var(--font-weight-medium);
-  margin-left: 1em;
+  margin-inline-start: 1em;
   opacity: 0.8;
 }
 .ui.label > .detail .icon {
diff --git a/web_src/css/modules/list.css b/web_src/css/modules/list.css
index 32c71e802b..f9e3186ce3 100644
--- a/web_src/css/modules/list.css
+++ b/web_src/css/modules/list.css
@@ -51,7 +51,7 @@
   min-width: 1.55em;
   padding-top: 0;
   transition: color 0.1s ease;
-  padding-right: 0.28571429em;
+  padding-inline-end: 0.28571429em;
   vertical-align: top;
 }
 .ui.list .list > .item > i.icon:only-child,
@@ -69,7 +69,7 @@
 }
 .ui.list .list > .item > .image:not(:only-child):not(img),
 .ui.list > .item > .image:not(:only-child):not(img) {
-  padding-right: 0.5em;
+  padding-inline-end: 0.5em;
 }
 .ui.list .list > .item > .image img,
 .ui.list > .item > .image img {
@@ -102,8 +102,8 @@
 }
 .ui.list .list > .item > .content > .list,
 .ui.list > .item > .content > .list {
-  margin-left: 0;
-  padding-left: 0;
+  margin-inline-start: 0;
+  padding-inline-start: 0;
 }
 
 .ui.list .list > .item .header,
@@ -128,7 +128,7 @@
 
 .ui.list .list > .item [class*="right floated"],
 .ui.list > .item [class*="right floated"] {
-  float: right;
+  float: inline-end;
   margin: 0 0 0 1em;
 }
 
diff --git a/web_src/css/modules/message.css b/web_src/css/modules/message.css
index c62dbddd25..91b9ed9976 100644
--- a/web_src/css/modules/message.css
+++ b/web_src/css/modules/message.css
@@ -23,8 +23,7 @@
 .ui.attached.message {
   margin-bottom: -1px;
   border-radius: var(--border-radius) var(--border-radius) 0 0;
-  margin-left: -1px;
-  margin-right: -1px;
+  margin-inline: -1px;
 }
 
 .ui.attached + .ui.attached.message:not(.top):not(.bottom) {
@@ -105,7 +104,7 @@
   cursor: pointer;
   position: absolute;
   top: 9px;
-  right: 9px;
+  inset-inline-end: 9px;
   opacity: .7;
 }
 
diff --git a/web_src/css/modules/modal.css b/web_src/css/modules/modal.css
index 54a4ef81ca..e1b5f11236 100644
--- a/web_src/css/modules/modal.css
+++ b/web_src/css/modules/modal.css
@@ -20,8 +20,8 @@
   color: var(--color-text-dark);
   background: var(--color-body);
   border-color: var(--color-secondary);
-  border-top-left-radius: var(--border-radius);
-  border-top-right-radius: var(--border-radius);
+  border-top-left-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
+  border-top-right-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
   vertical-align: middle;
 }
 
@@ -58,12 +58,12 @@ These inconsistent layouts should be refactored to simple ones.
   background: var(--color-secondary-bg);
   border-color: var(--color-secondary);
   padding: 1rem;
-  text-align: right;
+  text-align: end;
 }
 
 .ui.modal .content > .actions {
   padding-top: 1em; /* if the "actions" is in the "content", some paddings are already added by the "content" */
-  text-align: right;
+  text-align: end;
 }
 
 /* positive/negative action buttons */
@@ -71,7 +71,7 @@ These inconsistent layouts should be refactored to simple ones.
   display: inline-flex;
   align-items: center;
   padding: 10px 12px 10px 10px;
-  margin-right: 0;
+  margin-inline-end: 0;
 }
 
 .ui.modal .actions > .ui.button.danger {
@@ -82,5 +82,5 @@ These inconsistent layouts should be refactored to simple ones.
 }
 
 .ui.modal .actions > .ui.button .svg {
-  margin-right: 5px;
+  margin-inline-end: 5px;
 }
diff --git a/web_src/css/modules/navbar.css b/web_src/css/modules/navbar.css
index 0c58441dfe..bf9752fd8a 100644
--- a/web_src/css/modules/navbar.css
+++ b/web_src/css/modules/navbar.css
@@ -41,7 +41,7 @@
 
 #navbar .secondary.menu > .item > .svg,
 #navbar .right.menu > .item > .svg {
-  margin-right: 0;
+  margin-inline-end: 0;
 }
 
 /* icon with notification counter - positioned relative container */
@@ -69,7 +69,7 @@
   }
   #navbar .navbar-mobile-right {
     display: flex;
-    margin-left: auto !important;
+    margin-inline-start: auto !important;
     width: auto !important;
   }
   #navbar .navbar-mobile-right > .item {
@@ -119,7 +119,7 @@
     min-height: 48px;
   }
   #navbar #mobile-notifications-icon {
-    margin-right: 6px !important;
+    margin-inline-end: 6px !important;
   }
 }
 
@@ -151,7 +151,7 @@
   background: var(--color-primary);
   border: 2px solid var(--color-nav-bg);
   position: absolute;
-  left: 6px;
+  inset-inline-start: 6px;
   top: -9px;
   min-width: 17px;
   height: 17px;
diff --git a/web_src/css/modules/segment.css b/web_src/css/modules/segment.css
index 76638cb639..b54db40d90 100644
--- a/web_src/css/modules/segment.css
+++ b/web_src/css/modules/segment.css
@@ -103,14 +103,14 @@
   border-radius: 0;
   border: none;
   box-shadow: none;
-  border-left: 1px solid var(--color-secondary);
+  border-inline-start: 1px solid var(--color-secondary);
 }
 
 .ui.segments > .horizontal.segments:first-child {
   border-top: none;
 }
 .ui.horizontal.segments:not(.stackable) > .segment:first-child {
-  border-left: none;
+  border-inline-start: none;
 }
 .ui.horizontal.segments > .segment:first-child {
   border-radius: 0.28571429rem 0 0 0.28571429rem;
@@ -126,7 +126,7 @@
 }
 
 .ui[class*="left aligned"].segment {
-  text-align: left;
+  text-align: start;
 }
 .ui[class*="center aligned"].segment {
   text-align: center;
@@ -190,8 +190,7 @@
   padding-bottom: 0;
 }
 .ui.fitted.segment:not(.vertically) {
-  padding-left: 0;
-  padding-right: 0;
+  padding-inline: 0;
 }
 
 .ui.segments .segment,
diff --git a/web_src/css/modules/select.css b/web_src/css/modules/select.css
index 1d7d749d4a..7b4b88ada7 100644
--- a/web_src/css/modules/select.css
+++ b/web_src/css/modules/select.css
@@ -11,7 +11,7 @@
 .gitea-select::after {
   position: absolute;
   top: 12px;
-  right: 8px;
+  inset-inline-end: 8px;
   pointer-events: none;
   content: "";
   width: 14px;
diff --git a/web_src/css/modules/switch.css b/web_src/css/modules/switch.css
index dee30f4ca3..c2bea9cef2 100644
--- a/web_src/css/modules/switch.css
+++ b/web_src/css/modules/switch.css
@@ -41,7 +41,7 @@
 
   &.active {
     z-index: 2;
-    padding-left: var(--switch-padding-inline);
+    padding-inline-start: var(--switch-padding-inline);
     background: var(--color-active);
     outline: 1px solid var(--color-input-border);
   }
@@ -55,12 +55,12 @@
 /* Corner rounding aid: item that has to crawl under it's active neighbor,
 so when it is hovered, there are no ugly unpainted v/^ shapes between them */
 .switch > .item:has(+ .active.item) { /* Active neighbor is next item */
-  margin-right: calc(-1 * var(--border-radius));
-  padding-right: calc(var(--switch-padding-inline) + var(--border-radius));
+  margin-inline-end: calc(-1 * var(--border-radius));
+  padding-inline-end: calc(var(--switch-padding-inline) + var(--border-radius));
 }
 .switch > .active.item + .item { /* Active neighbor is previous item */
-  margin-left: calc(-1 * var(--border-radius));
-  padding-left: calc(var(--switch-padding-inline) + var(--border-radius));
+  margin-inline-start: calc(-1 * var(--border-radius));
+  padding-inline-start: calc(var(--switch-padding-inline) + var(--border-radius));
 }
 
 /* Make counters embedded into items more visible on brighter backgrounds */
diff --git a/web_src/css/modules/table.css b/web_src/css/modules/table.css
index 801a58d84d..39787be15a 100644
--- a/web_src/css/modules/table.css
+++ b/web_src/css/modules/table.css
@@ -35,10 +35,10 @@
   vertical-align: inherit;
   font-weight: var(--font-weight-normal);
   border-bottom: 1px solid var(--color-secondary);
-  border-left: none;
+  border-inline-start: none;
 }
 .ui.table > thead > tr > th:first-child {
-  border-left: none;
+  border-inline-start: none;
 }
 .ui.table > thead > tr:first-child > th:first-child {
   border-radius: 0.28571429rem 0 0;
@@ -62,7 +62,7 @@
 }
 .ui.table > tfoot > tr > th:first-child,
 .ui.table > tfoot > tr > td:first-child {
-  border-left: none;
+  border-inline-start: none;
 }
 .ui.table > tfoot > tr:first-child > th:first-child,
 .ui.table > tfoot > tr:first-child > td:first-child {
@@ -154,7 +154,7 @@
 
 .ui.table[class*="left aligned"],
 .ui.table [class*="left aligned"] {
-  text-align: left;
+  text-align: start;
 }
 
 .ui.table[class*="center aligned"],
@@ -164,7 +164,7 @@
 
 .ui.table[class*="right aligned"],
 .ui.table [class*="right aligned"] {
-  text-align: right;
+  text-align: end;
 }
 
 .ui.table[class*="top aligned"],
@@ -301,7 +301,7 @@
 .ui.basic.table > tfoot > tr > th,
 .ui.basic.table > tr > th {
   background: transparent;
-  border-left: none;
+  border-inline-start: none;
 }
 .ui.basic.table > tbody > tr {
   border-bottom: 1px solid var(--color-secondary);
@@ -325,7 +325,7 @@
 .ui[class*="very basic"].table:not(.striped) > tr > td:first-child,
 .ui[class*="very basic"].table:not(.striped) > tbody > tr > td:first-child,
 .ui[class*="very basic"].table:not(.striped) > tfoot > tr > td:first-child {
-  padding-left: 0;
+  padding-inline-start: 0;
 }
 .ui[class*="very basic"].table:not(.striped) > tr > th:last-child,
 .ui[class*="very basic"].table:not(.striped) > thead > tr > th:last-child,
@@ -334,7 +334,7 @@
 .ui[class*="very basic"].table:not(.striped) > tr > td:last-child,
 .ui[class*="very basic"].table:not(.striped) > tbody > tr > td:last-child,
 .ui[class*="very basic"].table:not(.striped) > tfoot > tr > td:last-child {
-  padding-right: 0;
+  padding-inline-end: 0;
 }
 .ui[class*="very basic"].table:not(.striped) > thead > tr:first-child > th {
   padding-top: 0;
@@ -347,7 +347,7 @@
 .ui.celled.table > tr > td,
 .ui.celled.table > tbody > tr > td,
 .ui.celled.table > tfoot > tr > td {
-  border-left: 1px solid var(--color-secondary-alpha-50);
+  border-inline-start: 1px solid var(--color-secondary-alpha-50);
 }
 .ui.celled.table > tr > th:first-child,
 .ui.celled.table > thead > tr > th:first-child,
@@ -356,15 +356,14 @@
 .ui.celled.table > tr > td:first-child,
 .ui.celled.table > tbody > tr > td:first-child,
 .ui.celled.table > tfoot > tr > td:first-child {
-  border-left: none;
+  border-inline-start: none;
 }
 
 .ui.compact.table > tr > th,
 .ui.compact.table > thead > tr > th,
 .ui.compact.table > tbody > tr > th,
 .ui.compact.table > tfoot > tr > th {
-  padding-left: 0.7em;
-  padding-right: 0.7em;
+  padding-inline: 0.7em;
 }
 .ui.compact.table > tr > td,
 .ui.compact.table > tbody > tr > td,
@@ -376,10 +375,10 @@
 .ui.table > thead > tr > th:first-of-type,
 .ui.table > tbody > tr > td:first-of-type,
 .ui.table > tr > td:first-of-type {
-  padding-left: 10px;
+  padding-inline-start: 10px;
 }
 .ui.table > thead > tr > th:last-of-type,
 .ui.table > tbody > tr > td:last-of-type,
 .ui.table > tr > td:last-of-type {
-  padding-right: 10px;
+  padding-inline-end: 10px;
 }
diff --git a/web_src/css/modules/tippy.css b/web_src/css/modules/tippy.css
index ab894d46c5..a44b10674a 100644
--- a/web_src/css/modules/tippy.css
+++ b/web_src/css/modules/tippy.css
@@ -140,25 +140,25 @@
 }
 
 .tippy-box[data-placement^="left"] > .tippy-svg-arrow {
-  right: 0;
+  inset-inline-end: 0;
 }
 
 .tippy-box[data-placement^="left"] > .tippy-svg-arrow::after,
 .tippy-box[data-placement^="left"] > .tippy-svg-arrow > svg {
   transform: rotate(90deg);
   top: calc(50% - 3px);
-  left: 11px;
+  inset-inline-start: 11px;
 }
 
 .tippy-box[data-placement^="right"] > .tippy-svg-arrow {
-  left: 0;
+  inset-inline-start: 0;
 }
 
 .tippy-box[data-placement^="right"] > .tippy-svg-arrow::after,
 .tippy-box[data-placement^="right"] > .tippy-svg-arrow > svg {
   transform: rotate(-90deg);
   top: calc(50% - 3px);
-  right: 11px;
+  inset-inline-end: 11px;
 }
 
 .tippy-svg-arrow {
diff --git a/web_src/css/modules/toast.css b/web_src/css/modules/toast.css
index 2a9f78e017..25b21c46b2 100644
--- a/web_src/css/modules/toast.css
+++ b/web_src/css/modules/toast.css
@@ -44,11 +44,11 @@
 }
 
 .toastify-right {
-  right: 15px;
+  inset-inline-end: 15px;
 }
 
 .toastify-left {
-  left: 15px;
+  inset-inline-start: 15px;
 }
 
 .toastify-top {
@@ -60,18 +60,14 @@
 }
 
 .toastify-center {
-  margin-left: auto;
-  margin-right: auto;
-  left: 0;
-  right: 0;
+  margin-inline: auto;
+  inset-inline: 0;
 }
 
 @media (max-width: 360px) {
   .toastify-right, .toastify-left {
-    margin-left: auto;
-    margin-right: auto;
-    left: 0;
-    right: 0;
+    margin-inline: auto;
+    inset-inline: 0;
     max-width: fit-content;
   }
 }
diff --git a/web_src/css/modules/user-cards.css b/web_src/css/modules/user-cards.css
index d89ea4588c..f545c7d2db 100644
--- a/web_src/css/modules/user-cards.css
+++ b/web_src/css/modules/user-cards.css
@@ -41,7 +41,7 @@
 .user-cards .card .avatar {
   width: 48px;
   height: 48px;
-  margin-right: 14px;
+  margin-inline-end: 14px;
 }
 
 .user-cards .card .name {
diff --git a/web_src/css/org.css b/web_src/css/org.css
index 78cf2e2c61..1ea22dcdbb 100644
--- a/web_src/css/org.css
+++ b/web_src/css/org.css
@@ -15,18 +15,18 @@
     width: 800px !important;
   }
   .organization.new.org form .header {
-    padding-left: 280px !important;
+    padding-inline-start: 280px !important;
   }
   .organization.new.org form .inline.field > label {
-    text-align: right;
+    text-align: end;
     width: 250px !important;
     word-wrap: break-word;
   }
   .organization.new.org form .help {
-    margin-left: 265px !important;
+    margin-inline-start: 265px !important;
   }
   .organization.new.org form .optional .title {
-    margin-left: 250px !important;
+    margin-inline-start: 250px !important;
   }
   .organization.new.org form .inline.field > input,
   .organization.new.org form .inline.field > textarea {
@@ -36,7 +36,7 @@
 
 @media (max-width: 767.98px) {
   .organization.new.org form .optional .title {
-    margin-left: 15px;
+    margin-inline-start: 15px;
   }
   .organization.new.org form .inline.field > label {
     display: block;
@@ -44,7 +44,7 @@
 }
 
 .organization.new.org form .header {
-  padding-left: 0 !important;
+  padding-inline-start: 0 !important;
   text-align: center;
 }
 
@@ -151,7 +151,7 @@
 .page-content.organization .members .ui.avatar {
   width: 48px;
   height: 48px;
-  margin-right: 5px;
+  margin-inline-end: 5px;
   margin-bottom: 5px;
 }
 
@@ -161,12 +161,12 @@
 }
 
 .organization.invite #invite-box #search-user-box input {
-  margin-left: 0;
+  margin-inline-start: 0;
   width: 300px;
 }
 
 .organization.invite #invite-box .ui.button {
-  margin-left: 5px;
+  margin-inline-start: 5px;
   margin-top: -3px;
 }
 
@@ -205,5 +205,5 @@
 
 #add-member-modal .team-list {
   max-height: 300px;
-  overflow-y: auto;
+  overflow-block: auto;
 }
diff --git a/web_src/css/repo.css b/web_src/css/repo.css
index 0619f154af..85158b4d6e 100644
--- a/web_src/css/repo.css
+++ b/web_src/css/repo.css
@@ -71,13 +71,13 @@
 .repository .issue-content-right #deadlineForm input {
   width: 12.8rem;
   border-radius: var(--border-radius) 0 0 var(--border-radius);
-  border-right: 0;
+  border-inline-end: 0;
   white-space: nowrap;
 }
 
 .repository .issue-content-right .filter.menu {
   max-height: 500px;
-  overflow-x: auto;
+  overflow-inline: auto;
 }
 
 .repository .filter.menu .label-filter .menu .info {
@@ -86,9 +86,8 @@
   font-size: 12px;
   width: 100%;
   white-space: nowrap;
-  margin-left: 10px;
-  margin-right: 8px;
-  text-align: left;
+  margin-inline: 10px 8px;
+  text-align: start;
 }
 
 .repository .filter.menu .label-filter .menu .info code {
@@ -102,20 +101,19 @@
 .repository .filter.menu .ui.dropdown .menu {
   max-height: 500px;
   max-width: 300px;
-  overflow-x: hidden;
-  right: 0;
-  left: auto;
+  overflow-inline: hidden;
+  inset-inline: auto 0;
 }
 
 /* the label-filter is the first dropdown, it shouldn't be shown leftward, otherwise it may go out the viewport (left side) */
 .repository .filter.menu .ui.dropdown.label-filter .menu {
   min-width: max-content;
-  right: unset;
-  left: 0;
+  inset-inline-end: unset;
+  inset-inline-start: 0;
 }
 
 .repository .select-label .desc {
-  padding-left: 23px;
+  padding-inline-start: 23px;
   white-space: normal;
   display: block;
   margin-top: 2px;
@@ -152,7 +150,7 @@
 
 .repository .ui.action.input.clone-panel > button + button,
 .repository .ui.action.input.clone-panel > button + input {
-  margin-left: -1px; /* make the borders overlap to avoid double borders */
+  margin-inline-start: -1px; /* make the borders overlap to avoid double borders */
 }
 
 .repository .clone-panel > button:first-of-type {
@@ -166,8 +164,7 @@
 /* Dropdown alignment */
 .repository .clone-panel .dropdown .menu,
 .repository .folder-actions .dropdown .menu {
-  right: 0 !important;
-  left: auto !important;
+  inset-inline: auto 0 !important;
 }
 
 .repository.file.list .repo-description {
@@ -215,7 +212,7 @@ td .commit-summary {
 }
 
 .latest-commit .commit-status {
-  margin-right: 0.25em;
+  margin-inline-end: 0.25em;
 }
 
 @media (max-width: 767.98px) {
@@ -223,7 +220,7 @@ td .commit-summary {
     display: none;
   }
   .latest-commit .commit-summary {
-    margin-left: 8px;
+    margin-inline-start: 8px;
   }
 }
 
@@ -243,7 +240,7 @@ td .commit-summary {
   text-align: inherit;
   color: var(--color-text);
   vertical-align: inherit;
-  border-left: none;
+  border-inline-start: none;
   padding: 6px 5px 6px 10px;
 }
 
@@ -252,8 +249,7 @@ td .commit-summary {
 }
 
 .repository.file.list #repo-files-table tbody .svg {
-  margin-left: 3px;
-  margin-right: 5px;
+  margin-inline: 3px 5px;
 }
 
 @media (min-width: 767.98px) {
@@ -267,7 +263,7 @@ td .commit-summary {
 }
 
 .repository.file.list #repo-files-table tbody .svg.octicon-reply {
-  margin-right: 10px;
+  margin-inline-end: 10px;
 }
 
 .repository.file.list #repo-files-table tbody .svg.octicon-file-directory-fill,
@@ -354,8 +350,7 @@ td .commit-summary {
 }
 
 .repository.file.list #repo-files-table td .at {
-  margin-left: 3px;
-  margin-right: 3px;
+  margin-inline: 3px;
 }
 
 .repository.file.list #repo-files-table td > * {
@@ -367,11 +362,11 @@ td .commit-summary {
 }
 
 .repository.file.list #repo-files-table tr:last-of-type td:first-child {
-  border-bottom-left-radius: var(--border-radius);
+  border-end-start-radius: var(--border-radius);
 }
 
 .repository.file.list #repo-files-table tr:last-of-type td:last-child {
-  border-bottom-right-radius: var(--border-radius);
+  border-end-end-radius: var(--border-radius);
 }
 
 .repository.file.list #repo-files-table tr:hover {
@@ -419,8 +414,8 @@ td .commit-summary {
 }
 
 .code-search + #repo-files-table {
-  border-top-left-radius: 0;
-  border-top-right-radius: 0;
+  border-top-left-radius: 0; /* stylelint-disable-line logical-css/require-logical-properties */
+  border-top-right-radius: 0; /* stylelint-disable-line logical-css/require-logical-properties */
 }
 
 .view-raw {
@@ -476,7 +471,7 @@ citation-information .tab:not(.active) {
 }
 
 .repository.file.list .non-diff-file-content .csv {
-  overflow-x: auto;
+  overflow-inline: auto;
   padding: 0 !important;
 }
 
@@ -493,7 +488,7 @@ citation-information .tab:not(.active) {
 }
 
 .repository.file.list .sidebar {
-  padding-left: 0;
+  padding-inline-start: 0;
 }
 
 .repository.file.list .sidebar .svg {
@@ -508,20 +503,20 @@ citation-information .tab:not(.active) {
   vertical-align: middle !important;
   width: auto !important;
   padding: 7px 8px !important;
-  margin-right: 5px !important;
+  margin-inline-end: 5px !important;
 }
 
 .repository.file.editor .tabular.menu .svg {
-  margin-right: 5px;
+  margin-inline-end: 5px;
 }
 
 .repository.file.editor .commit-form-wrapper {
-  padding-left: 64px;
+  padding-inline-start: 64px;
 }
 
 .repository.file.editor .commit-form-wrapper .commit-avatar {
-  float: left;
-  margin-left: -64px;
+  float: inline-start;
+  margin-inline-start: -64px;
   width: 3em;
   height: auto;
 }
@@ -537,7 +532,7 @@ citation-information .tab:not(.active) {
 
 .repository.file.editor .commit-form-wrapper .commit-form::before,
 .repository.file.editor .commit-form-wrapper .commit-form::after {
-  right: 100%;
+  inset-inline-end: 100%;
   top: 20px;
   border: solid transparent;
   content: " ";
@@ -548,13 +543,13 @@ citation-information .tab:not(.active) {
 }
 
 .repository.file.editor .commit-form-wrapper .commit-form::before {
-  border-right-color: var(--color-secondary);
+  border-inline-end-color: var(--color-secondary);
   border-width: 9px;
   margin-top: -9px;
 }
 
 .repository.file.editor .commit-form-wrapper .commit-form::after {
-  border-right-color: var(--color-box-body);
+  border-inline-end-color: var(--color-box-body);
   border-width: 8px;
   margin-top: -8px;
 }
@@ -571,18 +566,18 @@ citation-information .tab:not(.active) {
 
 .repository.file.editor .commit-form-wrapper .commit-form .quick-pull-choice .new-branch-name-input {
   position: relative;
-  margin-left: 25px;
+  margin-inline-start: 25px;
 }
 
 .repository.file.editor .commit-form-wrapper .commit-form .quick-pull-choice .new-branch-name-input input {
   width: 240px !important;
-  padding-left: 26px !important;
+  padding-inline-start: 26px !important;
 }
 
 .repository.file.editor .commit-form-wrapper .commit-form .quick-pull-choice .octicon-git-branch {
   position: absolute;
   top: 9px;
-  left: 10px;
+  inset-inline-start: 10px;
   color: var(--color-grey);
 }
 
@@ -596,12 +591,12 @@ citation-information .tab:not(.active) {
 }
 
 .repository.new.issue .comment.form .content {
-  margin-left: 4em;
+  margin-inline-start: 4em;
 }
 
 .repository.new.issue .comment.form .content::before,
 .repository.new.issue .comment.form .content::after {
-  right: 100%;
+  inset-inline-end: 100%;
   top: 20px;
   border: solid transparent;
   content: " ";
@@ -612,13 +607,13 @@ citation-information .tab:not(.active) {
 }
 
 .repository.new.issue .comment.form .content::before {
-  border-right-color: var(--color-secondary);
+  border-inline-end-color: var(--color-secondary);
   border-width: 9px;
   margin-top: -9px;
 }
 
 .repository.new.issue .comment.form .content::after {
-  border-right-color: var(--color-box-body);
+  border-inline-end-color: var(--color-box-body);
   border-width: 8px;
   margin-top: -8px;
 }
@@ -660,7 +655,7 @@ citation-information .tab:not(.active) {
     display: none;
   }
   .comment.form .issue-content-left .content {
-    margin-left: 0 !important;
+    margin-inline-start: 0 !important;
   }
   .comment.form .issue-content-left .content::before,
   .comment.form .issue-content-left .content::after,
@@ -670,7 +665,7 @@ citation-information .tab:not(.active) {
   }
 
   .repository.view.issue .issue-title.edit-active h1 {
-    padding-right: 0;
+    padding-inline-end: 0;
   }
 }
 
@@ -689,7 +684,7 @@ citation-information .tab:not(.active) {
   font-size: 32px;
   line-height: 40px;
   margin: 0;
-  padding-right: 0.5rem;
+  padding-inline-end: 0.5rem;
 }
 
 .repository.view.issue .issue-title .ui.input {
@@ -706,7 +701,7 @@ citation-information .tab:not(.active) {
 }
 
 .repository.view.issue .issue-title .label {
-  margin-right: 10px;
+  margin-inline-end: 10px;
 }
 
 .issue-state-label {
@@ -719,7 +714,7 @@ citation-information .tab:not(.active) {
 }
 
 .issue-state-label .svg {
-  margin-right: 4px;
+  margin-inline-end: 4px;
 }
 
 .repository.view.issue .pull-desc code {
@@ -734,7 +729,7 @@ citation-information .tab:not(.active) {
   vertical-align: middle;
   position: relative;
   top: -2px;
-  right: 1px;
+  inset-inline-end: 1px;
 }
 
 .repository.view.issue .pull.tabs.container {
@@ -744,12 +739,12 @@ citation-information .tab:not(.active) {
 
 .repository.view.issue .pull.tabular.menu {
   margin-bottom: 0;
-  overflow-x: auto;
-  overflow-y: hidden;
+  overflow-inline: auto;
+  overflow-block: hidden;
 }
 
 .repository.view.issue .pull.tabular.menu .svg {
-  margin-right: 5px;
+  margin-inline-end: 5px;
 }
 
 .repository.view.issue .merge.box .branch-update.grid .row {
@@ -768,7 +763,7 @@ citation-information .tab:not(.active) {
   margin-bottom: 14px;
   top: 0;
   bottom: 0;
-  left: 96px;
+  inset-inline-start: 96px;
   width: 2px;
   background-color: var(--color-timeline);
   z-index: -1;
@@ -777,8 +772,8 @@ citation-information .tab:not(.active) {
 .repository.view.issue .comment-list .timeline {
   position: relative;
   display: block;
-  margin-left: 40px;
-  padding-left: 16px;
+  margin-inline-start: 40px;
+  padding-inline-start: 16px;
 }
 
 .repository.view.issue .comment-list .timeline::before { /* ciara */
@@ -789,7 +784,7 @@ citation-information .tab:not(.active) {
   margin-bottom: 14px;
   top: 0;
   bottom: 0;
-  left: 30px;
+  inset-inline-start: 30px;
   width: 2px;
   background-color: var(--color-timeline);
   z-index: -1;
@@ -810,13 +805,13 @@ citation-information .tab:not(.active) {
 }
 
 .repository.view.issue .comment-list .timeline-item {
-  margin-left: 16px;
+  margin-inline-start: 16px;
   position: relative;
 }
 
 .repository.view.issue .comment-list .timeline-item .timeline-avatar {
   position: absolute;
-  left: -68px;
+  inset-inline-start: -68px;
 }
 
 /* Don't show the mobile oriented avatar ".inline-timeline-avatar" on desktop. Desktop uses the avatar with class ".timeline-avatar" */
@@ -843,9 +838,8 @@ citation-information .tab:not(.active) {
   background-color: var(--color-timeline);
   border-radius: var(--border-radius-full);
   display: flex;
-  float: left;
-  margin-left: -33px;
-  margin-right: 8px;
+  float: inline-start;
+  margin-inline: -33px 8px;
   color: var(--color-text);
   align-items: center;
   justify-content: center;
@@ -862,7 +856,7 @@ citation-information .tab:not(.active) {
 }
 
 .repository.view.issue .comment-list .timeline-item.comment > .content {
-  margin-left: -16px;
+  margin-inline-start: -16px;
 }
 
 .repository.view.issue .comment-list .timeline-item.event > .text {
@@ -871,13 +865,13 @@ citation-information .tab:not(.active) {
 }
 
 .repository.view.issue .comment-list .timeline-item.commits-list {
-  padding-left: 15px;
+  padding-inline-start: 15px;
   padding-top: 0;
 }
 
 .repository.view.issue .comment-list .timeline-item.commits-list .ui.avatar,
 .repository.view.issue .comment-list .timeline-item.event .ui.avatar {
-  margin-right: 0.25em;
+  margin-inline-end: 0.25em;
 }
 
 .repository.view.issue .comment-list .timeline-item .aggregated-actions .badge {
@@ -931,7 +925,7 @@ citation-information .tab:not(.active) {
 
 @media (max-width: 767.98px) {
   .repository.view.issue .comment-list .timeline-item .ui.segments {
-    margin-left: -2rem;
+    margin-inline-start: -2rem;
   }
 }
 
@@ -940,13 +934,13 @@ citation-information .tab:not(.active) {
 }
 
 .repository.view.issue .comment-list .comment > .content > div:first-child {
-  border-top-left-radius: 4px;
-  border-top-right-radius: 4px;
+  border-top-left-radius: 4px; /* stylelint-disable-line logical-css/require-logical-properties */
+  border-top-right-radius: 4px; /* stylelint-disable-line logical-css/require-logical-properties */
 }
 
 .repository.view.issue .comment-list .comment > .content > div:last-child {
-  border-bottom-left-radius: 4px;
-  border-bottom-right-radius: 4px;
+  border-bottom-left-radius: 4px; /* stylelint-disable-line logical-css/require-logical-properties */
+  border-bottom-right-radius: 4px; /* stylelint-disable-line logical-css/require-logical-properties */
 }
 
 .repository.view.issue .comment-list .comment .comment-container {
@@ -968,13 +962,13 @@ citation-information .tab:not(.active) {
 }
 
 .repository.view.issue .comment-list .comment .merge-section .divider {
-  margin-left: -1rem;
+  margin-inline-start: -1rem;
   width: calc(100% + 2rem);
 }
 
 .repository.view.issue .comment-list .comment .merge-section.no-header::before,
 .repository.view.issue .comment-list .comment .merge-section.no-header::after {
-  right: 100%;
+  inset-inline-end: 100%;
   top: 20px;
   border: solid transparent;
   content: " ";
@@ -985,13 +979,13 @@ citation-information .tab:not(.active) {
 }
 
 .repository.view.issue .comment-list .comment .merge-section.no-header::before {
-  border-right-color: var(--color-secondary);
+  border-inline-end-color: var(--color-secondary);
   border-width: 9px;
   margin-top: -9px;
 }
 
 .repository.view.issue .comment-list .comment .merge-section.no-header::after {
-  border-right-color: var(--color-box-body);
+  border-inline-end-color: var(--color-box-body);
   border-width: 8px;
   margin-top: -8px;
 }
@@ -1060,7 +1054,7 @@ citation-information .tab:not(.active) {
 }
 
 .repository.view.issue .comment-list .code-comment .comment-content {
-  margin-left: calc(20px + 0.5rem);
+  margin-inline-start: calc(20px + 0.5rem);
 }
 
 .repository.view.issue .comment-list .code-comment .add-reaction {
@@ -1087,14 +1081,14 @@ citation-information .tab:not(.active) {
 }
 
 .repository.view.issue .comment-list .comment > .avatar ~ .content {
-  margin-left: 42px;
+  margin-inline-start: 42px;
 }
 
 .repository.view.issue .comment-list .comment-code-cloud .segment.reactions {
   gap: var(--button-spacing);
   flex-wrap: wrap;
   width: unset !important;
-  margin-left: calc(20px + 0.5rem) !important;
+  margin-inline-start: calc(20px + 0.5rem) !important;
   margin-top: 1rem !important;
   margin-bottom: -1rem !important;
   border-top: none !important;
@@ -1123,12 +1117,12 @@ citation-information .tab:not(.active) {
 }
 
 .repository.view.issue .comment-list .event {
-  padding-left: 15px;
+  padding-inline-start: 15px;
 }
 
 .repository.view.issue .comment-list .event .detail {
   margin-top: 4px;
-  margin-left: 15px;
+  margin-inline-start: 15px;
 }
 
 .repository.view.issue .comment-list .event .detail .text {
@@ -1157,7 +1151,7 @@ citation-information .tab:not(.active) {
 
 .repository .comment.form .content .form::before,
 .repository .comment.form .content .form::after {
-  right: 100%;
+  inset-inline-end: 100%;
   top: 20px;
   border: solid transparent;
   content: " ";
@@ -1168,13 +1162,13 @@ citation-information .tab:not(.active) {
 }
 
 .repository .comment.form .content .form::before {
-  border-right-color: var(--color-secondary);
+  border-inline-end-color: var(--color-secondary);
   border-width: 9px;
   margin-top: -9px;
 }
 
 .repository .comment.form .content .form::after {
-  border-right-color: var(--color-box-body);
+  border-inline-end-color: var(--color-box-body);
   border-width: 8px;
   margin-top: -8px;
 }
@@ -1189,7 +1183,7 @@ citation-information .tab:not(.active) {
 }
 
 .repository.compare.pull .show-form-container {
-  text-align: left;
+  text-align: start;
 }
 
 .repository .choose.branch {
@@ -1220,7 +1214,7 @@ citation-information .tab:not(.active) {
 
 .repository.compare.pull .comment.form .content::before,
 .repository.compare.pull .comment.form .content::after {
-  right: 100%;
+  inset-inline-end: 100%;
   top: 20px;
   border: solid transparent;
   content: " ";
@@ -1231,13 +1225,13 @@ citation-information .tab:not(.active) {
 }
 
 .repository.compare.pull .comment.form .content::before {
-  border-right-color: var(--color-secondary);
+  border-inline-end-color: var(--color-secondary);
   border-width: 9px;
   margin-top: -9px;
 }
 
 .repository.compare.pull .comment.form .content::after {
-  border-right-color: var(--color-box-body);
+  border-inline-end-color: var(--color-box-body);
   border-width: 8px;
   margin-top: -8px;
 }
@@ -1261,14 +1255,14 @@ citation-information .tab:not(.active) {
 
 .repository.branches .commit-divergence .bar-group {
   position: relative;
-  float: left;
+  float: inline-start;
   padding-bottom: 6px;
   width: 50%;
   max-width: 90px;
 }
 
 .repository.branches .commit-divergence .bar-group:last-child {
-  border-left: 1px solid var(--color-secondary-dark-2);
+  border-inline-start: 1px solid var(--color-secondary-dark-2);
 }
 
 .repository.branches .commit-divergence .count {
@@ -1276,11 +1270,11 @@ citation-information .tab:not(.active) {
 }
 
 .repository.branches .commit-divergence .count.count-ahead {
-  text-align: left;
+  text-align: start;
 }
 
 .repository.branches .commit-divergence .count.count-behind {
-  text-align: right;
+  text-align: end;
 }
 
 .repository.branches .commit-divergence .bar {
@@ -1290,11 +1284,11 @@ citation-information .tab:not(.active) {
 }
 
 .repository.branches .commit-divergence .bar.bar-behind {
-  right: 0;
+  inset-inline-end: 0;
 }
 
 .repository.branches .commit-divergence .bar.bar-ahead {
-  left: 0;
+  inset-inline-start: 0;
 }
 
 .repository.commits .header .search input {
@@ -1334,7 +1328,7 @@ citation-information .tab:not(.active) {
   padding: 5px !important;
   overflow: hidden;
   font-size: 12px;
-  text-align: left;
+  text-align: start;
   white-space: nowrap;
   border: 1px solid var(--color-secondary);
 }
@@ -1348,10 +1342,10 @@ citation-information .tab:not(.active) {
   border-bottom: none !important;
 }
 .repository .data-table tr :is(td,th):first-child {
-  border-left: none !important;
+  border-inline-start: none !important;
 }
 .repository .data-table tr :is(td,th):last-child {
-  border-right: none !important;
+  border-inline-end: none !important;
 }
 
 .repository .data-table td {
@@ -1395,7 +1389,7 @@ citation-information .tab:not(.active) {
   white-space: nowrap;
   vertical-align: top;
   cursor: pointer;
-  text-align: right;
+  text-align: end;
   background: var(--color-body);
   border: 0;
 }
@@ -1419,8 +1413,7 @@ citation-information .tab:not(.active) {
   }
 }
 .repository .diff-detail-box .diff-detail-stats strong {
-  margin-left: 0.25rem;
-  margin-right: 0.25rem;
+  margin-inline: 0.25rem;
 }
 
 /* Because the translations contain the <strong> we need to style with nth-of-type */
@@ -1451,15 +1444,14 @@ citation-information .tab:not(.active) {
 
 .diff-detail-actions > *,
 .diff-detail-actions .button {
-  margin-left: 0 !important;
-  margin-right: 0 !important;
+  margin-inline: 0 !important;
 }
 
 .repository .diff-detail-box span.status {
   display: inline-block;
   width: 12px;
   height: 12px;
-  margin-right: 8px;
+  margin-inline-end: 8px;
   vertical-align: middle;
 }
 
@@ -1499,7 +1491,7 @@ citation-information .tab:not(.active) {
 .repository .diff-box .header:not(.resolved-placeholder) .button {
   padding: 0 1.125em;
   flex: 0 0 auto;
-  margin-right: 0;
+  margin-inline-end: 0;
   height: 30px;
 }
 
@@ -1525,7 +1517,7 @@ citation-information .tab:not(.active) {
 }
 
 .repository .diff-file-box .file-body.file-code .lines-num {
-  text-align: right;
+  text-align: end;
   width: 1%;
   min-width: 50px;
 }
@@ -1565,7 +1557,7 @@ citation-information .tab:not(.active) {
 
 .repository .diff-file-box .code-diff tbody tr [data-line-num]::before {
   content: attr(data-line-num);
-  text-align: right;
+  text-align: end;
 }
 
 .repository .diff-file-box .code-diff tbody tr .lines-type-marker {
@@ -1575,12 +1567,12 @@ citation-information .tab:not(.active) {
 
 .repository .diff-file-box .code-diff tbody tr [data-type-marker]::before {
   content: attr(data-type-marker);
-  text-align: right;
+  text-align: end;
   display: inline-block;
 }
 
 .repository .diff-file-box .code-diff-split .tag-code .lines-code code.code-inner {
-  padding-left: 10px !important;
+  padding-inline-start: 10px !important;
 }
 
 .repository .diff-file-box .code-diff-split table,
@@ -1589,7 +1581,7 @@ citation-information .tab:not(.active) {
 }
 
 .repository .diff-file-box.file-content {
-  clear: right;
+  clear: inline-end;
 }
 
 .repository .diff-file-box.file-content .image-diff img {
@@ -1683,7 +1675,7 @@ details.repo-search-result summary::marker {
 /* if the element is for a checkbox, then it should have a padding-left to align to the checkbox's text */
 .repository.settings.branches .branch-protection .ui.checkbox .help,
 .repository.settings.branches .branch-protection .checkbox-sub-item {
-  padding-left: 26px;
+  padding-inline-start: 26px;
 }
 
 .repository.settings.branches .branch-protection .status-check-matched-mark {
@@ -1692,8 +1684,8 @@ details.repo-search-result summary::marker {
 }
 
 .repository .ui.attached.isSigned.isWarning {
-  border-left: 1px solid var(--color-error-border);
-  border-right: 1px solid var(--color-error-border);
+  border-inline-start: 1px solid var(--color-error-border);
+  border-inline-end: 1px solid var(--color-error-border);
 }
 
 .repository .ui.attached.isSigned.isWarning.top,
@@ -1717,8 +1709,8 @@ details.repo-search-result summary::marker {
 }
 
 .repository .ui.attached.isSigned.isVerified {
-  border-left: 1px solid var(--color-success-border);
-  border-right: 1px solid var(--color-success-border);
+  border-inline-start: 1px solid var(--color-success-border);
+  border-inline-end: 1px solid var(--color-success-border);
 }
 
 .repository .ui.attached.isSigned.isVerified.top,
@@ -1743,8 +1735,8 @@ details.repo-search-result summary::marker {
 
 .repository .ui.attached.isSigned.isVerifiedUntrusted,
 .repository .ui.attached.isSigned.isVerifiedUnmatched {
-  border-left: 1px solid var(--color-warning-border);
-  border-right: 1px solid var(--color-warning-border);
+  border-inline-start: 1px solid var(--color-warning-border);
+  border-inline-end: 1px solid var(--color-warning-border);
 }
 
 .repository .ui.attached.isSigned.isVerifiedUntrusted.top,
@@ -1775,8 +1767,7 @@ details.repo-search-result summary::marker {
 
 .repository .segment.reactions.dropdown .menu,
 .repository .select-reaction.dropdown .menu {
-  right: 0 !important;
-  left: auto !important;
+  inset-inline: auto 0 !important;
   min-width: 170px;
 }
 
@@ -1787,7 +1778,7 @@ details.repo-search-result summary::marker {
 
 .repository .segment.reactions.dropdown .menu > .item,
 .repository .select-reaction.dropdown .menu > .item {
-  float: left;
+  float: inline-start;
   margin: 4px;
   font-size: 20px;
   width: 34px;
@@ -1816,7 +1807,7 @@ details.repo-search-result summary::marker {
   display: flex !important;
   align-items: center;
   border: 0;
-  border-right: 1px solid;
+  border-inline-end: 1px solid;
   border-radius: 0;
   margin: 0;
   font-size: 12px;
@@ -1826,7 +1817,7 @@ details.repo-search-result summary::marker {
 }
 
 .repository .segment.reactions .ui.label:first-of-type {
-  border-bottom-left-radius: 3px;
+  border-end-start-radius: 3px;
 }
 
 .repository .segment.reactions .ui.label.disabled {
@@ -1845,7 +1836,7 @@ details.repo-search-result summary::marker {
 }
 
 .repository .segment.reactions .reaction-count {
-  margin-left: 0.5rem;
+  margin-inline-start: 0.5rem;
 }
 
 .repository .segment.reactions .select-reaction {
@@ -1912,7 +1903,7 @@ details.repo-search-result summary::marker {
 
 #search-user-box .results .result .image {
   order: 0;
-  margin-right: 12px;
+  margin-inline-end: 12px;
   width: 2em;
   height: 2em;
   min-width: 2em;
@@ -2005,7 +1996,7 @@ details.repo-search-result summary::marker {
 }
 
 .comment:target .header::before {
-  border-right-color: var(--color-primary) !important;
+  border-inline-end-color: var(--color-primary) !important;
   filter: drop-shadow(-3px 0 0 var(--color-primary-alpha-30)) !important;
 }
 
@@ -2041,7 +2032,7 @@ details.repo-search-result summary::marker {
 
 .comment-header::before,
 .comment-header::after {
-  right: 100%;
+  inset-inline-end: 100%;
   top: 20px;
   border: solid transparent;
   content: " ";
@@ -2052,13 +2043,13 @@ details.repo-search-result summary::marker {
 }
 
 .comment-header::before {
-  border-right-color: var(--color-secondary);
+  border-inline-end-color: var(--color-secondary);
   border-width: 9px;
   margin-top: -9px;
 }
 
 .comment-header::after {
-  border-right-color: var(--color-box-header);
+  border-inline-end-color: var(--color-box-header);
   border-width: 8px;
   margin-top: -8px;
 }
@@ -2070,12 +2061,12 @@ details.repo-search-result summary::marker {
 
 .comment-header.arrow-top::before {
   top: -9px;
-  left: 6px;
+  inset-inline-start: 6px;
 }
 
 .comment-header.arrow-top::after {
   top: -8px;
-  left: 7px;
+  inset-inline-start: 7px;
 }
 
 .comment-header-right.actions a:not(.label) {
@@ -2120,13 +2111,13 @@ details.repo-search-result summary::marker {
 }
 
 .stats-table .table-cell:first-child {
-  border-top-left-radius: 4px;
-  border-bottom-left-radius: 4px;
+  border-start-start-radius: 4px;
+  border-end-start-radius: 4px;
 }
 
 .stats-table .table-cell:last-child {
-  border-top-right-radius: 4px;
-  border-bottom-right-radius: 4px;
+  border-start-end-radius: 4px;
+  border-end-end-radius: 4px;
 }
 
 .labels-list {
@@ -2150,15 +2141,15 @@ details.repo-search-result summary::marker {
 }
 
 .ui.label.scope-left {
-  border-bottom-right-radius: 0;
-  border-top-right-radius: 0;
-  margin-right: 0;
+  border-end-end-radius: 0;
+  border-start-end-radius: 0;
+  margin-inline-end: 0;
 }
 
 .ui.label.scope-right {
-  border-bottom-left-radius: 0;
-  border-top-left-radius: 0;
-  margin-left: 0;
+  border-end-start-radius: 0;
+  border-start-start-radius: 0;
+  margin-inline-start: 0;
 }
 
 .archived-label {
@@ -2180,7 +2171,7 @@ details.repo-search-result summary::marker {
 }
 
 .repo-button-row .button.dropdown:not(.icon) {
-  padding-right: 22px !important; /* normal buttons have !important paddings, so we need to override it for dropdown (Add File) icons */
+  padding-inline-end: 22px !important; /* normal buttons have !important paddings, so we need to override it for dropdown (Add File) icons */
 }
 
 .repo-button-row .button strong {
@@ -2257,14 +2248,14 @@ tbody.commit-list {
 }
 
 .git-notes.top {
-  text-align: left;
+  text-align: start;
 }
 
 .comment-diff-data {
   background: var(--color-code-bg);
   min-height: 12em;
   max-height: calc(100vh - 10.5rem);
-  overflow-y: auto;
+  overflow-block: auto;
   tab-size: 4;
 }
 
@@ -2295,14 +2286,14 @@ tbody.commit-list {
 }
 
 .repo-topics .repo-topic:last-of-type {
-  margin-right: 0.5rem;
+  margin-inline-end: 0.5rem;
 }
 
 #new-dependency-drop-list.ui.selection.dropdown {
   min-width: 0;
   width: 100%;
   border-radius: var(--border-radius) 0 0 var(--border-radius);
-  border-right: 0;
+  border-inline-end: 0;
   white-space: nowrap;
 }
 
@@ -2349,7 +2340,7 @@ tbody.commit-list {
   align-items: center;
   display: flex;
   justify-content: space-between;
-  overflow-x: auto;
+  overflow-inline: auto;
   padding: 6px 12px !important;
   font-size: 13px !important;
   min-height: 46px;
@@ -2367,9 +2358,9 @@ tbody.commit-list {
 }
 
 .file-info-entry + .file-info-entry {
-  border-left: 1px solid currentcolor;
-  margin-left: 8px;
-  padding-left: 8px;
+  border-inline-start: 1px solid currentcolor;
+  margin-inline-start: 8px;
+  padding-inline-start: 8px;
 }
 
 #diff-container {
@@ -2406,7 +2397,7 @@ tbody.commit-list {
   top: 47px;
   max-height: calc(100vh - 47px);
   height: 100%;
-  overflow-y: auto;
+  overflow-block: auto;
 }
 
 .ui.message.unicode-escape-prompt {
@@ -2418,8 +2409,8 @@ tbody.commit-list {
 
 /* fomantic's last-child selector does not work with hidden last child */
 .ui.buttons .unescape-button {
-  border-top-right-radius: 0.28571429rem;
-  border-bottom-right-radius: 0.28571429rem;
+  border-start-end-radius: 0.28571429rem;
+  border-end-end-radius: 0.28571429rem;
 }
 
 .webhook-info {
@@ -2467,7 +2458,7 @@ tbody.commit-list {
 }
 
 .diff-file-name .ui.label {
-  margin-left: 0 !important;
+  margin-inline-start: 0 !important;
 }
 
 .diff-stats-bar {
@@ -2483,8 +2474,7 @@ tbody.commit-list {
 }
 
 .ui.form .right .ui.button {
-  margin-left: 0.25em;
-  margin-right: 0;
+  margin-inline: 0.25em 0;
 }
 
 .removed-code {
@@ -2532,7 +2522,7 @@ tbody.commit-list {
 
 .code-diff-split tbody tr td:nth-child(5),
 .code-diff-split tbody tr td.add-comment-right {
-  border-left: 1px solid var(--color-secondary);
+  border-inline-start: 1px solid var(--color-secondary);
 }
 
 .commits-table .commits-table-right form {
@@ -2555,7 +2545,7 @@ tbody.commit-list {
   .repository.file.list #repo-files-table .commit-list td.age,
   .repository.file.list #repo-files-table .entry th.age,
   .repository.file.list #repo-files-table .commit-list th.age {
-    margin-left: auto;
+    margin-inline-start: auto;
   }
   .repository.file.list #repo-files-table .entry td.message,
   .repository.file.list #repo-files-table .commit-list td.message,
@@ -2565,19 +2555,18 @@ tbody.commit-list {
   }
   .repository.view.issue .comment-list .timeline,
   .repository.view.issue .comment-list .timeline-item {
-    margin-left: 0;
+    margin-inline-start: 0;
   }
   .repository.view.issue .comment-list .timeline::before {
-    left: 14px;
+    inset-inline-start: 14px;
   }
   .repository.view.issue .comment-list .timeline .inline-timeline-avatar {
     display: flex;
     margin-bottom: auto;
-    margin-left: 6px;
-    margin-right: 2px;
+    margin-inline: 6px 2px;
   }
   .repository.view.issue .comment-list .timeline .comment-header {
-    padding-left: 4px;
+    padding-inline-start: 4px;
   }
   .repository.view.issue .comment-list .timeline .comment-header::before,
   .repository.view.issue .comment-list .timeline .comment-header::after {
@@ -2591,7 +2580,7 @@ tbody.commit-list {
   }
   .commit-header-row .ui.horizontal.list {
     width: 100%;
-    overflow-x: auto;
+    overflow-inline: auto;
     margin-top: 2px;
   }
   .commit-header-row .ui.horizontal.list .item {
@@ -2621,7 +2610,7 @@ tbody.commit-list {
     order: 2; /* the "search" button */
   }
   .commit-table {
-    overflow-x: auto;
+    overflow-inline: auto;
   }
   .commit-table td.sha,
   .commit-table th.sha {
@@ -2634,7 +2623,7 @@ tbody.commit-list {
     flex-wrap: wrap;
   }
   .comment-header .comment-header-right {
-    margin-left: auto;
+    margin-inline-start: auto;
   }
 }
 
@@ -2666,7 +2655,7 @@ tbody.commit-list {
 
 .commit-status-list {
   max-height: 240px; /* fit exactly 6 items, commit-status-item.height * 6 */
-  overflow-x: hidden;
+  overflow-inline: hidden;
   transition: max-height .2s;
 }
 
@@ -2699,7 +2688,7 @@ tbody.commit-list {
 }
 
 .commit-status-item .status-details > span {
-  padding-right: 0.5em; /* To avoid scrollbar occlusion */
+  padding-inline-end: 0.5em; /* To avoid scrollbar occlusion */
 }
 
 .search-fullname {
@@ -2742,8 +2731,8 @@ tbody.commit-list {
 .repository .issue-content .issue-content-right .ui.grid .column.muted .text.black {
   border-color: var(--color-secondary);
   background: var(--color-menu);
-  border-top-left-radius: var(--border-radius);
-  border-top-right-radius: var(--border-radius);
+  border-top-left-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
+  border-top-right-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
 }
 .repository .issue-content .issue-content-right .ui.dropdown  .scrolling.menu {
   border-top: none;
diff --git a/web_src/css/repo/file-view.css b/web_src/css/repo/file-view.css
index 2ce7f3ec0f..4f967744db 100644
--- a/web_src/css/repo/file-view.css
+++ b/web_src/css/repo/file-view.css
@@ -8,7 +8,7 @@
 }
 
 .lines-code {
-  padding-left: 5px;
+  padding-inline-start: 5px;
 }
 
 .file-view tr.active .lines-num,
@@ -18,7 +18,7 @@
 }
 
 .file-view tr.active:last-of-type .lines-code {
-  border-bottom-right-radius: var(--border-radius);
+  border-end-end-radius: var(--border-radius);
 }
 
 .file-view tr.active .lines-num {
@@ -32,7 +32,7 @@
 .file-view tr.active .lines-num::before {
   content: "";
   position: absolute;
-  left: 0;
+  inset-inline-start: 0;
   width: 2px;
   height: 100%;
   background: var(--color-highlight-fg);
diff --git a/web_src/css/repo/issue-label.css b/web_src/css/repo/issue-label.css
index 9b4b144a00..ed34116bbd 100644
--- a/web_src/css/repo/issue-label.css
+++ b/web_src/css/repo/issue-label.css
@@ -34,7 +34,7 @@
 
 .issue-label-list .item a {
   font-size: 12px;
-  padding-right: 10px;
+  padding-inline-end: 10px;
   color: var(--color-text-light);
 }
 
@@ -47,6 +47,6 @@
 }
 
 .archived-label-hint {
-  float: right;
+  float: inline-end;
   margin: -12px;
 }
diff --git a/web_src/css/repo/issue-list.css b/web_src/css/repo/issue-list.css
index 7f1b8c31cd..24bcb68afa 100644
--- a/web_src/css/repo/issue-list.css
+++ b/web_src/css/repo/issue-list.css
@@ -18,7 +18,7 @@
 }
 
 .issue-list-new.button {
-  margin-right: 0;
+  margin-inline-end: 0;
 }
 
 .list-header-issues {
@@ -31,7 +31,7 @@
   }
   .issue-list-new {
     order: 1;
-    margin-left: auto !important;
+    margin-inline-start: auto !important;
   }
   .issue-list-search {
     order: 2 !important;
@@ -44,8 +44,8 @@
    **/
   .issue-list-toolbar-right .filter.menu {
     flex-wrap: nowrap;
-    overflow-x: auto;
-    overflow-y: hidden;
+    overflow-inline: auto;
+    overflow-block: hidden;
   }
 
   /* The following few CSS was created with care and built with the information
@@ -89,7 +89,7 @@
 }
 
 #issue-list .issue-meta .checklist progress {
-  margin-left: 2px;
+  margin-inline-start: 2px;
   width: 80px;
   height: 6px;
   display: inline-block;
@@ -104,7 +104,7 @@
 }
 
 .archived-label-filter {
-  margin-left: 10px;
+  margin-inline-start: 10px;
   font-size: 12px;
   display: flex !important;
   margin-bottom: 8px;
diff --git a/web_src/css/repo/linebutton.css b/web_src/css/repo/linebutton.css
index d32899a06b..d46b8787dc 100644
--- a/web_src/css/repo/linebutton.css
+++ b/web_src/css/repo/linebutton.css
@@ -9,7 +9,7 @@
   padding: 1px 4px !important;
   position: absolute;
   font-family: var(--fonts-regular);
-  left: 0;
+  inset-inline-start: 0;
   transform: translateX(calc(-50% + 6px));
   cursor: pointer;
 }
diff --git a/web_src/css/repo/list-header.css b/web_src/css/repo/list-header.css
index 4f8e39db64..6acc4df668 100644
--- a/web_src/css/repo/list-header.css
+++ b/web_src/css/repo/list-header.css
@@ -8,8 +8,7 @@
 .list-header-sort {
   display: flex;
   align-items: center;
-  padding-left: 1rem;
-  padding-right: 1rem;
+  padding-inline: 1rem;
 }
 
 .list-header-search {
@@ -35,6 +34,6 @@
   }
   .list-header-sort {
     order: 2;
-    margin-left: auto;
+    margin-inline-start: auto;
   }
 }
diff --git a/web_src/css/repo/release-tag.css b/web_src/css/repo/release-tag.css
index b421b13562..713a268594 100644
--- a/web_src/css/repo/release-tag.css
+++ b/web_src/css/repo/release-tag.css
@@ -1,6 +1,6 @@
 #release-list {
   margin-top: 10px; /* Overriding browser default for <ul>, same value as divider */
-  padding-left: 0; /* Unset browser default */
+  padding-inline-start: 0; /* Unset browser default */
 }
 
 #release-list > li {
@@ -24,7 +24,7 @@
       grid-column: 1;
       grid-row: 1 / span 2;
       flex-direction: column;
-      text-align: right;
+      text-align: end;
 
       /* Align contents of meta column with release name */
       padding-top: 11px;
@@ -37,7 +37,7 @@
     }
     :is(.detail, .release-title-wrap) {
       /* Line separating columns on wide screen */
-      border-left: 1px solid var(--color-secondary);
+      border-inline-start: 1px solid var(--color-secondary);
       padding-inline-start: 1rem;
       margin-inline-start: 1rem;
     }
@@ -75,7 +75,7 @@
     order: 2 !important;
   }
   .release-list-buttons {
-    margin-left: auto;
+    margin-inline-start: auto;
   }
 }
 
@@ -104,7 +104,7 @@
 /* List of downloads */
 #release-list > li .detail .download .list {
   /* Override <ul> default */
-  padding-left: 0;
+  padding-inline-start: 0;
   /* Compensate emptiness that opener provides when <details> is closed */
   padding-block-end: 1rem;
 
@@ -124,14 +124,14 @@
 
   :is(li:first-child, .start-gap + hr + li) {
     border-top: 1px solid var(--color-secondary);
-    border-top-left-radius: var(--border-radius);
-    border-top-right-radius: var(--border-radius);
+    border-top-left-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
+    border-top-right-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
   }
 
   :is(li:last-child, .start-gap) {
     border-bottom: 1px solid var(--color-secondary);
-    border-bottom-left-radius: var(--border-radius);
-    border-bottom-right-radius: var(--border-radius);
+    border-bottom-left-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
+    border-bottom-right-radius: var(--border-radius); /* stylelint-disable-line logical-css/require-logical-properties */
   }
 }
 
@@ -156,8 +156,7 @@
 }
 
 .repository.new.release .target .at {
-  margin-left: -5px;
-  margin-right: 5px;
+  margin-inline: -5px 5px;
 }
 
 .repository.new.release .target .selection.dropdown {
@@ -174,7 +173,7 @@
 }
 
 .ui.ui.ui.tag-label {
-  margin-left: 0.25rem;
+  margin-inline-start: 0.25rem;
   padding: 0.2rem 0.4rem;
   gap: 0.3rem;
 }
@@ -194,7 +193,7 @@
 
 .repository .release-tag-name .ui.label.isSigned .avatar,
 .repository .release-title-wrap .ui.label.isSigned .avatar {
-  margin-left: .5rem;
+  margin-inline-start: .5rem;
 }
 
 .repository .release-tag-name .ui.label.isSigned.isVerified,
diff --git a/web_src/css/repo/wiki.css b/web_src/css/repo/wiki.css
index 3246e64634..11f1b09ab5 100644
--- a/web_src/css/repo/wiki.css
+++ b/web_src/css/repo/wiki.css
@@ -3,7 +3,7 @@
 }
 
 .repository.wiki .wiki-pages-list .wiki-git-entry {
-  margin-left: 10px;
+  margin-inline-start: 10px;
   display: none;
 }
 
@@ -33,13 +33,13 @@
 }
 
 .repository.wiki .wiki-content-main.with-sidebar {
-  float: left;
+  float: inline-start;
   width: 80%;
   max-width: calc(100% - 150px - 1em); /* match the min-width of .wiki-content-sidebar */
 }
 
 .repository.wiki .wiki-content-sidebar {
-  float: right;
+  float: inline-end;
   width: calc(20% - 1em);
   min-width: 150px;
 }
@@ -59,8 +59,8 @@
 }
 
 .repository.wiki .wiki-content-toc ul ul {
-  border-left:  1px var(--color-secondary);
-  border-left-style: dashed;
+  border-inline-start:  1px var(--color-secondary);
+  border-inline-start-style: dashed;
 }
 
 @media (max-width: 767.98px) {
diff --git a/web_src/css/review.css b/web_src/css/review.css
index 5e3b6734c4..b8df53daf3 100644
--- a/web_src/css/review.css
+++ b/web_src/css/review.css
@@ -15,7 +15,7 @@
 .ui.button.add-code-comment {
   padding: 2px;
   position: absolute;
-  margin-left: -22px;
+  margin-inline-start: -22px;
   z-index: 5;
   opacity: 0;
   transition: transform 0.1s ease-in-out;
@@ -36,7 +36,7 @@
 }
 
 .repository .diff-file-box .code-diff td.lines-escape {
-  padding-left: 0 !important;
+  padding-inline-start: 0 !important;
 }
 
 .diff-file-box .lines-code:hover .ui.button.add-code-comment {
@@ -52,8 +52,7 @@
 .repository .diff-file-box .code-diff .add-code-comment .add-comment-left,
 .repository .diff-file-box .code-diff .add-code-comment .add-comment-right,
 .repository .diff-file-box .code-diff .add-code-comment .lines-type-marker {
-  padding-left: 0 !important;
-  padding-right: 0 !important;
+  padding-inline: 0 !important;
 }
 
 .add-comment-left.add-comment-right .ui.attached.header {
@@ -86,7 +85,7 @@
 }
 
 .add-comment .comment-code-cloud form {
-  margin-left: 42px;
+  margin-inline-start: 42px;
 }
 
 @media (max-width: 767.98px) {
@@ -109,13 +108,13 @@
     flex-shrink: 0;
   }
   .comment-code-cloud .comments .comment .avatar ~ .content {
-    margin-left: 1em;
+    margin-inline-start: 1em;
   }
   .comment-code-cloud .comments .comment img.avatar {
     margin: 0 !important;
   }
   .comment-code-cloud .comments .comment .comment-content {
-    margin-left: 0 !important;
+    margin-inline-start: 0 !important;
   }
   .comment-code-cloud .comments .comment.code-comment {
     padding: 0 0 0.5rem !important;
@@ -180,7 +179,7 @@
 }
 
 .diff-file-body .comment-form {
-  margin-left: 3em;
+  margin-inline-start: 3em;
 }
 
 .diff-file-body.binary {
@@ -271,7 +270,7 @@
 }
 
 .viewed-file-form input {
-  margin-right: 4px;
+  margin-inline-end: 4px;
 }
 
 .viewed-file-checked-form {
diff --git a/web_src/css/shared/repoorg.css b/web_src/css/shared/repoorg.css
index 5573ae47b8..71720cb00f 100644
--- a/web_src/css/shared/repoorg.css
+++ b/web_src/css/shared/repoorg.css
@@ -2,7 +2,7 @@
 .organization .head .ui.header .text {
   vertical-align: middle;
   font-size: 1.6rem;
-  margin-left: 15px;
+  margin-inline-start: 15px;
 }
 
 .repository .ui.tabs.container,
@@ -13,6 +13,6 @@
 
 .repository .head .ui.header .org-visibility .label,
 .organization .head .ui.header .org-visibility .label {
-  margin-left: 5px;
+  margin-inline-start: 5px;
   margin-top: 5px;
 }
diff --git a/web_src/css/standalone/swagger.css b/web_src/css/standalone/swagger.css
index c32e392036..34241a2d91 100644
--- a/web_src/css/standalone/swagger.css
+++ b/web_src/css/standalone/swagger.css
@@ -14,7 +14,7 @@ body {
   text-decoration: none;
   position: absolute;
   top: 1rem;
-  right: 1.5rem;
+  inset-inline-end: 1.5rem;
   display: flex;
   align-items: center;
 }
@@ -26,7 +26,7 @@ body {
 .swagger-back-link svg {
   color: inherit;
   fill: currentcolor;
-  margin-right: 0.5rem;
+  margin-inline-end: 0.5rem;
 }
 
 @media (prefers-color-scheme: dark) {
diff --git a/web_src/css/themes/theme-forgejo-dark.css b/web_src/css/themes/theme-forgejo-dark.css
index 974f920158..33d1674587 100644
--- a/web_src/css/themes/theme-forgejo-dark.css
+++ b/web_src/css/themes/theme-forgejo-dark.css
@@ -336,7 +336,7 @@ i.grey.icon.icon.icon.icon {
 #review-box .review-comments-counter {
   background-color: var(--color-shadow) !important;
   color: var(--color-white) !important;
-  margin-left: 0.5em;
+  margin-inline-start: 0.5em;
 }
 .ui.basic.labels .primary.label,
 .ui.ui.ui.basic.primary.label {
diff --git a/web_src/css/themes/theme-forgejo-light.css b/web_src/css/themes/theme-forgejo-light.css
index da89f0db73..e41a7b1aca 100644
--- a/web_src/css/themes/theme-forgejo-light.css
+++ b/web_src/css/themes/theme-forgejo-light.css
@@ -307,7 +307,7 @@
 }
 #review-box .review-comments-counter {
   background-color: var(--color-label-bg) !important;
-  margin-left: 0.5em;
+  margin-inline-start: 0.5em;
 }
 .ui.basic.labels .primary.label,
 .ui.ui.ui.basic.primary.label {
diff --git a/web_src/css/user.css b/web_src/css/user.css
index 71ac2b364b..b71c270804 100644
--- a/web_src/css/user.css
+++ b/web_src/css/user.css
@@ -75,7 +75,7 @@
 }
 
 .user.settings .iconFloat {
-  float: left;
+  float: inline-start;
 }
 
 .user-orgs {
diff --git a/web_src/js/components/ActionJobStep.vue b/web_src/js/components/ActionJobStep.vue
index 600f1ce344..af2bf49afe 100644
--- a/web_src/js/components/ActionJobStep.vue
+++ b/web_src/js/components/ActionJobStep.vue
@@ -235,7 +235,7 @@ export default {
 }
 
 .job-step-summary .step-summary-duration {
-  margin-left: 16px;
+  margin-inline-start: 16px;
 }
 
 .job-step-summary.selected {
@@ -263,7 +263,7 @@ export default {
   flex: 1;
   word-break: break-all;
   white-space: break-spaces;
-  margin-left: 10px;
+  margin-inline-start: 10px;
   overflow-wrap: anywhere;
   color: var(--color-console-fg);
 }
@@ -281,7 +281,7 @@ export default {
 .job-log-line .line-num, .log-time-seconds {
   width: 48px;
   color: var(--color-text-light-3);
-  text-align: right;
+  text-align: end;
   user-select: none;
 }
 
@@ -291,13 +291,13 @@ export default {
 }
 
 .log-time-seconds {
-  padding-right: 2px;
+  padding-inline-end: 2px;
 }
 
 .job-log-line .log-time,
 .log-time-stamp {
   color: var(--color-text-light-3);
-  margin-left: 10px;
+  margin-inline-start: 10px;
   white-space: nowrap;
 }
 
diff --git a/web_src/js/components/DashboardRepoList.vue b/web_src/js/components/DashboardRepoList.vue
index 9bc655df32..3dcfeb2c73 100644
--- a/web_src/js/components/DashboardRepoList.vue
+++ b/web_src/js/components/DashboardRepoList.vue
@@ -466,7 +466,7 @@ export default {
 ul {
   list-style: none;
   margin: 0;
-  padding-left: 0;
+  padding-inline-start: 0;
 }
 
 ul li {
@@ -487,8 +487,7 @@ ul li:not(:last-child) {
 }
 
 .repos-filter .item {
-  padding-left: 6px !important;
-  padding-right: 6px !important;
+  padding-inline: 6px !important;
 }
 
 .repo-list-link {
@@ -505,15 +504,14 @@ ul li:not(:last-child) {
 
 .repo-list-icon {
   min-width: 16px;
-  margin-right: 2px;
+  margin-inline-end: 2px;
 }
 
 /* octicon-mirror has no padding inside the SVG */
 .repo-list-icon.octicon-mirror {
   width: 14px;
   min-width: 14px;
-  margin-left: 1px;
-  margin-right: 3px;
+  margin-inline: 1px 3px;
 }
 
 .repo-owner-name-list li.active {
diff --git a/web_src/js/components/DiffCommitSelector.vue b/web_src/js/components/DiffCommitSelector.vue
index bf388de5c4..d6715b0015 100644
--- a/web_src/js/components/DiffCommitSelector.vue
+++ b/web_src/js/components/DiffCommitSelector.vue
@@ -275,7 +275,7 @@ export default {
   }
 
   #diff-commit-selector-menu {
-    overflow-x: hidden;
+    overflow-inline: hidden;
     max-height: 450px;
   }
 
diff --git a/web_src/js/components/DiffFileTree.vue b/web_src/js/components/DiffFileTree.vue
index cddfee1e04..94c74d724d 100644
--- a/web_src/js/components/DiffFileTree.vue
+++ b/web_src/js/components/DiffFileTree.vue
@@ -139,6 +139,6 @@ export default {
   display: flex;
   flex-direction: column;
   gap: 1px;
-  margin-right: .5rem;
+  margin-inline-end: .5rem;
 }
 </style>
diff --git a/web_src/js/components/DiffFileTreeItem.vue b/web_src/js/components/DiffFileTreeItem.vue
index 0f6e54363f..2087b26fd1 100644
--- a/web_src/js/components/DiffFileTreeItem.vue
+++ b/web_src/js/components/DiffFileTreeItem.vue
@@ -61,12 +61,12 @@ a, a:hover {
   display: flex;
   flex-direction: column;
   gap: 1px;
-  margin-left: 13px;
-  border-left: 1px solid var(--color-secondary);
+  margin-inline-start: 13px;
+  border-inline-start: 1px solid var(--color-secondary);
 }
 
 .sub-items .item-file {
-  padding-left: 18px;
+  padding-inline-start: 18px;
 }
 
 .item-file.selected {
diff --git a/web_src/js/components/PullRequestMergeForm.vue b/web_src/js/components/PullRequestMergeForm.vue
index 56265b10dd..d37aeafa9a 100644
--- a/web_src/js/components/PullRequestMergeForm.vue
+++ b/web_src/js/components/PullRequestMergeForm.vue
@@ -203,8 +203,7 @@ export default {
   position: static;
 }
 .ui.merge-button > .ui.dropdown:last-child > .menu:not(.left) {
-  left: 0;
-  right: auto;
+  inset-inline: 0 auto;
 }
 .ui.merge-button .ui.dropdown .menu > .item {
   display: flex;
@@ -227,7 +226,7 @@ export default {
 }
 .auto-merge-small .auto-merge-tip {
   display: none;
-  left: 38px;
+  inset-inline-start: 38px;
   top: -0.5px;
   bottom: -1px;
   position: absolute;
@@ -235,8 +234,8 @@ export default {
   color: var(--color-info-text);
   background-color: var(--color-info-bg);
   border: 1px solid var(--color-info-border);
-  border-left: none;
-  padding-right: 1rem;
+  border-inline-start: none;
+  padding-inline-end: 1rem;
 }
 
 .menu .item:has(.auto-merge-small:hover) {
diff --git a/web_src/js/components/RepoActionView.vue b/web_src/js/components/RepoActionView.vue
index 5c00eecc6b..bd7404ddaf 100644
--- a/web_src/js/components/RepoActionView.vue
+++ b/web_src/js/components/RepoActionView.vue
@@ -638,7 +638,7 @@ export default {
   display: flex;
   align-items: center;
   gap: var(--button-spacing);
-  margin-left: auto;
+  margin-inline-start: auto;
 }
 
 .action-info-summary-actions > button {
@@ -656,12 +656,12 @@ export default {
   display: flex;
   flex-wrap: wrap;
   gap: 5px;
-  margin-left: 28px;
+  margin-inline-start: 28px;
 }
 
 @media (max-width: 767.98px) {
   .action-commit-summary {
-    margin-left: 0;
+    margin-inline-start: 0;
     margin-top: 8px;
   }
 }
@@ -675,7 +675,7 @@ export default {
   position: sticky;
   top: 12px;
   max-height: 100vh;
-  overflow-y: auto;
+  overflow-block: auto;
   background: var(--color-body);
   z-index: 2; /* above .job-info-header */
 }
@@ -701,12 +701,12 @@ export default {
 }
 
 .job-artifacts-list {
-  padding-left: 12px;
+  padding-inline-start: 12px;
   list-style: none;
 }
 
 .job-artifacts-icon {
-  padding-right: 3px;
+  padding-inline-end: 3px;
 }
 
 .job-brief-list {
@@ -827,7 +827,7 @@ export default {
 }
 
 .action-view-right .ui.dropdown.dark-dropdown .menu > .divider {
-  border-top-color: var(--color-console-menu-border);
+  border-block-start-color: var(--color-console-menu-border);
 }
 
 .action-view-right .ui.pointing.dropdown.dark-dropdown > .menu:not(.hidden)::after {
diff --git a/web_src/js/components/RepoBranchTagSelector.vue b/web_src/js/components/RepoBranchTagSelector.vue
index bee9cfb8e5..5f81f49dbc 100644
--- a/web_src/js/components/RepoBranchTagSelector.vue
+++ b/web_src/js/components/RepoBranchTagSelector.vue
@@ -287,8 +287,8 @@ export default {
 .branch-tag-item.active {
   border-color: var(--color-secondary);
   background: var(--color-menu);
-  border-top-left-radius: var(--border-radius);
-  border-top-right-radius: var(--border-radius);
+  border-start-start-radius: var(--border-radius);
+  border-start-end-radius: var(--border-radius);
 }
 
 .branch-tag-divider {

From c25cbd6fc495615e3bc9a250a96f1673877df351 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 11 May 2026 02:30:23 +0200
Subject: [PATCH 834/854] Update renovate Docker tag to v43.170.19 (forgejo)
 (#12513)

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 2680bb8b62..d8e3838abb 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses/v2@v2.0.1 # renovate: datas
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.45.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.160.6 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.170.19 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 MOCKERY_PACKAGE ?= github.com/vektra/mockery/v3@v3.7.0 # renovate: datasource=go
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/

From a59879402e2e9788b3bd99f776dcae12c144fefd Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 11 May 2026 02:38:10 +0200
Subject: [PATCH 835/854] Update dependency @codemirror/view to v6.42.1
 (forgejo) (#12514)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12514
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 35fe4a8bbc..ba47ad58cf 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -30,7 +30,7 @@
         "@codemirror/language": "6.12.3",
         "@codemirror/search": "6.7.0",
         "@codemirror/state": "6.6.0",
-        "@codemirror/view": "6.42.0",
+        "@codemirror/view": "6.42.1",
         "@github/markdown-toolbar-element": "2.2.3",
         "@github/quote-selection": "2.1.0",
         "@github/text-expander-element": "2.9.4",
@@ -775,9 +775,9 @@
       }
     },
     "node_modules/@codemirror/view": {
-      "version": "6.42.0",
-      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.42.0.tgz",
-      "integrity": "sha512-+PJEyndSCrsS2oLH3DfWoLBcF3xfeyGXtLnpXqHY01kL3TogyCLD12hNvSu73ww2KFftrx3Rd0nGOigbSkU3Hw==",
+      "version": "6.42.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.42.1.tgz",
+      "integrity": "sha512-ToN3oFc0nsxNUYVF5P0ztLgbC4UPPjPtA9aKYhkOKQaZASpOUo6ISXyQLP66ctVwlDc+j6Jv0uK5IFALkiXztg==",
       "license": "MIT",
       "dependencies": {
         "@codemirror/state": "^6.6.0",
diff --git a/package.json b/package.json
index 6b83ddb0c3..4ce4ec8b66 100644
--- a/package.json
+++ b/package.json
@@ -29,7 +29,7 @@
     "@codemirror/language": "6.12.3",
     "@codemirror/search": "6.7.0",
     "@codemirror/state": "6.6.0",
-    "@codemirror/view": "6.42.0",
+    "@codemirror/view": "6.42.1",
     "@github/markdown-toolbar-element": "2.2.3",
     "@github/quote-selection": "2.1.0",
     "@github/text-expander-element": "2.9.4",

From dcf1e7ce0927c188f363f3e2f358ec6e92dac233 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 11 May 2026 03:07:16 +0200
Subject: [PATCH 836/854] Update module github.com/fsnotify/fsnotify to v1.10.1
 (forgejo) (#12416)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12416
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index a6d10b5e2e..f2437cd3a6 100644
--- a/go.mod
+++ b/go.mod
@@ -41,7 +41,7 @@ require (
 	github.com/editorconfig/editorconfig-core-go/v2 v2.6.4
 	github.com/emersion/go-imap v1.2.1
 	github.com/felixge/fgprof v0.9.5
-	github.com/fsnotify/fsnotify v1.10.0
+	github.com/fsnotify/fsnotify v1.10.1
 	github.com/gdgvda/cron v0.7.0
 	github.com/gliderlabs/ssh v0.3.8
 	github.com/go-ap/activitypub v0.0.0-20260208110334-902f6cf8c2cc
diff --git a/go.sum b/go.sum
index 220748373c..794d5521fc 100644
--- a/go.sum
+++ b/go.sum
@@ -250,8 +250,8 @@ github.com/fortytw2/leaktest v1.3.0 h1:u8491cBMTQ8ft8aeV+adlcytMZylmA5nnwwkRZjI8
 github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/fsnotify/fsnotify v1.10.0 h1:Xx/5Ydg9CeBDX/wi4VJqStNtohYjitZhhlHt4h3St1M=
-github.com/fsnotify/fsnotify v1.10.0/go.mod h1:TLheqan6HD6GBK6PrDWyDPBaEV8LspOxvPSjC+bVfgo=
+github.com/fsnotify/fsnotify v1.10.1 h1:b0/UzAf9yR5rhf3RPm9gf3ehBPpf0oZKIjtpKrx59Ho=
+github.com/fsnotify/fsnotify v1.10.1/go.mod h1:TLheqan6HD6GBK6PrDWyDPBaEV8LspOxvPSjC+bVfgo=
 github.com/fxamacker/cbor/v2 v2.9.1 h1:2rWm8B193Ll4VdjsJY28jxs70IdDsHRWgQYAI80+rMQ=
 github.com/fxamacker/cbor/v2 v2.9.1/go.mod h1:vM4b+DJCtHn+zz7h3FFp/hDAI9WNWCsZj23V5ytsSxQ=
 github.com/gdgvda/cron v0.7.0 h1:LFPZUTbCb5ZpzYxavbQDDbjd6nwTwkiNUWyulOdlY2I=

From 3f0a8b442443c3b732a379c6e2aa6b569a0f52b5 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 11 May 2026 03:37:09 +0200
Subject: [PATCH 837/854] Update module golang.org/x/image to v0.40.0 (forgejo)
 (#12484)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12484
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index f2437cd3a6..b08174e4e6 100644
--- a/go.mod
+++ b/go.mod
@@ -102,7 +102,7 @@ require (
 	gitlab.com/gitlab-org/api/client-go v0.143.2
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.51.0
-	golang.org/x/image v0.39.0
+	golang.org/x/image v0.40.0
 	golang.org/x/net v0.53.0
 	golang.org/x/oauth2 v0.36.0
 	golang.org/x/sync v0.20.0
diff --git a/go.sum b/go.sum
index 794d5521fc..9acba7ed5c 100644
--- a/go.sum
+++ b/go.sum
@@ -737,8 +737,8 @@ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0
 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/image v0.39.0 h1:skVYidAEVKgn8lZ602XO75asgXBgLj9G/FE3RbuPFww=
-golang.org/x/image v0.39.0/go.mod h1:sIbmppfU+xFLPIG0FoVUTvyBMmgng1/XAMhQ2ft0hpA=
+golang.org/x/image v0.40.0 h1:Tw4GyDXMo+daZN1znreBRC3VayR1aLFUyUEOLUdW1a8=
+golang.org/x/image v0.40.0/go.mod h1:uIc348UZMSvS5Z65CVZ7iDPaNobNFEPeJ4kbqTOszmA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

From 6b516e27210ff307034a94159808f18e6820291e Mon Sep 17 00:00:00 2001
From: Nirmal Kumar R <tildezero@gmail.com>
Date: Mon, 11 May 2026 04:31:13 +0200
Subject: [PATCH 838/854] fix(e2e): Flaky tests on Toggle WIP + Dependency
 dropdown (#12473)

There are two test groups in `issue-sidebar.test.e2e.ts` which behaves
flaky on CI:
 - Toggle WIP
 - Dependency dropdown

1. **Toggle WIP**:
There is a race-condition happening with this test execution, when we
toggle the WIP status "Still in progress?" / "Ready for review?", there
is a page reload that happens once we select either of the option and
when we use window.WaitForLoadState('domcontentloaded')` it just check
the state of the current dom and not the reloading of the page.

To mitigate this, we need to use a promise call with
`page.WaitForEvent('load')` wherever necessary. This change has been
applied in the `setTitle` and `toggle_wip_to` helper functions.

Also there is a refactor logic where we remove the repetitive call for
click and save events on `manual edit` and `maximum_title_length` and
consistently use the setTitle.

2. **Dependency dropdown**
There is flakiness with this code:
```
await input.fill('1');
await expect(items.first()).toContainText(first);
```

We register the issues via `postIssue` in the `declare_repo_test.go`
file. And the catch is about this issue popping up for the above logic:
```
postIssue(repo, user, 500, "first issue here", "an issue created earlier")
postIssue(repo, user, 400, "second issue here (not 1)", "not the right issue, but in the right repo")
```

On each issue creation, the frontend shows the index as `#1`, `#2`,
respectively.

The issue is when we search for 1, the indexer implementation finds the
highest scoring with relevant sorting order. These are the two issues
that pops up in the first two results.
```
  #1 first issue here
  #2 second issue here (not 1)
```

In the above results, sometimes the #2 issue will be shown as the first
item in the dropdown results because it contains the exact match `1` in
(not 1). Hence the solution is to remove the `(not 1)` from the second
issue to fix this flakiness behaviour.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12473
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 tests/e2e/declare_repos_test.go     |  2 +-
 tests/e2e/issue-sidebar.test.e2e.ts | 20 +++++++-------------
 2 files changed, 8 insertions(+), 14 deletions(-)

diff --git a/tests/e2e/declare_repos_test.go b/tests/e2e/declare_repos_test.go
index 85e3fcbda8..e72f260299 100644
--- a/tests/e2e/declare_repos_test.go
+++ b/tests/e2e/declare_repos_test.go
@@ -117,7 +117,7 @@ body:
 			}),
 		}, []FileChanges{}, func(user *user_model.User, repo *repo_model.Repository) {
 			postIssue(repo, user, 500, "first issue here", "an issue created earlier")
-			postIssue(repo, user, 400, "second issue here (not 1)", "not the right issue, but in the right repo")
+			postIssue(repo, user, 400, "second issue here", "not the right issue, but in the right repo")
 			postIssue(repo, user, 300, "third issue here", "depends on things")
 			postIssue(repo, user, 200, "unrelated issue", "shrug emoji")
 			postIssue(repo, user, 100, "newest issue", "very new")
diff --git a/tests/e2e/issue-sidebar.test.e2e.ts b/tests/e2e/issue-sidebar.test.e2e.ts
index 3324595438..1a382c44d7 100644
--- a/tests/e2e/issue-sidebar.test.e2e.ts
+++ b/tests/e2e/issue-sidebar.test.e2e.ts
@@ -16,20 +16,18 @@ test.describe('Pull: Toggle WIP', () => {
   const prTitle = 'pull5';
 
   async function toggle_wip_to({page}: {page: Page}, should: boolean) {
-    await page.waitForLoadState('domcontentloaded');
+    const loadPromise = page.waitForEvent('load');
     if (should) {
       await page.getByText('Still in progress?').click();
     } else {
       await page.getByText('Ready for review?').click();
     }
+    await loadPromise;
   }
 
   async function check_wip({page}: {page: Page}, is: boolean) {
-    await page.waitForLoadState();
-
     const elemTitle = 'h1';
     const stateLabel = '.issue-state-label';
-    await page.waitForLoadState('domcontentloaded');
     await expect(page.locator(elemTitle)).toContainText(prTitle);
     await expect(page.locator(elemTitle)).toContainText('#5');
     const wipRegex = /(wip|\[WIP\])/i;
@@ -45,16 +43,16 @@ test.describe('Pull: Toggle WIP', () => {
   async function setTitle({page}: {page: Page}, title: string) {
     await page.locator('#issue-title-edit-show').click();
     await page.locator('#issue-title-editor input').fill(title);
+    const loadPromise = page.waitForEvent('load');
     await page.getByText('Save').click();
+    await loadPromise;
   }
 
   test.beforeEach(async ({page}) => {
     const response = await page.goto('/user2/repo1/pulls/5');
     expect(response?.status()).toBe(200); // Status OK
     // ensure original title
-    await page.locator('#issue-title-edit-show').click();
-    await page.locator('#issue-title-editor input').fill(prTitle);
-    await page.getByText('Save').click();
+    await setTitle({page}, prTitle);
     await check_wip({page}, false);
   });
 
@@ -69,9 +67,7 @@ test.describe('Pull: Toggle WIP', () => {
 
   test('manual edit', async ({page}) => {
     // manually edit title to another prefix
-    await page.locator('#issue-title-edit-show').click();
-    await page.locator('#issue-title-editor input').fill(`[WIP] ${prTitle}`);
-    await page.getByText('Save').click();
+    await setTitle({page}, `[WIP] ${prTitle}`);
     await check_wip({page}, true);
     // remove again
     await toggle_wip_to({page}, false);
@@ -81,9 +77,7 @@ test.describe('Pull: Toggle WIP', () => {
   test('maximum title length', async ({page}) => {
     // check maximum title length is handled gracefully
     const maxLenStr = prTitle + 'a'.repeat(240);
-    await page.locator('#issue-title-edit-show').click();
-    await page.locator('#issue-title-editor input').fill(maxLenStr);
-    await page.getByText('Save').click();
+    await setTitle({page}, maxLenStr);
     await expect(page.locator('h1')).toContainText(maxLenStr);
     await check_wip({page}, false);
     await toggle_wip_to({page}, true);

From b21b173f6efd98518559bffd0fd8bb7dfeb579b1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 11 May 2026 05:22:59 +0200
Subject: [PATCH 839/854] Update module golang.org/x/net to v0.54.0 (forgejo)
 (#12485)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12485
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 go.mod | 2 +-
 go.sum | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/go.mod b/go.mod
index b08174e4e6..bffbfa66cb 100644
--- a/go.mod
+++ b/go.mod
@@ -103,7 +103,7 @@ require (
 	go.yaml.in/yaml/v3 v3.0.4
 	golang.org/x/crypto v0.51.0
 	golang.org/x/image v0.40.0
-	golang.org/x/net v0.53.0
+	golang.org/x/net v0.54.0
 	golang.org/x/oauth2 v0.36.0
 	golang.org/x/sync v0.20.0
 	golang.org/x/sys v0.44.0
diff --git a/go.sum b/go.sum
index 9acba7ed5c..8595a4a6b5 100644
--- a/go.sum
+++ b/go.sum
@@ -792,8 +792,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
 golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
-golang.org/x/net v0.53.0 h1:d+qAbo5L0orcWAr0a9JweQpjXF19LMXJE8Ey7hwOdUA=
-golang.org/x/net v0.53.0/go.mod h1:JvMuJH7rrdiCfbeHoo3fCQU24Lf5JJwT9W3sJFulfgs=
+golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w=
+golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=

From 2d5dd62cf34eb6f1ce5183df9e800ed508847bd1 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 11 May 2026 06:33:45 +0200
Subject: [PATCH 840/854] Update renovate Docker tag to v43.170.20 (forgejo)
 (#12516)

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index d8e3838abb..80779cfecc 100644
--- a/Makefile
+++ b/Makefile
@@ -47,7 +47,7 @@ GO_LICENSES_PACKAGE ?= github.com/google/go-licenses/v2@v2.0.1 # renovate: datas
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1 # renovate: datasource=go
 DEADCODE_PACKAGE ?= golang.org/x/tools/cmd/deadcode@v0.45.0 # renovate: datasource=go
 ERRORTYPE_PACKAGE ?= fillmore-labs.com/errortype@v0.0.11 # renovate: datasource=go
-RENOVATE_NPM_PACKAGE ?= renovate@43.170.19 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
+RENOVATE_NPM_PACKAGE ?= renovate@43.170.20 # renovate: datasource=docker packageName=data.forgejo.org/renovate/renovate
 MOCKERY_PACKAGE ?= github.com/vektra/mockery/v3@v3.7.0 # renovate: datasource=go
 
 # https://github.com/disposable-email-domains/disposable-email-domains/commits/main/

From 03312e4f46c1a5f75d471af4e60ea785bed0639f Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Mon, 11 May 2026 16:02:36 +0200
Subject: [PATCH 841/854] feat: make it possible to remove workflow runs
 (#12478)

Add the ability to remove workflow runs, either using the UI or the HTTP API. Workflow runs can only be removed once a workflow run has completed. For security reasons, only a repository administrator or a token with `write:repository` permissions can remove runs.

Resolves https://codeberg.org/forgejo/forgejo/issues/2184.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12478): <!--number 12478 --><!--line 0 --><!--description bWFrZSBpdCBwb3NzaWJsZSB0byByZW1vdmUgd29ya2Zsb3cgcnVucw==-->make it possible to remove workflow runs<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12478
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 models/actions/artifact.go                    |   9 ++
 models/actions/run.go                         |   7 +
 models/actions/run_job.go                     |   7 +
 models/actions/runner.go                      |   7 +
 models/actions/runner_test.go                 |  59 +++++++++
 models/actions/task.go                        |  30 +++++
 options/locale_next/locale_en-US.json         |   5 +
 routers/api/v1/api.go                         |  12 +-
 routers/api/v1/repo/action.go                 |  62 +++++++++
 routers/web/repo/actions/view.go              |  28 ++++
 routers/web/web.go                            |   1 +
 .../TestDeleteJobsOfRun/action_run.yml        |   5 +
 .../TestDeleteJobsOfRun/action_run_job.yml    |   7 +
 .../TestDeleteJobsOfRun/action_task.yml       |  11 ++
 .../action_task_output.yml                    |  14 ++
 .../TestDeleteJobsOfRun/action_task_step.yml  |   9 ++
 .../actions/TestDeleteRun/action_artifact.yml |   9 ++
 services/actions/TestDeleteRun/action_run.yml |   5 +
 .../actions/TestDeleteRun/action_run_job.yml  |   7 +
 .../actions/TestDeleteRun/action_task.yml     |  11 ++
 .../TestDeleteRun/action_task_output.yml      |  14 ++
 .../TestDeleteRun/action_task_step.yml        |   9 ++
 .../actions/TestDeleteTask/action_runner.yml  |   6 +
 .../actions/TestDeleteTask/action_task.yml    |  16 +++
 .../TestDeleteTask/action_task_output.yml     |  14 ++
 .../TestDeleteTask/action_task_step.yml       |  14 ++
 services/actions/job.go                       |  47 +++++++
 services/actions/job_test.go                  |  45 +++++++
 services/actions/run.go                       |  28 ++++
 services/actions/run_test.go                  |  39 ++++++
 services/actions/task.go                      |  37 ++++++
 services/actions/task_test.go                 |  91 +++++++++++++
 templates/repo/actions/view.tmpl              |   3 +
 templates/swagger/v1_json.tmpl                |  49 +++++++
 tests/integration/actions_run_test.go         | 123 ++++++++++++++++++
 tests/integration/actions_view_test.go        |  68 +++++++++-
 tests/integration/api_repo_actions_test.go    | 115 ++++++++++++++++
 .../TestActionRunDeletion/action_artifact.yml |   9 ++
 .../TestActionRunDeletion/action_run.yml      |  11 ++
 .../TestActionRunDeletion/action_run_job.yml  |   7 +
 .../TestActionRunDeletion/action_runner.yml   |   5 +
 .../TestActionRunDeletion/action_task.yml     |  12 ++
 .../action_task_output.yml                    |  14 ++
 .../action_task_step.yml                      |   9 ++
 .../TestActionRunDeletion/collaboration.yml   |   4 +
 .../TestActionViewRunDeletion/action_run.yml  |  11 ++
 .../action_run_job.yml                        |   7 +
 .../TestActionViewRunDeletion/action_task.yml |  11 ++
 .../action_task_step.yml                      |   9 ++
 .../collaboration.yml                         |   4 +
 .../action_artifact.yml                       |   9 ++
 .../action_run.yml                            |   9 ++
 .../action_run_job.yml                        |   7 +
 .../action_runner.yml                         |   5 +
 .../action_task.yml                           |  12 ++
 .../action_task_output.yml                    |  14 ++
 .../action_task_step.yml                      |   9 ++
 web_src/js/components/RepoActionView.test.js  |   3 +
 web_src/js/components/RepoActionView.vue      |  20 +++
 web_src/js/features/repo-action-view.ts       |   3 +
 60 files changed, 1221 insertions(+), 6 deletions(-)
 create mode 100644 services/actions/TestDeleteJobsOfRun/action_run.yml
 create mode 100644 services/actions/TestDeleteJobsOfRun/action_run_job.yml
 create mode 100644 services/actions/TestDeleteJobsOfRun/action_task.yml
 create mode 100644 services/actions/TestDeleteJobsOfRun/action_task_output.yml
 create mode 100644 services/actions/TestDeleteJobsOfRun/action_task_step.yml
 create mode 100644 services/actions/TestDeleteRun/action_artifact.yml
 create mode 100644 services/actions/TestDeleteRun/action_run.yml
 create mode 100644 services/actions/TestDeleteRun/action_run_job.yml
 create mode 100644 services/actions/TestDeleteRun/action_task.yml
 create mode 100644 services/actions/TestDeleteRun/action_task_output.yml
 create mode 100644 services/actions/TestDeleteRun/action_task_step.yml
 create mode 100644 services/actions/TestDeleteTask/action_runner.yml
 create mode 100644 services/actions/TestDeleteTask/action_task.yml
 create mode 100644 services/actions/TestDeleteTask/action_task_output.yml
 create mode 100644 services/actions/TestDeleteTask/action_task_step.yml
 create mode 100644 services/actions/job.go
 create mode 100644 services/actions/job_test.go
 create mode 100644 tests/integration/actions_run_test.go
 create mode 100644 tests/integration/fixtures/TestActionRunDeletion/action_artifact.yml
 create mode 100644 tests/integration/fixtures/TestActionRunDeletion/action_run.yml
 create mode 100644 tests/integration/fixtures/TestActionRunDeletion/action_run_job.yml
 create mode 100644 tests/integration/fixtures/TestActionRunDeletion/action_runner.yml
 create mode 100644 tests/integration/fixtures/TestActionRunDeletion/action_task.yml
 create mode 100644 tests/integration/fixtures/TestActionRunDeletion/action_task_output.yml
 create mode 100644 tests/integration/fixtures/TestActionRunDeletion/action_task_step.yml
 create mode 100644 tests/integration/fixtures/TestActionRunDeletion/collaboration.yml
 create mode 100644 tests/integration/fixtures/TestActionViewRunDeletion/action_run.yml
 create mode 100644 tests/integration/fixtures/TestActionViewRunDeletion/action_run_job.yml
 create mode 100644 tests/integration/fixtures/TestActionViewRunDeletion/action_task.yml
 create mode 100644 tests/integration/fixtures/TestActionViewRunDeletion/action_task_step.yml
 create mode 100644 tests/integration/fixtures/TestActionViewRunDeletion/collaboration.yml
 create mode 100644 tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_artifact.yml
 create mode 100644 tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_run.yml
 create mode 100644 tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_run_job.yml
 create mode 100644 tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_runner.yml
 create mode 100644 tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task.yml
 create mode 100644 tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task_output.yml
 create mode 100644 tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task_step.yml

diff --git a/models/actions/artifact.go b/models/actions/artifact.go
index 25bf58705a..20b96f829c 100644
--- a/models/actions/artifact.go
+++ b/models/actions/artifact.go
@@ -222,6 +222,15 @@ func SetArtifactDeleted(ctx context.Context, artifactID int64) error {
 	return err
 }
 
+// SetArtifactsOfRunDeleted marks all artifacts of the given run as deleted.
+func SetArtifactsOfRunDeleted(ctx context.Context, runID int64) error {
+	_, err := db.GetEngine(ctx).
+		Where("run_id=?", runID).
+		Cols("status").
+		Update(&ActionArtifact{Status: int64(ArtifactStatusPendingDeletion)})
+	return err
+}
+
 // aggregatedArtifactConds returns the common WHERE clause used by aggregated
 // artifact queries: restrict to visible statuses and apply the caller's filters.
 // The Status field on opts is ignored — visibility is fixed to UploadConfirmed/Expired.
diff --git a/models/actions/run.go b/models/actions/run.go
index 692dab841b..09eddc3269 100644
--- a/models/actions/run.go
+++ b/models/actions/run.go
@@ -612,4 +612,11 @@ func ComputeRunStatus(ctx context.Context, runID int64) (run *ActionRun, columns
 	return run, columns, nil
 }
 
+// DeleteRun removes the given run. It is the caller's responsibility to handle the run's dependencies like artifacts or
+// jobs. Nothing happens if the run does not exist.
+func DeleteRun(ctx context.Context, runID int64) error {
+	_, err := db.GetEngine(ctx).Delete(&ActionRun{ID: runID})
+	return err
+}
+
 type ActionRunIndex db.ResourceIndex
diff --git a/models/actions/run_job.go b/models/actions/run_job.go
index 0967ab87c3..e64b62805c 100644
--- a/models/actions/run_job.go
+++ b/models/actions/run_job.go
@@ -365,3 +365,10 @@ func (job *ActionRunJob) AllNeedsExist(allExistingJobIDs container.Set[string])
 
 	return unknownJobIDs, len(unknownJobIDs) == 0
 }
+
+// DeleteJob removes the given job. Removing all associated tasks is up to the caller. If the given job does not exist,
+// nothing happens.
+func DeleteJob(ctx context.Context, jobID int64) error {
+	_, err := db.GetEngine(ctx).Delete(&ActionRunJob{ID: jobID})
+	return err
+}
diff --git a/models/actions/runner.go b/models/actions/runner.go
index 1a7fbb0b45..f324adec52 100644
--- a/models/actions/runner.go
+++ b/models/actions/runner.go
@@ -396,6 +396,13 @@ func FixRunnersWithoutBelongingRepo(ctx context.Context) (int64, error) {
 	return res.RowsAffected()
 }
 
+// DeleteEphemeralRunner removes the ephemeral runner with the given ID. If the runner with the given ID is not an
+// ephemeral runner, nothing happens.
+func DeleteEphemeralRunner(ctx context.Context, id int64) error {
+	_, err := db.GetEngine(ctx).Where(builder.Eq{"id": id, "ephemeral": true}).Delete(&ActionRunner{})
+	return err
+}
+
 func DeleteOfflineRunners(ctx context.Context, olderThan timeutil.TimeStamp, globalOnly bool) error {
 	log.Info("Doing: DeleteOfflineRunners")
 
diff --git a/models/actions/runner_test.go b/models/actions/runner_test.go
index acca9b1761..31e9706851 100644
--- a/models/actions/runner_test.go
+++ b/models/actions/runner_test.go
@@ -479,3 +479,62 @@ func TestRunner_FindRunnerOptionsToConds(t *testing.T) {
 		})
 	}
 }
+
+func TestDeleteEphemeralRunner(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+
+	persistentRunnerOne := &ActionRunner{
+		ID:        606526,
+		UUID:      "d53a1222-ae7a-4430-97f8-8fcb6efd04c9",
+		Name:      "persistent-runner-one",
+		OwnerID:   2,
+		RepoID:    0,
+		Ephemeral: false,
+		TokenHash: "J9YDsQL",
+	}
+	persistentRunnerTwo := &ActionRunner{
+		ID:        606527,
+		UUID:      "3dc23067-b2fd-4daf-b428-dddad80d7f37",
+		Name:      "persistent-runner-two",
+		OwnerID:   2,
+		RepoID:    0,
+		Ephemeral: false,
+		TokenHash: "jvIylZtHsS",
+	}
+	ephemeralRunnerOne := &ActionRunner{
+		ID:        606528,
+		UUID:      "2d9bc0a1-7019-4ed3-ba67-6415415ac2a9",
+		Name:      "ephemeral-runner-one",
+		OwnerID:   2,
+		RepoID:    0,
+		Ephemeral: true,
+		TokenHash: "t9C8L0kM3W",
+	}
+	ephemeralRunnerTwo := &ActionRunner{
+		ID:        606529,
+		UUID:      "da7a03f8-ab39-4c54-9ec9-2bd312fe3be1",
+		Name:      "ephemeral-runner-two",
+		OwnerID:   2,
+		RepoID:    0,
+		Ephemeral: true,
+		TokenHash: "g9oTOFM",
+	}
+
+	require.NoError(t, CreateRunner(t.Context(), persistentRunnerOne))
+	require.NoError(t, CreateRunner(t.Context(), persistentRunnerTwo))
+	require.NoError(t, CreateRunner(t.Context(), ephemeralRunnerOne))
+	require.NoError(t, CreateRunner(t.Context(), ephemeralRunnerTwo))
+
+	unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: persistentRunnerOne.ID})
+	unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: persistentRunnerTwo.ID})
+	unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: ephemeralRunnerOne.ID})
+	unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: ephemeralRunnerTwo.ID})
+
+	require.NoError(t, DeleteEphemeralRunner(t.Context(), persistentRunnerOne.ID))
+	require.NoError(t, DeleteEphemeralRunner(t.Context(), ephemeralRunnerOne.ID))
+
+	unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: persistentRunnerOne.ID})
+	unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: persistentRunnerTwo.ID})
+	unittest.AssertNotExistsBean(t, &ActionRunner{ID: ephemeralRunnerOne.ID})
+	unittest.AssertExistsAndLoadBean(t, &ActionRunner{ID: ephemeralRunnerTwo.ID})
+}
diff --git a/models/actions/task.go b/models/actions/task.go
index ed2cab60e8..d056c786c4 100644
--- a/models/actions/task.go
+++ b/models/actions/task.go
@@ -192,6 +192,15 @@ func HasTaskForRunner(ctx context.Context, runnerID int64) (bool, error) {
 	return db.GetEngine(ctx).Where("runner_id = ?", runnerID).Exist(&ActionTask{})
 }
 
+func GetTasksOfJob(ctx context.Context, jobID int64) ([]*ActionTask, error) {
+	var tasks []*ActionTask
+	err := db.GetEngine(ctx).Where("job_id=?", jobID).Find(&tasks)
+	if err != nil {
+		return nil, fmt.Errorf("cannot fetch tasks of job %d: %w", jobID, err)
+	}
+	return tasks, nil
+}
+
 func GetTaskByJobAttempt(ctx context.Context, jobID, attempt int64) (*ActionTask, error) {
 	var task ActionTask
 	has, err := db.GetEngine(ctx).Where("job_id=?", jobID).Where("attempt=?", attempt).Get(&task)
@@ -497,6 +506,27 @@ func UpdateTask(ctx context.Context, task *ActionTask, cols ...string) error {
 	return err
 }
 
+// DeleteTask removes the given task including all its steps and outputs. Removing logs and ephemeral runners is the
+// caller's responsibility.
+func DeleteTask(ctx context.Context, taskID int64) error {
+	return db.WithTx(ctx, func(ctx context.Context) error {
+		var err error
+		_, err = db.GetEngine(ctx).Delete(&ActionTaskStep{TaskID: taskID})
+		if err != nil {
+			return fmt.Errorf("unable to delete steps of task %d: %w", taskID, err)
+		}
+		_, err = db.GetEngine(ctx).Delete(&ActionTaskOutput{TaskID: taskID})
+		if err != nil {
+			return fmt.Errorf("unable to delete outputs of task %d: %w", taskID, err)
+		}
+		_, err = db.GetEngine(ctx).Delete(&ActionTask{ID: taskID})
+		if err != nil {
+			return fmt.Errorf("unable to delete task %d: %w", taskID, err)
+		}
+		return nil
+	})
+}
+
 func FindOldTasksToExpire(ctx context.Context, olderThan timeutil.TimeStamp, limit int) ([]*ActionTask, error) {
 	e := db.GetEngine(ctx)
 
diff --git a/options/locale_next/locale_en-US.json b/options/locale_next/locale_en-US.json
index 9631c43ad4..614f3c1ce9 100644
--- a/options/locale_next/locale_en-US.json
+++ b/options/locale_next/locale_en-US.json
@@ -672,6 +672,11 @@
 	"actions.runs.no_results": "No results matched.",
 	"actions.runs.no_workflows": "There are no workflows yet.",
 	"actions.runs.all_runs_link": "all runs",
+	"actions.runs.delete.error_could_not_load_run": "Could not load run to delete.",
+	"actions.runs.delete.error_could_not_delete_run": "Could not delete run.",
+	"actions.runs.delete.button": "Delete run",
+	"actions.runs.delete.error": "Could not delete the workflow run.",
+	"actions.runs.delete.confirm_action": "Do you really want to delete this workflow run?",
 	"actions.workflow.job_parsing_error": "Unable to parse jobs in workflow: %v",
 	"actions.workflow.event_detection_error": "Unable to parse supported events in workflow: %v",
 	"actions.workflow.persistent_incomplete_matrix": "Unable to evaluate `strategy.matrix` of job %[1]s due to a `needs` expression that was invalid. It may reference a job that is not in it's 'needs' list (%[2]s), or an output that doesn't exist on one of those jobs.",
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 55ea6762e3..d1488d2fc2 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -450,9 +450,16 @@ func reqSelfOrAdmin() func(ctx *context.APIContext) {
 	}
 }
 
-// reqAdmin user should be an owner or a collaborator with admin write of a repository, or site admin
-func reqAdmin() func(ctx *context.APIContext) {
+// reqAdmin user should be an owner or a collaborator with admin write of a repository, or site admin. If one or more
+// unitTypes are given, it also requires that at least one the respective unitTypes is enabled.
+func reqAdmin(unitTypes ...unit.Type) func(ctx *context.APIContext) {
 	return func(ctx *context.APIContext) {
+		if len(unitTypes) > 0 && !slices.ContainsFunc(unitTypes, func(unitType unit.Type) bool {
+			return ctx.Repo.Repository.UnitEnabled(ctx, unitType)
+		}) {
+			ctx.NotFound()
+			return
+		}
 		if !ctx.IsUserRepoAdmin() && !ctx.IsUserSiteAdmin() {
 			ctx.Error(http.StatusForbidden, "reqAdmin", "user should be an owner or a collaborator with admin write of a repository")
 			return
@@ -1245,6 +1252,7 @@ func Routes() *web.Route {
 					m.Group("/runs", func() {
 						m.Get("", repo.ListActionRuns)
 						m.Get("/{run_id}", repo.GetActionRun)
+						m.Delete("/{run_id}", reqToken(), reqAdmin(unit.TypeActions), repo.DeleteActionRun)
 						m.Get("/{run_id}/jobs", repo.ListActionRunJobs)
 						m.Get("/{run_id}/artifacts", repo.ListActionRunArtifacts)
 					})
diff --git a/routers/api/v1/repo/action.go b/routers/api/v1/repo/action.go
index 63d9e830b7..b0c65009c6 100644
--- a/routers/api/v1/repo/action.go
+++ b/routers/api/v1/repo/action.go
@@ -1032,6 +1032,68 @@ func GetActionRun(ctx *context.APIContext) {
 	ctx.JSON(http.StatusOK, convert.ToActionRun(ctx, run, ctx.Doer))
 }
 
+// DeleteActionRun removes a completed workflow run.
+func DeleteActionRun(ctx *context.APIContext) {
+	// swagger:operation DELETE /repos/{owner}/{repo}/actions/runs/{run_id} repository DeleteActionRun
+	// ---
+	// summary: Delete a completed workflow run.
+	// description: >
+	//   Remove a particular workflow run. The workflow run must have completed (succeeded, failed, cancelled) for the
+	//   operation to succeed. Otherwise, an error is returned.
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: owner
+	//   in: path
+	//   description: owner of the repo
+	//   type: string
+	//   required: true
+	// - name: repo
+	//   in: path
+	//   description: name of the repo
+	//   type: string
+	//   required: true
+	// - name: run_id
+	//   in: path
+	//   description: id of the action run
+	//   type: integer
+	//   format: int64
+	//   required: true
+	// responses:
+	//   "204":
+	//     description: Workflow run has been removed
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	run, err := actions_model.GetRunByID(ctx, ctx.ParamsInt64(":run_id"))
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			ctx.Error(http.StatusNotFound, "GetRunById", err)
+			return
+		}
+
+		ctx.Error(http.StatusInternalServerError, "GetRunByID", err)
+		return
+	}
+
+	if ctx.Repo.Repository.ID != run.RepoID {
+		ctx.Error(http.StatusNotFound, "GetRunById", util.ErrNotExist)
+		return
+	}
+
+	err = actions_service.DeleteRun(ctx, run.ID)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "DeleteRun", err)
+		return
+	}
+
+	ctx.Status(http.StatusNoContent)
+}
+
 // ListActionRunJobs return a filtered list of jobs that belong to a single workflow run
 func ListActionRunJobs(ctx *context.APIContext) {
 	// swagger:operation GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs repository ListActionRunJobs
diff --git a/routers/web/repo/actions/view.go b/routers/web/repo/actions/view.go
index 9769f0f11a..4bd7f12637 100644
--- a/routers/web/repo/actions/view.go
+++ b/routers/web/repo/actions/view.go
@@ -168,6 +168,7 @@ type ViewRunInfo struct {
 	CanApprove        bool          `json:"canApprove"` // the run needs an approval and the doer has permission to approve
 	CanRerun          bool          `json:"canRerun"`
 	CanDeleteArtifact bool          `json:"canDeleteArtifact"`
+	CanDelete         bool          `json:"canDelete"`
 	Done              bool          `json:"done"`
 	Jobs              []*ViewJob    `json:"jobs"`
 	Commit            ViewCommit    `json:"commit"`
@@ -288,6 +289,7 @@ func getViewResponse(ctx *app_context.Context, req *ViewRequest, runIndex, jobIn
 	resp.State.Run.CanApprove = run.NeedApproval && ctx.Repo.CanWrite(unit.TypeActions)
 	resp.State.Run.CanRerun = run.CanBeRerun() && ctx.Repo.CanWrite(unit.TypeActions)
 	resp.State.Run.CanDeleteArtifact = run.Status.IsDone() && ctx.Repo.CanWrite(unit.TypeActions)
+	resp.State.Run.CanDelete = run.Status.IsDone() && ctx.IsUserRepoAdmin()
 	resp.State.Run.Jobs = make([]*ViewJob, 0, len(jobs)) // marshal to '[]' instead of 'null' in json
 	resp.State.Run.Status = run.Status.String()
 	resp.State.Run.PreExecutionError = actions_model.TranslatePreExecutionError(ctx.Locale, run)
@@ -600,6 +602,32 @@ func Cancel(ctx *app_context.Context) {
 	ctx.JSON(http.StatusOK, struct{}{})
 }
 
+func DeleteRun(ctx *app_context.Context) {
+	runIndex := ctx.ParamsInt64("run")
+
+	run, err := actions_model.GetRunByIndex(ctx, ctx.Repo.Repository.ID, runIndex)
+	if err != nil {
+		if errors.Is(err, util.ErrNotExist) {
+			log.Debug("Run at index %d in repository %d does not exist", runIndex, ctx.Repo.Repository.ID)
+			ctx.JSONOK()
+			return
+		}
+
+		log.Debug("Could not load run at index %d in repository %d: %s", runIndex, ctx.Repo.Repository.ID, err)
+		errorMessage := ctx.Locale.Tr("actions.runs.delete.error_could_not_load_run")
+		ctx.JSON(http.StatusInternalServerError, map[string]any{"message": errorMessage})
+		return
+	}
+	if err = actions_service.DeleteRun(ctx, run.ID); err != nil {
+		log.Debug("Could not delete run %d: %s", run.ID, err)
+		errorMessage := ctx.Locale.Tr("actions.runs.delete.error_could_not_delete_run")
+		ctx.JSON(http.StatusInternalServerError, map[string]any{"message": errorMessage})
+		return
+	}
+
+	ctx.JSONOK()
+}
+
 // getRunJobs gets the jobs of runIndex, and returns jobs[jobIndex], jobs.
 // Any error will be written to the ctx.
 // It never returns a nil job of an empty jobs, if the jobIndex is out of range, it will be treated as 0.
diff --git a/routers/web/web.go b/routers/web/web.go
index c77c8629b9..c19ecfd411 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -1535,6 +1535,7 @@ func registerRoutes(m *web.Route) {
 						})
 					})
 					m.Post("/cancel", reqRepoActionsWriter, actions.Cancel)
+					m.Post("/delete", reqRepoAdmin, actions.DeleteRun)
 					m.Get("/artifacts", actions.ArtifactsView)
 					m.Get("/artifacts/{artifact_name_or_id}", actions.ArtifactsDownloadView)
 					m.Delete("/artifacts/{artifact_name}", reqRepoActionsWriter, actions.ArtifactsDeleteView)
diff --git a/services/actions/TestDeleteJobsOfRun/action_run.yml b/services/actions/TestDeleteJobsOfRun/action_run.yml
new file mode 100644
index 0000000000..e1f2dcc9cf
--- /dev/null
+++ b/services/actions/TestDeleteJobsOfRun/action_run.yml
@@ -0,0 +1,5 @@
+- id: 34901
+  status: 2 # StatusFailure
+
+- id: 34902
+  status: 5 # StatusWaiting
\ No newline at end of file
diff --git a/services/actions/TestDeleteJobsOfRun/action_run_job.yml b/services/actions/TestDeleteJobsOfRun/action_run_job.yml
new file mode 100644
index 0000000000..3cc196d9fe
--- /dev/null
+++ b/services/actions/TestDeleteJobsOfRun/action_run_job.yml
@@ -0,0 +1,7 @@
+- id: 47301
+  run_id: 34901
+  status: 2 # StatusFailure
+
+- id: 47302
+  run_id: 34902
+  status: 5 # StatusWaiting
diff --git a/services/actions/TestDeleteJobsOfRun/action_task.yml b/services/actions/TestDeleteJobsOfRun/action_task.yml
new file mode 100644
index 0000000000..57d0f680b7
--- /dev/null
+++ b/services/actions/TestDeleteJobsOfRun/action_task.yml
@@ -0,0 +1,11 @@
+- id: 87601
+  job_id: 47301
+  log_filename: somebody/somerepo/15631/87601.log.zst
+  log_in_storage: false
+  status: 2 # StatusFailure
+
+- id: 87602
+  job_id: 47302
+  log_filename: somebody/somerepo/15632/87602.log.zst
+  log_in_storage: false
+  status: 5 # StatusWaiting
diff --git a/services/actions/TestDeleteJobsOfRun/action_task_output.yml b/services/actions/TestDeleteJobsOfRun/action_task_output.yml
new file mode 100644
index 0000000000..6244bc9405
--- /dev/null
+++ b/services/actions/TestDeleteJobsOfRun/action_task_output.yml
@@ -0,0 +1,14 @@
+- id: 90041
+  task_id: 87601
+  output_key: one
+  output_value: a
+
+- id: 90042
+  task_id: 87601
+  output_key: two
+  output_value: b
+
+- id: 90043
+  task_id: 87602
+  output_key: three
+  output_value: c
diff --git a/services/actions/TestDeleteJobsOfRun/action_task_step.yml b/services/actions/TestDeleteJobsOfRun/action_task_step.yml
new file mode 100644
index 0000000000..b438f959ba
--- /dev/null
+++ b/services/actions/TestDeleteJobsOfRun/action_task_step.yml
@@ -0,0 +1,9 @@
+- id: 98801
+  name: echo OK
+  task_id: 87601
+  status: 1 # StatusSuccess
+
+- id: 98802
+  name: echo OK
+  task_id: 87602
+  status: 6 # StatusRunning
diff --git a/services/actions/TestDeleteRun/action_artifact.yml b/services/actions/TestDeleteRun/action_artifact.yml
new file mode 100644
index 0000000000..73697d9d69
--- /dev/null
+++ b/services/actions/TestDeleteRun/action_artifact.yml
@@ -0,0 +1,9 @@
+- id: 19401
+  run_id: 34901
+  status: 2 # ArtifactStatusUploadConfirmed
+- id: 19402
+  run_id: 34901
+  status: 1 # ArtifactStatusUploadPending
+- id: 19403
+  run_id: 34902
+  status: 2 # ArtifactStatusUploadConfirmed
diff --git a/services/actions/TestDeleteRun/action_run.yml b/services/actions/TestDeleteRun/action_run.yml
new file mode 100644
index 0000000000..e1f2dcc9cf
--- /dev/null
+++ b/services/actions/TestDeleteRun/action_run.yml
@@ -0,0 +1,5 @@
+- id: 34901
+  status: 2 # StatusFailure
+
+- id: 34902
+  status: 5 # StatusWaiting
\ No newline at end of file
diff --git a/services/actions/TestDeleteRun/action_run_job.yml b/services/actions/TestDeleteRun/action_run_job.yml
new file mode 100644
index 0000000000..3cc196d9fe
--- /dev/null
+++ b/services/actions/TestDeleteRun/action_run_job.yml
@@ -0,0 +1,7 @@
+- id: 47301
+  run_id: 34901
+  status: 2 # StatusFailure
+
+- id: 47302
+  run_id: 34902
+  status: 5 # StatusWaiting
diff --git a/services/actions/TestDeleteRun/action_task.yml b/services/actions/TestDeleteRun/action_task.yml
new file mode 100644
index 0000000000..57d0f680b7
--- /dev/null
+++ b/services/actions/TestDeleteRun/action_task.yml
@@ -0,0 +1,11 @@
+- id: 87601
+  job_id: 47301
+  log_filename: somebody/somerepo/15631/87601.log.zst
+  log_in_storage: false
+  status: 2 # StatusFailure
+
+- id: 87602
+  job_id: 47302
+  log_filename: somebody/somerepo/15632/87602.log.zst
+  log_in_storage: false
+  status: 5 # StatusWaiting
diff --git a/services/actions/TestDeleteRun/action_task_output.yml b/services/actions/TestDeleteRun/action_task_output.yml
new file mode 100644
index 0000000000..6244bc9405
--- /dev/null
+++ b/services/actions/TestDeleteRun/action_task_output.yml
@@ -0,0 +1,14 @@
+- id: 90041
+  task_id: 87601
+  output_key: one
+  output_value: a
+
+- id: 90042
+  task_id: 87601
+  output_key: two
+  output_value: b
+
+- id: 90043
+  task_id: 87602
+  output_key: three
+  output_value: c
diff --git a/services/actions/TestDeleteRun/action_task_step.yml b/services/actions/TestDeleteRun/action_task_step.yml
new file mode 100644
index 0000000000..b438f959ba
--- /dev/null
+++ b/services/actions/TestDeleteRun/action_task_step.yml
@@ -0,0 +1,9 @@
+- id: 98801
+  name: echo OK
+  task_id: 87601
+  status: 1 # StatusSuccess
+
+- id: 98802
+  name: echo OK
+  task_id: 87602
+  status: 6 # StatusRunning
diff --git a/services/actions/TestDeleteTask/action_runner.yml b/services/actions/TestDeleteTask/action_runner.yml
new file mode 100644
index 0000000000..862b715ab6
--- /dev/null
+++ b/services/actions/TestDeleteTask/action_runner.yml
@@ -0,0 +1,6 @@
+- id: 41601
+  uuid: 61a71de6-8127-40c9-a30e-63647e93edad
+  ephemeral: true
+- id: 41602
+  uuid: fae04d20-98ae-4b69-8439-213dac373e19
+  ephemeral: false
\ No newline at end of file
diff --git a/services/actions/TestDeleteTask/action_task.yml b/services/actions/TestDeleteTask/action_task.yml
new file mode 100644
index 0000000000..f9b979f437
--- /dev/null
+++ b/services/actions/TestDeleteTask/action_task.yml
@@ -0,0 +1,16 @@
+- id: 87601
+  log_filename: somebody/somerepo/15631/87601.log.zst
+  log_in_storage: false
+  status: 1 # StatusSuccess
+  runner_id: 41601
+
+- id: 87602
+  log_filename: somebody/somerepo/15632/87602.log.zst
+  log_in_storage: false
+  status: 6 # StatusRunning
+
+- id: 87603
+  log_filename: somebody/somerepo/15631/87603.log.zst
+  log_in_storage: false
+  status: 2 # StatusFailure
+  runner_id: 41602
diff --git a/services/actions/TestDeleteTask/action_task_output.yml b/services/actions/TestDeleteTask/action_task_output.yml
new file mode 100644
index 0000000000..6244bc9405
--- /dev/null
+++ b/services/actions/TestDeleteTask/action_task_output.yml
@@ -0,0 +1,14 @@
+- id: 90041
+  task_id: 87601
+  output_key: one
+  output_value: a
+
+- id: 90042
+  task_id: 87601
+  output_key: two
+  output_value: b
+
+- id: 90043
+  task_id: 87602
+  output_key: three
+  output_value: c
diff --git a/services/actions/TestDeleteTask/action_task_step.yml b/services/actions/TestDeleteTask/action_task_step.yml
new file mode 100644
index 0000000000..8050e4002d
--- /dev/null
+++ b/services/actions/TestDeleteTask/action_task_step.yml
@@ -0,0 +1,14 @@
+- id: 98801
+  name: echo OK
+  task_id: 87601
+  status: 1 # StatusSuccess
+
+- id: 98802
+  name: echo OK
+  task_id: 87602
+  status: 6 # StatusRunning
+
+- id: 98803
+  name: echo OK
+  task_id: 87603
+  status: 2 # StatusFailure
diff --git a/services/actions/job.go b/services/actions/job.go
new file mode 100644
index 0000000000..6ee8260ac7
--- /dev/null
+++ b/services/actions/job.go
@@ -0,0 +1,47 @@
+// Copyright 2026 The Forgejo Authors.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"context"
+	"fmt"
+
+	"forgejo.org/models/actions"
+	"forgejo.org/models/db"
+)
+
+// deleteJobsOfRun removes all jobs that belong to the given run, including its associated tasks. Each job has to be
+// completed for the operation to succeed.
+func deleteJobsOfRun(ctx context.Context, runID int64) error {
+	return db.WithTx(ctx, func(ctx context.Context) error {
+		jobs, err := actions.GetRunJobsByRunID(ctx, runID)
+		if err != nil {
+			return fmt.Errorf("unable to load jobs of run %d: %w", runID, err)
+		}
+
+		for _, job := range jobs {
+			if !job.Status.IsDone() {
+				return fmt.Errorf("unable to delete job %d because it has not completed yet", job.ID)
+			}
+
+			tasks, err := actions.GetTasksOfJob(ctx, job.ID)
+			if err != nil {
+				return err
+			}
+			for _, task := range tasks {
+				err = deleteTask(ctx, task.ID)
+				if err != nil {
+					return err
+				}
+			}
+
+			err = actions.DeleteJob(ctx, job.ID)
+			if err != nil {
+				return fmt.Errorf("unable to delete job %d of run %d: %w", job.ID, job.RunID, err)
+			}
+		}
+
+		return nil
+	})
+}
diff --git a/services/actions/job_test.go b/services/actions/job_test.go
new file mode 100644
index 0000000000..b669bce301
--- /dev/null
+++ b/services/actions/job_test.go
@@ -0,0 +1,45 @@
+// Copyright 2026 The Forgejo Authors.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package actions
+
+import (
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	"forgejo.org/models/unittest"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestDeleteJobsOfRun(t *testing.T) {
+	t.Run("Deletes completed job", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestDeleteJobsOfRun")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34901})
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 47301, RunID: run.ID})
+		unittest.AssertCount(t, &actions_model.ActionTask{JobID: job.ID}, 1)
+
+		require.NoError(t, deleteJobsOfRun(t.Context(), run.ID))
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunJob{ID: job.ID})
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 47302})
+		unittest.AssertCount(t, &actions_model.ActionTask{JobID: job.ID}, 0)
+	})
+
+	t.Run("Error if job has not completed", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestDeleteJobsOfRun")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34902})
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 47302, RunID: run.ID})
+		unittest.AssertCount(t, &actions_model.ActionTask{JobID: job.ID}, 1)
+
+		err := deleteJobsOfRun(t.Context(), run.ID)
+		require.ErrorContains(t, err, "unable to delete job 47302 because it has not completed yet")
+
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: job.ID})
+		unittest.AssertCount(t, &actions_model.ActionTask{JobID: job.ID}, 1)
+	})
+}
diff --git a/services/actions/run.go b/services/actions/run.go
index 891d9d8f03..d0e874ff54 100644
--- a/services/actions/run.go
+++ b/services/actions/run.go
@@ -5,6 +5,7 @@ package actions
 
 import (
 	"context"
+	"fmt"
 	"slices"
 	"strings"
 
@@ -203,3 +204,30 @@ func checkJobRunsOnStaticMatrixError(ctx context.Context, job *actions_model.Act
 
 	return true, nil
 }
+
+// DeleteRun removes a particular run including all associated artifacts, jobs, tasks, and logs. The run has to be
+// completed for the operation to succeed.
+func DeleteRun(ctx context.Context, runID int64) error {
+	return db.WithTx(ctx, func(ctx context.Context) error {
+		run, err := actions_model.GetRunByID(ctx, runID)
+		if err != nil {
+			return fmt.Errorf("unable to load run %d: %w", runID, err)
+		}
+
+		if !run.Status.IsDone() {
+			return fmt.Errorf("cannot delete run %d because it has not completed yet", run.ID)
+		}
+
+		err = actions_model.SetArtifactsOfRunDeleted(ctx, runID)
+		if err != nil {
+			return fmt.Errorf("unable to delete artifacts of run %d: %w", run.ID, err)
+		}
+
+		err = deleteJobsOfRun(ctx, run.ID)
+		if err != nil {
+			return fmt.Errorf("unable to delete jobs of run %d: %w", run.ID, err)
+		}
+
+		return actions_model.DeleteRun(ctx, run.ID)
+	})
+}
diff --git a/services/actions/run_test.go b/services/actions/run_test.go
index 61e580aed1..19cad919db 100644
--- a/services/actions/run_test.go
+++ b/services/actions/run_test.go
@@ -160,3 +160,42 @@ func TestActions_consistencyCheckRun(t *testing.T) {
 		})
 	}
 }
+
+func TestDeleteRun(t *testing.T) {
+	t.Run("Removes run and its dependencies", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestDeleteRun")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34901})
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: run.ID})
+		unittest.AssertCount(t, &actions_model.ActionArtifact{RunID: run.ID}, 2)
+
+		require.NoError(t, DeleteRun(t.Context(), run.ID))
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRun{ID: run.ID})
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunJob{ID: job.ID})
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID:  run.ID,
+			Status: int64(actions_model.ArtifactStatusPendingDeletion),
+		}, 2)
+	})
+
+	t.Run("Error if run not done", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestDeleteRun")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34902})
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: run.ID})
+		unittest.AssertCount(t, &actions_model.ActionArtifact{RunID: run.ID}, 1)
+
+		err := DeleteRun(t.Context(), run.ID)
+		require.ErrorContains(t, err, "cannot delete run 34902 because it has not completed yet")
+
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: run.ID})
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: job.ID})
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID:  run.ID,
+			Status: int64(actions_model.ArtifactStatusUploadConfirmed),
+		}, 1)
+	})
+}
diff --git a/services/actions/task.go b/services/actions/task.go
index f2525e1b3a..a08403ad08 100644
--- a/services/actions/task.go
+++ b/services/actions/task.go
@@ -367,3 +367,40 @@ func convertTimestamp(timestamp *timestamppb.Timestamp) timeutil.TimeStamp {
 	}
 	return timeutil.TimeStamp(timestamp.AsTime().Unix())
 }
+
+// deleteTask removes the given task with all associated steps, outputs, logs, and ephemeral runners, if any. For
+// deleteTask to succeed, it must have completed. If it has not, an error is returned. If the given task does not exist,
+// nothing happens.
+func deleteTask(ctx context.Context, taskID int64) error {
+	return db.WithTx(ctx, func(ctx context.Context) error {
+		task, err := actions_model.GetTaskByID(ctx, taskID)
+		if err != nil {
+			if errors.Is(err, util.ErrNotExist) {
+				return nil
+			}
+			return fmt.Errorf("unable to load task %d: %w", taskID, err)
+		}
+
+		if !task.Status.IsDone() {
+			return fmt.Errorf("unable to remove task %d because it has not completed yet", taskID)
+		}
+
+		err = actions_module.RemoveLogs(ctx, task.LogInStorage, task.LogFilename)
+		if err != nil {
+			return fmt.Errorf("unable to remove logs of task %d: %w", taskID, err)
+		}
+
+		// Whether an ephemeral runner has been used is determined based on whether it is assigned to a task.
+		// Consequently, ephemeral runners have to be cleaned up before any task can be removed.
+		err = actions_model.DeleteEphemeralRunner(ctx, task.RunnerID)
+		if err != nil {
+			return fmt.Errorf("unable to cleanup ephemeral runners before removing task %d: %w", taskID, err)
+		}
+		err = actions_model.DeleteTask(ctx, task.ID)
+		if err != nil {
+			return fmt.Errorf("unable to remove task %d: %w", task.ID, err)
+		}
+
+		return nil
+	})
+}
diff --git a/services/actions/task_test.go b/services/actions/task_test.go
index 0c2630f3a6..375359b5e8 100644
--- a/services/actions/task_test.go
+++ b/services/actions/task_test.go
@@ -6,8 +6,12 @@ import (
 
 	actions_model "forgejo.org/models/actions"
 	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
 	"forgejo.org/models/user"
+	"forgejo.org/modules/actions"
 
+	runnerv1 "code.forgejo.org/forgejo/actions-proto/runner/v1"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
@@ -97,3 +101,90 @@ jobs:
 		require.NotEmpty(t, taskContext.Fields["gitea_runtime_token"].GetStringValue())
 	})
 }
+
+func TestDeleteTask(t *testing.T) {
+	t.Run("Task removed with logs and ephemeral runner", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestDeleteTask")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 87601})
+		runner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 41601})
+		unittest.AssertCount(t, &actions_model.ActionTaskOutput{TaskID: task.ID}, 2)
+		unittest.AssertCount(t, &actions_model.ActionTaskStep{TaskID: task.ID}, 1)
+
+		_, err := actions.WriteLogs(t.Context(), task.LogFilename, 0, []*runnerv1.LogRow{{Content: "OK"}})
+		require.NoError(t, err)
+
+		logExists, err := actions.ExistsLogs(t.Context(), task.LogFilename)
+		require.NoError(t, err)
+		assert.True(t, logExists)
+
+		require.NoError(t, deleteTask(t.Context(), task.ID))
+
+		logExists, err = actions.ExistsLogs(t.Context(), task.LogFilename)
+		require.NoError(t, err)
+		assert.False(t, logExists)
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionTask{ID: task.ID})
+		unittest.AssertCount(t, &actions_model.ActionTaskOutput{TaskID: task.ID}, 0)
+		unittest.AssertCount(t, &actions_model.ActionTaskStep{TaskID: task.ID}, 0)
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunner{ID: runner.ID})
+
+		// Verify that other tasks have been left alone.
+		otherTask := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 87602})
+		unittest.AssertCount(t, &actions_model.ActionTaskOutput{TaskID: otherTask.ID}, 1)
+		unittest.AssertCount(t, &actions_model.ActionTaskStep{TaskID: otherTask.ID}, 1)
+	})
+
+	t.Run("Task removed and persistent runner kept", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestDeleteTask")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 87603})
+		runner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 41602})
+		unittest.AssertCount(t, &actions_model.ActionTaskOutput{TaskID: task.ID}, 0)
+		unittest.AssertCount(t, &actions_model.ActionTaskStep{TaskID: task.ID}, 1)
+
+		_, err := actions.WriteLogs(t.Context(), task.LogFilename, 0, []*runnerv1.LogRow{{Content: "OK"}})
+		require.NoError(t, err)
+
+		logExists, err := actions.ExistsLogs(t.Context(), task.LogFilename)
+		require.NoError(t, err)
+		assert.True(t, logExists)
+
+		require.NoError(t, deleteTask(t.Context(), task.ID))
+
+		logExists, err = actions.ExistsLogs(t.Context(), task.LogFilename)
+		require.NoError(t, err)
+		assert.False(t, logExists)
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionTask{ID: task.ID})
+		unittest.AssertCount(t, &actions_model.ActionTaskOutput{TaskID: task.ID}, 0)
+		unittest.AssertCount(t, &actions_model.ActionTaskStep{TaskID: task.ID}, 0)
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: runner.ID})
+	})
+
+	t.Run("No error if task does not exist", func(t *testing.T) {
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionTask{ID: 87601})
+		require.NoError(t, deleteTask(t.Context(), 87601))
+	})
+
+	t.Run("Error if task is not done", func(t *testing.T) {
+		defer unittest.OverrideFixtures("services/actions/TestDeleteTask")()
+		require.NoError(t, unittest.PrepareTestDatabase())
+
+		task := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: 87602})
+		unittest.AssertCount(t, &actions_model.ActionTaskOutput{TaskID: task.ID}, 1)
+		unittest.AssertCount(t, &actions_model.ActionTaskStep{TaskID: task.ID}, 1)
+
+		err := deleteTask(t.Context(), task.ID)
+		require.ErrorContains(t, err, "unable to remove task 87602 because it has not completed yet")
+
+		// Verify nothing has been deleted.
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionTask{ID: task.ID})
+		unittest.AssertCount(t, &actions_model.ActionTaskOutput{TaskID: task.ID}, 1)
+		unittest.AssertCount(t, &actions_model.ActionTaskStep{TaskID: task.ID}, 1)
+	})
+}
diff --git a/templates/repo/actions/view.tmpl b/templates/repo/actions/view.tmpl
index 04aced83d1..e005ee412d 100644
--- a/templates/repo/actions/view.tmpl
+++ b/templates/repo/actions/view.tmpl
@@ -17,6 +17,9 @@
 		data-locale-cancel="{{ctx.Locale.Tr "cancel"}}"
 		data-locale-rerun="{{ctx.Locale.Tr "rerun"}}"
 		data-locale-rerun-all="{{ctx.Locale.Tr "rerun_all"}}"
+		data-locale-delete="{{ctx.Locale.Tr "actions.runs.delete.button"}}"
+		data-locale-delete-error="{{ctx.Locale.Tr "actions.runs.delete.error"}}"
+		data-locale-confirm-delete="{{ctx.Locale.Tr "actions.runs.delete.confirm_action"}}"
 		data-locale-status-unknown="{{ctx.Locale.Tr "actions.status.unknown"}}"
 		data-locale-status-waiting="{{ctx.Locale.Tr "actions.status.waiting"}}"
 		data-locale-status-running="{{ctx.Locale.Tr "actions.status.running"}}"
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index e0afb22d54..a0e6cc8e4a 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -6089,6 +6089,55 @@
             "$ref": "#/responses/notFound"
           }
         }
+      },
+      "delete": {
+        "description": "Remove a particular workflow run. The workflow run must have completed (succeeded, failed, cancelled) for the operation to succeed. Otherwise, an error is returned.\n",
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "repository"
+        ],
+        "summary": "Delete a completed workflow run.",
+        "operationId": "DeleteActionRun",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "owner of the repo",
+            "name": "owner",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "name of the repo",
+            "name": "repo",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "integer",
+            "format": "int64",
+            "description": "id of the action run",
+            "name": "run_id",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "Workflow run has been removed"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
       }
     },
     "/repos/{owner}/{repo}/actions/runs/{run_id}/artifacts": {
diff --git a/tests/integration/actions_run_test.go b/tests/integration/actions_run_test.go
new file mode 100644
index 0000000000..64210f1a71
--- /dev/null
+++ b/tests/integration/actions_run_test.go
@@ -0,0 +1,123 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	actions_model "forgejo.org/models/actions"
+	repo_model "forgejo.org/models/repo"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestActionRunDeletion(t *testing.T) {
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+	user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+	repo62 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 62, OwnerID: user2.ID})
+
+	sessUser2 := loginUser(t, user2.Name)
+	sessUser5 := loginUser(t, user5.Name)
+
+	t.Run("Run removed", func(t *testing.T) {
+		defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionRunDeletion")()
+		defer tests.PrepareTestEnv(t)()
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34901})
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: run.ID})
+		unittest.AssertCount(t, &actions_model.ActionArtifact{RunID: run.ID}, 2)
+		runner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 41601})
+
+		requestURL := fmt.Sprintf("/%s/actions/runs/%d/delete", repo1.FullName(), run.Index)
+		request := NewRequest(t, "POST", requestURL)
+		response := sessUser2.MakeRequest(t, request, http.StatusOK)
+		assert.JSONEq(t, `{"ok":true}`, response.Body.String())
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRun{ID: run.ID})
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunJob{ID: job.ID})
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID:  run.ID,
+			Status: int64(actions_model.ArtifactStatusPendingDeletion),
+		}, 2)
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunner{ID: runner.ID})
+	})
+
+	t.Run("Error if run has not completed", func(t *testing.T) {
+		defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionRunDeletion")()
+		defer tests.PrepareTestEnv(t)()
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34902})
+
+		requestURL := fmt.Sprintf("/%s/actions/runs/%d/delete", repo1.FullName(), run.Index)
+		request := NewRequest(t, "POST", requestURL)
+		response := sessUser2.MakeRequest(t, request, http.StatusInternalServerError)
+		assert.JSONEq(t, `{"message":"Could not delete run."}`, response.Body.String())
+
+		// Verify that the run still exists.
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: run.ID})
+	})
+
+	t.Run("Nothing happens if run does not belong to repository", func(t *testing.T) {
+		defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionRunDeletion")()
+		defer tests.PrepareTestEnv(t)()
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34901})
+
+		requestURL := fmt.Sprintf("/%s/actions/runs/%d/delete", repo62.FullName(), run.Index)
+		request := NewRequest(t, "POST", requestURL)
+		response := sessUser2.MakeRequest(t, request, http.StatusOK)
+		assert.JSONEq(t, `{"ok":true}`, response.Body.String())
+
+		// Verify that the run still exists.
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: run.ID})
+	})
+
+	t.Run("Nothing happens if run does not exist", func(t *testing.T) {
+		defer tests.PrepareTestEnv(t)()
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRun{Index: 260871})
+
+		requestURL := fmt.Sprintf("/%s/actions/runs/%d/delete", repo1.FullName(), 260871)
+		request := NewRequest(t, "POST", requestURL)
+		response := sessUser2.MakeRequest(t, request, http.StatusOK)
+		assert.JSONEq(t, `{"ok":true}`, response.Body.String())
+	})
+
+	t.Run("Removal requires ownership", func(t *testing.T) {
+		defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionRunDeletion")()
+		defer tests.PrepareTestEnv(t)()
+
+		isCollaborator, err := repo_model.IsCollaborator(t.Context(), repo1.ID, user5.ID)
+		require.NoError(t, err)
+		require.True(t, isCollaborator)
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34901})
+
+		requestURL := fmt.Sprintf("/%s/actions/runs/%d/delete", repo1.FullName(), run.Index)
+		request := NewRequest(t, "POST", requestURL)
+		MakeRequest(t, request, http.StatusNotFound)
+
+		// Verify that run still exists
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: run.ID})
+
+		request = NewRequest(t, "POST", requestURL)
+		sessUser5.MakeRequest(t, request, http.StatusNotFound)
+
+		// Verify that run still exists
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: run.ID})
+
+		request = NewRequest(t, "POST", requestURL)
+		sessUser2.MakeRequest(t, request, http.StatusOK)
+
+		// Verify that run no longer exists
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRun{ID: run.ID})
+	})
+}
diff --git a/tests/integration/actions_view_test.go b/tests/integration/actions_view_test.go
index 5275198eff..16a79581dc 100644
--- a/tests/integration/actions_view_test.go
+++ b/tests/integration/actions_view_test.go
@@ -14,6 +14,7 @@ import (
 	"testing"
 
 	actions_model "forgejo.org/models/actions"
+	repo_model "forgejo.org/models/repo"
 	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
@@ -147,7 +148,7 @@ func TestActionViewsView(t *testing.T) {
 			runIndex:          187,
 			jobIndex:          0,
 			attempt:           1,
-			expectedJSON:      "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/187\",\"title\":\"update actions\",\"titleHTML\":\"update actions\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"description\":\"Commit <a href=\\\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\\\">c2d72f5484</a> pushed by <a href=\\\"/user1\\\">user1</a>\",\"done\":true,\"jobs\":[{\"id\":192,\"name\":\"job_2\",\"status\":\"success\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Success\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"success\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"success\"}],\"allAttempts\":[{\"number\":3,\"time_since_started_html\":\"_time_\",\"status\":\"running\",\"status_diagnostics\":[\"Running\"]},{\"number\":2,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]},{\"number\":1,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]}]}},\"logs\":{\"stepsLog\":[]}}\n",
+			expectedJSON:      "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/187\",\"title\":\"update actions\",\"titleHTML\":\"update actions\",\"status\":\"success\",\"canCancel\":false,\"canDelete\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"description\":\"Commit <a href=\\\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\\\">c2d72f5484</a> pushed by <a href=\\\"/user1\\\">user1</a>\",\"done\":true,\"jobs\":[{\"id\":192,\"name\":\"job_2\",\"status\":\"success\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Success\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"success\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"success\"}],\"allAttempts\":[{\"number\":3,\"time_since_started_html\":\"_time_\",\"status\":\"running\",\"status_diagnostics\":[\"Running\"]},{\"number\":2,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]},{\"number\":1,\"time_since_started_html\":\"_time_\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]}]}},\"logs\":{\"stepsLog\":[]}}\n",
 			expectedArtifacts: "{\"artifacts\":[{\"name\":\"multi-file-download\",\"size\":2048,\"status\":\"completed\"}]}\n",
 		},
 		{
@@ -156,7 +157,7 @@ func TestActionViewsView(t *testing.T) {
 			runIndex:          209,
 			jobIndex:          0,
 			attempt:           1,
-			expectedJSON:      "{\"state\":{\"run\":{\"link\":\"/user5/repo4/actions/runs/209\",\"title\":\"A scheduled workflow\",\"titleHTML\":\"A scheduled workflow\",\"status\":\"waiting\",\"description\":\"Scheduled run of commit \\u003ca href=\\\"/user5/repo4/commit/64357baca84bfff631e7dfae5a3433b26d005646\\\"\\u003e64357baca8\\u003c/a\\u003e\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":false,\"jobs\":[{\"id\":2153,\"name\":\"job_2\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"64357baca8\",\"link\":\"/user5/repo4/commit/64357baca84bfff631e7dfae5a3433b26d005646\",\"pusher\":{\"displayName\":\"forgejo-actions\",\"link\":\"/forgejo-actions\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}},\"preExecutionError\":\"\"},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Waiting for a runner with the following labels: debian, gpu\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"success\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"success\"}],\"allAttempts\":[{\"number\":1,\"time_since_started_html\":\"-\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]}]}},\"logs\":{\"stepsLog\":[]}}\n",
+			expectedJSON:      "{\"state\":{\"run\":{\"link\":\"/user5/repo4/actions/runs/209\",\"title\":\"A scheduled workflow\",\"titleHTML\":\"A scheduled workflow\",\"status\":\"waiting\",\"description\":\"Scheduled run of commit \\u003ca href=\\\"/user5/repo4/commit/64357baca84bfff631e7dfae5a3433b26d005646\\\"\\u003e64357baca8\\u003c/a\\u003e\",\"canCancel\":false,\"canDelete\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":false,\"jobs\":[{\"id\":2153,\"name\":\"job_2\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"64357baca8\",\"link\":\"/user5/repo4/commit/64357baca84bfff631e7dfae5a3433b26d005646\",\"pusher\":{\"displayName\":\"forgejo-actions\",\"link\":\"/forgejo-actions\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}},\"preExecutionError\":\"\"},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Waiting for a runner with the following labels: debian, gpu\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"success\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"success\"}],\"allAttempts\":[{\"number\":1,\"time_since_started_html\":\"-\",\"status\":\"success\",\"status_diagnostics\":[\"Success\"]}]}},\"logs\":{\"stepsLog\":[]}}\n",
 			expectedArtifacts: "{\"artifacts\":[]}\n",
 		},
 		{
@@ -165,7 +166,7 @@ func TestActionViewsView(t *testing.T) {
 			runIndex:          210,
 			jobIndex:          0,
 			attempt:           1,
-			expectedJSON:      "{\"state\":{\"run\":{\"link\":\"/user5/repo4/actions/runs/210\",\"title\":\"A triggered run\",\"titleHTML\":\"A triggered run\",\"status\":\"waiting\",\"description\":\"Run of commit \\u003ca href=\\\"/user5/repo4/commit/f4100ac14112a3740490afb22b07b69b0b5d4e8b\\\"\\u003ef4100ac141\\u003c/a\\u003e triggered by \\u003ca href=\\\"/user29\\\"\\u003euser29\\u003c/a\\u003e\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":false,\"jobs\":[{\"id\":2154,\"name\":\"mirror\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"f4100ac141\",\"link\":\"/user5/repo4/commit/f4100ac14112a3740490afb22b07b69b0b5d4e8b\",\"pusher\":{\"displayName\":\"user29\",\"link\":\"/user29\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}},\"preExecutionError\":\"\"},\"currentJob\":{\"title\":\"mirror\",\"details\":[\"Waiting for a runner with the following label: windows\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"running\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"waiting\"}],\"allAttempts\":[{\"number\":1,\"time_since_started_html\":\"-\",\"status\":\"waiting\",\"status_diagnostics\":[\"Waiting for a runner with the following label: windows\"]}]}},\"logs\":{\"stepsLog\":[]}}\n",
+			expectedJSON:      "{\"state\":{\"run\":{\"link\":\"/user5/repo4/actions/runs/210\",\"title\":\"A triggered run\",\"titleHTML\":\"A triggered run\",\"status\":\"waiting\",\"description\":\"Run of commit \\u003ca href=\\\"/user5/repo4/commit/f4100ac14112a3740490afb22b07b69b0b5d4e8b\\\"\\u003ef4100ac141\\u003c/a\\u003e triggered by \\u003ca href=\\\"/user29\\\"\\u003euser29\\u003c/a\\u003e\",\"canCancel\":false,\"canDelete\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"done\":false,\"jobs\":[{\"id\":2154,\"name\":\"mirror\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"f4100ac141\",\"link\":\"/user5/repo4/commit/f4100ac14112a3740490afb22b07b69b0b5d4e8b\",\"pusher\":{\"displayName\":\"user29\",\"link\":\"/user29\"},\"branch\":{\"name\":\"master\",\"link\":\"/user5/repo4/src/branch/master\",\"isDeleted\":false}},\"preExecutionError\":\"\"},\"currentJob\":{\"title\":\"mirror\",\"details\":[\"Waiting for a runner with the following label: windows\"],\"steps\":[{\"summary\":\"Set up job\",\"duration\":\"_duration_\",\"status\":\"running\"},{\"summary\":\"Complete job\",\"duration\":\"_duration_\",\"status\":\"waiting\"}],\"allAttempts\":[{\"number\":1,\"time_since_started_html\":\"-\",\"status\":\"waiting\",\"status_diagnostics\":[\"Waiting for a runner with the following label: windows\"]}]}},\"logs\":{\"stepsLog\":[]}}\n",
 			expectedArtifacts: "{\"artifacts\":[]}\n",
 		},
 	}
@@ -229,7 +230,7 @@ func TestActionViewsViewAttemptOutOfRange(t *testing.T) {
 		re = regexp.MustCompile(pattern)
 		actualClean = re.ReplaceAllString(actualClean, `"time_since_started_html":"_time_"`)
 
-		return assert.JSONEq(t, "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/190\",\"title\":\"job output\",\"titleHTML\":\"job output\",\"status\":\"success\",\"canCancel\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"description\":\"Commit <a href=\\\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\\\">c2d72f5484</a> pushed by <a href=\\\"/user1\\\">user1</a>\",\"done\":false,\"jobs\":[{\"id\":396,\"name\":\"job_2\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"test\",\"link\":\"/user5/repo4/src/branch/test\",\"isDeleted\":true}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Waiting for a runner with the following label: fedora\"],\"steps\":[],\"allAttempts\":null}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
+		return assert.JSONEq(t, "{\"state\":{\"run\":{\"preExecutionError\":\"\",\"link\":\"/user5/repo4/actions/runs/190\",\"title\":\"job output\",\"titleHTML\":\"job output\",\"status\":\"success\",\"canCancel\":false,\"canDelete\":false,\"canApprove\":false,\"canRerun\":false,\"canDeleteArtifact\":false,\"description\":\"Commit <a href=\\\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\\\">c2d72f5484</a> pushed by <a href=\\\"/user1\\\">user1</a>\",\"done\":false,\"jobs\":[{\"id\":396,\"name\":\"job_2\",\"status\":\"waiting\",\"canRerun\":false,\"duration\":\"_duration_\"}],\"commit\":{\"localeWorkflow\":\"Workflow\",\"localeAllRuns\":\"all runs\",\"shortSHA\":\"c2d72f5484\",\"link\":\"/user5/repo4/commit/c2d72f548424103f01ee1dc02889c1e2bff816b0\",\"pusher\":{\"displayName\":\"user1\",\"link\":\"/user1\"},\"branch\":{\"name\":\"test\",\"link\":\"/user5/repo4/src/branch/test\",\"isDeleted\":true}}},\"currentJob\":{\"title\":\"job_2\",\"details\":[\"Waiting for a runner with the following label: fedora\"],\"steps\":[],\"allAttempts\":null}},\"logs\":{\"stepsLog\":[]}}\n", actualClean)
 	})
 	htmlDoc.AssertAttrEqual(t, selector, "data-initial-artifacts-response", "{\"artifacts\":[]}\n")
 }
@@ -258,3 +259,62 @@ func TestActionTabAccessibleFromRepo(t *testing.T) {
 		return true
 	})
 }
+
+func TestActionViewRunDeletion(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionViewRunDeletion")()
+	defer tests.PrepareTestEnv(t)()
+
+	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+	user5 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 5})
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+
+	sessionUser2 := loginUser(t, user2.Name)
+	sessionUser5 := loginUser(t, user5.Name)
+
+	isCollaborator, err := repo_model.IsCollaborator(t.Context(), repo1.ID, user5.ID)
+	require.NoError(t, err)
+	require.True(t, isCollaborator)
+
+	testCases := []struct {
+		name       string
+		sess       *TestSession
+		requestURL string
+		canDelete  bool
+	}{
+		{
+			name:       "Repo owner can delete completed run",
+			sess:       sessionUser2,
+			requestURL: fmt.Sprintf("/%s/actions/runs/3161/jobs/0/attempt/1", repo1.FullName()),
+			canDelete:  true,
+		},
+		{
+			name:       "Collaborator cannot delete completed run",
+			sess:       sessionUser5,
+			requestURL: fmt.Sprintf("/%s/actions/runs/3161/jobs/0/attempt/1", repo1.FullName()),
+			canDelete:  false,
+		},
+		{
+			name:       "Repo owner cannot delete running run",
+			sess:       sessionUser2,
+			requestURL: fmt.Sprintf("/%s/actions/runs/3162/jobs/0/attempt/1", repo1.FullName()),
+			canDelete:  false,
+		},
+		{
+			name:       "Collaborator cannot delete running run",
+			sess:       sessionUser5,
+			requestURL: fmt.Sprintf("/%s/actions/runs/3162/jobs/0/attempt/1", repo1.FullName()),
+			canDelete:  false,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.name, func(t *testing.T) {
+			req := NewRequest(t, "GET", testCase.requestURL)
+			resp := testCase.sess.MakeRequest(t, req, http.StatusOK)
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			htmlDoc.AssertAttrPredicate(t, "#repo-action-view", "data-initial-post-response", func(actual string) bool {
+				return assert.Contains(t, actual, fmt.Sprintf(`"canDelete":%t`, testCase.canDelete))
+			})
+		})
+	}
+}
diff --git a/tests/integration/api_repo_actions_test.go b/tests/integration/api_repo_actions_test.go
index 605d55c469..1331ba0959 100644
--- a/tests/integration/api_repo_actions_test.go
+++ b/tests/integration/api_repo_actions_test.go
@@ -671,6 +671,121 @@ func TestAPIRepoActionsRunnerOperations(t *testing.T) {
 	})
 }
 
+func TestActionsAPIDeleteActionRun(t *testing.T) {
+	t.Run("Run removed", func(t *testing.T) {
+		defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionsAPIDeleteActionRun")()
+		defer tests.PrepareTestEnv(t)()
+
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+		session := loginUser(t, user2.Name)
+		writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34901})
+		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{RunID: run.ID})
+		unittest.AssertCount(t, &actions_model.ActionArtifact{RunID: run.ID}, 2)
+		runner := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunner{ID: 41601})
+
+		requestURL := fmt.Sprintf("/api/v1/repos/%s/actions/runs/%d", repo1.FullName(), run.ID)
+		request := NewRequest(t, "DELETE", requestURL)
+		request.AddTokenAuth(writeToken)
+		MakeRequest(t, request, http.StatusNoContent)
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRun{ID: run.ID})
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunJob{ID: job.ID})
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID:  run.ID,
+			Status: int64(actions_model.ArtifactStatusPendingDeletion),
+		}, 2)
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRunner{ID: runner.ID})
+	})
+
+	t.Run("Error if run has not completed", func(t *testing.T) {
+		defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionsAPIDeleteActionRun")()
+		defer tests.PrepareTestEnv(t)()
+
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+		session := loginUser(t, user2.Name)
+		writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34902})
+
+		requestURL := fmt.Sprintf("/api/v1/repos/%s/actions/runs/%d", repo1.FullName(), run.ID)
+		request := NewRequest(t, "DELETE", requestURL)
+		request.AddTokenAuth(writeToken)
+		MakeRequest(t, request, http.StatusInternalServerError)
+
+		// Verify that the run still exists.
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: run.ID})
+	})
+
+	t.Run("Not found if run does not belong to repository", func(t *testing.T) {
+		defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionsAPIDeleteActionRun")()
+		defer tests.PrepareTestEnv(t)()
+
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		repo62 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 62, OwnerID: user2.ID})
+		session := loginUser(t, user2.Name)
+		writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34901})
+
+		requestURL := fmt.Sprintf("/api/v1/repos/%s/actions/runs/%d", repo62.FullName(), run.ID)
+		request := NewRequest(t, "DELETE", requestURL)
+		request.AddTokenAuth(writeToken)
+		MakeRequest(t, request, http.StatusNotFound)
+
+		// Verify that the run still exists.
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: run.ID})
+	})
+
+	t.Run("No found if run does not exist", func(t *testing.T) {
+		defer tests.PrepareTestEnv(t)()
+
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+		session := loginUser(t, user2.Name)
+		writeToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+
+		unittest.AssertNotExistsBean(t, &actions_model.ActionRun{ID: 260871})
+
+		requestURL := fmt.Sprintf("/api/v1/repos/%s/actions/runs/260871", repo1.FullName())
+		request := NewRequest(t, "DELETE", requestURL)
+		request.AddTokenAuth(writeToken)
+		MakeRequest(t, request, http.StatusNotFound)
+	})
+
+	t.Run("Run removal requires write token", func(t *testing.T) {
+		defer unittest.OverrideFixtures("tests/integration/fixtures/TestActionsAPIDeleteActionRun")()
+		defer tests.PrepareTestEnv(t)()
+
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1, OwnerID: user2.ID})
+		session := loginUser(t, user2.Name)
+		readToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+
+		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 34901})
+
+		requestURL := fmt.Sprintf("/api/v1/repos/%s/actions/runs/%d", repo1.FullName(), run.ID)
+		request := NewRequest(t, "DELETE", requestURL)
+		request.AddTokenAuth(readToken)
+		response := MakeRequest(t, request, http.StatusForbidden)
+
+		type errorResponse struct {
+			Message string `json:"message"`
+		}
+
+		var errorMessage *errorResponse
+		DecodeJSON(t, response, &errorMessage)
+
+		assert.Equal(t, "token does not have at least one of required scope(s): [write:repository]", errorMessage.Message)
+
+		// Verify that the run still exists.
+		unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: run.ID})
+	})
+}
+
 func TestActionsAPIListActionRunJobs(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
diff --git a/tests/integration/fixtures/TestActionRunDeletion/action_artifact.yml b/tests/integration/fixtures/TestActionRunDeletion/action_artifact.yml
new file mode 100644
index 0000000000..73697d9d69
--- /dev/null
+++ b/tests/integration/fixtures/TestActionRunDeletion/action_artifact.yml
@@ -0,0 +1,9 @@
+- id: 19401
+  run_id: 34901
+  status: 2 # ArtifactStatusUploadConfirmed
+- id: 19402
+  run_id: 34901
+  status: 1 # ArtifactStatusUploadPending
+- id: 19403
+  run_id: 34902
+  status: 2 # ArtifactStatusUploadConfirmed
diff --git a/tests/integration/fixtures/TestActionRunDeletion/action_run.yml b/tests/integration/fixtures/TestActionRunDeletion/action_run.yml
new file mode 100644
index 0000000000..b097261695
--- /dev/null
+++ b/tests/integration/fixtures/TestActionRunDeletion/action_run.yml
@@ -0,0 +1,11 @@
+- id: 34901
+  repo_id: 1
+  owner_id: 2
+  index: 3161
+  status: 2 # StatusFailure
+
+- id: 34902
+  repo_id: 1
+  owner_id: 2
+  index: 3162
+  status: 5 # StatusWaiting
diff --git a/tests/integration/fixtures/TestActionRunDeletion/action_run_job.yml b/tests/integration/fixtures/TestActionRunDeletion/action_run_job.yml
new file mode 100644
index 0000000000..3cc196d9fe
--- /dev/null
+++ b/tests/integration/fixtures/TestActionRunDeletion/action_run_job.yml
@@ -0,0 +1,7 @@
+- id: 47301
+  run_id: 34901
+  status: 2 # StatusFailure
+
+- id: 47302
+  run_id: 34902
+  status: 5 # StatusWaiting
diff --git a/tests/integration/fixtures/TestActionRunDeletion/action_runner.yml b/tests/integration/fixtures/TestActionRunDeletion/action_runner.yml
new file mode 100644
index 0000000000..5462b8e0ec
--- /dev/null
+++ b/tests/integration/fixtures/TestActionRunDeletion/action_runner.yml
@@ -0,0 +1,5 @@
+- id: 41601
+  owner_id: 0
+  repo_id: 1
+  uuid: 61a71de6-8127-40c9-a30e-63647e93edad
+  ephemeral: true
\ No newline at end of file
diff --git a/tests/integration/fixtures/TestActionRunDeletion/action_task.yml b/tests/integration/fixtures/TestActionRunDeletion/action_task.yml
new file mode 100644
index 0000000000..746486e834
--- /dev/null
+++ b/tests/integration/fixtures/TestActionRunDeletion/action_task.yml
@@ -0,0 +1,12 @@
+- id: 87601
+  job_id: 47301
+  log_filename: somebody/somerepo/15631/87601.log.zst
+  log_in_storage: false
+  status: 2 # StatusFailure
+  runner_id: 41601
+
+- id: 87602
+  job_id: 47302
+  log_filename: somebody/somerepo/15632/87602.log.zst
+  log_in_storage: false
+  status: 5 # StatusWaiting
diff --git a/tests/integration/fixtures/TestActionRunDeletion/action_task_output.yml b/tests/integration/fixtures/TestActionRunDeletion/action_task_output.yml
new file mode 100644
index 0000000000..6244bc9405
--- /dev/null
+++ b/tests/integration/fixtures/TestActionRunDeletion/action_task_output.yml
@@ -0,0 +1,14 @@
+- id: 90041
+  task_id: 87601
+  output_key: one
+  output_value: a
+
+- id: 90042
+  task_id: 87601
+  output_key: two
+  output_value: b
+
+- id: 90043
+  task_id: 87602
+  output_key: three
+  output_value: c
diff --git a/tests/integration/fixtures/TestActionRunDeletion/action_task_step.yml b/tests/integration/fixtures/TestActionRunDeletion/action_task_step.yml
new file mode 100644
index 0000000000..e001b9f3a9
--- /dev/null
+++ b/tests/integration/fixtures/TestActionRunDeletion/action_task_step.yml
@@ -0,0 +1,9 @@
+- id: 98801
+  name: echo OK
+  task_id: 87601
+  status: 2 # StatusFailure
+
+- id: 98802
+  name: echo OK
+  task_id: 87602
+  status: 5 # StatusWaiting
diff --git a/tests/integration/fixtures/TestActionRunDeletion/collaboration.yml b/tests/integration/fixtures/TestActionRunDeletion/collaboration.yml
new file mode 100644
index 0000000000..117d26490b
--- /dev/null
+++ b/tests/integration/fixtures/TestActionRunDeletion/collaboration.yml
@@ -0,0 +1,4 @@
+- id: 393701
+  repo_id: 1
+  user_id: 5
+  mode: 2 # write
diff --git a/tests/integration/fixtures/TestActionViewRunDeletion/action_run.yml b/tests/integration/fixtures/TestActionViewRunDeletion/action_run.yml
new file mode 100644
index 0000000000..325aeb38c2
--- /dev/null
+++ b/tests/integration/fixtures/TestActionViewRunDeletion/action_run.yml
@@ -0,0 +1,11 @@
+- id: 34901
+  repo_id: 1
+  owner_id: 2
+  index: 3161
+  status: 1 # StatusSuccess
+
+- id: 34902
+  repo_id: 1
+  owner_id: 2
+  index: 3162
+  status: 6 # StatusRunning
diff --git a/tests/integration/fixtures/TestActionViewRunDeletion/action_run_job.yml b/tests/integration/fixtures/TestActionViewRunDeletion/action_run_job.yml
new file mode 100644
index 0000000000..79e5cd1502
--- /dev/null
+++ b/tests/integration/fixtures/TestActionViewRunDeletion/action_run_job.yml
@@ -0,0 +1,7 @@
+- id: 47301
+  run_id: 34901
+  status: 1 # StatusSuccess
+
+- id: 47302
+  run_id: 34902
+  status: 6 # StatusRunning
diff --git a/tests/integration/fixtures/TestActionViewRunDeletion/action_task.yml b/tests/integration/fixtures/TestActionViewRunDeletion/action_task.yml
new file mode 100644
index 0000000000..1a86ffd28e
--- /dev/null
+++ b/tests/integration/fixtures/TestActionViewRunDeletion/action_task.yml
@@ -0,0 +1,11 @@
+- id: 87601
+  job_id: 47301
+  log_filename: somebody/somerepo/15631/87601.log.zst
+  log_in_storage: false
+  status: 1 # StatusSuccess
+
+- id: 87602
+  job_id: 47302
+  log_filename: somebody/somerepo/15632/87602.log.zst
+  log_in_storage: false
+  status: 6 # StatusRunning
diff --git a/tests/integration/fixtures/TestActionViewRunDeletion/action_task_step.yml b/tests/integration/fixtures/TestActionViewRunDeletion/action_task_step.yml
new file mode 100644
index 0000000000..b438f959ba
--- /dev/null
+++ b/tests/integration/fixtures/TestActionViewRunDeletion/action_task_step.yml
@@ -0,0 +1,9 @@
+- id: 98801
+  name: echo OK
+  task_id: 87601
+  status: 1 # StatusSuccess
+
+- id: 98802
+  name: echo OK
+  task_id: 87602
+  status: 6 # StatusRunning
diff --git a/tests/integration/fixtures/TestActionViewRunDeletion/collaboration.yml b/tests/integration/fixtures/TestActionViewRunDeletion/collaboration.yml
new file mode 100644
index 0000000000..117d26490b
--- /dev/null
+++ b/tests/integration/fixtures/TestActionViewRunDeletion/collaboration.yml
@@ -0,0 +1,4 @@
+- id: 393701
+  repo_id: 1
+  user_id: 5
+  mode: 2 # write
diff --git a/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_artifact.yml b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_artifact.yml
new file mode 100644
index 0000000000..73697d9d69
--- /dev/null
+++ b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_artifact.yml
@@ -0,0 +1,9 @@
+- id: 19401
+  run_id: 34901
+  status: 2 # ArtifactStatusUploadConfirmed
+- id: 19402
+  run_id: 34901
+  status: 1 # ArtifactStatusUploadPending
+- id: 19403
+  run_id: 34902
+  status: 2 # ArtifactStatusUploadConfirmed
diff --git a/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_run.yml b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_run.yml
new file mode 100644
index 0000000000..c388610d33
--- /dev/null
+++ b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_run.yml
@@ -0,0 +1,9 @@
+- id: 34901
+  repo_id: 1
+  owner_id: 2
+  status: 2 # StatusFailure
+
+- id: 34902
+  repo_id: 1
+  owner_id: 2
+  status: 5 # StatusWaiting
diff --git a/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_run_job.yml b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_run_job.yml
new file mode 100644
index 0000000000..3cc196d9fe
--- /dev/null
+++ b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_run_job.yml
@@ -0,0 +1,7 @@
+- id: 47301
+  run_id: 34901
+  status: 2 # StatusFailure
+
+- id: 47302
+  run_id: 34902
+  status: 5 # StatusWaiting
diff --git a/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_runner.yml b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_runner.yml
new file mode 100644
index 0000000000..5462b8e0ec
--- /dev/null
+++ b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_runner.yml
@@ -0,0 +1,5 @@
+- id: 41601
+  owner_id: 0
+  repo_id: 1
+  uuid: 61a71de6-8127-40c9-a30e-63647e93edad
+  ephemeral: true
\ No newline at end of file
diff --git a/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task.yml b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task.yml
new file mode 100644
index 0000000000..746486e834
--- /dev/null
+++ b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task.yml
@@ -0,0 +1,12 @@
+- id: 87601
+  job_id: 47301
+  log_filename: somebody/somerepo/15631/87601.log.zst
+  log_in_storage: false
+  status: 2 # StatusFailure
+  runner_id: 41601
+
+- id: 87602
+  job_id: 47302
+  log_filename: somebody/somerepo/15632/87602.log.zst
+  log_in_storage: false
+  status: 5 # StatusWaiting
diff --git a/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task_output.yml b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task_output.yml
new file mode 100644
index 0000000000..6244bc9405
--- /dev/null
+++ b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task_output.yml
@@ -0,0 +1,14 @@
+- id: 90041
+  task_id: 87601
+  output_key: one
+  output_value: a
+
+- id: 90042
+  task_id: 87601
+  output_key: two
+  output_value: b
+
+- id: 90043
+  task_id: 87602
+  output_key: three
+  output_value: c
diff --git a/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task_step.yml b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task_step.yml
new file mode 100644
index 0000000000..b438f959ba
--- /dev/null
+++ b/tests/integration/fixtures/TestActionsAPIDeleteActionRun/action_task_step.yml
@@ -0,0 +1,9 @@
+- id: 98801
+  name: echo OK
+  task_id: 87601
+  status: 1 # StatusSuccess
+
+- id: 98802
+  name: echo OK
+  task_id: 87602
+  status: 6 # StatusRunning
diff --git a/web_src/js/components/RepoActionView.test.js b/web_src/js/components/RepoActionView.test.js
index fb6af25dd0..574be2992b 100644
--- a/web_src/js/components/RepoActionView.test.js
+++ b/web_src/js/components/RepoActionView.test.js
@@ -6,6 +6,8 @@ const testLocale = {
   approve: 'Locale Approve',
   cancel: 'Locale Cancel',
   rerun: 'Locale Re-run',
+  delete: 'Locale Delete',
+  confirmDelete: '',
   artifactsTitle: 'artifactTitleHere',
   areYouSure: '',
   confirmDeleteArtifact: '',
@@ -168,6 +170,7 @@ function configureForMultipleAttemptTests({viewHistorical}) {
       canApprove: true,
       canCancel: true,
       canRerun: true,
+      canDelete: false,
       status: 'success',
       commit: {
         pusher: {},
diff --git a/web_src/js/components/RepoActionView.vue b/web_src/js/components/RepoActionView.vue
index bd7404ddaf..5550d84c85 100644
--- a/web_src/js/components/RepoActionView.vue
+++ b/web_src/js/components/RepoActionView.vue
@@ -4,6 +4,7 @@ import ActionRunStatus from './ActionRunStatus.vue';
 import ActionJobStepList from './ActionJobStepList.vue';
 import {toggleElem} from '../utils/dom.js';
 import {GET, POST, DELETE} from '../modules/fetch.js';
+import {showErrorToast} from '../modules/toast.js';
 
 export default {
   name: 'RepoActionView',
@@ -86,6 +87,7 @@ export default {
         canCancel: false,
         canApprove: false,
         canRerun: false,
+        canDelete: false,
         done: false,
         preExecutionError: '',
         jobs: [
@@ -237,6 +239,21 @@ export default {
       }
     },
 
+    async deleteRun() {
+      if (!window.confirm(this.locale.confirmDelete)) {
+        return;
+      }
+
+      const response = await POST(`${this.run.link}/delete`);
+
+      if (response.ok) {
+        window.location.href = this.workflowURL;
+        return;
+      }
+
+      showErrorToast(this.locale.deleteError, {duration: 5000});
+    },
+
     // cancel a run
     cancelRun() {
       POST(`${this.run.link}/cancel`);
@@ -474,6 +491,9 @@ export default {
           {{ locale.approve }}
         </button>
         <div class="action-info-summary-actions" v-else>
+          <button id="delete-run" class="ui basic small compact button red" @click="deleteRun()" v-if="run.canDelete">
+            {{ locale.delete }}
+          </button>
           <button class="ui basic small compact button red" @click="cancelRun()" v-if="canCancel">
             {{ locale.cancel }}
           </button>
diff --git a/web_src/js/features/repo-action-view.ts b/web_src/js/features/repo-action-view.ts
index 946927bf06..34cce9edc4 100644
--- a/web_src/js/features/repo-action-view.ts
+++ b/web_src/js/features/repo-action-view.ts
@@ -29,6 +29,9 @@ export async function initRepositoryActionView() {
       approve: el.getAttribute('data-locale-approve'),
       cancel: el.getAttribute('data-locale-cancel'),
       rerun: el.getAttribute('data-locale-rerun'),
+      delete: el.getAttribute('data-locale-delete'),
+      confirmDelete: el.getAttribute('data-locale-confirm-delete'),
+      deleteError: el.getAttribute('data-locale-delete-error'),
       artifactsTitle: el.getAttribute('data-locale-artifacts-title'),
       areYouSure: el.getAttribute('data-locale-are-you-sure'),
       confirmDeleteArtifact: el.getAttribute('data-locale-confirm-delete-artifact'),

From ba1c3e0288bc35d82812275b3d1b31a10aea011d Mon Sep 17 00:00:00 2001
From: "steven.guiheux" <steven.guiheux@ovhcloud.com>
Date: Mon, 11 May 2026 16:55:22 +0200
Subject: [PATCH 842/854] feat(api): add admin routes to manage user access
 tokens (#12323)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

# Feature Request: Admin API route to manage access tokens for any user
## Problem
The existing API route to create access tokens (POST /api/v1/users/{username}/tokens) requires Basic authentication (username + password) via the reqBasicOrRevProxyAuth() middleware. This is by design: a token should not be created from another token.

However, this creates a blocker for environments where Basic authentication is disabled (ENABLE_BASIC_AUTHENTICATION = false), typically when authentication is delegated to an external SSO provider (e.g., OpenID Connect).

In such setups, bot/service accounts are provisioned by an external system that needs to:

Create a user via POST /api/v1/admin/users (works fine with an admin token)
Create an access token for that user (currently impossible without Basic auth or direct CLI/DB access)
The only workaround today is to SSH into the Forgejo server and run:

This is not suitable when the provisioning system has no direct access to the Forgejo host.

## Proposed solution
Add new admin-only API routes under the existing /api/v1/admin/users/{username} group to manage access tokens:

| Method |	Route |	Description |
|:-------- |:--------:| --------:|
| GET	| /api/v1/admin/users/{username}/tokens |	List access tokens for a user|
|POST	| /api/v1/admin/users/{username}/tokens |	Create an access token for a user|
|DELETE |	/api/v1/admin/users/{username}/tokens/{id} |	Delete an access token for a user|

These routes would:

Require a site admin token (reqToken() + reqSiteAdmin()) — no Basic auth needed
Use the AccessTokenScopeCategoryAdmin token scope
Reuse the existing handler logic from user.CreateAccessToken / user.ListAccessTokens / user.DeleteAccessToken
Accept the same request/response payloads as the existing user-facing routes

### Why this belongs in the admin API
It follows the existing pattern: admins can already create users, repos, orgs, SSH keys, and emails for any user via the admin API
It does not weaken security: only site administrators can call it, and it requires a valid admin-scoped token
It fills a gap: the admin CLI command forgejo admin user generate-access-token already provides this capability, but only locally

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12323): <!--number 12323 --><!--line 0 --><!--description ZmVhdChhcGkpOiBhZGQgYWRtaW4gcm91dGVzIHRvIG1hbmFnZSB1c2VyIGFjY2VzcyB0b2tlbnM=-->feat(api): add admin routes to manage user access tokens<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12323
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 routers/api/v1/admin/user_token.go            | 107 ++++++
 routers/api/v1/api.go                         |   5 +
 routers/api/v1/user/app.go                    | 208 +----------
 routers/api/v1/utils/access_token.go          | 234 +++++++++++++
 templates/swagger/v1_json.tmpl                | 129 +++++++
 .../integration/api_admin_user_token_test.go  | 330 ++++++++++++++++++
 6 files changed, 808 insertions(+), 205 deletions(-)
 create mode 100644 routers/api/v1/admin/user_token.go
 create mode 100644 routers/api/v1/utils/access_token.go
 create mode 100644 tests/integration/api_admin_user_token_test.go

diff --git a/routers/api/v1/admin/user_token.go b/routers/api/v1/admin/user_token.go
new file mode 100644
index 0000000000..852c29c69d
--- /dev/null
+++ b/routers/api/v1/admin/user_token.go
@@ -0,0 +1,107 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package admin
+
+import (
+	"forgejo.org/routers/api/v1/utils"
+	"forgejo.org/services/context"
+)
+
+// ListUserAccessTokens lists all access tokens for a given user.
+// This endpoint is admin-only and does not require Basic auth.
+func ListUserAccessTokens(ctx *context.APIContext) {
+	// swagger:operation GET /admin/users/{username}/tokens admin adminListUserAccessTokens
+	// ---
+	// summary: List the specified user's access tokens
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: username
+	//   in: path
+	//   description: username of user
+	//   type: string
+	//   required: true
+	// - name: page
+	//   in: query
+	//   description: page number of results to return (1-based)
+	//   type: integer
+	// - name: limit
+	//   in: query
+	//   description: page size of results
+	//   type: integer
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/AccessTokenList"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	utils.ListAccessTokens(ctx)
+}
+
+// CreateUserAccessToken creates a new access token for a given user.
+// This endpoint is admin-only and does not require Basic auth.
+func CreateUserAccessToken(ctx *context.APIContext) {
+	// swagger:operation POST /admin/users/{username}/tokens admin adminCreateUserAccessToken
+	// ---
+	// summary: Create an access token for the specified user
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: username
+	//   in: path
+	//   description: username of user
+	//   required: true
+	//   type: string
+	// - name: body
+	//   in: body
+	//   schema:
+	//     "$ref": "#/definitions/CreateAccessTokenOption"
+	// responses:
+	//   "201":
+	//     "$ref": "#/responses/AccessToken"
+	//   "400":
+	//     "$ref": "#/responses/error"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	utils.CreateAccessToken(ctx)
+}
+
+// DeleteUserAccessToken deletes an access token for a given user.
+// This endpoint is admin-only and does not require Basic auth.
+func DeleteUserAccessToken(ctx *context.APIContext) {
+	// swagger:operation DELETE /admin/users/{username}/tokens/{token} admin adminDeleteUserAccessToken
+	// ---
+	// summary: Delete an access token for the specified user
+	// produces:
+	// - application/json
+	// parameters:
+	// - name: username
+	//   in: path
+	//   description: username of user
+	//   type: string
+	//   required: true
+	// - name: token
+	//   in: path
+	//   description: token to be deleted, identified by ID and if not available by name
+	//   type: string
+	//   required: true
+	// responses:
+	//   "204":
+	//     "$ref": "#/responses/empty"
+	//   "403":
+	//     "$ref": "#/responses/forbidden"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	//   "422":
+	//     "$ref": "#/responses/error"
+
+	utils.DeleteAccessToken(ctx)
+}
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index d1488d2fc2..2ec7617215 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -1697,6 +1697,11 @@ func Routes() *web.Route {
 					m.Combo("/emails").
 						Get(admin.ListUserEmails).
 						Delete(bind(api.DeleteEmailOption{}), admin.DeleteUserEmails)
+					m.Group("/tokens", func() {
+						m.Combo("").Get(admin.ListUserAccessTokens).
+							Post(bind(api.CreateAccessTokenOption{}), admin.CreateUserAccessToken)
+						m.Combo("/{id}").Delete(admin.DeleteUserAccessToken)
+					})
 					if setting.Quota.Enabled {
 						m.Group("/quota", func() {
 							m.Get("", admin.GetUserQuota)
diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go
index 8d8ead9234..90d72c76aa 100644
--- a/routers/api/v1/user/app.go
+++ b/routers/api/v1/user/app.go
@@ -5,24 +5,13 @@
 package user
 
 import (
-	"cmp"
-	stdCtx "context"
-	"errors"
-	"fmt"
 	"net/http"
-	"slices"
-	"strconv"
-	"strings"
 
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
-	access_model "forgejo.org/models/perm/access"
-	repo_model "forgejo.org/models/repo"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/web"
 	"forgejo.org/routers/api/v1/utils"
-	"forgejo.org/routers/web/shared/user"
-	"forgejo.org/services/authz"
 	"forgejo.org/services/context"
 	"forgejo.org/services/convert"
 )
@@ -56,63 +45,7 @@ func ListAccessTokens(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	opts := auth_model.ListAccessTokensOptions{UserID: ctx.ContextUser.ID, ListOptions: utils.GetListOptions(ctx)}
-
-	tokens, count, err := db.FindAndCount[auth_model.AccessToken](ctx, opts)
-	if err != nil {
-		ctx.InternalServerError(err)
-		return
-	}
-
-	// Load all the AccessTokenResourceRepo for the tokens that we're returning:
-	repoModelsByTokenID, err := repo_model.BulkGetRepositoriesForAccessTokens(ctx, tokens,
-		func(repo *repo_model.Repository) (bool, error) {
-			// Repos associated with a repo-specific access token should already be visible to the token owner, but it's
-			// possible that access has changed, such as a removed collaborator on a repo -- don't provide info on that
-			// repo if so.
-			permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
-			if err != nil {
-				return false, err
-			}
-			return permission.HasAccess(), nil
-		})
-	if err != nil {
-		ctx.InternalServerError(err)
-		return
-	}
-	// Convert map[int64]*Repository -> map[int64]*RepositoryMeta...
-	reposByTokenID := make(map[int64][]*api.RepositoryMeta)
-	for tokenID, repoModels := range repoModelsByTokenID {
-		repos := make([]*api.RepositoryMeta, len(repoModels))
-		for i, repo := range repoModels {
-			repos[i] = &api.RepositoryMeta{
-				ID:       repo.ID,
-				Name:     repo.Name,
-				Owner:    repo.OwnerName,
-				FullName: repo.FullName(),
-			}
-		}
-		reposByTokenID[tokenID] = repos
-	}
-
-	apiTokens := make([]*api.AccessToken, len(tokens))
-	for i := range tokens {
-		apiTokens[i] = &api.AccessToken{
-			ID:             tokens[i].ID,
-			Name:           tokens[i].Name,
-			TokenLastEight: tokens[i].TokenLastEight,
-			Scopes:         tokens[i].Scope.StringSlice(),
-			Repositories:   reposByTokenID[tokens[i].ID],
-		}
-		// Provide a consistent sort order on repositories, helpful for test consistency.  Hard to do any earlier
-		// because of the bulk loading maps.
-		slices.SortFunc(apiTokens[i].Repositories, func(a, b *api.RepositoryMeta) int {
-			return cmp.Compare(a.ID, b.ID)
-		})
-	}
-
-	ctx.SetTotalCountHeader(count)
-	ctx.JSON(http.StatusOK, &apiTokens)
+	utils.ListAccessTokens(ctx)
 }
 
 // CreateAccessToken creates an access token
@@ -144,104 +77,7 @@ func CreateAccessToken(ctx *context.APIContext) {
 	//   "404":
 	//     "$ref": "#/responses/notFound"
 
-	form := web.GetForm(ctx).(*api.CreateAccessTokenOption)
-
-	t := &auth_model.AccessToken{
-		UID:  ctx.ContextUser.ID,
-		Name: form.Name,
-	}
-
-	exist, err := auth_model.AccessTokenByNameExists(ctx, t)
-	if err != nil {
-		ctx.InternalServerError(err)
-		return
-	}
-	if exist {
-		ctx.Error(http.StatusBadRequest, "AccessTokenByNameExists", errors.New("access token name has been used already"))
-		return
-	}
-
-	scope, err := auth_model.AccessTokenScope(strings.Join(form.Scopes, ",")).Normalize()
-	if err != nil {
-		ctx.Error(http.StatusBadRequest, "AccessTokenScope.Normalize", fmt.Errorf("invalid access token scope provided: %w", err))
-		return
-	}
-	if scope == "" {
-		ctx.Error(http.StatusBadRequest, "AccessTokenScope", "access token must have a scope")
-		return
-	}
-	t.Scope = scope
-
-	var resourceRepos []*auth_model.AccessTokenResourceRepo
-	var tokenRepositories []*api.RepositoryMeta
-
-	if form.Repositories != nil {
-		repos := make([]*repo_model.Repository, len(form.Repositories))
-		for i, repoTarget := range form.Repositories {
-			repo, err := repo_model.GetRepositoryByOwnerAndName(ctx, repoTarget.Owner, repoTarget.Name)
-			if err != nil && repo_model.IsErrRepoNotExist(err) {
-				ctx.Error(http.StatusBadRequest, "GetRepositoryByOwnerAndName", fmt.Errorf("repository %s/%s does not exist", repoTarget.Owner, repoTarget.Name))
-				return
-			} else if err != nil {
-				ctx.ServerError("GetRepositoryByOwnerAndName", err)
-				return
-			}
-			permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
-			if err != nil {
-				ctx.ServerError("GetUserRepoPermissionWithReducer", err)
-				return
-			} else if !permission.HasAccess() {
-				// Prevent data existence probing -- ensure this error is the exact same as the !IsErrRepoNotExist case above
-				ctx.Error(http.StatusBadRequest, "GetRepositoryByOwnerAndName", fmt.Errorf("repository %s/%s does not exist", repoTarget.Owner, repoTarget.Name))
-				return
-			}
-			repos[i] = repo
-		}
-
-		for _, repo := range repos {
-			resourceRepos = append(resourceRepos, &auth_model.AccessTokenResourceRepo{RepoID: repo.ID})
-			tokenRepositories = append(tokenRepositories, &api.RepositoryMeta{
-				ID:       repo.ID,
-				Name:     repo.Name,
-				Owner:    repo.OwnerName,
-				FullName: repo.FullName(),
-			})
-		}
-
-		t.ResourceAllRepos = false
-	} else {
-		// token has access to all repository resources
-		t.ResourceAllRepos = true
-	}
-
-	if err := authz.ValidateAccessToken(t, resourceRepos); err != nil {
-		s := user.TranslateAccessTokenValidationError(ctx.Base, err)
-		if has, str := s.Get(); has {
-			ctx.Error(http.StatusBadRequest, "ValidateAccessToken", str)
-			return
-		}
-		ctx.ServerError("ValidateAccessToken", err)
-		return
-	}
-
-	err = db.WithTx(ctx, func(ctx stdCtx.Context) error {
-		if err := auth_model.NewAccessToken(ctx, t); err != nil {
-			return err
-		}
-		return auth_model.InsertAccessTokenResourceRepos(ctx, t.ID, resourceRepos)
-	})
-	if err != nil {
-		ctx.Error(http.StatusInternalServerError, "NewAccessToken", err)
-		return
-	}
-	ctx.JSON(http.StatusCreated, &api.AccessToken{
-		Name:           t.Name,
-		Token:          t.Token,
-		ID:             t.ID,
-		TokenLastEight: t.TokenLastEight,
-		Scopes:         t.Scope.StringSlice(),
-		Repositories:   tokenRepositories,
-	})
+	utils.CreateAccessToken(ctx)
 }
 
 // DeleteAccessToken deletes an access token
@@ -272,45 +108,7 @@ func DeleteAccessToken(ctx *context.APIContext) {
 	//   "422":
 	//     "$ref": "#/responses/error"
 
-	token := ctx.Params(":id")
-	tokenID, _ := strconv.ParseInt(token, 0, 64)
-
-	if tokenID == 0 {
-		tokens, err := db.Find[auth_model.AccessToken](ctx, auth_model.ListAccessTokensOptions{
-			Name:   token,
-			UserID: ctx.ContextUser.ID,
-		})
-		if err != nil {
-			ctx.Error(http.StatusInternalServerError, "ListAccessTokens", err)
-			return
-		}
-
-		switch len(tokens) {
-		case 0:
-			ctx.NotFound()
-			return
-		case 1:
-			tokenID = tokens[0].ID
-		default:
-			ctx.Error(http.StatusUnprocessableEntity, "DeleteAccessTokenByID", fmt.Errorf("multiple matches for token name '%s'", token))
-			return
-		}
-	}
-	if tokenID == 0 {
-		ctx.Error(http.StatusInternalServerError, "Invalid TokenID", nil)
-		return
-	}
-
-	if err := auth_model.DeleteAccessTokenByID(ctx, tokenID, ctx.ContextUser.ID); err != nil {
-		if auth_model.IsErrAccessTokenNotExist(err) {
-			ctx.NotFound()
-		} else {
-			ctx.Error(http.StatusInternalServerError, "DeleteAccessTokenByID", err)
-		}
-		return
-	}
-
-	ctx.Status(http.StatusNoContent)
+	utils.DeleteAccessToken(ctx)
 }
 
 // CreateOauth2Application is the handler to create a new OAuth2 Application for the authenticated user
diff --git a/routers/api/v1/utils/access_token.go b/routers/api/v1/utils/access_token.go
new file mode 100644
index 0000000000..a0f6b7449b
--- /dev/null
+++ b/routers/api/v1/utils/access_token.go
@@ -0,0 +1,234 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package utils
+
+import (
+	"cmp"
+	stdCtx "context"
+	"errors"
+	"fmt"
+	"net/http"
+	"slices"
+	"strconv"
+	"strings"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/db"
+	access_model "forgejo.org/models/perm/access"
+	repo_model "forgejo.org/models/repo"
+	api "forgejo.org/modules/structs"
+	"forgejo.org/modules/web"
+	"forgejo.org/routers/web/shared/user"
+	"forgejo.org/services/authz"
+	"forgejo.org/services/context"
+)
+
+// DeleteAccessToken deletes an access token for a user identified by ctx.ContextUser.
+// Shared logic between user and admin token deletion endpoints.
+func DeleteAccessToken(ctx *context.APIContext) {
+	token := ctx.Params(":id")
+	tokenID, _ := strconv.ParseInt(token, 0, 64)
+
+	if tokenID == 0 {
+		tokens, err := db.Find[auth_model.AccessToken](ctx, auth_model.ListAccessTokensOptions{
+			Name:   token,
+			UserID: ctx.ContextUser.ID,
+		})
+		if err != nil {
+			ctx.Error(http.StatusInternalServerError, "ListAccessTokens", err)
+			return
+		}
+
+		switch len(tokens) {
+		case 0:
+			ctx.NotFound()
+			return
+		case 1:
+			tokenID = tokens[0].ID
+		default:
+			ctx.Error(http.StatusUnprocessableEntity, "DeleteAccessTokenByID", fmt.Errorf("multiple matches for token name '%s'", token))
+			return
+		}
+	}
+	if tokenID == 0 {
+		ctx.Error(http.StatusInternalServerError, "Invalid TokenID", nil)
+		return
+	}
+
+	if err := auth_model.DeleteAccessTokenByID(ctx, tokenID, ctx.ContextUser.ID); err != nil {
+		if auth_model.IsErrAccessTokenNotExist(err) {
+			ctx.NotFound()
+		} else {
+			ctx.Error(http.StatusInternalServerError, "DeleteAccessTokenByID", err)
+		}
+		return
+	}
+
+	ctx.Status(http.StatusNoContent)
+}
+
+// ListAccessTokens lists access tokens for a user identified by ctx.ContextUser.
+// Shared logic between user and admin token listing endpoints.
+func ListAccessTokens(ctx *context.APIContext) {
+	opts := auth_model.ListAccessTokensOptions{UserID: ctx.ContextUser.ID, ListOptions: GetListOptions(ctx)}
+
+	tokens, count, err := db.FindAndCount[auth_model.AccessToken](ctx, opts)
+	if err != nil {
+		ctx.InternalServerError(err)
+		return
+	}
+
+	// Load all the AccessTokenResourceRepo for the tokens that we're returning:
+	repoModelsByTokenID, err := repo_model.BulkGetRepositoriesForAccessTokens(ctx, tokens,
+		func(repo *repo_model.Repository) (bool, error) {
+			// Repos associated with a repo-specific access token should already be visible to the token owner, but it's
+			// possible that access has changed, such as a removed collaborator on a repo -- don't provide info on that
+			// repo if so.
+			permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
+			if err != nil {
+				return false, err
+			}
+			return permission.HasAccess(), nil
+		})
+	if err != nil {
+		ctx.InternalServerError(err)
+		return
+	}
+	// Convert map[int64]*Repository -> map[int64]*RepositoryMeta...
+	reposByTokenID := make(map[int64][]*api.RepositoryMeta)
+	for tokenID, repoModels := range repoModelsByTokenID {
+		repos := make([]*api.RepositoryMeta, len(repoModels))
+		for i, repo := range repoModels {
+			repos[i] = &api.RepositoryMeta{
+				ID:       repo.ID,
+				Name:     repo.Name,
+				Owner:    repo.OwnerName,
+				FullName: repo.FullName(),
+			}
+		}
+		reposByTokenID[tokenID] = repos
+	}
+
+	apiTokens := make([]*api.AccessToken, len(tokens))
+	for i := range tokens {
+		apiTokens[i] = &api.AccessToken{
+			ID:             tokens[i].ID,
+			Name:           tokens[i].Name,
+			TokenLastEight: tokens[i].TokenLastEight,
+			Scopes:         tokens[i].Scope.StringSlice(),
+			Repositories:   reposByTokenID[tokens[i].ID],
+		}
+		// Provide a consistent sort order on repositories, helpful for test consistency.  Hard to do any earlier
+		// because of the bulk loading maps.
+		slices.SortFunc(apiTokens[i].Repositories, func(a, b *api.RepositoryMeta) int {
+			return cmp.Compare(a.ID, b.ID)
+		})
+	}
+
+	ctx.SetTotalCountHeader(count)
+	ctx.JSON(http.StatusOK, &apiTokens)
+}
+
+// CreateAccessToken creates an access token for a user identified by ctx.ContextUser.
+// Shared logic between user and admin token creation endpoints.
+func CreateAccessToken(ctx *context.APIContext) {
+	form := web.GetForm(ctx).(*api.CreateAccessTokenOption)
+
+	t := &auth_model.AccessToken{
+		UID:  ctx.ContextUser.ID,
+		Name: form.Name,
+	}
+
+	exist, err := auth_model.AccessTokenByNameExists(ctx, t)
+	if err != nil {
+		ctx.InternalServerError(err)
+		return
+	}
+	if exist {
+		ctx.Error(http.StatusBadRequest, "AccessTokenByNameExists", errors.New("access token name has been used already"))
+		return
+	}
+
+	scope, err := auth_model.AccessTokenScope(strings.Join(form.Scopes, ",")).Normalize()
+	if err != nil {
+		ctx.Error(http.StatusBadRequest, "AccessTokenScope.Normalize", fmt.Errorf("invalid access token scope provided: %w", err))
+		return
+	}
+	if scope == "" {
+		ctx.Error(http.StatusBadRequest, "AccessTokenScope", "access token must have a scope")
+		return
+	}
+	t.Scope = scope
+
+	var resourceRepos []*auth_model.AccessTokenResourceRepo
+	var tokenRepositories []*api.RepositoryMeta
+
+	if form.Repositories != nil {
+		repos := make([]*repo_model.Repository, len(form.Repositories))
+		for i, repoTarget := range form.Repositories {
+			repo, err := repo_model.GetRepositoryByOwnerAndName(ctx, repoTarget.Owner, repoTarget.Name)
+			if err != nil && repo_model.IsErrRepoNotExist(err) {
+				ctx.Error(http.StatusBadRequest, "GetRepositoryByOwnerAndName", fmt.Errorf("repository %s/%s does not exist", repoTarget.Owner, repoTarget.Name))
+				return
+			} else if err != nil {
+				ctx.ServerError("GetRepositoryByOwnerAndName", err)
+				return
+			}
+			permission, err := access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, ctx.Reducer)
+			if err != nil {
+				ctx.ServerError("GetUserRepoPermissionWithReducer", err)
+				return
+			} else if !permission.HasAccess() {
+				// Prevent data existence probing -- ensure this error is the exact same as the !IsErrRepoNotExist case above
+				ctx.Error(http.StatusBadRequest, "GetRepositoryByOwnerAndName", fmt.Errorf("repository %s/%s does not exist", repoTarget.Owner, repoTarget.Name))
+				return
+			}
+			repos[i] = repo
+		}
+
+		for _, repo := range repos {
+			resourceRepos = append(resourceRepos, &auth_model.AccessTokenResourceRepo{RepoID: repo.ID})
+			tokenRepositories = append(tokenRepositories, &api.RepositoryMeta{
+				ID:       repo.ID,
+				Name:     repo.Name,
+				Owner:    repo.OwnerName,
+				FullName: repo.FullName(),
+			})
+		}
+
+		t.ResourceAllRepos = false
+	} else {
+		// token has access to all repository resources
+		t.ResourceAllRepos = true
+	}
+
+	if err := authz.ValidateAccessToken(t, resourceRepos); err != nil {
+		s := user.TranslateAccessTokenValidationError(ctx.Base, err)
+		if has, str := s.Get(); has {
+			ctx.Error(http.StatusBadRequest, "ValidateAccessToken", str)
+			return
+		}
+		ctx.ServerError("ValidateAccessToken", err)
+		return
+	}
+
+	err = db.WithTx(ctx, func(ctx stdCtx.Context) error {
+		if err := auth_model.NewAccessToken(ctx, t); err != nil {
+			return err
+		}
+		return auth_model.InsertAccessTokenResourceRepos(ctx, t.ID, resourceRepos)
+	})
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "NewAccessToken", err)
+		return
+	}
+	ctx.JSON(http.StatusCreated, &api.AccessToken{
+		Name:           t.Name,
+		Token:          t.Token,
+		ID:             t.ID,
+		TokenLastEight: t.TokenLastEight,
+		Scopes:         t.Scope.StringSlice(),
+		Repositories:   tokenRepositories,
+	})
+}
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index a0e6cc8e4a..fa9750db72 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -2043,6 +2043,135 @@
         }
       }
     },
+    "/admin/users/{username}/tokens": {
+      "get": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "admin"
+        ],
+        "summary": "List the specified user's access tokens",
+        "operationId": "adminListUserAccessTokens",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "username of user",
+            "name": "username",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "integer",
+            "description": "page number of results to return (1-based)",
+            "name": "page",
+            "in": "query"
+          },
+          {
+            "type": "integer",
+            "description": "page size of results",
+            "name": "limit",
+            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "$ref": "#/responses/AccessTokenList"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      },
+      "post": {
+        "consumes": [
+          "application/json"
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "admin"
+        ],
+        "summary": "Create an access token for the specified user",
+        "operationId": "adminCreateUserAccessToken",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "username of user",
+            "name": "username",
+            "in": "path",
+            "required": true
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "schema": {
+              "$ref": "#/definitions/CreateAccessTokenOption"
+            }
+          }
+        ],
+        "responses": {
+          "201": {
+            "$ref": "#/responses/AccessToken"
+          },
+          "400": {
+            "$ref": "#/responses/error"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          }
+        }
+      }
+    },
+    "/admin/users/{username}/tokens/{token}": {
+      "delete": {
+        "produces": [
+          "application/json"
+        ],
+        "tags": [
+          "admin"
+        ],
+        "summary": "Delete an access token for the specified user",
+        "operationId": "adminDeleteUserAccessToken",
+        "parameters": [
+          {
+            "type": "string",
+            "description": "username of user",
+            "name": "username",
+            "in": "path",
+            "required": true
+          },
+          {
+            "type": "string",
+            "description": "token to be deleted, identified by ID and if not available by name",
+            "name": "token",
+            "in": "path",
+            "required": true
+          }
+        ],
+        "responses": {
+          "204": {
+            "$ref": "#/responses/empty"
+          },
+          "403": {
+            "$ref": "#/responses/forbidden"
+          },
+          "404": {
+            "$ref": "#/responses/notFound"
+          },
+          "422": {
+            "$ref": "#/responses/error"
+          }
+        }
+      }
+    },
     "/gitignore/templates": {
       "get": {
         "produces": [
diff --git a/tests/integration/api_admin_user_token_test.go b/tests/integration/api_admin_user_token_test.go
new file mode 100644
index 0000000000..5f9f26208b
--- /dev/null
+++ b/tests/integration/api_admin_user_token_test.go
@@ -0,0 +1,330 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	auth_model "forgejo.org/models/auth"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
+	api "forgejo.org/modules/structs"
+	"forgejo.org/tests"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestAPIAdminCreateUserAccessToken(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	adminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})
+	targetUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"})
+
+	token := getUserToken(t, adminUser.Name, auth_model.AccessTokenScopeWriteAdmin)
+
+	t.Run("Create token for another user", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		urlStr := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequestWithJSON(t, "POST", urlStr, api.CreateAccessTokenOption{
+			Name:   "admin-created-token",
+			Scopes: []string{"all"},
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusCreated)
+
+		var newToken api.AccessToken
+		DecodeJSON(t, resp, &newToken)
+
+		assert.Equal(t, "admin-created-token", newToken.Name)
+		assert.NotEmpty(t, newToken.Token)
+		assert.NotEmpty(t, newToken.TokenLastEight)
+		assert.Contains(t, newToken.Scopes, "all")
+
+		// Verify the token exists in DB
+		unittest.AssertExistsAndLoadBean(t, &auth_model.AccessToken{
+			ID:   newToken.ID,
+			Name: newToken.Name,
+			UID:  targetUser.ID,
+		})
+	})
+
+	t.Run("Create token with duplicate name", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		urlStr := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequestWithJSON(t, "POST", urlStr, api.CreateAccessTokenOption{
+			Name:   "admin-created-token",
+			Scopes: []string{"all"},
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusBadRequest)
+	})
+
+	t.Run("Create token without scopes", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		urlStr := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequestWithJSON(t, "POST", urlStr, api.CreateAccessTokenOption{
+			Name:   "empty-scope-token",
+			Scopes: []string{},
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusBadRequest)
+	})
+
+	t.Run("Create token with invalid scope", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		urlStr := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequestWithJSON(t, "POST", urlStr, api.CreateAccessTokenOption{
+			Name:   "invalid-scope-token",
+			Scopes: []string{"invalid-scope"},
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusBadRequest)
+	})
+
+	t.Run("Create token for nonexistent user", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		urlStr := "/api/v1/admin/users/nonexistentuser/tokens"
+		req := NewRequestWithJSON(t, "POST", urlStr, api.CreateAccessTokenOption{
+			Name:   "some-token",
+			Scopes: []string{"all"},
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+
+	t.Run("Non-admin cannot create token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		normalToken := getUserToken(t, "user2", auth_model.AccessTokenScopeWriteAdmin)
+		urlStr := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequestWithJSON(t, "POST", urlStr, api.CreateAccessTokenOption{
+			Name:   "unauthorized-token",
+			Scopes: []string{"all"},
+		}).AddTokenAuth(normalToken)
+		MakeRequest(t, req, http.StatusForbidden)
+	})
+}
+
+func TestAPIAdminListUserAccessTokens(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	adminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})
+	targetUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"})
+
+	token := getUserToken(t, adminUser.Name, auth_model.AccessTokenScopeWriteAdmin)
+
+	// First, create a token for the target user
+	createURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+	req := NewRequestWithJSON(t, "POST", createURL, api.CreateAccessTokenOption{
+		Name:   "list-test-token",
+		Scopes: []string{"all"},
+	}).AddTokenAuth(token)
+	MakeRequest(t, req, http.StatusCreated)
+
+	t.Run("List tokens for user", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		listURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequest(t, "GET", listURL).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		var tokens []*api.AccessToken
+		DecodeJSON(t, resp, &tokens)
+
+		// user2 has at least the token we just created plus any fixture tokens
+		require.NotEmpty(t, tokens)
+
+		found := false
+		for _, tk := range tokens {
+			if tk.Name == "list-test-token" {
+				found = true
+				assert.NotEmpty(t, tk.TokenLastEight)
+				break
+			}
+		}
+		assert.True(t, found, "should find the admin-created token in the list")
+	})
+
+	t.Run("Non-admin cannot list tokens", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		normalToken := getUserToken(t, "user2", auth_model.AccessTokenScopeWriteAdmin)
+		listURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequest(t, "GET", listURL).AddTokenAuth(normalToken)
+		MakeRequest(t, req, http.StatusForbidden)
+	})
+}
+
+func TestAPIAdminCreateRepoSpecificToken(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	adminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})
+	targetUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"})
+
+	token := getUserToken(t, adminUser.Name, auth_model.AccessTokenScopeWriteAdmin)
+
+	t.Run("Create repo-specific token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		urlStr := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequestWithJSON(t, "POST", urlStr, api.CreateAccessTokenOption{
+			Name:   "admin-repo-specific-token",
+			Scopes: []string{string(auth_model.AccessTokenScopeReadRepository)},
+			Repositories: []*api.RepoTargetOption{
+				{
+					Owner: "user2",
+					Name:  "repo2",
+				},
+			},
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusCreated)
+
+		var newToken api.AccessToken
+		DecodeJSON(t, resp, &newToken)
+
+		assert.Equal(t, "admin-repo-specific-token", newToken.Name)
+		assert.NotEmpty(t, newToken.Token)
+		assert.NotEmpty(t, newToken.Repositories)
+	})
+
+	t.Run("Create token targeting invalid repo", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		urlStr := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequestWithJSON(t, "POST", urlStr, api.CreateAccessTokenOption{
+			Name:   "admin-invalid-repo-token",
+			Scopes: []string{string(auth_model.AccessTokenScopeReadRepository)},
+			Repositories: []*api.RepoTargetOption{
+				{
+					Owner: "user10000",
+					Name:  "repo70000",
+				},
+			},
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusBadRequest)
+	})
+
+	t.Run("List repo-specific token returns repositories", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// Create a repo-specific token
+		createURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequestWithJSON(t, "POST", createURL, api.CreateAccessTokenOption{
+			Name:   "admin-list-repo-token",
+			Scopes: []string{string(auth_model.AccessTokenScopeReadRepository)},
+			Repositories: []*api.RepoTargetOption{
+				{
+					Owner: "user2",
+					Name:  "repo2",
+				},
+			},
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		// List tokens and verify repositories are returned
+		listURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req = NewRequest(t, "GET", listURL).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusOK)
+
+		var tokens []*api.AccessToken
+		DecodeJSON(t, resp, &tokens)
+
+		found := false
+		for _, tk := range tokens {
+			if tk.Name == "admin-list-repo-token" {
+				found = true
+				assert.NotEmpty(t, tk.Repositories, "admin-listed token should have repositories populated")
+				break
+			}
+		}
+		assert.True(t, found, "should find the repo-specific token in the admin list")
+	})
+}
+
+func TestAPIAdminDeleteUserAccessToken(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	adminUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user1"})
+	targetUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user2"})
+
+	token := getUserToken(t, adminUser.Name, auth_model.AccessTokenScopeWriteAdmin)
+
+	t.Run("Delete token by ID", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// Create a token first
+		createURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequestWithJSON(t, "POST", createURL, api.CreateAccessTokenOption{
+			Name:   "delete-by-id-token",
+			Scopes: []string{"all"},
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusCreated)
+
+		var newToken api.AccessToken
+		DecodeJSON(t, resp, &newToken)
+
+		// Delete it
+		deleteURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens/%d", targetUser.Name, newToken.ID)
+		req = NewRequest(t, "DELETE", deleteURL).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		// Verify it's gone
+		unittest.AssertNotExistsBean(t, &auth_model.AccessToken{ID: newToken.ID})
+	})
+
+	t.Run("Delete token by name", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// Create a token first
+		createURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequestWithJSON(t, "POST", createURL, api.CreateAccessTokenOption{
+			Name:   "delete-by-name-token",
+			Scopes: []string{"all"},
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusCreated)
+
+		var newToken api.AccessToken
+		DecodeJSON(t, resp, &newToken)
+
+		// Delete by name
+		deleteURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens/%s", targetUser.Name, "delete-by-name-token")
+		req = NewRequest(t, "DELETE", deleteURL).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNoContent)
+
+		// Verify it's gone
+		unittest.AssertNotExistsBean(t, &auth_model.AccessToken{ID: newToken.ID})
+	})
+
+	t.Run("Delete nonexistent token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		deleteURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens/%d", targetUser.Name, 999999)
+		req := NewRequest(t, "DELETE", deleteURL).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusNotFound)
+	})
+
+	t.Run("Non-admin cannot delete token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		// Create a token as admin
+		createURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens", targetUser.Name)
+		req := NewRequestWithJSON(t, "POST", createURL, api.CreateAccessTokenOption{
+			Name:   "non-admin-delete-token",
+			Scopes: []string{"all"},
+		}).AddTokenAuth(token)
+		resp := MakeRequest(t, req, http.StatusCreated)
+
+		var newToken api.AccessToken
+		DecodeJSON(t, resp, &newToken)
+
+		// Try to delete as non-admin
+		normalToken := getUserToken(t, "user2", auth_model.AccessTokenScopeWriteAdmin)
+		deleteURL := fmt.Sprintf("/api/v1/admin/users/%s/tokens/%d", targetUser.Name, newToken.ID)
+		req = NewRequest(t, "DELETE", deleteURL).AddTokenAuth(normalToken)
+		MakeRequest(t, req, http.StatusForbidden)
+	})
+}

From cbaf97b867989e9d03dd277555f73ecca69318a8 Mon Sep 17 00:00:00 2001
From: Marten Lienen <ml@martenlienen.com>
Date: Mon, 11 May 2026 20:21:29 +0200
Subject: [PATCH 843/854] feat: render org-mode file links with line numbers
 (#12496)

This change renders file links in org-mode like `./module.el::20` as a link to the 20th
line, for example. It also strips off other search types that are not currently supported
in forgejo like regex search to avoid generating invalid URLs.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12496
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 modules/markup/orgmode/orgmode.go      | 11 ++++++++
 modules/markup/orgmode/orgmode_test.go | 37 ++++++++++++++++++++++++++
 2 files changed, 48 insertions(+)

diff --git a/modules/markup/orgmode/orgmode.go b/modules/markup/orgmode/orgmode.go
index b9d7b21db0..dd92ca90d0 100644
--- a/modules/markup/orgmode/orgmode.go
+++ b/modules/markup/orgmode/orgmode.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"html"
 	"io"
+	"strconv"
 	"strings"
 
 	"forgejo.org/modules/highlight"
@@ -159,6 +160,16 @@ func (r *Writer) resolveLink(node org.Node) string {
 		switch l.Kind() {
 		case "image", "video":
 			base = r.Ctx.Links.ResolveMediaLink(r.Ctx.IsWiki)
+		case "regular":
+			// Convert line search syntax to line links
+			target, search, found := strings.Cut(link, "::")
+			if found {
+				if _, err := strconv.Atoi(search); err == nil {
+					link = target + "#L" + search
+				} else {
+					link = target
+				}
+			}
 		}
 
 		link = util.URLJoin(base, link)
diff --git a/modules/markup/orgmode/orgmode_test.go b/modules/markup/orgmode/orgmode_test.go
index 723d78e745..2cd4eada22 100644
--- a/modules/markup/orgmode/orgmode_test.go
+++ b/modules/markup/orgmode/orgmode_test.go
@@ -89,6 +89,43 @@ func TestRender_BaseLinks(t *testing.T) {
 		`<p><a href="http://localhost:3000/gogits/gogs/src/branch/main/deep/nested/folder/src">./src/</a></p>`)
 }
 
+func TestRender_SearchSuffix(t *testing.T) {
+	setting.AppURL = AppURL
+	setting.AppSubURL = AppSubURL
+
+	test := func(input, expected string) {
+		buffer, err := RenderString(&markup.RenderContext{
+			Ctx: git.DefaultContext,
+			Links: markup.Links{
+				Base:       setting.AppSubURL,
+				BranchPath: "branch/main",
+			},
+		}, input)
+		require.NoError(t, err)
+		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(buffer))
+	}
+
+	// `::N` line search becomes an `#L<n>` anchor.
+	test("[[./file.el::35][line 35]]",
+		`<p><a href="http://localhost:3000/gogits/gogs/src/branch/main/file.el#L35">line 35</a></p>`)
+	test("[[file:./file.el::35][line 35]]",
+		`<p><a href="http://localhost:3000/gogits/gogs/src/branch/main/file.el#L35">line 35</a></p>`)
+
+	// Other search types are ignored.
+	test("[[./file.org::*Heading][heading]]",
+		`<p><a href="http://localhost:3000/gogits/gogs/src/branch/main/file.org">heading</a></p>`)
+	test("[[./file.org::#custom-id][heading]]",
+		`<p><a href="http://localhost:3000/gogits/gogs/src/branch/main/file.org">heading</a></p>`)
+	test("[[./file.el::/regex/][regex]]",
+		`<p><a href="http://localhost:3000/gogits/gogs/src/branch/main/file.el">regex</a></p>`)
+	test("[[file:./file.el::][no search]]",
+		`<p><a href="http://localhost:3000/gogits/gogs/src/branch/main/file.el">no search</a></p>`)
+
+	// Absolute URLs that happen to contain `::` are unchanged.
+	test("[[https://example.com/foo::35][ext]]",
+		`<p><a href="https://example.com/foo::35">ext</a></p>`)
+}
+
 func TestRender_Media(t *testing.T) {
 	setting.AppURL = AppURL
 	setting.AppSubURL = AppSubURL

From efe52db86f552a46dadbaa2bd91e867e545d761a Mon Sep 17 00:00:00 2001
From: Robert Wolff <mahlzahn@posteo.de>
Date: Mon, 11 May 2026 20:24:24 +0200
Subject: [PATCH 844/854] fix(ui): use tab width from `.editorconfig` when
 editing files (#11418)

Resolves #11411.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11418
Reviewed-by: limiting-factor <limiting-factor@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 routers/web/repo/editor.go              | 20 ++++++++++++++++----
 templates/repo/editor/diff_preview.tmpl |  2 +-
 web_src/js/features/codemirror.ts       |  2 +-
 3 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/routers/web/repo/editor.go b/routers/web/repo/editor.go
index fb1aaf042a..5a6e99f8aa 100644
--- a/routers/web/repo/editor.go
+++ b/routers/web/repo/editor.go
@@ -30,6 +30,8 @@ import (
 	"forgejo.org/services/context/upload"
 	"forgejo.org/services/forms"
 	files_service "forgejo.org/services/repository/files"
+
+	"github.com/editorconfig/editorconfig-core-go/v2"
 )
 
 const (
@@ -223,13 +225,22 @@ func editFile(ctx *context.Context, isNewFile bool) {
 	ctx.Data["last_commit"] = ctx.Repo.CommitID
 	ctx.Data["PreviewableExtensions"] = strings.Join(markup.PreviewableExtensions(), ",")
 	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
-	ctx.Data["EditorconfigJson"] = GetEditorConfig(ctx, treePath)
+	ctx.Data["EditorconfigJson"] = GetEditorConfigJSON(ctx, treePath)
 
 	ctx.HTML(http.StatusOK, tplEditFile)
 }
 
-// GetEditorConfig returns a editorconfig JSON string for given treePath or "null"
-func GetEditorConfig(ctx *context.Context, treePath string) string {
+// GetEditorConfig returns a editorconfig object for given treePath or nil
+func GetEditorConfig(ctx *context.Context, treePath string) (ec *editorconfig.Editorconfig) {
+	ec, _, err := ctx.Repo.GetEditorconfig()
+	if err == nil {
+		return ec
+	}
+	return nil
+}
+
+// GetEditorConfigJSON returns a editorconfig JSON string for given treePath or "null"
+func GetEditorConfigJSON(ctx *context.Context, treePath string) string {
 	ec, _, err := ctx.Repo.GetEditorconfig()
 	if err == nil {
 		def, err := ec.GetDefinitionForFilename(treePath)
@@ -274,7 +285,7 @@ func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile b
 	ctx.Data["last_commit"] = ctx.Repo.CommitID
 	ctx.Data["PreviewableExtensions"] = strings.Join(markup.PreviewableExtensions(), ",")
 	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
-	ctx.Data["EditorconfigJson"] = GetEditorConfig(ctx, form.TreePath)
+	ctx.Data["EditorconfigJson"] = GetEditorConfigJSON(ctx, form.TreePath)
 
 	if ctx.HasError() {
 		ctx.HTML(http.StatusOK, tplEditFile)
@@ -458,6 +469,7 @@ func DiffPreviewPost(ctx *context.Context) {
 		return
 	}
 	ctx.Data["File"] = diff.Files[0]
+	ctx.Data["Editorconfig"] = GetEditorConfig(ctx, treePath)
 
 	ctx.HTML(http.StatusOK, tplEditDiffPreview)
 }
diff --git a/templates/repo/editor/diff_preview.tmpl b/templates/repo/editor/diff_preview.tmpl
index e2e922be34..be36e84053 100644
--- a/templates/repo/editor/diff_preview.tmpl
+++ b/templates/repo/editor/diff_preview.tmpl
@@ -1,4 +1,4 @@
-<div class="diff-file-box">
+<div class="diff-file-box {{TabSizeClass $.Editorconfig .File.Name}}">
 	<div class="ui attached table segment">
 		<div class="file-body file-code code-diff code-diff-unified unicode-escaped">
 			<table>
diff --git a/web_src/js/features/codemirror.ts b/web_src/js/features/codemirror.ts
index f61449dccf..6c5bbd9217 100644
--- a/web_src/js/features/codemirror.ts
+++ b/web_src/js/features/codemirror.ts
@@ -188,7 +188,7 @@ export async function createCodemirror(
       codemirrorAutocomplete.autocompletion(),
       codemirrorCommands.history(),
       tabSize.of(
-        codemirrorState.EditorState.tabSize.of(editorOpts.tabSize || 4),
+        codemirrorState.EditorState.tabSize.of(editorOpts.indentSize || 4),
       ),
       wordWrap.of(
         editorOpts.wordWrap ? codemirrorView.EditorView.lineWrapping : [],

From 753e289da58fd2e1044725f5f4cc42b0818b1d90 Mon Sep 17 00:00:00 2001
From: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Date: Mon, 11 May 2026 21:45:56 +0200
Subject: [PATCH 845/854] fix: wipe run artifacts before rerun (#12523)

Forgejo Actions keeps one set of artifacts per workflow run -- those of the latest workflow run. If a particular workflow run is rerun, Forgejo is supposed to remove outdated artifacts. However, it does not do that. As a result, the user is presented a mix of outdated and new artifacts, even within the same archive.

This is remedied by wiping the artifacts before each rerun. The same happens when only one or more jobs are rerun, which also matches the behaviour of GitHub Actions. In the example below, when only rerunning `artifacts-two`, `many-artifacts-one` would disappear and a new version of `many-artifacts-two` would be made available.

Reproducer:

```yaml
on:
  push:
jobs:
  artifacts-one:
    runs-on: ubuntu-latest
    steps:
      - run: mkdir -p artifacts-one
      - run: |
          if [[ "${{ github.run_attempt}}" == 1 ]] ; then echo "${{ github.run_attempt}}" > artifacts-one/ONE; fi
          echo "${{ github.run_attempt}}" > artifacts-one/TWO
      - uses: forgejo/upload-artifact@v4
        with:
          name: many-artifacts-one
          path: artifacts-one/
  artifacts-two:
    runs-on: ubuntu-latest
    steps:
      - run: mkdir -p artifacts-two
      - run: |
          if [[ "${{ github.run_attempt}}" == 1 ]] ; then echo "${{ github.run_attempt}}" > artifacts-two/ONE; fi
          echo "${{ github.run_attempt}}" > artifacts-two/TWO
      - uses: forgejo/upload-artifact@v4
        with:
          name: many-artifacts-two
          path: artifacts-two/
```

Resolves https://codeberg.org/forgejo/forgejo/issues/12163.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12523
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
---
 .../action_artifact.yml                       | 11 ++++++
 .../TestRerun_RerunJob/action_artifact.yml    | 11 ++++++
 services/actions/rerun.go                     | 14 +++++++
 services/actions/rerun_test.go                | 38 +++++++++++++++++++
 4 files changed, 74 insertions(+)
 create mode 100644 services/actions/TestRerun_RerunAllJobs/action_artifact.yml
 create mode 100644 services/actions/TestRerun_RerunJob/action_artifact.yml

diff --git a/services/actions/TestRerun_RerunAllJobs/action_artifact.yml b/services/actions/TestRerun_RerunAllJobs/action_artifact.yml
new file mode 100644
index 0000000000..58ffe67e8d
--- /dev/null
+++ b/services/actions/TestRerun_RerunAllJobs/action_artifact.yml
@@ -0,0 +1,11 @@
+- id: 59220
+  run_id: 455620
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  status: 2 # ArtifactStatusUploadConfirmed
+
+- id: 59230
+  run_id: 455630
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  status: 2 # ArtifactStatusUploadConfirmed
\ No newline at end of file
diff --git a/services/actions/TestRerun_RerunJob/action_artifact.yml b/services/actions/TestRerun_RerunJob/action_artifact.yml
new file mode 100644
index 0000000000..5f59c87183
--- /dev/null
+++ b/services/actions/TestRerun_RerunJob/action_artifact.yml
@@ -0,0 +1,11 @@
+- id: 59240
+  run_id: 455640
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  status: 2 # ArtifactStatusUploadConfirmed
+
+- id: 59250
+  run_id: 455650
+  repo_id: 62 # test_workflows
+  owner_id: 2 # user2
+  status: 2 # ArtifactStatusUploadConfirmed
\ No newline at end of file
diff --git a/services/actions/rerun.go b/services/actions/rerun.go
index 59838e5f57..4ca32276d1 100644
--- a/services/actions/rerun.go
+++ b/services/actions/rerun.go
@@ -74,6 +74,12 @@ func RerunAllJobs(ctx context.Context, run *actions_model.ActionRun) ([]*actions
 			return fmt.Errorf("cannot prepare next attempt because run %d is active: %s", run.ID, run.Status.String())
 		}
 
+		// Wipe all artifacts before a rerun to prevent stale artifacts from polluting artifacts collected during the
+		// rerun.
+		if err := actions_model.SetArtifactsOfRunDeleted(ctx, run.ID); err != nil {
+			return fmt.Errorf("cannot remove artifacts of previous run of run %d: %w", run.ID, err)
+		}
+
 		run.PreviousDuration = run.Duration()
 
 		run.Status = actions_model.StatusWaiting
@@ -138,6 +144,14 @@ func RerunJob(ctx context.Context, job *actions_model.ActionRunJob) ([]*actions_
 			return fmt.Errorf("could not load jobs of run %d: %w", job.RunID, err)
 		}
 
+		// Wipe all artifacts before a rerun to prevent stale artifacts from polluting the artifacts collected during
+		// the rerun. Because artifacts are bound to a run and not to a job, it is not possible to only remove the
+		// artifacts of the jobs that are going to be rerun. That means that artifacts created by jobs that are not
+		// rerun will be lost. That matches GitHub Actions' behaviour as of May 2026.
+		if err := actions_model.SetArtifactsOfRunDeleted(ctx, job.RunID); err != nil {
+			return fmt.Errorf("cannot remove artifacts of previous run of run %d: %w", job.RunID, err)
+		}
+
 		for _, jobToRerun := range GetAllRerunJobs(job, jobs) {
 			canBeRerun, err := jobToRerun.CanBeRerun(ctx)
 			if err != nil {
diff --git a/services/actions/rerun_test.go b/services/actions/rerun_test.go
index 93a000afd1..fcd638e448 100644
--- a/services/actions/rerun_test.go
+++ b/services/actions/rerun_test.go
@@ -59,6 +59,11 @@ func TestRerun_RerunAllJobs(t *testing.T) {
 
 		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 455620})
 
+		unittest.AssertCount(t, &actions_model.ActionArtifact{RunID: run.ID}, 1)
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID: run.ID, Status: int64(actions_model.ArtifactStatusPendingDeletion),
+		}, 0)
+
 		rerunJobs, err := RerunAllJobs(t.Context(), run)
 		require.NoError(t, err)
 
@@ -81,6 +86,10 @@ func TestRerun_RerunAllJobs(t *testing.T) {
 		assert.Equal(t, actions_model.StatusWaiting, rerunJobs[1].Status)
 		assert.Equal(t, timeutil.TimeStamp(0), rerunJobs[1].Started)
 		assert.Equal(t, timeutil.TimeStamp(0), rerunJobs[1].Stopped)
+
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID: run.ID, Status: int64(actions_model.ArtifactStatusPendingDeletion),
+		}, 1)
 	})
 
 	t.Run("Error if workflow running", func(t *testing.T) {
@@ -89,6 +98,11 @@ func TestRerun_RerunAllJobs(t *testing.T) {
 
 		run := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRun{ID: 455630})
 
+		unittest.AssertCount(t, &actions_model.ActionArtifact{RunID: run.ID}, 1)
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID: run.ID, Status: int64(actions_model.ArtifactStatusPendingDeletion),
+		}, 0)
+
 		rerunJobs, err := RerunAllJobs(t.Context(), run)
 		require.ErrorContains(t, err, "workflow is still running")
 
@@ -100,6 +114,11 @@ func TestRerun_RerunAllJobs(t *testing.T) {
 		assert.Equal(t, time.Duration(0), run.PreviousDuration)
 
 		assert.Empty(t, rerunJobs)
+
+		unittest.AssertCount(t, &actions_model.ActionArtifact{RunID: run.ID}, 1)
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID: run.ID, Status: int64(actions_model.ArtifactStatusPendingDeletion),
+		}, 0)
 	})
 
 	t.Run("Error if workflow invalid", func(t *testing.T) {
@@ -153,6 +172,11 @@ func TestRerun_RerunJob(t *testing.T) {
 
 		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683910})
 
+		unittest.AssertCount(t, &actions_model.ActionArtifact{RunID: job.RunID}, 1)
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID: job.RunID, Status: int64(actions_model.ArtifactStatusPendingDeletion),
+		}, 0)
+
 		rerunJobs, err := RerunJob(t.Context(), job)
 
 		require.NoError(t, err)
@@ -166,6 +190,10 @@ func TestRerun_RerunJob(t *testing.T) {
 		assert.Equal(t, actions_model.StatusWaiting, job.Status)
 		assert.Equal(t, timeutil.TimeStamp(0), job.Started)
 		assert.Equal(t, timeutil.TimeStamp(0), job.Stopped)
+
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID: job.RunID, Status: int64(actions_model.ArtifactStatusPendingDeletion),
+		}, 1)
 	})
 
 	t.Run("Rerun job needed by others", func(t *testing.T) {
@@ -225,6 +253,11 @@ func TestRerun_RerunJob(t *testing.T) {
 
 		job := unittest.AssertExistsAndLoadBean(t, &actions_model.ActionRunJob{ID: 683900})
 
+		unittest.AssertCount(t, &actions_model.ActionArtifact{RunID: job.RunID}, 1)
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID: job.RunID, Status: int64(actions_model.ArtifactStatusPendingDeletion),
+		}, 0)
+
 		rerunJobs, err := RerunJob(t.Context(), job)
 
 		require.ErrorContains(t, err, "workflow is invalid")
@@ -236,6 +269,11 @@ func TestRerun_RerunJob(t *testing.T) {
 		assert.Equal(t, actions_model.StatusFailure, job.Status)
 		assert.Equal(t, timeutil.TimeStamp(0), job.Started)
 		assert.Equal(t, timeutil.TimeStamp(0), job.Stopped)
+
+		unittest.AssertCount(t, &actions_model.ActionArtifact{RunID: job.RunID}, 1)
+		unittest.AssertCount(t, &actions_model.ActionArtifact{
+			RunID: job.RunID, Status: int64(actions_model.ArtifactStatusPendingDeletion),
+		}, 0)
 	})
 
 	t.Run("Error if workflow disabled", func(t *testing.T) {

From 88fd372d9a608d9fc545b2ae1105c01005c54aa0 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Mon, 11 May 2026 23:54:58 +0200
Subject: [PATCH 846/854] Update dependency mermaid to v11.15.0 [SECURITY]
 (forgejo) (#12526)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12526
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 package-lock.json | 164 +++++++---------------------------------------
 package.json      |   2 +-
 2 files changed, 25 insertions(+), 141 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ba47ad58cf..93eea24572 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -55,7 +55,7 @@
         "idiomorph": "0.3.0",
         "jquery": "3.7.1",
         "katex": "0.16.45",
-        "mermaid": "11.14.0",
+        "mermaid": "11.15.0",
         "mini-css-extract-plugin": "2.10.0",
         "minimatch": "10.2.5",
         "pdfobject": "2.3.0",
@@ -328,41 +328,10 @@
         "@keyv/serialize": "^1.1.1"
       }
     },
-    "node_modules/@chevrotain/cst-dts-gen": {
-      "version": "12.0.0",
-      "resolved": "https://registry.npmjs.org/@chevrotain/cst-dts-gen/-/cst-dts-gen-12.0.0.tgz",
-      "integrity": "sha512-fSL4KXjTl7cDgf0B5Rip9Q05BOrYvkJV/RrBTE/bKDN096E4hN/ySpcBK5B24T76dlQ2i32Zc3PAE27jFnFrKg==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@chevrotain/gast": "12.0.0",
-        "@chevrotain/types": "12.0.0"
-      }
-    },
-    "node_modules/@chevrotain/gast": {
-      "version": "12.0.0",
-      "resolved": "https://registry.npmjs.org/@chevrotain/gast/-/gast-12.0.0.tgz",
-      "integrity": "sha512-1ne/m3XsIT8aEdrvT33so0GUC+wkctpUPK6zU9IlOyJLUbR0rg4G7ZiApiJbggpgPir9ERy3FRjT6T7lpgetnQ==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@chevrotain/types": "12.0.0"
-      }
-    },
-    "node_modules/@chevrotain/regexp-to-ast": {
-      "version": "12.0.0",
-      "resolved": "https://registry.npmjs.org/@chevrotain/regexp-to-ast/-/regexp-to-ast-12.0.0.tgz",
-      "integrity": "sha512-p+EW9MaJwgaHguhoqwOtx/FwuGr+DnNn857sXWOi/mClXIkPGl3rn7hGNWvo31HA3vyeQxjqe+H36yZJwYU8cA==",
-      "license": "Apache-2.0"
-    },
     "node_modules/@chevrotain/types": {
-      "version": "12.0.0",
-      "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-12.0.0.tgz",
-      "integrity": "sha512-S+04vjFQKeuYw0/eW3U52LkAHQsB1ASxsPGsLPUyQgrZ2iNNibQrsidruDzjEX2JYfespXMG0eZmXlhA6z7nWA==",
-      "license": "Apache-2.0"
-    },
-    "node_modules/@chevrotain/utils": {
-      "version": "12.0.0",
-      "resolved": "https://registry.npmjs.org/@chevrotain/utils/-/utils-12.0.0.tgz",
-      "integrity": "sha512-lB59uJoaGIfOOL9knQqQRfhl9g7x8/wqFkp13zTdkRu1huG9kg6IJs1O8hqj9rs6h7orGxHJUKb+mX3rPbWGhA==",
+      "version": "11.1.2",
+      "resolved": "https://registry.npmjs.org/@chevrotain/types/-/types-11.1.2.tgz",
+      "integrity": "sha512-U+HFai5+zmJCkK86QsaJtoITlboZHBqrVketcO2ROv865xfCMSFpELQoz1GkX5GzME8pTa+3kbKrZHQtI0gdbw==",
       "license": "Apache-2.0"
     },
     "node_modules/@citation-js/core": {
@@ -2803,12 +2772,12 @@
       }
     },
     "node_modules/@mermaid-js/parser": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-1.1.0.tgz",
-      "integrity": "sha512-gxK9ZX2+Fex5zu8LhRQoMeMPEHbc73UKZ0FQ54YrQtUxE1VVhMwzeNtKRPAu5aXks4FasbMe4xB4bWrmq6Jlxw==",
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@mermaid-js/parser/-/parser-1.1.1.tgz",
+      "integrity": "sha512-VuHdsYMK1bT6X2JbcAaWAhugTRvRBRyuZgd+c22swUeI9g/ntaxF7CY7dYarhZovofCbUNO0G7JesfmNtjYOCw==",
       "license": "MIT",
       "dependencies": {
-        "langium": "^4.0.0"
+        "@chevrotain/types": "~11.1.1"
       }
     },
     "node_modules/@monogrid/gainmap-js": {
@@ -6225,34 +6194,6 @@
         "chart.js": ">=3.2.0"
       }
     },
-    "node_modules/chevrotain": {
-      "version": "12.0.0",
-      "resolved": "https://registry.npmjs.org/chevrotain/-/chevrotain-12.0.0.tgz",
-      "integrity": "sha512-csJvb+6kEiQaqo1woTdSAuOWdN0WTLIydkKrBnS+V5gZz0oqBrp4kQ35519QgK6TpBThiG3V1vNSHlIkv4AglQ==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@chevrotain/cst-dts-gen": "12.0.0",
-        "@chevrotain/gast": "12.0.0",
-        "@chevrotain/regexp-to-ast": "12.0.0",
-        "@chevrotain/types": "12.0.0",
-        "@chevrotain/utils": "12.0.0"
-      },
-      "engines": {
-        "node": ">=22.0.0"
-      }
-    },
-    "node_modules/chevrotain-allstar": {
-      "version": "0.4.3",
-      "resolved": "https://registry.npmjs.org/chevrotain-allstar/-/chevrotain-allstar-0.4.3.tgz",
-      "integrity": "sha512-2X4mkroolSMKqW+H22pyPMUVDqYZzPhephTmg/NODKb1IGYPHfxfhcW0EjS7wcPJNbze2i4vBWT7zT5FKF2lrQ==",
-      "license": "MIT",
-      "dependencies": {
-        "lodash-es": "^4.18.1"
-      },
-      "peerDependencies": {
-        "chevrotain": "^12.0.0"
-      }
-    },
     "node_modules/chokidar": {
       "version": "3.6.0",
       "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz",
@@ -7891,6 +7832,16 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/es-toolkit": {
+      "version": "1.46.1",
+      "resolved": "https://registry.npmjs.org/es-toolkit/-/es-toolkit-1.46.1.tgz",
+      "integrity": "sha512-5eNtXOs3tbfxXOj04tjjseeWkRWaoCjdEI+96DgwzZoe6c9juL49pXlzAFTI72aWC9Y8p7168g6XIKjh7k6pyQ==",
+      "license": "MIT",
+      "workspaces": [
+        "docs",
+        "benchmarks"
+      ]
+    },
     "node_modules/esbuild": {
       "version": "0.27.7",
       "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.7.tgz",
@@ -10751,24 +10702,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/langium": {
-      "version": "4.2.3",
-      "resolved": "https://registry.npmjs.org/langium/-/langium-4.2.3.tgz",
-      "integrity": "sha512-sOPIi4hISFnY7twwV97ca1TsxpBtXq0URu/LL1AvxwccPG/RIBBlKS7a/f/EL6w8lTNaS0EFs/F+IdSOaqYpng==",
-      "license": "MIT",
-      "dependencies": {
-        "@chevrotain/regexp-to-ast": "~12.0.0",
-        "chevrotain": "~12.0.0",
-        "chevrotain-allstar": "~0.4.3",
-        "vscode-languageserver": "~9.0.1",
-        "vscode-languageserver-textdocument": "~1.0.11",
-        "vscode-uri": "~3.1.0"
-      },
-      "engines": {
-        "node": ">=20.10.0",
-        "npm": ">=10.2.3"
-      }
-    },
     "node_modules/layout-base": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/layout-base/-/layout-base-1.0.2.tgz",
@@ -11547,14 +11480,14 @@
       }
     },
     "node_modules/mermaid": {
-      "version": "11.14.0",
-      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.14.0.tgz",
-      "integrity": "sha512-GSGloRsBs+JINmmhl0JDwjpuezCsHB4WGI4NASHxL3fHo3o/BRXTxhDLKnln8/Q0lRFRyDdEjmk1/d5Sn1Xz8g==",
+      "version": "11.15.0",
+      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.15.0.tgz",
+      "integrity": "sha512-pTMbcf3rWdtLiYGpmoTjHEpeY8seiy6sR+9nD7LOs8KfUbHE4lOUAprTRqRAcWSQ6MQpdX+YEsxShtGsINtPtw==",
       "license": "MIT",
       "dependencies": {
         "@braintree/sanitize-url": "^7.1.1",
         "@iconify/utils": "^3.0.2",
-        "@mermaid-js/parser": "^1.1.0",
+        "@mermaid-js/parser": "^1.1.1",
         "@types/d3": "^7.4.3",
         "@upsetjs/venn.js": "^2.0.0",
         "cytoscape": "^3.33.1",
@@ -11565,14 +11498,14 @@
         "dagre-d3-es": "7.0.14",
         "dayjs": "^1.11.19",
         "dompurify": "^3.3.1",
+        "es-toolkit": "^1.45.1",
         "katex": "^0.16.25",
         "khroma": "^2.1.0",
-        "lodash-es": "^4.17.23",
         "marked": "^16.3.0",
         "roughjs": "^4.6.6",
         "stylis": "^4.3.6",
         "ts-dedent": "^2.2.0",
-        "uuid": "^11.1.0"
+        "uuid": "^11.1.0 || ^12 || ^13 || ^14.0.0"
       }
     },
     "node_modules/mermaid/node_modules/marked": {
@@ -15986,55 +15919,6 @@
         "url": "https://github.com/sponsors/jonschlinkert"
       }
     },
-    "node_modules/vscode-jsonrpc": {
-      "version": "8.2.0",
-      "resolved": "https://registry.npmjs.org/vscode-jsonrpc/-/vscode-jsonrpc-8.2.0.tgz",
-      "integrity": "sha512-C+r0eKJUIfiDIfwJhria30+TYWPtuHJXHtI7J0YlOmKAo7ogxP20T0zxB7HZQIFhIyvoBPwWskjxrvAtfjyZfA==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=14.0.0"
-      }
-    },
-    "node_modules/vscode-languageserver": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/vscode-languageserver/-/vscode-languageserver-9.0.1.tgz",
-      "integrity": "sha512-woByF3PDpkHFUreUa7Hos7+pUWdeWMXRd26+ZX2A8cFx6v/JPTtd4/uN0/jB6XQHYaOlHbio03NTHCqrgG5n7g==",
-      "license": "MIT",
-      "dependencies": {
-        "vscode-languageserver-protocol": "3.17.5"
-      },
-      "bin": {
-        "installServerIntoExtension": "bin/installServerIntoExtension"
-      }
-    },
-    "node_modules/vscode-languageserver-protocol": {
-      "version": "3.17.5",
-      "resolved": "https://registry.npmjs.org/vscode-languageserver-protocol/-/vscode-languageserver-protocol-3.17.5.tgz",
-      "integrity": "sha512-mb1bvRJN8SVznADSGWM9u/b07H7Ecg0I3OgXDuLdn307rl/J3A9YD6/eYOssqhecL27hK1IPZAsaqh00i/Jljg==",
-      "license": "MIT",
-      "dependencies": {
-        "vscode-jsonrpc": "8.2.0",
-        "vscode-languageserver-types": "3.17.5"
-      }
-    },
-    "node_modules/vscode-languageserver-textdocument": {
-      "version": "1.0.12",
-      "resolved": "https://registry.npmjs.org/vscode-languageserver-textdocument/-/vscode-languageserver-textdocument-1.0.12.tgz",
-      "integrity": "sha512-cxWNPesCnQCcMPeenjKKsOCKQZ/L6Tv19DTRIGuLWe32lyzWhihGVJ/rcckZXJxfdKCFvRLS3fpBIsV/ZGX4zA==",
-      "license": "MIT"
-    },
-    "node_modules/vscode-languageserver-types": {
-      "version": "3.17.5",
-      "resolved": "https://registry.npmjs.org/vscode-languageserver-types/-/vscode-languageserver-types-3.17.5.tgz",
-      "integrity": "sha512-Ld1VelNuX9pdF39h2Hgaeb5hEZM2Z3jUrrMgWQAu82jMtZp7p3vJT3BzToKtZI7NgQssZje5o0zryOrhQvzQAg==",
-      "license": "MIT"
-    },
-    "node_modules/vscode-uri": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/vscode-uri/-/vscode-uri-3.1.0.tgz",
-      "integrity": "sha512-/BpdSx+yCQGnCvecbyXdxHDkuk55/G3xwnC0GqY4gmQ3j+A+g8kzzgB4Nk/SINjqn6+waqw3EgbVF2QKExkRxQ==",
-      "license": "MIT"
-    },
     "node_modules/vue": {
       "version": "3.5.33",
       "resolved": "https://registry.npmjs.org/vue/-/vue-3.5.33.tgz",
diff --git a/package.json b/package.json
index 4ce4ec8b66..323dbb1de3 100644
--- a/package.json
+++ b/package.json
@@ -54,7 +54,7 @@
     "idiomorph": "0.3.0",
     "jquery": "3.7.1",
     "katex": "0.16.45",
-    "mermaid": "11.14.0",
+    "mermaid": "11.15.0",
     "mini-css-extract-plugin": "2.10.0",
     "minimatch": "10.2.5",
     "pdfobject": "2.3.0",

From 5b6c702f419a23e9c116b20ba0c7c26c1ff84ba8 Mon Sep 17 00:00:00 2001
From: TurtleArmy <turtlearmy@noreply.codeberg.org>
Date: Tue, 12 May 2026 00:53:09 +0200
Subject: [PATCH 847/854] feat(ui): support Pandoc style code blocks (#12099)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This resolves https://codeberg.org/forgejo/forgejo/issues/11107.

Codeberg doesn't support [Pandoc style code blocks](https://pandoc.org/MANUAL.html#extension-fenced_code_attributes), so only the two of these 3 will have syntax highlighting.

\`\`\`haskell
qsort []     = []
qsort (x:xs) = qsort (filter (< x) xs) ++ [x] ++
               qsort (filter (>= x) xs)
\`\`\`

\`\`\`haskell {.numberLines}
qsort []     = []
qsort (x:xs) = qsort (filter (< x) xs) ++ [x] ++
               qsort (filter (>= x) xs)
\`\`\`

\`\`\`{.numberLines .haskell}
qsort []     = []
qsort (x:xs) = qsort (filter (< x) xs) ++ [x] ++
               qsort (filter (>= x) xs)
\`\`\`

```haskell
qsort []     = []
qsort (x:xs) = qsort (filter (< x) xs) ++ [x] ++
               qsort (filter (>= x) xs)
```

```haskell {.numberLines}
qsort []     = []
qsort (x:xs) = qsort (filter (< x) xs) ++ [x] ++
               qsort (filter (>= x) xs)
```

```{.numberLines .haskell}
qsort []     = []
qsort (x:xs) = qsort (filter (< x) xs) ++ [x] ++
               qsort (filter (>= x) xs)
```

This PR adds syntax highlighting to the examples with Pandoc style code blocks. It also adds redundant code to explicitly handle the second case with the trailing attribute syntax, which might be unnecessary since it already works, but I think should be fine to leave in.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12099
Reviewed-by: Ellen Εμίλια Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
---
 modules/markup/markdown/markdown_test.go      | 32 +++++++++++++++++--
 .../markdown/transform_codeblock_lang.go      | 27 ++++++++++++++++
 2 files changed, 56 insertions(+), 3 deletions(-)

diff --git a/modules/markup/markdown/markdown_test.go b/modules/markup/markdown/markdown_test.go
index 1f75799900..3aee7a372d 100644
--- a/modules/markup/markdown/markdown_test.go
+++ b/modules/markup/markdown/markdown_test.go
@@ -1489,14 +1489,14 @@ func TestCallout(t *testing.T) {
 </blockquote>`)
 }
 
-func TestCodeblockLanguageStripping(t *testing.T) {
+func TestCodeblockLanguageTransformation(t *testing.T) {
 	test := func(input, expected string) {
 		buffer, err := markdown.RenderString(&markup.RenderContext{Ctx: git.DefaultContext}, input)
 		require.NoError(t, err)
 		assert.Equal(t, strings.TrimSpace(expected), strings.TrimSpace(string(buffer)))
 	}
 
-	// Unstripped
+	// No transformation
 	test(
 		"```rust\n"+
 			"fn main() {}\n"+
@@ -1504,7 +1504,7 @@ func TestCodeblockLanguageStripping(t *testing.T) {
 		`<pre class="code-block"><code class="chroma language-rust display"><span class="k">fn</span> <span class="nf">main</span><span class="p">()</span><span class="w"> </span><span class="p">{}</span><span class="w">
 </span></code></pre>`)
 
-	// Stripped
+	// Comma stripped
 	test(
 		"```rust,ignore\n"+
 			"fn main() {}\n"+
@@ -1512,6 +1512,32 @@ func TestCodeblockLanguageStripping(t *testing.T) {
 		`<pre class="code-block"><code class="chroma language-rust display"><span class="k">fn</span> <span class="nf">main</span><span class="p">()</span><span class="w"> </span><span class="p">{}</span><span class="w">
 </span></code></pre>`)
 
+	// Pandoc stripping
+	// https://pandoc.org/MANUAL.html#extension-fenced_code_attributes
+	test(
+		"```haskell {.numberLines}\n"+
+			"qsort []     = []\n"+
+			"qsort (x:xs) = qsort (filter (< x) xs) ++ [x] ++\n"+
+			"               qsort (filter (>= x) xs)\n"+
+			"```",
+		`<pre class="code-block"><code class="chroma language-haskell display"><span class="nf">qsort</span> <span class="kt">[]</span>     <span class="ow">=</span> <span class="kt">[]</span>
+<span class="nf">qsort</span> <span class="p">(</span><span class="n">x</span><span class="kt">:</span><span class="n">xs</span><span class="p">)</span> <span class="ow">=</span> <span class="n">qsort</span> <span class="p">(</span><span class="n">filter</span> <span class="p">(</span><span class="o">&lt;</span> <span class="n">x</span><span class="p">)</span> <span class="n">xs</span><span class="p">)</span> <span class="o">++</span> <span class="p">[</span><span class="n">x</span><span class="p">]</span> <span class="o">++</span>
+               <span class="n">qsort</span> <span class="p">(</span><span class="n">filter</span> <span class="p">(</span><span class="o">&gt;=</span> <span class="n">x</span><span class="p">)</span> <span class="n">xs</span><span class="p">)</span>
+</code></pre>`)
+
+	// Pandoc language extracting
+	// https://pandoc.org/MANUAL.html#extension-fenced_code_attributes
+	test(
+		"```   { #mycode .numberLines .haskell startFrom=\"100\" }   \n"+
+			"qsort []     = []\n"+
+			"qsort (x:xs) = qsort (filter (< x) xs) ++ [x] ++\n"+
+			"               qsort (filter (>= x) xs)\n"+
+			"```",
+		`<pre class="code-block"><code class="chroma language-haskell display"><span class="nf">qsort</span> <span class="kt">[]</span>     <span class="ow">=</span> <span class="kt">[]</span>
+<span class="nf">qsort</span> <span class="p">(</span><span class="n">x</span><span class="kt">:</span><span class="n">xs</span><span class="p">)</span> <span class="ow">=</span> <span class="n">qsort</span> <span class="p">(</span><span class="n">filter</span> <span class="p">(</span><span class="o">&lt;</span> <span class="n">x</span><span class="p">)</span> <span class="n">xs</span><span class="p">)</span> <span class="o">++</span> <span class="p">[</span><span class="n">x</span><span class="p">]</span> <span class="o">++</span>
+               <span class="n">qsort</span> <span class="p">(</span><span class="n">filter</span> <span class="p">(</span><span class="o">&gt;=</span> <span class="n">x</span><span class="p">)</span> <span class="n">xs</span><span class="p">)</span>
+</code></pre>`)
+
 	// No language identifier
 	test(
 		"```\n"+
diff --git a/modules/markup/markdown/transform_codeblock_lang.go b/modules/markup/markdown/transform_codeblock_lang.go
index 5263ec4ffc..f730265b15 100644
--- a/modules/markup/markdown/transform_codeblock_lang.go
+++ b/modules/markup/markdown/transform_codeblock_lang.go
@@ -6,6 +6,7 @@ package markdown
 import (
 	"bytes"
 
+	"github.com/alecthomas/chroma/v2/lexers"
 	"github.com/yuin/goldmark/ast"
 	"github.com/yuin/goldmark/text"
 )
@@ -16,6 +17,32 @@ func (g *ASTTransformer) transformCodeblockLanguage(v *ast.FencedCodeBlock, read
 	}
 	src := reader.Source()
 	info := v.Info.Segment.Value(src)
+
+	// Parse Pandoc style attributes
+	// https://pandoc.org/MANUAL.html#extension-fenced_code_attributes
+	//
+	// For example,
+	// ```{.haskell .numberLines}
+	// ...
+	// ```
+	// Should have a language of "haskell", not "{.haskell .numberLines}"
+	if trimmed := bytes.TrimSpace(info); bytes.HasPrefix(trimmed, []byte{'{'}) && bytes.HasSuffix(trimmed, []byte{'}'}) {
+		attributes := trimmed[1 : len(trimmed)-1]
+		for attribute := range bytes.SplitSeq(attributes, []byte{' '}) {
+			if class, found := bytes.CutPrefix(attribute, []byte{'.'}); found {
+				if lexer := lexers.Get(string(class)); lexer != nil {
+					lang := class
+					langInx := bytes.Index(info, lang)
+					start := v.Info.Segment.Start + langInx
+					end := start + len(lang)
+					v.Info = ast.NewTextSegment(text.NewSegment(start, end))
+					return
+				}
+			}
+		}
+		return
+	}
+
 	// Strip language after commas
 	//
 	// For example,

From 32b8d732b81f8fffdea787bee044b59a03d10547 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 12 May 2026 04:54:25 +0200
Subject: [PATCH 848/854] 2026-05-12 security patches (#12493)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- fix: prevent git write to wiki repo from unauthorized user via git HTTP
- fix: prevent LFS authorization token from being used for read/write access after user's access is restricted from Forgejo
- fix: prevent scoped API access (OAuth tokens, Access tokens) from accessing resources beyond their permitted scope via non-API endpoints (e.g. /user/repo/raw/...)
- fix: implementing missing OAuth validation checks, improve protections against race conditions
- fix: prevent OAuth redirect URI spoofing via non-ascii case collision
- fix: strengthen Actions Artifact V4 signature algorithm against spoofing attacks

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12493): <!--number 12493 --><!--line 0 --><!--description MjAyNi0wNS0xMiBzZWN1cml0eSBwYXRjaGVz-->2026-05-12 security patches<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: Derzsi Dániel <daniel@tohka.us>
Co-authored-by: jvoisin <julien.voisin@dustri.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12493
---
 models/auth/oauth2.go                         |  51 ++--
 models/auth/oauth2_test.go                    |  55 ++++-
 release-notes/12494.md                        |   6 +
 release-notes/12495.md                        |   6 +
 routers/api/actions/artifactsv4.go            |  14 +-
 routers/web/auth/oauth.go                     |  20 ++
 routers/web/repo/attachment.go                |  36 ++-
 routers/web/repo/githttp.go                   |   6 +-
 services/context/permission.go                |  18 ++
 services/context/repo.go                      |  10 +-
 services/lfs/server.go                        |  14 ++
 services/lfs/server_test.go                   |  69 ++++++
 tests/integration/attachment_test.go          | 227 ++++++++++++++++++
 tests/integration/download_test.go            | 109 ++++++++-
 .../attachment.yml                            |  12 +
 .../TestGetAttachmentViaAPITokens/issue.yml   |  16 ++
 tests/integration/oauth_test.go               |  85 ++++++-
 tests/integration/wiki_test.go                | 187 +++++++++++++--
 18 files changed, 900 insertions(+), 41 deletions(-)
 create mode 100644 release-notes/12494.md
 create mode 100644 release-notes/12495.md
 create mode 100644 tests/integration/fixtures/TestGetAttachmentViaAPITokens/attachment.yml
 create mode 100644 tests/integration/fixtures/TestGetAttachmentViaAPITokens/issue.yml

diff --git a/models/auth/oauth2.go b/models/auth/oauth2.go
index 9acd9a46b0..9ef89cb624 100644
--- a/models/auth/oauth2.go
+++ b/models/auth/oauth2.go
@@ -6,6 +6,7 @@ package auth
 import (
 	"context"
 	"crypto/sha256"
+	"crypto/subtle"
 	"encoding/base32"
 	"encoding/base64"
 	"errors"
@@ -151,9 +152,9 @@ func (app *OAuth2Application) ContainsRedirectURI(redirectURI string) bool {
 	// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
 	// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-12#section-3.1
 	contains := func(s string) bool {
-		s = strings.TrimSuffix(strings.ToLower(s), "/")
+		s = strings.TrimSuffix(util.ToUpperASCII(s), "/")
 		for _, u := range app.RedirectURIs {
-			if strings.TrimSuffix(strings.ToLower(u), "/") == s {
+			if strings.TrimSuffix(util.ToUpperASCII(u), "/") == s {
 				return true
 			}
 		}
@@ -408,26 +409,41 @@ func (code *OAuth2AuthorizationCode) GenerateRedirectURI(state string) (*url.URL
 	return redirect, err
 }
 
-// Invalidate deletes the auth code from the database to invalidate this code
+// Invalidate deletes the auth code from the database to invalidate this code.
+// It returns an error if the code was already invalidated (i.e., no rows were deleted),
+// which prevents authorization code replay attacks.
 func (code *OAuth2AuthorizationCode) Invalidate(ctx context.Context) error {
-	_, err := db.GetEngine(ctx).ID(code.ID).NoAutoCondition().Delete(code)
-	return err
+	affected, err := db.GetEngine(ctx).ID(code.ID).NoAutoCondition().Delete(code)
+	if err != nil {
+		return err
+	}
+	if affected == 0 {
+		return fmt.Errorf("authorization code already used or does not exist")
+	}
+	return nil
 }
 
-// ValidateCodeChallenge validates the given verifier against the saved code challenge. This is part of the PKCE implementation.
+// ValidateCodeChallenge validates the given verifier against the saved code challenge. This is part of the PKCE
+// implementation. If a code challenge was set during authorization, a valid verifier MUST be provided.
 func (code *OAuth2AuthorizationCode) ValidateCodeChallenge(verifier string) bool {
+	// If no PKCE was used during authorization, no verifier is needed.
+	if code.CodeChallengeMethod == "" && code.CodeChallenge == "" {
+		return true
+	}
+	// A challenge was set but no verifier provided: reject outright, no comparison or hashing is required.
+	if verifier == "" {
+		return false
+	}
 	switch code.CodeChallengeMethod {
 	case "S256":
 		// base64url(SHA256(verifier)) see https://tools.ietf.org/html/rfc7636#section-4.6
 		h := sha256.Sum256([]byte(verifier))
 		hashedVerifier := base64.RawURLEncoding.EncodeToString(h[:])
-		return hashedVerifier == code.CodeChallenge
+		return subtle.ConstantTimeCompare([]byte(hashedVerifier), []byte(code.CodeChallenge)) == 1
 	case "plain":
-		return verifier == code.CodeChallenge
-	case "":
-		return true
+		return subtle.ConstantTimeCompare([]byte(verifier), []byte(code.CodeChallenge)) == 1
 	default:
-		// unsupported method -> return false
+		// unsupported or empty method with a non-empty challenge -> reject
 		return false
 	}
 }
@@ -490,16 +506,19 @@ func (grant *OAuth2Grant) GenerateNewAuthorizationCode(ctx context.Context, redi
 }
 
 // IncreaseCounter increases the counter and updates the grant
+// IncreaseCounter atomically increments the counter only if it still matches
+// the value loaded into this grant. Returns an error if the counter was already
+// changed by a concurrent request (refresh token replay).
 func (grant *OAuth2Grant) IncreaseCounter(ctx context.Context) error {
-	_, err := db.GetEngine(ctx).ID(grant.ID).Incr("counter").Update(new(OAuth2Grant))
+	affected, err := db.GetEngine(ctx).Where("id = ? AND counter = ?", grant.ID, grant.Counter).
+		Incr("counter").Update(new(OAuth2Grant))
 	if err != nil {
 		return err
 	}
-	updatedGrant, err := GetOAuth2GrantByID(ctx, grant.ID)
-	if err != nil {
-		return err
+	if affected == 0 {
+		return fmt.Errorf("grant counter changed unexpectedly (possible replay)")
 	}
-	grant.Counter = updatedGrant.Counter
+	grant.Counter++
 	return nil
 }
 
diff --git a/models/auth/oauth2_test.go b/models/auth/oauth2_test.go
index 9c6836ed0d..aa474393c1 100644
--- a/models/auth/oauth2_test.go
+++ b/models/auth/oauth2_test.go
@@ -75,6 +75,13 @@ func TestOAuth2Application_ContainsRedirect_Slash(t *testing.T) {
 	assert.False(t, app.ContainsRedirectURI("http://127.0.0.1/other"))
 }
 
+func TestOAuth2Application_ContainsRedirect_Normalization(t *testing.T) {
+	app := &auth_model.OAuth2Application{RedirectURIs: []string{"https://website.com"}}
+	assert.True(t, app.ContainsRedirectURI("https://website.com"))
+	assert.True(t, app.ContainsRedirectURI("https://webSITE.com"))  // ascii uppercase I
+	assert.False(t, app.ContainsRedirectURI("https://websİte.com")) // U+0130 as I, Latin Capital Letter I with Dot Above
+}
+
 func TestOAuth2Application_ValidateClientSecret(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	app := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Application{ID: 1})
@@ -147,9 +154,18 @@ func TestGetOAuth2GrantByID(t *testing.T) {
 func TestOAuth2Grant_IncreaseCounter(t *testing.T) {
 	require.NoError(t, unittest.PrepareTestDatabase())
 	grant := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Grant{ID: 1, Counter: 1})
+
+	// First increment succeeds
 	require.NoError(t, grant.IncreaseCounter(db.DefaultContext))
 	assert.Equal(t, int64(2), grant.Counter)
 	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Grant{ID: 1, Counter: 2})
+
+	// Simulate a stale grant (counter still 1): must fail (concurrent replay)
+	grant.Counter = 1
+	require.Error(t, grant.IncreaseCounter(db.DefaultContext), "stale counter must be rejected")
+
+	// Counter in DB should be unchanged
+	unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2Grant{ID: 1, Counter: 2})
 }
 
 func TestOAuth2Grant_ScopeContains(t *testing.T) {
@@ -232,12 +248,33 @@ func TestOAuth2AuthorizationCode_ValidateCodeChallenge(t *testing.T) {
 	}
 	assert.False(t, code.ValidateCodeChallenge("foiwgjioriogeiogjerger"))
 
-	// test no code challenge
+	// test no PKCE at all (no challenge set, no verifier needed)
+	code = &auth_model.OAuth2AuthorizationCode{
+		CodeChallengeMethod: "",
+		CodeChallenge:       "",
+	}
+	assert.True(t, code.ValidateCodeChallenge(""))
+
+	// test PKCE required: challenge was set but verifier is empty
+	code = &auth_model.OAuth2AuthorizationCode{
+		CodeChallengeMethod: "S256",
+		CodeChallenge:       "CjvyTLSdR47G5zYenDA-eDWW4lRrO8yvjcWwbD_deOg",
+	}
+	assert.False(t, code.ValidateCodeChallenge(""), "PKCE required: S256 challenge set but empty verifier must be rejected")
+
+	code = &auth_model.OAuth2AuthorizationCode{
+		CodeChallengeMethod: "plain",
+		CodeChallenge:       "test123",
+	}
+	assert.False(t, code.ValidateCodeChallenge(""), "PKCE required: plain challenge set but empty verifier must be rejected")
+
+	// test challenge stored but method empty (malformed: should reject)
 	code = &auth_model.OAuth2AuthorizationCode{
 		CodeChallengeMethod: "",
 		CodeChallenge:       "foierjiogerogerg",
 	}
-	assert.True(t, code.ValidateCodeChallenge(""))
+	assert.False(t, code.ValidateCodeChallenge(""), "challenge present with empty method must be rejected")
+	assert.False(t, code.ValidateCodeChallenge("foierjiogerogerg"), "challenge present with empty method must be rejected even with matching verifier")
 }
 
 func TestOAuth2AuthorizationCode_GenerateRedirectURI(t *testing.T) {
@@ -262,6 +299,20 @@ func TestOAuth2AuthorizationCode_Invalidate(t *testing.T) {
 	unittest.AssertNotExistsBean(t, &auth_model.OAuth2AuthorizationCode{Code: "authcode"})
 }
 
+func TestOAuth2AuthorizationCode_Invalidate_DoubleUse(t *testing.T) {
+	require.NoError(t, unittest.PrepareTestDatabase())
+	code := unittest.AssertExistsAndLoadBean(t, &auth_model.OAuth2AuthorizationCode{Code: "authcode"})
+
+	// First invalidation should succeed
+	require.NoError(t, code.Invalidate(db.DefaultContext))
+	unittest.AssertNotExistsBean(t, &auth_model.OAuth2AuthorizationCode{Code: "authcode"})
+
+	// Second invalidation of the same code must fail (replay prevention)
+	err := code.Invalidate(db.DefaultContext)
+	require.Error(t, err)
+	assert.Contains(t, err.Error(), "authorization code already used")
+}
+
 func TestOAuth2AuthorizationCode_TableName(t *testing.T) {
 	assert.Equal(t, "oauth2_authorization_code", new(auth_model.OAuth2AuthorizationCode).TableName())
 }
diff --git a/release-notes/12494.md b/release-notes/12494.md
new file mode 100644
index 0000000000..a26776b47c
--- /dev/null
+++ b/release-notes/12494.md
@@ -0,0 +1,6 @@
+- fix: prevent git write to wiki repo from unauthorized user via git HTTP
+- fix: prevent LFS authorization token from being used for read/write access after user's access is restricted from Forgejo
+- fix: prevent scoped API access (OAuth tokens, Access tokens) from accessing resources beyond their permitted scope via non-API endpoints (e.g. /user/repo/raw/...)
+- fix: implementing missing OAuth validation checks, improve protections against race conditions
+- fix: prevent OAuth redirect URI spoofing via non-ascii case collision
+- fix: strengthen Actions Artifact V4 signature algorithm against spoofing attacks
diff --git a/release-notes/12495.md b/release-notes/12495.md
new file mode 100644
index 0000000000..a26776b47c
--- /dev/null
+++ b/release-notes/12495.md
@@ -0,0 +1,6 @@
+- fix: prevent git write to wiki repo from unauthorized user via git HTTP
+- fix: prevent LFS authorization token from being used for read/write access after user's access is restricted from Forgejo
+- fix: prevent scoped API access (OAuth tokens, Access tokens) from accessing resources beyond their permitted scope via non-API endpoints (e.g. /user/repo/raw/...)
+- fix: implementing missing OAuth validation checks, improve protections against race conditions
+- fix: prevent OAuth redirect URI spoofing via non-ascii case collision
+- fix: strengthen Actions Artifact V4 signature algorithm against spoofing attacks
diff --git a/routers/api/actions/artifactsv4.go b/routers/api/actions/artifactsv4.go
index 56fe5cb2cc..c3d3c37e79 100644
--- a/routers/api/actions/artifactsv4.go
+++ b/routers/api/actions/artifactsv4.go
@@ -89,6 +89,7 @@ import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/base64"
+	"encoding/binary"
 	"encoding/xml"
 	"fmt"
 	"io"
@@ -163,11 +164,20 @@ func ArtifactsV4Routes(prefix string) *web.Route {
 
 func (r artifactV4Routes) buildSignature(endp, expires, artifactName string, taskID, artifactID int64) []byte {
 	mac := hmac.New(sha256.New, setting.GetGeneralTokenSigningSecret())
+	// For each string field, write the length of the string first to prevent user-controlled strings from bleeding into
+	// each other and causing a signature match when it isn't expected.
+	_ = binary.Write(mac, binary.BigEndian, int64(len(endp)))
 	mac.Write([]byte(endp))
+	_ = binary.Write(mac, binary.BigEndian, int64(len(expires)))
 	mac.Write([]byte(expires))
+	_ = binary.Write(mac, binary.BigEndian, int64(len(artifactName)))
 	mac.Write([]byte(artifactName))
-	fmt.Fprint(mac, taskID)
-	fmt.Fprint(mac, artifactID)
+
+	// Write TaskID & ArtifactID as binary values to prevent them from bleeding together; eg. TaskID="2" &
+	// ArtifactID="18" could look the same in the signature as TaskID="21" and ArtifactID="8" if they're written as
+	// strings.
+	_ = binary.Write(mac, binary.BigEndian, taskID)
+	_ = binary.Write(mac, binary.BigEndian, artifactID)
 	return mac.Sum(nil)
 }
 
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 914e181259..828027c0a8 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -803,6 +803,16 @@ func handleRefreshToken(ctx *context.Context, form forms.AccessTokenForm, server
 		return
 	}
 
+	// Ensure the refresh token's grant belongs to the requesting client.
+	// This prevents cross-client token usage (RFC 6749 Section 10.4).
+	if grant.ApplicationID != app.ID {
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
+			ErrorCode:        AccessTokenErrorCodeInvalidGrant,
+			ErrorDescription: "refresh token was not issued to this client",
+		})
+		return
+	}
+
 	// check if token got already used
 	if setting.OAuth2.InvalidateRefreshTokens && (grant.Counter != token.Counter || token.Counter == 0) {
 		handleAccessTokenError(ctx, AccessTokenErrorResponse{
@@ -863,6 +873,15 @@ func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, s
 		})
 		return
 	}
+	// Per RFC 6749 §4.1.3, if redirect_uri was included in the authorization request,
+	// it MUST be identical to the value included in the token request.
+	if authorizationCode.RedirectURI != "" && form.RedirectURI != authorizationCode.RedirectURI {
+		handleAccessTokenError(ctx, AccessTokenErrorResponse{
+			ErrorCode:        AccessTokenErrorCodeUnauthorizedClient,
+			ErrorDescription: "redirect_uri does not match the authorization request",
+		})
+		return
+	}
 	// check if granted for this application
 	if authorizationCode.Grant.ApplicationID != app.ID {
 		handleAccessTokenError(ctx, AccessTokenErrorResponse{
@@ -877,6 +896,7 @@ func handleAuthorizationCode(ctx *context.Context, form forms.AccessTokenForm, s
 			ErrorCode:        AccessTokenErrorCodeInvalidRequest,
 			ErrorDescription: "cannot proceed your request",
 		})
+		return
 	}
 	resp, tokenErr := newAccessTokenResponse(ctx, authorizationCode.Grant, serverKey, clientKey)
 	if tokenErr != nil {
diff --git a/routers/web/repo/attachment.go b/routers/web/repo/attachment.go
index 5497738f0b..65be51ba08 100644
--- a/routers/web/repo/attachment.go
+++ b/routers/web/repo/attachment.go
@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"net/http"
 
+	"forgejo.org/models/auth"
 	access_model "forgejo.org/models/perm/access"
 	repo_model "forgejo.org/models/repo"
 	"forgejo.org/modules/httpcache"
@@ -98,6 +99,30 @@ func ServeAttachment(ctx *context.Context, uuid string) {
 		return
 	}
 
+	// Some paths like `/attachment/{uuid}` can be accessed with API authentication mechanisms, which can have limited
+	// scopes (eg. user access tokens, OAuth grants).  There's no middleware on these routes that enforce API scopes
+	// because (a) they're not API endpoints, and (b) the scoped required is dependant on the attachment.
+	if hasScope, scope := ctx.Authentication.Scope().Get(); hasScope {
+		var requiredScope auth.AccessTokenScope
+		if attach.ReleaseID != 0 {
+			requiredScope = auth.AccessTokenScopeReadRepository
+		} else if attach.IssueID != 0 {
+			requiredScope = auth.AccessTokenScopeReadIssue
+		} else {
+			ctx.ServerError("UnidentifiedAttachmentResource", fmt.Errorf("unable to identify resource for attachment id=%d", attach.ID))
+			return
+		}
+		allow, err := scope.HasScope(requiredScope)
+		if err != nil {
+			ctx.ServerError("checking scope failed", err)
+			return
+		}
+		if !allow {
+			ctx.Error(http.StatusForbidden, "scopedAccessCheck", fmt.Sprintf("token does not have at least one of required scope(s): %v", requiredScope))
+			return
+		}
+	}
+
 	repository, unitType, err := repo_service.LinkedRepository(ctx, attach)
 	if err != nil {
 		ctx.ServerError("LinkedRepository", err)
@@ -110,7 +135,16 @@ func ServeAttachment(ctx *context.Context, uuid string) {
 			return
 		}
 	} else { // If we have the repository we check access
-		perm, err := access_model.GetUserRepoPermission(ctx, repository, ctx.Doer)
+		// Some paths like `/attachment/{uuid}` can be accessed with API authentication mechanisms, and therefore *may*
+		// have AuthorizationReducers that need to be enforced:
+		reducer := ctx.Authentication.Reducer()
+		var perm access_model.Permission
+		var err error
+		if reducer != nil {
+			perm, err = access_model.GetUserRepoPermissionWithReducer(ctx, repository, ctx.Doer, reducer)
+		} else {
+			perm, err = access_model.GetUserRepoPermission(ctx, repository, ctx.Doer)
+		}
 		if err != nil {
 			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error())
 			return
diff --git a/routers/web/repo/githttp.go b/routers/web/repo/githttp.go
index 936b108281..6703676745 100644
--- a/routers/web/repo/githttp.go
+++ b/routers/web/repo/githttp.go
@@ -184,8 +184,10 @@ func httpBase(ctx *context.Context) *serviceHandler {
 		}
 
 		if repoExist {
-			// Because of special ref "refs/for" .. , need delay write permission check
-			accessMode = perm.AccessModeRead
+			if !isWiki {
+				// Because of special ref "refs/for" .. , need delay write permission check
+				accessMode = perm.AccessModeRead
+			}
 
 			if hasTaskID, taskID := ctx.Authentication.ActionsTaskID().Get(); hasTaskID {
 				task, err := actions_model.GetTaskByID(ctx, taskID)
diff --git a/services/context/permission.go b/services/context/permission.go
index 44adbbd6d9..ad6843b440 100644
--- a/services/context/permission.go
+++ b/services/context/permission.go
@@ -4,6 +4,7 @@
 package context
 
 import (
+	"fmt"
 	"net/http"
 	"slices"
 
@@ -57,6 +58,23 @@ func RequireRepoWriterOr(unitTypes ...unit.Type) func(ctx *Context) {
 // RequireRepoReader returns a middleware for requiring repository read to the specify unitType
 func RequireRepoReader(unitType unit.Type) func(ctx *Context) {
 	return func(ctx *Context) {
+		// Typically checks for authentication scopes won't be relevant for non-API requests where this middleware is
+		// used; but, some paths like `/user/repo/raw/...` can be accessed with API authentication mechanisms.  In those
+		// edge cases, check that `read:repository` scope is present if the authentication method indicates a limited
+		// scope.
+		hasScope, scope := ctx.Authentication.Scope().Get()
+		if hasScope {
+			allow, err := scope.HasScope(auth_model.AccessTokenScopeReadRepository)
+			if err != nil {
+				ctx.ServerError("checking scope failed", err)
+				return
+			}
+			if !allow {
+				ctx.Error(http.StatusForbidden, "scopedAccessCheck", fmt.Sprintf("token does not have at least one of required scope(s): %v", auth_model.AccessTokenScopeReadRepository))
+				return
+			}
+		}
+
 		if !ctx.Repo.CanRead(unitType) {
 			if log.IsTrace() {
 				if ctx.IsSigned {
diff --git a/services/context/repo.go b/services/context/repo.go
index 583eb35474..f39b6d342d 100644
--- a/services/context/repo.go
+++ b/services/context/repo.go
@@ -375,7 +375,15 @@ func repoAssignment(ctx *Context, repo *repo_model.Repository) {
 		return
 	}
 
-	ctx.Repo.Permission, err = access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+	// Typically checks for authorization reducers won't be relevant for non-API requests where this middleware is used;
+	// but, some paths like `/user/repo/raw/...` can be accessed with API authentication mechanisms.  In those edge
+	// cases, initialize `ctx.Repo.Permission` based upon the reduced permission set available.
+	authorizationReducer := ctx.Authentication.Reducer()
+	if authorizationReducer == nil {
+		ctx.Repo.Permission, err = access_model.GetUserRepoPermission(ctx, repo, ctx.Doer)
+	} else {
+		ctx.Repo.Permission, err = access_model.GetUserRepoPermissionWithReducer(ctx, repo, ctx.Doer, authorizationReducer)
+	}
 	if err != nil {
 		ctx.ServerError("GetUserRepoPermission", err)
 		return
diff --git a/services/lfs/server.go b/services/lfs/server.go
index 457602243e..1dfd58a3c0 100644
--- a/services/lfs/server.go
+++ b/services/lfs/server.go
@@ -607,6 +607,20 @@ func handleLFSToken(ctx stdCtx.Context, tokenSHA string, target *repo_model.Repo
 		log.Error("Unable to GetUserById[%d]: Error: %v", claims.UserID, err)
 		return nil, err
 	}
+
+	if !u.IsAccessAllowed(ctx) {
+		return nil, errors.New("user access is blocked")
+	}
+
+	repoPerm, err := access_model.GetUserRepoPermission(ctx, target, u)
+	if err != nil {
+		log.Error("Unable to GetUserRepoPermission[%d]: Error: %v", claims.UserID, err)
+		return nil, err
+	}
+	if !repoPerm.CanAccess(mode, unit.TypeCode) {
+		return nil, errors.New("user does not have access to the repository")
+	}
+
 	return u, nil
 }
 
diff --git a/services/lfs/server_test.go b/services/lfs/server_test.go
index 065387ce08..875a99603e 100644
--- a/services/lfs/server_test.go
+++ b/services/lfs/server_test.go
@@ -78,6 +78,75 @@ func testAuthenticate(t *testing.T, cfg string) {
 		assert.EqualValues(t, 2, u.ID)
 	})
 
+	t.Run("handleLFSToken nonexistent user", func(t *testing.T) {
+		tokenMissing, _ := getLFSAuthTokenWithBearer(authTokenOptions{Op: "download", UserID: 999, RepoID: 1})
+		_, tokenMissing, _ = strings.Cut(tokenMissing, " ")
+
+		u, err := handleLFSToken(ctx, tokenMissing, repo1, perm_model.AccessModeRead)
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "user does not exist")
+		assert.Nil(t, u)
+	})
+
+	t.Run("handleLFSToken nonexistent repo", func(t *testing.T) {
+		tokenBadRepo, _ := getLFSAuthTokenWithBearer(authTokenOptions{Op: "download", UserID: 2, RepoID: 999})
+		_, tokenBadRepo, _ = strings.Cut(tokenBadRepo, " ")
+		badRepo := &repo_model.Repository{ID: 999}
+
+		u, err := handleLFSToken(ctx, tokenBadRepo, badRepo, perm_model.AccessModeRead)
+		require.Error(t, err)
+		assert.Nil(t, u)
+	})
+
+	t.Run("handleLFSToken blocked user", func(t *testing.T) {
+		tokenBlocked, _ := getLFSAuthTokenWithBearer(authTokenOptions{Op: "download", UserID: 37, RepoID: 1})
+		_, tokenBlocked, _ = strings.Cut(tokenBlocked, " ")
+
+		u, err := handleLFSToken(ctx, tokenBlocked, repo1, perm_model.AccessModeRead)
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "user access is blocked")
+		assert.Nil(t, u)
+	})
+
+	t.Run("handleLFSToken no repo access", func(t *testing.T) {
+		repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2})
+		tokenNoAccess, _ := getLFSAuthTokenWithBearer(authTokenOptions{Op: "download", UserID: 10, RepoID: 2})
+		_, tokenNoAccess, _ = strings.Cut(tokenNoAccess, " ")
+
+		u, err := handleLFSToken(ctx, tokenNoAccess, repo2, perm_model.AccessModeRead)
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "does not have access to the repository")
+		assert.Nil(t, u)
+	})
+
+	t.Run("handleLFSToken upload write access allowed", func(t *testing.T) {
+		tokenUploadRW, _ := getLFSAuthTokenWithBearer(authTokenOptions{Op: "upload", UserID: 2, RepoID: 1})
+		_, tokenUploadRW, _ = strings.Cut(tokenUploadRW, " ")
+
+		u, err := handleLFSToken(ctx, tokenUploadRW, repo1, perm_model.AccessModeWrite)
+		require.NoError(t, err)
+		assert.EqualValues(t, 2, u.ID)
+	})
+
+	t.Run("handleLFSToken upload read-only access denied", func(t *testing.T) {
+		tokenUploadRO, _ := getLFSAuthTokenWithBearer(authTokenOptions{Op: "upload", UserID: 10, RepoID: 1})
+		_, tokenUploadRO, _ = strings.Cut(tokenUploadRO, " ")
+
+		u, err := handleLFSToken(ctx, tokenUploadRO, repo1, perm_model.AccessModeWrite)
+		require.Error(t, err)
+		assert.Contains(t, err.Error(), "does not have access to the repository")
+		assert.Nil(t, u)
+	})
+
+	t.Run("handleLFSToken download read-only access allowed", func(t *testing.T) {
+		tokenDownloadRO, _ := getLFSAuthTokenWithBearer(authTokenOptions{Op: "download", UserID: 10, RepoID: 1})
+		_, tokenDownloadRO, _ = strings.Cut(tokenDownloadRO, " ")
+
+		u, err := handleLFSToken(ctx, tokenDownloadRO, repo1, perm_model.AccessModeRead)
+		require.NoError(t, err)
+		assert.EqualValues(t, 10, u.ID)
+	})
+
 	t.Run("authenticate", func(t *testing.T) {
 		const prefixBearer = "Bearer "
 		assert.False(t, authenticate(ctx, repo1, "", true, false))
diff --git a/tests/integration/attachment_test.go b/tests/integration/attachment_test.go
index 4e29407c2a..06c1bb82ca 100644
--- a/tests/integration/attachment_test.go
+++ b/tests/integration/attachment_test.go
@@ -13,9 +13,13 @@ import (
 	"strings"
 	"testing"
 
+	auth_model "forgejo.org/models/auth"
 	repo_model "forgejo.org/models/repo"
+	unit_model "forgejo.org/models/unit"
+	"forgejo.org/models/unittest"
 	"forgejo.org/modules/storage"
 	"forgejo.org/modules/test"
+	repo_service "forgejo.org/services/repository"
 	"forgejo.org/tests"
 
 	"github.com/stretchr/testify/assert"
@@ -131,3 +135,226 @@ func TestGetAttachment(t *testing.T) {
 		})
 	}
 }
+
+// Access under `/attachments/{uuid}` and `/{user}/{repo}/attachments/{uuid}` is permitted for API tokens.  Those API
+// tokens then need to have the read:issue or read:repository and the correct resource scopes to permit access, though.
+func TestGetAttachmentViaAPITokens(t *testing.T) {
+	defer unittest.OverrideFixtures("tests/integration/fixtures/TestGetAttachmentViaAPITokens")()
+	defer tests.PrepareTestEnv(t)()
+
+	// Create attachment data for an attachment added by this test's fixture.
+	_, err := storage.Attachments.Save(repo_model.AttachmentRelativePath("d962b49e-e32a-4b72-922d-33b551b629e2"), strings.NewReader("hello universe"), -1)
+	require.NoError(t, err)
+
+	// Enable Issues unit on repo 16, one of our test targets.
+	repo_service.UpdateRepositoryUnits(t.Context(),
+		unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 16}),
+		[]repo_model.RepoUnit{{
+			RepoID: 16,
+			Type:   unit_model.TypeIssues,
+		}}, nil)
+
+	t.Run("attachments", func(t *testing.T) {
+		t.Run("no read:issue scope", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, "user2")
+			allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadMisc)
+
+			t.Run("denied public repo1", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11").AddTokenAuth(allToken)
+				MakeRequest(t, req, http.StatusForbidden)
+			})
+			t.Run("denied private repo2", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12").AddTokenAuth(allToken)
+				MakeRequest(t, req, http.StatusForbidden)
+			})
+			// repo16 is a second repo used in fine-grain testing below, so we include it in other tests as a baseline
+			t.Run("denied private repo16", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/d962b49e-e32a-4b72-922d-33b551b629e2").AddTokenAuth(allToken)
+				MakeRequest(t, req, http.StatusForbidden)
+			})
+		})
+
+		t.Run("all access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, "user2")
+			allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue)
+
+			t.Run("allowed public repo1", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11").AddTokenAuth(allToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello world", resp.Body.String())
+			})
+			t.Run("allowed private repo2", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12").AddTokenAuth(allToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello world", resp.Body.String())
+			})
+			// repo16 is a second repo used in fine-grain testing below, so we include it in other tests as a baseline
+			t.Run("allowed private repo16", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/d962b49e-e32a-4b72-922d-33b551b629e2").AddTokenAuth(allToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello universe", resp.Body.String())
+			})
+		})
+
+		t.Run("public-only access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			session := loginUser(t, "user2")
+			publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadIssue)
+
+			t.Run("allowed public repo1", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11").AddTokenAuth(publicOnlyToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello world", resp.Body.String())
+			})
+			t.Run("denied private repo2", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12").AddTokenAuth(publicOnlyToken)
+				MakeRequest(t, req, http.StatusNotFound)
+			})
+			t.Run("denied private repo16", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/d962b49e-e32a-4b72-922d-33b551b629e2").AddTokenAuth(publicOnlyToken)
+				MakeRequest(t, req, http.StatusNotFound)
+			})
+		})
+
+		t.Run("specific repo access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+				[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadIssue},
+				[]int64{2},
+			)
+
+			t.Run("allowed public repo1", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11").AddTokenAuth(repo2OnlyToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello world", resp.Body.String())
+			})
+			t.Run("allowed inside fine-grain repo2", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12").AddTokenAuth(repo2OnlyToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello world", resp.Body.String())
+			})
+			t.Run("denied private outside fine-grain repo16", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/attachments/d962b49e-e32a-4b72-922d-33b551b629e2").AddTokenAuth(repo2OnlyToken)
+				MakeRequest(t, req, http.StatusNotFound)
+			})
+		})
+	})
+
+	t.Run("user-repo-attachments", func(t *testing.T) {
+		t.Run("no read:issue scope", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, "user2")
+			allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadMisc)
+
+			t.Run("denied public repo1", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo1/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11").AddTokenAuth(allToken)
+				MakeRequest(t, req, http.StatusForbidden)
+			})
+			t.Run("denied private repo2", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo2/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12").AddTokenAuth(allToken)
+				MakeRequest(t, req, http.StatusForbidden)
+			})
+			// repo16 is a second repo used in fine-grain testing below, so we include it in other tests as a baseline
+			t.Run("denied private repo16", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo16/attachments/d962b49e-e32a-4b72-922d-33b551b629e2").AddTokenAuth(allToken)
+				MakeRequest(t, req, http.StatusForbidden)
+			})
+		})
+
+		t.Run("all access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+
+			session := loginUser(t, "user2")
+			allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue)
+
+			t.Run("allowed public repo1", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo1/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11").AddTokenAuth(allToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello world", resp.Body.String())
+			})
+			t.Run("allowed private repo2", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo2/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12").AddTokenAuth(allToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello world", resp.Body.String())
+			})
+			// repo16 is a second repo used in fine-grain testing below, so we include it in other tests as a baseline
+			t.Run("allowed private repo16", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo16/attachments/d962b49e-e32a-4b72-922d-33b551b629e2").AddTokenAuth(allToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello universe", resp.Body.String())
+			})
+		})
+
+		t.Run("public-only access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			session := loginUser(t, "user2")
+			publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadIssue)
+
+			t.Run("allowed public repo1", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo1/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11").AddTokenAuth(publicOnlyToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello world", resp.Body.String())
+			})
+			t.Run("denied private repo2", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo2/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12").AddTokenAuth(publicOnlyToken)
+				MakeRequest(t, req, http.StatusNotFound)
+			})
+			t.Run("denied private repo16", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo16/attachments/d962b49e-e32a-4b72-922d-33b551b629e2").AddTokenAuth(publicOnlyToken)
+				MakeRequest(t, req, http.StatusNotFound)
+			})
+		})
+
+		t.Run("specific repo access token", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+				[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadIssue},
+				[]int64{2},
+			)
+
+			t.Run("allowed public repo1", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo1/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a11").AddTokenAuth(repo2OnlyToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello world", resp.Body.String())
+			})
+			t.Run("allowed inside fine-grain repo2", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo2/attachments/a0eebc99-9c0b-4ef8-bb6d-6bb9bd380a12").AddTokenAuth(repo2OnlyToken)
+				resp := MakeRequest(t, req, http.StatusOK)
+				assert.Equal(t, "hello world", resp.Body.String())
+			})
+			t.Run("denied private outside fine-grain repo16", func(t *testing.T) {
+				defer tests.PrintCurrentTest(t)()
+				req := NewRequest(t, "GET", "/user2/repo16/attachments/d962b49e-e32a-4b72-922d-33b551b629e2").AddTokenAuth(repo2OnlyToken)
+				MakeRequest(t, req, http.StatusNotFound)
+			})
+		})
+	})
+}
diff --git a/tests/integration/download_test.go b/tests/integration/download_test.go
index d5e68402c5..70acc7f16f 100644
--- a/tests/integration/download_test.go
+++ b/tests/integration/download_test.go
@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"testing"
 
+	auth_model "forgejo.org/models/auth"
 	"forgejo.org/modules/setting"
 	"forgejo.org/tests"
 
@@ -15,7 +16,6 @@ import (
 
 func TestDownloadByID(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
-
 	session := loginUser(t, "user2")
 
 	// Request raw blob
@@ -91,3 +91,110 @@ func TestDownloadRawTextFileWithMimeTypeMapping(t *testing.T) {
 	delete(setting.MimeTypeMap.Map, ".xml")
 	setting.MimeTypeMap.Enabled = false
 }
+
+// Access under `/raw` is permitted for API tokens.  Those API tokens then need to have the read:repository and the
+// correct resource scopes to permit access, though.  The below series of tests covers the middleware combinations on
+// the entire `/user/repo/raw/*` URL tree as they use a common middleware implementation.
+func TestDownloadAccessViaAPITokens(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	t.Run("no read:repository scope", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		session := loginUser(t, "user2")
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadMisc)
+
+		t.Run("denied public repo1", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo1/raw/blob/4b4851ad51df6a7d9f25c979345979eaeb5b349f").AddTokenAuth(allToken)
+			MakeRequest(t, req, http.StatusForbidden)
+		})
+		t.Run("denied private repo2", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo2/raw/blob/1032bbf17fbc0d9c95bb5418dabe8f8c99278700").AddTokenAuth(allToken)
+			MakeRequest(t, req, http.StatusForbidden)
+		})
+		// repo16 is a second repo used in fine-grain testing below, so we include it in other tests as a baseline
+		t.Run("denied private repo16", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo16/raw/blob/69554a64c1e6030f051e5c3f94bfbd773cd6a324").AddTokenAuth(allToken)
+			MakeRequest(t, req, http.StatusForbidden)
+		})
+	})
+
+	t.Run("all access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+
+		session := loginUser(t, "user2")
+		allToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository)
+
+		t.Run("allowed public repo1", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo1/raw/blob/4b4851ad51df6a7d9f25c979345979eaeb5b349f").AddTokenAuth(allToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			assert.Equal(t, "# repo1\n\nDescription for repo1", resp.Body.String())
+		})
+		t.Run("allowed private repo2", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo2/raw/blob/1032bbf17fbc0d9c95bb5418dabe8f8c99278700").AddTokenAuth(allToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			assert.Equal(t, "tree ba1aed4e2ea2443d76cec241b96be4ec990852ec\nparent 205ac761f3326a7ebe416e8673760016450b5cec\nauthor Jimmy Praet <jimmy.praet@telenet.be> 1624996449 +0200\ncommitter Jimmy Praet <jimmy.praet@telenet.be> 1624996449 +0200\n\nAdd test.xml\n", resp.Body.String())
+		})
+		// repo16 is a second repo used in fine-grain testing below, so we include it in other tests as a baseline
+		t.Run("allowed private repo16", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo16/raw/blob/69554a64c1e6030f051e5c3f94bfbd773cd6a324").AddTokenAuth(allToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			assert.Equal(t, "tree 24f83a471f77579fea57bac7255d6e64e70fce1c\nparent 27566bd5738fc8b4e3fef3c5e72cce608537bd95\nauthor User2 <user2@example.com> 1502042309 +0200\ncommitter User2 <user2@example.com> 1502042309 +0200\n\nnot signed commit\n", resp.Body.String())
+		})
+	})
+
+	t.Run("public-only access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		session := loginUser(t, "user2")
+		publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadRepository)
+
+		t.Run("allowed public repo1", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo1/raw/blob/4b4851ad51df6a7d9f25c979345979eaeb5b349f").AddTokenAuth(publicOnlyToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			assert.Equal(t, "# repo1\n\nDescription for repo1", resp.Body.String())
+		})
+		t.Run("denied private repo2", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo2/raw/blob/1032bbf17fbc0d9c95bb5418dabe8f8c99278700").AddTokenAuth(publicOnlyToken)
+			MakeRequest(t, req, http.StatusNotFound)
+		})
+		t.Run("denied private repo16", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo16/raw/blob/69554a64c1e6030f051e5c3f94bfbd773cd6a324").AddTokenAuth(publicOnlyToken)
+			MakeRequest(t, req, http.StatusNotFound)
+		})
+	})
+
+	t.Run("specific repo access token", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		repo2OnlyToken := createFineGrainedRepoAccessToken(t, "user2",
+			[]auth_model.AccessTokenScope{auth_model.AccessTokenScopeReadRepository},
+			[]int64{2},
+		)
+
+		t.Run("allowed public repo1", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo1/raw/blob/4b4851ad51df6a7d9f25c979345979eaeb5b349f").AddTokenAuth(repo2OnlyToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			assert.Equal(t, "# repo1\n\nDescription for repo1", resp.Body.String())
+		})
+		t.Run("allowed inside fine-grain repo2", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo2/raw/blob/1032bbf17fbc0d9c95bb5418dabe8f8c99278700").AddTokenAuth(repo2OnlyToken)
+			resp := MakeRequest(t, req, http.StatusOK)
+			assert.Equal(t, "tree ba1aed4e2ea2443d76cec241b96be4ec990852ec\nparent 205ac761f3326a7ebe416e8673760016450b5cec\nauthor Jimmy Praet <jimmy.praet@telenet.be> 1624996449 +0200\ncommitter Jimmy Praet <jimmy.praet@telenet.be> 1624996449 +0200\n\nAdd test.xml\n", resp.Body.String())
+		})
+		t.Run("denied private outside fine-grain repo16", func(t *testing.T) {
+			defer tests.PrintCurrentTest(t)()
+			req := NewRequest(t, "GET", "/user2/repo16/raw/blob/69554a64c1e6030f051e5c3f94bfbd773cd6a324").AddTokenAuth(repo2OnlyToken)
+			MakeRequest(t, req, http.StatusNotFound)
+		})
+	})
+}
diff --git a/tests/integration/fixtures/TestGetAttachmentViaAPITokens/attachment.yml b/tests/integration/fixtures/TestGetAttachmentViaAPITokens/attachment.yml
new file mode 100644
index 0000000000..334b33cefa
--- /dev/null
+++ b/tests/integration/fixtures/TestGetAttachmentViaAPITokens/attachment.yml
@@ -0,0 +1,12 @@
+-
+  id: 50
+  uuid: d962b49e-e32a-4b72-922d-33b551b629e2
+  repo_id: 16
+  issue_id: 50
+  release_id: 0
+  uploader_id: 0
+  comment_id: 0
+  name: attach1
+  download_count: 0
+  size: 0
+  created_unix: 946684800
diff --git a/tests/integration/fixtures/TestGetAttachmentViaAPITokens/issue.yml b/tests/integration/fixtures/TestGetAttachmentViaAPITokens/issue.yml
new file mode 100644
index 0000000000..7a876ef5b2
--- /dev/null
+++ b/tests/integration/fixtures/TestGetAttachmentViaAPITokens/issue.yml
@@ -0,0 +1,16 @@
+-
+  id: 50
+  repo_id: 16
+  index: 1
+  poster_id: 1
+  original_author_id: 0
+  name: issue1
+  content: content for the first issue
+  milestone_id: 0
+  priority: 0
+  is_closed: false
+  is_pull: false
+  num_comments: 3
+  created_unix: 946684800
+  updated_unix: 978307200
+  is_locked: false
diff --git a/tests/integration/oauth_test.go b/tests/integration/oauth_test.go
index 3f14324cf7..d87d725dbd 100644
--- a/tests/integration/oauth_test.go
+++ b/tests/integration/oauth_test.go
@@ -194,12 +194,45 @@ func TestAccessTokenExchange(t *testing.T) {
 	assert.Greater(t, len(parsed.RefreshToken), 10)
 }
 
+func TestAccessTokenExchangeRedirectURIMismatch(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	// The auth code fixture has redirect_uri="a", but we send a different
+	// URI that is registered with the app ("https://example.com/xyzzy").
+	// Per RFC 6749 §4.1.3, this must be rejected.
+	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+		"grant_type":    "authorization_code",
+		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
+		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+		"redirect_uri":  "https://example.com/xyzzy",
+		"code":          "authcode",
+		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
+	})
+	resp := MakeRequest(t, req, http.StatusBadRequest)
+
+	var parsedError auth.AccessTokenErrorResponse
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
+	assert.Equal(t, "unauthorized_client", string(parsedError.ErrorCode))
+	assert.Equal(t, "redirect_uri does not match the authorization request", parsedError.ErrorDescription)
+
+	// Using the correct redirect_uri ("a") should succeed
+	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+		"grant_type":    "authorization_code",
+		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
+		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+		"redirect_uri":  "a",
+		"code":          "authcode",
+		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
+	})
+	MakeRequest(t, req, http.StatusOK)
+}
+
 func TestAccessTokenExchangeWithPublicClient(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
 		"grant_type":    "authorization_code",
 		"client_id":     "ce5a1322-42a7-11ed-b878-0242ac120002",
-		"redirect_uri":  "http://127.0.0.1",
+		"redirect_uri":  "http://127.0.0.1/",
 		"code":          "authcodepublic",
 		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
 	})
@@ -497,6 +530,56 @@ func TestRefreshTokenInvalidation(t *testing.T) {
 	assert.Equal(t, "token was already used", parsedError.ErrorDescription)
 }
 
+func TestRefreshTokenCrossClientUsage(t *testing.T) {
+	defer tests.PrepareTestEnv(t)()
+
+	// Step 1: Obtain a refresh token via app 1 (confidential client)
+	req := NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+		"grant_type":    "authorization_code",
+		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
+		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+		"redirect_uri":  "a",
+		"code":          "authcode",
+		"code_verifier": "N1Zo9-8Rfwhkt68r1r29ty8YwIraXR8eh_1Qwxg7yQXsonBt",
+	})
+	resp := MakeRequest(t, req, http.StatusOK)
+
+	type tokenResponse struct {
+		AccessToken  string `json:"access_token"`
+		TokenType    string `json:"token_type"`
+		ExpiresIn    int64  `json:"expires_in"`
+		RefreshToken string `json:"refresh_token"`
+	}
+	parsed := new(tokenResponse)
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), parsed))
+	assert.NotEmpty(t, parsed.RefreshToken)
+
+	// Step 2: Try to use the refresh token with app 2 (different client): must fail
+	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+		"grant_type":    "refresh_token",
+		"client_id":     "ce5a1322-42a7-11ed-b878-0242ac120002",
+		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+		"redirect_uri":  "b",
+		"refresh_token": parsed.RefreshToken,
+	})
+	resp = MakeRequest(t, req, http.StatusBadRequest)
+
+	var parsedError auth.AccessTokenErrorResponse
+	require.NoError(t, json.Unmarshal(resp.Body.Bytes(), &parsedError))
+	assert.Equal(t, "invalid_grant", string(parsedError.ErrorCode))
+	assert.Equal(t, "refresh token was not issued to this client", parsedError.ErrorDescription)
+
+	// Step 3: Using the refresh token with the correct app 1 should still work
+	req = NewRequestWithValues(t, "POST", "/login/oauth/access_token", map[string]string{
+		"grant_type":    "refresh_token",
+		"client_id":     "da7da3ba-9a13-4167-856f-3899de0b0138",
+		"client_secret": "4MK8Na6R55smdCY0WuCCumZ6hjRPnGY5saWVRHHjJiA=",
+		"redirect_uri":  "a",
+		"refresh_token": parsed.RefreshToken,
+	})
+	MakeRequest(t, req, http.StatusOK)
+}
+
 func TestSignInOAuthCallbackSignIn(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
diff --git a/tests/integration/wiki_test.go b/tests/integration/wiki_test.go
index 47986177d7..1fd9378852 100644
--- a/tests/integration/wiki_test.go
+++ b/tests/integration/wiki_test.go
@@ -4,19 +4,29 @@
 package integration
 
 import (
+	"encoding/base64"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
+	"time"
 
+	auth_model "forgejo.org/models/auth"
+	unit_model "forgejo.org/models/unit"
+	"forgejo.org/models/unittest"
+	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
+	"forgejo.org/modules/optional"
+	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/util"
 	"forgejo.org/tests"
 
 	"github.com/PuerkitoBio/goquery"
+	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -24,7 +34,16 @@ import (
 func assertFileExist(t *testing.T, p string) {
 	exist, err := util.IsExist(p)
 	require.NoError(t, err)
-	assert.True(t, exist)
+	if !assert.True(t, exist) {
+		dir := filepath.Dir(p)
+		t.Logf("Listing files that were present in dir path %s", dir)
+		entries, err := os.ReadDir(dir)
+		require.NoError(t, err)
+		for _, e := range entries {
+			t.Logf("file in path %s -> %s", dir, e.Name())
+		}
+		t.Logf("End of %d entries in directory %s", len(entries), dir)
+	}
 }
 
 func assertFileEqual(t *testing.T, p string, content []byte) {
@@ -33,24 +52,162 @@ func assertFileEqual(t *testing.T, p string, content []byte) {
 	assert.Equal(t, content, bs)
 }
 
-func TestRepoCloneWiki(t *testing.T) {
-	onApplicationRun(t, func(t *testing.T, u *url.URL) {
-		dstPath := t.TempDir()
+type (
+	RepoWikiMethod    string
+	RepoWikiAuth      string
+	RepoWikiTarget    string
+	RepoWikiOperation string
+)
 
-		r := fmt.Sprintf("%suser2/repo1.wiki.git", u.String())
-		u, _ = url.Parse(r)
-		u.User = url.UserPassword("user2", userPassword)
-		t.Run("Clone", func(t *testing.T) {
-			require.NoError(t, git.CloneWithArgs(t.Context(), git.AllowLFSFiltersArgs(), u.String(), dstPath, git.CloneRepoOptions{}))
-			assertFileEqual(t, filepath.Join(dstPath, "Home.md"), []byte("# Home page\n\nThis is the home page!\n"))
-			assertFileExist(t, filepath.Join(dstPath, "Page-With-Image.md"))
-			assertFileExist(t, filepath.Join(dstPath, "Page-With-Spaced-Name.md"))
-			assertFileExist(t, filepath.Join(dstPath, "images"))
-			assertFileExist(t, filepath.Join(dstPath, "jpeg.jpg"))
-		})
+const (
+	RepoWikiSSH  RepoWikiMethod = "SSH"
+	RepoWikiHTTP RepoWikiMethod = "HTTP"
+
+	RepoWikiAnonymous                 RepoWikiAuth = "Anonymous"
+	RepoWikiAuthenticated             RepoWikiAuth = "Authenticated"
+	RepoWikiAuthenticatedNonOwnerUser RepoWikiAuth = "Authenticated-NonOwner"
+
+	RepoWikiPublic  RepoWikiTarget = "Public"
+	RepoWikiPrivate RepoWikiTarget = "Private"
+
+	RepoWikiRead  RepoWikiOperation = "Read"
+	RepoWikiWrite RepoWikiOperation = "Write"
+)
+
+func TestRepoWikiGitOperation(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		for _, method := range []RepoWikiMethod{RepoWikiSSH, RepoWikiHTTP} {
+			for _, auth := range []RepoWikiAuth{RepoWikiAnonymous, RepoWikiAuthenticated, RepoWikiAuthenticatedNonOwnerUser} {
+				for _, target := range []RepoWikiTarget{RepoWikiPublic, RepoWikiPrivate} {
+					for _, operation := range []RepoWikiOperation{RepoWikiRead, RepoWikiWrite} {
+						t.Run(fmt.Sprintf("%s/%s/%s/%s", method, auth, target, operation), func(t *testing.T) {
+							defer tests.PrintCurrentTest(t)()
+							doRepoWikiGitOperation(t, u, method, auth, target, operation)
+						})
+					}
+				}
+			}
+		}
 	})
 }
 
+func doRepoWikiGitOperation(t *testing.T, serverURL *url.URL, method RepoWikiMethod, auth RepoWikiAuth, target RepoWikiTarget, operation RepoWikiOperation) {
+	repo := "repo1"
+	if target == RepoWikiPrivate {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		privateRepo, _, reset := tests.CreateDeclarativeRepoWithOptions(t, user2, tests.DeclarativeRepoOptions{
+			IsPrivate:    optional.Some(true),
+			EnabledUnits: optional.Some([]unit_model.Type{unit_model.TypeWiki}),
+		})
+		defer reset()
+
+		session := loginUser(t, user2.LoginName)
+		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
+		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/wiki/new", user2.LoginName, privateRepo.Name)
+		req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateWikiPageOptions{
+			Title:         "Page With Image",
+			ContentBase64: base64.StdEncoding.EncodeToString([]byte("# Page With Image\n\n![Gitea Logo](./raw/jpeg.jpg)\n")),
+			Message:       "",
+		}).AddTokenAuth(token)
+		MakeRequest(t, req, http.StatusCreated)
+
+		repo = privateRepo.Name
+	}
+
+	dstPath := t.TempDir()
+	r := fmt.Sprintf("%suser2/%s.wiki.git", serverURL.String(), repo)
+	testURL, err := url.Parse(r)
+	require.NoError(t, err)
+
+	if method == RepoWikiHTTP {
+		switch auth {
+		case RepoWikiAnonymous:
+			// no-op
+		case RepoWikiAuthenticated:
+			testURL.User = url.UserPassword("user2", userPassword)
+		case RepoWikiAuthenticatedNonOwnerUser:
+			testURL.User = url.UserPassword("user20", userPassword)
+		default:
+			t.Fatalf("unexpected auth = %s", auth)
+		}
+
+		doRepoWikiGitOperationInner(t, testURL, dstPath, auth, target, operation)
+	} else if method == RepoWikiSSH {
+		var user string
+		switch auth {
+		case RepoWikiAnonymous:
+			t.Skip() // anonymous ssh is not supported
+		case RepoWikiAuthenticated:
+			user = "user2" // owner of the repo
+		case RepoWikiAuthenticatedNonOwnerUser:
+			user = "user20" // not the owner of the repo, not a collaborator
+		default:
+			t.Fatalf("unexpected auth = %s", auth)
+		}
+
+		keyname := "my-testing-key"
+		withKeyFile(t, keyname, func(keyFile string) {
+			baseAPITestContext := NewAPITestContext(t, user, repo, auth_model.AccessTokenScopeWriteUser)
+			t.Run("CreateUserKey", doAPICreateUserKey(baseAPITestContext, fmt.Sprintf("test-key-%s", uuid.New().String()), keyFile, func(t *testing.T, pk api.PublicKey) {}))
+
+			baseAPITestContext.Username = "user2" // target repo owner to compose URLs
+			baseAPITestContext.Reponame = fmt.Sprintf("%s.wiki", repo)
+			testURL = createSSHUrl(baseAPITestContext.GitPath(), testURL)
+
+			doRepoWikiGitOperationInner(t, testURL, dstPath, auth, target, operation)
+		})
+	} else {
+		t.Fatalf("unexpected method = %s", method)
+	}
+}
+
+func doRepoWikiGitOperationInner(t *testing.T, gitURL *url.URL, dstPath string, auth RepoWikiAuth, target RepoWikiTarget, operation RepoWikiOperation) {
+	err := git.CloneWithArgs(t.Context(), git.AllowLFSFiltersArgs(), gitURL.String(), dstPath, git.CloneRepoOptions{})
+	if target == RepoWikiPrivate && (auth == RepoWikiAnonymous || auth == RepoWikiAuthenticatedNonOwnerUser) {
+		require.Error(t, err, "clone must fail; auth %s shouldn't be able to access private repo")
+		return // no other test conditions to satisfy if the clone failed
+	}
+	require.NoError(t, err, "clone must succeed; auth %s should be able to access a public repo")
+
+	assertFileExist(t, filepath.Join(dstPath, "Page-With-Image.md"))
+	assertFileEqual(t, filepath.Join(dstPath, "Page-With-Image.md"), []byte("# Page With Image\n\n![Gitea Logo](./raw/jpeg.jpg)\n"))
+
+	if operation == RepoWikiWrite {
+		f, err := os.OpenFile(filepath.Join(dstPath, "Home.md"), os.O_WRONLY|os.O_TRUNC|os.O_CREATE, 0o644)
+		defer f.Close()
+		require.NoError(t, err)
+		_, err = io.WriteString(f, fmt.Sprintf("# Home Page Edited!\n%s", uuid.New().String()))
+		require.NoError(t, err)
+		err = f.Close()
+		require.NoError(t, err)
+
+		err = git.AddChanges(dstPath, true)
+		require.NoError(t, err)
+		err = git.CommitChanges(dstPath, git.CommitChangesOptions{Message: "Changes made!"})
+		require.NoError(t, err)
+
+		// don't use git.Push() because it doesn't support credential helper, and 'origin' would have had its URL saved
+		// with the creds stripped in dstPath so we need the credential helper to be configured.
+		cmd := git.NewCommand(t.Context())
+		if gitURL.Scheme == "http" {
+			_, credCleanup, err := cmd.AddAuthCredentialHelperForRemote(gitURL.String())
+			require.NoError(t, err)
+			defer credCleanup()
+		}
+		cmd.AddArguments("push", "origin")
+
+		stdout, stderr, err := cmd.RunStdString(&git.RunOpts{
+			Dir:     dstPath,
+			Timeout: 2 * time.Second,
+		})
+		if auth == RepoWikiAuthenticated {
+			require.NoError(t, err, "stdout = %q, stderr = %q", stdout, stderr)
+		} else {
+			require.Error(t, err, "push must fail as authentication mode %s doesn't allow write, but succeeded.  stdout = %q, stderr = %q", auth, stdout, stderr)
+		}
+	}
+}
+
 func Test_RepoWikiPages(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 

From 9d37ac68ee71f0d17f25adc099357834a18090a7 Mon Sep 17 00:00:00 2001
From: Nirmal Kumar R <tildezero@gmail.com>
Date: Tue, 12 May 2026 05:05:16 +0200
Subject: [PATCH 849/854] fix(e2e): Missing await on page.goto in org-members
 tests (#12525)

These tests are failing in the Last Two Days in the latest test report.

Error:
```
61 |
      62 |   // A modal dialog appears
    > 63 |   await expect(page.locator('#add-member-modal')).toBeVisible();
         |                                                   ^
      64 |
      65 |   // Fill in the name of the user to add
      66 |   await page.locator('#search-user-box input').fill('user5');
        at /workspace/forgejo/forgejo/tests/e2e/org-members.test.e2e.ts:63:51
```

The `page.goto` in the tests are unawaited, which leads to the page not
fully loaded to proceed with the next lines to check for visibility.

The fix is to add `await` on `page.goto()` in all the missing places in
this test file - `org-members.test.e2e.ts`.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12525
Reviewed-by: Otto <otto@codeberg.org>
---
 tests/e2e/org-members.test.e2e.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tests/e2e/org-members.test.e2e.ts b/tests/e2e/org-members.test.e2e.ts
index 69f2f31f8a..c8833991bb 100644
--- a/tests/e2e/org-members.test.e2e.ts
+++ b/tests/e2e/org-members.test.e2e.ts
@@ -12,7 +12,7 @@ import {test} from './utils_e2e.ts';
 test.use({user: 'user2'});
 
 test('Toggle visibility', async ({page}) => {
-  page.goto('/org/org3/members');
+  await page.goto('/org/org3/members');
 
   // Button "Make hidden" for user2's row
   const hideUser2 = page.locator('.link-action[data-url="/org/org3/members/action/private?uid=2"]');
@@ -34,7 +34,7 @@ test('Toggle visibility', async ({page}) => {
 });
 
 test('Leave org', async ({page}) => {
-  page.goto('/org/org3/members');
+  await page.goto('/org/org3/members');
 
   // Button "Leave" for user2's row
   const leaveButton = page.locator('.delete-button[data-url="/org/org3/members/action/leave"]');
@@ -53,7 +53,7 @@ test('Leave org', async ({page}) => {
 });
 
 test('Add and remove a new member to the org', async ({page}) => {
-  page.goto('/org/org3/members');
+  await page.goto('/org/org3/members');
 
   // Click the "Add member" button
   const newMemberButton = page.locator('#add-org-member-button');

From a6e141f805ce138074b8fa64cc92c9d0402f95e5 Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Tue, 12 May 2026 09:08:47 +0200
Subject: [PATCH 850/854] chore(release-notes): Forgejo v11.0.14 [skip ci]
 (#12535)

https://codeberg.org/forgejo/forgejo/milestone/84476
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12535
Reviewed-by: Beowulf <beowulf@beocode.eu>
---
 release-notes-published/11.0.14.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 release-notes-published/11.0.14.md

diff --git a/release-notes-published/11.0.14.md b/release-notes-published/11.0.14.md
new file mode 100644
index 0000000000..1c7bf69e3f
--- /dev/null
+++ b/release-notes-published/11.0.14.md
@@ -0,0 +1,17 @@
+
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12495): <!--number 12495 --><!--line 0 --><!--description LSBmaXg6IHByZXZlbnQgZ2l0IHdyaXRlIHRvIHdpa2kgcmVwbyBmcm9tIHVuYXV0aG9yaXplZCB1c2VyIHZpYSBnaXQgSFRUUA==-->fix: prevent git write to wiki repo from unauthorized user via git HTTP<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12495): <!--number 12495 --><!--line 1 --><!--description LSBmaXg6IHByZXZlbnQgTEZTIGF1dGhvcml6YXRpb24gdG9rZW4gZnJvbSBiZWluZyB1c2VkIGZvciByZWFkL3dyaXRlIGFjY2VzcyBhZnRlciB1c2VyJ3MgYWNjZXNzIGlzIHJlc3RyaWN0ZWQgZnJvbSBGb3JnZWpv-->fix: prevent LFS authorization token from being used for read/write access after user's access is restricted from Forgejo<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12495): <!--number 12495 --><!--line 2 --><!--description LSBmaXg6IHByZXZlbnQgc2NvcGVkIEFQSSBhY2Nlc3MgKE9BdXRoIHRva2VucywgQWNjZXNzIHRva2VucykgZnJvbSBhY2Nlc3NpbmcgcmVzb3VyY2VzIGJleW9uZCB0aGVpciBwZXJtaXR0ZWQgc2NvcGUgdmlhIG5vbi1BUEkgZW5kcG9pbnRzIChlLmcuIC91c2VyL3JlcG8vcmF3Ly4uLik=-->fix: prevent scoped API access (OAuth tokens, Access tokens) from accessing resources beyond their permitted scope via non-API endpoints (e.g. /user/repo/raw/...)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12495): <!--number 12495 --><!--line 3 --><!--description LSBmaXg6IGltcGxlbWVudGluZyBtaXNzaW5nIE9BdXRoIHZhbGlkYXRpb24gY2hlY2tzLCBpbXByb3ZlIHByb3RlY3Rpb25zIGFnYWluc3QgcmFjZSBjb25kaXRpb25z-->fix: implementing missing OAuth validation checks, improve protections against race conditions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12495): <!--number 12495 --><!--line 4 --><!--description LSBmaXg6IHByZXZlbnQgT0F1dGggcmVkaXJlY3QgVVJJIHNwb29maW5nIHZpYSBub24tYXNjaWkgY2FzZSBjb2xsaXNpb24=-->fix: prevent OAuth redirect URI spoofing via non-ascii case collision<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12495): <!--number 12495 --><!--line 5 --><!--description LSBmaXg6IHN0cmVuZ3RoZW4gQWN0aW9ucyBBcnRpZmFjdCBWNCBzaWduYXR1cmUgYWxnb3JpdGhtIGFnYWluc3Qgc3Bvb2ZpbmcgYXR0YWNrcw==-->fix: strengthen Actions Artifact V4 signature algorithm against spoofing attacks<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12527): <!--number 12527 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMTUuMCBbU0VDVVJJVFldICh2MTEuMC9mb3JnZWpvKQ==-->Update dependency mermaid to v11.15.0 [SECURITY] (v11.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12463): <!--number 12463 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjUzLjAgW1NFQ1VSSVRZXSAodjExLjAvZm9yZ2Vqbyk=-->Update module golang.org/x/net to v0.53.0 [SECURITY] (v11.0/forgejo)<!--description-->
+<!--end release-notes-assistant-->

From 0e577ed6c97cb5648adb43402abcc7dd52a2feed Mon Sep 17 00:00:00 2001
From: forgejo-release-manager <contact-forgejo-release-manager@forgejo.org>
Date: Tue, 12 May 2026 09:10:46 +0200
Subject: [PATCH 851/854] chore(release-notes): Forgejo v15.0.2 (#12536)

https://codeberg.org/forgejo/forgejo/milestone/84479
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12536
Reviewed-by: Beowulf <beowulf@beocode.eu>
---
 release-notes-published/15.0.2.md | 33 +++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 release-notes-published/15.0.2.md

diff --git a/release-notes-published/15.0.2.md b/release-notes-published/15.0.2.md
new file mode 100644
index 0000000000..c5c8c14648
--- /dev/null
+++ b/release-notes-published/15.0.2.md
@@ -0,0 +1,33 @@
+
+
+<!--start release-notes-assistant-->
+
+## Release notes
+<!--URL:https://codeberg.org/forgejo/forgejo-->
+- Security bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12494): <!--number 12494 --><!--line 0 --><!--description LSBmaXg6IHByZXZlbnQgZ2l0IHdyaXRlIHRvIHdpa2kgcmVwbyBmcm9tIHVuYXV0aG9yaXplZCB1c2VyIHZpYSBnaXQgSFRUUA==-->fix: prevent git write to wiki repo from unauthorized user via git HTTP<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12494): <!--number 12494 --><!--line 1 --><!--description LSBmaXg6IHByZXZlbnQgTEZTIGF1dGhvcml6YXRpb24gdG9rZW4gZnJvbSBiZWluZyB1c2VkIGZvciByZWFkL3dyaXRlIGFjY2VzcyBhZnRlciB1c2VyJ3MgYWNjZXNzIGlzIHJlc3RyaWN0ZWQgZnJvbSBGb3JnZWpv-->fix: prevent LFS authorization token from being used for read/write access after user's access is restricted from Forgejo<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12494): <!--number 12494 --><!--line 2 --><!--description LSBmaXg6IHByZXZlbnQgc2NvcGVkIEFQSSBhY2Nlc3MgKE9BdXRoIHRva2VucywgQWNjZXNzIHRva2VucykgZnJvbSBhY2Nlc3NpbmcgcmVzb3VyY2VzIGJleW9uZCB0aGVpciBwZXJtaXR0ZWQgc2NvcGUgdmlhIG5vbi1BUEkgZW5kcG9pbnRzIChlLmcuIC91c2VyL3JlcG8vcmF3Ly4uLik=-->fix: prevent scoped API access (OAuth tokens, Access tokens) from accessing resources beyond their permitted scope via non-API endpoints (e.g. /user/repo/raw/...)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12494): <!--number 12494 --><!--line 3 --><!--description LSBmaXg6IGltcGxlbWVudGluZyBtaXNzaW5nIE9BdXRoIHZhbGlkYXRpb24gY2hlY2tzLCBpbXByb3ZlIHByb3RlY3Rpb25zIGFnYWluc3QgcmFjZSBjb25kaXRpb25z-->fix: implementing missing OAuth validation checks, improve protections against race conditions<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12494): <!--number 12494 --><!--line 4 --><!--description LSBmaXg6IHByZXZlbnQgT0F1dGggcmVkaXJlY3QgVVJJIHNwb29maW5nIHZpYSBub24tYXNjaWkgY2FzZSBjb2xsaXNpb24=-->fix: prevent OAuth redirect URI spoofing via non-ascii case collision<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12494): <!--number 12494 --><!--line 5 --><!--description LSBmaXg6IHN0cmVuZ3RoZW4gQWN0aW9ucyBBcnRpZmFjdCBWNCBzaWduYXR1cmUgYWxnb3JpdGhtIGFnYWluc3Qgc3Bvb2ZpbmcgYXR0YWNrcw==-->fix: strengthen Actions Artifact V4 signature algorithm against spoofing attacks<!--description-->
+- User Interface bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12366) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12492)): <!--number 12492 --><!--line 0 --><!--description V2hlbiB0aGUgYXV0aG9yIG9mIGEgcHVsbCByZXF1ZXN0IGlzIFtkZW5pZWQgdGhlIHJpZ2h0IHRvIHJ1biBBY3Rpb25zXShodHRwczovL2Zvcmdlam8ub3JnL2RvY3MvbmV4dC91c2VyL2FjdGlvbnMvc2VjdXJpdHktcHVsbC1yZXF1ZXN0LykgYnkgY2xpY2tpbmcgb24gdGhlICJEZW55IiBidXR0b24gb24gdGhlIHB1bGwgcmVxdWVzdCB0cnVzdCBtYW5hZ2VtZW50IHBhbmVsLCB0aGUgd29ya2Zsb3cgcnVucyBjcmVhdGVkIGZvciBhbGwgY29tbWl0cyBwdXNoZWQgdG8gdGhlIHB1bGwgcmVxdWVzdCBhcmUgY2FuY2VsbGVkLiBCZWZvcmUgdGhhdCwgcnVucyB0aGF0IHdlcmUgYXV0b21hdGljYWxseSBjYW5jZWxsZWQgYmVjYXVzZSBhIG5ld2VyIGNvbW1pdCB3YXMgcHVzaGVkIHRvIHRoZSBwdWxsIHJlcXVlc3QgW3dlcmUgc3R1Y2sgaW4gYSBzdGF0ZSB3YWl0aW5nIGZvciBhcHByb3ZhbF0oaHR0cHM6Ly9jb2RlYmVyZy5vcmcvZm9yZ2Vqby9mb3JnZWpvL2lzc3Vlcy8xMjM1MCku-->When the author of a pull request is [denied the right to run Actions](https://forgejo.org/docs/next/user/actions/security-pull-request/) by clicking on the "Deny" button on the pull request trust management panel, the workflow runs created for all commits pushed to the pull request are cancelled. Before that, runs that were automatically cancelled because a newer commit was pushed to the pull request [were stuck in a state waiting for approval](https://codeberg.org/forgejo/forgejo/issues/12350).<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12447) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12461)): <!--number 12461 --><!--line 0 --><!--description Zml4OiBwYWdpbmF0ZSB0ZWFtIG1lbWJlcnMgbGlzdA==-->fix: paginate team members list<!--description-->
+- Bug fixes
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12302) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12470)): <!--number 12470 --><!--line 0 --><!--description V2hlbiBhIHJldmlldyB3YXMgY3JlYXRlZCBhcyBwZW5kaW5nIGFuZCB0aGVuIHN1Ym1pdHRlZCwgdGhlIHJldmlldyByZXF1ZXN0IHdhc24ndCBkZWxldGVkLiBUaGVzZSByZXZpZXcgcmVxdWVzdHMgY291bGRuJ3QgYmUgcmVtb3ZlZCwgYXMgdGhlIG5vdyBleGlzdGluZyByZXZpZXcgc2hhZG93ZWQgdGhlIHJldmlldyByZXF1ZXN0LiBOb3csIHJldmlldyByZXF1ZXN0cyBnZXQgZGVsZXRlZCB3aGVuIGEgcGVuZGluZyByZXZpZXcgZnJvbSB0aGF0IHJldmlld2VyIGdldHMgc3VibWl0dGVkLCBhbmQgYnJva2VuIHJldmlldyByZXF1ZXN0cyBpbiBhbHJlYWR5IGV4aXN0aW5nIGRhdGEgY2FuIGJlIG5vcm1hbGx5IHJlbW92ZWQgdmlhIHRoZSBVSS4=-->When a review was created as pending and then submitted, the review request wasn't deleted. These review requests couldn't be removed, as the now existing review shadowed the review request. Now, review requests get deleted when a pending review from that reviewer gets submitted, and broken review requests in already existing data can be normally removed via the UI.<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12446) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12452)): <!--number 12452 --><!--line 0 --><!--description Zml4OiBtYWtlIHBhY2thZ2UgY2xlYW51cCB3b3JrIGFnYWlu-->fix: make package cleanup work again<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12370) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12422)): <!--number 12422 --><!--line 0 --><!--description Zml4OiBjbGVhbnVwIGRhdGEgYmVmb3JlIG1pZ3JhdGlvbiByZXRyeQ==-->fix: cleanup data before migration retry<!--description-->
+- Included for completeness but not user-facing (chores, etc.)
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12382) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12533)): <!--number 12533 --><!--line 0 --><!--description Zml4KGFjdGl2aXR5cHViKTogb25seSByZXR1cm4gcHVibGljIGFjdGl2aXRpZXMgb24gcmVxdWVzdCAoIzEyMzgyKQ==-->fix(activitypub): only return public activities on request (#12382)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12531): <!--number 12531 --><!--line 0 --><!--description VXBkYXRlIGRlcGVuZGVuY3kgbWVybWFpZCB0byB2MTEuMTUuMCBbU0VDVVJJVFldICh2MTUuMC9mb3JnZWpvKQ==-->Update dependency mermaid to v11.15.0 [SECURITY] (v15.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12503): <!--number 12503 --><!--line 0 --><!--description Y2hvcmU6IFBHUCBzaWduIC53ZWxsLWtub3duL3NlY3VyaXR5LnR4dCBbc2tpcCBjaV0=-->chore: PGP sign .well-known/security.txt [skip ci]<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12465): <!--number 12465 --><!--line 0 --><!--description VXBkYXRlIG1vZHVsZSBnb2xhbmcub3JnL3gvbmV0IHRvIHYwLjUzLjAgW1NFQ1VSSVRZXSAodjE1LjAvZm9yZ2Vqbyk=-->Update module golang.org/x/net to v0.53.0 [SECURITY] (v15.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12433) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12467)): <!--number 12467 --><!--line 0 --><!--description W3BhZ3VyZV0gZW5zdXJlIG1vdmluZyBhbGwgY29tbWl0cyBpbiBhIHB1bGwgcmVxdWVzdA==-->[pagure] ensure moving all commits in a pull request<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12231) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12468)): <!--number 12468 --><!--line 0 --><!--description cmVmYWN0b3I6IGNsYXJpZnkgZm91ciBkaWZmZXJlbnQgb3V0cHV0cyB0aGF0IGF1dGhlbnRpY2F0aW9uIG1ldGhvZHMgcHJvdmlkZQ==-->refactor: clarify four different outputs that authentication methods provide<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12202) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12462)): <!--number 12462 --><!--line 0 --><!--description cmVmYWN0b3I6IGNoYW5nZSBhdXRoZW50aWNhdGlvbiB0byByZXR1cm4gc3RydWN0dXJlZCBkYXRh-->refactor: change authentication to return structured data<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12456): <!--number 12456 --><!--line 0 --><!--description VXBkYXRlIGdvIHRvb2xjaGFpbiBkaXJlY3RpdmUgdG8gdjEuMjYuMyAodjE1LjAvZm9yZ2Vqbyk=-->Update go toolchain directive to v1.26.3 (v15.0/forgejo)<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12351) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12395)): <!--number 12395 --><!--line 0 --><!--description Zml4OiBnZXQgdGFnIG11c3QgcmV0dXJuIHRoZSB0YWcgc2lnbmF0dXJlIGluc3RlYWQgb2YgY29tbWl0IHNpZ25hdHVyZQ==-->fix: get tag must return the tag signature instead of commit signature<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12357) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12362)): <!--number 12362 --><!--line 0 --><!--description Zml4OiBzZXQgYHJlcG9faWRgIGZvciBtaWdyYXRlZCBhdHRhY2htZW50-->fix: set `repo_id` for migrated attachment<!--description-->
+  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12291) ([backported](https://codeberg.org/forgejo/forgejo/pulls/12354)): <!--number 12354 --><!--line 0 --><!--description Zml4KG9hdXRoKTogb25seSBhY2NlcHQgcmVmcmVzaCB0b2tlbnMgYXMgcmVmcmVzaCB0b2tlbnM=-->fix(oauth): only accept refresh tokens as refresh tokens<!--description-->
+<!--end release-notes-assistant-->

From 88ba1741190dd638abd3fd75fb95373e483ab695 Mon Sep 17 00:00:00 2001
From: oliverpool <git@olivier.pfad.fr>
Date: Tue, 12 May 2026 20:57:02 +0200
Subject: [PATCH 852/854] tests: better factory with forgery package (#11356)

### Context

Following the feedback in forgejo/discussions#170 (and my ambitious attempt in forgejo/forgejo#10985), it appears that having an easy-to-use factory package would greatly help get rid of the global fixtures.

I think that the global fixtures are quite harmful (recent example: https://codeberg.org/forgejo/forgejo/pulls/9906#issuecomment-10826066):
- hard to write (contributor must know where to add them)
- hard to change (may break some unrelated tests)
- hard to review (not located near the test code)
- they require the tests to execute sequentially

### Proposed way forward

The `forgery` package (the name represents faking/crafting and sounds good with Forgejo) is meant to replace global yaml fixtures with local go factories. The forgery can currently:
- create users
- create repos
- create organisations

This allowed me to drop `CreateDeclarativeRepoWithOptions` (and deprecate `CreateDeclarativeRepo`).

I think that further changes should be delayed to other PRs (I have a local branch to create `Project`)

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [x] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11356
Reviewed-by: limiting-factor <limiting-factor@noreply.codeberg.org>
---
 tests/e2e/debugserver_test.go                 |   2 +-
 tests/e2e/declare_repos_test.go               | 238 +++++++++---------
 tests/e2e/e2e_test.go                         |   2 +-
 tests/forgery/fs.go                           | 112 +++++++++
 tests/forgery/repo.go                         | 138 ++++++++++
 tests/forgery/user.go                         |  66 +++++
 tests/integration/actions_trigger_test.go     |  17 +-
 ...ivitypub_person_inbox_useractivity_test.go |   5 +-
 tests/integration/api_issue_test.go           |  52 ++--
 tests/integration/api_org_variables_test.go   |  29 ++-
 tests/integration/api_private_serv_test.go    |   5 +-
 tests/integration/api_push_mirror_test.go     |   9 +-
 tests/integration/api_quota_use_test.go       |  21 +-
 tests/integration/api_repo_activities_test.go |  12 +-
 tests/integration/api_wiki_test.go            |  15 +-
 tests/integration/compare_test.go             |  22 +-
 tests/integration/issue_test.go               |  25 +-
 tests/integration/migrate_test.go             |  10 +-
 tests/integration/mirror_pull_test.go         |  30 +--
 tests/integration/mirror_push_test.go         |  40 +--
 tests/integration/patch_status_test.go        |  24 +-
 tests/integration/pull_review_test.go         |  22 +-
 tests/integration/quota_use_test.go           |  29 +--
 tests/integration/repo_generate_test.go       | 111 +++-----
 tests/integration/repo_test.go                |  20 +-
 tests/integration/wiki_test.go                |   9 +-
 tests/test_utils.go                           | 224 +++++------------
 27 files changed, 680 insertions(+), 609 deletions(-)
 create mode 100644 tests/forgery/fs.go
 create mode 100644 tests/forgery/repo.go
 create mode 100644 tests/forgery/user.go

diff --git a/tests/e2e/debugserver_test.go b/tests/e2e/debugserver_test.go
index 8742790b14..e60fd44955 100644
--- a/tests/e2e/debugserver_test.go
+++ b/tests/e2e/debugserver_test.go
@@ -25,7 +25,7 @@ func TestDebugserver(t *testing.T) {
 	signal.Notify(done, syscall.SIGINT, syscall.SIGTERM)
 
 	onForgejoRun(t, func(*testing.T, *url.URL) {
-		defer DeclareGitRepos(t)()
+		DeclareGitRepos(t)
 		fmt.Println(setting.AppURL)
 		<-done
 	})
diff --git a/tests/e2e/declare_repos_test.go b/tests/e2e/declare_repos_test.go
index e72f260299..ce1e04bb4e 100644
--- a/tests/e2e/declare_repos_test.go
+++ b/tests/e2e/declare_repos_test.go
@@ -19,12 +19,11 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/indexer/stats"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/timeutil"
 	issue_service "forgejo.org/services/issue"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/services/wiki"
-	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -44,7 +43,7 @@ type SetupRepo func(*user_model.User, *repo_model.Repository)
 
 // put your Git repo declarations in here
 // feel free to amend the helper function below or use the raw variant directly
-func DeclareGitRepos(t *testing.T) func() {
+func DeclareGitRepos(t *testing.T) {
 	now := timeutil.TimeStampNow()
 	postIssue := func(repo *repo_model.Repository, user *user_model.User, age int64, title, content string) {
 		issue := &issues_model.Issue{
@@ -57,45 +56,45 @@ func DeclareGitRepos(t *testing.T) func() {
 		require.NoError(t, issue_service.NewIssue(db.DefaultContext, repo, issue, nil, nil, nil))
 	}
 
-	cleanupFunctions := []func(){
-		newRepo(t, 2, "diff-test", nil, []FileChanges{{
-			Filename: "testfile",
-			Versions: []string{"hello", "hallo", "hola", "native", "ubuntu-latest", "- runs-on: ubuntu-latest", "- runs-on: debian-latest"},
-		}}, nil),
-		newRepo(t, 2, "language-stats-test", nil, []FileChanges{{
-			Filename: "main.rs",
-			Versions: []string{"fn main() {", "println!(\"Hello World!\");", "}"},
-		}}, nil),
-		newRepo(t, 2, "mentions-highlighted", nil, []FileChanges{
-			{
-				Filename:  "history1.md",
-				Versions:  []string{""},
-				CommitMsg: "A commit message which mentions @user2 in the title\nand has some additional text which mentions @user1",
-			},
-			{
-				Filename:  "history2.md",
-				Versions:  []string{""},
-				CommitMsg: "Another commit which mentions @user1 in the title\nand @user2 in the text",
-			},
-		}, nil),
-		newRepo(t, 2, "file-uploads", nil, []FileChanges{{
-			Filename: "UPLOAD_TEST.md",
-			Versions: []string{"# File upload test\nUse this repo to test various file upload features in new branches."},
-		}}, nil),
-		newRepo(t, 2, "unicode-escaping", &tests.DeclarativeRepoOptions{
-			EnabledUnits: optional.Some([]unit_model.Type{unit_model.TypeCode, unit_model.TypeWiki}),
-		}, []FileChanges{{
-			Filename: "a-file",
-			Versions: []string{"{a}{а}"},
-		}}, func(user *user_model.User, repo *repo_model.Repository) {
-			wiki.InitWiki(db.DefaultContext, repo)
-			wiki.AddWikiPage(db.DefaultContext, user, repo, "Home", "{a}{а}", "{a}{а}")
-			wiki.AddWikiPage(db.DefaultContext, user, repo, "_Sidebar", "{a}{а}", "{a}{а}")
-			wiki.AddWikiPage(db.DefaultContext, user, repo, "_Footer", "{a}{а}", "{a}{а}")
-		}),
-		newRepo(t, 2, "multiple-combo-boxes", nil, []FileChanges{{
-			Filename: ".forgejo/issue_template/multi-combo-boxes.yaml",
-			Versions: []string{`
+	newRepo(t, 2, "diff-test", nil, []FileChanges{{
+		Filename: "testfile",
+		Versions: []string{"hello", "hallo", "hola", "native", "ubuntu-latest", "- runs-on: ubuntu-latest", "- runs-on: debian-latest"},
+	}}, nil)
+	newRepo(t, 2, "language-stats-test", nil, []FileChanges{{
+		Filename: "main.rs",
+		Versions: []string{"fn main() {", "println!(\"Hello World!\");", "}"},
+	}}, nil)
+	newRepo(t, 2, "mentions-highlighted", nil, []FileChanges{
+		{
+			Filename:  "history1.md",
+			Versions:  []string{""},
+			CommitMsg: "A commit message which mentions @user2 in the title\nand has some additional text which mentions @user1",
+		},
+		{
+			Filename:  "history2.md",
+			Versions:  []string{""},
+			CommitMsg: "Another commit which mentions @user1 in the title\nand @user2 in the text",
+		},
+	}, nil)
+	newRepo(t, 2, "file-uploads", nil, []FileChanges{{
+		Filename: "UPLOAD_TEST.md",
+		Versions: []string{"# File upload test\nUse this repo to test various file upload features in new branches."},
+	}}, nil)
+	newRepo(t, 2, "unicode-escaping", map[unit_model.Type]convert.Conversion{
+		unit_model.TypeCode: nil,
+		unit_model.TypeWiki: nil,
+	}, []FileChanges{{
+		Filename: "a-file",
+		Versions: []string{"{a}{а}"},
+	}}, func(user *user_model.User, repo *repo_model.Repository) {
+		wiki.InitWiki(db.DefaultContext, repo)
+		wiki.AddWikiPage(db.DefaultContext, user, repo, "Home", "{a}{а}", "{a}{а}")
+		wiki.AddWikiPage(db.DefaultContext, user, repo, "_Sidebar", "{a}{а}", "{a}{а}")
+		wiki.AddWikiPage(db.DefaultContext, user, repo, "_Footer", "{a}{а}", "{a}{а}")
+	})
+	newRepo(t, 2, "multiple-combo-boxes", nil, []FileChanges{{
+		Filename: ".forgejo/issue_template/multi-combo-boxes.yaml",
+		Versions: []string{`
 name: "Multiple combo-boxes"
 description: "To show something"
 body:
@@ -108,79 +107,70 @@ body:
   attributes:
     label: two
 `},
-		}}, nil),
-		newRepo(t, 11, "dependency-test", &tests.DeclarativeRepoOptions{
-			UnitConfig: optional.Some(map[unit_model.Type]convert.Conversion{
-				unit_model.TypeIssues: &repo_model.IssuesConfig{
-					EnableDependencies: true,
-				},
-			}),
-		}, []FileChanges{}, func(user *user_model.User, repo *repo_model.Repository) {
-			postIssue(repo, user, 500, "first issue here", "an issue created earlier")
-			postIssue(repo, user, 400, "second issue here", "not the right issue, but in the right repo")
-			postIssue(repo, user, 300, "third issue here", "depends on things")
-			postIssue(repo, user, 200, "unrelated issue", "shrug emoji")
-			postIssue(repo, user, 100, "newest issue", "very new")
-		}),
-		newRepo(t, 11, "dependency-test-2", &tests.DeclarativeRepoOptions{
-			UnitConfig: optional.Some(map[unit_model.Type]convert.Conversion{
-				unit_model.TypeIssues: &repo_model.IssuesConfig{
-					EnableDependencies: true,
-				},
-			}),
-		}, []FileChanges{}, func(user *user_model.User, repo *repo_model.Repository) {
-			postIssue(repo, user, 450, "right issue", "an issue containing word right")
-			postIssue(repo, user, 150, "left issue", "an issue containing word left")
-		}),
-		newRepo(t, 2, "long-diff-test", nil, []FileChanges{{
-			Filename: "test-README.md",
-			Versions: []string{
-				readStringFile(t, "tests/e2e/declarative-repo/long-diff-test/0-README.md"),
-			},
-		}}, func(user *user_model.User, repo *repo_model.Repository) {
-			commit1Sha := addCommitToBranch(t, user, repo, "main", "test-branch", "test-README.md", "",
-				readStringFile(t, "tests/e2e/declarative-repo/long-diff-test/1-README.md"))
-			commit2Sha := addCommitToBranch(t, user, repo, "test-branch", "test-branch", "test-README.md", commit1Sha,
-				readStringFile(t, "tests/e2e/declarative-repo/long-diff-test/2-README.md"))
-			addCommitToBranch(t, user, repo, "test-branch", "test-branch", "test-README.md", commit2Sha,
-				readStringFile(t, "tests/e2e/declarative-repo/long-diff-test/3-README.md"))
-		}),
-		newRepo(t, 2, "huge-diff-test", nil, []FileChanges{{
-			Filename: "glossary.po",
-			Versions: []string{
-				func() string {
-					var sb strings.Builder
-					sb.Write([]byte("0"))
-					for i := 1; i < 2000; i++ {
-						sb.WriteString(strconv.Itoa(i))
-						sb.WriteByte('\n')
+	}}, nil)
+	newRepo(t, 11, "dependency-test", map[unit_model.Type]convert.Conversion{
+		unit_model.TypeIssues: &repo_model.IssuesConfig{
+			EnableDependencies: true,
+		},
+		unit_model.TypeCode: nil,
+	}, []FileChanges{}, func(user *user_model.User, repo *repo_model.Repository) {
+		postIssue(repo, user, 500, "first issue here", "an issue created earlier")
+		postIssue(repo, user, 400, "second issue here", "not the right issue, but in the right repo")
+		postIssue(repo, user, 300, "third issue here", "depends on things")
+		postIssue(repo, user, 200, "unrelated issue", "shrug emoji")
+		postIssue(repo, user, 100, "newest issue", "very new")
+	})
+	newRepo(t, 11, "dependency-test-2", map[unit_model.Type]convert.Conversion{
+		unit_model.TypeIssues: &repo_model.IssuesConfig{
+			EnableDependencies: true,
+		},
+		unit_model.TypeCode: nil,
+	}, []FileChanges{}, func(user *user_model.User, repo *repo_model.Repository) {
+		postIssue(repo, user, 450, "right issue", "an issue containing word right")
+		postIssue(repo, user, 150, "left issue", "an issue containing word left")
+	})
+	newRepo(t, 2, "long-diff-test", nil, []FileChanges{{
+		Filename: "test-README.md",
+		Versions: []string{
+			readStringFile(t, "tests/e2e/declarative-repo/long-diff-test/0-README.md"),
+		},
+	}}, func(user *user_model.User, repo *repo_model.Repository) {
+		commit1Sha := addCommitToBranch(t, user, repo, "main", "test-branch", "test-README.md", "",
+			readStringFile(t, "tests/e2e/declarative-repo/long-diff-test/1-README.md"))
+		commit2Sha := addCommitToBranch(t, user, repo, "test-branch", "test-branch", "test-README.md", commit1Sha,
+			readStringFile(t, "tests/e2e/declarative-repo/long-diff-test/2-README.md"))
+		addCommitToBranch(t, user, repo, "test-branch", "test-branch", "test-README.md", commit2Sha,
+			readStringFile(t, "tests/e2e/declarative-repo/long-diff-test/3-README.md"))
+	})
+	newRepo(t, 2, "huge-diff-test", nil, []FileChanges{{
+		Filename: "glossary.po",
+		Versions: []string{
+			func() string {
+				var sb strings.Builder
+				sb.Write([]byte("0"))
+				for i := 1; i < 2000; i++ {
+					sb.WriteString(strconv.Itoa(i))
+					sb.WriteByte('\n')
+				}
+				return sb.String()
+			}(),
+		},
+	}}, func(user *user_model.User, repo *repo_model.Repository) {
+		addCommitToBranch(t, user, repo, "main", "main-2", "glossary.po", "",
+			func() string {
+				var sb strings.Builder
+				sb.Write([]byte("0"))
+				for i := 1; i < 2000; i++ {
+					sb.WriteString(strconv.Itoa(i))
+					if i%12 == 0 {
+						sb.WriteString("Blub")
 					}
-					return sb.String()
-				}(),
-			},
-		}}, func(user *user_model.User, repo *repo_model.Repository) {
-			addCommitToBranch(t, user, repo, "main", "main-2", "glossary.po", "",
-				func() string {
-					var sb strings.Builder
-					sb.Write([]byte("0"))
-					for i := 1; i < 2000; i++ {
-						sb.WriteString(strconv.Itoa(i))
-						if i%12 == 0 {
-							sb.WriteString("Blub")
-						}
-						sb.WriteByte('\n')
-					}
-					return sb.String()
-				}())
-		}),
-		// add your repo declarations here
-	}
-
-	return func() {
-		for _, cleanup := range cleanupFunctions {
-			cleanup()
-		}
-	}
+					sb.WriteByte('\n')
+				}
+				return sb.String()
+			}())
+	})
+	// add your repo declarations here
 }
 
 func readStringFile(t *testing.T, fn string) string {
@@ -189,18 +179,20 @@ func readStringFile(t *testing.T, fn string) string {
 	return string(c)
 }
 
-func newRepo(t *testing.T, userID int64, repoName string, initOpts *tests.DeclarativeRepoOptions, fileChanges []FileChanges, setup SetupRepo) func() {
+func newRepo(t *testing.T, userID int64, repoName string, enabledUnits map[unit_model.Type]convert.Conversion, fileChanges []FileChanges, setup SetupRepo) {
 	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userID})
 
-	opts := tests.DeclarativeRepoOptions{}
-	if initOpts != nil {
-		opts = *initOpts
+	somerepo := forgery.CreateRepository(t, user, &forgery.CreateRepositoryOptions{
+		Name:  repoName,
+		Files: forgery.FilesInit{},
+	})
+	if len(enabledUnits) == 0 {
+		forgery.EnableRepoUnit(t, somerepo, unit_model.TypeCode, nil)
+		forgery.EnableRepoUnit(t, somerepo, unit_model.TypeIssues, nil)
 	}
-	opts.Name = optional.Some(repoName)
-	if !opts.EnabledUnits.Has() {
-		opts.EnabledUnits = optional.Some([]unit_model.Type{unit_model.TypeCode, unit_model.TypeIssues})
+	for unit, config := range enabledUnits {
+		forgery.EnableRepoUnit(t, somerepo, unit, config)
 	}
-	somerepo, _, cleanupFunc := tests.CreateDeclarativeRepoWithOptions(t, user, opts)
 
 	var lastCommitID string
 	for _, file := range fileChanges {
@@ -252,8 +244,6 @@ func newRepo(t *testing.T, userID int64, repoName string, initOpts *tests.Declar
 
 	err := stats.UpdateRepoIndexer(somerepo)
 	require.NoError(t, err)
-
-	return cleanupFunc
 }
 
 func addCommitToBranch(t *testing.T, user *user_model.User, repo *repo_model.Repository, oldBranch, newBranch, filename, lastSha, content string) string {
diff --git a/tests/e2e/e2e_test.go b/tests/e2e/e2e_test.go
index 9168cb8b51..5ce6029f07 100644
--- a/tests/e2e/e2e_test.go
+++ b/tests/e2e/e2e_test.go
@@ -120,7 +120,7 @@ func TestE2e(t *testing.T) {
 
 			// Default 2 minute timeout
 			onForgejoRun(t, func(*testing.T, *url.URL) {
-				defer DeclareGitRepos(t)()
+				DeclareGitRepos(t)
 				thisTest := runArgs
 				// when all tests are run, use unique artifacts directories per test to preserve artifacts from other tests
 				if testVisual {
diff --git a/tests/forgery/fs.go b/tests/forgery/fs.go
new file mode 100644
index 0000000000..f41b193702
--- /dev/null
+++ b/tests/forgery/fs.go
@@ -0,0 +1,112 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgery
+
+import (
+	"fmt"
+	"io"
+	"io/fs"
+	"strings"
+	"testing/fstest"
+	"time"
+
+	repo_model "forgejo.org/models/repo"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
+	files_service "forgejo.org/services/repository/files"
+)
+
+type MapFS = fstest.MapFS
+
+// when a file has one of this mode, it needs specific git handling
+// other non-zero modes are rejected
+const (
+	modeSubmodule = fs.ModeNamedPipe // hacky, but
+	modeSymlink   = fs.ModeSymlink
+)
+
+func MapFile(data string) *fstest.MapFile {
+	return &fstest.MapFile{
+		Data: []byte(data),
+	}
+}
+
+func MapSymlink(target string) *fstest.MapFile {
+	return &fstest.MapFile{
+		Data: []byte(target),
+		Mode: modeSymlink,
+	}
+}
+
+func MapSubmodule(sha string) *fstest.MapFile {
+	return &fstest.MapFile{
+		Data: []byte(sha),
+		Mode: modeSubmodule,
+	}
+}
+
+func initRepo(doer *user_model.User, repo *repo_model.Repository, format git.ObjectFormat, fsys fs.FS, commitMessage string) (string, error) {
+	t, err := files_service.NewTemporaryUploadRepository(git.DefaultContext, repo)
+	if err != nil {
+		return "", err
+	}
+	defer t.Close()
+	if err := t.Init(format.Name()); err != nil {
+		return "", err
+	}
+
+	if err := fs.WalkDir(fsys, ".", func(path string, d fs.DirEntry, err error) error {
+		if err != nil || d.IsDir() {
+			return err
+		}
+
+		var content io.Reader
+		mode := git.EntryModeBlob
+		switch d.Type() {
+		case modeSymlink:
+			target, err := fs.ReadLink(fsys, path)
+			if err != nil {
+				return err
+			}
+			content = strings.NewReader(target)
+			mode = git.EntryModeSymlink
+		case modeSubmodule:
+			mode = git.EntryModeCommit
+			fallthrough
+		case 0:
+			f, err := fsys.Open(path)
+			if err != nil {
+				return err
+			}
+			defer f.Close()
+
+			content = f
+		default:
+			return fmt.Errorf("unexpected file type in forgery.CreateRepository %s: %s", path, d.Type())
+		}
+
+		// add object to the database
+		objectHash, err := t.HashObject(content)
+		if err != nil {
+			return err
+		}
+		// Add the object to the index
+		return t.AddObjectToIndex(mode.String(), objectHash, path)
+	}); err != nil {
+		return "", err
+	}
+
+	treeHash, err := t.WriteTree()
+	if err != nil {
+		return "", err
+	}
+
+	now := time.Now()
+	commitHash, err := t.CommitTreeWithDate("", doer, doer, treeHash, commitMessage, false, now, now)
+	if err != nil {
+		return "", err
+	}
+
+	return commitHash, t.Push(doer, commitHash, repo.DefaultBranch)
+}
diff --git a/tests/forgery/repo.go b/tests/forgery/repo.go
new file mode 100644
index 0000000000..bfa0a51681
--- /dev/null
+++ b/tests/forgery/repo.go
@@ -0,0 +1,138 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgery
+
+import (
+	"cmp"
+	"io/fs"
+	"testing"
+
+	repo_model "forgejo.org/models/repo"
+	unit_model "forgejo.org/models/unit"
+	user_model "forgejo.org/models/user"
+	"forgejo.org/modules/git"
+	repo_service "forgejo.org/services/repository"
+	wiki_service "forgejo.org/services/wiki"
+
+	"github.com/stretchr/testify/require"
+	"xorm.io/xorm/convert"
+)
+
+type CreateRepositoryOptions struct {
+	Name string // if nil a unique name (derived from the test name) will be generated
+
+	// Content of the initial commit, if nil the git repo will be left uninitialized.
+	// Use [MapFS] or [FilesInit] to setup the initial files.
+	Files fs.FS
+
+	ObjectFormat git.ObjectFormat // If nil, SHA1
+	IsTemplate   bool
+	IsPrivate    bool
+
+	LatestSha   *string // if not nil, the commit sha after initializing the repo with the Files will be written to this ref
+	SkipCleanup bool    // if true the repo will not be deleted at the end of the test (can be useful to debug locally)
+}
+
+// FilesInit specifies the templates to use upon repository initialization.
+type FilesInit struct {
+	Readme     string
+	Gitignores string
+	License    string
+}
+
+func (FilesInit) Open(name string) (fs.File, error) {
+	panic("FilesInit is only a sentinel value")
+}
+
+// CreateRepository returns the repo, owner and opts can be nil
+func CreateRepository(t testing.TB, owner *user_model.User, opts *CreateRepositoryOptions) *repo_model.Repository {
+	t.Helper()
+
+	if owner == nil {
+		owner = CreateUser(t, nil) // if specific options are needed, create the owner manually
+	}
+	if opts == nil {
+		opts = &CreateRepositoryOptions{}
+	}
+
+	repoName := opts.Name
+	if repoName == "" {
+		repoName = "repo-" + uniqueSafeName(t.Name())
+	}
+
+	gitFormat := cmp.Or(opts.ObjectFormat, git.Sha1ObjectFormat)
+
+	// Create the repository
+	createOptions := repo_service.CreateRepoOptions{
+		Name:             repoName,
+		Description:      "Test Repo",
+		DefaultBranch:    "main",
+		IsTemplate:       opts.IsTemplate,
+		ObjectFormatName: gitFormat.Name(),
+		IsPrivate:        opts.IsPrivate,
+	}
+	if fi, ok := opts.Files.(FilesInit); ok {
+		createOptions.AutoInit = true
+		createOptions.Readme = cmp.Or(fi.Readme, "Default")
+		createOptions.Gitignores = fi.Gitignores
+		createOptions.License = fi.License
+	}
+	repo, err := repo_service.CreateRepositoryDirectly(t.Context(), owner, owner, createOptions)
+	require.NoError(t, err)
+	if !opts.SkipCleanup {
+		t.Cleanup(func() {
+			_ = repo_service.DeleteRepository(t.Context(), owner, repo, false)
+		})
+	}
+	require.NotEmpty(t, repo)
+
+	if !createOptions.AutoInit && opts.Files != nil {
+		sha, err := initRepo(owner, repo, gitFormat, opts.Files, "init")
+		require.NoError(t, err)
+		if opts.LatestSha != nil {
+			*opts.LatestSha = sha
+		}
+
+		// reload the repo since pushing a commit might update the model via the push_update queue (IsEmpty for instance)
+		repo, err = repo_model.GetRepositoryByID(t.Context(), repo.ID)
+		require.NoError(t, err)
+	}
+	repo.Owner = owner
+
+	return repo
+}
+
+func InitWiki(t testing.TB, repo *repo_model.Repository, branch string) {
+	// Set the wiki branch in the database first
+	repo.WikiBranch = branch
+	err := repo_model.UpdateRepositoryCols(t.Context(), repo, "wiki_branch")
+	require.NoError(t, err)
+
+	// Initialize the wiki
+	err = wiki_service.InitWiki(t.Context(), repo)
+	require.NoError(t, err)
+
+	// Add a new wiki page
+	err = wiki_service.AddWikiPage(t.Context(), repo.Owner, repo, "Home", "Welcome to the wiki!", "Add a Home page")
+	require.NoError(t, err)
+}
+
+// config may be nil
+func EnableRepoUnit(t testing.TB, repo *repo_model.Repository, unit unit_model.Type, config convert.Conversion) {
+	t.Helper()
+
+	err := repo_service.UpdateRepositoryUnits(t.Context(), repo, []repo_model.RepoUnit{{
+		RepoID: repo.ID,
+		Type:   unit,
+		Config: config,
+	}}, nil)
+	require.NoError(t, err)
+}
+
+func DisableRepoUnits(t testing.TB, repo *repo_model.Repository, units ...unit_model.Type) {
+	t.Helper()
+
+	err := repo_service.UpdateRepositoryUnits(t.Context(), repo, nil, units)
+	require.NoError(t, err)
+}
diff --git a/tests/forgery/user.go b/tests/forgery/user.go
new file mode 100644
index 0000000000..1175297497
--- /dev/null
+++ b/tests/forgery/user.go
@@ -0,0 +1,66 @@
+// Copyright 2026 The Forgejo Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package forgery
+
+import (
+	"math/rand/v2"
+	"regexp"
+	"strconv"
+	"testing"
+
+	org_model "forgejo.org/models/organization"
+	user_model "forgejo.org/models/user"
+
+	"github.com/stretchr/testify/require"
+)
+
+var nameCleaner = regexp.MustCompile(`[^a-zA-Z0-9-]+`) // exclude "_", to prevent multiple consecutive dashes
+
+// uniqueSafeName replaces specials chars with _ and appends a random hex suffix
+func uniqueSafeName(testName string) string {
+	return nameCleaner.ReplaceAllLiteralString(testName, "_") + "-" + strconv.FormatUint(uint64(rand.Uint32()), 16)
+}
+
+type CreateUserOptions struct {
+	IsAdmin bool
+}
+
+const userPassword = "password"
+
+func CreateUser(t testing.TB, opts *CreateUserOptions) *user_model.User {
+	t.Helper()
+
+	if opts == nil {
+		opts = &CreateUserOptions{}
+	}
+	u := &user_model.User{}
+
+	name := "user-" + uniqueSafeName(t.Name())
+
+	u.Name = name
+	u.Email = name + "@test.forgejo.org"
+	u.Passwd = userPassword
+	u.IsAdmin = opts.IsAdmin
+
+	err := user_model.CreateUser(t.Context(), u)
+	require.NoError(t, err)
+	return u
+}
+
+func CreateOrganisation(t testing.TB, owner *user_model.User) *org_model.Organization {
+	t.Helper()
+
+	if owner == nil {
+		owner = CreateUser(t, nil) // if specific options are needed, create the owner manually
+	}
+	o := &org_model.Organization{}
+
+	name := "org-" + uniqueSafeName(t.Name())
+
+	o.Name = name
+
+	err := org_model.CreateOrganization(t.Context(), o, owner)
+	require.NoError(t, err)
+	return o
+}
diff --git a/tests/integration/actions_trigger_test.go b/tests/integration/actions_trigger_test.go
index 914acadf14..f5898682ce 100644
--- a/tests/integration/actions_trigger_test.go
+++ b/tests/integration/actions_trigger_test.go
@@ -36,6 +36,7 @@ import (
 	repo_service "forgejo.org/services/repository"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -1212,17 +1213,13 @@ jobs:
 				user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
 				// create the repo
-				repo, sha, f := tests.CreateDeclarativeRepo(t, user2, "repo-workflow-dispatch",
-					[]unit_model.Type{unit_model.TypeActions}, nil,
-					[]*files_service.ChangeRepoFile{
-						{
-							Operation:     "create",
-							TreePath:      fmt.Sprintf("%s/%s", testCase.workflowDirectory, testCase.workflowID),
-							ContentReader: strings.NewReader(testCase.workflowContent),
-						},
+				var sha string
+				repo := forgery.CreateRepository(t, user2, &forgery.CreateRepositoryOptions{
+					Files: forgery.MapFS{
+						fmt.Sprintf("%s/%s", testCase.workflowDirectory, testCase.workflowID): forgery.MapFile(testCase.workflowContent),
 					},
-				)
-				defer f()
+					LatestSha: &sha,
+				})
 
 				schedules, err := db.Find[actions_model.ActionSchedule](t.Context(), actions_model.FindScheduleOptions{RepoID: repo.ID})
 				require.NoError(t, err)
diff --git a/tests/integration/api_activitypub_person_inbox_useractivity_test.go b/tests/integration/api_activitypub_person_inbox_useractivity_test.go
index 025bba024a..458627127d 100644
--- a/tests/integration/api_activitypub_person_inbox_useractivity_test.go
+++ b/tests/integration/api_activitypub_person_inbox_useractivity_test.go
@@ -21,7 +21,7 @@ import (
 	"forgejo.org/routers"
 	"forgejo.org/services/contexttest"
 	"forgejo.org/services/federation"
-	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	ap "github.com/go-ap/activitypub"
 	"github.com/stretchr/testify/assert"
@@ -122,8 +122,7 @@ func TestActivityPubPersonInboxNoteToDistant(t *testing.T) {
 		localSession2 := loginUser(t, localUser2.LoginName)
 		localSecssion2Token := getTokenForLoggedInUser(t, localSession2, auth_model.AccessTokenScopeWriteIssue)
 
-		repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, localUser2, tests.DeclarativeRepoOptions{})
-		defer f()
+		repo := forgery.CreateRepository(t, localUser2, nil)
 
 		// follow (distant follows local)
 		followActivity := fmt.Appendf(nil,
diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go
index 7f601fa303..512ebf56e4 100644
--- a/tests/integration/api_issue_test.go
+++ b/tests/integration/api_issue_test.go
@@ -20,15 +20,14 @@ import (
 	"forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"xorm.io/xorm/convert"
 )
 
 func TestAPIListIssues(t *testing.T) {
@@ -752,35 +751,28 @@ func TestAPISearchIssuesAccessTokenResources(t *testing.T) {
 func TestAPIInternalAndExternalIssueTracker(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
-	otherUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
+	repoOptions := &forgery.CreateRepositoryOptions{
+		Files: forgery.FilesInit{}, // some tests will fail with 404 if the repository is empty
+	}
+	user := forgery.CreateUser(t, &forgery.CreateUserOptions{
+		IsAdmin: true,
+	})
+	otherUser := forgery.CreateUser(t, nil)
 	token := getUserToken(t, user.Name, auth_model.AccessTokenScopeAll)
 
-	internalIssueRepo, _, reset := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-		Name:          optional.Some("internal-issues"),
-		EnabledUnits:  optional.Some([]unit.Type{unit.TypeIssues}),
-		DisabledUnits: optional.Some([]unit.Type{unit.TypeExternalTracker}),
-		UnitConfig: optional.Some(map[unit.Type]convert.Conversion{
-			unit.TypeIssues: &repo_model.IssuesConfig{
-				EnableTimetracker:  true,
-				EnableDependencies: true,
-			},
-		}),
+	internalIssueRepo := forgery.CreateRepository(t, user, repoOptions)
+	forgery.DisableRepoUnits(t, internalIssueRepo, unit.TypeExternalTracker)
+	forgery.EnableRepoUnit(t, internalIssueRepo, unit.TypeIssues, &repo_model.IssuesConfig{
+		EnableTimetracker:  true,
+		EnableDependencies: true,
 	})
-	defer reset()
 
-	externalIssueRepo, _, reset := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-		Name:          optional.Some("external-issues"),
-		EnabledUnits:  optional.Some([]unit.Type{unit.TypeExternalTracker}),
-		DisabledUnits: optional.Some([]unit.Type{unit.TypeIssues}),
-	})
-	defer reset()
+	externalIssueRepo := forgery.CreateRepository(t, user, repoOptions)
+	forgery.DisableRepoUnits(t, externalIssueRepo, unit.TypeIssues)
+	forgery.EnableRepoUnit(t, internalIssueRepo, unit.TypeExternalTracker, nil)
 
-	disabledIssueRepo, _, reset := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-		Name:          optional.Some("disabled-issues"),
-		DisabledUnits: optional.Some([]unit.Type{unit.TypeIssues, unit.TypeExternalTracker}),
-	})
-	defer reset()
+	disabledIssueRepo := forgery.CreateRepository(t, user, repoOptions)
+	forgery.DisableRepoUnits(t, disabledIssueRepo, unit.TypeIssues, unit.TypeExternalTracker)
 
 	runTest := func(t *testing.T, repo *repo_model.Repository, requestAllowed bool) {
 		t.Helper()
@@ -937,15 +929,13 @@ func TestAPIIssueDependencyPermissions(t *testing.T) {
 	actingUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 4})
 	token := getUserToken(t, actingUser.Name, auth_model.AccessTokenScopeAll)
 
-	actingUserRepo, _, reset := tests.CreateDeclarativeRepoWithOptions(t, actingUser, tests.DeclarativeRepoOptions{})
-	defer reset()
+	actingUserRepo := forgery.CreateRepository(t, actingUser, nil)
 	actingUserIssue := createIssue(t, actingUser, actingUserRepo, "source issue", "some content")
 
 	otherUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
-	otherUserRepo, _, reset := tests.CreateDeclarativeRepoWithOptions(t, otherUser, tests.DeclarativeRepoOptions{
-		IsPrivate: optional.Some(true),
+	otherUserRepo := forgery.CreateRepository(t, otherUser, &forgery.CreateRepositoryOptions{
+		IsPrivate: true,
 	})
-	defer reset()
 	otherUserIssue := createIssue(t, otherUser, otherUserRepo, "target issue", "some content")
 
 	apiEndpoint := fmt.Sprintf("/api/v1/repos/%s/%s/issues/%d/dependencies", actingUserRepo.OwnerName, actingUserRepo.Name, actingUserIssue.Index)
diff --git a/tests/integration/api_org_variables_test.go b/tests/integration/api_org_variables_test.go
index 982c2f8fa5..0f0347f1fd 100644
--- a/tests/integration/api_org_variables_test.go
+++ b/tests/integration/api_org_variables_test.go
@@ -10,10 +10,9 @@ import (
 
 	actions_model "forgejo.org/models/actions"
 	auth_model "forgejo.org/models/auth"
-	org_model "forgejo.org/models/organization"
-	"forgejo.org/models/unittest"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -22,8 +21,9 @@ import (
 func TestAPIOrgVariablesCreateOrganizationVariable(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
-	session := loginUser(t, "user2")
+	owner := forgery.CreateUser(t, nil)
+	org := forgery.CreateOrganisation(t, owner)
+	session := loginUser(t, owner.Name)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
 
 	cases := []struct {
@@ -98,8 +98,9 @@ func TestAPIOrgVariablesCreateOrganizationVariable(t *testing.T) {
 func TestAPIOrgVariablesUpdateOrganizationVariable(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
-	session := loginUser(t, "user2")
+	owner := forgery.CreateUser(t, nil)
+	org := forgery.CreateOrganisation(t, owner)
+	session := loginUser(t, owner.Name)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
 
 	variableName := "test_update_var"
@@ -194,10 +195,12 @@ func TestAPIOrgVariablesUpdateOrganizationVariable(t *testing.T) {
 func TestAPIOrgVariablesDeleteOrganizationVariable(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
+	owner := forgery.CreateUser(t, nil)
+	org := forgery.CreateOrganisation(t, owner)
+
 	variable, err := actions_model.InsertVariable(t.Context(), org.ID, 0, "FORGEJO_FORBIDDEN", "illegal")
 	require.NoError(t, err)
-	session := loginUser(t, "user2")
+	session := loginUser(t, owner.Name)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
 
 	variableName := "test_delete_var"
@@ -226,8 +229,9 @@ func TestAPIOrgVariablesDeleteOrganizationVariable(t *testing.T) {
 func TestAPIOrgVariablesGetSingleOrganizationVariable(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
-	session := loginUser(t, "user2")
+	owner := forgery.CreateUser(t, nil)
+	org := forgery.CreateOrganisation(t, owner)
+	session := loginUser(t, owner.Name)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
 
 	name := "some_variable"
@@ -258,8 +262,9 @@ func TestAPIOrgVariablesGetSingleOrganizationVariable(t *testing.T) {
 func TestAPIOrgVariablesGetAllOrganizationVariables(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	org := unittest.AssertExistsAndLoadBean(t, &org_model.Organization{Name: "org3"})
-	session := loginUser(t, "user2")
+	owner := forgery.CreateUser(t, nil)
+	org := forgery.CreateOrganisation(t, owner)
+	session := loginUser(t, owner.Name)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteOrganization)
 
 	variables := map[string]string{"second": "Dolor sit amet", "first": "Lorem ipsum"}
diff --git a/tests/integration/api_private_serv_test.go b/tests/integration/api_private_serv_test.go
index dd45f54c36..738925172c 100644
--- a/tests/integration/api_private_serv_test.go
+++ b/tests/integration/api_private_serv_test.go
@@ -17,7 +17,7 @@ import (
 	"forgejo.org/modules/private"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
-	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -167,8 +167,7 @@ func TestAPIPrivateServAndNoServWithRequiredTwoFactor(t *testing.T) {
 
 		runTest := func(t *testing.T, user *user_model.User, useTOTP, servAllowed bool) {
 			t.Helper()
-			repo, _, reset := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{})
-			defer reset()
+			repo := forgery.CreateRepository(t, user, nil)
 
 			pubKey, err := asymkey_model.AddPublicKey(ctx, user.ID, "tmp-key-"+user.Name, "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBGXEEzWmm1dxb+57RoK5KVCL0w2eNv9cqJX2AGGVlkFsVDhOXHzsadS3LTK4VlEbbrDMJdoti9yM8vclA8IeRacAAAAEc3NoOg== nocomment", 0)
 			require.NoError(t, err)
diff --git a/tests/integration/api_push_mirror_test.go b/tests/integration/api_push_mirror_test.go
index b31c5cc766..8abaa1b919 100644
--- a/tests/integration/api_push_mirror_test.go
+++ b/tests/integration/api_push_mirror_test.go
@@ -26,7 +26,6 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
@@ -34,6 +33,7 @@ import (
 	mirror_service "forgejo.org/services/mirror"
 	repo_service "forgejo.org/services/repository"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -313,12 +313,7 @@ func TestAPIPushMirrorSSH(t *testing.T) {
 		assert.False(t, srcRepo.HasWiki())
 		session := loginUser(t, user.Name)
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
-		pushToRepo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-			Name:         optional.Some("push-mirror-test"),
-			AutoInit:     optional.Some(false),
-			EnabledUnits: optional.Some([]unit.Type{unit.TypeCode}),
-		})
-		defer f()
+		pushToRepo := forgery.CreateRepository(t, user, &forgery.CreateRepositoryOptions{})
 
 		sshURL := fmt.Sprintf("ssh://%s@%s/%s.git", setting.SSH.User, net.JoinHostPort(setting.SSH.ListenHost, strconv.Itoa(setting.SSH.ListenPort)), pushToRepo.FullName())
 
diff --git a/tests/integration/api_quota_use_test.go b/tests/integration/api_quota_use_test.go
index 1ca44cc17e..97d5cab6a2 100644
--- a/tests/integration/api_quota_use_test.go
+++ b/tests/integration/api_quota_use_test.go
@@ -22,7 +22,6 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/migration"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
@@ -31,6 +30,7 @@ import (
 	"forgejo.org/services/forms"
 	repo_service "forgejo.org/services/repository"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -281,9 +281,10 @@ func prepareQuotaEnv(t *testing.T, username string) *quotaEnv {
 	env.cleanups = append(env.cleanups, userCleanup)
 
 	// Create a repository
-	repo, _, repoCleanup := tests.CreateDeclarativeRepoWithOptions(t, env.User.User, tests.DeclarativeRepoOptions{})
+	repo := forgery.CreateRepository(t, env.User.User, &forgery.CreateRepositoryOptions{
+		Files: forgery.FilesInit{}, // some tests will fail with 404 if the repository is empty
+	})
 	env.Repo = repo
-	env.cleanups = append(env.cleanups, repoCleanup)
 
 	return &env
 }
@@ -476,10 +477,9 @@ func testAPIQuotaEnforcement(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 
 		// Create a template repository
-		template, _, cleanup := tests.CreateDeclarativeRepoWithOptions(t, env.User.User, tests.DeclarativeRepoOptions{
-			IsTemplate: optional.Some(true),
+		template := forgery.CreateRepository(t, env.User.User, &forgery.CreateRepositoryOptions{
+			IsTemplate: true,
 		})
-		defer cleanup()
 
 		// Drop the quota to 0
 		defer env.SetRuleLimit(t, "all", 0)()
@@ -513,8 +513,7 @@ func testAPIQuotaEnforcement(t *testing.T) {
 
 	t.Run("#/repos/{username}/{reponame}", func(t *testing.T) {
 		// Lets create a new repo to play with.
-		repo, _, repoCleanup := tests.CreateDeclarativeRepoWithOptions(t, env.User.User, tests.DeclarativeRepoOptions{})
-		defer repoCleanup()
+		repo := forgery.CreateRepository(t, env.User.User, nil)
 
 		// Drop the quota to 0
 		defer env.SetRuleLimit(t, "all", 0)()
@@ -1198,8 +1197,7 @@ func testAPIQuotaEnforcement(t *testing.T) {
 				defer tests.PrintCurrentTest(t)()
 
 				// Create a repository to transfer
-				repo, _, cleanup := tests.CreateDeclarativeRepoWithOptions(t, env.User.User, tests.DeclarativeRepoOptions{})
-				defer cleanup()
+				repo := forgery.CreateRepository(t, env.User.User, nil)
 
 				// Initiate repo transfer
 				req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer", env.User.User.Name, repo.Name), api.TransferRepoOption{
@@ -1233,8 +1231,7 @@ func testAPIQuotaEnforcement(t *testing.T) {
 				defer env.SetRuleLimit(t, "deny-all", -1)()
 
 				// Create a repository to transfer
-				repo, _, cleanup := tests.CreateDeclarativeRepoWithOptions(t, env.User.User, tests.DeclarativeRepoOptions{})
-				defer cleanup()
+				repo := forgery.CreateRepository(t, env.User.User, nil)
 
 				// Initiate repo transfer
 				req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/transfer", env.User.User.Name, repo.Name), api.TransferRepoOption{
diff --git a/tests/integration/api_repo_activities_test.go b/tests/integration/api_repo_activities_test.go
index 08e10ad79e..43e813ba83 100644
--- a/tests/integration/api_repo_activities_test.go
+++ b/tests/integration/api_repo_activities_test.go
@@ -9,10 +9,10 @@ import (
 	"testing"
 
 	auth_model "forgejo.org/models/auth"
-	"forgejo.org/models/unittest"
-	user_model "forgejo.org/models/user"
 	api "forgejo.org/modules/structs"
+	notify_service "forgejo.org/services/notify"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -20,9 +20,9 @@ import (
 func TestAPIRepoActivityFeeds(t *testing.T) {
 	defer tests.PrepareTestEnv(t)()
 
-	owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
-	repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, owner, tests.DeclarativeRepoOptions{})
-	defer f()
+	repo := forgery.CreateRepository(t, nil, nil)
+	owner := repo.Owner
+	notify_service.CreateRepository(t.Context(), owner, owner, repo)
 
 	feedURL := fmt.Sprintf("/api/v1/repos/%s/activities/feeds", repo.FullName())
 	assertAndReturnActivities := func(t *testing.T, length int) []api.Activity {
@@ -66,7 +66,7 @@ func TestAPIRepoActivityFeeds(t *testing.T) {
 	t.Run("a new watcher, no new activities", func(t *testing.T) {
 		defer tests.PrintCurrentTest(t)()
 
-		watcher := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		watcher := forgery.CreateUser(t, nil)
 		watcherSession := loginUser(t, watcher.Name)
 		watcherToken := getTokenForLoggedInUser(t, watcherSession, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeReadUser)
 
diff --git a/tests/integration/api_wiki_test.go b/tests/integration/api_wiki_test.go
index d1a4102060..9639621591 100644
--- a/tests/integration/api_wiki_test.go
+++ b/tests/integration/api_wiki_test.go
@@ -16,10 +16,10 @@ import (
 	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
-	"forgejo.org/modules/optional"
 	api "forgejo.org/modules/structs"
 	repo_service "forgejo.org/services/repository"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -342,11 +342,7 @@ func TestAPISetWikiGlobalEditability(t *testing.T) {
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
 
 	// Create a new repository for testing purposes
-	repo, _, f := tests.CreateDeclarativeRepo(t, user, "", []unit_model.Type{
-		unit_model.TypeCode,
-		unit_model.TypeWiki,
-	}, nil, nil)
-	defer f()
+	repo := forgery.CreateRepository(t, user, nil)
 	urlStr := fmt.Sprintf("/api/v1/repos/%s", repo.FullName())
 
 	assertGlobalEditability := func(t *testing.T, editability bool) {
@@ -433,11 +429,8 @@ func TestAPIListPageRevisions(t *testing.T) {
 
 func TestAPIWikiNonMasterBranch(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, _ *url.URL) {
-		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
-		repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-			WikiBranch: optional.Some("main"),
-		})
-		defer f()
+		repo := forgery.CreateRepository(t, nil, nil)
+		forgery.InitWiki(t, repo, "main")
 
 		uris := []string{
 			"revisions/Home",
diff --git a/tests/integration/compare_test.go b/tests/integration/compare_test.go
index 070f7e1b20..57c31a0dca 100644
--- a/tests/integration/compare_test.go
+++ b/tests/integration/compare_test.go
@@ -15,13 +15,11 @@ import (
 	repo_model "forgejo.org/models/repo"
 	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
-	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/gitrepo"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/test"
 	repo_service "forgejo.org/services/repository"
-	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/PuerkitoBio/goquery"
 	"github.com/stretchr/testify/assert"
@@ -343,22 +341,16 @@ func TestCompareCrossRepo(t *testing.T) {
 
 func TestCompareCodeExpand(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
-		owner := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
-
 		// Create a new repository, with a file that has many lines
-		repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, owner, tests.DeclarativeRepoOptions{
-			Files: optional.Some([]*files_service.ChangeRepoFile{
-				{
-					Operation:     "create",
-					TreePath:      "docs.md",
-					ContentReader: strings.NewReader("01\n02\n03\n04\n05\n06\n07\n08\n09\n0a\n0b\n0c\n0d\n0e\n0f\n10\n11\n12\n12\n13\n14\n15\n16\n17\n18\n19\n1a\n1b\n1c\n1d\n1e\n1f\n20\n"),
-				},
-			}),
+		repo := forgery.CreateRepository(t, nil, &forgery.CreateRepositoryOptions{
+			Files: forgery.MapFS{
+				"docs.md": forgery.MapFile("01\n02\n03\n04\n05\n06\n07\n08\n09\n0a\n0b\n0c\n0d\n0e\n0f\n10\n11\n12\n12\n13\n14\n15\n16\n17\n18\n19\n1a\n1b\n1c\n1d\n1e\n1f\n20\n"),
+			},
 		})
-		defer f()
+		owner := repo.Owner
 
 		// Fork the repository
-		forker := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		forker := forgery.CreateUser(t, nil)
 		session := loginUser(t, forker.Name)
 		testRepoFork(t, session, owner.Name, repo.Name, forker.Name, repo.Name+"-copy")
 		testCreateBranch(t, session, forker.Name, repo.Name+"-copy", "branch/main", "code-expand", http.StatusSeeOther)
diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go
index c0ecf6b3bc..5285e83df6 100644
--- a/tests/integration/issue_test.go
+++ b/tests/integration/issue_test.go
@@ -26,16 +26,15 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/indexer/issues"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/references"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
 	"forgejo.org/modules/translation"
 	repo_service "forgejo.org/services/repository"
-	files_service "forgejo.org/services/repository/files"
 	user_service "forgejo.org/services/user"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/PuerkitoBio/goquery"
 	"github.com/stretchr/testify/assert"
@@ -489,8 +488,7 @@ func TestIssueDependencies(t *testing.T) {
 	session := loginUser(t, owner.Name)
 	token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteIssue)
 
-	repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, owner, tests.DeclarativeRepoOptions{})
-	defer f()
+	repo := forgery.CreateRepository(t, owner, nil)
 
 	createIssue := func(t *testing.T, title string) api.Issue {
 		t.Helper()
@@ -1359,13 +1357,9 @@ func TestIssueForm(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
-		repo, _, f := tests.CreateDeclarativeRepo(t, user2, "",
-			[]unit_model.Type{unit_model.TypeCode, unit_model.TypeIssues}, nil,
-			[]*files_service.ChangeRepoFile{
-				{
-					Operation: "create",
-					TreePath:  ".forgejo/issue_template/test.yaml",
-					ContentReader: strings.NewReader(`name: Test
+		repo := forgery.CreateRepository(t, user2, &forgery.CreateRepositoryOptions{
+			Files: forgery.MapFS{
+				".forgejo/issue_template/test.yaml": forgery.MapFile(`name: Test
 about: Hello World
 body:
   - type: checkboxes
@@ -1375,10 +1369,8 @@ body:
       options:
         - label: This is a label
 `),
-				},
 			},
-		)
-		defer f()
+		})
 
 		t.Run("Choose list", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
@@ -1407,10 +1399,7 @@ body:
 func TestIssueUnsubscription(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
-		repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-			AutoInit: optional.Some(false),
-		})
-		defer f()
+		repo := forgery.CreateRepository(t, user, &forgery.CreateRepositoryOptions{})
 		session := loginUser(t, user.Name)
 
 		issueURL := testNewIssue(t, session, user.Name, repo.Name, "Issue title", "Description")
diff --git a/tests/integration/migrate_test.go b/tests/integration/migrate_test.go
index 7d244ce60f..8f609a2bfe 100644
--- a/tests/integration/migrate_test.go
+++ b/tests/integration/migrate_test.go
@@ -20,13 +20,13 @@ import (
 	"forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
 	"forgejo.org/modules/translation"
 	"forgejo.org/services/migrations"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -196,11 +196,9 @@ func TestMigrateWithWiki(t *testing.T) {
 		defer test.MockVariableValue(&setting.AppVer, "1.16.0")()
 		require.NoError(t, migrations.Init())
 
-		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-		repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-			WikiBranch: optional.Some("obscure-name"),
-		})
-		defer f()
+		repo := forgery.CreateRepository(t, nil, nil)
+		forgery.InitWiki(t, repo, "obscure-name")
+		user := repo.Owner
 
 		session := loginUser(t, user.Name)
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository, auth_model.AccessTokenScopeReadMisc)
diff --git a/tests/integration/mirror_pull_test.go b/tests/integration/mirror_pull_test.go
index 9a520ae5a5..9b831f4beb 100644
--- a/tests/integration/mirror_pull_test.go
+++ b/tests/integration/mirror_pull_test.go
@@ -22,7 +22,6 @@ import (
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/migration"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/process"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/structs"
@@ -34,6 +33,7 @@ import (
 	repo_service "forgejo.org/services/repository"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/PuerkitoBio/goquery"
 	"github.com/google/uuid"
@@ -183,19 +183,14 @@ func TestMirrorPull(t *testing.T) {
 					user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
 					// Create the source repository that will be mirrored.
-					sourceRepo, sourceRepoSha, cleanupSource := tests.CreateDeclarativeRepoWithOptions(t, user2,
-						tests.DeclarativeRepoOptions{
-							IsPrivate: optional.Some(mc.privateSource),
-							Files: optional.Some([]*files_service.ChangeRepoFile{
-								{
-									Operation:     "create",
-									TreePath:      "docs.md",
-									ContentReader: strings.NewReader("hello, world"),
-								},
-							}),
+					var sourceRepoSha string
+					sourceRepo := forgery.CreateRepository(t, user2, &forgery.CreateRepositoryOptions{
+						IsPrivate: mc.privateSource,
+						Files: forgery.MapFS{
+							"docs.md": forgery.MapFile("hello, world"),
 						},
-					)
-					defer cleanupSource()
+						LatestSha: &sourceRepoSha,
+					})
 					require.NotEmpty(t, sourceRepoSha)
 
 					// Create pull mirror
@@ -239,10 +234,7 @@ func TestMirrorPull(t *testing.T) {
 
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 
-		mirrorRepo, _, cleanupMirror := tests.CreateDeclarativeRepoWithOptions(t, user2,
-			tests.DeclarativeRepoOptions{},
-		)
-		defer cleanupMirror()
+		mirrorRepo := forgery.CreateRepository(t, user2, nil)
 
 		// Write to the repo a config file that would have plausibly existed before EncryptedRemoteAddress was
 		// introduced:
@@ -343,8 +335,8 @@ func createPullMirrorViaWeb(t *testing.T, sourceRepo *repo_model.Repository, aut
 			body := resp.Body.String()
 			lastBody = body
 			// Looking for the repo page to be fully populated indicating that the migration is complete:
-			// Check that the first commit message is present:
-			if !strings.Contains(body, "Initial commit") {
+			// Check that the committed file is present:
+			if !strings.Contains(body, "docs.md") {
 				return false
 			}
 			// Check that the fork button is present:
diff --git a/tests/integration/mirror_push_test.go b/tests/integration/mirror_push_test.go
index 3f5a8223c8..95981c9ce6 100644
--- a/tests/integration/mirror_push_test.go
+++ b/tests/integration/mirror_push_test.go
@@ -21,12 +21,10 @@ import (
 	auth_model "forgejo.org/models/auth"
 	"forgejo.org/models/db"
 	repo_model "forgejo.org/models/repo"
-	"forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/gitrepo"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
@@ -37,6 +35,7 @@ import (
 	mirror_service "forgejo.org/services/mirror"
 	repo_service "forgejo.org/services/repository"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/PuerkitoBio/goquery"
 	"github.com/stretchr/testify/assert"
@@ -228,12 +227,7 @@ func TestSSHPushMirror(t *testing.T) {
 		assert.False(t, srcRepo.HasWiki())
 		sess := loginUser(t, user.Name)
 
-		pushToRepo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-			Name:         optional.Some("push-mirror-misc-test"),
-			AutoInit:     optional.Some(false),
-			EnabledUnits: optional.Some([]unit.Type{unit.TypeCode}),
-		})
-		defer f()
+		pushToRepo := forgery.CreateRepository(t, user, &forgery.CreateRepositoryOptions{})
 		sshURL := fmt.Sprintf("ssh://%s@%s/%s.git", setting.SSH.User, net.JoinHostPort(setting.SSH.ListenHost, strconv.Itoa(setting.SSH.ListenPort)), pushToRepo.FullName())
 
 		t.Run("Mutual exclusive", func(t *testing.T) {
@@ -286,12 +280,7 @@ func TestSSHPushMirror(t *testing.T) {
 		testMirrorPush := func(t *testing.T, srcRepo *repo_model.Repository, expectedSHA string) {
 			t.Helper()
 
-			pushToRepo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-				Name:         optional.Some("push-mirror-test"),
-				AutoInit:     optional.Some(false),
-				EnabledUnits: optional.Some([]unit.Type{unit.TypeCode}),
-			})
-			defer f()
+			pushToRepo := forgery.CreateRepository(t, user, &forgery.CreateRepositoryOptions{})
 			sshURL := fmt.Sprintf("ssh://%s@%s/%s.git", setting.SSH.User, net.JoinHostPort(setting.SSH.ListenHost, strconv.Itoa(setting.SSH.ListenPort)), pushToRepo.FullName())
 
 			var pushMirror *repo_model.PushMirror
@@ -404,8 +393,7 @@ func TestPushMirrorBranchFilterWebUI(t *testing.T) {
 		srcRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1})
 		sess := loginUser(t, user.Name)
 
-		mirrorRepo, _, f := tests.CreateDeclarativeRepo(t, user, "", []unit.Type{unit.TypeCode}, nil, nil)
-		defer f()
+		mirrorRepo := forgery.CreateRepository(t, user, nil)
 
 		ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name, auth_model.AccessTokenScopeReadRepository)
 		ctx.Session = sess
@@ -595,12 +583,8 @@ func TestPushMirrorSettings(t *testing.T) {
 		srcRepo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3})
 		assert.False(t, srcRepo.HasWiki())
 		sess := loginUser(t, user.Name)
-		pushToRepo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-			Name:         optional.Some("push-mirror-test"),
-			AutoInit:     optional.Some(false),
-			EnabledUnits: optional.Some([]unit.Type{unit.TypeCode}),
-		})
-		defer f()
+
+		pushToRepo := forgery.CreateRepository(t, user, &forgery.CreateRepositoryOptions{})
 
 		t.Run("Adding", func(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
@@ -904,8 +888,7 @@ func TestPushMirrorWebUIToAPIIntegration(t *testing.T) {
 		session := loginUser(t, user.Name)
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeAll)
 
-		mirrorRepo, _, f := tests.CreateDeclarativeRepo(t, user, "", []unit.Type{unit.TypeCode}, nil, nil)
-		defer f()
+		mirrorRepo := forgery.CreateRepository(t, user, nil)
 
 		ctx := NewAPITestContext(t, user.LowerName, srcRepo.Name, auth_model.AccessTokenScopeReadRepository)
 		ctx.Session = session
@@ -941,8 +924,7 @@ func TestPushMirrorWebUIToAPIIntegration(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
 			// Create another mirror repo for this test
-			mirrorRepo2, _, f := tests.CreateDeclarativeRepo(t, user, "", []unit.Type{unit.TypeCode}, nil, nil)
-			defer f()
+			mirrorRepo2 := forgery.CreateRepository(t, user, nil)
 			remoteAddress2 := fmt.Sprintf("%s%s/%s", u.String(), url.PathEscape(user.Name), url.PathEscape(mirrorRepo2.Name))
 
 			// Create push mirror with empty branch filter via web UI
@@ -967,8 +949,7 @@ func TestPushMirrorWebUIToAPIIntegration(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
 			// Create another mirror repo for this test
-			mirrorRepo3, _, f := tests.CreateDeclarativeRepo(t, user, "", []unit.Type{unit.TypeCode}, nil, nil)
-			defer f()
+			mirrorRepo3 := forgery.CreateRepository(t, user, nil)
 			remoteAddress3 := fmt.Sprintf("%s%s/%s", u.String(), url.PathEscape(user.Name), url.PathEscape(mirrorRepo3.Name))
 
 			// Create push mirror with complex branch filter via web UI
@@ -994,8 +975,7 @@ func TestPushMirrorWebUIToAPIIntegration(t *testing.T) {
 			defer tests.PrintCurrentTest(t)()
 
 			// Create another mirror repo for this test
-			mirrorRepo4, _, f := tests.CreateDeclarativeRepo(t, user, "", []unit.Type{unit.TypeCode}, nil, nil)
-			defer f()
+			mirrorRepo4 := forgery.CreateRepository(t, user, nil)
 			remoteAddress4 := fmt.Sprintf("%s%s/%s", u.String(), url.PathEscape(user.Name), url.PathEscape(mirrorRepo4.Name))
 
 			// First create a push mirror via API with initial branch filter
diff --git a/tests/integration/patch_status_test.go b/tests/integration/patch_status_test.go
index 9ada94bfc0..1acce03d6b 100644
--- a/tests/integration/patch_status_test.go
+++ b/tests/integration/patch_status_test.go
@@ -10,22 +10,19 @@ import (
 	"net/url"
 	"os"
 	"path/filepath"
-	"strings"
 	"testing"
 	"time"
 
 	issues_model "forgejo.org/models/issues"
 	repo_model "forgejo.org/models/repo"
-	unit_model "forgejo.org/models/unit"
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/test"
 	pull_service "forgejo.org/services/pull"
-	files_service "forgejo.org/services/repository/files"
 	shared_automerge "forgejo.org/services/shared/automerge"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -36,24 +33,17 @@ func TestPatchStatus(t *testing.T) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
 		session := loginUser(t, user2.Name)
 
-		var objectFormat optional.Option[string]
+		var objectFormat git.ObjectFormat
 		if git.SupportHashSha256 {
-			objectFormat = optional.Some("sha256")
+			objectFormat = git.Sha256ObjectFormat
 		}
 
-		repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user2, tests.DeclarativeRepoOptions{
-			AutoInit:     optional.Some(true),
-			EnabledUnits: optional.Some([]unit_model.Type{unit_model.TypeCode}),
+		repo := forgery.CreateRepository(t, user2, &forgery.CreateRepositoryOptions{
+			Files: forgery.MapFS{
+				".spokeperson": forgery.MapFile("n0toose"),
+			},
 			ObjectFormat: objectFormat,
-			Files: optional.Some([]*files_service.ChangeRepoFile{
-				{
-					Operation:     "create",
-					TreePath:      ".spokeperson",
-					ContentReader: strings.NewReader("n0toose"),
-				},
-			}),
 		})
-		defer f()
 
 		testAutomergeQueued := func(t *testing.T, pr *issues_model.PullRequest, expected issues_model.PullRequestStatus) {
 			t.Helper()
diff --git a/tests/integration/pull_review_test.go b/tests/integration/pull_review_test.go
index 8c7b302c68..3c0f4344f1 100644
--- a/tests/integration/pull_review_test.go
+++ b/tests/integration/pull_review_test.go
@@ -38,6 +38,7 @@ import (
 	repo_service "forgejo.org/services/repository"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/PuerkitoBio/goquery"
 	"github.com/google/uuid"
@@ -1816,21 +1817,14 @@ func newPullRequestCommentPlacementTester(t *testing.T) *PullRequestCommentPlace
 		content.WriteString(fmt.Sprintf("Line %d\n", i+1)) // +1 -> make "Line N" appear on the Nth line and avoid off-by-one confusions
 	}
 
-	repo, initialSHA, reset := tests.CreateDeclarativeRepoWithOptions(t, user2, tests.DeclarativeRepoOptions{
-		Files: optional.Some([]*files_service.ChangeRepoFile{
-			{
-				Operation:     "create",
-				TreePath:      "file1.md",
-				ContentReader: strings.NewReader(content.String()),
-			},
-			{
-				Operation:     "create",
-				TreePath:      "file2.md",
-				ContentReader: strings.NewReader(content.String()),
-			},
-		}),
+	var initialSHA string
+	repo := forgery.CreateRepository(t, user2, &forgery.CreateRepositoryOptions{
+		Files: forgery.MapFS{
+			"file1.md": forgery.MapFile(content.String()),
+			"file2.md": forgery.MapFile(content.String()),
+		},
+		LatestSha: &initialSHA,
 	})
-	t.Cleanup(reset)
 
 	return &PullRequestCommentPlacementTester{
 		t:           t,
diff --git a/tests/integration/quota_use_test.go b/tests/integration/quota_use_test.go
index dd5afd1aed..fb9619adee 100644
--- a/tests/integration/quota_use_test.go
+++ b/tests/integration/quota_use_test.go
@@ -19,7 +19,6 @@ import (
 	org_model "forgejo.org/models/organization"
 	quota_model "forgejo.org/models/quota"
 	repo_model "forgejo.org/models/repo"
-	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
 	"forgejo.org/modules/setting"
@@ -29,8 +28,8 @@ import (
 	app_context "forgejo.org/services/context"
 	repo_service "forgejo.org/services/repository"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
-	gouuid "github.com/google/uuid"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -1025,13 +1024,13 @@ func createQuotaWebEnv(t *testing.T) *quotaWebEnv {
 		user := quotaWebEnvUser{}
 
 		// Create the user
-		userName := gouuid.NewString()
-		apiCreateUser(t, userName)
-		user.User = unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: userName})
-		user.Session = loginUser(t, userName)
+		user.User = forgery.CreateUser(t, nil)
+		user.Session = loginUser(t, user.User.Name)
 
 		// Create a repository for the user
-		repo, _, _ := tests.CreateDeclarativeRepoWithOptions(t, user.User, tests.DeclarativeRepoOptions{})
+		repo := forgery.CreateRepository(t, user.User, &forgery.CreateRepositoryOptions{
+			Files: forgery.FilesInit{},
+		})
 		user.Repo = repo
 
 		return user
@@ -1072,25 +1071,21 @@ func createQuotaWebEnv(t *testing.T) *quotaWebEnv {
 		org := quotaWebEnvOrg{}
 
 		// Create the org
-		userName := gouuid.NewString()
-		org.Org = &org_model.Organization{
-			Name: userName,
-		}
-		err := org_model.CreateOrganization(db.DefaultContext, org.Org, owner)
-		require.NoError(t, err)
+		org.Org = forgery.CreateOrganisation(t, owner)
 
 		// Create a repository for the org
-		orgUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: org.Org.ID})
-		repo, _, _ := tests.CreateDeclarativeRepoWithOptions(t, orgUser, tests.DeclarativeRepoOptions{})
+		repo := forgery.CreateRepository(t, org.Org.AsUser(), &forgery.CreateRepositoryOptions{
+			Files: forgery.FilesInit{},
+		})
 		org.Repo = repo
 
 		// Create a quota group for them
-		group, err := quota_model.CreateGroup(db.DefaultContext, userName)
+		group, err := quota_model.CreateGroup(db.DefaultContext, org.Org.Name)
 		require.NoError(t, err)
 		org.QuotaGroup = group
 
 		// Create a rule
-		rule, err := quota_model.CreateRule(db.DefaultContext, userName, limit, quota_model.LimitSubjects{quota_model.LimitSubjectSizeAll})
+		rule, err := quota_model.CreateRule(db.DefaultContext, org.Org.Name, limit, quota_model.LimitSubjects{quota_model.LimitSubjectSizeAll})
 		require.NoError(t, err)
 		org.QuotaRule = rule
 
diff --git a/tests/integration/repo_generate_test.go b/tests/integration/repo_generate_test.go
index 637f0a478d..aec2a89719 100644
--- a/tests/integration/repo_generate_test.go
+++ b/tests/integration/repo_generate_test.go
@@ -17,12 +17,11 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	"forgejo.org/modules/test"
 	"forgejo.org/modules/translation"
-	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -243,40 +242,27 @@ func TestRepoGenerateTemplating(t *testing.T) {
 		expected := `# %s
 	This is a Repo By %s
 	ThisIsThe%sInAnInlineWay`
-		templateName := "my_template"
-		generatedName := "my_generated"
 
-		userName := "user1"
-		session := loginUser(t, userName)
-		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: userName})
-
-		template, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-			Name:       optional.Some(templateName),
-			IsTemplate: optional.Some(true),
-			Files: optional.Some([]*files_service.ChangeRepoFile{
-				{
-					Operation:     "create",
-					TreePath:      ".forgejo/template",
-					ContentReader: strings.NewReader("**/Readme.md"),
-				},
-				{
-					Operation:     "create",
-					TreePath:      "dira-${REPO_NAME}/dirb-${REPO_NAME}/Readme.md",
-					ContentReader: strings.NewReader(input),
-				},
-			}),
+		template := forgery.CreateRepository(t, nil, &forgery.CreateRepositoryOptions{
+			IsTemplate: true,
+			Files: forgery.MapFS{
+				".forgejo/template":                             forgery.MapFile("**/Readme.md"),
+				"dira-${REPO_NAME}/dirb-${REPO_NAME}/Readme.md": forgery.MapFile(input),
+			},
 		})
-		defer f()
+		user := template.Owner
+		session := loginUser(t, user.Name)
 
 		// The repo.TemplateID field is not initialized. Luckily, the ID field holds the expected value
 		templateID := strconv.FormatInt(template.ID, 10)
+		generatedName := "my_generated"
 
 		testRepoGenerateSuccess(
 			t,
 			session,
 			templateID,
 			user.Name,
-			templateName,
+			template.Name,
 			user,
 			user,
 			generatedName,
@@ -310,9 +296,10 @@ func TestRepoGenerateTemplating(t *testing.T) {
 
 func TestRepoGenerateTemplatingSymlink(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
-		userName := "user1"
-		session := loginUser(t, userName)
-		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: userName})
+		user := forgery.CreateUser(t, &forgery.CreateUserOptions{
+			IsAdmin: true, // required to see the detailed error message on the error response
+		})
+		session := loginUser(t, user.Name)
 
 		testCases := []struct {
 			name          string
@@ -337,34 +324,18 @@ func TestRepoGenerateTemplatingSymlink(t *testing.T) {
 
 		for i, tc := range testCases {
 			t.Run(tc.name, func(t *testing.T) {
-				templateName := fmt.Sprintf("my_template-%d", i)
-				generatedName := fmt.Sprintf("my_generated-%d", i)
-				template, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-					Name:       optional.Some(templateName),
-					IsTemplate: optional.Some(true),
-					Files: optional.Some([]*files_service.ChangeRepoFile{
-						{
-							Operation:     "create",
-							TreePath:      ".forgejo/template",
-							ContentReader: strings.NewReader("**/Readme.md"),
-						},
-						{
-							Operation:     "create",
-							TreePath:      "actual-contents.txt",
-							ContentReader: strings.NewReader("Here are some contents. $REPO_NAME"),
-						},
-						{
-							Operation:     "create",
-							TreePath:      "problem/Readme.md",
-							ContentReader: strings.NewReader(tc.symlinkTarget),
-							Options:       files_service.RepoFileOptionMode(git.EntryModeSymlink),
-						},
-					}),
+				template := forgery.CreateRepository(t, user, &forgery.CreateRepositoryOptions{
+					IsTemplate: true,
+					Files: forgery.MapFS{
+						".forgejo/template":   forgery.MapFile("**/Readme.md"),
+						"actual-contents.txt": forgery.MapFile("Here are some contents. $REPO_NAME"),
+						"problem/Readme.md":   forgery.MapSymlink(tc.symlinkTarget),
+					},
 				})
-				defer f()
 
 				// The repo.TemplateID field is not initialized. Luckily, the ID field holds the expected value
 				templateID := strconv.FormatInt(template.ID, 10)
+				generatedName := fmt.Sprintf("my_generated-%d", i)
 
 				if tc.expectedError != "" {
 					resp := testRepoGenerateFailure(
@@ -372,7 +343,7 @@ func TestRepoGenerateTemplatingSymlink(t *testing.T) {
 						session,
 						templateID,
 						user.Name,
-						templateName,
+						template.Name,
 						user,
 						user,
 						generatedName,
@@ -384,7 +355,7 @@ func TestRepoGenerateTemplatingSymlink(t *testing.T) {
 						session,
 						templateID,
 						user.Name,
-						templateName,
+						template.Name,
 						user,
 						user,
 						generatedName,
@@ -419,36 +390,28 @@ func TestRepoGenerateTemplatingSymlink(t *testing.T) {
 
 func TestRepoGenerateTemplatingSymlinkGlobFile(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
-		templateName := "my_template"
-		generatedName := "my_generated"
-
-		userName := "user1"
-		session := loginUser(t, userName)
-		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: userName})
-
-		template, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-			Name:       optional.Some(templateName),
-			IsTemplate: optional.Some(true),
-			Files: optional.Some([]*files_service.ChangeRepoFile{
-				{
-					Operation:     "create",
-					TreePath:      ".forgejo/template",
-					ContentReader: strings.NewReader("/etc/passwd"),
-					Options:       files_service.RepoFileOptionMode(git.EntryModeSymlink),
-				},
-			}),
+		user := forgery.CreateUser(t, &forgery.CreateUserOptions{
+			IsAdmin: true, // required to see the detailed error message on the error response
+		})
+		session := loginUser(t, user.Name)
+
+		template := forgery.CreateRepository(t, user, &forgery.CreateRepositoryOptions{
+			IsTemplate: true,
+			Files: forgery.MapFS{
+				".forgejo/template": forgery.MapSymlink("/etc/passwd"),
+			},
 		})
-		defer f()
 
 		// The repo.TemplateID field is not initialized. Luckily, the ID field holds the expected value
 		templateID := strconv.FormatInt(template.ID, 10)
+		generatedName := "my_generated"
 
 		resp := testRepoGenerateFailure(
 			t,
 			session,
 			templateID,
 			user.Name,
-			templateName,
+			template.Name,
 			user,
 			user,
 			generatedName,
diff --git a/tests/integration/repo_test.go b/tests/integration/repo_test.go
index 299299ff0b..16dc7cd483 100644
--- a/tests/integration/repo_test.go
+++ b/tests/integration/repo_test.go
@@ -24,7 +24,6 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
-	"forgejo.org/modules/optional"
 	"forgejo.org/modules/setting"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/test"
@@ -32,6 +31,7 @@ import (
 	repo_service "forgejo.org/services/repository"
 	files_service "forgejo.org/services/repository/files"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/PuerkitoBio/goquery"
 	"github.com/stretchr/testify/assert"
@@ -1369,21 +1369,17 @@ func TestInitInstructions(t *testing.T) {
 
 	forEachObjectFormat(t, func(t *testing.T, objectFormat git.ObjectFormat) {
 		defer tests.PrintCurrentTest(t)()
-		name := objectFormat.Name()
+
 		var init string
-		if name == "sha1" {
+		if objectFormat == git.Sha1ObjectFormat {
 			init = "git init"
 		} else {
-			init = fmt.Sprintf("git init --object-format=%s", name)
+			init = fmt.Sprintf("git init --object-format=%s", objectFormat.Name())
 		}
 
-		repo, _, f := tests.CreateDeclarativeRepoWithOptions(t, user, tests.DeclarativeRepoOptions{
-			Name:         optional.Some(name + "-instruction"),
-			AutoInit:     optional.Some(false),
-			EnabledUnits: optional.Some([]unit_model.Type{unit_model.TypeCode}),
-			ObjectFormat: optional.Some(name),
+		repo := forgery.CreateRepository(t, user, &forgery.CreateRepositoryOptions{
+			ObjectFormat: objectFormat,
 		})
-		defer f()
 
 		portMatcher := regexp.MustCompile(`localhost:\d+`)
 		resp := session.MakeRequest(t, NewRequest(t, "GET", "/"+repo.FullName()), http.StatusOK)
@@ -1394,7 +1390,7 @@ func TestInitInstructions(t *testing.T) {
 git switch -c main
 git add README.md
 git commit -m "first commit"
-git remote add origin http://localhost/user2/%s-instruction.git
-git push -u origin main`, init, name), portMatcher.ReplaceAllString(htmlDoc.Find(".empty-repo-guide code").First().Text(), "localhost"))
+git remote add origin http://localhost/user2/%s.git
+git push -u origin main`, init, repo.Name), portMatcher.ReplaceAllString(htmlDoc.Find(".empty-repo-guide code").First().Text(), "localhost"))
 	})
 }
diff --git a/tests/integration/wiki_test.go b/tests/integration/wiki_test.go
index 1fd9378852..efccd20ef8 100644
--- a/tests/integration/wiki_test.go
+++ b/tests/integration/wiki_test.go
@@ -20,10 +20,10 @@ import (
 	"forgejo.org/models/unittest"
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/git"
-	"forgejo.org/modules/optional"
 	api "forgejo.org/modules/structs"
 	"forgejo.org/modules/util"
 	"forgejo.org/tests"
+	"forgejo.org/tests/forgery"
 
 	"github.com/PuerkitoBio/goquery"
 	"github.com/google/uuid"
@@ -95,11 +95,10 @@ func doRepoWikiGitOperation(t *testing.T, serverURL *url.URL, method RepoWikiMet
 	repo := "repo1"
 	if target == RepoWikiPrivate {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
-		privateRepo, _, reset := tests.CreateDeclarativeRepoWithOptions(t, user2, tests.DeclarativeRepoOptions{
-			IsPrivate:    optional.Some(true),
-			EnabledUnits: optional.Some([]unit_model.Type{unit_model.TypeWiki}),
+		privateRepo := forgery.CreateRepository(t, user2, &forgery.CreateRepositoryOptions{
+			IsPrivate: true,
 		})
-		defer reset()
+		forgery.EnableRepoUnit(t, privateRepo, unit_model.TypeWiki, nil)
 
 		session := loginUser(t, user2.LoginName)
 		token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository)
diff --git a/tests/test_utils.go b/tests/test_utils.go
index 5e5b04c860..8314e8c58a 100644
--- a/tests/test_utils.go
+++ b/tests/test_utils.go
@@ -15,10 +15,10 @@ import (
 	"path"
 	"path/filepath"
 	"runtime"
-	"slices"
 	"strings"
 	"sync/atomic"
 	"testing"
+	"testing/fstest"
 	"time"
 
 	"forgejo.org/models/db"
@@ -29,10 +29,9 @@ import (
 	user_model "forgejo.org/models/user"
 	"forgejo.org/modules/base"
 	"forgejo.org/modules/git"
-	"forgejo.org/modules/gitrepo"
 	"forgejo.org/modules/graceful"
 	"forgejo.org/modules/log"
-	"forgejo.org/modules/optional"
+	"forgejo.org/modules/options"
 	"forgejo.org/modules/process"
 	repo_module "forgejo.org/modules/repository"
 	"forgejo.org/modules/setting"
@@ -40,12 +39,10 @@ import (
 	"forgejo.org/modules/testlogger"
 	"forgejo.org/modules/util"
 	"forgejo.org/routers"
-	repo_service "forgejo.org/services/repository"
+	"forgejo.org/services/notify"
 	files_service "forgejo.org/services/repository/files"
-	wiki_service "forgejo.org/services/wiki"
+	"forgejo.org/tests/forgery"
 
-	"github.com/google/uuid"
-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"xorm.io/xorm/convert"
 
@@ -386,169 +383,74 @@ func Printf(format string, args ...any) {
 	testlogger.Printf(format, args...)
 }
 
-type DeclarativeRepoOptions struct {
-	Name          optional.Option[string]
-	EnabledUnits  optional.Option[[]unit_model.Type]
-	DisabledUnits optional.Option[[]unit_model.Type]
-	UnitConfig    optional.Option[map[unit_model.Type]convert.Conversion]
-	Files         optional.Option[[]*files_service.ChangeRepoFile]
-	WikiBranch    optional.Option[string]
-	AutoInit      optional.Option[bool]
-	IsTemplate    optional.Option[bool]
-	ObjectFormat  optional.Option[string]
-	IsPrivate     optional.Option[bool]
-}
-
-func CreateDeclarativeRepoWithOptions(t *testing.T, owner *user_model.User, opts DeclarativeRepoOptions) (*repo_model.Repository, string, func()) {
-	t.Helper()
-
-	// Not using opts.Name.ValueOrDefault() here to avoid unnecessarily
-	// generating an UUID when a name is specified.
-	var repoName string
-	if has, value := opts.Name.Get(); has {
-		repoName = value
-	} else {
-		repoName = uuid.NewString()
-	}
-
-	var autoInit bool
-	if has, value := opts.AutoInit.Get(); has {
-		autoInit = value
-	} else {
-		autoInit = true
-	}
-
-	// Create the repository
-	repo, err := repo_service.CreateRepository(db.DefaultContext, owner, owner, repo_service.CreateRepoOptions{
-		Name:             repoName,
-		Description:      "Temporary Repo",
-		AutoInit:         autoInit,
-		Gitignores:       "",
-		License:          "WTFPL",
-		Readme:           "Default",
-		DefaultBranch:    "main",
-		IsTemplate:       opts.IsTemplate.ValueOrZeroValue(),
-		ObjectFormatName: opts.ObjectFormat.ValueOrZeroValue(),
-		IsPrivate:        opts.IsPrivate.ValueOrZeroValue(),
-	})
-	require.NoError(t, err)
-	assert.NotEmpty(t, repo)
-
-	// Populate `enabledUnits` if we have any enabled.
-	var enabledUnits []repo_model.RepoUnit
-	if has, units := opts.EnabledUnits.Get(); has {
-		enabledUnits = make([]repo_model.RepoUnit, len(units))
-
-		for i, unitType := range units {
-			var config convert.Conversion
-			if cfg, ok := opts.UnitConfig.ValueOrZeroValue()[unitType]; ok {
-				config = cfg
-			}
-			enabledUnits[i] = repo_model.RepoUnit{
-				RepoID: repo.ID,
-				Type:   unitType,
-				Config: config,
-			}
-		}
-	}
-
-	// Adjust the repo units according to our parameters.
-	if opts.EnabledUnits.Has() || opts.DisabledUnits.Has() {
-		err := repo_service.UpdateRepositoryUnits(db.DefaultContext, repo, enabledUnits, opts.DisabledUnits.ValueOrDefault(nil))
-		require.NoError(t, err)
-	}
-
-	// Add files, if any.
-	var sha string
-	if has, files := opts.Files.Get(); has {
-		assert.True(t, autoInit, "Files cannot be specified if AutoInit is disabled")
-
-		commitID, err := gitrepo.GetBranchCommitID(git.DefaultContext, repo, "main")
-		require.NoError(t, err)
-
-		resp, err := files_service.ChangeRepoFiles(git.DefaultContext, repo, owner, &files_service.ChangeRepoFilesOptions{
-			Files:     files,
-			Message:   "add files",
-			OldBranch: "main",
-			NewBranch: "main",
-			Author: &files_service.IdentityOptions{
-				Name:  owner.Name,
-				Email: owner.Email,
-			},
-			Committer: &files_service.IdentityOptions{
-				Name:  owner.Name,
-				Email: owner.Email,
-			},
-			Dates: &files_service.CommitDateOptions{
-				Author:    time.Now(),
-				Committer: time.Now(),
-			},
-			LastCommitID: commitID,
-		})
-		require.NoError(t, err)
-		assert.NotEmpty(t, resp)
-
-		sha = resp.Commit.SHA
-	}
-
-	// If there's a Wiki branch specified, create a wiki, and a default wiki page.
-	if has, value := opts.WikiBranch.Get(); has {
-		// Set the wiki branch in the database first
-		repo.WikiBranch = value
-		err := repo_model.UpdateRepositoryCols(db.DefaultContext, repo, "wiki_branch")
-		require.NoError(t, err)
-
-		// Initialize the wiki
-		err = wiki_service.InitWiki(db.DefaultContext, repo)
-		require.NoError(t, err)
-
-		// Add a new wiki page
-		err = wiki_service.AddWikiPage(db.DefaultContext, owner, repo, "Home", "Welcome to the wiki!", "Add a Home page")
-		require.NoError(t, err)
-	}
-
-	// Return the repo, the top commit, and a defer-able function to delete the
-	// repo.
-	return repo, sha, func() {
-		_ = repo_service.DeleteRepository(db.DefaultContext, owner, repo, false)
-	}
-}
-
+// Deprecated: use forgery.CreateRepository instead
 func CreateDeclarativeRepo(t *testing.T, owner *user_model.User, name string, enabledUnits, disabledUnits []unit_model.Type, files []*files_service.ChangeRepoFile) (*repo_model.Repository, string, func()) {
 	t.Helper()
 
-	var opts DeclarativeRepoOptions
-
-	if name != "" {
-		opts.Name = optional.Some(name)
+	opts := &forgery.CreateRepositoryOptions{
+		LatestSha: new(string),
+		Name:      name,
 	}
-	if enabledUnits != nil {
-		opts.EnabledUnits = optional.Some(enabledUnits)
 
-		if slices.Contains(enabledUnits, unit_model.TypePullRequests) {
-			opts.UnitConfig = optional.Some(map[unit_model.Type]convert.Conversion{
-				unit_model.TypePullRequests: &repo_model.PullRequestsConfig{
-					AllowMerge:           true,
-					AllowRebase:          true,
-					AllowRebaseMerge:     true,
-					AllowSquash:          true,
-					AllowFastForwardOnly: true,
-					AllowManualMerge:     true,
-					AllowRebaseUpdate:    true,
-					DefaultMergeStyle:    repo_model.MergeStyleMerge,
-					DefaultUpdateStyle:   repo_model.UpdateStyleMerge,
-				},
-			})
+	if len(files) > 0 {
+		licenseData, err := options.License("CC0-1.0")
+		require.NoError(t, err)
+		mfs := forgery.MapFS{
+			"README.md": forgery.MapFile("# " + t.Name() + "\n\nThis is a test repo created via test_utils"),
+			"LICENSE":   &fstest.MapFile{Data: licenseData},
 		}
+		for _, f := range files {
+			require.Empty(t, f.FromTreePath, f.TreePath)
+			if f.Operation != "create" {
+				require.Equal(t, "README.md", f.TreePath, "%q operation only expected on README.md", f.Operation)
+				if f.Operation == "delete" {
+					delete(mfs, f.TreePath)
+					continue
+				}
+				require.Equal(t, "update", f.Operation, "only update/delete operations are supported on README.md")
+			}
+			if f.SHA != "" {
+				require.Nil(t, f.ContentReader, f.TreePath)
+				mfs[f.TreePath] = forgery.MapSubmodule(f.SHA)
+			} else {
+				require.Nil(t, f.Options, f.TreePath)
+
+				data, err := io.ReadAll(f.ContentReader)
+				require.NoError(t, err)
+				mfs[f.TreePath] = &fstest.MapFile{
+					Data: data,
+				}
+			}
+		}
+		opts.Files = mfs
+	} else {
+		opts.Files = forgery.FilesInit{}
+	}
+
+	repo := forgery.CreateRepository(t, owner, opts)
+	notify.CreateRepository(t.Context(), owner, owner, repo) // CreateDeclarativeRepoWithOptions didn't call CreateRepositoryDirectly; notify manually to keep the same behavior
+
+	for _, unitType := range enabledUnits {
+		var config convert.Conversion
+		if unitType == unit_model.TypePullRequests {
+			config = &repo_model.PullRequestsConfig{
+				AllowMerge:           true,
+				AllowRebase:          true,
+				AllowRebaseMerge:     true,
+				AllowSquash:          true,
+				AllowFastForwardOnly: true,
+				AllowManualMerge:     true,
+				AllowRebaseUpdate:    true,
+				DefaultMergeStyle:    repo_model.MergeStyleMerge,
+				DefaultUpdateStyle:   repo_model.UpdateStyleMerge,
+			}
+		}
+		forgery.EnableRepoUnit(t, repo, unitType, config)
 	}
 	if disabledUnits != nil {
-		opts.DisabledUnits = optional.Some(disabledUnits)
+		forgery.DisableRepoUnits(t, repo, disabledUnits...)
 	}
-	if files != nil {
-		opts.Files = optional.Some(files)
-	}
-
-	return CreateDeclarativeRepoWithOptions(t, owner, opts)
+	return repo, *opts.LatestSha, func() {}
 }
 
 func WriteImageBody(t *testing.T, buff bytes.Buffer, filename string, body *bytes.Buffer) string {

From 6e5dbfa1692e6a5ca48470a79c1ddceca1143bc9 Mon Sep 17 00:00:00 2001
From: Mathieu Fenniak <mathieu@fenniak.net>
Date: Tue, 12 May 2026 22:41:07 +0200
Subject: [PATCH 853/854] fix: handle boolean workflow inputs correctly before
 jobparser evaluates with them (#12539)

Fixes https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/112.

Currently boolean `workflow_dispatch` values are being passed as strings during Forgejo's job parsing, causing both true & false to have the same behaviour when evaluated in a condition like this:

```
on:
  workflow_dispatch:
    inputs:
      win32:
        type: boolean

jobs:
  job1:
    strategy:
      matrix:
        runner: ${{ fromJSON(inputs.win32 == 'true' && '["win32", "win64"]' || '["win64"]') }}
    steps: # ...
```

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [ ] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12539
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
---
 services/actions/workflows.go             |  8 ++++
 tests/integration/actions_trigger_test.go | 58 +++++++++++++++++++++++
 2 files changed, 66 insertions(+)

diff --git a/services/actions/workflows.go b/services/actions/workflows.go
index a08a069cc1..d7d0f781d6 100644
--- a/services/actions/workflows.go
+++ b/services/actions/workflows.go
@@ -97,6 +97,8 @@ func (entry *Workflow) Dispatch(ctx context.Context, inputGetter InputValueGette
 		title = fullWorkflowID
 	}
 
+	// Runner expects a `map[string]string` for inputs in in the payload dispatch, but newer code in the Runner's
+	// jobparser library takes a map[string]any which is more directly actionable for parsing:
 	inputs := make(map[string]string)
 	inputsAny := make(map[string]any)
 	if workflowDispatch := wf.WorkflowDispatchConfig(); workflowDispatch != nil {
@@ -109,6 +111,12 @@ func (entry *Workflow) Dispatch(ctx context.Context, inputGetter InputValueGette
 			}
 			inputs[key] = value
 			inputsAny[key] = value
+			// To match the behaviour of the runner when parsing map[string]string into map[string]any, check for
+			// boolean type inputs and convert them to booleans for expression evaluation:
+			// https://code.forgejo.org/forgejo/runner/src/commit/d5693e379c034a3afcb920087570d9a6e179e86e/act/runner/expression.go#L435-L439
+			if input.Type == "boolean" {
+				inputsAny[key] = value == "true"
+			}
 		}
 	}
 
diff --git a/tests/integration/actions_trigger_test.go b/tests/integration/actions_trigger_test.go
index f5898682ce..19edb8b4ad 100644
--- a/tests/integration/actions_trigger_test.go
+++ b/tests/integration/actions_trigger_test.go
@@ -1009,6 +1009,64 @@ func TestActionsWorkflowDispatchDynamicMatrix(t *testing.T) {
 	})
 }
 
+// Early in the job parsing, dynamic matrices may need to access workflow inputs.  Boolean inputs need special handling
+// which is what this test case covers.
+func TestActionsWorkflowDispatchDynamicMatrixBooleanInput(t *testing.T) {
+	onApplicationRun(t, func(t *testing.T, u *url.URL) {
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+
+		// create the repo
+		repo, sha, f := tests.CreateDeclarativeRepo(t, user2, "repo-workflow-dispatch",
+			[]unit_model.Type{unit_model.TypeActions}, nil,
+			[]*files_service.ChangeRepoFile{
+				{
+					Operation: "create",
+					TreePath:  ".forgejo/workflows/dispatch.yml",
+					ContentReader: strings.NewReader(
+						"name: test\n" +
+							"on:\n" +
+							"  workflow_dispatch:\n" +
+							"    inputs:\n" +
+							"      win32:\n" +
+							"        description: 'Boolean'\n" +
+							"        required: false\n" +
+							"        type: boolean\n" +
+							"jobs:\n" +
+							"  test:\n" +
+							"    runs-on: ubuntu-latest\n" +
+							"    strategy:\n" +
+							"      matrix:\n" +
+							"        runner: ${{ fromJSON(inputs.win32 && '[\"win32\", \"win64\"]' || '[\"win64\"]') }}\n" +
+							"    steps:\n" +
+							"      - run: echo helloworld\n",
+					),
+				},
+			},
+		)
+		defer f()
+
+		gitRepo, err := gitrepo.OpenRepository(db.DefaultContext, repo)
+		require.NoError(t, err)
+		defer gitRepo.Close()
+
+		workflow, err := actions_service.GetWorkflowFromCommit(gitRepo, "main", "dispatch.yml")
+		require.NoError(t, err)
+		assert.Equal(t, "refs/heads/main", workflow.Ref)
+		assert.Equal(t, sha, workflow.Commit.ID.String())
+
+		inputGetter := func(key string) string {
+			return "false"
+		}
+
+		run, _, err := workflow.Dispatch(db.DefaultContext, inputGetter, repo, user2)
+		require.NoError(t, err)
+
+		jobs, err := actions_model.GetRunJobsByRunID(t.Context(), run.ID)
+		require.NoError(t, err)
+		assert.Len(t, jobs, 1)
+	})
+}
+
 func TestActionsWorkflowDispatchReusableWorkflow(t *testing.T) {
 	onApplicationRun(t, func(t *testing.T, u *url.URL) {
 		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})

From cc146bfa8aac4f7c2dd881bb85a8ca70448b82b0 Mon Sep 17 00:00:00 2001
From: Renovate Bot <bot@kriese.eu>
Date: Wed, 13 May 2026 08:30:01 +0200
Subject: [PATCH 854/854] Update data.forgejo.org/forgejo/forgejo Docker tag to
 v11.0.14 (forgejo) (#12543)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12543
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
---
 .forgejo/workflows/build-release-integration.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
index 0c17898d43..3d024f5f9e 100644
--- a/.forgejo/workflows/build-release-integration.yml
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -2,7 +2,7 @@ name: Integration tests for the release process
 enable-email-notifications: true
 
 env:
-  FORGEJO_VERSION: 11.0.13 # renovate: datasource=docker depName=data.forgejo.org/forgejo/forgejo
+  FORGEJO_VERSION: 11.0.14 # renovate: datasource=docker depName=data.forgejo.org/forgejo/forgejo
 
 on:
   push: